X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fhmac%2Fhmac.c;h=a94550a37a96ced3c5266572ac1f94e5c67e70d5;hp=7028a9dc29f87ea618d111f519aee0cf656738af;hb=b1558c0bc895afd93170378053bae800efacee1e;hpb=73e45b2dd127b10d6259203082fe2b49aa268986 diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index 7028a9dc29..a94550a37a 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -1,218 +1,252 @@ -/* crypto/hmac/hmac.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ - - #include #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include +#include +#include "hmac_local.h" int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - const EVP_MD *md, ENGINE *impl) - { - int i,j,reset=0; - unsigned char pad[HMAC_MAX_MD_CBLOCK]; - - if (md != NULL) - { - reset=1; - ctx->md=md; - } - else - md=ctx->md; - - if (key != NULL) - { - reset=1; - j=M_EVP_MD_block_size(md); - OPENSSL_assert(j <= (int)sizeof(ctx->key)); - if (j < len) - { - if (!EVP_DigestInit_ex(&ctx->md_ctx,md, impl)) - goto err; - if (!EVP_DigestUpdate(&ctx->md_ctx,key,len)) - goto err; - if (!EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key, - &ctx->key_length)) - goto err; - } - else - { - OPENSSL_assert(len>=0 && len<=(int)sizeof(ctx->key)); - memcpy(ctx->key,key,len); - ctx->key_length=len; - } - if(ctx->key_length != HMAC_MAX_MD_CBLOCK) - memset(&ctx->key[ctx->key_length], 0, - HMAC_MAX_MD_CBLOCK - ctx->key_length); - } - - if (reset) - { - for (i=0; ikey[i]; - if (!EVP_DigestInit_ex(&ctx->i_ctx,md, impl)) - goto err; - if (!EVP_DigestUpdate(&ctx->i_ctx,pad,M_EVP_MD_block_size(md))) - goto err; - - for (i=0; ikey[i]; - if (!EVP_DigestInit_ex(&ctx->o_ctx,md, impl)) - goto err; - if (!EVP_DigestUpdate(&ctx->o_ctx,pad,M_EVP_MD_block_size(md))) - goto err; - } - if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx)) - goto err; - return 1; - err: - return 0; - } - + const EVP_MD *md, ENGINE *impl) +{ + int rv = 0, reset = 0; + int i, j; + unsigned char pad[HMAC_MAX_MD_CBLOCK_SIZE]; + unsigned int keytmp_length; + unsigned char keytmp[HMAC_MAX_MD_CBLOCK_SIZE]; + + /* If we are changing MD then we must have a key */ + if (md != NULL && md != ctx->md && (key == NULL || len < 0)) + return 0; + + if (md != NULL) { + ctx->md = md; + } else if (ctx->md) { + md = ctx->md; + } else { + return 0; + } + + /* + * The HMAC construction is not allowed to be used with the + * extendable-output functions (XOF) shake128 and shake256. + */ + if ((EVP_MD_flags(md) & EVP_MD_FLAG_XOF) != 0) + return 0; + + if (key != NULL) { + reset = 1; + + j = EVP_MD_block_size(md); + if (!ossl_assert(j <= (int)sizeof(keytmp))) + return 0; + if (j < len) { + if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl) + || !EVP_DigestUpdate(ctx->md_ctx, key, len) + || !EVP_DigestFinal_ex(ctx->md_ctx, keytmp, + &keytmp_length)) + return 0; + } else { + if (len < 0 || len > (int)sizeof(keytmp)) + return 0; + memcpy(keytmp, key, len); + keytmp_length = len; + } + if (keytmp_length != HMAC_MAX_MD_CBLOCK_SIZE) + memset(&keytmp[keytmp_length], 0, + HMAC_MAX_MD_CBLOCK_SIZE - keytmp_length); + + for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++) + pad[i] = 0x36 ^ keytmp[i]; + if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl) + || !EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md))) + goto err; + + for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++) + pad[i] = 0x5c ^ keytmp[i]; + if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl) + || !EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md))) + goto err; + } + if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->i_ctx)) + goto err; + rv = 1; + err: + if (reset) { + OPENSSL_cleanse(keytmp, sizeof(keytmp)); + OPENSSL_cleanse(pad, sizeof(pad)); + } + return rv; +} + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md) - { - if(key && md) - HMAC_CTX_init(ctx); - return HMAC_Init_ex(ctx,key,len,md, NULL); - } +{ + if (key && md) + HMAC_CTX_reset(ctx); + return HMAC_Init_ex(ctx, key, len, md, NULL); +} +#endif int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) - { - return EVP_DigestUpdate(&ctx->md_ctx,data,len); - } +{ + if (!ctx->md) + return 0; + return EVP_DigestUpdate(ctx->md_ctx, data, len); +} int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) - { - unsigned int i; - unsigned char buf[EVP_MAX_MD_SIZE]; - - if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i)) - goto err; - if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx)) - goto err; - if (!EVP_DigestUpdate(&ctx->md_ctx,buf,i)) - goto err; - if (!EVP_DigestFinal_ex(&ctx->md_ctx,md,len)) - goto err; - return 1; - err: - return 0; - } - -void HMAC_CTX_init(HMAC_CTX *ctx) - { - EVP_MD_CTX_init(&ctx->i_ctx); - EVP_MD_CTX_init(&ctx->o_ctx); - EVP_MD_CTX_init(&ctx->md_ctx); - } +{ + unsigned int i; + unsigned char buf[EVP_MAX_MD_SIZE]; + + if (!ctx->md) + goto err; + + if (!EVP_DigestFinal_ex(ctx->md_ctx, buf, &i)) + goto err; + if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->o_ctx)) + goto err; + if (!EVP_DigestUpdate(ctx->md_ctx, buf, i)) + goto err; + if (!EVP_DigestFinal_ex(ctx->md_ctx, md, len)) + goto err; + return 1; + err: + return 0; +} + +size_t HMAC_size(const HMAC_CTX *ctx) +{ + int size = EVP_MD_size((ctx)->md); + + return (size < 0) ? 0 : size; +} + +HMAC_CTX *HMAC_CTX_new(void) +{ + HMAC_CTX *ctx = OPENSSL_zalloc(sizeof(HMAC_CTX)); + + if (ctx != NULL) { + if (!HMAC_CTX_reset(ctx)) { + HMAC_CTX_free(ctx); + return NULL; + } + } + return ctx; +} + +static void hmac_ctx_cleanup(HMAC_CTX *ctx) +{ + EVP_MD_CTX_reset(ctx->i_ctx); + EVP_MD_CTX_reset(ctx->o_ctx); + EVP_MD_CTX_reset(ctx->md_ctx); + ctx->md = NULL; +} + +void HMAC_CTX_free(HMAC_CTX *ctx) +{ + if (ctx != NULL) { + hmac_ctx_cleanup(ctx); + EVP_MD_CTX_free(ctx->i_ctx); + EVP_MD_CTX_free(ctx->o_ctx); + EVP_MD_CTX_free(ctx->md_ctx); + OPENSSL_free(ctx); + } +} + +static int hmac_ctx_alloc_mds(HMAC_CTX *ctx) +{ + if (ctx->i_ctx == NULL) + ctx->i_ctx = EVP_MD_CTX_new(); + if (ctx->i_ctx == NULL) + return 0; + if (ctx->o_ctx == NULL) + ctx->o_ctx = EVP_MD_CTX_new(); + if (ctx->o_ctx == NULL) + return 0; + if (ctx->md_ctx == NULL) + ctx->md_ctx = EVP_MD_CTX_new(); + if (ctx->md_ctx == NULL) + return 0; + return 1; +} + +int HMAC_CTX_reset(HMAC_CTX *ctx) +{ + hmac_ctx_cleanup(ctx); + if (!hmac_ctx_alloc_mds(ctx)) { + hmac_ctx_cleanup(ctx); + return 0; + } + return 1; +} int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx) - { - HMAC_CTX_init(dctx); - if (!EVP_MD_CTX_copy_ex(&dctx->i_ctx, &sctx->i_ctx)) - goto err; - if (!EVP_MD_CTX_copy_ex(&dctx->o_ctx, &sctx->o_ctx)) - goto err; - if (!EVP_MD_CTX_copy_ex(&dctx->md_ctx, &sctx->md_ctx)) - goto err; - memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK); - dctx->key_length = sctx->key_length; - dctx->md = sctx->md; - return 1; - err: - return 0; - } - -void HMAC_CTX_cleanup(HMAC_CTX *ctx) - { - EVP_MD_CTX_cleanup(&ctx->i_ctx); - EVP_MD_CTX_cleanup(&ctx->o_ctx); - EVP_MD_CTX_cleanup(&ctx->md_ctx); - memset(ctx,0,sizeof *ctx); - } +{ + if (!hmac_ctx_alloc_mds(dctx)) + goto err; + if (!EVP_MD_CTX_copy_ex(dctx->i_ctx, sctx->i_ctx)) + goto err; + if (!EVP_MD_CTX_copy_ex(dctx->o_ctx, sctx->o_ctx)) + goto err; + if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx)) + goto err; + dctx->md = sctx->md; + return 1; + err: + hmac_ctx_cleanup(dctx); + return 0; +} unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, - const unsigned char *d, size_t n, unsigned char *md, - unsigned int *md_len) - { - HMAC_CTX c; - static unsigned char m[EVP_MAX_MD_SIZE]; - - if (md == NULL) md=m; - HMAC_CTX_init(&c); - if (!HMAC_Init(&c,key,key_len,evp_md)) - goto err; - if (!HMAC_Update(&c,d,n)) - goto err; - if (!HMAC_Final(&c,md,md_len)) - goto err; - HMAC_CTX_cleanup(&c); - return md; - err: - return NULL; - } + const unsigned char *d, size_t n, unsigned char *md, + unsigned int *md_len) +{ + HMAC_CTX *c = NULL; + static unsigned char m[EVP_MAX_MD_SIZE]; + static const unsigned char dummy_key[1] = {'\0'}; + + if (md == NULL) + md = m; + if ((c = HMAC_CTX_new()) == NULL) + goto err; + + /* For HMAC_Init_ex, NULL key signals reuse. */ + if (key == NULL && key_len == 0) { + key = dummy_key; + } + + if (!HMAC_Init_ex(c, key, key_len, evp_md, NULL)) + goto err; + if (!HMAC_Update(c, d, n)) + goto err; + if (!HMAC_Final(c, md, md_len)) + goto err; + HMAC_CTX_free(c); + return md; + err: + HMAC_CTX_free(c); + return NULL; +} void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) - { - M_EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); - M_EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); - M_EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); - } +{ + EVP_MD_CTX_set_flags(ctx->i_ctx, flags); + EVP_MD_CTX_set_flags(ctx->o_ctx, flags); + EVP_MD_CTX_set_flags(ctx->md_ctx, flags); +} + +const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx) +{ + return ctx->md; +}