Adapt the rest of the source to the opaque HMAC_CTX (bf7c6817) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

apps/speed.c

+11 −7

Original line number	Diff line number	Diff line
		@@ -1298,24 +1298,28 @@ int speed_main(int argc, char **argv)

		#if !defined(OPENSSL_NO_MD5)
		if (doit[D_HMAC]) {
		HMAC_CTX hctx = HMAC_CTX_EMPTY;
		HMAC_CTX *hctx = NULL;

		HMAC_CTX_init(&hctx);
		HMAC_Init_ex(&hctx, (unsigned char *)"This is a key...",
		hctx = HMAC_CTX_new();
		if (hctx == NULL) {
		BIO_printf(bio_err, "HMAC malloc failure, exiting...");
		exit(1);
		}
		HMAC_Init_ex(hctx, (unsigned char *)"This is a key...",
		16, EVP_md5(), NULL);

		for (j = 0; j < SIZE_NUM; j++) {
		print_message(names[D_HMAC], c[D_HMAC][j], lengths[j]);
		Time_F(START);
		for (count = 0, run = 1; COND(c[D_HMAC][j]); count++) {
		HMAC_Init_ex(&hctx, NULL, 0, NULL, NULL);
		HMAC_Update(&hctx, buf, lengths[j]);
		HMAC_Final(&hctx, &(hmac[0]), NULL);
		HMAC_Init_ex(hctx, NULL, 0, NULL, NULL);
		HMAC_Update(hctx, buf, lengths[j]);
		HMAC_Final(hctx, &(hmac[0]), NULL);
		}
		d = Time_F(STOP);
		print_result(D_HMAC, j, count, d);
		}
		HMAC_CTX_cleanup(&hctx);
		HMAC_CTX_free(hctx);
		}
		#endif
		if (doit[D_SHA1]) {

crypto/engine/eng_openssl.c

+9 −11

Original line number	Diff line number	Diff line
		@@ -450,7 +450,7 @@ static EVP_PKEY openssl_load_privkey(ENGINE eng, const char *key_id,
		typedef struct {
		const EVP_MD md; / MD for HMAC use */
		ASN1_OCTET_STRING ktmp; /* Temp storage for key */
		HMAC_CTX ctx;
		HMAC_CTX *ctx;
		} OSSL_HMAC_PKEY_CTX;

		static int ossl_hmac_init(EVP_PKEY_CTX *ctx)
		@@ -461,7 +461,7 @@ static int ossl_hmac_init(EVP_PKEY_CTX *ctx)
		if (hctx == NULL)
		return 0;
		hctx->ktmp.type = V_ASN1_OCTET_STRING;
		HMAC_CTX_init(&hctx->ctx);
		hctx->ctx = HMAC_CTX_new();
		EVP_PKEY_CTX_set_data(ctx, hctx);
		EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
		# ifdef TEST_ENG_OPENSSL_HMAC_INIT
		@@ -478,9 +478,7 @@ static int ossl_hmac_copy(EVP_PKEY_CTX dst, EVP_PKEY_CTX src)
		sctx = EVP_PKEY_CTX_get_data(src);
		dctx = EVP_PKEY_CTX_get_data(dst);
		dctx->md = sctx->md;
		/* Because HMAC_CTX_copy does HMAC_CTX_init */
		HMAC_CTX_cleanup(&dctx->ctx);
		if (!HMAC_CTX_copy(&dctx->ctx, &sctx->ctx))
		if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
		return 0;
		if (sctx->ktmp.data) {
		if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
		@@ -494,7 +492,7 @@ static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx)
		{
		OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);

		HMAC_CTX_cleanup(&hctx->ctx);
		HMAC_CTX_free(hctx->ctx);
		OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length);
		OPENSSL_free(hctx);
		}
		@@ -515,8 +513,8 @@ static int ossl_hmac_keygen(EVP_PKEY_CTX ctx, EVP_PKEY pkey)

		static int ossl_int_update(EVP_MD_CTX ctx, const void data, size_t count)
		{
		OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx->pctx);
		if (!HMAC_Update(&hctx->ctx, data, count))
		OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_pkey_ctx(ctx));
		if (!HMAC_Update(hctx->ctx, data, count))
		return 0;
		return 1;
		}
		@@ -524,7 +522,7 @@ static int ossl_int_update(EVP_MD_CTX ctx, const void data, size_t count)
		static int ossl_hmac_signctx_init(EVP_PKEY_CTX ctx, EVP_MD_CTX mctx)
		{
		EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
		mctx->update = ossl_int_update;
		EVP_MD_CTX_set_update_fn(mctx, ossl_int_update);
		return 1;
		}

