Add ssl3 ctrl to EVP_md5_sha1().

Add a ctrl to EVP_md5_sha1() to handle the additional operations needed to handle SSL v3 client authentication and finished message. Reviewed-by: N Tim Hudson <tjh@openssl.org>

Add ssl3 ctrl to EVP_md5_sha1().
Add a ctrl to EVP_md5_sha1() to handle the additional operations needed to handle SSL v3 client authentication and finished message. Reviewed-by: N Tim Hudson <tjh@openssl.org>
93972b8c · Dr. Stephen Henson · e3e11e99 · 93972b8c · 93972b8c
隐藏空白更改
内联并排

Showing with 72 addition and 0 deletion

crypto/evp/m_md5_sha1.c crypto/evp/m_md5_sha1.c +70 -0

include/openssl/evp.h include/openssl/evp.h +2 -0

未找到文件。
--- a/crypto/evp/m_md5_sha1.c
+++ b/crypto/evp/m_md5_sha1.c
@@ -59,6 +59,7 @@
 # include <openssl/x509.h>
 # include <openssl/md5.h>
 # include <openssl/sha.h>
+# include "internal/cryptlib.h"
 # ifndef OPENSSL_NO_RSA
 #  include <openssl/rsa.h>
 # endif
@@ -92,6 +93,74 @@ static int final(EVP_MD_CTX *ctx, unsigned char *md)
    return SHA1_Final(md + MD5_DIGEST_LENGTH, &mctx->sha1);
 }

+static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms)
+{
+    unsigned char padtmp[48];
+    unsigned char md5tmp[MD5_DIGEST_LENGTH];
+    unsigned char sha1tmp[SHA_DIGEST_LENGTH];
+    struct md5_sha1_ctx *mctx = ctx->md_data;
+
+    if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
+        return 0;
+
+    /* SSLv3 client auth handling: see RFC-6101 5.6.8 */
+    if (mslen != 48)
+        return 0;
+
+    /* At this point hash contains all handshake messages, update
+     * with master secret and pad_1.
+     */
+
+    if (update(ctx, ms, mslen) <= 0)
+        return 0;
+
+    /* Set padtmp to pad_1 value */
+    memset(padtmp, 0x36, sizeof(padtmp));
+
+    if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp)))
+        return 0;
+
+    if (!MD5_Final(md5tmp, &mctx->md5))
+        return 0;
+
+    if (!SHA1_Update(&mctx->sha1, padtmp, 40))
+        return 0;
+
+    if (!SHA1_Final(sha1tmp, &mctx->sha1))
+        return 0;
+
+    /* Reinitialise context */
+
+    if (!init(ctx))
+        return 0;
+
+    if (update(ctx, ms, mslen) <= 0)
+        return 0;
+
+    /* Set padtmp to pad_2 value */
+    memset(padtmp, 0x5c, sizeof(padtmp));
+
+    if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp)))
+        return 0;
+
+    if (!MD5_Update(&mctx->md5, md5tmp, sizeof(md5tmp)))
+        return 0;
+
+    if (!SHA1_Update(&mctx->sha1, padtmp, 40))
+        return 0;
+
+    if (!SHA1_Update(&mctx->sha1, sha1tmp, sizeof(sha1tmp)))
+        return 0;
+
+    /* Now when ctx is finalised it will return the SSL v3 hash value */
+
+    OPENSSL_cleanse(md5tmp, sizeof(md5tmp));
+    OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp));
+
+    return 1;
+
+}
+
 static const EVP_MD md5_sha1_md = {
    NID_md5_sha1,
    NID_md5_sha1,
@@ -105,6 +174,7 @@ static const EVP_MD md5_sha1_md = {
    EVP_PKEY_RSA_method,
    MD5_CBLOCK,
    sizeof(EVP_MD *) + sizeof(struct md5_sha1_ctx),
+    ctrl
 };

 const EVP_MD *EVP_md5_sha1(void)

--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -427,6 +427,8 @@ struct evp_cipher_st {
 # define         EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT      0x1b
 # define         EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE  0x1c

+# define         EVP_CTRL_SSL3_MASTER_SECRET             0x1d
+
 /* RFC 5246 defines additional data to be 13 bytes in length */
 # define         EVP_AEAD_TLS1_AAD_LEN           13