[openssl] master update
Richard Levitte
levitte at openssl.org
Wed Jun 23 21:01:32 UTC 2021
The branch master has been updated
via 21dfdbef4965d95d65bfc942aafafd342cb61e4c (commit)
via 006de7670a12dff617e86a55b6db7c6e3b1f8fef (commit)
from 86ff7cf2a6cdf26f2ba7e64db6fe5c92c64bf9ac (commit)
- Log -----------------------------------------------------------------
commit 21dfdbef4965d95d65bfc942aafafd342cb61e4c
Author: Richard Levitte <levitte at openssl.org>
Date: Tue Jun 22 18:11:03 2021 +0200
Adapt other parts of the source to the changed EVP_Q_digest() and EVP_Q_mac()
Fixes #15839
Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15861)
commit 006de7670a12dff617e86a55b6db7c6e3b1f8fef
Author: Richard Levitte <levitte at openssl.org>
Date: Tue Jun 22 18:09:25 2021 +0200
EVP: Change the output size type of EVP_Q_digest() and EVP_Q_mac()
This makes them more consistent with other new interfaces.
Fixes #15839
Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15861)
-----------------------------------------------------------------------
Summary of changes:
apps/lib/s_cb.c | 28 ++++++++++++++--------------
crypto/crmf/crmf_pbm.c | 4 +---
crypto/evp/digest.c | 9 ++++++---
crypto/evp/mac_lib.c | 9 +++++----
crypto/hmac/hmac.c | 17 +++++++++++------
doc/man3/EVP_DigestInit.pod | 11 ++++++-----
doc/man3/EVP_MAC.pod | 2 +-
include/openssl/evp.h | 6 +++---
ssl/tls13_enc.c | 6 ++----
9 files changed, 49 insertions(+), 43 deletions(-)
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index ef431c98ea..245bae6249 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -740,8 +740,8 @@ void tlsext_cb(SSL *s, int client_server, int type,
}
#ifndef OPENSSL_NO_SOCK
-int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
- unsigned int *cookie_len)
+int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
+ size_t *cookie_len)
{
unsigned char *buffer = NULL;
size_t length = 0;
@@ -800,16 +800,16 @@ end:
return res;
}
-int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
- unsigned int cookie_len)
+int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,
+ size_t cookie_len)
{
unsigned char result[EVP_MAX_MD_SIZE];
- unsigned int resultlength;
+ size_t resultlength;
/* Note: we check cookie_initialized because if it's not,
* it cannot be valid */
if (cookie_initialized
- && generate_cookie_callback(ssl, result, &resultlength)
+ && generate_stateless_cookie_callback(ssl, result, &resultlength)
&& cookie_len == resultlength
&& memcmp(result, cookie, resultlength) == 0)
return 1;
@@ -817,20 +817,20 @@ int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
return 0;
}
-int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
- size_t *cookie_len)
+int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
+ unsigned int *cookie_len)
{
- unsigned int temp = 0;
+ size_t temp = 0;
+ int res = generate_stateless_cookie_callback(ssl, cookie, &temp);
- int res = generate_cookie_callback(ssl, cookie, &temp);
- *cookie_len = temp;
+ *cookie_len = (unsigned int)temp;
return res;
}
-int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,
- size_t cookie_len)
+int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
+ unsigned int cookie_len)
{
- return verify_cookie_callback(ssl, cookie, cookie_len);
+ return verify_stateless_cookie_callback(ssl, cookie, cookie_len);
}
#endif
diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c
index 0c217295d3..aba6b3a16f 100644
--- a/crypto/crmf/crmf_pbm.c
+++ b/crypto/crmf/crmf_pbm.c
@@ -140,7 +140,6 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq,
unsigned int bklen = EVP_MAX_MD_SIZE;
int64_t iterations;
unsigned char *mac_res = 0;
- unsigned int maclen;
int ok = 0;
if (out == NULL || pbmp == NULL || pbmp->mac == NULL
@@ -207,10 +206,9 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq,
goto err;
}
if (EVP_Q_mac(libctx, "HMAC", propq, hmac_mdname, NULL, basekey, bklen,
- msg, msglen, mac_res, EVP_MAX_MD_SIZE, &maclen) == NULL)
+ msg, msglen, mac_res, EVP_MAX_MD_SIZE, outlen) == NULL)
goto err;
- *outlen = (size_t)maclen;
ok = 1;
err:
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 98c39343be..4a5c926103 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -630,16 +630,19 @@ int EVP_Digest(const void *data, size_t count,
}
int EVP_Q_digest(OSSL_LIB_CTX *libctx, const char *name, const char *propq,
- const void *data, size_t count,
- unsigned char *md, unsigned int *size)
+ const void *data, size_t datalen,
+ unsigned char *md, size_t *mdlen)
{
EVP_MD *digest = EVP_MD_fetch(libctx, name, propq);
+ unsigned int temp = 0;
int ret = 0;
if (digest != NULL) {
- ret = EVP_Digest(data, count, md, size, digest, NULL);
+ ret = EVP_Digest(data, datalen, md, &temp, digest, NULL);
EVP_MD_free(digest);
}
+ if (mdlen != NULL)
+ *mdlen = temp;
return ret;
}
diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c
index 339d10919f..1a68c58919 100644
--- a/crypto/evp/mac_lib.c
+++ b/crypto/evp/mac_lib.c
@@ -233,16 +233,17 @@ int EVP_MAC_names_do_all(const EVP_MAC *mac,
return 1;
}
-unsigned char *EVP_Q_mac(OSSL_LIB_CTX *libctx, const char *name, const char *propq,
+unsigned char *EVP_Q_mac(OSSL_LIB_CTX *libctx,
+ const char *name, const char *propq,
const char *subalg, const OSSL_PARAM *params,
const void *key, size_t keylen,
const unsigned char *data, size_t datalen,
- unsigned char *out, size_t outsize, unsigned int *outlen)
+ unsigned char *out, size_t outsize, size_t *outlen)
{
EVP_MAC *mac = EVP_MAC_fetch(libctx, name, propq);
OSSL_PARAM subalg_param[] = { OSSL_PARAM_END, OSSL_PARAM_END };
EVP_MAC_CTX *ctx = NULL;
- size_t len;
+ size_t len = 0;
unsigned char *res = NULL;
if (outlen != NULL)
@@ -286,7 +287,7 @@ unsigned char *EVP_Q_mac(OSSL_LIB_CTX *libctx, const char *name, const char *pro
}
res = out;
if (res != NULL && outlen != NULL)
- *outlen = (unsigned int)len;
+ *outlen = len;
}
err:
diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
index 618b0a6196..940d867ca6 100644
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
@@ -224,12 +224,17 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
{
static unsigned char static_md[EVP_MAX_MD_SIZE];
int size = EVP_MD_get_size(evp_md);
-
- if (size < 0)
- return NULL;
- return EVP_Q_mac(NULL, "HMAC", NULL, EVP_MD_get0_name(evp_md), NULL,
- key, key_len, data, data_len,
- md == NULL ? static_md : md, size, md_len);
+ size_t temp_md_len = 0;
+ unsigned char *ret = NULL;
+
+ if (size >= 0) {
+ ret = EVP_Q_mac(NULL, "HMAC", NULL, EVP_MD_get0_name(evp_md), NULL,
+ key, key_len, data, data_len,
+ md == NULL ? static_md : md, size, &temp_md_len);
+ if (md_len != NULL)
+ *md_len = (unsigned int)temp_md_len;
+ }
+ return ret;
}
void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod
index dd822a4ca0..75d8e63e24 100644
--- a/doc/man3/EVP_DigestInit.pod
+++ b/doc/man3/EVP_DigestInit.pod
@@ -52,8 +52,8 @@ EVP_MD_CTX_type, EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_md_data
int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags);
int EVP_Q_digest(OSSL_LIB_CTX *libctx, const char *name, const char *propq,
- const void *data, size_t count,
- unsigned char *md, unsigned int *size);
+ const void *data, size_t datalen,
+ unsigned char *md, size_t *mdlen);
int EVP_Digest(const void *data, size_t count, unsigned char *md,
unsigned int *size, const EVP_MD *type, ENGINE *impl);
int EVP_DigestInit_ex2(EVP_MD_CTX *ctx, const EVP_MD *type,
@@ -234,9 +234,10 @@ as a parameter descriptor.
Sets, clears and tests I<ctx> flags. See L</FLAGS> below for more information.
=item EVP_Q_digest() is a quick one-shot digest function.
-It hashes I<count> bytes of data at I<data> using the digest algorithm I<name>,
-which is fetched using the optional I<libctx> and I<propq> parameters.
-The digest value is placed in I<md> and its length is written at I<size>
+
+It hashes I<datalen> bytes of data at I<data> using the digest algorithm
+I<name>, which is fetched using the optional I<libctx> and I<propq> parameters.
+The digest value is placed in I<md> and its length is written at I<mdlen>
if the pointer is not NULL. At most B<EVP_MAX_MD_SIZE> bytes will be written.
=item EVP_Digest()
diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod
index 0c68f42b6f..289cbda757 100644
--- a/doc/man3/EVP_MAC.pod
+++ b/doc/man3/EVP_MAC.pod
@@ -46,7 +46,7 @@ EVP_MAC_do_all_provided - EVP MAC routines
const char *subalg, const OSSL_PARAM *params,
const void *key, size_t keylen,
const unsigned char *data, size_t datalen,
- unsigned char *out, size_t outsize, unsigned int *outlen);
+ unsigned char *out, size_t outsize, size_t *outlen);
int EVP_MAC_init(EVP_MAC_CTX *ctx, const unsigned char *key, size_t keylen,
const OSSL_PARAM params[]);
int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen);
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 50cf8eeb77..76fabd63ed 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -715,8 +715,8 @@ __owur int EVP_Digest(const void *data, size_t count,
unsigned char *md, unsigned int *size,
const EVP_MD *type, ENGINE *impl);
__owur int EVP_Q_digest(OSSL_LIB_CTX *libctx, const char *name,
- const char *propq, const void *data, size_t count,
- unsigned char *md, unsigned int *size);
+ const char *propq, const void *data, size_t datalen,
+ unsigned char *md, size_t *mdlen);
__owur int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
__owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
@@ -1216,7 +1216,7 @@ unsigned char *EVP_Q_mac(OSSL_LIB_CTX *libctx, const char *name, const char *pro
const char *subalg, const OSSL_PARAM *params,
const void *key, size_t keylen,
const unsigned char *data, size_t datalen,
- unsigned char *out, size_t outsize, unsigned int *outlen);
+ unsigned char *out, size_t outsize, size_t *outlen);
int EVP_MAC_init(EVP_MAC_CTX *ctx, const unsigned char *key, size_t keylen,
const OSSL_PARAM params[]);
int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen);
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 11e39715d8..91c4248117 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -309,8 +309,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
unsigned char hash[EVP_MAX_MD_SIZE];
unsigned char finsecret[EVP_MAX_MD_SIZE];
unsigned char *key = NULL;
- unsigned int len = 0;
- size_t hashlen, ret = 0;
+ size_t len = 0, hashlen;
OSSL_PARAM params[2], *p = params;
/* Safe to cast away const here since we're not "getting" any data */
@@ -345,10 +344,9 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
goto err;
}
- ret = len;
err:
OPENSSL_cleanse(finsecret, sizeof(finsecret));
- return ret;
+ return len;
}
/*
More information about the openssl-commits
mailing list