Openssl3 HMAC Deperated

src/mac.cpp

@@ -36,14 +36,22 @@ class HMAC::Impl
 public:
     Impl(openssl::DigestTypes hashFunction, const std::vector<uint8_t> &key)
     {
-        const EVP_MD *digestFn = openssl::_getMDPtrFromDigestType(hashFunction);
 
         if (key.empty()) {
             throw MoCOCrWException("Key for HMAC is empty.");
         }
 
-        _ctx = openssl::_HMAC_CTX_new();
-        openssl::_HMAC_Init_ex(_ctx.get(), key, digestFn, NULL);
+        openssl::OSSL_LIB_CTX_Ptr library_context = openssl::_OSSL_LIB_CTX_new();
+        openssl::EVP_MAC_Ptr mac = openssl::_EVP_MAC_fetch(library_context.get(), "HMAC");
+
+        _ctx = openssl::_EVP_MAC_CTX_new(mac.get());
+
+        std::array<OSSL_PARAM, 4> ossl_params = openssl::_getOSSLParamFromDigestType(hashFunction);
+        OSSL_PARAM params[4];
+        std::copy(std::begin(ossl_params), std::end(ossl_params), std::begin(params));
+
+        openssl::_EVP_MAC_init(_ctx.get(), key, params);
+
     }
 
     ~Impl() = default;
@@ -55,7 +63,7 @@ class HMAC::Impl
         if (_isFinished) {
             throw MoCOCrWException("update() can't be called after finish()");
         }
-        openssl::_HMAC_Update(_ctx.get(), message);
+        openssl::_EVP_MAC_update(_ctx.get(), message);
     }
 
     std::vector<uint8_t> finish()
@@ -64,7 +72,7 @@ class HMAC::Impl
             throw MoCOCrWException("finish() can't be called twice.");
         }
 
-        _result = openssl::_HMAC_Final(_ctx.get());
+        _result = openssl::_EVP_MAC_final(_ctx.get());
 
         _isFinished = true;
 
@@ -89,7 +97,7 @@ class HMAC::Impl
     }
 
 private:
-    openssl::SSL_HMAC_CTX_Ptr _ctx = nullptr;
+    openssl::EVP_MAC_CTX_Ptr _ctx = nullptr;
     bool _isFinished = false;
     std::vector<uint8_t> _result;
 };

src/mococrw/openssl_lib.h

@@ -37,6 +37,7 @@ extern "C" {
 #include <openssl/ssl.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+#include <openssl/core_names.h>
 }
 
 namespace mococrw
@@ -59,6 +60,8 @@ namespace lib
 class OpenSSLLib
 {
 public:
+    static OSSL_PARAM SSL_OSSL_PARAM_construct_utf8_string(const char *key, char *buf, size_t bsize) noexcept;
+    static OSSL_PARAM SSL_OSSL_PARAM_construct_end() noexcept;
     static void SSL_OPENSSL_cleanse(void *ptr, size_t len) noexcept;
     static int SSL_EVP_PKEY_bits(EVP_PKEY *pkey) noexcept;
     static const char *SSL_EC_curve_nid2nist(int nid) noexcept;
@@ -436,13 +439,24 @@ class OpenSSLLib
                                   size_t sinfolen,
                                   const EVP_MD *md) noexcept;
 
+    static OSSL_LIB_CTX *OSSL_LIB_CTX_new(void) noexcept;
+    static void OSSL_LIB_CTX_free(OSSL_LIB_CTX *ctx) noexcept;
+
+
     /* HMAC */
-    static void SSL_HMAC_CTX_free(HMAC_CTX *ctx) noexcept;
-    static HMAC_CTX *SSL_HMAC_CTX_new() noexcept;
-    static int SSL_HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) noexcept;
-    static int SSL_HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len) noexcept;
-    static int SSL_HMAC_Init_ex(
-            HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md, ENGINE *impl) noexcept;
+    static void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx) noexcept;
+    static EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac) noexcept;
+    static int EVP_MAC_final(EVP_MAC_CTX *ctx, unsigned char *out, int *outl, int outsize) noexcept;
+    static int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, int datalen) noexcept;
+    static int EVP_MAC_init(EVP_MAC_CTX *ctx,
+                            const unsigned char *key,
+                            int keylen,
+                            const OSSL_PARAM params[]) noexcept;
+    static EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx,
+                                  const char *algorithm,
+                                  const char *properties) noexcept;
+
+    static void EVP_MAC_free(EVP_MAC *mac) noexcept;
 
