diff options
| author | joshua <> | 2024-01-28 14:55:40 +0000 |
|---|---|---|
| committer | joshua <> | 2024-01-28 14:55:40 +0000 |
| commit | 021245d7e62a8465900bc72da18b21962d19e186 (patch) | |
| tree | 945c93c33b223112311e313dee8266f379546f2d /src | |
| parent | 0eef59fb96be9fd1bf0bf6052853c6a92267c58a (diff) | |
| download | openbsd-021245d7e62a8465900bc72da18b21962d19e186.tar.gz openbsd-021245d7e62a8465900bc72da18b21962d19e186.tar.bz2 openbsd-021245d7e62a8465900bc72da18b21962d19e186.zip | |
Clean up EVP_CIPHER_CTX_init() usage in cmac.c
This replaces usage of EVP_CIPHER_CTX_init() with EVEP_CIPHER_CTX_new(),
and EVP_CIPHER_CTX_cleanup() with EVP_CIPHER_CTX_reset().
This also replaces usage of malloc with calloc, and free with freezero.
ok tb@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/cmac/cmac.c | 58 |
1 files changed, 33 insertions, 25 deletions
diff --git a/src/lib/libcrypto/cmac/cmac.c b/src/lib/libcrypto/cmac/cmac.c index 9fe907609a..29f5048897 100644 --- a/src/lib/libcrypto/cmac/cmac.c +++ b/src/lib/libcrypto/cmac/cmac.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: cmac.c,v 1.18 2023/12/18 21:15:00 tb Exp $ */ | 1 | /* $OpenBSD: cmac.c,v 1.19 2024/01/28 14:55:40 joshua Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project. | 3 | * project. |
| 4 | */ | 4 | */ |
| @@ -68,7 +68,7 @@ | |||
| 68 | * The temporary block tbl is a scratch buffer that holds intermediate secrets. | 68 | * The temporary block tbl is a scratch buffer that holds intermediate secrets. |
| 69 | */ | 69 | */ |
| 70 | struct CMAC_CTX_st { | 70 | struct CMAC_CTX_st { |
| 71 | EVP_CIPHER_CTX cctx; | 71 | EVP_CIPHER_CTX *cipher_ctx; |
| 72 | unsigned char k1[EVP_MAX_BLOCK_LENGTH]; | 72 | unsigned char k1[EVP_MAX_BLOCK_LENGTH]; |
| 73 | unsigned char k2[EVP_MAX_BLOCK_LENGTH]; | 73 | unsigned char k2[EVP_MAX_BLOCK_LENGTH]; |
| 74 | unsigned char tbl[EVP_MAX_BLOCK_LENGTH]; | 74 | unsigned char tbl[EVP_MAX_BLOCK_LENGTH]; |
| @@ -112,19 +112,26 @@ CMAC_CTX_new(void) | |||
| 112 | { | 112 | { |
| 113 | CMAC_CTX *ctx; | 113 | CMAC_CTX *ctx; |
| 114 | 114 | ||
| 115 | ctx = malloc(sizeof(CMAC_CTX)); | 115 | if ((ctx = calloc(1, sizeof(CMAC_CTX))) == NULL) |
| 116 | if (!ctx) | 116 | goto err; |
| 117 | return NULL; | 117 | if ((ctx->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL) |
| 118 | EVP_CIPHER_CTX_init(&ctx->cctx); | 118 | goto err; |
| 119 | |||
| 119 | ctx->nlast_block = -1; | 120 | ctx->nlast_block = -1; |
| 121 | |||
| 120 | return ctx; | 122 | return ctx; |
| 123 | |||
| 124 | err: | ||
| 125 | CMAC_CTX_free(ctx); | ||
| 126 | |||
| 127 | return NULL; | ||
| 121 | } | 128 | } |
| 122 | LCRYPTO_ALIAS(CMAC_CTX_new); | 129 | LCRYPTO_ALIAS(CMAC_CTX_new); |
| 123 | 130 | ||
| 124 | void | 131 | void |
| 125 | CMAC_CTX_cleanup(CMAC_CTX *ctx) | 132 | CMAC_CTX_cleanup(CMAC_CTX *ctx) |
| 126 | { | 133 | { |
| 127 | EVP_CIPHER_CTX_cleanup(&ctx->cctx); | 134 | EVP_CIPHER_CTX_reset(ctx->cipher_ctx); |
| 128 | explicit_bzero(ctx->tbl, EVP_MAX_BLOCK_LENGTH); | 135 | explicit_bzero(ctx->tbl, EVP_MAX_BLOCK_LENGTH); |
| 129 | explicit_bzero(ctx->k1, EVP_MAX_BLOCK_LENGTH); | 136 | explicit_bzero(ctx->k1, EVP_MAX_BLOCK_LENGTH); |
| 130 | explicit_bzero(ctx->k2, EVP_MAX_BLOCK_LENGTH); | 137 | explicit_bzero(ctx->k2, EVP_MAX_BLOCK_LENGTH); |
| @@ -136,7 +143,7 @@ LCRYPTO_ALIAS(CMAC_CTX_cleanup); | |||
| 136 | EVP_CIPHER_CTX * | 143 | EVP_CIPHER_CTX * |
| 137 | CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx) | 144 | CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx) |
| 138 | { | 145 | { |
| 139 | return &ctx->cctx; | 146 | return ctx->cipher_ctx; |
| 140 | } | 147 | } |
| 141 | LCRYPTO_ALIAS(CMAC_CTX_get0_cipher_ctx); | 148 | LCRYPTO_ALIAS(CMAC_CTX_get0_cipher_ctx); |
| 142 | 149 | ||
| @@ -147,7 +154,8 @@ CMAC_CTX_free(CMAC_CTX *ctx) | |||
| 147 | return; | 154 | return; |
| 148 | 155 | ||
| 149 | CMAC_CTX_cleanup(ctx); | 156 | CMAC_CTX_cleanup(ctx); |
| 150 | free(ctx); | 157 | EVP_CIPHER_CTX_free(ctx->cipher_ctx); |
| 158 | freezero(ctx, sizeof(CMAC_CTX)); | ||
| 151 | } | 159 | } |
| 152 | LCRYPTO_ALIAS(CMAC_CTX_free); | 160 | LCRYPTO_ALIAS(CMAC_CTX_free); |
| 153 | 161 | ||
| @@ -158,9 +166,9 @@ CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) | |||
| 158 | 166 | ||
| 159 | if (in->nlast_block == -1) | 167 | if (in->nlast_block == -1) |
| 160 | return 0; | 168 | return 0; |
| 161 | if (!EVP_CIPHER_CTX_copy(&out->cctx, &in->cctx)) | 169 | if (!EVP_CIPHER_CTX_copy(out->cipher_ctx, in->cipher_ctx)) |
| 162 | return 0; | 170 | return 0; |
| 163 | block_size = EVP_CIPHER_CTX_block_size(&in->cctx); | 171 | block_size = EVP_CIPHER_CTX_block_size(in->cipher_ctx); |
| 164 | memcpy(out->k1, in->k1, block_size); | 172 | memcpy(out->k1, in->k1, block_size); |
| 165 | memcpy(out->k2, in->k2, block_size); | 173 | memcpy(out->k2, in->k2, block_size); |
| 166 | memcpy(out->tbl, in->tbl, block_size); | 174 | memcpy(out->tbl, in->tbl, block_size); |
| @@ -182,7 +190,7 @@ CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, | |||
| 182 | /* Not initialised */ | 190 | /* Not initialised */ |
| 183 | if (ctx->nlast_block == -1) | 191 | if (ctx->nlast_block == -1) |
| 184 | return 0; | 192 | return 0; |
| 185 | if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) | 193 | if (!EVP_EncryptInit_ex(ctx->cipher_ctx, NULL, NULL, NULL, zero_iv)) |
| 186 | return 0; | 194 | return 0; |
| 187 | explicit_bzero(ctx->tbl, sizeof(ctx->tbl)); | 195 | explicit_bzero(ctx->tbl, sizeof(ctx->tbl)); |
| 188 | ctx->nlast_block = 0; | 196 | ctx->nlast_block = 0; |
| @@ -198,17 +206,17 @@ CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, | |||
| 198 | */ | 206 | */ |
| 199 | if ((cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0) | 207 | if ((cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0) |
