mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-21 01:15:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

KDF/PRF updates to libcrypto

Browse Source 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9662)
This commit is contained in:
Pauli 2019-08-21 18:54:35 +10:00
parent 55accfd2f1
commit fb9e6dd6f8
10 changed files with 342 additions and 245 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
crypto/evp/build.info
View File

@ -1,6 +1,6 @@
LIBS=../../libcrypto
$COMMON=digest.c evp_enc.c evp_lib.c evp_fetch.c cmeth_lib.c evp_utils.c \
mac_lib.c mac_meth.c keymgmt_meth.c keymgmt_lib.c
mac_lib.c mac_meth.c keymgmt_meth.c keymgmt_lib.c kdf_lib.c kdf_meth.c
SOURCE[../../libcrypto]=$COMMON\
encode.c evp_key.c evp_cnf.c \
e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\
@ -11,8 +11,8 @@ SOURCE[../../libcrypto]=$COMMON\
p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
c_allc.c c_alld.c bio_ok.c \
evp_pkey.c kdf_lib.c evp_pbe.c p5_crpt.c p5_crpt2.c pbe_scrypt.c \
pkey_kdf.c c_allkdf.c \
evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c pbe_scrypt.c \
pkey_kdf.c \
e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \
e_chacha20_poly1305.c \

4
crypto/evp/evp_locl.h
View File

@ -61,8 +61,8 @@ struct evp_mac_ctx_st {
} /* EVP_MAC_CTX */;
struct evp_kdf_ctx_st {
const EVP_KDF *meth; /* Method structure */
EVP_KDF_IMPL *impl; /* Algorithm-specific data */
EVP_KDF *meth; /* Method structure */
void *data; /* Algorithm-specific data */
} /* EVP_KDF_CTX */ ;
struct evp_keymgmt_st {