		@@ -541,7 +539,7 @@ static int ossl_hmac_signctx(EVP_PKEY_CTX ctx, unsigned char sig,
		if (!sig)
		return 1;

		if (!HMAC_Final(&hctx->ctx, sig, &hlen))
		if (!HMAC_Final(hctx->ctx, sig, &hlen))
		return 0;
		*siglen = (size_t)hlen;
		return 1;
		@@ -568,7 +566,7 @@ static int ossl_hmac_ctrl(EVP_PKEY_CTX ctx, int type, int p1, void p2)
		case EVP_PKEY_CTRL_DIGESTINIT:
		pk = EVP_PKEY_CTX_get0_pkey(ctx);
		key = EVP_PKEY_get0(pk);
		if (!HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md, NULL))
		if (!HMAC_Init_ex(hctx->ctx, key->data, key->length, hctx->md, NULL))
		return 0;
		break;

crypto/evp/p5_crpt2.c

+30 −20

Original line number	Diff line number	Diff line
		@@ -85,21 +85,28 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
		unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
		int cplen, j, k, tkeylen, mdlen;
		unsigned long i = 1;
		HMAC_CTX hctx_tpl = HMAC_CTX_EMPTY, hctx = HMAC_CTX_EMPTY;
		HMAC_CTX hctx_tpl = NULL, hctx = NULL;

		mdlen = EVP_MD_size(digest);
		if (mdlen < 0)
		return 0;

		HMAC_CTX_init(&hctx_tpl);
		hctx_tpl = HMAC_CTX_new();
		if (hctx_tpl == NULL)
		return 0;
		p = out;
		tkeylen = keylen;
		if (!pass)
		passlen = 0;
		else if (passlen == -1)
		passlen = strlen(pass);
		if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) {
		HMAC_CTX_cleanup(&hctx_tpl);
		if (!HMAC_Init_ex(hctx_tpl, pass, passlen, digest, NULL)) {
		HMAC_CTX_free(hctx_tpl);
		return 0;
		}
		hctx = HMAC_CTX_new();
		if (hctx == NULL) {
		HMAC_CTX_free(hctx_tpl);
		return 0;
		}
		while (tkeylen) {
		@@ -115,31 +122,33 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
		itmp[1] = (unsigned char)((i >> 16) & 0xff);
		itmp[2] = (unsigned char)((i >> 8) & 0xff);
		itmp[3] = (unsigned char)(i & 0xff);
		if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) {
		HMAC_CTX_cleanup(&hctx_tpl);
		if (!HMAC_CTX_copy(hctx, hctx_tpl)) {
		HMAC_CTX_free(hctx);
		HMAC_CTX_free(hctx_tpl);
		return 0;
		}
		if (!HMAC_Update(&hctx, salt, saltlen)
		\|\| !HMAC_Update(&hctx, itmp, 4)
		\|\| !HMAC_Final(&hctx, digtmp, NULL)) {
		HMAC_CTX_cleanup(&hctx_tpl);
		HMAC_CTX_cleanup(&hctx);
		if (!HMAC_Update(hctx, salt, saltlen)
		\|\| !HMAC_Update(hctx, itmp, 4)
		\|\| !HMAC_Final(hctx, digtmp, NULL)) {
		HMAC_CTX_free(hctx);
		HMAC_CTX_free(hctx_tpl);
		return 0;
		}
		HMAC_CTX_cleanup(&hctx);
		HMAC_CTX_cleanup(hctx);
		memcpy(p, digtmp, cplen);
		for (j = 1; j < iter; j++) {
		if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) {
		HMAC_CTX_cleanup(&hctx_tpl);
		if (!HMAC_CTX_copy(hctx, hctx_tpl)) {
		HMAC_CTX_free(hctx);
		HMAC_CTX_free(hctx_tpl);
		return 0;
		}
		if (!HMAC_Update(&hctx, digtmp, mdlen)
		\|\| !HMAC_Final(&hctx, digtmp, NULL)) {
		HMAC_CTX_cleanup(&hctx_tpl);
		HMAC_CTX_cleanup(&hctx);
		if (!HMAC_Update(hctx, digtmp, mdlen)
		\|\| !HMAC_Final(hctx, digtmp, NULL)) {
		HMAC_CTX_free(hctx);
		HMAC_CTX_free(hctx_tpl);
		return 0;
		}
		HMAC_CTX_cleanup(&hctx);
		HMAC_CTX_cleanup(hctx);
		for (k = 0; k < cplen; k++)
		p[k] ^= digtmp[k];
		}
		@@ -147,7 +156,8 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
		i++;
		p += cplen;
		}
		HMAC_CTX_cleanup(&hctx_tpl);
		HMAC_CTX_free(hctx);
		HMAC_CTX_free(hctx_tpl);
		# ifdef DEBUG_PKCS5V2
		fprintf(stderr, "Password:\n");
		h__dump(pass, passlen);

