/src/openssl/providers/implementations/digests/sha2_prov.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | /* |
11 | | * SHA low level APIs are deprecated for public use, but still ok for |
12 | | * internal use. |
13 | | */ |
14 | | #include "internal/deprecated.h" |
15 | | |
16 | | #include <openssl/byteorder.h> |
17 | | #include <openssl/crypto.h> |
18 | | #include <openssl/core_dispatch.h> |
19 | | #include <openssl/evp.h> |
20 | | #include <openssl/err.h> |
21 | | #include <openssl/sha.h> |
22 | | #include <openssl/params.h> |
23 | | #include <openssl/proverr.h> |
24 | | #include <openssl/core_names.h> |
25 | | #include "prov/digestcommon.h" |
26 | | #include "prov/implementations.h" |
27 | | #include "crypto/sha.h" |
28 | | #include "internal/common.h" |
29 | | #include "providers/implementations/digests/sha2_prov.inc" |
30 | | |
31 | | #define SHA2_FLAGS PROV_DIGEST_FLAG_ALGID_ABSENT |
32 | | |
33 | | /* Special set_params method for SSL3 */ |
34 | | static int sha1_set_ctx_params(void *vctx, const OSSL_PARAM params[]) |
35 | 13.3k | { |
36 | 13.3k | struct sha1_set_ctx_params_st p; |
37 | 13.3k | SHA_CTX *ctx = (SHA_CTX *)vctx; |
38 | | |
39 | 13.3k | if (ossl_unlikely(ctx == NULL || !sha1_set_ctx_params_decoder(params, &p))) |
40 | 0 | return 0; |
41 | | |
42 | 13.3k | if (p.ssl3_ms != NULL) |
43 | 0 | return ossl_sha1_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET, |
44 | 0 | (int)p.ssl3_ms->data_size, p.ssl3_ms->data); |
45 | | |
46 | 13.3k | return 1; |
47 | 13.3k | } |
48 | | |
49 | | static const OSSL_PARAM *sha1_settable_ctx_params(ossl_unused void *ctx, |
50 | | ossl_unused void *provctx) |
51 | 0 | { |
52 | 0 | return sha1_set_ctx_params_list; |
53 | 0 | } |
54 | | |
55 | | static const unsigned char sha256magic[] = "SHA256v1"; |
56 | 0 | #define SHA256MAGIC_LEN (sizeof(sha256magic) - 1) |
57 | | #define SHA256_SERIALIZATION_LEN \ |
58 | 0 | ( \ |
59 | 0 | SHA256MAGIC_LEN /* magic */ \ |
60 | 0 | + sizeof(uint32_t) /* c->md_len */ \ |
61 | 0 | + sizeof(uint32_t) * 8 /* c->h */ \ |
62 | 0 | + sizeof(uint32_t) * 2 /* c->Nl + c->Nh */ \ |
63 | 0 | + sizeof(uint32_t) * SHA_LBLOCK /* c->data */ \ |
64 | 0 | + sizeof(uint32_t) /* c->num */ \ |
65 | 0 | ) |
66 | | |
67 | | static int SHA256_Serialize(SHA256_CTX *c, unsigned char *out, |
68 | | size_t *outlen) |
69 | 0 | { |
70 | 0 | unsigned char *p; |
71 | 0 | unsigned long i; |
72 | |
|
73 | 0 | if (out == NULL) { |
74 | 0 | if (outlen == NULL) |
75 | 0 | return 0; |
76 | | |
77 | 0 | *outlen = SHA256_SERIALIZATION_LEN; |
78 | 0 | return 1; |
79 | 0 | } |
80 | | |
81 | 0 | if (outlen != NULL && *outlen < SHA256_SERIALIZATION_LEN) |
82 | 0 | return 0; |
83 | | |
84 | 0 | p = out; |
85 | | |
86 | | /* Magic code */ |
87 | 0 | memcpy(p, sha256magic, SHA256MAGIC_LEN); |
88 | 0 | p += SHA256MAGIC_LEN; |
89 | | |
90 | | /* md_len */ |
91 | 0 | p = OPENSSL_store_u32_le(p, c->md_len); |
92 | | |
93 | | /* h */ |
94 | 0 | for (i = 0; i < sizeof(c->h) / sizeof(SHA_LONG); i++) |
95 | 0 | p = OPENSSL_store_u32_le(p, c->h[i]); |
96 | | |
97 | | /* Nl, Nh */ |
98 | 0 | p = OPENSSL_store_u32_le(p, c->Nl); |
99 | 0 | p = OPENSSL_store_u32_le(p, c->Nh); |
100 | | |
101 | | /* data */ |
102 | 0 | for (i = 0; i < SHA_LBLOCK; i++) |
103 | 0 | p = OPENSSL_store_u32_le(p, c->data[i]); |
104 | | |
105 | | /* num */ |
106 | 0 | p = OPENSSL_store_u32_le(p, c->num); |
107 | |
|
108 | 0 | if (outlen != NULL) |
109 | 0 | *outlen = SHA256_SERIALIZATION_LEN; |
110 | |
|
111 | 0 | return 1; |
112 | 0 | } |
113 | | |
114 | | static int SHA256_Deserialize(SHA256_CTX *c, const unsigned char *in, |
115 | | size_t inlen) |
116 | 0 | { |
117 | 0 | const unsigned char *p; |
118 | 0 | uint32_t val; |
119 | 0 | unsigned long i; |
120 | |
|
121 | 0 | if (c == NULL || in == NULL || inlen != SHA256_SERIALIZATION_LEN) |
122 | 0 | return 0; |
123 | | |
124 | | /* Magic code check */ |
125 | 0 | if (memcmp(in, sha256magic, SHA256MAGIC_LEN) != 0) |
126 | 0 | return 0; |
127 | | |
128 | 0 | p = in + SHA256MAGIC_LEN; |
129 | | |
130 | | /* md_len check */ |
131 | 0 | p = OPENSSL_load_u32_le(&val, p); |
132 | 0 | if ((unsigned int)val != c->md_len) { |
133 | 0 | return 0; |
134 | 0 | } |
135 | | |
136 | | /* h */ |
137 | 0 | for (i = 0; i < (sizeof(c->h) / sizeof(SHA_LONG)); i++) { |
138 | 0 | p = OPENSSL_load_u32_le(&val, p); |
139 | 0 | c->h[i] = (SHA_LONG)val; |
140 | 0 | } |
141 | | |
142 | | /* Nl, Nh */ |
143 | 0 | p = OPENSSL_load_u32_le(&val, p); |
144 | 0 | c->Nl = (SHA_LONG)val; |
145 | 0 | p = OPENSSL_load_u32_le(&val, p); |
146 | 0 | c->Nh = (SHA_LONG)val; |
147 | | |
148 | | /* data */ |
149 | 0 | for (i = 0; i < SHA_LBLOCK; i++) { |
150 | 0 | p = OPENSSL_load_u32_le(&val, p); |
151 | 0 | c->data[i] = (SHA_LONG)val; |
152 | 0 | } |
153 | | |
154 | | /* num */ |
155 | 0 | p = OPENSSL_load_u32_le(&val, p); |
156 | 0 | c->num = (unsigned int)val; |
157 | |
|
158 | 0 | return 1; |
159 | 0 | } |
160 | | |
161 | | static const unsigned char sha512magic[] = "SHA512v1"; |
162 | 0 | #define SHA512MAGIC_LEN (sizeof(sha512magic) - 1) |
163 | | #define SHA512_SERIALIZATION_LEN \ |
164 | 0 | ( \ |
165 | 0 | SHA512MAGIC_LEN /* magic */ \ |
166 | 0 | + sizeof(uint32_t) /* c->md_len */ \ |
167 | 0 | + sizeof(uint64_t) * 8 /* c->h */ \ |
168 | 0 | + sizeof(uint64_t) * 2 /* c->Nl + c->Nh */ \ |
169 | 0 | + SHA512_CBLOCK /* c->u.d/c->u.p */ \ |
170 | 0 | + sizeof(uint32_t) /* c->num */ \ |
171 | 0 | ) |
172 | | |
173 | | static int SHA512_Serialize(SHA512_CTX *c, unsigned char *out, |
174 | | size_t *outlen) |
175 | 0 | { |
176 | 0 | unsigned char *p; |
177 | 0 | unsigned long i; |
178 | |
|
179 | 0 | if (out == NULL) { |
180 | 0 | if (outlen == NULL) |
181 | 0 | return 0; |
182 | | |
183 | 0 | *outlen = SHA512_SERIALIZATION_LEN; |
184 | 0 | return 1; |
185 | 0 | } |
186 | | |
187 | 0 | if (outlen != NULL && *outlen < SHA512_SERIALIZATION_LEN) |
188 | 0 | return 0; |
189 | | |
190 | 0 | p = out; |
191 | | |
192 | | /* Magic code */ |
193 | 0 | memcpy(p, sha512magic, SHA512MAGIC_LEN); |
194 | 0 | p += SHA512MAGIC_LEN; |
195 | | |
196 | | /* md_len */ |
197 | 0 | p = OPENSSL_store_u32_le(p, c->md_len); |
198 | | |
199 | | /* h */ |
200 | 0 | for (i = 0; i < sizeof(c->h) / sizeof(SHA_LONG64); i++) |
201 | 0 | p = OPENSSL_store_u64_le(p, c->h[i]); |
202 | | |
203 | | /* Nl, Nh */ |
204 | 0 | p = OPENSSL_store_u64_le(p, c->Nl); |
205 | 0 | p = OPENSSL_store_u64_le(p, c->Nh); |
206 | | |
207 | | /* data */ |
208 | 0 | memcpy(p, c->u.p, SHA512_CBLOCK); |
209 | 0 | p += SHA512_CBLOCK; |
210 | | |
211 | | /* num */ |
212 | 0 | p = OPENSSL_store_u32_le(p, c->num); |
213 | |
|
214 | 0 | if (outlen != NULL) |
215 | 0 | *outlen = SHA512_SERIALIZATION_LEN; |
216 | |
|
217 | 0 | return 1; |
218 | 0 | } |
219 | | |
220 | | static int SHA512_Deserialize(SHA512_CTX *c, const unsigned char *in, |
221 | | size_t inlen) |
222 | 0 | { |
223 | 0 | const unsigned char *p; |
224 | 0 | uint32_t val32; |
225 | 0 | uint64_t val; |
226 | 0 | unsigned long i; |
227 | |
|
228 | 0 | if (c == NULL || in == NULL || inlen != SHA512_SERIALIZATION_LEN) |
229 | 0 | return 0; |
230 | | |
231 | | /* Magic code */ |
232 | 0 | if (memcmp(in, sha512magic, SHA512MAGIC_LEN) != 0) |
233 | 0 | return 0; |
234 | | |
235 | 0 | p = in + SHA512MAGIC_LEN; |
236 | | |
237 | | /* md_len check */ |
238 | 0 | p = OPENSSL_load_u32_le(&val32, p); |
239 | 0 | if ((unsigned int)val32 != c->md_len) |
240 | 0 | return 0; |
241 | | |
242 | | /* h */ |
243 | 0 | for (i = 0; i < (sizeof(c->h) / sizeof(SHA_LONG64)); i++) { |
244 | 0 | p = OPENSSL_load_u64_le(&val, p); |
245 | 0 | c->h[i] = (SHA_LONG64)val; |
246 | 0 | } |
247 | | |
248 | | /* Nl, Nh */ |
249 | 0 | p = OPENSSL_load_u64_le(&val, p); |
250 | 0 | c->Nl = (SHA_LONG64)val; |
251 | 0 | p = OPENSSL_load_u64_le(&val, p); |
252 | 0 | c->Nh = (SHA_LONG64)val; |
253 | | |
254 | | /* data */ |
255 | 0 | memcpy(c->u.p, p, SHA512_CBLOCK); |
256 | 0 | p += SHA512_CBLOCK; |
257 | | |
258 | | /* num */ |
259 | 0 | p = OPENSSL_load_u32_le(&val32, p); |
260 | 0 | c->num = (unsigned int)val32; |
261 | |
|
262 | 0 | return 1; |
263 | 0 | } |
264 | | |
265 | | /* ossl_sha1_functions */ |
266 | 13.3k | IMPLEMENT_digest_functions_with_settable_ctx( Unexecuted instantiation: sha2_prov.c:sha1_newctx Unexecuted instantiation: sha2_prov.c:sha1_dupctx |
267 | 13.3k | sha1, SHA_CTX, SHA_CBLOCK, SHA_DIGEST_LENGTH, SHA2_FLAGS, |
268 | 13.3k | SHA1_Init, SHA1_Update, SHA1_Final, |
269 | 13.3k | sha1_settable_ctx_params, sha1_set_ctx_params) |
270 | 13.3k | |
271 | 13.3k | /* ossl_sha224_functions */ |
