Beispiel #1
0
/* CRAM-MD5 auth state. */
int
imap_state_cram_md5_auth(struct account *a, struct fetch_ctx *fctx)
{
	struct fetch_imap_data	*data = a->data;
	char			*line, *ptr, *src, *b64;
	char			 out[EVP_MAX_MD_SIZE * 2 + 1];
	u_char			 digest[EVP_MAX_MD_SIZE];
	u_int			 i, n;

	if (imap_getln(a, fctx, IMAP_CONTINUE, &line) != 0)
		return (FETCH_ERROR);
	if (line == NULL)
		return (FETCH_BLOCK);

	ptr = line + 1;
	while (isspace((u_char) *ptr))
		ptr++;
	if (*ptr == '\0')
		return (imap_invalid(a, line));

	b64 = imap_base64_decode(ptr);
	HMAC(EVP_md5(),
	    data->pass, strlen(data->pass), b64, strlen(b64), digest, &n);
	xfree(b64);

	for (i = 0; i < n; i++)
		xsnprintf(out + i * 2, 3, "%02hhx", digest[i]);
	xasprintf(&src, "%s %s", data->user, out);
	b64 = imap_base64_encode(src);
	xfree(src);

	if (imap_putln(a, "%s", b64) != 0) {
		xfree(b64);
		return (FETCH_ERROR);
	}
	xfree(b64);

	fctx->state = imap_state_pass;
	return (FETCH_BLOCK);
}
Beispiel #2
0
void ntlm_compute_lm_v2_response(NTLM_CONTEXT* context)
{
    char* response;
    char value[16];
    char ntlm_v2_hash[16];

    /* Compute the NTLMv2 hash */
    ntlm_compute_ntlm_v2_hash(context, ntlm_v2_hash);

    /* Concatenate the server and client challenges */
    CopyMemory(value, context->ServerChallenge, 8);
    CopyMemory(&value[8], context->ClientChallenge, 8);

    sspi_SecBufferAlloc(&context->LmChallengeResponse, 24);
    response = (char*) context->LmChallengeResponse.pvBuffer;

    /* Compute the HMAC-MD5 hash of the resulting value using the NTLMv2 hash as the key */
    HMAC(EVP_md5(), (void*) ntlm_v2_hash, 16, (void*) value, 16, (void*) response, NULL);

    /* Concatenate the resulting HMAC-MD5 hash and the client challenge, giving us the LMv2 response (24 bytes) */
    CopyMemory(&response[16], context->ClientChallenge, 8);
}
Beispiel #3
0
unsigned long X509_issuer_and_serial_hash(X509 *a)
	{
	unsigned long ret=0;
	EVP_MD_CTX ctx;
	unsigned char md[16];
	char *f;

	EVP_MD_CTX_init(&ctx);
	f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
	ret=strlen(f);
	EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
	EVP_DigestUpdate(&ctx,(unsigned char *)f,ret);
	OPENSSL_free(f);
	EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
		(unsigned long)a->cert_info->serialNumber->length);
	EVP_DigestFinal_ex(&ctx,&(md[0]),NULL);
	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
		)&0xffffffffL;
	EVP_MD_CTX_cleanup(&ctx);
	return(ret);
	}
Beispiel #4
0
Datei: md.c Projekt: dun/munge 
static void
_md_init_subsystem (void)
{
    int i;

    for (i = 0; i < MUNGE_MAC_LAST_ITEM; i++) {
        _md_map [i] = NULL;
    }
    _md_map [MUNGE_MAC_MD5] = EVP_md5 ();
    _md_map [MUNGE_MAC_SHA1] = EVP_sha1 ();
    _md_map [MUNGE_MAC_RIPEMD160] = EVP_ripemd160 ();

#if HAVE_EVP_SHA256
    _md_map [MUNGE_MAC_SHA256] = EVP_sha256 ();
#endif /* HAVE_EVP_SHA256 */

#if HAVE_EVP_SHA512
    _md_map [MUNGE_MAC_SHA512] = EVP_sha512 ();
#endif /* HAVE_EVP_SHA512 */

    return;
}
Beispiel #5
0
static gboolean irssi_ssl_verify(SSL *ssl, SSL_CTX *ctx, const char* hostname, X509 *cert)
{
	long result;

	result = SSL_get_verify_result(ssl);
	if (result != X509_V_OK) {
		unsigned char md[EVP_MAX_MD_SIZE];
		unsigned int n;
		char *str;

		g_warning("Could not verify SSL servers certificate: %s",
				X509_verify_cert_error_string(result));
		if ((str = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0)) == NULL)
			g_warning("  Could not get subject-name from peer certificate");
		else {
			g_warning("  Subject : %s", str);
			free(str);
		}
		if ((str = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0)) == NULL)
			g_warning("  Could not get issuer-name from peer certificate");
		else {
			g_warning("  Issuer  : %s", str);
			free(str);
		}
		if (! X509_digest(cert, EVP_md5(), md, &n))
			g_warning("  Could not get fingerprint from peer certificate");
		else {
			char hex[] = "0123456789ABCDEF";
			char fp[EVP_MAX_MD_SIZE*3];
			if (n < sizeof(fp)) {
				unsigned int i;
				for (i = 0; i < n; i++) {
					fp[i*3+0] = hex[(md[i] >> 4) & 0xF];
					fp[i*3+1] = hex[(md[i] >> 0) & 0xF];
					fp[i*3+2] = i == n - 1 ? '\0' : ':';
				}
				g_warning("  MD5 Fingerprint : %s", fp);
			}
		}
Beispiel #6
0
unsigned long
X509_NAME_hash_old(X509_NAME *x)
{
	EVP_MD_CTX md_ctx;
	unsigned long ret = 0;
	unsigned char md[16];

	/* Make sure X509_NAME structure contains valid cached encoding */
	i2d_X509_NAME(x, NULL);
	EVP_MD_CTX_init(&md_ctx);
	if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) &&
	    EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) &&
	    EVP_DigestFinal_ex(&md_ctx, md, NULL))
		ret = (((unsigned long)md[0]) |
		    ((unsigned long)md[1] << 8L) |
		    ((unsigned long)md[2] << 16L) |
		    ((unsigned long)md[3] << 24L)) &
		    0xffffffffL;
	EVP_MD_CTX_cleanup(&md_ctx);

	return (ret);
}
Beispiel #7
0
unsigned long X509_NAME_hash_old(X509_NAME *x)
{
    EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
    unsigned long ret = 0;
    unsigned char md[16];

    if (md_ctx == NULL)
        return ret;

