summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/kdf
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/kdf')
-rw-r--r--src/lib/libcrypto/kdf/hkdf_evp.c276
-rw-r--r--src/lib/libcrypto/kdf/kdf.h137
-rw-r--r--src/lib/libcrypto/kdf/kdf_err.c99
-rw-r--r--src/lib/libcrypto/kdf/tls1_prf.c345
4 files changed, 0 insertions, 857 deletions
diff --git a/src/lib/libcrypto/kdf/hkdf_evp.c b/src/lib/libcrypto/kdf/hkdf_evp.c
deleted file mode 100644
index b33e2e0a26..0000000000
--- a/src/lib/libcrypto/kdf/hkdf_evp.c
+++ /dev/null
@@ -1,276 +0,0 @@
1/* $OpenBSD: hkdf_evp.c,v 1.20 2023/06/26 08:57:17 tb Exp $ */
2/* ====================================================================
3 * Copyright (c) 2016-2018 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 */
49
50#include <stdlib.h>
51#include <string.h>
52
53#include <openssl/err.h>
54#include <openssl/evp.h>
55#include <openssl/hmac.h>
56#include <openssl/hkdf.h>
57#include <openssl/kdf.h>
58
59#include "evp_local.h"
60
61#define HKDF_MAXBUF 1024
62
63typedef struct {
64 int mode;
65 const EVP_MD *md;
66 unsigned char *salt;
67 size_t salt_len;
68 unsigned char *key;
69 size_t key_len;
70 unsigned char info[HKDF_MAXBUF];
71 size_t info_len;
72} HKDF_PKEY_CTX;
73
74static int
75pkey_hkdf_init(EVP_PKEY_CTX *ctx)
76{
77 HKDF_PKEY_CTX *kctx;
78
79 if ((kctx = calloc(1, sizeof(*kctx))) == NULL) {
80 KDFerror(ERR_R_MALLOC_FAILURE);
81 return 0;
82 }
83
84 ctx->data = kctx;
85
86 return 1;
87}
88
89static void
90pkey_hkdf_cleanup(EVP_PKEY_CTX *ctx)
91{
92 HKDF_PKEY_CTX *kctx = ctx->data;
93
94 freezero(kctx->salt, kctx->salt_len);
95 freezero(kctx->key, kctx->key_len);
96 freezero(kctx, sizeof(*kctx));
97}
98
99static int
100pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
101{
102 HKDF_PKEY_CTX *kctx = ctx->data;
103
104 switch (type) {
105 case EVP_PKEY_CTRL_HKDF_MD:
106 if (p2 == NULL)
107 return 0;
108
109 kctx->md = p2;
110 return 1;
111
112 case EVP_PKEY_CTRL_HKDF_MODE:
113 kctx->mode = p1;
114 return 1;
115
116 case EVP_PKEY_CTRL_HKDF_SALT:
117 if (p1 == 0 || p2 == NULL)
118 return 1;
119
120 if (p1 < 0)
121 return 0;
122
123 freezero(kctx->salt, kctx->salt_len);
124 if ((kctx->salt = malloc(p1)) == NULL)
125 return 0;
126 memcpy(kctx->salt, p2, p1);
127
128 kctx->salt_len = p1;
129 return 1;
130
131 case EVP_PKEY_CTRL_HKDF_KEY:
132 if (p1 < 0)
133 return 0;
134
135 freezero(kctx->key, kctx->key_len);
136 kctx->key = NULL;
137 kctx->key_len = 0;
138
139 /* Match OpenSSL's behavior. */
140 if (p1 == 0 || p2 == NULL)
141 return 0;
142
143 if ((kctx->key = malloc(p1)) == NULL)
144 return 0;
145 memcpy(kctx->key, p2, p1);
146
147 kctx->key_len = p1;
148 return 1;
149
150 case EVP_PKEY_CTRL_HKDF_INFO:
151 if (p1 == 0 || p2 == NULL)
152 return 1;
153
154 if (p1 < 0 || p1 > (int)(HKDF_MAXBUF - kctx->info_len))
155 return 0;
156
157 memcpy(kctx->info + kctx->info_len, p2, p1);
158 kctx->info_len += p1;
159 return 1;
160
161 default:
162 return -2;
163 }
164}
165
166static int
167pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
168 const char *value)
169{
170 if (strcmp(type, "mode") == 0) {
171 int mode;
172
173 if (strcmp(value, "EXTRACT_AND_EXPAND") == 0)
174 mode = EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND;
175 else if (strcmp(value, "EXTRACT_ONLY") == 0)
176 mode = EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY;
177 else if (strcmp(value, "EXPAND_ONLY") == 0)
178 mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY;
179 else
180 return 0;
181
182 return EVP_PKEY_CTX_hkdf_mode(ctx, mode);
183 }
184
185 if (strcmp(type, "md") == 0)
186 return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_DERIVE,
187 EVP_PKEY_CTRL_HKDF_MD, value);
188
189 if (strcmp(type, "salt") == 0)
190 return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT,
191 value);
192
193 if (strcmp(type, "hexsalt") == 0)
194 return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT,
195 value);
196
197 if (strcmp(type, "key") == 0)
198 return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_KEY, value);
199
200 if (strcmp(type, "hexkey") == 0)
201 return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_KEY, value);
202
203 if (strcmp(type, "info") == 0)
204 return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_INFO,
205 value);
206
207 if (strcmp(type, "hexinfo") == 0)
208 return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_INFO,
209 value);
210
211 KDFerror(KDF_R_UNKNOWN_PARAMETER_TYPE);
212 return -2;
213}
214
215static int
216pkey_hkdf_derive_init(EVP_PKEY_CTX *ctx)
217{
218 HKDF_PKEY_CTX *kctx = ctx->data;
219
220 freezero(kctx->key, kctx->key_len);
221 freezero(kctx->salt, kctx->salt_len);
222 explicit_bzero(kctx, sizeof(*kctx));
223
224 return 1;
225}
226
227static int
228pkey_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
229 size_t *keylen)
230{
231 HKDF_PKEY_CTX *kctx = ctx->data;
232
233 if (kctx->md == NULL) {
234 KDFerror(KDF_R_MISSING_MESSAGE_DIGEST);
235 return 0;
236 }
237 if (kctx->key == NULL) {
238 KDFerror(KDF_R_MISSING_KEY);
239 return 0;
240 }
241
242 switch (kctx->mode) {
243 case EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND:
244 return HKDF(key, *keylen, kctx->md, kctx->key, kctx->key_len,
245 kctx->salt, kctx->salt_len, kctx->info, kctx->info_len);
246
247 case EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY:
248 if (key == NULL) {
249 *keylen = EVP_MD_size(kctx->md);
250 return 1;
251 }
252 return HKDF_extract(key, keylen, kctx->md, kctx->key,
253 kctx->key_len, kctx->salt, kctx->salt_len);
254
255 case EVP_PKEY_HKDEF_MODE_EXPAND_ONLY:
256 return HKDF_expand(key, *keylen, kctx->md, kctx->key,
257 kctx->key_len, kctx->info, kctx->info_len);
258
259 default:
260 return 0;
261 }
262}
263
264const EVP_PKEY_METHOD hkdf_pkey_meth = {
265 .pkey_id = EVP_PKEY_HKDF,
266 .flags = 0,
267
268 .init = pkey_hkdf_init,
269 .copy = NULL,
270 .cleanup = pkey_hkdf_cleanup,
271
272 .derive_init = pkey_hkdf_derive_init,
273 .derive = pkey_hkdf_derive,
274 .ctrl = pkey_hkdf_ctrl,
275 .ctrl_str = pkey_hkdf_ctrl_str,
276};
diff --git a/src/lib/libcrypto/kdf/kdf.h b/src/lib/libcrypto/kdf/kdf.h
deleted file mode 100644
index 578949cb5c..0000000000
--- a/src/lib/libcrypto/kdf/kdf.h
+++ /dev/null
@@ -1,137 +0,0 @@
1/* $OpenBSD: kdf.h,v 1.9 2024/07/09 16:20:17 tb Exp $ */
2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project.
