git.ipfire.org Git - thirdparty/openssl.git/commit

author	Richard Levitte <levitte@openssl.org>
	Tue, 10 Mar 2020 21:07:10 +0000 (22:07 +0100)
committer	Richard Levitte <levitte@openssl.org>
	Sun, 15 Mar 2020 18:42:04 +0000 (19:42 +0100)
commit	a5ce329eb496eb7ae17d6198dac51c2ab417550e
tree	6fd9826103bb669bf5dcb6ff0036aa7d1347610d	tree \| snapshot
parent	edd3b7a309f8767fc7d8a5c4f7d350b53e144c1b	commit \| diff

EVP: Don't call digest_custom() quite so early

A huge problem with calling digest_custom() already in the
initialization of DigestSign, DigestVerify etc, is that it force all
callers to know that certain controls must be performed before Init
and the rest after.  This has lead to quite interesting hacks in our
own openssl app, where the SM2 ID had to get special treatment instead
of just being another sign option or verification option among others.

This change moves the call of digest_custom() to the Update and Final
functions, to be done exactly once, subject to a flag that's set in
the Init function.  Seeing to the process of data, through these
operations, this makes no difference at all.  Seeing to making it
possible to perform all controls after the Init call, this makes a
huge difference.

Fixes #11293

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/11302)

crypto/evp/m_sigver.c		diff \| blob \| blame \| history
include/crypto/evp.h		diff \| blob \| blame \| history