Commit e0810e3502bbf14ee274033e7eeabb551ce38510 - openssl

Fix HMAC SHA3-224 and HMAC SHA3-256. Added NIST test cases for these two as well. Additionally deprecate the public definiton of HMAC_MAX_MD_CBLOCK in 1.2.0. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6972) Pauli 5 years ago

4 changed file(s) with 51 addition(s) and 10 deletion(s). Raw diff Collapse all Expand all

-6

crypto/hmac/hmac.c less more

19	19	{
20	20	int rv = 0;
21	21	int i, j, reset = 0;
22		unsigned char pad[HMAC_MAX_MD_CBLOCK];
	22	unsigned char pad[HMAC_MAX_MD_CBLOCK_SIZE];
23	23
24	24	/* If we are changing MD then we must have a key */
25	25	if (md != NULL && md != ctx->md && (key == NULL \|\| len < 0))

51	51	memcpy(ctx->key, key, len);
52	52	ctx->key_length = len;
53	53	}
54		if (ctx->key_length != HMAC_MAX_MD_CBLOCK)
	54	if (ctx->key_length != HMAC_MAX_MD_CBLOCK_SIZE)
55	55	memset(&ctx->key[ctx->key_length], 0,
56		HMAC_MAX_MD_CBLOCK - ctx->key_length);
	56	HMAC_MAX_MD_CBLOCK_SIZE - ctx->key_length);
57	57	}
58	58
59	59	if (reset) {
60		for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
	60	for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++)
61	61	pad[i] = 0x36 ^ ctx->key[i];
62	62	if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl)
63	63	\|\| !EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md)))
64	64	goto err;
65	65
66		for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
	66	for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++)
67	67	pad[i] = 0x5c ^ ctx->key[i];
68	68	if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl)
69	69	\|\| !EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md)))

193	193	goto err;
194	194	if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx))
195	195	goto err;
196		memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
	196	memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK_SIZE);
197	197	dctx->key_length = sctx->key_length;
198	198	dctx->md = sctx->md;
199	199	return 1;

-2

crypto/hmac/hmac_lcl.h less more

0	0	/*
1		* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

9	9	#ifndef HEADER_HMAC_LCL_H
10	10	# define HEADER_HMAC_LCL_H
11	11
	12	/* The current largest case is for SHA3-224 */
	13	#define HMAC_MAX_MD_CBLOCK_SIZE 144
	14
12	15	struct hmac_ctx_st {
13	16	const EVP_MD *md;
14	17	EVP_MD_CTX *md_ctx;
15	18	EVP_MD_CTX *i_ctx;
16	19	EVP_MD_CTX *o_ctx;
17	20	unsigned int key_length;
18		unsigned char key[HMAC_MAX_MD_CBLOCK];
	21	unsigned char key[HMAC_MAX_MD_CBLOCK_SIZE];
19	22	};
20	23
21	24	#endif

-2

include/openssl/hmac.h less more

0	0	/*
1		* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

13	13
14	14	# include <openssl/evp.h>
15	15
16		# define HMAC_MAX_MD_CBLOCK 128/* largest known is SHA512 */
	16	# if OPENSSL_API_COMPAT < 0x10200000L
	17	# define HMAC_MAX_MD_CBLOCK 128 /* Deprecated */
	18	# endif
17	19
18	20	#ifdef __cplusplus
19	21	extern "C" {

+36

-0

test/recipes/30-test_evp_data/evpmac.txt less more

248	248	# NIST's test vectors
249	249
250	250	MAC = HMAC
	251	Algorithm = SHA3-224
	252	Input = "Sample message for keylen<blocklen"
	253	Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b
	254	Output = 332cfd59347fdb8e576e77260be4aba2d6dc53117b3bfb52c6d18c04
	255
	256	MAC = HMAC
	257	Algorithm = SHA3-224
	258	Input = "Sample message for keylen=blocklen"
	259	Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f
	260	Output = d8b733bcf66c644a12323d564e24dcf3fc75f231f3b67968359100c7
	261
	262	MAC = HMAC
	263	Algorithm = SHA3-224
	264	Input = "Sample message for keylen>blocklen"
	265	Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaab
	266	Output = 078695eecc227c636ad31d063a15dd05a7e819a66ec6d8de1e193e59
	267
	268	MAC = HMAC
	269	Algorithm = SHA3-256
	270	Input = "Sample message for keylen<blocklen"
	271	Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
	272	Output = 4fe8e202c4f058e8dddc23d8c34e467343e23555e24fc2f025d598f558f67205
	273
	274	MAC = HMAC
	275	Algorithm = SHA3-256
	276	Input = "Sample message for keylen=blocklen"
	277	Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384858687
	278	Output = 68b94e2e538a9be4103bebb5aa016d47961d4d1aa906061313b557f8af2c3faa
	279
	280	MAC = HMAC
	281	Algorithm = SHA3-256
	282	Input = "Sample message for keylen>blocklen"
	283	Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7
	284	Output = 9bcf2c238e235c3ce88404e813bd2f3a97185ac6f238c63d6229a00b07974258
	285
	286	MAC = HMAC
251	287	Algorithm = SHA3-384
252	288	Input = "Sample message for keylen<blocklen"
253	289	Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f