diff options
Diffstat (limited to 'src/openssl/hmac.c')
-rw-r--r-- | src/openssl/hmac.c | 69 |
1 files changed, 57 insertions, 12 deletions
diff --git a/src/openssl/hmac.c b/src/openssl/hmac.c index bad1ac03..edfc3af4 100644 --- a/src/openssl/hmac.c +++ b/src/openssl/hmac.c @@ -13,7 +13,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #ifndef XMLSEC_NO_HMAC #include "globals.h" @@ -33,6 +33,16 @@ #include <xmlsec/openssl/crypto.h> +/* new API from OpenSSL 1.1.0 (https://www.openssl.org/docs/manmaster/crypto/hmac.html): + * + * HMAC_CTX_new() and HMAC_CTX_free() are new in OpenSSL version 1.1. + */ +#if !defined(XMLSEC_OPENSSL_110) +#define HMAC_CTX_new() ((HMAC_CTX*)calloc(1, sizeof(HMAC_CTX))) +#define HMAC_CTX_free(x) { HMAC_CTX_cleanup((x)); free((x)); } +#endif /* !defined(XMLSEC_OPENSSL_110) */ + + /* sizes in bits */ #define XMLSEC_OPENSSL_MIN_HMAC_SIZE 80 #define XMLSEC_OPENSSL_MAX_HMAC_SIZE (EVP_MAX_MD_SIZE * 8) @@ -75,7 +85,7 @@ void xmlSecOpenSSLHmacSetMinOutputLength(int min_length) typedef struct _xmlSecOpenSSLHmacCtx xmlSecOpenSSLHmacCtx, *xmlSecOpenSSLHmacCtxPtr; struct _xmlSecOpenSSLHmacCtx { const EVP_MD* hmacDgst; - HMAC_CTX hmacCtx; + HMAC_CTX* hmacCtx; int ctxInitialized; xmlSecByte dgst[XMLSEC_OPENSSL_MAX_HMAC_SIZE]; xmlSecSize dgstSize; /* dgst size in bits */ @@ -232,9 +242,18 @@ xmlSecOpenSSLHmacInitialize(xmlSecTransformPtr transform) { return(-1); } -#ifndef XMLSEC_OPENSSL_096 - HMAC_CTX_init(&(ctx->hmacCtx)); -#endif /* XMLSEC_OPENSSL_096 */ + /* create hmac CTX */ + ctx->hmacCtx = HMAC_CTX_new(); + if(ctx->hmacCtx == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "HMAC_CTX_new", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + /* done */ return(0); } @@ -248,9 +267,10 @@ xmlSecOpenSSLHmacFinalize(xmlSecTransformPtr transform) { ctx = xmlSecOpenSSLHmacGetCtx(transform); xmlSecAssert(ctx != NULL); -#ifndef XMLSEC_OPENSSL_096 - HMAC_CTX_cleanup(&(ctx->hmacCtx)); -#endif /* XMLSEC_OPENSSL_096 */ + if(ctx->hmacCtx != NULL) { + HMAC_CTX_free(ctx->hmacCtx); + } + memset(ctx, 0, sizeof(xmlSecOpenSSLHmacCtx)); } @@ -327,6 +347,7 @@ xmlSecOpenSSLHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { xmlSecOpenSSLHmacCtxPtr ctx; xmlSecKeyDataPtr value; xmlSecBufferPtr buffer; + int ret; xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1); @@ -335,6 +356,7 @@ xmlSecOpenSSLHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { ctx = xmlSecOpenSSLHmacGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->hmacCtx != NULL, -1); xmlSecAssert2(ctx->hmacDgst != NULL, -1); xmlSecAssert2(ctx->ctxInitialized == 0, -1); @@ -354,10 +376,32 @@ xmlSecOpenSSLHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { } xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1); - HMAC_Init(&(ctx->hmacCtx), + +#if (defined(XMLSEC_OPENSSL_098)) + /* no return value in 0.9.8 */ + HMAC_Init_ex(ctx->hmacCtx, + xmlSecBufferGetData(buffer), + xmlSecBufferGetSize(buffer), + ctx->hmacDgst, + NULL); + ret = 1; +#else /* (defined(XMLSEC_OPENSSL_098)) */ + ret = HMAC_Init_ex(ctx->hmacCtx, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), - ctx->hmacDgst); + ctx->hmacDgst, + NULL); +#endif /* (defined(XMLSEC_OPENSSL_098)) */ + + if(ret != 1) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "HMAC_Init_ex", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + NULL); + return(-1); + } + ctx->ctxInitialized = 1; return(0); } @@ -448,6 +492,7 @@ xmlSecOpenSSLHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransform ctx = xmlSecOpenSSLHmacGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(ctx->ctxInitialized != 0, -1); + xmlSecAssert2(ctx->hmacCtx != NULL, -1); if(transform->status == xmlSecTransformStatusNone) { /* we should be already initialized when we set key */ @@ -459,7 +504,7 @@ xmlSecOpenSSLHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransform inSize = xmlSecBufferGetSize(in); if(inSize > 0) { - HMAC_Update(&(ctx->hmacCtx), xmlSecBufferGetData(in), inSize); + HMAC_Update(ctx->hmacCtx, xmlSecBufferGetData(in), inSize); ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { @@ -475,7 +520,7 @@ xmlSecOpenSSLHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransform if(last) { unsigned int dgstSize; - HMAC_Final(&(ctx->hmacCtx), ctx->dgst, &dgstSize); + HMAC_Final(ctx->hmacCtx, ctx->dgst, &dgstSize); xmlSecAssert2(dgstSize > 0, -1); /* check/set the result digest size */ |