2
0

digest.c 31 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054
  1. /*
  2. * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* We need to use some engine deprecated APIs */
  10. #define OPENSSL_SUPPRESS_DEPRECATED
  11. #include <stdio.h>
  12. #include <openssl/objects.h>
  13. #include <openssl/evp.h>
  14. #include <openssl/ec.h>
  15. #include <openssl/engine.h>
  16. #include <openssl/params.h>
  17. #include <openssl/core_names.h>
  18. #include "internal/cryptlib.h"
  19. #include "crypto/evp.h"
  20. #include "internal/provider.h"
  21. #include "evp_local.h"
  22. void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force)
  23. {
  24. if (ctx->provctx != NULL) {
  25. if (ctx->digest != NULL && ctx->digest->freectx != NULL)
  26. ctx->digest->freectx(ctx->provctx);
  27. ctx->provctx = NULL;
  28. EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
  29. }
  30. /* Code below to be removed when legacy support is dropped. */
  31. /*
  32. * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because
  33. * sometimes only copies of the context are ever finalised.
  34. */
  35. if (ctx->digest && ctx->digest->cleanup
  36. && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))
  37. ctx->digest->cleanup(ctx);
  38. if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
  39. && (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE) || force))
  40. OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
  41. if (force)
  42. ctx->digest = NULL;
  43. #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
  44. ENGINE_finish(ctx->engine);
  45. ctx->engine = NULL;
  46. #endif
  47. /* Non legacy code, this has to be later than the ctx->digest cleaning */
  48. EVP_MD_free(ctx->fetched_digest);
  49. ctx->fetched_digest = NULL;
  50. ctx->reqdigest = NULL;
  51. }
  52. /* This call frees resources associated with the context */
  53. int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
  54. {
  55. if (ctx == NULL)
  56. return 1;
  57. #ifndef FIPS_MODULE
  58. /*
  59. * pctx should be freed by the user of EVP_MD_CTX
  60. * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set
  61. */
  62. if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) {
  63. EVP_PKEY_CTX_free(ctx->pctx);
  64. ctx->pctx = NULL;
  65. }
  66. #endif
  67. evp_md_ctx_clear_digest(ctx, 0);
  68. OPENSSL_cleanse(ctx, sizeof(*ctx));
  69. return 1;
  70. }
  71. #ifndef FIPS_MODULE
  72. EVP_MD_CTX *evp_md_ctx_new_ex(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id,
  73. OSSL_LIB_CTX *libctx, const char *propq)
  74. {
  75. EVP_MD_CTX *ctx;
  76. EVP_PKEY_CTX *pctx = NULL;
  77. if ((ctx = EVP_MD_CTX_new()) == NULL
  78. || (pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq)) == NULL) {
  79. ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
  80. goto err;
  81. }
  82. if (id != NULL && EVP_PKEY_CTX_set1_id(pctx, id->data, id->length) <= 0)
  83. goto err;
  84. EVP_MD_CTX_set_pkey_ctx(ctx, pctx);
  85. return ctx;
  86. err:
  87. EVP_PKEY_CTX_free(pctx);
  88. EVP_MD_CTX_free(ctx);
  89. return NULL;
  90. }
  91. #endif
  92. EVP_MD_CTX *EVP_MD_CTX_new(void)
  93. {
  94. return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
  95. }
  96. void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
  97. {
  98. if (ctx == NULL)
  99. return;
  100. EVP_MD_CTX_reset(ctx);
  101. OPENSSL_free(ctx);
  102. }
  103. static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type,
  104. const OSSL_PARAM params[], ENGINE *impl)
  105. {
  106. #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
  107. ENGINE *tmpimpl = NULL;
  108. #endif
  109. #if !defined(FIPS_MODULE)
  110. if (ctx->pctx != NULL
  111. && EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx)
  112. && ctx->pctx->op.sig.sigprovctx != NULL) {
  113. /*
  114. * Prior to OpenSSL 3.0 calling EVP_DigestInit_ex() on an mdctx
  115. * previously initialised with EVP_DigestSignInit() would retain
  116. * information about the key, and re-initialise for another sign
  117. * operation. So in that case we redirect to EVP_DigestSignInit()
  118. */
  119. if (ctx->pctx->operation == EVP_PKEY_OP_SIGNCTX)
  120. return EVP_DigestSignInit(ctx, NULL, type, impl, NULL);
  121. if (ctx->pctx->operation == EVP_PKEY_OP_VERIFYCTX)
  122. return EVP_DigestVerifyInit(ctx, NULL, type, impl, NULL);
  123. ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
  124. return 0;
  125. }
  126. #endif
  127. EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
  128. if (ctx->provctx != NULL) {
  129. if (!ossl_assert(ctx->digest != NULL)) {
  130. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  131. return 0;
  132. }
  133. if (ctx->digest->freectx != NULL)
  134. ctx->digest->freectx(ctx->provctx);
  135. ctx->provctx = NULL;
  136. }
  137. if (type != NULL) {
  138. ctx->reqdigest = type;
  139. } else {
  140. if (ctx->digest == NULL) {
  141. ERR_raise(ERR_LIB_EVP, EVP_R_NO_DIGEST_SET);
  142. return 0;
  143. }
  144. type = ctx->digest;
  145. }
  146. /* Code below to be removed when legacy support is dropped. */
  147. #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
  148. /*
  149. * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
  150. * this context may already have an ENGINE! Try to avoid releasing the
  151. * previous handle, re-querying for an ENGINE, and having a
  152. * reinitialisation, when it may all be unnecessary.