156
crypto/evp/kdf_lib.c
View File

@ -15,12 +15,15 @@
#include <openssl/evp.h>
#include <openssl/x509v3.h>
#include <openssl/kdf.h>
#include <openssl/core.h>
#include <openssl/core_names.h>
#include "internal/asn1_int.h"
#include "internal/evp_int.h"
#include "internal/numbers.h"
#include "internal/provider.h"
#include "evp_locl.h"
EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf)
EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf)
{
EVP_KDF_CTX *ctx = NULL;
@ -28,8 +31,12 @@ EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf)
return NULL;
ctx = OPENSSL_zalloc(sizeof(EVP_KDF_CTX));
if (ctx == NULL || (ctx->impl = kdf->new()) == NULL) {
if (ctx == NULL
|| (ctx->data = kdf->newctx(ossl_provider_ctx(kdf->prov))) == NULL
|| !EVP_KDF_up_ref(kdf)) {
EVPerr(EVP_F_EVP_KDF_CTX_NEW, ERR_R_MALLOC_FAILURE);
if (ctx != NULL)
kdf->freectx(ctx->data);
OPENSSL_free(ctx);
ctx = NULL;
} else {
@ -38,16 +45,52 @@ EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf)
return ctx;
}
EVP_KDF_CTX *EVP_KDF_CTX_new_id(int id)
void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx)
{
const EVP_KDF *kdf = EVP_get_kdfbynid(id);
return EVP_KDF_CTX_new(kdf);
if (ctx != NULL) {
ctx->meth->freectx(ctx->data);
ctx->data = NULL;
EVP_KDF_free(ctx->meth);
OPENSSL_free(ctx);
}
}
int EVP_KDF_nid(const EVP_KDF *kdf)
EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src)
{
return kdf->type;
EVP_KDF_CTX *dst;
if (src->data == NULL || src == NULL || src->meth->dupctx == NULL)
return NULL;
dst = OPENSSL_malloc(sizeof(*dst));
if (dst == NULL) {
EVPerr(EVP_F_EVP_KDF_CTX_DUP, ERR_R_MALLOC_FAILURE);
return NULL;
}
memcpy(dst, src, sizeof(*dst));
if (!EVP_KDF_up_ref(dst->meth)) {
EVPerr(EVP_F_EVP_KDF_CTX_DUP, ERR_R_MALLOC_FAILURE);
OPENSSL_free(dst);
return NULL;
}
dst->data = src->meth->dupctx(src->data);
if (dst->data == NULL) {
EVP_KDF_CTX_free(dst);
return NULL;
}
return dst;
}
const char *EVP_KDF_name(const EVP_KDF *kdf)
{
return kdf->name;
}
const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf)
{
return kdf->prov;
}
const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx)
@ -55,75 +98,31 @@ const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx)
return ctx->meth;
}
void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx)
{
if (ctx == NULL)
return;
ctx->meth->free(ctx->impl);
OPENSSL_free(ctx);
}
void EVP_KDF_reset(EVP_KDF_CTX *ctx)
{
if (ctx == NULL)
return;
if (ctx->meth->reset != NULL)
ctx->meth->reset(ctx->impl);
}
int EVP_KDF_ctrl(EVP_KDF_CTX *ctx, int cmd, ...)
{
int ret;
va_list args;
va_start(args, cmd);
ret = EVP_KDF_vctrl(ctx, cmd, args);
va_end(args);
if (ret == -2)
EVPerr(EVP_F_EVP_KDF_CTRL, EVP_R_COMMAND_NOT_SUPPORTED);
return ret;
}
int EVP_KDF_vctrl(EVP_KDF_CTX *ctx, int cmd, va_list args)
{
if (ctx == NULL)
return 0;
return ctx->meth->ctrl(ctx->impl, cmd, args);
}
int EVP_KDF_ctrl_str(EVP_KDF_CTX *ctx, const char *type, const char *value)
{
int ret;
if (ctx == NULL)
return 0;
if (ctx->meth->ctrl_str == NULL) {
EVPerr(EVP_F_EVP_KDF_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED);
return -2;
}
ret = ctx->meth->ctrl_str(ctx->impl, type, value);
if (ret == -2)
EVPerr(EVP_F_EVP_KDF_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED);
return ret;
ctx->meth->reset(ctx->data);
}
size_t EVP_KDF_size(EVP_KDF_CTX *ctx)
{
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
size_t s;
if (ctx == NULL)
return 0;
if (ctx->meth->size == NULL)
return SIZE_MAX;
return ctx->meth->size(ctx->impl);
*params = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_SIZE, &s);
if (ctx->meth->get_ctx_params != NULL
&& ctx->meth->get_ctx_params(ctx, params))
return s;
if (ctx->meth->get_params != NULL
&& ctx->meth->get_params(params))
return s;
return 0;
}
int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen)
@ -131,5 +130,32 @@ int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen)
if (ctx == NULL)
return 0;
return ctx->meth->derive(ctx->impl, key, keylen);
return ctx->meth->derive(ctx->data, key, keylen);
}
/*
* The {get,set}_params functions return 1 if there is no corresponding
* function in the implementation. This is the same as if there was one,
* but it didn't recognise any of the given params, i.e. nothing in the
* bag of parameters was useful.
*/
int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[])
{
if (kdf->get_params != NULL)
return kdf->get_params(params);
return 1;
}
int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[])
{
if (ctx->meth->get_ctx_params != NULL)
return ctx->meth->get_ctx_params(ctx->data, params);
return 1;
}
int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[])
{
if (ctx->meth->set_ctx_params != NULL)
return ctx->meth->set_ctx_params(ctx->data, params);
return 1;
}

