Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable HKDF support for LibreSSL >= 3.6.0 #2066

Merged
merged 1 commit into from Oct 21, 2023
Merged

Enable HKDF support for LibreSSL >= 3.6.0 #2066

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
28 changes: 14 additions & 14 deletions openssl-sys/src/evp.rs
View file
Open in desktop
Expand Up @@ -28,7 +28,7 @@ pub const EVP_PKEY_HMAC: c_int = NID_hmac;
pub const EVP_PKEY_CMAC: c_int = NID_cmac;
#[cfg(ossl111)]
pub const EVP_PKEY_POLY1305: c_int = NID_poly1305;
#[cfg(ossl110)]
#[cfg(any(ossl110, libressl360))]
pub const EVP_PKEY_HKDF: c_int = NID_hkdf;

#[cfg(ossl102)]
Expand Down Expand Up @@ -201,31 +201,31 @@ pub const EVP_PKEY_CTRL_CIPHER: c_int = 12;

pub const EVP_PKEY_ALG_CTRL: c_int = 0x1000;

#[cfg(ossl111)]
#[cfg(any(ossl111, libressl360))]
pub const EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND: c_int = 0;

#[cfg(ossl111)]
#[cfg(any(ossl111, libressl360))]
pub const EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY: c_int = 1;

#[cfg(ossl111)]
#[cfg(any(ossl111, libressl360))]
pub const EVP_PKEY_HKDEF_MODE_EXPAND_ONLY: c_int = 2;

#[cfg(ossl110)]
#[cfg(any(ossl110, libressl360))]
pub const EVP_PKEY_CTRL_HKDF_MD: c_int = EVP_PKEY_ALG_CTRL + 3;

#[cfg(ossl110)]
#[cfg(any(ossl110, libressl360))]
pub const EVP_PKEY_CTRL_HKDF_SALT: c_int = EVP_PKEY_ALG_CTRL + 4;

#[cfg(ossl110)]
#[cfg(any(ossl110, libressl360))]
pub const EVP_PKEY_CTRL_HKDF_KEY: c_int = EVP_PKEY_ALG_CTRL + 5;

#[cfg(ossl110)]
#[cfg(any(ossl110, libressl360))]
pub const EVP_PKEY_CTRL_HKDF_INFO: c_int = EVP_PKEY_ALG_CTRL + 6;

#[cfg(ossl111)]
#[cfg(any(ossl111, libressl360))]
pub const EVP_PKEY_CTRL_HKDF_MODE: c_int = EVP_PKEY_ALG_CTRL + 7;

#[cfg(all(ossl111, not(ossl300)))]
#[cfg(any(all(ossl111, not(ossl300)), libressl360))]
pub unsafe fn EVP_PKEY_CTX_set_hkdf_mode(ctx: *mut EVP_PKEY_CTX, mode: c_int) -> c_int {
EVP_PKEY_CTX_ctrl(
ctx,
Expand All @@ -237,7 +237,7 @@ pub unsafe fn EVP_PKEY_CTX_set_hkdf_mode(ctx: *mut EVP_PKEY_CTX, mode: c_int) ->
)
}

#[cfg(all(ossl110, not(ossl300)))]
#[cfg(any(all(ossl110, not(ossl300)), libressl360))]
pub unsafe fn EVP_PKEY_CTX_set_hkdf_md(ctx: *mut EVP_PKEY_CTX, md: *const EVP_MD) -> c_int {
EVP_PKEY_CTX_ctrl(
ctx,
Expand All @@ -249,7 +249,7 @@ pub unsafe fn EVP_PKEY_CTX_set_hkdf_md(ctx: *mut EVP_PKEY_CTX, md: *const EVP_MD
)
}

#[cfg(all(ossl110, not(ossl300)))]
#[cfg(any(all(ossl110, not(ossl300)), libressl360))]
pub unsafe fn EVP_PKEY_CTX_set1_hkdf_salt(
ctx: *mut EVP_PKEY_CTX,
salt: *const u8,
Expand All @@ -265,7 +265,7 @@ pub unsafe fn EVP_PKEY_CTX_set1_hkdf_salt(
)
}

#[cfg(all(ossl110, not(ossl300)))]
#[cfg(any(all(ossl110, not(ossl300)), libressl360))]
pub unsafe fn EVP_PKEY_CTX_set1_hkdf_key(
ctx: *mut EVP_PKEY_CTX,
key: *const u8,
Expand All @@ -281,7 +281,7 @@ pub unsafe fn EVP_PKEY_CTX_set1_hkdf_key(
)
}

#[cfg(all(ossl110, not(ossl300)))]
#[cfg(any(all(ossl110, not(ossl300)), libressl360))]
pub unsafe fn EVP_PKEY_CTX_add1_hkdf_info(
ctx: *mut EVP_PKEY_CTX,
info: *const u8,
Expand Down
2 changes: 2 additions & 0 deletions openssl-sys/src/obj_mac.rs
View file
Open in desktop
Expand Up @@ -928,6 +928,8 @@ pub const NID_X25519: c_int = 950;
pub const NID_X448: c_int = 1035;
#[cfg(ossl110)]
pub const NID_hkdf: c_int = 1036;
#[cfg(libressl360)]
pub const NID_hkdf: c_int = 1022;
#[cfg(ossl111)]
pub const NID_poly1305: c_int = 1061;
#[cfg(ossl111)]
Expand Down
2 changes: 1 addition & 1 deletion openssl/src/pkey.rs
View file
Open in desktop
Expand Up @@ -92,7 +92,7 @@ impl Id {
#[cfg(ossl111)]
pub const SM2: Id = Id(ffi::EVP_PKEY_SM2);

