Commit 00f5263b authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Add ctrl for SHA1 and SSLv3 



Add SSLv3 ctrl to EVP_sha1() this is only needed if SSLv3 client
authentication is used with DSA/ECDSA.

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
parent 9cc6fa1c

crypto/evp/m_sha1.c

+55 −0
Original line number Diff line number Diff line
@@ -81,6 +81,60 @@ static int final(EVP_MD_CTX *ctx, unsigned char *md) 
    return SHA1_Final(md, ctx->md_data);

}



static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms)

{

    unsigned char padtmp[40];

    unsigned char sha1tmp[SHA_DIGEST_LENGTH];



    SHA_CTX *sha1 = ctx->md_data;



    if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)

        return 0;



    /* SSLv3 client auth handling: see RFC-6101 5.6.8 */

    if (mslen != 48)

        return 0;



    /* At this point hash contains all handshake messages, update

     * with master secret and pad_1.

     */



    if (SHA1_Update(sha1, ms, mslen) <= 0)

        return 0;



    /* Set padtmp to pad_1 value */

    memset(padtmp, 0x36, sizeof(padtmp));



    if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))

        return 0;



    if (!SHA1_Final(sha1tmp, sha1))

        return 0;



    /* Reinitialise context */



    if (!SHA1_Init(sha1))

        return 0;



    if (SHA1_Update(sha1, ms, mslen) <= 0)

        return 0;



    /* Set padtmp to pad_2 value */

    memset(padtmp, 0x5c, sizeof(padtmp));



    if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))

        return 0;



    if (!SHA1_Update(sha1, sha1tmp, sizeof(sha1tmp)))

        return 0;



    /* Now when ctx is finalised it will return the SSL v3 hash value */

    OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp));



    return 1;



}



static const EVP_MD sha1_md = {

    NID_sha1,

    NID_sha1WithRSAEncryption,
@@ -94,6 +148,7 @@ static const EVP_MD sha1_md = { 
    EVP_PKEY_NULL_method,

    SHA_CBLOCK,

    sizeof(EVP_MD *) + sizeof(SHA_CTX),

    ctrl

};



const EVP_MD *EVP_sha1(void)