/* This call frees resources associated with the context */ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) { /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final, * because sometimes only copies of the context are ever finalised. */ if (ctx->digest && ctx->digest->cleanup && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED)) ctx->digest->cleanup(ctx); if (ctx->digest && ctx->digest->ctx_size && ctx->md_data && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); OPENSSL_free(ctx->md_data); } if (ctx->pctx) EVP_PKEY_CTX_free(ctx->pctx); #ifndef OPENSSL_NO_ENGINE if(ctx->engine) /* The EVP_MD we used belongs to an ENGINE, release the * functional reference we held for this reason. */ ENGINE_finish(ctx->engine); #endif memset(ctx,'\0',sizeof *ctx); return 1; }
static int hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) { HMAC_PKEY_CTX *hctx = ctx->data; HMAC_CTX_set_flags(hctx->ctx, EVP_MD_CTX_test_flags(mctx, ~EVP_MD_CTX_FLAG_NO_INIT)); EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); EVP_MD_CTX_set_update_fn(mctx, int_update); return 1; }
ikptr ikrt_openssl_evp_md_ctx_test_flags (ikptr s_ctx, ikptr s_flags, ikpcb * pcb) { #ifdef HAVE_EVP_MD_CTX_TEST_FLAGS const EVP_MD_CTX * ctx = IK_EVP_MD_CTX(s_ctx); int flags = ik_integer_to_int(s_flags); int rv; rv = EVP_MD_CTX_test_flags(ctx, flags); return ika_integer_from_int(pcb, rv); #else feature_failure(__func__); #endif }
static int digest_final(EVP_MD_CTX *ctx, unsigned char *md) { struct digest_ctx *digest_ctx = (struct digest_ctx *)EVP_MD_CTX_md_data(ctx); if (md == NULL || digest_ctx == NULL) return 0; if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) { memcpy(md, digest_ctx->digest_res, EVP_MD_CTX_size(ctx)); } else if (digest_op(digest_ctx, NULL, 0, md, COP_FLAG_FINAL) < 0) { SYSerr(SYS_F_IOCTL, errno); return 0; } return 1; }
int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, EVP_PKEY *pkey) { unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len = 0; int i = 0; size_t sltmp; EVP_PKEY_CTX *pkctx = NULL; *siglen = 0; if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_FINALISE)) { if (!EVP_DigestFinal_ex(ctx, m, &m_len)) goto err; } else { int rv = 0; EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); if (tmp_ctx == NULL) { EVPerr(EVP_F_EVP_SIGNFINAL, ERR_R_MALLOC_FAILURE); return 0; } rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx); if (rv) rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len); EVP_MD_CTX_free(tmp_ctx); if (!rv) return 0; } sltmp = (size_t)EVP_PKEY_size(pkey); i = 0; pkctx = EVP_PKEY_CTX_new(pkey, NULL); if (pkctx == NULL) goto err; if (EVP_PKEY_sign_init(pkctx) <= 0) goto err; if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(ctx)) <= 0) goto err; if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) goto err; *siglen = sltmp; i = 1; err: EVP_PKEY_CTX_free(pkctx); return i; }
static int digest_update(EVP_MD_CTX *ctx, const void *data, size_t count) { struct digest_ctx *digest_ctx = (struct digest_ctx *)EVP_MD_CTX_md_data(ctx); if (count == 0) return 1; if (digest_ctx == NULL) return 0; if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) { if (digest_op(digest_ctx, data, count, digest_ctx->digest_res, 0) >= 0) return 1; } else if (digest_op(digest_ctx, data, count, NULL, COP_FLAG_UPDATE) >= 0) { return 1; } SYSerr(SYS_F_IOCTL, errno); return 0; }
int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, unsigned int siglen, EVP_PKEY *pkey) { unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len = 0; int i = 0; EVP_PKEY_CTX *pkctx = NULL; if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_FINALISE)) { if (!EVP_DigestFinal_ex(ctx, m, &m_len)) goto err; } else { int rv = 0; EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); if (tmp_ctx == NULL) { EVPerr(EVP_F_EVP_VERIFYFINAL, ERR_R_MALLOC_FAILURE); return 0; } rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx); if (rv) rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len); EVP_MD_CTX_free(tmp_ctx); if (!rv) return 0; } i = -1; pkctx = EVP_PKEY_CTX_new(pkey, NULL); if (pkctx == NULL) goto err; if (EVP_PKEY_verify_init(pkctx) <= 0) goto err; if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(ctx)) <= 0) goto err; i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: EVP_PKEY_CTX_free(pkctx); return i; }
static int pkey_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) { MAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx); ASN1_OCTET_STRING *key = NULL; int rv = 1; /* * For MACs with the EVP_PKEY_FLAG_SIGCTX_CUSTOM flag set and that * gets the key passed as an ASN.1 OCTET STRING, we set the key here, * as this may be only time it's set during a DigestSign. * * MACs that pass around the key in form of EVP_MAC_CTX are setting * the key through other mechanisms. (this is only CMAC for now) */ int set_key = hctx->type == MAC_TYPE_RAW && (ctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) != 0; if (set_key) { if (EVP_PKEY_id(EVP_PKEY_CTX_get0_pkey(ctx)) != EVP_MAC_nid(EVP_MAC_CTX_mac(hctx->ctx))) return 0; key = EVP_PKEY_get0(EVP_PKEY_CTX_get0_pkey(ctx)); if (key == NULL) return 0; } /* Some MACs don't support this control... that's fine */ EVP_MAC_ctrl(hctx->ctx, EVP_MAC_CTRL_SET_FLAGS, EVP_MD_CTX_test_flags(mctx, ~EVP_MD_CTX_FLAG_NO_INIT)); EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); EVP_MD_CTX_set_update_fn(mctx, int_update); if (set_key) rv = EVP_MAC_ctrl(hctx->ctx, EVP_MAC_CTRL_SET_KEY, key->data, key->length); return rv > 0; }