diff options
author | Matt Caswell <matt@openssl.org> | 2020-08-10 17:11:39 +0100 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2020-08-29 17:40:10 +1000 |
commit | ada0670bf6c2f67016a55750b1f6b08c54f4242c (patch) | |
tree | c06a6f3e3b7db4145337c04a005d7fe9a215eb07 /crypto/evp | |
parent | 5d51925a90734226f804a7b928326f8ba4bd0434 (diff) |
Fix some EVP_MD_CTX_* functions
Fixes some issues with EVP_MD_CTX_* functions when doing EVP_DigestSign*
and EVP_DigestVerify* functions.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
Diffstat (limited to 'crypto/evp')
-rw-r--r-- | crypto/evp/digest.c | 45 | ||||
-rw-r--r-- | crypto/evp/m_sigver.c | 2 |
2 files changed, 27 insertions, 20 deletions
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index c9b4e3fd6e..19fddb74ab 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -489,10 +489,12 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) if (in->fetched_digest != NULL) EVP_MD_up_ref(in->fetched_digest); - out->provctx = in->digest->dupctx(in->provctx); - if (out->provctx == NULL) { - EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_NOT_ABLE_TO_COPY_CTX); - return 0; + if (in->provctx != NULL) { + out->provctx = in->digest->dupctx(in->provctx); + if (out->provctx == NULL) { + EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_NOT_ABLE_TO_COPY_CTX); + return 0; + } } /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */ @@ -608,9 +610,7 @@ int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]) { EVP_PKEY_CTX *pctx = ctx->pctx; - if (ctx->digest != NULL && ctx->digest->set_ctx_params != NULL) - return ctx->digest->set_ctx_params(ctx->provctx, params); - + /* If we have a pctx then we should try that first */ if (pctx != NULL && (pctx->operation == EVP_PKEY_OP_VERIFYCTX || pctx->operation == EVP_PKEY_OP_SIGNCTX) @@ -618,6 +618,10 @@ int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]) && pctx->op.sig.signature->set_ctx_md_params != NULL) return pctx->op.sig.signature->set_ctx_md_params(pctx->op.sig.sigprovctx, params); + + if (ctx->digest != NULL && ctx->digest->set_ctx_params != NULL) + return ctx->digest->set_ctx_params(ctx->provctx, params); + return 0; } @@ -635,10 +639,7 @@ const OSSL_PARAM *EVP_MD_CTX_settable_params(EVP_MD_CTX *ctx) if (ctx == NULL) return NULL; - if (ctx->digest != NULL && ctx->digest->settable_ctx_params != NULL) - return ctx->digest->settable_ctx_params( - ossl_provider_ctx(EVP_MD_provider(ctx->digest))); - + /* If we have a pctx then we should try that first */ pctx = ctx->pctx; if (pctx != NULL && (pctx->operation == EVP_PKEY_OP_VERIFYCTX @@ -648,6 +649,10 @@ const OSSL_PARAM *EVP_MD_CTX_settable_params(EVP_MD_CTX *ctx) return pctx->op.sig.signature->settable_ctx_md_params( pctx->op.sig.sigprovctx); + if (ctx->digest != NULL && ctx->digest->settable_ctx_params != NULL) + return ctx->digest->settable_ctx_params( + ossl_provider_ctx(EVP_MD_provider(ctx->digest))); + return NULL; } @@ -655,9 +660,7 @@ int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[]) { EVP_PKEY_CTX *pctx = ctx->pctx; - if (ctx->digest != NULL && ctx->digest->get_params != NULL) - return ctx->digest->get_ctx_params(ctx->provctx, params); - + /* If we have a pctx then we should try that first */ if (pctx != NULL && (pctx->operation == EVP_PKEY_OP_VERIFYCTX || pctx->operation == EVP_PKEY_OP_SIGNCTX) @@ -666,6 +669,9 @@ int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[]) return pctx->op.sig.signature->get_ctx_md_params(pctx->op.sig.sigprovctx, params); + if (ctx->digest != NULL && ctx->digest->get_params != NULL) + return ctx->digest->get_ctx_params(ctx->provctx, params); + return 0; } @@ -683,11 +689,7 @@ const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx) if (ctx == NULL) return NULL; - if (ctx->digest != NULL - && ctx->digest->gettable_ctx_params != NULL) - return ctx->digest->gettable_ctx_params( - ossl_provider_ctx(EVP_MD_provider(ctx->digest))); - + /* If we have a pctx then we should try that first */ pctx = ctx->pctx; if (pctx != NULL && (pctx->operation == EVP_PKEY_OP_VERIFYCTX @@ -697,6 +699,11 @@ const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx) return pctx->op.sig.signature->gettable_ctx_md_params( pctx->op.sig.sigprovctx); + if (ctx->digest != NULL + && ctx->digest->gettable_ctx_params != NULL) + return ctx->digest->gettable_ctx_params( + ossl_provider_ctx(EVP_MD_provider(ctx->digest))); + return NULL; } diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 04ac121e25..8fb9de07fe 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -186,7 +186,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, * so the EVP_MD should not be used beyound the lifetime of the * EVP_MD_CTX. */ - ctx->reqdigest = ctx->fetched_digest = + ctx->digest = ctx->reqdigest = ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props); } } |