X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fopenssl%2Fdigest.c;h=6e27b153f521b29e285ae010216e93d93f4f6947;hb=dcf9e6c3e444fd39318f8d5b261bdc22e5031f67;hp=71eaec7c5ffee9e01a26f849109dda2e3ec2d914;hpb=bcac314fe2d758e85335d499dbb4300bfa8a599e;p=tinc diff --git a/src/openssl/digest.c b/src/openssl/digest.c index 71eaec7c..6e27b153 100644 --- a/src/openssl/digest.c +++ b/src/openssl/digest.c @@ -22,9 +22,14 @@ #include #include +#if OPENSSL_VERSION_MAJOR >= 3 +#include +#endif + #include "digest.h" #include "../digest.h" #include "../logger.h" +#include "log.h" static void digest_open(digest_t *digest, const EVP_MD *evp_md, size_t maclength) { digest->digest = evp_md; @@ -63,13 +68,51 @@ bool digest_open_by_nid(digest_t *digest, int nid, size_t maclength) { } bool digest_set_key(digest_t *digest, const void *key, size_t len) { +#if OPENSSL_VERSION_MAJOR < 3 digest->hmac_ctx = HMAC_CTX_new(); - HMAC_Init_ex(digest->hmac_ctx, key, (int)len, digest->digest, NULL); if(!digest->hmac_ctx) { abort(); } + HMAC_Init_ex(digest->hmac_ctx, key, (int)len, digest->digest, NULL); +#else + EVP_MAC *mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_HMAC, NULL); + + if(!mac) { + openssl_err("fetch MAC"); + return false; + } + + digest->hmac_ctx = EVP_MAC_CTX_new(mac); + EVP_MAC_free(mac); + + if(!digest->hmac_ctx) { + openssl_err("create MAC context"); + return false; + } + + const char *hmac_algo = EVP_MD_get0_name(digest->digest); + + if(!hmac_algo) { + openssl_err("get HMAC algorithm name"); + return false; + } + + // The casts are okay, the parameters are not going to change. For example, see: + // https://github.com/openssl/openssl/blob/31b7f23d2f958491d46c8a8e61c2b77b1b546f3e/crypto/ec/ecdh_kdf.c#L37-L38 + const OSSL_PARAM params[] = { + OSSL_PARAM_octet_string(OSSL_MAC_PARAM_KEY, (void *)key, len), + OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_DIGEST, (void *)hmac_algo, 0), + OSSL_PARAM_END, + }; + + if(!EVP_MAC_init(digest->hmac_ctx, NULL, 0, params)) { + openssl_err("set MAC context params"); + return false; + } + +#endif return true; } @@ -83,7 +126,11 @@ void digest_close(digest_t *digest) { } if(digest->hmac_ctx) { +#if OPENSSL_VERSION_MAJOR < 3 HMAC_CTX_free(digest->hmac_ctx); +#else + EVP_MAC_CTX_free(digest->hmac_ctx); +#endif } memset(digest, 0, sizeof(*digest)); @@ -94,10 +141,24 @@ bool digest_create(digest_t *digest, const void *indata, size_t inlen, void *out unsigned char tmpdata[len]; if(digest->hmac_ctx) { - if(!HMAC_Init_ex(digest->hmac_ctx, NULL, 0, NULL, NULL) - || !HMAC_Update(digest->hmac_ctx, indata, inlen) - || !HMAC_Final(digest->hmac_ctx, tmpdata, NULL)) { - logger(DEBUG_ALWAYS, LOG_DEBUG, "Error creating digest: %s", ERR_error_string(ERR_get_error(), NULL)); + bool ok; + +#if OPENSSL_VERSION_MAJOR < 3 + ok = HMAC_Init_ex(digest->hmac_ctx, NULL, 0, NULL, NULL) + && HMAC_Update(digest->hmac_ctx, indata, inlen) + && HMAC_Final(digest->hmac_ctx, tmpdata, NULL); +#else + EVP_MAC_CTX *mac_ctx = EVP_MAC_CTX_dup(digest->hmac_ctx); + + ok = mac_ctx + && EVP_MAC_update(mac_ctx, indata, inlen) + && EVP_MAC_final(mac_ctx, tmpdata, NULL, sizeof(tmpdata)); + + EVP_MAC_CTX_free(mac_ctx); +#endif + + if(!ok) { + openssl_err("create HMAC"); return false; } } else { @@ -112,7 +173,7 @@ bool digest_create(digest_t *digest, const void *indata, size_t inlen, void *out if(!EVP_DigestInit(digest->md_ctx, digest->digest) || !EVP_DigestUpdate(digest->md_ctx, indata, inlen) || !EVP_DigestFinal(digest->md_ctx, tmpdata, NULL)) { - logger(DEBUG_ALWAYS, LOG_DEBUG, "Error creating digest: %s", ERR_error_string(ERR_get_error(), NULL)); + openssl_err("create digest"); return false; } }