Tree - source-git/krb5 - CentOS Git server

source-git / krb5

Blame src/lib/crypto/openssl/hash_provider/hash_evp.c

Blob History Raw

Packit	fd8b60	`/* -- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -- */`
Packit	fd8b60	`/* lib/crypto/openssl/hash_provider/hash_evp.c - OpenSSL hash providers */`
Packit	fd8b60	`/*`
Packit	fd8b60	`* Copyright (C) 2015 by the Massachusetts Institute of Technology.`
Packit	fd8b60	`* All rights reserved.`
Packit	fd8b60	`*`
Packit	fd8b60	`* Redistribution and use in source and binary forms, with or without`
Packit	fd8b60	`* modification, are permitted provided that the following conditions`
Packit	fd8b60	`* are met:`
Packit	fd8b60	`*`
Packit	fd8b60	`* * Redistributions of source code must retain the above copyright`
Packit	fd8b60	`* notice, this list of conditions and the following disclaimer.`
Packit	fd8b60	`*`
Packit	fd8b60	`* * Redistributions in binary form must reproduce the above copyright`
Packit	fd8b60	`* notice, this list of conditions and the following disclaimer in`
Packit	fd8b60	`* the documentation and/or other materials provided with the`
Packit	fd8b60	`* distribution.`
Packit	fd8b60	`*`
Packit	fd8b60	`* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS`
Packit	fd8b60	`* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT`
Packit	fd8b60	`* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS`
Packit	fd8b60	`* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE`
Packit	fd8b60	`* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,`
Packit	fd8b60	`* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES`
Packit	fd8b60	`* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR`
Packit	fd8b60	`* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)`
Packit	fd8b60	`* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,`
Packit	fd8b60	`* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)`
Packit	fd8b60	`* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED`
Packit	fd8b60	`* OF THE POSSIBILITY OF SUCH DAMAGE.`
Packit	fd8b60	`*/`
Packit	fd8b60
Packit	fd8b60	`#include "crypto_int.h"`
Packit	fd8b60	`#include <openssl/evp.h>`
Packit	fd8b60
Packit	fd8b60	`static krb5_error_code`
Packit	fd8b60	`hash_evp(const EVP_MD type, const krb5_crypto_iov data, size_t num_data,`
Packit	fd8b60	`krb5_data *output)`
Packit	fd8b60	`{`
Packit	fd8b60	`EVP_MD_CTX *ctx;`
Packit	fd8b60	`const krb5_data *d;`
Packit	fd8b60	`size_t i;`
Packit	fd8b60	`int ok;`
Packit	fd8b60
Packit	fd8b60	`if (output->length != (unsigned int)EVP_MD_size(type))`
Packit	fd8b60	`return KRB5_CRYPTO_INTERNAL;`
Packit	fd8b60
Packit	fd8b60	`ctx = EVP_MD_CTX_new();`
Packit	fd8b60	`if (ctx == NULL)`
Packit	fd8b60	`return ENOMEM;`
Packit	fd8b60
rpm-build	10ee26	`if (type == EVP_md4() \|\| type == EVP_md5()) {`
rpm-build	10ee26	`/* See comments below in hash_md4() and hash_md5(). */`
rpm-build	10ee26	`EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);`
rpm-build	10ee26	`}`
rpm-build	10ee26
Packit	fd8b60	`ok = EVP_DigestInit_ex(ctx, type, NULL);`
Packit	fd8b60	`for (i = 0; i < num_data; i++) {`
Packit	fd8b60	`if (!SIGN_IOV(&data[i]))`
Packit	fd8b60	`continue;`
Packit	fd8b60	`d = &data[i].data;`
Packit	fd8b60	`ok = ok && EVP_DigestUpdate(ctx, d->data, d->length);`
Packit	fd8b60	`}`
Packit	fd8b60	`ok = ok && EVP_DigestFinal_ex(ctx, (uint8_t *)output->data, NULL);`
Packit	fd8b60	`EVP_MD_CTX_free(ctx);`
Packit	fd8b60	`return ok ? 0 : KRB5_CRYPTO_INTERNAL;`
Packit	fd8b60	`}`
Packit	fd8b60
Packit	fd8b60	`static krb5_error_code`
Packit	fd8b60	`hash_md4(const krb5_crypto_iov data, size_t num_data, krb5_data output)`
Packit	fd8b60	`{`
rpm-build	10ee26	`/*`
rpm-build	10ee26	`* MD4 is needed in FIPS mode to perform key generation for RC4 keys used`
rpm-build	10ee26	`* by IPA. These keys are only used along a (separately) secured channel`
rpm-build	10ee26	`* for legacy reasons when performing trusts to Active Directory.`
rpm-build	10ee26	`*/`
Packit	fd8b60	`return hash_evp(EVP_md4(), data, num_data, output);`
Packit	fd8b60	`}`
Packit	fd8b60
Packit	fd8b60	`static krb5_error_code`
Packit	fd8b60	`hash_md5(const krb5_crypto_iov data, size_t num_data, krb5_data output)`
Packit	fd8b60	`{`
rpm-build	10ee26	`/* MD5 is needed in FIPS mode for communication with RADIUS servers. This`
rpm-build	10ee26	`* is gated in libkrad by libdefaults->radius_md5_fips_override. */`
Packit	fd8b60	`return hash_evp(EVP_md5(), data, num_data, output);`
Packit	fd8b60	`}`
Packit	fd8b60
Packit	fd8b60	`static krb5_error_code`
Packit	fd8b60	`hash_sha1(const krb5_crypto_iov data, size_t num_data, krb5_data output)`
Packit	fd8b60	`{`
Packit	fd8b60	`return hash_evp(EVP_sha1(), data, num_data, output);`
Packit	fd8b60	`}`
Packit	fd8b60
Packit	fd8b60	`static krb5_error_code`
Packit	fd8b60	`hash_sha256(const krb5_crypto_iov data, size_t num_data, krb5_data output)`
Packit	fd8b60	`{`
Packit	fd8b60	`return hash_evp(EVP_sha256(), data, num_data, output);`
Packit	fd8b60	`}`
Packit	fd8b60
Packit	fd8b60	`static krb5_error_code`
Packit	fd8b60	`hash_sha384(const krb5_crypto_iov data, size_t num_data, krb5_data output)`
Packit	fd8b60	`{`
Packit	fd8b60	`return hash_evp(EVP_sha384(), data, num_data, output);`
Packit	fd8b60	`}`
Packit	fd8b60
Packit	fd8b60	`const struct krb5_hash_provider krb5int_hash_md4 = {`
Packit	fd8b60	`"MD4", 16, 64, hash_md4`
Packit	fd8b60	`};`
Packit	fd8b60
Packit	fd8b60	`const struct krb5_hash_provider krb5int_hash_md5 = {`
Packit	fd8b60	`"MD5", 16, 64, hash_md5`
Packit	fd8b60	`};`
Packit	fd8b60
Packit	fd8b60	`const struct krb5_hash_provider krb5int_hash_sha1 = {`
Packit	fd8b60	`"SHA1", 20, 64, hash_sha1`
Packit	fd8b60	`};`
Packit	fd8b60
Packit	fd8b60	`const struct krb5_hash_provider krb5int_hash_sha256 = {`
Packit	fd8b60	`"SHA-256", 32, 64, hash_sha256`
Packit	fd8b60	`};`
Packit	fd8b60
Packit	fd8b60	`const struct krb5_hash_provider krb5int_hash_sha384 = {`
Packit	fd8b60	`"SHA-384", 48, 128, hash_sha384`
Packit	fd8b60	`};`

source-git / krb5

Source Code

Blame src/lib/crypto/openssl/hash_provider/hash_evp.c