X-Git-Url: https://git.librecmc.org/?p=oweals%2Fopenssl.git;a=blobdiff_plain;f=crypto%2Fevp%2Fdigest.c;h=92e9b7bfb0dd2af270d875b98f53c61f650cd1dc;hp=bbe637e3cec0a4dab94097e7b051f8d4c34ab3fb;hb=363b1e5daea4a01889e6ff27148018be63d33b9b;hpb=0ddf74bf1c47b554c3d2c086ff2acb18bcc81bc6 diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index bbe637e3ce..92e9b7bfb0 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -24,7 +24,7 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) if (ctx == NULL) return 1; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */ /* * pctx should be freed by the user of EVP_MD_CTX @@ -59,7 +59,7 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); } -#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE) +#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE) ENGINE_finish(ctx->engine); #endif @@ -94,7 +94,7 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) ENGINE *tmpimpl = NULL; #endif @@ -114,7 +114,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) ctx->reqdigest = type; /* TODO(3.0): Legacy work around code below. Remove this */ -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) /* * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so * this context may already have an ENGINE! Try to avoid releasing the @@ -145,7 +145,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) */ if (ctx->engine != NULL || impl != NULL -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) || tmpimpl != NULL #endif || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) { @@ -164,8 +164,8 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) /* TODO(3.0): Start of non-legacy code below */ if (type->prov == NULL) { -#ifdef FIPS_MODE - /* We only do explict fetches inside the FIPS module */ +#ifdef FIPS_MODULE + /* We only do explicit fetches inside the FIPS module */ EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR); return 0; #else @@ -205,7 +205,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) /* TODO(3.0): Remove legacy code below */ legacy: -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) if (type) { if (impl != NULL) { if (!ENGINE_init(impl)) { @@ -257,10 +257,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) } } } -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) skip_to_init: #endif -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* * TODO(3.0): Temporarily no support for EVP_DigestSign* inside FIPS module * or when using providers. @@ -303,7 +303,9 @@ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) return 0; } - if (ctx->digest == NULL || ctx->digest->prov == NULL) + if (ctx->digest == NULL + || ctx->digest->prov == NULL + || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) goto legacy; if (ctx->digest->dupdate == NULL) { @@ -422,7 +424,8 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) return 0; } - if (in->digest->prov == NULL) + if (in->digest->prov == NULL + || (in->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) goto legacy; if (in->digest->dupctx == NULL) { @@ -449,7 +452,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */ EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */ if (in->pctx != NULL) { out->pctx = EVP_PKEY_CTX_dup(in->pctx); @@ -465,7 +468,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) /* TODO(3.0): Remove legacy code below */ legacy: -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) /* Make sure it's safe to copy a digest context using an ENGINE */ if (in->engine && !ENGINE_init(in->engine)) { EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_ENGINE_LIB); @@ -506,7 +509,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) out->update = in->update; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */ if (in->pctx) { out->pctx = EVP_PKEY_CTX_dup(in->pctx); @@ -654,15 +657,12 @@ int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) size_t sz; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - if (ctx == NULL || ctx->digest == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_MESSAGE_DIGEST_IS_NULL); + if (ctx == NULL) { + ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); return 0; } - if (ctx->digest->prov == NULL - && (ctx->pctx == NULL - || (ctx->pctx->operation != EVP_PKEY_OP_VERIFYCTX - && ctx->pctx->operation != EVP_PKEY_OP_SIGNCTX))) + if (ctx->digest != NULL && ctx->digest->prov == NULL) goto legacy; switch (cmd) { @@ -724,18 +724,25 @@ EVP_MD *evp_md_new(void) * provider based, we know that none of its code depends on legacy * NIDs or any functionality that use them. */ -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* TODO(3.x) get rid of the need for legacy NIDs */ static void set_legacy_nid(const char *name, void *vlegacy_nid) { int nid; int *legacy_nid = vlegacy_nid; + /* + * We use lowest level function to get the associated method, because + * higher level functions such as EVP_get_digestbyname() have changed + * to look at providers too. + */ + const void *legacy_method = OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH); if (*legacy_nid == -1) /* We found a clash already */ return; - if ((nid = OBJ_sn2nid(name)) == NID_undef - && (nid = OBJ_ln2nid(name)) == NID_undef) + + if (legacy_method == NULL) return; + nid = EVP_MD_nid(legacy_method); if (*legacy_nid != NID_undef && *legacy_nid != nid) { *legacy_nid = -1; return; @@ -757,7 +764,7 @@ static void *evp_md_from_dispatch(int name_id, return NULL; } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* TODO(3.x) get rid of the need for legacy NIDs */ md->type = NID_undef; evp_names_do_all(prov, name_id, set_legacy_nid, &md->type); @@ -774,68 +781,68 @@ static void *evp_md_from_dispatch(int name_id, switch (fns->function_id) { case OSSL_FUNC_DIGEST_NEWCTX: if (md->newctx == NULL) { - md->newctx = OSSL_get_OP_digest_newctx(fns); + md->newctx = OSSL_FUNC_digest_newctx(fns); fncnt++; } break; case OSSL_FUNC_DIGEST_INIT: if (md->dinit == NULL) { - md->dinit = OSSL_get_OP_digest_init(fns); + md->dinit = OSSL_FUNC_digest_init(fns); fncnt++; } break; case OSSL_FUNC_DIGEST_UPDATE: if (md->dupdate == NULL) { - md->dupdate = OSSL_get_OP_digest_update(fns); + md->dupdate = OSSL_FUNC_digest_update(fns); fncnt++; } break; case OSSL_FUNC_DIGEST_FINAL: if (md->dfinal == NULL) { - md->dfinal = OSSL_get_OP_digest_final(fns); + md->dfinal = OSSL_FUNC_digest_final(fns); fncnt++; } break; case OSSL_FUNC_DIGEST_DIGEST: if (md->digest == NULL) - md->digest = OSSL_get_OP_digest_digest(fns); + md->digest = OSSL_FUNC_digest_digest(fns); /* We don't increment fnct for this as it is stand alone */ break; case OSSL_FUNC_DIGEST_FREECTX: if (md->freectx == NULL) { - md->freectx = OSSL_get_OP_digest_freectx(fns); + md->freectx = OSSL_FUNC_digest_freectx(fns); fncnt++; } break; case OSSL_FUNC_DIGEST_DUPCTX: if (md->dupctx == NULL) - md->dupctx = OSSL_get_OP_digest_dupctx(fns); + md->dupctx = OSSL_FUNC_digest_dupctx(fns); break; case OSSL_FUNC_DIGEST_GET_PARAMS: if (md->get_params == NULL) - md->get_params = OSSL_get_OP_digest_get_params(fns); + md->get_params = OSSL_FUNC_digest_get_params(fns); break; case OSSL_FUNC_DIGEST_SET_CTX_PARAMS: if (md->set_ctx_params == NULL) - md->set_ctx_params = OSSL_get_OP_digest_set_ctx_params(fns); + md->set_ctx_params = OSSL_FUNC_digest_set_ctx_params(fns); break; case OSSL_FUNC_DIGEST_GET_CTX_PARAMS: if (md->get_ctx_params == NULL) - md->get_ctx_params = OSSL_get_OP_digest_get_ctx_params(fns); + md->get_ctx_params = OSSL_FUNC_digest_get_ctx_params(fns); break; case OSSL_FUNC_DIGEST_GETTABLE_PARAMS: if (md->gettable_params == NULL) - md->gettable_params = OSSL_get_OP_digest_gettable_params(fns); + md->gettable_params = OSSL_FUNC_digest_gettable_params(fns); break; case OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS: if (md->settable_ctx_params == NULL) md->settable_ctx_params = - OSSL_get_OP_digest_settable_ctx_params(fns); + OSSL_FUNC_digest_settable_ctx_params(fns); break; case OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS: if (md->gettable_ctx_params == NULL) md->gettable_ctx_params = - OSSL_get_OP_digest_gettable_ctx_params(fns); + OSSL_FUNC_digest_gettable_ctx_params(fns); break; } }