void isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key, unsigned int len) { #ifdef HMAC_RETURN_INT RUNTIME_CHECK(HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha384()) == 1); #else HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha384()); #endif }
static EVP_MD_CTX * setup(jose_cfg_t *cfg, const json_t *jwk, const json_t *sig, const char *alg, init_t *func) { openssl_auto(EVP_PKEY) *key = NULL; EVP_PKEY_CTX *epc = NULL; const EVP_MD *md = NULL; EVP_MD_CTX *emc = NULL; const RSA *rsa = NULL; int slen = 0; int pad = 0; switch (str2enum(alg, NAMES, NULL)) { case 0: md = EVP_sha256(); pad = RSA_PKCS1_PADDING; break; case 1: md = EVP_sha384(); pad = RSA_PKCS1_PADDING; break; case 2: md = EVP_sha512(); pad = RSA_PKCS1_PADDING; break; case 3: md = EVP_sha256(); pad = RSA_PKCS1_PSS_PADDING; slen = -1; break; case 4: md = EVP_sha384(); pad = RSA_PKCS1_PSS_PADDING; slen = -1; break; case 5: md = EVP_sha512(); pad = RSA_PKCS1_PSS_PADDING; slen = -1; break; default: return NULL; } key = jose_openssl_jwk_to_EVP_PKEY(cfg, jwk); if (!key || EVP_PKEY_base_id(key) != EVP_PKEY_RSA) return NULL; /* Don't use small keys. RFC 7518 3.3 */ rsa = EVP_PKEY_get0_RSA(key); if (!rsa) return NULL; if (RSA_size(rsa) < 2048 / 8) return NULL; emc = EVP_MD_CTX_new(); if (!emc) return NULL; if (func(emc, &epc, md, NULL, key) <= 0) goto error; if (EVP_PKEY_CTX_set_rsa_padding(epc, pad) <= 0) goto error; if (slen != 0) { if (EVP_PKEY_CTX_set_rsa_pss_saltlen(epc, slen) <= 0) goto error; } return emc; error: EVP_MD_CTX_free(emc); return NULL; }
static jose_io_t * hsh(const jose_hook_alg_t *alg, jose_cfg_t *cfg, jose_io_t *next) { jose_io_auto_t *io = NULL; const EVP_MD *md = NULL; io_t *i = NULL; switch (str2enum(alg->name, "S512", "S384", "S256", "S224", "S1", NULL)) { case 0: md = EVP_sha512(); break; case 1: md = EVP_sha384(); break; case 2: md = EVP_sha256(); break; case 3: md = EVP_sha224(); break; case 4: md = EVP_sha1(); break; } i = calloc(1, sizeof(*i)); if (!i) return NULL; io = jose_io_incref(&i->io); io->feed = hsh_feed; io->done = hsh_done; io->free = hsh_free; i->next = jose_io_incref(next); i->emc = EVP_MD_CTX_new(); if (!i->next || !i->emc) return NULL; if (EVP_DigestInit(i->emc, md) <= 0) return NULL; return jose_io_incref(io); }
void makeecreq384(char* commonname) { EC_KEY *key; EVP_PKEY *pkey; X509_REQ *req; FILE *out; key = EC_KEY_new_by_curve_name(NID_secp384r1); EC_KEY_generate_key(key); EC_KEY_set_asn1_flag(key, OPENSSL_EC_NAMED_CURVE); pkey = EVP_PKEY_new(); EVP_PKEY_set1_EC_KEY(pkey, key); req = makereq(pkey, commonname, EVP_sha384()); out = fopen("ec384_req.pem", "w"); if (out == NULL) exit(-1); PEM_write_X509_REQ(out, req); fclose(out); out = fopen("ec384_req_key.pem", "w"); if (out == NULL) exit(-1); PEM_write_ECPrivateKey(out, key, NULL, NULL, 0, NULL, NULL); fclose(out); }
static isc_result_t opensslecdsa_createctx(dst_key_t *key, dst_context_t *dctx) { EVP_MD_CTX *evp_md_ctx; const EVP_MD *type = NULL; UNUSED(key); REQUIRE(dctx->key->key_alg == DST_ALG_ECDSA256 || dctx->key->key_alg == DST_ALG_ECDSA384); evp_md_ctx = EVP_MD_CTX_create(); if (evp_md_ctx == NULL) return (ISC_R_NOMEMORY); if (dctx->key->key_alg == DST_ALG_ECDSA256) type = EVP_sha256(); else type = EVP_sha384(); if (!EVP_DigestInit_ex(evp_md_ctx, type, NULL)) { EVP_MD_CTX_destroy(evp_md_ctx); return (dst__openssl_toresult3(dctx->category, "EVP_DigestInit_ex", ISC_R_FAILURE)); } dctx->ctxdata.evp_md_ctx = evp_md_ctx; return (ISC_R_SUCCESS); }
const EVP_MD * tsig_get_EVP_MD(u8 algorithm) { switch(algorithm) { #ifndef OPENSSL_NO_MD5 case HMAC_MD5: return EVP_md5(); #endif #ifndef OPENSSL_NO_SHA case HMAC_SHA1: return EVP_sha1(); #endif #ifndef OPENSSL_NO_SHA256 case HMAC_SHA224: return EVP_sha224(); case HMAC_SHA256: return EVP_sha256(); #endif #ifndef OPENSSL_NO_SHA512 case HMAC_SHA384: return EVP_sha384(); case HMAC_SHA512: return EVP_sha512(); #endif default: return EVP_md_null(); } }
void OpenSSL_add_all_digests(void) { #ifndef OPENSSL_NO_MD4 EVP_add_digest(EVP_md4()); #endif #ifndef OPENSSL_NO_MD5 EVP_add_digest(EVP_md5()); EVP_add_digest_alias(SN_md5, "ssl2-md5"); EVP_add_digest_alias(SN_md5, "ssl3-md5"); #endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) EVP_add_digest(EVP_sha()); #ifndef OPENSSL_NO_DSA EVP_add_digest(EVP_dss()); #endif #endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) EVP_add_digest(EVP_sha1()); EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); #ifndef OPENSSL_NO_DSA EVP_add_digest(EVP_dss1()); EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); #endif #ifndef OPENSSL_NO_ECDSA EVP_add_digest(EVP_ecdsa()); #endif #endif #ifndef OPENSSL_NO_GOST EVP_add_digest(EVP_gostr341194()); EVP_add_digest(EVP_gost2814789imit()); EVP_add_digest(EVP_streebog256()); EVP_add_digest(EVP_streebog512()); #endif #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) EVP_add_digest(EVP_mdc2()); #endif #ifndef OPENSSL_NO_RIPEMD EVP_add_digest(EVP_ripemd160()); EVP_add_digest_alias(SN_ripemd160, "ripemd"); EVP_add_digest_alias(SN_ripemd160, "rmd160"); #endif #ifndef OPENSSL_NO_SHA256 EVP_add_digest(EVP_sha224()); EVP_add_digest(EVP_sha256()); #endif #ifndef OPENSSL_NO_SHA512 EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); #endif #ifndef OPENSSL_NO_WHIRLPOOL EVP_add_digest(EVP_whirlpool()); #endif }
CryptoBuffer::CryptoBuffer(const char *pass) : d(new Private()) { d->password = pass; d->cipher = EVP_aes_256_cbc(); d->digest = EVP_sha384(); }
static int s2n_evp_hmac_p_hash_init(struct s2n_prf_working_space *ws, s2n_hmac_algorithm alg, struct s2n_blob *secret) { /* Initialize the message digest */ switch (alg) { case S2N_HMAC_SSLv3_MD5: case S2N_HMAC_MD5: ws->tls.p_hash.evp_hmac.evp_digest.md = EVP_md5(); break; case S2N_HMAC_SSLv3_SHA1: case S2N_HMAC_SHA1: ws->tls.p_hash.evp_hmac.evp_digest.md = EVP_sha1(); break; case S2N_HMAC_SHA224: ws->tls.p_hash.evp_hmac.evp_digest.md = EVP_sha224(); break; case S2N_HMAC_SHA256: ws->tls.p_hash.evp_hmac.evp_digest.md = EVP_sha256(); break; case S2N_HMAC_SHA384: ws->tls.p_hash.evp_hmac.evp_digest.md = EVP_sha384(); break; case S2N_HMAC_SHA512: ws->tls.p_hash.evp_hmac.evp_digest.md = EVP_sha512(); break; default: S2N_ERROR(S2N_ERR_P_HASH_INVALID_ALGORITHM); } /* Initialize the mac key using the provided secret */ notnull_check(ws->tls.p_hash.evp_hmac.mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, secret->data, secret->size)); /* Initialize the message digest context with the above message digest and mac key */ return s2n_evp_hmac_p_hash_digest_init(ws); }
