X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fevp%2Fdigest.c;h=467e6b5ae9cf930775fd8e21c192294a5f2cfab7;hp=256efd6e9ddda7ca1f6548ea1121f439b50ca4e6;hb=c7373c3dee87f3bebb67b4bff03c30356fafd09d;hpb=b7683e3a5d93aa5319263b7bbfd0fee18f25955e

diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 256efd6e9d..467e6b5ae9 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -117,6 +117,10 @@
 #include <openssl/engine.h>
 #endif
 
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
 	{
 	memset(ctx,'\0',sizeof *ctx);
@@ -126,7 +130,8 @@ EVP_MD_CTX *EVP_MD_CTX_create(void)
 	{
 	EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
 
-	EVP_MD_CTX_init(ctx);
+	if (ctx)
+		EVP_MD_CTX_init(ctx);
 
 	return ctx;
 	}
@@ -174,6 +179,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
 				{
 				/* Same comment from evp_enc.c */
 				EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);
+				ENGINE_finish(impl);
 				return 0;
 				}
 			/* We'll use the ENGINE's private digest definition */
@@ -198,19 +204,51 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
 		if (ctx->digest && ctx->digest->ctx_size)
 			OPENSSL_free(ctx->md_data);
 		ctx->digest=type;
-		if (type->ctx_size)
+		if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size)
+			{
+			ctx->update = type->update;
 			ctx->md_data=OPENSSL_malloc(type->ctx_size);
+			if (ctx->md_data == NULL)
+				{
+				EVPerr(EVP_F_EVP_DIGESTINIT_EX,
+							ERR_R_MALLOC_FAILURE);
+				return 0;
+				}
+			}
 		}
 #ifndef OPENSSL_NO_ENGINE
 skip_to_init:
+#endif
+	if (ctx->pctx)
+		{
+		int r;
+		r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG,
+					EVP_PKEY_CTRL_DIGESTINIT, 0, ctx);
+		if (r <= 0 && (r != -2))
+			return 0;
+		}
+	if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
+		return 1;
+#ifdef OPENSSL_FIPS
+	if (FIPS_mode())
+		{
+		if (FIPS_digestinit(ctx, type))
+			return 1;
+		OPENSSL_free(ctx->md_data);
+		ctx->md_data = NULL;
+		return 0;
+		}
 #endif
 	return ctx->digest->init(ctx);
 	}
 
-int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
-	     size_t count)
+int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
 	{
-	return ctx->digest->update(ctx,data,count);
+#ifdef OPENSSL_FIPS
+	return FIPS_digestupdate(ctx, data, count);
+#else
+	return ctx->update(ctx,data,count);
+#endif
 	}
 
 /* The caller can assume that this removes any secret data from the context */
@@ -225,8 +263,10 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 /* The caller can assume that this removes any secret data from the context */
 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 	{
+#ifdef OPENSSL_FIPS
+	return FIPS_digestfinal(ctx, md, size);
+#else
 	int ret;
-
 	OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
 	ret=ctx->digest->final(ctx,md);
 	if (size != NULL)
@@ -238,6 +278,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 		}
 	memset(ctx->md_data,0,ctx->digest->ctx_size);
 	return ret;
+#endif
 	}
 
 int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
@@ -272,13 +313,24 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
 	EVP_MD_CTX_cleanup(out);
 	memcpy(out,in,sizeof *out);
 
-	if (out->digest->ctx_size)
+	if (in->md_data && out->digest->ctx_size)
 		{
-		if (tmp_buf) out->md_data = tmp_buf;
-		else out->md_data=OPENSSL_malloc(out->digest->ctx_size);
+		if (tmp_buf)
+			out->md_data = tmp_buf;
+		else
+			{
+			out->md_data=OPENSSL_malloc(out->digest->ctx_size);
+			if (!out->md_data)
+				{
+				EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_MALLOC_FAILURE);
+				return 0;
+				}
+			}
 		memcpy(out->md_data,in->md_data,out->digest->ctx_size);
 		}
 
+	out->update = in->update;
+
 	if (in->pctx)
 		{
 		out->pctx = EVP_PKEY_CTX_dup(in->pctx);
@@ -320,6 +372,7 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
 /* This call frees resources associated with the context */
 int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
 	{
+#ifndef OPENSSL_FIPS
 	/* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
 	 * because sometimes only copies of the context are ever finalised.
 	 */
@@ -332,6 +385,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
 		OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
 		OPENSSL_free(ctx->md_data);
 		}
+#endif
 	if (ctx->pctx)
 		EVP_PKEY_CTX_free(ctx->pctx);
 #ifndef OPENSSL_NO_ENGINE
@@ -339,6 +393,9 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
 		/* The EVP_MD we used belongs to an ENGINE, release the
 		 * functional reference we held for this reason. */
 		ENGINE_finish(ctx->engine);
+#endif
+#ifdef OPENSSL_FIPS
+	FIPS_md_ctx_cleanup(ctx);
 #endif
 	memset(ctx,'\0',sizeof *ctx);