fips module header inclusion fine-tunning

[openssl.git] / ssl / s3_cbc.c

diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index bffaebb0c219934fcfcae0a0c80e2a8d290834be..85f296b8078398c083cb69b498e9f71af31ffd82 100644 (file)
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -27,16 +27,18 @@
 #include "internal/cryptlib.h"
 
 #include <openssl/evp.h>
-#include <openssl/md5.h>
+#ifndef FIPS_MODULE
+# include <openssl/md5.h>
+#endif
 #include <openssl/sha.h>
 
 char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
 int ssl3_cbc_digest_record(const EVP_MD *md,
                            unsigned char *md_out,
                            size_t *md_out_size,
-                           const unsigned char header[13],
+                           const unsigned char *header,
                            const unsigned char *data,
-                           size_t data_plus_mac_size,
+                           size_t data_size,
                            size_t data_plus_mac_plus_padding_size,
                            const unsigned char *mac_secret,
                            size_t mac_secret_length, char is_sslv3);
@@ -75,15 +77,16 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
  */
 #define MAX_HASH_BLOCK_SIZE 128
 
+#ifndef FIPS_MODULE
 /*
  * u32toLE serializes an unsigned, 32-bit number (n) as four bytes at (p) in
  * little-endian order. The value of p is advanced by four.
  */
-#define u32toLE(n, p) \
-        (*((p)++)=(unsigned char)(n), \
-         *((p)++)=(unsigned char)(n>>8), \
-         *((p)++)=(unsigned char)(n>>16), \
-         *((p)++)=(unsigned char)(n>>24))
+# define u32toLE(n, p) \
+         (*((p)++)=(unsigned char)(n), \
+          *((p)++)=(unsigned char)(n>>8), \
+          *((p)++)=(unsigned char)(n>>16), \
+          *((p)++)=(unsigned char)(n>>24))
 
 /*
  * These functions serialize the state of a hash and thus perform the
@@ -98,6 +101,7 @@ static void tls1_md5_final_raw(void *ctx, unsigned char *md_out)
     u32toLE(md5->C, md_out);
     u32toLE(md5->D, md_out);
 }
+#endif /* FIPS_MODULE */
 
 static void tls1_sha1_final_raw(void *ctx, unsigned char *md_out)
 {
@@ -132,25 +136,6 @@ static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out)
 #undef  LARGEST_DIGEST_CTX
 #define LARGEST_DIGEST_CTX SHA512_CTX
 
-/*
- * ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
- * which ssl3_cbc_digest_record supports.
- */
-char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
-{
-    switch (EVP_MD_CTX_type(ctx)) {
-    case NID_md5:
-    case NID_sha1:
-    case NID_sha224:
-    case NID_sha256:
-    case NID_sha384:
-    case NID_sha512:
-        return 1;
-    default:
-        return 0;
-    }
-}
-
 /*-
  * ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS
  * record.
@@ -161,24 +146,21 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
  *   md_out_size: if non-NULL, the number of output bytes is written here.
  *   header: the 13-byte, TLS record header.
  *   data: the record data itself, less any preceding explicit IV.
- *   data_plus_mac_size: the secret, reported length of the data and MAC
- *     once the padding has been removed.
+ *   data_size: the secret, reported length of the data once the MAC and padding
+ *              has been removed.
  *   data_plus_mac_plus_padding_size: the public length of the whole
- *     record, including padding.
+ *     record, including MAC and padding.
  *   is_sslv3: non-zero if we are to use SSLv3. Otherwise, TLS.
  *
- * On entry: by virtue of having been through one of the remove_padding
- * functions, above, we know that data_plus_mac_size is large enough to contain
- * a padding byte and MAC. (If the padding was invalid, it might contain the
- * padding too. )
+ * On entry: we know that data is data_plus_mac_plus_padding_size in length
  * Returns 1 on success or 0 on error
  */
 int ssl3_cbc_digest_record(const EVP_MD *md,
                            unsigned char *md_out,
                            size_t *md_out_size,
-                           const unsigned char header[13],
+                           const unsigned char *header,
                            const unsigned char *data,
-                           size_t data_plus_mac_size,
+                           size_t data_size,
                            size_t data_plus_mac_plus_padding_size,
                            const unsigned char *mac_secret,
                            size_t mac_secret_length, char is_sslv3)
@@ -217,8 +199,10 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
     if (!ossl_assert(data_plus_mac_plus_padding_size < 1024 * 1024))
         return 0;
 
-    switch (EVP_MD_type(md)) {
-    case NID_md5:
+    if (EVP_MD_is_a(md, "MD5")) {
+#ifdef FIPS_MODULE
+        return 0;
+#else
         if (MD5_Init((MD5_CTX *)md_state.c) <= 0)
             return 0;
         md_final_raw = tls1_md5_final_raw;
@@ -227,32 +211,29 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
         md_size = 16;
         sslv3_pad_length = 48;
         length_is_big_endian = 0;
-        break;
-    case NID_sha1:
+#endif
+    } else if (EVP_MD_is_a(md, "SHA1")) {
         if (SHA1_Init((SHA_CTX *)md_state.c) <= 0)
             return 0;
         md_final_raw = tls1_sha1_final_raw;
         md_transform =
             (void (*)(void *ctx, const unsigned char *block))SHA1_Transform;
         md_size = 20;
-        break;
-    case NID_sha224:
+    } else if (EVP_MD_is_a(md, "SHA2-224")) {
         if (SHA224_Init((SHA256_CTX *)md_state.c) <= 0)
             return 0;
         md_final_raw = tls1_sha256_final_raw;
         md_transform =
             (void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
         md_size = 224 / 8;
-        break;
-    case NID_sha256:
+     } else if (EVP_MD_is_a(md, "SHA2-256")) {
         if (SHA256_Init((SHA256_CTX *)md_state.c) <= 0)
             return 0;
         md_final_raw = tls1_sha256_final_raw;
         md_transform =
             (void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
         md_size = 32;
-        break;
-    case NID_sha384:
+     } else if (EVP_MD_is_a(md, "SHA2-384")) {
         if (SHA384_Init((SHA512_CTX *)md_state.c) <= 0)
             return 0;
         md_final_raw = tls1_sha512_final_raw;
@@ -261,8 +242,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
         md_size = 384 / 8;
         md_block_size = 128;
         md_length_size = 16;
-        break;
-    case NID_sha512:
+    } else if (EVP_MD_is_a(md, "SHA2-512")) {
         if (SHA512_Init((SHA512_CTX *)md_state.c) <= 0)
             return 0;
         md_final_raw = tls1_sha512_final_raw;
@@ -271,8 +251,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
         md_size = 64;
         md_block_size = 128;
         md_length_size = 16;
-        break;
-    default:
+    } else {
         /*
          * ssl3_cbc_record_digest_supported should have been called first to
          * check that the hash function is supported.
@@ -343,7 +322,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
     /*
      * mac_end_offset is the index just past the end of the data to be MACed.
      */
-    mac_end_offset = data_plus_mac_size + header_length - md_size;
+    mac_end_offset = data_size + header_length;
     /*
      * c is the index of the 0x80 byte in the final hash block that contains
      * application data.
@@ -523,7 +502,6 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
             || EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0)
             goto err;
     }
-    /* TODO(size_t): Convert me */
     ret = EVP_DigestFinal(md_ctx, md_out, &md_out_size_u);
     if (ret && md_out_size)
         *md_out_size = md_out_size_u;