1 /* sys-crypto-md.h - message digest (MD) wrapper
2 *
3 * message digest (MD) algorithms are not necessarily cryptographically secure
4 * (often provided by crypto libraries, hence this file named sys-crypto-md.h)
5 *
6 * Copyright(c) 2020 Glenn Strauss gstrauss()gluelogic.com All rights reserved
7 * License: BSD 3-clause (same as lighttpd)
8 */
9 #ifndef LI_SYS_CRYPTO_MD_H
10 #define LI_SYS_CRYPTO_MD_H
11 #include "first.h"
12
13 #include "sys-crypto.h" /* USE_LIB_CRYPTO */
14 #ifdef USE_LIB_CRYPTO
15
16 #if defined(USE_NETTLE_CRYPTO)
17
18 #include <nettle/md4.h>
19 #include <nettle/md5.h>
20 #include <nettle/sha.h>
21
22 #define USE_LIB_CRYPTO_MD4
23 typedef struct md4_ctx MD4_CTX;
24 static inline int
MD4_Init(MD4_CTX * ctx)25 MD4_Init(MD4_CTX *ctx)
26 {
27 nettle_md4_init(ctx);
28 return 1;
29 }
30 static inline int
MD4_Final(unsigned char * digest,MD4_CTX * ctx)31 MD4_Final(unsigned char *digest, MD4_CTX *ctx)
32 {
33 nettle_md4_digest(ctx, MD4_DIGEST_SIZE, digest);
34 return 1;
35 }
36 static inline int
MD4_Update(MD4_CTX * ctx,const void * data,size_t length)37 MD4_Update(MD4_CTX *ctx, const void *data, size_t length)
38 {
39 nettle_md4_update(ctx, length, data);
40 return 1;
41 }
42
43 #define USE_LIB_CRYPTO_MD5
44 typedef struct md5_ctx MD5_CTX;
45 static inline int
MD5_Init(MD5_CTX * ctx)46 MD5_Init(MD5_CTX *ctx)
47 {
48 nettle_md5_init(ctx);
49 return 1;
50 }
51 static inline int
MD5_Final(unsigned char * digest,MD5_CTX * ctx)52 MD5_Final(unsigned char *digest, MD5_CTX *ctx)
53 {
54 nettle_md5_digest(ctx, MD5_DIGEST_SIZE, digest);
55 return 1;
56 }
57 static inline int
MD5_Update(MD5_CTX * ctx,const void * data,size_t length)58 MD5_Update(MD5_CTX *ctx, const void *data, size_t length)
59 {
60 nettle_md5_update(ctx, length, data);
61 return 1;
62 }
63
64 #define USE_LIB_CRYPTO_SHA1
65 typedef struct sha1_ctx SHA_CTX;
66 static inline int
SHA1_Init(SHA_CTX * ctx)67 SHA1_Init(SHA_CTX *ctx)
68 {
69 nettle_sha1_init(ctx);
70 return 1;
71 }
72 static inline int
SHA1_Final(unsigned char * digest,SHA_CTX * ctx)73 SHA1_Final(unsigned char *digest, SHA_CTX *ctx)
74 {
75 nettle_sha1_digest(ctx, SHA1_DIGEST_SIZE, digest);
76 return 1;
77 }
78 static inline int
SHA1_Update(SHA_CTX * ctx,const void * data,size_t length)79 SHA1_Update(SHA_CTX *ctx, const void *data, size_t length)
80 {
81 nettle_sha1_update(ctx, length, data);
82 return 1;
83 }
84
85 #define USE_LIB_CRYPTO_SHA256
86 typedef struct sha256_ctx SHA256_CTX;
87 static inline int
SHA256_Init(SHA256_CTX * ctx)88 SHA256_Init(SHA256_CTX *ctx)
89 {
90 nettle_sha256_init(ctx);
91 return 1;
92 }
93 static inline int
SHA256_Final(unsigned char * digest,SHA256_CTX * ctx)94 SHA256_Final(unsigned char *digest, SHA256_CTX *ctx)
95 {
96 nettle_sha256_digest(ctx, SHA256_DIGEST_SIZE, digest);
97 return 1;
98 }
99 static inline int
SHA256_Update(SHA256_CTX * ctx,const void * data,size_t length)100 SHA256_Update(SHA256_CTX *ctx, const void *data, size_t length)
101 {
102 nettle_sha256_update(ctx, length, data);
103 return 1;
104 }
105
106 #define USE_LIB_CRYPTO_SHA512_256
107 #define SHA512_256_CTX SHA512_CTX
108 /*(nettle/sha2.h: #define sha512_256_ctx sha512_ctx)*/
109 /*typedef struct sha512_256_ctx SHA512_CTX;*/ /*(yes, SHA512_CTX)*/
110 typedef struct sha512_ctx SHA512_CTX;
111 static inline int
SHA512_256_Init(SHA512_CTX * ctx)112 SHA512_256_Init(SHA512_CTX *ctx)
113 {
114 nettle_sha512_256_init(ctx);
115 return 1;
116 }
117 static inline int
SHA512_256_Final(unsigned char * digest,SHA512_CTX * ctx)118 SHA512_256_Final(unsigned char *digest, SHA512_CTX *ctx)
119 {
120 nettle_sha512_256_digest(ctx, SHA256_DIGEST_SIZE, digest);
121 return 1;
122 }
123 static inline int
SHA512_256_Update(SHA512_CTX * ctx,const void * data,size_t length)124 SHA512_256_Update(SHA512_CTX *ctx, const void *data, size_t length)
125 {
126 nettle_sha512_update(ctx, length, data); /*(yes, nettle_sha512_update())*/
127 return 1;
128 }
129
130 #define USE_LIB_CRYPTO_SHA512
131 /*typedef struct sha512_ctx SHA512_CTX;*//*(defined above)*/
132 static inline int
SHA512_Init(SHA512_CTX * ctx)133 SHA512_Init(SHA512_CTX *ctx)
134 {
135 nettle_sha512_init(ctx);
136 return 1;
137 }
138 static inline int
SHA512_Final(unsigned char * digest,SHA512_CTX * ctx)139 SHA512_Final(unsigned char *digest, SHA512_CTX *ctx)
140 {
141 nettle_sha512_digest(ctx, SHA512_DIGEST_SIZE, digest);
142 return 1;
143 }
144 static inline int
SHA512_Update(SHA512_CTX * ctx,const void * data,size_t length)145 SHA512_Update(SHA512_CTX *ctx, const void *data, size_t length)
146 {
147 nettle_sha512_update(ctx, length, data);
148 return 1;
149 }
150
151 #elif defined(USE_MBEDTLS_CRYPTO)
152
153 #include <mbedtls/version.h>
154 /*#include <mbedtls/compat-2.x.h>*//*(func renames ifdef'd below)*/
155
156 #ifdef MBEDTLS_MD4_C
157 #define USE_LIB_CRYPTO_MD4
158 #include <mbedtls/md4.h>
159 typedef struct mbedtls_md4_context MD4_CTX;
160 static inline int
MD4_Init(MD4_CTX * ctx)161 MD4_Init(MD4_CTX *ctx)
162 {
163 mbedtls_md4_init(ctx);
164 return (0 == mbedtls_md4_starts_ret(ctx));
165 }
166 static inline int
MD4_Final(unsigned char * digest,MD4_CTX * ctx)167 MD4_Final(unsigned char *digest, MD4_CTX *ctx)
168 {
169 int rc = mbedtls_md4_finish_ret(ctx, digest);
170 mbedtls_md4_free(ctx);
171 return (0 == rc);
172 }
173 static inline int
MD4_Update(MD4_CTX * ctx,const void * data,size_t length)174 MD4_Update(MD4_CTX *ctx, const void *data, size_t length)
175 {
176 return (0 == mbedtls_md4_update_ret(ctx, data, length));
177 }
178 #endif
179
180 #ifdef MBEDTLS_MD5_C
181 #define USE_LIB_CRYPTO_MD5
182 #include <mbedtls/md5.h>
183 typedef struct mbedtls_md5_context MD5_CTX;
184 static inline int
MD5_Init(MD5_CTX * ctx)185 MD5_Init(MD5_CTX *ctx)
186 {
187 mbedtls_md5_init(ctx);
188 #if MBEDTLS_VERSION_MAJOR >= 3
189 return (0 == mbedtls_md5_starts(ctx));
190 #else
191 return (0 == mbedtls_md5_starts_ret(ctx));
192 #endif
193 }
194 static inline int
MD5_Final(unsigned char * digest,MD5_CTX * ctx)195 MD5_Final(unsigned char *digest, MD5_CTX *ctx)
196 {
197 #if MBEDTLS_VERSION_MAJOR >= 3
198 int rc = mbedtls_md5_finish(ctx, digest);
199 #else
200 int rc = mbedtls_md5_finish_ret(ctx, digest);
201 #endif
202 mbedtls_md5_free(ctx);
203 return (0 == rc);
204 }
205 static inline int
MD5_Update(MD5_CTX * ctx,const void * data,size_t length)206 MD5_Update(MD5_CTX *ctx, const void *data, size_t length)
207 {
208 #if MBEDTLS_VERSION_MAJOR >= 3
209 return (0 == mbedtls_md5_update(ctx, data, length));
210 #else
211 return (0 == mbedtls_md5_update_ret(ctx, data, length));
212 #endif
213 }
214 #endif
215
216 #ifdef MBEDTLS_SHA1_C
217 #define USE_LIB_CRYPTO_SHA1
218 #include <mbedtls/sha1.h>
219 typedef struct mbedtls_sha1_context SHA_CTX;
220 static inline int
SHA1_Init(SHA_CTX * ctx)221 SHA1_Init(SHA_CTX *ctx)
222 {
223 mbedtls_sha1_init(ctx);
224 #if MBEDTLS_VERSION_MAJOR >= 3
225 return (0 == mbedtls_sha1_starts(ctx));
226 #else
227 return (0 == mbedtls_sha1_starts_ret(ctx));
228 #endif
229 }
230 static inline int
SHA1_Final(unsigned char * digest,SHA_CTX * ctx)231 SHA1_Final(unsigned char *digest, SHA_CTX *ctx)
232 {
233 #if MBEDTLS_VERSION_MAJOR >= 3
234 int rc = mbedtls_sha1_finish(ctx, digest);
235 #else
236 int rc = mbedtls_sha1_finish_ret(ctx, digest);
237 #endif
238 mbedtls_sha1_free(ctx);
239 return (0 == rc);
240 }
241 static inline int
SHA1_Update(SHA_CTX * ctx,const void * data,size_t length)242 SHA1_Update(SHA_CTX *ctx, const void *data, size_t length)
243 {
244 #if MBEDTLS_VERSION_MAJOR >= 3
245 return (0 == mbedtls_sha1_update(ctx, data, length));
246 #else
247 return (0 == mbedtls_sha1_update_ret(ctx, data, length));
248 #endif
249 }
250 #endif
