openbsd/src/lib/libcrypto/hmac, branch libressl-v3.5.3A mirror of https://github.com/libressl/openbsd.git
https://git.lua4.win/openbsd/atom?h=libressl-v3.5.32022-03-30T07:17:48+00:00Avoid segfaults in EVP_PKEY_CTX_free()2022-03-30T07:17:48+00:00tb2022-03-30T07:17:48+00:00urn:sha1:c650ef2b4f969ce6b8d9a39f9e86c5e181dfafbc
It is possible to call pmeth->cleanup() with an EVP_PKEY_CTX whose data
is NULL. If pmeth->init() in int_ctx_new() fails, EVP_PKEY_CTX_free() is
called with such a context. This in turn calls pmeth->cleanup(), and thus
these cleanup functions must be careful not to use NULL data. Most of
them are, but one of GOST's functions and HMAC's aren't.
Reported for HMAC by Masaru Masada
https://github.com/libressl-portable/openbsd/issues/129
ok bcook jsing
pkey_hmac_init(): use calloc()2022-03-30T07:12:30+00:00tb2022-03-30T07:12:30+00:00urn:sha1:4f0946cf87d94f094252f696625cc100be8bbd76
Instead of using malloc() and setting most struct members to 0,
simply use calloc().
ok bcook jsing
Remove HMAC_CTX_{init,cleanup}() and HMAC_init from public visibility2022-01-14T08:06:03+00:00tb2022-01-14T08:06:03+00:00urn:sha1:91bb5e9900c0e103adf709034df105c4f34b6bd3
In OpenSSL commit 32fd54a9a3 HMAC_CTX_cleanup() was integrated into
HMAC_CTX_init(), then HMAC_CTX_init() was renamed to HMAC_CTX_reset()
in dc0099e1.
LibreSSL retained them for API compatibility with OpenSSL 1.0.
Not many things use them anymore. In fact, some projects that didn't
want to modify their code for OpenSSL 1.1 API compatibility used the
removed functions to wrap the OpenSSL 1.1 API. We had to patch some
of these and this will now no longer be necessary.
Also remove HMAC_cleanup(). Nothing uses this.
ok inoguchi jsing
Make structs in evp.h and hmac.h opaque2022-01-14T08:04:14+00:00tb2022-01-14T08:04:14+00:00urn:sha1:8be1fd92836a1a22c1b53e77ef08a7768e9a9b05
This moves most structs to evp_locl.h and moves HMAC_CTX to hmac_local.h.
ok inoguchi jsing
Annotate the structs that will be moved to hmac_local.h and evp_locl.h2021-12-12T21:35:47+00:00tb2021-12-12T21:35:47+00:00urn:sha1:c2c9cf22aa6a46cfa24e29a06a5d0385ca428117
in an upcoming bump. This omits EVP_AEAD_CTX which will be dealt with
separately. EVP_CIPHER_INFO internals are still publicly visible in
OpenSSL, so it won't be moved.
Move typedefs for HMAC_CTX and EVP_ENCODE_CTX to ossl_typ.h. These
typedefs will be visible by files including only hmac.h or evp.h since
hmac.h includes evp.h and evp.h includes ossl_typ.h.
ok inoguchi
Include evp_locl.h where it will be needed once most structs from2021-12-12T21:30:14+00:00tb2021-12-12T21:30:14+00:00urn:sha1:b632ec4f99386efc52214c580c9f233748302224
evp.h will be moved to evp_locl.h in an upcoming bump.
ok inoguchi
Add a mostly empty hmac_local.h. HMAC_CTX and a few other things2021-12-12T21:27:38+00:00tb2021-12-12T21:27:38+00:00urn:sha1:e6d34a52bf003f2e199023dc166779f5d25bfcff
from hmac.h will be moved there in an umpcoming bump. Include this
file where it will be needed.
ok inoguchi
Provide HMAC_CTX_new(), HMAC_CTX_free(), HMAC_CTX_reset() and2018-02-17T14:53:59+00:00jsing2018-02-17T14:53:59+00:00urn:sha1:fe31e083891620d38e67f59ea40fa3b92f6fcc48
HMAC_CTX_get_md().
use freezero() instead of memset/explicit_bzero + free. Substantially2017-05-02T03:59:45+00:00deraadt2017-05-02T03:59:45+00:00urn:sha1:5904cc0e04409fde39a97e6580535da34eeb4291
reduces conditional logic (-218, +82).
MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c
wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and
BN_FLG_STATIC_DATA where the condition cannot be collapsed completely.
Passes regress. ok beck
Ensure MD and key initialized before processing HMAC2017-03-03T10:39:07+00:00inoguchi2017-03-03T10:39:07+00:00urn:sha1:c45f068d1d019c55301b10504d06350ca5e3e625
Ensure both MD and key have been initialized before processing HMAC.
Releasing HMAC_CTX in error path of HMAC().
In regress test, added test 4,5,6 and cleaned up the code.
ok jsing@