static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
{
EVP_MD_CTX *m5;
EVP_MD_CTX *s1;
unsigned char buf[16], smd[SHA_DIGEST_LENGTH];
unsigned char c = 'A';
unsigned int i, j, k;
int ret = 0;
#ifdef CHARSET_EBCDIC
c = os_toascii[c]; /* 'A' in ASCII */
#endif
k = 0;
m5 = EVP_MD_CTX_new();
s1 = EVP_MD_CTX_new();
if (m5 == NULL || s1 == NULL) {
SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
goto err;
}
EVP_MD_CTX_set_flags(m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) {
k++;
if (k > sizeof buf) {
/* bug: 'buf' is too small for this ciphersuite */
SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
return 0;
}
for (j = 0; j < k; j++)
buf[j] = c;
c++;
EVP_DigestInit_ex(s1, EVP_sha1(), NULL);
EVP_DigestUpdate(s1, buf, k);
EVP_DigestUpdate(s1, s->session->master_key,
s->session->master_key_length);
EVP_DigestUpdate(s1, s->s3->server_random, SSL3_RANDOM_SIZE);
EVP_DigestUpdate(s1, s->s3->client_random, SSL3_RANDOM_SIZE);
EVP_DigestFinal_ex(s1, smd, NULL);
EVP_DigestInit_ex(m5, EVP_md5(), NULL);
EVP_DigestUpdate(m5, s->session->master_key,
s->session->master_key_length);
EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH);
if ((int)(i + MD5_DIGEST_LENGTH) > num) {
EVP_DigestFinal_ex(m5, smd, NULL);
memcpy(km, smd, (num - i));
} else
EVP_DigestFinal_ex(m5, km, NULL);
km += MD5_DIGEST_LENGTH;
}
OPENSSL_cleanse(smd, sizeof(smd));
ret = 1;
err:
EVP_MD_CTX_free(m5);
EVP_MD_CTX_free(s1);
return ret;
}
static int test_EVP_DigestSignInit(void)
{
int ret = 0;
EVP_PKEY *pkey = NULL;
unsigned char *sig = NULL;
size_t sig_len = 0;
EVP_MD_CTX *md_ctx, *md_ctx_verify;
md_ctx = EVP_MD_CTX_new();
md_ctx_verify = EVP_MD_CTX_new();
if (md_ctx == NULL || md_ctx_verify == NULL)
goto out;
pkey = load_example_rsa_key();
if (pkey == NULL ||
!EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey) ||
!EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))) {
goto out;
}
/* Determine the size of the signature. */
if (!EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) {
goto out;
}
/* Sanity check for testing. */
if (sig_len != (size_t)EVP_PKEY_size(pkey)) {
fprintf(stderr, "sig_len mismatch\n");
goto out;
}
sig = OPENSSL_malloc(sig_len);
if (sig == NULL || !EVP_DigestSignFinal(md_ctx, sig, &sig_len)) {
goto out;
}
/* Ensure that the signature round-trips. */
if (!EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(), NULL, pkey)
|| !EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))
|| !EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)) {
goto out;
}
ret = 1;
out:
if (!ret) {
ERR_print_errors_fp(stderr);
}
EVP_MD_CTX_free(md_ctx);
EVP_MD_CTX_free(md_ctx_verify);
EVP_PKEY_free(pkey);
OPENSSL_free(sig);
return ret;
}
static PyObject *
EVP_digest(EVPobject *self, PyObject *unused)
{
unsigned char digest[EVP_MAX_MD_SIZE];
EVP_MD_CTX *temp_ctx;
