File: | src/lib/libcrypto/evp/digest.c |
Warning: | line 189, column 50 Access to field 'ctx_size' results in a dereference of a null pointer (loaded from variable 'type') |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* $OpenBSD: digest.c,v 1.34 2022/01/10 10:51:31 tb Exp $ */ | |||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | |||
3 | * All rights reserved. | |||
4 | * | |||
5 | * This package is an SSL implementation written | |||
6 | * by Eric Young (eay@cryptsoft.com). | |||
7 | * The implementation was written so as to conform with Netscapes SSL. | |||
8 | * | |||
9 | * This library is free for commercial and non-commercial use as long as | |||
10 | * the following conditions are aheared to. The following conditions | |||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | |||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |||
13 | * included with this distribution is covered by the same copyright terms | |||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |||
15 | * | |||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | |||
17 | * the code are not to be removed. | |||
18 | * If this package is used in a product, Eric Young should be given attribution | |||
19 | * as the author of the parts of the library used. | |||
20 | * This can be in the form of a textual message at program startup or | |||
21 | * in documentation (online or textual) provided with the package. | |||
22 | * | |||
23 | * Redistribution and use in source and binary forms, with or without | |||
24 | * modification, are permitted provided that the following conditions | |||
25 | * are met: | |||
26 | * 1. Redistributions of source code must retain the copyright | |||
27 | * notice, this list of conditions and the following disclaimer. | |||
28 | * 2. Redistributions in binary form must reproduce the above copyright | |||
29 | * notice, this list of conditions and the following disclaimer in the | |||
30 | * documentation and/or other materials provided with the distribution. | |||
31 | * 3. All advertising materials mentioning features or use of this software | |||
32 | * must display the following acknowledgement: | |||
33 | * "This product includes cryptographic software written by | |||
34 | * Eric Young (eay@cryptsoft.com)" | |||
35 | * The word 'cryptographic' can be left out if the rouines from the library | |||
36 | * being used are not cryptographic related :-). | |||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | |||
38 | * the apps directory (application code) you must include an acknowledgement: | |||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |||
40 | * | |||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |||
51 | * SUCH DAMAGE. | |||
52 | * | |||
53 | * The licence and distribution terms for any publically available version or | |||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | |||
55 | * copied and put under another distribution licence | |||
56 | * [including the GNU Public Licence.] | |||
57 | */ | |||
58 | /* ==================================================================== | |||
59 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | |||
60 | * | |||
61 | * Redistribution and use in source and binary forms, with or without | |||
62 | * modification, are permitted provided that the following conditions | |||
63 | * are met: | |||
64 | * | |||
65 | * 1. Redistributions of source code must retain the above copyright | |||
66 | * notice, this list of conditions and the following disclaimer. | |||
67 | * | |||
68 | * 2. Redistributions in binary form must reproduce the above copyright | |||
69 | * notice, this list of conditions and the following disclaimer in | |||
70 | * the documentation and/or other materials provided with the | |||
71 | * distribution. | |||
72 | * | |||
73 | * 3. All advertising materials mentioning features or use of this | |||
74 | * software must display the following acknowledgment: | |||
75 | * "This product includes software developed by the OpenSSL Project | |||
76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |||
77 | * | |||
78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |||
79 | * endorse or promote products derived from this software without | |||
80 | * prior written permission. For written permission, please contact | |||
81 | * openssl-core@openssl.org. | |||
82 | * | |||
83 | * 5. Products derived from this software may not be called "OpenSSL" | |||
