Implement a EVP_PKEY KDF to KDF provider bridge

Some KDF implementations were available before the current EVP_KDF API. They were used via EVP_PKEY_derive. There exists a bridge between the old API and the EVP_KDF API however this bridge itself uses a legacy EVP_PKEY_METHOD. This commit implements a provider side bridge without having to use any legacy code. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12573)
author: Matt Caswell <matt@openssl.org> 2020-07-03 16:18:03 +0100
committer: Matt Caswell <matt@openssl.org> 2020-08-10 14:51:57 +0100
commit: ac2d58c72b4dc4a8c74eef893000306bf78a30fd (patch)
tree: 105bc32568afcb7dd145a2560bc865ff8de3a20f /providers/implementations/kdfs
parent: 23f04372f45f8c9e3865c3bcfee3f77a9cc10673 (diff)
1 files changed, 0 insertions, 3 deletions
diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c
index bc7d7fd721..46a1253ee8 100644
--- a/providers/implementations/kdfs/tls1_prf.c
+++ b/providers/implementations/kdfs/tls1_prf.c
@@ -183,9 +183,6 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
     }
     /* The seed fields concatenate, so process them all */
     if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SEED)) != NULL) {
-        OPENSSL_cleanse(ctx->seed, ctx->seedlen);
-        ctx->seedlen = 0;
-
         for (; p != NULL; p = OSSL_PARAM_locate_const(p + 1,
                                                       OSSL_KDF_PARAM_SEED)) {
             const void *q = ctx->seed + ctx->seedlen;
author	Matt Caswell <matt@openssl.org>	2020-07-03 16:18:03 +0100
committer	Matt Caswell <matt@openssl.org>	2020-08-10 14:51:57 +0100
commit	ac2d58c72b4dc4a8c74eef893000306bf78a30fd (patch)
tree	105bc32568afcb7dd145a2560bc865ff8de3a20f /providers/implementations/kdfs
parent	23f04372f45f8c9e3865c3bcfee3f77a9cc10673 (diff)