void PKCS5_PBE_add(void) { #ifndef OPENSSL_NO_DES # ifndef OPENSSL_NO_MD5 EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(), PKCS5_PBE_keyivgen); # endif # ifndef OPENSSL_NO_MD2 EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(), PKCS5_PBE_keyivgen); # endif # ifndef OPENSSL_NO_SHA EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(), PKCS5_PBE_keyivgen); # endif #endif #ifndef OPENSSL_NO_RC2 # ifndef OPENSSL_NO_MD5 EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(), PKCS5_PBE_keyivgen); # endif # ifndef OPENSSL_NO_MD2 EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(), PKCS5_PBE_keyivgen); # endif # ifndef OPENSSL_NO_SHA EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(), PKCS5_PBE_keyivgen); # endif #endif #ifndef OPENSSL_NO_HMAC EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen); #endif }
int main_md2test(int argc, char *argv[]) { int i,err=0; char **P,**R; char *p; unsigned char md[MD2_DIGEST_LENGTH]; P=test; R=ret; i=1; while (*P != NULL) { EVP_Digest((unsigned char *)*P,strlen(*P),md,NULL,EVP_md2(), NULL); p=pt(md); if (strcmp(p,*R) != 0) { printf("error calculating MD2 on '%s'\n",*P); printf("got %s instead of %s\n",p,*R); err++; } else printf("test %d ok\n",i); i++; R++; P++; } #ifdef OPENSSL_SYS_NETWARE if (err) printf("ERROR: %d\n", err); #endif EXIT(err); return err; }
EXPORT_C int SSL_library_init(void) { //#ifdef EMULATOR // InitSSLWsdVar(); //#endif #ifndef OPENSSL_NO_DES EVP_add_cipher(EVP_des_cbc()); EVP_add_cipher(EVP_des_ede3_cbc()); #endif #ifndef OPENSSL_NO_IDEA EVP_add_cipher(EVP_idea_cbc()); #endif #ifndef OPENSSL_NO_RC4 EVP_add_cipher(EVP_rc4()); #endif #ifndef OPENSSL_NO_RC2 EVP_add_cipher(EVP_rc2_cbc()); #endif #ifndef OPENSSL_NO_AES EVP_add_cipher(EVP_aes_128_cbc()); EVP_add_cipher(EVP_aes_192_cbc()); EVP_add_cipher(EVP_aes_256_cbc()); #endif #ifndef OPENSSL_NO_MD2 EVP_add_digest(EVP_md2()); #endif #ifndef OPENSSL_NO_MD5 EVP_add_digest(EVP_md5()); EVP_add_digest_alias(SN_md5,"ssl2-md5"); EVP_add_digest_alias(SN_md5,"ssl3-md5"); #endif #ifndef OPENSSL_NO_SHA EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); #endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); #endif #ifndef OPENSSL_NO_ECDSA EVP_add_digest(EVP_ecdsa()); #endif /* If you want support for phased out ciphers, add the following */ #if 0 EVP_add_digest(EVP_sha()); EVP_add_digest(EVP_dss()); #endif #ifndef OPENSSL_NO_COMP /* This will initialise the built-in compression algorithms. The value returned is a STACK_OF(SSL_COMP), but that can be discarded safely */ (void)SSL_COMP_get_compression_methods(); #endif /* initialize cipher/digest methods table */ ssl_load_ciphers(); return(1); }
static const EVP_MD *getEVPMD(int hashalgo) { switch (hashalgo) { case PGPHASHALGO_MD5: return EVP_md5(); case PGPHASHALGO_SHA1: return EVP_sha1(); case PGPHASHALGO_RIPEMD160: return EVP_ripemd160(); case PGPHASHALGO_MD2: return EVP_md2(); case PGPHASHALGO_SHA256: return EVP_sha256(); case PGPHASHALGO_SHA384: return EVP_sha384(); case PGPHASHALGO_SHA512: return EVP_sha512(); case PGPHASHALGO_SHA224: return EVP_sha224(); default: return EVP_md_null(); } }
ikptr ikrt_openssl_evp_md2 (ikpcb * pcb) { #ifdef HAVE_EVP_MD2 const EVP_MD * rv; rv = EVP_md2(); return ika_pointer_alloc(pcb, (long)rv); #else feature_failure(__func__); #endif }
void OpenSSL_add_all_digests(void) { #ifndef OPENSSL_NO_MD2 EVP_add_digest(EVP_md2()); #endif #ifndef OPENSSL_NO_MD4 EVP_add_digest(EVP_md4()); #endif #ifndef OPENSSL_NO_MD5 EVP_add_digest(EVP_md5()); EVP_add_digest_alias(SN_md5,"ssl2-md5"); EVP_add_digest_alias(SN_md5,"ssl3-md5"); #endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) EVP_add_digest(EVP_sha()); #ifndef OPENSSL_NO_DSA EVP_add_digest(EVP_dss()); #endif #endif #ifndef OPENSSL_NO_SHA EVP_add_digest(EVP_sha1()); EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); #ifndef OPENSSL_NO_DSA EVP_add_digest(EVP_dss1()); EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); #endif #ifndef OPENSSL_NO_ECDSA EVP_add_digest(EVP_ecdsa()); #endif #endif #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) EVP_add_digest(EVP_mdc2()); #endif #ifndef OPENSSL_NO_RIPEMD EVP_add_digest(EVP_ripemd160()); EVP_add_digest_alias(SN_ripemd160,"ripemd"); EVP_add_digest_alias(SN_ripemd160,"rmd160"); #endif #ifndef OPENSSL_NO_SHA256 /* EVP_add_digest(EVP_sha224()); To be added later */ EVP_add_digest(EVP_sha256()); #endif #ifndef OPENSSL_NO_SHA512 EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); #endif }
static int test_md2(int n) { char buf[80]; unsigned char md[MD2_DIGEST_LENGTH]; int i; if (!TEST_true(EVP_Digest((unsigned char *)test[n], strlen(test[n]), md, NULL, EVP_md2(), NULL))) return 0; for (i = 0; i < MD2_DIGEST_LENGTH; i++) sprintf(&(buf[i * 2]), "%02x", md[i]); if (!TEST_str_eq(buf, ret[n])) return 0; return 1; }
const EVP_MD * hb_EVP_MD_par( int iParam ) { const EVP_MD * p; if( HB_ISCHAR( iParam ) ) return EVP_get_digestbyname( hb_parc( iParam ) ); switch( hb_parni( iParam ) ) { case HB_EVP_MD_MD_NULL: p = EVP_md_null(); break; #if ! defined( OPENSSL_NO_MD2 ) && OPENSSL_VERSION_NUMBER < 0x10000000L case HB_EVP_MD_MD2: p = EVP_md2(); break; #endif #ifndef OPENSSL_NO_MD4 case HB_EVP_MD_MD4: p = EVP_md4(); break; #endif #ifndef OPENSSL_NO_MD5 case HB_EVP_MD_MD5: p = EVP_md5(); break; #endif #ifndef OPENSSL_NO_SHA case HB_EVP_MD_SHA: p = EVP_sha(); break; case HB_EVP_MD_SHA1: p = EVP_sha1(); break; case HB_EVP_MD_DSS: p = EVP_dss(); break; case HB_EVP_MD_DSS1: p = EVP_dss1(); break; #if ! defined( HB_OPENSSL_OLD_OSX_ ) case HB_EVP_MD_ECDSA: p = EVP_ecdsa(); break; #endif #endif #ifndef OPENSSL_NO_SHA256 case HB_EVP_MD_SHA224: p = EVP_sha224(); break; case HB_EVP_MD_SHA256: p = EVP_sha256(); break; #endif #ifndef OPENSSL_NO_SHA512 case HB_EVP_MD_SHA384: p = EVP_sha384(); break; case HB_EVP_MD_SHA512: p = EVP_sha512(); break; #endif #ifndef OPENSSL_NO_MDC2 case HB_EVP_MD_MDC2: p = EVP_mdc2(); break; #endif #ifndef OPENSSL_NO_RIPEMD case HB_EVP_MD_RIPEMD160: p = EVP_ripemd160(); break; #endif default: p = NULL; } return p; }
int SSL_library_init(void) { #ifndef NO_DES EVP_add_cipher(EVP_des_cbc()); EVP_add_cipher(EVP_des_ede3_cbc()); #endif #ifndef NO_IDEA EVP_add_cipher(EVP_idea_cbc()); #endif #ifndef NO_RC4 EVP_add_cipher(EVP_rc4()); #endif #ifndef NO_RC2 EVP_add_cipher(EVP_rc2_cbc()); #endif #ifndef NO_MD2 EVP_add_digest(EVP_md2()); #endif #ifndef NO_MD5 EVP_add_digest(EVP_md5()); EVP_add_digest_alias(SN_md5,"ssl2-md5"); EVP_add_digest_alias(SN_md5,"ssl3-md5"); #endif #ifndef NO_SHA EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); #endif #if !defined(NO_SHA) && !defined(NO_DSA) EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); #endif /* If you want support for phased out ciphers, add the following */ #if 0 EVP_add_digest(EVP_sha()); EVP_add_digest(EVP_dss()); #endif return(1); }
static int hb_EVP_MD_ptr_to_id( const EVP_MD * p ) { int n; if( p == EVP_md_null() ) n = HB_EVP_MD_MD_NULL; #ifndef OPENSSL_NO_MD2 else if( p == EVP_md2() ) n = HB_EVP_MD_MD2; #endif #ifndef OPENSSL_NO_MD4 else if( p == EVP_md4() ) n = HB_EVP_MD_MD4; #endif #ifndef OPENSSL_NO_MD5 else if( p == EVP_md5() ) n = HB_EVP_MD_MD5; #endif #ifndef OPENSSL_NO_SHA else if( p == EVP_sha() ) n = HB_EVP_MD_SHA; else if( p == EVP_sha1() ) n = HB_EVP_MD_SHA1; else if( p == EVP_dss() ) n = HB_EVP_MD_DSS; else if( p == EVP_dss1() ) n = HB_EVP_MD_DSS1; #if ! defined( HB_OPENSSL_OLD_OSX_ ) else if( p == EVP_ecdsa() ) n = HB_EVP_MD_ECDSA; #endif #endif #ifndef OPENSSL_NO_SHA256 else if( p == EVP_sha224() ) n = HB_EVP_MD_SHA224; else if( p == EVP_sha256() ) n = HB_EVP_MD_SHA256; #endif #ifndef OPENSSL_NO_SHA512 else if( p == EVP_sha384() ) n = HB_EVP_MD_SHA384; else if( p == EVP_sha512() ) n = HB_EVP_MD_SHA512; #endif #ifndef OPENSSL_NO_MDC2 else if( p == EVP_mdc2() ) n = HB_EVP_MD_MDC2; #endif #ifndef OPENSSL_NO_RIPEMD else if( p == EVP_ripemd160() ) n = HB_EVP_MD_RIPEMD160; #endif else n = HB_EVP_MD_UNSUPPORTED; return n; }
static void test(void) { uint8_t tmp1[EVP_MAX_MD_SIZE]; uint8_t tmp2[EVP_MAX_MD_SIZE]; uint8_t key[256]; uint8_t data[4096]; unsigned int tmp1len; size_t tmp2len; int stop; void *e1; const void *evps[] = { EVP_md2(), EVP_md4(), EVP_md5(), EVP_ripemd160(), EVP_sha1(), EVP_sha224(), EVP_sha256(), EVP_sha384(), EVP_sha512(), }; const char *names[] = { "md2", "md4", "md5", "rmd160", "sha1", "sha224", "sha256", "sha384", "sha512", }; for (size_t k = 0; k < sizeof(key); k++) key[k] = k; for (size_t d = 0; d < sizeof(data); d++) data[d] = d % 256; for (size_t t = 0; t < __arraycount(names); t++) for (size_t i = 1; i < sizeof(key); i += 9) for (size_t j = 3; j < sizeof(data); j += 111) { stop = 0; #ifdef DEBUG printf("%s: keysize = %zu datasize = %zu\n", names[t], i, j); #endif memset(tmp1, 0, sizeof(tmp1)); memset(tmp2, 0, sizeof(tmp2)); e1 = HMAC(evps[t], key, i, data, j, tmp1, &tmp1len); ATF_REQUIRE(e1 != NULL); tmp2len = hmac(names[t], key, i, data, j, tmp2, sizeof(tmp2)); ATF_REQUIRE_MSG(tmp1len == tmp2len, "hash %s len %u " "!= %zu", names[t], tmp1len, tmp2len); for (size_t k = 0; k < tmp2len; k++) if (tmp1[k] != tmp2[k]) { #ifdef DEBUG printf("%zu %.2x %.2x\n", k, tmp1[k], tmp2[k]); #endif stop = 1; break; } ATF_REQUIRE_MSG(!stop, "hash %s failed for " "keylen=%zu, datalen=%zu", names[t], i, j); } }
int main(int argc, char **argv, char **envp) { #if 0 const char *algorithm = NULL; #else const char *algorithm = "md5"; #endif const char *key = NULL; const char *msg = NULL; const char *signature = NULL; #if 0 const char *type = NULL; #else const char *type = "rsa"; #endif xxxflag = false; if(!(prog = basename(argv[0]))) { fprintf(stderr, "err: basename: %s -- %s\n", strerror(errno), argv[0]); return(-1); /* NOTREACHED */ } { int ch = 0; #if 0 while((ch = getopt(argc, argv, "a:k:m:s:t:@")) != -1) { #else while((ch = getopt(argc, argv, "k:m:s:@")) != -1) { #endif switch (ch) { #if 0 case 'a': algorithm = optarg; break; #endif case 'k': key = optarg; break; case 'm': msg = optarg; break; case 's': signature = optarg; break; #if 0 case 't': type = optarg; break; #endif case '@': xxxflag = true; break; default: usage(); /* NOTREACHED */ break; } } argc -= optind; argv += optind; } if(argc || !algorithm || !key || !msg || !type) { usage(); /* NOTREACHED */ } return(sigcomp_main(algorithm, key, msg, signature, type)? 0: -1); /* NOTREACHED */ } static bool sigcomp_main(const char *const algorithm, const char *const key, const char *const msg, const char *const signature, const char *const type) { const EVP_MD *evp_md = NULL; BIGNUM *bn_key = NULL; BIGNUM *bn_msg = NULL; BIGNUM *bn_signature = NULL; ERR_load_crypto_strings(); if(!(evp_md = evp_md_with_algorithm(type, algorithm))) { fprintf(stderr, "err: algorithm: %s -- " "unknown algorithm for %s\n", algorithm, type); return(sigcomp_return(false, bn_key, bn_msg, bn_signature)); } /* key -> bn_key */ if(!(bn_key = BN_new())) { openssl_strerror("BN_new"); return(sigcomp_return(false, bn_key, bn_msg, bn_signature)); } if(!BN_hex2bn(&bn_key, (const char *)key)) { openssl_strerror("BN_hex2bn"); return(sigcomp_return(false, bn_key, bn_msg, bn_signature)); } /* msg -> bn_msg */ if(!(bn_msg = BN_new())) { openssl_strerror("BN_new"); return(sigcomp_return(false, bn_key, bn_msg, bn_signature)); } if(!BN_hex2bn(&bn_msg, (const char *)msg)) { openssl_strerror("BN_hex2bn"); return(sigcomp_return(false, bn_key, bn_msg, bn_signature)); } if(signature) { /* signature -> bn_signature */ if(!(bn_signature = BN_new())) { openssl_strerror("BN_new"); return(sigcomp_return(false, bn_key, bn_msg, bn_signature)); } if(!BN_hex2bn(&bn_signature, (const char *)signature)) { openssl_strerror("BN_hex2bn"); return(sigcomp_return(false, bn_key, bn_msg, bn_signature)); } if(!sigcomp_vrfy(evp_md, bn_key, bn_msg, bn_signature, type)) { return(sigcomp_return(false, bn_key, bn_msg, bn_signature)); } } else { if(!sigcomp_sign(evp_md, bn_key, bn_msg, type)) { return(sigcomp_return(false, bn_key, bn_msg, bn_signature)); } } return(sigcomp_return(true, bn_key, bn_msg, bn_signature)); } static bool sigcomp_return(const bool code, BIGNUM *bn_key, BIGNUM *bn_msg, BIGNUM *bn_signature) { if(bn_signature) { BN_free(bn_signature); bn_signature = NULL; } if(bn_msg) { BN_free(bn_msg); bn_msg = NULL; } if(bn_key) { BN_free(bn_key); bn_key = NULL; } return(code); } static bool sigcomp_sign(const EVP_MD *const evp_md, const BIGNUM *const bn_key, const BIGNUM *const bn_msg, const char *const type) { EVP_PKEY *pkey = NULL; unsigned char *key = NULL; unsigned char *msg = NULL; unsigned char *signature = NULL; unsigned char *ptr = NULL; int keylen = 0; int msglen = 0; int signaturelen = 0; int padding = 0; /* bn_key -> key */ if(!(keylen = BN_num_bytes(bn_key))) { openssl_strerror("BN_num_bytes"); return(sigcomp_sign_return(false, key, msg, signature, pkey)); } if(!(key = (unsigned char *)malloc(keylen))) { fprintf(stderr, "err: malloc: %s\n", strerror(errno)); return(sigcomp_sign_return(false, key, msg, signature, pkey)); } if(BN_bn2bin(bn_key, key) != keylen) { openssl_strerror("BN_bn2bin"); return(sigcomp_sign_return(false, key, msg, signature, pkey)); } #ifdef DEBUG dmp(stderr, "key", key, keylen); #endif // DEBUG /* bn_msg -> msg */ if(!(msglen = BN_num_bytes(bn_msg))) { openssl_strerror("BN_num_bytes"); return(sigcomp_sign_return(false, key, msg, signature, pkey)); } if(!(msg = (unsigned char *)malloc(msglen))) { fprintf(stderr, "err: malloc: %s\n", strerror(errno)); return(sigcomp_sign_return(false, key, msg, signature, pkey)); } if(BN_bn2bin(bn_msg, msg) != msglen) { openssl_strerror("BN_bn2bin"); return(sigcomp_sign_return(false, key, msg, signature, pkey)); } #ifdef DEBUG dmp(stderr, "msg", msg, msglen); #endif // DEBUG ptr = key; for( ; ; ) { if(!strcmp(type, "rsa")) { #if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x0090800fL) if(!(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (const unsigned char **)&ptr, keylen))) { #else if(!(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &ptr, keylen))) { #endif openssl_strerror("d2i_PrivateKey"); return(sigcomp_sign_return(false, key, msg, signature, pkey)); } signaturelen = RSA_size(pkey->pkey.rsa); padding = RSA_PKCS1_PADDING; break; } if(!strcmp(type, "dsa")) { #if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x0090800fL) if(!(pkey = d2i_PrivateKey(EVP_PKEY_DSA, NULL, (const unsigned char **)&ptr, keylen))) { #else if(!(pkey = d2i_PrivateKey(EVP_PKEY_DSA, NULL, &ptr, keylen))) { #endif openssl_strerror("d2i_PrivateKey"); return(sigcomp_sign_return(false, key, msg, signature, pkey)); } fprintf(stderr, "err: type: %s -- not implemented\n", type); return(sigcomp_sign_return(false, key, msg, signature, pkey)); break; } fprintf(stderr, "err: type: %s -- unknown type\n", type); return(sigcomp_sign_return(false, key, msg, signature, pkey)); /* NOTREACHED */ } if(!(signature = (unsigned char *)malloc(signaturelen))) { fprintf(stderr, "err: malloc: %s\n", strerror(errno)); return(sigcomp_sign_return(false, key, msg, signature, pkey)); } RSA_private_encrypt(msglen, msg, signature, pkey->pkey.rsa, padding); #ifdef DEBUG dmp(stderr, "signature", signature, signaturelen); #endif // DEBUG sigcomp_sign_dump(key, keylen, msg, msglen, signature, signaturelen); return(sigcomp_sign_return(true, key, msg, signature, pkey)); } static void sigcomp_sign_dump(const unsigned char *const key, int keylen, const unsigned char *const msg, int msglen, const unsigned char *const signature, int signaturelen) { int d = 0; if(xxxflag) { #if 0 /* needless */ for(d = 0; d < msglen; d ++) { printf("%02x", msg[d]); } #endif for(d = 0; d < signaturelen; d ++) { printf("%02x", signature[d]); } printf("\n"); return; } printf("log:SigCompSign_Results (length:%d)\n", keylen + msglen + signaturelen); printf("log:| PrivateKey (length:%d)\n", keylen); printf("log:| | data = "); for(d = 0; d < keylen; d ++) { printf("%02x", key[d]); } printf("\n"); printf("log:| Message (length:%d)\n", msglen); printf("log:| | data = "); for(d = 0; d < msglen; d ++) { printf("%02x", msg[d]); } printf("\n"); printf("log:| Signature (length:%d)\n", signaturelen); printf("log:| | data = "); for(d = 0; d < signaturelen; d ++) { printf("%02x", signature[d]); } printf("\n"); return; } static bool sigcomp_sign_return(const bool code, unsigned char *key, unsigned char *msg, unsigned char *signature, EVP_PKEY *pkey) { if(pkey) { EVP_PKEY_free(pkey); pkey = NULL; } if(signature) { free(signature); signature = NULL; } if(msg) { free(msg); msg = NULL; } if(key) { free(key); key = NULL; } return(code); } static bool sigcomp_vrfy(const EVP_MD *const evp_md, const BIGNUM *const bn_key, const BIGNUM *const bn_msg, const BIGNUM *const bn_signature, const char *const type) { EVP_PKEY *pkey = NULL; unsigned char *key = NULL; unsigned char *msg = NULL; unsigned char *signature = NULL; unsigned char *to = NULL; unsigned char *ptr = NULL; int keylen = 0; int msglen = 0; int signaturelen = 0; int tolen = 0; int padding = 0; bool compare = true; /* bn_key -> key */ if(!(keylen = BN_num_bytes(bn_key))) { openssl_strerror("BN_num_bytes"); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); } if(!(key = (unsigned char *)malloc(keylen))) { fprintf(stderr, "err: malloc: %s\n", strerror(errno)); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); } if(BN_bn2bin(bn_key, key) != keylen) { openssl_strerror("BN_bn2bin"); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); } #ifdef DEBUG dmp(stderr, "key", key, keylen); #endif // DEBUG /* bn_msg -> msg */ if(!(msglen = BN_num_bytes(bn_msg))) { openssl_strerror("BN_num_bytes"); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); } if(!(msg = (unsigned char *)malloc(msglen))) { fprintf(stderr, "err: malloc: %s\n", strerror(errno)); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); } if(BN_bn2bin(bn_msg, msg) != msglen) { openssl_strerror("BN_bn2bin"); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); } #ifdef DEBUG dmp(stderr, "msg", msg, msglen); #endif // DEBUG /* bn_signature -> signature */ if(!(signaturelen = BN_num_bytes(bn_signature))) { openssl_strerror("BN_num_bytes"); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); } if(!(signature = (unsigned char *)malloc(signaturelen))) { fprintf(stderr, "err: malloc: %s\n", strerror(errno)); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); } if(BN_bn2bin(bn_signature, signature) != signaturelen) { openssl_strerror("BN_bn2bin"); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); } #ifdef DEBUG dmp(stderr, "signature", signature, signaturelen); #endif // DEBUG ptr = key; for( ; ; ) { if(!strcmp(type, "rsa")) { #if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x0090800fL) if(!(pkey = d2i_PublicKey(EVP_PKEY_RSA, NULL, (const unsigned char **)&ptr, keylen))) { #else if(!(pkey = d2i_PublicKey(EVP_PKEY_RSA, NULL, &ptr, keylen))) { #endif openssl_strerror("d2i_PublicKey"); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); } tolen = RSA_size(pkey->pkey.rsa); padding = RSA_PKCS1_PADDING; break; } if(!strcmp(type, "dsa")) { #if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x0090800fL) if(!(pkey = d2i_PublicKey(EVP_PKEY_DSA, NULL, (const unsigned char **)&ptr, keylen))) { #else if(!(pkey = d2i_PublicKey(EVP_PKEY_DSA, NULL, &ptr, keylen))) { #endif openssl_strerror("d2i_PublicKey"); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); } fprintf(stderr, "err: type: %s -- not implemented\n", type); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); /* NOTREACHED */ break; } fprintf(stderr, "err: type: %s -- unknown type\n", type); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); /* NOTREACHED */ } if(!(to = (unsigned char *)malloc(tolen))) { fprintf(stderr, "err: malloc: %s\n", strerror(errno)); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); } if(RSA_public_decrypt(signaturelen, signature, to, pkey->pkey.rsa, padding) < 0) { openssl_strerror("RSA_public_decrypt"); return(sigcomp_vrfy_return(true, key, msg, signature, to, pkey)); } if(memcmp(msg, to, msglen)) { compare = false; } sigcomp_vrfy_dump(compare, key, keylen, msg, msglen, signature, signaturelen, to, tolen); return(sigcomp_vrfy_return(true, key, msg, signature, to, pkey)); } static void sigcomp_vrfy_dump(const bool code, const unsigned char *const key, int keylen, const unsigned char *const msg, int msglen, const unsigned char *const signature, int signaturelen, const unsigned char *const to, int tolen) { int d = 0; printf("log:SigCompVrfy_Results (length:%d)\n", keylen + msglen + signaturelen + tolen); printf("log:| PublicKey (length:%d)\n", keylen); printf("log:| | data = "); for(d = 0; d < keylen; d ++) { printf("%02x", key[d]); } printf("\n"); printf("log:| Message (length:%d)\n", msglen); printf("log:| | data = "); for(d = 0; d < msglen; d ++) { printf("%02x", msg[d]); } printf("\n"); printf("log:| Signature (length:%d)\n", signaturelen + tolen); printf("log:| | status = %s\n", code? "true": "false"); printf("log:| | Encrypted (length:%d)\n", signaturelen); printf("log:| | | data = "); for(d = 0; d < signaturelen; d ++) { printf("%02x", signature[d]); } printf("\n"); printf("log:| | Decrypted (length:%d)\n", tolen); printf("log:| | | data = "); for(d = 0; d < tolen; d ++) { printf("%02x", to[d]); } printf("\n"); return; } static bool sigcomp_vrfy_return(const bool code, unsigned char *key, unsigned char *msg, unsigned char *signature, unsigned char *to, EVP_PKEY *pkey) { if(pkey) { EVP_PKEY_free(pkey); pkey = NULL; } if(to) { free(to); to = NULL; } if(signature) { free(signature); signature = NULL; } if(msg) { free(msg); msg = NULL; } if(key) { free(key); key = NULL; } return(code); } static const EVP_MD * evp_md_with_algorithm(const char *const type, const char *const algorithm) { const EVP_MD *evp_md = NULL; bool dsa = false; bool rsa = false; for( ; ; ) { if(!strcmp(type, "dsa")) { dsa = true; break; } if(!strcmp(type, "rsa")) { rsa = true; break; } break; } for( ; ; ) { if(dsa && !strcmp(algorithm, "dss1")) { evp_md = EVP_dss1(); break; } if(rsa && !strcmp(algorithm, "md2")) { evp_md = EVP_md2(); break; } if(rsa && !strcmp(algorithm, "md4")) { evp_md = EVP_md4(); break; } if(rsa && !strcmp(algorithm, "md5")) { evp_md = EVP_md5(); break; } #if ! defined(__linux__) if(rsa && !strcmp(algorithm, "mdc2")) { evp_md = EVP_mdc2(); break; } #endif if(rsa && !strcmp(algorithm, "ripemd160")) { evp_md = EVP_ripemd160(); break; } if(rsa && !strcmp(algorithm, "sha1")) { evp_md = EVP_sha1(); break; } break; } return(evp_md); } static void openssl_strerror(const char *const label) { unsigned long code = 0; while((code = ERR_get_error())) { fprintf(stderr, "err: %s: %s\n", label, ERR_error_string(code, NULL)); } return; }