mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-31 19:24:42 +02:00
Refactor to add the wc_HmacInit and wc_HmacFree calls.
This commit is contained in:
David Garske
37
src/ssl.c
37
src/ssl.c
@@ -12469,6 +12469,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
|
||||
#else
|
||||
Hmac hmac[1];
|
||||
#endif
|
||||
void* heap = NULL;
|
||||
|
||||
WOLFSSL_ENTER("HMAC");
|
||||
if (!md)
|
||||
@@ -12482,23 +12483,27 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
|
||||
return NULL;
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
hmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (hmac == NULL)
|
||||
return NULL;
|
||||
#endif
|
||||
|
||||
XMEMSET(hmac, 0, sizeof(Hmac));
|
||||
if (wc_HmacSetKey(hmac, type, (const byte*)key, key_len) == 0)
|
||||
if (wc_HmacUpdate(hmac, d, n) == 0)
|
||||
if (wc_HmacFinal(hmac, md) == 0) {
|
||||
if (md_len)
|
||||
*md_len = (type == MD5) ? (int)MD5_DIGEST_SIZE
|
||||
: (int)SHA_DIGEST_SIZE;
|
||||
ret = md;
|
||||
if (wc_HmacInit(hmac, heap, INVALID_DEVID) == 0) {
|
||||
if (wc_HmacSetKey(hmac, type, (const byte*)key, key_len) == 0) {
|
||||
if (wc_HmacUpdate(hmac, d, n) == 0) {
|
||||
if (wc_HmacFinal(hmac, md) == 0) {
|
||||
if (md_len)
|
||||
*md_len = (type == MD5) ? (int)MD5_DIGEST_SIZE
|
||||
: (int)SHA_DIGEST_SIZE;
|
||||
ret = md;
|
||||
}
|
||||
}
|
||||
}
|
||||
wc_HmacFree(hmac);
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(hmac, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
@@ -18911,8 +18916,11 @@ void wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen,
|
||||
|
||||
if (key && keylen) {
|
||||
WOLFSSL_MSG("keying hmac");
|
||||
XMEMSET(&ctx->hmac, 0, sizeof(Hmac));
|
||||
wc_HmacSetKey(&ctx->hmac, ctx->type, (const byte*)key, (word32)keylen);
|
||||
|
||||
if (wc_HmacInit(&ctx->hmac, NULL, INVALID_DEVID) == 0) {
|
||||
wc_HmacSetKey(&ctx->hmac, ctx->type, (const byte*)key,
|
||||
(word32)keylen);
|
||||
}
|
||||
/* OpenSSL compat, no error */
|
||||
}
|
||||
}
|
||||
@@ -18974,9 +18982,10 @@ void wolfSSL_HMAC_Final(WOLFSSL_HMAC_CTX* ctx, unsigned char* hash,
|
||||
|
||||
void wolfSSL_HMAC_cleanup(WOLFSSL_HMAC_CTX* ctx)
|
||||
{
|
||||
(void)ctx;
|
||||
|
||||
WOLFSSL_MSG("wolfSSL_HMAC_cleanup");
|
||||
|
||||
if (ctx)
|
||||
wc_HmacFree(&ctx->hmac);
|
||||
}
|
||||
|
||||
|
||||
|
||||
78
src/tls.c
78
src/tls.c
@@ -149,37 +149,41 @@ static int p_hash(byte* result, word32 resLen, const byte* secret,
|
||||
|
||||
lastTime = times - 1;
|
||||
|
||||
XMEMSET(hmac, 0, sizeof(Hmac));
|
||||
if ((ret = wc_HmacSetKey(hmac, hash, secret, secLen)) == 0) {
|
||||
if ((ret = wc_HmacUpdate(hmac, seed, seedLen)) == 0) { /* A0 = seed */
|
||||
if ((ret = wc_HmacFinal(hmac, previous)) == 0) { /* A1 */
|
||||
for (i = 0; i < times; i++) {
|
||||
ret = wc_HmacInit(hmac, NULL, INVALID_DEVID);
|
||||
if (ret == 0) {
|
||||
ret = wc_HmacSetKey(hmac, hash, secret, secLen);
|
||||
if (ret == 0)
|
||||
ret = wc_HmacUpdate(hmac, seed, seedLen); /* A0 = seed */
|
||||
if (ret == 0)
|
||||
ret = wc_HmacFinal(hmac, previous); /* A1 */
|
||||
if (ret == 0) {
|
||||
for (i = 0; i < times; i++) {
|
||||
ret = wc_HmacUpdate(hmac, previous, len);
|
||||
if (ret != 0)
|
||||
break;
|
||||
