Fix users of KDFs to use params not ctls

Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9662)
author: Pauli <paul.dale@oracle.com> 2019-08-21 08:06:29 +1000
committer: Pauli <paul.dale@oracle.com> 2019-09-06 19:27:57 +1000
commit: 7707526b8dfa8063c4537c11199c15ad7a3cab1c (patch)
tree: fe758eb91599a3c41a72b279429210deb08393e4 /crypto/dh/dh_kdf.c
parent: b50ca330cb02cad70bfb11401c47074e8e7d8a48 (diff)
1 files changed, 21 insertions, 11 deletions
diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c
index 03b1e4edd5..781d34a94f 100644
--- a/crypto/dh/dh_kdf.c
+++ b/crypto/dh/dh_kdf.c
@@ -11,10 +11,12 @@
 
 #ifndef OPENSSL_NO_CMS
 # include <string.h>
+# include <openssl/core_names.h>
 # include <openssl/dh.h>
 # include <openssl/evp.h>
 # include <openssl/asn1.h>
 # include <openssl/kdf.h>
+# include <internal/provider.h>
 
 int DH_KDF_X9_42(unsigned char *out, size_t outlen,
                  const unsigned char *Z, size_t Zlen,
@@ -23,8 +25,12 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
 {
     int ret = 0, nid;
     EVP_KDF_CTX *kctx = NULL;
-    const EVP_KDF *kdf = NULL;
+    EVP_KDF *kdf = NULL;
     const char *oid_sn;
+    OSSL_PARAM params[5], *p = params;
+    const char *mdname = EVP_MD_name(md);
+    const OSSL_PROVIDER *prov = EVP_MD_provider(md);
+    OPENSSL_CTX *provctx = ossl_provider_library_context(prov);
 
     nid = OBJ_obj2nid(key_oid);
     if (nid == NID_undef)
@@ -33,20 +39,24 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
     if (oid_sn == NULL)
         return 0;
 
-    kdf = EVP_get_kdfbyname(SN_x942kdf);
-    if (kdf == NULL)
+    kdf = EVP_KDF_fetch(provctx, SN_x942kdf, NULL);
+    if ((kctx = EVP_KDF_CTX_new(kdf)) == NULL)
         goto err;
-    kctx = EVP_KDF_CTX_new(kdf);
-    ret =
-        kctx != NULL
-        && EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, md) > 0
-        && EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, Z, Zlen) > 0
-        && (ukm == NULL
-            || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_UKM, ukm, ukmlen) > 0)
-        && EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_CEK_ALG, oid_sn) > 0
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+                                            (char *)mdname, strlen(mdname) + 1);
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
+                                             (unsigned char *)Z, Zlen);
+    if (ukm != NULL)
+        *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_UKM,
+                                                 (unsigned char *)ukm, ukmlen);
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
+                                            (char *)oid_sn, strlen(oid_sn) + 1);
+    *p = OSSL_PARAM_construct_end();
+    ret = EVP_KDF_CTX_set_params(kctx, params) > 0
         && EVP_KDF_derive(kctx, out, outlen) > 0;
 err:
     EVP_KDF_CTX_free(kctx);
+    EVP_KDF_free(kdf);
     return ret;
 }
 #endif /* OPENSSL_NO_CMS */
author	Pauli <paul.dale@oracle.com>	2019-08-21 08:06:29 +1000
committer	Pauli <paul.dale@oracle.com>	2019-09-06 19:27:57 +1000
commit	7707526b8dfa8063c4537c11199c15ad7a3cab1c (patch)
tree	fe758eb91599a3c41a72b279429210deb08393e4 /crypto/dh/dh_kdf.c
parent	b50ca330cb02cad70bfb11401c47074e8e7d8a48 (diff)