]> granicus.if.org Git - openssl/commitdiff
Adapt all engines that add new EVP_MDs
authorRichard Levitte <levitte@openssl.org>
Mon, 30 Nov 2015 09:24:12 +0000 (10:24 +0100)
committerRichard Levitte <levitte@openssl.org>
Mon, 7 Dec 2015 16:39:23 +0000 (17:39 +0100)
Reviewed-by: Rich Salz <rsalz@openssl.org>
crypto/engine/eng_openssl.c
engines/ccgost/gost_crypt.c
engines/ccgost/gost_eng.c
engines/ccgost/gost_lcl.h
engines/ccgost/gost_md.c
engines/ccgost/gost_pmeth.c
engines/e_dasync.c
engines/e_ossltest.c

index 3c046f28eadf11beb05cb44a8bc4603c34416fa6..b8850dcb0d5e71fc2b106f92e50d3e14ac4a5f79 100644 (file)
 # undef TEST_ENG_OPENSSL_RC4_P_CIPHER
 #endif
 
+static int openssl_destroy(ENGINE *e);
+
 #ifdef TEST_ENG_OPENSSL_RC4
 static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
                            const int **nids, int nid);
@@ -144,6 +146,7 @@ static int bind_helper(ENGINE *e)
 {
     if (!ENGINE_set_id(e, engine_openssl_id)
         || !ENGINE_set_name(e, engine_openssl_name)
+        || !ENGINE_set_destroy_function(e, openssl_destroy)
 #ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
 # ifndef OPENSSL_NO_RSA
         || !ENGINE_set_RSA(e, RSA_get_default_method())
@@ -326,9 +329,7 @@ static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
 #ifdef TEST_ENG_OPENSSL_SHA
 /* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
 # include <openssl/sha.h>
-static const int test_digest_nids[] = { NID_sha1 };
 
-static const int test_digest_nids_number = 1;
 static int test_sha1_init(EVP_MD_CTX *ctx)
 {
 # ifdef TEST_ENG_OPENSSL_SHA_P_INIT
@@ -353,31 +354,60 @@ static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
     return SHA1_Final(md, EVP_MD_CTX_md_data(ctx));
 }
 
-static const EVP_MD test_sha_md = {
-    NID_sha1,
-    NID_sha1WithRSAEncryption,
-    SHA_DIGEST_LENGTH,
-    0,
-    test_sha1_init,
-    test_sha1_update,
-    test_sha1_final,
-    NULL,
-    NULL,
-    SHA_CBLOCK,
-    sizeof(EVP_MD *) + sizeof(SHA_CTX),
-};
+static EVP_MD *sha1_md = NULL;
+static const EVP_MD *test_sha_md(void)
+{
+    if (sha1_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL
+            || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(EVP_MD *) + sizeof(SHA_CTX))
+            || !EVP_MD_meth_set_flags(md, 0)
+            || !EVP_MD_meth_set_init(md, test_sha1_init)
+            || !EVP_MD_meth_set_update(md, test_sha1_update)
+            || !EVP_MD_meth_set_final(md, test_sha1_final)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        sha1_md = md;
+    }
+    return sha1_md;
+}
+static void test_sha_md_destroy(void)
+{
+    EVP_MD_meth_free(sha1_md);
+    sha1_md = NULL;
+}
+static int test_digest_nids(const int **nids)
+{
+    static int digest_nids[2] = { 0, 0 };
+    static int pos = 0;
+    static int init = 0;
+
+    if (!init) {
+        const EVP_MD *md;
+        if ((md = test_sha_md()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        digest_nids[pos] = 0;
+        init = 1;
+    }
+    *nids = digest_nids;
+    return pos;
+}
 
 static int openssl_digests(ENGINE *e, const EVP_MD **digest,
                            const int **nids, int nid)
 {
     if (!digest) {
         /* We are returning a list of supported nids */
-        *nids = test_digest_nids;
-        return test_digest_nids_number;
+        return test_digest_nids(nids);
     }
     /* We are being asked for a specific digest */
     if (nid == NID_sha1)
-        *digest = &test_sha_md;
+        *digest = test_sha_md();
     else {
 # ifdef TEST_ENG_OPENSSL_SHA_OTHERS
         fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
@@ -617,3 +647,10 @@ static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
 }
 
