int X509_ocspid_print(BIO *bp, X509 *x)
{
unsigned char *der = NULL;
unsigned char *dertmp;
int derlen;
int i;
unsigned char SHA1md[SHA_DIGEST_LENGTH];
/*
* display the hash of the subject as it would appear in OCSP requests
*/
if (BIO_printf(bp, " Subject OCSP hash: ") <= 0)
goto err;
derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
if ((der = dertmp = (unsigned char *)OPENSSL_malloc(derlen)) == NULL)
goto err;
i2d_X509_NAME(x->cert_info->subject, &dertmp);
if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL))
goto err;
for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
goto err;
}
OPENSSL_free(der);
der = NULL;
/*
* display the hash of the public key as it would appear in OCSP requests
*/
if (BIO_printf(bp, "\n Public key OCSP hash: ") <= 0)
goto err;
if (!EVP_Digest(x->cert_info->key->public_key->data,
x->cert_info->key->public_key->length,
SHA1md, NULL, EVP_sha1(), NULL))
goto err;
for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
goto err;
}
BIO_printf(bp, "\n");
return (1);
err:
if (der != NULL)
OPENSSL_free(der);
return (0);
}
string& WS::ComputeKey(string& key) {
key.append("258EAFA5-E914-47DA-95CA-C5AB0DC85B11"); // WEBSOCKET_GUID
UInt8 temp[20];
EVP_Digest(key.c_str(),key.size(),temp,NULL,EVP_sha1(),NULL);
return Util::ToBase64(temp, sizeof(temp), key);
}
int main(int argc, char *argv[])
{
int i,err=0;
unsigned char **P,**R;
char *p;
unsigned char md[RIPEMD160_DIGEST_LENGTH];
P=(unsigned char **)test;
R=(unsigned char **)ret;
i=1;
while (*P != NULL)
{
#ifdef CHARSET_EBCDIC
ebcdic2ascii((char *)*P, (char *)*P, strlen((char *)*P));
#endif
EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_ripemd160(), NULL);
p=pt(md);
if (strcmp(p,(char *)*R) != 0)
{
printf("error calculating RIPEMD160 on '%s'\n",*P);
printf("got %s instead of %s\n",p,*R);
err++;
}
else
printf("test %d ok\n",i);
i++;
R++;
P++;
}
EXIT(err);
return(0);
}
int main(int argc, char **argv) {
size_t i, j;
uint8_t md[SHA_DIGEST_LENGTH];
char md_hex[sizeof(md) * 2 + 1];
int ok = 1;
CRYPTO_library_init();
for (i = 0; test[i] != NULL; i++) {
EVP_Digest(test[i], strlen(test[i]), md, NULL, EVP_sha1(), NULL);
for (j = 0; j < sizeof(md); j++) {
sprintf(&md_hex[j * 2], "%02x", md[j]);
}
if (strcmp(md_hex, expected[i]) != 0) {
fprintf(stderr, "#%u: got %s, wanted %s\n", (unsigned)i, md_hex,
expected[i]);
ok = 0;
}
}
ok &= test_incremental();
if (ok) {
printf("PASS\n");
}
return ok ? 0 : 1;
}
int
md_full (const EVP_MD *kt, const uint8_t *src, int src_len, uint8_t *dst)
{
unsigned int in_md_len = 0;
return EVP_Digest(src, src_len, dst, &in_md_len, kt, NULL);
}
ByteArray PublicKey::getKeyIdentifier() throw (EncodeException)
{
ByteArray ret;
unsigned int size;
X509_PUBKEY *pubkey = NULL;
if(X509_PUBKEY_set(&pubkey, this->key) == 0)
{
throw EncodeException(EncodeException::UNKNOWN, "PublicKey::getKeyIdentifier");
}
ret = ByteArray(EVP_MAX_MD_SIZE);
EVP_Digest(pubkey->public_key->data, pubkey->public_key->length, ret.getDataPointer(), &size, EVP_sha1(), NULL);
