1 /*
2  * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the OpenSSL license (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <stdio.h>
11 #include "internal/cryptlib.h"
12 
13 #include <openssl/evp.h>
14 #include <openssl/objects.h>
15 #include <openssl/sha.h>
16 #include <openssl/rsa.h>
17 #include "crypto/evp.h"
18 #include "crypto/sha.h"
19 
init(EVP_MD_CTX * ctx)20 static int init(EVP_MD_CTX *ctx)
21 {
22     return SHA1_Init(EVP_MD_CTX_md_data(ctx));
23 }
24 
update(EVP_MD_CTX * ctx,const void * data,size_t count)25 static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
26 {
27     return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count);
28 }
29 
final(EVP_MD_CTX * ctx,unsigned char * md)30 static int final(EVP_MD_CTX *ctx, unsigned char *md)
31 {
32     return SHA1_Final(md, EVP_MD_CTX_md_data(ctx));
33 }
34 
ctrl(EVP_MD_CTX * ctx,int cmd,int mslen,void * ms)35 static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms)
36 {
37     unsigned char padtmp[40];
38     unsigned char sha1tmp[SHA_DIGEST_LENGTH];
39 
40     SHA_CTX *sha1;
41 
42     if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
43         return -2;
44 
45     if (ctx == NULL)
46         return 0;
47 
48     sha1 = EVP_MD_CTX_md_data(ctx);
49 
50     /* SSLv3 client auth handling: see RFC-6101 5.6.8 */
51     if (mslen != 48)
52         return 0;
53 
54     /* At this point hash contains all handshake messages, update
55      * with master secret and pad_1.
56      */
57 
58     if (SHA1_Update(sha1, ms, mslen) <= 0)
59         return 0;
60 
61     /* Set padtmp to pad_1 value */
62     memset(padtmp, 0x36, sizeof(padtmp));
63 
64     if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))
65         return 0;
66 
67     if (!SHA1_Final(sha1tmp, sha1))
68         return 0;
69 
70     /* Reinitialise context */
71 
72     if (!SHA1_Init(sha1))
73         return 0;
74 
75     if (SHA1_Update(sha1, ms, mslen) <= 0)
76         return 0;
77 
78     /* Set padtmp to pad_2 value */
79     memset(padtmp, 0x5c, sizeof(padtmp));
80 
81     if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))
82         return 0;
83 
84     if (!SHA1_Update(sha1, sha1tmp, sizeof(sha1tmp)))
85         return 0;
86 
87     /* Now when ctx is finalised it will return the SSL v3 hash value */
88     OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp));
89 
90     return 1;
91 
92 }
93 
94 static const EVP_MD sha1_md = {
95     NID_sha1,
96     NID_sha1WithRSAEncryption,
97     SHA_DIGEST_LENGTH,
98     EVP_MD_FLAG_DIGALGID_ABSENT,
99     init,
100     update,
101     final,
102     NULL,
103     NULL,
104     SHA_CBLOCK,
105     sizeof(EVP_MD *) + sizeof(SHA_CTX),
106     ctrl
107 };
108 
EVP_sha1(void)109 const EVP_MD *EVP_sha1(void)
110 {
111     return &sha1_md;
112 }
113 
init224(EVP_MD_CTX * ctx)114 static int init224(EVP_MD_CTX *ctx)
115 {
116     return SHA224_Init(EVP_MD_CTX_md_data(ctx));
117 }
118 
update224(EVP_MD_CTX * ctx,const void * data,size_t count)119 static int update224(EVP_MD_CTX *ctx, const void *data, size_t count)
120 {
121     return SHA224_Update(EVP_MD_CTX_md_data(ctx), data, count);
122 }
123 
final224(EVP_MD_CTX * ctx,unsigned char * md)124 static int final224(EVP_MD_CTX *ctx, unsigned char *md)
125 {
126     return SHA224_Final(md, EVP_MD_CTX_md_data(ctx));
127 }
128 
init256(EVP_MD_CTX * ctx)129 static int init256(EVP_MD_CTX *ctx)
130 {
131     return SHA256_Init(EVP_MD_CTX_md_data(ctx));
132 }
133 
update256(EVP_MD_CTX * ctx,const void * data,size_t count)134 static int update256(EVP_MD_CTX *ctx, const void *data, size_t count)
135 {
136     return SHA256_Update(EVP_MD_CTX_md_data(ctx), data, count);
137 }
138 
final256(EVP_MD_CTX * ctx,unsigned char * md)139 static int final256(EVP_MD_CTX *ctx, unsigned char *md)
140 {
141     return SHA256_Final(md, EVP_MD_CTX_md_data(ctx));
142 }
143 
144 static const EVP_MD sha224_md = {
145     NID_sha224,
146     NID_sha224WithRSAEncryption,
147     SHA224_DIGEST_LENGTH,
148     EVP_MD_FLAG_DIGALGID_ABSENT,
149     init224,
150     update224,
151     final224,
152     NULL,
153     NULL,
154     SHA256_CBLOCK,
155     sizeof(EVP_MD *) + sizeof(SHA256_CTX),
156 };
157 
EVP_sha224(void)158 const EVP_MD *EVP_sha224(void)
159 {
160     return &sha224_md;
161 }
162 
163 static const EVP_MD sha256_md = {
164     NID_sha256,
165     NID_sha256WithRSAEncryption,
166     SHA256_DIGEST_LENGTH,
167     EVP_MD_FLAG_DIGALGID_ABSENT,
168     init256,
169     update256,
170     final256,
171     NULL,
172     NULL,
173     SHA256_CBLOCK,
174     sizeof(EVP_MD *) + sizeof(SHA256_CTX),
175 };
176 
EVP_sha256(void)177 const EVP_MD *EVP_sha256(void)
178 {
179     return &sha256_md;
180 }
181 
init512_224(EVP_MD_CTX * ctx)182 static int init512_224(EVP_MD_CTX *ctx)
183 {
184     return sha512_224_init(EVP_MD_CTX_md_data(ctx));
185 }
186 
init512_256(EVP_MD_CTX * ctx)187 static int init512_256(EVP_MD_CTX *ctx)
188 {
189     return sha512_256_init(EVP_MD_CTX_md_data(ctx));
190 }
191 
init384(EVP_MD_CTX * ctx)192 static int init384(EVP_MD_CTX *ctx)
193 {
194     return SHA384_Init(EVP_MD_CTX_md_data(ctx));
195 }
196 
update384(EVP_MD_CTX * ctx,const void * data,size_t count)197 static int update384(EVP_MD_CTX *ctx, const void *data, size_t count)
198 {
199     return SHA384_Update(EVP_MD_CTX_md_data(ctx), data, count);
200 }
201 
final384(EVP_MD_CTX * ctx,unsigned char * md)202 static int final384(EVP_MD_CTX *ctx, unsigned char *md)
203 {
204     return SHA384_Final(md, EVP_MD_CTX_md_data(ctx));
205 }
206 
init512(EVP_MD_CTX * ctx)207 static int init512(EVP_MD_CTX *ctx)
208 {
209     return SHA512_Init(EVP_MD_CTX_md_data(ctx));
210 }
211 
212 /* See comment in SHA224/256 section */
update512(EVP_MD_CTX * ctx,const void * data,size_t count)213 static int update512(EVP_MD_CTX *ctx, const void *data, size_t count)
214 {
215     return SHA512_Update(EVP_MD_CTX_md_data(ctx), data, count);
216 }
217 
final512(EVP_MD_CTX * ctx,unsigned char * md)218 static int final512(EVP_MD_CTX *ctx, unsigned char *md)
219 {
220     return SHA512_Final(md, EVP_MD_CTX_md_data(ctx));
221 }
222 
223 static const EVP_MD sha512_224_md = {
224     NID_sha512_224,
225     NID_sha512_224WithRSAEncryption,
226     SHA224_DIGEST_LENGTH,
227     EVP_MD_FLAG_DIGALGID_ABSENT,
228     init512_224,
229     update512,
230     final512,
231     NULL,
232     NULL,
233     SHA512_CBLOCK,
234     sizeof(EVP_MD *) + sizeof(SHA512_CTX),
235 };
236 
EVP_sha512_224(void)237 const EVP_MD *EVP_sha512_224(void)
238 {
239     return &sha512_224_md;
240 }
241 
242 static const EVP_MD sha512_256_md = {
243     NID_sha512_256,
244     NID_sha512_256WithRSAEncryption,
245     SHA256_DIGEST_LENGTH,
246     EVP_MD_FLAG_DIGALGID_ABSENT,
247     init512_256,
248     update512,
249     final512,
250     NULL,
251     NULL,
252     SHA512_CBLOCK,
253     sizeof(EVP_MD *) + sizeof(SHA512_CTX),
254 };
255 
EVP_sha512_256(void)256 const EVP_MD *EVP_sha512_256(void)
257 {
258     return &sha512_256_md;
259 }
260 
261 static const EVP_MD sha384_md = {
262     NID_sha384,
263     NID_sha384WithRSAEncryption,
264     SHA384_DIGEST_LENGTH,
265     EVP_MD_FLAG_DIGALGID_ABSENT,
266     init384,
267     update384,
268     final384,
269     NULL,
270     NULL,
271     SHA512_CBLOCK,
272     sizeof(EVP_MD *) + sizeof(SHA512_CTX),
273 };
274 
EVP_sha384(void)275 const EVP_MD *EVP_sha384(void)
276 {
277     return &sha384_md;
278 }
279 
280 static const EVP_MD sha512_md = {
281     NID_sha512,
282     NID_sha512WithRSAEncryption,
283     SHA512_DIGEST_LENGTH,
284     EVP_MD_FLAG_DIGALGID_ABSENT,
285     init512,
286     update512,
287     final512,
288     NULL,
289     NULL,
290     SHA512_CBLOCK,
291     sizeof(EVP_MD *) + sizeof(SHA512_CTX),
292 };
293 
EVP_sha512(void)294 const EVP_MD *EVP_sha512(void)
295 {
296     return &sha512_md;
297 }
298