Ignore NULL parameter in EVP_MD_CTX_destroy.

[openssl.git] / crypto / evp / digest.c

diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 11d73388d4b7b6d969065e626789f6c583bff86f..87317572fe621b4e6ae13207c572dff5cd3419af 100644 (file)
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -117,6 +117,10 @@
 #include <openssl/engine.h>
 #endif
 
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
        {
        memset(ctx,'\0',sizeof *ctx);
@@ -126,7 +130,8 @@ EVP_MD_CTX *EVP_MD_CTX_create(void)
        {
        EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
 
-       EVP_MD_CTX_init(ctx);
+       if (ctx)
+               EVP_MD_CTX_init(ctx);
 
        return ctx;
        }
@@ -140,6 +145,19 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
 int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
        {
        EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
+#ifdef OPENSSL_FIPS
+       /* If FIPS mode switch to approved implementation if possible */
+       if (FIPS_mode())
+               {
+               const EVP_MD *fipsmd;
+               if (type)
+                       {
+                       fipsmd = FIPS_get_digestbynid(EVP_MD_type(type));
+                       if (fipsmd)
+                               type = fipsmd;
+                       }
+               }
+#endif
 #ifndef OPENSSL_NO_ENGINE
        /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
         * so this context may already have an ENGINE! Try to avoid releasing
@@ -174,6 +192,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
                                {
                                /* Same comment from evp_enc.c */
                                EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);
+                               ENGINE_finish(impl);
                                return 0;
                                }
                        /* We'll use the ENGINE's private digest definition */
@@ -198,19 +217,51 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
                if (ctx->digest && ctx->digest->ctx_size)
                        OPENSSL_free(ctx->md_data);
                ctx->digest=type;
-               if (type->ctx_size)
+               if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size)
+                       {
+                       ctx->update = type->update;
                        ctx->md_data=OPENSSL_malloc(type->ctx_size);
+                       if (ctx->md_data == NULL)
+                               {
+                               EVPerr(EVP_F_EVP_DIGESTINIT_EX,
+                                                       ERR_R_MALLOC_FAILURE);
+                               return 0;
+                               }
+                       }
                }
 #ifndef OPENSSL_NO_ENGINE
 skip_to_init:
+#endif
+       if (ctx->pctx)
+               {
+               int r;
+               r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG,
+                                       EVP_PKEY_CTRL_DIGESTINIT, 0, ctx);
+               if (r <= 0 && (r != -2))
+                       return 0;
+               }
+       if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
+               return 1;
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode())
+               {
+               if (FIPS_digestinit(ctx, type))
+                       return 1;
+               OPENSSL_free(ctx->md_data);
+               ctx->md_data = NULL;
+               return 0;
+               }
 #endif
        return ctx->digest->init(ctx);
        }
 
-int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
-            size_t count)
+int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
        {
-       return ctx->digest->update(ctx,data,count);
+#ifdef OPENSSL_FIPS
+       return FIPS_digestupdate(ctx, data, count);
+#else
+       return ctx->update(ctx,data,count);
+#endif
        }
 
 /* The caller can assume that this removes any secret data from the context */
@@ -225,6 +276,9 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 /* The caller can assume that this removes any secret data from the context */
 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
        {
+#ifdef OPENSSL_FIPS
+       return FIPS_digestfinal(ctx, md, size);
+#else
        int ret;
 
        OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
@@ -238,6 +292,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
                }
        memset(ctx->md_data,0,ctx->digest->ctx_size);
        return ret;
+#endif
        }
 
 int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
@@ -272,13 +327,24 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
        EVP_MD_CTX_cleanup(out);
        memcpy(out,in,sizeof *out);
 
-       if (out->digest->ctx_size)
+       if (in->md_data && out->digest->ctx_size)
                {
-               if (tmp_buf) out->md_data = tmp_buf;
-               else out->md_data=OPENSSL_malloc(out->digest->ctx_size);
+               if (tmp_buf)
+                       out->md_data = tmp_buf;
+               else
+                       {
+                       out->md_data=OPENSSL_malloc(out->digest->ctx_size);
+                       if (!out->md_data)
+                               {
+                               EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_MALLOC_FAILURE);
+                               return 0;
+                               }
+                       }
                memcpy(out->md_data,in->md_data,out->digest->ctx_size);
                }
 
+       out->update = in->update;
+
        if (in->pctx)
                {
                out->pctx = EVP_PKEY_CTX_dup(in->pctx);
@@ -313,13 +379,17 @@ int EVP_Digest(const void *data, size_t count,
 
 void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
        {
-       EVP_MD_CTX_cleanup(ctx);
-       OPENSSL_free(ctx);
+       if (ctx)
+               {
+               EVP_MD_CTX_cleanup(ctx);
+               OPENSSL_free(ctx);
+               }
        }
 
 /* This call frees resources associated with the context */
 int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
        {
+#ifndef OPENSSL_FIPS
        /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
         * because sometimes only copies of the context are ever finalised.
         */
@@ -332,11 +402,17 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
                OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
                OPENSSL_free(ctx->md_data);
                }
+#endif
+       if (ctx->pctx)
+               EVP_PKEY_CTX_free(ctx->pctx);
 #ifndef OPENSSL_NO_ENGINE
        if(ctx->engine)
                /* The EVP_MD we used belongs to an ENGINE, release the
                 * functional reference we held for this reason. */
                ENGINE_finish(ctx->engine);
+#endif
+#ifdef OPENSSL_FIPS
+       FIPS_md_ctx_cleanup(ctx);
 #endif
        memset(ctx,'\0',sizeof *ctx);