/*
- * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#define KDF_PBKDF2_MIN_SALT_LEN (128 / 8)
static OSSL_FUNC_kdf_newctx_fn kdf_pbkdf2_new;
+static OSSL_FUNC_kdf_dupctx_fn kdf_pbkdf2_dup;
static OSSL_FUNC_kdf_freectx_fn kdf_pbkdf2_free;
static OSSL_FUNC_kdf_reset_fn kdf_pbkdf2_reset;
static OSSL_FUNC_kdf_derive_fn kdf_pbkdf2_derive;
static OSSL_FUNC_kdf_gettable_ctx_params_fn kdf_pbkdf2_gettable_ctx_params;
static OSSL_FUNC_kdf_get_ctx_params_fn kdf_pbkdf2_get_ctx_params;
-static int pbkdf2_derive(const char *pass, size_t passlen,
- const unsigned char *salt, int saltlen, uint64_t iter,
- const EVP_MD *digest, unsigned char *key,
- size_t keylen, int extra_checks);
+static int pbkdf2_derive(const char *pass, size_t passlen,
+ const unsigned char *salt, int saltlen, uint64_t iter,
+ const EVP_MD *digest, unsigned char *key,
+ size_t keylen, int extra_checks);
typedef struct {
void *provctx;
static void kdf_pbkdf2_init(KDF_PBKDF2 *ctx);
-static void *kdf_pbkdf2_new(void *provctx)
+static void *kdf_pbkdf2_new_no_init(void *provctx)
{
KDF_PBKDF2 *ctx;
return NULL;
ctx = OPENSSL_zalloc(sizeof(*ctx));
- if (ctx == NULL) {
- ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ if (ctx == NULL)
return NULL;
- }
ctx->provctx = provctx;
- kdf_pbkdf2_init(ctx);
+ return ctx;
+}
+
+static void *kdf_pbkdf2_new(void *provctx)
+{
+ KDF_PBKDF2 *ctx = kdf_pbkdf2_new_no_init(provctx);
+
+ if (ctx != NULL)
+ kdf_pbkdf2_init(ctx);
return ctx;
}
kdf_pbkdf2_init(ctx);
}
+static void *kdf_pbkdf2_dup(void *vctx)
+{
+ const KDF_PBKDF2 *src = (const KDF_PBKDF2 *)vctx;
+ KDF_PBKDF2 *dest;
+
+ /* We need a new PBKDF2 object but uninitialised since we're filling it */
+ dest = kdf_pbkdf2_new_no_init(src->provctx);
+ if (dest != NULL) {
+ if (!ossl_prov_memdup(src->salt, src->salt_len,
+ &dest->salt, &dest->salt_len)
+ || !ossl_prov_memdup(src->pass, src->pass_len,
+ &dest->pass, &dest->pass_len)
+ || !ossl_prov_digest_copy(&dest->digest, &src->digest))
+ goto err;
+ dest->iter = src->iter;
+ dest->lower_bound_checks = src->lower_bound_checks;
+ }
+ return dest;
+
+ err:
+ kdf_pbkdf2_free(dest);
+ return NULL;
+}
+
static void kdf_pbkdf2_init(KDF_PBKDF2 *ctx)
{
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
/* This is an error, but there is no way to indicate such directly */
ossl_prov_digest_reset(&ctx->digest);
ctx->iter = PKCS5_DEFAULT_ITER;
- ctx->lower_bound_checks = kdf_pbkdf2_default_checks;
+ ctx->lower_bound_checks = ossl_kdf_pbkdf2_default_checks;
}
static int pbkdf2_set_membuf(unsigned char **buffer, size_t *buflen,
const OSSL_PARAM *p)
{
OPENSSL_clear_free(*buffer, *buflen);
+ *buffer = NULL;
+ *buflen = 0;
+
if (p->data_size == 0) {
- if ((*buffer = OPENSSL_malloc(1)) == NULL) {
- ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ if ((*buffer = OPENSSL_malloc(1)) == NULL)
return 0;
- }
} else if (p->data != NULL) {
- *buffer = NULL;
if (!OSSL_PARAM_get_octet_string(p, (void **)buffer, 0, buflen))
return 0;
}
int pkcs5;
uint64_t iter, min_iter;
+ if (params == NULL)
+ return 1;
+
if (!ossl_prov_digest_load_from_params(&ctx->digest, params, provctx))
return 0;
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_SALT_LENGTH);
return 0;
}
- if (!pbkdf2_set_membuf(&ctx->salt, &ctx->salt_len,p))
+ if (!pbkdf2_set_membuf(&ctx->salt, &ctx->salt_len, p))
return 0;
}
const OSSL_DISPATCH ossl_kdf_pbkdf2_functions[] = {
{ OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_pbkdf2_new },
+ { OSSL_FUNC_KDF_DUPCTX, (void(*)(void))kdf_pbkdf2_dup },
{ OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_pbkdf2_free },
{ OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_pbkdf2_reset },
{ OSSL_FUNC_KDF_DERIVE, (void(*)(void))kdf_pbkdf2_derive },
{ OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS,
(void(*)(void))kdf_pbkdf2_gettable_ctx_params },
{ OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))kdf_pbkdf2_get_ctx_params },
- { 0, NULL }
+ OSSL_DISPATCH_END
};
/*
unsigned long i = 1;
HMAC_CTX *hctx_tpl = NULL, *hctx = NULL;
- mdlen = EVP_MD_size(digest);
+ mdlen = EVP_MD_get_size(digest);
if (mdlen <= 0)
return 0;