 #endif
+
+int openssl_destroy(ENGINE *e)
+{
+    test_sha_md_destroy();
+    return 1;
+}
+
index 9483fa3b64b7102f9339b1db8069db3b6b61c1c6..062884f62d34a6a6ff519b81010f89a445ebfac0 100644 (file)
@@ -85,20 +85,37 @@ static int gost_imit_cleanup(EVP_MD_CTX *ctx);
 /* Control function, knows how to set MAC key.*/
 static int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr);
 
-EVP_MD imit_gost_cpa = {
-    NID_id_Gost28147_89_MAC,
-    NID_undef,
-    4,
-    0,
-    gost_imit_init_cpa,
-    gost_imit_update,
-    gost_imit_final,
-    gost_imit_copy,
-    gost_imit_cleanup,
-    8,
-    sizeof(struct ossl_gost_imit_ctx),
-    gost_imit_ctrl
-};
+static EVP_MD *_hidden_Gost28147_89_MAC_md = NULL;
+EVP_MD *imit_gost_cpa(void)
+{
+
+    if (_hidden_Gost28147_89_MAC_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_id_Gost28147_89_MAC, NID_undef)) == NULL
+            || !EVP_MD_meth_set_result_size(md, 4)
+            || !EVP_MD_meth_set_input_blocksize(md, 8)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(struct ossl_gost_imit_ctx))
+            || !EVP_MD_meth_set_flags(md, 0)
+            || !EVP_MD_meth_set_init(md, gost_imit_init_cpa)
+            || !EVP_MD_meth_set_update(md, gost_imit_update)
+            || !EVP_MD_meth_set_final(md, gost_imit_final)
+            || !EVP_MD_meth_set_copy(md, gost_imit_copy)
+            || !EVP_MD_meth_set_cleanup(md, gost_imit_cleanup)
+            || !EVP_MD_meth_set_ctrl(md, gost_imit_ctrl)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        _hidden_Gost28147_89_MAC_md = md;
+    }
+    return _hidden_Gost28147_89_MAC_md;
+}
+void imit_gost_cpa_destroy(void)
+{
+    EVP_MD_meth_free(_hidden_Gost28147_89_MAC_md);
+    _hidden_Gost28147_89_MAC_md = NULL;
+}
 
 /*
  * Correspondence between gost parameter OIDs and substitution blocks
index 4129260286b350d563b7a3224d49a0961d40f0ae..fed3abed35e8868506a46885963a1b0a41e83bd3 100644 (file)
@@ -39,8 +39,24 @@ static int gost_pkey_asn1_meths(ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth,
 
 static int gost_cipher_nids[] = { NID_id_Gost28147_89, NID_gost89_cnt, 0 };
 
-static int gost_digest_nids[] =
-    { NID_id_GostR3411_94, NID_id_Gost28147_89_MAC, 0 };
+static int gost_digest_nids(const int **nids)
+{
+    static int digest_nids[3] = { 0, 0, 0 };
+    static int pos = 0;
+    static int init = 0;
+
+    if (!init) {
+        const EVP_MD *md;
+        if ((md = digest_gost()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        if ((md = imit_gost_cpa()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        digest_nids[pos] = 0;
+        init = 1;
+    }
+    *nids = digest_nids;
+    return pos;
+}
 
 static EVP_PKEY_METHOD *pmeth_GostR3410_2001 = NULL;
 static EVP_PKEY_METHOD *pmeth_Gost28147_MAC = NULL;
@@ -60,6 +76,9 @@ static int gost_engine_finish(ENGINE *e)
 
 static int gost_engine_destroy(ENGINE *e)
 {
+    digest_gost_destroy();
+    imit_gost_cpa_destroy();
+
     gost_param_free();
 
     pmeth_GostR3410_2001 = NULL;
@@ -136,8 +155,8 @@ static int bind_gost(ENGINE *e, const char *id)
         /* These two actually should go in LIST_ADD command */
         || !EVP_add_cipher(&cipher_gost)
         || !EVP_add_cipher(&cipher_gost_cpacnt)
-        || !EVP_add_digest(&digest_gost)
-        || !EVP_add_digest(&imit_gost_cpa)
+        || !EVP_add_digest(digest_gost())
+        || !EVP_add_digest(imit_gost_cpa())
         ) {
         goto end;
     }
@@ -157,16 +176,15 @@ static int gost_digests(ENGINE *e, const EVP_MD **digest,
 {
     int ok = 1;
     if (!digest) {
-        *nids = gost_digest_nids;
-        return 2;
+        return gost_digest_nids(nids);
     }
     /*
      * printf("Digest no %d requested\n",nid);
      */
     if (nid == NID_id_GostR3411_94) {
-        *digest = &digest_gost;
+        *digest = digest_gost();
     } else if (nid == NID_id_Gost28147_89_MAC) {
-        *digest = &imit_gost_cpa;
+        *digest = imit_gost_cpa();
     } else {
         ok = 0;
         *digest = NULL;
index b2541a79d8d072c8f01c2db2390b5faf494c6f51..1e047c6f0a30af70b9dd3e3741a317d6224c2d82 100644 (file)
@@ -143,9 +143,11 @@ struct ossl_gost_digest_ctx {
     gost_ctx cctx;
 };
 /* EVP_MD structure for GOST R 34.11 */
-extern EVP_MD digest_gost;
+EVP_MD *digest_gost(void);
+void digest_gost_destroy(void);
 /* EVP_MD structure for GOST 28147 in MAC mode */
-extern EVP_MD imit_gost_cpa;
+EVP_MD *imit_gost_cpa(void);
+void imit_gost_cpa_destroy(void);
 /* Cipher context used for EVP_CIPHER operation */
 struct ossl_gost_cipher_ctx {
     int paramNID;
index 7b780772b215ffe5b84abab0bd93e003e9768785..8c12d008c5a576576c32e4a34d869044eb9129a4 100644 (file)
@@ -19,20 +19,35 @@ static int gost_digest_final(EVP_MD_CTX *ctx, unsigned char *md);
 static int gost_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from);
 static int gost_digest_cleanup(EVP_MD_CTX *ctx);
 
-EVP_MD digest_gost = {
-    NID_id_GostR3411_94,
-    NID_undef,
-    32,
-    0,
-    gost_digest_init,
-    gost_digest_update,
-    gost_digest_final,
-    gost_digest_copy,
-    gost_digest_cleanup,
-    32,
-    sizeof(struct ossl_gost_digest_ctx),
-    NULL
-};
+static EVP_MD *_hidden_GostR3411_94_md = NULL;
+EVP_MD *digest_gost(void)
+{
+
+    if (_hidden_GostR3411_94_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_id_GostR3411_94, NID_undef)) == NULL
+            || !EVP_MD_meth_set_result_size(md, 32)
+            || !EVP_MD_meth_set_input_blocksize(md, 32)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(struct ossl_gost_digest_ctx))
+            || !EVP_MD_meth_set_init(md, gost_digest_init)
+            || !EVP_MD_meth_set_update(md, gost_digest_update)
+            || !EVP_MD_meth_set_final(md, gost_digest_final)
+            || !EVP_MD_meth_set_copy(md, gost_digest_copy)
+            || !EVP_MD_meth_set_cleanup(md, gost_digest_cleanup)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        _hidden_GostR3411_94_md = md;
+    }
+    return _hidden_GostR3411_94_md;
+}
+void digest_gost_destroy(void)
+{
+    EVP_MD_meth_free(_hidden_GostR3411_94_md);
+    _hidden_GostR3411_94_md = NULL;
+}
 
 int gost_digest_init(EVP_MD_CTX *ctx)
 {
index f0f331e5cc0beee9a83165567a11da3e1d4b167f..7381c957fb6a711f48570545e3e692a9916f511b 100644 (file)
@@ -388,8 +388,8 @@ static int pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
             } else {
                 key = &(data->key);
             }
-            return EVP_MD_CTX_md(mctx)->md_ctrl(mctx, EVP_MD_CTRL_SET_KEY,
-                                                32, key);
+            return EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx))
+                (mctx, EVP_MD_CTRL_SET_KEY, 32, key);
         }
     }
     return -2;
index 7f6aa7568d7de1349268727859e8c425b5a401d3..e22c6149d3c7c08534aa72ab56cb06273fe6eb09 100644 (file)
@@ -80,8 +80,6 @@ void ENGINE_load_dasync(void);
 static int dasync_digests(ENGINE *e, const EVP_MD **digest,
                           const int **nids, int nid);
 
