]>
Commit | Line | Data |
---|---|---|
62867571 | 1 | /* |
33388b44 | 2 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. |
5ba372b1 | 3 | * |
4a8b0c55 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
62867571 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
5ba372b1 | 8 | */ |
d02b48c6 | 9 | |
e4468e6d P |
10 | /* We need to use some engine deprecated APIs */ |
11 | #define OPENSSL_SUPPRESS_DEPRECATED | |
12 | ||
d02b48c6 | 13 | #include <stdio.h> |
ec577822 BM |
14 | #include <openssl/objects.h> |
15 | #include <openssl/evp.h> | |
ded346fa | 16 | #include <openssl/ec.h> |
3c27208f | 17 | #include <openssl/engine.h> |
d5e5e2ff SL |
18 | #include <openssl/params.h> |
19 | #include <openssl/core_names.h> | |
20 | #include "internal/cryptlib.h" | |
25f2138b | 21 | #include "crypto/evp.h" |
3653d0c2 | 22 | #include "internal/provider.h" |
706457b7 | 23 | #include "evp_local.h" |
d02b48c6 | 24 | |
aa64cf24 | 25 | |
3101ab60 MC |
26 | void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force) |
27 | { | |
14bec2c4 MC |
28 | EVP_MD_free(ctx->fetched_digest); |
29 | ctx->fetched_digest = NULL; | |
30 | ctx->reqdigest = NULL; | |
8c8cf0d9 MC |
31 | |
32 | if (ctx->provctx != NULL) { | |
33 | if (ctx->digest->freectx != NULL) | |
34 | ctx->digest->freectx(ctx->provctx); | |
35 | ctx->provctx = NULL; | |
36 | EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); | |
37 | } | |
38 | ||
8c8cf0d9 | 39 | /* TODO(3.0): Remove legacy code below */ |
8c8cf0d9 | 40 | |
74cabf3f RL |
41 | /* |
42 | * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because | |
43 | * sometimes only copies of the context are ever finalised. | |
44 | */ | |
45 | if (ctx->digest && ctx->digest->cleanup | |
46 | && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) | |
47 | ctx->digest->cleanup(ctx); | |
48 | if (ctx->digest && ctx->digest->ctx_size && ctx->md_data | |
3101ab60 | 49 | && (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE) || force)) |
74cabf3f | 50 | OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); |
3101ab60 MC |
51 | if (force) |
52 | ctx->digest = NULL; | |
319e518a | 53 | |
f844f9eb | 54 | #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE) |
7c96dbcd | 55 | ENGINE_finish(ctx->engine); |
3101ab60 | 56 | ctx->engine = NULL; |
74cabf3f | 57 | #endif |
3101ab60 | 58 | } |
14bec2c4 | 59 | |
3101ab60 MC |
60 | /* This call frees resources associated with the context */ |
61 | int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) | |
62 | { | |
63 | if (ctx == NULL) | |
64 | return 1; | |
65 | ||
66 | #ifndef FIPS_MODULE | |
67 | /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */ | |
68 | /* | |
69 | * pctx should be freed by the user of EVP_MD_CTX | |
70 | * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set | |
71 | */ | |
72 | if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) { | |
73 | EVP_PKEY_CTX_free(ctx->pctx); | |
74 | ctx->pctx = NULL; | |
75 | } | |
76 | #endif | |
14bec2c4 | 77 | |
3101ab60 | 78 | evp_md_ctx_clear_digest(ctx, 0); |
3ce2fdab | 79 | OPENSSL_cleanse(ctx, sizeof(*ctx)); |
74cabf3f RL |
80 | |
81 | return 1; | |
0f113f3e | 82 | } |
dbad1690 | 83 | |
ded346fa | 84 | #ifndef FIPS_MODULE |
d8652be0 | 85 | EVP_MD_CTX *evp_md_ctx_new_ex(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id, |
b4250010 | 86 | OSSL_LIB_CTX *libctx, const char *propq) |
ded346fa DDO |
87 | { |
88 | EVP_MD_CTX *ctx; | |
89 | EVP_PKEY_CTX *pctx = NULL; | |
90 | ||
91 | if ((ctx = EVP_MD_CTX_new()) == NULL | |
92 | || (pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq)) == NULL) { | |
93 | ASN1err(0, ERR_R_MALLOC_FAILURE); | |
94 | goto err; | |
95 | } | |
96 | ||
97 | # ifndef OPENSSL_NO_EC | |
98 | if (id != NULL && EVP_PKEY_CTX_set1_id(pctx, id->data, id->length) <= 0) { | |
99 | ASN1err(0, ERR_R_MALLOC_FAILURE); | |
100 | goto err; | |
101 | } | |
102 | # endif | |
103 | ||
104 | EVP_MD_CTX_set_pkey_ctx(ctx, pctx); | |
105 | return ctx; | |
106 | ||
107 | err: | |
108 | EVP_PKEY_CTX_free(pctx); | |
109 | EVP_MD_CTX_free(ctx); | |
110 | return NULL; | |
111 | } | |
112 | #endif | |
113 | ||
959ed531 | 114 | EVP_MD_CTX *EVP_MD_CTX_new(void) |
0f113f3e | 115 | { |
74cabf3f RL |
116 | return OPENSSL_zalloc(sizeof(EVP_MD_CTX)); |
117 | } | |
dbad1690 | 118 | |
959ed531 | 119 | void EVP_MD_CTX_free(EVP_MD_CTX *ctx) |
74cabf3f | 120 | { |
8c8cf0d9 MC |
121 | if (ctx == NULL) |
122 | return; | |
123 | ||
8c8cf0d9 MC |
124 | EVP_MD_CTX_reset(ctx); |
125 | ||
8c8cf0d9 MC |
126 | OPENSSL_free(ctx); |
127 | return; | |
0f113f3e | 128 | } |
dbad1690 | 129 | |
2dc769a1 | 130 | int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) |
0f113f3e | 131 | { |
959ed531 | 132 | EVP_MD_CTX_reset(ctx); |
0f113f3e MC |
133 | return EVP_DigestInit_ex(ctx, type, NULL); |
