diff options
-rw-r--r-- | apps/speed.c | 6 | ||||
-rw-r--r-- | crypto/evp/p5_crpt2.c | 2 | ||||
-rw-r--r-- | crypto/hmac/hmac.c | 12 | ||||
-rw-r--r-- | crypto/hmac/hmac.h | 6 | ||||
-rw-r--r-- | crypto/pkcs12/p12_mutl.c | 2 | ||||
-rw-r--r-- | doc/crypto/hmac.pod | 31 | ||||
-rw-r--r-- | ssl/t1_enc.c | 10 |
7 files changed, 52 insertions, 17 deletions
diff --git a/apps/speed.c b/apps/speed.c index 795a1430c8..5d609a8c16 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1065,8 +1065,8 @@ int MAIN(int argc, char **argv) HMAC_CTX hctx; HMAC_CTX_init(&hctx); - HMAC_Init(&hctx,(unsigned char *)"This is a key...", - 16,EVP_md5()); + HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...", + 16,EVP_md5()); for (j=0; j<SIZE_NUM; j++) { @@ -1074,7 +1074,7 @@ int MAIN(int argc, char **argv) Time_F(START); for (count=0,run=1; COND(c[D_HMAC][j]); count++) { - HMAC_Init(&hctx,NULL,0,NULL); + HMAC_Init_ex(&hctx,NULL,0,NULL); HMAC_Update(&hctx,buf,lengths[j]); HMAC_Final(&hctx,&(hmac[0]),NULL); } diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index 6c4b3eaf34..14cad73cde 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -100,7 +100,7 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, itmp[1] = (unsigned char)((i >> 16) & 0xff); itmp[2] = (unsigned char)((i >> 8) & 0xff); itmp[3] = (unsigned char)(i & 0xff); - HMAC_Init(&hctx, pass, passlen, EVP_sha1()); + HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1()); HMAC_Update(&hctx, salt, saltlen); HMAC_Update(&hctx, itmp, 4); HMAC_Final(&hctx, digtmp, NULL); diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index a2a49d986a..3fff7b1af3 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -60,8 +60,8 @@ #include <string.h> #include <openssl/hmac.h> -void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, - const EVP_MD *md) +void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md) { int i,j,reset=0; unsigned char pad[HMAC_MAX_MD_CBLOCK]; @@ -110,6 +110,14 @@ void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx); } +void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md) + { + if(key && md) + HMAC_CTX_init(ctx); + HMAC_Init_ex(ctx,key,len,md); + } + void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len) { EVP_DigestUpdate(&ctx->md_ctx,data,len); diff --git a/crypto/hmac/hmac.h b/crypto/hmac/hmac.h index e70b01b2fb..58ac3d0993 100644 --- a/crypto/hmac/hmac.h +++ b/crypto/hmac/hmac.h @@ -86,8 +86,12 @@ typedef struct hmac_ctx_st void HMAC_CTX_init(HMAC_CTX *ctx); void HMAC_CTX_cleanup(HMAC_CTX *ctx); +#define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */ + void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, - const EVP_MD *md); + const EVP_MD *md); /* deprecated */ +void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md); void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 2e1b7d874f..b6a10de70c 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -87,7 +87,7 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen, return 0; } HMAC_CTX_init(&hmac); - HMAC_Init (&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type); + HMAC_Init_ex (&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type); HMAC_Update (&hmac, p12->authsafes->d.data->data, p12->authsafes->d.data->length); HMAC_Final (&hmac, mac, maclen); diff --git a/doc/crypto/hmac.pod b/doc/crypto/hmac.pod index f86e7d7ddf..579bf9e8a0 100644 --- a/doc/crypto/hmac.pod +++ b/doc/crypto/hmac.pod @@ -13,11 +13,16 @@ authentication code int key_len, const unsigned char *d, int n, unsigned char *md, unsigned int *md_len); + void HMAC_CTX_init(HMAC_CTX *ctx); + void HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md); + void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, + const EVP_MD *md); void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); + void HMAC_CTX_cleanup(HMAC_CTX *ctx); void HMAC_cleanup(HMAC_CTX *ctx); =head1 DESCRIPTION @@ -39,13 +44,31 @@ B<evp_md> can be EVP_sha1(), EVP_ripemd160() etc. B<key> and B<evp_md> may be B<NULL> if a key and hash function have been set in a previous call to HMAC_Init() for that B<HMAC_CTX>. -HMAC_cleanup() erases the key and other data from the B<HMAC_CTX>. +HMAC_CTX_init() initialises a B<HMAC_CTX> before first use. It must be +called. + +HMAC_CTX_cleanup() erases the key and other data from the B<HMAC_CTX> +and releases any associated resources. It must be called when an +B<HMAC_CTX> is no longer required. + +HMAC_cleanup() is an alias for HMAC_CTX_cleanup() included for back +compatibility with 0.9.6b, it is deprecated. The following functions may be used if the message is not completely stored in memory: HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash -function B<evp_md> and the key B<key> which is B<key_len> bytes long. +function B<evp_md> and the key B<key> which is B<key_len> bytes +long. It is deprecated and only included for backward compatibility +with OpenSSL 0.9.6b. + +HMAC_Init_ex() initializes or reuses a B<HMAC_CTX> structure to use +the function B<evp_md> and key B<key>. Either can be NULL, in which +case the existing one will be reused. HMAC_CTX_init() must have been +called before the first use of an B<HMAC_CTX> in this +function. B<N.B. HMAC_Init() had this undocumented behaviour in +previous versions of OpenSSL - failure to switch to HMAC_Init_ex() in +programs that expect it will cause them to stop working>. HMAC_Update() can be called repeatedly with chunks of the message to be authenticated (B<len> bytes at B<data>). @@ -57,8 +80,8 @@ must have space for the hash function output. HMAC() returns a pointer to the message authentication code. -HMAC_Init(), HMAC_Update(), HMAC_Final() and HMAC_cleanup() do not -return values. +HMAC_CTX_init(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and +HMAC_CTX_cleanup() do not return values. =head1 CONFORMING TO diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 11cd1b6e82..0548533354 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -78,16 +78,16 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, HMAC_CTX_init(&ctx); HMAC_CTX_init(&ctx_tmp); - HMAC_Init(&ctx,sec,sec_len,md); - HMAC_Init(&ctx_tmp,sec,sec_len,md); + HMAC_Init_ex(&ctx,sec,sec_len,md); + HMAC_Init_ex(&ctx_tmp,sec,sec_len,md); HMAC_Update(&ctx,seed,seed_len); HMAC_Final(&ctx,A1,&A1_len); n=0; for (;;) { - HMAC_Init(&ctx,NULL,0,NULL); /* re-init */ - HMAC_Init(&ctx_tmp,NULL,0,NULL); /* re-init */ + HMAC_Init_ex(&ctx,NULL,0,NULL); /* re-init */ + HMAC_Init_ex(&ctx_tmp,NULL,0,NULL); /* re-init */ HMAC_Update(&ctx,A1,A1_len); HMAC_Update(&ctx_tmp,A1,A1_len); HMAC_Update(&ctx,seed,seed_len); @@ -652,7 +652,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ HMAC_CTX_init(&hmac); - HMAC_Init(&hmac,mac_sec,EVP_MD_size(hash),hash); + HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash); HMAC_Update(&hmac,seq,8); HMAC_Update(&hmac,buf,5); HMAC_Update(&hmac,rec->input,rec->length); |