     /* CMAC */
     static CMAC_CTX *SSL_CMAC_CTX_new() noexcept;

src/mococrw/openssl_wrap.h

@@ -167,9 +167,17 @@ using SSL_PKCS8_PRIV_KEY_INFO_Ptr = std::unique_ptr<
 using SSL_PKCS8_PRIV_KEY_INFO_SharedPtr =
         utility::SharedPtrTypeFromUniquePtr<SSL_PKCS8_PRIV_KEY_INFO_Ptr>;
 
-using SSL_HMAC_CTX_Ptr =
-        std::unique_ptr<HMAC_CTX, SSLDeleter<HMAC_CTX, lib::OpenSSLLib::SSL_HMAC_CTX_free>>;
-using SSL_HMAC_CTX_SharedPtr = utility::SharedPtrTypeFromUniquePtr<SSL_HMAC_CTX_Ptr>;
+
+using EVP_MAC_CTX_Ptr =
+        std::unique_ptr<EVP_MAC_CTX, SSLDeleter<EVP_MAC_CTX, lib::OpenSSLLib::EVP_MAC_CTX_free>>;
+using EVP_MAC_CTX_SharedPtr = utility::SharedPtrTypeFromUniquePtr<EVP_MAC_CTX_Ptr>;
+
+using EVP_MAC_Ptr = std::unique_ptr<EVP_MAC, SSLDeleter<EVP_MAC, lib::OpenSSLLib::EVP_MAC_free>>;
+using EVP_MAC_SharedPtr = utility::SharedPtrTypeFromUniquePtr<EVP_MAC_Ptr>;
+
+using OSSL_LIB_CTX_Ptr =
+        std::unique_ptr<OSSL_LIB_CTX, SSLDeleter<OSSL_LIB_CTX, lib::OpenSSLLib::OSSL_LIB_CTX_free>>;
+using OSSL_LIB_CTX_SharedPtr = utility::SharedPtrTypeFromUniquePtr<OSSL_LIB_CTX_Ptr>;
 
 using SSL_CMAC_CTX_Ptr =
         std::unique_ptr<CMAC_CTX, SSLDeleter<CMAC_CTX, lib::OpenSSLLib::SSL_CMAC_CTX_free>>;
@@ -665,6 +673,13 @@ void _X509_REQ_sign_ctx(X509_REQ *req, EVP_MD_CTX *ctx);
  */
 const EVP_MD *_getMDPtrFromDigestType(DigestTypes type);
 
+/**
+ * Get OSSL Params array for a given digest type.
+ * @param type
+ * @throws std::runtime_error if the requested digest function was not found.
+ */
+const std::array<OSSL_PARAM, 4> _getOSSLParamFromDigestType(DigestTypes type);
+
 /**
  * Create an MD_CTX object.
  *
@@ -828,13 +843,13 @@ void _X509_verify_cert(X509_STORE_CTX *ctx);
  *
  * @throw OpenSSLException when no object could be created
  */
-template <class SslType>
-SslType *createOpenSSLObject();
+template <class SslType, typename... Types>
+SslType *createOpenSSLObject(Types... args);
 
-template <class SSLSmartPtrType>
-SSLSmartPtrType createManagedOpenSSLObject()
+template <class SSLSmartPtrType, typename... Types>
+SSLSmartPtrType createManagedOpenSSLObject(Types... args)
 {
-    return SSLSmartPtrType{createOpenSSLObject<typename SSLSmartPtrType::element_type>()};
+    return SSLSmartPtrType{createOpenSSLObject<typename SSLSmartPtrType::element_type>(args...)};
 }
 
 template <class StackType, class ObjType>
@@ -1481,11 +1496,15 @@ void _ECDH_KDF_X9_63(std::vector<uint8_t> &out,
                      const std::vector<uint8_t> &sinfo,
                      const EVP_MD *md);
 
+OSSL_LIB_CTX_Ptr _OSSL_LIB_CTX_new(void);
+
 /* HMAC */
-void _HMAC_Init_ex(HMAC_CTX *ctx, const std::vector<uint8_t> &key, const EVP_MD *md, ENGINE *impl);
-std::vector<uint8_t> _HMAC_Final(HMAC_CTX *ctx);
-void _HMAC_Update(HMAC_CTX *ctx, const std::vector<uint8_t> &data);
-SSL_HMAC_CTX_Ptr _HMAC_CTX_new(void);
+void _EVP_MAC_init(EVP_MAC_CTX *ctx, const std::vector<uint8_t> &key, const OSSL_PARAM params[]);
+std::vector<uint8_t> _EVP_MAC_final(EVP_MAC_CTX *ctx);
+void _EVP_MAC_update(EVP_MAC_CTX *ctx, const std::vector<uint8_t> &data);
+EVP_MAC_CTX_Ptr _EVP_MAC_CTX_new(EVP_MAC *mac);
+
+EVP_MAC_Ptr _EVP_MAC_fetch(OSSL_LIB_CTX *libctx, std::string algorithm);
 
