mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-18 13:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Ensure libssl creates libctx aware MAC keys

Browse Source 
Convert various mac key creation function calls to use the _with_libctx
variants.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
This commit is contained in:
Matt Caswell 2020-08-11 11:50:04 +01:00 committed by Pauli
parent ada0670bf6
commit 6f0bd6ca1c
3 changed files with 29 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ssl/statem/extensions.c
View File

@ -1598,8 +1598,10 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
goto err;
}
mackey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finishedkey,
hashsize);
mackey = EVP_PKEY_new_raw_private_key_with_libctx(s->ctx->libctx, "HMAC",
s->ctx->propq,
finishedkey,
hashsize);
if (mackey == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
ERR_R_INTERNAL_ERROR);

18
ssl/statem/extensions_srvr.c
View File

@ -771,10 +771,11 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
/* Verify the HMAC of the cookie */
hctx = EVP_MD_CTX_create();
pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
s->session_ctx->ext.cookie_hmac_key,
sizeof(s->session_ctx->ext
.cookie_hmac_key));
pkey = EVP_PKEY_new_raw_private_key_with_libctx(s->ctx->libctx, "HMAC",
s->ctx->propq,
s->session_ctx->ext.cookie_hmac_key,
sizeof(s->session_ctx->ext
.cookie_hmac_key));
if (hctx == NULL || pkey == NULL) {
EVP_MD_CTX_free(hctx);
EVP_PKEY_free(pkey);
@ -1863,10 +1864,11 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
/* HMAC the cookie */
hctx = EVP_MD_CTX_create();
pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
s->session_ctx->ext.cookie_hmac_key,
sizeof(s->session_ctx->ext
.cookie_hmac_key));
pkey = EVP_PKEY_new_raw_private_key_with_libctx(s->ctx->libctx, "HMAC",
s->ctx->propq,
s->session_ctx->ext.cookie_hmac_key,
sizeof(s->session_ctx->ext
.cookie_hmac_key));
if (hctx == NULL || pkey == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
ERR_R_MALLOC_FAILURE);

18
ssl/t1_enc.c
View File

@ -376,9 +376,21 @@ int tls1_change_cipher_state(SSL *s, int which)
memcpy(mac_secret, ms, i);
if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
/* TODO(size_t): Convert this function */
mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, mac_secret,
(int)*mac_secret_size);
if (mac_type == EVP_PKEY_HMAC) {
mac_key = EVP_PKEY_new_raw_private_key_with_libctx(s->ctx->libctx,
"HMAC",
s->ctx->propq,
mac_secret,
*mac_secret_size);
} else {
/*
* If its not HMAC then the only other types of MAC we support are
* the GOST MACs, so we need to use the old style way of creating
* a MAC key.
*/
mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, mac_secret,
(int)*mac_secret_size);
}
if (mac_key == NULL
|| EVP_DigestSignInit_with_libctx(mac_ctx, NULL, EVP_MD_name(m),
s->ctx->libctx, s->ctx->propq,