diff options
| author | inoguchi <> | 2017-03-03 10:39:07 +0000 |
|---|---|---|
| committer | inoguchi <> | 2017-03-03 10:39:07 +0000 |
| commit | 97d56837a149cc0208c55b487d71956d327193fd (patch) | |
| tree | f55b9886b7ecc1012718eec4a621d7ac8d098382 /src/lib | |
| parent | 71095999206308b62fa7ab18602ceb3fa91f6a9c (diff) | |
| download | openbsd-97d56837a149cc0208c55b487d71956d327193fd.tar.gz openbsd-97d56837a149cc0208c55b487d71956d327193fd.tar.bz2 openbsd-97d56837a149cc0208c55b487d71956d327193fd.zip | |
Ensure MD and key initialized before processing HMAC
Ensure both MD and key have been initialized before processing HMAC.
Releasing HMAC_CTX in error path of HMAC().
In regress test, added test 4,5,6 and cleaned up the code.
ok jsing@
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/hmac/hmac.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/src/lib/libcrypto/hmac/hmac.c b/src/lib/libcrypto/hmac/hmac.c index 8fd980b052..84917662ca 100644 --- a/src/lib/libcrypto/hmac/hmac.c +++ b/src/lib/libcrypto/hmac/hmac.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: hmac.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */ | 1 | /* $OpenBSD: hmac.c,v 1.24 2017/03/03 10:39:07 inoguchi Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -70,11 +70,17 @@ HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, | |||
| 70 | int i, j, reset = 0; | 70 | int i, j, reset = 0; |
| 71 | unsigned char pad[HMAC_MAX_MD_CBLOCK]; | 71 | unsigned char pad[HMAC_MAX_MD_CBLOCK]; |
| 72 | 72 | ||
| 73 | /* If we are changing MD then we must have a key */ | ||
| 74 | if (md != NULL && md != ctx->md && (key == NULL || len < 0)) | ||
| 75 | return 0; | ||
| 76 | |||
| 73 | if (md != NULL) { | 77 | if (md != NULL) { |
| 74 | reset = 1; | 78 | reset = 1; |
| 75 | ctx->md = md; | 79 | ctx->md = md; |
| 76 | } else | 80 | } else if (ctx->md != NULL) |
| 77 | md = ctx->md; | 81 | md = ctx->md; |
| 82 | else | ||
| 83 | return 0; | ||
| 78 | 84 | ||
| 79 | if (key != NULL) { | 85 | if (key != NULL) { |
| 80 | reset = 1; | 86 | reset = 1; |
| @@ -92,7 +98,7 @@ HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, | |||
| 92 | &ctx->key_length)) | 98 | &ctx->key_length)) |
| 93 | goto err; | 99 | goto err; |
| 94 | } else { | 100 | } else { |
| 95 | if ((size_t)len > sizeof(ctx->key)) { | 101 | if (len < 0 || (size_t)len > sizeof(ctx->key)) { |
| 96 | EVPerror(EVP_R_BAD_KEY_LENGTH); | 102 | EVPerror(EVP_R_BAD_KEY_LENGTH); |
| 97 | goto err; | 103 | goto err; |
| 98 | } | 104 | } |
| @@ -137,6 +143,9 @@ HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md) | |||
| 137 | int | 143 | int |
| 138 | HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) | 144 | HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) |
| 139 | { | 145 | { |
| 146 | if (ctx->md == NULL) | ||
| 147 | return 0; | ||
| 148 | |||
| 140 | return EVP_DigestUpdate(&ctx->md_ctx, data, len); | 149 | return EVP_DigestUpdate(&ctx->md_ctx, data, len); |
| 141 | } | 150 | } |
| 142 | 151 | ||
| @@ -146,6 +155,9 @@ HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) | |||
| 146 | unsigned int i; | 155 | unsigned int i; |
| 147 | unsigned char buf[EVP_MAX_MD_SIZE]; | 156 | unsigned char buf[EVP_MAX_MD_SIZE]; |
| 148 | 157 | ||
| 158 | if (ctx->md == NULL) | ||
| 159 | goto err; | ||
| 160 | |||
| 149 | if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i)) | 161 | if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i)) |
| 150 | goto err; | 162 | goto err; |
| 151 | if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx)) | 163 | if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx)) |
| @@ -165,6 +177,7 @@ HMAC_CTX_init(HMAC_CTX *ctx) | |||
| 165 | EVP_MD_CTX_init(&ctx->i_ctx); | 177 | EVP_MD_CTX_init(&ctx->i_ctx); |
| 166 | EVP_MD_CTX_init(&ctx->o_ctx); | 178 | EVP_MD_CTX_init(&ctx->o_ctx); |
| 167 | EVP_MD_CTX_init(&ctx->md_ctx); | 179 | EVP_MD_CTX_init(&ctx->md_ctx); |
| 180 | ctx->md = NULL; | ||
| 168 | } | 181 | } |
| 169 | 182 | ||
| 170 | int | 183 | int |
| @@ -190,7 +203,7 @@ HMAC_CTX_cleanup(HMAC_CTX *ctx) | |||
| 190 | EVP_MD_CTX_cleanup(&ctx->i_ctx); | 203 | EVP_MD_CTX_cleanup(&ctx->i_ctx); |
| 191 | EVP_MD_CTX_cleanup(&ctx->o_ctx); | 204 | EVP_MD_CTX_cleanup(&ctx->o_ctx); |
| 192 | EVP_MD_CTX_cleanup(&ctx->md_ctx); | 205 | EVP_MD_CTX_cleanup(&ctx->md_ctx); |
| 193 | memset(ctx, 0, sizeof *ctx); | 206 | explicit_bzero(ctx, sizeof(*ctx)); |
| 194 | } | 207 | } |
| 195 | 208 | ||
| 196 | unsigned char * | 209 | unsigned char * |
| @@ -212,6 +225,7 @@ HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d, | |||
| 212 | HMAC_CTX_cleanup(&c); | 225 | HMAC_CTX_cleanup(&c); |
| 213 | return md; | 226 | return md; |
| 214 | err: | 227 | err: |
| 228 | HMAC_CTX_cleanup(&c); | ||
| 215 | return NULL; | 229 | return NULL; |
| 216 | } | 230 | } |
| 217 | 231 | ||