mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-19 19:50:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add "origin" field to EVP_CIPHER, EVP_MD

Browse Source 
Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch,
or via EVP_{CIPHER,MD}_meth_new.  Update EVP_{CIPHER,MD}_free to handle all
three origins. The flag is deliberately right before some function pointers,
so that compile-time failures (int/pointer) will occur, as opposed to
taking a bit in the existing "flags" field.  The "global variable" flag
is non-zero, so the default case of using OPENSSL_zalloc (for provider
ciphers), will do the right thing. Ref-counting is a no-op for
Make up_ref no-op for global MD and CIPHER objects

Deprecate EVP_MD_CTX_md().  Added EVP_MD_CTX_get0_md() (same semantics as
the deprecated function) and EVP_MD_CTX_get1_md().  Likewise, deprecate
EVP_CIPHER_CTX_cipher() in favor of EVP_CIPHER_CTX_get0_cipher(), and add
EVP_CIPHER_CTX_get1_CIPHER().

Refactor EVP_MD_free() and EVP_MD_meth_free() to call new common
evp_md_free_int() function.
Refactor EVP_CIPHER_free() and EVP_CIPHER_meth_free() to call new common
evp_cipher_free_int() function.

Also change some flags tests to explicit test == or != zero. E.g.,
        if (flags & x) --> if ((flags & x) != 0)
        if (!(flags & x)) --> if ((flags & x) == 0)
Only done for those lines where "get0_cipher" calls were made.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14193)
This commit is contained in:
Rich Salz 2021-02-16 17:51:56 -05:00 committed by Richard Levitte
parent 543e740b95
commit f6c95e46c0
57 changed files with 286 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/dgst.c
View File

@ -405,7 +405,7 @@ int dgst_main(int argc, char **argv)
if (md == NULL) {
EVP_MD_CTX *tctx;
BIO_get_md_ctx(bmd, &tctx);
md = EVP_MD_CTX_md(tctx);
md = EVP_MD_CTX_get0_md(tctx);
}
if (md != NULL)
md_name = EVP_MD_name(md);

2
crypto/asn1/a_sign.c
View File

@ -159,7 +159,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
int signid, paramtype, buf_len = 0;
int rv, pkey_id;
md = EVP_MD_CTX_md(ctx);
md = EVP_MD_CTX_get0_md(ctx);
pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));
if (pkey == NULL) {

2
crypto/asn1/p5_scrypt.c
View File

@ -217,7 +217,7 @@ int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
int t, rv = 0;
SCRYPT_PARAMS *sparam = NULL;
if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
if (EVP_CIPHER_CTX_get0_cipher(ctx) == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
goto err;
}

2
crypto/cmac/cmac.c
View File

@ -137,7 +137,7 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
/* If anything fails then ensure we can't use this ctx */
ctx->nlast_block = -1;
if (!EVP_CIPHER_CTX_cipher(ctx->cctx))
if (!EVP_CIPHER_CTX_get0_cipher(ctx->cctx))
return 0;
if (!EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen))
return 0;

7
crypto/cms/cms_env.c
View File

@ -1105,8 +1105,8 @@ static BIO *cms_EnvelopedData_Decryption_init_bio(CMS_ContentInfo *cms)
* If the selected cipher supports unprotected attributes,
* deal with it using special ctrl function
*/
if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx))
& EVP_CIPH_FLAG_CIPHER_WITH_MAC)
if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
& EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0
&& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED, 0,
cms->d.envelopedData->unprotectedAttrs) <= 0) {
BIO_free(contentBio);
@ -1225,7 +1225,8 @@ int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain)
* If the selected cipher supports unprotected attributes,
* deal with it using special ctrl function
*/
if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_CIPHER_WITH_MAC) {
if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
& EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) {
if (env->unprotectedAttrs == NULL)
env->unprotectedAttrs = sk_X509_ATTRIBUTE_new_null();

2
crypto/cms/cms_kari.c
View File

@ -422,7 +422,7 @@ static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari,
int ret;
/* If a suitable wrap algorithm is already set nothing to do */
kekcipher = EVP_CIPHER_CTX_cipher(ctx);
kekcipher = EVP_CIPHER_CTX_get0_cipher(ctx);
if (kekcipher != NULL) {
if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_WRAP_MODE)
return 0;

2
crypto/cms/cms_lib.c
View File

@ -459,7 +459,7 @@ int ossl_cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
* Workaround for broken implementations that use signature
* algorithm OID instead of digest.
*/
|| EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
|| EVP_MD_pkey_type(EVP_MD_CTX_get0_md(mtmp)) == nid)
return EVP_MD_CTX_copy_ex(mctx, mtmp);
chain = BIO_next(chain);
}

2
crypto/cms/cms_sd.c
View File

@ -923,7 +923,7 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
} else
r = 1;
} else {
const EVP_MD *md = EVP_MD_CTX_md(mctx);
const EVP_MD *md = EVP_MD_CTX_get0_md(mctx);
const CMS_CTX *ctx = si->cms_ctx;
pkctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx),

4
crypto/evp/bio_md.c
View File

@ -145,7 +145,7 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
switch (cmd) {
case BIO_CTRL_RESET:
if (BIO_get_init(b))
ret = EVP_DigestInit_ex(ctx, EVP_MD_CTX_md(ctx), NULL);
ret = EVP_DigestInit_ex(ctx, EVP_MD_CTX_get0_md(ctx), NULL);
else
ret = 0;
if (ret > 0)
@ -154,7 +154,7 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
case BIO_C_GET_MD:
if (BIO_get_init(b)) {
ppmd = ptr;
*ppmd = EVP_MD_CTX_md(ctx);
*ppmd = EVP_MD_CTX_get0_md(ctx);
} else
ret = 0;
break;

10
crypto/evp/bio_ok.c
View File

@ -394,7 +394,7 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
case BIO_C_GET_MD:
if (BIO_get_init(b)) {
ppmd = ptr;
*ppmd = EVP_MD_CTX_md(ctx->md);
*ppmd = EVP_MD_CTX_get0_md(ctx->md);
} else
ret = 0;
break;
@ -442,7 +442,7 @@ static int sig_out(BIO *b)
ctx = BIO_get_data(b);
md = ctx->md;
digest = EVP_MD_CTX_md(md);
digest = EVP_MD_CTX_get0_md(md);
md_size = EVP_MD_size(digest);
md_data = EVP_MD_CTX_md_data(md);
@ -486,7 +486,7 @@ static int sig_in(BIO *b)
ctx = BIO_get_data(b);
md = ctx->md;
digest = EVP_MD_CTX_md(md);
digest = EVP_MD_CTX_get0_md(md);
md_size = EVP_MD_size(digest);
md_data = EVP_MD_CTX_md_data(md);
@ -532,7 +532,7 @@ static int block_out(BIO *b)
ctx = BIO_get_data(b);
md = ctx->md;
digest = EVP_MD_CTX_md(md);
digest = EVP_MD_CTX_get0_md(md);
md_size = EVP_MD_size(digest);
tl = ctx->buf_len - OK_BLOCK_BLOCK;
@ -563,7 +563,7 @@ static int block_in(BIO *b)
ctx = BIO_get_data(b);
md = ctx->md;
md_size = EVP_MD_size(EVP_MD_CTX_md(md));
md_size = EVP_MD_size(EVP_MD_CTX_get0_md(md));
assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */
tl = ctx->buf[0];