    /* Make sure X509_NAME structure contains valid cached encoding */
    i2d_X509_NAME(x, NULL);
    EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
    if (EVP_DigestInit_ex(md_ctx, EVP_md5(), NULL)
        && EVP_DigestUpdate(md_ctx, x->bytes->data, x->bytes->length)
        && EVP_DigestFinal_ex(md_ctx, md, NULL))
        ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
               ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
            ) & 0xffffffffL;
    EVP_MD_CTX_free(md_ctx);

    return (ret);
}
Beispiel #8
0
int main(int argc, char *argv[])
	{
#ifndef OPENSSL_NO_MD5
	int i;
	char *p;
#endif
	int err=0;

#ifdef OPENSSL_NO_MD5
	printf("test skipped: MD5 disabled\n");
#else

#ifdef CHARSET_EBCDIC
	ebcdic2ascii(test[0].data, test[0].data, test[0].data_len);
	ebcdic2ascii(test[1].data, test[1].data, test[1].data_len);
	ebcdic2ascii(test[2].key,  test[2].key,  test[2].key_len);
	ebcdic2ascii(test[2].data, test[2].data, test[2].data_len);
#endif

	for (i=0; i<4; i++)
		{
		p=pt(HMAC(EVP_md5(),
			test[i].key, test[i].key_len,
			test[i].data, test[i].data_len,
			NULL,NULL));

		if (strcmp(p,(char *)test[i].digest) != 0)
			{
			printf("error calculating HMAC on %d entry'\n",i);
			printf("got %s instead of %s\n",p,test[i].digest);
			err++;
			}
		else
			printf("test %d ok\n",i);
		}
#endif /* OPENSSL_NO_MD5 */
	EXIT(err);
	return(0);
	}
Beispiel #9
0
int EVP_cipher(const char *passw, int cbpass, char *strin, int cbstr, int op, const char *cipher)
{
	const EVP_CIPHER * enc;
	if (cipher && *cipher) {
		if (!myEvpMap.Find(cipher,enc))
			return CIPHER_INVALID;
	} else 
		enc = EVP_des_ede_cbc();

	unsigned char key[EVP_MAX_KEY_LENGTH];
	unsigned char iv[EVP_MAX_IV_LENGTH];
	EVP_CIPHER_CTX ctx;

	EVP_BytesToKey(enc,EVP_md5(),NULL,(unsigned char *)passw,cbpass,1,key,iv);
	EVP_CIPHER_CTX_init(&ctx);
	EVP_CipherInit(&ctx,enc,key,iv,op);
	
	unsigned char out[CIPHER_BLOCK+EVP_MAX_IV_LENGTH];
	int outl;

	unsigned char *in = (unsigned char *) strin;
	unsigned char *endp = in + cbstr - CIPHER_BLOCK;
	unsigned char *outp = in;

	while (in < endp)	{
		EVP_CipherUpdate(&ctx,out,&outl,in,CIPHER_BLOCK);
		memcpy(outp, out, outl); outp += outl;
		in += CIPHER_BLOCK;
	}
	EVP_CipherUpdate(&ctx,out,&outl,in,endp+CIPHER_BLOCK-in);
	memcpy(outp, out, outl); outp += outl;

	EVP_CipherFinal(&ctx,out,&outl);
	memcpy(outp, out, outl); outp += outl;

	EVP_CIPHER_CTX_cleanup(&ctx);
	return (char *)outp-strin;
}
Beispiel #10
0
/** Calculate HMAC using OpenSSL's MD5 implementation
 *
 * @param digest Caller digest to be filled in.
 * @param in Pointer to data stream.
 * @param inlen length of data stream.
 * @param key Pointer to authentication key.
 * @param key_len Length of authentication key.
 *
 */
void fr_hmac_md5(uint8_t digest[MD5_DIGEST_LENGTH], uint8_t const *in, size_t inlen,
		 uint8_t const *key, size_t key_len)
{
	HMAC_CTX *ctx;

	if (unlikely(!md5_hmac_ctx)) {
		ctx = HMAC_CTX_new();
		if (unlikely(!ctx)) return;
		fr_thread_local_set_destructor(md5_hmac_ctx, _hmac_md5_ctx_free_on_exit, ctx);
	} else {
		ctx = md5_hmac_ctx;
	}

#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
	/* Since MD5 is not allowed by FIPS, explicitly allow it. */
	HMAC_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
#endif /* EVP_MD_CTX_FLAG_NON_FIPS_ALLOW */

	HMAC_Init_ex(ctx, key, key_len, EVP_md5(), NULL);
	HMAC_Update(ctx, in, inlen);
	HMAC_Final(ctx, digest, NULL);
	HMAC_CTX_reset(ctx);
}
Beispiel #11
0
static int32_t
snmp_digest_init(const struct snmp_user *user, EVP_MD_CTX *ctx,
    const EVP_MD **dtype, uint32_t *keylen)
{
	if (user->auth_proto == SNMP_AUTH_HMAC_MD5) {
		*dtype = EVP_md5();
		*keylen = SNMP_AUTH_HMACMD5_KEY_SIZ;
	} else if (user->auth_proto == SNMP_AUTH_HMAC_SHA) {
		*dtype = EVP_sha1();
		*keylen = SNMP_AUTH_HMACSHA_KEY_SIZ;
	} else if (user->auth_proto == SNMP_AUTH_NOAUTH)
		return (0);
	else {
		snmp_error("unknown authentication option - %d",
		    user->auth_proto);
		return (-1);
	}

	if (EVP_DigestInit(ctx, *dtype) != 1)
		return (-1);

	return (1);
}
Beispiel #12
0
/*!
 * \brief Get message digest type for a given algorithm.
 *
 * \param algorithm  Algorithm number.
 *
 * \return Pointer to digest type specification, NULL if not implemented.
 */
static const EVP_MD *get_digest_type(knot_dnssec_algorithm_t algorithm)
{
	// EVP_<digest>() functions should not fail (return NULL)

	switch (algorithm) {
	case KNOT_DNSSEC_ALG_RSASHA1:
	case KNOT_DNSSEC_ALG_RSASHA1_NSEC3_SHA1:
	case KNOT_DNSSEC_ALG_DSA:
	case KNOT_DNSSEC_ALG_DSA_NSEC3_SHA1:
		return EVP_sha1();
	case KNOT_DNSSEC_ALG_RSAMD5:
		return EVP_md5();
	case KNOT_DNSSEC_ALG_RSASHA256:
	case KNOT_DNSSEC_ALG_ECDSAP256SHA256:
		return EVP_sha256();
	case KNOT_DNSSEC_ALG_ECDSAP384SHA384:
		return EVP_sha384();
	case KNOT_DNSSEC_ALG_RSASHA512:
		return EVP_sha512();
	default:
		return NULL;
	}
}
Beispiel #13
0
       bool AESCipher::init2(unsigned char *key_data, int key_data_len)
    {
        int i, nrounds = 1;
        unsigned char key[32], iv[32];

        /*
        * Gen key & IV for AES 256 CBC mode. A SHA1 digest is used to hash the supplied key material.
        * nrounds is the number of times the we hash the material. More rounds are more secure but
        * slower.
        */
        i = EVP_BytesToKey(EVP_aes_256_cfb(), EVP_md5(), NULL, key_data, key_data_len, nrounds, key, iv);
        if (i != 32) {
            //printf("Key size is %d bits - should be 256 bits/n", i);
            return false;
        }

        EVP_CIPHER_CTX_init(&m_ectx);
        EVP_EncryptInit_ex(&m_ectx, EVP_aes_256_cfb(), NULL, key, iv);

        EVP_CIPHER_CTX_init(&m_dctx);
        EVP_DecryptInit_ex(&m_dctx, EVP_aes_256_cfb(), NULL, key, iv);
        return true;
    }
Beispiel #14
0
/**
  Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for
  subsequent use.

  If HmacMd5Context is NULL, then return FALSE.

  @param[out]  HmacMd5Context  Pointer to HMAC-MD5 context being initialized.
  @param[in]   Key             Pointer to the user-supplied key.
  @param[in]   KeySize         Key size in bytes.

  @retval TRUE   HMAC-MD5 context initialization succeeded.
  @retval FALSE  HMAC-MD5 context initialization failed.

**/
BOOLEAN
EFIAPI
HmacMd5Init (
  OUT  VOID         *HmacMd5Context,
  IN   CONST UINT8  *Key,
  IN   UINTN        KeySize
  )
{
  //
  // Check input parameters.
  //
  if (HmacMd5Context == NULL || KeySize > INT_MAX) {
    return FALSE;
  }

  //
  // OpenSSL HMAC-MD5 Context Initialization
  //
  HMAC_CTX_init (HmacMd5Context);
  HMAC_Init_ex (HmacMd5Context, Key, (UINT32) KeySize, EVP_md5(), NULL);

  return TRUE;
}
Beispiel #15
0
cipher_t * cipher_new(const char * pass)
{
  OpenSSL_add_all_algorithms();
  
//  const char * name;
//  name = "aes-128-cfb";
//  name = "bf-cfb";
  
  cipher_t *
  cipher       = calloc(1, sizeof(cipher_t));
  cipher->type = EVP_get_cipherbyname(conf.method);
  cipher->keyl = EVP_CIPHER_key_length(cipher->type);
  cipher->key  = malloc(cipher->keyl);
  
  EVP_CIPHER_CTX_init(&cipher->encrypt.ctx);
  EVP_CIPHER_CTX_init(&cipher->decrypt.ctx);
  
  EVP_BytesToKey(cipher->type, EVP_md5(), NULL,
                 (uint8_t *)conf.pass, (int)strlen(conf.pass), 1,
                 cipher->key, NULL);
  
  return cipher;
}
Beispiel #16
0
static const EVP_MD *
ldns_digest_function(char *name)
{
	/* these are the mandatory algorithms from RFC4635 */
	/* The optional algorithms are not yet implemented */
	if (strlen(name) == 12 
			&& strncasecmp(name, "hmac-sha256.", 11) == 0) {
#ifdef HAVE_EVP_SHA256
		return EVP_sha256();
#else
		return NULL;
#endif
	} else if (strlen(name) == 10
			&& strncasecmp(name, "hmac-sha1.", 9) == 0) {
		return EVP_sha1();
	} else if (strlen(name) == 25 
			&& strncasecmp(name, "hmac-md5.sig-alg.reg.int.", 25) 
			== 0) {
		return EVP_md5();
	} else {
		return NULL;
	}
}
Beispiel #17
0
void md5_compute(FILE *f, int start, int end, std::string &md5)
{
  // initialize openssl md5 digest
  static unsigned char data[102400]; // 100K buffer to read from file
  static unsigned char md_val[EVP_MAX_MD_SIZE];
  unsigned int md_len;
  EVP_MD_CTX mdctx;
  const EVP_MD *md = EVP_md5();
  EVP_MD_CTX_init(&mdctx);
  EVP_DigestInit_ex(&mdctx, md, NULL);

  // read data in chunks from the file and update the digest
  size_t rv;
  fseek(f, start, SEEK_SET);
  do {
    rv = end - start + 1;
    if(rv > 102400)
      rv = 102400;
    rv = fread(data, 1, rv, f);
    if(rv == 0)
      break;
    EVP_DigestUpdate(&mdctx, data, rv);
    start += rv;
  } while(start <= end);

  // finalize the digest
  EVP_DigestFinal_ex(&mdctx, md_val, &md_len);
  EVP_MD_CTX_cleanup(&mdctx);

  // output
  md5.reserve(64);
  char digit[3];
  for(unsigned int i = 0; i < md_len; ++i) {
    sprintf(digit, "%02x", md_val[i]);
    md5.append(digit);
  }
}
Beispiel #18
0
void openssl_evp_keyiv()
{
	int i;
	const EVP_MD *md;
	const EVP_CIPHER *type;
	unsigned char salt[32], data[COMM_LEN], *key, *iv;

	md = EVP_md5();
	printf("\nEVP_Md info: type[%d], ", EVP_MD_type(md));
	printf("nid[%d], ", EVP_MD_nid(md));
	printf("name[%s], ", EVP_MD_name(md));
	printf("pkey type[%d], ", EVP_MD_pkey_type(md));
	printf("size[%d], ", EVP_MD_size(md));
	printf("block size[%d], ", EVP_MD_block_size(md));

	type = EVP_des_ecb();
	printf("\nEVP_ECB info: encrypto nid[%d], ", EVP_CIPHER_nid(type));
	printf("name[%s], ", EVP_CIPHER_name(type));
	printf("bock size[%d]", EVP_CIPHER_block_size(type));

	key = (unsigned char *)malloc(EVP_CIPHER_key_length(type));
	iv = (unsigned char *)malloc(EVP_CIPHER_iv_length(type));
	for (i = 0; i < COMM_LEN; i++)
		memset(&data[i], i, 1);
	for (i = 0; i < 32; i++)
		memset(&salt[i], i, 1);

	EVP_BytesToKey(type, md, salt, data, COMM_LEN, 2, key, iv);
	printf("\nEVP_key value: ");
	for (i = 0; i < EVP_CIPHER_key_length(type); i++)
		printf("%x ", key[i]);

	printf("\nEVP_iv value: ");
	for (i = 0; i < EVP_CIPHER_iv_length(type); i++)
		printf("%x ", iv[i]);
	printf("\n");
}
Beispiel #19
0
/**
  *  @brief To generate Auth Code for RAKP 3, RAKP-HMAC-SHA1, RAKP-HMAC-MD5.
  *
  *  @param[in] alg algorithm
  *  @param[in] key
  *  @param[in] key_len
  *  @param[in] data the input data before encode
  *  @param[in] data_len the input data length
  *  @param[out] buf the output buffer
  *  @return  the output data length
  */
int ipmi20_generate_auth_code(unsigned char alg,
							  void *key,
							  int key_len,
							  unsigned char *data,
							  int data_len,
							  unsigned char *buf)
{
	unsigned int len = 0;

	switch (alg) {
	case AUTH_ALG_RAKP_NONE: /* INTEGRITY_ALG_NONE has the same value */
		return 0;
	case AUTH_ALG_RAKP_HMAC_SHA1: /* INTEGRITY_ALG_HMAC_SHA1_96 has the same value */
		HMAC(EVP_sha1(), key, key_len, data, data_len, buf, &len);
		break;
	case AUTH_ALG_RAKP_HMAC_MD5: /* INTEGRITY_ALG_HMAC_MD5_128 has the same value */
	case INTEGRITY_ALG_MD5_128:
		HMAC(EVP_md5(), key, key_len, data, data_len, buf, &len);
	default:
		break;
	}

	return len;
}
Beispiel #20
0
/**
 * Consult EVP_DigestInit(3SSL) for details.
 */
static char *
md5_digest(int n, ...)
{
	EVP_MD_CTX mdctx;
	const EVP_MD *md;
	unsigned char md_value[EVP_MAX_MD_SIZE];
	unsigned int md_len = 0;
	int i, rc;
	char *string;
	char *md5_result = NULL;

	OpenSSL_add_all_digests();

	md = EVP_md5();
	if(!md)
		err(1, "Unknown message digest");

	EVP_MD_CTX_init(&mdctx);
	EVP_DigestInit_ex(&mdctx, md, NULL);
	va_list argPtr;
	va_start(argPtr, n);
	for (i = 0; i < n; i++) {
		string = va_arg(argPtr, char *);
		EVP_DigestUpdate(&mdctx, string, strlen(string));
	}
	va_end(argPtr);
	EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
	EVP_MD_CTX_cleanup(&mdctx);
	EVP_cleanup();

	rc = md5toa(md_value, md_len, &md5_result);
	if (rc == -1)
		err(1, "md5 digest failure.");

	return md5_result;
}
Beispiel #21
0
HMACCTX hmac_init(const void *key, int len, enum ssh_hmac_e type) {
  HMACCTX ctx = NULL;

  ctx = HMAC_CTX_new();
  if (ctx == NULL) {
    return NULL;
  }

#ifndef OLD_CRYPTO
  HMAC_CTX_reset(ctx); // openssl 0.9.7 requires it.
#endif

  switch(type) {
    case SSH_HMAC_SHA1:
      HMAC_Init_ex(ctx, key, len, EVP_sha1(), NULL);
      break;
    case SSH_HMAC_SHA256:
      HMAC_Init_ex(ctx, key, len, EVP_sha256(), NULL);
      break;
    case SSH_HMAC_SHA384:
      HMAC_Init_ex(ctx, key, len, EVP_sha384(), NULL);
      break;
    case SSH_HMAC_SHA512:
      HMAC_Init_ex(ctx, key, len, EVP_sha512(), NULL);
      break;
    case SSH_HMAC_MD5:
      HMAC_Init_ex(ctx, key, len, EVP_md5(), NULL);
      break;
    default:
      HMAC_CTX_free(ctx);
      SAFE_FREE(ctx);
      ctx = NULL;
  }

  return ctx;
}
Beispiel #22
0
void config_encryption(const char *password, const char *method) {
    SSLeay_add_all_algorithms();
    _method = encryption_method_from_string(method);
    if (_method != ENCRYPTION_TABLE) {
        const char *name = shadowsocks_encryption_names[_method];
        _cipher = EVP_get_cipherbyname(name);
        if (_cipher == NULL) {
//            assert(0);
            // TODO
            printf("_cipher is nil! \r\nThe %s doesn't supported!\r\n please chose anthor!",name);
        }
        else
        {
            unsigned char tmp[EVP_MAX_IV_LENGTH];
            _key_len = EVP_BytesToKey(_cipher, EVP_md5(), NULL, (unsigned char *)password,
                                      strlen(password), 1, (unsigned char *)_key, tmp);
            shadowsocks_key = _key;
        }

//        printf("%d\n", _key_len);
    } else {
        get_table((unsigned char *)password);
    }
}
Beispiel #23
0
void test_md5(void){
  char plaintext[]= "Hello world";
  
  // MD5 produces a 16 byte hash value (one way)
  unsigned char hash[MD5_HASH_SIZE]; 
  memset(hash, 0, sizeof(hash));
  encrypt_digest(plaintext, strlen(plaintext), hash, 0, EVP_md5());
  
  // Below output should be the same as echo -n "Hello world" | openssl md5
  char buffer[256];
  memset(buffer, 0, sizeof(buffer));
  sprintf(buffer, "(stdin)= ");
  int i;
  for(i = 0; i < MD5_HASH_SIZE; i++){
    sprintf(buffer+9+2*i, "%02x", hash[i]);
  }
  sprintf(buffer+9+2*i, "\n");
  
  char *linux_call = get_command_output("echo -n \"Hello world\" | openssl md5 2>&1", 256);

  if(strcmp(linux_call, buffer) == 0){
    printf(" MD5 PASSED\n");
  }
}
Beispiel #24
0
/** Low-level signature operation.
 *  \param key_count Number of keys in the \a source array.
 *  \param source Array of keys.  The keys must include private key data.
 *  \param data Data to sign.
 *  \return Array of signatures, one for each key,
 *          or NULL if the operation failed. 
 *  \sa gale_crypto_verify_raw(), gale_crypto_sign() */
const struct gale_data *gale_crypto_sign_raw(int key_count,
        const struct gale_group *source,
        struct gale_data data)
{
	int i;
	struct gale_data *output;
	RSA *rsa;
	EVP_MD_CTX *context = EVP_MD_CTX_new();
	EVP_SignInit(context,EVP_md5());
	EVP_SignUpdate(context,data.p,data.l);

	gale_create_array(output,key_count);
	for (i = 0; NULL != output && i < key_count; ++i) {
		EVP_PKEY *key = EVP_PKEY_new();
		EVP_PKEY_assign_RSA(key,RSA_new());
		rsa = EVP_PKEY_get0_RSA(key);
		crypto_i_rsa(source[i],rsa);
		if (!crypto_i_private_valid(rsa)) {
			gale_alert(GALE_WARNING,G_("invalid private key"),0);
			output = NULL;
			goto cleanup;
		}

		output[i].p = gale_malloc(EVP_PKEY_size(key));
		if (!EVP_SignFinal(context,output[i].p,&output[i].l,key)) {
			crypto_i_error();
			output = NULL;
			goto cleanup;
		}

	cleanup:
		EVP_PKEY_free(key);
	}

	return output;
}
Beispiel #25
0
SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
{
	int index;
	int length;
	void* data;
	UINT32 SeqNo;
	HMAC_CTX hmac;
	BYTE digest[16];
	BYTE checksum[8];
	UINT32 version = 1;
	NTLM_CONTEXT* context;
	BYTE expected_signature[16];
	PSecBuffer data_buffer = NULL;
	PSecBuffer signature_buffer = NULL;

	SeqNo = (UINT32) MessageSeqNo;
	context = (NTLM_CONTEXT*) sspi_SecureHandleGetLowerPointer(phContext);

	for (index = 0; index < (int) pMessage->cBuffers; index++)
	{
		if (pMessage->pBuffers[index].BufferType == SECBUFFER_DATA)
			data_buffer = &pMessage->pBuffers[index];
		else if (pMessage->pBuffers[index].BufferType == SECBUFFER_TOKEN)
			signature_buffer = &pMessage->pBuffers[index];
	}

	if (!data_buffer)
		return SEC_E_INVALID_TOKEN;

	if (!signature_buffer)
		return SEC_E_INVALID_TOKEN;

	/* Copy original data buffer */
	length = data_buffer->cbBuffer;
	data = malloc(length);

	if (!data)
		return SEC_E_INSUFFICIENT_MEMORY;

	CopyMemory(data, data_buffer->pvBuffer, length);

	/* Decrypt message using with RC4, result overwrites original buffer */

	if (context->confidentiality)
		RC4(&context->RecvRc4Seal, length, (BYTE*) data, (BYTE*) data_buffer->pvBuffer);
	else
		CopyMemory(data_buffer->pvBuffer, data, length);

	/* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,data) using the client signing key */
	HMAC_CTX_init(&hmac);
	HMAC_Init_ex(&hmac, context->RecvSigningKey, 16, EVP_md5(), NULL);
	HMAC_Update(&hmac, (void*) &(SeqNo), 4);
	HMAC_Update(&hmac, (void*) data_buffer->pvBuffer, data_buffer->cbBuffer);
	HMAC_Final(&hmac, digest, NULL);
	HMAC_CTX_cleanup(&hmac);

#ifdef WITH_DEBUG_NTLM
	fprintf(stderr, "Encrypted Data Buffer (length = %d)\n", length);
	winpr_HexDump(data, length);
	fprintf(stderr, "\n");

	fprintf(stderr, "Data Buffer (length = %d)\n", (int) data_buffer->cbBuffer);
	winpr_HexDump(data_buffer->pvBuffer, data_buffer->cbBuffer);
	fprintf(stderr, "\n");
#endif

	free(data);

	/* RC4-encrypt first 8 bytes of digest */
	RC4(&context->RecvRc4Seal, 8, digest, checksum);

	/* Concatenate version, ciphertext and sequence number to build signature */
	CopyMemory(expected_signature, (void*) &version, 4);
	CopyMemory(&expected_signature[4], (void*) checksum, 8);
	CopyMemory(&expected_signature[12], (void*) &(SeqNo), 4);
	context->RecvSeqNum++;

	if (memcmp(signature_buffer->pvBuffer, expected_signature, 16) != 0)
	{
		/* signature verification failed! */
		fprintf(stderr, "signature verification failed, something nasty is going on!\n");

		fprintf(stderr, "Expected Signature:\n");
		winpr_HexDump(expected_signature, 16);
		fprintf(stderr, "Actual Signature:\n");
		winpr_HexDump((BYTE*) signature_buffer->pvBuffer, 16);

		return SEC_E_MESSAGE_ALTERED;
	}

	return SEC_E_OK;
}
Beispiel #26
0
int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
           char *x, const EVP_CIPHER *enc, unsigned char *kstr,
           int klen, pem_password_cb *callback, void *u)
  {
  EVP_CIPHER_CTX ctx;
  int dsize=0,i,j,ret=0;
  unsigned char *p,*data=NULL;
  const char *objstr=NULL;
  char buf[PEM_BUFSIZE];
  unsigned char key[EVP_MAX_KEY_LENGTH];
  unsigned char iv[EVP_MAX_IV_LENGTH];
  
  if (enc != NULL)
    {
    objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc));
    if (objstr == NULL)
      {
      PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
      goto err;
      }
    }

  if ((dsize=i2d(x,NULL)) < 0)
    {
    PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_ASN1_LIB);
    dsize=0;
    goto err;
    }
  /* dzise + 8 bytes are needed */
  /* actually it needs the cipher block size extra... */
  data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20);
  if (data == NULL)
    {
    PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);
    goto err;
    }
  p=data;
  i=i2d(x,&p);

  if (enc != NULL)
    {
    if (kstr == NULL)
      {
      if (callback == NULL)
        klen=PEM_def_callback(buf,PEM_BUFSIZE,1,u);
      else
        klen=(*callback)(buf,PEM_BUFSIZE,1,u);
      if (klen <= 0)
        {
        PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY);
        goto err;
        }
#ifdef CHARSET_EBCDIC
      /* Convert the pass phrase from EBCDIC */
      ebcdic2ascii(buf, buf, klen);
#endif
      kstr=(unsigned char *)buf;
      }
    RAND_add(data,i,0);/* put in the RSA key. */
    OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));
    if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
      goto err;
    /* The 'iv' is used as the iv and as a salt.  It is
     * NOT taken from the BytesToKey function */
    EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);

    if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);

    OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);

    buf[0]='\0';
    PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
    PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
    /* k=strlen(buf); */

    EVP_CIPHER_CTX_init(&ctx);
    EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);
    EVP_EncryptUpdate(&ctx,data,&j,data,i);
    EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);
    EVP_CIPHER_CTX_cleanup(&ctx);
    i+=j;
    ret=1;
    }
  else
    {
    ret=1;
    buf[0]='\0';
    }
  i=PEM_write_bio(bp,name,buf,data,i);
  if (i <= 0) ret=0;
err:
  OPENSSL_cleanse(key,sizeof(key));
  OPENSSL_cleanse(iv,sizeof(iv));
  OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
  OPENSSL_cleanse(buf,PEM_BUFSIZE);
  if (data != NULL)
    {
    OPENSSL_cleanse(data,(unsigned int)dsize);
    OPENSSL_free(data);
    }
  return(ret);
  }
Beispiel #27
0
int
otp_md5_next (OtpKey key)
{
  unsigned char res[16];
  return otp_md_next (key, EVP_md5(), 0, res, sizeof(res));
}
Beispiel #28
0
int
otp_md5_init (OtpKey key, const char *pwd, const char *seed)
{
  unsigned char res[16];
  return otp_md_init (key, pwd, seed, EVP_md5(), 0, res, sizeof(res));
}
Beispiel #29
0
int dgst_main(int argc, char **argv)
{
    BIO *in = NULL, *inp, *bmd = NULL, *out = NULL;
    ENGINE *e = NULL, *impl = NULL;
    EVP_PKEY *sigkey = NULL;
    STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
    char *hmac_key = NULL;
    char *mac_name = NULL;
    char *passinarg = NULL, *passin = NULL;
    const EVP_MD *md = NULL, *m;
    const char *outfile = NULL, *keyfile = NULL, *prog = NULL;
    const char *sigfile = NULL, *randfile = NULL;
    OPTION_CHOICE o;
    int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0;
    int i, ret = 1, out_bin = -1, want_pub = 0, do_verify =
        0, non_fips_allow = 0;
    unsigned char *buf = NULL, *sigbuf = NULL;
    int engine_impl = 0;

    prog = opt_progname(argv[0]);
    buf = app_malloc(BUFSIZE, "I/O buffer");
    md = EVP_get_digestbyname(prog);

    prog = opt_init(argc, argv, dgst_options);
    while ((o = opt_next()) != OPT_EOF) {
        switch (o) {
        case OPT_EOF:
        case OPT_ERR:
 opthelp:
            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
            goto end;
        case OPT_HELP:
            opt_help(dgst_options);
            ret = 0;
            goto end;
        case OPT_C:
            separator = 1;
            break;
        case OPT_R:
            separator = 2;
            break;
        case OPT_RAND:
            randfile = opt_arg();
            break;
        case OPT_OUT:
            outfile = opt_arg();
            break;
        case OPT_SIGN:
            keyfile = opt_arg();
            break;
        case OPT_PASSIN:
            passinarg = opt_arg();
            break;
        case OPT_VERIFY:
            keyfile = opt_arg();
            want_pub = do_verify = 1;
            break;
        case OPT_PRVERIFY:
            keyfile = opt_arg();
            do_verify = 1;
            break;
        case OPT_SIGNATURE:
            sigfile = opt_arg();
            break;
        case OPT_KEYFORM:
            if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
                goto opthelp;
            break;
        case OPT_ENGINE:
            e = setup_engine(opt_arg(), 0);
            break;
        case OPT_ENGINE_IMPL:
            engine_impl = 1;
            break;
        case OPT_HEX:
            out_bin = 0;
            break;
        case OPT_BINARY:
            out_bin = 1;
            break;
        case OPT_DEBUG:
            debug = 1;
            break;
        case OPT_FIPS_FINGERPRINT:
            hmac_key = "etaonrishdlcupfm";
            break;
        case OPT_NON_FIPS_ALLOW:
            non_fips_allow = 1;
            break;
        case OPT_HMAC:
            hmac_key = opt_arg();
            break;
        case OPT_MAC:
            mac_name = opt_arg();
            break;
        case OPT_SIGOPT:
            if (!sigopts)
                sigopts = sk_OPENSSL_STRING_new_null();
            if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
                goto opthelp;
            break;
        case OPT_MACOPT:
            if (!macopts)
                macopts = sk_OPENSSL_STRING_new_null();
            if (!macopts || !sk_OPENSSL_STRING_push(macopts, opt_arg()))
                goto opthelp;
            break;
        case OPT_DIGEST:
            if (!opt_md(opt_unknown(), &m))
                goto opthelp;
            md = m;
            break;
        }
    }
    argc = opt_num_rest();
    argv = opt_rest();

    if (do_verify && !sigfile) {
        BIO_printf(bio_err,
                   "No signature to verify: use the -signature option\n");
        goto end;
    }
    if (engine_impl)
        impl = e;

    in = BIO_new(BIO_s_file());
    bmd = BIO_new(BIO_f_md());
    if ((in == NULL) || (bmd == NULL)) {
        ERR_print_errors(bio_err);
        goto end;
    }

    if (debug) {
        BIO_set_callback(in, BIO_debug_callback);
        /* needed for windows 3.1 */
        BIO_set_callback_arg(in, (char *)bio_err);
    }

    if (!app_passwd(passinarg, NULL, &passin, NULL)) {
        BIO_printf(bio_err, "Error getting password\n");
        goto end;
    }

    if (out_bin == -1) {
        if (keyfile)
            out_bin = 1;
        else
            out_bin = 0;
    }

    if (randfile)
        app_RAND_load_file(randfile, 0);

    out = bio_open_default(outfile, 'w', out_bin ? FORMAT_BINARY : FORMAT_TEXT);
    if (out == NULL)
        goto end;

    if ((! !mac_name + ! !keyfile + ! !hmac_key) > 1) {
        BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
        goto end;
    }

    if (keyfile) {
        if (want_pub)
            sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "key file");
        else
            sigkey = load_key(keyfile, keyform, 0, passin, e, "key file");
        if (!sigkey) {
            /*
             * load_[pub]key() has already printed an appropriate message
             */
            goto end;
        }
    }

    if (mac_name) {
        EVP_PKEY_CTX *mac_ctx = NULL;
        int r = 0;
        if (!init_gen_str(&mac_ctx, mac_name, impl, 0))
            goto mac_end;
        if (macopts) {
            char *macopt;
            for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) {
                macopt = sk_OPENSSL_STRING_value(macopts, i);
                if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
                    BIO_printf(bio_err,
                               "MAC parameter error \"%s\"\n", macopt);
                    ERR_print_errors(bio_err);
                    goto mac_end;
                }
            }
        }
        if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0) {
            BIO_puts(bio_err, "Error generating key\n");
            ERR_print_errors(bio_err);
            goto mac_end;
        }
        r = 1;
 mac_end:
        EVP_PKEY_CTX_free(mac_ctx);
        if (r == 0)
            goto end;
    }

    if (non_fips_allow) {
        EVP_MD_CTX *md_ctx;
        BIO_get_md_ctx(bmd, &md_ctx);
        EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
    }

    if (hmac_key) {
        sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, impl,
                                      (unsigned char *)hmac_key, -1);
        if (!sigkey)
            goto end;
    }

    if (sigkey) {
        EVP_MD_CTX *mctx = NULL;
        EVP_PKEY_CTX *pctx = NULL;
        int r;
        if (!BIO_get_md_ctx(bmd, &mctx)) {
            BIO_printf(bio_err, "Error getting context\n");
            ERR_print_errors(bio_err);
            goto end;
        }
        if (do_verify)
            r = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
        else
            r = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
        if (!r) {
            BIO_printf(bio_err, "Error setting context\n");
            ERR_print_errors(bio_err);
            goto end;
        }
        if (sigopts) {
            char *sigopt;
            for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
                sigopt = sk_OPENSSL_STRING_value(sigopts, i);
                if (pkey_ctrl_string(pctx, sigopt) <= 0) {
                    BIO_printf(bio_err, "parameter error \"%s\"\n", sigopt);
                    ERR_print_errors(bio_err);
                    goto end;
                }
            }
        }
    }
    /* we use md as a filter, reading from 'in' */
    else {
        EVP_MD_CTX *mctx = NULL;
        if (!BIO_get_md_ctx(bmd, &mctx)) {
            BIO_printf(bio_err, "Error getting context\n");
            ERR_print_errors(bio_err);
            goto end;
        }
        if (md == NULL)
            md = EVP_md5();
        if (!EVP_DigestInit_ex(mctx, md, impl)) {
            BIO_printf(bio_err, "Error setting digest\n");
            ERR_print_errors(bio_err);
            goto end;
        }
    }

    if (sigfile && sigkey) {
        BIO *sigbio = BIO_new_file(sigfile, "rb");
        if (!sigbio) {
            BIO_printf(bio_err, "Error opening signature file %s\n", sigfile);
            ERR_print_errors(bio_err);
            goto end;
        }
        siglen = EVP_PKEY_size(sigkey);
        sigbuf = app_malloc(siglen, "signature buffer");
        siglen = BIO_read(sigbio, sigbuf, siglen);
        BIO_free(sigbio);
        if (siglen <= 0) {
            BIO_printf(bio_err, "Error reading signature file %s\n", sigfile);
            ERR_print_errors(bio_err);
            goto end;
        }
    }
    inp = BIO_push(bmd, in);

    if (md == NULL) {
        EVP_MD_CTX *tctx;
        BIO_get_md_ctx(bmd, &tctx);
        md = EVP_MD_CTX_md(tctx);
    }

    if (argc == 0) {
        BIO_set_fp(in, stdin, BIO_NOCLOSE);
        ret = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
                    siglen, NULL, NULL, "stdin", bmd);
    } else {
        const char *md_name = NULL, *sig_name = NULL;
        if (!out_bin) {
            if (sigkey) {
                const EVP_PKEY_ASN1_METHOD *ameth;
                ameth = EVP_PKEY_get0_asn1(sigkey);
                if (ameth)
                    EVP_PKEY_asn1_get0_info(NULL, NULL,
                                            NULL, NULL, &sig_name, ameth);
            }
            if (md)
                md_name = EVP_MD_name(md);
        }
        ret = 0;
        for (i = 0; i < argc; i++) {
            int r;
            if (BIO_read_filename(in, argv[i]) <= 0) {
                perror(argv[i]);
                ret++;
                continue;
            } else
                r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
                          siglen, sig_name, md_name, argv[i], bmd);
            if (r)
                ret = r;
            (void)BIO_reset(bmd);
        }
    }
 end:
    OPENSSL_clear_free(buf, BUFSIZE);
    BIO_free(in);
    OPENSSL_free(passin);
    BIO_free_all(out);
    EVP_PKEY_free(sigkey);
    sk_OPENSSL_STRING_free(sigopts);
    sk_OPENSSL_STRING_free(macopts);
    OPENSSL_free(sigbuf);
    BIO_free(bmd);
    return (ret);
}
Beispiel #30
0
/**
 * Setup key and digest for verification. Adjust sig if necessary.
 *
 * @param algo: key algorithm
 * @param evp_key: EVP PKEY public key to create.
 * @param digest_type: digest type to use
 * @param key: key to setup for.
 * @param keylen: length of key.
 * @return false on failure.
 */
static int
setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type, 
	unsigned char* key, size_t keylen)
{
#if defined(USE_DSA) && defined(USE_SHA1)
	DSA* dsa;
#endif
	RSA* rsa;