PyObject *retval;
unsigned int digest_size;
temp_ctx = EVP_MD_CTX_new();
if (temp_ctx == NULL) {
PyErr_NoMemory();
return NULL;
}
if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) {
return _setException(PyExc_ValueError);
}
digest_size = EVP_MD_CTX_size(temp_ctx);
if (!EVP_DigestFinal(temp_ctx, digest, NULL)) {
_setException(PyExc_ValueError);
return NULL;
}
retval = PyBytes_FromStringAndSize((const char *)digest, digest_size);
EVP_MD_CTX_free(temp_ctx);
return retval;
}
static int hmac_ctx_alloc_mds(HMAC_CTX *ctx)
{
if (ctx->i_ctx == NULL)
ctx->i_ctx = EVP_MD_CTX_new();
if (ctx->i_ctx == NULL)
return 0;
if (ctx->o_ctx == NULL)
ctx->o_ctx = EVP_MD_CTX_new();
if (ctx->o_ctx == NULL)
return 0;
if (ctx->md_ctx == NULL)
ctx->md_ctx = EVP_MD_CTX_new();
if (ctx->md_ctx == NULL)
return 0;
return 1;
}
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
size_t siglen)
{
unsigned char md[EVP_MAX_MD_SIZE];
int r = 0;
unsigned int mdlen = 0;
int vctx = 0;
if (ctx->pctx->pmeth->verifyctx)
vctx = 1;
else
vctx = 0;
if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) {
if (vctx) {
r = ctx->pctx->pmeth->verifyctx(ctx->pctx, sig, siglen, ctx);
} else
r = EVP_DigestFinal_ex(ctx, md, &mdlen);
} else {
EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
if (tmp_ctx == NULL || !EVP_MD_CTX_copy_ex(tmp_ctx, ctx))
return -1;
if (vctx) {
r = tmp_ctx->pctx->pmeth->verifyctx(tmp_ctx->pctx,
sig, siglen, tmp_ctx);
} else
r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen);
EVP_MD_CTX_free(tmp_ctx);
}
if (vctx || !r)
return r;
return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen);
}
static int test_EVP_DigestVerifyInit(void)
{
int ret = 0;
EVP_PKEY *pkey = NULL;
EVP_MD_CTX *md_ctx;
md_ctx = EVP_MD_CTX_new();
pkey = load_example_rsa_key();
if (pkey == NULL ||
!EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey) ||
!EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)) ||
!EVP_DigestVerifyFinal(md_ctx, kSignature, sizeof(kSignature))) {
goto out;
}
ret = 1;
out:
if (!ret) {
ERR_print_errors_fp(stderr);
}
EVP_MD_CTX_free(md_ctx);
EVP_PKEY_free(pkey);
return ret;
}
static int
_md_ctx_create (md_ctx *x)
{
assert (x != NULL);
#if HAVE_EVP_MD_CTX_NEW
/* OpenSSL >= 1.1.0 */
x->ctx = EVP_MD_CTX_new (); /* alloc & init */
#elif HAVE_EVP_MD_CTX_CREATE
/* OpenSSL >= 0.9.7, < 1.1.0 */
x->ctx = EVP_MD_CTX_create (); /* alloc & init */
#else /* !HAVE_EVP_MD_CTX_CREATE */
x->ctx = OPENSSL_malloc (sizeof (EVP_MD_CTX)); /* allocate */
#if HAVE_EVP_MD_CTX_INIT
/* OpenSSL >= 0.9.7, < 1.1.0 */
if (x->ctx != NULL ) {
EVP_MD_CTX_init (x->ctx); /* initialize */
}
#endif /* HAVE_EVP_MD_CTX_INIT */
#endif /* !HAVE_EVP_MD_CTX_CREATE */
if (x->ctx == NULL) {
return (-1);
}
return (0);
}
/*
* Generates the mac for the Finished message. Returns the length of the MAC or
* 0 on error.
*/
size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
unsigned char *out)
{
const EVP_MD *md = ssl_handshake_md(s);
unsigned char hash[EVP_MAX_MD_SIZE];
size_t hashlen, ret = 0;
EVP_PKEY *key = NULL;
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashlen))
goto err;
if (str == s->method->ssl3_enc->server_finished_label)
key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
s->server_finished_secret, hashlen);
else
key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
s->client_finished_secret, hashlen);
if (key == NULL
|| ctx == NULL
|| EVP_DigestSignInit(ctx, NULL, md, NULL, key) <= 0
|| EVP_DigestSignUpdate(ctx, hash, hashlen) <= 0
|| EVP_DigestSignFinal(ctx, out, &hashlen) <= 0)
goto err;
ret = hashlen;
err:
EVP_PKEY_free(key);
EVP_MD_CTX_free(ctx);
return ret;
}
static int test_mdc2(void)
{
int testresult = 0;
unsigned char md[MDC2_DIGEST_LENGTH];
EVP_MD_CTX *c;
static char text[] = "Now is the time for all ";
size_t tlen = strlen(text);
# ifdef CHARSET_EBCDIC
ebcdic2ascii(text, text, tlen);
# endif
c = EVP_MD_CTX_new();
if (!TEST_ptr(c)
|| !TEST_true(EVP_DigestInit_ex(c, EVP_mdc2(), NULL))
|| !TEST_true(EVP_DigestUpdate(c, (unsigned char *)text, tlen))
|| !TEST_true(EVP_DigestFinal_ex(c, &(md[0]), NULL))
|| !TEST_mem_eq(md, MDC2_DIGEST_LENGTH, pad1, MDC2_DIGEST_LENGTH)
|| !TEST_true(EVP_DigestInit_ex(c, EVP_mdc2(), NULL)))
goto end;
/* FIXME: use a ctl function? */
((MDC2_CTX *)EVP_MD_CTX_md_data(c))->pad_type = 2;
if (!TEST_true(EVP_DigestUpdate(c, (unsigned char *)text, tlen))
|| !TEST_true(EVP_DigestFinal_ex(c, &(md[0]), NULL))
|| !TEST_mem_eq(md, MDC2_DIGEST_LENGTH, pad2, MDC2_DIGEST_LENGTH))
goto end;
testresult = 1;
end:
EVP_MD_CTX_free(c);
return testresult;
}
unsigned long X509_issuer_and_serial_hash(X509 *a)
{
unsigned long ret = 0;
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
unsigned char md[16];
char *f;
if (ctx == NULL)
goto err;
f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
goto err;
if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f)))
goto err;
OPENSSL_free(f);
if (!EVP_DigestUpdate
(ctx, (unsigned char *)a->cert_info.serialNumber.data,
(unsigned long)a->cert_info.serialNumber.length))
goto err;
if (!EVP_DigestFinal_ex(ctx, &(md[0]), NULL))
goto err;
ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
) & 0xffffffffL;
err:
EVP_MD_CTX_free(ctx);
return (ret);
}
BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass)
{
unsigned char dig[SHA_DIGEST_LENGTH];
EVP_MD_CTX *ctxt;
unsigned char *cs;
BIGNUM *res = NULL;
if ((s == NULL) || (user == NULL) || (pass == NULL))
return NULL;
ctxt = EVP_MD_CTX_new();
if (ctxt == NULL)
return NULL;
if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL)
goto err;
EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
EVP_DigestUpdate(ctxt, user, strlen(user));
EVP_DigestUpdate(ctxt, ":", 1);
EVP_DigestUpdate(ctxt, pass, strlen(pass));
EVP_DigestFinal_ex(ctxt, dig, NULL);
EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
BN_bn2bin(s, cs);
EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s));
OPENSSL_free(cs);
EVP_DigestUpdate(ctxt, dig, sizeof(dig));
EVP_DigestFinal_ex(ctxt, dig, NULL);
res = BN_bin2bn(dig, sizeof(dig), NULL);
err:
EVP_MD_CTX_free(ctxt);
return res;
}
// Hashing functions
bool OSSLEVPHashAlgorithm::hashInit()
{
if (!HashAlgorithm::hashInit())
{
return false;
}
// Initialize the context
curCTX = EVP_MD_CTX_new();
if (curCTX == NULL)
{
ERROR_MSG("Failed to allocate space for EVP_MD_CTX");
return false;
}
// Initialize EVP digesting
if (!EVP_DigestInit_ex(curCTX, getEVPHash(), NULL))
{
ERROR_MSG("EVP_DigestInit failed");
EVP_MD_CTX_free(curCTX);
curCTX = NULL;
ByteString dummy;
HashAlgorithm::hashFinal(dummy);
return false;
}
return true;
}
int
_libssh2_sha1(const unsigned char *message, unsigned long len,
unsigned char *out)
{
#ifdef HAVE_OPAQUE_STRUCTS
EVP_MD_CTX * ctx = EVP_MD_CTX_new();
if(ctx == NULL)
return 1; /* error */
if(EVP_DigestInit(ctx, EVP_get_digestbyname("sha1"))) {
EVP_DigestUpdate(ctx, message, len);
EVP_DigestFinal(ctx, out, NULL);
EVP_MD_CTX_free(ctx);
return 0; /* success */
}
EVP_MD_CTX_free(ctx);
#else
EVP_MD_CTX ctx;
EVP_MD_CTX_init(&ctx);
if(EVP_DigestInit(&ctx, EVP_get_digestbyname("sha1"))) {
EVP_DigestUpdate(&ctx, message, len);
EVP_DigestFinal(&ctx, out, NULL);
return 0; /* success */
}
#endif
return 1; /* error */
}
void module_sha256_create(struct image *image)
{
image->md = EVP_sha256();
image->mdctx = EVP_MD_CTX_new();
EVP_DigestInit_ex(image->mdctx, image->md, NULL);
}
static jose_io_t *
hsh(const jose_hook_alg_t *alg, jose_cfg_t *cfg, jose_io_t *next)
{
jose_io_auto_t *io = NULL;
const EVP_MD *md = NULL;
io_t *i = NULL;
switch (str2enum(alg->name, "S512", "S384", "S256", "S224", "S1", NULL)) {
case 0: md = EVP_sha512(); break;
case 1: md = EVP_sha384(); break;
case 2: md = EVP_sha256(); break;
case 3: md = EVP_sha224(); break;
case 4: md = EVP_sha1(); break;
}
i = calloc(1, sizeof(*i));
if (!i)
return NULL;
io = jose_io_incref(&i->io);
io->feed = hsh_feed;
io->done = hsh_done;
io->free = hsh_free;
i->next = jose_io_incref(next);
i->emc = EVP_MD_CTX_new();
if (!i->next || !i->emc)
return NULL;
if (EVP_DigestInit(i->emc, md) <= 0)
return NULL;
return jose_io_incref(io);
}
/* NOTE: Caller must xfree the signature returned by sig_pp */
extern int
crypto_sign(void * key, char *buffer, int buf_size, char **sig_pp,
unsigned int *sig_size_p)
{
EVP_MD_CTX *ectx;
int rc = SLURM_SUCCESS;
int ksize = EVP_PKEY_size((EVP_PKEY *) key);
/*
* Allocate memory for signature: at most EVP_PKEY_size() bytes
*/
*sig_pp = xmalloc(ksize * sizeof(unsigned char));
ectx = EVP_MD_CTX_new();
EVP_SignInit(ectx, EVP_sha1());
EVP_SignUpdate(ectx, buffer, buf_size);
if (!(EVP_SignFinal(ectx, (unsigned char *)*sig_pp, sig_size_p,
(EVP_PKEY *) key))) {
rc = SLURM_ERROR;
}
EVP_MD_CTX_free(ectx);
return rc;
}
static PyObject *
EVP_hexdigest(EVPobject *self, PyObject *unused)
{
unsigned char digest[EVP_MAX_MD_SIZE];
EVP_MD_CTX *temp_ctx;
unsigned int digest_size;
temp_ctx = EVP_MD_CTX_new();
if (temp_ctx == NULL) {
PyErr_NoMemory();
return NULL;
}
/* Get the raw (binary) digest value */
if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) {
return _setException(PyExc_ValueError);
}
digest_size = EVP_MD_CTX_size(temp_ctx);
if (!EVP_DigestFinal(temp_ctx, digest, NULL)) {
_setException(PyExc_ValueError);
return NULL;
}
EVP_MD_CTX_free(temp_ctx);
return _Py_strhex((const char *)digest, digest_size);
}
int ssl3_digest_cached_records(SSL *s, int keep)
{
const EVP_MD *md;
long hdatalen;
void *hdata;
if (s->s3->handshake_dgst == NULL) {
hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
if (hdatalen <= 0) {
SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH);
return 0;
}
s->s3->handshake_dgst = EVP_MD_CTX_new();
if (s->s3->handshake_dgst == NULL) {
SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE);
return 0;
}
md = ssl_handshake_md(s);
if ( md == NULL
|| !EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL)
|| !EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen))
{
SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_INTERNAL_ERROR);
return 0;
}
}
if (keep == 0) {
BIO_free(s->s3->handshake_buffer);
s->s3->handshake_buffer = NULL;
}
return 1;
}
EVP_MD_CTX *
md_ctx_new(void)
{
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
check_malloc_return(ctx);
return ctx;
}
/** Low-level signature verification.
* \param key_count Number of keys in the \a keys array
* and number fo signatures in the \a sigs array.
* \param keys Array of keys. The keys must include public key data.
* \param sigs Array of signatures, as returned from gale_crypto_sign_raw().
* \param data Data to verify against signatures.
* \return Nonzero iff the all signatures are valid. */
int gale_crypto_verify_raw(int key_count,
const struct gale_group *keys,
const struct gale_data *sigs,
struct gale_data data)
{
int i,is_valid = 1;
EVP_MD_CTX *context = EVP_MD_CTX_new();
RSA *rsa;
EVP_VerifyInit(context,EVP_md5());
EVP_VerifyUpdate(context,data.p,data.l);
for (i = 0; is_valid && i < key_count; ++i) {
EVP_PKEY *key = EVP_PKEY_new();
EVP_PKEY_assign_RSA(key,RSA_new());
rsa = EVP_PKEY_get0_RSA(key);
crypto_i_rsa(keys[i],rsa);
if (!crypto_i_public_valid(rsa)) {
gale_alert(GALE_WARNING,G_("invalid public key"),0);
is_valid = 0;
goto cleanup;
}
if (!EVP_VerifyFinal(context,sigs[i].p,sigs[i].l,key)) {
crypto_i_error();
is_valid = 0;
goto cleanup;
}
cleanup:
EVP_PKEY_free(key);
}
return is_valid;
}
DIGEST_CTX rpmDigestInit(int hashalgo, rpmDigestFlags flags)
{
DIGEST_CTX ctx = xcalloc(1, sizeof(*ctx));
ctx->md_ctx = EVP_MD_CTX_new();
if (!ctx->md_ctx) {
free(ctx);
return NULL;
}
const EVP_MD *md = getEVPMD(hashalgo);
if (md == EVP_md_null()) {
free(ctx->md_ctx);
free(ctx);
return NULL;
}
ctx->algo = hashalgo;
ctx->flags = flags;
if (!EVP_DigestInit_ex(ctx->md_ctx, md, NULL)) {
free(ctx->md_ctx);
free(ctx);
return NULL;
}
return ctx;
}
int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
char *data, EVP_PKEY *pkey)
{
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
const EVP_MD *type;
unsigned char *p, *buf_in = NULL;
int ret = -1, i, inl;
if (ctx == NULL) {
ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);
goto err;
}
i = OBJ_obj2nid(a->algorithm);
type = EVP_get_digestbyname(OBJ_nid2sn(i));
if (type == NULL) {
ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
goto err;
}
if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {
ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
goto err;
}
inl = i2d(data, NULL);
if (inl <= 0) {
ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_INTERNAL_ERROR);
goto err;
}
buf_in = OPENSSL_malloc((unsigned int)inl);
if (buf_in == NULL) {
ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);
goto err;
}
p = buf_in;
i2d(data, &p);
ret = EVP_VerifyInit_ex(ctx, type, NULL)
&& EVP_VerifyUpdate(ctx, (unsigned char *)buf_in, inl);
OPENSSL_clear_free(buf_in, (unsigned int)inl);
if (!ret) {
ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
goto err;
}
ret = -1;
if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data,
(unsigned int)signature->length, pkey) <= 0) {
ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
ret = 0;
goto err;
}
ret = 1;
err:
EVP_MD_CTX_free(ctx);
return ret;
}
int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
size_t *siglen)
{
int sctx = 0, r = 0;
EVP_PKEY_CTX *pctx = ctx->pctx;
if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) {
if (!sigret)
return pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE)
r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
else {
EVP_PKEY_CTX *dctx = EVP_PKEY_CTX_dup(ctx->pctx);
if (!dctx)
return 0;
r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx);
EVP_PKEY_CTX_free(dctx);
}
return r;
}
if (pctx->pmeth->signctx)
sctx = 1;
else
sctx = 0;
if (sigret) {
unsigned char md[EVP_MAX_MD_SIZE];
unsigned int mdlen = 0;
if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) {
if (sctx)
r = ctx->pctx->pmeth->signctx(ctx->pctx, sigret, siglen, ctx);
else
r = EVP_DigestFinal_ex(ctx, md, &mdlen);
} else {
EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
if (tmp_ctx == NULL || !EVP_MD_CTX_copy_ex(tmp_ctx, ctx))
return 0;
if (sctx)
r = tmp_ctx->pctx->pmeth->signctx(tmp_ctx->pctx,
sigret, siglen, tmp_ctx);
else
r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen);
EVP_MD_CTX_free(tmp_ctx);
}
if (sctx || !r)
return r;
if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0)
return 0;
} else {
if (sctx) {
if (pctx->pmeth->signctx(pctx, sigret, siglen, ctx) <= 0)
return 0;
} else {
int s = EVP_MD_size(ctx->digest);
if (s < 0 || EVP_PKEY_sign(pctx, sigret, siglen, NULL, s) <= 0)
return 0;
}
}
return 1;
}
PKI_MEM * HSM_OPENSSL_sign(PKI_MEM *der, PKI_DIGEST_ALG *digest, PKI_X509_KEYPAIR *key)
{
EVP_MD_CTX *ctx = NULL;
size_t out_size = 0;
size_t ossl_ret = 0;
PKI_MEM *out_mem = NULL;
EVP_PKEY *pkey = NULL;
if (!der || !der->data || !key || !key->value)
{
PKI_ERROR( PKI_ERR_PARAM_NULL, NULL);
return NULL;
}
// Private Key
pkey = key->value;
// Get the Maximum size of a signature
ossl_ret = out_size = (size_t) EVP_PKEY_size(pkey);
// Initialize the return structure
out_mem = PKI_MEM_new ((size_t)out_size);
ctx = EVP_MD_CTX_new();
if (!out_mem || !ctx) {
if (ctx) EVP_MD_CTX_free(ctx);
if (out_mem) PKI_MEM_free(out_mem);
PKI_ERROR( PKI_ERR_MEMORY_ALLOC, NULL);
return NULL;
}
EVP_MD_CTX_init(ctx);
EVP_SignInit_ex(ctx, digest, NULL);
EVP_SignUpdate (ctx, der->data, der->size);
// Finalize the signature
if (!EVP_SignFinal(ctx, out_mem->data, (unsigned int *) &ossl_ret, pkey))
{
PKI_log_err("ERROR while finalizing signature (%s)",
HSM_OPENSSL_get_errdesc(HSM_OPENSSL_get_errno(), NULL, 0));
PKI_MEM_free(out_mem);
out_mem = NULL;
}
else out_mem->size = (size_t) ossl_ret;
// Cleanup the context
#if OPENSSL_VERSION_NUMBER <= 0x1010000f
EVP_MD_CTX_cleanup(ctx);
#else
EVP_MD_CTX_reset(ctx);
#endif
EVP_MD_CTX_free(ctx);
return out_mem;
}
int tls13_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
const char *label, size_t llen,
const unsigned char *context,
size_t contextlen)
{
static const unsigned char exporterlabel[] = "exporter";
unsigned char exportsecret[EVP_MAX_MD_SIZE];
unsigned char hash[EVP_MAX_MD_SIZE], data[EVP_MAX_MD_SIZE];
const EVP_MD *md;
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
unsigned int hashsize, datalen;
int ret = 0;
const SSL_CIPHER *sslcipher;
if (ctx == NULL || !ossl_statem_export_early_allowed(s))
goto err;
if (!s->server && s->max_early_data > 0
&& s->session->ext.max_early_data == 0)
sslcipher = SSL_SESSION_get0_cipher(s->psksession);
else
sslcipher = SSL_SESSION_get0_cipher(s->session);
md = ssl_md(sslcipher->algorithm2);
/*
* Calculate the hash value and store it in |data|. The reason why
* the empty string is used is that the definition of TLS-Exporter
* is like so:
*
* TLS-Exporter(label, context_value, key_length) =
* HKDF-Expand-Label(Derive-Secret(Secret, label, ""),
* "exporter", Hash(context_value), key_length)
*
* Derive-Secret(Secret, Label, Messages) =
* HKDF-Expand-Label(Secret, Label,
* Transcript-Hash(Messages), Hash.length)
*
* Here Transcript-Hash is the cipher suite hash algorithm.
*/
if (EVP_DigestInit_ex(ctx, md, NULL) <= 0
|| EVP_DigestUpdate(ctx, context, contextlen) <= 0
|| EVP_DigestFinal_ex(ctx, hash, &hashsize) <= 0
|| EVP_DigestInit_ex(ctx, md, NULL) <= 0
|| EVP_DigestFinal_ex(ctx, data, &datalen) <= 0
|| !tls13_hkdf_expand(s, md, s->early_exporter_master_secret,
(const unsigned char *)label, llen,
data, datalen, exportsecret, hashsize, 0)
|| !tls13_hkdf_expand(s, md, exportsecret, exporterlabel,
sizeof(exporterlabel) - 1, hash, hashsize,
out, olen, 0))
goto err;
ret = 1;
err:
EVP_MD_CTX_free(ctx);
return ret;
}
int main(int argc, char *argv[])
{
int i, err = 0;
char **P, **R;
static unsigned char buf[1000];
char *p, *r;
EVP_MD_CTX *c;
unsigned char md[SHA_DIGEST_LENGTH];
#ifdef CHARSET_EBCDIC
ebcdic2ascii(test[0], test[0], strlen(test[0]));
ebcdic2ascii(test[1], test[1], strlen(test[1]));
#endif
c = EVP_MD_CTX_new();
P = test;
R = ret;
i = 1;
while (*P != NULL) {
EVP_Digest(*P, strlen((char *)*P), md, NULL, EVP_sha1(), NULL);
p = pt(md);
if (strcmp(p, (char *)*R) != 0) {
printf("error calculating SHA1 on '%s'\n", *P);
printf("got %s instead of %s\n", p, *R);
err++;
} else
printf("test %d ok\n", i);
i++;
R++;
P++;
}
memset(buf, 'a', 1000);
#ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, 1000);
#endif /* CHARSET_EBCDIC */
EVP_DigestInit_ex(c, EVP_sha1(), NULL);
for (i = 0; i < 1000; i++)
EVP_DigestUpdate(c, buf, 1000);
EVP_DigestFinal_ex(c, md, NULL);
p = pt(md);
r = bigret;
if (strcmp(p, r) != 0) {
printf("error calculating SHA1 on 'a' * 1000\n");
printf("got %s instead of %s\n", p, r);
err++;
} else
printf("test 3 ok\n");
#ifdef OPENSSL_SYS_NETWARE
if (err)
printf("ERROR: %d\n", err);
#endif
EVP_MD_CTX_free(c);
EXIT(err);
return (0);
}
static int test_EVP_DigestSignInit(void)
{
int ret = 0;
EVP_PKEY *pkey = NULL;
unsigned char *sig = NULL;
size_t sig_len = 0;
EVP_MD_CTX *md_ctx, *md_ctx_verify = NULL;
if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
|| !TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())
|| !TEST_ptr(pkey = load_example_rsa_key()))
goto out;
if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
|| !TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
goto out;
/* Determine the size of the signature. */
if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
|| !TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey)))
goto out;
if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))
|| !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
goto out;
/* Ensure that the signature round-trips. */
if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(),
NULL, pkey))
|| !TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify,
kMsg, sizeof(kMsg)))
|| !TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
goto out;
ret = 1;
out:
EVP_MD_CTX_free(md_ctx);
EVP_MD_CTX_free(md_ctx_verify);
EVP_PKEY_free(pkey);
OPENSSL_free(sig);
return ret;
}
void evp(int nid, unsigned char *digest, int len, unsigned char *hash, unsigned int *hlen)
{
const EVP_MD *evp_md = nid_to_evpmd(nid);
EVP_MD_CTX *md = EVP_MD_CTX_new();
EVP_DigestInit(md, evp_md);
EVP_DigestUpdate(md, digest, len);
EVP_DigestFinal(md, hash, hlen);
EVP_MD_CTX_free(md);
}
void CC_EVP(const EVP_MD *evp, uint32_t mlen, const void *data, uint32_t len, unsigned char *md)
{
unsigned int mdlen = mlen;
EVP_MD_CTX* c = EVP_MD_CTX_new();
EVP_MD_CTX_reset(c);
EVP_DigestInit(c, evp);
EVP_DigestUpdate(c, data, len);
EVP_DigestFinal(c, md, &mdlen);
EVP_MD_CTX_free(c);
}
int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
size_t len, size_t *secret_size)
{
static const unsigned char *salt[3] = {
#ifndef CHARSET_EBCDIC
(const unsigned char *)"A",
(const unsigned char *)"BB",
(const unsigned char *)"CCC",
#else
(const unsigned char *)"\x41",
(const unsigned char *)"\x42\x42",
(const unsigned char *)"\x43\x43\x43",
#endif
};
unsigned char buf[EVP_MAX_MD_SIZE];
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
int i, ret = 1;
unsigned int n;
size_t ret_secret_size = 0;
if (ctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_MASTER_SECRET,
ERR_R_MALLOC_FAILURE);
return 0;
}
for (i = 0; i < 3; i++) {
if (EVP_DigestInit_ex(ctx, s->ctx->sha1, NULL) <= 0
|| EVP_DigestUpdate(ctx, salt[i],
strlen((const char *)salt[i])) <= 0
|| EVP_DigestUpdate(ctx, p, len) <= 0
|| EVP_DigestUpdate(ctx, &(s->s3->client_random[0]),
SSL3_RANDOM_SIZE) <= 0
|| EVP_DigestUpdate(ctx, &(s->s3->server_random[0]),
SSL3_RANDOM_SIZE) <= 0
/* TODO(size_t) : convert me */
|| EVP_DigestFinal_ex(ctx, buf, &n) <= 0
|| EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0
|| EVP_DigestUpdate(ctx, p, len) <= 0
|| EVP_DigestUpdate(ctx, buf, n) <= 0
|| EVP_DigestFinal_ex(ctx, out, &n) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
ret = 0;
break;
}
out += n;
ret_secret_size += n;
}
EVP_MD_CTX_free(ctx);
OPENSSL_cleanse(buf, sizeof(buf));
if (ret)
*secret_size = ret_secret_size;
return ret;
}