From bf7c68177b6fbb80406c60136654b6fefe7e3ba2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 30 Nov 2015 13:44:28 +0100 Subject: [PATCH] Adapt the rest of the source to the opaque HMAC_CTX Reviewed-by: Rich Salz --- apps/speed.c | 18 ++++++---- crypto/engine/eng_openssl.c | 20 +++++------ crypto/evp/p5_crpt2.c | 50 ++++++++++++++++----------- crypto/pkcs12/p12_mutl.c | 16 ++++----- ssl/statem/statem_srvr.c | 17 +++++----- ssl/t1_lib.c | 21 +++++++----- test/hmactest.c | 68 ++++++++++++++++++++++--------------- 7 files changed, 118 insertions(+), 92 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index 1434a95ba9..8e1fe840c6 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1298,24 +1298,28 @@ int speed_main(int argc, char **argv) #if !defined(OPENSSL_NO_MD5) if (doit[D_HMAC]) { - HMAC_CTX hctx = HMAC_CTX_EMPTY; + HMAC_CTX *hctx = NULL; - HMAC_CTX_init(&hctx); - HMAC_Init_ex(&hctx, (unsigned char *)"This is a key...", + hctx = HMAC_CTX_new(); + if (hctx == NULL) { + BIO_printf(bio_err, "HMAC malloc failure, exiting..."); + exit(1); + } + HMAC_Init_ex(hctx, (unsigned char *)"This is a key...", 16, EVP_md5(), NULL); for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_HMAC], c[D_HMAC][j], lengths[j]); Time_F(START); for (count = 0, run = 1; COND(c[D_HMAC][j]); count++) { - HMAC_Init_ex(&hctx, NULL, 0, NULL, NULL); - HMAC_Update(&hctx, buf, lengths[j]); - HMAC_Final(&hctx, &(hmac[0]), NULL); + HMAC_Init_ex(hctx, NULL, 0, NULL, NULL); + HMAC_Update(hctx, buf, lengths[j]); + HMAC_Final(hctx, &(hmac[0]), NULL); } d = Time_F(STOP); print_result(D_HMAC, j, count, d); } - HMAC_CTX_cleanup(&hctx); + HMAC_CTX_free(hctx); } #endif if (doit[D_SHA1]) { diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index b8850dcb0d..b81f9c6789 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -450,7 +450,7 @@ static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id, typedef struct { const EVP_MD *md; /* MD for HMAC use */ ASN1_OCTET_STRING ktmp; /* Temp storage for key */ - HMAC_CTX ctx; + HMAC_CTX *ctx; } OSSL_HMAC_PKEY_CTX; static int ossl_hmac_init(EVP_PKEY_CTX *ctx) @@ -461,7 +461,7 @@ static int ossl_hmac_init(EVP_PKEY_CTX *ctx) if (hctx == NULL) return 0; hctx->ktmp.type = V_ASN1_OCTET_STRING; - HMAC_CTX_init(&hctx->ctx); + hctx->ctx = HMAC_CTX_new(); EVP_PKEY_CTX_set_data(ctx, hctx); EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0); # ifdef TEST_ENG_OPENSSL_HMAC_INIT @@ -478,9 +478,7 @@ static int ossl_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) sctx = EVP_PKEY_CTX_get_data(src); dctx = EVP_PKEY_CTX_get_data(dst); dctx->md = sctx->md; - /* Because HMAC_CTX_copy does HMAC_CTX_init */ - HMAC_CTX_cleanup(&dctx->ctx); - if (!HMAC_CTX_copy(&dctx->ctx, &sctx->ctx)) + if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx)) return 0; if (sctx->ktmp.data) { if (!ASN1_OCTET_STRING_set(&dctx->ktmp, @@ -494,7 +492,7 @@ static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx) { OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx); - HMAC_CTX_cleanup(&hctx->ctx); + HMAC_CTX_free(hctx->ctx); OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length); OPENSSL_free(hctx); } @@ -515,8 +513,8 @@ static int ossl_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) static int ossl_int_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx->pctx); - if (!HMAC_Update(&hctx->ctx, data, count)) + OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_pkey_ctx(ctx)); + if (!HMAC_Update(hctx->ctx, data, count)) return 0; return 1; } @@ -524,7 +522,7 @@ static int ossl_int_update(EVP_MD_CTX *ctx, const void *data, size_t count) static int ossl_hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) { EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); - mctx->update = ossl_int_update; + EVP_MD_CTX_set_update_fn(mctx, ossl_int_update); return 1; } @@ -541,7 +539,7 @@ static int ossl_hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, if (!sig) return 1; - if (!HMAC_Final(&hctx->ctx, sig, &hlen)) + if (!HMAC_Final(hctx->ctx, sig, &hlen)) return 0; *siglen = (size_t)hlen; return 1; @@ -568,7 +566,7 @@ static int ossl_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) case EVP_PKEY_CTRL_DIGESTINIT: pk = EVP_PKEY_CTX_get0_pkey(ctx); key = EVP_PKEY_get0(pk); - if (!HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md, NULL)) + if (!HMAC_Init_ex(hctx->ctx, key->data, key->length, hctx->md, NULL)) return 0; break; diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index dcc04631bd..b84e99ede3 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -85,21 +85,28 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; int cplen, j, k, tkeylen, mdlen; unsigned long i = 1; - HMAC_CTX hctx_tpl = HMAC_CTX_EMPTY, hctx = HMAC_CTX_EMPTY; + HMAC_CTX *hctx_tpl = NULL, *hctx = NULL; mdlen = EVP_MD_size(digest); if (mdlen < 0) return 0; - HMAC_CTX_init(&hctx_tpl); + hctx_tpl = HMAC_CTX_new(); + if (hctx_tpl == NULL) + return 0; p = out; tkeylen = keylen; if (!pass) passlen = 0; else if (passlen == -1) passlen = strlen(pass); - if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) { - HMAC_CTX_cleanup(&hctx_tpl); + if (!HMAC_Init_ex(hctx_tpl, pass, passlen, digest, NULL)) { + HMAC_CTX_free(hctx_tpl); + return 0; + } + hctx = HMAC_CTX_new(); + if (hctx == NULL) { + HMAC_CTX_free(hctx_tpl); return 0; } while (tkeylen) { @@ -115,31 +122,33 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, itmp[1] = (unsigned char)((i >> 16) & 0xff); itmp[2] = (unsigned char)((i >> 8) & 0xff); itmp[3] = (unsigned char)(i & 0xff); - if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { - HMAC_CTX_cleanup(&hctx_tpl); + if (!HMAC_CTX_copy(hctx, hctx_tpl)) { + HMAC_CTX_free(hctx); + HMAC_CTX_free(hctx_tpl); return 0; } - if (!HMAC_Update(&hctx, salt, saltlen) - || !HMAC_Update(&hctx, itmp, 4) - || !HMAC_Final(&hctx, digtmp, NULL)) { - HMAC_CTX_cleanup(&hctx_tpl); - HMAC_CTX_cleanup(&hctx); + if (!HMAC_Update(hctx, salt, saltlen) + || !HMAC_Update(hctx, itmp, 4) + || !HMAC_Final(hctx, digtmp, NULL)) { + HMAC_CTX_free(hctx); + HMAC_CTX_free(hctx_tpl); return 0; } - HMAC_CTX_cleanup(&hctx); + HMAC_CTX_cleanup(hctx); memcpy(p, digtmp, cplen); for (j = 1; j < iter; j++) { - if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { - HMAC_CTX_cleanup(&hctx_tpl); + if (!HMAC_CTX_copy(hctx, hctx_tpl)) { + HMAC_CTX_free(hctx); + HMAC_CTX_free(hctx_tpl); return 0; } - if (!HMAC_Update(&hctx, digtmp, mdlen) - || !HMAC_Final(&hctx, digtmp, NULL)) { - HMAC_CTX_cleanup(&hctx_tpl); - HMAC_CTX_cleanup(&hctx); + if (!HMAC_Update(hctx, digtmp, mdlen) + || !HMAC_Final(hctx, digtmp, NULL)) { + HMAC_CTX_free(hctx); + HMAC_CTX_free(hctx_tpl); return 0; } - HMAC_CTX_cleanup(&hctx); + HMAC_CTX_cleanup(hctx); for (k = 0; k < cplen; k++) p[k] ^= digtmp[k]; } @@ -147,7 +156,8 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, i++; p += cplen; } - HMAC_CTX_cleanup(&hctx_tpl); + HMAC_CTX_free(hctx); + HMAC_CTX_free(hctx_tpl); # ifdef DEBUG_PKCS5V2 fprintf(stderr, "Password:\n"); h__dump(pass, passlen); diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 46a04b4944..fda2bc9ea4 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -59,7 +59,7 @@ # include # include "internal/cryptlib.h" -#include +# include # include # include # include @@ -91,7 +91,7 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, unsigned char *mac, unsigned int *maclen) { const EVP_MD *md_type; - HMAC_CTX hmac = HMAC_CTX_EMPTY; + HMAC_CTX *hmac = NULL; unsigned char key[EVP_MAX_MD_SIZE], *salt; int saltlen, iter; int md_size = 0; @@ -133,15 +133,15 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR); return 0; } - HMAC_CTX_init(&hmac); - if (!HMAC_Init_ex(&hmac, key, md_size, md_type, NULL) - || !HMAC_Update(&hmac, p12->authsafes->d.data->data, + hmac = HMAC_CTX_new(); + if (!HMAC_Init_ex(hmac, key, md_size, md_type, NULL) + || !HMAC_Update(hmac, p12->authsafes->d.data->data, p12->authsafes->d.data->length) - || !HMAC_Final(&hmac, mac, maclen)) { - HMAC_CTX_cleanup(&hmac); + || !HMAC_Final(hmac, mac, maclen)) { + HMAC_CTX_free(hmac); return 0; } - HMAC_CTX_cleanup(&hmac); + HMAC_CTX_free(hmac); return 1; } diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 687191d23d..f1d1796d1e 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3160,7 +3160,7 @@ int tls_construct_new_session_ticket(SSL *s) { unsigned char *senc = NULL; EVP_CIPHER_CTX ctx; - HMAC_CTX hctx = HMAC_CTX_EMPTY; + HMAC_CTX *hctx = NULL; unsigned char *p, *macstart; const unsigned char *const_p; int len, slen_full, slen; @@ -3187,7 +3187,7 @@ int tls_construct_new_session_ticket(SSL *s) } EVP_CIPHER_CTX_init(&ctx); - HMAC_CTX_init(&hctx); + hctx = HMAC_CTX_new(); p = senc; if (!i2d_SSL_SESSION(s->session, &p)) @@ -3233,8 +3233,7 @@ int tls_construct_new_session_ticket(SSL *s) * all the work otherwise use generated values from parent ctx. */ if (tctx->tlsext_ticket_key_cb) { - if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, - &hctx, 1) < 0) + if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, hctx, 1) < 0) goto err; } else { if (RAND_bytes(iv, 16) <= 0) @@ -3242,7 +3241,7 @@ int tls_construct_new_session_ticket(SSL *s) if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, tctx->tlsext_tick_aes_key, iv)) goto err; - if (!HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, + if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, 16, EVP_sha256(), NULL)) goto err; memcpy(key_name, tctx->tlsext_tick_key_name, 16); @@ -3272,13 +3271,13 @@ int tls_construct_new_session_ticket(SSL *s) goto err; p += len; - if (!HMAC_Update(&hctx, macstart, p - macstart)) + if (!HMAC_Update(hctx, macstart, p - macstart)) goto err; - if (!HMAC_Final(&hctx, p, &hlen)) + if (!HMAC_Final(hctx, p, &hlen)) goto err; EVP_CIPHER_CTX_cleanup(&ctx); - HMAC_CTX_cleanup(&hctx); + HMAC_CTX_free(hctx); p += hlen; /* Now write out lengths: p points to end of data written */ @@ -3295,7 +3294,7 @@ int tls_construct_new_session_ticket(SSL *s) err: OPENSSL_free(senc); EVP_CIPHER_CTX_cleanup(&ctx); - HMAC_CTX_cleanup(&hctx); + HMAC_CTX_free(hctx); ossl_statem_set_error(s); return 0; } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 622bdd9833..a6f2502c72 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3027,6 +3027,7 @@ end: * point to the resulting session. * * Returns: + * -2: fatal error, malloc failure. * -1: fatal error, either from parsing or decrypting the ticket. * 2: the ticket couldn't be decrypted. * 3: a ticket was successfully decrypted and *psess was set. @@ -3041,19 +3042,21 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, const unsigned char *p; int slen, mlen, renew_ticket = 0; unsigned char tick_hmac[EVP_MAX_MD_SIZE]; - HMAC_CTX hctx = HMAC_CTX_EMPTY; + HMAC_CTX *hctx = NULL; EVP_CIPHER_CTX ctx; SSL_CTX *tctx = s->initial_ctx; /* Need at least keyname + iv + some encrypted data */ if (eticklen < 48) return 2; /* Initialize session ticket encryption and HMAC contexts */ - HMAC_CTX_init(&hctx); + hctx = HMAC_CTX_new(); + if (hctx == NULL) + return -2; EVP_CIPHER_CTX_init(&ctx); if (tctx->tlsext_ticket_key_cb) { unsigned char *nctick = (unsigned char *)etick; int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, - &ctx, &hctx, 0); + &ctx, hctx, 0); if (rv < 0) return -1; if (rv == 0) @@ -3064,7 +3067,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, /* Check key name matches */ if (memcmp(etick, tctx->tlsext_tick_key_name, 16)) return 2; - if (HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, + if (HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, 16, EVP_sha256(), NULL) <= 0 || EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, tctx->tlsext_tick_aes_key, @@ -3076,17 +3079,17 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, * Attempt to process session ticket, first conduct sanity and integrity * checks on ticket. */ - mlen = HMAC_size(&hctx); + mlen = HMAC_size(hctx); if (mlen < 0) { goto err; } eticklen -= mlen; /* Check HMAC of encrypted ticket */ - if (HMAC_Update(&hctx, etick, eticklen) <= 0 - || HMAC_Final(&hctx, tick_hmac, NULL) <= 0) { + if (HMAC_Update(hctx, etick, eticklen) <= 0 + || HMAC_Final(hctx, tick_hmac, NULL) <= 0) { goto err; } - HMAC_CTX_cleanup(&hctx); + HMAC_CTX_free(hctx); if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) { EVP_CIPHER_CTX_cleanup(&ctx); return 2; @@ -3135,7 +3138,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, return 2; err: EVP_CIPHER_CTX_cleanup(&ctx); - HMAC_CTX_cleanup(&hctx); + HMAC_CTX_free(hctx); return -1; } diff --git a/test/hmactest.c b/test/hmactest.c index 20c7a8fc00..0e0e017895 100644 --- a/test/hmactest.c +++ b/test/hmactest.c @@ -134,7 +134,7 @@ int main(int argc, char *argv[]) char *p; # endif int err = 0; - HMAC_CTX ctx = HMAC_CTX_EMPTY, ctx2 = HMAC_CTX_EMPTY; + HMAC_CTX *ctx = NULL, *ctx2 = NULL; unsigned char buf[EVP_MAX_MD_SIZE]; unsigned int len; @@ -165,57 +165,62 @@ int main(int argc, char *argv[]) # endif /* OPENSSL_NO_MD5 */ /* test4 */ - HMAC_CTX_init(&ctx); - if (HMAC_Init_ex(&ctx, NULL, 0, NULL, NULL)) { + ctx = HMAC_CTX_new(); + if (ctx == NULL) { + printf("HMAC malloc failure (test 4)\n"); + err++; + goto end; + } + if (HMAC_Init_ex(ctx, NULL, 0, NULL, NULL)) { printf("Should fail to initialise HMAC with empty MD and key (test 4)\n"); err++; goto test5; } - if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) { + if (HMAC_Update(ctx, test[4].data, test[4].data_len)) { printf("Should fail HMAC_Update with ctx not set up (test 4)\n"); err++; goto test5; } - if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha1(), NULL)) { + if (HMAC_Init_ex(ctx, NULL, 0, EVP_sha1(), NULL)) { printf("Should fail to initialise HMAC with empty key (test 4)\n"); err++; goto test5; } - if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) { + if (HMAC_Update(ctx, test[4].data, test[4].data_len)) { printf("Should fail HMAC_Update with ctx not set up (test 4)\n"); err++; goto test5; } printf("test 4 ok\n"); test5: - HMAC_CTX_cleanup(&ctx); - HMAC_CTX_init(&ctx); - if (HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, NULL, NULL)) { + HMAC_CTX_cleanup(ctx); + HMAC_CTX_init(ctx); + if (HMAC_Init_ex(ctx, test[4].key, test[4].key_len, NULL, NULL)) { printf("Should fail to initialise HMAC with empty MD (test 5)\n"); err++; goto test6; } - if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) { + if (HMAC_Update(ctx, test[4].data, test[4].data_len)) { printf("Should fail HMAC_Update with ctx not set up (test 5)\n"); err++; goto test6; } - if (HMAC_Init_ex(&ctx, test[4].key, -1, EVP_sha1(), NULL)) { + if (HMAC_Init_ex(ctx, test[4].key, -1, EVP_sha1(), NULL)) { printf("Should fail to initialise HMAC with invalid key len(test 5)\n"); err++; goto test6; } - if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) { + if (!HMAC_Init_ex(ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) { printf("Failed to initialise HMAC (test 5)\n"); err++; goto test6; } - if (!HMAC_Update(&ctx, test[4].data, test[4].data_len)) { + if (!HMAC_Update(ctx, test[4].data, test[4].data_len)) { printf("Error updating HMAC with data (test 5)\n"); err++; goto test6; } - if (!HMAC_Final(&ctx, buf, &len)) { + if (!HMAC_Final(ctx, buf, &len)) { printf("Error finalising data (test 5)\n"); err++; goto test6; @@ -227,22 +232,22 @@ test5: err++; goto test6; } - if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), NULL)) { + if (HMAC_Init_ex(ctx, NULL, 0, EVP_sha256(), NULL)) { printf("Should disallow changing MD without a new key (test 5)\n"); err++; goto test6; } - if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha256(), NULL)) { + if (!HMAC_Init_ex(ctx, test[4].key, test[4].key_len, EVP_sha256(), NULL)) { printf("Failed to reinitialise HMAC (test 5)\n"); err++; goto test6; } - if (!HMAC_Update(&ctx, test[5].data, test[5].data_len)) { + if (!HMAC_Update(ctx, test[5].data, test[5].data_len)) { printf("Error updating HMAC with data (sha256) (test 5)\n"); err++; goto test6; } - if (!HMAC_Final(&ctx, buf, &len)) { + if (!HMAC_Final(ctx, buf, &len)) { printf("Error finalising data (sha256) (test 5)\n"); err++; goto test6; @@ -254,17 +259,17 @@ test5: err++; goto test6; } - if (!HMAC_Init_ex(&ctx, test[6].key, test[6].key_len, NULL, NULL)) { + if (!HMAC_Init_ex(ctx, test[6].key, test[6].key_len, NULL, NULL)) { printf("Failed to reinitialise HMAC with key (test 5)\n"); err++; goto test6; } - if (!HMAC_Update(&ctx, test[6].data, test[6].data_len)) { + if (!HMAC_Update(ctx, test[6].data, test[6].data_len)) { printf("Error updating HMAC with data (new key) (test 5)\n"); err++; goto test6; } - if (!HMAC_Final(&ctx, buf, &len)) { + if (!HMAC_Final(ctx, buf, &len)) { printf("Error finalising data (new key) (test 5)\n"); err++; goto test6; @@ -278,24 +283,30 @@ test5: printf("test 5 ok\n"); } test6: - HMAC_CTX_cleanup(&ctx); - HMAC_CTX_init(&ctx); - if (!HMAC_Init_ex(&ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) { + HMAC_CTX_cleanup(ctx); + HMAC_CTX_init(ctx); + ctx2 = HMAC_CTX_new(); + if (ctx2 == NULL) { + printf("HMAC malloc failure (test 6)\n"); + err++; + goto end; + } + if (!HMAC_Init_ex(ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) { printf("Failed to initialise HMAC (test 6)\n"); err++; goto end; } - if (!HMAC_Update(&ctx, test[7].data, test[7].data_len)) { + if (!HMAC_Update(ctx, test[7].data, test[7].data_len)) { printf("Error updating HMAC with data (test 6)\n"); err++; goto end; } - if (!HMAC_CTX_copy(&ctx2, &ctx)) { + if (!HMAC_CTX_copy(ctx2, ctx)) { printf("Failed to copy HMAC_CTX (test 6)\n"); err++; goto end; } - if (!HMAC_Final(&ctx2, buf, &len)) { + if (!HMAC_Final(ctx2, buf, &len)) { printf("Error finalising data (test 6)\n"); err++; goto end; @@ -309,7 +320,8 @@ test6: printf("test 6 ok\n"); } end: - HMAC_CTX_cleanup(&ctx); + HMAC_CTX_free(ctx2); + HMAC_CTX_free(ctx); EXIT(err); } -- 2.40.0