summaryrefslogtreecommitdiff
path: root/digest-openssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'digest-openssl.c')
-rw-r--r--digest-openssl.c60
1 files changed, 38 insertions, 22 deletions
diff --git a/digest-openssl.c b/digest-openssl.c
index 863d37d03..02b170341 100644
--- a/digest-openssl.c
+++ b/digest-openssl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: digest-openssl.c,v 1.2 2014/02/02 03:44:31 djm Exp $ */ 1/* $OpenBSD: digest-openssl.c,v 1.4 2014/07/03 03:26:43 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2013 Damien Miller <djm@mindrot.org> 3 * Copyright (c) 2013 Damien Miller <djm@mindrot.org>
4 * 4 *
@@ -26,8 +26,18 @@
26 26
27#include "openbsd-compat/openssl-compat.h" 27#include "openbsd-compat/openssl-compat.h"
28 28
29#include "buffer.h" 29#include "sshbuf.h"
30#include "digest.h" 30#include "digest.h"
31#include "ssherr.h"
32
33#ifndef HAVE_EVP_RIPEMD160
34# define EVP_ripemd160 NULL
35#endif /* HAVE_EVP_RIPEMD160 */
36#ifndef HAVE_EVP_SHA256
37# define EVP_sha256 NULL
38# define EVP_sha384 NULL
39# define EVP_sha512 NULL
40#endif /* HAVE_EVP_SHA256 */
31 41
32struct ssh_digest_ctx { 42struct ssh_digest_ctx {
33 int alg; 43 int alg;
@@ -46,11 +56,9 @@ const struct ssh_digest digests[] = {
46 { SSH_DIGEST_MD5, "MD5", 16, EVP_md5 }, 56 { SSH_DIGEST_MD5, "MD5", 16, EVP_md5 },
47 { SSH_DIGEST_RIPEMD160, "RIPEMD160", 20, EVP_ripemd160 }, 57 { SSH_DIGEST_RIPEMD160, "RIPEMD160", 20, EVP_ripemd160 },
48 { SSH_DIGEST_SHA1, "SHA1", 20, EVP_sha1 }, 58 { SSH_DIGEST_SHA1, "SHA1", 20, EVP_sha1 },
49#ifdef HAVE_EVP_SHA256 /* XXX replace with local if missing */
50 { SSH_DIGEST_SHA256, "SHA256", 32, EVP_sha256 }, 59 { SSH_DIGEST_SHA256, "SHA256", 32, EVP_sha256 },
51 { SSH_DIGEST_SHA384, "SHA384", 48, EVP_sha384 }, 60 { SSH_DIGEST_SHA384, "SHA384", 48, EVP_sha384 },
52 { SSH_DIGEST_SHA512, "SHA512", 64, EVP_sha512 }, 61 { SSH_DIGEST_SHA512, "SHA512", 64, EVP_sha512 },
53#endif
54 { -1, NULL, 0, NULL }, 62 { -1, NULL, 0, NULL },
55}; 63};
56 64
@@ -61,6 +69,8 @@ ssh_digest_by_alg(int alg)
61 return NULL; 69 return NULL;
62 if (digests[alg].id != alg) /* sanity */ 70 if (digests[alg].id != alg) /* sanity */
63 return NULL; 71 return NULL;
72 if (digests[alg].mdfunc == NULL)
73 return NULL;
64 return &(digests[alg]); 74 return &(digests[alg]);
65} 75}
66 76
@@ -98,9 +108,11 @@ ssh_digest_start(int alg)
98int 108int
99ssh_digest_copy_state(struct ssh_digest_ctx *from, struct ssh_digest_ctx *to) 109ssh_digest_copy_state(struct ssh_digest_ctx *from, struct ssh_digest_ctx *to)
100{ 110{
111 if (from->alg != to->alg)
112 return SSH_ERR_INVALID_ARGUMENT;
101 /* we have bcopy-style order while openssl has memcpy-style */ 113 /* we have bcopy-style order while openssl has memcpy-style */
102 if (!EVP_MD_CTX_copy_ex(&to->mdctx, &from->mdctx)) 114 if (!EVP_MD_CTX_copy_ex(&to->mdctx, &from->mdctx))
103 return -1; 115 return SSH_ERR_LIBCRYPTO_ERROR;
104 return 0; 116 return 0;
105} 117}
106 118
@@ -108,14 +120,14 @@ int
108ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen) 120ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen)
109{ 121{
110 if (EVP_DigestUpdate(&ctx->mdctx, m, mlen) != 1) 122 if (EVP_DigestUpdate(&ctx->mdctx, m, mlen) != 1)
111 return -1; 123 return SSH_ERR_LIBCRYPTO_ERROR;
112 return 0; 124 return 0;
113} 125}
114 126
115int 127int
116ssh_digest_update_buffer(struct ssh_digest_ctx *ctx, const Buffer *b) 128ssh_digest_update_buffer(struct ssh_digest_ctx *ctx, const struct sshbuf *b)
117{ 129{
118 return ssh_digest_update(ctx, buffer_ptr(b), buffer_len(b)); 130 return ssh_digest_update(ctx, sshbuf_ptr(b), sshbuf_len(b));
119} 131}
120 132
121int 133int
@@ -125,13 +137,13 @@ ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen)
125 u_int l = dlen; 137 u_int l = dlen;
126 138
127 if (dlen > UINT_MAX) 139 if (dlen > UINT_MAX)
128 return -1; 140 return SSH_ERR_INVALID_ARGUMENT;
129 if (dlen < digest->digest_len) /* No truncation allowed */ 141 if (dlen < digest->digest_len) /* No truncation allowed */
130 return -1; 142 return SSH_ERR_INVALID_ARGUMENT;
131 if (EVP_DigestFinal_ex(&ctx->mdctx, d, &l) != 1) 143 if (EVP_DigestFinal_ex(&ctx->mdctx, d, &l) != 1)
132 return -1; 144 return SSH_ERR_LIBCRYPTO_ERROR;
133 if (l != digest->digest_len) /* sanity */ 145 if (l != digest->digest_len) /* sanity */
134 return -1; 146 return SSH_ERR_INTERNAL_ERROR;
135 return 0; 147 return 0;
136} 148}
137 149
@@ -148,19 +160,23 @@ ssh_digest_free(struct ssh_digest_ctx *ctx)
148int 160int
149ssh_digest_memory(int alg, const void *m, size_t mlen, u_char *d, size_t dlen) 161ssh_digest_memory(int alg, const void *m, size_t mlen, u_char *d, size_t dlen)
150{ 162{
151 struct ssh_digest_ctx *ctx = ssh_digest_start(alg); 163 const struct ssh_digest *digest = ssh_digest_by_alg(alg);
152 164 u_int mdlen;
153 if (ctx == NULL) 165
154 return -1; 166 if (digest == NULL)
155 if (ssh_digest_update(ctx, m, mlen) != 0 || 167 return SSH_ERR_INVALID_ARGUMENT;
156 ssh_digest_final(ctx, d, dlen) != 0) 168 if (dlen > UINT_MAX)
157 return -1; 169 return SSH_ERR_INVALID_ARGUMENT;
158 ssh_digest_free(ctx); 170 if (dlen < digest->digest_len)
171 return SSH_ERR_INVALID_ARGUMENT;
172 mdlen = dlen;
173 if (!EVP_Digest(m, mlen, d, &mdlen, digest->mdfunc(), NULL))
174 return SSH_ERR_LIBCRYPTO_ERROR;
159 return 0; 175 return 0;
160} 176}
161 177
162int 178int
163ssh_digest_buffer(int alg, const Buffer *b, u_char *d, size_t dlen) 179ssh_digest_buffer(int alg, const struct sshbuf *b, u_char *d, size_t dlen)
164{ 180{
165 return ssh_digest_memory(alg, buffer_ptr(b), buffer_len(b), d, dlen); 181 return ssh_digest_memory(alg, sshbuf_ptr(b), sshbuf_len(b), d, dlen);
166} 182}