[openssl] master update

beldmit at gmail.com beldmit at gmail.com
Thu Sep 17 17:17:29 UTC 2020


The branch master has been updated
       via  f80d0d2fd6d1e05ba59eab78ed950a140d092831 (commit)
      from  67ecd65cc4fdaa03fbae5fcccf53ebca7d785554 (commit)


- Log -----------------------------------------------------------------
commit f80d0d2fd6d1e05ba59eab78ed950a140d092831
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date:   Mon Sep 14 18:33:29 2020 +0300

    HMAC should work with non-provided digests
    
    Fixes #12839
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/12874)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/m_sigver.c | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index e2bb613a20..e83a7e654a 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -182,6 +182,8 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
              */
             evp_md_ctx_clear_digest(ctx, 1);
 
+            /* legacy code support for engines */
+            ERR_set_mark();
             /*
              * This might be requested by a later call to EVP_MD_CTX_md().
              * In that case the "explicit fetch" rules apply for that
@@ -189,12 +191,19 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
              * so the EVP_MD should not be used beyound the lifetime of the
              * EVP_MD_CTX.
              */
-            ctx->digest = ctx->reqdigest = ctx->fetched_digest =
-                EVP_MD_fetch(locpctx->libctx, mdname, props);
-            if (ctx->digest == NULL) {
-                ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
-                goto err;
+            ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props);
+            if (ctx->fetched_digest != NULL) {
+                ctx->digest = ctx->reqdigest = ctx->fetched_digest;
+            } else {
+                /* legacy engine support : remove the mark when this is deleted */
+                ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname);
+                if (ctx->digest == NULL) {
+                    (void)ERR_clear_last_mark();
+                    ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+                    goto err;
+                }
             }
+            (void)ERR_pop_to_mark();
         }
     }
 


More information about the openssl-commits mailing list