Re: [PATCH] HMAC Processing

Sat, 28 Apr 2001 05:19:52 -0700 

I'd missed this comment earlier, hence the reason I didn't reply...

> Verdon Walker wrote:
> 
> 
> Basically, in tls1_P_hash() (in ssl/t1_enc.c), the assumption is made
> that an HMAC_CTX can be used multiple times by simply memcpy'ing it
> into a temporary structure. This works if the context is a complete
> representation of the entire state of the HMAC. It may not work if the
> ctx has pointers or references to additional information that is not
> copied by this process (as is the case with the crypto lib we are
> using). This problem is fairly simple to fix in this case because the
> temporary context can simply be computed along side the other rather
> than memcpy to it. (This may be slightly less efficient, but is
> certainly a cleaner implementation.)
> 

Well there are some assumptions of this sort already in places for
EVP_MD_CTX and EVP_CIPHER_CTX. They occasionally call EVP_MD_CTX_copy()
which just mempcpy's the buffer.

Again this is OK for internal stuff but some other digest forms wont
work.

What is really needed is an additional function in EVP_MD which can be
set to provide an implementation specific copy operation.

As far as HMAC is concerned we could either EVP_MD_CTX_copy() the
relevant operations or have some kind of HMAC 'method' where the whole
operation can be placed under application control.

> This patch also includes a couple of fixes to code that use HMAC, but
> never call HMAC_cleanup. This is critical, again, if the HMAC_CTX
> contains any references to other objects that must be cleaned up.
> 

Hmmm... is there a problem with cleaning up in HMAC_Final()?

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to