134 | } | |
0fea7ed4 | 135 | |
11a57c7b | 136 | int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) |
0f113f3e | 137 | { |
f844f9eb | 138 | #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) |
8c8cf0d9 | 139 | ENGINE *tmpimpl = NULL; |
319e518a | 140 | #endif |
8c8cf0d9 | 141 | |
b0002eb0 MC |
142 | #if !defined(FIPS_MODULE) |
143 | if (ctx->pctx != NULL | |
144 | && EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx) | |
145 | && ctx->pctx->op.sig.sigprovctx != NULL) { | |
146 | /* | |
147 | * Prior to OpenSSL 3.0 calling EVP_DigestInit_ex() on an mdctx | |
148 | * previously initialised with EVP_DigestSignInit() would retain | |
149 | * information about the key, and re-initialise for another sign | |
150 | * operation. So in that case we redirect to EVP_DigestSignInit() | |
151 | */ | |
152 | if (ctx->pctx->operation == EVP_PKEY_OP_SIGNCTX) | |
153 | return EVP_DigestSignInit(ctx, NULL, type, impl, NULL); | |
154 | if (ctx->pctx->operation == EVP_PKEY_OP_VERIFYCTX) | |
155 | return EVP_DigestVerifyInit(ctx, NULL, type, impl, NULL); | |
156 | EVPerr(0, EVP_R_UPDATE_ERROR); | |
157 | return 0; | |
158 | } | |
159 | #endif | |
160 | ||
0f113f3e | 161 | EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); |
8c8cf0d9 | 162 | |
15de965f MC |
163 | if (ctx->provctx != NULL) { |
164 | if (!ossl_assert(ctx->digest != NULL)) { | |
165 | EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR); | |
166 | return 0; | |
167 | } | |
168 | if (ctx->digest->freectx != NULL) | |
169 | ctx->digest->freectx(ctx->provctx); | |
170 | ctx->provctx = NULL; | |
171 | } | |
172 | ||
b7c913c8 MC |
173 | if (type != NULL) |
174 | ctx->reqdigest = type; | |
175 | ||
8c8cf0d9 | 176 | /* TODO(3.0): Legacy work around code below. Remove this */ |
f844f9eb | 177 | #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) |
0f113f3e MC |
178 | /* |
179 | * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so | |
180 | * this context may already have an ENGINE! Try to avoid releasing the | |
181 | * previous handle, re-querying for an ENGINE, and having a | |
0d4fb843 | 182 | * reinitialisation, when it may all be unnecessary. |
0f113f3e | 183 | */ |
a93e0e78 MRA |
184 | if (ctx->engine && ctx->digest && |
185 | (type == NULL || (type->type == ctx->digest->type))) | |
0f113f3e | 186 | goto skip_to_init; |
8c8cf0d9 | 187 | |
98475995 RL |
188 | if (type != NULL) { |
189 | /* | |
190 | * Ensure an ENGINE left lying around from last time is cleared (the | |
191 | * previous check attempted to avoid this if the same ENGINE and | |
192 | * EVP_MD could be used). | |
193 | */ | |
194 | ENGINE_finish(ctx->engine); | |
195 | ctx->engine = NULL; | |
196 | } | |
197 | ||
8c8cf0d9 MC |
198 | if (type != NULL && impl == NULL) |
199 | tmpimpl = ENGINE_get_digest_engine(type->type); | |
200 | #endif | |
201 | ||
202 | /* | |
19cfe784 MC |
203 | * If there are engines involved or EVP_MD_CTX_FLAG_NO_INIT is set then we |
204 | * should use legacy handling for now. | |
8c8cf0d9 MC |
205 | */ |
206 | if (ctx->engine != NULL | |
207 | || impl != NULL | |
f844f9eb | 208 | #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) |
8c8cf0d9 | 209 | || tmpimpl != NULL |
319e518a | 210 | #endif |
8c8cf0d9 MC |
211 | || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) { |
212 | if (ctx->digest == ctx->fetched_digest) | |
213 | ctx->digest = NULL; | |
3fd70262 | 214 | EVP_MD_free(ctx->fetched_digest); |
8c8cf0d9 MC |
215 | ctx->fetched_digest = NULL; |
216 | goto legacy; | |
217 | } | |
218 | ||
8c8cf0d9 MC |
219 | if (ctx->digest != NULL && ctx->digest->ctx_size > 0) { |
220 | OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); | |
221 | ctx->md_data = NULL; | |
222 | } | |
223 | ||
224 | /* TODO(3.0): Start of non-legacy code below */ | |
225 | ||
226 | if (type->prov == NULL) { | |
f844f9eb | 227 | #ifdef FIPS_MODULE |
79c44b4e | 228 | /* We only do explicit fetches inside the FIPS module */ |
319e518a MC |
229 | EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR); |
230 | return 0; | |
231 | #else | |
232 | EVP_MD *provmd = EVP_MD_fetch(NULL, OBJ_nid2sn(type->type), ""); | |
233 | ||
ec0ce188 | 234 | if (provmd == NULL) |
8c8cf0d9 | 235 | return 0; |
8c8cf0d9 | 236 | type = provmd; |
3fd70262 | 237 | EVP_MD_free(ctx->fetched_digest); |
8c8cf0d9 | 238 | ctx->fetched_digest = provmd; |
319e518a | 239 | #endif |
8c8cf0d9 MC |
240 | } |
241 | ||
d5e5e2ff SL |
242 | if (ctx->provctx != NULL && ctx->digest != NULL && ctx->digest != type) { |
243 | if (ctx->digest->freectx != NULL) | |
244 | ctx->digest->freectx(ctx->provctx); | |
245 | ctx->provctx = NULL; | |
246 | } | |
8c8cf0d9 MC |
247 | ctx->digest = type; |
248 | if (ctx->provctx == NULL) { | |
