summaryrefslogtreecommitdiff
path: root/digest-openssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'digest-openssl.c')
-rw-r--r--digest-openssl.c166
1 files changed, 166 insertions, 0 deletions
diff --git a/digest-openssl.c b/digest-openssl.c
new file mode 100644
index 000000000..863d37d03
--- /dev/null
+++ b/digest-openssl.c
@@ -0,0 +1,166 @@
1/* $OpenBSD: digest-openssl.c,v 1.2 2014/02/02 03:44:31 djm Exp $ */
2/*
3 * Copyright (c) 2013 Damien Miller <djm@mindrot.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include "includes.h"
19
20#include <sys/types.h>
21#include <limits.h>
22#include <stdlib.h>
23#include <string.h>
24
25#include <openssl/evp.h>
26
27#include "openbsd-compat/openssl-compat.h"
28
29#include "buffer.h"
30#include "digest.h"
31
32struct ssh_digest_ctx {
33 int alg;
34 EVP_MD_CTX mdctx;
35};
36
37struct ssh_digest {
38 int id;
39 const char *name;
40 size_t digest_len;
41 const EVP_MD *(*mdfunc)(void);
42};
43
44/* NB. Indexed directly by algorithm number */
45const struct ssh_digest digests[] = {
46 { SSH_DIGEST_MD5, "MD5", 16, EVP_md5 },
47 { SSH_DIGEST_RIPEMD160, "RIPEMD160", 20, EVP_ripemd160 },
48 { SSH_DIGEST_SHA1, "SHA1", 20, EVP_sha1 },
49#ifdef HAVE_EVP_SHA256 /* XXX replace with local if missing */
50 { SSH_DIGEST_SHA256, "SHA256", 32, EVP_sha256 },
51 { SSH_DIGEST_SHA384, "SHA384", 48, EVP_sha384 },
52 { SSH_DIGEST_SHA512, "SHA512", 64, EVP_sha512 },
53#endif
54 { -1, NULL, 0, NULL },
55};
56
57static const struct ssh_digest *
58ssh_digest_by_alg(int alg)
59{
60 if (alg < 0 || alg >= SSH_DIGEST_MAX)
61 return NULL;
62 if (digests[alg].id != alg) /* sanity */
63 return NULL;
64 return &(digests[alg]);
65}
66
67size_t
68ssh_digest_bytes(int alg)
69{
70 const struct ssh_digest *digest = ssh_digest_by_alg(alg);
71
72 return digest == NULL ? 0 : digest->digest_len;
73}
74
75size_t
76ssh_digest_blocksize(struct ssh_digest_ctx *ctx)
77{
78 return EVP_MD_CTX_block_size(&ctx->mdctx);
79}
80
81struct ssh_digest_ctx *
82ssh_digest_start(int alg)
83{
84 const struct ssh_digest *digest = ssh_digest_by_alg(alg);
85 struct ssh_digest_ctx *ret;
86
87 if (digest == NULL || ((ret = calloc(1, sizeof(*ret))) == NULL))
88 return NULL;
89 ret->alg = alg;
90 EVP_MD_CTX_init(&ret->mdctx);
91 if (EVP_DigestInit_ex(&ret->mdctx, digest->mdfunc(), NULL) != 1) {
92 free(ret);
93 return NULL;
94 }
95 return ret;
96}
97
98int
99ssh_digest_copy_state(struct ssh_digest_ctx *from, struct ssh_digest_ctx *to)
100{
101 /* we have bcopy-style order while openssl has memcpy-style */
102 if (!EVP_MD_CTX_copy_ex(&to->mdctx, &from->mdctx))
103 return -1;
104 return 0;
105}
106
107int
108ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen)
109{
110 if (EVP_DigestUpdate(&ctx->mdctx, m, mlen) != 1)
111 return -1;
112 return 0;
113}
114
115int
116ssh_digest_update_buffer(struct ssh_digest_ctx *ctx, const Buffer *b)
117{
118 return ssh_digest_update(ctx, buffer_ptr(b), buffer_len(b));
119}
120
121int
122ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen)
123{
124 const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg);
125 u_int l = dlen;
126
127 if (dlen > UINT_MAX)
128 return -1;
129 if (dlen < digest->digest_len) /* No truncation allowed */
130 return -1;
131 if (EVP_DigestFinal_ex(&ctx->mdctx, d, &l) != 1)
132 return -1;
133 if (l != digest->digest_len) /* sanity */
134 return -1;
135 return 0;
136}
137
138void
139ssh_digest_free(struct ssh_digest_ctx *ctx)
140{
141 if (ctx != NULL) {
142 EVP_MD_CTX_cleanup(&ctx->mdctx);
143 explicit_bzero(ctx, sizeof(*ctx));
144 free(ctx);
145 }
146}
147
148int
149ssh_digest_memory(int alg, const void *m, size_t mlen, u_char *d, size_t dlen)
150{
151 struct ssh_digest_ctx *ctx = ssh_digest_start(alg);
152
153 if (ctx == NULL)
154 return -1;
155 if (ssh_digest_update(ctx, m, mlen) != 0 ||
156 ssh_digest_final(ctx, d, dlen) != 0)
157 return -1;
158 ssh_digest_free(ctx);
159 return 0;
160}
161
162int
163ssh_digest_buffer(int alg, const Buffer *b, u_char *d, size_t dlen)
164{
165 return ssh_digest_memory(alg, buffer_ptr(b), buffer_len(b), d, dlen);
166}