[openssl-commits] [openssl] master update
Paul I. Dale
pauli at openssl.org
Mon Sep 3 21:32:39 UTC 2018
The branch master has been updated
via 2d28a42f899c2f5e03b0e49a660ed3c1f744e7a3 (commit)
from bfb10b975818d1887d676d309fcc21a765611f6d (commit)
- Log -----------------------------------------------------------------
commit 2d28a42f899c2f5e03b0e49a660ed3c1f744e7a3
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Mon Sep 3 14:15:13 2018 +1000
hmac_init cleanup and fix key zeroization issue
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7092)
-----------------------------------------------------------------------
Summary of changes:
crypto/hmac/hmac.c | 33 ++++++++++++++++-----------------
1 file changed, 16 insertions(+), 17 deletions(-)
diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
index 156725e..e0944b9 100644
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -18,6 +18,7 @@
int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
const EVP_MD *md, ENGINE *impl)
{
+ int rv = 0;
int i, j, reset = 0;
unsigned char pad[HMAC_MAX_MD_CBLOCK];
@@ -38,15 +39,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
reset = 1;
j = EVP_MD_block_size(md);
if (!ossl_assert(j <= (int)sizeof(ctx->key)))
- goto err;
+ return 0;
if (j < len) {
- if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl))
- goto err;
- if (!EVP_DigestUpdate(ctx->md_ctx, key, len))
- goto err;
- if (!EVP_DigestFinal_ex(ctx->md_ctx, ctx->key,
- &ctx->key_length))
- goto err;
+ if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl)
+ || !EVP_DigestUpdate(ctx->md_ctx, key, len)
+ || !EVP_DigestFinal_ex(ctx->md_ctx, ctx->key,
+ &ctx->key_length))
+ return 0;
} else {
if (len < 0 || len > (int)sizeof(ctx->key))
return 0;
@@ -61,23 +60,23 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
if (reset) {
for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
pad[i] = 0x36 ^ ctx->key[i];
- if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl))
- goto err;
- if (!EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md)))
+ if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl)
+ || !EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md)))
goto err;
for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
pad[i] = 0x5c ^ ctx->key[i];
- if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl))
- goto err;
- if (!EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md)))
+ if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl)
+ || !EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md)))
goto err;
}
if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->i_ctx))
goto err;
- return 1;
+ rv = 1;
err:
- return 0;
+ if (reset)
+ OPENSSL_cleanse(pad, sizeof(pad));
+ return rv;
}
#if OPENSSL_API_COMPAT < 0x10100000L
More information about the openssl-commits
mailing list