ret = ByteArray(ret.getDataPointer(), size);
X509_PUBKEY_free(pubkey);
return ret;
//return ByteArray(digest, digestLen);
/* ByteArray der = this->getDerEncoded();
MessageDigest md(MessageDigest::SHA1);
MessageDigest::loadMessageDigestAlgorithms();
return md.doFinal(der);*/
}
int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
unsigned char *md, unsigned int *len)
{
int inl;
unsigned char *str, *p;
inl = i2d(data, NULL);
if (inl <= 0) {
ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_INTERNAL_ERROR);
return 0;
}
if ((str = OPENSSL_malloc(inl)) == NULL) {
ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_MALLOC_FAILURE);
return 0;
}
p = str;
i2d(data, &p);
if (!EVP_Digest(str, inl, md, len, type, NULL)) {
OPENSSL_free(str);
return 0;
}
OPENSSL_free(str);
return 1;
}
CK_RV PKCS11_Digest_OpenSSL::Digest(Cryptoki_Session_Context* pSessionCtx, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen)
{
OPENSSL_HEADER();
UINT32 digestLen = *pulDigestLen;
OpenSSLDigestData* pDigData;
if(pSessionCtx == NULL || pSessionCtx->DigestCtx == NULL) return CKR_SESSION_CLOSED;
pDigData = (OpenSSLDigestData*)pSessionCtx->DigestCtx;
if(pDigData->HmacKey != NULL)
{
OPENSSL_CHECKRESULT(HMAC_Update(&pDigData->HmacCtx, pData , ulDataLen ));
OPENSSL_CHECKRESULT(HMAC_Final (&pDigData->HmacCtx, pDigest, &digestLen));
}
else
{
OPENSSL_CHECKRESULT(EVP_Digest(pData, ulDataLen, pDigest, &digestLen, pDigData->CurrentCtx.digest, NULL));
}
*pulDigestLen = digestLen;
OPENSSL_CLEANUP();
TINYCLR_SSL_FREE(pDigData);
pSessionCtx->DigestCtx = NULL;
OPENSSL_RETURN();
}
int main(int argc, char *argv[])
{
int i,err=0;
char **P,**R;
char *p;
unsigned char md[RIPEMD160_DIGEST_LENGTH];
P=test;
R=ret;
i=1;
while (*P != NULL)
{
#ifdef CHARSET_EBCDIC
ebcdic2ascii((char *)*P, (char *)*P, TINYCLR_SSL_STRLEN((char *)*P));
#endif
EVP_Digest(&(P[0][0]),TINYCLR_SSL_STRLEN((char *)*P),md,NULL,EVP_ripemd160(), NULL);
p=pt(md);
if (TINYCLR_SSL_STRCMP(p,(char *)*R) != 0)
{
TINYCLR_SSL_PRINTF("error calculating RIPEMD160 on '%s'\n",*P);
TINYCLR_SSL_PRINTF("got %s instead of %s\n",p,*R);
err++;
}
else
TINYCLR_SSL_PRINTF("test %d ok\n",i);
i++;
R++;
P++;
}
EXIT(err);
return(0);
}
int main(int argc, char *argv[])
{
int i, err = 0;
char **P, **R;
char *p;
unsigned char md[MD5_DIGEST_LENGTH];
P = test;
R = ret;
i = 1;
while (*P != NULL) {
EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_md5(), NULL);
p = pt(md);
if (strcmp(p, (char *)*R) != 0) {
printf("error calculating MD5 on '%s'\n", *P);
printf("got %s instead of %s\n", p, *R);
err++;
} else
printf("test %d ok\n", i);
i++;
R++;
P++;
}
# ifdef OPENSSL_SYS_NETWARE
if (err)
printf("ERROR: %d\n", err);
# endif
EXIT(err);
}
int
ca_subjectpubkey_digest(X509 *x509, uint8_t *md, unsigned int *size)
{
uint8_t *buf = NULL;
int buflen;
if (*size < SHA_DIGEST_LENGTH)
return (-1);
/*
* Generate a SHA-1 digest of the Subject Public Key Info
* element in the X.509 certificate, an ASN.1 sequence
* that includes the public key type (eg. RSA) and the
* public key value (see 3.7 of RFC4306).
*/
buflen = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x509), &buf);
if (!buflen)
return (-1);
if (!EVP_Digest(buf, buflen, md, size, EVP_sha1(), NULL)) {
free(buf);
return (-1);
}
free(buf);
return (0);
}
int main(int argc, char *argv[])
{
int i,err=0;
char **P,**R;
char *p;
unsigned char md[MD4_DIGEST_LENGTH];
P=test;
R=ret;
i=1;
while (*P != NULL)
{
EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_md4(), NULL);
p=pt(md);
if (strcmp(p,(char *)*R) != 0)
{
printf("error calculating MD4 on '%s'\n",*P);
printf("got %s instead of %s\n",p,*R);
err++;
}
else
printf("test %d ok\n",i);
i++;
R++;
P++;
}
EXIT(err);
return(0);
}
int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
unsigned int *len)
{
ASN1_BIT_STRING *key;
key = X509_get0_pubkey_bitstr(data);
if(!key) return 0;
return EVP_Digest(key->data, key->length, md, len, type, NULL);
}
int main(int argc, char *argv[])
{
int i,err=0;
unsigned char **P,**R;
static unsigned char buf[1000];
char *p,*r;
EVP_MD_CTX c;
unsigned char md[SHA_DIGEST_LENGTH];
#ifdef CHARSET_EBCDIC
ebcdic2ascii(test[0], test[0], strlen(test[0]));
ebcdic2ascii(test[1], test[1], strlen(test[1]));
#endif
EVP_MD_CTX_init(&c);
P=(unsigned char **)test;
R=(unsigned char **)ret;
i=1;
while (*P != NULL)
{
EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha(), NULL);
p=pt(md);
if (strcmp(p,(char *)*R) != 0)
{
printf("error calculating SHA on '%s'\n",*P);
printf("got %s instead of %s\n",p,*R);
err++;
}
else
printf("test %d ok\n",i);
i++;
R++;
P++;
}
memset(buf,'a',1000);
#ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, 1000);
#endif /*CHARSET_EBCDIC*/
EVP_DigestInit_ex(&c,EVP_sha(), NULL);
for (i=0; i<1000; i++)
EVP_DigestUpdate(&c,buf,1000);
EVP_DigestFinal_ex(&c,md,NULL);
p=pt(md);
r=bigret;
if (strcmp(p,r) != 0)
{
printf("error calculating SHA on '%s'\n",p);
printf("got %s instead of %s\n",p,r);
err++;
}
else
printf("test 3 ok\n");
EVP_MD_CTX_cleanup(&c);
EXIT(err);
return(0);
}
int main(int argc, char *argv[])
{
int i, err = 0;
char **P, **R;
static unsigned char buf[1000];
char *p, *r;
EVP_MD_CTX *c;
unsigned char md[SHA_DIGEST_LENGTH];
#ifdef CHARSET_EBCDIC
ebcdic2ascii(test[0], test[0], strlen(test[0]));
ebcdic2ascii(test[1], test[1], strlen(test[1]));
#endif
c = EVP_MD_CTX_new();
P = test;
R = ret;
i = 1;
while (*P != NULL) {
EVP_Digest(*P, strlen((char *)*P), md, NULL, EVP_sha1(), NULL);
p = pt(md);
if (strcmp(p, (char *)*R) != 0) {
printf("error calculating SHA1 on '%s'\n", *P);
printf("got %s instead of %s\n", p, *R);
err++;
} else
printf("test %d ok\n", i);
i++;
R++;
P++;
}
memset(buf, 'a', 1000);
#ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, 1000);
#endif /* CHARSET_EBCDIC */
EVP_DigestInit_ex(c, EVP_sha1(), NULL);
for (i = 0; i < 1000; i++)
EVP_DigestUpdate(c, buf, 1000);
EVP_DigestFinal_ex(c, md, NULL);
p = pt(md);
r = bigret;
if (strcmp(p, r) != 0) {
printf("error calculating SHA1 on 'a' * 1000\n");
printf("got %s instead of %s\n", p, r);
err++;
} else
printf("test 3 ok\n");
#ifdef OPENSSL_SYS_NETWARE
if (err)
printf("ERROR: %d\n", err);
#endif
EVP_MD_CTX_free(c);
EXIT(err);
return (0);
}
OCSP_CERTID *OCSP_cert_id_new (const EVP_MD * dgst,
X509_NAME * issuerName, ASN1_BIT_STRING * issuerKey, ASN1_INTEGER * serialNumber)
{
int nid;
unsigned int i;
X509_ALGOR *alg;
OCSP_CERTID *cid = NULL;
unsigned char md[EVP_MAX_MD_SIZE];
if (!(cid = OCSP_CERTID_new ()))
goto err;
alg = cid->hashAlgorithm;
if (alg->algorithm != NULL)
ASN1_OBJECT_free (alg->algorithm);
if ((nid = EVP_MD_type (dgst)) == NID_undef)
{
OCSPerr (OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
goto err;
}
if (!(alg->algorithm = OBJ_nid2obj (nid)))
goto err;
if ((alg->parameter = ASN1_TYPE_new ()) == NULL)
goto err;
alg->parameter->type = V_ASN1_NULL;
if (!X509_NAME_digest (issuerName, dgst, md, &i))
goto digerr;
if (!(ASN1_OCTET_STRING_set (cid->issuerNameHash, md, i)))
goto err;
/* Calculate the issuerKey hash, excluding tag and length */
if (!EVP_Digest (issuerKey->data, issuerKey->length, md, &i, dgst, NULL))
goto err;
if (!(ASN1_OCTET_STRING_set (cid->issuerKeyHash, md, i)))
goto err;
if (serialNumber)
{
ASN1_INTEGER_free (cid->serialNumber);
if (!(cid->serialNumber = ASN1_INTEGER_dup (serialNumber)))
goto err;
}
return cid;
digerr:
OCSPerr (OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR);
err:
if (cid)
OCSP_CERTID_free (cid);
return NULL;
}
bool ECDSA_Sign(COSE * pSigner, int index, const cn_cbor * pKey, int cbitDigest, const byte * rgbToSign, size_t cbToSign, cose_errback * perr)
{
EC_KEY * eckey = NULL;
byte rgbDigest[EVP_MAX_MD_SIZE];
unsigned int cbDigest = sizeof(rgbDigest);
byte * pbSig = NULL;
const EVP_MD * digest;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pSigner->m_allocContext;
#endif
cn_cbor * p = NULL;
ECDSA_SIG * psig = NULL;
cn_cbor_errback cbor_error;
int cbR;
byte rgbSig[66];
int cb;
eckey = ECKey_From(pKey, &cbR, perr);
if (eckey == NULL) {
errorReturn:
if (p != NULL) CN_CBOR_FREE(p, context);
if (eckey != NULL) EC_KEY_free(eckey);
return false;
}
switch (cbitDigest) {
case 256: digest = EVP_sha256(); break;
case 512: digest = EVP_sha512(); break;
case 384: digest = EVP_sha384(); break;
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
}
EVP_Digest(rgbToSign, cbToSign, rgbDigest, &cbDigest, digest, NULL);
psig = ECDSA_do_sign(rgbDigest, cbDigest, eckey);
CHECK_CONDITION(psig != NULL, COSE_ERR_CRYPTO_FAIL);
pbSig = COSE_CALLOC(cbR, 2, context);
CHECK_CONDITION(pbSig != NULL, COSE_ERR_OUT_OF_MEMORY);
cb = BN_bn2bin(psig->r, rgbSig);
CHECK_CONDITION(cb <= cbR, COSE_ERR_INVALID_PARAMETER);
