[thirdparty/openssl.git] / crypto / evp / m_sha1.c

/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <stdio.h>
#include "internal/cryptlib.h"

#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/sha.h>
#ifndef OPENSSL_NO_RSA
# include <openssl/rsa.h>
#endif
#include "internal/evp_int.h"

static int init(EVP_MD_CTX *ctx)
{
    return SHA1_Init(EVP_MD_CTX_md_data(ctx));
}

static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
{
    return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count);
}

static int final(EVP_MD_CTX *ctx, unsigned char *md)
{
    return SHA1_Final(md, EVP_MD_CTX_md_data(ctx));
}

static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms)
{
    unsigned char padtmp[40];
    unsigned char sha1tmp[SHA_DIGEST_LENGTH];

    SHA_CTX *sha1 = EVP_MD_CTX_md_data(ctx);

    if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
        return 0;

    /* SSLv3 client auth handling: see RFC-6101 5.6.8 */
    if (mslen != 48)
        return 0;

    /* At this point hash contains all handshake messages, update
     * with master secret and pad_1.
     */

    if (SHA1_Update(sha1, ms, mslen) <= 0)
        return 0;

    /* Set padtmp to pad_1 value */
    memset(padtmp, 0x36, sizeof(padtmp));

    if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))
        return 0;

    if (!SHA1_Final(sha1tmp, sha1))
        return 0;

    /* Reinitialise context */

    if (!SHA1_Init(sha1))
        return 0;

    if (SHA1_Update(sha1, ms, mslen) <= 0)
        return 0;

    /* Set padtmp to pad_2 value */
    memset(padtmp, 0x5c, sizeof(padtmp));

    if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))
        return 0;

    if (!SHA1_Update(sha1, sha1tmp, sizeof(sha1tmp)))
        return 0;

    /* Now when ctx is finalised it will return the SSL v3 hash value */
    OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp));

    return 1;

}

static const EVP_MD sha1_md = {
    NID_sha1,
    NID_sha1WithRSAEncryption,
    SHA_DIGEST_LENGTH,
    EVP_MD_FLAG_DIGALGID_ABSENT,
    init,
    update,
    final,
    NULL,
    NULL,
    SHA_CBLOCK,
    sizeof(EVP_MD *) + sizeof(SHA_CTX),
    ctrl
};

const EVP_MD *EVP_sha1(void)
{
    return (&sha1_md);
}

static int init224(EVP_MD_CTX *ctx)
{
    return SHA224_Init(EVP_MD_CTX_md_data(ctx));
}

static int init256(EVP_MD_CTX *ctx)
{
    return SHA256_Init(EVP_MD_CTX_md_data(ctx));
}

/*
 * Even though there're separate SHA224_[Update|Final], we call
 * SHA256 functions even in SHA224 context. This is what happens
 * there anyway, so we can spare few CPU cycles:-)
 */
static int update256(EVP_MD_CTX *ctx, const void *data, size_t count)
{
    return SHA256_Update(EVP_MD_CTX_md_data(ctx), data, count);
}

static int final256(EVP_MD_CTX *ctx, unsigned char *md)
{
    return SHA256_Final(md, EVP_MD_CTX_md_data(ctx));
}

static const EVP_MD sha224_md = {
    NID_sha224,
    NID_sha224WithRSAEncryption,
    SHA224_DIGEST_LENGTH,
    EVP_MD_FLAG_DIGALGID_ABSENT,
    init224,
    update256,
    final256,
    NULL,
    NULL,
    SHA256_CBLOCK,
    sizeof(EVP_MD *) + sizeof(SHA256_CTX),
};

const EVP_MD *EVP_sha224(void)
{
    return (&sha224_md);
}

static const EVP_MD sha256_md = {
    NID_sha256,
    NID_sha256WithRSAEncryption,
    SHA256_DIGEST_LENGTH,
    EVP_MD_FLAG_DIGALGID_ABSENT,
    init256,
    update256,
    final256,
    NULL,
    NULL,
    SHA256_CBLOCK,
    sizeof(EVP_MD *) + sizeof(SHA256_CTX),
};

const EVP_MD *EVP_sha256(void)
{
    return (&sha256_md);
}

static int init384(EVP_MD_CTX *ctx)
{
    return SHA384_Init(EVP_MD_CTX_md_data(ctx));
}

static int init512(EVP_MD_CTX *ctx)
{
    return SHA512_Init(EVP_MD_CTX_md_data(ctx));
}

/* See comment in SHA224/256 section */
static int update512(EVP_MD_CTX *ctx, const void *data, size_t count)
{
    return SHA512_Update(EVP_MD_CTX_md_data(ctx), data, count);
}

static int final512(EVP_MD_CTX *ctx, unsigned char *md)
{
    return SHA512_Final(md, EVP_MD_CTX_md_data(ctx));
}

static const EVP_MD sha384_md = {
    NID_sha384,
    NID_sha384WithRSAEncryption,
    SHA384_DIGEST_LENGTH,
    EVP_MD_FLAG_DIGALGID_ABSENT,
    init384,
    update512,
    final512,
    NULL,
    NULL,
    SHA512_CBLOCK,
    sizeof(EVP_MD *) + sizeof(SHA512_CTX),
};

const EVP_MD *EVP_sha384(void)
{
    return (&sha384_md);
}

static const EVP_MD sha512_md = {
    NID_sha512,
    NID_sha512WithRSAEncryption,
    SHA512_DIGEST_LENGTH,
    EVP_MD_FLAG_DIGALGID_ABSENT,
    init512,
    update512,
    final512,
    NULL,
    NULL,
    SHA512_CBLOCK,
    sizeof(EVP_MD *) + sizeof(SHA512_CTX),
};

const EVP_MD *EVP_sha512(void)
{
    return (&sha512_md);
}
Commit	Line	Data
58964a49	1	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
d02b48c6 RE	2	* All rights reserved.
	3	*
	4	* This package is an SSL implementation written
	5	* by Eric Young (eay@cryptsoft.com).
	6	* The implementation was written so as to conform with Netscapes SSL.
0f113f3e	7	*
d02b48c6 RE	8	* This library is free for commercial and non-commercial use as long as
	9	* the following conditions are aheared to. The following conditions
	10	* apply to all code found in this distribution, be it the RC4, RSA,
	11	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	12	* included with this distribution is covered by the same copyright terms
	13	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
0f113f3e	14	*
d02b48c6 RE	15	* Copyright remains Eric Young's, and as such any Copyright notices in
	16	* the code are not to be removed.
	17	* If this package is used in a product, Eric Young should be given attribution
	18	* as the author of the parts of the library used.
	19	* This can be in the form of a textual message at program startup or
	20	* in documentation (online or textual) provided with the package.
0f113f3e	21	*
d02b48c6 RE	22	* Redistribution and use in source and binary forms, with or without
	23	* modification, are permitted provided that the following conditions
	24	* are met:
	25	* 1. Redistributions of source code must retain the copyright
	26	* notice, this list of conditions and the following disclaimer.
	27	* 2. Redistributions in binary form must reproduce the above copyright
	28	* notice, this list of conditions and the following disclaimer in the
	29	* documentation and/or other materials provided with the distribution.
	30	* 3. All advertising materials mentioning features or use of this software
	31	* must display the following acknowledgement:
	32	* "This product includes cryptographic software written by
	33	* Eric Young (eay@cryptsoft.com)"
	34	* The word 'cryptographic' can be left out if the rouines from the library
	35	* being used are not cryptographic related :-).
0f113f3e	36	* 4. If you include any Windows specific code (or a derivative thereof) from
d02b48c6 RE	37	* the apps directory (application code) you must include an acknowledgement:
d02b48c6 RE	38	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
0f113f3e	39	*
d02b48c6 RE	40	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	41	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	42	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	43	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	44	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	45	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	46	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	48	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	49	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	50	* SUCH DAMAGE.
0f113f3e	51	*
d02b48c6 RE	52	* The licence and distribution terms for any publically available version or
	53	* derivative of this code cannot be changed. i.e. this code cannot simply be
	54	* copied and put under another distribution licence
	55	* [including the GNU Public Licence.]
	56	*/
	57
	58	#include <stdio.h>
b39fc560	59	#include "internal/cryptlib.h"
69104cdf	60
474e469b RS	61	#include <openssl/evp.h>
	62	#include <openssl/objects.h>
	63	#include <openssl/sha.h>
	64	#ifndef OPENSSL_NO_RSA
	65	# include <openssl/rsa.h>
	66	#endif
ab0a14bb	67	#include "internal/evp_int.h"
d02b48c6	68
26188931	69	static int init(EVP_MD_CTX *ctx)
0f113f3e	70	{
6e59a892	71	return SHA1_Init(EVP_MD_CTX_md_data(ctx));
0f113f3e MC	72	}
	73
	74	static int update(EVP_MD_CTX ctx, const void data, size_t count)
	75	{
6e59a892	76	return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count);
0f113f3e MC	77	}
	78
	79	static int final(EVP_MD_CTX ctx, unsigned char md)
	80	{
6e59a892	81	return SHA1_Final(md, EVP_MD_CTX_md_data(ctx));
0f113f3e MC	82	}
0f113f3e MC	83
00f5263b DSH	84	static int ctrl(EVP_MD_CTX ctx, int cmd, int mslen, void ms)
	85	{
	86	unsigned char padtmp[40];
	87	unsigned char sha1tmp[SHA_DIGEST_LENGTH];
	88
6e59a892	89	SHA_CTX *sha1 = EVP_MD_CTX_md_data(ctx);
00f5263b DSH	90
	91	if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
	92	return 0;
	93
	94	/* SSLv3 client auth handling: see RFC-6101 5.6.8 */
	95	if (mslen != 48)
	96	return 0;
	97
	98	/* At this point hash contains all handshake messages, update
	99	* with master secret and pad_1.
	100	*/
	101
	102	if (SHA1_Update(sha1, ms, mslen) <= 0)
	103	return 0;
	104
	105	/* Set padtmp to pad_1 value */
	106	memset(padtmp, 0x36, sizeof(padtmp));
	107
	108	if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))
	109	return 0;
	110
	111	if (!SHA1_Final(sha1tmp, sha1))
	112	return 0;
	113
	114	/* Reinitialise context */
	115
	116	if (!SHA1_Init(sha1))
	117	return 0;
	118
	119	if (SHA1_Update(sha1, ms, mslen) <= 0)
	120	return 0;
	121
	122	/* Set padtmp to pad_2 value */
	123	memset(padtmp, 0x5c, sizeof(padtmp));
	124
	125	if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))
	126	return 0;
	127
	128	if (!SHA1_Update(sha1, sha1tmp, sizeof(sha1tmp)))
	129	return 0;
	130
	131	/* Now when ctx is finalised it will return the SSL v3 hash value */
	132	OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp));
	133
	134	return 1;
	135
	136	}
	137
0f113f3e MC	138	static const EVP_MD sha1_md = {
	139	NID_sha1,
	140	NID_sha1WithRSAEncryption,
	141	SHA_DIGEST_LENGTH,
7f572e95	142	EVP_MD_FLAG_DIGALGID_ABSENT,
0f113f3e MC	143	init,
	144	update,
	145	final,
	146	NULL,
	147	NULL,
0f113f3e MC	148	SHA_CBLOCK,
0f113f3e MC	149	sizeof(EVP_MD *) + sizeof(SHA_CTX),
00f5263b	150	ctrl
0f113f3e	151	};
d02b48c6	152
13588350	153	const EVP_MD *EVP_sha1(void)
0f113f3e MC	154	{
	155	return (&sha1_md);
	156	}
31c2ac1c	157
31c2ac1c	158	static int init224(EVP_MD_CTX *ctx)
0f113f3e	159	{
6e59a892	160	return SHA224_Init(EVP_MD_CTX_md_data(ctx));
0f113f3e MC	161	}
0f113f3e MC	162
31c2ac1c	163	static int init256(EVP_MD_CTX *ctx)
0f113f3e	164	{
6e59a892	165	return SHA256_Init(EVP_MD_CTX_md_data(ctx));
0f113f3e MC	166	}
0f113f3e MC	167
31c2ac1c AP	168	/*
	169	* Even though there're separate SHA224_[Update\|Final], we call
	170	* SHA256 functions even in SHA224 context. This is what happens
	171	* there anyway, so we can spare few CPU cycles:-)
	172	*/
0f113f3e MC	173	static int update256(EVP_MD_CTX ctx, const void data, size_t count)
0f113f3e MC	174	{
6e59a892	175	return SHA256_Update(EVP_MD_CTX_md_data(ctx), data, count);
0f113f3e MC	176	}
	177
	178	static int final256(EVP_MD_CTX ctx, unsigned char md)
	179	{
6e59a892	180	return SHA256_Final(md, EVP_MD_CTX_md_data(ctx));
0f113f3e MC	181	}
	182
	183	static const EVP_MD sha224_md = {
	184	NID_sha224,
	185	NID_sha224WithRSAEncryption,
	186	SHA224_DIGEST_LENGTH,
7f572e95	187	EVP_MD_FLAG_DIGALGID_ABSENT,
0f113f3e MC	188	init224,
	189	update256,
	190	final256,
	191	NULL,
	192	NULL,
0f113f3e MC	193	SHA256_CBLOCK,
	194	sizeof(EVP_MD *) + sizeof(SHA256_CTX),
	195	};
31c2ac1c AP	196
31c2ac1c AP	197	const EVP_MD *EVP_sha224(void)
0f113f3e MC	198	{
	199	return (&sha224_md);
	200	}
	201
	202	static const EVP_MD sha256_md = {
	203	NID_sha256,
	204	NID_sha256WithRSAEncryption,
	205	SHA256_DIGEST_LENGTH,
7f572e95	206	EVP_MD_FLAG_DIGALGID_ABSENT,
0f113f3e MC	207	init256,
	208	update256,
	209	final256,
	210	NULL,
	211	NULL,
0f113f3e MC	212	SHA256_CBLOCK,
	213	sizeof(EVP_MD *) + sizeof(SHA256_CTX),
	214	};
31c2ac1c AP	215
31c2ac1c AP	216	const EVP_MD *EVP_sha256(void)
0f113f3e MC	217	{
	218	return (&sha256_md);
	219	}
31c2ac1c	220
31c2ac1c	221	static int init384(EVP_MD_CTX *ctx)
0f113f3e	222	{
6e59a892	223	return SHA384_Init(EVP_MD_CTX_md_data(ctx));
0f113f3e MC	224	}
0f113f3e MC	225
31c2ac1c	226	static int init512(EVP_MD_CTX *ctx)
0f113f3e	227	{
6e59a892	228	return SHA512_Init(EVP_MD_CTX_md_data(ctx));
0f113f3e MC	229	}
0f113f3e MC	230
31c2ac1c	231	/* See comment in SHA224/256 section */
0f113f3e MC	232	static int update512(EVP_MD_CTX ctx, const void data, size_t count)
0f113f3e MC	233	{
6e59a892	234	return SHA512_Update(EVP_MD_CTX_md_data(ctx), data, count);
0f113f3e MC	235	}
	236
	237	static int final512(EVP_MD_CTX ctx, unsigned char md)
	238	{
6e59a892	239	return SHA512_Final(md, EVP_MD_CTX_md_data(ctx));
0f113f3e MC	240	}
	241
	242	static const EVP_MD sha384_md = {
	243	NID_sha384,
	244	NID_sha384WithRSAEncryption,
	245	SHA384_DIGEST_LENGTH,
7f572e95	246	EVP_MD_FLAG_DIGALGID_ABSENT,
0f113f3e MC	247	init384,
	248	update512,
	249	final512,
	250	NULL,
	251	NULL,
0f113f3e MC	252	SHA512_CBLOCK,
	253	sizeof(EVP_MD *) + sizeof(SHA512_CTX),
	254	};
31c2ac1c AP	255
31c2ac1c AP	256	const EVP_MD *EVP_sha384(void)
0f113f3e MC	257	{
	258	return (&sha384_md);
	259	}
	260
	261	static const EVP_MD sha512_md = {
	262	NID_sha512,
	263	NID_sha512WithRSAEncryption,
	264	SHA512_DIGEST_LENGTH,
7f572e95	265	EVP_MD_FLAG_DIGALGID_ABSENT,
0f113f3e MC	266	init512,
	267	update512,
	268	final512,
	269	NULL,
	270	NULL,
0f113f3e MC	271	SHA512_CBLOCK,
	272	sizeof(EVP_MD *) + sizeof(SHA512_CTX),
	273	};
31c2ac1c AP	274
31c2ac1c AP	275	const EVP_MD *EVP_sha512(void)
0f113f3e MC	276	{
	277	return (&sha512_md);
	278	}