ret = wc_HmacUpdate(hmac, seed, seedLen);
|
||||
if (ret != 0)
|
||||
break;
|
||||
ret = wc_HmacFinal(hmac, current);
|
||||
if (ret != 0)
|
||||
break;
|
||||
|
||||
if ((i == lastTime) && lastLen)
|
||||
XMEMCPY(&result[idx], current,
|
||||
min(lastLen, P_HASH_MAX_SIZE));
|
||||
else {
|
||||
XMEMCPY(&result[idx], current, len);
|
||||
idx += len;
|
||||
ret = wc_HmacUpdate(hmac, previous, len);
|
||||
if (ret != 0)
|
||||
break;
|
||||
ret = wc_HmacUpdate(hmac, seed, seedLen);
|
||||
ret = wc_HmacFinal(hmac, previous);
|
||||
if (ret != 0)
|
||||
break;
|
||||
ret = wc_HmacFinal(hmac, current);
|
||||
if (ret != 0)
|
||||
break;
|
||||
|
||||
if ((i == lastTime) && lastLen)
|
||||
XMEMCPY(&result[idx], current,
|
||||
min(lastLen, P_HASH_MAX_SIZE));
|
||||
else {
|
||||
XMEMCPY(&result[idx], current, len);
|
||||
idx += len;
|
||||
ret = wc_HmacUpdate(hmac, previous, len);
|
||||
if (ret != 0)
|
||||
break;
|
||||
ret = wc_HmacFinal(hmac, previous);
|
||||
if (ret != 0)
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
wc_HmacFree(hmac);
|
||||
}
|
||||
|
||||
ForceZero(previous, P_HASH_MAX_SIZE);
|
||||
@@ -795,7 +799,7 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
|
||||
int content, int verify)
|
||||
{
|
||||
Hmac hmac;
|
||||
int ret;
|
||||
int ret = 0;
|
||||
byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
|
||||
|
||||
if (ssl == NULL)
|
||||
@@ -808,22 +812,22 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
|
||||
|
||||
wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
|
||||
|
||||
XMEMSET(&hmac, 0, sizeof(Hmac));
|
||||
ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
|
||||
wolfSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
ret = wc_HmacUpdate(&hmac, in, sz); /* content */
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
ret = wc_HmacFinal(&hmac, digest);
|
||||
ret = wc_HmacInit(&hmac, NULL, ssl->devId);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
return 0;
|
||||
ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
|
||||
wolfSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size);
|
||||
if (ret == 0) {
|
||||
ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
|
||||
if (ret == 0)
|
||||
ret = wc_HmacUpdate(&hmac, in, sz); /* content */
|
||||
if (ret == 0)
|
||||
ret = wc_HmacFinal(&hmac, digest);
|
||||
}
|
||||
wc_HmacFree(&hmac);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef HAVE_TLS_EXTENSIONS
|
||||
|
||||
@@ -7199,16 +7199,17 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
|
||||
case ecHMAC_SHA256:
|
||||
{
|
||||
Hmac hmac;
|
||||
ret = wc_HmacSetKey(&hmac, SHA256, macKey, SHA256_DIGEST_SIZE);
|
||||
if (ret != 0)
|
||||
break;
|
||||
ret = wc_HmacUpdate(&hmac, out, msgSz);
|
||||
if (ret != 0)
|
||||
break;
|
||||
ret = wc_HmacUpdate(&hmac, ctx->macSalt, ctx->macSaltSz);
|
||||
if (ret != 0)
|
||||
break;
|
||||
ret = wc_HmacFinal(&hmac, out+msgSz);
|
||||
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
|
||||
if (ret == 0) {
|
||||
ret = wc_HmacSetKey(&hmac, SHA256, macKey, SHA256_DIGEST_SIZE);
|
||||
if (ret == 0)
|
||||
ret = wc_HmacUpdate(&hmac, out, msgSz);
|
||||
if (ret == 0)
|
||||
ret = wc_HmacUpdate(&hmac, ctx->macSalt, ctx->macSaltSz);
|
||||
if (ret == 0)
|
||||
ret = wc_HmacFinal(&hmac, out+msgSz);
|
||||
wc_HmacFree(&hmac);
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
||||
@@ -7330,25 +7331,28 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
|
||||
|
||||
switch (ctx->macAlgo) {
|
||||
case ecHMAC_SHA256:
|
||||
{
|
||||
byte verify[SHA256_DIGEST_SIZE];
|
||||
Hmac hmac;
|
||||
{
|
||||
byte verify[SHA256_DIGEST_SIZE];
|
||||
Hmac hmac;
|
||||
|
||||
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
|
||||
if (ret == 0) {
|
||||
ret = wc_HmacSetKey(&hmac, SHA256, macKey, SHA256_DIGEST_SIZE);
|
||||
if (ret != 0)
|
||||
break;
|
||||
ret = wc_HmacUpdate(&hmac, msg, msgSz-digestSz);
|
||||
if (ret != 0)
|
||||
break;
|
||||
ret = wc_HmacUpdate(&hmac, ctx->macSalt, ctx->macSaltSz);
|
||||
if (ret != 0)
|
||||
break;
|
||||
ret = wc_HmacFinal(&hmac, verify);
|
||||
if (ret != 0)
|
||||
break;
|
||||
if (XMEMCMP(verify, msg + msgSz - digestSz, digestSz) != 0)
|
||||
ret = -1;
|
||||
if (ret == 0)
|
||||
ret = wc_HmacUpdate(&hmac, msg, msgSz-digestSz);
|
||||
if (ret == 0)
|
||||
ret = wc_HmacUpdate(&hmac, ctx->macSalt, ctx->macSaltSz);
|
||||
if (ret == 0)
|
||||
ret = wc_HmacFinal(&hmac, verify);
|
||||
if (ret == 0) {
|
||||
if (XMEMCMP(verify, msg + msgSz - digestSz, digestSz) != 0)
|
||||
ret = -1;
|
||||
}
|
||||
|
||||
wc_HmacFree(&hmac);
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
default:
|
||||
ret = BAD_FUNC_ARG;
|
||||
|
||||
@@ -732,6 +732,7 @@ int wc_HmacInit(Hmac* hmac, void* heap, int devId)
|
||||
if (hmac == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
XMEMSET(hmac, 0, sizeof(Hmac));
|
||||
hmac->heap = heap;
|
||||
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC)
|
||||
|
||||
@@ -530,16 +530,16 @@ static int wc_PKCS12_verify(WC_PKCS12* pkcs12, byte* data, word32 dataSz,
|
||||
if ((ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID)) != 0) {
|
||||
return ret;
|
||||
}
|
||||
if ((ret = wc_HmacSetKey(&hmac, typeH, key, kLen)) != 0) {
|
||||
return ret;
|
||||
}
|
||||
if ((ret = wc_HmacUpdate(&hmac, data, dataSz)) != 0) {
|
||||
return ret;
|
||||
}
|
||||
if ((ret = wc_HmacFinal(&hmac, digest)) != 0) {
|
||||
return ret;
|
||||
}
|
||||
ret = wc_HmacSetKey(&hmac, typeH, key, kLen);
|
||||
if (ret == 0)
|
||||
ret = wc_HmacUpdate(&hmac, data, dataSz);
|
||||
if (ret == 0)
|
||||
ret = wc_HmacFinal(&hmac, digest);
|
||||
wc_HmacFree(&hmac);
|
||||
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_PKCS12
|
||||
{
|
||||
byte* p;
|
||||
|
||||
@@ -182,10 +182,11 @@ int wc_PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
|
||||
return MEMORY_E;
|
||||
#endif
|
||||
|
||||
ret = wc_HmacSetKey(&hmac, hashType, passwd, pLen);
|
||||
|
||||
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
|
||||
if (ret == 0) {
|
||||
while (kLen) {
|
||||
ret = wc_HmacSetKey(&hmac, hashType, passwd, pLen);
|
||||
|
||||
while (ret == 0 && kLen) {
|
||||
int currentLen;
|
||||
|
||||
ret = wc_HmacUpdate(&hmac, salt, sLen);
|
||||
@@ -230,6 +231,7 @@ int wc_PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
|
||||
kLen -= currentLen;
|
||||
i++;
|
||||
}
|
||||
wc_HmacFree(&hmac);
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
|
||||
Reference in New Issue
Block a user