public/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Always go the legacy route if EVP_MD_CTX_FLAG_NO_INIT is set

Browse source 
If we're using an explicitly fetched digest in an EVP_DigestUpdate
operation, then we should still go the legacy route if
EVP_MD_CTX_FLAG_NO_INIT has been set because we are being used in the
context of a legacy signature algorithm and EVP_DigestInit has not been
called.

This fixes a seg fault in EVP_DigestSignUpdate()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10796)
This commit is contained in:
Matt Caswell 2020-01-09 15:58:19 +00:00
parent 0ae5d4d6f8
commit 557d673783
1 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
crypto/evp/digest.c
View file

@ -303,7 +303,9 @@ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
return 0;
}
if (ctx->digest == NULL || ctx->digest->prov == NULL)
if (ctx->digest == NULL
|| ctx->digest->prov == NULL
|| (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0)
goto legacy;
if (ctx->digest->dupdate == NULL) {
@ -422,7 +424,8 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
return 0;
}
if (in->digest->prov == NULL)
if (in->digest->prov == NULL
|| (in->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0)
goto legacy;
if (in->digest->dupctx == NULL) {