Changed use of EVP_PKEY_CTX_md() and more specific error codes

Changed HKDF to use EVP_PKEY_CTX_md() (review comment of @snhenson) and
introduced more specific error codes (not only indicating *that* some
parameter is missing, but actually *which* one it is).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3989)

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 1b677d692490804e514a89cd3d57b3505626a4da..3bd1e4c62de50aa3a6c7d979a60d8cd79af522eb 100644 (file)
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1965,7 +1965,10 @@ EVP_R_UNSUPPORTED_SALT_TYPE:126:unsupported salt type
 EVP_R_WRAP_MODE_NOT_ALLOWED:170:wrap mode not allowed
 EVP_R_WRONG_FINAL_BLOCK_LENGTH:109:wrong final block length
 KDF_R_INVALID_DIGEST:100:invalid digest
+KDF_R_MISSING_KEY:104:missing key
+KDF_R_MISSING_MESSAGE_DIGEST:105:missing message digest
 KDF_R_MISSING_PARAMETER:101:missing parameter
+KDF_R_MISSING_SEED:106:missing seed
 KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type
 KDF_R_VALUE_MISSING:102:value missing
 OBJ_R_OID_EXISTS:102:oid exists

diff --git a/crypto/kdf/hkdf.c b/crypto/kdf/hkdf.c
index 8ffc8a38990ccb6b8f655ff57dfb9e2d873d91b5..25a173826edb2b1faa24682a48ca544205fbd963 100644 (file)
--- a/crypto/kdf/hkdf.c
+++ b/crypto/kdf/hkdf.c
@@ -148,14 +148,9 @@ static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
         return EVP_PKEY_CTX_hkdf_mode(ctx, mode);
     }
 
-    if (strcmp(type, "md") == 0) {
-        const EVP_MD *md = EVP_get_digestbyname(value);
-        if (!md) {
-            KDFerr(KDF_F_PKEY_HKDF_CTRL_STR, KDF_R_INVALID_DIGEST);
-            return 0;
-        }
-        return EVP_PKEY_CTX_set_hkdf_md(ctx, md);
-    }
+    if (strcmp(type, "md") == 0)
+        return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_DERIVE,
+                EVP_PKEY_CTRL_HKDF_MD, value);
 
     if (strcmp(type, "salt") == 0)
         return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT, value);
@@ -184,8 +179,12 @@ static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
 {
     HKDF_PKEY_CTX *kctx = ctx->data;
 
-    if (kctx->md == NULL || kctx->key == NULL) {
-        KDFerr(KDF_F_PKEY_HKDF_DERIVE, KDF_R_MISSING_PARAMETER);
+    if (kctx->md == NULL) {
+        KDFerr(KDF_F_PKEY_HKDF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST);
+        return 0;
+    }
+    if (kctx->key == NULL) {
+        KDFerr(KDF_F_PKEY_HKDF_DERIVE, KDF_R_MISSING_KEY);
         return 0;
     }
 

diff --git a/crypto/kdf/kdf_err.c b/crypto/kdf/kdf_err.c
index f5d0f7eaf63ae33bfd1e05aaf4a19b8fb7bff822..3b185c8ee55b7f8d21fc1b9d9e6ce8f9243b7c42 100644 (file)
--- a/crypto/kdf/kdf_err.c
+++ b/crypto/kdf/kdf_err.c
@@ -25,7 +25,11 @@ static const ERR_STRING_DATA KDF_str_functs[] = {
 
 static const ERR_STRING_DATA KDF_str_reasons[] = {
     {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_KEY), "missing key"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_MESSAGE_DIGEST),
+    "missing message digest"},
     {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_PARAMETER), "missing parameter"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SEED), "missing seed"},
     {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_UNKNOWN_PARAMETER_TYPE),
     "unknown parameter type"},
     {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_MISSING), "value missing"},

diff --git a/crypto/kdf/tls1_prf.c b/crypto/kdf/tls1_prf.c
index 1673b577ad4732a05cb9e72c132df2b411eef298..f5e106346131d45b1ee1adc2cd0d62548dd101ad 100644 (file)
--- a/crypto/kdf/tls1_prf.c
+++ b/crypto/kdf/tls1_prf.c
@@ -124,8 +124,12 @@ static int pkey_tls1_prf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
                                 size_t *keylen)
 {
     TLS1_PRF_PKEY_CTX *kctx = ctx->data;
-    if (kctx->md == NULL || kctx->sec == NULL || kctx->seedlen == 0) {
-        KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_PARAMETER);
+    if (kctx->md == NULL) {
+        KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST);
+        return 0;
+    }
+    if (kctx->sec == NULL || kctx->seedlen == 0) {
+        KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_SEED);
         return 0;
     }
     return tls1_prf_alg(kctx->md, kctx->sec, kctx->seclen,

diff --git a/include/openssl/kdferr.h b/include/openssl/kdferr.h
index 9c09991bfdd774212c96df380d39974837d2bb3f..67bd3a36228bee0a60e29e084a007e268148170c 100644 (file)
--- a/include/openssl/kdferr.h
+++ b/include/openssl/kdferr.h
@@ -31,7 +31,10 @@ int ERR_load_KDF_strings(void);
  * KDF reason codes.
  */
 # define KDF_R_INVALID_DIGEST                             100
+# define KDF_R_MISSING_KEY                                104
+# define KDF_R_MISSING_MESSAGE_DIGEST                     105
 # define KDF_R_MISSING_PARAMETER                          101
+# define KDF_R_MISSING_SEED                               106
 # define KDF_R_UNKNOWN_PARAMETER_TYPE                     103
 # define KDF_R_VALUE_MISSING                              102