diff options
| author |  vnugent <public@vaughnnugent.com> | 2024-07-23 19:55:13 -0400 |
|---|---|---|
| committer | vnugent <public@vaughnnugent.com> | 2024-07-23 19:55:13 -0400 |
| commit | 54f520e4bfc0fe23e2719d44b09739aa8709451c (patch) | |
| tree | 4173d4f7e8205dc175f8a1d26e0c0b00c72aa907 /src/providers/openssl.c | |
| parent | 12feb33dba2061415d6f39fa59dec16fafcda2a0 (diff) | |
latest changes
Diffstat (limited to 'src/providers/openssl.c')
| -rw-r--r-- | src/providers/openssl.c | 94 |
1 files changed, 62 insertions, 32 deletions
diff --git a/src/providers/openssl.c b/src/providers/openssl.c index 1f31796..5bade3b 100644 --- a/src/providers/openssl.c +++ b/src/providers/openssl.c @@ -26,6 +26,8 @@ #define _OSSL_FAIL(x) if(!(x)) return CSTATUS_FAIL; +#define ossl_md_sha256() EVP_MD_fetch(NULL, "SHA2-256", NULL) + #ifndef _IMPL_SECURE_ZERO_MEMSET #define _IMPL_SECURE_ZERO_MEMSET _ossl_secure_zero_memset @@ -63,11 +65,11 @@ #define _IMPL_CRYPTO_SHA256_DIGEST _ossl_sha256_digest - _IMPLSTB cstatus_t _ossl_sha256_digest(const cspan_t* data, sha256_t digestOut32) + _IMPLSTB cstatus_t _ossl_sha256_digest(cspan_t data, sha256_t digestOut32) { - _overflow_check(data->size) + _overflow_check(data.size) - _OSSL_FAIL(SHA256(data->data, data->size, digestOut32)) + _OSSL_FAIL(SHA256(data.data, data.size, digestOut32)) return CSTATUS_OK; } @@ -81,22 +83,22 @@ /* Export function */ #define _IMPL_CRYPTO_SHA256_HMAC _ossl_hmac_sha256 - _IMPLSTB cstatus_t _ossl_hmac_sha256(const cspan_t* key, const cspan_t* data, sha256_t hmacOut32) + _IMPLSTB cstatus_t _ossl_hmac_sha256(cspan_t key, cspan_t data, sha256_t hmacOut32) { unsigned int hmacLen; - _overflow_check(key->size) - _overflow_check(data->size) + _overflow_check(key.size) + _overflow_check(data.size) hmacLen = sizeof(sha256_t); _OSSL_FAIL( HMAC( - EVP_sha256(), - key->data, - key->size, - data->data, - data->size, + ossl_md_sha256(), + key.data, + key.size, + data.data, + data.size, hmacOut32, &hmacLen ) @@ -112,30 +114,44 @@ #ifndef _IMPL_CRYPTO_SHA256_HKDF_EXPAND - #include <openssl/hmac.h> + #include <openssl/evp.h> #define _IMPL_CRYPTO_SHA256_HKDF_EXPAND _ossl_sha256_hkdf_expand - cstatus_t _ossl_hkdf_update(void* ctx, const cspan_t* data) + cstatus_t _ossl_hkdf_update(void* ctx, cspan_t data) { DEBUG_ASSERT(ctx != NULL) - _overflow_check(data->size) + _overflow_check(data.size) - _OSSL_FAIL(EVP_DigestUpdate((EVP_MD_CTX*)ctx, data->data, data->size)) + _OSSL_FAIL( + EVP_MAC_update( + (EVP_MAC_CTX*)ctx, + data.data, + data.size + ) + ) return CSTATUS_OK; } cstatus_t _ossl_hkdf_finish(void* ctx, sha256_t hmacOut32) { - unsigned int hmacSize; + size_t hmacSize; - DEBUG_ASSERT(ctx != NULL) + DEBUG_ASSERT(ctx != NULL); + DEBUG_ASSERT(hmacOut32 != NULL) - hmacSize = sizeof(sha256_t); + hmacSize = 0; - _OSSL_FAIL(EVP_DigestFinal_ex((EVP_MD_CTX*)ctx, hmacOut32, &hmacSize)) + _OSSL_FAIL( + EVP_MAC_final( + (EVP_MAC_CTX*)ctx, + hmacOut32, + &hmacSize, + sizeof(sha256_t) + ) + ) /* When configured for sha256, should always be the same size in/out */ DEBUG_ASSERT(hmacSize == sizeof(sha256_t)) @@ -143,42 +159,56 @@ return CSTATUS_OK; } - _IMPLSTB cstatus_t _ossl_sha256_hkdf_expand(const cspan_t* prk, const cspan_t* info, span_t* okm) + _IMPLSTB cstatus_t _ossl_sha256_hkdf_expand(cspan_t prk, cspan_t info, span_t okm) { - EVP_MD_CTX* ctx; + EVP_MAC* mac; + EVP_MAC_CTX* ctx; cstatus_t result; + OSSL_PARAM params[2]; struct nc_hkdf_fn_cb_struct handler; result = CSTATUS_FAIL; + + handler.update = _ossl_hkdf_update; + handler.finish = _ossl_hkdf_finish; + _overflow_check(prk.size); + /* - * NOTE! Hmac reusable flag must be set to allow for multiple - * calls to the finish function without losing the context. + * Silly openssl stuff. Enable hmac with sha256 using the system default + * security provider. The one-shot flag must also be disabled (0) because + * we need to call update multiple times. + * + * "provider=default,digest=SHA256,digest-oneshot=0" */ - if ((ctx = EVP_MD_CTX_create()) == NULL) + ctx = NULL; + mac = EVP_MAC_fetch(NULL, "HMAC", NULL); + + if (mac == NULL) { - return CSTATUS_FAIL; + goto Cleanup; } - if (!EVP_DigestInit_ex2(ctx, EVP_sha256(), NULL)) + if ((ctx = EVP_MAC_CTX_new(mac)) == NULL) { goto Cleanup; } - if (!EVP_DigestUpdate(ctx, prk->data, prk->size)) + params[0] = OSSL_PARAM_construct_utf8_string("digest", "SHA2-256", 0); + params[1] = OSSL_PARAM_construct_end(); + + if (!EVP_MAC_init(ctx, prk.data, prk.size, params)) { goto Cleanup; } - - handler.update = _ossl_hkdf_update; - handler.finish = _ossl_hkdf_finish; result = hkdfExpandProcess(&handler, ctx, info, okm); Cleanup: - - EVP_MD_CTX_destroy(ctx); + + if (ctx) EVP_MAC_CTX_free(ctx); + if (mac) EVP_MAC_free(mac); return result; } |