[ \
EVP_CIPHER_CTX_new \
EVP_CIPHER_CTX_free \
+ HMAC_CTX_new \
+ HMAC_CTX_free \
+ HMAC_CTX_reset \
+ HMAC_CTX_init \
EVP_MD_CTX_new \
EVP_MD_CTX_free \
EVP_MD_CTX_reset \
}
if (kt->digest && kt->hmac_length > 0)
{
- ALLOC_OBJ(ctx->hmac, hmac_ctx_t);
+ ctx->hmac = hmac_ctx_new();
hmac_ctx_init(ctx->hmac, key->hmac, kt->hmac_length, kt->digest);
msg(D_HANDSHAKE,
if (ctx->hmac)
{
hmac_ctx_cleanup(ctx->hmac);
- free(ctx->hmac);
+ hmac_ctx_free(ctx->hmac);
ctx->hmac = NULL;
}
ctx->implicit_iv_len = 0;
*
*/
+/*
+ * Create a new HMAC context
+ *
+ * @return A new HMAC context
+ */
+hmac_ctx_t *hmac_ctx_new(void);
+
+/*
+ * Free an existing HMAC context
+ *
+ * @param ctx HMAC context to free
+ */
+void hmac_ctx_free(hmac_ctx_t *ctx);
+
/*
* Initialises the given HMAC context, using the given digest
* and key.
/*
* TODO: re-enable dmsg for crypto debug
*/
+
+mbedtls_md_context_t *
+hmac_ctx_new(void)
+{
+ mbedtls_md_context_t *ctx;
+ ALLOC_OBJ(ctx, mbedtls_md_context_t);
+ return ctx;
+}
+
+void
+hmac_ctx_free(mbedtls_md_context_t *ctx)
+{
+ free(ctx);
+}
+
void
hmac_ctx_init(mbedtls_md_context_t *ctx, const uint8_t *key, int key_len,
const mbedtls_md_info_t *kt)
*
*/
+HMAC_CTX *
+hmac_ctx_new(void)
+{
+ HMAC_CTX *ctx = HMAC_CTX_new();
+ check_malloc_return(ctx);
+ return ctx;
+}
+
+void
+hmac_ctx_free(HMAC_CTX *ctx)
+{
+ HMAC_CTX_free(ctx);
+}
void
hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len,
{
ASSERT(NULL != kt && NULL != ctx);
- CLEAR(*ctx);
-
HMAC_CTX_init(ctx);
HMAC_Init_ex(ctx, key, key_len, kt, NULL);
void
hmac_ctx_cleanup(HMAC_CTX *ctx)
{
- HMAC_CTX_cleanup(ctx);
+ HMAC_CTX_reset(ctx);
}
int
gen_hmac_md5(const char *data, int data_len, const char *key, int key_len,char *result)
{
const md_kt_t *md5_kt = md_kt_get("MD5");
- hmac_ctx_t hmac_ctx;
- CLEAR(hmac_ctx);
+ hmac_ctx_t *hmac_ctx = hmac_ctx_new();
- hmac_ctx_init(&hmac_ctx, key, key_len, md5_kt);
- hmac_ctx_update(&hmac_ctx, (const unsigned char *)data, data_len);
- hmac_ctx_final(&hmac_ctx, (unsigned char *)result);
- hmac_ctx_cleanup(&hmac_ctx);
+ hmac_ctx_init(hmac_ctx, key, key_len, md5_kt);
+ hmac_ctx_update(hmac_ctx, (const unsigned char *)data, data_len);
+ hmac_ctx_final(hmac_ctx, (unsigned char *)result);
+ hmac_ctx_cleanup(hmac_ctx);
+ hmac_ctx_free(hmac_ctx);
}
static void
}
#endif
+#if !defined(HAVE_HMAC_CTX_RESET)
+/**
+ * Reset a HMAC context
+ *
+ * @param ctx The HMAC context
+ * @return 1 on success, 0 on error
+ */
+static inline int
+HMAC_CTX_reset(HMAC_CTX *ctx)
+{
+ HMAC_CTX_cleanup(ctx);
+ return 1;
+}
+#endif
+
+#if !defined(HAVE_HMAC_CTX_INIT)
+/**
+ * Init a HMAC context
+ *
+ * @param ctx The HMAC context
+ *
+ * Contrary to many functions in this file, HMAC_CTX_init() is not
+ * an OpenSSL 1.1 function: it comes from previous versions and was
+ * removed in v1.1. As a consequence, there is no distincting in
+ * v1.1 between a cleanup, and init and a reset. Yet, previous OpenSSL
+ * version need this distinction.
+ *
+ * In order to respect previous OpenSSL versions, we implement init
+ * as reset for OpenSSL 1.1+.
+ */
+static inline void
+HMAC_CTX_init(HMAC_CTX *ctx)
+{
+ HMAC_CTX_reset(ctx);
+}
+#endif
+
+#if !defined(HAVE_HMAC_CTX_FREE)
+/**
+ * Free an existing HMAC context
+ *
+ * @param ctx The HMAC context
+ */
+static inline void
+HMAC_CTX_free(HMAC_CTX *c)
+{
+ free(c);
+}
+#endif
+
+#if !defined(HAVE_HMAC_CTX_NEW)
+/**
+ * Allocate a new HMAC context object
+ *
+ * @return A zero'ed HMAC context object
+ */
+static inline HMAC_CTX *
+HMAC_CTX_new(void)
+{
+ HMAC_CTX *ctx = NULL;
+ ALLOC_OBJ_CLEAR(ctx, HMAC_CTX);
+ return ctx;
+}
+#endif
+
#if !defined(HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB_USERDATA)
/**
* Fetch the default password callback user data from the SSL context
{
struct gc_arena gc = gc_new();
int chunk;
- hmac_ctx_t ctx;
- hmac_ctx_t ctx_tmp;
+ hmac_ctx_t *ctx;
+ hmac_ctx_t *ctx_tmp;
uint8_t A1[MAX_HMAC_KEY_LENGTH];
unsigned int A1_len;
const uint8_t *out_orig = out;
#endif
- CLEAR(ctx);
- CLEAR(ctx_tmp);
+ ctx = hmac_ctx_new();
+ ctx_tmp = hmac_ctx_new();
dmsg(D_SHOW_KEY_SOURCE, "tls1_P_hash sec: %s", format_hex(sec, sec_len, 0, &gc));
dmsg(D_SHOW_KEY_SOURCE, "tls1_P_hash seed: %s", format_hex(seed, seed_len, 0, &gc));
chunk = md_kt_size(md_kt);
A1_len = md_kt_size(md_kt);
- hmac_ctx_init(&ctx, sec, sec_len, md_kt);
- hmac_ctx_init(&ctx_tmp, sec, sec_len, md_kt);
+ hmac_ctx_init(ctx, sec, sec_len, md_kt);
+ hmac_ctx_init(ctx_tmp, sec, sec_len, md_kt);
- hmac_ctx_update(&ctx,seed,seed_len);
- hmac_ctx_final(&ctx, A1);
+ hmac_ctx_update(ctx,seed,seed_len);
+ hmac_ctx_final(ctx, A1);
for (;; )
{
- hmac_ctx_reset(&ctx);
- hmac_ctx_reset(&ctx_tmp);
- hmac_ctx_update(&ctx,A1,A1_len);
- hmac_ctx_update(&ctx_tmp,A1,A1_len);
- hmac_ctx_update(&ctx,seed,seed_len);
+ hmac_ctx_reset(ctx);
+ hmac_ctx_reset(ctx_tmp);
+ hmac_ctx_update(ctx,A1,A1_len);
+ hmac_ctx_update(ctx_tmp,A1,A1_len);
+ hmac_ctx_update(ctx,seed,seed_len);
if (olen > chunk)
{
- hmac_ctx_final(&ctx, out);
+ hmac_ctx_final(ctx, out);
out += chunk;
olen -= chunk;
- hmac_ctx_final(&ctx_tmp, A1); /* calc the next A1 value */
+ hmac_ctx_final(ctx_tmp, A1); /* calc the next A1 value */
}
else /* last one */
{
- hmac_ctx_final(&ctx, A1);
+ hmac_ctx_final(ctx, A1);
memcpy(out,A1,olen);
break;
}
}
- hmac_ctx_cleanup(&ctx);
- hmac_ctx_cleanup(&ctx_tmp);
+ hmac_ctx_cleanup(ctx);
+ hmac_ctx_free(ctx);
+ hmac_ctx_cleanup(ctx_tmp);
+ hmac_ctx_free(ctx_tmp);
secure_memzero(A1, sizeof(A1));
dmsg(D_SHOW_KEY_SOURCE, "tls1_P_hash out: %s", format_hex(out_orig, olen_orig, 0, &gc));
projects / thirdparty / openvpn.git / commitdiff
