diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-03-29 19:42:33 +0200 |
|---|---|---|
| committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-05-08 14:35:03 +0200 |
| commit | 0a8a6afdfb71e42962921980b51942cea8632697 (patch) | |
| tree | 745f3e64cca2a9993fc2548f0a80a20dca231bcb /crypto/crmf | |
| parent | bea31afef013aaf5638e96e9bed1b633c510d50d (diff) | |
| download | openssl-new-0a8a6afdfb71e42962921980b51942cea8632697.tar.gz | |
Add quick one-shot EVP_Q_mac() and deprecation compensation decls for MAC functions
This helps compensating for deprecated functions such as HMAC()
and reduces clutter in the crypto lib, apps, and tests.
Also fixes memory leaks in generate_cookie_callback() of apps/lib/s_cb.c.
and replaces 'B<...>' by 'I<...>' where appropriate in HMAC.pod
Partially fixes #14628.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14664)
Diffstat (limited to 'crypto/crmf')
| -rw-r--r-- | crypto/crmf/crmf_pbm.c | 24 |
1 files changed, 8 insertions, 16 deletions
diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c index 40a41c28b2..cf483dcb9a 100644 --- a/crypto/crmf/crmf_pbm.c +++ b/crypto/crmf/crmf_pbm.c @@ -16,6 +16,7 @@ #include <openssl/rand.h> #include <openssl/evp.h> +#include <openssl/hmac.h> /* explicit #includes not strictly needed since implied by the above: */ #include <openssl/asn1t.h> @@ -120,8 +121,8 @@ OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t slen, * |msglen| length of the message * |sec| key to use * |seclen| length of the key - * |mac| pointer to the computed mac, will be set on success - * |maclen| if not NULL, will set variable to the length of the mac on success + * |out| pointer to the computed mac, will be set on success + * |outlen| if not NULL, will set variable to the length of the mac on success * returns 1 on success, 0 on error */ /* TODO try to combine with other MAC calculations in the libray */ @@ -140,10 +141,8 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq, unsigned int bklen = EVP_MAX_MD_SIZE; int64_t iterations; unsigned char *mac_res = 0; + unsigned int maclen; int ok = 0; - EVP_MAC *mac = NULL; - EVP_MAC_CTX *mctx = NULL; - OSSL_PARAM macparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; if (out == NULL || pbmp == NULL || pbmp->mac == NULL || pbmp->mac->algorithm == NULL || msg == NULL || sec == NULL) { @@ -208,23 +207,16 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq, ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_ALGORITHM); goto err; } - - macparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, - (char *)hmac_mdname, 0); - if ((mac = EVP_MAC_fetch(libctx, "HMAC", propq)) == NULL - || (mctx = EVP_MAC_CTX_new(mac)) == NULL - || !EVP_MAC_CTX_set_params(mctx, macparams) - || !EVP_MAC_init(mctx, basekey, bklen, macparams) - || !EVP_MAC_update(mctx, msg, msglen) - || !EVP_MAC_final(mctx, mac_res, outlen, EVP_MAX_MD_SIZE)) + /* TODO generalize to non-HMAC: */ + if (EVP_Q_mac(libctx, "HMAC", propq, hmac_mdname, NULL, basekey, bklen, + msg, msglen, mac_res, EVP_MAX_MD_SIZE, &maclen) == NULL) goto err; + *outlen = (size_t)maclen; ok = 1; err: OPENSSL_cleanse(basekey, bklen); - EVP_MAC_CTX_free(mctx); - EVP_MAC_free(mac); EVP_MD_free(owf); EVP_MD_CTX_free(ctx); |