change prototype of the ecdh KDF: make input parameter const and the outlen argument more flexible

965a1cb9 · Nils Larsch · e9ad6665 · 965a1cb9 · 965a1cb9 · 965a1cb9
7 changed file
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -449,11 +449,13 @@ static double Time_F(int s)


 static const int KDF1_SHA1_len = 20;
-static void *KDF1_SHA1(void *in, size_t inlen, void *out, size_t outlen)
+static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
 	{
 #ifndef OPENSSL_NO_SHA
-	if (outlen != SHA_DIGEST_LENGTH)
+	if (*outlen < SHA_DIGEST_LENGTH)
 		return NULL;
+	else
+		*outlen = SHA_DIGEST_LENGTH;
 	return SHA1(in, inlen, out);
 #else
 	return NULL;
@@ -2189,7 +2191,7 @@ int MAIN(int argc, char **argv)
 					 * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt).
 					 */
 					int field_size, outlen;
-					void *(*kdf)(void *in, size_t inlen, void *out, size_t xoutlen);
+					void *(*kdf)(const void *in, size_t inlen, void *out, size_t *xoutlen);
 					field_size = EC_GROUP_get_degree(ecdh_a[j]->group);
 					if (field_size <= 24 * 8)
 						{

--- a/crypto/ecdh/ecdh.h
+++ b/crypto/ecdh/ecdh.h
@@ -92,7 +92,7 @@ struct ecdh_method
 	{
 	const char *name;
 	int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
-	                   void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen));
+	                   void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
 #if 0
 	int (*init)(EC_KEY *eckey);
 	int (*finish)(EC_KEY *eckey);
@@ -127,7 +127,7 @@ const ECDH_METHOD *ECDH_get_default_method(void);
 int 	  ECDH_set_method(EC_KEY *, const ECDH_METHOD *);

 int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
-                     void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen));
+                     void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));

 int 	  ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new 
 		*new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

--- a/crypto/ecdh/ecdhtest.c
+++ b/crypto/ecdh/ecdhtest.c
@@ -105,11 +105,13 @@ static const char rnd_seed[] = "string to make the random number generator think


 static const int KDF1_SHA1_len = 20;
-static void *KDF1_SHA1(void *in, size_t inlen, void *out, size_t outlen)
+static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
 	{
 #ifndef OPENSSL_NO_SHA
-	if (outlen != SHA_DIGEST_LENGTH)
+	if (*outlen < SHA_DIGEST_LENGTH)
 		return NULL;
+	else
+		*outlen = SHA_DIGEST_LENGTH;
 	return SHA1(in, inlen, out);
 #else
 	return NULL;

--- a/crypto/ecdh/ech_key.c
+++ b/crypto/ecdh/ech_key.c
@@ -72,8 +72,9 @@
 #include <openssl/engine.h>
 #endif

-int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *eckey,
-                     void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen))
+int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+	EC_KEY *eckey,
+	void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
 {
 	ECDH_DATA *ecdh = ecdh_check(eckey);
 	if (ecdh == NULL)

--- a/crypto/ecdh/ech_ossl.c
+++ b/crypto/ecdh/ech_ossl.c
@@ -79,8 +79,9 @@
 #include <openssl/obj_mac.h>
 #include <openssl/bn.h>

-static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key, EC_KEY *ecdh,
-                            void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen));
+static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key,
+	EC_KEY *ecdh, 
+	void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));

 static ECDH_METHOD openssl_ecdh_meth = {
 	"OpenSSL ECDH method",
@@ -104,8 +105,9 @@ const ECDH_METHOD *ECDH_OpenSSL(void)
 *  - ECSVDP-DH
 * Finally an optional KDF is applied.
 */
-static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
-                            void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen))
+static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+	EC_KEY *ecdh,
+	void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
 	{
 	BN_CTX *ctx;
 	EC_POINT *tmp=NULL;
@@ -182,7 +184,7 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, E

 	if (KDF != 0)
 		{
-		if (KDF(buf, buflen, out, outlen) == NULL)
+		if (KDF(buf, buflen, out, &outlen) == NULL)
 			{
 			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_KDF_FAILED);
 			goto err;

--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1579,11 +1579,13 @@ static int ssl3_get_server_done(SSL *s)


 static const int KDF1_SHA1_len = 20;
-static void *KDF1_SHA1(void *in, size_t inlen, void *out, size_t outlen)
+static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
 	{
 #ifndef OPENSSL_NO_SHA
-	if (outlen != SHA_DIGEST_LENGTH)
+	if (*outlen < SHA_DIGEST_LENGTH)
 		return NULL;
+	else
+		*outlen = SHA_DIGEST_LENGTH;
 	return SHA1(in, inlen, out);
 #else
 	return NULL;

--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1588,11 +1588,13 @@ err:


 static const int KDF1_SHA1_len = 20;
-static void *KDF1_SHA1(void *in, size_t inlen, void *out, size_t outlen)
+static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
 	{
 #ifndef OPENSSL_NO_SHA
-	if (outlen != SHA_DIGEST_LENGTH)
+	if (*outlen < SHA_DIGEST_LENGTH)
 		return NULL;
+	else
+		*outlen = SHA_DIGEST_LENGTH;
 	return SHA1(in, inlen, out);
 #else
 	return NULL;