From d9c2fd51e2e278bc3f7793a104ff7b4879f6d63a Mon Sep 17 00:00:00 2001 From: Pauli Date: Tue, 9 Jun 2020 08:53:05 +1000 Subject: [PATCH] The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_* functions are now EVP_MAC functions, usually with ctx in their names. Before 3.0 is released, the names are mutable and this prevents more inconsistencies being introduced. There are no functional or code changes. Just the renaming and a little reformatting. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11997) --- CHANGES.md | 8 +-- apps/fipsinstall.c | 10 ++-- apps/lib/s_cb.c | 4 +- apps/mac.c | 6 +-- crypto/cmac/cm_ameth.c | 4 +- crypto/crmf/crmf_pbm.c | 6 +-- crypto/err/openssl.txt | 2 - crypto/evp/mac_lib.c | 20 +++---- crypto/evp/p_lib.c | 6 +-- crypto/evp/pkey_mac.c | 37 ++++++------- crypto/modes/siv128.c | 28 +++++----- doc/man1/openssl-mac.pod.in | 2 +- doc/man3/EVP_MAC.pod | 46 ++++++++-------- doc/man3/HMAC.pod | 2 +- doc/man3/OSSL_PARAM_allocate_from_text.pod | 2 +- doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod | 14 ++--- doc/man7/EVP_MAC-BLAKE2.pod | 6 +-- doc/man7/EVP_MAC-CMAC.pod | 6 +-- doc/man7/EVP_MAC-GMAC.pod | 6 +-- doc/man7/EVP_MAC-HMAC.pod | 6 +-- doc/man7/EVP_MAC-KMAC.pod | 6 +-- doc/man7/EVP_MAC-Poly1305.pod | 6 +-- doc/man7/EVP_MAC-Siphash.pod | 6 +-- include/openssl/evp.h | 36 +------------ include/openssl/mac.h | 52 +++++++++++++++++++ providers/common/provider_util.c | 8 +-- providers/fips/self_test.c | 6 +-- providers/implementations/kdfs/kbkdf.c | 14 ++--- providers/implementations/kdfs/sskdf.c | 16 +++--- providers/implementations/kdfs/tls1_prf.c | 22 ++++---- ssl/t1_lib.c | 8 +-- ssl/tls13_enc.c | 6 +-- test/bad_dtls_test.c | 6 +-- test/evp_test.c | 6 +-- test/sslapitest.c | 2 +- util/libcrypto.num | 12 ++--- 36 files changed, 226 insertions(+), 207 deletions(-) create mode 100644 include/openssl/mac.h diff --git a/CHANGES.md b/CHANGES.md index 24fb86fddb..982e677fcc 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -361,8 +361,8 @@ OpenSSL 3.0 and HMAC_CTX_get_md. Use of these low level functions has been informally discouraged for a long - time. Instead applications should use L, - L, L, L + time. Instead applications should use L, + L, L, L and L. *Paul Dale* @@ -385,8 +385,8 @@ OpenSSL 3.0 CMAC_CTX_copy, CMAC_Init, CMAC_Update, CMAC_Final and CMAC_resume. Use of these low level functions has been informally discouraged for a long - time. Instead applications should use L, - L, L, L + time. Instead applications should use L, + L, L, L and L. *Paul Dale* diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c index 1eb183f361..e0fe43e8b7 100644 --- a/apps/fipsinstall.c +++ b/apps/fipsinstall.c @@ -366,7 +366,7 @@ opthelp: goto end; } - ctx = EVP_MAC_CTX_new(mac); + ctx = EVP_MAC_new_ctx(mac); if (ctx == NULL) { BIO_printf(bio_err, "Unable to create MAC CTX for module check\n"); goto end; @@ -380,7 +380,7 @@ opthelp: if (params == NULL) goto end; - if (!EVP_MAC_CTX_set_params(ctx, params)) { + if (!EVP_MAC_set_ctx_params(ctx, params)) { BIO_printf(bio_err, "MAC parameter error\n"); ERR_print_errors(bio_err); ok = 0; @@ -390,7 +390,7 @@ opthelp: goto end; } - ctx2 = EVP_MAC_CTX_dup(ctx); + ctx2 = EVP_MAC_dup_ctx(ctx); if (ctx2 == NULL) { BIO_printf(bio_err, "Unable to create MAC CTX for install indicator\n"); goto end; @@ -450,8 +450,8 @@ cleanup: BIO_free(module_bio); sk_OPENSSL_STRING_free(opts); EVP_MAC_free(mac); - EVP_MAC_CTX_free(ctx2); - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx2); + EVP_MAC_free_ctx(ctx); OPENSSL_free(read_buffer); free_config_and_unload(conf); return ret; diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index 34bc4a9995..d021c868c3 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -787,7 +787,7 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie, BIO_printf(bio_err, "HMAC not found\n"); goto end; } - ctx = EVP_MAC_CTX_new(hmac); + ctx = EVP_MAC_new_ctx(hmac); if (ctx == NULL) { BIO_printf(bio_err, "HMAC context allocation failed\n"); goto end; @@ -796,7 +796,7 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie, *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, cookie_secret, COOKIE_SECRET_LENGTH); *p = OSSL_PARAM_construct_end(); - if (!EVP_MAC_CTX_set_params(ctx, params)) { + if (!EVP_MAC_set_ctx_params(ctx, params)) { BIO_printf(bio_err, "HMAC context parameter setting failed\n"); goto end; } diff --git a/apps/mac.c b/apps/mac.c index 30f0daabcc..e84321b83a 100644 --- a/apps/mac.c +++ b/apps/mac.c @@ -114,7 +114,7 @@ opthelp: goto opthelp; } - ctx = EVP_MAC_CTX_new(mac); + ctx = EVP_MAC_new_ctx(mac); if (ctx == NULL) goto err; @@ -126,7 +126,7 @@ opthelp: if (params == NULL) goto err; - if (!EVP_MAC_CTX_set_params(ctx, params)) { + if (!EVP_MAC_set_ctx_params(ctx, params)) { BIO_printf(bio_err, "MAC parameter error\n"); ERR_print_errors(bio_err); ok = 0; @@ -199,7 +199,7 @@ err: sk_OPENSSL_STRING_free(opts); BIO_free(in); BIO_free(out); - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); EVP_MAC_free(mac); return ret; } diff --git a/crypto/cmac/cm_ameth.c b/crypto/cmac/cm_ameth.c index aa06cdc98a..ece3d8f91c 100644 --- a/crypto/cmac/cm_ameth.c +++ b/crypto/cmac/cm_ameth.c @@ -31,9 +31,9 @@ static int cmac_size(const EVP_PKEY *pkey) static void cmac_key_free(EVP_PKEY *pkey) { EVP_MAC_CTX *cmctx = EVP_PKEY_get0(pkey); - EVP_MAC *mac = cmctx == NULL ? NULL : EVP_MAC_CTX_mac(cmctx); + EVP_MAC *mac = cmctx == NULL ? NULL : EVP_MAC_get_ctx_mac(cmctx); - EVP_MAC_CTX_free(cmctx); + EVP_MAC_free_ctx(cmctx); EVP_MAC_free(mac); } diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c index f674eeeff7..a087bc4423 100644 --- a/crypto/crmf/crmf_pbm.c +++ b/crypto/crmf/crmf_pbm.c @@ -202,8 +202,8 @@ int OSSL_CRMF_pbm_new(const OSSL_CRMF_PBMPARAMETER *pbmp, macparams[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, basekey, bklen); if ((mac = EVP_MAC_fetch(NULL, "HMAC", NULL)) == NULL - || (mctx = EVP_MAC_CTX_new(mac)) == NULL - || !EVP_MAC_CTX_set_params(mctx, macparams) + || (mctx = EVP_MAC_new_ctx(mac)) == NULL + || !EVP_MAC_set_ctx_params(mctx, macparams) || !EVP_MAC_init(mctx) || !EVP_MAC_update(mctx, msg, msglen) || !EVP_MAC_final(mctx, mac_res, outlen, EVP_MAX_MD_SIZE)) @@ -214,7 +214,7 @@ int OSSL_CRMF_pbm_new(const OSSL_CRMF_PBMPARAMETER *pbmp, err: /* cleanup */ OPENSSL_cleanse(basekey, bklen); - EVP_MAC_CTX_free(mctx); + EVP_MAC_free_ctx(mctx); EVP_MAC_free(mac); EVP_MD_CTX_free(ctx); diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 9b252e3827..1668c95153 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -845,8 +845,6 @@ EVP_F_EVP_KEYEXCH_FETCH:245:EVP_KEYEXCH_fetch EVP_F_EVP_KEYEXCH_FROM_DISPATCH:244:evp_keyexch_from_dispatch EVP_F_EVP_MAC_CTRL:209:EVP_MAC_ctrl EVP_F_EVP_MAC_CTRL_STR:210:EVP_MAC_ctrl_str -EVP_F_EVP_MAC_CTX_DUP:211:EVP_MAC_CTX_dup -EVP_F_EVP_MAC_CTX_NEW:213:EVP_MAC_CTX_new EVP_F_EVP_MAC_INIT:212:EVP_MAC_init EVP_F_EVP_MD_BLOCK_SIZE:232:EVP_MD_block_size EVP_F_EVP_MD_CTX_COPY_EX:110:EVP_MD_CTX_copy_ex diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c index b7bfe8921f..8fe9708797 100644 --- a/crypto/evp/mac_lib.c +++ b/crypto/evp/mac_lib.c @@ -19,14 +19,14 @@ #include "internal/provider.h" #include "evp_local.h" -EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac) +EVP_MAC_CTX *EVP_MAC_new_ctx(EVP_MAC *mac) { EVP_MAC_CTX *ctx = OPENSSL_zalloc(sizeof(EVP_MAC_CTX)); if (ctx == NULL || (ctx->data = mac->newctx(ossl_provider_ctx(mac->prov))) == NULL || !EVP_MAC_up_ref(mac)) { - EVPerr(EVP_F_EVP_MAC_CTX_NEW, ERR_R_MALLOC_FAILURE); + EVPerr(0, ERR_R_MALLOC_FAILURE); if (ctx != NULL) mac->freectx(ctx->data); OPENSSL_free(ctx); @@ -37,7 +37,7 @@ EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac) return ctx; } -void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx) +void EVP_MAC_free_ctx(EVP_MAC_CTX *ctx) { if (ctx != NULL) { ctx->meth->freectx(ctx->data); @@ -48,7 +48,7 @@ void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx) OPENSSL_free(ctx); } -EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src) +EVP_MAC_CTX *EVP_MAC_dup_ctx(const EVP_MAC_CTX *src) { EVP_MAC_CTX *dst; @@ -57,27 +57,27 @@ EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src) dst = OPENSSL_malloc(sizeof(*dst)); if (dst == NULL) { - EVPerr(EVP_F_EVP_MAC_CTX_DUP, ERR_R_MALLOC_FAILURE); + EVPerr(0, ERR_R_MALLOC_FAILURE); return NULL; } *dst = *src; if (!EVP_MAC_up_ref(dst->meth)) { - EVPerr(EVP_F_EVP_MAC_CTX_DUP, ERR_R_MALLOC_FAILURE); + EVPerr(0, ERR_R_MALLOC_FAILURE); OPENSSL_free(dst); return NULL; } dst->data = src->meth->dupctx(src->data); if (dst->data == NULL) { - EVP_MAC_CTX_free(dst); + EVP_MAC_free_ctx(dst); return NULL; } return dst; } -EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx) +EVP_MAC *EVP_MAC_get_ctx_mac(EVP_MAC_CTX *ctx) { return ctx->meth; } @@ -144,14 +144,14 @@ int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]) return 1; } -int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]) +int EVP_MAC_get_ctx_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]) { if (ctx->meth->get_ctx_params != NULL) return ctx->meth->get_ctx_params(ctx->data, params); return 1; } -int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]) +int EVP_MAC_set_ctx_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]) { if (ctx->meth->set_ctx_params != NULL) return ctx->meth->set_ctx_params(ctx->data, params); diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 1d57a22aee..0b067c8a8c 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -595,7 +595,7 @@ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, prov == NULL ? NULL : ossl_provider_library_context(prov); EVP_PKEY *ret = EVP_PKEY_new(); EVP_MAC *cmac = EVP_MAC_fetch(libctx, OSSL_MAC_NAME_CMAC, NULL); - EVP_MAC_CTX *cmctx = cmac != NULL ? EVP_MAC_CTX_new(cmac) : NULL; + EVP_MAC_CTX *cmctx = cmac != NULL ? EVP_MAC_new_ctx(cmac) : NULL; OSSL_PARAM params[4]; size_t paramsn = 0; @@ -620,7 +620,7 @@ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, (char *)priv, len); params[paramsn] = OSSL_PARAM_construct_end(); - if (!EVP_MAC_CTX_set_params(cmctx, params)) { + if (!EVP_MAC_set_ctx_params(cmctx, params)) { EVPerr(EVP_F_EVP_PKEY_NEW_CMAC_KEY, EVP_R_KEY_SETUP_FAILED); goto err; } @@ -630,7 +630,7 @@ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, err: EVP_PKEY_free(ret); - EVP_MAC_CTX_free(cmctx); + EVP_MAC_free_ctx(cmctx); EVP_MAC_free(cmac); return NULL; # else diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c index 3503aac6d3..1901c452e7 100644 --- a/crypto/evp/pkey_mac.c +++ b/crypto/evp/pkey_mac.c @@ -71,7 +71,7 @@ static int pkey_mac_init(EVP_PKEY_CTX *ctx) } if (mac != NULL) { - hctx->ctx = EVP_MAC_CTX_new(mac); + hctx->ctx = EVP_MAC_new_ctx(mac); if (hctx->ctx == NULL) { OPENSSL_free(hctx); return 0; @@ -116,7 +116,7 @@ static int pkey_mac_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) EVP_PKEY_CTX_set_data(dst, dctx); dst->keygen_info_count = 0; - dctx->ctx = EVP_MAC_CTX_dup(sctx->ctx); + dctx->ctx = EVP_MAC_dup_ctx(sctx->ctx); if (dctx->ctx == NULL) goto err; @@ -128,7 +128,7 @@ static int pkey_mac_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) * fetches the MAC method anew in this case. Therefore, its reference * count must be adjusted here. */ - if (!EVP_MAC_up_ref(EVP_MAC_CTX_mac(dctx->ctx))) + if (!EVP_MAC_up_ref(EVP_MAC_get_ctx_mac(dctx->ctx))) goto err; dctx->type = sctx->type; @@ -163,7 +163,8 @@ static void pkey_mac_cleanup(EVP_PKEY_CTX *ctx) MAC_PKEY_CTX *hctx = ctx == NULL ? NULL : EVP_PKEY_CTX_get_data(ctx); if (hctx != NULL) { - EVP_MAC *mac = hctx->ctx != NULL ? EVP_MAC_CTX_mac(hctx->ctx) : NULL; + EVP_MAC *mac = hctx->ctx != NULL ? EVP_MAC_get_ctx_mac(hctx->ctx) + : NULL; switch (hctx->type) { case MAC_TYPE_RAW: @@ -171,7 +172,7 @@ static void pkey_mac_cleanup(EVP_PKEY_CTX *ctx) hctx->raw_data.ktmp.length); break; } - EVP_MAC_CTX_free(hctx->ctx); + EVP_MAC_free_ctx(hctx->ctx); EVP_MAC_free(mac); OPENSSL_free(hctx); EVP_PKEY_CTX_set_data(ctx, NULL); @@ -206,10 +207,10 @@ static int pkey_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) return 0; } - cmkey = EVP_MAC_CTX_dup(hctx->ctx); + cmkey = EVP_MAC_dup_ctx(hctx->ctx); if (cmkey == NULL) return 0; - if (!EVP_MAC_up_ref(EVP_MAC_CTX_mac(hctx->ctx))) + if (!EVP_MAC_up_ref(EVP_MAC_get_ctx_mac(hctx->ctx))) return 0; EVP_PKEY_assign(pkey, nid, cmkey); } @@ -255,7 +256,7 @@ static int pkey_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) } if (set_key) { - if (!EVP_MAC_is_a(EVP_MAC_CTX_mac(hctx->ctx), + if (!EVP_MAC_is_a(EVP_MAC_get_ctx_mac(hctx->ctx), OBJ_nid2sn(EVP_PKEY_id(EVP_PKEY_CTX_get0_pkey(ctx))))) return 