krb5_error_code
_krb5_evp_hmac_iov(krb5_context context,
krb5_crypto crypto,
struct _krb5_key_data *key,
const struct krb5_crypto_iov *iov,
int niov,
void *hmac,
unsigned int *hmaclen,
const EVP_MD *md,
ENGINE *engine)
{
HMAC_CTX *ctx;
krb5_data current = {0, 0};
int i;
if (crypto != NULL) {
if (crypto->hmacctx == NULL)
crypto->hmacctx = HMAC_CTX_new();
ctx = crypto->hmacctx;
} else {
ctx = HMAC_CTX_new();
}
if (ctx == NULL)
return krb5_enomem(context);
HMAC_Init_ex(ctx, key->key->keyvalue.data, key->key->keyvalue.length,
md, engine);
for (i = 0; i < niov; i++) {
if (_krb5_crypto_iov_should_sign(&iov[i])) {
if ((char *)current.data + current.length == iov[i].data.data) {
current.length += iov[i].data.length;
} else {
if (current.data)
HMAC_Update(ctx, current.data, current.length);
current = iov[i].data;
}
}
}
if (current.data)
HMAC_Update(ctx, current.data, current.length);
HMAC_Final(ctx, hmac, hmaclen);
if (crypto == NULL)
HMAC_CTX_free(ctx);
return 0;
}
static int rtmp_handshake_make_digest(const uint8_t* key, size_t len, const uint8_t* ptr, size_t ptrlen, const uint8_t* digest, uint8_t* dst)
{
static HMAC_CTX *hmac;
unsigned int digestlen;
if (hmac == NULL) {
#if OPENSSL_VERSION_NUMBER < 0x10100000L
static HMAC_CTX shmac;
hmac = &shmac;
HMAC_CTX_init(hmac);
#else
hmac = HMAC_CTX_new();
#endif
}
HMAC_Init_ex(hmac, key, len, EVP_sha256(), NULL);
if (digest)
{
assert(digest + SHA256_DIGEST_LENGTH <= ptr + ptrlen);
HMAC_Update(hmac, ptr, digest - ptr);
if (digest + SHA256_DIGEST_LENGTH < ptr + ptrlen)
HMAC_Update(hmac, digest + SHA256_DIGEST_LENGTH, ptrlen - (digest - ptr) - SHA256_DIGEST_LENGTH);
}
else
{
HMAC_Update(hmac, ptr, ptrlen);
}
HMAC_Final(hmac, dst, &digestlen);
assert(digestlen == SHA256_DIGEST_LENGTH);
return 0;
}
unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
const unsigned char *d, size_t n, unsigned char *md,
unsigned int *md_len)
{
HMAC_CTX *c = NULL;
static unsigned char m[EVP_MAX_MD_SIZE];
static const unsigned char dummy_key[1] = {'\0'};
if (md == NULL)
md = m;
if ((c = HMAC_CTX_new()) == NULL)
goto err;
/* For HMAC_Init_ex, NULL key signals reuse. */
if (key == NULL && key_len == 0) {
key = dummy_key;
}
if (!HMAC_Init_ex(c, key, key_len, evp_md, NULL))
goto err;
if (!HMAC_Update(c, d, n))
goto err;
if (!HMAC_Final(c, md, md_len))
goto err;
HMAC_CTX_free(c);
return md;
err:
HMAC_CTX_free(c);
return NULL;
}
int32_t mz_crypt_hmac_init(void *handle, const void *key, int32_t key_length)
{
mz_crypt_hmac *hmac = (mz_crypt_hmac *)handle;
int32_t result = 0;
const EVP_MD *evp_md = NULL;
if (hmac == NULL || key == NULL)
return MZ_PARAM_ERROR;
mz_crypt_hmac_reset(handle);
hmac->ctx = HMAC_CTX_new();
if (hmac->algorithm == MZ_HASH_SHA1)
evp_md = EVP_sha1();
else
evp_md = EVP_sha256();
result = HMAC_Init(hmac->ctx, key, key_length, evp_md);
if (!result)
{
hmac->error = ERR_get_error();
return MZ_HASH_ERROR;
}
return MZ_OK;
}
HMACCTX hmac_init(const void *key, int len, enum ssh_hmac_e type) {
HMACCTX ctx = NULL;
ctx = HMAC_CTX_new();
if (ctx == NULL) {
return NULL;
}
switch(type) {
case SSH_HMAC_SHA1:
HMAC_Init_ex(ctx, key, len, EVP_sha1(), NULL);
break;
case SSH_HMAC_SHA256:
HMAC_Init_ex(ctx, key, len, EVP_sha256(), NULL);
break;
case SSH_HMAC_SHA512:
HMAC_Init_ex(ctx, key, len, EVP_sha512(), NULL);
break;
case SSH_HMAC_MD5:
HMAC_Init_ex(ctx, key, len, EVP_md5(), NULL);
break;
default:
HMAC_CTX_free(ctx);
ctx = NULL;
}
return ctx;
}
/*!
* make a keyed-hash from a key using the HMAC-sha256 and a challenge
*
* \param key The key to make a digest for
* \param challenge Some data mixin - identify the specific digest
* \return a base64 encoded digest
*/
inline std::string compute_wcs(
const std::string & key,
const std::string & challenge )
{
unsigned int len = 32;
unsigned char hash[32];
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
HMAC_CTX hmac;
HMAC_CTX_init(&hmac);
HMAC_Init_ex(&hmac, key.data(), key.length(), EVP_sha256(), NULL);
HMAC_Update(&hmac, (unsigned char*) challenge.data(), challenge.length());
HMAC_Final(&hmac, hash, &len);
HMAC_CTX_cleanup(&hmac);
#else
HMAC_CTX *hmac = HMAC_CTX_new();
if (!hmac)
return "";
HMAC_Init_ex(hmac, key.data(), key.length(), EVP_sha256(), NULL);
HMAC_Update(hmac, ( unsigned char* ) challenge.data(), challenge.length());
HMAC_Final(hmac, hash, &len);
HMAC_CTX_free(hmac);
#endif
std::string str_out;
str_out.assign( ( char * ) &hash , 32 );
return base_64_encode( str_out );
}
WINPR_HMAC_CTX* winpr_HMAC_New(void)
{
WINPR_HMAC_CTX* ctx = NULL;
#if defined(WITH_OPENSSL)
HMAC_CTX* hmac = NULL;
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
if (!(hmac = (HMAC_CTX*) calloc(1, sizeof(HMAC_CTX))))
return NULL;
HMAC_CTX_init(hmac);
#else
if (!(hmac = HMAC_CTX_new()))
return NULL;
#endif
ctx = (WINPR_HMAC_CTX*) hmac;
#elif defined(WITH_MBEDTLS)
mbedtls_md_context_t* hmac;
if (!(hmac = (mbedtls_md_context_t*) calloc(1, sizeof(mbedtls_md_context_t))))
return NULL;
mbedtls_md_init(hmac);
ctx = (WINPR_HMAC_CTX*) hmac;
#endif
return ctx;
}
HMAC_CTX *
hmac_ctx_new(void)
{
HMAC_CTX *ctx = HMAC_CTX_new();
check_malloc_return(ctx);
return ctx;
}
static void tls1_P_hash( const EVP_MD *md, const unsigned char *sec,
int sec_len, unsigned char *seed, int seed_len,
unsigned char *out, int olen)
{
int chunk,n;
unsigned int j;
HMAC_CTX *ctx;
HMAC_CTX *ctx_tmp;
unsigned char A1[EVP_MAX_MD_SIZE*2];
unsigned int A1_len;
chunk=EVP_MD_size(md);
ctx = HMAC_CTX_new();
ctx_tmp = HMAC_CTX_new();
HMAC_Init_ex(ctx,sec,sec_len,md, NULL);
HMAC_Init_ex(ctx_tmp,sec,sec_len,md, NULL);
HMAC_Update(ctx,seed,seed_len);
HMAC_Final(ctx,A1,&A1_len);
n=0;
for (;;)
{
HMAC_Init_ex(ctx,NULL,0,NULL,NULL); /* re-init */
HMAC_Init_ex(ctx_tmp,NULL,0,NULL,NULL); /* re-init */
HMAC_Update(ctx,A1,A1_len);
HMAC_Update(ctx_tmp,A1,A1_len);
HMAC_Update(ctx,seed,seed_len);
if (olen > chunk)
{
HMAC_Final(ctx,out,&j);
out+=j;
olen-=j;
HMAC_Final(ctx_tmp,A1,&A1_len); /* calc the next A1 value */
}
else /* last one */
{
HMAC_Final(ctx,A1,&A1_len);
memcpy(out,A1,olen);
break;
}
}
HMAC_CTX_free(ctx);
HMAC_CTX_free(ctx_tmp);
