The branch master has been updated
       via  7ed66e2634e6cfbb16a1ef975572e79a479217a8 (commit)
       via  be5fc053ed40bb714944f93e2d35265d2096f71f (commit)
      from  e6071f29c24cd22ac7857bf88917598265cc90a9 (commit)


- Log -----------------------------------------------------------------
commit 7ed66e2634e6cfbb16a1ef975572e79a479217a8
Author: Kurt Roeckx <k...@roeckx.be>
Date:   Wed Dec 19 00:36:40 2018 +0100

    Change EVP_MAC method from copy to dup
    
    Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
    GH: #7651

commit be5fc053ed40bb714944f93e2d35265d2096f71f
Author: Kurt Roeckx <k...@roeckx.be>
Date:   Sun Nov 4 19:16:20 2018 +0100

    Replace EVP_MAC_CTX_copy() by EVP_MAC_CTX_dup()
    
    Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
    GH: #7651

-----------------------------------------------------------------------

Summary of changes:
 crypto/blake2/blake2b_mac.c       | 12 ++++++--
 crypto/blake2/blake2s_mac.c       | 12 ++++++--
 crypto/cmac/cm_meth.c             | 18 ++++++++----
 crypto/err/openssl.txt            |  3 +-
 crypto/evp/evp_err.c              |  3 +-
 crypto/evp/mac_lib.c              | 24 ++++++++++-----
 crypto/evp/pkey_mac.c             | 46 ++++++++++++++++++-----------
 crypto/gmac/gmac.c                | 18 ++++++++++--
 crypto/hmac/hm_meth.c             | 19 ++++++++----
 crypto/include/internal/evp_int.h |  2 +-
 crypto/kdf/sskdf.c                |  8 +++--
 crypto/kdf/tls1_prf.c             | 21 +++++++++-----
 crypto/kmac/kmac.c                | 19 +++++++++---
 crypto/modes/modes_lcl.h          |  1 -
 crypto/modes/siv128.c             | 61 +++++++++++++++++++++++----------------
 crypto/poly1305/poly1305_meth.c   | 12 ++++++--
 crypto/siphash/siphash_meth.c     | 13 +++++++--
 doc/man3/EVP_MAC.pod              | 21 +++++++-------
 include/openssl/evp.h             |  2 +-
 include/openssl/evperr.h          |  3 +-
 util/libcrypto.num                |  2 +-
 21 files changed, 215 insertions(+), 105 deletions(-)

diff --git a/crypto/blake2/blake2b_mac.c b/crypto/blake2/blake2b_mac.c
index b38e9b8..f6025b1 100644
--- a/crypto/blake2/blake2b_mac.c
+++ b/crypto/blake2/blake2b_mac.c
@@ -39,10 +39,16 @@ static void blake2b_mac_free(EVP_MAC_IMPL *macctx)
     }
 }
 
-static int blake2b_mac_copy(EVP_MAC_IMPL *dst, EVP_MAC_IMPL *src)
+static EVP_MAC_IMPL *blake2b_mac_dup(const EVP_MAC_IMPL *src)
 {
+    EVP_MAC_IMPL *dst;
+
+    dst = OPENSSL_zalloc(sizeof(*dst));
+    if (dst == NULL)
+        return NULL;
+
     *dst = *src;
-    return 1;
+    return dst;
 }
 
 static int blake2b_mac_init(EVP_MAC_IMPL *macctx)
@@ -177,7 +183,7 @@ static size_t blake2b_mac_size(EVP_MAC_IMPL *macctx)
 const EVP_MAC blake2b_mac_meth = {
     EVP_MAC_BLAKE2B,
     blake2b_mac_new,
-    blake2b_mac_copy,
+    blake2b_mac_dup,
     blake2b_mac_free,
     blake2b_mac_size,
     blake2b_mac_init,
diff --git a/crypto/blake2/blake2s_mac.c b/crypto/blake2/blake2s_mac.c
index 04dbf4e..9ce8db1 100644
--- a/crypto/blake2/blake2s_mac.c
+++ b/crypto/blake2/blake2s_mac.c
@@ -39,10 +39,16 @@ static void blake2s_mac_free(EVP_MAC_IMPL *macctx)
     }
 }
 
-static int blake2s_mac_copy(EVP_MAC_IMPL *dst, EVP_MAC_IMPL *src)
+static EVP_MAC_IMPL *blake2s_mac_dup(const EVP_MAC_IMPL *src)
 {
+    EVP_MAC_IMPL *dst;
+
+    dst = OPENSSL_malloc(sizeof(*dst));
+    if (dst == NULL)
+        return NULL;
+
     *dst = *src;
-    return 1;
+    return dst;
 }
 
 static int blake2s_mac_init(EVP_MAC_IMPL *macctx)
@@ -177,7 +183,7 @@ static size_t blake2s_mac_size(EVP_MAC_IMPL *macctx)
 const EVP_MAC blake2s_mac_meth = {
     EVP_MAC_BLAKE2S,
     blake2s_mac_new,
-    blake2s_mac_copy,
+    blake2s_mac_dup,
     blake2s_mac_free,
     blake2s_mac_size,
     blake2s_mac_init,
diff --git a/crypto/cmac/cm_meth.c b/crypto/cmac/cm_meth.c
index 3f20e6c..07acf05 100644
--- a/crypto/cmac/cm_meth.c
+++ b/crypto/cmac/cm_meth.c
@@ -46,14 +46,22 @@ static void cmac_free(EVP_MAC_IMPL *cctx)
     }
 }
 
