openssl/crypto/sha/sha1dgst.c

/*
 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/crypto.h>
#include <openssl/opensslconf.h>

#include <openssl/opensslv.h>
#include <openssl/evp.h>
#include <openssl/sha.h>

/* The implementation is in ../md32_common.h */

#include "sha_locl.h"
#include "internal/sha.h"

int sha1_ctrl(SHA_CTX *sha1, int cmd, int mslen, void *ms)
{
    unsigned char padtmp[40];
    unsigned char sha1tmp[SHA_DIGEST_LENGTH];

    if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
        return -2;

    if (sha1 == NULL)
        return 0;

    /* SSLv3 client auth handling: see RFC-6101 5.6.8 */
    if (mslen != 48)
        return 0;

    /* At this point hash contains all handshake messages, update
     * with master secret and pad_1.
     */

    if (SHA1_Update(sha1, ms, mslen) <= 0)
        return 0;

    /* Set padtmp to pad_1 value */
    memset(padtmp, 0x36, sizeof(padtmp));

    if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))
        return 0;

    if (!SHA1_Final(sha1tmp, sha1))
        return 0;

    /* Reinitialise context */

    if (!SHA1_Init(sha1))
        return 0;

    if (SHA1_Update(sha1, ms, mslen) <= 0)
        return 0;

    /* Set padtmp to pad_2 value */
    memset(padtmp, 0x5c, sizeof(padtmp));

    if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))
        return 0;

    if (!SHA1_Update(sha1, sha1tmp, sizeof(sha1tmp)))
        return 0;

    /* Now when ctx is finalised it will return the SSL v3 hash value */
    OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp));

    return 1;
}
Copyright consolidation 09/10 Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-17 18:52:22 +00:00			`/*`
			`* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.`
Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00			`*`
Following the license change, modify the boilerplates in crypto/sha/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7816) 2018-12-06 12:54:58 +00:00			`* Licensed under the Apache License 2.0 (the "License"). You may not use`
Copyright consolidation 09/10 Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-17 18:52:22 +00:00			`* this file except in compliance with the License. You can obtain a copy`
			`* in the file LICENSE in the source distribution or at`
			`* https://www.openssl.org/source/license.html`
Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00			`*/`

Experimental symbol renaming to avoid clashes with regular OpenSSL. Make sure crypto.h is included first in any affected files. 2011-02-16 14:40:06 +00:00			`#include <openssl/crypto.h>`
"Show" more respect to no-sha* config options. PR: 1086 2005-05-31 16:36:27 +00:00			`#include <openssl/opensslconf.h>`
SHA clean-up and (LP64) tune-up. "Clean-up" stands for the fact that it's using common message digest template ../md32_common.h and sha[1_]dgst.c are reduced down to '#define SHA_[01]' and then '#include "sha_locl.h"'. It stands "(LP64)" there because it's 64 bit platforms which benefit most from the tune-up. The updated code exhibits 40% performance improvement on IRIX64 (sounds too good, huh? I probably should double check if it's not some cache trashing that was holding it back before), 28% - on Alpha Linux and 12% - Solaris 7/64. 1999-09-05 12:42:04 +00:00
Move digests to providers Move digest code into the relevant providers (fips, default, legacy). The headers are temporarily moved to be internal, and will be moved into providers after all external references are resolved. The deprecated digest code can not be removed until EVP_PKEY (signing) is supported by providers. EVP_MD data can also not yet be cleaned up for the same reasons. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8763) 2019-04-11 10:27:59 +00:00			`#include <openssl/opensslv.h>`
			`#include <openssl/evp.h>`
			`#include <openssl/sha.h>`
Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
Document DSA and SHA. New function BN_pseudo_rand(). Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when generating DSA primes (why not use BN_is_prime()?) 2000-01-27 19:31:26 +00:00			`/* The implementation is in ../md32_common.h */`

Move digests to providers Move digest code into the relevant providers (fips, default, legacy). The headers are temporarily moved to be internal, and will be moved into providers after all external references are resolved. The deprecated digest code can not be removed until EVP_PKEY (signing) is supported by providers. EVP_MD data can also not yet be cleaned up for the same reasons. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8763) 2019-04-11 10:27:59 +00:00			`#include "sha_locl.h"`
			`#include "internal/sha.h"`

			`int sha1_ctrl(SHA_CTX sha1, int cmd, int mslen, void ms)`
			`{`
			`unsigned char padtmp[40];`
			`unsigned char sha1tmp[SHA_DIGEST_LENGTH];`

			`if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)`
			`return -2;`

			`if (sha1 == NULL)`
			`return 0;`

			`/* SSLv3 client auth handling: see RFC-6101 5.6.8 */`
			`if (mslen != 48)`
			`return 0;`

			`/* At this point hash contains all handshake messages, update`
			`* with master secret and pad_1.`
			`*/`

			`if (SHA1_Update(sha1, ms, mslen) <= 0)`
			`return 0;`

			`/* Set padtmp to pad_1 value */`
			`memset(padtmp, 0x36, sizeof(padtmp));`

			`if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))`
			`return 0;`

			`if (!SHA1_Final(sha1tmp, sha1))`
			`return 0;`

			`/* Reinitialise context */`

			`if (!SHA1_Init(sha1))`
			`return 0;`

			`if (SHA1_Update(sha1, ms, mslen) <= 0)`
			`return 0;`

			`/* Set padtmp to pad_2 value */`
			`memset(padtmp, 0x5c, sizeof(padtmp));`

			`if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))`
			`return 0;`

			`if (!SHA1_Update(sha1, sha1tmp, sizeof(sha1tmp)))`
			`return 0;`

			`/* Now when ctx is finalised it will return the SSL v3 hash value */`
			`OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp));`

			`return 1;`
			`}`