]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/evp/digest.c
projects / thirdparty / openssl.git / blob
? search:


a177abdb67f1f47f8d24e7c69e0596ebbbd2f4d3
[thirdparty/openssl.git] / crypto / evp / digest.c
1 /*
2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some engine deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <openssl/objects.h>
15 #include <openssl/evp.h>
16 #include <openssl/ec.h>
17 #include <openssl/engine.h>
18 #include <openssl/params.h>
19 #include <openssl/core_names.h>
20 #include "internal/cryptlib.h"
21 #include "crypto/evp.h"
22 #include "internal/provider.h"
23 #include "evp_local.h"
24
25
26 void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force)
27 {
28 EVP_MD_free(ctx->fetched_digest);
29 ctx->fetched_digest = NULL;
30 ctx->reqdigest = NULL;
31
32 if (ctx->provctx != NULL) {
33 if (ctx->digest->freectx != NULL)
34 ctx->digest->freectx(ctx->provctx);
35 ctx->provctx = NULL;
36 EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
37 }
38
39 /* TODO(3.0): Remove legacy code below */
40
41 /*
42 * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because
43 * sometimes only copies of the context are ever finalised.
44 */
45 if (ctx->digest && ctx->digest->cleanup
46 && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))
47 ctx->digest->cleanup(ctx);
48 if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
49 && (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE) || force))
50 OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
51 if (force)
52 ctx->digest = NULL;
53
54 #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
55 ENGINE_finish(ctx->engine);
56 ctx->engine = NULL;
57 #endif
58 }
59
60 /* This call frees resources associated with the context */
61 int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
62 {
63 if (ctx == NULL)
64 return 1;
65
66 #ifndef FIPS_MODULE
67 /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */
68 /*
69 * pctx should be freed by the user of EVP_MD_CTX
70 * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set
71 */
72 if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) {
73 EVP_PKEY_CTX_free(ctx->pctx);
74 ctx->pctx = NULL;
75 }
76 #endif
77
78 evp_md_ctx_clear_digest(ctx, 0);
79 OPENSSL_cleanse(ctx, sizeof(*ctx));
80
81 return 1;
82 }
83
84 #ifndef FIPS_MODULE
85 EVP_MD_CTX *evp_md_ctx_new_with_libctx(EVP_PKEY *pkey,
86 const ASN1_OCTET_STRING *id,
87 OPENSSL_CTX *libctx, const char *propq)
88 {
89 EVP_MD_CTX *ctx;
90 EVP_PKEY_CTX *pctx = NULL;
91
92 if ((ctx = EVP_MD_CTX_new()) == NULL
93 || (pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq)) == NULL) {
94 ASN1err(0, ERR_R_MALLOC_FAILURE);
95 goto err;
96 }
97
98 # ifndef OPENSSL_NO_EC
99 if (id != NULL && EVP_PKEY_CTX_set1_id(pctx, id->data, id->length) <= 0) {
100 ASN1err(0, ERR_R_MALLOC_FAILURE);
101 goto err;
102 }
103 # endif
104
105 EVP_MD_CTX_set_pkey_ctx(ctx, pctx);
106 return ctx;
107
108 err:
109 EVP_PKEY_CTX_free(pctx);
110 EVP_MD_CTX_free(ctx);
111 return NULL;
112 }
113 #endif
114
115 EVP_MD_CTX *EVP_MD_CTX_new(void)
116 {
117 return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
118 }
119
120 void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
121 {
122 if (ctx == NULL)
123 return;
124
125 EVP_MD_CTX_reset(ctx);
126
127 OPENSSL_free(ctx);
128 return;
129 }
130
131 int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
132 {
133 EVP_MD_CTX_reset(ctx);
134 return EVP_DigestInit_ex(ctx, type, NULL);
135 }
136
137 int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
138 {
139 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
140 ENGINE *tmpimpl = NULL;
141 #endif
142
143 EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
144
145 if (ctx->provctx != NULL) {
146 if (!ossl_assert(ctx->digest != NULL)) {
147 EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
148 return 0;
149 }
150 if (ctx->digest->freectx != NULL)
151 ctx->digest->freectx(ctx->provctx);
152 ctx->provctx = NULL;
153 }
154
155 if (type != NULL)
156 ctx->reqdigest = type;
157
158 /* TODO(3.0): Legacy work around code below. Remove this */
159 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
160 /*
161 * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
162 * this context may already have an ENGINE! Try to avoid releasing the
163 * previous handle, re-querying for an ENGINE, and having a
164 * reinitialisation, when it may all be unnecessary.
165 */
166 if (ctx->engine && ctx->digest &&
167 (type == NULL || (type->type == ctx->digest->type)))
168 goto skip_to_init;
169
170 if (type != NULL) {
171 /*
172 * Ensure an ENGINE left lying around from last time is cleared (the
173 * previous check attempted to avoid this if the same ENGINE and
174 * EVP_MD could be used).
175 */
176 ENGINE_finish(ctx->engine);
177 ctx->engine = NULL;
178 }
179
180 if (type != NULL && impl == NULL)
181 tmpimpl = ENGINE_get_digest_engine(type->type);
182 #endif
183
184 /*
185 * If there are engines involved or EVP_MD_CTX_FLAG_NO_INIT is set then we
186 * should use legacy handling for now.
187 */
188 if (ctx->engine != NULL
189 || impl != NULL
190 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
191 || tmpimpl != NULL
192 #endif
193 || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) {
194 if (ctx->digest == ctx->fetched_digest)
195 ctx->digest = NULL;
196 EVP_MD_free(ctx->fetched_digest);
197 ctx->fetched_digest = NULL;
198 goto legacy;
199 }
200
201 if (ctx->digest != NULL && ctx->digest->ctx_size > 0) {
202 OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
203 ctx->md_data = NULL;
204 }
205
206 /* TODO(3.0): Start of non-legacy code below */
207
208 if (type->prov == NULL) {
209 #ifdef FIPS_MODULE
210 /* We only do explicit fetches inside the FIPS module */
211 EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
212 return 0;
213 #else
214 EVP_MD *provmd = EVP_MD_fetch(NULL, OBJ_nid2sn(type->type), "");
215
216 if (provmd == NULL)
217 return 0;
218 type = provmd;
219 EVP_MD_free(ctx->fetched_digest);
220 ctx->fetched_digest = provmd;
221 #endif
222 }
223
224 if (ctx->provctx != NULL && ctx->digest != NULL && ctx->digest != type) {
225 if (ctx->digest->freectx != NULL)
226 ctx->digest->freectx(ctx->provctx);
227 ctx->provctx = NULL;
228 }
229 ctx->digest = type;
230 if (ctx->provctx == NULL) {
231 ctx->provctx = ctx->digest->newctx(ossl_provider_ctx(type->prov));
232 if (ctx->provctx == NULL) {
233 EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
234 return 0;
235 }
236 }
237
238 if (ctx->digest->dinit == NULL) {
239 EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
240 return 0;
241 }
242
243 return ctx->digest->dinit(ctx->provctx);
244
245 /* TODO(3.0): Remove legacy code below */
246 legacy:
247
248 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
249 if (type) {
250 if (impl != NULL) {
251 if (!ENGINE_init(impl)) {
252 EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
253 return 0;
254 }
255 } else {
256 /* Ask if an ENGINE is reserved for this job */
257 impl = tmpimpl;
258 }
259 if (impl != NULL) {
260 /* There's an ENGINE for this job ... (apparently) */
261 const EVP_MD *d = ENGINE_get_digest(impl, type->type);
262
263 if (d == NULL) {
264 EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
265 ENGINE_finish(impl);
266 return 0;
267 }
268 /* We'll use the ENGINE's private digest definition */
269 type = d;
270 /*
271 * Store the ENGINE functional reference so we know 'type' came
272 * from an ENGINE and we need to release it when done.
