/src/boringssl/crypto/digest_extra/digest_extra.c

Source (jump to first uncovered line)
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.] */

#include <openssl/digest.h>

#include <string.h>

#include <openssl/blake2.h>
#include <openssl/bytestring.h>
#include <openssl/obj.h>
#include <openssl/md4.h>
#include <openssl/md5.h>
#include <openssl/nid.h>

#include "../asn1/internal.h"
#include "../internal.h"
#include "../fipsmodule/digest/internal.h"


struct nid_to_digest {
  int nid;
  const EVP_MD* (*md_func)(void);
  const char *short_name;
  const char *long_name;
};

static const struct nid_to_digest nid_to_digest_mapping[] = {
    {NID_md4, EVP_md4, SN_md4, LN_md4},
    {NID_md5, EVP_md5, SN_md5, LN_md5},
    {NID_sha1, EVP_sha1, SN_sha1, LN_sha1},
    {NID_sha224, EVP_sha224, SN_sha224, LN_sha224},
    {NID_sha256, EVP_sha256, SN_sha256, LN_sha256},
    {NID_sha384, EVP_sha384, SN_sha384, LN_sha384},
    {NID_sha512, EVP_sha512, SN_sha512, LN_sha512},
    {NID_sha512_256, EVP_sha512_256, SN_sha512_256, LN_sha512_256},
    {NID_md5_sha1, EVP_md5_sha1, SN_md5_sha1, LN_md5_sha1},
    // As a remnant of signing |EVP_MD|s, OpenSSL returned the corresponding
    // hash function when given a signature OID. To avoid unintended lax parsing
    // of hash OIDs, this is no longer supported for lookup by OID or NID.
    // Node.js, however, exposes |EVP_get_digestbyname|'s full behavior to
    // consumers so we retain it there.
    {NID_undef, EVP_sha1, SN_dsaWithSHA, LN_dsaWithSHA},
    {NID_undef, EVP_sha1, SN_dsaWithSHA1, LN_dsaWithSHA1},
    {NID_undef, EVP_sha1, SN_ecdsa_with_SHA1, NULL},
    {NID_undef, EVP_md5, SN_md5WithRSAEncryption, LN_md5WithRSAEncryption},
    {NID_undef, EVP_sha1, SN_sha1WithRSAEncryption, LN_sha1WithRSAEncryption},
    {NID_undef, EVP_sha224, SN_sha224WithRSAEncryption,
     LN_sha224WithRSAEncryption},
    {NID_undef, EVP_sha256, SN_sha256WithRSAEncryption,
     LN_sha256WithRSAEncryption},
    {NID_undef, EVP_sha384, SN_sha384WithRSAEncryption,
     LN_sha384WithRSAEncryption},
    {NID_undef, EVP_sha512, SN_sha512WithRSAEncryption,
     LN_sha512WithRSAEncryption},
};

const EVP_MD* EVP_get_digestbynid(int nid) {
  if (nid == NID_undef) {
    // Skip the |NID_undef| entries in |nid_to_digest_mapping|.
    return NULL;
  }

  for (unsigned i = 0; i < OPENSSL_ARRAY_SIZE(nid_to_digest_mapping); i++) {
    if (nid_to_digest_mapping[i].nid == nid) {
      return nid_to_digest_mapping[i].md_func();
    }
  }

  return NULL;
}

static const struct {
  uint8_t oid[9];
  uint8_t oid_len;
  int nid;
} kMDOIDs[] = {
  // 1.2.840.113549.2.4
  { {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x04}, 8, NID_md4 },
  // 1.2.840.113549.2.5
  { {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05}, 8, NID_md5 },
  // 1.3.14.3.2.26
  { {0x2b, 0x0e, 0x03, 0x02, 0x1a}, 5, NID_sha1 },
  // 2.16.840.1.101.3.4.2.1
  { {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01}, 9, NID_sha256 },
  // 2.16.840.1.101.3.4.2.2
  { {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02}, 9, NID_sha384 },
  // 2.16.840.1.101.3.4.2.3
  { {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03}, 9, NID_sha512 },
  // 2.16.840.1.101.3.4.2.4
  { {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04}, 9, NID_sha224 },
};