| 200 | return 0; | 208 | return 0; |
| 201 | if (!EVP_EncryptInit_ex(&ctx->cctx, cipher, NULL, NULL, NULL)) | 209 | if (!EVP_EncryptInit_ex(ctx->cipher_ctx, cipher, NULL, NULL, NULL)) |
| 202 | return 0; | 210 | return 0; |
| 203 | } | 211 | } |
| 204 | 212 | ||
| 205 | /* Non-NULL key means initialisation is complete. */ | 213 | /* Non-NULL key means initialisation is complete. */ |
| 206 | if (key != NULL) { | 214 | if (key != NULL) { |
| 207 | if (EVP_CIPHER_CTX_cipher(&ctx->cctx) == NULL) | 215 | if (EVP_CIPHER_CTX_cipher(ctx->cipher_ctx) == NULL) |
| 208 | return 0; | 216 | return 0; |
| 209 | 217 | ||
| 210 | /* make_kn() only supports block sizes of 8 and 16 bytes. */ | 218 | /* make_kn() only supports block sizes of 8 and 16 bytes. */ |
| 211 | block_size = EVP_CIPHER_CTX_block_size(&ctx->cctx); | 219 | block_size = EVP_CIPHER_CTX_block_size(ctx->cipher_ctx); |
| 212 | if (block_size != 8 && block_size != 16) | 220 | if (block_size != 8 && block_size != 16) |
| 213 | return 0; | 221 | return 0; |
| 214 | 222 | ||
| @@ -216,11 +224,11 @@ CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, | |||
| 216 | * Section 6.1, step 1: store the intermediate secret CIPH_K(0) | 224 | * Section 6.1, step 1: store the intermediate secret CIPH_K(0) |
| 217 | * in ctx->tbl. | 225 | * in ctx->tbl. |
| 218 | */ | 226 | */ |
| 219 | if (!EVP_CIPHER_CTX_set_key_length(&ctx->cctx, keylen)) | 227 | if (!EVP_CIPHER_CTX_set_key_length(ctx->cipher_ctx, keylen)) |
| 220 | return 0; | 228 | return 0; |
| 221 | if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv)) | 229 | if (!EVP_EncryptInit_ex(ctx->cipher_ctx, NULL, NULL, key, zero_iv)) |
| 222 | return 0; | 230 | return 0; |
| 223 | if (!EVP_Cipher(&ctx->cctx, ctx->tbl, zero_iv, block_size)) | 231 | if (!EVP_Cipher(ctx->cipher_ctx, ctx->tbl, zero_iv, block_size)) |
| 224 | return 0; | 232 | return 0; |
| 225 | 233 | ||
| 226 | /* Section 6.1, step 2: compute k1 from intermediate secret. */ | 234 | /* Section 6.1, step 2: compute k1 from intermediate secret. */ |
| @@ -233,7 +241,7 @@ CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, | |||
| 233 | ctx->nlast_block = 0; | 241 | ctx->nlast_block = 0; |
| 234 | 242 | ||
| 235 | /* Reset context again to get ready for the first data block. */ | 243 | /* Reset context again to get ready for the first data block. */ |
| 236 | if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) | 244 | if (!EVP_EncryptInit_ex(ctx->cipher_ctx, NULL, NULL, NULL, zero_iv)) |
| 237 | return 0; | 245 | return 0; |
| 238 | } | 246 | } |
| 239 | 247 | ||
| @@ -251,7 +259,7 @@ CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) | |||
| 251 | return 0; | 259 | return 0; |
| 252 | if (dlen == 0) | 260 | if (dlen == 0) |
| 253 | return 1; | 261 | return 1; |
| 254 | block_size = EVP_CIPHER_CTX_block_size(&ctx->cctx); | 262 | block_size = EVP_CIPHER_CTX_block_size(ctx->cipher_ctx); |
| 255 | /* Copy into partial block if we need to */ | 263 | /* Copy into partial block if we need to */ |
| 256 | if (ctx->nlast_block > 0) { | 264 | if (ctx->nlast_block > 0) { |
| 257 | size_t nleft; | 265 | size_t nleft; |
| @@ -267,13 +275,13 @@ CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) | |||
| 267 | return 1; | 275 | return 1; |
| 268 | data += nleft; | 276 | data += nleft; |
| 269 | /* Else not final block so encrypt it */ | 277 | /* Else not final block so encrypt it */ |
| 270 | if (!EVP_Cipher(&ctx->cctx, ctx->tbl, ctx->last_block, | 278 | if (!EVP_Cipher(ctx->cipher_ctx, ctx->tbl, ctx->last_block, |
| 271 | block_size)) | 279 | block_size)) |
| 272 | return 0; | 280 | return 0; |
| 273 | } | 281 | } |
| 274 | /* Encrypt all but one of the complete blocks left */ | 282 | /* Encrypt all but one of the complete blocks left */ |
| 275 | while (dlen > block_size) { | 283 | while (dlen > block_size) { |
| 276 | if (!EVP_Cipher(&ctx->cctx, ctx->tbl, data, block_size)) | 284 | if (!EVP_Cipher(ctx->cipher_ctx, ctx->tbl, data, block_size)) |
| 277 | return 0; | 285 | return 0; |
| 278 | dlen -= block_size; | 286 | dlen -= block_size; |
| 279 | data += block_size; | 287 | data += block_size; |
| @@ -292,7 +300,7 @@ CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) | |||
| 292 | 300 | ||
| 293 | if (ctx->nlast_block == -1) | 301 | if (ctx->nlast_block == -1) |
| 294 | return 0; | 302 | return 0; |
| 295 | block_size = EVP_CIPHER_CTX_block_size(&ctx->cctx); | 303 | block_size = EVP_CIPHER_CTX_block_size(ctx->cipher_ctx); |
| 296 | *poutlen = (size_t)block_size; | 304 | *poutlen = (size_t)block_size; |
| 297 | if (!out) | 305 | if (!out) |
| 298 | return 1; | 306 | return 1; |
| @@ -308,7 +316,7 @@ CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) | |||
| 308 | for (i = 0; i < block_size; i++) | 316 | for (i = 0; i < block_size; i++) |
| 309 | out[i] = ctx->last_block[i] ^ ctx->k2[i]; | 317 | out[i] = ctx->last_block[i] ^ ctx->k2[i]; |
| 310 | } | 318 | } |
| 311 | if (!EVP_Cipher(&ctx->cctx, out, out, block_size)) { | 319 | if (!EVP_Cipher(ctx->cipher_ctx, out, out, block_size)) { |
| 312 | explicit_bzero(out, block_size); | 320 | explicit_bzero(out, block_size); |
| 313 | return 0; | 321 | return 0; |
| 314 | } | 322 | } |
| @@ -327,6 +335,6 @@ CMAC_resume(CMAC_CTX *ctx) | |||
| 327 | * So reinitialising using the last decrypted block will allow | 335 | * So reinitialising using the last decrypted block will allow |
| 328 | * CMAC to continue after calling CMAC_Final(). | 336 | * CMAC to continue after calling CMAC_Final(). |
| 329 | */ | 337 | */ |
| 330 | return EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, ctx->tbl); | 338 | return EVP_EncryptInit_ex(ctx->cipher_ctx, NULL, NULL, NULL, ctx->tbl); |
| 331 | } | 339 | } |
| 332 | LCRYPTO_ALIAS(CMAC_resume); | 340 | LCRYPTO_ALIAS(CMAC_resume); |