[openssl] master update
Matt Caswell
matt at openssl.org
Thu Mar 19 11:55:07 UTC 2020
The branch master has been updated
via cb57f42528ea93c908aeff2d2f2a90c478528add (commit)
from a2b6231601c384bba043755bb58d500265ff6f1e (commit)
- Log -----------------------------------------------------------------
commit cb57f42528ea93c908aeff2d2f2a90c478528add
Author: Matt Caswell <matt at openssl.org>
Date: Thu Mar 12 14:40:18 2020 +0000
Make sure we use the libctx when fetching a MAC
We were doing an EVP_MAC_fetch without using the correct libctx.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11354)
-----------------------------------------------------------------------
Summary of changes:
crypto/err/openssl.txt | 1 +
crypto/evp/evp_err.c | 3 ++-
crypto/evp/pkey_mac.c | 6 +++++-
include/openssl/evperr.h | 3 ++-
4 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 4073891de0..2f4ffc8bad 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -2500,6 +2500,7 @@ EVP_R_EXPECTING_A_DSA_KEY:129:expecting a dsa key
EVP_R_EXPECTING_A_EC_KEY:142:expecting a ec key
EVP_R_EXPECTING_A_POLY1305_KEY:164:expecting a poly1305 key
EVP_R_EXPECTING_A_SIPHASH_KEY:175:expecting a siphash key
+EVP_R_FETCH_FAILED:202:fetch failed
EVP_R_FINAL_ERROR:188:final error
EVP_R_FIPS_MODE_NOT_SUPPORTED:167:fips mode not supported
EVP_R_GET_RAW_KEY_FAILED:182:get raw key failed
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index 62ca87c683..20921710ee 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -64,6 +64,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
"expecting a poly1305 key"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_SIPHASH_KEY),
"expecting a siphash key"},
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_FETCH_FAILED), "fetch failed"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_FINAL_ERROR), "final error"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_FIPS_MODE_NOT_SUPPORTED),
"fips mode not supported"},
diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c
index ed3a075f88..597498c47c 100644
--- a/crypto/evp/pkey_mac.c
+++ b/crypto/evp/pkey_mac.c
@@ -51,8 +51,12 @@ static int pkey_mac_init(EVP_PKEY_CTX *ctx)
MAC_PKEY_CTX *hctx;
/* We're being smart and using the same base NIDs for PKEY and for MAC */
int nid = ctx->pmeth->pkey_id;
- EVP_MAC *mac = EVP_MAC_fetch(NULL, OBJ_nid2sn(nid), NULL);
+ EVP_MAC *mac = EVP_MAC_fetch(ctx->libctx, OBJ_nid2sn(nid), ctx->propquery);
+ if (mac == NULL) {
+ EVPerr(EVP_F_PKEY_MAC_INIT, EVP_R_FETCH_FAILED);
+ return 0;
+ }
if ((hctx = OPENSSL_zalloc(sizeof(*hctx))) == NULL) {
EVPerr(EVP_F_PKEY_MAC_INIT, ERR_R_MALLOC_FAILURE);
return 0;
diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h
index 7744465906..994268af91 100644
--- a/include/openssl/evperr.h
+++ b/include/openssl/evperr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -194,6 +194,7 @@ int ERR_load_EVP_strings(void);
# define EVP_R_EXPECTING_A_EC_KEY 142
# define EVP_R_EXPECTING_A_POLY1305_KEY 164
# define EVP_R_EXPECTING_A_SIPHASH_KEY 175
+# define EVP_R_FETCH_FAILED 202
# define EVP_R_FINAL_ERROR 188
# define EVP_R_FIPS_MODE_NOT_SUPPORTED 167
# define EVP_R_GET_RAW_KEY_FAILED 182
More information about the openssl-commits
mailing list