84 | * nor may "OpenSSL" appear in their names without prior written | |||
85 | * permission of the OpenSSL Project. | |||
86 | * | |||
87 | * 6. Redistributions of any form whatsoever must retain the following | |||
88 | * acknowledgment: | |||
89 | * "This product includes software developed by the OpenSSL Project | |||
90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |||
91 | * | |||
92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |||
93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |||
94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |||
95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |||
96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |||
97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |||
98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |||
99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |||
100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |||
101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |||
102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |||
103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |||
104 | * ==================================================================== | |||
105 | * | |||
106 | * This product includes cryptographic software written by Eric Young | |||
107 | * (eay@cryptsoft.com). This product includes software written by Tim | |||
108 | * Hudson (tjh@cryptsoft.com). | |||
109 | * | |||
110 | */ | |||
111 | ||||
112 | #include <stdio.h> | |||
113 | #include <string.h> | |||
114 | ||||
115 | #include <openssl/opensslconf.h> | |||
116 | ||||
117 | #include <openssl/err.h> | |||
118 | #include <openssl/evp.h> | |||
119 | #include <openssl/objects.h> | |||
120 | ||||
121 | #ifndef OPENSSL_NO_ENGINE | |||
122 | #include <openssl/engine.h> | |||
123 | #endif | |||
124 | ||||
125 | #include "evp_locl.h" | |||
126 | ||||
127 | int | |||
128 | EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) | |||
129 | { | |||
130 | EVP_MD_CTX_init(ctx); | |||
131 | return EVP_DigestInit_ex(ctx, type, NULL((void*)0)); | |||
132 | } | |||
133 | ||||
134 | int | |||
135 | EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) | |||
136 | { | |||
137 | EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED0x0002); | |||
138 | ||||
139 | #ifndef OPENSSL_NO_ENGINE | |||
140 | /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts | |||
141 | * so this context may already have an ENGINE! Try to avoid releasing | |||
142 | * the previous handle, re-querying for an ENGINE, and having a | |||
143 | * reinitialisation, when it may all be unecessary. */ | |||
144 | if (ctx->engine && ctx->digest && (!type || | |||
145 | (type && (type->type == ctx->digest->type)))) | |||
146 | goto skip_to_init; | |||
147 | if (type) { | |||
148 | /* Ensure an ENGINE left lying around from last time is cleared | |||
149 | * (the previous check attempted to avoid this if the same | |||
150 | * ENGINE and EVP_MD could be used). */ | |||
151 | ENGINE_finish(ctx->engine); | |||
152 | if (impl != NULL((void*)0)) { | |||
153 | if (!ENGINE_init(impl)) { | |||
154 | EVPerror(EVP_R_INITIALIZATION_ERROR)ERR_put_error(6,(0xfff),(134),"/usr/src/lib/libcrypto/evp/digest.c" ,154); | |||
155 | return 0; | |||
156 | } | |||
157 | } else | |||
158 | /* Ask if an ENGINE is reserved for this job */ | |||
159 | impl = ENGINE_get_digest_engine(type->type); | |||
160 | if (impl != NULL((void*)0)) { | |||
161 | /* There's an ENGINE for this job ... (apparently) */ | |||
162 | const EVP_MD *d = ENGINE_get_digest(impl, type->type); | |||
163 | if (d == NULL((void*)0)) { | |||
164 | /* Same comment from evp_enc.c */ | |||
165 | EVPerror(EVP_R_INITIALIZATION_ERROR)ERR_put_error(6,(0xfff),(134),"/usr/src/lib/libcrypto/evp/digest.c" ,165); | |||
166 | ENGINE_finish(impl); | |||
167 | return 0; | |||
168 | } | |||
169 | /* We'll use the ENGINE's private digest definition */ | |||
170 | type = d; | |||
171 | /* Store the ENGINE functional reference so we know | |||
172 | * 'type' came from an ENGINE and we need to release | |||
173 | * it when done. */ | |||
174 | ctx->engine = impl; | |||
175 | } else | |||
176 | ctx->engine = NULL((void*)0); | |||
177 | } else if (!ctx->digest) { | |||
178 | EVPerror(EVP_R_NO_DIGEST_SET)ERR_put_error(6,(0xfff),(139),"/usr/src/lib/libcrypto/evp/digest.c" ,178); | |||
179 | return 0; | |||
180 | } | |||
181 | #endif | |||
182 | if (ctx->digest != type
| |||
