refactor: use EVP_MAC in gost_tls12_additional_kdftree

Vladislav Sapegin · Vladislav Sapegin · commit afbb4f2a0af1 · 2026-04-01T15:42:41.000+03:00
diff --git a/gost_tls12_additional_kdftree.c b/gost_tls12_additional_kdftree.c
@@ -1,9 +1,10 @@
 #include <string.h>
 
 #include <openssl/buffer.h>
+#include <openssl/core_names.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
-#include <openssl/hmac.h>
+#include <openssl/params.h>
 
 #include "gost_tls12_additional.h"
 #include "e_gost_err.h"
@@ -29,19 +30,28 @@ int gost_kdftree2012_256(unsigned char *keyout, size_t keyout_len,
     int iters, i = 0;
     unsigned char zero = 0;
     unsigned char *ptr = keyout;
-    HMAC_CTX *ctx;
+    EVP_MAC *mac = NULL;
+    EVP_MAC_CTX *ctx = NULL;
     unsigned char *len_ptr = NULL;
     uint32_t len_repr = be32(keyout_len * 8);
     size_t len_repr_len = 4;
+    OSSL_PARAM params[] = {
+        OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_DIGEST,
+                               (char *)SN_id_GostR3411_2012_256, 0),
+        OSSL_PARAM_END
+    };
 
-    ctx = HMAC_CTX_new();
-    if (ctx == NULL) {
+    mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_HMAC, NULL);
+    if (mac == NULL || (ctx = EVP_MAC_CTX_new(mac)) == NULL) {
         GOSTerr(GOST_F_GOST_KDFTREE2012_256, ERR_R_MALLOC_FAILURE);
+        EVP_MAC_free(mac);
         return 0;
     }
 
     if ((keyout_len == 0) || (keyout_len % 32 != 0)) {
         GOSTerr(GOST_F_GOST_KDFTREE2012_256, ERR_R_INTERNAL_ERROR);
+        EVP_MAC_CTX_free(ctx);
+        EVP_MAC_free(mac);
         return 0;
     }
     iters = keyout_len / 32;
@@ -56,26 +66,27 @@ int gost_kdftree2012_256(unsigned char *keyout, size_t keyout_len,
         uint32_t iter_net = be32(i);
         unsigned char *rep_ptr =
             ((unsigned char *)&iter_net) + (4 - representation);
+        size_t out_len = 0;
 
-        if (HMAC_Init_ex(ctx, key, keylen,
-                         EVP_get_digestbynid(NID_id_GostR3411_2012_256),
-                         NULL) <= 0
-            || HMAC_Update(ctx, rep_ptr, representation) <= 0
-            || HMAC_Update(ctx, label, label_len) <= 0
-            || HMAC_Update(ctx, &zero, 1) <= 0
-            || HMAC_Update(ctx, seed, seed_len) <= 0
-            || HMAC_Update(ctx, len_ptr, len_repr_len) <= 0
-            || HMAC_Final(ctx, ptr, NULL) <= 0) {
+        if (EVP_MAC_init(ctx, key, keylen, params) <= 0
+            || EVP_MAC_update(ctx, rep_ptr, representation) <= 0
+            || EVP_MAC_update(ctx, label, label_len) <= 0
+            || EVP_MAC_update(ctx, &zero, 1) <= 0
+            || EVP_MAC_update(ctx, seed, seed_len) <= 0
+            || EVP_MAC_update(ctx, len_ptr, len_repr_len) <= 0
+            || EVP_MAC_final(ctx, ptr, &out_len, 32) <= 0
+            || out_len != 32) {
             GOSTerr(GOST_F_GOST_KDFTREE2012_256, ERR_R_INTERNAL_ERROR);
-            HMAC_CTX_free(ctx);
+            EVP_MAC_CTX_free(ctx);
+            EVP_MAC_free(mac);
             return 0;
         }
 
-        HMAC_CTX_reset(ctx);
         ptr += 32;
     }
 
-    HMAC_CTX_free(ctx);
+    EVP_MAC_CTX_free(ctx);
+    EVP_MAC_free(mac);
 
     return 1;
 }
