unsigned char *okm, size_t okm_len);
typedef struct {
+ int mode;
const EVP_MD *md;
unsigned char *salt;
size_t salt_len;
kctx->md = p2;
return 1;
+ case EVP_PKEY_CTRL_HKDF_MODE:
+ kctx->mode = p1;
+ return 1;
+
case EVP_PKEY_CTRL_HKDF_SALT:
if (p1 == 0 || p2 == NULL)
return 1;
if (kctx->md == NULL || kctx->key == NULL)
return 0;
- if (HKDF(kctx->md, kctx->salt, kctx->salt_len, kctx->key, kctx->key_len,
- kctx->info, kctx->info_len, key, *keylen) == NULL)
- {
+ switch (kctx->mode) {
+ case EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND:
+ return HKDF(kctx->md, kctx->salt, kctx->salt_len, kctx->key,
+ kctx->key_len, kctx->info, kctx->info_len, key,
+ *keylen) != NULL;
+
+ case EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY:
+ if (key == NULL) {
+ *keylen = EVP_MD_size(kctx->md);
+ return 1;
+ }
+ return HKDF_Extract(kctx->md, kctx->salt, kctx->salt_len, kctx->key,
+ kctx->key_len, key, keylen) != NULL;
+
+ case EVP_PKEY_HKDEF_MODE_EXPAND_ONLY:
+ return HKDF_Expand(kctx->md, kctx->key, kctx->key_len, kctx->info,
+ kctx->info_len, key, *keylen) != NULL;
+
+ default:
return 0;
}
-
- return 1;
}
const EVP_PKEY_METHOD hkdf_pkey_meth = {
unsigned char *okm, size_t okm_len)
{
unsigned char prk[EVP_MAX_MD_SIZE];
+ unsigned char *ret;
size_t prk_len;
if (!HKDF_Extract(evp_md, salt, salt_len, key, key_len, prk, &prk_len))
return NULL;
- return HKDF_Expand(evp_md, prk, prk_len, info, info_len, okm, okm_len);
+ ret = HKDF_Expand(evp_md, prk, prk_len, info, info_len, okm, okm_len);
+ OPENSSL_cleanse(prk, sizeof(prk));
+
+ return ret;
}
static unsigned char *HKDF_Extract(const EVP_MD *evp_md,
if (okm_len % dig_len)
n++;
- if (n > 255)
+ if (n > 255 || okm == NULL)
return NULL;
if ((hmac = HMAC_CTX_new()) == NULL)
/* Error */
if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0)
/* Error */
- if (EVP_PKEY_CTX_set1_salt(pctx, "salt", 4) <= 0)
+ if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, "salt", 4) <= 0)
/* Error */
- if (EVP_PKEY_CTX_set1_key(pctx, "secret", 6) <= 0)
+ if (EVP_PKEY_CTX_set1_hkdf_key(pctx, "secret", 6) <= 0)
/* Error */
if (EVP_PKEY_CTX_add1_hkdf_info(pctx, "label", 6) <= 0)
/* Error */
extern "C" {
#endif
-# define EVP_PKEY_CTRL_TLS_MD (EVP_PKEY_ALG_CTRL)
-# define EVP_PKEY_CTRL_TLS_SECRET (EVP_PKEY_ALG_CTRL + 1)
-# define EVP_PKEY_CTRL_TLS_SEED (EVP_PKEY_ALG_CTRL + 2)
-# define EVP_PKEY_CTRL_HKDF_MD (EVP_PKEY_ALG_CTRL + 3)
-# define EVP_PKEY_CTRL_HKDF_SALT (EVP_PKEY_ALG_CTRL + 4)
-# define EVP_PKEY_CTRL_HKDF_KEY (EVP_PKEY_ALG_CTRL + 5)
-# define EVP_PKEY_CTRL_HKDF_INFO (EVP_PKEY_ALG_CTRL + 6)
+# define EVP_PKEY_CTRL_TLS_MD (EVP_PKEY_ALG_CTRL)
+# define EVP_PKEY_CTRL_TLS_SECRET (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_TLS_SEED (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_HKDF_MD (EVP_PKEY_ALG_CTRL + 3)
+# define EVP_PKEY_CTRL_HKDF_SALT (EVP_PKEY_ALG_CTRL + 4)
+# define EVP_PKEY_CTRL_HKDF_KEY (EVP_PKEY_ALG_CTRL + 5)
+# define EVP_PKEY_CTRL_HKDF_INFO (EVP_PKEY_ALG_CTRL + 6)
+# define EVP_PKEY_CTRL_HKDF_MODE (EVP_PKEY_ALG_CTRL + 7)
+
+# define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0
+# define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1
+# define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2
# define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \
EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
EVP_PKEY_CTRL_HKDF_INFO, infolen, (void *)info)
+# define EVP_PKEY_CTX_hkdf_mode(pctx, mode) \
+ EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_HKDF_MODE, mode, NULL)
+
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
projects / oweals / openssl.git / commitdiff