Skip to content

Commit f7520ff

Browse files
davidbenrvagg
davidben
authored and
rvagg
committed
crypto: Make Hmac 1.1.0-compatible
OpenSSL 1.1.0 requries HMAC_CTX be heap-allocated. PR-URL: nodejs#16130 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Rod Vagg <rod@vagg.org>
1 parent 6bc7480 commit f7520ff

2 files changed

Lines changed: 33 additions & 17 deletions

File tree

src/node_crypto.cc

Lines changed: 30 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -200,6 +200,20 @@ static int X509_up_ref(X509* cert) {
200200

201201
#define EVP_MD_CTX_new EVP_MD_CTX_create
202202
#define EVP_MD_CTX_free EVP_MD_CTX_destroy
203+
204+
HMAC_CTX* HMAC_CTX_new() {
205+
HMAC_CTX* ctx = Malloc<HMAC_CTX>(1);
206+
HMAC_CTX_init(ctx);
207+
return ctx;
208+
}
209+
210+
void HMAC_CTX_free(HMAC_CTX* ctx) {
211+
if (ctx == nullptr) {
212+
return;
213+
}
214+
HMAC_CTX_cleanup(ctx);
215+
free(ctx);
216+
}
203217
#endif // OPENSSL_VERSION_NUMBER < 0x10100000L
204218

205219
// Subject DER of CNNIC ROOT CA and CNNIC EV ROOT CA are taken from
@@ -3790,6 +3804,11 @@ void CipherBase::Final(const FunctionCallbackInfo<Value>& args) {
37903804
}
37913805

37923806

3807+
Hmac::~Hmac() {
3808+
HMAC_CTX_free(ctx_);
3809+
}
3810+
3811+
37933812
void Hmac::Initialize(Environment* env, v8::Local<v8::Object> target) {
37943813
Local<FunctionTemplate> t = env->NewFunctionTemplate(New);
37953814

@@ -3816,14 +3835,16 @@ void Hmac::HmacInit(const char* hash_type, const char* key, int key_len) {
38163835
if (md == nullptr) {
38173836
return env()->ThrowError("Unknown message digest");
38183837
}
3819-
HMAC_CTX_init(&ctx_);
38203838
if (key_len == 0) {
38213839
key = "";
38223840
}
3823-
if (!HMAC_Init_ex(&ctx_, key, key_len, md, nullptr)) {
3841+
ctx_ = HMAC_CTX_new();
3842+
if (ctx_ == nullptr ||
3843+
!HMAC_Init_ex(ctx_, key, key_len, md, nullptr)) {
3844+
HMAC_CTX_free(ctx_);
3845+
ctx_ = nullptr;
38243846
return ThrowCryptoError(env(), ERR_get_error());
38253847
}
3826-
initialised_ = true;
38273848
}
38283849

38293850

@@ -3840,9 +3861,9 @@ void Hmac::HmacInit(const FunctionCallbackInfo<Value>& args) {
38403861

38413862

38423863
bool Hmac::HmacUpdate(const char* data, int len) {
3843-
if (!initialised_)
3864+
if (ctx_ == nullptr)
38443865
return false;
3845-
int r = HMAC_Update(&ctx_, reinterpret_cast<const unsigned char*>(data), len);
3866+
int r = HMAC_Update(ctx_, reinterpret_cast<const unsigned char*>(data), len);
38463867
return r == 1;
38473868
}
38483869

@@ -3887,10 +3908,10 @@ void Hmac::HmacDigest(const FunctionCallbackInfo<Value>& args) {
38873908
unsigned char md_value[EVP_MAX_MD_SIZE];
38883909
unsigned int md_len = 0;
38893910

3890-
if (hmac->initialised_) {
3891-
HMAC_Final(&hmac->ctx_, md_value, &md_len);
3892-
HMAC_CTX_cleanup(&hmac->ctx_);
3893-
hmac->initialised_ = false;
3911+
if (hmac->ctx_ != nullptr) {
3912+
HMAC_Final(hmac->ctx_, md_value, &md_len);
3913+
HMAC_CTX_free(hmac->ctx_);
3914+
hmac->ctx_ = nullptr;
38943915
}
38953916

38963917
Local<Value> error;

src/node_crypto.h

Lines changed: 3 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -494,11 +494,7 @@ class CipherBase : public BaseObject {
494494

495495
class Hmac : public BaseObject {
496496
public:
497-
~Hmac() override {
498-
if (!initialised_)
499-
return;
500-
HMAC_CTX_cleanup(&ctx_);
501-
}
497+
~Hmac() override;
502498

503499
static void Initialize(Environment* env, v8::Local<v8::Object> target);
504500

@@ -513,13 +509,12 @@ class Hmac : public BaseObject {
513509

514510
Hmac(Environment* env, v8::Local<v8::Object> wrap)
515511
: BaseObject(env, wrap),
516-
initialised_(false) {
512+
ctx_(nullptr) {
517513
MakeWeak<Hmac>(this);
518514
}
519515

520516
private:
521-
HMAC_CTX ctx_; /* coverity[member_decl] */
522-
bool initialised_;
517+
HMAC_CTX* ctx_;
523518
};
524519

525520
class Hash : public BaseObject {

0 commit comments

Comments
 (0)