• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

C++ EVP_MD_CTX_init函数代码示例

原作者: [db:作者] 来自: [db:来源] 收藏 邀请

本文整理汇总了C++中EVP_MD_CTX_init函数的典型用法代码示例。如果您正苦于以下问题:C++ EVP_MD_CTX_init函数的具体用法?C++ EVP_MD_CTX_init怎么用?C++ EVP_MD_CTX_init使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。



在下文中一共展示了EVP_MD_CTX_init函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。

示例1: PKCS12_key_gen_uni

int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
                       int saltlen, int id, int iter, int n,
                       unsigned char *out, const EVP_MD *md_type)
{
    unsigned char *B, *D, *I, *p, *Ai;
    int Slen, Plen, Ilen, Ijlen;
    int i, j, u, v;
    int ret = 0;
    BIGNUM *Ij, *Bpl1;          /* These hold Ij and B + 1 */
    EVP_MD_CTX ctx;
#ifdef  DEBUG_KEYGEN
    unsigned char *tmpout = out;
    int tmpn = n;
#endif

    EVP_MD_CTX_init(&ctx);
#ifdef  DEBUG_KEYGEN
    fprintf(stderr, "KEYGEN DEBUG\n");
    fprintf(stderr, "ID %d, ITER %d\n", id, iter);
    fprintf(stderr, "Password (length %d):\n", passlen);
    h__dump(pass, passlen);
    fprintf(stderr, "Salt (length %d):\n", saltlen);
    h__dump(salt, saltlen);
#endif
    v = EVP_MD_block_size(md_type);
    u = EVP_MD_size(md_type);
    if (u < 0)
        return 0;
    D = OPENSSL_malloc(v);
    Ai = OPENSSL_malloc(u);
    B = OPENSSL_malloc(v + 1);
    Slen = v * ((saltlen + v - 1) / v);
    if (passlen)
        Plen = v * ((passlen + v - 1) / v);
    else
        Plen = 0;
    Ilen = Slen + Plen;
    I = OPENSSL_malloc(Ilen);
    Ij = BN_new();
    Bpl1 = BN_new();
    if (!D || !Ai || !B || !I || !Ij || !Bpl1)
        goto err;
    for (i = 0; i < v; i++)
        D[i] = id;
    p = I;
    for (i = 0; i < Slen; i++)
        *p++ = salt[i % saltlen];
    for (i = 0; i < Plen; i++)
        *p++ = pass[i % passlen];
    for (;;) {
        if (!EVP_DigestInit_ex(&ctx, md_type, NULL)
            || !EVP_DigestUpdate(&ctx, D, v)
            || !EVP_DigestUpdate(&ctx, I, Ilen)
            || !EVP_DigestFinal_ex(&ctx, Ai, NULL))
            goto err;
        for (j = 1; j < iter; j++) {
            if (!EVP_DigestInit_ex(&ctx, md_type, NULL)
                || !EVP_DigestUpdate(&ctx, Ai, u)
                || !EVP_DigestFinal_ex(&ctx, Ai, NULL))
                goto err;
        }
        memcpy(out, Ai, min(n, u));
        if (u >= n) {
#ifdef DEBUG_KEYGEN
            fprintf(stderr, "Output KEY (length %d)\n", tmpn);
            h__dump(tmpout, tmpn);
#endif
            ret = 1;
            goto end;
        }
        n -= u;
        out += u;
        for (j = 0; j < v; j++)
            B[j] = Ai[j % u];
        /* Work out B + 1 first then can use B as tmp space */
        if (!BN_bin2bn(B, v, Bpl1))
            goto err;
        if (!BN_add_word(Bpl1, 1))
            goto err;
        for (j = 0; j < Ilen; j += v) {
            if (!BN_bin2bn(I + j, v, Ij))
                goto err;
            if (!BN_add(Ij, Ij, Bpl1))
                goto err;
            if (!BN_bn2bin(Ij, B))
                goto err;
            Ijlen = BN_num_bytes(Ij);
            /* If more than 2^(v*8) - 1 cut off MSB */
            if (Ijlen > v) {
                if (!BN_bn2bin(Ij, B))
                    goto err;
                memcpy(I + j, B + 1, v);
#ifndef PKCS12_BROKEN_KEYGEN
                /* If less than v bytes pad with zeroes */
            } else if (Ijlen < v) {
                memset(I + j, 0, v - Ijlen);
                if (!BN_bn2bin(Ij, I + j + v - Ijlen))
                    goto err;
#endif
            } else if (!BN_bn2bin(Ij, I + j))
//.........这里部分代码省略.........
开发者ID:375670450,项目名称:openssl,代码行数:101,代码来源:p12_key.c


示例2: tls1_P_hash

/* seed1 through seed5 are virtually concatenated */
static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
			int sec_len,
			const void *seed1, int seed1_len,
			const void *seed2, int seed2_len,
			const void *seed3, int seed3_len,
			const void *seed4, int seed4_len,
			const void *seed5, int seed5_len,
			unsigned char *out, int olen)
	{
	int chunk;
	size_t j;
	EVP_MD_CTX ctx, ctx_tmp;
	EVP_PKEY *mac_key;
	unsigned char A1[EVP_MAX_MD_SIZE];
	size_t A1_len;
	int ret = 0;
	
	chunk=EVP_MD_size(md);
	OPENSSL_assert(chunk >= 0);

	EVP_MD_CTX_init(&ctx);
	EVP_MD_CTX_init(&ctx_tmp);
	EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
	EVP_MD_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
	mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
	if (!mac_key)
		goto err;
	if (!EVP_DigestSignInit(&ctx,NULL,md, NULL, mac_key))
		goto err;
	if (!EVP_DigestSignInit(&ctx_tmp,NULL,md, NULL, mac_key))
		goto err;
	if (seed1 && !EVP_DigestSignUpdate(&ctx,seed1,seed1_len))
		goto err;
	if (seed2 && !EVP_DigestSignUpdate(&ctx,seed2,seed2_len))
		goto err;
	if (seed3 && !EVP_DigestSignUpdate(&ctx,seed3,seed3_len))
		goto err;
	if (seed4 && !EVP_DigestSignUpdate(&ctx,seed4,seed4_len))
		goto err;
	if (seed5 && !EVP_DigestSignUpdate(&ctx,seed5,seed5_len))
		goto err;
	if (!EVP_DigestSignFinal(&ctx,A1,&A1_len))
		goto err;

	for (;;)
		{
		/* Reinit mac contexts */
		if (!EVP_DigestSignInit(&ctx,NULL,md, NULL, mac_key))
			goto err;
		if (!EVP_DigestSignInit(&ctx_tmp,NULL,md, NULL, mac_key))
			goto err;
		if (!EVP_DigestSignUpdate(&ctx,A1,A1_len))
			goto err;
		if (!EVP_DigestSignUpdate(&ctx_tmp,A1,A1_len))
			goto err;
		if (seed1 && !EVP_DigestSignUpdate(&ctx,seed1,seed1_len))
			goto err;
		if (seed2 && !EVP_DigestSignUpdate(&ctx,seed2,seed2_len))
			goto err;
		if (seed3 && !EVP_DigestSignUpdate(&ctx,seed3,seed3_len))
			goto err;
		if (seed4 && !EVP_DigestSignUpdate(&ctx,seed4,seed4_len))
			goto err;
		if (seed5 && !EVP_DigestSignUpdate(&ctx,seed5,seed5_len))
			goto err;

		if (olen > chunk)
			{
			if (!EVP_DigestSignFinal(&ctx,out,&j))
				goto err;
			out+=j;
			olen-=j;
			/* calc the next A1 value */
			if (!EVP_DigestSignFinal(&ctx_tmp,A1,&A1_len))
				goto err;
			}
		else	/* last one */
			{
			if (!EVP_DigestSignFinal(&ctx,A1,&A1_len))
				goto err;
			memcpy(out,A1,olen);
			break;
			}
		}
	ret = 1;
err:
	EVP_PKEY_free(mac_key);
	EVP_MD_CTX_cleanup(&ctx);
	EVP_MD_CTX_cleanup(&ctx_tmp);
	OPENSSL_cleanse(A1,sizeof(A1));
	return ret;
	}
开发者ID:bingos,项目名称:bitrig,代码行数:93,代码来源:t1_enc.c


示例3: PKCS7_signatureVerify

int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
                          X509 *x509)
{
    ASN1_OCTET_STRING *os;
    EVP_MD_CTX mdc_tmp, *mdc;
    int ret = 0, i;
    int md_type;
    STACK_OF(X509_ATTRIBUTE) *sk;
    BIO *btmp;
    EVP_PKEY *pkey;

    EVP_MD_CTX_init(&mdc_tmp);

    if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) {
        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
        goto err;
    }

    md_type = OBJ_obj2nid(si->digest_alg->algorithm);

    btmp = bio;
    for (;;) {
        if ((btmp == NULL) ||
            ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) {
            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
                     PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
            goto err;
        }
        BIO_get_md_ctx(btmp, &mdc);
        if (mdc == NULL) {
            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_INTERNAL_ERROR);
            goto err;
        }
        if (EVP_MD_CTX_type(mdc) == md_type)
            break;
        /*
         * Workaround for some broken clients that put the signature OID
         * instead of the digest OID in digest_alg->algorithm
         */
        if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
            break;
        btmp = BIO_next(btmp);
    }

    /*
     * mdc is the digest ctx that we want, unless there are attributes, in
     * which case the digest is the signed attributes
     */
    if (!EVP_MD_CTX_copy_ex(&mdc_tmp, mdc))
        goto err;

    sk = si->auth_attr;
    if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) {
        unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
        unsigned int md_len;
        int alen;
        ASN1_OCTET_STRING *message_digest;

        if (!EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len))
            goto err;
        message_digest = PKCS7_digest_from_attributes(sk);
        if (!message_digest) {
            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
                     PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
            goto err;
        }
        if ((message_digest->length != (int)md_len) ||
            (memcmp(message_digest->data, md_dat, md_len))) {
            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_DIGEST_FAILURE);
            ret = -1;
            goto err;
        }

        if (!EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type), NULL))
            goto err;

        alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
                             ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
        if (alen <= 0) {
            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_ASN1_LIB);
            ret = -1;
            goto err;
        }
        if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen))
            goto err;

        OPENSSL_free(abuf);
    }

    os = si->enc_digest;
    pkey = X509_get_pubkey(x509);
    if (!pkey) {
        ret = -1;
        goto err;
    }

    i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey);
    EVP_PKEY_free(pkey);
    if (i <= 0) {
        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE);
//.........这里部分代码省略.........
开发者ID:AmesianX,项目名称:openssl,代码行数:101,代码来源:pk7_doit.c


示例4: _getCertificateDigest

/**
 * Funkcja generuje skrót z certyfikatu wykorzystując podaną w drugim parametrze
 * metodę.
 * \param certyfikat Bufor generyczny ze zdekodowanym certyfikatem.
 * \param method Metoda generowania skrótu. W chwili obecnej do wyboru:
 * - LIBBMDXADES_DIGEST_METHOD_SHA1
 * - LIBBMDXADES_DIGEST_METHOD_MD5
 * \param basedHash Skrót zakodowany do base64.
 * \retval 0 Wszystko OK.
 * \retval -1 Nieznana metoda.
 * \retval -2 Brak pamięci.
 * */
long _getCertificateDigest(GenBuf_t **certyfikat, LIBBMDXADES_DIGEST_METHOD_t method, char **basedHash)
{
	EVP_MD_CTX mdctx;	/*kontekst digesta*/
	const EVP_MD *md;	/*metoda skrotu*/
	char md_value[EVP_MAX_MD_SIZE];	/*otrzymany skrot*/
	long md_len = 0;	/*dlugosc skrotu*/
	unsigned int ui_temp = 0;

	if (certyfikat == NULL)
	{
		PRINT_DEBUG("Wrong argument 1\n");
		return ERR_arg+1;
	}

	if (*certyfikat == NULL)
	{
		PRINT_DEBUG("Wrong argument 1\n");
		return ERR_arg+1;
	}

	if (basedHash == NULL)
	{
		PRINT_DEBUG("Wrong argument 2\n");
		return ERR_arg+2;
	}

	if (*basedHash != NULL)
	{
		PRINT_DEBUG("Wrong argument 2\n");
		return ERR_arg+2;
	}

	OpenSSL_add_all_digests();

	switch (method)
	{
		case LIBBMDXADES_DIGEST_METHOD_SHA1:
			md = EVP_get_digestbyname("sha1");
			break;
		case LIBBMDXADES_DIGEST_METHOD_MD5:
			md = EVP_get_digestbyname("md5");
			break;
		default:
			PRINT_DEBUG("UNKNOWN DIGEST METHOD!\n");
			return -1;
	}

	EVP_MD_CTX_init(&mdctx);	/*inicjalizacja kontekstu*/
	EVP_DigestInit_ex(&mdctx, md, NULL);	/*ustawiamy odpowiednia metode liczenia skrotu*/
	EVP_DigestUpdate(&mdctx, (*certyfikat)->buf, (*certyfikat)->size);/*dodajemy tekst*/
	ui_temp = md_len;
	EVP_DigestFinal_ex(&mdctx, (unsigned char*)md_value, &ui_temp);
	md_len = ui_temp;
	EVP_MD_CTX_cleanup(&mdctx);

	(*basedHash) = (char *) spc_base64_encode((unsigned char *)md_value, md_len, 0);
	if (*basedHash == NULL)
	{
		PRINT_ERROR("NO MEMORY!\n");
		return -2;
	}
	return 0;
}
开发者ID:unizeto,项目名称:bmd,代码行数:75,代码来源:validate.c


示例5: rsa_sign_with_key

static int rsa_sign_with_key(RSA *rsa, const void *data,
		const int data_size, uint8_t **sigp, uint *sig_size)
{
	EVP_PKEY *key;
	EVP_MD_CTX *context;
	int size, ret = 0;
	uint8_t *sig;

	key = EVP_PKEY_new();
	if (!key)
		return rsa_err("EVP_PKEY object creation failed");

	if (!EVP_PKEY_set1_RSA(key, rsa)) {
		ret = rsa_err("EVP key setup failed");
		goto err_set;
	}

	size = EVP_PKEY_size(key);
	sig = malloc(size);
	if (!sig) {
		fprintf(stderr, "Out of memory for signature (%d bytes)\n",
			size);
		ret = -ENOMEM;
		goto err_alloc;
	}

	context = EVP_MD_CTX_create();
	if (!context) {
		ret = rsa_err("EVP context creation failed");
		goto err_create;
	}
	EVP_MD_CTX_init(context);
	if (!EVP_SignInit(context, EVP_sha1())) {
		ret = rsa_err("Signer setup failed");
		goto err_sign;
	}

	if (!EVP_SignUpdate(context, data, data_size)) {
		ret = rsa_err("Signing data failed");
		goto err_sign;
	}

	if (!EVP_SignFinal(context, sig, sig_size, key)) {
		ret = rsa_err("Could not obtain signature");
		goto err_sign;
	}
	EVP_MD_CTX_cleanup(context);
	EVP_MD_CTX_destroy(context);
	EVP_PKEY_free(key);

	printf("Got signature: %d bytes, expected %d\n", *sig_size, size);
	*sigp = sig;
	*sig_size = size;

	return 0;

err_sign:
	EVP_MD_CTX_destroy(context);
err_create:
	free(sig);
err_alloc:
err_set:
	EVP_PKEY_free(key);
	return ret;
}
开发者ID:hello--world,项目名称:hiwifi-openwrt-HC5661-HC5761,代码行数:65,代码来源:hwf-img-sign.c


示例6: PKCS5_PBE_keyivgen

int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
			 int en_de)
{
	EVP_MD_CTX ctx;
	unsigned char md_tmp[EVP_MAX_MD_SIZE];
	unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
	int i;
	PBEPARAM *pbe;
	int saltlen, iter;
	unsigned char *salt;
	const unsigned char *pbuf;
	int mdsize;

	/* Extract useful info from parameter */
	if (param == NULL || param->type != V_ASN1_SEQUENCE ||
	    param->value.sequence == NULL) {
		EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
		return 0;
	}

	pbuf = param->value.sequence->data;
	if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
		EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
		return 0;
	}

	if (!pbe->iter) iter = 1;
	else iter = ASN1_INTEGER_get (pbe->iter);
	salt = pbe->salt->data;
	saltlen = pbe->salt->length;

	if(!pass) passlen = 0;
	else if(passlen == -1) passlen = strlen(pass);

	EVP_MD_CTX_init(&ctx);
	EVP_DigestInit_ex(&ctx, md, NULL);
	EVP_DigestUpdate(&ctx, pass, passlen);
	EVP_DigestUpdate(&ctx, salt, saltlen);
	PBEPARAM_free(pbe);
	EVP_DigestFinal_ex(&ctx, md_tmp, NULL);
	mdsize = EVP_MD_size(md);
	if (mdsize < 0)
	    return 0;
	for (i = 1; i < iter; i++) {
		EVP_DigestInit_ex(&ctx, md, NULL);
		EVP_DigestUpdate(&ctx, md_tmp, mdsize);
		EVP_DigestFinal_ex (&ctx, md_tmp, NULL);
	}
	EVP_MD_CTX_cleanup(&ctx);
	OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp));
	memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
	OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
	memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
						 EVP_CIPHER_iv_length(cipher));
	EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de);
	OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
	OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
	OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
	return 1;
}
开发者ID:10045125,项目名称:xuggle-xuggler,代码行数:61,代码来源:p5_crpt.c


示例7: RSA_padding_add_PKCS1_PSS

int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
			const unsigned char *mHash,
			const EVP_MD *Hash, int sLen)
	{
	int i;
	int ret = 0;
	int hLen, maskedDBLen, MSBits, emLen;
	unsigned char *H, *salt = NULL, *p;
	EVP_MD_CTX ctx;

	hLen = EVP_MD_size(Hash);
	if (hLen < 0)
		goto err;
	/*
	 * Negative sLen has special meanings:
	 *	-1	sLen == hLen
	 *	-2	salt length is maximized
	 *	-N	reserved
	 */
	if      (sLen == -1)	sLen = hLen;
	else if (sLen == -2)	sLen = -2;
	else if (sLen < -2)
		{
		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
		goto err;
		}

	MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
	emLen = RSA_size(rsa);
	if (MSBits == 0)
		{
		*EM++ = 0;
		emLen--;
		}
	if (sLen == -2)
		{
		sLen = emLen - hLen - 2;
		}
	else if (emLen < (hLen + sLen + 2))
		{
		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS,
		   RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
		goto err;
		}
	if (sLen > 0)
		{
		salt = (unsigned char*)OPENSSL_malloc(sLen);
		if (!salt)
			{
			RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS,
		   		ERR_R_MALLOC_FAILURE);
			goto err;
			}
		if (RAND_bytes(salt, sLen) <= 0)
			goto err;
		}
	maskedDBLen = emLen - hLen - 1;
	H = EM + maskedDBLen;
	EVP_MD_CTX_init(&ctx);
	EVP_DigestInit_ex(&ctx, Hash, NULL);
	EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes);
	EVP_DigestUpdate(&ctx, mHash, hLen);
	if (sLen)
		EVP_DigestUpdate(&ctx, salt, sLen);
	EVP_DigestFinal(&ctx, H, NULL);
	EVP_MD_CTX_cleanup(&ctx);

	/* Generate dbMask in place then perform XOR on it */
	if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash))
		goto err;

	p = EM;

	/* Initial PS XORs with all zeroes which is a NOP so just update
	 * pointer. Note from a test above this value is guaranteed to
	 * be non-negative.
	 */
	p += emLen - sLen - hLen - 2;
	*p++ ^= 0x1;
	if (sLen > 0)
		{
		for (i = 0; i < sLen; i++)
			*p++ ^= salt[i];
		}
	if (MSBits)
		EM[0] &= 0xFF >> (8 - MSBits);

	/* H is already in place so just set final 0xbc */

	EM[emLen - 1] = 0xbc;

	ret = 1;

	err:
	if (salt)
		OPENSSL_free(salt);

	return ret;

	}
开发者ID:AustinWise,项目名称:Netduino-Micro-Framework,代码行数:100,代码来源:rsa_pss.cpp


示例8: libssh2_md5_init

int
libssh2_md5_init(libssh2_md5_ctx *ctx)
{
    EVP_MD_CTX_init(ctx);
    return EVP_DigestInit(ctx, EVP_get_digestbyname("md5"));
}
开发者ID:yeonsh,项目名称:libssh2,代码行数:6,代码来源:openssl.c


示例9: EVP_MD_CTX_init

void QblEvpDigest::init() {
    EVP_MD_CTX_init(&mdctx);
    EVP_DigestInit_ex(&mdctx, getAlgorithm(), NULL);
}
开发者ID:f-porter,项目名称:qabel-lib,代码行数:4,代码来源:qbl-evp-digest.cpp


示例10: libssh2_sha1_init

int
libssh2_sha1_init(libssh2_sha1_ctx *ctx)
{
    EVP_MD_CTX_init(ctx);
    return EVP_DigestInit(ctx, EVP_get_digestbyname("sha1"));
}
开发者ID:yeonsh,项目名称:libssh2,代码行数:6,代码来源:openssl.c


示例11: ssl3_change_cipher_state


//.........这里部分代码省略.........
		else
			/* make sure it's intialized in case we exit later with an error */
			EVP_CIPHER_CTX_init(s->enc_write_ctx);
		dd= s->enc_write_ctx;
		ssl_replace_hash(&s->write_hash,m);
#ifndef OPENSSL_NO_COMP
		/* COMPRESS */
		if (s->compress != NULL)
			{
			COMP_CTX_free(s->compress);
			s->compress=NULL;
			}
		if (comp != NULL)
			{
			s->compress=COMP_CTX_new(comp);
			if (s->compress == NULL)
				{
				SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
				goto err2;
				}
			}
#endif
		memset(&(s->s3->write_sequence[0]),0,8);
		mac_secret= &(s->s3->write_mac_secret[0]);
		}

	if (reuse_dd)
		EVP_CIPHER_CTX_cleanup(dd);

	p=s->s3->tmp.key_block;
	i=EVP_MD_size(m);
	if (i < 0)
		goto err2;
	cl=EVP_CIPHER_key_length(c);
	j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
		 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
	/* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */
	k=EVP_CIPHER_iv_length(c);
	if (	(which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
		(which == SSL3_CHANGE_CIPHER_SERVER_READ))
		{
		ms=  &(p[ 0]); n=i+i;
		key= &(p[ n]); n+=j+j;
		iv=  &(p[ n]); n+=k+k;
		er1= &(s->s3->client_random[0]);
		er2= &(s->s3->server_random[0]);
		}
	else
		{
		n=i;
		ms=  &(p[ n]); n+=i+j;
		key= &(p[ n]); n+=j+k;
		iv=  &(p[ n]); n+=k;
		er1= &(s->s3->server_random[0]);
		er2= &(s->s3->client_random[0]);
		}

	if (n > s->s3->tmp.key_block_length)
		{
		SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR);
		goto err2;
		}

	EVP_MD_CTX_init(&md);
	memcpy(mac_secret,ms,i);
	if (is_exp)
		{
		/* In here I set both the read and write key/iv to the
		 * same value since only the correct one will be used :-).
		 */
		EVP_DigestInit_ex(&md,EVP_md5(), NULL);
		EVP_DigestUpdate(&md,key,j);
		EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE);
		EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE);
		EVP_DigestFinal_ex(&md,&(exp_key[0]),NULL);
		key= &(exp_key[0]);

		if (k > 0)
			{
			EVP_DigestInit_ex(&md,EVP_md5(), NULL);
			EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE);
			EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE);
			EVP_DigestFinal_ex(&md,&(exp_iv[0]),NULL);
			iv= &(exp_iv[0]);
			}
		}

	s->session->key_arg_length=0;

	EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));

	OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key));
	OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv));
	EVP_MD_CTX_cleanup(&md);
	return(1);
err:
	SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
err2:
	return(0);
	}
开发者ID:0omega,项目名称:platform_external_openssl,代码行数:101,代码来源:s3_enc.c


示例12: EVP_BytesToKey

int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, 
	     const unsigned char *salt, const unsigned char *data, int datal,
	     int count, unsigned char *key, unsigned char *iv)
	{
	EVP_MD_CTX c;
	unsigned char md_buf[EVP_MAX_MD_SIZE];
	int niv,nkey,addmd=0;
	unsigned int mds=0,i;

	nkey=type->key_len;
	niv=type->iv_len;
	OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
	OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);

	if (data == NULL) return(nkey);

	EVP_MD_CTX_init(&c);
	for (;;)
		{
		EVP_DigestInit_ex(&c,md, NULL);
		if (addmd++)
			EVP_DigestUpdate(&c,&(md_buf[0]),mds);
		EVP_DigestUpdate(&c,data,datal);
		if (salt != NULL)
			EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN);
		EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);

		for (i=1; i<(unsigned int)count; i++)
			{
			EVP_DigestInit_ex(&c,md, NULL);
			EVP_DigestUpdate(&c,&(md_buf[0]),mds);
			EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
			}
		i=0;
		if (nkey)
			{
			for (;;)
				{
				if (nkey == 0) break;
				if (i == mds) break;
				if (key != NULL)
					*(key++)=md_buf[i];
				nkey--;
				i++;
				}
			}
		if (niv && (i != mds))
			{
			for (;;)
				{
				if (niv == 0) break;
				if (i == mds) break;
				if (iv != NULL)
					*(iv++)=md_buf[i];
				niv--;
				i++;
				}
			}
		if ((nkey == 0) && (niv == 0)) break;
		}
	EVP_MD_CTX_cleanup(&c);
	OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
	return(type->key_len);
	}
开发者ID:jameshilliard,项目名称:actiontec_opensrc_mi424wr-rev-e-f_fw-20-10-7-5,代码行数:64,代码来源:evp_key.c


示例13: EVP_sha256


//.........这里部分代码省略.........
#endif
        const unsigned char *data = (const unsigned char *)certChain.certificate(i).data();
        X509 *cert = d2i_X509(nullptr, &data, certChain.certificate(i).size());
        if (cert)
            certs.push_back(cert);
    }
    if (certs.empty()) {
        qWarning() << "PaymentRequestPlus::getMerchant: Payment request: empty certificate chain";
        return false;
    }

    // The first cert is the signing cert, the rest are untrusted certs that chain
    // to a valid root authority. OpenSSL needs them separately.
    STACK_OF(X509) *chain = sk_X509_new_null();
    for (int i = certs.size() - 1; i > 0; i--) {
        sk_X509_push(chain, certs[i]);
    }
    X509 *signing_cert = certs[0];

    // Now create a "store context", which is a single use object for checking,
    // load the signing cert into it and verify.
    X509_STORE_CTX *store_ctx = X509_STORE_CTX_new();
    if (!store_ctx) {
        qWarning() << "PaymentRequestPlus::getMerchant: Payment request: error creating X509_STORE_CTX";
        return false;
    }

    char *website = nullptr;
    bool fResult = true;
    try
    {
        if (!X509_STORE_CTX_init(store_ctx, certStore, signing_cert, chain))
        {
            int error = X509_STORE_CTX_get_error(store_ctx);
            throw SSLVerifyError(X509_verify_cert_error_string(error));
        }

        // Now do the verification!
        int result = X509_verify_cert(store_ctx);
        if (result != 1) {
            int error = X509_STORE_CTX_get_error(store_ctx);
            // For testing payment requests, we allow self signed root certs!
            // This option is just shown in the UI options, if -help-debug is enabled.
            if (!(error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT && gArgs.GetBoolArg("-allowselfsignedrootcertificates", DEFAULT_SELFSIGNED_ROOTCERTS))) {
                throw SSLVerifyError(X509_verify_cert_error_string(error));
            } else {
               qDebug() << "PaymentRequestPlus::getMerchant: Allowing self signed root certificate, because -allowselfsignedrootcertificates is true.";
            }
        }
        X509_NAME *certname = X509_get_subject_name(signing_cert);

        // Valid cert; check signature:
        payments::PaymentRequest rcopy(paymentRequest); // Copy
        rcopy.set_signature(std::string(""));
        std::string data_to_verify;                     // Everything but the signature
        rcopy.SerializeToString(&data_to_verify);

#if HAVE_DECL_EVP_MD_CTX_NEW
        EVP_MD_CTX *ctx = EVP_MD_CTX_new();
        if (!ctx) throw SSLVerifyError("Error allocating OpenSSL context.");
#else
        EVP_MD_CTX _ctx;
        EVP_MD_CTX *ctx;
        ctx = &_ctx;
#endif
        EVP_PKEY *pubkey = X509_get_pubkey(signing_cert);
        EVP_MD_CTX_init(ctx);
        if (!EVP_VerifyInit_ex(ctx, digestAlgorithm, nullptr) ||
            !EVP_VerifyUpdate(ctx, data_to_verify.data(), data_to_verify.size()) ||
            !EVP_VerifyFinal(ctx, (const unsigned char*)paymentRequest.signature().data(), (unsigned int)paymentRequest.signature().size(), pubkey)) {
            throw SSLVerifyError("Bad signature, invalid payment request.");
        }
#if HAVE_DECL_EVP_MD_CTX_NEW
        EVP_MD_CTX_free(ctx);
#endif

        // OpenSSL API for getting human printable strings from certs is baroque.
        int textlen = X509_NAME_get_text_by_NID(certname, NID_commonName, nullptr, 0);
        website = new char[textlen + 1];
        if (X509_NAME_get_text_by_NID(certname, NID_commonName, website, textlen + 1) == textlen && textlen > 0) {
            merchant = website;
        }
        else {
            throw SSLVerifyError("Bad certificate, missing common name.");
        }
        // TODO: detect EV certificates and set merchant = business name instead of unfriendly NID_commonName ?
    }
    catch (const SSLVerifyError& err) {
        fResult = false;
        qWarning() << "PaymentRequestPlus::getMerchant: SSL error: " << err.what();
    }

    if (website)
        delete[] website;
    X509_STORE_CTX_free(store_ctx);
    for (unsigned int i = 0; i < certs.size(); i++)
        X509_free(certs[i]);

    return fResult;
}
开发者ID:Airche,项目名称:wificoin,代码行数:101,代码来源:paymentrequestplus.cpp


示例14: RSA_verify_PKCS1_PSS

int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
			const EVP_MD *Hash, const unsigned char *EM, int sLen)
	{
	int i;
	int ret = 0;
	int hLen, maskedDBLen, MSBits, emLen;
	const unsigned char *H;
	unsigned char *DB = NULL;
	EVP_MD_CTX ctx;
	unsigned char H_[EVP_MAX_MD_SIZE];

	hLen = EVP_MD_size(Hash);
	if (hLen < 0)
		goto err;
	/*
	 * Negative sLen has special meanings:
	 *	-1	sLen == hLen
	 *	-2	salt length is autorecovered from signature
	 *	-N	reserved
	 */
	if      (sLen == -1)	sLen = hLen;
	else if (sLen == -2)	sLen = -2;
	else if (sLen < -2)
		{
		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
		goto err;
		}

	MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
	emLen = RSA_size(rsa);
	if (EM[0] & (0xFF << MSBits))
		{
		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_FIRST_OCTET_INVALID);
		goto err;
		}
	if (MSBits == 0)
		{
		EM++;
		emLen--;
		}
	if (emLen < (hLen + sLen + 2)) /* sLen can be small negative */
		{
		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_DATA_TOO_LARGE);
		goto err;
		}
	if (EM[emLen - 1] != 0xbc)
		{
		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_LAST_OCTET_INVALID);
		goto err;
		}
	maskedDBLen = emLen - hLen - 1;
	H = EM + maskedDBLen;
	DB = (unsigned char*)OPENSSL_malloc(maskedDBLen);
	if (!DB)
		{
		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE);
		goto err;
		}
	if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash) < 0)
		goto err;
	for (i = 0; i < maskedDBLen; i++)
		DB[i] ^= EM[i];
	if (MSBits)
		DB[0] &= 0xFF >> (8 - MSBits);
	for (i = 0; DB[i] == 0 && i < (maskedDBLen-1); i++) ;
	if (DB[i++] != 0x1)
		{
		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_RECOVERY_FAILED);
		goto err;
		}
	if (sLen >= 0 && (maskedDBLen - i) != sLen)
		{
		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
		goto err;
		}
	EVP_MD_CTX_init(&ctx);
	EVP_DigestInit_ex(&ctx, Hash, NULL);
	EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes);
	EVP_DigestUpdate(&ctx, mHash, hLen);
	if (maskedDBLen - i)
		EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i);
	EVP_DigestFinal(&ctx, H_, NULL);
	EVP_MD_CTX_cleanup(&ctx);
	if (TINYCLR_SSL_MEMCMP(H_, H, hLen))
		{
		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_BAD_SIGNATURE);
		ret = 0;
		}
	else 
		ret = 1;

	err:
	if (DB)
		OPENSSL_free(DB);

	return ret;

	}
开发者ID:AustinWise,项目名称:Netduino-Micro-Framework,代码行数:98,代码来源:rsa_pss.cpp


示例15: find_server

bool find_server(EVP_PKEY *pk, sockaddr6 *addr, uint32_t usecs, uint32_t retries) {
    bool ok = false;

    interface ifs[16];
    ssize_t count = active_interfaces(ifs, 16);
    if (count <= 0) return false;

    addr->sin6_family   = AF_INET6;
    addr->sin6_port     = htons(atoi(MCAST_PORT));
    addr->sin6_scope_id = ifs[0].index;
    inet_pton(AF_INET6, MCAST_HOST, &addr->sin6_addr);

    int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
    if (fd == -1) return false;

    struct ipv6_mreq req = { .ipv6mr_interface = ifs[0].index };
    memcpy(&req.ipv6mr_multiaddr, &addr->sin6_addr, sizeof(struct in6_addr));
    if (setsockopt(fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &req, sizeof(req))) {
        return false;
    }

    struct timeval timeout = { .tv_usec = usecs / retries };
    setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, &timeout, sizeof(timeout));

    sockaddr6 from6;
    socklen_t from_len = sizeof(from6);
    sockaddr *from = (sockaddr *) &from6;

    uint8_t ping[PING_LEN];
    struct pong pong;
    ssize_t len;

    RAND_bytes(ping, PING_LEN);

    for (uint32_t i = 0; !ok && i < retries; i++) {
        EVP_MD_CTX ctx;

        sendto(fd, ping, PING_LEN, 0, (sockaddr *) addr, sizeof(*addr));

        if ((len = recvfrom(fd, &pong, sizeof(pong), 0, from, &from_len)) > 0) {
            EVP_MD_CTX_init(&ctx);
            EVP_DigestVerifyInit(&ctx, NULL, EVP_sha256(), NULL, pk);
            EVP_DigestVerifyUpdate(&ctx, &ping, PING_LEN);
            EVP_DigestVerifyUpdate(&ctx, &pong, PONG_LEN);

            if (EVP_DigestVerifyFinal(&ctx, pong.sig, len) == 1) {
                memcpy(addr->sin6_addr.s6_addr, &pong.addr, 16);
                addr->sin6_port = pong.port;
                ok = true;
            }

            EVP_MD_CTX_cleanup(&ctx);
        }
    }
    close(fd);

    return ok;
}

int mcast_sock(interface *ifa, sockaddr6 *addr, char *host) {
    struct ipv6_mreq req = { .ipv6mr_interface = ifa->index };
    inet_pton(AF_INET6, host, &req.ipv6mr_multiaddr);

    int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
    if (fd == -1 || bind(fd, (sockaddr *) addr, sizeof(*addr))) goto error;
    if (setsockopt(fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, &req, sizeof(req))) goto error;

    return fd;

  error:

    if (fd >= 0) close(fd);
    return -1;
}

char *name(sockaddr6 *addr, socklen_t len) {
    static char host[NI_MAXHOST];
    int flags = NI_NUMERICHOST;
    getnameinfo((struct sockaddr *) addr, len, host, NI_MAXHOST, NULL, 0, flags);
    return host;
}
开发者ID:10xEngineer,项目名称:My-Wallet-iPhone,代码行数:81,代码来源:mcast.c


示例16: HMAC_CTX_init

void HMAC_CTX_init(HMAC_CTX *ctx)
	{
	EVP_MD_CTX_init(&ctx->i_ctx);
	EVP_MD_CTX_init(&ctx->o_ctx);
	EVP_MD_CTX_init(&ctx->md_ctx);
	}
开发者ID:002301,项目名称:node,代码行数:6,代码来源:hmac.c


示例17: OPENSSL_HEADER

CK_RV PKCS11_Digest_OpenSSL::DigestInit(Cryptoki_Session_Context* pSessionCtx, CK_MECHANISM_PTR pMechanism)
{
    OPENSSL_HEADER();
    
    OpenSSLDigestData* pDigData;
    const EVP_MD*      pDigest;
    CK_OBJECT_HANDLE   hKey   = CK_OBJECT_HANDLE_INVALID;
    bool               isHMAC = false;

    if(pSessionCtx            == NULL) return CKR_SESSION_CLOSED;
    if(pSessionCtx->DigestCtx != NULL) return CKR_SESSION_PARALLEL_NOT_SUPPORTED; // another digest is in progress
    
    pDigData = (OpenSSLDigestData*)TINYCLR_SSL_MALLOC(sizeof(*pDigData));

    if(pDigData == NULL) return CKR_DEVICE_MEMORY;

    TINYCLR_SSL_MEMSET(pDigData, 0, sizeof(*pDigData));
    
    EVP_MD_CTX_init(&pDigData->CurrentCtx);
    
    switch(pMechanism->mechanism)
    {
        case CKM_SHA_1:
            pDigest = EVP_sha1();
            break;
        case CKM_SHA224:
            pDigest = EVP_sha224();
            break;
        case CKM_SHA256:
            pDigest = EVP_sha256();
            break;
        case CKM_SHA384:
            pDigest = EVP_sha384();
            break;
        case CKM_SHA512:
            pDigest = EVP_sha512();
            break;

        case CKM_MD5:
            pDigest = EVP_md5();
            break;

        case CKM_RIPEMD160:
            pDigest = EVP_ripemd160();
            break;

        case CKM_MD5_HMAC:
            pDigest = EVP_md5();
            isHMAC = true;
            break;

        case CKM_SHA_1_HMAC:
            pDigest = EVP_sha1();
            isHMAC = true;
            break;

        case CKM_SHA256_HMAC:
            pDigest = EVP_sha256();
            isHMAC = true;
            break;

        case CKM_SHA384_HMAC:
            pDigest = EVP_sha384();
            isHMAC = true;
            break;

        case CKM_SHA512_HMAC:
            pDigest = EVP_sha512();
            isHMAC = true;
            break;

        case CKM_RIPEMD160_HMAC:
            pDigest = EVP_ripemd160();
            isHMAC = true;
            break;
            

        default:
            OPENSSL_SET_AND_LEAVE(CKR_MECHANISM_INVALID);
    }


    if(isHMAC)
    {
        if(pMechanism->pParameter != NULL && pMechanism->ulParameterLen == sizeof(CK_OBJECT_HANDLE))
        {
            hKey = SwapEndianIfBEc32(*(CK_OBJECT_HANDLE*)pMechanism->pParameter);
        }
        else 
        {
            OPENSSL_SET_AND_LEAVE(CKR_MECHANISM_PARAM_INVALID);
        }

        pDigData->HmacKey = PKCS11_Keys_OpenSSL::GetKeyFromHandle(pSessionCtx, hKey, TRUE);

        if(pDigData->HmacKey==NULL) OPENSSL_SET_AND_LEAVE(CKR_MECHANISM_PARAM_INVALID);

        pDigData->HmacCtx.md = pDigest;

        OPENSSL_CHECKRESULT(HMAC_Init(&pDigData->HmacCtx, pDigData->HmacKey->key, pDigData->HmacKey->size/8, pDigData->HmacCtx.md));
//.........这里部分代码省略.........
开发者ID:AustinWise,项目名称:Netduino-Micro-Framework,代码行数:101,代码来源:OpenSSL_PKCS11_digest.cpp


示例18: apr_jws_verify_rsa

/*
 * verify HMAC signature on JWT
 */
static apr_byte_t apr_jws_verify_rsa(apr_pool_t *pool, apr_jwt_t *jwt,
		apr_jwk_t *jwk, apr_jwt_error_t *err) {

	apr_byte_t rc = FALSE;

	/* get the OpenSSL digest function */
	const EVP_MD *digest = NULL;
	if ((digest = apr_jws_crypto_alg_to_evp(pool, jwt->header.alg, err)) == NULL)
		return FALSE;

	EVP_MD_CTX ctx;
	EVP_MD_CTX_init(&ctx);

	RSA * pubkey = RSA_new();

	BIGNUM * modulus = BN_new();
	BIGNUM * exponent = BN_new();

	BN_bin2bn(jwk->key.rsa->modulus, jwk->key.rsa->modulus_len, modulus);
	BN_bin2bn(jwk->key.rsa->exponent, jwk->key.rsa->exponent_len, exponent);

	pubkey->n = modulus;
	pubkey->e = exponent;

	EVP_PKEY* pRsaKey = EVP_PKEY_new();
	if (!EVP_PKEY_assign_RSA(pRsaKey, pubkey)) {
		pRsaKey = NULL;
		apr_jwt_error_openssl(err, "EVP_PKEY_assign_RSA");
		goto end;
	}

	if (apr_jws_signature_starts_with(pool, jwt->header.alg, "PS") == TRUE) {

		int status = 0;
		unsigned char *pDecrypted = apr_pcalloc(pool, jwt->signature.length);
		status = RSA_public_decrypt(jwt->signature.length, jwt->signature.bytes,
				pDecrypted, pubkey, RSA_NO_PADDING);
		if (status == -1) {
			apr_jwt_error_openssl(err, "RSA_public_decrypt");
			goto end;
		}

		unsigned char *pDigest = apr_pcalloc(pool, RSA_size(pubkey));
		unsigned int uDigestLen = RSA_size(pubkey);

		if (!EVP_DigestInit(&ctx, digest)) {
			apr_jwt_error_openssl(err, "EVP_DigestInit");
			goto end;
		}
		if (!EVP_DigestUpdate(&ctx, jwt->message, strlen(jwt->message))) {
			apr_jwt_error_openssl(err, "EVP_DigestUpdate");
			goto end;
		}
		if (!EVP_DigestFinal(&ctx, pDigest, &uDigestLen)) {
			apr_jwt_error_openssl(err, "wrong key? EVP_DigestFinal");
			goto end;
		}

		/* verify the data */
		status = RSA_verify_PKCS1_PSS(pubkey, pDigest, digest, pDecrypted,
				-2 /* salt length recovered from signature*/);
		if (status != 1) {
			apr_jwt_error_openssl(err, "RSA_verify_PKCS1_PSS");
			goto end;
		}

		rc = TRUE;

	} else if (apr_jws_signature_starts_with(pool, jwt->header.alg,
			"RS") == TRUE) {

		if (!EVP_VerifyInit_ex(&ctx, digest, NULL)) {
			apr_jwt_error_openssl(err, "EVP_VerifyInit_ex");
			goto end;
		}
		if (!EVP_VerifyUpdate(&ctx, jwt->message, strlen(jwt->message))) {
			apr_jwt_error_openssl(err, "EVP_VerifyUpdate");
			goto end;
		}
		if (!EVP_VerifyFinal(&ctx, (const unsigned char *) jwt->signature.bytes,
				jwt->signature.length, pRsaKey)) {
			apr_jwt_error_openssl(err, "wrong key? EVP_VerifyFinal");
			goto end;
		}

		rc = TRUE;

	}

end:

	if (pRsaKey) {
		EVP_PKEY_free(pRsaKey);
	} else if (pubkey) {
		RSA_free(pubkey);
	}
	EVP_MD_CTX_cleanup(&ctx);
//.........这里部分代码省略.........
开发者ID:justingreerbbi,项目名称:mod_auth_openidc,代码行数:101,代码来源:apr_jws.c


示例19: EVP_tls_cbc_digest_record


//.........这里部分代码省略.........
    hmac_pad[i] ^= 0x36;
  }

  md_transform(&md_state, hmac_pad);

  // The length check means |bits| fits in four bytes.
  uint8_t length_bytes[MAX_HASH_BIT_COUNT_BYTES];
  OPENSSL_memset(length_bytes, 0, md_length_size - 4);
  length_bytes[md_length_size - 4] = (uint8_t)(bits >> 24);
  length_bytes[md_length_size - 3] = (uint8_t)(bits >> 16);
  length_bytes[md_length_size - 2] = (uint8_t)(bits >> 8);
  length_bytes[md_length_size - 1] = (uint8_t)bits;

  if (k > 0) {
    // k is a multiple of md_block_size.
    uint8_t first_block[MAX_HASH_BLOCK_SIZE];
    OPENSSL_memcpy(first_block, header, 13);
    OPENSSL_memcpy(first_block + 13, data, md_block_size - 13);
    md_transform(&md_state, first_block);
    for (size_t i = 1; i < k / md_block_size; i++) {
      md_transform(&md_state, data + md_block_size * i - 13);
    }
  }

  uint8_t mac_out[EVP_MAX_MD_SIZE];
  OPENSSL_memset(mac_out, 0, sizeof(mac_out));

  // We now process the final hash blocks. For each block, we construct
  // it in constant time. If the |i==index_a| then we'll include the 0x80
  // bytes and zero pad etc. For each block we selectively copy it, 

鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
上一篇:
C++ EVP_MD_CTX_md函数代码示例发布时间:2022-05-30
下一篇:
C++ EVP_MD_CTX_free函数代码示例发布时间:2022-05-30
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap