openssl/crypto/sha/sha1dgst.c

/*
 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * SHA-1 low level APIs are deprecated for public use, but still ok for
 * internal use.
 */
#include "internal/deprecated.h"

#include <openssl/crypto.h>
#include <openssl/opensslconf.h>

#include <openssl/opensslv.h>
#include <openssl/evp.h>
#include <openssl/sha.h>

/* The implementation is in crypto/md32_common.h */

#include "sha_local.h"
#include "crypto/sha.h"

int ossl_sha1_ctrl(SHA_CTX *sha1, int cmd, int mslen, void *ms)
{
    unsigned char padtmp[40];
    unsigned char sha1tmp[SHA_DIGEST_LENGTH];

    if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
        return -2;

    if (sha1 == NULL)
        return 0;

    /* SSLv3 client auth handling: see RFC-6101 5.6.8 */
    if (mslen != 48)
        return 0;

    /* At this point hash contains all handshake messages, update
     * with master secret and pad_1.
     */

    if (SHA1_Update(sha1, ms, mslen) <= 0)
        return 0;

    /* Set padtmp to pad_1 value */
    memset(padtmp, 0x36, sizeof(padtmp));

    if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))
        return 0;

    if (!SHA1_Final(sha1tmp, sha1))
        return 0;

    /* Reinitialise context */

    if (!SHA1_Init(sha1))
        return 0;

    if (SHA1_Update(sha1, ms, mslen) <= 0)
        return 0;

    /* Set padtmp to pad_2 value */
    memset(padtmp, 0x5c, sizeof(padtmp));

    if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))
        return 0;

    if (!SHA1_Update(sha1, sha1tmp, sizeof(sha1tmp)))
        return 0;

    /* Now when ctx is finalised it will return the SSL v3 hash value */
    OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp));

    return 1;
}
Copyright consolidation 09/10 Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 02:52:22 +08:00			`/*`
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes 2022-05-03 18:52:38 +08:00			`* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.`
Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 18:52:47 +08:00			`*`
Following the license change, modify the boilerplates in crypto/sha/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7816) 2018-12-06 20:54:58 +08:00			`* Licensed under the Apache License 2.0 (the "License"). You may not use`
Copyright consolidation 09/10 Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 02:52:22 +08:00			`* this file except in compliance with the License. You can obtain a copy`
			`* in the file LICENSE in the source distribution or at`
			`* https://www.openssl.org/source/license.html`
Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 18:52:47 +08:00			`*/`

Deprecate the low level SHA functions. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10791) 2020-01-09 11:14:13 +08:00			`/*`
			`* SHA-1 low level APIs are deprecated for public use, but still ok for`
			`* internal use.`
			`*/`
			`#include "internal/deprecated.h"`

Experimental symbol renaming to avoid clashes with regular OpenSSL. Make sure crypto.h is included first in any affected files. 2011-02-16 22:40:06 +08:00			`#include <openssl/crypto.h>`
"Show" more respect to no-sha* config options. PR: 1086 2005-06-01 00:36:27 +08:00			`#include <openssl/opensslconf.h>`
SHA clean-up and (LP64) tune-up. "Clean-up" stands for the fact that it's using common message digest template ../md32_common.h and sha[1_]dgst.c are reduced down to '#define SHA_[01]' and then '#include "sha_locl.h"'. It stands "(LP64)" there because it's 64 bit platforms which benefit most from the tune-up. The updated code exhibits 40% performance improvement on IRIX64 (sounds too good, huh? I probably should double check if it's not some cache trashing that was holding it back before), 28% - on Alpha Linux and 12% - Solaris 7/64. 1999-09-05 20:42:04 +08:00
Move digests to providers Move digest code into the relevant providers (fips, default, legacy). The headers are temporarily moved to be internal, and will be moved into providers after all external references are resolved. The deprecated digest code can not be removed until EVP_PKEY (signing) is supported by providers. EVP_MD data can also not yet be cleaned up for the same reasons. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8763) 2019-04-11 18:27:59 +08:00			`#include <openssl/opensslv.h>`
			`#include <openssl/evp.h>`
			`#include <openssl/sha.h>`
Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 18:52:47 +08:00
Fix outdated comments Update the comment "../md32_common.h" to "crypto/md32_common.h". CLA: trivial Signed-off-by: Weiguo Li <liwg06@foxmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/17670) 2022-02-09 16:12:30 +08:00			`/* The implementation is in crypto/md32_common.h */`
Document DSA and SHA. New function BN_pseudo_rand(). Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when generating DSA primes (why not use BN_is_prime()?) 2000-01-28 03:31:26 +08:00
Reorganize local header files Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source directory. Currently, they have different suffixes like '_lcl.h', '_local.h', or '_int.h' This commit changes the different suffixes to '_local.h' uniformly. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333) 2019-09-28 06:45:40 +08:00			`#include "sha_local.h"`
Reorganize private crypto header files Currently, there are two different directories which contain internal header files of libcrypto which are meant to be shared internally: While header files in 'include/internal' are intended to be shared between libcrypto and libssl, the files in 'crypto/include/internal' are intended to be shared inside libcrypto only. To make things complicated, the include search path is set up in such a way that the directive #include "internal/file.h" could refer to a file in either of these two directoroes. This makes it necessary in some cases to add a '_int.h' suffix to some files to resolve this ambiguity: #include "internal/file.h" # located in 'include/internal' #include "internal/file_int.h" # located in 'crypto/include/internal' This commit moves the private crypto headers from 'crypto/include/internal' to 'include/crypto' As a result, the include directives become unambiguous #include "internal/file.h" # located in 'include/internal' #include "crypto/file.h" # located in 'include/crypto' hence the superfluous '_int.h' suffixes can be stripped. The files 'store_int.h' and 'store.h' need to be treated specially; they are joined into a single file. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333) 2019-09-28 06:45:33 +08:00			`#include "crypto/sha.h"`
Move digests to providers Move digest code into the relevant providers (fips, default, legacy). The headers are temporarily moved to be internal, and will be moved into providers after all external references are resolved. The deprecated digest code can not be removed until EVP_PKEY (signing) is supported by providers. EVP_MD data can also not yet be cleaned up for the same reasons. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8763) 2019-04-11 18:27:59 +08:00
rename sha1_ctrl to ossl_sha1_ctrl. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13417) 2020-11-16 10:08:30 +08:00			`int ossl_sha1_ctrl(SHA_CTX sha1, int cmd, int mslen, void ms)`
Move digests to providers Move digest code into the relevant providers (fips, default, legacy). The headers are temporarily moved to be internal, and will be moved into providers after all external references are resolved. The deprecated digest code can not be removed until EVP_PKEY (signing) is supported by providers. EVP_MD data can also not yet be cleaned up for the same reasons. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8763) 2019-04-11 18:27:59 +08:00			`{`
			`unsigned char padtmp[40];`
			`unsigned char sha1tmp[SHA_DIGEST_LENGTH];`

			`if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)`
			`return -2;`

			`if (sha1 == NULL)`
			`return 0;`

			`/* SSLv3 client auth handling: see RFC-6101 5.6.8 */`
			`if (mslen != 48)`
			`return 0;`

			`/* At this point hash contains all handshake messages, update`
			`* with master secret and pad_1.`
			`*/`

			`if (SHA1_Update(sha1, ms, mslen) <= 0)`
			`return 0;`

			`/* Set padtmp to pad_1 value */`
			`memset(padtmp, 0x36, sizeof(padtmp));`

			`if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))`
			`return 0;`

			`if (!SHA1_Final(sha1tmp, sha1))`
			`return 0;`

			`/* Reinitialise context */`

			`if (!SHA1_Init(sha1))`
			`return 0;`

			`if (SHA1_Update(sha1, ms, mslen) <= 0)`
			`return 0;`

			`/* Set padtmp to pad_2 value */`
			`memset(padtmp, 0x5c, sizeof(padtmp));`

			`if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))`
			`return 0;`

			`if (!SHA1_Update(sha1, sha1tmp, sizeof(sha1tmp)))`
			`return 0;`

			`/* Now when ctx is finalised it will return the SSL v3 hash value */`
			`OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp));`

			`return 1;`
			`}`