diff options
| author | Matt Caswell <matt@openssl.org> | 2020-03-12 14:40:18 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2020-03-19 11:48:44 +0000 |
| commit | cb57f42528ea93c908aeff2d2f2a90c478528add (patch) | |
| tree | 1682cfaa79eb701d699daadd14a7ffb7904e5f4a | |
| parent | a2b6231601c384bba043755bb58d500265ff6f1e (diff) | |
Make sure we use the libctx when fetching a MAC
We were doing an EVP_MAC_fetch without using the correct libctx.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11354)
| -rw-r--r-- | crypto/err/openssl.txt | 1 | ||||
| -rw-r--r-- | crypto/evp/evp_err.c | 3 | ||||
| -rw-r--r-- | crypto/evp/pkey_mac.c | 6 | ||||
| -rw-r--r-- | include/openssl/evperr.h | 3 |
4 files changed, 10 insertions, 3 deletions
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 4073891de0..2f4ffc8bad 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2500,6 +2500,7 @@ EVP_R_EXPECTING_A_DSA_KEY:129:expecting a dsa key EVP_R_EXPECTING_A_EC_KEY:142:expecting a ec key EVP_R_EXPECTING_A_POLY1305_KEY:164:expecting a poly1305 key EVP_R_EXPECTING_A_SIPHASH_KEY:175:expecting a siphash key +EVP_R_FETCH_FAILED:202:fetch failed EVP_R_FINAL_ERROR:188:final error EVP_R_FIPS_MODE_NOT_SUPPORTED:167:fips mode not supported EVP_R_GET_RAW_KEY_FAILED:182:get raw key failed diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 62ca87c683..20921710ee 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -64,6 +64,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { "expecting a poly1305 key"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_SIPHASH_KEY), "expecting a siphash key"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_FETCH_FAILED), "fetch failed"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_FINAL_ERROR), "final error"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"}, diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c index ed3a075f88..597498c47c 100644 --- a/crypto/evp/pkey_mac.c +++ b/crypto/evp/pkey_mac.c @@ -51,8 +51,12 @@ static int pkey_mac_init(EVP_PKEY_CTX *ctx) MAC_PKEY_CTX *hctx; /* We're being smart and using the same base NIDs for PKEY and for MAC */ int nid = ctx->pmeth->pkey_id; - EVP_MAC *mac = EVP_MAC_fetch(NULL, OBJ_nid2sn(nid), NULL); + EVP_MAC *mac = EVP_MAC_fetch(ctx->libctx, OBJ_nid2sn(nid), ctx->propquery); + if (mac == NULL) { + EVPerr(EVP_F_PKEY_MAC_INIT, EVP_R_FETCH_FAILED); + return 0; + } if ((hctx = OPENSSL_zalloc(sizeof(*hctx))) == NULL) { EVPerr(EVP_F_PKEY_MAC_INIT, ERR_R_MALLOC_FAILURE); return 0; diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index 7744465906..994268af91 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -194,6 +194,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_EXPECTING_A_EC_KEY 142 # define EVP_R_EXPECTING_A_POLY1305_KEY 164 # define EVP_R_EXPECTING_A_SIPHASH_KEY 175 +# define EVP_R_FETCH_FAILED 202 # define EVP_R_FINAL_ERROR 188 # define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 # define EVP_R_GET_RAW_KEY_FAILED 182 |