[openssl] master update

Matt Caswell matt at openssl.org
Wed Apr 3 14:49:09 UTC 2019 

The branch master has been updated
       via  5a2bd6bc66a902ed7aa681e93f0e339c0441e228 (commit)
       via  b7c913c820a80f8534ead1dc49b569280fcb1f9a (commit)
      from  e4e91084d6b7acbe55139141f553b361871ec768 (commit)


- Log -----------------------------------------------------------------
commit 5a2bd6bc66a902ed7aa681e93f0e339c0441e228
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Mar 29 16:29:54 2019 +0000

    Add an EVP_MD_CTX_md() test
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/8614)

commit b7c913c820a80f8534ead1dc49b569280fcb1f9a
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Mar 29 16:28:07 2019 +0000

    Ensure EVP_MD_CTX_md returns the EVP_MD originally used
    
    Fixes #8613
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/8614)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/digest.c         |  4 ++++
 crypto/evp/evp_lib.c        |  4 ++--
 crypto/evp/evp_locl.h       |  1 +
 doc/man3/EVP_DigestInit.pod |  7 ++++++-
 doc/man3/EVP_MD_fetch.pod   | 22 +++++++++++++++++-----
 test/evp_extra_test.c       |  3 ++-
 6 files changed, 32 insertions(+), 9 deletions(-)

diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 7b49725..89f8e54 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -83,6 +83,7 @@ void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
     EVP_MD_meth_free(ctx->fetched_digest);
     ctx->fetched_digest = NULL;
     ctx->digest = NULL;
+    ctx->reqdigest = NULL;
 
     OPENSSL_free(ctx);
     return;
@@ -106,6 +107,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
 
     EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
 
+    if (type != NULL)
+        ctx->reqdigest = type;
+
     /* TODO(3.0): Legacy work around code below. Remove this */
 #ifndef OPENSSL_NO_ENGINE
     /*
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 219ae53..f99e905 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -479,9 +479,9 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
 
 const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
 {
-    if (!ctx)
+    if (ctx == NULL)
         return NULL;
-    return ctx->digest;
+    return ctx->reqdigest;
 }
 
 EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx)
diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h
index 936824a..2453eff 100644
--- a/crypto/evp/evp_locl.h
+++ b/crypto/evp/evp_locl.h
@@ -10,6 +10,7 @@
 /* EVP_MD_CTX related stuff */
 
 struct evp_md_ctx_st {
+    const EVP_MD *reqdigest;    /* The original requested digest */
     const EVP_MD *digest;
     ENGINE *engine;             /* functional reference if 'digest' is
                                  * ENGINE-provided */
diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod
index 37cdb27..4f5e38c 100644
--- a/doc/man3/EVP_DigestInit.pod
+++ b/doc/man3/EVP_DigestInit.pod
@@ -182,7 +182,12 @@ EVP_MD_meth_set_app_datasize().
 
 =item EVP_MD_CTX_md()
 
-Returns the B<EVP_MD> structure corresponding to the passed B<EVP_MD_CTX>.
+Returns the B<EVP_MD> structure corresponding to the passed B<EVP_MD_CTX>. This
+will be the same B<EVP_MD> object originally passed to EVP_DigestInit_ex() (or
+other similar function) when the EVP_MD_CTX was first initialised. Note that
+where explicit fetch is in use (see L<EVP_MD_fetch(3)>) the value returned from
+this function will not have its reference count incremented and therefore it
+should not be used after the EVP_MD_CTX is freed.
 
 =item EVP_MD_CTX_set_update_fn()
 
diff --git a/doc/man3/EVP_MD_fetch.pod b/doc/man3/EVP_MD_fetch.pod
index 1748108..9653604 100644
--- a/doc/man3/EVP_MD_fetch.pod
+++ b/doc/man3/EVP_MD_fetch.pod
@@ -21,13 +21,13 @@ calculate the digest of input data using functions such as
 L<EVP_DigestInit_ex(3)>, L<EVP_DigestUpdate(3)> and L<EVP_DigestFinal_ex(3)>.
 
 Digest implementations may be obtained in one of three ways, i.e. implicit
-lookup, explicit lookup or user defined.
+fetch, explicit fetch or user defined.
 
 =over 4
 
-=item Implicit Lookup
+=item Implicit Fetch
 
-With implicit lookup an application can use functions such as L<EVP_sha256(3)>,
+With implicit fetch an application can use functions such as L<EVP_sha256(3)>,
 L<EVP_sha512(3)> or L<EVP_blake2b512(3)> to obtain an B<EVP_MD> object. When
 used in a function like L<EVP_DigestInit_ex(3)> the actual implementation to
 be used will be fetched implicitly using default search criteria. Typically,
@@ -35,9 +35,9 @@ be used will be fetched implicitly using default search criteria. Typically,
 have been loaded), this will return an implementation of the appropriate
 algorithm from the default provider.
 
-=item Explicit Lookup
+=item Explicit Fetch
 
-With explicit lookup an application uses the EVP_MD_fetch() function to obtain
+With explicit fetch an application uses the EVP_MD_fetch() function to obtain
 an algorithm implementation. An implementation with the given name and
 satisfying the search criteria specified in the B<properties> parameter will be
 looked for within the available providers and returned. See L<OSSL_PROVIDER(3)>
@@ -83,6 +83,18 @@ The return value from a call to EVP_MD_fetch() must be freed by the caller using
 L<EVP_MD_meth_free(3)>. Note that EVP_MD objects are reference counted. See
 L<EVP_MD_upref(3)>.
 
+=head1 NOTES
+
+Where an application that previously used implicit fetch is converted to use
+explicit fetch care should be taken with the L<EVP_MD_CTX_md(3)> function.
+Specifically, this function returns the EVP_MD object orginally passed to
+EVP_DigestInit_ex() (or other similar function). With implicit fetch the
+returned EVP_MD object is guaranteed to be available throughout the application
+lifetime. However, with explicit fetch EVP_MD objects are reference counted.
+EVP_MD_CTX_md does not increment the reference count and so the returned EVP_MD
+object may not be accessible beyond the lifetime of the EVP_MD_CTX it is
+associated with.
+
 =head1 RETURN VALUES
 
 EVP_MD_fetch() returns a pointer to the algorithm implementation represented by
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index f07ae94..f763bb5 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -1083,7 +1083,8 @@ static int calculate_digest(const EVP_MD *md, const char *msg, size_t len,
             || !TEST_true(EVP_DigestUpdate(ctx, msg, len))
             || !TEST_true(EVP_DigestFinal_ex(ctx, out, NULL))
             || !TEST_mem_eq(out, SHA256_DIGEST_LENGTH, exptd,
-                            SHA256_DIGEST_LENGTH))
+                            SHA256_DIGEST_LENGTH)
+            || !TEST_true(md == EVP_MD_CTX_md(ctx)))
         goto err;
 
     ret = 1;

More information about the openssl-commits mailing list