2
0

digest.c 33 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143
  1. /*
  2. * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* We need to use some engine deprecated APIs */
  10. #define OPENSSL_SUPPRESS_DEPRECATED
  11. #include <stdio.h>
  12. #include <openssl/objects.h>
  13. #include <openssl/evp.h>
  14. #include <openssl/ec.h>
  15. #ifndef FIPS_MODULE
  16. # include <openssl/engine.h>
  17. #endif
  18. #include <openssl/params.h>
  19. #include <openssl/core_names.h>
  20. #include "internal/cryptlib.h"
  21. #include "internal/provider.h"
  22. #include "internal/core.h"
  23. #include "crypto/evp.h"
  24. #include "evp_local.h"
  25. static void cleanup_old_md_data(EVP_MD_CTX *ctx, int force)
  26. {
  27. if (ctx->digest != NULL) {
  28. if (ctx->digest->cleanup != NULL
  29. && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))
  30. ctx->digest->cleanup(ctx);
  31. if (ctx->md_data != NULL && ctx->digest->ctx_size > 0
  32. && (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)
  33. || force)) {
  34. OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
  35. ctx->md_data = NULL;
  36. }
  37. }
  38. }
  39. void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force, int keep_fetched)
  40. {
  41. if (ctx->algctx != NULL) {
  42. if (ctx->digest != NULL && ctx->digest->freectx != NULL)
  43. ctx->digest->freectx(ctx->algctx);
  44. ctx->algctx = NULL;
  45. EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
  46. }
  47. /* Code below to be removed when legacy support is dropped. */
  48. /*
  49. * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because
  50. * sometimes only copies of the context are ever finalised.
  51. */
  52. cleanup_old_md_data(ctx, force);
  53. if (force)
  54. ctx->digest = NULL;
  55. #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
  56. ENGINE_finish(ctx->engine);
  57. ctx->engine = NULL;
  58. #endif
  59. /* Non legacy code, this has to be later than the ctx->digest cleaning */
  60. if (!keep_fetched) {
  61. EVP_MD_free(ctx->fetched_digest);
  62. ctx->fetched_digest = NULL;
  63. ctx->reqdigest = NULL;
  64. }
  65. }
  66. static int evp_md_ctx_reset_ex(EVP_MD_CTX *ctx, int keep_fetched)
  67. {
  68. if (ctx == NULL)
  69. return 1;
  70. #ifndef FIPS_MODULE
  71. /*
  72. * pctx should be freed by the user of EVP_MD_CTX
  73. * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set
  74. */
  75. if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) {
  76. EVP_PKEY_CTX_free(ctx->pctx);
  77. ctx->pctx = NULL;
  78. }
  79. #endif
  80. evp_md_ctx_clear_digest(ctx, 0, keep_fetched);
  81. if (!keep_fetched)
  82. OPENSSL_cleanse(ctx, sizeof(*ctx));
  83. return 1;
  84. }
  85. /* This call frees resources associated with the context */
  86. int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
  87. {
  88. return evp_md_ctx_reset_ex(ctx, 0);
  89. }
  90. #ifndef FIPS_MODULE
  91. EVP_MD_CTX *evp_md_ctx_new_ex(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id,
  92. OSSL_LIB_CTX *libctx, const char *propq)
  93. {
  94. EVP_MD_CTX *ctx;
  95. EVP_PKEY_CTX *pctx = NULL;
  96. if ((ctx = EVP_MD_CTX_new()) == NULL
  97. || (pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq)) == NULL) {
  98. ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
  99. goto err;
  100. }
  101. if (id != NULL && EVP_PKEY_CTX_set1_id(pctx, id->data, id->length) <= 0)
  102. goto err;
  103. EVP_MD_CTX_set_pkey_ctx(ctx, pctx);
  104. return ctx;
  105. err:
  106. EVP_PKEY_CTX_free(pctx);
  107. EVP_MD_CTX_free(ctx);
  108. return NULL;
  109. }
  110. #endif
  111. EVP_MD_CTX *EVP_MD_CTX_new(void)
  112. {
  113. return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
  114. }
  115. void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
  116. {
  117. if (ctx == NULL)
  118. return;
  119. EVP_MD_CTX_reset(ctx);
  120. OPENSSL_free(ctx);
  121. }
  122. int evp_md_ctx_free_algctx(EVP_MD_CTX *ctx)
  123. {
  124. if (ctx->algctx != NULL) {
  125. if (!ossl_assert(ctx->digest != NULL)) {
  126. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  127. return 0;
  128. }
  129. if (ctx->digest->freectx != NULL)
  130. ctx->digest->freectx(ctx->algctx);
  131. ctx->algctx = NULL;
  132. }
  133. return 1;
  134. }
  135. static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type,
  136. const OSSL_PARAM params[], ENGINE *impl)
  137. {
  138. #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
  139. ENGINE *tmpimpl = NULL;
  140. #endif
  141. #if !defined(FIPS_MODULE)
  142. if (ctx->pctx != NULL
  143. && EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx)
  144. && ctx->pctx->op.sig.algctx != NULL) {
  145. /*
  146. * Prior to OpenSSL 3.0 calling EVP_DigestInit_ex() on an mdctx
  147. * previously initialised with EVP_DigestSignInit() would retain
  148. * information about the key, and re-initialise for another sign
  149. * operation. So in that case we redirect to EVP_DigestSignInit()
  150. */
  151. if (ctx->pctx->operation == EVP_PKEY_OP_SIGNCTX)
  152. return EVP_DigestSignInit(ctx, NULL, type, impl, NULL);
  153. if (ctx->pctx->operation == EVP_PKEY_OP_VERIFYCTX)
  154. return EVP_DigestVerifyInit(ctx, NULL, type, impl, NULL);
  155. ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
  156. return 0;
  157. }
  158. #endif
  159. EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED
  160. | EVP_MD_CTX_FLAG_FINALISED);
  161. if (type != NULL) {
  162. ctx->reqdigest = type;
  163. } else {
  164. if (ctx->digest == NULL) {
  165. ERR_raise(ERR_LIB_EVP, EVP_R_NO_DIGEST_SET);
  166. return 0;
  167. }
  168. type = ctx->digest;
  169. }
  170. /* Code below to be removed when legacy support is dropped. */
  171. #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
  172. /*
  173. * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
  174. * this context may already have an ENGINE! Try to avoid releasing the
  175. * previous handle, re-querying for an ENGINE, and having a
  176. * reinitialisation, when it may all be unnecessary.
  177. */
  178. if (ctx->engine != NULL
  179. && ctx->digest != NULL
  180. && type->type == ctx->digest->type)
  181. goto skip_to_init;
  182. /*
  183. * Ensure an ENGINE left lying around from last time is cleared (the
  184. * previous check attempted to avoid this if the same ENGINE and
  185. * EVP_MD could be used).
  186. */
  187. ENGINE_finish(ctx->engine);
  188. ctx->engine = NULL;
  189. if (impl == NULL)
  190. tmpimpl = ENGINE_get_digest_engine(type->type);
  191. #endif
  192. /*
  193. * If there are engines involved or EVP_MD_CTX_FLAG_NO_INIT is set then we
  194. * should use legacy handling for now.
  195. */
  196. if (impl != NULL
  197. #if !defined(OPENSSL_NO_ENGINE)
  198. || ctx->engine != NULL
  199. # if !defined(FIPS_MODULE)
  200. || tmpimpl != NULL
  201. # endif
  202. #endif
  203. || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0
  204. || (type != NULL && type->origin == EVP_ORIG_METH)
  205. || (type == NULL && ctx->digest != NULL
  206. && ctx->digest->origin == EVP_ORIG_METH)) {
  207. /* If we were using provided hash before, cleanup algctx */
  208. if (!evp_md_ctx_free_algctx(ctx))
  209. return 0;
  210. if (ctx->digest == ctx->fetched_digest)
  211. ctx->digest = NULL;
  212. EVP_MD_free(ctx->fetched_digest);
  213. ctx->fetched_digest = NULL;
  214. goto legacy;
  215. }
  216. cleanup_old_md_data(ctx, 1);
  217. /* Start of non-legacy code below */
  218. if (ctx->digest == type) {
  219. if (!ossl_assert(type->prov != NULL)) {
  220. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  221. return 0;
  222. }
  223. } else {
  224. if (!evp_md_ctx_free_algctx(ctx))
  225. return 0;
  226. }
  227. if (type->prov == NULL) {
  228. #ifdef FIPS_MODULE
  229. /* We only do explicit fetches inside the FIPS module */
  230. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  231. return 0;
  232. #else
  233. /* The NULL digest is a special case */
  234. EVP_MD *provmd = EVP_MD_fetch(NULL,
  235. type->type != NID_undef ? OBJ_nid2sn(type->type)
  236. : "NULL", "");
  237. if (provmd == NULL) {
  238. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  239. return 0;
  240. }
  241. type = provmd;
  242. EVP_MD_free(ctx->fetched_digest);
  243. ctx->fetched_digest = provmd;
  244. #endif
  245. }
  246. if (type->prov != NULL && ctx->fetched_digest != type) {
  247. if (!EVP_MD_up_ref((EVP_MD *)type)) {
  248. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  249. return 0;
  250. }
  251. EVP_MD_free(ctx->fetched_digest);
  252. ctx->fetched_digest = (EVP_MD *)type;
  253. }
  254. ctx->digest = type;
  255. if (ctx->algctx == NULL) {
  256. ctx->algctx = ctx->digest->newctx(ossl_provider_ctx(type->prov));
  257. if (ctx->algctx == NULL) {
  258. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  259. return 0;
  260. }
  261. }
  262. if (ctx->digest->dinit == NULL) {
  263. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  264. return 0;
  265. }
  266. return ctx->digest->dinit(ctx->algctx, params);
  267. /* Code below to be removed when legacy support is dropped. */
  268. legacy:
  269. #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
  270. if (type) {
  271. if (impl != NULL) {
  272. if (!ENGINE_init(impl)) {
  273. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  274. return 0;
  275. }
  276. } else {
  277. /* Ask if an ENGINE is reserved for this job */
  278. impl = tmpimpl;
  279. }
  280. if (impl != NULL) {
  281. /* There's an ENGINE for this job ... (apparently) */
  282. const EVP_MD *d = ENGINE_get_digest(impl, type->type);
  283. if (d == NULL) {
  284. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  285. ENGINE_finish(impl);
  286. return 0;
  287. }
  288. /* We'll use the ENGINE's private digest definition */
  289. type = d;
  290. /*
  291. * Store the ENGINE functional reference so we know 'type' came
  292. * from an ENGINE and we need to release it when done.
