openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

New function EVP_MD_free() 

This function re-implements EVP_MD_meth_free(), but has a name that
isn't encumbered by legacy EVP_MD construction functionality.

We also refactor most of EVP_MD_meth_new() into an internal
evp_md_new() that's used when creating fetched methods.

EVP_MD_meth_new() and EVP_MD_meth_free() are rewritten in terms of
evp_md_new() and EVP_MD_free().  This means that at any time, we can
deprecate all the EVP_MD_meth_ functions with no harmful consequence.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9758)
This commit is contained in:
Richard Levitte 2019-09-03 17:47:13 +02:00
parent 8648a50a27
commit 3fd7026276
17 changed files with 121 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/list.c
View File

@ -143,7 +143,7 @@ static void list_digests(void)
EVP_MD_CTX_settable_params(m), 4);
}
}
sk_EVP_MD_pop_free(digests, EVP_MD_meth_free);
sk_EVP_MD_pop_free(digests, EVP_MD_free);
}
DEFINE_STACK_OF(EVP_MAC)

2
crypto/bn/bn_rand.c
View File

@ -310,7 +310,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
err:
EVP_MD_CTX_free(mdctx);
EVP_MD_meth_free(md);
EVP_MD_free(md);
OPENSSL_free(k_bytes);
OPENSSL_cleanse(private_bytes, sizeof(private_bytes));
return ret;

6
crypto/ec/curve448/eddsa.c
View File

@ -41,7 +41,7 @@ static c448_error_t oneshot_hash(OPENSSL_CTX *ctx, uint8_t *out, size_t outlen,
ret = C448_SUCCESS;
err:
EVP_MD_CTX_free(hashctx);
EVP_MD_meth_free(shake256);
EVP_MD_free(shake256);
return ret;
}
@ -77,11 +77,11 @@ static c448_error_t hash_init_with_dom(OPENSSL_CTX *ctx, EVP_MD_CTX *hashctx,
|| !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s))
|| !EVP_DigestUpdate(hashctx, dom, sizeof(dom))
|| !EVP_DigestUpdate(hashctx, context, context_len)) {
EVP_MD_meth_free(shake256);
EVP_MD_free(shake256);
return C448_FAILURE;
}
EVP_MD_meth_free(shake256);
EVP_MD_free(shake256);
return C448_SUCCESS;
}

55
crypto/evp/digest.c
View File

@ -86,7 +86,7 @@ void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
EVP_MD_CTX_reset(ctx);
EVP_MD_meth_free(ctx->fetched_digest);
EVP_MD_free(ctx->fetched_digest);
ctx->fetched_digest = NULL;
ctx->digest = NULL;
ctx->reqdigest = NULL;
@ -156,7 +156,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
|| (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) {
if (ctx->digest == ctx->fetched_digest)
ctx->digest = NULL;
EVP_MD_meth_free(ctx->fetched_digest);
EVP_MD_free(ctx->fetched_digest);
ctx->fetched_digest = NULL;
goto legacy;
}
@ -181,7 +181,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
return 0;
}
type = provmd;
EVP_MD_meth_free(ctx->fetched_digest);
EVP_MD_free(ctx->fetched_digest);
ctx->fetched_digest = provmd;
#endif
}
@ -415,7 +415,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
EVP_MD_CTX_reset(out);
if (out->fetched_digest != NULL)
EVP_MD_meth_free(out->fetched_digest);
EVP_MD_free(out->fetched_digest);
*out = *in;
/* NULL out pointers in case of error */
out->pctx = NULL;
@ -616,6 +616,21 @@ int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
return ret;
}
EVP_MD *evp_md_new(void)
{
EVP_MD *md = OPENSSL_zalloc(sizeof(*md));
if (md != NULL) {
md->lock = CRYPTO_THREAD_lock_new();
if (md->lock == NULL) {
OPENSSL_free(md);
return NULL;
}
md->refcnt = 1;
}
return md;
}
static void *evp_md_from_dispatch(const char *name, const OSSL_DISPATCH *fns,
OSSL_PROVIDER *prov, void *unused)
{
@ -623,9 +638,9 @@ static void *evp_md_from_dispatch(const char *name, const OSSL_DISPATCH *fns,
int fncnt = 0;
/* EVP_MD_fetch() will set the legacy NID if available */
if ((md = EVP_MD_meth_new(NID_undef, NID_undef)) == NULL
if ((md = evp_md_new()) == NULL
|| (md->name = OPENSSL_strdup(name)) == NULL) {
EVP_MD_meth_free(md);
EVP_MD_free(md);
EVPerr(0, ERR_R_MALLOC_FAILURE);
return NULL;
}
@ -718,7 +733,7 @@ static void *evp_md_from_dispatch(const char *name, const OSSL_DISPATCH *fns,
* The "digest" function can standalone. We at least need one way to
* generate digests.
*/
EVP_MD_meth_free(md);
EVP_MD_free(md);
ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
return NULL;
}
@ -736,7 +751,7 @@ static int evp_md_up_ref(void *md)
static void evp_md_free(void *md)
{
EVP_MD_meth_free(md);
EVP_MD_free(md);
}
EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm,
@ -750,6 +765,30 @@ EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm,
return md;
}
int EVP_MD_up_ref(EVP_MD *md)
{
int ref = 0;
CRYPTO_UP_REF(&md->refcnt, &ref, md->lock);
return 1;
}
void EVP_MD_free(EVP_MD *md)
{
int i;
if (md == NULL)
return;
CRYPTO_DOWN_REF(&md->refcnt, &i, md->lock);
if (i > 0)
return;
ossl_provider_free(md->prov);
OPENSSL_free(md->name);
CRYPTO_THREAD_lock_free(md->lock);
OPENSSL_free(md);
}
void EVP_MD_do_all_ex(OPENSSL_CTX *libctx,
void (*fn)(EVP_MD *mac, void *arg),
void *arg)

40
crypto/evp/evp_lib.c
View File

@ -529,54 +529,38 @@ unsigned long EVP_MD_flags(const EVP_MD *md)
EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type)
{
EVP_MD *md = OPENSSL_zalloc(sizeof(*md));
EVP_MD *md = evp_md_new();
if (md != NULL) {
md->type = md_type;
md->pkey_type = pkey_type;
md->lock = CRYPTO_THREAD_lock_new();
if (md->lock == NULL) {
OPENSSL_free(md);
return NULL;
}
md->refcnt = 1;
}
return md;
}
EVP_MD *EVP_MD_meth_dup(const EVP_MD *md)
{
EVP_MD *to = EVP_MD_meth_new(md->type, md->pkey_type);
EVP_MD *to = NULL;
if (to != NULL) {
/*
* Non-legacy EVP_MDs can't be duplicated like this.
* Use EVP_MD_up_ref() instead.
*/
if (md->prov != NULL)
return NULL;
if ((to = EVP_MD_meth_new(md->type, md->pkey_type)) != NULL) {
CRYPTO_RWLOCK *lock = to->lock;
memcpy(to, md, sizeof(*to));
to->lock = lock;
}
return to;
}
int EVP_MD_up_ref(EVP_MD *md)
{
int ref = 0;
CRYPTO_UP_REF(&md->refcnt, &ref, md->lock);
return 1;
}
void EVP_MD_meth_free(EVP_MD *md)
{
if (md != NULL) {
int i;
CRYPTO_DOWN_REF(&md->refcnt, &i, md->lock);
if (i > 0)
return;
ossl_provider_free(md->prov);
OPENSSL_free(md->name);
CRYPTO_THREAD_lock_free(md->lock);
OPENSSL_free(md);
}
EVP_MD_free(md);
}
int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize)
{

3
crypto/evp/evp_locl.h
View File

@ -156,6 +156,9 @@ void evp_generic_do_all(OPENSSL_CTX *libctx, int operation_id,
void *method_data,
void (*free_method)(void *));
/* Internal structure constructors for fetched methods */
EVP_MD *evp_md_new(void);
/* Helper functions to avoid duplicating code */
/*

6
crypto/rand/drbg_hash.c
View File

@ -290,7 +290,7 @@ static int drbg_hash_generate(RAND_DRBG *drbg,
static int drbg_hash_uninstantiate(RAND_DRBG *drbg)
{
EVP_MD_meth_free(drbg->data.hash.md);
EVP_MD_free(drbg->data.hash.md);
EVP_MD_CTX_free(drbg->data.hash.ctx);
OPENSSL_cleanse(&drbg->data.hash, sizeof(drbg->data.hash));
return 1;
@ -346,12 +346,12 @@ int drbg_hash_init(RAND_DRBG *drbg)
if (hash->ctx == NULL) {
hash->ctx = EVP_MD_CTX_new();
if (hash->ctx == NULL) {
EVP_MD_meth_free(md);
EVP_MD_free(md);
return 0;
}
}
EVP_MD_meth_free(hash->md);
EVP_MD_free(hash->md);
hash->md = md;
/* These are taken from SP 800-90 10.1 Table 2 */

6
crypto/rand/drbg_hmac.c
View File

@ -184,7 +184,7 @@ static int drbg_hmac_generate(RAND_DRBG *drbg,
static int drbg_hmac_uninstantiate(RAND_DRBG *drbg)
{
EVP_MD_meth_free(drbg->data.hmac.md);
EVP_MD_free(drbg->data.hmac.md);
HMAC_CTX_free(drbg->data.hmac.ctx);
OPENSSL_cleanse(&drbg->data.hmac, sizeof(drbg->data.hmac));
return 1;
@ -239,13 +239,13 @@ int drbg_hmac_init(RAND_DRBG *drbg)
if (hmac->ctx == NULL) {
hmac->ctx = HMAC_CTX_new();
if (hmac->ctx == NULL) {
EVP_MD_meth_free(md);
EVP_MD_free(md);
return 0;
}
}
/* These are taken from SP 800-90 10.1 Table 2 */
EVP_MD_meth_free(hmac->md);
EVP_MD_free(hmac->md);
hmac->md = md;
hmac->blocklen = EVP_MD_size(md);
/* See SP800-57 Part1 Rev4 5.6.1 Table 3 */

2
crypto/rand/rand_crng_test.c
View File

@ -87,7 +87,7 @@ int rand_crngt_get_entropy_cb(OPENSSL_CTX *ctx,
if (r != 0)
memcpy(buf, p, CRNGT_BUFSIZ);
rand_pool_reattach(pool, p);
EVP_MD_meth_free(fmd);
EVP_MD_free(fmd);
return r;
}
return 0;

29
doc/man3/EVP_DigestInit.pod
View File

@ -2,7 +2,7 @@
=head1 NAME
EVP_MD_fetch,
EVP_MD_fetch, EVP_MD_up_ref, EVP_MD_free,
EVP_MD_get_params, EVP_MD_gettable_params,
EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy,
EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl,
@ -28,6 +28,8 @@ EVP_MD_do_all_ex
EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm,
const char *properties);
int EVP_MD_up_ref(EVP_MD *md);
void EVP_MD_free(EVP_MD *md);
int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[]);
const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest);
EVP_MD_CTX *EVP_MD_CTX_new(void);
@ -92,7 +94,9 @@ EVP_MD_do_all_ex
=head1 DESCRIPTION
The EVP digest routines are a high level interface to message digests,
and should be used instead of the cipher-specific functions.
and should be used instead of the digest-specific functions.
The B<EVP_MD> type is a structure for digest method implementation.
=over 4
@ -102,7 +106,18 @@ Fetches the digest implementation for the given B<algorithm> from any
provider offering it, within the criteria given by the B<properties>.
See L<provider(7)/Fetching algorithms> for further information.
The returned value must eventually be freed with L<EVP_MD_meth_free(3)>.
The returned value must eventually be freed with EVP_MD_free().
Fetched B<EVP_MD> structures are reference counted.
=item EVP_MD_up_ref()
Increments the reference count for an B<EVP_MD> structure.
=item EVP_MD_free()
Decrements the reference count for the fetched B<EVP_MD> structure.
If the reference count drops to 0 then the structure is freed.
=item EVP_MD_CTX_new()
@ -409,6 +424,10 @@ disabled with this flag.
Returns a pointer to a B<EVP_MD> for success or NULL for failure.
=item EVP_MD_up_ref()
Returns 1 for success or 0 for failure.
=item EVP_DigestInit_ex(),
EVP_DigestUpdate(),
EVP_DigestFinal_ex()
@ -573,8 +592,8 @@ The EVP_dss1() function was removed in OpenSSL 1.1.0.
The EVP_MD_CTX_set_pkey_ctx() function was added in 1.1.1.
The EVP_MD_CTX_set_params() and EVP_MD_CTX_get_params() functions were
added in 3.0.
The EVP_MD_fetch(), EVP_MD_free(), EVP_MD_up_ref(), EVP_MD_CTX_set_params()
and EVP_MD_CTX_get_params() functions were added in 3.0.
=head1 COPYRIGHT

24
doc/man3/EVP_MD_meth_new.pod
View File

@ -2,8 +2,8 @@
=head1 NAME
EVP_MD_meth_dup,
EVP_MD_meth_new, EVP_MD_meth_free, EVP_MD_meth_set_input_blocksize,
EVP_MD_meth_new, EVP_MD_meth_dup, EVP_MD_meth_free,
EVP_MD_meth_set_input_blocksize,
EVP_MD_meth_set_result_size, EVP_MD_meth_set_app_datasize,
EVP_MD_meth_set_flags, EVP_MD_meth_set_init, EVP_MD_meth_set_update,
EVP_MD_meth_set_final, EVP_MD_meth_set_copy, EVP_MD_meth_set_cleanup,
@ -11,8 +11,8 @@ EVP_MD_meth_set_ctrl, EVP_MD_meth_get_input_blocksize,
EVP_MD_meth_get_result_size, EVP_MD_meth_get_app_datasize,
EVP_MD_meth_get_flags, EVP_MD_meth_get_init, EVP_MD_meth_get_update,
EVP_MD_meth_get_final, EVP_MD_meth_get_copy, EVP_MD_meth_get_cleanup,
EVP_MD_meth_get_ctrl, EVP_MD_up_ref
- Routines to build up EVP_MD methods
EVP_MD_meth_get_ctrl
- Routines to build up legacy EVP_MD methods
=head1 SYNOPSIS
@ -54,16 +54,14 @@ EVP_MD_meth_get_ctrl, EVP_MD_up_ref
int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
int p1, void *p2);
int EVP_MD_up_ref(EVP_MD *md);
=head1 DESCRIPTION
The B<EVP_MD> type is a structure for digest method implementation.
It can also have associated public/private key signing and verifying
routines.
EVP_MD_meth_new() creates a new B<EVP_MD> structure. Note that B<EVP_MD>
structures are reference counted.
EVP_MD_meth_new() creates a new B<EVP_MD> structure.
These B<EVP_MD> structures are reference counted.
EVP_MD_meth_dup() creates a copy of B<md>.
@ -162,8 +160,6 @@ EVP_MD_meth_get_cleanup() and EVP_MD_meth_get_ctrl() are all used
to retrieve the method data given with the EVP_MD_meth_set_*()
functions above.
EVP_MD_up_ref() increments the reference count for an EVP_MD structure.
=head1 RETURN VALUES
EVP_MD_meth_new() and EVP_MD_meth_dup() return a pointer to a newly
@ -175,8 +171,6 @@ indicated sizes or flags.
All other EVP_CIPHER_meth_get_*() functions return pointers to their
respective B<md> function.
EVP_MD_up_ref() returns 1 for success or 0 otherwise.
=head1 SEE ALSO
L<EVP_DigestInit(3)>, L<EVP_SignInit(3)>, L<EVP_VerifyInit(3)>
@ -184,8 +178,10 @@ L<EVP_DigestInit(3)>, L<EVP_SignInit(3)>, L<EVP_VerifyInit(3)>
=head1 HISTORY
The B<EVP_MD> structure was openly available in OpenSSL before version
1.1. EVP_MD_up_ref() was added in OpenSSL 3.0. All other functions described
here were added in OpenSSL 1.1.
1.1.
The functions described here were added in OpenSSL 1.1.
The B<EVP_MD> structure created with these functions became reference
counted in OpenSSL 3.0.
=head1 COPYRIGHT