5 */
6/* ====================================================================
7 * Copyright (c) 2016-2018 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 */
54
55#ifndef HEADER_KDF_H
56# define HEADER_KDF_H
57
58#ifdef __cplusplus
59extern "C" {
60#endif
61
62# define EVP_PKEY_CTRL_TLS_MD (EVP_PKEY_ALG_CTRL + 0)
63# define EVP_PKEY_CTRL_TLS_SECRET (EVP_PKEY_ALG_CTRL + 1)
64# define EVP_PKEY_CTRL_TLS_SEED (EVP_PKEY_ALG_CTRL + 2)
65
66# define EVP_PKEY_CTRL_HKDF_MD (EVP_PKEY_ALG_CTRL + 3)
67# define EVP_PKEY_CTRL_HKDF_SALT (EVP_PKEY_ALG_CTRL + 4)
68# define EVP_PKEY_CTRL_HKDF_KEY (EVP_PKEY_ALG_CTRL + 5)
69# define EVP_PKEY_CTRL_HKDF_INFO (EVP_PKEY_ALG_CTRL + 6)
70# define EVP_PKEY_CTRL_HKDF_MODE (EVP_PKEY_ALG_CTRL + 7)
71
72# define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0
73# define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1
74# define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2
75
76
77# define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \
78 EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
79 EVP_PKEY_CTRL_TLS_MD, 0, (void *)(md))
80
81# define EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, seclen) \
82 EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
83 EVP_PKEY_CTRL_TLS_SECRET, seclen, (void *)(sec))
84
85# define EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seedlen) \
86 EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
87 EVP_PKEY_CTRL_TLS_SEED, seedlen, (void *)(seed))
88
89
90# define EVP_PKEY_CTX_set_hkdf_md(pctx, md) \
91 EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
92 EVP_PKEY_CTRL_HKDF_MD, 0, (void *)(md))
93
94# define EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, saltlen) \
95 EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
96 EVP_PKEY_CTRL_HKDF_SALT, saltlen, (void *)(salt))
97
98# define EVP_PKEY_CTX_set1_hkdf_key(pctx, key, keylen) \
99 EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
100 EVP_PKEY_CTRL_HKDF_KEY, keylen, (void *)(key))
101
102# define EVP_PKEY_CTX_add1_hkdf_info(pctx, info, infolen) \
103 EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
104 EVP_PKEY_CTRL_HKDF_INFO, infolen, (void *)(info))
105
106# define EVP_PKEY_CTX_hkdf_mode(pctx, mode) \
107 EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
108 EVP_PKEY_CTRL_HKDF_MODE, mode, NULL)
109
110int ERR_load_KDF_strings(void);
111
112/*
113 * KDF function codes.
114 */
115# define KDF_F_PKEY_HKDF_CTRL_STR 103
116# define KDF_F_PKEY_HKDF_DERIVE 102
117# define KDF_F_PKEY_HKDF_INIT 108
118# define KDF_F_PKEY_TLS1_PRF_CTRL_STR 100
119# define KDF_F_PKEY_TLS1_PRF_DERIVE 101
120# define KDF_F_PKEY_TLS1_PRF_INIT 110
121# define KDF_F_TLS1_PRF_ALG 111
122
123/*
124 * KDF reason codes.
