Move KDF handling to ECDH_compute_key()

In OpenSSL e2285d87, the KDF handling was moved from the compute_key() method into the public API. A consequence of this change is that the ECDH_compute_key() API no longer returns -1 for some errors. Existing checks for <= 0 are safe as are those checking for the exact length as return value, which is all what the ecosystem seems to be doing. ok jsing
author: tb <> 2023-07-28 09:28:37 +0000
committer: tb <> 2023-07-28 09:28:37 +0000
commit: c043ade63ba3d45eacfb953347c00f0988397d9a (patch)
tree: 7caeb4b66ea3545dbbf75224b3b77f6e29ea4f22 /src/lib/libcrypto/ec/ec.h
parent: 2d27f5ba745b8f5de6e3e827829699607f11a54f (diff)
download: openbsd-c043ade63ba3d45eacfb953347c00f0988397d9a.tar.gz
openbsd-c043ade63ba3d45eacfb953347c00f0988397d9a.tar.bz2
openbsd-c043ade63ba3d45eacfb953347c00f0988397d9a.zip
1 files changed, 6 insertions, 5 deletions
diff --git a/src/lib/libcrypto/ec/ec.h b/src/lib/libcrypto/ec/ec.h
index 686f018a9d..85951f0b97 100644
--- a/src/lib/libcrypto/ec/ec.h
+++ b/src/lib/libcrypto/ec/ec.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec.h,v 1.44 2023/07/28 09:25:12 tb Exp $ */
+/* $OpenBSD: ec.h,v 1.45 2023/07/28 09:28:37 tb Exp $ */
 /*
 * Originally written by Bodo Moeller for the OpenSSL project.
 */
@@ -368,8 +368,8 @@ void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth,
 void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth,
    int (*keygen)(EC_KEY *key));
 void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth,
-    int (*ckey)(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
+    int (*ckey)(unsigned char **out, size_t *out_len, const EC_POINT *pub_key,
-        void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen)));
+        const EC_KEY *ecdh));
 void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth,
    int (*sign)(int type, const unsigned char *digest, int digest_len,
        unsigned char *signature, unsigned int *signature_len,
@@ -392,8 +392,8 @@ void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth,
 void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth,
    int (**pkeygen)(EC_KEY *key));
 void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth,
-    int (**pck)(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
+    int (**pck)(unsigned char **out, size_t *out_len, const EC_POINT *pub_key,
-        void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen)));
+        const EC_KEY *ecdh));
 void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth,
    int (**psign)(int type, const unsigned char *digest, int digest_len,
        unsigned char *signature, unsigned int *signature_len,
@@ -684,6 +684,7 @@ void ERR_load_EC_strings(void);
 #define EC_R_INVALID_FORM                                104
 #define EC_R_INVALID_GROUP_ORDER                         122
 #define EC_R_INVALID_KEY                                 165
+#define EC_R_INVALID_OUTPUT_LENGTH                       171
 #define EC_R_INVALID_PEER_KEY                            152
 #define EC_R_INVALID_PENTANOMIAL_BASIS                   132
 #define EC_R_INVALID_PRIVATE_KEY                         123
author	tb <>	2023-07-28 09:28:37 +0000
committer	tb <>	2023-07-28 09:28:37 +0000
commit	c043ade63ba3d45eacfb953347c00f0988397d9a (patch)
tree	7caeb4b66ea3545dbbf75224b3b77f6e29ea4f22 /src/lib/libcrypto/ec/ec.h
parent	2d27f5ba745b8f5de6e3e827829699607f11a54f (diff)
download	openbsd-c043ade63ba3d45eacfb953347c00f0988397d9a.tar.gz openbsd-c043ade63ba3d45eacfb953347c00f0988397d9a.tar.bz2 openbsd-c043ade63ba3d45eacfb953347c00f0988397d9a.zip