diff options
author | Rich Salz <rsalz@akamai.com> | 2021-02-16 17:51:56 -0500 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2021-04-18 10:03:07 +0200 |
commit | f6c95e46c03025b2694241e1ad785d8bd3ac083b (patch) | |
tree | 5dcfc46ad06713bc6b581f6bed3ce3e26b0c5970 /crypto/cms | |
parent | 543e740b95e303790f8fe6ec59458b4ecdcfb56c (diff) |
Add "origin" field to EVP_CIPHER, EVP_MD
Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch,
or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle all
three origins. The flag is deliberately right before some function pointers,
so that compile-time failures (int/pointer) will occur, as opposed to
taking a bit in the existing "flags" field. The "global variable" flag
is non-zero, so the default case of using OPENSSL_zalloc (for provider
ciphers), will do the right thing. Ref-counting is a no-op for
Make up_ref no-op for global MD and CIPHER objects
Deprecate EVP_MD_CTX_md(). Added EVP_MD_CTX_get0_md() (same semantics as
the deprecated function) and EVP_MD_CTX_get1_md(). Likewise, deprecate
EVP_CIPHER_CTX_cipher() in favor of EVP_CIPHER_CTX_get0_cipher(), and add
EVP_CIPHER_CTX_get1_CIPHER().
Refactor EVP_MD_free() and EVP_MD_meth_free() to call new common
evp_md_free_int() function.
Refactor EVP_CIPHER_free() and EVP_CIPHER_meth_free() to call new common
evp_cipher_free_int() function.
Also change some flags tests to explicit test == or != zero. E.g.,
if (flags & x) --> if ((flags & x) != 0)
if (!(flags & x)) --> if ((flags & x) == 0)
Only done for those lines where "get0_cipher" calls were made.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14193)
Diffstat (limited to 'crypto/cms')
-rw-r--r-- | crypto/cms/cms_env.c | 7 | ||||
-rw-r--r-- | crypto/cms/cms_kari.c | 2 | ||||
-rw-r--r-- | crypto/cms/cms_lib.c | 2 | ||||
-rw-r--r-- | crypto/cms/cms_sd.c | 2 |
4 files changed, 7 insertions, 6 deletions
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index aa020cedfd..79efd67ba3 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -1105,8 +1105,8 @@ static BIO *cms_EnvelopedData_Decryption_init_bio(CMS_ContentInfo *cms) * If the selected cipher supports unprotected attributes, * deal with it using special ctrl function */ - if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) - & EVP_CIPH_FLAG_CIPHER_WITH_MAC) + if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) + & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0 && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED, 0, cms->d.envelopedData->unprotectedAttrs) <= 0) { BIO_free(contentBio); @@ -1225,7 +1225,8 @@ int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain) * If the selected cipher supports unprotected attributes, * deal with it using special ctrl function */ - if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_CIPHER_WITH_MAC) { + if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) + & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) { if (env->unprotectedAttrs == NULL) env->unprotectedAttrs = sk_X509_ATTRIBUTE_new_null(); diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c index 1422f350b0..2fee4784da 100644 --- a/crypto/cms/cms_kari.c +++ b/crypto/cms/cms_kari.c @@ -422,7 +422,7 @@ static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari, int ret; /* If a suitable wrap algorithm is already set nothing to do */ - kekcipher = EVP_CIPHER_CTX_cipher(ctx); + kekcipher = EVP_CIPHER_CTX_get0_cipher(ctx); if (kekcipher != NULL) { if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_WRAP_MODE) return 0; diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c index 0c9a372832..33127cc88c 100644 --- a/crypto/cms/cms_lib.c +++ b/crypto/cms/cms_lib.c @@ -459,7 +459,7 @@ int ossl_cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, * Workaround for broken implementations that use signature * algorithm OID instead of digest. */ - || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid) + || EVP_MD_pkey_type(EVP_MD_CTX_get0_md(mtmp)) == nid) return EVP_MD_CTX_copy_ex(mctx, mtmp); chain = BIO_next(chain); } diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 287021fc21..2b232aa700 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -923,7 +923,7 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) } else r = 1; } else { - const EVP_MD *md = EVP_MD_CTX_md(mctx); + const EVP_MD *md = EVP_MD_CTX_get0_md(mctx); const CMS_CTX *ctx = si->cms_ctx; pkctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx), |