  153. */
  154. if (ctx->engine && ctx->digest &&
  155. (type == NULL || (type->type == ctx->digest->type)))
  156. goto skip_to_init;
  157. if (type != NULL) {
  158. /*
  159. * Ensure an ENGINE left lying around from last time is cleared (the
  160. * previous check attempted to avoid this if the same ENGINE and
  161. * EVP_MD could be used).
  162. */
  163. ENGINE_finish(ctx->engine);
  164. ctx->engine = NULL;
  165. }
  166. if (type != NULL && impl == NULL)
  167. tmpimpl = ENGINE_get_digest_engine(type->type);
  168. #endif
  169. /*
  170. * If there are engines involved or EVP_MD_CTX_FLAG_NO_INIT is set then we
  171. * should use legacy handling for now.
  172. */
  173. if (ctx->engine != NULL
  174. || impl != NULL
  175. #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
  176. || tmpimpl != NULL
  177. #endif
  178. || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) {
  179. if (ctx->digest == ctx->fetched_digest)
  180. ctx->digest = NULL;
  181. EVP_MD_free(ctx->fetched_digest);
  182. ctx->fetched_digest = NULL;
  183. goto legacy;
  184. }
  185. if (ctx->digest != NULL && ctx->digest->ctx_size > 0) {
  186. OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
  187. ctx->md_data = NULL;
  188. }
  189. /* Start of non-legacy code below */
  190. if (type->prov == NULL) {
  191. #ifdef FIPS_MODULE
  192. /* We only do explicit fetches inside the FIPS module */
  193. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  194. return 0;
  195. #else
  196. EVP_MD *provmd = EVP_MD_fetch(NULL, OBJ_nid2sn(type->type), "");
  197. if (provmd == NULL) {
  198. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  199. return 0;
  200. }
  201. type = provmd;
  202. EVP_MD_free(ctx->fetched_digest);
  203. ctx->fetched_digest = provmd;
  204. #endif
  205. }
  206. if (ctx->provctx != NULL && ctx->digest != NULL && ctx->digest != type) {
  207. if (ctx->digest->freectx != NULL)
  208. ctx->digest->freectx(ctx->provctx);
  209. ctx->provctx = NULL;
  210. }
  211. if (type->prov != NULL && ctx->fetched_digest != type) {
  212. if (!EVP_MD_up_ref((EVP_MD *)type)) {
  213. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  214. return 0;
  215. }
  216. EVP_MD_free(ctx->fetched_digest);
  217. ctx->fetched_digest = (EVP_MD *)type;
  218. }
  219. ctx->digest = type;
  220. if (ctx->provctx == NULL) {
  221. ctx->provctx = ctx->digest->newctx(ossl_provider_ctx(type->prov));
  222. if (ctx->provctx == NULL) {
  223. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  224. return 0;
  225. }
  226. }
  227. if (ctx->digest->dinit == NULL) {
  228. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  229. return 0;
  230. }
  231. return ctx->digest->dinit(ctx->provctx, params);
  232. /* Code below to be removed when legacy support is dropped. */
  233. legacy:
  234. #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
  235. if (type) {
  236. if (impl != NULL) {
  237. if (!ENGINE_init(impl)) {
  238. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  239. return 0;
  240. }
  241. } else {
  242. /* Ask if an ENGINE is reserved for this job */
  243. impl = tmpimpl;
  244. }
  245. if (impl != NULL) {
  246. /* There's an ENGINE for this job ... (apparently) */
  247. const EVP_MD *d = ENGINE_get_digest(impl, type->type);
  248. if (d == NULL) {
  249. ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  250. ENGINE_finish(impl);
  251. return 0;
  252. }
  253. /* We'll use the ENGINE's private digest definition */
  254. type = d;
  255. /*
  256. * Store the ENGINE functional reference so we know 'type' came
  257. * from an ENGINE and we need to release it when done.
  258. */
  259. ctx->engine = impl;
  260. } else
  261. ctx->engine = NULL;
  262. }
  263. #endif
  264. if (ctx->digest != type) {
  265. if (ctx->digest && ctx->digest->ctx_size) {
  266. OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
  267. ctx->md_data = NULL;
  268. }
  269. ctx->digest = type;
  270. if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
  271. ctx->update = type->update;
  272. ctx->md_data = OPENSSL_zalloc(type->ctx_size);
  273. if (ctx->md_data == NULL) {
  274. ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
  275. return 0;
  276. }
  277. }
  278. }
  279. #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
  280. skip_to_init:
  281. #endif
  282. #ifndef FIPS_MODULE
  283. if (ctx->pctx != NULL
  284. && (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx)
  285. || ctx->pctx->op.sig.signature == NULL)) {
  286. int r;
  287. r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG,
  288. EVP_PKEY_CTRL_DIGESTINIT, 0, ctx);
  289. if (r <= 0 && (r != -2))
  290. return 0;
  291. }
  292. #endif
  293. if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
  294. return 1;
  295. return ctx->digest->init(ctx);
  296. }
  297. int EVP_DigestInit_ex2(EVP_MD_CTX *ctx, const EVP_MD *type,
  298. const OSSL_PARAM params[])
  299. {
  300. return evp_md_init_internal(ctx, type, params, NULL);
  301. }
  302. int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
  303. {
  304. EVP_MD_CTX_reset(ctx);
  305. return evp_md_init_internal(ctx, type, NULL, NULL);
  306. }
  307. int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
  308. {
  309. return evp_md_init_internal(ctx, type, NULL, impl);
  310. }
  311. int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
  312. {
  313. if (count == 0)
  314. return 1;
  315. if (ctx->pctx != NULL
  316. && EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx)
  317. && ctx->pctx->op.sig.sigprovctx != NULL) {
  318. /*
  319. * Prior to OpenSSL 3.0 EVP_DigestSignUpdate() and
  320. * EVP_DigestVerifyUpdate() were just macros for EVP_DigestUpdate().
  321. * Some code calls EVP_DigestUpdate() directly even when initialised
  322. * with EVP_DigestSignInit_ex() or
  323. * EVP_DigestVerifyInit_ex(), so we detect that and redirect to
  324. * the correct EVP_Digest*Update() function
  325. */
  326. if (ctx->pctx->operation == EVP_PKEY_OP_SIGNCTX)
  327. return EVP_DigestSignUpdate(ctx, data, count);
  328. if (ctx->pctx->operation == EVP_PKEY_OP_VERIFYCTX)
  329. return EVP_DigestVerifyUpdate(ctx, data, count);
  330. ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
  331. return 0;
  332. }
  333. if (ctx->digest == NULL
  334. || ctx->digest->prov == NULL
  335. || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0)
  336. goto legacy;
  337. if (ctx->digest->dupdate == NULL) {
  338. ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
  339. return 0;
  340. }
  341. return ctx->digest->dupdate(ctx->provctx, data, count);
  342. /* Code below to be removed when legacy support is dropped. */
  343. legacy:
  344. return ctx->update(ctx, data, count);
  345. }
  346. /* The caller can assume that this removes any secret data from the context */
  347. int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
  348. {
  349. int ret;
  350. ret = EVP_DigestFinal_ex(ctx, md, size);
  351. EVP_MD_CTX_reset(ctx);
  352. return ret;
  353. }
  354. /* The caller can assume that this removes any secret data from the context */
  355. int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize)
  356. {
  357. int ret, sz;
  358. size_t size = 0;
  359. size_t mdsize = 0;
  360. if (ctx->digest == NULL)
  361. return 0;
  362. sz = EVP_MD_size(ctx->digest);
  363. if (sz < 0)
  364. return 0;
  365. mdsize = sz;
  366. if (ctx->digest->prov == NULL)
  367. goto legacy;
  368. if (ctx->digest->dfinal == NULL) {
  369. ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
  370. return 0;