6
crypto/evp/cmeth_lib.c
View File

@ -28,6 +28,7 @@ EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len)
cipher->nid = cipher_type;
cipher->block_size = block_size;
cipher->key_len = key_len;
cipher->origin = EVP_ORIG_METH;
}
return cipher;
}
@ -55,7 +56,10 @@ EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher)
void EVP_CIPHER_meth_free(EVP_CIPHER *cipher)
{
EVP_CIPHER_free(cipher);
if (cipher == NULL || cipher->origin != EVP_ORIG_METH)
return;
evp_cipher_free_int(cipher);
}
int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len)

9
crypto/evp/digest.c
View File

@ -1026,7 +1026,8 @@ int EVP_MD_up_ref(EVP_MD *md)
{
int ref = 0;
CRYPTO_UP_REF(&md->refcnt, &ref, md->lock);
if (md->origin == EVP_ORIG_DYNAMIC)
CRYPTO_UP_REF(&md->refcnt, &ref, md->lock);
return 1;
}
@ -1034,15 +1035,13 @@ void EVP_MD_free(EVP_MD *md)
{
int i;
if (md == NULL)
if (md == NULL || md->origin != EVP_ORIG_DYNAMIC)
return;
CRYPTO_DOWN_REF(&md->refcnt, &i, md->lock);
if (i > 0)
return;
ossl_provider_free(md->prov);
CRYPTO_THREAD_lock_free(md->lock);
OPENSSL_free(md);
evp_md_free_int(md);
}
void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx,

32
crypto/evp/e_aes.c
View File

@ -395,6 +395,7 @@ static int aesni_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
static const EVP_CIPHER aesni_##keylen##_##mode = { \
nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
EVP_ORIG_GLOBAL, \
aesni_init_key, \
aesni_##mode##_cipher, \
NULL, \
@ -402,8 +403,9 @@ static const EVP_CIPHER aesni_##keylen##_##mode = { \
NULL,NULL,NULL,NULL }; \
static const EVP_CIPHER aes_##keylen##_##mode = { \
nid##_##keylen##_##nmode,blocksize, \
keylen/8,ivlen, \
keylen/8,ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
EVP_ORIG_GLOBAL, \
aes_init_key, \
aes_##mode##_cipher, \
NULL, \
@ -418,6 +420,7 @@ static const EVP_CIPHER aesni_##keylen##_##mode = { \
(EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \
ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
EVP_ORIG_GLOBAL, \
aesni_##mode##_init_key, \
aesni_##mode##_cipher, \
aes_##mode##_cleanup, \
@ -428,6 +431,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \
(EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \
ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
EVP_ORIG_GLOBAL, \
aes_##mode##_init_key, \
aes_##mode##_cipher, \
aes_##mode##_cleanup, \
@ -749,6 +753,7 @@ static int aes_t4_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
static const EVP_CIPHER aes_t4_##keylen##_##mode = { \
nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
EVP_ORIG_GLOBAL, \
aes_t4_init_key, \
aes_t4_##mode##_cipher, \
NULL, \
@ -758,6 +763,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \
nid##_##keylen##_##nmode,blocksize, \
keylen/8,ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
EVP_ORIG_GLOBAL, \
aes_init_key, \
aes_##mode##_cipher, \
NULL, \
@ -772,6 +778,7 @@ static const EVP_CIPHER aes_t4_##keylen##_##mode = { \
(EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \
ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
EVP_ORIG_GLOBAL, \
aes_t4_##mode##_init_key, \
aes_t4_##mode##_cipher, \
aes_##mode##_cleanup, \
@ -782,6 +789,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \
(EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \
ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
EVP_ORIG_GLOBAL, \
aes_##mode##_init_key, \
aes_##mode##_cipher, \
aes_##mode##_cleanup, \
@ -2249,6 +2257,7 @@ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
static const EVP_CIPHER aes_##keylen##_##mode = { \
nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
EVP_ORIG_GLOBAL, \
aes_init_key, \
aes_##mode##_cipher, \
NULL, \
@ -2263,6 +2272,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \
(EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \
ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
EVP_ORIG_GLOBAL, \
aes_##mode##_init_key, \
aes_##mode##_cipher, \
aes_##mode##_cleanup, \
@ -3511,10 +3521,10 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
typedef struct {
union {
@ -3613,7 +3623,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
static const EVP_CIPHER aes_128_wrap = {
NID_id_aes128_wrap,
8, 16, 8, WRAP_FLAGS,
8, 16, 8, WRAP_FLAGS, EVP_ORIG_GLOBAL,
aes_wrap_init_key, aes_wrap_cipher,
NULL,
sizeof(EVP_AES_WRAP_CTX),
@ -3627,7 +3637,7 @@ const EVP_CIPHER *EVP_aes_128_wrap(void)
static const EVP_CIPHER aes_192_wrap = {
NID_id_aes192_wrap,
8, 24, 8, WRAP_FLAGS,
8, 24, 8, WRAP_FLAGS, EVP_ORIG_GLOBAL,
aes_wrap_init_key, aes_wrap_cipher,
NULL,
sizeof(EVP_AES_WRAP_CTX),
@ -3641,7 +3651,7 @@ const EVP_CIPHER *EVP_aes_192_wrap(void)
static const EVP_CIPHER aes_256_wrap = {
NID_id_aes256_wrap,
8, 32, 8, WRAP_FLAGS,
8, 32, 8, WRAP_FLAGS, EVP_ORIG_GLOBAL,
aes_wrap_init_key, aes_wrap_cipher,
NULL,
sizeof(EVP_AES_WRAP_CTX),
@ -3655,7 +3665,7 @@ const EVP_CIPHER *EVP_aes_256_wrap(void)
static const EVP_CIPHER aes_128_wrap_pad = {
NID_id_aes128_wrap_pad,
8, 16, 4, WRAP_FLAGS,
8, 16, 4, WRAP_FLAGS, EVP_ORIG_GLOBAL,
aes_wrap_init_key, aes_wrap_cipher,
NULL,
sizeof(EVP_AES_WRAP_CTX),
@ -3669,7 +3679,7 @@ const EVP_CIPHER *EVP_aes_128_wrap_pad(void)
static const EVP_CIPHER aes_192_wrap_pad = {
NID_id_aes192_wrap_pad,
8, 24, 4, WRAP_FLAGS,
8, 24, 4, WRAP_FLAGS, EVP_ORIG_GLOBAL,
aes_wrap_init_key, aes_wrap_cipher,
NULL,
sizeof(EVP_AES_WRAP_CTX),
@ -3683,7 +3693,7 @@ const EVP_CIPHER *EVP_aes_192_wrap_pad(void)
static const EVP_CIPHER aes_256_wrap_pad = {
NID_id_aes256_wrap_pad,
8, 32, 4, WRAP_FLAGS,
8, 32, 4, WRAP_FLAGS, EVP_ORIG_GLOBAL,
aes_wrap_init_key, aes_wrap_cipher,
NULL,
sizeof(EVP_AES_WRAP_CTX),

2
crypto/evp/e_aes_cbc_hmac_sha1.c
View File

@ -914,6 +914,7 @@ static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = {
AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE,
EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
EVP_ORIG_GLOBAL,
aesni_cbc_hmac_sha1_init_key,
aesni_cbc_hmac_sha1_cipher,
NULL,
@ -933,6 +934,7 @@ static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = {
AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE,
EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
EVP_ORIG_GLOBAL,
aesni_cbc_hmac_sha1_init_key,
aesni_cbc_hmac_sha1_cipher,
NULL,

