Coverage Report

Created: 2024-01-20 12:34

/src/openssl/crypto/evp/digest.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
3
 *
4
 * Licensed under the Apache License 2.0 (the "License").  You may not use
5
 * this file except in compliance with the License.  You can obtain a copy
6
 * in the file LICENSE in the source distribution or at
7
 * https://www.openssl.org/source/license.html
8
 */
9
10
#include <stdio.h>
11
#include <openssl/objects.h>
12
#include <openssl/evp.h>
13
#include <openssl/engine.h>
14
#include <openssl/params.h>
15
#include <openssl/core_names.h>
16
#include "internal/cryptlib.h"
17
#include "crypto/evp.h"
18
#include "internal/provider.h"
19
#include "evp_local.h"
20
21
/* This call frees resources associated with the context */
22
int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
23
0
{
24
0
    if (ctx == NULL)
25
0
        return 1;
26
27
0
#ifndef FIPS_MODE
28
    /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */
29
    /*
30
     * pctx should be freed by the user of EVP_MD_CTX
31
     * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set
32
     */
33
0
    if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX))
34
0
        EVP_PKEY_CTX_free(ctx->pctx);
35
0
#endif
36
37
0
    EVP_MD_free(ctx->fetched_digest);
38
0
    ctx->fetched_digest = NULL;
39
0
    ctx->reqdigest = NULL;
40
41
0
    if (ctx->provctx != NULL) {
42
0
        if (ctx->digest->freectx != NULL)
43
0
            ctx->digest->freectx(ctx->provctx);
44
0
        ctx->provctx = NULL;
45
0
        EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
46
0
    }
47
48
    /* TODO(3.0): Remove legacy code below */
49
50
    /*
51
     * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because
52
     * sometimes only copies of the context are ever finalised.
53
     */
54
0
    if (ctx->digest && ctx->digest->cleanup
55
0
        && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))
56
0
        ctx->digest->cleanup(ctx);
57
0
    if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
58
0
        && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
59
0
        OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
60
0
    }
61
62
0
#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE)
63
0
    ENGINE_finish(ctx->engine);
64
0
#endif
65
66
    /* TODO(3.0): End of legacy code */
67
68
0
    OPENSSL_cleanse(ctx, sizeof(*ctx));
69
70
0
    return 1;
71
0
}
72
73
EVP_MD_CTX *EVP_MD_CTX_new(void)
74
0
{
75
0
    return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
76
0
}
77
78
void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
79
0
{
80
0
    if (ctx == NULL)
81
0
        return;
82
83
0
    EVP_MD_CTX_reset(ctx);
84
85
0
    OPENSSL_free(ctx);
86
0
    return;
87
0
}
88
89
int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
90
0
{
91
0
    EVP_MD_CTX_reset(ctx);
92
0
    return EVP_DigestInit_ex(ctx, type, NULL);
93
0
}
94
95
int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
96
0
{
97
0
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
98
0
    ENGINE *tmpimpl = NULL;
99
0
#endif
100
101
0
    EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
102
103
0
    if (ctx->provctx != NULL) {
104
0
        if (!ossl_assert(ctx->digest != NULL)) {
105
0
            EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
106
0
            return 0;
107
0
        }
108
0
        if (ctx->digest->freectx != NULL)
109
0
            ctx->digest->freectx(ctx->provctx);
110
0
        ctx->provctx = NULL;
111
0
    }
112
113
0
    if (type != NULL)
114
0
        ctx->reqdigest = type;
115
116
    /* TODO(3.0): Legacy work around code below. Remove this */
117
0
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
118
    /*
119
     * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
120
     * this context may already have an ENGINE! Try to avoid releasing the
121
     * previous handle, re-querying for an ENGINE, and having a
122
     * reinitialisation, when it may all be unnecessary.
123
     */
124
0
    if (ctx->engine && ctx->digest &&
125
0
        (type == NULL || (type->type == ctx->digest->type)))
126
0
        goto skip_to_init;
127
128
0
    if (type != NULL) {
129
        /*
130
         * Ensure an ENGINE left lying around from last time is cleared (the
131
         * previous check attempted to avoid this if the same ENGINE and
132
         * EVP_MD could be used).