183 | if (ctx->digest
| |||
184 | !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE0x0004)) { | |||
185 | freezero(ctx->md_data, ctx->digest->ctx_size); | |||
186 | ctx->md_data = NULL((void*)0); | |||
187 | } | |||
188 | ctx->digest = type; | |||
189 | if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT0x0100) && type->ctx_size) { | |||
| ||||
190 | ctx->update = type->update; | |||
191 | ctx->md_data = calloc(1, type->ctx_size); | |||
192 | if (ctx->md_data == NULL((void*)0)) { | |||
193 | EVP_PKEY_CTX_free(ctx->pctx); | |||
194 | ctx->pctx = NULL((void*)0); | |||
195 | EVPerror(ERR_R_MALLOC_FAILURE)ERR_put_error(6,(0xfff),((1|64)),"/usr/src/lib/libcrypto/evp/digest.c" ,195); | |||
196 | return 0; | |||
197 | } | |||
198 | } | |||
199 | } | |||
200 | #ifndef OPENSSL_NO_ENGINE | |||
201 | skip_to_init: | |||
202 | #endif | |||
203 | if (ctx->pctx) { | |||
204 | int r; | |||
205 | r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG((1<<3) | (1<<4) | (1<<5) | (1<<6) | ( 1<<7)), | |||
206 | EVP_PKEY_CTRL_DIGESTINIT7, 0, ctx); | |||
207 | if (r <= 0 && (r != -2)) | |||
208 | return 0; | |||
209 | } | |||
210 | if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT0x0100) | |||
211 | return 1; | |||
212 | return ctx->digest->init(ctx); | |||
213 | } | |||
214 | ||||
215 | int | |||
216 | EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) | |||
217 | { | |||
218 | return ctx->update(ctx, data, count); | |||
219 | } | |||
220 | ||||
221 | /* The caller can assume that this removes any secret data from the context */ | |||
222 | int | |||
223 | EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) | |||
224 | { | |||
225 | int ret; | |||
226 | ||||
227 | ret = EVP_DigestFinal_ex(ctx, md, size); | |||
228 | EVP_MD_CTX_cleanup(ctx); | |||
229 | return ret; | |||
230 | } | |||
231 | ||||
232 | /* The caller can assume that this removes any secret data from the context */ | |||
233 | int | |||
234 | EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) | |||
235 | { | |||
236 | int ret; | |||
237 | ||||
238 | if ((size_t)ctx->digest->md_size > EVP_MAX_MD_SIZE64) { | |||
239 | EVPerror(EVP_R_TOO_LARGE)ERR_put_error(6,(0xfff),(164),"/usr/src/lib/libcrypto/evp/digest.c" ,239); | |||
240 | return 0; | |||
241 | } | |||
242 | ret = ctx->digest->final(ctx, md); | |||
243 | if (size != NULL((void*)0)) | |||
244 | *size = ctx->digest->md_size; | |||
245 | if (ctx->digest->cleanup) { | |||
246 | ctx->digest->cleanup(ctx); | |||
247 | EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED0x0002); | |||
248 | } | |||
249 | memset(ctx->md_data, 0, ctx->digest->ctx_size); | |||
250 | return ret; | |||
251 | } | |||
252 | ||||
253 | int | |||
254 | EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) | |||
255 | { | |||
256 | EVP_MD_CTX_init(out); | |||
257 | return EVP_MD_CTX_copy_ex(out, in); | |||
258 | } | |||
259 | ||||
260 | int | |||
261 | EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) | |||
262 | { | |||
263 | unsigned char *tmp_buf; | |||
264 | ||||
265 | if ((in == NULL((void*)0)) || (in->digest == NULL((void*)0))) { | |||
266 | EVPerror(EVP_R_INPUT_NOT_INITIALIZED)ERR_put_error(6,(0xfff),(111),"/usr/src/lib/libcrypto/evp/digest.c" ,266); | |||
267 | return 0; | |||
268 | } | |||
269 | #ifndef OPENSSL_NO_ENGINE | |||
270 | /* Make sure it's safe to copy a digest context using an ENGINE */ | |||
271 | if (in->engine && !ENGINE_init(in->engine)) { | |||
272 | EVPerror(ERR_R_ENGINE_LIB)ERR_put_error(6,(0xfff),(38),"/usr/src/lib/libcrypto/evp/digest.c" ,272); | |||
273 | return 0; | |||
274 | } | |||
275 | #endif | |||
276 | ||||
277 | if (out->digest == in->digest) { | |||
278 | tmp_buf = out->md_data; | |||
279 | EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE0x0004); | |||
280 | } else | |||
281 | tmp_buf = NULL((void*)0); | |||
282 | EVP_MD_CTX_cleanup(out); | |||
283 | memcpy(out, in, sizeof *out); | |||
284 | out->md_data = NULL((void*)0); | |||
285 | out->pctx = NULL((void*)0); | |||
286 | ||||
287 | /* | |||
288 | * Because of the EVP_PKEY_CTX_dup() below, EVP_MD_CTX_cleanup() needs | |||
289 | * to free out->pctx in all cases (even if this flag is set on in). | |||
290 | */ | |||
291 | EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX0x0400); | |||
292 | ||||
293 | if (in->md_data && out->digest->ctx_size) { | |||
294 | if (tmp_buf) { | |||
295 | out->md_data = tmp_buf; | |||
296 | } else { | |||
