[openssl] openssl-3.0 update
tomas at openssl.org
tomas at openssl.org
Fri Nov 12 15:41:21 UTC 2021
The branch openssl-3.0 has been updated
via 33665a9389e216b5a1f64fa48c8795dc78973621 (commit)
from 32b172b0b5ee8f3ba9efffb13b3f612024b9e13d (commit)
- Log -----------------------------------------------------------------
commit 33665a9389e216b5a1f64fa48c8795dc78973621
Author: Tomas Mraz <tomas at openssl.org>
Date: Thu Nov 4 11:06:26 2021 +0100
do_sigver_init: Allow reinitialization of an existing operation.
Fixes #16936
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16964)
(cherry picked from commit ae6b68b761b9c5f30897747487ea943ccfab53ba)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/m_sigver.c | 38 ++++++++++++++++------
.../implementations/signature/mac_legacy_sig.c | 13 +++++---
test/evp_extra_test.c | 7 ++++
3 files changed, 43 insertions(+), 15 deletions(-)
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 80570973dd..9188edbc21 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -49,7 +49,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
const char *supported_sig = NULL;
char locmdname[80] = ""; /* 80 chars should be enough */
void *provkey = NULL;
- int ret, iter;
+ int ret, iter, reinit = 1;
if (ctx->algctx != NULL) {
if (!ossl_assert(ctx->digest != NULL)) {
@@ -62,6 +62,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
}
if (ctx->pctx == NULL) {
+ reinit = 0;
if (e == NULL)
ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props);
else
@@ -71,22 +72,37 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
return 0;
locpctx = ctx->pctx;
- evp_pkey_ctx_free_old_ops(locpctx);
-
- if (props == NULL)
- props = locpctx->propquery;
-
ERR_set_mark();
if (evp_pkey_ctx_is_legacy(locpctx))
goto legacy;
+ /* do not reinitialize if pkey is set or operation is different */
+ if (reinit
+ && (pkey != NULL
+ || locpctx->operation != (ver ? EVP_PKEY_OP_VERIFYCTX
+ : EVP_PKEY_OP_SIGNCTX)
+ || (signature = locpctx->op.sig.signature) == NULL
+ || locpctx->op.sig.algctx == NULL))
+ reinit = 0;
+
+ if (props == NULL)
+ props = locpctx->propquery;
+
if (locpctx->pkey == NULL) {
ERR_clear_last_mark();
ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
goto err;
}
+ if (!reinit) {
+ evp_pkey_ctx_free_old_ops(locpctx);
+ } else {
+ if (mdname == NULL && type == NULL)
+ mdname = canon_mdname(EVP_MD_get0_name(ctx->reqdigest));
+ goto reinitialize;
+ }
+
/*
* Try to derive the supported signature from |locpctx->keymgmt|.
*/
@@ -183,9 +199,6 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
/* No more legacy from here down to legacy: */
- if (pctx != NULL)
- *pctx = locpctx;
-
locpctx->op.sig.signature = signature;
locpctx->operation = ver ? EVP_PKEY_OP_VERIFYCTX
: EVP_PKEY_OP_SIGNCTX;
@@ -195,12 +208,17 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
goto err;
}
+
+ reinitialize:
+ if (pctx != NULL)
+ *pctx = locpctx;
+
if (type != NULL) {
ctx->reqdigest = type;
if (mdname == NULL)
mdname = canon_mdname(EVP_MD_get0_name(type));
} else {
- if (mdname == NULL) {
+ if (mdname == NULL && !reinit) {
if (evp_keymgmt_util_get_deflt_digest_name(tmp_keymgmt, provkey,
locmdname,
sizeof(locmdname)) > 0) {
diff --git a/providers/implementations/signature/mac_legacy_sig.c b/providers/implementations/signature/mac_legacy_sig.c
index 06f79505ff..0866e68d9b 100644
--- a/providers/implementations/signature/mac_legacy_sig.c
+++ b/providers/implementations/signature/mac_legacy_sig.c
@@ -101,13 +101,16 @@ static int mac_digest_sign_init(void *vpmacctx, const char *mdname, void *vkey,
const char *ciphername = NULL, *engine = NULL;
if (!ossl_prov_is_running()
- || pmacctx == NULL
- || vkey == NULL
- || !ossl_mac_key_up_ref(vkey))
+ || pmacctx == NULL
+ || (pmacctx->key == NULL && vkey == NULL))
return 0;
- ossl_mac_key_free(pmacctx->key);
- pmacctx->key = vkey;
+ if (vkey != NULL) {
+ if (!ossl_mac_key_up_ref(vkey))
+ return 0;
+ ossl_mac_key_free(pmacctx->key);
+ pmacctx->key = vkey;
+ }
if (pmacctx->key->cipher.cipher != NULL)
ciphername = (char *)EVP_CIPHER_get0_name(pmacctx->key->cipher.cipher);
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 22cc3b3d03..9433bb9098 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -1316,6 +1316,13 @@ static int test_EVP_DigestVerifyInit(void)
|| !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
sizeof(kSignature))))
goto out;
+
+ /* test with reinitialization */
+ if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
+ || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
+ || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
+ sizeof(kSignature))))
+ goto out;
ret = 1;
out:
More information about the openssl-commits
mailing list