int
_krb5_evp_digest_iov(krb5_crypto crypto,
const struct krb5_crypto_iov *iov,
int niov,
void *hash,
unsigned int *hsize,
const EVP_MD *md,
ENGINE *engine)
{
EVP_MD_CTX *ctx;
int ret, i;
krb5_data current = {0,0};
if (crypto != NULL) {
if (crypto->mdctx == NULL)
crypto->mdctx = EVP_MD_CTX_create();
if (crypto->mdctx == NULL)
return 0;
ctx = crypto->mdctx;
} else
ctx = EVP_MD_CTX_create();
ret = EVP_DigestInit_ex(ctx, md, engine);
if (ret != 1)
goto out;
for (i = 0; i < niov; i++) {
if (_krb5_crypto_iov_should_sign(&iov[i])) {
if ((char *)current.data + current.length == iov[i].data.data) {
current.length += iov[i].data.length;
} else {
if (current.data) {
ret = EVP_DigestUpdate(ctx, current.data, current.length);
if (ret != 1)
goto out;
}
current = iov[i].data;
}
}
}
if (current.data) {
ret = EVP_DigestUpdate(ctx, current.data, current.length);
if (ret != 1)
goto out;
}
ret = EVP_DigestFinal_ex(ctx, hash, hsize);
out:
if (crypto == NULL)
EVP_MD_CTX_destroy(ctx);
return ret;
}
static struct rspamd_lua_cryptobox_hash *
rspamd_lua_hash_create (const gchar *type)
{
struct rspamd_lua_cryptobox_hash *h;
h = g_slice_alloc0 (sizeof (*h));
if (type) {
if (g_ascii_strcasecmp (type, "md5") == 0) {
h->is_ssl = TRUE;
h->c = EVP_MD_CTX_create ();
EVP_DigestInit (h->c, EVP_md5 ());
goto ret;
}
else if (g_ascii_strcasecmp (type, "sha1") == 0 ||
g_ascii_strcasecmp (type, "sha") == 0) {
h->is_ssl = TRUE;
h->c = EVP_MD_CTX_create ();
EVP_DigestInit (h->c, EVP_sha1 ());
goto ret;
}
else if (g_ascii_strcasecmp (type, "sha256") == 0) {
h->is_ssl = TRUE;
h->c = EVP_MD_CTX_create ();
EVP_DigestInit (h->c, EVP_sha256 ());
goto ret;
}
else if (g_ascii_strcasecmp (type, "sha512") == 0) {
h->is_ssl = TRUE;
h->c = EVP_MD_CTX_create ();
EVP_DigestInit (h->c, EVP_sha512 ());
goto ret;
}
else if (g_ascii_strcasecmp (type, "sha384") == 0) {
h->is_ssl = TRUE;
h->c = EVP_MD_CTX_create ();
EVP_DigestInit (h->c, EVP_sha384 ());
goto ret;
}
}
h->h = g_slice_alloc0 (sizeof (*h->h));
rspamd_cryptobox_hash_init (h->h, NULL, 0);
ret:
return h;
}
static int verify(char *file,void *in,int ilen,void *sig,int slen)
{
int r=FILEFAIL;
BIO *cert;
X509 *x509;
EVP_PKEY *key;
EVP_MD_CTX *mdc;
if(!(cert=BIO_new(BIO_s_file())))goto err1;
if(BIO_read_filename(cert,file)<=0)goto err2;
r=CRYPTOFAIL;
if(!(x509=PEM_read_bio_X509_AUX(cert,NULL,NULL,NULL)))goto err2;
if(!(key=X509_get_pubkey(x509)))goto err3;
if(!(mdc=EVP_MD_CTX_create()))goto err4;
if(EVP_DigestInit_ex(mdc,EVP_sha256(),NULL)!=1)goto err5;
if(EVP_DigestVerifyInit(mdc,NULL,EVP_sha256(),NULL,key)!=1)goto err5;
if(EVP_DigestVerifyUpdate(mdc,in,ilen)!=1)goto err5;
if(EVP_DigestVerifyFinal(mdc,sig,slen)!=1)goto err5;
r=OK;
err5: EVP_MD_CTX_destroy(mdc);
err4: EVP_PKEY_free(key);
err3: X509_free(x509);
err2: BIO_free(cert);
err1: return r;
}
std::string PbeMd5AndDesEncryptor::generateDataHash(const std::string& data, const std::string salt, long iterations) {
EVP_MD_CTX *ctx = EVP_MD_CTX_create();
const EVP_MD *algorithm = EVP_md5();
unsigned char result[MD5_DIGEST_LENGTH];
if (salt.length() < ALGO_BLOCK_SIZE) {
BOOST_THROW_EXCEPTION(StringEncryptorException("Provided salt is of insufficient length"));
}
/*
* Add digest to digest stack if not already there.
* Digest stack gets cleanup upon program termination.
*/
EVP_add_digest(algorithm);
if (!EVP_DigestInit_ex(ctx, algorithm, NULL) ||
!EVP_DigestUpdate(ctx, data.data(), data.length()) ||
!EVP_DigestUpdate(ctx, salt.data(), ALGO_BLOCK_SIZE) ||
!EVP_DigestFinal_ex(ctx, result, NULL)) {
BOOST_THROW_EXCEPTION(StringEncryptorException("Error in generating digest"));
}
while (--iterations != 0) {
if (!EVP_DigestInit_ex(ctx, algorithm, NULL) ||
!EVP_DigestUpdate(ctx, result, MD5_DIGEST_LENGTH) ||
!EVP_DigestFinal_ex(ctx, result, NULL)) {
BOOST_THROW_EXCEPTION(StringEncryptorException("Error in generating digest"));
}
}
EVP_MD_CTX_destroy(ctx);
return std::string(reinterpret_cast<char *>(result), MD5_DIGEST_LENGTH);
}
int HashSHA256(unsigned char *hashed, const unsigned char *plain, unsigned int plen){
if (hashed == NULL || plain == NULL || plen <= 0) return 0;
EVP_MD_CTX *mdctx;
int md_len = 0;
if (!(mdctx = EVP_MD_CTX_create())) return 0;
if (1 != EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL)) {
if (mdctx) EVP_MD_CTX_destroy(mdctx);
return 0;
}
if (1 != EVP_DigestUpdate(mdctx, plain, plen)) {
if (mdctx) EVP_MD_CTX_destroy(mdctx);
return 0;
}
if (1 != EVP_DigestFinal_ex(mdctx, hashed, &md_len)) {
if (mdctx) EVP_MD_CTX_destroy(mdctx);
return 0;
}
if (mdctx) EVP_MD_CTX_destroy(mdctx);
return md_len;
}
int evp_sign(EVP_PKEY* evp, enum EVP_DIGEST_TYPE type, FILE* fp, string* s)
{
unsigned char digest[EVP_MAX_MD_SIZE];
unsigned int digest_length = 0;
EVP_MD_CTX* ctx;
int ret;
if (!digest_fp(fp, type, digest, &digest_length)) {
return 0;
}
ctx = EVP_MD_CTX_create();
if (ctx == NULL) {
fprintf(stderr, "evp_verify: failed to create digest context\n");
return EVP_ERROR;
}
string_resize(s, EVP_PKEY_size(evp));
ret = evp_sign_internal(evp, ctx, type, digest, digest_length, s);
EVP_MD_CTX_cleanup(ctx);
EVP_MD_CTX_destroy(ctx);
return ret;
}
Hash *HashNewFromDescriptor(const int descriptor, HashMethod method)
{
if (descriptor < 0)
{
return NULL;
}
if (method >= HASH_METHOD_NONE)
{
return NULL;
}
char buffer[1024];
int read_count = 0;
EVP_MD_CTX *context = NULL;
const EVP_MD *md = NULL;
int md_len = 0;
md = EVP_get_digestbyname(CF_DIGEST_TYPES[method]);
if (md == NULL)
{
Log(LOG_LEVEL_INFO, "Digest type %s not supported by OpenSSL library", CF_DIGEST_TYPES[method]);
return NULL;
}
Hash *hash = HashBasicInit(method);
context = EVP_MD_CTX_create();
EVP_DigestInit_ex(context, md, NULL);
do {
read_count = read(descriptor, buffer, 1024);
EVP_DigestUpdate(context, buffer, (size_t) read_count);
} while (read_count > 0);
EVP_DigestFinal_ex(context, hash->digest, &md_len);
EVP_MD_CTX_destroy(context);
/* Update the printable representation */
HashCalculatePrintableRepresentation(hash);
/* Return the hash */
return hash;
}
static isc_result_t
opensslecdsa_createctx(dst_key_t *key, dst_context_t *dctx) {
EVP_MD_CTX *evp_md_ctx;
const EVP_MD *type = NULL;
UNUSED(key);
