u_char *k;
size_t olen;
int64_t iterations, length;
- EVP_PKEY *pkey;
unsigned usage, mask;
njs_int_t ret;
njs_str_t salt, info;
njs_value_t value, *aobject, *dobject;
const EVP_MD *md;
EVP_PKEY_CTX *pctx;
- njs_mp_cleanup_t *cln;
njs_webcrypto_key_t *key, *dkey;
njs_webcrypto_hash_t hash;
njs_webcrypto_algorithm_t *alg, *dalg;
if (njs_slow_path(ret == NJS_ERROR)) {
goto fail;
}
-
- pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, k, length);
- if (njs_slow_path(pkey == NULL)) {
- njs_webcrypto_error(vm, "EVP_PKEY_new_mac_key() failed");
- goto fail;
- }
-
- cln = njs_mp_cleanup_add(njs_vm_memory_pool(vm), 0);
- if (cln == NULL) {
- njs_memory_error(vm);
- goto fail;
- }
-
- cln->handler = njs_webcrypto_cleanup_pkey;
- cln->data = key;
-
- dkey->pkey = pkey;
-
- } else {
- dkey->raw.start = k;
- dkey->raw.length = length;
}
+ dkey->raw.start = k;
+ dkey->raw.length = length;
+
ret = njs_vm_external_create(vm, &value,
njs_webcrypto_crypto_key_proto_id,
dkey, 0);
break;
case NJS_ALGORITHM_HMAC:
- pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, key_data.start,
- key_data.length);
- if (njs_slow_path(pkey == NULL)) {
- njs_webcrypto_error(vm, "EVP_PKEY_new_mac_key() failed");
- goto fail;
- }
-
ret = njs_algorithm_hash(vm, options, &key->hash);
if (njs_slow_path(ret == NJS_ERROR)) {
goto fail;
}
- key->pkey = pkey;
-
- break;
+ /* Fall through. */
case NJS_ALGORITHM_AES_GCM:
case NJS_ALGORITHM_AES_CTR:
njs_ext_sign(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs,
njs_index_t verify)
{
- u_char *dst;
+ u_char *dst, *p;
size_t olen, outlen;
unsigned mask, m_len;
njs_int_t ret;
}
}
- mctx = njs_evp_md_ctx_new();
- if (njs_slow_path(mctx == NULL)) {
- njs_webcrypto_error(vm, "njs_evp_md_ctx_new() failed");
- goto fail;
- }
-
if (alg->type == NJS_ALGORITHM_ECDSA) {
ret = njs_algorithm_hash(vm, options, &hash);
if (njs_slow_path(ret == NJS_ERROR)) {
switch (alg->type) {
case NJS_ALGORITHM_HMAC:
- ret = EVP_DigestSignInit(mctx, NULL, md, NULL, key->pkey);
- if (njs_slow_path(ret <= 0)) {
- njs_webcrypto_error(vm, "EVP_DigestSignInit() failed");
- goto fail;
- }
-
- ret = EVP_DigestSignUpdate(mctx, data.start, data.length);
- if (njs_slow_path(ret <= 0)) {
- njs_webcrypto_error(vm, "EVP_DigestSignUpdate() failed");
- goto fail;
- }
-
- olen = EVP_MD_size(md);
+ m_len = EVP_MD_size(md);
if (!verify) {
- dst = njs_mp_zalloc(njs_vm_memory_pool(vm), olen);
+ dst = njs_mp_alloc(njs_vm_memory_pool(vm), m_len);
if (njs_slow_path(dst == NULL)) {
njs_memory_error(vm);
goto fail;
dst = (u_char *) &m[0];
}
- outlen = olen;
+ outlen = m_len;
+
+ p = HMAC(md, key->raw.start, key->raw.length, data.start, data.length,
+ dst, &m_len);
- ret = EVP_DigestSignFinal(mctx, dst, &outlen);
- if (njs_slow_path(ret <= 0 || olen != outlen)) {
- njs_webcrypto_error(vm, "EVP_DigestSignFinal() failed");
+ if (njs_slow_path(p == NULL || m_len != outlen)) {
+ njs_webcrypto_error(vm, "HMAC() failed");
goto fail;
}
case NJS_ALGORITHM_RSA_PSS:
case NJS_ALGORITHM_ECDSA:
default:
+ mctx = njs_evp_md_ctx_new();
+ if (njs_slow_path(mctx == NULL)) {
+ njs_webcrypto_error(vm, "njs_evp_md_ctx_new() failed");
+ goto fail;
+ }
+
ret = EVP_DigestInit_ex(mctx, md, NULL);
if (njs_slow_path(ret <= 0)) {
njs_webcrypto_error(vm, "EVP_DigestInit_ex() failed");
}
}
+ njs_evp_md_ctx_free(mctx);
+
EVP_PKEY_CTX_free(pctx);
break;
njs_set_boolean(&value, ret != 0);
}
- njs_evp_md_ctx_free(mctx);
-
return njs_webcrypto_result(vm, &value, NJS_OK);
fail:
projects / njs.git / commitdiff