diff options
| author | Francis Dupont <fdupont@isc.org> | 2022-02-22 12:41:05 +0100 |
|---|---|---|
| committer | Tomek Mrugalski <tomek@isc.org> | 2022-06-24 17:37:29 +0200 |
| commit | ea6691fbf5c4981a793b917c5c2f64dbe07a296a (patch) | |
| tree | d475e5cf36a0d3f69b21a250e42a9e100fbba8aa | |
| parent | [#1614] Checkpoint: ported HMAC to EVP (diff) | |
| download | kea-ea6691fbf5c4981a793b917c5c2f64dbe07a296a.tar.xz kea-ea6691fbf5c4981a793b917c5c2f64dbe07a296a.zip | |
[#1614] Checkpoint: get rid of EVP_MD_CTX_copy
| -rw-r--r-- | src/lib/cryptolink/openssl_hmac.cc | 35 |
1 files changed, 14 insertions, 21 deletions
diff --git a/src/lib/cryptolink/openssl_hmac.cc b/src/lib/cryptolink/openssl_hmac.cc index 29850f79a8..de609fe9ae 100644 --- a/src/lib/cryptolink/openssl_hmac.cc +++ b/src/lib/cryptolink/openssl_hmac.cc @@ -36,7 +36,7 @@ public: /// @param hash_algorithm The hash algorithm explicit HMACImpl(const void* secret, size_t secret_len, const HashAlgorithm hash_algorithm) - : hash_algorithm_(hash_algorithm), md_() { + : hash_algorithm_(hash_algorithm), md_(), digest_() { const EVP_MD* algo = ossl::getHashAlgorithm(hash_algorithm); if (algo == 0) { isc_throw(UnsupportedAlgorithm, @@ -169,30 +169,20 @@ public: if (len < 10 || len < size / 2) { return (false); } - // Get the digest from a copy of the context - EVP_MD_CTX* tmp = EVP_MD_CTX_new(); - if (tmp == 0) { - isc_throw(LibraryError, "OpenSSL EVP_MD_CTX_new() failed"); - } - if (!EVP_MD_CTX_copy(tmp, md_)) { - EVP_MD_CTX_free(tmp); - isc_throw(LibraryError, "OpenSSL EVP_MD_CTX_copy() failed"); - } - ossl::SecBuf<unsigned char> digest(size); - size_t digest_len = size; - if (!EVP_DigestSignFinal(tmp, &digest[0], &digest_len)) { - EVP_MD_CTX_free(tmp); - isc_throw(LibraryError, "OpenSSL EVP_DigestSignFinal() failed"); + if (digest_.size() == 0) { + digest_.resize(size); + size_t digest_len = size; + if (!EVP_DigestSignFinal(md_, &digest_[0], &digest_len)) { + isc_throw(LibraryError, "OpenSSL EVP_DigestSignFinal() failed"); + } + if (digest_len != size) { + isc_throw(LibraryError, "OpenSSL partial EVP_DigestSignFinal()"); + } } - if (digest_len != size) { - EVP_MD_CTX_free(tmp); - isc_throw(LibraryError, "OpenSSL partial EVP_DigestSignFinal()"); - } - EVP_MD_CTX_free(tmp); if (len > size) { len = size; } - return (digest.same(sig, len)); + return (digest_.same(sig, len)); } private: @@ -201,6 +191,9 @@ private: /// @brief The protected pointer to the OpenSSL EVP_MD_CTX structure EVP_MD_CTX* md_; + + /// @brief The digest cache for multiple verify + ossl::SecBuf<unsigned char> digest_; }; HMAC::HMAC(const void* secret, size_t secret_length, |