133
         */
134
0
        ENGINE_finish(ctx->engine);
135
0
        ctx->engine = NULL;
136
0
    }
137
138
0
    if (type != NULL && impl == NULL)
139
0
        tmpimpl = ENGINE_get_digest_engine(type->type);
140
0
#endif
141
142
    /*
143
     * If there are engines involved or EVP_MD_CTX_FLAG_NO_INIT is set then we
144
     * should use legacy handling for now.
145
     */
146
0
    if (ctx->engine != NULL
147
0
            || impl != NULL
148
0
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
149
0
            || tmpimpl != NULL
150
0
#endif
151
0
            || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) {
152
0
        if (ctx->digest == ctx->fetched_digest)
153
0
            ctx->digest = NULL;
154
0
        EVP_MD_free(ctx->fetched_digest);
155
0
        ctx->fetched_digest = NULL;
156
0
        goto legacy;
157
0
    }
158
159
0
    if (ctx->digest != NULL && ctx->digest->ctx_size > 0) {
160
0
        OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
161
0
        ctx->md_data = NULL;
162
0
    }
163
164
    /* TODO(3.0): Start of non-legacy code below */
165
166
0
    if (type->prov == NULL) {
167
#ifdef FIPS_MODE
168
        /* We only do explicit fetches inside the FIPS module */
169
        EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
170
        return 0;
171
#else
172
0
        EVP_MD *provmd = EVP_MD_fetch(NULL, OBJ_nid2sn(type->type), "");
173
174
0
        if (provmd == NULL) {
175
0
            EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
176
0
            return 0;
177
0
        }
178
0
        type = provmd;
179
0
        EVP_MD_free(ctx->fetched_digest);
180
0
        ctx->fetched_digest = provmd;
181
0
#endif
182
0
    }
183
184
0
    if (ctx->provctx != NULL && ctx->digest != NULL && ctx->digest != type) {
185
0
        if (ctx->digest->freectx != NULL)
186
0
            ctx->digest->freectx(ctx->provctx);
187
0
        ctx->provctx = NULL;
188
0
    }
189
0
    ctx->digest = type;
190
0
    if (ctx->provctx == NULL) {
191
0
        ctx->provctx = ctx->digest->newctx(ossl_provider_ctx(type->prov));
192
0
        if (ctx->provctx == NULL) {
193
0
            EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
194
0
            return 0;
195
0
        }
196
0
    }
197
198
0
    if (ctx->digest->dinit == NULL) {
199
0
        EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
200
0
        return 0;
201
0
    }
202
203
0
    return ctx->digest->dinit(ctx->provctx);
204
205
    /* TODO(3.0): Remove legacy code below */
206
0
 legacy:
207
208
0
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
209
0
    if (type) {
210
0
        if (impl != NULL) {
211
0
            if (!ENGINE_init(impl)) {
212
0
                EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
213
0
                return 0;
214
0
            }
215
0
        } else {
216
            /* Ask if an ENGINE is reserved for this job */
217
0
            impl = tmpimpl;
218
0
        }
219
0
        if (impl != NULL) {
220
            /* There's an ENGINE for this job ... (apparently) */
221
0
            const EVP_MD *d = ENGINE_get_digest(impl, type->type);
222
223
0
            if (d == NULL) {
224
0
                EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
225
0
                ENGINE_finish(impl);
226
0
                return 0;
227
0
            }
228
            /* We'll use the ENGINE's private digest definition */
229
0
            type = d;
230
            /*
231
             * Store the ENGINE functional reference so we know 'type' came
232
             * from an ENGINE and we need to release it when done.
233
             */
234
0
            ctx->engine = impl;
235
0
        } else
236
0
            ctx->engine = NULL;
237
0
    } else {
238
0
        if (!ctx->digest) {
239
0
            EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_NO_DIGEST_SET);
240
0
            return 0;
241
0
        }
242
0
        type = ctx->digest;
243
0
    }
244
0
#endif
245
0
    if (ctx->digest != type) {
246
0
        if (ctx->digest && ctx->digest->ctx_size) {
247
0
            OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
248
0
            ctx->md_data = NULL;
249
0
        }
250
0
        ctx->digest = type;
251
0
        if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
252
0
            ctx->update = type->update;
253
0
            ctx->md_data = OPENSSL_zalloc(type->ctx_size);
254
0
            if (ctx->md_data == NULL) {
255
0
                EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE);
256
0
                return 0;
257
0
            }
258
0
        }
259
0
    }
260
0
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
261
0
 skip_to_init:
262
0
#endif
263
0
#ifndef FIPS_MODE
264
    /*
265
     * TODO(3.0): Temporarily no support for EVP_DigestSign* inside FIPS module
266
     * or when using providers.
267
     */
268
0
    if (ctx->pctx != NULL
269
0
            && (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx)
270
0
                 || ctx->pctx->op.sig.signature == NULL)) {
271
0
        int r;
272
0
        r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG,
273
0
                              EVP_PKEY_CTRL_DIGESTINIT, 0, ctx);
274
0
        if (r <= 0 && (r != -2))
275
0
            return 0;
276
0
    }
277
0
#endif
278
0
    if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
279
0
        return 1;
280
0
    return ctx->digest->init(ctx);
281
0
}
282
283
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
284
0
{
285
0
    if (count == 0)
286
0
        return 1;
287
288
0
    if (ctx->pctx != NULL
289
0
            && EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx)
290
0
            && ctx->pctx->op.sig.sigprovctx != NULL) {
291
        /*
292
         * Prior to OpenSSL 3.0 EVP_DigestSignUpdate() and
293
         * EVP_DigestVerifyUpdate() were just macros for EVP_DigestUpdate().
294
         * Some code calls EVP_DigestUpdate() directly even when initialised
295
         * with EVP_DigestSignInit_ex() or EVP_DigestVerifyInit_ex(), so we
296
         * detect that and redirect to the correct EVP_Digest*Update() function
297
         */
298
0
        if (ctx->pctx->operation == EVP_PKEY_OP_SIGNCTX)
299
0
            return EVP_DigestSignUpdate(ctx, data, count);
300
0
        if (ctx->pctx->operation == EVP_PKEY_OP_VERIFYCTX)
301
0
            return EVP_DigestVerifyUpdate(ctx, data, count);
302
0
        EVPerr(EVP_F_EVP_DIGESTUPDATE, EVP_R_UPDATE_ERROR);
303
0
        return 0;
304
0
    }
305
306
0
    if (ctx->digest == NULL
307
0
            || ctx->digest->prov == NULL
308
0
            || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0)
309
0
        goto legacy;
310
311
0
    if (ctx->digest->dupdate == NULL) {
312
0
        EVPerr(EVP_F_EVP_DIGESTUPDATE, EVP_R_UPDATE_ERROR);
313
0
        return 0;
314
0
    }
315
0
    return ctx->digest->dupdate(ctx->provctx, data, count);
316
317
    /* TODO(3.0): Remove legacy code below */
318
0
 legacy:
319
0
    return ctx->update(ctx, data, count);
320
0
}
321
322
/* The caller can assume that this removes any secret data from the context */
323
int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
324
0
{
325
0
    int ret;
326
0
    ret = EVP_DigestFinal_ex(ctx, md, size);
327
0
    EVP_MD_CTX_reset(ctx);
328
0
    return ret;
329
0
}
330
331
/* The caller can assume that this removes any secret data from the context */
332
int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize)
333
0
{
334
0
    int ret;
335
0
    size_t size = 0;
336
0
    size_t mdsize = EVP_MD_size(ctx->digest);
337
338
0
    if (ctx->digest == NULL || ctx->digest->prov == NULL)
339
0
        goto legacy;
340
341
0
    if (ctx->digest->dfinal == NULL) {
342
0
        EVPerr(EVP_F_EVP_DIGESTFINAL_EX, EVP_R_FINAL_ERROR);
343
0
        return 0;
344
0
    }
345
346
0
    ret = ctx->digest->dfinal(ctx->provctx, md, &size, mdsize);
347
348
0
    if (isize != NULL) {
349
0
        if (size <= UINT_MAX) {
350
0
            *isize = (int)size;
351
0
        } else {
352
0
            EVPerr(EVP_F_EVP_DIGESTFINAL_EX, EVP_R_FINAL_ERROR);
353
0
            ret = 0;
354
0
        }
355
0
    }
356
357
0
    return ret;
358
359
    /* TODO(3.0): Remove legacy code below */
360
0
 legacy:
361
0
    OPENSSL_assert(mdsize <= EVP_MAX_MD_SIZE);
362
0
    ret = ctx->digest->final(ctx, md);
363
0
    if (isize != NULL)
364
0
        *isize = mdsize;
365
0
    if (ctx->digest->cleanup) {
366
0
        ctx->digest->cleanup(ctx);
367
0
        EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
368
0
    }
369
0
    OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
370
0
    return ret;
371
0
}
372
373
int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t size)
374
0
{
375
0
    int ret = 0;
376
0
    OSSL_PARAM params[2];
377
0
    size_t i = 0;
378
379
0
    if (ctx->digest == NULL || ctx->digest->prov == NULL)
380
0
        goto legacy;
381
382
0
    if (ctx->digest->dfinal == NULL) {
383
0
        EVPerr(EVP_F_EVP_DIGESTFINALXOF, EVP_R_FINAL_ERROR);
384
0
        return 0;
385
0
    }
386
387
0
    params[i++] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, &size);
388
0
    params[i++] = OSSL_PARAM_construct_end();
389
390
0
    if (EVP_MD_CTX_set_params(ctx, params) > 0)
391
0
        ret = ctx->digest->dfinal(ctx->provctx, md, &size, size);
392
0
    EVP_MD_CTX_reset(ctx);
393
0
    return ret;
394
395
0
legacy:
396
0
    if (ctx->digest->flags & EVP_MD_FLAG_XOF
397
0
        && size <= INT_MAX
398
0
        && ctx->digest->md_ctrl(ctx, EVP_MD_CTRL_XOF_LEN, (int)size, NULL)) {
399
0
        ret = ctx->digest->final(ctx, md);
400
0
        if (ctx->digest->cleanup != NULL) {
401
0
            ctx->digest->cleanup(ctx);
402
0
            EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
403
0
        }
404
0
        OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
405
0
    } else {
406
0
        EVPerr(EVP_F_EVP_DIGESTFINALXOF, EVP_R_NOT_XOF_OR_INVALID_LENGTH);
407
0
    }
408
409
0
    return ret;
410
0
}
411
412
int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
413
0
{
414
0
    EVP_MD_CTX_reset(out);
415
0
    return EVP_MD_CTX_copy_ex(out, in);
416
0
}
417
418
int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
419
0
{
420
0
    unsigned char *tmp_buf;
421
422
0
    if (in == NULL || in->digest == NULL) {
423
0
        EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_INPUT_NOT_INITIALIZED);
424
0
        return 0;
425
0
    }
426
427
0
    if (in->digest->prov == NULL
428
0
            || (in->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0)
429
0
        goto legacy;
430
431
0
    if (in->digest->dupctx == NULL) {
432
0
        EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_NOT_ABLE_TO_COPY_CTX);
433
0
        return 0;
434
0
    }
435
436
0
    EVP_MD_CTX_reset(out);
437
0
    if (out->fetched_digest != NULL)
438
0
        EVP_MD_free(out->fetched_digest);
439
0
    *out = *in;
440
    /* NULL out pointers in case of error */
441
0
    out->pctx = NULL;
442
0
    out->provctx = NULL;
443
444
0
    if (in->fetched_digest != NULL)
445
0
        EVP_MD_up_ref(in->fetched_digest);
446
447
0
    out->provctx = in->digest->dupctx(in->provctx);
448
0
    if (out->provctx == NULL) {
449
0
        EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_NOT_ABLE_TO_COPY_CTX);
450
0
        return 0;
451
0
    }
452
453
    /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */
454
0
    EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
455
0
#ifndef FIPS_MODE
456
    /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */
457
0
    if (in->pctx != NULL) {
458
0
        out->pctx = EVP_PKEY_CTX_dup(in->pctx);
459
0
        if (out->pctx == NULL) {
460
0
            EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_NOT_ABLE_TO_COPY_CTX);
461
0
            EVP_MD_CTX_reset(out);
462
0
            return 0;
463
0
        }
464
0
    }
465
0
#endif
466
467
0
    return 1;
468
469
    /* TODO(3.0): Remove legacy code below */
470
0
 legacy:
471
0
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
472
    /* Make sure it's safe to copy a digest context using an ENGINE */
473
0
    if (in->engine && !ENGINE_init(in->engine)) {
474
0
        EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_ENGINE_LIB);
475
0
        return 0;
476
0
    }
477
0
#endif
478
479
0
    if (out->digest == in->digest) {
480
0
        tmp_buf = out->md_data;
481
0
        EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE);
482
0
    } else
483
0
        tmp_buf = NULL;
484
0
    EVP_MD_CTX_reset(out);
485
0
    memcpy(out, in, sizeof(*out));
486
487
    /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */
488
0
    EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
489
490
    /* Null these variables, since they are getting fixed up
491
     * properly below.  Anything else may cause a memleak and/or
492
     * double free if any of the memory allocations below fail
493
     */
494
0
    out->md_data = NULL;
495
0
    out->pctx = NULL;
496
497
0
    if (in->md_data && out->digest->ctx_size) {
498
0
        if (tmp_buf)
499
0
            out->md_data = tmp_buf;
500
0
        else {
501
0
            out->md_data = OPENSSL_malloc(out->digest->ctx_size);
502
0
            if (out->md_data == NULL) {
503
0
                EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_MALLOC_FAILURE);
504
0
                return 0;
505
0
            }
506
0
        }
507
0
        memcpy(out->md_data, in->md_data, out->digest->ctx_size);
508
0
    }
509
510
0
    out->update = in->update;
511
512
0
#ifndef FIPS_MODE
513
    /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */
514
0
    if (in->pctx) {
515
0
        out->pctx = EVP_PKEY_CTX_dup(in->pctx);
516
0
        if (!out->pctx) {
517
0
            EVP_MD_CTX_reset(out);
518
0
            return 0;
519
0
        }
520
0
    }
521
0
#endif
522
523
0
    if (out->digest->copy)
524
0
        return out->digest->copy(out, in);
525
526
0
    return 1;
527
0
}
528
529
int EVP_Digest(const void *data, size_t count,
530
               unsigned char *md, unsigned int *size, const EVP_MD *type,
531
               ENGINE *impl)
532
0
{
533
0
    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
534
0
    int ret;
535
536
0
    if (ctx == NULL)
537
0
        return 0;
538
0
    EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT);
539
0
    ret = EVP_DigestInit_ex(ctx, type, impl)
540
0
        && EVP_DigestUpdate(ctx, data, count)
541
0
        && EVP_DigestFinal_ex(ctx, md, size);
542
0
    EVP_MD_CTX_free(ctx);
543
544
0
    return ret;
545
0
}
546
547
int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[])
548
0
{
549
0
    if (digest != NULL && digest->get_params != NULL)
550
0
        return digest->get_params(params);
551
0
    return 0;
552
0
}
553
554
const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest)
555
0
{
556
0
    if (digest != NULL && digest->gettable_params != NULL)
557
0
        return digest->gettable_params();
558
0
    return NULL;
559
0
}
560
561
int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[])
562
0
{
563
0
    EVP_PKEY_CTX *pctx = ctx->pctx;
564
565
0
    if (ctx->digest != NULL && ctx->digest->set_ctx_params != NULL)
566
0
        return ctx->digest->set_ctx_params(ctx->provctx, params);
567
568
0
    if (pctx != NULL
569
0
            && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
570
0
                || pctx->operation == EVP_PKEY_OP_SIGNCTX)
571
0
            && pctx->op.sig.sigprovctx != NULL
572
0
            && pctx->op.sig.signature->set_ctx_md_params != NULL)
573
0
        return pctx->op.sig.signature->set_ctx_md_params(pctx->op.sig.sigprovctx,
574
0
                                                         params);
575
0
    return 0;
576
0
}
577
578
const OSSL_PARAM *EVP_MD_settable_ctx_params(const EVP_MD *md)
579
0
{
580
0
    if (md != NULL && md->settable_ctx_params != NULL)
581
0
        return md->settable_ctx_params();
582
0
    return NULL;
583
0
}
584
585
const OSSL_PARAM *EVP_MD_CTX_settable_params(EVP_MD_CTX *ctx)
586
0
{
587
0
    EVP_PKEY_CTX *pctx;
588
589
0
    if (ctx != NULL
590
0
            && ctx->digest != NULL
591
0
            && ctx->digest->settable_ctx_params != NULL)
592
0
        return ctx->digest->settable_ctx_params();
593
594
0
    pctx = ctx->pctx;
595
0
    if (pctx != NULL
596
0
            && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
597
0
                || pctx->operation == EVP_PKEY_OP_SIGNCTX)
598
0
            && pctx->op.sig.sigprovctx != NULL
599
0
            && pctx->op.sig.signature->settable_ctx_md_params != NULL)
600
0
        return pctx->op.sig.signature->settable_ctx_md_params(
601
0
                   pctx->op.sig.sigprovctx);
602
603
0
    return NULL;
604
0
}
605
606
int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[])
607
0
{
608
0
    EVP_PKEY_CTX *pctx = ctx->pctx;
609
610
0
    if (ctx->digest != NULL && ctx->digest->get_params != NULL)
611
0
        return ctx->digest->get_ctx_params(ctx->provctx, params);
612
613
0
    if (pctx != NULL
614
0
            && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
615
0
                || pctx->operation == EVP_PKEY_OP_SIGNCTX)
616
0
            && pctx->op.sig.sigprovctx != NULL
617
0
            && pctx->op.sig.signature->get_ctx_md_params != NULL)
618
0
        return pctx->op.sig.signature->get_ctx_md_params(pctx->op.sig.sigprovctx,
619
0
                                                         params);
620
621
0
    return 0;
622
0
}
623
624
const OSSL_PARAM *EVP_MD_gettable_ctx_params(const EVP_MD *md)
625
0
{
626
0
    if (md != NULL && md->gettable_ctx_params != NULL)
627
0
        return md->gettable_ctx_params();
628
0
    return NULL;
629
0
}
630
631
const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx)
632
0
{
633
0
    EVP_PKEY_CTX *pctx;
634
635
0
    if (ctx != NULL
636
0
            && ctx->digest != NULL
637
0
            && ctx->digest->gettable_ctx_params != NULL)
638
0
        return ctx->digest->gettable_ctx_params();
639
640
0
    pctx = ctx->pctx;
641
0
    if (pctx != NULL
642
0
            && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
643
0
                || pctx->operation == EVP_PKEY_OP_SIGNCTX)
644
0
            && pctx->op.sig.sigprovctx != NULL
645
0
            && pctx->op.sig.signature->gettable_ctx_md_params != NULL)
646
0
        return pctx->op.sig.signature->gettable_ctx_md_params(
647
0
                    pctx->op.sig.sigprovctx);
648
649
0
    return NULL;
650
0
}
651
652
/* TODO(3.0): Remove legacy code below - only used by engines & DigestSign */
653
int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
654
0
{
655
0
    int ret = EVP_CTRL_RET_UNSUPPORTED;
656
0
    int set_params = 1;
657
0
    size_t sz;
658
0
    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
659
660
0
    if (ctx == NULL || ctx->digest == NULL) {
661
0
        ERR_raise(ERR_LIB_EVP, EVP_R_MESSAGE_DIGEST_IS_NULL);
662
0
        return 0;
663
0
    }
664
665
0
    if (ctx->digest->prov == NULL)
666
0
        goto legacy;
667
668
0
    switch (cmd) {
669
0
    case EVP_MD_CTRL_XOF_LEN:
670
0
        sz = (size_t)p1;
671
0
        params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, &sz);
672
0
        break;
673
0
    case EVP_MD_CTRL_MICALG:
674
0
        set_params = 0;
675
0
        params[0] = OSSL_PARAM_construct_utf8_string(OSSL_DIGEST_PARAM_MICALG,
676
0
                                                     p2, p1 ? p1 : 9999);
677
0
        break;
678
0
    case EVP_CTRL_SSL3_MASTER_SECRET:
679
0
        params[0] = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
680
0
                                                      p2, p1);
681
0
        break;
682
0
    default:
683
0
        goto conclude;
684
0
    }
685
686
0
    if (set_params)
687
0
        ret = EVP_MD_CTX_set_params(ctx, params);
688
0
    else
689
0
        ret = EVP_MD_CTX_get_params(ctx, params);
690
0
    goto conclude;
691
692
693
/* TODO(3.0): Remove legacy code below */
694
0
 legacy:
695
0
    if (ctx->digest->md_ctrl == NULL) {
696
0
        ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_NOT_IMPLEMENTED);
697
0
        return 0;
698
0
    }
699
700
0
    ret = ctx->digest->md_ctrl(ctx, cmd, p1, p2);
701
0
 conclude:
702
0
    if (ret <= 0)
703
0
        return 0;
704
0
    return ret;
705
0
}
706
707
EVP_MD *evp_md_new(void)
708
0
{
709
0
    EVP_MD *md = OPENSSL_zalloc(sizeof(*md));
710
711
0
    if (md != NULL) {
712
0
        md->lock = CRYPTO_THREAD_lock_new();
713
0
        if (md->lock == NULL) {
714
0
            OPENSSL_free(md);
715
0
            return NULL;
716
0
        }
717
0
        md->refcnt = 1;
718
0
    }
719
0
    return md;
720
0
}
721
722
/*
723
 * FIPS module note: since internal fetches will be entirely
724
 * provider based, we know that none of its code depends on legacy
725
 * NIDs or any functionality that use them.
726
 */
727
#ifndef FIPS_MODE
728
/* TODO(3.x) get rid of the need for legacy NIDs */
729
static void set_legacy_nid(const char *name, void *vlegacy_nid)
730
0
{
731
0
    int nid;
732
0
    int *legacy_nid = vlegacy_nid;
733
    /*
734
     * We use lowest level function to get the associated method, because
735
     * higher level functions such as EVP_get_digestbyname() have changed
736
     * to look at providers too.
737
     */
738
0
    const void *legacy_method = OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH);
739
740
0
    if (*legacy_nid == -1)       /* We found a clash already */
741
0
        return;
742
743
0
    if (legacy_method == NULL)
744
0
        return;
745
0
    nid = EVP_MD_nid(legacy_method);
746
0
    if (*legacy_nid != NID_undef && *legacy_nid != nid) {
747
0
        *legacy_nid = -1;
748
0
        return;
749
0
    }
750
0
    *legacy_nid = nid;
751
0
}
752
#endif
753
754
static void *evp_md_from_dispatch(int name_id,
755
                                  const OSSL_DISPATCH *fns,
756
                                  OSSL_PROVIDER *prov)
757
0
{
758
0
    EVP_MD *md = NULL;
759
0
    int fncnt = 0;
760
761
    /* EVP_MD_fetch() will set the legacy NID if available */
762
0
    if ((md = evp_md_new()) == NULL) {
763
0
        EVPerr(0, ERR_R_MALLOC_FAILURE);
764
0
        return NULL;
765
0
    }
766
767
0
#ifndef FIPS_MODE
768
    /* TODO(3.x) get rid of the need for legacy NIDs */
769
0
    md->type = NID_undef;
770
0
    evp_names_do_all(prov, name_id, set_legacy_nid, &md->type);
771
0
    if (md->type == -1) {
772
0
        ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
773
0
        EVP_MD_free(md);
774
0
        return NULL;
775
0
    }
776
0
#endif
777
778
0
    md->name_id = name_id;
779
780
0
    for (; fns->function_id != 0; fns++) {
781
0
        switch (fns->function_id) {
782
0
        case OSSL_FUNC_DIGEST_NEWCTX:
783
0
            if (md->newctx == NULL) {
784
0
                md->newctx = OSSL_get_OP_digest_newctx(fns);
785
0
                fncnt++;
786
0
            }
787
0
            break;
788
0
        case OSSL_FUNC_DIGEST_INIT:
789
0
            if (md->dinit == NULL) {
790
0
                md->dinit = OSSL_get_OP_digest_init(fns);
791
0
                fncnt++;
792
0
            }
793
0
            break;
794
0
        case OSSL_FUNC_DIGEST_UPDATE:
795
0
            if (md->dupdate == NULL) {
796
0
                md->dupdate = OSSL_get_OP_digest_update(fns);
797
0
                fncnt++;
798
0
            }
799
0
            break;
800
0
        case OSSL_FUNC_DIGEST_FINAL:
801
0
            if (md->dfinal == NULL) {
802
0
                md->dfinal = OSSL_get_OP_digest_final(fns);
803
0
                fncnt++;
804
0
            }
805
0
            break;
806
0
        case OSSL_FUNC_DIGEST_DIGEST:
807
0
            if (md->digest == NULL)
808
0
                md->digest = OSSL_get_OP_digest_digest(fns);
809
            /* We don't increment fnct for this as it is stand alone */
810
0
            break;
811
0
        case OSSL_FUNC_DIGEST_FREECTX:
812
0
            if (md->freectx == NULL) {
813
0
                md->freectx = OSSL_get_OP_digest_freectx(fns);
814
0
                fncnt++;
815
0
            }
816
0
            break;
817
0
        case OSSL_FUNC_DIGEST_DUPCTX:
818
0
            if (md->dupctx == NULL)
819
0
                md->dupctx = OSSL_get_OP_digest_dupctx(fns);
820
0
            break;
821
0
        case OSSL_FUNC_DIGEST_GET_PARAMS:
822
0
            if (md->get_params == NULL)
823
0
                md->get_params = OSSL_get_OP_digest_get_params(fns);
824
0
            break;
825
0
        case OSSL_FUNC_DIGEST_SET_CTX_PARAMS:
826
0
            if (md->set_ctx_params == NULL)
827
0
                md->set_ctx_params = OSSL_get_OP_digest_set_ctx_params(fns);
828
0
            break;
829
0
        case OSSL_FUNC_DIGEST_GET_CTX_PARAMS:
830
0
            if (md->get_ctx_params == NULL)
831
0
                md->get_ctx_params = OSSL_get_OP_digest_get_ctx_params(fns);
832
0
            break;
833
0
        case OSSL_FUNC_DIGEST_GETTABLE_PARAMS:
834
0
            if (md->gettable_params == NULL)
835
0
                md->gettable_params = OSSL_get_OP_digest_gettable_params(fns);
836
0
            break;
837
0
        case OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS:
838
0
            if (md->settable_ctx_params == NULL)
839
0
                md->settable_ctx_params =
840
0
                    OSSL_get_OP_digest_settable_ctx_params(fns);
841
0
            break;
842
0
        case OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS:
843
0
            if (md->gettable_ctx_params == NULL)
844
0
                md->gettable_ctx_params =
845
0
                    OSSL_get_OP_digest_gettable_ctx_params(fns);
846
0
            break;
847
0
        }
848
0
    }
849
0
    if ((fncnt != 0 && fncnt != 5)
850
0
        || (fncnt == 0 && md->digest == NULL)) {
851
        /*
852
         * In order to be a consistent set of functions we either need the
853
         * whole set of init/update/final etc functions or none of them.
854
         * The "digest" function can standalone. We at least need one way to
855
         * generate digests.
856
         */
857
0
        EVP_MD_free(md);
858
0
        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
859
0
        return NULL;
860
0
    }
861
0
    md->prov = prov;
862
0
    if (prov != NULL)
863
0
        ossl_provider_up_ref(prov);
864
865
0
    return md;
866
0
}
867
868
static int evp_md_up_ref(void *md)
869
0
{
870
0
    return EVP_MD_up_ref(md);
871
0
}
872
873
static void evp_md_free(void *md)
874
0
{
875
0
    EVP_MD_free(md);
876
0
}
877
878
EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm,
879
                     const char *properties)
880
0
{
881
0
    EVP_MD *md =
882
0
        evp_generic_fetch(ctx, OSSL_OP_DIGEST, algorithm, properties,
883
0
                          evp_md_from_dispatch, evp_md_up_ref, evp_md_free);
884
885
0
    return md;
886
0
}
887
888
int EVP_MD_up_ref(EVP_MD *md)
889
0
{
890
0
    int ref = 0;
891
892
0
    CRYPTO_UP_REF(&md->refcnt, &ref, md->lock);
893
0
    return 1;
894
0
}
895
896
void EVP_MD_free(EVP_MD *md)
897
0
{
898
0
    int i;
899
900
0
    if (md == NULL)
901
0
        return;
902
903
0
    CRYPTO_DOWN_REF(&md->refcnt, &i, md->lock);
904
0
    if (i > 0)
905
0
        return;
906
0
    ossl_provider_free(md->prov);
907
0
    CRYPTO_THREAD_lock_free(md->lock);
908
0
    OPENSSL_free(md);
909
0
}
910
911
void EVP_MD_do_all_provided(OPENSSL_CTX *libctx,
912
                            void (*fn)(EVP_MD *mac, void *arg),
913
                            void *arg)
914
0
{
915
0
    evp_generic_do_all(libctx, OSSL_OP_DIGEST,
916
0
                       (void (*)(void *, void *))fn, arg,
917
0
                       evp_md_from_dispatch, evp_md_free);
918
0
}