本文整理汇总了C++中EVP_MD_CTX_cleanup函数的典型用法代码示例。如果您正苦于以下问题:C++ EVP_MD_CTX_cleanup函数的具体用法?C++ EVP_MD_CTX_cleanup怎么用?C++ EVP_MD_CTX_cleanup使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了EVP_MD_CTX_cleanup函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: EVP_SignFinal
int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
unsigned int *siglen, EVP_PKEY *pkey)
{
unsigned char m[EVP_MAX_MD_SIZE];
unsigned int m_len = 0;
int i = 0, ok = 0, v = 0;
EVP_PKEY_CTX *pkctx = NULL;
*siglen = 0;
if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) {
if (!EVP_DigestFinal_ex(ctx, m, &m_len))
goto err;
} else {
int rv = 0;
EVP_MD_CTX tmp_ctx;
EVP_MD_CTX_init(&tmp_ctx);
rv = EVP_MD_CTX_copy_ex(&tmp_ctx, ctx);
if (rv)
rv = EVP_DigestFinal_ex(&tmp_ctx, m, &m_len);
EVP_MD_CTX_cleanup(&tmp_ctx);
if (!rv)
return 0;
}
if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) {
size_t sltmp = (size_t)EVP_PKEY_size(pkey);
i = 0;
pkctx = EVP_PKEY_CTX_new(pkey, NULL);
if (!pkctx)
goto err;
if (EVP_PKEY_sign_init(pkctx) <= 0)
goto err;
if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
goto err;
if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
goto err;
*siglen = sltmp;
i = 1;
err:
EVP_PKEY_CTX_free(pkctx);
return i;
}
for (i = 0; i < 4; i++) {
v = ctx->digest->required_pkey_type[i];
if (v == 0)
break;
if (pkey->type == v) {
ok = 1;
break;
}
}
if (!ok) {
EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE);
return (0);
}
if (ctx->digest->sign == NULL) {
EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_NO_SIGN_FUNCTION_CONFIGURED);
return (0);
}
return ctx->digest->sign(ctx->digest->type, m, m_len, sigret, siglen,
pkey->pkey.ptr);
}示例2: ssl3_change_cipher_state
//.........这里部分代码省略.........
else
/* make sure it's intialized in case we exit later with an error */
EVP_CIPHER_CTX_init(s->enc_write_ctx);
dd= s->enc_write_ctx;
ssl_replace_hash(&s->write_hash,m);
#ifndef OPENSSL_NO_COMP
/* COMPRESS */
if (s->compress != NULL)
{
COMP_CTX_free(s->compress);
s->compress=NULL;
}
if (comp != NULL)
{
s->compress=COMP_CTX_new(comp);
if (s->compress == NULL)
{
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err2;
}
}
#endif
memset(&(s->s3->write_sequence[0]),0,8);
mac_secret= &(s->s3->write_mac_secret[0]);
}
if (reuse_dd)
EVP_CIPHER_CTX_cleanup(dd);
p=s->s3->tmp.key_block;
i=EVP_MD_size(m);
if (i < 0)
goto err2;
cl=EVP_CIPHER_key_length(c);
j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
/* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */
k=EVP_CIPHER_iv_length(c);
if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
(which == SSL3_CHANGE_CIPHER_SERVER_READ))
{
ms= &(p[ 0]); n=i+i;
key= &(p[ n]); n+=j+j;
iv= &(p[ n]); n+=k+k;
er1= &(s->s3->client_random[0]);
er2= &(s->s3->server_random[0]);
}
else
{
n=i;
ms= &(p[ n]); n+=i+j;
key= &(p[ n]); n+=j+k;
iv= &(p[ n]); n+=k;
er1= &(s->s3->server_random[0]);
er2= &(s->s3->client_random[0]);
}
if (n > s->s3->tmp.key_block_length)
{
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR);
goto err2;
}
EVP_MD_CTX_init(&md);
memcpy(mac_secret,ms,i);
if (is_exp)
{
/* In here I set both the read and write key/iv to the
* same value since only the correct one will be used :-).
*/
EVP_DigestInit_ex(&md,EVP_md5(), NULL);
EVP_DigestUpdate(&md,key,j);
EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE);
EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE);
EVP_DigestFinal_ex(&md,&(exp_key[0]),NULL);
key= &(exp_key[0]);
if (k > 0)
{
EVP_DigestInit_ex(&md,EVP_md5(), NULL);
EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE);
EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE);
EVP_DigestFinal_ex(&md,&(exp_iv[0]),NULL);
iv= &(exp_iv[0]);
}
}
s->session->key_arg_length=0;
EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key));
OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv));
EVP_MD_CTX_cleanup(&md);
return(1);
err:
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
err2:
return(0);
}示例3: RSA_padding_add_PKCS1_PSS
int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
const unsigned char *mHash,
const EVP_MD *Hash, int sLen)
{
int i;
int ret = 0;
int hLen, maskedDBLen, MSBits, emLen;
unsigned char *H, *salt = NULL, *p;
EVP_MD_CTX ctx;
hLen = EVP_MD_size(Hash);
if (hLen < 0)
goto err;
/*
* Negative sLen has special meanings:
* -1 sLen == hLen
* -2 salt length is maximized
* -N reserved
*/
if (sLen == -1) sLen = hLen;
else if (sLen == -2) sLen = -2;
else if (sLen < -2)
{
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
goto err;
}
MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
emLen = RSA_size(rsa);
if (MSBits == 0)
{
*EM++ = 0;
emLen--;
}
if (sLen == -2)
{
sLen = emLen - hLen - 2;
}
else if (emLen < (hLen + sLen + 2))
{
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS,
RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
goto err;
}
if (sLen > 0)
{
salt = (unsigned char*)OPENSSL_malloc(sLen);
if (!salt)
{
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS,
ERR_R_MALLOC_FAILURE);
goto err;
}
if (RAND_bytes(salt, sLen) <= 0)
goto err;
}
maskedDBLen = emLen - hLen - 1;
H = EM + maskedDBLen;
EVP_MD_CTX_init(&ctx);
EVP_DigestInit_ex(&ctx, Hash, NULL);
EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes);
EVP_DigestUpdate(&ctx, mHash, hLen);
if (sLen)
EVP_DigestUpdate(&ctx, salt, sLen);
EVP_DigestFinal(&ctx, H, NULL);
EVP_MD_CTX_cleanup(&ctx);
/* Generate dbMask in place then perform XOR on it */
if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash))
goto err;
p = EM;
/* Initial PS XORs with all zeroes which is a NOP so just update
* pointer. Note from a test above this value is guaranteed to
* be non-negative.
*/
p += emLen - sLen - hLen - 2;
*p++ ^= 0x1;
if (sLen > 0)
{
for (i = 0; i < sLen; i++)
*p++ ^= salt[i];
}
if (MSBits)
EM[0] &= 0xFF >> (8 - MSBits);
/* H is already in place so just set final 0xbc */
EM[emLen - 1] = 0xbc;
ret = 1;
err:
if (salt)
OPENSSL_free(salt);
return ret;
}示例4: ssl3_handshake_mac
static int ssl3_handshake_mac(SSL *s, int md_nid, const char *sender, int len,
uint8_t *p) {
unsigned int ret;
int npad, n;
unsigned int i;
uint8_t md_buf[EVP_MAX_MD_SIZE];
EVP_MD_CTX ctx, *d = NULL;
if (s->s3->handshake_buffer &&
!ssl3_digest_cached_records(s, free_handshake_buffer)) {
return 0;
}
/* Search for digest of specified type in the handshake_dgst array. */
for (i = 0; i < SSL_MAX_DIGEST; i++) {
if (s->s3->handshake_dgst[i] &&
EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) {
d = s->s3->handshake_dgst[i];
break;
}
}
if (!d) {
OPENSSL_PUT_ERROR(SSL, ssl3_handshake_mac, SSL_R_NO_REQUIRED_DIGEST);
return 0;
}
EVP_MD_CTX_init(&ctx);
if (!EVP_MD_CTX_copy_ex(&ctx, d)) {
EVP_MD_CTX_cleanup(&ctx);
OPENSSL_PUT_ERROR(SSL, ssl3_handshake_mac, ERR_LIB_EVP);
return 0;
}
n = EVP_MD_CTX_size(&ctx);
if (n < 0) {
return 0;
}
npad = (48 / n) * n;
if (sender != NULL) {
EVP_DigestUpdate(&ctx, sender, len);
}
EVP_DigestUpdate(&ctx, s->session->master_key, s->session->master_key_length);
EVP_DigestUpdate(&ctx, ssl3_pad_1, npad);
EVP_DigestFinal_ex(&ctx, md_buf, &i);
if (!EVP_DigestInit_ex(&ctx, EVP_MD_CTX_md(&ctx), NULL)) {
EVP_MD_CTX_cleanup(&ctx);
OPENSSL_PUT_ERROR(SSL, ssl3_handshake_mac, ERR_LIB_EVP);
return 0;
}
EVP_DigestUpdate(&ctx, s->session->master_key, s->session->master_key_length);
EVP_DigestUpdate(&ctx, ssl3_pad_2, npad);
EVP_DigestUpdate(&ctx, md_buf, i);
EVP_DigestFinal_ex(&ctx, p, &ret);
EVP_MD_CTX_cleanup(&ctx);
return ret;
}示例5: EVP_BytesToKey
int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
const unsigned char *salt, const unsigned char *data, int datal,
int count, unsigned char *key, unsigned char *iv)
{
EVP_MD_CTX c;
unsigned char md_buf[EVP_MAX_MD_SIZE];
int niv,nkey,addmd=0;
unsigned int mds=0,i;
nkey=type->key_len;
niv=type->iv_len;
OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);
if (data == NULL) return(nkey);
EVP_MD_CTX_init(&c);
for (;;)
{
EVP_DigestInit_ex(&c,md, NULL);
if (addmd++)
EVP_DigestUpdate(&c,&(md_buf[0]),mds);
EVP_DigestUpdate(&c,data,datal);
if (salt != NULL)
EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN);
EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
for (i=1; i<(unsigned int)count; i++)
{
EVP_DigestInit_ex(&c,md, NULL);
EVP_DigestUpdate(&c,&(md_buf[0]),mds);
EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
}
i=0;
if (nkey)
{
for (;;)
{
if (nkey == 0) break;
if (i == mds) break;
if (key != NULL)
*(key++)=md_buf[i];
nkey--;
i++;
}
}
if (niv && (i != mds))
{
for (;;)
{
if (niv == 0) break;
if (i == mds) break;
if (iv != NULL)
*(iv++)=md_buf[i];
niv--;
i++;
}
}
if ((nkey == 0) && (niv == 0)) break;
}
EVP_MD_CTX_cleanup(&c);
OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
return(type->key_len);
}示例6: tls1_P_hash
/* seed1 through seed5 are virtually concatenated */
static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
int sec_len,
const void *seed1, int seed1_len,
const void *seed2, int seed2_len,
const void *seed3, int seed3_len,
const void *seed4, int seed4_len,
const void *seed5, int seed5_len,
unsigned char *out, int olen)
{
int chunk;
size_t j;
EVP_MD_CTX ctx, ctx_tmp, ctx_init;
EVP_PKEY *mac_key;
unsigned char A1[EVP_MAX_MD_SIZE];
size_t A1_len;
int ret = 0;
chunk=EVP_MD_size(md);
OPENSSL_assert(chunk >= 0);
EVP_MD_CTX_init(&ctx);
EVP_MD_CTX_init(&ctx_tmp);
EVP_MD_CTX_init(&ctx_init);
EVP_MD_CTX_set_flags(&ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
if (!mac_key)
goto err;
if (!EVP_DigestSignInit(&ctx_init,NULL,md, NULL, mac_key))
goto err;
if (!EVP_MD_CTX_copy_ex(&ctx,&ctx_init))
goto err;
if (seed1 && !EVP_DigestSignUpdate(&ctx,seed1,seed1_len))
goto err;
if (seed2 && !EVP_DigestSignUpdate(&ctx,seed2,seed2_len))
goto err;
if (seed3 && !EVP_DigestSignUpdate(&ctx,seed3,seed3_len))
goto err;
if (seed4 && !EVP_DigestSignUpdate(&ctx,seed4,seed4_len))
goto err;
if (seed5 && !EVP_DigestSignUpdate(&ctx,seed5,seed5_len))
goto err;
if (!EVP_DigestSignFinal(&ctx,A1,&A1_len))
goto err;
for (;;)
{
/* Reinit mac contexts */
if (!EVP_MD_CTX_copy_ex(&ctx,&ctx_init))
goto err;
if (!EVP_DigestSignUpdate(&ctx,A1,A1_len))
goto err;
if (olen>chunk && !EVP_MD_CTX_copy_ex(&ctx_tmp,&ctx))
goto err;
if (seed1 && !EVP_DigestSignUpdate(&ctx,seed1,seed1_len))
goto err;
if (seed2 && !EVP_DigestSignUpdate(&ctx,seed2,seed2_len))
goto err;
if (seed3 && !EVP_DigestSignUpdate(&ctx,seed3,seed3_len))
goto err;
if (seed4 && !EVP_DigestSignUpdate(&ctx,seed4,seed4_len))
goto err;
if (seed5 && !EVP_DigestSignUpdate(&ctx,seed5,seed5_len))
goto err;
if (olen > chunk)
{
if (!EVP_DigestSignFinal(&ctx,out,&j))
goto err;
out+=j;
olen-=j;
/* calc the next A1 value */
if (!EVP_DigestSignFinal(&ctx_tmp,A1,&A1_len))
goto err;
}
else /* last one */
{
if (!EVP_DigestSignFinal(&ctx,A1,&A1_len))
goto err;
memcpy(out,A1,olen);
break;
}
}
ret = 1;
err:
EVP_PKEY_free(mac_key);
EVP_MD_CTX_cleanup(&ctx);
EVP_MD_CTX_cleanup(&ctx_tmp);
EVP_MD_CTX_cleanup(&ctx_init);
OPENSSL_cleanse(A1,sizeof(A1));
return ret;
}示例7: PKCS7_dataFinal
//.........这里部分代码省略.........
}
/* If detached data then the content is excluded */
if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
{
M_ASN1_OCTET_STRING_free(os);
p7->d.digest->contents->d.data = NULL;
}
break;
default:
PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
goto err;
}
if (si_sk != NULL)
{
for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++)
{
si=sk_PKCS7_SIGNER_INFO_value(si_sk,i);
if (si->pkey == NULL)
continue;
j = OBJ_obj2nid(si->digest_alg->algorithm);
btmp=bio;
btmp = PKCS7_find_digest(&mdc, btmp, j);
if (btmp == NULL)
goto err;
/* We now have the EVP_MD_CTX, lets do the
* signing. */
if (!EVP_MD_CTX_copy_ex(&ctx_tmp,mdc))
goto err;
sk=si->auth_attr;
/* If there are attributes, we add the digest
* attribute and only sign the attributes */
if (sk_X509_ATTRIBUTE_num(sk) > 0)
{
if (!do_pkcs7_signed_attrib(si, &ctx_tmp))
goto err;
}
else
{
unsigned char *abuf = NULL;
unsigned int abuflen;
abuflen = EVP_PKEY_size(si->pkey);
abuf = malloc(abuflen);
if (!abuf)
goto err;
if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen,
si->pkey))
{
PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
ERR_R_EVP_LIB);
goto err;
}
ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
}
}
}
else if (i == NID_pkcs7_digest)
{
unsigned char md_data[EVP_MAX_MD_SIZE];
unsigned int md_len;
if (!PKCS7_find_digest(&mdc, bio,
OBJ_obj2nid(p7->d.digest->md->algorithm)))
goto err;
if (!EVP_DigestFinal_ex(mdc,md_data,&md_len))
goto err;
M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
}
if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF))
{
char *cont;
long contlen;
btmp=BIO_find_type(bio,BIO_TYPE_MEM);
if (btmp == NULL)
{
PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
goto err;
}
contlen = BIO_get_mem_data(btmp, &cont);
/* Mark the BIO read only then we can use its copy of the data
* instead of making an extra copy.
*/
BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
BIO_set_mem_eof_return(btmp, 0);
ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
}
ret=1;
err:
EVP_MD_CTX_cleanup(&ctx_tmp);
return(ret);
}示例8: ASN1_item_verify
int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,
void *asn, EVP_PKEY *pkey)
{
EVP_MD_CTX ctx;
const EVP_MD *type = NULL;
unsigned char *buf_in=NULL;
int ret= -1,inl;
int mdnid, pknid;
if (!pkey)
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
return -1;
}
if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
return -1;
}
EVP_MD_CTX_init(&ctx);
/* Convert signature OID into digest and public key OIDs */
if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid))
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
goto err;
}
type=EVP_get_digestbynid(mdnid);
if (type == NULL)
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
goto err;
}
/* Check public key OID matches public key type */
if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id)
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE);
goto err;
}
if (!EVP_VerifyInit_ex(&ctx,type, NULL))
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
ret=0;
goto err;
}
inl = ASN1_item_i2d(asn, &buf_in, it);
if (buf_in == NULL)
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE);
goto err;
}
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
OPENSSL_cleanse(buf_in,(unsigned int)inl);
OPENSSL_free(buf_in);
if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
(unsigned int)signature->length,pkey) <= 0)
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
ret=0;
goto err;
}
/* we don't need to zero the 'ctx' because we just checked
* public information */
/* memset(&ctx,0,sizeof(ctx)); */
ret=1;
err:
EVP_MD_CTX_cleanup(&ctx);
return(ret);
}示例9: ldns_sign_public_evp
ldns_rdf *
ldns_sign_public_evp(ldns_buffer *to_sign,
EVP_PKEY *key,
const EVP_MD *digest_type)
{
unsigned int siglen;
ldns_rdf *sigdata_rdf;
ldns_buffer *b64sig;
EVP_MD_CTX ctx;
const EVP_MD *md_type;
int r;
siglen = 0;
b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN);
if (!b64sig) {
return NULL;
}
/* initializes a signing context */
md_type = digest_type;
if(!md_type) {
/* unknown message difest */
ldns_buffer_free(b64sig);
return NULL;
}
EVP_MD_CTX_init(&ctx);
r = EVP_SignInit(&ctx, md_type);
if(r == 1) {
r = EVP_SignUpdate(&ctx, (unsigned char*)
ldns_buffer_begin(to_sign),
ldns_buffer_position(to_sign));
} else {
ldns_buffer_free(b64sig);
return NULL;
}
if(r == 1) {
r = EVP_SignFinal(&ctx, (unsigned char*)
ldns_buffer_begin(b64sig), &siglen, key);
} else {
ldns_buffer_free(b64sig);
return NULL;
}
if(r != 1) {
ldns_buffer_free(b64sig);
return NULL;
}
/* unfortunately, OpenSSL output is differenct from DNS DSA format */
#ifndef S_SPLINT_S
if (EVP_PKEY_type(key->type) == EVP_PKEY_DSA) {
sigdata_rdf = ldns_convert_dsa_rrsig_asn12rdf(b64sig, siglen);
#ifdef USE_ECDSA
} else if(EVP_PKEY_type(key->type) == EVP_PKEY_EC &&
ldns_pkey_is_ecdsa(key)) {
sigdata_rdf = ldns_convert_ecdsa_rrsig_asn12rdf(b64sig, siglen);
#endif
} else {
/* ok output for other types is the same */
sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen,
ldns_buffer_begin(b64sig));
}
#endif /* splint */
ldns_buffer_free(b64sig);
EVP_MD_CTX_cleanup(&ctx);
return sigdata_rdf;
}示例10: EVP_MD_CTX_destroy
void
EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
{
EVP_MD_CTX_cleanup(ctx);
OPENSSL_free(ctx);
}示例11: rsa_sign_with_key
static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo,
const struct image_region region[], int region_count,
uint8_t **sigp, uint *sig_size)
{
EVP_PKEY *key;
EVP_MD_CTX *context;
int size, ret = 0;
uint8_t *sig;
int i;
key = EVP_PKEY_new();
if (!key)
return rsa_err("EVP_PKEY object creation failed");
if (!EVP_PKEY_set1_RSA(key, rsa)) {
ret = rsa_err("EVP key setup failed");
goto err_set;
}
size = EVP_PKEY_size(key);
sig = malloc(size);
if (!sig) {
fprintf(stderr, "Out of memory for signature (%d bytes)\n",
size);
ret = -ENOMEM;
goto err_alloc;
}
context = EVP_MD_CTX_create();
if (!context) {
ret = rsa_err("EVP context creation failed");
goto err_create;
}
EVP_MD_CTX_init(context);
if (!EVP_SignInit(context, checksum_algo->calculate_sign())) {
ret = rsa_err("Signer setup failed");
goto err_sign;
}
for (i = 0; i < region_count; i++) {
if (!EVP_SignUpdate(context, region[i].data, region[i].size)) {
ret = rsa_err("Signing data failed");
goto err_sign;
}
}
if (!EVP_SignFinal(context, sig, sig_size, key)) {
ret = rsa_err("Could not obtain signature");
goto err_sign;
}
EVP_MD_CTX_cleanup(context);
EVP_MD_CTX_destroy(context);
EVP_PKEY_free(key);
debug("Got signature: %d bytes, expected %d\n", *sig_size, size);
*sigp = sig;
*sig_size = size;
return 0;
err_sign:
EVP_MD_CTX_destroy(context);
err_create:
free(sig);
err_alloc:
err_set:
EVP_PKEY_free(key);
return ret;
}示例12: ssl3_handshake_mac
static int ssl3_handshake_mac(SSL *ssl, int md_nid, const char *sender,
size_t sender_len, uint8_t *p) {
unsigned int ret;
size_t npad, n;
unsigned int i;
uint8_t md_buf[EVP_MAX_MD_SIZE];
EVP_MD_CTX ctx;
const EVP_MD_CTX *ctx_template;
if (md_nid == NID_md5) {
ctx_template = &ssl->s3->handshake_md5;
} else if (md_nid == EVP_MD_CTX_type(&ssl->s3->handshake_hash)) {
ctx_template = &ssl->s3->handshake_hash;
} else {
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_REQUIRED_DIGEST);
return 0;
}
EVP_MD_CTX_init(&ctx);
if (!EVP_MD_CTX_copy_ex(&ctx, ctx_template)) {
EVP_MD_CTX_cleanup(&ctx);
OPENSSL_PUT_ERROR(SSL, ERR_LIB_EVP);
return 0;
}
static const uint8_t kPad1[48] = {
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
};
static const uint8_t kPad2[48] = {
0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
};
n = EVP_MD_CTX_size(&ctx);
npad = (48 / n) * n;
if (sender != NULL) {
EVP_DigestUpdate(&ctx, sender, sender_len);
}
EVP_DigestUpdate(&ctx, ssl->session->master_key,
ssl->session->master_key_length);
EVP_DigestUpdate(&ctx, kPad1, npad);
EVP_DigestFinal_ex(&ctx, md_buf, &i);
if (!EVP_DigestInit_ex(&ctx, EVP_MD_CTX_md(&ctx), NULL)) {
EVP_MD_CTX_cleanup(&ctx);
OPENSSL_PUT_ERROR(SSL, ERR_LIB_EVP);
return 0;
}
EVP_DigestUpdate(&ctx, ssl->session->master_key,
ssl->session->master_key_length);
EVP_DigestUpdate(&ctx, kPad2, npad);
EVP_DigestUpdate(&ctx, md_buf, i);
EVP_DigestFinal_ex(&ctx, p, &ret);
EVP_MD_CTX_cleanup(&ctx);
return ret;
}示例13: ssl3_free_handshake_hash
void ssl3_free_handshake_hash(SSL *ssl) {
EVP_MD_CTX_cleanup(&ssl->s3->handshake_hash);
EVP_MD_CTX_cleanup(&ssl->s3->handshake_md5);
}示例14: execProtect
char execProtect()
{
static int callable = 0;
if (!callable)
{
FILE * fp = fopen("auth.dat", "r");
if (fp == NULL)
{
fprintf(stderr, "Failed to open autherisation file\n");
lock_fail();
return 0;
}
size_t s = 0;
char b[BUFSIZ];
int len;
if ((len = fread(b, sizeof(char), BUFSIZ, fp)) <= 0)
{
fprintf(stderr, "Failed to read encrypted file\n");
lock_fail();
return 0;
}
FILE *pfp = fmemopen(pubkey, strlen(pubkey), "r");
if (pfp == NULL)
{
fprintf(stderr, "Failed to read internal memory\n");
lock_fail();
return 0;
}
RSA *pub_key = NULL;
PEM_read_RSA_PUBKEY(pfp,&pub_key, NULL, NULL);
if(pub_key == NULL)
{
fprintf(stderr, "Failed to read public key\n");
lock_fail();
return 0;
}
char dcrpt[BUFSIZ];
if (RSA_public_decrypt(len, b, dcrpt, pub_key, RSA_PKCS1_PADDING) <= 0)
{
fprintf(stderr, "Failed to decrypt auth file\n");
lock_fail();
return 0;
}
RSA_free(pub_key);
//get executable path
char path[BUFSIZ];
int read = readlink("/proc/self/exe", path, BUFSIZ);
path[read % BUFSIZ] = '\0';
OpenSSL_add_all_digests();
EVP_MD_CTX mdctx;
const EVP_MD *md;
unsigned char md_value[EVP_MAX_MD_SIZE];
int md_len, i;
md = EVP_get_digestbyname("sha1");
EVP_MD_CTX_init(&mdctx);
EVP_DigestInit_ex(&mdctx, md, NULL);
FILE *efp = fopen(path, "r");
if (efp == NULL)
{
fprintf(stderr, "Failed to open executable at %s\n", path);
lock_fail();
return 0;
}
int r = 0;
char buf[256];
do
{
r = fread(buf, sizeof(char), 256, efp);
if (read)
{
EVP_DigestUpdate(&mdctx, buf, r);
}
}
while (r);
EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
EVP_MD_CTX_cleanup(&mdctx);
fclose(efp);
char ascisha[BUFSIZ];
for(i = 0; i < md_len; i++) sprintf(&(ascisha[i*2]) , "%02x", md_value[i]);
dcrpt[strlen(ascisha)] = '\0';
printf("HASH: %s\n", ascisha);
printf("DCPC: %s\n", dcrpt);
if (strcmp(ascisha, dcrpt) != 0)
{
fprintf(stderr, "Failed to autherise, hashes do not match\n");
lock_fail();
return 0;
//.........这里部分代码省略.........
示例15: x9_62_test_internal
/* some tests from the X9.62 draft */
int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)
{
int ret = 0;
const char message[] = "abc";
unsigned char digest[20];
unsigned int dgst_len = 0;
EVP_MD_CTX md_ctx;
EC_KEY *key = NULL;
ECDSA_SIG *signature = NULL;
BIGNUM *r = NULL, *s = NULL;
EVP_MD_CTX_init(&md_ctx);
/* get the message digest */
if (!EVP_DigestInit(&md_ctx, EVP_ecdsa())
|| !EVP_DigestUpdate(&md_ctx, (const void*)message, 3)
|| !EVP_DigestFinal(&md_ctx, digest, &dgst_len))
goto x962_int_err;
BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid));
/* create the key */
if ((key = EC_KEY_new_by_curve_name(nid)) == NULL)
goto x962_int_err;
use_fake = 1;
if (!EC_KEY_generate_key(key))
goto x962_int_err;
BIO_printf(out, ".");
(void)BIO_flush(out);
/* create the signature */
use_fake = 1;
signature = ECDSA_do_sign(digest, 20, key);
if (signature == NULL)
goto x962_int_err;
BIO_printf(out, ".");
(void)BIO_flush(out);
/* compare the created signature with the expected signature */
if ((r = BN_new()) == NULL || (s = BN_new()) == NULL)
goto x962_int_err;
if (!BN_dec2bn(&r, r_in) ||
!BN_dec2bn(&s, s_in))
goto x962_int_err;
if (BN_cmp(signature->r ,r) || BN_cmp(signature->s, s))
goto x962_int_err;
BIO_printf(out, ".");
(void)BIO_flush(out);
/* verify the signature */
if (ECDSA_do_verify(digest, 20, signature, key) != 1)
goto x962_int_err;
BIO_printf(out, ".");
(void)BIO_flush(out);
BIO_printf(out, " ok\n");
ret = 1;
x962_int_err:
if (!ret)
BIO_printf(out, " failed\n");
if (key)
EC_KEY_free(key);
if (signature)
ECDSA_SIG_free(signature);
if (r)
BN_free(r);
if (s)
BN_free(s);
EVP_MD_CTX_cleanup(&md_ctx);
return ret;
}