aes,hmac: call ERR_clear_error() to flush OpenSSL error queue on failure
This commit is contained in:
Richard Aas
parent
1be9aa335c
commit
9ac9528497
2 changed files with 28 additions and 10 deletions
|
|
@ -6,6 +6,7 @@
|
|||
#include <string.h>
|
||||
#include <openssl/aes.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/err.h>
|
||||
#include <re_types.h>
|
||||
#include <re_fmt.h>
|
||||
#include <re_mem.h>
|
||||
|
|
@ -60,8 +61,10 @@ int aes_alloc(struct aes **aesp, enum aes_mode mode,
|
|||
}
|
||||
|
||||
r = EVP_EncryptInit_ex(&st->ctx, cipher, NULL, key, iv);
|
||||
if (!r)
|
||||
if (!r) {
|
||||
ERR_clear_error();
|
||||
err = EPROTO;
|
||||
}
|
||||
|
||||
out:
|
||||
if (err)
|
||||
|
|
@ -75,11 +78,14 @@ int aes_alloc(struct aes **aesp, enum aes_mode mode,
|
|||
|
||||
void aes_set_iv(struct aes *aes, const uint8_t iv[AES_BLOCK_SIZE])
|
||||
{
|
||||
if (!aes)
|
||||
int r;
|
||||
|
||||
if (!aes || !iv)
|
||||
return;
|
||||
|
||||
if (iv)
|
||||
(void)EVP_EncryptInit_ex(&aes->ctx, NULL, NULL, NULL, iv);
|
||||
r = EVP_EncryptInit_ex(&aes->ctx, NULL, NULL, NULL, iv);
|
||||
if (!r)
|
||||
ERR_clear_error();
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -90,8 +96,10 @@ int aes_encr(struct aes *aes, uint8_t *out, const uint8_t *in, size_t len)
|
|||
if (!aes || !out || !in || !len)
|
||||
return EINVAL;
|
||||
|
||||
if (!EVP_EncryptUpdate(&aes->ctx, out, &c_len, in, (int)len))
|
||||
if (!EVP_EncryptUpdate(&aes->ctx, out, &c_len, in, (int)len)) {
|
||||
ERR_clear_error();
|
||||
return EPROTO;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@
|
|||
*/
|
||||
|
||||
#include <openssl/hmac.h>
|
||||
#include <openssl/err.h>
|
||||
#include <re_types.h>
|
||||
#include <re_mem.h>
|
||||
#include <re_hmac.h>
|
||||
|
|
@ -42,8 +43,10 @@ int hmac_create(struct hmac **hmacp, enum hmac_hash hash,
|
|||
HMAC_CTX_init(&hmac->ctx);
|
||||
|
||||
#if (OPENSSL_VERSION_NUMBER >= 0x00909000)
|
||||
if (!HMAC_Init_ex(&hmac->ctx, key, (int)key_len, EVP_sha1(), NULL))
|
||||
if (!HMAC_Init_ex(&hmac->ctx, key, (int)key_len, EVP_sha1(), NULL)) {
|
||||
ERR_clear_error();
|
||||
err = EPROTO;
|
||||
}
|
||||
#else
|
||||
HMAC_Init_ex(&hmac->ctx, key, (int)key_len, EVP_sha1(), NULL);
|
||||
#endif
|
||||
|
|
@ -68,19 +71,26 @@ int hmac_digest(struct hmac *hmac, uint8_t *md, size_t md_len,
|
|||
#if (OPENSSL_VERSION_NUMBER >= 0x00909000)
|
||||
/* the HMAC context must be reset here */
|
||||
if (!HMAC_Init_ex(&hmac->ctx, 0, 0, 0, NULL))
|
||||
return EPROTO;
|
||||
goto error;
|
||||
|
||||
if (!HMAC_Update(&hmac->ctx, data, (int)data_len))
|
||||
return EPROTO;
|
||||
goto error;
|
||||
if (!HMAC_Final(&hmac->ctx, md, &len))
|
||||
return EPROTO;
|
||||
goto error;
|
||||
|
||||
return 0;
|
||||
|
||||
error:
|
||||
ERR_clear_error();
|
||||
return EPROTO;
|
||||
|
||||
#else
|
||||
/* the HMAC context must be reset here */
|
||||
HMAC_Init_ex(&hmac->ctx, 0, 0, 0, NULL);
|
||||
|
||||
HMAC_Update(&hmac->ctx, data, (int)data_len);
|
||||
HMAC_Final(&hmac->ctx, md, &len);
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue