diff options
author | marha <marha@users.sourceforge.net> | 2015-02-22 21:39:56 +0100 |
---|---|---|
committer | marha <marha@users.sourceforge.net> | 2015-02-22 21:39:56 +0100 |
commit | 462f18c7b25fe3e467f837647d07ab0a78aa8d2b (patch) | |
tree | fc8013c0a1bac05a1945846c1697e973f4c35013 /openssl/crypto/hmac | |
parent | 36f711ee12b6dd5184198abed3aa551efb585587 (diff) | |
download | vcxsrv-462f18c7b25fe3e467f837647d07ab0a78aa8d2b.tar.gz vcxsrv-462f18c7b25fe3e467f837647d07ab0a78aa8d2b.tar.bz2 vcxsrv-462f18c7b25fe3e467f837647d07ab0a78aa8d2b.zip |
Merged origin/release (checked in because wanted to merge new stuff)
Diffstat (limited to 'openssl/crypto/hmac')
-rw-r--r-- | openssl/crypto/hmac/hm_ameth.c | 157 | ||||
-rw-r--r-- | openssl/crypto/hmac/hm_pmeth.c | 373 | ||||
-rw-r--r-- | openssl/crypto/hmac/hmac.c | 328 | ||||
-rw-r--r-- | openssl/crypto/hmac/hmac.h | 59 | ||||
-rw-r--r-- | openssl/crypto/hmac/hmactest.c | 188 |
5 files changed, 542 insertions, 563 deletions
diff --git a/openssl/crypto/hmac/hm_ameth.c b/openssl/crypto/hmac/hm_ameth.c index e03f24aed..29b2b5dff 100644 --- a/openssl/crypto/hmac/hm_ameth.c +++ b/openssl/crypto/hmac/hm_ameth.c @@ -1,5 +1,6 @@ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2007. +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2007. */ /* ==================================================================== * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -9,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -62,106 +63,100 @@ #define HMAC_TEST_PRIVATE_KEY_FORMAT -/* HMAC "ASN1" method. This is just here to indicate the - * maximum HMAC output length and to free up an HMAC - * key. +/* + * HMAC "ASN1" method. This is just here to indicate the maximum HMAC output + * length and to free up an HMAC key. */ static int hmac_size(const EVP_PKEY *pkey) - { - return EVP_MAX_MD_SIZE; - } +{ + return EVP_MAX_MD_SIZE; +} static void hmac_key_free(EVP_PKEY *pkey) - { - ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr; - if (os) - { - if (os->data) - OPENSSL_cleanse(os->data, os->length); - ASN1_OCTET_STRING_free(os); - } - } - +{ + ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr; + if (os) { + if (os->data) + OPENSSL_cleanse(os->data, os->length); + ASN1_OCTET_STRING_free(os); + } +} static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) - { - switch (op) - { - case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - *(int *)arg2 = NID_sha1; - return 1; - - default: - return -2; - } - } +{ + switch (op) { + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: + *(int *)arg2 = NID_sha256; + return 1; + + default: + return -2; + } +} #ifdef HMAC_TEST_PRIVATE_KEY_FORMAT -/* A bogus private key format for test purposes. This is simply the - * HMAC key with "HMAC PRIVATE KEY" in the headers. When enabled the - * genpkey utility can be used to "generate" HMAC keys. +/* + * A bogus private key format for test purposes. This is simply the HMAC key + * with "HMAC PRIVATE KEY" in the headers. When enabled the genpkey utility + * can be used to "generate" HMAC keys. */ static int old_hmac_decode(EVP_PKEY *pkey, - const unsigned char **pder, int derlen) - { - ASN1_OCTET_STRING *os; - os = ASN1_OCTET_STRING_new(); - if (!os || !ASN1_OCTET_STRING_set(os, *pder, derlen)) - return 0; - EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os); - return 1; - } + const unsigned char **pder, int derlen) +{ + ASN1_OCTET_STRING *os; + os = ASN1_OCTET_STRING_new(); + if (!os || !ASN1_OCTET_STRING_set(os, *pder, derlen)) + return 0; + EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os); + return 1; +} static int old_hmac_encode(const EVP_PKEY *pkey, unsigned char **pder) - { - int inc; - ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr; - if (pder) - { - if (!*pder) - { - *pder = OPENSSL_malloc(os->length); - inc = 0; - } - else inc = 1; - - memcpy(*pder, os->data, os->length); - - if (inc) - *pder += os->length; - } - - return os->length; - } +{ + int inc; + ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr; + if (pder) { + if (!*pder) { + *pder = OPENSSL_malloc(os->length); + inc = 0; + } else + inc = 1; + + memcpy(*pder, os->data, os->length); + + if (inc) + *pder += os->length; + } + + return os->length; +} #endif -const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = - { - EVP_PKEY_HMAC, - EVP_PKEY_HMAC, - 0, +const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = { + EVP_PKEY_HMAC, + EVP_PKEY_HMAC, + 0, - "HMAC", - "OpenSSL HMAC method", + "HMAC", + "OpenSSL HMAC method", - 0,0,0,0, + 0, 0, 0, 0, - 0,0,0, + 0, 0, 0, - hmac_size, - 0, - 0,0,0,0,0,0,0, + hmac_size, + 0, + 0, 0, 0, 0, 0, 0, 0, - hmac_key_free, - hmac_pkey_ctrl, + hmac_key_free, + hmac_pkey_ctrl, #ifdef HMAC_TEST_PRIVATE_KEY_FORMAT - old_hmac_decode, - old_hmac_encode + old_hmac_decode, + old_hmac_encode #else - 0,0 + 0, 0 #endif - }; - +}; diff --git a/openssl/crypto/hmac/hm_pmeth.c b/openssl/crypto/hmac/hm_pmeth.c index 0daa44511..0ffff79cc 100644 --- a/openssl/crypto/hmac/hm_pmeth.c +++ b/openssl/crypto/hmac/hm_pmeth.c @@ -1,5 +1,6 @@ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2007. +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2007. */ /* ==================================================================== * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -9,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -65,207 +66,197 @@ /* HMAC pkey context structure */ -typedef struct - { - const EVP_MD *md; /* MD for HMAC use */ - ASN1_OCTET_STRING ktmp; /* Temp storage for key */ - HMAC_CTX ctx; - } HMAC_PKEY_CTX; +typedef struct { + const EVP_MD *md; /* MD for HMAC use */ + ASN1_OCTET_STRING ktmp; /* Temp storage for key */ + HMAC_CTX ctx; +} HMAC_PKEY_CTX; static int pkey_hmac_init(EVP_PKEY_CTX *ctx) - { - HMAC_PKEY_CTX *hctx; - hctx = OPENSSL_malloc(sizeof(HMAC_PKEY_CTX)); - if (!hctx) - return 0; - hctx->md = NULL; - hctx->ktmp.data = NULL; - hctx->ktmp.length = 0; - hctx->ktmp.flags = 0; - hctx->ktmp.type = V_ASN1_OCTET_STRING; - HMAC_CTX_init(&hctx->ctx); - - ctx->data = hctx; - ctx->keygen_info_count = 0; - - return 1; - } +{ + HMAC_PKEY_CTX *hctx; + hctx = OPENSSL_malloc(sizeof(HMAC_PKEY_CTX)); + if (!hctx) + return 0; + hctx->md = NULL; + hctx->ktmp.data = NULL; + hctx->ktmp.length = 0; + hctx->ktmp.flags = 0; + hctx->ktmp.type = V_ASN1_OCTET_STRING; + HMAC_CTX_init(&hctx->ctx); + + ctx->data = hctx; + ctx->keygen_info_count = 0; + + return 1; +} static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) - { - HMAC_PKEY_CTX *sctx, *dctx; - if (!pkey_hmac_init(dst)) - return 0; - sctx = src->data; - dctx = dst->data; - dctx->md = sctx->md; - HMAC_CTX_init(&dctx->ctx); - if (!HMAC_CTX_copy(&dctx->ctx, &sctx->ctx)) - return 0; - if (sctx->ktmp.data) - { - if (!ASN1_OCTET_STRING_set(&dctx->ktmp, - sctx->ktmp.data, sctx->ktmp.length)) - return 0; - } - return 1; - } +{ + HMAC_PKEY_CTX *sctx, *dctx; + if (!pkey_hmac_init(dst)) + return 0; + sctx = src->data; + dctx = dst->data; + dctx->md = sctx->md; + HMAC_CTX_init(&dctx->ctx); + if (!HMAC_CTX_copy(&dctx->ctx, &sctx->ctx)) + return 0; + if (sctx->ktmp.data) { + if (!ASN1_OCTET_STRING_set(&dctx->ktmp, + sctx->ktmp.data, sctx->ktmp.length)) + return 0; + } + return 1; +} static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx) - { - HMAC_PKEY_CTX *hctx = ctx->data; - HMAC_CTX_cleanup(&hctx->ctx); - if (hctx->ktmp.data) - { - if (hctx->ktmp.length) - OPENSSL_cleanse(hctx->ktmp.data, hctx->ktmp.length); - OPENSSL_free(hctx->ktmp.data); - hctx->ktmp.data = NULL; - } - OPENSSL_free(hctx); - } +{ + HMAC_PKEY_CTX *hctx = ctx->data; + HMAC_CTX_cleanup(&hctx->ctx); + if (hctx->ktmp.data) { + if (hctx->ktmp.length) + OPENSSL_cleanse(hctx->ktmp.data, hctx->ktmp.length); + OPENSSL_free(hctx->ktmp.data); + hctx->ktmp.data = NULL; + } + OPENSSL_free(hctx); +} static int pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) - { - ASN1_OCTET_STRING *hkey = NULL; - HMAC_PKEY_CTX *hctx = ctx->data; - if (!hctx->ktmp.data) - return 0; - hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp); - if (!hkey) - return 0; - EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey); - - return 1; - } - -static int int_update(EVP_MD_CTX *ctx,const void *data,size_t count) - { - HMAC_PKEY_CTX *hctx = ctx->pctx->data; - if (!HMAC_Update(&hctx->ctx, data, count)) - return 0; - return 1; - } +{ + ASN1_OCTET_STRING *hkey = NULL; + HMAC_PKEY_CTX *hctx = ctx->data; + if (!hctx->ktmp.data) + return 0; + hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp); + if (!hkey) + return 0; + EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey); + + return 1; +} + +static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + HMAC_PKEY_CTX *hctx = ctx->pctx->data; + if (!HMAC_Update(&hctx->ctx, data, count)) + return 0; + return 1; +} static int hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) - { - HMAC_PKEY_CTX *hctx = ctx->data; - HMAC_CTX_set_flags(&hctx->ctx, mctx->flags & ~EVP_MD_CTX_FLAG_NO_INIT); - EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); - mctx->update = int_update; - return 1; - } +{ + HMAC_PKEY_CTX *hctx = ctx->data; + HMAC_CTX_set_flags(&hctx->ctx, mctx->flags & ~EVP_MD_CTX_FLAG_NO_INIT); + EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); + mctx->update = int_update; + return 1; +} static int hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - EVP_MD_CTX *mctx) - { - unsigned int hlen; - HMAC_PKEY_CTX *hctx = ctx->data; - int l = EVP_MD_CTX_size(mctx); - - if (l < 0) - return 0; - *siglen = l; - if (!sig) - return 1; - - if (!HMAC_Final(&hctx->ctx, sig, &hlen)) - return 0; - *siglen = (size_t)hlen; - return 1; - } + EVP_MD_CTX *mctx) +{ + unsigned int hlen; + HMAC_PKEY_CTX *hctx = ctx->data; + int l = EVP_MD_CTX_size(mctx); + + if (l < 0) + return 0; + *siglen = l; + if (!sig) + return 1; + + if (!HMAC_Final(&hctx->ctx, sig, &hlen)) + return 0; + *siglen = (size_t)hlen; + return 1; +} static int pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) - { - HMAC_PKEY_CTX *hctx = ctx->data; - ASN1_OCTET_STRING *key; - switch (type) - { - - case EVP_PKEY_CTRL_SET_MAC_KEY: - if ((!p2 && p1 > 0) || (p1 < -1)) - return 0; - if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1)) - return 0; - break; - - case EVP_PKEY_CTRL_MD: - hctx->md = p2; - break; - - case EVP_PKEY_CTRL_DIGESTINIT: - key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr; - if (!HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md, - ctx->engine)) - return 0; - break; - - default: - return -2; - - } - return 1; - } +{ + HMAC_PKEY_CTX *hctx = ctx->data; + ASN1_OCTET_STRING *key; + switch (type) { + + case EVP_PKEY_CTRL_SET_MAC_KEY: + if ((!p2 && p1 > 0) || (p1 < -1)) + return 0; + if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1)) + return 0; + break; + + case EVP_PKEY_CTRL_MD: + hctx->md = p2; + break; + + case EVP_PKEY_CTRL_DIGESTINIT: + key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr; + if (!HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md, + ctx->engine)) + return 0; + break; + + default: + return -2; + + } + return 1; +} static int pkey_hmac_ctrl_str(EVP_PKEY_CTX *ctx, - const char *type, const char *value) - { - if (!value) - { - return 0; - } - if (!strcmp(type, "key")) - { - void *p = (void *)value; - return pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, - -1, p); - } - if (!strcmp(type, "hexkey")) - { - unsigned char *key; - int r; - long keylen; - key = string_to_hex(value, &keylen); - if (!key) - return 0; - r = pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key); - OPENSSL_free(key); - return r; - } - return -2; - } - -const EVP_PKEY_METHOD hmac_pkey_meth = - { - EVP_PKEY_HMAC, - 0, - pkey_hmac_init, - pkey_hmac_copy, - pkey_hmac_cleanup, - - 0, 0, - - 0, - pkey_hmac_keygen, - - 0, 0, - - 0, 0, - - 0,0, - - hmac_signctx_init, - hmac_signctx, - - 0,0, - - 0,0, - - 0,0, - - 0,0, - - pkey_hmac_ctrl, - pkey_hmac_ctrl_str - - }; + const char *type, const char *value) +{ + if (!value) { + return 0; + } + if (!strcmp(type, "key")) { + void *p = (void *)value; + return pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, -1, p); + } + if (!strcmp(type, "hexkey")) { + unsigned char *key; + int r; + long keylen; + key = string_to_hex(value, &keylen); + if (!key) + return 0; + r = pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key); + OPENSSL_free(key); + return r; + } + return -2; +} + +const EVP_PKEY_METHOD hmac_pkey_meth = { + EVP_PKEY_HMAC, + 0, + pkey_hmac_init, + pkey_hmac_copy, + pkey_hmac_cleanup, + + 0, 0, + + 0, + pkey_hmac_keygen, + + 0, 0, + + 0, 0, + + 0, 0, + + hmac_signctx_init, + hmac_signctx, + + 0, 0, + + 0, 0, + + 0, 0, + + 0, 0, + + pkey_hmac_ctrl, + pkey_hmac_ctrl_str +}; diff --git a/openssl/crypto/hmac/hmac.c b/openssl/crypto/hmac/hmac.c index ba27cbf56..1fc9e2c3f 100644 --- a/openssl/crypto/hmac/hmac.c +++ b/openssl/crypto/hmac/hmac.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -62,190 +62,192 @@ #include <openssl/hmac.h> #ifdef OPENSSL_FIPS -#include <openssl/fips.h> +# include <openssl/fips.h> #endif int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - const EVP_MD *md, ENGINE *impl) - { - int i,j,reset=0; - unsigned char pad[HMAC_MAX_MD_CBLOCK]; + const EVP_MD *md, ENGINE *impl) +{ + int i, j, reset = 0; + unsigned char pad[HMAC_MAX_MD_CBLOCK]; #ifdef OPENSSL_FIPS - if (FIPS_mode()) - { - /* If we have an ENGINE need to allow non FIPS */ - if ((impl || ctx->i_ctx.engine) - && !(ctx->i_ctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) - { - EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS); - return 0; - } - /* Other algorithm blocking will be done in FIPS_cmac_init, - * via FIPS_hmac_init_ex(). - */ - if (!impl && !ctx->i_ctx.engine) - return FIPS_hmac_init_ex(ctx, key, len, md, NULL); - } + /* If FIPS mode switch to approved implementation if possible */ + if (FIPS_mode()) { + const EVP_MD *fipsmd; + if (md) { + fipsmd = FIPS_get_digestbynid(EVP_MD_type(md)); + if (fipsmd) + md = fipsmd; + } + } + + if (FIPS_mode()) { + /* If we have an ENGINE need to allow non FIPS */ + if ((impl || ctx->i_ctx.engine) + && !