if (md == NULL) {
EVP_MD_CTX *tctx;
BIO_get_md_ctx(bmd, &tctx);
- md = EVP_MD_CTX_md(tctx);
+ md = EVP_MD_CTX_get0_md(tctx);
}
if (md != NULL)
md_name = EVP_MD_name(md);
int signid, paramtype, buf_len = 0;
int rv, pkey_id;
- md = EVP_MD_CTX_md(ctx);
+ md = EVP_MD_CTX_get0_md(ctx);
pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));
if (pkey == NULL) {
int t, rv = 0;
SCRYPT_PARAMS *sparam = NULL;
- if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
+ if (EVP_CIPHER_CTX_get0_cipher(ctx) == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
goto err;
}
/* If anything fails then ensure we can't use this ctx */
ctx->nlast_block = -1;
- if (!EVP_CIPHER_CTX_cipher(ctx->cctx))
+ if (!EVP_CIPHER_CTX_get0_cipher(ctx->cctx))
return 0;
if (!EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen))
return 0;
* If the selected cipher supports unprotected attributes,
* deal with it using special ctrl function
*/
- if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx))
- & EVP_CIPH_FLAG_CIPHER_WITH_MAC)
+ if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
+ & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0
&& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED, 0,
cms->d.envelopedData->unprotectedAttrs) <= 0) {
BIO_free(contentBio);
* If the selected cipher supports unprotected attributes,
* deal with it using special ctrl function
*/
- if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_CIPHER_WITH_MAC) {
+ if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
+ & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) {
if (env->unprotectedAttrs == NULL)
env->unprotectedAttrs = sk_X509_ATTRIBUTE_new_null();
int ret;
/* If a suitable wrap algorithm is already set nothing to do */
- kekcipher = EVP_CIPHER_CTX_cipher(ctx);
+ kekcipher = EVP_CIPHER_CTX_get0_cipher(ctx);
if (kekcipher != NULL) {
if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_WRAP_MODE)
return 0;
* Workaround for broken implementations that use signature
* algorithm OID instead of digest.
*/
- || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
+ || EVP_MD_pkey_type(EVP_MD_CTX_get0_md(mtmp)) == nid)
return EVP_MD_CTX_copy_ex(mctx, mtmp);
chain = BIO_next(chain);
}
} else
r = 1;
} else {
- const EVP_MD *md = EVP_MD_CTX_md(mctx);
+ const EVP_MD *md = EVP_MD_CTX_get0_md(mctx);
const CMS_CTX *ctx = si->cms_ctx;
pkctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx),
switch (cmd) {
case BIO_CTRL_RESET:
if (BIO_get_init(b))
- ret = EVP_DigestInit_ex(ctx, EVP_MD_CTX_md(ctx), NULL);
+ ret = EVP_DigestInit_ex(ctx, EVP_MD_CTX_get0_md(ctx), NULL);
else
ret = 0;
if (ret > 0)
case BIO_C_GET_MD:
if (BIO_get_init(b)) {
ppmd = ptr;
- *ppmd = EVP_MD_CTX_md(ctx);
+ *ppmd = EVP_MD_CTX_get0_md(ctx);
} else
ret = 0;
break;
case BIO_C_GET_MD:
if (BIO_get_init(b)) {
ppmd = ptr;
- *ppmd = EVP_MD_CTX_md(ctx->md);
+ *ppmd = EVP_MD_CTX_get0_md(ctx->md);
} else
ret = 0;
break;
ctx = BIO_get_data(b);
md = ctx->md;
- digest = EVP_MD_CTX_md(md);
+ digest = EVP_MD_CTX_get0_md(md);
md_size = EVP_MD_size(digest);
md_data = EVP_MD_CTX_md_data(md);
ctx = BIO_get_data(b);
md = ctx->md;
- digest = EVP_MD_CTX_md(md);
+ digest = EVP_MD_CTX_get0_md(md);
md_size = EVP_MD_size(digest);
md_data = EVP_MD_CTX_md_data(md);
ctx = BIO_get_data(b);
md = ctx->md;
- digest = EVP_MD_CTX_md(md);
+ digest = EVP_MD_CTX_get0_md(md);
md_size = EVP_MD_size(digest);
tl = ctx->buf_len - OK_BLOCK_BLOCK;
ctx = BIO_get_data(b);
md = ctx->md;
- md_size = EVP_MD_size(EVP_MD_CTX_md(md));
+ md_size = EVP_MD_size(EVP_MD_CTX_get0_md(md));
assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */
tl = ctx->buf[0];
cipher->nid = cipher_type;
cipher->block_size = block_size;
cipher->key_len = key_len;
+ cipher->origin = EVP_ORIG_METH;
}
return cipher;
}
void EVP_CIPHER_meth_free(EVP_CIPHER *cipher)
{
- EVP_CIPHER_free(cipher);
+ if (cipher == NULL || cipher->origin != EVP_ORIG_METH)
+ return;
+
+ evp_cipher_free_int(cipher);
}
int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len)
{
int ref = 0;
- CRYPTO_UP_REF(&md->refcnt, &ref, md->lock);
+ if (md->origin == EVP_ORIG_DYNAMIC)
+ CRYPTO_UP_REF(&md->refcnt, &ref, md->lock);
return 1;
}
{
int i;
- if (md == NULL)
+ if (md == NULL || md->origin != EVP_ORIG_DYNAMIC)
return;
CRYPTO_DOWN_REF(&md->refcnt, &i, md->lock);
if (i > 0)
return;
- ossl_provider_free(md->prov);
- CRYPTO_THREAD_lock_free(md->lock);
- OPENSSL_free(md);
+ evp_md_free_int(md);
}
void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx,
