[thirdparty/openssl.git] / crypto / evp / m_sha1.c

/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <stdio.h>
#include "internal/cryptlib.h"

#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/sha.h>
#include <openssl/rsa.h>
#include "internal/evp_int.h"

static int init(EVP_MD_CTX *ctx)
{
    return SHA1_Init(EVP_MD_CTX_md_data(ctx));
}

static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
{
    return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count);
}

static int final(EVP_MD_CTX *ctx, unsigned char *md)
{
    return SHA1_Final(md, EVP_MD_CTX_md_data(ctx));
}

static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms)
{
    unsigned char padtmp[40];
    unsigned char sha1tmp[SHA_DIGEST_LENGTH];

    SHA_CTX *sha1 = EVP_MD_CTX_md_data(ctx);

    if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
        return 0;

    /* SSLv3 client auth handling: see RFC-6101 5.6.8 */
    if (mslen != 48)
        return 0;

    /* At this point hash contains all handshake messages, update
     * with master secret and pad_1.
     */

    if (SHA1_Update(sha1, ms, mslen) <= 0)
        return 0;

    /* Set padtmp to pad_1 value */
    memset(padtmp, 0x36, sizeof(padtmp));

    if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))
        return 0;

    if (!SHA1_Final(sha1tmp, sha1))
        return 0;

    /* Reinitialise context */

    if (!SHA1_Init(sha1))
        return 0;

    if (SHA1_Update(sha1, ms, mslen) <= 0)
        return 0;

    /* Set padtmp to pad_2 value */
    memset(padtmp, 0x5c, sizeof(padtmp));

    if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))
        return 0;

    if (!SHA1_Update(sha1, sha1tmp, sizeof(sha1tmp)))
        return 0;

    /* Now when ctx is finalised it will return the SSL v3 hash value */
    OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp));

    return 1;

}

static const EVP_MD sha1_md = {
    NID_sha1,
    NID_sha1WithRSAEncryption,
    SHA_DIGEST_LENGTH,
    EVP_MD_FLAG_DIGALGID_ABSENT,
    init,
    update,
    final,
    NULL,
    NULL,
    SHA_CBLOCK,
    sizeof(EVP_MD *) + sizeof(SHA_CTX),
    ctrl
};

const EVP_MD *EVP_sha1(void)
{
    return (&sha1_md);
}

static int init224(EVP_MD_CTX *ctx)
{
    return SHA224_Init(EVP_MD_CTX_md_data(ctx));
}

static int init256(EVP_MD_CTX *ctx)
{
    return SHA256_Init(EVP_MD_CTX_md_data(ctx));
}

/*
 * Even though there're separate SHA224_[Update|Final], we call
 * SHA256 functions even in SHA224 context. This is what happens
 * there anyway, so we can spare few CPU cycles:-)
 */
static int update256(EVP_MD_CTX *ctx, const void *data, size_t count)
{
    return SHA256_Update(EVP_MD_CTX_md_data(ctx), data, count);
}

static int final256(EVP_MD_CTX *ctx, unsigned char *md)
{
    return SHA256_Final(md, EVP_MD_CTX_md_data(ctx));
}

static const EVP_MD sha224_md = {
    NID_sha224,
    NID_sha224WithRSAEncryption,
    SHA224_DIGEST_LENGTH,
    EVP_MD_FLAG_DIGALGID_ABSENT,
    init224,
    update256,
    final256,
    NULL,
    NULL,
    SHA256_CBLOCK,
    sizeof(EVP_MD *) + sizeof(SHA256_CTX),
};

const EVP_MD *EVP_sha224(void)
{
    return (&sha224_md);
}

static const EVP_MD sha256_md = {
    NID_sha256,
    NID_sha256WithRSAEncryption,
    SHA256_DIGEST_LENGTH,
    EVP_MD_FLAG_DIGALGID_ABSENT,
    init256,
    update256,
    final256,
    NULL,
    NULL,
    SHA256_CBLOCK,
    sizeof(EVP_MD *) + sizeof(SHA256_CTX),
};

const EVP_MD *EVP_sha256(void)
{
    return (&sha256_md);
}

static int init384(EVP_MD_CTX *ctx)
{
    return SHA384_Init(EVP_MD_CTX_md_data(ctx));
}

static int init512(EVP_MD_CTX *ctx)
{
    return SHA512_Init(EVP_MD_CTX_md_data(ctx));
}

/* See comment in SHA224/256 section */
static int update512(EVP_MD_CTX *ctx, const void *data, size_t count)
{
    return SHA512_Update(EVP_MD_CTX_md_data(ctx), data, count);
}

static int final512(EVP_MD_CTX *ctx, unsigned char *md)
{
    return SHA512_Final(md, EVP_MD_CTX_md_data(ctx));
}

static const EVP_MD sha384_md = {
    NID_sha384,
    NID_sha384WithRSAEncryption,
    SHA384_DIGEST_LENGTH,
    EVP_MD_FLAG_DIGALGID_ABSENT,
    init384,
    update512,
    final512,
    NULL,
    NULL,
    SHA512_CBLOCK,
    sizeof(EVP_MD *) + sizeof(SHA512_CTX),
};

const EVP_MD *EVP_sha384(void)
{
    return (&sha384_md);
}

static const EVP_MD sha512_md = {
    NID_sha512,
    NID_sha512WithRSAEncryption,
    SHA512_DIGEST_LENGTH,
    EVP_MD_FLAG_DIGALGID_ABSENT,
    init512,
    update512,
    final512,
    NULL,
    NULL,
    SHA512_CBLOCK,
    sizeof(EVP_MD *) + sizeof(SHA512_CTX),
};

const EVP_MD *EVP_sha512(void)
{
    return (&sha512_md);
}
Commit	Line	Data
58964a49	1	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
d02b48c6 RE	2	* All rights reserved.
	3	*
	4	* This package is an SSL implementation written
	5	* by Eric Young (eay@cryptsoft.com).
	6	* The implementation was written so as to conform with Netscapes SSL.
0f113f3e	7	*
d02b48c6 RE	8	* This library is free for commercial and non-commercial use as long as
	9	* the following conditions are aheared to. The following conditions
	10	* apply to all code found in this distribution, be it the RC4, RSA,
	11	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	12	* included with this distribution is covered by the same copyright terms
	13	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
0f113f3e	14	*
d02b48c6 RE	15	* Copyright remains Eric Young's, and as such any Copyright notices in
	16	* the code are not to be removed.
	17	* If this package is used in a product, Eric Young should be given attribution
	18	* as the author of the parts of the library used.
	19	* This can be in the form of a textual message at program startup or
	20	* in documentation (online or textual) provided with the package.
0f113f3e	21	*
d02b48c6 RE	22	* Redistribution and use in source and binary forms, with or without
	23	* modification, are permitted provided that the following conditions
	24	* are met:
	25	* 1. Redistributions of source code must retain the copyright
	26	* notice, this list of conditions and the following disclaimer.
	27	* 2. Redistributions in binary form must reproduce the above copyright
	28	* notice, this list of conditions and the following disclaimer in the
	29	* documentation and/or other materials provided with the distribution.
	30	* 3. All advertising materials mentioning features or use of this software
	31	* must display the following acknowledgement:
	32	* "This product includes cryptographic software written by
	33	* Eric Young (eay@cryptsoft.com)"
	34	* The word 'cryptographic' can be left out if the rouines from the library
	35	* being used are not cryptographic related :-).
0f113f3e	36	* 4. If you include any Windows specific code (or a derivative thereof) from
d02b48c6 RE	37	* the apps directory (application code) you must include an acknowledgement:
d02b48c6 RE	38	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
0f113f3e	39	*
d02b48c6 RE	40	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	41	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	42	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	43	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	44	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	45	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	46	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	48	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	49	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	50	* SUCH DAMAGE.
0f113f3e	51	*
d02b48c6 RE	52	* The licence and distribution terms for any publically available version or
	53	* derivative of this code cannot be changed. i.e. this code cannot simply be
	54	* copied and put under another distribution licence
	55	* [including the GNU Public Licence.]
	56	*/
	57
	58	#include <stdio.h>
b39fc560	59	#include "internal/cryptlib.h"
69104cdf	60
474e469b RS	61	#include <openssl/evp.h>
	62	#include <openssl/objects.h>
	63	#include <openssl/sha.h>
3c27208f	64	#include <openssl/rsa.h>
ab0a14bb	65	#include "internal/evp_int.h"
d02b48c6	66
26188931	67	static int init(EVP_MD_CTX *ctx)
0f113f3e	68	{
6e59a892	69	return SHA1_Init(EVP_MD_CTX_md_data(ctx));
0f113f3e MC	70	}
	71
	72	static int update(EVP_MD_CTX ctx, const void data, size_t count)
	73	{
6e59a892	74	return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count);
0f113f3e MC	75	}
	76
	77	static int final(EVP_MD_CTX ctx, unsigned char md)
	78	{
6e59a892	79	return SHA1_Final(md, EVP_MD_CTX_md_data(ctx));
0f113f3e MC	80	}
0f113f3e MC	81
00f5263b DSH	82	static int ctrl(EVP_MD_CTX ctx, int cmd, int mslen, void ms)
	83	{
	84	unsigned char padtmp[40];
	85	unsigned char sha1tmp[SHA_DIGEST_LENGTH];
	86
6e59a892	87	SHA_CTX *sha1 = EVP_MD_CTX_md_data(ctx);
00f5263b DSH	88
	89	if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
	90	return 0;
	91
	92	/* SSLv3 client auth handling: see RFC-6101 5.6.8 */
	93	if (mslen != 48)
	94	return 0;
	95
	96	/* At this point hash contains all handshake messages, update
	97	* with master secret and pad_1.
	98	*/
	99
	100	if (SHA1_Update(sha1, ms, mslen) <= 0)
	101	return 0;
	102
	103	/* Set padtmp to pad_1 value */
	104	memset(padtmp, 0x36, sizeof(padtmp));
	105
	106	if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))
	107	return 0;
	108
	109	if (!SHA1_Final(sha1tmp, sha1))
	110	return 0;
	111
	112	/* Reinitialise context */
	113
	114	if (!SHA1_Init(sha1))
	115	return 0;
	116
	117	if (SHA1_Update(sha1, ms, mslen) <= 0)
	118	return 0;
	119
	120	/* Set padtmp to pad_2 value */
	121	memset(padtmp, 0x5c, sizeof(padtmp));
	122
	123	if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))
	124	return 0;
	125
	126	if (!SHA1_Update(sha1, sha1tmp, sizeof(sha1tmp)))
	127	return 0;
	128
	129	/* Now when ctx is finalised it will return the SSL v3 hash value */
	130	OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp));
	131
	132	return 1;
	133
	134	}
	135
0f113f3e MC	136	static const EVP_MD sha1_md = {
	137	NID_sha1,
	138	NID_sha1WithRSAEncryption,
	139	SHA_DIGEST_LENGTH,
7f572e95	140	EVP_MD_FLAG_DIGALGID_ABSENT,
0f113f3e MC	141	init,
	142	update,
	143	final,
	144	NULL,
	145	NULL,
0f113f3e MC	146	SHA_CBLOCK,
0f113f3e MC	147	sizeof(EVP_MD *) + sizeof(SHA_CTX),
00f5263b	148	ctrl
0f113f3e	149	};
d02b48c6	150
13588350	151	const EVP_MD *EVP_sha1(void)
0f113f3e MC	152	{
	153	return (&sha1_md);
	154	}
31c2ac1c	155
31c2ac1c	156	static int init224(EVP_MD_CTX *ctx)
0f113f3e	157	{
6e59a892	158	return SHA224_Init(EVP_MD_CTX_md_data(ctx));
0f113f3e MC	159	}
0f113f3e MC	160
31c2ac1c	161	static int init256(EVP_MD_CTX *ctx)
0f113f3e	162	{
6e59a892	163	return SHA256_Init(EVP_MD_CTX_md_data(ctx));
0f113f3e MC	164	}
0f113f3e MC	165
31c2ac1c AP	166	/*
	167	* Even though there're separate SHA224_[Update\|Final], we call
	168	* SHA256 functions even in SHA224 context. This is what happens
	169	* there anyway, so we can spare few CPU cycles:-)
	170	*/
0f113f3e MC	171	static int update256(EVP_MD_CTX ctx, const void data, size_t count)
0f113f3e MC	172	{
6e59a892	173	return SHA256_Update(EVP_MD_CTX_md_data(ctx), data, count);
0f113f3e MC	174	}
	175
	176	static int final256(EVP_MD_CTX ctx, unsigned char md)
	177	{
6e59a892	178	return SHA256_Final(md, EVP_MD_CTX_md_data(ctx));
0f113f3e MC	179	}
	180
	181	static const EVP_MD sha224_md = {
	182	NID_sha224,
	183	NID_sha224WithRSAEncryption,
	184	SHA224_DIGEST_LENGTH,
7f572e95	185	EVP_MD_FLAG_DIGALGID_ABSENT,
0f113f3e MC	186	init224,
	187	update256,
	188	final256,
	189	NULL,
	190	NULL,
0f113f3e MC	191	SHA256_CBLOCK,
	192	sizeof(EVP_MD *) + sizeof(SHA256_CTX),
	193	};
31c2ac1c AP	194
31c2ac1c AP	195	const EVP_MD *EVP_sha224(void)
0f113f3e MC	196	{
	197	return (&sha224_md);
	198	}
	199
	200	static const EVP_MD sha256_md = {
	201	NID_sha256,
	202	NID_sha256WithRSAEncryption,
	203	SHA256_DIGEST_LENGTH,
7f572e95	204	EVP_MD_FLAG_DIGALGID_ABSENT,
0f113f3e MC	205	init256,
	206	update256,
	207	final256,
	208	NULL,
	209	NULL,
0f113f3e MC	210	SHA256_CBLOCK,
	211	sizeof(EVP_MD *) + sizeof(SHA256_CTX),
	212	};
31c2ac1c AP	213
31c2ac1c AP	214	const EVP_MD *EVP_sha256(void)
0f113f3e MC	215	{
	216	return (&sha256_md);
	217	}
31c2ac1c	218
31c2ac1c	219	static int init384(EVP_MD_CTX *ctx)
0f113f3e	220	{
6e59a892	221	return SHA384_Init(EVP_MD_CTX_md_data(ctx));
0f113f3e MC	222	}
0f113f3e MC	223
31c2ac1c	224	static int init512(EVP_MD_CTX *ctx)
0f113f3e	225	{
6e59a892	226	return SHA512_Init(EVP_MD_CTX_md_data(ctx));
0f113f3e MC	227	}
0f113f3e MC	228
31c2ac1c	229	/* See comment in SHA224/256 section */
0f113f3e MC	230	static int update512(EVP_MD_CTX ctx, const void data, size_t count)
0f113f3e MC	231	{
6e59a892	232	return SHA512_Update(EVP_MD_CTX_md_data(ctx), data, count);
0f113f3e MC	233	}
	234
	235	static int final512(EVP_MD_CTX ctx, unsigned char md)
	236	{
6e59a892	237	return SHA512_Final(md, EVP_MD_CTX_md_data(ctx));
0f113f3e MC	238	}
	239
	240	static const EVP_MD sha384_md = {
	241	NID_sha384,
	242	NID_sha384WithRSAEncryption,
	243	SHA384_DIGEST_LENGTH,
7f572e95	244	EVP_MD_FLAG_DIGALGID_ABSENT,
0f113f3e MC	245	init384,
	246	update512,
	247	final512,
	248	NULL,
	249	NULL,
0f113f3e MC	250	SHA512_CBLOCK,
	251	sizeof(EVP_MD *) + sizeof(SHA512_CTX),
	252	};
31c2ac1c AP	253
31c2ac1c AP	254	const EVP_MD *EVP_sha384(void)
0f113f3e MC	255	{
	256	return (&sha384_md);
	257	}
	258
	259	static const EVP_MD sha512_md = {
	260	NID_sha512,
	261	NID_sha512WithRSAEncryption,
	262	SHA512_DIGEST_LENGTH,
7f572e95	263	EVP_MD_FLAG_DIGALGID_ABSENT,
0f113f3e MC	264	init512,
	265	update512,
	266	final512,
	267	NULL,
	268	NULL,
0f113f3e MC	269	SHA512_CBLOCK,
	270	sizeof(EVP_MD *) + sizeof(SHA512_CTX),
	271	};
31c2ac1c AP	272
31c2ac1c AP	273	const EVP_MD *EVP_sha512(void)
0f113f3e MC	274	{
	275	return (&sha512_md);
	276	}