diff options
| -rw-r--r-- | doc/man7/EVP_KDF-SSHKDF.pod | 16 | ||||
| -rw-r--r-- | include/openssl/kdf.h | 14 | ||||
| -rw-r--r-- | providers/fips/self_test_data.inc | 12 | ||||
| -rw-r--r-- | providers/fips/self_test_kats.c | 3 | ||||
| -rw-r--r-- | providers/implementations/kdfs/sshkdf.c | 3 | ||||
| -rw-r--r-- | test/evp_kdf_test.c | 4 |
6 files changed, 27 insertions, 25 deletions
diff --git a/doc/man7/EVP_KDF-SSHKDF.pod b/doc/man7/EVP_KDF-SSHKDF.pod index a2ff902cce..b782b6fa7c 100644 --- a/doc/man7/EVP_KDF-SSHKDF.pod +++ b/doc/man7/EVP_KDF-SSHKDF.pod @@ -51,32 +51,32 @@ There are six supported types: =item EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV The Initial IV from client to server. -Char array initializer of value {65, 0}, i.e., ASCII string "A". +A single char of value 65 (ASCII char 'A'). =item EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI The Initial IV from server to client -Char array initializer of value {66, 0}, i.e., ASCII string "B". +A single char of value 66 (ASCII char 'B'). =item EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV The Encryption Key from client to server -Char array initializer of value {67, 0}, i.e., ASCII string "C". +A single char of value 67 (ASCII char 'C'). =item EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI The Encryption Key from server to client -Char array initializer of value {68, 0}, i.e., ASCII string "D". +A single char of value 68 (ASCII char 'D'). =item EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV The Integrity Key from client to server -Char array initializer of value {69, 0}, i.e., ASCII string "E". +A single char of value 69 (ASCII char 'E'). =item EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI The Integrity Key from client to server -Char array initializer of value {70, 0}, i.e., ASCII string "F". +A single char of value 70 (ASCII char 'F'). =back @@ -103,7 +103,7 @@ This example derives an 8 byte IV using SHA-256 with a 1K "key" and appropriate EVP_KDF *kdf; EVP_KDF_CTX *kctx; - const char type[] = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV; + const char type = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV; unsigned char key[1024] = "01234..."; unsigned char xcghash[32] = "012345..."; unsigned char session_id[32] = "012345..."; @@ -124,7 +124,7 @@ This example derives an 8 byte IV using SHA-256 with a 1K "key" and appropriate *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, session_id, (size_t)32); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE, - type, sizeof(type) - 1); + &type, sizeof(type)); *p = OSSL_PARAM_construct_end(); if (EVP_KDF_CTX_set_params(kctx, params) <= 0) /* Error */ diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h index dd24ab04cd..eada3cf1ac 100644 --- a/include/openssl/kdf.h +++ b/include/openssl/kdf.h @@ -60,14 +60,12 @@ void EVP_KDF_names_do_all(const EVP_KDF *kdf, # define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1 # define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2 -/* SSHKDF key exchange stages.*/ -/* See https://tools.ietf.org/html/rfc4253#section-7.2 */ -#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV {65, 0} -#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI {66, 0} -#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV {67, 0} -#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI {68, 0} -#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV {69, 0} -#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI {70, 0} +#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65 +#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66 +#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67 +#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI 68 +#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV 69 +#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI 70 /**** The legacy PKEY-based KDF API follows. ****/ diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc index fc8bf2b54e..49ffb7aab6 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc @@ -8,8 +8,8 @@ */ /* Macros to build Self test data */ -#define ITM(x) x, sizeof(x) -#define ITM_STR(x) x, (sizeof(x) - 1) +#define ITM(x) ((void *)&x), sizeof(x) +#define ITM_STR(x) ((void *)&x), (sizeof(x) - 1) #define ST_KAT_PARAM_END() { "", 0, NULL, 0 } #define ST_KAT_PARAM_BIGNUM(name, data) \ @@ -18,8 +18,10 @@ { name, OSSL_PARAM_OCTET_STRING, ITM(data) } #define ST_KAT_PARAM_UTF8STRING(name, data) \ { name, OSSL_PARAM_UTF8_STRING, ITM_STR(data) } +#define ST_KAT_PARAM_UTF8CHAR(name, data) \ + { name, OSSL_PARAM_UTF8_STRING, ITM(data) } #define ST_KAT_PARAM_INT(name, i) \ - { name, OSSL_PARAM_INTEGER, &i, sizeof(i) } + { name, OSSL_PARAM_INTEGER, ITM(i) } /* used to store raw parameters for keys and algorithms */ typedef struct st_kat_param_st { @@ -351,7 +353,7 @@ static const ST_KAT_PARAM pbkdf2_params[] = { }; static const char sshkdf_digest[] = "SHA1"; -static const char sshkdf_type[] = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV; +static const char sshkdf_type = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV; static const unsigned char sshkdf_key[] = { 0x00, 0x00, 0x00, 0x80, 0x55, 0xba, 0xe9, 0x31, 0xc0, 0x7f, 0xd8, 0x24, 0xbf, 0x10, 0xad, 0xd1, @@ -386,7 +388,7 @@ static const unsigned char sshkdf_expected[] = { }; static const ST_KAT_PARAM sshkdf_params[] = { ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, sshkdf_digest), - ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_SSHKDF_TYPE, sshkdf_type), + ST_KAT_PARAM_UTF8CHAR(OSSL_KDF_PARAM_SSHKDF_TYPE, sshkdf_type), ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, sshkdf_key), ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SSHKDF_XCGHASH, sshkdf_xcghash), ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SSHKDF_SESSION_ID, sshkdf_session_id), diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c index c408339298..79b78f0ba5 100644 --- a/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c @@ -159,7 +159,8 @@ static int add_params(OSSL_PARAM_BLD *bld, const ST_KAT_PARAM *params, break; } case OSSL_PARAM_UTF8_STRING: { - if (!OSSL_PARAM_BLD_push_utf8_string(bld, p->name, p->data, 0)) + if (!OSSL_PARAM_BLD_push_utf8_string(bld, p->name, p->data, + p->data_len)) goto err; break; } diff --git a/providers/implementations/kdfs/sshkdf.c b/providers/implementations/kdfs/sshkdf.c index 1caef4b7b8..cc8f946390 100644 --- a/providers/implementations/kdfs/sshkdf.c +++ b/providers/implementations/kdfs/sshkdf.c @@ -159,7 +159,8 @@ static int kdf_sshkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) if (!OSSL_PARAM_get_utf8_string_ptr(p, &kdftype)) return 0; - if (kdftype == NULL || kdftype[0] == '\0' || kdftype[1] != '\0') + /* Expect one character (byte in this case) */ + if (kdftype == NULL || p->data_size != 1) return 0; if (kdftype[0] < 65 || kdftype[0] > 70) { ERR_raise(ERR_LIB_PROV, PROV_R_VALUE_ERROR); diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c index cb387bc71d..a1a2fadcce 100644 --- a/test/evp_kdf_test.c +++ b/test/evp_kdf_test.c @@ -1205,7 +1205,7 @@ static int test_kdf_sshkdf(void) int ret; EVP_KDF_CTX *kctx; OSSL_PARAM params[6], *p = params; - char kdftype[] = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV; + char kdftype = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV; unsigned char out[8]; /* Test data from NIST CAVS 14.1 test vectors */ static unsigned char key[] = { @@ -1245,7 +1245,7 @@ static int test_kdf_sshkdf(void) *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID, sessid, sizeof(sessid)); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE, - kdftype, 0); + &kdftype, sizeof(kdftype)); *p = OSSL_PARAM_construct_end(); ret = |