You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
814 lines
31 KiB
814 lines
31 KiB
diff -up dovecot-2.3.18/src/auth/auth-token.c.opensslhmac dovecot-2.3.18/src/auth/auth-token.c
|
|
--- dovecot-2.3.18/src/auth/auth-token.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
|
+++ dovecot-2.3.18/src/auth/auth-token.c 2022-02-09 09:27:15.887883359 +0100
|
|
@@ -161,17 +161,17 @@ void auth_token_deinit(void)
|
|
const char *auth_token_get(const char *service, const char *session_pid,
|
|
const char *username, const char *session_id)
|
|
{
|
|
- struct hmac_context ctx;
|
|
+ struct openssl_hmac_context ctx;
|
|
unsigned char result[SHA1_RESULTLEN];
|
|
|
|
- hmac_init(&ctx, (const unsigned char*)username, strlen(username),
|
|
+ openssl_hmac_init(&ctx, (const unsigned char*)username, strlen(username),
|
|
&hash_method_sha1);
|
|
- hmac_update(&ctx, session_pid, strlen(session_pid));
|
|
+ openssl_hmac_update(&ctx, session_pid, strlen(session_pid));
|
|
if (session_id != NULL && *session_id != '\0')
|
|
- hmac_update(&ctx, session_id, strlen(session_id));
|
|
- hmac_update(&ctx, service, strlen(service));
|
|
- hmac_update(&ctx, auth_token_secret, sizeof(auth_token_secret));
|
|
- hmac_final(&ctx, result);
|
|
+ openssl_hmac_update(&ctx, session_id, strlen(session_id));
|
|
+ openssl_hmac_update(&ctx, service, strlen(service));
|
|
+ openssl_hmac_update(&ctx, auth_token_secret, sizeof(auth_token_secret));
|
|
+ openssl_hmac_final(&ctx, result);
|
|
|
|
return binary_to_hex(result, sizeof(result));
|
|
}
|
|
diff -up dovecot-2.3.18/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.18/src/auth/mech-cram-md5.c
|
|
--- dovecot-2.3.18/src/auth/mech-cram-md5.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
|
+++ dovecot-2.3.18/src/auth/mech-cram-md5.c 2022-02-09 09:27:15.887883359 +0100
|
|
@@ -51,7 +51,7 @@ static bool verify_credentials(struct cr
|
|
{
|
|
|
|
unsigned char digest[MD5_RESULTLEN];
|
|
- struct hmac_context ctx;
|
|
+ struct orig_hmac_context ctx;
|
|
const char *response_hex;
|
|
|
|
if (size != CRAM_MD5_CONTEXTLEN) {
|
|
@@ -60,10 +60,10 @@ static bool verify_credentials(struct cr
|
|
return FALSE;
|
|
}
|
|
|
|
- hmac_init(&ctx, NULL, 0, &hash_method_md5);
|
|
+ orig_hmac_init(&ctx, NULL, 0, &hash_method_md5);
|
|
hmac_md5_set_cram_context(&ctx, credentials);
|
|
- hmac_update(&ctx, request->challenge, strlen(request->challenge));
|
|
- hmac_final(&ctx, digest);
|
|
+ orig_hmac_update(&ctx, request->challenge, strlen(request->challenge));
|
|
+ orig_hmac_final(&ctx, digest);
|
|
|
|
response_hex = binary_to_hex(digest, sizeof(digest));
|
|
|
|
diff -up dovecot-2.3.18/src/auth/mech-scram.c.opensslhmac dovecot-2.3.18/src/auth/mech-scram.c
|
|
--- dovecot-2.3.18/src/auth/mech-scram.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
|
+++ dovecot-2.3.18/src/auth/mech-scram.c 2022-02-09 09:31:50.927146858 +0100
|
|
@@ -93,7 +93,7 @@ get_scram_server_first(struct scram_auth
|
|
static const char *get_scram_server_final(struct scram_auth_request *request)
|
|
{
|
|
const struct hash_method *hmethod = request->hash_method;
|
|
- struct hmac_context ctx;
|
|
+ struct openssl_hmac_context ctx;
|
|
const char *auth_message;
|
|
unsigned char server_signature[hmethod->digest_size];
|
|
string_t *str;
|
|
@@ -109,9 +109,9 @@ static const char *get_scram_server_fina
|
|
request->server_first_message, ",",
|
|
request->client_final_message_without_proof, NULL);
|
|
|
|
- hmac_init(&ctx, request->server_key, hmethod->digest_size, hmethod);
|
|
- hmac_update(&ctx, auth_message, strlen(auth_message));
|
|
- hmac_final(&ctx, server_signature);
|
|
+ openssl_hmac_init(&ctx, request->server_key, hmethod->digest_size, hmethod);
|
|
+ openssl_hmac_update(&ctx, auth_message, strlen(auth_message));
|
|
+ openssl_hmac_final(&ctx, server_signature);
|
|
|
|
/* RFC 5802, Section 7:
|
|
|
|
@@ -292,7 +292,7 @@ parse_scram_client_first(struct scram_au
|
|
static bool verify_credentials(struct scram_auth_request *request)
|
|
{
|
|
const struct hash_method *hmethod = request->hash_method;
|
|
- struct hmac_context ctx;
|
|
+ struct openssl_hmac_context ctx;
|
|
const char *auth_message;
|
|
unsigned char client_key[hmethod->digest_size];
|
|
unsigned char client_signature[hmethod->digest_size];
|
|
@@ -310,9 +310,9 @@ static bool verify_credentials(struct sc
|
|
request->server_first_message, ",",
|
|
request->client_final_message_without_proof, NULL);
|
|
|
|
- hmac_init(&ctx, request->stored_key, hmethod->digest_size, hmethod);
|
|
- hmac_update(&ctx, auth_message, strlen(auth_message));
|
|
- hmac_final(&ctx, client_signature);
|
|
+ openssl_hmac_init(&ctx, request->stored_key, hmethod->digest_size, hmethod);
|
|
+ openssl_hmac_update(&ctx, auth_message, strlen(auth_message));
|
|
+ openssl_hmac_final(&ctx, client_signature);
|
|
|
|
/* ClientProof := ClientKey XOR ClientSignature */
|
|
const unsigned char *proof_data = request->proof->data;
|
|
diff -up dovecot-2.3.18/src/auth/password-scheme.c.opensslhmac dovecot-2.3.18/src/auth/password-scheme.c
|
|
--- dovecot-2.3.18/src/auth/password-scheme.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
|
+++ dovecot-2.3.18/src/auth/password-scheme.c 2022-02-09 09:27:15.888883345 +0100
|
|
@@ -639,11 +639,11 @@ static void
|
|
cram_md5_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
|
|
const unsigned char **raw_password_r, size_t *size_r)
|
|
{
|
|
- struct hmac_context ctx;
|
|
+ struct orig_hmac_context ctx;
|
|
unsigned char *context_digest;
|
|
|
|
context_digest = t_malloc_no0(CRAM_MD5_CONTEXTLEN);
|
|
- hmac_init(&ctx, (const unsigned char *)plaintext,
|
|
+ orig_hmac_init(&ctx, (const unsigned char *)plaintext,
|
|
strlen(plaintext), &hash_method_md5);
|
|
hmac_md5_get_cram_context(&ctx, context_digest);
|
|
|
|
diff -up dovecot-2.3.18/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3.18/src/auth/password-scheme-scram.c
|
|
--- dovecot-2.3.18/src/auth/password-scheme-scram.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
|
+++ dovecot-2.3.18/src/auth/password-scheme-scram.c 2022-02-09 09:27:15.888883345 +0100
|
|
@@ -30,23 +30,23 @@ Hi(const struct hash_method *hmethod, co
|
|
const unsigned char *salt, size_t salt_size, unsigned int i,
|
|
unsigned char *result)
|
|
{
|
|
- struct hmac_context ctx;
|
|
+ struct openssl_hmac_context ctx;
|
|
unsigned char U[hmethod->digest_size];
|
|
unsigned int j, k;
|
|
|
|
/* Calculate U1 */
|
|
- hmac_init(&ctx, str, str_size, hmethod);
|
|
- hmac_update(&ctx, salt, salt_size);
|
|
- hmac_update(&ctx, "\0\0\0\1", 4);
|
|
- hmac_final(&ctx, U);
|
|
+ openssl_hmac_init(&ctx, str, str_size, hmethod);
|
|
+ openssl_hmac_update(&ctx, salt, salt_size);
|
|
+ openssl_hmac_update(&ctx, "\0\0\0\1", 4);
|
|
+ openssl_hmac_final(&ctx, U);
|
|
|
|
memcpy(result, U, hmethod->digest_size);
|
|
|
|
/* Calculate U2 to Ui and Hi */
|
|
for (j = 2; j <= i; j++) {
|
|
- hmac_init(&ctx, str, str_size, hmethod);
|
|
- hmac_update(&ctx, U, sizeof(U));
|
|
- hmac_final(&ctx, U);
|
|
+ openssl_hmac_init(&ctx, str, str_size, hmethod);
|
|
+ openssl_hmac_update(&ctx, U, sizeof(U));
|
|
+ openssl_hmac_final(&ctx, U);
|
|
for (k = 0; k < hmethod->digest_size; k++)
|
|
result[k] ^= U[k];
|
|
}
|
|
@@ -102,7 +102,7 @@ int scram_verify(const struct hash_metho
|
|
const char *plaintext, const unsigned char *raw_password,
|
|
size_t size, const char **error_r)
|
|
{
|
|
- struct hmac_context ctx;
|
|
+ struct openssl_hmac_context ctx;
|
|
const char *salt_base64;
|
|
unsigned int iter_count;
|
|
const unsigned char *salt;
|
|
@@ -126,9 +126,9 @@ int scram_verify(const struct hash_metho
|
|
salt, salt_len, iter_count, salted_password);
|
|
|
|
/* Calculate ClientKey */
|
|
- hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
|
- hmac_update(&ctx, "Client Key", 10);
|
|
- hmac_final(&ctx, client_key);
|
|
+ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
|
+ openssl_hmac_update(&ctx, "Client Key", 10);
|
|
+ openssl_hmac_final(&ctx, client_key);
|
|
|
|
/* Calculate StoredKey */
|
|
hash_method_get_digest(hmethod, client_key, sizeof(client_key),
|
|
@@ -147,7 +147,7 @@ void scram_generate(const struct hash_me
|
|
const unsigned char **raw_password_r, size_t *size_r)
|
|
{
|
|
string_t *str;
|
|
- struct hmac_context ctx;
|
|
+ struct openssl_hmac_context ctx;
|
|
unsigned char salt[16];
|
|
unsigned char salted_password[hmethod->digest_size];
|
|
unsigned char client_key[hmethod->digest_size];
|
|
@@ -165,9 +165,9 @@ void scram_generate(const struct hash_me
|
|
sizeof(salt), SCRAM_DEFAULT_ITERATE_COUNT, salted_password);
|
|
|
|
/* Calculate ClientKey */
|
|
- hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
|
- hmac_update(&ctx, "Client Key", 10);
|
|
- hmac_final(&ctx, client_key);
|
|
+ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
|
+ openssl_hmac_update(&ctx, "Client Key", 10);
|
|
+ openssl_hmac_final(&ctx, client_key);
|
|
|
|
/* Calculate StoredKey */
|
|
hash_method_get_digest(hmethod, client_key, sizeof(client_key),
|
|
@@ -176,9 +176,9 @@ void scram_generate(const struct hash_me
|
|
base64_encode(stored_key, sizeof(stored_key), str);
|
|
|
|
/* Calculate ServerKey */
|
|
- hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
|
- hmac_update(&ctx, "Server Key", 10);
|
|
- hmac_final(&ctx, server_key);
|
|
+ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
|
+ openssl_hmac_update(&ctx, "Server Key", 10);
|
|
+ openssl_hmac_final(&ctx, server_key);
|
|
str_append_c(str, ',');
|
|
base64_encode(server_key, sizeof(server_key), str);
|
|
|
|
diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c
|
|
--- dovecot-2.3.18/src/lib/hmac.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
|
+++ dovecot-2.3.18/src/lib/hmac.c 2022-02-09 09:27:15.888883345 +0100
|
|
@@ -7,6 +7,10 @@
|
|
* This software is released under the MIT license.
|
|
*/
|
|
|
|
+#include <sys/types.h>
|
|
+#include <sys/stat.h>
|
|
+#include <fcntl.h>
|
|
+#include <unistd.h>
|
|
#include "lib.h"
|
|
#include "hmac.h"
|
|
#include "safe-memset.h"
|
|
@@ -14,10 +18,65 @@
|
|
|
|
#include "hex-binary.h"
|
|
|
|
-void hmac_init(struct hmac_context *_ctx, const unsigned char *key,
|
|
+#ifndef HAVE_HMAC_CTX_NEW
|
|
+# define HMAC_Init_ex(ctx, key, key_len, md, impl) \
|
|
+ HMAC_Init_ex(&(ctx), key, key_len, md, impl)
|
|
+# define HMAC_Update(ctx, data, len) HMAC_Update(&(ctx), data, len)
|
|
+# define HMAC_Final(ctx, md, len) HMAC_Final(&(ctx), md, len)
|
|
+# define HMAC_CTX_free(ctx) HMAC_cleanup(&(ctx))
|
|
+#else
|
|
+# define HMAC_CTX_free(ctx) \
|
|
+ STMT_START { HMAC_CTX_free(ctx); (ctx) = NULL; } STMT_END
|
|
+#endif
|
|
+
|
|
+
|
|
+void openssl_hmac_init(struct openssl_hmac_context *_ctx, const unsigned char *key,
|
|
size_t key_len, const struct hash_method *meth)
|
|
{
|
|
- struct hmac_context_priv *ctx = &_ctx->u.priv;
|
|
+ struct openssl_hmac_context_priv *ctx = &_ctx->u.priv;
|
|
+
|
|
+ const EVP_MD *md;
|
|
+ const char *ebuf = NULL;
|
|
+ const char **error_r = &ebuf;
|
|
+
|
|
+ md = EVP_get_digestbyname(meth->name);
|
|
+ if(md == NULL) {
|
|
+ if (error_r != NULL) {
|
|
+ *error_r = t_strdup_printf("Invalid digest %s",
|
|
+ meth->name);
|
|
+ }
|
|
+ //return FALSE;
|
|
+ }
|
|
+
|
|
+// int ec;
|
|
+
|
|
+ i_assert(md != NULL);
|
|
+#ifdef HAVE_HMAC_CTX_NEW
|
|
+ ctx->ctx = HMAC_CTX_new();
|
|
+/* if (ctx->ctx == NULL)
|
|
+ dcrypt_openssl_error(error_r);*/
|
|
+#endif
|
|
+ /*ec = */HMAC_Init_ex(ctx->ctx, key, key_len, md, NULL);
|
|
+}
|
|
+
|
|
+void orig_hmac_init(struct orig_hmac_context *_ctx, const unsigned char *key,
|
|
+ size_t key_len, const struct hash_method *meth)
|
|
+{
|
|
+ static int no_fips = -1;
|
|
+ if (no_fips == -1) {
|
|
+ int fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY);
|
|
+ if (fd != -1)
|
|
+ {
|
|
+ char buf[4];
|
|
+ if (read(fd, buf, 4) > 0)
|
|
+ {
|
|
+ no_fips = buf[0] == '0';
|
|
+ }
|
|
+ close(fd);
|
|
+ }
|
|
+ }
|
|
+ i_assert(no_fips);
|
|
+ struct orig_hmac_context_priv *ctx = &_ctx->u.priv;
|
|
unsigned int i;
|
|
unsigned char k_ipad[meth->block_size];
|
|
unsigned char k_opad[meth->block_size];
|
|
@@ -53,9 +112,27 @@ void hmac_init(struct hmac_context *_ctx
|
|
safe_memset(k_opad, 0, meth->block_size);
|
|
}
|
|
|
|
-void hmac_final(struct hmac_context *_ctx, unsigned char *digest)
|
|
+void openssl_hmac_final(struct openssl_hmac_context *_ctx, unsigned char *digest)
|
|
+{
|
|
+ int ec;
|
|
+ unsigned char buf[HMAC_MAX_MD_CBLOCK];
|
|
+ unsigned int outl;
|
|
+// const char *ebuf = NULL;
|
|
+// const char **error_r = &ebuf;
|
|
+
|
|
+ struct openssl_hmac_context_priv *ctx = &_ctx->u.priv;
|
|
+ ec = HMAC_Final(ctx->ctx, buf, &outl);
|
|
+ HMAC_CTX_free(ctx->ctx);
|
|
+ if (ec == 1)
|
|
+ memcpy(digest, buf, outl);
|
|
+// else
|
|
+// dcrypt_openssl_error(error_r);
|
|
+
|
|
+}
|
|
+
|
|
+void orig_hmac_final(struct orig_hmac_context *_ctx, unsigned char *digest)
|
|
{
|
|
- struct hmac_context_priv *ctx = &_ctx->u.priv;
|
|
+ struct orig_hmac_context_priv *ctx = &_ctx->u.priv;
|
|
|
|
ctx->hash->result(ctx->ctx, digest);
|
|
|
|
@@ -63,53 +140,50 @@ void hmac_final(struct hmac_context *_ct
|
|
ctx->hash->result(ctx->ctxo, digest);
|
|
}
|
|
|
|
-buffer_t *t_hmac_data(const struct hash_method *meth,
|
|
+buffer_t *openssl_t_hmac_data(const struct hash_method *meth,
|
|
const unsigned char *key, size_t key_len,
|
|
const void *data, size_t data_len)
|
|
{
|
|
- struct hmac_context ctx;
|
|
+ struct openssl_hmac_context ctx;
|
|
i_assert(meth != NULL);
|
|
i_assert(key != NULL && key_len > 0);
|
|
i_assert(data != NULL || data_len == 0);
|
|
|
|
buffer_t *res = t_buffer_create(meth->digest_size);
|
|
- hmac_init(&ctx, key, key_len, meth);
|
|
+ openssl_hmac_init(&ctx, key, key_len, meth);
|
|
if (data_len > 0)
|
|
- hmac_update(&ctx, data, data_len);
|
|
+ openssl_hmac_update(&ctx, data, data_len);
|
|
unsigned char *buf = buffer_get_space_unsafe(res, 0, meth->digest_size);
|
|
- hmac_final(&ctx, buf);
|
|
+ openssl_hmac_final(&ctx, buf);
|
|
return res;
|
|
}
|
|
|
|
-buffer_t *t_hmac_buffer(const struct hash_method *meth,
|
|
+buffer_t *openssl_t_hmac_buffer(const struct hash_method *meth,
|
|
const unsigned char *key, size_t key_len,
|
|
const buffer_t *data)
|
|
{
|
|
- return t_hmac_data(meth, key, key_len, data->data, data->used);
|
|
+ return openssl_t_hmac_data(meth, key, key_len, data->data, data->used);
|
|
}
|
|
|
|
-buffer_t *t_hmac_str(const struct hash_method *meth,
|
|
+buffer_t *openssl_t_hmac_str(const struct hash_method *meth,
|
|
const unsigned char *key, size_t key_len,
|
|
const char *data)
|
|
{
|
|
- return t_hmac_data(meth, key, key_len, data, strlen(data));
|
|
+ return openssl_t_hmac_data(meth, key, key_len, data, strlen(data));
|
|
}
|
|
|
|
-void hmac_hkdf(const struct hash_method *method,
|
|
+void openssl_hmac_hkdf(const struct hash_method *method,
|
|
const unsigned char *salt, size_t salt_len,
|
|
const unsigned char *ikm, size_t ikm_len,
|
|
const unsigned char *info, size_t info_len,
|
|
buffer_t *okm_r, size_t okm_len)
|
|
{
|
|
+ const EVP_MD *md;
|
|
+ EVP_PKEY_CTX *pctx;
|
|
+ int r = 1;
|
|
+
|
|
i_assert(method != NULL);
|
|
i_assert(okm_len < 255*method->digest_size);
|
|
- struct hmac_context key_mac;
|
|
- struct hmac_context info_mac;
|
|
- size_t remain = okm_len;
|
|
- unsigned char prk[method->digest_size];
|
|
- unsigned char okm[method->digest_size];
|
|
- /* N = ceil(L/HashLen) */
|
|
- unsigned int rounds = (okm_len + method->digest_size - 1)/method->digest_size;
|
|
|
|
/* salt and info can be NULL */
|
|
i_assert(salt != NULL || salt_len == 0);
|
|
@@ -118,35 +192,30 @@ void hmac_hkdf(const struct hash_method
|
|
i_assert(ikm != NULL && ikm_len > 0);
|
|
i_assert(okm_r != NULL && okm_len > 0);
|
|
|
|
- /* but they still need valid pointer, reduces
|
|
- complains from static analysers */
|
|
- if (salt == NULL)
|
|
- salt = &uchar_nul;
|
|
- if (info == NULL)
|
|
- info = &uchar_nul;
|
|
-
|
|
- /* extract */
|
|
- hmac_init(&key_mac, salt, salt_len, method);
|
|
- hmac_update(&key_mac, ikm, ikm_len);
|
|
- hmac_final(&key_mac, prk);
|
|
-
|
|
- /* expand */
|
|
- for (unsigned int i = 0; remain > 0 && i < rounds; i++) {
|
|
- unsigned char round = (i+1);
|
|
- size_t amt = remain;
|
|
- if (amt > method->digest_size)
|
|
- amt = method->digest_size;
|
|
- hmac_init(&info_mac, prk, method->digest_size, method);
|
|
- if (i > 0)
|
|
- hmac_update(&info_mac, okm, method->digest_size);
|
|
- hmac_update(&info_mac, info, info_len);
|
|
- hmac_update(&info_mac, &round, 1);
|
|
- memset(okm, 0, method->digest_size);
|
|
- hmac_final(&info_mac, okm);
|
|
- buffer_append(okm_r, okm, amt);
|
|
- remain -= amt;
|
|
+
|
|
+ md = EVP_get_digestbyname(method->name);
|
|
+ pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
|
|
+ unsigned char *okm_buf = buffer_get_space_unsafe(okm_r, 0, okm_len);
|
|
+
|
|
+ if ((r=EVP_PKEY_derive_init(pctx)) <= 0)
|
|
+ goto out;
|
|
+ if ((r=EVP_PKEY_CTX_set_hkdf_md(pctx, md)) <= 0)
|
|
+ goto out;
|
|
+ if ((r=EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, salt_len)) <= 0)
|
|
+ goto out;
|
|
+ if ((r=EVP_PKEY_CTX_set1_hkdf_key(pctx, ikm, ikm_len)) <= 0)
|
|
+ goto out;
|
|
+ if ((r=EVP_PKEY_CTX_add1_hkdf_info(pctx, info, info_len)) <= 0)
|
|
+ goto out;
|
|
+ if ((r=EVP_PKEY_derive(pctx, okm_buf, &okm_len)) <= 0)
|
|
+ goto out;
|
|
+
|
|
+ out:
|
|
+ EVP_PKEY_CTX_free(pctx);
|
|
+ if (r <= 0) {
|
|
+ unsigned long ec = ERR_get_error();
|
|
+ unsigned char *error = t_strdup_printf("%s", ERR_error_string(ec, NULL));
|
|
+ i_error("%s", error);
|
|
}
|
|
|
|
- safe_memset(prk, 0, sizeof(prk));
|
|
- safe_memset(okm, 0, sizeof(okm));
|
|
}
|
|
diff -up dovecot-2.3.18/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.18/src/lib/hmac-cram-md5.c
|
|
--- dovecot-2.3.18/src/lib/hmac-cram-md5.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
|
+++ dovecot-2.3.18/src/lib/hmac-cram-md5.c 2022-02-09 09:27:15.888883345 +0100
|
|
@@ -9,10 +9,10 @@
|
|
#include "md5.h"
|
|
#include "hmac-cram-md5.h"
|
|
|
|
-void hmac_md5_get_cram_context(struct hmac_context *_hmac_ctx,
|
|
+void hmac_md5_get_cram_context(struct orig_hmac_context *_hmac_ctx,
|
|
unsigned char context_digest[CRAM_MD5_CONTEXTLEN])
|
|
{
|
|
- struct hmac_context_priv *hmac_ctx = &_hmac_ctx->u.priv;
|
|
+ struct orig_hmac_context_priv *hmac_ctx = &_hmac_ctx->u.priv;
|
|
unsigned char *cdp;
|
|
|
|
struct md5_context *ctx = (void*)hmac_ctx->ctx;
|
|
@@ -35,10 +35,10 @@ void hmac_md5_get_cram_context(struct hm
|
|
CDPUT(cdp, ctx->d);
|
|
}
|
|
|
|
-void hmac_md5_set_cram_context(struct hmac_context *_hmac_ctx,
|
|
+void hmac_md5_set_cram_context(struct orig_hmac_context *_hmac_ctx,
|
|
const unsigned char context_digest[CRAM_MD5_CONTEXTLEN])
|
|
{
|
|
- struct hmac_context_priv *hmac_ctx = &_hmac_ctx->u.priv;
|
|
+ struct orig_hmac_context_priv *hmac_ctx = &_hmac_ctx->u.priv;
|
|
const unsigned char *cdp;
|
|
|
|
struct md5_context *ctx = (void*)hmac_ctx->ctx;
|
|
diff -up dovecot-2.3.18/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.18/src/lib/hmac-cram-md5.h
|
|
--- dovecot-2.3.18/src/lib/hmac-cram-md5.h.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
|
+++ dovecot-2.3.18/src/lib/hmac-cram-md5.h 2022-02-09 09:27:15.888883345 +0100
|
|
@@ -5,9 +5,9 @@
|
|
|
|
#define CRAM_MD5_CONTEXTLEN 32
|
|
|
|
-void hmac_md5_get_cram_context(struct hmac_context *ctx,
|
|
+void hmac_md5_get_cram_context(struct orig_hmac_context *ctx,
|
|
unsigned char context_digest[CRAM_MD5_CONTEXTLEN]);
|
|
-void hmac_md5_set_cram_context(struct hmac_context *ctx,
|
|
+void hmac_md5_set_cram_context(struct orig_hmac_context *ctx,
|
|
const unsigned char context_digest[CRAM_MD5_CONTEXTLEN]);
|
|
|
|
|
|
diff -up dovecot-2.3.18/src/lib/hmac.h.opensslhmac dovecot-2.3.18/src/lib/hmac.h
|
|
--- dovecot-2.3.18/src/lib/hmac.h.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
|
+++ dovecot-2.3.18/src/lib/hmac.h 2022-02-09 09:27:15.888883345 +0100
|
|
@@ -4,60 +4,97 @@
|
|
#include "hash-method.h"
|
|
#include "sha1.h"
|
|
#include "sha2.h"
|
|
+#include <openssl/objects.h>
|
|
+#include <openssl/hmac.h>
|
|
+#include <openssl/kdf.h>
|
|
+#include <openssl/err.h>
|
|
|
|
#define HMAC_MAX_CONTEXT_SIZE sizeof(struct sha512_ctx)
|
|
|
|
-struct hmac_context_priv {
|
|
+struct openssl_hmac_context_priv {
|
|
+#ifdef HAVE_HMAC_CTX_NEW
|
|
+ HMAC_CTX *ctx;
|
|
+#else
|
|
+ HMAC_CTX ctx;
|
|
+#endif
|
|
+ const struct hash_method *hash;
|
|
+};
|
|
+
|
|
+struct orig_hmac_context_priv {
|
|
char ctx[HMAC_MAX_CONTEXT_SIZE];
|
|
char ctxo[HMAC_MAX_CONTEXT_SIZE];
|
|
const struct hash_method *hash;
|
|
};
|
|
|
|
-struct hmac_context {
|
|
+struct openssl_hmac_context {
|
|
+ union {
|
|
+ struct openssl_hmac_context_priv priv;
|
|
+ uint64_t padding_requirement;
|
|
+ } u;
|
|
+};
|
|
+
|
|
+struct orig_hmac_context {
|
|
union {
|
|
- struct hmac_context_priv priv;
|
|
+ struct orig_hmac_context_priv priv;
|
|
uint64_t padding_requirement;
|
|
} u;
|
|
};
|
|
|
|
-void hmac_init(struct hmac_context *ctx, const unsigned char *key,
|
|
+void openssl_hmac_init(struct openssl_hmac_context *ctx, const unsigned char *key,
|
|
+ size_t key_len, const struct hash_method *meth);
|
|
+void openssl_hmac_final(struct openssl_hmac_context *ctx, unsigned char *digest);
|
|
+
|
|
+static inline void
|
|
+openssl_hmac_update(struct openssl_hmac_context *_ctx, const void *data, size_t size)
|
|
+{
|
|
+ struct openssl_hmac_context_priv *ctx = &_ctx->u.priv;
|
|
+ HMAC_Update(ctx->ctx, data, size);
|
|
+/* if (ec != 1)
|
|
+ {
|
|
+ const char *ebuf = NULL;
|
|
+ const char **error_r = &ebuf;
|
|
+ dcrypt_openssl_error(error_r);
|
|
+ }*/
|
|
+}
|
|
+
|
|
+void orig_hmac_init(struct orig_hmac_context *ctx, const unsigned char *key,
|
|
size_t key_len, const struct hash_method *meth);
|
|
-void hmac_final(struct hmac_context *ctx, unsigned char *digest);
|
|
+void orig_hmac_final(struct orig_hmac_context *ctx, unsigned char *digest);
|
|
|
|
|
|
static inline void
|
|
-hmac_update(struct hmac_context *_ctx, const void *data, size_t size)
|
|
+orig_hmac_update(struct orig_hmac_context *_ctx, const void *data, size_t size)
|
|
{
|
|
- struct hmac_context_priv *ctx = &_ctx->u.priv;
|
|
+ struct orig_hmac_context_priv *ctx = &_ctx->u.priv;
|
|
|
|
ctx->hash->loop(ctx->ctx, data, size);
|
|
}
|
|
|
|
-buffer_t *t_hmac_data(const struct hash_method *meth,
|
|
+buffer_t *openssl_t_hmac_data(const struct hash_method *meth,
|
|
const unsigned char *key, size_t key_len,
|
|
const void *data, size_t data_len);
|
|
-buffer_t *t_hmac_buffer(const struct hash_method *meth,
|
|
+buffer_t *openssl_t_hmac_buffer(const struct hash_method *meth,
|
|
const unsigned char *key, size_t key_len,
|
|
const buffer_t *data);
|
|
-buffer_t *t_hmac_str(const struct hash_method *meth,
|
|
+buffer_t *openssl_t_hmac_str(const struct hash_method *meth,
|
|
const unsigned char *key, size_t key_len,
|
|
const char *data);
|
|
|
|
-void hmac_hkdf(const struct hash_method *method,
|
|
+void openssl_hmac_hkdf(const struct hash_method *method,
|
|
const unsigned char *salt, size_t salt_len,
|
|
const unsigned char *ikm, size_t ikm_len,
|
|
const unsigned char *info, size_t info_len,
|
|
buffer_t *okm_r, size_t okm_len);
|
|
|
|
static inline buffer_t *
|
|
-t_hmac_hkdf(const struct hash_method *method,
|
|
+openssl_t_hmac_hkdf(const struct hash_method *method,
|
|
const unsigned char *salt, size_t salt_len,
|
|
const unsigned char *ikm, size_t ikm_len,
|
|
const unsigned char *info, size_t info_len,
|
|
size_t okm_len)
|
|
{
|
|
buffer_t *okm_buffer = t_buffer_create(okm_len);
|
|
- hmac_hkdf(method, salt, salt_len, ikm, ikm_len, info, info_len,
|
|
+ openssl_hmac_hkdf(method, salt, salt_len, ikm, ikm_len, info, info_len,
|
|
okm_buffer, okm_len);
|
|
return okm_buffer;
|
|
}
|
|
diff -up dovecot-2.3.18/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot-2.3.18/src/lib-imap-urlauth/imap-urlauth.c
|
|
--- dovecot-2.3.18/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
|
+++ dovecot-2.3.18/src/lib-imap-urlauth/imap-urlauth.c 2022-02-09 09:27:15.888883345 +0100
|
|
@@ -85,15 +85,15 @@ imap_urlauth_internal_generate(const cha
|
|
const unsigned char mailbox_key[IMAP_URLAUTH_KEY_LEN],
|
|
size_t *token_len_r)
|
|
{
|
|
- struct hmac_context hmac;
|
|
+ struct openssl_hmac_context hmac;
|
|
unsigned char *token;
|
|
|
|
token = t_new(unsigned char, SHA1_RESULTLEN + 1);
|
|
token[0] = IMAP_URLAUTH_MECH_INTERNAL_VERSION;
|
|
|
|
- hmac_init(&hmac, mailbox_key, IMAP_URLAUTH_KEY_LEN, &hash_method_sha1);
|
|
- hmac_update(&hmac, rumpurl, strlen(rumpurl));
|
|
- hmac_final(&hmac, token+1);
|
|
+ openssl_hmac_init(&hmac, mailbox_key, IMAP_URLAUTH_KEY_LEN, &hash_method_sha1);
|
|
+ openssl_hmac_update(&hmac, rumpurl, strlen(rumpurl));
|
|
+ openssl_hmac_final(&hmac, token+1);
|
|
|
|
*token_len_r = SHA1_RESULTLEN + 1;
|
|
return token;
|
|
diff -up dovecot-2.3.18/src/lib/Makefile.am.opensslhmac dovecot-2.3.18/src/lib/Makefile.am
|
|
--- dovecot-2.3.18/src/lib/Makefile.am.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
|
+++ dovecot-2.3.18/src/lib/Makefile.am 2022-02-09 09:27:15.889883331 +0100
|
|
@@ -354,6 +354,9 @@ headers = \
|
|
wildcard-match.h \
|
|
write-full.h
|
|
|
|
+liblib_la_LIBADD = $(SSL_LIBS)
|
|
+liblib_la_CFLAGS = $(SSL_CFLAGS)
|
|
+
|
|
test_programs = test-lib
|
|
noinst_PROGRAMS = $(test_programs)
|
|
|
|
diff -up dovecot-2.3.18/src/lib-oauth2/oauth2-jwt.c.opensslhmac dovecot-2.3.18/src/lib-oauth2/oauth2-jwt.c
|
|
--- dovecot-2.3.18/src/lib-oauth2/oauth2-jwt.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
|
+++ dovecot-2.3.18/src/lib-oauth2/oauth2-jwt.c 2022-02-09 09:27:15.889883331 +0100
|
|
@@ -144,14 +144,14 @@ oauth2_validate_hmac(const struct oauth2
|
|
if (oauth2_lookup_hmac_key(set, azp, alg, key_id, &key, error_r) < 0)
|
|
return -1;
|
|
|
|
- struct hmac_context ctx;
|
|
- hmac_init(&ctx, key->data, key->used, method);
|
|
- hmac_update(&ctx, blobs[0], strlen(blobs[0]));
|
|
- hmac_update(&ctx, ".", 1);
|
|
- hmac_update(&ctx, blobs[1], strlen(blobs[1]));
|
|
+ struct openssl_hmac_context ctx;
|
|
+ openssl_hmac_init(&ctx, key->data, key->used, method);
|
|
+ openssl_hmac_update(&ctx, blobs[0], strlen(blobs[0]));
|
|
+ openssl_hmac_update(&ctx, ".", 1);
|
|
+ openssl_hmac_update(&ctx, blobs[1], strlen(blobs[1]));
|
|
unsigned char digest[method->digest_size];
|
|
|
|
- hmac_final(&ctx, digest);
|
|
+ openssl_hmac_final(&ctx, digest);
|
|
|
|
buffer_t *their_digest =
|
|
t_base64url_decode_str(BASE64_DECODE_FLAG_NO_PADDING, blobs[2]);
|
|
diff -up dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c
|
|
--- dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
|
+++ dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c 2022-02-09 09:27:15.889883331 +0100
|
|
@@ -248,7 +248,7 @@ static void save_key_azp_to(const char *
|
|
static void sign_jwt_token_hs256(buffer_t *tokenbuf, buffer_t *key)
|
|
{
|
|
i_assert(key != NULL);
|
|
- buffer_t *sig = t_hmac_buffer(&hash_method_sha256, key->data, key->used,
|
|
+ buffer_t *sig = openssl_t_hmac_buffer(&hash_method_sha256, key->data, key->used,
|
|
tokenbuf);
|
|
buffer_append(tokenbuf, ".", 1);
|
|
base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
|
|
@@ -258,7 +258,7 @@ static void sign_jwt_token_hs256(buffer_
|
|
static void sign_jwt_token_hs384(buffer_t *tokenbuf, buffer_t *key)
|
|
{
|
|
i_assert(key != NULL);
|
|
- buffer_t *sig = t_hmac_buffer(&hash_method_sha384, key->data, key->used,
|
|
+ buffer_t *sig = openssl_t_hmac_buffer(&hash_method_sha384, key->data, key->used,
|
|
tokenbuf);
|
|
buffer_append(tokenbuf, ".", 1);
|
|
base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
|
|
@@ -268,7 +268,7 @@ static void sign_jwt_token_hs384(buffer_
|
|
static void sign_jwt_token_hs512(buffer_t *tokenbuf, buffer_t *key)
|
|
{
|
|
i_assert(key != NULL);
|
|
- buffer_t *sig = t_hmac_buffer(&hash_method_sha512, key->data, key->used,
|
|
+ buffer_t *sig = openssl_t_hmac_buffer(&hash_method_sha512, key->data, key->used,
|
|
tokenbuf);
|
|
buffer_append(tokenbuf, ".", 1);
|
|
base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
|
|
diff -up dovecot-2.3.18/src/lib/pkcs5.c.opensslhmac dovecot-2.3.18/src/lib/pkcs5.c
|
|
--- dovecot-2.3.18/src/lib/pkcs5.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
|
+++ dovecot-2.3.18/src/lib/pkcs5.c 2022-02-09 09:27:15.889883331 +0100
|
|
@@ -52,7 +52,7 @@ int pkcs5_pbkdf2(const struct hash_metho
|
|
size_t l = (length + hash->digest_size - 1)/hash->digest_size; /* same as ceil(length/hash->digest_size) */
|
|
unsigned char dk[l * hash->digest_size];
|
|
unsigned char *block;
|
|
- struct hmac_context hctx;
|
|
+ struct openssl_hmac_context hctx;
|
|
unsigned int c,i,t;
|
|
unsigned char U_c[hash->digest_size];
|
|
|
|
@@ -60,17 +60,17 @@ int pkcs5_pbkdf2(const struct hash_metho
|
|
block = &(dk[t*hash->digest_size]);
|
|
/* U_1 = PRF(Password, Salt|| INT_BE32(Block_Number)) */
|
|
c = htonl(t+1);
|
|
- hmac_init(&hctx, password, password_len, hash);
|
|
- hmac_update(&hctx, salt, salt_len);
|
|
- hmac_update(&hctx, &c, sizeof(c));
|
|
- hmac_final(&hctx, U_c);
|
|
+ openssl_hmac_init(&hctx, password, password_len, hash);
|
|
+ openssl_hmac_update(&hctx, salt, salt_len);
|
|
+ openssl_hmac_update(&hctx, &c, sizeof(c));
|
|
+ openssl_hmac_final(&hctx, U_c);
|
|
/* block = U_1 ^ .. ^ U_iter */
|
|
memcpy(block, U_c, hash->digest_size);
|
|
/* U_c = PRF(Password, U_c-1) */
|
|
for(c = 1; c < iter; c++) {
|
|
- hmac_init(&hctx, password, password_len, hash);
|
|
- hmac_update(&hctx, U_c, hash->digest_size);
|
|
- hmac_final(&hctx, U_c);
|
|
+ openssl_hmac_init(&hctx, password, password_len, hash);
|
|
+ openssl_hmac_update(&hctx, U_c, hash->digest_size);
|
|
+ openssl_hmac_final(&hctx, U_c);
|
|
for(i = 0; i < hash->digest_size; i++)
|
|
block[i] ^= U_c[i];
|
|
}
|
|
diff -up dovecot-2.3.18/src/lib/test-hmac.c.opensslhmac dovecot-2.3.18/src/lib/test-hmac.c
|
|
--- dovecot-2.3.18/src/lib/test-hmac.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
|
+++ dovecot-2.3.18/src/lib/test-hmac.c 2022-02-09 09:27:15.889883331 +0100
|
|
@@ -206,11 +206,11 @@ static void test_hmac_rfc(void)
|
|
test_begin("hmac sha256 rfc4231 vectors");
|
|
for(size_t i = 0; i < N_ELEMENTS(test_vectors); i++) {
|
|
const struct test_vector *vec = &(test_vectors[i]);
|
|
- struct hmac_context ctx;
|
|
- hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf));
|
|
- hmac_update(&ctx, vec->data, vec->data_len);
|
|
+ struct openssl_hmac_context ctx;
|
|
+ openssl_hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf));
|
|
+ openssl_hmac_update(&ctx, vec->data, vec->data_len);
|
|
unsigned char res[SHA256_RESULTLEN];
|
|
- hmac_final(&ctx, res);
|
|
+ openssl_hmac_final(&ctx, res);
|
|
test_assert_idx(memcmp(res, vec->res, vec->res_len) == 0, i);
|
|
}
|
|
test_end();
|
|
@@ -221,11 +221,11 @@ static void test_hmac384_rfc(void)
|
|
test_begin("hmac sha384 rfc4231 vectors");
|
|
for (size_t i = 0; i < N_ELEMENTS(test_vectors_hmac384); i++) {
|
|
const struct test_vector *vec = &(test_vectors_hmac384[i]);
|
|
- struct hmac_context ctx;
|
|
- hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf));
|
|
- hmac_update(&ctx, vec->data, vec->data_len);
|
|
+ struct openssl_hmac_context ctx;
|
|
+ openssl_hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf));
|
|
+ openssl_hmac_update(&ctx, vec->data, vec->data_len);
|
|
unsigned char res[SHA384_RESULTLEN];
|
|
- hmac_final(&ctx, res);
|
|
+ openssl_hmac_final(&ctx, res);
|
|
test_assert_idx(memcmp(res, vec->res, vec->res_len) == 0, i);
|
|
}
|
|
test_end();
|
|
@@ -236,11 +236,11 @@ static void test_hmac512_rfc(void)
|
|
test_begin("hmac sha512 rfc4231 vectors");
|
|
for (size_t i = 0; i < N_ELEMENTS(test_vectors_hmac512); i++) {
|
|
const struct test_vector *vec = &(test_vectors_hmac512[i]);
|
|
- struct hmac_context ctx;
|
|
- hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf));
|
|
- hmac_update(&ctx, vec->data, vec->data_len);
|
|
+ struct openssl_hmac_context ctx;
|
|
+ openssl_hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf));
|
|
+ openssl_hmac_update(&ctx, vec->data, vec->data_len);
|
|
unsigned char res[SHA512_RESULTLEN];
|
|
- hmac_final(&ctx, res);
|
|
+ openssl_hmac_final(&ctx, res);
|
|
test_assert_idx(memcmp(res, vec->res, vec->res_len) == 0, i);
|
|
}
|
|
test_end();
|
|
@@ -253,7 +253,7 @@ static void test_hmac_buffer(void)
|
|
|
|
buffer_t *tmp;
|
|
|
|
- tmp = t_hmac_data(hash_method_lookup(vec->prf), vec->key, vec->key_len,
|
|
+ tmp = openssl_t_hmac_data(hash_method_lookup(vec->prf), vec->key, vec->key_len,
|
|
vec->data, vec->data_len);
|
|
|
|
test_assert(tmp->used == vec->res_len &&
|
|
@@ -270,7 +270,7 @@ static void test_hkdf_rfc(void)
|
|
buffer_set_used_size(res, 0);
|
|
const struct test_vector_5869 *vec = &(test_vectors_5869[i]);
|
|
const struct hash_method *m = hash_method_lookup(vec->prf);
|
|
- hmac_hkdf(m, vec->salt, vec->salt_len, vec->ikm, vec->ikm_len,
|
|
+ openssl_hmac_hkdf(m, vec->salt, vec->salt_len, vec->ikm, vec->ikm_len,
|
|
vec->info, vec->info_len, res, vec->okm_len);
|
|
test_assert_idx(memcmp(res->data, vec->okm, vec->okm_len) == 0, i);
|
|
}
|
|
@@ -283,7 +283,7 @@ static void test_hkdf_buffer(void)
|
|
test_begin("hkdf temporary buffer");
|
|
const struct test_vector_5869 *vec = &(test_vectors_5869[0]);
|
|
const struct hash_method *m = hash_method_lookup(vec->prf);
|
|
- buffer_t *tmp = t_hmac_hkdf(m, vec->salt, vec->salt_len, vec->ikm,
|
|
+ buffer_t *tmp = openssl_t_hmac_hkdf(m, vec->salt, vec->salt_len, vec->ikm,
|
|
vec->ikm_len, vec->info, vec->info_len,
|
|
vec->okm_len);
|
|
test_assert(tmp->used == vec->okm_len &&
|