Update HMAC functions to return an error where relevant.

CHANGES

@@ -4,6 +4,10 @@
 
  Changes between 0.9.8j and 0.9.9  [xx XXX xxxx]
 
+  *) Modify HMAC functions to return a value. Since these can be implemented
+     in an ENGINE errors can occur.
+     [Steve Henson]
+
   *) Type-checked OBJ_bsearch_ex.
      [Ben Laurie]
 

crypto/hmac/hmac.c

@@ -61,7 +61,7 @@
 #include "cryptlib.h"
 #include <openssl/hmac.h>
 
-void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, size_t len,
+int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, size_t len,
 		  const EVP_MD *md, ENGINE *impl)
 	{
 	int i,j,reset=0;
@@ -82,10 +82,13 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, size_t len,
 		OPENSSL_assert(j <= (int)sizeof(ctx->key));
 		if (j < len)
 			{
-			EVP_DigestInit_ex(&ctx->md_ctx,md, impl);
-			EVP_DigestUpdate(&ctx->md_ctx,key,len);
-			EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key,
-				&ctx->key_length);
+			if (!EVP_DigestInit_ex(&ctx->md_ctx,md, impl))
+				goto err;
+			if (!EVP_DigestUpdate(&ctx->md_ctx,key,len))
+				goto err;
+			if (!EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key,
+				&ctx->key_length))
+				goto err;
 			}
 		else
 			{
@@ -102,30 +105,38 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, size_t len,
 		{
 		for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
 			pad[i]=0x36^ctx->key[i];
-		EVP_DigestInit_ex(&ctx->i_ctx,md, impl);
-		EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md));
+		if (!EVP_DigestInit_ex(&ctx->i_ctx,md, impl))
+			goto err;
+		if (!EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md)))
+			goto err;
 
 		for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
 			pad[i]=0x5c^ctx->key[i];
-		EVP_DigestInit_ex(&ctx->o_ctx,md, impl);
-		EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md));
+		if (!EVP_DigestInit_ex(&ctx->o_ctx,md, impl))
+			goto err;
+		if (!EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md)))
+			goto err;
 		}
-	EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx);
+	if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx))
+			goto err;
+	return 1;
+	err:
+	return 0;
 	}
 
-void HMAC_Init(HMAC_CTX *ctx, const void *key, size_t len, const EVP_MD *md)
+int HMAC_Init(HMAC_CTX *ctx, const void *key, size_t len, const EVP_MD *md)
 	{
 	if(key && md)
 	    HMAC_CTX_init(ctx);
-	HMAC_Init_ex(ctx,key,len,md, NULL);
+	return HMAC_Init_ex(ctx,key,len,md, NULL);
 	}
 
-void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
+int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
 	{
-	EVP_DigestUpdate(&ctx->md_ctx,data,len);
+	return EVP_DigestUpdate(&ctx->md_ctx,data,len);
 	}
 
-void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
+int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
 	{
 	int j;
 	unsigned int i;
@@ -133,10 +144,17 @@ void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
 
 	j=EVP_MD_block_size(ctx->md);
 
-	EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i);
-	EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx);
-	EVP_DigestUpdate(&ctx->md_ctx,buf,i);
-	EVP_DigestFinal_ex(&ctx->md_ctx,md,len);
+	if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i))
+		goto err;
+	if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx))
+		goto err;
+	if (!EVP_DigestUpdate(&ctx->md_ctx,buf,i))
+		goto err;
+	if (!EVP_DigestFinal_ex(&ctx->md_ctx,md,len))
+		goto err;
+	return 1;
+	err:
+	return 0;
 	}
 
 void HMAC_CTX_init(HMAC_CTX *ctx)
@@ -146,14 +164,20 @@ void HMAC_CTX_init(HMAC_CTX *ctx)
 	EVP_MD_CTX_init(&ctx->md_ctx);
 	}
 
-void HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
+int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
 	{
-	EVP_MD_CTX_copy(&dctx->i_ctx, &sctx->i_ctx);
-	EVP_MD_CTX_copy(&dctx->o_ctx, &sctx->o_ctx);
-	EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx);
+	if (!EVP_MD_CTX_copy(&dctx->i_ctx, &sctx->i_ctx))
+		goto err;
+	if (!EVP_MD_CTX_copy(&dctx->o_ctx, &sctx->o_ctx))
+		goto err;
+	if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx))
+		goto err;
 	memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
 	dctx->key_length = sctx->key_length;
 	dctx->md = sctx->md;
+	return 1;
+	err:
+	return 0;
 	}
 
 void HMAC_CTX_cleanup(HMAC_CTX *ctx)
@@ -173,10 +197,15 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, size_t key_len,
 
 	if (md == NULL) md=m;
 	HMAC_CTX_init(&c);
-	HMAC_Init(&c,key,key_len,evp_md);
-	HMAC_Update(&c,d,n);
-	HMAC_Final(&c,md,md_len);
+	if (!HMAC_Init(&c,key,key_len,evp_md))
+		goto err;
+	if (!HMAC_Update(&c,d,n))
+		goto err;
+	if (!HMAC_Final(&c,md,md_len))
+		goto err;
 	HMAC_CTX_cleanup(&c);
-	return(md);
+	return md;
+	err:
+	return NULL;
 	}
 

crypto/hmac/hmac.h

@@ -90,16 +90,16 @@ void HMAC_CTX_cleanup(HMAC_CTX *ctx);
 
 #define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */
 
-void HMAC_Init(HMAC_CTX *ctx, const void *key, size_t len,
+int HMAC_Init(HMAC_CTX *ctx, const void *key, size_t len,
 	       const EVP_MD *md); /* deprecated */
-void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, size_t len,
+int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, size_t len,
 		  const EVP_MD *md, ENGINE *impl);
-void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);
-void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
+int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);
+int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
 unsigned char *HMAC(const EVP_MD *evp_md, const void *key, size_t key_len,
 		    const unsigned char *d, size_t n, unsigned char *md,
 		    unsigned int *md_len);
-void HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
+int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
 
 
 #ifdef  __cplusplus

doc/crypto/hmac.pod

@@ -15,12 +15,12 @@ authentication code
 
  void HMAC_CTX_init(HMAC_CTX *ctx);
 
- void HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
+ int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
                const EVP_MD *md);
- void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
+ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
                	   const EVP_MD *md, ENGINE *impl);
- void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
- void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
+ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
+ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
 
  void HMAC_CTX_cleanup(HMAC_CTX *ctx);
  void HMAC_cleanup(HMAC_CTX *ctx);
@@ -78,10 +78,13 @@ must have space for the hash function output.
 
 =head1 RETURN VALUES
 
-HMAC() returns a pointer to the message authentication code.
+HMAC() returns a pointer to the message authentication code or NULL if
+an error occurred.
 
-HMAC_CTX_init(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and
-HMAC_CTX_cleanup() do not return values.
+HMAC_Init_ex(), HMAC_Update() and HMAC_Final() return 1 for success or 0 if
+an error occurred.
+
+HMAC_CTX_init() and HMAC_CTX_cleanup() do not return values.
 
 =head1 CONFORMING TO
 
@@ -99,4 +102,7 @@ are available since SSLeay 0.9.0.
 HMAC_CTX_init(), HMAC_Init_ex() and HMAC_CTX_cleanup() are available
 since OpenSSL 0.9.7.
 
+HMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in
+versions of OpenSSL before 0.9.9.
+
 =cut