2
crypto/evp/e_aes_cbc_hmac_sha256.c
View File

@ -898,6 +898,7 @@ static EVP_CIPHER aesni_128_cbc_hmac_sha256_cipher = {
AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE,
EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
EVP_ORIG_GLOBAL,
aesni_cbc_hmac_sha256_init_key,
aesni_cbc_hmac_sha256_cipher,
NULL,
@ -917,6 +918,7 @@ static EVP_CIPHER aesni_256_cbc_hmac_sha256_cipher = {
AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE,
EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
EVP_ORIG_GLOBAL,
aesni_cbc_hmac_sha256_init_key,
aesni_cbc_hmac_sha256_cipher,
NULL,

2
crypto/evp/e_aria.c
View File

@ -159,6 +159,7 @@ IMPLEMENT_ARIA_CFBR(256,8)
static const EVP_CIPHER aria_##keylen##_##mode = { \
nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
EVP_ORIG_GLOBAL, \
aria_init_key, \
aria_##mode##_cipher, \
NULL, \
@ -757,6 +758,7 @@ static const EVP_CIPHER aria_##keylen##_##mode = { \
nid##_##keylen##_##nmode, \
blocksize, keylen/8, ivlen, \
ARIA_AUTH_FLAGS|EVP_CIPH_##MODE##_MODE, \
EVP_ORIG_GLOBAL, \
aria_##mode##_init_key, \
aria_##mode##_cipher, \
aria_##mode##_cleanup, \

3
crypto/evp/e_camellia.c
View File

@ -144,6 +144,7 @@ static int cmll_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
static const EVP_CIPHER cmll_t4_##keylen##_##mode = { \
nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
EVP_ORIG_GLOBAL, \
cmll_t4_init_key, \
cmll_t4_##mode##_cipher, \
NULL, \
@ -153,6 +154,7 @@ static const EVP_CIPHER camellia_##keylen##_##mode = { \
nid##_##keylen##_##nmode,blocksize, \
keylen/8,ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
EVP_ORIG_GLOBAL, \
camellia_init_key, \
camellia_##mode##_cipher, \
NULL, \
@ -167,6 +169,7 @@ const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \
static const EVP_CIPHER camellia_##keylen##_##mode = { \
nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
flags|EVP_CIPH_##MODE##_MODE, \
EVP_ORIG_GLOBAL, \
camellia_init_key, \
camellia_##mode##_cipher, \
NULL, \

2
crypto/evp/e_chacha20_poly1305.c
View File

@ -131,6 +131,7 @@ static const EVP_CIPHER chacha20 = {
CHACHA_KEY_SIZE, /* key_len */
CHACHA_CTR_SIZE, /* iv_len, 128-bit counter in the context */
EVP_CIPH_CUSTOM_IV | EVP_CIPH_ALWAYS_CALL_INIT,
EVP_ORIG_GLOBAL,
chacha_init_key,
chacha_cipher,
NULL,
@ -614,6 +615,7 @@ static EVP_CIPHER chacha20_poly1305 = {
EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT |
EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER |
EVP_CIPH_CUSTOM_IV_LENGTH,
EVP_ORIG_GLOBAL,
chacha20_poly1305_init_key,
chacha20_poly1305_cipher,
chacha20_poly1305_cleanup,

1
crypto/evp/e_des3.c
View File

@ -413,6 +413,7 @@ static const EVP_CIPHER des3_wrap = {
8, 24, 0,
EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER
| EVP_CIPH_FLAG_DEFAULT_ASN1,
EVP_ORIG_GLOBAL,
des_ede3_init_key, des_ede3_wrap_cipher,
NULL,
sizeof(DES_EDE_KEY),

1
crypto/evp/e_null.c
View File

@ -20,6 +20,7 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
static const EVP_CIPHER n_cipher = {
NID_undef,
1, 0, 0, 0,
EVP_ORIG_GLOBAL,
null_init_key,
null_cipher,
NULL,

2
crypto/evp/e_rc2.c
View File

@ -53,6 +53,7 @@ static const EVP_CIPHER r2_64_cbc_cipher = {
NID_rc2_64_cbc,
8, 8 /* 64 bit */ , 8,
EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
EVP_ORIG_GLOBAL,
rc2_init_key,
rc2_cbc_cipher,
NULL,
@ -67,6 +68,7 @@ static const EVP_CIPHER r2_40_cbc_cipher = {
NID_rc2_40_cbc,
8, 5 /* 40 bit */ , 8,
EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
EVP_ORIG_GLOBAL,
rc2_init_key,
rc2_cbc_cipher,
NULL,

2
crypto/evp/e_rc4.c
View File

@ -38,6 +38,7 @@ static const EVP_CIPHER r4_cipher = {
NID_rc4,
1, EVP_RC4_KEY_SIZE, 0,
EVP_CIPH_VARIABLE_LENGTH,
EVP_ORIG_GLOBAL,
rc4_init_key,
rc4_cipher,
NULL,
@ -52,6 +53,7 @@ static const EVP_CIPHER r4_40_cipher = {
NID_rc4_40,
1, 5 /* 40 bit */ , 0,
EVP_CIPH_VARIABLE_LENGTH,
EVP_ORIG_GLOBAL,
rc4_init_key,
rc4_cipher,
NULL,

1
crypto/evp/e_rc4_hmac_md5.c
View File

@ -255,6 +255,7 @@ static EVP_CIPHER r4_hmac_md5_cipher = {
1, EVP_RC4_KEY_SIZE, 0,
EVP_CIPH_STREAM_CIPHER | EVP_CIPH_VARIABLE_LENGTH |
EVP_CIPH_FLAG_AEAD_CIPHER,
EVP_ORIG_GLOBAL,
rc4_hmac_md5_init_key,
rc4_hmac_md5_cipher,
NULL,

1
crypto/evp/e_sm4.c
View File

@ -85,6 +85,7 @@ static int sm4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
static const EVP_CIPHER sm4_ctr_mode = {
NID_sm4_ctr, 1, 16, 16,
EVP_CIPH_CTR_MODE,
EVP_ORIG_GLOBAL,
sm4_init_key,
sm4_ctr_cipher,
NULL,

1
crypto/evp/e_xcbc_d.c
View File

@ -41,6 +41,7 @@ static const EVP_CIPHER d_xcbc_cipher = {
NID_desx_cbc,
8, 24, 8,
EVP_CIPH_CBC_MODE,
EVP_ORIG_GLOBAL,
desx_cbc_init_key,
desx_cbc_cipher,
NULL,

19
crypto/evp/evp_enc.c
View File

@ -325,7 +325,8 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
return 0;
}
if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_CUSTOM_IV)) {
if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
& EVP_CIPH_CUSTOM_IV) == 0) {
switch (EVP_CIPHER_CTX_mode(ctx)) {
case EVP_CIPH_STREAM_CIPHER:
@ -1602,23 +1603,29 @@ int EVP_CIPHER_up_ref(EVP_CIPHER *cipher)
{
int ref = 0;
CRYPTO_UP_REF(&cipher->refcnt, &ref, cipher->lock);
if (cipher->origin == EVP_ORIG_DYNAMIC)
CRYPTO_UP_REF(&cipher->refcnt, &ref, cipher->lock);
return 1;
}
void evp_cipher_free_int(EVP_CIPHER *cipher)
{
ossl_provider_free(cipher->prov);
CRYPTO_THREAD_lock_free(cipher->lock);
OPENSSL_free(cipher);
}
void EVP_CIPHER_free(EVP_CIPHER *cipher)
{
int i;
if (cipher == NULL || cipher->prov == NULL)
if (cipher == NULL || cipher->origin != EVP_ORIG_DYNAMIC)
return;
CRYPTO_DOWN_REF(&cipher->refcnt, &i, cipher->lock);
if (i > 0)
return;
ossl_provider_free(cipher->prov);
CRYPTO_THREAD_lock_free(cipher->lock);
OPENSSL_free(cipher);
evp_cipher_free_int(cipher);
}
void EVP_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx,

58
crypto/evp/evp_lib.c
View File

@ -422,10 +422,33 @@ int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
return ctx->cipher->do_cipher(ctx, out, in, inl);
}
#ifndef OPENSSL_NO_DEPRECATED_3_0
const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
{
if (ctx == NULL)
return NULL;
return ctx->cipher;
}
#endif
const EVP_CIPHER *EVP_CIPHER_CTX_get0_cipher(const EVP_CIPHER_CTX *ctx)
{
if (ctx == NULL)
return NULL;
return ctx->cipher;
}
EVP_CIPHER *EVP_CIPHER_CTX_get1_cipher(EVP_CIPHER_CTX *ctx)
{
EVP_CIPHER *cipher;
if (ctx == NULL)
return NULL;
cipher = (EVP_CIPHER *)ctx->cipher;
if (!EVP_CIPHER_up_ref(cipher))
return NULL;
return cipher;
}
int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx)
{
@ -767,6 +790,7 @@ EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type)
if (md != NULL) {
md->type = md_type;
md->pkey_type = pkey_type;
md->origin = EVP_ORIG_METH;
}
return md;
}
@ -791,10 +815,21 @@ EVP_MD *EVP_MD_meth_dup(const EVP_MD *md)
return to;
}
void evp_md_free_int(EVP_MD *md)
{
ossl_provider_free(md->prov);
CRYPTO_THREAD_lock_free(md->lock);
OPENSSL_free(md);
}
void EVP_MD_meth_free(EVP_MD *md)
{
EVP_MD_free(md);
if (md == NULL || md->origin != EVP_ORIG_METH)
return;
evp_md_free_int(md);
}
int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize)
{
if (md->block_size != 0)
@ -927,12 +962,33 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
return md->md_ctrl;
}
#ifndef OPENSSL_NO_DEPRECATED_3_0
const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
{
if (ctx == NULL)
return NULL;
return ctx->reqdigest;
}
#endif
const EVP_MD *EVP_MD_CTX_get0_md(const EVP_MD_CTX *ctx)
{
if (ctx == NULL)
return NULL;
return ctx->reqdigest;
}
EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx)
{
EVP_MD *md;
if (ctx == NULL)
return NULL;
md = (EVP_MD *)ctx->reqdigest;
if (!EVP_MD_up_ref(md))
return NULL;
return md;
}
EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx)
{

2
crypto/evp/evp_local.h
View File

@ -317,6 +317,8 @@ OSSL_PARAM *evp_pkey_to_param(EVP_PKEY *pkey, size_t *sz);
}
void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX *ctx);
void evp_cipher_free_int(EVP_CIPHER *md);
void evp_md_free_int(EVP_MD *md);
/* OSSL_PROVIDER * is only used to get the library context */
const char *evp_first_name(const OSSL_PROVIDER *prov, int name_id);

2
crypto/evp/legacy_blake2.c
View File

@ -22,6 +22,7 @@ static const EVP_MD blake2b_md = {
0,
BLAKE2B_DIGEST_LENGTH,
0,
EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(blake2b_int_init, blake2b_int_update,
blake2b_int_final, NULL, BLAKE2B_BLOCKBYTES),
};
@ -36,6 +37,7 @@ static const EVP_MD blake2s_md = {
0,
BLAKE2S_DIGEST_LENGTH,
0,
EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(blake2s_int_init, blake2s_int_update,
blake2s_int_final, NULL, BLAKE2S_BLOCKBYTES),
};

1
crypto/evp/legacy_md2.c
View File

@ -24,6 +24,7 @@ static const EVP_MD md2_md = {
NID_md2WithRSAEncryption,
MD2_DIGEST_LENGTH,
0,
EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(md2_init, md2_update, md2_final, NULL, MD2_BLOCK)
};

1
crypto/evp/legacy_md4.c
View File

@ -24,6 +24,7 @@ static const EVP_MD md4_md = {
NID_md4WithRSAEncryption,
MD4_DIGEST_LENGTH,
0,
EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(md4_init, md4_update, md4_final, NULL, MD4_CBLOCK),
};

1
crypto/evp/legacy_md5.c
View File

@ -24,6 +24,7 @@ static const EVP_MD md5_md = {
NID_md5WithRSAEncryption,
MD5_DIGEST_LENGTH,
0,
EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(md5_init, md5_update, md5_final, NULL, MD5_CBLOCK)
};

1
crypto/evp/legacy_md5_sha1.c
View File

@ -29,6 +29,7 @@ static const EVP_MD md5_sha1_md = {
NID_md5_sha1,
MD5_SHA1_DIGEST_LENGTH,
0,
EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(md5_sha1_int_init, md5_sha1_int_update,
md5_sha1_int_final, md5_sha1_int_ctrl,
MD5_SHA1_CBLOCK),

1
crypto/evp/legacy_mdc2.c
View File

@ -24,6 +24,7 @@ static const EVP_MD mdc2_md = {
NID_mdc2WithRSA,
MDC2_DIGEST_LENGTH,
0,
EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(mdc2_init, mdc2_update, mdc2_final, NULL,
MDC2_BLOCK),
};

1
crypto/evp/legacy_ripemd.c
View File

@ -24,6 +24,7 @@ static const EVP_MD ripemd160_md = {
NID_ripemd160WithRSA,
RIPEMD160_DIGEST_LENGTH,
0,
EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(ripe_init, ripe_update, ripe_final, NULL,
RIPEMD160_CBLOCK),
};