a39eb840 | 249 | ctx->provctx = ctx->digest->newctx(ossl_provider_ctx(type->prov)); |
8c8cf0d9 MC |
250 | if (ctx->provctx == NULL) { |
251 | EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR); | |
252 | return 0; | |
253 | } | |
254 | } | |
255 | ||
256 | if (ctx->digest->dinit == NULL) { | |
257 | EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR); | |
258 | return 0; | |
259 | } | |
260 | ||
261 | return ctx->digest->dinit(ctx->provctx); | |
262 | ||
263 | /* TODO(3.0): Remove legacy code below */ | |
264 | legacy: | |
265 | ||
f844f9eb | 266 | #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) |
0f113f3e | 267 | if (type) { |
7c96dbcd | 268 | if (impl != NULL) { |
0f113f3e MC |
269 | if (!ENGINE_init(impl)) { |
270 | EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR); | |
271 | return 0; | |
272 | } | |
7c96dbcd | 273 | } else { |
0f113f3e | 274 | /* Ask if an ENGINE is reserved for this job */ |
8c8cf0d9 | 275 | impl = tmpimpl; |
7c96dbcd RS |
276 | } |
277 | if (impl != NULL) { | |
0f113f3e MC |
278 | /* There's an ENGINE for this job ... (apparently) */ |
279 | const EVP_MD *d = ENGINE_get_digest(impl, type->type); | |
7c96dbcd RS |
280 | |
281 | if (d == NULL) { | |
0f113f3e MC |
282 | EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR); |
283 | ENGINE_finish(impl); | |
284 | return 0; | |
285 | } | |
286 | /* We'll use the ENGINE's private digest definition */ | |
287 | type = d; | |
288 | /* | |
289 | * Store the ENGINE functional reference so we know 'type' came | |
290 | * from an ENGINE and we need to release it when done. | |
291 | */ | |
292 | ctx->engine = impl; | |
293 | } else | |
294 | ctx->engine = NULL; | |
a0108702 MC |
295 | } else { |
296 | if (!ctx->digest) { | |
297 | EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_NO_DIGEST_SET); | |
298 | return 0; | |
299 | } | |
300 | type = ctx->digest; | |
0f113f3e | 301 | } |
90e8a310 | 302 | #endif |
0f113f3e | 303 | if (ctx->digest != type) { |
ffe9150b | 304 | if (ctx->digest && ctx->digest->ctx_size) { |
a93e0e78 | 305 | OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); |
ffe9150b MC |
306 | ctx->md_data = NULL; |
307 | } | |
0f113f3e MC |
308 | ctx->digest = type; |
309 | if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) { | |
310 | ctx->update = type->update; | |
84c15091 | 311 | ctx->md_data = OPENSSL_zalloc(type->ctx_size); |
0f113f3e MC |
312 | if (ctx->md_data == NULL) { |
313 | EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE); | |
314 | return 0; | |
315 | } | |
316 | } | |
317 | } | |
f844f9eb | 318 | #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) |
0f113f3e | 319 | skip_to_init: |
0b13e9f0 | 320 | #endif |
f844f9eb | 321 | #ifndef FIPS_MODULE |
dfcb5d29 MC |
322 | /* |
323 | * TODO(3.0): Temporarily no support for EVP_DigestSign* inside FIPS module | |
324 | * or when using providers. | |
325 | */ | |
864b89ce MC |
326 | if (ctx->pctx != NULL |
327 | && (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx) | |
328 | || ctx->pctx->op.sig.signature == NULL)) { | |
0f113f3e MC |
329 | int r; |
330 | r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG, | |
331 | EVP_PKEY_CTRL_DIGESTINIT, 0, ctx); | |
332 | if (r <= 0 && (r != -2)) | |
333 | return 0; | |
334 | } | |
319e518a | 335 | #endif |
0f113f3e MC |
336 | if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) |
337 | return 1; | |
338 | return ctx->digest->init(ctx); | |
339 | } | |
d02b48c6 | 340 | |
f80921b6 | 341 | int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) |
0f113f3e | 342 | { |
a8274ea3 MC |
343 | if (count == 0) |
344 | return 1; | |
345 | ||
72df8f88 MC |
346 | if (ctx->pctx != NULL |
347 | && EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx) | |
348 | && ctx->pctx->op.sig.sigprovctx != NULL) { | |
349 | /* | |
350 | * Prior to OpenSSL 3.0 EVP_DigestSignUpdate() and | |
351 | * EVP_DigestVerifyUpdate() were just macros for EVP_DigestUpdate(). | |
352 | * Some code calls EVP_DigestUpdate() directly even when initialised | |
d8652be0 MC |
353 | * with EVP_DigestSignInit_ex() or |
354 | * EVP_DigestVerifyInit_ex(), so we detect that and redirect to | |
0ab18e79 | 355 | * the correct EVP_Digest*Update() function |
72df8f88 MC |
356 | */ |
357 | if (ctx->pctx->operation == EVP_PKEY_OP_SIGNCTX) | |
358 | return EVP_DigestSignUpdate(ctx, data, count); | |
359 | if (ctx->pctx->operation == EVP_PKEY_OP_VERIFYCTX) | |
360 | return EVP_DigestVerifyUpdate(ctx, data, count); | |
361 | EVPerr(EVP_F_EVP_DIGESTUPDATE, EVP_R_UPDATE_ERROR); | |
362 | return 0; | |
363 | } | |
364 | ||
557d6737 MC |
365 | if (ctx->digest == NULL |
366 | || ctx->digest->prov == NULL | |
367 | || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) | |
8c8cf0d9 MC |
368 | goto legacy; |
369 | ||