251
252 #ifdef MBEDTLS_SHA256_C
253 #define USE_LIB_CRYPTO_SHA256
254 #include <mbedtls/sha256.h>
255 typedef struct mbedtls_sha256_context SHA256_CTX;
256 static inline int
SHA256_Init(SHA256_CTX * ctx)257 SHA256_Init(SHA256_CTX *ctx)
258 {
259 mbedtls_sha256_init(ctx);
260 #if MBEDTLS_VERSION_MAJOR >= 3
261 return (0 == mbedtls_sha256_starts(ctx, 0));
262 #else
263 return (0 == mbedtls_sha256_starts_ret(ctx, 0));
264 #endif
265 }
266 static inline int
SHA256_Final(unsigned char * digest,SHA256_CTX * ctx)267 SHA256_Final(unsigned char *digest, SHA256_CTX *ctx)
268 {
269 #if MBEDTLS_VERSION_MAJOR >= 3
270 int rc = mbedtls_sha256_finish(ctx, digest);
271 #else
272 int rc = mbedtls_sha256_finish_ret(ctx, digest);
273 #endif
274 mbedtls_sha256_free(ctx);
275 return (0 == rc);
276 }
277 static inline int
SHA256_Update(SHA256_CTX * ctx,const void * data,size_t length)278 SHA256_Update(SHA256_CTX *ctx, const void *data, size_t length)
279 {
280 #if MBEDTLS_VERSION_MAJOR >= 3
281 return (0 == mbedtls_sha256_update(ctx, data, length));
282 #else
283 return (0 == mbedtls_sha256_update_ret(ctx, data, length));
284 #endif
285 }
286 #endif
287
288 #ifdef MBEDTLS_SHA512_C
289 #define USE_LIB_CRYPTO_SHA512
290 #include <mbedtls/sha512.h>
291 typedef struct mbedtls_sha512_context SHA512_CTX;
292 static inline int
SHA512_Init(SHA512_CTX * ctx)293 SHA512_Init(SHA512_CTX *ctx)
294 {
295 mbedtls_sha512_init(ctx);
296 #if MBEDTLS_VERSION_MAJOR >= 3
297 return (0 == mbedtls_sha512_starts(ctx, 0));
298 #else
299 return (0 == mbedtls_sha512_starts_ret(ctx, 0));
300 #endif
301 }
302 static inline int
SHA512_Final(unsigned char * digest,SHA512_CTX * ctx)303 SHA512_Final(unsigned char *digest, SHA512_CTX *ctx)
304 {
305 #if MBEDTLS_VERSION_MAJOR >= 3
306 int rc = mbedtls_sha512_finish(ctx, digest);
307 #else
308 int rc = mbedtls_sha512_finish_ret(ctx, digest);
309 #endif
310 mbedtls_sha512_free(ctx);
311 return (0 == rc);
312 }
313 static inline int
SHA512_Update(SHA512_CTX * ctx,const void * data,size_t length)314 SHA512_Update(SHA512_CTX *ctx, const void *data, size_t length)
315 {
316 #if MBEDTLS_VERSION_MAJOR >= 3
317 return (0 == mbedtls_sha512_update(ctx, data, length));
318 #else
319 return (0 == mbedtls_sha512_update_ret(ctx, data, length));
320 #endif
321 }
322 #endif
323
324 #elif defined(USE_WOLFSSL_CRYPTO)
325
326 /* WolfSSL compatibility API for OpenSSL unnecessarily bounces through an extra
327 * layer of indirection. However, to avoid conflicting typedefs when includers
328 * also include headers from the WolfSSL compatibility API for OpenSSL, we
329 * include those headers here, as well, and use the compatibility API typedefs.
330 * (undef of OPENSSL_EXTRA and NO_OLD_WC_NAMES not sufficient, and not friendly
331 * to do in a header when others might rely on them) */
332
333 /* workaround fragile code in wolfssl/wolfcrypto/types.h */
334 #if !defined(SIZEOF_LONG) || !defined(SIZEOF_LONG_LONG)
335 #undef SIZEOF_LONG
336 #undef SIZEOF_LONG_LONG
337 #endif
338
339 #include <wolfssl/options.h> /* wolfssl NO_* macros */
340
341 #ifndef NO_MD4
342 #include <wolfssl/wolfcrypt/md4.h>
343 #include <wolfssl/openssl/md4.h>
344 #undef MD4_Init
345 #undef MD4_Final
346 #undef MD4_Update
347 #define USE_LIB_CRYPTO_MD4
348 /*typedef Md4 MD4_CTX;*/
349 static inline int
MD4_Init(MD4_CTX * ctx)350 MD4_Init(MD4_CTX *ctx)
351 {
352 wc_InitMd4((Md4 *)ctx);
353 return 1;
354 }
355 static inline int
MD4_Final(unsigned char * digest,MD4_CTX * ctx)356 MD4_Final(unsigned char *digest, MD4_CTX *ctx)
357 {
358 wc_Md4Final((Md4 *)ctx, digest);
359 return 1;
360 }
361 static inline int
MD4_Update(MD4_CTX * ctx,const void * data,size_t length)362 MD4_Update(MD4_CTX *ctx, const void *data, size_t length)
363 {
364 wc_Md4Update((Md4 *)ctx, data, length);
365 return 1;
366 }
367 #endif
368
369 #ifndef NO_MD5
370 #include <wolfssl/wolfcrypt/md5.h>
371 #include <wolfssl/openssl/md5.h>
372 #undef MD5_Init
373 #undef MD5_Final
374 #undef MD5_Update
375 #define USE_LIB_CRYPTO_MD5
376 /*typedef wc_Md5 MD5_CTX;*/
377 static inline int
MD5_Init(MD5_CTX * ctx)378 MD5_Init(MD5_CTX *ctx)
379 {
380 return (0 == wc_InitMd5((wc_Md5 *)ctx));
381 }
382 static inline int
MD5_Final(unsigned char * digest,MD5_CTX * ctx)383 MD5_Final(unsigned char *digest, MD5_CTX *ctx)
384 {
385 return (0 == wc_Md5Final((wc_Md5 *)ctx, digest));
386 }
387 static inline int
MD5_Update(MD5_CTX * ctx,const void * data,size_t length)388 MD5_Update(MD5_CTX *ctx, const void *data, size_t length)
389 {
390 wc_Md5Update((wc_Md5 *)ctx, data, length);
391 return 1;
392 }
393 #endif
394
395 #ifndef NO_SHA
396 #include <wolfssl/wolfcrypt/sha.h>
397 #include <wolfssl/openssl/sha.h>
398 #undef SHA1_Init
399 #undef SHA1_Final
400 #undef SHA1_Update
401 #define USE_LIB_CRYPTO_SHA1
402 /*typedef wc_Sha SHA_CTX;*/
403 static inline int
SHA1_Init(SHA_CTX * ctx)404 SHA1_Init(SHA_CTX *ctx)
405 {
406 return (0 == wc_InitSha((wc_Sha *)ctx));
407 }
408 static inline int
SHA1_Final(unsigned char * digest,SHA_CTX * ctx)409 SHA1_Final(unsigned char *digest, SHA_CTX *ctx)
410 {
411 return (0 == wc_ShaFinal((wc_Sha *)ctx, digest));
412 }
413 static inline int
SHA1_Update(SHA_CTX * ctx,const void * data,size_t length)414 SHA1_Update(SHA_CTX *ctx, const void *data, size_t length)
415 {
416 wc_ShaUpdate((wc_Sha *)ctx, data, length);
417 return 1;
418 }
419 #endif
420
421 #ifndef NO_SHA256
422 #include <wolfssl/wolfcrypt/sha256.h>
423 #include <wolfssl/openssl/sha.h>
424 #undef SHA256_Init
425 #undef SHA256_Final
426 #undef SHA256_Update
427 #define USE_LIB_CRYPTO_SHA256
428 /*typedef wc_Sha256 SHA256_CTX;*/
429 static inline int
SHA256_Init(SHA256_CTX * ctx)430 SHA256_Init(SHA256_CTX *ctx)
431 {
432 return (0 == wc_InitSha256((wc_Sha256 *)ctx));
433 }
434 static inline int
SHA256_Final(unsigned char * digest,SHA256_CTX * ctx)435 SHA256_Final(unsigned char *digest, SHA256_CTX *ctx)
436 {
437 return (0 == wc_Sha256Final((wc_Sha256 *)ctx, digest));
438 }
439 static inline int
SHA256_Update(SHA256_CTX * ctx,const void * data,size_t length)440 SHA256_Update(SHA256_CTX *ctx, const void *data, size_t length)
441 {
442 wc_Sha256Update((wc_Sha256 *)ctx, data, length);
443 return 1;
444 }
445 #endif
446
447 #ifndef NO_SHA512
448 #ifdef WOLFSSL_SHA512
449 #include <wolfssl/wolfcrypt/sha512.h>
450 #include <wolfssl/openssl/sha.h>
451 #undef SHA512_Init
452 #undef SHA512_Final
453 #undef SHA512_Update
454 #define USE_LIB_CRYPTO_SHA512
455 /*typedef wc_Sha512 SHA512_CTX;*/
456 static inline int
SHA512_Init(SHA512_CTX * ctx)457 SHA512_Init(SHA512_CTX *ctx)
458 {
459 return (0 == wc_InitSha512((wc_Sha512 *)ctx));
460 }
461 static inline int
SHA512_Final(unsigned char * digest,SHA512_CTX * ctx)462 SHA512_Final(unsigned char *digest, SHA512_CTX *ctx)
463 {
464 return (0 == wc_Sha512Final((wc_Sha512 *)ctx, digest));
465 }
466 static inline int
SHA512_Update(SHA512_CTX * ctx,const void * data,size_t length)467 SHA512_Update(SHA512_CTX *ctx, const void *data, size_t length)
468 {
469 wc_Sha512Update((wc_Sha512 *)ctx, data, length);
470 return 1;
471 }
472 #endif
473 #endif
474
475 #elif defined(USE_OPENSSL_CRYPTO)
476
477 #include <openssl/md4.h>
478 #include <openssl/md5.h>
479 #include <openssl/sha.h>
480 #ifndef OPENSSL_NO_MD4
481 #define USE_LIB_CRYPTO_MD4
482 #endif
483 #ifndef OPENSSL_NO_MD5
484 #define USE_LIB_CRYPTO_MD5
485 #endif
486 #define USE_LIB_CRYPTO_SHA1
487 #define USE_LIB_CRYPTO_SHA256
488 #ifdef SHA512_256_DIGEST_LENGTH
489 #define USE_LIB_CRYPTO_SHA512_256
490 #endif
491 #ifdef SHA512_DIGEST_LENGTH
492 #define USE_LIB_CRYPTO_SHA512
493 #endif
494
495 #include <openssl/opensslv.h>
496 #ifdef BORINGSSL_API_VERSION
