#include <openssl/err.h>
#include <openssl/hmac.h>
+#if OPENSSL_VERSION_MAJOR >= 3
+#include <openssl/core_names.h>
+#endif
+
#include "digest.h"
#include "../digest.h"
#include "../logger.h"
+#include "log.h"
static void digest_open(digest_t *digest, const EVP_MD *evp_md, size_t maclength) {
digest->digest = evp_md;
}
bool digest_set_key(digest_t *digest, const void *key, size_t len) {
+#if OPENSSL_VERSION_MAJOR < 3
digest->hmac_ctx = HMAC_CTX_new();
- HMAC_Init_ex(digest->hmac_ctx, key, (int)len, digest->digest, NULL);
if(!digest->hmac_ctx) {
abort();
}
+ HMAC_Init_ex(digest->hmac_ctx, key, (int)len, digest->digest, NULL);
+#else
+ EVP_MAC *mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_HMAC, NULL);
+
+ if(!mac) {
+ openssl_err("fetch MAC");
+ return false;
+ }
+
+ digest->hmac_ctx = EVP_MAC_CTX_new(mac);
+ EVP_MAC_free(mac);
+
+ if(!digest->hmac_ctx) {
+ openssl_err("create MAC context");
+ return false;
+ }
+
+ const char *hmac_algo = EVP_MD_get0_name(digest->digest);
+
+ if(!hmac_algo) {
+ openssl_err("get HMAC algorithm name");
+ return false;
+ }
+
+ // The casts are okay, the parameters are not going to change. For example, see:
+ // https://github.com/openssl/openssl/blob/31b7f23d2f958491d46c8a8e61c2b77b1b546f3e/crypto/ec/ecdh_kdf.c#L37-L38
+ const OSSL_PARAM params[] = {
+ OSSL_PARAM_octet_string(OSSL_MAC_PARAM_KEY, (void *)key, len),
+ OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_DIGEST, (void *)hmac_algo, 0),
+ OSSL_PARAM_END,
+ };
+
+ if(!EVP_MAC_init(digest->hmac_ctx, NULL, 0, params)) {
+ openssl_err("set MAC context params");
+ return false;
+ }
+
+#endif
return true;
}
}
if(digest->hmac_ctx) {
+#if OPENSSL_VERSION_MAJOR < 3
HMAC_CTX_free(digest->hmac_ctx);
+#else
+ EVP_MAC_CTX_free(digest->hmac_ctx);
+#endif
}
memset(digest, 0, sizeof(*digest));
unsigned char tmpdata[len];
if(digest->hmac_ctx) {
- if(!HMAC_Init_ex(digest->hmac_ctx, NULL, 0, NULL, NULL)
- || !HMAC_Update(digest->hmac_ctx, indata, inlen)
- || !HMAC_Final(digest->hmac_ctx, tmpdata, NULL)) {
- logger(DEBUG_ALWAYS, LOG_DEBUG, "Error creating digest: %s", ERR_error_string(ERR_get_error(), NULL));
+ bool ok;
+
+#if OPENSSL_VERSION_MAJOR < 3
+ ok = HMAC_Init_ex(digest->hmac_ctx, NULL, 0, NULL, NULL)
+ && HMAC_Update(digest->hmac_ctx, indata, inlen)
+ && HMAC_Final(digest->hmac_ctx, tmpdata, NULL);
+#else
+ EVP_MAC_CTX *mac_ctx = EVP_MAC_CTX_dup(digest->hmac_ctx);
+
+ ok = mac_ctx
+ && EVP_MAC_update(mac_ctx, indata, inlen)
+ && EVP_MAC_final(mac_ctx, tmpdata, NULL, sizeof(tmpdata));
+
+ EVP_MAC_CTX_free(mac_ctx);
+#endif
+
+ if(!ok) {
+ openssl_err("create HMAC");
return false;
}
} else {
if(!EVP_DigestInit(digest->md_ctx, digest->digest)
|| !EVP_DigestUpdate(digest->md_ctx, indata, inlen)
|| !EVP_DigestFinal(digest->md_ctx, tmpdata, NULL)) {
- logger(DEBUG_ALWAYS, LOG_DEBUG, "Error creating digest: %s", ERR_error_string(ERR_get_error(), NULL));
+ openssl_err("create digest");
return false;
}
}