1/* 2 * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10/* We need to use some engine deprecated APIs */ 11#define OPENSSL_SUPPRESS_DEPRECATED 12 13#include <stdio.h> 14#include <openssl/objects.h> 15#include <openssl/evp.h> 16#include <openssl/ec.h> 17#ifndef FIPS_MODULE 18# include <openssl/engine.h> 19#endif 20#include <openssl/params.h> 21#include <openssl/core_names.h> 22#include "internal/cryptlib.h" 23#include "internal/provider.h" 24#include "internal/core.h" 25#include "crypto/evp.h" 26#include "evp_local.h" 27 28static void cleanup_old_md_data(EVP_MD_CTX *ctx, int force) 29{ 30 if (ctx->digest != NULL) { 31 if (ctx->digest->cleanup != NULL 32 && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) 33 ctx->digest->cleanup(ctx); 34 if (ctx->md_data != NULL && ctx->digest->ctx_size > 0 35 && (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE) 36 || force)) { 37 OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); 38 ctx->md_data = NULL; 39 } 40 } 41} 42 43void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force, int keep_fetched) 44{ 45 if (ctx->algctx != NULL) { 46 if (ctx->digest != NULL && ctx->digest->freectx != NULL) 47 ctx->digest->freectx(ctx->algctx); 48 ctx->algctx = NULL; 49 EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); 50 } 51 52 /* Code below to be removed when legacy support is dropped. */ 53 54 /* 55 * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because 56 * sometimes only copies of the context are ever finalised. 57 */ 58 cleanup_old_md_data(ctx, force); 59 if (force) 60 ctx->digest = NULL; 61 62#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE) 63 ENGINE_finish(ctx->engine); 64 ctx->engine = NULL; 65#endif 66 67 /* Non legacy code, this has to be later than the ctx->digest cleaning */ 68 if (!keep_fetched) { 69 EVP_MD_free(ctx->fetched_digest); 70 ctx->fetched_digest = NULL; 71 ctx->reqdigest = NULL; 72 } 73} 74 75static int evp_md_ctx_reset_ex(EVP_MD_CTX *ctx, int keep_fetched) 76{ 77 if (ctx == NULL) 78 return 1; 79 80#ifndef FIPS_MODULE 81 /* 82 * pctx should be freed by the user of EVP_MD_CTX 83 * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set 84 */ 85 if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) { 86 EVP_PKEY_CTX_free(ctx->pctx); 87 ctx->pctx = NULL; 88 } 89#endif 90 91 evp_md_ctx_clear_digest(ctx, 0, keep_fetched); 92 if (!keep_fetched) 93 OPENSSL_cleanse(ctx, sizeof(*ctx)); 94 95 return 1; 96} 97 98/* This call frees resources associated with the context */ 99int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) 100{ 101 return evp_md_ctx_reset_ex(ctx, 0); 102} 103 104#ifndef FIPS_MODULE 105EVP_MD_CTX *evp_md_ctx_new_ex(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id, 106 OSSL_LIB_CTX *libctx, const char *propq) 107{ 108 EVP_MD_CTX *ctx; 109 EVP_PKEY_CTX *pctx = NULL; 110 111 if ((ctx = EVP_MD_CTX_new()) == NULL 112 || (pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq)) == NULL) { 113 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); 114 goto err; 115 } 116 117 if (id != NULL && EVP_PKEY_CTX_set1_id(pctx, id->data, id->length) <= 0) 118 goto err; 119 120 EVP_MD_CTX_set_pkey_ctx(ctx, pctx); 121 return ctx; 122 123 err: 124 EVP_PKEY_CTX_free(pctx); 125 EVP_MD_CTX_free(ctx); 126 return NULL; 127} 128#endif 129 130EVP_MD_CTX *EVP_MD_CTX_new(void) 131{ 132 return OPENSSL_zalloc(sizeof(EVP_MD_CTX)); 133} 134 135void EVP_MD_CTX_free(EVP_MD_CTX *ctx) 136{ 137 if (ctx == NULL) 138 return; 139 140 EVP_MD_CTX_reset(ctx); 141 OPENSSL_free(ctx); 142} 143 144static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type, 145 const OSSL_PARAM params[], ENGINE *impl) 146{ 147#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) 148 ENGINE *tmpimpl = NULL; 149#endif 150 151#if !defined(FIPS_MODULE) 152 if (ctx->pctx != NULL 153 && EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx) 