This function re-implements EVP_MD_meth_free(), but has a name that
isn't encumbered by legacy EVP_MD construction functionality.
We also refactor most of EVP_MD_meth_new() into an internal
evp_md_new() that's used when creating fetched methods.
EVP_MD_meth_new() and EVP_MD_meth_free() are rewritten in terms of
evp_md_new() and EVP_MD_free(). This means that at any time, we can
deprecate all the EVP_MD_meth_ functions with no harmful consequence.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9758)
17 files changed:
EVP_MD_CTX_settable_params(m), 4);
}
}
EVP_MD_CTX_settable_params(m), 4);
}
}
- sk_EVP_MD_pop_free(digests, EVP_MD_meth_free);
+ sk_EVP_MD_pop_free(digests, EVP_MD_free);
}
DEFINE_STACK_OF(EVP_MAC)
}
DEFINE_STACK_OF(EVP_MAC)
err:
EVP_MD_CTX_free(mdctx);
err:
EVP_MD_CTX_free(mdctx);
OPENSSL_free(k_bytes);
OPENSSL_cleanse(private_bytes, sizeof(private_bytes));
return ret;
OPENSSL_free(k_bytes);
OPENSSL_cleanse(private_bytes, sizeof(private_bytes));
return ret;
ret = C448_SUCCESS;
err:
EVP_MD_CTX_free(hashctx);
ret = C448_SUCCESS;
err:
EVP_MD_CTX_free(hashctx);
- EVP_MD_meth_free(shake256);
|| !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s))
|| !EVP_DigestUpdate(hashctx, dom, sizeof(dom))
|| !EVP_DigestUpdate(hashctx, context, context_len)) {
|| !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s))
|| !EVP_DigestUpdate(hashctx, dom, sizeof(dom))
|| !EVP_DigestUpdate(hashctx, context, context_len)) {
- EVP_MD_meth_free(shake256);
- EVP_MD_meth_free(shake256);
- EVP_MD_meth_free(ctx->fetched_digest);
+ EVP_MD_free(ctx->fetched_digest);
ctx->fetched_digest = NULL;
ctx->digest = NULL;
ctx->reqdigest = NULL;
ctx->fetched_digest = NULL;
ctx->digest = NULL;
ctx->reqdigest = NULL;
|| (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) {
if (ctx->digest == ctx->fetched_digest)
ctx->digest = NULL;
|| (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) {
if (ctx->digest == ctx->fetched_digest)
ctx->digest = NULL;
- EVP_MD_meth_free(ctx->fetched_digest);
+ EVP_MD_free(ctx->fetched_digest);
ctx->fetched_digest = NULL;
goto legacy;
}
ctx->fetched_digest = NULL;
goto legacy;
}
return 0;
}
type = provmd;
return 0;
}
type = provmd;
- EVP_MD_meth_free(ctx->fetched_digest);
+ EVP_MD_free(ctx->fetched_digest);
ctx->fetched_digest = provmd;
#endif
}
ctx->fetched_digest = provmd;
#endif
}
EVP_MD_CTX_reset(out);
if (out->fetched_digest != NULL)
EVP_MD_CTX_reset(out);
if (out->fetched_digest != NULL)
- EVP_MD_meth_free(out->fetched_digest);
+ EVP_MD_free(out->fetched_digest);
*out = *in;
/* NULL out pointers in case of error */
out->pctx = NULL;
*out = *in;
/* NULL out pointers in case of error */
out->pctx = NULL;
+EVP_MD *evp_md_new(void)
+{
+ EVP_MD *md = OPENSSL_zalloc(sizeof(*md));
+
+ if (md != NULL) {
+ md->lock = CRYPTO_THREAD_lock_new();
+ if (md->lock == NULL) {
+ OPENSSL_free(md);
+ return NULL;
+ }
+ md->refcnt = 1;
+ }
+ return md;
+}
+
static void *evp_md_from_dispatch(const char *name, const OSSL_DISPATCH *fns,
OSSL_PROVIDER *prov, void *unused)
{
static void *evp_md_from_dispatch(const char *name, const OSSL_DISPATCH *fns,
OSSL_PROVIDER *prov, void *unused)
{
int fncnt = 0;
/* EVP_MD_fetch() will set the legacy NID if available */
int fncnt = 0;
/* EVP_MD_fetch() will set the legacy NID if available */
- if ((md = EVP_MD_meth_new(NID_undef, NID_undef)) == NULL
+ if ((md = evp_md_new()) == NULL
|| (md->name = OPENSSL_strdup(name)) == NULL) {
|| (md->name = OPENSSL_strdup(name)) == NULL) {
EVPerr(0, ERR_R_MALLOC_FAILURE);
return NULL;
}
EVPerr(0, ERR_R_MALLOC_FAILURE);
return NULL;
}
* The "digest" function can standalone. We at least need one way to
* generate digests.