370 | if (ctx->digest->dupdate == NULL) { | |
371 | EVPerr(EVP_F_EVP_DIGESTUPDATE, EVP_R_UPDATE_ERROR); | |
372 | return 0; | |
373 | } | |
374 | return ctx->digest->dupdate(ctx->provctx, data, count); | |
375 | ||
376 | /* TODO(3.0): Remove legacy code below */ | |
377 | legacy: | |
0f113f3e MC |
378 | return ctx->update(ctx, data, count); |
379 | } | |
d02b48c6 | 380 | |
dbad1690 | 381 | /* The caller can assume that this removes any secret data from the context */ |
2dc769a1 | 382 | int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) |
0f113f3e MC |
383 | { |
384 | int ret; | |
385 | ret = EVP_DigestFinal_ex(ctx, md, size); | |
959ed531 | 386 | EVP_MD_CTX_reset(ctx); |
0f113f3e MC |
387 | return ret; |
388 | } | |
20d2186c DSH |
389 | |
390 | /* The caller can assume that this removes any secret data from the context */ | |
8c8cf0d9 | 391 | int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize) |
0f113f3e | 392 | { |
4bec3f6d | 393 | int ret, sz; |
8c8cf0d9 | 394 | size_t size = 0; |
4bec3f6d SL |
395 | size_t mdsize = 0; |
396 | ||
397 | if (ctx->digest == NULL) | |
398 | return 0; | |
8c8cf0d9 | 399 | |
4bec3f6d SL |
400 | sz = EVP_MD_size(ctx->digest); |
401 | if (sz < 0) | |
402 | return 0; | |
403 | mdsize = sz; | |
404 | if (ctx->digest->prov == NULL) | |
8c8cf0d9 | 405 | goto legacy; |
54a656ef | 406 | |
8c8cf0d9 MC |
407 | if (ctx->digest->dfinal == NULL) { |
408 | EVPerr(EVP_F_EVP_DIGESTFINAL_EX, EVP_R_FINAL_ERROR); | |
409 | return 0; | |
410 | } | |
411 | ||
0ad50b4d | 412 | ret = ctx->digest->dfinal(ctx->provctx, md, &size, mdsize); |
8c8cf0d9 MC |
413 | |
414 | if (isize != NULL) { | |
415 | if (size <= UINT_MAX) { | |
416 | *isize = (int)size; | |
417 | } else { | |
418 | EVPerr(EVP_F_EVP_DIGESTFINAL_EX, EVP_R_FINAL_ERROR); | |
419 | ret = 0; | |
420 | } | |
421 | } | |
422 | ||
8c8cf0d9 MC |
423 | return ret; |
424 | ||
425 | /* TODO(3.0): Remove legacy code below */ | |
426 | legacy: | |
0ad50b4d | 427 | OPENSSL_assert(mdsize <= EVP_MAX_MD_SIZE); |
0f113f3e | 428 | ret = ctx->digest->final(ctx, md); |
8c8cf0d9 | 429 | if (isize != NULL) |
0ad50b4d | 430 | *isize = mdsize; |
0f113f3e MC |
431 | if (ctx->digest->cleanup) { |
432 | ctx->digest->cleanup(ctx); | |
433 | EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); | |
434 | } | |
3ce2fdab | 435 | OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size); |
0f113f3e MC |
436 | return ret; |
437 | } | |
351d8998 | 438 | |
cd8d1456 AP |
439 | int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t size) |
440 | { | |
441 | int ret = 0; | |
d5e5e2ff SL |
442 | OSSL_PARAM params[2]; |
443 | size_t i = 0; | |
444 | ||
445 | if (ctx->digest == NULL || ctx->digest->prov == NULL) | |
446 | goto legacy; | |
cd8d1456 | 447 | |
d5e5e2ff SL |
448 | if (ctx->digest->dfinal == NULL) { |
449 | EVPerr(EVP_F_EVP_DIGESTFINALXOF, EVP_R_FINAL_ERROR); | |
450 | return 0; | |
451 | } | |
452 | ||
4e7991b4 | 453 | params[i++] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, &size); |
d5e5e2ff SL |
454 | params[i++] = OSSL_PARAM_construct_end(); |
455 | ||
456 | if (EVP_MD_CTX_set_params(ctx, params) > 0) | |
457 | ret = ctx->digest->dfinal(ctx->provctx, md, &size, size); | |
458 | EVP_MD_CTX_reset(ctx); | |
459 | return ret; | |
460 | ||
461 | legacy: | |
cd8d1456 AP |
462 | if (ctx->digest->flags & EVP_MD_FLAG_XOF |
463 | && size <= INT_MAX | |
464 | && ctx->digest->md_ctrl(ctx, EVP_MD_CTRL_XOF_LEN, (int)size, NULL)) { | |
465 | ret = ctx->digest->final(ctx, md); | |
cd8d1456 AP |
466 | if (ctx->digest->cleanup != NULL) { |
467 | ctx->digest->cleanup(ctx); | |
468 | EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); | |
469 | } | |
470 | OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size); | |
471 | } else { | |
472 | EVPerr(EVP_F_EVP_DIGESTFINALXOF, EVP_R_NOT_XOF_OR_INVALID_LENGTH); | |
473 | } | |
474 | ||
475 | return ret; | |
476 | } | |
477 | ||
dbad1690 | 478 | int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) |
0f113f3e | 479 | { |
959ed531 | 480 | EVP_MD_CTX_reset(out); |
0f113f3e MC |
481 | return EVP_MD_CTX_copy_ex(out, in); |
482 | } | |
20d2186c DSH |
483 | |
484 | int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) | |
0f113f3e MC |
485 | { |
486 | unsigned char *tmp_buf; | |
8c8cf0d9 MC |
487 | |
488 | if (in == NULL || in->digest == NULL) { | |
0f113f3e MC |
489 | EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_INPUT_NOT_INITIALIZED); |
490 | return 0; | |
491 | } | |
8c8cf0d9 | 492 | |
557d6737 MC |
493 | if (in->digest->prov == NULL |
494 | || (in->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) | |
8c8cf0d9 MC |
495 | goto legacy; |
496 | ||
497 | if (in->digest->dupctx == NULL) { | |
498 | EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_NOT_ABLE_TO_COPY_CTX); | |
499 | return 0; | |
500 | } | |
501 | ||
502 | EVP_MD_CTX_reset(out); | |
503 | if (out->fetched_digest != NULL) | |
3fd70262 | 504 | EVP_MD_free(out->fetched_digest); |
8c8cf0d9 MC |
505 | *out = *in; |
506 | /* NULL out pointers in case of error */ | |
507 | out->pctx = NULL; | |
508 | out->provctx = NULL; | |
509 | ||
510 | if (in->fetched_digest != NULL) | |
70c35fd1 | 511 | EVP_MD_up_ref(in->fetched_digest); |
8c8cf0d9 | 512 | |
ada0670b MC |
513 | if (in->provctx != NULL) { |
514 | out->provctx = in->digest->dupctx(in->provctx); | |
515 | if (out->provctx == NULL) { | |
516 | EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_NOT_ABLE_TO_COPY_CTX); | |
517 | return 0; | |
518 | } | |
8c8cf0d9 MC |
519 | } |
520 | ||
521 | /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */ | |
522 | EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); | |
f844f9eb | 523 | #ifndef FIPS_MODULE |
319e518a | 524 | /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */ |
8c8cf0d9 MC |
525 | if (in->pctx != NULL) { |
526 | out->pctx = EVP_PKEY_CTX_dup(in->pctx); | |
527 | if (out->pctx == NULL) { | |
528 | EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_NOT_ABLE_TO_COPY_CTX); | |
529 | EVP_MD_CTX_reset(out); | |
530 | return 0; | |
531 | } | |
532 | } | |
319e518a | 533 | #endif |
8c8cf0d9 MC |
534 | |
535 | return 1; | |
536 | ||
537 | /* TODO(3.0): Remove legacy code below */ | |
538 | legacy: | |
f844f9eb | 539 | #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) |
0f113f3e MC |
540 | /* Make sure it's safe to copy a digest context using an ENGINE */ |
541 | if (in->engine && !ENGINE_init(in->engine)) { | |
542 | EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_ENGINE_LIB); | |
543 | return 0; | |
544 | } | |
0b13e9f0 | 545 | #endif |
26188931 | 546 | |
0f113f3e MC |
547 | if (out->digest == in->digest) { |
548 | tmp_buf = out->md_data; | |
549 | EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE); | |
550 | } else | |
551 | tmp_buf = NULL; | |
959ed531 | 552 | EVP_MD_CTX_reset(out); |
b4faea50 | 553 | memcpy(out, in, sizeof(*out)); |
0f113f3e | 554 | |
4803717f PY |
555 | /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */ |
556 | EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); | |
557 | ||
6aa0ba4b RL |
558 | /* Null these variables, since they are getting fixed up |
559 | * properly below. Anything else may cause a memleak and/or | |
560 | * double free if any of the memory allocations below fail | |
561 | */ | |
562 | out->md_data = NULL; | |
563 | out->pctx = NULL; | |
564 | ||
0f113f3e MC |
565 | if (in->md_data && out->digest->ctx_size) { |
566 | if (tmp_buf) | |
567 | out->md_data = tmp_buf; | |
568 | else { | |
569 | out->md_data = OPENSSL_malloc(out->digest->ctx_size); | |
90945fa3 | 570 | if (out->md_data == NULL) { |
0f113f3e MC |
571 | EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_MALLOC_FAILURE); |
572 | return 0; | |
573 | } | |
574 | } | |
575 | memcpy(out->md_data, in->md_data, out->digest->ctx_size); | |
576 | } | |
26188931 | 577 | |
0f113f3e | 578 | out->update = in->update; |
d4575825 | 579 | |
f844f9eb | 580 | #ifndef FIPS_MODULE |
319e518a | 581 | /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */ |
0f113f3e MC |
582 | if (in->pctx) { |
583 | out->pctx = EVP_PKEY_CTX_dup(in->pctx); | |
584 | if (!out->pctx) { | |
959ed531 | 585 | EVP_MD_CTX_reset(out); |
0f113f3e MC |
586 | return 0; |
587 | } | |
588 | } | |
319e518a | 589 | #endif |
18327cd0 | 590 | |
0f113f3e MC |
591 | if (out->digest->copy) |
592 | return out->digest->copy(out, in); | |
3a828611 | 593 | |
0f113f3e MC |
594 | return 1; |
595 | } | |
88ce56f8 | 596 | |
9e0aad9f | 597 | int EVP_Digest(const void *data, size_t count, |
0f113f3e MC |
598 | unsigned char *md, unsigned int *size, const EVP_MD *type, |
599 | ENGINE *impl) | |
600 | { | |
bfb0641f | 601 | EVP_MD_CTX *ctx = EVP_MD_CTX_new(); |
0f113f3e | 602 | int ret; |
dbad1690 | 603 | |
74cabf3f RL |
604 | if (ctx == NULL) |
605 | return 0; | |
606 | EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT); | |
607 | ret = EVP_DigestInit_ex(ctx, type, impl) | |
608 | && EVP_DigestUpdate(ctx, data, count) | |
609 | && EVP_DigestFinal_ex(ctx, md, size); | |
bfb0641f | 610 | EVP_MD_CTX_free(ctx); |
dbad1690 | 611 | |
0f113f3e MC |
612 | return ret; |
613 | } | |
dbad1690 | 614 | |
ae3ff60e RL |
615 | int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[]) |
616 | { | |
617 | if (digest != NULL && digest->get_params != NULL) | |
618 | return digest->get_params(params); | |
619 | return 0; | |
620 | } | |
621 | ||
622 | const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest) | |
623 | { | |
624 | if (digest != NULL && digest->gettable_params != NULL) | |