-static int dasync_digest_nids[] = { NID_sha1, 0 };
-
 static void dummy_pause_job(void);
 
 /* SHA1 */
@@ -90,19 +88,49 @@ static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data,
                              size_t count);
 static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md);
 
-static const EVP_MD dasync_sha1 = {
-    NID_sha1,
-    NID_sha1WithRSAEncryption,
-    SHA_DIGEST_LENGTH,
-    EVP_MD_FLAG_DIGALGID_ABSENT,
-    dasync_sha1_init,
-    dasync_sha1_update,
-    dasync_sha1_final,
-    NULL,
-    NULL,
-    SHA_CBLOCK,
-    sizeof(EVP_MD *) + sizeof(SHA_CTX),
-};
+static EVP_MD *_hidden_sha1_md = NULL;
+static const EVP_MD *dasync_sha1(void)
+{
+    if (_hidden_sha1_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL
+            || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(EVP_MD *) + sizeof(SHA_CTX))
+            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
+            || !EVP_MD_meth_set_init(md, dasync_sha1_init)
+            || !EVP_MD_meth_set_update(md, dasync_sha1_update)
+            || !EVP_MD_meth_set_final(md, dasync_sha1_final)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        _hidden_sha1_md = md;
+    }
+    return _hidden_sha1_md;
+}
+static void destroy_digests(void)
+{
+    EVP_MD_meth_free(_hidden_sha1_md);
+    _hidden_sha1_md = NULL;
+}
+static int dasync_digest_nids(const int **nids)
+{
+    static int digest_nids[2] = { 0, 0 };
+    static int pos = 0;
+    static int init = 0;
+
+    if (!init) {
+        const EVP_MD *md;
+        if ((md = dasync_sha1()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        digest_nids[pos] = 0;
+        init = 1;
+    }
+    *nids = digest_nids;
+    return pos;
+}
 
 /* RSA */
 
@@ -207,6 +235,7 @@ static int dasync_finish(ENGINE *e)
 
 static int dasync_destroy(ENGINE *e)
 {
+    destroy_digests();
     ERR_unload_DASYNC_strings();
     return 1;
 }
@@ -217,14 +246,12 @@ static int dasync_digests(ENGINE *e, const EVP_MD **digest,
     int ok = 1;
     if (!digest) {
         /* We are returning a list of supported nids */
-        *nids = dasync_digest_nids;
-        return (sizeof(dasync_digest_nids) -
-                1) / sizeof(dasync_digest_nids[0]);
+        return dasync_digest_nids(nids);
     }
     /* We are being asked for a specific digest */
     switch (nid) {
     case NID_sha1:
-        *digest = &dasync_sha1;
+        *digest = dasync_sha1();
         break;
     default:
         ok = 0;
index 02c3c58570d50fb12ac790ae60d8c51418e6c9ea..5fdb23ed6a37eb806198e8230954a57e4a466350 100644 (file)
@@ -87,29 +87,34 @@ void ENGINE_load_ossltest(void);
 static int ossltest_digests(ENGINE *e, const EVP_MD **digest,
                           const int **nids, int nid);
 
-static int ossltest_digest_nids[] = {
-    NID_md5, NID_sha1, NID_sha256, NID_sha384, NID_sha512, 0
-};
-
 /* MD5 */
 static int digest_md5_init(EVP_MD_CTX *ctx);
 static int digest_md5_update(EVP_MD_CTX *ctx, const void *data,
                              size_t count);
 static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md);
 
-static const EVP_MD digest_md5 = {
-    NID_md5,
-    NID_md5WithRSAEncryption,
-    MD5_DIGEST_LENGTH,
-    0,
-    digest_md5_init,
-    digest_md5_update,
-    digest_md5_final,
-    NULL,
-    NULL,
-    MD5_CBLOCK,
-    sizeof(EVP_MD *) + sizeof(MD5_CTX),
-};
+static EVP_MD *_hidden_md5_md = NULL;
+static const EVP_MD *digest_md5(void)
+{
+    if (_hidden_md5_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_md5, NID_md5WithRSAEncryption)) == NULL
+            || !EVP_MD_meth_set_result_size(md, MD5_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_input_blocksize(md, MD5_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(EVP_MD *) + sizeof(MD5_CTX))
+            || !EVP_MD_meth_set_flags(md, 0)
+            || !EVP_MD_meth_set_init(md, digest_md5_init)
+            || !EVP_MD_meth_set_update(md, digest_md5_update)
+            || !EVP_MD_meth_set_final(md, digest_md5_final)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        _hidden_md5_md = md;
+    }
+    return _hidden_md5_md;
+}
 
 /* SHA1 */
 static int digest_sha1_init(EVP_MD_CTX *ctx);
@@ -117,19 +122,28 @@ static int digest_sha1_update(EVP_MD_CTX *ctx, const void *data,
                               size_t count);
 static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md);
 
-static const EVP_MD digest_sha1 = {
-    NID_sha1,
-    NID_sha1WithRSAEncryption,
-    SHA_DIGEST_LENGTH,
-    EVP_MD_FLAG_DIGALGID_ABSENT,
-    digest_sha1_init,
-    digest_sha1_update,
-    digest_sha1_final,
-    NULL,
-    NULL,
-    SHA_CBLOCK,
-    sizeof(EVP_MD *) + sizeof(SHA_CTX),
-};
+static EVP_MD *_hidden_sha1_md = NULL;
+static const EVP_MD *digest_sha1(void)
+{
+    if (_hidden_sha1_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL
+            || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(EVP_MD *) + sizeof(SHA_CTX))
+            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
+            || !EVP_MD_meth_set_init(md, digest_sha1_init)
+            || !EVP_MD_meth_set_update(md, digest_sha1_update)
+            || !EVP_MD_meth_set_final(md, digest_sha1_final)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        _hidden_sha1_md = md;
+    }
+    return _hidden_sha1_md;
+}
 
 /* SHA256 */
 static int digest_sha256_init(EVP_MD_CTX *ctx);
@@ -137,19 +151,28 @@ static int digest_sha256_update(EVP_MD_CTX *ctx, const void *data,
                                 size_t count);
 static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md);
 
-static const EVP_MD digest_sha256 = {
-    NID_sha256,
-    NID_sha256WithRSAEncryption,
-    SHA256_DIGEST_LENGTH,
-    EVP_MD_FLAG_DIGALGID_ABSENT,
-    digest_sha256_init,
-    digest_sha256_update,
-    digest_sha256_final,
-    NULL,
-    NULL,
-    SHA256_CBLOCK,
-    sizeof(EVP_MD *) + sizeof(SHA256_CTX),
-};
+static EVP_MD *_hidden_sha256_md = NULL;
+static const EVP_MD *digest_sha256(void)
+{
+    if (_hidden_sha256_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_sha256, NID_sha256WithRSAEncryption)) == NULL
+            || !EVP_MD_meth_set_result_size(md, SHA256_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_input_blocksize(md, SHA256_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(EVP_MD *) + sizeof(SHA256_CTX))
+            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
+            || !EVP_MD_meth_set_init(md, digest_sha256_init)
+            || !EVP_MD_meth_set_update(md, digest_sha256_update)
+            || !EVP_MD_meth_set_final(md, digest_sha256_final)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        _hidden_sha256_md = md;
+    }
+    return _hidden_sha256_md;
+}
 
 /* SHA384/SHA512 */
 static int digest_sha384_init(EVP_MD_CTX *ctx);
@@ -159,33 +182,87 @@ static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data,
 static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md);
 static int digest_sha512_final(EVP_MD_CTX *ctx, unsigned char *md);
 
-static const EVP_MD digest_sha384 = {
-    NID_sha384,
-    NID_sha384WithRSAEncryption,
-    SHA384_DIGEST_LENGTH,
-    EVP_MD_FLAG_DIGALGID_ABSENT,
-    digest_sha384_init,
-    digest_sha512_update,
-    digest_sha384_final,
-    NULL,
-    NULL,
-    SHA512_CBLOCK,
-    sizeof(EVP_MD *) + sizeof(SHA512_CTX),
-};
-
-static const EVP_MD digest_sha512 = {
-    NID_sha512,
-    NID_sha512WithRSAEncryption,
-    SHA512_DIGEST_LENGTH,
-    EVP_MD_FLAG_DIGALGID_ABSENT,
-    digest_sha512_init,
-    digest_sha512_update,
-    digest_sha512_final,
-    NULL,
-    NULL,
-    SHA512_CBLOCK,
-    sizeof(EVP_MD *) + sizeof(SHA512_CTX),
-};
+static EVP_MD *_hidden_sha384_md = NULL;
+static const EVP_MD *digest_sha384(void)
+{
+    if (_hidden_sha384_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_sha384, NID_sha384WithRSAEncryption)) == NULL
+            || !EVP_MD_meth_set_result_size(md, SHA384_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(EVP_MD *) + sizeof(SHA512_CTX))
+            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
+            || !EVP_MD_meth_set_init(md, digest_sha384_init)
+            || !EVP_MD_meth_set_update(md, digest_sha512_update)
+            || !EVP_MD_meth_set_final(md, digest_sha384_final)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        _hidden_sha384_md = md;
+    }
+    return _hidden_sha384_md;
+}
+static EVP_MD *_hidden_sha512_md = NULL;
+static const EVP_MD *digest_sha512(void)
+{
+    if (_hidden_sha512_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_sha512, NID_sha512WithRSAEncryption)) == NULL
+            || !EVP_MD_meth_set_result_size(md, SHA512_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(EVP_MD *) + sizeof(SHA512_CTX))
+            || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
+            || !EVP_MD_meth_set_init(md, digest_sha512_init)
+            || !EVP_MD_meth_set_update(md, digest_sha512_update)
+            || !EVP_MD_meth_set_final(md, digest_sha512_final)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        _hidden_sha512_md = md;
+    }
+    return _hidden_sha512_md;
+}
+static void destroy_digests(void)
+{
+    EVP_MD_meth_free(_hidden_md5_md);
+    _hidden_md5_md = NULL;
+    EVP_MD_meth_free(_hidden_sha1_md);
+    _hidden_sha1_md = NULL;
+    EVP_MD_meth_free(_hidden_sha256_md);
+    _hidden_sha256_md = NULL;
+    EVP_MD_meth_free(_hidden_sha384_md);
+    _hidden_sha384_md = NULL;
+    EVP_MD_meth_free(_hidden_sha512_md);
+    _hidden_sha512_md = NULL;
+}
+static int ossltest_digest_nids(const int **nids)
+{
+    static int digest_nids[6] = { 0, 0, 0, 0, 0, 0 };
+    static int pos = 0;
+    static int init = 0;
+
+    if (!init) {
+        const EVP_MD *md;
+        if ((md = digest_md5()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        if ((md = digest_sha1()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        if ((md = digest_sha256()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        if ((md = digest_sha384()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        if ((md = digest_sha512()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        digest_nids[pos] = 0;
+        init = 1;
+    }
+    *nids = digest_nids;
+    return pos;
+}
 
 /* Setup ciphers */
 static int ossltest_ciphers(ENGINE *, const EVP_CIPHER **,
@@ -287,6 +364,7 @@ static int ossltest_finish(ENGINE *e)
 
 static int ossltest_destroy(ENGINE *e)
 {
+    destroy_digests();
     ERR_unload_OSSLTEST_strings();
     return 1;
 }
@@ -297,26 +375,24 @@ static int ossltest_digests(ENGINE *e, const EVP_MD **digest,
     int ok = 1;
     if (!digest) {
         /* We are returning a list of supported nids */
-        *nids = ossltest_digest_nids;
-        return (sizeof(ossltest_digest_nids) -
-                1) / sizeof(ossltest_digest_nids[0]);
+        return ossltest_digest_nids(nids);
     }
     /* We are being asked for a specific digest */
     switch (nid) {
     case NID_md5:
-        *digest = &digest_md5;
+        *digest = digest_md5();
         break;
     case NID_sha1:
-        *digest = &digest_sha1;
+        *digest = digest_sha1();
         break;
     case NID_sha256:
-        *digest = &digest_sha256;
+        *digest = digest_sha256();
         break;
     case NID_sha384:
-        *digest = &digest_sha384;
+        *digest = digest_sha384();
         break;
     case NID_sha512:
-        *digest = &digest_sha512;
+        *digest = digest_sha512();
         break;
     default:
         ok = 0;