[openssl.org #532] Bug in 0.9.7� with OPENSSL_NO_ENGINE

Tue, 11 Mar 2003 05:47:50 -0800 

It's looks like a bug in OpenSSL 0.9.7a with OPENSSL_NO_ENGINE in
crypto/digest.c:EVP_DigestInit_ex:190

Was 
        if (type) {
        ...
        else if(!ctx->digest)
                {
                EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET);
                return 0;
                }

And now 
#ifndef OPENSSL_NO_ENGINE
        if (type) {
        ....
        else
#endif
        if(!ctx->digest)
                {
                EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET);
                return 0;
                }

So initialization of EVP_MD_CTX cannot be done at all (because
ctx->digest == NULL at first call to EVP_DigestInit_ex). I think it
should be:

#ifndef OPENSSL_NO_ENGINE
        /* Whether it's nice or not, "Inits" can be used on "Final"'d
contexts
         * so this context may already have an ENGINE! Try to avoid
releasing
         * the previous handle, re-querying for an ENGINE, and having a
         * reinitialisation, when it may all be unecessary. */
        if (ctx->engine && ctx->digest && (!type ||
                        (type && (type->type == ctx->digest->type))))
                goto skip_to_init;
        if (type)
                {
                /* Ensure an ENGINE left lying around from last time is
cleared
                 * (the previous check attempted to avoid this if the
same
                 * ENGINE and EVP_MD could be used). */
                if(ctx->engine)
                        ENGINE_finish(ctx->engine);
                if(impl)
                        {
                        if (!ENGINE_init(impl))
                                {
                                EVPerr(EVP_F_EVP_DIGESTINIT,
EVP_R_INITIALIZATION_ERROR);
                                return 0;
                                }
                        }
                else
                        /* Ask if an ENGINE is reserved for this job */
                        impl = ENGINE_get_digest_engine(type->type);
                if(impl)
                        {
                        /* There's an ENGINE for this job ...
(apparently) */
                        const EVP_MD *d = ENGINE_get_digest(impl,
type->type);
                        if(!d)
                                {
                                /* Same comment from evp_enc.c */
                                EVPerr(EVP_F_EVP_DIGESTINIT,
EVP_R_INITIALIZATION_ERROR);
                                return 0;
                                }
                        /* We'll use the ENGINE's private digest
definition */
                        type = d;
                        /* Store the ENGINE functional reference so we
know
                         * 'type' came from an ENGINE and we need to
release
                         * it when done. */
                        ctx->engine = impl;
                        }
                else
                        ctx->engine = NULL;
                }
        else if(!ctx->digest)
                {
                EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET);
                return 0;
                }
#else
        if ((!ctx->digest) && (!type))
                {
                EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET);
                return 0;
                }
#endif

Best regards,
Sergey V. Simakov  mailto:[EMAIL PROTECTED]
security software engineer, MCP+Internet, MCSE
VALIDATA http://www.x509.ru 

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to