Post-merge fixes

Upstream has moved some functions from networking/tls.c to a new
file, libbb/hash_hmac.c.  The merge didn't adjust this code to
allow it to work with the native Windows checksum API.

This only matters if FEATURE_USE_CNG_API is enabled and
CONFIG_FEATURE_TLS_SCHANNEL isn't.  In that case the wget applet
fails to handle https.  None of the default configurations
has this combination, but it should work.  Make it so.

The Windows code doesn't implement hmac_block(), as that's only
used for password encryption which isn't currently supported.

The variadic function hmac_peek_hash() isn't declared FAST_FUNC,
as that causes clang to issue many warnings.

3 files changed, 88 insertions, 7 deletions

diff --git a/include/libbb.h b/include/libbb.h
index 7a375f4d2..8dc4e4992 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -281,12 +281,26 @@ PUSH_AND_SET_FUNCTION_VISIBILITY_TO_HIDDEN
 # endif
 #endif
 
-#if ENABLE_FEATURE_TLS_SCHANNEL
+#if ENABLE_FEATURE_TLS_SCHANNEL || ENABLE_FEATURE_USE_CNG_API
 # define SECURITY_WIN32
 # include <windows.h>
 # include <security.h>
 #endif
 
+#if ENABLE_FEATURE_USE_CNG_API
+# include <bcrypt.h>
+
+// these work on Windows >= 10
+# define BCRYPT_HMAC_SHA1_ALG_HANDLE   ((BCRYPT_ALG_HANDLE) 0x000000a1)
+# define BCRYPT_HMAC_SHA256_ALG_HANDLE ((BCRYPT_ALG_HANDLE) 0x000000b1)
+# define sha1_begin_hmac BCRYPT_HMAC_SHA1_ALG_HANDLE
+# define sha256_begin_hmac BCRYPT_HMAC_SHA256_ALG_HANDLE
+#else
+# define sha1_begin_hmac sha1_begin
+# define sha256_begin_hmac sha256_begin
+# define hmac_uninit(...) ((void)0)
+#endif
+
 /* Tested to work correctly with all int types (IIRC :]) */
 #define MAXINT(T) (T)( \
         ((T)-1) > 0 \
@@ -2444,12 +2458,17 @@ typedef struct md5_ctx_t md5sha_ctx_t;
 #endif
 
 /* RFC 2104 HMAC (hash-based message authentication code) */
+#if !ENABLE_FEATURE_USE_CNG_API
 typedef struct hmac_ctx {
         md5sha_ctx_t hashed_key_xor_ipad;
         md5sha_ctx_t hashed_key_xor_opad;
 } hmac_ctx_t;
+#else
+typedef struct bcrypt_hash_ctx_t hmac_ctx_t;
+#endif
 #define HMAC_ONLY_SHA256 (!ENABLE_FEATURE_TLS_SHA1)
 typedef void md5sha_begin_func(md5sha_ctx_t *ctx) FAST_FUNC;
+#if !ENABLE_FEATURE_USE_CNG_API
 #if HMAC_ONLY_SHA256
 #define hmac_begin(ctx,key,key_size,begin) \
         hmac_begin(ctx,key,key_size)
@@ -2459,6 +2478,17 @@ static ALWAYS_INLINE void hmac_hash(hmac_ctx_t *ctx, const void *in, size_t len)
 {
         md5sha_hash(&ctx->hashed_key_xor_ipad, in, len);
 }
+#else
+# if HMAC_ONLY_SHA256
+#  define hmac_begin(pre,key,key_size,begin) \
+        _hmac_begin(pre, key, key_size, sha256_begin_hmac)
+# else
+#  define hmac_begin _hmac_begin
+# endif
+void _hmac_begin(hmac_ctx_t *pre, uint8_t *key, unsigned key_size,
+        BCRYPT_ALG_HANDLE alg_handle);
+void hmac_uninit(hmac_ctx_t *pre);
+#endif
 unsigned FAST_FUNC hmac_end(hmac_ctx_t *ctx, uint8_t *out);
 #if HMAC_ONLY_SHA256
 #define hmac_block(key,key_size,begin,in,sz,out) \
@@ -2470,7 +2500,7 @@ unsigned FAST_FUNC hmac_block(const uint8_t *key, unsigned key_size,
                 uint8_t *out);
 /* HMAC helpers for TLS: */
 void FAST_FUNC hmac_hash_v(hmac_ctx_t *ctx, va_list va);
-unsigned FAST_FUNC hmac_peek_hash(hmac_ctx_t *ctx, uint8_t *out, ...);
+unsigned hmac_peek_hash(hmac_ctx_t *ctx, uint8_t *out, ...);
 
