diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-03-29 19:42:33 +0200 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-05-08 14:35:03 +0200 |
commit | 0a8a6afdfb71e42962921980b51942cea8632697 (patch) | |
tree | 745f3e64cca2a9993fc2548f0a80a20dca231bcb /ssl/tls13_enc.c | |
parent | bea31afef013aaf5638e96e9bed1b633c510d50d (diff) |
Add quick one-shot EVP_Q_mac() and deprecation compensation decls for MAC functions
This helps compensating for deprecated functions such as HMAC()
and reduces clutter in the crypto lib, apps, and tests.
Also fixes memory leaks in generate_cookie_callback() of apps/lib/s_cb.c.
and replaces 'B<...>' by 'I<...>' where appropriate in HMAC.pod
Partially fixes #14628.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14664)
Diffstat (limited to 'ssl/tls13_enc.c')
-rw-r--r-- | ssl/tls13_enc.c | 26 |
1 files changed, 7 insertions, 19 deletions
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index f88d59948d..dba1e5fb8c 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -306,22 +306,14 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, unsigned char *out) { const char *mdname = EVP_MD_name(ssl_handshake_md(s)); - EVP_MAC *hmac = EVP_MAC_fetch(s->ctx->libctx, "HMAC", s->ctx->propq); unsigned char hash[EVP_MAX_MD_SIZE]; unsigned char finsecret[EVP_MAX_MD_SIZE]; unsigned char *key = NULL; + unsigned int len = 0; size_t hashlen, ret = 0; - EVP_MAC_CTX *ctx = NULL; - OSSL_PARAM params[3], *p = params; - - if (hmac == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } + OSSL_PARAM params[2], *p = params; /* Safe to cast away const here since we're not "getting" any data */ - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_DIGEST, - (char *)mdname, 0); if (s->ctx->propq != NULL) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_PROPERTIES, (char *)s->ctx->propq, @@ -345,21 +337,17 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, key = finsecret; } - ctx = EVP_MAC_CTX_new(hmac); - if (ctx == NULL - || !EVP_MAC_init(ctx, key, hashlen, params) - || !EVP_MAC_update(ctx, hash, hashlen) - /* outsize as per sizeof(peer_finish_md) */ - || !EVP_MAC_final(ctx, out, &hashlen, EVP_MAX_MD_SIZE * 2)) { + if (!EVP_Q_mac(s->ctx->libctx, "HMAC", s->ctx->propq, mdname, + params, key, hashlen, hash, hashlen, + /* outsize as per sizeof(peer_finish_md) */ + out, EVP_MAX_MD_SIZE * 2, &len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } - ret = hashlen; + ret = len; err: OPENSSL_cleanse(finsecret, sizeof(finsecret)); - EVP_MAC_CTX_free(ctx); - EVP_MAC_free(hmac); return ret; } |