diff options
author | Rich Salz <rsalz@akamai.com> | 2021-02-16 17:51:56 -0500 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2021-04-18 10:03:07 +0200 |
commit | f6c95e46c03025b2694241e1ad785d8bd3ac083b (patch) | |
tree | 5dcfc46ad06713bc6b581f6bed3ce3e26b0c5970 /crypto/evp | |
parent | 543e740b95e303790f8fe6ec59458b4ecdcfb56c (diff) |
Add "origin" field to EVP_CIPHER, EVP_MD
Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch,
or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle all
three origins. The flag is deliberately right before some function pointers,
so that compile-time failures (int/pointer) will occur, as opposed to
taking a bit in the existing "flags" field. The "global variable" flag
is non-zero, so the default case of using OPENSSL_zalloc (for provider
ciphers), will do the right thing. Ref-counting is a no-op for
Make up_ref no-op for global MD and CIPHER objects
Deprecate EVP_MD_CTX_md(). Added EVP_MD_CTX_get0_md() (same semantics as
the deprecated function) and EVP_MD_CTX_get1_md(). Likewise, deprecate
EVP_CIPHER_CTX_cipher() in favor of EVP_CIPHER_CTX_get0_cipher(), and add
EVP_CIPHER_CTX_get1_CIPHER().
Refactor EVP_MD_free() and EVP_MD_meth_free() to call new common
evp_md_free_int() function.
Refactor EVP_CIPHER_free() and EVP_CIPHER_meth_free() to call new common
evp_cipher_free_int() function.
Also change some flags tests to explicit test == or != zero. E.g.,
if (flags & x) --> if ((flags & x) != 0)
if (!(flags & x)) --> if ((flags & x) == 0)
Only done for those lines where "get0_cipher" calls were made.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14193)
Diffstat (limited to 'crypto/evp')
34 files changed, 152 insertions, 35 deletions
diff --git a/crypto/evp/bio_md.c b/crypto/evp/bio_md.c index f7970a91f3..bf1e8902a5 100644 --- a/crypto/evp/bio_md.c +++ b/crypto/evp/bio_md.c @@ -145,7 +145,7 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) switch (cmd) { case BIO_CTRL_RESET: if (BIO_get_init(b)) - ret = EVP_DigestInit_ex(ctx, EVP_MD_CTX_md(ctx), NULL); + ret = EVP_DigestInit_ex(ctx, EVP_MD_CTX_get0_md(ctx), NULL); else ret = 0; if (ret > 0) @@ -154,7 +154,7 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_C_GET_MD: if (BIO_get_init(b)) { ppmd = ptr; - *ppmd = EVP_MD_CTX_md(ctx); + *ppmd = EVP_MD_CTX_get0_md(ctx); } else ret = 0; break; diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index 3d31f19829..ce40082977 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -394,7 +394,7 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_C_GET_MD: if (BIO_get_init(b)) { ppmd = ptr; - *ppmd = EVP_MD_CTX_md(ctx->md); + *ppmd = EVP_MD_CTX_get0_md(ctx->md); } else ret = 0; break; @@ -442,7 +442,7 @@ static int sig_out(BIO *b) ctx = BIO_get_data(b); md = ctx->md; - digest = EVP_MD_CTX_md(md); + digest = EVP_MD_CTX_get0_md(md); md_size = EVP_MD_size(digest); md_data = EVP_MD_CTX_md_data(md); @@ -486,7 +486,7 @@ static int sig_in(BIO *b) ctx = BIO_get_data(b); md = ctx->md; - digest = EVP_MD_CTX_md(md); + digest = EVP_MD_CTX_get0_md(md); md_size = EVP_MD_size(digest); md_data = EVP_MD_CTX_md_data(md); @@ -532,7 +532,7 @@ static int block_out(BIO *b) ctx = BIO_get_data(b); md = ctx->md; - digest = EVP_MD_CTX_md(md); + digest = EVP_MD_CTX_get0_md(md); md_size = EVP_MD_size(digest); tl = ctx->buf_len - OK_BLOCK_BLOCK; @@ -563,7 +563,7 @@ static int block_in(BIO *b) ctx = BIO_get_data(b); md = ctx->md; - md_size = EVP_MD_size(EVP_MD_CTX_md(md)); + md_size = EVP_MD_size(EVP_MD_CTX_get0_md(md)); assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */ tl = ctx->buf[0]; diff --git a/crypto/evp/cmeth_lib.c b/crypto/evp/cmeth_lib.c index 7734295214..2541e5952b 100644 --- a/crypto/evp/cmeth_lib.c +++ b/crypto/evp/cmeth_lib.c @@ -28,6 +28,7 @@ EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len) cipher->nid = cipher_type; cipher->block_size = block_size; cipher->key_len = key_len; + cipher->origin = EVP_ORIG_METH; } return cipher; } @@ -55,7 +56,10 @@ EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher) void EVP_CIPHER_meth_free(EVP_CIPHER *cipher) { - EVP_CIPHER_free(cipher); + if (cipher == NULL || cipher->origin != EVP_ORIG_METH) + return; + + evp_cipher_free_int(cipher); } int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len) diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 82e43f2eb1..ef60fc1505 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -1026,7 +1026,8 @@ int EVP_MD_up_ref(EVP_MD *md) { int ref = 0; - CRYPTO_UP_REF(&md->refcnt, &ref, md->lock); + if (md->origin == EVP_ORIG_DYNAMIC) + CRYPTO_UP_REF(&md->refcnt, &ref, md->lock); return 1; } @@ -1034,15 +1035,13 @@ void EVP_MD_free(EVP_MD *md) { int i; - if (md == NULL) + if (md == NULL || md->origin != EVP_ORIG_DYNAMIC) return; CRYPTO_DOWN_REF(&md->refcnt, &i, md->lock); if (i > 0) return; - ossl_provider_free(md->prov); - CRYPTO_THREAD_lock_free(md->lock); - OPENSSL_free(md); + evp_md_free_int(md); } void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx, diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index df74aca45d..ffafdbcc22 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -395,6 +395,7 @@ static int aesni_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static const EVP_CIPHER aesni_##keylen##_##mode = { \ nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ flags|EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ aesni_init_key, \ aesni_##mode##_cipher, \ NULL, \ @@ -402,8 +403,9 @@ static const EVP_CIPHER aesni_##keylen##_##mode = { \ NULL,NULL,NULL,NULL }; \ static const EVP_CIPHER aes_##keylen##_##mode = { \ nid##_##keylen##_##nmode,blocksize, \ - keylen/8,ivlen, \ + keylen/8,ivlen, \ flags|EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ aes_init_key, \ aes_##mode##_cipher, \ NULL, \ @@ -418,6 +420,7 @@ static const EVP_CIPHER aesni_##keylen##_##mode = { \ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \ ivlen, \ flags|EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ aesni_##mode##_init_key, \ aesni_##mode##_cipher, \ aes_##mode##_cleanup, \ @@ -428,6 +431,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \ ivlen, \ flags|EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ aes_##mode##_init_key, \ aes_##mode##_cipher, \ aes_##mode##_cleanup, \ @@ -749,6 +753,7 @@ static int aes_t4_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static const EVP_CIPHER aes_t4_##keylen##_##mode = { \ nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ flags|EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ aes_t4_init_key, \ aes_t4_##mode##_cipher, \ NULL, \ @@ -758,6 +763,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ nid##_##keylen##_##nmode,blocksize, \ keylen/8,ivlen, \ flags|EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ aes_init_key, \ aes_##mode##_cipher, \ NULL, \ @@ -772,6 +778,7 @@ static const EVP_CIPHER aes_t4_##keylen##_##mode = { \ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \ ivlen, \ flags|EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ aes_t4_##mode##_init_key, \ aes_t4_##mode##_cipher, \ aes_##mode##_cleanup, \ @@ -782,6 +789,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \ ivlen, \ flags|EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ aes_##mode##_init_key, \ aes_##mode##_cipher, \ aes_##mode##_cleanup, \ @@ -2249,6 +2257,7 @@ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ static const EVP_CIPHER aes_##keylen##_##mode = { \ nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ flags|EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ aes_init_key, \ aes_##mode##_cipher, \ NULL, \ @@ -2263,6 +2272,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \ ivlen, \ flags|EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ aes_##mode##_init_key, \ aes_##mode##_cipher, \ aes_##mode##_cleanup, \ @@ -3511,10 +3521,10 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM, EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) - BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) - BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) +BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM, + EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) +BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM, + EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) typedef struct { union { @@ -3613,7 +3623,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static const EVP_CIPHER aes_128_wrap = { NID_id_aes128_wrap, - 8, 16, 8, WRAP_FLAGS, + 8, 16, 8, WRAP_FLAGS, EVP_ORIG_GLOBAL, aes_wrap_init_key, aes_wrap_cipher, NULL, sizeof(EVP_AES_WRAP_CTX), @@ -3627,7 +3637,7 @@ const EVP_CIPHER *EVP_aes_128_wrap(void) static const EVP_CIPHER aes_192_wrap = { NID_id_aes192_wrap, - 8, 24, 8, WRAP_FLAGS, + 8, 24, 8, WRAP_FLAGS, EVP_ORIG_GLOBAL, aes_wrap_init_key, aes_wrap_cipher, NULL, sizeof(EVP_AES_WRAP_CTX), @@ -3641,7 +3651,7 @@ const EVP_CIPHER *EVP_aes_192_wrap(void) static const EVP_CIPHER aes_256_wrap = { NID_id_aes256_wrap, - 8, 32, 8, WRAP_FLAGS, + 8, 32, 8, WRAP_FLAGS, EVP_ORIG_GLOBAL, aes_wrap_init_key, aes_wrap_cipher, NULL, sizeof(EVP_AES_WRAP_CTX), @@ -3655,7 +3665,7 @@ const EVP_CIPHER *EVP_aes_256_wrap(void) static const EVP_CIPHER aes_128_wrap_pad = { NID_id_aes128_wrap_pad, - 8, 16, 4, WRAP_FLAGS, + 8, 16, 4, WRAP_FLAGS, EVP_ORIG_GLOBAL, aes_wrap_init_key, aes_wrap_cipher, NULL, sizeof(EVP_AES_WRAP_CTX), @@ -3669,7 +3679,7 @@ const EVP_CIPHER *EVP_aes_128_wrap_pad(void) static const EVP_CIPHER aes_192_wrap_pad = { NID_id_aes192_wrap_pad, - 8, 24, 4, WRAP_FLAGS, + 8, 24, 4, WRAP_FLAGS, EVP_ORIG_GLOBAL, aes_wrap_init_key, aes_wrap_cipher, NULL, sizeof(EVP_AES_WRAP_CTX), @@ -3683,7 +3693,7 @@ const EVP_CIPHER *EVP_aes_192_wrap_pad(void) static const EVP_CIPHER aes_256_wrap_pad = { NID_id_aes256_wrap_pad, - 8, 32, 4, WRAP_FLAGS, + 8, 32, 4, WRAP_FLAGS, EVP_ORIG_GLOBAL, aes_wrap_init_key, aes_wrap_cipher, NULL, sizeof(EVP_AES_WRAP_CTX), diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c index cdf5985e8b..766f248718 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -914,6 +914,7 @@ static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = { AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE, EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, + EVP_ORIG_GLOBAL, aesni_cbc_hmac_sha1_init_key, aesni_cbc_hmac_sha1_cipher, NULL, @@ -933,6 +934,7 @@ static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = { AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE, EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, + EVP_ORIG_GLOBAL, aesni_cbc_hmac_sha1_init_key, aesni_cbc_hmac_sha1_cipher, NULL, diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index 906ec9f7fc..0413f66806 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -898,6 +898,7 @@ static EVP_CIPHER aesni_128_cbc_hmac_sha256_cipher = { AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE, EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, + EVP_ORIG_GLOBAL, aesni_cbc_hmac_sha256_init_key, aesni_cbc_hmac_sha256_cipher, NULL, @@ -917,6 +918,7 @@ static EVP_CIPHER aesni_256_cbc_hmac_sha256_cipher = { AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE, EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, + EVP_ORIG_GLOBAL, aesni_cbc_hmac_sha256_init_key, aesni_cbc_hmac_sha256_cipher, NULL, diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c index e56c4fd006..e7ba2df78f 100644 --- a/crypto/evp/e_aria.c +++ b/crypto/evp/e_aria.c @@ -159,6 +159,7 @@ IMPLEMENT_ARIA_CFBR(256,8) static const EVP_CIPHER aria_##keylen##_##mode = { \ nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ flags|EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ aria_init_key, \ aria_##mode##_cipher, \ NULL, \ @@ -757,6 +758,7 @@ static const EVP_CIPHER aria_##keylen##_##mode = { \ nid##_##keylen##_##nmode, \ blocksize, keylen/8, ivlen, \ ARIA_AUTH_FLAGS|EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ aria_##mode##_init_key, \ aria_##mode##_cipher, \ aria_##mode##_cleanup, \ diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c index 52c33d472e..db2057a660 100644 --- a/crypto/evp/e_camellia.c +++ b/crypto/evp/e_camellia.c @@ -144,6 +144,7 @@ static int cmll_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static const EVP_CIPHER cmll_t4_##keylen##_##mode = { \ nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ flags|EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ cmll_t4_init_key, \ cmll_t4_##mode##_cipher, \ NULL, \ @@ -153,6 +154,7 @@ static const EVP_CIPHER camellia_##keylen##_##mode = { \ nid##_##keylen##_##nmode,blocksize, \ keylen/8,ivlen, \ flags|EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ camellia_init_key, \ camellia_##mode##_cipher, \ NULL, \ @@ -167,6 +169,7 @@ const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \ static const EVP_CIPHER camellia_##keylen##_##mode = { \ nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ flags|EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ camellia_init_key, \ camellia_##mode##_cipher, \ NULL, \ diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c index 8c69b3a736..9b5441cdb6 100644 --- a/crypto/evp/e_chacha20_poly1305.c +++ b/crypto/evp/e_chacha20_poly1305.c @@ -131,6 +131,7 @@ static const EVP_CIPHER chacha20 = { CHACHA_KEY_SIZE, /* key_len */ CHACHA_CTR_SIZE, /* iv_len, 128-bit counter in the context */ EVP_CIPH_CUSTOM_IV | EVP_CIPH_ALWAYS_CALL_INIT, + EVP_ORIG_GLOBAL, chacha_init_key, chacha_cipher, NULL, @@ -614,6 +615,7 @@ static EVP_CIPHER chacha20_poly1305 = { EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_CUSTOM_IV_LENGTH, + EVP_ORIG_GLOBAL, chacha20_poly1305_init_key, chacha20_poly1305_cipher, chacha20_poly1305_cleanup, diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 7a433ec7af..e8182b628b 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -413,6 +413,7 @@ static const EVP_CIPHER des3_wrap = { 8, 24, 0, EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1, + EVP_ORIG_GLOBAL, des_ede3_init_key, des_ede3_wrap_cipher, NULL, sizeof(DES_EDE_KEY), diff --git a/crypto/evp/e_null.c b/crypto/evp/e_null.c index 2c8d27e3be..af1013e40d 100644 --- a/crypto/evp/e_null.c +++ b/crypto/evp/e_null.c @@ -20,6 +20,7 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static const EVP_CIPHER n_cipher = { NID_undef, 1, 0, 0, 0, + EVP_ORIG_GLOBAL, null_init_key, null_cipher, NULL, diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c index 790b816345..7ee18ed1cb 100644 --- a/crypto/evp/e_rc2.c +++ b/crypto/evp/e_rc2.c @@ -53,6 +53,7 @@ static const EVP_CIPHER r2_64_cbc_cipher = { NID_rc2_64_cbc, 8, 8 /* 64 bit */ , 8, EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, + EVP_ORIG_GLOBAL, rc2_init_key, rc2_cbc_cipher, NULL, @@ -67,6 +68,7 @@ static const EVP_CIPHER r2_40_cbc_cipher = { NID_rc2_40_cbc, 8, 5 /* 40 bit */ , 8, EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, + EVP_ORIG_GLOBAL, rc2_init_key, rc2_cbc_cipher, NULL, diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c index d81fb4cabd..ec07f028c5 100644 --- a/crypto/evp/e_rc4.c +++ b/crypto/evp/e_rc4.c @@ -38,6 +38,7 @@ static const EVP_CIPHER r4_cipher = { NID_rc4, 1, EVP_RC4_KEY_SIZE, 0, EVP_CIPH_VARIABLE_LENGTH, + EVP_ORIG_GLOBAL, rc4_init_key, rc4_cipher, NULL, @@ -52,6 +53,7 @@ static const EVP_CIPHER r4_40_cipher = { NID_rc4_40, 1, 5 /* 40 bit */ , 0, EVP_CIPH_VARIABLE_LENGTH, + EVP_ORIG_GLOBAL, rc4_init_key, rc4_cipher, NULL, diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c index bde93f3ab7..6a38f95d5e 100644 --- a/crypto/evp/e_rc4_hmac_md5.c +++ b/crypto/evp/e_rc4_hmac_md5.c @@ -255,6 +255,7 @@ static EVP_CIPHER r4_hmac_md5_cipher = { 1, EVP_RC4_KEY_SIZE, 0, EVP_CIPH_STREAM_CIPHER | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_FLAG_AEAD_CIPHER, + EVP_ORIG_GLOBAL, rc4_hmac_md5_init_key, rc4_hmac_md5_cipher, NULL, diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c index 45f94a19f5..a3767573ce 100644 --- a/crypto/evp/e_sm4.c +++ b/crypto/evp/e_sm4.c @@ -85,6 +85,7 @@ static int sm4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static const EVP_CIPHER sm4_ctr_mode = { NID_sm4_ctr, 1, 16, 16, EVP_CIPH_CTR_MODE, + EVP_ORIG_GLOBAL, sm4_init_key, sm4_ctr_cipher, NULL, diff --git a/crypto/evp/e_xcbc_d.c b/crypto/evp/e_xcbc_d.c index 20756211b0..b3956c10c6 100644 --- a/crypto/evp/e_xcbc_d.c +++ b/crypto/evp/e_xcbc_d.c @@ -41,6 +41,7 @@ static const EVP_CIPHER d_xcbc_cipher = { NID_desx_cbc, 8, 24, 8, EVP_CIPH_CBC_MODE, + EVP_ORIG_GLOBAL, desx_cbc_init_key, desx_cbc_cipher, NULL, diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 9073312dfd..2de2a11e5a 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -325,7 +325,8 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, return 0; } - if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_CUSTOM_IV)) { + if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) + & EVP_CIPH_CUSTOM_IV) == 0) { switch (EVP_CIPHER_CTX_mode(ctx)) { case EVP_CIPH_STREAM_CIPHER: @@ -1602,23 +1603,29 @@ int EVP_CIPHER_up_ref(EVP_CIPHER *cipher) { int ref = 0; - CRYPTO_UP_REF(&cipher->refcnt, &ref, cipher->lock); + if (cipher->origin == EVP_ORIG_DYNAMIC) + CRYPTO_UP_REF(&cipher->refcnt, &ref, cipher->lock); return 1; } +void evp_cipher_free_int(EVP_CIPHER *cipher) +{ + ossl_provider_free(cipher->prov); + CRYPTO_THREAD_lock_free(cipher->lock); + OPENSSL_free(cipher); +} + void EVP_CIPHER_free(EVP_CIPHER *cipher) { int i; - if (cipher == NULL || cipher->prov == NULL) + if (cipher == NULL || cipher->origin != EVP_ORIG_DYNAMIC) return; CRYPTO_DOWN_REF(&cipher->refcnt, &i, cipher->lock); if (i > 0) return; - ossl_provider_free(cipher->prov); - CRYPTO_THREAD_lock_free(cipher->lock); - OPENSSL_free(cipher); + evp_cipher_free_int(cipher); } void EVP_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx, diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 6c578bd8ba..41209fa763 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -422,11 +422,34 @@ int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return ctx->cipher->do_cipher(ctx, out, in, inl); } +#ifndef OPENSSL_NO_DEPRECATED_3_0 const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx) { + if (ctx == NULL) + return NULL; + return ctx->cipher; +} +#endif + +const EVP_CIPHER *EVP_CIPHER_CTX_get0_cipher(const EVP_CIPHER_CTX *ctx) +{ + if (ctx == NULL) + return NULL; return ctx->cipher; } +EVP_CIPHER *EVP_CIPHER_CTX_get1_cipher(EVP_CIPHER_CTX *ctx) +{ + EVP_CIPHER *cipher; + + if (ctx == NULL) + return NULL; + cipher = (EVP_CIPHER *)ctx->cipher; + if (!EVP_CIPHER_up_ref(cipher)) + return NULL; + return cipher; +} + int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx) { return ctx->encrypt; @@ -767,6 +790,7 @@ EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type) if (md != NULL) { md->type = md_type; md->pkey_type = pkey_type; + md->origin = EVP_ORIG_METH; } return md; } @@ -791,10 +815,21 @@ EVP_MD *EVP_MD_meth_dup(const EVP_MD *md) return to; } +void evp_md_free_int(EVP_MD *md) +{ + ossl_provider_free(md->prov); + CRYPTO_THREAD_lock_free(md->lock); + OPENSSL_free(md); +} + void EVP_MD_meth_free(EVP_MD *md) { - EVP_MD_free(md); + if (md == NULL || md->origin != EVP_ORIG_METH) + return; + + evp_md_free_int(md); } + int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize) { if (md->block_size != 0) @@ -927,12 +962,33 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, return md->md_ctrl; } +#ifndef OPENSSL_NO_DEPRECATED_3_0 const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx) { if (ctx == NULL) return NULL; return ctx->reqdigest; } +#endif + +const EVP_MD *EVP_MD_CTX_get0_md(const EVP_MD_CTX *ctx) +{ + if (ctx == NULL) + return NULL; + return ctx->reqdigest; +} + +EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx) +{ + EVP_MD *md; + + if (ctx == NULL) + return NULL; + md = (EVP_MD *)ctx->reqdigest; + if (!EVP_MD_up_ref(md)) + return NULL; + return md; +} EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx) { diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h index 9473d54817..cdf89a62c0 100644 --- a/crypto/evp/evp_local.h +++ b/crypto/evp/evp_local.h @@ -317,6 +317,8 @@ OSSL_PARAM *evp_pkey_to_param(EVP_PKEY *pkey, size_t *sz); } void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX *ctx); +void evp_cipher_free_int(EVP_CIPHER *md); +void evp_md_free_int(EVP_MD *md); /* OSSL_PROVIDER * is only used to get the library context */ const char *evp_first_name(const OSSL_PROVIDER *prov, int name_id); diff --git a/crypto/evp/legacy_blake2.c b/crypto/evp/legacy_blake2.c index bdafd354b4..6a18e5fe01 100644 --- a/crypto/evp/legacy_blake2.c +++ b/crypto/evp/legacy_blake2.c @@ -22,6 +22,7 @@ static const EVP_MD blake2b_md = { 0, BLAKE2B_DIGEST_LENGTH, 0, + EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(blake2b_int_init, blake2b_int_update, blake2b_int_final, NULL, BLAKE2B_BLOCKBYTES), }; @@ -36,6 +37,7 @@ static const EVP_MD blake2s_md = { 0, BLAKE2S_DIGEST_LENGTH, 0, + EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(blake2s_int_init, blake2s_int_update, blake2s_int_final, NULL, BLAKE2S_BLOCKBYTES), }; diff --git a/crypto/evp/legacy_md2.c b/crypto/evp/legacy_md2.c index d22b3eb6b9..32cfdb82c8 100644 --- a/crypto/evp/legacy_md2.c +++ b/crypto/evp/legacy_md2.c @@ -24,6 +24,7 @@ static const EVP_MD md2_md = { NID_md2WithRSAEncryption, MD2_DIGEST_LENGTH, 0, + EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(md2_init, md2_update, md2_final, NULL, MD2_BLOCK) }; |