  371. }
  372. ret = ctx->digest->dfinal(ctx->provctx, md, &size, mdsize);
  373. if (isize != NULL) {
  374. if (size <= UINT_MAX) {
  375. *isize = (int)size;
  376. } else {
  377. ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
  378. ret = 0;
  379. }
  380. }
  381. return ret;
  382. /* Code below to be removed when legacy support is dropped. */
  383. legacy:
  384. OPENSSL_assert(mdsize <= EVP_MAX_MD_SIZE);
  385. ret = ctx->digest->final(ctx, md);
  386. if (isize != NULL)
  387. *isize = mdsize;
  388. if (ctx->digest->cleanup) {
  389. ctx->digest->cleanup(ctx);
  390. EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
  391. }
  392. OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
  393. return ret;
  394. }
  395. int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t size)
  396. {
  397. int ret = 0;
  398. OSSL_PARAM params[2];
  399. size_t i = 0;
  400. if (ctx->digest == NULL) {
  401. ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM);
  402. return 0;
  403. }
  404. if (ctx->digest->prov == NULL)
  405. goto legacy;
  406. if (ctx->digest->dfinal == NULL) {
  407. ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
  408. return 0;
  409. }
  410. params[i++] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, &size);
  411. params[i++] = OSSL_PARAM_construct_end();
  412. if (EVP_MD_CTX_set_params(ctx, params) > 0)
  413. ret = ctx->digest->dfinal(ctx->provctx, md, &size, size);
  414. return ret;
  415. legacy:
  416. if (ctx->digest->flags & EVP_MD_FLAG_XOF
  417. && size <= INT_MAX
  418. && ctx->digest->md_ctrl(ctx, EVP_MD_CTRL_XOF_LEN, (int)size, NULL)) {
  419. ret = ctx->digest->final(ctx, md);
  420. if (ctx->digest->cleanup != NULL) {
  421. ctx->digest->cleanup(ctx);
  422. EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
  423. }
  424. OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
  425. } else {
  426. ERR_raise(ERR_LIB_EVP, EVP_R_NOT_XOF_OR_INVALID_LENGTH);
  427. }
  428. return ret;
  429. }
  430. int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
  431. {
  432. EVP_MD_CTX_reset(out);
  433. return EVP_MD_CTX_copy_ex(out, in);
  434. }
  435. int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
  436. {
  437. unsigned char *tmp_buf;
  438. if (in == NULL || in->digest == NULL) {
  439. ERR_raise(ERR_LIB_EVP, EVP_R_INPUT_NOT_INITIALIZED);
  440. return 0;
  441. }
  442. if (in->digest->prov == NULL
  443. || (in->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0)
  444. goto legacy;
  445. if (in->digest->dupctx == NULL) {
  446. ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX);
  447. return 0;
  448. }
  449. EVP_MD_CTX_reset(out);
  450. if (out->fetched_digest != NULL)
  451. EVP_MD_free(out->fetched_digest);
  452. *out = *in;
  453. /* NULL out pointers in case of error */
  454. out->pctx = NULL;
  455. out->provctx = NULL;
  456. if (in->fetched_digest != NULL)
  457. EVP_MD_up_ref(in->fetched_digest);
  458. if (in->provctx != NULL) {
  459. out->provctx = in->digest->dupctx(in->provctx);
  460. if (out->provctx == NULL) {
  461. ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX);
  462. return 0;
  463. }
  464. }
  465. /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */
  466. EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
  467. #ifndef FIPS_MODULE
  468. if (in->pctx != NULL) {
  469. out->pctx = EVP_PKEY_CTX_dup(in->pctx);
  470. if (out->pctx == NULL) {
  471. ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX);
  472. EVP_MD_CTX_reset(out);
  473. return 0;
  474. }
  475. }
  476. #endif
  477. return 1;
  478. /* Code below to be removed when legacy support is dropped. */
  479. legacy:
  480. #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
  481. /* Make sure it's safe to copy a digest context using an ENGINE */
  482. if (in->engine && !ENGINE_init(in->engine)) {
  483. ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB);
  484. return 0;
  485. }
  486. #endif
  487. if (out->digest == in->digest) {
  488. tmp_buf = out->md_data;
  489. EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE);
  490. } else
  491. tmp_buf = NULL;
  492. EVP_MD_CTX_reset(out);
  493. memcpy(out, in, sizeof(*out));
  494. /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */
  495. EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
  496. /* Null these variables, since they are getting fixed up
  497. * properly below. Anything else may cause a memleak and/or
  498. * double free if any of the memory allocations below fail
  499. */
  500. out->md_data = NULL;
  501. out->pctx = NULL;
  502. if (in->md_data && out->digest->ctx_size) {
  503. if (tmp_buf)
  504. out->md_data = tmp_buf;
  505. else {
  506. out->md_data = OPENSSL_malloc(out->digest->ctx_size);
  507. if (out->md_data == NULL) {
  508. ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
  509. return 0;
  510. }
  511. }
  512. memcpy(out->md_data, in->md_data, out->digest->ctx_size);
  513. }
  514. out->update = in->update;
  515. #ifndef FIPS_MODULE
  516. if (in->pctx) {
  517. out->pctx = EVP_PKEY_CTX_dup(in->pctx);
  518. if (!out->pctx) {
  519. EVP_MD_CTX_reset(out);
  520. return 0;
  521. }
  522. }
  523. #endif
  524. if (out->digest->copy)
  525. return out->digest->copy(out, in);
  526. return 1;
  527. }
  528. int EVP_Digest(const void *data, size_t count,
  529. unsigned char *md, unsigned int *size, const EVP_MD *type,
  530. ENGINE *impl)
  531. {
  532. EVP_MD_CTX *ctx = EVP_MD_CTX_new();
  533. int ret;
  534. if (ctx == NULL)
  535. return 0;
  536. EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT);
  537. ret = EVP_DigestInit_ex(ctx, type, impl)
  538. && EVP_DigestUpdate(ctx, data, count)
  539. && EVP_DigestFinal_ex(ctx, md, size);
  540. EVP_MD_CTX_free(ctx);
  541. return ret;
  542. }
  543. int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[])
  544. {
  545. if (digest != NULL && digest->get_params != NULL)
  546. return digest->get_params(params);
  547. return 0;
  548. }
  549. const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest)
  550. {
  551. if (digest != NULL && digest->gettable_params != NULL)
  552. return digest->gettable_params(
  553. ossl_provider_ctx(EVP_MD_provider(digest)));
  554. return NULL;
  555. }
  556. int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[])
  557. {
  558. EVP_PKEY_CTX *pctx = ctx->pctx;
  559. /* If we have a pctx then we should try that first */
  560. if (pctx != NULL
  561. && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
  562. || pctx->operation == EVP_PKEY_OP_SIGNCTX)
  563. && pctx->op.sig.sigprovctx != NULL
  564. && pctx->op.sig.signature->set_ctx_md_params != NULL)
  565. return pctx->op.sig.signature->set_ctx_md_params(pctx->op.sig.sigprovctx,
  566. params);
  567. if (ctx->digest != NULL && ctx->digest->set_ctx_params != NULL)
  568. return ctx->digest->set_ctx_params(ctx->provctx, params);
  569. return 0;
  570. }
  571. const OSSL_PARAM *EVP_MD_settable_ctx_params(const EVP_MD *md)
  572. {
  573. void *alg;
  574. if (md != NULL && md->settable_ctx_params != NULL) {
  575. alg = ossl_provider_ctx(EVP_MD_provider(md));
  576. return md->settable_ctx_params(NULL, alg);
  577. }
  578. return NULL;
  579. }
  580. const OSSL_PARAM *EVP_MD_CTX_settable_params(EVP_MD_CTX *ctx)
  581. {
  582. EVP_PKEY_CTX *pctx;
  583. void *alg;
  584. if (ctx == NULL)
  585. return NULL;
  586. /* If we have a pctx then we should try that first */
  587. pctx = ctx->pctx;
  588. if (pctx != NULL
  589. && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
  590. || pctx->operation == EVP_PKEY_OP_SIGNCTX)
  591. && pctx->op.sig.sigprovctx != NULL
  592. && pctx->op.sig.signature->settable_ctx_md_params != NULL)
  593. return pctx->op.sig.signature->settable_ctx_md_params(
  594. pctx->op.sig.sigprovctx);
  595. if (ctx->digest != NULL && ctx->digest->settable_ctx_params != NULL) {
  596. alg = ossl_provider_ctx(EVP_MD_provider(ctx->digest));
  597. return ctx->digest->settable_ctx_params(ctx->provctx, alg);
  598. }
  599. return NULL;
  600. }
  601. int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[])
  602. {
  603. EVP_PKEY_CTX *pctx = ctx->pctx;
  604. /* If we have a pctx then we should try that first */
  605. if (pctx != NULL
  606. && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
  607. || pctx->operation == EVP_PKEY_OP_SIGNCTX)
  608. && pctx->op.sig.sigprovctx != NULL
  609. && pctx->op.sig.signature->get_ctx_md_params != NULL)
  610. return pctx->op.sig.signature->get_ctx_md_params(pctx->op.sig.sigprovctx,
  611. params);
  612. if (ctx->digest != NULL && ctx->digest->get_params != NULL)
  613. return ctx->digest->get_ctx_params(ctx->provctx, params);
  614. return 0;
  615. }
  616. const OSSL_PARAM *EVP_MD_gettable_ctx_params(const EVP_MD *md)
  617. {
  618. void *alg;
  619. if (md != NULL && md->gettable_ctx_params != NULL) {
  620. alg = ossl_provider_ctx(EVP_MD_provider(md));
  621. return md->gettable_ctx_params(NULL, alg);
  622. }
  623. return NULL;
  624. }
  625. const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx)
  626. {
  627. EVP_PKEY_CTX *pctx;
  628. void *alg;
  629. if (ctx == NULL)
  630. return NULL;
  631. /* If we have a pctx then we should try that first */
  632. pctx = ctx->pctx;
  633. if (pctx != NULL
  634. && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
  635. || pctx->operation == EVP_PKEY_OP_SIGNCTX)
  636. && pctx->op.sig.sigprovctx != NULL
  637. && pctx->op.sig.signature->gettable_ctx_md_params != NULL)
  638. return pctx->op.sig.signature->gettable_ctx_md_params(
  639. pctx->op.sig.sigprovctx);
  640. if (ctx->digest != NULL && ctx->digest->gettable_ctx_params != NULL) {
  641. alg = ossl_provider_ctx(EVP_MD_provider(ctx->digest));
  642. return ctx->digest->gettable_ctx_params(ctx->provctx, alg);
  643. }
  644. return NULL;
  645. }
  646. int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
  647. {
  648. int ret = EVP_CTRL_RET_UNSUPPORTED;
  649. int set_params = 1;
  650. size_t sz;
  651. OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
  652. if (ctx == NULL) {
  653. ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
  654. return 0;
  655. }
  656. if (ctx->digest != NULL && ctx->digest->prov == NULL)
  657. goto legacy;
  658. switch (cmd) {
  659. case EVP_MD_CTRL_XOF_LEN:
  660. sz = (size_t)p1;
  661. params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, &sz);
  662. break;
  663. case EVP_MD_CTRL_MICALG:
  664. set_params = 0;
  665. params[0] = OSSL_PARAM_construct_utf8_string(OSSL_DIGEST_PARAM_MICALG,
  666. p2, p1 ? p1 : 9999);
  667. break;
  668. case EVP_CTRL_SSL3_MASTER_SECRET:
  669. params[0] = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
  670. p2, p1);
  671. break;
  672. default:
  673. goto conclude;
  674. }
  675. if (set_params)
  676. ret = EVP_MD_CTX_set_params(ctx, params);
  677. else
  678. ret = EVP_MD_CTX_get_params(ctx, params);
  679. goto conclude;
  680. /* Code below to be removed when legacy support is dropped. */
  681. legacy:
  682. if (ctx->digest->md_ctrl == NULL) {
  683. ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_NOT_IMPLEMENTED);
  684. return 0;
  685. }
  686. ret = ctx->digest->md_ctrl(ctx, cmd, p1, p2);
  687. conclude:
  688. if (ret <= 0)
  689. return 0;
  690. return ret;
  691. }
  692. EVP_MD *evp_md_new(void)
  693. {
  694. EVP_MD *md = OPENSSL_zalloc(sizeof(*md));
  695. if (md != NULL) {
  696. md->lock = CRYPTO_THREAD_lock_new();
  697. if (md->lock == NULL) {
  698. OPENSSL_free(md);
  699. return NULL;
  700. }
  701. md->refcnt = 1;
  702. }
  703. return md;
  704. }
  705. /*
  706. * FIPS module note: since internal fetches will be entirely
  707. * provider based, we know that none of its code depends on legacy
  708. * NIDs or any functionality that use them.
  709. */
  710. #ifndef FIPS_MODULE
  711. static void set_legacy_nid(const char *name, void *vlegacy_nid)
  712. {
  713. int nid;
  714. int *legacy_nid = vlegacy_nid;
  715. /*
  716. * We use lowest level function to get the associated method, because
  717. * higher level functions such as EVP_get_digestbyname() have changed
  718. * to look at providers too.
  719. */
  720. const void *legacy_method = OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH);
  721. if (*legacy_nid == -1) /* We found a clash already */
  722. return;
  723. if (legacy_method == NULL)
  724. return;
  725. nid = EVP_MD_nid(legacy_method);
  726. if (*legacy_nid != NID_undef && *legacy_nid != nid) {
  727. *legacy_nid = -1;
  728. return;
  729. }
  730. *legacy_nid = nid;
  731. }
  732. #endif
  733. static int evp_md_cache_constants(EVP_MD *md)
  734. {
  735. int ok, xof = 0, algid_absent = 0;
  736. size_t blksz = 0;
  737. size_t mdsize = 0;
  738. OSSL_PARAM params[5];
  739. params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_BLOCK_SIZE, &blksz);
  740. params[1] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE, &mdsize);
  741. params[2] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_XOF, &xof);
  742. params[3] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_ALGID_ABSENT,
  743. &algid_absent);
  744. params[4] = OSSL_PARAM_construct_end();
  745. ok = evp_do_md_getparams(md, params);
  746. if (mdsize > INT_MAX || blksz > INT_MAX)
  747. ok = 0;
  748. if (ok) {
  749. md->block_size = (int)blksz;
  750. md->md_size = (int)mdsize;
  751. if (xof)
  752. md->flags |= EVP_MD_FLAG_XOF;
  753. if (algid_absent)
  754. md->flags |= EVP_MD_FLAG_DIGALGID_ABSENT;
  755. }
  756. return ok;
  757. }
  758. static void *evp_md_from_algorithm(int name_id,
  759. const OSSL_ALGORITHM *algodef,
  760. OSSL_PROVIDER *prov)
  761. {
  762. const OSSL_DISPATCH *fns = algodef->implementation;
  763. EVP_MD *md = NULL;
  764. int fncnt = 0;
  765. /* EVP_MD_fetch() will set the legacy NID if available */
  766. if ((md = evp_md_new()) == NULL) {
  767. ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
  768. return NULL;
  769. }
  770. #ifndef FIPS_MODULE
  771. md->type = NID_undef;
  772. if (!evp_names_do_all(prov, name_id, set_legacy_nid, &md->type)
  773. || md->type == -1) {
  774. ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
  775. EVP_MD_free(md);
  776. return NULL;
  777. }
  778. #endif
  779. md->name_id = name_id;
  780. md->description = algodef->algorithm_description;
  781. for (; fns->function_id != 0; fns++) {
  782. switch (fns->function_id) {
  783. case OSSL_FUNC_DIGEST_NEWCTX:
  784. if (md->newctx == NULL) {
  785. md->newctx = OSSL_FUNC_digest_newctx(fns);
  786. fncnt++;
  787. }
  788. break;
  789. case OSSL_FUNC_DIGEST_INIT:
  790. if (md->dinit == NULL) {
  791. md->dinit = OSSL_FUNC_digest_init(fns);
  792. fncnt++;
  793. }
  794. break;
  795. case OSSL_FUNC_DIGEST_UPDATE:
  796. if (md->dupdate == NULL) {
  797. md->dupdate = OSSL_FUNC_digest_update(fns);
  798. fncnt++;
  799. }
  800. break;
  801. case OSSL_FUNC_DIGEST_FINAL:
  802. if (md->dfinal == NULL) {
  803. md->dfinal = OSSL_FUNC_digest_final(fns);
  804. fncnt++;
  805. }
  806. break;
  807. case OSSL_FUNC_DIGEST_DIGEST:
  808. if (md->digest == NULL)
  809. md->digest = OSSL_FUNC_digest_digest(fns);
  810. /* We don't increment fnct for this as it is stand alone */
  811. break;
  812. case OSSL_FUNC_DIGEST_FREECTX:
  813. if (md->freectx == NULL) {
  814. md->freectx = OSSL_FUNC_digest_freectx(fns);
  815. fncnt++;
  816. }
  817. break;
  818. case OSSL_FUNC_DIGEST_DUPCTX:
  819. if (md->dupctx == NULL)
  820. md->dupctx = OSSL_FUNC_digest_dupctx(fns);
  821. break;
  822. case OSSL_FUNC_DIGEST_GET_PARAMS:
  823. if (md->get_params == NULL)
  824. md->get_params = OSSL_FUNC_digest_get_params(fns);
  825. break;
  826. case OSSL_FUNC_DIGEST_SET_CTX_PARAMS:
  827. if (md->set_ctx_params == NULL)
  828. md->set_ctx_params = OSSL_FUNC_digest_set_ctx_params(fns);
  829. break;
  830. case OSSL_FUNC_DIGEST_GET_CTX_PARAMS:
  831. if (md->get_ctx_params == NULL)
  832. md->get_ctx_params = OSSL_FUNC_digest_get_ctx_params(fns);
  833. break;
  834. case OSSL_FUNC_DIGEST_GETTABLE_PARAMS:
  835. if (md->gettable_params == NULL)
  836. md->gettable_params = OSSL_FUNC_digest_gettable_params(fns);
  837. break;
  838. case OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS:
  839. if (md->settable_ctx_params == NULL)
  840. md->settable_ctx_params =
  841. OSSL_FUNC_digest_settable_ctx_params(fns);
  842. break;
  843. case OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS:
  844. if (md->gettable_ctx_params == NULL)
  845. md->gettable_ctx_params =
  846. OSSL_FUNC_digest_gettable_ctx_params(fns);
  847. break;
  848. }
  849. }
  850. if ((fncnt != 0 && fncnt != 5)
  851. || (fncnt == 0 && md->digest == NULL)) {
  852. /*
  853. * In order to be a consistent set of functions we either need the
  854. * whole set of init/update/final etc functions or none of them.
  855. * The "digest" function can standalone. We at least need one way to
  856. * generate digests.
  857. */
  858. EVP_MD_free(md);
  859. ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
  860. return NULL;
  861. }
  862. md->prov = prov;
  863. if (prov != NULL)
  864. ossl_provider_up_ref(prov);
  865. if (!evp_md_cache_constants(md)) {
  866. EVP_MD_free(md);
  867. ERR_raise(ERR_LIB_EVP, EVP_R_CACHE_CONSTANTS_FAILED);
  868. md = NULL;
  869. }
  870. return md;
  871. }
  872. static int evp_md_up_ref(void *md)
  873. {
  874. return EVP_MD_up_ref(md);
  875. }
  876. static void evp_md_free(void *md)
  877. {
  878. EVP_MD_free(md);
  879. }
  880. EVP_MD *EVP_MD_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
  881. const char *properties)
  882. {
  883. EVP_MD *md =
  884. evp_generic_fetch(ctx, OSSL_OP_DIGEST, algorithm, properties,
  885. evp_md_from_algorithm, evp_md_up_ref, evp_md_free);
  886. return md;
  887. }
  888. int EVP_MD_up_ref(EVP_MD *md)
  889. {
  890. int ref = 0;
  891. if (md->origin == EVP_ORIG_DYNAMIC)
  892. CRYPTO_UP_REF(&md->refcnt, &ref, md->lock);
  893. return 1;
  894. }
  895. void EVP_MD_free(EVP_MD *md)
  896. {
  897. int i;
  898. if (md == NULL || md->origin != EVP_ORIG_DYNAMIC)
  899. return;
  900. CRYPTO_DOWN_REF(&md->refcnt, &i, md->lock);
  901. if (i > 0)
  902. return;
  903. evp_md_free_int(md);
  904. }
  905. void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx,
  906. void (*fn)(EVP_MD *mac, void *arg),
  907. void *arg)
  908. {
  909. evp_generic_do_all(libctx, OSSL_OP_DIGEST,
  910. (void (*)(void *, void *))fn, arg,
  911. evp_md_from_algorithm, evp_md_free);
  912. }