125 */
126# define KDF_R_INVALID_DIGEST 100
127# define KDF_R_MISSING_KEY 104
128# define KDF_R_MISSING_MESSAGE_DIGEST 105
129# define KDF_R_MISSING_SECRET 107
130# define KDF_R_MISSING_SEED 106
131# define KDF_R_UNKNOWN_PARAMETER_TYPE 103
132# define KDF_R_VALUE_MISSING 102
133
134# ifdef __cplusplus
135}
136# endif
137#endif
diff --git a/src/lib/libcrypto/kdf/kdf_err.c b/src/lib/libcrypto/kdf/kdf_err.c
deleted file mode 100644
index f0dfd21272..0000000000
--- a/src/lib/libcrypto/kdf/kdf_err.c
+++ /dev/null
@@ -1,99 +0,0 @@
1/* $OpenBSD: kdf_err.c,v 1.11 2024/07/09 16:20:17 tb Exp $ */
2/* ====================================================================
3 * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <openssl/err.h>
57#include <openssl/kdf.h>
58
59#include "err_local.h"
60
61#ifndef OPENSSL_NO_ERR
62
63static const ERR_STRING_DATA KDF_str_functs[] = {
64 {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_CTRL_STR, 0), "pkey_hkdf_ctrl_str"},
65 {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_DERIVE, 0), "pkey_hkdf_derive"},
66 {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_INIT, 0), "pkey_hkdf_init"},
67 {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_CTRL_STR, 0), "pkey_tls1_prf_ctrl_str"},
68 {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_DERIVE, 0), "pkey_tls1_prf_derive"},
69 {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_INIT, 0), "pkey_tls1_prf_init"},
70 {ERR_PACK(ERR_LIB_KDF, KDF_F_TLS1_PRF_ALG, 0), "pkey_tls1_prf_alg"},
71 {0, NULL},
72};
73
74static const ERR_STRING_DATA KDF_str_reasons[] = {
75 {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_INVALID_DIGEST), "invalid digest"},
76 {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_KEY), "missing key"},
77 {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_MESSAGE_DIGEST),
78 "missing message digest"},
79 {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SECRET), "missing secret"},
80 {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SEED), "missing seed"},
81 {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_UNKNOWN_PARAMETER_TYPE),
82 "unknown parameter type"},
83 {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_MISSING), "value missing"},
84 {0, NULL},
85};
86
87#endif
88
89int
90ERR_load_KDF_strings(void)
91{
92#ifndef OPENSSL_NO_ERR
93 if (ERR_func_error_string(KDF_str_functs[0].error) == NULL) {
94 ERR_load_const_strings(KDF_str_functs);
95 ERR_load_const_strings(KDF_str_reasons);
96 }
97#endif
98 return 1;
99}
diff --git a/src/lib/libcrypto/kdf/tls1_prf.c b/src/lib/libcrypto/kdf/tls1_prf.c
deleted file mode 100644
index 7d6231e3c7..0000000000
--- a/src/lib/libcrypto/kdf/tls1_prf.c
+++ /dev/null
@@ -1,345 +0,0 @@
1/* $OpenBSD: tls1_prf.c,v 1.40 2024/07/10 06:53:27 tb Exp $ */
2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
4 * 2016.
5 */
6/* ====================================================================
7 * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#include <stdlib.h>
61#include <stdio.h>
62#include <string.h>
63
64#include <openssl/err.h>
65#include <openssl/evp.h>
66#include <openssl/kdf.h>
67
68#include "evp_local.h"
69
70#define TLS1_PRF_MAXBUF 1024
71
72struct tls1_prf_ctx {
73 const EVP_MD *md;
74 unsigned char *secret;
75 size_t secret_len;