 /* CMAC */
 SSL_CMAC_CTX_Ptr _CMAC_CTX_new(void);

src/openssl_lib.cpp

@@ -919,22 +919,61 @@ int OpenSSLLib::SSL_ECDH_KDF_X9_63(unsigned char *out,
     return ECDH_KDF_X9_62(out, outlen, Z, Zlen, sinfo, sinfolen, md);
 }
 
-int OpenSSLLib::SSL_HMAC_Init_ex(
-        HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md, ENGINE *impl) noexcept
+OSSL_LIB_CTX *OpenSSLLib::OSSL_LIB_CTX_new() noexcept
 {
-    return HMAC_Init_ex(ctx, key, key_len, md, impl);
+    return OSSL_LIB_CTX_new();
 }
-int OpenSSLLib::SSL_HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len) noexcept
+
+void OpenSSLLib::OSSL_LIB_CTX_free(OSSL_LIB_CTX *ctx) noexcept
+{
+    OSSL_LIB_CTX_free(ctx);
+}
+
+OSSL_PARAM OpenSSLLib::SSL_OSSL_PARAM_construct_utf8_string(const char *key, char *buf, size_t bsize) noexcept
+{
+    return OSSL_PARAM_construct_utf8_string(key, buf, bsize);
+}
+
+OSSL_PARAM OpenSSLLib::SSL_OSSL_PARAM_construct_end() noexcept
+{
+    return OSSL_PARAM_construct_end();
+}
+
+int OpenSSLLib::EVP_MAC_init(EVP_MAC_CTX *ctx, const unsigned char *key, int keylen, const OSSL_PARAM *params) noexcept
+{
+    return EVP_MAC_init(ctx, key, keylen, params);
+}
+
+int OpenSSLLib::EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, int datalen) noexcept
 {
-    return HMAC_Update(ctx, data, len);
+    return EVP_MAC_update(ctx, data, datalen);
 }
-int OpenSSLLib::SSL_HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) noexcept
+
+int OpenSSLLib::EVP_MAC_final(EVP_MAC_CTX *ctx, unsigned char *out, int *outl, int outsize) noexcept
+{
+    return EVP_MAC_final(ctx, out, outl, outsize);
+}
+
+EVP_MAC_CTX *OpenSSLLib::EVP_MAC_CTX_new(EVP_MAC *mac) noexcept
+{
+    return EVP_MAC_CTX_new(mac);
+}
+
+void OpenSSLLib::EVP_MAC_CTX_free(EVP_MAC_CTX *ctx) noexcept
+{
+    EVP_MAC_CTX_free(ctx);
+}
+
+EVP_MAC *OpenSSLLib::EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, const char *properties) noexcept
+{
+    return EVP_MAC_fetch(libctx, algorithm, properties);
+}
+
+void OpenSSLLib::EVP_MAC_free(EVP_MAC *mac) noexcept
 {
-    return HMAC_Final(ctx, md, len);
+    EVP_MAC_free(mac);
 }
-HMAC_CTX *OpenSSLLib::SSL_HMAC_CTX_new() noexcept { return HMAC_CTX_new(); }
 
-void OpenSSLLib::SSL_HMAC_CTX_free(HMAC_CTX *ctx) noexcept { HMAC_CTX_free(ctx); }
 
 int OpenSSLLib::SSL_EC_KEY_oct2key(EC_KEY *eckey, const unsigned char *buf, size_t len) noexcept
 {

src/openssl_wrap.cpp

@@ -497,6 +497,45 @@ const EVP_MD *_getMDPtrFromDigestType(DigestTypes type)
     }
 }
 
+const std::array<OSSL_PARAM, 4> _getOSSLParamFromDigestType(DigestTypes type)
+{
+   std::string digest_name;
+    switch (type) {
+        case DigestTypes::SHA1:
+            digest_name = "SHA1";
+            break;
+        case DigestTypes::SHA256:
+            digest_name = "SHA256";
+            break;
+        case DigestTypes::SHA384:
+            digest_name = "SHA384";
+            break;
+        case DigestTypes::SHA512:
+            digest_name = "SHA512";
+            break;
+        case DigestTypes::SHA3_256:
+            digest_name = "SHA3-256";
+            break;
+        case DigestTypes::SHA3_384:
+            digest_name = "SHA3-384";
+            break;
+        case DigestTypes::SHA3_512:
+            digest_name = "SHA3-512";
+            break;
+        default:
+            throw std::runtime_error("Unknown digest type");
+    }
+
+    OSSL_PARAM params[4], *p = params;
+    *p++ = lib::OpenSSLLib::SSL_OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, const_cast<char*>(digest_name.c_str()), sizeof(digest_name.c_str()));
+    *p = lib::OpenSSLLib::SSL_OSSL_PARAM_construct_end();
+
+    std::array<OSSL_PARAM, 4> ossl_params;
+    std::copy(std::begin(params), std::end(params), ossl_params.begin());
+
+    return ossl_params;
+}
+
 void _EVP_DigestSignInit(EVP_MD_CTX *ctx, DigestTypes type, EVP_PKEY *pkey)
 {
     const EVP_MD *md;
@@ -661,9 +700,9 @@ X509_CRL *createOpenSSLObject<X509_CRL>()
 }
 
