1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
diff --git a/src/aacs_aes.cpp b/src/aacs_aes.cpp
index b1bb19b..b7b335f 100644
--- a/src/aacs_aes.cpp
+++ b/src/aacs_aes.cpp
@@ -113,14 +113,16 @@ int calculate_title_key_file_mac(const unsigned char *title_key_file, size_t len
int calculate_title_key_file_hash(const unsigned char *title_key_file, size_t length, /*out*/ unsigned char *title_key_file_hash) {
- EVP_MD_CTX mdctx;
+ EVP_MD_CTX* mdctx = NULL;
unsigned int md_len;
- EVP_MD_CTX_init(&mdctx);
+ mdctx = EVP_MD_CTX_new();
- EVP_DigestInit(&mdctx, EVP_sha1());
- EVP_DigestUpdate(&mdctx, title_key_file, length);
- EVP_DigestFinal_ex(&mdctx, title_key_file_hash, &md_len);
+ EVP_DigestInit(mdctx, EVP_sha1());
+ EVP_DigestUpdate(mdctx, title_key_file, length);
+ EVP_DigestFinal_ex(mdctx, title_key_file_hash, &md_len);
+
+ EVP_MD_CTX_free(mdctx);
return 1;
}
diff --git a/src/aacs_ecdsa.cpp b/src/aacs_ecdsa.cpp
index ff6e29c..ce1308d 100644
--- a/src/aacs_ecdsa.cpp
+++ b/src/aacs_ecdsa.cpp
@@ -155,9 +155,10 @@ int aacs_set_cert(/*out*/ EC_KEY *key, const unsigned char *cert) {
int aacs_verify(const unsigned char *cert, const unsigned char *signature, const unsigned char *nonce, const unsigned char *point) {
unsigned char md_value[EVP_MAX_MD_SIZE];
unsigned int md_len;
- EVP_MD_CTX mdctx;
+ EVP_MD_CTX* mdctx = NULL;
EC_KEY *key = NULL;
ECDSA_SIG *sig = NULL; // Can be freed before beeing intialized, initialize here
+ BIGNUM* r = NULL, *s = NULL;
int ret = -1;
if ((key = aacs_key()) == NULL) {
@@ -170,21 +171,28 @@ int aacs_verify(const unsigned char *cert, const unsigned char *signature, const
goto err;
}
- EVP_MD_CTX_init(&mdctx);
+ mdctx = EVP_MD_CTX_new();
- EVP_DigestInit(&mdctx, EVP_ecdsa());
- EVP_DigestUpdate(&mdctx, nonce, 20);
- EVP_DigestUpdate(&mdctx, point, 40);
- EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
+ EVP_DigestInit(mdctx, EVP_sha1());
+ EVP_DigestUpdate(mdctx, nonce, 20);
+ EVP_DigestUpdate(mdctx, point, 40);
+ EVP_DigestFinal_ex(mdctx, md_value, &md_len);
- if ((sig = ECDSA_SIG_new()) == NULL || BN_bin2bn(signature, 20, sig->r) == NULL || BN_bin2bn(signature+20, 20, sig->s) == NULL) {
+ r = BN_new();
+ s = BN_new();
+
+ if ((sig = ECDSA_SIG_new()) == NULL || BN_bin2bn(signature, 20, r) == NULL || BN_bin2bn(signature+20, 20, s) == NULL) {
ret = -4;
goto err;
}
+ ECDSA_SIG_set0(sig, r, s);
ret = ECDSA_do_verify(md_value, md_len, sig, key);
err:
+ if (mdctx)
+ EVP_MD_CTX_free(mdctx);
+
if (sig)
ECDSA_SIG_free(sig);
@@ -197,9 +205,10 @@ err:
int aacs_sign(const unsigned char *cert, const unsigned char *priv_key, /*out*/ unsigned char *signature, const unsigned char *nonce, const unsigned char *point) {
unsigned char md_value[EVP_MAX_MD_SIZE];
unsigned int md_len;
- EVP_MD_CTX mdctx;
+ EVP_MD_CTX* mdctx = NULL;
EC_KEY *key = NULL;
ECDSA_SIG *sig = NULL;
+ const BIGNUM *r = NULL, *s = NULL;
BIGNUM *priv_key_bn = NULL;
int ret = -1;
@@ -218,21 +227,24 @@ int aacs_sign(const unsigned char *cert, const unsigned char *priv_key, /*out*/
goto err;
}
- EVP_MD_CTX_init(&mdctx);
+ mdctx = EVP_MD_CTX_new();
- EVP_DigestInit(&mdctx, EVP_ecdsa());
- EVP_DigestUpdate(&mdctx, nonce, 20);
- EVP_DigestUpdate(&mdctx, point, 40);
- EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
+ EVP_DigestInit(mdctx, EVP_sha1());
+ EVP_DigestUpdate(mdctx, nonce, 20);
+ EVP_DigestUpdate(mdctx, point, 40);
+ EVP_DigestFinal_ex(mdctx, md_value, &md_len);
sig = ECDSA_do_sign(md_value, md_len, key);
- if (BN_bn2bin(sig->r, signature) != 20) {
+ r = ECDSA_SIG_get0_r(sig);
+ s = ECDSA_SIG_get0_s(sig);
+
+ if (BN_bn2bin(r, signature) != 20) {
ret = -5;
goto err;
}
- if (BN_bn2bin(sig->s, signature+20) != 20) {
+ if (BN_bn2bin(s, signature+20) != 20) {
ret = -6;
goto err;
}
@@ -241,6 +253,9 @@ int aacs_sign(const unsigned char *cert, const unsigned char *priv_key, /*out*/
ret = 1;
err:
+ if (mdctx)
+ EVP_MD_CTX_free(mdctx);
+
if (sig)
ECDSA_SIG_free(sig);
|