*/
* The "digest" function can standalone. We at least need one way to
* generate digests.
*/
ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
return NULL;
}
ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
return NULL;
}
static void evp_md_free(void *md)
{
static void evp_md_free(void *md)
{
}
EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm,
}
EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm,
+int EVP_MD_up_ref(EVP_MD *md)
+{
+ int ref = 0;
+
+ CRYPTO_UP_REF(&md->refcnt, &ref, md->lock);
+ return 1;
+}
+
+void EVP_MD_free(EVP_MD *md)
+{
+ int i;
+
+ if (md == NULL)
+ return;
+
+ CRYPTO_DOWN_REF(&md->refcnt, &i, md->lock);
+ if (i > 0)
+ return;
+ ossl_provider_free(md->prov);
+ OPENSSL_free(md->name);
+ CRYPTO_THREAD_lock_free(md->lock);
+ OPENSSL_free(md);
+}
+
void EVP_MD_do_all_ex(OPENSSL_CTX *libctx,
void (*fn)(EVP_MD *mac, void *arg),
void *arg)
void EVP_MD_do_all_ex(OPENSSL_CTX *libctx,
void (*fn)(EVP_MD *mac, void *arg),
void *arg)
EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type)
{
EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type)
{
- EVP_MD *md = OPENSSL_zalloc(sizeof(*md));
+ EVP_MD *md = evp_md_new();
if (md != NULL) {
md->type = md_type;
md->pkey_type = pkey_type;
if (md != NULL) {
md->type = md_type;
md->pkey_type = pkey_type;
- md->lock = CRYPTO_THREAD_lock_new();
- if (md->lock == NULL) {
- OPENSSL_free(md);
- return NULL;
- }
- md->refcnt = 1;
}
return md;
}
EVP_MD *EVP_MD_meth_dup(const EVP_MD *md)
{
}
return md;
}
EVP_MD *EVP_MD_meth_dup(const EVP_MD *md)
{
- EVP_MD *to = EVP_MD_meth_new(md->type, md->pkey_type);
+ /*
+ * Non-legacy EVP_MDs can't be duplicated like this.
+ * Use EVP_MD_up_ref() instead.
+ */
+ if (md->prov != NULL)
+ return NULL;
+
+ if ((to = EVP_MD_meth_new(md->type, md->pkey_type)) != NULL) {
CRYPTO_RWLOCK *lock = to->lock;
CRYPTO_RWLOCK *lock = to->lock;
memcpy(to, md, sizeof(*to));
to->lock = lock;
}
return to;
}
memcpy(to, md, sizeof(*to));
to->lock = lock;
}
return to;
}
-int EVP_MD_up_ref(EVP_MD *md)
-{
- int ref = 0;
-
- CRYPTO_UP_REF(&md->refcnt, &ref, md->lock);
- return 1;
-}
-
void EVP_MD_meth_free(EVP_MD *md)
{
void EVP_MD_meth_free(EVP_MD *md)
{
- if (md != NULL) {
- int i;
-
- CRYPTO_DOWN_REF(&md->refcnt, &i, md->lock);
- if (i > 0)
- return;
- ossl_provider_free(md->prov);
- OPENSSL_free(md->name);
- CRYPTO_THREAD_lock_free(md->lock);
- OPENSSL_free(md);
- }
}
int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize)
{
}
int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize)
{
void *method_data,
void (*free_method)(void *));
void *method_data,
void (*free_method)(void *));
+/* Internal structure constructors for fetched methods */
+EVP_MD *evp_md_new(void);
+
/* Helper functions to avoid duplicating code */
/*
/* Helper functions to avoid duplicating code */
/*
static int drbg_hash_uninstantiate(RAND_DRBG *drbg)
{
static int drbg_hash_uninstantiate(RAND_DRBG *drbg)
{
- EVP_MD_meth_free(drbg->data.hash.md);
+ EVP_MD_free(drbg->data.hash.md);
EVP_MD_CTX_free(drbg->data.hash.ctx);
OPENSSL_cleanse(&drbg->data.hash, sizeof(drbg->data.hash));
return 1;
EVP_MD_CTX_free(drbg->data.hash.ctx);
OPENSSL_cleanse(&drbg->data.hash, sizeof(drbg->data.hash));
return 1;
if (hash->ctx == NULL) {
hash->ctx = EVP_MD_CTX_new();
if (hash->ctx == NULL) {
if (hash->ctx == NULL) {
hash->ctx = EVP_MD_CTX_new();
if (hash->ctx == NULL) {
- EVP_MD_meth_free(hash->md);
hash->md = md;
/* These are taken from SP 800-90 10.1 Table 2 */
hash->md = md;
/* These are taken from SP 800-90 10.1 Table 2 */
static int drbg_hmac_uninstantiate(RAND_DRBG *drbg)
{
static int drbg_hmac_uninstantiate(RAND_DRBG *drbg)
{
- EVP_MD_meth_free(drbg->data.hmac.md);
+ EVP_MD_free(drbg->data.hmac.md);
HMAC_CTX_free(drbg->data.hmac.ctx);
OPENSSL_cleanse(&drbg->data.hmac, sizeof(drbg->data.hmac));
return 1;
HMAC_CTX_free(drbg->data.hmac.ctx);
OPENSSL_cleanse(&drbg->data.hmac, sizeof(drbg->data.hmac));
return 1;
if (hmac->ctx == NULL) {
hmac->ctx = HMAC_CTX_new();
if (hmac->ctx == NULL) {
if (hmac->ctx == NULL) {
hmac->ctx = HMAC_CTX_new();
if (hmac->ctx == NULL) {
return 0;
}
}
/* These are taken from SP 800-90 10.1 Table 2 */
return 0;
}
}
/* These are taken from SP 800-90 10.1 Table 2 */
- EVP_MD_meth_free(hmac->md);
hmac->md = md;
hmac->blocklen = EVP_MD_size(md);
/* See SP800-57 Part1 Rev4 5.6.1 Table 3 */
hmac->md = md;
hmac->blocklen = EVP_MD_size(md);
/* See SP800-57 Part1 Rev4 5.6.1 Table 3 */
if (r != 0)
memcpy(buf, p, CRNGT_BUFSIZ);
rand_pool_reattach(pool, p);
if (r != 0)
memcpy(buf, p, CRNGT_BUFSIZ);
rand_pool_reattach(pool, p);
+EVP_MD_fetch, EVP_MD_up_ref, EVP_MD_free,
EVP_MD_get_params, EVP_MD_gettable_params,
EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy,
EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl,
EVP_MD_get_params, EVP_MD_gettable_params,
EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy,
EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl,
EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm,
const char *properties);
EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm,
const char *properties);
+ int EVP_MD_up_ref(EVP_MD *md);
+ void EVP_MD_free(EVP_MD *md);
int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[]);
const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest);
EVP_MD_CTX *EVP_MD_CTX_new(void);
int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[]);
const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest);
EVP_MD_CTX *EVP_MD_CTX_new(void);
=head1 DESCRIPTION
The EVP digest routines are a high level interface to message digests,
=head1 DESCRIPTION
The EVP digest routines are a high level interface to message digests,
-and should be used instead of the cipher-specific functions.
+and should be used instead of the digest-specific functions.
+
+The B<EVP_MD> type is a structure for digest method implementation.
provider offering it, within the criteria given by the B<properties>.
See L<provider(7)/Fetching algorithms> for further information.
provider offering it, within the criteria given by the B<properties>.
See L<provider(7)/Fetching algorithms> for further information.
-The returned value must eventually be freed with L<EVP_MD_meth_free(3)>.
+The returned value must eventually be freed with EVP_MD_free().
+
+Fetched B<EVP_MD> structures are reference counted.
+
+=item EVP_MD_up_ref()
+
+Increments the reference count for an B<EVP_MD> structure.
+
+=item EVP_MD_free()
+
+Decrements the reference count for the fetched B<EVP_MD> structure.
+If the reference count drops to 0 then the structure is freed.
Returns a pointer to a B<EVP_MD> for success or NULL for failure.
Returns a pointer to a B<EVP_MD> for success or NULL for failure.
+=item EVP_MD_up_ref()
+
+Returns 1 for success or 0 for failure.
+
=item EVP_DigestInit_ex(),
EVP_DigestUpdate(),
EVP_DigestFinal_ex()
=item EVP_DigestInit_ex(),
EVP_DigestUpdate(),
EVP_DigestFinal_ex()
The EVP_MD_CTX_set_pkey_ctx() function was added in 1.1.1.
The EVP_MD_CTX_set_pkey_ctx() function was added in 1.1.1.
-The EVP_MD_CTX_set_params() and EVP_MD_CTX_get_params() functions were
-added in 3.0.
+The EVP_MD_fetch(), EVP_MD_free(), EVP_MD_up_ref(), EVP_MD_CTX_set_params()
+and EVP_MD_CTX_get_params() functions were added in 3.0.
-EVP_MD_meth_dup,
-EVP_MD_meth_new, EVP_MD_meth_free, EVP_MD_meth_set_input_blocksize,
+EVP_MD_meth_new, EVP_MD_meth_dup, EVP_MD_meth_free,
+EVP_MD_meth_set_input_blocksize,
EVP_MD_meth_set_result_size, EVP_MD_meth_set_app_datasize,
EVP_MD_meth_set_flags, EVP_MD_meth_set_init, EVP_MD_meth_set_update,
EVP_MD_meth_set_final, EVP_MD_meth_set_copy, EVP_MD_meth_set_cleanup,
EVP_MD_meth_set_result_size, EVP_MD_meth_set_app_datasize,
EVP_MD_meth_set_flags, EVP_MD_meth_set_init, EVP_MD_meth_set_update,
EVP_MD_meth_set_final, EVP_MD_meth_set_copy, EVP_MD_meth_set_cleanup,
EVP_MD_meth_get_result_size, EVP_MD_meth_get_app_datasize,
EVP_MD_meth_get_flags, EVP_MD_meth_get_init, EVP_MD_meth_get_update,
EVP_MD_meth_get_final, EVP_MD_meth_get_copy, EVP_MD_meth_get_cleanup,
EVP_MD_meth_get_result_size, EVP_MD_meth_get_app_datasize,
EVP_MD_meth_get_flags, EVP_MD_meth_get_init, EVP_MD_meth_get_update,
EVP_MD_meth_get_final, EVP_MD_meth_get_copy, EVP_MD_meth_get_cleanup,
-EVP_MD_meth_get_ctrl, EVP_MD_up_ref
-- Routines to build up EVP_MD methods
+EVP_MD_meth_get_ctrl
+- Routines to build up legacy EVP_MD methods
int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
int p1, void *p2);
int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
int p1, void *p2);
- int EVP_MD_up_ref(EVP_MD *md);
-
=head1 DESCRIPTION
The B<EVP_MD> type is a structure for digest method implementation.
It can also have associated public/private key signing and verifying
routines.
=head1 DESCRIPTION
The B<EVP_MD> type is a structure for digest method implementation.
It can also have associated public/private key signing and verifying
routines.
-EVP_MD_meth_new() creates a new B<EVP_MD> structure. Note that B<EVP_MD>
-structures are reference counted.
+EVP_MD_meth_new() creates a new B<EVP_MD> structure.
+These B<EVP_MD> structures are reference counted.
EVP_MD_meth_dup() creates a copy of B<md>.
EVP_MD_meth_dup() creates a copy of B<md>.
to retrieve the method data given with the EVP_MD_meth_set_*()
functions above.
to retrieve the method data given with the EVP_MD_meth_set_*()
functions above.
-EVP_MD_up_ref() increments the reference count for an EVP_MD structure.
-
=head1 RETURN VALUES
EVP_MD_meth_new() and EVP_MD_meth_dup() return a pointer to a newly
=head1 RETURN VALUES
EVP_MD_meth_new() and EVP_MD_meth_dup() return a pointer to a newly
All other EVP_CIPHER_meth_get_*() functions return pointers to their
respective B<md> function.
All other EVP_CIPHER_meth_get_*() functions return pointers to their
respective B<md> function.
-EVP_MD_up_ref() returns 1 for success or 0 otherwise.
-
=head1 SEE ALSO
L<EVP_DigestInit(3)>, L<EVP_SignInit(3)>, L<EVP_VerifyInit(3)>
=head1 SEE ALSO
L<EVP_DigestInit(3)>, L<EVP_SignInit(3)>, L<EVP_VerifyInit(3)>
=head1 HISTORY
The B<EVP_MD> structure was openly available in OpenSSL before version
=head1 HISTORY
The B<EVP_MD> structure was openly available in OpenSSL before version
-1.1. EVP_MD_up_ref() was added in OpenSSL 3.0. All other functions described
-here were added in OpenSSL 1.1.