 template <>
-HMAC_CTX *createOpenSSLObject<HMAC_CTX>()
+EVP_MAC_CTX *createOpenSSLObject<EVP_MAC_CTX>(EVP_MAC *mac)
 {
-    return OpensslCallPtr::callChecked(lib::OpenSSLLib::SSL_HMAC_CTX_new);
+    return OpensslCallPtr::callChecked(lib::OpenSSLLib::EVP_MAC_CTX_new, mac);
 }
 
 template <>
@@ -1440,31 +1479,43 @@ void _ECDH_KDF_X9_63(std::vector<uint8_t> &out,
                                   md);
 }
 
-void _HMAC_Init_ex(HMAC_CTX *ctx, const std::vector<uint8_t> &key, const EVP_MD *md, ENGINE *impl)
+
+OSSL_LIB_CTX_Ptr _OSSL_LIB_CTX_new(void) {
+    return createManagedOpenSSLObject<OSSL_LIB_CTX_Ptr>();
+}
+
+void _EVP_MAC_init(EVP_MAC_CTX *ctx, const std::vector<uint8_t> &key, const OSSL_PARAM params[])
 {
-    OpensslCallIsOne::callChecked(lib::OpenSSLLib::SSL_HMAC_Init_ex,
+    OpensslCallIsOne::callChecked(lib::OpenSSLLib::EVP_MAC_init,
                                   ctx,
-                                  reinterpret_cast<const void *>(key.data()),
+                                  reinterpret_cast<const unsigned char *>(key.data()),
                                   key.size(),
-                                  md,
-                                  impl);
+                                  params);
+}
+
+std::vector<uint8_t> _EVP_MAC_final(EVP_MAC_CTX *ctx)
+{
+    int outlen = 0;
+    OpensslCallIsOne::callChecked(lib::OpenSSLLib::EVP_MAC_final, ctx, nullptr, &outlen, 0);
+    std::vector<uint8_t> out(outlen);
+    OpensslCallIsOne::callChecked(lib::OpenSSLLib::EVP_MAC_final, ctx, out.data(), &outlen, outlen);
+    return out;
 }
 
-std::vector<uint8_t> _HMAC_Final(HMAC_CTX *ctx)
+void _EVP_MAC_update(EVP_MAC_CTX *ctx, const std::vector<uint8_t> &data)
 {
-    unsigned int length = EVP_MAX_MD_SIZE;
-    std::vector<uint8_t> md(length);
-    OpensslCallIsOne::callChecked(lib::OpenSSLLib::SSL_HMAC_Final, ctx, md.data(), &length);
-    md.resize(length);
-    return md;
+    OpensslCallIsOne::callChecked(lib::OpenSSLLib::EVP_MAC_update, ctx, data.data(), data.size());
 }
 
-void _HMAC_Update(HMAC_CTX *ctx, const std::vector<uint8_t> &data)
+EVP_MAC_CTX_Ptr _EVP_MAC_CTX_new(EVP_MAC *mac)
 {
-    OpensslCallIsOne::callChecked(lib::OpenSSLLib::SSL_HMAC_Update, ctx, data.data(), data.size());
+    return createManagedOpenSSLObject<EVP_MAC_CTX_Ptr, EVP_MAC*>(mac);
 }
 
-SSL_HMAC_CTX_Ptr _HMAC_CTX_new() { return createManagedOpenSSLObject<SSL_HMAC_CTX_Ptr>(); }
+EVP_MAC_Ptr _EVP_MAC_fetch(OSSL_LIB_CTX *libctx, std::string algorithm) {
+    return EVP_MAC_Ptr{OpensslCallPtr::callChecked(
+            lib::OpenSSLLib::EVP_MAC_fetch, libctx, algorithm.c_str(), nullptr)};
+}
 
 SSL_CMAC_CTX_Ptr _CMAC_CTX_new(void) { return createManagedOpenSSLObject<SSL_CMAC_CTX_Ptr>(); }