The branch master has been updated via 7ed66e2634e6cfbb16a1ef975572e79a479217a8 (commit) via be5fc053ed40bb714944f93e2d35265d2096f71f (commit) from e6071f29c24cd22ac7857bf88917598265cc90a9 (commit)
- Log ----------------------------------------------------------------- commit 7ed66e2634e6cfbb16a1ef975572e79a479217a8 Author: Kurt Roeckx <k...@roeckx.be> Date: Wed Dec 19 00:36:40 2018 +0100 Change EVP_MAC method from copy to dup Reviewed-by: Tomas Mraz <tm...@fedoraproject.org> GH: #7651 commit be5fc053ed40bb714944f93e2d35265d2096f71f Author: Kurt Roeckx <k...@roeckx.be> Date: Sun Nov 4 19:16:20 2018 +0100 Replace EVP_MAC_CTX_copy() by EVP_MAC_CTX_dup() Reviewed-by: Tomas Mraz <tm...@fedoraproject.org> GH: #7651 ----------------------------------------------------------------------- Summary of changes: crypto/blake2/blake2b_mac.c | 12 ++++++-- crypto/blake2/blake2s_mac.c | 12 ++++++-- crypto/cmac/cm_meth.c | 18 ++++++++---- crypto/err/openssl.txt | 3 +- crypto/evp/evp_err.c | 3 +- crypto/evp/mac_lib.c | 24 ++++++++++----- crypto/evp/pkey_mac.c | 46 ++++++++++++++++++----------- crypto/gmac/gmac.c | 18 ++++++++++-- crypto/hmac/hm_meth.c | 19 ++++++++---- crypto/include/internal/evp_int.h | 2 +- crypto/kdf/sskdf.c | 8 +++-- crypto/kdf/tls1_prf.c | 21 +++++++++----- crypto/kmac/kmac.c | 19 +++++++++--- crypto/modes/modes_lcl.h | 1 - crypto/modes/siv128.c | 61 +++++++++++++++++++++++---------------- crypto/poly1305/poly1305_meth.c | 12 ++++++-- crypto/siphash/siphash_meth.c | 13 +++++++-- doc/man3/EVP_MAC.pod | 21 +++++++------- include/openssl/evp.h | 2 +- include/openssl/evperr.h | 3 +- util/libcrypto.num | 2 +- 21 files changed, 215 insertions(+), 105 deletions(-) diff --git a/crypto/blake2/blake2b_mac.c b/crypto/blake2/blake2b_mac.c index b38e9b8..f6025b1 100644 --- a/crypto/blake2/blake2b_mac.c +++ b/crypto/blake2/blake2b_mac.c @@ -39,10 +39,16 @@ static void blake2b_mac_free(EVP_MAC_IMPL *macctx) } } -static int blake2b_mac_copy(EVP_MAC_IMPL *dst, EVP_MAC_IMPL *src) +static EVP_MAC_IMPL *blake2b_mac_dup(const EVP_MAC_IMPL *src) { + EVP_MAC_IMPL *dst; + + dst = OPENSSL_zalloc(sizeof(*dst)); + if (dst == NULL) + return NULL; + *dst = *src; - return 1; + return dst; } static int blake2b_mac_init(EVP_MAC_IMPL *macctx) @@ -177,7 +183,7 @@ static size_t blake2b_mac_size(EVP_MAC_IMPL *macctx) const EVP_MAC blake2b_mac_meth = { EVP_MAC_BLAKE2B, blake2b_mac_new, - blake2b_mac_copy, + blake2b_mac_dup, blake2b_mac_free, blake2b_mac_size, blake2b_mac_init, diff --git a/crypto/blake2/blake2s_mac.c b/crypto/blake2/blake2s_mac.c index 04dbf4e..9ce8db1 100644 --- a/crypto/blake2/blake2s_mac.c +++ b/crypto/blake2/blake2s_mac.c @@ -39,10 +39,16 @@ static void blake2s_mac_free(EVP_MAC_IMPL *macctx) } } -static int blake2s_mac_copy(EVP_MAC_IMPL *dst, EVP_MAC_IMPL *src) +static EVP_MAC_IMPL *blake2s_mac_dup(const EVP_MAC_IMPL *src) { + EVP_MAC_IMPL *dst; + + dst = OPENSSL_malloc(sizeof(*dst)); + if (dst == NULL) + return NULL; + *dst = *src; - return 1; + return dst; } static int blake2s_mac_init(EVP_MAC_IMPL *macctx) @@ -177,7 +183,7 @@ static size_t blake2s_mac_size(EVP_MAC_IMPL *macctx) const EVP_MAC blake2s_mac_meth = { EVP_MAC_BLAKE2S, blake2s_mac_new, - blake2s_mac_copy, + blake2s_mac_dup, blake2s_mac_free, blake2s_mac_size, blake2s_mac_init, diff --git a/crypto/cmac/cm_meth.c b/crypto/cmac/cm_meth.c index 3f20e6c..07acf05 100644 --- a/crypto/cmac/cm_meth.c +++ b/crypto/cmac/cm_meth.c @@ -46,14 +46,22 @@ static void cmac_free(EVP_MAC_IMPL *cctx) } } -static int cmac_copy(EVP_MAC_IMPL *cdst, EVP_MAC_IMPL *csrc) +static EVP_MAC_IMPL *cmac_dup(const EVP_MAC_IMPL *csrc) { - if (!CMAC_CTX_copy(cdst->ctx, csrc->ctx)) - return 0; + EVP_MAC_IMPL *cdst = cmac_new(); + + if (cdst == NULL) + return NULL; + + if (!CMAC_CTX_copy(cdst->ctx, csrc->ctx)) { + cmac_free(cdst); + return NULL; + } cdst->tmpengine = csrc->tmpengine; cdst->tmpcipher = csrc->tmpcipher; - return 1; + + return cdst; } static size_t cmac_size(EVP_MAC_IMPL *cctx) @@ -153,7 +161,7 @@ static int cmac_ctrl_str(EVP_MAC_IMPL *cctx, const char *type, const EVP_MAC cmac_meth = { EVP_MAC_CMAC, cmac_new, - cmac_copy, + cmac_dup, cmac_free, cmac_size, cmac_init, diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 72057ac..3fb8c96 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -809,7 +809,7 @@ EVP_F_EVP_KDF_CTX_NEW:240:EVP_KDF_CTX_new EVP_F_EVP_KDF_CTX_NEW_ID:226:EVP_KDF_CTX_new_id EVP_F_EVP_MAC_CTRL:209:EVP_MAC_ctrl EVP_F_EVP_MAC_CTRL_STR:210:EVP_MAC_ctrl_str -EVP_F_EVP_MAC_CTX_COPY:211:EVP_MAC_CTX_copy +EVP_F_EVP_MAC_CTX_DUP:211:EVP_MAC_CTX_dup EVP_F_EVP_MAC_CTX_NEW:213:EVP_MAC_CTX_new EVP_F_EVP_MAC_INIT:212:EVP_MAC_init EVP_F_EVP_MD_BLOCK_SIZE:232:EVP_MD_block_size @@ -880,6 +880,7 @@ EVP_F_PKCS5_V2_PBE_KEYIVGEN:118:PKCS5_v2_PBE_keyivgen EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN:164:PKCS5_v2_PBKDF2_keyivgen EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN:180:PKCS5_v2_scrypt_keyivgen EVP_F_PKEY_KDF_CTRL:227:pkey_kdf_ctrl +EVP_F_PKEY_MAC_COPY:241:pkey_mac_copy EVP_F_PKEY_MAC_INIT:214:pkey_mac_init EVP_F_PKEY_SET_TYPE:158:pkey_set_type EVP_F_POLY1305_CTRL:216:poly1305_ctrl diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 836f5ee..199fabb 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -78,7 +78,7 @@ static const ERR_STRING_DATA EVP_str_functs[] = { {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_KDF_CTX_NEW_ID, 0), "EVP_KDF_CTX_new_id"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MAC_CTRL, 0), "EVP_MAC_ctrl"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MAC_CTRL_STR, 0), "EVP_MAC_ctrl_str"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MAC_CTX_COPY, 0), "EVP_MAC_CTX_copy"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MAC_CTX_DUP, 0), "EVP_MAC_CTX_dup"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MAC_CTX_NEW, 0), "EVP_MAC_CTX_new"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MAC_INIT, 0), "EVP_MAC_init"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_BLOCK_SIZE, 0), "EVP_MD_block_size"}, @@ -179,6 +179,7 @@ static const ERR_STRING_DATA EVP_str_functs[] = { {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, 0), "PKCS5_v2_scrypt_keyivgen"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_KDF_CTRL, 0), "pkey_kdf_ctrl"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_MAC_COPY, 0), "pkey_mac_copy"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_MAC_INIT, 0), "pkey_mac_init"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_SET_TYPE, 0), "pkey_set_type"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_POLY1305_CTRL, 0), "poly1305_ctrl"}, diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c index 39efff0..ee4a68f 100644 --- a/crypto/evp/mac_lib.c +++ b/crypto/evp/mac_lib.c @@ -48,18 +48,28 @@ void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx) OPENSSL_free(ctx); } -int EVP_MAC_CTX_copy(EVP_MAC_CTX *dst, const EVP_MAC_CTX *src) +EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src) { - EVP_MAC_IMPL *macdata; + EVP_MAC_CTX *dst; - if (src->data != NULL && !dst->meth->copy(dst->data, src->data)) - return 0; + if (src->data == NULL) + return NULL; + + dst = OPENSSL_malloc(sizeof(*dst)); + if (dst == NULL) { + EVPerr(EVP_F_EVP_MAC_CTX_DUP, ERR_R_MALLOC_FAILURE); + return NULL; + } - macdata = dst->data; *dst = *src; - dst->data = macdata; - return 1; + dst->data = src->meth->dup(src->data); + if (dst->data == NULL) { + EVP_MAC_CTX_free(dst); + return NULL; + } + + return dst; } const EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx) diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c index fc627f1..fafe3c9 100644 --- a/crypto/evp/pkey_mac.c +++ b/crypto/evp/pkey_mac.c @@ -10,6 +10,7 @@ #include <openssl/err.h> #include <openssl/evp.h> #include "internal/evp_int.h" +#include "evp_locl.h" /* MAC PKEY context structure */ @@ -75,15 +76,25 @@ static int pkey_mac_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) { MAC_PKEY_CTX *sctx, *dctx; - if (!pkey_mac_init(dst)) + sctx = EVP_PKEY_CTX_get_data(src); + if (sctx->ctx->data == NULL) return 0; - sctx = EVP_PKEY_CTX_get_data(src); - dctx = EVP_PKEY_CTX_get_data(dst); + dctx = OPENSSL_zalloc(sizeof(*dctx)); + if (dctx == NULL) { + EVPerr(EVP_F_PKEY_MAC_COPY, ERR_R_MALLOC_FAILURE); + return 0; + } - if (!EVP_MAC_CTX_copy(dctx->ctx, sctx->ctx)) + EVP_PKEY_CTX_set_data(dst, dctx); + dst->keygen_info_count = 0; + + dctx->ctx = EVP_MAC_CTX_dup(sctx->ctx); + if (dctx->ctx == NULL) goto err; + dctx->type = sctx->type; + switch (dctx->type) { case MAC_TYPE_RAW: dctx->raw_data.md = sctx->raw_data.md; @@ -100,7 +111,7 @@ static int pkey_mac_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) } return 1; err: - pkey_mac_cleanup (dst); + pkey_mac_cleanup(dst); return 0; } @@ -141,14 +152,10 @@ static int pkey_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) break; case MAC_TYPE_MAC: { - EVP_MAC_CTX *cmkey = EVP_MAC_CTX_new_id(nid); + EVP_MAC_CTX *cmkey = EVP_MAC_CTX_dup(hctx->ctx); if (cmkey == NULL) return 0; - if (!EVP_MAC_CTX_copy(cmkey, hctx->ctx)) { - EVP_MAC_CTX_free(cmkey); - return 0; - } EVP_PKEY_assign(pkey, nid, cmkey); } break; @@ -249,13 +256,18 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) case MAC_TYPE_RAW: hctx->raw_data.md = p2; break; - case MAC_TYPE_MAC: - if (ctx->pkey != NULL - && !EVP_MAC_CTX_copy(hctx->ctx, - (EVP_MAC_CTX *)ctx->pkey->pkey.ptr)) - return 0; - if (!EVP_MAC_init(hctx->ctx)) - return 0; + case MAC_TYPE_MAC: { + EVP_MAC_CTX *new_mac_ctx; + + if (ctx->pkey == NULL) + return 0; + new_mac_ctx = EVP_MAC_CTX_dup((EVP_MAC_CTX *)ctx->pkey + ->pkey.ptr); + if (new_mac_ctx == NULL) + return 0; + EVP_MAC_CTX_free(hctx->ctx); + hctx->ctx = new_mac_ctx; + } break; default: /* This should be dead code */ diff --git a/crypto/gmac/gmac.c b/crypto/gmac/gmac.c index 5e3891f..0e2eda3 100644 --- a/crypto/gmac/gmac.c +++ b/crypto/gmac/gmac.c @@ -39,11 +39,23 @@ static EVP_MAC_IMPL *gmac_new(void) return gctx; } -static int gmac_copy(EVP_MAC_IMPL *gdst, EVP_MAC_IMPL *gsrc) +static EVP_MAC_IMPL *gmac_dup(const EVP_MAC_IMPL *gsrc) { + EVP_MAC_IMPL *gdst; + + gdst = gmac_new(); + if (gdst == NULL) + return NULL; + + if (!EVP_CIPHER_CTX_copy(gdst->ctx, gsrc->ctx)) { + gmac_free(gdst); + return NULL; + } + gdst->cipher = gsrc->cipher; gdst->engine = gsrc->engine; - return EVP_CIPHER_CTX_copy(gdst->ctx, gsrc->ctx); + + return gdst; } static size_t gmac_size(EVP_MAC_IMPL *gctx) @@ -172,7 +184,7 @@ static int gmac_ctrl_str(EVP_MAC_IMPL *gctx, const char *type, const EVP_MAC gmac_meth = { EVP_MAC_GMAC, gmac_new, - gmac_copy, + gmac_dup, gmac_free, gmac_size, gmac_init, diff --git a/crypto/hmac/hm_meth.c b/crypto/hmac/hm_meth.c index 705bf7f..db9af95 100644 --- a/crypto/hmac/hm_meth.c +++ b/crypto/hmac/hm_meth.c @@ -45,14 +45,23 @@ static void hmac_free(EVP_MAC_IMPL *hctx) } } -static int hmac_copy(EVP_MAC_IMPL *hdst, EVP_MAC_IMPL *hsrc) +static EVP_MAC_IMPL *hmac_dup(const EVP_MAC_IMPL *hsrc) { - if (!HMAC_CTX_copy(hdst->ctx, hsrc->ctx)) - return 0; + EVP_MAC_IMPL *hdst; + + hdst = hmac_new(); + if (hdst == NULL) + return NULL; + + if (!HMAC_CTX_copy(hdst->ctx, hsrc->ctx)) { + hmac_free(hdst); + return NULL; + } hdst->tmpengine = hsrc->tmpengine; hdst->tmpmd = hsrc->tmpmd; - return 1; + + return hdst; } static size_t hmac_size(EVP_MAC_IMPL *hctx) @@ -162,7 +171,7 @@ static int hmac_ctrl_str(EVP_MAC_IMPL *hctx, const char *type, const EVP_MAC hmac_meth = { EVP_MAC_HMAC, hmac_new, - hmac_copy, + hmac_dup, hmac_free, hmac_size, hmac_init, diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h index 77684b2..183fc42 100644 --- a/crypto/include/internal/evp_int.h +++ b/crypto/include/internal/evp_int.h @@ -118,7 +118,7 @@ typedef struct evp_mac_impl_st EVP_MAC_IMPL; struct evp_mac_st { int type; EVP_MAC_IMPL *(*new) (void); - int (*copy) (EVP_MAC_IMPL *macdst, EVP_MAC_IMPL *macsrc); + EVP_MAC_IMPL *(*dup) (const EVP_MAC_IMPL *macsrc); void (*free) (EVP_MAC_IMPL *macctx); size_t (*size) (EVP_MAC_IMPL *macctx); int (*init) (EVP_MAC_IMPL *macctx); diff --git a/crypto/kdf/sskdf.c b/crypto/kdf/sskdf.c index 92bf995..31a1c10 100644 --- a/crypto/kdf/sskdf.c +++ b/crypto/kdf/sskdf.c @@ -202,9 +202,8 @@ static int SSKDF_mac_kdm(const EVP_MAC *kdf_mac, const EVP_MD *hmac_md, || derived_key_len == 0) return 0; - ctx = EVP_MAC_CTX_new(kdf_mac); ctx_init = EVP_MAC_CTX_new(kdf_mac); - if (ctx == NULL || ctx_init == NULL) + if (ctx_init == NULL) goto end; if (hmac_md != NULL && EVP_MAC_ctrl(ctx_init, EVP_MAC_CTRL_SET_MD, hmac_md) <= 0) @@ -233,7 +232,8 @@ static int SSKDF_mac_kdm(const EVP_MAC *kdf_mac, const EVP_MD *hmac_md, c[2] = (unsigned char)((counter >> 8) & 0xff); c[3] = (unsigned char)(counter & 0xff); - if (!(EVP_MAC_CTX_copy(ctx, ctx_init) + ctx = EVP_MAC_CTX_dup(ctx_init); + if (!(ctx != NULL && EVP_MAC_update(ctx, c, sizeof(c)) && EVP_MAC_update(ctx, z, z_len) && EVP_MAC_update(ctx, info, info_len))) @@ -251,6 +251,8 @@ static int SSKDF_mac_kdm(const EVP_MAC *kdf_mac, const EVP_MD *hmac_md, memcpy(out, mac, len); break; } + EVP_MAC_CTX_free(ctx); + ctx = NULL; } ret = 1; end: diff --git a/crypto/kdf/tls1_prf.c b/crypto/kdf/tls1_prf.c index c39cf20..b14ae6f 100644 --- a/crypto/kdf/tls1_prf.c +++ b/crypto/kdf/tls1_prf.c @@ -237,10 +237,8 @@ static int tls1_prf_P_hash(const EVP_MD *md, size_t Ai_len; int ret = 0; - ctx = EVP_MAC_CTX_new_id(EVP_MAC_HMAC); - ctx_Ai = EVP_MAC_CTX_new_id(EVP_MAC_HMAC); ctx_init = EVP_MAC_CTX_new_id(EVP_MAC_HMAC); - if (ctx == NULL || ctx_Ai == NULL || ctx_init == NULL) + if (ctx_init == NULL) goto err; if (EVP_MAC_ctrl(ctx_init, EVP_MAC_CTRL_SET_FLAGS, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) != 1) goto err; @@ -254,7 +252,8 @@ static int tls1_prf_P_hash(const EVP_MD *md, if (chunk == 0) goto err; /* A(0) = seed */ - if (!EVP_MAC_CTX_copy(ctx_Ai, ctx_init)) + ctx_Ai = EVP_MAC_CTX_dup(ctx_init); + if (ctx_Ai == NULL) goto err; if (seed != NULL && !EVP_MAC_update(ctx_Ai, seed, seed_len)) goto err; @@ -263,15 +262,21 @@ static int tls1_prf_P_hash(const EVP_MD *md, /* calc: A(i) = HMAC_<hash>(secret, A(i-1)) */ if (!EVP_MAC_final(ctx_Ai, Ai, &Ai_len)) goto err; + EVP_MAC_CTX_free(ctx_Ai); + ctx_Ai = NULL; /* calc next chunk: HMAC_<hash>(secret, A(i) + seed) */ - if (!EVP_MAC_CTX_copy(ctx, ctx_init)) + ctx = EVP_MAC_CTX_dup(ctx_init); + if (ctx == NULL) goto err; if (!EVP_MAC_update(ctx, Ai, Ai_len)) goto err; /* save state for calculating next A(i) value */ - if (olen > chunk && !EVP_MAC_CTX_copy(ctx_Ai, ctx)) - goto err; + if (olen > chunk) { + ctx_Ai = EVP_MAC_CTX_dup(ctx); + if (ctx_Ai == NULL) + goto err; + } if (seed != NULL && !EVP_MAC_update(ctx, seed, seed_len)) goto err; if (olen <= chunk) { @@ -283,6 +288,8 @@ static int tls1_prf_P_hash(const EVP_MD *md, } if (!EVP_MAC_final(ctx, out, NULL)) goto err; + EVP_MAC_CTX_free(ctx); + ctx = NULL; out += chunk; olen -= chunk; } diff --git a/crypto/kmac/kmac.c b/crypto/kmac/kmac.c index 76e75c1..69c334c 100644 --- a/crypto/kmac/kmac.c +++ b/crypto/kmac/kmac.c @@ -147,8 +147,19 @@ static EVP_MAC_IMPL *kmac256_new(void) return kmac_new(evp_keccak_kmac256()); } -static int kmac_copy(EVP_MAC_IMPL *gdst, EVP_MAC_IMPL *gsrc) +static EVP_MAC_IMPL *kmac_dup(const EVP_MAC_IMPL *gsrc) { + EVP_MAC_IMPL *gdst; + + gdst = kmac_new(gsrc->md); + if (gdst == NULL) + return NULL; + + if (!EVP_MD_CTX_copy(gdst->ctx, gsrc->ctx)) { + kmac_free(gdst); + return NULL; + } + gdst->md = gsrc->md; gdst->out_len = gsrc->out_len; gdst->key_len = gsrc->key_len; @@ -157,7 +168,7 @@ static int kmac_copy(EVP_MAC_IMPL *gdst, EVP_MAC_IMPL *gsrc) memcpy(gdst->key, gsrc->key, gsrc->key_len); memcpy(gdst->custom, gsrc->custom, gdst->custom_len); - return EVP_MD_CTX_copy(gdst->ctx, gsrc->ctx); + return gdst; } /* @@ -444,7 +455,7 @@ static int kmac_bytepad_encode_key(unsigned char *out, int *out_len, const EVP_MAC kmac128_meth = { EVP_MAC_KMAC128, kmac128_new, - kmac_copy, + kmac_dup, kmac_free, kmac_size, kmac_init, @@ -457,7 +468,7 @@ const EVP_MAC kmac128_meth = { const EVP_MAC kmac256_meth = { EVP_MAC_KMAC256, kmac256_new, - kmac_copy, + kmac_dup, kmac_free, kmac_size, kmac_init, diff --git a/crypto/modes/modes_lcl.h b/crypto/modes/modes_lcl.h index aed79ff..d4ce462 100644 --- a/crypto/modes/modes_lcl.h +++ b/crypto/modes/modes_lcl.h @@ -213,7 +213,6 @@ struct siv128_context { SIV_BLOCK tag; EVP_CIPHER_CTX *cipher_ctx; EVP_MAC_CTX *mac_ctx_init; - EVP_MAC_CTX *mac_ctx; int final_ret; int crypto_ok; }; diff --git a/crypto/modes/siv128.c b/crypto/modes/siv128.c index f812d0a..9bb5eea 100644 --- a/crypto/modes/siv128.c +++ b/crypto/modes/siv128.c @@ -92,30 +92,38 @@ __owur static ossl_inline int siv128_do_s2v_p(SIV128_CONTEXT *ctx, SIV_BLOCK *ou { SIV_BLOCK t; size_t out_len = sizeof(out->byte); + EVP_MAC_CTX *mac_ctx; + int ret = 0; - if (!EVP_MAC_CTX_copy(ctx->mac_ctx, ctx->mac_ctx_init)) + mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init); + if (mac_ctx == NULL) return 0; if (len >= SIV_LEN) { - if (!EVP_MAC_update(ctx->mac_ctx, in, len - SIV_LEN)) - return 0; + if (!EVP_MAC_update(mac_ctx, in, len - SIV_LEN)) + goto err; memcpy(&t, in + (len-SIV_LEN), SIV_LEN); siv128_xorblock(&t, &ctx->d); - if (!EVP_MAC_update(ctx->mac_ctx, t.byte, SIV_LEN)) - return 0; + if (!EVP_MAC_update(mac_ctx, t.byte, SIV_LEN)) + goto err; } else { memset(&t, 0, sizeof(t)); memcpy(&t, in, len); t.byte[len] = 0x80; siv128_dbl(&ctx->d); siv128_xorblock(&t, &ctx->d); - if (!EVP_MAC_update(ctx->mac_ctx, t.byte, SIV_LEN)) - return 0; + if (!EVP_MAC_update(mac_ctx, t.byte, SIV_LEN)) + goto err; } - if (!EVP_MAC_final(ctx->mac_ctx, out->byte, &out_len) + if (!EVP_MAC_final(mac_ctx, out->byte, &out_len) || out_len != SIV_LEN) - return 0; - return 1; + goto err; + + ret = 1; + +err: + EVP_MAC_CTX_free(mac_ctx); + return ret; } @@ -156,27 +164,27 @@ int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen, { static const unsigned char zero[SIV_LEN] = { 0 }; size_t out_len = SIV_LEN; + EVP_MAC_CTX *mac_ctx = NULL; memset(&ctx->d, 0, sizeof(ctx->d)); ctx->cipher_ctx = NULL; - ctx->mac_ctx = NULL; ctx->mac_ctx_init = NULL; if (key == NULL || cbc == NULL || ctr == NULL || (ctx->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL || (ctx->mac_ctx_init = EVP_MAC_CTX_new_id(EVP_MAC_CMAC)) == NULL - || (ctx->mac_ctx = EVP_MAC_CTX_new_id(EVP_MAC_CMAC)) == NULL || EVP_MAC_ctrl(ctx->mac_ctx_init, EVP_MAC_CTRL_SET_CIPHER, cbc) <= 0 || EVP_MAC_ctrl(ctx->mac_ctx_init, EVP_MAC_CTRL_SET_KEY, key, klen) <= 0 || !EVP_EncryptInit_ex(ctx->cipher_ctx, ctr, NULL, key + klen, NULL) - || !EVP_MAC_CTX_copy(ctx->mac_ctx, ctx->mac_ctx_init) - || !EVP_MAC_update(ctx->mac_ctx, zero, sizeof(zero)) - || !EVP_MAC_final(ctx->mac_ctx, ctx->d.byte, &out_len)) { + || (mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init)) == NULL + || !EVP_MAC_update(mac_ctx, zero, sizeof(zero)) + || !EVP_MAC_final(mac_ctx, ctx->d.byte, &out_len)) { EVP_CIPHER_CTX_free(ctx->cipher_ctx); EVP_MAC_CTX_free(ctx->mac_ctx_init); - EVP_MAC_CTX_free(ctx->mac_ctx); + EVP_MAC_CTX_free(mac_ctx); return 0; } + EVP_MAC_CTX_free(mac_ctx); ctx->final_ret = -1; ctx->crypto_ok = 1; @@ -192,9 +200,10 @@ int CRYPTO_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src) memcpy(&dest->d, &src->d, sizeof(src->d)); if (!EVP_CIPHER_CTX_copy(dest->cipher_ctx, src->cipher_ctx)) return 0; - if (!EVP_MAC_CTX_copy(dest->mac_ctx_init, src->mac_ctx_init)) + EVP_MAC_CTX_free(dest->mac_ctx_init); + dest->mac_ctx_init = EVP_MAC_CTX_dup(src->mac_ctx_init); + if (dest->mac_ctx_init == NULL) return 0; - /* no need to copy mac_ctx since it's temp storage */ return 1; } @@ -208,19 +217,23 @@ int CRYPTO_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad, { SIV_BLOCK mac_out; size_t out_len = SIV_LEN; + EVP_MAC_CTX *mac_ctx; siv128_dbl(&ctx->d); - if (!EVP_MAC_CTX_copy(ctx->mac_ctx, ctx->mac_ctx_init) - || !EVP_MAC_update(ctx->mac_ctx, aad, len) - || !EVP_MAC_final(ctx->mac_ctx, mac_out.byte, &out_len) - || out_len != SIV_LEN) + mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init); + if (mac_ctx == NULL + || !EVP_MAC_update(mac_ctx, aad, len) + || !EVP_MAC_final(mac_ctx, mac_out.byte, &out_len) + || out_len != SIV_LEN) { + EVP_MAC_CTX_free(mac_ctx); return 0; + } + EVP_MAC_CTX_free(mac_ctx); siv128_xorblock(&ctx->d, &mac_out); return 1; - } /* @@ -330,8 +343,6 @@ int CRYPTO_siv128_cleanup(SIV128_CONTEXT *ctx) ctx->cipher_ctx = NULL; EVP_MAC_CTX_free(ctx->mac_ctx_init); ctx->mac_ctx_init = NULL; - EVP_MAC_CTX_free(ctx->mac_ctx); - ctx->mac_ctx = NULL; OPENSSL_cleanse(&ctx->d, sizeof(ctx->d)); OPENSSL_cleanse(&ctx->tag, sizeof(ctx->tag)); ctx->final_ret = -1; diff --git a/crypto/poly1305/poly1305_meth.c b/crypto/poly1305/poly1305_meth.c index 9248d46..f1ade58 100644 --- a/crypto/poly1305/poly1305_meth.c +++ b/crypto/poly1305/poly1305_meth.c @@ -37,11 +37,17 @@ static void poly1305_free(EVP_MAC_IMPL *ctx) } } -static int poly1305_copy(EVP_MAC_IMPL *dst, EVP_MAC_IMPL *src) +static EVP_MAC_IMPL *poly1305_dup(const EVP_MAC_IMPL *src) { + EVP_MAC_IMPL *dst; + + dst = poly1305_new(); + if (dst == NULL) + return NULL; + *dst->ctx = *src->ctx; - return 1; + return dst; } static size_t poly1305_size(EVP_MAC_IMPL *ctx) @@ -130,7 +136,7 @@ static int poly1305_ctrl_str(EVP_MAC_IMPL *ctx, const EVP_MAC poly1305_meth = { EVP_MAC_POLY1305, poly1305_new, - poly1305_copy, + poly1305_dup, poly1305_free, poly1305_size, poly1305_init, diff --git a/crypto/siphash/siphash_meth.c b/crypto/siphash/siphash_meth.c index 37cb286..5fcff2d 100644 --- a/crypto/siphash/siphash_meth.c +++ b/crypto/siphash/siphash_meth.c @@ -31,10 +31,17 @@ static void siphash_free(EVP_MAC_IMPL *sctx) OPENSSL_free(sctx); } -static int siphash_copy(EVP_MAC_IMPL *sdst, EVP_MAC_IMPL *ssrc) +static EVP_MAC_IMPL *siphash_dup(const EVP_MAC_IMPL *ssrc) { + EVP_MAC_IMPL *sdst; + + sdst = siphash_new(); + if (sdst == NULL) + return NULL; + *sdst = *ssrc; - return 1; + + return sdst; } static size_t siphash_size(EVP_MAC_IMPL *sctx) @@ -128,7 +135,7 @@ static int siphash_ctrl_str(EVP_MAC_IMPL *ctx, const EVP_MAC siphash_meth = { EVP_MAC_SIPHASH, siphash_new, - siphash_copy, + siphash_dup, siphash_free, siphash_size, siphash_init, diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod index a55d8db..01ad6ed 100644 --- a/doc/man3/EVP_MAC.pod +++ b/doc/man3/EVP_MAC.pod @@ -3,7 +3,7 @@ =head1 NAME EVP_MAC, EVP_MAC_CTX, EVP_MAC_CTX_new, EVP_MAC_CTX_new_id, EVP_MAC_CTX_free, -EVP_MAC_CTX_copy, EVP_MAC_CTX_mac, EVP_MAC_size, EVP_MAC_init, EVP_MAC_update, +EVP_MAC_CTX_dup, EVP_MAC_CTX_mac, EVP_MAC_size, EVP_MAC_init, EVP_MAC_update, EVP_MAC_final, EVP_MAC_ctrl, EVP_MAC_vctrl, EVP_MAC_ctrl_str, EVP_MAC_str2ctrl, EVP_MAC_hex2ctrl, EVP_MAC_nid, EVP_MAC_name, EVP_get_macbyname, EVP_get_macbynid, EVP_get_macbyobj - EVP MAC routines @@ -18,7 +18,7 @@ EVP_get_macbyname, EVP_get_macbynid, EVP_get_macbyobj - EVP MAC routines EVP_MAC_CTX *EVP_MAC_CTX_new(const EVP_MAC *mac); EVP_MAC_CTX *EVP_MAC_CTX_new_id(int nid); void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx); - int EVP_MAC_CTX_copy(EVP_MAC_CTX *dest, EVP_MAC_CTX *src); + EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src); const EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx); size_t EVP_MAC_size(EVP_MAC_CTX *ctx); int EVP_MAC_init(EVP_MAC_CTX *ctx); @@ -72,10 +72,8 @@ EVP_MAC_CTX_free() frees the contents of the context, including an underlying context if there is one, as well as the context itself. B<NULL> is a valid parameter, for which this function is a no-op. -EVP_MAC_CTX_copy() makes a deep copy of the C<src> context to the -C<dest> context. -The C<dest> context I<must> have been created before calling this -function. +EVP_MAC_CTX_dup() duplicates the C<src> context and returns a newly allocated +context. EVP_MAC_CTX_mac() returns the B<EVP_MAC> associated with the context C<ctx>. @@ -231,13 +229,12 @@ implemented as a macro. =head1 RETURN VALUES -EVP_MAC_CTX_new() and EVP_MAC_CTX_new_id() return a pointer to a newly -created EVP_MAC_CTX, or NULL if allocation failed. +EVP_MAC_CTX_new(), EVP_MAC_CTX_new_id() and EVP_MAC_CTX_dup() return a pointer +to a newly created EVP_MAC_CTX, or NULL if allocation failed. EVP_MAC_CTX_free() returns nothing at all. -EVP_MAC_CTX_copy(), EVP_MAC_init(), EVP_MAC_update(), -and EVP_MAC_final() return 1 on success, 0 on error. +EVP_MAC_init(), EVP_MAC_update(), and EVP_MAC_final() return 1 on success, 0 on error. EVP_MAC_ctrl(), EVP_MAC_ctrl_str(), EVP_MAC_str2ctrl() and EVP_MAC_hex2ctrl() return 1 on success and 0 or a negative value on @@ -359,6 +356,10 @@ L<EVP_MAC_KMAC(7)>, L<EVP_MAC_SIPHASH(7)>, L<EVP_MAC_POLY1305(7)> +=head1 HISTORY + +These functions were added in OpenSSL 3.0.0. + =head1 COPYRIGHT Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/include/openssl/evp.h b/include/openssl/evp.h index a2af3fc..afdd17c 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1014,7 +1014,7 @@ void EVP_MD_do_all_sorted(void (*fn) EVP_MAC_CTX *EVP_MAC_CTX_new(const EVP_MAC *mac); EVP_MAC_CTX *EVP_MAC_CTX_new_id(int nid); void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx); -int EVP_MAC_CTX_copy(EVP_MAC_CTX *dest, const EVP_MAC_CTX *src); +EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src); const EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx); size_t EVP_MAC_size(EVP_MAC_CTX *ctx); int EVP_MAC_init(EVP_MAC_CTX *ctx); diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index 3aa9792..9810a1e 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -74,7 +74,7 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_KDF_CTX_NEW_ID 226 # define EVP_F_EVP_MAC_CTRL 209 # define EVP_F_EVP_MAC_CTRL_STR 210 -# define EVP_F_EVP_MAC_CTX_COPY 211 +# define EVP_F_EVP_MAC_CTX_DUP 211 # define EVP_F_EVP_MAC_CTX_NEW 213 # define EVP_F_EVP_MAC_INIT 212 # define EVP_F_EVP_MD_BLOCK_SIZE 232 @@ -145,6 +145,7 @@ int ERR_load_EVP_strings(void); # define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 # define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180 # define EVP_F_PKEY_KDF_CTRL 227 +# define EVP_F_PKEY_MAC_COPY 241 # define EVP_F_PKEY_MAC_INIT 214 # define EVP_F_PKEY_SET_TYPE 158 # define EVP_F_POLY1305_CTRL 216 diff --git a/util/libcrypto.num b/util/libcrypto.num index da0af1c..28b6bb9 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4578,7 +4578,7 @@ EVP_PKEY_meth_get_digest_custom 4533 3_0_0 EXIST::FUNCTION: EVP_MAC_CTX_new 4534 3_0_0 EXIST::FUNCTION: EVP_MAC_CTX_new_id 4535 3_0_0 EXIST::FUNCTION: EVP_MAC_CTX_free 4536 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_copy 4537 3_0_0 EXIST::FUNCTION: +EVP_MAC_CTX_dup 4537 3_0_0 EXIST::FUNCTION: EVP_MAC_CTX_mac 4538 3_0_0 EXIST::FUNCTION: EVP_MAC_size 4539 3_0_0 EXIST::FUNCTION: EVP_MAC_init 4540 3_0_0 EXIST::FUNCTION: