aboutsummaryrefslogtreecommitdiff
path: root/src/crypto/impl/openssl.c
diff options
context:
space:
mode:
authorLibravatar vnugent <public@vaughnnugent.com>2024-05-02 21:54:35 -0400
committerLibravatar vnugent <public@vaughnnugent.com>2024-05-02 21:54:35 -0400
commit55fae189fffc86f07a3448370f0a746670819712 (patch)
tree74c846943fc469590c01aca296a27a5fd0e2ad03 /src/crypto/impl/openssl.c
parent6ff8bb11774c51fd341b7699a3938fd894995fbf (diff)
feat: Working and tested openssl impl & defaults
Diffstat (limited to 'src/crypto/impl/openssl.c')
-rw-r--r--src/crypto/impl/openssl.c48
1 files changed, 25 insertions, 23 deletions
diff --git a/src/crypto/impl/openssl.c b/src/crypto/impl/openssl.c
index 90028e6..fd3b4e6 100644
--- a/src/crypto/impl/openssl.c
+++ b/src/crypto/impl/openssl.c
@@ -20,7 +20,6 @@
/* Setup openssl */
-
#ifdef OPENSSL_CRYPTO_LIB
#include "nc-util.h"
@@ -34,7 +33,7 @@
_IMPLSTB void _ossl_secure_zero_memset(void* ptr, size_t size)
{
- _sizet_check(size)
+ _overflow_check(size)
OPENSSL_cleanse(ptr, size);
}
@@ -48,7 +47,8 @@
{
int result;
- _sizet_check(size)
+ /* Size checks are required for platforms that have integer sizes under 32bit */
+ _overflow_check(size)
result = CRYPTO_memcmp(a, b, size);
@@ -66,7 +66,7 @@
_IMPLSTB cstatus_t _ossl_sha256_digest(const cspan_t* data, sha256_t digestOut32)
{
- _sizet_check(data->size)
+ _overflow_check(data->size)
_OSSL_FAIL(SHA256(data->data, data->size, digestOut32))
@@ -86,8 +86,8 @@
{
unsigned int hmacLen;
- _sizet_check(key->size)
- _sizet_check(data->size)
+ _overflow_check(key->size)
+ _overflow_check(data->size)
hmacLen = sizeof(sha256_t);
@@ -104,7 +104,7 @@
)
/* digest length should match the actual digest size */
- _OSSL_FAIL(hmacLen != sizeof(sha256_t))
+ DEBUG_ASSERT(hmacLen == sizeof(sha256_t))
return CSTATUS_OK;
}
@@ -122,23 +122,32 @@
{
DEBUG_ASSERT(ctx != NULL)
- _OSS_FAIL(HMAC_Update((HMAC_CTX*)ctx, data->data, data->size))
+ _overflow_check(data->size)
+
+ _OSSL_FAIL(EVP_DigestUpdate((EVP_MD_CTX*)ctx, data->data, data->size))
return CSTATUS_OK;
}
cstatus_t _ossl_hkdf_finish(void* ctx, sha256_t hmacOut32)
{
+ unsigned int hmacSize;
+
DEBUG_ASSERT(ctx != NULL)
- _OSSL_FAIL(HMAC_Final((HMAC_CTX*)ctx, hmacOut32, NULL))
+ hmacSize = sizeof(sha256_t);
+
+ _OSSL_FAIL(EVP_DigestFinal_ex((EVP_MD_CTX*)ctx, hmacOut32, &hmacSize))
+
+ /* When configured for sha256, should always be the same size in/out */
+ DEBUG_ASSERT(hmacSize == sizeof(sha256_t))
return CSTATUS_OK;
}
- _IMPLSTB cstatus_t _ossl_fallback_hkdf_expand(const cspan_t* prk, const cspan_t* info, span_t* okm)
+ _IMPLSTB cstatus_t _ossl_sha256_hkdf_expand(const cspan_t* prk, const cspan_t* info, span_t* okm)
{
- HMAC_CTX* hmac;
+ EVP_MD_CTX* ctx;
cstatus_t result;
struct nc_hkdf_fn_cb_struct handler;
@@ -147,28 +156,21 @@
* calls to the finish function without losing the context.
*/
- if ((hmac = HMAC_CTX_new()) == NULL)
+ if ((ctx = EVP_MD_CTX_create()) == NULL)
{
return CSTATUS_FAIL;
}
+ _OSSL_FAIL(EVP_DigestInit_ex2(ctx, EVP_sha256(), NULL))
- _OSSL_FAIL(
- HMAC_Init_ex(
- hmac,
- prk->data,
- pkr->size,
- EVP_sha256(),
- NULL
- )
- )
+ _OSSL_FAIL(EVP_DigestUpdate(ctx, prk->data, prk->size));
handler.update = _ossl_hkdf_update;
handler.finish = _ossl_hkdf_finish;
- result = hkdfExpandProcess(&handler, hmac, info, okm);
+ result = hkdfExpandProcess(&handler, ctx, info, okm);
- HMAC_CTX_free(hmac);
+ EVP_MD_CTX_destroy(ctx);
return result;
}