diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-03-29 19:42:33 +0200 |
|---|---|---|
| committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-05-08 14:35:03 +0200 |
| commit | 0a8a6afdfb71e42962921980b51942cea8632697 (patch) | |
| tree | 745f3e64cca2a9993fc2548f0a80a20dca231bcb /providers | |
| parent | bea31afef013aaf5638e96e9bed1b633c510d50d (diff) | |
| download | openssl-new-0a8a6afdfb71e42962921980b51942cea8632697.tar.gz | |
Add quick one-shot EVP_Q_mac() and deprecation compensation decls for MAC functions
This helps compensating for deprecated functions such as HMAC()
and reduces clutter in the crypto lib, apps, and tests.
Also fixes memory leaks in generate_cookie_callback() of apps/lib/s_cb.c.
and replaces 'B<...>' by 'I<...>' where appropriate in HMAC.pod
Partially fixes #14628.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14664)
Diffstat (limited to 'providers')
| -rw-r--r-- | providers/fips-sources.checksums | 6 | ||||
| -rw-r--r-- | providers/fips.checksum | 2 | ||||
| -rw-r--r-- | providers/implementations/kdfs/hkdf.c | 30 |
3 files changed, 21 insertions, 17 deletions
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums index e6d798648a..6175384c2d 100644 --- a/providers/fips-sources.checksums +++ b/providers/fips-sources.checksums @@ -180,7 +180,7 @@ c0f87865be8dab6ea909fd976e5a46e4e8343b18403090c4a59b2af90f9a1329 crypto/evp/evp 2d657d8de8c2441693d54ef3730d83ca4b5d76c3b3405ece89bff9e46149d670 crypto/evp/keymgmt_lib.c 56d3ed4313cb811a3c2d062ff8b2a0fd67c4b0d28fe0562a57555b3a95907535 crypto/evp/keymgmt_meth.c 9fd78bfd59378fc4a9f56ce474310d8d2851aa42862c694ee0e47b175e836c51 crypto/evp/m_sigver.c -0f5e0cd5c66712803a19774610f6bdfe572f5dda08c58cdf1b19d38a0693911c crypto/evp/mac_lib.c +ec959b00487bfc51f4cf33c21a60fd8a73087a622504f459ba4cfe48bb0a738c crypto/evp/mac_lib.c 5f4b933a479d7cd589c47388aebfd8d6ffa3943ec2883049fc929e6ca37e26b5 crypto/evp/mac_meth.c f5a18107256e00e2eed6a9b54eaf44ef1b99c0f29134e9f363a09daa2d35f1b5 crypto/evp/p_lib.c b7e9ce6e8a35e0fc5b4eb4c047cda1e811b757669dbfafa71e743d85e07817a4 crypto/evp/pmeth_check.c @@ -195,7 +195,7 @@ ead786b4f5689ab69d6cca5d49e513e0f90cb558b67e6c5898255f2671f1393d crypto/ffc/ffc a87945698684673832fbedb4d01e2f11df58f43f79605a9e6d7136bb15b02e52 crypto/ffc/ffc_params.c 887357f0422954f2ecb855d468ad2456a76372dc401301ba284c0fd8c6b5092e crypto/ffc/ffc_params_generate.c 73dac805abab36cd9df53a421221c71d06a366a4ce479fa788be777f11b47159 crypto/ffc/ffc_params_validate.c -84d8ae0141a79548ad65b31fe4673e8603930f942f21f3a7623e23f539799764 crypto/hmac/hmac.c +c193773792bec29c791e84d150ffe5ef25f53cb02e23f0e12e9000234b4322e5 crypto/hmac/hmac.c 7000ba81f54c1d516a536bc6e96ad3729e3b5b15740006c2e22f0b76606042d6 crypto/initthread.c c6c83f826eb6465f2a1b186ea692ff6fe32dbfb821d18d254625b69083d68fb0 crypto/lhash/lhash.c f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0 crypto/mem_clr.c @@ -362,7 +362,7 @@ de342d04be6af69037922d5c97bdc40c0c27f6740636e72786a765d0d8ad9173 providers/impl 427b9abee979f94371aa4aa99b48f08f1772965c93f9bce6f4531cc4cec136b6 providers/implementations/exchange/ecdh_exch.c 9bf87b8429398a6465c7e9f749a33b84974303a458736b56f3359b30726d3969 providers/implementations/exchange/ecx_exch.c 06ba83a8a8235bcdbda56f82b017cb19361469fe47c23cc6218a7e9b88ae6513 providers/implementations/exchange/kdf_exch.c -4f8049771ff0cb57944e1ffc9599a96023e36b424138e51b1466f9a133f03943 providers/implementations/kdfs/hkdf.c +9b9e7937be361de8e3c3fa9a2ef17edde8a0a4391bf55c72ff9785c1e4ee7dfc providers/implementations/kdfs/hkdf.c 115e13e152cfb7d729659cb26056414f719c5e7cb2a9b3df8b6ad0f232ce109a providers/implementations/kdfs/kbkdf.c f93d3b32e7e3bc6bd4100559b15d392613797e1048010fdc70058ae9297a1125 providers/implementations/kdfs/pbkdf2.c abe2b0f3711eaa34846e155cffc9242e4051c45de896f747afd5ac9d87f637dc providers/implementations/kdfs/pbkdf2_fips.c diff --git a/providers/fips.checksum b/providers/fips.checksum index 4ee2135be1..50a9c51b5c 100644 --- a/providers/fips.checksum +++ b/providers/fips.checksum @@ -1 +1 @@ -a1ce185646a78b5eb88229b77aec1455e6e361f7428bb884aebe45cb8fdc3703 providers/fips-sources.checksums +4d501c5fb8a5646c618eb02511a7a1ffab71823f6adee558ee30df8bb4bd6f40 providers/fips-sources.checksums diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c index 2d3c72f501..ce0c81c1d2 100644 --- a/providers/implementations/kdfs/hkdf.c +++ b/providers/implementations/kdfs/hkdf.c @@ -41,12 +41,12 @@ static OSSL_FUNC_kdf_set_ctx_params_fn kdf_hkdf_set_ctx_params; static OSSL_FUNC_kdf_gettable_ctx_params_fn kdf_hkdf_gettable_ctx_params; static OSSL_FUNC_kdf_get_ctx_params_fn kdf_hkdf_get_ctx_params; -static int HKDF(const EVP_MD *evp_md, +static int HKDF(OSSL_LIB_CTX *libctx, const EVP_MD *evp_md, const unsigned char *salt, size_t salt_len, const unsigned char *key, size_t key_len, const unsigned char *info, size_t info_len, unsigned char *okm, size_t okm_len); -static int HKDF_Extract(const EVP_MD *evp_md, +static int HKDF_Extract(OSSL_LIB_CTX *libctx, const EVP_MD *evp_md, const unsigned char *salt, size_t salt_len, const unsigned char *ikm, size_t ikm_len, unsigned char *prk, size_t prk_len); @@ -127,6 +127,7 @@ static int kdf_hkdf_derive(void *vctx, unsigned char *key, size_t keylen, const OSSL_PARAM params[]) { KDF_HKDF *ctx = (KDF_HKDF *)vctx; + OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx); const EVP_MD *md; if (!ossl_prov_is_running() || !kdf_hkdf_set_ctx_params(ctx, params)) @@ -148,13 +149,12 @@ static int kdf_hkdf_derive(void *vctx, unsigned char *key, size_t keylen, switch (ctx->mode) { case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND: - return HKDF(md, ctx->salt, ctx->salt_len, ctx->key, - ctx->key_len, ctx->info, ctx->info_len, key, - keylen); + return HKDF(libctx, md, ctx->salt, ctx->salt_len, + ctx->key, ctx->key_len, ctx->info, ctx->info_len, key, keylen); case EVP_KDF_HKDF_MODE_EXTRACT_ONLY: - return HKDF_Extract(md, ctx->salt, ctx->salt_len, ctx->key, - ctx->key_len, key, keylen); + return HKDF_Extract(libctx, md, ctx->salt, ctx->salt_len, + ctx->key, ctx->key_len, key, keylen); case EVP_KDF_HKDF_MODE_EXPAND_ONLY: return HKDF_Expand(md, ctx->key, ctx->key_len, ctx->info, @@ -169,13 +169,13 @@ static int kdf_hkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { const OSSL_PARAM *p; KDF_HKDF *ctx = vctx; - OSSL_LIB_CTX *provctx = PROV_LIBCTX_OF(ctx->provctx); + OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx); int n; if (params == NULL) return 1; - if (!ossl_prov_digest_load_from_params(&ctx->digest, params, provctx)) + if (!ossl_prov_digest_load_from_params(&ctx->digest, params, libctx)) return 0; if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE)) != NULL) { @@ -316,7 +316,7 @@ const OSSL_DISPATCH ossl_kdf_hkdf_functions[] = { * 2.3. Step 2: Expand * HKDF-Expand(PRK, info, L) -> OKM */ -static int HKDF(const EVP_MD *evp_md, +static int HKDF(OSSL_LIB_CTX *libctx, const EVP_MD *evp_md, const unsigned char *salt, size_t salt_len, const unsigned char *ikm, size_t ikm_len, const unsigned char *info, size_t info_len, @@ -332,7 +332,8 @@ static int HKDF(const EVP_MD *evp_md, prk_len = (size_t)sz; /* Step 1: HKDF-Extract(salt, IKM) -> PRK */ - if (!HKDF_Extract(evp_md, salt, salt_len, ikm, ikm_len, prk, prk_len)) + if (!HKDF_Extract(libctx, evp_md, + salt, salt_len, ikm, ikm_len, prk, prk_len)) return 0; /* Step 2: HKDF-Expand(PRK, info, L) -> OKM */ @@ -366,7 +367,7 @@ static int HKDF(const EVP_MD *evp_md, * * PRK = HMAC-Hash(salt, IKM) */ -static int HKDF_Extract(const EVP_MD *evp_md, +static int HKDF_Extract(OSSL_LIB_CTX *libctx, const EVP_MD *evp_md, const unsigned char *salt, size_t salt_len, const unsigned char *ikm, size_t ikm_len, unsigned char *prk, size_t prk_len) @@ -380,7 +381,10 @@ static int HKDF_Extract(const EVP_MD *evp_md, return 0; } /* calc: PRK = HMAC-Hash(salt, IKM) */ - return HMAC(evp_md, salt, salt_len, ikm, ikm_len, prk, NULL) != NULL; + return + EVP_Q_mac(libctx, "HMAC", NULL, EVP_MD_name(evp_md), NULL, salt, + salt_len, ikm, ikm_len, prk, EVP_MD_size(evp_md), NULL) + != NULL; } /* |