0; key = EVP_PKEY_get0(EVP_PKEY_CTX_get0_pkey(ctx)); @@ -280,7 +281,7 @@ static int pkey_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, key->data, key->length); params[params_n++] = OSSL_PARAM_construct_end(); - rv = EVP_MAC_CTX_set_params(hctx->ctx, params); + rv = EVP_MAC_set_ctx_params(hctx->ctx, params); } return rv; } @@ -330,7 +331,7 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 0; } - if (!EVP_MAC_CTX_set_params(hctx->ctx, params) + if (!EVP_MAC_set_ctx_params(hctx->ctx, params) || !EVP_MAC_init(hctx->ctx)) return 0; } @@ -351,10 +352,10 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) if (ctx->pkey == NULL) return 0; - new_mac_ctx = EVP_MAC_CTX_dup(ctx->pkey->pkey.ptr); + new_mac_ctx = EVP_MAC_dup_ctx(ctx->pkey->pkey.ptr); if (new_mac_ctx == NULL) return 0; - EVP_MAC_CTX_free(hctx->ctx); + EVP_MAC_free_ctx(hctx->ctx); hctx->ctx = new_mac_ctx; } break; @@ -389,13 +390,13 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 0; } - if (!EVP_MAC_CTX_set_params(hctx->ctx, params)) + if (!EVP_MAC_set_ctx_params(hctx->ctx, params)) return 0; params[0] = OSSL_PARAM_construct_size_t(OSSL_MAC_PARAM_SIZE, &verify); - if (!EVP_MAC_CTX_get_params(hctx->ctx, params)) + if (!EVP_MAC_get_ctx_params(hctx->ctx, params)) return 0; /* @@ -433,7 +434,7 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 0; } - return EVP_MAC_CTX_set_params(hctx->ctx, params); + return EVP_MAC_set_ctx_params(hctx->ctx, params); } break; default: @@ -478,7 +479,7 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) key->data, key->length); params[params_n] = OSSL_PARAM_construct_end(); - return EVP_MAC_CTX_set_params(hctx->ctx, params); + return EVP_MAC_set_ctx_params(hctx->ctx, params); } break; case MAC_TYPE_MAC: @@ -513,7 +514,7 @@ static int pkey_mac_ctrl_str(EVP_PKEY_CTX *ctx, EVPerr(0, EVP_R_FETCH_FAILED); return 0; } - mac = EVP_MAC_CTX_mac(hctx->ctx); + mac = EVP_MAC_get_ctx_mac(hctx->ctx); /* * Translation of some control names that are equivalent to a single @@ -535,7 +536,7 @@ static int pkey_mac_ctrl_str(EVP_PKEY_CTX *ctx, return 0; params[1] = OSSL_PARAM_construct_end(); - ok = EVP_MAC_CTX_set_params(hctx->ctx, params); + ok = EVP_MAC_set_ctx_params(hctx->ctx, params); OPENSSL_free(params[0].data); return ok; } diff --git a/crypto/modes/siv128.c b/crypto/modes/siv128.c index f45e7e2f97..72ae624cc3 100644 --- a/crypto/modes/siv128.c +++ b/crypto/modes/siv128.c @@ -99,7 +99,7 @@ __owur static ossl_inline int siv128_do_s2v_p(SIV128_CONTEXT *ctx, SIV_BLOCK *ou EVP_MAC_CTX *mac_ctx; int ret = 0; - mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init); + mac_ctx = EVP_MAC_dup_ctx(ctx->mac_ctx_init); if (mac_ctx == NULL) return 0; @@ -126,7 +126,7 @@ __owur static ossl_inline int siv128_do_s2v_p(SIV128_CONTEXT *ctx, SIV_BLOCK *ou ret = 1; err: - EVP_MAC_CTX_free(mac_ctx); + EVP_MAC_free_ctx(mac_ctx); return ret; } @@ -187,20 +187,20 @@ int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen, /* TODO(3.0) library context */ || (ctx->mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL)) == NULL - || (ctx->mac_ctx_init = EVP_MAC_CTX_new(ctx->mac)) == NULL - || !EVP_MAC_CTX_set_params(ctx->mac_ctx_init, params) + || (ctx->mac_ctx_init = EVP_MAC_new_ctx(ctx->mac)) == NULL + || !EVP_MAC_set_ctx_params(ctx->mac_ctx_init, params) || !EVP_EncryptInit_ex(ctx->cipher_ctx, ctr, NULL, key + klen, NULL) - || (mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init)) == NULL + || (mac_ctx = EVP_MAC_dup_ctx(ctx->mac_ctx_init)) == NULL || !EVP_MAC_update(mac_ctx, zero, sizeof(zero)) || !EVP_MAC_final(mac_ctx, ctx->d.byte, &out_len, sizeof(ctx->d.byte))) { EVP_CIPHER_CTX_free(ctx->cipher_ctx); - EVP_MAC_CTX_free(ctx->mac_ctx_init); - EVP_MAC_CTX_free(mac_ctx); + EVP_MAC_free_ctx(ctx->mac_ctx_init); + EVP_MAC_free_ctx(mac_ctx); EVP_MAC_free(ctx->mac); return 0; } - EVP_MAC_CTX_free(mac_ctx); + EVP_MAC_free_ctx(mac_ctx); ctx->final_ret = -1; ctx->crypto_ok = 1; @@ -216,8 +216,8 @@ int CRYPTO_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src) memcpy(&dest->d, &src->d, sizeof(src->d)); if (!EVP_CIPHER_CTX_copy(dest->cipher_ctx, src->cipher_ctx)) return 0; - EVP_MAC_CTX_free(dest->mac_ctx_init); - dest->mac_ctx_init = EVP_MAC_CTX_dup(src->mac_ctx_init); + EVP_MAC_free_ctx(dest->mac_ctx_init); + dest->mac_ctx_init = EVP_MAC_dup_ctx(src->mac_ctx_init); if (dest->mac_ctx_init == NULL) return 0; return 1; @@ -237,15 +237,15 @@ int CRYPTO_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad, siv128_dbl(&ctx->d); - if ((mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init)) == NULL + if ((mac_ctx = EVP_MAC_dup_ctx(ctx->mac_ctx_init)) == NULL || !EVP_MAC_update(mac_ctx, aad, len) || !EVP_MAC_final(mac_ctx, mac_out.byte, &out_len, sizeof(mac_out.byte)) || out_len != SIV_LEN) { - EVP_MAC_CTX_free(mac_ctx); + EVP_MAC_free_ctx(mac_ctx); return 0; } - EVP_MAC_CTX_free(mac_ctx); + EVP_MAC_free_ctx(mac_ctx); siv128_xorblock(&ctx->d, &mac_out); @@ -357,7 +357,7 @@ int CRYPTO_siv128_cleanup(SIV128_CONTEXT *ctx) if (ctx != NULL) { EVP_CIPHER_CTX_free(ctx->cipher_ctx); ctx->cipher_ctx = NULL; - EVP_MAC_CTX_free(ctx->mac_ctx_init); + EVP_MAC_free_ctx(ctx->mac_ctx_init); ctx->mac_ctx_init = NULL; EVP_MAC_free(ctx->mac); ctx->mac = NULL; diff --git a/doc/man1/openssl-mac.pod.in b/doc/man1/openssl-mac.pod.in index 4c9cc3bc31..ff1b83fbd3 100644 --- a/doc/man1/openssl-mac.pod.in +++ b/doc/man1/openssl-mac.pod.in @@ -49,7 +49,7 @@ Output the MAC in binary form. Uses hexadecimal text format if not specified. Passes options to the MAC algorithm. A comprehensive list of controls can be found in the EVP_MAC implementation documentation. -Common parameter names used by EVP_MAC_CTX_get_params() are: +Common parameter names used by EVP_MAC_get_ctx_params() are: =over 4 diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod index c98c8d873a..1464515459 100644 --- a/doc/man3/EVP_MAC.pod +++ b/doc/man3/EVP_MAC.pod @@ -5,8 +5,8 @@ EVP_MAC, EVP_MAC_fetch, EVP_MAC_up_ref, EVP_MAC_free, EVP_MAC_is_a, EVP_MAC_number, EVP_MAC_names_do_all, EVP_MAC_provider, EVP_MAC_get_params, EVP_MAC_gettable_params, -EVP_MAC_CTX, EVP_MAC_CTX_new, EVP_MAC_CTX_free, EVP_MAC_CTX_dup, -EVP_MAC_CTX_mac, EVP_MAC_CTX_get_params, EVP_MAC_CTX_set_params, +EVP_MAC_CTX, EVP_MAC_new_ctx, EVP_MAC_free_ctx, EVP_MAC_dup_ctx, +EVP_MAC_get_ctx_mac, EVP_MAC_get_ctx_params, EVP_MAC_set_ctx_params, EVP_MAC_size, EVP_MAC_init, EVP_MAC_update, EVP_MAC_final, EVP_MAC_gettable_ctx_params, EVP_MAC_settable_ctx_params, EVP_MAC_do_all_provided - EVP MAC routines @@ -30,12 +30,12 @@ EVP_MAC_do_all_provided - EVP MAC routines const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac); int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]); - EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac); - void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx); - EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src); - EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx); - int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]); - int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]); + EVP_MAC_CTX *EVP_MAC_new_ctx(EVP_MAC *mac); + void EVP_MAC_free_ctx(EVP_MAC_CTX *ctx); + EVP_MAC_CTX *EVP_MAC_dup_ctx(const EVP_MAC_CTX *src); + EVP_MAC *EVP_MAC_get_ctx_mac(EVP_MAC_CTX *ctx); + int EVP_MAC_get_ctx_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]); + int EVP_MAC_set_ctx_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]); size_t EVP_MAC_size(EVP_MAC_CTX *ctx); int EVP_MAC_init(EVP_MAC_CTX *ctx); @@ -96,18 +96,18 @@ NULL is a valid parameter, for which this function is a no-op. =head2 Context manipulation functions -EVP_MAC_CTX_new() creates a new context for the MAC type I. +EVP_MAC_new_ctx() creates a new context for the MAC type I. The created context can then be used with most other functions described here. -EVP_MAC_CTX_free() frees the contents of the context, including an +EVP_MAC_free_ctx() frees the contents of the context, including an underlying context if there is one, as well as the context itself. NULL is a valid parameter, for which this function is a no-op. -EVP_MAC_CTX_dup() duplicates the I context and returns a newly allocated +EVP_MAC_dup_ctx() duplicates the I context and returns a newly allocated context. -EVP_MAC_CTX_mac() returns the B associated with the context +EVP_MAC_get_ctx_mac() returns the B associated with the context I. =head2 Computing functions @@ -136,14 +136,14 @@ parameters should be retrieved. Note that a parameter that is unknown in the underlying context is simply ignored. -EVP_MAC_CTX_get_params() retrieves chosen parameters, given the +EVP_MAC_get_ctx_params() retrieves chosen parameters, given the context I and its underlying context. The set of parameters given with I determine exactly what parameters should be retrieved. Note that a parameter that is unknown in the underlying context is simply ignored. -EVP_MAC_CTX_set_params() passes chosen parameters to the underlying +EVP_MAC_set_ctx_params() passes chosen parameters to the underlying context, given a context I. The set of parameters given with I determine exactly what parameters are passed down. @@ -155,8 +155,8 @@ defined by the implementation. EVP_MAC_gettable_params(), EVP_MAC_gettable_ctx_params() and EVP_MAC_settable_ctx_params() get a constant B array that describes the retrievable and settable parameters, i.e. parameters that -can be used with EVP_MAC_get_params(), EVP_MAC_CTX_get_params() -and EVP_MAC_CTX_set_params(), respectively. +can be used with EVP_MAC_get_params(), EVP_MAC_get_ctx_params() +and EVP_MAC_set_ctx_params(), respectively. See L for the use of B as parameter descriptor. =head2 Information functions @@ -270,12 +270,12 @@ the given name, otherwise 0. EVP_MAC_provider() returns a pointer to the provider for the MAC, or NULL on error. -EVP_MAC_CTX_new() and EVP_MAC_CTX_dup() return a pointer to a newly +EVP_MAC_new_ctx() and EVP_MAC_dup_ctx() return a pointer to a newly created EVP_MAC_CTX, or NULL if allocation failed. -EVP_MAC_CTX_free() returns nothing at all. +EVP_MAC_free_ctx() returns nothing at all. -EVP_MAC_CTX_get_params() and EVP_MAC_CTX_set_params() return 1 on +EVP_MAC_get_ctx_params() and EVP_MAC_set_ctx_params() return 1 on success, 0 on error. EVP_MAC_init(), EVP_MAC_update(), and EVP_MAC_final() return 1 on success, 0 @@ -327,8 +327,8 @@ EVP_MAC_do_all_provided() returns nothing at all. if (mac == NULL || key == NULL - || (ctx = EVP_MAC_CTX_new(mac)) == NULL - || EVP_MAC_CTX_set_params(ctx, params) <= 0) + || (ctx = EVP_MAC_new_ctx(mac)) == NULL + || EVP_MAC_set_ctx_params(ctx, params) <= 0) goto err; if (!EVP_MAC_init(ctx)) @@ -347,12 +347,12 @@ EVP_MAC_do_all_provided() returns nothing at all. printf("%02X", buf[i]); printf("\n"); - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); EVP_MAC_free(mac); exit(0); err: - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); EVP_MAC_free(mac); fprintf(stderr, "Something went wrong\n"); ERR_print_errors_fp(stderr); diff --git a/doc/man3/HMAC.pod b/doc/man3/HMAC.pod index 2675969a12..b798e6ca7c 100644 --- a/doc/man3/HMAC.pod +++ b/doc/man3/HMAC.pod @@ -54,7 +54,7 @@ L: =head1 DESCRIPTION All of the functions described on this page are deprecated. Applications should -instead use L, L, L, +instead use L, L, L, L and L. HMAC is a MAC (message authentication code), i.e. a keyed hash diff --git a/doc/man3/OSSL_PARAM_allocate_from_text.pod b/doc/man3/OSSL_PARAM_allocate_from_text.pod index 011685c8c8..539b2179c4 100644 --- a/doc/man3/OSSL_PARAM_allocate_from_text.pod +++ b/doc/man3/OSSL_PARAM_allocate_from_text.pod @@ -175,7 +175,7 @@ Can be written like this instead: goto err; } params[params_n] = OSSL_PARAM_construct_end(); - if (!EVP_MAC_CTX_set_params(ctx, params)) + if (!EVP_MAC_set_ctx_params(ctx, params)) goto err; while (params_n-- > 0) OPENSSL_free(params[params_n].data); diff --git a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod index 99aaf7a595..ae2ee2b4e2 100644 --- a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod +++ b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod @@ -49,7 +49,7 @@ ticket information or it starts a full TLS handshake to create a new session ticket. Before the callback function is started I and I have been -initialised with L and L +initialised with L and L respectively. For new sessions tickets, when the client doesn't present a session ticket, or @@ -66,7 +66,7 @@ maximum IV length is B bytes defined in B. The initialization vector I should be a random value. The cipher context I should use the initialisation vector I. The cipher context can be set using L. The hmac context and digest can be set using -L with the B and +L with the B and B parameters respectively. When the client presents a session ticket, the callback function with be called @@ -76,7 +76,7 @@ the session ticket. The OpenSSL library expects that the I will be used to retrieve a cryptographic parameters and that the cryptographic context I will be set with the retrieved parameters and the initialization vector I. using a function like L. The key material and -digest for I need to be set using L with the +digest for I need to be set using L with the B and B parameters respectively. If the I is still valid but a renewal of the ticket is required the @@ -120,8 +120,8 @@ The SSL_CTX_set_tlsext_ticket_key_cb() function is identical to SSL_CTX_set_tlsext_ticket_key_evp_cb() except that it takes a deprecated HMAC_CTX pointer instead of an EVP_MAC_CTX one. Before this callback function is started I will have been -initialised with L and the digest set with -L. +initialised with L and the digest set with +L. The I key material can be set using L. =head1 NOTES @@ -185,7 +185,7 @@ Reference Implementation: params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "sha256", 0); params[2] = OSSL_PARAM_construct_end(); - EVP_MAC_CTX_set_params(hctx, params); + EVP_MAC_set_ctx_params(hctx, params); return 1; @@ -200,7 +200,7 @@ Reference Implementation: params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "sha256", 0); params[2] = OSSL_PARAM_construct_end(); - EVP_MAC_CTX_set_params(hctx, params); + EVP_MAC_set_ctx_params(hctx, params); EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv); diff --git a/doc/man7/EVP_MAC-BLAKE2.pod b/doc/man7/EVP_MAC-BLAKE2.pod index 90b065340d..d5673fa8e2 100644 --- a/doc/man7/EVP_MAC-BLAKE2.pod +++ b/doc/man7/EVP_MAC-BLAKE2.pod @@ -27,9 +27,9 @@ properties, to be used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -All these parameters can be set with EVP_MAC_CTX_set_params(). +All these parameters can be set with EVP_MAC_set_ctx_params(). Furthermore, the "size" parameter can be retrieved with -EVP_MAC_CTX_get_params(), or with EVP_MAC_size(). +EVP_MAC_get_ctx_params(), or with EVP_MAC_size(). The length of the "size" parameter should not exceed that of a B. =over 4 @@ -61,7 +61,7 @@ It is 32 and 64 respectively by default. =head1 SEE ALSO -L, L, +L, L, L, L =head1 HISTORY diff --git a/doc/man7/EVP_MAC-CMAC.pod b/doc/man7/EVP_MAC-CMAC.pod index c210d693ce..699a50824b 100644 --- a/doc/man7/EVP_MAC-CMAC.pod +++ b/doc/man7/EVP_MAC-CMAC.pod @@ -24,7 +24,7 @@ used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -The following parameter can be set with EVP_MAC_CTX_set_params(): +The following parameter can be set with EVP_MAC_set_ctx_params(): =over 4 @@ -37,7 +37,7 @@ The following parameter can be set with EVP_MAC_CTX_set_params(): =back The following parameters can be retrieved with -EVP_MAC_CTX_get_params(): +EVP_MAC_get_ctx_params(): =over 4 @@ -50,7 +50,7 @@ The length of the "size" parameter is equal to that of an B. =head1 SEE ALSO -L, L, +L, L, L, L =head1 COPYRIGHT diff --git a/doc/man7/EVP_MAC-GMAC.pod b/doc/man7/EVP_MAC-GMAC.pod index 7c9477c215..8e4d28e7b1 100644 --- a/doc/man7/EVP_MAC-GMAC.pod +++ b/doc/man7/EVP_MAC-GMAC.pod @@ -24,7 +24,7 @@ used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -The following parameter can be set with EVP_MAC_CTX_set_params(): +The following parameter can be set with EVP_MAC_set_ctx_params(): =over 4 @@ -39,7 +39,7 @@ The following parameter can be set with EVP_MAC_CTX_set_params(): =back The following parameters can be retrieved with -EVP_MAC_CTX_get_params(): +EVP_MAC_get_ctx_params(): =over 4 @@ -52,7 +52,7 @@ The length of the "size" parameter is equal to that of an B. =head1 SEE ALSO -L, L, +L, L, L, L =head1 COPYRIGHT diff --git a/doc/man7/EVP_MAC-HMAC.pod b/doc/man7/EVP_MAC-HMAC.pod index 7f0ec35b43..31ff102ae6 100644 --- a/doc/man7/EVP_MAC-HMAC.pod +++ b/doc/man7/EVP_MAC-HMAC.pod @@ -24,7 +24,7 @@ used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -The following parameter can be set with EVP_MAC_CTX_set_params(): +The following parameter can be set with EVP_MAC_set_ctx_params(): =over 4 @@ -41,7 +41,7 @@ The following parameter can be set with EVP_MAC_CTX_set_params(): The "flags" parameter is passed directly to HMAC_CTX_set_flags(). The following parameter can be retrieved with -EVP_MAC_CTX_get_params(): +EVP_MAC_get_ctx_params(): =over 4 @@ -54,7 +54,7 @@ The length of the "size" parameter is equal to that of an B. =head1 SEE ALSO -L, L, +L, L, L, L, L =head1 COPYRIGHT diff --git a/doc/man7/EVP_MAC-KMAC.pod b/doc/man7/EVP_MAC-KMAC.pod index df7ac1ddf6..88044540c5 100644 --- a/doc/man7/EVP_MAC-KMAC.pod +++ b/doc/man7/EVP_MAC-KMAC.pod @@ -27,9 +27,9 @@ properties, to be used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -All these parameters can be set with EVP_MAC_CTX_set_params(). +All these parameters can be set with EVP_MAC_set_ctx_params(). Furthermore, the "size" parameter can be retrieved with -EVP_MAC_CTX_get_params(), or with EVP_MAC_size(). +EVP_MAC_get_ctx_params(), or with EVP_MAC_size(). The length of the "size" parameter should not exceed that of a B. =over 4 @@ -50,7 +50,7 @@ the input stream is set to zero. =head1 SEE ALSO -L, L, +L, L, L, L =head1 COPYRIGHT diff --git a/doc/man7/EVP_MAC-Poly1305.pod b/doc/man7/EVP_MAC-Poly1305.pod index da9953a1d5..8e288172a1 100644 --- a/doc/man7/EVP_MAC-Poly1305.pod +++ b/doc/man7/EVP_MAC-Poly1305.pod @@ -24,7 +24,7 @@ used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -The following parameter can be set with EVP_MAC_CTX_set_params(): +The following parameter can be set with EVP_MAC_set_ctx_params(): =over 4 @@ -33,7 +33,7 @@ The following parameter can be set with EVP_MAC_CTX_set_params(): =back The following parameters can be retrieved with -EVP_MAC_CTX_get_params(): +EVP_MAC_get_ctx_params(): =over 4 @@ -46,7 +46,7 @@ The length of the "size" parameter should not exceed that of an B. =head1 SEE ALSO -L, L, +L, L, L, L =head1 COPYRIGHT diff --git a/doc/man7/EVP_MAC-Siphash.pod b/doc/man7/EVP_MAC-Siphash.pod index d8013b3369..a65e5919aa 100644 --- a/doc/man7/EVP_MAC-Siphash.pod +++ b/doc/man7/EVP_MAC-Siphash.pod @@ -25,9 +25,9 @@ used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -All these parameters can be set with EVP_MAC_CTX_set_params(). +All these parameters can be set with EVP_MAC_set_ctx_params(). Furthermore, the "size" parameter can be retrieved with -EVP_MAC_CTX_get_params(), or with EVP_MAC_size(). +EVP_MAC_get_ctx_params(), or with EVP_MAC_size(). The length of the "size" parameter should not exceed that of a B. =over 4 @@ -40,7 +40,7 @@ The length of the "size" parameter should not exceed that of a B. =head1 SEE ALSO -L, L, +L, L, L, L =head1 COPYRIGHT diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 81ec80ab2d..9ce2f5e2ac 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -26,6 +26,8 @@ # include # include +# include + # define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */ # define EVP_MAX_KEY_LENGTH 64 # define EVP_MAX_IV_LENGTH 16 @@ -1069,40 +1071,6 @@ void EVP_MD_do_all_provided(OPENSSL_CTX *libctx, void (*fn)(EVP_MD *md, void *arg), void *arg); -/* MAC stuff */ - -EVP_MAC *EVP_MAC_fetch(OPENSSL_CTX *libctx, const char *algorithm, - const char *properties); -int EVP_MAC_up_ref(EVP_MAC *mac); -void EVP_MAC_free(EVP_MAC *mac); -int EVP_MAC_number(const EVP_MAC *mac); -int EVP_MAC_is_a(const EVP_MAC *mac, const char *name); -const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac); -int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]); - -EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac); -void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx); -EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src); -EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx); -int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]); -int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]); - -size_t EVP_MAC_size(EVP_MAC_CTX *ctx); -int EVP_MAC_init(EVP_MAC_CTX *ctx); -int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen); -int EVP_MAC_final(EVP_MAC_CTX *ctx, - unsigned char *out, size_t *outl, size_t outsize); -const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac); -const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac); -const OSSL_PARAM *EVP_MAC_settable_ctx_params(const EVP_MAC *mac); - -void EVP_MAC_do_all_provided(OPENSSL_CTX *libctx, - void (*fn)(EVP_MAC *mac, void *arg), - void *arg); -void EVP_MAC_names_do_all(const EVP_MAC *mac, - void (*fn)(const char *name, void *data), - void *data); - /* PKEY stuff */ DEPRECATEDIN_3_0(int EVP_PKEY_decrypt_old(unsigned char *dec_key, const unsigned char *enc_key, diff --git a/include/openssl/mac.h b/include/openssl/mac.h new file mode 100644 index 0000000000..4fb808525f --- /dev/null +++ b/include/openssl/mac.h @@ -0,0 +1,52 @@ +/* + * Copyright 2019=-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* MAC stuff */ + +#ifndef OPENSSL_EVP_MAC_H +# define OPENSSL_EVP_MAC_H +# pragma once + +# include +# include +# include + +EVP_MAC *EVP_MAC_fetch(OPENSSL_CTX *libctx, const char *algorithm, + const char *properties); +int EVP_MAC_up_ref(EVP_MAC *mac); +void EVP_MAC_free(EVP_MAC *mac); +int EVP_MAC_number(const EVP_MAC *mac); +int EVP_MAC_is_a(const EVP_MAC *mac, const char *name); +const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac); +int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]); + +EVP_MAC_CTX *EVP_MAC_new_ctx(EVP_MAC *mac); +void EVP_MAC_free_ctx(EVP_MAC_CTX *ctx); +EVP_MAC_CTX *EVP_MAC_dup_ctx(const EVP_MAC_CTX *src); +EVP_MAC *EVP_MAC_get_ctx_mac(EVP_MAC_CTX *ctx); +int EVP_MAC_get_ctx_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]); +int EVP_MAC_set_ctx_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]); + +size_t EVP_MAC_size(EVP_MAC_CTX *ctx); +int EVP_MAC_init(EVP_MAC_CTX *ctx); +int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen); +int EVP_MAC_final(EVP_MAC_CTX *ctx, + unsigned char *out, size_t *outl, size_t outsize); +const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac); +const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac); +const OSSL_PARAM *EVP_MAC_settable_ctx_params(const EVP_MAC *mac); + +void EVP_MAC_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(EVP_MAC *mac, void *arg), + void *arg); +void EVP_MAC_names_do_all(const EVP_MAC *mac, + void (*fn)(const char *name, void *data), + void *data); + +#endif /* OPENSSL_EVP_MAC_H */ diff --git a/providers/common/provider_util.c b/providers/common/provider_util.c index 270609e9d6..b5511dbdfa 100644 --- a/providers/common/provider_util.c +++ b/providers/common/provider_util.c @@ -189,8 +189,8 @@ int ossl_prov_macctx_load_from_params(EVP_MAC_CTX **macctx, if (macname != NULL) { EVP_MAC *mac = EVP_MAC_fetch(libctx, macname, properties); - EVP_MAC_CTX_free(*macctx); - *macctx = mac == NULL ? NULL : EVP_MAC_CTX_new(mac); + EVP_MAC_free_ctx(*macctx); + *macctx = mac == NULL ? NULL : EVP_MAC_new_ctx(mac); /* The context holds on to the MAC */ EVP_MAC_free(mac); if (*macctx == NULL) @@ -241,10 +241,10 @@ int ossl_prov_macctx_load_from_params(EVP_MAC_CTX **macctx, #endif *mp = OSSL_PARAM_construct_end(); - if (EVP_MAC_CTX_set_params(*macctx, mac_params)) + if (EVP_MAC_set_ctx_params(*macctx, mac_params)) return 1; - EVP_MAC_CTX_free(*macctx); + EVP_MAC_free_ctx(*macctx); *macctx = NULL; return 0; } diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c index b767e8f300..4619fedef5 100644 --- a/providers/fips/self_test.c +++ b/providers/fips/self_test.c @@ -146,7 +146,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_BIO_read_ex_fn read_ex_cb, OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC); mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL); - ctx = EVP_MAC_CTX_new(mac); + ctx = EVP_MAC_new_ctx(mac); if (mac == NULL || ctx == NULL) goto err; @@ -156,7 +156,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_BIO_read_ex_fn read_ex_cb, sizeof(fixed_key)); *p = OSSL_PARAM_construct_end(); - if (EVP_MAC_CTX_set_params(ctx, params) <= 0 + if (EVP_MAC_set_ctx_params(ctx, params) <= 0 || !EVP_MAC_init(ctx)) goto err; @@ -177,7 +177,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_BIO_read_ex_fn read_ex_cb, ret = 1; err: OSSL_SELF_TEST_onend(ev, ret); - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); EVP_MAC_free(mac); return ret; } diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c index