Add an EVP interface that provides concatenated MD5+SHA1 hashes, which are

used in various parts of TLS 1.0/1.1. This will allow for code simplification in libssl. The same interface exists in OpenSSL 1.1. ok beck@ deraadt@ inoguchi@ millert@
author: jsing <> 2017-02-28 14:15:37 +0000
committer: jsing <> 2017-02-28 14:15:37 +0000
commit: f96f1c1c67ea18091fd9c2931b6544d268dc00c5 (patch)
tree: 2539caf54ac751f30ddb7c36d52b988a41e9b202
parent: 0fc1ecba8b07a85745508a25f9b6ef8d408033eb (diff)
download: openbsd-f96f1c1c67ea18091fd9c2931b6544d268dc00c5.tar.gz
openbsd-f96f1c1c67ea18091fd9c2931b6544d268dc00c5.tar.bz2
openbsd-f96f1c1c67ea18091fd9c2931b6544d268dc00c5.zip
4 files changed, 88 insertions, 2 deletions
diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile
index 3fb904b470..9ab1e0349d 100644
--- a/src/lib/libcrypto/Makefile
+++ b/src/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.14 2017/01/21 09:38:58 beck Exp $
+# $OpenBSD: Makefile,v 1.15 2017/02/28 14:15:37 jsing Exp $
 LIB=    crypto
@@ -158,6 +158,7 @@ SRCS+= e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c
 SRCS+= e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c
 SRCS+= e_chacha.c evp_aead.c e_chacha20poly1305.c
 SRCS+= e_gost2814789.c m_gost2814789.c m_gostr341194.c m_streebog.c
+SRCS+= m_md5_sha1.c
 # gost/
 SRCS+= gost2814789.c gost89_keywrap.c gost89_params.c gost89imit_ameth.c
diff --git a/src/lib/libcrypto/Symbols.list b/src/lib/libcrypto/Symbols.list
index ae14b1a607..16dd18f920 100644
--- a/src/lib/libcrypto/Symbols.list
+++ b/src/lib/libcrypto/Symbols.list
@@ -1505,6 +1505,7 @@ EVP_idea_ecb
 EVP_idea_ofb
 EVP_md4
 EVP_md5
+EVP_md5_sha1
 EVP_md_null
 EVP_rc2_40_cbc
 EVP_rc2_64_cbc
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index 75798dae8c..68e1049587 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.51 2016/05/30 13:42:54 beck Exp $ */
+/* $OpenBSD: evp.h,v 1.52 2017/02/28 14:15:37 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -659,6 +659,7 @@ const EVP_MD *EVP_md4(void);
 #endif
 #ifndef OPENSSL_NO_MD5
 const EVP_MD *EVP_md5(void);
+const EVP_MD *EVP_md5_sha1(void);
 #endif
 #ifndef OPENSSL_NO_SHA
 const EVP_MD *EVP_sha1(void);
diff --git a/src/lib/libcrypto/evp/m_md5_sha1.c b/src/lib/libcrypto/evp/m_md5_sha1.c
new file mode 100644
index 0000000000..272cdee9dd
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_md5_sha1.c
@@ -0,0 +1,83 @@
+/* $OpenBSD: m_md5_sha1.c,v 1.1 2017/02/28 14:15:37 jsing Exp $ */
+/*
+ * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <openssl/evp.h>
+#include <openssl/md5.h>
+#include <openssl/objects.h>
+#include <openssl/sha.h>
+struct md5_sha1_ctx {
+        MD5_CTX md5;
+        SHA_CTX sha1;
+};
+static int
+md5_sha1_init(EVP_MD_CTX *ctx)
+{
+        struct md5_sha1_ctx *mdctx = ctx->md_data;
+        if (!MD5_Init(&mdctx->md5))
+                return 0;
+        if (!SHA1_Init(&mdctx->sha1))
+                return 0;
+        return 1;
+}
+static int 
+md5_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+        struct md5_sha1_ctx *mdctx = ctx->md_data;
+        if (!MD5_Update(&mdctx->md5, data, count))
+                return 0;
+        if (!SHA1_Update(&mdctx->sha1, data, count))
+                return 0;
+        return 1;
+}
+static int
+md5_sha1_final(EVP_MD_CTX *ctx, unsigned char *out)
+{
+        struct md5_sha1_ctx *mdctx = ctx->md_data;
+        if (!MD5_Final(out, &mdctx->md5))
+                return 0;
+        if (!SHA1_Final(out + MD5_DIGEST_LENGTH, &mdctx->sha1))
+                return 0;
+        return 1;
+}
+static const EVP_MD md5_sha1_md = {
+        .type = NID_md5_sha1,
+        .pkey_type = NID_md5_sha1,
+        .md_size = MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
+        .flags = 0,
+        .init = md5_sha1_init,
+        .update = md5_sha1_update,
+        .final = md5_sha1_final,
+        .block_size = MD5_CBLOCK, /* MD5_CBLOCK == SHA_CBLOCK */
+        .ctx_size = sizeof(EVP_MD *) + sizeof(struct md5_sha1_ctx),
+};
+const EVP_MD *
+EVP_md5_sha1(void)
+{
+        return &md5_sha1_md;
+}
author	jsing <>	2017-02-28 14:15:37 +0000
committer	jsing <>	2017-02-28 14:15:37 +0000
commit	f96f1c1c67ea18091fd9c2931b6544d268dc00c5 (patch)
tree	2539caf54ac751f30ddb7c36d52b988a41e9b202
parent	0fc1ecba8b07a85745508a25f9b6ef8d408033eb (diff)
download	openbsd-f96f1c1c67ea18091fd9c2931b6544d268dc00c5.tar.gz openbsd-f96f1c1c67ea18091fd9c2931b6544d268dc00c5.tar.bz2 openbsd-f96f1c1c67ea18091fd9c2931b6544d268dc00c5.zip

diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile index 3fb904b470..9ab1e0349d 100644 --- a/src/lib/libcrypto/Makefile +++ b/src/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.14 2017/01/21 09:38:58 beck Exp $	1	# $OpenBSD: Makefile,v 1.15 2017/02/28 14:15:37 jsing Exp $
2		2
3	LIB= crypto	3	LIB= crypto
4		4
@@ -158,6 +158,7 @@ SRCS+= e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c
158	SRCS+= e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c	158	SRCS+= e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c
159	SRCS+= e_chacha.c evp_aead.c e_chacha20poly1305.c	159	SRCS+= e_chacha.c evp_aead.c e_chacha20poly1305.c
160	SRCS+= e_gost2814789.c m_gost2814789.c m_gostr341194.c m_streebog.c	160	SRCS+= e_gost2814789.c m_gost2814789.c m_gostr341194.c m_streebog.c
		161	SRCS+= m_md5_sha1.c
161		162
162	# gost/	163	# gost/
163	SRCS+= gost2814789.c gost89_keywrap.c gost89_params.c gost89imit_ameth.c	164	SRCS+= gost2814789.c gost89_keywrap.c gost89_params.c gost89imit_ameth.c


diff --git a/src/lib/libcrypto/Symbols.list b/src/lib/libcrypto/Symbols.list index ae14b1a607..16dd18f920 100644 --- a/src/lib/libcrypto/Symbols.list +++ b/src/lib/libcrypto/Symbols.list
@@ -1505,6 +1505,7 @@ EVP_idea_ecb
1505	EVP_idea_ofb	1505	EVP_idea_ofb
1506	EVP_md4	1506	EVP_md4
1507	EVP_md5	1507	EVP_md5
		1508	EVP_md5_sha1
1508	EVP_md_null	1509	EVP_md_null
1509	EVP_rc2_40_cbc	1510	EVP_rc2_40_cbc
1510	EVP_rc2_64_cbc	1511	EVP_rc2_64_cbc


diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h index 75798dae8c..68e1049587 100644 --- a/src/lib/libcrypto/evp/evp.h +++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: evp.h,v 1.51 2016/05/30 13:42:54 beck Exp $ */	1	/* $OpenBSD: evp.h,v 1.52 2017/02/28 14:15:37 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -659,6 +659,7 @@ const EVP_MD *EVP_md4(void);
659	#endif	659	#endif
660	#ifndef OPENSSL_NO_MD5	660	#ifndef OPENSSL_NO_MD5
661	const EVP_MD *EVP_md5(void);	661	const EVP_MD *EVP_md5(void);
		662	const EVP_MD *EVP_md5_sha1(void);
662	#endif	663	#endif
663	#ifndef OPENSSL_NO_SHA	664	#ifndef OPENSSL_NO_SHA
664	const EVP_MD *EVP_sha1(void);	665	const EVP_MD *EVP_sha1(void);


diff --git a/src/lib/libcrypto/evp/m_md5_sha1.c b/src/lib/libcrypto/evp/m_md5_sha1.c new file mode 100644 index 0000000000..272cdee9dd --- /dev/null +++ b/src/lib/libcrypto/evp/m_md5_sha1.c
@@ -0,0 +1,83 @@
		1	/* $OpenBSD: m_md5_sha1.c,v 1.1 2017/02/28 14:15:37 jsing Exp $ */
		2	/*
		3	* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
		4	*
		5	* Permission to use, copy, modify, and distribute this software for any
		6	* purpose with or without fee is hereby granted, provided that the above
		7	* copyright notice and this permission notice appear in all copies.
		8	*
		9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	*/
		17
		18	#include <openssl/evp.h>
		19	#include <openssl/md5.h>
		20	#include <openssl/objects.h>
		21	#include <openssl/sha.h>
		22
		23	struct md5_sha1_ctx {
		24	MD5_CTX md5;
		25	SHA_CTX sha1;
		26	};
		27
		28	static int
		29	md5_sha1_init(EVP_MD_CTX *ctx)
		30	{
		31	struct md5_sha1_ctx *mdctx = ctx->md_data;
		32
		33	if (!MD5_Init(&mdctx->md5))
		34	return 0;
		35	if (!SHA1_Init(&mdctx->sha1))
		36	return 0;
		37
		38	return 1;
		39	}
		40
		41	static int
		42	md5_sha1_update(EVP_MD_CTX ctx, const void data, size_t count)
		43	{
		44	struct md5_sha1_ctx *mdctx = ctx->md_data;
		45
		46	if (!MD5_Update(&mdctx->md5, data, count))
		47	return 0;
		48	if (!SHA1_Update(&mdctx->sha1, data, count))
		49	return 0;
		50
		51	return 1;
		52	}
		53
		54	static int
		55	md5_sha1_final(EVP_MD_CTX ctx, unsigned char out)
		56	{
		57	struct md5_sha1_ctx *mdctx = ctx->md_data;
		58
		59	if (!MD5_Final(out, &mdctx->md5))
		60	return 0;
		61	if (!SHA1_Final(out + MD5_DIGEST_LENGTH, &mdctx->sha1))
		62	return 0;
		63
		64	return 1;
		65	}
		66
		67	static const EVP_MD md5_sha1_md = {
		68	.type = NID_md5_sha1,
		69	.pkey_type = NID_md5_sha1,
		70	.md_size = MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
		71	.flags = 0,
		72	.init = md5_sha1_init,
		73	.update = md5_sha1_update,
		74	.final = md5_sha1_final,
		75	.block_size = MD5_CBLOCK, /* MD5_CBLOCK == SHA_CBLOCK */
		76	.ctx_size = sizeof(EVP_MD *) + sizeof(struct md5_sha1_ctx),
		77	};
		78
		79	const EVP_MD *
		80	EVP_md5_sha1(void)
		81	{
		82	return &md5_sha1_md;
		83	}