memcpy(pbSig + cbR - cb, rgbSig, cb);
cb = BN_bn2bin(psig->s, rgbSig);
CHECK_CONDITION(cb <= cbR, COSE_ERR_INVALID_PARAMETER);
memcpy(pbSig + 2*cbR - cb, rgbSig, cb);
p = cn_cbor_data_create(pbSig, cbR*2, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(p != NULL, cbor_error);
CHECK_CONDITION(_COSE_array_replace(pSigner, p, index, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR);
return true;
}
int CPK_PUBLIC_PARAMS_digest(CPK_PUBLIC_PARAMS *params, const EVP_MD *md,
unsigned char *dgst, unsigned int *dgstlen)
{
if (!EVP_Digest(M_ASN1_STRING_data(params->public_factors),
M_ASN1_STRING_length(params->public_factors),
dgst, dgstlen, md, NULL)) {
return 0;
}
return 1;
}
int openconnect_sha1(unsigned char *result, void *data, int len)
{
EVP_MD_CTX c;
EVP_MD_CTX_init(&c);
EVP_Digest(data, len, result, NULL, EVP_sha1(), NULL);
EVP_MD_CTX_cleanup(&c);
return 0;
}
/**
* EM_AES::set_key()
* 设置AES加密密钥
*
* @param string key
* @return void
*/
void EM_AES::set_key(const string & key)
{
this->m_key_str = key;
unsigned char md[MD5_DIGEST_LENGTH];
EVP_Digest(key.c_str(), (size_t)key.length(), md, NULL, EVP_md5(), NULL);
strncpy((char*)&this->m_key, (char*)&md, EM_AES_KEY_SIZE/8);
}
int CPK_MASTER_SECRET_digest(CPK_MASTER_SECRET *master, const EVP_MD *md,
unsigned char *dgst, unsigned int *dgstlen)
{
if (!EVP_Digest(M_ASN1_STRING_data(master->secret_factors),
M_ASN1_STRING_length(master->secret_factors),
dgst, dgstlen, md, NULL)) {
return 0;
}
return 1;
}
Target::Target(const SocketAddress& address,Cookie* pCookie) : address(address),isPeer(pCookie?true:false),peerId(),pDH(pCookie?pCookie->_pCookieComputing->pDH:NULL) {
if(address.port()==0)
((SocketAddress&)this->address) = SocketAddress(address.host(),RTMFP_DEFAULT_PORT);
if(isPeer) {
((vector<UInt8>&)publicKey).resize(pCookie->_pCookieComputing->nonce.size()-7);
memcpy((void*)&publicKey[0],&pCookie->_pCookieComputing->nonce[7],publicKey.size());
((vector<UInt8>&)publicKey)[3] = 0x1D;
EVP_Digest(&publicKey[0],publicKey.size(),(UInt8*)id,NULL,EVP_sha256(),NULL);
pCookie->_pCookieComputing->pDH = NULL;
}
}
void
HMAC_Init_ex(HMAC_CTX *ctx,
const void *key,
size_t keylen,
const EVP_MD *md,
ENGINE *engine)
{
unsigned char *p;
size_t i;
if (ctx->md != md) {
ctx->md = md;
if (ctx->buf) {
memset(ctx->buf, 0, ctx->key_length);
free (ctx->buf);
}
ctx->key_length = EVP_MD_size(ctx->md);
ctx->buf = malloc(ctx->key_length);
}
#if 0
ctx->engine = engine;
#endif
if (keylen > EVP_MD_block_size(ctx->md)) {
EVP_Digest(key, keylen, ctx->buf, NULL, ctx->md, engine);
key = ctx->buf;
keylen = EVP_MD_size(ctx->md);
}
if (ctx->opad) {
memset(ctx->opad, 0, ctx->key_length);
free(ctx->opad);
}
if (ctx->ipad) {
memset(ctx->ipad, 0, ctx->key_length);
free(ctx->ipad);
}
ctx->opad = malloc(EVP_MD_block_size(ctx->md));
ctx->ipad = malloc(EVP_MD_block_size(ctx->md));
memset(ctx->ipad, 0x36, EVP_MD_block_size(ctx->md));
memset(ctx->opad, 0x5c, EVP_MD_block_size(ctx->md));
for (i = 0, p = ctx->ipad; i < keylen; i++)
p[i] ^= ((const unsigned char *)key)[i];
for (i = 0, p = ctx->opad; i < keylen; i++)
p[i] ^= ((const unsigned char *)key)[i];
if (ctx->ctx == NULL)
ctx->ctx = EVP_MD_CTX_create();
EVP_DigestInit_ex(ctx->ctx, ctx->md, ctx->engine);
EVP_DigestUpdate(ctx->ctx, ctx->ipad, EVP_MD_block_size(ctx->md));
}
Handshake::Handshake(Gateway& gateway,Handler& handler,Entity& entity) : ServerSession(0,0,Peer(handler),RTMFP_SYMETRIC_KEY,RTMFP_SYMETRIC_KEY,(Invoker&)handler),
_gateway(gateway) {
(bool&)checked=true;
memcpy(_certificat,"\x01\x0A\x41\x0E",4);
RandomInputStream().read((char*)&_certificat[4],64);
memcpy(&_certificat[68],"\x02\x15\x02\x02\x15\x05\x02\x15\x0E",9);
// Display far id flash side
EVP_Digest(_certificat,sizeof(_certificat),(unsigned char *)entity.id,NULL,EVP_sha256(),NULL);
}
enum ssl_private_key_result_t ssl_private_key_sign(
SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
uint16_t signature_algorithm, const uint8_t *in, size_t in_len) {
if (ssl->cert->key_method != NULL) {
if (ssl->cert->key_method->sign != NULL) {
return ssl->cert->key_method->sign(ssl, out, out_len, max_out,
signature_algorithm, in, in_len);
}
/* TODO(davidben): Remove support for |sign_digest|-only
* |SSL_PRIVATE_KEY_METHOD|s. */
const EVP_MD *md;
int curve;
if (!is_rsa_pkcs1(&md, signature_algorithm) &&
!is_ecdsa(&curve, &md, signature_algorithm)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNSUPPORTED_PROTOCOL_FOR_CUSTOM_KEY);
return ssl_private_key_failure;
}
uint8_t hash[EVP_MAX_MD_SIZE];
unsigned hash_len;
if (!EVP_Digest(in, in_len, hash, &hash_len, md, NULL)) {
return ssl_private_key_failure;
}
return ssl->cert->key_method->sign_digest(ssl, out, out_len, max_out, md,
hash, hash_len);
}
const EVP_MD *md;
if (is_rsa_pkcs1(&md, signature_algorithm) &&
ssl3_protocol_version(ssl) < TLS1_3_VERSION) {
return ssl_sign_rsa_pkcs1(ssl, out, out_len, max_out, md, in, in_len)
? ssl_private_key_success
: ssl_private_key_failure;
}
int curve;
if (is_ecdsa(&curve, &md, signature_algorithm)) {
return ssl_sign_ecdsa(ssl, out, out_len, max_out, curve, md, in, in_len)
? ssl_private_key_success
: ssl_private_key_failure;
}
if (is_rsa_pss(&md, signature_algorithm)) {
return ssl_sign_rsa_pss(ssl, out, out_len, max_out, md, in, in_len)
? ssl_private_key_success
: ssl_private_key_failure;
}
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);
return ssl_private_key_failure;
}
static krb5_error_code
RSA_MD5_checksum(krb5_context context,
struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
Checksum *C)
{
if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_md5(), NULL) != 1)
krb5_abortx(context, "md5 checksum failed");
return 0;
}
static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, char *str)
{
ASN1_OCTET_STRING *oct;
X509_PUBKEY *pubkey;
const unsigned char *pk;
int pklen;
unsigned char pkey_dig[EVP_MAX_MD_SIZE];
unsigned int diglen;
if (strcmp(str, "hash"))
return s2i_ASN1_OCTET_STRING(method, ctx, str);
if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
return NULL;
}
if (ctx && (ctx->flags == CTX_TEST))
return oct;
if (!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
goto err;
}
if (ctx->subject_req)
pubkey = ctx->subject_req->req_info.pubkey;
else
pubkey = ctx->subject_cert->cert_info.key;
if (pubkey == NULL) {
X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
goto err;
}
X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey);
if (!EVP_Digest(pk, pklen, pkey_dig, &diglen, EVP_sha1(), NULL))
goto err;
if (!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
goto err;
}
return oct;
err:
ASN1_OCTET_STRING_free(oct);
return NULL;
}
int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
unsigned char *md, unsigned int *len)
{
int i;
unsigned char *str = NULL;
i=ASN1_item_i2d(asn,&str, it);
if (!str) return(0);
EVP_Digest(str, i, md, len, type, NULL);
OPENSSL_free(str);
return(1);
}
Handshake::Handshake(Gateway& gateway,DatagramSocket& socket,ServerData& data) : Session(0,0,Peer(SocketAddress()),RTMFP_SYMETRIC_KEY,RTMFP_SYMETRIC_KEY,socket,data),
_gateway(gateway),_signature("\x03\x1a\x00\x00\x02\x1e\x00\x81\x02\x0d\x02",11) {
memcpy(_certificat,"\x01\x0A\x41\x0E",4);
RandomInputStream().read((char*)&_certificat[4],64);
memcpy(&_certificat[68],"\x02\x15\x02\x02\x15\x05\x02\x15\x0E",9);
// Display far id flash side
UInt8 id[32];
EVP_Digest(_certificat,sizeof(_certificat),id,NULL,EVP_sha256(),NULL);
INFO("Id of this cumulus server : %s",Util::FormatHex(id,32).c_str());
}
static void *ibcs_kdf(const EVP_MD *md, const void *in, size_t inlen,
void *out, size_t *outlen)
{
unsigned char state[EVP_MAX_MD_SIZE * 2];
unsigned char dgst[EVP_MAX_MD_SIZE];
unsigned int dgstlen;
size_t rlen;
unsigned char *pout;
int i;
dgstlen = EVP_MD_size(md);
memset(state, 0, dgstlen);
if (!EVP_Digest(in, inlen, state + dgstlen, &dgstlen, md, NULL)) {
KDF2err(KDF2_F_IBCS_KDF, KDF2_R_DIGEST_FAILURE);
return NULL;
}
rlen = *outlen;
pout = out;
for (i = 0; i < (*outlen + dgstlen - 1)/dgstlen; i++) {
size_t len;
if (!EVP_Digest(state, dgstlen, state, &dgstlen, md, NULL)) {
KDF2err(KDF2_F_IBCS_KDF, KDF2_R_DIGEST_FAILURE);
return NULL;
}
if (!EVP_Digest(state, dgstlen*2, dgst, &dgstlen, md, NULL)) {
KDF2err(KDF2_F_IBCS_KDF, KDF2_R_DIGEST_FAILURE);
return NULL;
}
len = (dgstlen <= rlen) ? dgstlen : rlen;
memcpy(pout, dgst, len);
pout += len;
rlen -= len;
}
return out;
}
