Clear key on exit in PKCS12_gen_mac()

Also switch to heap-allocated HMAC_CTX and clean a few things up stylistically. loosely based on OpenSSL f5cee414 by Shane Lontis ok jsing
author: tb <> 2022-07-24 18:45:21 +0000
committer: tb <> 2022-07-24 18:45:21 +0000
commit: 1493045f08f03758295a7a7705e542ba0ab344fe (patch)
tree: 2b5b5dc195a619991f2b72efe6614b068b164fc8 /src
parent: f7c32e80c91813c76c71a6198fafdeeff899f215 (diff)
download: openbsd-1493045f08f03758295a7a7705e542ba0ab344fe.tar.gz
openbsd-1493045f08f03758295a7a7705e542ba0ab344fe.tar.bz2
openbsd-1493045f08f03758295a7a7705e542ba0ab344fe.zip
1 files changed, 38 insertions, 25 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c
index aaba1e74de..9a8a411c3f 100644
--- a/src/lib/libcrypto/pkcs12/p12_mutl.c
+++ b/src/lib/libcrypto/pkcs12/p12_mutl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_mutl.c,v 1.28 2022/07/24 18:41:08 tb Exp $ */
+/* $OpenBSD: p12_mutl.c,v 1.29 2022/07/24 18:45:21 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -78,47 +78,60 @@ PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
    unsigned char *mac, unsigned int *maclen)
 {
        const EVP_MD *md_type;
-        HMAC_CTX hmac;
+        HMAC_CTX *hmac = NULL;
        unsigned char key[EVP_MAX_MD_SIZE], *salt;
        int saltlen, iter;
        int md_size;
+        int ret = 0;
        if (!PKCS7_type_is_data(p12->authsafes)) {
                PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA);
-                return 0;
+                goto err;
        }
        salt = p12->mac->salt->data;
        saltlen = p12->mac->salt->length;
-        if (!p12->mac->iter)
-                iter = 1;
+        iter = 1;
-        else if ((iter = ASN1_INTEGER_get(p12->mac->iter)) <= 0) {
+        if (p12->mac->iter != NULL) {
-                PKCS12error(PKCS12_R_DECODE_ERROR);
+                if ((iter = ASN1_INTEGER_get(p12->mac->iter)) <= 0) {
-                return 0;
+                        PKCS12error(PKCS12_R_DECODE_ERROR);
+                        goto err;
+                }
        }
-        if (!(md_type = EVP_get_digestbyobj(
-            p12->mac->dinfo->algor->algorithm))) {
+        md_type = EVP_get_digestbyobj(p12->mac->dinfo->algor->algorithm);
+        if (md_type == NULL) {
                PKCS12error(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
-                return 0;
+                goto err;
        }
-        md_size = EVP_MD_size(md_type);
-        if (md_size < 0)
+        if ((md_size = EVP_MD_size(md_type)) < 0)
-                return 0;
+                goto err;
        if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
            md_size, key, md_type)) {
                PKCS12error(PKCS12_R_KEY_GEN_ERROR);
-                return 0;
+                goto err;
-        }
-        HMAC_CTX_init(&hmac);
-        if (!HMAC_Init_ex(&hmac, key, md_size, md_type, NULL) ||
-            !HMAC_Update(&hmac, p12->authsafes->d.data->data,
-            p12->authsafes->d.data->length) ||
-            !HMAC_Final(&hmac, mac, maclen)) {
-                HMAC_CTX_cleanup(&hmac);
-                return 0;
        }
-        HMAC_CTX_cleanup(&hmac);
-        return 1;
+        if ((hmac = HMAC_CTX_new()) == NULL)
+                goto err;
+        if (!HMAC_Init_ex(hmac, key, md_size, md_type, NULL))
+               goto err;
+        if (!HMAC_Update(hmac, p12->authsafes->d.data->data,
+            p12->authsafes->d.data->length))
+                goto err;
+        if (!HMAC_Final(hmac, mac, maclen))
+                goto err;
+        ret = 1;
+ err:
+        explicit_bzero(key, sizeof(key));
+        HMAC_CTX_free(hmac);
+        return ret;
 }
 /* Verify the mac */
author	tb <>	2022-07-24 18:45:21 +0000
committer	tb <>	2022-07-24 18:45:21 +0000
commit	1493045f08f03758295a7a7705e542ba0ab344fe (patch)
tree	2b5b5dc195a619991f2b72efe6614b068b164fc8 /src
parent	f7c32e80c91813c76c71a6198fafdeeff899f215 (diff)
download	openbsd-1493045f08f03758295a7a7705e542ba0ab344fe.tar.gz openbsd-1493045f08f03758295a7a7705e542ba0ab344fe.tar.bz2 openbsd-1493045f08f03758295a7a7705e542ba0ab344fe.zip

diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c index aaba1e74de..9a8a411c3f 100644 --- a/src/lib/libcrypto/pkcs12/p12_mutl.c +++ b/src/lib/libcrypto/pkcs12/p12_mutl.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: p12_mutl.c,v 1.28 2022/07/24 18:41:08 tb Exp $ */	1	/* $OpenBSD: p12_mutl.c,v 1.29 2022/07/24 18:45:21 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 1999.	3	* project 1999.
4	*/	4	*/
@@ -78,47 +78,60 @@ PKCS12_gen_mac(PKCS12 p12, const char pass, int passlen,
78	unsigned char mac, unsigned int maclen)	78	unsigned char mac, unsigned int maclen)
79	{	79	{
80	const EVP_MD *md_type;	80	const EVP_MD *md_type;
81	HMAC_CTX hmac;	81	HMAC_CTX *hmac = NULL;
82	unsigned char key[EVP_MAX_MD_SIZE], *salt;	82	unsigned char key[EVP_MAX_MD_SIZE], *salt;
83	int saltlen, iter;	83	int saltlen, iter;
84	int md_size;	84	int md_size;
		85	int ret = 0;
85		86
86	if (!PKCS7_type_is_data(p12->authsafes)) {	87	if (!PKCS7_type_is_data(p12->authsafes)) {
87	PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA);	88	PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA);
88	return 0;	89	goto err;
89	}	90	}
90		91
91	salt = p12->mac->salt->data;	92	salt = p12->mac->salt->data;
92	saltlen = p12->mac->salt->length;	93	saltlen = p12->mac->salt->length;
93	if (!p12->mac->iter)	94
94	iter = 1;	95	iter = 1;
95	else if ((iter = ASN1_INTEGER_get(p12->mac->iter)) <= 0) {	96	if (p12->mac->iter != NULL) {
96	PKCS12error(PKCS12_R_DECODE_ERROR);	97	if ((iter = ASN1_INTEGER_get(p12->mac->iter)) <= 0) {
97	return 0;	98	PKCS12error(PKCS12_R_DECODE_ERROR);
		99	goto err;
		100	}
98	}	101	}
99	if (!(md_type = EVP_get_digestbyobj(	102
100	p12->mac->dinfo->algor->algorithm))) {	103	md_type = EVP_get_digestbyobj(p12->mac->dinfo->algor->algorithm);
		104	if (md_type == NULL) {
101	PKCS12error(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);	105	PKCS12error(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
102	return 0;	106	goto err;
103	}	107	}
104	md_size = EVP_MD_size(md_type);	108
105	if (md_size < 0)	109	if ((md_size = EVP_MD_size(md_type)) < 0)
106	return 0;	110	goto err;
		111
107	if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,	112	if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
108	md_size, key, md_type)) {	113	md_size, key, md_type)) {
109	PKCS12error(PKCS12_R_KEY_GEN_ERROR);	114	PKCS12error(PKCS12_R_KEY_GEN_ERROR);
110	return 0;	115	goto err;
111	}
112	HMAC_CTX_init(&hmac);
113	if (!HMAC_Init_ex(&hmac, key, md_size, md_type, NULL) \|\|
114	!HMAC_Update(&hmac, p12->authsafes->d.data->data,
115	p12->authsafes->d.data->length) \|\|
116	!HMAC_Final(&hmac, mac, maclen)) {
117	HMAC_CTX_cleanup(&hmac);
118	return 0;
119	}	116	}
120	HMAC_CTX_cleanup(&hmac);	117
121	return 1;	118	if ((hmac = HMAC_CTX_new()) == NULL)
		119	goto err;
		120	if (!HMAC_Init_ex(hmac, key, md_size, md_type, NULL))
		121	goto err;
		122	if (!HMAC_Update(hmac, p12->authsafes->d.data->data,
		123	p12->authsafes->d.data->length))
		124	goto err;
		125	if (!HMAC_Final(hmac, mac, maclen))
		126	goto err;
		127
		128	ret = 1;
		129
		130	err:
		131	explicit_bzero(key, sizeof(key));
		132	HMAC_CTX_free(hmac);
		133
		134	return ret;
122	}	135	}
123		136
124	/* Verify the mac */	137	/* Verify the mac */