X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/b1ab9ed8d0e0f1c3b66d7daa8fd5564444c56195..e3d3b979fd185d8303f28a937baa53a187fb8c7d:/libsecurity_ssl/lib/sslDigests.c diff --git a/libsecurity_ssl/lib/sslDigests.c b/libsecurity_ssl/lib/sslDigests.c index 5377efdd..9531f5b9 100644 --- a/libsecurity_ssl/lib/sslDigests.c +++ b/libsecurity_ssl/lib/sslDigests.c @@ -25,14 +25,9 @@ * sslDigests.c - Interface between SSL and SHA, MD5 digest implementations */ -#include "sslContext.h" -#include "cryptType.h" #include "sslMemory.h" #include "sslDigests.h" -#include "sslDebug.h" - -#include -#include +#include #define DIGEST_PRINT 0 #if DIGEST_PRINT @@ -41,25 +36,6 @@ #define dgprintf(s) #endif -const UInt8 SSLMACPad1[MAX_MAC_PADDING] = -{ - 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, - 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, - 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, - 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, - 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, - 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36 -}; - -const UInt8 SSLMACPad2[MAX_MAC_PADDING] = -{ - 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C, - 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C, - 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C, - 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C, - 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C, - 0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C,0x5C -}; /* * Public general hash functions @@ -71,13 +47,12 @@ const UInt8 SSLMACPad2[MAX_MAC_PADDING] = */ OSStatus CloneHashState( - const HashReference *ref, - const SSLBuffer *state, - SSLBuffer *newState, - SSLContext *ctx) -{ + const HashReference *ref, + const SSLBuffer *state, + SSLBuffer *newState) +{ OSStatus err; - if ((err = SSLAllocBuffer(newState, ref->contextSize, ctx)) != 0) + if ((err = SSLAllocBuffer(newState, ref->contextSize))) return err; return ref->clone(state, newState); } @@ -86,326 +61,28 @@ CloneHashState( * Wrapper for HashReference.init. */ OSStatus -ReadyHash(const HashReference *ref, SSLBuffer *state, SSLContext *ctx) -{ +ReadyHash(const HashReference *ref, SSLBuffer *state) +{ OSStatus err; - if ((err = SSLAllocBuffer(state, ref->contextSize, ctx)) != 0) + if ((err = SSLAllocBuffer(state, ref->contextSize))) return err; - return ref->init(state, ctx); + return ref->init(state); } /* * Wrapper for HashReference.close. Tolerates NULL state and frees it if it's * there. */ -OSStatus CloseHash(const HashReference *ref, SSLBuffer *state, SSLContext *ctx) +OSStatus CloseHash(const HashReference *ref, SSLBuffer *state) { OSStatus serr; if(state->data == NULL) { - return noErr; + return errSecSuccess; } - serr = ref->close(state, ctx); + serr = ref->close(state); if(serr) { return serr; } - return SSLFreeBuffer(state, ctx); -} - - -/*** NULL ***/ -static OSStatus HashNullInit(SSLBuffer *digestCtx, SSLContext *sslCtx) { - return noErr; -} -static OSStatus HashNullUpdate(SSLBuffer *digestCtx, const SSLBuffer *data) { - return noErr; -} -static OSStatus HashNullFinal(SSLBuffer *digestCtx, SSLBuffer *digest) { - return noErr; -} -static OSStatus HashNullClose(SSLBuffer *digestCtx, SSLContext *sslCtx) { - return noErr; -} -static OSStatus HashNullClone(const SSLBuffer *src, SSLBuffer *dest) { - return noErr; -} - -/*** MD5 ***/ -static OSStatus HashMD5Init(SSLBuffer *digestCtx, SSLContext *sslCtx) -{ - assert(digestCtx->length >= sizeof(CC_MD5_CTX)); - CC_MD5_CTX *ctx = (CC_MD5_CTX *)digestCtx->data; - CC_MD5_Init(ctx); - dgprintf(("###HashMD5Init ctx %p\n", ctx)); - return noErr; -} - -static OSStatus HashMD5Update(SSLBuffer *digestCtx, const SSLBuffer *data) -{ - /* 64 bits cast: safe, SSL records are always smaller than 2^32 bytes */ - assert(digestCtx->length >= sizeof(CC_MD5_CTX)); - CC_MD5_CTX *ctx = (CC_MD5_CTX *)digestCtx->data; - CC_MD5_Update(ctx, data->data, (CC_LONG)data->length); - return noErr; -} - -static OSStatus HashMD5Final(SSLBuffer *digestCtx, SSLBuffer *digest) -{ - assert(digestCtx->length >= sizeof(CC_MD5_CTX)); - CC_MD5_CTX *ctx = (CC_MD5_CTX *)digestCtx->data; - dgprintf(("###HashMD5Final ctx %p\n", ctx)); - assert(digest->length >= CC_MD5_DIGEST_LENGTH); - //if (digest->length < CC_MD5_DIGEST_LENGTH) - // return errSSLCrypto; - CC_MD5_Final(digest->data, ctx); - digest->length = CC_MD5_DIGEST_LENGTH; - return noErr; -} - -static OSStatus HashMD5Close(SSLBuffer *digestCtx, SSLContext *sslCtx) -{ - assert(digestCtx->length >= sizeof(CC_MD5_CTX)); - return noErr; -} - -static OSStatus HashMD5Clone(const SSLBuffer *src, SSLBuffer *dst) -{ - CC_MD5_CTX *srcCtx; - CC_MD5_CTX *dstCtx; - - assert(src->length >= sizeof(CC_MD5_CTX)); - assert(dst->length >= sizeof(CC_MD5_CTX)); - - srcCtx = (CC_MD5_CTX *)src->data; - dstCtx = (CC_MD5_CTX *)dst->data; - dgprintf(("###HashMD5Clone srcCtx %p dstCtx %p\n", srcCtx, dstCtx)); - - memcpy(dstCtx, srcCtx, sizeof(CC_MD5_CTX)); - return noErr; -} - -/*** SHA1 ***/ -static OSStatus HashSHA1Init(SSLBuffer *digestCtx, SSLContext *sslCtx) -{ - assert(digestCtx->length >= sizeof(CC_SHA1_CTX)); - CC_SHA1_CTX *ctx = (CC_SHA1_CTX *)digestCtx->data; - CC_SHA1_Init(ctx); - dgprintf(("###HashSHA1Init ctx %p\n", ctx)); - return noErr; -} - -static OSStatus HashSHA1Update(SSLBuffer *digestCtx, const SSLBuffer *data) -{ - /* 64 bits cast: safe, SSL records are always smaller than 2^32 bytes */ - assert(digestCtx->length >= sizeof(CC_SHA1_CTX)); - CC_SHA1_CTX *ctx = (CC_SHA1_CTX *)digestCtx->data; - CC_SHA1_Update(ctx, data->data, (CC_LONG)data->length); - return noErr; -} - -static OSStatus HashSHA1Final(SSLBuffer *digestCtx, SSLBuffer *digest) -{ - assert(digestCtx->length >= sizeof(CC_SHA1_CTX)); - CC_SHA1_CTX *ctx = (CC_SHA1_CTX *)digestCtx->data; - dgprintf(("###HashSHA1Final ctx %p\n", ctx)); - assert(digest->length >= CC_SHA1_DIGEST_LENGTH); - //if (digest->length < CC_SHA1_DIGEST_LENGTH) - // return errSSLCrypto; - CC_SHA1_Final(digest->data, ctx); - digest->length = CC_SHA1_DIGEST_LENGTH; - return noErr; -} - -static OSStatus HashSHA1Close(SSLBuffer *digestCtx, SSLContext *sslCtx) -{ - assert(digestCtx->length >= sizeof(CC_SHA1_CTX)); - return noErr; -} - -static OSStatus HashSHA1Clone(const SSLBuffer *src, SSLBuffer *dst) -{ - CC_SHA1_CTX *srcCtx; - CC_SHA1_CTX *dstCtx; - - assert(src->length >= sizeof(CC_SHA1_CTX)); - assert(dst->length >= sizeof(CC_SHA1_CTX)); - - srcCtx = (CC_SHA1_CTX *)src->data; - dstCtx = (CC_SHA1_CTX *)dst->data; - dgprintf(("###HashSHA1Clone srcCtx %p dstCtx %p\n", srcCtx, dstCtx)); - - memcpy(dstCtx, srcCtx, sizeof(CC_SHA1_CTX)); - return noErr; -} - -/*** SHA256 ***/ -static OSStatus HashSHA256Init(SSLBuffer *digestCtx, SSLContext *sslCtx) -{ - assert(digestCtx->length >= sizeof(CC_SHA256_CTX)); - CC_SHA256_CTX *ctx = (CC_SHA256_CTX *)digestCtx->data; - CC_SHA256_Init(ctx); - dgprintf(("###HashSHA256Init ctx %p\n", ctx)); - return noErr; -} - -static OSStatus HashSHA256Update(SSLBuffer *digestCtx, const SSLBuffer *data) -{ - /* 64 bits cast: safe, SSL records are always smaller than 2^32 bytes */ - assert(digestCtx->length >= sizeof(CC_SHA256_CTX)); - CC_SHA256_CTX *ctx = (CC_SHA256_CTX *)digestCtx->data; - CC_SHA256_Update(ctx, data->data, (CC_LONG)data->length); - return noErr; -} - -static OSStatus HashSHA256Final(SSLBuffer *digestCtx, SSLBuffer *digest) -{ - assert(digestCtx->length >= sizeof(CC_SHA256_CTX)); - CC_SHA256_CTX *ctx = (CC_SHA256_CTX *)digestCtx->data; - dgprintf(("###HashSHA256Final ctx %p\n", ctx)); - assert(digest->length >= CC_SHA256_DIGEST_LENGTH); - //if (digest->length < CC_SHA256_DIGEST_LENGTH) - // return errSSLCrypto; - CC_SHA256_Final(digest->data, ctx); - digest->length = CC_SHA256_DIGEST_LENGTH; - return noErr; -} - -static OSStatus HashSHA256Close(SSLBuffer *digestCtx, SSLContext *sslCtx) -{ - assert(digestCtx->length >= sizeof(CC_SHA256_CTX)); - return noErr; -} - -static OSStatus HashSHA256Clone(const SSLBuffer *src, SSLBuffer *dst) -{ - CC_SHA256_CTX *srcCtx; - CC_SHA256_CTX *dstCtx; - - assert(src->length >= sizeof(CC_SHA256_CTX)); - assert(dst->length >= sizeof(CC_SHA256_CTX)); - - srcCtx = (CC_SHA256_CTX *)src->data; - dstCtx = (CC_SHA256_CTX *)dst->data; - dgprintf(("###HashSHA256Clone srcCtx %p dstCtx %p\n", srcCtx, dstCtx)); - - memcpy(dstCtx, srcCtx, sizeof(CC_SHA256_CTX)); - return noErr; -} - -/*** SHA384 ***/ -static OSStatus HashSHA384Init(SSLBuffer *digestCtx, SSLContext *sslCtx) -{ - assert(digestCtx->length >= sizeof(CC_SHA512_CTX)); - CC_SHA512_CTX *ctx = (CC_SHA512_CTX *)digestCtx->data; - CC_SHA384_Init(ctx); - dgprintf(("###HashSHA384Init ctx %p\n", ctx)); - return noErr; -} - -static OSStatus HashSHA384Update(SSLBuffer *digestCtx, const SSLBuffer *data) -{ - /* 64 bits cast: safe, SSL records are always smaller than 2^32 bytes */ - assert(digestCtx->length >= sizeof(CC_SHA512_CTX)); - CC_SHA512_CTX *ctx = (CC_SHA512_CTX *)digestCtx->data; - CC_SHA384_Update(ctx, data->data, (CC_LONG)data->length); - return noErr; -} - -static OSStatus HashSHA384Final(SSLBuffer *digestCtx, SSLBuffer *digest) -{ - assert(digestCtx->length >= sizeof(CC_SHA512_CTX)); - CC_SHA512_CTX *ctx = (CC_SHA512_CTX *)digestCtx->data; - dgprintf(("###HashSHA384Final ctx %p\n", ctx)); - assert(digest->length >= CC_SHA384_DIGEST_LENGTH); - //if (digest->length < CC_SHA384_DIGEST_LENGTH) - // return errSSLCrypto; - CC_SHA384_Final(digest->data, ctx); - digest->length = CC_SHA384_DIGEST_LENGTH; - return noErr; -} - -static OSStatus HashSHA384Close(SSLBuffer *digestCtx, SSLContext *sslCtx) -{ - assert(digestCtx->length >= sizeof(CC_SHA512_CTX)); - return noErr; + return SSLFreeBuffer(state); } - -static OSStatus HashSHA384Clone(const SSLBuffer *src, SSLBuffer *dst) -{ - CC_SHA512_CTX *srcCtx; - CC_SHA512_CTX *dstCtx; - - assert(src->length >= sizeof(CC_SHA512_CTX)); - assert(dst->length >= sizeof(CC_SHA512_CTX)); - - srcCtx = (CC_SHA512_CTX *)src->data; - dstCtx = (CC_SHA512_CTX *)dst->data; - dgprintf(("###HashSHA384Clone srcCtx %p dstCtx %p\n", srcCtx, dstCtx)); - - memcpy(dstCtx, srcCtx, sizeof(CC_SHA512_CTX)); - return noErr; -} - -/* - * These are the handles by which the bulk of digesting work - * is done. - */ -const HashReference SSLHashNull = - { - 0, - 0, - 0, - HashNullInit, - HashNullUpdate, - HashNullFinal, - HashNullClose, - HashNullClone - }; - -const HashReference SSLHashMD5 = - { - sizeof(CC_MD5_CTX), - CC_MD5_DIGEST_LENGTH, - 48, - HashMD5Init, - HashMD5Update, - HashMD5Final, - HashMD5Close, - HashMD5Clone - }; - -const HashReference SSLHashSHA1 = - { - sizeof(CC_SHA1_CTX), - CC_SHA1_DIGEST_LENGTH, - 40, - HashSHA1Init, - HashSHA1Update, - HashSHA1Final, - HashSHA1Close, - HashSHA1Clone - }; - -const HashReference SSLHashSHA256 = - { - sizeof(CC_SHA256_CTX), - CC_SHA256_DIGEST_LENGTH, - CC_SHA256_BLOCK_BYTES, - HashSHA256Init, - HashSHA256Update, - HashSHA256Final, - HashSHA256Close, - HashSHA256Clone - }; - -const HashReference SSLHashSHA384 = - { - sizeof(CC_SHA512_CTX), - CC_SHA384_DIGEST_LENGTH, - CC_SHA384_BLOCK_BYTES, - HashSHA384Init, - HashSHA384Update, - HashSHA384Final, - HashSHA384Close, - HashSHA384Clone - };