diff options
author | Richard Levitte <levitte@openssl.org> | 2019-09-03 17:47:13 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2019-09-04 10:38:13 +0200 |
commit | 3fd7026276475d72a3b5bbbe42cd1f5ff6b0e736 (patch) | |
tree | ff3ecbeaebf4ee6fbe3db1b842e4e6797d9c2580 /crypto | |
parent | 8648a50a2704307fa4633b3d11724dfdae11f125 (diff) | |
download | openssl-3fd7026276475d72a3b5bbbe42cd1f5ff6b0e736.tar.gz |
New function EVP_MD_free()
This function re-implements EVP_MD_meth_free(), but has a name that
isn't encumbered by legacy EVP_MD construction functionality.
We also refactor most of EVP_MD_meth_new() into an internal
evp_md_new() that's used when creating fetched methods.
EVP_MD_meth_new() and EVP_MD_meth_free() are rewritten in terms of
evp_md_new() and EVP_MD_free(). This means that at any time, we can
deprecate all the EVP_MD_meth_ functions with no harmful consequence.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9758)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/bn/bn_rand.c | 2 | ||||
-rw-r--r-- | crypto/ec/curve448/eddsa.c | 6 | ||||
-rw-r--r-- | crypto/evp/digest.c | 55 | ||||
-rw-r--r-- | crypto/evp/evp_lib.c | 40 | ||||
-rw-r--r-- | crypto/evp/evp_locl.h | 3 | ||||
-rw-r--r-- | crypto/rand/drbg_hash.c | 6 | ||||
-rw-r--r-- | crypto/rand/drbg_hmac.c | 6 | ||||
-rw-r--r-- | crypto/rand/rand_crng_test.c | 2 |
8 files changed, 73 insertions, 47 deletions
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index d1743ddf7a..fa75a3b10e 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -310,7 +310,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, err: EVP_MD_CTX_free(mdctx); - EVP_MD_meth_free(md); + EVP_MD_free(md); OPENSSL_free(k_bytes); OPENSSL_cleanse(private_bytes, sizeof(private_bytes)); return ret; diff --git a/crypto/ec/curve448/eddsa.c b/crypto/ec/curve448/eddsa.c index 58e9e92d4c..45b6c4ab69 100644 --- a/crypto/ec/curve448/eddsa.c +++ b/crypto/ec/curve448/eddsa.c @@ -41,7 +41,7 @@ static c448_error_t oneshot_hash(OPENSSL_CTX *ctx, uint8_t *out, size_t outlen, ret = C448_SUCCESS; err: EVP_MD_CTX_free(hashctx); - EVP_MD_meth_free(shake256); + EVP_MD_free(shake256); return ret; } @@ -77,11 +77,11 @@ static c448_error_t hash_init_with_dom(OPENSSL_CTX *ctx, EVP_MD_CTX *hashctx, || !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s)) || !EVP_DigestUpdate(hashctx, dom, sizeof(dom)) || !EVP_DigestUpdate(hashctx, context, context_len)) { - EVP_MD_meth_free(shake256); + EVP_MD_free(shake256); return C448_FAILURE; } - EVP_MD_meth_free(shake256); + EVP_MD_free(shake256); return C448_SUCCESS; } diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index bb6d31bf4f..6cb9064b6c 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -86,7 +86,7 @@ void EVP_MD_CTX_free(EVP_MD_CTX *ctx) EVP_MD_CTX_reset(ctx); - EVP_MD_meth_free(ctx->fetched_digest); + EVP_MD_free(ctx->fetched_digest); ctx->fetched_digest = NULL; ctx->digest = NULL; ctx->reqdigest = NULL; @@ -156,7 +156,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) { if (ctx->digest == ctx->fetched_digest) ctx->digest = NULL; - EVP_MD_meth_free(ctx->fetched_digest); + EVP_MD_free(ctx->fetched_digest); ctx->fetched_digest = NULL; goto legacy; } @@ -181,7 +181,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) return 0; } type = provmd; - EVP_MD_meth_free(ctx->fetched_digest); + EVP_MD_free(ctx->fetched_digest); ctx->fetched_digest = provmd; #endif } @@ -415,7 +415,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) EVP_MD_CTX_reset(out); if (out->fetched_digest != NULL) - EVP_MD_meth_free(out->fetched_digest); + EVP_MD_free(out->fetched_digest); *out = *in; /* NULL out pointers in case of error */ out->pctx = NULL; @@ -616,6 +616,21 @@ int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) return ret; } +EVP_MD *evp_md_new(void) +{ + EVP_MD *md = OPENSSL_zalloc(sizeof(*md)); + + if (md != NULL) { + md->lock = CRYPTO_THREAD_lock_new(); + if (md->lock == NULL) { + OPENSSL_free(md); + return NULL; + } + md->refcnt = 1; + } + return md; +} + static void *evp_md_from_dispatch(const char *name, const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov, void *unused) { @@ -623,9 +638,9 @@ static void *evp_md_from_dispatch(const char *name, const OSSL_DISPATCH *fns, int fncnt = 0; /* EVP_MD_fetch() will set the legacy NID if available */ - if ((md = EVP_MD_meth_new(NID_undef, NID_undef)) == NULL + if ((md = evp_md_new()) == NULL || (md->name = OPENSSL_strdup(name)) == NULL) { - EVP_MD_meth_free(md); + EVP_MD_free(md); EVPerr(0, ERR_R_MALLOC_FAILURE); return NULL; } @@ -718,7 +733,7 @@ static void *evp_md_from_dispatch(const char *name, const OSSL_DISPATCH *fns, * The "digest" function can standalone. We at least need one way to * generate digests. */ - EVP_MD_meth_free(md); + EVP_MD_free(md); ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS); return NULL; } @@ -736,7 +751,7 @@ static int evp_md_up_ref(void *md) static void evp_md_free(void *md) { - EVP_MD_meth_free(md); + EVP_MD_free(md); } EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm, @@ -750,6 +765,30 @@ EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm, return md; } +int EVP_MD_up_ref(EVP_MD *md) +{ + int ref = 0; + + CRYPTO_UP_REF(&md->refcnt, &ref, md->lock); + return 1; +} + +void EVP_MD_free(EVP_MD *md) +{ + int i; + + if (md == NULL) + return; + + CRYPTO_DOWN_REF(&md->refcnt, &i, md->lock); + if (i > 0) + return; + ossl_provider_free(md->prov); + OPENSSL_free(md->name); + CRYPTO_THREAD_lock_free(md->lock); + OPENSSL_free(md); +} + void EVP_MD_do_all_ex(OPENSSL_CTX *libctx, void (*fn)(EVP_MD *mac, void *arg), void *arg) diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 460a5db003..b5b39a7f2d 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -529,54 +529,38 @@ unsigned long EVP_MD_flags(const EVP_MD *md) EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type) { - EVP_MD *md = OPENSSL_zalloc(sizeof(*md)); + EVP_MD *md = evp_md_new(); if (md != NULL) { md->type = md_type; md->pkey_type = pkey_type; - md->lock = CRYPTO_THREAD_lock_new(); - if (md->lock == NULL) { - OPENSSL_free(md); - return NULL; - } - md->refcnt = 1; } return md; } EVP_MD *EVP_MD_meth_dup(const EVP_MD *md) { - EVP_MD *to = EVP_MD_meth_new(md->type, md->pkey_type); + EVP_MD *to = NULL; - if (to != NULL) { + /* + * Non-legacy EVP_MDs can't be duplicated like this. + * Use EVP_MD_up_ref() instead. + */ + if (md->prov != NULL) + return NULL; + + if ((to = EVP_MD_meth_new(md->type, md->pkey_type)) != NULL) { CRYPTO_RWLOCK *lock = to->lock; + memcpy(to, md, sizeof(*to)); to->lock = lock; } return to; } -int EVP_MD_up_ref(EVP_MD *md) -{ - int ref = 0; - - CRYPTO_UP_REF(&md->refcnt, &ref, md->lock); - return 1; -} - void EVP_MD_meth_free(EVP_MD *md) { - if (md != NULL) { - int i; - - CRYPTO_DOWN_REF(&md->refcnt, &i, md->lock); - if (i > 0) - return; - ossl_provider_free(md->prov); - OPENSSL_free(md->name); - CRYPTO_THREAD_lock_free(md->lock); - OPENSSL_free(md); - } + EVP_MD_free(md); } int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize) { diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index a7b36dbc0e..4342956531 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -156,6 +156,9 @@ void evp_generic_do_all(OPENSSL_CTX *libctx, int operation_id, void *method_data, void (*free_method)(void *)); +/* Internal structure constructors for fetched methods */ +EVP_MD *evp_md_new(void); + /* Helper functions to avoid duplicating code */ /* diff --git a/crypto/rand/drbg_hash.c b/crypto/rand/drbg_hash.c index bb6f36ce54..6bef917e0f 100644 --- a/crypto/rand/drbg_hash.c +++ b/crypto/rand/drbg_hash.c @@ -290,7 +290,7 @@ static int drbg_hash_generate(RAND_DRBG *drbg, static int drbg_hash_uninstantiate(RAND_DRBG *drbg) { - EVP_MD_meth_free(drbg->data.hash.md); + EVP_MD_free(drbg->data.hash.md); EVP_MD_CTX_free(drbg->data.hash.ctx); OPENSSL_cleanse(&drbg->data.hash, sizeof(drbg->data.hash)); return 1; @@ -346,12 +346,12 @@ int drbg_hash_init(RAND_DRBG *drbg) if (hash->ctx == NULL) { hash->ctx = EVP_MD_CTX_new(); if (hash->ctx == NULL) { - EVP_MD_meth_free(md); + EVP_MD_free(md); return 0; } } - EVP_MD_meth_free(hash->md); + EVP_MD_free(hash->md); hash->md = md; /* These are taken from SP 800-90 10.1 Table 2 */ diff --git a/crypto/rand/drbg_hmac.c b/crypto/rand/drbg_hmac.c index baafc59064..14c4570b6b 100644 --- a/crypto/rand/drbg_hmac.c +++ b/crypto/rand/drbg_hmac.c @@ -184,7 +184,7 @@ static int drbg_hmac_generate(RAND_DRBG *drbg, static int drbg_hmac_uninstantiate(RAND_DRBG *drbg) { - EVP_MD_meth_free(drbg->data.hmac.md); + EVP_MD_free(drbg->data.hmac.md); HMAC_CTX_free(drbg->data.hmac.ctx); OPENSSL_cleanse(&drbg->data.hmac, sizeof(drbg->data.hmac)); return 1; @@ -239,13 +239,13 @@ int drbg_hmac_init(RAND_DRBG *drbg) if (hmac->ctx == NULL) { hmac->ctx = HMAC_CTX_new(); if (hmac->ctx == NULL) { - EVP_MD_meth_free(md); + EVP_MD_free(md); return 0; } } /* These are taken from SP 800-90 10.1 Table 2 */ - EVP_MD_meth_free(hmac->md); + EVP_MD_free(hmac->md); hmac->md = md; hmac->blocklen = EVP_MD_size(md); /* See SP800-57 Part1 Rev4 5.6.1 Table 3 */ diff --git a/crypto/rand/rand_crng_test.c b/crypto/rand/rand_crng_test.c index a014f936fa..0ba0986b96 100644 --- a/crypto/rand/rand_crng_test.c +++ b/crypto/rand/rand_crng_test.c @@ -87,7 +87,7 @@ int rand_crngt_get_entropy_cb(OPENSSL_CTX *ctx, if (r != 0) memcpy(buf, p, CRNGT_BUFSIZ); rand_pool_reattach(pool, p); - EVP_MD_meth_free(fmd); + EVP_MD_free(fmd); return r; } return 0; |