search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
toeplitz: Add comment.
[dragonfly.git] / crypto / openssh / digest-openssl.c
blob13b63c2f006dea92061f1cdbbe0f40fb4a132391
1 /* $OpenBSD: digest-openssl.c,v 1.5 2014/12/21 22:27:56 djm Exp $ */
2 /*
3 * Copyright (c) 2013 Damien Miller <djm@mindrot.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18 #include "includes.h"
19
20 #ifdef WITH_OPENSSL
21
22 #include <sys/types.h>
23 #include <limits.h>
24 #include <stdlib.h>
25 #include <string.h>
26
27 #include <openssl/evp.h>
28
29 #include "openbsd-compat/openssl-compat.h"
30
31 #include "sshbuf.h"
32 #include "digest.h"
33 #include "ssherr.h"
34
35 #ifndef HAVE_EVP_RIPEMD160
36 # define EVP_ripemd160 NULL
37 #endif /* HAVE_EVP_RIPEMD160 */
38 #ifndef HAVE_EVP_SHA256
39 # define EVP_sha256 NULL
40 # define EVP_sha384 NULL
41 # define EVP_sha512 NULL
42 #endif /* HAVE_EVP_SHA256 */
43
44 struct ssh_digest_ctx {
45 int alg;
46 EVP_MD_CTX mdctx;
47 };
48
49 struct ssh_digest {
50 int id;
51 const char *name;
52 size_t digest_len;
53 const EVP_MD *(*mdfunc)(void);
54 };
55
56 /* NB. Indexed directly by algorithm number */
57 const struct ssh_digest digests[] = {
58 { SSH_DIGEST_MD5, "MD5", 16, EVP_md5 },
59 { SSH_DIGEST_RIPEMD160, "RIPEMD160", 20, EVP_ripemd160 },
60 { SSH_DIGEST_SHA1, "SHA1", 20, EVP_sha1 },
61 { SSH_DIGEST_SHA256, "SHA256", 32, EVP_sha256 },
62 { SSH_DIGEST_SHA384, "SHA384", 48, EVP_sha384 },
63 { SSH_DIGEST_SHA512, "SHA512", 64, EVP_sha512 },
64 { -1, NULL, 0, NULL },
65 };
66
67 static const struct ssh_digest *
68 ssh_digest_by_alg(int alg)
69 {
70 if (alg < 0 || alg >= SSH_DIGEST_MAX)
71 return NULL;
72 if (digests[alg].id != alg) /* sanity */
73 return NULL;
74 if (digests[alg].mdfunc == NULL)
75 return NULL;
76 return &(digests[alg]);
77 }
78
79 int
80 ssh_digest_alg_by_name(const char *name)
81 {
82 int alg;
83
84 for (alg = 0; digests[alg].id != -1; alg++) {
85 if (strcasecmp(name, digests[alg].name) == 0)
86 return digests[alg].id;
87 }
88 return -1;
89 }
90
91 const char *
92 ssh_digest_alg_name(int alg)
93 {
94 const struct ssh_digest *digest = ssh_digest_by_alg(alg);
95
96 return digest == NULL ? NULL : digest->name;
97 }
98
99 size_t
100 ssh_digest_bytes(int alg)
101 {
102 const struct ssh_digest *digest = ssh_digest_by_alg(alg);
103
104 return digest == NULL ? 0 : digest->digest_len;
105 }
106
107 size_t
108 ssh_digest_blocksize(struct ssh_digest_ctx *ctx)
109 {
110 return EVP_MD_CTX_block_size(&ctx->mdctx);
111 }
112
113 struct ssh_digest_ctx *
114 ssh_digest_start(int alg)
115 {
116 const struct ssh_digest *digest = ssh_digest_by_alg(alg);
117 struct ssh_digest_ctx *ret;
118
119 if (digest == NULL || ((ret = calloc(1, sizeof(*ret))) == NULL))
120 return NULL;
121 ret->alg = alg;
122 EVP_MD_CTX_init(&ret->mdctx);
123 if (EVP_DigestInit_ex(&ret->mdctx, digest->mdfunc(), NULL) != 1) {
124 free(ret);
125 return NULL;
126 }
127 return ret;
128 }
129
130 int
131 ssh_digest_copy_state(struct ssh_digest_ctx *from, struct ssh_digest_ctx *to)
132 {
133 if (from->alg != to->alg)
134 return SSH_ERR_INVALID_ARGUMENT;
135 /* we have bcopy-style order while openssl has memcpy-style */
136 if (!EVP_MD_CTX_copy_ex(&to->mdctx, &from->mdctx))
137 return SSH_ERR_LIBCRYPTO_ERROR;
138 return 0;
139 }
140
141 int
142 ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen)
143 {
144 if (EVP_DigestUpdate(&ctx->mdctx, m, mlen) != 1)
145 return SSH_ERR_LIBCRYPTO_ERROR;
146 return 0;
147 }
148
149 int
150 ssh_digest_update_buffer(struct ssh_digest_ctx *ctx, const struct sshbuf *b)
151 {
152 return ssh_digest_update(ctx, sshbuf_ptr(b), sshbuf_len(b));
153 }
154
155 int
156 ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen)
157 {
158 const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg);
159 u_int l = dlen;
160
161 if (dlen > UINT_MAX)
162 return SSH_ERR_INVALID_ARGUMENT;
163 if (dlen < digest->digest_len) /* No truncation allowed */
164 return SSH_ERR_INVALID_ARGUMENT;
165 if (EVP_DigestFinal_ex(&ctx->mdctx, d, &l) != 1)
166 return SSH_ERR_LIBCRYPTO_ERROR;
167 if (l != digest->digest_len) /* sanity */
168 return SSH_ERR_INTERNAL_ERROR;
169 return 0;
170 }
171
172 void
173 ssh_digest_free(struct ssh_digest_ctx *ctx)
174 {
175 if (ctx != NULL) {
176 EVP_MD_CTX_cleanup(&ctx->mdctx);
177 explicit_bzero(ctx, sizeof(*ctx));
178 free(ctx);
179 }
180 }
181
182 int
183 ssh_digest_memory(int alg, const void *m, size_t mlen, u_char *d, size_t dlen)
184 {
185 const struct ssh_digest *digest = ssh_digest_by_alg(alg);
186 u_int mdlen;
187
188 if (digest == NULL)
189 return SSH_ERR_INVALID_ARGUMENT;
190 if (dlen > UINT_MAX)
191 return SSH_ERR_INVALID_ARGUMENT;
192 if (dlen < digest->digest_len)
193 return SSH_ERR_INVALID_ARGUMENT;
194 mdlen = dlen;
195 if (!EVP_Digest(m, mlen, d, &mdlen, digest->mdfunc(), NULL))
196 return SSH_ERR_LIBCRYPTO_ERROR;
197 return 0;
198 }
199
200 int
201 ssh_digest_buffer(int alg, const struct sshbuf *b, u_char *d, size_t dlen)
202 {
203 return ssh_digest_memory(alg, sshbuf_ptr(b), sshbuf_len(b), d, dlen);
204 }
205 #endif /* WITH_OPENSSL */
DragonFly BSD