static void hmac_ctx_cleanup(HMAC_CTX *ctx)
{
EVP_MD_CTX_reset(ctx->i_ctx);
EVP_MD_CTX_reset(ctx->o_ctx);
EVP_MD_CTX_reset(ctx->md_ctx);
ctx->md = NULL;
ctx->key_length = 0;
OPENSSL_cleanse(ctx->key, sizeof(ctx->key));
}
static void hmac_ctx_cleanup(HMAC_CTX *ctx)
{
EVP_MD_CTX_reset(ctx->i_ctx);
EVP_MD_CTX_reset(ctx->o_ctx);
EVP_MD_CTX_reset(ctx->md_ctx);
ctx->md = NULL;
ctx->key_length = 0;
memset(ctx->key, 0, sizeof(HMAC_MAX_MD_CBLOCK));
}
static void
_sol_message_digest_evp_reset(struct sol_message_digest *handle)
{
EVP_MD_CTX *ctx = sol_message_digest_common_get_context(handle);
EVP_MD_CTX_reset(ctx);
}
/** @impl_interface_method{RTCRDIGESTDESC::pfnInit} */
static DECLCALLBACK(int) rtCrDigestOsslEvp_Init(void *pvState, void *pvOpaque, bool fReInit)
{
EVP_MD_CTX *pThis = (EVP_MD_CTX *)pvState;
EVP_MD const *pEvpType = (EVP_MD const *)pvOpaque;
if (fReInit)
{
pEvpType = EVP_MD_CTX_md(pThis);
# if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
EVP_MD_CTX_reset(pThis);
# else
EVP_MD_CTX_cleanup(pThis);
# endif
}
AssertPtrReturn(pEvpType, VERR_INVALID_PARAMETER);
# if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
Assert(EVP_MD_block_size(pEvpType));
# else
Assert(pEvpType->md_size);
# endif
if (EVP_DigestInit(pThis, pEvpType))
return VINF_SUCCESS;
return VERR_CR_DIGEST_OSSL_DIGEST_INIT_ERROR;
}
PKI_MEM * HSM_OPENSSL_sign(PKI_MEM *der, PKI_DIGEST_ALG *digest, PKI_X509_KEYPAIR *key)
{
EVP_MD_CTX *ctx = NULL;
size_t out_size = 0;
size_t ossl_ret = 0;
PKI_MEM *out_mem = NULL;
EVP_PKEY *pkey = NULL;
if (!der || !der->data || !key || !key->value)
{
PKI_ERROR( PKI_ERR_PARAM_NULL, NULL);
return NULL;
}
// Private Key
pkey = key->value;
// Get the Maximum size of a signature
ossl_ret = out_size = (size_t) EVP_PKEY_size(pkey);
// Initialize the return structure
out_mem = PKI_MEM_new ((size_t)out_size);
ctx = EVP_MD_CTX_new();
if (!out_mem || !ctx) {
if (ctx) EVP_MD_CTX_free(ctx);
if (out_mem) PKI_MEM_free(out_mem);
PKI_ERROR( PKI_ERR_MEMORY_ALLOC, NULL);
return NULL;
}
EVP_MD_CTX_init(ctx);
EVP_SignInit_ex(ctx, digest, NULL);
EVP_SignUpdate (ctx, der->data, der->size);
// Finalize the signature
if (!EVP_SignFinal(ctx, out_mem->data, (unsigned int *) &ossl_ret, pkey))
{
PKI_log_err("ERROR while finalizing signature (%s)",
HSM_OPENSSL_get_errdesc(HSM_OPENSSL_get_errno(), NULL, 0));
PKI_MEM_free(out_mem);
out_mem = NULL;
}
else out_mem->size = (size_t) ossl_ret;
// Cleanup the context
#if OPENSSL_VERSION_NUMBER <= 0x1010000f
EVP_MD_CTX_cleanup(ctx);
#else
EVP_MD_CTX_reset(ctx);
#endif
EVP_MD_CTX_free(ctx);
return out_mem;
}
/** @impl_interface_method{RTCRDIGESTDESC::pfn} */
static DECLCALLBACK(void) rtCrDigestOsslEvp_Delete(void *pvState)
{
EVP_MD_CTX *pThis = (EVP_MD_CTX *)pvState;
# if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
EVP_MD_CTX_reset(pThis);
# else
EVP_MD_CTX_cleanup(pThis);
# endif
}
void CC_EVP(const EVP_MD *evp, uint32_t mlen, const void *data, uint32_t len, unsigned char *md)
{
unsigned int mdlen = mlen;
EVP_MD_CTX* c = EVP_MD_CTX_new();
EVP_MD_CTX_reset(c);
EVP_DigestInit(c, evp);
EVP_DigestUpdate(c, data, len);
EVP_DigestFinal(c, md, &mdlen);
EVP_MD_CTX_free(c);
}
size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len,
unsigned char *p)
{
int ret;
EVP_MD_CTX *ctx = NULL;
if (!ssl3_digest_cached_records(s, 0)) {
/* SSLfatal() already called */
return 0;
}
if (EVP_MD_CTX_type(s->s3->handshake_dgst) != NID_md5_sha1) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
SSL_R_NO_REQUIRED_DIGEST);
return 0;
}
ctx = EVP_MD_CTX_new();
if (ctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
ERR_R_MALLOC_FAILURE);
return 0;
}
if (!EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
ERR_R_INTERNAL_ERROR);
return 0;
}
ret = EVP_MD_CTX_size(ctx);
if (ret < 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
ERR_R_INTERNAL_ERROR);
EVP_MD_CTX_reset(ctx);
return 0;
}
if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0)
|| EVP_MD_CTX_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET,
(int)s->session->master_key_length,
s->session->master_key) <= 0
|| EVP_DigestFinal_ex(ctx, p, NULL) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
ERR_R_INTERNAL_ERROR);
ret = 0;
}
EVP_MD_CTX_free(ctx);
return ret;
}
static gint
lua_cryptobox_hash_gc (lua_State *L)
{
struct rspamd_lua_cryptobox_hash *h = lua_check_cryptobox_hash (L, 1);
if (h->is_ssl) {
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
EVP_MD_CTX_cleanup (h->c);
#else
EVP_MD_CTX_reset (h->c);
#endif
EVP_MD_CTX_destroy (h->c);
}
else {
rspamd_explicit_memzero (h->h, sizeof (*h->h));
g_slice_free1 (sizeof (*h->h), h->h);
}
g_slice_free1 (sizeof (*h), h);
return 0;
}
void
md_ctx_cleanup(EVP_MD_CTX *ctx)
{
EVP_MD_CTX_reset(ctx);
}
int main(int argc, char **argv)
{
unsigned char md[SHA512_DIGEST_LENGTH];
int i;
EVP_MD_CTX *evp;
# ifdef OPENSSL_IA32_SSE2
/*
* Alternative to this is to call OpenSSL_add_all_algorithms... The below
* code is retained exclusively for debugging purposes.
*/
{
char *env;
if ((env = getenv("OPENSSL_ia32cap")))
OPENSSL_ia32cap = strtoul(env, NULL, 0);
}
# endif
fprintf(stdout, "Testing SHA-512 ");
EVP_Digest("abc", 3, md, NULL, EVP_sha512(), NULL);
if (memcmp(md, app_c1, sizeof(app_c1))) {
fflush(stdout);
fprintf(stderr, "\nTEST 1 of 3 failed.\n");
return 1;
} else
fprintf(stdout, ".");
fflush(stdout);
EVP_Digest("abcdefgh" "bcdefghi" "cdefghij" "defghijk"
"efghijkl" "fghijklm" "ghijklmn" "hijklmno"
"ijklmnop" "jklmnopq" "klmnopqr" "lmnopqrs"
"mnopqrst" "nopqrstu", 112, md, NULL, EVP_sha512(), NULL);
if (memcmp(md, app_c2, sizeof(app_c2))) {
fflush(stdout);
fprintf(stderr, "\nTEST 2 of 3 failed.\n");
return 1;
} else
fprintf(stdout, ".");
fflush(stdout);
evp = EVP_MD_CTX_new();
if (evp == NULL) {
fflush(stdout);
fprintf(stderr, "\nTEST 3 of 3 failed. (malloc failure)\n");
return 1;
}
EVP_DigestInit_ex(evp, EVP_sha512(), NULL);
for (i = 0; i < 1000000; i += 288)
EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
"aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
"aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
"aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
"aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
"aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
"aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
"aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
"aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
(1000000 - i) < 288 ? 1000000 - i : 288);
EVP_DigestFinal_ex(evp, md, NULL);
EVP_MD_CTX_reset(evp);
if (memcmp(md, app_c3, sizeof(app_c3))) {
fflush(stdout);
fprintf(stderr, "\nTEST 3 of 3 failed.\n");
return 1;
} else
fprintf(stdout, ".");
fflush(stdout);
fprintf(stdout, " passed.\n");
fflush(stdout);
fprintf(stdout, "Testing SHA-384 ");
EVP_Digest("abc", 3, md, NULL, EVP_sha384(), NULL);
if (memcmp(md, app_d1, sizeof(app_d1))) {
fflush(stdout);
fprintf(stderr, "\nTEST 1 of 3 failed.\n");
return 1;
} else
fprintf(stdout, ".");
fflush(stdout);
EVP_Digest("abcdefgh" "bcdefghi" "cdefghij" "defghijk"
"efghijkl" "fghijklm" "ghijklmn" "hijklmno"
"ijklmnop" "jklmnopq" "klmnopqr" "lmnopqrs"
"mnopqrst" "nopqrstu", 112, md, NULL, EVP_sha384(), NULL);
if (memcmp(md, app_d2, sizeof(app_d2))) {
fflush(stdout);
fprintf(stderr, "\nTEST 2 of 3 failed.\n");
return 1;
} else
fprintf(stdout, ".");
fflush(stdout);
EVP_DigestInit_ex(evp, EVP_sha384(), NULL);
for (i = 0; i < 1000000; i += 64)
EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
"aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
(1000000 - i) < 64 ? 1000000 - i : 64);
EVP_DigestFinal_ex(evp, md, NULL);
EVP_MD_CTX_free(evp);
if (memcmp(md, app_d3, sizeof(app_d3))) {
fflush(stdout);
fprintf(stderr, "\nTEST 3 of 3 failed.\n");
return 1;
} else
fprintf(stdout, ".");
fflush(stdout);
fprintf(stdout, " passed.\n");
fflush(stdout);
return 0;
}
/*-
* Positive and negative ECDSA testing through EVP interface:
* - EVP_DigestSign (this is the one-shot version)
* - EVP_DigestVerify
*
* Tests the library can successfully:
* - create a key
* - create a signature
* - accept that signature
* - reject that signature with a different public key
* - reject that signature if its length is not correct
* - reject that signature after modifying the message
* - accept that signature after un-modifying the message
* - reject that signature after modifying the signature
* - accept that signature after un-modifying the signature
*/
static int test_builtin(int n)
{
EC_KEY *eckey_neg = NULL, *eckey = NULL;
unsigned char dirt, offset, tbs[128];
unsigned char *sig = NULL;
EVP_PKEY *pkey_neg = NULL, *pkey = NULL;
EVP_MD_CTX *mctx = NULL;
size_t sig_len;
int nid, ret = 0;
nid = curves[n].nid;
/* skip built-in curves where ord(G) is not prime */
if (nid == NID_ipsec4 || nid == NID_ipsec3) {
TEST_info("skipped: ECDSA unsupported for curve %s", OBJ_nid2sn(nid));
return 1;
}
TEST_info("testing ECDSA for curve %s", OBJ_nid2sn(nid));
if (!TEST_ptr(mctx = EVP_MD_CTX_new())
/* get some random message data */
|| !TEST_true(RAND_bytes(tbs, sizeof(tbs)))
/* real key */
|| !TEST_ptr(eckey = EC_KEY_new_by_curve_name(nid))
|| !TEST_true(EC_KEY_generate_key(eckey))
|| !TEST_ptr(pkey = EVP_PKEY_new())
|| !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))
/* fake key for negative testing */
|| !TEST_ptr(eckey_neg = EC_KEY_new_by_curve_name(nid))
|| !TEST_true(EC_KEY_generate_key(eckey_neg))
|| !TEST_ptr(pkey_neg = EVP_PKEY_new())
|| !TEST_true(EVP_PKEY_assign_EC_KEY(pkey_neg, eckey_neg)))
goto err;
sig_len = ECDSA_size(eckey);
if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))
/* create a signature */
|| !TEST_true(EVP_DigestSignInit(mctx, NULL, NULL, NULL, pkey))
|| !TEST_true(EVP_DigestSign(mctx, sig, &sig_len, tbs, sizeof(tbs)))
|| !TEST_int_le(sig_len, ECDSA_size(eckey))
/* negative test, verify with wrong key, 0 return */
|| !TEST_true(EVP_MD_CTX_reset(mctx))
|| !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey_neg))
|| !TEST_int_eq(EVP_DigestVerify(mctx, sig, sig_len, tbs, sizeof(tbs)), 0)
/* negative test, verify with wrong signature length, -1 return */
|| !TEST_true(EVP_MD_CTX_reset(mctx))
|| !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey))
|| !TEST_int_eq(EVP_DigestVerify(mctx, sig, sig_len - 1, tbs, sizeof(tbs)), -1)
/* positive test, verify with correct key, 1 return */
|| !TEST_true(EVP_MD_CTX_reset(mctx))
|| !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey))
|| !TEST_int_eq(EVP_DigestVerify(mctx, sig, sig_len, tbs, sizeof(tbs)), 1))
goto err;
/* muck with the message, test it fails with 0 return */
tbs[0] ^= 1;
if (!TEST_true(EVP_MD_CTX_reset(mctx))
|| !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey))
|| !TEST_int_eq(EVP_DigestVerify(mctx, sig, sig_len, tbs, sizeof(tbs)), 0))
goto err;
/* un-muck and test it verifies */
tbs[0] ^= 1;
if (!TEST_true(EVP_MD_CTX_reset(mctx))
|| !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey))
|| !TEST_int_eq(EVP_DigestVerify(mctx, sig, sig_len, tbs, sizeof(tbs)), 1))
goto err;
/*-
* Muck with the ECDSA signature. The DER encoding is one of:
* - 30 LL 02 ..
* - 30 81 LL 02 ..
*
* - Sometimes this mucks with the high level DER sequence wrapper:
* in that case, DER-parsing of the whole signature should fail.
*
* - Sometimes this mucks with the DER-encoding of ECDSA.r:
* in that case, DER-parsing of ECDSA.r should fail.
*
* - Sometimes this mucks with the DER-encoding of ECDSA.s:
* in that case, DER-parsing of ECDSA.s should fail.
*
* - Sometimes this mucks with ECDSA.r:
* in that case, the signature verification should fail.
*
* - Sometimes this mucks with ECDSA.s:
* in that case, the signature verification should fail.
*
* The usual case is changing the integer value of ECDSA.r or ECDSA.s.
* Because the ratio of DER overhead to signature bytes is small.
* So most of the time it will be one of the last two cases.
*
* In any case, EVP_PKEY_verify should not return 1 for valid.
*/
offset = tbs[0] % sig_len;
dirt = tbs[1] ? tbs[1] : 1;
sig[offset] ^= dirt;
if (!TEST_true(EVP_MD_CTX_reset(mctx))
|| !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey))
|| !TEST_int_ne(EVP_DigestVerify(mctx, sig, sig_len, tbs, sizeof(tbs)), 1))
goto err;
/* un-muck and test it verifies */
sig[offset] ^= dirt;
if (!TEST_true(EVP_MD_CTX_reset(mctx))
|| !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey))
|| !TEST_int_eq(EVP_DigestVerify(mctx, sig, sig_len, tbs, sizeof(tbs)), 1))
goto err;
ret = 1;
err:
EVP_PKEY_free(pkey);
EVP_PKEY_free(pkey_neg);
EVP_MD_CTX_free(mctx);
OPENSSL_free(sig);
return ret;
}
void EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
{
EVP_MD_CTX_reset(ctx);
}
