apps: add mac, cipher and digest arguments to the kdf applet.

This adds -digest, -mac and -cipher which correspond to -kdfopt digest: and
-kdfopt mac: and -kdfopt cipher: respectively.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15190)

1 files changed, 44 insertions, 0 deletions

diff --git a/apps/kdf.c b/apps/kdf.c
index b3865d9e87..7b016051f1 100644
--- a/apps/kdf.c
+++ b/apps/kdf.c
@@ -20,6 +20,7 @@
 typedef enum OPTION_choice {
     OPT_COMMON,
     OPT_KDFOPT, OPT_BIN, OPT_KEYLEN, OPT_OUT,
+    OPT_CIPHER, OPT_DIGEST, OPT_MAC,
     OPT_PROV_ENUM
 } OPTION_CHOICE;
 
@@ -29,6 +30,9 @@ const OPTIONS kdf_options[] = {
     OPT_SECTION("General"),
     {"help", OPT_HELP, '-', "Display this summary"},
     {"kdfopt", OPT_KDFOPT, 's', "KDF algorithm control parameters in n:v form"},
+    {"cipher", OPT_CIPHER, 's', "Cipher"},
+    {"digest", OPT_DIGEST, 's', "Digest"},
+    {"mac", OPT_MAC, 's', "MAC"},
     {OPT_MORE_STR, 1, '-', "See 'Supported Controls' in the EVP_KDF_ docs\n"},
     {"keylen", OPT_KEYLEN, 's', "The size of the output derived key"},
 
@@ -44,6 +48,24 @@ const OPTIONS kdf_options[] = {
     {NULL}
 };
 
+static char *alloc_kdf_algorithm_name(STACK_OF(OPENSSL_STRING) **optp,
+                                      const char *name, const char *arg)
+{
+    size_t len = strlen(name) + strlen(arg) + 2;
+    char *res = app_malloc(len, "algorithm name");
+
+    if (*optp == NULL)
+        *optp = sk_OPENSSL_STRING_new_null();
+    if (*optp == NULL)
+        return NULL;
+
+    BIO_snprintf(res, len, "%s:%s", name, arg);
+    if (sk_OPENSSL_STRING_push(*optp, res))
+        return res;
+    OPENSSL_free(res);
+    return NULL;
+}
+
 int kdf_main(int argc, char **argv)
 {
     int ret = 1, out_bin = 0;
@@ -56,6 +78,7 @@ int kdf_main(int argc, char **argv)
     BIO *out = NULL;
     EVP_KDF *kdf = NULL;
     EVP_KDF_CTX *ctx = NULL;
+    char *digest = NULL, *cipher = NULL, *mac = NULL;
 
     prog = opt_init(argc, argv, kdf_options);
     while ((o = opt_next()) != OPT_EOF) {
@@ -83,6 +106,24 @@ opthelp:
             if (opts == NULL || !sk_OPENSSL_STRING_push(opts, opt_arg()))
                 goto opthelp;
             break;
+        case OPT_CIPHER:
+            OPENSSL_free(cipher);
+            cipher = alloc_kdf_algorithm_name(&opts, "cipher", opt_arg());
+            if (cipher == NULL)
+                goto opthelp;
+            break;
+        case OPT_DIGEST:
+            OPENSSL_free(digest);
+            digest = alloc_kdf_algorithm_name(&opts, "digest", opt_arg());
+            if (digest == NULL)
+                goto opthelp;
+            break;
+        case OPT_MAC:
+            OPENSSL_free(mac);
+            mac = alloc_kdf_algorithm_name(&opts, "mac", opt_arg());
+            if (mac == NULL)
+                goto opthelp;
+            break;
         case OPT_PROV_CASES:
             if (!opt_provider(o))
                 goto err;
@@ -161,5 +202,8 @@ err:
     EVP_KDF_CTX_free(ctx);
     BIO_free(out);
     OPENSSL_free(hexout);
+    OPENSSL_free(cipher);
+    OPENSSL_free(digest);
+    OPENSSL_free(mac);
     return ret;
 }