diff --git a/CHANGES.md b/CHANGES.md index 24fb86fddb..982e677fcc 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -361,8 +361,8 @@ OpenSSL 3.0 and HMAC_CTX_get_md. Use of these low level functions has been informally discouraged for a long - time. Instead applications should use L, - L, L, L + time. Instead applications should use L, + L, L, L and L. *Paul Dale* @@ -385,8 +385,8 @@ OpenSSL 3.0 CMAC_CTX_copy, CMAC_Init, CMAC_Update, CMAC_Final and CMAC_resume. Use of these low level functions has been informally discouraged for a long - time. Instead applications should use L, - L, L, L + time. Instead applications should use L, + L, L, L and L. *Paul Dale* diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c index 1eb183f361..e0fe43e8b7 100644 --- a/apps/fipsinstall.c +++ b/apps/fipsinstall.c @@ -366,7 +366,7 @@ opthelp: goto end; } - ctx = EVP_MAC_CTX_new(mac); + ctx = EVP_MAC_new_ctx(mac); if (ctx == NULL) { BIO_printf(bio_err, "Unable to create MAC CTX for module check\n"); goto end; @@ -380,7 +380,7 @@ opthelp: if (params == NULL) goto end; - if (!EVP_MAC_CTX_set_params(ctx, params)) { + if (!EVP_MAC_set_ctx_params(ctx, params)) { BIO_printf(bio_err, "MAC parameter error\n"); ERR_print_errors(bio_err); ok = 0; @@ -390,7 +390,7 @@ opthelp: goto end; } - ctx2 = EVP_MAC_CTX_dup(ctx); + ctx2 = EVP_MAC_dup_ctx(ctx); if (ctx2 == NULL) { BIO_printf(bio_err, "Unable to create MAC CTX for install indicator\n"); goto end; @@ -450,8 +450,8 @@ cleanup: BIO_free(module_bio); sk_OPENSSL_STRING_free(opts); EVP_MAC_free(mac); - EVP_MAC_CTX_free(ctx2); - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx2); + EVP_MAC_free_ctx(ctx); OPENSSL_free(read_buffer); free_config_and_unload(conf); return ret; diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index 34bc4a9995..d021c868c3 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -787,7 +787,7 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie, BIO_printf(bio_err, "HMAC not found\n"); goto end; } - ctx = EVP_MAC_CTX_new(hmac); + ctx = EVP_MAC_new_ctx(hmac); if (ctx == NULL) { BIO_printf(bio_err, "HMAC context allocation failed\n"); goto end; @@ -796,7 +796,7 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie, *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, cookie_secret, COOKIE_SECRET_LENGTH); *p = OSSL_PARAM_construct_end(); - if (!EVP_MAC_CTX_set_params(ctx, params)) { + if (!EVP_MAC_set_ctx_params(ctx, params)) { BIO_printf(bio_err, "HMAC context parameter setting failed\n"); goto end; } diff --git a/apps/mac.c b/apps/mac.c index 30f0daabcc..e84321b83a 100644 --- a/apps/mac.c +++ b/apps/mac.c @@ -114,7 +114,7 @@ opthelp: goto opthelp; } - ctx = EVP_MAC_CTX_new(mac); + ctx = EVP_MAC_new_ctx(mac); if (ctx == NULL) goto err; @@ -126,7 +126,7 @@ opthelp: if (params == NULL) goto err; - if (!EVP_MAC_CTX_set_params(ctx, params)) { + if (!EVP_MAC_set_ctx_params(ctx, params)) { BIO_printf(bio_err, "MAC parameter error\n"); ERR_print_errors(bio_err); ok = 0; @@ -199,7 +199,7 @@ err: sk_OPENSSL_STRING_free(opts); BIO_free(in); BIO_free(out); - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); EVP_MAC_free(mac); return ret; } diff --git a/crypto/cmac/cm_ameth.c b/crypto/cmac/cm_ameth.c index aa06cdc98a..ece3d8f91c 100644 --- a/crypto/cmac/cm_ameth.c +++ b/crypto/cmac/cm_ameth.c @@ -31,9 +31,9 @@ static int cmac_size(const EVP_PKEY *pkey) static void cmac_key_free(EVP_PKEY *pkey) { EVP_MAC_CTX *cmctx = EVP_PKEY_get0(pkey); - EVP_MAC *mac = cmctx == NULL ? NULL : EVP_MAC_CTX_mac(cmctx); + EVP_MAC *mac = cmctx == NULL ? NULL : EVP_MAC_get_ctx_mac(cmctx); - EVP_MAC_CTX_free(cmctx); + EVP_MAC_free_ctx(cmctx); EVP_MAC_free(mac); } diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c index f674eeeff7..a087bc4423 100644 --- a/crypto/crmf/crmf_pbm.c +++ b/crypto/crmf/crmf_pbm.c @@ -202,8 +202,8 @@ int OSSL_CRMF_pbm_new(const OSSL_CRMF_PBMPARAMETER *pbmp, macparams[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, basekey, bklen); if ((mac = EVP_MAC_fetch(NULL, "HMAC", NULL)) == NULL - || (mctx = EVP_MAC_CTX_new(mac)) == NULL - || !EVP_MAC_CTX_set_params(mctx, macparams) + || (mctx = EVP_MAC_new_ctx(mac)) == NULL + || !EVP_MAC_set_ctx_params(mctx, macparams) || !EVP_MAC_init(mctx) || !EVP_MAC_update(mctx, msg, msglen) || !EVP_MAC_final(mctx, mac_res, outlen, EVP_MAX_MD_SIZE)) @@ -214,7 +214,7 @@ int OSSL_CRMF_pbm_new(const OSSL_CRMF_PBMPARAMETER *pbmp, err: /* cleanup */ OPENSSL_cleanse(basekey, bklen); - EVP_MAC_CTX_free(mctx); + EVP_MAC_free_ctx(mctx); EVP_MAC_free(mac); EVP_MD_CTX_free(ctx); diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 9b252e3827..1668c95153 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -845,8 +845,6 @@ EVP_F_EVP_KEYEXCH_FETCH:245:EVP_KEYEXCH_fetch EVP_F_EVP_KEYEXCH_FROM_DISPATCH:244:evp_keyexch_from_dispatch EVP_F_EVP_MAC_CTRL:209:EVP_MAC_ctrl EVP_F_EVP_MAC_CTRL_STR:210:EVP_MAC_ctrl_str -EVP_F_EVP_MAC_CTX_DUP:211:EVP_MAC_CTX_dup -EVP_F_EVP_MAC_CTX_NEW:213:EVP_MAC_CTX_new EVP_F_EVP_MAC_INIT:212:EVP_MAC_init EVP_F_EVP_MD_BLOCK_SIZE:232:EVP_MD_block_size EVP_F_EVP_MD_CTX_COPY_EX:110:EVP_MD_CTX_copy_ex diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c index b7bfe8921f..8fe9708797 100644 --- a/crypto/evp/mac_lib.c +++ b/crypto/evp/mac_lib.c @@ -19,14 +19,14 @@ #include "internal/provider.h" #include "evp_local.h" -EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac) +EVP_MAC_CTX *EVP_MAC_new_ctx(EVP_MAC *mac) { EVP_MAC_CTX *ctx = OPENSSL_zalloc(sizeof(EVP_MAC_CTX)); if (ctx == NULL || (ctx->data = mac->newctx(ossl_provider_ctx(mac->prov))) == NULL || !EVP_MAC_up_ref(mac)) { - EVPerr(EVP_F_EVP_MAC_CTX_NEW, ERR_R_MALLOC_FAILURE); + EVPerr(0, ERR_R_MALLOC_FAILURE); if (ctx != NULL) mac->freectx(ctx->data); OPENSSL_free(ctx); @@ -37,7 +37,7 @@ EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac) return ctx; } -void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx) +void EVP_MAC_free_ctx(EVP_MAC_CTX *ctx) { if (ctx != NULL) { ctx->meth->freectx(ctx->data); @@ -48,7 +48,7 @@ void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx) OPENSSL_free(ctx); } -EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src) +EVP_MAC_CTX *EVP_MAC_dup_ctx(const EVP_MAC_CTX *src) { EVP_MAC_CTX *dst; @@ -57,27 +57,27 @@ EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src) dst = OPENSSL_malloc(sizeof(*dst)); if (dst == NULL) { - EVPerr(EVP_F_EVP_MAC_CTX_DUP, ERR_R_MALLOC_FAILURE); + EVPerr(0, ERR_R_MALLOC_FAILURE); return NULL; } *dst = *src; if (!EVP_MAC_up_ref(dst->meth)) { - EVPerr(EVP_F_EVP_MAC_CTX_DUP, ERR_R_MALLOC_FAILURE); + EVPerr(0, ERR_R_MALLOC_FAILURE); OPENSSL_free(dst); return NULL; } dst->data = src->meth->dupctx(src->data); if (dst->data == NULL) { - EVP_MAC_CTX_free(dst); + EVP_MAC_free_ctx(dst); return NULL; } return dst; } -EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx) +EVP_MAC *EVP_MAC_get_ctx_mac(EVP_MAC_CTX *ctx) { return ctx->meth; } @@ -144,14 +144,14 @@ int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]) return 1; } -int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]) +int EVP_MAC_get_ctx_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]) { if (ctx->meth->get_ctx_params != NULL) return ctx->meth->get_ctx_params(ctx->data, params); return 1; } -int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]) +int EVP_MAC_set_ctx_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]) { if (ctx->meth->set_ctx_params != NULL) return ctx->meth->set_ctx_params(ctx->data, params); diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 1d57a22aee..0b067c8a8c 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -595,7 +595,7 @@ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, prov == NULL ? NULL : ossl_provider_library_context(prov); EVP_PKEY *ret = EVP_PKEY_new(); EVP_MAC *cmac = EVP_MAC_fetch(libctx, OSSL_MAC_NAME_CMAC, NULL); - EVP_MAC_CTX *cmctx = cmac != NULL ? EVP_MAC_CTX_new(cmac) : NULL; + EVP_MAC_CTX *cmctx = cmac != NULL ? EVP_MAC_new_ctx(cmac) : NULL; OSSL_PARAM params[4]; size_t paramsn = 0; @@ -620,7 +620,7 @@ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, (char *)priv, len); params[paramsn] = OSSL_PARAM_construct_end(); - if (!EVP_MAC_CTX_set_params(cmctx, params)) { + if (!EVP_MAC_set_ctx_params(cmctx, params)) { EVPerr(EVP_F_EVP_PKEY_NEW_CMAC_KEY, EVP_R_KEY_SETUP_FAILED); goto err; } @@ -630,7 +630,7 @@ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, err: EVP_PKEY_free(ret); - EVP_MAC_CTX_free(cmctx); + EVP_MAC_free_ctx(cmctx); EVP_MAC_free(cmac); return NULL; # else diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c index 3503aac6d3..1901c452e7 100644 --- a/crypto/evp/pkey_mac.c +++ b/crypto/evp/pkey_mac.c @@ -71,7 +71,7 @@ static int pkey_mac_init(EVP_PKEY_CTX *ctx) } if (mac != NULL) { - hctx->ctx = EVP_MAC_CTX_new(mac); + hctx->ctx = EVP_MAC_new_ctx(mac); if (hctx->ctx == NULL) { OPENSSL_free(hctx); return 0; @@ -116,7 +116,7 @@ static int pkey_mac_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) EVP_PKEY_CTX_set_data(dst, dctx); dst->keygen_info_count = 0; - dctx->ctx = EVP_MAC_CTX_dup(sctx->ctx); + dctx->ctx = EVP_MAC_dup_ctx(sctx->ctx); if (dctx->ctx == NULL) goto err; @@ -128,7 +128,7 @@ static int pkey_mac_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) * fetches the MAC method anew in this case. Therefore, its reference * count must be adjusted here. */ - if (!EVP_MAC_up_ref(EVP_MAC_CTX_mac(dctx->ctx))) + if (!EVP_MAC_up_ref(EVP_MAC_get_ctx_mac(dctx->ctx))) goto err; dctx->type = sctx->type; @@ -163,7 +163,8 @@ static void pkey_mac_cleanup(EVP_PKEY_CTX *ctx) MAC_PKEY_CTX *hctx = ctx == NULL ? NULL : EVP_PKEY_CTX_get_data(ctx); if (hctx != NULL) { - EVP_MAC *mac = hctx->ctx != NULL ? EVP_MAC_CTX_mac(hctx->ctx) : NULL; + EVP_MAC *mac = hctx->ctx != NULL ? EVP_MAC_get_ctx_mac(hctx->ctx) + : NULL; switch (hctx->type) { case MAC_TYPE_RAW: @@ -171,7 +172,7 @@ static void pkey_mac_cleanup(EVP_PKEY_CTX *ctx) hctx->raw_data.ktmp.length); break; } - EVP_MAC_CTX_free(hctx->ctx); + EVP_MAC_free_ctx(hctx->ctx); EVP_MAC_free(mac); OPENSSL_free(hctx); EVP_PKEY_CTX_set_data(ctx, NULL); @@ -206,10 +207,10 @@ static int pkey_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) return 0; } - cmkey = EVP_MAC_CTX_dup(hctx->ctx); + cmkey = EVP_MAC_dup_ctx(hctx->ctx); if (cmkey == NULL) return 0; - if (!EVP_MAC_up_ref(EVP_MAC_CTX_mac(hctx->ctx))) + if (!EVP_MAC_up_ref(EVP_MAC_get_ctx_mac(hctx->ctx))) return 0; EVP_PKEY_assign(pkey, nid, cmkey); } @@ -255,7 +256,7 @@ static int pkey_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) } if (set_key) { - if (!EVP_MAC_is_a(EVP_MAC_CTX_mac(hctx->ctx), + if (!EVP_MAC_is_a(EVP_MAC_get_ctx_mac(hctx->ctx), OBJ_nid2sn(EVP_PKEY_id(EVP_PKEY_CTX_get0_pkey(ctx))))) return 0; key = EVP_PKEY_get0(EVP_PKEY_CTX_get0_pkey(ctx)); @@ -280,7 +281,7 @@ static int pkey_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, key->data, key->length); params[params_n++] = OSSL_PARAM_construct_end(); - rv = EVP_MAC_CTX_set_params(hctx->ctx, params); + rv = EVP_MAC_set_ctx_params(hctx->ctx, params); } return rv; } @@ -330,7 +331,7 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 0; } - if (!EVP_MAC_CTX_set_params(hctx->ctx, params) + if (!EVP_MAC_set_ctx_params(hctx->ctx, params) || !EVP_MAC_init(hctx->ctx)) return 0; } @@ -351,10 +352,10 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) if (ctx->pkey == NULL) return 0; - new_mac_ctx = EVP_MAC_CTX_dup(ctx->pkey->pkey.ptr); + new_mac_ctx = EVP_MAC_dup_ctx(ctx->pkey->pkey.ptr); if (new_mac_ctx == NULL) return 0; - EVP_MAC_CTX_free(hctx->ctx); + EVP_MAC_free_ctx(hctx->ctx); hctx->ctx = new_mac_ctx; } break; @@ -389,13 +390,13 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 0; } - if (!EVP_MAC_CTX_set_params(hctx->ctx, params)) + if (!EVP_MAC_set_ctx_params(hctx->ctx, params)) return 0; params[0] = OSSL_PARAM_construct_size_t(OSSL_MAC_PARAM_SIZE, &verify); - if (!EVP_MAC_CTX_get_params(hctx->ctx, params)) + if (!EVP_MAC_get_ctx_params(hctx->ctx, params)) return 0; /* @@ -433,7 +434,7 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 0; } - return