Home | History | Annotate | Download | only in evp
      1 /* crypto/evp/digest.c */
      2 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com)
      3  * All rights reserved.
      4  *
      5  * This package is an SSL implementation written
      6  * by Eric Young (eay (at) cryptsoft.com).
      7  * The implementation was written so as to conform with Netscapes SSL.
      8  *
      9  * This library is free for commercial and non-commercial use as long as
     10  * the following conditions are aheared to.  The following conditions
     11  * apply to all code found in this distribution, be it the RC4, RSA,
     12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
     13  * included with this distribution is covered by the same copyright terms
     14  * except that the holder is Tim Hudson (tjh (at) cryptsoft.com).
     15  *
     16  * Copyright remains Eric Young's, and as such any Copyright notices in
     17  * the code are not to be removed.
     18  * If this package is used in a product, Eric Young should be given attribution
     19  * as the author of the parts of the library used.
     20  * This can be in the form of a textual message at program startup or
     21  * in documentation (online or textual) provided with the package.
     22  *
     23  * Redistribution and use in source and binary forms, with or without
     24  * modification, are permitted provided that the following conditions
     25  * are met:
     26  * 1. Redistributions of source code must retain the copyright
     27  *    notice, this list of conditions and the following disclaimer.
     28  * 2. Redistributions in binary form must reproduce the above copyright
     29  *    notice, this list of conditions and the following disclaimer in the
     30  *    documentation and/or other materials provided with the distribution.
     31  * 3. All advertising materials mentioning features or use of this software
     32  *    must display the following acknowledgement:
     33  *    "This product includes cryptographic software written by
     34  *     Eric Young (eay (at) cryptsoft.com)"
     35  *    The word 'cryptographic' can be left out if the rouines from the library
     36  *    being used are not cryptographic related :-).
     37  * 4. If you include any Windows specific code (or a derivative thereof) from
     38  *    the apps directory (application code) you must include an acknowledgement:
     39  *    "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)"
     40  *
     41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
     42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
     45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     51  * SUCH DAMAGE.
     52  *
     53  * The licence and distribution terms for any publically available version or
     54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
     55  * copied and put under another distribution licence
     56  * [including the GNU Public Licence.]
     57  */
     58 /* ====================================================================
     59  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
     60  *
     61  * Redistribution and use in source and binary forms, with or without
     62  * modification, are permitted provided that the following conditions
     63  * are met:
     64  *
     65  * 1. Redistributions of source code must retain the above copyright
     66  *    notice, this list of conditions and the following disclaimer.
     67  *
     68  * 2. Redistributions in binary form must reproduce the above copyright
     69  *    notice, this list of conditions and the following disclaimer in
     70  *    the documentation and/or other materials provided with the
     71  *    distribution.
     72  *
     73  * 3. All advertising materials mentioning features or use of this
     74  *    software must display the following acknowledgment:
     75  *    "This product includes software developed by the OpenSSL Project
     76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
     77  *
     78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
     79  *    endorse or promote products derived from this software without
     80  *    prior written permission. For written permission, please contact
     81  *    openssl-core (at) openssl.org.
     82  *
     83  * 5. Products derived from this software may not be called "OpenSSL"
     84  *    nor may "OpenSSL" appear in their names without prior written
     85  *    permission of the OpenSSL Project.
     86  *
     87  * 6. Redistributions of any form whatsoever must retain the following
     88  *    acknowledgment:
     89  *    "This product includes software developed by the OpenSSL Project
     90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
     91  *
     92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
     93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
     96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
     99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
    100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
    101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
    103  * OF THE POSSIBILITY OF SUCH DAMAGE.
    104  * ====================================================================
    105  *
    106  * This product includes cryptographic software written by Eric Young
    107  * (eay (at) cryptsoft.com).  This product includes software written by Tim
    108  * Hudson (tjh (at) cryptsoft.com).
    109  *
    110  */
    111 
    112 #include <stdio.h>
    113 #include "cryptlib.h"
    114 #include <openssl/objects.h>
    115 #include <openssl/evp.h>
    116 #ifndef OPENSSL_NO_ENGINE
    117 #include <openssl/engine.h>
    118 #endif
    119 #include "evp_locl.h"
    120 
    121 void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
    122 	{
    123 	memset(ctx,'\0',sizeof *ctx);
    124 	}
    125 
    126 EVP_MD_CTX *EVP_MD_CTX_create(void)
    127 	{
    128 	EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
    129 
    130 	if (ctx)
    131 		EVP_MD_CTX_init(ctx);
    132 
    133 	return ctx;
    134 	}
    135 
    136 int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
    137 	{
    138 	EVP_MD_CTX_init(ctx);
    139 	return EVP_DigestInit_ex(ctx, type, NULL);
    140 	}
    141 
    142 #ifdef OPENSSL_FIPS
    143 
    144 /* The purpose of these is to trap programs that attempt to use non FIPS
    145  * algorithms in FIPS mode and ignore the errors.