273 */
274 ctx->engine = impl;
275 } else
276 ctx->engine = NULL;
277 } else {
278 if (!ctx->digest) {
279 EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_NO_DIGEST_SET);
280 return 0;
281 }
282 type = ctx->digest;
283 }
284 #endif
285 if (ctx->digest != type) {
286 if (ctx->digest && ctx->digest->ctx_size) {
287 OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
288 ctx->md_data = NULL;
289 }
290 ctx->digest = type;
291 if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
292 ctx->update = type->update;
293 ctx->md_data = OPENSSL_zalloc(type->ctx_size);
294 if (ctx->md_data == NULL) {
295 EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE);
296 return 0;
297 }
298 }
299 }
300 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
301 skip_to_init:
302 #endif
303 #ifndef FIPS_MODULE
304 /*
305 * TODO(3.0): Temporarily no support for EVP_DigestSign* inside FIPS module
306 * or when using providers.
307 */
308 if (ctx->pctx != NULL
309 && (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx)
310 || ctx->pctx->op.sig.signature == NULL)) {
311 int r;
312 r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG,
313 EVP_PKEY_CTRL_DIGESTINIT, 0, ctx);
314 if (r <= 0 && (r != -2))
315 return 0;
316 }
317 #endif
318 if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
319 return 1;
320 return ctx->digest->init(ctx);
321 }
322
323 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
324 {
325 if (count == 0)
326 return 1;
327
328 if (ctx->pctx != NULL
329 && EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx)
330 && ctx->pctx->op.sig.sigprovctx != NULL) {
331 /*
332 * Prior to OpenSSL 3.0 EVP_DigestSignUpdate() and
333 * EVP_DigestVerifyUpdate() were just macros for EVP_DigestUpdate().
334 * Some code calls EVP_DigestUpdate() directly even when initialised
335 * with EVP_DigestSignInit_with_libctx() or
336 * EVP_DigestVerifyInit_with_libctx(), so we detect that and redirect to
337 * the correct EVP_Digest*Update() function
338 */
339 if (ctx->pctx->operation == EVP_PKEY_OP_SIGNCTX)
340 return EVP_DigestSignUpdate(ctx, data, count);
341 if (ctx->pctx->operation == EVP_PKEY_OP_VERIFYCTX)
342 return EVP_DigestVerifyUpdate(ctx, data, count);
343 EVPerr(EVP_F_EVP_DIGESTUPDATE, EVP_R_UPDATE_ERROR);
344 return 0;
345 }
346
347 if (ctx->digest == NULL
348 || ctx->digest->prov == NULL
349 || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0)
350 goto legacy;
351
352 if (ctx->digest->dupdate == NULL) {
353 EVPerr(EVP_F_EVP_DIGESTUPDATE, EVP_R_UPDATE_ERROR);
354 return 0;
355 }
356 return ctx->digest->dupdate(ctx->provctx, data, count);
357
358 /* TODO(3.0): Remove legacy code below */
359 legacy:
360 return ctx->update(ctx, data, count);
361 }
362
363 /* The caller can assume that this removes any secret data from the context */
364 int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
365 {
366 int ret;
367 ret = EVP_DigestFinal_ex(ctx, md, size);
368 EVP_MD_CTX_reset(ctx);
369 return ret;
370 }
371
372 /* The caller can assume that this removes any secret data from the context */
373 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize)
374 {
375 int ret, sz;
376 size_t size = 0;
377 size_t mdsize = 0;
378
379 if (ctx->digest == NULL)
380 return 0;
381
382 sz = EVP_MD_size(ctx->digest);
383 if (sz < 0)
384 return 0;
385 mdsize = sz;
386 if (ctx->digest->prov == NULL)
387 goto legacy;
388
389 if (ctx->digest->dfinal == NULL) {
390 EVPerr(EVP_F_EVP_DIGESTFINAL_EX, EVP_R_FINAL_ERROR);
391 return 0;
392 }
393
394 ret = ctx->digest->dfinal(ctx->provctx, md, &size, mdsize);
395
396 if (isize != NULL) {
397 if (size <= UINT_MAX) {
398 *isize = (int)size;
399 } else {
400 EVPerr(EVP_F_EVP_DIGESTFINAL_EX, EVP_R_FINAL_ERROR);
401 ret = 0;
402 }
403 }
404
405 return ret;
406
407 /* TODO(3.0): Remove legacy code below */
408 legacy:
409 OPENSSL_assert(mdsize <= EVP_MAX_MD_SIZE);
410 ret = ctx->digest->final(ctx, md);
411 if (isize != NULL)
412 *isize = mdsize;
413 if (ctx->digest->cleanup) {
414 ctx->digest->cleanup(ctx);
415 EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
416 }
417 OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
418 return ret;
419 }
420
421 int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t size)
422 {
423 int ret = 0;
424 OSSL_PARAM params[2];
425 size_t i = 0;
426
427 if (ctx->digest == NULL || ctx->digest->prov == NULL)
428 goto legacy;
429
430 if (ctx->digest->dfinal == NULL) {
431 EVPerr(EVP_F_EVP_DIGESTFINALXOF, EVP_R_FINAL_ERROR);
432 return 0;
433 }
434
435 params[i++] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, &size);
436 params[i++] = OSSL_PARAM_construct_end();
437
438 if (EVP_MD_CTX_set_params(ctx, params) > 0)
439 ret = ctx->digest->dfinal(ctx->provctx, md, &size, size);
440 EVP_MD_CTX_reset(ctx);
441 return ret;
442
443 legacy:
444 if (ctx->digest->flags & EVP_MD_FLAG_XOF
445 && size <= INT_MAX
446 && ctx->digest->md_ctrl(ctx, EVP_MD_CTRL_XOF_LEN, (int)size, NULL)) {
447 ret = ctx->digest->final(ctx, md);
448 if (ctx->digest->cleanup != NULL) {
449 ctx->digest->cleanup(ctx);
450 EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
451 }
452 OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
453 } else {
454 EVPerr(EVP_F_EVP_DIGESTFINALXOF, EVP_R_NOT_XOF_OR_INVALID_LENGTH);
455 }
456
457 return ret;
458 }
459
460 int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
461 {
462 EVP_MD_CTX_reset(out);
463 return EVP_MD_CTX_copy_ex(out, in);
464 }
465
466 int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
467 {
468 unsigned char *tmp_buf;
469
470 if (in == NULL || in->digest == NULL) {
471 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_INPUT_NOT_INITIALIZED);
472 return 0;
473 }
474
475 if (in->digest->prov == NULL
476 || (in->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0)
477 goto legacy;
478
479 if (in->digest->dupctx == NULL) {
480 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_NOT_ABLE_TO_COPY_CTX);
481 return 0;
482 }
483
484 EVP_MD_CTX_reset(out);
485 if (out->fetched_digest != NULL)
486 EVP_MD_free(out->fetched_digest);
487 *out = *in;
488 /* NULL out pointers in case of error */
489 out->pctx = NULL;
490 out->provctx = NULL;
491
492 if (in->fetched_digest != NULL)
493 EVP_MD_up_ref(in->fetched_digest);
494
495 if (in->provctx != NULL) {
496 out->provctx = in->digest->dupctx(in->provctx);
497 if (out->provctx == NULL) {
498 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_NOT_ABLE_TO_COPY_CTX);
499 return 0;
500 }
501 }
502
503 /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */
504 EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
505 #ifndef FIPS_MODULE
506 /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */
507 if (in->pctx != NULL) {
508 out->pctx = EVP_PKEY_CTX_dup(in->pctx);
509 if (out->pctx == NULL) {
510 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_NOT_ABLE_TO_COPY_CTX);
511 EVP_MD_CTX_reset(out);
512 return 0;
513 }
514 }
515 #endif
516
517 return 1;
518
519 /* TODO(3.0): Remove legacy code below */
520 legacy:
521 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
522 /* Make sure it's safe to copy a digest context using an ENGINE */
523 if (in->engine && !ENGINE_init(in->engine)) {
524 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_ENGINE_LIB);
525 return 0;
526 }
527 #endif
528
529 if (out->digest == in->digest) {