3
include/openssl/evp.h
View File

@ -81,7 +81,6 @@ int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq);
# ifndef EVP_MD
EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type);
EVP_MD *EVP_MD_meth_dup(const EVP_MD *md);
int EVP_MD_up_ref(EVP_MD *md);
void EVP_MD_meth_free(EVP_MD *md);
int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize);
@ -585,6 +584,8 @@ __owur int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md,
__owur EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm,
const char *properties);
int EVP_MD_up_ref(EVP_MD *md);
void EVP_MD_free(EVP_MD *md);
int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify);
int EVP_read_pw_string_min(char *buf, int minlen, int maxlen,

4
providers/common/macs/hmac_prov.c
View File

@ -79,7 +79,7 @@ static void hmac_free(void *vmacctx)
if (macctx != NULL) {
HMAC_CTX_free(macctx->ctx);
EVP_MD_meth_free(macctx->alloc_md);
EVP_MD_free(macctx->alloc_md);
OPENSSL_free(macctx);
}
}
@ -222,7 +222,7 @@ static int hmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
propquery = p->data;
}
EVP_MD_meth_free(macctx->alloc_md);
EVP_MD_free(macctx->alloc_md);
macctx->tmpmd = macctx->alloc_md =
EVP_MD_fetch(PROV_LIBRARY_CONTEXT_OF(macctx->provctx),

4
providers/common/macs/kmac_prov.c
View File

@ -150,7 +150,7 @@ static void kmac_free(void *vmacctx)
if (kctx != NULL) {
EVP_MD_CTX_free(kctx->ctx);
EVP_MD_meth_free(kctx->alloc_md);
EVP_MD_free(kctx->alloc_md);
OPENSSL_cleanse(kctx->key, kctx->key_len);
OPENSSL_cleanse(kctx->custom, kctx->custom_len);
OPENSSL_free(kctx);
@ -197,7 +197,7 @@ static void *kmac_fetch_new(void *provctx, const char *mdname)
ret = kmac_new(provctx, fetched_md, md);
if (ret == NULL)
EVP_MD_meth_free(fetched_md);
EVP_MD_free(fetched_md);
return ret;
}

2
providers/fips/fipsprov.c
View File

@ -186,7 +186,7 @@ static int dummy_evp_call(void *provctx)
BN_CTX_free(bnctx);
EVP_MD_CTX_free(ctx);
EVP_MD_meth_free(sha256);
EVP_MD_free(sha256);
#ifndef OPENSSL_NO_EC
EC_KEY_free(key);

10
test/evp_extra_test.c
View File

@ -1154,8 +1154,8 @@ static int test_EVP_MD_fetch(int tst)
if (!TEST_true(EVP_MD_up_ref(md)))
goto err;
/* Ref count should now be 2. Release both */
EVP_MD_meth_free(md);
EVP_MD_meth_free(md);
EVP_MD_free(md);
EVP_MD_free(md);
md = NULL;
/*
@ -1174,7 +1174,7 @@ static int test_EVP_MD_fetch(int tst)
goto err;
}
EVP_MD_meth_free(md);
EVP_MD_free(md);
md = NULL;
/*
@ -1195,7 +1195,7 @@ static int test_EVP_MD_fetch(int tst)
goto err;
}
EVP_MD_meth_free(md);
EVP_MD_free(md);
md = NULL;
/*
@ -1217,7 +1217,7 @@ static int test_EVP_MD_fetch(int tst)
ret = 1;
err:
EVP_MD_meth_free(md);
EVP_MD_free(md);
OSSL_PROVIDER_unload(defltprov);
OSSL_PROVIDER_unload(fipsprov);
/* Not normally needed, but we would like to test that

1
util/libcrypto.num
View File

@ -4732,3 +4732,4 @@ EVP_MAC_get_params 4841 3_0_0 EXIST::FUNCTION:
EVP_MAC_gettable_params 4842 3_0_0 EXIST::FUNCTION:
EVP_MAC_provider 4843 3_0_0 EXIST::FUNCTION:
EVP_MAC_do_all_ex 4844 3_0_0 EXIST::FUNCTION:
EVP_MD_free 4845 3_0_0 EXIST::FUNCTION: