From d5e5e2ffafc7dbc861f7d285508cf129c5e8f5ac Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Thu, 11 Apr 2019 20:27:59 +1000 Subject: [PATCH] Move digests to providers Move digest code into the relevant providers (fips, default, legacy). The headers are temporarily moved to be internal, and will be moved into providers after all external references are resolved. The deprecated digest code can not be removed until EVP_PKEY (signing) is supported by providers. EVP_MD data can also not yet be cleaned up for the same reasons. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8763) --- crypto/blake2/blake2b_mac.c | 10 +- crypto/blake2/blake2s_mac.c | 8 +- crypto/blake2/build.info | 2 +- crypto/blake2/m_blake2b.c | 27 +- crypto/blake2/m_blake2s.c | 27 +- crypto/core_fetch.c | 3 + crypto/evp/digest.c | 161 ++++++---- crypto/evp/evp_fetch.c | 1 + crypto/evp/m_md5_sha1.c | 112 +------ crypto/evp/m_sha1.c | 58 +--- crypto/evp/m_sha3.c | 137 ++------- crypto/include/internal/evp_int.h | 2 + crypto/include/internal/sha.h | 1 + crypto/md5/build.info | 2 +- crypto/md5/md5_sha1.c | 101 +++++++ crypto/sha/build.info | 7 +- crypto/sha/keccak1600.c | 2 +- crypto/sha/sha1dgst.c | 61 +++- crypto/sha/sha3.c | 106 +++++++ crypto/sm3/m_sm3.c | 2 +- crypto/sm3/sm3_locl.h | 1 + doc/man3/EVP_DigestInit.pod | 65 +++- .../internal/blake2.h | 57 ++-- include/internal/md5_sha1.h | 37 +++ include/internal/sha3.h | 52 ++++ {crypto/include => include}/internal/sm3.h | 7 +- include/openssl/core_names.h | 7 + include/openssl/core_numbers.h | 10 +- include/openssl/evp.h | 5 +- providers/build.info | 2 +- providers/common/digests/build.info | 4 +- providers/common/digests/sha2.c | 105 +++---- providers/common/digests/sha3.c | 277 ++++++++++++++++++ .../common/include/internal/core_mkdigest.h | 95 ++++++ .../common/include/internal/provider_algs.h | 25 ++ providers/default/build.info | 1 + providers/default/defltprov.c | 35 +++ providers/default/digests/blake2.c | 40 +++ .../default/digests}/blake2_impl.h | 0 .../default/digests}/blake2b.c | 16 +- .../default/digests}/blake2s.c | 15 +- providers/default/digests/build.info | 17 ++ providers/default/digests/md5.c | 17 ++ providers/default/digests/md5_sha1.c | 46 +++ providers/default/digests/null.c | 75 +++++ providers/default/digests/sm3.c | 17 ++ providers/fips/fipsprov.c | 13 + providers/legacy/digests/build.info | 20 ++ providers/legacy/digests/md2.c | 57 +--- providers/legacy/digests/md4.c | 18 ++ providers/legacy/digests/mdc2.c | 37 +++ providers/legacy/digests/ripemd.c | 18 ++ providers/legacy/digests/wp.c | 18 ++ providers/legacy/legacyprov.c | 20 +- ssl/s3_enc.c | 35 ++- ssl/ssl_locl.h | 2 + ssl/statem/statem_lib.c | 14 +- test/build.info | 3 + test/evp_test.c | 28 +- test/mdc2test.c | 22 +- test/recipes/05-test_mdc2.t | 18 +- test/recipes/30-test_evp.t | 4 +- test/recipes/30-test_evp_data/evpdigest.txt | 25 +- util/libcrypto.num | 4 +- 64 files changed, 1644 insertions(+), 570 deletions(-) create mode 100644 crypto/md5/md5_sha1.c create mode 100644 crypto/sha/sha3.c rename crypto/blake2/blake2_locl.h => include/internal/blake2.h (68%) create mode 100644 include/internal/md5_sha1.h create mode 100644 include/internal/sha3.h rename {crypto/include => include}/internal/sm3.h (83%) create mode 100644 providers/common/digests/sha3.c create mode 100644 providers/common/include/internal/core_mkdigest.h create mode 100644 providers/default/digests/blake2.c rename {crypto/blake2 => providers/default/digests}/blake2_impl.h (100%) rename {crypto/blake2 => providers/default/digests}/blake2b.c (96%) rename {crypto/blake2 => providers/default/digests}/blake2s.c (95%) create mode 100644 providers/default/digests/build.info create mode 100644 providers/default/digests/md5.c create mode 100644 providers/default/digests/md5_sha1.c create mode 100644 providers/default/digests/null.c create mode 100644 providers/default/digests/sm3.c create mode 100644 providers/legacy/digests/md4.c create mode 100644 providers/legacy/digests/mdc2.c create mode 100644 providers/legacy/digests/ripemd.c create mode 100644 providers/legacy/digests/wp.c diff --git a/crypto/blake2/blake2b_mac.c b/crypto/blake2/blake2b_mac.c index 71b8517885..b38e9b8d27 100644 --- a/crypto/blake2/blake2b_mac.c +++ b/crypto/blake2/blake2b_mac.c @@ -10,7 +10,7 @@ #ifndef OPENSSL_NO_BLAKE2 # include -# include "blake2_locl.h" +# include "internal/blake2.h" # include "internal/cryptlib.h" # include "internal/evp_int.h" @@ -26,7 +26,7 @@ static EVP_MAC_IMPL *blake2b_mac_new(void) EVP_MAC_IMPL *macctx = OPENSSL_zalloc(sizeof(*macctx)); if (macctx != NULL) { blake2b_param_init(&macctx->params); - /* ctx initialization is deferred to BLAKE2b_Init() */ + /* ctx initialization is deferred to blake2b_init() */ } return macctx; } @@ -53,18 +53,18 @@ static int blake2b_mac_init(EVP_MAC_IMPL *macctx) return 0; } - return BLAKE2b_Init_key(&macctx->ctx, &macctx->params, macctx->key); + return blake2b_init_key(&macctx->ctx, &macctx->params, macctx->key); } static int blake2b_mac_update(EVP_MAC_IMPL *macctx, const unsigned char *data, size_t datalen) { - return BLAKE2b_Update(&macctx->ctx, data, datalen); + return blake2b_update(&macctx->ctx, data, datalen); } static int blake2b_mac_final(EVP_MAC_IMPL *macctx, unsigned char *out) { - return BLAKE2b_Final(out, &macctx->ctx); + return blake2b_final(out, &macctx->ctx); } /* diff --git a/crypto/blake2/blake2s_mac.c b/crypto/blake2/blake2s_mac.c index d40778cb12..04dbf4e027 100644 --- a/crypto/blake2/blake2s_mac.c +++ b/crypto/blake2/blake2s_mac.c @@ -10,7 +10,7 @@ #ifndef OPENSSL_NO_BLAKE2 # include -# include "blake2_locl.h" +# include "internal/blake2.h" # include "internal/cryptlib.h" # include "internal/evp_int.h" @@ -53,18 +53,18 @@ static int blake2s_mac_init(EVP_MAC_IMPL *macctx) return 0; } - return BLAKE2s_Init_key(&macctx->ctx, &macctx->params, macctx->key); + return blake2s_init_key(&macctx->ctx, &macctx->params, macctx->key); } static int blake2s_mac_update(EVP_MAC_IMPL *macctx, const unsigned char *data, size_t datalen) { - return BLAKE2s_Update(&macctx->ctx, data, datalen); + return blake2s_update(&macctx->ctx, data, datalen); } static int blake2s_mac_final(EVP_MAC_IMPL *macctx, unsigned char *out) { - return BLAKE2s_Final(out, &macctx->ctx); + return blake2s_final(out, &macctx->ctx); } /* diff --git a/crypto/blake2/build.info b/crypto/blake2/build.info index ab72ef2aca..f02bf9a6fa 100644 --- a/crypto/blake2/build.info +++ b/crypto/blake2/build.info @@ -1,3 +1,3 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ - blake2b.c blake2s.c blake2b_mac.c blake2s_mac.c m_blake2b.c m_blake2s.c + blake2b_mac.c blake2s_mac.c m_blake2b.c m_blake2s.c diff --git a/crypto/blake2/m_blake2b.c b/crypto/blake2/m_blake2b.c index 2fb80f8b4e..b429d2d7f2 100644 --- a/crypto/blake2/m_blake2b.c +++ b/crypto/blake2/m_blake2b.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,37 +7,26 @@ * https://www.openssl.org/source/license.html */ -/* - * Derived from the BLAKE2 reference implementation written by Samuel Neves. - * Copyright 2012, Samuel Neves - * More information about the BLAKE2 hash function and its implementations - * can be found at https://blake2.net. - */ - -#include "internal/cryptlib.h" - #ifndef OPENSSL_NO_BLAKE2 -# include -# include -# include "blake2_locl.h" +# include +# include # include "internal/evp_int.h" +# include "internal/blake2.h" static int init(EVP_MD_CTX *ctx) { - BLAKE2B_PARAM P; - blake2b_param_init(&P); - return BLAKE2b_Init(EVP_MD_CTX_md_data(ctx), &P); + return blake2b512_init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return BLAKE2b_Update(EVP_MD_CTX_md_data(ctx), data, count); + return blake2b_update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return BLAKE2b_Final(md, EVP_MD_CTX_md_data(ctx)); + return blake2b_final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD blake2b_md = { @@ -58,4 +47,4 @@ const EVP_MD *EVP_blake2b512(void) { return &blake2b_md; } -#endif +#endif /* OPENSSL_NO_BLAKE2 */ diff --git a/crypto/blake2/m_blake2s.c b/crypto/blake2/m_blake2s.c index 8ff172751d..dd4b68fa1c 100644 --- a/crypto/blake2/m_blake2s.c +++ b/crypto/blake2/m_blake2s.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,37 +7,26 @@ * https://www.openssl.org/source/license.html */ -/* - * Derived from the BLAKE2 reference implementation written by Samuel Neves. - * Copyright 2012, Samuel Neves - * More information about the BLAKE2 hash function and its implementations - * can be found at https://blake2.net. - */ - -#include "internal/cryptlib.h" - #ifndef OPENSSL_NO_BLAKE2 -# include -# include -# include "blake2_locl.h" +# include +# include # include "internal/evp_int.h" +# include "internal/blake2.h" static int init(EVP_MD_CTX *ctx) { - BLAKE2S_PARAM P; - blake2s_param_init(&P); - return BLAKE2s_Init(EVP_MD_CTX_md_data(ctx), &P); + return blake2s256_init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return BLAKE2s_Update(EVP_MD_CTX_md_data(ctx), data, count); + return blake2s_update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return BLAKE2s_Final(md, EVP_MD_CTX_md_data(ctx)); + return blake2s_final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD blake2s_md = { @@ -58,4 +47,4 @@ const EVP_MD *EVP_blake2s256(void) { return &blake2s_md; } -#endif +#endif /* OPENSSL_NO_BLAKE2 */ diff --git a/crypto/core_fetch.c b/crypto/core_fetch.c index 227f920713..a99f092486 100644 --- a/crypto/core_fetch.c +++ b/crypto/core_fetch.c @@ -31,6 +31,9 @@ static int ossl_method_construct_this(OSSL_PROVIDER *provider, void *cbdata) const OSSL_ALGORITHM *map = ossl_provider_query_operation(provider, data->operation_id, &no_store); + if (map == NULL) + return 0; + while (map->algorithm_name != NULL) { const OSSL_ALGORITHM *thismap = map++; void *method = NULL; diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index a1f0154a7f..89cd5c1d00 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,10 +8,12 @@ */ #include -#include "internal/cryptlib.h" #include #include #include +#include +#include +#include "internal/cryptlib.h" #include "internal/evp_int.h" #include "internal/provider.h" #include "evp_locl.h" @@ -149,16 +151,6 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) goto legacy; } - if (type->prov == NULL) { - switch(type->type) { - case NID_sha256: - case NID_md2: - break; - default: - goto legacy; - } - } - if (ctx->digest != NULL && ctx->digest->ctx_size > 0) { OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); ctx->md_data = NULL; @@ -184,6 +176,11 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) #endif } + if (ctx->provctx != NULL && ctx->digest != NULL && ctx->digest != type) { + if (ctx->digest->freectx != NULL) + ctx->digest->freectx(ctx->provctx); + ctx->provctx = NULL; + } ctx->digest = type; if (ctx->provctx == NULL) { ctx->provctx = ctx->digest->newctx(ossl_provider_ctx(type->prov)); @@ -334,7 +331,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize) } EVP_MD_CTX_reset(ctx); - return ret; /* TODO(3.0): Remove legacy code below */ @@ -354,12 +350,31 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize) int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t size) { int ret = 0; + OSSL_PARAM params[2]; + size_t i = 0; + + if (ctx->digest == NULL || ctx->digest->prov == NULL) + goto legacy; + if (ctx->digest->dfinal == NULL) { + EVPerr(EVP_F_EVP_DIGESTFINALXOF, EVP_R_FINAL_ERROR); + return 0; + } + + params[i++] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, + &size, NULL); + params[i++] = OSSL_PARAM_construct_end(); + + if (EVP_MD_CTX_set_params(ctx, params) > 0) + ret = ctx->digest->dfinal(ctx->provctx, md, &size, size); + EVP_MD_CTX_reset(ctx); + return ret; + +legacy: if (ctx->digest->flags & EVP_MD_FLAG_XOF && size <= INT_MAX && ctx->digest->md_ctrl(ctx, EVP_MD_CTRL_XOF_LEN, (int)size, NULL)) { ret = ctx->digest->final(ctx, md); - if (ctx->digest->cleanup != NULL) { ctx->digest->cleanup(ctx); EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); @@ -506,16 +521,56 @@ int EVP_Digest(const void *data, size_t count, return ret; } +int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]) +{ + if (ctx->digest != NULL && ctx->digest->set_params != NULL) + return ctx->digest->set_params(ctx->provctx, params); + return 0; +} + +int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]) +{ + if (ctx->digest != NULL && ctx->digest->get_params != NULL) + return ctx->digest->get_params(ctx->provctx, params); + return 0; +} + +#if !OPENSSL_API_3 int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) { - if (ctx->digest && ctx->digest->md_ctrl) { - int ret = ctx->digest->md_ctrl(ctx, cmd, p1, p2); - if (ret <= 0) - return 0; - return 1; + if (ctx->digest != NULL) { + OSSL_PARAM params[2]; + size_t i, sz, n = 0; + + switch (cmd) { + case EVP_MD_CTRL_XOF_LEN: + if (ctx->digest->set_params == NULL) + break; + i = (size_t)p1; + params[n++] = OSSL_PARAM_construct_size_t( + OSSL_DIGEST_PARAM_XOFLEN, &i, &sz); + params[n++] = OSSL_PARAM_construct_end(); + return ctx->digest->set_params(ctx->provctx, params) > 0; + case EVP_MD_CTRL_MICALG: + if (ctx->digest->get_params == NULL) + break; + params[n++] = OSSL_PARAM_construct_utf8_string( + OSSL_DIGEST_PARAM_MICALG, p2, p1 ? p1 : 9999, + &sz); + params[n++] = OSSL_PARAM_construct_end(); + return ctx->digest->get_params(ctx->provctx, params); + } + /* legacy code */ + if (ctx->digest->md_ctrl != NULL) { + int ret = ctx->digest->md_ctrl(ctx, cmd, p1, p2); + if (ret <= 0) + return 0; + return 1; + } } return 0; } +#endif static void *evp_md_from_dispatch(const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov) @@ -530,55 +585,59 @@ static void *evp_md_from_dispatch(const OSSL_DISPATCH *fns, for (; fns->function_id != 0; fns++) { switch (fns->function_id) { case OSSL_FUNC_DIGEST_NEWCTX: - if (md->newctx != NULL) - break; - md->newctx = OSSL_get_OP_digest_newctx(fns); - fncnt++; + if (md->newctx == NULL) { + md->newctx = OSSL_get_OP_digest_newctx(fns); + fncnt++; + } break; case OSSL_FUNC_DIGEST_INIT: - if (md->dinit != NULL) - break; - md->dinit = OSSL_get_OP_digest_init(fns); - fncnt++; + if (md->dinit == NULL) { + md->dinit = OSSL_get_OP_digest_init(fns); + fncnt++; + } break; case OSSL_FUNC_DIGEST_UPDATE: - if (md->dupdate != NULL) - break; - md->dupdate = OSSL_get_OP_digest_update(fns); - fncnt++; + if (md->dupdate == NULL) { + md->dupdate = OSSL_get_OP_digest_update(fns); + fncnt++; + } break; case OSSL_FUNC_DIGEST_FINAL: - if (md->dfinal != NULL) - break; - md->dfinal = OSSL_get_OP_digest_final(fns); - fncnt++; + if (md->dfinal == NULL) { + md->dfinal = OSSL_get_OP_digest_final(fns); + fncnt++; + } break; case OSSL_FUNC_DIGEST_DIGEST: - if (md->digest != NULL) - break; - md->digest = OSSL_get_OP_digest_digest(fns); + if (md->digest == NULL) + md->digest = OSSL_get_OP_digest_digest(fns); /* We don't increment fnct for this as it is stand alone */ break; case OSSL_FUNC_DIGEST_FREECTX: - if (md->freectx != NULL) - break; - md->freectx = OSSL_get_OP_digest_freectx(fns); - fncnt++; + if (md->freectx == NULL) { + md->freectx = OSSL_get_OP_digest_freectx(fns); + fncnt++; + } break; case OSSL_FUNC_DIGEST_DUPCTX: - if (md->dupctx != NULL) - break; - md->dupctx = OSSL_get_OP_digest_dupctx(fns); + if (md->dupctx == NULL) + md->dupctx = OSSL_get_OP_digest_dupctx(fns); break; case OSSL_FUNC_DIGEST_SIZE: - if (md->size != NULL) - break; - md->size = OSSL_get_OP_digest_size(fns); + if (md->size == NULL) + md->size = OSSL_get_OP_digest_size(fns); break; case OSSL_FUNC_DIGEST_BLOCK_SIZE: - if (md->dblock_size != NULL) - break; - md->dblock_size = OSSL_get_OP_digest_block_size(fns); + if (md->dblock_size == NULL) + md->dblock_size = OSSL_get_OP_digest_block_size(fns); + break; + case OSSL_FUNC_DIGEST_SET_PARAMS: + if (md->set_params == NULL) + md->set_params = OSSL_get_OP_digest_set_params(fns); + break; + case OSSL_FUNC_DIGEST_GET_PARAMS: + if (md->get_params == NULL) + md->get_params = OSSL_get_OP_digest_get_params(fns); break; } } diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index fdd6209bc2..d3b5bcada2 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -159,6 +159,7 @@ void *evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id, mcmdata.mcm = &mcm; mcmdata.libctx = libctx; + mcmdata.name = name; mcmdata.method_from_dispatch = new_method; mcmdata.destruct_method = free_method; mcmdata.refcnt_up_method = upref_method; diff --git a/crypto/evp/m_md5_sha1.c b/crypto/evp/m_md5_sha1.c index 425ed47744..af8ae31ec1 100644 --- a/crypto/evp/m_md5_sha1.c +++ b/crypto/evp/m_md5_sha1.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,131 +7,46 @@ * https://www.openssl.org/source/license.html */ -#if !defined(OPENSSL_NO_MD5) +#ifndef OPENSSL_NO_MD5 +# include # include -# include -# include -# include -# include -# include "internal/cryptlib.h" +# include # include "internal/evp_int.h" -# include - -struct md5_sha1_ctx { - MD5_CTX md5; - SHA_CTX sha1; -}; +# include "internal/md5_sha1.h" static int init(EVP_MD_CTX *ctx) { - struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx); - if (!MD5_Init(&mctx->md5)) - return 0; - return SHA1_Init(&mctx->sha1); + return md5_sha1_init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx); - if (!MD5_Update(&mctx->md5, data, count)) - return 0; - return SHA1_Update(&mctx->sha1, data, count); + return md5_sha1_update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx); - if (!MD5_Final(md, &mctx->md5)) - return 0; - return SHA1_Final(md + MD5_DIGEST_LENGTH, &mctx->sha1); + return md5_sha1_final(md, EVP_MD_CTX_md_data(ctx)); } static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms) { - unsigned char padtmp[48]; - unsigned char md5tmp[MD5_DIGEST_LENGTH]; - unsigned char sha1tmp[SHA_DIGEST_LENGTH]; - struct md5_sha1_ctx *mctx; - - if (cmd != EVP_CTRL_SSL3_MASTER_SECRET) - return -2; - - if (ctx == NULL) - return 0; - - mctx = EVP_MD_CTX_md_data(ctx); - - /* SSLv3 client auth handling: see RFC-6101 5.6.8 */ - if (mslen != 48) - return 0; - - /* At this point hash contains all handshake messages, update - * with master secret and pad_1. - */ - - if (update(ctx, ms, mslen) <= 0) - return 0; - - /* Set padtmp to pad_1 value */ - memset(padtmp, 0x36, sizeof(padtmp)); - - if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp))) - return 0; - - if (!MD5_Final(md5tmp, &mctx->md5)) - return 0; - - if (!SHA1_Update(&mctx->sha1, padtmp, 40)) - return 0; - - if (!SHA1_Final(sha1tmp, &mctx->sha1)) - return 0; - - /* Reinitialise context */ - - if (!init(ctx)) - return 0; - - if (update(ctx, ms, mslen) <= 0) - return 0; - - /* Set padtmp to pad_2 value */ - memset(padtmp, 0x5c, sizeof(padtmp)); - - if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp))) - return 0; - - if (!MD5_Update(&mctx->md5, md5tmp, sizeof(md5tmp))) - return 0; - - if (!SHA1_Update(&mctx->sha1, padtmp, 40)) - return 0; - - if (!SHA1_Update(&mctx->sha1, sha1tmp, sizeof(sha1tmp))) - return 0; - - /* Now when ctx is finalised it will return the SSL v3 hash value */ - - OPENSSL_cleanse(md5tmp, sizeof(md5tmp)); - OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp)); - - return 1; - + return md5_sha1_ctrl(EVP_MD_CTX_md_data(ctx), cmd, mslen, ms); } static const EVP_MD md5_sha1_md = { NID_md5_sha1, NID_md5_sha1, - MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, + MD5_SHA1_DIGEST_LENGTH, 0, init, update, final, NULL, NULL, - MD5_CBLOCK, - sizeof(EVP_MD *) + sizeof(struct md5_sha1_ctx), + MD5_SHA1_CBLOCK, + sizeof(EVP_MD *) + sizeof(MD5_SHA1_CTX), ctrl }; @@ -139,4 +54,5 @@ const EVP_MD *EVP_md5_sha1(void) { return &md5_sha1_md; } -#endif + +#endif /* OPENSSL_NO_MD5 */ diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c index 59333b24d0..1258ea03bc 100644 --- a/crypto/evp/m_sha1.c +++ b/crypto/evp/m_sha1.c @@ -32,63 +32,9 @@ static int final(EVP_MD_CTX *ctx, unsigned char *md) return SHA1_Final(md, EVP_MD_CTX_md_data(ctx)); } -static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms) +static int ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) { - unsigned char padtmp[40]; - unsigned char sha1tmp[SHA_DIGEST_LENGTH]; - - SHA_CTX *sha1; - - if (cmd != EVP_CTRL_SSL3_MASTER_SECRET) - return -2; - - if (ctx == NULL) - return 0; - - sha1 = EVP_MD_CTX_md_data(ctx); - - /* SSLv3 client auth handling: see RFC-6101 5.6.8 */ - if (mslen != 48) - return 0; - - /* At this point hash contains all handshake messages, update - * with master secret and pad_1. - */ - - if (SHA1_Update(sha1, ms, mslen) <= 0) - return 0; - - /* Set padtmp to pad_1 value */ - memset(padtmp, 0x36, sizeof(padtmp)); - - if (!SHA1_Update(sha1, padtmp, sizeof(padtmp))) - return 0; - - if (!SHA1_Final(sha1tmp, sha1)) - return 0; - - /* Reinitialise context */ - - if (!SHA1_Init(sha1)) - return 0; - - if (SHA1_Update(sha1, ms, mslen) <= 0) - return 0; - - /* Set padtmp to pad_2 value */ - memset(padtmp, 0x5c, sizeof(padtmp)); - - if (!SHA1_Update(sha1, padtmp, sizeof(padtmp))) - return 0; - - if (!SHA1_Update(sha1, sha1tmp, sizeof(sha1tmp))) - return 0; - - /* Now when ctx is finalised it will return the SSL v3 hash value */ - OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp)); - - return 1; - + return sha1_ctrl(ctx != NULL ? EVP_MD_CTX_md_data(ctx) : NULL, cmd, p1, p2); } static const EVP_MD sha1_md = { diff --git a/crypto/evp/m_sha3.c b/crypto/evp/m_sha3.c index a9263b8080..d80154c2d3 100644 --- a/crypto/evp/m_sha3.c +++ b/crypto/evp/m_sha3.c @@ -13,120 +13,33 @@ #include #include #include "internal/evp_int.h" +#include "internal/sha3.h" #include "evp_locl.h" -size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len, - size_t r); -void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r); - -#define KECCAK1600_WIDTH 1600 - -typedef struct { - uint64_t A[5][5]; - size_t block_size; /* cached ctx->digest->block_size */ - size_t md_size; /* output length, variable in XOF */ - size_t num; /* used bytes in below buffer */ - unsigned char buf[KECCAK1600_WIDTH / 8 - 32]; - unsigned char pad; -} KECCAK1600_CTX; - -static int init(EVP_MD_CTX *evp_ctx, unsigned char pad) +static int init(EVP_MD_CTX *ctx) { - KECCAK1600_CTX *ctx = evp_ctx->md_data; - size_t bsz = evp_ctx->digest->block_size; - - if (bsz <= sizeof(ctx->buf)) { - memset(ctx->A, 0, sizeof(ctx->A)); - - ctx->num = 0; - ctx->block_size = bsz; - ctx->md_size = evp_ctx->digest->md_size; - ctx->pad = pad; - - return 1; - } - - return 0; + return sha3_init(EVP_MD_CTX_md_data(ctx), '\x06', ctx->digest->md_size * 8); } -static int sha3_init(EVP_MD_CTX *evp_ctx) +static int update(EVP_MD_CTX *ctx, const void *_inp, size_t len) { - return init(evp_ctx, '\x06'); + return sha3_update(EVP_MD_CTX_md_data(ctx), _inp, len); } -static int shake_init(EVP_MD_CTX *evp_ctx) +static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return init(evp_ctx, '\x1f'); + return sha3_final(md, EVP_MD_CTX_md_data(ctx)); } -static int kmac_init(EVP_MD_CTX *evp_ctx) +static int shake_init(EVP_MD_CTX *ctx) { - return init(evp_ctx, '\x04'); -} - -static int sha3_update(EVP_MD_CTX *evp_ctx, const void *_inp, size_t len) -{ - KECCAK1600_CTX *ctx = evp_ctx->md_data; - const unsigned char *inp = _inp; - size_t bsz = ctx->block_size; - size_t num, rem; - - if (len == 0) - return 1; - - if ((num = ctx->num) != 0) { /* process intermediate buffer? */ - rem = bsz - num; - - if (len < rem) { - memcpy(ctx->buf + num, inp, len); - ctx->num += len; - return 1; - } - /* - * We have enough data to fill or overflow the intermediate - * buffer. So we append |rem| bytes and process the block, - * leaving the rest for later processing... - */ - memcpy(ctx->buf + num, inp, rem); - inp += rem, len -= rem; - (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz); - ctx->num = 0; - /* ctx->buf is processed, ctx->num is guaranteed to be zero */ - } - - if (len >= bsz) - rem = SHA3_absorb(ctx->A, inp, len, bsz); - else - rem = len; - - if (rem) { - memcpy(ctx->buf, inp + len - rem, rem); - ctx->num = rem; - } - - return 1; + return sha3_init(EVP_MD_CTX_md_data(ctx), '\x1f', ctx->digest->md_size * 8); } -static int sha3_final(EVP_MD_CTX *evp_ctx, unsigned char *md) +static int kmac_init(EVP_MD_CTX *ctx) { - KECCAK1600_CTX *ctx = evp_ctx->md_data; - size_t bsz = ctx->block_size; - size_t num = ctx->num; - - /* - * Pad the data with 10*1. Note that |num| can be |bsz - 1| - * in which case both byte operations below are performed on - * same byte... - */ - memset(ctx->buf + num, 0, bsz - num); - ctx->buf[num] = ctx->pad; - ctx->buf[bsz - 1] |= 0x80; - - (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz); - - SHA3_squeeze(ctx->A, md, ctx->md_size, bsz); - - return 1; + return keccak_kmac_init(EVP_MD_CTX_md_data(ctx), '\x04', + ctx->digest->md_size * 8 / 2); } static int shake_ctrl(EVP_MD_CTX *evp_ctx, int cmd, int p1, void *p2) @@ -311,9 +224,9 @@ const EVP_MD *EVP_sha3_##bitlen(void) \ NID_RSA_SHA3_##bitlen, \ bitlen / 8, \ EVP_MD_FLAG_DIGALGID_ABSENT, \ - sha3_init, \ - sha3_update, \ - sha3_final, \ + init, \ + update, \ + final, \ NULL, \ NULL, \ (KECCAK1600_WIDTH - bitlen * 2) / 8, \ @@ -347,8 +260,8 @@ const EVP_MD *EVP_shake##bitlen(void) \ bitlen / 8, \ EVP_MD_FLAG_XOF, \ shake_init, \ - sha3_update, \ - sha3_final, \ + update, \ + final, \ NULL, \ NULL, \ (KECCAK1600_WIDTH - bitlen * 2) / 8, \ @@ -370,9 +283,9 @@ const EVP_MD *EVP_sha3_##bitlen(void) \ NID_RSA_SHA3_##bitlen, \ bitlen / 8, \ EVP_MD_FLAG_DIGALGID_ABSENT, \ - sha3_init, \ - sha3_update, \ - sha3_final, \ + init, \ + update, \ + final, \ NULL, \ NULL, \ (KECCAK1600_WIDTH - bitlen * 2) / 8, \ @@ -390,8 +303,8 @@ const EVP_MD *EVP_shake##bitlen(void) \ bitlen / 8, \ EVP_MD_FLAG_XOF, \ shake_init, \ - sha3_update, \ - sha3_final, \ + update, \ + final, \ NULL, \ NULL, \ (KECCAK1600_WIDTH - bitlen * 2) / 8, \ @@ -416,13 +329,13 @@ EVP_MD_SHAKE(256) const EVP_MD *evp_keccak_kmac##bitlen(void) \ { \ static const EVP_MD kmac_##bitlen##_md = { \ - -1, \ + NID_kmac##bitlen, \ 0, \ 2 * bitlen / 8, \ EVP_MD_FLAG_XOF, \ kmac_init, \ - sha3_update, \ - sha3_final, \ + update, \ + final, \ NULL, \ NULL, \ (KECCAK1600_WIDTH - bitlen * 2) / 8, \ diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h index 43932a4149..77684b2f86 100644 --- a/crypto/include/internal/evp_int.h +++ b/crypto/include/internal/evp_int.h @@ -207,6 +207,8 @@ struct evp_md_st { OSSL_OP_digest_dupctx_fn *dupctx; OSSL_OP_digest_size_fn *size; OSSL_OP_digest_block_size_fn *dblock_size; + OSSL_OP_digest_set_params_fn *set_params; + OSSL_OP_digest_get_params_fn *get_params; } /* EVP_MD */ ; diff --git a/crypto/include/internal/sha.h b/crypto/include/internal/sha.h index 3b5ac0328f..3863261563 100644 --- a/crypto/include/internal/sha.h +++ b/crypto/include/internal/sha.h @@ -15,5 +15,6 @@ int sha512_224_init(SHA512_CTX *); int sha512_256_init(SHA512_CTX *); +int sha1_ctrl(SHA_CTX *ctx, int cmd, int mslen, void *ms); #endif diff --git a/crypto/md5/build.info b/crypto/md5/build.info index e641fecd0d..2b1444dc68 100644 --- a/crypto/md5/build.info +++ b/crypto/md5/build.info @@ -1,6 +1,6 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ - md5_dgst.c md5_one.c {- $target{md5_asm_src} -} + md5_dgst.c md5_one.c md5_sha1.c {- $target{md5_asm_src} -} GENERATE[md5-586.s]=asm/md5-586.pl \ $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) diff --git a/crypto/md5/md5_sha1.c b/crypto/md5/md5_sha1.c new file mode 100644 index 0000000000..5d5fac95bd --- /dev/null +++ b/crypto/md5/md5_sha1.c @@ -0,0 +1,101 @@ +/* + * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#include +#include "internal/md5_sha1.h" +#include + +int md5_sha1_init(MD5_SHA1_CTX *mctx) +{ + if (!MD5_Init(&mctx->md5)) + return 0; + return SHA1_Init(&mctx->sha1); +} + +int md5_sha1_update(MD5_SHA1_CTX *mctx, const void *data, size_t count) +{ + if (!MD5_Update(&mctx->md5, data, count)) + return 0; + return SHA1_Update(&mctx->sha1, data, count); +} + +int md5_sha1_final(unsigned char *md, MD5_SHA1_CTX *mctx) +{ + if (!MD5_Final(md, &mctx->md5)) + return 0; + return SHA1_Final(md + MD5_DIGEST_LENGTH, &mctx->sha1); +} + +int md5_sha1_ctrl(MD5_SHA1_CTX *mctx, int cmd, int mslen, void *ms) +{ + unsigned char padtmp[48]; + unsigned char md5tmp[MD5_DIGEST_LENGTH]; + unsigned char sha1tmp[SHA_DIGEST_LENGTH]; + + if (cmd != EVP_CTRL_SSL3_MASTER_SECRET) + return -2; + + if (mctx == NULL) + return 0; + + /* SSLv3 client auth handling: see RFC-6101 5.6.8 */ + if (mslen != 48) + return 0; + + /* At this point hash contains all handshake messages, update + * with master secret and pad_1. + */ + + if (md5_sha1_update(mctx, ms, mslen) <= 0) + return 0; + + /* Set padtmp to pad_1 value */ + memset(padtmp, 0x36, sizeof(padtmp)); + + if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp))) + return 0; + + if (!MD5_Final(md5tmp, &mctx->md5)) + return 0; + + if (!SHA1_Update(&mctx->sha1, padtmp, 40)) + return 0; + + if (!SHA1_Final(sha1tmp, &mctx->sha1)) + return 0; + + /* Reinitialise context */ + + if (!md5_sha1_init(mctx)) + return 0; + + if (md5_sha1_update(mctx, ms, mslen) <= 0) + return 0; + + /* Set padtmp to pad_2 value */ + memset(padtmp, 0x5c, sizeof(padtmp)); + + if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp))) + return 0; + + if (!MD5_Update(&mctx->md5, md5tmp, sizeof(md5tmp))) + return 0; + + if (!SHA1_Update(&mctx->sha1, padtmp, 40)) + return 0; + + if (!SHA1_Update(&mctx->sha1, sha1tmp, sizeof(sha1tmp))) + return 0; + + /* Now when ctx is finalised it will return the SSL v3 hash value */ + + OPENSSL_cleanse(md5tmp, sizeof(md5tmp)); + OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp)); + + return 1; +} diff --git a/crypto/sha/build.info b/crypto/sha/build.info index 242a08e3ff..70b423327f 100644 --- a/crypto/sha/build.info +++ b/crypto/sha/build.info @@ -1,9 +1,10 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ - sha1dgst.c sha1_one.c sha256.c sha512.c {- $target{sha1_asm_src} -} \ - {- $target{keccak1600_asm_src} -} + sha1dgst.c sha1_one.c sha256.c sha512.c sha3.c \ + {- $target{sha1_asm_src} -} {- $target{keccak1600_asm_src} -} -SOURCE[../../providers/fips]= sha256.c +SOURCE[../../providers/fips]= sha1dgst.c sha256.c sha512.c sha3.c \ + {- $target{keccak1600_asm_src} -} {- $target{sha1_asm_src} -} GENERATE[sha1-586.s]=asm/sha1-586.pl \ $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR) diff --git a/crypto/sha/keccak1600.c b/crypto/sha/keccak1600.c index ff53a260dc..ccbf12b1c6 100644 --- a/crypto/sha/keccak1600.c +++ b/crypto/sha/keccak1600.c @@ -1090,7 +1090,7 @@ size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len, } /* - * SHA3_squeeze is called once at the end to generate |out| hash value + * sha3_squeeze is called once at the end to generate |out| hash value * of |len| bytes. */ void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r) diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c index d31a5d4bc8..4881bcb17a 100644 --- a/crypto/sha/sha1dgst.c +++ b/crypto/sha/sha1dgst.c @@ -10,8 +10,65 @@ #include #include -# include +#include +#include +#include /* The implementation is in ../md32_common.h */ -# include "sha_locl.h" +#include "sha_locl.h" +#include "internal/sha.h" + +int sha1_ctrl(SHA_CTX *sha1, int cmd, int mslen, void *ms) +{ + unsigned char padtmp[40]; + unsigned char sha1tmp[SHA_DIGEST_LENGTH]; + + if (cmd != EVP_CTRL_SSL3_MASTER_SECRET) + return -2; + + if (sha1 == NULL) + return 0; + + /* SSLv3 client auth handling: see RFC-6101 5.6.8 */ + if (mslen != 48) + return 0; + + /* At this point hash contains all handshake messages, update + * with master secret and pad_1. + */ + + if (SHA1_Update(sha1, ms, mslen) <= 0) + return 0; + + /* Set padtmp to pad_1 value */ + memset(padtmp, 0x36, sizeof(padtmp)); + + if (!SHA1_Update(sha1, padtmp, sizeof(padtmp))) + return 0; + + if (!SHA1_Final(sha1tmp, sha1)) + return 0; + + /* Reinitialise context */ + + if (!SHA1_Init(sha1)) + return 0; + + if (SHA1_Update(sha1, ms, mslen) <= 0) + return 0; + + /* Set padtmp to pad_2 value */ + memset(padtmp, 0x5c, sizeof(padtmp)); + + if (!SHA1_Update(sha1, padtmp, sizeof(padtmp))) + return 0; + + if (!SHA1_Update(sha1, sha1tmp, sizeof(sha1tmp))) + return 0; + + /* Now when ctx is finalised it will return the SSL v3 hash value */ + OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp)); + + return 1; +} diff --git a/crypto/sha/sha3.c b/crypto/sha/sha3.c new file mode 100644 index 0000000000..19ef4266d0 --- /dev/null +++ b/crypto/sha/sha3.c @@ -0,0 +1,106 @@ +/* + * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/sha3.h" + +void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r); + +void sha3_reset(KECCAK1600_CTX *ctx) +{ + memset(ctx->A, 0, sizeof(ctx->A)); + ctx->bufsz = 0; +} + +int sha3_init(KECCAK1600_CTX *ctx, unsigned char pad, size_t bitlen) +{ + size_t bsz = SHA3_BLOCKSIZE(bitlen); + + if (bsz <= sizeof(ctx->buf)) { + sha3_reset(ctx); + ctx->block_size = bsz; + ctx->md_size = bitlen / 8; + ctx->pad = pad; + return 1; + } + + return 0; +} + +int keccak_kmac_init(KECCAK1600_CTX *ctx, unsigned char pad, size_t bitlen) +{ + int ret = sha3_init(ctx, pad, bitlen); + + if (ret) + ctx->md_size *= 2; + return ret; +} + +int sha3_update(KECCAK1600_CTX *ctx, const void *_inp, size_t len) +{ + const unsigned char *inp = _inp; + size_t bsz = ctx->block_size; + size_t num, rem; + + if (len == 0) + return 1; + + if ((num = ctx->bufsz) != 0) { /* process intermediate buffer? */ + rem = bsz - num; + + if (len < rem) { + memcpy(ctx->buf + num, inp, len); + ctx->bufsz += len; + return 1; + } + /* + * We have enough data to fill or overflow the intermediate + * buffer. So we append |rem| bytes and process the block, + * leaving the rest for later processing... + */ + memcpy(ctx->buf + num, inp, rem); + inp += rem, len -= rem; + (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz); + ctx->bufsz = 0; + /* ctx->buf is processed, ctx->num is guaranteed to be zero */ + } + + if (len >= bsz) + rem = SHA3_absorb(ctx->A, inp, len, bsz); + else + rem = len; + + if (rem) { + memcpy(ctx->buf, inp + len - rem, rem); + ctx->bufsz = rem; + } + + return 1; +} + +int sha3_final(unsigned char *md, KECCAK1600_CTX *ctx) +{ + size_t bsz = ctx->block_size; + size_t num = ctx->bufsz; + + /* + * Pad the data with 10*1. Note that |num| can be |bsz - 1| + * in which case both byte operations below are performed on + * same byte... + */ + memset(ctx->buf + num, 0, bsz - num); + ctx->buf[num] = ctx->pad; + ctx->buf[bsz - 1] |= 0x80; + + (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz); + + SHA3_squeeze(ctx->A, md, ctx->md_size, bsz); + + return 1; +} diff --git a/crypto/sm3/m_sm3.c b/crypto/sm3/m_sm3.c index 877dedbec1..38ddbfe372 100644 --- a/crypto/sm3/m_sm3.c +++ b/crypto/sm3/m_sm3.c @@ -12,8 +12,8 @@ #ifndef OPENSSL_NO_SM3 # include -# include "internal/evp_int.h" # include "internal/sm3.h" +# include "internal/evp_int.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/sm3/sm3_locl.h b/crypto/sm3/sm3_locl.h index e1fcede714..a5b79623e9 100644 --- a/crypto/sm3/sm3_locl.h +++ b/crypto/sm3/sm3_locl.h @@ -34,6 +34,7 @@ } while (0) #define HASH_BLOCK_DATA_ORDER sm3_block_data_order +void sm3_block_data_order(SM3_CTX *c, const void *p, size_t num); void sm3_transform(SM3_CTX *c, const unsigned char *data); #include "internal/md32_common.h" diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index 4f5e38c3a4..95ede34026 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -3,8 +3,8 @@ =head1 NAME EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy, -EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, EVP_MD_CTX_set_flags, -EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, +EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, EVP_MD_CTX_set_params, EVP_MD_CTX_get_params, +EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, EVP_Digest, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_flags, @@ -22,6 +22,8 @@ EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx - EVP digest routines int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); void EVP_MD_CTX_free(EVP_MD_CTX *ctx); void EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void* p2); + int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]); + int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]); void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); @@ -88,12 +90,25 @@ Cleans up digest context B and frees up the space allocated to it. =item EVP_MD_CTX_ctrl() +This is a deprecated function. EVP_MD_CTX_set_params() and EVP_MD_CTX_get_params() +is the mechanism that should be used to set and get parameters that are used by +providers. Performs digest-specific control actions on context B. The control command is indicated in B and any additional arguments in B and B. EVP_MD_CTX_ctrl() must be called after EVP_DigestInit_ex(). Other restrictions may apply depending on the control type and digest implementation. See L below for more information. +=item EVP_MD_CTX_get_params + +Retrieves the requested list of B from a MD context B. +See L below for more information. + +=item EVP_MD_CTX_set_params + +Sets the list of into a MD context B. +See L below for more information. + =item EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags() Sets, clears and tests B flags. See L below for more information. @@ -239,6 +254,38 @@ depends on how the B is created. =back +=head1 PARAMS + +See L for information about passing parameters. + +EVP_MD_CTX_set_params() can be used with the following OSSL_PARAM keys: + +=over 4 + +=item OSSL_PARAM_DIGEST_KEY_XOFLEN + +Sets the digest length for extendable output functions. +It is used by the SHAKE algorithm. + +=item OSSL_PARAM_DIGEST_KEY_PAD_TYPE + +Sets the pad type. +It is used by the MDC2 algorithm. + +=back + +EVP_MD_CTX_get_params() can be used with the following OSSL_PARAM keys: + +=over 4 + +=item OSSL_PARAM_DIGEST_KEY_MICALG . + +Gets the digest Message Integrity Check algorithm string. This is used when +creating S/MIME multipart/signed messages, as specified in RFC 3851. +It may be used by external engines or providers. + +=back + =head1 CONTROLS EVP_MD_CTX_ctrl() can be used to send the following standard controls: @@ -307,6 +354,11 @@ success and 0 for failure. Returns 1 if successful or 0 for failure. +=item EVP_MD_CTX_set_params(), +EVP_MD_CTX_get_params() + +Returns 1 if successful or 0 for failure. + =item EVP_MD_CTX_copy_ex() Returns 1 if successful or 0 for failure. @@ -418,7 +470,9 @@ digest name passed on the command line. L, L, -L +L, +L, +L The full list of digest algorithms are provided below. @@ -446,9 +500,12 @@ The EVP_dss1() function was removed in OpenSSL 1.1.0. The EVP_MD_CTX_set_pkey_ctx() function was added in 1.1.1. +The EVP_MD_CTX_set_params() and EVP_MD_CTX_get_params() functions were +added in 3.0. + =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/blake2/blake2_locl.h b/include/internal/blake2.h similarity index 68% rename from crypto/blake2/blake2_locl.h rename to include/internal/blake2.h index e8c86dbd07..1c2808bacc 100644 --- a/crypto/blake2/blake2_locl.h +++ b/include/internal/blake2.h @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,26 +7,26 @@ * https://www.openssl.org/source/license.html */ -/* - * Derived from the BLAKE2 reference implementation written by Samuel Neves. - * Copyright 2012, Samuel Neves - * More information about the BLAKE2 hash function and its implementations - * can be found at https://blake2.net. - */ +/* TODO(3.0) Move this header into provider when dependencies are removed */ +#ifndef HEADER_BLAKE2_H +# define HEADER_BLAKE2_H + +# include -#include +# include +# include -#define BLAKE2S_BLOCKBYTES 64 -#define BLAKE2S_OUTBYTES 32 -#define BLAKE2S_KEYBYTES 32 -#define BLAKE2S_SALTBYTES 8 -#define BLAKE2S_PERSONALBYTES 8 +# define BLAKE2S_BLOCKBYTES 64 +# define BLAKE2S_OUTBYTES 32 +# define BLAKE2S_KEYBYTES 32 +# define BLAKE2S_SALTBYTES 8 +# define BLAKE2S_PERSONALBYTES 8 -#define BLAKE2B_BLOCKBYTES 128 -#define BLAKE2B_OUTBYTES 64 -#define BLAKE2B_KEYBYTES 64 -#define BLAKE2B_SALTBYTES 16 -#define BLAKE2B_PERSONALBYTES 16 +# define BLAKE2B_BLOCKBYTES 128 +# define BLAKE2B_OUTBYTES 64 +# define BLAKE2B_KEYBYTES 64 +# define BLAKE2B_SALTBYTES 16 +# define BLAKE2B_PERSONALBYTES 16 struct blake2s_param_st { uint8_t digest_length; /* 1 */ @@ -83,10 +83,13 @@ struct blake2b_ctx_st { typedef struct blake2s_ctx_st BLAKE2S_CTX; typedef struct blake2b_ctx_st BLAKE2B_CTX; -int BLAKE2b_Init(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P); -int BLAKE2b_Init_key(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P, const void *key); -int BLAKE2b_Update(BLAKE2B_CTX *c, const void *data, size_t datalen); -int BLAKE2b_Final(unsigned char *md, BLAKE2B_CTX *c); +int blake2s256_init(void *ctx); +int blake2b512_init(void *ctx); + +int blake2b_init(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P); +int blake2b_init_key(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P, const void *key); +int blake2b_update(BLAKE2B_CTX *c, const void *data, size_t datalen); +int blake2b_final(unsigned char *md, BLAKE2B_CTX *c); /* * These setters are internal and do not check the validity of their parameters. @@ -99,13 +102,15 @@ void blake2b_param_set_key_length(BLAKE2B_PARAM *P, uint8_t keylen); void blake2b_param_set_personal(BLAKE2B_PARAM *P, const uint8_t *personal, size_t length); void blake2b_param_set_salt(BLAKE2B_PARAM *P, const uint8_t *salt, size_t length); -int BLAKE2s_Init(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P); -int BLAKE2s_Init_key(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P, const void *key); -int BLAKE2s_Update(BLAKE2S_CTX *c, const void *data, size_t datalen); -int BLAKE2s_Final(unsigned char *md, BLAKE2S_CTX *c); +int blake2s_init(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P); +int blake2s_init_key(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P, const void *key); +int blake2s_update(BLAKE2S_CTX *c, const void *data, size_t datalen); +int blake2s_final(unsigned char *md, BLAKE2S_CTX *c); void blake2s_param_init(BLAKE2S_PARAM *P); void blake2s_param_set_digest_length(BLAKE2S_PARAM *P, uint8_t outlen); void blake2s_param_set_key_length(BLAKE2S_PARAM *P, uint8_t keylen); void blake2s_param_set_personal(BLAKE2S_PARAM *P, const uint8_t *personal, size_t length); void blake2s_param_set_salt(BLAKE2S_PARAM *P, const uint8_t *salt, size_t length); + +#endif /* HEADER_BLAKE2_H */ diff --git a/include/internal/md5_sha1.h b/include/internal/md5_sha1.h new file mode 100644 index 0000000000..0f1f7350fb --- /dev/null +++ b/include/internal/md5_sha1.h @@ -0,0 +1,37 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* TODO(3.0) Move this header into provider when dependencies are removed */ +#ifndef HEADER_MD5_SHA1_H +# define HEADER_MD5_SHA1_H + +# include + +# ifndef OPENSSL_NO_MD5 +# include +# include +# include +# include + +# define MD5_SHA1_DIGEST_LENGTH (MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH) +# define MD5_SHA1_CBLOCK MD5_CBLOCK + +typedef struct md5_sha1_st { + MD5_CTX md5; + SHA_CTX sha1; +} MD5_SHA1_CTX; + +int md5_sha1_init(MD5_SHA1_CTX *mctx); +int md5_sha1_update(MD5_SHA1_CTX *mctx, const void *data, size_t count); +int md5_sha1_final(unsigned char *md, MD5_SHA1_CTX *mctx); +int md5_sha1_ctrl(MD5_SHA1_CTX *mctx, int cmd, int mslen, void *ms); + +# endif /* OPENSSL_NO_MD5 */ + +#endif /* HEADER_MD5_SHA1_H */ diff --git a/include/internal/sha3.h b/include/internal/sha3.h new file mode 100644 index 0000000000..b07d50c6c2 --- /dev/null +++ b/include/internal/sha3.h @@ -0,0 +1,52 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* TODO(3.0) Move this header into provider when dependencies are removed */ +#ifndef HEADER_INTERNAL_SHA3_H +# define HEADER_INTERNAL_SHA3_H + +# include +# include + +# define KECCAK1600_WIDTH 1600 +# define SHA3_MDSIZE(bitlen) (bitlen / 8) +# define KMAC_MDSIZE(bitlen) 2 * (bitlen / 8) +# define SHA3_BLOCKSIZE(bitlen) (KECCAK1600_WIDTH - bitlen * 2) / 8 + +typedef struct keccak_st KECCAK1600_CTX; + +typedef size_t (sha3_absorb_fn)(void *vctx, const void *inp, size_t len); +typedef int (sha3_final_fn)(unsigned char *md, void *vctx); + +typedef struct prov_sha3_meth_st +{ + sha3_absorb_fn *absorb; + sha3_final_fn *final; +} PROV_SHA3_METHOD; + +struct keccak_st { + uint64_t A[5][5]; + size_t block_size; /* cached ctx->digest->block_size */ + size_t md_size; /* output length, variable in XOF */ + size_t bufsz; /* used bytes in below buffer */ + unsigned char buf[KECCAK1600_WIDTH / 8 - 32]; + unsigned char pad; + PROV_SHA3_METHOD meth; +}; + +void sha3_reset(KECCAK1600_CTX *ctx); +int sha3_init(KECCAK1600_CTX *ctx, unsigned char pad, size_t bitlen); +int keccak_kmac_init(KECCAK1600_CTX *ctx, unsigned char pad, size_t bitlen); +int sha3_update(KECCAK1600_CTX *ctx, const void *_inp, size_t len); +int sha3_final(unsigned char *md, KECCAK1600_CTX *ctx); + +size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len, + size_t r); + +#endif /* HEADER_INTERNAL_SHA3_H */ diff --git a/crypto/include/internal/sm3.h b/include/internal/sm3.h similarity index 83% rename from crypto/include/internal/sm3.h rename to include/internal/sm3.h index cb0f28d79c..2aef712e6a 100644 --- a/crypto/include/internal/sm3.h +++ b/include/internal/sm3.h @@ -1,5 +1,5 @@ /* - * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2017 Ribose Inc. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -8,6 +8,7 @@ * https://www.openssl.org/source/license.html */ +/* TODO(3.0) Move this header into provider when dependencies are removed */ #ifndef HEADER_SM3_H # define HEADER_SM3_H @@ -34,6 +35,4 @@ int sm3_init(SM3_CTX *c); int sm3_update(SM3_CTX *c, const void *data, size_t len); int sm3_final(unsigned char *md, SM3_CTX *c); -void sm3_block_data_order(SM3_CTX *c, const void *p, size_t num); - -#endif +#endif /* HEADER_SM3_H */ diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 35a23d7421..52a3f8b30b 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -40,6 +40,13 @@ extern "C" { #define OSSL_CIPHER_PARAM_PADDING "padding" #define OSSL_CIPHER_PARAM_MODE "mode" +/* digest parameters */ +#define OSSL_DIGEST_PARAM_XOFLEN "xoflen" +#define OSSL_DIGEST_PARAM_CMD "cmd" +#define OSSL_DIGEST_PARAM_MSG "msg" +#define OSSL_DIGEST_PARAM_PAD_TYPE "pad_type" +#define OSSL_DIGEST_PARAM_MICALG "micalg" + # ifdef __cplusplus } # endif diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index 8d026f4a17..03a918d508 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -91,7 +91,8 @@ OSSL_CORE_MAKE_FUNC(const OSSL_ALGORITHM *,provider_query_operation, # define OSSL_FUNC_DIGEST_DUPCTX 7 # define OSSL_FUNC_DIGEST_SIZE 8 # define OSSL_FUNC_DIGEST_BLOCK_SIZE 9 - +# define OSSL_FUNC_DIGEST_SET_PARAMS 10 +# define OSSL_FUNC_DIGEST_GET_PARAMS 11 OSSL_CORE_MAKE_FUNC(void *, OP_digest_newctx, (void *provctx)) OSSL_CORE_MAKE_FUNC(int, OP_digest_init, (void *dctx)) @@ -107,9 +108,13 @@ OSSL_CORE_MAKE_FUNC(int, OP_digest_digest, OSSL_CORE_MAKE_FUNC(void, OP_digest_cleanctx, (void *dctx)) OSSL_CORE_MAKE_FUNC(void, OP_digest_freectx, (void *dctx)) OSSL_CORE_MAKE_FUNC(void *, OP_digest_dupctx, (void *dctx)) + OSSL_CORE_MAKE_FUNC(size_t, OP_digest_size, (void)) OSSL_CORE_MAKE_FUNC(size_t, OP_digest_block_size, (void)) - +OSSL_CORE_MAKE_FUNC(int, OP_digest_set_params, + (void *vctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_digest_get_params, + (void *vctx, const OSSL_PARAM params[])) /* Symmetric Ciphers */ @@ -163,7 +168,6 @@ OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_get_params, (void *cctx, OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_set_params, (void *cctx, const OSSL_PARAM params[])) - # ifdef __cplusplus } # endif diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 593753cb27..a2af3fc9e2 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -17,6 +17,7 @@ # include # include # include +# include # define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */ # define EVP_MAX_KEY_LENGTH 64 @@ -539,7 +540,9 @@ void BIO_set_md(BIO *, const EVP_MD *md); # define EVP_delete_digest_alias(alias) \ OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); -int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2); +int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]); +int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]); +DEPRECATEDIN_3(int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)) EVP_MD_CTX *EVP_MD_CTX_new(void); int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); void EVP_MD_CTX_free(EVP_MD_CTX *ctx); diff --git a/providers/build.info b/providers/build.info index f379f740d5..192a5defcc 100644 --- a/providers/build.info +++ b/providers/build.info @@ -20,6 +20,6 @@ IF[{- !$disabled{legacy} -}] SOURCE[legacy]=legacy.ld GENERATE[legacy.ld]=../util/providers.num ENDIF - INCLUDE[legacy]=.. ../include ../crypto/include + INCLUDE[legacy]=.. ../include ../crypto/include common/include DEPEND[legacy]=../libcrypto ENDIF diff --git a/providers/common/digests/build.info b/providers/common/digests/build.info index b98df29fc5..8ce0b443c1 100644 --- a/providers/common/digests/build.info +++ b/providers/common/digests/build.info @@ -1,5 +1,5 @@ SOURCE[../../../libcrypto]=\ - sha2.c + sha2.c sha3.c SOURCE[../../fips]=\ - sha2.c + sha2.c sha3.c diff --git a/providers/common/digests/sha2.c b/providers/common/digests/sha2.c index 5b219ab783..4b5979e4ab 100644 --- a/providers/common/digests/sha2.c +++ b/providers/common/digests/sha2.c @@ -7,81 +7,64 @@ * https://www.openssl.org/source/license.html */ -#include #include #include +#include +#include +#include +#include "internal/core_mkdigest.h" #include "internal/provider_algs.h" +#include "internal/sha.h" -/* - * Forward declaration of everything implemented here. This is not strictly - * necessary for the compiler, but provides an assurance that the signatures - * of the functions in the dispatch table are correct. - */ -static OSSL_OP_digest_newctx_fn sha256_newctx; -#if 0 /* Not defined here */ -static OSSL_OP_digest_init_fn sha256_init; -static OSSL_OP_digest_update_fn sha256_update; -#endif -static OSSL_OP_digest_final_fn sha256_final; -static OSSL_OP_digest_freectx_fn sha256_freectx; -static OSSL_OP_digest_dupctx_fn sha256_dupctx; -static OSSL_OP_digest_size_fn sha256_size; -static OSSL_OP_digest_block_size_fn sha256_size; +static OSSL_OP_digest_set_params_fn sha1_set_params; -static int sha256_final(void *ctx, - unsigned char *md, size_t *mdl, size_t mdsz) +/* Special set_params method for SSL3 */ +static int sha1_set_params(void *vctx, const OSSL_PARAM params[]) { - if (mdsz >= SHA256_DIGEST_LENGTH - && SHA256_Final(md, ctx)) { - *mdl = SHA256_DIGEST_LENGTH; - return 1; - } + int cmd = 0; + size_t msg_len = 0; + const void *msg = NULL; + const OSSL_PARAM *p; + SHA_CTX *ctx = (SHA_CTX *)vctx; + if (ctx != NULL && params != NULL) { + p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_CMD); + if (p != NULL && !OSSL_PARAM_get_int(p, &cmd)) + return 0; + p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_MSG); + if (p != NULL && !OSSL_PARAM_get_octet_ptr(p, &msg, &msg_len)) + return 0; + return sha1_ctrl(ctx, cmd, msg_len, (void *)msg); + } return 0; } -static void *sha256_newctx(void *provctx) -{ - SHA256_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - - return ctx; -} - -static void sha256_freectx(void *vctx) -{ - SHA256_CTX *ctx = (SHA256_CTX *)vctx; +OSSL_FUNC_DIGEST_CONSTRUCT_PARAMS(sha1, SHA_CTX, + SHA_CBLOCK, SHA_DIGEST_LENGTH, + SHA1_Init, SHA1_Update, SHA1_Final, + sha1_set_params) - OPENSSL_clear_free(ctx, sizeof(*ctx)); -} +OSSL_FUNC_DIGEST_CONSTRUCT(sha224, SHA256_CTX, + SHA256_CBLOCK, SHA224_DIGEST_LENGTH, + SHA224_Init, SHA224_Update, SHA224_Final) -static void *sha256_dupctx(void *ctx) -{ - SHA256_CTX *in = (SHA256_CTX *)ctx; - SHA256_CTX *ret = OPENSSL_malloc(sizeof(*ret)); +OSSL_FUNC_DIGEST_CONSTRUCT(sha256, SHA256_CTX, + SHA256_CBLOCK, SHA256_DIGEST_LENGTH, + SHA256_Init, SHA256_Update, SHA256_Final) - *ret = *in; +OSSL_FUNC_DIGEST_CONSTRUCT(sha384, SHA512_CTX, + SHA512_CBLOCK, SHA384_DIGEST_LENGTH, + SHA384_Init, SHA384_Update, SHA384_Final) - return ret; -} +OSSL_FUNC_DIGEST_CONSTRUCT(sha512, SHA512_CTX, + SHA512_CBLOCK, SHA512_DIGEST_LENGTH, + SHA512_Init, SHA512_Update, SHA512_Final) -static size_t sha256_size(void) -{ - return SHA256_DIGEST_LENGTH; -} +OSSL_FUNC_DIGEST_CONSTRUCT(sha512_224, SHA512_CTX, + SHA512_CBLOCK, SHA224_DIGEST_LENGTH, + sha512_224_init, SHA512_Update, SHA512_Final) -static size_t sha256_block_size(void) -{ - return SHA256_CBLOCK; -} +OSSL_FUNC_DIGEST_CONSTRUCT(sha512_256, SHA512_CTX, + SHA512_CBLOCK, SHA256_DIGEST_LENGTH, + sha512_256_init, SHA512_Update, SHA512_Final) -const OSSL_DISPATCH sha256_functions[] = { - { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))sha256_newctx }, - { OSSL_FUNC_DIGEST_INIT, (void (*)(void))SHA256_Init }, - { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))SHA256_Update }, - { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))sha256_final }, - { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))sha256_freectx }, - { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))sha256_dupctx }, - { OSSL_FUNC_DIGEST_SIZE, (void (*)(void))sha256_size }, - { OSSL_FUNC_DIGEST_BLOCK_SIZE, (void (*)(void))sha256_block_size }, - { 0, NULL } -}; diff --git a/providers/common/digests/sha3.c b/providers/common/digests/sha3.c new file mode 100644 index 0000000000..7b898b6c94 --- /dev/null +++ b/providers/common/digests/sha3.c @@ -0,0 +1,277 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include "internal/sha3.h" +#include "internal/core_mkdigest.h" +#include "internal/provider_algs.h" + +/* + * Forward declaration of any unique methods implemented here. This is not strictly + * necessary for the compiler, but provides an assurance that the signatures + * of the functions in the dispatch table are correct. + */ +static OSSL_OP_digest_init_fn keccak_init; +static OSSL_OP_digest_update_fn keccak_update; +static OSSL_OP_digest_final_fn keccak_final; +static OSSL_OP_digest_freectx_fn keccak_freectx; +static OSSL_OP_digest_dupctx_fn keccak_dupctx; +static OSSL_OP_digest_set_params_fn shake_set_params; +static sha3_absorb_fn generic_sha3_absorb; +static sha3_final_fn generic_sha3_final; + +#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && defined(KECCAK1600_ASM) +/* + * IBM S390X support + */ +# include "s390x_arch.h" +# define S390_SHA3 1 +# define S390_SHA3_CAPABLE(name) \ + ((OPENSSL_s390xcap_P.kimd[0] & S390X_CAPBIT(S390X_##name)) && \ + (OPENSSL_s390xcap_P.klmd[0] & S390X_CAPBIT(S390X_##name))) + +#endif + +static int keccak_init(void *vctx) +{ + /* The newctx() handles most of the ctx fixed setup. */ + sha3_reset((KECCAK1600_CTX *)vctx); + return 1; +} + +static int keccak_update(void *vctx, const unsigned char *inp, size_t len) +{ + KECCAK1600_CTX *ctx = vctx; + const size_t bsz = ctx->block_size; + size_t num, rem; + + if (len == 0) + return 1; + + /* Is there anything in the buffer already ? */ + if ((num = ctx->bufsz) != 0) { + /* Calculate how much space is left in the buffer */ + rem = bsz - num; + /* If the new input does not fill the buffer then just add it */ + if (len < rem) { + memcpy(ctx->buf + num, inp, len); + ctx->bufsz += len; + return 1; + } + /* otherwise fill up the buffer and absorb the buffer */ + memcpy(ctx->buf + num, inp, rem); + /* Update the input pointer */ + inp += rem; + len -= rem; + ctx->meth.absorb(ctx, ctx->buf, bsz); + ctx->bufsz = 0; + } + /* Absorb the input - rem = leftover part of the input < blocksize) */ + rem = ctx->meth.absorb(ctx, inp, len); + /* Copy the leftover bit of the input into the buffer */ + if (rem) { + memcpy(ctx->buf, inp + len - rem, rem); + ctx->bufsz = rem; + } + return 1; +} + +static int keccak_final(void *vctx, unsigned char *out, size_t *outl, + size_t outsz) +{ + int ret; + KECCAK1600_CTX *ctx = vctx; + + ret = ctx->meth.final(out, ctx); + *outl = ctx->md_size; + return ret; +} + +/*- + * Generic software version of the absorb() and final(). + */ +static size_t generic_sha3_absorb(void *vctx, const void *inp, size_t len) +{ + KECCAK1600_CTX *ctx = vctx; + + return SHA3_absorb(ctx->A, inp, len, ctx->block_size); +} + +static int generic_sha3_final(unsigned char *md, void *vctx) +{ + return sha3_final(md, (KECCAK1600_CTX *)vctx); +} + +static PROV_SHA3_METHOD sha3_generic_md = +{ + generic_sha3_absorb, + generic_sha3_final +}; + +#if defined(S390_SHA3) + +static sha3_absorb_fn s390x_sha3_absorb; +static sha3_final_fn s390x_sha3_final; +static sha3_final_fn s390x_shake_final; + +/*- + * The platform specific parts of the absorb() and final() for S390X. + */ +static size_t s390x_sha3_absorb(void *vctx, const void *inp, size_t len) +{ + KECCAK1600_CTX *ctx = vctx; + size_t rem = len % ctx->block_size; + + s390x_kimd(inp, len - rem, ctx->pad, ctx->A); + return rem; +} + +static int s390x_sha3_final(unsigned char *md, void *vctx) +{ + KECCAK1600_CTX *ctx = vctx; + + s390x_klmd(ctx->buf, ctx->bufsz, NULL, 0, ctx->pad, ctx->A); + memcpy(md, ctx->A, ctx->md_size); +} + +static int s390x_shake_final(unsigned char *md, void *vctx) +{ + KECCAK1600_CTX *ctx = vctx; + + s390x_klmd(ctx->buf, ctx->bufsz, md, ctx->md_size, ctx->pad, ctx->A); + return 1; +} + +static PROV_SHA3_METHOD sha3_s390x_md = +{ + s390x_sha3_absorb, + s390x_sha3_final +}; + +static PROV_SHA3_METHOD shake_s390x_md = +{ + s390x_sha3_absorb, + s390x_shake_final +}; + +# define SHA3_SET_MD(uname, typ) \ + if (S390_SHA3_CAPABLE(uname)) { \ + ctx->pad = S390X_##uname; \ + ctx->meth = typ##_s390x_md; \ + } else { \ + ctx->meth = sha3_generic_md; \ + } +#else +# define SHA3_SET_MD(uname, typ) ctx->meth = sha3_generic_md; +#endif /* S390_SHA3 */ + +#define SHA3_newctx(typ, uname, name, bitlen, pad) \ +static OSSL_OP_digest_newctx_fn name##_newctx; \ +static void *name##_newctx(void *provctx) \ +{ \ + KECCAK1600_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ + \ + if (ctx == NULL) \ + return NULL; \ + sha3_init(ctx, pad, bitlen); \ + SHA3_SET_MD(name, typ) \ + return ctx; \ +} + +#define KMAC_newctx(uname, bitlen, pad) \ +static OSSL_OP_digest_newctx_fn uname##_newctx; \ +static void *uname##_newctx(void *provctx) \ +{ \ + KECCAK1600_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ + \ + if (ctx == NULL) \ + return NULL; \ + keccak_kmac_init(ctx, pad, bitlen); \ + ctx->meth = sha3_generic_md; \ + return ctx; \ +} + +#define OSSL_FUNC_SHA3_DIGEST(name, bitlen, dgstsize, stparams) \ +static OSSL_OP_digest_size_fn name##_size; \ +static OSSL_OP_digest_block_size_fn name##_block_size; \ +static size_t name##_block_size(void) \ +{ \ + return SHA3_BLOCKSIZE(bitlen); \ +} \ +static size_t name##_size(void) \ +{ \ + return dgstsize; \ +} \ +const OSSL_DISPATCH name##_functions[] = { \ + { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))name##_newctx }, \ + { OSSL_FUNC_DIGEST_INIT, (void (*)(void))keccak_init }, \ + { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))keccak_update }, \ + { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))keccak_final }, \ + { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))keccak_freectx }, \ + { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))keccak_dupctx }, \ + { OSSL_FUNC_DIGEST_SIZE, (void (*)(void))name##_size }, \ + { OSSL_FUNC_DIGEST_BLOCK_SIZE, (void (*)(void))name##_block_size }, \ + { OSSL_FUNC_DIGEST_SET_PARAMS, (void (*)(void))stparams },\ +OSSL_FUNC_DIGEST_CONSTRUCT_END + +static void keccak_freectx(void *vctx) +{ + KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx; + + OPENSSL_clear_free(ctx, sizeof(*ctx)); +} + +static void *keccak_dupctx(void *ctx) +{ + KECCAK1600_CTX *in = (KECCAK1600_CTX *)ctx; + KECCAK1600_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + + *ret = *in; + return ret; +} + +static int shake_set_params(void *vctx, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *p; + KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx; + + if (ctx != NULL && params != NULL) { + p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_XOFLEN); + if (p != NULL && !OSSL_PARAM_get_size_t(p, &ctx->md_size)) + return 0; + return 1; + } + return 0; /* Null Parameter */ +} + +#define SHA3(bitlen) \ + SHA3_newctx(sha3, SHA3_##bitlen, sha3_##bitlen, bitlen, '\x06') \ + OSSL_FUNC_SHA3_DIGEST(sha3_##bitlen, bitlen, SHA3_MDSIZE(bitlen), NULL) + +#define SHAKE(bitlen) \ + SHA3_newctx(shake, SHAKE_##bitlen, shake_##bitlen, bitlen, '\x1f') \ + OSSL_FUNC_SHA3_DIGEST(shake_##bitlen, bitlen, SHA3_MDSIZE(bitlen), \ + shake_set_params) +#define KMAC(bitlen) \ + KMAC_newctx(keccak_kmac_##bitlen, bitlen, '\x04') \ + OSSL_FUNC_SHA3_DIGEST(keccak_kmac_##bitlen, bitlen, KMAC_MDSIZE(bitlen), \ + shake_set_params) + +SHA3(224) +SHA3(256) +SHA3(384) +SHA3(512) +SHAKE(128) +SHAKE(256) +KMAC(128) +KMAC(256) diff --git a/providers/common/include/internal/core_mkdigest.h b/providers/common/include/internal/core_mkdigest.h new file mode 100644 index 0000000000..7225196d62 --- /dev/null +++ b/providers/common/include/internal/core_mkdigest.h @@ -0,0 +1,95 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CORE_MKDIGEST_H +# define OSSL_CORE_MKDIGEST_H + +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# define OSSL_FUNC_DIGEST_ALLOC_METHODS(name, CTX_NAME) \ +static OSSL_OP_digest_newctx_fn name##_newctx; \ +static OSSL_OP_digest_freectx_fn name##_freectx; \ +static OSSL_OP_digest_dupctx_fn name##_dupctx; \ +static void *name##_newctx(void *prov_ctx) \ +{ \ + CTX_NAME *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ + return ctx; \ +} \ +static void name##_freectx(void *vctx) \ +{ \ + CTX_NAME *ctx = (CTX_NAME *)vctx; \ + OPENSSL_clear_free(ctx, sizeof(*ctx)); \ +} \ +static void *name##_dupctx(void *ctx) \ +{ \ + CTX_NAME *in = (CTX_NAME *)ctx; \ + CTX_NAME *ret = OPENSSL_malloc(sizeof(*ret)); \ + *ret = *in; \ + return ret; \ +} + +# define OSSL_FUNC_DIGEST_SET_FINAL(name, dgstsize, fin) \ +static OSSL_OP_digest_final_fn name##_wrapfinal; \ +static int name##_wrapfinal(void *ctx, unsigned char *out, size_t *outl, size_t outsz) \ +{ \ + if (outsz >= dgstsize && fin(out, ctx)) { \ + *outl = dgstsize; \ + return 1; \ + } \ + return 0; \ +} + +# define OSSL_FUNC_DIGEST_COMMON(name, blksize, dgstsize, init, upd) \ +static OSSL_OP_digest_block_size_fn name##_block_size; \ +static OSSL_OP_digest_size_fn name##_size; \ +static size_t name##_block_size(void) \ +{ \ + return blksize; \ +} \ +static size_t name##_size(void) \ +{ \ + return dgstsize; \ +} \ +const OSSL_DISPATCH name##_functions[] = { \ + { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))name##_newctx }, \ + { OSSL_FUNC_DIGEST_INIT, (void (*)(void))init }, \ + { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))upd }, \ + { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))name##_wrapfinal }, \ + { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))name##_freectx }, \ + { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))name##_dupctx }, \ + { OSSL_FUNC_DIGEST_SIZE, (void (*)(void))name##_size }, \ + { OSSL_FUNC_DIGEST_BLOCK_SIZE, (void (*)(void))name##_block_size }, + +# define OSSL_FUNC_DIGEST_CONSTRUCT_START(name, CTX, blksize, dgstsize, init, upd, fin) \ +OSSL_FUNC_DIGEST_ALLOC_METHODS(name, CTX) \ +OSSL_FUNC_DIGEST_SET_FINAL(name, dgstsize, fin) \ +OSSL_FUNC_DIGEST_COMMON(name, blksize, dgstsize, init, upd) + +# define OSSL_FUNC_DIGEST_CONSTRUCT_END \ + { 0, NULL } \ +}; + +# define OSSL_FUNC_DIGEST_CONSTRUCT(name, CTX, blksize, dgstsize, init, upd, fin) \ +OSSL_FUNC_DIGEST_CONSTRUCT_START(name, CTX, blksize, dgstsize, init, upd, fin) \ +OSSL_FUNC_DIGEST_CONSTRUCT_END + +# define OSSL_FUNC_DIGEST_CONSTRUCT_PARAMS(name, CTX, blksize, dgstsize, init, upd, fin, setparams) \ +OSSL_FUNC_DIGEST_CONSTRUCT_START(name, CTX, blksize, dgstsize, init, upd, fin) \ + { OSSL_FUNC_DIGEST_SET_PARAMS, (void (*)(void))setparams }, \ +OSSL_FUNC_DIGEST_CONSTRUCT_END + +# ifdef __cplusplus +} +# endif + +#endif /* OSSL_CORE_MKDIGEST_H */ diff --git a/providers/common/include/internal/provider_algs.h b/providers/common/include/internal/provider_algs.h index dd9211bbbc..0e26da05f5 100644 --- a/providers/common/include/internal/provider_algs.h +++ b/providers/common/include/internal/provider_algs.h @@ -8,7 +8,32 @@ */ /* Digests */ +extern const OSSL_DISPATCH sha1_functions[]; +extern const OSSL_DISPATCH sha224_functions[]; extern const OSSL_DISPATCH sha256_functions[]; +extern const OSSL_DISPATCH sha384_functions[]; +extern const OSSL_DISPATCH sha512_functions[]; +extern const OSSL_DISPATCH sha512_224_functions[]; +extern const OSSL_DISPATCH sha512_256_functions[]; +extern const OSSL_DISPATCH sha3_224_functions[]; +extern const OSSL_DISPATCH sha3_256_functions[]; +extern const OSSL_DISPATCH sha3_384_functions[]; +extern const OSSL_DISPATCH sha3_512_functions[]; +extern const OSSL_DISPATCH keccak_kmac_128_functions[]; +extern const OSSL_DISPATCH keccak_kmac_256_functions[]; +extern const OSSL_DISPATCH shake_128_functions[]; +extern const OSSL_DISPATCH shake_256_functions[]; +extern const OSSL_DISPATCH blake2s256_functions[]; +extern const OSSL_DISPATCH blake2b512_functions[]; +extern const OSSL_DISPATCH md5_functions[]; +extern const OSSL_DISPATCH md5_sha1_functions[]; +extern const OSSL_DISPATCH sm3_functions[]; +extern const OSSL_DISPATCH nullmd_functions[]; +extern const OSSL_DISPATCH md2_functions[]; +extern const OSSL_DISPATCH md4_functions[]; +extern const OSSL_DISPATCH mdc2_functions[]; +extern const OSSL_DISPATCH wp_functions[]; +extern const OSSL_DISPATCH ripemd160_functions[]; /* Ciphers */ extern const OSSL_DISPATCH aes256ecb_functions[]; diff --git a/providers/default/build.info b/providers/default/build.info index eab90a3e3e..985d681b05 100644 --- a/providers/default/build.info +++ b/providers/default/build.info @@ -1,3 +1,4 @@ +SUBDIRS=digests LIBS=../../libcrypto SOURCE[../../libcrypto]=\ defltprov.c diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c index 95b2abfdb9..98999405d6 100644 --- a/providers/default/defltprov.c +++ b/providers/default/defltprov.c @@ -51,7 +51,42 @@ static int deflt_get_params(const OSSL_PROVIDER *prov, } static const OSSL_ALGORITHM deflt_digests[] = { + { "SHA1", "default=yes", sha1_functions }, + + { "SHA224", "default=yes", sha224_functions }, { "SHA256", "default=yes", sha256_functions }, + { "SHA384", "default=yes", sha384_functions }, + { "SHA512", "default=yes", sha512_functions }, + { "SHA512-224", "default=yes", sha512_224_functions }, + { "SHA512-256", "default=yes", sha512_256_functions }, + + { "SHA3-224", "default=yes", sha3_224_functions }, + { "SHA3-256", "default=yes", sha3_256_functions }, + { "SHA3-384", "default=yes", sha3_384_functions }, + { "SHA3-512", "default=yes", sha3_512_functions }, + + { "KMAC128", "default=yes", keccak_kmac_128_functions }, + { "KMAC256", "default=yes", keccak_kmac_256_functions }, + + { "SHAKE128", "default=yes", shake_128_functions }, + { "SHAKE256", "default=yes", shake_256_functions }, + +#ifndef OPENSSL_NO_BLAKE2 + { "BLAKE2s256", "default=yes", blake2s256_functions }, + { "BLAKE2b512", "default=yes", blake2b512_functions }, +#endif /* OPENSSL_NO_BLAKE2 */ + +#ifndef OPENSSL_NO_SM3 + { "SM3", "default=yes", sm3_functions }, +#endif /* OPENSSL_NO_SM3 */ + +#ifndef OPENSSL_NO_MD5 + { "MD5", "default=yes", md5_functions }, + { "MD5-SHA1", "default=yes", md5_sha1_functions }, +#endif /* OPENSSL_NO_MD5 */ + + /*{ "UNDEF", "default=yes", nullmd_functions }, */ + { NULL, NULL, NULL } }; diff --git a/providers/default/digests/blake2.c b/providers/default/digests/blake2.c new file mode 100644 index 0000000000..18a8d60b0c --- /dev/null +++ b/providers/default/digests/blake2.c @@ -0,0 +1,40 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/blake2.h" +#include "internal/core_mkdigest.h" +#include "internal/provider_algs.h" + +OSSL_OP_digest_init_fn blake2s256_init; +OSSL_OP_digest_init_fn blake2b512_init; + +int blake2s256_init(void *ctx) +{ + BLAKE2S_PARAM P; + + blake2s_param_init(&P); + return blake2s_init((BLAKE2S_CTX *)ctx, &P); +} + +int blake2b512_init(void *ctx) +{ + BLAKE2B_PARAM P; + + blake2b_param_init(&P); + return blake2b_init((BLAKE2B_CTX *)ctx, &P); +} + +OSSL_FUNC_DIGEST_CONSTRUCT(blake2s256, BLAKE2S_CTX, + BLAKE2S_BLOCKBYTES, BLAKE2S_DIGEST_LENGTH, + blake2s256_init, blake2s_update, blake2s_final) + +OSSL_FUNC_DIGEST_CONSTRUCT(blake2b512, BLAKE2B_CTX, + BLAKE2B_BLOCKBYTES, BLAKE2B_DIGEST_LENGTH, + blake2b512_init, blake2b_update, blake2b_final) diff --git a/crypto/blake2/blake2_impl.h b/providers/default/digests/blake2_impl.h similarity index 100% rename from crypto/blake2/blake2_impl.h rename to providers/default/digests/blake2_impl.h diff --git a/crypto/blake2/blake2b.c b/providers/default/digests/blake2b.c similarity index 96% rename from crypto/blake2/blake2b.c rename to providers/default/digests/blake2b.c index 813f9ddeb1..8801270417 100644 --- a/crypto/blake2/blake2b.c +++ b/providers/default/digests/blake2b.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,10 +17,10 @@ #include #include #include - -#include "blake2_locl.h" #include "blake2_impl.h" +#include "internal/blake2.h" + static const uint64_t blake2b_IV[8] = { 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, @@ -122,7 +122,7 @@ void blake2b_param_set_salt(BLAKE2B_PARAM *P, const uint8_t *salt, size_t len) * Initialize the hashing context with the given parameter block. * Always returns 1. */ -int BLAKE2b_Init(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P) +int blake2b_init(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P) { blake2b_init_param(c, P); return 1; @@ -132,7 +132,7 @@ int BLAKE2b_Init(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P) * Initialize the hashing context with the given parameter block and key. * Always returns 1. */ -int BLAKE2b_Init_key(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P, const void *key) +int blake2b_init_key(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P, const void *key) { blake2b_init_param(c, P); @@ -141,7 +141,7 @@ int BLAKE2b_Init_key(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P, const void *key) uint8_t block[BLAKE2B_BLOCKBYTES] = {0}; memcpy(block, key, P->key_length); - BLAKE2b_Update(c, block, BLAKE2B_BLOCKBYTES); + blake2b_update(c, block, BLAKE2B_BLOCKBYTES); OPENSSL_cleanse(block, BLAKE2B_BLOCKBYTES); } @@ -253,7 +253,7 @@ static void blake2b_compress(BLAKE2B_CTX *S, } /* Absorb the input data into the hash state. Always returns 1. */ -int BLAKE2b_Update(BLAKE2B_CTX *c, const void *data, size_t datalen) +int blake2b_update(BLAKE2B_CTX *c, const void *data, size_t datalen) { const uint8_t *in = data; size_t fill; @@ -301,7 +301,7 @@ int BLAKE2b_Update(BLAKE2B_CTX *c, const void *data, size_t datalen) * Calculate the final hash and save it in md. * Always returns 1. */ -int BLAKE2b_Final(unsigned char *md, BLAKE2B_CTX *c) +int blake2b_final(unsigned char *md, BLAKE2B_CTX *c) { uint8_t outbuffer[BLAKE2B_OUTBYTES] = {0}; uint8_t *target = outbuffer; diff --git a/crypto/blake2/blake2s.c b/providers/default/digests/blake2s.c similarity index 95% rename from crypto/blake2/blake2s.c rename to providers/default/digests/blake2s.c index 121f0d1a85..a9c757ea62 100644 --- a/crypto/blake2/blake2s.c +++ b/providers/default/digests/blake2s.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,9 +17,8 @@ #include #include #include - -#include "blake2_locl.h" #include "blake2_impl.h" +#include "internal/blake2.h" static const uint32_t blake2s_IV[8] = { @@ -115,7 +114,7 @@ void blake2s_param_set_salt(BLAKE2S_PARAM *P, const uint8_t *salt, size_t len) * Initialize the hashing context with the given parameter block. * Always returns 1. */ -int BLAKE2s_Init(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P) +int blake2s_init(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P) { blake2s_init_param(c, P); return 1; @@ -125,7 +124,7 @@ int BLAKE2s_Init(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P) * Initialize the hashing context with the given parameter block and key. * Always returns 1. */ -int BLAKE2s_Init_key(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P, const void *key) +int blake2s_init_key(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P, const void *key) { blake2s_init_param(c, P); @@ -134,7 +133,7 @@ int BLAKE2s_Init_key(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P, const void *key) uint8_t block[BLAKE2S_BLOCKBYTES] = {0}; memcpy(block, key, P->key_length); - BLAKE2s_Update(c, block, BLAKE2S_BLOCKBYTES); + blake2s_update(c, block, BLAKE2S_BLOCKBYTES); OPENSSL_cleanse(block, BLAKE2S_BLOCKBYTES); } @@ -244,7 +243,7 @@ static void blake2s_compress(BLAKE2S_CTX *S, } /* Absorb the input data into the hash state. Always returns 1. */ -int BLAKE2s_Update(BLAKE2S_CTX *c, const void *data, size_t datalen) +int blake2s_update(BLAKE2S_CTX *c, const void *data, size_t datalen) { const uint8_t *in = data; size_t fill; @@ -292,7 +291,7 @@ int BLAKE2s_Update(BLAKE2S_CTX *c, const void *data, size_t datalen) * Calculate the final hash and save it in md. * Always returns 1. */ -int BLAKE2s_Final(unsigned char *md, BLAKE2S_CTX *c) +int blake2s_final(unsigned char *md, BLAKE2S_CTX *c) { uint8_t outbuffer[BLAKE2S_OUTBYTES] = {0}; uint8_t *target = outbuffer; diff --git a/providers/default/digests/build.info b/providers/default/digests/build.info new file mode 100644 index 0000000000..0f15d12fc7 --- /dev/null +++ b/providers/default/digests/build.info @@ -0,0 +1,17 @@ +SOURCE[../../../libcrypto]=\ + null.c + +IF[{- !$disabled{blake2} -}] + SOURCE[../../../libcrypto]=\ + blake2.c blake2b.c blake2s.c +ENDIF + +IF[{- !$disabled{sm3} -}] + SOURCE[../../../libcrypto]=\ + sm3.c +ENDIF + +IF[{- !$disabled{md5} -}] + SOURCE[../../../libcrypto]=\ + md5.c md5_sha1.c +ENDIF diff --git a/providers/default/digests/md5.c b/providers/default/digests/md5.c new file mode 100644 index 0000000000..81636f670c --- /dev/null +++ b/providers/default/digests/md5.c @@ -0,0 +1,17 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include "internal/core_mkdigest.h" +#include "internal/provider_algs.h" + +OSSL_FUNC_DIGEST_CONSTRUCT(md5, MD5_CTX, + MD5_CBLOCK, MD5_DIGEST_LENGTH, + MD5_Init, MD5_Update, MD5_Final) diff --git a/providers/default/digests/md5_sha1.c b/providers/default/digests/md5_sha1.c new file mode 100644 index 0000000000..59a7df83ff --- /dev/null +++ b/providers/default/digests/md5_sha1.c @@ -0,0 +1,46 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + +#include +#include +#include +#include +#include +#include "internal/core_mkdigest.h" +#include "internal/md5_sha1.h" +#include "internal/provider_algs.h" + +static OSSL_OP_digest_set_params_fn md5_sha1_set_params; + +/* Special set_params method for SSL3 */ +static int md5_sha1_set_params(void *vctx, const OSSL_PARAM params[]) +{ + int cmd = 0; + size_t msg_len = 0; + const void *msg = NULL; + const OSSL_PARAM *p; + MD5_SHA1_CTX *ctx = (MD5_SHA1_CTX *)vctx; + + if (ctx != NULL && params != NULL) { + p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_CMD); + if (p != NULL && !OSSL_PARAM_get_int(p, &cmd)) + return 0; + p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_MSG); + if (p != NULL && !OSSL_PARAM_get_octet_ptr(p, &msg, &msg_len)) + return 0; + return md5_sha1_ctrl(ctx, cmd, msg_len, (void *)msg); + } + return 0; +} + +OSSL_FUNC_DIGEST_CONSTRUCT_PARAMS(md5_sha1, MD5_SHA1_CTX, + MD5_SHA1_CBLOCK, MD5_SHA1_DIGEST_LENGTH, + md5_sha1_init, md5_sha1_update, md5_sha1_final, + md5_sha1_set_params) diff --git a/providers/default/digests/null.c b/providers/default/digests/null.c new file mode 100644 index 0000000000..d7644f4cbf --- /dev/null +++ b/providers/default/digests/null.c @@ -0,0 +1,75 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include "internal/provider_algs.h" + +static int nullmd_dummy = 1; + +static OSSL_OP_digest_init_fn nullmd_init; +static OSSL_OP_digest_update_fn nullmd_update; +static OSSL_OP_digest_final_fn nullmd_final; +static OSSL_OP_digest_newctx_fn nullmd_newctx; +static OSSL_OP_digest_freectx_fn nullmd_freectx; +static OSSL_OP_digest_dupctx_fn nullmd_dupctx; +static OSSL_OP_digest_size_fn nullmd_size; +static OSSL_OP_digest_block_size_fn nullmd_block_size; + +static size_t nullmd_block_size(void) +{ + return 0; +} + +static size_t nullmd_size(void) +{ + return 0; +} + +static int nullmd_init(void *vctx) +{ + return 1; +} + +static int nullmd_update(void *vctx, const unsigned char *inp, size_t bytes) +{ + return 1; +} + +static int nullmd_final(void *ctx, unsigned char *out, size_t *outl, size_t outsz) +{ + *outl = 0; + return 1; +} + +static void *nullmd_newctx(void *prov_ctx) +{ + return &nullmd_dummy; +} + +static void nullmd_freectx(void *vctx) +{ +} + +static void *nullmd_dupctx(void *ctx) +{ + return &nullmd_dummy; +} + +const OSSL_DISPATCH nullmd_functions[] = { + { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))nullmd_newctx }, + { OSSL_FUNC_DIGEST_INIT, (void (*)(void))nullmd_init }, + { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))nullmd_update }, + { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))nullmd_final }, + { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))nullmd_freectx }, + { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))nullmd_dupctx }, + { OSSL_FUNC_DIGEST_SIZE, (void (*)(void))nullmd_size }, + { OSSL_FUNC_DIGEST_BLOCK_SIZE, (void (*)(void))nullmd_block_size }, + { 0, NULL } +}; diff --git a/providers/default/digests/sm3.c b/providers/default/digests/sm3.c new file mode 100644 index 0000000000..bd039a8863 --- /dev/null +++ b/providers/default/digests/sm3.c @@ -0,0 +1,17 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/sm3.h" +#include "internal/core_mkdigest.h" +#include "internal/provider_algs.h" + +OSSL_FUNC_DIGEST_CONSTRUCT(sm3, SM3_CTX, + SM3_CBLOCK, SM3_DIGEST_LENGTH, + sm3_init, sm3_update, sm3_final) diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 37d7c5b3ed..ab37d98d6c 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -94,7 +94,20 @@ static int fips_get_params(const OSSL_PROVIDER *prov, } static const OSSL_ALGORITHM fips_digests[] = { + { "SHA1", "fips=yes", sha1_functions }, + { "SHA224", "fips=yes", sha224_functions }, { "SHA256", "fips=yes", sha256_functions }, + { "SHA384", "fips=yes", sha384_functions }, + { "SHA512", "fips=yes", sha512_functions }, + { "SHA512-224", "fips=yes", sha512_224_functions }, + { "SHA512-256", "fips=yes", sha512_256_functions }, + { "SHA3-224", "fips=yes", sha3_224_functions }, + { "SHA3-256", "fips=yes", sha3_256_functions }, + { "SHA3-384", "fips=yes", sha3_384_functions }, + { "SHA3-512", "fips=yes", sha3_512_functions }, + { "KMAC128", "fips=yes", keccak_kmac_128_functions }, + { "KMAC256", "fips=yes", keccak_kmac_256_functions }, + { NULL, NULL, NULL } }; diff --git a/providers/legacy/digests/build.info b/providers/legacy/digests/build.info index c4e1278ac2..239efd2114 100644 --- a/providers/legacy/digests/build.info +++ b/providers/legacy/digests/build.info @@ -2,3 +2,23 @@ IF[{- !$disabled{md2} -}] SOURCE[../../legacy]=\ md2.c ENDIF + +IF[{- !$disabled{md4} -}] + SOURCE[../../legacy]=\ + md4.c +ENDIF + +IF[{- !$disabled{mdc2} -}] + SOURCE[../../legacy]=\ + mdc2.c +ENDIF + +IF[{- !$disabled{whirlpool} -}] + SOURCE[../../legacy]=\ + wp.c +ENDIF + +IF[{- !$disabled{rmd160} -}] + SOURCE[../../legacy]=\ + ripemd.c +ENDIF \ No newline at end of file diff --git a/providers/legacy/digests/md2.c b/providers/legacy/digests/md2.c index 017a51119c..edd4b78bbd 100644 --- a/providers/legacy/digests/md2.c +++ b/providers/legacy/digests/md2.c @@ -7,57 +7,12 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include - -static int md2_final(void *ctx, unsigned char *md, size_t *size) -{ - if (MD2_Final(md, ctx)) { - *size = MD2_DIGEST_LENGTH; - return 1; - } - - return 0; -} - -static void *md2_newctx(void) -{ - MD2_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - - return ctx; -} - -static void md2_freectx(void *vctx) -{ - MD2_CTX *ctx = (MD2_CTX *)vctx; - - OPENSSL_clear_free(ctx, sizeof(*ctx)); -} - -static void *md2_dupctx(void *ctx) -{ - MD2_CTX *in = (MD2_CTX *)ctx; - MD2_CTX *ret = OPENSSL_malloc(sizeof(*ret)); - - *ret = *in; - - return ret; -} +#include -static size_t md2_size(void) -{ - return MD2_DIGEST_LENGTH; -} +#include "internal/core_mkdigest.h" +#include "internal/provider_algs.h" -extern const OSSL_DISPATCH md2_functions[]; -const OSSL_DISPATCH md2_functions[] = { - { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))md2_newctx }, - { OSSL_FUNC_DIGEST_INIT, (void (*)(void))MD2_Init }, - { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))MD2_Update }, - { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))md2_final }, - { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))md2_freectx }, - { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))md2_dupctx }, - { OSSL_FUNC_DIGEST_SIZE, (void (*)(void))md2_size }, - { 0, NULL } -}; +OSSL_FUNC_DIGEST_CONSTRUCT(md2, MD2_CTX, + MD2_BLOCK, MD2_DIGEST_LENGTH, + MD2_Init, MD2_Update, MD2_Final) diff --git a/providers/legacy/digests/md4.c b/providers/legacy/digests/md4.c new file mode 100644 index 0000000000..86937f7b43 --- /dev/null +++ b/providers/legacy/digests/md4.c @@ -0,0 +1,18 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#include "internal/core_mkdigest.h" +#include "internal/provider_algs.h" + +OSSL_FUNC_DIGEST_CONSTRUCT(md4, MD4_CTX, + MD4_CBLOCK, MD4_DIGEST_LENGTH, + MD4_Init, MD4_Update, MD4_Final) diff --git a/providers/legacy/digests/mdc2.c b/providers/legacy/digests/mdc2.c new file mode 100644 index 0000000000..75d9398c7d --- /dev/null +++ b/providers/legacy/digests/mdc2.c @@ -0,0 +1,37 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include + +#include "internal/core_mkdigest.h" +#include "internal/provider_algs.h" + +static OSSL_OP_digest_set_params_fn mdc2_set_params; + +static int mdc2_set_params(void *vctx, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *p; + MDC2_CTX *ctx = (MDC2_CTX *)vctx; + + if (ctx != NULL && params != NULL) { + p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_PAD_TYPE); + if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->pad_type)) + return 0; + return 1; + } + return 0; /* Null Parameter */ +} + +OSSL_FUNC_DIGEST_CONSTRUCT_PARAMS(mdc2, MDC2_CTX, + MDC2_BLOCK, MDC2_DIGEST_LENGTH, + MDC2_Init, MDC2_Update, MDC2_Final, + mdc2_set_params) diff --git a/providers/legacy/digests/ripemd.c b/providers/legacy/digests/ripemd.c new file mode 100644 index 0000000000..124351257b --- /dev/null +++ b/providers/legacy/digests/ripemd.c @@ -0,0 +1,18 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#include "internal/core_mkdigest.h" +#include "internal/provider_algs.h" + +OSSL_FUNC_DIGEST_CONSTRUCT(ripemd160, RIPEMD160_CTX, + RIPEMD160_CBLOCK, RIPEMD160_DIGEST_LENGTH, + RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final) diff --git a/providers/legacy/digests/wp.c b/providers/legacy/digests/wp.c new file mode 100644 index 0000000000..ece67e0941 --- /dev/null +++ b/providers/legacy/digests/wp.c @@ -0,0 +1,18 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#include "internal/core_mkdigest.h" +#include "internal/provider_algs.h" + +OSSL_FUNC_DIGEST_CONSTRUCT(wp, WHIRLPOOL_CTX, + WHIRLPOOL_BBLOCK / 8, WHIRLPOOL_DIGEST_LENGTH, + WHIRLPOOL_Init, WHIRLPOOL_Update, WHIRLPOOL_Final) diff --git a/providers/legacy/legacyprov.c b/providers/legacy/legacyprov.c index 2d42229fea..9ca4e14833 100644 --- a/providers/legacy/legacyprov.c +++ b/providers/legacy/legacyprov.c @@ -13,6 +13,7 @@ #include #include #include +#include "internal/provider_algs.h" /* Functions provided by the core */ static OSSL_core_get_param_types_fn *c_get_param_types = NULL; @@ -49,12 +50,27 @@ static int legacy_get_params(const OSSL_PROVIDER *prov, return 1; } -extern const OSSL_DISPATCH md2_functions[]; - static const OSSL_ALGORITHM legacy_digests[] = { #ifndef OPENSSL_NO_MD2 { "MD2", "legacy=yes", md2_functions }, #endif + +#ifndef OPENSSL_NO_MD4 + { "MD4", "legacy=yes", md4_functions }, +#endif + +#ifndef OPENSSL_NO_MDC2 + { "MDC2", "legacy=yes", mdc2_functions }, +#endif /* OPENSSL_NO_MDC2 */ + +#ifndef OPENSSL_NO_WHIRLPOOL + { "whirlpool", "legacy=yes", wp_functions }, +#endif /* OPENSSL_NO_WHIRLPOOL */ + +#ifndef OPENSSL_NO_RMD160 + { "RIPEMD160", "legacy=yes", ripemd160_functions }, +#endif /* OPENSSL_NO_RMD160 */ + { NULL, NULL, NULL } }; diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index de4e678c93..c666014327 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -12,6 +12,7 @@ #include "ssl_locl.h" #include #include +#include #include "internal/cryptlib.h" static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) @@ -410,6 +411,21 @@ int ssl3_digest_cached_records(SSL *s, int keep) return 1; } +void ssl3_digest_master_key_set_params(const SSL_SESSION *session, + OSSL_PARAM params[]) +{ + int n = 0; + int cmd = EVP_CTRL_SSL3_MASTER_SECRET; + + params[n++] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_CMD, &cmd, + NULL); + params[n++] = OSSL_PARAM_construct_octet_ptr(OSSL_DIGEST_PARAM_MSG, + (void **)&session->master_key, + session->master_key_length, + NULL); + params[n++] = OSSL_PARAM_construct_end(); +} + size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, unsigned char *p) { @@ -448,14 +464,17 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, goto err; } - if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0) - || EVP_MD_CTX_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET, - (int)s->session->master_key_length, - s->session->master_key) <= 0 - || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, - ERR_R_INTERNAL_ERROR); - ret = 0; + if (sender != NULL) { + OSSL_PARAM digest_cmd_params[3]; + + ssl3_digest_master_key_set_params(s->session, digest_cmd_params); + if (EVP_DigestUpdate(ctx, sender, len) <= 0 + || EVP_MD_CTX_set_params(ctx, digest_cmd_params) <= 0 + || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, + ERR_R_INTERNAL_ERROR); + ret = 0; + } } err: diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 4a72864980..79b78f093d 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -2362,6 +2362,8 @@ __owur int ssl3_num_ciphers(void); __owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u); int ssl3_renegotiate(SSL *ssl); int ssl3_renegotiate_check(SSL *ssl, int initok); +void ssl3_digest_master_key_set_params(const SSL_SESSION *session, + OSSL_PARAM params[]); __owur int ssl3_dispatch_alert(SSL *s); __owur size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t slen, unsigned char *p); diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 8c7d5e2a60..e59b49bb3d 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -285,10 +285,11 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) } } if (s->version == SSL3_VERSION) { + OSSL_PARAM digest_cmd_params[3]; + + ssl3_digest_master_key_set_params(s->session, digest_cmd_params); if (EVP_DigestSignUpdate(mctx, hdata, hdatalen) <= 0 - || !