[tls] Split out hybrid MD5+SHA1 algorithm used in TLS version 1.1

Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
2026-05-07 12:44:45 +01:00
parent 0c617b9132
commit efa9515b14
4 changed files with 128 additions and 87 deletions
+85
View File
@@ -0,0 +1,85 @@
/*
* Copyright (C) 2026 Michael Brown <mbrown@fensystems.co.uk>.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*
* You can also choose to distribute this program under the terms of
* the Unmodified Binary Distribution Licence (as given in the file
* COPYING.UBDL), provided that you have satisfied its requirements.
*/
FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
FILE_SECBOOT ( PERMITTED );
/** @file
*
* Hybrid MD5+SHA1 hash as used by TLSv1.1 and earlier
*
*/
#include <ipxe/crypto.h>
#include <ipxe/md5_sha1.h>
/**
* Initialise MD5+SHA1 algorithm
*
* @v ctx MD5+SHA1 context
*/
static void md5_sha1_init ( void *ctx ) {
struct md5_sha1_context *context = ctx;
digest_init ( &md5_algorithm, context->md5 );
digest_init ( &sha1_algorithm, context->sha1 );
}
/**
* Accumulate data with MD5+SHA1 algorithm
*
* @v ctx MD5+SHA1 context
* @v data Data
* @v len Length of data
*/
static void md5_sha1_update ( void *ctx, const void *data, size_t len ) {
struct md5_sha1_context *context = ctx;
digest_update ( &md5_algorithm, context->md5, data, len );
digest_update ( &sha1_algorithm, context->sha1, data, len );
}
/**
* Generate MD5+SHA1 digest
*
* @v ctx MD5+SHA1 context
* @v out Output buffer
*/
static void md5_sha1_final ( void *ctx, void *out ) {
struct md5_sha1_context *context = ctx;
struct md5_sha1_digest *digest = out;
digest_final ( &md5_algorithm, context->md5, digest->md5 );
digest_final ( &sha1_algorithm, context->sha1, digest->sha1 );
}
/** Hybrid MD5+SHA1 digest algorithm */
struct digest_algorithm md5_sha1_algorithm = {
.name = "md5+sha1",
.ctxsize = sizeof ( struct md5_sha1_context ),
.blocksize = 0, /* Not applicable */
.digestsize = sizeof ( struct md5_sha1_digest ),
.init = md5_sha1_init,
.update = md5_sha1_update,
.final = md5_sha1_final,
};
+42
View File
@@ -0,0 +1,42 @@
#ifndef _IPXE_MD5_SHA1_H
#define _IPXE_MD5_SHA1_H
/** @file
*
* Hybrid MD5+SHA1 hash as used by TLSv1.1 and earlier
*
*/
FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
FILE_SECBOOT ( PERMITTED );
#include <stdint.h>
#include <ipxe/crypto.h>
#include <ipxe/md5.h>
#include <ipxe/sha1.h>
/** An MD5+SHA1 context */
struct md5_sha1_context {
/** MD5 context */
uint8_t md5[MD5_CTX_SIZE];
/** SHA-1 context */
uint8_t sha1[SHA1_CTX_SIZE];
} __attribute__ (( packed ));
/** MD5+SHA1 context size */
#define MD5_SHA1_CTX_SIZE sizeof ( struct md5_sha1_context )
/** An MD5+SHA1 digest */
struct md5_sha1_digest {
/** MD5 digest */
uint8_t md5[MD5_DIGEST_SIZE];
/** SHA-1 digest */
uint8_t sha1[SHA1_DIGEST_SIZE];
} __attribute__ (( packed ));
/** MD5+SHA1 digest size */
#define MD5_SHA1_DIGEST_SIZE sizeof ( struct md5_sha1_digest )
extern struct digest_algorithm md5_sha1_algorithm;
#endif /* _IPXE_MD5_SHA1_H */
-22
View File
@@ -307,28 +307,6 @@ struct tls_client_random {
uint8_t random[32];
} __attribute__ (( packed ));
/** An MD5+SHA1 context */
struct md5_sha1_context {
/** MD5 context */
uint8_t md5[MD5_CTX_SIZE];
/** SHA-1 context */
uint8_t sha1[SHA1_CTX_SIZE];
} __attribute__ (( packed ));
/** MD5+SHA1 context size */
#define MD5_SHA1_CTX_SIZE sizeof ( struct md5_sha1_context )
/** An MD5+SHA1 digest */
struct md5_sha1_digest {
/** MD5 digest */
uint8_t md5[MD5_DIGEST_SIZE];
/** SHA-1 digest */
uint8_t sha1[SHA1_DIGEST_SIZE];
} __attribute__ (( packed ));
/** MD5+SHA1 digest size */
#define MD5_SHA1_DIGEST_SIZE sizeof ( struct md5_sha1_digest )
/** A TLS session */
struct tls_session {
/** Reference counter */
+1 -65
View File
@@ -37,6 +37,7 @@ FILE_SECBOOT ( PERMITTED );
#include <ipxe/md5.h>
#include <ipxe/sha1.h>
#include <ipxe/sha256.h>
#include <ipxe/md5_sha1.h>
#include <ipxe/aes.h>
#include <ipxe/rsa.h>
#include <ipxe/iobuf.h>
@@ -280,71 +281,6 @@ tls_version ( struct tls_connection *tls, unsigned int version ) {
( tls->version >= version ) );
}
/******************************************************************************
*
* Hybrid MD5+SHA1 hash as used by TLSv1.1 and earlier
*
******************************************************************************
*/
/**
* Initialise MD5+SHA1 algorithm
*
* @v ctx MD5+SHA1 context
*/
static void md5_sha1_init ( void *ctx ) {
struct md5_sha1_context *context = ctx;
digest_init ( &md5_algorithm, context->md5 );
digest_init ( &sha1_algorithm, context->sha1 );
}
/**
* Accumulate data with MD5+SHA1 algorithm
*
* @v ctx MD5+SHA1 context
* @v data Data
* @v len Length of data
*/
static void md5_sha1_update ( void *ctx, const void *data, size_t len ) {
struct md5_sha1_context *context = ctx;
digest_update ( &md5_algorithm, context->md5, data, len );
digest_update ( &sha1_algorithm, context->sha1, data, len );
}
/**
* Generate MD5+SHA1 digest
*
* @v ctx MD5+SHA1 context
* @v out Output buffer
*/
static void md5_sha1_final ( void *ctx, void *out ) {
struct md5_sha1_context *context = ctx;
struct md5_sha1_digest *digest = out;
digest_final ( &md5_algorithm, context->md5, digest->md5 );
digest_final ( &sha1_algorithm, context->sha1, digest->sha1 );
}
/** Hybrid MD5+SHA1 digest algorithm */
static struct digest_algorithm md5_sha1_algorithm = {
.name = "md5+sha1",
.ctxsize = sizeof ( struct md5_sha1_context ),
.blocksize = 0, /* Not applicable */
.digestsize = sizeof ( struct md5_sha1_digest ),
.init = md5_sha1_init,
.update = md5_sha1_update,
.final = md5_sha1_final,
};
/** RSA digestInfo prefix for MD5+SHA1 algorithm */
struct rsa_digestinfo_prefix rsa_md5_sha1_prefix __rsa_digestinfo_prefix = {
.digest = &md5_sha1_algorithm,
.data = NULL, /* MD5+SHA1 signatures have no digestInfo */
.len = 0,
};
/******************************************************************************
*
* Cleanup functions