acc7d7f47b..12bf711eed 100644 --- a/providers/implementations/kdfs/kbkdf.c +++ b/providers/implementations/kdfs/kbkdf.c @@ -123,7 +123,7 @@ static void kbkdf_reset(void *vctx) { KBKDF *ctx = (KBKDF *)vctx; - EVP_MAC_CTX_free(ctx->ctx_init); + EVP_MAC_free_ctx(ctx->ctx_init); OPENSSL_clear_free(ctx->context, ctx->context_len); OPENSSL_clear_free(ctx->label, ctx->label_len); OPENSSL_clear_free(ctx->ki, ctx->ki_len); @@ -151,7 +151,7 @@ static int derive(EVP_MAC_CTX *ctx_init, kbkdf_mode mode, unsigned char *iv, for (counter = 1; written < ko_len; counter++) { i = be32(counter); - ctx = EVP_MAC_CTX_dup(ctx_init); + ctx = EVP_MAC_dup_ctx(ctx_init); if (ctx == NULL) goto done; @@ -172,13 +172,13 @@ static int derive(EVP_MAC_CTX *ctx_init, kbkdf_mode mode, unsigned char *iv, written += h; k_i_len = h; - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); ctx = NULL; } ret = 1; done: - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); return ret; } @@ -247,9 +247,9 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) NULL, NULL, libctx)) return 0; else if (ctx->ctx_init != NULL - && !EVP_MAC_is_a(EVP_MAC_CTX_mac(ctx->ctx_init), + && !EVP_MAC_is_a(EVP_MAC_get_ctx_mac(ctx->ctx_init), OSSL_MAC_NAME_HMAC) - && !EVP_MAC_is_a(EVP_MAC_CTX_mac(ctx->ctx_init), + && !EVP_MAC_is_a(EVP_MAC_get_ctx_mac(ctx->ctx_init), OSSL_MAC_NAME_CMAC)) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MAC); return 0; @@ -288,7 +288,7 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) ctx->ki, ctx->ki_len); mparams[1] = OSSL_PARAM_construct_end(); - if (!EVP_MAC_CTX_set_params(ctx->ctx_init, mparams) + if (!EVP_MAC_set_ctx_params(ctx->ctx_init, mparams) || !EVP_MAC_init(ctx->ctx_init)) return 0; } diff --git a/providers/implementations/kdfs/sskdf.c b/providers/implementations/kdfs/sskdf.c index 2c4600d205..023395b14d 100644 --- a/providers/implementations/kdfs/sskdf.c +++ b/providers/implementations/kdfs/sskdf.c @@ -168,7 +168,7 @@ static int kmac_init(EVP_MAC_CTX *ctx, const unsigned char *custom, (void *)custom, custom_len); params[1] = OSSL_PARAM_construct_end(); - if (!EVP_MAC_CTX_set_params(ctx, params)) + if (!EVP_MAC_set_ctx_params(ctx, params)) return 0; /* By default only do one iteration if kmac_out_len is not specified */ @@ -186,7 +186,7 @@ static int kmac_init(EVP_MAC_CTX *ctx, const unsigned char *custom, params[0] = OSSL_PARAM_construct_size_t(OSSL_MAC_PARAM_SIZE, &kmac_out_len); - if (EVP_MAC_CTX_set_params(ctx, params) <= 0) + if (EVP_MAC_set_ctx_params(ctx, params) <= 0) return 0; /* @@ -233,7 +233,7 @@ static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init, (void *)salt, salt_len); *p = OSSL_PARAM_construct_end(); - if (!EVP_MAC_CTX_set_params(ctx_init, params)) + if (!EVP_MAC_set_ctx_params(ctx_init, params)) goto end; if (!kmac_init(ctx_init, kmac_custom, kmac_custom_len, kmac_out_len, @@ -256,7 +256,7 @@ static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init, c[2] = (unsigned char)((counter >> 8) & 0xff); c[3] = (unsigned char)(counter & 0xff); - ctx = EVP_MAC_CTX_dup(ctx_init); + ctx = EVP_MAC_dup_ctx(ctx_init); if (!(ctx != NULL && EVP_MAC_update(ctx, c, sizeof(c)) && EVP_MAC_update(ctx, z, z_len) @@ -275,7 +275,7 @@ static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init, memcpy(out, mac, len); break; } - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); ctx = NULL; } ret = 1; @@ -285,7 +285,7 @@ end: else OPENSSL_cleanse(mac_buf, sizeof(mac_buf)); - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); return ret; } @@ -303,7 +303,7 @@ static void sskdf_reset(void *vctx) { KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; - EVP_MAC_CTX_free(ctx->macctx); + EVP_MAC_free_ctx(ctx->macctx); ossl_prov_digest_reset(&ctx->digest); OPENSSL_clear_free(ctx->secret, ctx->secret_len); OPENSSL_clear_free(ctx->info, ctx->info_len); @@ -360,7 +360,7 @@ static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen) const unsigned char *custom = NULL; size_t custom_len = 0; int default_salt_len; - EVP_MAC *mac = EVP_MAC_CTX_mac(ctx->macctx); + EVP_MAC *mac = EVP_MAC_get_ctx_mac(ctx->macctx); /* * TODO(3.0) investigate the necessity to have all these controls. diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c index 84d712afc5..1b47247cbb 100644 --- a/providers/implementations/kdfs/tls1_prf.c +++ b/providers/implementations/kdfs/tls1_prf.c @@ -116,8 +116,8 @@ static void kdf_tls1_prf_reset(void *vctx) { TLS1_PRF *ctx = (TLS1_PRF *)vctx; - EVP_MAC_CTX_free(ctx->P_hash); - EVP_MAC_CTX_free(ctx->P_sha1); + EVP_MAC_free_ctx(ctx->P_hash); + EVP_MAC_free_ctx(ctx->P_sha1); OPENSSL_clear_free(ctx->sec, ctx->seclen); OPENSSL_cleanse(ctx->seed, ctx->seedlen); memset(ctx, 0, sizeof(*ctx)); @@ -163,7 +163,7 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) NULL, SN_sha1, libctx)) return 0; } else { - EVP_MAC_CTX_free(ctx->P_sha1); + EVP_MAC_free_ctx(ctx->P_sha1); if (!ossl_prov_macctx_load_from_params(&ctx->P_hash, params, OSSL_MAC_NAME_HMAC, NULL, NULL, libctx)) @@ -280,7 +280,7 @@ static int tls1_prf_P_hash(EVP_MAC_CTX *ctx_init, *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, (void *)sec, sec_len); *p = OSSL_PARAM_construct_end(); - if (!EVP_MAC_CTX_set_params(ctx_init, params)) + if (!EVP_MAC_set_ctx_params(ctx_init, params)) goto err; if (!EVP_MAC_init(ctx_init)) goto err; @@ -288,7 +288,7 @@ static int tls1_prf_P_hash(EVP_MAC_CTX *ctx_init, if (chunk == 0) goto err; /* A(0) = seed */ - ctx_Ai = EVP_MAC_CTX_dup(ctx_init); + ctx_Ai = EVP_MAC_dup_ctx(ctx_init); if (ctx_Ai == NULL) goto err; if (seed != NULL && !EVP_MAC_update(ctx_Ai, seed, seed_len)) @@ -298,18 +298,18 @@ static int tls1_prf_P_hash(EVP_MAC_CTX *ctx_init, /* calc: A(i) = HMAC_(secret, A(i-1)) */ if (!EVP_MAC_final(ctx_Ai, Ai, &Ai_len, sizeof(Ai))) goto err; - EVP_MAC_CTX_free(ctx_Ai); + EVP_MAC_free_ctx(ctx_Ai); ctx_Ai = NULL; /* calc next chunk: HMAC_(secret, A(i) + seed) */ - ctx = EVP_MAC_CTX_dup(ctx_init); + ctx = EVP_MAC_dup_ctx(ctx_init); if (ctx == NULL) goto err; if (!EVP_MAC_update(ctx, Ai, Ai_len)) goto err; /* save state for calculating next A(i) value */ if (olen > chunk) { - ctx_Ai = EVP_MAC_CTX_dup(ctx); + ctx_Ai = EVP_MAC_dup_ctx(ctx); if (ctx_Ai == NULL) goto err; } @@ -324,15 +324,15 @@ static int tls1_prf_P_hash(EVP_MAC_CTX *ctx_init, } if (!EVP_MAC_final(ctx, out, NULL, olen)) goto err; - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); ctx = NULL; out += chunk; olen -= chunk; } ret = 1; err: - EVP_MAC_CTX_free(ctx); - EVP_MAC_CTX_free(ctx_Ai); + EVP_MAC_free_ctx(ctx); + EVP_MAC_free_ctx(ctx_Ai); OPENSSL_cleanse(Ai, sizeof(Ai)); return ret; } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 89450943d1..b80ac35d3a 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3149,12 +3149,12 @@ SSL_HMAC *ssl_hmac_new(const SSL_CTX *ctx) } #endif mac = EVP_MAC_fetch(ctx->libctx, "HMAC", NULL); - if (mac == NULL || (ret->ctx = EVP_MAC_CTX_new(mac)) == NULL) + if (mac == NULL || (ret->ctx = EVP_MAC_new_ctx(mac)) == NULL) goto err; EVP_MAC_free(mac); return ret; err: - EVP_MAC_CTX_free(ret->ctx); + EVP_MAC_free_ctx(ret->ctx); EVP_MAC_free(mac); OPENSSL_free(ret); return NULL; @@ -3163,7 +3163,7 @@ SSL_HMAC *ssl_hmac_new(const SSL_CTX *ctx) void ssl_hmac_free(SSL_HMAC *ctx) { if (ctx != NULL) { - EVP_MAC_CTX_free(ctx->ctx); + EVP_MAC_free_ctx(ctx->ctx); #ifndef OPENSSL_NO_DEPRECATED_3_0 HMAC_CTX_free(ctx->old_ctx); #endif @@ -3191,7 +3191,7 @@ int ssl_hmac_init(SSL_HMAC *ctx, void *key, size_t len, char *md) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, md, 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key, len); *p = OSSL_PARAM_construct_end(); - if (EVP_MAC_CTX_set_params(ctx->ctx, params) && EVP_MAC_init(ctx->ctx)) + if (EVP_MAC_set_ctx_params(ctx->ctx, params) && EVP_MAC_init(ctx->ctx)) return 1; } #ifndef OPENSSL_NO_DEPRECATED_3_0 diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index cf8e42c97e..95e28d6d54 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -360,9 +360,9 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, } *p++ = OSSL_PARAM_construct_end(); - ctx = EVP_MAC_CTX_new(hmac); + ctx = EVP_MAC_new_ctx(hmac); if (ctx == NULL - || !EVP_MAC_CTX_set_params(ctx, params) + || !EVP_MAC_set_ctx_params(ctx, params) || !EVP_MAC_init(ctx) || !EVP_MAC_update(ctx, hash, hashlen) /* outsize as per sizeof(peer_finish_md) */ @@ -375,7 +375,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, ret = hashlen; err: OPENSSL_cleanse(finsecret, sizeof(finsecret)); - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); EVP_MAC_free(hmac); return ret; } diff --git a/test/bad_dtls_test.c b/test/bad_dtls_test.c index bfbaa7953a..d2d6a6b426 100644 --- a/test/bad_dtls_test.c +++ b/test/bad_dtls_test.c @@ -305,14 +305,14 @@ static int send_record(BIO *rbio, unsigned char type, uint64_t seqnr, /* Append HMAC to data */ hmac = EVP_MAC_fetch(NULL, "HMAC", NULL); - ctx = EVP_MAC_CTX_new(hmac); + ctx = EVP_MAC_new_ctx(hmac); EVP_MAC_free(hmac); params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "SHA1", 0); params[1] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, mac_key, 20); params[2] = OSSL_PARAM_construct_end(); - EVP_MAC_CTX_set_params(ctx, params); + EVP_MAC_set_ctx_params(ctx, params); EVP_MAC_init(ctx); EVP_MAC_update(ctx, epoch, 2); EVP_MAC_update(ctx, seq, 6); @@ -323,7 +323,7 @@ static int send_record(BIO *rbio, unsigned char type, uint64_t seqnr, EVP_MAC_update(ctx, lenbytes, 2); /* Length */ EVP_MAC_update(ctx, enc, len); /* Finally the data itself */ EVP_MAC_final(ctx, enc + len, NULL, SHA_DIGEST_LENGTH); - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); /* Append padding bytes */ len += SHA_DIGEST_LENGTH; diff --git a/test/evp_test.c b/test/evp_test.c index 198c27ea5f..ef5d950018 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1323,12 +1323,12 @@ static int mac_test_run_mac(EVP_TEST *t) } params[params_n] = OSSL_PARAM_construct_end(); - if ((ctx = EVP_MAC_CTX_new(expected->mac)) == NULL) { + if ((ctx = EVP_MAC_new_ctx(expected->mac)) == NULL) { t->err = "MAC_CREATE_ERROR"; goto err; } - if (!EVP_MAC_CTX_set_params(ctx, params)) { + if (!EVP_MAC_set_ctx_params(ctx, params)) { t->err = "MAC_BAD_PARAMS"; goto err; } @@ -1360,7 +1360,7 @@ static int mac_test_run_mac(EVP_TEST *t) while (params_n-- > params_n_allocstart) { OPENSSL_free(params[params_n].data); } - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); OPENSSL_free(got); return 1; } diff --git a/test/sslapitest.c b/test/sslapitest.c index 23e6b7d0f6..4665569054 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -6922,7 +6922,7 @@ static int tick_key_evp_cb(SSL *s, unsigned char key_name[16], params[2] = OSSL_PARAM_construct_end(); if (aes128cbc == NULL || !EVP_CipherInit_ex(ctx, aes128cbc, NULL, tick_aes_key, iv, enc) - || !EVP_MAC_CTX_set_params(hctx, params) + || !EVP_MAC_set_ctx_params(hctx, params) || !EVP_MAC_init(hctx)) ret = -1; else diff --git a/util/libcrypto.num b/util/libcrypto.num index 339df720e8..317481388c 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4425,10 +4425,10 @@ OCSP_resp_get0_respdata 4530 3_0_0 EXIST::FUNCTION:OCSP EVP_MD_CTX_set_pkey_ctx 4531 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_set_digest_custom 4532 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_get_digest_custom 4533 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_new ? 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_free ? 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_dup ? 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_mac ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_new_ctx ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_free_ctx ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_dup_ctx ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_get_ctx_mac ? 3_0_0 EXIST::FUNCTION: EVP_MAC_size ? 3_0_0 EXIST::FUNCTION: EVP_MAC_init ? 3_0_0 EXIST::FUNCTION: EVP_MAC_update ? 3_0_0 EXIST::FUNCTION: @@ -4701,8 +4701,8 @@ EVP_CIPHER_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION: EVP_MD_get_params ? 3_0_0 EXIST::FUNCTION: EVP_MAC_fetch ? 3_0_0 EXIST::FUNCTION: EVP_MAC_settable_ctx_params ? 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_set_params ? 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_get_params ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_set_ctx_params ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_get_ctx_params ? 3_0_0 EXIST::FUNCTION: EVP_MAC_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION: EVP_MAC_free ? 3_0_0 EXIST::FUNCTION: EVP_MAC_up_ref ? 3_0_0 EXIST::FUNCTION: -- 2.25.1