mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-23 18:13:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

Adapt other parts of the source to the changed EVP_Q_digest() and EVP_Q_mac()

Browse Source 
Fixes #15839

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15861)
This commit is contained in:
Richard Levitte 2021-06-22 18:11:03 +02:00
parent 006de7670a
commit 21dfdbef49
4 changed files with 27 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
apps/lib/s_cb.c
View File

@ -740,8 +740,8 @@ void tlsext_cb(SSL *s, int client_server, int type,
}
#ifndef OPENSSL_NO_SOCK
int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
unsigned int *cookie_len)
int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
size_t *cookie_len)
{
unsigned char *buffer = NULL;
size_t length = 0;
@ -800,16 +800,16 @@ end:
return res;
}
int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
unsigned int cookie_len)
int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,
size_t cookie_len)
{
unsigned char result[EVP_MAX_MD_SIZE];
unsigned int resultlength;
size_t resultlength;
/* Note: we check cookie_initialized because if it's not,
* it cannot be valid */
if (cookie_initialized
&& generate_cookie_callback(ssl, result, &resultlength)
&& generate_stateless_cookie_callback(ssl, result, &resultlength)
&& cookie_len == resultlength
&& memcmp(result, cookie, resultlength) == 0)
return 1;
@ -817,20 +817,20 @@ int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
return 0;
}
int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
size_t *cookie_len)
int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
unsigned int *cookie_len)
{
unsigned int temp = 0;
size_t temp = 0;
int res = generate_stateless_cookie_callback(ssl, cookie, &temp);
int res = generate_cookie_callback(ssl, cookie, &temp);
*cookie_len = temp;
*cookie_len = (unsigned int)temp;
return res;
}
int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,
size_t cookie_len)
int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
unsigned int cookie_len)
{
return verify_cookie_callback(ssl, cookie, cookie_len);
return verify_stateless_cookie_callback(ssl, cookie, cookie_len);
}
#endif

4
crypto/crmf/crmf_pbm.c
View File

@ -140,7 +140,6 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq,
unsigned int bklen = EVP_MAX_MD_SIZE;
int64_t iterations;
unsigned char *mac_res = 0;
unsigned int maclen;
int ok = 0;
if (out == NULL || pbmp == NULL || pbmp->mac == NULL
@ -207,10 +206,9 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq,
goto err;
}
if (EVP_Q_mac(libctx, "HMAC", propq, hmac_mdname, NULL, basekey, bklen,
msg, msglen, mac_res, EVP_MAX_MD_SIZE, &maclen) == NULL)
msg, msglen, mac_res, EVP_MAX_MD_SIZE, outlen) == NULL)
goto err;
*outlen = (size_t)maclen;
ok = 1;
err:

15
crypto/hmac/hmac.c
View File

@ -224,12 +224,17 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
{
static unsigned char static_md[EVP_MAX_MD_SIZE];
int size = EVP_MD_get_size(evp_md);
size_t temp_md_len = 0;
unsigned char *ret = NULL;
if (size < 0)
return NULL;
return EVP_Q_mac(NULL, "HMAC", NULL, EVP_MD_get0_name(evp_md), NULL,
key, key_len, data, data_len,
md == NULL ? static_md : md, size, md_len);
if (size >= 0) {
ret = EVP_Q_mac(NULL, "HMAC", NULL, EVP_MD_get0_name(evp_md), NULL,
key, key_len, data, data_len,
md == NULL ? static_md : md, size, &temp_md_len);
if (md_len != NULL)
*md_len = (unsigned int)temp_md_len;
}
return ret;
}
void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)

6
ssl/tls13_enc.c
View File

@ -309,8 +309,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
unsigned char hash[EVP_MAX_MD_SIZE];
unsigned char finsecret[EVP_MAX_MD_SIZE];
unsigned char *key = NULL;
unsigned int len = 0;
size_t hashlen, ret = 0;
size_t len = 0, hashlen;
OSSL_PARAM params[2], *p = params;
/* Safe to cast away const here since we're not "getting" any data */
@ -345,10 +344,9 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
goto err;
}
ret = len;
err:
OPENSSL_cleanse(finsecret, sizeof(finsecret));
return ret;
return len;
}
/*