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, - (int)s->session->master_key_length, - s->session->master_key) + || EVP_MD_CTX_set_params(mctx, digest_cmd_params) <= 0 || EVP_DigestSignFinal(mctx, sig, &siglen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, @@ -473,10 +474,11 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) } } if (s->version == SSL3_VERSION) { + OSSL_PARAM digest_cmd_params[3]; + + ssl3_digest_master_key_set_params(s->session, digest_cmd_params); if (EVP_DigestVerifyUpdate(mctx, hdata, hdatalen) <= 0 - || !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, - (int)s->session->master_key_length, - s->session->master_key)) { + || EVP_MD_CTX_set_params(mctx, digest_cmd_params) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB); goto err; diff --git a/test/build.info b/test/build.info index fa3c1f1ea6..7a777d1bef 100644 --- a/test/build.info +++ b/test/build.info @@ -182,6 +182,9 @@ IF[{- !$disabled{tests} -}] SOURCE[evp_test]=evp_test.c INCLUDE[evp_test]=../include ../apps/include DEPEND[evp_test]=../libcrypto libtestutil.a + IF[{- $disabled{legacy} || !$target{dso_scheme} -}] + DEFINE[evp_test]=NO_LEGACY_MODULE + ENDIF SOURCE[evp_extra_test]=evp_extra_test.c INCLUDE[evp_extra_test]=../include ../apps/include ../crypto/include diff --git a/test/evp_test.c b/test/evp_test.c index fa9cde8289..6fc9f03797 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include #include @@ -75,6 +76,9 @@ static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst); static int parse_bin(const char *value, unsigned char **buf, size_t *buflen); +static OSSL_PROVIDER *defltprov = NULL; +static OSSL_PROVIDER *legacyprov = NULL; + /* * Compare two memory regions for equality, returning zero if they differ. * However, if there is expected to be an error and the actual error @@ -370,6 +374,11 @@ static int digest_test_parse(EVP_TEST *t, return evp_test_buffer_set_count(value, mdata->input); if (strcmp(keyword, "Ncopy") == 0) return evp_test_buffer_ncopy(value, mdata->input); + if (strcmp(keyword, "Legacy") == 0) { + if (legacyprov == NULL) + t->skip = 1; + return 1; + } return 0; } @@ -3053,8 +3062,10 @@ static int run_file_tests(int i) while (!BIO_eof(t->s.fp)) { c = parse(t); - if (t->skip) + if (t->skip) { + t->s.numskip++; continue; + } if (c == 0 || !run_test(t)) { t->s.errors++; break; @@ -3080,6 +3091,21 @@ int setup_tests(void) if (n == 0) return 0; + defltprov = OSSL_PROVIDER_load(NULL, "default"); + if (!TEST_ptr(defltprov)) + return 0; +#ifndef NO_LEGACY_MODULE + legacyprov = OSSL_PROVIDER_load(NULL, "legacy"); + if (!TEST_ptr(legacyprov)) + return 0; +#endif /* NO_LEGACY_MODULE */ + ADD_ALL_TESTS(run_file_tests, n); return 1; } + +void cleanup_tests(void) +{ + OSSL_PROVIDER_unload(legacyprov); + OSSL_PROVIDER_unload(defltprov); +} diff --git a/test/mdc2test.c b/test/mdc2test.c index 79512fc7a1..418a2566de 100644 --- a/test/mdc2test.c +++ b/test/mdc2test.c @@ -8,7 +8,10 @@ */ #include - +#include +#include +#include +#include #include "internal/nelem.h" #include "testutil.h" @@ -36,12 +39,19 @@ static unsigned char pad2[16] = { static int test_mdc2(void) { - int testresult = 0; + int testresult = 0, pad_type = 2; unsigned char md[MDC2_DIGEST_LENGTH]; EVP_MD_CTX *c; static char text[] = "Now is the time for all "; - size_t tlen = strlen(text); + size_t tlen = strlen(text), i = 0; + OSSL_PROVIDER *prov = NULL; + OSSL_PARAM params[2]; + + params[i++] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_PAD_TYPE, + &pad_type, NULL), + params[i++] = OSSL_PARAM_construct_end(); + prov = OSSL_PROVIDER_load(NULL, "legacy"); # ifdef CHARSET_EBCDIC ebcdic2ascii(text, text, tlen); # endif @@ -55,9 +65,8 @@ static int test_mdc2(void) || !TEST_true(EVP_DigestInit_ex(c, EVP_mdc2(), NULL))) goto end; - /* FIXME: use a ctl function? */ - ((MDC2_CTX *)EVP_MD_CTX_md_data(c))->pad_type = 2; - if (!TEST_true(EVP_DigestUpdate(c, (unsigned char *)text, tlen)) + if (!TEST_int_gt(EVP_MD_CTX_set_params(c, params), 0) + || !TEST_true(EVP_DigestUpdate(c, (unsigned char *)text, tlen)) || !TEST_true(EVP_DigestFinal_ex(c, &(md[0]), NULL)) || !TEST_mem_eq(md, MDC2_DIGEST_LENGTH, pad2, MDC2_DIGEST_LENGTH)) goto end; @@ -65,6 +74,7 @@ static int test_mdc2(void) testresult = 1; end: EVP_MD_CTX_free(c); + OSSL_PROVIDER_unload(prov); return testresult; } #endif diff --git a/test/recipes/05-test_mdc2.t b/test/recipes/05-test_mdc2.t index eb5cd8f108..495a146e35 100644 --- a/test/recipes/05-test_mdc2.t +++ b/test/recipes/05-test_mdc2.t @@ -7,6 +7,20 @@ # https://www.openssl.org/source/license.html -use OpenSSL::Test::Simple; +use strict; +use warnings; -simple_test("test_mdc2", "mdc2test", "mdc2"); +use OpenSSL::Test qw/:DEFAULT bldtop_dir/; +use OpenSSL::Test::Utils; + +setup("test_mdc2"); + +if (disabled("mdc2") || disabled("legacy")) { + plan skip_all => "mdc2 is not supported by this OpenSSL build"; +} + +plan tests => 1; + +$ENV{OPENSSL_MODULES} = bldtop_dir("providers"); + +ok(run(test(["mdc2test"])), "running mdc2test"); diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t index 6cc4df045a..c140f1a87e 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t @@ -10,7 +10,7 @@ use strict; use warnings; -use OpenSSL::Test qw/:DEFAULT data_file/; +use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir); setup("test_evp"); @@ -20,6 +20,8 @@ my @files = ( "evpciph.txt", "evpdigest.txt", "evpencod.txt", "evpkdf.txt", plan tests => scalar(@files); +$ENV{OPENSSL_MODULES} = bldtop_dir("providers"); + foreach my $f ( @files ) { ok(run(test(["evp_test", data_file("$f")])), "running evp_test $f"); diff --git a/test/recipes/30-test_evp_data/evpdigest.txt b/test/recipes/30-test_evp_data/evpdigest.txt index fe3de3cb35..e32c5dd6ab 100644 --- a/test/recipes/30-test_evp_data/evpdigest.txt +++ b/test/recipes/30-test_evp_data/evpdigest.txt @@ -276,104 +276,127 @@ Title = MD4 tests Digest = MD4 Input = "" Output = 31d6cfe0d16ae931b73c59d7e0c089c0 +Legacy = 1 Digest = MD4 Input = "a" Output = bde52cb31de33e46245e05fbdbd6fb24 +Legacy = 1 Digest = MD4 Input = "abc" Output = a448017aaf21d8525fc10ae87aa6729d +Legacy = 1 Digest = MD4 Input = "message digest" Output = d9130a8164549fe818874806e1c7014b +Legacy = 1 Digest = MD4 Input = "abcdefghijklmnopqrstuvwxyz" Output = d79e1c308aa5bbcdeea8ed63df412da9 +Legacy = 1 Digest = MD4 Input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" Output = 043f8582f241db351ce627e153e7f0e4 +Legacy = 1 Digest = MD4 Input = "12345678901234567890123456789012345678901234567890123456789012345678901234567890" Output = e33b4ddc9c38f2199c3e7b164fcc0536 +Legacy = 1 Title = RIPEMD160 tests Digest = RIPEMD160 Input = "" Output = 9c1185a5c5e9fc54612808977ee8f548b2258d31 +Legacy = 1 Digest = RIPEMD160 Input = "a" Output = 0bdc9d2d256b3ee9daae347be6f4dc835a467ffe +Legacy = 1 Digest = RIPEMD160 Input = "abc" Output = 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc +Legacy = 1 Digest = RIPEMD160 Input = "message digest" Output = 5d0689ef49d2fae572b881b123a85ffa21595f36 +Legacy = 1 Digest = RIPEMD160 Input = "abcdefghijklmnopqrstuvwxyz" Output = f71c27109c692c1b56bbdceb5b9d2865b3708dbc +Legacy = 1 Digest = RIPEMD160 Input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" Output = 12a053384a9c0c88e405a06c27dcf49ada62eb2b +Legacy = 1 Digest = RIPEMD160 Input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" Output = b0e20b6e3116640286ed3a87a5713079b21f5189 +Legacy = 1 Digest = RIPEMD160 Input = "12345678901234567890123456789012345678901234567890123456789012345678901234567890" Output = 9b752e45573d4b39f4dbd3323cab82bf63326bfb +Legacy = 1 Title = Whirlpool (from ISO/IEC 10118-3 test vector set) Digest = whirlpool Input = "" Output = 19FA61D75522A4669B44E39C1D2E1726C530232130D407F89AFEE0964997F7A73E83BE698B288FEBCF88E3E03C4F0757EA8964E59B63D93708B138CC42A66EB3 +Legacy = 1 Digest = whirlpool Input = "a" Output = 8ACA2602792AEC6F11A67206531FB7D7F0DFF59413145E6973C45001D0087B42D11BC645413AEFF63A42391A39145A591A92200D560195E53B478584FDAE231A +Legacy = 1 Digest = whirlpool Input = "abc" Output = 4E2448A4C6F486BB16B6562C73B4020BF3043E3A731BCE721AE1B303D97E6D4C7181EEBDB6C57E277D0E34957114CBD6C797FC9D95D8B582D225292076D4EEF5 +Legacy = 1 Digest = whirlpool Input = "message digest" Output = 378C84A4126E2DC6E56DCC7458377AAC838D00032230F53CE1F5700C0FFB4D3B8421557659EF55C106B4B52AC5A4AAA692ED920052838F3362E86DBD37A8903E +Legacy = 1 Digest = whirlpool Input = "abcdefghijklmnopqrstuvwxyz" Output = F1D754662636FFE92C82EBB9212A484A8D38631EAD4238F5442EE13B8054E41B08BF2A9251C30B6A0B8AAE86177AB4A6F68F673E7207865D5D9819A3DBA4EB3B +Legacy = 1 Digest = whirlpool Input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" Output = DC37E008CF9EE69BF11F00ED9ABA26901DD7C28CDEC066CC6AF42E40F82F3A1E08EBA26629129D8FB7CB57211B9281A65517CC879D7B962142C65F5A7AF01467 +Legacy = 1 Digest = whirlpool Input = "12345678901234567890123456789012345678901234567890123456789012345678901234567890" Output = 466EF18BABB0154D25B9D38A6414F5C08784372BCCB204D6549C4AFADB6014294D5BD8DF2A6C44E538CD047B2681A51A2C60481E88C5A20B2C2A80CF3A9A083B +Legacy = 1 Digest = whirlpool Input = "abcdbcdecdefdefgefghfghighijhijk" Output = 2A987EA40F917061F5D6F0A0E4644F488A7A5A52DEEE656207C562F988E95C6916BDC8031BC5BE1B7B947639FE050B56939BAAA0ADFF9AE6745B7B181C3BE3FD +Legacy = 1 Digest = whirlpool Input = "aaaaaaaaaa" Count = 100000 Output = 0C99005BEB57EFF50A7CF005560DDF5D29057FD86B20BFD62DECA0F1CCEA4AF51FC15490EDDC47AF32BB2B66C34FF9AD8C6008AD677F77126953B226E4ED8B01 - +Legacy = 1 Title = SHA3 diff --git a/util/libcrypto.num b/util/libcrypto.num index e5799d2f32..da0af1cf10 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -3562,7 +3562,7 @@ X509_NAME_get_index_by_NID 3515 3_0_0 EXIST::FUNCTION: ENGINE_get_first 3516 3_0_0 EXIST::FUNCTION:ENGINE CERTIFICATEPOLICIES_it 3517 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: CERTIFICATEPOLICIES_it 3517 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -EVP_MD_CTX_ctrl 3518 3_0_0 EXIST::FUNCTION: +EVP_MD_CTX_ctrl 3518 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3 PKCS7_final 3519 3_0_0 EXIST::FUNCTION: EVP_PKEY_size 3520 3_0_0 EXIST::FUNCTION: EVP_DecryptFinal_ex 3521 3_0_0 EXIST::FUNCTION: @@ -4822,3 +4822,5 @@ OSSL_CMP_MSG_free 4766 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_PKISI_free 4767 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_MSG_dup 4768 3_0_0 EXIST::FUNCTION:CMP ERR_load_CMP_strings 4769 3_0_0 EXIST::FUNCTION:CMP +EVP_MD_CTX_set_params 4770 3_0_0 EXIST::FUNCTION: +EVP_MD_CTX_get_params 4771 3_0_0 EXIST::FUNCTION: -- 2.25.1