-static int cmac_copy(EVP_MAC_IMPL *cdst, EVP_MAC_IMPL *csrc)
+static EVP_MAC_IMPL *cmac_dup(const EVP_MAC_IMPL *csrc)
 {
-    if (!CMAC_CTX_copy(cdst->ctx, csrc->ctx))
-        return 0;
+    EVP_MAC_IMPL *cdst = cmac_new();
+
+    if (cdst == NULL)
+        return NULL;
+
+    if (!CMAC_CTX_copy(cdst->ctx, csrc->ctx)) {
+        cmac_free(cdst);
+        return NULL;
+    }
 
     cdst->tmpengine = csrc->tmpengine;
     cdst->tmpcipher = csrc->tmpcipher;
-    return 1;
+
+    return cdst;
 }
 
 static size_t cmac_size(EVP_MAC_IMPL *cctx)
@@ -153,7 +161,7 @@ static int cmac_ctrl_str(EVP_MAC_IMPL *cctx, const char 
*type,
 const EVP_MAC cmac_meth = {
     EVP_MAC_CMAC,
     cmac_new,
-    cmac_copy,
+    cmac_dup,
     cmac_free,
     cmac_size,
     cmac_init,
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 72057ac..3fb8c96 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -809,7 +809,7 @@ EVP_F_EVP_KDF_CTX_NEW:240:EVP_KDF_CTX_new
 EVP_F_EVP_KDF_CTX_NEW_ID:226:EVP_KDF_CTX_new_id
 EVP_F_EVP_MAC_CTRL:209:EVP_MAC_ctrl
 EVP_F_EVP_MAC_CTRL_STR:210:EVP_MAC_ctrl_str
-EVP_F_EVP_MAC_CTX_COPY:211:EVP_MAC_CTX_copy
+EVP_F_EVP_MAC_CTX_DUP:211:EVP_MAC_CTX_dup
 EVP_F_EVP_MAC_CTX_NEW:213:EVP_MAC_CTX_new
 EVP_F_EVP_MAC_INIT:212:EVP_MAC_init
 EVP_F_EVP_MD_BLOCK_SIZE:232:EVP_MD_block_size
@@ -880,6 +880,7 @@ EVP_F_PKCS5_V2_PBE_KEYIVGEN:118:PKCS5_v2_PBE_keyivgen
 EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN:164:PKCS5_v2_PBKDF2_keyivgen
 EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN:180:PKCS5_v2_scrypt_keyivgen
 EVP_F_PKEY_KDF_CTRL:227:pkey_kdf_ctrl
+EVP_F_PKEY_MAC_COPY:241:pkey_mac_copy
 EVP_F_PKEY_MAC_INIT:214:pkey_mac_init
 EVP_F_PKEY_SET_TYPE:158:pkey_set_type
 EVP_F_POLY1305_CTRL:216:poly1305_ctrl
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index 836f5ee..199fabb 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -78,7 +78,7 @@ static const ERR_STRING_DATA EVP_str_functs[] = {
     {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_KDF_CTX_NEW_ID, 0), "EVP_KDF_CTX_new_id"},
     {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MAC_CTRL, 0), "EVP_MAC_ctrl"},
     {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MAC_CTRL_STR, 0), "EVP_MAC_ctrl_str"},
-    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MAC_CTX_COPY, 0), "EVP_MAC_CTX_copy"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MAC_CTX_DUP, 0), "EVP_MAC_CTX_dup"},
     {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MAC_CTX_NEW, 0), "EVP_MAC_CTX_new"},
     {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MAC_INIT, 0), "EVP_MAC_init"},
     {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_BLOCK_SIZE, 0), "EVP_MD_block_size"},
@@ -179,6 +179,7 @@ static const ERR_STRING_DATA EVP_str_functs[] = {
     {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, 0),
      "PKCS5_v2_scrypt_keyivgen"},
     {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_KDF_CTRL, 0), "pkey_kdf_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_MAC_COPY, 0), "pkey_mac_copy"},
     {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_MAC_INIT, 0), "pkey_mac_init"},
     {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_SET_TYPE, 0), "pkey_set_type"},
     {ERR_PACK(ERR_LIB_EVP, EVP_F_POLY1305_CTRL, 0), "poly1305_ctrl"},
diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c
index 39efff0..ee4a68f 100644
--- a/crypto/evp/mac_lib.c
+++ b/crypto/evp/mac_lib.c
@@ -48,18 +48,28 @@ void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx)
     OPENSSL_free(ctx);
 }
 
-int EVP_MAC_CTX_copy(EVP_MAC_CTX *dst, const EVP_MAC_CTX *src)
+EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src)
 {
-    EVP_MAC_IMPL *macdata;
+    EVP_MAC_CTX *dst;
 
-    if (src->data != NULL && !dst->meth->copy(dst->data, src->data))
-        return 0;
+    if (src->data == NULL)
+        return NULL;
+
+    dst = OPENSSL_malloc(sizeof(*dst));
+    if (dst == NULL) {
+        EVPerr(EVP_F_EVP_MAC_CTX_DUP, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
 
-    macdata = dst->data;
     *dst = *src;
-    dst->data = macdata;
 
-    return 1;
+    dst->data = src->meth->dup(src->data);
+    if (dst->data == NULL) {
+        EVP_MAC_CTX_free(dst);
+        return NULL;
+    }
+
+    return dst;
 }
 
 const EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx)
diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c
index fc627f1..fafe3c9 100644
--- a/crypto/evp/pkey_mac.c
+++ b/crypto/evp/pkey_mac.c
@@ -10,6 +10,7 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include "internal/evp_int.h"
+#include "evp_locl.h"
 
 /* MAC PKEY context structure */
 
@@ -75,15 +76,25 @@ static int pkey_mac_copy(EVP_PKEY_CTX *dst, const 
EVP_PKEY_CTX *src)
 {
     MAC_PKEY_CTX *sctx, *dctx;
 
-    if (!pkey_mac_init(dst))
+    sctx = EVP_PKEY_CTX_get_data(src);
+    if (sctx->ctx->data == NULL)
         return 0;
 
-    sctx = EVP_PKEY_CTX_get_data(src);
-    dctx = EVP_PKEY_CTX_get_data(dst);
+    dctx = OPENSSL_zalloc(sizeof(*dctx));
+    if (dctx == NULL) {
+        EVPerr(EVP_F_PKEY_MAC_COPY, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
 
-    if (!EVP_MAC_CTX_copy(dctx->ctx, sctx->ctx))
+    EVP_PKEY_CTX_set_data(dst, dctx);
+    dst->keygen_info_count = 0;
+
+    dctx->ctx = EVP_MAC_CTX_dup(sctx->ctx);
+    if (dctx->ctx == NULL)
         goto err;
 
+    dctx->type = sctx->type;
+
     switch (dctx->type) {
     case MAC_TYPE_RAW:
         dctx->raw_data.md = sctx->raw_data.md;
@@ -100,7 +111,7 @@ static int pkey_mac_copy(EVP_PKEY_CTX *dst, const 
EVP_PKEY_CTX *src)
     }
     return 1;
  err:
-    pkey_mac_cleanup (dst);
+    pkey_mac_cleanup(dst);
     return 0;
 }
 
@@ -141,14 +152,10 @@ static int pkey_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY 
*pkey)
         break;
     case MAC_TYPE_MAC:
         {
-            EVP_MAC_CTX *cmkey = EVP_MAC_CTX_new_id(nid);
+            EVP_MAC_CTX *cmkey = EVP_MAC_CTX_dup(hctx->ctx);
 
             if (cmkey == NULL)
                 return 0;
-            if (!EVP_MAC_CTX_copy(cmkey, hctx->ctx)) {
-                EVP_MAC_CTX_free(cmkey);
-                return 0;
-            }
             EVP_PKEY_assign(pkey, nid, cmkey);
         }
         break;
@@ -249,13 +256,18 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int 
p1, void *p2)
         case MAC_TYPE_RAW:
             hctx->raw_data.md = p2;
             break;
-        case MAC_TYPE_MAC:
-            if (ctx->pkey != NULL
-                && !EVP_MAC_CTX_copy(hctx->ctx,
-                                     (EVP_MAC_CTX *)ctx->pkey->pkey.ptr))
-                return 0;
-            if (!EVP_MAC_init(hctx->ctx))
-                return 0;
+        case MAC_TYPE_MAC: {
+                EVP_MAC_CTX *new_mac_ctx;
+
+                if (ctx->pkey == NULL)
+                    return 0;
+                new_mac_ctx = EVP_MAC_CTX_dup((EVP_MAC_CTX *)ctx->pkey
+                                              ->pkey.ptr);
+                if (new_mac_ctx == NULL)
+                    return 0;
+                EVP_MAC_CTX_free(hctx->ctx);
+                hctx->ctx = new_mac_ctx;
+            }
             break;
         default:
             /* This should be dead code */
diff --git a/crypto/gmac/gmac.c b/crypto/gmac/gmac.c
index 5e3891f..0e2eda3 100644
--- a/crypto/gmac/gmac.c
+++ b/crypto/gmac/gmac.c
@@ -39,11 +39,23 @@ static EVP_MAC_IMPL *gmac_new(void)
     return gctx;
 }
 
-static int gmac_copy(EVP_MAC_IMPL *gdst, EVP_MAC_IMPL *gsrc)
+static EVP_MAC_IMPL *gmac_dup(const EVP_MAC_IMPL *gsrc)
 {
+    EVP_MAC_IMPL *gdst;
+
+    gdst = gmac_new();
+    if (gdst == NULL)
+        return NULL;
+
+    if (!EVP_CIPHER_CTX_copy(gdst->ctx, gsrc->ctx)) {
+        gmac_free(gdst);
+        return NULL;
+    }
+
     gdst->cipher = gsrc->cipher;
     gdst->engine = gsrc->engine;
-    return EVP_CIPHER_CTX_copy(gdst->ctx, gsrc->ctx);
+
+    return gdst;
 }
 
 static size_t gmac_size(EVP_MAC_IMPL *gctx)
@@ -172,7 +184,7 @@ static int gmac_ctrl_str(EVP_MAC_IMPL *gctx, const char 
*type,
 const EVP_MAC gmac_meth = {
     EVP_MAC_GMAC,
     gmac_new,
-    gmac_copy,
+    gmac_dup,
     gmac_free,
     gmac_size,
     gmac_init,
diff --git a/crypto/hmac/hm_meth.c b/crypto/hmac/hm_meth.c
index 705bf7f..db9af95 100644
--- a/crypto/hmac/hm_meth.c
+++ b/crypto/hmac/hm_meth.c
@@ -45,14 +45,23 @@ static void hmac_free(EVP_MAC_IMPL *hctx)
     }
 }
 
-static int hmac_copy(EVP_MAC_IMPL *hdst, EVP_MAC_IMPL *hsrc)
+static EVP_MAC_IMPL *hmac_dup(const EVP_MAC_IMPL *hsrc)
 {
-    if (!HMAC_CTX_copy(hdst->ctx, hsrc->ctx))
-        return 0;
+    EVP_MAC_IMPL *hdst;
+
+    hdst = hmac_new();
+    if (hdst == NULL)
+        return NULL;
+
+    if (!HMAC_CTX_copy(hdst->ctx, hsrc->ctx)) {
+        hmac_free(hdst);
+        return NULL;
+    }
 
     hdst->tmpengine = hsrc->tmpengine;
     hdst->tmpmd = hsrc->tmpmd;
-    return 1;
+
+    return hdst;
 }
 
 static size_t hmac_size(EVP_MAC_IMPL *hctx)
@@ -162,7 +171,7 @@ static int hmac_ctrl_str(EVP_MAC_IMPL *hctx, const char 
*type,
 const EVP_MAC hmac_meth = {
     EVP_MAC_HMAC,
     hmac_new,
-    hmac_copy,
+    hmac_dup,
     hmac_free,
     hmac_size,
     hmac_init,
diff --git a/crypto/include/internal/evp_int.h 
b/crypto/include/internal/evp_int.h
index 77684b2..183fc42 100644
--- a/crypto/include/internal/evp_int.h
+++ b/crypto/include/internal/evp_int.h
@@ -118,7 +118,7 @@ typedef struct evp_mac_impl_st EVP_MAC_IMPL;
 struct evp_mac_st {
     int type;
     EVP_MAC_IMPL *(*new) (void);
-    int (*copy) (EVP_MAC_IMPL *macdst, EVP_MAC_IMPL *macsrc);
+    EVP_MAC_IMPL *(*dup) (const EVP_MAC_IMPL *macsrc);
     void (*free) (EVP_MAC_IMPL *macctx);
     size_t (*size) (EVP_MAC_IMPL *macctx);
     int (*init) (EVP_MAC_IMPL *macctx);
diff --git a/crypto/kdf/sskdf.c b/crypto/kdf/sskdf.c
index 92bf995..31a1c10 100644
--- a/crypto/kdf/sskdf.c
+++ b/crypto/kdf/sskdf.c
@@ -202,9 +202,8 @@ static int SSKDF_mac_kdm(const EVP_MAC *kdf_mac, const 
EVP_MD *hmac_md,
             || derived_key_len == 0)
         return 0;
 
-    ctx = EVP_MAC_CTX_new(kdf_mac);
     ctx_init = EVP_MAC_CTX_new(kdf_mac);
-    if (ctx == NULL || ctx_init == NULL)
+    if (ctx_init == NULL)
         goto end;
     if (hmac_md != NULL &&
             EVP_MAC_ctrl(ctx_init, EVP_MAC_CTRL_SET_MD, hmac_md) <= 0)
@@ -233,7 +232,8 @@ static int SSKDF_mac_kdm(const EVP_MAC *kdf_mac, const 
EVP_MD *hmac_md,
         c[2] = (unsigned char)((counter >> 8) & 0xff);
         c[3] = (unsigned char)(counter & 0xff);
 
-        if (!(EVP_MAC_CTX_copy(ctx, ctx_init)
+        ctx = EVP_MAC_CTX_dup(ctx_init);
+        if (!(ctx != NULL
                 && EVP_MAC_update(ctx, c, sizeof(c))
                 && EVP_MAC_update(ctx, z, z_len)
                 && EVP_MAC_update(ctx, info, info_len)))
@@ -251,6 +251,8 @@ static int SSKDF_mac_kdm(const EVP_MAC *kdf_mac, const 
EVP_MD *hmac_md,
             memcpy(out, mac, len);
             break;
         }
+        EVP_MAC_CTX_free(ctx);
+        ctx = NULL;
     }
     ret = 1;
 end:
diff --git a/crypto/kdf/tls1_prf.c b/crypto/kdf/tls1_prf.c
index c39cf20..b14ae6f 100644
--- a/crypto/kdf/tls1_prf.c
+++ b/crypto/kdf/tls1_prf.c
@@ -237,10 +237,8 @@ static int tls1_prf_P_hash(const EVP_MD *md,
     size_t Ai_len;
     int ret = 0;
 
-    ctx = EVP_MAC_CTX_new_id(EVP_MAC_HMAC);
-    ctx_Ai = EVP_MAC_CTX_new_id(EVP_MAC_HMAC);
     ctx_init = EVP_MAC_CTX_new_id(EVP_MAC_HMAC);
-    if (ctx == NULL || ctx_Ai == NULL || ctx_init == NULL)
+    if (ctx_init == NULL)
         goto err;
     if (EVP_MAC_ctrl(ctx_init, EVP_MAC_CTRL_SET_FLAGS, 
EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) != 1)
         goto err;
@@ -254,7 +252,8 @@ static int tls1_prf_P_hash(const EVP_MD *md,
     if (chunk == 0)
         goto err;
     /* A(0) = seed */
-    if (!EVP_MAC_CTX_copy(ctx_Ai, ctx_init))
+    ctx_Ai = EVP_MAC_CTX_dup(ctx_init);
+    if (ctx_Ai == NULL)
         goto err;
     if (seed != NULL && !EVP_MAC_update(ctx_Ai, seed, seed_len))
         goto err;
@@ -263,15 +262,21 @@ static int tls1_prf_P_hash(const EVP_MD *md,
         /* calc: A(i) = HMAC_<hash>(secret, A(i-1)) */
         if (!EVP_MAC_final(ctx_Ai, Ai, &Ai_len))
             goto err;
+        EVP_MAC_CTX_free(ctx_Ai);
+        ctx_Ai = NULL;
 
         /* calc next chunk: HMAC_<hash>(secret, A(i) + seed) */
-        if (!EVP_MAC_CTX_copy(ctx, ctx_init))
+        ctx = EVP_MAC_CTX_dup(ctx_init);
+        if (ctx == NULL)
             goto err;
         if (!EVP_MAC_update(ctx, Ai, Ai_len))
             goto err;
         /* save state for calculating next A(i) value */
-        if (olen > chunk && !EVP_MAC_CTX_copy(ctx_Ai, ctx))
-            goto err;
+        if (olen > chunk) {
+            ctx_Ai = EVP_MAC_CTX_dup(ctx);
+            if (ctx_Ai == NULL)
+                goto err;
+        }
         if (seed != NULL && !EVP_MAC_update(ctx, seed, seed_len))
             goto err;
         if (olen <= chunk) {
@@ -283,6 +288,8 @@ static int tls1_prf_P_hash(const EVP_MD *md,
         }
         if (!EVP_MAC_final(ctx, out, NULL))
             goto err;
+        EVP_MAC_CTX_free(ctx);
+        ctx = NULL;
         out += chunk;
         olen -= chunk;
     }
diff --git a/crypto/kmac/kmac.c b/crypto/kmac/kmac.c
index 76e75c1..69c334c 100644
--- a/crypto/kmac/kmac.c
+++ b/crypto/kmac/kmac.c
@@ -147,8 +147,19 @@ static EVP_MAC_IMPL *kmac256_new(void)
     return kmac_new(evp_keccak_kmac256());
 }
 
-static int kmac_copy(EVP_MAC_IMPL *gdst, EVP_MAC_IMPL *gsrc)
+static EVP_MAC_IMPL *kmac_dup(const EVP_MAC_IMPL *gsrc)
 {
+    EVP_MAC_IMPL *gdst;
+
+    gdst = kmac_new(gsrc->md);
+    if (gdst == NULL)
+        return NULL;
+
+    if (!EVP_MD_CTX_copy(gdst->ctx, gsrc->ctx)) {
+        kmac_free(gdst);
+        return NULL;
+    }
+
     gdst->md = gsrc->md;
     gdst->out_len = gsrc->out_len;
     gdst->key_len = gsrc->key_len;
@@ -157,7 +168,7 @@ static int kmac_copy(EVP_MAC_IMPL *gdst, EVP_MAC_IMPL *gsrc)
     memcpy(gdst->key, gsrc->key, gsrc->key_len);
     memcpy(gdst->custom, gsrc->custom, gdst->custom_len);
 
-    return EVP_MD_CTX_copy(gdst->ctx, gsrc->ctx);
+    return gdst;
 }
 
 /*
@@ -444,7 +455,7 @@ static int kmac_bytepad_encode_key(unsigned char *out, int 
*out_len,
 const EVP_MAC kmac128_meth = {
     EVP_MAC_KMAC128,
     kmac128_new,
-    kmac_copy,
+    kmac_dup,
     kmac_free,
     kmac_size,
     kmac_init,
@@ -457,7 +468,7 @@ const EVP_MAC kmac128_meth = {
 const EVP_MAC kmac256_meth = {
     EVP_MAC_KMAC256,
     kmac256_new,
-    kmac_copy,
+    kmac_dup,
     kmac_free,
     kmac_size,
     kmac_init,
diff --git a/crypto/modes/modes_lcl.h b/crypto/modes/modes_lcl.h
index aed79ff..d4ce462 100644
--- a/crypto/modes/modes_lcl.h
+++ b/crypto/modes/modes_lcl.h
@@ -213,7 +213,6 @@ struct siv128_context {
     SIV_BLOCK tag;
     EVP_CIPHER_CTX *cipher_ctx;
     EVP_MAC_CTX *mac_ctx_init;
-    EVP_MAC_CTX *mac_ctx;
     int final_ret;
     int crypto_ok;
 };
diff --git a/crypto/modes/siv128.c b/crypto/modes/siv128.c
index f812d0a..9bb5eea 100644
--- a/crypto/modes/siv128.c
+++ b/crypto/modes/siv128.c
@@ -92,30 +92,38 @@ __owur static ossl_inline int 
siv128_do_s2v_p(SIV128_CONTEXT *ctx, SIV_BLOCK *ou
 {
     SIV_BLOCK t;
     size_t out_len = sizeof(out->byte);
+    EVP_MAC_CTX *mac_ctx;
+    int ret = 0;
 