18ec26ba P |
625 | return digest->gettable_params( |
626 | ossl_provider_ctx(EVP_MD_provider(digest))); | |
ae3ff60e RL |
627 | return NULL; |
628 | } | |
629 | ||
d5e5e2ff SL |
630 | int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]) |
631 | { | |
5f5c3b4f MC |
632 | EVP_PKEY_CTX *pctx = ctx->pctx; |
633 | ||
ada0670b | 634 | /* If we have a pctx then we should try that first */ |
5f5c3b4f MC |
635 | if (pctx != NULL |
636 | && (pctx->operation == EVP_PKEY_OP_VERIFYCTX | |
637 | || pctx->operation == EVP_PKEY_OP_SIGNCTX) | |
638 | && pctx->op.sig.sigprovctx != NULL | |
639 | && pctx->op.sig.signature->set_ctx_md_params != NULL) | |
640 | return pctx->op.sig.signature->set_ctx_md_params(pctx->op.sig.sigprovctx, | |
641 | params); | |
ada0670b MC |
642 | |
643 | if (ctx->digest != NULL && ctx->digest->set_ctx_params != NULL) | |
644 | return ctx->digest->set_ctx_params(ctx->provctx, params); | |
645 | ||
d5e5e2ff SL |
646 | return 0; |
647 | } | |
648 | ||
e6879a31 | 649 | const OSSL_PARAM *EVP_MD_settable_ctx_params(const EVP_MD *md) |
ae3ff60e | 650 | { |
e6879a31 | 651 | if (md != NULL && md->settable_ctx_params != NULL) |
18ec26ba | 652 | return md->settable_ctx_params(ossl_provider_ctx(EVP_MD_provider(md))); |
e6879a31 MC |
653 | return NULL; |
654 | } | |
655 | ||
656 | const OSSL_PARAM *EVP_MD_CTX_settable_params(EVP_MD_CTX *ctx) | |
657 | { | |
5f5c3b4f MC |
658 | EVP_PKEY_CTX *pctx; |
659 | ||
18ec26ba P |
660 | if (ctx == NULL) |
661 | return NULL; | |
662 | ||
ada0670b | 663 | /* If we have a pctx then we should try that first */ |
5f5c3b4f MC |
664 | pctx = ctx->pctx; |
665 | if (pctx != NULL | |
666 | && (pctx->operation == EVP_PKEY_OP_VERIFYCTX | |
667 | || pctx->operation == EVP_PKEY_OP_SIGNCTX) | |
668 | && pctx->op.sig.sigprovctx != NULL | |
669 | && pctx->op.sig.signature->settable_ctx_md_params != NULL) | |
670 | return pctx->op.sig.signature->settable_ctx_md_params( | |
671 | pctx->op.sig.sigprovctx); | |
672 | ||
ada0670b MC |
673 | if (ctx->digest != NULL && ctx->digest->settable_ctx_params != NULL) |
674 | return ctx->digest->settable_ctx_params( | |
675 | ossl_provider_ctx(EVP_MD_provider(ctx->digest))); | |
676 | ||
ae3ff60e RL |
677 | return NULL; |
678 | } | |
679 | ||
4e7991b4 | 680 | int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[]) |
d5e5e2ff | 681 | { |
5f5c3b4f MC |
682 | EVP_PKEY_CTX *pctx = ctx->pctx; |
683 | ||
ada0670b | 684 | /* If we have a pctx then we should try that first */ |
5f5c3b4f MC |
685 | if (pctx != NULL |
686 | && (pctx->operation == EVP_PKEY_OP_VERIFYCTX | |
687 | || pctx->operation == EVP_PKEY_OP_SIGNCTX) | |
688 | && pctx->op.sig.sigprovctx != NULL | |
689 | && pctx->op.sig.signature->get_ctx_md_params != NULL) | |
690 | return pctx->op.sig.signature->get_ctx_md_params(pctx->op.sig.sigprovctx, | |
691 | params); | |
692 | ||
ada0670b MC |
693 | if (ctx->digest != NULL && ctx->digest->get_params != NULL) |
694 | return ctx->digest->get_ctx_params(ctx->provctx, params); | |
695 | ||
d5e5e2ff SL |
696 | return 0; |
697 | } | |
698 | ||
e6879a31 | 699 | const OSSL_PARAM *EVP_MD_gettable_ctx_params(const EVP_MD *md) |
ae3ff60e | 700 | { |
e6879a31 | 701 | if (md != NULL && md->gettable_ctx_params != NULL) |
18ec26ba | 702 | return md->gettable_ctx_params(ossl_provider_ctx(EVP_MD_provider(md))); |
e6879a31 MC |
703 | return NULL; |
704 | } | |
705 | ||
706 | const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx) | |
707 | { | |
5f5c3b4f MC |
708 | EVP_PKEY_CTX *pctx; |
709 | ||
825ccf51 SL |
710 | if (ctx == NULL) |
711 | return NULL; | |
712 | ||
ada0670b | 713 | /* If we have a pctx then we should try that first */ |
5f5c3b4f MC |
714 | pctx = ctx->pctx; |
715 | if (pctx != NULL | |
716 | && (pctx->operation == EVP_PKEY_OP_VERIFYCTX | |
717 | || pctx->operation == EVP_PKEY_OP_SIGNCTX) | |
718 | && pctx->op.sig.sigprovctx != NULL | |
719 | && pctx->op.sig.signature->gettable_ctx_md_params != NULL) | |
720 | return pctx->op.sig.signature->gettable_ctx_md_params( | |
721 | pctx->op.sig.sigprovctx); | |
722 | ||
ada0670b MC |
723 | if (ctx->digest != NULL |
724 | && ctx->digest->gettable_ctx_params != NULL) | |
725 | return ctx->digest->gettable_ctx_params( | |
726 | ossl_provider_ctx(EVP_MD_provider(ctx->digest))); | |
727 | ||
ae3ff60e RL |
728 | return NULL; |
729 | } | |
730 | ||
83b4a243 | 731 | /* TODO(3.0): Remove legacy code below - only used by engines & DigestSign */ |
396d5fd0 DSH |
732 | int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) |
733 | { | |
6a3b7c68 RL |
734 | int ret = EVP_CTRL_RET_UNSUPPORTED; |
735 | int set_params = 1; | |
736 | size_t sz; | |
737 | OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; | |
738 | ||
a2b62316 MC |
739 | if (ctx == NULL) { |
