From 219494c07b446f11d0c101cc5ee6a9ccb5dca1cb Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Tue, 5 Jul 2022 13:23:44 +0900
Subject: [PATCH] ecdh: Use gcry_md_read when KDF API is not available.

* g10/ecdh.c [GCRYPT_VERSION_NUMBER] (derive_kek): Conditionalize.

--

Note that it's compile-time check.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 g10/ecdh.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/g10/ecdh.c b/g10/ecdh.c
index d676e2c19..a3e99ad9d 100644
--- a/g10/ecdh.c
+++ b/g10/ecdh.c
@@ -189,6 +189,7 @@ derive_kek (size_t kek_size,
             const unsigned char *kdf_params, size_t kdf_params_size)
 {
   gpg_error_t err;
+#if GCRYPT_VERSION_NUMBER >= 0x010b00
   gcry_kdf_hd_t hd;
   unsigned long param[1];
 
@@ -205,6 +206,27 @@ derive_kek (size_t kek_size,
       /* Clean the tail before returning.  */
       memset (secret_x+kek_size, 0, secret_x_size - kek_size);
     }
+#else
+  gcry_md_hd_t h;
+
+  log_assert( gcry_md_get_algo_dlen (kdf_hash_algo) >= 32 );
+
+  err = gcry_md_open (&h, kdf_hash_algo, 0);
+  if (err)
+    {
+      log_error ("gcry_md_open failed for kdf_hash_algo %d: %s",
+                 kdf_hash_algo, gpg_strerror (err));
+      return err;
+    }
+  gcry_md_write(h, "\x00\x00\x00\x01", 4);      /* counter = 1 */
+  gcry_md_write(h, secret_x, secret_x_size);    /* x of the point X */
+  gcry_md_write(h, kdf_params, kdf_params_size);      /* KDF parameters */
+  gcry_md_final (h);
+  memcpy (secret_x, gcry_md_read (h, kdf_hash_algo), kek_size);
+  gcry_md_close (h);
+  /* Clean the tail before returning.  */
+  memset (secret_x+kek_size, 0, secret_x_size - kek_size);
+#endif
   if (DBG_CRYPTO)
     log_printhex (secret_x, kek_size, "ecdh KEK is:");
   return err;