| 1 | /*
|
|---|
| 2 | * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
|
|---|
| 3 | *
|
|---|
| 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use
|
|---|
| 5 | * this file except in compliance with the License. You can obtain a copy
|
|---|
| 6 | * in the file LICENSE in the source distribution or at
|
|---|
| 7 | * https://www.openssl.org/source/license.html
|
|---|
| 8 | */
|
|---|
| 9 |
|
|---|
| 10 | /*
|
|---|
| 11 | * MD5 and SHA-1 low level APIs are deprecated for public use, but still ok for
|
|---|
| 12 | * internal use.
|
|---|
| 13 | */
|
|---|
| 14 | #include "internal/deprecated.h"
|
|---|
| 15 |
|
|---|
| 16 | #include <string.h>
|
|---|
| 17 | #include "prov/md5_sha1.h"
|
|---|
| 18 | #include <openssl/evp.h>
|
|---|
| 19 |
|
|---|
| 20 | int ossl_md5_sha1_init(MD5_SHA1_CTX *mctx)
|
|---|
| 21 | {
|
|---|
| 22 | if (!MD5_Init(&mctx->md5))
|
|---|
| 23 | return 0;
|
|---|
| 24 | return SHA1_Init(&mctx->sha1);
|
|---|
| 25 | }
|
|---|
| 26 |
|
|---|
| 27 | int ossl_md5_sha1_update(MD5_SHA1_CTX *mctx, const void *data, size_t count)
|
|---|
| 28 | {
|
|---|
| 29 | if (!MD5_Update(&mctx->md5, data, count))
|
|---|
| 30 | return 0;
|
|---|
| 31 | return SHA1_Update(&mctx->sha1, data, count);
|
|---|
| 32 | }
|
|---|
| 33 |
|
|---|
| 34 | int ossl_md5_sha1_final(unsigned char *md, MD5_SHA1_CTX *mctx)
|
|---|
| 35 | {
|
|---|
| 36 | if (!MD5_Final(md, &mctx->md5))
|
|---|
| 37 | return 0;
|
|---|
| 38 | return SHA1_Final(md + MD5_DIGEST_LENGTH, &mctx->sha1);
|
|---|
| 39 | }
|
|---|
| 40 |
|
|---|
| 41 | int ossl_md5_sha1_ctrl(MD5_SHA1_CTX *mctx, int cmd, int mslen, void *ms)
|
|---|
| 42 | {
|
|---|
| 43 | unsigned char padtmp[48];
|
|---|
| 44 | unsigned char md5tmp[MD5_DIGEST_LENGTH];
|
|---|
| 45 | unsigned char sha1tmp[SHA_DIGEST_LENGTH];
|
|---|
| 46 |
|
|---|
| 47 | if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
|
|---|
| 48 | return -2;
|
|---|
| 49 |
|
|---|
| 50 | if (mctx == NULL)
|
|---|
| 51 | return 0;
|
|---|
| 52 |
|
|---|
| 53 | /* SSLv3 client auth handling: see RFC-6101 5.6.8 */
|
|---|
| 54 | if (mslen != 48)
|
|---|
| 55 | return 0;
|
|---|
| 56 |
|
|---|
| 57 | /* At this point hash contains all handshake messages, update
|
|---|
| 58 | * with master secret and pad_1.
|
|---|
| 59 | */
|
|---|
| 60 |
|
|---|
| 61 | if (ossl_md5_sha1_update(mctx, ms, mslen) <= 0)
|
|---|
| 62 | return 0;
|
|---|
| 63 |
|
|---|
| 64 | /* Set padtmp to pad_1 value */
|
|---|
| 65 | memset(padtmp, 0x36, sizeof(padtmp));
|
|---|
| 66 |
|
|---|
| 67 | if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp)))
|
|---|
| 68 | return 0;
|
|---|
| 69 |
|
|---|
| 70 | if (!MD5_Final(md5tmp, &mctx->md5))
|
|---|
| 71 | return 0;
|
|---|
| 72 |
|
|---|
| 73 | if (!SHA1_Update(&mctx->sha1, padtmp, 40))
|
|---|
| 74 | return 0;
|
|---|
| 75 |
|
|---|
| 76 | if (!SHA1_Final(sha1tmp, &mctx->sha1))
|
|---|
| 77 | return 0;
|
|---|
| 78 |
|
|---|
| 79 | /* Reinitialise context */
|
|---|
| 80 |
|
|---|
| 81 | if (!ossl_md5_sha1_init(mctx))
|
|---|
| 82 | return 0;
|
|---|
| 83 |
|
|---|
| 84 | if (ossl_md5_sha1_update(mctx, ms, mslen) <= 0)
|
|---|
| 85 | return 0;
|
|---|
| 86 |
|
|---|
| 87 | /* Set padtmp to pad_2 value */
|
|---|
| 88 | memset(padtmp, 0x5c, sizeof(padtmp));
|
|---|
| 89 |
|
|---|
| 90 | if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp)))
|
|---|
| 91 | return 0;
|
|---|
| 92 |
|
|---|
| 93 | if (!MD5_Update(&mctx->md5, md5tmp, sizeof(md5tmp)))
|
|---|
| 94 | return 0;
|
|---|
| 95 |
|
|---|
| 96 | if (!SHA1_Update(&mctx->sha1, padtmp, 40))
|
|---|
| 97 | return 0;
|
|---|
| 98 |
|
|---|
| 99 | if (!SHA1_Update(&mctx->sha1, sha1tmp, sizeof(sha1tmp)))
|
|---|
| 100 | return 0;
|
|---|
| 101 |
|
|---|
| 102 | /* Now when ctx is finalised it will return the SSL v3 hash value */
|
|---|
| 103 |
|
|---|
| 104 | OPENSSL_cleanse(md5tmp, sizeof(md5tmp));
|
|---|
| 105 | OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp));
|
|---|
| 106 |
|
|---|
| 107 | return 1;
|
|---|
| 108 | }
|
|---|