EVP_MAC_CTX_set_params(hctx->ctx, params); + return EVP_MAC_set_ctx_params(hctx->ctx, params); } break; default: @@ -478,7 +479,7 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) key->data, key->length); params[params_n] = OSSL_PARAM_construct_end(); - return EVP_MAC_CTX_set_params(hctx->ctx, params); + return EVP_MAC_set_ctx_params(hctx->ctx, params); } break; case MAC_TYPE_MAC: @@ -513,7 +514,7 @@ static int pkey_mac_ctrl_str(EVP_PKEY_CTX *ctx, EVPerr(0, EVP_R_FETCH_FAILED); return 0; } - mac = EVP_MAC_CTX_mac(hctx->ctx); + mac = EVP_MAC_get_ctx_mac(hctx->ctx); /* * Translation of some control names that are equivalent to a single @@ -535,7 +536,7 @@ static int pkey_mac_ctrl_str(EVP_PKEY_CTX *ctx, return 0; params[1] = OSSL_PARAM_construct_end(); - ok = EVP_MAC_CTX_set_params(hctx->ctx, params); + ok = EVP_MAC_set_ctx_params(hctx->ctx, params); OPENSSL_free(params[0].data); return ok; } diff --git a/crypto/modes/siv128.c b/crypto/modes/siv128.c index f45e7e2f97..72ae624cc3 100644 --- a/crypto/modes/siv128.c +++ b/crypto/modes/siv128.c @@ -99,7 +99,7 @@ __owur static ossl_inline int siv128_do_s2v_p(SIV128_CONTEXT *ctx, SIV_BLOCK *ou EVP_MAC_CTX *mac_ctx; int ret = 0; - mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init); + mac_ctx = EVP_MAC_dup_ctx(ctx->mac_ctx_init); if (mac_ctx == NULL) return 0; @@ -126,7 +126,7 @@ __owur static ossl_inline int siv128_do_s2v_p(SIV128_CONTEXT *ctx, SIV_BLOCK *ou ret = 1; err: - EVP_MAC_CTX_free(mac_ctx); + EVP_MAC_free_ctx(mac_ctx); return ret; } @@ -187,20 +187,20 @@ int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen, /* TODO(3.0) library context */ || (ctx->mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL)) == NULL - || (ctx->mac_ctx_init = EVP_MAC_CTX_new(ctx->mac)) == NULL - || !EVP_MAC_CTX_set_params(ctx->mac_ctx_init, params) + || (ctx->mac_ctx_init = EVP_MAC_new_ctx(ctx->mac)) == NULL + || !EVP_MAC_set_ctx_params(ctx->mac_ctx_init, params) || !EVP_EncryptInit_ex(ctx->cipher_ctx, ctr, NULL, key + klen, NULL) - || (mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init)) == NULL + || (mac_ctx = EVP_MAC_dup_ctx(ctx->mac_ctx_init)) == NULL || !EVP_MAC_update(mac_ctx, zero, sizeof(zero)) || !EVP_MAC_final(mac_ctx, ctx->d.byte, &out_len, sizeof(ctx->d.byte))) { EVP_CIPHER_CTX_free(ctx->cipher_ctx); - EVP_MAC_CTX_free(ctx->mac_ctx_init); - EVP_MAC_CTX_free(mac_ctx); + EVP_MAC_free_ctx(ctx->mac_ctx_init); + EVP_MAC_free_ctx(mac_ctx); EVP_MAC_free(ctx->mac); return 0; } - EVP_MAC_CTX_free(mac_ctx); + EVP_MAC_free_ctx(mac_ctx); ctx->final_ret = -1; ctx->crypto_ok = 1; @@ -216,8 +216,8 @@ int CRYPTO_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src) memcpy(&dest->d, &src->d, sizeof(src->d)); if (!EVP_CIPHER_CTX_copy(dest->cipher_ctx, src->cipher_ctx)) return 0; - EVP_MAC_CTX_free(dest->mac_ctx_init); - dest->mac_ctx_init = EVP_MAC_CTX_dup(src->mac_ctx_init); + EVP_MAC_free_ctx(dest->mac_ctx_init); + dest->mac_ctx_init = EVP_MAC_dup_ctx(src->mac_ctx_init); if (dest->mac_ctx_init == NULL) return 0; return 1; @@ -237,15 +237,15 @@ int CRYPTO_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad, siv128_dbl(&ctx->d); - if ((mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init)) == NULL + if ((mac_ctx = EVP_MAC_dup_ctx(ctx->mac_ctx_init)) == NULL || !EVP_MAC_update(mac_ctx, aad, len) || !EVP_MAC_final(mac_ctx, mac_out.byte, &out_len, sizeof(mac_out.byte)) || out_len != SIV_LEN) { - EVP_MAC_CTX_free(mac_ctx); + EVP_MAC_free_ctx(mac_ctx); return 0; } - EVP_MAC_CTX_free(mac_ctx); + EVP_MAC_free_ctx(mac_ctx); siv128_xorblock(&ctx->d, &mac_out); @@ -357,7 +357,7 @@ int CRYPTO_siv128_cleanup(SIV128_CONTEXT *ctx) if (ctx != NULL) { EVP_CIPHER_CTX_free(ctx->cipher_ctx); ctx->cipher_ctx = NULL; - EVP_MAC_CTX_free(ctx->mac_ctx_init); + EVP_MAC_free_ctx(ctx->mac_ctx_init); ctx->mac_ctx_init = NULL; EVP_MAC_free(ctx->mac); ctx->mac = NULL; diff --git a/doc/man1/openssl-mac.pod.in b/doc/man1/openssl-mac.pod.in index 4c9cc3bc31..ff1b83fbd3 100644 --- a/doc/man1/openssl-mac.pod.in +++ b/doc/man1/openssl-mac.pod.in @@ -49,7 +49,7 @@ Output the MAC in binary form. Uses hexadecimal text format if not specified. Passes options to the MAC algorithm. A comprehensive list of controls can be found in the EVP_MAC implementation documentation. -Common parameter names used by EVP_MAC_CTX_get_params() are: +Common parameter names used by EVP_MAC_get_ctx_params() are: =over 4 diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod index c98c8d873a..1464515459 100644 --- a/doc/man3/EVP_MAC.pod +++ b/doc/man3/EVP_MAC.pod @@ -5,8 +5,8 @@ EVP_MAC, EVP_MAC_fetch, EVP_MAC_up_ref, EVP_MAC_free, EVP_MAC_is_a, EVP_MAC_number, EVP_MAC_names_do_all, EVP_MAC_provider, EVP_MAC_get_params, EVP_MAC_gettable_params, -EVP_MAC_CTX, EVP_MAC_CTX_new, EVP_MAC_CTX_free, EVP_MAC_CTX_dup, -EVP_MAC_CTX_mac, EVP_MAC_CTX_get_params, EVP_MAC_CTX_set_params, +EVP_MAC_CTX, EVP_MAC_new_ctx, EVP_MAC_free_ctx, EVP_MAC_dup_ctx, +EVP_MAC_get_ctx_mac, EVP_MAC_get_ctx_params, EVP_MAC_set_ctx_params, EVP_MAC_size, EVP_MAC_init, EVP_MAC_update, EVP_MAC_final, EVP_MAC_gettable_ctx_params, EVP_MAC_settable_ctx_params, EVP_MAC_do_all_provided - EVP MAC routines @@ -30,12 +30,12 @@ EVP_MAC_do_all_provided - EVP MAC routines const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac); int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]); - EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac); - void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx); - EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src); - EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx); - int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]); - int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]); + EVP_MAC_CTX *EVP_MAC_new_ctx(EVP_MAC *mac); + void EVP_MAC_free_ctx(EVP_MAC_CTX *ctx); + EVP_MAC_CTX *EVP_MAC_dup_ctx(const EVP_MAC_CTX *src); + EVP_MAC *EVP_MAC_get_ctx_mac(EVP_MAC_CTX *ctx); + int EVP_MAC_get_ctx_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]); + int EVP_MAC_set_ctx_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]); size_t EVP_MAC_size(EVP_MAC_CTX *ctx); int EVP_MAC_init(EVP_MAC_CTX *ctx); @@ -96,18 +96,18 @@ NULL is a valid parameter, for which this function is a no-op. =head2 Context manipulation functions -EVP_MAC_CTX_new() creates a new context for the MAC type I. +EVP_MAC_new_ctx() creates a new context for the MAC type I. The created context can then be used with most other functions described here. -EVP_MAC_CTX_free() frees the contents of the context, including an +EVP_MAC_free_ctx() frees the contents of the context, including an underlying context if there is one, as well as the context itself. NULL is a valid parameter, for which this function is a no-op. -EVP_MAC_CTX_dup() duplicates the I context and returns a newly allocated +EVP_MAC_dup_ctx() duplicates the I context and returns a newly allocated context. -EVP_MAC_CTX_mac() returns the B associated with the context +EVP_MAC_get_ctx_mac() returns the B associated with the context I. =head2 Computing functions @@ -136,14 +136,14 @@ parameters should be retrieved. Note that a parameter that is unknown in the underlying context is simply ignored. -EVP_MAC_CTX_get_params() retrieves chosen parameters, given the +EVP_MAC_get_ctx_params() retrieves chosen parameters, given the context I and its underlying context. The set of parameters given with I determine exactly what parameters should be retrieved. Note that a parameter that is unknown in the underlying context is simply ignored. -EVP_MAC_CTX_set_params() passes chosen parameters to the underlying +EVP_MAC_set_ctx_params() passes chosen parameters to the underlying context, given a context I. The set of parameters given with I determine exactly what parameters are passed down. @@ -155,8 +155,8 @@ defined by the implementation. EVP_MAC_gettable_params(), EVP_MAC_gettable_ctx_params() and EVP_MAC_settable_ctx_params() get a constant B array that describes the retrievable and settable parameters, i.e. parameters that -can be used with EVP_MAC_get_params(), EVP_MAC_CTX_get_params() -and EVP_MAC_CTX_set_params(), respectively. +can be used with EVP_MAC_get_params(), EVP_MAC_get_ctx_params() +and EVP_MAC_set_ctx_params(), respectively. See L for the use of B as parameter descriptor. =head2 Information functions @@ -270,12 +270,12 @@ the given name, otherwise 0. EVP_MAC_provider() returns a pointer to the provider for the MAC, or NULL on error. -EVP_MAC_CTX_new() and EVP_MAC_CTX_dup() return a pointer to a newly +EVP_MAC_new_ctx() and EVP_MAC_dup_ctx() return a pointer to a newly created EVP_MAC_CTX, or NULL if allocation failed. -EVP_MAC_CTX_free() returns nothing at all. +EVP_MAC_free_ctx() returns nothing at all. -EVP_MAC_CTX_get_params() and EVP_MAC_CTX_set_params() return 1 on +EVP_MAC_get_ctx_params() and EVP_MAC_set_ctx_params() return 1 on success, 0 on error. EVP_MAC_init(), EVP_MAC_update(), and EVP_MAC_final() return 1 on success, 0 @@ -327,8 +327,8 @@ EVP_MAC_do_all_provided() returns nothing at all. if (mac == NULL || key == NULL - || (ctx = EVP_MAC_CTX_new(mac)) == NULL - || EVP_MAC_CTX_set_params(ctx, params) <= 0) + || (ctx = EVP_MAC_new_ctx(mac)) == NULL + || EVP_MAC_set_ctx_params(ctx, params) <= 0) goto err; if (!EVP_MAC_init(ctx)) @@ -347,12 +347,12 @@ EVP_MAC_do_all_provided() returns nothing at all. printf("%02X", buf[i]); printf("\n"); - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); EVP_MAC_free(mac); exit(0); err: - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); EVP_MAC_free(mac); fprintf(stderr, "Something went wrong\n"); ERR_print_errors_fp(stderr); diff --git a/doc/man3/HMAC.pod b/doc/man3/HMAC.pod index 2675969a12..b798e6ca7c 100644 --- a/doc/man3/HMAC.pod +++ b/doc/man3/HMAC.pod @@ -54,7 +54,7 @@ L: =head1 DESCRIPTION All of the functions described on this page are deprecated. Applications should -instead use L, L, L, +instead use L, L, L, L and L. HMAC is a MAC (message authentication code), i.e. a keyed hash diff --git a/doc/man3/OSSL_PARAM_allocate_from_text.pod b/doc/man3/OSSL_PARAM_allocate_from_text.pod index 011685c8c8..539b2179c4 100644 --- a/doc/man3/OSSL_PARAM_allocate_from_text.pod +++ b/doc/man3/OSSL_PARAM_allocate_from_text.pod @@ -175,7 +175,7 @@ Can be written like this instead: goto err; } params[params_n] = OSSL_PARAM_construct_end(); - if (!EVP_MAC_CTX_set_params(ctx, params)) + if (!EVP_MAC_set_ctx_params(ctx, params)) goto err; while (params_n-- > 0) OPENSSL_free(params[params_n].data); diff --git a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod index 99aaf7a595..ae2ee2b4e2 100644 --- a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod +++ b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod @@ -49,7 +49,7 @@ ticket information or it starts a full TLS handshake to create a new session ticket. Before the callback function is started I and I have been -initialised with L and L +initialised with L and L respectively. For new sessions tickets, when the client doesn't present a session ticket, or @@ -66,7 +66,7 @@ maximum IV length is B bytes defined in B. The initialization vector I should be a random value. The cipher context I should use the initialisation vector I. The cipher context can be set using L. The hmac context and digest can be set using -L with the B and +L with the B and B parameters respectively. When the client presents a session ticket, the callback function with be called @@ -76,7 +76,7 @@ the session ticket. The OpenSSL library expects that the I will be used to retrieve a cryptographic parameters and that the cryptographic context I will be set with the retrieved parameters and the initialization vector I. using a function like L. The key material and -digest for I need to be set using L with the +digest for I need to be set using L with the B and B parameters respectively. If the I is still valid but a renewal of the ticket is required the @@ -120,8 +120,8 @@ The SSL_CTX_set_tlsext_ticket_key_cb() function is identical to SSL_CTX_set_tlsext_ticket_key_evp_cb() except that it takes a deprecated HMAC_CTX pointer instead of an EVP_MAC_CTX one. Before this callback function is started I will have been -initialised with L and the digest set with -L. +initialised with L and the digest set with +L. The I key material can be set using L. =head1 NOTES @@ -185,7 +185,7 @@ Reference Implementation: params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "sha256", 0); params[2] = OSSL_PARAM_construct_end(); - EVP_MAC_CTX_set_params(hctx, params); + EVP_MAC_set_ctx_params(hctx, params); return 1; @@ -200,7 +200,7 @@ Reference Implementation: params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "sha256", 0); params[2] = OSSL_PARAM_construct_end(); - EVP_MAC_CTX_set_params(hctx, params); + EVP_MAC_set_ctx_params(hctx, params); EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv); diff --git a/doc/man7/EVP_MAC-BLAKE2.pod b/doc/man7/EVP_MAC-BLAKE2.pod index 90b065340d..d5673fa8e2 100644 --- a/doc/man7/EVP_MAC-BLAKE2.pod +++ b/doc/man7/EVP_MAC-BLAKE2.pod @@ -27,9 +27,9 @@ properties, to be used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -All these parameters can be set with EVP_MAC_CTX_set_params(). +All these parameters can be set with EVP_MAC_set_ctx_params(). Furthermore, the "size" parameter can be retrieved with -EVP_MAC_CTX_get_params(), or with EVP_MAC_size(). +EVP_MAC_get_ctx_params(), or with EVP_MAC_size(). The length of the "size" parameter should not exceed that of a B. =over 4 @@ -61,7 +61,7 @@ It is 32 and 64 respectively by default. =head1 SEE ALSO -L, L, +L, L, L, L =head1 HISTORY diff --git a/doc/man7/EVP_MAC-CMAC.pod b/doc/man7/EVP_MAC-CMAC.pod index c210d693ce..699a50824b 100644 --- a/doc/man7/EVP_MAC-CMAC.pod +++ b/doc/man7/EVP_MAC-CMAC.pod @@ -24,7 +24,7 @@ used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -The following parameter can be set with EVP_MAC_CTX_set_params(): +The following parameter can be set with EVP_MAC_set_ctx_params(): =over 4 @@ -37,7 +37,7 @@ The following parameter can be set with EVP_MAC_CTX_set_params(): =back The following parameters can be retrieved with -EVP_MAC_CTX_get_params(): +EVP_MAC_get_ctx_params(): =over 4 @@ -50,7 +50,7 @@ The length of the "size" parameter is equal to that of an B. =head1 SEE ALSO -L, L, +L, L, L, L =head1 COPYRIGHT diff --git a/doc/man7/EVP_MAC-GMAC.pod b/doc/man7/EVP_MAC-GMAC.pod index 7c9477c215..8e4d28e7b1 100644 --- a/doc/man7/EVP_MAC-GMAC.pod +++ b/doc/man7/EVP_MAC-GMAC.pod @@ -24,7 +24,7 @@ used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -The following parameter can be set with EVP_MAC_CTX_set_params(): +The following parameter can be set with EVP_MAC_set_ctx_params(): =over 4 @@ -39,7 +39,7 @@ The following parameter can be set with EVP_MAC_CTX_set_params(): =back The following parameters can be retrieved with -EVP_MAC_CTX_get_params(): +EVP_MAC_get_ctx_params(): =over 4 @@ -52,7 +52,7 @@ The length of the "size" parameter is equal to that of an B. =head1 SEE ALSO -L, L, +L, L, L, L =head1 COPYRIGHT diff --git a/doc/man7/EVP_MAC-HMAC.pod b/doc/man7/EVP_MAC-HMAC.pod index 7f0ec35b43..31ff102ae6 100644 --- a/doc/man7/EVP_MAC-HMAC.pod +++ b/doc/man7/EVP_MAC-HMAC.pod @@ -24,7 +24,7 @@ used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -The following parameter can be set with EVP_MAC_CTX_set_params(): +The following parameter can be set with EVP_MAC_set_ctx_params(): =over 4 @@ -41,7 +41,7 @@ The following parameter can be set with EVP_MAC_CTX_set_params(): The "flags" parameter is passed directly to HMAC_CTX_set_flags(). The following parameter can be retrieved with -EVP_MAC_CTX_get_params(): +EVP_MAC_get_ctx_params(): =over 4 @@ -54,7 +54,7 @@ The length of the "size" parameter is equal to that of an B. =head1 SEE ALSO -L, L, +L, L, L, L, L =head1 COPYRIGHT diff --git a/doc/man7/EVP_MAC-KMAC.pod b/doc/man7/EVP_MAC-KMAC.pod index df7ac1ddf6..88044540c5 100644 --- a/doc/man7/EVP_MAC-KMAC.pod +++ b/doc/man7/EVP_MAC-KMAC.pod @@ -27,9 +27,9 @@ properties, to be used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -All these parameters can be set with EVP_MAC_CTX_set_params(). +All these parameters can be set with EVP_MAC_set_ctx_params(). Furthermore, the "size" parameter can be retrieved with -EVP_MAC_CTX_get_params(), or with EVP_MAC_size(). +EVP_MAC_get_ctx_params(), or with EVP_MAC_size(). The length of the "size" parameter should not exceed that of a B. =over 4 @@ -50,7 +50,7 @@ the input stream is set to zero. =head1 SEE ALSO -L, L, +L, L, L, L =head1 COPYRIGHT diff --git a/doc/man7/EVP_MAC-Poly1305.pod b/doc/man7/EVP_MAC-Poly1305.pod index da9953a1d5..8e288172a1 100644 --- a/doc/man7/EVP_MAC-Poly1305.pod +++ b/doc/man7/EVP_MAC-Poly1305.pod @@ -24,7 +24,7 @@ used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -The following parameter can be set with EVP_MAC_CTX_set_params(): +The following parameter can be set with EVP_MAC_set_ctx_params(): =over 4 @@ -33,7 +33,7 @@ The following parameter can be set with EVP_MAC_CTX_set_params(): =back The following parameters can be retrieved with -EVP_MAC_CTX_get_params(): +EVP_MAC_get_ctx_params(): =over 4 @@ -46,7 +46,7 @@ The length of the "size" parameter should not exceed that of an B. =head1 SEE ALSO -L, L, +L, L, L, L =head1 COPYRIGHT diff --git a/doc/man7/EVP_MAC-Siphash.pod b/doc/man7/EVP_MAC-Siphash.pod index d8013b3369..a65e5919aa 100644 --- a/doc/man7/EVP_MAC-Siphash.pod +++ b/doc/man7/EVP_MAC-Siphash.pod @@ -25,9 +25,9 @@ used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -All these parameters can be set with EVP_MAC_CTX_set_params(). +All these parameters can be set with EVP_MAC_set_ctx_params(). Furthermore, the "size" parameter can be retrieved with -EVP_MAC_CTX_get_params(), or with EVP_MAC_size(). +EVP_MAC_get_ctx_params(), or with EVP_MAC_size(). The length of the "size" parameter should not exceed that of a B. =over 4 @@ -40,7 +40,7 @@ The length of the "size" parameter should not exceed that of a B. =head1 SEE ALSO -L, L, +L, L, L, L =head1 COPYRIGHT diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 81ec80ab2d..9ce2f5e2ac 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -26,6 +26,8 @@ # include # include +# include + # define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */ # define EVP_MAX_KEY_LENGTH 64 # define EVP_MAX_IV_LENGTH 16 @@ -1069,40 +1071,6 @@ void EVP_MD_do_all_provided(OPENSSL_CTX *libctx, void (*fn)(EVP_MD *md, void *arg), void *arg); -/* MAC stuff */ - -EVP_MAC *EVP_MAC_fetch(OPENSSL_CTX *libctx, const char *algorithm, - const char *properties); -int EVP_MAC_up_ref(EVP_MAC *mac); -void EVP_MAC_free(EVP_MAC *mac); -int EVP_MAC_number(const EVP_MAC *mac); -int EVP_MAC_is_a(const EVP_MAC *mac, const char *name); -const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac); -int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]); - -EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac); -void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx); -EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src); -EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx); -int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]); -int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]); - -size_t EVP_MAC_size(EVP_MAC_CTX *ctx); -int EVP_MAC_init(EVP_MAC_CTX *ctx); -int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen); -int EVP_MAC_final(EVP_MAC_CTX *ctx, - unsigned char *out, size_t *outl, size_t outsize); -const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac); -const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac); -const OSSL_PARAM *EVP_MAC_settable_ctx_params(const EVP_MAC *mac); - -void EVP_MAC_do_all_provided(OPENSSL_CTX *libctx, - void (*fn)(EVP_MAC *mac, void *arg), - void *arg); -void EVP_MAC_names_do_all(const EVP_MAC *mac, - void (*fn)(const char *name, void *data), - void *data); - /* PKEY stuff */ DEPRECATEDIN_3_0(int EVP_PKEY_decrypt_old(unsigned char *dec_key, const unsigned char *enc_key, diff --git a/include/openssl/mac.h b/include/openssl/mac.h new file mode 100644 index 0000000000..4fb808525f --- /dev/null +++ b/include/openssl/mac.h @@ -0,0 +1,52 @@ +/* + * Copyright 2019=-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* MAC stuff */ + +#ifndef OPENSSL_EVP_MAC_H +# define OPENSSL_EVP_MAC_H +# pragma once + +# include +# include +# include + +EVP_MAC *EVP_MAC_fetch(OPENSSL_CTX *libctx, const char *algorithm, + const char *properties); +int EVP_MAC_up_ref(EVP_MAC *mac); +void EVP_MAC_free(EVP_MAC *mac); +int EVP_MAC_number(const EVP_MAC *mac); +int EVP_MAC_is_a(const EVP_MAC *mac, const char *name); +const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac); +int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]); + +EVP_MAC_CTX *EVP_MAC_new_ctx(EVP_MAC *mac); +void EVP_MAC_free_ctx(EVP_MAC_CTX *ctx); +EVP_MAC_CTX *EVP_MAC_dup_ctx(const EVP_MAC_CTX *src); +EVP_MAC *EVP_MAC_get_ctx_mac(EVP_MAC_CTX *ctx); +int EVP_MAC_get_ctx_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]); +int EVP_MAC_set_ctx_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]); + +size_t EVP_MAC_size(EVP_MAC_CTX *ctx); +int EVP_MAC_init(EVP_MAC_CTX *ctx); +int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen); +int EVP_MAC_final(EVP_MAC_CTX *ctx, + unsigned char *out, size_t *outl, size_t outsize); +const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac); +const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac); +const OSSL_PARAM *EVP_MAC_settable_ctx_params(const EVP_MAC *mac); + +void EVP_MAC_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(EVP_MAC *mac, void *arg), + void *arg); +void EVP_MAC_names_do_all(const EVP_MAC *mac, + void (*fn)(const char *name, void *data), + void *data); + +#endif /* OPENSSL_EVP_MAC_H */ diff --git a/providers/common/provider_util.c b/providers/common/provider_util.c index 270609e9d6..b5511dbdfa 100644 --- a/providers/common/provider_util.c +++ b/providers/common/provider_util.c @@ -189,8 +189,8 @@ int ossl_prov_macctx_load_from_params(EVP_MAC_CTX **macctx, if (macname != NULL) { EVP_MAC *mac = EVP_MAC_fetch(libctx, macname, properties); - EVP_MAC_CTX_free(*macctx); - *macctx = mac == NULL ? NULL : EVP_MAC_CTX_new(mac); + EVP_MAC_free_ctx(*macctx); + *macctx = mac == NULL ? NULL : EVP_MAC_new_ctx(mac); /* The context holds on to the MAC */ EVP_MAC_free(mac); if (*macctx == NULL) @@ -241,10 +241,10 @@ int ossl_prov_macctx_load_from_params(EVP_MAC_CTX **macctx, #endif *mp = OSSL_PARAM_construct_end(); - if (EVP_MAC_CTX_set_params(*macctx, mac_params)) + if (EVP_MAC_set_ctx_params(*macctx, mac_params)) return 1; - EVP_MAC_CTX_free(*macctx); + EVP_MAC_free_ctx(*macctx); *macctx = NULL; return 0; } diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c index b767e8f300..4619fedef5 100644 --- a/providers/fips/self_test.c +++ b/providers/fips/self_test.c @@ -146,7 +146,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_BIO_read_ex_fn read_ex_cb, OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC); mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL); - ctx = EVP_MAC_CTX_new(mac); + ctx = EVP_MAC_new_ctx(mac); if (mac == NULL || ctx == NULL) goto err; @@ -156,7 +156,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_BIO_read_ex_fn read_ex_cb, sizeof(fixed_key)); *p = OSSL_PARAM_construct_end(); - if (EVP_MAC_CTX_set_params(ctx, params) <= 0 + if (EVP_MAC_set_ctx_params(ctx, params) <= 0 || !EVP_MAC_init(ctx)) goto err; @@ -177,7 +177,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_BIO_read_ex_fn read_ex_cb, ret = 1; err: OSSL_SELF_TEST_onend(ev, ret); - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); EVP_MAC_free(mac); return ret; } diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c index acc7d7f47b..12bf711eed 100644 --- a/providers/implementations/kdfs/kbkdf.c +++ b/providers/implementations/kdfs/kbkdf.c @@ -123,7 +123,7 @@ static void kbkdf_reset(void *vctx) { KBKDF *ctx = (KBKDF *)vctx; - EVP_MAC_CTX_free(ctx->ctx_init); + EVP_MAC_free_ctx(ctx->ctx_init); OPENSSL_clear_free(ctx->context, ctx->context_len); OPENSSL_clear_free(ctx->label, ctx->label_len); OPENSSL_clear_free(ctx->ki, ctx->ki_len); @@ -151,7 +151,7 @@ static int derive(EVP_MAC_CTX *ctx_init, kbkdf_mode mode, unsigned char *iv, for (counter = 1; written < ko_len; counter++) { i = be32(counter); - ctx = EVP_MAC_CTX_dup(ctx_init); + ctx = EVP_MAC_dup_ctx(ctx_init); if (ctx == NULL) goto done; @@ -172,13 +172,13 @@ static int derive(EVP_MAC_CTX *ctx_init, kbkdf_mode mode, unsigned char *iv, written += h; k_i_len = h; - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); ctx = NULL; } ret = 1; done: - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); return ret; } @@ -247,9 +247,9 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) NULL, NULL, libctx)) return 0; else if (ctx->ctx_init != NULL - && !EVP_MAC_is_a(EVP_MAC_CTX_mac(ctx->ctx_init), + && !EVP_MAC_is_a(EVP_MAC_get_ctx_mac(ctx->ctx_init), OSSL_MAC_NAME_HMAC) - && !EVP_MAC_is_a(EVP_MAC_CTX_mac(ctx->ctx_init), + && !EVP_MAC_is_a(EVP_MAC_get_ctx_mac(ctx->ctx_init), OSSL_MAC_NAME_CMAC)) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MAC); return 0; @@ -288,7 +288,7 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) ctx->ki, ctx->ki_len); mparams[1] = OSSL_PARAM_construct_end(); - if (!EVP_MAC_CTX_set_params(ctx->ctx_init, mparams) + if (!EVP_MAC_set_ctx_params(ctx->ctx_init, mparams) || !EVP_MAC_init(ctx->ctx_init)) return 0; } diff --git a/providers/implementations/kdfs/sskdf.c b/providers/implementations/kdfs/sskdf.c index 2c4600d205..023395b14d 100644 --- a/providers/implementations/kdfs/sskdf.c +++ b/providers/implementations/kdfs/sskdf.c @@ -168,7 +168,7 @@ static int kmac_init(EVP_MAC_CTX *ctx, const unsigned char *custom, (void *)custom, custom_len); params[1] = OSSL_PARAM_construct_end(); - if (!EVP_MAC_CTX_set_params(ctx, params)) + if (!EVP_MAC_set_ctx_params(ctx, params)) return 0; /* By default only do one iteration if kmac_out_len is not specified */ @@ -186,7 +186,7 @@ static int kmac_init(EVP_MAC_CTX *ctx, const unsigned char *custom, params[0] = OSSL_PARAM_construct_size_t(OSSL_MAC_PARAM_SIZE, &kmac_out_len); - if (EVP_MAC_CTX_set_params(ctx, params) <= 0) + if (EVP_MAC_set_ctx_params(ctx, params) <= 0) return 0; /* @@ -233,7 +233,7 @@ static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init, (void *)salt, salt_len); *p = OSSL_PARAM_construct_end(); - if (!EVP_MAC_CTX_set_params(ctx_init, params)) + if (!EVP_MAC_set_ctx_params(ctx_init, params)) goto end; if (!kmac_init(ctx_init, kmac_custom, kmac_custom_len, kmac_out_len, @@ -256,7 +256,7 @@ static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init, c[2] = (unsigned char)((counter >> 8) & 0xff); c[3] = (unsigned char)(counter & 0xff); - ctx = EVP_MAC_CTX_dup(ctx_init); + ctx = EVP_MAC_dup_ctx(ctx_init); if (!(ctx != NULL && EVP_MAC_update(ctx, c, sizeof(c)) && EVP_MAC_update(ctx, z, z_len) @@ -275,7 +275,7 @@ static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init, memcpy(out, mac, len); break; } - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); ctx = NULL; } ret = 1; @@ -285,7 +285,7 @@ end: else OPENSSL_cleanse(mac_buf, sizeof(mac_buf)); - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); return ret; } @@ -303,7 +303,7 @@ static void sskdf_reset(void *vctx) { KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; - EVP_MAC_CTX_free(ctx->macctx); + EVP_MAC_free_ctx(ctx->macctx); ossl_prov_digest_reset(&ctx->digest); OPENSSL_clear_free(ctx->secret, ctx->secret_len); OPENSSL_clear_free(ctx->info, ctx->info_len); @@ -360,7 +360,7 @@ static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen) const unsigned char *custom = NULL; size_t custom_len = 0; int default_salt_len; - EVP_MAC *mac = EVP_MAC_CTX_mac(ctx->macctx); + EVP_MAC *mac = EVP_MAC_get_ctx_mac(ctx->macctx); /* * TODO(3.0) investigate the necessity to have all these controls. diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c index 84d712afc5..1b47247cbb 100644 --- a/providers/implementations/kdfs/tls1_prf.c +++ b/providers/implementations/kdfs/tls1_prf.c @@ -116,8 +116,8 @@ static void kdf_tls1_prf_reset(void *vctx) { TLS1_PRF *ctx = (TLS1_PRF *)vctx; - EVP_MAC_CTX_free(ctx->P_hash); - EVP_MAC_CTX_free(ctx->P_sha1); + EVP_MAC_free_ctx(ctx->P_hash); + EVP_MAC_free_ctx(ctx->P_sha1); OPENSSL_clear_free(ctx->sec, ctx->seclen); OPENSSL_cleanse(ctx->seed, ctx->seedlen); memset(ctx, 0, sizeof(*ctx)); @@ -163,7 +163,7 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) NULL, SN_sha1, libctx)) return 0; } else { - EVP_MAC_CTX_free(ctx->P_sha1); + EVP_MAC_free_ctx(ctx->P_sha1); if (!ossl_prov_macctx_load_from_params(&ctx->P_hash, params, OSSL_MAC_NAME_HMAC, NULL, NULL, libctx)) @@ -280,7 +280,7 @@ static int tls1_prf_P_hash(EVP_MAC_CTX *ctx_init, *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, (void *)sec, sec_len); *p = OSSL_PARAM_construct_end(); - if (!EVP_MAC_CTX_set_params(ctx_init, params)) + if (!EVP_MAC_set_ctx_params(ctx_init, params)) goto err; if (!EVP_MAC_init(ctx_init)) goto err; @@ -288,7 +288,7 @@ static int tls1_prf_P_hash(EVP_MAC_CTX *ctx_init, if (chunk == 0) goto err; /* A(0) = seed */ - ctx_Ai = EVP_MAC_CTX_dup(ctx_init); + ctx_Ai = EVP_MAC_dup_ctx(ctx_init); if (ctx_Ai == NULL) goto err; if (seed != NULL && !EVP_MAC_update(ctx_Ai, seed, seed_len)) @@ -298,18 +298,18 @@ static int tls1_prf_P_hash(EVP_MAC_CTX *ctx_init, /* calc: A(i) = HMAC_(secret, A(i-1)) */ if (!EVP_MAC_final(ctx_Ai, Ai, &Ai_len, sizeof(Ai))) goto err; - EVP_MAC_CTX_free(ctx_Ai); + EVP_MAC_free_ctx(ctx_Ai); ctx_Ai = NULL; /* calc next chunk: HMAC_(secret, A(i) + seed) */ - ctx = EVP_MAC_CTX_dup(ctx_init); + ctx = EVP_MAC_dup_ctx(ctx_init); if (ctx == NULL) goto err; if (!EVP_MAC_update(ctx, Ai, Ai_len)) goto err; /* save state for calculating next A(i) value */ if (olen > chunk) { - ctx_Ai = EVP_MAC_CTX_dup(ctx); + ctx_Ai = EVP_MAC_dup_ctx(ctx); if (ctx_Ai == NULL) goto err; } @@ -324,15 +324,15 @@ static int tls1_prf_P_hash(EVP_MAC_CTX *ctx_init, } if (!EVP_MAC_final(ctx, out, NULL, olen)) goto err; - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); ctx = NULL; out += chunk; olen -= chunk; } ret = 1; err: - EVP_MAC_CTX_free(ctx); - EVP_MAC_CTX_free(ctx_Ai); + EVP_MAC_free_ctx(ctx); + EVP_MAC_free_ctx(ctx_Ai); OPENSSL_cleanse(Ai, sizeof(Ai)); return ret; } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 89450943d1..b80ac35d3a 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3149,12 +3149,12 @@ SSL_HMAC *ssl_hmac_new(const SSL_CTX *ctx) } #endif mac = EVP_MAC_fetch(ctx->libctx, "HMAC", NULL); - if (mac == NULL || (ret->ctx = EVP_MAC_CTX_new(mac)) == NULL) + if (mac == NULL || (ret->ctx = EVP_MAC_new_ctx(mac)) == NULL) goto err; EVP_MAC_free(mac); return ret; err: - EVP_MAC_CTX_free(ret->ctx); + EVP_MAC_free_ctx(ret->ctx); EVP_MAC_free(mac); OPENSSL_free(ret); return NULL; @@ -3163,7 +3163,7 @@ SSL_HMAC *ssl_hmac_new(const SSL_CTX *ctx) void ssl_hmac_free(SSL_HMAC *ctx) { if (ctx != NULL) { - EVP_MAC_CTX_free(ctx->ctx); + EVP_MAC_free_ctx(ctx->ctx); #ifndef OPENSSL_NO_DEPRECATED_3_0 HMAC_CTX_free(ctx->old_ctx); #endif @@ -3191,7 +3191,7 @@ int ssl_hmac_init(SSL_HMAC *ctx, void *key, size_t len, char *md) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, md, 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key, len); *p = OSSL_PARAM_construct_end(); - if (EVP_MAC_CTX_set_params(ctx->ctx, params) && EVP_MAC_init(ctx->ctx)) + if (EVP_MAC_set_ctx_params(ctx->ctx, params) && EVP_MAC_init(ctx->ctx)) return 1; } #ifndef OPENSSL_NO_DEPRECATED_3_0 diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index cf8e42c97e..95e28d6d54 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -360,9 +360,9 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, } *p++ = OSSL_PARAM_construct_end(); - ctx = EVP_MAC_CTX_new(hmac); + ctx = EVP_MAC_new_ctx(hmac); if (ctx == NULL - || !EVP_MAC_CTX_set_params(ctx, params) + || !EVP_MAC_set_ctx_params(ctx, params) || !EVP_MAC_init(ctx) || !EVP_MAC_update(ctx, hash, hashlen) /* outsize as per sizeof(peer_finish_md) */ @@ -375,7 +375,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, ret = hashlen; err: OPENSSL_cleanse(finsecret, sizeof(finsecret)); - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); EVP_MAC_free(hmac); return ret; } diff --git a/test/bad_dtls_test.c b/test/bad_dtls_test.c index bfbaa7953a..d2d6a6b426 100644 --- a/test/bad_dtls_test.c +++ b/test/bad_dtls_test.c @@ -305,14 +305,14 @@ static int send_record(BIO *rbio, unsigned char type, uint64_t seqnr, /* Append HMAC to data */ hmac = EVP_MAC_fetch(NULL, "HMAC", NULL); - ctx = EVP_MAC_CTX_new(hmac); + ctx = EVP_MAC_new_ctx(hmac); EVP_MAC_free(hmac); params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "SHA1", 0); params[1] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, mac_key, 20); params[2] = OSSL_PARAM_construct_end(); - EVP_MAC_CTX_set_params(ctx, params); + EVP_MAC_set_ctx_params(ctx, params); EVP_MAC_init(ctx); EVP_MAC_update(ctx, epoch, 2); EVP_MAC_update(ctx, seq, 6); @@ -323,7 +323,7 @@ static int send_record(BIO *rbio, unsigned char type, uint64_t seqnr, EVP_MAC_update(ctx, lenbytes, 2); /* Length */ EVP_MAC_update(ctx, enc, len); /* Finally the data itself */ EVP_MAC_final(ctx, enc + len, NULL, SHA_DIGEST_LENGTH); - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); /* Append padding bytes */ len += SHA_DIGEST_LENGTH; diff --git a/test/evp_test.c b/test/evp_test.c index 198c27ea5f..ef5d950018 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1323,12 +1323,12 @@ static int mac_test_run_mac(EVP_TEST *t) } params[params_n] = OSSL_PARAM_construct_end(); - if ((ctx = EVP_MAC_CTX_new(expected->mac)) == NULL) { + if ((ctx = EVP_MAC_new_ctx(expected->mac)) == NULL) { t->err = "MAC_CREATE_ERROR"; goto err; } - if (!EVP_MAC_CTX_set_params(ctx, params)) { + if (!EVP_MAC_set_ctx_params(ctx, params)) { t->err = "MAC_BAD_PARAMS"; goto err; } @@ -1360,7 +1360,7 @@ static int mac_test_run_mac(EVP_TEST *t) while (params_n-- > params_n_allocstart) { OPENSSL_free(params[params_n].data); } - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); OPENSSL_free(got); return 1; } diff --git a/test/sslapitest.c b/test/sslapitest.c index 23e6b7d0f6..4665569054 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -6922,7 +6922,7 @@ static int tick_key_evp_cb(SSL *s, unsigned char key_name[16], params[2] = OSSL_PARAM_construct_end(); if (aes128cbc == NULL || !EVP_CipherInit_ex(ctx, aes128cbc, NULL, tick_aes_key, iv, enc) - || !EVP_MAC_CTX_set_params(hctx, params) + || !EVP_MAC_set_ctx_params(hctx, params) || !EVP_MAC_init(hctx)) ret = -1; else diff --git a/util/libcrypto.num b/util/libcrypto.num index 339df720e8..317481388c 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4425,10 +4425,10 @@ OCSP_resp_get0_respdata 4530 3_0_0 EXIST::FUNCTION:OCSP EVP_MD_CTX_set_pkey_ctx 4531 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_set_digest_custom 4532 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_get_digest_custom 4533 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_new ? 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_free ? 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_dup ? 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_mac ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_new_ctx ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_free_ctx ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_dup_ctx ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_get_ctx_mac ? 3_0_0 EXIST::FUNCTION: EVP_MAC_size ? 3_0_0 EXIST::FUNCTION: EVP_MAC_init ? 3_0_0 EXIST::FUNCTION: EVP_MAC_update ? 3_0_0 EXIST::FUNCTION: @@ -4701,8 +4701,8 @@ EVP_CIPHER_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION: EVP_MD_get_params ? 3_0_0 EXIST::FUNCTION: EVP_MAC_fetch ? 3_0_0 EXIST::FUNCTION: EVP_MAC_settable_ctx_params ? 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_set_params ? 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_get_params ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_set_ctx_params ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_get_ctx_params ? 3_0_0 EXIST::FUNCTION: EVP_MAC_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION: EVP_MAC_free ? 3_0_0 EXIST::FUNCTION: EVP_MAC_up_ref ? 3_0_0 EXIST::FUNCTION: