Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
... | ... |
@@ -1088,7 +1088,7 @@ read_passphrase_hash (const char *passphrase_file, |
1088 | 1088 |
ASSERT (len >= md_kt_size(digest)); |
1089 | 1089 |
memset (output, 0, len); |
1090 | 1090 |
|
1091 |
- EVP_DigestInit (&md, digest); |
|
1091 |
+ md_ctx_init(&md, digest); |
|
1092 | 1092 |
|
1093 | 1093 |
/* read passphrase file */ |
1094 | 1094 |
{ |
... | ... |
@@ -1108,7 +1108,7 @@ read_passphrase_hash (const char *passphrase_file, |
1108 | 1108 |
if (size == -1) |
1109 | 1109 |
msg (M_ERR, "Read error on passphrase file: '%s'", |
1110 | 1110 |
passphrase_file); |
1111 |
- EVP_DigestUpdate (&md, buf, size); |
|
1111 |
+ md_ctx_update(&md, buf, size); |
|
1112 | 1112 |
total_size += size; |
1113 | 1113 |
} |
1114 | 1114 |
close (fd); |
... | ... |
@@ -1120,10 +1120,9 @@ read_passphrase_hash (const char *passphrase_file, |
1120 | 1120 |
"Passphrase file '%s' is too small (must have at least %d characters)", |
1121 | 1121 |
passphrase_file, min_passphrase_size); |
1122 | 1122 |
} |
1123 |
- |
|
1124 |
- EVP_DigestFinal (&md, output, &outlen); |
|
1125 |
- EVP_MD_CTX_cleanup (&md); |
|
1126 |
- return outlen; |
|
1123 |
+ md_ctx_final(&md, output); |
|
1124 |
+ md_ctx_cleanup(&md); |
|
1125 |
+ return md_kt_size(digest); |
|
1127 | 1126 |
} |
1128 | 1127 |
|
1129 | 1128 |
/* |
... | ... |
@@ -1403,17 +1402,13 @@ prng_bytes (uint8_t *output, int len) |
1403 | 1403 |
{ |
1404 | 1404 |
if (nonce_md) |
1405 | 1405 |
{ |
1406 |
- EVP_MD_CTX ctx; |
|
1406 |
+ md_ctx_t ctx; |
|
1407 | 1407 |
const int md_size = md_kt_size (nonce_md); |
1408 | 1408 |
while (len > 0) |
1409 | 1409 |
{ |
1410 | 1410 |
unsigned int outlen = 0; |
1411 | 1411 |
const int blen = min_int (len, md_size); |
1412 |
- EVP_DigestInit (&ctx, nonce_md); |
|
1413 |
- EVP_DigestUpdate (&ctx, nonce_data, md_size + nonce_secret_len); |
|
1414 |
- EVP_DigestFinal (&ctx, nonce_data, &outlen); |
|
1415 |
- ASSERT (outlen == md_size); |
|
1416 |
- EVP_MD_CTX_cleanup (&ctx); |
|
1412 |
+ md_full(nonce_md, nonce_data, md_size + nonce_secret_len, nonce_data); |
|
1417 | 1413 |
memcpy (output, nonce_data, blen); |
1418 | 1414 |
output += blen; |
1419 | 1415 |
len -= blen; |
... | ... |
@@ -1434,14 +1429,6 @@ get_random() |
1434 | 1434 |
return l; |
1435 | 1435 |
} |
1436 | 1436 |
|
1437 |
-const char * |
|
1438 |
-md5sum (uint8_t *buf, int len, int n_print_chars, struct gc_arena *gc) |
|
1439 |
-{ |
|
1440 |
- uint8_t digest[MD5_DIGEST_LENGTH]; |
|
1441 |
- MD5 (buf, len, digest); |
|
1442 |
- return format_hex (digest, MD5_DIGEST_LENGTH, n_print_chars, gc); |
|
1443 |
-} |
|
1444 |
- |
|
1445 | 1437 |
#ifndef USE_SSL |
1446 | 1438 |
|
1447 | 1439 |
void |
... | ... |
@@ -1466,22 +1453,36 @@ free_ssl_lib (void) |
1466 | 1466 |
* md5 functions |
1467 | 1467 |
*/ |
1468 | 1468 |
|
1469 |
+const char * |
|
1470 |
+md5sum (uint8_t *buf, int len, int n_print_chars, struct gc_arena *gc) |
|
1471 |
+{ |
|
1472 |
+ uint8_t digest[MD5_DIGEST_LENGTH]; |
|
1473 |
+ const md_kt_t *md5_kt = md_kt_get("MD5"); |
|
1474 |
+ |
|
1475 |
+ md_full(md5_kt, buf, len, digest); |
|
1476 |
+ |
|
1477 |
+ return format_hex (digest, MD5_DIGEST_LENGTH, n_print_chars, gc); |
|
1478 |
+} |
|
1479 |
+ |
|
1469 | 1480 |
void |
1470 | 1481 |
md5_state_init (struct md5_state *s) |
1471 | 1482 |
{ |
1472 |
- MD5_Init (&s->ctx); |
|
1483 |
+ const md_kt_t *md5_kt = md_kt_get("MD5"); |
|
1484 |
+ |
|
1485 |
+ md_ctx_init(&s->ctx, md5_kt); |
|
1473 | 1486 |
} |
1474 | 1487 |
|
1475 | 1488 |
void |
1476 | 1489 |
md5_state_update (struct md5_state *s, void *data, size_t len) |
1477 | 1490 |
{ |
1478 |
- MD5_Update (&s->ctx, data, len); |
|
1491 |
+ md_ctx_update(&s->ctx, data, len); |
|
1479 | 1492 |
} |
1480 | 1493 |
|
1481 | 1494 |
void |
1482 | 1495 |
md5_state_final (struct md5_state *s, struct md5_digest *out) |
1483 | 1496 |
{ |
1484 |
- MD5_Final (out->digest, &s->ctx); |
|
1497 |
+ md_ctx_final(&s->ctx, out->digest); |
|
1498 |
+ md_ctx_cleanup(&s->ctx); |
|
1485 | 1499 |
} |
1486 | 1500 |
|
1487 | 1501 |
void |
... | ... |
@@ -419,7 +419,6 @@ void prng_uninit (); |
419 | 419 |
|
420 | 420 |
void test_crypto (const struct crypto_options *co, struct frame* f); |
421 | 421 |
|
422 |
-const char *md5sum(uint8_t *buf, int len, int n_print_chars, struct gc_arena *gc); |
|
423 | 422 |
|
424 | 423 |
/* key direction functions */ |
425 | 424 |
|
... | ... |
@@ -470,13 +469,14 @@ key_ctx_bi_defined(const struct key_ctx_bi* key) |
470 | 470 |
*/ |
471 | 471 |
|
472 | 472 |
struct md5_state { |
473 |
- MD5_CTX ctx; |
|
473 |
+ md_ctx_t ctx; |
|
474 | 474 |
}; |
475 | 475 |
|
476 | 476 |
struct md5_digest { |
477 | 477 |
uint8_t digest [MD5_DIGEST_LENGTH]; |
478 | 478 |
}; |
479 | 479 |
|
480 |
+const char *md5sum(uint8_t *buf, int len, int n_print_chars, struct gc_arena *gc); |
|
480 | 481 |
void md5_state_init (struct md5_state *s); |
481 | 482 |
void md5_state_update (struct md5_state *s, void *data, size_t len); |
482 | 483 |
void md5_state_final (struct md5_state *s, struct md5_digest *out); |
... | ... |
@@ -204,4 +204,64 @@ const char * md_kt_name (const md_kt_t *kt); |
204 | 204 |
int md_kt_size (const md_kt_t *kt); |
205 | 205 |
|
206 | 206 |
|
207 |
+/* |
|
208 |
+ * |
|
209 |
+ * Generic message digest functions |
|
210 |
+ * |
|
211 |
+ */ |
|
212 |
+ |
|
213 |
+/* |
|
214 |
+ * Calculates the message digest for the given buffer. |
|
215 |
+ * |
|
216 |
+ * @param kt Static message digest parameters |
|
217 |
+ * @param src Buffer to digest. May not be NULL. |
|
218 |
+ * @param src_len The length of the incoming buffer. |
|
219 |
+ * @param dst Buffer to write the message digest to. May not be NULL. |
|
220 |
+ * |
|
221 |
+ * @return \c 1 on success, \c 0 on failure |
|
222 |
+ */ |
|
223 |
+int md_full (const md_kt_t *kt, const uint8_t *src, int src_len, uint8_t *dst); |
|
224 |
+ |
|
225 |
+/* |
|
226 |
+ * Initialises the given message digest context. |
|
227 |
+ * |
|
228 |
+ * @param ctx Message digest context |
|
229 |
+ * @param kt Static message digest parameters |
|
230 |
+ */ |
|
231 |
+void md_ctx_init (md_ctx_t *ctx, const md_kt_t *kt); |
|
232 |
+ |
|
233 |
+/* |
|
234 |
+ * Free the given message digest context. |
|
235 |
+ * |
|
236 |
+ * @param ctx Message digest context |
|
237 |
+ */ |
|
238 |
+void md_ctx_cleanup(md_ctx_t *ctx); |
|
239 |
+ |
|
240 |
+/* |
|
241 |
+ * Returns the size of the message digest output by the given context |
|
242 |
+ * |
|
243 |
+ * @param ctx Message digest context. |
|
244 |
+ * |
|
245 |
+ * @return Size of the message digest, or \0 if ctx is NULL. |
|
246 |
+ */ |
|
247 |
+int md_ctx_size (const md_ctx_t *ctx); |
|
248 |
+ |
|
249 |
+/* |
|
250 |
+ * Process the given data for use in the message digest. |
|
251 |
+ * |
|
252 |
+ * @param ctx Message digest context. May not be NULL. |
|
253 |
+ * @param src Buffer to digest. May not be NULL. |
|
254 |
+ * @param src_len The length of the incoming buffer. |
|
255 |
+ */ |
|
256 |
+void md_ctx_update (md_ctx_t *ctx, const uint8_t *src, int src_len); |
|
257 |
+ |
|
258 |
+/* |
|
259 |
+ * Output the message digest to the given buffer. |
|
260 |
+ * |
|
261 |
+ * @param ctx Message digest context. May not be NULL. |
|
262 |
+ * @param dst Buffer to write the message digest to. May not be NULL. |
|
263 |
+ */ |
|
264 |
+void md_ctx_final (md_ctx_t *ctx, uint8_t *dst); |
|
265 |
+ |
|
266 |
+ |
|
207 | 267 |
#endif /* CRYPTO_BACKEND_H_ */ |
... | ... |
@@ -499,3 +499,55 @@ md_kt_size (const EVP_MD *kt) |
499 | 499 |
{ |
500 | 500 |
return EVP_MD_size(kt); |
501 | 501 |
} |
502 |
+ |
|
503 |
+ |
|
504 |
+/* |
|
505 |
+ * |
|
506 |
+ * Generic message digest functions |
|
507 |
+ * |
|
508 |
+ */ |
|
509 |
+ |
|
510 |
+int |
|
511 |
+md_full (const EVP_MD *kt, const uint8_t *src, int src_len, uint8_t *dst) |
|
512 |
+{ |
|
513 |
+ unsigned int in_md_len = 0; |
|
514 |
+ |
|
515 |
+ return EVP_Digest(src, src_len, dst, &in_md_len, kt, NULL); |
|
516 |
+} |
|
517 |
+ |
|
518 |
+void |
|
519 |
+md_ctx_init (EVP_MD_CTX *ctx, const EVP_MD *kt) |
|
520 |
+{ |
|
521 |
+ ASSERT(NULL != ctx && NULL != kt); |
|
522 |
+ |
|
523 |
+ CLEAR (*ctx); |
|
524 |
+ |
|
525 |
+ EVP_MD_CTX_init (ctx); |
|
526 |
+ EVP_DigestInit(ctx, kt); |
|
527 |
+} |
|
528 |
+ |
|
529 |
+void |
|
530 |
+md_ctx_cleanup(EVP_MD_CTX *ctx) |
|
531 |
+{ |
|
532 |
+ EVP_MD_CTX_cleanup(ctx); |
|
533 |
+} |
|
534 |
+ |
|
535 |
+int |
|
536 |
+md_ctx_size (const EVP_MD_CTX *ctx) |
|
537 |
+{ |
|
538 |
+ return EVP_MD_CTX_size(ctx); |
|
539 |
+} |
|
540 |
+ |
|
541 |
+void |
|
542 |
+md_ctx_update (EVP_MD_CTX *ctx, const uint8_t *src, int src_len) |
|
543 |
+{ |
|
544 |
+ EVP_DigestUpdate(ctx, src, src_len); |
|
545 |
+} |
|
546 |
+ |
|
547 |
+void |
|
548 |
+md_ctx_final (EVP_MD_CTX *ctx, uint8_t *dst) |
|
549 |
+{ |
|
550 |
+ unsigned int in_md_len = 0; |
|
551 |
+ |
|
552 |
+ EVP_DigestFinal(ctx, dst, &in_md_len); |
|
553 |
+} |
... | ... |
@@ -65,26 +65,28 @@ DigestCalcHA1( |
65 | 65 |
OUT HASHHEX SessionKey |
66 | 66 |
) |
67 | 67 |
{ |
68 |
- MD5_CTX Md5Ctx; |
|
69 | 68 |
HASH HA1; |
69 |
+ md_ctx_t md5_ctx; |
|
70 |
+ const md_kt_t *md5_kt = md_kt_get("MD5"); |
|
70 | 71 |
|
71 |
- MD5_Init(&Md5Ctx); |
|
72 |
- MD5_Update(&Md5Ctx, pszUserName, strlen(pszUserName)); |
|
73 |
- MD5_Update(&Md5Ctx, ":", 1); |
|
74 |
- MD5_Update(&Md5Ctx, pszRealm, strlen(pszRealm)); |
|
75 |
- MD5_Update(&Md5Ctx, ":", 1); |
|
76 |
- MD5_Update(&Md5Ctx, pszPassword, strlen(pszPassword)); |
|
77 |
- MD5_Final(HA1, &Md5Ctx); |
|
72 |
+ md_ctx_init(&md5_ctx, md5_kt); |
|
73 |
+ md_ctx_update(&md5_ctx, pszUserName, strlen(pszUserName)); |
|
74 |
+ md_ctx_update(&md5_ctx, ":", 1); |
|
75 |
+ md_ctx_update(&md5_ctx, pszRealm, strlen(pszRealm)); |
|
76 |
+ md_ctx_update(&md5_ctx, ":", 1); |
|
77 |
+ md_ctx_update(&md5_ctx, pszPassword, strlen(pszPassword)); |
|
78 |
+ md_ctx_final(&md5_ctx, HA1); |
|
78 | 79 |
if (pszAlg && strcasecmp(pszAlg, "md5-sess") == 0) |
79 | 80 |
{ |
80 |
- MD5_Init(&Md5Ctx); |
|
81 |
- MD5_Update(&Md5Ctx, HA1, HASHLEN); |
|
82 |
- MD5_Update(&Md5Ctx, ":", 1); |
|
83 |
- MD5_Update(&Md5Ctx, pszNonce, strlen(pszNonce)); |
|
84 |
- MD5_Update(&Md5Ctx, ":", 1); |
|
85 |
- MD5_Update(&Md5Ctx, pszCNonce, strlen(pszCNonce)); |
|
86 |
- MD5_Final(HA1, &Md5Ctx); |
|
81 |
+ md_ctx_init(&md5_ctx, md5_kt); |
|
82 |
+ md_ctx_update(&md5_ctx, HA1, HASHLEN); |
|
83 |
+ md_ctx_update(&md5_ctx, ":", 1); |
|
84 |
+ md_ctx_update(&md5_ctx, pszNonce, strlen(pszNonce)); |
|
85 |
+ md_ctx_update(&md5_ctx, ":", 1); |
|
86 |
+ md_ctx_update(&md5_ctx, pszCNonce, strlen(pszCNonce)); |
|
87 |
+ md_ctx_final(&md5_ctx, HA1); |
|
87 | 88 |
}; |
89 |
+ md_ctx_cleanup(&md5_ctx); |
|
88 | 90 |
CvtHex(HA1, SessionKey); |
89 | 91 |
} |
90 | 92 |
|
... | ... |
@@ -102,41 +104,44 @@ DigestCalcResponse( |
102 | 102 |
OUT HASHHEX Response /* request-digest or response-digest */ |
103 | 103 |
) |
104 | 104 |
{ |
105 |
- MD5_CTX Md5Ctx; |
|
106 | 105 |
HASH HA2; |
107 | 106 |
HASH RespHash; |
108 | 107 |
HASHHEX HA2Hex; |
109 | 108 |
|
109 |
+ md_ctx_t md5_ctx; |
|
110 |
+ const md_kt_t *md5_kt = md_kt_get("MD5"); |
|
111 |
+ |
|
110 | 112 |
// calculate H(A2) |
111 |
- MD5_Init(&Md5Ctx); |
|
112 |
- MD5_Update(&Md5Ctx, pszMethod, strlen(pszMethod)); |
|
113 |
- MD5_Update(&Md5Ctx, ":", 1); |
|
114 |
- MD5_Update(&Md5Ctx, pszDigestUri, strlen(pszDigestUri)); |
|
113 |
+ md_ctx_init(&md5_ctx, md5_kt); |
|
114 |
+ md_ctx_update(&md5_ctx, pszMethod, strlen(pszMethod)); |
|
115 |
+ md_ctx_update(&md5_ctx, ":", 1); |
|
116 |
+ md_ctx_update(&md5_ctx, pszDigestUri, strlen(pszDigestUri)); |
|
115 | 117 |
if (strcasecmp(pszQop, "auth-int") == 0) |
116 | 118 |
{ |
117 |
- MD5_Update(&Md5Ctx, ":", 1); |
|
118 |
- MD5_Update(&Md5Ctx, HEntity, HASHHEXLEN); |
|
119 |
+ md_ctx_update(&md5_ctx, ":", 1); |
|
120 |
+ md_ctx_update(&md5_ctx, HEntity, HASHHEXLEN); |
|
119 | 121 |
}; |
120 |
- MD5_Final(HA2, &Md5Ctx); |
|
122 |
+ md_ctx_final(&md5_ctx, HA2); |
|
121 | 123 |
CvtHex(HA2, HA2Hex); |
122 | 124 |
|
123 | 125 |
// calculate response |
124 |
- MD5_Init(&Md5Ctx); |
|
125 |
- MD5_Update(&Md5Ctx, HA1, HASHHEXLEN); |
|
126 |
- MD5_Update(&Md5Ctx, ":", 1); |
|
127 |
- MD5_Update(&Md5Ctx, pszNonce, strlen(pszNonce)); |
|
128 |
- MD5_Update(&Md5Ctx, ":", 1); |
|
126 |
+ md_ctx_init(&md5_ctx, md5_kt); |
|
127 |
+ md_ctx_update(&md5_ctx, HA1, HASHHEXLEN); |
|
128 |
+ md_ctx_update(&md5_ctx, ":", 1); |
|
129 |
+ md_ctx_update(&md5_ctx, pszNonce, strlen(pszNonce)); |
|
130 |
+ md_ctx_update(&md5_ctx, ":", 1); |
|
129 | 131 |
if (*pszQop) |
130 | 132 |
{ |
131 |
- MD5_Update(&Md5Ctx, pszNonceCount, strlen(pszNonceCount)); |
|
132 |
- MD5_Update(&Md5Ctx, ":", 1); |
|
133 |
- MD5_Update(&Md5Ctx, pszCNonce, strlen(pszCNonce)); |
|
134 |
- MD5_Update(&Md5Ctx, ":", 1); |
|
135 |
- MD5_Update(&Md5Ctx, pszQop, strlen(pszQop)); |
|
136 |
- MD5_Update(&Md5Ctx, ":", 1); |
|
133 |
+ md_ctx_update(&md5_ctx, pszNonceCount, strlen(pszNonceCount)); |
|
134 |
+ md_ctx_update(&md5_ctx, ":", 1); |
|
135 |
+ md_ctx_update(&md5_ctx, pszCNonce, strlen(pszCNonce)); |