static const EVP_MD *cbs_to_md(const CBS *cbs) {
  for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kMDOIDs); i++) {
    if (CBS_len(cbs) == kMDOIDs[i].oid_len &&
        OPENSSL_memcmp(CBS_data(cbs), kMDOIDs[i].oid, kMDOIDs[i].oid_len) ==
            0) {
      return EVP_get_digestbynid(kMDOIDs[i].nid);
    }
  }

  return NULL;
}

const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *obj) {
  // Handle objects with no corresponding OID. Note we don't use |OBJ_obj2nid|
  // here to avoid pulling in the OID table.
  if (obj->nid != NID_undef) {
    return EVP_get_digestbynid(obj->nid);
  }

  CBS cbs;
  CBS_init(&cbs, OBJ_get0_data(obj), OBJ_length(obj));
  return cbs_to_md(&cbs);
}

const EVP_MD *EVP_parse_digest_algorithm(CBS *cbs) {
  CBS algorithm, oid;
  if (!CBS_get_asn1(cbs, &algorithm, CBS_ASN1_SEQUENCE) ||
      !CBS_get_asn1(&algorithm, &oid, CBS_ASN1_OBJECT)) {
    OPENSSL_PUT_ERROR(DIGEST, DIGEST_R_DECODE_ERROR);
    return NULL;
  }

  const EVP_MD *ret = cbs_to_md(&oid);
  if (ret == NULL) {
    OPENSSL_PUT_ERROR(DIGEST, DIGEST_R_UNKNOWN_HASH);
    return NULL;
  }

  // The parameters, if present, must be NULL. Historically, whether the NULL
  // was included or omitted was not well-specified. When parsing an
  // AlgorithmIdentifier, we allow both. (Note this code is not used when
  // verifying RSASSA-PKCS1-v1_5 signatures.)
  if (CBS_len(&algorithm) > 0) {
    CBS param;
    if (!CBS_get_asn1(&algorithm, &param, CBS_ASN1_NULL) ||
        CBS_len(&param) != 0 ||
        CBS_len(&algorithm) != 0) {
      OPENSSL_PUT_ERROR(DIGEST, DIGEST_R_DECODE_ERROR);
      return NULL;
    }
  }

  return ret;
}

int EVP_marshal_digest_algorithm(CBB *cbb, const EVP_MD *md) {
  CBB algorithm, oid, null;
  if (!CBB_add_asn1(cbb, &algorithm, CBS_ASN1_SEQUENCE) ||
      !CBB_add_asn1(&algorithm, &oid, CBS_ASN1_OBJECT)) {
    return 0;
  }

  int found = 0;
  int nid = EVP_MD_type(md);
  for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kMDOIDs); i++) {
    if (nid == kMDOIDs[i].nid) {
      if (!CBB_add_bytes(&oid, kMDOIDs[i].oid, kMDOIDs[i].oid_len)) {
        return 0;
      }
      found = 1;
      break;
    }
  }

  if (!found) {
    OPENSSL_PUT_ERROR(DIGEST, DIGEST_R_UNKNOWN_HASH);
    return 0;
  }

  // TODO(crbug.com/boringssl/710): Is this correct? See RFC 4055, section 2.1.
  if (!CBB_add_asn1(&algorithm, &null, CBS_ASN1_NULL) ||
      !CBB_flush(cbb)) {
    return 0;
  }

  return 1;
}

const EVP_MD *EVP_get_digestbyname(const char *name) {
  for (unsigned i = 0; i < OPENSSL_ARRAY_SIZE(nid_to_digest_mapping); i++) {
    const char *short_name = nid_to_digest_mapping[i].short_name;
    const char *long_name = nid_to_digest_mapping[i].long_name;
    if ((short_name && strcmp(short_name, name) == 0) ||
        (long_name && strcmp(long_name, name) == 0)) {
      return nid_to_digest_mapping[i].md_func();
    }
  }

  return NULL;
}

static void blake2b256_init(EVP_MD_CTX *ctx) { BLAKE2B256_Init(ctx->md_data); }

static void blake2b256_update(EVP_MD_CTX *ctx, const void *data, size_t len) {
  BLAKE2B256_Update(ctx->md_data, data, len);
}

static void blake2b256_final(EVP_MD_CTX *ctx, uint8_t *md) {
  BLAKE2B256_Final(md, ctx->md_data);
}

static const EVP_MD evp_md_blake2b256 = {
  NID_undef,
  BLAKE2B256_DIGEST_LENGTH,
  0,
  blake2b256_init,
  blake2b256_update,
  blake2b256_final,
  BLAKE2B_CBLOCK,
  sizeof(BLAKE2B_CTX),
};

const EVP_MD *EVP_blake2b256(void) { return &evp_md_blake2b256; }


static void md4_init(EVP_MD_CTX *ctx) {
  BSSL_CHECK(MD4_Init(ctx->md_data));
}

static void md4_update(EVP_MD_CTX *ctx, const void *data, size_t count) {
  BSSL_CHECK(MD4_Update(ctx->md_data, data, count));
}

static void md4_final(EVP_MD_CTX *ctx, uint8_t *out) {
  BSSL_CHECK(MD4_Final(out, ctx->md_data));
}

static const EVP_MD evp_md_md4 = {
  NID_md4,
  MD4_DIGEST_LENGTH,
  0,
  md4_init,
  md4_update,
  md4_final,
  64,
  sizeof(MD4_CTX),
};

const EVP_MD *EVP_md4(void) { return &evp_md_md4; }

static void md5_init(EVP_MD_CTX *ctx) {
  BSSL_CHECK(MD5_Init(ctx->md_data));
}

static void md5_update(EVP_MD_CTX *ctx, const void *data, size_t count) {
  BSSL_CHECK(MD5_Update(ctx->md_data, data, count));
}

static void md5_final(EVP_MD_CTX *ctx, uint8_t *out) {
  BSSL_CHECK(MD5_Final(out, ctx->md_data));
}

static const EVP_MD evp_md_md5 = {
  NID_md5,
  MD5_DIGEST_LENGTH,
  0,
  md5_init,
  md5_update,
  md5_final,
  64,
  sizeof(MD5_CTX),
};

const EVP_MD *EVP_md5(void) { return &evp_md_md5; }

typedef struct {
  MD5_CTX md5;
  SHA_CTX sha1;
} MD5_SHA1_CTX;

static void md5_sha1_init(EVP_MD_CTX *md_ctx) {
  MD5_SHA1_CTX *ctx = md_ctx->md_data;
  BSSL_CHECK(MD5_Init(&ctx->md5) && SHA1_Init(&ctx->sha1));
}

static void md5_sha1_update(EVP_MD_CTX *md_ctx, const void *data,
                            size_t count) {
  MD5_SHA1_CTX *ctx = md_ctx->md_data;
  BSSL_CHECK(MD5_Update(&ctx->md5, data, count) &&
        SHA1_Update(&ctx->sha1, data, count));
}

static void md5_sha1_final(EVP_MD_CTX *md_ctx, uint8_t *out) {
  MD5_SHA1_CTX *ctx = md_ctx->md_data;
  BSSL_CHECK(MD5_Final(out, &ctx->md5) &&
        SHA1_Final(out + MD5_DIGEST_LENGTH, &ctx->sha1));
}

const EVP_MD evp_md_md5_sha1 = {
  NID_md5_sha1,
  MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
  0,
  md5_sha1_init,
  md5_sha1_update,
  md5_sha1_final,
  64,
  sizeof(MD5_SHA1_CTX),
};

const EVP_MD *EVP_md5_sha1(void) { return &evp_md_md5_sha1; }

Coverage Report

Created: 2024-11-21 07:03

Line	Count	Source (jump to first uncovered line)
1		/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2		* All rights reserved.
3		*
4		* This package is an SSL implementation written
5		* by Eric Young (eay@cryptsoft.com).
6		* The implementation was written so as to conform with Netscapes SSL.
7		*
8		* This library is free for commercial and non-commercial use as long as
9		* the following conditions are aheared to. The following conditions
10		* apply to all code found in this distribution, be it the RC4, RSA,
11		* lhash, DES, etc., code; not just the SSL code. The SSL documentation
12		* included with this distribution is covered by the same copyright terms
13		* except that the holder is Tim Hudson (tjh@cryptsoft.com).
14		*
15		* Copyright remains Eric Young's, and as such any Copyright notices in
16		* the code are not to be removed.
17		* If this package is used in a product, Eric Young should be given attribution
18		* as the author of the parts of the library used.
19		* This can be in the form of a textual message at program startup or
20		* in documentation (online or textual) provided with the package.
21		*
22		* Redistribution and use in source and binary forms, with or without
23		* modification, are permitted provided that the following conditions
24		* are met:
25		* 1. Redistributions of source code must retain the copyright
26		* notice, this list of conditions and the following disclaimer.
27		* 2. Redistributions in binary form must reproduce the above copyright
28		* notice, this list of conditions and the following disclaimer in the
29		* documentation and/or other materials provided with the distribution.
30		* 3. All advertising materials mentioning features or use of this software
31		* must display the following acknowledgement:
32		* "This product includes cryptographic software written by
33		* Eric Young (eay@cryptsoft.com)"
34		* The word 'cryptographic' can be left out if the rouines from the library
35		* being used are not cryptographic related :-).
36		* 4. If you include any Windows specific code (or a derivative thereof) from
37		* the apps directory (application code) you must include an acknowledgement:
38		* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39		*
40		* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41		* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42		* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43		* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44		* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45		* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46		* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47		* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48		* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49		* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50		* SUCH DAMAGE.
51		*
52		* The licence and distribution terms for any publically available version or
53		* derivative of this code cannot be changed. i.e. this code cannot simply be
54		* copied and put under another distribution licence
55		* [including the GNU Public Licence.] */
56
57		#include <openssl/digest.h>
58
59		#include <string.h>
60
61		#include <openssl/blake2.h>
62		#include <openssl/bytestring.h>
63		#include <openssl/obj.h>
64		#include <openssl/md4.h>
65		#include <openssl/md5.h>
66		#include <openssl/nid.h>
67
68		#include "../asn1/internal.h"
69		#include "../internal.h"
70		#include "../fipsmodule/digest/internal.h"
71
72
73		struct nid_to_digest {
74		int nid;
75		const EVP_MD* (*md_func)(void);
76		const char *short_name;
77		const char *long_name;
78		};
79
80		static const struct nid_to_digest nid_to_digest_mapping[] = {
81		{NID_md4, EVP_md4, SN_md4, LN_md4},
82		{NID_md5, EVP_md5, SN_md5, LN_md5},
83		{NID_sha1, EVP_sha1, SN_sha1, LN_sha1},
84		{NID_sha224, EVP_sha224, SN_sha224, LN_sha224},
85		{NID_sha256, EVP_sha256, SN_sha256, LN_sha256},
86		{NID_sha384, EVP_sha384, SN_sha384, LN_sha384},
87		{NID_sha512, EVP_sha512, SN_sha512, LN_sha512},
88		{NID_sha512_256, EVP_sha512_256, SN_sha512_256, LN_sha512_256},
89		{NID_md5_sha1, EVP_md5_sha1, SN_md5_sha1, LN_md5_sha1},
90		// As a remnant of signing \|EVP_MD\|s, OpenSSL returned the corresponding
91		// hash function when given a signature OID. To avoid unintended lax parsing
92		// of hash OIDs, this is no longer supported for lookup by OID or NID.
93		// Node.js, however, exposes \|EVP_get_digestbyname\|'s full behavior to
94		// consumers so we retain it there.
95		{NID_undef, EVP_sha1, SN_dsaWithSHA, LN_dsaWithSHA},
96		{NID_undef, EVP_sha1, SN_dsaWithSHA1, LN_dsaWithSHA1},
97		{NID_undef, EVP_sha1, SN_ecdsa_with_SHA1, NULL},
98		{NID_undef, EVP_md5, SN_md5WithRSAEncryption, LN_md5WithRSAEncryption},
99		{NID_undef, EVP_sha1, SN_sha1WithRSAEncryption, LN_sha1WithRSAEncryption},
100		{NID_undef, EVP_sha224, SN_sha224WithRSAEncryption,
101		LN_sha224WithRSAEncryption},
102		{NID_undef, EVP_sha256, SN_sha256WithRSAEncryption,
103		LN_sha256WithRSAEncryption},
104		{NID_undef, EVP_sha384, SN_sha384WithRSAEncryption,
105		LN_sha384WithRSAEncryption},
106		{NID_undef, EVP_sha512, SN_sha512WithRSAEncryption,
107		LN_sha512WithRSAEncryption},
108		};
109
110	0	const EVP_MD* EVP_get_digestbynid(int nid) {
111	0	if (nid == NID_undef) {
112		// Skip the \|NID_undef\| entries in \|nid_to_digest_mapping\|.
113	0	return NULL;
114	0	}
115
116	0	for (unsigned i = 0; i < OPENSSL_ARRAY_SIZE(nid_to_digest_mapping); i++) {
117	0	if (nid_to_digest_mapping[i].nid == nid) {
118	0	return nid_to_digest_mapping[i].md_func();
119	0	}
120	0	}
121
122	0	return NULL;
123	0	}
124
125		static const struct {
126		uint8_t oid[9];
127		uint8_t oid_len;
128		int nid;
129		} kMDOIDs[] = {
130		// 1.2.840.113549.2.4
131		{ {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x04}, 8, NID_md4 },
132		// 1.2.840.113549.2.5
133		{ {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05}, 8, NID_md5 },
134		// 1.3.14.3.2.26
135		{ {0x2b, 0x0e, 0x03, 0x02, 0x1a}, 5, NID_sha1 },
136		// 2.16.840.1.101.3.4.2.1
137		{ {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01}, 9, NID_sha256 },
138		// 2.16.840.1.101.3.4.2.2
139		{ {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02}, 9, NID_sha384 },
140		// 2.16.840.1.101.3.4.2.3
141		{ {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03}, 9, NID_sha512 },
142		// 2.16.840.1.101.3.4.2.4
143		{ {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04}, 9, NID_sha224 },
144		};
145
146	0	static const EVP_MD cbs_to_md(const CBS cbs) {
147	0	for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kMDOIDs); i++) {
148	0	if (CBS_len(cbs) == kMDOIDs[i].oid_len &&
149	0	OPENSSL_memcmp(CBS_data(cbs), kMDOIDs[i].oid, kMDOIDs[i].oid_len) ==
150	0	0) {
151	0	return EVP_get_digestbynid(kMDOIDs[i].nid);
152	0	}
153	0	}
154
155	0	return NULL;
156	0	}
157
158	0	const EVP_MD EVP_get_digestbyobj(const ASN1_OBJECT obj) {
159		// Handle objects with no corresponding OID. Note we don't use \|OBJ_obj2nid\|
160		// here to avoid pulling in the OID table.
161	0	if (obj->nid != NID_undef) {
162	0	return EVP_get_digestbynid(obj->nid);
163	0	}
164
165	0	CBS cbs;
166	0	CBS_init(&cbs, OBJ_get0_data(obj), OBJ_length(obj));
167	0	return cbs_to_md(&cbs);
168	0	}
169
170	0	const EVP_MD EVP_parse_digest_algorithm(CBS cbs) {
171	0	CBS algorithm, oid;
172	0	if (!CBS_get_asn1(cbs, &algorithm, CBS_ASN1_SEQUENCE) \|\|
173	0	!CBS_get_asn1(&algorithm, &oid, CBS_ASN1_OBJECT)) {
174	0	OPENSSL_PUT_ERROR(DIGEST, DIGEST_R_DECODE_ERROR);
175	0	return NULL;
176	0	}
177
178	0	const EVP_MD *ret = cbs_to_md(&oid);
179	0	if (ret == NULL) {
180	0	OPENSSL_PUT_ERROR(DIGEST, DIGEST_R_UNKNOWN_HASH);
181	0	return NULL;
182	0	}
183
184		// The parameters, if present, must be NULL. Historically, whether the NULL
185		// was included or omitted was not well-specified. When parsing an
186		// AlgorithmIdentifier, we allow both. (Note this code is not used when
187		// verifying RSASSA-PKCS1-v1_5 signatures.)
188	0	if (CBS_len(&algorithm) > 0) {
189	0	CBS param;
190	0	if (!CBS_get_asn1(&algorithm, &param, CBS_ASN1_NULL) \|\|
191	0	CBS_len(&param) != 0 \|\|
192	0	CBS_len(&algorithm) != 0) {
193	0	OPENSSL_PUT_ERROR(DIGEST, DIGEST_R_DECODE_ERROR);
194	0	return NULL;
195	0	}
196	0	}
197
198	0	return ret;
199	0	}
200
201	0	int EVP_marshal_digest_algorithm(CBB cbb, const EVP_MD md) {
202	0	CBB algorithm, oid, null;
203	0	if (!CBB_add_asn1(cbb, &algorithm, CBS_ASN1_SEQUENCE) \|\|
204	0	!CBB_add_asn1(&algorithm, &oid, CBS_ASN1_OBJECT)) {
205	0	return 0;
206	0	}
207
208	0	int found = 0;
209	0	int nid = EVP_MD_type(md);
210	0	for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kMDOIDs); i++) {
211	0	if (nid == kMDOIDs[i].nid) {
212	0	if (!CBB_add_bytes(&oid, kMDOIDs[i].oid, kMDOIDs[i].oid_len)) {
213	0	return 0;
214	0	}
215	0	found = 1;
216	0	break;
217	0	}
218	0	}
219
220	0	if (!found) {
221	0	OPENSSL_PUT_ERROR(DIGEST, DIGEST_R_UNKNOWN_HASH);
222	0	return 0;
223	0	}
224
225		// TODO(crbug.com/boringssl/710): Is this correct? See RFC 4055, section 2.1.
226	0	if (!CBB_add_asn1(&algorithm, &null, CBS_ASN1_NULL) \|\|
227	0	!CBB_flush(cbb)) {
228	0	return 0;
229	0	}
230
231	0	return 1;
232	0	}
233
234	0	const EVP_MD EVP_get_digestbyname(const char name) {
235	0	for (unsigned i = 0; i < OPENSSL_ARRAY_SIZE(nid_to_digest_mapping); i++) {
236	0	const char *short_name = nid_to_digest_mapping[i].short_name;
237	0	const char *long_name = nid_to_digest_mapping[i].long_name;
238	0	if ((short_name && strcmp(short_name, name) == 0) \|\|
