#if !defined(OPENSSL_NO_MD5)
if (doit[D_HMAC]) {
- HMAC_CTX hctx = HMAC_CTX_EMPTY;
+ HMAC_CTX *hctx = NULL;
- HMAC_CTX_init(&hctx);
- HMAC_Init_ex(&hctx, (unsigned char *)"This is a key...",
+ hctx = HMAC_CTX_new();
+ if (hctx == NULL) {
+ BIO_printf(bio_err, "HMAC malloc failure, exiting...");
+ exit(1);
+ }
+ HMAC_Init_ex(hctx, (unsigned char *)"This is a key...",
16, EVP_md5(), NULL);
for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_HMAC], c[D_HMAC][j], lengths[j]);
Time_F(START);
for (count = 0, run = 1; COND(c[D_HMAC][j]); count++) {
- HMAC_Init_ex(&hctx, NULL, 0, NULL, NULL);
- HMAC_Update(&hctx, buf, lengths[j]);
- HMAC_Final(&hctx, &(hmac[0]), NULL);
+ HMAC_Init_ex(hctx, NULL, 0, NULL, NULL);
+ HMAC_Update(hctx, buf, lengths[j]);
+ HMAC_Final(hctx, &(hmac[0]), NULL);
}
d = Time_F(STOP);
print_result(D_HMAC, j, count, d);
}
- HMAC_CTX_cleanup(&hctx);
+ HMAC_CTX_free(hctx);
}
#endif
if (doit[D_SHA1]) {
typedef struct {
const EVP_MD *md; /* MD for HMAC use */
ASN1_OCTET_STRING ktmp; /* Temp storage for key */
- HMAC_CTX ctx;
+ HMAC_CTX *ctx;
} OSSL_HMAC_PKEY_CTX;
static int ossl_hmac_init(EVP_PKEY_CTX *ctx)
if (hctx == NULL)
return 0;
hctx->ktmp.type = V_ASN1_OCTET_STRING;
- HMAC_CTX_init(&hctx->ctx);
+ hctx->ctx = HMAC_CTX_new();
EVP_PKEY_CTX_set_data(ctx, hctx);
EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
# ifdef TEST_ENG_OPENSSL_HMAC_INIT
sctx = EVP_PKEY_CTX_get_data(src);
dctx = EVP_PKEY_CTX_get_data(dst);
dctx->md = sctx->md;
- /* Because HMAC_CTX_copy does HMAC_CTX_init */
- HMAC_CTX_cleanup(&dctx->ctx);
- if (!HMAC_CTX_copy(&dctx->ctx, &sctx->ctx))
+ if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
return 0;
if (sctx->ktmp.data) {
if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
{
OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
- HMAC_CTX_cleanup(&hctx->ctx);
+ HMAC_CTX_free(hctx->ctx);
OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length);
OPENSSL_free(hctx);
}
static int ossl_int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
{
- OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx->pctx);
- if (!HMAC_Update(&hctx->ctx, data, count))
+ OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_pkey_ctx(ctx));
+ if (!HMAC_Update(hctx->ctx, data, count))
return 0;
return 1;
}
static int ossl_hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
{
EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
- mctx->update = ossl_int_update;
+ EVP_MD_CTX_set_update_fn(mctx, ossl_int_update);
return 1;
}
if (!sig)
return 1;
- if (!HMAC_Final(&hctx->ctx, sig, &hlen))
+ if (!HMAC_Final(hctx->ctx, sig, &hlen))
return 0;
*siglen = (size_t)hlen;
return 1;
case EVP_PKEY_CTRL_DIGESTINIT:
pk = EVP_PKEY_CTX_get0_pkey(ctx);
key = EVP_PKEY_get0(pk);
- if (!HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md, NULL))
+ if (!HMAC_Init_ex(hctx->ctx, key->data, key->length, hctx->md, NULL))
return 0;
break;
unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
int cplen, j, k, tkeylen, mdlen;
unsigned long i = 1;
- HMAC_CTX hctx_tpl = HMAC_CTX_EMPTY, hctx = HMAC_CTX_EMPTY;
+ HMAC_CTX *hctx_tpl = NULL, *hctx = NULL;
mdlen = EVP_MD_size(digest);
if (mdlen < 0)
return 0;
- HMAC_CTX_init(&hctx_tpl);
+ hctx_tpl = HMAC_CTX_new();
+ if (hctx_tpl == NULL)
+ return 0;
p = out;
tkeylen = keylen;
if (!pass)
passlen = 0;
else if (passlen == -1)
passlen = strlen(pass);
- if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) {
- HMAC_CTX_cleanup(&hctx_tpl);
+ if (!HMAC_Init_ex(hctx_tpl, pass, passlen, digest, NULL)) {
+ HMAC_CTX_free(hctx_tpl);
+ return 0;
+ }
+ hctx = HMAC_CTX_new();
+ if (hctx == NULL) {
+ HMAC_CTX_free(hctx_tpl);
return 0;
}
while (tkeylen) {
itmp[1] = (unsigned char)((i >> 16) & 0xff);
itmp[2] = (unsigned char)((i >> 8) & 0xff);
itmp[3] = (unsigned char)(i & 0xff);
- if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) {
- HMAC_CTX_cleanup(&hctx_tpl);
+ if (!HMAC_CTX_copy(hctx, hctx_tpl)) {
+ HMAC_CTX_free(hctx);
+ HMAC_CTX_free(hctx_tpl);
return 0;
}
- if (!HMAC_Update(&hctx, salt, saltlen)
- || !HMAC_Update(&hctx, itmp, 4)
- || !HMAC_Final(&hctx, digtmp, NULL)) {
- HMAC_CTX_cleanup(&hctx_tpl);
- HMAC_CTX_cleanup(&hctx);
+ if (!HMAC_Update(hctx, salt, saltlen)
+ || !HMAC_Update(hctx, itmp, 4)
+ || !HMAC_Final(hctx, digtmp, NULL)) {
+ HMAC_CTX_free(hctx);
+ HMAC_CTX_free(hctx_tpl);
return 0;
}
- HMAC_CTX_cleanup(&hctx);
+ HMAC_CTX_cleanup(hctx);
memcpy(p, digtmp, cplen);
for (j = 1; j < iter; j++) {
- if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) {
- HMAC_CTX_cleanup(&hctx_tpl);
+ if (!HMAC_CTX_copy(hctx, hctx_tpl)) {
+ HMAC_CTX_free(hctx);
+ HMAC_CTX_free(hctx_tpl);
return 0;
}
- if (!HMAC_Update(&hctx, digtmp, mdlen)
- || !HMAC_Final(&hctx, digtmp, NULL)) {
- HMAC_CTX_cleanup(&hctx_tpl);
- HMAC_CTX_cleanup(&hctx);
+ if (!HMAC_Update(hctx, digtmp, mdlen)
+ || !HMAC_Final(hctx, digtmp, NULL)) {
+ HMAC_CTX_free(hctx);
+ HMAC_CTX_free(hctx_tpl);
return 0;
}
- HMAC_CTX_cleanup(&hctx);
+ HMAC_CTX_cleanup(hctx);
for (k = 0; k < cplen; k++)
p[k] ^= digtmp[k];
}
i++;
p += cplen;
}
- HMAC_CTX_cleanup(&hctx_tpl);
+ HMAC_CTX_free(hctx);
+ HMAC_CTX_free(hctx_tpl);
# ifdef DEBUG_PKCS5V2
fprintf(stderr, "Password:\n");
h__dump(pass, passlen);
# include <stdio.h>
# include "internal/cryptlib.h"
-#include <openssl/crypto.h>
+# include <openssl/crypto.h>
# include <openssl/hmac.h>
# include <openssl/rand.h>
# include <openssl/pkcs12.h>
unsigned char *mac, unsigned int *maclen)
{
const EVP_MD *md_type;
- HMAC_CTX hmac = HMAC_CTX_EMPTY;
+ HMAC_CTX *hmac = NULL;
unsigned char key[EVP_MAX_MD_SIZE], *salt;
int saltlen, iter;
int md_size = 0;
PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
return 0;
}
- HMAC_CTX_init(&hmac);
- if (!HMAC_Init_ex(&hmac, key, md_size, md_type, NULL)
- || !HMAC_Update(&hmac, p12->authsafes->d.data->data,
+ hmac = HMAC_CTX_new();
+ if (!HMAC_Init_ex(hmac, key, md_size, md_type, NULL)
+ || !HMAC_Update(hmac, p12->authsafes->d.data->data,
p12->authsafes->d.data->length)
- || !HMAC_Final(&hmac, mac, maclen)) {
- HMAC_CTX_cleanup(&hmac);
+ || !HMAC_Final(hmac, mac, maclen)) {
+ HMAC_CTX_free(hmac);
return 0;
}
- HMAC_CTX_cleanup(&hmac);
+ HMAC_CTX_free(hmac);
return 1;
}
{
unsigned char *senc = NULL;
EVP_CIPHER_CTX ctx;
- HMAC_CTX hctx = HMAC_CTX_EMPTY;
+ HMAC_CTX *hctx = NULL;
unsigned char *p, *macstart;
const unsigned char *const_p;
int len, slen_full, slen;
}
EVP_CIPHER_CTX_init(&ctx);
- HMAC_CTX_init(&hctx);
+ hctx = HMAC_CTX_new();
p = senc;
if (!i2d_SSL_SESSION(s->session, &p))
* all the work otherwise use generated values from parent ctx.
*/
if (tctx->tlsext_ticket_key_cb) {
- if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
- &hctx, 1) < 0)
+ if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, hctx, 1) < 0)
goto err;
} else {
if (RAND_bytes(iv, 16) <= 0)
if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
tctx->tlsext_tick_aes_key, iv))
goto err;
- if (!HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
+ if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, 16,
EVP_sha256(), NULL))
goto err;
memcpy(key_name, tctx->tlsext_tick_key_name, 16);
goto err;
p += len;
- if (!HMAC_Update(&hctx, macstart, p - macstart))
+ if (!HMAC_Update(hctx, macstart, p - macstart))
goto err;
- if (!HMAC_Final(&hctx, p, &hlen))
+ if (!HMAC_Final(hctx, p, &hlen))
goto err;
EVP_CIPHER_CTX_cleanup(&ctx);
- HMAC_CTX_cleanup(&hctx);
+ HMAC_CTX_free(hctx);
p += hlen;
/* Now write out lengths: p points to end of data written */
err:
OPENSSL_free(senc);
EVP_CIPHER_CTX_cleanup(&ctx);
- HMAC_CTX_cleanup(&hctx);
+ HMAC_CTX_free(hctx);
ossl_statem_set_error(s);
return 0;
}
* point to the resulting session.
*
* Returns:
+ * -2: fatal error, malloc failure.
* -1: fatal error, either from parsing or decrypting the ticket.
* 2: the ticket couldn't be decrypted.
* 3: a ticket was successfully decrypted and *psess was set.
const unsigned char *p;
int slen, mlen, renew_ticket = 0;
unsigned char tick_hmac[EVP_MAX_MD_SIZE];
- HMAC_CTX hctx = HMAC_CTX_EMPTY;
+ HMAC_CTX *hctx = NULL;
EVP_CIPHER_CTX ctx;
SSL_CTX *tctx = s->initial_ctx;
/* Need at least keyname + iv + some encrypted data */
if (eticklen < 48)
return 2;
/* Initialize session ticket encryption and HMAC contexts */
- HMAC_CTX_init(&hctx);
+ hctx = HMAC_CTX_new();
+ if (hctx == NULL)
+ return -2;
EVP_CIPHER_CTX_init(&ctx);
if (tctx->tlsext_ticket_key_cb) {
unsigned char *nctick = (unsigned char *)etick;
int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
- &ctx, &hctx, 0);
+ &ctx, hctx, 0);
if (rv < 0)
return -1;
if (rv == 0)
/* Check key name matches */
if (memcmp(etick, tctx->tlsext_tick_key_name, 16))
return 2;
- if (HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
+ if (HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, 16,
EVP_sha256(), NULL) <= 0
|| EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
tctx->tlsext_tick_aes_key,
* Attempt to process session ticket, first conduct sanity and integrity
* checks on ticket.
*/
- mlen = HMAC_size(&hctx);
+ mlen = HMAC_size(hctx);
if (mlen < 0) {
goto err;
}
eticklen -= mlen;
/* Check HMAC of encrypted ticket */
- if (HMAC_Update(&hctx, etick, eticklen) <= 0
- || HMAC_Final(&hctx, tick_hmac, NULL) <= 0) {
+ if (HMAC_Update(hctx, etick, eticklen) <= 0
+ || HMAC_Final(hctx, tick_hmac, NULL) <= 0) {
goto err;
}
- HMAC_CTX_cleanup(&hctx);
+ HMAC_CTX_free(hctx);
if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) {
EVP_CIPHER_CTX_cleanup(&ctx);
return 2;
return 2;
err:
EVP_CIPHER_CTX_cleanup(&ctx);
- HMAC_CTX_cleanup(&hctx);
+ HMAC_CTX_free(hctx);
return -1;
}
char *p;
# endif
int err = 0;
- HMAC_CTX ctx = HMAC_CTX_EMPTY, ctx2 = HMAC_CTX_EMPTY;
+ HMAC_CTX *ctx = NULL, *ctx2 = NULL;
unsigned char buf[EVP_MAX_MD_SIZE];
unsigned int len;
# endif /* OPENSSL_NO_MD5 */
/* test4 */
- HMAC_CTX_init(&ctx);
- if (HMAC_Init_ex(&ctx, NULL, 0, NULL, NULL)) {
+ ctx = HMAC_CTX_new();
+ if (ctx == NULL) {
+ printf("HMAC malloc failure (test 4)\n");
+ err++;
+ goto end;
+ }
+ if (HMAC_Init_ex(ctx, NULL, 0, NULL, NULL)) {
printf("Should fail to initialise HMAC with empty MD and key (test 4)\n");
err++;
goto test5;
}
- if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
+ if (HMAC_Update(ctx, test[4].data, test[4].data_len)) {
printf("Should fail HMAC_Update with ctx not set up (test 4)\n");
err++;
goto test5;
}
- if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha1(), NULL)) {
+ if (HMAC_Init_ex(ctx, NULL, 0, EVP_sha1(), NULL)) {
printf("Should fail to initialise HMAC with empty key (test 4)\n");
err++;
goto test5;
}
- if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
+ if (HMAC_Update(ctx, test[4].data, test[4].data_len)) {
printf("Should fail HMAC_Update with ctx not set up (test 4)\n");
err++;
goto test5;
}
printf("test 4 ok\n");
test5:
- HMAC_CTX_cleanup(&ctx);
- HMAC_CTX_init(&ctx);
- if (HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, NULL, NULL)) {
+ HMAC_CTX_cleanup(ctx);
+ HMAC_CTX_init(ctx);
+ if (HMAC_Init_ex(ctx, test[4].key, test[4].key_len, NULL, NULL)) {
printf("Should fail to initialise HMAC with empty MD (test 5)\n");
err++;
goto test6;
}
- if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
+ if (HMAC_Update(ctx, test[4].data, test[4].data_len)) {
printf("Should fail HMAC_Update with ctx not set up (test 5)\n");
err++;
goto test6;
}
- if (HMAC_Init_ex(&ctx, test[4].key, -1, EVP_sha1(), NULL)) {
+ if (HMAC_Init_ex(ctx, test[4].key, -1, EVP_sha1(), NULL)) {
printf("Should fail to initialise HMAC with invalid key len(test 5)\n");
err++;
goto test6;
}
- if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) {
+ if (!HMAC_Init_ex(ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) {
printf("Failed to initialise HMAC (test 5)\n");
err++;
goto test6;
}
- if (!HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
+ if (!HMAC_Update(ctx, test[4].data, test[4].data_len)) {
printf("Error updating HMAC with data (test 5)\n");
err++;
goto test6;
}
- if (!HMAC_Final(&ctx, buf, &len)) {
+ if (!HMAC_Final(ctx, buf, &len)) {
printf("Error finalising data (test 5)\n");
err++;
goto test6;
err++;
goto test6;
}
- if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), NULL)) {
+ if (HMAC_Init_ex(ctx, NULL, 0, EVP_sha256(), NULL)) {
printf("Should disallow changing MD without a new key (test 5)\n");
err++;
goto test6;
}
- if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha256(), NULL)) {
+ if (!HMAC_Init_ex(ctx, test[4].key, test[4].key_len, EVP_sha256(), NULL)) {
printf("Failed to reinitialise HMAC (test 5)\n");
err++;
goto test6;
}
- if (!HMAC_Update(&ctx, test[5].data, test[5].data_len)) {
+ if (!HMAC_Update(ctx, test[5].data, test[5].data_len)) {
printf("Error updating HMAC with data (sha256) (test 5)\n");
err++;
goto test6;
}
- if (!HMAC_Final(&ctx, buf, &len)) {
+ if (!HMAC_Final(ctx, buf, &len)) {
printf("Error finalising data (sha256) (test 5)\n");
err++;
goto test6;
err++;
goto test6;
}
- if (!HMAC_Init_ex(&ctx, test[6].key, test[6].key_len, NULL, NULL)) {
+ if (!HMAC_Init_ex(ctx, test[6].key, test[6].key_len, NULL, NULL)) {
printf("Failed to reinitialise HMAC with key (test 5)\n");
err++;
goto test6;
}
- if (!HMAC_Update(&ctx, test[6].data, test[6].data_len)) {
+ if (!HMAC_Update(ctx, test[6].data, test[6].data_len)) {
printf("Error updating HMAC with data (new key) (test 5)\n");
err++;
goto test6;
}
- if (!HMAC_Final(&ctx, buf, &len)) {
+ if (!HMAC_Final(ctx, buf, &len)) {
printf("Error finalising data (new key) (test 5)\n");
err++;
goto test6;
printf("test 5 ok\n");
}
test6:
- HMAC_CTX_cleanup(&ctx);
- HMAC_CTX_init(&ctx);
- if (!HMAC_Init_ex(&ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) {
+ HMAC_CTX_cleanup(ctx);
+ HMAC_CTX_init(ctx);
+ ctx2 = HMAC_CTX_new();
+ if (ctx2 == NULL) {
+ printf("HMAC malloc failure (test 6)\n");
+ err++;
+ goto end;
+ }
+ if (!HMAC_Init_ex(ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) {
printf("Failed to initialise HMAC (test 6)\n");
err++;
goto end;
}
- if (!HMAC_Update(&ctx, test[7].data, test[7].data_len)) {
+ if (!HMAC_Update(ctx, test[7].data, test[7].data_len)) {
printf("Error updating HMAC with data (test 6)\n");
err++;
goto end;
}
- if (!HMAC_CTX_copy(&ctx2, &ctx)) {
+ if (!HMAC_CTX_copy(ctx2, ctx)) {
printf("Failed to copy HMAC_CTX (test 6)\n");
err++;
goto end;
}
- if (!HMAC_Final(&ctx2, buf, &len)) {
+ if (!HMAC_Final(ctx2, buf, &len)) {
printf("Error finalising data (test 6)\n");
err++;
goto end;
printf("test 6 ok\n");
}
end:
- HMAC_CTX_cleanup(&ctx);
+ HMAC_CTX_free(ctx2);
+ HMAC_CTX_free(ctx);
EXIT(err);
}
projects / openssl.git / commitdiff