std::string PbeMd5AndDesEncryptor::generateDataHash(const std::string& data, const std::string salt, long iterations) {
EVP_MD_CTX *ctx = EVP_MD_CTX_create();
const EVP_MD *algorithm = EVP_md5();
unsigned char result[MD5_DIGEST_LENGTH];
if (salt.length() < ALGO_BLOCK_SIZE) {
BOOST_THROW_EXCEPTION(StringEncryptorException("Provided salt is of insufficient length"));
}
/*
* Add digest to digest stack if not already there.
* Digest stack gets cleanup upon program termination.
*/
EVP_add_digest(algorithm);
if (!EVP_DigestInit_ex(ctx, algorithm, NULL) ||
!EVP_DigestUpdate(ctx, data.data(), data.length()) ||
!EVP_DigestUpdate(ctx, salt.data(), ALGO_BLOCK_SIZE) ||
!EVP_DigestFinal_ex(ctx, result, NULL)) {
BOOST_THROW_EXCEPTION(StringEncryptorException("Error in generating digest"));
}
while (--iterations != 0) {
if (!EVP_DigestInit_ex(ctx, algorithm, NULL) ||
!EVP_DigestUpdate(ctx, result, MD5_DIGEST_LENGTH) ||
!EVP_DigestFinal_ex(ctx, result, NULL)) {
BOOST_THROW_EXCEPTION(StringEncryptorException("Error in generating digest"));
}
}
EVP_MD_CTX_destroy(ctx);
return std::string(reinterpret_cast<char *>(result), MD5_DIGEST_LENGTH);
}
static int bind_helper(ENGINE * e) {
if (!ENGINE_set_id(e, TEST_ENGINE_ID)
|| !ENGINE_set_name(e, TEST_ENGINE_NAME)
|| !ENGINE_set_ctrl_function(e, test_engine_ctrl)
|| !ENGINE_set_cmd_defns(e, te_cmd_defns)
|| !ENGINE_set_digests(e, te_digests)
|| !ENGINE_set_pkey_meths(e, te_pkey_meths)
|| !ENGINE_set_pkey_asn1_meths(e, te_pkey_asn1_meths) ) {
printf("Engine init failed\n");
return 0;
}
if (!register_ameth_gost(NID_hmac_sha1, &ameth_HMAC_SHA1, "hmac-sha1", "HMAC-SHA1 MAC")
|| !register_pmeth_gost(NID_hmac_sha1, &pmeth_HMAC_SHA1, 0)) {
printf("Internal init failed\n");
return 0;
}
if(!ENGINE_register_digests(e)
|| !ENGINE_register_pkey_meths(e)
|| !ENGINE_register_pkey_asn1_meths(e)
|| !EVP_add_digest(&digest_hmac_sha1)) {
printf("Digest registration failed\n");
return 0;
}
return 1;
}
EXPORT_C int SSL_library_init(void)
{
//#ifdef EMULATOR
// InitSSLWsdVar();
//#endif
#ifndef OPENSSL_NO_DES
EVP_add_cipher(EVP_des_cbc());
EVP_add_cipher(EVP_des_ede3_cbc());
#endif
#ifndef OPENSSL_NO_IDEA
EVP_add_cipher(EVP_idea_cbc());
#endif
#ifndef OPENSSL_NO_RC4
EVP_add_cipher(EVP_rc4());
#endif
#ifndef OPENSSL_NO_RC2
EVP_add_cipher(EVP_rc2_cbc());
#endif
#ifndef OPENSSL_NO_AES
EVP_add_cipher(EVP_aes_128_cbc());
EVP_add_cipher(EVP_aes_192_cbc());
EVP_add_cipher(EVP_aes_256_cbc());
#endif
#ifndef OPENSSL_NO_MD2
EVP_add_digest(EVP_md2());
#endif
#ifndef OPENSSL_NO_MD5
EVP_add_digest(EVP_md5());
EVP_add_digest_alias(SN_md5,"ssl2-md5");
EVP_add_digest_alias(SN_md5,"ssl3-md5");
#endif
#ifndef OPENSSL_NO_SHA
EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
#endif
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
#endif
#ifndef OPENSSL_NO_ECDSA
EVP_add_digest(EVP_ecdsa());
#endif
/* If you want support for phased out ciphers, add the following */
#if 0
EVP_add_digest(EVP_sha());
EVP_add_digest(EVP_dss());
#endif
#ifndef OPENSSL_NO_COMP
/* This will initialise the built-in compression algorithms.
The value returned is a STACK_OF(SSL_COMP), but that can
be discarded safely */
(void)SSL_COMP_get_compression_methods();
#endif
/* initialize cipher/digest methods table */
ssl_load_ciphers();
return(1);
}
int
SSL_library_init(void)
{
#ifndef OPENSSL_NO_DES
EVP_add_cipher(EVP_des_cbc());
EVP_add_cipher(EVP_des_ede3_cbc());
#endif
#ifndef OPENSSL_NO_IDEA
EVP_add_cipher(EVP_idea_cbc());
#endif
#ifndef OPENSSL_NO_RC4
EVP_add_cipher(EVP_rc4());
#if !defined(OPENSSL_NO_MD5) && (defined(__x86_64) || defined(__x86_64__))
EVP_add_cipher(EVP_rc4_hmac_md5());
#endif
#endif
#ifndef OPENSSL_NO_RC2
EVP_add_cipher(EVP_rc2_cbc());
/* Not actually used for SSL/TLS but this makes PKCS#12 work
* if an application only calls SSL_library_init().
*/
EVP_add_cipher(EVP_rc2_40_cbc());
#endif
EVP_add_cipher(EVP_aes_128_cbc());
EVP_add_cipher(EVP_aes_192_cbc());
EVP_add_cipher(EVP_aes_256_cbc());
EVP_add_cipher(EVP_aes_128_gcm());
EVP_add_cipher(EVP_aes_256_gcm());
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
#ifndef OPENSSL_NO_CAMELLIA
EVP_add_cipher(EVP_camellia_128_cbc());
EVP_add_cipher(EVP_camellia_256_cbc());
#endif
EVP_add_digest(EVP_md5());
EVP_add_digest_alias(SN_md5, "ssl2-md5");
EVP_add_digest_alias(SN_md5, "ssl3-md5");
EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
EVP_add_digest(EVP_sha224());
EVP_add_digest(EVP_sha256());
EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512());
EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
EVP_add_digest(EVP_ecdsa());
/* initialize cipher/digest methods table */
ssl_load_ciphers();
return (1);
}
/* Return 0 if OK, -1 otherwise */
static int
verifyCertChain (BYTE *rootMod, UINT32 rootModLen, UINT32 nCerts, BYTE *certs)
{
X509 *tbsX509 = NULL;
EVP_PKEY *pkey = NULL;
RSA *rsa;
BYTE *pCert;
UINT32 certLen;
int rslt = -1;
int i, j;
EVP_add_digest(EVP_sha1());
pkey = EVP_PKEY_new ();
rsa = RSA_new ();
rsa->n = BN_bin2bn (rootMod, rootModLen, rsa->n);
rsa->e = BN_new();
BN_set_word (rsa->e, 0x10001);
EVP_PKEY_assign_RSA (pkey, rsa);
for (i=nCerts-1; i>=0; i--) {
pCert = certs;
for (j=0; j<i; j++) {
certLen = (pCert[0]<<16) | (pCert[1]<<8) | pCert[2];
pCert += 3 + certLen;
}
certLen = (pCert[0]<<16) | (pCert[1]<<8) | pCert[2];
pCert += 3;
tbsX509 = d2i_X509 (NULL, (unsigned char const **)&pCert, certLen);
if (!tbsX509)
goto done;
if (X509_verify (tbsX509, pkey) != 1)
goto done;
if (i > 0) {
EVP_PKEY_free (pkey);
pkey = X509_get_pubkey(tbsX509);
if (pkey == NULL)
goto done;
}
X509_free (tbsX509);
tbsX509 = NULL;
}
/* Success */
rslt = 0;
done:
if (pkey)
EVP_PKEY_free (pkey);
if (tbsX509)
X509_free (tbsX509);
return rslt;
}
/* This function must be called before trying to sign any file.
* It loads string for errors, and ciphers are auto-loaded by OpenSSL now.
* If this function fails it may be because the certificate cannot
* be validated.
*
* returns: true if can initialize and validate certificates, otherwise false */
bool initialize_signature(void)
{
int ret = -1;
time_t mod_sec = 0;
struct tm *alttime;
struct stat statt;
string_or_die(&CERTNAME, "%s/%s", cert_path, SWUPDCERT);
ERR_load_crypto_strings();
ERR_load_PKCS7_strings();
EVP_add_digest(EVP_sha256());
if (!get_pubkey()) {
goto fail;
}
ret = validate_certificate();
if (ret) {
printf("Failed to verify certificate: %s\n", X509_verify_cert_error_string(ret));
if (ret == X509_V_ERR_CERT_NOT_YET_VALID) {
/* If we can retrieve an approx. good system time, report out to user */
if (stat("/usr/lib/os-release", &statt) != -1) {
mod_sec = statt.st_mtim.tv_sec;
char timebuf[30];
alttime = localtime(&mod_sec);
strftime(timebuf, sizeof(timebuf), "%F", alttime);
printf("System clock should be at least %s\n", timebuf);
}
}
goto fail;
}
/* Push our trust cert(s) to the stack, which is a set of certificates
* in which to search for the signer's cert. */
x509_stack = sk_X509_new_null();
if (!x509_stack) {
goto fail;
}
sk_X509_push(x509_stack, cert);
return true;
fail:
return false;
}
int eap_peer_pwd_register(void)
{
struct eap_method *eap;
int ret;
EVP_add_digest(EVP_sha256());
eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
EAP_VENDOR_IETF, EAP_TYPE_PWD, "PWD");
if (eap == NULL)
return -1;
eap->init = eap_pwd_init;
eap->deinit = eap_pwd_deinit;
eap->process = eap_pwd_process;
eap->isKeyAvailable = eap_pwd_key_available;
eap->getKey = eap_pwd_getkey;
eap->get_emsk = eap_pwd_get_emsk;
ret = eap_peer_method_register(eap);
if (ret)
eap_peer_method_free(eap);
return ret;
}
int eap_server_pwd_register(void)
{
struct eap_method *eap;
int ret;
struct timeval tp;
struct timezone tz;
u32 sr;
EVP_add_digest(EVP_sha256());
sr = 0xdeaddada;
(void) gettimeofday(&tp, &tz);
sr ^= (tp.tv_sec ^ tp.tv_usec);
srandom(sr);
eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
EAP_VENDOR_IETF, EAP_TYPE_PWD,
"PWD");
if (eap == NULL)
return -1;
eap->init = eap_pwd_init;
eap->reset = eap_pwd_reset;
eap->buildReq = eap_pwd_build_req;
eap->check = eap_pwd_check;
eap->process = eap_pwd_process;
eap->isDone = eap_pwd_is_done;
eap->getKey = eap_pwd_getkey;
eap->get_emsk = eap_pwd_get_emsk;
eap->isSuccess = eap_pwd_is_success;
ret = eap_server_method_register(eap);
if (ret)
eap_server_method_free(eap);
return ret;
}
int SSL_library_init(void)
{
#ifndef NO_DES
EVP_add_cipher(EVP_des_cbc());
EVP_add_cipher(EVP_des_ede3_cbc());
#endif
#ifndef NO_IDEA
EVP_add_cipher(EVP_idea_cbc());
#endif
#ifndef NO_RC4
EVP_add_cipher(EVP_rc4());
#endif
#ifndef NO_RC2
EVP_add_cipher(EVP_rc2_cbc());
#endif
#ifndef NO_MD2
EVP_add_digest(EVP_md2());
#endif
#ifndef NO_MD5
EVP_add_digest(EVP_md5());
EVP_add_digest_alias(SN_md5,"ssl2-md5");
EVP_add_digest_alias(SN_md5,"ssl3-md5");
#endif
#ifndef NO_SHA
EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
#endif
#if !defined(NO_SHA) && !defined(NO_DSA)
EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
#endif
/* If you want support for phased out ciphers, add the following */
#if 0
EVP_add_digest(EVP_sha());
EVP_add_digest(EVP_dss());
#endif
return(1);
}
int main( int argc, char *argv[]) {
PKCS7 *p7;
PKCS7_SIGNER_INFO *si;
X509_STORE_CTX cert_ctx;
X509_STORE *cert_store=NULL;
BIO *data = NULL, *p7bio=NULL;
BIO *signature = NULL;
int cmd=-1;
char *infile=NULL;
/* char *outfile=NULL; */
char *certfile=NULL;
char *keyfile=NULL;
char *key=NULL;
int nodetach=0;
char *datafile = NULL;
char *outfile = NULL;
char *signaturefile = NULL;
char buf[1024*4];
char **pp = NULL;
int badops=0, outdata=0, err=0, version=0, i;
/* default certificates dir */
/* char *certsdir="/usr/local/OpenCA/certs"; */
/* default certificates file */
/* char *certsfile="/usr/local/OpenCA/cacert.pem"; */
char *certsdir = NULL;
char *certsfile = NULL;
STACK_OF(PKCS7_SIGNER_INFO) *sk;
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
#ifndef NO_MD5
EVP_add_digest(EVP_md5());
#endif
#ifndef NO_SHA1
EVP_add_digest(EVP_sha1());
#endif
if( argc <= 1 ) {
printVersion( bio_err, INFO );
printf("ERROR: needed command and arguments missing\n\n");
badops=1;
goto badops;
}
if( ( cmd = getCommand( argc, argv ) ) == -1 ) {
printVersion( bio_err, INFO );
printf("ERROR: unknown command %s\n\n", argv[1] );
badops=1;
goto badops;
}
if( argc >= 1 ) {
argc--;
argv++;
if( argc <= 1 )
{
printVersion( bio_err, INFO );
printf("ERROR: needed at least one argument!\n\n" );
badops=1;
goto badops;
}
}
while (argc > 1) {
argc--;
argv++;
if (strcmp(*argv,"-verbose") == 0)
{
verbose=1;
}
else if (strcmp(*argv,"-print_data") == 0)
{
outdata=1;
}
else if (strcmp(*argv,"-no_chain") == 0)
{
chainVerify=0;
}
else if (strcmp(*argv,"-data") == 0)
{
if (--argc < 1) goto bad;
datafile= *( ++argv );
}
else if (strcmp(*argv,"-d") == 0)
{
/* Present for compatibility reasons ... */
if (--argc < 1) goto bad;
datafile= *( ++argv );
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *( ++argv );
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *( ++argv );
}
else if (strcmp(*argv,"-cd") == 0)
{
if (--argc < 1) goto bad;
certsdir = *(++argv);
}
else if (strcmp(*argv,"-cf") == 0)
{
if (--argc < 1) goto bad;
certsfile = *( ++argv );
}
else if (strcmp(*argv,"-cert") == 0)
{
if (--argc < 1) goto bad;
certfile = *( ++argv );
}
else if (strcmp(*argv,"-keyfile") == 0)
{
if (--argc < 1) goto bad;
keyfile = *( ++argv );
}
else if (strcmp(*argv,"-key") == 0)
{
if (--argc < 1) goto bad;
key = *( ++argv );
}
else if (strcmp(*argv,"-nd") == 0)
{
nodetach=1;
}
else if (strcmp(*argv,"-h") == 0)
{
badops=1;
break;
}
else
{
if( argc == 2 ) {
datafile = *argv;
argc--;
continue;
}
bad:
printVersion( bio_err, INFO );
BIO_printf(bio_err,"ERROR: unknown option %s\n\n",*argv);
badops=1;
break;
}
}
badops:
if (badops) {
for (pp=usage; (*pp != NULL); pp++)
BIO_printf(bio_err,*pp);
exit(1);
}
if( cmd == 1 ) {
generateSignature( verbose, infile, outfile, certfile, keyfile, key, nodetach );
} else if ( cmd == 2 )
{
verifySignature( verbose, infile, outfile, outdata,
chainVerify, datafile, certsdir, certsfile);
}
else if ( cmd == 3 )
{
sign2nd( verbose, infile, outfile, datafile, outdata );
}
exit(0);
}
TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props)
{
SSL_CTX *server_ctx;
long off = 0;
int verify_flags = SSL_VERIFY_NONE;
int cachable;
int protomask;
TLS_APPL_STATE *app_ctx;
const EVP_MD *md_alg;
unsigned int md_len;
if (props->log_level >= 2)
msg_info("initializing the server-side TLS engine");
/*
* Load (mostly cipher related) TLS-library internal main.cf parameters.
*/
tls_param_init();
/*
* Detect mismatch between compile-time headers and run-time library.
*/
tls_check_version();
/*
* Initialize the OpenSSL library by the book! To start with, we must
* initialize the algorithms. We want cleartext error messages instead of
* just error codes, so we load the error_strings.
*/
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
/*
* First validate the protocols. If these are invalid, we can't continue.
*/
protomask = tls_protocol_mask(props->protocols);
if (protomask == TLS_PROTOCOL_INVALID) {
/* tls_protocol_mask() logs no warning. */
msg_warn("Invalid TLS protocol list \"%s\": disabling TLS support",
props->protocols);
return (0);
}
/*
* Create an application data index for SSL objects, so that we can
* attach TLScontext information; this information is needed inside
* tls_verify_certificate_callback().
*/
if (TLScontext_index < 0) {
if ((TLScontext_index = SSL_get_ex_new_index(0, 0, 0, 0, 0)) < 0) {
msg_warn("Cannot allocate SSL application data index: "
"disabling TLS support");
return (0);
}
}
/*
* Register SHA-2 digests, if implemented and not already registered.
* Improves interoperability with clients and servers that prematurely
* deploy SHA-2 certificates.
*/
#if defined(LN_sha256) && defined(NID_sha256) && !defined(OPENSSL_NO_SHA256)
if (!EVP_get_digestbyname(LN_sha224))
EVP_add_digest(EVP_sha224());
if (!EVP_get_digestbyname(LN_sha256))
EVP_add_digest(EVP_sha256());
#endif
#if defined(LN_sha512) && defined(NID_sha512) && !defined(OPENSSL_NO_SHA512)
if (!EVP_get_digestbyname(LN_sha384))
EVP_add_digest(EVP_sha384());
if (!EVP_get_digestbyname(LN_sha512))
EVP_add_digest(EVP_sha512());
#endif
/*
* If the administrator specifies an unsupported digest algorithm, fail
* now, rather than in the middle of a TLS handshake.
*/
if ((md_alg = EVP_get_digestbyname(props->fpt_dgst)) == 0) {
msg_warn("Digest algorithm \"%s\" not found: disabling TLS support",
props->fpt_dgst);
return (0);
}
/*
* Sanity check: Newer shared libraries may use larger digests.
*/
if ((md_len = EVP_MD_size(md_alg)) > EVP_MAX_MD_SIZE) {
msg_warn("Digest algorithm \"%s\" output size %u too large:"
" disabling TLS support", props->fpt_dgst, md_len);
return (0);
}
/*
* Initialize the PRNG (Pseudo Random Number Generator) with some seed
* from external and internal sources. Don't enable TLS without some real
* entropy.
*/
if (tls_ext_seed(var_tls_daemon_rand_bytes) < 0) {
msg_warn("no entropy for TLS key generation: disabling TLS support");
return (0);
}
tls_int_seed();
/*
* The SSL/TLS specifications require the client to send a message in the
* oldest specification it understands with the highest level it
* understands in the message. Netscape communicator can still
* communicate with SSLv2 servers, so it sends out a SSLv2 client hello.
* To deal with it, our server must be SSLv2 aware (even if we don't like
* SSLv2), so we need to have the SSLv23 server here. If we want to limit
* the protocol level, we can add an option to not use SSLv2/v3/TLSv1
* later.
*/
ERR_clear_error();
if ((server_ctx = SSL_CTX_new(SSLv23_server_method())) == 0) {
msg_warn("cannot allocate server SSL_CTX: disabling TLS support");
tls_print_errors();
return (0);
}
/*
* See the verify callback in tls_verify.c
*/
SSL_CTX_set_verify_depth(server_ctx, props->verifydepth + 1);
/*
* Protocol work-arounds, OpenSSL version dependent.
*/
#ifdef SSL_OP_NO_TICKET
off |= SSL_OP_NO_TICKET;
#endif
off |= tls_bug_bits();
SSL_CTX_set_options(server_ctx, off);
/*
* Global protocol selection.
*/
if (protomask != 0)
SSL_CTX_set_options(server_ctx,
((protomask & TLS_PROTOCOL_TLSv1) ? SSL_OP_NO_TLSv1 : 0L)
| ((protomask & TLS_PROTOCOL_TLSv1_1) ? SSL_OP_NO_TLSv1_1 : 0L)
| ((protomask & TLS_PROTOCOL_TLSv1_2) ? SSL_OP_NO_TLSv1_2 : 0L)
| ((protomask & TLS_PROTOCOL_SSLv3) ? SSL_OP_NO_SSLv3 : 0L)
| ((protomask & TLS_PROTOCOL_SSLv2) ? SSL_OP_NO_SSLv2 : 0L));
#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
/*
* Some sites may want to give the client less rope. On the other hand,
* this could trigger inter-operability issues, the client should not
* offer ciphers it implements poorly, but this hasn't stopped some
* vendors from getting it wrong.
*
* XXX: Given OpenSSL's security history, nobody should still be using
* 0.9.7, let alone 0.9.6 or earlier. Warning added to TLS_README.html.
*/
if (var_tls_preempt_clist)
SSL_CTX_set_options(server_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
#endif
/*
* Set the call-back routine to debug handshake progress.
*/
if (props->log_level >= 2)
SSL_CTX_set_info_callback(server_ctx, tls_info_callback);
/*
* Load the CA public key certificates for both the server cert and for
* the verification of client certificates. As provided by OpenSSL we
* support two types of CA certificate handling: One possibility is to
* add all CA certificates to one large CAfile, the other possibility is
* a directory pointed to by CApath, containing separate files for each
* CA with softlinks named after the hash values of the certificate. The
* first alternative has the advantage that the file is opened and read
* at startup time, so that you don't have the hassle to maintain another
* copy of the CApath directory for chroot-jail.
*/
if (tls_set_ca_certificate_info(server_ctx,
props->CAfile, props->CApath) < 0) {
/* tls_set_ca_certificate_info() already logs a warning. */
SSL_CTX_free(server_ctx); /* 200411 */
return (0);
}
/*
* Load the server public key certificate and private key from file and
* check whether the cert matches the key. We can use RSA certificates
* ("cert") DSA certificates ("dcert") or ECDSA certificates ("eccert").
* All three can be made available at the same time. The CA certificates
* for all three are handled in the same setup already finished. Which
* one is used depends on the cipher negotiated (that is: the first
* cipher listed by the client which does match the server). A client
* with RSA only (e.g. Netscape) will use the RSA certificate only. A
* client with openssl-library will use RSA first if not especially
* changed in the cipher setup.
*/
if (tls_set_my_certificate_key_info(server_ctx,
props->cert_file,
props->key_file,
props->dcert_file,
props->dkey_file,
props->eccert_file,
props->eckey_file) < 0) {
/* tls_set_my_certificate_key_info() already logs a warning. */
SSL_CTX_free(server_ctx); /* 200411 */
return (0);
}
/*
* According to the OpenSSL documentation, temporary RSA key is needed
* export ciphers are in use. We have to provide one, so well, we just do
* it.
*/
SSL_CTX_set_tmp_rsa_callback(server_ctx, tls_tmp_rsa_cb);
/*
* Diffie-Hellman key generation parameters can either be loaded from
* files (preferred) or taken from compiled in values. First, set the
* callback that will select the values when requested, then load the
* (possibly) available DH parameters from files. We are generous with
* the error handling, since we do have default values compiled in, so we
* will not abort but just log the error message.
*/
SSL_CTX_set_tmp_dh_callback(server_ctx, tls_tmp_dh_cb);
if (*props->dh1024_param_file != 0)
tls_set_dh_from_file(props->dh1024_param_file, 1024);
if (*props->dh512_param_file != 0)
tls_set_dh_from_file(props->dh512_param_file, 512);
/*
* Enable EECDH if available, errors are not fatal, we just keep going
* with any remaining key-exchange algorithms.
*/
(void) tls_set_eecdh_curve(server_ctx, props->eecdh_grade);
/*
* If we want to check client certificates, we have to indicate it in
* advance. By now we only allow to decide on a global basis. If we want
* to allow certificate based relaying, we must ask the client to provide
* one with SSL_VERIFY_PEER. The client now can decide, whether it
* provides one or not. We can enforce a failure of the negotiation with
* SSL_VERIFY_FAIL_IF_NO_PEER_CERT, if we do not allow a connection
* without one. In the "server hello" following the initialization by the
* "client hello" the server must provide a list of CAs it is willing to
* accept. Some clever clients will then select one from the list of
* available certificates matching these CAs. Netscape Communicator will
* present the list of certificates for selecting the one to be sent, or
* it will issue a warning, if there is no certificate matching the
* available CAs.
*
* With regard to the purpose of the certificate for relaying, we might like
* a later negotiation, maybe relaying would already be allowed for other
* reasons, but this would involve severe changes in the internal postfix
* logic, so we have to live with it the way it is.
*/
if (props->ask_ccert)
verify_flags = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
SSL_CTX_set_verify(server_ctx, verify_flags,
tls_verify_certificate_callback);
if (*props->CAfile)
SSL_CTX_set_client_CA_list(server_ctx,
SSL_load_client_CA_file(props->CAfile));
/*
* Initialize our own TLS server handle, before diving into the details
* of TLS session cache management.
*/
app_ctx = tls_alloc_app_context(server_ctx);
/*
* The session cache is implemented by the tlsmgr(8) server.
*
* XXX 200502 Surprise: when OpenSSL purges an entry from the in-memory
* cache, it also attempts to purge the entry from the on-disk cache.
* This is undesirable, especially when we set the in-memory cache size
* to 1. For this reason we don't allow OpenSSL to purge on-disk cache
* entries, and leave it up to the tlsmgr process instead. Found by
* Victor Duchovni.
*/
if (tls_mgr_policy(props->cache_type, &cachable) != TLS_MGR_STAT_OK)
cachable = 0;
if (cachable || props->set_sessid) {
/*
* Initialize the session cache.
*
* With a large number of concurrent smtpd(8) processes, it is not a
* good idea to cache multiple large session objects in each process.
* We set the internal cache size to 1, and don't register a
* "remove_cb" so as to avoid deleting good sessions from the
* external cache prematurely (when the internal cache is full,
* OpenSSL removes sessions from the external cache also)!
*
* This makes SSL_CTX_remove_session() not useful for flushing broken
* sessions from the external cache, so we must delete them directly
* (not via a callback).
*
* Set a session id context to identify to what type of server process
* created a session. In our case, the context is simply the name of
* the mail system: "Postfix/TLS".
*/
SSL_CTX_sess_set_cache_size(server_ctx, 1);
SSL_CTX_set_session_id_context(server_ctx,
(void *) &server_session_id_context,
sizeof(server_session_id_context));
SSL_CTX_set_session_cache_mode(server_ctx,
SSL_SESS_CACHE_SERVER |
SSL_SESS_CACHE_NO_AUTO_CLEAR);
if (cachable) {
app_ctx->cache_type = mystrdup(props->cache_type);
SSL_CTX_sess_set_get_cb(server_ctx, get_server_session_cb);
SSL_CTX_sess_set_new_cb(server_ctx, new_server_session_cb);
}
/*
* OpenSSL ignores timed-out sessions. We need to set the internal
* cache timeout at least as high as the external cache timeout. This
* applies even if no internal cache is used.
*/
SSL_CTX_set_timeout(server_ctx, props->scache_timeout);
} else {
/*
* If we have no external cache, disable all caching. No use wasting
* server memory resources with sessions they are unlikely to be able
* to reuse.
*/
SSL_CTX_set_session_cache_mode(server_ctx, SSL_SESS_CACHE_OFF);
}
return (app_ctx);
}
/*
* Create Global context SSL and use it in every new session
*
* - Load the trusted CAs
* - Load the Private key & the certificate
* - Set the Context options & Verify options
*/
static SSL_CTX *init_tls_ctx(EAP_TLS_CONF *conf)
{
SSL_METHOD *meth;
SSL_CTX *ctx;
X509_STORE *certstore;
int verify_mode = SSL_VERIFY_NONE;
int ctx_options = 0;
int type;
/*
* Add all the default ciphers and message digests
* Create our context.
*/
SSL_library_init();
SSL_load_error_strings();
/*
* SHA256 is in all versions of OpenSSL, but isn't
* initialized by default. It's needed for WiMAX
* certificates.
*/
#ifdef HAVE_OPENSSL_EVP_SHA256
EVP_add_digest(EVP_sha256());
#endif
meth = TLSv1_method();
ctx = SSL_CTX_new(meth);
/*
* Identify the type of certificates that needs to be loaded
*/
if (conf->file_type) {
type = SSL_FILETYPE_PEM;
} else {
type = SSL_FILETYPE_ASN1;
}
/*
* Set the password to load private key
*/
if (conf->private_key_password) {
#ifdef __APPLE__
/*
* We don't want to put the private key password in eap.conf, so check
* for our special string which indicates we should get the password
* programmatically.
*/
const char* special_string = "Apple:UseCertAdmin";
if (strncmp(conf->private_key_password,
special_string,
strlen(special_string)) == 0)
{
char cmd[256];
const long max_password_len = 128;
snprintf(cmd, sizeof(cmd) - 1,
"/usr/sbin/certadmin --get-private-key-passphrase \"%s\"",
conf->private_key_file);
DEBUG2("rlm_eap: Getting private key passphrase using command \"%s\"", cmd);
FILE* cmd_pipe = popen(cmd, "r");
if (!cmd_pipe) {
radlog(L_ERR, "rlm_eap: %s command failed. Unable to get private_key_password", cmd);
radlog(L_ERR, "rlm_eap: Error reading private_key_file %s", conf->private_key_file);
return NULL;
}
free(conf->private_key_password);
conf->private_key_password = malloc(max_password_len * sizeof(char));
if (!conf->private_key_password) {
radlog(L_ERR, "rlm_eap: Can't malloc space for private_key_password");
radlog(L_ERR, "rlm_eap: Error reading private_key_file %s", conf->private_key_file);
pclose(cmd_pipe);
return NULL;
}
fgets(conf->private_key_password, max_password_len, cmd_pipe);
pclose(cmd_pipe);
/* Get rid of newline at end of password. */
conf->private_key_password[strlen(conf->private_key_password) - 1] = '\0';
DEBUG2("rlm_eap: Password from command = \"%s\"", conf->private_key_password);
}
#endif
SSL_CTX_set_default_passwd_cb_userdata(ctx, conf->private_key_password);
SSL_CTX_set_default_passwd_cb(ctx, cbtls_password);
}
/*
* Load our keys and certificates
*
* If certificates are of type PEM then we can make use
* of cert chain authentication using openssl api call
* SSL_CTX_use_certificate_chain_file. Please see how
* the cert chain needs to be given in PEM from
* openSSL.org
*/
if (type == SSL_FILETYPE_PEM) {
if (!(SSL_CTX_use_certificate_chain_file(ctx, conf->certificate_file))) {
radlog(L_ERR, "rlm_eap: SSL error %s", ERR_error_string(ERR_get_error(), NULL));
radlog(L_ERR, "rlm_eap_tls: Error reading certificate file %s", conf->certificate_file);
return NULL;
}
} else if (!(SSL_CTX_use_certificate_file(ctx, conf->certificate_file, type))) {
radlog(L_ERR, "rlm_eap: SSL error %s", ERR_error_string(ERR_get_error(), NULL));
radlog(L_ERR, "rlm_eap_tls: Error reading certificate file %s", conf->certificate_file);
return NULL;
}
/* Load the CAs we trust */
if (conf->ca_file || conf->ca_path) {
if (!SSL_CTX_load_verify_locations(ctx, conf->ca_file, conf->ca_path)) {
radlog(L_ERR, "rlm_eap: SSL error %s", ERR_error_string(ERR_get_error(), NULL));
radlog(L_ERR, "rlm_eap_tls: Error reading Trusted root CA list %s",conf->ca_file );
return NULL;
}
}
if (conf->ca_file && *conf->ca_file) SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(conf->ca_file));
if (!(SSL_CTX_use_PrivateKey_file(ctx, conf->private_key_file, type))) {
radlog(L_ERR, "rlm_eap: SSL error %s", ERR_error_string(ERR_get_error(), NULL));
radlog(L_ERR, "rlm_eap_tls: Error reading private key file %s", conf->private_key_file);
return NULL;
}
/*
* Check if the loaded private key is the right one
*/
if (!SSL_CTX_check_private_key(ctx)) {
radlog(L_ERR, "rlm_eap_tls: Private key does not match the certificate public key");
return NULL;
}
/*
* Set ctx_options
*/
ctx_options |= SSL_OP_NO_SSLv2;
ctx_options |= SSL_OP_NO_SSLv3;
#ifdef SSL_OP_NO_TICKET
ctx_options |= SSL_OP_NO_TICKET ;
#endif
/*
* SSL_OP_SINGLE_DH_USE must be used in order to prevent
* small subgroup attacks and forward secrecy. Always
* using
*
* SSL_OP_SINGLE_DH_USE has an impact on the computer
* time needed during negotiation, but it is not very
* large.
*/
ctx_options |= SSL_OP_SINGLE_DH_USE;
/*
* SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS to work around issues
* in Windows Vista client.
* http://www.openssl.org/~bodo/tls-cbc.txt
* http://www.nabble.com/(RADIATOR)-Radiator-Version-3.16-released-t2600070.html
*/
ctx_options |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
SSL_CTX_set_options(ctx, ctx_options);
/*
* TODO: Set the RSA & DH
* SSL_CTX_set_tmp_rsa_callback(ctx, cbtls_rsa);
* SSL_CTX_set_tmp_dh_callback(ctx, cbtls_dh);
*/
/*
* set the message callback to identify the type of
* message. For every new session, there can be a
* different callback argument.
*
* SSL_CTX_set_msg_callback(ctx, cbtls_msg);
*/
/* Set Info callback */
SSL_CTX_set_info_callback(ctx, cbtls_info);
/*
* Callbacks, etc. for session resumption.
*/
if (conf->session_cache_enable) {
SSL_CTX_sess_set_new_cb(ctx, cbtls_new_session);
SSL_CTX_sess_set_get_cb(ctx, cbtls_get_session);
SSL_CTX_sess_set_remove_cb(ctx, cbtls_remove_session);
SSL_CTX_set_quiet_shutdown(ctx, 1);
}
/*
* Check the certificates for revocation.
*/
#ifdef X509_V_FLAG_CRL_CHECK
if (conf->check_crl) {
certstore = SSL_CTX_get_cert_store(ctx);
if (certstore == NULL) {
radlog(L_ERR, "rlm_eap: SSL error %s", ERR_error_string(ERR_get_error(), NULL));
radlog(L_ERR, "rlm_eap_tls: Error reading Certificate Store");
return NULL;
}
X509_STORE_set_flags(certstore, X509_V_FLAG_CRL_CHECK);
}
#endif
/*
* Set verify modes
* Always verify the peer certificate
*/
verify_mode |= SSL_VERIFY_PEER;
verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
verify_mode |= SSL_VERIFY_CLIENT_ONCE;
SSL_CTX_set_verify(ctx, verify_mode, cbtls_verify);
if (conf->verify_depth) {
SSL_CTX_set_verify_depth(ctx, conf->verify_depth);
}
/* Load randomness */
if (!(RAND_load_file(conf->random_file, 1024*1024))) {
radlog(L_ERR, "rlm_eap: SSL error %s", ERR_error_string(ERR_get_error(), NULL));
radlog(L_ERR, "rlm_eap_tls: Error loading randomness");
return NULL;
}
/*
* Set the cipher list if we were told to
*/
if (conf->cipher_list) {
if (!SSL_CTX_set_cipher_list(ctx, conf->cipher_list)) {
radlog(L_ERR, "rlm_eap_tls: Error setting cipher list");
return NULL;
}
}
/*
* Setup session caching
*/
if (conf->session_cache_enable) {
/*
* Create a unique context Id per EAP-TLS configuration.
*/
if (conf->session_id_name) {
snprintf(conf->session_context_id,
sizeof(conf->session_context_id),
"FreeRADIUS EAP-TLS %s",
conf->session_id_name);
} else {
snprintf(conf->session_context_id,
sizeof(conf->session_context_id),
"FreeRADIUS EAP-TLS %p", conf);
}
/*
* Cache it, and DON'T auto-clear it.
*/
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER | SSL_SESS_CACHE_NO_AUTO_CLEAR);
SSL_CTX_set_session_id_context(ctx,
(unsigned char *) conf->session_context_id,
(unsigned int) strlen(conf->session_context_id));
/*
* Our timeout is in hours, this is in seconds.
*/
SSL_CTX_set_timeout(ctx, conf->session_timeout * 3600);
/*
* Set the maximum number of entries in the
* session cache.
*/
SSL_CTX_sess_set_cache_size(ctx, conf->session_cache_size);
} else {
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
}
/*
* Register the application indices. We can't use
* hard-coded "0" and "1" as before, because we need to
* set up a "free" handler for the cached session
* information.
*/
if (eaptls_handle_idx < 0) {
eaptls_handle_idx = SSL_get_ex_new_index(0, &eaptls_handle_idx,
NULL, NULL, NULL);
}
if (eaptls_conf_idx < 0) {
eaptls_conf_idx = SSL_get_ex_new_index(0, &eaptls_conf_idx,
NULL, NULL, NULL);
}
if (eaptls_store_idx < 0) {
eaptls_store_idx = SSL_get_ex_new_index(0, "eaptls_store_idx",
NULL, NULL, NULL);
}
if (eaptls_session_idx < 0) {
eaptls_session_idx = SSL_get_ex_new_index(0, &eaptls_session_idx,
NULL, NULL,
eaptls_session_free);
}
return ctx;
}
/* This function must be called before trying to sign any file.
* It loads string for errors, and ciphers are auto-loaded by OpenSSL now.
* If this function fails it may be because the certificate cannot
* be validated.
*
* returns: true if can initialize and validate certificates, otherwise false */
bool signature_init(const char *certificate_path, const char *crl)
{
int ret = -1;
X509 *cert;
if (!certificate_path) {
error("Invalid swupd certificate - Empty");
return false;
}
ERR_load_crypto_strings();
ERR_load_PKCS7_strings();
EVP_add_digest(EVP_sha256());
cert = get_cert_from_path(certificate_path);
if (!cert) {
goto fail;
}
ret = validate_certificate(cert, certificate_path, crl);
if (ret) {
if (ret == X509_V_ERR_CERT_NOT_YET_VALID) {
BIO *b;
time_t currtime = 0;
struct tm *timeinfo;
char time_str[50];
/* The system time wasn't sane, print out what it is and the cert validity range */
time(&currtime);
timeinfo = localtime(&currtime);
strftime(time_str, sizeof(time_str), "%a %b %d %H:%M:%S %Y", timeinfo);
warn("Current time is %s\n", time_str);
info("Certificate validity is:\n");
b = BIO_new_fp(stdout, BIO_NOCLOSE);
if (b == NULL) {
error("Failed to create BIO wrapping stream\n");
goto fail;
}
/* The ASN1_TIME_print function does not include a newline... */
if (!ASN1_TIME_print(b, X509_get_notBefore(cert))) {
info("\n");
error("Failed to get certificate begin date\n");
goto fail;
}
info("\n");
if (!ASN1_TIME_print(b, X509_get_notAfter(cert))) {
info("\n");
error("Failed to get certificate expiration date\n");
goto fail;
}
info("\n");
BIO_free(b);
}
goto fail;
}
/* Push our trust cert(s) to the stack, which is a set of certificates
* in which to search for the signer's cert. */
x509_stack = sk_X509_new_null();
if (!x509_stack) {
goto fail;
}
sk_X509_push(x509_stack, cert);
return true;
fail:
error("Failed to verify certificate: %s\n", X509_verify_cert_error_string(ret));
return false;
}
static void ossl_init_ssl_base(void)
{
#ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
"Adding SSL ciphers and digests\n");
#endif
#ifndef OPENSSL_NO_DES
EVP_add_cipher(EVP_des_cbc());
EVP_add_cipher(EVP_des_ede3_cbc());
#endif
#ifndef OPENSSL_NO_IDEA
EVP_add_cipher(EVP_idea_cbc());
#endif
#ifndef OPENSSL_NO_RC4
EVP_add_cipher(EVP_rc4());
# ifndef OPENSSL_NO_MD5
EVP_add_cipher(EVP_rc4_hmac_md5());
# endif
#endif
#ifndef OPENSSL_NO_RC2
EVP_add_cipher(EVP_rc2_cbc());
/*
* Not actually used for SSL/TLS but this makes PKCS#12 work if an
* application only calls SSL_library_init().
*/
EVP_add_cipher(EVP_rc2_40_cbc());
#endif
#ifndef OPENSSL_NO_AES
EVP_add_cipher(EVP_aes_128_cbc());
EVP_add_cipher(EVP_aes_192_cbc());
EVP_add_cipher(EVP_aes_256_cbc());
EVP_add_cipher(EVP_aes_128_gcm());
EVP_add_cipher(EVP_aes_256_gcm());
EVP_add_cipher(EVP_aes_128_ccm());
EVP_add_cipher(EVP_aes_256_ccm());
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());
#endif
#ifndef OPENSSL_NO_CAMELLIA
EVP_add_cipher(EVP_camellia_128_cbc());
EVP_add_cipher(EVP_camellia_256_cbc());
#endif
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
EVP_add_cipher(EVP_chacha20_poly1305());
#endif
#ifndef OPENSSL_NO_SEED
EVP_add_cipher(EVP_seed_cbc());
#endif
#ifndef OPENSSL_NO_MD5
EVP_add_digest(EVP_md5());
EVP_add_digest_alias(SN_md5, "ssl3-md5");
# ifndef OPENSSL_NO_SHA
EVP_add_digest(EVP_md5_sha1());
# endif
#endif
EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
EVP_add_digest(EVP_sha224());
EVP_add_digest(EVP_sha256());
EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512());
#ifndef OPENSSL_NO_COMP
#ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
"SSL_COMP_get_compression_methods()\n");
#endif
/*
* This will initialise the built-in compression algorithms. The value
* returned is a STACK_OF(SSL_COMP), but that can be discarded safely
*/
SSL_COMP_get_compression_methods();
#endif
/* initialize cipher/digest methods table */
ssl_load_ciphers();
#ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
"SSL_add_ssl_module()\n");
#endif
SSL_add_ssl_module();
/*
* We ignore an error return here. Not much we can do - but not that bad
* either. We can still safely continue.
*/
OPENSSL_atexit(ssl_library_stop);
ssl_base_inited = 1;
}
static int pk7_verify(X509_STORE *cert_store, PKCS7 *p7, BIO *detached, char *ebuf, int ebufsize)
{
PKCS7_SIGNER_INFO *si;
verify_context vctx;
BIO *p7bio=NULL;
char readbuf[1024*4];
int res = 1;
int i;
STACK_OF(PKCS7_SIGNER_INFO) *sk;
vctx.err = X509_V_OK;
ebuf[0] = 0;
OpenSSL_add_all_algorithms();
EVP_add_digest(EVP_md5());
EVP_add_digest(EVP_sha1());
ERR_load_crypto_strings();
ERR_clear_error();
X509_VERIFY_PARAM_set_flags(cert_store->param, X509_V_FLAG_CB_ISSUER_CHECK);
X509_STORE_set_verify_cb_func(cert_store, verify_callback);
p7bio = PKCS7_dataInit(p7, detached);
/* We now have to 'read' from p7bio to calculate digests etc. */
while (BIO_read(p7bio, readbuf, sizeof(readbuf)) > 0)
;
/* We can now verify signatures */
sk = PKCS7_get_signer_info(p7);
if (sk == NULL)
{
/* there are no signatures on this data */
res = 0;
fz_strlcpy(ebuf, "No signatures", ebufsize);
goto exit;
}
for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++)
{
int rc;
si = sk_PKCS7_SIGNER_INFO_value(sk, i);
rc = PKCS7_dataVerify(cert_store, &vctx.x509_ctx, p7bio,p7, si);
if (rc <= 0 || vctx.err != X509_V_OK)
{
char tbuf[120];
if (rc <= 0)
{
fz_strlcpy(ebuf, ERR_error_string(ERR_get_error(), tbuf), ebufsize);
}
else
{
/* Error while checking the certificate chain */
snprintf(ebuf, ebufsize, "%s(%d): %s", X509_verify_cert_error_string(vctx.err), vctx.err, vctx.certdesc);
}
res = 0;
goto exit;
}
}
exit:
X509_STORE_CTX_cleanup(&vctx.x509_ctx);
ERR_free_strings();
return res;
}
int SSL_library_init(void)
{
#ifndef OPENSSL_NO_DES
EVP_add_cipher(EVP_des_cbc());
EVP_add_cipher(EVP_des_ede3_cbc());
#endif
#ifndef OPENSSL_NO_IDEA
EVP_add_cipher(EVP_idea_cbc());
#endif
#ifndef OPENSSL_NO_RC4
EVP_add_cipher(EVP_rc4());
# if !defined(OPENSSL_NO_MD5) && (defined(__x86_64) || defined(__x86_64__))
EVP_add_cipher(EVP_rc4_hmac_md5());
# endif
#endif
#ifndef OPENSSL_NO_RC2
EVP_add_cipher(EVP_rc2_cbc());
/*
* Not actually used for SSL/TLS but this makes PKCS#12 work if an
* application only calls SSL_library_init().
*/
EVP_add_cipher(EVP_rc2_40_cbc());
#endif
#ifndef OPENSSL_NO_AES
EVP_add_cipher(EVP_aes_128_cbc());
EVP_add_cipher(EVP_aes_192_cbc());
EVP_add_cipher(EVP_aes_256_cbc());
EVP_add_cipher(EVP_aes_128_gcm());
EVP_add_cipher(EVP_aes_256_gcm());
# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
# endif
# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());
# endif
#endif
#ifndef OPENSSL_NO_CAMELLIA
EVP_add_cipher(EVP_camellia_128_cbc());
EVP_add_cipher(EVP_camellia_256_cbc());
#endif
#ifndef OPENSSL_NO_SEED
EVP_add_cipher(EVP_seed_cbc());
#endif
#ifndef OPENSSL_NO_MD5
EVP_add_digest(EVP_md5());
EVP_add_digest_alias(SN_md5, "ssl2-md5");
EVP_add_digest_alias(SN_md5, "ssl3-md5");
#endif
#ifndef OPENSSL_NO_SHA
EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
#endif
#ifndef OPENSSL_NO_SHA256
EVP_add_digest(EVP_sha224());
EVP_add_digest(EVP_sha256());
#endif
#ifndef OPENSSL_NO_SHA512
EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512());
#endif
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
#endif
#ifndef OPENSSL_NO_ECDSA
EVP_add_digest(EVP_ecdsa());
#endif
#ifndef NO_GMSSL
EVP_add_cipher(EVP_sms4_cbc());
EVP_add_digest(EVP_sm3());
#endif
/* If you want support for phased out ciphers, add the following */
#if 0
EVP_add_digest(EVP_sha());
EVP_add_digest(EVP_dss());
#endif
#ifndef OPENSSL_NO_COMP
/*
* This will initialise the built-in compression algorithms. The value
* returned is a STACK_OF(SSL_COMP), but that can be discarded safely
*/
(void)SSL_COMP_get_compression_methods();
#endif
/* initialize cipher/digest methods table */
ssl_load_ciphers();
return (1);
}
int create_envelope(PluginInstance *inst, u8 **data, int *datalen)
{
int r;
PKCS7 *p7 = NULL;
X509 *x509 = NULL;
PKCS7_SIGNER_INFO *si = NULL;
EVP_PKEY *pkey = NULL;
BIO *in = NULL, *p7bio = NULL;
u8 *buf;
r = extract_certificate_and_pkey(inst, &x509, &pkey);
if (r)
goto err;
p7 = PKCS7_new();
if (p7 == NULL) {
r = -1;
goto err;
}
r = PKCS7_set_type(p7, NID_pkcs7_signed);
if (r != 1) {
r = -1;
goto err;
}
EVP_add_digest(EVP_sha1());
si = PKCS7_add_signature(p7, x509, pkey, EVP_sha1());
if (si == NULL) {
r = -1;
goto err;
}
PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT,
OBJ_nid2obj(NID_pkcs7_data));
r = PKCS7_add_certificate(p7, x509);
if (r != 1) {
printf("PKCS7_add_certificate failed.\n");
goto err;
}
PKCS7_content_new(p7, NID_pkcs7_data);
p7bio = PKCS7_dataInit(p7, NULL);
if (p7bio == NULL) {
r = -1;
goto err;
}
in = BIO_new_mem_buf(inst->signdata, inst->signdata_len);
if (in == NULL) {
r = -1;
goto err;
}
for (;;) {
char lbuf[1024];
int i = BIO_read(in, lbuf, sizeof(lbuf));
if (i <= 0)
break;
BIO_write(p7bio, lbuf, i);
}
if (!PKCS7_dataFinal(p7, p7bio)) {
r = -1;
goto err;
}
/* FIXME: remove this */
r = i2d_PKCS7(p7, NULL);
if (r <= 0) {
r = -1;
goto err;
}
buf = (u8 *) malloc(r);
if (buf == NULL)
goto err;
*data = buf;
r = i2d_PKCS7(p7, &buf);
*datalen = r;
if (r <= 0) {
free(buf);
r = -1;
goto err;
}
r = 0;
err:
if (p7)
PKCS7_free(p7);
if (in)
BIO_free(in);
if (p7bio)
BIO_free(p7bio);
#if 0
if (si)
PKCS7_SIGNER_INFO_free(si);
#endif
if (pkey)
EVP_PKEY_free(pkey);
if (x509)
X509_free(x509);
if (r) {
#if 0
ERR_load_crypto_strings();
ERR_print_errors_fp(stderr);
#endif
}
return r;
}
static int bind_gost (ENGINE * e, const char *id)
{
int ret = 0;
if (id && strcmp (id, engine_gost_id))
return 0;
if (ameth_GostR3410_94)
{
printf ("GOST engine already loaded\n");
goto end;
}
if (!ENGINE_set_id (e, engine_gost_id))
{
printf ("ENGINE_set_id failed\n");
goto end;
}
if (!ENGINE_set_name (e, engine_gost_name))
{
printf ("ENGINE_set_name failed\n");
goto end;
}
if (!ENGINE_set_digests (e, gost_digests))
{
printf ("ENGINE_set_digests failed\n");
goto end;
}
if (!ENGINE_set_ciphers (e, gost_ciphers))
{
printf ("ENGINE_set_ciphers failed\n");
goto end;
}
if (!ENGINE_set_pkey_meths (e, gost_pkey_meths))
{
printf ("ENGINE_set_pkey_meths failed\n");
goto end;
}
if (!ENGINE_set_pkey_asn1_meths (e, gost_pkey_asn1_meths))
{
printf ("ENGINE_set_pkey_asn1_meths failed\n");
goto end;
}
/* Control function and commands */
if (!ENGINE_set_cmd_defns (e, gost_cmds))
{
fprintf (stderr, "ENGINE_set_cmd_defns failed\n");
goto end;
}
if (!ENGINE_set_ctrl_function (e, gost_control_func))
{
fprintf (stderr, "ENGINE_set_ctrl_func failed\n");
goto end;
}
if (!ENGINE_set_destroy_function (e, gost_engine_destroy)
|| !ENGINE_set_init_function (e, gost_engine_init) || !ENGINE_set_finish_function (e, gost_engine_finish))
{
goto end;
}
if (!register_ameth_gost (NID_id_GostR3410_94, &ameth_GostR3410_94, "GOST94", "GOST R 34.10-94"))
goto end;
if (!register_ameth_gost (NID_id_GostR3410_2001, &ameth_GostR3410_2001, "GOST2001", "GOST R 34.10-2001"))
goto end;
if (!register_ameth_gost (NID_id_Gost28147_89_MAC, &ameth_Gost28147_MAC, "GOST-MAC", "GOST 28147-89 MAC"))
goto end;
if (!register_pmeth_gost (NID_id_GostR3410_94, &pmeth_GostR3410_94, 0))
goto end;
if (!register_pmeth_gost (NID_id_GostR3410_2001, &pmeth_GostR3410_2001, 0))
goto end;
if (!register_pmeth_gost (NID_id_Gost28147_89_MAC, &pmeth_Gost28147_MAC, 0))
goto end;
if (!ENGINE_register_ciphers (e) || !ENGINE_register_digests (e) || !ENGINE_register_pkey_meths (e)
/* These two actually should go in LIST_ADD command */
|| !EVP_add_cipher (&cipher_gost)
|| !EVP_add_cipher (&cipher_gost_cpacnt) || !EVP_add_digest (&digest_gost) || !EVP_add_digest (&imit_gost_cpa))
{
goto end;
}
ERR_load_GOST_strings ();
ret = 1;
end:
return ret;
}
void OpenSSL_add_all_digests(void)
{
#ifndef OPENSSL_NO_MD4
EVP_add_digest(EVP_md4());
#endif
#ifndef OPENSSL_NO_MD5
EVP_add_digest(EVP_md5());
EVP_add_digest_alias(SN_md5,"ssl2-md5");
EVP_add_digest_alias(SN_md5,"ssl3-md5");
#endif
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
EVP_add_digest(EVP_sha());
#ifndef OPENSSL_NO_DSA
EVP_add_digest(EVP_dss());
#endif
#endif
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
EVP_add_digest(EVP_sha1());
EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
#ifndef OPENSSL_NO_DSA
EVP_add_digest(EVP_dss1());
EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
#endif
#ifndef OPENSSL_NO_ECDSA
EVP_add_digest(EVP_ecdsa());
#endif
#endif
#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
EVP_add_digest(EVP_mdc2());
#endif
#ifndef OPENSSL_NO_RIPEMD
EVP_add_digest(EVP_ripemd160());
EVP_add_digest_alias(SN_ripemd160,"ripemd");
EVP_add_digest_alias(SN_ripemd160,"rmd160");
#endif
#ifndef OPENSSL_NO_SHA256
EVP_add_digest(EVP_sha224());
EVP_add_digest(EVP_sha256());
#endif
#ifndef OPENSSL_NO_SHA512
EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512());
#endif
#ifndef OPENSSL_NO_WHIRLPOOL
EVP_add_digest(EVP_whirlpool());
#endif
}
void openssl_add_all_digests_internal(void)
{
#ifndef OPENSSL_NO_MD4
EVP_add_digest(EVP_md4());
#endif
#ifndef OPENSSL_NO_MD5
EVP_add_digest(EVP_md5());
EVP_add_digest_alias(SN_md5, "ssl3-md5");
EVP_add_digest(EVP_md5_sha1());
#endif
EVP_add_digest(EVP_sha1());
EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
EVP_add_digest(EVP_mdc2());
#endif
#ifndef OPENSSL_NO_RMD160
EVP_add_digest(EVP_ripemd160());
EVP_add_digest_alias(SN_ripemd160, "ripemd");
EVP_add_digest_alias(SN_ripemd160, "rmd160");
#endif
EVP_add_digest(EVP_sha224());
EVP_add_digest(EVP_sha256());
EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512());
#ifndef OPENSSL_NO_WHIRLPOOL
EVP_add_digest(EVP_whirlpool());
#endif
}