154 && ctx->pctx->op.sig.algctx != NULL) { 155 /* 156 * Prior to OpenSSL 3.0 calling EVP_DigestInit_ex() on an mdctx 157 * previously initialised with EVP_DigestSignInit() would retain 158 * information about the key, and re-initialise for another sign 159 * operation. So in that case we redirect to EVP_DigestSignInit() 160 */ 161 if (ctx->pctx->operation == EVP_PKEY_OP_SIGNCTX) 162 return EVP_DigestSignInit(ctx, NULL, type, impl, NULL); 163 if (ctx->pctx->operation == EVP_PKEY_OP_VERIFYCTX) 164 return EVP_DigestVerifyInit(ctx, NULL, type, impl, NULL); 165 ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR); 166 return 0; 167 } 168#endif 169 170 EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); 171 172 if (ctx->algctx != NULL) { 173 if (!ossl_assert(ctx->digest != NULL)) { 174 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); 175 return 0; 176 } 177 if (ctx->digest->freectx != NULL) 178 ctx->digest->freectx(ctx->algctx); 179 ctx->algctx = NULL; 180 } 181 182 if (type != NULL) { 183 ctx->reqdigest = type; 184 } else { 185 if (ctx->digest == NULL) { 186 ERR_raise(ERR_LIB_EVP, EVP_R_NO_DIGEST_SET); 187 return 0; 188 } 189 type = ctx->digest; 190 } 191 192 /* Code below to be removed when legacy support is dropped. */ 193#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) 194 /* 195 * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so 196 * this context may already have an ENGINE! Try to avoid releasing the 197 * previous handle, re-querying for an ENGINE, and having a 198 * reinitialisation, when it may all be unnecessary. 199 */ 200 if (ctx->engine && ctx->digest && 201 (type == NULL || (type->type == ctx->digest->type))) 202 goto skip_to_init; 203 204 if (type != NULL) { 205 /* 206 * Ensure an ENGINE left lying around from last time is cleared (the 207 * previous check attempted to avoid this if the same ENGINE and 208 * EVP_MD could be used). 209 */ 210 ENGINE_finish(ctx->engine); 211 ctx->engine = NULL; 212 } 213 214 if (type != NULL && impl == NULL) 215 tmpimpl = ENGINE_get_digest_engine(type->type); 216#endif 217 218 /* 219 * If there are engines involved or EVP_MD_CTX_FLAG_NO_INIT is set then we 220 * should use legacy handling for now. 221 */ 222 if (ctx->engine != NULL 223 || impl != NULL 224#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) 225 || tmpimpl != NULL 226#endif 227 || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0 228 || (type != NULL && type->origin == EVP_ORIG_METH) 229 || (type == NULL && ctx->digest != NULL 230 && ctx->digest->origin == EVP_ORIG_METH)) { 231 if (ctx->digest == ctx->fetched_digest) 232 ctx->digest = NULL; 233 EVP_MD_free(ctx->fetched_digest); 234 ctx->fetched_digest = NULL; 235 goto legacy; 236 } 237 238 cleanup_old_md_data(ctx, 1); 239 240 /* Start of non-legacy code below */ 241 242 if (type->prov == NULL) { 243#ifdef FIPS_MODULE 244 /* We only do explicit fetches inside the FIPS module */ 245 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); 246 return 0; 247#else 248 /* The NULL digest is a special case */ 249 EVP_MD *provmd = EVP_MD_fetch(NULL, 250 type->type != NID_undef ? OBJ_nid2sn(type->type) 251 : "NULL", ""); 252 253 if (provmd == NULL) { 254 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); 255 return 0; 256 } 257 type = provmd; 258 EVP_MD_free(ctx->fetched_digest); 259 ctx->fetched_digest = provmd; 260#endif 261 } 262 263 if (ctx->algctx != NULL && ctx->digest != NULL && ctx->digest != type) { 264 if (ctx->digest->freectx != NULL) 265 ctx->digest->freectx(ctx->algctx); 266 ctx->algctx = NULL; 267 } 268 if (type->prov != NULL && ctx->fetched_digest != type) { 269 if (!EVP_MD_up_ref((EVP_MD *)type)) { 270 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); 271 return 0; 272 } 273 EVP_MD_free(ctx->fetched_digest); 274 ctx->fetched_digest = (EVP_MD *)type; 275 } 276 ctx->digest = type; 277 if (ctx->algctx == NULL) { 278 ctx->algctx = ctx->digest->newctx(ossl_provider_ctx(type->prov)); 279 if (ctx->algctx == NULL) { 280 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); 281 return 0; 282 } 283 } 284 285 if (ctx->digest->dinit == NULL) { 286 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); 287 return 0; 288 } 289 290 return ctx->digest->dinit(ctx->algctx, params); 291 292 /* Code below to be removed when legacy support is dropped. */ 293 legacy: 294 295#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) 296 if (type) { 297 if (impl != NULL) { 298 if (!ENGINE_init(impl)) { 299 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); 300 return 0; 301 } 302 } else { 303 /* Ask if an ENGINE is reserved for this job */ 304 impl = tmpimpl; 305 } 306 if (impl != NULL) { 307 /* There's an ENGINE for this job ... (apparently) */ 308 const EVP_MD *d = ENGINE_get_digest(impl, type->type); 309 310 if (d == NULL) { 311 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); 312 ENGINE_finish(impl); 313 return 0; 314 } 315 /* We'll use the ENGINE's private digest definition */ 316 type = d; 317 /* 318 * Store the ENGINE functional reference so we know 'type' came 319 * from an ENGINE and we need to release it when done. 320 */ 321 ctx->engine = impl; 322 } else 323 ctx->engine = NULL; 324 } 325#endif 326 if (ctx->digest != type) { 327 cleanup_old_md_data(ctx, 1); 328 329 ctx->digest = type; 330 if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) { 331 ctx->update = type->update; 332 ctx->md_data = OPENSSL_zalloc(type->ctx_size); 333 if (ctx->md_data == NULL) { 334 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); 335 return 0; 336 } 337 } 338 } 339#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) 340 skip_to_init: 341#endif 342#ifndef FIPS_MODULE 343 if (ctx->pctx != NULL 344 && (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx) 345 || ctx->pctx->op.sig.signature == NULL)) { 346 int r; 347 r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG, 348 EVP_PKEY_CTRL_DIGESTINIT, 0, ctx); 349 if (r <= 0 && (r != -2)) 350 return 0; 351 } 352#endif 353 if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) 354 return 1; 355 return ctx->digest->init(ctx); 356} 357 358int EVP_DigestInit_ex2(EVP_MD_CTX *ctx, const EVP_MD *type, 359 const OSSL_PARAM params[]) 360{ 361 return evp_md_init_internal(ctx, type, params, NULL); 362} 363 364int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) 365{ 366 EVP_MD_CTX_reset(ctx); 367 return evp_md_init_internal(ctx, type, NULL, NULL); 368} 369 370int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) 371{ 372 return evp_md_init_internal(ctx, type, NULL, impl); 373} 374 375int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) 376{ 377 if (count == 0) 378 return 1; 379 380 if (ctx->pctx != NULL 381 && EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx) 382 && ctx->pctx->op.sig.algctx != NULL) { 383 /* 384 * Prior to OpenSSL 3.0 EVP_DigestSignUpdate() and 385 * EVP_DigestVerifyUpdate() were just macros for EVP_DigestUpdate(). 386 * Some code calls EVP_DigestUpdate() directly even when initialised 387 * with EVP_DigestSignInit_ex() or 388 * EVP_DigestVerifyInit_ex(), so we detect that and redirect to 389 * the correct EVP_Digest*Update() function 390 */ 391 if (ctx->pctx->operation == EVP_PKEY_OP_SIGNCTX) 392 return EVP_DigestSignUpdate(ctx, data, count); 393 if (ctx->pctx->operation == EVP_PKEY_OP_VERIFYCTX) 394 return EVP_DigestVerifyUpdate(ctx, data, count); 395 ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR); 396 return 0; 397 } 398 399 if (ctx->digest == NULL 400 || ctx->digest->prov == NULL 401 || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) 402 goto legacy; 403 404 if (ctx->digest->dupdate == NULL) { 405 ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR); 406 return 0; 407 } 408 return