diff options
author | Richard Levitte <levitte@openssl.org> | 2015-11-30 13:44:28 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2015-12-07 17:39:23 +0100 |
commit | bf7c68177b6fbb80406c60136654b6fefe7e3ba2 (patch) | |
tree | 16905424df7a7ba3a5ff5f5d9fc305e522f1b948 /ssl | |
parent | 3f43aecc599a5a729609deca7d98a677334ab3b8 (diff) |
Adapt the rest of the source to the opaque HMAC_CTX
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/statem/statem_srvr.c | 17 | ||||
-rw-r--r-- | ssl/t1_lib.c | 21 |
2 files changed, 20 insertions, 18 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 687191d23d..f1d1796d1e 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3160,7 +3160,7 @@ int tls_construct_new_session_ticket(SSL *s) { unsigned char *senc = NULL; EVP_CIPHER_CTX ctx; - HMAC_CTX hctx = HMAC_CTX_EMPTY; + HMAC_CTX *hctx = NULL; unsigned char *p, *macstart; const unsigned char *const_p; int len, slen_full, slen; @@ -3187,7 +3187,7 @@ int tls_construct_new_session_ticket(SSL *s) } EVP_CIPHER_CTX_init(&ctx); - HMAC_CTX_init(&hctx); + hctx = HMAC_CTX_new(); p = senc; if (!i2d_SSL_SESSION(s->session, &p)) @@ -3233,8 +3233,7 @@ int tls_construct_new_session_ticket(SSL *s) * all the work otherwise use generated values from parent ctx. */ if (tctx->tlsext_ticket_key_cb) { - if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, - &hctx, 1) < 0) + if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, hctx, 1) < 0) goto err; } else { if (RAND_bytes(iv, 16) <= 0) @@ -3242,7 +3241,7 @@ int tls_construct_new_session_ticket(SSL *s) if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, tctx->tlsext_tick_aes_key, iv)) goto err; - if (!HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, + if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, 16, EVP_sha256(), NULL)) goto err; memcpy(key_name, tctx->tlsext_tick_key_name, 16); @@ -3272,13 +3271,13 @@ int tls_construct_new_session_ticket(SSL *s) goto err; p += len; - if (!HMAC_Update(&hctx, macstart, p - macstart)) + if (!HMAC_Update(hctx, macstart, p - macstart)) goto err; - if (!HMAC_Final(&hctx, p, &hlen)) + if (!HMAC_Final(hctx, p, &hlen)) goto err; EVP_CIPHER_CTX_cleanup(&ctx); - HMAC_CTX_cleanup(&hctx); + HMAC_CTX_free(hctx); p += hlen; /* Now write out lengths: p points to end of data written */ @@ -3295,7 +3294,7 @@ int tls_construct_new_session_ticket(SSL *s) err: OPENSSL_free(senc); EVP_CIPHER_CTX_cleanup(&ctx); - HMAC_CTX_cleanup(&hctx); + HMAC_CTX_free(hctx); ossl_statem_set_error(s); return 0; } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 622bdd9833..a6f2502c72 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3027,6 +3027,7 @@ end: * point to the resulting session. * * Returns: + * -2: fatal error, malloc failure. * -1: fatal error, either from parsing or decrypting the ticket. * 2: the ticket couldn't be decrypted. * 3: a ticket was successfully decrypted and *psess was set. @@ -3041,19 +3042,21 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, const unsigned char *p; int slen, mlen, renew_ticket = 0; unsigned char tick_hmac[EVP_MAX_MD_SIZE]; - HMAC_CTX hctx = HMAC_CTX_EMPTY; + HMAC_CTX *hctx = NULL; EVP_CIPHER_CTX ctx; SSL_CTX *tctx = s->initial_ctx; /* Need at least keyname + iv + some encrypted data */ if (eticklen < 48) return 2; /* Initialize session ticket encryption and HMAC contexts */ - HMAC_CTX_init(&hctx); + hctx = HMAC_CTX_new(); + if (hctx == NULL) + return -2; EVP_CIPHER_CTX_init(&ctx); if (tctx->tlsext_ticket_key_cb) { unsigned char *nctick = (unsigned char *)etick; int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, - &ctx, &hctx, 0); + &ctx, hctx, 0); if (rv < 0) return -1; if (rv == 0) @@ -3064,7 +3067,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, /* Check key name matches */ if (memcmp(etick, tctx->tlsext_tick_key_name, 16)) return 2; - if (HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, + if (HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, 16, EVP_sha256(), NULL) <= 0 || EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, tctx->tlsext_tick_aes_key, @@ -3076,17 +3079,17 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, * Attempt to process session ticket, first conduct sanity and integrity * checks on ticket. */ - mlen = HMAC_size(&hctx); + mlen = HMAC_size(hctx); if (mlen < 0) { goto err; } eticklen -= mlen; /* Check HMAC of encrypted ticket */ - if (HMAC_Update(&hctx, etick, eticklen) <= 0 - || HMAC_Final(&hctx, tick_hmac, NULL) <= 0) { + if (HMAC_Update(hctx, etick, eticklen) <= 0 + || HMAC_Final(hctx, tick_hmac, NULL) <= 0) { goto err; } - HMAC_CTX_cleanup(&hctx); + HMAC_CTX_free(hctx); if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) { EVP_CIPHER_CTX_cleanup(&ctx); return 2; @@ -3135,7 +3138,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, return 2; err: EVP_CIPHER_CTX_cleanup(&ctx); - HMAC_CTX_cleanup(&hctx); + HMAC_CTX_free(hctx); return -1; } |