From: Dmitry Belyavskiy Date: Mon, 14 Sep 2020 15:33:29 +0000 (+0300) Subject: HMAC should work with non-provided digests X-Git-Tag: openssl-3.0.0-alpha7~214 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f80d0d2fd6d1e05ba59eab78ed950a140d092831;p=thirdparty%2Fopenssl.git HMAC should work with non-provided digests Fixes #12839 Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12874) --- diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index e2bb613a201..e83a7e654ab 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -182,6 +182,8 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, */ evp_md_ctx_clear_digest(ctx, 1); + /* legacy code support for engines */ + ERR_set_mark(); /* * This might be requested by a later call to EVP_MD_CTX_md(). * In that case the "explicit fetch" rules apply for that @@ -189,12 +191,19 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, * so the EVP_MD should not be used beyound the lifetime of the * EVP_MD_CTX. */ - ctx->digest = ctx->reqdigest = ctx->fetched_digest = - EVP_MD_fetch(locpctx->libctx, mdname, props); - if (ctx->digest == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - goto err; + ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props); + if (ctx->fetched_digest != NULL) { + ctx->digest = ctx->reqdigest = ctx->fetched_digest; + } else { + /* legacy engine support : remove the mark when this is deleted */ + ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname); + if (ctx->digest == NULL) { + (void)ERR_clear_last_mark(); + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); + goto err; + } } + (void)ERR_pop_to_mark(); } }