| Thanks, Paul. I noticed the type values matched the RFC, but thought maybe it should be a string if that was the case.
I did find another issue:
if (EVP_KDF_derive(kctx, out, &outlen, params) <= 0)
The actual value of ‘outlen’ should be passed, not the address.
Kory
It is correct, the KDF is expecting the characters 'A' through 'F' here. This is what is specified in the RFC: https://datatracker.ietf.org/doc/html/rfc4253#section-7.2That line of code ought to have cast to (char *) or type defined simply as char, but it is essentially correct. Pauli On 26/3/22 5:11 am, Kory Hamzeh wrote: Hi All,
If you look at the example SSH KDF code here:
https://www.openssl.org/docs/manmaster/man7/EVP_KDF-SSHKDF.html
Specifically, these lines:
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE,
&type, sizeof(type));
The variable ‘type’ is defined as a “const char”, so an 8 bit integer. The compiler spits out a warning on that line. Is the example code correct?
I wonder if it should be calling OSSL_PARAM_construct_int() and ‘type’ changed to ‘int’?
Thanks,
Kory
|
