ikptr ikrt_openssl_evp_md_nid (ikptr s_algo, ikpcb * pcb) { #if ((defined HAVE_DECL_EVP_MD_NID) && HAVE_DECL_EVP_MD_NID) const EVP_MD * algo = IK_EVP_MD(s_algo); int rv; rv = EVP_MD_nid(algo); return ika_integer_from_int(pcb, rv); #else feature_failure(__func__); #endif }
static LUA_FUNCTION(openssl_digest_info) { EVP_MD *md = CHECK_OBJECT(1, EVP_MD, "openssl.evp_digest"); lua_newtable(L); AUXILIAR_SET(L, -1, "nid", EVP_MD_nid(md), integer); AUXILIAR_SET(L, -1, "name", EVP_MD_name(md), string); AUXILIAR_SET(L, -1, "size", EVP_MD_size(md), integer); AUXILIAR_SET(L, -1, "block_size", EVP_MD_block_size(md), integer); AUXILIAR_SET(L, -1, "pkey_type", EVP_MD_pkey_type(md), integer); AUXILIAR_SET(L, -1, "flags", EVP_MD_type(md), integer); return 1; }
int ssl3_digest_cached_records(SSL *s) { int i; long mask; const EVP_MD *md; long hdatalen; void *hdata; /* Allocate handshake_dgst array */ ssl3_free_digest_list(s); s->s3->handshake_dgst = OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *)); memset(s->s3->handshake_dgst,0,SSL_MAX_DIGEST *sizeof(EVP_MD_CTX *)); hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,&hdata); if (hdatalen <= 0) { SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH); return 0; } /* Loop through bitso of algorithm2 field and create MD_CTX-es */ for (i=0;ssl_get_handshake_digest(i,&mask,&md); i++) { if ((mask & ssl_get_algorithm2(s)) && md) { s->s3->handshake_dgst[i]=EVP_MD_CTX_create(); #ifdef OPENSSL_FIPS if (EVP_MD_nid(md) == NID_md5) { EVP_MD_CTX_set_flags(s->s3->handshake_dgst[i], EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); } #endif EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL); EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen); } else { s->s3->handshake_dgst[i]=NULL; } } if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) { /* Free handshake_buffer BIO */ BIO_free(s->s3->handshake_buffer); s->s3->handshake_buffer = NULL; } return 1; }
int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) { if (PKCS7_type_is_digest(p7)) { if ((p7->d.digest->md->parameter = ASN1_TYPE_new()) == NULL) { PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, ERR_R_MALLOC_FAILURE); return 0; } p7->d.digest->md->parameter->type = V_ASN1_NULL; p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md)); return 1; } PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, PKCS7_R_WRONG_CONTENT_TYPE); return 1; }
int ssl3_digest_cached_records(SSL *s, int keep) { int i; long mask; const EVP_MD *md; long hdatalen; void *hdata; if (s->s3->handshake_dgst == NULL) { /* Allocate handshake_dgst array */ s->s3->handshake_dgst = OPENSSL_malloc(sizeof(*s->s3->handshake_dgst) * SSL_MAX_DIGEST); if (s->s3->handshake_dgst == NULL) { SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE); return 0; } hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); if (hdatalen <= 0) { SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH); return 0; } /* Loop through bits of algorithm2 field and create MD_CTX-es */ for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) { if ((mask & ssl_get_algorithm2(s)) && md) { s->s3->handshake_dgst[i] = EVP_MD_CTX_create(); if (EVP_MD_nid(md) == NID_md5) { EVP_MD_CTX_set_flags(s->s3->handshake_dgst[i], EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); } EVP_DigestInit_ex(s->s3->handshake_dgst[i], md, NULL); EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata, hdatalen); } else { s->s3->handshake_dgst[i] = NULL; } } } if (keep == 0) { BIO_free(s->s3->handshake_buffer); s->s3->handshake_buffer = NULL; } return 1; }
static VALUE ossl_engine_get_digest(VALUE self, VALUE name) { ENGINE *e; const EVP_MD *md, *tmp; char *s; int nid; s = StringValuePtr(name); tmp = EVP_get_digestbyname(s); if(!tmp) ossl_raise(eEngineError, "no such digest `%s'", s); nid = EVP_MD_nid(tmp); GetEngine(self, e); md = ENGINE_get_digest(e, nid); if(!md) ossl_raise(eEngineError, NULL); return ossl_digest_new(md); }
static VALUE ossl_engine_get_digest(VALUE self, VALUE name) { #if defined(HAVE_ENGINE_GET_DIGEST) ENGINE *e; const EVP_MD *md, *tmp; char *s; int nid; s = StringValuePtr(name); tmp = EVP_get_digestbyname(s); if(!tmp) ossl_raise(eEngineError, "no such digest `%s'", s); nid = EVP_MD_nid(tmp); GetEngine(self, e); md = ENGINE_get_digest(e, nid); if(!md) ossl_raise(eEngineError, NULL); return ossl_digest_new(md); #else rb_notimplement(); #endif }
X509_ALGOR *CPK_MAP_new_default() { X509_ALGOR *algor = NULL; const EVP_MD *md = EVP_sha1(); if (md != EVP_sha1() && md != EVP_sha384()) { CPKerr(CPK_F_CPK_MAP_NEW_DEFAULT, CPK_R_BAD_ARGUMENT); goto end; } if (!(algor = X509_ALGOR_new())) { CPKerr(CPK_F_CPK_MAP_NEW_DEFAULT, ERR_R_X509_LIB); goto end; } if (!X509_ALGOR_set0(algor, OBJ_nid2obj(EVP_MD_nid(md)), V_ASN1_UNDEF, NULL)) { X509_ALGOR_free(algor); algor = NULL; CPKerr(CPK_F_CPK_MAP_NEW_DEFAULT, ERR_R_X509_LIB); goto end; } end: return algor; }
void openssl_evp_keyiv() { int i; const EVP_MD *md; const EVP_CIPHER *type; unsigned char salt[32], data[COMM_LEN], *key, *iv; md = EVP_md5(); printf("\nEVP_Md info: type[%d], ", EVP_MD_type(md)); printf("nid[%d], ", EVP_MD_nid(md)); printf("name[%s], ", EVP_MD_name(md)); printf("pkey type[%d], ", EVP_MD_pkey_type(md)); printf("size[%d], ", EVP_MD_size(md)); printf("block size[%d], ", EVP_MD_block_size(md)); type = EVP_des_ecb(); printf("\nEVP_ECB info: encrypto nid[%d], ", EVP_CIPHER_nid(type)); printf("name[%s], ", EVP_CIPHER_name(type)); printf("bock size[%d]", EVP_CIPHER_block_size(type)); key = (unsigned char *)malloc(EVP_CIPHER_key_length(type)); iv = (unsigned char *)malloc(EVP_CIPHER_iv_length(type)); for (i = 0; i < COMM_LEN; i++) memset(&data[i], i, 1); for (i = 0; i < 32; i++) memset(&salt[i], i, 1); EVP_BytesToKey(type, md, salt, data, COMM_LEN, 2, key, iv); printf("\nEVP_key value: "); for (i = 0; i < EVP_CIPHER_key_length(type); i++) printf("%x ", key[i]); printf("\nEVP_iv value: "); for (i = 0; i < EVP_CIPHER_iv_length(type); i++) printf("%x ", iv[i]); printf("\n"); }
int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx) { const EVP_MD *type; EVP_PKEY *pkey; unsigned char *buf_in = NULL, *buf_out = NULL; size_t inl = 0, outl = 0, outll = 0; int signid, paramtype; int rv; type = EVP_MD_CTX_md(ctx); pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); if (!type || !pkey) { ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); return 0; } if (pkey->ameth->item_sign) { rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, signature); if (rv == 1) outl = signature->length; /*- * Return value meanings: * <=0: error. * 1: method does everything. * 2: carry on as normal. * 3: ASN1 method sets algorithm identifiers: just sign. */ if (rv <= 0) ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB); if (rv <= 1) goto err; } else rv = 2; if (rv == 2) { if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { if (!pkey->ameth || !OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type), pkey->ameth->pkey_id)) { ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); return 0; } } else signid = type->pkey_type; if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) paramtype = V_ASN1_NULL; else paramtype = V_ASN1_UNDEF; if (algor1) X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL); if (algor2) X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL); } inl = ASN1_item_i2d(asn, &buf_in, it); outll = outl = EVP_PKEY_size(pkey); buf_out = OPENSSL_malloc((unsigned int)outl); if ((buf_in == NULL) || (buf_out == NULL)) { outl = 0; ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_MALLOC_FAILURE); goto err; } if (!EVP_DigestSignUpdate(ctx, buf_in, inl) || !EVP_DigestSignFinal(ctx, buf_out, &outl)) { outl = 0; ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB); goto err; } if (signature->data != NULL) OPENSSL_free(signature->data); signature->data = buf_out; buf_out = NULL; signature->length = outl; /* * In the interests of compatibility, I'll make sure that the bit string * has a 'not-used bits' value of 0 */ signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; err: EVP_MD_CTX_cleanup(ctx); if (buf_in != NULL) { OPENSSL_cleanse((char *)buf_in, (unsigned int)inl); OPENSSL_free(buf_in); } if (buf_out != NULL) { OPENSSL_cleanse((char *)buf_out, outll); OPENSSL_free(buf_out); } return (outl); }
int DigestEngine::nid() const { return EVP_MD_nid(EVP_MD_CTX_md(_pContext)); }
int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey, const EVP_MD *type) { EVP_MD_CTX ctx; unsigned char *buf_in=NULL,*buf_out=NULL; int inl=0,outl=0,outll=0; int signid, paramtype; if (type == NULL) { int def_nid; if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0) type = EVP_get_digestbynid(def_nid); } if (type == NULL) { ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_NO_DEFAULT_DIGEST); return 0; } if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { if (!pkey->ameth || !OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type), pkey->ameth->pkey_id)) { ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); return 0; } } else signid = type->pkey_type; if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) paramtype = V_ASN1_NULL; else paramtype = V_ASN1_UNDEF; if (algor1) X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL); if (algor2) X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL); EVP_MD_CTX_init(&ctx); inl=ASN1_item_i2d(asn,&buf_in, it); outll=outl=EVP_PKEY_size(pkey); buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl); if ((buf_in == NULL) || (buf_out == NULL)) { outl=0; ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_MALLOC_FAILURE); goto err; } if (!EVP_SignInit_ex(&ctx,type, NULL) || !EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl) || !EVP_SignFinal(&ctx,(unsigned char *)buf_out, (unsigned int *)&outl,pkey)) { outl=0; ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB); goto err; } if (signature->data != NULL) OPENSSL_free(signature->data); signature->data=buf_out; buf_out=NULL; signature->length=outl; /* In the interests of compatibility, I'll make sure that * the bit string has a 'not-used bits' value of 0 */ signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); signature->flags|=ASN1_STRING_FLAG_BITS_LEFT; err: EVP_MD_CTX_cleanup(&ctx); if (buf_in != NULL) { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); } if (buf_out != NULL) { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); } return(outl); }
/** * * \brief Generates a digest then sends the digest to the * ATECCX08 chip to generate an ECDSA signature using * private key from TLS_SLOT_AUTH_PRIV slot. The private * key is always stays in the chip: OpenSSL (nor any * other software) has no way to read it. * * \param[in] ctx - a pointer to the EVP_MD_CTX structure * \param[in] it - a pointer to the ASN1_ITEM structure * \param[in] asn - a void pointer to the parameter * \param[in] algor1 - a pointer to the X509_ALGOR structure * \param[in] algor2 - a pointer to the X509_ALGOR structure * \param[out] signature - a pointer to the ASN1_BIT_STRING * structure to return the signature in the ASN.1 format * \return 1 for success */ int eccx08_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature) { int rc = 0; int ret = 0; const EVP_MD *type; EVP_PKEY *pkey; uint8_t *buf_in = NULL, *buf_out = NULL; uint8_t *sig_in = NULL, *sig_out = NULL; size_t inl = 0, outl = 0, outll = 0; int signid, paramtype; uint8_t slotid = TLS_SLOT_AUTH_PRIV; ATCA_STATUS status = ATCA_GEN_FAIL; extern ECDSA_METHOD eccx08_ecdsa; type = EVP_MD_CTX_md(ctx); pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); if (!type || !pkey) { ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); return 0; } if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { if (!pkey->ameth || !OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type), pkey->ameth->pkey_id)) { ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); return 0; } } else signid = type->pkey_type; if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) paramtype = V_ASN1_NULL; else paramtype = V_ASN1_UNDEF; if (algor1) X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL); if (algor2) X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL); inl = ASN1_item_i2d(asn, &buf_in, it); outll = outl = EVP_PKEY_size(pkey); buf_out = OPENSSL_malloc((unsigned int)outl); if ((buf_in == NULL) || (buf_out == NULL)) { outl = 0; ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_MALLOC_FAILURE); goto done; } #ifdef USE_ECCX08 eccx08_debug("eccx08_item_sign() - HW\n"); ret = EVP_DigestUpdate(ctx, buf_in, inl); if (!ret) goto done; ret = EVP_DigestFinal(ctx, buf_out, (unsigned int *)&outl); if (!ret) goto done; sig_in = OPENSSL_malloc((unsigned int)outll); // source of crash sig_out = sig_in; if (sig_in == NULL) { outl = 0; ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_MALLOC_FAILURE); goto done; } ECDSA_SIG *ecdsasig; ecdsasig = eccx08_ecdsa.ecdsa_do_sign(buf_out, outl, NULL, NULL, pkey->pkey.ec); if (ecdsasig == NULL) goto done; outl = i2d_ECDSA_SIG(ecdsasig, &sig_in); if (ecdsasig->r) { BN_free(ecdsasig->r); ecdsasig->r = NULL; } if (ecdsasig->s) { BN_free(ecdsasig->s); ecdsasig->s = NULL; } ECDSA_SIG_free(ecdsasig); #else // USE_ECCX08 eccx08_debug("eccx08_item_sign() - SW\n"); if (!EVP_DigestSignUpdate(ctx, buf_in, inl) || !EVP_DigestSignFinal(ctx, buf_out, &outl)) { outl = 0; ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB); goto done; } #endif // USE_ECCX08 if (signature->data != NULL) { OPENSSL_free(signature->data); } #ifdef USE_ECCX08 signature->data = sig_out; sig_out = NULL; #else signature->data = buf_out; buf_out = NULL; #endif signature->length = outl; /* * ASN1_item_sign_ctx() in a_sign.c comment (just copy it here): * In the interests of compatibility, I'll make sure that the bit string * has a 'not-used bits' value of 0 */ signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; rc = 1; done: EVP_MD_CTX_cleanup(ctx); if (buf_in != NULL) { OPENSSL_cleanse((char *)buf_in, (unsigned int)inl); OPENSSL_free(buf_in); } if (buf_out != NULL) { OPENSSL_cleanse((char *)buf_out, outll); OPENSSL_free(buf_out); } if (sig_out != NULL) { OPENSSL_cleanse((char *)sig_out, outll); OPENSSL_free(sig_out); } return (rc); }