summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/hmac
diff options
context:
space:
mode:
authordjm <>2012-10-13 21:23:50 +0000
committerdjm <>2012-10-13 21:23:50 +0000
commit228cae30b117c2493f69ad3c195341cd6ec8d430 (patch)
tree29ff00b10d52c0978077c4fd83c33b065bade73e /src/lib/libcrypto/hmac
parent731838c66b52c0ae5888333005b74115a620aa96 (diff)
downloadopenbsd-228cae30b117c2493f69ad3c195341cd6ec8d430.tar.gz
openbsd-228cae30b117c2493f69ad3c195341cd6ec8d430.tar.bz2
openbsd-228cae30b117c2493f69ad3c195341cd6ec8d430.zip
import OpenSSL-1.0.1c
Diffstat (limited to 'src/lib/libcrypto/hmac')
-rw-r--r--src/lib/libcrypto/hmac/hm_ameth.c2
-rw-r--r--src/lib/libcrypto/hmac/hm_pmeth.c14
-rw-r--r--src/lib/libcrypto/hmac/hmac.c37
3 files changed, 47 insertions, 6 deletions
diff --git a/src/lib/libcrypto/hmac/hm_ameth.c b/src/lib/libcrypto/hmac/hm_ameth.c
index 6d8a89149e..e03f24aeda 100644
--- a/src/lib/libcrypto/hmac/hm_ameth.c
+++ b/src/lib/libcrypto/hmac/hm_ameth.c
@@ -153,7 +153,7 @@ const EVP_PKEY_ASN1_METHOD hmac_asn1_meth =
153 153
154 hmac_size, 154 hmac_size,
155 0, 155 0,
156 0,0,0,0,0,0, 156 0,0,0,0,0,0,0,
157 157
158 hmac_key_free, 158 hmac_key_free,
159 hmac_pkey_ctrl, 159 hmac_pkey_ctrl,
diff --git a/src/lib/libcrypto/hmac/hm_pmeth.c b/src/lib/libcrypto/hmac/hm_pmeth.c
index 71e8567a14..0daa44511d 100644
--- a/src/lib/libcrypto/hmac/hm_pmeth.c
+++ b/src/lib/libcrypto/hmac/hm_pmeth.c
@@ -100,7 +100,8 @@ static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
100 dctx = dst->data; 100 dctx = dst->data;
101 dctx->md = sctx->md; 101 dctx->md = sctx->md;
102 HMAC_CTX_init(&dctx->ctx); 102 HMAC_CTX_init(&dctx->ctx);
103 HMAC_CTX_copy(&dctx->ctx, &sctx->ctx); 103 if (!HMAC_CTX_copy(&dctx->ctx, &sctx->ctx))
104 return 0;
104 if (sctx->ktmp.data) 105 if (sctx->ktmp.data)
105 { 106 {
106 if (!ASN1_OCTET_STRING_set(&dctx->ktmp, 107 if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
@@ -141,7 +142,8 @@ static int pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
141static int int_update(EVP_MD_CTX *ctx,const void *data,size_t count) 142static int int_update(EVP_MD_CTX *ctx,const void *data,size_t count)
142 { 143 {
143 HMAC_PKEY_CTX *hctx = ctx->pctx->data; 144 HMAC_PKEY_CTX *hctx = ctx->pctx->data;
144 HMAC_Update(&hctx->ctx, data, count); 145 if (!HMAC_Update(&hctx->ctx, data, count))
146 return 0;
145 return 1; 147 return 1;
146 } 148 }
147 149
@@ -167,7 +169,8 @@ static int hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
167 if (!sig) 169 if (!sig)
168 return 1; 170 return 1;
169 171
170 HMAC_Final(&hctx->ctx, sig, &hlen); 172 if (!HMAC_Final(&hctx->ctx, sig, &hlen))
173 return 0;
171 *siglen = (size_t)hlen; 174 *siglen = (size_t)hlen;
172 return 1; 175 return 1;
173 } 176 }
@@ -192,8 +195,9 @@ static int pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
192 195
193 case EVP_PKEY_CTRL_DIGESTINIT: 196 case EVP_PKEY_CTRL_DIGESTINIT:
194 key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr; 197 key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr;
