[openssl.org #532] Bug in 0.9.7� with OPENSSL_NO_ENGINE

Tue, 11 Mar 2003 18:26:49 -0800 

[EMAIL PROTECTED] - Tue Mar 11 14:48:48 2003]:

> It's looks like a bug in OpenSSL 0.9.7a with OPENSSL_NO_ENGINE in
> crypto/digest.c:EVP_DigestInit_ex:190
> 
> Was 
>       if (type) {
>       ...
>       else if(!ctx->digest)
>               {
>               EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET);
>               return 0;
>               }
> 
> And now 
> #ifndef OPENSSL_NO_ENGINE
>       if (type) {
>       ....
>       else
> #endif
>       if(!ctx->digest)
>               {
>               EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET);
>               return 0;
>               }
> 
> So initialization of EVP_MD_CTX cannot be done at all (because
> ctx->digest == NULL at first call to EVP_DigestInit_ex). I think it
> should be:
> 
> #ifndef OPENSSL_NO_ENGINE
>       /* Whether it's nice or not, "Inits" can be used on "Final"'d
> contexts
>        * so this context may already have an ENGINE! Try to avoid
> releasing
>        * the previous handle, re-querying for an ENGINE, and having a
>        * reinitialisation, when it may all be unecessary. */
>       if (ctx->engine && ctx->digest && (!type ||
>       
        (type && (type->type == ctx->digest->type))))
>               goto skip_to_init;
>       if (type)
>               {
>               /* Ensure an ENGINE left lying around from last time is
> cleared
>                * (the previous check attempted to avoid this if the
> same
>                * ENGINE and EVP_MD could be used). */
>               if(ctx->engine)
>       
        ENGINE_finish(ctx->engine);
>               if(impl)
>       
        {
>       
        if (!ENGINE_init(impl))
>       
                {
>       
                EVPerr(EVP_F_EVP_DIGESTINIT,
> EVP_R_INITIALIZATION_ERROR);
>       
                return 0;
>       
                }
>       
        }
>               else
>       
        /* Ask if an ENGINE is reserved for this job */
>       
        impl = ENGINE_get_digest_engine(type->type);
>               if(impl)
>       
        {
>       
        /* There's an ENGINE for this job ...
> (apparently) */
>       
        const EVP_MD *d = ENGINE_get_digest(impl,
> type->type);
>       
        if(!d)
>       
                {
>       
                /* Same comment from evp_enc.c */
>       
                EVPerr(EVP_F_EVP_DIGESTINIT,
> EVP_R_INITIALIZATION_ERROR);
>       
                return 0;
>       
                }
>       
        /* We'll use the ENGINE's private digest
> definition */
>       
        type = d;
>       
        /* Store the ENGINE functional reference so we
> know
>       
         * 'type' came from an ENGINE and we need to
> release
>       
         * it when done. */
>       
        ctx->engine = impl;
>       
        }
>               else
>       
        ctx->engine = NULL;
>               }
>       else if(!ctx->digest)
>               {
>               EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET);
>               return 0;
>               }
> #else
>       if ((!ctx->digest) && (!type))
>               {
>               EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET);
>               return 0;
>               }
> #endif
> 

Yes I agree. I've committed a fix.

Steve.



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to