diff options
| author | Kinichiro Inoguchi <inoguchi@cvs.openbsd.org> | 2017-03-03 10:39:08 +0000 |
|---|---|---|
| committer | Kinichiro Inoguchi <inoguchi@cvs.openbsd.org> | 2017-03-03 10:39:08 +0000 |
| commit | 12577feb47d5f60606a5660f9056f93ca4578262 (patch) | |
| tree | 386a57cb5536c323cd7b1d990c1bdd241ae8914a /lib/libcrypto/hmac | |
| parent | eba2d629bf403623d0bc5636350e9d78f049e8b0 (diff) | |
Ensure MD and key initialized before processing HMAC
Ensure both MD and key have been initialized before processing HMAC.
Releasing HMAC_CTX in error path of HMAC().
In regress test, added test 4,5,6 and cleaned up the code.
ok jsing@
Diffstat (limited to 'lib/libcrypto/hmac')
| -rw-r--r-- | lib/libcrypto/hmac/hmac.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/lib/libcrypto/hmac/hmac.c b/lib/libcrypto/hmac/hmac.c index 8fd980b0522..84917662ca8 100644 --- a/lib/libcrypto/hmac/hmac.c +++ b/lib/libcrypto/hmac/hmac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hmac.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: hmac.c,v 1.24 2017/03/03 10:39:07 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -70,11 +70,17 @@ HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, int i, j, reset = 0; unsigned char pad[HMAC_MAX_MD_CBLOCK]; + /* If we are changing MD then we must have a key */ + if (md != NULL && md != ctx->md && (key == NULL || len < 0)) + return 0; + if (md != NULL) { reset = 1; ctx->md = md; - } else + } else if (ctx->md != NULL) md = ctx->md; + else + return 0; if (key != NULL) { reset = 1; @@ -92,7 +98,7 @@ HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, &ctx->key_length)) goto err; } else { - if ((size_t)len > sizeof(ctx->key)) { + if (len < 0 || (size_t)len > sizeof(ctx->key)) { EVPerror(EVP_R_BAD_KEY_LENGTH); goto err; } @@ -137,6 +143,9 @@ HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md) int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) { + if (ctx->md == NULL) + return 0; + return EVP_DigestUpdate(&ctx->md_ctx, data, len); } @@ -146,6 +155,9 @@ HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) unsigned int i; unsigned char buf[EVP_MAX_MD_SIZE]; + if (ctx->md == NULL) + goto err; + if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i)) goto err; if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx)) @@ -165,6 +177,7 @@ HMAC_CTX_init(HMAC_CTX *ctx) EVP_MD_CTX_init(&ctx->i_ctx); EVP_MD_CTX_init(&ctx->o_ctx); EVP_MD_CTX_init(&ctx->md_ctx); + ctx->md = NULL; } int @@ -190,7 +203,7 @@ HMAC_CTX_cleanup(HMAC_CTX *ctx) EVP_MD_CTX_cleanup(&ctx->i_ctx); EVP_MD_CTX_cleanup(&ctx->o_ctx); EVP_MD_CTX_cleanup(&ctx->md_ctx); - memset(ctx, 0, sizeof *ctx); + explicit_bzero(ctx, sizeof(*ctx)); } unsigned char * @@ -212,6 +225,7 @@ HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d, HMAC_CTX_cleanup(&c); return md; err: + HMAC_CTX_cleanup(&c); return NULL; } |