Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
接近 2 年 前同步成功

通知 12
Star 18
Fork 1
T
Third Party Openssl
提交 bf7c6817 编写于 作者: R Richard Levitte
浏览文件
操作

Adapt the rest of the source to the opaque HMAC_CTX 

Reviewed-by: NRich Salz <rsalz@openssl.org>
上级 3f43aecc
隐藏空白更改
内联 并排
Showing with 118 addition and 92 deletion
apps/speed.c
浏览文件 @ bf7c6817
...@@ -1298,24 +1298,28 @@ int speed_main(int argc, char **argv) ...@@ -1298,24 +1298,28 @@ int speed_main(int argc, char **argv)
#if !defined(OPENSSL_NO_MD5) #if !defined(OPENSSL_NO_MD5)
if (doit[D_HMAC]) { if (doit[D_HMAC]) {
HMAC_CTX hctx = HMAC_CTX_EMPTY; HMAC_CTX *hctx = NULL;
HMAC_CTX_init(&hctx); hctx = HMAC_CTX_new();
HMAC_Init_ex(&hctx, (unsigned char *)"This is a key...", if (hctx == NULL) {
BIO_printf(bio_err, "HMAC malloc failure, exiting...");
exit(1);
}
HMAC_Init_ex(hctx, (unsigned char *)"This is a key...",
16, EVP_md5(), NULL); 16, EVP_md5(), NULL);
for (j = 0; j < SIZE_NUM; j++) { for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_HMAC], c[D_HMAC][j], lengths[j]); print_message(names[D_HMAC], c[D_HMAC][j], lengths[j]);
Time_F(START); Time_F(START);
for (count = 0, run = 1; COND(c[D_HMAC][j]); count++) { for (count = 0, run = 1; COND(c[D_HMAC][j]); count++) {
HMAC_Init_ex(&hctx, NULL, 0, NULL, NULL); HMAC_Init_ex(hctx, NULL, 0, NULL, NULL);
HMAC_Update(&hctx, buf, lengths[j]); HMAC_Update(hctx, buf, lengths[j]);
HMAC_Final(&hctx, &(hmac[0]), NULL); HMAC_Final(hctx, &(hmac[0]), NULL);
} }
d = Time_F(STOP); d = Time_F(STOP);
print_result(D_HMAC, j, count, d); print_result(D_HMAC, j, count, d);
} }
HMAC_CTX_cleanup(&hctx); HMAC_CTX_free(hctx);
} }
#endif #endif
if (doit[D_SHA1]) { if (doit[D_SHA1]) {
......
crypto/engine/eng_openssl.c
浏览文件 @ bf7c6817
...@@ -450,7 +450,7 @@ static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id, ...@@ -450,7 +450,7 @@ static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
typedef struct { typedef struct {
const EVP_MD *md; /* MD for HMAC use */ const EVP_MD *md; /* MD for HMAC use */
ASN1_OCTET_STRING ktmp; /* Temp storage for key */ ASN1_OCTET_STRING ktmp; /* Temp storage for key */
HMAC_CTX ctx; HMAC_CTX *ctx;
} OSSL_HMAC_PKEY_CTX; } OSSL_HMAC_PKEY_CTX;
static int ossl_hmac_init(EVP_PKEY_CTX *ctx) static int ossl_hmac_init(EVP_PKEY_CTX *ctx)
...@@ -461,7 +461,7 @@ static int ossl_hmac_init(EVP_PKEY_CTX *ctx) ...@@ -461,7 +461,7 @@ static int ossl_hmac_init(EVP_PKEY_CTX *ctx)
if (hctx == NULL) if (hctx == NULL)
return 0; return 0;
hctx->ktmp.type = V_ASN1_OCTET_STRING; hctx->ktmp.type = V_ASN1_OCTET_STRING;
HMAC_CTX_init(&hctx->ctx); hctx->ctx = HMAC_CTX_new();
EVP_PKEY_CTX_set_data(ctx, hctx); EVP_PKEY_CTX_set_data(ctx, hctx);
EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0); EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
# ifdef TEST_ENG_OPENSSL_HMAC_INIT # ifdef TEST_ENG_OPENSSL_HMAC_INIT
...@@ -478,9 +478,7 @@ static int ossl_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) ...@@ -478,9 +478,7 @@ static int ossl_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
sctx = EVP_PKEY_CTX_get_data(src); sctx = EVP_PKEY_CTX_get_data(src);
dctx = EVP_PKEY_CTX_get_data(dst); dctx = EVP_PKEY_CTX_get_data(dst);
dctx->md = sctx->md; dctx->md = sctx->md;
/* Because HMAC_CTX_copy does HMAC_CTX_init */ if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
HMAC_CTX_cleanup(&dctx->ctx);
if (!HMAC_CTX_copy(&dctx->ctx, &sctx->ctx))
return 0; return 0;
if (sctx->ktmp.data) { if (sctx->ktmp.data) {
if (!ASN1_OCTET_STRING_set(&dctx->ktmp, if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
...@@ -494,7 +492,7 @@ static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx) ...@@ -494,7 +492,7 @@ static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx)
{ {
OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx); OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
HMAC_CTX_cleanup(&hctx->ctx); HMAC_CTX_free(hctx->ctx);
OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length); OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length);
OPENSSL_free(hctx); OPENSSL_free(hctx);
} }
...@@ -515,8 +513,8 @@ static int ossl_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) ...@@ -515,8 +513,8 @@ static int ossl_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
static int ossl_int_update(EVP_MD_CTX *ctx, const void *data, size_t count) static int ossl_int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
{ {
OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx->pctx); OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_pkey_ctx(ctx));
if (!HMAC_Update(&hctx->ctx, data, count)) if (!HMAC_Update(hctx->ctx, data, count))
return 0; return 0;
return 1; return 1;
} }
...@@ -524,7 +522,7 @@ static int ossl_int_update(EVP_MD_CTX *ctx, const void *data, size_t count) ...@@ -524,7 +522,7 @@ static int ossl_int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
static int ossl_hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) static int ossl_hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
{ {
EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
mctx->update = ossl_int_update; EVP_MD_CTX_set_update_fn(mctx, ossl_int_update);
return 1; return 1;
} }
...@@ -541,7 +539,7 @@ static int ossl_hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, ...@@ -541,7 +539,7 @@ static int ossl_hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig,
if (!sig) if (!sig)
return 1; return 1;
if (!HMAC_Final(&hctx->ctx, sig, &hlen)) if (!HMAC_Final(hctx->ctx, sig, &hlen))
return 0; return 0;
*siglen = (size_t)hlen; *siglen = (size_t)hlen;
return 1; return 1;
...@@ -568,7 +566,7 @@ static int ossl_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) ...@@ -568,7 +566,7 @@ static int ossl_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
case EVP_PKEY_CTRL_DIGESTINIT: case EVP_PKEY_CTRL_DIGESTINIT:
pk = EVP_PKEY_CTX_get0_pkey(ctx); pk = EVP_PKEY_CTX_get0_pkey(ctx);
key = EVP_PKEY_get0(pk); key = EVP_PKEY_get0(pk);
if (!HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md, NULL)) if (!HMAC_Init_ex(hctx->ctx, key->data, key->length, hctx->md, NULL))
return 0; return 0;
break; break;
......
crypto/evp/p5_crpt2.c
浏览文件 @ bf7c6817
...@@ -85,21 +85,28 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, ...@@ -85,21 +85,28 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
int cplen, j, k, tkeylen, mdlen; int cplen, j, k, tkeylen, mdlen;
unsigned long i = 1; unsigned long i = 1;
HMAC_CTX hctx_tpl = HMAC_CTX_EMPTY, hctx = HMAC_CTX_EMPTY; HMAC_CTX *hctx_tpl = NULL, *hctx = NULL;
mdlen = EVP_MD_size(digest); mdlen = EVP_MD_size(digest);
if (mdlen < 0) if (mdlen < 0)
return 0; return 0;
HMAC_CTX_init(&hctx_tpl); hctx_tpl = HMAC_CTX_new();
if (hctx_tpl == NULL)
return 0;
p = out; p = out;
tkeylen = keylen; tkeylen = keylen;
if (!pass) if (!pass)
passlen = 0; passlen = 0;
else if (passlen == -1) else if (passlen == -1)
passlen = strlen(pass); passlen = strlen(pass);
if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) { if (!HMAC_Init_ex(hctx_tpl, pass, passlen, digest, NULL)) {
HMAC_CTX_cleanup(&hctx_tpl); HMAC_CTX_free(hctx_tpl);
return 0;
}
hctx = HMAC_CTX_new();
if (hctx == NULL) {
HMAC_CTX_free(hctx_tpl);
return 0; return 0;
} }
while (tkeylen) { while (tkeylen) {
...@@ -115,31 +122,33 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, ...@@ -115,31 +122,33 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
itmp[1] = (unsigned char)((i >> 16) & 0xff); itmp[1] = (unsigned char)((i >> 16) & 0xff);
itmp[2] = (unsigned char)((i >> 8) & 0xff); itmp[2] = (unsigned char)((i >> 8) & 0xff);
itmp[3] = (unsigned char)(i & 0xff); itmp[3] = (unsigned char)(i & 0xff);
if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { if (!HMAC_CTX_copy(hctx, hctx_tpl)) {
HMAC_CTX_cleanup(&hctx_tpl); HMAC_CTX_free(hctx);
HMAC_CTX_free(hctx_tpl);
return 0; return 0;
} }
if (!HMAC_Update(&hctx, salt, saltlen) if (!HMAC_Update(hctx, salt, saltlen)
|| !HMAC_Update(&hctx, itmp, 4) || !HMAC_Update(hctx, itmp, 4)
|| !HMAC_Final(&hctx, digtmp, NULL)) { || !HMAC_Final(hctx, digtmp, NULL)) {
HMAC_CTX_cleanup(&hctx_tpl); HMAC_CTX_free(hctx);
HMAC_CTX_cleanup(&hctx); HMAC_CTX_free(hctx_tpl);
return 0; return 0;
} }
HMAC_CTX_cleanup(&hctx); HMAC_CTX_cleanup(hctx);
memcpy(p, digtmp, cplen); memcpy(p, digtmp, cplen);
for (j = 1; j < iter; j++) { for (j = 1; j < iter; j++) {
if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { if (!HMAC_CTX_copy(hctx, hctx_tpl)) {
HMAC_CTX_cleanup(&hctx_tpl); HMAC_CTX_free(hctx);
HMAC_CTX_free(hctx_tpl);
return 0; return 0;
} }
if (!HMAC_Update(&hctx, digtmp, mdlen) if (!HMAC_Update(hctx, digtmp, mdlen)
|| !HMAC_Final(&hctx, digtmp, NULL)) { || !HMAC_Final(hctx, digtmp, NULL)) {
HMAC_CTX_cleanup(&hctx_tpl); HMAC_CTX_free(hctx);
HMAC_CTX_cleanup(&hctx); HMAC_CTX_free(hctx_tpl);
return 0; return 0;
} }
HMAC_CTX_cleanup(&hctx); HMAC_CTX_cleanup(hctx);
for (k = 0; k < cplen; k++) for (k = 0; k < cplen; k++)
p[k] ^= digtmp[k]; p[k] ^= digtmp[k];
} }
...@@ -147,7 +156,8 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, ...@@ -147,7 +156,8 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
i++; i++;
p += cplen; p += cplen;
} }
HMAC_CTX_cleanup(&hctx_tpl); HMAC_CTX_free(hctx);
HMAC_CTX_free(hctx_tpl);
# ifdef DEBUG_PKCS5V2 # ifdef DEBUG_PKCS5V2
fprintf(stderr, "Password:\n"); fprintf(stderr, "Password:\n");
h__dump(pass, passlen); h__dump(pass, passlen);
......
crypto/pkcs12/p12_mutl.c
浏览文件 @ bf7c6817
...@@ -59,7 +59,7 @@ ...@@ -59,7 +59,7 @@
# include <stdio.h> # include <stdio.h>
# include "internal/cryptlib.h" # include "internal/cryptlib.h"
#include <openssl/crypto.h> # include <openssl/crypto.h>
# include <openssl/hmac.h> # include <openssl/hmac.h>
# include <openssl/rand.h> # include <openssl/rand.h>
# include <openssl/pkcs12.h> # include <openssl/pkcs12.h>
...@@ -91,7 +91,7 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, ...@@ -91,7 +91,7 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
unsigned char *mac, unsigned int *maclen) unsigned char *mac, unsigned int *maclen)
{ {
const EVP_MD *md_type; const EVP_MD *md_type;
HMAC_CTX hmac = HMAC_CTX_EMPTY; HMAC_CTX *hmac = NULL;
unsigned char key[EVP_MAX_MD_SIZE], *salt; unsigned char key[EVP_MAX_MD_SIZE], *salt;
int saltlen, iter; int saltlen, iter;
int md_size = 0; int md_size = 0;
...@@ -133,15 +133,15 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, ...@@ -133,15 +133,15 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR); PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
return 0; return 0;
} }
HMAC_CTX_init(&hmac); hmac = HMAC_CTX_new();
if (!HMAC_Init_ex(&hmac, key, md_size, md_type, NULL) if (!HMAC_Init_ex(hmac, key, md_size, md_type, NULL)
|| !HMAC_Update(&hmac, p12->authsafes->d.data->data, || !HMAC_Update(hmac, p12->authsafes->d.data->data,
p12->authsafes->d.data->length) p12->authsafes->d.data->length)
|| !HMAC_Final(&hmac, mac, maclen)) { || !HMAC_Final(hmac, mac, maclen)) {
HMAC_CTX_cleanup(&hmac); HMAC_CTX_free(hmac);
return 0; return 0;
} }
HMAC_CTX_cleanup(&hmac); HMAC_CTX_free(hmac);
return 1; return 1;
} }
......
ssl/statem/statem_srvr.c
浏览文件 @ bf7c6817
...@@ -3160,7 +3160,7 @@ int tls_construct_new_session_ticket(SSL *s) ...@@ -3160,7 +3160,7 @@ int tls_construct_new_session_ticket(SSL *s)
{ {
unsigned char *senc = NULL; unsigned char *senc = NULL;
EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX ctx;
HMAC_CTX hctx = HMAC_CTX_EMPTY; HMAC_CTX *hctx = NULL;
unsigned char *p, *macstart; unsigned char *p, *macstart;
const unsigned char *const_p; const unsigned char *const_p;
int len, slen_full, slen; int len, slen_full, slen;
...@@ -3187,7 +3187,7 @@ int tls_construct_new_session_ticket(SSL *s) ...@@ -3187,7 +3187,7 @@ int tls_construct_new_session_ticket(SSL *s)
} }
EVP_CIPHER_CTX_init(&ctx); EVP_CIPHER_CTX_init(&ctx);
HMAC_CTX_init(&hctx); hctx = HMAC_CTX_new();
p = senc; p = senc;
if (!i2d_SSL_SESSION(s->session, &p)) if (!i2d_SSL_SESSION(s->session, &p))
...@@ -3233,8 +3233,7 @@ int tls_construct_new_session_ticket(SSL *s) ...@@ -3233,8 +3233,7 @@ int tls_construct_new_session_ticket(SSL *s)
* all the work otherwise use generated values from parent ctx. * all the work otherwise use generated values from parent ctx.
*/ */
if (tctx->tlsext_ticket_key_cb) { if (tctx->tlsext_ticket_key_cb) {
if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, hctx, 1) < 0)
&hctx, 1) < 0)
goto err; goto err;
} else { } else {
if (RAND_bytes(iv, 16) <= 0) if (RAND_bytes(iv, 16) <= 0)
...@@ -3242,7 +3241,7 @@ int tls_construct_new_session_ticket(SSL *s) ...@@ -3242,7 +3241,7 @@ int tls_construct_new_session_ticket(SSL *s)
if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
tctx->tlsext_tick_aes_key, iv)) tctx->tlsext_tick_aes_key, iv))
goto err; goto err;
if (!HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, 16,
EVP_sha256(), NULL)) EVP_sha256(), NULL))
goto err; goto err;
memcpy(key_name, tctx->tlsext_tick_key_name, 16); memcpy(key_name, tctx->tlsext_tick_key_name, 16);
...@@ -3272,13 +3271,13 @@ int tls_construct_new_session_ticket(SSL *s) ...@@ -3272,13 +3271,13 @@ int tls_construct_new_session_ticket(SSL *s)
goto err; goto err;
p += len; p += len;
if (!HMAC_Update(&hctx, macstart, p - macstart)) if (!HMAC_Update(hctx, macstart, p - macstart))
goto err; goto err;
if (!HMAC_Final(&hctx, p, &hlen)) if (!HMAC_Final(hctx, p, &hlen))
goto err; goto err;
EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_cleanup(&ctx);
HMAC_CTX_cleanup(&hctx); HMAC_CTX_free(hctx);
p += hlen; p += hlen;
/* Now write out lengths: p points to end of data written */ /* Now write out lengths: p points to end of data written */
...@@ -3295,7 +3294,7 @@ int tls_construct_new_session_ticket(SSL *s) ...@@ -3295,7 +3294,7 @@ int tls_construct_new_session_ticket(SSL *s)
err: err:
OPENSSL_free(senc); OPENSSL_free(senc);
EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_cleanup(&ctx);
HMAC_CTX_cleanup(&hctx); HMAC_CTX_free(hctx);
ossl_statem_set_error(s); ossl_statem_set_error(s);
return 0; return 0;
} }
......
ssl/t1_lib.c
浏览文件 @ bf7c6817
...@@ -3027,6 +3027,7 @@ end: ...@@ -3027,6 +3027,7 @@ end:
* point to the resulting session. * point to the resulting session.
* *
* Returns: * Returns:
* -2: fatal error, malloc failure.
* -1: fatal error, either from parsing or decrypting the ticket. * -1: fatal error, either from parsing or decrypting the ticket.
* 2: the ticket couldn't be decrypted. * 2: the ticket couldn't be decrypted.
* 3: a ticket was successfully decrypted and *psess was set. * 3: a ticket was successfully decrypted and *psess was set.
