+ if (in == NULL || in->digest == NULL) {
+ EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_INPUT_NOT_INITIALIZED);
+ return 0;
+ }
+
+ if (in->digest->prov == NULL)
+ goto legacy;
+
+ if (in->digest->dupctx == NULL) {
+ EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_NOT_ABLE_TO_COPY_CTX);
+ return 0;
+ }
+
+ EVP_MD_CTX_reset(out);
+ if (out->fetched_digest != NULL)
+ EVP_MD_free(out->fetched_digest);
+ *out = *in;
+ /* NULL out pointers in case of error */
+ out->pctx = NULL;
+ out->provctx = NULL;
+
+ if (in->fetched_digest != NULL)
+ EVP_MD_up_ref(in->fetched_digest);
+
+ out->provctx = in->digest->dupctx(in->provctx);
+ if (out->provctx == NULL) {
+ EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_NOT_ABLE_TO_COPY_CTX);
+ return 0;
+ }
+
+ /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */
+ EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
+#ifndef FIPS_MODE
+ /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */
+ if (in->pctx != NULL) {
+ out->pctx = EVP_PKEY_CTX_dup(in->pctx);
+ if (out->pctx == NULL) {
+ EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_NOT_ABLE_TO_COPY_CTX);
+ EVP_MD_CTX_reset(out);
+ return 0;
+ }
+ }
+#endif
+
+ return 1;
+
+ /* TODO(3.0): Remove legacy code below */
+ legacy:
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+ /* Make sure it's safe to copy a digest context using an ENGINE */
+ if (in->engine && !ENGINE_init(in->engine)) {
+ EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_ENGINE_LIB);
+ return 0;
+ }
+#endif
+
+ if (out->digest == in->digest) {
+ tmp_buf = out->md_data;
+ EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE);
+ } else
+ tmp_buf = NULL;
+ EVP_MD_CTX_reset(out);
+ memcpy(out, in, sizeof(*out));
+
+ /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */
+ EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
+
+ /* Null these variables, since they are getting fixed up
+ * properly below. Anything else may cause a memleak and/or
+ * double free if any of the memory allocations below fail
+ */
+ out->md_data = NULL;
+ out->pctx = NULL;
+
+ if (in->md_data && out->digest->ctx_size) {
+ if (tmp_buf)
+ out->md_data = tmp_buf;
+ else {
+ out->md_data = OPENSSL_malloc(out->digest->ctx_size);
+ if (out->md_data == NULL) {
+ EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ }
+ memcpy(out->md_data, in->md_data, out->digest->ctx_size);
+ }
+
+ out->update = in->update;
+
+#ifndef FIPS_MODE
+ /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */
+ if (in->pctx) {
+ out->pctx = EVP_PKEY_CTX_dup(in->pctx);
+ if (!out->pctx) {
+ EVP_MD_CTX_reset(out);
+ return 0;
+ }
+ }
+#endif
+
+ if (out->digest->copy)
+ return out->digest->copy(out, in);
+
+ return 1;
+}
+
+int EVP_Digest(const void *data, size_t count,
+ unsigned char *md, unsigned int *size, const EVP_MD *type,
+ ENGINE *impl)
+{
+ EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+ int ret;
+
+ if (ctx == NULL)
+ return 0;
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT);
+ ret = EVP_DigestInit_ex(ctx, type, impl)
+ && EVP_DigestUpdate(ctx, data, count)