  293. */
  294. ctx->engine = impl;
  295. } else
  296. ctx->engine = NULL;
  297. }
  298. #endif
  299. if (ctx->digest != type) {
  300. cleanup_old_md_data(ctx, 1);
  301. ctx->digest = type;
  302. if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
  303. ctx->update = type->update;
  304. ctx->md_data = OPENSSL_zalloc(type->ctx_size);
  305. if (ctx->md_data == NULL)
  306. return 0;
  307. }
  308. }
  309. #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
  310. skip_to_init:
  311. #endif
  312. #ifndef FIPS_MODULE
  313. if (ctx->pctx != NULL
  314. && (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx)
  315. || ctx->pctx->op.sig.signature == NULL)) {
  316. int r;
  317. r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG,
  318. EVP_PKEY_CTRL_DIGESTINIT, 0, ctx);
  319. if (r <= 0 && (r != -2))
  320. return 0;
  321. }
  322. #endif
  323. if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
  324. return 1;
  325. return ctx->digest->init(ctx);
  326. }
  327. int EVP_DigestInit_ex2(EVP_MD_CTX *ctx, const EVP_MD *type,
  328. const OSSL_PARAM params[])
  329. {
  330. return evp_md_init_internal(ctx, type, params, NULL);
  331. }
  332. int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
  333. {
  334. EVP_MD_CTX_reset(ctx);
  335. return evp_md_init_internal(ctx, type, NULL, NULL);
  336. }
  337. int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
  338. {
  339. return evp_md_init_internal(ctx, type, NULL, impl);
  340. }
  341. int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
  342. {
  343. if (count == 0)
  344. return 1;
  345. if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
  346. ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
  347. return 0;
  348. }
  349. if (ctx->pctx != NULL
  350. && EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx)
  351. && ctx->pctx->op.sig.algctx != NULL) {
  352. /*
  353. * Prior to OpenSSL 3.0 EVP_DigestSignUpdate() and
  354. * EVP_DigestVerifyUpdate() were just macros for EVP_DigestUpdate().
  355. * Some code calls EVP_DigestUpdate() directly even when initialised
  356. * with EVP_DigestSignInit_ex() or
  357. * EVP_DigestVerifyInit_ex(), so we detect that and redirect to
  358. * the correct EVP_Digest*Update() function
  359. */
  360. if (ctx->pctx->operation == EVP_PKEY_OP_SIGNCTX)
  361. return EVP_DigestSignUpdate(ctx, data, count);
  362. if (ctx->pctx->operation == EVP_PKEY_OP_VERIFYCTX)
  363. return EVP_DigestVerifyUpdate(ctx, data, count);
  364. ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
  365. return 0;
  366. }
  367. if (ctx->digest == NULL
  368. || ctx->digest->prov == NULL
  369. || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0)
  370. goto legacy;
  371. if (ctx->digest->dupdate == NULL) {
  372. ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
  373. return 0;
  374. }
  375. return ctx->digest->dupdate(ctx->algctx, data, count);
  376. /* Code below to be removed when legacy support is dropped. */
  377. legacy:
  378. return ctx->update(ctx, data, count);
  379. }
  380. /* The caller can assume that this removes any secret data from the context */
  381. int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
  382. {
  383. int ret;
  384. ret = EVP_DigestFinal_ex(ctx, md, size);
  385. EVP_MD_CTX_reset(ctx);
  386. return ret;
  387. }
  388. /* The caller can assume that this removes any secret data from the context */
  389. int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize)
  390. {
  391. int ret, sz;
  392. size_t size = 0;
  393. size_t mdsize = 0;
  394. if (ctx->digest == NULL)
  395. return 0;
  396. sz = EVP_MD_get_size(ctx->digest);
  397. if (sz < 0)
  398. return 0;
  399. mdsize = sz;
  400. if (ctx->digest->prov == NULL)
  401. goto legacy;
  402. if (ctx->digest->dfinal == NULL) {
  403. ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
  404. return 0;
  405. }
  406. if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
  407. ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
  408. return 0;
  409. }
  410. ret = ctx->digest->dfinal(ctx->algctx, md, &size, mdsize);
  411. ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
  412. if (isize != NULL) {
  413. if (size <= UINT_MAX) {
  414. *isize = (unsigned int)size;
  415. } else {
  416. ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
  417. ret = 0;
  418. }
  419. }
  420. return ret;
  421. /* Code below to be removed when legacy support is dropped. */
  422. legacy:
  423. OPENSSL_assert(mdsize <= EVP_MAX_MD_SIZE);
  424. ret = ctx->digest->final(ctx, md);
  425. if (isize != NULL)
  426. *isize = mdsize;
  427. if (ctx->digest->cleanup) {
  428. ctx->digest->cleanup(ctx);
  429. EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
  430. }
  431. OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
  432. return ret;
  433. }
  434. int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t size)
  435. {
  436. int ret = 0;
  437. OSSL_PARAM params[2];
  438. size_t i = 0;
  439. if (ctx->digest == NULL) {
  440. ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM);
  441. return 0;
  442. }
  443. if (ctx->digest->prov == NULL)
  444. goto legacy;
  445. if (ctx->digest->dfinal == NULL) {
  446. ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
  447. return 0;
  448. }
  449. if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
  450. ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
  451. return 0;
  452. }
  453. params[i++] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, &size);
  454. params[i++] = OSSL_PARAM_construct_end();
  455. if (EVP_MD_CTX_set_params(ctx, params) > 0)
  456. ret = ctx->digest->dfinal(ctx->algctx, md, &size, size);
  457. ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
  458. return ret;
  459. legacy:
  460. if (ctx->digest->flags & EVP_MD_FLAG_XOF
  461. && size <= INT_MAX
  462. && ctx->digest->md_ctrl(ctx, EVP_MD_CTRL_XOF_LEN, (int)size, NULL)) {
  463. ret = ctx->digest->final(ctx, md);
  464. if (ctx->digest->cleanup != NULL) {
  465. ctx->digest->cleanup(ctx);
  466. EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
  467. }
  468. OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
  469. } else {
  470. ERR_raise(ERR_LIB_EVP, EVP_R_NOT_XOF_OR_INVALID_LENGTH);
  471. }
  472. return ret;
  473. }
  474. EVP_MD_CTX *EVP_MD_CTX_dup(const EVP_MD_CTX *in)
  475. {
  476. EVP_MD_CTX *out = EVP_MD_CTX_new();
  477. if (out != NULL && !EVP_MD_CTX_copy_ex(out, in)) {
  478. EVP_MD_CTX_free(out);
  479. out = NULL;
  480. }
  481. return out;
  482. }
  483. int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
  484. {
  485. EVP_MD_CTX_reset(out);
  486. return EVP_MD_CTX_copy_ex(out, in);
  487. }
  488. int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
  489. {
  490. int digest_change = 0;
  491. unsigned char *tmp_buf;
  492. if (in == NULL) {
  493. ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
  494. return 0;
  495. }
  496. if (in->digest == NULL) {
  497. /* copying uninitialized digest context */
  498. EVP_MD_CTX_reset(out);
  499. if (out->fetched_digest != NULL)
  500. EVP_MD_free(out->fetched_digest);
  501. *out = *in;
  502. goto clone_pkey;
  503. }
  504. if (in->digest->prov == NULL
  505. || (in->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0)
  506. goto legacy;
  507. if (in->digest->dupctx == NULL) {
  508. ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX);
  509. return 0;
  510. }
  511. evp_md_ctx_reset_ex(out, 1);
  512. digest_change = (out->fetched_digest != in->fetched_digest);
  513. if (digest_change && out->fetched_digest != NULL)
  514. EVP_MD_free(out->fetched_digest);
  515. *out = *in;
  516. /* NULL out pointers in case of error */
  517. out->pctx = NULL;
  518. out->algctx = NULL;
  519. if (digest_change && in->fetched_digest != NULL)
  520. EVP_MD_up_ref(in->fetched_digest);
  521. if (in->algctx != NULL) {
  522. out->algctx = in->digest->dupctx(in->algctx);
  523. if (out->algctx == NULL) {
  524. ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX);
  525. return 0;
  526. }
  527. }
  528. clone_pkey:
  529. /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */
  530. EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
  531. #ifndef FIPS_MODULE
  532. if (in->pctx != NULL) {
  533. out->pctx = EVP_PKEY_CTX_dup(in->pctx);
  534. if (out->pctx == NULL) {
  535. ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX);
  536. EVP_MD_CTX_reset(out);
  537. return 0;
  538. }
  539. }
  540. #endif
  541. return 1;
  542. /* Code below to be removed when legacy support is dropped. */
  543. legacy:
  544. #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
  545. /* Make sure it's safe to copy a digest context using an ENGINE */
  546. if (in->engine && !ENGINE_init(in->engine)) {
  547. ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB);
  548. return 0;
  549. }
  550. #endif
  551. if (out->digest == in->digest) {
  552. tmp_buf = out->md_data;
  553. EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE);
  554. } else
  555. tmp_buf = NULL;
  556. EVP_MD_CTX_reset(out);
  557. memcpy(out, in, sizeof(*out));
  558. /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */
  559. EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
  560. /* Null these variables, since they are getting fixed up
  561. * properly below. Anything else may cause a memleak and/or
  562. * double free if any of the memory allocations below fail
  563. */
  564. out->md_data = NULL;
  565. out->pctx = NULL;
  566. if (in->md_data && out->digest->ctx_size) {
  567. if (tmp_buf)
  568. out->md_data = tmp_buf;
  569. else {
  570. out->md_data = OPENSSL_malloc(out->digest->ctx_size);
  571. if (out->md_data == NULL)
  572. return 0;
  573. }
  574. memcpy(out->md_data, in->md_data, out->digest->ctx_size);
  575. }
  576. out->update = in->update;
  577. #ifndef FIPS_MODULE
  578. if (in->pctx) {
  579. out->pctx = EVP_PKEY_CTX_dup(in->pctx);
  580. if (!out->pctx) {
  581. EVP_MD_CTX_reset(out);
  582. return 0;
  583. }
  584. }
  585. #endif
  586. if (out->digest->copy)
  587. return out->digest->copy(out, in);
  588. return 1;
  589. }
  590. int EVP_Digest(const void *data, size_t count,
  591. unsigned char *md, unsigned int *size, const EVP_MD *type,
  592. ENGINE *impl)
  593. {
  594. EVP_MD_CTX *ctx = EVP_MD_CTX_new();
  595. int ret;
  596. if (ctx == NULL)
  597. return 0;
  598. EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT);
  599. ret = EVP_DigestInit_ex(ctx, type, impl)
  600. && EVP_DigestUpdate(ctx, data, count)
  601. && EVP_DigestFinal_ex(ctx, md, size);
  602. EVP_MD_CTX_free(ctx);
  603. return ret;
  604. }
  605. int EVP_Q_digest(OSSL_LIB_CTX *libctx, const char *name, const char *propq,
  606. const void *data, size_t datalen,
  607. unsigned char *md, size_t *mdlen)
  608. {
  609. EVP_MD *digest = EVP_MD_fetch(libctx, name, propq);
  610. unsigned int temp = 0;
  611. int ret = 0;
  612. if (digest != NULL) {
  613. ret = EVP_Digest(data, datalen, md, &temp, digest, NULL);
  614. EVP_MD_free(digest);
  615. }
  616. if (mdlen != NULL)
  617. *mdlen = temp;
  618. return ret;
  619. }
  620. int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[])
  621. {
  622. if (digest != NULL && digest->get_params != NULL)
  623. return digest->get_params(params);
  624. return 0;
  625. }
  626. const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest)
  627. {
  628. if (digest != NULL && digest->gettable_params != NULL)
  629. return digest->gettable_params(
  630. ossl_provider_ctx(EVP_MD_get0_provider(digest)));
  631. return NULL;
  632. }
  633. int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[])
  634. {
  635. EVP_PKEY_CTX *pctx = ctx->pctx;
  636. /* If we have a pctx then we should try that first */
  637. if (pctx != NULL
  638. && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
  639. || pctx->operation == EVP_PKEY_OP_SIGNCTX)
  640. && pctx->op.sig.algctx != NULL
  641. && pctx->op.sig.signature->set_ctx_md_params != NULL)
  642. return pctx->op.sig.signature->set_ctx_md_params(pctx->op.sig.algctx,
  643. params);
  644. if (ctx->digest != NULL && ctx->digest->set_ctx_params != NULL)
  645. return ctx->digest->set_ctx_params(ctx->algctx, params);
  646. return 0;
  647. }
  648. const OSSL_PARAM *EVP_MD_settable_ctx_params(const EVP_MD *md)
  649. {
  650. void *provctx;
  651. if (md != NULL && md->settable_ctx_params != NULL) {
  652. provctx = ossl_provider_ctx(EVP_MD_get0_provider(md));
  653. return md->settable_ctx_params(NULL, provctx);
  654. }
  655. return NULL;
  656. }
  657. const OSSL_PARAM *EVP_MD_CTX_settable_params(EVP_MD_CTX *ctx)
  658. {
  659. EVP_PKEY_CTX *pctx;
  660. void *alg;
  661. if (ctx == NULL)
  662. return NULL;
  663. /* If we have a pctx then we should try that first */
  664. pctx = ctx->pctx;
  665. if (pctx != NULL
  666. && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
  667. || pctx->operation == EVP_PKEY_OP_SIGNCTX)
  668. && pctx->op.sig.algctx != NULL
  669. && pctx->op.sig.signature->settable_ctx_md_params != NULL)
  670. return pctx->op.sig.signature->settable_ctx_md_params(
  671. pctx->op.sig.algctx);
  672. if (ctx->digest != NULL && ctx->digest->settable_ctx_params != NULL) {
  673. alg = ossl_provider_ctx(EVP_MD_get0_provider(ctx->digest));
  674. return ctx->digest->settable_ctx_params(ctx->algctx, alg);
  675. }
  676. return NULL;
  677. }
  678. int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[])
  679. {
  680. EVP_PKEY_CTX *pctx = ctx->pctx;
  681. /* If we have a pctx then we should try that first */
  682. if (pctx != NULL
  683. && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
  684. || pctx->operation == EVP_PKEY_OP_SIGNCTX)
  685. && pctx->op.sig.algctx != NULL
  686. && pctx->op.sig.signature->get_ctx_md_params != NULL)
  687. return pctx->op.sig.signature->get_ctx_md_params(pctx->op.sig.algctx,
  688. params);
  689. if (ctx->digest != NULL && ctx->digest->get_ctx_params != NULL)
  690. return ctx->digest->get_ctx_params(ctx->algctx, params);
  691. return 0;
  692. }
  693. const OSSL_PARAM *EVP_MD_gettable_ctx_params(const EVP_MD *md)
  694. {
  695. void *provctx;
  696. if (md != NULL && md->gettable_ctx_params != NULL) {
  697. provctx = ossl_provider_ctx(EVP_MD_get0_provider(md));
  698. return md->gettable_ctx_params(NULL, provctx);
  699. }
  700. return NULL;
  701. }
  702. const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx)
  703. {
  704. EVP_PKEY_CTX *pctx;
  705. void *provctx;
  706. if (ctx == NULL)
  707. return NULL;
  708. /* If we have a pctx then we should try that first */
  709. pctx = ctx->pctx;
  710. if (pctx != NULL
  711. && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
  712. || pctx->operation == EVP_PKEY_OP_SIGNCTX)
  713. && pctx->op.sig.algctx != NULL
  714. && pctx->op.sig.signature->gettable_ctx_md_params != NULL)
  715. return pctx->op.sig.signature->gettable_ctx_md_params(
  716. pctx->op.sig.algctx);
  717. if (ctx->digest != NULL && ctx->digest->gettable_ctx_params != NULL) {
  718. provctx = ossl_provider_ctx(EVP_MD_get0_provider(ctx->digest));
  719. return ctx->digest->gettable_ctx_params(ctx->algctx, provctx);
  720. }
  721. return NULL;
  722. }
  723. int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
  724. {
  725. int ret = EVP_CTRL_RET_UNSUPPORTED;
  726. int set_params = 1;
  727. size_t sz;
  728. OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
  729. if (ctx == NULL) {
  730. ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
  731. return 0;
  732. }
  733. if (ctx->digest != NULL && ctx->digest->prov == NULL)
  734. goto legacy;
  735. switch (cmd) {
  736. case EVP_MD_CTRL_XOF_LEN:
  737. sz = (size_t)p1;
  738. params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, &sz);
  739. break;
  740. case EVP_MD_CTRL_MICALG:
  741. set_params = 0;
  742. params[0] = OSSL_PARAM_construct_utf8_string(OSSL_DIGEST_PARAM_MICALG,
  743. p2, p1 ? p1 : 9999);
  744. break;
  745. case EVP_CTRL_SSL3_MASTER_SECRET:
  746. params[0] = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
  747. p2, p1);
  748. break;
  749. default:
  750. goto conclude;
  751. }
  752. if (set_params)
  753. ret = EVP_MD_CTX_set_params(ctx, params);
  754. else
  755. ret = EVP_MD_CTX_get_params(ctx, params);
  756. goto conclude;
  757. /* Code below to be removed when legacy support is dropped. */
  758. legacy:
  759. if (ctx->digest->md_ctrl == NULL) {
  760. ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_NOT_IMPLEMENTED);
  761. return 0;
  762. }
  763. ret = ctx->digest->md_ctrl(ctx, cmd, p1, p2);
  764. conclude:
  765. if (ret <= 0)
  766. return 0;
  767. return ret;
  768. }
  769. EVP_MD *evp_md_new(void)
  770. {
  771. EVP_MD *md = OPENSSL_zalloc(sizeof(*md));
  772. if (md != NULL && !CRYPTO_NEW_REF(&md->refcnt, 1)) {
  773. OPENSSL_free(md);
  774. return NULL;
  775. }
  776. return md;
  777. }
  778. /*
  779. * FIPS module note: since internal fetches will be entirely
  780. * provider based, we know that none of its code depends on legacy
  781. * NIDs or any functionality that use them.
  782. */
  783. #ifndef FIPS_MODULE
  784. static void set_legacy_nid(const char *name, void *vlegacy_nid)
  785. {
  786. int nid;
  787. int *legacy_nid = vlegacy_nid;
  788. /*
  789. * We use lowest level function to get the associated method, because
  790. * higher level functions such as EVP_get_digestbyname() have changed
  791. * to look at providers too.
  792. */
  793. const void *legacy_method = OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH);
  794. if (*legacy_nid == -1) /* We found a clash already */
  795. return;
  796. if (legacy_method == NULL)
  797. return;
  798. nid = EVP_MD_nid(legacy_method);
  799. if (*legacy_nid != NID_undef && *legacy_nid != nid) {
  800. *legacy_nid = -1;
  801. return;
  802. }
  803. *legacy_nid = nid;
  804. }
  805. #endif
  806. static int evp_md_cache_constants(EVP_MD *md)
  807. {
  808. int ok, xof = 0, algid_absent = 0;
  809. size_t blksz = 0;
  810. size_t mdsize = 0;
  811. OSSL_PARAM params[5];
  812. params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_BLOCK_SIZE, &blksz);
  813. params[1] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE, &mdsize);
  814. params[2] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_XOF, &xof);
  815. params[3] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_ALGID_ABSENT,
  816. &algid_absent);
  817. params[4] = OSSL_PARAM_construct_end();
  818. ok = evp_do_md_getparams(md, params) > 0;
  819. if (mdsize > INT_MAX || blksz > INT_MAX)
  820. ok = 0;
  821. if (ok) {
  822. md->block_size = (int)blksz;
  823. md->md_size = (int)mdsize;
  824. if (xof)
  825. md->flags |= EVP_MD_FLAG_XOF;
  826. if (algid_absent)
  827. md->flags |= EVP_MD_FLAG_DIGALGID_ABSENT;
  828. }
  829. return ok;
  830. }
  831. static void *evp_md_from_algorithm(int name_id,
  832. const OSSL_ALGORITHM *algodef,
  833. OSSL_PROVIDER *prov)
  834. {
  835. const OSSL_DISPATCH *fns = algodef->implementation;
  836. EVP_MD *md = NULL;
  837. int fncnt = 0;
  838. /* EVP_MD_fetch() will set the legacy NID if available */
  839. if ((md = evp_md_new()) == NULL) {
  840. ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
  841. return NULL;
  842. }
  843. #ifndef FIPS_MODULE
  844. md->type = NID_undef;
  845. if (!evp_names_do_all(prov, name_id, set_legacy_nid, &md->type)
  846. || md->type == -1) {
  847. ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
  848. EVP_MD_free(md);
  849. return NULL;
  850. }
  851. #endif
  852. md->name_id = name_id;
  853. if ((md->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) {
  854. EVP_MD_free(md);
  855. return NULL;
  856. }
  857. md->description = algodef->algorithm_description;
  858. for (; fns->function_id != 0; fns++) {
  859. switch (fns->function_id) {
  860. case OSSL_FUNC_DIGEST_NEWCTX:
  861. if (md->newctx == NULL) {
  862. md->newctx = OSSL_FUNC_digest_newctx(fns);
  863. fncnt++;
  864. }
  865. break;
  866. case OSSL_FUNC_DIGEST_INIT:
  867. if (md->dinit == NULL) {
  868. md->dinit = OSSL_FUNC_digest_init(fns);
  869. fncnt++;
  870. }
  871. break;
  872. case OSSL_FUNC_DIGEST_UPDATE:
  873. if (md->dupdate == NULL) {
  874. md->dupdate = OSSL_FUNC_digest_update(fns);
  875. fncnt++;
  876. }
  877. break;
  878. case OSSL_FUNC_DIGEST_FINAL:
  879. if (md->dfinal == NULL) {
  880. md->dfinal = OSSL_FUNC_digest_final(fns);
  881. fncnt++;
  882. }
  883. break;
  884. case OSSL_FUNC_DIGEST_DIGEST:
  885. if (md->digest == NULL)
  886. md->digest = OSSL_FUNC_digest_digest(fns);
  887. /* We don't increment fnct for this as it is stand alone */
  888. break;
  889. case OSSL_FUNC_DIGEST_FREECTX:
  890. if (md->freectx == NULL) {
  891. md->freectx = OSSL_FUNC_digest_freectx(fns);
  892. fncnt++;
  893. }
  894. break;
  895. case OSSL_FUNC_DIGEST_DUPCTX:
  896. if (md->dupctx == NULL)
  897. md->dupctx = OSSL_FUNC_digest_dupctx(fns);
  898. break;
  899. case OSSL_FUNC_DIGEST_GET_PARAMS:
  900. if (md->get_params == NULL)
  901. md->get_params = OSSL_FUNC_digest_get_params(fns);
  902. break;
  903. case OSSL_FUNC_DIGEST_SET_CTX_PARAMS:
  904. if (md->set_ctx_params == NULL)
  905. md->set_ctx_params = OSSL_FUNC_digest_set_ctx_params(fns);
  906. break;
  907. case OSSL_FUNC_DIGEST_GET_CTX_PARAMS:
  908. if (md->get_ctx_params == NULL)
  909. md->get_ctx_params = OSSL_FUNC_digest_get_ctx_params(fns);
  910. break;
  911. case OSSL_FUNC_DIGEST_GETTABLE_PARAMS:
  912. if (md->gettable_params == NULL)
  913. md->gettable_params = OSSL_FUNC_digest_gettable_params(fns);
  914. break;
  915. case OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS:
  916. if (md->settable_ctx_params == NULL)
  917. md->settable_ctx_params =
  918. OSSL_FUNC_digest_settable_ctx_params(fns);
  919. break;
  920. case OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS:
  921. if (md->gettable_ctx_params == NULL)
  922. md->gettable_ctx_params =
  923. OSSL_FUNC_digest_gettable_ctx_params(fns);
  924. break;
  925. }
  926. }
  927. if ((fncnt != 0 && fncnt != 5)
  928. || (fncnt == 0 && md->digest == NULL)) {
  929. /*
  930. * In order to be a consistent set of functions we either need the
  931. * whole set of init/update/final etc functions or none of them.
  932. * The "digest" function can standalone. We at least need one way to
  933. * generate digests.
  934. */
  935. EVP_MD_free(md);
  936. ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
  937. return NULL;
  938. }
  939. md->prov = prov;
  940. if (prov != NULL)
  941. ossl_provider_up_ref(prov);
  942. if (!evp_md_cache_constants(md)) {
  943. EVP_MD_free(md);
  944. ERR_raise(ERR_LIB_EVP, EVP_R_CACHE_CONSTANTS_FAILED);
  945. md = NULL;
  946. }
  947. return md;
  948. }
  949. static int evp_md_up_ref(void *md)
  950. {
  951. return EVP_MD_up_ref(md);
  952. }
  953. static void evp_md_free(void *md)
  954. {
  955. EVP_MD_free(md);
  956. }
  957. EVP_MD *EVP_MD_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
  958. const char *properties)
  959. {
  960. EVP_MD *md =
  961. evp_generic_fetch(ctx, OSSL_OP_DIGEST, algorithm, properties,
  962. evp_md_from_algorithm, evp_md_up_ref, evp_md_free);
  963. return md;
  964. }
  965. int EVP_MD_up_ref(EVP_MD *md)
  966. {
  967. int ref = 0;
  968. if (md->origin == EVP_ORIG_DYNAMIC)
  969. CRYPTO_UP_REF(&md->refcnt, &ref);
  970. return 1;
  971. }
  972. void EVP_MD_free(EVP_MD *md)
  973. {
  974. int i;
  975. if (md == NULL || md->origin != EVP_ORIG_DYNAMIC)
  976. return;
  977. CRYPTO_DOWN_REF(&md->refcnt, &i);
  978. if (i > 0)
  979. return;
  980. evp_md_free_int(md);
  981. }
  982. void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx,
  983. void (*fn)(EVP_MD *mac, void *arg),
  984. void *arg)
  985. {
  986. evp_generic_do_all(libctx, OSSL_OP_DIGEST,
  987. (void (*)(void *, void *))fn, arg,
  988. evp_md_from_algorithm, evp_md_up_ref, evp_md_free);
  989. }