diff options
author | Kurt Roeckx <kurt@roeckx.be> | 2018-11-04 19:16:20 +0100 |
---|---|---|
committer | Kurt Roeckx <kurt@roeckx.be> | 2019-06-06 17:41:41 +0200 |
commit | be5fc053ed40bb714944f93e2d35265d2096f71f (patch) | |
tree | c3cf4d433e820288944c7f4eeb04bfccd9f2d86c /crypto/kdf | |
parent | e6071f29c24cd22ac7857bf88917598265cc90a9 (diff) |
Replace EVP_MAC_CTX_copy() by EVP_MAC_CTX_dup()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
GH: #7651
Diffstat (limited to 'crypto/kdf')
-rw-r--r-- | crypto/kdf/sskdf.c | 8 | ||||
-rw-r--r-- | crypto/kdf/tls1_prf.c | 21 |
2 files changed, 19 insertions, 10 deletions
diff --git a/crypto/kdf/sskdf.c b/crypto/kdf/sskdf.c index 92bf995425..31a1c1044e 100644 --- a/crypto/kdf/sskdf.c +++ b/crypto/kdf/sskdf.c @@ -202,9 +202,8 @@ static int SSKDF_mac_kdm(const EVP_MAC *kdf_mac, const EVP_MD *hmac_md, || derived_key_len == 0) return 0; - ctx = EVP_MAC_CTX_new(kdf_mac); ctx_init = EVP_MAC_CTX_new(kdf_mac); - if (ctx == NULL || ctx_init == NULL) + if (ctx_init == NULL) goto end; if (hmac_md != NULL && EVP_MAC_ctrl(ctx_init, EVP_MAC_CTRL_SET_MD, hmac_md) <= 0) @@ -233,7 +232,8 @@ static int SSKDF_mac_kdm(const EVP_MAC *kdf_mac, const EVP_MD *hmac_md, c[2] = (unsigned char)((counter >> 8) & 0xff); c[3] = (unsigned char)(counter & 0xff); - if (!(EVP_MAC_CTX_copy(ctx, ctx_init) + ctx = EVP_MAC_CTX_dup(ctx_init); + if (!(ctx != NULL && EVP_MAC_update(ctx, c, sizeof(c)) && EVP_MAC_update(ctx, z, z_len) && EVP_MAC_update(ctx, info, info_len))) @@ -251,6 +251,8 @@ static int SSKDF_mac_kdm(const EVP_MAC *kdf_mac, const EVP_MD *hmac_md, memcpy(out, mac, len); break; } + EVP_MAC_CTX_free(ctx); + ctx = NULL; } ret = 1; end: diff --git a/crypto/kdf/tls1_prf.c b/crypto/kdf/tls1_prf.c index c39cf204f7..b14ae6fee1 100644 --- a/crypto/kdf/tls1_prf.c +++ b/crypto/kdf/tls1_prf.c @@ -237,10 +237,8 @@ static int tls1_prf_P_hash(const EVP_MD *md, size_t Ai_len; int ret = 0; - ctx = EVP_MAC_CTX_new_id(EVP_MAC_HMAC); - ctx_Ai = EVP_MAC_CTX_new_id(EVP_MAC_HMAC); ctx_init = EVP_MAC_CTX_new_id(EVP_MAC_HMAC); - if (ctx == NULL || ctx_Ai == NULL || ctx_init == NULL) + if (ctx_init == NULL) goto err; if (EVP_MAC_ctrl(ctx_init, EVP_MAC_CTRL_SET_FLAGS, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) != 1) goto err; @@ -254,7 +252,8 @@ static int tls1_prf_P_hash(const EVP_MD *md, if (chunk == 0) goto err; /* A(0) = seed */ - if (!EVP_MAC_CTX_copy(ctx_Ai, ctx_init)) + ctx_Ai = EVP_MAC_CTX_dup(ctx_init); + if (ctx_Ai == NULL) goto err; if (seed != NULL && !EVP_MAC_update(ctx_Ai, seed, seed_len)) goto err; @@ -263,15 +262,21 @@ static int tls1_prf_P_hash(const EVP_MD *md, /* calc: A(i) = HMAC_<hash>(secret, A(i-1)) */ if (!EVP_MAC_final(ctx_Ai, Ai, &Ai_len)) goto err; + EVP_MAC_CTX_free(ctx_Ai); + ctx_Ai = NULL; /* calc next chunk: HMAC_<hash>(secret, A(i) + seed) */ - if (!EVP_MAC_CTX_copy(ctx, ctx_init)) + ctx = EVP_MAC_CTX_dup(ctx_init); + if (ctx == NULL) goto err; if (!EVP_MAC_update(ctx, Ai, Ai_len)) goto err; /* save state for calculating next A(i) value */ - if (olen > chunk && !EVP_MAC_CTX_copy(ctx_Ai, ctx)) - goto err; + if (olen > chunk) { + ctx_Ai = EVP_MAC_CTX_dup(ctx); + if (ctx_Ai == NULL) + goto err; + } if (seed != NULL && !EVP_MAC_update(ctx, seed, seed_len)) goto err; if (olen <= chunk) { @@ -283,6 +288,8 @@ static int tls1_prf_P_hash(const EVP_MD *md, } if (!EVP_MAC_final(ctx, out, NULL)) goto err; + EVP_MAC_CTX_free(ctx); + ctx = NULL; out += chunk; olen -= chunk; } |