-    if (!EVP_MAC_CTX_copy(ctx->mac_ctx, ctx->mac_ctx_init))
+    mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init);
+    if (mac_ctx == NULL)
         return 0;
 
     if (len >= SIV_LEN) {
-        if (!EVP_MAC_update(ctx->mac_ctx, in, len - SIV_LEN))
-            return 0;
+        if (!EVP_MAC_update(mac_ctx, in, len - SIV_LEN))
+            goto err;
         memcpy(&t, in + (len-SIV_LEN), SIV_LEN);
         siv128_xorblock(&t, &ctx->d);
-        if (!EVP_MAC_update(ctx->mac_ctx, t.byte, SIV_LEN))
-            return 0;
+        if (!EVP_MAC_update(mac_ctx, t.byte, SIV_LEN))
+            goto err;
     } else {
         memset(&t, 0, sizeof(t));
         memcpy(&t, in, len);
         t.byte[len] = 0x80;
         siv128_dbl(&ctx->d);
         siv128_xorblock(&t, &ctx->d);
-        if (!EVP_MAC_update(ctx->mac_ctx, t.byte, SIV_LEN))
-            return 0;
+        if (!EVP_MAC_update(mac_ctx, t.byte, SIV_LEN))
+            goto err;
     }
-    if (!EVP_MAC_final(ctx->mac_ctx, out->byte, &out_len)
+    if (!EVP_MAC_final(mac_ctx, out->byte, &out_len)
         || out_len != SIV_LEN)
-        return 0;
-    return 1;
+        goto err;
+
+    ret = 1;
+
+err:
+    EVP_MAC_CTX_free(mac_ctx);
+    return ret;
 }
 
 
@@ -156,27 +164,27 @@ int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const 
unsigned char *key, int klen,
 {
     static const unsigned char zero[SIV_LEN] = { 0 };
     size_t out_len = SIV_LEN;
+    EVP_MAC_CTX *mac_ctx = NULL;
 
     memset(&ctx->d, 0, sizeof(ctx->d));
     ctx->cipher_ctx = NULL;
-    ctx->mac_ctx = NULL;
     ctx->mac_ctx_init = NULL;
 
     if (key == NULL || cbc == NULL || ctr == NULL
             || (ctx->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL
             || (ctx->mac_ctx_init = EVP_MAC_CTX_new_id(EVP_MAC_CMAC)) == NULL
-            || (ctx->mac_ctx = EVP_MAC_CTX_new_id(EVP_MAC_CMAC)) == NULL
             || EVP_MAC_ctrl(ctx->mac_ctx_init, EVP_MAC_CTRL_SET_CIPHER, cbc) 
<= 0
             || EVP_MAC_ctrl(ctx->mac_ctx_init, EVP_MAC_CTRL_SET_KEY, key, 
klen) <= 0
             || !EVP_EncryptInit_ex(ctx->cipher_ctx, ctr, NULL, key + klen, 
NULL)
-            || !EVP_MAC_CTX_copy(ctx->mac_ctx, ctx->mac_ctx_init)
-            || !EVP_MAC_update(ctx->mac_ctx, zero, sizeof(zero))
-            || !EVP_MAC_final(ctx->mac_ctx, ctx->d.byte, &out_len)) {
+            || (mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init)) == NULL
+            || !EVP_MAC_update(mac_ctx, zero, sizeof(zero))
+            || !EVP_MAC_final(mac_ctx, ctx->d.byte, &out_len)) {
         EVP_CIPHER_CTX_free(ctx->cipher_ctx);
         EVP_MAC_CTX_free(ctx->mac_ctx_init);
-        EVP_MAC_CTX_free(ctx->mac_ctx);
+        EVP_MAC_CTX_free(mac_ctx);
         return 0;
     }
+    EVP_MAC_CTX_free(mac_ctx);
 
     ctx->final_ret = -1;
     ctx->crypto_ok = 1;
@@ -192,9 +200,10 @@ int CRYPTO_siv128_copy_ctx(SIV128_CONTEXT *dest, 
SIV128_CONTEXT *src)
     memcpy(&dest->d, &src->d, sizeof(src->d));
     if (!EVP_CIPHER_CTX_copy(dest->cipher_ctx, src->cipher_ctx))
         return 0;
-    if (!EVP_MAC_CTX_copy(dest->mac_ctx_init, src->mac_ctx_init))
+    EVP_MAC_CTX_free(dest->mac_ctx_init);
+    dest->mac_ctx_init = EVP_MAC_CTX_dup(src->mac_ctx_init);
+    if (dest->mac_ctx_init == NULL)
         return 0;
-    /* no need to copy mac_ctx since it's temp storage */
     return 1;
 }
 
@@ -208,19 +217,23 @@ int CRYPTO_siv128_aad(SIV128_CONTEXT *ctx, const unsigned 
char *aad,
 {
     SIV_BLOCK mac_out;
     size_t out_len = SIV_LEN;
+    EVP_MAC_CTX *mac_ctx;
 
     siv128_dbl(&ctx->d);
 
-    if (!EVP_MAC_CTX_copy(ctx->mac_ctx, ctx->mac_ctx_init)
-        || !EVP_MAC_update(ctx->mac_ctx, aad, len)
-        || !EVP_MAC_final(ctx->mac_ctx, mac_out.byte, &out_len)
-        || out_len != SIV_LEN)
+    mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init);
+    if (mac_ctx == NULL
+        || !EVP_MAC_update(mac_ctx, aad, len)
+        || !EVP_MAC_final(mac_ctx, mac_out.byte, &out_len)
+        || out_len != SIV_LEN) {
+        EVP_MAC_CTX_free(mac_ctx);
         return 0;
+    }
+    EVP_MAC_CTX_free(mac_ctx);
 
     siv128_xorblock(&ctx->d, &mac_out);
 
     return 1;
-
 }
 
 /*
@@ -330,8 +343,6 @@ int CRYPTO_siv128_cleanup(SIV128_CONTEXT *ctx)
         ctx->cipher_ctx = NULL;
         EVP_MAC_CTX_free(ctx->mac_ctx_init);
         ctx->mac_ctx_init = NULL;
-        EVP_MAC_CTX_free(ctx->mac_ctx);
-        ctx->mac_ctx = NULL;
         OPENSSL_cleanse(&ctx->d, sizeof(ctx->d));
         OPENSSL_cleanse(&ctx->tag, sizeof(ctx->tag));
         ctx->final_ret = -1;
diff --git a/crypto/poly1305/poly1305_meth.c b/crypto/poly1305/poly1305_meth.c
index 9248d46..f1ade58 100644
--- a/crypto/poly1305/poly1305_meth.c
+++ b/crypto/poly1305/poly1305_meth.c
@@ -37,11 +37,17 @@ static void poly1305_free(EVP_MAC_IMPL *ctx)
     }
 }
 
-static int poly1305_copy(EVP_MAC_IMPL *dst, EVP_MAC_IMPL *src)
+static EVP_MAC_IMPL *poly1305_dup(const EVP_MAC_IMPL *src)
 {
+    EVP_MAC_IMPL *dst;
+
+    dst = poly1305_new();
+    if (dst == NULL)
+        return NULL;
+
     *dst->ctx = *src->ctx;
 
-    return 1;
+    return dst;
 }
 
 static size_t poly1305_size(EVP_MAC_IMPL *ctx)
@@ -130,7 +136,7 @@ static int poly1305_ctrl_str(EVP_MAC_IMPL *ctx,
 const EVP_MAC poly1305_meth = {
     EVP_MAC_POLY1305,
     poly1305_new,
-    poly1305_copy,
+    poly1305_dup,
     poly1305_free,
     poly1305_size,
     poly1305_init,
diff --git a/crypto/siphash/siphash_meth.c b/crypto/siphash/siphash_meth.c
index 37cb286..5fcff2d 100644
--- a/crypto/siphash/siphash_meth.c
+++ b/crypto/siphash/siphash_meth.c
@@ -31,10 +31,17 @@ static void siphash_free(EVP_MAC_IMPL *sctx)
     OPENSSL_free(sctx);
 }
 
-static int siphash_copy(EVP_MAC_IMPL *sdst, EVP_MAC_IMPL *ssrc)
+static EVP_MAC_IMPL *siphash_dup(const EVP_MAC_IMPL *ssrc)
 {
+    EVP_MAC_IMPL *sdst;
+
+    sdst = siphash_new();
+    if (sdst == NULL)
+        return NULL;
+
     *sdst = *ssrc;
-    return 1;
+
+    return sdst;
 }
 
 static size_t siphash_size(EVP_MAC_IMPL *sctx)
@@ -128,7 +135,7 @@ static int siphash_ctrl_str(EVP_MAC_IMPL *ctx,
 const EVP_MAC siphash_meth = {
     EVP_MAC_SIPHASH,
     siphash_new,
-    siphash_copy,
+    siphash_dup,
     siphash_free,
     siphash_size,
     siphash_init,
diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod
index a55d8db..01ad6ed 100644
--- a/doc/man3/EVP_MAC.pod
+++ b/doc/man3/EVP_MAC.pod
@@ -3,7 +3,7 @@
 =head1 NAME
 
 EVP_MAC, EVP_MAC_CTX, EVP_MAC_CTX_new, EVP_MAC_CTX_new_id, EVP_MAC_CTX_free,
-EVP_MAC_CTX_copy, EVP_MAC_CTX_mac, EVP_MAC_size, EVP_MAC_init, EVP_MAC_update,
+EVP_MAC_CTX_dup, EVP_MAC_CTX_mac, EVP_MAC_size, EVP_MAC_init, EVP_MAC_update,
 EVP_MAC_final, EVP_MAC_ctrl, EVP_MAC_vctrl, EVP_MAC_ctrl_str,
 EVP_MAC_str2ctrl, EVP_MAC_hex2ctrl, EVP_MAC_nid, EVP_MAC_name,
 EVP_get_macbyname, EVP_get_macbynid, EVP_get_macbyobj - EVP MAC routines
@@ -18,7 +18,7 @@ EVP_get_macbyname, EVP_get_macbynid, EVP_get_macbyobj - EVP 
MAC routines
  EVP_MAC_CTX *EVP_MAC_CTX_new(const EVP_MAC *mac);
  EVP_MAC_CTX *EVP_MAC_CTX_new_id(int nid);
  void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx);
- int EVP_MAC_CTX_copy(EVP_MAC_CTX *dest, EVP_MAC_CTX *src);
+ EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src);
  const EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx);
  size_t EVP_MAC_size(EVP_MAC_CTX *ctx);
  int EVP_MAC_init(EVP_MAC_CTX *ctx);
@@ -72,10 +72,8 @@ EVP_MAC_CTX_free() frees the contents of the context, 
including an
 underlying context if there is one, as well as the context itself.
 B<NULL> is a valid parameter, for which this function is a no-op.
 