(ctx->i_ctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) { + EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS); + return 0; + } + /* + * Other algorithm blocking will be done in FIPS_cmac_init, via + * FIPS_hmac_init_ex(). + */ + if (!impl && !ctx->i_ctx.engine) + return FIPS_hmac_init_ex(ctx, key, len, md, NULL); + } #endif - if (md != NULL) - { - reset=1; - ctx->md=md; - } - else - md=ctx->md; - - if (key != NULL) - { - reset=1; - j=EVP_MD_block_size(md); - OPENSSL_assert(j <= (int)sizeof(ctx->key)); - if (j < len) - { - if (!EVP_DigestInit_ex(&ctx->md_ctx,md, impl)) - goto err; - if (!EVP_DigestUpdate(&ctx->md_ctx,key,len)) - goto err; - if (!EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key, - &ctx->key_length)) - goto err; - } - else - { - OPENSSL_assert(len>=0 && len<=(int)sizeof(ctx->key)); - memcpy(ctx->key,key,len); - ctx->key_length=len; - } - if(ctx->key_length != HMAC_MAX_MD_CBLOCK) - memset(&ctx->key[ctx->key_length], 0, - HMAC_MAX_MD_CBLOCK - ctx->key_length); - } - - if (reset) - { - for (i=0; i<HMAC_MAX_MD_CBLOCK; i++) - pad[i]=0x36^ctx->key[i]; - if (!EVP_DigestInit_ex(&ctx->i_ctx,md, impl)) - goto err; - if (!EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md))) - goto err; - - for (i=0; i<HMAC_MAX_MD_CBLOCK; i++) - pad[i]=0x5c^ctx->key[i]; - if (!EVP_DigestInit_ex(&ctx->o_ctx,md, impl)) - goto err; - if (!EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md))) - goto err; - } - if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx)) - goto err; - return 1; - err: - return 0; - } + if (md != NULL) { + reset = 1; + ctx->md = md; + } else + md = ctx->md; + + if (key != NULL) { + reset = 1; + j = EVP_MD_block_size(md); + OPENSSL_assert(j <= (int)sizeof(ctx->key)); + if (j < len) { + if (!EVP_DigestInit_ex(&ctx->md_ctx, md, impl)) + goto err; + if (!EVP_DigestUpdate(&ctx->md_ctx, key, len)) + goto err; + if (!EVP_DigestFinal_ex(&(ctx->md_ctx), ctx->key, + &ctx->key_length)) + goto err; + } else { + OPENSSL_assert(len >= 0 && len <= (int)sizeof(ctx->key)); + memcpy(ctx->key, key, len); + ctx->key_length = len; + } + if (ctx->key_length != HMAC_MAX_MD_CBLOCK) + memset(&ctx->key[ctx->key_length], 0, + HMAC_MAX_MD_CBLOCK - ctx->key_length); + } + + if (reset) { + for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) + pad[i] = 0x36 ^ ctx->key[i]; + if (!EVP_DigestInit_ex(&ctx->i_ctx, md, impl)) + goto err; + if (!EVP_DigestUpdate(&ctx->i_ctx, pad, EVP_MD_block_size(md))) + goto err; + + for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) + pad[i] = 0x5c ^ ctx->key[i]; + if (!EVP_DigestInit_ex(&ctx->o_ctx, md, impl)) + goto err; + if (!EVP_DigestUpdate(&ctx->o_ctx, pad, EVP_MD_block_size(md))) + goto err; + } + if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->i_ctx)) + goto err; + return 1; + err: + return 0; +} int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md) - { - if(key && md) - HMAC_CTX_init(ctx); - return HMAC_Init_ex(ctx,key,len,md, NULL); - } +{ + if (key && md) + HMAC_CTX_init(ctx); + return HMAC_Init_ex(ctx, key, len, md, NULL); +} int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) - { +{ #ifdef OPENSSL_FIPS - if (FIPS_mode() && !ctx->i_ctx.engine) - return FIPS_hmac_update(ctx, data, len); + if (FIPS_mode() && !ctx->i_ctx.engine) + return FIPS_hmac_update(ctx, data, len); #endif - return EVP_DigestUpdate(&ctx->md_ctx,data,len); - } + return EVP_DigestUpdate(&ctx->md_ctx, data, len); +} int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) - { - unsigned