297 | out->md_data = calloc(1, out->digest->ctx_size); | |||
298 | if (out->md_data == NULL((void*)0)) { | |||
299 | EVPerror(ERR_R_MALLOC_FAILURE)ERR_put_error(6,(0xfff),((1|64)),"/usr/src/lib/libcrypto/evp/digest.c" ,299); | |||
300 | return 0; | |||
301 | } | |||
302 | } | |||
303 | memcpy(out->md_data, in->md_data, out->digest->ctx_size); | |||
304 | } | |||
305 | ||||
306 | out->update = in->update; | |||
307 | ||||
308 | if (in->pctx) { | |||
309 | out->pctx = EVP_PKEY_CTX_dup(in->pctx); | |||
310 | if (!out->pctx) { | |||
311 | EVP_MD_CTX_cleanup(out); | |||
312 | return 0; | |||
313 | } | |||
314 | } | |||
315 | ||||
316 | if (out->digest->copy) | |||
317 | return out->digest->copy(out, in); | |||
318 | ||||
319 | return 1; | |||
320 | } | |||
321 | ||||
322 | int | |||
323 | EVP_Digest(const void *data, size_t count, | |||
324 | unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) | |||
325 | { | |||
326 | EVP_MD_CTX ctx; | |||
327 | int ret; | |||
328 | ||||
329 | EVP_MD_CTX_init(&ctx); | |||
| ||||
330 | EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT0x0001); | |||
331 | ret = EVP_DigestInit_ex(&ctx, type, impl) && | |||
332 | EVP_DigestUpdate(&ctx, data, count) && | |||
333 | EVP_DigestFinal_ex(&ctx, md, size); | |||
334 | EVP_MD_CTX_cleanup(&ctx); | |||
335 | ||||
336 | return ret; | |||
337 | } | |||
338 | ||||
339 | EVP_MD_CTX * | |||
340 | EVP_MD_CTX_new(void) | |||
341 | { | |||
342 | return calloc(1, sizeof(EVP_MD_CTX)); | |||
343 | } | |||
344 | ||||
345 | void | |||
346 | EVP_MD_CTX_free(EVP_MD_CTX *ctx) | |||
347 | { | |||
348 | if (ctx == NULL((void*)0)) | |||
349 | return; | |||
350 | ||||
351 | EVP_MD_CTX_cleanup(ctx); | |||
352 | ||||
353 | free(ctx); | |||
354 | } | |||
355 | ||||
356 | void | |||
357 | EVP_MD_CTX_init(EVP_MD_CTX *ctx) | |||
358 | { | |||
359 | memset(ctx, 0, sizeof(*ctx)); | |||
360 | } | |||
361 | ||||
362 | int | |||
363 | EVP_MD_CTX_reset(EVP_MD_CTX *ctx) | |||
364 | { | |||
365 | return EVP_MD_CTX_cleanup(ctx); | |||
366 | } | |||
367 | ||||
368 | EVP_MD_CTX * | |||
369 | EVP_MD_CTX_create(void) | |||
370 | { | |||
371 | return EVP_MD_CTX_new(); | |||
372 | } | |||
373 | ||||
374 | void | |||
375 | EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) | |||
376 | { | |||
377 | EVP_MD_CTX_free(ctx); | |||
378 | } | |||
379 | ||||
380 | /* This call frees resources associated with the context */ | |||
381 | int | |||
382 | EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) | |||
383 | { | |||
384 | /* | |||
385 | * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, | |||
386 | * because sometimes only copies of the context are ever finalised. | |||
387 | */ | |||
388 | if (ctx->digest && ctx->digest->cleanup && | |||
389 | !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED0x0002)) | |||
390 | ctx->digest->cleanup(ctx); | |||
391 | if (ctx->digest && ctx->digest->ctx_size && ctx->md_data && | |||
392 | !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE0x0004)) | |||
393 | freezero(ctx->md_data, ctx->digest->ctx_size); | |||
394 | /* | |||
395 | * If EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set, EVP_MD_CTX_set_pkey() was | |||
396 | * called and its strange API contract implies we don't own ctx->pctx. | |||
397 | */ | |||
398 | if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX0x0400)) | |||
399 | EVP_PKEY_CTX_free(ctx->pctx); | |||
400 | #ifndef OPENSSL_NO_ENGINE | |||
401 | ENGINE_finish(ctx->engine); | |||
402 | #endif | |||
403 | memset(ctx, 0, sizeof(*ctx)); | |||
404 | ||||
405 | return 1; | |||
406 | } | |||
407 | ||||
408 | int | |||
409 | EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr) | |||
410 | { | |||
411 | int ret; | |||
412 | ||||
413 | if (!ctx->digest) { | |||
414 | EVPerror(EVP_R_NO_CIPHER_SET)ERR_put_error(6,(0xfff),(131),"/usr/src/lib/libcrypto/evp/digest.c" ,414); | |||
415 | return 0; | |||
416 | } | |||
417 | ||||
418 | if (!ctx->digest->md_ctrl) { | |||
419 | EVPerror(EVP_R_CTRL_NOT_IMPLEMENTED)ERR_put_error(6,(0xfff),(132),"/usr/src/lib/libcrypto/evp/digest.c" ,419); | |||
420 | return 0; | |||
421 | } | |||
422 | ||||
423 | ret = ctx->digest->md_ctrl(ctx, type, arg, ptr); | |||
424 | if (ret == -1) { | |||
425 | EVPerror(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED)ERR_put_error(6,(0xfff),(133),"/usr/src/lib/libcrypto/evp/digest.c" ,425); | |||
426 | return 0; | |||
427 | } | |||
428 | return ret; | |||
429 | } |