239	0	(long_name && strcmp(long_name, name) == 0)) {
240	0	return nid_to_digest_mapping[i].md_func();
241	0	}
242	0	}
243
244	0	return NULL;
245	0	}
246
247	100	static void blake2b256_init(EVP_MD_CTX *ctx) { BLAKE2B256_Init(ctx->md_data); }
248
249	9.04k	static void blake2b256_update(EVP_MD_CTX ctx, const void data, size_t len) {
250	9.04k	BLAKE2B256_Update(ctx->md_data, data, len);
251	9.04k	}
252
253	2.29k	static void blake2b256_final(EVP_MD_CTX ctx, uint8_t md) {
254	2.29k	BLAKE2B256_Final(md, ctx->md_data);
255	2.29k	}
256
257		static const EVP_MD evp_md_blake2b256 = {
258		NID_undef,
259		BLAKE2B256_DIGEST_LENGTH,
260		0,
261		blake2b256_init,
262		blake2b256_update,
263		blake2b256_final,
264		BLAKE2B_CBLOCK,
265		sizeof(BLAKE2B_CTX),
266		};
267
268	2	const EVP_MD *EVP_blake2b256(void) { return &evp_md_blake2b256; }
269
270
271	576	static void md4_init(EVP_MD_CTX *ctx) {
272	576	BSSL_CHECK(MD4_Init(ctx->md_data));
273	576	}
274
275	14.8k	static void md4_update(EVP_MD_CTX ctx, const void data, size_t count) {
276	14.8k	BSSL_CHECK(MD4_Update(ctx->md_data, data, count));
277	14.8k	}
278
279	2.97k	static void md4_final(EVP_MD_CTX ctx, uint8_t out) {
280	2.97k	BSSL_CHECK(MD4_Final(out, ctx->md_data));
281	2.97k	}
282
283		static const EVP_MD evp_md_md4 = {
284		NID_md4,
285		MD4_DIGEST_LENGTH,
286		0,
287		md4_init,
288		md4_update,
289		md4_final,
290		64,
291		sizeof(MD4_CTX),
292		};
293
294	6	const EVP_MD *EVP_md4(void) { return &evp_md_md4; }
295
296	179	static void md5_init(EVP_MD_CTX *ctx) {
297	179	BSSL_CHECK(MD5_Init(ctx->md_data));
298	179	}
299
300	10.8k	static void md5_update(EVP_MD_CTX ctx, const void data, size_t count) {
301	10.8k	BSSL_CHECK(MD5_Update(ctx->md_data, data, count));
302	10.8k	}
303
304	3.26k	static void md5_final(EVP_MD_CTX ctx, uint8_t out) {
305	3.26k	BSSL_CHECK(MD5_Final(out, ctx->md_data));
306	3.26k	}
307
308		static const EVP_MD evp_md_md5 = {
309		NID_md5,
310		MD5_DIGEST_LENGTH,
311		0,
312		md5_init,
313		md5_update,
314		md5_final,
315		64,
316		sizeof(MD5_CTX),
317		};
318
319	6	const EVP_MD *EVP_md5(void) { return &evp_md_md5; }
320
321		typedef struct {
322		MD5_CTX md5;
323		SHA_CTX sha1;
324		} MD5_SHA1_CTX;
325
326	351	static void md5_sha1_init(EVP_MD_CTX *md_ctx) {
327	351	MD5_SHA1_CTX *ctx = md_ctx->md_data;
328	351	BSSL_CHECK(MD5_Init(&ctx->md5) && SHA1_Init(&ctx->sha1));
329	351	}
330
331		static void md5_sha1_update(EVP_MD_CTX md_ctx, const void data,
332	4.22k	size_t count) {
333	4.22k	MD5_SHA1_CTX *ctx = md_ctx->md_data;
334	4.22k	BSSL_CHECK(MD5_Update(&ctx->md5, data, count) &&
335	4.22k	SHA1_Update(&ctx->sha1, data, count));
336	4.22k	}
337
338	1.74k	static void md5_sha1_final(EVP_MD_CTX md_ctx, uint8_t out) {
339	1.74k	MD5_SHA1_CTX *ctx = md_ctx->md_data;
340	1.74k	BSSL_CHECK(MD5_Final(out, &ctx->md5) &&
341	1.74k	SHA1_Final(out + MD5_DIGEST_LENGTH, &ctx->sha1));
342	1.74k	}
343
344		const EVP_MD evp_md_md5_sha1 = {
345		NID_md5_sha1,
346		MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
347		0,
348		md5_sha1_init,
349		md5_sha1_update,
350		md5_sha1_final,
351		64,
352		sizeof(MD5_SHA1_CTX),
353		};
354
355	6	const EVP_MD *EVP_md5_sha1(void) { return &evp_md_md5_sha1; }