From: Richard Levitte <levitte@openssl.org>
Date: Mon, 1 Feb 2021 07:58:58 +0000 (+0100)
Subject: Allow the sshkdf type to be passed as a single character
X-Git-Tag: openssl-3.0.0-alpha13~191
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=a8eb71ad577bbbd41cea915315451f0ef9f11581

Allow the sshkdf type to be passed as a single character

This partially reverts commit 270a5ce1d9ea579a2f1d45887971582b1ef2b6a1.

This also slightly modifies the way diverse parameters in are
specified in providers/fips/self_test_data.inc for better consistency.

Fixes #14027

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14035)
---

diff --git a/doc/man7/EVP_KDF-SSHKDF.pod b/doc/man7/EVP_KDF-SSHKDF.pod
index a2ff902cce..b782b6fa7c 100644
--- a/doc/man7/EVP_KDF-SSHKDF.pod
+++ b/doc/man7/EVP_KDF-SSHKDF.pod
@@ -51,32 +51,32 @@ There are six supported types:
 =item EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV
 
 The Initial IV from client to server.
-Char array initializer of value {65, 0}, i.e., ASCII string "A".
+A single char of value 65 (ASCII char 'A').
 
 =item EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI
 
 The Initial IV from server to client
-Char array initializer of value {66, 0}, i.e., ASCII string "B".
+A single char of value 66 (ASCII char 'B').
 
 =item EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV
 
 The Encryption Key from client to server
-Char array initializer of value {67, 0}, i.e., ASCII string "C".
+A single char of value 67 (ASCII char 'C').
 
 =item EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI
 
 The Encryption Key from server to client
-Char array initializer of value {68, 0}, i.e., ASCII string "D".
+A single char of value 68 (ASCII char 'D').
 
 =item EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV
 
 The Integrity Key from client to server
-Char array initializer of value {69, 0}, i.e., ASCII string "E".
+A single char of value 69 (ASCII char 'E').
 
 =item EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI
 
 The Integrity Key from client to server
-Char array initializer of value {70, 0}, i.e., ASCII string "F".
+A single char of value 70 (ASCII char 'F').
 
 =back
 
@@ -103,7 +103,7 @@ This example derives an 8 byte IV using SHA-256 with a 1K "key" and appropriate
 
  EVP_KDF *kdf;
  EVP_KDF_CTX *kctx;
- const char type[] = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
+ const char type = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
  unsigned char key[1024] = "01234...";
  unsigned char xcghash[32] = "012345...";
  unsigned char session_id[32] = "012345...";
@@ -124,7 +124,7 @@ This example derives an 8 byte IV using SHA-256 with a 1K "key" and appropriate
  *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
                                           session_id, (size_t)32);
  *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE,
-                                         type, sizeof(type) - 1);
+                                         &type, sizeof(type));
  *p = OSSL_PARAM_construct_end();
  if (EVP_KDF_CTX_set_params(kctx, params) <= 0)
      /* Error */
diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h
index dd24ab04cd..eada3cf1ac 100644
--- a/include/openssl/kdf.h
+++ b/include/openssl/kdf.h
@@ -60,14 +60,12 @@ void EVP_KDF_names_do_all(const EVP_KDF *kdf,
 # define EVP_KDF_HKDF_MODE_EXTRACT_ONLY        1
 # define EVP_KDF_HKDF_MODE_EXPAND_ONLY         2
 
-/* SSHKDF key exchange stages.*/
-/* See https://tools.ietf.org/html/rfc4253#section-7.2 */
-#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV     {65, 0}
-#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI     {66, 0}
-#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV {67, 0}
-#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI {68, 0}
-#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV  {69, 0}
-#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI  {70, 0}
+#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV     65
+#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI     66
+#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67
+#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI 68
+#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV  69
+#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI  70
 
 /**** The legacy PKEY-based KDF API follows. ****/
 
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
index fc8bf2b54e..49ffb7aab6 100644
--- a/providers/fips/self_test_data.inc
+++ b/providers/fips/self_test_data.inc
@@ -8,8 +8,8 @@
  */
 
 /* Macros to build Self test data */
-#define ITM(x) x, sizeof(x)
-#define ITM_STR(x) x, (sizeof(x) - 1)
+#define ITM(x) ((void *)&x), sizeof(x)
+#define ITM_STR(x) ((void *)&x), (sizeof(x) - 1)
 
 #define ST_KAT_PARAM_END() { "", 0, NULL, 0 }
 #define ST_KAT_PARAM_BIGNUM(name, data)                                        \
@@ -18,8 +18,10 @@
     { name, OSSL_PARAM_OCTET_STRING, ITM(data) }
 #define ST_KAT_PARAM_UTF8STRING(name, data)                                    \
     { name, OSSL_PARAM_UTF8_STRING, ITM_STR(data) }
+#define ST_KAT_PARAM_UTF8CHAR(name, data)                                    \
+    { name, OSSL_PARAM_UTF8_STRING, ITM(data) }
 #define ST_KAT_PARAM_INT(name, i)                                              \
-    { name, OSSL_PARAM_INTEGER, &i, sizeof(i) }
+    { name, OSSL_PARAM_INTEGER, ITM(i) }
 
 /* used to store raw parameters for keys and algorithms */
 typedef struct st_kat_param_st {
@@ -351,7 +353,7 @@ static const ST_KAT_PARAM pbkdf2_params[] = {
 };
 
 static const char sshkdf_digest[] = "SHA1";
-static const char sshkdf_type[] = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
+static const char sshkdf_type = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
 static const unsigned char sshkdf_key[] = {
     0x00, 0x00, 0x00, 0x80, 0x55, 0xba, 0xe9, 0x31,
     0xc0, 0x7f, 0xd8, 0x24, 0xbf, 0x10, 0xad, 0xd1,
@@ -386,7 +388,7 @@ static const unsigned char sshkdf_expected[] = {
 };
 static const ST_KAT_PARAM sshkdf_params[] = {
     ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, sshkdf_digest),
-    ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_SSHKDF_TYPE, sshkdf_type),
+    ST_KAT_PARAM_UTF8CHAR(OSSL_KDF_PARAM_SSHKDF_TYPE, sshkdf_type),
     ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, sshkdf_key),
     ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SSHKDF_XCGHASH, sshkdf_xcghash),
     ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SSHKDF_SESSION_ID, sshkdf_session_id),
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
index c408339298..79b78f0ba5 100644
--- a/providers/fips/self_test_kats.c
+++ b/providers/fips/self_test_kats.c
@@ -159,7 +159,8 @@ static int add_params(OSSL_PARAM_BLD *bld, const ST_KAT_PARAM *params,
             break;
         }
         case OSSL_PARAM_UTF8_STRING: {
-            if (!OSSL_PARAM_BLD_push_utf8_string(bld, p->name, p->data, 0))
+            if (!OSSL_PARAM_BLD_push_utf8_string(bld, p->name, p->data,
+                                                 p->data_len))
                 goto err;
             break;
         }
diff --git a/providers/implementations/kdfs/sshkdf.c b/providers/implementations/kdfs/sshkdf.c
index 1caef4b7b8..cc8f946390 100644
--- a/providers/implementations/kdfs/sshkdf.c
+++ b/providers/implementations/kdfs/sshkdf.c
@@ -159,7 +159,8 @@ static int kdf_sshkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 
         if (!OSSL_PARAM_get_utf8_string_ptr(p, &kdftype))
             return 0;
-        if (kdftype == NULL || kdftype[0] == '\0' || kdftype[1] != '\0')
+        /* Expect one character (byte in this case) */
+        if (kdftype == NULL || p->data_size != 1)
             return 0;
         if (kdftype[0] < 65 || kdftype[0] > 70) {
             ERR_raise(ERR_LIB_PROV, PROV_R_VALUE_ERROR);
diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c
index cb387bc71d..a1a2fadcce 100644
--- a/test/evp_kdf_test.c
+++ b/test/evp_kdf_test.c
@@ -1205,7 +1205,7 @@ static int test_kdf_sshkdf(void)
     int ret;
     EVP_KDF_CTX *kctx;
     OSSL_PARAM params[6], *p = params;
-    char kdftype[] = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
+    char kdftype = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
     unsigned char out[8];
     /* Test data from NIST CAVS 14.1 test vectors */
     static unsigned char key[] = {
@@ -1245,7 +1245,7 @@ static int test_kdf_sshkdf(void)
     *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
                                              sessid, sizeof(sessid));
     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE,
-                                            kdftype, 0);
+                                            &kdftype, sizeof(kdftype));
     *p = OSSL_PARAM_construct_end();
 
     ret =