9
crypto/evp/legacy_sha.c
View File

@ -89,6 +89,7 @@ static const EVP_MD sha1_md = {
NID_sha1WithRSAEncryption,
SHA_DIGEST_LENGTH,
EVP_MD_FLAG_DIGALGID_ABSENT,
EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(sha1_init, sha1_update, sha1_final, sha1_int_ctrl,
SHA_CBLOCK),
};
@ -103,6 +104,7 @@ static const EVP_MD sha224_md = {
NID_sha224WithRSAEncryption,
SHA224_DIGEST_LENGTH,
EVP_MD_FLAG_DIGALGID_ABSENT,
EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(sha224_init, sha224_update, sha224_final, NULL,
SHA256_CBLOCK),
};
@ -117,6 +119,7 @@ static const EVP_MD sha256_md = {
NID_sha256WithRSAEncryption,
SHA256_DIGEST_LENGTH,
EVP_MD_FLAG_DIGALGID_ABSENT,
EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(sha256_init, sha256_update, sha256_final, NULL,
SHA256_CBLOCK),
};
@ -131,6 +134,7 @@ static const EVP_MD sha512_224_md = {
NID_sha512_224WithRSAEncryption,
SHA224_DIGEST_LENGTH,
EVP_MD_FLAG_DIGALGID_ABSENT,
EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(sha512_224_int_init, sha512_224_int_update,
sha512_224_int_final, NULL, SHA512_CBLOCK),
};
@ -145,6 +149,7 @@ static const EVP_MD sha512_256_md = {
NID_sha512_256WithRSAEncryption,
SHA256_DIGEST_LENGTH,
EVP_MD_FLAG_DIGALGID_ABSENT,
EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(sha512_256_int_init, sha512_256_int_update,
sha512_256_int_final, NULL, SHA512_CBLOCK),
};
@ -159,6 +164,7 @@ static const EVP_MD sha384_md = {
NID_sha384WithRSAEncryption,
SHA384_DIGEST_LENGTH,
EVP_MD_FLAG_DIGALGID_ABSENT,
EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(sha384_init, sha384_update, sha384_final, NULL,
SHA512_CBLOCK),
};
@ -173,6 +179,7 @@ static const EVP_MD sha512_md = {
NID_sha512WithRSAEncryption,
SHA512_DIGEST_LENGTH,
EVP_MD_FLAG_DIGALGID_ABSENT,
EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(sha512_init, sha512_update, sha512_final, NULL,
SHA512_CBLOCK),
};
@ -190,6 +197,7 @@ const EVP_MD *EVP_sha3_##bitlen(void) \
NID_RSA_SHA3_##bitlen, \
bitlen / 8, \
EVP_MD_FLAG_DIGALGID_ABSENT, \
EVP_ORIG_GLOBAL, \
LEGACY_EVP_MD_METH_TABLE(sha3_int_init, sha3_int_update, \
sha3_int_final, NULL, \
(KECCAK1600_WIDTH - bitlen * 2) / 8), \
@ -204,6 +212,7 @@ const EVP_MD *EVP_shake##bitlen(void) \
0, \
bitlen / 8, \
EVP_MD_FLAG_XOF, \
EVP_ORIG_GLOBAL, \
LEGACY_EVP_MD_METH_TABLE(shake_init, sha3_int_update, sha3_int_final, \
shake_ctrl, (KECCAK1600_WIDTH - bitlen * 2) / 8), \
}; \

1
crypto/evp/legacy_wp.c
View File

@ -24,6 +24,7 @@ static const EVP_MD whirlpool_md = {
0,
WHIRLPOOL_DIGEST_LENGTH,
0,
EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(wp_init, wp_update, wp_final, NULL,
WHIRLPOOL_BBLOCK / 8),
};

1
crypto/evp/m_null.c
View File

@ -34,6 +34,7 @@ static const EVP_MD null_md = {
NID_undef,
0,
0,
EVP_ORIG_GLOBAL,
init,
update,
final,

2
crypto/evp/m_sigver.c
View File

@ -175,7 +175,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
/* legacy code support for engines */
ERR_set_mark();
/*
* This might be requested by a later call to EVP_MD_CTX_md().
* This might be requested by a later call to EVP_MD_CTX_get0_md().
* In that case the "explicit fetch" rules apply for that
* function (as per man pages), i.e. the ref count is not updated
* so the EVP_MD should not be used beyound the lifetime of the

2
crypto/evp/p5_crpt2.c
View File

@ -161,7 +161,7 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
PBKDF2PARAM *kdf = NULL;
const EVP_MD *prfmd;
if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
if (EVP_CIPHER_CTX_get0_cipher(ctx) == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
goto err;
}

2
crypto/evp/p_sign.c
View File

@ -51,7 +51,7 @@ int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *sigret,
goto err;
if (EVP_PKEY_sign_init(pkctx) <= 0)
goto err;
if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(ctx)) <= 0)
if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_get0_md(ctx)) <= 0)
goto err;
if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
goto err;

2
crypto/evp/p_verify.c
View File

@ -48,7 +48,7 @@ int EVP_VerifyFinal_ex(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
goto err;
if (EVP_PKEY_verify_init(pkctx) <= 0)
goto err;
if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(ctx)) <= 0)
if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_get0_md(ctx)) <= 0)
goto err;
i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
err:

6
crypto/pkcs12/p12_decr.c
View File

@ -43,7 +43,8 @@ unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
* MAC should be processed on decrypting separately from plain text
*/
max_out_len = inlen + EVP_CIPHER_CTX_block_size(ctx);
if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_CIPHER_WITH_MAC) {
if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
& EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) {
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD, 0, &mac_len) < 0) {
ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR);
goto err;
@ -87,7 +88,8 @@ unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
goto err;
}
outlen += i;
if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_CIPHER_WITH_MAC) {
if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
& EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) {
if (EVP_CIPHER_CTX_encrypting(ctx)) {
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
(int)mac_len, out+outlen) < 0) {

2
crypto/pkcs7/pk7_doit.c
View File

@ -1049,7 +1049,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
* Workaround for some broken clients that put the signature OID
* instead of the digest OID in digest_alg->algorithm
*/
if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
if (EVP_MD_pkey_type(EVP_MD_CTX_get0_md(mdc)) == md_type)
break;
btmp = BIO_next(btmp);
}

1
crypto/sm3/legacy_sm3.c
View File

@ -20,6 +20,7 @@ static const EVP_MD sm3_md = {
NID_sm3WithRSAEncryption,
SM3_DIGEST_LENGTH,
0,
EVP_ORIG_GLOBAL,
LEGACY_EVP_MD_METH_TABLE(sm3_int_init, sm3_int_update, sm3_int_final, NULL,
SM3_CBLOCK),
};

19
doc/man3/EVP_DigestInit.pod
View File

@ -16,7 +16,8 @@ EVP_MD_is_a, EVP_MD_name, EVP_MD_description, EVP_MD_number,
EVP_MD_names_do_all, EVP_MD_provider,
EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_flags,
EVP_MD_CTX_name,
EVP_MD_CTX_md, EVP_MD_CTX_type, EVP_MD_CTX_size, EVP_MD_CTX_block_size,
EVP_MD_CTX_md, EVP_MD_CTX_get0_md, EVP_MD_CTX_get1_md,
EVP_MD_CTX_type, EVP_MD_CTX_size, EVP_MD_CTX_block_size,
EVP_MD_CTX_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn,
EVP_md_null,
EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj,
@ -78,7 +79,8 @@ EVP_MD_do_all_provided
int EVP_MD_block_size(const EVP_MD *md);
unsigned long EVP_MD_flags(const EVP_MD *md);
const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
const EVP_MD *EVP_MD_CTX_get0_md(const EVP_MD_CTX *ctx);
EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx);
const char *EVP_MD_CTX_name(const EVP_MD_CTX *ctx);
int EVP_MD_CTX_size(const EVP_MD_CTX *ctx);
int EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx);
@ -102,6 +104,8 @@ Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
const void *data, size_t count);
@ -351,14 +355,17 @@ Return the digest method private data for the passed B<EVP_MD_CTX>.
The space is allocated by OpenSSL and has the size originally set with
EVP_MD_meth_set_app_datasize().
=item EVP_MD_CTX_md()
=item EVP_MD_CTX_get0_md(), EVP_MD_CTX_get1_md()
Returns the B<EVP_MD> structure corresponding to the passed B<EVP_MD_CTX>. This
EVP_MD_CTX_get0_md() returns
the B<EVP_MD> structure corresponding to the passed B<EVP_MD_CTX>. This
will be the same B<EVP_MD> object originally passed to EVP_DigestInit_ex2() (or
other similar function) when the EVP_MD_CTX was first initialised. Note that
where explicit fetch is in use (see L<EVP_MD_fetch(3)>) the value returned from
this function will not have its reference count incremented and therefore it
should not be used after the EVP_MD_CTX is freed.
EVP_MD_CTX_get1_md() is the same except the ownership is passed to the
caller and is from the passed B<EVP_MD_CTX>.
=item EVP_MD_CTX_set_update_fn()
@ -697,7 +704,9 @@ EVP_MD_gettable_params(), EVP_MD_gettable_ctx_params(),
EVP_MD_settable_ctx_params(), EVP_MD_CTX_settable_params() and
EVP_MD_CTX_gettable_params() functions were added in OpenSSL 3.0.
The EVP_MD_CTX_update_fn() and EVP_MD_CTX_set_update_fn() were deprecated
The EVP_MD_CTX_md() function was deprecated in OpenSSL 3.0; use
EVP_MD_CTX_get0_md() instead.
EVP_MD_CTX_update_fn() and EVP_MD_CTX_set_update_fn() were deprecated
in OpenSSL 3.0.
=head1 COPYRIGHT

19
doc/man3/EVP_EncryptInit.pod
View File

@ -48,6 +48,8 @@ EVP_CIPHER_flags,
EVP_CIPHER_mode,
EVP_CIPHER_type,
EVP_CIPHER_CTX_cipher,
EVP_CIPHER_CTX_get0_cipher,
EVP_CIPHER_CTX_get1_cipher,
EVP_CIPHER_CTX_name,
EVP_CIPHER_CTX_nid,
EVP_CIPHER_CTX_get_params,
@ -153,7 +155,8 @@ EVP_CIPHER_do_all_provided
unsigned long EVP_CIPHER_mode(const EVP_CIPHER *e);
int EVP_CIPHER_type(const EVP_CIPHER *cipher);
const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
const EVP_CIPHER *EVP_CIPHER_CTX_get0_cipher(const EVP_CIPHER_CTX *ctx);
EVP_CIPHER *EVP_CIPHER_CTX_get1_cipher(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
const char *EVP_CIPHER_CTX_name(const EVP_CIPHER_CTX *ctx);
@ -181,6 +184,12 @@ EVP_CIPHER_do_all_provided
void (*fn)(EVP_CIPHER *cipher, void *arg),
void *arg);
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
=head1 DESCRIPTION
The EVP cipher routines are a high-level interface to certain
@ -417,8 +426,10 @@ cipher implementation.
EVP_CIPHER_provider() returns an B<OSSL_PROVIDER> pointer to the provider
that implements the given B<EVP_CIPHER>.
EVP_CIPHER_CTX_cipher() returns the B<EVP_CIPHER> structure when passed
EVP_CIPHER_CTX_get0_cipher() returns the B<EVP_CIPHER> structure when passed
an B<EVP_CIPHER_CTX> structure.
EVP_CIPHER_CTX_get1_cipher() is the same except the ownership is passed to
the caller.
EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode() return the block cipher mode:
EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE,
@ -938,8 +949,12 @@ EVP_CIPHER_CTX_reset() appeared and EVP_CIPHER_CTX_cleanup()
disappeared. EVP_CIPHER_CTX_init() remains as an alias for
EVP_CIPHER_CTX_reset().
The EVP_CIPHER_CTX_cipher() function was deprecated in OpenSSL 3.0; use
EVP_CIPHER_CTX_get0_cipher() instead.
The EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2(), EVP_CipherInit_ex2(),
EVP_CIPHER_fetch(), EVP_CIPHER_free(), EVP_CIPHER_up_ref(),
EVP_CIPHER_CTX_get0_cipher(), EVP_CIPHER_CTX_get1_cipher(),
EVP_CIPHER_get_params(), EVP_CIPHER_CTX_set_params(),
EVP_CIPHER_CTX_get_params(), EVP_CIPHER_gettable_params(),
EVP_CIPHER_settable_ctx_params(), EVP_CIPHER_gettable_ctx_params(),

2
engines/e_afalg.c
View File

@ -553,7 +553,7 @@ static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
return 0;
}
if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
if (EVP_CIPHER_CTX_get0_cipher(ctx) == NULL) {
ALG_WARN("%s(%d): Cipher object NULL\n", __FILE__, __LINE__);
return 0;
}

14
include/crypto/evp.h
View File

@ -232,6 +232,10 @@ struct evp_kdf_st {
OSSL_FUNC_kdf_set_ctx_params_fn *set_ctx_params;
};
#define EVP_ORIG_DYNAMIC 0
#define EVP_ORIG_GLOBAL 1
#define EVP_ORIG_METH 2
struct evp_md_st {
/* nid */
int type;
@ -240,6 +244,7 @@ struct evp_md_st {
int pkey_type;
int md_size;
unsigned long flags;
int origin;
int (*init) (EVP_MD_CTX *ctx);
int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count);
int (*final) (EVP_MD_CTX *ctx, unsigned char *md);
@ -284,6 +289,8 @@ struct evp_cipher_st {
/* Legacy structure members */
/* Various flags */
unsigned long flags;
/* How the EVP_CIPHER was created. */
int origin;
/* init key */
int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
@ -335,7 +342,7 @@ struct evp_cipher_st {
#define BLOCK_CIPHER_ecb_loop() \
size_t i, bl; \
bl = EVP_CIPHER_CTX_cipher(ctx)->block_size; \
bl = EVP_CIPHER_CTX_get0_cipher(ctx)->block_size; \
if (inl < bl) return 1;\
inl -= bl; \
for (i=0; i <= inl; i+=bl)
@ -420,6 +427,7 @@ static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
static const EVP_CIPHER cname##_##mode = { \
nid##_##nmode, block_size, key_len, iv_len, \
flags | EVP_CIPH_##MODE##_MODE, \
EVP_ORIG_GLOBAL, \
init_key, \
cname##_##mode##_cipher, \
cleanup, \
@ -475,6 +483,7 @@ BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \
static const EVP_CIPHER cname##_cbc = {\
nid##_cbc, block_size, key_len, iv_len, \
flags | EVP_CIPH_CBC_MODE,\
EVP_ORIG_GLOBAL,\
init_key,\
cname##_cbc_cipher,\
cleanup,\
@ -488,6 +497,7 @@ const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\
static const EVP_CIPHER cname##_cfb = {\
nid##_cfb64, 1, key_len, iv_len, \
flags | EVP_CIPH_CFB_MODE,\
EVP_ORIG_GLOBAL,\
init_key,\
cname##_cfb_cipher,\
cleanup,\
@ -501,6 +511,7 @@ const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\
static const EVP_CIPHER cname##_ofb = {\
nid##_ofb64, 1, key_len, iv_len, \
flags | EVP_CIPH_OFB_MODE,\
EVP_ORIG_GLOBAL,\
init_key,\
cname##_ofb_cipher,\
cleanup,\
@ -514,6 +525,7 @@ const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\
static const EVP_CIPHER cname##_ecb = {\
nid##_ecb, block_size, key_len, iv_len, \
flags | EVP_CIPH_ECB_MODE,\
EVP_ORIG_GLOBAL,\
init_key,\
cname##_ecb_cipher,\
cleanup,\

25
include/openssl/evp.h
View File

@ -538,9 +538,12 @@ int EVP_MD_size(const EVP_MD *md);
int EVP_MD_block_size(const EVP_MD *md);
unsigned long EVP_MD_flags(const EVP_MD *md);
const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
const EVP_MD *EVP_MD_CTX_get0_md(const EVP_MD_CTX *ctx);
EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx);
# ifndef OPENSSL_NO_DEPRECATED_3_0
OSSL_DEPRECATEDIN_3_0
const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
OSSL_DEPRECATEDIN_3_0
int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
const void *data, size_t count);
OSSL_DEPRECATEDIN_3_0
@ -548,10 +551,10 @@ void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
int (*update) (EVP_MD_CTX *ctx,
const void *data, size_t count));
# endif
# define EVP_MD_CTX_name(e) EVP_MD_name(EVP_MD_CTX_md(e))
# define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e))
# define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e))
# define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e))
# define EVP_MD_CTX_name(e) EVP_MD_name(EVP_MD_CTX_get0_md(e))
# define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_get0_md(e))
# define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_get0_md(e))
# define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_get0_md(e))
EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx);
void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx);
void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx);
@ -576,7 +579,8 @@ EVP_CIPHER *EVP_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
int EVP_CIPHER_up_ref(EVP_CIPHER *cipher);
void EVP_CIPHER_free(EVP_CIPHER *cipher);
const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
const EVP_CIPHER *EVP_CIPHER_CTX_get0_cipher(const EVP_CIPHER_CTX *ctx);
EVP_CIPHER *EVP_CIPHER_CTX_get1_cipher(EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
@ -584,6 +588,7 @@ int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx);
# ifndef OPENSSL_NO_DEPRECATED_3_0
const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
OSSL_DEPRECATEDIN_3_0 const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx);
OSSL_DEPRECATEDIN_3_0 const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx);
OSSL_DEPRECATEDIN_3_0 unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx);
@ -598,12 +603,12 @@ void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);
void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx);
void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data);
# define EVP_CIPHER_CTX_name(c) EVP_CIPHER_name(EVP_CIPHER_CTX_cipher(c))
# define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
# define EVP_CIPHER_CTX_name(c) EVP_CIPHER_name(EVP_CIPHER_CTX_get0_cipher(c))
# define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_get0_cipher(c))
# ifndef OPENSSL_NO_DEPRECATED_1_1_0
# define EVP_CIPHER_CTX_flags(c) EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(c))
# define EVP_CIPHER_CTX_flags(c) EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(c))
# endif
# define EVP_CIPHER_CTX_mode(c) EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(c))
# define EVP_CIPHER_CTX_mode(c) EVP_CIPHER_mode(EVP_CIPHER_CTX_get0_cipher(c))
# define EVP_ENCODE_LENGTH(l) ((((l)+2)/3*4)+((l)/48+1)*2+80)
# define EVP_DECODE_LENGTH(l) (((l)+3)/4*3+80)

5
ssl/record/rec_layer_d1.c
View File

@ -829,8 +829,9 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
sess = s->session;
if ((sess == NULL) ||
(s->enc_write_ctx == NULL) || (EVP_MD_CTX_md(s->write_hash) == NULL))
if ((sess == NULL)
|| (s->enc_write_ctx == NULL)
|| (EVP_MD_CTX_get0_md(s->write_hash) == NULL))
clear = 1;
if (clear)

30
ssl/record/rec_layer_s3.c
View File

@ -432,13 +432,15 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
* jumbo buffer to accommodate up to 8 records, but the
* compromise is considered worthy.
*/
if (type == SSL3_RT_APPLICATION_DATA &&
len >= 4 * (max_send_fragment = ssl_get_max_send_fragment(s)) &&
s->compress == NULL && s->msg_callback == NULL &&
!SSL_WRITE_ETM(s) && SSL_USE_EXPLICIT_IV(s) &&
(BIO_get_ktls_send(s->wbio) == 0) &&
EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) &
EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) {
if (type == SSL3_RT_APPLICATION_DATA
&& len >= 4 * (max_send_fragment = ssl_get_max_send_fragment(s))
&& s->compress == NULL
&& s->msg_callback == NULL
&& !SSL_WRITE_ETM(s)
&& SSL_USE_EXPLICIT_IV(s)
&& BIO_get_ktls_send(s->wbio) == 0
&& (EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx))
& EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) != 0) {
unsigned char aad[13];
EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
size_t packlen;
@ -586,12 +588,13 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
}
if (maxpipes == 0
|| s->enc_write_ctx == NULL
|| !(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx))
& EVP_CIPH_FLAG_PIPELINE)
|| (EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx))
& EVP_CIPH_FLAG_PIPELINE) == 0
|| !SSL_USE_EXPLICIT_IV(s))
maxpipes = 1;
if (max_send_fragment == 0 || split_send_fragment == 0
|| split_send_fragment > max_send_fragment) {
if (max_send_fragment == 0
|| split_send_fragment == 0
|| split_send_fragment > max_send_fragment) {
/*
* We should have prevented this when we set/get the split and max send
* fragments so we shouldn't get here
@ -713,8 +716,9 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
sess = s->session;
if ((sess == NULL) ||
(s->enc_write_ctx == NULL) || (EVP_MD_CTX_md(s->write_hash) == NULL)) {
if ((sess == NULL)
|| (s->enc_write_ctx == NULL)
|| (EVP_MD_CTX_get0_md(s->write_hash) == NULL)) {
clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */
mac_size = 0;
} else {

49
ssl/record/ssl3_record.c
View File

@ -480,8 +480,8 @@ int ssl3_get_record(SSL *s)
&& thisrr->type == SSL3_RT_APPLICATION_DATA
&& SSL_USE_EXPLICIT_IV(s)
&& s->enc_read_ctx != NULL
&& (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx))
& EVP_CIPH_FLAG_PIPELINE)
&& (EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_read_ctx))
& EVP_CIPH_FLAG_PIPELINE) != 0
&& ssl3_record_app_data_waiting(s));
if (num_recs == 1
@ -523,7 +523,7 @@ int ssl3_get_record(SSL *s)
/* TODO(size_t): convert this to do size_t properly */
if (s->read_hash != NULL) {
const EVP_MD *tmpmd = EVP_MD_CTX_md(s->read_hash);
const EVP_MD *tmpmd = EVP_MD_CTX_get0_md(s->read_hash);
if (tmpmd != NULL) {
imac_size = EVP_MD_size(tmpmd);
@ -617,9 +617,9 @@ int ssl3_get_record(SSL *s)
} OSSL_TRACE_END(TLS);
/* r->length is now the compressed data plus mac */
if ((sess != NULL) &&
(s->enc_read_ctx != NULL) &&
(!SSL_READ_ETM(s) && EVP_MD_CTX_md(s->read_hash) != NULL)) {
if ((sess != NULL)
&& (s->enc_read_ctx != NULL)
&& (!SSL_READ_ETM(s) && EVP_MD_CTX_get0_md(s->read_hash) != NULL)) {
/* s->read_hash != NULL => mac_size != -1 */
for (j = 0; j < num_recs; j++) {
@ -842,13 +842,13 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending,
if (s->enc_write_ctx == NULL)
enc = NULL;
else
enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
enc = EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx);
} else {
ds = s->enc_read_ctx;
if (s->enc_read_ctx == NULL)
enc = NULL;
else
enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
enc = EVP_CIPHER_CTX_get0_cipher(s->enc_read_ctx);
}
if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
@ -967,7 +967,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
}
if (sending) {
if (EVP_MD_CTX_md(s->write_hash)) {
if (EVP_MD_CTX_get0_md(s->write_hash)) {
int n = EVP_MD_CTX_size(s->write_hash);
if (!ossl_assert(n >= 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@ -979,7 +979,8 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
enc = NULL;
else {
int ivlen;
enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
enc = EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx);
/* For TLSv1.1 and later explicit IV */
if (SSL_USE_EXPLICIT_IV(s)
&& EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
@ -1004,7 +1005,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
}
}
} else {
if (EVP_MD_CTX_md(s->read_hash)) {
if (EVP_MD_CTX_get0_md(s->read_hash)) {
int n = EVP_MD_CTX_size(s->read_hash);
if (!ossl_assert(n >= 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@ -1015,7 +1016,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
if (s->enc_read_ctx == NULL)
enc = NULL;
else
enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
enc = EVP_CIPHER_CTX_get0_cipher(s->enc_read_ctx);
}
if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
@ -1026,11 +1027,11 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
} else {
int provided = (EVP_CIPHER_provider(enc) != NULL);
bs = EVP_CIPHER_block_size(EVP_CIPHER_CTX_cipher(ds));
bs = EVP_CIPHER_block_size(EVP_CIPHER_CTX_get0_cipher(ds));
if (n_recs > 1) {
if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
& EVP_CIPH_FLAG_PIPELINE)) {
if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ds))
& EVP_CIPH_FLAG_PIPELINE) == 0) {
/*
* We shouldn't have been called with pipeline data if the
* cipher doesn't support pipelining
@ -1042,8 +1043,8 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
for (ctr = 0; ctr < n_recs; ctr++) {
reclen[ctr] = recs[ctr].length;
if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
& EVP_CIPH_FLAG_AEAD_CIPHER) {
if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ds))
& EVP_CIPH_FLAG_AEAD_CIPHER) != 0) {
unsigned char *seq;
seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer)
@ -1214,8 +1215,8 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
/* TODO(size_t): Convert this call */
tmpr = EVP_Cipher(ds, recs[0].data, recs[0].input,
(unsigned int)reclen[0]);
if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
& EVP_CIPH_FLAG_CUSTOM_CIPHER)
if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ds))
& EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0
? (tmpr < 0)
: (tmpr == 0)) {
/* AEAD can fail to verify MAC */
@ -1353,7 +1354,7 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
header[j++] = (unsigned char)(rec->length & 0xff);
/* Final param == is SSLv3 */
if (ssl3_cbc_digest_record(EVP_MD_CTX_md(hash),
if (ssl3_cbc_digest_record(EVP_MD_CTX_get0_md(hash),
md, &md_size,
header, rec->input,
rec->length, rec->orig_len,
@ -1547,7 +1548,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
/* TODO(size_t): convert this to do size_t properly */
if (s->read_hash != NULL) {
const EVP_MD *tmpmd = EVP_MD_CTX_md(s->read_hash);
const EVP_MD *tmpmd = EVP_MD_CTX_get0_md(s->read_hash);
if (tmpmd != NULL) {
imac_size = EVP_MD_size(tmpmd);
@ -1613,8 +1614,10 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
} OSSL_TRACE_END(TLS);
/* r->length is now the compressed data plus mac */
if ((sess != NULL) && !SSL_READ_ETM(s) &&
(s->enc_read_ctx != NULL) && (EVP_MD_CTX_md(s->read_hash) != NULL)) {
if ((sess != NULL)
&& !SSL_READ_ETM(s)
&& (s->enc_read_ctx != NULL)
&& (EVP_MD_CTX_get0_md(s->read_hash) != NULL)) {
/* s->read_hash != NULL => mac_size != -1 */
i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ );

2
ssl/statem/statem_dtls.c
View File

@ -132,7 +132,7 @@ int dtls1_do_write(SSL *s, int type)
if (s->write_hash) {
if (s->enc_write_ctx
&& (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) &
&& (EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx)) &
EVP_CIPH_FLAG_AEAD_CIPHER) != 0)
mac_size = 0;
else

6
test/evp_extra_test.c
View File

@ -1027,14 +1027,14 @@ static int test_EVP_Digest(void)
|| !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
|| !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
/* EVP_DigestFinal resets the EVP_MD_CTX. */
|| !TEST_ptr_eq(EVP_MD_CTX_md(md_ctx), NULL))
|| !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
goto out;
if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
|| !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
|| !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
/* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
|| !TEST_ptr(EVP_MD_CTX_md(md_ctx))
|| !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
/*
* EVP_DigestInit_ex with NULL type should work on
* pre-initialized context.
@ -1046,7 +1046,7 @@ static int test_EVP_Digest(void)
|| !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
|| !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
/* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
|| !TEST_ptr(EVP_MD_CTX_md(md_ctx))
|| !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
|| !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
goto out;
ret = 1;

2
test/evp_fetch_prov_test.c
View File

@ -66,7 +66,7 @@ static int calculate_digest(const EVP_MD *md, const char *msg, size_t len,
|| !TEST_true(EVP_DigestFinal_ex(ctx, out, NULL))
|| !TEST_mem_eq(out, SHA256_DIGEST_LENGTH, exptd,
SHA256_DIGEST_LENGTH)
|| !TEST_true(md == EVP_MD_CTX_md(ctx)))
|| !TEST_true(md == EVP_MD_CTX_get0_md(ctx)))
goto err;
ret = 1;

8
util/libcrypto.num
View File

@ -417,7 +417,7 @@ CRYPTO_ocb128_setiv 424 3_0_0 EXIST::FUNCTION:OCB
X509_CRL_digest 425 3_0_0 EXIST::FUNCTION:
EVP_aes_128_cbc_hmac_sha1 426 3_0_0 EXIST::FUNCTION:
ERR_load_CMS_strings 427 3_0_0 EXIST::FUNCTION:CMS,DEPRECATEDIN_3_0
EVP_MD_CTX_md 428 3_0_0 EXIST::FUNCTION:
EVP_MD_CTX_md 428 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
X509_REVOKED_get_ext 429 3_0_0 EXIST::FUNCTION:
d2i_RSA_PSS_PARAMS 430 3_0_0 EXIST::FUNCTION:
USERNOTICE_free 431 3_0_0 EXIST::FUNCTION:
@ -2961,7 +2961,7 @@ X509_CRL_sign_ctx 3025 3_0_0 EXIST::FUNCTION:
X509_STORE_add_crl 3026 3_0_0 EXIST::FUNCTION:
PEM_write_RSAPrivateKey 3027 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,STDIO
RC4_set_key 3028 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC4
EVP_CIPHER_CTX_cipher 3029 3_0_0 EXIST::FUNCTION:
EVP_CIPHER_CTX_cipher 3029 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
PEM_write_bio_PKCS8PrivateKey_nid 3030 3_0_0 EXIST::FUNCTION:
BN_MONT_CTX_new 3031 3_0_0 EXIST::FUNCTION:
CRYPTO_free_ex_index 3032 3_0_0 EXIST::FUNCTION:
@ -5352,3 +5352,7 @@ OSSL_PARAM_merge ? 3_0_0 EXIST::FUNCTION:
OSSL_PARAM_free ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_todata ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_export ? 3_0_0 EXIST::FUNCTION:
EVP_MD_CTX_get0_md ? 3_0_0 EXIST::FUNCTION:
EVP_MD_CTX_get1_md ? 3_0_0 EXIST::FUNCTION:
EVP_CIPHER_CTX_get0_cipher ? 3_0_0 EXIST::FUNCTION:
EVP_CIPHER_CTX_get1_cipher ? 3_0_0 EXIST::FUNCTION: