The branch master has been updated
via f80d0d2fd6d1e05ba59eab78ed950a140d092831 (commit)
from 67ecd65cc4fdaa03fbae5fcccf53ebca7d785554 (commit)
- Log -----------------------------------------------------------------
commit f80d0d2fd6d1e05ba59eab78ed950a140d092831
Author: Dmitry Belyavskiy <beld...@gmail.com>
Date: Mon Sep 14 18:33:29 2020 +0300
HMAC should work with non-provided digests
Fixes #12839
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12874)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/m_sigver.c | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index e2bb613a20..e83a7e654a 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -182,6 +182,8 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX
**pctx,
*/
evp_md_ctx_clear_digest(ctx, 1);
+ /* legacy code support for engines */
+ ERR_set_mark();
/*
* This might be requested by a later call to EVP_MD_CTX_md().
* In that case the "explicit fetch" rules apply for that
@@ -189,12 +191,19 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX
**pctx,
* so the EVP_MD should not be used beyound the lifetime of the
* EVP_MD_CTX.
*/
- ctx->digest = ctx->reqdigest = ctx->fetched_digest =
- EVP_MD_fetch(locpctx->libctx, mdname, props);
- if (ctx->digest == NULL) {
- ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
- goto err;
+ ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props);
+ if (ctx->fetched_digest != NULL) {
+ ctx->digest = ctx->reqdigest = ctx->fetched_digest;
+ } else {
+ /* legacy engine support : remove the mark when this is
deleted */
+ ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname);
+ if (ctx->digest == NULL) {
+ (void)ERR_clear_last_mark();
+ ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+ goto err;
+ }
}
+ (void)ERR_pop_to_mark();
}
}