ctx->digest->dupdate(ctx->algctx, data, count); 409 410 /* Code below to be removed when legacy support is dropped. */ 411 legacy: 412 return ctx->update(ctx, data, count); 413} 414 415/* The caller can assume that this removes any secret data from the context */ 416int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) 417{ 418 int ret; 419 ret = EVP_DigestFinal_ex(ctx, md, size); 420 EVP_MD_CTX_reset(ctx); 421 return ret; 422} 423 424/* The caller can assume that this removes any secret data from the context */ 425int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize) 426{ 427 int ret, sz; 428 size_t size = 0; 429 size_t mdsize = 0; 430 431 if (ctx->digest == NULL) 432 return 0; 433 434 sz = EVP_MD_get_size(ctx->digest); 435 if (sz < 0) 436 return 0; 437 mdsize = sz; 438 if (ctx->digest->prov == NULL) 439 goto legacy; 440 441 if (ctx->digest->dfinal == NULL) { 442 ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); 443 return 0; 444 } 445 446 ret = ctx->digest->dfinal(ctx->algctx, md, &size, mdsize); 447 448 if (isize != NULL) { 449 if (size <= UINT_MAX) { 450 *isize = (unsigned int)size; 451 } else { 452 ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); 453 ret = 0; 454 } 455 } 456 457 return ret; 458 459 /* Code below to be removed when legacy support is dropped. */ 460 legacy: 461 OPENSSL_assert(mdsize <= EVP_MAX_MD_SIZE); 462 ret = ctx->digest->final(ctx, md); 463 if (isize != NULL) 464 *isize = mdsize; 465 if (ctx->digest->cleanup) { 466 ctx->digest->cleanup(ctx); 467 EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); 468 } 469 OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size); 470 return ret; 471} 472 473int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t size) 474{ 475 int ret = 0; 476 OSSL_PARAM params[2]; 477 size_t i = 0; 478 479 if (ctx->digest == NULL) { 480 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM); 481 return 0; 482 } 483 484 if (ctx->digest->prov == NULL) 485 goto legacy; 486 487 if (ctx->digest->dfinal == NULL) { 488 ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); 489 return 0; 490 } 491 492 params[i++] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, &size); 493 params[i++] = OSSL_PARAM_construct_end(); 494 495 if (EVP_MD_CTX_set_params(ctx, params) > 0) 496 ret = ctx->digest->dfinal(ctx->algctx, md, &size, size); 497 498 return ret; 499 500legacy: 501 if (ctx->digest->flags & EVP_MD_FLAG_XOF 502 && size <= INT_MAX 503 && ctx->digest->md_ctrl(ctx, EVP_MD_CTRL_XOF_LEN, (int)size, NULL)) { 504 ret = ctx->digest->final(ctx, md); 505 if (ctx->digest->cleanup != NULL) { 506 ctx->digest->cleanup(ctx); 507 EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); 508 } 509 OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size); 510 } else { 511 ERR_raise(ERR_LIB_EVP, EVP_R_NOT_XOF_OR_INVALID_LENGTH); 512 } 513 514 return ret; 515} 516 517int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) 518{ 519 EVP_MD_CTX_reset(out); 520 return EVP_MD_CTX_copy_ex(out, in); 521} 522 523int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) 524{ 525 int digest_change = 0; 526 unsigned char *tmp_buf; 527 528 if (in == NULL) { 529 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); 530 return 0; 531 } 532 533 if (in->digest == NULL) { 534 /* copying uninitialized digest context */ 535 EVP_MD_CTX_reset(out); 536 if (out->fetched_digest != NULL) 537 EVP_MD_free(out->fetched_digest); 538 *out = *in; 539 goto clone_pkey; 540 } 541 542 if (in->digest->prov == NULL 543 || (in->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) 544 goto legacy; 545 546 if (in->digest->dupctx == NULL) { 547 ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX); 548 return 0; 549 } 550 551 evp_md_ctx_reset_ex(out, 1); 552 digest_change = (out->fetched_digest != in->fetched_digest); 553 if (digest_change && out->fetched_digest != NULL) 554 EVP_MD_free(out->fetched_digest); 555 *out = *in; 556 /* NULL out pointers in case of error */ 557 out->pctx = NULL; 558 out->algctx = NULL; 559 560 if (digest_change && in->fetched_digest != NULL) 561 EVP_MD_up_ref(in->fetched_digest); 562 563 if (in->algctx != NULL) { 564 out->algctx = in->digest->dupctx(in->algctx); 565 if (out->algctx == NULL) { 566 ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX); 567 return 0; 568 } 569 } 570 571 clone_pkey: 572 /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */ 573 EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); 574#ifndef FIPS_MODULE 575 if (in->pctx != NULL) { 576 out->pctx = EVP_PKEY_CTX_dup(in->pctx); 577 if (out->pctx == NULL) { 578 ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX); 579 EVP_MD_CTX_reset(out); 580 return 0; 581 } 582 } 583#endif 584 585 return 1; 586 587 /* Code below to be removed when legacy support is dropped. */ 588 legacy: 589#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) 590 /* Make sure it's safe to copy a digest context using an ENGINE */ 591 if (in->engine && !ENGINE_init(in->engine)) { 592 ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB); 593 return 0; 594 } 595#endif 596 597 if (out->digest == in->digest) { 598 tmp_buf = out->md_data; 599 EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE); 600 } else 601 tmp_buf = NULL; 602 EVP_MD_CTX_reset(out); 603 memcpy(out, in, sizeof(*out)); 604 605 /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */ 606 EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); 607 608 /* Null these variables, since they are getting fixed up 609 * properly below. Anything else may cause a memleak and/or 610 * double free if any of the memory allocations below fail 611 */ 612 out->md_data = NULL; 613 out->pctx = NULL; 614 615 if (in->md_data && out->digest->ctx_size) { 616 if (tmp_buf) 617 out->md_data = tmp_buf; 618 else { 619 out->md_data = OPENSSL_malloc(out->digest->ctx_size); 620 if (out->md_data == NULL) { 621 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); 622 return 0; 623 } 624 } 625 memcpy(out->md_data, in->md_data, out->digest->ctx_size); 626 } 627 628 out->update = in->update; 629 630#ifndef FIPS_MODULE 631 if (in->pctx) { 632 out->pctx = EVP_PKEY_CTX_dup(in->pctx); 633 if (!out->pctx) { 634 EVP_MD_CTX_reset(out); 635 return 0; 636 } 637 } 638#endif 639 640 if (out->digest->copy) 641 return out->digest->copy(out, in); 642 643 return 1; 644} 645 646int EVP_Digest(const void *data, size_t count, 647 unsigned char *md, unsigned int *size, const EVP_MD *type, 648 ENGINE *impl) 649{ 650 EVP_MD_CTX *ctx = EVP_MD_CTX_new(); 651 int ret; 652 653 if (ctx == NULL) 654 return 0; 655 EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT); 656 ret = EVP_DigestInit_ex(ctx, type, impl) 657 && EVP_DigestUpdate(ctx, data, count) 658 && EVP_DigestFinal_ex(ctx, md, size); 659 EVP_MD_CTX_free(ctx); 660 661 return ret; 662} 663 664int EVP_Q_digest(OSSL_LIB_CTX *libctx, const char *name, const char *propq, 665 const void *data, size_t datalen, 666 unsigned char *md, size_t *mdlen) 667{ 668 EVP_MD *digest = EVP_MD_fetch(libctx, name, propq); 669 unsigned int temp = 0; 670 int ret = 0; 671 672 if (digest != NULL) { 673 ret = EVP_Digest(data, datalen, md, &temp, digest, NULL); 674 EVP_MD_free(digest); 675 } 676 if (mdlen != NULL) 677 *mdlen = temp; 678 return ret; 679} 680 681int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[]) 682{ 683 if (digest != NULL && digest->get_params != NULL) 684 return digest->get_params(params); 685 return 0; 686} 687 688const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest) 689{ 690 if (digest != NULL && digest->gettable_params != NULL) 691 return digest->gettable_params( 692 ossl_provider_ctx(EVP_MD_get0_provider(digest))); 693 return NULL; 694} 695 696int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]) 697{ 698 EVP_PKEY_CTX *pctx = ctx->pctx; 699 700 /* If we have a pctx then we should try that first */ 701 if (pctx != NULL 702 && (pctx->operation == EVP_PKEY_OP_VERIFYCTX 703 || pctx->operation == EVP_PKEY_OP_SIGNCTX) 704 && pctx->op.sig.algctx != NULL 705 && pctx->op.sig.signature->set_ctx_md_params != NULL) 706 return pctx->op.sig.signature->set_ctx_md_params(pctx->op.sig.algctx, 707 params); 708 709 if (ctx->digest != NULL && ctx->digest->set_ctx_params != NULL) 710 return ctx->digest->set_ctx_params(ctx->algctx, params); 711 712 return 0; 713} 714 715const OSSL_PARAM *EVP_MD_settable_ctx_params(const EVP_MD *md) 716{ 717 void *provctx; 718 719 if (md != NULL && md->settable_ctx_params != NULL) { 720 provctx = ossl_provider_ctx(EVP_MD_get0_provider(md)); 721 return md->settable_ctx_params(NULL, provctx); 722 } 723 return NULL; 724} 725 726const OSSL_PARAM *EVP_MD_CTX_settable_params(EVP_MD_CTX *ctx) 727{ 728 EVP_PKEY_CTX *pctx; 729 void *alg; 730 731 if (ctx == NULL) 732 return NULL; 733 734 /* If we have a pctx then we should try that first */ 735 pctx = ctx->pctx; 736 if (pctx != NULL 737 && (pctx->operation == EVP_PKEY_OP_VERIFYCTX 738 || pctx->operation == EVP_PKEY_OP_SIGNCTX) 739 && pctx->op.sig.algctx != NULL 740 && pctx->op.sig.signature->settable_ctx_md_params != NULL) 741 return pctx->op.sig.signature->settable_ctx_md_params( 742 pctx->op.sig.algctx); 743 744 if (ctx->digest != NULL && ctx->digest->settable_ctx_params != NULL) { 745 alg = ossl_provider_ctx(EVP_MD_get0_provider(ctx->digest)); 746 return ctx->digest->settable_ctx_params(ctx->algctx, alg); 747 } 748 749 return NULL; 750} 751 752int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[]) 753{ 754 EVP_PKEY_CTX *pctx = ctx->pctx; 755 756 /* If we have a pctx then we should try that first */ 757 if (pctx != NULL 758 && (pctx->operation == EVP_PKEY_OP_VERIFYCTX 759 || pctx->operation == EVP_PKEY_OP_SIGNCTX) 760 && pctx->op.sig.algctx != NULL 761 && pctx->op.sig.signature->get_ctx_md_params != NULL) 762 return pctx->op.sig.signature->get_ctx_md_params(pctx->op.sig.algctx, 763 params); 764 765 if (ctx->digest != NULL && ctx->digest->get_ctx_params != NULL) 766 return ctx->digest->get_ctx_params(ctx->algctx, params); 767 768 return 0; 769} 770 771const OSSL_PARAM *EVP_MD_gettable_ctx_params(const EVP_MD *md) 772{ 773 void *provctx; 774 775 if (md != NULL && md->gettable_ctx_params != NULL) { 776 provctx = ossl_provider_ctx(EVP_MD_get0_provider(md)); 777 return md->gettable_ctx_params(NULL, provctx); 778 } 779 return NULL; 780} 781 782const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx) 783{ 784 EVP_PKEY_CTX *pctx; 785 void *provctx; 786 787 if (ctx == NULL) 788 return NULL; 789 790 /* If we have a pctx then we should try that first */ 791 pctx = ctx->pctx; 792 if (pctx != NULL 793 && (pctx->operation == EVP_PKEY_OP_VERIFYCTX 794 || pctx->operation == EVP_PKEY_OP_SIGNCTX) 795 && pctx->op.sig.algctx != NULL 796 && pctx->op.sig.signature->gettable_ctx_md_params != NULL) 797 return pctx->op.sig.signature->gettable_ctx_md_params( 798 pctx->op.sig.algctx); 799 800 if (ctx->digest != NULL && ctx->digest->gettable_ctx_params != NULL) { 801 provctx = ossl_provider_ctx(EVP_MD_get0_provider(ctx->digest)); 802 return ctx->digest->gettable_ctx_params(ctx->algctx, provctx); 803 } 804 return NULL; 805} 806 807int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) 808{ 809 int ret = EVP_CTRL_RET_UNSUPPORTED; 810 int set_params = 1; 811 size_t sz; 812 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 813 814 if (ctx == NULL) { 815 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); 816 return 0; 817 } 818 819 if (ctx->digest != NULL && ctx->digest->prov == NULL) 820 goto legacy; 821 822 switch (cmd) { 823 case EVP_MD_CTRL_XOF_LEN: 824 sz = (size_t)p1; 825 params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, &sz); 826 break; 827 case EVP_MD_CTRL_MICALG: 828 set_params = 0; 829 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_DIGEST_PARAM_MICALG, 830 p2, p1 ? p1 : 9999); 831 break; 832 case EVP_CTRL_SSL3_MASTER_SECRET: 833 params[0] = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS, 834 p2, p1); 835 break; 836 default: 837 goto conclude; 838 } 839 840 if (set_params) 841 ret = EVP_MD_CTX_set_params(ctx, params); 842 else 843 ret = EVP_MD_CTX_get_params(ctx, params); 844 goto conclude; 845 846 847 /* Code below to be removed when legacy support is dropped. */ 848 legacy: 849 if (ctx->digest->md_ctrl == NULL) { 850 ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_NOT_IMPLEMENTED); 851 return 0; 852 } 853 854 ret = ctx->digest->md_ctrl(ctx, cmd, p1, p2); 855 conclude: 856 if (ret <= 0) 857 return 0; 858 return ret; 859} 860 861EVP_MD *evp_md_new(void) 862{ 863 EVP_MD *md = OPENSSL_zalloc(sizeof(*md)); 864 865 if (md != NULL) { 866 md->lock = CRYPTO_THREAD_lock_new(); 867 if (md->lock == NULL) { 868 OPENSSL_free(md); 869 return NULL; 870 } 871 md->refcnt = 1; 872 } 873 return md; 874} 875 876/* 877 * FIPS module note: since internal fetches will be entirely 878 * provider based, we know that none of its code depends on legacy 879 * NIDs or any functionality that use them. 880 */ 881#ifndef FIPS_MODULE 882static void set_legacy_nid(const char *name, void *vlegacy_nid) 883{ 884 int nid; 885 int *legacy_nid = vlegacy_nid; 886 /* 887 * We use lowest level function to get the associated method, because 888 * higher level functions such as EVP_get_digestbyname() have changed 889 * to look at providers too. 890 */ 891 const void *legacy_method = OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH); 892 893 if (*legacy_nid == -1) /* We found a clash already */ 894 return; 895 896 if (legacy_method == NULL) 897 return; 898 nid = EVP_MD_nid(legacy_method); 899 if (*legacy_nid != NID_undef && *legacy_nid != nid) { 900 *legacy_nid = -1; 901 return; 902 } 903 *legacy_nid = nid; 904} 905#endif 906 907static int evp_md_cache_constants(EVP_MD *md) 908{ 909 int ok, xof = 0, algid_absent = 0; 910 size_t blksz = 0; 911 size_t mdsize = 0; 912 OSSL_PARAM params[5]; 913 914 params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_BLOCK_SIZE, &blksz); 915 params[1] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE, &mdsize); 916 params[2] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_XOF, &xof); 917 params[3] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_ALGID_ABSENT, 918 &algid_absent); 919 params[4] = OSSL_PARAM_construct_end(); 920 ok = evp_do_md_getparams(md, params) > 0; 921 if (mdsize > INT_MAX || blksz > INT_MAX) 922 ok = 0; 923 if (ok) { 924 md->block_size = (int)blksz; 925 md->md_size = (int)mdsize; 926 if (xof) 927 md->flags |= EVP_MD_FLAG_XOF; 928 if (algid_absent) 929 md->flags |= EVP_MD_FLAG_DIGALGID_ABSENT; 930 } 931 return ok; 932} 933 934static void *evp_md_from_algorithm(int name_id, 935 const OSSL_ALGORITHM *algodef, 936 OSSL_PROVIDER *prov) 937{ 938 const OSSL_DISPATCH *fns = algodef->implementation; 939 EVP_MD *md = NULL; 940 int fncnt = 0; 941 942 /* EVP_MD_fetch() will set the legacy NID if available */ 943 if ((md = evp_md_new()) == NULL) { 944 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); 945 return NULL; 946 } 947 948#ifndef FIPS_MODULE 949 md->type = NID_undef; 950 if (!evp_names_do_all(prov, name_id, set_legacy_nid, &md->type) 951 || md->type == -1) { 952 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); 953 EVP_MD_free(md); 954 return NULL; 955 } 956#endif 957 958 md->name_id = name_id; 959 if ((md->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) { 960 EVP_MD_free(md); 961 return NULL; 962 } 963 md->description = algodef->algorithm_description; 964 965 for (; fns->function_id != 0; fns++) { 966 switch (fns->function_id) { 967 case OSSL_FUNC_DIGEST_NEWCTX: 968 if (md->newctx == NULL) { 969 md->newctx = OSSL_FUNC_digest_newctx(fns); 970 fncnt++; 971 } 972 break; 973 case OSSL_FUNC_DIGEST_INIT: 974 if (md->dinit == NULL) { 975 md->dinit = OSSL_FUNC_digest_init(fns); 976 fncnt++; 977 } 978 break; 979 case OSSL_FUNC_DIGEST_UPDATE: 980 if (md->dupdate == NULL) { 981 md->dupdate = OSSL_FUNC_digest_update(fns); 982 fncnt++; 983 } 984 break; 985 case OSSL_FUNC_DIGEST_FINAL: 986 if (md->dfinal == NULL) { 987 md->dfinal = OSSL_FUNC_digest_final(fns); 988 fncnt++; 989 } 990 break; 991 case OSSL_FUNC_DIGEST_DIGEST: 992 if (md->digest == NULL) 993 md->digest = OSSL_FUNC_digest_digest(fns); 994 /* We don't increment fnct for this as it is stand alone */ 995 break; 996 case OSSL_FUNC_DIGEST_FREECTX: 997 if (md->freectx == NULL) { 998 md->freectx = OSSL_FUNC_digest_freectx(fns); 999 fncnt++; 1000 } 1001 break; 1002 case OSSL_FUNC_DIGEST_DUPCTX: 1003 if (md->dupctx == NULL) 1004 md->dupctx = OSSL_FUNC_digest_dupctx(fns); 1005 break; 1006 case OSSL_FUNC_DIGEST_GET_PARAMS: 1007 if (md->get_params == NULL) 1008 md->get_params = OSSL_FUNC_digest_get_params(fns); 1009 break; 1010 case OSSL_FUNC_DIGEST_SET_CTX_PARAMS: 1011 if (md->set_ctx_params == NULL) 1012 md->set_ctx_params = OSSL_FUNC_digest_set_ctx_params(fns); 1013 break; 1014 case OSSL_FUNC_DIGEST_GET_CTX_PARAMS: 1015 if (md->get_ctx_params == NULL) 1016 md->get_ctx_params = OSSL_FUNC_digest_get_ctx_params(fns); 1017 break; 1018 case OSSL_FUNC_DIGEST_GETTABLE_PARAMS: 1019 if (md->gettable_params == NULL) 1020 md->gettable_params = OSSL_FUNC_digest_gettable_params(fns); 1021 break; 1022 case OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS: 1023 if (md->settable_ctx_params == NULL) 1024 md->settable_ctx_params = 1025 OSSL_FUNC_digest_settable_ctx_params(fns); 1026 break; 1027 case OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS: 1028 if (md->gettable_ctx_params == NULL) 1029 md->gettable_ctx_params = 1030 OSSL_FUNC_digest_gettable_ctx_params(fns); 1031 break; 1032 } 1033 } 1034 if ((fncnt != 0 && fncnt != 5) 1035 || (fncnt == 0 && md->digest == NULL)) { 1036 /* 1037 * In order to be a consistent set of functions we either need the 1038 * whole set of init/update/final etc functions or none of them. 1039 * The "digest" function can standalone. We at least need one way to 1040 * generate digests. 1041 */ 1042 EVP_MD_free(md); 1043 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS); 1044 return NULL; 1045 } 1046 md->prov = prov; 1047 if (prov != NULL) 1048 ossl_provider_up_ref(prov); 1049 1050 if (!evp_md_cache_constants(md)) { 1051 EVP_MD_free(md); 1052 ERR_raise(ERR_LIB_EVP, EVP_R_CACHE_CONSTANTS_FAILED); 1053 md = NULL; 1054 } 1055 1056 return md; 1057} 1058 1059static int evp_md_up_ref(void *md) 1060{ 1061 return EVP_MD_up_ref(md); 1062} 1063 1064static void evp_md_free(void *md) 1065{ 1066 EVP_MD_free(md); 1067} 1068 1069EVP_MD *EVP_MD_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, 1070 const char *properties) 1071{ 1072 EVP_MD *md = 1073 evp_generic_fetch(ctx, OSSL_OP_DIGEST, algorithm, properties, 1074 evp_md_from_algorithm, evp_md_up_ref, evp_md_free); 1075 1076 return md; 1077} 1078 1079int EVP_MD_up_ref(EVP_MD *md) 1080{ 1081 int ref = 0; 1082 1083 if (md->origin == EVP_ORIG_DYNAMIC) 1084 CRYPTO_UP_REF(&md->refcnt, &ref, md->lock); 1085 return 1; 1086} 1087 1088void EVP_MD_free(EVP_MD *md) 1089{ 1090 int i; 1091 1092 if (md == NULL || md->origin != EVP_ORIG_DYNAMIC) 1093 return; 1094 1095 CRYPTO_DOWN_REF(&md->refcnt, &i, md->lock); 1096 if (i > 0) 1097 return; 1098 evp_md_free_int(md); 1099} 1100 1101void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx, 1102 void (*fn)(EVP_MD *mac, void *arg), 1103 void *arg) 1104{ 1105 evp_generic_do_all(libctx, OSSL_OP_DIGEST, 1106 (void (*)(void *, void *))fn, arg, 1107 evp_md_from_algorithm, evp_md_up_ref, evp_md_free); 1108} 1109