497 typedef SHA512_CTX SHA512_256_CTX;
498 #endif
499 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
500 #include <openssl/evp.h>
501
502 #ifdef USE_LIB_CRYPTO_MD4
503 #define MD4_CTX EVP_MD4_CTX
504 #define MD4_Init EVP_MD4_Init
505 #define MD4_Final EVP_MD4_Final
506 #define MD4_Update EVP_MD4_Update
507 typedef EVP_MD_CTX * MD4_CTX;
508 static inline int
EVP_MD4_Init(EVP_MD4_CTX * ctx)509 EVP_MD4_Init(EVP_MD4_CTX *ctx)
510 {
511 return ((*ctx = EVP_MD_CTX_new()) != NULL
512 && 1 == EVP_DigestInit_ex(*ctx, EVP_md4(), NULL));
513 }
514 static inline int
EVP_MD4_Final(unsigned char * digest,EVP_MD4_CTX * ctx)515 EVP_MD4_Final(unsigned char *digest, EVP_MD4_CTX *ctx)
516 {
517 /* MD4_DIGEST_LENGTH; EVP_MD_size(EVP_md4()) */
518 int rc = EVP_DigestFinal_ex(*ctx, digest, NULL);
519 EVP_MD_CTX_free(*ctx);
520 return (1 == rc);
521 }
522 static inline int
EVP_MD4_Update(EVP_MD4_CTX * ctx,const void * data,size_t length)523 EVP_MD4_Update(EVP_MD4_CTX *ctx, const void *data, size_t length)
524 {
525 return (1 == EVP_DigestUpdate(*ctx, data, length));
526 }
527 #endif
528
529 #ifdef USE_LIB_CRYPTO_MD5
530 #define MD5_CTX EVP_MD5_CTX
531 #define MD5_Init EVP_MD5_Init
532 #define MD5_Final EVP_MD5_Final
533 #define MD5_Update EVP_MD5_Update
534 typedef EVP_MD_CTX * EVP_MD5_CTX;
535 static inline int
EVP_MD5_Init(EVP_MD5_CTX * ctx)536 EVP_MD5_Init(EVP_MD5_CTX *ctx)
537 {
538 return ((*ctx = EVP_MD_CTX_new()) != NULL
539 && 1 == EVP_DigestInit_ex(*ctx, EVP_md5(), NULL));
540 }
541 static inline int
EVP_MD5_Final(unsigned char * digest,EVP_MD5_CTX * ctx)542 EVP_MD5_Final(unsigned char *digest, EVP_MD5_CTX *ctx)
543 {
544 /* MD5_DIGEST_LENGTH; EVP_MD_size(EVP_md5()) */
545 int rc = EVP_DigestFinal_ex(*ctx, digest, NULL);
546 EVP_MD_CTX_free(*ctx);
547 return (1 == rc);
548 }
549 static inline int
EVP_MD5_Update(EVP_MD5_CTX * ctx,const void * data,size_t length)550 EVP_MD5_Update(EVP_MD5_CTX *ctx, const void *data, size_t length)
551 {
552 return (1 == EVP_DigestUpdate(*ctx, data, length));
553 }
554 #endif
555
556 #ifdef USE_LIB_CRYPTO_SHA1
557 #define SHA_CTX EVP_SHA1_CTX
558 #define SHA1_Init EVP_SHA1_Init
559 #define SHA1_Final EVP_SHA1_Final
560 #define SHA1_Update EVP_SHA1_Update
561 typedef EVP_MD_CTX * EVP_SHA1_CTX;
562 static inline int
EVP_SHA1_Init(EVP_SHA1_CTX * ctx)563 EVP_SHA1_Init(EVP_SHA1_CTX *ctx)
564 {
565 return ((*ctx = EVP_MD_CTX_new()) != NULL
566 && 1 == EVP_DigestInit_ex(*ctx, EVP_sha1(), NULL));
567 }
568 static inline int
EVP_SHA1_Final(unsigned char * digest,EVP_SHA1_CTX * ctx)569 EVP_SHA1_Final(unsigned char *digest, EVP_SHA1_CTX *ctx)
570 {
571 /* SHA_DIGEST_LENGTH; EVP_MD_size(EVP_sha1()) */
572 int rc = EVP_DigestFinal_ex(*ctx, digest, NULL);
573 EVP_MD_CTX_free(*ctx);
574 return (1 == rc);
575 }
576 static inline int
EVP_SHA1_Update(EVP_SHA1_CTX * ctx,const void * data,size_t length)577 EVP_SHA1_Update(EVP_SHA1_CTX *ctx, const void *data, size_t length)
578 {
579 return (1 == EVP_DigestUpdate(*ctx, data, length));
580 }
581 #endif
582
583 #ifdef USE_LIB_CRYPTO_SHA256
584 #define SHA256_CTX EVP_SHA256_CTX
585 #define SHA256_Init EVP_SHA256_Init
586 #define SHA256_Final EVP_SHA256_Final
587 #define SHA256_Update EVP_SHA256_Update
588 typedef EVP_MD_CTX * EVP_SHA256_CTX;
589 static inline int
EVP_SHA256_Init(EVP_SHA256_CTX * ctx)590 EVP_SHA256_Init(EVP_SHA256_CTX *ctx)
591 {
592 return ((*ctx = EVP_MD_CTX_new()) != NULL
593 && 1 == EVP_DigestInit_ex(*ctx, EVP_sha256(), NULL));
594 }
595 static inline int
EVP_SHA256_Final(unsigned char * digest,EVP_SHA256_CTX * ctx)596 EVP_SHA256_Final(unsigned char *digest, EVP_SHA256_CTX *ctx)
597 {
598 /* SHA256_DIGEST_LENGTH; EVP_MD_size(EVP_sha256()) */
599 int rc = EVP_DigestFinal_ex(*ctx, digest, NULL);
600 EVP_MD_CTX_free(*ctx);
601 return (1 == rc);
602 }
603 static inline int
EVP_SHA256_Update(EVP_SHA256_CTX * ctx,const void * data,size_t length)604 EVP_SHA256_Update(EVP_SHA256_CTX *ctx, const void *data, size_t length)
605 {
606 return (1 == EVP_DigestUpdate(*ctx, data, length));
607 }
608 #endif
609
610 #ifdef USE_LIB_CRYPTO_SHA512_256
611 #define SHA512_256_CTX EVP_SHA512_256_CTX
612 #define SHA512_256_Init EVP_SHA512_256_Init
613 #define SHA512_256_Final EVP_SHA512_256_Final
614 #define SHA512_256_Update EVP_SHA512_256_Update
615 typedef EVP_MD_CTX * EVP_SHA512_256_CTX;
616 static inline int
EVP_SHA512_256_Init(EVP_SHA512_256_CTX * ctx)617 EVP_SHA512_256_Init(EVP_SHA512_256_CTX *ctx)
618 {
619 return ((*ctx = EVP_MD_CTX_new()) != NULL
620 && 1 == EVP_DigestInit_ex(*ctx, EVP_sha512_256(), NULL));
621 }
622 static inline int
EVP_SHA512_256_Final(unsigned char * digest,EVP_SHA512_256_CTX * ctx)623 EVP_SHA512_256_Final(unsigned char *digest, EVP_SHA512_256_CTX *ctx)
624 {
625 /* SHA256_DIGEST_LENGTH; EVP_MD_size(EVP_sha512_256()) */
626 int rc = EVP_DigestFinal_ex(*ctx, digest, NULL);
627 EVP_MD_CTX_free(*ctx);
628 return (1 == rc);
629 }
630 static inline int
EVP_SHA512_256_Update(EVP_SHA512_256_CTX * ctx,const void * data,size_t length)631 EVP_SHA512_256_Update(EVP_SHA512_256_CTX *ctx, const void *data, size_t length)
632 {
633 return (1 == EVP_DigestUpdate(*ctx, data, length));
634 }
635 #endif
636
637 #ifdef USE_LIB_CRYPTO_SHA512
638 #define SHA512_CTX EVP_SHA512_CTX
639 #define SHA512_Init EVP_SHA512_Init
640 #define SHA512_Final EVP_SHA512_Final
641 #define SHA512_Update EVP_SHA512_Update
642 typedef EVP_MD_CTX * EVP_SHA512_CTX;
643 static inline int
EVP_SHA512_Init(EVP_SHA512_CTX * ctx)644 EVP_SHA512_Init(EVP_SHA512_CTX *ctx)
645 {
646 return ((*ctx = EVP_MD_CTX_new()) != NULL
647 && 1 == EVP_DigestInit_ex(*ctx, EVP_sha512(), NULL));
648 }
649 static inline int
EVP_SHA512_Final(unsigned char * digest,EVP_SHA512_CTX * ctx)650 EVP_SHA512_Final(unsigned char *digest, EVP_SHA512_CTX *ctx)
651 {
652 /* SHA512_DIGEST_LENGTH; EVP_MD_size(EVP_sha512()) */
653 int rc = EVP_DigestFinal_ex(*ctx, digest, NULL);
654 EVP_MD_CTX_free(*ctx);
655 return (1 == rc);
656 }
657 static inline int
EVP_SHA512_Update(EVP_SHA512_CTX * ctx,const void * data,size_t length)658 EVP_SHA512_Update(EVP_SHA512_CTX *ctx, const void *data, size_t length)
659 {
660 return (1 == EVP_DigestUpdate(*ctx, data, length));
661 }
662 #endif
663
664 #endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
665
666 #elif defined(USE_GNUTLS_CRYPTO)
667
668 #include <gnutls/crypto.h>
669 #include "ck.h"
670
671 #define USE_LIB_CRYPTO_MD5
672 typedef gnutls_hash_hd_t MD5_CTX;
673 static inline int
MD5_Init(MD5_CTX * ctx)674 MD5_Init(MD5_CTX *ctx)
675 {
676 if (gnutls_hash_init(ctx, GNUTLS_DIG_MD5) < 0)
677 ck_bt_abort(__FILE__, __LINE__, "aborted");
678 return 1;
679 }
680 static inline int
MD5_Final(unsigned char * digest,MD5_CTX * ctx)681 MD5_Final(unsigned char *digest, MD5_CTX *ctx)
682 {
683 gnutls_hash_deinit(*ctx, digest);
684 return 1;
685 }
686 static inline int
MD5_Update(MD5_CTX * ctx,const void * data,size_t length)687 MD5_Update(MD5_CTX *ctx, const void *data, size_t length)
688 {
689 gnutls_hash(*ctx, data, length);
690 return 1;
691 }
692
693 #define USE_LIB_CRYPTO_SHA1
694 typedef gnutls_hash_hd_t SHA_CTX;
695 static inline int
SHA1_Init(SHA_CTX * ctx)696 SHA1_Init(SHA_CTX *ctx)
697 {
698 if (gnutls_hash_init(ctx, GNUTLS_DIG_SHA1) < 0)
699 ck_bt_abort(__FILE__, __LINE__, "aborted");
700 return 1;
701 }
702 static inline int
SHA1_Final(unsigned char * digest,SHA_CTX * ctx)703 SHA1_Final(unsigned char *digest, SHA_CTX *ctx)
704 {
705 gnutls_hash_deinit(*ctx, digest);
706 return 1;
707 }
708 static inline int
SHA1_Update(SHA_CTX * ctx,const void * data,size_t length)709 SHA1_Update(SHA_CTX *ctx, const void *data, size_t length)
710 {
711 gnutls_hash(*ctx, data, length);
712 return 1;
713 }
714
715 #define USE_LIB_CRYPTO_SHA256
716 typedef gnutls_hash_hd_t SHA256_CTX;
717 static inline int
SHA256_Init(SHA256_CTX * ctx)718 SHA256_Init(SHA256_CTX *ctx)
719 {
720 if (gnutls_hash_init(ctx, GNUTLS_DIG_SHA256) < 0)
721 ck_bt_abort(__FILE__, __LINE__, "aborted");
722 return 1;
723 }
724 static inline int
SHA256_Final(unsigned char * digest,SHA256_CTX * ctx)725 SHA256_Final(unsigned char *digest, SHA256_CTX *ctx)
726 {
727 gnutls_hash_deinit(*ctx, digest);
728 return 1;
729 }
730 static inline int
SHA256_Update(SHA256_CTX * ctx,const void * data,size_t length)731 SHA256_Update(SHA256_CTX *ctx, const void *data, size_t length)
732 {
733 gnutls_hash(*ctx, data, length);
734 return 1;
735 }
736
737 #define USE_LIB_CRYPTO_SHA512
738 typedef gnutls_hash_hd_t SHA512_CTX;
739 static inline int
SHA512_Init(SHA512_CTX * ctx)740 SHA512_Init(SHA512_CTX *ctx)
741 {
742 if (gnutls_hash_init(ctx, GNUTLS_DIG_SHA512) < 0)
743 ck_bt_abort(__FILE__, __LINE__, "aborted");
744 return 1;
745 }
746 static inline int
SHA512_Final(unsigned char * digest,SHA512_CTX * ctx)747 SHA512_Final(unsigned char *digest, SHA512_CTX *ctx)
748 {
749 gnutls_hash_deinit(*ctx, digest);
750 return 1;
751 }
752 static inline int
SHA512_Update(SHA512_CTX * ctx,const void * data,size_t length)753 SHA512_Update(SHA512_CTX *ctx, const void *data, size_t length)
754 {
755 gnutls_hash(*ctx, data, length);
756 return 1;
757 }
758
759 #elif defined(USE_NSS_CRYPTO)
760
761 #ifdef __has_include
762 #if __has_include(<nss3/nss.h>)
763 #define NSS_VER_INCLUDE
764 #endif
765 #endif
766
767 /* basic algorithms fail if NSS library has not been init'd (WTH).
768 * lighttpd defers initialization of rand and crypto until first use
769 * to attempt to avoid long, blocking init at startup while waiting
770 * for sufficient system entropy to become available */
771 #ifdef NSS_VER_INCLUDE
772 #include <nss3/nss.h> /* NSS_IsInitialized() NSS_NoDB_Init() */
773 #else
774 #include <nss/nss.h> /* NSS_IsInitialized() NSS_NoDB_Init() */
775 #endif
776 #include <stdlib.h> /* abort() */
777 __attribute_cold__
778 static inline void
nss_requires_explicit_init_for_basic_crypto_wth(void)779 nss_requires_explicit_init_for_basic_crypto_wth(void)
780 {
781 if (NSS_NoDB_Init(NULL) < 0)
782 abort();
783 }
784
785 #ifdef NSS_VER_INCLUDE
786 #include <nss3/sechash.h>
787 #else
788 #include <nss/sechash.h>
789 #endif
790
791 #define NSS_gen_hashfuncs(name, typ) \
792 static inline int \
793 name##_Init(void **ctx) \
794 { \
795 if (!NSS_IsInitialized()) \
796 nss_requires_explicit_init_for_basic_crypto_wth(); \
797 const SECHashObject * const hashObj = HASH_GetHashObject(typ); \
798 return ((*ctx=hashObj->create()) != NULL) ? (hashObj->begin(*ctx),1) : 0; \
799 } \
800 static inline int \
801 name##_Final(unsigned char *dest, void **ctx) \
802 { \
803 const SECHashObject * const hashObj = HASH_GetHashObject(typ); \
804 unsigned int retLen; \
805 hashObj->end(*ctx, dest, &retLen, hashObj->length); \
806 hashObj->destroy(*ctx, PR_TRUE); \
807 return 1; \
808 } \
809 static inline int \
810 name##_Update(void **ctx, const void *src, size_t len) \
811 { \
812 const SECHashObject * const hashObj = HASH_GetHashObject(typ); \
813 hashObj->update(*ctx, src, (int)len); \
814 return 1; \
815 } \
816 typedef void * name##_CTX
817 typedef void * SHA_CTX;
818
819 #define USE_LIB_CRYPTO_MD5
820 /* MD5_Init()
821 * MD5_Update()
822 * MD5_Final() */
823 NSS_gen_hashfuncs(MD5, HASH_AlgMD5);
824
825 #define USE_LIB_CRYPTO_SHA1
826 /* SHA1_Init()
827 * SHA1_Update()
828 * SHA1_Final() */
829 NSS_gen_hashfuncs(SHA1, HASH_AlgSHA1);
830
831 #define USE_LIB_CRYPTO_SHA256
832 /* SHA256_Init()
833 * SHA256_Update()
834 * SHA256_Final() */
835 NSS_gen_hashfuncs(SHA256, HASH_AlgSHA256);
836
837 #define USE_LIB_CRYPTO_SHA512
838 /* SHA512_Init()
839 * SHA512_Update()
840 * SHA512_Final() */
841 NSS_gen_hashfuncs(SHA512, HASH_AlgSHA512);
842
843 #endif
844
845 #endif /* USE_LIB_CRYPTO */
846
847
848 #ifdef USE_LIB_CRYPTO_MD4
849 #ifndef MD4_DIGEST_LENGTH
850 #define MD4_DIGEST_LENGTH 16
851 #endif
852 #undef MD_DIGEST_LENGTH_MAX
853 #define MD_DIGEST_LENGTH_MAX MD4_DIGEST_LENGTH
854 #endif
855
856
857 #ifdef USE_LIB_CRYPTO_MD5
858 #ifndef MD5_DIGEST_LENGTH
859 #define MD5_DIGEST_LENGTH 16
860 #endif
861 #include "algo_md5.h" /*(for legacy li_MD5_*() name mangling)*/
862 #else
863 #include "algo_md5.h" /* MD5 implementation included with lighttpd */
864 #endif
865 #undef MD_DIGEST_LENGTH_MAX
866 #define MD_DIGEST_LENGTH_MAX MD5_DIGEST_LENGTH
867
868
869 #ifdef USE_LIB_CRYPTO_SHA1
870 typedef SHA_CTX SHA1_CTX; /*(naming consistency with other algos)*/
871 #ifndef SHA_DIGEST_LENGTH
872 #define SHA_DIGEST_LENGTH 20
873 #endif
874 #ifndef SHA1_DIGEST_LENGTH /*(naming consistency with other algos)*/
875 #define SHA1_DIGEST_LENGTH SHA_DIGEST_LENGTH
876 #endif
877 #else
878 #include "algo_sha1.h" /* SHA1 implementation included with lighttpd */
879 typedef SHA_CTX SHA1_CTX; /*(naming consistency with other algos)*/
880 #endif
881 #undef MD_DIGEST_LENGTH_MAX
882 #define MD_DIGEST_LENGTH_MAX SHA_DIGEST_LENGTH
883
884
885 #ifdef USE_LIB_CRYPTO_SHA256
886 #ifndef SHA256_DIGEST_LENGTH
887 #define SHA256_DIGEST_LENGTH 32
888 #endif
889 #undef MD_DIGEST_LENGTH_MAX
890 #define MD_DIGEST_LENGTH_MAX SHA256_DIGEST_LENGTH
891 #endif
892
893
894 #ifdef USE_LIB_CRYPTO_SHA512_256
895 #ifndef SHA512_256_DIGEST_LENGTH
896 #define SHA512_256_DIGEST_LENGTH 32
897 #endif
898 #undef MD_DIGEST_LENGTH_MAX
899 #define MD_DIGEST_LENGTH_MAX SHA512_256_DIGEST_LENGTH
900 #endif
901
902
903 #ifdef USE_LIB_CRYPTO_SHA512
904 #ifndef SHA512_DIGEST_LENGTH
905 #define SHA512_DIGEST_LENGTH 64
906 #endif
907 #undef MD_DIGEST_LENGTH_MAX
908 #define MD_DIGEST_LENGTH_MAX SHA512_DIGEST_LENGTH
909 #endif
910
911
912 /* message digest wrappers operating on single ptr, and on const_iovec */
913
914
915 typedef void(*li_md_once_fn)(unsigned char *digest, const void *data, size_t n);
916
917 #define li_md_once(algo) \
918 static inline void \
919 algo##_once (unsigned char * const digest, \
920 const void * const data, const size_t n) \
921 { \
922 algo##_CTX ctx; \
923 algo##_Init(&ctx); \
924 algo##_Update(&ctx, data, n); \
925 algo##_Final(digest, &ctx); \
926 }
927
928 #ifndef LI_CONST_IOVEC
929 #define LI_CONST_IOVEC
930 struct const_iovec {
931 const void *iov_base;
932 size_t iov_len;
933 };
934 #endif
935
936 typedef void(*li_md_iov_fn)(unsigned char *digest,
937 const struct const_iovec *iov, size_t n);
938
939 #define li_md_iov(algo) \
940 static inline void \
941 algo##_iov (unsigned char * const digest, \
942 const struct const_iovec * const iov, const size_t n) \
943 { \
944 algo##_CTX ctx; \
945 algo##_Init(&ctx); \
946 for (size_t i = 0; i < n; ++i) { \
947 if (iov[i].iov_len) \
948 algo##_Update(&ctx, iov[i].iov_base, iov[i].iov_len); \
949 } \
950 algo##_Final(digest, &ctx); \
951 }
952
953 #ifdef USE_LIB_CRYPTO_MD4
954 li_md_once(MD4)
955 li_md_iov(MD4)
956 #endif /* MD4_once() MD4_iov() */
957
958 /*#ifdef USE_LIB_CRYPTO_MD5*/
959 li_md_once(MD5)
960 li_md_iov(MD5)
961 /*#endif*/ /* MD5_once() MD5_iov() */
962
963 /*#ifdef USE_LIB_CRYPTO_SHA1*/
964 li_md_once(SHA1)
965 li_md_iov(SHA1)
966 /*#endif*/ /* SHA1_once() SHA1_iov() */
967
968 #ifdef USE_LIB_CRYPTO_SHA256
969 li_md_once(SHA256)
970 li_md_iov(SHA256)
971 #endif /* SHA256_once() SHA256_iov() */
972
973 #ifdef USE_LIB_CRYPTO_SHA512_256
974 li_md_once(SHA512_256)
975 li_md_iov(SHA512_256)
976 #endif /* SHA512_256_once() SHA512_256_iov() */
977
978 #ifdef USE_LIB_CRYPTO_SHA512
979 li_md_once(SHA512)
980 li_md_iov(SHA512)
981 #endif /* SHA512_once() SHA512_iov() */
982
983
984 #endif /* LI_SYS_CRYPTO_MD_H */
985