OPENSSL_cleanse(A1,sizeof(A1));
}
inline hmac_context::hmac_context()
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
m_ctx = new HMAC_CTX;
HMAC_CTX_init(m_ctx);
#else
m_ctx = HMAC_CTX_new();
#endif
}
static int
__hmac_sha1_init(archive_hmac_sha1_ctx *ctx, const uint8_t *key, size_t key_len)
{
*ctx = HMAC_CTX_new();
if (*ctx == NULL)
return -1;
HMAC_Init_ex(*ctx, key, key_len, EVP_sha1(), NULL);
return 0;
}
int fips_drbg_hmac_init(DRBG_CTX *dctx)
{
const EVP_MD *md = NULL;
DRBG_HMAC_CTX *hctx = &dctx->d.hmac;
dctx->strength = 256;
switch (dctx->type) {
case NID_hmacWithSHA1:
md = EVP_sha1();
dctx->strength = 128;
break;
case NID_hmacWithSHA224:
md = EVP_sha224();
dctx->strength = 192;
break;
case NID_hmacWithSHA256:
md = EVP_sha256();
break;
case NID_hmacWithSHA384:
md = EVP_sha384();
break;
case NID_hmacWithSHA512:
md = EVP_sha512();
break;
default:
dctx->strength = 0;
return -2;
}
dctx->instantiate = drbg_hmac_instantiate;
dctx->reseed = drbg_hmac_reseed;
dctx->generate = drbg_hmac_generate;
dctx->uninstantiate = drbg_hmac_uninstantiate;
hctx->hctx = HMAC_CTX_new();
if (hctx->hctx == NULL)
return -1;
hctx->md = md;
dctx->blocklength = M_EVP_MD_size(md);
dctx->seedlen = M_EVP_MD_size(md);
dctx->min_entropy = dctx->strength / 8;
dctx->max_entropy = DRBG_MAX_LENGTH;
dctx->min_nonce = dctx->min_entropy / 2;
dctx->max_nonce = DRBG_MAX_LENGTH;
dctx->max_pers = DRBG_MAX_LENGTH;
dctx->max_adin = DRBG_MAX_LENGTH;
dctx->max_request = 1 << 16;
dctx->reseed_interval = 1 << 24;
return 1;
}
EFIAPI
HmacSha256New (
VOID
)
{
//
// Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
//
return (VOID *) HMAC_CTX_new ();
}
int compute_keys(UNUSED REQUEST *request, pwd_session_t *session, uint8_t *peer_confirm, uint8_t *msk, uint8_t *emsk)
{
HMAC_CTX *hmac_ctx;
uint8_t mk[SHA256_DIGEST_LENGTH], *cruft;
uint8_t session_id[SHA256_DIGEST_LENGTH + 1];
uint8_t msk_emsk[128]; /* 64 each */
int offset;
MEM(cruft = talloc_array(session, uint8_t, BN_num_bytes(session->prime)));
MEM(hmac_ctx = HMAC_CTX_new());
/*
* first compute the session-id = TypeCode | H(ciphersuite | scal_p |
* scal_s)
*/
session_id[0] = FR_EAP_METHOD_PWD;
HMAC_Init_ex(hmac_ctx, allzero, SHA256_DIGEST_LENGTH, EVP_sha256(), NULL);
HMAC_Update(hmac_ctx, (uint8_t *)&session->ciphersuite, sizeof(session->ciphersuite));
offset = BN_num_bytes(session->order) - BN_num_bytes(session->peer_scalar);
memset(cruft, 0, BN_num_bytes(session->prime));
BN_bn2bin(session->peer_scalar, cruft + offset);
HMAC_Update(hmac_ctx, cruft, BN_num_bytes(session->order));
offset = BN_num_bytes(session->order) - BN_num_bytes(session->my_scalar);
memset(cruft, 0, BN_num_bytes(session->prime));
