Always go the legacy route if EVP_MD_CTX_FLAG_NO_INIT is set

If we're using an explicitly fetched digest in an EVP_DigestUpdate operation, then we should still go the legacy route if EVP_MD_CTX_FLAG_NO_INIT has been set because we are being used in the context of a legacy signature algorithm and EVP_DigestInit has not been called. This fixes a seg fault in EVP_DigestSignUpdate() Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10796)
author: Matt Caswell <matt@openssl.org> 2020-01-09 15:58:19 +0000
committer: Matt Caswell <matt@openssl.org> 2020-01-13 13:50:06 +0000
commit: 557d673783f82795e8ae8ca71b0092f9dbdaaeef (patch)
tree: 44c1633f1ac207c3238015383e99106e854382c1 /crypto/evp/digest.c
parent: 0ae5d4d6f8a0cd17fb9beb5876827f311c1b350c (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 92dca9854b..adde3e13ab 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -303,7 +303,9 @@ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
         return 0;
     }
 
-    if (ctx->digest == NULL || ctx->digest->prov == NULL)
+    if (ctx->digest == NULL
+            || ctx->digest->prov == NULL
+            || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0)
         goto legacy;
 
     if (ctx->digest->dupdate == NULL) {
@@ -422,7 +424,8 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
         return 0;
     }
 
-    if (in->digest->prov == NULL)
+    if (in->digest->prov == NULL
+            || (in->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0)
         goto legacy;
 
     if (in->digest->dupctx == NULL) {
author	Matt Caswell <matt@openssl.org>	2020-01-09 15:58:19 +0000
committer	Matt Caswell <matt@openssl.org>	2020-01-13 13:50:06 +0000
commit	557d673783f82795e8ae8ca71b0092f9dbdaaeef (patch)
tree	44c1633f1ac207c3238015383e99106e854382c1 /crypto/evp/digest.c
parent	0ae5d4d6f8a0cd17fb9beb5876827f311c1b350c (diff)