Thanks, Paul. I noticed the type values matched the RFC, but thought maybe it should be a string if that was the case.
I did find another issue: if (EVP_KDF_derive(kctx, out, &outlen, params) <= 0) The actual value of ‘outlen’ should be passed, not the address. Kory > On Mar 25, 2022, at 4:01 PM, pa...@openssl.org wrote: > > It is correct, the KDF is expecting the characters 'A' through 'F' here. > This is what is specified in the RFC: > https://datatracker.ietf.org/doc/html/rfc4253#section-7.2 > > That line of code ought to have cast to (char *) or type defined simply as > char, but it is essentially correct. > > > Pauli > > On 26/3/22 5:11 am, Kory Hamzeh wrote: >> Hi All, >> >> If you look at the example SSH KDF code here: >> >> https://www.openssl.org/docs/manmaster/man7/EVP_KDF-SSHKDF.html >> >> Specifically, these lines: >> >> *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE, >> &type, sizeof(type)); >> The variable ‘type’ is defined as a “const char”, so an 8 bit integer. The >> compiler spits out a warning on that line. Is the example code correct? >> >> I wonder if it should be calling OSSL_PARAM_construct_int() and ‘type’ >> changed to ‘int’? >> >> Thanks, >> Kory >> >