    146  */
    147 
    148 static int bad_init(EVP_MD_CTX *ctx)
    149 	{ FIPS_ERROR_IGNORED("Digest init"); return 0;}
    150 
    151 static int bad_update(EVP_MD_CTX *ctx,const void *data,size_t count)
    152 	{ FIPS_ERROR_IGNORED("Digest update"); return 0;}
    153 
    154 static int bad_final(EVP_MD_CTX *ctx,unsigned char *md)
    155 	{ FIPS_ERROR_IGNORED("Digest Final"); return 0;}
    156 
    157 static const EVP_MD bad_md =
    158 	{
    159 	0,
    160 	0,
    161 	0,
    162 	0,
    163 	bad_init,
    164 	bad_update,
    165 	bad_final,
    166 	NULL,
    167 	NULL,
    168 	NULL,
    169 	0,
    170 	{0,0,0,0},
    171 	};
    172 
    173 #endif
    174 
    175 #ifndef OPENSSL_NO_ENGINE
    176 
    177 #ifdef OPENSSL_FIPS
    178 
    179 static int do_engine_null(ENGINE *impl) { return 0;}
    180 static int do_evp_md_engine_null(EVP_MD_CTX *ctx,
    181 				const EVP_MD **ptype, ENGINE *impl)
    182 	{ return 1; }
    183 
    184 static int (*do_engine_init)(ENGINE *impl)
    185 		= do_engine_null;
    186 
    187 static int (*do_engine_finish)(ENGINE *impl)
    188 		= do_engine_null;
    189 
    190 static int (*do_evp_md_engine)
    191 	(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
    192 		= do_evp_md_engine_null;
    193 
    194 void int_EVP_MD_set_engine_callbacks(
    195 	int (*eng_md_init)(ENGINE *impl),
    196 	int (*eng_md_fin)(ENGINE *impl),
    197 	int (*eng_md_evp)
    198 		(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl))
    199 	{
    200 	do_engine_init = eng_md_init;
    201 	do_engine_finish = eng_md_fin;
    202 	do_evp_md_engine = eng_md_evp;
    203 	}
    204 
    205 #else
    206 
    207 #define do_engine_init	ENGINE_init
    208 #define do_engine_finish ENGINE_finish
    209 
    210 static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
    211 	{
    212 	if (*ptype)
    213 		{
    214 		/* Ensure an ENGINE left lying around from last time is cleared
    215 		 * (the previous check attempted to avoid this if the same
    216 		 * ENGINE and EVP_MD could be used). */
    217 		if(ctx->engine)
    218 			ENGINE_finish(ctx->engine);
    219 		if(impl)
    220 			{
    221 			if (!ENGINE_init(impl))
    222 				{
    223 				EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR);
    224 				return 0;
    225 				}
    226 			}
    227 		else
    228 			/* Ask if an ENGINE is reserved for this job */
    229 			impl = ENGINE_get_digest_engine((*ptype)->type);
    230 		if(impl)
    231 			{
    232 			/* There's an ENGINE for this job ... (apparently) */
    233 			const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type);
    234 			if(!d)
    235 				{
    236 				/* Same comment from evp_enc.c */
    237 				EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR);
    238 				return 0;
    239 				}
    240 			/* We'll use the ENGINE's private digest definition */
    241 			*ptype = d;
    242 			/* Store the ENGINE functional reference so we know
    243 			 * 'type' came from an ENGINE and we need to release
    244 			 * it when done. */
    245 			ctx->engine = impl;
    246 			}
    247 		else
    248 			ctx->engine = NULL;
    249 		}
    250 	else
    251 	if(!ctx->digest)
    252 		{
    253 		EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_NO_DIGEST_SET);
    254 		return 0;
    255 		}
    256 	return 1;
    257 	}
    258 
    259 #endif
    260 
    261 #endif
    262 
    263 int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
    264 	{
    265 	M_EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
    266 #ifdef OPENSSL_FIPS
    267 	if(FIPS_selftest_failed())
    268 		{
    269 		FIPSerr(FIPS_F_EVP_DIGESTINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
    270 		ctx->digest = &bad_md;
    271 		return 0;
    272 		}
    273 #endif
    274 #ifndef OPENSSL_NO_ENGINE
    275 	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
    276 	 * so this context may already have an ENGINE! Try to avoid releasing
    277 	 * the previous handle, re-querying for an ENGINE, and having a
    278 	 * reinitialisation, when it may all be unecessary. */
    279 	if (ctx->engine && ctx->digest && (!type ||
    280 			(type && (type->type == ctx->digest->type))))
    281 		goto skip_to_init;
    282 	if (!do_evp_md_engine(ctx, &type, impl))
    283 		return 0;
    284 #endif
    285 	if (ctx->digest != type)
    286 		{
    287 #ifdef OPENSSL_FIPS
    288 		if (FIPS_mode())
    289 			{
    290 			if (!(type->flags & EVP_MD_FLAG_FIPS)
    291 			 && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))
    292 				{
    293 				EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS);
    294 				ctx->digest = &bad_md;
    295 				return 0;
    296 				}
    297 			}
    298 #endif
    299 		if (ctx->digest && ctx->digest->ctx_size)
    300 			OPENSSL_free(ctx->md_data);
    301 		ctx->digest=type;
    302 		if (type->ctx_size)
    303 			{