-EVP_MAC_CTX_copy() makes a deep copy of the C<src> context to the
-C<dest> context.
-The C<dest> context I<must> have been created before calling this
-function.
+EVP_MAC_CTX_dup() duplicates the C<src> context and returns a newly allocated
+context.
 
 EVP_MAC_CTX_mac() returns the B<EVP_MAC> associated with the context
 C<ctx>.
@@ -231,13 +229,12 @@ implemented as a macro.
 
 =head1 RETURN VALUES
 
-EVP_MAC_CTX_new() and EVP_MAC_CTX_new_id() return a pointer to a newly
-created EVP_MAC_CTX, or NULL if allocation failed.
+EVP_MAC_CTX_new(), EVP_MAC_CTX_new_id() and EVP_MAC_CTX_dup() return a pointer
+to a newly created EVP_MAC_CTX, or NULL if allocation failed.
 
 EVP_MAC_CTX_free() returns nothing at all.
 
-EVP_MAC_CTX_copy(), EVP_MAC_init(), EVP_MAC_update(),
-and EVP_MAC_final() return 1 on success, 0 on error.
+EVP_MAC_init(), EVP_MAC_update(), and EVP_MAC_final() return 1 on success, 0 
on error.
 
 EVP_MAC_ctrl(), EVP_MAC_ctrl_str(), EVP_MAC_str2ctrl() and
 EVP_MAC_hex2ctrl() return 1 on success and 0 or a negative value on
@@ -359,6 +356,10 @@ L<EVP_MAC_KMAC(7)>,
 L<EVP_MAC_SIPHASH(7)>,
 L<EVP_MAC_POLY1305(7)>
 
+=head1 HISTORY
+
+These functions were added in OpenSSL 3.0.0.
+
 =head1 COPYRIGHT
 
 Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index a2af3fc..afdd17c 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1014,7 +1014,7 @@ void EVP_MD_do_all_sorted(void (*fn)
 EVP_MAC_CTX *EVP_MAC_CTX_new(const EVP_MAC *mac);
 EVP_MAC_CTX *EVP_MAC_CTX_new_id(int nid);
 void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx);
-int EVP_MAC_CTX_copy(EVP_MAC_CTX *dest, const EVP_MAC_CTX *src);
+EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src);
 const EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx);
 size_t EVP_MAC_size(EVP_MAC_CTX *ctx);
 int EVP_MAC_init(EVP_MAC_CTX *ctx);
diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h
index 3aa9792..9810a1e 100644
--- a/include/openssl/evperr.h
+++ b/include/openssl/evperr.h
@@ -74,7 +74,7 @@ int ERR_load_EVP_strings(void);
 # define EVP_F_EVP_KDF_CTX_NEW_ID                         226
 # define EVP_F_EVP_MAC_CTRL                               209
 # define EVP_F_EVP_MAC_CTRL_STR                           210
-# define EVP_F_EVP_MAC_CTX_COPY                           211
+# define EVP_F_EVP_MAC_CTX_DUP                            211
 # define EVP_F_EVP_MAC_CTX_NEW                            213
 # define EVP_F_EVP_MAC_INIT                               212
 # define EVP_F_EVP_MD_BLOCK_SIZE                          232
@@ -145,6 +145,7 @@ int ERR_load_EVP_strings(void);
 # define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN                   164
 # define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN                   180
 # define EVP_F_PKEY_KDF_CTRL                              227
+# define EVP_F_PKEY_MAC_COPY                              241
 # define EVP_F_PKEY_MAC_INIT                              214
 # define EVP_F_PKEY_SET_TYPE                              158
 # define EVP_F_POLY1305_CTRL                              216
diff --git a/util/libcrypto.num b/util/libcrypto.num
index da0af1c..28b6bb9 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4578,7 +4578,7 @@ EVP_PKEY_meth_get_digest_custom         4533      3_0_0   
EXIST::FUNCTION:
 EVP_MAC_CTX_new                         4534   3_0_0   EXIST::FUNCTION:
 EVP_MAC_CTX_new_id                      4535   3_0_0   EXIST::FUNCTION:
 EVP_MAC_CTX_free                        4536   3_0_0   EXIST::FUNCTION:
-EVP_MAC_CTX_copy                        4537   3_0_0   EXIST::FUNCTION:
+EVP_MAC_CTX_dup                         4537   3_0_0   EXIST::FUNCTION:
 EVP_MAC_CTX_mac                         4538   3_0_0   EXIST::FUNCTION:
 EVP_MAC_size                            4539   3_0_0   EXIST::FUNCTION:
 EVP_MAC_init                            4540   3_0_0   EXIST::FUNCTION:

Reply via email to