|
136 |
+ md_ctx_update(&md5_ctx, ":", 1); |
|
137 |
+ md_ctx_update(&md5_ctx, pszQop, strlen(pszQop)); |
|
138 |
+ md_ctx_update(&md5_ctx, ":", 1); |
|
137 | 139 |
}; |
138 |
- MD5_Update(&Md5Ctx, HA2Hex, HASHHEXLEN); |
|
139 |
- MD5_Final(RespHash, &Md5Ctx); |
|
140 |
+ md_ctx_update(&md5_ctx, HA2Hex, HASHHEXLEN); |
|
141 |
+ md_ctx_final(&md5_ctx, RespHash); |
|
142 |
+ md_ctx_cleanup(&md5_ctx); |
|
140 | 143 |
CvtHex(RespHash, Response); |
141 | 144 |
} |
142 | 145 |
|
... | ... |
@@ -1658,23 +1658,26 @@ void |
1658 | 1658 |
get_user_pass_auto_userid (struct user_pass *up, const char *tag) |
1659 | 1659 |
{ |
1660 | 1660 |
struct gc_arena gc = gc_new (); |
1661 |
- MD5_CTX ctx; |
|
1662 | 1661 |
struct buffer buf; |
1663 | 1662 |
uint8_t macaddr[6]; |
1664 | 1663 |
static uint8_t digest [MD5_DIGEST_LENGTH]; |
1665 | 1664 |
static const uint8_t hashprefix[] = "AUTO_USERID_DIGEST"; |
1666 | 1665 |
|
1666 |
+ const md_kt_t *md5_kt = md_kt_get("MD5"); |
|
1667 |
+ md_ctx_t ctx; |
|
1668 |
+ |
|
1667 | 1669 |
CLEAR (*up); |
1668 | 1670 |
buf_set_write (&buf, (uint8_t*)up->username, USER_PASS_LEN); |
1669 | 1671 |
buf_printf (&buf, "%s", get_platform_prefix ()); |
1670 | 1672 |
if (get_default_gateway_mac_addr (macaddr)) |
1671 | 1673 |
{ |
1672 | 1674 |
dmsg (D_AUTO_USERID, "GUPAU: macaddr=%s", format_hex_ex (macaddr, sizeof (macaddr), 0, 1, ":", &gc)); |
1673 |
- MD5_Init (&ctx); |
|
1674 |
- MD5_Update (&ctx, hashprefix, sizeof (hashprefix) - 1); |
|
1675 |
- MD5_Update (&ctx, macaddr, sizeof (macaddr)); |
|
1676 |
- MD5_Final (digest, &ctx); |
|
1677 |
- buf_printf (&buf, "%s", format_hex_ex (digest, sizeof (digest), 0, 256, " ", &gc)); |
|
1675 |
+ md_ctx_init(&ctx, md5_kt); |
|
1676 |
+ md_ctx_update(&ctx, hashprefix, sizeof (hashprefix) - 1); |
|
1677 |
+ md_ctx_update(&ctx, macaddr, sizeof (macaddr)); |
|
1678 |
+ md_ctx_final(&ctx, digest); |
|
1679 |
+ md_ctx_cleanup(&ctx) |
|
1680 |
+ buf_printf(&buf, "%s", format_hex_ex (digest, sizeof (digest), 0, 256, " ", &gc)); |
|
1678 | 1681 |
} |
1679 | 1682 |
else |
1680 | 1683 |
{ |
... | ... |
@@ -70,14 +70,10 @@ static void |
70 | 70 |
gen_md4_hash (const char* data, int data_len, char *result) |
71 | 71 |
{ |
72 | 72 |
/* result is 16 byte md4 hash */ |
73 |
- |
|
74 |
- MD4_CTX c; |
|
73 |
+ const md_kt_t *md4_kt = md_kt_get("MD4"); |
|
75 | 74 |
char md[16]; |
76 | 75 |
|
77 |
- MD4_Init (&c); |
|
78 |
- MD4_Update (&c, data, data_len); |
|
79 |
- MD4_Final ((unsigned char *)md, &c); |
|
80 |
- |
|
76 |
+ md_full(md4_kt, data, data_len, md); |
|
81 | 77 |
memcpy (result, md, 16); |
82 | 78 |
} |
83 | 79 |
|