From 965a1cb92e4774ca2f74dad9e060aa7b2d80c77d Mon Sep 17 00:00:00 2001 From: Nils Larsch Date: Sat, 23 Apr 2005 10:11:16 +0000 Subject: [PATCH] change prototype of the ecdh KDF: make input parameter const and the outlen argument more flexible --- apps/speed.c | 8 +++++--- crypto/ecdh/ecdh.h | 4 ++-- crypto/ecdh/ecdhtest.c | 6 ++++-- crypto/ecdh/ech_key.c | 5 +++-- crypto/ecdh/ech_ossl.c | 12 +++++++----- ssl/s3_clnt.c | 6 ++++-- ssl/s3_srvr.c | 6 ++++-- 7 files changed, 29 insertions(+), 18 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index 451a92ecd..19b08ce9a 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -449,11 +449,13 @@ static double Time_F(int s) static const int KDF1_SHA1_len = 20; -static void *KDF1_SHA1(void *in, size_t inlen, void *out, size_t outlen) +static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { #ifndef OPENSSL_NO_SHA - if (outlen != SHA_DIGEST_LENGTH) + if (*outlen < SHA_DIGEST_LENGTH) return NULL; + else + *outlen = SHA_DIGEST_LENGTH; return SHA1(in, inlen, out); #else return NULL; @@ -2189,7 +2191,7 @@ int MAIN(int argc, char **argv) * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt). */ int field_size, outlen; - void *(*kdf)(void *in, size_t inlen, void *out, size_t xoutlen); + void *(*kdf)(const void *in, size_t inlen, void *out, size_t *xoutlen); field_size = EC_GROUP_get_degree(ecdh_a[j]->group); if (field_size <= 24 * 8) { diff --git a/crypto/ecdh/ecdh.h b/crypto/ecdh/ecdh.h index f9189e09c..28aa853fc 100644 --- a/crypto/ecdh/ecdh.h +++ b/crypto/ecdh/ecdh.h @@ -92,7 +92,7 @@ struct ecdh_method { const char *name; int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, - void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen)); + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); #if 0 int (*init)(EC_KEY *eckey); int (*finish)(EC_KEY *eckey); @@ -127,7 +127,7 @@ const ECDH_METHOD *ECDH_get_default_method(void); int ECDH_set_method(EC_KEY *, const ECDH_METHOD *); int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, - void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen)); + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c index f9162b7e8..2a6baf480 100644 --- a/crypto/ecdh/ecdhtest.c +++ b/crypto/ecdh/ecdhtest.c @@ -105,11 +105,13 @@ static const char rnd_seed[] = "string to make the random number generator think static const int KDF1_SHA1_len = 20; -static void *KDF1_SHA1(void *in, size_t inlen, void *out, size_t outlen) +static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { #ifndef OPENSSL_NO_SHA - if (outlen != SHA_DIGEST_LENGTH) + if (*outlen < SHA_DIGEST_LENGTH) return NULL; + else + *outlen = SHA_DIGEST_LENGTH; return SHA1(in, inlen, out); #else return NULL; diff --git a/crypto/ecdh/ech_key.c b/crypto/ecdh/ech_key.c index 7d1bb32ae..ea23a0d26 100644 --- a/crypto/ecdh/ech_key.c +++ b/crypto/ecdh/ech_key.c @@ -72,8 +72,9 @@ #include #endif -int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *eckey, - void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen)) +int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, + EC_KEY *eckey, + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) { ECDH_DATA *ecdh = ecdh_check(eckey); if (ecdh == NULL) diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index d61e54f18..b1c634b46 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -79,8 +79,9 @@ #include #include -static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key, EC_KEY *ecdh, - void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen)); +static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key, + EC_KEY *ecdh, + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); static ECDH_METHOD openssl_ecdh_meth = { "OpenSSL ECDH method", @@ -104,8 +105,9 @@ const ECDH_METHOD *ECDH_OpenSSL(void) * - ECSVDP-DH * Finally an optional KDF is applied. */ -static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, - void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen)) +static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, + EC_KEY *ecdh, + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) { BN_CTX *ctx; EC_POINT *tmp=NULL; @@ -182,7 +184,7 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, E if (KDF != 0) { - if (KDF(buf, buflen, out, outlen) == NULL) + if (KDF(buf, buflen, out, &outlen) == NULL) { ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_KDF_FAILED); goto err; diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 54598f0f8..e6a83fb5b 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1579,11 +1579,13 @@ static int ssl3_get_server_done(SSL *s) static const int KDF1_SHA1_len = 20; -static void *KDF1_SHA1(void *in, size_t inlen, void *out, size_t outlen) +static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { #ifndef OPENSSL_NO_SHA - if (outlen != SHA_DIGEST_LENGTH) + if (*outlen < SHA_DIGEST_LENGTH) return NULL; + else + *outlen = SHA_DIGEST_LENGTH; return SHA1(in, inlen, out); #else return NULL; diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 4d196371e..62a6cf7f9 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1588,11 +1588,13 @@ err: static const int KDF1_SHA1_len = 20; -static void *KDF1_SHA1(void *in, size_t inlen, void *out, size_t outlen) +static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { #ifndef OPENSSL_NO_SHA - if (outlen != SHA_DIGEST_LENGTH) + if (*outlen < SHA_DIGEST_LENGTH) return NULL; + else + *outlen = SHA_DIGEST_LENGTH; return SHA1(in, inlen, out); #else return NULL;