int lws_genhash_init(struct lws_genhash_ctx *ctx, enum lws_genhash_types type) { ctx->type = type; ctx->mdctx = EVP_MD_CTX_create(); if (!ctx->mdctx) return 1; switch (ctx->type) { case LWS_GENHASH_TYPE_SHA1: ctx->evp_type = EVP_sha1(); break; case LWS_GENHASH_TYPE_SHA256: ctx->evp_type = EVP_sha256(); break; case LWS_GENHASH_TYPE_SHA384: ctx->evp_type = EVP_sha384(); break; case LWS_GENHASH_TYPE_SHA512: ctx->evp_type = EVP_sha512(); break; default: return 1; } if (EVP_DigestInit_ex(ctx->mdctx, ctx->evp_type, NULL) != 1) { EVP_MD_CTX_destroy(ctx->mdctx); return 1; } return 0; }
/* HMAC-SHA384: generate hash of known digest value and compare to known precomputed correct hash */ static int FIPS_hmac_sha384_test() { unsigned char key[] = "etaonrishd"; unsigned char iv[] = "Sample text"; unsigned char kaval[EVP_MAX_MD_SIZE] = { 0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08, 0x26, 0x99, 0xef, 0x3b, 0x10, 0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b, 0xac, 0xb0, 0x07, 0x39, 0x08, 0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3, 0xf3, 0xb8, 0x9b, 0x88, 0x1c }; unsigned char out[EVP_MAX_MD_SIZE]; unsigned int outlen; ERR_clear_error(); if (!HMAC (EVP_sha384(), key, sizeof(key) - 1, iv, sizeof(iv) - 1, out, &outlen)) return 0; if (memcmp(out, kaval, outlen)) return 0; return 1; }
bool OpensslManager::HMACString(Openssl_Hash algorithm, char *key, int key_len, unsigned char *input, int input_len, unsigned char *output, unsigned int *outlength) { switch(algorithm) { case Openssl_Hash_MD5: HMAC(EVP_md5(), key, key_len, input, input_len, output, outlength); return true; case Openssl_Hash_MD4: HMAC(EVP_md4(), key, key_len, input, input_len, output, outlength); return true; case Openssl_Hash_SHA: HMAC(EVP_sha(), key, key_len, input, input_len, output, outlength); return true; case Openssl_Hash_SHA1: HMAC(EVP_sha1(), key, key_len, input, input_len, output, outlength); return true; case Openssl_Hash_SHA224: HMAC(EVP_sha224(), key, key_len, input, input_len, output, outlength); return true; case Openssl_Hash_SHA256: HMAC(EVP_sha256(), key, key_len, input, input_len, output, outlength); return true; case Openssl_Hash_SHA384: HMAC(EVP_sha384(), key, key_len, input, input_len, output, outlength); return true; case Openssl_Hash_SHA512: HMAC(EVP_sha512(), key, key_len, input, input_len, output, outlength); return true; case Openssl_Hash_RIPEMD160: HMAC(EVP_ripemd160(), key, key_len, input, input_len, output, outlength); return true; } return false; }
int FIPS_selftest_dsa() { DSA *dsa=NULL; EVP_PKEY pk; int ret = 0; dsa = FIPS_dsa_new(); if(dsa == NULL) goto err; fips_load_key_component(dsa, p, dsa_test_2048); fips_load_key_component(dsa, q, dsa_test_2048); fips_load_key_component(dsa, g, dsa_test_2048); fips_load_key_component(dsa, pub_key, dsa_test_2048); fips_load_key_component(dsa, priv_key, dsa_test_2048); pk.type = EVP_PKEY_DSA; pk.pkey.dsa = dsa; if (!fips_pkey_signature_test(FIPS_TEST_SIGNATURE, &pk, NULL, 0, NULL, 0, EVP_sha384(), 0, "DSA SHA384")) goto err; ret = 1; err: if (dsa) FIPS_dsa_free(dsa); return ret; }
const EVP_MD *get_hash(enum enum_hash hash, const unsigned char **oid, size_t *oid_len) { switch(hash) { case hash_arg_SHA1: if(oid) { *oid = sha1oid; *oid_len = sizeof(sha1oid); } return EVP_sha1(); case hash_arg_SHA256: if(oid) { *oid = sha256oid; *oid_len = sizeof(sha256oid); } return EVP_sha256(); case hash_arg_SHA384: if(oid) { *oid = sha384oid; *oid_len = sizeof(sha384oid); } return EVP_sha384(); case hash_arg_SHA512: if(oid) { *oid = sha512oid; *oid_len = sizeof(sha512oid); } return EVP_sha512(); case hash__NULL: default: return NULL; } }
void openssl_add_all_digests_internal(void) { #ifndef OPENSSL_NO_MD4 EVP_add_digest(EVP_md4()); #endif #ifndef OPENSSL_NO_MD5 EVP_add_digest(EVP_md5()); EVP_add_digest_alias(SN_md5, "ssl3-md5"); EVP_add_digest(EVP_md5_sha1()); #endif EVP_add_digest(EVP_sha1()); EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) EVP_add_digest(EVP_mdc2()); #endif #ifndef OPENSSL_NO_RMD160 EVP_add_digest(EVP_ripemd160()); EVP_add_digest_alias(SN_ripemd160, "ripemd"); EVP_add_digest_alias(SN_ripemd160, "rmd160"); #endif EVP_add_digest(EVP_sha224()); EVP_add_digest(EVP_sha256()); EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); #ifndef OPENSSL_NO_WHIRLPOOL EVP_add_digest(EVP_whirlpool()); #endif }
const EVP_MD * tls12_get_hash(unsigned char hash_alg) { switch (hash_alg) { case TLSEXT_hash_sha1: return EVP_sha1(); case TLSEXT_hash_sha224: return EVP_sha224(); case TLSEXT_hash_sha256: return EVP_sha256(); case TLSEXT_hash_sha384: return EVP_sha384(); case TLSEXT_hash_sha512: return EVP_sha512(); #ifndef OPENSSL_NO_GOST case TLSEXT_hash_gost94: return EVP_gostr341194(); case TLSEXT_hash_streebog_256: return EVP_streebog256(); case TLSEXT_hash_streebog_512: return EVP_streebog512(); #endif default: return NULL; } }
int jwt_sign_sha_hmac(jwt_t *jwt, char **out, unsigned int *len, const char *str) { const EVP_MD *alg; switch (jwt->alg) { /* HMAC */ case JWT_ALG_HS256: alg = EVP_sha256(); break; case JWT_ALG_HS384: alg = EVP_sha384(); break; case JWT_ALG_HS512: alg = EVP_sha512(); break; default: return EINVAL; } *out = malloc(EVP_MAX_MD_SIZE); if (*out == NULL) return ENOMEM; HMAC(alg, jwt->key, jwt->key_len, (const unsigned char *)str, strlen(str), (unsigned char *)*out, len); return 0; }
KDF_FUNC KDF_get_x9_63(const EVP_MD *md) { if (md == EVP_md5()) { return x963_md5kdf; } else if (md == EVP_ripemd160()) { return x963_rmd160kdf; } else if (md == EVP_sha1()) { return x963_sha1kdf; } else if (md == EVP_sha224()) { return x963_sha224kdf; } else if (md == EVP_sha256()) { return x963_sha256kdf; } else if (md == EVP_sha384()) { return x963_sha384kdf; } else if (md == EVP_sha512()) { return x963_sha512kdf; } else if (md == EVP_whirlpool()) { return x963_whirlpoolkdf; } else if (md == EVP_sm3()) { return x963_sm3kdf; } return NULL; }
static int aead_aes_256_cbc_sha384_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, size_t tag_len, enum evp_aead_direction_t dir) { return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_aes_256_cbc(), EVP_sha384(), 0); }
static const EVP_MD *getEVPMD(int hashalgo) { switch (hashalgo) { case PGPHASHALGO_MD5: return EVP_md5(); case PGPHASHALGO_SHA1: return EVP_sha1(); case PGPHASHALGO_SHA256: return EVP_sha256(); case PGPHASHALGO_SHA384: return EVP_sha384(); case PGPHASHALGO_SHA512: return EVP_sha512(); case PGPHASHALGO_SHA224: return EVP_sha224(); default: return EVP_md_null(); } }
void HMACSHA384(sLONG_PTR *pResult, PackagePtr pParams) { C_BLOB Param1; C_BLOB Param2; C_LONGINT Param3; C_TEXT returnValue; Param1.fromParamAtIndex(pParams, 1); Param2.fromParamAtIndex(pParams, 2); Param3.fromParamAtIndex(pParams, 3); uint8_t *buf = (uint8_t *)calloc(48, sizeof(uint8_t)); uint32_t mdlen = 48; HMAC(EVP_sha384(), (const void *)Param1.getBytesPtr(), (int)Param1.getBytesLength(), (const unsigned char *)Param2.getBytesPtr(), (int)Param2.getBytesLength(), buf, &mdlen); C_BLOB temp; temp.setBytes((const uint8_t *)buf, 48); switch (Param3.getIntValue()) { case 1: temp.toB64Text(&returnValue); break; default: temp.toHexText(&returnValue); break; } free(buf); returnValue.setReturn(pResult); }
int receive_exchange_key(FILE * log_server, char * ciphersuite_to_use, unsigned char * master_secret, char * premaster_secret, char * random_from_client, char * random_from_server){ if(!decrypt_secret_RSA(log_server, premaster_secret)){ printf("SERVER: decription failed\n"); return 0; } const EVP_MD * evp_md; if(atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA224) || atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA224)){ evp_md = EVP_sha224(); } else if(atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA256) || atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA256)){ evp_md = EVP_sha256(); } else if(atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA384) || atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA384)){ evp_md = EVP_sha384(); } else { evp_md = EVP_sha512(); } if(!compute_master_secret (master_secret, evp_md, random_from_client, random_from_server, premaster_secret, "master secret")){ printf("SERVER: computing master_secret failed\n"); return 0; } return 1; }
int server_finished(FILE* log_server, char * master_secret, char * ciphersuite_to_use){ FILE* channel = fopen (link_channel,"w"); unsigned char * hash_server_log = calloc (24 , sizeof(unsigned char)); const EVP_MD * evp_md; if(atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA224) || atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA224)){ evp_md = EVP_sha224(); } else if(atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA256) || atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA256)){ evp_md = EVP_sha256(); } else if(atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA384) || atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA384)){ evp_md = EVP_sha384(); } else { evp_md = EVP_sha512(); } // Compute the hash of the log fclose(log_server); log_server = fopen("./log/log_server.txt","r"); compute_hash_log(log_server, evp_md, (unsigned char *) master_secret, 48, hash_server_log); fclose(log_server); log_server = fopen("./log/log_server.txt","a"); // Send finish send_message (channel, 4, TLS_VERSION, TLS_HANDSHAKE , TLS_FINISHED , hash_server_log); send_message (log_server, 5, sending, TLS_VERSION, TLS_HANDSHAKE , TLS_FINISHED , hash_server_log); fclose(channel); return 1; }
void sc_pkcs11_register_openssl_mechanisms(struct sc_pkcs11_card *card) { #if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_ENGINE) void (*locking_cb)(int, int, const char *, int); ENGINE *e; locking_cb = CRYPTO_get_locking_callback(); if (locking_cb) CRYPTO_set_locking_callback(NULL); e = ENGINE_by_id("gost"); if (!e) { #if !defined(OPENSSL_NO_STATIC_ENGINE) && !defined(OPENSSL_NO_GOST) ENGINE_load_gost(); e = ENGINE_by_id("gost"); #else /* try to load dynamic gost engine */ e = ENGINE_by_id("dynamic"); if (!e) { ENGINE_load_dynamic(); e = ENGINE_by_id("dynamic"); } if (e && (!ENGINE_ctrl_cmd_string(e, "SO_PATH", "gost", 0) || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))) { ENGINE_free(e); e = NULL; } #endif /* !OPENSSL_NO_STATIC_ENGINE && !OPENSSL_NO_GOST */ } if (e) { ENGINE_set_default(e, ENGINE_METHOD_ALL); ENGINE_free(e); } if (locking_cb) CRYPTO_set_locking_callback(locking_cb); #endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_ENGINE) */ openssl_sha1_mech.mech_data = EVP_sha1(); sc_pkcs11_register_mechanism(card, &openssl_sha1_mech); #if OPENSSL_VERSION_NUMBER >= 0x00908000L openssl_sha256_mech.mech_data = EVP_sha256(); sc_pkcs11_register_mechanism(card, &openssl_sha256_mech); openssl_sha384_mech.mech_data = EVP_sha384(); sc_pkcs11_register_mechanism(card, &openssl_sha384_mech); openssl_sha512_mech.mech_data = EVP_sha512(); sc_pkcs11_register_mechanism(card, &openssl_sha512_mech); #endif openssl_md5_mech.mech_data = EVP_md5(); sc_pkcs11_register_mechanism(card, &openssl_md5_mech); openssl_ripemd160_mech.mech_data = EVP_ripemd160(); sc_pkcs11_register_mechanism(card, &openssl_ripemd160_mech); #if OPENSSL_VERSION_NUMBER >= 0x10000000L openssl_gostr3411_mech.mech_data = EVP_get_digestbynid(NID_id_GostR3411_94); sc_pkcs11_register_mechanism(card, &openssl_gostr3411_mech); #endif }
int fips_drbg_hmac_init(DRBG_CTX *dctx) { const EVP_MD *md = NULL; DRBG_HMAC_CTX *hctx = &dctx->d.hmac; dctx->strength = 256; switch (dctx->type) { case NID_hmacWithSHA1: md = EVP_sha1(); dctx->strength = 128; break; case NID_hmacWithSHA224: md = EVP_sha224(); dctx->strength = 192; break; case NID_hmacWithSHA256: md = EVP_sha256(); break; case NID_hmacWithSHA384: md = EVP_sha384(); break; case NID_hmacWithSHA512: md = EVP_sha512(); break; default: dctx->strength = 0; return -2; } dctx->instantiate = drbg_hmac_instantiate; dctx->reseed = drbg_hmac_reseed; dctx->generate = drbg_hmac_generate; dctx->uninstantiate = drbg_hmac_uninstantiate; hctx->hctx = HMAC_CTX_new(); if (hctx->hctx == NULL) return -1; hctx->md = md; dctx->blocklength = M_EVP_MD_size(md); dctx->seedlen = M_EVP_MD_size(md); dctx->min_entropy = dctx->strength / 8; dctx->max_entropy = DRBG_MAX_LENGTH; dctx->min_nonce = dctx->min_entropy / 2; dctx->max_nonce = DRBG_MAX_LENGTH; dctx->max_pers = DRBG_MAX_LENGTH; dctx->max_adin = DRBG_MAX_LENGTH; dctx->max_request = 1 << 16; dctx->reseed_interval = 1 << 24; return 1; }
bool ECDSA_Sign(COSE * pSigner, int index, const cn_cbor * pKey, int cbitDigest, const byte * rgbToSign, size_t cbToSign, cose_errback * perr) { EC_KEY * eckey = NULL; byte rgbDigest[EVP_MAX_MD_SIZE]; unsigned int cbDigest = sizeof(rgbDigest); byte * pbSig = NULL; const EVP_MD * digest; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = &pSigner->m_allocContext; #endif cn_cbor * p = NULL; ECDSA_SIG * psig = NULL; cn_cbor_errback cbor_error; int cbR; byte rgbSig[66]; int cb; eckey = ECKey_From(pKey, &cbR, perr); if (eckey == NULL) { errorReturn: if (p != NULL) CN_CBOR_FREE(p, context); if (eckey != NULL) EC_KEY_free(eckey); return false; } switch (cbitDigest) { case 256: digest = EVP_sha256(); break; case 512: digest = EVP_sha512(); break; case 384: digest = EVP_sha384(); break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); } EVP_Digest(rgbToSign, cbToSign, rgbDigest, &cbDigest, digest, NULL); psig = ECDSA_do_sign(rgbDigest, cbDigest, eckey); CHECK_CONDITION(psig != NULL, COSE_ERR_CRYPTO_FAIL); pbSig = COSE_CALLOC(cbR, 2, context); CHECK_CONDITION(pbSig != NULL, COSE_ERR_OUT_OF_MEMORY); cb = BN_bn2bin(psig->r, rgbSig); CHECK_CONDITION(cb <= cbR, COSE_ERR_INVALID_PARAMETER); memcpy(pbSig + cbR - cb, rgbSig, cb); cb = BN_bn2bin(psig->s, rgbSig); CHECK_CONDITION(cb <= cbR, COSE_ERR_INVALID_PARAMETER); memcpy(pbSig + 2*cbR - cb, rgbSig, cb); p = cn_cbor_data_create(pbSig, cbR*2, CBOR_CONTEXT_PARAM_COMMA &cbor_error); CHECK_CONDITION_CBOR(p != NULL, cbor_error); CHECK_CONDITION(_COSE_array_replace(pSigner, p, index, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR); return true; }
int change_cipher_spec(FILE * log_server, unsigned char * master_secret, char * ciphersuite_to_use){ FILE* channel = fopen(link_channel,"r"); char * received_message = calloc(BUF_SIZE+1,sizeof(char)); // Read data from channel read_channel (channel, received_message); fclose(channel); if(!strcmp(received_message,TLS_ERROR_OCCURRED)){ closeConversation(log_server); } // Get the hash of the client_log unsigned char * hash_client_log = calloc(24, sizeof(unsigned char)); unsigned char * hash_server_log = calloc(24, sizeof(unsigned char)); get_block(received_message, 4, (char*) hash_client_log); const EVP_MD * evp_md; if(atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA224) || atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA224)){ evp_md = EVP_sha224(); } else if(atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA256) || atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA256)){ evp_md = EVP_sha256(); } else if(atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA384) || atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA384)){ evp_md = EVP_sha384(); } else { evp_md = EVP_sha512(); } fclose(log_server); log_server = fopen("./log/log_server.txt","r"); // Compute the hash of the log compute_hash_log(log_server, evp_md, (unsigned char *) master_secret, 48, hash_server_log); fclose(log_server); log_server = fopen("./log/log_server.txt","a"); // Compare the two hash if(strcmp( (char*) hash_client_log, (char*) hash_server_log)){ printf("SERVER: comparing hash log failed\n"); free(received_message); free(hash_server_log); return 0; } else{ // Save it in log_server send_message (log_server, 2, receiving, received_message); fprintf(log_server, "\n\n"); free(received_message); free(hash_server_log); FILE* channel = fopen (link_channel,"w"); // Send ChangeCipherSuite to the Server send_message (channel, 3, TLS_VERSION, TLS_HANDSHAKE, TLS_CHANGECIPHERSPEC); send_message (log_server, 4, sending , TLS_VERSION, TLS_HANDSHAKE, TLS_CHANGECIPHERSPEC); fprintf(log_server, "\n\n"); fclose (channel); return 1; } }
int SSL_library_init(void) { #ifndef OPENSSL_NO_DES EVP_add_cipher(EVP_des_cbc()); EVP_add_cipher(EVP_des_ede3_cbc()); #endif #ifndef OPENSSL_NO_IDEA EVP_add_cipher(EVP_idea_cbc()); #endif #ifndef OPENSSL_NO_RC4 EVP_add_cipher(EVP_rc4()); #if !defined(OPENSSL_NO_MD5) && (defined(__x86_64) || defined(__x86_64__)) EVP_add_cipher(EVP_rc4_hmac_md5()); #endif #endif #ifndef OPENSSL_NO_RC2 EVP_add_cipher(EVP_rc2_cbc()); /* Not actually used for SSL/TLS but this makes PKCS#12 work * if an application only calls SSL_library_init(). */ EVP_add_cipher(EVP_rc2_40_cbc()); #endif EVP_add_cipher(EVP_aes_128_cbc()); EVP_add_cipher(EVP_aes_192_cbc()); EVP_add_cipher(EVP_aes_256_cbc()); EVP_add_cipher(EVP_aes_128_gcm()); EVP_add_cipher(EVP_aes_256_gcm()); EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); #ifndef OPENSSL_NO_CAMELLIA EVP_add_cipher(EVP_camellia_128_cbc()); EVP_add_cipher(EVP_camellia_256_cbc()); #endif EVP_add_digest(EVP_md5()); EVP_add_digest_alias(SN_md5, "ssl2-md5"); EVP_add_digest_alias(SN_md5, "ssl3-md5"); EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); EVP_add_digest(EVP_sha224()); EVP_add_digest(EVP_sha256()); EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); EVP_add_digest(EVP_ecdsa()); /* initialize cipher/digest methods table */ ssl_load_ciphers(); return (1); }
void DtlsTransport::GenerateFingerprints() { MS_TRACE(); for (auto it = DtlsTransport::string2FingerprintAlgorithm.begin(); it != DtlsTransport::string2FingerprintAlgorithm.end(); ++it) { std::string algorithm_str = it->first; FingerprintAlgorithm algorithm = it->second; uint8_t binary_fingerprint[EVP_MAX_MD_SIZE]; unsigned int size = 0; char hex_fingerprint[(EVP_MAX_MD_SIZE * 2) + 1]; const EVP_MD* hash_function; int ret; switch (algorithm) { case FingerprintAlgorithm::SHA1: hash_function = EVP_sha1(); break; case FingerprintAlgorithm::SHA224: hash_function = EVP_sha224(); break; case FingerprintAlgorithm::SHA256: hash_function = EVP_sha256(); break; case FingerprintAlgorithm::SHA384: hash_function = EVP_sha384(); break; case FingerprintAlgorithm::SHA512: hash_function = EVP_sha512(); break; default: MS_ABORT("unknown algorithm"); } ret = X509_digest(DtlsTransport::certificate, hash_function, binary_fingerprint, &size); if (ret == 0) { MS_ERROR("X509_digest() failed"); MS_THROW_ERROR("Fingerprints generation failed"); } // Convert to hexadecimal format in lowecase without colons. for (unsigned int i = 0; i < size; i++) { std::sprintf(hex_fingerprint + (i * 2), "%.2x", binary_fingerprint[i]); } hex_fingerprint[size * 2] = '\0'; MS_DEBUG("%-7s fingerprint: %s", algorithm_str.c_str(), hex_fingerprint); // Store in the JSON. DtlsTransport::localFingerprints[algorithm_str] = hex_fingerprint; } }
static const EVP_MD *evp_md_from_alg(const char *alg) { if (strcmp(alg, "RS256") == 0) { return EVP_sha256(); } else if (strcmp(alg, "RS384") == 0) { return EVP_sha384(); } else if (strcmp(alg, "RS512") == 0) { return EVP_sha512(); } else { return NULL; } }