static const EVP_CIPHER aesni_##keylen##_##mode = { \
nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
+ EVP_ORIG_GLOBAL, \
aesni_init_key, \
aesni_##mode##_cipher, \
NULL, \
NULL,NULL,NULL,NULL }; \
static const EVP_CIPHER aes_##keylen##_##mode = { \
nid##_##keylen##_##nmode,blocksize, \
- keylen/8,ivlen, \
+ keylen/8,ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
+ EVP_ORIG_GLOBAL, \
aes_init_key, \
aes_##mode##_cipher, \
NULL, \
(EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \
ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
+ EVP_ORIG_GLOBAL, \
aesni_##mode##_init_key, \
aesni_##mode##_cipher, \
aes_##mode##_cleanup, \
(EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \
ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
+ EVP_ORIG_GLOBAL, \
aes_##mode##_init_key, \
aes_##mode##_cipher, \
aes_##mode##_cleanup, \
static const EVP_CIPHER aes_t4_##keylen##_##mode = { \
nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
+ EVP_ORIG_GLOBAL, \
aes_t4_init_key, \
aes_t4_##mode##_cipher, \
NULL, \
nid##_##keylen##_##nmode,blocksize, \
keylen/8,ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
+ EVP_ORIG_GLOBAL, \
aes_init_key, \
aes_##mode##_cipher, \
NULL, \
(EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \
ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
+ EVP_ORIG_GLOBAL, \
aes_t4_##mode##_init_key, \
aes_t4_##mode##_cipher, \
aes_##mode##_cleanup, \
(EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \
ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
+ EVP_ORIG_GLOBAL, \
aes_##mode##_init_key, \
aes_##mode##_cipher, \
aes_##mode##_cleanup, \
static const EVP_CIPHER aes_##keylen##_##mode = { \
nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
+ EVP_ORIG_GLOBAL, \
aes_init_key, \
aes_##mode##_cipher, \
NULL, \
(EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \
ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
+ EVP_ORIG_GLOBAL, \
aes_##mode##_init_key, \
aes_##mode##_cipher, \
aes_##mode##_cleanup, \
BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
- BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
- BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
+ EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
+ EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
typedef struct {
union {
static const EVP_CIPHER aes_128_wrap = {
NID_id_aes128_wrap,
- 8, 16, 8, WRAP_FLAGS,
+ 8, 16, 8, WRAP_FLAGS, EVP_ORIG_GLOBAL,
aes_wrap_init_key, aes_wrap_cipher,
NULL,
sizeof(EVP_AES_WRAP_CTX),
static const EVP_CIPHER aes_192_wrap = {
NID_id_aes192_wrap,
- 8, 24, 8, WRAP_FLAGS,
+ 8, 24, 8, WRAP_FLAGS, EVP_ORIG_GLOBAL,
aes_wrap_init_key, aes_wrap_cipher,
NULL,
sizeof(EVP_AES_WRAP_CTX),
static const EVP_CIPHER aes_256_wrap = {
NID_id_aes256_wrap,
- 8, 32, 8, WRAP_FLAGS,
+ 8, 32, 8, WRAP_FLAGS, EVP_ORIG_GLOBAL,
aes_wrap_init_key, aes_wrap_cipher,
NULL,
sizeof(EVP_AES_WRAP_CTX),
static const EVP_CIPHER aes_128_wrap_pad = {
NID_id_aes128_wrap_pad,
- 8, 16, 4, WRAP_FLAGS,
+ 8, 16, 4, WRAP_FLAGS, EVP_ORIG_GLOBAL,
aes_wrap_init_key, aes_wrap_cipher,
NULL,
sizeof(EVP_AES_WRAP_CTX),
static const EVP_CIPHER aes_192_wrap_pad = {
NID_id_aes192_wrap_pad,
- 8, 24, 4, WRAP_FLAGS,
+ 8, 24, 4, WRAP_FLAGS, EVP_ORIG_GLOBAL,
aes_wrap_init_key, aes_wrap_cipher,
NULL,
sizeof(EVP_AES_WRAP_CTX),
static const EVP_CIPHER aes_256_wrap_pad = {
NID_id_aes256_wrap_pad,
- 8, 32, 4, WRAP_FLAGS,
+ 8, 32, 4, WRAP_FLAGS, EVP_ORIG_GLOBAL,
aes_wrap_init_key, aes_wrap_cipher,
NULL,
sizeof(EVP_AES_WRAP_CTX),
AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE,
EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
+ EVP_ORIG_GLOBAL,
aesni_cbc_hmac_sha1_init_key,
aesni_cbc_hmac_sha1_cipher,
NULL,
AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE,
EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
+ EVP_ORIG_GLOBAL,
aesni_cbc_hmac_sha1_init_key,
aesni_cbc_hmac_sha1_cipher,
NULL,
AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE,
EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
+ EVP_ORIG_GLOBAL,
aesni_cbc_hmac_sha256_init_key,
aesni_cbc_hmac_sha256_cipher,
NULL,
AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE,
EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
+ EVP_ORIG_GLOBAL,
aesni_cbc_hmac_sha256_init_key,
aesni_cbc_hmac_sha256_cipher,
NULL,
static const EVP_CIPHER aria_##keylen##_##mode = { \
nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
+ EVP_ORIG_GLOBAL, \
aria_init_key, \
aria_##mode##_cipher, \
NULL, \
nid##_##keylen##_##nmode, \
blocksize, keylen/8, ivlen, \
ARIA_AUTH_FLAGS|EVP_CIPH_##MODE##_MODE, \
+ EVP_ORIG_GLOBAL, \
aria_##mode##_init_key, \
aria_##mode##_cipher, \
aria_##mode##_cleanup, \
static const EVP_CIPHER cmll_t4_##keylen##_##mode = { \
nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
+ EVP_ORIG_GLOBAL, \
cmll_t4_init_key, \
cmll_t4_##mode##_cipher, \
NULL, \
nid##_##keylen##_##nmode,blocksize, \
keylen/8,ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
+ EVP_ORIG_GLOBAL, \
camellia_init_key, \
camellia_##mode##_cipher, \
NULL, \
static const EVP_CIPHER camellia_##keylen##_##mode = { \
nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
+ EVP_ORIG_GLOBAL, \
camellia_init_key, \
camellia_##mode##_cipher, \
NULL, \
CHACHA_KEY_SIZE, /* key_len */
CHACHA_CTR_SIZE, /* iv_len, 128-bit counter in the context */
EVP_CIPH_CUSTOM_IV | EVP_CIPH_ALWAYS_CALL_INIT,
+ EVP_ORIG_GLOBAL,
chacha_init_key,
chacha_cipher,
NULL,
EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT |
EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER |
EVP_CIPH_CUSTOM_IV_LENGTH,
+ EVP_ORIG_GLOBAL,
chacha20_poly1305_init_key,
chacha20_poly1305_cipher,
chacha20_poly1305_cleanup,
8, 24, 0,
EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER
| EVP_CIPH_FLAG_DEFAULT_ASN1,
+ EVP_ORIG_GLOBAL,
des_ede3_init_key, des_ede3_wrap_cipher,
NULL,
sizeof(DES_EDE_KEY),
static const EVP_CIPHER n_cipher = {
NID_undef,
1, 0, 0, 0,
+ EVP_ORIG_GLOBAL,
null_init_key,
null_cipher,
NULL,
NID_rc2_64_cbc,
8, 8 /* 64 bit */ , 8,
EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+ EVP_ORIG_GLOBAL,
rc2_init_key,
rc2_cbc_cipher,
NULL,
NID_rc2_40_cbc,
8, 5 /* 40 bit */ , 8,
EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+ EVP_ORIG_GLOBAL,
rc2_init_key,
rc2_cbc_cipher,
NULL,
NID_rc4,
1, EVP_RC4_KEY_SIZE, 0,
EVP_CIPH_VARIABLE_LENGTH,
+ EVP_ORIG_GLOBAL,
rc4_init_key,
rc4_cipher,
NULL,
NID_rc4_40,
1, 5 /* 40 bit */ , 0,
EVP_CIPH_VARIABLE_LENGTH,
+ EVP_ORIG_GLOBAL,
rc4_init_key,
rc4_cipher,
NULL,
1, EVP_RC4_KEY_SIZE, 0,
EVP_CIPH_STREAM_CIPHER | EVP_CIPH_VARIABLE_LENGTH |
EVP_CIPH_FLAG_AEAD_CIPHER,
+ EVP_ORIG_GLOBAL,
rc4_hmac_md5_init_key,
rc4_hmac_md5_cipher,
NULL,
static const EVP_CIPHER sm4_ctr_mode = {
NID_sm4_ctr, 1, 16, 16,
EVP_CIPH_CTR_MODE,
+ EVP_ORIG_GLOBAL,
sm4_init_key,
sm4_ctr_cipher,
NULL,
NID_desx_cbc,
8, 24, 8,
EVP_CIPH_CBC_MODE,
+ EVP_ORIG_GLOBAL,
desx_cbc_init_key,
desx_cbc_cipher,
NULL,
return 0;
}
- if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_CUSTOM_IV)) {
+ if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
+ & EVP_CIPH_CUSTOM_IV) == 0) {
switch (EVP_CIPHER_CTX_mode(ctx)) {
case EVP_CIPH_STREAM_CIPHER:
{
int ref = 0;
- CRYPTO_UP_REF(&cipher->refcnt, &ref, cipher->lock);
+ if (cipher->origin == EVP_ORIG_DYNAMIC)
+ CRYPTO_UP_REF(&cipher->refcnt, &ref, cipher->lock);
return 1;
}
+void evp_cipher_free_int(EVP_CIPHER *cipher)
+{
+ ossl_provider_free(cipher->prov);
+ CRYPTO_THREAD_lock_free(cipher->lock);
+ OPENSSL_free(cipher);
+}
+
void EVP_CIPHER_free(EVP_CIPHER *cipher)
{
int i;
- if (cipher == NULL || cipher->prov == NULL)
+ if (cipher == NULL || cipher->origin != EVP_ORIG_DYNAMIC)
return;
CRYPTO_DOWN_REF(&cipher->refcnt, &i, cipher->lock);
if (i > 0)
return;
- ossl_provider_free(cipher->prov);
- CRYPTO_THREAD_lock_free(cipher->lock);
- OPENSSL_free(cipher);
+ evp_cipher_free_int(cipher);
}
void EVP_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx,
return ctx->cipher->do_cipher(ctx, out, in, inl);
}
+#ifndef OPENSSL_NO_DEPRECATED_3_0
const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
{
+ if (ctx == NULL)
+ return NULL;
+ return ctx->cipher;
+}
+#endif
+
+const EVP_CIPHER *EVP_CIPHER_CTX_get0_cipher(const EVP_CIPHER_CTX *ctx)
+{
+ if (ctx == NULL)
+ return NULL;
return ctx->cipher;
}
+EVP_CIPHER *EVP_CIPHER_CTX_get1_cipher(EVP_CIPHER_CTX *ctx)
+{
+ EVP_CIPHER *cipher;
+
+ if (ctx == NULL)
+ return NULL;
+ cipher = (EVP_CIPHER *)ctx->cipher;
+ if (!EVP_CIPHER_up_ref(cipher))
+ return NULL;
+ return cipher;
+}
+
int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx)
{
return ctx->encrypt;
if (md != NULL) {
md->type = md_type;
md->pkey_type = pkey_type;
+ md->origin = EVP_ORIG_METH;
}
return md;
}
return to;
}
+void evp_md_free_int(EVP_MD *md)
+{
+ ossl_provider_free(md->prov);
+ CRYPTO_THREAD_lock_free(md->lock);
+ OPENSSL_free(md);
+}
+
void EVP_MD_meth_free(EVP_MD *md)
{
- EVP_MD_free(md);
+ if (md == NULL || md->origin != EVP_ORIG_METH)
+ return;
+
+ evp_md_free_int(md);
}
+
