/*-
- * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
#include <openssl/rand.h>
#include <openssl/evp.h>
-
-#include "crmf_local.h"
+#include <openssl/hmac.h>
/* explicit #includes not strictly needed since implied by the above: */
#include <openssl/asn1t.h>
#include <openssl/crmf.h>
#include <openssl/err.h>
-#include <openssl/evp.h>
#include <openssl/params.h>
#include <openssl/core_names.h>
+#include "internal/sizes.h"
+
+#include "crmf_local.h"
+
/*-
* creates and initializes OSSL_CRMF_PBMPARAMETER (section 4.4)
* |slen| SHOULD be at least 8 (16 is common)
*/
if ((salt = OPENSSL_malloc(slen)) == NULL)
goto err;
- if (RAND_bytes_ex(libctx, salt, (int)slen) <= 0) {
+ if (RAND_bytes_ex(libctx, salt, slen, 0) <= 0) {
ERR_raise(ERR_LIB_CRMF, CRMF_R_FAILURE_OBTAINING_RANDOM);
goto err;
}
* |msglen| length of the message
* |sec| key to use
* |seclen| length of the key
- * |mac| pointer to the computed mac, will be set on success
- * |maclen| if not NULL, will set variable to the length of the mac on success
+ * |out| pointer to the computed mac, will be set on success
+ * |outlen| if not NULL, will set variable to the length of the mac on success
* returns 1 on success, 0 on error
*/
-/* TODO try to combine with other MAC calculations in the libray */
int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq,
const OSSL_CRMF_PBMPARAMETER *pbmp,
const unsigned char *msg, size_t msglen,
unsigned char **out, size_t *outlen)
{
int mac_nid, hmac_md_nid = NID_undef;
- const char *mdname;
+ char mdname[OSSL_MAX_NAME_SIZE];
+ char hmac_mdname[OSSL_MAX_NAME_SIZE];
EVP_MD *owf = NULL;
EVP_MD_CTX *ctx = NULL;
unsigned char basekey[EVP_MAX_MD_SIZE];
int64_t iterations;
unsigned char *mac_res = 0;
int ok = 0;
- EVP_MAC *mac = NULL;
- EVP_MAC_CTX *mctx = NULL;
- OSSL_PARAM macparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
if (out == NULL || pbmp == NULL || pbmp->mac == NULL
|| pbmp->mac->algorithm == NULL || msg == NULL || sec == NULL) {
* compute the key used in the MAC process. All implementations MUST
* support SHA-1.
*/
- mdname = OBJ_nid2sn(OBJ_obj2nid(pbmp->owf->algorithm));
+ OBJ_obj2txt(mdname, sizeof(mdname), pbmp->owf->algorithm, 0);
if ((owf = EVP_MD_fetch(libctx, mdname, propq)) == NULL) {
ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_ALGORITHM);
goto err;
mac_nid = OBJ_obj2nid(pbmp->mac->algorithm);
if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, mac_nid, NULL, &hmac_md_nid, NULL)
- || (mdname = OBJ_nid2sn(hmac_md_nid)) == NULL) {
+ || OBJ_obj2txt(hmac_mdname, sizeof(hmac_mdname),
+ OBJ_nid2obj(hmac_md_nid), 0) <= 0) {
ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_ALGORITHM);
goto err;
}
-
- macparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
- (char *)mdname, 0);
- if ((mac = EVP_MAC_fetch(libctx, "HMAC", propq)) == NULL
- || (mctx = EVP_MAC_CTX_new(mac)) == NULL
- || !EVP_MAC_CTX_set_params(mctx, macparams)
- || !EVP_MAC_init(mctx, basekey, bklen, macparams)
- || !EVP_MAC_update(mctx, msg, msglen)
- || !EVP_MAC_final(mctx, mac_res, outlen, EVP_MAX_MD_SIZE))
+ if (EVP_Q_mac(libctx, "HMAC", propq, hmac_mdname, NULL, basekey, bklen,
+ msg, msglen, mac_res, EVP_MAX_MD_SIZE, outlen) == NULL)
goto err;
ok = 1;
err:
OPENSSL_cleanse(basekey, bklen);
- EVP_MAC_CTX_free(mctx);
- EVP_MAC_free(mac);
EVP_MD_free(owf);
EVP_MD_CTX_free(ctx);