#[cfg(any(ossl110, boringssl))]
#[cfg(any(ossl110, boringssl, libressl360))]
pub const HKDF: Id = Id(ffi::EVP_PKEY_HKDF);

#[cfg(any(ossl111, boringssl, libressl370))]
Expand Down
20 changes: 10 additions & 10 deletions openssl/src/pkey_ctx.rs
View file
Open in desktop
Expand Up @@ -80,10 +80,10 @@ use std::convert::TryFrom;
use std::ptr;

/// HKDF modes of operation.
#[cfg(ossl111)]
#[cfg(any(ossl111, libressl360))]
pub struct HkdfMode(c_int);

#[cfg(ossl111)]
#[cfg(any(ossl111, libressl360))]
impl HkdfMode {
/// This is the default mode. Calling [`derive`][PkeyCtxRef::derive] on a [`PkeyCtxRef`] set up
/// for HKDF will perform an extract followed by an expand operation in one go. The derived key
Expand Down Expand Up @@ -566,7 +566,7 @@ impl<T> PkeyCtxRef<T> {
///
/// Requires OpenSSL 1.1.0 or newer.
#[corresponds(EVP_PKEY_CTX_set_hkdf_md)]
#[cfg(any(ossl110, boringssl))]
#[cfg(any(ossl110, boringssl, libressl360))]
#[inline]
pub fn set_hkdf_md(&mut self, digest: &MdRef) -> Result<(), ErrorStack> {
unsafe {
Expand All @@ -589,7 +589,7 @@ impl<T> PkeyCtxRef<T> {
///
/// Requires OpenSSL 1.1.1 or newer.
#[corresponds(EVP_PKEY_CTX_set_hkdf_mode)]
#[cfg(ossl111)]
#[cfg(any(ossl111, libressl360))]
#[inline]
pub fn set_hkdf_mode(&mut self, mode: HkdfMode) -> Result<(), ErrorStack> {
unsafe {
Expand All @@ -608,7 +608,7 @@ impl<T> PkeyCtxRef<T> {
///
/// Requires OpenSSL 1.1.0 or newer.
#[corresponds(EVP_PKEY_CTX_set1_hkdf_key)]
#[cfg(any(ossl110, boringssl))]
#[cfg(any(ossl110, boringssl, libressl360))]
#[inline]
pub fn set_hkdf_key(&mut self, key: &[u8]) -> Result<(), ErrorStack> {
#[cfg(not(boringssl))]
Expand All @@ -633,7 +633,7 @@ impl<T> PkeyCtxRef<T> {
///
/// Requires OpenSSL 1.1.0 or newer.
#[corresponds(EVP_PKEY_CTX_set1_hkdf_salt)]
#[cfg(any(ossl110, boringssl))]
#[cfg(any(ossl110, boringssl, libressl360))]
#[inline]
pub fn set_hkdf_salt(&mut self, salt: &[u8]) -> Result<(), ErrorStack> {
#[cfg(not(boringssl))]
Expand All @@ -658,7 +658,7 @@ impl<T> PkeyCtxRef<T> {
///
/// Requires OpenSSL 1.1.0 or newer.
#[corresponds(EVP_PKEY_CTX_add1_hkdf_info)]
#[cfg(any(ossl110, boringssl))]
#[cfg(any(ossl110, boringssl, libressl360))]
#[inline]
pub fn add_hkdf_info(&mut self, info: &[u8]) -> Result<(), ErrorStack> {
#[cfg(not(boringssl))]
Expand Down Expand Up @@ -855,7 +855,7 @@ mod test {
}

#[test]
#[cfg(any(ossl110, boringssl))]
#[cfg(any(ossl110, boringssl, libressl360))]
fn hkdf() {
let mut ctx = PkeyCtx::new_id(Id::HKDF).unwrap();
ctx.derive_init().unwrap();
Expand All @@ -877,7 +877,7 @@ mod test {
}

#[test]
#[cfg(ossl111)]
#[cfg(any(ossl111, libressl360))]
fn hkdf_expand() {
let mut ctx = PkeyCtx::new_id(Id::HKDF).unwrap();
ctx.derive_init().unwrap();
Expand All @@ -901,7 +901,7 @@ mod test {
}

#[test]
#[cfg(ossl111)]
#[cfg(any(ossl111, libressl360))]
fn hkdf_extract() {
let mut ctx = PkeyCtx::new_id(Id::HKDF).unwrap();
ctx.derive_init().unwrap();
Expand Down
5 changes: 4 additions & 1 deletion systest/build.rs
View file
Open in desktop
Expand Up @@ -69,8 +69,11 @@ fn main() {
.header("openssl/evp.h")
.header("openssl/x509_vfy.h");

if libressl_version.is_some() {
if let Some(version) = libressl_version {
cfg.header("openssl/poly1305.h");
if version >= 0x30600000 {
cfg.header("openssl/kdf.h");
}
}

if let Some(version) = openssl_version {
Expand Down