int i; - unsigned char buf[EVP_MAX_MD_SIZE]; +{ + unsigned int i; + unsigned char buf[EVP_MAX_MD_SIZE]; #ifdef OPENSSL_FIPS - if (FIPS_mode() && !ctx->i_ctx.engine) - return FIPS_hmac_final(ctx, md, len); + if (FIPS_mode() && !ctx->i_ctx.engine) + return FIPS_hmac_final(ctx, md, len); #endif - if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i)) - goto err; - if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx)) - goto err; - if (!EVP_DigestUpdate(&ctx->md_ctx,buf,i)) - goto err; - if (!EVP_DigestFinal_ex(&ctx->md_ctx,md,len)) - goto err; - return 1; - err: - return 0; - } + if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i)) + goto err; + if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx)) + goto err; + if (!EVP_DigestUpdate(&ctx->md_ctx, buf, i)) + goto err; + if (!EVP_DigestFinal_ex(&ctx->md_ctx, md, len)) + goto err; + return 1; + err: + return 0; +} void HMAC_CTX_init(HMAC_CTX *ctx) - { - EVP_MD_CTX_init(&ctx->i_ctx); - EVP_MD_CTX_init(&ctx->o_ctx); - EVP_MD_CTX_init(&ctx->md_ctx); - } +{ + EVP_MD_CTX_init(&ctx->i_ctx); + EVP_MD_CTX_init(&ctx->o_ctx); + EVP_MD_CTX_init(&ctx->md_ctx); +} int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx) - { - if (!EVP_MD_CTX_copy(&dctx->i_ctx, &sctx->i_ctx)) - goto err; - if (!EVP_MD_CTX_copy(&dctx->o_ctx, &sctx->o_ctx)) - goto err; - if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx)) - goto err; - memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK); - dctx->key_length = sctx->key_length; - dctx->md = sctx->md; - return 1; - err: - return 0; - } +{ + if (!EVP_MD_CTX_copy(&dctx->i_ctx, &sctx->i_ctx)) + goto err; + if (!EVP_MD_CTX_copy(&dctx->o_ctx, &sctx->o_ctx)) + goto err; + if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx)) + goto err; + memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK); + dctx->key_length = sctx->key_length; + dctx->md = sctx->md; + return 1; + err: + return 0; +} void HMAC_CTX_cleanup(HMAC_CTX *ctx) - { +{ #ifdef OPENSSL_FIPS - if (FIPS_mode() && !ctx->i_ctx.engine) - { - FIPS_hmac_ctx_cleanup(ctx); - return; - } + if (FIPS_mode() && !ctx->i_ctx.engine) { + FIPS_hmac_ctx_cleanup(ctx); + return; + } #endif - EVP_MD_CTX_cleanup(&ctx->i_ctx); - EVP_MD_CTX_cleanup(&ctx->o_ctx); - EVP_MD_CTX_cleanup(&ctx->md_ctx); - memset(ctx,0,sizeof *ctx); - } + EVP_MD_CTX_cleanup(&ctx->i_ctx); + EVP_MD_CTX_cleanup(&ctx->o_ctx); + EVP_MD_CTX_cleanup(&ctx->md_ctx); + memset(ctx, 0, sizeof *ctx); +} unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, - const unsigned char *d, size_t n, unsigned char *md, - unsigned int *md_len) - { - HMAC_CTX c; - static unsigned char m[EVP_MAX_MD_SIZE]; - - if (md == NULL) md=m; - HMAC_CTX_init(&c); - if (!HMAC_Init(&c,key,key_len,evp_md)) - goto err; - if (!HMAC_Update(&c,d,n)) - goto err; - if (!HMAC_Final(&c,md,md_len)) - goto err; - HMAC_CTX_cleanup(&c); - return md; - err: - return NULL; - } + const unsigned char *d, size_t n, unsigned char *md, + unsigned int *md_len) +{ + HMAC_CTX c; + static unsigned char m[EVP_MAX_MD_SIZE]; + + if (md == NULL) + md = m; + HMAC_CTX_init(&c); + if (!HMAC_Init(&c, key, key_len, evp_md)) + goto err; + if (!HMAC_Update(&c, d, n)) + goto err; + if (!HMAC_Final(&c, md, md_len)) + goto err; + HMAC_CTX_cleanup(&c); + return md; + err: + return NULL; +} void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) - { - EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); - EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); - EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); - } +{ + EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); + EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); + EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); +} diff --git a/openssl/crypto/hmac/hmac.h b/openssl/crypto/hmac/hmac.h index 1be002219..b8b55cda7 100644 --- a/openssl/crypto/hmac/hmac.h +++ b/openssl/crypto/hmac/hmac.h @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,56 +49,55 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #ifndef HEADER_HMAC_H -#define HEADER_HMAC_H +# define HEADER_HMAC_H -#include <openssl/opensslconf.h> +# include <openssl/opensslconf.h> -#ifdef OPENSSL_NO_HMAC -#error HMAC is disabled. -#endif +# ifdef OPENSSL_NO_HMAC +# error HMAC is disabled. +# endif -#include <openssl/evp.h> +# include <openssl/evp.h> -#define HMAC_MAX_MD_CBLOCK 128 /* largest known is SHA512 */ +# define HMAC_MAX_MD_CBLOCK 128/* largest known is SHA512 */ #ifdef __cplusplus extern "C" { #endif -typedef struct hmac_ctx_st - { - const EVP_MD *md; - EVP_MD_CTX md_ctx; - EVP_MD_CTX i_ctx; - EVP_MD_CTX o_ctx; - unsigned int key_length; - unsigned char key[HMAC_MAX_MD_CBLOCK]; - } HMAC_CTX; - -#define HMAC_size(e) (EVP_MD_size((e)->md)) +typedef struct hmac_ctx_st { + const EVP_MD *md; + EVP_MD_CTX md_ctx; + EVP_MD_CTX i_ctx; + EVP_MD_CTX o_ctx; + unsigned int key_length; + unsigned char key[HMAC_MAX_MD_CBLOCK]; +} HMAC_CTX; +# define HMAC_size(e) (EVP_MD_size((e)->md)) void HMAC_CTX_init(HMAC_CTX *ctx); void HMAC_CTX_cleanup(HMAC_CTX *ctx); -#define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */ +/* deprecated */ +# define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) -int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, - const EVP_MD *md); /* deprecated */ +/* deprecated */ +int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md); int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - const EVP_MD *md, ENGINE *impl); + const EVP_MD *md, ENGINE *impl); int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, - const unsigned char *d, size_t n, unsigned char *md, - unsigned int *md_len); + const unsigned char *d, size_t n, unsigned char *md, + unsigned int *md_len); int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); diff --git a/openssl/crypto/hmac/hmactest.c b/openssl/crypto/hmac/hmactest.c index 1b906b81a..3d130a03e 100644 --- a/openssl/crypto/hmac/hmactest.c +++ b/openssl/crypto/hmac/hmactest.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -66,110 +66,102 @@ int main(int argc, char *argv[]) { printf("No HMAC support\n"); - return(0); + return (0); } #else -#include <openssl/hmac.h> -#ifndef OPENSSL_NO_MD5 -#include <openssl/md5.h> -#endif +# include <openssl/hmac.h> +# ifndef OPENSSL_NO_MD5 +# include <openssl/md5.h> +# endif -#ifdef CHARSET_EBCDIC -#include <openssl/ebcdic.h> -#endif +# ifdef CHARSET_EBCDIC +# include <openssl/ebcdic.h> +# endif -#ifndef OPENSSL_NO_MD5 -static struct test_st - { - unsigned char key[16]; - int key_len; - unsigned char data[64]; - int data_len; - unsigned char *digest; - } test[4]={ - { "", - 0, - "More text test vectors to stuff up EBCDIC machines :-)", - 54, - (unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86", - },{ {0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b, - 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,}, - 16, - "Hi There", - 8, - (unsigned char *)"9294727a3638bb1c13f48ef8158bfc9d", - },{ "Jefe", - 4, - "what do ya want for nothing?", - 28, - (unsigned char *)"750c783e6ab0b503eaa86e310a5db738", - },{ - {0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa, - 0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,}, - 16, - {0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd, - 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd, - 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd, - 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd, - 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd, - 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd, - 0xdd,0xdd}, - 50, - (unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6", - }, - }; -#endif +# ifndef OPENSSL_NO_MD5 +static struct test_st { + unsigned char key[16]; + int key_len; + unsigned char data[64]; + int data_len; + unsigned char *digest; +} test[4] = { + { + "", 0, "More text test vectors to stuff up EBCDIC machines :-)", 54, + (unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86", + }, + { + { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + }, 16, "Hi There", 8, + (unsigned char *)"9294727a3638bb1c13f48ef8158bfc9d", + }, + { + "Jefe", 4, "what do ya want for nothing?", 28, + (unsigned char *)"750c783e6ab0b503eaa86e310a5db738", + }, + { + { + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + }, 16, { + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd + }, 50, (unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6", + }, +}; +# endif static char *pt(unsigned char *md); int main(int argc, char *argv[]) - { -#ifndef OPENSSL_NO_MD5 - int i; - char *p; -#endif - int err=0; +{ +# ifndef OPENSSL_NO_MD5 + int i; + char *p; +# endif + int err = 0; -#ifdef OPENSSL_NO_MD5 - printf("test skipped: MD5 disabled\n"); -#else +# ifdef OPENSSL_NO_MD5 + printf("test skipped: MD5 disabled\n"); +# else -#ifdef CHARSET_EBCDIC - ebcdic2ascii(test[0].data, test[0].data, test[0].data_len); - ebcdic2ascii(test[1].data, test[1].data, test[1].data_len); - ebcdic2ascii(test[2].key, test[2].key, test[2].key_len); - ebcdic2ascii(test[2].data, test[2].data, test[2].data_len); -#endif +# ifdef CHARSET_EBCDIC + ebcdic2ascii(test[0].data, test[0].data, test[0].data_len); + ebcdic2ascii(test[1].data, test[1].data, test[1].data_len); + ebcdic2ascii(test[2].key, test[2].key, test[2].key_len); + ebcdic2ascii(test[2].data, test[2].data, test[2].data_len); +# endif - for (i=0; i<4; i++) - { - p=pt(HMAC(EVP_md5(), - test[i].key, test[i].key_len, - test[i].data, test[i].data_len, - NULL,NULL)); + for (i = 0; i < 4; i++) { + p = pt(HMAC(EVP_md5(), + test[i].key, test[i].key_len, + test[i].data, test[i].data_len, NULL, NULL)); - if (strcmp(p,(char *)test[i].digest) != 0) - { - printf("error calculating HMAC on %d entry'\n",i); - printf("got %s instead of %s\n",p,test[i].digest); - err++; - } - else - printf("test %d ok\n",i); - } -#endif /* OPENSSL_NO_MD5 */ - EXIT(err); - return(0); - } + if (strcmp(p, (char *)test[i].digest) != 0) { + printf("error calculating HMAC on %d entry'\n", i); + printf("got %s instead of %s\n", p, test[i].digest); + err++; + } else + printf("test %d ok\n", i); + } +# endif /* OPENSSL_NO_MD5 */ + EXIT(err); + return (0); +} -#ifndef OPENSSL_NO_MD5 +# ifndef OPENSSL_NO_MD5 static char *pt(unsigned char *md) - { - int i; - static char buf[80]; +{ + int i; + static char buf[80]; - for (i=0; i<MD5_DIGEST_LENGTH; i++) - sprintf(&(buf[i*2]),"%02x",md[i]); - return(buf); - } -#endif + for (i = 0; i < MD5_DIGEST_LENGTH; i++) + sprintf(&(buf[i * 2]), "%02x", md[i]); + return (buf); +} +# endif #endif |