195 HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md, 198 if (!HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md,
196 ctx->engine); 199 ctx->engine))
200 return 0;
197 break; 201 break;
198 202
199 default: 203 default:
diff --git a/src/lib/libcrypto/hmac/hmac.c b/src/lib/libcrypto/hmac/hmac.c
index 6c98fc43a3..ba27cbf56f 100644
--- a/src/lib/libcrypto/hmac/hmac.c
+++ b/src/lib/libcrypto/hmac/hmac.c
@@ -61,12 +61,34 @@
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/hmac.h> 62#include <openssl/hmac.h>
63 63
64#ifdef OPENSSL_FIPS
65#include <openssl/fips.h>
66#endif
67
64int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, 68int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
65 const EVP_MD *md, ENGINE *impl) 69 const EVP_MD *md, ENGINE *impl)
66 { 70 {
67 int i,j,reset=0; 71 int i,j,reset=0;
68 unsigned char pad[HMAC_MAX_MD_CBLOCK]; 72 unsigned char pad[HMAC_MAX_MD_CBLOCK];
69 73
74#ifdef OPENSSL_FIPS
75 if (FIPS_mode())
76 {
77 /* If we have an ENGINE need to allow non FIPS */
78 if ((impl || ctx->i_ctx.engine)
79 && !(ctx->i_ctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
80 {
81 EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS);
82 return 0;
83 }
84 /* Other algorithm blocking will be done in FIPS_cmac_init,
85 * via FIPS_hmac_init_ex().
86 */
87 if (!impl && !ctx->i_ctx.engine)
88 return FIPS_hmac_init_ex(ctx, key, len, md, NULL);
89 }
90#endif
91
70 if (md != NULL) 92 if (md != NULL)
71 { 93 {
72 reset=1; 94 reset=1;
@@ -133,6 +155,10 @@ int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
133 155
134int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) 156int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
135 { 157 {
158#ifdef OPENSSL_FIPS
159 if (FIPS_mode() && !ctx->i_ctx.engine)
160 return FIPS_hmac_update(ctx, data, len);
161#endif
136 return EVP_DigestUpdate(&ctx->md_ctx,data,len); 162 return EVP_DigestUpdate(&ctx->md_ctx,data,len);
137 } 163 }
138 164
@@ -140,6 +166,10 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
140 { 166 {
141 unsigned int i; 167 unsigned int i;
142 unsigned char buf[EVP_MAX_MD_SIZE]; 168 unsigned char buf[EVP_MAX_MD_SIZE];
169#ifdef OPENSSL_FIPS
170 if (FIPS_mode() && !ctx->i_ctx.engine)
171 return FIPS_hmac_final(ctx, md, len);
172#endif
143 173
144 if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i)) 174 if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i))
145 goto err; 175 goto err;
@@ -179,6 +209,13 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
179 209
180void HMAC_CTX_cleanup(HMAC_CTX *ctx) 210void HMAC_CTX_cleanup(HMAC_CTX *ctx)
181 { 211 {
212#ifdef OPENSSL_FIPS
213 if (FIPS_mode() && !ctx->i_ctx.engine)
214 {
215 FIPS_hmac_ctx_cleanup(ctx);
216 return;
217 }
218#endif
182 EVP_MD_CTX_cleanup(&ctx->i_ctx); 219 EVP_MD_CTX_cleanup(&ctx->i_ctx);
183 EVP_MD_CTX_cleanup(&ctx->o_ctx); 220 EVP_MD_CTX_cleanup(&ctx->o_ctx);
184 EVP_MD_CTX_cleanup(&ctx->md_ctx); 221 EVP_MD_CTX_cleanup(&ctx->md_ctx);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-15 19:49:44 +0000