	switch(algo) {
#if defined(USE_DSA) && defined(USE_SHA1)
		case LDNS_DSA:
		case LDNS_DSA_NSEC3:
			*evp_key = EVP_PKEY_new();
			if(!*evp_key) {
				log_err("verify: malloc failure in crypto");
				return 0;
			}
			dsa = sldns_key_buf2dsa_raw(key, keylen);
			if(!dsa) {
				verbose(VERB_QUERY, "verify: "
					"sldns_key_buf2dsa_raw failed");
				return 0;
			}
			if(EVP_PKEY_assign_DSA(*evp_key, dsa) == 0) {
				verbose(VERB_QUERY, "verify: "
					"EVP_PKEY_assign_DSA failed");
				return 0;
			}
#ifdef HAVE_EVP_DSS1
			*digest_type = EVP_dss1();
#else
			*digest_type = EVP_sha1();
#endif

			break;
#endif /* USE_DSA && USE_SHA1 */

#if defined(USE_SHA1) || (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2))
#ifdef USE_SHA1
		case LDNS_RSASHA1:
		case LDNS_RSASHA1_NSEC3:
#endif
#if defined(HAVE_EVP_SHA256) && defined(USE_SHA2)
		case LDNS_RSASHA256:
#endif
#if defined(HAVE_EVP_SHA512) && defined(USE_SHA2)
		case LDNS_RSASHA512:
#endif
			*evp_key = EVP_PKEY_new();
			if(!*evp_key) {
				log_err("verify: malloc failure in crypto");
				return 0;
			}
			rsa = sldns_key_buf2rsa_raw(key, keylen);
			if(!rsa) {
				verbose(VERB_QUERY, "verify: "
					"sldns_key_buf2rsa_raw SHA failed");
				return 0;
			}
			if(EVP_PKEY_assign_RSA(*evp_key, rsa) == 0) {
				verbose(VERB_QUERY, "verify: "
					"EVP_PKEY_assign_RSA SHA failed");
				return 0;
			}

			/* select SHA version */
#if defined(HAVE_EVP_SHA256) && defined(USE_SHA2)
			if(algo == LDNS_RSASHA256)
				*digest_type = EVP_sha256();
			else
#endif
#if defined(HAVE_EVP_SHA512) && defined(USE_SHA2)
				if(algo == LDNS_RSASHA512)
				*digest_type = EVP_sha512();
			else
#endif
#ifdef USE_SHA1
				*digest_type = EVP_sha1();
#else
				{ verbose(VERB_QUERY, "no digest available"); return 0; }
#endif
			break;
#endif /* defined(USE_SHA1) || (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) */

		case LDNS_RSAMD5:
			*evp_key = EVP_PKEY_new();
			if(!*evp_key) {
				log_err("verify: malloc failure in crypto");
				return 0;
			}
			rsa = sldns_key_buf2rsa_raw(key, keylen);
			if(!rsa) {
				verbose(VERB_QUERY, "verify: "
					"sldns_key_buf2rsa_raw MD5 failed");
				return 0;
			}
			if(EVP_PKEY_assign_RSA(*evp_key, rsa) == 0) {
				verbose(VERB_QUERY, "verify: "
					"EVP_PKEY_assign_RSA MD5 failed");
				return 0;
			}
			*digest_type = EVP_md5();

			break;
#ifdef USE_GOST
		case LDNS_ECC_GOST:
			*evp_key = sldns_gost2pkey_raw(key, keylen);
			if(!*evp_key) {
				verbose(VERB_QUERY, "verify: "
					"sldns_gost2pkey_raw failed");
				return 0;
			}
			*digest_type = EVP_get_digestbyname("md_gost94");
			if(!*digest_type) {
				verbose(VERB_QUERY, "verify: "
					"EVP_getdigest md_gost94 failed");
				return 0;
			}
			break;
#endif
#ifdef USE_ECDSA
		case LDNS_ECDSAP256SHA256:
			*evp_key = sldns_ecdsa2pkey_raw(key, keylen,
				LDNS_ECDSAP256SHA256);
			if(!*evp_key) {
				verbose(VERB_QUERY, "verify: "
					"sldns_ecdsa2pkey_raw failed");
				return 0;
			}
#ifdef USE_ECDSA_EVP_WORKAROUND
			*digest_type = &ecdsa_evp_256_md;
#else
			*digest_type = EVP_sha256();
#endif
			break;
		case LDNS_ECDSAP384SHA384:
			*evp_key = sldns_ecdsa2pkey_raw(key, keylen,
				LDNS_ECDSAP384SHA384);
			if(!*evp_key) {
				verbose(VERB_QUERY, "verify: "
					"sldns_ecdsa2pkey_raw failed");
				return 0;
			}
#ifdef USE_ECDSA_EVP_WORKAROUND
			*digest_type = &ecdsa_evp_384_md;
#else
			*digest_type = EVP_sha384();
#endif
			break;
#endif /* USE_ECDSA */
#ifdef USE_ED25519
		case LDNS_ED25519:
			*evp_key = sldns_ed255192pkey_raw(key, keylen);
			if(!*evp_key) {
				verbose(VERB_QUERY, "verify: "
					"sldns_ed255192pkey_raw failed");
				return 0;
			}
			*digest_type = NULL;
			break;
#endif /* USE_ED25519 */
		default:
			verbose(VERB_QUERY, "verify: unknown algorithm %d", 
				algo);
			return 0;
	}
	return 1;
}