...@@ -3041,19 +3042,21 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, ...@@ -3041,19 +3042,21 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
const unsigned char *p; const unsigned char *p;
int slen, mlen, renew_ticket = 0; int slen, mlen, renew_ticket = 0;
unsigned char tick_hmac[EVP_MAX_MD_SIZE]; unsigned char tick_hmac[EVP_MAX_MD_SIZE];
HMAC_CTX hctx = HMAC_CTX_EMPTY; HMAC_CTX *hctx = NULL;
EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX ctx;
SSL_CTX *tctx = s->initial_ctx; SSL_CTX *tctx = s->initial_ctx;
/* Need at least keyname + iv + some encrypted data */ /* Need at least keyname + iv + some encrypted data */
if (eticklen < 48) if (eticklen < 48)
return 2; return 2;
/* Initialize session ticket encryption and HMAC contexts */ /* Initialize session ticket encryption and HMAC contexts */
HMAC_CTX_init(&hctx); hctx = HMAC_CTX_new();
if (hctx == NULL)
return -2;
EVP_CIPHER_CTX_init(&ctx); EVP_CIPHER_CTX_init(&ctx);
if (tctx->tlsext_ticket_key_cb) { if (tctx->tlsext_ticket_key_cb) {
unsigned char *nctick = (unsigned char *)etick; unsigned char *nctick = (unsigned char *)etick;
int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
&ctx, &hctx, 0); &ctx, hctx, 0);
if (rv < 0) if (rv < 0)
return -1; return -1;
if (rv == 0) if (rv == 0)
...@@ -3064,7 +3067,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, ...@@ -3064,7 +3067,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
/* Check key name matches */ /* Check key name matches */
if (memcmp(etick, tctx->tlsext_tick_key_name, 16)) if (memcmp(etick, tctx->tlsext_tick_key_name, 16))
return 2; return 2;
if (HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, if (HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, 16,
EVP_sha256(), NULL) <= 0 EVP_sha256(), NULL) <= 0
|| EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, || EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
tctx->tlsext_tick_aes_key, tctx->tlsext_tick_aes_key,
...@@ -3076,17 +3079,17 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, ...@@ -3076,17 +3079,17 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
* Attempt to process session ticket, first conduct sanity and integrity * Attempt to process session ticket, first conduct sanity and integrity
* checks on ticket. * checks on ticket.
*/ */
mlen = HMAC_size(&hctx); mlen = HMAC_size(hctx);
if (mlen < 0) { if (mlen < 0) {
goto err; goto err;
} }
eticklen -= mlen; eticklen -= mlen;
/* Check HMAC of encrypted ticket */ /* Check HMAC of encrypted ticket */
if (HMAC_Update(&hctx, etick, eticklen) <= 0 if (HMAC_Update(hctx, etick, eticklen) <= 0
|| HMAC_Final(&hctx, tick_hmac, NULL) <= 0) { || HMAC_Final(hctx, tick_hmac, NULL) <= 0) {
goto err; goto err;
} }
HMAC_CTX_cleanup(&hctx); HMAC_CTX_free(hctx);
if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) { if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) {
EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_cleanup(&ctx);
return 2; return 2;
...@@ -3135,7 +3138,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, ...@@ -3135,7 +3138,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
return 2; return 2;
err: err:
EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_cleanup(&ctx);
HMAC_CTX_cleanup(&hctx); HMAC_CTX_free(hctx);
return -1; return -1;
} }
......
test/hmactest.c
浏览文件 @ bf7c6817
...@@ -134,7 +134,7 @@ int main(int argc, char *argv[]) ...@@ -134,7 +134,7 @@ int main(int argc, char *argv[])
char *p; char *p;
# endif # endif
int err = 0; int err = 0;
HMAC_CTX ctx = HMAC_CTX_EMPTY, ctx2 = HMAC_CTX_EMPTY; HMAC_CTX *ctx = NULL, *ctx2 = NULL;
unsigned char buf[EVP_MAX_MD_SIZE]; unsigned char buf[EVP_MAX_MD_SIZE];
unsigned int len; unsigned int len;
...@@ -165,57 +165,62 @@ int main(int argc, char *argv[]) ...@@ -165,57 +165,62 @@ int main(int argc, char *argv[])
# endif /* OPENSSL_NO_MD5 */ # endif /* OPENSSL_NO_MD5 */
/* test4 */ /* test4 */
HMAC_CTX_init(&ctx); ctx = HMAC_CTX_new();
if (HMAC_Init_ex(&ctx, NULL, 0, NULL, NULL)) { if (ctx == NULL) {
printf("HMAC malloc failure (test 4)\n");
err++;
goto end;
}
if (HMAC_Init_ex(ctx, NULL, 0, NULL, NULL)) {
printf("Should fail to initialise HMAC with empty MD and key (test 4)\n"); printf("Should fail to initialise HMAC with empty MD and key (test 4)\n");
err++; err++;
goto test5; goto test5;
} }
if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) { if (HMAC_Update(ctx, test[4].data, test[4].data_len)) {
printf("Should fail HMAC_Update with ctx not set up (test 4)\n"); printf("Should fail HMAC_Update with ctx not set up (test 4)\n");
err++; err++;
goto test5; goto test5;
} }
if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha1(), NULL)) { if (HMAC_Init_ex(ctx, NULL, 0, EVP_sha1(), NULL)) {
printf("Should fail to initialise HMAC with empty key (test 4)\n"); printf("Should fail to initialise HMAC with empty key (test 4)\n");
err++; err++;
goto test5; goto test5;
} }
if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) { if (HMAC_Update(ctx, test[4].data, test[4].data_len)) {
printf("Should fail HMAC_Update with ctx not set up (test 4)\n"); printf("Should fail HMAC_Update with ctx not set up (test 4)\n");
err++; err++;
goto test5; goto test5;
} }
printf("test 4 ok\n"); printf("test 4 ok\n");
test5: test5:
HMAC_CTX_cleanup(&ctx); HMAC_CTX_cleanup(ctx);
HMAC_CTX_init(&ctx); HMAC_CTX_init(ctx);
if (HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, NULL, NULL)) { if (HMAC_Init_ex(ctx, test[4].key, test[4].key_len, NULL, NULL)) {
printf("Should fail to initialise HMAC with empty MD (test 5)\n"); printf("Should fail to initialise HMAC with empty MD (test 5)\n");
err++; err++;
goto test6; goto test6;
} }
if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) { if (HMAC_Update(ctx, test[4].data, test[4].data_len)) {
printf("Should fail HMAC_Update with ctx not set up (test 5)\n"); printf("Should fail HMAC_Update with ctx not set up (test 5)\n");
err++; err++;
goto test6; goto test6;
} }
if (HMAC_Init_ex(&ctx, test[4].key, -1, EVP_sha1(), NULL)) { if (HMAC_Init_ex(ctx, test[4].key, -1, EVP_sha1(), NULL)) {
printf("Should fail to initialise HMAC with invalid key len(test 5)\n"); printf("Should fail to initialise HMAC with invalid key len(test 5)\n");
err++; err++;
goto test6; goto test6;
} }
if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) { if (!HMAC_Init_ex(ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) {
printf("Failed to initialise HMAC (test 5)\n"); printf("Failed to initialise HMAC (test 5)\n");
err++; err++;
goto test6; goto test6;
} }
if (!HMAC_Update(&ctx, test[4].data, test[4].data_len)) { if (!HMAC_Update(ctx, test[4].data, test[4].data_len)) {
printf("Error updating HMAC with data (test 5)\n"); printf("Error updating HMAC with data (test 5)\n");
err++; err++;
goto test6; goto test6;
} }
if (!HMAC_Final(&ctx, buf, &len)) { if (!HMAC_Final(ctx, buf, &len)) {
printf("Error finalising data (test 5)\n"); printf("Error finalising data (test 5)\n");
err++; err++;
goto test6; goto test6;
...@@ -227,22 +232,22 @@ test5: ...@@ -227,22 +232,22 @@ test5:
err++; err++;
goto test6; goto test6;
} }
if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), NULL)) { if (HMAC_Init_ex(ctx, NULL, 0, EVP_sha256(), NULL)) {
printf("Should disallow changing MD without a new key (test 5)\n"); printf("Should disallow changing MD without a new key (test 5)\n");
err++; err++;
goto test6; goto test6;
} }
if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha256(), NULL)) { if (!HMAC_Init_ex(ctx, test[4].key, test[4].key_len, EVP_sha256(), NULL)) {
printf("Failed to reinitialise HMAC (test 5)\n"); printf("Failed to reinitialise HMAC (test 5)\n");
err++; err++;
goto test6; goto test6;
} }
if (!HMAC_Update(&ctx, test[5].data, test[5].data_len)) { if (!HMAC_Update(ctx, test[5].data, test[5].data_len)) {
printf("Error updating HMAC with data (sha256) (test 5)\n"); printf("Error updating HMAC with data (sha256) (test 5)\n");
err++; err++;
goto test6; goto test6;
} }
if (!HMAC_Final(&ctx, buf, &len)) { if (!HMAC_Final(ctx, buf, &len)) {
printf("Error finalising data (sha256) (test 5)\n"); printf("Error finalising data (sha256) (test 5)\n");
err++; err++;
goto test6; goto test6;
...@@ -254,17 +259,17 @@ test5: ...@@ -254,17 +259,17 @@ test5:
err++; err++;
goto test6; goto test6;
} }
if (!HMAC_Init_ex(&ctx, test[6].key, test[6].key_len, NULL, NULL)) { if (!HMAC_Init_ex(ctx, test[6].key, test[6].key_len, NULL, NULL)) {
printf("Failed to reinitialise HMAC with key (test 5)\n"); printf("Failed to reinitialise HMAC with key (test 5)\n");
err++; err++;
goto test6; goto test6;
} }
if (!HMAC_Update(&ctx, test[6].data, test[6].data_len)) { if (!HMAC_Update(ctx, test[6].data, test[6].data_len)) {
printf("Error updating HMAC with data (new key) (test 5)\n"); printf("Error updating HMAC with data (new key) (test 5)\n");
err++; err++;
goto test6; goto test6;
} }
if (!HMAC_Final(&ctx, buf, &len)) { if (!HMAC_Final(ctx, buf, &len)) {
printf("Error finalising data (new key) (test 5)\n"); printf("Error finalising data (new key) (test 5)\n");
err++; err++;
goto test6; goto test6;
...@@ -278,24 +283,30 @@ test5: ...@@ -278,24 +283,30 @@ test5:
printf("test 5 ok\n"); printf("test 5 ok\n");
} }
test6: test6:
HMAC_CTX_cleanup(&ctx); HMAC_CTX_cleanup(ctx);
HMAC_CTX_init(&ctx); HMAC_CTX_init(ctx);
if (!HMAC_Init_ex(&ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) { ctx2 = HMAC_CTX_new();
if (ctx2 == NULL) {
printf("HMAC malloc failure (test 6)\n");
err++;
goto end;
}
if (!HMAC_Init_ex(ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) {
printf("Failed to initialise HMAC (test 6)\n"); printf("Failed to initialise HMAC (test 6)\n");
err++; err++;
goto end; goto end;
} }
if (!HMAC_Update(&ctx, test[7].data, test[7].data_len)) { if (!HMAC_Update(ctx, test[7].data, test[7].data_len)) {
printf("Error updating HMAC with data (test 6)\n"); printf("Error updating HMAC with data (test 6)\n");
err++; err++;
goto end; goto end;
} }
if (!HMAC_CTX_copy(&ctx2, &ctx)) { if (!HMAC_CTX_copy(ctx2, ctx)) {
printf("Failed to copy HMAC_CTX (test 6)\n"); printf("Failed to copy HMAC_CTX (test 6)\n");
err++; err++;
goto end; goto end;
} }
if (!HMAC_Final(&ctx2, buf, &len)) { if (!HMAC_Final(ctx2, buf, &len)) {
printf("Error finalising data (test 6)\n"); printf("Error finalising data (test 6)\n");
err++; err++;
goto end; goto end;
...@@ -309,7 +320,8 @@ test6: ...@@ -309,7 +320,8 @@ test6:
printf("test 6 ok\n"); printf("test 6 ok\n");
} }
end: end:
HMAC_CTX_cleanup(&ctx); HMAC_CTX_free(ctx2);
HMAC_CTX_free(ctx);
EXIT(err); EXIT(err);
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册