mirror of
https://github.com/openssl/openssl.git
synced 2025-01-06 13:26:43 +08:00
b1558c0bc8
The HMAC_CTX structure stores the original key in case the ctx is reused without changing the key. However, HMAC_Init_ex() checks its parameters such that the only code path where the stored key is ever used is in the case where HMAC_Init_ex is called with a NULL key and an explicit md is provided which is the same as the md that was provided previously. But in that case we can actually reuse the pre-digested key that we calculated last time, so we can refactor the code not to use the stored key at all. With that refactor done it is no longer necessary to store the key in the ctx at all. This means that long running ctx's will not keep the key in memory for any longer than required. Note though that the digested key *is* still kept in memory for the duration of the life of the ctx. Fixes #10743 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10747)
24 lines
617 B
C
24 lines
617 B
C
/*
|
|
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#ifndef OSSL_CRYPTO_HMAC_LOCAL_H
|
|
# define OSSL_CRYPTO_HMAC_LOCAL_H
|
|
|
|
/* The current largest case is for SHA3-224 */
|
|
#define HMAC_MAX_MD_CBLOCK_SIZE 144
|
|
|
|
struct hmac_ctx_st {
|
|
const EVP_MD *md;
|
|
EVP_MD_CTX *md_ctx;
|
|
EVP_MD_CTX *i_ctx;
|
|
EVP_MD_CTX *o_ctx;
|
|
};
|
|
|
|
#endif
|