2
0

digest.c 34 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185
  1. /*
  2. * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* We need to use some engine deprecated APIs */
  10. #define OPENSSL_SUPPRESS_DEPRECATED
  11. #include <stdio.h>
  12. #include <openssl/objects.h>
  13. #include <openssl/evp.h>
  14. #include <openssl/ec.h>
  15. #ifndef FIPS_MODULE
  16. # include <openssl/engine.h>
  17. #endif
  18. #include <openssl/params.h>
  19. #include <openssl/core_names.h>
  20. #include "internal/cryptlib.h"
  21. #include "internal/provider.h"
  22. #include "internal/core.h"
  23. #include "crypto/evp.h"
  24. #include "evp_local.h"
  25. static void cleanup_old_md_data(EVP_MD_CTX *ctx, int force)
  26. {
  27. if (ctx->digest != NULL) {
  28. if (ctx->digest->cleanup != NULL
  29. && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))
  30. ctx->digest->cleanup(ctx);
  31. if (ctx->md_data != NULL && ctx->digest->ctx_size > 0
  32. && (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)
  33. || force)) {
  34. OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
  35. ctx->md_data = NULL;
  36. }
  37. }
  38. }
  39. void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force, int keep_fetched)
  40. {
  41. if (ctx->algctx != NULL) {
  42. if (ctx->digest != NULL && ctx->digest->freectx != NULL)
  43. ctx->digest->freectx(ctx->algctx);
  44. ctx->algctx = NULL;
  45. EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
  46. }
  47. /* Code below to be removed when legacy support is dropped. */
  48. /*
  49. * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because
  50. * sometimes only copies of the context are ever finalised.
  51. */
  52. cleanup_old_md_data(ctx, force);
  53. if (force)
  54. ctx->digest = NULL;
  55. #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
  56. ENGINE_finish(ctx->engine);
  57. ctx->engine = NULL;
  58. #endif
  59. /* Non legacy code, this has to be later than the ctx->digest cleaning */
  60. if (!keep_fetched) {
  61. EVP_MD_free(ctx->fetched_digest);
  62. ctx->fetched_digest = NULL;
  63. ctx->reqdigest = NULL;
  64. }
  65. }
  66. static int evp_md_ctx_reset_ex(EVP_MD_CTX *ctx, int keep_fetched)
  67. {
  68. if (ctx == NULL)
  69. return 1;
  70. #ifndef FIPS_MODULE
  71. /*
  72. * pctx should be freed by the user of EVP_MD_CTX
  73. * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set
  74. */
  75. if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) {
  76. EVP_PKEY_CTX_free(ctx->pctx);
  77. ctx->pctx = NULL;
  78. }
  79. #endif
  80. evp_md_ctx_clear_digest(ctx, 0, keep_fetched);
  81. if (!keep_fetched)
  82. OPENSSL_cleanse(ctx, sizeof(*ctx));
  83. return 1;
  84. }
  85. /* This call frees resources associated with the context */
  86. int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
  87. {
  88. return evp_md_ctx_reset_ex(ctx, 0);
  89. }
  90. #ifndef FIPS_MODULE
  91. EVP_MD_CTX *evp_md_ctx_new_ex(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id,
  92. OSSL_LIB_CTX *libctx, const char *propq)
  93. {
  94. EVP_MD_CTX *ctx;
  95. EVP_PKEY_CTX *pctx = NULL;
  96. if ((ctx = EVP_MD_CTX_new()) == NULL
  97. || (pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq)) == NULL) {
  98. ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
  99. goto err;
  100. }
  101. if (id != NULL && EVP_PKEY_CTX_set1_id(pctx, id->data, id->length) <= 0)
  102. goto err;
  103. EVP_MD_CTX_set_pkey_ctx(ctx, pctx);
  104. return ctx;
  105. err:
  106. EVP_PKEY_CTX_free(pctx);
  107. EVP_MD_CTX_free(ctx);
  108. return NULL;
  109. }
  110. #endif
  111. EVP_MD_CTX *EVP_MD_CTX_new(void)
  112. {
  113. return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
  114. }
  115. void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
  116. {
  117. if (ctx == NULL)
  118. return;
  119. EVP_MD_CTX_reset(ctx);
  120. OPENSSL_free(ctx);
  121. }
  122. int evp_md_ctx_free_algctx(EVP_MD_CTX *ctx)
  123. {
  124. if (ctx->algctx != NULL) {
  125. if (!ossl_assert(ctx->digest != NULL)) {
  126. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  127. return 0;
  128. }
  129. if (ctx->digest->freectx != NULL)
  130. ctx->digest->freectx(ctx->algctx);
  131. ctx->algctx = NULL;
  132. }
  133. return 1;
  134. }
  135. static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type,
  136. const OSSL_PARAM params[], ENGINE *impl)
  137. {
  138. #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
  139. ENGINE *tmpimpl = NULL;
  140. #endif
  141. #if !defined(FIPS_MODULE)
  142. if (ctx->pctx != NULL
  143. && EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx)
  144. && ctx->pctx->op.sig.algctx != NULL) {
  145. /*
  146. * Prior to OpenSSL 3.0 calling EVP_DigestInit_ex() on an mdctx
  147. * previously initialised with EVP_DigestSignInit() would retain
  148. * information about the key, and re-initialise for another sign
  149. * operation. So in that case we redirect to EVP_DigestSignInit()
  150. */
  151. if (ctx->pctx->operation == EVP_PKEY_OP_SIGNCTX)
  152. return EVP_DigestSignInit(ctx, NULL, type, impl, NULL);
  153. if (ctx->pctx->operation == EVP_PKEY_OP_VERIFYCTX)
  154. return EVP_DigestVerifyInit(ctx, NULL, type, impl, NULL);
  155. ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
  156. return 0;
  157. }
  158. #endif
  159. EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED
  160. | EVP_MD_CTX_FLAG_FINALISED);
  161. if (type != NULL) {
  162. ctx->reqdigest = type;
  163. } else {
  164. if (ctx->digest == NULL) {
  165. ERR_raise(ERR_LIB_EVP, EVP_R_NO_DIGEST_SET);
  166. return 0;
  167. }
  168. type = ctx->digest;
  169. }
  170. /* Code below to be removed when legacy support is dropped. */
  171. #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
  172. /*
  173. * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
  174. * this context may already have an ENGINE! Try to avoid releasing the
  175. * previous handle, re-querying for an ENGINE, and having a
  176. * reinitialisation, when it may all be unnecessary.
  177. */
  178. if (ctx->engine != NULL
  179. && ctx->digest != NULL
  180. && type->type == ctx->digest->type)
  181. goto skip_to_init;
  182. /*
  183. * Ensure an ENGINE left lying around from last time is cleared (the
  184. * previous check attempted to avoid this if the same ENGINE and
  185. * EVP_MD could be used).
  186. */
  187. ENGINE_finish(ctx->engine);
  188. ctx->engine = NULL;
  189. if (impl == NULL)
  190. tmpimpl = ENGINE_get_digest_engine(type->type);
  191. #endif
  192. /*
  193. * If there are engines involved or EVP_MD_CTX_FLAG_NO_INIT is set then we
  194. * should use legacy handling for now.
  195. */
  196. if (impl != NULL
  197. #if !defined(OPENSSL_NO_ENGINE)
  198. || ctx->engine != NULL
  199. # if !defined(FIPS_MODULE)
  200. || tmpimpl != NULL
  201. # endif
  202. #endif
  203. || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0
  204. || (type != NULL && type->origin == EVP_ORIG_METH)
  205. || (type == NULL && ctx->digest != NULL
  206. && ctx->digest->origin == EVP_ORIG_METH)) {
  207. /* If we were using provided hash before, cleanup algctx */
  208. if (!evp_md_ctx_free_algctx(ctx))
  209. return 0;
  210. if (ctx->digest == ctx->fetched_digest)
  211. ctx->digest = NULL;
  212. EVP_MD_free(ctx->fetched_digest);
  213. ctx->fetched_digest = NULL;
  214. goto legacy;
  215. }
  216. cleanup_old_md_data(ctx, 1);
  217. /* Start of non-legacy code below */
  218. if (ctx->digest == type) {
  219. if (!ossl_assert(type->prov != NULL)) {
  220. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  221. return 0;
  222. }
  223. } else {
  224. if (!evp_md_ctx_free_algctx(ctx))
  225. return 0;
  226. }
  227. if (type->prov == NULL) {
  228. #ifdef FIPS_MODULE
  229. /* We only do explicit fetches inside the FIPS module */
  230. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  231. return 0;
  232. #else
  233. /* The NULL digest is a special case */
  234. EVP_MD *provmd = EVP_MD_fetch(NULL,
  235. type->type != NID_undef ? OBJ_nid2sn(type->type)
  236. : "NULL", "");
  237. if (provmd == NULL) {
  238. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  239. return 0;
  240. }
  241. type = provmd;
  242. EVP_MD_free(ctx->fetched_digest);
  243. ctx->fetched_digest = provmd;
  244. #endif
  245. }
  246. if (type->prov != NULL && ctx->fetched_digest != type) {
  247. if (!EVP_MD_up_ref((EVP_MD *)type)) {
  248. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  249. return 0;
  250. }
  251. EVP_MD_free(ctx->fetched_digest);
  252. ctx->fetched_digest = (EVP_MD *)type;
  253. }
  254. ctx->digest = type;
  255. if (ctx->algctx == NULL) {
  256. ctx->algctx = ctx->digest->newctx(ossl_provider_ctx(type->prov));
  257. if (ctx->algctx == NULL) {
  258. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  259. return 0;
  260. }
  261. }
  262. if (ctx->digest->dinit == NULL) {
  263. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  264. return 0;
  265. }
  266. return ctx->digest->dinit(ctx->algctx, params);
  267. /* Code below to be removed when legacy support is dropped. */
  268. legacy:
  269. #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
  270. if (type) {
  271. if (impl != NULL) {
  272. if (!ENGINE_init(impl)) {
  273. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  274. return 0;
  275. }
  276. } else {
  277. /* Ask if an ENGINE is reserved for this job */
  278. impl = tmpimpl;
  279. }
  280. if (impl != NULL) {
  281. /* There's an ENGINE for this job ... (apparently) */
  282. const EVP_MD *d = ENGINE_get_digest(impl, type->type);
  283. if (d == NULL) {
  284. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  285. ENGINE_finish(impl);
  286. return 0;
  287. }
  288. /* We'll use the ENGINE's private digest definition */
  289. type = d;
  290. /*
  291. * Store the ENGINE functional reference so we know 'type' came
  292. * from an ENGINE and we need to release it when done.
  293. */
  294. ctx->engine = impl;
  295. } else
  296. ctx->engine = NULL;
  297. }
  298. #endif
  299. if (ctx->digest != type) {
  300. cleanup_old_md_data(ctx, 1);
  301. ctx->digest = type;
  302. if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
  303. ctx->update = type->update;
  304. ctx->md_data = OPENSSL_zalloc(type->ctx_size);
  305. if (ctx->md_data == NULL)
  306. return 0;
  307. }
  308. }
  309. #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
  310. skip_to_init:
  311. #endif
  312. #ifndef FIPS_MODULE
  313. if (ctx->pctx != NULL
  314. && (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx)
  315. || ctx->pctx->op.sig.signature == NULL)) {
  316. int r;
  317. r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG,
  318. EVP_PKEY_CTRL_DIGESTINIT, 0, ctx);
  319. if (r <= 0 && (r != -2))
  320. return 0;
  321. }
  322. #endif
  323. if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
  324. return 1;
  325. return ctx->digest->init(ctx);
  326. }
  327. int EVP_DigestInit_ex2(EVP_MD_CTX *ctx, const EVP_MD *type,
  328. const OSSL_PARAM params[])
  329. {
  330. return evp_md_init_internal(ctx, type, params, NULL);
  331. }
  332. int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
  333. {
  334. EVP_MD_CTX_reset(ctx);
  335. return evp_md_init_internal(ctx, type, NULL, NULL);
  336. }
  337. int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
  338. {
  339. return evp_md_init_internal(ctx, type, NULL, impl);
  340. }
  341. int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
  342. {
  343. if (count == 0)
  344. return 1;
  345. if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
  346. ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
  347. return 0;
  348. }
  349. if (ctx->pctx != NULL
  350. && EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx)
  351. && ctx->pctx->op.sig.algctx != NULL) {
  352. /*
  353. * Prior to OpenSSL 3.0 EVP_DigestSignUpdate() and
  354. * EVP_DigestVerifyUpdate() were just macros for EVP_DigestUpdate().
  355. * Some code calls EVP_DigestUpdate() directly even when initialised
  356. * with EVP_DigestSignInit_ex() or
  357. * EVP_DigestVerifyInit_ex(), so we detect that and redirect to
  358. * the correct EVP_Digest*Update() function
  359. */
  360. if (ctx->pctx->operation == EVP_PKEY_OP_SIGNCTX)
  361. return EVP_DigestSignUpdate(ctx, data, count);
  362. if (ctx->pctx->operation == EVP_PKEY_OP_VERIFYCTX)
  363. return EVP_DigestVerifyUpdate(ctx, data, count);
  364. ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
  365. return 0;
  366. }
  367. if (ctx->digest == NULL
  368. || ctx->digest->prov == NULL
  369. || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0)
  370. goto legacy;
  371. if (ctx->digest->dupdate == NULL) {
  372. ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
  373. return 0;
  374. }
  375. return ctx->digest->dupdate(ctx->algctx, data, count);
  376. /* Code below to be removed when legacy support is dropped. */
  377. legacy:
  378. return ctx->update(ctx, data, count);
  379. }
  380. /* The caller can assume that this removes any secret data from the context */
  381. int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
  382. {
  383. int ret;
  384. ret = EVP_DigestFinal_ex(ctx, md, size);
  385. EVP_MD_CTX_reset(ctx);
  386. return ret;
  387. }
  388. /* The caller can assume that this removes any secret data from the context */
  389. int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize)
  390. {
  391. int ret, sz;
  392. size_t size = 0;
  393. size_t mdsize = 0;
  394. if (ctx->digest == NULL)
  395. return 0;
  396. sz = EVP_MD_get_size(ctx->digest);
  397. if (sz < 0)
  398. return 0;
  399. mdsize = sz;
  400. if (ctx->digest->prov == NULL)
  401. goto legacy;
  402. if (ctx->digest->gettable_ctx_params != NULL) {
  403. OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
  404. params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE,
  405. &mdsize);
  406. if (!EVP_MD_CTX_get_params(ctx, params))
  407. return 0;
  408. }
  409. if (ctx->digest->dfinal == NULL) {
  410. ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
  411. return 0;
  412. }
  413. if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
  414. ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
  415. return 0;
  416. }
  417. ret = ctx->digest->dfinal(ctx->algctx, md, &size, mdsize);
  418. ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
  419. if (isize != NULL) {
  420. if (size <= UINT_MAX) {
  421. *isize = (unsigned int)size;
  422. } else {
  423. ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
  424. ret = 0;
  425. }
  426. }
  427. return ret;
  428. /* Code below to be removed when legacy support is dropped. */
  429. legacy:
  430. OPENSSL_assert(mdsize <= EVP_MAX_MD_SIZE);
  431. ret = ctx->digest->final(ctx, md);
  432. if (isize != NULL)
  433. *isize = mdsize;
  434. if (ctx->digest->cleanup) {
  435. ctx->digest->cleanup(ctx);
  436. EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
  437. }
  438. OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
  439. return ret;
  440. }
  441. /* This is a one shot operation */
  442. int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t size)
  443. {
  444. int ret = 0;
  445. OSSL_PARAM params[2];
  446. size_t i = 0;
  447. if (ctx->digest == NULL) {
  448. ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM);
  449. return 0;
  450. }
  451. if (ctx->digest->prov == NULL)
  452. goto legacy;
  453. if (ctx->digest->dfinal == NULL) {
  454. ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
  455. return 0;
  456. }
  457. if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
  458. ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
  459. return 0;
  460. }
  461. /*
  462. * For backward compatibility we pass the XOFLEN via a param here so that
  463. * older providers can use the supplied value. Ideally we should have just
  464. * used the size passed into ctx->digest->dfinal().
  465. */
  466. params[i++] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, &size);
  467. params[i++] = OSSL_PARAM_construct_end();
  468. if (EVP_MD_CTX_set_params(ctx, params) >= 0)
  469. ret = ctx->digest->dfinal(ctx->algctx, md, &size, size);
  470. ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
  471. return ret;
  472. legacy:
  473. if (ctx->digest->flags & EVP_MD_FLAG_XOF
  474. && size <= INT_MAX
  475. && ctx->digest->md_ctrl(ctx, EVP_MD_CTRL_XOF_LEN, (int)size, NULL)) {
  476. ret = ctx->digest->final(ctx, md);
  477. if (ctx->digest->cleanup != NULL) {
  478. ctx->digest->cleanup(ctx);
  479. EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
  480. }
  481. OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
  482. } else {
  483. ERR_raise(ERR_LIB_EVP, EVP_R_NOT_XOF_OR_INVALID_LENGTH);
  484. }
  485. return ret;
  486. }
  487. /* EVP_DigestSqueeze() can be called multiple times */
  488. int EVP_DigestSqueeze(EVP_MD_CTX *ctx, unsigned char *md, size_t size)
  489. {
  490. if (ctx->digest == NULL) {
  491. ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM);
  492. return 0;
  493. }
  494. if (ctx->digest->prov == NULL) {
  495. ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION);
  496. return 0;
  497. }
  498. if (ctx->digest->dsqueeze == NULL) {
  499. ERR_raise(ERR_LIB_EVP, EVP_R_METHOD_NOT_SUPPORTED);
  500. return 0;
  501. }
  502. return ctx->digest->dsqueeze(ctx->algctx, md, &size, size);
  503. }
  504. EVP_MD_CTX *EVP_MD_CTX_dup(const EVP_MD_CTX *in)
  505. {
  506. EVP_MD_CTX *out = EVP_MD_CTX_new();
  507. if (out != NULL && !EVP_MD_CTX_copy_ex(out, in)) {
  508. EVP_MD_CTX_free(out);
  509. out = NULL;
  510. }
  511. return out;
  512. }
  513. int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
  514. {
  515. EVP_MD_CTX_reset(out);
  516. return EVP_MD_CTX_copy_ex(out, in);
  517. }
  518. int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
  519. {
  520. int digest_change = 0;
  521. unsigned char *tmp_buf;
  522. if (in == NULL) {
  523. ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
  524. return 0;
  525. }
  526. if (in->digest == NULL) {
  527. /* copying uninitialized digest context */
  528. EVP_MD_CTX_reset(out);
  529. if (out->fetched_digest != NULL)
  530. EVP_MD_free(out->fetched_digest);
  531. *out = *in;
  532. goto clone_pkey;
  533. }
  534. if (in->digest->prov == NULL
  535. || (in->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0)
  536. goto legacy;
  537. if (in->digest->dupctx == NULL) {
  538. ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX);
  539. return 0;
  540. }
  541. evp_md_ctx_reset_ex(out, 1);
  542. digest_change = (out->fetched_digest != in->fetched_digest);
  543. if (digest_change && out->fetched_digest != NULL)
  544. EVP_MD_free(out->fetched_digest);
  545. *out = *in;
  546. /* NULL out pointers in case of error */
  547. out->pctx = NULL;
  548. out->algctx = NULL;
  549. if (digest_change && in->fetched_digest != NULL)
  550. EVP_MD_up_ref(in->fetched_digest);
  551. if (in->algctx != NULL) {
  552. out->algctx = in->digest->dupctx(in->algctx);
  553. if (out->algctx == NULL) {
  554. ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX);
  555. return 0;
  556. }
  557. }
  558. clone_pkey:
  559. /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */
  560. EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
  561. #ifndef FIPS_MODULE
  562. if (in->pctx != NULL) {
  563. out->pctx = EVP_PKEY_CTX_dup(in->pctx);
  564. if (out->pctx == NULL) {
  565. ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX);
  566. EVP_MD_CTX_reset(out);
  567. return 0;
  568. }
  569. }
  570. #endif
  571. return 1;
  572. /* Code below to be removed when legacy support is dropped. */
  573. legacy:
  574. #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
  575. /* Make sure it's safe to copy a digest context using an ENGINE */
  576. if (in->engine && !ENGINE_init(in->engine)) {
  577. ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB);
  578. return 0;
  579. }
  580. #endif
  581. if (out->digest == in->digest) {
  582. tmp_buf = out->md_data;
  583. EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE);
  584. } else
  585. tmp_buf = NULL;
  586. EVP_MD_CTX_reset(out);
  587. memcpy(out, in, sizeof(*out));
  588. /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */
  589. EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
  590. /* Null these variables, since they are getting fixed up
  591. * properly below. Anything else may cause a memleak and/or
  592. * double free if any of the memory allocations below fail
  593. */
  594. out->md_data = NULL;
  595. out->pctx = NULL;
  596. if (in->md_data && out->digest->ctx_size) {
  597. if (tmp_buf)
  598. out->md_data = tmp_buf;
  599. else {
  600. out->md_data = OPENSSL_malloc(out->digest->ctx_size);
  601. if (out->md_data == NULL)
  602. return 0;
  603. }
  604. memcpy(out->md_data, in->md_data, out->digest->ctx_size);
  605. }
  606. out->update = in->update;
  607. #ifndef FIPS_MODULE
  608. if (in->pctx) {
  609. out->pctx = EVP_PKEY_CTX_dup(in->pctx);
  610. if (!out->pctx) {
  611. EVP_MD_CTX_reset(out);
  612. return 0;
  613. }
  614. }
  615. #endif
  616. if (out->digest->copy)
  617. return out->digest->copy(out, in);
  618. return 1;
  619. }
  620. int EVP_Digest(const void *data, size_t count,
  621. unsigned char *md, unsigned int *size, const EVP_MD *type,
  622. ENGINE *impl)
  623. {
  624. EVP_MD_CTX *ctx = EVP_MD_CTX_new();
  625. int ret;
  626. if (ctx == NULL)
  627. return 0;
  628. EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT);
  629. ret = EVP_DigestInit_ex(ctx, type, impl)
  630. && EVP_DigestUpdate(ctx, data, count)
  631. && EVP_DigestFinal_ex(ctx, md, size);
  632. EVP_MD_CTX_free(ctx);
  633. return ret;
  634. }
  635. int EVP_Q_digest(OSSL_LIB_CTX *libctx, const char *name, const char *propq,
  636. const void *data, size_t datalen,
  637. unsigned char *md, size_t *mdlen)
  638. {
  639. EVP_MD *digest = EVP_MD_fetch(libctx, name, propq);
  640. unsigned int temp = 0;
  641. int ret = 0;
  642. if (digest != NULL) {
  643. ret = EVP_Digest(data, datalen, md, &temp, digest, NULL);
  644. EVP_MD_free(digest);
  645. }
  646. if (mdlen != NULL)
  647. *mdlen = temp;
  648. return ret;
  649. }
  650. int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[])
  651. {
  652. if (digest != NULL && digest->get_params != NULL)
  653. return digest->get_params(params);
  654. return 0;
  655. }
  656. const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest)
  657. {
  658. if (digest != NULL && digest->gettable_params != NULL)
  659. return digest->gettable_params(
  660. ossl_provider_ctx(EVP_MD_get0_provider(digest)));
  661. return NULL;
  662. }
  663. int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[])
  664. {
  665. EVP_PKEY_CTX *pctx = ctx->pctx;
  666. /* If we have a pctx then we should try that first */
  667. if (pctx != NULL
  668. && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
  669. || pctx->operation == EVP_PKEY_OP_SIGNCTX)
  670. && pctx->op.sig.algctx != NULL
  671. && pctx->op.sig.signature->set_ctx_md_params != NULL)
  672. return pctx->op.sig.signature->set_ctx_md_params(pctx->op.sig.algctx,
  673. params);
  674. if (ctx->digest != NULL && ctx->digest->set_ctx_params != NULL)
  675. return ctx->digest->set_ctx_params(ctx->algctx, params);
  676. return 0;
  677. }
  678. const OSSL_PARAM *EVP_MD_settable_ctx_params(const EVP_MD *md)
  679. {
  680. void *provctx;
  681. if (md != NULL && md->settable_ctx_params != NULL) {
  682. provctx = ossl_provider_ctx(EVP_MD_get0_provider(md));
  683. return md->settable_ctx_params(NULL, provctx);
  684. }
  685. return NULL;
  686. }
  687. const OSSL_PARAM *EVP_MD_CTX_settable_params(EVP_MD_CTX *ctx)
  688. {
  689. EVP_PKEY_CTX *pctx;
  690. void *alg;
  691. if (ctx == NULL)
  692. return NULL;
  693. /* If we have a pctx then we should try that first */
  694. pctx = ctx->pctx;
  695. if (pctx != NULL
  696. && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
  697. || pctx->operation == EVP_PKEY_OP_SIGNCTX)
  698. && pctx->op.sig.algctx != NULL
  699. && pctx->op.sig.signature->settable_ctx_md_params != NULL)
  700. return pctx->op.sig.signature->settable_ctx_md_params(
  701. pctx->op.sig.algctx);
  702. if (ctx->digest != NULL && ctx->digest->settable_ctx_params != NULL) {
  703. alg = ossl_provider_ctx(EVP_MD_get0_provider(ctx->digest));
  704. return ctx->digest->settable_ctx_params(ctx->algctx, alg);
  705. }
  706. return NULL;
  707. }
  708. int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[])
  709. {
  710. EVP_PKEY_CTX *pctx = ctx->pctx;
  711. /* If we have a pctx then we should try that first */
  712. if (pctx != NULL
  713. && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
  714. || pctx->operation == EVP_PKEY_OP_SIGNCTX)
  715. && pctx->op.sig.algctx != NULL
  716. && pctx->op.sig.signature->get_ctx_md_params != NULL)
  717. return pctx->op.sig.signature->get_ctx_md_params(pctx->op.sig.algctx,
  718. params);
  719. if (ctx->digest != NULL && ctx->digest->get_ctx_params != NULL)
  720. return ctx->digest->get_ctx_params(ctx->algctx, params);
  721. return 0;
  722. }
  723. const OSSL_PARAM *EVP_MD_gettable_ctx_params(const EVP_MD *md)
  724. {
  725. void *provctx;
  726. if (md != NULL && md->gettable_ctx_params != NULL) {
  727. provctx = ossl_provider_ctx(EVP_MD_get0_provider(md));
  728. return md->gettable_ctx_params(NULL, provctx);
  729. }
  730. return NULL;
  731. }
  732. const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx)
  733. {
  734. EVP_PKEY_CTX *pctx;
  735. void *provctx;
  736. if (ctx == NULL)
  737. return NULL;
  738. /* If we have a pctx then we should try that first */
  739. pctx = ctx->pctx;
  740. if (pctx != NULL
  741. && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
  742. || pctx->operation == EVP_PKEY_OP_SIGNCTX)
  743. && pctx->op.sig.algctx != NULL
  744. && pctx->op.sig.signature->gettable_ctx_md_params != NULL)
  745. return pctx->op.sig.signature->gettable_ctx_md_params(
  746. pctx->op.sig.algctx);
  747. if (ctx->digest != NULL && ctx->digest->gettable_ctx_params != NULL) {
  748. provctx = ossl_provider_ctx(EVP_MD_get0_provider(ctx->digest));
  749. return ctx->digest->gettable_ctx_params(ctx->algctx, provctx);
  750. }
  751. return NULL;
  752. }
  753. int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
  754. {
  755. int ret = EVP_CTRL_RET_UNSUPPORTED;
  756. int set_params = 1;
  757. size_t sz;
  758. OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
  759. if (ctx == NULL) {
  760. ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
  761. return 0;
  762. }
  763. if (ctx->digest != NULL && ctx->digest->prov == NULL)
  764. goto legacy;
  765. switch (cmd) {
  766. case EVP_MD_CTRL_XOF_LEN:
  767. sz = (size_t)p1;
  768. params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, &sz);
  769. break;
  770. case EVP_MD_CTRL_MICALG:
  771. set_params = 0;
  772. params[0] = OSSL_PARAM_construct_utf8_string(OSSL_DIGEST_PARAM_MICALG,
  773. p2, p1 ? p1 : 9999);
  774. break;
  775. case EVP_CTRL_SSL3_MASTER_SECRET:
  776. params[0] = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
  777. p2, p1);
  778. break;
  779. default:
  780. goto conclude;
  781. }
  782. if (set_params)
  783. ret = EVP_MD_CTX_set_params(ctx, params);
  784. else
  785. ret = EVP_MD_CTX_get_params(ctx, params);
  786. goto conclude;
  787. /* Code below to be removed when legacy support is dropped. */
  788. legacy:
  789. if (ctx->digest->md_ctrl == NULL) {
  790. ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_NOT_IMPLEMENTED);
  791. return 0;
  792. }
  793. ret = ctx->digest->md_ctrl(ctx, cmd, p1, p2);
  794. conclude:
  795. if (ret <= 0)
  796. return 0;
  797. return ret;
  798. }
  799. EVP_MD *evp_md_new(void)
  800. {
  801. EVP_MD *md = OPENSSL_zalloc(sizeof(*md));
  802. if (md != NULL && !CRYPTO_NEW_REF(&md->refcnt, 1)) {
  803. OPENSSL_free(md);
  804. return NULL;
  805. }
  806. return md;
  807. }
  808. /*
  809. * FIPS module note: since internal fetches will be entirely
  810. * provider based, we know that none of its code depends on legacy
  811. * NIDs or any functionality that use them.
  812. */
  813. #ifndef FIPS_MODULE
  814. static void set_legacy_nid(const char *name, void *vlegacy_nid)
  815. {
  816. int nid;
  817. int *legacy_nid = vlegacy_nid;
  818. /*
  819. * We use lowest level function to get the associated method, because
  820. * higher level functions such as EVP_get_digestbyname() have changed
  821. * to look at providers too.
  822. */
  823. const void *legacy_method = OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH);
  824. if (*legacy_nid == -1) /* We found a clash already */
  825. return;
  826. if (legacy_method == NULL)
  827. return;
  828. nid = EVP_MD_nid(legacy_method);
  829. if (*legacy_nid != NID_undef && *legacy_nid != nid) {
  830. *legacy_nid = -1;
  831. return;
  832. }
  833. *legacy_nid = nid;
  834. }
  835. #endif
  836. static int evp_md_cache_constants(EVP_MD *md)
  837. {
  838. int ok, xof = 0, algid_absent = 0;
  839. size_t blksz = 0;
  840. size_t mdsize = 0;
  841. OSSL_PARAM params[5];
  842. params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_BLOCK_SIZE, &blksz);
  843. params[1] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE, &mdsize);
  844. params[2] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_XOF, &xof);
  845. params[3] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_ALGID_ABSENT,
  846. &algid_absent);
  847. params[4] = OSSL_PARAM_construct_end();
  848. ok = evp_do_md_getparams(md, params) > 0;
  849. if (mdsize > INT_MAX || blksz > INT_MAX)
  850. ok = 0;
  851. if (ok) {
  852. md->block_size = (int)blksz;
  853. md->md_size = (int)mdsize;
  854. if (xof)
  855. md->flags |= EVP_MD_FLAG_XOF;
  856. if (algid_absent)
  857. md->flags |= EVP_MD_FLAG_DIGALGID_ABSENT;
  858. }
  859. return ok;
  860. }
  861. static void *evp_md_from_algorithm(int name_id,
  862. const OSSL_ALGORITHM *algodef,
  863. OSSL_PROVIDER *prov)
  864. {
  865. const OSSL_DISPATCH *fns = algodef->implementation;
  866. EVP_MD *md = NULL;
  867. int fncnt = 0;
  868. /* EVP_MD_fetch() will set the legacy NID if available */
  869. if ((md = evp_md_new()) == NULL) {
  870. ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
  871. return NULL;
  872. }
  873. #ifndef FIPS_MODULE
  874. md->type = NID_undef;
  875. if (!evp_names_do_all(prov, name_id, set_legacy_nid, &md->type)
  876. || md->type == -1) {
  877. ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
  878. EVP_MD_free(md);
  879. return NULL;
  880. }
  881. #endif
  882. md->name_id = name_id;
  883. if ((md->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) {
  884. EVP_MD_free(md);
  885. return NULL;
  886. }
  887. md->description = algodef->algorithm_description;
  888. for (; fns->function_id != 0; fns++) {
  889. switch (fns->function_id) {
  890. case OSSL_FUNC_DIGEST_NEWCTX:
  891. if (md->newctx == NULL) {
  892. md->newctx = OSSL_FUNC_digest_newctx(fns);
  893. fncnt++;
  894. }
  895. break;
  896. case OSSL_FUNC_DIGEST_INIT:
  897. if (md->dinit == NULL) {
  898. md->dinit = OSSL_FUNC_digest_init(fns);
  899. fncnt++;
  900. }
  901. break;
  902. case OSSL_FUNC_DIGEST_UPDATE:
  903. if (md->dupdate == NULL) {
  904. md->dupdate = OSSL_FUNC_digest_update(fns);
  905. fncnt++;
  906. }
  907. break;
  908. case OSSL_FUNC_DIGEST_FINAL:
  909. if (md->dfinal == NULL) {
  910. md->dfinal = OSSL_FUNC_digest_final(fns);
  911. fncnt++;
  912. }
  913. break;
  914. case OSSL_FUNC_DIGEST_SQUEEZE:
  915. if (md->dsqueeze == NULL) {
  916. md->dsqueeze = OSSL_FUNC_digest_squeeze(fns);
  917. fncnt++;
  918. }
  919. break;
  920. case OSSL_FUNC_DIGEST_DIGEST:
  921. if (md->digest == NULL)
  922. md->digest = OSSL_FUNC_digest_digest(fns);
  923. /* We don't increment fnct for this as it is stand alone */
  924. break;
  925. case OSSL_FUNC_DIGEST_FREECTX:
  926. if (md->freectx == NULL) {
  927. md->freectx = OSSL_FUNC_digest_freectx(fns);
  928. fncnt++;
  929. }
  930. break;
  931. case OSSL_FUNC_DIGEST_DUPCTX:
  932. if (md->dupctx == NULL)
  933. md->dupctx = OSSL_FUNC_digest_dupctx(fns);
  934. break;
  935. case OSSL_FUNC_DIGEST_GET_PARAMS:
  936. if (md->get_params == NULL)
  937. md->get_params = OSSL_FUNC_digest_get_params(fns);
  938. break;
  939. case OSSL_FUNC_DIGEST_SET_CTX_PARAMS:
  940. if (md->set_ctx_params == NULL)
  941. md->set_ctx_params = OSSL_FUNC_digest_set_ctx_params(fns);
  942. break;
  943. case OSSL_FUNC_DIGEST_GET_CTX_PARAMS:
  944. if (md->get_ctx_params == NULL)
  945. md->get_ctx_params = OSSL_FUNC_digest_get_ctx_params(fns);
  946. break;
  947. case OSSL_FUNC_DIGEST_GETTABLE_PARAMS:
  948. if (md->gettable_params == NULL)
  949. md->gettable_params = OSSL_FUNC_digest_gettable_params(fns);
  950. break;
  951. case OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS:
  952. if (md->settable_ctx_params == NULL)
  953. md->settable_ctx_params =
  954. OSSL_FUNC_digest_settable_ctx_params(fns);
  955. break;
  956. case OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS:
  957. if (md->gettable_ctx_params == NULL)
  958. md->gettable_ctx_params =
  959. OSSL_FUNC_digest_gettable_ctx_params(fns);
  960. break;
  961. }
  962. }
  963. if ((fncnt != 0 && fncnt != 5 && fncnt != 6)
  964. || (fncnt == 0 && md->digest == NULL)) {
  965. /*
  966. * In order to be a consistent set of functions we either need the
  967. * whole set of init/update/final etc functions or none of them.
  968. * The "digest" function can standalone. We at least need one way to
  969. * generate digests.
  970. */
  971. EVP_MD_free(md);
  972. ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
  973. return NULL;
  974. }
  975. md->prov = prov;
  976. if (prov != NULL)
  977. ossl_provider_up_ref(prov);
  978. if (!evp_md_cache_constants(md)) {
  979. EVP_MD_free(md);
  980. ERR_raise(ERR_LIB_EVP, EVP_R_CACHE_CONSTANTS_FAILED);
  981. md = NULL;
  982. }
  983. return md;
  984. }
  985. static int evp_md_up_ref(void *md)
  986. {
  987. return EVP_MD_up_ref(md);
  988. }
  989. static void evp_md_free(void *md)
  990. {
  991. EVP_MD_free(md);
  992. }
  993. EVP_MD *EVP_MD_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
  994. const char *properties)
  995. {
  996. EVP_MD *md =
  997. evp_generic_fetch(ctx, OSSL_OP_DIGEST, algorithm, properties,
  998. evp_md_from_algorithm, evp_md_up_ref, evp_md_free);
  999. return md;
  1000. }
  1001. int EVP_MD_up_ref(EVP_MD *md)
  1002. {
  1003. int ref = 0;
  1004. if (md->origin == EVP_ORIG_DYNAMIC)
  1005. CRYPTO_UP_REF(&md->refcnt, &ref);
  1006. return 1;
  1007. }
  1008. void EVP_MD_free(EVP_MD *md)
  1009. {
  1010. int i;
  1011. if (md == NULL || md->origin != EVP_ORIG_DYNAMIC)
  1012. return;
  1013. CRYPTO_DOWN_REF(&md->refcnt, &i);
  1014. if (i > 0)
  1015. return;
  1016. evp_md_free_int(md);
  1017. }
  1018. void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx,
  1019. void (*fn)(EVP_MD *mac, void *arg),
  1020. void *arg)
  1021. {
  1022. evp_generic_do_all(libctx, OSSL_OP_DIGEST,
  1023. (void (*)(void *, void *))fn, arg,
  1024. evp_md_from_algorithm, evp_md_up_ref, evp_md_free);
  1025. }