BN_bn2bin(session->my_scalar, cruft + offset);
HMAC_Update(hmac_ctx, cruft, BN_num_bytes(session->order));
pwd_hmac_final(hmac_ctx, (uint8_t *)&session_id[1]);
/* then compute MK = H(k | commit-peer | commit-server) */
HMAC_Init_ex(hmac_ctx, allzero, SHA256_DIGEST_LENGTH, EVP_sha256(), NULL);
memset(cruft, 0, BN_num_bytes(session->prime));
offset = BN_num_bytes(session->prime) - BN_num_bytes(session->k);
BN_bn2bin(session->k, cruft + offset);
HMAC_Update(hmac_ctx, cruft, BN_num_bytes(session->prime));
HMAC_Update(hmac_ctx, peer_confirm, SHA256_DIGEST_LENGTH);
HMAC_Update(hmac_ctx, session->my_confirm, SHA256_DIGEST_LENGTH);
pwd_hmac_final(hmac_ctx, mk);
/* stretch the mk with the session-id to get MSK | EMSK */
eap_pwd_kdf(mk, SHA256_DIGEST_LENGTH, (char const *)session_id,
SHA256_DIGEST_LENGTH + 1, msk_emsk, 1024); /* it's bits, ((64 + 64) * 8) */
memcpy(msk, msk_emsk, 64);
memcpy(emsk, msk_emsk + 64, 64);
HMAC_CTX_free(hmac_ctx);
talloc_free(cruft);
return 0;
}
static srtp_err_status_t srtp_hmac_alloc (srtp_auth_t **a, int key_len, int out_len)
{
extern const srtp_auth_type_t srtp_hmac;
debug_print(srtp_mod_hmac, "allocating auth func with key length %d", key_len);
debug_print(srtp_mod_hmac, " tag length %d", out_len);
/* check output length - should be less than 20 bytes */
if (out_len > SHA1_DIGEST_SIZE) {
return srtp_err_status_bad_param;
}
/* OpenSSL 1.1.0 made HMAC_CTX an opaque structure, which must be allocated
using HMAC_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
{
/* allocate memory for auth and HMAC_CTX structures */
uint8_t* pointer;
HMAC_CTX *new_hmac_ctx;
pointer = (uint8_t*)srtp_crypto_alloc(sizeof(HMAC_CTX) + sizeof(srtp_auth_t));
if (pointer == NULL) {
return srtp_err_status_alloc_fail;
}
*a = (srtp_auth_t*)pointer;
(*a)->state = pointer + sizeof(srtp_auth_t);
new_hmac_ctx = (HMAC_CTX*)((*a)->state);
HMAC_CTX_init(new_hmac_ctx);
}
#else
*a = (srtp_auth_t*)srtp_crypto_alloc(sizeof(srtp_auth_t));
if (*a == NULL) {
return srtp_err_status_alloc_fail;
}
(*a)->state = HMAC_CTX_new();
if ((*a)->state == NULL) {
srtp_crypto_free(*a);
*a = NULL;
return srtp_err_status_alloc_fail;
}
#endif
/* set pointers */
(*a)->type = &srtp_hmac;
(*a)->out_len = out_len;
(*a)->key_len = key_len;
(*a)->prefix_len = 0;
return srtp_err_status_ok;
}
static int
_sol_message_digest_hmac_init(struct sol_message_digest *handle, const EVP_MD *md, const struct sol_str_slice key)
{
HMAC_CTX *ctx = HMAC_CTX_new();
if (!ctx)
return -ENOMEM;
if (HMAC_Init_ex(ctx, key.data, key.len, md, NULL))
return 0;
return -EINVAL;
}
static int openssl_hmac_new(lua_State *L)
{
const EVP_MD *type = get_digest(L, 1);
size_t l;
const char *k = luaL_checklstring(L, 2, &l);
ENGINE* e = lua_isnoneornil(L, 3) ? NULL : CHECK_OBJECT(3, ENGINE, "openssl.engine");
HMAC_CTX *c = HMAC_CTX_new();
HMAC_Init_ex(c, k, (int)l, type, e);
PUSH_OBJECT(c, "openssl.hmac_ctx");
return 1;
}
static VALUE
ossl_hmac_alloc(VALUE klass)
{
VALUE obj;
HMAC_CTX *ctx;
obj = NewHMAC(klass);
ctx = HMAC_CTX_new();
if (!ctx)
ossl_raise(eHMACError, NULL);
RTYPEDDATA_DATA(obj) = ctx;
return obj;
}
static int
hmac_new(HMAC_CTX ** ctx)
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
OPENSSL_VERSION_NUMBER == 0x20000000L
if (NULL == (*ctx = (HMAC_CTX *) malloc(sizeof(HMAC_CTX))))
return RFC6287_ERR_POSIX;
HMAC_CTX_init(*ctx);
#else
if (NULL == (*ctx = HMAC_CTX_new()))
return RFC6287_ERR_OPENSSL;
#endif
return 0;
}
static int pkey_hmac_init(EVP_PKEY_CTX *ctx)
{
HMAC_PKEY_CTX *hctx;
hctx = OPENSSL_zalloc(sizeof(*hctx));
if (hctx == NULL)
return 0;
hctx->ktmp.type = V_ASN1_OCTET_STRING;
hctx->ctx = HMAC_CTX_new();
ctx->data = hctx;
ctx->keygen_info_count = 0;
return 1;
}
static int ossl_hmac_init(EVP_PKEY_CTX *ctx)
{
OSSL_HMAC_PKEY_CTX *hctx;
hctx = OPENSSL_zalloc(sizeof(*hctx));
if (hctx == NULL)
return 0;
hctx->ktmp.type = V_ASN1_OCTET_STRING;
hctx->ctx = HMAC_CTX_new();
EVP_PKEY_CTX_set_data(ctx, hctx);
EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
# ifdef TEST_ENG_OPENSSL_HMAC_INIT
fprintf(stderr, "(TEST_ENG_OPENSSL_HMAC) ossl_hmac_init() called\n");
# endif
return 1;
}
tsig_hmac_t
tsig_hmac_allocate()
{
#if SSL_API_LT_110 // ie: 0.9.x
HMAC_CTX *hmac;
ZALLOC_OR_DIE(HMAC_CTX*, hmac, HMAC_CTX, HMACCTX_TAG);
HMAC_CTX_init(hmac);
#else
HMAC_CTX *hmac = HMAC_CTX_new();
if(hmac == NULL)
{
abort();
}
#endif
return hmac;
}
static int openssl_hmac(lua_State *L)
{
if (lua_istable(L, 1))
{
if (lua_getmetatable(L, 1) && lua_equal(L, 1, -1))
{
lua_pop(L, 1);
lua_remove(L, 1);
}
else
luaL_error(L, "call function with invalid state");
}
{
const EVP_MD *type = get_digest(L, 1);
size_t len;
const char *dat = luaL_checklstring(L, 2, &len);
size_t l;
const char *k = luaL_checklstring(L, 3, &l);
int raw = (lua_isnoneornil(L, 4)) ? 0 : lua_toboolean(L, 4);
ENGINE* e = lua_isnoneornil(L, 5) ? NULL : CHECK_OBJECT(5, ENGINE, "openssl.engine");
unsigned char digest[EVP_MAX_MD_SIZE];
HMAC_CTX *c = HMAC_CTX_new();
HMAC_Init_ex(c, k, (int)l, type, e);
HMAC_Update(c, (unsigned char *)dat, len);
len = EVP_MAX_MD_SIZE;
HMAC_Final(c, digest, (unsigned int*)&len);
HMAC_CTX_free(c);
if (raw)
lua_pushlstring(L, (char *)digest, len);
else
{
char hex[2 * EVP_MAX_MD_SIZE + 1];
to_hex((const char*)digest, len, hex);
lua_pushstring(L, hex);
}
}
return 1;
}
/* a counter-based KDF based on NIST SP800-108 */
static void eap_pwd_kdf(uint8_t *key, int keylen, char const *label,
int label_len, uint8_t *retult, int retult_bit_len)
{
HMAC_CTX *hmac_ctx;
uint8_t digest[SHA256_DIGEST_LENGTH];
uint16_t i, ctr, L;
int retult_byte_len, len = 0;
unsigned int mdlen = SHA256_DIGEST_LENGTH;
uint8_t mask = 0xff;
MEM(hmac_ctx = HMAC_CTX_new());
retult_byte_len = (retult_bit_len + 7) / 8;
ctr = 0;
L = htons(retult_bit_len);
while (len < retult_byte_len) {
ctr++; i = htons(ctr);
HMAC_Init_ex(hmac_ctx, key, keylen, EVP_sha256(), NULL);
if (ctr > 1) HMAC_Update(hmac_ctx, digest, mdlen);
HMAC_Update(hmac_ctx, (uint8_t *) &i, sizeof(uint16_t));
HMAC_Update(hmac_ctx, (uint8_t const *)label, label_len);
HMAC_Update(hmac_ctx, (uint8_t *) &L, sizeof(uint16_t));
HMAC_Final(hmac_ctx, digest, &mdlen);
if ((len + (int) mdlen) > retult_byte_len) {
memcpy(retult + len, digest, retult_byte_len - len);
} else {
memcpy(retult + len, digest, mdlen);
}
len += mdlen;
HMAC_CTX_reset(hmac_ctx);
}
/* since we're expanding to a bit length, mask off the excess */
if (retult_bit_len % 8) {
mask <<= (8 - (retult_bit_len % 8));
retult[retult_byte_len - 1] &= mask;
}
HMAC_CTX_free(hmac_ctx);
}
int32_t mz_crypt_hmac_copy(void *src_handle, void *target_handle)
{
mz_crypt_hmac *source = (mz_crypt_hmac *)src_handle;
mz_crypt_hmac *target = (mz_crypt_hmac *)target_handle;
int32_t result = 0;
if (source == NULL || target == NULL)
return MZ_PARAM_ERROR;
if (target->ctx == NULL)
target->ctx = HMAC_CTX_new();
result = HMAC_CTX_copy(target->ctx, source->ctx);
if (!result)
{
target->error = ERR_get_error();
return MZ_HASH_ERROR;
}
return MZ_OK;
}
static void kderive_update(struct kderive_context *ctx)
{
uint32_t i;
#if (OPENSSL_VERSION_NUMBER < 0x1010002f)
HMAC_CTX hctx;
#endif
HMAC_CTX *phctx = NULL;
unsigned char *pos = ctx->out;
uint32_t *p_iter = (uint32_t *)ctx->fid;
uint32_t num_iters = ctx->out_len / PRF_OUTPUT_SIZE;
check_prf_iters(num_iters);
#if (OPENSSL_VERSION_NUMBER < 0x1010002f)
HMAC_CTX_init(&hctx);
phctx = &hctx;
#else
phctx = HMAC_CTX_new();
/* I guess we presume it was successful? */
#endif
for (i = 0; i < num_iters; i++) {
/*
* update the iteration number in the fid
*/
*p_iter = htobe32(i);
HMAC_Init_ex(phctx,
ctx->pkey, ctx->pkey_len >> 3,
EVP_sha256(),
NULL);
HMAC_Update(phctx, ctx->fid, ctx->fid_len);
HMAC_Final(phctx, pos, NULL);
pos += PRF_OUTPUT_SIZE;
}
#if (OPENSSL_VERSION_NUMBER < 0x1010002f)
HMAC_CTX_cleanup(phctx);
#else
HMAC_CTX_free(phctx);
#endif
}
/** Calculate HMAC using OpenSSL's MD5 implementation
*
* @param digest Caller digest to be filled in.
* @param in Pointer to data stream.
* @param inlen length of data stream.
* @param key Pointer to authentication key.
* @param key_len Length of authentication key.
*
*/
void fr_hmac_md5(uint8_t digest[MD5_DIGEST_LENGTH], uint8_t const *in, size_t inlen,
uint8_t const *key, size_t key_len)
{
HMAC_CTX *ctx;
if (unlikely(!md5_hmac_ctx)) {
ctx = HMAC_CTX_new();
if (unlikely(!ctx)) return;
fr_thread_local_set_destructor(md5_hmac_ctx, _hmac_md5_ctx_free_on_exit, ctx);
} else {
ctx = md5_hmac_ctx;
}
#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
/* Since MD5 is not allowed by FIPS, explicitly allow it. */
HMAC_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
#endif /* EVP_MD_CTX_FLAG_NON_FIPS_ALLOW */
HMAC_Init_ex(ctx, key, key_len, EVP_md5(), NULL);
HMAC_Update(ctx, in, inlen);
HMAC_Final(ctx, digest, NULL);
HMAC_CTX_reset(ctx);
}
unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
const unsigned char *d, size_t n, unsigned char *md,
unsigned int *md_len)
{
HMAC_CTX *c = NULL;
static unsigned char m[EVP_MAX_MD_SIZE];
if (md == NULL)
md = m;
if ((c = HMAC_CTX_new()) == NULL)
goto err;
if (!HMAC_Init_ex(c, key, key_len, evp_md, NULL))
goto err;
if (!HMAC_Update(c, d, n))
goto err;
if (!HMAC_Final(c, md, md_len))
goto err;
HMAC_CTX_free(c);
return md;
err:
HMAC_CTX_free(c);
return NULL;
}
static int sqlcipher_openssl_hmac(void *ctx, int algorithm, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) {
unsigned int outlen;
int rc = SQLITE_OK;
HMAC_CTX* hctx = NULL;
if(in == NULL) goto error;
hctx = HMAC_CTX_new();
if(hctx == NULL) goto error;
switch(algorithm) {
case SQLCIPHER_HMAC_SHA1:
if(!HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha1(), NULL)) goto error;
break;
case SQLCIPHER_HMAC_SHA256:
if(!HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha256(), NULL)) goto error;
break;
case SQLCIPHER_HMAC_SHA512:
if(!HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha512(), NULL)) goto error;
break;
default:
goto error;
}
if(!HMAC_Update(hctx, in, in_sz)) goto error;
if(in2 != NULL) {
if(!HMAC_Update(hctx, in2, in2_sz)) goto error;
}
if(!HMAC_Final(hctx, out, &outlen)) goto error;
goto cleanup;
error:
rc = SQLITE_ERROR;
cleanup:
if(hctx) HMAC_CTX_free(hctx);
return rc;
}
HMACCTX hmac_init(const void *key, int len, enum ssh_hmac_e type) {
HMACCTX ctx = NULL;
ctx = HMAC_CTX_new();
if (ctx == NULL) {
return NULL;
}
#ifndef OLD_CRYPTO
HMAC_CTX_reset(ctx); // openssl 0.9.7 requires it.
#endif
switch(type) {
case SSH_HMAC_SHA1:
HMAC_Init_ex(ctx, key, len, EVP_sha1(), NULL);
break;
case SSH_HMAC_SHA256:
HMAC_Init_ex(ctx, key, len, EVP_sha256(), NULL);
break;
case SSH_HMAC_SHA384:
HMAC_Init_ex(ctx, key, len, EVP_sha384(), NULL);
break;
case SSH_HMAC_SHA512:
HMAC_Init_ex(ctx, key, len, EVP_sha512(), NULL);
break;
case SSH_HMAC_MD5:
HMAC_Init_ex(ctx, key, len, EVP_md5(), NULL);
break;
default:
HMAC_CTX_free(ctx);
SAFE_FREE(ctx);
ctx = NULL;
}
return ctx;
}
