kdf: Use the OsslParam API to simplify building OSSL_PARAM

Signed-off-by: Jakub Jelen <[email protected]>

Author: Jakuje

openssl/src/kdf.rs

@@ -25,14 +25,23 @@ impl Drop for EvpKdfCtx {
 cfg_if::cfg_if! {
     if #[cfg(all(ossl320, not(osslconf = "OPENSSL_NO_ARGON2")))] {
         use std::cmp;
-        use std::ffi::c_void;
-        use std::mem::MaybeUninit;
         use std::ptr;
         use foreign_types::ForeignTypeRef;
         use libc::c_char;
         use crate::{cvt, cvt_p};
         use crate::lib_ctx::LibCtxRef;
         use crate::error::ErrorStack;
+        use crate::ossl_param::OsslParamBuilder;
+
+        const OSSL_KDF_PARAM_PASSWORD: &[u8; 5] = b"pass\0";
+        const OSSL_KDF_PARAM_SALT: &[u8; 5] = b"salt\0";
+        const OSSL_KDF_PARAM_SECRET: &[u8; 7] = b"secret\0";
+        const OSSL_KDF_PARAM_ITER: &[u8; 5] = b"iter\0";
+        const OSSL_KDF_PARAM_SIZE: &[u8; 5] = b"size\0";
+        const OSSL_KDF_PARAM_THREADS: &[u8; 8] = b"threads\0";
+        const OSSL_KDF_PARAM_ARGON2_AD: &[u8; 3] = b"ad\0";
+        const OSSL_KDF_PARAM_ARGON2_LANES: &[u8; 6] = b"lanes\0";
+        const OSSL_KDF_PARAM_ARGON2_MEMCOST: &[u8; 8] = b"memcost\0";
 
         /// Derives a key using the argon2id algorithm.
         ///
@@ -48,72 +57,40 @@ cfg_if::cfg_if! {
             salt: &[u8],
             ad: Option<&[u8]>,
             secret: Option<&[u8]>,
-            mut iter: u32,
-            mut lanes: u32,
-            mut memcost: u32,
+            iter: u32,
+            lanes: u32,
+            memcost: u32,
             out: &mut [u8],
         ) -> Result<(), ErrorStack> {
-            unsafe {
+            let libctx = ctx.map_or(ptr::null_mut(), ForeignTypeRef::as_ptr);
+            let max_threads = unsafe {
                 ffi::init();
-                let libctx = ctx.map_or(ptr::null_mut(), ForeignTypeRef::as_ptr);
-
-                let max_threads = ffi::OSSL_get_max_threads(libctx);
-                let mut threads = 1;
-                // If max_threads is 0, then this isn't a threaded build.
-                // If max_threads is > u32::MAX we need to clamp since
-                // argon2id's threads parameter is a u32.
-                if max_threads > 0 {
-                    threads = cmp::min(lanes, cmp::min(max_threads, u32::MAX as u64) as u32);
-                }
-                let mut params: [ffi::OSSL_PARAM; 10] =
-                    core::array::from_fn(|_| MaybeUninit::<ffi::OSSL_PARAM>::zeroed().assume_init());
-                let mut idx = 0;
-                params[idx] = ffi::OSSL_PARAM_construct_octet_string(
-                    b"pass\0".as_ptr() as *const c_char,
-                    pass.as_ptr() as *mut c_void,
-                    pass.len(),
-                );
-                idx += 1;
-                params[idx] = ffi::OSSL_PARAM_construct_octet_string(
-                    b"salt\0".as_ptr() as *const c_char,
-                    salt.as_ptr() as *mut c_void,
-                    salt.len(),
-                );
-                idx += 1;
-                params[idx] =
-                    ffi::OSSL_PARAM_construct_uint(b"threads\0".as_ptr() as *const c_char, &mut threads);
-                idx += 1;
-                params[idx] =
-                    ffi::OSSL_PARAM_construct_uint(b"lanes\0".as_ptr() as *const c_char, &mut lanes);
-                idx += 1;
-                params[idx] =
-                    ffi::OSSL_PARAM_construct_uint(b"memcost\0".as_ptr() as *const c_char, &mut memcost);
-                idx += 1;
-                params[idx] =
-                    ffi::OSSL_PARAM_construct_uint(b"iter\0".as_ptr() as *const c_char, &mut iter);
-                idx += 1;
-                let mut size = out.len() as u32;
-                params[idx] =
-                    ffi::OSSL_PARAM_construct_uint(b"size\0".as_ptr() as *const c_char, &mut size);
-                idx += 1;
-                if let Some(ad) = ad {
-                    params[idx] = ffi::OSSL_PARAM_construct_octet_string(
-                        b"ad\0".as_ptr() as *const c_char,
-                        ad.as_ptr() as *mut c_void,
-                        ad.len(),
-                    );
-                    idx += 1;
-                }
-                if let Some(secret) = secret {
-                    params[idx] = ffi::OSSL_PARAM_construct_octet_string(
-                        b"secret\0".as_ptr() as *const c_char,
-                        secret.as_ptr() as *mut c_void,
-                        secret.len(),
-                    );
-                    idx += 1;
-                }
-                params[idx] = ffi::OSSL_PARAM_construct_end();
-
+                ffi::OSSL_get_max_threads(libctx)
+            };
+            let mut threads = 1;
+            // If max_threads is 0, then this isn't a threaded build.
+            // If max_threads is > u32::MAX we need to clamp since
+            // argon2id's threads parameter is a u32.
+            if max_threads > 0 {
+                threads = cmp::min(lanes, cmp::min(max_threads, u32::MAX as u64) as u32);
+            }
+            let bld = OsslParamBuilder::new()?;
+            bld.add_octet_string(OSSL_KDF_PARAM_PASSWORD, pass)?;
+            bld.add_octet_string(OSSL_KDF_PARAM_SALT, salt)?;
+            bld.add_uint(OSSL_KDF_PARAM_THREADS, threads)?;
+            bld.add_uint(OSSL_KDF_PARAM_ARGON2_LANES, lanes)?;
+            bld.add_uint(OSSL_KDF_PARAM_ARGON2_MEMCOST, memcost)?;
+            bld.add_uint(OSSL_KDF_PARAM_ITER, iter)?;
+            let size = out.len() as u32;
+            bld.add_uint(OSSL_KDF_PARAM_SIZE, size)?;
+            if let Some(ad) = ad {
+                bld.add_octet_string(OSSL_KDF_PARAM_ARGON2_AD, ad)?;
+            }
+            if let Some(secret) = secret {
+                bld.add_octet_string(OSSL_KDF_PARAM_SECRET, secret)?;
+            }
+            let params = bld.to_param()?;
+            unsafe {
                 let argon2 = EvpKdf(cvt_p(ffi::EVP_KDF_fetch(
                     libctx,
                     b"ARGON2ID\0".as_ptr() as *const c_char,