search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fix old typo (s/SYSVINITSTOPT/SYSVINITSTOP/)
[openssh.git] / digest-openssl.c
blobe073a807b148303348b949c5567cff23b32b3f48
1 /* $OpenBSD: digest-openssl.c,v 1.9 2020/10/29 02:52:43 djm Exp $ */
2 /*
3 * Copyright (c) 2013 Damien Miller <djm@mindrot.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18 #include "includes.h"
19
20 #ifdef WITH_OPENSSL
21
22 #include <sys/types.h>
23 #include <limits.h>
24 #include <stdlib.h>
25 #include <string.h>
26
27 #include <openssl/evp.h>
28
29 #include "openbsd-compat/openssl-compat.h"
30
31 #include "sshbuf.h"
32 #include "digest.h"
33 #include "ssherr.h"
34
35 #ifndef HAVE_EVP_SHA256
36 # define EVP_sha256 NULL
37 #endif
38 #ifndef HAVE_EVP_SHA384
39 # define EVP_sha384 NULL
40 #endif
41 #ifndef HAVE_EVP_SHA512
42 # define EVP_sha512 NULL
43 #endif
44
45 struct ssh_digest_ctx {
46 int alg;
47 EVP_MD_CTX *mdctx;
48 };
49
50 struct ssh_digest {
51 int id;
52 const char *name;
53 size_t digest_len;
54 const EVP_MD *(*mdfunc)(void);
55 };
56
57 /* NB. Indexed directly by algorithm number */
58 const struct ssh_digest digests[] = {
59 { SSH_DIGEST_MD5, "MD5", 16, EVP_md5 },
60 { SSH_DIGEST_SHA1, "SHA1", 20, EVP_sha1 },
61 { SSH_DIGEST_SHA256, "SHA256", 32, EVP_sha256 },
62 { SSH_DIGEST_SHA384, "SHA384", 48, EVP_sha384 },
63 { SSH_DIGEST_SHA512, "SHA512", 64, EVP_sha512 },
64 { -1, NULL, 0, NULL },
65 };
66
67 static const struct ssh_digest *
68 ssh_digest_by_alg(int alg)
69 {
70 if (alg < 0 || alg >= SSH_DIGEST_MAX)
71 return NULL;
72 if (digests[alg].id != alg) /* sanity */
73 return NULL;
74 if (digests[alg].mdfunc == NULL)
75 return NULL;
76 return &(digests[alg]);
77 }
78
79 int
80 ssh_digest_alg_by_name(const char *name)
81 {
82 int alg;
83
84 for (alg = 0; digests[alg].id != -1; alg++) {
85 if (strcasecmp(name, digests[alg].name) == 0)
86 return digests[alg].id;
87 }
88 return -1;
89 }
90
91 const char *
92 ssh_digest_alg_name(int alg)
93 {
94 const struct ssh_digest *digest = ssh_digest_by_alg(alg);
95
96 return digest == NULL ? NULL : digest->name;
97 }
98
99 size_t
100 ssh_digest_bytes(int alg)
101 {
102 const struct ssh_digest *digest = ssh_digest_by_alg(alg);
103
104 return digest == NULL ? 0 : digest->digest_len;
105 }
106
107 size_t
108 ssh_digest_blocksize(struct ssh_digest_ctx *ctx)
109 {
110 return EVP_MD_CTX_block_size(ctx->mdctx);
111 }
112
113 struct ssh_digest_ctx *
114 ssh_digest_start(int alg)
115 {
116 const struct ssh_digest *digest = ssh_digest_by_alg(alg);
117 struct ssh_digest_ctx *ret;
118
119 if (digest == NULL || ((ret = calloc(1, sizeof(*ret))) == NULL))
120 return NULL;
121 ret->alg = alg;
122 if ((ret->mdctx = EVP_MD_CTX_new()) == NULL) {
123 free(ret);
124 return NULL;
125 }
126 if (EVP_DigestInit_ex(ret->mdctx, digest->mdfunc(), NULL) != 1) {
127 ssh_digest_free(ret);
128 return NULL;
129 }
130 return ret;
131 }
132
133 int
134 ssh_digest_copy_state(struct ssh_digest_ctx *from, struct ssh_digest_ctx *to)
135 {
136 if (from->alg != to->alg)
137 return SSH_ERR_INVALID_ARGUMENT;
138 /* we have bcopy-style order while openssl has memcpy-style */
139 if (!EVP_MD_CTX_copy_ex(to->mdctx, from->mdctx))
140 return SSH_ERR_LIBCRYPTO_ERROR;
141 return 0;
142 }
143
144 int
145 ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen)
146 {
147 if (EVP_DigestUpdate(ctx->mdctx, m, mlen) != 1)
148 return SSH_ERR_LIBCRYPTO_ERROR;
149 return 0;
150 }
151
152 int
153 ssh_digest_update_buffer(struct ssh_digest_ctx *ctx, const struct sshbuf *b)
154 {
155 return ssh_digest_update(ctx, sshbuf_ptr(b), sshbuf_len(b));
156 }
157
158 int
159 ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen)
160 {
161 const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg);
162 u_int l = dlen;
163
164 if (digest == NULL || dlen > UINT_MAX)
165 return SSH_ERR_INVALID_ARGUMENT;
166 if (dlen < digest->digest_len) /* No truncation allowed */
167 return SSH_ERR_INVALID_ARGUMENT;
168 if (EVP_DigestFinal_ex(ctx->mdctx, d, &l) != 1)
169 return SSH_ERR_LIBCRYPTO_ERROR;
170 if (l != digest->digest_len) /* sanity */
171 return SSH_ERR_INTERNAL_ERROR;
172 return 0;
173 }
174
175 void
176 ssh_digest_free(struct ssh_digest_ctx *ctx)
177 {
178 if (ctx == NULL)
179 return;
180 EVP_MD_CTX_free(ctx->mdctx);
181 freezero(ctx, sizeof(*ctx));
182 }
183
184 int
185 ssh_digest_memory(int alg, const void *m, size_t mlen, u_char *d, size_t dlen)
186 {
187 const struct ssh_digest *digest = ssh_digest_by_alg(alg);
188 u_int mdlen;
189
190 if (digest == NULL)
191 return SSH_ERR_INVALID_ARGUMENT;
192 if (dlen > UINT_MAX)
193 return SSH_ERR_INVALID_ARGUMENT;
194 if (dlen < digest->digest_len)
195 return SSH_ERR_INVALID_ARGUMENT;
196 mdlen = dlen;
197 if (!EVP_Digest(m, mlen, d, &mdlen, digest->mdfunc(), NULL))
198 return SSH_ERR_LIBCRYPTO_ERROR;
199 return 0;
200 }
201
202 int
203 ssh_digest_buffer(int alg, const struct sshbuf *b, u_char *d, size_t dlen)
204 {
205 return ssh_digest_memory(alg, sshbuf_ptr(b), sshbuf_len(b), d, dlen);
206 }
207 #endif /* WITH_OPENSSL */
Portable OpenSSH is a multi-platform compatible version of OpenBSD's OpenSSH