int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
const char *str, int slen, unsigned char *out)
{
unsigned int i;
EVP_MD_CTX ctx;
unsigned char buf[TLS_MD_MAX_CONST_SIZE+MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
unsigned char *q,buf2[12];
q=buf;
memcpy(q,str,slen);
q+=slen;
EVP_MD_CTX_copy(&ctx,in1_ctx);
EVP_DigestFinal(&ctx,q,&i);
q+=i;
EVP_MD_CTX_copy(&ctx,in2_ctx);
EVP_DigestFinal(&ctx,q,&i);
q+=i;
tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
s->session->master_key,s->session->master_key_length,
out,buf2,12);
memset(&ctx,0,sizeof(EVP_MD_CTX));
return((int)12);
}
void
HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
{
if (!out || !in) return;
memcpy(out, in, sizeof(HMAC_CTX));
EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx);
EVP_MD_CTX_copy(&out->i_ctx, &in->i_ctx);
EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx);
}
int HMAC_CTX_copy(HMAC_CTX *dest, const HMAC_CTX *src) {
if (!EVP_MD_CTX_copy(&dest->i_ctx, &src->i_ctx) ||
!EVP_MD_CTX_copy(&dest->o_ctx, &src->o_ctx) ||
!EVP_MD_CTX_copy(&dest->md_ctx, &src->md_ctx)) {
return 0;
}
memcpy(dest->key, src->key, HMAC_MAX_MD_CBLOCK);
dest->key_length = src->key_length;
dest->md = src->md;
return 1;
}
// Copied from openssl crypto/hmac/hmac.c
int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
{
if (!EVP_MD_CTX_copy(&dctx->i_ctx, &sctx->i_ctx))
goto err;
if (!EVP_MD_CTX_copy(&dctx->o_ctx, &sctx->o_ctx))
goto err;
if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx))
goto err;
memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
dctx->key_length = sctx->key_length;
dctx->md = sctx->md;
return 1;
err:
return 0;
}
static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
const char *sender, int len, unsigned char *p)
{
unsigned int ret;
int npad,n;
unsigned int i;
unsigned char md_buf[EVP_MAX_MD_SIZE];
EVP_MD_CTX ctx;
EVP_MD_CTX_copy(&ctx,in_ctx);
n=EVP_MD_CTX_size(&ctx);
npad=(48/n)*n;
if (sender != NULL)
EVP_DigestUpdate(&ctx,sender,len);
EVP_DigestUpdate(&ctx,s->session->master_key,
s->session->master_key_length);
EVP_DigestUpdate(&ctx,ssl3_pad_1,npad);
EVP_DigestFinal(&ctx,md_buf,&i);
EVP_DigestInit(&ctx,EVP_MD_CTX_md(&ctx));
EVP_DigestUpdate(&ctx,s->session->master_key,
s->session->master_key_length);
EVP_DigestUpdate(&ctx,ssl3_pad_2,npad);
EVP_DigestUpdate(&ctx,md_buf,i);
EVP_DigestFinal(&ctx,p,&ret);
memset(&ctx,0,sizeof(EVP_MD_CTX));
return((int)ret);
}
void ssl2_mac(SSL *s, unsigned char *md, int send)
{
EVP_MD_CTX c;
unsigned char sequence[4], *p, *sec, *act;
unsigned long seq;
unsigned int len;
if (send) {
seq = s->s2->write_sequence;
sec = s->s2->write_key;
len = s->s2->wact_data_length;
act = s->s2->wact_data;
} else {
seq = s->s2->read_sequence;
sec = s->s2->read_key;
len = s->s2->ract_data_length;
act = s->s2->ract_data;
}
p = &(sequence[0]);
l2n(seq, p);
/* There has to be a MAC algorithm. */
EVP_MD_CTX_init(&c);
EVP_MD_CTX_copy(&c, s->read_hash);
EVP_DigestUpdate(&c, sec, EVP_CIPHER_CTX_key_length(s->enc_read_ctx));
EVP_DigestUpdate(&c, act, len);
/* the above line also does the pad data */
EVP_DigestUpdate(&c, sequence, 4);
EVP_DigestFinal_ex(&c, md, NULL);
EVP_MD_CTX_cleanup(&c);
}
static int
_md_copy (md_ctx *xdst, md_ctx *xsrc)
{
assert (xdst != NULL);
assert (xsrc != NULL);
if (_md_ctx_create (xdst) < 0) {
return (-1);
}
#if HAVE_EVP_MD_CTX_COPY_EX
/* OpenSSL >= 0.9.7 */
if (!(EVP_MD_CTX_copy_ex (xdst->ctx, xsrc->ctx))) {
return (-1);
}
#elif HAVE_EVP_MD_CTX_COPY
/* EVP_MD_CTX_copy() implicitly initializes the EVP_MD_CTX for xdst. */
if (!(EVP_MD_CTX_copy (xdst->ctx, xsrc->ctx))) {
return (-1);
}
#else /* !HAVE_EVP_MD_CTX_COPY */
#error "No OpenSSL EVP_MD_CTX_copy"
#endif /* !HAVE_EVP_MD_CTX_COPY */
return (0);
}
int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf,
unsigned int siglen, EVP_PKEY *pkey)
{
unsigned char m[EVP_MAX_MD_SIZE];
unsigned int m_len;
int i,ok=0,v;
MS_STATIC EVP_MD_CTX tmp_ctx;
for (i=0; i<4; i++)
{
v=ctx->digest->required_pkey_type[i];
if (v == 0) break;
if (pkey->type == v)
{
ok=1;
break;
}
}
if (!ok)
{
EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
return(-1);
}
EVP_MD_CTX_copy(&tmp_ctx,ctx);
EVP_DigestFinal(&tmp_ctx,&(m[0]),&m_len);
if (ctx->digest->verify == NULL)
{
EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
return(0);
}
return(ctx->digest->verify(ctx->digest->type,m,m_len,
sigbuf,siglen,pkey->pkey.ptr));
}
int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
{
unsigned int ret;
EVP_MD_CTX ctx;
EVP_MD_CTX_copy(&ctx,in_ctx);
EVP_DigestFinal(&ctx,out,&ret);
return((int)ret);
}
/** @impl_interface_method{RTCRDIGESTDESC::pfnClone} */
static DECLCALLBACK(int) rtCrDigestOsslEvp_Clone(void *pvState, void const *pvSrcState)
{
EVP_MD_CTX *pThis = (EVP_MD_CTX *)pvState;
EVP_MD_CTX const *pSrc = (EVP_MD_CTX const *)pvSrcState;
if (EVP_MD_CTX_copy(pThis, pSrc))
return VINF_SUCCESS;
return VERR_CR_DIGEST_OSSL_DIGEST_CTX_COPY_ERROR;
}
static int
locked_EVP_MD_CTX_copy(EVP_MD_CTX *new_ctx_p, EVPobject *self)
{
int result;
ENTER_HASHLIB(self);
result = EVP_MD_CTX_copy(new_ctx_p, self->ctx);
LEAVE_HASHLIB(self);
return result;
}
static mrb_value
lib_md_digest(mrb_state *mrb, const struct mrb_md *md)
{
EVP_MD_CTX ctx;
unsigned int mdlen;
unsigned char mdstr[EVP_MAX_MD_SIZE];
EVP_MD_CTX_copy(&ctx, md->ctx);
EVP_DigestFinal_ex(&ctx, mdstr, &mdlen);
return mrb_str_new(mrb, (char *)mdstr, mdlen);
}
static srtp_err_status_t srtp_hmac_start (srtp_hmac_ctx_t *state)
{
if (state->ctx_initialized) {
EVP_MD_CTX_cleanup(&state->ctx);
}
if (!EVP_MD_CTX_copy(&state->ctx, &state->init_ctx)) {
return srtp_err_status_auth_fail;
} else {
state->ctx_initialized = 1;
return srtp_err_status_ok;
}
}
static VALUE
ossl_digest_copy(VALUE self, VALUE other)
{
EVP_MD_CTX *ctx1, *ctx2;
rb_check_frozen(self);
if (self == other) return self;
GetDigest(self, ctx1);
SafeGetDigest(other, ctx2);
if (!EVP_MD_CTX_copy(ctx1, ctx2)) {
ossl_raise(eDigestError, NULL);
}
return self;
}
DIGEST_CTX rpmDigestDup(DIGEST_CTX octx)
{
if (!octx) return NULL;
DIGEST_CTX nctx = NULL;
nctx = xcalloc(1, sizeof(*nctx));
nctx->flags = octx->flags;
nctx->algo = octx->algo;
nctx->md_ctx = EVP_MD_CTX_new();
if (!nctx->md_ctx) {
free(nctx);
return NULL;
}
if (!EVP_MD_CTX_copy(nctx->md_ctx, octx->md_ctx)) {
free(nctx);
return NULL;
}
return nctx;
}
int tls1_mac(SSL *ssl, unsigned char *md, int send)
{
SSL3_RECORD *rec;
unsigned char *seq;
EVP_MD_CTX *hash;
size_t md_size;
int i;
EVP_MD_CTX hmac, *mac_ctx;
unsigned char buf[5];
int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM));
int t;
if (send)
{
rec= &(ssl->s3->wrec);
seq= &(ssl->s3->write_sequence[0]);
hash=ssl->write_hash;
}
else
{
rec= &(ssl->s3->rrec);
seq= &(ssl->s3->read_sequence[0]);
hash=ssl->read_hash;
}
t=EVP_MD_CTX_size(hash);
TINYCLR_SSL_ASSERT(t >= 0);
md_size=t;
buf[0]=rec->type;
buf[1]=(unsigned char)(ssl->version>>8);
buf[2]=(unsigned char)(ssl->version);
buf[3]=rec->length>>8;
buf[4]=rec->length&0xff;
/* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
if (stream_mac)
{
mac_ctx = hash;
}
else
{
EVP_MD_CTX_copy(&hmac,hash);
mac_ctx = &hmac;
}
if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER)
{
unsigned char dtlsseq[8],*p=dtlsseq;
s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
TINYCLR_SSL_MEMCPY (p,&seq[2],6);
EVP_DigestSignUpdate(mac_ctx,dtlsseq,8);
}
else
EVP_DigestSignUpdate(mac_ctx,seq,8);
EVP_DigestSignUpdate(mac_ctx,buf,5);
EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length);
t=EVP_DigestSignFinal(mac_ctx,md,&md_size);
TINYCLR_SSL_ASSERT(t > 0);
if (!stream_mac) EVP_MD_CTX_cleanup(&hmac);
#ifdef TLS_DEBUG
TINYCLR_SSL_PRINTF("sec=");
{unsigned int z; for (z=0; z<md_size; z++) TINYCLR_SSL_PRINTF("%02X ",mac_sec[z]); TINYCLR_SSL_PRINTF("\n"); }
TINYCLR_SSL_PRINTF("seq=");
{int z; for (z=0; z<8; z++) TINYCLR_SSL_PRINTF("%02X ",seq[z]); TINYCLR_SSL_PRINTF("\n"); }
TINYCLR_SSL_PRINTF("buf=");
{int z; for (z=0; z<5; z++) TINYCLR_SSL_PRINTF("%02X ",buf[z]); TINYCLR_SSL_PRINTF("\n"); }
TINYCLR_SSL_PRINTF("rec=");
{unsigned int z; for (z=0; z<rec->length; z++) TINYCLR_SSL_PRINTF("%02X ",buf[z]); TINYCLR_SSL_PRINTF("\n"); }
#endif
if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER)
{
for (i=7; i>=0; i--)
{
++seq[i];
if (seq[i] != 0) break;
}
}
#ifdef TLS_DEBUG
{unsigned int z; for (z=0; z<md_size; z++) TINYCLR_SSL_PRINTF("%02X ",md[z]); TINYCLR_SSL_PRINTF("\n"); }
#endif
return(md_size);
}
bool RarVolume::DecryptRar3Prepare(const uint8 salt[8])
{
WString wstr(*m_password);
int len = wstr.Length();
if (len == 0) return false;
CharBuffer seed(len * 2 + 8);
for (int i = 0; i < len; i++)
{
wchar_t ch = wstr[i];
seed[i * 2] = ch & 0xFF;
seed[i * 2 + 1] = (ch & 0xFF00) >> 8;
}
memcpy(seed + len * 2, salt, 8);
debug("seed: %s", *Util::FormatBuffer((const char*)seed, seed.Size()));
#ifdef HAVE_OPENSSL
EVP_MD_CTX* context = EVP_MD_CTX_create();
if (!EVP_DigestInit(context, EVP_sha1()))
{
EVP_MD_CTX_destroy(context);
return false;
}
#elif defined(HAVE_NETTLE)
sha1_ctx context;
sha1_init(&context);
#else
return false;
#endif
uint8 digest[20];
const int rounds = 0x40000;
for (int i = 0; i < rounds; i++)
{
#ifdef HAVE_OPENSSL
EVP_DigestUpdate(context, *seed, seed.Size());
#elif defined(HAVE_NETTLE)
sha1_update(&context, seed.Size(), (const uint8_t*)*seed);
#endif
uint8 buf[3];
buf[0] = (uint8)i;
buf[1] = (uint8)(i >> 8);
buf[2] = (uint8)(i >> 16);
#ifdef HAVE_OPENSSL
EVP_DigestUpdate(context, buf, sizeof(buf));
#elif defined(HAVE_NETTLE)
sha1_update(&context, sizeof(buf), buf);
#endif
if (i % (rounds / 16) == 0)
{
#ifdef HAVE_OPENSSL
EVP_MD_CTX* ivContext = EVP_MD_CTX_create();
EVP_MD_CTX_copy(ivContext, context);
EVP_DigestFinal(ivContext, digest, nullptr);
EVP_MD_CTX_destroy(ivContext);
#elif defined(HAVE_NETTLE)
sha1_ctx ivContext = context;
sha1_digest(&ivContext, sizeof(digest), digest);
#endif
m_decryptIV[i / (rounds / 16)] = digest[sizeof(digest) - 1];
}
}
#ifdef HAVE_OPENSSL
EVP_DigestFinal(context, digest, nullptr);
EVP_MD_CTX_destroy(context);
#elif defined(HAVE_NETTLE)
sha1_digest(&context, sizeof(digest), digest);
#endif
debug("digest: %s", *Util::FormatBuffer((const char*)digest, sizeof(digest)));
for (int i = 0; i < 4; i++)
{
for (int j = 0; j < 4; j++)
{
m_decryptKey[i * 4 + j] = digest[i * 4 + 3 - j];
}
}
debug("key: %s", *Util::FormatBuffer((const char*)m_decryptKey, sizeof(m_decryptKey)));
debug("iv: %s", *Util::FormatBuffer((const char*)m_decryptIV, sizeof(m_decryptIV)));
return true;
}