bool OSSLEVPHashAlgorithm::hashFinal(ByteString& hashedData)
{
if (!HashAlgorithm::hashFinal(hashedData))
{
return false;
}
hashedData.resize(EVP_MD_size(getEVPHash()));
unsigned int outLen = hashedData.size();
if (!EVP_DigestFinal_ex(curCTX, &hashedData[0], &outLen))
{
ERROR_MSG("EVP_DigestFinal failed");
EVP_MD_CTX_free(curCTX);
curCTX = NULL;
return false;
}
hashedData.resize(outLen);
EVP_MD_CTX_free(curCTX);
curCTX = NULL;
return true;
}
int
_libssh2_sha1(const unsigned char *message, unsigned long len,
unsigned char *out)
{
#ifdef HAVE_OPAQUE_STRUCTS
EVP_MD_CTX * ctx = EVP_MD_CTX_new();
if(ctx == NULL)
return 1; /* error */
if(EVP_DigestInit(ctx, EVP_get_digestbyname("sha1"))) {
EVP_DigestUpdate(ctx, message, len);
EVP_DigestFinal(ctx, out, NULL);
EVP_MD_CTX_free(ctx);
return 0; /* success */
}
EVP_MD_CTX_free(ctx);
#else
EVP_MD_CTX ctx;
EVP_MD_CTX_init(&ctx);
if(EVP_DigestInit(&ctx, EVP_get_digestbyname("sha1"))) {
EVP_DigestUpdate(&ctx, message, len);
EVP_DigestFinal(&ctx, out, NULL);
return 0; /* success */
}
#endif
return 1; /* error */
}
static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
{
EVP_MD_CTX *m5;
EVP_MD_CTX *s1;
unsigned char buf[16], smd[SHA_DIGEST_LENGTH];
unsigned char c = 'A';
unsigned int i, j, k;
int ret = 0;
#ifdef CHARSET_EBCDIC
c = os_toascii[c]; /* 'A' in ASCII */
#endif
k = 0;
m5 = EVP_MD_CTX_new();
s1 = EVP_MD_CTX_new();
if (m5 == NULL || s1 == NULL) {
SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
goto err;
}
EVP_MD_CTX_set_flags(m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) {
k++;
if (k > sizeof buf) {
/* bug: 'buf' is too small for this ciphersuite */
SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
return 0;
}
for (j = 0; j < k; j++)
buf[j] = c;
c++;
EVP_DigestInit_ex(s1, EVP_sha1(), NULL);
EVP_DigestUpdate(s1, buf, k);
EVP_DigestUpdate(s1, s->session->master_key,
s->session->master_key_length);
EVP_DigestUpdate(s1, s->s3->server_random, SSL3_RANDOM_SIZE);
EVP_DigestUpdate(s1, s->s3->client_random, SSL3_RANDOM_SIZE);
EVP_DigestFinal_ex(s1, smd, NULL);
EVP_DigestInit_ex(m5, EVP_md5(), NULL);
EVP_DigestUpdate(m5, s->session->master_key,
s->session->master_key_length);
EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH);
if ((int)(i + MD5_DIGEST_LENGTH) > num) {
EVP_DigestFinal_ex(m5, smd, NULL);
memcpy(km, smd, (num - i));
} else
EVP_DigestFinal_ex(m5, km, NULL);
km += MD5_DIGEST_LENGTH;
}
OPENSSL_cleanse(smd, sizeof(smd));
ret = 1;
err:
EVP_MD_CTX_free(m5);
EVP_MD_CTX_free(s1);
return ret;
}
PKI_MEM * HSM_OPENSSL_sign(PKI_MEM *der, PKI_DIGEST_ALG *digest, PKI_X509_KEYPAIR *key)
{
EVP_MD_CTX *ctx = NULL;
size_t out_size = 0;
size_t ossl_ret = 0;
PKI_MEM *out_mem = NULL;
EVP_PKEY *pkey = NULL;
if (!der || !der->data || !key || !key->value)
{
PKI_ERROR( PKI_ERR_PARAM_NULL, NULL);
return NULL;
}
// Private Key
pkey = key->value;
// Get the Maximum size of a signature
ossl_ret = out_size = (size_t) EVP_PKEY_size(pkey);
// Initialize the return structure
out_mem = PKI_MEM_new ((size_t)out_size);
ctx = EVP_MD_CTX_new();
if (!out_mem || !ctx) {
if (ctx) EVP_MD_CTX_free(ctx);
if (out_mem) PKI_MEM_free(out_mem);
PKI_ERROR( PKI_ERR_MEMORY_ALLOC, NULL);
return NULL;
}
EVP_MD_CTX_init(ctx);
EVP_SignInit_ex(ctx, digest, NULL);
EVP_SignUpdate (ctx, der->data, der->size);
// Finalize the signature
if (!EVP_SignFinal(ctx, out_mem->data, (unsigned int *) &ossl_ret, pkey))
{
PKI_log_err("ERROR while finalizing signature (%s)",
HSM_OPENSSL_get_errdesc(HSM_OPENSSL_get_errno(), NULL, 0));
PKI_MEM_free(out_mem);
out_mem = NULL;
}
else out_mem->size = (size_t) ossl_ret;
// Cleanup the context
#if OPENSSL_VERSION_NUMBER <= 0x1010000f
EVP_MD_CTX_cleanup(ctx);
#else
EVP_MD_CTX_reset(ctx);
#endif
EVP_MD_CTX_free(ctx);
return out_mem;
}
void HMAC_CTX_free(HMAC_CTX *ctx)
{
if (ctx != NULL) {
hmac_ctx_cleanup(ctx);
EVP_MD_CTX_free(ctx->i_ctx);
EVP_MD_CTX_free(ctx->o_ctx);
EVP_MD_CTX_free(ctx->md_ctx);
OPENSSL_free(ctx);
}
}
static int test_EVP_DigestSignInit(void)
{
int ret = 0;
EVP_PKEY *pkey = NULL;
unsigned char *sig = NULL;
size_t sig_len = 0;
EVP_MD_CTX *md_ctx, *md_ctx_verify;
md_ctx = EVP_MD_CTX_new();
md_ctx_verify = EVP_MD_CTX_new();
if (md_ctx == NULL || md_ctx_verify == NULL)
goto out;
pkey = load_example_rsa_key();
if (pkey == NULL ||
!EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey) ||
!EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))) {
goto out;
}
/* Determine the size of the signature. */
if (!EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) {
goto out;
}
/* Sanity check for testing. */
if (sig_len != (size_t)EVP_PKEY_size(pkey)) {
fprintf(stderr, "sig_len mismatch\n");
goto out;
}
sig = OPENSSL_malloc(sig_len);
if (sig == NULL || !EVP_DigestSignFinal(md_ctx, sig, &sig_len)) {
goto out;
}
/* Ensure that the signature round-trips. */
if (!EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(), NULL, pkey)
|| !EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))
|| !EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)) {
goto out;
}
ret = 1;
out:
if (!ret) {
ERR_print_errors_fp(stderr);
}
EVP_MD_CTX_free(md_ctx);
EVP_MD_CTX_free(md_ctx_verify);
EVP_PKEY_free(pkey);
OPENSSL_free(sig);
return ret;
}
BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass)
{
unsigned char dig[SHA_DIGEST_LENGTH];
EVP_MD_CTX *ctxt;
unsigned char *cs;
BIGNUM *res = NULL;
if ((s == NULL) || (user == NULL) || (pass == NULL))
return NULL;
ctxt = EVP_MD_CTX_new();
if (ctxt == NULL)
return NULL;
if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL)
goto err;
EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
EVP_DigestUpdate(ctxt, user, strlen(user));
EVP_DigestUpdate(ctxt, ":", 1);
EVP_DigestUpdate(ctxt, pass, strlen(pass));
EVP_DigestFinal_ex(ctxt, dig, NULL);
EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
BN_bn2bin(s, cs);
EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s));
OPENSSL_free(cs);
EVP_DigestUpdate(ctxt, dig, sizeof(dig));
EVP_DigestFinal_ex(ctxt, dig, NULL);
res = BN_bin2bn(dig, sizeof(dig), NULL);
err:
EVP_MD_CTX_free(ctxt);
return res;
}
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
size_t siglen)
{
unsigned char md[EVP_MAX_MD_SIZE];
int r = 0;
unsigned int mdlen = 0;
int vctx = 0;
if (ctx->pctx->pmeth->verifyctx)
vctx = 1;
else
vctx = 0;
if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) {
if (vctx) {
r = ctx->pctx->pmeth->verifyctx(ctx->pctx, sig, siglen, ctx);
} else
r = EVP_DigestFinal_ex(ctx, md, &mdlen);
} else {
EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
if (tmp_ctx == NULL || !EVP_MD_CTX_copy_ex(tmp_ctx, ctx))
return -1;
if (vctx) {
r = tmp_ctx->pctx->pmeth->verifyctx(tmp_ctx->pctx,
sig, siglen, tmp_ctx);
} else
r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen);
EVP_MD_CTX_free(tmp_ctx);
}
if (vctx || !r)
return r;
return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen);
}
static int
_md_cleanup (md_ctx *x)
{
int rv = 0;
assert (x != NULL);
assert (x->ctx != NULL);
#if HAVE_EVP_MD_CTX_FREE
/* OpenSSL >= 1.1.0 */
EVP_MD_CTX_free (x->ctx);
#elif HAVE_EVP_MD_CTX_DESTROY
/* OpenSSL >= 0.9.7, < 1.1.0 */
EVP_MD_CTX_destroy (x->ctx);
#else /* !HAVE_EVP_MD_CTX_DESTROY */
#if HAVE_EVP_MD_CTX_CLEANUP
/* OpenSSL >= 0.9.7, < 1.1.0 */
if (EVP_MD_CTX_cleanup (x->ctx) != 1) {
rv = -1;
}
#endif /* HAVE_EVP_MD_CTX_CLEANUP */
OPENSSL_free (x->ctx);
#endif /* !HAVE_EVP_MD_CTX_DESTROY */
x->ctx = NULL;
return (rv);
}
/*
* Generates the mac for the Finished message. Returns the length of the MAC or
* 0 on error.
*/
size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
unsigned char *out)
{
const EVP_MD *md = ssl_handshake_md(s);
unsigned char hash[EVP_MAX_MD_SIZE];
size_t hashlen, ret = 0;
EVP_PKEY *key = NULL;
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashlen))
goto err;
if (str == s->method->ssl3_enc->server_finished_label)
key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
s->server_finished_secret, hashlen);
else
key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
s->client_finished_secret, hashlen);
if (key == NULL
|| ctx == NULL
|| EVP_DigestSignInit(ctx, NULL, md, NULL, key) <= 0
|| EVP_DigestSignUpdate(ctx, hash, hashlen) <= 0
|| EVP_DigestSignFinal(ctx, out, &hashlen) <= 0)
goto err;
ret = hashlen;
err:
EVP_PKEY_free(key);
EVP_MD_CTX_free(ctx);
return ret;
}
static int test_mdc2(void)
{
int testresult = 0;
unsigned char md[MDC2_DIGEST_LENGTH];
EVP_MD_CTX *c;
static char text[] = "Now is the time for all ";
size_t tlen = strlen(text);
# ifdef CHARSET_EBCDIC
ebcdic2ascii(text, text, tlen);
# endif
c = EVP_MD_CTX_new();
if (!TEST_ptr(c)
|| !TEST_true(EVP_DigestInit_ex(c, EVP_mdc2(), NULL))
|| !TEST_true(EVP_DigestUpdate(c, (unsigned char *)text, tlen))
|| !TEST_true(EVP_DigestFinal_ex(c, &(md[0]), NULL))
|| !TEST_mem_eq(md, MDC2_DIGEST_LENGTH, pad1, MDC2_DIGEST_LENGTH)
|| !TEST_true(EVP_DigestInit_ex(c, EVP_mdc2(), NULL)))
goto end;
/* FIXME: use a ctl function? */
((MDC2_CTX *)EVP_MD_CTX_md_data(c))->pad_type = 2;
if (!TEST_true(EVP_DigestUpdate(c, (unsigned char *)text, tlen))
|| !TEST_true(EVP_DigestFinal_ex(c, &(md[0]), NULL))
|| !TEST_mem_eq(md, MDC2_DIGEST_LENGTH, pad2, MDC2_DIGEST_LENGTH))
goto end;
testresult = 1;
end:
EVP_MD_CTX_free(c);
return testresult;
}
unsigned long X509_issuer_and_serial_hash(X509 *a)
{
unsigned long ret = 0;
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
unsigned char md[16];
char *f;
if (ctx == NULL)
goto err;
f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
goto err;
if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f)))
goto err;
OPENSSL_free(f);
if (!EVP_DigestUpdate
(ctx, (unsigned char *)a->cert_info.serialNumber.data,
(unsigned long)a->cert_info.serialNumber.length))
goto err;
if (!EVP_DigestFinal_ex(ctx, &(md[0]), NULL))
goto err;
ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
) & 0xffffffffL;
err:
EVP_MD_CTX_free(ctx);
return (ret);
}
bool OSSLEVPHashAlgorithm::hashUpdate(const ByteString& data)
{
if (!HashAlgorithm::hashUpdate(data))
{
return false;
}
// Continue digesting
if (data.size() == 0)
{
return true;
}
if (!EVP_DigestUpdate(curCTX, (unsigned char*) data.const_byte_str(), data.size()))
{
ERROR_MSG("EVP_DigestUpdate failed");
EVP_MD_CTX_free(curCTX);
curCTX = NULL;
ByteString dummy;
HashAlgorithm::hashFinal(dummy);
return false;
}
return true;
}
// Hashing functions
bool OSSLEVPHashAlgorithm::hashInit()
{
if (!HashAlgorithm::hashInit())
{
return false;
}
// Initialize the context
curCTX = EVP_MD_CTX_new();
if (curCTX == NULL)
{
ERROR_MSG("Failed to allocate space for EVP_MD_CTX");
return false;
}
// Initialize EVP digesting
if (!EVP_DigestInit_ex(curCTX, getEVPHash(), NULL))
{
ERROR_MSG("EVP_DigestInit failed");
EVP_MD_CTX_free(curCTX);
curCTX = NULL;
ByteString dummy;
HashAlgorithm::hashFinal(dummy);
return false;
}
return true;
}
static PyObject *
EVP_hexdigest(EVPobject *self, PyObject *unused)
{
unsigned char digest[EVP_MAX_MD_SIZE];
EVP_MD_CTX *temp_ctx;
unsigned int digest_size;
temp_ctx = EVP_MD_CTX_new();
if (temp_ctx == NULL) {
PyErr_NoMemory();
return NULL;
}
/* Get the raw (binary) digest value */
if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) {
return _setException(PyExc_ValueError);
}
digest_size = EVP_MD_CTX_size(temp_ctx);
if (!EVP_DigestFinal(temp_ctx, digest, NULL)) {
_setException(PyExc_ValueError);
return NULL;
}
EVP_MD_CTX_free(temp_ctx);
return _Py_strhex((const char *)digest, digest_size);
}
/* NOTE: Caller must xfree the signature returned by sig_pp */
extern int
crypto_sign(void * key, char *buffer, int buf_size, char **sig_pp,
unsigned int *sig_size_p)
{
EVP_MD_CTX *ectx;
int rc = SLURM_SUCCESS;
int ksize = EVP_PKEY_size((EVP_PKEY *) key);
/*
* Allocate memory for signature: at most EVP_PKEY_size() bytes
*/
*sig_pp = xmalloc(ksize * sizeof(unsigned char));
ectx = EVP_MD_CTX_new();
EVP_SignInit(ectx, EVP_sha1());
EVP_SignUpdate(ectx, buffer, buf_size);
if (!(EVP_SignFinal(ectx, (unsigned char *)*sig_pp, sig_size_p,
(EVP_PKEY *) key))) {
rc = SLURM_ERROR;
}
EVP_MD_CTX_free(ectx);
return rc;
}
static PyObject *
EVP_digest(EVPobject *self, PyObject *unused)
{
unsigned char digest[EVP_MAX_MD_SIZE];
EVP_MD_CTX *temp_ctx;
PyObject *retval;
unsigned int digest_size;
temp_ctx = EVP_MD_CTX_new();
if (temp_ctx == NULL) {
PyErr_NoMemory();
return NULL;
}
if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) {
return _setException(PyExc_ValueError);
}
digest_size = EVP_MD_CTX_size(temp_ctx);
if (!EVP_DigestFinal(temp_ctx, digest, NULL)) {
_setException(PyExc_ValueError);
return NULL;
}
retval = PyBytes_FromStringAndSize((const char *)digest, digest_size);
EVP_MD_CTX_free(temp_ctx);
return retval;
}
void ssl3_free_digest_list(SSL *s)
{
BIO_free(s->s3->handshake_buffer);
s->s3->handshake_buffer = NULL;
EVP_MD_CTX_free(s->s3->handshake_dgst);
s->s3->handshake_dgst = NULL;
}
void winpr_Digest_Free(WINPR_DIGEST_CTX* ctx)
{
#if defined(WITH_OPENSSL)
EVP_MD_CTX* mdctx = (EVP_MD_CTX*) ctx;
if (mdctx)
{
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
EVP_MD_CTX_destroy(mdctx);
#else
EVP_MD_CTX_free(mdctx);
#endif
}
#elif defined(WITH_MBEDTLS)
mbedtls_md_context_t* mdctx = (mbedtls_md_context_t*) ctx;
if (mdctx)
{
mbedtls_md_free(mdctx);
free(mdctx);
}
#endif
}
static int test_EVP_DigestVerifyInit(void)
{
int ret = 0;
EVP_PKEY *pkey = NULL;
EVP_MD_CTX *md_ctx;
md_ctx = EVP_MD_CTX_new();
pkey = load_example_rsa_key();
if (pkey == NULL ||
!EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey) ||
!EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)) ||
!EVP_DigestVerifyFinal(md_ctx, kSignature, sizeof(kSignature))) {
goto out;
}
ret = 1;
out:
if (!ret) {
ERR_print_errors_fp(stderr);
}
EVP_MD_CTX_free(md_ctx);
EVP_PKEY_free(pkey);
return ret;
}
int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
char *data, EVP_PKEY *pkey)
{
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
const EVP_MD *type;
unsigned char *p, *buf_in = NULL;
int ret = -1, i, inl;
if (ctx == NULL) {
ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);
goto err;
}
i = OBJ_obj2nid(a->algorithm);
type = EVP_get_digestbyname(OBJ_nid2sn(i));
if (type == NULL) {
ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
goto err;
}
if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {
ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
goto err;
}
inl = i2d(data, NULL);
if (inl <= 0) {
ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_INTERNAL_ERROR);
goto err;
}
buf_in = OPENSSL_malloc((unsigned int)inl);
if (buf_in == NULL) {
ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);
goto err;
}
p = buf_in;
i2d(data, &p);
ret = EVP_VerifyInit_ex(ctx, type, NULL)
&& EVP_VerifyUpdate(ctx, (unsigned char *)buf_in, inl);
OPENSSL_clear_free(buf_in, (unsigned int)inl);
if (!ret) {
ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
goto err;
}
ret = -1;
if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data,
(unsigned int)signature->length, pkey) <= 0) {
ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
ret = 0;
goto err;
}
ret = 1;
err:
EVP_MD_CTX_free(ctx);
return ret;
}
void
ssh_digest_free(struct ssh_digest_ctx *ctx)
{
if (ctx == NULL)
return;
EVP_MD_CTX_free(ctx->mdctx);
freezero(ctx, sizeof(*ctx));
}
static void
hsh_free(jose_io_t *io)
{
io_t *i = containerof(io, io_t, io);
jose_io_decref(i->next);
EVP_MD_CTX_free(i->emc);
free(i);
}
int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
size_t *siglen)
{
int sctx = 0, r = 0;
EVP_PKEY_CTX *pctx = ctx->pctx;
if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) {
if (!sigret)
return pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE)
r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
else {
EVP_PKEY_CTX *dctx = EVP_PKEY_CTX_dup(ctx->pctx);
if (!dctx)
return 0;
r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx);
EVP_PKEY_CTX_free(dctx);
}
return r;
}
if (pctx->pmeth->signctx)
sctx = 1;
else
sctx = 0;
if (sigret) {
unsigned char md[EVP_MAX_MD_SIZE];
unsigned int mdlen = 0;
if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) {
if (sctx)
r = ctx->pctx->pmeth->signctx(ctx->pctx, sigret, siglen, ctx);
else
r = EVP_DigestFinal_ex(ctx, md, &mdlen);
} else {
EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
if (tmp_ctx == NULL || !EVP_MD_CTX_copy_ex(tmp_ctx, ctx))
return 0;
if (sctx)
r = tmp_ctx->pctx->pmeth->signctx(tmp_ctx->pctx,
sigret, siglen, tmp_ctx);
else
r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen);
EVP_MD_CTX_free(tmp_ctx);
}
if (sctx || !r)
return r;
if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0)
return 0;
} else {
if (sctx) {
if (pctx->pmeth->signctx(pctx, sigret, siglen, ctx) <= 0)
return 0;
} else {
int s = EVP_MD_size(ctx->digest);
if (s < 0 || EVP_PKEY_sign(pctx, sigret, siglen, NULL, s) <= 0)
return 0;
}
}
return 1;
}
int tls13_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
const char *label, size_t llen,
const unsigned char *context,
size_t contextlen)
{
static const unsigned char exporterlabel[] = "exporter";
unsigned char exportsecret[EVP_MAX_MD_SIZE];
unsigned char hash[EVP_MAX_MD_SIZE], data[EVP_MAX_MD_SIZE];
const EVP_MD *md;
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
unsigned int hashsize, datalen;
int ret = 0;
const SSL_CIPHER *sslcipher;
if (ctx == NULL || !ossl_statem_export_early_allowed(s))
goto err;
if (!s->server && s->max_early_data > 0
&& s->session->ext.max_early_data == 0)
sslcipher = SSL_SESSION_get0_cipher(s->psksession);
else
sslcipher = SSL_SESSION_get0_cipher(s->session);
md = ssl_md(sslcipher->algorithm2);
/*
* Calculate the hash value and store it in |data|. The reason why
* the empty string is used is that the definition of TLS-Exporter
* is like so:
*
* TLS-Exporter(label, context_value, key_length) =
* HKDF-Expand-Label(Derive-Secret(Secret, label, ""),
* "exporter", Hash(context_value), key_length)
*
* Derive-Secret(Secret, Label, Messages) =
* HKDF-Expand-Label(Secret, Label,
* Transcript-Hash(Messages), Hash.length)
*
* Here Transcript-Hash is the cipher suite hash algorithm.
*/
if (EVP_DigestInit_ex(ctx, md, NULL) <= 0
|| EVP_DigestUpdate(ctx, context, contextlen) <= 0
|| EVP_DigestFinal_ex(ctx, hash, &hashsize) <= 0
|| EVP_DigestInit_ex(ctx, md, NULL) <= 0
|| EVP_DigestFinal_ex(ctx, data, &datalen) <= 0
|| !tls13_hkdf_expand(s, md, s->early_exporter_master_secret,
(const unsigned char *)label, llen,
data, datalen, exportsecret, hashsize, 0)
|| !tls13_hkdf_expand(s, md, exportsecret, exporterlabel,
sizeof(exporterlabel) - 1, hash, hashsize,
out, olen, 0))
goto err;
ret = 1;
err:
EVP_MD_CTX_free(ctx);
return ret;
}
int main(int argc, char *argv[])
{
int i, err = 0;
char **P, **R;
static unsigned char buf[1000];
char *p, *r;
EVP_MD_CTX *c;
unsigned char md[SHA_DIGEST_LENGTH];
#ifdef CHARSET_EBCDIC
ebcdic2ascii(test[0], test[0], strlen(test[0]));
ebcdic2ascii(test[1], test[1], strlen(test[1]));
#endif
c = EVP_MD_CTX_new();
P = test;
R = ret;
i = 1;
while (*P != NULL) {
EVP_Digest(*P, strlen((char *)*P), md, NULL, EVP_sha1(), NULL);
p = pt(md);
if (strcmp(p, (char *)*R) != 0) {
printf("error calculating SHA1 on '%s'\n", *P);
printf("got %s instead of %s\n", p, *R);
err++;
} else
printf("test %d ok\n", i);
i++;
R++;
P++;
}
memset(buf, 'a', 1000);
#ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, 1000);
#endif /* CHARSET_EBCDIC */
EVP_DigestInit_ex(c, EVP_sha1(), NULL);
for (i = 0; i < 1000; i++)
EVP_DigestUpdate(c, buf, 1000);
EVP_DigestFinal_ex(c, md, NULL);
p = pt(md);
r = bigret;
if (strcmp(p, r) != 0) {
printf("error calculating SHA1 on 'a' * 1000\n");
printf("got %s instead of %s\n", p, r);
err++;
} else
printf("test 3 ok\n");
#ifdef OPENSSL_SYS_NETWARE
if (err)
printf("ERROR: %d\n", err);
#endif
EVP_MD_CTX_free(c);
EXIT(err);
return (0);
}
static c448_error_t oneshot_hash(uint8_t *out, size_t outlen,
const uint8_t *in, size_t inlen)
{
EVP_MD_CTX *hashctx = EVP_MD_CTX_new();
if (hashctx == NULL)
return C448_FAILURE;
if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL)
|| !EVP_DigestUpdate(hashctx, in, inlen)
|| !EVP_DigestFinalXOF(hashctx, out, outlen)) {
EVP_MD_CTX_free(hashctx);
return C448_FAILURE;
}
EVP_MD_CTX_free(hashctx);
return C448_SUCCESS;
}
static int
ossl_md_init(struct ossl_md_ctx *ctx, const EVP_MD *md)
{
if (ctx->initialized)
EVP_MD_CTX_free(ctx->ossl_md_ctx);
ctx->initialized = 0;
ctx->ossl_md = md;
ctx->ossl_md_ctx = EVP_MD_CTX_new();
if (!EVP_DigestInit(ctx->ossl_md_ctx, md)) {
EVP_MD_CTX_free(ctx->ossl_md_ctx);
ctx->ossl_md_ctx = NULL;
ctx->ossl_md = NULL;
return 0;
}
ctx->initialized = 1;
return 1;
}
static void
io_free(jose_io_t *io)
{
io_t *i = containerof(io, io_t, io);
EVP_MD_CTX_free(i->emc);
json_decref(i->obj);
json_decref(i->sig);
free(i);
}
static int test_EVP_DigestSignInit(void)
{
int ret = 0;
EVP_PKEY *pkey = NULL;
unsigned char *sig = NULL;
size_t sig_len = 0;
EVP_MD_CTX *md_ctx, *md_ctx_verify = NULL;
if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
|| !TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())
|| !TEST_ptr(pkey = load_example_rsa_key()))
goto out;
if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
|| !TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
goto out;
/* Determine the size of the signature. */
if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
|| !TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey)))
goto out;
if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))
|| !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
goto out;
/* Ensure that the signature round-trips. */
if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(),
NULL, pkey))
|| !TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify,
kMsg, sizeof(kMsg)))
|| !TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
goto out;
ret = 1;
out:
EVP_MD_CTX_free(md_ctx);
EVP_MD_CTX_free(md_ctx_verify);
EVP_PKEY_free(pkey);
OPENSSL_free(sig);
return ret;
}