REQUIRE(dctx->key->key_alg == DST_ALG_ECDSA256 ||
dctx->key->key_alg == DST_ALG_ECDSA384);
evp_md_ctx = EVP_MD_CTX_create();
if (evp_md_ctx == NULL)
return (ISC_R_NOMEMORY);
if (dctx->key->key_alg == DST_ALG_ECDSA256)
type = EVP_sha256();
else
type = EVP_sha384();
if (!EVP_DigestInit_ex(evp_md_ctx, type, NULL)) {
EVP_MD_CTX_destroy(evp_md_ctx);
return (dst__openssl_toresult3(dctx->category,
"EVP_DigestInit_ex",
ISC_R_FAILURE));
}
dctx->ctxdata.evp_md_ctx = evp_md_ctx;
return (ISC_R_SUCCESS);
}
static int
_md_ctx_create (md_ctx *x)
{
assert (x != NULL);
#if HAVE_EVP_MD_CTX_NEW
/* OpenSSL >= 1.1.0 */
x->ctx = EVP_MD_CTX_new (); /* alloc & init */
#elif HAVE_EVP_MD_CTX_CREATE
/* OpenSSL >= 0.9.7, < 1.1.0 */
x->ctx = EVP_MD_CTX_create (); /* alloc & init */
#else /* !HAVE_EVP_MD_CTX_CREATE */
x->ctx = OPENSSL_malloc (sizeof (EVP_MD_CTX)); /* allocate */
#if HAVE_EVP_MD_CTX_INIT
/* OpenSSL >= 0.9.7, < 1.1.0 */
if (x->ctx != NULL ) {
EVP_MD_CTX_init (x->ctx); /* initialize */
}
#endif /* HAVE_EVP_MD_CTX_INIT */
#endif /* !HAVE_EVP_MD_CTX_CREATE */
if (x->ctx == NULL) {
return (-1);
}
return (0);
}
EAC_CTX *
EAC_CTX_new(void)
{
EAC_CTX *ctx = OPENSSL_malloc(sizeof(EAC_CTX));
if (!ctx)
return NULL;
ctx->bn_ctx = BN_CTX_new();
ctx->ca_ctxs = (STACK_OF(CA_CTX *)) sk_new_null();
ctx->cipher_ctx = EVP_CIPHER_CTX_new();
ctx->md_ctx = EVP_MD_CTX_create();
ctx->pace_ctxs = (STACK_OF(PACE_CTX *)) sk_new_null();
ctx->ri_ctxs = (STACK_OF(RI_CTX *)) sk_new_null();
ctx->ssc = BN_new();
ctx->ta_ctx = TA_CTX_new();
if (!ctx->bn_ctx || !ctx->md_ctx || !ctx->pace_ctxs
|| !ctx->ta_ctx || !ctx->ca_ctxs || !ctx->cipher_ctx
|| !ctx->ri_ctxs || !ctx->ssc)
goto err;
BN_CTX_init(ctx->bn_ctx);
EVP_CIPHER_CTX_init(ctx->cipher_ctx);
ctx->ca_ctx = NULL;
ctx->key_ctx = NULL;
ctx->pace_ctx = NULL;
ctx->ri_ctx = NULL;
ctx->tr_version = EAC_TR_VERSION_2_02;
return ctx;
err:
EAC_CTX_clear_free(ctx);
return NULL;
}
CAMLprim value ocaml_EVP_MD_CTX_init(value v_alg) {
CAMLparam1(v_alg);
EVP_MD_CTX *ctx;
const EVP_MD *digest;
char *digest_name = String_val(v_alg);
if (strcmp(digest_name, "sha1") == 0)
digest = EVP_sha1();
else if (strcmp(digest_name, "sha256") == 0)
digest = EVP_sha256();
else {
caml_failwith("Unknown digest name");
CAMLreturn(Val_unit); /* (make compiler happy) */
}
if ((ctx = EVP_MD_CTX_create()) == NULL)
caml_failwith("EVP_MD_CTX_create: out of memory");
EVP_DigestInit_ex(ctx, digest, NULL);
CAMLlocal1(block);
block = caml_alloc_custom(&ctx_ops, sizeof(EVP_MD_CTX*), 0, 1);
Ctx_val(block) = ctx;
CAMLreturn(block);
}
/*
* @func sha256 calculates SHA256
* @param IN const void* const buf is the input payload
* @param size_t buflen is the payload length in bytes
* @param OUT uint8_t* hash is the resulting output hash
* @return encip_ret_e:
* ENCIP_ERROR_SHA_INVALID_PARAM if any of the input parameters is NULL
* ENCIP_ERROR_SHA_ALLOC if EVP_MD_CTX_create is unable to allocate buffer
* ENCIP_ERROR_SHA_INIT is EVP_DigestInit_ex fails
* ENCIP_ERROR_SHA_UPDATE if EVP_DigestUpdate fails
* ENCIP_ERROR_SHA_FINAL if EVP_DigestFinal_ex fails
* ENCIP_SUCCESS if success
*/
encip_ret_e sha256(IN const void* const buf, size_t buflen, OUT uint8_t* hash)
{
encip_ret_e ret = ENCIP_ERROR_FAIL;
unsigned int digest_len = 0;
if(NULL== buf || NULL== hash)
return ENCIP_ERROR_SHA_INVALID_PARAM;
EVP_MD_CTX *mdctx = EVP_MD_CTX_create();
if(NULL == mdctx)
return ENCIP_ERROR_SHA_ALLOC;
if(EVP_SUCCESS != EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL)){
ret = ENCIP_ERROR_SHA_INIT;
goto Label_free_context;
}
if(EVP_SUCCESS != EVP_DigestUpdate(mdctx, buf, buflen)){
ret = ENCIP_ERROR_SHA_UPDATE;
goto Label_free_context;
}
if((EVP_SUCCESS != EVP_DigestFinal_ex(mdctx, hash, &digest_len)) ||
(SGX_SHA256_HASH_SIZE != digest_len)){
ret = ENCIP_ERROR_SHA_FINAL;
goto Label_free_context;
}
ret = ENCIP_SUCCESS;
Label_free_context:
EVP_MD_CTX_destroy(mdctx);
return ret;
}
//Create base 64 encoded digital signature of given data
bool digiSign(StringBuffer &b64Signature, size32_t dataSz, const void *data, const CLoadedKey &signingKey)
{
OwnedEVPMdCtx signingCtx(EVP_MD_CTX_create());
//initialize context for SHA-256 hashing function
int rc = EVP_DigestSignInit(signingCtx, nullptr, EVP_sha256(), nullptr, signingKey);
if (rc <= 0)
throwEVPException(-1, "digiSign:EVP_DigestSignInit");
//add string to the context
if (EVP_DigestSignUpdate(signingCtx, data, dataSz) <= 0)
throwEVPException(-1, "digiSign:EVP_DigestSignUpdate");
//compute length of signature
size_t encMsgLen;
if (EVP_DigestSignFinal(signingCtx, nullptr, &encMsgLen) <= 0)
throwEVPException(-1, "digiSign:EVP_DigestSignFinal1");
if (encMsgLen == 0)
throwEVPException(-1, "digiSign:EVP_DigestSignFinal length returned 0");
//compute signature (signed digest)
OwnedEVPMemory encMsg = OPENSSL_malloc(encMsgLen);
if (encMsg == nullptr)
throw MakeStringException(-1, "digiSign:OPENSSL_malloc(%u) returned NULL", (unsigned)encMsgLen);
if (EVP_DigestSignFinal(signingCtx, (unsigned char *)encMsg.get(), &encMsgLen) <= 0)
throwEVPException(-1, "digiSign:EVP_DigestSignFinal2");
//convert to base64
JBASE64_Encode(encMsg, encMsgLen, b64Signature, false);
return true;
}
//Computes a digest of 'filename'. The length of the digest is stored in 'md_len'
unsigned char *digest_file(char* filename, int *md_len)
{
FILE *f = fopen(filename, "r");
if(f != NULL) {
EVP_MD_CTX *ctx;
unsigned char *md_value = calloc(EVP_MAX_MD_SIZE, sizeof(unsigned char));
ctx = EVP_MD_CTX_create();
EVP_DigestInit_ex(ctx, EVP_sha512(), NULL);
while(feof(f) == 0) {
char *buf = calloc(FILE_HASH_SIZE, sizeof(char));
int amount = fread(buf, sizeof(char), FILE_HASH_SIZE, f);
EVP_DigestUpdate(ctx, buf, amount);
free(buf);
}
fclose(f);
EVP_DigestFinal_ex(ctx, md_value, md_len);
EVP_MD_CTX_destroy(ctx);
//resize the md_value
if(*md_len < EVP_MAX_MD_SIZE)
md_value = realloc(md_value, *md_len);
return md_value;
} else {
fprintf(stderr, "Could not create digest of %s: %s\n",filename, strerror(errno));
return NULL;
}
}
static bool verifySignature(const char *data, int dataLength, char *signature, int signatureLength, const char *cert) {
X509* x509;
BIO* bio = BIO_new(BIO_s_mem());
BIO_puts(bio, cert);
x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
BIO_free(bio);
if (!x509) {
return false;
}
EVP_PKEY* pubKey = X509_get_pubkey(x509);
EVP_MD_CTX *mdctx = NULL;
mdctx = EVP_MD_CTX_create();
EVP_DigestVerifyInit(mdctx, NULL, EVP_sha256(), NULL, pubKey);
EVP_DigestVerifyUpdate(mdctx, data, dataLength);
int result = EVP_DigestVerifyFinal(mdctx, signature, signatureLength);
X509_free(x509);
EVP_PKEY_free(pubKey);
EVP_MD_CTX_destroy(mdctx);
return result > 0;
}
char *
crypt_pass(char *password, int encode)
{
EVP_MD_CTX *mdctx;
const EVP_MD *md;
unsigned char md_value[EVP_MAX_MD_SIZE];
char buffer[2*DIGEST_LEN + 1];
char *ret;
unsigned int md_len;
md = EVP_get_digestbyname(DIGEST_FUNCTION);
mdctx = EVP_MD_CTX_create();
EVP_MD_CTX_init(mdctx);
EVP_DigestInit_ex(mdctx, md, NULL);
EVP_DigestUpdate(mdctx, password, strlen(password));
EVP_DigestFinal_ex(mdctx, md_value, &md_len);
EVP_MD_CTX_destroy(mdctx);
if(encode)
{
base16_encode(buffer, sizeof(buffer), (char *)md_value, DIGEST_LEN);
DupString(ret, buffer);
}
else
{
ret = MyMalloc(DIGEST_LEN);
memcpy(ret, md_value, DIGEST_LEN);
}
return ret;
}
char *pkgr_generate_checksum(char *filename, char *hexdigest) {
OpenSSL_add_all_digests();
const EVP_MD *md = EVP_get_digestbyname("rmd160");
if(!md) {
pkgr_error("Ripemd-160 is not supported by this version of OpenSSL");
exit(1);
}
EVP_MD_CTX *ctx = EVP_MD_CTX_create();
EVP_DigestInit_ex(ctx, md, NULL);
FILE *dfile = fopen(filename, "rb");
if(dfile == NULL) {
pkgr_error("Invalid file (%s)", filename);
exit(1);
}
while(!feof(dfile)) {
char data[1024];
size_t size = fread(data, sizeof(char), sizeof(data), dfile);
EVP_DigestUpdate(ctx, data, size);
}
unsigned int md_len;
unsigned char checksum[EVP_MAX_MD_SIZE];
EVP_DigestFinal_ex(ctx, checksum, &md_len);
EVP_MD_CTX_destroy(ctx);
unsigned int i;
for(i = 0; i < md_len; i++) {
char buffer[3];
snprintf(buffer, sizeof(buffer), "%02x", checksum[i]);
strcat(hexdigest, buffer);
}
return hexdigest;
}
/*
* Constructors
* All constructors call two common methods: HashBasicInit(...) and HashCalculatePrintableRepresentation(...).
* Each constructor reads the data to create the Hash from different sources so after the basic
* initialization and up to the point where the hash is computed, each follows its own path.
*/
Hash *HashNew(const char *data, const unsigned int length, HashMethod method)
{
if (!data || (length == 0))
{
return NULL;
}
if (method >= HASH_METHOD_NONE)
{
return NULL;
}
/*
* OpenSSL documentation marked EVP_DigestInit and EVP_DigestFinal functions as deprecated and
* recommends moving to EVP_DigestInit_ex and EVP_DigestFinal_ex.
*/
EVP_MD_CTX *context = NULL;
const EVP_MD *md = NULL;
int md_len = 0;
md = EVP_get_digestbyname(CF_DIGEST_TYPES[method]);
if (md == NULL)
{
Log(LOG_LEVEL_INFO, "Digest type %s not supported by OpenSSL library", CF_DIGEST_TYPES[method]);
return NULL;
}
Hash *hash = HashBasicInit(method);
context = EVP_MD_CTX_create();
EVP_DigestInit_ex(context, md, NULL);
EVP_DigestUpdate(context, data, (size_t) length);
EVP_DigestFinal_ex(context, hash->digest, &md_len);
EVP_MD_CTX_destroy(context);
/* Update the printable representation */
HashCalculatePrintableRepresentation(hash);
/* Return the hash */
return hash;
}
int main(int argc, char *argv[])
{
EVP_MD_CTX *mdctx;
const EVP_MD *md;
unsigned char md_value[EVP_MAX_MD_SIZE];
int md_len, i;
OpenSSL_add_all_digests();
if (argc != 3)
{
printf("Usage: %s <Message> <MDType>\n", argv[0]);
exit(1);
}
md = EVP_get_digestbyname(argv[2]);
if (!md)
{
printf("Unknown message digest %s\n", argv[2]);
exit(1);
}
mdctx = EVP_MD_CTX_create();
EVP_DigestInit_ex(mdctx, md, NULL);
EVP_DigestUpdate(mdctx, argv[1], strlen(argv[1]));
EVP_DigestFinal_ex(mdctx, md_value, &md_len);
EVP_MD_CTX_destroy(mdctx);
printf("%s [%s]: ", argv[1], argv[2]);
for (i = 0; i < md_len; i++) printf("%02x", md_value[i]);
printf("\n");
}
static LUA_FUNCTION(openssl_evp_digest_init)
{
EVP_MD* md = CHECK_OBJECT(1, EVP_MD, "openssl.evp_digest");
ENGINE* e = lua_gettop(L) > 1 ? CHECK_OBJECT(2, ENGINE, "openssl.engine") : NULL;
EVP_MD_CTX* ctx = EVP_MD_CTX_create();
if (ctx)
{
int ret;
EVP_MD_CTX_init(ctx);
ret = EVP_DigestInit_ex(ctx, md, e);
if (ret == 1)
{
PUSH_OBJECT(ctx, "openssl.evp_digest_ctx");
}
else
{
EVP_MD_CTX_destroy(ctx);
return openssl_pushresult(L, ret);
}
}
else
lua_pushnil(L);
return 1;
}
int
lws_genhash_init(struct lws_genhash_ctx *ctx, enum lws_genhash_types type)
{
ctx->type = type;
ctx->mdctx = EVP_MD_CTX_create();
if (!ctx->mdctx)
return 1;
switch (ctx->type) {
case LWS_GENHASH_TYPE_SHA1:
ctx->evp_type = EVP_sha1();
break;
case LWS_GENHASH_TYPE_SHA256:
ctx->evp_type = EVP_sha256();
break;
case LWS_GENHASH_TYPE_SHA384:
ctx->evp_type = EVP_sha384();
break;
case LWS_GENHASH_TYPE_SHA512:
ctx->evp_type = EVP_sha512();
break;
default:
return 1;
}
if (EVP_DigestInit_ex(ctx->mdctx, ctx->evp_type, NULL) != 1) {
EVP_MD_CTX_destroy(ctx->mdctx);
return 1;
}
return 0;
}
/**
* returns -1 on error
* returns 0 on non-verified digest
* returns 1 on verified digest
*/
int evp_verify(EVP_PKEY* evp, enum EVP_DIGEST_TYPE type, FILE* fp, string* s)
{
unsigned char digest[SHA_DIGEST_LENGTH];
unsigned int digest_length = 0;
int ret;
EVP_MD_CTX* ctx = NULL;
if (evp == NULL) {
fprintf(stderr, "evp_verify: NULL EVP_PKEY\n");
return EVP_ERROR;
}
if (!digest_fp(fp, type, digest, &digest_length)) {
fprintf(stderr, "evp_verify: message digest failed\n");
return EVP_ERROR;
}
ctx = EVP_MD_CTX_create();
if (ctx == NULL) {
fprintf(stderr, "evp_verify: failed to create digest context\n");
return EVP_ERROR;
}
ret = evp_verify_internal(evp, ctx, type, digest, digest_length, s);
EVP_MD_CTX_cleanup(ctx);
EVP_MD_CTX_destroy(ctx);
return ret;
}
static int evp_fdigest(lua_State *L)
{
EVP_MD_CTX *c = NULL;
const char *type_name = luaL_checkstring(L, 1);
const char *s = luaL_checkstring(L, 2);
const EVP_MD *type = EVP_get_digestbyname(type_name);
unsigned char digest[EVP_MAX_MD_SIZE];
size_t written = 0;
unsigned int i;
char *hex;
if (type == NULL) {
luaL_argerror(L, 1, "invalid digest type");
return 0;
}
c = EVP_MD_CTX_create();
EVP_DigestInit_ex(c, type, NULL);
EVP_DigestUpdate(c, s, lua_strlen(L, 2));
EVP_DigestFinal_ex(c, digest, &written);
if (lua_toboolean(L, 3))
lua_pushlstring(L, (char *)digest, written);
else
{
hex = calloc(sizeof(char), written*2 + 1);
for (i = 0; i < written; i++)
sprintf(hex + 2*i, "%02x", digest[i]);
lua_pushlstring(L, hex, written*2);
free(hex);
}
return 1;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_des_checksum(krb5_context context,
const EVP_MD *evp_md,
struct _krb5_key_data *key,
const void *data,
size_t len,
Checksum *cksum)
{
struct _krb5_evp_schedule *ctx = key->schedule->data;
EVP_MD_CTX *m;
DES_cblock ivec;
unsigned char *p = cksum->checksum.data;
krb5_generate_random_block(p, 8);
m = EVP_MD_CTX_create();
if (m == NULL)
return krb5_enomem(context);
EVP_DigestInit_ex(m, evp_md, NULL);
EVP_DigestUpdate(m, p, 8);
EVP_DigestUpdate(m, data, len);
EVP_DigestFinal_ex (m, p + 8, NULL);
EVP_MD_CTX_destroy(m);
memset (&ivec, 0, sizeof(ivec));
EVP_CipherInit_ex(&ctx->ectx, NULL, NULL, NULL, (void *)&ivec, -1);
EVP_Cipher(&ctx->ectx, p, p, 24);
return 0;
}
static int evp_digest(lua_State *L)
{
EVP_MD_CTX *c = evp_pget(L, 1);
EVP_MD_CTX *d = NULL;
unsigned char digest[EVP_MAX_MD_SIZE];
size_t written = 0;
unsigned int i;
char *hex;
if (lua_isstring(L, 2))
{
const char *s = luaL_checkstring(L, 2);
EVP_DigestUpdate(c, s, lua_strlen(L, 2));
}
d = EVP_MD_CTX_create();
EVP_MD_CTX_copy_ex(d, c);
EVP_DigestFinal_ex(d, digest, &written);
EVP_MD_CTX_destroy(d);
if (lua_toboolean(L, 3))
lua_pushlstring(L, (char *)digest, written);
else
{
hex = calloc(sizeof(char), written*2 + 1);
for (i = 0; i < written; i++)
sprintf(hex + 2*i, "%02x", digest[i]);
lua_pushlstring(L, hex, written*2);
free(hex);
}
return 1;
}
struct swupdate_digest *swupdate_HASH_init(const char *SHAlength)
{
struct swupdate_digest *dgst;
const EVP_MD *md;
int ret;
dgst = calloc(1, sizeof(*dgst));
if (!dgst) {
return NULL;
}
if ((!SHAlength) || strcmp(SHAlength, "sha1"))
md = EVP_sha256();
else
md = EVP_sha1();
dgst->ctx = EVP_MD_CTX_create();
if(dgst->ctx == NULL) {
ERROR("EVP_MD_CTX_create failed, error 0x%lx", ERR_get_error());
free(dgst);
return NULL;
}
ret = dgst_init(dgst, md);
if (ret) {
free(dgst);
return NULL;
}
return dgst;
}
static isc_result_t
openssldsa_createctx(dst_key_t *key, dst_context_t *dctx) {
#if USE_EVP
EVP_MD_CTX *evp_md_ctx;
UNUSED(key);
evp_md_ctx = EVP_MD_CTX_create();
if (evp_md_ctx == NULL)
return (ISC_R_NOMEMORY);
if (!EVP_DigestInit_ex(evp_md_ctx, EVP_dss1(), NULL)) {
EVP_MD_CTX_destroy(evp_md_ctx);
return (ISC_R_FAILURE);
}
dctx->ctxdata.evp_md_ctx = evp_md_ctx;
return (ISC_R_SUCCESS);
#else
isc_sha1_t *sha1ctx;
UNUSED(key);
sha1ctx = isc_mem_get(dctx->mctx, sizeof(isc_sha1_t));
isc_sha1_init(sha1ctx);
dctx->ctxdata.sha1ctx = sha1ctx;
return (ISC_R_SUCCESS);
#endif
}
/**
* @ingroup SnmpParser
* @brief 비밀번호로 key 를 생성한다.
* @param pszPassWord 비밀번호
* @param pszKey 생성된 key 저장 변수
* @returns 성공하면 true 를 리턴하고 실패하면 false 를 리턴한다.
*/
bool SnmpMakeKey( const char * pszPassWord, uint8_t * pszKey )
{
int iPassWordLen = strlen(pszPassWord);
int iInputLen = 1024 * 1024;
int iIndex = 0;
char szBuf[64];
unsigned int iResultLen = 16;
EVP_MD_CTX * psttCtx = EVP_MD_CTX_create();
EVP_DigestInit( psttCtx, EVP_md5() );
while( iInputLen > 0 )
{
for( int i = 0; i < 64; ++i )
{
szBuf[i] = pszPassWord[iIndex % iPassWordLen];
++iIndex;
}
EVP_DigestUpdate( psttCtx, szBuf, 64 );
iInputLen -= 64;
}
EVP_DigestFinal( psttCtx, (unsigned char *)pszKey, &iResultLen );
EVP_MD_CTX_destroy( psttCtx );
return true;
}
static int verify_jwt_signature(EVP_PKEY *key, const char *alg,
grpc_slice signature, grpc_slice signed_data) {
EVP_MD_CTX *md_ctx = EVP_MD_CTX_create();
const EVP_MD *md = evp_md_from_alg(alg);
int result = 0;
GPR_ASSERT(md != NULL); /* Checked before. */
if (md_ctx == NULL) {
gpr_log(GPR_ERROR, "Could not create EVP_MD_CTX.");
goto end;
}
if (EVP_DigestVerifyInit(md_ctx, NULL, md, NULL, key) != 1) {
gpr_log(GPR_ERROR, "EVP_DigestVerifyInit failed.");
goto end;
}
if (EVP_DigestVerifyUpdate(md_ctx, GRPC_SLICE_START_PTR(signed_data),
GRPC_SLICE_LENGTH(signed_data)) != 1) {
gpr_log(GPR_ERROR, "EVP_DigestVerifyUpdate failed.");
goto end;
}
if (EVP_DigestVerifyFinal(md_ctx, GRPC_SLICE_START_PTR(signature),
GRPC_SLICE_LENGTH(signature)) != 1) {
gpr_log(GPR_ERROR, "JWT signature verification failed.");
goto end;
}
result = 1;
end:
if (md_ctx != NULL) EVP_MD_CTX_destroy(md_ctx);
return result;
}
static int sign(void *ctx,char *file,void *in,int ilen,void *out,int *olen)
{
int r=NOCARD;
size_t slen=*olen;
ENGINE *e=(ENGINE *)ctx;
EVP_PKEY *key;
EVP_MD_CTX *mdc;
resume_engine(e,engbits);
if(!(key=ENGINE_load_private_key(e,file,NULL,NULL)))goto err1;
r=CRYPTOFAIL;
if(!(mdc=EVP_MD_CTX_create()))goto err2;
if(EVP_DigestInit_ex(mdc,EVP_sha256(),NULL)!=1)goto err3;
if(EVP_DigestSignInit(mdc,NULL,EVP_sha256(),NULL,key)!=1)goto err3;
if(EVP_DigestSignUpdate(mdc,in,ilen)!=1)goto err3;
if(EVP_DigestSignFinal(mdc,out,&slen)!=1)goto err3;
*olen=slen;
r=OK;
err3: EVP_MD_CTX_destroy(mdc);
err2: EVP_PKEY_free(key);
err1: suspend_engine(e,&engbits);
return r;
}