Commit 93972b8c authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Add ssl3 ctrl to EVP_md5_sha1(). 



Add a ctrl to EVP_md5_sha1() to handle the additional operations needed
to handle SSL v3 client authentication and finished message.

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
parent e3e11e99

crypto/evp/m_md5_sha1.c

+70 −0
Original line number Diff line number Diff line
@@ -59,6 +59,7 @@ 
# include <openssl/x509.h>

# include <openssl/md5.h>

# include <openssl/sha.h>

# include "internal/cryptlib.h"

# ifndef OPENSSL_NO_RSA

#  include <openssl/rsa.h>

# endif
@@ -92,6 +93,74 @@ static int final(EVP_MD_CTX *ctx, unsigned char *md) 
    return SHA1_Final(md + MD5_DIGEST_LENGTH, &mctx->sha1);

}



static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms)

{

    unsigned char padtmp[48];

    unsigned char md5tmp[MD5_DIGEST_LENGTH];

    unsigned char sha1tmp[SHA_DIGEST_LENGTH];

    struct md5_sha1_ctx *mctx = ctx->md_data;



    if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)

        return 0;



    /* SSLv3 client auth handling: see RFC-6101 5.6.8 */

    if (mslen != 48)

        return 0;



    /* At this point hash contains all handshake messages, update

     * with master secret and pad_1.

     */



    if (update(ctx, ms, mslen) <= 0)

        return 0;



    /* Set padtmp to pad_1 value */

    memset(padtmp, 0x36, sizeof(padtmp));



    if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp)))

        return 0;



    if (!MD5_Final(md5tmp, &mctx->md5))

        return 0;



    if (!SHA1_Update(&mctx->sha1, padtmp, 40))

        return 0;



    if (!SHA1_Final(sha1tmp, &mctx->sha1))

        return 0;



    /* Reinitialise context */



    if (!init(ctx))

        return 0;



    if (update(ctx, ms, mslen) <= 0)

        return 0;



    /* Set padtmp to pad_2 value */

    memset(padtmp, 0x5c, sizeof(padtmp));



    if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp)))

        return 0;



    if (!MD5_Update(&mctx->md5, md5tmp, sizeof(md5tmp)))

        return 0;



    if (!SHA1_Update(&mctx->sha1, padtmp, 40))

        return 0;



    if (!SHA1_Update(&mctx->sha1, sha1tmp, sizeof(sha1tmp)))

        return 0;



    /* Now when ctx is finalised it will return the SSL v3 hash value */



    OPENSSL_cleanse(md5tmp, sizeof(md5tmp));

    OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp));



    return 1;



}



static const EVP_MD md5_sha1_md = {

    NID_md5_sha1,

    NID_md5_sha1,
@@ -105,6 +174,7 @@ static const EVP_MD md5_sha1_md = { 
    EVP_PKEY_RSA_method,

    MD5_CBLOCK,

    sizeof(EVP_MD *) + sizeof(struct md5_sha1_ctx),

    ctrl

};



const EVP_MD *EVP_md5_sha1(void)

include/openssl/evp.h

+2 −0
Original line number Diff line number Diff line
@@ -427,6 +427,8 @@ struct evp_cipher_st { 
# define         EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT      0x1b

# define         EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE  0x1c



# define         EVP_CTRL_SSL3_MASTER_SECRET             0x1d



/* RFC 5246 defines additional data to be 13 bytes in length */

# define         EVP_AEAD_TLS1_AAD_LEN           13