int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize)
{
if (md->block_size != 0)
return md->md_ctrl;
}
+#ifndef OPENSSL_NO_DEPRECATED_3_0
const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
{
if (ctx == NULL)
return NULL;
return ctx->reqdigest;
}
+#endif
+
+const EVP_MD *EVP_MD_CTX_get0_md(const EVP_MD_CTX *ctx)
+{
+ if (ctx == NULL)
+ return NULL;
+ return ctx->reqdigest;
+}
+
+EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx)
+{
+ EVP_MD *md;
+
+ if (ctx == NULL)
+ return NULL;
+ md = (EVP_MD *)ctx->reqdigest;
+ if (!EVP_MD_up_ref(md))
+ return NULL;
+ return md;
+}
EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx)
{
}
void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX *ctx);
+void evp_cipher_free_int(EVP_CIPHER *md);
+void evp_md_free_int(EVP_MD *md);
/* OSSL_PROVIDER * is only used to get the library context */
const char *evp_first_name(const OSSL_PROVIDER *prov, int name_id);
0,
BLAKE2B_DIGEST_LENGTH,
0,
+ EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(blake2b_int_init, blake2b_int_update,
blake2b_int_final, NULL, BLAKE2B_BLOCKBYTES),
};
0,
BLAKE2S_DIGEST_LENGTH,
0,
+ EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(blake2s_int_init, blake2s_int_update,
blake2s_int_final, NULL, BLAKE2S_BLOCKBYTES),
};
NID_md2WithRSAEncryption,
MD2_DIGEST_LENGTH,
0,
+ EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(md2_init, md2_update, md2_final, NULL, MD2_BLOCK)
};
NID_md4WithRSAEncryption,
MD4_DIGEST_LENGTH,
0,
+ EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(md4_init, md4_update, md4_final, NULL, MD4_CBLOCK),
};
NID_md5WithRSAEncryption,
MD5_DIGEST_LENGTH,
0,
+ EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(md5_init, md5_update, md5_final, NULL, MD5_CBLOCK)
};
NID_md5_sha1,
MD5_SHA1_DIGEST_LENGTH,
0,
+ EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(md5_sha1_int_init, md5_sha1_int_update,
md5_sha1_int_final, md5_sha1_int_ctrl,
MD5_SHA1_CBLOCK),
NID_mdc2WithRSA,
MDC2_DIGEST_LENGTH,
0,
+ EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(mdc2_init, mdc2_update, mdc2_final, NULL,
MDC2_BLOCK),
};
NID_ripemd160WithRSA,
RIPEMD160_DIGEST_LENGTH,
0,
+ EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(ripe_init, ripe_update, ripe_final, NULL,
RIPEMD160_CBLOCK),
};
NID_sha1WithRSAEncryption,
SHA_DIGEST_LENGTH,
EVP_MD_FLAG_DIGALGID_ABSENT,
+ EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(sha1_init, sha1_update, sha1_final, sha1_int_ctrl,
SHA_CBLOCK),
};
NID_sha224WithRSAEncryption,
SHA224_DIGEST_LENGTH,
EVP_MD_FLAG_DIGALGID_ABSENT,
+ EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(sha224_init, sha224_update, sha224_final, NULL,
SHA256_CBLOCK),
};
NID_sha256WithRSAEncryption,
SHA256_DIGEST_LENGTH,
EVP_MD_FLAG_DIGALGID_ABSENT,
+ EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(sha256_init, sha256_update, sha256_final, NULL,
SHA256_CBLOCK),
};
NID_sha512_224WithRSAEncryption,
SHA224_DIGEST_LENGTH,
EVP_MD_FLAG_DIGALGID_ABSENT,
+ EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(sha512_224_int_init, sha512_224_int_update,
sha512_224_int_final, NULL, SHA512_CBLOCK),
};
NID_sha512_256WithRSAEncryption,
SHA256_DIGEST_LENGTH,
EVP_MD_FLAG_DIGALGID_ABSENT,
+ EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(sha512_256_int_init, sha512_256_int_update,
sha512_256_int_final, NULL, SHA512_CBLOCK),
};
NID_sha384WithRSAEncryption,
SHA384_DIGEST_LENGTH,
EVP_MD_FLAG_DIGALGID_ABSENT,
+ EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(sha384_init, sha384_update, sha384_final, NULL,
SHA512_CBLOCK),
};
NID_sha512WithRSAEncryption,
SHA512_DIGEST_LENGTH,
EVP_MD_FLAG_DIGALGID_ABSENT,
+ EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(sha512_init, sha512_update, sha512_final, NULL,
SHA512_CBLOCK),
};
NID_RSA_SHA3_##bitlen, \
bitlen / 8, \
EVP_MD_FLAG_DIGALGID_ABSENT, \
+ EVP_ORIG_GLOBAL, \
LEGACY_EVP_MD_METH_TABLE(sha3_int_init, sha3_int_update, \
sha3_int_final, NULL, \
(KECCAK1600_WIDTH - bitlen * 2) / 8), \
0, \
bitlen / 8, \
EVP_MD_FLAG_XOF, \
+ EVP_ORIG_GLOBAL, \
LEGACY_EVP_MD_METH_TABLE(shake_init, sha3_int_update, sha3_int_final, \
shake_ctrl, (KECCAK1600_WIDTH - bitlen * 2) / 8), \
}; \
0,
WHIRLPOOL_DIGEST_LENGTH,
0,
+ EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(wp_init, wp_update, wp_final, NULL,
WHIRLPOOL_BBLOCK / 8),
};
NID_undef,
0,
0,
+ EVP_ORIG_GLOBAL,
init,
update,
final,
/* legacy code support for engines */
ERR_set_mark();
/*
- * This might be requested by a later call to EVP_MD_CTX_md().
+ * This might be requested by a later call to EVP_MD_CTX_get0_md().
* In that case the "explicit fetch" rules apply for that
* function (as per man pages), i.e. the ref count is not updated
* so the EVP_MD should not be used beyound the lifetime of the
PBKDF2PARAM *kdf = NULL;
const EVP_MD *prfmd;
- if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
+ if (EVP_CIPHER_CTX_get0_cipher(ctx) == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
goto err;
}
goto err;
if (EVP_PKEY_sign_init(pkctx) <= 0)
goto err;
- if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(ctx)) <= 0)
+ if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_get0_md(ctx)) <= 0)
goto err;
if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
goto err;
goto err;
if (EVP_PKEY_verify_init(pkctx) <= 0)
goto err;
- if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(ctx)) <= 0)
+ if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_get0_md(ctx)) <= 0)
goto err;
i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
err:
* MAC should be processed on decrypting separately from plain text
*/
max_out_len = inlen + EVP_CIPHER_CTX_block_size(ctx);
- if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_CIPHER_WITH_MAC) {
+ if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
+ & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) {
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD, 0, &mac_len) < 0) {
ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR);
goto err;
goto err;
}
outlen += i;
- if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_CIPHER_WITH_MAC) {
+ if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
+ & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) {
if (EVP_CIPHER_CTX_encrypting(ctx)) {
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
(int)mac_len, out+outlen) < 0) {
* Workaround for some broken clients that put the signature OID
* instead of the digest OID in digest_alg->algorithm
*/
- if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
+ if (EVP_MD_pkey_type(EVP_MD_CTX_get0_md(mdc)) == md_type)
break;
btmp = BIO_next(btmp);
}
NID_sm3WithRSAEncryption,
SM3_DIGEST_LENGTH,
0,
+ EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(sm3_int_init, sm3_int_update, sm3_int_final, NULL,
SM3_CBLOCK),
};
EVP_MD_names_do_all, EVP_MD_provider,
EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_flags,
EVP_MD_CTX_name,
-EVP_MD_CTX_md, EVP_MD_CTX_type, EVP_MD_CTX_size, EVP_MD_CTX_block_size,
+EVP_MD_CTX_md, EVP_MD_CTX_get0_md, EVP_MD_CTX_get1_md,
+EVP_MD_CTX_type, EVP_MD_CTX_size, EVP_MD_CTX_block_size,
EVP_MD_CTX_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn,
EVP_md_null,
EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj,
int EVP_MD_block_size(const EVP_MD *md);
unsigned long EVP_MD_flags(const EVP_MD *md);
- const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
+ const EVP_MD *EVP_MD_CTX_get0_md(const EVP_MD_CTX *ctx);
+ EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx);
const char *EVP_MD_CTX_name(const EVP_MD_CTX *ctx);
int EVP_MD_CTX_size(const EVP_MD_CTX *ctx);
int EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx);
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
+ const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
+
int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
const void *data, size_t count);
The space is allocated by OpenSSL and has the size originally set with
EVP_MD_meth_set_app_datasize().
-=item EVP_MD_CTX_md()
+=item EVP_MD_CTX_get0_md(), EVP_MD_CTX_get1_md()
-Returns the B<EVP_MD> structure corresponding to the passed B<EVP_MD_CTX>. This
+EVP_MD_CTX_get0_md() returns
+the B<EVP_MD> structure corresponding to the passed B<EVP_MD_CTX>. This
will be the same B<EVP_MD> object originally passed to EVP_DigestInit_ex2() (or
other similar function) when the EVP_MD_CTX was first initialised. Note that
where explicit fetch is in use (see L<EVP_MD_fetch(3)>) the value returned from
this function will not have its reference count incremented and therefore it
should not be used after the EVP_MD_CTX is freed.
+EVP_MD_CTX_get1_md() is the same except the ownership is passed to the
+caller and is from the passed B<EVP_MD_CTX>.
=item EVP_MD_CTX_set_update_fn()
EVP_MD_settable_ctx_params(), EVP_MD_CTX_settable_params() and
EVP_MD_CTX_gettable_params() functions were added in OpenSSL 3.0.
-The EVP_MD_CTX_update_fn() and EVP_MD_CTX_set_update_fn() were deprecated
+The EVP_MD_CTX_md() function was deprecated in OpenSSL 3.0; use
+EVP_MD_CTX_get0_md() instead.
+EVP_MD_CTX_update_fn() and EVP_MD_CTX_set_update_fn() were deprecated
in OpenSSL 3.0.
=head1 COPYRIGHT
EVP_CIPHER_mode,
EVP_CIPHER_type,
EVP_CIPHER_CTX_cipher,
+EVP_CIPHER_CTX_get0_cipher,
+EVP_CIPHER_CTX_get1_cipher,
EVP_CIPHER_CTX_name,
EVP_CIPHER_CTX_nid,
EVP_CIPHER_CTX_get_params,
unsigned long EVP_CIPHER_mode(const EVP_CIPHER *e);
int EVP_CIPHER_type(const EVP_CIPHER *cipher);
- const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
+ const EVP_CIPHER *EVP_CIPHER_CTX_get0_cipher(const EVP_CIPHER_CTX *ctx);
+ EVP_CIPHER *EVP_CIPHER_CTX_get1_cipher(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
const char *EVP_CIPHER_CTX_name(const EVP_CIPHER_CTX *ctx);
void (*fn)(EVP_CIPHER *cipher, void *arg),
void *arg);
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
+ const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
+
=head1 DESCRIPTION
The EVP cipher routines are a high-level interface to certain
EVP_CIPHER_provider() returns an B<OSSL_PROVIDER> pointer to the provider
that implements the given B<EVP_CIPHER>.
-EVP_CIPHER_CTX_cipher() returns the B<EVP_CIPHER> structure when passed
+EVP_CIPHER_CTX_get0_cipher() returns the B<EVP_CIPHER> structure when passed
an B<EVP_CIPHER_CTX> structure.
+EVP_CIPHER_CTX_get1_cipher() is the same except the ownership is passed to
+the caller.
EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode() return the block cipher mode:
EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE,
disappeared. EVP_CIPHER_CTX_init() remains as an alias for
EVP_CIPHER_CTX_reset().
+The EVP_CIPHER_CTX_cipher() function was deprecated in OpenSSL 3.0; use
+EVP_CIPHER_CTX_get0_cipher() instead.
+
The EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2(), EVP_CipherInit_ex2(),
EVP_CIPHER_fetch(), EVP_CIPHER_free(), EVP_CIPHER_up_ref(),
+EVP_CIPHER_CTX_get0_cipher(), EVP_CIPHER_CTX_get1_cipher(),
EVP_CIPHER_get_params(), EVP_CIPHER_CTX_set_params(),
EVP_CIPHER_CTX_get_params(), EVP_CIPHER_gettable_params(),
EVP_CIPHER_settable_ctx_params(), EVP_CIPHER_gettable_ctx_params(),
return 0;
}
- if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
+ if (EVP_CIPHER_CTX_get0_cipher(ctx) == NULL) {
ALG_WARN("%s(%d): Cipher object NULL\n", __FILE__, __LINE__);
return 0;
}
OSSL_FUNC_kdf_set_ctx_params_fn *set_ctx_params;
};
+#define EVP_ORIG_DYNAMIC 0
+#define EVP_ORIG_GLOBAL 1
+#define EVP_ORIG_METH 2
+
struct evp_md_st {
/* nid */
int type;
int pkey_type;
int md_size;
unsigned long flags;
+ int origin;
int (*init) (EVP_MD_CTX *ctx);
int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count);
int (*final) (EVP_MD_CTX *ctx, unsigned char *md);
/* Legacy structure members */
/* Various flags */
unsigned long flags;
+ /* How the EVP_CIPHER was created. */
+ int origin;
/* init key */
int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
#define BLOCK_CIPHER_ecb_loop() \
size_t i, bl; \
- bl = EVP_CIPHER_CTX_cipher(ctx)->block_size; \
+ bl = EVP_CIPHER_CTX_get0_cipher(ctx)->block_size; \
if (inl < bl) return 1;\
inl -= bl; \
for (i=0; i <= inl; i+=bl)
static const EVP_CIPHER cname##_##mode = { \
nid##_##nmode, block_size, key_len, iv_len, \
flags | EVP_CIPH_##MODE##_MODE, \
+ EVP_ORIG_GLOBAL, \
init_key, \
cname##_##mode##_cipher, \
cleanup, \
static const EVP_CIPHER cname##_cbc = {\
nid##_cbc, block_size, key_len, iv_len, \
flags | EVP_CIPH_CBC_MODE,\
+ EVP_ORIG_GLOBAL,\
init_key,\
cname##_cbc_cipher,\
cleanup,\
static const EVP_CIPHER cname##_cfb = {\
nid##_cfb64, 1, key_len, iv_len, \
flags | EVP_CIPH_CFB_MODE,\
+ EVP_ORIG_GLOBAL,\
init_key,\
cname##_cfb_cipher,\
cleanup,\
static const EVP_CIPHER cname##_ofb = {\
nid##_ofb64, 1, key_len, iv_len, \
flags | EVP_CIPH_OFB_MODE,\
+ EVP_ORIG_GLOBAL,\
init_key,\
cname##_ofb_cipher,\
cleanup,\
static const EVP_CIPHER cname##_ecb = {\
nid##_ecb, block_size, key_len, iv_len, \
flags | EVP_CIPH_ECB_MODE,\
+ EVP_ORIG_GLOBAL,\
init_key,\
cname##_ecb_cipher,\
cleanup,\
int EVP_MD_block_size(const EVP_MD *md);
unsigned long EVP_MD_flags(const EVP_MD *md);
-const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
+const EVP_MD *EVP_MD_CTX_get0_md(const EVP_MD_CTX *ctx);
+EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx);
# ifndef OPENSSL_NO_DEPRECATED_3_0
OSSL_DEPRECATEDIN_3_0
+const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
+OSSL_DEPRECATEDIN_3_0
int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
const void *data, size_t count);
OSSL_DEPRECATEDIN_3_0
int (*update) (EVP_MD_CTX *ctx,
const void *data, size_t count));
# endif
-# define EVP_MD_CTX_name(e) EVP_MD_name(EVP_MD_CTX_md(e))
-# define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e))
-# define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e))
-# define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e))
+# define EVP_MD_CTX_name(e) EVP_MD_name(EVP_MD_CTX_get0_md(e))
+# define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_get0_md(e))
+# define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_get0_md(e))
+# define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_get0_md(e))
EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx);
void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx);
void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx);
int EVP_CIPHER_up_ref(EVP_CIPHER *cipher);
void EVP_CIPHER_free(EVP_CIPHER *cipher);
-const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
+const EVP_CIPHER *EVP_CIPHER_CTX_get0_cipher(const EVP_CIPHER_CTX *ctx);
+EVP_CIPHER *EVP_CIPHER_CTX_get1_cipher(EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx);
# ifndef OPENSSL_NO_DEPRECATED_3_0
+const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
OSSL_DEPRECATEDIN_3_0 const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx);
OSSL_DEPRECATEDIN_3_0 const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx);
OSSL_DEPRECATEDIN_3_0 unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx);
void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);
void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx);
void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data);
-# define EVP_CIPHER_CTX_name(c) EVP_CIPHER_name(EVP_CIPHER_CTX_cipher(c))
-# define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
+# define EVP_CIPHER_CTX_name(c) EVP_CIPHER_name(EVP_CIPHER_CTX_get0_cipher(c))
+# define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_get0_cipher(c))
# ifndef OPENSSL_NO_DEPRECATED_1_1_0
-# define EVP_CIPHER_CTX_flags(c) EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(c))
+# define EVP_CIPHER_CTX_flags(c) EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(c))
# endif
-# define EVP_CIPHER_CTX_mode(c) EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(c))
+# define EVP_CIPHER_CTX_mode(c) EVP_CIPHER_mode(EVP_CIPHER_CTX_get0_cipher(c))
# define EVP_ENCODE_LENGTH(l) ((((l)+2)/3*4)+((l)/48+1)*2+80)
# define EVP_DECODE_LENGTH(l) (((l)+3)/4*3+80)
sess = s->session;
- if ((sess == NULL) ||
- (s->enc_write_ctx == NULL) || (EVP_MD_CTX_md(s->write_hash) == NULL))
+ if ((sess == NULL)
+ || (s->enc_write_ctx == NULL)
+ || (EVP_MD_CTX_get0_md(s->write_hash) == NULL))
clear = 1;
if (clear)
* jumbo buffer to accommodate up to 8 records, but the
* compromise is considered worthy.
*/
- if (type == SSL3_RT_APPLICATION_DATA &&
- len >= 4 * (max_send_fragment = ssl_get_max_send_fragment(s)) &&
- s->compress == NULL && s->msg_callback == NULL &&
- !SSL_WRITE_ETM(s) && SSL_USE_EXPLICIT_IV(s) &&
- (BIO_get_ktls_send(s->wbio) == 0) &&
- EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) &
- EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) {
+ if (type == SSL3_RT_APPLICATION_DATA
+ && len >= 4 * (max_send_fragment = ssl_get_max_send_fragment(s))
+ && s->compress == NULL
+ && s->msg_callback == NULL
+ && !SSL_WRITE_ETM(s)
+ && SSL_USE_EXPLICIT_IV(s)
+ && BIO_get_ktls_send(s->wbio) == 0
+ && (EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx))
+ & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) != 0) {
unsigned char aad[13];
EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
size_t packlen;
}
if (maxpipes == 0
|| s->enc_write_ctx == NULL
- || !(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx))
- & EVP_CIPH_FLAG_PIPELINE)
+ || (EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx))
+ & EVP_CIPH_FLAG_PIPELINE) == 0
|| !SSL_USE_EXPLICIT_IV(s))
maxpipes = 1;
- if (max_send_fragment == 0 || split_send_fragment == 0
- || split_send_fragment > max_send_fragment) {
+ if (max_send_fragment == 0
+ || split_send_fragment == 0
+ || split_send_fragment > max_send_fragment) {
/*
* We should have prevented this when we set/get the split and max send
* fragments so we shouldn't get here
sess = s->session;
- if ((sess == NULL) ||
- (s->enc_write_ctx == NULL) || (EVP_MD_CTX_md(s->write_hash) == NULL)) {
+ if ((sess == NULL)
+ || (s->enc_write_ctx == NULL)
+ || (EVP_MD_CTX_get0_md(s->write_hash) == NULL)) {
clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */
mac_size = 0;
} else {
&& thisrr->type == SSL3_RT_APPLICATION_DATA
&& SSL_USE_EXPLICIT_IV(s)
&& s->enc_read_ctx != NULL
- && (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx))
- & EVP_CIPH_FLAG_PIPELINE)
+ && (EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_read_ctx))
+ & EVP_CIPH_FLAG_PIPELINE) != 0
&& ssl3_record_app_data_waiting(s));
if (num_recs == 1
/* TODO(size_t): convert this to do size_t properly */
if (s->read_hash != NULL) {
- const EVP_MD *tmpmd = EVP_MD_CTX_md(s->read_hash);
+ const EVP_MD *tmpmd = EVP_MD_CTX_get0_md(s->read_hash);
if (tmpmd != NULL) {
imac_size = EVP_MD_size(tmpmd);
} OSSL_TRACE_END(TLS);
/* r->length is now the compressed data plus mac */
- if ((sess != NULL) &&
- (s->enc_read_ctx != NULL) &&
- (!SSL_READ_ETM(s) && EVP_MD_CTX_md(s->read_hash) != NULL)) {
+ if ((sess != NULL)
+ && (s->enc_read_ctx != NULL)
+ && (!SSL_READ_ETM(s) && EVP_MD_CTX_get0_md(s->read_hash) != NULL)) {
/* s->read_hash != NULL => mac_size != -1 */
for (j = 0; j < num_recs; j++) {
if (s->enc_write_ctx == NULL)
enc = NULL;
else
- enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
+ enc = EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx);
} else {
ds = s->enc_read_ctx;
if (s->enc_read_ctx == NULL)
enc = NULL;
else
- enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
+ enc = EVP_CIPHER_CTX_get0_cipher(s->enc_read_ctx);
}
if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
}
if (sending) {
- if (EVP_MD_CTX_md(s->write_hash)) {
+ if (EVP_MD_CTX_get0_md(s->write_hash)) {
int n = EVP_MD_CTX_size(s->write_hash);
if (!ossl_assert(n >= 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
enc = NULL;
else {
int ivlen;
- enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
+
+ enc = EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx);
/* For TLSv1.1 and later explicit IV */
if (SSL_USE_EXPLICIT_IV(s)
&& EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
}
}
} else {
- if (EVP_MD_CTX_md(s->read_hash)) {
+ if (EVP_MD_CTX_get0_md(s->read_hash)) {
int n = EVP_MD_CTX_size(s->read_hash);
if (!ossl_assert(n >= 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
if (s->enc_read_ctx == NULL)
enc = NULL;
else
- enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
+ enc = EVP_CIPHER_CTX_get0_cipher(s->enc_read_ctx);
}
if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
} else {
int provided = (EVP_CIPHER_provider(enc) != NULL);
- bs = EVP_CIPHER_block_size(EVP_CIPHER_CTX_cipher(ds));
+ bs = EVP_CIPHER_block_size(EVP_CIPHER_CTX_get0_cipher(ds));
if (n_recs > 1) {
- if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
- & EVP_CIPH_FLAG_PIPELINE)) {
+ if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ds))
+ & EVP_CIPH_FLAG_PIPELINE) == 0) {
/*
* We shouldn't have been called with pipeline data if the
* cipher doesn't support pipelining
for (ctr = 0; ctr < n_recs; ctr++) {
reclen[ctr] = recs[ctr].length;
- if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
- & EVP_CIPH_FLAG_AEAD_CIPHER) {
+ if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ds))
+ & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) {
unsigned char *seq;
seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer)
/* TODO(size_t): Convert this call */
tmpr = EVP_Cipher(ds, recs[0].data, recs[0].input,
(unsigned int)reclen[0]);
- if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
- & EVP_CIPH_FLAG_CUSTOM_CIPHER)
+ if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ds))
+ & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0
? (tmpr < 0)
: (tmpr == 0)) {
/* AEAD can fail to verify MAC */
header[j++] = (unsigned char)(rec->length & 0xff);
/* Final param == is SSLv3 */
- if (ssl3_cbc_digest_record(EVP_MD_CTX_md(hash),
+ if (ssl3_cbc_digest_record(EVP_MD_CTX_get0_md(hash),
md, &md_size,
header, rec->input,
rec->length, rec->orig_len,
/* TODO(size_t): convert this to do size_t properly */
if (s->read_hash != NULL) {
- const EVP_MD *tmpmd = EVP_MD_CTX_md(s->read_hash);
+ const EVP_MD *tmpmd = EVP_MD_CTX_get0_md(s->read_hash);
if (tmpmd != NULL) {
imac_size = EVP_MD_size(tmpmd);
} OSSL_TRACE_END(TLS);
/* r->length is now the compressed data plus mac */
- if ((sess != NULL) && !SSL_READ_ETM(s) &&
- (s->enc_read_ctx != NULL) && (EVP_MD_CTX_md(s->read_hash) != NULL)) {
+ if ((sess != NULL)
+ && !SSL_READ_ETM(s)
+ && (s->enc_read_ctx != NULL)
+ && (EVP_MD_CTX_get0_md(s->read_hash) != NULL)) {
/* s->read_hash != NULL => mac_size != -1 */
i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ );
if (s->write_hash) {
if (s->enc_write_ctx
- && (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) &
+ && (EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx)) &
EVP_CIPH_FLAG_AEAD_CIPHER) != 0)
mac_size = 0;
else
|| !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
|| !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
/* EVP_DigestFinal resets the EVP_MD_CTX. */
- || !TEST_ptr_eq(EVP_MD_CTX_md(md_ctx), NULL))
+ || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
goto out;
if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
|| !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
|| !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
/* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
- || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
+ || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
/*
* EVP_DigestInit_ex with NULL type should work on
* pre-initialized context.
|| !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
|| !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
/* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
- || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
+ || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
|| !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
goto out;
ret = 1;
|| !TEST_true(EVP_DigestFinal_ex(ctx, out, NULL))
|| !TEST_mem_eq(out, SHA256_DIGEST_LENGTH, exptd,
SHA256_DIGEST_LENGTH)
- || !TEST_true(md == EVP_MD_CTX_md(ctx)))
+ || !TEST_true(md == EVP_MD_CTX_get0_md(ctx)))
goto err;
ret = 1;
X509_CRL_digest 425 3_0_0 EXIST::FUNCTION:
EVP_aes_128_cbc_hmac_sha1 426 3_0_0 EXIST::FUNCTION:
ERR_load_CMS_strings 427 3_0_0 EXIST::FUNCTION:CMS,DEPRECATEDIN_3_0
-EVP_MD_CTX_md 428 3_0_0 EXIST::FUNCTION:
+EVP_MD_CTX_md 428 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
X509_REVOKED_get_ext 429 3_0_0 EXIST::FUNCTION:
d2i_RSA_PSS_PARAMS 430 3_0_0 EXIST::FUNCTION:
USERNOTICE_free 431 3_0_0 EXIST::FUNCTION:
X509_STORE_add_crl 3026 3_0_0 EXIST::FUNCTION:
PEM_write_RSAPrivateKey 3027 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,STDIO
RC4_set_key 3028 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC4
-EVP_CIPHER_CTX_cipher 3029 3_0_0 EXIST::FUNCTION:
+EVP_CIPHER_CTX_cipher 3029 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
PEM_write_bio_PKCS8PrivateKey_nid 3030 3_0_0 EXIST::FUNCTION:
BN_MONT_CTX_new 3031 3_0_0 EXIST::FUNCTION:
CRYPTO_free_ex_index 3032 3_0_0 EXIST::FUNCTION:
OSSL_PARAM_free ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_todata ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_export ? 3_0_0 EXIST::FUNCTION:
+EVP_MD_CTX_get0_md ? 3_0_0 EXIST::FUNCTION:
+EVP_MD_CTX_get1_md ? 3_0_0 EXIST::FUNCTION:
+EVP_CIPHER_CTX_get0_cipher ? 3_0_0 EXIST::FUNCTION:
+EVP_CIPHER_CTX_get1_cipher ? 3_0_0 EXIST::FUNCTION: