change prototype of the ecdh KDF: make input parameter const and the outlen argument more flexible
diff --git a/apps/speed.c b/apps/speed.c index 451a92e..19b08ce 100644 --- a/apps/speed.c +++ b/apps/speed.c
@@ -449,11 +449,13 @@ static const int KDF1_SHA1_len = 20; -static void *KDF1_SHA1(void *in, size_t inlen, void *out, size_t outlen) +static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { #ifndef OPENSSL_NO_SHA - if (outlen != SHA_DIGEST_LENGTH) + if (*outlen < SHA_DIGEST_LENGTH) return NULL; + else + *outlen = SHA_DIGEST_LENGTH; return SHA1(in, inlen, out); #else return NULL; @@ -2189,7 +2191,7 @@ * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt). */ int field_size, outlen; - void *(*kdf)(void *in, size_t inlen, void *out, size_t xoutlen); + void *(*kdf)(const void *in, size_t inlen, void *out, size_t *xoutlen); field_size = EC_GROUP_get_degree(ecdh_a[j]->group); if (field_size <= 24 * 8) {
diff --git a/crypto/ecdh/ecdh.h b/crypto/ecdh/ecdh.h index f9189e0..28aa853 100644 --- a/crypto/ecdh/ecdh.h +++ b/crypto/ecdh/ecdh.h
@@ -92,7 +92,7 @@ { const char *name; int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, - void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen)); + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); #if 0 int (*init)(EC_KEY *eckey); int (*finish)(EC_KEY *eckey); @@ -127,7 +127,7 @@ int ECDH_set_method(EC_KEY *, const ECDH_METHOD *); int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, - void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen)); + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c index f9162b7..2a6baf4 100644 --- a/crypto/ecdh/ecdhtest.c +++ b/crypto/ecdh/ecdhtest.c
@@ -105,11 +105,13 @@ static const int KDF1_SHA1_len = 20; -static void *KDF1_SHA1(void *in, size_t inlen, void *out, size_t outlen) +static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { #ifndef OPENSSL_NO_SHA - if (outlen != SHA_DIGEST_LENGTH) + if (*outlen < SHA_DIGEST_LENGTH) return NULL; + else + *outlen = SHA_DIGEST_LENGTH; return SHA1(in, inlen, out); #else return NULL;
diff --git a/crypto/ecdh/ech_key.c b/crypto/ecdh/ech_key.c index 7d1bb32..ea23a0d 100644 --- a/crypto/ecdh/ech_key.c +++ b/crypto/ecdh/ech_key.c
@@ -72,8 +72,9 @@ #include <openssl/engine.h> #endif -int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *eckey, - void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen)) +int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, + EC_KEY *eckey, + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) { ECDH_DATA *ecdh = ecdh_check(eckey); if (ecdh == NULL)
diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index d61e54f..b1c634b 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c
@@ -79,8 +79,9 @@ #include <openssl/obj_mac.h> #include <openssl/bn.h> -static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key, EC_KEY *ecdh, - void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen)); +static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key, + EC_KEY *ecdh, + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); static ECDH_METHOD openssl_ecdh_meth = { "OpenSSL ECDH method", @@ -104,8 +105,9 @@ * - ECSVDP-DH * Finally an optional KDF is applied. */ -static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, - void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen)) +static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, + EC_KEY *ecdh, + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) { BN_CTX *ctx; EC_POINT *tmp=NULL; @@ -182,7 +184,7 @@ if (KDF != 0) { - if (KDF(buf, buflen, out, outlen) == NULL) + if (KDF(buf, buflen, out, &outlen) == NULL) { ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_KDF_FAILED); goto err;
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 54598f0..e6a83fb 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c
@@ -1579,11 +1579,13 @@ static const int KDF1_SHA1_len = 20; -static void *KDF1_SHA1(void *in, size_t inlen, void *out, size_t outlen) +static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { #ifndef OPENSSL_NO_SHA - if (outlen != SHA_DIGEST_LENGTH) + if (*outlen < SHA_DIGEST_LENGTH) return NULL; + else + *outlen = SHA_DIGEST_LENGTH; return SHA1(in, inlen, out); #else return NULL;
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 4d19637..62a6cf7 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c
@@ -1588,11 +1588,13 @@ static const int KDF1_SHA1_len = 20; -static void *KDF1_SHA1(void *in, size_t inlen, void *out, size_t outlen) +static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { #ifndef OPENSSL_NO_SHA - if (outlen != SHA_DIGEST_LENGTH) + if (*outlen < SHA_DIGEST_LENGTH) return NULL; + else + *outlen = SHA_DIGEST_LENGTH; return SHA1(in, inlen, out); #else return NULL;