/* * Generates the mac for the Finished message. Returns the length of the MAC or * 0 on error. */ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, unsigned char *out) { const EVP_MD *md = ssl_handshake_md(s); unsigned char hash[EVP_MAX_MD_SIZE]; size_t hashlen, ret = 0; EVP_PKEY *key = NULL; EVP_MD_CTX *ctx = EVP_MD_CTX_new(); if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) { /* SSLfatal() already called */ goto err; } if (str == s->method->ssl3_enc->server_finished_label) { key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, s->server_finished_secret, hashlen); } else if (SSL_IS_FIRST_HANDSHAKE(s)) { key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, s->client_finished_secret, hashlen); } else { unsigned char finsecret[EVP_MAX_MD_SIZE]; if (!tls13_derive_finishedkey(s, ssl_handshake_md(s), s->client_app_traffic_secret, finsecret, hashlen)) goto err; key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finsecret, hashlen); OPENSSL_cleanse(finsecret, sizeof(finsecret)); } if (key == NULL || ctx == NULL || EVP_DigestSignInit(ctx, NULL, md, NULL, key) <= 0 || EVP_DigestSignUpdate(ctx, hash, hashlen) <= 0 || EVP_DigestSignFinal(ctx, out, &hashlen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR); goto err; } ret = hashlen; err: EVP_PKEY_free(key); EVP_MD_CTX_free(ctx); return ret; }
static int test_set_get_raw_keys_int(int tst, int pub) { int ret = 0; unsigned char buf[80]; unsigned char *in; size_t inlen, len = 0; EVP_PKEY *pkey; /* Check if this algorithm supports public keys */ if (keys[tst].pub == NULL) return 1; memset(buf, 0, sizeof(buf)); if (pub) { inlen = strlen(keys[tst].pub); in = (unsigned char *)keys[tst].pub; pkey = EVP_PKEY_new_raw_public_key(keys[tst].type, NULL, in, inlen); } else { inlen = strlen(keys[tst].priv); in = (unsigned char *)keys[tst].priv; pkey = EVP_PKEY_new_raw_private_key(keys[tst].type, NULL, in, inlen); } if (!TEST_ptr(pkey) || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len))) || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len))) || !TEST_true(len == inlen) || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len))) || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len))) || !TEST_mem_eq(in, inlen, buf, len)) goto done; ret = 1; done: EVP_PKEY_free(pkey); return ret; }
static int tls1_prf_P_hash(const EVP_MD *md, const unsigned char *sec, size_t sec_len, const unsigned char *seed, size_t seed_len, unsigned char *out, size_t olen) { int chunk; EVP_MD_CTX *ctx = NULL, *ctx_tmp = NULL, *ctx_init = NULL; EVP_PKEY *mac_key = NULL; unsigned char A1[EVP_MAX_MD_SIZE]; size_t A1_len; int ret = 0; chunk = EVP_MD_size(md); if (!ossl_assert(chunk > 0)) goto err; ctx = EVP_MD_CTX_new(); ctx_tmp = EVP_MD_CTX_new(); ctx_init = EVP_MD_CTX_new(); if (ctx == NULL || ctx_tmp == NULL || ctx_init == NULL) goto err; EVP_MD_CTX_set_flags(ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); mac_key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, sec, sec_len); if (mac_key == NULL) goto err; if (!EVP_DigestSignInit(ctx_init, NULL, md, NULL, mac_key)) goto err; if (!EVP_MD_CTX_copy_ex(ctx, ctx_init)) goto err; if (seed != NULL && !EVP_DigestSignUpdate(ctx, seed, seed_len)) goto err; if (!EVP_DigestSignFinal(ctx, A1, &A1_len)) goto err; for (;;) { /* Reinit mac contexts */ if (!EVP_MD_CTX_copy_ex(ctx, ctx_init)) goto err; if (!EVP_DigestSignUpdate(ctx, A1, A1_len)) goto err; if (olen > (size_t)chunk && !EVP_MD_CTX_copy_ex(ctx_tmp, ctx)) goto err; if (seed && !EVP_DigestSignUpdate(ctx, seed, seed_len)) goto err; if (olen > (size_t)chunk) { size_t mac_len; if (!EVP_DigestSignFinal(ctx, out, &mac_len)) goto err; out += mac_len; olen -= mac_len; /* calc the next A1 value */ if (!EVP_DigestSignFinal(ctx_tmp, A1, &A1_len)) goto err; } else { /* last one */ if (!EVP_DigestSignFinal(ctx, A1, &A1_len)) goto err; memcpy(out, A1, olen); break; } } ret = 1; err: EVP_PKEY_free(mac_key); EVP_MD_CTX_free(ctx); EVP_MD_CTX_free(ctx_tmp); EVP_MD_CTX_free(ctx_init); OPENSSL_cleanse(A1, sizeof(A1)); return ret; }
/* For OpenSSL >= 1.1.1 the hmac_nif and cmac_nif could be integrated into poly1305 (with 'type' as parameter) */ ERL_NIF_TERM poly1305_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) {/* (Key, Text) */ #ifdef HAVE_POLY1305 ErlNifBinary key_bin, text, ret_bin; ERL_NIF_TERM ret; EVP_PKEY *key = NULL; EVP_MD_CTX *mctx = NULL; EVP_PKEY_CTX *pctx = NULL; const EVP_MD *md = NULL; size_t size; int ret_bin_alloc = 0; ASSERT(argc == 2); if (!enif_inspect_binary(env, argv[0], &key_bin)) goto bad_arg; if (key_bin.size != 32) goto bad_arg; if (!enif_inspect_binary(env, argv[1], &text)) goto bad_arg; if ((key = EVP_PKEY_new_raw_private_key(EVP_PKEY_POLY1305, /*engine*/ NULL, key_bin.data, key_bin.size)) == NULL) goto err; if ((mctx = EVP_MD_CTX_new()) == NULL) goto err; if (EVP_DigestSignInit(mctx, &pctx, md, /*engine*/ NULL, key) != 1) goto err; if (EVP_DigestSignUpdate(mctx, text.data, text.size) != 1) goto err; if (EVP_DigestSignFinal(mctx, NULL, &size) != 1) goto err; if (!enif_alloc_binary(size, &ret_bin)) goto err; ret_bin_alloc = 1; if (EVP_DigestSignFinal(mctx, ret_bin.data, &size) != 1) goto err; if (size != ret_bin.size) { if (!enif_realloc_binary(&ret_bin, size)) goto err; } ret = enif_make_binary(env, &ret_bin); ret_bin_alloc = 0; goto done; bad_arg: return enif_make_badarg(env); err: if (ret_bin_alloc) enif_release_binary(&ret_bin); ret = atom_error; done: if (mctx) EVP_MD_CTX_free(mctx); if (key) EVP_PKEY_free(key); return ret; #else return enif_raise_exception(env, atom_notsup); #endif }