192
crypto/evp/kdf_meth.c Normal file
View File

@ -0,0 +1,192 @@
/*
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/core.h>
#include <openssl/core_numbers.h>
#include <openssl/kdf.h>
#include "internal/evp_int.h"
#include "internal/provider.h"
#include "evp_locl.h"
static int evp_kdf_up_ref(void *vkdf)
{
EVP_KDF *kdf = (EVP_KDF *)vkdf;
int ref = 0;
CRYPTO_UP_REF(&kdf->refcnt, &ref, kdf->lock);
return 1;
}
static void evp_kdf_free(void *vkdf){
EVP_KDF *kdf = (EVP_KDF *)vkdf;
int ref = 0;
if (kdf != NULL) {
CRYPTO_DOWN_REF(&kdf->refcnt, &ref, kdf->lock);
if (ref <= 0) {
ossl_provider_free(kdf->prov);
OPENSSL_free(kdf->name);
CRYPTO_THREAD_lock_free(kdf->lock);
OPENSSL_free(kdf);
}
}
}
static void *evp_kdf_new(void)
{
EVP_KDF *kdf = NULL;
if ((kdf = OPENSSL_zalloc(sizeof(*kdf))) == NULL
|| (kdf->lock = CRYPTO_THREAD_lock_new()) == NULL) {
OPENSSL_free(kdf);
return NULL;
}
kdf->refcnt = 1;
return kdf;
}
static void *evp_kdf_from_dispatch(const char *name, const OSSL_DISPATCH *fns,
OSSL_PROVIDER *prov, void *method_data)
{
EVP_KDF *kdf = NULL;
int fnkdfcnt = 0, fnctxcnt = 0;
if ((kdf = evp_kdf_new()) == NULL
|| (kdf->name = OPENSSL_strdup(name)) == NULL) {
evp_kdf_free(kdf);
EVPerr(0, ERR_R_MALLOC_FAILURE);
return NULL;
}
for (; fns->function_id != 0; fns++) {
switch (fns->function_id) {
case OSSL_FUNC_KDF_NEWCTX:
if (kdf->newctx != NULL)
break;
kdf->newctx = OSSL_get_OP_kdf_newctx(fns);
fnctxcnt++;
break;
case OSSL_FUNC_KDF_DUPCTX:
if (kdf->dupctx != NULL)
break;
kdf->dupctx = OSSL_get_OP_kdf_dupctx(fns);
break;
case OSSL_FUNC_KDF_FREECTX:
if (kdf->freectx != NULL)
break;
kdf->freectx = OSSL_get_OP_kdf_freectx(fns);
fnctxcnt++;
break;
case OSSL_FUNC_KDF_DERIVE:
if (kdf->derive != NULL)
break;
kdf->derive = OSSL_get_OP_kdf_derive(fns);
fnkdfcnt++;
break;
case OSSL_FUNC_KDF_GETTABLE_PARAMS:
if (kdf->gettable_params != NULL)
break;
kdf->gettable_params =
OSSL_get_OP_kdf_gettable_params(fns);
break;
case OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS:
if (kdf->gettable_ctx_params != NULL)
break;
kdf->gettable_ctx_params =
OSSL_get_OP_kdf_gettable_ctx_params(fns);
break;
case OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS:
if (kdf->settable_ctx_params != NULL)
break;
kdf->settable_ctx_params =
OSSL_get_OP_kdf_settable_ctx_params(fns);
break;
case OSSL_FUNC_KDF_GET_PARAMS:
if (kdf->get_params != NULL)
break;
kdf->get_params = OSSL_get_OP_kdf_get_params(fns);
break;
case OSSL_FUNC_KDF_GET_CTX_PARAMS:
if (kdf->get_ctx_params != NULL)
break;
kdf->get_ctx_params = OSSL_get_OP_kdf_get_ctx_params(fns);
break;
case OSSL_FUNC_KDF_SET_CTX_PARAMS:
if (kdf->set_ctx_params != NULL)
break;
kdf->set_ctx_params = OSSL_get_OP_kdf_set_ctx_params(fns);
break;
}
}
if (fnkdfcnt != 1 || fnctxcnt != 2) {
/*
* In order to be a consistent set of functions we must have at least
* a derive function, and a complete set of context management
* functions.
*/
evp_kdf_free(kdf);
ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
return NULL;
}
kdf->prov = prov;
if (prov != NULL)
ossl_provider_up_ref(prov);
return kdf;
}
EVP_KDF *EVP_KDF_fetch(OPENSSL_CTX *libctx, const char *algorithm,
const char *properties)
{
return evp_generic_fetch(libctx, OSSL_OP_KDF, algorithm, properties,
evp_kdf_from_dispatch, NULL, evp_kdf_up_ref,
evp_kdf_free);
}
int EVP_KDF_up_ref(EVP_KDF *kdf)
{
return evp_kdf_up_ref(kdf);
}
void EVP_KDF_free(EVP_KDF *kdf)
{
evp_kdf_free(kdf);
}
const OSSL_PARAM *EVP_KDF_gettable_params(const EVP_KDF *kdf)
{
if (kdf->gettable_params == NULL)
return NULL;
return kdf->gettable_params();
}
const OSSL_PARAM *EVP_KDF_CTX_gettable_params(const EVP_KDF *kdf)
{
if (kdf->gettable_ctx_params == NULL)
return NULL;
return kdf->gettable_ctx_params();
}
const OSSL_PARAM *EVP_KDF_CTX_settable_params(const EVP_KDF *kdf)
{
if (kdf->settable_ctx_params == NULL)
return NULL;
return kdf->settable_ctx_params();
}
void EVP_KDF_do_all_ex(OPENSSL_CTX *libctx,
void (*fn)(EVP_KDF *kdf, void *arg),
void *arg)
{
evp_generic_do_all(libctx, OSSL_OP_KDF,
(void (*)(void *, void *))fn, arg,
evp_kdf_from_dispatch, NULL, evp_kdf_free);
}

29
crypto/evp/names.c
View File

@ -56,23 +56,6 @@ int EVP_add_digest(const EVP_MD *md)
return r;
}
/* TODO(3.0) Is this needed after changing to providers? */
int EVP_add_kdf(const EVP_KDF *k)
{
int r;
if (k == NULL)
return 0;
r = OBJ_NAME_add(OBJ_nid2sn(k->type), OBJ_NAME_TYPE_KDF_METH,
(const char *)k);
if (r == 0)
return 0;
r = OBJ_NAME_add(OBJ_nid2ln(k->type), OBJ_NAME_TYPE_KDF_METH,
(const char *)k);
return r;
}
const EVP_CIPHER *EVP_get_cipherbyname(const char *name)
{
const EVP_CIPHER *cp;
@ -95,18 +78,6 @@ const EVP_MD *EVP_get_digestbyname(const char *name)
return cp;
}
/* TODO(3.0) Is this API needed after implementing providers? */
const EVP_KDF *EVP_get_kdfbyname(const char *name)
{
const EVP_KDF *kdf;
if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_KDFS, NULL))
return NULL;
kdf = (const EVP_KDF *)OBJ_NAME_get(name, OBJ_NAME_TYPE_KDF_METH);
return kdf;
}
void evp_cleanup_int(void)
{
OBJ_NAME_cleanup(OBJ_NAME_TYPE_KDF_METH);

37
crypto/include/internal/evp_int.h
View File

@ -140,26 +140,23 @@ struct evp_mac_st {
OSSL_OP_mac_set_ctx_params_fn *set_ctx_params;
};
/*
* This function is internal for now, but can be made external when needed.
* The documentation would read:
*
* EVP_add_mac() adds the MAC implementation C<mac> to the internal
* object database.
*/
int EVP_add_kdf(const EVP_KDF *kdf);
/* struct evp_kdf_impl_st is defined by the implementation */
typedef struct evp_kdf_impl_st EVP_KDF_IMPL;
struct evp_kdf_st {
int type;
EVP_KDF_IMPL *(*new) (void);
void (*free) (EVP_KDF_IMPL *impl);
void (*reset) (EVP_KDF_IMPL *impl);
int (*ctrl) (EVP_KDF_IMPL *impl, int cmd, va_list args);
int (*ctrl_str) (EVP_KDF_IMPL *impl, const char *type, const char *value);
size_t (*size) (EVP_KDF_IMPL *impl);
int (*derive) (EVP_KDF_IMPL *impl, unsigned char *key, size_t keylen);
OSSL_PROVIDER *prov;
char *name;
CRYPTO_REF_COUNT refcnt;
CRYPTO_RWLOCK *lock;
OSSL_OP_kdf_newctx_fn *newctx;
OSSL_OP_kdf_dupctx_fn *dupctx;
OSSL_OP_kdf_freectx_fn *freectx;
OSSL_OP_kdf_reset_fn *reset;
OSSL_OP_kdf_derive_fn *derive;
OSSL_OP_kdf_gettable_params_fn *gettable_params;
OSSL_OP_kdf_gettable_ctx_params_fn *gettable_ctx_params;
OSSL_OP_kdf_settable_ctx_params_fn *settable_ctx_params;
OSSL_OP_kdf_get_params_fn *get_params;
OSSL_OP_kdf_get_ctx_params_fn *get_ctx_params;
OSSL_OP_kdf_set_ctx_params_fn *set_ctx_params;
};
extern const EVP_KDF pbkdf2_kdf_meth;
@ -553,8 +550,6 @@ struct evp_pkey_st {
void openssl_add_all_ciphers_int(void);
void openssl_add_all_digests_int(void);
void openssl_add_all_macs_int(void);
void openssl_add_all_kdfs_int(void);
void evp_cleanup_int(void);
void evp_app_cleanup_int(void);

3
crypto/kdf/build.info
View File

@ -1,4 +1,3 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c sshkdf.c \
sskdf.c x942kdf.c
kdf_err.c kdf_util.c

22
crypto/kdf/kdf_local.h
View File

@ -1,22 +0,0 @@
/*
* Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
int call_ctrl(int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
EVP_KDF_IMPL *impl, int cmd, ...);
int kdf_str2ctrl(EVP_KDF_IMPL *impl,
int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
int cmd, const char *str);
int kdf_hex2ctrl(EVP_KDF_IMPL *impl,
int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
int cmd, const char *hex);
int kdf_md2ctrl(EVP_KDF_IMPL *impl,
int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
int cmd, const char *md_name);

73
crypto/kdf/kdf_util.c
View File

@ -1,73 +0,0 @@
/*
* Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <string.h>
#include <stdarg.h>
#include <openssl/kdf.h>
#include <openssl/evp.h>
#include "internal/cryptlib.h"
#include "internal/evp_int.h"
#include "internal/numbers.h"
#include "kdf_local.h"
int call_ctrl(int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
EVP_KDF_IMPL *impl, int cmd, ...)
{
int ret;
va_list args;
va_start(args, cmd);
ret = ctrl(impl, cmd, args);
va_end(args);
return ret;
}
/* Utility functions to send a string or hex string to a ctrl */
int kdf_str2ctrl(EVP_KDF_IMPL *impl,
int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
int cmd, const char *str)
{
return call_ctrl(ctrl, impl, cmd, (const unsigned char *)str, strlen(str));
}
int kdf_hex2ctrl(EVP_KDF_IMPL *impl,
int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
int cmd, const char *hex)
{
unsigned char *bin;
long binlen;
int ret = -1;
bin = OPENSSL_hexstr2buf(hex, &binlen);
if (bin == NULL)
return 0;
if (binlen <= INT_MAX)
ret = call_ctrl(ctrl, impl, cmd, bin, (size_t)binlen);
OPENSSL_free(bin);
return ret;
}
/* Pass a message digest to a ctrl */
int kdf_md2ctrl(EVP_KDF_IMPL *impl,
int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
int cmd, const char *md_name)
{
const EVP_MD *md;
if (md_name == NULL || (md = EVP_get_digestbyname(md_name)) == NULL) {
KDFerr(KDF_F_KDF_MD2CTRL, KDF_R_INVALID_DIGEST);
return 0;
}
return call_ctrl(ctrl, impl, cmd, md);
}

