-/* crypto/hmac/hmac.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
-#define OPENSSL_FIPSEVP
+/*
+ * HMAC low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#include <openssl/hmac.h>
+#include <openssl/opensslconf.h>
+#include "hmac_local.h"
int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
- const EVP_MD *md, ENGINE *impl)
- {
- int i,j,reset=0;
- unsigned char pad[HMAC_MAX_MD_CBLOCK];
-
- if (md != NULL)
- {
- reset=1;
- ctx->md=md;
- }
- else
- md=ctx->md;
-
- if (key != NULL)
- {
- reset=1;
- j=M_EVP_MD_block_size(md);
- OPENSSL_assert(j <= (int)sizeof(ctx->key));
- if (j < len)
- {
- if (!EVP_DigestInit_ex(&ctx->md_ctx,md, impl))
- goto err;
- if (!EVP_DigestUpdate(&ctx->md_ctx,key,len))
- goto err;
- if (!EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key,
- &ctx->key_length))
- goto err;
- }
- else
- {
- OPENSSL_assert(len>=0 && len<=(int)sizeof(ctx->key));
- memcpy(ctx->key,key,len);
- ctx->key_length=len;
- }
- if(ctx->key_length != HMAC_MAX_MD_CBLOCK)
- memset(&ctx->key[ctx->key_length], 0,
- HMAC_MAX_MD_CBLOCK - ctx->key_length);
- }
-
- if (reset)
- {
- for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
- pad[i]=0x36^ctx->key[i];
- if (!EVP_DigestInit_ex(&ctx->i_ctx,md, impl))
- goto err;
- if (!EVP_DigestUpdate(&ctx->i_ctx,pad,M_EVP_MD_block_size(md)))
- goto err;
-
- for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
- pad[i]=0x5c^ctx->key[i];
- if (!EVP_DigestInit_ex(&ctx->o_ctx,md, impl))
- goto err;
- if (!EVP_DigestUpdate(&ctx->o_ctx,pad,M_EVP_MD_block_size(md)))
- goto err;
- }
- if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx))
- goto err;
- return 1;
- err:
- return 0;
- }
+ const EVP_MD *md, ENGINE *impl)
+{
+ int rv = 0, reset = 0;
+ int i, j;
+ unsigned char pad[HMAC_MAX_MD_CBLOCK_SIZE];
+ unsigned int keytmp_length;
+ unsigned char keytmp[HMAC_MAX_MD_CBLOCK_SIZE];
+
+ /* If we are changing MD then we must have a key */
+ if (md != NULL && md != ctx->md && (key == NULL || len < 0))
+ return 0;
+
+ if (md != NULL) {
+ ctx->md = md;
+ } else if (ctx->md) {
+ md = ctx->md;
+ } else {
+ return 0;
+ }
+
+ /*
+ * The HMAC construction is not allowed to be used with the
+ * extendable-output functions (XOF) shake128 and shake256.
+ */
+ if ((EVP_MD_flags(md) & EVP_MD_FLAG_XOF) != 0)
+ return 0;
+
+ if (key != NULL) {
+ reset = 1;
+
+ j = EVP_MD_block_size(md);
+ if (!ossl_assert(j <= (int)sizeof(keytmp)))
+ return 0;
+ if (j < 0)
+ return 0;
+ if (j < len) {
+ if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl)
+ || !EVP_DigestUpdate(ctx->md_ctx, key, len)
+ || !EVP_DigestFinal_ex(ctx->md_ctx, keytmp,
+ &keytmp_length))
+ return 0;
+ } else {
+ if (len < 0 || len > (int)sizeof(keytmp))
+ return 0;
+ memcpy(keytmp, key, len);
+ keytmp_length = len;
+ }
+ if (keytmp_length != HMAC_MAX_MD_CBLOCK_SIZE)
+ memset(&keytmp[keytmp_length], 0,
+ HMAC_MAX_MD_CBLOCK_SIZE - keytmp_length);
+ for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++)
+ pad[i] = 0x36 ^ keytmp[i];
+ if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl)
+ || !EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md)))
+ goto err;
+
+ for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++)
+ pad[i] = 0x5c ^ keytmp[i];
+ if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl)
+ || !EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md)))
+ goto err;
+ }
+ if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->i_ctx))
+ goto err;
+ rv = 1;
+ err:
+ if (reset) {
+ OPENSSL_cleanse(keytmp, sizeof(keytmp));
+ OPENSSL_cleanse(pad, sizeof(pad));
+ }
+ return rv;
+}
+
+#ifndef OPENSSL_NO_DEPRECATED_1_1_0
int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
- {
- if(key && md)
- HMAC_CTX_init(ctx);
- return HMAC_Init_ex(ctx,key,len,md, NULL);
- }
+{
+ if (key && md)
+ HMAC_CTX_reset(ctx);
+ return HMAC_Init_ex(ctx, key, len, md, NULL);
+}
+#endif
int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
- {
- return EVP_DigestUpdate(&ctx->md_ctx,data,len);
- }
+{
+ if (!ctx->md)
+ return 0;
+ return EVP_DigestUpdate(ctx->md_ctx, data, len);
+}
int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
- {
- unsigned int i;
- unsigned char buf[EVP_MAX_MD_SIZE];
-
- if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i))
- goto err;
- if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx))
- goto err;
- if (!EVP_DigestUpdate(&ctx->md_ctx,buf,i))
- goto err;
- if (!EVP_DigestFinal_ex(&ctx->md_ctx,md,len))
- goto err;
- return 1;
- err:
- return 0;
- }
-
-void HMAC_CTX_init(HMAC_CTX *ctx)
- {
- EVP_MD_CTX_init(&ctx->i_ctx);
- EVP_MD_CTX_init(&ctx->o_ctx);
- EVP_MD_CTX_init(&ctx->md_ctx);
- }
+{
+ unsigned int i;
+ unsigned char buf[EVP_MAX_MD_SIZE];
+
+ if (!ctx->md)
+ goto err;
+
+ if (!EVP_DigestFinal_ex(ctx->md_ctx, buf, &i))
+ goto err;
+ if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->o_ctx))
+ goto err;
+ if (!EVP_DigestUpdate(ctx->md_ctx, buf, i))
+ goto err;
+ if (!EVP_DigestFinal_ex(ctx->md_ctx, md, len))
+ goto err;
+ return 1;
+ err:
+ return 0;
+}
+
+size_t HMAC_size(const HMAC_CTX *ctx)
+{
+ int size = EVP_MD_size((ctx)->md);
+
+ return (size < 0) ? 0 : size;
+}
+
+HMAC_CTX *HMAC_CTX_new(void)
+{
+ HMAC_CTX *ctx = OPENSSL_zalloc(sizeof(HMAC_CTX));
+
+ if (ctx != NULL) {
+ if (!HMAC_CTX_reset(ctx)) {
+ HMAC_CTX_free(ctx);
+ return NULL;
+ }
+ }
+ return ctx;
+}
+
+static void hmac_ctx_cleanup(HMAC_CTX *ctx)
+{
+ EVP_MD_CTX_reset(ctx->i_ctx);
+ EVP_MD_CTX_reset(ctx->o_ctx);
+ EVP_MD_CTX_reset(ctx->md_ctx);
+ ctx->md = NULL;
+}
+
+void HMAC_CTX_free(HMAC_CTX *ctx)
+{
+ if (ctx != NULL) {
+ hmac_ctx_cleanup(ctx);
+ EVP_MD_CTX_free(ctx->i_ctx);
+ EVP_MD_CTX_free(ctx->o_ctx);
+ EVP_MD_CTX_free(ctx->md_ctx);
+ OPENSSL_free(ctx);
+ }
+}
+
+static int hmac_ctx_alloc_mds(HMAC_CTX *ctx)
+{
+ if (ctx->i_ctx == NULL)
+ ctx->i_ctx = EVP_MD_CTX_new();
+ if (ctx->i_ctx == NULL)
+ return 0;
+ if (ctx->o_ctx == NULL)
+ ctx->o_ctx = EVP_MD_CTX_new();
+ if (ctx->o_ctx == NULL)
+ return 0;
+ if (ctx->md_ctx == NULL)
+ ctx->md_ctx = EVP_MD_CTX_new();
+ if (ctx->md_ctx == NULL)
+ return 0;
+ return 1;
+}
+
+int HMAC_CTX_reset(HMAC_CTX *ctx)
+{
+ hmac_ctx_cleanup(ctx);
+ if (!hmac_ctx_alloc_mds(ctx)) {
+ hmac_ctx_cleanup(ctx);
+ return 0;
+ }
+ return 1;
+}
int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
- {
- HMAC_CTX_init(dctx);
- if (!EVP_MD_CTX_copy_ex(&dctx->i_ctx, &sctx->i_ctx))
- goto err;
- if (!EVP_MD_CTX_copy_ex(&dctx->o_ctx, &sctx->o_ctx))
- goto err;
- if (!EVP_MD_CTX_copy_ex(&dctx->md_ctx, &sctx->md_ctx))
- goto err;
- memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
- dctx->key_length = sctx->key_length;
- dctx->md = sctx->md;
- return 1;
- err:
- return 0;
- }
-
-void HMAC_CTX_cleanup(HMAC_CTX *ctx)
- {
- EVP_MD_CTX_cleanup(&ctx->i_ctx);
- EVP_MD_CTX_cleanup(&ctx->o_ctx);
- EVP_MD_CTX_cleanup(&ctx->md_ctx);
- memset(ctx,0,sizeof *ctx);
- }
+{
+ if (!hmac_ctx_alloc_mds(dctx))
+ goto err;
+ if (!EVP_MD_CTX_copy_ex(dctx->i_ctx, sctx->i_ctx))
+ goto err;
+ if (!EVP_MD_CTX_copy_ex(dctx->o_ctx, sctx->o_ctx))
+ goto err;
+ if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx))
+ goto err;
+ dctx->md = sctx->md;
+ return 1;
+ err:
+ hmac_ctx_cleanup(dctx);
+ return 0;
+}
unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
- const unsigned char *d, size_t n, unsigned char *md,
- unsigned int *md_len)
- {
- HMAC_CTX c;
- static unsigned char m[EVP_MAX_MD_SIZE];
-
- if (md == NULL) md=m;
- HMAC_CTX_init(&c);
- if (!HMAC_Init(&c,key,key_len,evp_md))
- goto err;
- if (!HMAC_Update(&c,d,n))
- goto err;
- if (!HMAC_Final(&c,md,md_len))
- goto err;
- HMAC_CTX_cleanup(&c);
- return md;
- err:
- return NULL;
- }
+ const unsigned char *d, size_t n, unsigned char *md,
+ unsigned int *md_len)
+{
+ HMAC_CTX *c = NULL;
+ static unsigned char m[EVP_MAX_MD_SIZE];
+ static const unsigned char dummy_key[1] = {'\0'};
+
+ if (md == NULL)
+ md = m;
+ if ((c = HMAC_CTX_new()) == NULL)
+ goto err;
+
+ /* For HMAC_Init_ex, NULL key signals reuse. */
+ if (key == NULL && key_len == 0) {
+ key = dummy_key;
+ }
+
+ if (!HMAC_Init_ex(c, key, key_len, evp_md, NULL))
+ goto err;
+ if (!HMAC_Update(c, d, n))
+ goto err;
+ if (!HMAC_Final(c, md, md_len))
+ goto err;
+ HMAC_CTX_free(c);
+ return md;
+ err:
+ HMAC_CTX_free(c);
+ return NULL;
+}
void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
- {
- M_EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
- M_EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
- M_EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
- }
+{
+ EVP_MD_CTX_set_flags(ctx->i_ctx, flags);
+ EVP_MD_CTX_set_flags(ctx->o_ctx, flags);
+ EVP_MD_CTX_set_flags(ctx->md_ctx, flags);
+}
+
+const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx)
+{
+ return ctx->md;
+}