diff options
| author | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2024-11-21 10:07:31 +0000 |
|---|---|---|
| committer | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2024-11-21 10:07:31 +0000 |
| commit | 8714ec65eefc7d0f87b13c03f4b7f5e9218ccc94 (patch) | |
| tree | 80d1b1615f65fcbe0e7b03dc810fdd64f8a36cca /sbin | |
| parent | 261173f20241e2e25a8523a1e3765fd0c7f9580d (diff) | |
The block size of HMAC-SHA2-{384,512} must be 128 bytes.
ok tb
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/isakmpd/hash.c | 38 | ||||
| -rw-r--r-- | sbin/isakmpd/hash.h | 4 |
2 files changed, 21 insertions, 21 deletions
diff --git a/sbin/isakmpd/hash.c b/sbin/isakmpd/hash.c index 8c535374aa4..9936bca3e4e 100644 --- a/sbin/isakmpd/hash.c +++ b/sbin/isakmpd/hash.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hash.c,v 1.24 2015/10/15 06:35:54 mmcc Exp $ */ +/* $OpenBSD: hash.c,v 1.25 2024/11/21 10:07:30 yasuoka Exp $ */ /* $EOM: hash.c,v 1.10 1999/04/17 23:20:34 niklas Exp $ */ /* @@ -56,7 +56,7 @@ static unsigned char digest[HASH_MAX]; static struct hash hashes[] = { { - HASH_MD5, 5, MD5_SIZE, (void *)&Ctx.md5ctx, digest, + HASH_MD5, 5, MD5_SIZE, MD5_BLOCK_LENGTH, (void *)&Ctx.md5ctx, digest, sizeof(MD5_CTX), (void *)&Ctx2.md5ctx, (void (*)(void *))MD5Init, (void (*)(void *, unsigned char *, unsigned int))MD5Update, @@ -64,32 +64,32 @@ static struct hash hashes[] = { hmac_init, hmac_final }, { - HASH_SHA1, 6, SHA1_SIZE, (void *)&Ctx.sha1ctx, digest, - sizeof(SHA1_CTX), (void *)&Ctx2.sha1ctx, + HASH_SHA1, 6, SHA1_SIZE, SHA1_BLOCK_LENGTH, (void *)&Ctx.sha1ctx, + digest, sizeof(SHA1_CTX), (void *)&Ctx2.sha1ctx, (void (*)(void *))SHA1Init, (void (*)(void *, unsigned char *, unsigned int))SHA1Update, (void (*)(unsigned char *, void *))SHA1Final, hmac_init, hmac_final }, { - HASH_SHA2_256, 7, SHA2_256_SIZE, (void *)&Ctx.sha2ctx, digest, - sizeof(SHA2_CTX), (void *)&Ctx2.sha2ctx, + HASH_SHA2_256, 7, SHA2_256_SIZE, SHA256_BLOCK_LENGTH, + (void *)&Ctx.sha2ctx, digest, sizeof(SHA2_CTX), (void *)&Ctx2.sha2ctx, (void (*)(void *))SHA256Init, (void (*)(void *, unsigned char *, unsigned int))SHA256Update, (void (*)(u_int8_t *, void *))SHA256Final, hmac_init, hmac_final }, { - HASH_SHA2_384, 8, SHA2_384_SIZE, (void *)&Ctx.sha2ctx, digest, - sizeof(SHA2_CTX), (void *)&Ctx2.sha2ctx, + HASH_SHA2_384, 8, SHA2_384_SIZE, SHA384_BLOCK_LENGTH, + (void *)&Ctx.sha2ctx, digest, sizeof(SHA2_CTX), (void *)&Ctx2.sha2ctx, (void (*)(void *))SHA384Init, (void (*)(void *, unsigned char *, unsigned int))SHA384Update, (void (*)(u_int8_t *, void *))SHA384Final, hmac_init, hmac_final }, { - HASH_SHA2_512, 9, SHA2_512_SIZE, (void *)&Ctx.sha2ctx, digest, - sizeof(SHA2_CTX), (void *)&Ctx2.sha2ctx, + HASH_SHA2_512, 9, SHA2_512_SIZE, SHA512_BLOCK_LENGTH, + (void *)&Ctx.sha2ctx, digest, sizeof(SHA2_CTX), (void *)&Ctx2.sha2ctx, (void (*)(void *))SHA512Init, (void (*)(void *, unsigned char *, unsigned int))SHA512Update, (void (*)(u_int8_t *, void *))SHA512Final, @@ -122,11 +122,11 @@ hash_get(enum hashes hashtype) void hmac_init(struct hash *hash, unsigned char *okey, unsigned int len) { - unsigned int i, blocklen = HMAC_BLOCKLEN; - unsigned char key[HMAC_BLOCKLEN]; + unsigned int i; + unsigned char key[128]; - bzero(key, blocklen); - if (len > blocklen) { + bzero(key, sizeof(key)); + if (len > hash->blocklen) { /* Truncate key down to blocklen */ hash->Init(hash->ctx); hash->Update(hash->ctx, okey, len); @@ -136,19 +136,19 @@ hmac_init(struct hash *hash, unsigned char *okey, unsigned int len) } /* HMAC I and O pad computation */ - for (i = 0; i < blocklen; i++) + for (i = 0; i < hash->blocklen; i++) key[i] ^= HMAC_IPAD_VAL; hash->Init(hash->ctx); - hash->Update(hash->ctx, key, blocklen); + hash->Update(hash->ctx, key, hash->blocklen); - for (i = 0; i < blocklen; i++) + for (i = 0; i < hash->blocklen; i++) key[i] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL); hash->Init(hash->ctx2); - hash->Update(hash->ctx2, key, blocklen); + hash->Update(hash->ctx2, key, hash->blocklen); - explicit_bzero(key, blocklen); + explicit_bzero(key, sizeof(key)); } /* diff --git a/sbin/isakmpd/hash.h b/sbin/isakmpd/hash.h index 426c899a4c5..4e765d6fbb2 100644 --- a/sbin/isakmpd/hash.h +++ b/sbin/isakmpd/hash.h @@ -1,4 +1,4 @@ -/* $OpenBSD: hash.h,v 1.8 2006/06/10 20:10:02 hshoexer Exp $ */ +/* $OpenBSD: hash.h,v 1.9 2024/11/21 10:07:30 yasuoka Exp $ */ /* $EOM: hash.h,v 1.6 1998/07/25 22:04:36 niklas Exp $ */ /* @@ -53,6 +53,7 @@ struct hash { enum hashes type; int id; /* ISAKMP/Oakley ID */ u_int8_t hashsize; /* Size of the hash */ + unsigned blocklen; /* The hash's block length */ void *ctx; /* Pointer to a context, for HMAC ictx */ unsigned char *digest; /* Pointer to a digest */ int ctxsize; @@ -68,7 +69,6 @@ struct hash { #define HMAC_IPAD_VAL 0x36 #define HMAC_OPAD_VAL 0x5C -#define HMAC_BLOCKLEN 64 extern struct hash *hash_get(enum hashes); extern void hmac_init(struct hash *, unsigned char *, unsigned int); |