65
include/openssl/kdf.h
View File

@ -13,7 +13,8 @@
# include <stdarg.h>
# include <stddef.h>
# include <openssl/ossl_typ.h>
# include <openssl/kdferr.h>
# include <openssl/core.h>
# ifdef __cplusplus
extern "C" {
# endif
@ -27,23 +28,32 @@ extern "C" {
# define EVP_KDF_X963 NID_x963kdf
# define EVP_KDF_X942 NID_x942kdf
EVP_KDF_CTX *EVP_KDF_CTX_new_id(int id);
EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf);
int EVP_KDF_up_ref(EVP_KDF *kdf);
void EVP_KDF_free(EVP_KDF *kdf);
EVP_KDF *EVP_KDF_fetch(OPENSSL_CTX *libctx, const char *algorithm,
const char *properties);
#define EVP_get_kdfbyname(name) EVP_KDF_fetch(NULL, (name), NULL)
EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf);
void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx);
EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src);
const char *EVP_KDF_name(const EVP_KDF *kdf);
const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf);
const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx);
void EVP_KDF_reset(EVP_KDF_CTX *ctx);
int EVP_KDF_ctrl(EVP_KDF_CTX *ctx, int cmd, ...);
int EVP_KDF_vctrl(EVP_KDF_CTX *ctx, int cmd, va_list args);
int EVP_KDF_ctrl_str(EVP_KDF_CTX *ctx, const char *type, const char *value);
size_t EVP_KDF_size(EVP_KDF_CTX *ctx);
int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen);
int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]);
int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]);
int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]);
const OSSL_PARAM *EVP_KDF_gettable_params(const EVP_KDF *kdf);
const OSSL_PARAM *EVP_KDF_CTX_gettable_params(const EVP_KDF *kdf);
const OSSL_PARAM *EVP_KDF_CTX_settable_params(const EVP_KDF *kdf);
int EVP_KDF_nid(const EVP_KDF *kdf);
# define EVP_get_kdfbynid(a) EVP_get_kdfbyname(OBJ_nid2sn(a))
# define EVP_get_kdfbyobj(a) EVP_get_kdfbynid(OBJ_obj2nid(a))
# define EVP_KDF_name(o) OBJ_nid2sn(EVP_KDF_nid(o))
const EVP_KDF *EVP_get_kdfbyname(const char *name);
void EVP_KDF_do_all_ex(OPENSSL_CTX *libctx,
void (*fn)(EVP_KDF *kdf, void *arg),
void *arg);
# define EVP_KDF_CTRL_SET_PASS 0x01 /* unsigned char *, size_t */
# define EVP_KDF_CTRL_SET_SALT 0x02 /* unsigned char *, size_t */
@ -52,23 +62,22 @@ const EVP_KDF *EVP_get_kdfbyname(const char *name);
# define EVP_KDF_CTRL_SET_KEY 0x05 /* unsigned char *, size_t */
# define EVP_KDF_CTRL_SET_MAXMEM_BYTES 0x06 /* uint64_t */
# define EVP_KDF_CTRL_SET_TLS_SECRET 0x07 /* unsigned char *, size_t */
# define EVP_KDF_CTRL_RESET_TLS_SEED 0x08
# define EVP_KDF_CTRL_ADD_TLS_SEED 0x09 /* unsigned char *, size_t */
# define EVP_KDF_CTRL_RESET_HKDF_INFO 0x0a
# define EVP_KDF_CTRL_ADD_HKDF_INFO 0x0b /* unsigned char *, size_t */
# define EVP_KDF_CTRL_SET_HKDF_MODE 0x0c /* int */
# define EVP_KDF_CTRL_SET_SCRYPT_N 0x0d /* uint64_t */
# define EVP_KDF_CTRL_SET_SCRYPT_R 0x0e /* uint32_t */
# define EVP_KDF_CTRL_SET_SCRYPT_P 0x0f /* uint32_t */
# define EVP_KDF_CTRL_SET_SSHKDF_XCGHASH 0x10 /* unsigned char *, size_t */
# define EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID 0x11 /* unsigned char *, size_t */
# define EVP_KDF_CTRL_SET_SSHKDF_TYPE 0x12 /* int */
# define EVP_KDF_CTRL_SET_MAC 0x13 /* EVP_MAC * */
# define EVP_KDF_CTRL_SET_MAC_SIZE 0x14 /* size_t */
# define EVP_KDF_CTRL_SET_SSKDF_INFO 0x15 /* unsigned char *, size_t */
# define EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE 0x16 /* int */
# define EVP_KDF_CTRL_SET_UKM 0x17 /* unsigned char *, size_t */
# define EVP_KDF_CTRL_SET_CEK_ALG 0x18 /* char * */
# define EVP_KDF_CTRL_ADD_TLS_SEED 0x08 /* unsigned char *, size_t */
# define EVP_KDF_CTRL_RESET_HKDF_INFO 0x09
# define EVP_KDF_CTRL_ADD_HKDF_INFO 0x0a /* unsigned char *, size_t */
# define EVP_KDF_CTRL_SET_HKDF_MODE 0x0b /* int */
# define EVP_KDF_CTRL_SET_SCRYPT_N 0x0c /* uint64_t */
# define EVP_KDF_CTRL_SET_SCRYPT_R 0x0d /* uint32_t */
# define EVP_KDF_CTRL_SET_SCRYPT_P 0x0e /* uint32_t */
# define EVP_KDF_CTRL_SET_SSHKDF_XCGHASH 0x0f /* unsigned char *, size_t */
# define EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID 0x10 /* unsigned char *, size_t */
# define EVP_KDF_CTRL_SET_SSHKDF_TYPE 0x11 /* int */
# define EVP_KDF_CTRL_SET_MAC 0x12 /* EVP_MAC * */
# define EVP_KDF_CTRL_SET_MAC_SIZE 0x13 /* size_t */
# define EVP_KDF_CTRL_SET_SSKDF_INFO 0x14 /* unsigned char *, size_t */
# define EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE 0x15 /* int */
# define EVP_KDF_CTRL_SET_UKM 0x16 /* unsigned char *, size_t */
# define EVP_KDF_CTRL_SET_CEK_ALG 0x17 /* char * */
# define EVP_KDF_CTRL_SET_SHARED_INFO EVP_KDF_CTRL_SET_SSKDF_INFO
# define EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND 0