[openssl] master update

Matt Caswell matt at openssl.org
Thu Jul 30 08:37:48 UTC 2020 

The branch master has been updated
       via  b8ea8d3912006223891a621a7bff19225e93469d (commit)
      from  593d6554f87310f3184c2f45d71c09975ffe9f53 (commit)


- Log -----------------------------------------------------------------
commit b8ea8d3912006223891a621a7bff19225e93469d
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Jul 28 16:47:03 2020 +0100

    Don't fallback to legacy in DigestSignInit/DigestVerifyInit too easily
    
    The only reason we should fallback to legacy codepaths in DigestSignInit/
    DigestVerifyInit, is if we have an engine, or we have a legacy algorithm
    that does not (yet) have a provider based equivalent (e.g. SM2, HMAC, etc).
    Currently we were falling back even if we have a suitable key manager but
    the export of the key fails. This might be for legitimate reasons (e.g.
    we only have the FIPS provider, but we're trying to export a brainpool key).
    In those circumstances we don't want to fallback to the legacy code.
    
    Therefore we tighten then checks for falling back to legacy. Eventually this
    particular fallback can be removed entirely (once all legacy algorithms have
    provider based key managers).
    
    Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12550)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/m_sigver.c | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 44e7cab1af..8d37f19d6c 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -85,13 +85,25 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
 
     /*
      * Ensure that the key is provided, either natively, or as a cached export.
-     *  If not, go legacy
      */
     tmp_keymgmt = locpctx->keymgmt;
     provkey = evp_pkey_export_to_provider(locpctx->pkey, locpctx->libctx,
                                           &tmp_keymgmt, locpctx->propquery);
-    if (provkey == NULL)
-        goto legacy;
+    if (provkey == NULL) {
+        /*
+         * If we couldn't find a keymgmt at all try legacy.
+         * TODO(3.0): Once all legacy algorithms (SM2, HMAC etc) have provider
+         * based implementations this fallback shouldn't be necessary. Either
+         * we have an ENGINE based implementation (in which case we should have
+         * already fallen back in the test above here), or we don't have the
+         * provider based implementation loaded (in which case this is an
+         * application config error)
+         */
+        if (locpctx->keymgmt == NULL)
+            goto legacy;
+        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+        goto err;
+    }
     if (!EVP_KEYMGMT_up_ref(tmp_keymgmt)) {
         ERR_clear_last_mark();
         ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);

More information about the openssl-commits mailing list