    304 			ctx->md_data=OPENSSL_malloc(type->ctx_size);
    305 			if (!ctx->md_data)
    306 				{
    307 				EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE);
    308 				return 0;
    309 				}
    310 			}
    311 		}
    312 #ifndef OPENSSL_NO_ENGINE
    313 	skip_to_init:
    314 #endif
    315 	return ctx->digest->init(ctx);
    316 	}
    317 
    318 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
    319 	     size_t count)
    320 	{
    321 #ifdef OPENSSL_FIPS
    322 	FIPS_selftest_check();
    323 #endif
    324 	return ctx->digest->update(ctx,data,count);
    325 	}
    326 
    327 /* The caller can assume that this removes any secret data from the context */
    328 int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
    329 	{
    330 	int ret;
    331 	ret = EVP_DigestFinal_ex(ctx, md, size);
    332 	EVP_MD_CTX_cleanup(ctx);
    333 	return ret;
    334 	}
    335 
    336 /* The caller can assume that this removes any secret data from the context */
    337 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
    338 	{
    339 	int ret;
    340 #ifdef OPENSSL_FIPS
    341 	FIPS_selftest_check();
    342 #endif
    343 
    344 	OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
    345 	ret=ctx->digest->final(ctx,md);
    346 	if (size != NULL)
    347 		*size=ctx->digest->md_size;
    348 	if (ctx->digest->cleanup)
    349 		{
    350 		ctx->digest->cleanup(ctx);
    351 		M_EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
    352 		}
    353 	memset(ctx->md_data,0,ctx->digest->ctx_size);
    354 	return ret;
    355 	}
    356 
    357 int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
    358 	{
    359 	EVP_MD_CTX_init(out);
    360 	return EVP_MD_CTX_copy_ex(out, in);
    361 	}
    362 
    363 int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
    364 	{
    365 	unsigned char *tmp_buf;
    366 	if ((in == NULL) || (in->digest == NULL))
    367 		{
    368 		EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,EVP_R_INPUT_NOT_INITIALIZED);
    369 		return 0;
    370 		}
    371 #ifndef OPENSSL_NO_ENGINE
    372 	/* Make sure it's safe to copy a digest context using an ENGINE */
    373 	if (in->engine && !do_engine_init(in->engine))
    374 		{
    375 		EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB);
    376 		return 0;
    377 		}
    378 #endif
    379 
    380 	if (out->digest == in->digest)
    381 		{
    382 		tmp_buf = out->md_data;
    383 	    	M_EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE);
    384 		}
    385 	else tmp_buf = NULL;
    386 	EVP_MD_CTX_cleanup(out);
    387 	memcpy(out,in,sizeof *out);
    388 
    389 	if (out->digest->ctx_size)
    390 		{
    391 		if (tmp_buf)
    392 			out->md_data = tmp_buf;
    393 		else
    394 			{
    395 			out->md_data=OPENSSL_malloc(out->digest->ctx_size);
    396 			if (!out->md_data)
    397 				{
    398 				EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_MALLOC_FAILURE);
    399 				return 0;
    400 				}
    401 			}
    402 		memcpy(out->md_data,in->md_data,out->digest->ctx_size);
    403 		}
    404 
    405 	if (out->digest->copy)
    406 		return out->digest->copy(out,in);
    407 
    408 	return 1;
    409 	}
    410 
    411 int EVP_Digest(const void *data, size_t count,
    412 		unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl)
    413 	{
    414 	EVP_MD_CTX ctx;
    415 	int ret;
    416 
    417 	EVP_MD_CTX_init(&ctx);
    418 	M_EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT);
    419 	ret=EVP_DigestInit_ex(&ctx, type, impl)
    420 	  && EVP_DigestUpdate(&ctx, data, count)
    421 	  && EVP_DigestFinal_ex(&ctx, md, size);
    422 	EVP_MD_CTX_cleanup(&ctx);
    423 
    424 	return ret;
    425 	}
    426 
    427 void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
    428 	{
    429 	EVP_MD_CTX_cleanup(ctx);
    430 	OPENSSL_free(ctx);
    431 	}
    432 
    433 /* This call frees resources associated with the context */
    434 int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
    435 	{
    436 	/* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
    437 	 * because sometimes only copies of the context are ever finalised.
    438 	 */
    439 	if (ctx->digest && ctx->digest->cleanup
    440 	    && !M_EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED))
    441 		ctx->digest->cleanup(ctx);
    442 	if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
    443 	    && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE))
    444 		{
    445 		OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
    446 		OPENSSL_free(ctx->md_data);
    447 		}
    448 #ifndef OPENSSL_NO_ENGINE
    449 	if(ctx->engine)
    450 		/* The EVP_MD we used belongs to an ENGINE, release the
    451 		 * functional reference we held for this reason. */
    452 		do_engine_finish(ctx->engine);
    453 #endif
    454 	memset(ctx,'\0',sizeof *ctx);
    455 
    456 	return 1;
    457 	}
    458