740 | ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); | |
6a3b7c68 RL |
741 | return 0; |
742 | } | |
743 | ||
a2b62316 | 744 | if (ctx->digest != NULL && ctx->digest->prov == NULL) |
6a3b7c68 RL |
745 | goto legacy; |
746 | ||
747 | switch (cmd) { | |
748 | case EVP_MD_CTRL_XOF_LEN: | |
749 | sz = (size_t)p1; | |
750 | params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, &sz); | |
751 | break; | |
752 | case EVP_MD_CTRL_MICALG: | |
753 | set_params = 0; | |
754 | params[0] = OSSL_PARAM_construct_utf8_string(OSSL_DIGEST_PARAM_MICALG, | |
4e7991b4 | 755 | p2, p1 ? p1 : 9999); |
6a3b7c68 | 756 | break; |
c3885102 MC |
757 | case EVP_CTRL_SSL3_MASTER_SECRET: |
758 | params[0] = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS, | |
759 | p2, p1); | |
760 | break; | |
6a3b7c68 | 761 | default: |
6a36f209 | 762 | goto conclude; |
396d5fd0 | 763 | } |
6a3b7c68 RL |
764 | |
765 | if (set_params) | |
5f5c3b4f | 766 | ret = EVP_MD_CTX_set_params(ctx, params); |
6a3b7c68 | 767 | else |
5f5c3b4f | 768 | ret = EVP_MD_CTX_get_params(ctx, params); |
552be00d | 769 | goto conclude; |
6a3b7c68 RL |
770 | |
771 | ||
772 | /* TODO(3.0): Remove legacy code below */ | |
773 | legacy: | |
774 | if (ctx->digest->md_ctrl == NULL) { | |
775 | ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_NOT_IMPLEMENTED); | |
776 | return 0; | |
777 | } | |
778 | ||
779 | ret = ctx->digest->md_ctrl(ctx, cmd, p1, p2); | |
552be00d | 780 | conclude: |
6a3b7c68 RL |
781 | if (ret <= 0) |
782 | return 0; | |
783 | return ret; | |
396d5fd0 | 784 | } |
3653d0c2 | 785 | |
3fd70262 RL |
786 | EVP_MD *evp_md_new(void) |
787 | { | |
788 | EVP_MD *md = OPENSSL_zalloc(sizeof(*md)); | |
789 | ||
790 | if (md != NULL) { | |
791 | md->lock = CRYPTO_THREAD_lock_new(); | |
792 | if (md->lock == NULL) { | |
793 | OPENSSL_free(md); | |
794 | return NULL; | |
795 | } | |
796 | md->refcnt = 1; | |
797 | } | |
798 | return md; | |
799 | } | |
800 | ||
32040838 RL |
801 | /* |
802 | * FIPS module note: since internal fetches will be entirely | |
803 | * provider based, we know that none of its code depends on legacy | |
804 | * NIDs or any functionality that use them. | |
805 | */ | |
f844f9eb | 806 | #ifndef FIPS_MODULE |
32040838 RL |
807 | /* TODO(3.x) get rid of the need for legacy NIDs */ |
808 | static void set_legacy_nid(const char *name, void *vlegacy_nid) | |
809 | { | |
810 | int nid; | |
811 | int *legacy_nid = vlegacy_nid; | |
6a835fcf RL |
812 | /* |
813 | * We use lowest level function to get the associated method, because | |
814 | * higher level functions such as EVP_get_digestbyname() have changed | |
815 | * to look at providers too. | |
816 | */ | |
817 | const void *legacy_method = OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH); | |
32040838 RL |
818 | |
819 | if (*legacy_nid == -1) /* We found a clash already */ | |
820 | return; | |
6a835fcf RL |
821 | |
822 | if (legacy_method == NULL) | |
32040838 | 823 | return; |
6a835fcf | 824 | nid = EVP_MD_nid(legacy_method); |
32040838 RL |
825 | if (*legacy_nid != NID_undef && *legacy_nid != nid) { |
826 | *legacy_nid = -1; | |
827 | return; | |
828 | } | |
829 | *legacy_nid = nid; | |
830 | } | |
831 | #endif | |
832 | ||
f7c16d48 RL |
833 | static void *evp_md_from_dispatch(int name_id, |
834 | const OSSL_DISPATCH *fns, | |
0ddf74bf | 835 | OSSL_PROVIDER *prov) |
3653d0c2 MC |
836 | { |
837 | EVP_MD *md = NULL; | |
8c8cf0d9 | 838 | int fncnt = 0; |
3653d0c2 | 839 | |
0211740f | 840 | /* EVP_MD_fetch() will set the legacy NID if available */ |
f7c16d48 | 841 | if ((md = evp_md_new()) == NULL) { |
6b9e3724 | 842 | EVPerr(0, ERR_R_MALLOC_FAILURE); |
3653d0c2 | 843 | return NULL; |
6b9e3724 | 844 | } |
3653d0c2 | 845 | |
f844f9eb | 846 | #ifndef FIPS_MODULE |
32040838 RL |
847 | /* TODO(3.x) get rid of the need for legacy NIDs */ |
848 | md->type = NID_undef; | |
f651c727 | 849 | evp_names_do_all(prov, name_id, set_legacy_nid, &md->type); |
32040838 RL |
850 | if (md->type == -1) { |
851 | ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); | |
852 | EVP_MD_free(md); | |
853 | return NULL; | |
f7c16d48 | 854 | } |
ed71e917 MC |
855 | #endif |
856 | ||
32040838 RL |
857 | md->name_id = name_id; |
858 | ||
3653d0c2 | 859 | for (; fns->function_id != 0; fns++) { |
3653d0c2 MC |
860 | switch (fns->function_id) { |
861 | case OSSL_FUNC_DIGEST_NEWCTX: | |
d5e5e2ff | 862 | if (md->newctx == NULL) { |
363b1e5d | 863 | md->newctx = OSSL_FUNC_digest_newctx(fns); |
d5e5e2ff SL |
864 | fncnt++; |
865 | } | |
3653d0c2 MC |
866 | break; |
867 | case OSSL_FUNC_DIGEST_INIT: | |
d5e5e2ff | 868 | if (md->dinit == NULL) { |
363b1e5d | 869 | md->dinit = OSSL_FUNC_digest_init(fns); |
d5e5e2ff SL |
870 | fncnt++; |
871 | } | |
3653d0c2 | 872 | break; |
df05f2ce | 873 | case OSSL_FUNC_DIGEST_UPDATE: |
d5e5e2ff | 874 | if (md->dupdate == NULL) { |
363b1e5d | 875 | md->dupdate = OSSL_FUNC_digest_update(fns); |
d5e5e2ff SL |
876 | fncnt++; |
877 | } | |
3653d0c2 MC |
878 | break; |
879 | case OSSL_FUNC_DIGEST_FINAL: | |
d5e5e2ff | 880 | if (md->dfinal == NULL) { |
363b1e5d | 881 | md->dfinal = OSSL_FUNC_digest_final(fns); |
d5e5e2ff SL |
882 | fncnt++; |
883 | } | |
3653d0c2 MC |
884 | break; |
885 | case OSSL_FUNC_DIGEST_DIGEST: | |
d5e5e2ff | 886 | if (md->digest == NULL) |
363b1e5d | 887 | md->digest = OSSL_FUNC_digest_digest(fns); |
3653d0c2 MC |
888 | /* We don't increment fnct for this as it is stand alone */ |
889 | break; | |
3653d0c2 | 890 | case OSSL_FUNC_DIGEST_FREECTX: |
d5e5e2ff | 891 | if (md->freectx == NULL) { |
363b1e5d | 892 | md->freectx = OSSL_FUNC_digest_freectx(fns); |
d5e5e2ff SL |
893 | fncnt++; |
894 | } | |
3653d0c2 | 895 | break; |
8c8cf0d9 | 896 | case OSSL_FUNC_DIGEST_DUPCTX: |
d5e5e2ff | 897 | if (md->dupctx == NULL) |
363b1e5d | 898 | md->dupctx = OSSL_FUNC_digest_dupctx(fns); |
8c8cf0d9 | 899 | break; |
d5e5e2ff SL |
900 | case OSSL_FUNC_DIGEST_GET_PARAMS: |
901 | if (md->get_params == NULL) | |
363b1e5d | 902 | md->get_params = OSSL_FUNC_digest_get_params(fns); |
7556b9df | 903 | break; |
92d9d0ae RL |
904 | case OSSL_FUNC_DIGEST_SET_CTX_PARAMS: |
905 | if (md->set_ctx_params == NULL) | |
363b1e5d | 906 | md->set_ctx_params = OSSL_FUNC_digest_set_ctx_params(fns); |
6a3b7c68 | 907 | break; |
92d9d0ae RL |
908 | case OSSL_FUNC_DIGEST_GET_CTX_PARAMS: |
909 | if (md->get_ctx_params == NULL) | |
363b1e5d | 910 | md->get_ctx_params = OSSL_FUNC_digest_get_ctx_params(fns); |
6a3b7c68 | 911 | break; |
ae3ff60e RL |
912 | case OSSL_FUNC_DIGEST_GETTABLE_PARAMS: |
913 | if (md->gettable_params == NULL) | |
363b1e5d | 914 | md->gettable_params = OSSL_FUNC_digest_gettable_params(fns); |
ae3ff60e RL |
915 | break; |
916 | case OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS: | |
917 | if (md->settable_ctx_params == NULL) | |
918 | md->settable_ctx_params = | |
363b1e5d | 919 | OSSL_FUNC_digest_settable_ctx_params(fns); |
ae3ff60e RL |
920 | break; |
921 | case OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS: | |
922 | if (md->gettable_ctx_params == NULL) | |
923 | md->gettable_ctx_params = | |
363b1e5d | 924 | OSSL_FUNC_digest_gettable_ctx_params(fns); |
ae3ff60e | 925 | break; |
3653d0c2 | 926 | } |
8c8cf0d9 MC |
927 | } |
928 | if ((fncnt != 0 && fncnt != 5) | |
6a3b7c68 | 929 | || (fncnt == 0 && md->digest == NULL)) { |
8c8cf0d9 MC |
930 | /* |
931 | * In order to be a consistent set of functions we either need the | |
932 | * whole set of init/update/final etc functions or none of them. | |
933 | * The "digest" function can standalone. We at least need one way to | |
934 | * generate digests. | |
935 | */ | |
3fd70262 | 936 | EVP_MD_free(md); |
6a3b7c68 | 937 | ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS); |
8c8cf0d9 | 938 | return NULL; |
3653d0c2 MC |
939 | } |
940 | md->prov = prov; | |
941 | if (prov != NULL) | |
7c95390e | 942 | ossl_provider_up_ref(prov); |
3653d0c2 MC |
943 | |
944 | return md; | |
945 | } | |
946 | ||
70c35fd1 | 947 | static int evp_md_up_ref(void *md) |
3653d0c2 | 948 | { |
70c35fd1 | 949 | return EVP_MD_up_ref(md); |
3653d0c2 MC |
950 | } |
951 | ||
952 | static void evp_md_free(void *md) | |
953 | { | |
3fd70262 | 954 | EVP_MD_free(md); |
3653d0c2 MC |
955 | } |
956 | ||
b4250010 | 957 | EVP_MD *EVP_MD_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, |
3653d0c2 MC |
958 | const char *properties) |
959 | { | |
0211740f RL |
960 | EVP_MD *md = |
961 | evp_generic_fetch(ctx, OSSL_OP_DIGEST, algorithm, properties, | |
0ddf74bf | 962 | evp_md_from_dispatch, evp_md_up_ref, evp_md_free); |
0211740f | 963 | |
0211740f | 964 | return md; |
3653d0c2 | 965 | } |
c540f00f | 966 | |
3fd70262 RL |
967 | int EVP_MD_up_ref(EVP_MD *md) |
968 | { | |
969 | int ref = 0; | |
970 | ||
971 | CRYPTO_UP_REF(&md->refcnt, &ref, md->lock); | |
972 | return 1; | |
973 | } | |
974 | ||
975 | void EVP_MD_free(EVP_MD *md) | |
976 | { | |
977 | int i; | |
978 | ||
979 | if (md == NULL) | |
980 | return; | |
981 | ||
982 | CRYPTO_DOWN_REF(&md->refcnt, &i, md->lock); | |
983 | if (i > 0) | |
984 | return; | |
985 | ossl_provider_free(md->prov); | |
3fd70262 RL |
986 | CRYPTO_THREAD_lock_free(md->lock); |
987 | OPENSSL_free(md); | |
988 | } | |
989 | ||
b4250010 | 990 | void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx, |
251e610c RL |
991 | void (*fn)(EVP_MD *mac, void *arg), |
992 | void *arg) | |
c540f00f RL |
993 | { |
994 | evp_generic_do_all(libctx, OSSL_OP_DIGEST, | |
995 | (void (*)(void *, void *))fn, arg, | |
0ddf74bf | 996 | evp_md_from_dispatch, evp_md_free); |
c540f00f | 997 | } |