From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Jeremy Apthorp Date: Fri, 18 Jan 2019 13:56:52 -0800 Subject: expose ripemd160 This adds references to the decrepit/ module from non-decrepit source, which is not allowed in upstream. Until upstream has a way to interface with node.js that allows exposing additional digests without patching, this patch is required to provide ripemd160 support in the nodejs crypto module. diff --git a/crypto/digest/digest_extra.cc b/crypto/digest/digest_extra.cc index 309b61c89ef8c9decb9d9080f96923ee256f0dc6..a53d64cf9169c65aa890f362ac51b11a3d656fab 100644 --- a/crypto/digest/digest_extra.cc +++ b/crypto/digest/digest_extra.cc @@ -45,6 +45,7 @@ static const struct nid_to_digest nid_to_digest_mapping[] = { {NID_sha512, EVP_sha512, SN_sha512, LN_sha512}, {NID_sha512_256, EVP_sha512_256, SN_sha512_256, LN_sha512_256}, {NID_md5_sha1, EVP_md5_sha1, SN_md5_sha1, LN_md5_sha1}, + {NID_ripemd160, EVP_ripemd160, SN_ripemd160, LN_ripemd160}, // As a remnant of signing |EVP_MD|s, OpenSSL returned the corresponding // hash function when given a signature OID. To avoid unintended lax parsing // of hash OIDs, this is no longer supported for lookup by OID or NID. diff --git a/crypto/fipsmodule/digest/digests.cc.inc b/crypto/fipsmodule/digest/digests.cc.inc index 99e3a66c0a47818ccb039f8ccc41ea50e529a16d..dc50fd05bed6cb40bffe1c0f6f3019d25d351ba2 100644 --- a/crypto/fipsmodule/digest/digests.cc.inc +++ b/crypto/fipsmodule/digest/digests.cc.inc @@ -18,6 +18,7 @@ #include #include +#include #include "../../internal.h" #include "../bcm_interface.h" @@ -179,4 +180,27 @@ DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha512_256) { out->ctx_size = sizeof(SHA512_CTX); } +static void ripemd160_init(EVP_MD_CTX *ctx) { + CHECK(RIPEMD160_Init(reinterpret_cast(ctx->md_data))); +} + +static void ripemd160_update(EVP_MD_CTX *ctx, const void *data, size_t count) { + CHECK(RIPEMD160_Update(reinterpret_cast(ctx->md_data), data, count)); +} + +static void ripemd160_final(EVP_MD_CTX *ctx, uint8_t *md) { + CHECK(RIPEMD160_Final(md, reinterpret_cast(ctx->md_data))); +} + +DEFINE_METHOD_FUNCTION(EVP_MD, EVP_ripemd160) { + out->type = NID_ripemd160; + out->md_size = RIPEMD160_DIGEST_LENGTH; + out->flags = 0; + out->init = ripemd160_init; + out->update = ripemd160_update; + out->final = ripemd160_final; + out->block_size = 64; + out->ctx_size = sizeof(RIPEMD160_CTX); +} + #undef CHECK diff --git a/decrepit/evp/evp_do_all.cc b/decrepit/evp/evp_do_all.cc index e04b80cd6a1a215fc87f8fd8d750c3d258c3974f..8fdf1c624794f568bfc77b7b6b0c510b23905a4d 100644 --- a/decrepit/evp/evp_do_all.cc +++ b/decrepit/evp/evp_do_all.cc @@ -79,6 +79,7 @@ void EVP_MD_do_all_sorted(void (*callback)(const EVP_MD *cipher, callback(EVP_sha384(), "SHA384", NULL, arg); callback(EVP_sha512(), "SHA512", NULL, arg); callback(EVP_sha512_256(), "SHA512-256", NULL, arg); + callback(EVP_ripemd160(), "ripemd160", NULL, arg); callback(EVP_md4(), "md4", NULL, arg); callback(EVP_md5(), "md5", NULL, arg); @@ -88,6 +89,7 @@ void EVP_MD_do_all_sorted(void (*callback)(const EVP_MD *cipher, callback(EVP_sha384(), "sha384", NULL, arg); callback(EVP_sha512(), "sha512", NULL, arg); callback(EVP_sha512_256(), "sha512-256", NULL, arg); + callback(EVP_ripemd160(), "ripemd160", NULL, arg); } void EVP_MD_do_all(void (*callback)(const EVP_MD *cipher, const char *name, diff --git a/include/openssl/digest.h b/include/openssl/digest.h index 710c6e6d110378d1db10d8c2ae57b2d844c603b9..dbb1e0cd5e9480d1ac7a86cbca6fae29d6a8dca4 100644 --- a/include/openssl/digest.h +++ b/include/openssl/digest.h @@ -48,6 +48,9 @@ OPENSSL_EXPORT const EVP_MD *EVP_blake2b256(void); // MD5 and SHA-1, as used in TLS 1.1 and below. OPENSSL_EXPORT const EVP_MD *EVP_md5_sha1(void); +// EVP_ripemd160 is in decrepit and not available by default. +OPENSSL_EXPORT const EVP_MD *EVP_ripemd160(void); + // EVP_get_digestbynid returns an |EVP_MD| for the given NID, or NULL if no // such digest is known. OPENSSL_EXPORT const EVP_MD *EVP_get_digestbynid(int nid);