crypto/pkcs12/p12_mutl.c

+8 −8

Original line number	Diff line number	Diff line
		@@ -91,7 +91,7 @@ int PKCS12_gen_mac(PKCS12 p12, const char pass, int passlen,
		unsigned char mac, unsigned int maclen)
		{
		const EVP_MD *md_type;
		HMAC_CTX hmac = HMAC_CTX_EMPTY;
		HMAC_CTX *hmac = NULL;
		unsigned char key[EVP_MAX_MD_SIZE], *salt;
		int saltlen, iter;
		int md_size = 0;
		@@ -133,15 +133,15 @@ int PKCS12_gen_mac(PKCS12 p12, const char pass, int passlen,
		PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
		return 0;
		}
		HMAC_CTX_init(&hmac);
		if (!HMAC_Init_ex(&hmac, key, md_size, md_type, NULL)
		\|\| !HMAC_Update(&hmac, p12->authsafes->d.data->data,
		hmac = HMAC_CTX_new();
		if (!HMAC_Init_ex(hmac, key, md_size, md_type, NULL)
		\|\| !HMAC_Update(hmac, p12->authsafes->d.data->data,
		p12->authsafes->d.data->length)
		\|\| !HMAC_Final(&hmac, mac, maclen)) {
		HMAC_CTX_cleanup(&hmac);
		\|\| !HMAC_Final(hmac, mac, maclen)) {
		HMAC_CTX_free(hmac);
		return 0;
		}
		HMAC_CTX_cleanup(&hmac);
		HMAC_CTX_free(hmac);
		return 1;
		}

ssl/statem/statem_srvr.c

+8 −9

Original line number	Diff line number	Diff line
		@@ -3160,7 +3160,7 @@ int tls_construct_new_session_ticket(SSL *s)
		{
		unsigned char *senc = NULL;
		EVP_CIPHER_CTX ctx;
		HMAC_CTX hctx = HMAC_CTX_EMPTY;
		HMAC_CTX *hctx = NULL;
		unsigned char p, macstart;
		const unsigned char *const_p;
		int len, slen_full, slen;
		@@ -3187,7 +3187,7 @@ int tls_construct_new_session_ticket(SSL *s)
		}

		EVP_CIPHER_CTX_init(&ctx);
		HMAC_CTX_init(&hctx);
		hctx = HMAC_CTX_new();

		p = senc;
		if (!i2d_SSL_SESSION(s->session, &p))
		@@ -3233,8 +3233,7 @@ int tls_construct_new_session_ticket(SSL *s)
		* all the work otherwise use generated values from parent ctx.
		*/
		if (tctx->tlsext_ticket_key_cb) {
		if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
		&hctx, 1) < 0)
		if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, hctx, 1) < 0)
		goto err;
		} else {
		if (RAND_bytes(iv, 16) <= 0)
		@@ -3242,7 +3241,7 @@ int tls_construct_new_session_ticket(SSL *s)
		if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
		tctx->tlsext_tick_aes_key, iv))
		goto err;
		if (!HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
		if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, 16,
		EVP_sha256(), NULL))
		goto err;
		memcpy(key_name, tctx->tlsext_tick_key_name, 16);
		@@ -3272,13 +3271,13 @@ int tls_construct_new_session_ticket(SSL *s)
		goto err;
		p += len;

		if (!HMAC_Update(&hctx, macstart, p - macstart))
		if (!HMAC_Update(hctx, macstart, p - macstart))
		goto err;
		if (!HMAC_Final(&hctx, p, &hlen))
		if (!HMAC_Final(hctx, p, &hlen))
		goto err;

		EVP_CIPHER_CTX_cleanup(&ctx);
		HMAC_CTX_cleanup(&hctx);
		HMAC_CTX_free(hctx);

		p += hlen;
		/* Now write out lengths: p points to end of data written */
		@@ -3295,7 +3294,7 @@ int tls_construct_new_session_ticket(SSL *s)
		err:
		OPENSSL_free(senc);
		EVP_CIPHER_CTX_cleanup(&ctx);
		HMAC_CTX_cleanup(&hctx);
		HMAC_CTX_free(hctx);
		ossl_statem_set_error(s);
		return 0;
		}