+ && EVP_DigestFinal_ex(ctx, md, size);
+ EVP_MD_CTX_free(ctx);
+
+ return ret;
+}
+
+int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[])
+{
+ if (digest != NULL && digest->get_params != NULL)
+ return digest->get_params(params);
+ return 0;
+}
+
+const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest)
+{
+ if (digest != NULL && digest->gettable_params != NULL)
+ return digest->gettable_params();
+ return NULL;
+}
+
+int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[])
+{
+ EVP_PKEY_CTX *pctx = ctx->pctx;
+
+ if (ctx->digest != NULL && ctx->digest->set_ctx_params != NULL)
+ return ctx->digest->set_ctx_params(ctx->provctx, params);
+
+ if (pctx != NULL
+ && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
+ || pctx->operation == EVP_PKEY_OP_SIGNCTX)
+ && pctx->op.sig.sigprovctx != NULL
+ && pctx->op.sig.signature->set_ctx_md_params != NULL)
+ return pctx->op.sig.signature->set_ctx_md_params(pctx->op.sig.sigprovctx,
+ params);
+ return 0;
+}
+
+const OSSL_PARAM *EVP_MD_settable_ctx_params(const EVP_MD *md)
+{
+ if (md != NULL && md->settable_ctx_params != NULL)
+ return md->settable_ctx_params();
+ return NULL;
+}
+
+const OSSL_PARAM *EVP_MD_CTX_settable_params(EVP_MD_CTX *ctx)
+{
+ EVP_PKEY_CTX *pctx;
+
+ if (ctx != NULL
+ && ctx->digest != NULL
+ && ctx->digest->settable_ctx_params != NULL)
+ return ctx->digest->settable_ctx_params();
+
+ pctx = ctx->pctx;
+ if (pctx != NULL
+ && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
+ || pctx->operation == EVP_PKEY_OP_SIGNCTX)
+ && pctx->op.sig.sigprovctx != NULL
+ && pctx->op.sig.signature->settable_ctx_md_params != NULL)
+ return pctx->op.sig.signature->settable_ctx_md_params(
+ pctx->op.sig.sigprovctx);
+
+ return NULL;
+}
+
+int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[])
+{
+ EVP_PKEY_CTX *pctx = ctx->pctx;
+
+ if (ctx->digest != NULL && ctx->digest->get_params != NULL)
+ return ctx->digest->get_ctx_params(ctx->provctx, params);
+
+ if (pctx != NULL
+ && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
+ || pctx->operation == EVP_PKEY_OP_SIGNCTX)
+ && pctx->op.sig.sigprovctx != NULL
+ && pctx->op.sig.signature->get_ctx_md_params != NULL)
+ return pctx->op.sig.signature->get_ctx_md_params(pctx->op.sig.sigprovctx,
+ params);
+
+ return 0;
+}
+
+const OSSL_PARAM *EVP_MD_gettable_ctx_params(const EVP_MD *md)
+{
+ if (md != NULL && md->gettable_ctx_params != NULL)
+ return md->gettable_ctx_params();
+ return NULL;
+}
+
+const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx)
+{
+ EVP_PKEY_CTX *pctx;
+
+ if (ctx != NULL
+ && ctx->digest != NULL
+ && ctx->digest->gettable_ctx_params != NULL)
+ return ctx->digest->gettable_ctx_params();
+
+ pctx = ctx->pctx;
+ if (pctx != NULL
+ && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
+ || pctx->operation == EVP_PKEY_OP_SIGNCTX)
+ && pctx->op.sig.sigprovctx != NULL
+ && pctx->op.sig.signature->gettable_ctx_md_params != NULL)
+ return pctx->op.sig.signature->gettable_ctx_md_params(
+ pctx->op.sig.sigprovctx);
+
+ return NULL;
+}
+
+/* TODO(3.0): Remove legacy code below - only used by engines & DigestSign */
+int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
+{
+ int ret = EVP_CTRL_RET_UNSUPPORTED;
+ int set_params = 1;
+ size_t sz;
+ OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+
+ if (ctx == NULL || ctx->digest == NULL) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_MESSAGE_DIGEST_IS_NULL);
+ return 0;
+ }
+
+ if (ctx->digest->prov == NULL
+ && (ctx->pctx == NULL
+ || (ctx->pctx->operation != EVP_PKEY_OP_VERIFYCTX
+ && ctx->pctx->operation != EVP_PKEY_OP_SIGNCTX)))
+ goto legacy;
+
+ switch (cmd) {
+ case EVP_MD_CTRL_XOF_LEN:
+ sz = (size_t)p1;
+ params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, &sz);
+ break;
+ case EVP_MD_CTRL_MICALG:
+ set_params = 0;
+ params[0] = OSSL_PARAM_construct_utf8_string(OSSL_DIGEST_PARAM_MICALG,
+ p2, p1 ? p1 : 9999);
+ break;
+ default:
+ return EVP_CTRL_RET_UNSUPPORTED;
+ }
+
+ if (set_params)
+ ret = EVP_MD_CTX_set_params(ctx, params);
+ else
+ ret = EVP_MD_CTX_get_params(ctx, params);
+ goto conclude;
+
+
+/* TODO(3.0): Remove legacy code below */
+ legacy:
+ if (ctx->digest->md_ctrl == NULL) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_NOT_IMPLEMENTED);
+ return 0;
+ }
+
+ ret = ctx->digest->md_ctrl(ctx, cmd, p1, p2);
+ conclude:
+ if (ret <= 0)
+ return 0;
+ return ret;
+}
+
+EVP_MD *evp_md_new(void)
+{
+ EVP_MD *md = OPENSSL_zalloc(sizeof(*md));
+
+ if (md != NULL) {
+ md->lock = CRYPTO_THREAD_lock_new();
+ if (md->lock == NULL) {
+ OPENSSL_free(md);
+ return NULL;
+ }
+ md->refcnt = 1;
+ }
+ return md;
+}
+
+/*
+ * FIPS module note: since internal fetches will be entirely
+ * provider based, we know that none of its code depends on legacy
+ * NIDs or any functionality that use them.
+ */
+#ifndef FIPS_MODE
+/* TODO(3.x) get rid of the need for legacy NIDs */
+static void set_legacy_nid(const char *name, void *vlegacy_nid)
+{
+ int nid;
+ int *legacy_nid = vlegacy_nid;
+
+ if (*legacy_nid == -1) /* We found a clash already */
+ return;
+ if ((nid = OBJ_sn2nid(name)) == NID_undef
+ && (nid = OBJ_ln2nid(name)) == NID_undef)
+ return;
+ if (*legacy_nid != NID_undef && *legacy_nid != nid) {
+ *legacy_nid = -1;
+ return;
+ }
+ *legacy_nid = nid;
+}
+#endif
+
+static void *evp_md_from_dispatch(int name_id,
+ const OSSL_DISPATCH *fns,
+ OSSL_PROVIDER *prov, void *unused)
+{
+ EVP_MD *md = NULL;
+ int fncnt = 0;
+
+ /* EVP_MD_fetch() will set the legacy NID if available */
+ if ((md = evp_md_new()) == NULL) {
+ EVPerr(0, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+#ifndef FIPS_MODE
+ /* TODO(3.x) get rid of the need for legacy NIDs */
+ md->type = NID_undef;
+ evp_doall_names(prov, name_id, set_legacy_nid, &md->type);
+ if (md->type == -1) {
+ ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
+ EVP_MD_free(md);
+ return NULL;
+ }
+#endif
+
+ md->name_id = name_id;
+
+ for (; fns->function_id != 0; fns++) {
+ switch (fns->function_id) {
+ case OSSL_FUNC_DIGEST_NEWCTX:
+ if (md->newctx == NULL) {
+ md->newctx = OSSL_get_OP_digest_newctx(fns);
+ fncnt++;
+ }
+ break;
+ case OSSL_FUNC_DIGEST_INIT:
+ if (md->dinit == NULL) {
+ md->dinit = OSSL_get_OP_digest_init(fns);
+ fncnt++;
+ }
+ break;
+ case OSSL_FUNC_DIGEST_UPDATE:
+ if (md->dupdate == NULL) {
+ md->dupdate = OSSL_get_OP_digest_update(fns);
+ fncnt++;
+ }
+ break;
+ case OSSL_FUNC_DIGEST_FINAL:
+ if (md->dfinal == NULL) {
+ md->dfinal = OSSL_get_OP_digest_final(fns);
+ fncnt++;
+ }
+ break;
+ case OSSL_FUNC_DIGEST_DIGEST:
+ if (md->digest == NULL)
+ md->digest = OSSL_get_OP_digest_digest(fns);
+ /* We don't increment fnct for this as it is stand alone */
+ break;
+ case OSSL_FUNC_DIGEST_FREECTX:
+ if (md->freectx == NULL) {
+ md->freectx = OSSL_get_OP_digest_freectx(fns);
+ fncnt++;
+ }
+ break;
+ case OSSL_FUNC_DIGEST_DUPCTX:
+ if (md->dupctx == NULL)
+ md->dupctx = OSSL_get_OP_digest_dupctx(fns);
+ break;
+ case OSSL_FUNC_DIGEST_GET_PARAMS:
+ if (md->get_params == NULL)
+ md->get_params = OSSL_get_OP_digest_get_params(fns);
+ break;
+ case OSSL_FUNC_DIGEST_SET_CTX_PARAMS:
+ if (md->set_ctx_params == NULL)
+ md->set_ctx_params = OSSL_get_OP_digest_set_ctx_params(fns);
+ break;
+ case OSSL_FUNC_DIGEST_GET_CTX_PARAMS:
+ if (md->get_ctx_params == NULL)
+ md->get_ctx_params = OSSL_get_OP_digest_get_ctx_params(fns);
+ break;
+ case OSSL_FUNC_DIGEST_GETTABLE_PARAMS:
+ if (md->gettable_params == NULL)
+ md->gettable_params = OSSL_get_OP_digest_gettable_params(fns);
+ break;
+ case OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS:
+ if (md->settable_ctx_params == NULL)
+ md->settable_ctx_params =
+ OSSL_get_OP_digest_settable_ctx_params(fns);
+ break;
+ case OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS:
+ if (md->gettable_ctx_params == NULL)
+ md->gettable_ctx_params =
+ OSSL_get_OP_digest_gettable_ctx_params(fns);
+ break;
+ }
+ }
+ if ((fncnt != 0 && fncnt != 5)
+ || (fncnt == 0 && md->digest == NULL)) {
+ /*
+ * In order to be a consistent set of functions we either need the
+ * whole set of init/update/final etc functions or none of them.
+ * The "digest" function can standalone. We at least need one way to
+ * generate digests.
+ */
+ EVP_MD_free(md);
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
+ return NULL;
+ }
+ md->prov = prov;
+ if (prov != NULL)
+ ossl_provider_up_ref(prov);
+
+ return md;
+}
+
+static int evp_md_up_ref(void *md)
+{
+ return EVP_MD_up_ref(md);
+}
+
+static void evp_md_free(void *md)
+{
+ EVP_MD_free(md);
+}
+
+EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm,
+ const char *properties)
+{
+ EVP_MD *md =
+ evp_generic_fetch(ctx, OSSL_OP_DIGEST, algorithm, properties,
+ evp_md_from_dispatch, NULL, evp_md_up_ref,
+ evp_md_free);
+
+ return md;
+}
+
+int EVP_MD_up_ref(EVP_MD *md)
+{
+ int ref = 0;
+
+ CRYPTO_UP_REF(&md->refcnt, &ref, md->lock);
+ return 1;
+}
+
+void EVP_MD_free(EVP_MD *md)
+{
+ int i;
+
+ if (md == NULL)
+ return;
+
+ CRYPTO_DOWN_REF(&md->refcnt, &i, md->lock);
+ if (i > 0)
+ return;
+ ossl_provider_free(md->prov);
+ CRYPTO_THREAD_lock_free(md->lock);
+ OPENSSL_free(md);
+}
+
+void EVP_MD_do_all_ex(OPENSSL_CTX *libctx,
+ void (*fn)(EVP_MD *mac, void *arg),
+ void *arg)
+{
+ evp_generic_do_all(libctx, OSSL_OP_DIGEST,
+ (void (*)(void *, void *))fn, arg,
+ evp_md_from_dispatch, NULL, evp_md_free);
+}