530 tmp_buf = out->md_data;
531 EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE);
532 } else
533 tmp_buf = NULL;
534 EVP_MD_CTX_reset(out);
535 memcpy(out, in, sizeof(*out));
536
537 /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */
538 EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
539
540 /* Null these variables, since they are getting fixed up
541 * properly below. Anything else may cause a memleak and/or
542 * double free if any of the memory allocations below fail
543 */
544 out->md_data = NULL;
545 out->pctx = NULL;
546
547 if (in->md_data && out->digest->ctx_size) {
548 if (tmp_buf)
549 out->md_data = tmp_buf;
550 else {
551 out->md_data = OPENSSL_malloc(out->digest->ctx_size);
552 if (out->md_data == NULL) {
553 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_MALLOC_FAILURE);
554 return 0;
555 }
556 }
557 memcpy(out->md_data, in->md_data, out->digest->ctx_size);
558 }
559
560 out->update = in->update;
561
562 #ifndef FIPS_MODULE
563 /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */
564 if (in->pctx) {
565 out->pctx = EVP_PKEY_CTX_dup(in->pctx);
566 if (!out->pctx) {
567 EVP_MD_CTX_reset(out);
568 return 0;
569 }
570 }
571 #endif
572
573 if (out->digest->copy)
574 return out->digest->copy(out, in);
575
576 return 1;
577 }
578
579 int EVP_Digest(const void *data, size_t count,
580 unsigned char *md, unsigned int *size, const EVP_MD *type,
581 ENGINE *impl)
582 {
583 EVP_MD_CTX *ctx = EVP_MD_CTX_new();
584 int ret;
585
586 if (ctx == NULL)
587 return 0;
588 EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT);
589 ret = EVP_DigestInit_ex(ctx, type, impl)
590 && EVP_DigestUpdate(ctx, data, count)
591 && EVP_DigestFinal_ex(ctx, md, size);
592 EVP_MD_CTX_free(ctx);
593
594 return ret;
595 }
596
597 int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[])
598 {
599 if (digest != NULL && digest->get_params != NULL)
600 return digest->get_params(params);
601 return 0;
602 }
603
604 const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest)
605 {
606 if (digest != NULL && digest->gettable_params != NULL)
607 return digest->gettable_params(
608 ossl_provider_ctx(EVP_MD_provider(digest)));
609 return NULL;
610 }
611
612 int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[])
613 {
614 EVP_PKEY_CTX *pctx = ctx->pctx;
615
616 /* If we have a pctx then we should try that first */
617 if (pctx != NULL
618 && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
619 || pctx->operation == EVP_PKEY_OP_SIGNCTX)
620 && pctx->op.sig.sigprovctx != NULL
621 && pctx->op.sig.signature->set_ctx_md_params != NULL)
622 return pctx->op.sig.signature->set_ctx_md_params(pctx->op.sig.sigprovctx,
623 params);
624
625 if (ctx->digest != NULL && ctx->digest->set_ctx_params != NULL)
626 return ctx->digest->set_ctx_params(ctx->provctx, params);
627
628 return 0;
629 }
630
631 const OSSL_PARAM *EVP_MD_settable_ctx_params(const EVP_MD *md)
632 {
633 if (md != NULL && md->settable_ctx_params != NULL)
634 return md->settable_ctx_params(ossl_provider_ctx(EVP_MD_provider(md)));
635 return NULL;
636 }
637
638 const OSSL_PARAM *EVP_MD_CTX_settable_params(EVP_MD_CTX *ctx)
639 {
640 EVP_PKEY_CTX *pctx;
641
642 if (ctx == NULL)
643 return NULL;
644
645 /* If we have a pctx then we should try that first */
646 pctx = ctx->pctx;
647 if (pctx != NULL
648 && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
649 || pctx->operation == EVP_PKEY_OP_SIGNCTX)
650 && pctx->op.sig.sigprovctx != NULL
651 && pctx->op.sig.signature->settable_ctx_md_params != NULL)
652 return pctx->op.sig.signature->settable_ctx_md_params(
653 pctx->op.sig.sigprovctx);
654
655 if (ctx->digest != NULL && ctx->digest->settable_ctx_params != NULL)
656 return ctx->digest->settable_ctx_params(
657 ossl_provider_ctx(EVP_MD_provider(ctx->digest)));
658
659 return NULL;
660 }
661
662 int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[])
663 {
664 EVP_PKEY_CTX *pctx = ctx->pctx;
665
666 /* If we have a pctx then we should try that first */
667 if (pctx != NULL
668 && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
669 || pctx->operation == EVP_PKEY_OP_SIGNCTX)
670 && pctx->op.sig.sigprovctx != NULL
671 && pctx->op.sig.signature->get_ctx_md_params != NULL)
672 return pctx->op.sig.signature->get_ctx_md_params(pctx->op.sig.sigprovctx,
673 params);
674
675 if (ctx->digest != NULL && ctx->digest->get_params != NULL)
676 return ctx->digest->get_ctx_params(ctx->provctx, params);
677
678 return 0;
679 }
680
681 const OSSL_PARAM *EVP_MD_gettable_ctx_params(const EVP_MD *md)
682 {
683 if (md != NULL && md->gettable_ctx_params != NULL)
684 return md->gettable_ctx_params(ossl_provider_ctx(EVP_MD_provider(md)));
685 return NULL;
686 }
687
688 const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx)
689 {
690 EVP_PKEY_CTX *pctx;
691
692 if (ctx == NULL)
693 return NULL;
694
695 /* If we have a pctx then we should try that first */
696 pctx = ctx->pctx;
697 if (pctx != NULL
698 && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
699 || pctx->operation == EVP_PKEY_OP_SIGNCTX)
700 && pctx->op.sig.sigprovctx != NULL
701 && pctx->op.sig.signature->gettable_ctx_md_params != NULL)
702 return pctx->op.sig.signature->gettable_ctx_md_params(
703 pctx->op.sig.sigprovctx);
704
705 if (ctx->digest != NULL
706 && ctx->digest->gettable_ctx_params != NULL)
707 return ctx->digest->gettable_ctx_params(
708 ossl_provider_ctx(EVP_MD_provider(ctx->digest)));
709
710 return NULL;
711 }
712
713 /* TODO(3.0): Remove legacy code below - only used by engines & DigestSign */
714 int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
715 {
716 int ret = EVP_CTRL_RET_UNSUPPORTED;
717 int set_params = 1;
718 size_t sz;
719 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
720
721 if (ctx == NULL) {
722 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
723 return 0;
724 }
725
726 if (ctx->digest != NULL && ctx->digest->prov == NULL)
727 goto legacy;
728
729 switch (cmd) {
730 case EVP_MD_CTRL_XOF_LEN:
731 sz = (size_t)p1;
732 params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, &sz);
733 break;
734 case EVP_MD_CTRL_MICALG:
735 set_params = 0;
736 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_DIGEST_PARAM_MICALG,
737 p2, p1 ? p1 : 9999);
738 break;
739 case EVP_CTRL_SSL3_MASTER_SECRET:
740 params[0] = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
741 p2, p1);
742 break;
743 default:
744 goto conclude;
745 }
746
747 if (set_params)
748 ret = EVP_MD_CTX_set_params(ctx, params);
749 else
750 ret = EVP_MD_CTX_get_params(ctx, params);
751 goto conclude;
752
753
754 /* TODO(3.0): Remove legacy code below */
755 legacy:
756 if (ctx->digest->md_ctrl == NULL) {
757 ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_NOT_IMPLEMENTED);
758 return 0;
759 }
760
761 ret = ctx->digest->md_ctrl(ctx, cmd, p1, p2);
762 conclude:
763 if (ret <= 0)
764 return 0;
765 return ret;
766 }
767
768 EVP_MD *evp_md_new(void)
769 {
770 EVP_MD *md = OPENSSL_zalloc(sizeof(*md));
771
772 if (md != NULL) {
773 md->lock = CRYPTO_THREAD_lock_new();
774 if (md->lock == NULL) {
775 OPENSSL_free(md);
776 return NULL;
777 }
778 md->refcnt = 1;
779 }
780 return md;
781 }
782
783 /*
784 * FIPS module note: since internal fetches will be entirely
785 * provider based, we know that none of its code depends on legacy
786 * NIDs or any functionality that use them.
787 */
788 #ifndef FIPS_MODULE
789 /* TODO(3.x) get rid of the need for legacy NIDs */
790 static void set_legacy_nid(const char *name, void *vlegacy_nid)
791 {
792 int nid;
793 int *legacy_nid = vlegacy_nid;
794 /*
795 * We use lowest level function to get the associated method, because
796 * higher level functions such as EVP_get_digestbyname() have changed
797 * to look at providers too.
798 */
799 const void *legacy_method = OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH);
800
801 if (*legacy_nid == -1) /* We found a clash already */
802 return;
803
804 if (legacy_method == NULL)
805 return;
806 nid = EVP_MD_nid(legacy_method);
807 if (*legacy_nid != NID_undef && *legacy_nid != nid) {
808 *legacy_nid = -1;
809 return;
810 }
811 *legacy_nid = nid;
812 }
813 #endif
814
815 static void *evp_md_from_dispatch(int name_id,
816 const OSSL_DISPATCH *fns,
817 OSSL_PROVIDER *prov)
818 {
819 EVP_MD *md = NULL;
820 int fncnt = 0;
821
822 /* EVP_MD_fetch() will set the legacy NID if available */
823 if ((md = evp_md_new()) == NULL) {
824 EVPerr(0, ERR_R_MALLOC_FAILURE);
825 return NULL;
826 }
827
828 #ifndef FIPS_MODULE
829 /* TODO(3.x) get rid of the need for legacy NIDs */
830 md->type = NID_undef;
831 evp_names_do_all(prov, name_id, set_legacy_nid, &md->type);
832 if (md->type == -1) {
833 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
834 EVP_MD_free(md);
835 return NULL;
836 }
837 #endif
838
839 md->name_id = name_id;
840
841 for (; fns->function_id != 0; fns++) {
842 switch (fns->function_id) {
843 case OSSL_FUNC_DIGEST_NEWCTX:
844 if (md->newctx == NULL) {
845 md->newctx = OSSL_FUNC_digest_newctx(fns);
846 fncnt++;
847 }
848 break;
849 case OSSL_FUNC_DIGEST_INIT:
850 if (md->dinit == NULL) {
851 md->dinit = OSSL_FUNC_digest_init(fns);
852 fncnt++;
853 }
854 break;
855 case OSSL_FUNC_DIGEST_UPDATE:
856 if (md->dupdate == NULL) {
857 md->dupdate = OSSL_FUNC_digest_update(fns);
858 fncnt++;
859 }
860 break;
861 case OSSL_FUNC_DIGEST_FINAL:
862 if (md->dfinal == NULL) {
863 md->dfinal = OSSL_FUNC_digest_final(fns);
864 fncnt++;
865 }
866 break;
867 case OSSL_FUNC_DIGEST_DIGEST:
868 if (md->digest == NULL)
869 md->digest = OSSL_FUNC_digest_digest(fns);
870 /* We don't increment fnct for this as it is stand alone */
871 break;
872 case OSSL_FUNC_DIGEST_FREECTX:
873 if (md->freectx == NULL) {
874 md->freectx = OSSL_FUNC_digest_freectx(fns);
875 fncnt++;
876 }
877 break;
878 case OSSL_FUNC_DIGEST_DUPCTX:
879 if (md->dupctx == NULL)
880 md->dupctx = OSSL_FUNC_digest_dupctx(fns);
881 break;
882 case OSSL_FUNC_DIGEST_GET_PARAMS:
883 if (md->get_params == NULL)
884 md->get_params = OSSL_FUNC_digest_get_params(fns);
885 break;
886 case OSSL_FUNC_DIGEST_SET_CTX_PARAMS:
887 if (md->set_ctx_params == NULL)
888 md->set_ctx_params = OSSL_FUNC_digest_set_ctx_params(fns);
889 break;
890 case OSSL_FUNC_DIGEST_GET_CTX_PARAMS:
891 if (md->get_ctx_params == NULL)
892 md->get_ctx_params = OSSL_FUNC_digest_get_ctx_params(fns);
893 break;
894 case OSSL_FUNC_DIGEST_GETTABLE_PARAMS:
895 if (md->gettable_params == NULL)
896 md->gettable_params = OSSL_FUNC_digest_gettable_params(fns);
897 break;
898 case OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS:
899 if (md->settable_ctx_params == NULL)
900 md->settable_ctx_params =
901 OSSL_FUNC_digest_settable_ctx_params(fns);
902 break;
903 case OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS:
904 if (md->gettable_ctx_params == NULL)
905 md->gettable_ctx_params =
906 OSSL_FUNC_digest_gettable_ctx_params(fns);
907 break;
908 }
909 }
910 if ((fncnt != 0 && fncnt != 5)
911 || (fncnt == 0 && md->digest == NULL)) {
912 /*
913 * In order to be a consistent set of functions we either need the
914 * whole set of init/update/final etc functions or none of them.
915 * The "digest" function can standalone. We at least need one way to
916 * generate digests.
917 */
918 EVP_MD_free(md);
919 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
920 return NULL;
921 }
922 md->prov = prov;
923 if (prov != NULL)
924 ossl_provider_up_ref(prov);
925
926 return md;
927 }
928
929 static int evp_md_up_ref(void *md)
930 {
931 return EVP_MD_up_ref(md);
932 }
933
934 static void evp_md_free(void *md)
935 {
936 EVP_MD_free(md);
937 }
938
939 EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm,
940 const char *properties)
941 {
942 EVP_MD *md =
943 evp_generic_fetch(ctx, OSSL_OP_DIGEST, algorithm, properties,
944 evp_md_from_dispatch, evp_md_up_ref, evp_md_free);
945
946 return md;
947 }
948
949 int EVP_MD_up_ref(EVP_MD *md)
950 {
951 int ref = 0;
952
953 CRYPTO_UP_REF(&md->refcnt, &ref, md->lock);
954 return 1;
955 }
956
957 void EVP_MD_free(EVP_MD *md)
958 {
959 int i;
960
961 if (md == NULL)
962 return;
963
964 CRYPTO_DOWN_REF(&md->refcnt, &i, md->lock);
965 if (i > 0)
966 return;
967 ossl_provider_free(md->prov);
968 CRYPTO_THREAD_lock_free(md->lock);
969 OPENSSL_free(md);
970 }
971
972 void EVP_MD_do_all_provided(OPENSSL_CTX *libctx,
973 void (*fn)(EVP_MD *mac, void *arg),
974 void *arg)
975 {
976 evp_generic_do_all(libctx, OSSL_OP_DIGEST,
977 (void (*)(void *, void *))fn, arg,
978 evp_md_from_dispatch, evp_md_free);
979 }
A mirror of the official openssl repository