76 unsigned char seed[TLS1_PRF_MAXBUF];
77 size_t seed_len;
78};
79
80static int
81pkey_tls1_prf_init(EVP_PKEY_CTX *ctx)
82{
83 struct tls1_prf_ctx *kctx;
84
85 if ((kctx = calloc(1, sizeof(*kctx))) == NULL) {
86 KDFerror(ERR_R_MALLOC_FAILURE);
87 return 0;
88 }
89 ctx->data = kctx;
90
91 return 1;
92}
93
94static void
95pkey_tls1_prf_cleanup(EVP_PKEY_CTX *ctx)
96{
97 struct tls1_prf_ctx *kctx = ctx->data;
98
99 freezero(kctx->secret, kctx->secret_len);
100 freezero(kctx, sizeof(*kctx));
101}
102
103static int
104pkey_tls1_prf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
105{
106 struct tls1_prf_ctx *kctx = ctx->data;
107
108 switch (type) {
109 case EVP_PKEY_CTRL_TLS_MD:
110 kctx->md = p2;
111 return 1;
112
113 case EVP_PKEY_CTRL_TLS_SECRET:
114 if (p1 < 0)
115 return 0;
116
117 freezero(kctx->secret, kctx->secret_len);
118 kctx->secret = NULL;
119 kctx->secret_len = 0;
120
121 explicit_bzero(kctx->seed, kctx->seed_len);
122 kctx->seed_len = 0;
123
124 if (p1 == 0 || p2 == NULL)
125 return 0;
126
127 if ((kctx->secret = calloc(1, p1)) == NULL)
128 return 0;
129 memcpy(kctx->secret, p2, p1);
130 kctx->secret_len = p1;
131
132 return 1;
133
134 case EVP_PKEY_CTRL_TLS_SEED:
135 if (p1 == 0 || p2 == NULL)
136 return 1;
137 if (p1 < 0 || p1 > (int)(TLS1_PRF_MAXBUF - kctx->seed_len))
138 return 0;
139 memcpy(kctx->seed + kctx->seed_len, p2, p1);
140 kctx->seed_len += p1;
141 return 1;
142
143 default:
144 return -2;
145 }
146}
147
148static int
149pkey_tls1_prf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
150{
151 if (value == NULL) {
152 KDFerror(KDF_R_VALUE_MISSING);
153 return 0;
154 }
155 if (strcmp(type, "md") == 0) {
156 struct tls1_prf_ctx *kctx = ctx->data;
157
158 const EVP_MD *md = EVP_get_digestbyname(value);
159 if (md == NULL) {
160 KDFerror(KDF_R_INVALID_DIGEST);
161 return 0;
162 }
163 kctx->md = md;
164 return 1;
165 }
166 if (strcmp(type, "secret") == 0)
167 return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value);
168 if (strcmp(type, "hexsecret") == 0)
169 return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value);
170 if (strcmp(type, "seed") == 0)
171 return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value);
172 if (strcmp(type, "hexseed") == 0)
173 return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value);
174
175 KDFerror(KDF_R_UNKNOWN_PARAMETER_TYPE);
176 return -2;
177}
178
179static int
180tls1_prf_P_hash(const EVP_MD *md, const unsigned char *secret, size_t secret_len,
181 const unsigned char *seed, size_t seed_len, unsigned char *out, size_t out_len)
182{
183 int chunk;
184 EVP_MD_CTX *ctx = NULL, *ctx_tmp = NULL, *ctx_init = NULL;
185 EVP_PKEY *mac_key = NULL;
186 unsigned char A1[EVP_MAX_MD_SIZE];
187 size_t A1_len;
188 int ret = 0;
189
190 if ((chunk = EVP_MD_size(md)) < 0)
191 goto err;
192
193 if ((ctx = EVP_MD_CTX_new()) == NULL)
194 goto err;
195 if ((ctx_tmp = EVP_MD_CTX_new()) == NULL)
196 goto err;
197 if ((ctx_init = EVP_MD_CTX_new()) == NULL)
198 goto err;
199
200 EVP_MD_CTX_set_flags(ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
201
202 if ((mac_key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
203 secret, secret_len)) == NULL)
204 goto err;
205
206 if (!EVP_DigestSignInit(ctx_init, NULL, md, NULL, mac_key))
207 goto err;
208 if (!EVP_MD_CTX_copy_ex(ctx, ctx_init))
209 goto err;
210 if (seed != NULL && !EVP_DigestSignUpdate(ctx, seed, seed_len))
211 goto err;
212 if (!EVP_DigestSignFinal(ctx, A1, &A1_len))
213 goto err;
214
215 for (;;) {
216 /* Reinit mac contexts */
217 if (!EVP_MD_CTX_copy_ex(ctx, ctx_init))
218 goto err;
219 if (!EVP_DigestSignUpdate(ctx, A1, A1_len))
220 goto err;
221 if (out_len > (size_t)chunk && !EVP_MD_CTX_copy_ex(ctx_tmp, ctx))
222 goto err;
223 if (seed != NULL && !EVP_DigestSignUpdate(ctx, seed, seed_len))
224 goto err;
225
226 if (out_len > (size_t)chunk) {
227 size_t mac_len;
228 if (!EVP_DigestSignFinal(ctx, out, &mac_len))
229 goto err;
230 out += mac_len;
231 out_len -= mac_len;
232 if (!EVP_DigestSignFinal(ctx_tmp, A1, &A1_len))
233 goto err;
234 } else {
235 if (!EVP_DigestSignFinal(ctx, A1, &A1_len))
236 goto err;
237 memcpy(out, A1, out_len);
238 break;
239 }
240 }
241
242 ret = 1;
243
244 err:
245 EVP_PKEY_free(mac_key);
246 EVP_MD_CTX_free(ctx);
247 EVP_MD_CTX_free(ctx_tmp);
248 EVP_MD_CTX_free(ctx_init);
249 explicit_bzero(A1, sizeof(A1));
250
251 return ret;
252}
253
254static int
255tls1_prf_alg(const EVP_MD *md, const unsigned char *secret, size_t secret_len,
256 const unsigned char *seed, size_t seed_len, unsigned char *out, size_t out_len)
257{
258 unsigned char *tmp = NULL;
259 size_t half_len;
260 size_t i;
261 int ret = 0;
262
263 if (EVP_MD_type(md) != NID_md5_sha1)
264 return tls1_prf_P_hash(md, secret, secret_len, seed, seed_len,
265 out, out_len);
266
267 half_len = secret_len - secret_len / 2;
268 if (!tls1_prf_P_hash(EVP_md5(), secret, half_len, seed, seed_len,
269 out, out_len))
270 goto err;
271
272 if ((tmp = calloc(1, out_len)) == NULL) {
273 KDFerror(ERR_R_MALLOC_FAILURE);
274 goto err;
275 }
276 secret += secret_len - half_len;
277 if (!tls1_prf_P_hash(EVP_sha1(), secret, half_len, seed, seed_len,
278 tmp, out_len))
279 goto err;
280 for (i = 0; i < out_len; i++)
281 out[i] ^= tmp[i];
282
283 ret = 1;
284
285 err:
286 freezero(tmp, out_len);
287
288 return ret;
289}
290
291static int
292pkey_tls1_prf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *key_len)
293{
294 struct tls1_prf_ctx *kctx = ctx->data;
295
296 if (kctx->md == NULL) {
297 KDFerror(KDF_R_MISSING_MESSAGE_DIGEST);
298 return 0;
299 }
300 if (kctx->secret == NULL) {
301 KDFerror(KDF_R_MISSING_SECRET);
302 return 0;
303 }
304 if (kctx->seed_len == 0) {
305 KDFerror(KDF_R_MISSING_SEED);
306 return 0;
307 }
308
309 return tls1_prf_alg(kctx->md, kctx->secret, kctx->secret_len,
310 kctx->seed, kctx->seed_len, key, *key_len);
311}
312
313const EVP_PKEY_METHOD tls1_prf_pkey_meth = {
314 .pkey_id = EVP_PKEY_TLS1_PRF,
315 .flags = 0,
316
317 .init = pkey_tls1_prf_init,
318 .copy = NULL,
319 .cleanup = pkey_tls1_prf_cleanup,
320
321 .paramgen = NULL,
322
323 .keygen = NULL,
324
325 .sign_init = NULL,
326 .sign = NULL,
327
328 .verify_init = NULL,
329 .verify = NULL,
330
331 .verify_recover = NULL,
332
333 .signctx_init = NULL,
334 .signctx = NULL,
335
336 .encrypt = NULL,
337
338 .decrypt = NULL,
339
340 .derive_init = NULL,
341 .derive = pkey_tls1_prf_derive,
342
343 .ctrl = pkey_tls1_prf_ctrl,
344 .ctrl_str = pkey_tls1_prf_ctrl_str,
345};
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-06 19:58:34 +0000