l2n(sha1->h4, md_out);
}
-#define LARGEST_DIGEST_CTX SHA_CTX
-
-#ifndef OPENSSL_NO_SHA256
static void tls1_sha256_final_raw(void *ctx, unsigned char *md_out)
{
SHA256_CTX *sha256 = ctx;
}
}
-# undef LARGEST_DIGEST_CTX
-# define LARGEST_DIGEST_CTX SHA256_CTX
-#endif
-
-#ifndef OPENSSL_NO_SHA512
static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out)
{
SHA512_CTX *sha512 = ctx;
}
}
-# undef LARGEST_DIGEST_CTX
-# define LARGEST_DIGEST_CTX SHA512_CTX
-#endif
+#undef LARGEST_DIGEST_CTX
+#define LARGEST_DIGEST_CTX SHA512_CTX
/*
* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
switch (EVP_MD_CTX_type(ctx)) {
case NID_md5:
case NID_sha1:
-#ifndef OPENSSL_NO_SHA256
case NID_sha224:
case NID_sha256:
-#endif
-#ifndef OPENSSL_NO_SHA512
case NID_sha384:
case NID_sha512:
-#endif
return 1;
default:
return 0;
(void (*)(void *ctx, const unsigned char *block))SHA1_Transform;
md_size = 20;
break;
-#ifndef OPENSSL_NO_SHA256
case NID_sha224:
SHA224_Init((SHA256_CTX *)md_state.c);
md_final_raw = tls1_sha256_final_raw;
(void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
md_size = 32;
break;
-#endif
-#ifndef OPENSSL_NO_SHA512
case NID_sha384:
SHA384_Init((SHA512_CTX *)md_state.c);
md_final_raw = tls1_sha512_final_raw;
md_block_size = 128;
md_length_size = 16;
break;
-#endif
default:
/*
* ssl3_cbc_record_digest_supported should have been called first to
if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE)
return;
block_size = EVP_MD_CTX_block_size(mac_ctx);
- /*-
- * We are in FIPS mode if we get this far so we know we have only SHA*
- * digests and TLS to deal with.
- * Minimum digest padding length is 17 for SHA384/SHA512 and 9
- * otherwise.
- * Additional header is 13 bytes. To get the number of digest blocks
- * processed round up the amount of data plus padding to the nearest
- * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise.
- * So we have:
- * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size
- * equivalently:
- * blocks = (payload_len + digest_pad + 12)/block_size + 1
- * HMAC adds a constant overhead.
- * We're ultimately only interested in differences so this becomes
- * blocks = (payload_len + 29)/128
- * for SHA384/SHA512 and
- * blocks = (payload_len + 21)/64
- * otherwise.
- */
+ /*-
+ * We are in FIPS mode if we get this far so we know we have only SHA*
+ * digests and TLS to deal with.
+ * Minimum digest padding length is 17 for SHA384/SHA512 and 9
+ * otherwise.
+ * Additional header is 13 bytes. To get the number of digest blocks
+ * processed round up the amount of data plus padding to the nearest
+ * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise.
+ * So we have:
+ * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size
+ * equivalently:
+ * blocks = (payload_len + digest_pad + 12)/block_size + 1
+ * HMAC adds a constant overhead.
+ * We're ultimately only interested in differences so this becomes
+ * blocks = (payload_len + 29)/128
+ * for SHA384/SHA512 and
+ * blocks = (payload_len + 21)/64
+ * otherwise.
+ */
digest_pad = block_size == 64 ? 21 : 29;
blocks_orig = (orig_len + digest_pad) / block_size;
blocks_data = (data_len + digest_pad) / block_size;