 extern uint32_t *global_crc32_table;
 uint32_t *crc32_filltable(uint32_t *tbl256, int endian) FAST_FUNC;
diff --git a/libbb/hash_hmac.c b/libbb/hash_hmac.c
index 9e48e0f51..b3138029f 100644
--- a/libbb/hash_hmac.c
+++ b/libbb/hash_hmac.c
@@ -18,6 +18,7 @@
 // if we often need HMAC hmac with the same key.
 //
 // text is often given in disjoint pieces.
+#if !ENABLE_FEATURE_USE_CNG_API
 void FAST_FUNC hmac_begin(hmac_ctx_t *ctx, const uint8_t *key, unsigned key_size, md5sha_begin_func *begin)
 {
 #if HMAC_ONLY_SHA256
@@ -89,12 +90,58 @@ void FAST_FUNC hmac_hash_v(
                 md5sha_hash(&ctx->hashed_key_xor_ipad, in, size);
         }
 }
+#else
+void _hmac_begin(hmac_ctx_t *ctx, uint8_t *key, unsigned key_size,
+                                        BCRYPT_ALG_HANDLE alg_handle) {
+        DWORD hash_object_length = 0;
+        ULONG _unused;
+        NTSTATUS status;
+
+        status = BCryptGetProperty(alg_handle, BCRYPT_OBJECT_LENGTH,
+                                (PUCHAR)&hash_object_length, sizeof(DWORD), &_unused, 0);
+        mingw_die_if_error(status, "BCryptGetProperty");
+        status = BCryptGetProperty(alg_handle, BCRYPT_HASH_LENGTH,
+                                (PUCHAR)&ctx->output_size, sizeof(DWORD), &_unused, 0);
+        mingw_die_if_error(status, "BCryptGetProperty");
+
+        ctx->hash_obj = xmalloc(hash_object_length);
+
+        status = BCryptCreateHash(alg_handle, &ctx->handle, ctx->hash_obj,
+                                hash_object_length, key, key_size, BCRYPT_HASH_REUSABLE_FLAG);
+        mingw_die_if_error(status, "BCryptCreateHash");
+}
+
+unsigned FAST_FUNC hmac_end(hmac_ctx_t *ctx, uint8_t *out)
+{
+        NTSTATUS status;
+
+        status = BCryptFinishHash(ctx->handle, out, ctx->output_size, 0);
+        mingw_die_if_error(status, "BCryptFinishHash");
+
+        return ctx->output_size;
+}
+
+void FAST_FUNC hmac_hash_v(hmac_ctx_t *ctx, va_list va)
+{
+        uint8_t *in;
+
+        while ((in = va_arg(va, uint8_t*)) != NULL) {
+                unsigned size = va_arg(va, unsigned);
+                BCryptHashData(ctx->handle, in, size, 0);
+        }
+}
+
+void hmac_uninit(hmac_ctx_t *ctx) {
+        BCryptDestroyHash(ctx->handle);
+        free(ctx->hash_obj);
+}
+#endif
 
 /* Using HMAC state, make a copy of it (IOW: without affecting this state!)
  * hash in the list of (ptr,size) blocks, and finish the HMAC to out[] buffer.
  * This function is useful for TLS PRF.
  */
-unsigned FAST_FUNC hmac_peek_hash(hmac_ctx_t *ctx, uint8_t *out, ...)
+unsigned hmac_peek_hash(hmac_ctx_t *ctx, uint8_t *out, ...)
 {
         hmac_ctx_t tmpctx = *ctx; /* struct copy */
         va_list va;
diff --git a/networking/tls.c b/networking/tls.c
index 13bdc0423..9c05364ea 100644
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -418,7 +418,7 @@ static void prf_hmac_sha256(/*tls_state_t *tls,*/
 #define SEED   label, label_size, seed, seed_size
 #define A      a, MAC_size
 
-        hmac_begin(&ctx, secret, secret_size, sha256_begin);
+        hmac_begin(&ctx, secret, secret_size, sha256_begin_hmac);
 
         /* A(1) = HMAC_hash(secret, seed) */
         hmac_peek_hash(&ctx, a, SEED, NULL);
@@ -430,6 +430,7 @@ static void prf_hmac_sha256(/*tls_state_t *tls,*/
                         /* (use a[] as temp buffer) */
                         hmac_peek_hash(&ctx, a, A, SEED, NULL);
                         memcpy(out_p, a, outbuf_size);
+                        hmac_uninit(&ctx);
                         return;
                 }
                 /* Not last block. Store directly to result buffer */
@@ -513,18 +514,21 @@ static unsigned hmac_blocks(tls_state_t *tls, uint8_t *out, uint8_t *key, unsign
 {
         hmac_ctx_t ctx;
         va_list va;
+        unsigned len;
 
         hmac_begin(&ctx, key, key_size,
                         (ENABLE_FEATURE_TLS_SHA1 && tls->MAC_size == SHA1_OUTSIZE)
-                                ? sha1_begin
-                                : sha256_begin
+                                ? sha1_begin_hmac
+                                : sha256_begin_hmac
         );
 
         va_start(va, key_size);
         hmac_hash_v(&ctx, va);
         va_end(va);
 
-        return hmac_end(&ctx, out);
+        len = hmac_end(&ctx, out);
+        hmac_uninit(&ctx);
+        return len;
 }
 
 static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, unsigned type)