Add function to get digest hash size for provided digest name.
return 0;
}
+/* Returns the number of bytes generated by the specified digest algorithm. This can be used only for
+ * fixed-size algorithms, e.g. md5, sha1, sha256, etc. Do not use this for variable-sized digest algorithms,
+ * e.g. shake128. Returns 0 on success, -EOPNOTSUPP if the algorithm is not supported, or < 0 for any other
+ * error. */
+int openssl_digest_size(const char *digest_alg, size_t *ret_digest_size) {
+ assert(digest_alg);
+ assert(ret_digest_size);
+
+#if OPENSSL_VERSION_MAJOR >= 3
+ _cleanup_(EVP_MD_freep) EVP_MD *md = EVP_MD_fetch(NULL, digest_alg, NULL);
+#else
+ const EVP_MD *md = EVP_get_digestbyname(digest_alg);
+#endif
+ if (!md)
+ return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
+ "Digest algorithm '%s' not supported.", digest_alg);
+
+ size_t digest_size;
+#if OPENSSL_VERSION_MAJOR >= 3
+ digest_size = EVP_MD_get_size(md);
+#else
+ digest_size = EVP_MD_size(md);
+#endif
+ if (digest_size == 0)
+ return log_openssl_errors("Failed to get Digest size");
+
+ *ret_digest_size = digest_size;
+
+ return 0;
+}
+
int rsa_encrypt_bytes(
EVP_PKEY *pkey,
const void *decrypted_key,
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIO*, BIO_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_MD_CTX*, EVP_MD_CTX_free, NULL);
#if OPENSSL_VERSION_MAJOR >= 3
+DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_MD*, EVP_MD_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(OSSL_PARAM*, OSSL_PARAM_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(OSSL_PARAM_BLD*, OSSL_PARAM_BLD_free, NULL);
#else
int openssl_hash(const EVP_MD *alg, const void *msg, size_t msg_len, uint8_t *ret_hash, size_t *ret_hash_len);
+int openssl_digest_size(const char *digest_alg, size_t *ret_digest_size);
+
int rsa_encrypt_bytes(EVP_PKEY *pkey, const void *decrypted_key, size_t decrypted_key_size, void **ret_encrypt_key, size_t *ret_encrypt_key_size);
int rsa_pkey_to_suitable_key_size(EVP_PKEY *pkey, size_t *ret_suitable_key_size);
assert_se(pkey == NULL);
}
+static const struct {
+ const char *alg;
+ size_t size;
+} digest_size_table[] = {
+ /* SHA1 "family" */
+ { "sha1", 20, },
+#if OPENSSL_VERSION_MAJOR >= 3
+ { "sha-1", 20, },
+#endif
+ /* SHA2 family */
+ { "sha224", 28, },
+ { "sha256", 32, },
+ { "sha384", 48, },
+ { "sha512", 64, },
+#if OPENSSL_VERSION_MAJOR >= 3
+ { "sha-224", 28, },
+ { "sha2-224", 28, },
+ { "sha-256", 32, },
+ { "sha2-256", 32, },
+ { "sha-384", 48, },
+ { "sha2-384", 48, },
+ { "sha-512", 64, },
+ { "sha2-512", 64, },
+#endif
+ /* SHA3 family */
+ { "sha3-224", 28, },
+ { "sha3-256", 32, },
+ { "sha3-384", 48, },
+ { "sha3-512", 64, },
+ /* SM3 family */
+ { "sm3", 32, },
+ /* MD5 family */
+ { "md5", 16, },
+};
+
+TEST(digest_size) {
+ size_t size;
+
+ FOREACH_ARRAY(t, digest_size_table, ELEMENTSOF(digest_size_table)) {
+ assert(openssl_digest_size(t->alg, &size) >= 0);
+ assert_se(size == t->size);
+
+ _cleanup_free_ char *uppercase_alg = strdup(t->alg);
+ assert_se(uppercase_alg);
+ assert_se(openssl_digest_size(ascii_strupper(uppercase_alg), &size) >= 0);
+ assert_se(size == t->size);
+ }
+
+ assert_se(openssl_digest_size("invalid.alg", &size) == -EOPNOTSUPP);
+}
+
DEFINE_TEST_MAIN(LOG_DEBUG);
projects / thirdparty / systemd.git / commitdiff
