/*
- * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include "internal/cryptlib.h"
#include <openssl/evp.h>
-#include <openssl/md5.h>
+#ifndef FIPS_MODULE
+# include <openssl/md5.h>
+#endif
#include <openssl/sha.h>
char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
int ssl3_cbc_digest_record(const EVP_MD *md,
unsigned char *md_out,
size_t *md_out_size,
- const unsigned char header[13],
+ const unsigned char *header,
const unsigned char *data,
- size_t data_plus_mac_size,
+ size_t data_size,
size_t data_plus_mac_plus_padding_size,
const unsigned char *mac_secret,
size_t mac_secret_length, char is_sslv3);
*/
#define MAX_HASH_BLOCK_SIZE 128
+#ifndef FIPS_MODULE
/*
* u32toLE serializes an unsigned, 32-bit number (n) as four bytes at (p) in
* little-endian order. The value of p is advanced by four.
*/
-#define u32toLE(n, p) \
- (*((p)++)=(unsigned char)(n), \
- *((p)++)=(unsigned char)(n>>8), \
- *((p)++)=(unsigned char)(n>>16), \
- *((p)++)=(unsigned char)(n>>24))
+# define u32toLE(n, p) \
+ (*((p)++)=(unsigned char)(n), \
+ *((p)++)=(unsigned char)(n>>8), \
+ *((p)++)=(unsigned char)(n>>16), \
+ *((p)++)=(unsigned char)(n>>24))
/*
* These functions serialize the state of a hash and thus perform the
u32toLE(md5->C, md_out);
u32toLE(md5->D, md_out);
}
+#endif /* FIPS_MODULE */
static void tls1_sha1_final_raw(void *ctx, unsigned char *md_out)
{
#undef LARGEST_DIGEST_CTX
#define LARGEST_DIGEST_CTX SHA512_CTX
-/*
- * ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
- * which ssl3_cbc_digest_record supports.
- */
-char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
-{
- switch (EVP_MD_CTX_type(ctx)) {
- case NID_md5:
- case NID_sha1:
- case NID_sha224:
- case NID_sha256:
- case NID_sha384:
- case NID_sha512:
- return 1;
- default:
- return 0;
- }
-}
-
/*-
* ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS
* record.
* md_out_size: if non-NULL, the number of output bytes is written here.
* header: the 13-byte, TLS record header.
* data: the record data itself, less any preceding explicit IV.
- * data_plus_mac_size: the secret, reported length of the data and MAC
- * once the padding has been removed.
+ * data_size: the secret, reported length of the data once the MAC and padding
+ * has been removed.
* data_plus_mac_plus_padding_size: the public length of the whole
- * record, including padding.
+ * record, including MAC and padding.
* is_sslv3: non-zero if we are to use SSLv3. Otherwise, TLS.
*
- * On entry: by virtue of having been through one of the remove_padding
- * functions, above, we know that data_plus_mac_size is large enough to contain
- * a padding byte and MAC. (If the padding was invalid, it might contain the
- * padding too. )
+ * On entry: we know that data is data_plus_mac_plus_padding_size in length
* Returns 1 on success or 0 on error
*/
int ssl3_cbc_digest_record(const EVP_MD *md,
unsigned char *md_out,
size_t *md_out_size,
- const unsigned char header[13],
+ const unsigned char *header,
const unsigned char *data,
- size_t data_plus_mac_size,
+ size_t data_size,
size_t data_plus_mac_plus_padding_size,
const unsigned char *mac_secret,
size_t mac_secret_length, char is_sslv3)
if (!ossl_assert(data_plus_mac_plus_padding_size < 1024 * 1024))
return 0;
- switch (EVP_MD_type(md)) {
- case NID_md5:
+ if (EVP_MD_is_a(md, "MD5")) {
+#ifdef FIPS_MODULE
+ return 0;
+#else
if (MD5_Init((MD5_CTX *)md_state.c) <= 0)
return 0;
md_final_raw = tls1_md5_final_raw;
md_size = 16;
sslv3_pad_length = 48;
length_is_big_endian = 0;
- break;
- case NID_sha1:
+#endif
+ } else if (EVP_MD_is_a(md, "SHA1")) {
if (SHA1_Init((SHA_CTX *)md_state.c) <= 0)
return 0;
md_final_raw = tls1_sha1_final_raw;
md_transform =
(void (*)(void *ctx, const unsigned char *block))SHA1_Transform;
md_size = 20;
- break;
- case NID_sha224:
+ } else if (EVP_MD_is_a(md, "SHA2-224")) {
if (SHA224_Init((SHA256_CTX *)md_state.c) <= 0)
return 0;
md_final_raw = tls1_sha256_final_raw;
md_transform =
(void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
md_size = 224 / 8;
- break;
- case NID_sha256:
+ } else if (EVP_MD_is_a(md, "SHA2-256")) {
if (SHA256_Init((SHA256_CTX *)md_state.c) <= 0)
return 0;
md_final_raw = tls1_sha256_final_raw;
md_transform =
(void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
md_size = 32;
- break;
- case NID_sha384:
+ } else if (EVP_MD_is_a(md, "SHA2-384")) {
if (SHA384_Init((SHA512_CTX *)md_state.c) <= 0)
return 0;
md_final_raw = tls1_sha512_final_raw;
md_size = 384 / 8;
md_block_size = 128;
md_length_size = 16;
- break;
- case NID_sha512:
+ } else if (EVP_MD_is_a(md, "SHA2-512")) {
if (SHA512_Init((SHA512_CTX *)md_state.c) <= 0)
return 0;
md_final_raw = tls1_sha512_final_raw;
md_size = 64;
md_block_size = 128;
md_length_size = 16;
- break;
- default:
+ } else {
/*
* ssl3_cbc_record_digest_supported should have been called first to
* check that the hash function is supported.
/*
* mac_end_offset is the index just past the end of the data to be MACed.
*/
- mac_end_offset = data_plus_mac_size + header_length - md_size;
+ mac_end_offset = data_size + header_length;
/*
* c is the index of the 0x80 byte in the final hash block that contains
* application data.
|| EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0)
goto err;
}
- /* TODO(size_t): Convert me */
ret = EVP_DigestFinal(md_ctx, md_out, &md_out_size_u);
if (ret && md_out_size)
*md_out_size = md_out_size_u;