-/* crypto/hmac/hmac.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * HMAC low level APIs are deprecated for public use, but still ok for internal
+ * use.
*/
+#include "internal/deprecated.h"
#include <stdio.h>
#include <stdlib.h>
#include "internal/cryptlib.h"
#include <openssl/hmac.h>
#include <openssl/opensslconf.h>
-#include "hmac_lcl.h"
+#include "hmac_local.h"
int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
const EVP_MD *md, ENGINE *impl)
{
- int i, j, reset = 0;
- unsigned char pad[HMAC_MAX_MD_CBLOCK];
+ int rv = 0, reset = 0;
+ int i, j;
+ unsigned char pad[HMAC_MAX_MD_CBLOCK_SIZE];
+ unsigned int keytmp_length;
+ unsigned char keytmp[HMAC_MAX_MD_CBLOCK_SIZE];
/* If we are changing MD then we must have a key */
if (md != NULL && md != ctx->md && (key == NULL || len < 0))
return 0;
if (md != NULL) {
- reset = 1;
ctx->md = md;
} else if (ctx->md) {
md = ctx->md;
return 0;
}
+ /*
+ * The HMAC construction is not allowed to be used with the
+ * extendable-output functions (XOF) shake128 and shake256.
+ */
+ if ((EVP_MD_flags(md) & EVP_MD_FLAG_XOF) != 0)
+ return 0;
+
if (key != NULL) {
reset = 1;
+
j = EVP_MD_block_size(md);
- OPENSSL_assert(j <= (int)sizeof(ctx->key));
+ if (!ossl_assert(j <= (int)sizeof(keytmp)))
+ return 0;
+ if (j < 0)
+ return 0;
if (j < len) {
- if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl))
- goto err;
- if (!EVP_DigestUpdate(ctx->md_ctx, key, len))
- goto err;
- if (!EVP_DigestFinal_ex(ctx->md_ctx, ctx->key,
- &ctx->key_length))
- goto err;
+ if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl)
+ || !EVP_DigestUpdate(ctx->md_ctx, key, len)
+ || !EVP_DigestFinal_ex(ctx->md_ctx, keytmp,
+ &keytmp_length))
+ return 0;
} else {
- if (len < 0 || len > (int)sizeof(ctx->key))
+ if (len < 0 || len > (int)sizeof(keytmp))
return 0;
- memcpy(ctx->key, key, len);
- ctx->key_length = len;
+ memcpy(keytmp, key, len);
+ keytmp_length = len;
}
- if (ctx->key_length != HMAC_MAX_MD_CBLOCK)
- memset(&ctx->key[ctx->key_length], 0,
- HMAC_MAX_MD_CBLOCK - ctx->key_length);
- }
+ if (keytmp_length != HMAC_MAX_MD_CBLOCK_SIZE)
+ memset(&keytmp[keytmp_length], 0,
+ HMAC_MAX_MD_CBLOCK_SIZE - keytmp_length);
- if (reset) {
- for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
- pad[i] = 0x36 ^ ctx->key[i];
- if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl))
- goto err;
- if (!EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md)))
+ for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++)
+ pad[i] = 0x36 ^ keytmp[i];
+ if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl)
+ || !EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md)))
goto err;
- for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
- pad[i] = 0x5c ^ ctx->key[i];
- if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl))
- goto err;
- if (!EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md)))
+ for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++)
+ pad[i] = 0x5c ^ keytmp[i];
+ if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl)
+ || !EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md)))
goto err;
}
if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->i_ctx))
goto err;
- return 1;
+ rv = 1;
err:
- return 0;
+ if (reset) {
+ OPENSSL_cleanse(keytmp, sizeof(keytmp));
+ OPENSSL_cleanse(pad, sizeof(pad));
+ }
+ return rv;
}
-#if OPENSSL_API_COMPAT < 0x10100000L
+#ifndef OPENSSL_NO_DEPRECATED_1_1_0
int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
{
if (key && md)
return 0;
}
-size_t HMAC_size(HMAC_CTX *ctx)
+size_t HMAC_size(const HMAC_CTX *ctx)
{
- return EVP_MD_size((ctx)->md);
+ int size = EVP_MD_size((ctx)->md);
+
+ return (size < 0) ? 0 : size;
}
HMAC_CTX *HMAC_CTX_new(void)
{
- HMAC_CTX *ctx = (HMAC_CTX *)OPENSSL_zalloc(sizeof(HMAC_CTX));
- if (ctx)
+ HMAC_CTX *ctx = OPENSSL_zalloc(sizeof(HMAC_CTX));
+
+ if (ctx != NULL) {
if (!HMAC_CTX_reset(ctx)) {
HMAC_CTX_free(ctx);
- ctx = NULL;
+ return NULL;
}
+ }
return ctx;
}
EVP_MD_CTX_reset(ctx->o_ctx);
EVP_MD_CTX_reset(ctx->md_ctx);
ctx->md = NULL;
- ctx->key_length = 0;
- memset(ctx->key, 0, sizeof(HMAC_MAX_MD_CBLOCK));
}
void HMAC_CTX_free(HMAC_CTX *ctx)
}
}
-int HMAC_CTX_reset(HMAC_CTX *ctx)
+static int hmac_ctx_alloc_mds(HMAC_CTX *ctx)
{
- hmac_ctx_cleanup(ctx);
if (ctx->i_ctx == NULL)
ctx->i_ctx = EVP_MD_CTX_new();
if (ctx->i_ctx == NULL)
- goto err;
+ return 0;
if (ctx->o_ctx == NULL)
ctx->o_ctx = EVP_MD_CTX_new();
if (ctx->o_ctx == NULL)
- goto err;
+ return 0;
if (ctx->md_ctx == NULL)
ctx->md_ctx = EVP_MD_CTX_new();
if (ctx->md_ctx == NULL)
- goto err;
- ctx->md = NULL;
+ return 0;
return 1;
- err:
+}
+
+int HMAC_CTX_reset(HMAC_CTX *ctx)
+{
hmac_ctx_cleanup(ctx);
- return 0;
+ if (!hmac_ctx_alloc_mds(ctx)) {
+ hmac_ctx_cleanup(ctx);
+ return 0;
+ }
+ return 1;
}
int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
{
- if (!HMAC_CTX_reset(dctx))
+ if (!hmac_ctx_alloc_mds(dctx))
goto err;
if (!EVP_MD_CTX_copy_ex(dctx->i_ctx, sctx->i_ctx))
goto err;
goto err;
if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx))
goto err;
- memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
- dctx->key_length = sctx->key_length;
dctx->md = sctx->md;
return 1;
err:
{
HMAC_CTX *c = NULL;
static unsigned char m[EVP_MAX_MD_SIZE];
+ static const unsigned char dummy_key[1] = {'\0'};
if (md == NULL)
md = m;
if ((c = HMAC_CTX_new()) == NULL)
goto err;
+
+ /* For HMAC_Init_ex, NULL key signals reuse. */
+ if (key == NULL && key_len == 0) {
+ key = dummy_key;
+ }
+
if (!HMAC_Init_ex(c, key, key_len, evp_md, NULL))
goto err;
if (!HMAC_Update(c, d, n))
EVP_MD_CTX_set_flags(ctx->o_ctx, flags);
EVP_MD_CTX_set_flags(ctx->md_ctx, flags);
}
+
+const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx)
+{
+ return ctx->md;
+}