diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2019-04-11 20:27:59 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2019-06-04 12:09:50 +1000 |
| commit | d5e5e2ffafc7dbc861f7d285508cf129c5e8f5ac (patch) | |
| tree | 3920b0febd6d2716940fb022b57894fe2ebf565d | |
| parent | bf5b04ea25d6ac7d31e388b4e87d3eb5cd1e1e2b (diff) | |
Move digests to providers
Move digest code into the relevant providers (fips, default, legacy).
The headers are temporarily moved to be internal, and will be moved
into providers after all external references are resolved. The deprecated
digest code can not be removed until EVP_PKEY (signing) is supported by
providers. EVP_MD data can also not yet be cleaned up for the same reasons.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8763)
64 files changed, 1644 insertions, 570 deletions
diff --git a/crypto/blake2/blake2b_mac.c b/crypto/blake2/blake2b_mac.c index 71b8517885..b38e9b8d27 100644 --- a/crypto/blake2/blake2b_mac.c +++ b/crypto/blake2/blake2b_mac.c @@ -10,7 +10,7 @@ #ifndef OPENSSL_NO_BLAKE2 # include <openssl/evp.h> -# include "blake2_locl.h" +# include "internal/blake2.h" # include "internal/cryptlib.h" # include "internal/evp_int.h" @@ -26,7 +26,7 @@ static EVP_MAC_IMPL *blake2b_mac_new(void) EVP_MAC_IMPL *macctx = OPENSSL_zalloc(sizeof(*macctx)); if (macctx != NULL) { blake2b_param_init(&macctx->params); - /* ctx initialization is deferred to BLAKE2b_Init() */ + /* ctx initialization is deferred to blake2b_init() */ } return macctx; } @@ -53,18 +53,18 @@ static int blake2b_mac_init(EVP_MAC_IMPL *macctx) return 0; } - return BLAKE2b_Init_key(&macctx->ctx, &macctx->params, macctx->key); + return blake2b_init_key(&macctx->ctx, &macctx->params, macctx->key); } static int blake2b_mac_update(EVP_MAC_IMPL *macctx, const unsigned char *data, size_t datalen) { - return BLAKE2b_Update(&macctx->ctx, data, datalen); + return blake2b_update(&macctx->ctx, data, datalen); } static int blake2b_mac_final(EVP_MAC_IMPL *macctx, unsigned char *out) { - return BLAKE2b_Final(out, &macctx->ctx); + return blake2b_final(out, &macctx->ctx); } /* diff --git a/crypto/blake2/blake2s_mac.c b/crypto/blake2/blake2s_mac.c index d40778cb12..04dbf4e027 100644 --- a/crypto/blake2/blake2s_mac.c +++ b/crypto/blake2/blake2s_mac.c @@ -10,7 +10,7 @@ #ifndef OPENSSL_NO_BLAKE2 # include <openssl/evp.h> -# include "blake2_locl.h" +# include "internal/blake2.h" # include "internal/cryptlib.h" # include "internal/evp_int.h" @@ -53,18 +53,18 @@ static int blake2s_mac_init(EVP_MAC_IMPL *macctx) return 0; } - return BLAKE2s_Init_key(&macctx->ctx, &macctx->params, macctx->key); + return blake2s_init_key(&macctx->ctx, &macctx->params, macctx->key); } static int blake2s_mac_update(EVP_MAC_IMPL *macctx, const unsigned char *data, size_t datalen) { - return BLAKE2s_Update(&macctx->ctx, data, datalen); + return blake2s_update(&macctx->ctx, data, datalen); } static int blake2s_mac_final(EVP_MAC_IMPL *macctx, unsigned char *out) { - return BLAKE2s_Final(out, &macctx->ctx); + return blake2s_final(out, &macctx->ctx); } /* diff --git a/crypto/blake2/build.info b/crypto/blake2/build.info index ab72ef2aca..f02bf9a6fa 100644 --- a/crypto/blake2/build.info +++ b/crypto/blake2/build.info @@ -1,3 +1,3 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ - blake2b.c blake2s.c blake2b_mac.c blake2s_mac.c m_blake2b.c m_blake2s.c + blake2b_mac.c blake2s_mac.c m_blake2b.c m_blake2s.c diff --git a/crypto/blake2/m_blake2b.c b/crypto/blake2/m_blake2b.c index 2fb80f8b4e..b429d2d7f2 100644 --- a/crypto/blake2/m_blake2b.c +++ b/crypto/blake2/m_blake2b.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,37 +7,26 @@ * https://www.openssl.org/source/license.html */ -/* - * Derived from the BLAKE2 reference implementation written by Samuel Neves. - * Copyright 2012, Samuel Neves <sneves@dei.uc.pt> - * More information about the BLAKE2 hash function and its implementations - * can be found at https://blake2.net. - */ - -#include "internal/cryptlib.h" - #ifndef OPENSSL_NO_BLAKE2 -# include <openssl/evp.h> -# include <openssl/objects.h> -# include "blake2_locl.h" +# include <stddef.h> +# include <openssl/obj_mac.h> # include "internal/evp_int.h" +# include "internal/blake2.h" static int init(EVP_MD_CTX *ctx) { - BLAKE2B_PARAM P; - blake2b_param_init(&P); - return BLAKE2b_Init(EVP_MD_CTX_md_data(ctx), &P); + return blake2b512_init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return BLAKE2b_Update(EVP_MD_CTX_md_data(ctx), data, count); + return blake2b_update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return BLAKE2b_Final(md, EVP_MD_CTX_md_data(ctx)); + return blake2b_final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD blake2b_md = { @@ -58,4 +47,4 @@ const EVP_MD *EVP_blake2b512(void) { return &blake2b_md; } -#endif +#endif /* OPENSSL_NO_BLAKE2 */ diff --git a/crypto/blake2/m_blake2s.c b/crypto/blake2/m_blake2s.c index 8ff172751d..dd4b68fa1c 100644 --- a/crypto/blake2/m_blake2s.c +++ b/crypto/blake2/m_blake2s.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,37 +7,26 @@ * https://www.openssl.org/source/license.html */ -/* - * Derived from the BLAKE2 reference implementation written by Samuel Neves. - * Copyright 2012, Samuel Neves <sneves@dei.uc.pt> - * More information about the BLAKE2 hash function and its implementations - * can be found at https://blake2.net. - */ - -#include "internal/cryptlib.h" - #ifndef OPENSSL_NO_BLAKE2 -# include <openssl/evp.h> -# include <openssl/objects.h> -# include "blake2_locl.h" +# include <stddef.h> +# include <openssl/obj_mac.h> # include "internal/evp_int.h" +# include "internal/blake2.h" static int init(EVP_MD_CTX *ctx) { - BLAKE2S_PARAM P; - blake2s_param_init(&P); - return BLAKE2s_Init(EVP_MD_CTX_md_data(ctx), &P); + return blake2s256_init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return BLAKE2s_Update(EVP_MD_CTX_md_data(ctx), data, count); + return blake2s_update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return BLAKE2s_Final(md, EVP_MD_CTX_md_data(ctx)); + return blake2s_final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD blake2s_md = { @@ -58,4 +47,4 @@ const EVP_MD *EVP_blake2s256(void) { return &blake2s_md; } -#endif +#endif /* OPENSSL_NO_BLAKE2 */ diff --git a/crypto/core_fetch.c b/crypto/core_fetch.c index 227f920713..a99f092486 100644 --- a/crypto/core_fetch.c +++ b/crypto/core_fetch.c @@ -31,6 +31,9 @@ static int ossl_method_construct_this(OSSL_PROVIDER *provider, void *cbdata) const OSSL_ALGORITHM *map = ossl_provider_query_operation(provider, data->operation_id, &no_store); + if (map == NULL) + return 0; + while (map->algorithm_name != NULL) { const OSSL_ALGORITHM *thismap = map++; void *method = NULL; diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index a1f0154a7f..89cd5c1d00 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,10 +8,12 @@ */ #include <stdio.h> -#include "internal/cryptlib.h" #include <openssl/objects.h> #include <openssl/evp.h> #include <openssl/engine.h> +#include <openssl/params.h> +#include <openssl/core_names.h> +#include "internal/cryptlib.h" #include "internal/evp_int.h" #include "internal/provider.h" #include "evp_locl.h" @@ -149,16 +151,6 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) goto legacy; } - if (type->prov == NULL) { - switch(type->type) { - case NID_sha256: - case NID_md2: - break; - default: - goto legacy; - } - } - if (ctx->digest != NULL && ctx->digest->ctx_size > 0) { OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); ctx->md_data = NULL; @@ -184,6 +176,11 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) #endif } + if (ctx->provctx != NULL && ctx->digest != NULL && ctx->digest != type) { + if (ctx->digest->freectx != NULL) + ctx->digest->freectx(ctx->provctx); + ctx->provctx = NULL; + } ctx->digest = type; if (ctx->provctx == NULL) { ctx->provctx = ctx->digest->newctx(ossl_provider_ctx(type->prov)); @@ -334,7 +331,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize) } EVP_MD_CTX_reset(ctx); - return ret; /* TODO(3.0): Remove legacy code below */ @@ -354,12 +350,31 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize) int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t size) { int ret = 0; + OSSL_PARAM params[2]; + size_t i = 0; + + if (ctx->digest == NULL || ctx->digest->prov == NULL) + goto legacy; + if (ctx->digest->dfinal == NULL) { + EVPerr(EVP_F_EVP_DIGESTFINALXOF, EVP_R_FINAL_ERROR); + return 0; + } + + params[i++] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, + &size, NULL); + params[i++] = OSSL_PARAM_construct_end(); + + if (EVP_MD_CTX_set_params(ctx, params) > 0) + ret = ctx->digest->dfinal(ctx->provctx, md, &size, size); + EVP_MD_CTX_reset(ctx); + return ret; + +legacy: if (ctx->digest->flags & EVP_MD_FLAG_XOF && size <= INT_MAX && ctx->digest->md_ctrl(ctx, EVP_MD_CTRL_XOF_LEN, (int)size, NULL)) { ret = ctx->digest->final(ctx, md); - if (ctx->digest->cleanup != NULL) { ctx->digest->cleanup(ctx); EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); @@ -506,16 +521,56 @@ int EVP_Digest(const void *data, size_t count, return ret; } +int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]) +{ + if (ctx->digest != NULL && ctx->digest->set_params != NULL) + return ctx->digest->set_params(ctx->provctx, params); + return 0; +} + +int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]) +{ + if (ctx->digest != NULL && ctx->digest->get_params != NULL) + return ctx->digest->get_params(ctx->provctx, params); + return 0; +} + +#if !OPENSSL_API_3 int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) { - if (ctx->digest && ctx->digest->md_ctrl) { - int ret = ctx->digest->md_ctrl(ctx, cmd, p1, p2); - if (ret <= 0) - return 0; - return 1; + if (ctx->digest != NULL) { + OSSL_PARAM params[2]; + size_t i, sz, n = 0; + + switch (cmd) { + case EVP_MD_CTRL_XOF_LEN: + if (ctx->digest->set_params == NULL) + break; + i = (size_t)p1; + params[n++] = OSSL_PARAM_construct_size_t( + OSSL_DIGEST_PARAM_XOFLEN, &i, &sz); + params[n++] = OSSL_PARAM_construct_end(); + return ctx->digest->set_params(ctx->provctx, params) > 0; + case EVP_MD_CTRL_MICALG: + if (ctx->digest->get_params == NULL) + break; + params[n++] = OSSL_PARAM_construct_utf8_string( + OSSL_DIGEST_PARAM_MICALG, p2, p1 ? p1 : 9999, + &sz); + params[n++] = OSSL_PARAM_construct_end(); + return ctx->digest->get_params(ctx->provctx, params); + } + /* legacy code */ + if (ctx->digest->md_ctrl != NULL) { + int ret = ctx->digest->md_ctrl(ctx, cmd, p1, p2); + if (ret <= 0) + return 0; + return 1; + } } return 0; } +#endif static void *evp_md_from_dispatch(const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov) @@ -530,55 +585,59 @@ static void *evp_md_from_dispatch(const OSSL_DISPATCH *fns, for (; fns->function_id != 0; fns++) { switch (fns->function_id) { case OSSL_FUNC_DIGEST_NEWCTX: - if (md->newctx != NULL) - break; - md->newctx = OSSL_get_OP_digest_newctx(fns); - fncnt++; + if (md->newctx == NULL) { + md->newctx = OSSL_get_OP_digest_newctx(fns); + fncnt++; + } break; case OSSL_FUNC_DIGEST_INIT: - if (md->dinit != NULL) - break; - md->dinit = OSSL_get_OP_digest_init(fns); - fncnt++; + if (md->dinit == NULL) { + md->dinit = OSSL_get_OP_digest_init(fns); + fncnt++; + } break; case OSSL_FUNC_DIGEST_UPDATE: - if (md->dupdate != NULL) - break; - md->dupdate = OSSL_get_OP_digest_update(fns); - fncnt++; + if (md->dupdate == NULL) { + md->dupdate = OSSL_get_OP_digest_update(fns); + fncnt++; + } break; case OSSL_FUNC_DIGEST_FINAL: - if (md->dfinal != NULL) - break; - md->dfinal = OSSL_get_OP_digest_final(fns); - fncnt++; + if (md->dfinal == NULL) { + md->dfinal = OSSL_get_OP_digest_final(fns); + fncnt++; + } break; case OSSL_FUNC_DIGEST_DIGEST: - if (md->digest != NULL) - break; - md->digest = OSSL_get_OP_digest_digest(fns); + if (md->digest == NULL) + md->digest = OSSL_get_OP_digest_digest(fns); /* We don't increment fnct for this as it is stand alone */ break; case OSSL_FUNC_DIGEST_FREECTX: - if (md->freectx != NULL) - break; - md->freectx = OSSL_get_OP_digest_freectx(fns); - fncnt++; + if (md->freectx == NULL) { + md->freectx = OSSL_get_OP_digest_freectx(fns); + fncnt++; + } break; case OSSL_FUNC_DIGEST_DUPCTX: - if (md->dupctx != NULL) - break; - md->dupctx = OSSL_get_OP_digest_dupctx(fns); + if (md->dupctx == NULL) + md->dupctx = OSSL_get_OP_digest_dupctx(fns); break; case OSSL_FUNC_DIGEST_SIZE: - if (md->size != NULL) - break; - md->size = OSSL_get_OP_digest_size(fns); + if (md->size == NULL) + md->size = OSSL_get_OP_digest_size(fns); break; case OSSL_FUNC_DIGEST_BLOCK_SIZE: - if (md->dblock_size != NULL) - break; - md->dblock_size = OSSL_get_OP_digest_block_size(fns); + if (md->dblock_size == NULL) + md->dblock_size = OSSL_get_OP_digest_block_size(fns); + break; + case OSSL_FUNC_DIGEST_SET_PARAMS: + if (md->set_params == NULL) + md->set_params = OSSL_get_OP_digest_set_params(fns); + break; + case OSSL_FUNC_DIGEST_GET_PARAMS: + if (md->get_params == NULL) + md->get_params = OSSL_get_OP_digest_get_params(fns); break; } } diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index fdd6209bc2..d3b5bcada2 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -159,6 +159,7 @@ void *evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id, mcmdata.mcm = &mcm; mcmdata.libctx = libctx; + mcmdata.name = name; mcmdata.method_from_dispatch = new_method; mcmdata.destruct_method = free_method; mcmdata.refcnt_up_method = upref_method; diff --git a/crypto/evp/m_md5_sha1.c b/crypto/evp/m_md5_sha1.c index 425ed47744..af8ae31ec1 100644 --- a/crypto/evp/m_md5_sha1.c +++ b/crypto/evp/m_md5_sha1.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a c |