X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fevp%2Fdigest.c;h=91baa0d45c3f56adc64e050681298e0724a8d6ec;hp=92dca9854b5a155eed403d11e95f0ceece1bdae6;hb=f000e82898af251442ca52e81fc1ee45996090dc;hpb=79c44b4e3044aee9dc9618850d4f1ce067757b4b diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 92dca9854b..91baa0d45c 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -24,7 +24,7 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) if (ctx == NULL) return 1; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */ /* * pctx should be freed by the user of EVP_MD_CTX @@ -59,7 +59,7 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); } -#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE) +#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE) ENGINE_finish(ctx->engine); #endif @@ -94,7 +94,7 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) ENGINE *tmpimpl = NULL; #endif @@ -114,7 +114,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) ctx->reqdigest = type; /* TODO(3.0): Legacy work around code below. Remove this */ -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) /* * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so * this context may already have an ENGINE! Try to avoid releasing the @@ -145,7 +145,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) */ if (ctx->engine != NULL || impl != NULL -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) || tmpimpl != NULL #endif || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) { @@ -164,7 +164,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) /* TODO(3.0): Start of non-legacy code below */ if (type->prov == NULL) { -#ifdef FIPS_MODE +#ifdef FIPS_MODULE /* We only do explicit fetches inside the FIPS module */ EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR); return 0; @@ -205,7 +205,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) /* TODO(3.0): Remove legacy code below */ legacy: -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) if (type) { if (impl != NULL) { if (!ENGINE_init(impl)) { @@ -257,10 +257,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) } } } -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) skip_to_init: #endif -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* * TODO(3.0): Temporarily no support for EVP_DigestSign* inside FIPS module * or when using providers. @@ -303,7 +303,9 @@ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) return 0; } - if (ctx->digest == NULL || ctx->digest->prov == NULL) + if (ctx->digest == NULL + || ctx->digest->prov == NULL + || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) goto legacy; if (ctx->digest->dupdate == NULL) { @@ -422,7 +424,8 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) return 0; } - if (in->digest->prov == NULL) + if (in->digest->prov == NULL + || (in->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) goto legacy; if (in->digest->dupctx == NULL) { @@ -449,7 +452,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */ EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */ if (in->pctx != NULL) { out->pctx = EVP_PKEY_CTX_dup(in->pctx); @@ -465,7 +468,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) /* TODO(3.0): Remove legacy code below */ legacy: -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) /* Make sure it's safe to copy a digest context using an ENGINE */ if (in->engine && !ENGINE_init(in->engine)) { EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_ENGINE_LIB); @@ -506,7 +509,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) out->update = in->update; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */ if (in->pctx) { out->pctx = EVP_PKEY_CTX_dup(in->pctx); @@ -654,15 +657,12 @@ int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) size_t sz; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - if (ctx == NULL || ctx->digest == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_MESSAGE_DIGEST_IS_NULL); + if (ctx == NULL) { + ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); return 0; } - if (ctx->digest->prov == NULL - && (ctx->pctx == NULL - || (ctx->pctx->operation != EVP_PKEY_OP_VERIFYCTX - && ctx->pctx->operation != EVP_PKEY_OP_SIGNCTX))) + if (ctx->digest != NULL && ctx->digest->prov == NULL) goto legacy; switch (cmd) { @@ -724,7 +724,7 @@ EVP_MD *evp_md_new(void) * provider based, we know that none of its code depends on legacy * NIDs or any functionality that use them. */ -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* TODO(3.x) get rid of the need for legacy NIDs */ static void set_legacy_nid(const char *name, void *vlegacy_nid) { @@ -764,7 +764,7 @@ static void *evp_md_from_dispatch(int name_id, return NULL; } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* TODO(3.x) get rid of the need for legacy NIDs */ md->type = NID_undef; evp_names_do_all(prov, name_id, set_legacy_nid, &md->type);