272 | 13.3k | IMPLEMENT_digest_functions_with_serialize(sha224, SHA256_CTX, Unexecuted instantiation: sha2_prov.c:sha224_newctx Unexecuted instantiation: sha2_prov.c:sha224_dupctx |
273 | 0 | SHA256_CBLOCK, SHA224_DIGEST_LENGTH, |
274 | 0 | SHA2_FLAGS, SHA224_Init, |
275 | 0 | SHA224_Update, SHA224_Final, |
276 | 0 | SHA256_Serialize, SHA256_Deserialize) |
277 | 0 |
|
278 | 0 | /* ossl_sha256_functions */ |
279 | 103k | IMPLEMENT_digest_functions_with_serialize(sha256, SHA256_CTX, Unexecuted instantiation: sha2_prov.c:sha256_newctx Unexecuted instantiation: sha2_prov.c:sha256_dupctx |
280 | 103k | SHA256_CBLOCK, SHA256_DIGEST_LENGTH, |
281 | 103k | SHA2_FLAGS, SHA256_Init, |
282 | 103k | SHA256_Update, SHA256_Final, |
283 | 103k | SHA256_Serialize, SHA256_Deserialize) |
284 | 103k | /* ossl_sha256_192_internal_functions */ |
285 | 103k | IMPLEMENT_digest_functions_with_serialize(sha256_192_internal, SHA256_CTX, Unexecuted instantiation: sha2_prov.c:sha256_192_internal_newctx Unexecuted instantiation: sha2_prov.c:sha256_192_internal_dupctx |
286 | 0 | SHA256_CBLOCK, SHA256_192_DIGEST_LENGTH, |
287 | 0 | SHA2_FLAGS, ossl_sha256_192_init, |
288 | 0 | SHA256_Update, SHA256_Final, |
289 | 0 | SHA256_Serialize, SHA256_Deserialize) |
290 | 0 | /* ossl_sha384_functions */ |
291 | 0 | IMPLEMENT_digest_functions_with_serialize(sha384, SHA512_CTX, Unexecuted instantiation: sha2_prov.c:sha384_newctx Unexecuted instantiation: sha2_prov.c:sha384_dupctx |
292 | 0 | SHA512_CBLOCK, SHA384_DIGEST_LENGTH, |
293 | 0 | SHA2_FLAGS, SHA384_Init, |
294 | 0 | SHA384_Update, SHA384_Final, |
295 | 0 | SHA512_Serialize, SHA512_Deserialize) |
296 | 0 |
|
297 | 0 | /* ossl_sha512_functions */ |
298 | 16 | IMPLEMENT_digest_functions_with_serialize(sha512, SHA512_CTX, Unexecuted instantiation: sha2_prov.c:sha512_newctx Unexecuted instantiation: sha2_prov.c:sha512_dupctx |
299 | 16 | SHA512_CBLOCK, SHA512_DIGEST_LENGTH, |
300 | 16 | SHA2_FLAGS, SHA512_Init, |
301 | 16 | SHA512_Update, SHA512_Final, |
302 | 16 | SHA512_Serialize, SHA512_Deserialize) |
303 | 16 | |
304 | 16 | /* ossl_sha512_224_functions */ |
305 | 16 | IMPLEMENT_digest_functions_with_serialize(sha512_224, SHA512_CTX, Unexecuted instantiation: sha2_prov.c:sha512_224_newctx Unexecuted instantiation: sha2_prov.c:sha512_224_dupctx |
306 | 0 | SHA512_CBLOCK, SHA224_DIGEST_LENGTH, |
307 | 0 | SHA2_FLAGS, sha512_224_init, |
308 | 0 | SHA512_Update, SHA512_Final, |
309 | 0 | SHA512_Serialize, SHA512_Deserialize) |
310 | 0 |
|
311 | 0 | /* ossl_sha512_256_functions */ |
312 | | IMPLEMENT_digest_functions_with_serialize(sha512_256, SHA512_CTX, Unexecuted instantiation: sha2_prov.c:sha512_256_newctx Unexecuted instantiation: sha2_prov.c:sha512_256_dupctx |
313 | | SHA512_CBLOCK, SHA256_DIGEST_LENGTH, |
314 | | SHA2_FLAGS, sha512_256_init, |
315 | | SHA512_Update, SHA512_Final, |
316 | | SHA512_Serialize, SHA512_Deserialize) |