aboutsummaryrefslogtreecommitdiff
path: root/src/providers
diff options
context:
space:
mode:
authorLibravatar vnugent <public@vaughnnugent.com>2024-07-23 19:55:13 -0400
committerLibravatar vnugent <public@vaughnnugent.com>2024-07-23 19:55:13 -0400
commit54f520e4bfc0fe23e2719d44b09739aa8709451c (patch)
tree4173d4f7e8205dc175f8a1d26e0c0b00c72aa907 /src/providers
parent12feb33dba2061415d6f39fa59dec16fafcda2a0 (diff)
latest changes
Diffstat (limited to 'src/providers')
-rw-r--r--src/providers/bcrypt.c3
-rw-r--r--src/providers/openssl.c94
2 files changed, 64 insertions, 33 deletions
diff --git a/src/providers/bcrypt.c b/src/providers/bcrypt.c
index 67ae695..10cf801 100644
--- a/src/providers/bcrypt.c
+++ b/src/providers/bcrypt.c
@@ -223,7 +223,8 @@ _IMPLSTB void _bcDestroyCtx(struct _bcrypt_ctx* ctx)
cstatus_t _bcrypt_hkdf_finish(void* ctx, sha256_t hmacOut32)
{
- DEBUG_ASSERT(ctx != NULL)
+ DEBUG_ASSERT(ctx != NULL);
+ DEBUG_ASSERT(hmacOut32 != NULL);
BC_FAIL(_bcFinishHash((struct _bcrypt_ctx*)ctx, hmacOut32))
return CSTATUS_OK;
diff --git a/src/providers/openssl.c b/src/providers/openssl.c
index 1f31796..5bade3b 100644
--- a/src/providers/openssl.c
+++ b/src/providers/openssl.c
@@ -26,6 +26,8 @@
#define _OSSL_FAIL(x) if(!(x)) return CSTATUS_FAIL;
+#define ossl_md_sha256() EVP_MD_fetch(NULL, "SHA2-256", NULL)
+
#ifndef _IMPL_SECURE_ZERO_MEMSET
#define _IMPL_SECURE_ZERO_MEMSET _ossl_secure_zero_memset
@@ -63,11 +65,11 @@
#define _IMPL_CRYPTO_SHA256_DIGEST _ossl_sha256_digest
- _IMPLSTB cstatus_t _ossl_sha256_digest(const cspan_t* data, sha256_t digestOut32)
+ _IMPLSTB cstatus_t _ossl_sha256_digest(cspan_t data, sha256_t digestOut32)
{
- _overflow_check(data->size)
+ _overflow_check(data.size)
- _OSSL_FAIL(SHA256(data->data, data->size, digestOut32))
+ _OSSL_FAIL(SHA256(data.data, data.size, digestOut32))
return CSTATUS_OK;
}
@@ -81,22 +83,22 @@
/* Export function */
#define _IMPL_CRYPTO_SHA256_HMAC _ossl_hmac_sha256
- _IMPLSTB cstatus_t _ossl_hmac_sha256(const cspan_t* key, const cspan_t* data, sha256_t hmacOut32)
+ _IMPLSTB cstatus_t _ossl_hmac_sha256(cspan_t key, cspan_t data, sha256_t hmacOut32)
{
unsigned int hmacLen;
- _overflow_check(key->size)
- _overflow_check(data->size)
+ _overflow_check(key.size)
+ _overflow_check(data.size)
hmacLen = sizeof(sha256_t);
_OSSL_FAIL(
HMAC(
- EVP_sha256(),
- key->data,
- key->size,
- data->data,
- data->size,
+ ossl_md_sha256(),
+ key.data,
+ key.size,
+ data.data,
+ data.size,
hmacOut32,
&hmacLen
)
@@ -112,30 +114,44 @@
#ifndef _IMPL_CRYPTO_SHA256_HKDF_EXPAND
- #include <openssl/hmac.h>
+ #include <openssl/evp.h>
#define _IMPL_CRYPTO_SHA256_HKDF_EXPAND _ossl_sha256_hkdf_expand
- cstatus_t _ossl_hkdf_update(void* ctx, const cspan_t* data)
+ cstatus_t _ossl_hkdf_update(void* ctx, cspan_t data)
{
DEBUG_ASSERT(ctx != NULL)
- _overflow_check(data->size)
+ _overflow_check(data.size)
- _OSSL_FAIL(EVP_DigestUpdate((EVP_MD_CTX*)ctx, data->data, data->size))
+ _OSSL_FAIL(
+ EVP_MAC_update(
+ (EVP_MAC_CTX*)ctx,
+ data.data,
+ data.size
+ )
+ )
return CSTATUS_OK;
}
cstatus_t _ossl_hkdf_finish(void* ctx, sha256_t hmacOut32)
{
- unsigned int hmacSize;
+ size_t hmacSize;
- DEBUG_ASSERT(ctx != NULL)
+ DEBUG_ASSERT(ctx != NULL);
+ DEBUG_ASSERT(hmacOut32 != NULL)
- hmacSize = sizeof(sha256_t);
+ hmacSize = 0;
- _OSSL_FAIL(EVP_DigestFinal_ex((EVP_MD_CTX*)ctx, hmacOut32, &hmacSize))
+ _OSSL_FAIL(
+ EVP_MAC_final(
+ (EVP_MAC_CTX*)ctx,
+ hmacOut32,
+ &hmacSize,
+ sizeof(sha256_t)
+ )
+ )
/* When configured for sha256, should always be the same size in/out */
DEBUG_ASSERT(hmacSize == sizeof(sha256_t))
@@ -143,42 +159,56 @@
return CSTATUS_OK;
}
- _IMPLSTB cstatus_t _ossl_sha256_hkdf_expand(const cspan_t* prk, const cspan_t* info, span_t* okm)
+ _IMPLSTB cstatus_t _ossl_sha256_hkdf_expand(cspan_t prk, cspan_t info, span_t okm)
{
- EVP_MD_CTX* ctx;
+ EVP_MAC* mac;
+ EVP_MAC_CTX* ctx;
cstatus_t result;
+ OSSL_PARAM params[2];
struct nc_hkdf_fn_cb_struct handler;
result = CSTATUS_FAIL;
+
+ handler.update = _ossl_hkdf_update;
+ handler.finish = _ossl_hkdf_finish;
+ _overflow_check(prk.size);
+
/*
- * NOTE! Hmac reusable flag must be set to allow for multiple
- * calls to the finish function without losing the context.
+ * Silly openssl stuff. Enable hmac with sha256 using the system default
+ * security provider. The one-shot flag must also be disabled (0) because
+ * we need to call update multiple times.
+ *
+ * "provider=default,digest=SHA256,digest-oneshot=0"
*/
- if ((ctx = EVP_MD_CTX_create()) == NULL)
+ ctx = NULL;
+ mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
+
+ if (mac == NULL)
{
- return CSTATUS_FAIL;
+ goto Cleanup;
}
- if (!EVP_DigestInit_ex2(ctx, EVP_sha256(), NULL))
+ if ((ctx = EVP_MAC_CTX_new(mac)) == NULL)
{
goto Cleanup;
}
- if (!EVP_DigestUpdate(ctx, prk->data, prk->size))
+ params[0] = OSSL_PARAM_construct_utf8_string("digest", "SHA2-256", 0);
+ params[1] = OSSL_PARAM_construct_end();
+
+ if (!EVP_MAC_init(ctx, prk.data, prk.size, params))
{
goto Cleanup;
}
-
- handler.update = _ossl_hkdf_update;
- handler.finish = _ossl_hkdf_finish;
result = hkdfExpandProcess(&handler, ctx, info, okm);
Cleanup:
-
- EVP_MD_CTX_destroy(ctx);
+
+ if (ctx) EVP_MAC_CTX_free(ctx);
+ if (mac) EVP_MAC_free(mac);
return result;
}