]> git.ipfire.org Git - thirdparty/openssl.git/blame - crypto/evp/digest.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
[thirdparty/openssl.git] / crypto / evp / digest.c
CommitLineData
62867571 1/*
33388b44 2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
5ba372b1 3 *
4a8b0c55 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
62867571
RS		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
5ba372b1 8 */
d02b48c6 9
e4468e6d
P		 10/* We need to use some engine deprecated APIs */
11#define OPENSSL_SUPPRESS_DEPRECATED
12
d02b48c6 13#include <stdio.h>
ec577822
BM		 14#include <openssl/objects.h>
15#include <openssl/evp.h>
ded346fa 16#include <openssl/ec.h>
3c27208f 17#include <openssl/engine.h>
d5e5e2ff
SL		 18#include <openssl/params.h>
19#include <openssl/core_names.h>
20#include "internal/cryptlib.h"
25f2138b 21#include "crypto/evp.h"
3653d0c2 22#include "internal/provider.h"
706457b7 23#include "evp_local.h"
d02b48c6 24
aa64cf24 25
3101ab60
MC		 26void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force)
27{
14bec2c4
MC		 28 EVP_MD_free(ctx->fetched_digest);
29 ctx->fetched_digest = NULL;
30 ctx->reqdigest = NULL;
8c8cf0d9
MC		 31
32 if (ctx->provctx != NULL) {
33 if (ctx->digest->freectx != NULL)
34 ctx->digest->freectx(ctx->provctx);
35 ctx->provctx = NULL;
36 EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
37 }
38
8c8cf0d9 39 /* TODO(3.0): Remove legacy code below */
8c8cf0d9 40
74cabf3f
RL		 41 /*
42 * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because
43 * sometimes only copies of the context are ever finalised.
44 */
45 if (ctx->digest && ctx->digest->cleanup
46 && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))
47 ctx->digest->cleanup(ctx);
48 if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
3101ab60 49 && (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE) || force))
74cabf3f 50 OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
3101ab60
MC		 51 if (force)
52 ctx->digest = NULL;
319e518a 53
f844f9eb 54#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
7c96dbcd 55 ENGINE_finish(ctx->engine);
3101ab60 56 ctx->engine = NULL;
74cabf3f 57#endif
3101ab60 58}
14bec2c4 59
3101ab60
MC		 60/* This call frees resources associated with the context */
61int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
62{
63 if (ctx == NULL)
64 return 1;
65
66#ifndef FIPS_MODULE
67 /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */
68 /*
69 * pctx should be freed by the user of EVP_MD_CTX
70 * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set
71 */
72 if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) {
73 EVP_PKEY_CTX_free(ctx->pctx);
74 ctx->pctx = NULL;
75 }
76#endif
14bec2c4 77
3101ab60 78 evp_md_ctx_clear_digest(ctx, 0);
3ce2fdab 79 OPENSSL_cleanse(ctx, sizeof(*ctx));
74cabf3f
RL		 80
81 return 1;
0f113f3e 82}
dbad1690 83
ded346fa 84#ifndef FIPS_MODULE
d8652be0 85EVP_MD_CTX *evp_md_ctx_new_ex(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id,
b4250010 86 OSSL_LIB_CTX *libctx, const char *propq)
ded346fa
DDO		 87{
88 EVP_MD_CTX *ctx;
89 EVP_PKEY_CTX *pctx = NULL;
90
91 if ((ctx = EVP_MD_CTX_new()) == NULL
92 || (pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq)) == NULL) {
93 ASN1err(0, ERR_R_MALLOC_FAILURE);
94 goto err;
95 }
96
97# ifndef OPENSSL_NO_EC
98 if (id != NULL && EVP_PKEY_CTX_set1_id(pctx, id->data, id->length) <= 0) {
99 ASN1err(0, ERR_R_MALLOC_FAILURE);
100 goto err;
101 }
102# endif
103
104 EVP_MD_CTX_set_pkey_ctx(ctx, pctx);
105 return ctx;
106
107 err:
108 EVP_PKEY_CTX_free(pctx);
109 EVP_MD_CTX_free(ctx);
110 return NULL;
111}
112#endif
113
959ed531 114EVP_MD_CTX *EVP_MD_CTX_new(void)
0f113f3e 115{
74cabf3f
RL		 116 return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
117}
dbad1690 118
959ed531 119void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
74cabf3f 120{
8c8cf0d9
MC		 121 if (ctx == NULL)
122 return;
123
8c8cf0d9
MC		 124 EVP_MD_CTX_reset(ctx);
125
8c8cf0d9
MC		 126 OPENSSL_free(ctx);
127 return;
0f113f3e 128}
dbad1690 129
2dc769a1 130int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
0f113f3e 131{
959ed531 132 EVP_MD_CTX_reset(ctx);
0f113f3e
MC		 133 return EVP_DigestInit_ex(ctx, type, NULL);
134}
0fea7ed4 135
11a57c7b 136int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
0f113f3e 137{
f844f9eb 138#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
8c8cf0d9 139 ENGINE *tmpimpl = NULL;
319e518a 140#endif
8c8cf0d9 141
b0002eb0
MC		 142#if !defined(FIPS_MODULE)
143 if (ctx->pctx != NULL
144 && EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx)
145 && ctx->pctx->op.sig.sigprovctx != NULL) {
146 /*
147 * Prior to OpenSSL 3.0 calling EVP_DigestInit_ex() on an mdctx
148 * previously initialised with EVP_DigestSignInit() would retain
149 * information about the key, and re-initialise for another sign
150 * operation. So in that case we redirect to EVP_DigestSignInit()
151 */
152 if (ctx->pctx->operation == EVP_PKEY_OP_SIGNCTX)
153 return EVP_DigestSignInit(ctx, NULL, type, impl, NULL);
154 if (ctx->pctx->operation == EVP_PKEY_OP_VERIFYCTX)
155 return EVP_DigestVerifyInit(ctx, NULL, type, impl, NULL);
156 EVPerr(0, EVP_R_UPDATE_ERROR);
157 return 0;
158 }
159#endif
160
0f113f3e 161 EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
8c8cf0d9 162
15de965f
MC		 163 if (ctx->provctx != NULL) {
164 if (!ossl_assert(ctx->digest != NULL)) {
165 EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
166 return 0;
167 }
168 if (ctx->digest->freectx != NULL)
169 ctx->digest->freectx(ctx->provctx);
170 ctx->provctx = NULL;
171 }
172
b7c913c8
MC		 173 if (type != NULL)
174 ctx->reqdigest = type;
175
8c8cf0d9 176 /* TODO(3.0): Legacy work around code below. Remove this */
f844f9eb 177#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
0f113f3e
MC		 178 /*
179 * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
180 * this context may already have an ENGINE! Try to avoid releasing the
181 * previous handle, re-querying for an ENGINE, and having a
0d4fb843 182 * reinitialisation, when it may all be unnecessary.
0f113f3e 183 */
a93e0e78
MRA		 184 if (ctx->engine && ctx->digest &&
185 (type == NULL || (type->type == ctx->digest->type)))
0f113f3e 186 goto skip_to_init;
8c8cf0d9 187
98475995
RL		 188 if (type != NULL) {
189 /*
190 * Ensure an ENGINE left lying around from last time is cleared (the
191 * previous check attempted to avoid this if the same ENGINE and
192 * EVP_MD could be used).
193 */
194 ENGINE_finish(ctx->engine);
195 ctx->engine = NULL;
196 }
197
8c8cf0d9
MC		 198 if (type != NULL && impl == NULL)
199 tmpimpl = ENGINE_get_digest_engine(type->type);
200#endif
201
202 /*
19cfe784
MC		 203 * If there are engines involved or EVP_MD_CTX_FLAG_NO_INIT is set then we
204 * should use legacy handling for now.
8c8cf0d9
MC		 205 */
206 if (ctx->engine != NULL
207 || impl != NULL
f844f9eb 208#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
8c8cf0d9 209 || tmpimpl != NULL
319e518a 210#endif
8c8cf0d9
MC		 211 || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) {
212 if (ctx->digest == ctx->fetched_digest)
213 ctx->digest = NULL;
3fd70262 214 EVP_MD_free(ctx->fetched_digest);
8c8cf0d9
MC		 215 ctx->fetched_digest = NULL;
216 goto legacy;
217 }
218
8c8cf0d9
MC		 219 if (ctx->digest != NULL && ctx->digest->ctx_size > 0) {
220 OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
221 ctx->md_data = NULL;
222 }
223
224 /* TODO(3.0): Start of non-legacy code below */
225
226 if (type->prov == NULL) {
f844f9eb 227#ifdef FIPS_MODULE
79c44b4e 228 /* We only do explicit fetches inside the FIPS module */
319e518a
MC		 229 EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
230 return 0;
231#else
232 EVP_MD *provmd = EVP_MD_fetch(NULL, OBJ_nid2sn(type->type), "");
233
ec0ce188 234 if (provmd == NULL)
8c8cf0d9 235 return 0;
8c8cf0d9 236 type = provmd;
3fd70262 237 EVP_MD_free(ctx->fetched_digest);
8c8cf0d9 238 ctx->fetched_digest = provmd;
319e518a 239#endif
8c8cf0d9
MC		 240 }
241
d5e5e2ff
SL		 242 if (ctx->provctx != NULL && ctx->digest != NULL && ctx->digest != type) {
243 if (ctx->digest->freectx != NULL)
244 ctx->digest->freectx(ctx->provctx);
245 ctx->provctx = NULL;
246 }
8c8cf0d9
MC		 247 ctx->digest = type;
248 if (ctx->provctx == NULL) {
a39eb840 249 ctx->provctx = ctx->digest->newctx(ossl_provider_ctx(type->prov));
8c8cf0d9
MC		 250 if (ctx->provctx == NULL) {
251 EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
252 return 0;
253 }
254 }
255
256 if (ctx->digest->dinit == NULL) {
257 EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
258 return 0;
259 }
260
261 return ctx->digest->dinit(ctx->provctx);
262
263 /* TODO(3.0): Remove legacy code below */
264 legacy:
265
f844f9eb 266#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
0f113f3e 267 if (type) {
7c96dbcd 268 if (impl != NULL) {
0f113f3e
MC		 269 if (!ENGINE_init(impl)) {
270 EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
271 return 0;
272 }
7c96dbcd 273 } else {
0f113f3e 274 /* Ask if an ENGINE is reserved for this job */
8c8cf0d9 275 impl = tmpimpl;
7c96dbcd
RS		 276 }
277 if (impl != NULL) {
0f113f3e
MC		 278 /* There's an ENGINE for this job ... (apparently) */
279 const EVP_MD *d = ENGINE_get_digest(impl, type->type);
7c96dbcd
RS		 280
281 if (d == NULL) {
0f113f3e
MC		 282 EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
283 ENGINE_finish(impl);
284 return 0;
285 }
286 /* We'll use the ENGINE's private digest definition */
287 type = d;
288 /*
289 * Store the ENGINE functional reference so we know 'type' came
290 * from an ENGINE and we need to release it when done.
291 */
292 ctx->engine = impl;
293 } else
294 ctx->engine = NULL;
a0108702
MC		 295 } else {
296 if (!ctx->digest) {
297 EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_NO_DIGEST_SET);
298 return 0;
299 }
300 type = ctx->digest;
0f113f3e 301 }
90e8a310 302#endif
0f113f3e 303 if (ctx->digest != type) {
ffe9150b 304 if (ctx->digest && ctx->digest->ctx_size) {
a93e0e78 305 OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
ffe9150b
MC		 306 ctx->md_data = NULL;
307 }
0f113f3e
MC		 308 ctx->digest = type;
309 if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
310 ctx->update = type->update;
84c15091 311 ctx->md_data = OPENSSL_zalloc(type->ctx_size);
0f113f3e
MC		 312 if (ctx->md_data == NULL) {
313 EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE);
314 return 0;
315 }
316 }
317 }
f844f9eb 318#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
0f113f3e 319 skip_to_init:
0b13e9f0 320#endif
f844f9eb 321#ifndef FIPS_MODULE
dfcb5d29
MC		 322 /*
323 * TODO(3.0): Temporarily no support for EVP_DigestSign* inside FIPS module
324 * or when using providers.
325 */
864b89ce
MC		 326 if (ctx->pctx != NULL
327 && (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx)
328 || ctx->pctx->op.sig.signature == NULL)) {
0f113f3e
MC		 329 int r;
330 r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG,
331 EVP_PKEY_CTRL_DIGESTINIT, 0, ctx);
332 if (r <= 0 && (r != -2))
333 return 0;
334 }
319e518a 335#endif
0f113f3e
MC		 336 if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
337 return 1;
338 return ctx->digest->init(ctx);
339}
d02b48c6 340
f80921b6 341int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
0f113f3e 342{
a8274ea3
MC		 343 if (count == 0)
344 return 1;
345
72df8f88
MC		 346 if (ctx->pctx != NULL
347 && EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx)
348 && ctx->pctx->op.sig.sigprovctx != NULL) {
349 /*
350 * Prior to OpenSSL 3.0 EVP_DigestSignUpdate() and
351 * EVP_DigestVerifyUpdate() were just macros for EVP_DigestUpdate().
352 * Some code calls EVP_DigestUpdate() directly even when initialised
d8652be0
MC		 353 * with EVP_DigestSignInit_ex() or
354 * EVP_DigestVerifyInit_ex(), so we detect that and redirect to
0ab18e79 355 * the correct EVP_Digest*Update() function
72df8f88
MC		 356 */
357 if (ctx->pctx->operation == EVP_PKEY_OP_SIGNCTX)
358 return EVP_DigestSignUpdate(ctx, data, count);
359 if (ctx->pctx->operation == EVP_PKEY_OP_VERIFYCTX)
360 return EVP_DigestVerifyUpdate(ctx, data, count);
361 EVPerr(EVP_F_EVP_DIGESTUPDATE, EVP_R_UPDATE_ERROR);
362 return 0;
363 }
364
557d6737
MC		 365 if (ctx->digest == NULL
366 || ctx->digest->prov == NULL
367 || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0)
8c8cf0d9
MC		 368 goto legacy;
369
370 if (ctx->digest->dupdate == NULL) {
371 EVPerr(EVP_F_EVP_DIGESTUPDATE, EVP_R_UPDATE_ERROR);
372 return 0;
373 }
374 return ctx->digest->dupdate(ctx->provctx, data, count);
375
376 /* TODO(3.0): Remove legacy code below */
377 legacy:
0f113f3e
MC		 378 return ctx->update(ctx, data, count);
379}
d02b48c6 380
dbad1690 381/* The caller can assume that this removes any secret data from the context */
2dc769a1 382int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
0f113f3e
MC		 383{
384 int ret;
385 ret = EVP_DigestFinal_ex(ctx, md, size);
959ed531 386 EVP_MD_CTX_reset(ctx);
0f113f3e
MC		 387 return ret;
388}
20d2186c
DSH		 389
390/* The caller can assume that this removes any secret data from the context */
8c8cf0d9 391int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize)
0f113f3e 392{
4bec3f6d 393 int ret, sz;
8c8cf0d9 394 size_t size = 0;
4bec3f6d
SL		 395 size_t mdsize = 0;
396
397 if (ctx->digest == NULL)
398 return 0;
8c8cf0d9 399
4bec3f6d
SL		 400 sz = EVP_MD_size(ctx->digest);
401 if (sz < 0)
402 return 0;
403 mdsize = sz;
404 if (ctx->digest->prov == NULL)
8c8cf0d9 405 goto legacy;
54a656ef 406
8c8cf0d9
MC		 407 if (ctx->digest->dfinal == NULL) {
408 EVPerr(EVP_F_EVP_DIGESTFINAL_EX, EVP_R_FINAL_ERROR);
409 return 0;
410 }
411
0ad50b4d 412 ret = ctx->digest->dfinal(ctx->provctx, md, &size, mdsize);
8c8cf0d9
MC		 413
414 if (isize != NULL) {
415 if (size <= UINT_MAX) {
416 *isize = (int)size;
417 } else {
418 EVPerr(EVP_F_EVP_DIGESTFINAL_EX, EVP_R_FINAL_ERROR);
419 ret = 0;
420 }
421 }
422
8c8cf0d9
MC		 423 return ret;
424
425 /* TODO(3.0): Remove legacy code below */
426 legacy:
0ad50b4d 427 OPENSSL_assert(mdsize <= EVP_MAX_MD_SIZE);
0f113f3e 428 ret = ctx->digest->final(ctx, md);
8c8cf0d9 429 if (isize != NULL)
0ad50b4d 430 *isize = mdsize;
0f113f3e
MC		 431 if (ctx->digest->cleanup) {
432 ctx->digest->cleanup(ctx);
433 EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
434 }
3ce2fdab 435 OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
0f113f3e
MC		 436 return ret;
437}
351d8998 438
cd8d1456
AP		 439int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t size)
440{
441 int ret = 0;
d5e5e2ff
SL		 442 OSSL_PARAM params[2];
443 size_t i = 0;
444
445 if (ctx->digest == NULL || ctx->digest->prov == NULL)
446 goto legacy;
cd8d1456 447
d5e5e2ff
SL		 448 if (ctx->digest->dfinal == NULL) {
449 EVPerr(EVP_F_EVP_DIGESTFINALXOF, EVP_R_FINAL_ERROR);
450 return 0;
451 }
452
4e7991b4 453 params[i++] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, &size);
d5e5e2ff
SL		 454 params[i++] = OSSL_PARAM_construct_end();
455
456 if (EVP_MD_CTX_set_params(ctx, params) > 0)
457 ret = ctx->digest->dfinal(ctx->provctx, md, &size, size);
458 EVP_MD_CTX_reset(ctx);
459 return ret;
460
461legacy:
cd8d1456
AP		 462 if (ctx->digest->flags & EVP_MD_FLAG_XOF
463 && size <= INT_MAX
464 && ctx->digest->md_ctrl(ctx, EVP_MD_CTRL_XOF_LEN, (int)size, NULL)) {
465 ret = ctx->digest->final(ctx, md);
cd8d1456
AP		 466 if (ctx->digest->cleanup != NULL) {
467 ctx->digest->cleanup(ctx);
468 EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
469 }
470 OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
471 } else {
472 EVPerr(EVP_F_EVP_DIGESTFINALXOF, EVP_R_NOT_XOF_OR_INVALID_LENGTH);
473 }
474
475 return ret;
476}
477
dbad1690 478int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
0f113f3e 479{
959ed531 480 EVP_MD_CTX_reset(out);
0f113f3e
MC		 481 return EVP_MD_CTX_copy_ex(out, in);
482}
20d2186c
DSH		 483
484int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
0f113f3e
MC		 485{
486 unsigned char *tmp_buf;
8c8cf0d9
MC		 487
488 if (in == NULL || in->digest == NULL) {
0f113f3e
MC		 489 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_INPUT_NOT_INITIALIZED);
490 return 0;
491 }
8c8cf0d9 492
557d6737
MC		 493 if (in->digest->prov == NULL
494 || (in->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0)
8c8cf0d9
MC		 495 goto legacy;
496
497 if (in->digest->dupctx == NULL) {
498 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_NOT_ABLE_TO_COPY_CTX);
499 return 0;
500 }
501
502 EVP_MD_CTX_reset(out);
503 if (out->fetched_digest != NULL)
3fd70262 504 EVP_MD_free(out->fetched_digest);
8c8cf0d9
MC		 505 *out = *in;
506 /* NULL out pointers in case of error */
507 out->pctx = NULL;
508 out->provctx = NULL;
509
510 if (in->fetched_digest != NULL)
70c35fd1 511 EVP_MD_up_ref(in->fetched_digest);
8c8cf0d9 512
ada0670b
MC		 513 if (in->provctx != NULL) {
514 out->provctx = in->digest->dupctx(in->provctx);
515 if (out->provctx == NULL) {
516 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_NOT_ABLE_TO_COPY_CTX);
517 return 0;
518 }
8c8cf0d9
MC		 519 }
520
521 /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */
522 EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
f844f9eb 523#ifndef FIPS_MODULE
319e518a 524 /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */
8c8cf0d9
MC		 525 if (in->pctx != NULL) {
526 out->pctx = EVP_PKEY_CTX_dup(in->pctx);
527 if (out->pctx == NULL) {
528 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_NOT_ABLE_TO_COPY_CTX);
529 EVP_MD_CTX_reset(out);
530 return 0;
531 }
532 }
319e518a 533#endif
8c8cf0d9
MC		 534
535 return 1;
536
537 /* TODO(3.0): Remove legacy code below */
538 legacy:
f844f9eb 539#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
0f113f3e
MC		 540 /* Make sure it's safe to copy a digest context using an ENGINE */
541 if (in->engine && !ENGINE_init(in->engine)) {
542 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_ENGINE_LIB);
543 return 0;
544 }
0b13e9f0 545#endif
26188931 546
0f113f3e
MC		 547 if (out->digest == in->digest) {
548 tmp_buf = out->md_data;
549 EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE);
550 } else
551 tmp_buf = NULL;
959ed531 552 EVP_MD_CTX_reset(out);
b4faea50 553 memcpy(out, in, sizeof(*out));
0f113f3e 554
4803717f
PY		 555 /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */
556 EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
557
6aa0ba4b
RL		 558 /* Null these variables, since they are getting fixed up
559 * properly below. Anything else may cause a memleak and/or
560 * double free if any of the memory allocations below fail
561 */
562 out->md_data = NULL;
563 out->pctx = NULL;
564
0f113f3e
MC		 565 if (in->md_data && out->digest->ctx_size) {
566 if (tmp_buf)
567 out->md_data = tmp_buf;
568 else {
569 out->md_data = OPENSSL_malloc(out->digest->ctx_size);
90945fa3 570 if (out->md_data == NULL) {
0f113f3e
MC		 571 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_MALLOC_FAILURE);
572 return 0;
573 }
574 }
575 memcpy(out->md_data, in->md_data, out->digest->ctx_size);
576 }
26188931 577
0f113f3e 578 out->update = in->update;
d4575825 579
f844f9eb 580#ifndef FIPS_MODULE
319e518a 581 /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */
0f113f3e
MC		 582 if (in->pctx) {
583 out->pctx = EVP_PKEY_CTX_dup(in->pctx);
584 if (!out->pctx) {
959ed531 585 EVP_MD_CTX_reset(out);
0f113f3e
MC		 586 return 0;
587 }
588 }
319e518a 589#endif
18327cd0 590
0f113f3e
MC		 591 if (out->digest->copy)
592 return out->digest->copy(out, in);
3a828611 593
0f113f3e
MC		 594 return 1;
595}
88ce56f8 596
9e0aad9f 597int EVP_Digest(const void *data, size_t count,
0f113f3e
MC		 598 unsigned char *md, unsigned int *size, const EVP_MD *type,
599 ENGINE *impl)
600{
bfb0641f 601 EVP_MD_CTX *ctx = EVP_MD_CTX_new();
0f113f3e 602 int ret;
dbad1690 603
74cabf3f
RL		 604 if (ctx == NULL)
605 return 0;
606 EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT);
607 ret = EVP_DigestInit_ex(ctx, type, impl)
608 && EVP_DigestUpdate(ctx, data, count)
609 && EVP_DigestFinal_ex(ctx, md, size);
bfb0641f 610 EVP_MD_CTX_free(ctx);
dbad1690 611
0f113f3e
MC		 612 return ret;
613}
dbad1690 614
ae3ff60e
RL		 615int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[])
616{
617 if (digest != NULL && digest->get_params != NULL)
618 return digest->get_params(params);
619 return 0;
620}
621
622const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest)
623{
624 if (digest != NULL && digest->gettable_params != NULL)
18ec26ba
P		 625 return digest->gettable_params(
626 ossl_provider_ctx(EVP_MD_provider(digest)));
ae3ff60e
RL		 627 return NULL;
628}
629
d5e5e2ff
SL		 630int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[])
631{
5f5c3b4f
MC		 632 EVP_PKEY_CTX *pctx = ctx->pctx;
633
ada0670b 634 /* If we have a pctx then we should try that first */
5f5c3b4f
MC		 635 if (pctx != NULL
636 && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
637 || pctx->operation == EVP_PKEY_OP_SIGNCTX)
638 && pctx->op.sig.sigprovctx != NULL
639 && pctx->op.sig.signature->set_ctx_md_params != NULL)
640 return pctx->op.sig.signature->set_ctx_md_params(pctx->op.sig.sigprovctx,
641 params);
ada0670b
MC		 642
643 if (ctx->digest != NULL && ctx->digest->set_ctx_params != NULL)
644 return ctx->digest->set_ctx_params(ctx->provctx, params);
645
d5e5e2ff
SL		 646 return 0;
647}
648
e6879a31 649const OSSL_PARAM *EVP_MD_settable_ctx_params(const EVP_MD *md)
ae3ff60e 650{
e6879a31 651 if (md != NULL && md->settable_ctx_params != NULL)
18ec26ba 652 return md->settable_ctx_params(ossl_provider_ctx(EVP_MD_provider(md)));
e6879a31
MC		 653 return NULL;
654}
655
656const OSSL_PARAM *EVP_MD_CTX_settable_params(EVP_MD_CTX *ctx)
657{
5f5c3b4f
MC		 658 EVP_PKEY_CTX *pctx;
659
18ec26ba
P		 660 if (ctx == NULL)
661 return NULL;
662
ada0670b 663 /* If we have a pctx then we should try that first */
5f5c3b4f
MC		 664 pctx = ctx->pctx;
665 if (pctx != NULL
666 && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
667 || pctx->operation == EVP_PKEY_OP_SIGNCTX)
668 && pctx->op.sig.sigprovctx != NULL
669 && pctx->op.sig.signature->settable_ctx_md_params != NULL)
670 return pctx->op.sig.signature->settable_ctx_md_params(
671 pctx->op.sig.sigprovctx);
672
ada0670b
MC		 673 if (ctx->digest != NULL && ctx->digest->settable_ctx_params != NULL)
674 return ctx->digest->settable_ctx_params(
675 ossl_provider_ctx(EVP_MD_provider(ctx->digest)));
676
ae3ff60e
RL		 677 return NULL;
678}
679
4e7991b4 680int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[])
d5e5e2ff 681{
5f5c3b4f
MC		 682 EVP_PKEY_CTX *pctx = ctx->pctx;
683
ada0670b 684 /* If we have a pctx then we should try that first */
5f5c3b4f
MC		 685 if (pctx != NULL
686 && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
687 || pctx->operation == EVP_PKEY_OP_SIGNCTX)
688 && pctx->op.sig.sigprovctx != NULL
689 && pctx->op.sig.signature->get_ctx_md_params != NULL)
690 return pctx->op.sig.signature->get_ctx_md_params(pctx->op.sig.sigprovctx,
691 params);
692
ada0670b
MC		 693 if (ctx->digest != NULL && ctx->digest->get_params != NULL)
694 return ctx->digest->get_ctx_params(ctx->provctx, params);
695
d5e5e2ff
SL		 696 return 0;
697}
698
e6879a31 699const OSSL_PARAM *EVP_MD_gettable_ctx_params(const EVP_MD *md)
ae3ff60e 700{
e6879a31 701 if (md != NULL && md->gettable_ctx_params != NULL)
18ec26ba 702 return md->gettable_ctx_params(ossl_provider_ctx(EVP_MD_provider(md)));
e6879a31
MC		 703 return NULL;
704}
705
706const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx)
707{
5f5c3b4f
MC		 708 EVP_PKEY_CTX *pctx;
709
825ccf51
SL		 710 if (ctx == NULL)
711 return NULL;
712
ada0670b 713 /* If we have a pctx then we should try that first */
5f5c3b4f
MC		 714 pctx = ctx->pctx;
715 if (pctx != NULL
716 && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
717 || pctx->operation == EVP_PKEY_OP_SIGNCTX)
718 && pctx->op.sig.sigprovctx != NULL
719 && pctx->op.sig.signature->gettable_ctx_md_params != NULL)
720 return pctx->op.sig.signature->gettable_ctx_md_params(
721 pctx->op.sig.sigprovctx);
722
ada0670b
MC		 723 if (ctx->digest != NULL
724 && ctx->digest->gettable_ctx_params != NULL)
725 return ctx->digest->gettable_ctx_params(
726 ossl_provider_ctx(EVP_MD_provider(ctx->digest)));
727
ae3ff60e
RL		 728 return NULL;
729}
730
83b4a243 731/* TODO(3.0): Remove legacy code below - only used by engines & DigestSign */
396d5fd0
DSH		 732int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
733{
6a3b7c68
RL		 734 int ret = EVP_CTRL_RET_UNSUPPORTED;
735 int set_params = 1;
736 size_t sz;
737 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
738
a2b62316
MC		 739 if (ctx == NULL) {
740 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
6a3b7c68
RL		 741 return 0;
742 }
743
a2b62316 744 if (ctx->digest != NULL && ctx->digest->prov == NULL)
6a3b7c68
RL		 745 goto legacy;
746
747 switch (cmd) {
748 case EVP_MD_CTRL_XOF_LEN:
749 sz = (size_t)p1;
750 params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, &sz);
751 break;
752 case EVP_MD_CTRL_MICALG:
753 set_params = 0;
754 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_DIGEST_PARAM_MICALG,
4e7991b4 755 p2, p1 ? p1 : 9999);
6a3b7c68 756 break;
c3885102
MC		 757 case EVP_CTRL_SSL3_MASTER_SECRET:
758 params[0] = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
759 p2, p1);
760 break;
6a3b7c68 761 default:
6a36f209 762 goto conclude;
396d5fd0 763 }
6a3b7c68
RL		 764
765 if (set_params)
5f5c3b4f 766 ret = EVP_MD_CTX_set_params(ctx, params);
6a3b7c68 767 else
5f5c3b4f 768 ret = EVP_MD_CTX_get_params(ctx, params);
552be00d 769 goto conclude;
6a3b7c68
RL		 770
771
772/* TODO(3.0): Remove legacy code below */
773 legacy:
774 if (ctx->digest->md_ctrl == NULL) {
775 ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_NOT_IMPLEMENTED);
776 return 0;
777 }
778
779 ret = ctx->digest->md_ctrl(ctx, cmd, p1, p2);
552be00d 780 conclude:
6a3b7c68
RL		 781 if (ret <= 0)
782 return 0;
783 return ret;
396d5fd0 784}
3653d0c2 785
3fd70262
RL		 786EVP_MD *evp_md_new(void)
787{
788 EVP_MD *md = OPENSSL_zalloc(sizeof(*md));
789
790 if (md != NULL) {
791 md->lock = CRYPTO_THREAD_lock_new();
792 if (md->lock == NULL) {
793 OPENSSL_free(md);
794 return NULL;
795 }
796 md->refcnt = 1;
797 }
798 return md;
799}
800
32040838
RL		 801/*
802 * FIPS module note: since internal fetches will be entirely
803 * provider based, we know that none of its code depends on legacy
804 * NIDs or any functionality that use them.
805 */
f844f9eb 806#ifndef FIPS_MODULE
32040838
RL		 807/* TODO(3.x) get rid of the need for legacy NIDs */
808static void set_legacy_nid(const char *name, void *vlegacy_nid)
809{
810 int nid;
811 int *legacy_nid = vlegacy_nid;
6a835fcf
RL		 812 /*
813 * We use lowest level function to get the associated method, because
814 * higher level functions such as EVP_get_digestbyname() have changed
815 * to look at providers too.
816 */
817 const void *legacy_method = OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH);
32040838
RL		 818
819 if (*legacy_nid == -1) /* We found a clash already */
820 return;
6a835fcf
RL		 821
822 if (legacy_method == NULL)
32040838 823 return;
6a835fcf 824 nid = EVP_MD_nid(legacy_method);
32040838
RL		 825 if (*legacy_nid != NID_undef && *legacy_nid != nid) {
826 *legacy_nid = -1;
827 return;
828 }
829 *legacy_nid = nid;
830}
831#endif
832
f7c16d48
RL		 833static void *evp_md_from_dispatch(int name_id,
834 const OSSL_DISPATCH *fns,
0ddf74bf 835 OSSL_PROVIDER *prov)
3653d0c2
MC		 836{
837 EVP_MD *md = NULL;
8c8cf0d9 838 int fncnt = 0;
3653d0c2 839
0211740f 840 /* EVP_MD_fetch() will set the legacy NID if available */
f7c16d48 841 if ((md = evp_md_new()) == NULL) {
6b9e3724 842 EVPerr(0, ERR_R_MALLOC_FAILURE);
3653d0c2 843 return NULL;
6b9e3724 844 }
3653d0c2 845
f844f9eb 846#ifndef FIPS_MODULE
32040838
RL		 847 /* TODO(3.x) get rid of the need for legacy NIDs */
848 md->type = NID_undef;
f651c727 849 evp_names_do_all(prov, name_id, set_legacy_nid, &md->type);
32040838
RL		 850 if (md->type == -1) {
851 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
852 EVP_MD_free(md);
853 return NULL;
f7c16d48 854 }
ed71e917
MC		 855#endif
856
32040838
RL		 857 md->name_id = name_id;
858
3653d0c2 859 for (; fns->function_id != 0; fns++) {
3653d0c2
MC		 860 switch (fns->function_id) {
861 case OSSL_FUNC_DIGEST_NEWCTX:
d5e5e2ff 862 if (md->newctx == NULL) {
363b1e5d 863 md->newctx = OSSL_FUNC_digest_newctx(fns);
d5e5e2ff
SL		 864 fncnt++;
865 }
3653d0c2
MC		 866 break;
867 case OSSL_FUNC_DIGEST_INIT:
d5e5e2ff 868 if (md->dinit == NULL) {
363b1e5d 869 md->dinit = OSSL_FUNC_digest_init(fns);
d5e5e2ff
SL		 870 fncnt++;
871 }
3653d0c2 872 break;
df05f2ce 873 case OSSL_FUNC_DIGEST_UPDATE:
d5e5e2ff 874 if (md->dupdate == NULL) {
363b1e5d 875 md->dupdate = OSSL_FUNC_digest_update(fns);
d5e5e2ff
SL		 876 fncnt++;
877 }
3653d0c2
MC		 878 break;
879 case OSSL_FUNC_DIGEST_FINAL:
d5e5e2ff 880 if (md->dfinal == NULL) {
363b1e5d 881 md->dfinal = OSSL_FUNC_digest_final(fns);
d5e5e2ff
SL		 882 fncnt++;
883 }
3653d0c2
MC		 884 break;
885 case OSSL_FUNC_DIGEST_DIGEST:
d5e5e2ff 886 if (md->digest == NULL)
363b1e5d 887 md->digest = OSSL_FUNC_digest_digest(fns);
3653d0c2
MC		 888 /* We don't increment fnct for this as it is stand alone */
889 break;
3653d0c2 890 case OSSL_FUNC_DIGEST_FREECTX:
d5e5e2ff 891 if (md->freectx == NULL) {
363b1e5d 892 md->freectx = OSSL_FUNC_digest_freectx(fns);
d5e5e2ff
SL		 893 fncnt++;
894 }
3653d0c2 895 break;
8c8cf0d9 896 case OSSL_FUNC_DIGEST_DUPCTX:
d5e5e2ff 897 if (md->dupctx == NULL)
363b1e5d 898 md->dupctx = OSSL_FUNC_digest_dupctx(fns);
8c8cf0d9 899 break;
d5e5e2ff
SL		 900 case OSSL_FUNC_DIGEST_GET_PARAMS:
901 if (md->get_params == NULL)
363b1e5d 902 md->get_params = OSSL_FUNC_digest_get_params(fns);
7556b9df 903 break;
92d9d0ae
RL		 904 case OSSL_FUNC_DIGEST_SET_CTX_PARAMS:
905 if (md->set_ctx_params == NULL)
363b1e5d 906 md->set_ctx_params = OSSL_FUNC_digest_set_ctx_params(fns);
6a3b7c68 907 break;
92d9d0ae
RL		 908 case OSSL_FUNC_DIGEST_GET_CTX_PARAMS:
909 if (md->get_ctx_params == NULL)
363b1e5d 910 md->get_ctx_params = OSSL_FUNC_digest_get_ctx_params(fns);
6a3b7c68 911 break;
ae3ff60e
RL		 912 case OSSL_FUNC_DIGEST_GETTABLE_PARAMS:
913 if (md->gettable_params == NULL)
363b1e5d 914 md->gettable_params = OSSL_FUNC_digest_gettable_params(fns);
ae3ff60e
RL		 915 break;
916 case OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS:
917 if (md->settable_ctx_params == NULL)
918 md->settable_ctx_params =
363b1e5d 919 OSSL_FUNC_digest_settable_ctx_params(fns);
ae3ff60e
RL		 920 break;
921 case OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS:
922 if (md->gettable_ctx_params == NULL)
923 md->gettable_ctx_params =
363b1e5d 924 OSSL_FUNC_digest_gettable_ctx_params(fns);
ae3ff60e 925 break;
3653d0c2 926 }
8c8cf0d9
MC		 927 }
928 if ((fncnt != 0 && fncnt != 5)
6a3b7c68 929 || (fncnt == 0 && md->digest == NULL)) {
8c8cf0d9
MC		 930 /*
931 * In order to be a consistent set of functions we either need the
932 * whole set of init/update/final etc functions or none of them.
933 * The "digest" function can standalone. We at least need one way to
934 * generate digests.
935 */
3fd70262 936 EVP_MD_free(md);
6a3b7c68 937 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
8c8cf0d9 938 return NULL;
3653d0c2
MC		 939 }
940 md->prov = prov;
941 if (prov != NULL)
7c95390e 942 ossl_provider_up_ref(prov);
3653d0c2
MC		 943
944 return md;
945}
946
70c35fd1 947static int evp_md_up_ref(void *md)
3653d0c2 948{
70c35fd1 949 return EVP_MD_up_ref(md);
3653d0c2
MC		 950}
951
952static void evp_md_free(void *md)
953{
3fd70262 954 EVP_MD_free(md);
3653d0c2
MC		 955}
956
b4250010 957EVP_MD *EVP_MD_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
3653d0c2
MC		 958 const char *properties)
959{
0211740f
RL		 960 EVP_MD *md =
961 evp_generic_fetch(ctx, OSSL_OP_DIGEST, algorithm, properties,
0ddf74bf 962 evp_md_from_dispatch, evp_md_up_ref, evp_md_free);
0211740f 963
0211740f 964 return md;
3653d0c2 965}
c540f00f 966
3fd70262
RL		 967int EVP_MD_up_ref(EVP_MD *md)
968{
969 int ref = 0;
970
971 CRYPTO_UP_REF(&md->refcnt, &ref, md->lock);
972 return 1;
973}
974
975void EVP_MD_free(EVP_MD *md)
976{
977 int i;
978
979 if (md == NULL)
980 return;
981
982 CRYPTO_DOWN_REF(&md->refcnt, &i, md->lock);
983 if (i > 0)
984 return;
985 ossl_provider_free(md->prov);
3fd70262
RL		 986 CRYPTO_THREAD_lock_free(md->lock);
987 OPENSSL_free(md);
988}
989
b4250010 990void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx,
251e610c
RL		 991 void (*fn)(EVP_MD *mac, void *arg),
992 void *arg)
c540f00f
RL		 993{
994 evp_generic_do_all(libctx, OSSL_OP_DIGEST,
995 (void (*)(void *, void *))fn, arg,
0ddf74bf 996 evp_md_from_dispatch, evp_md_free);
c540f00f 997}
A mirror of the official openssl repository