Move digests to providers

Move digest code into the relevant providers (fips, default, legacy).
The headers are temporarily moved to be internal, and will be moved
into providers after all external references are resolved. The deprecated
digest code can not be removed until EVP_PKEY (signing) is supported by
providers. EVP_MD data can also not yet be cleaned up for the same reasons.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8763)

2 files changed, 102 insertions, 1 deletions

diff --git a/crypto/md5/build.info b/crypto/md5/build.info
index e641fecd0d..2b1444dc68 100644
--- a/crypto/md5/build.info
+++ b/crypto/md5/build.info
@@ -1,6 +1,6 @@
 LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
-        md5_dgst.c md5_one.c {- $target{md5_asm_src} -}
+        md5_dgst.c md5_one.c md5_sha1.c {- $target{md5_asm_src} -}
 
 GENERATE[md5-586.s]=asm/md5-586.pl \
         $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS)
diff --git a/crypto/md5/md5_sha1.c b/crypto/md5/md5_sha1.c
new file mode 100644
index 0000000000..5d5fac95bd
--- /dev/null
+++ b/crypto/md5/md5_sha1.c
@@ -0,0 +1,101 @@
+/*
+ * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#include <string.h>
+#include "internal/md5_sha1.h"
+#include <openssl/evp.h>
+
+int md5_sha1_init(MD5_SHA1_CTX *mctx)
+{
+    if (!MD5_Init(&mctx->md5))
+        return 0;
+    return SHA1_Init(&mctx->sha1);
+}
+
+int md5_sha1_update(MD5_SHA1_CTX *mctx, const void *data, size_t count)
+{
+    if (!MD5_Update(&mctx->md5, data, count))
+        return 0;
+    return SHA1_Update(&mctx->sha1, data, count);
+}
+
+int md5_sha1_final(unsigned char *md, MD5_SHA1_CTX *mctx)
+{
+    if (!MD5_Final(md, &mctx->md5))
+        return 0;
+    return SHA1_Final(md + MD5_DIGEST_LENGTH, &mctx->sha1);
+}
+
+int md5_sha1_ctrl(MD5_SHA1_CTX *mctx, int cmd, int mslen, void *ms)
+{
+    unsigned char padtmp[48];
+    unsigned char md5tmp[MD5_DIGEST_LENGTH];
+    unsigned char sha1tmp[SHA_DIGEST_LENGTH];
+
+    if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
+        return -2;
+
+    if (mctx == NULL)
+        return 0;
+
+    /* SSLv3 client auth handling: see RFC-6101 5.6.8 */
+    if (mslen != 48)
+        return 0;
+
+    /* At this point hash contains all handshake messages, update
+     * with master secret and pad_1.
+     */
+
+    if (md5_sha1_update(mctx, ms, mslen) <= 0)
+        return 0;
+
+    /* Set padtmp to pad_1 value */
+    memset(padtmp, 0x36, sizeof(padtmp));
+
+    if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp)))
+        return 0;
+
+    if (!MD5_Final(md5tmp, &mctx->md5))
+        return 0;
+
+    if (!SHA1_Update(&mctx->sha1, padtmp, 40))
+        return 0;
+
+    if (!SHA1_Final(sha1tmp, &mctx->sha1))
+        return 0;
+
+    /* Reinitialise context */
+
+    if (!md5_sha1_init(mctx))
+        return 0;
+
+    if (md5_sha1_update(mctx, ms, mslen) <= 0)
+        return 0;
+
+    /* Set padtmp to pad_2 value */
+    memset(padtmp, 0x5c, sizeof(padtmp));
+
+    if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp)))
+        return 0;
+
+    if (!MD5_Update(&mctx->md5, md5tmp, sizeof(md5tmp)))
+        return 0;
+
+    if (!SHA1_Update(&mctx->sha1, padtmp, 40))
+        return 0;
+
+    if (!SHA1_Update(&mctx->sha1, sha1tmp, sizeof(sha1tmp)))
+        return 0;
+
+    /* Now when ctx is finalised it will return the SSL v3 hash value */
+
+    OPENSSL_cleanse(md5tmp, sizeof(md5tmp));
+    OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp));
+
+    return 1;
+}