+1.1.
+The functions described here were added in OpenSSL 1.1.
+The B<EVP_MD> structure created with these functions became reference
+counted in OpenSSL 3.0.
# ifndef EVP_MD
EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type);
EVP_MD *EVP_MD_meth_dup(const EVP_MD *md);
# ifndef EVP_MD
EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type);
EVP_MD *EVP_MD_meth_dup(const EVP_MD *md);
-int EVP_MD_up_ref(EVP_MD *md);
void EVP_MD_meth_free(EVP_MD *md);
int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize);
void EVP_MD_meth_free(EVP_MD *md);
int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize);
__owur EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm,
const char *properties);
__owur EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm,
const char *properties);
+int EVP_MD_up_ref(EVP_MD *md);
+void EVP_MD_free(EVP_MD *md);
int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify);
int EVP_read_pw_string_min(char *buf, int minlen, int maxlen,
int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify);
int EVP_read_pw_string_min(char *buf, int minlen, int maxlen,
if (macctx != NULL) {
HMAC_CTX_free(macctx->ctx);
if (macctx != NULL) {
HMAC_CTX_free(macctx->ctx);
- EVP_MD_meth_free(macctx->alloc_md);
+ EVP_MD_free(macctx->alloc_md);
OPENSSL_free(macctx);
}
}
OPENSSL_free(macctx);
}
}
- EVP_MD_meth_free(macctx->alloc_md);
+ EVP_MD_free(macctx->alloc_md);
macctx->tmpmd = macctx->alloc_md =
EVP_MD_fetch(PROV_LIBRARY_CONTEXT_OF(macctx->provctx),
macctx->tmpmd = macctx->alloc_md =
EVP_MD_fetch(PROV_LIBRARY_CONTEXT_OF(macctx->provctx),
if (kctx != NULL) {
EVP_MD_CTX_free(kctx->ctx);
if (kctx != NULL) {
EVP_MD_CTX_free(kctx->ctx);
- EVP_MD_meth_free(kctx->alloc_md);
+ EVP_MD_free(kctx->alloc_md);
OPENSSL_cleanse(kctx->key, kctx->key_len);
OPENSSL_cleanse(kctx->custom, kctx->custom_len);
OPENSSL_free(kctx);
OPENSSL_cleanse(kctx->key, kctx->key_len);
OPENSSL_cleanse(kctx->custom, kctx->custom_len);
OPENSSL_free(kctx);
ret = kmac_new(provctx, fetched_md, md);
if (ret == NULL)
ret = kmac_new(provctx, fetched_md, md);
if (ret == NULL)
- EVP_MD_meth_free(fetched_md);
+ EVP_MD_free(fetched_md);
BN_CTX_free(bnctx);
EVP_MD_CTX_free(ctx);
BN_CTX_free(bnctx);
EVP_MD_CTX_free(ctx);
- EVP_MD_meth_free(sha256);
#ifndef OPENSSL_NO_EC
EC_KEY_free(key);
#ifndef OPENSSL_NO_EC
EC_KEY_free(key);
if (!TEST_true(EVP_MD_up_ref(md)))
goto err;
/* Ref count should now be 2. Release both */
if (!TEST_true(EVP_MD_up_ref(md)))
goto err;
/* Ref count should now be 2. Release both */
- EVP_MD_meth_free(md);
- EVP_MD_meth_free(md);
+ EVP_MD_free(md);
+ EVP_MD_free(md);
OSSL_PROVIDER_unload(defltprov);
OSSL_PROVIDER_unload(fipsprov);
/* Not normally needed, but we would like to test that
OSSL_PROVIDER_unload(defltprov);
OSSL_PROVIDER_unload(fipsprov);
/* Not normally needed, but we would like to test that
EVP_MAC_gettable_params 4842 3_0_0 EXIST::FUNCTION:
EVP_MAC_provider 4843 3_0_0 EXIST::FUNCTION:
EVP_MAC_do_all_ex 4844 3_0_0 EXIST::FUNCTION:
EVP_MAC_gettable_params 4842 3_0_0 EXIST::FUNCTION:
EVP_MAC_provider 4843 3_0_0 EXIST::FUNCTION:
EVP_MAC_do_all_ex 4844 3_0_0 EXIST::FUNCTION:
+EVP_MD_free 4845 3_0_0 EXIST::FUNCTION:
projects / openssl.git / commitdiff