The branch master has been updated via e0810e3502bbf14ee274033e7eeabb551ce38510 (commit) from bdd58bd249f1b6d4c7ccdd9c54fd33db874e0084 (commit)
- Log ----------------------------------------------------------------- commit e0810e3502bbf14ee274033e7eeabb551ce38510 Author: Pauli <paul.d...@oracle.com> Date: Thu Aug 16 08:54:35 2018 +1000 Fix HMAC SHA3-224 and HMAC SHA3-256. Added NIST test cases for these two as well. Additionally deprecate the public definiton of HMAC_MAX_MD_CBLOCK in 1.2.0. Reviewed-by: Tim Hudson <t...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6972) ----------------------------------------------------------------------- Summary of changes: crypto/hmac/hmac.c | 12 +++++------ crypto/hmac/hmac_lcl.h | 7 +++++-- include/openssl/hmac.h | 6 ++++-- test/recipes/30-test_evp_data/evpmac.txt | 36 ++++++++++++++++++++++++++++++++ 4 files changed, 51 insertions(+), 10 deletions(-) diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index e0944b9..e4031b4 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -20,7 +20,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, { int rv = 0; int i, j, reset = 0; - unsigned char pad[HMAC_MAX_MD_CBLOCK]; + unsigned char pad[HMAC_MAX_MD_CBLOCK_SIZE]; /* If we are changing MD then we must have a key */ if (md != NULL && md != ctx->md && (key == NULL || len < 0)) @@ -52,19 +52,19 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, memcpy(ctx->key, key, len); ctx->key_length = len; } - if (ctx->key_length != HMAC_MAX_MD_CBLOCK) + if (ctx->key_length != HMAC_MAX_MD_CBLOCK_SIZE) memset(&ctx->key[ctx->key_length], 0, - HMAC_MAX_MD_CBLOCK - ctx->key_length); + HMAC_MAX_MD_CBLOCK_SIZE - ctx->key_length); } if (reset) { - for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) + for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++) pad[i] = 0x36 ^ ctx->key[i]; if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl) || !EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md))) goto err; - for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) + for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++) pad[i] = 0x5c ^ ctx->key[i]; if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl) || !EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md))) @@ -194,7 +194,7 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx) goto err; if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx)) goto err; - memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK); + memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK_SIZE); dctx->key_length = sctx->key_length; dctx->md = sctx->md; return 1; diff --git a/crypto/hmac/hmac_lcl.h b/crypto/hmac/hmac_lcl.h index 7ba0aac..8fd8345 100644 --- a/crypto/hmac/hmac_lcl.h +++ b/crypto/hmac/hmac_lcl.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,13 +10,16 @@ #ifndef HEADER_HMAC_LCL_H # define HEADER_HMAC_LCL_H +/* The current largest case is for SHA3-224 */ +#define HMAC_MAX_MD_CBLOCK_SIZE 144 + struct hmac_ctx_st { const EVP_MD *md; EVP_MD_CTX *md_ctx; EVP_MD_CTX *i_ctx; EVP_MD_CTX *o_ctx; unsigned int key_length; - unsigned char key[HMAC_MAX_MD_CBLOCK]; + unsigned char key[HMAC_MAX_MD_CBLOCK_SIZE]; }; #endif diff --git a/include/openssl/hmac.h b/include/openssl/hmac.h index 9f06896..458efc1 100644 --- a/include/openssl/hmac.h +++ b/include/openssl/hmac.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,7 +14,9 @@ # include <openssl/evp.h> -# define HMAC_MAX_MD_CBLOCK 128/* largest known is SHA512 */ +# if OPENSSL_API_COMPAT < 0x10200000L +# define HMAC_MAX_MD_CBLOCK 128 /* Deprecated */ +# endif #ifdef __cplusplus extern "C" { diff --git a/test/recipes/30-test_evp_data/evpmac.txt b/test/recipes/30-test_evp_data/evpmac.txt index ef7ba94..9de8be1 100644 --- a/test/recipes/30-test_evp_data/evpmac.txt +++ b/test/recipes/30-test_evp_data/evpmac.txt @@ -249,6 +249,42 @@ Title = SHA3 # NIST's test vectors MAC = HMAC +Algorithm = SHA3-224 +Input = "Sample message for keylen<blocklen" +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b +Output = 332cfd59347fdb8e576e77260be4aba2d6dc53117b3bfb52c6d18c04 + +MAC = HMAC +Algorithm = SHA3-224 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f +Output = d8b733bcf66c644a12323d564e24dcf3fc75f231f3b67968359100c7 + +MAC = HMAC +Algorithm = SHA3-224 +Input = "Sample message for keylen>blocklen" +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaab +Output = 078695eecc227c636ad31d063a15dd05a7e819a66ec6d8de1e193e59 + +MAC = HMAC +Algorithm = SHA3-256 +Input = "Sample message for keylen<blocklen" +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +Output = 4fe8e202c4f058e8dddc23d8c34e467343e23555e24fc2f025d598f558f67205 + +MAC = HMAC +Algorithm = SHA3-256 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384858687 +Output = 68b94e2e538a9be4103bebb5aa016d47961d4d1aa906061313b557f8af2c3faa + +MAC = HMAC +Algorithm = SHA3-256 +Input = "Sample message for keylen>blocklen" +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7 +Output = 9bcf2c238e235c3ce88404e813bd2f3a97185ac6f238c63d6229a00b07974258 + +MAC = HMAC Algorithm = SHA3-384 Input = "Sample message for keylen<blocklen" Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits