+static EVP_MAC_CTX *kdf_tls1_prf_mkmacctx(OPENSSL_CTX *libctx,
+ const char *mdname,
+ const OSSL_PARAM params[])
+{
+ const OSSL_PARAM *p;
+ OSSL_PARAM mac_params[5], *mp = mac_params;
+ const char *properties = NULL;
+ /* TODO(3.0) rethink "flags", also see hmac.c in providers */
+ int mac_flags = EVP_MD_CTX_FLAG_NON_FIPS_ALLOW;
+ EVP_MAC_CTX *macctx = NULL;
+
+ *mp++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
+ (char *)mdname, 0);
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+ if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_ENGINE)) != NULL)
+ *mp++ = *p;
+#endif
+ if ((p = OSSL_PARAM_locate_const(params,
+ OSSL_KDF_PARAM_PROPERTIES)) != NULL) {
+ properties = p->data;
+ *mp++ = *p;
+ }
+ *mp++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_FLAGS, &mac_flags);
+ *mp = OSSL_PARAM_construct_end();
+
+ /* Implicit fetch */
+ {
+ EVP_MAC *mac = EVP_MAC_fetch(libctx, OSSL_MAC_NAME_HMAC, properties);
+
+ macctx = EVP_MAC_CTX_new(mac);
+ /* The context holds on to the MAC */
+ EVP_MAC_free(mac);
+ if (macctx == NULL)
+ goto err;
+ }
+
+ if (EVP_MAC_CTX_set_params(macctx, mac_params))
+ goto done;
+ err:
+ EVP_MAC_CTX_free(macctx);
+ macctx = NULL;
+ done:
+ return macctx;
+}
+