From 31f7ff37b403f5ed50cf2e1e828a2e63576dac58 Mon Sep 17 00:00:00 2001 From: Pauli Date: Mon, 8 Feb 2021 10:54:52 +1000 Subject: [PATCH] EVP: fix reference counting for digest operations. The reference count wasn't being incremented but the EVP_MD pointer was being held. In a no cache build, this resulted in a failure on update in some circumstances. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14126) --- crypto/evp/digest.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 40aedae47b8..3dfcfcda8e9 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -235,8 +235,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) #else EVP_MD *provmd = EVP_MD_fetch(NULL, OBJ_nid2sn(type->type), ""); - if (provmd == NULL) + if (provmd == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); return 0; + } type = provmd; EVP_MD_free(ctx->fetched_digest); ctx->fetched_digest = provmd; @@ -248,6 +250,14 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) ctx->digest->freectx(ctx->provctx); ctx->provctx = NULL; } + if (type->prov != NULL && ctx->fetched_digest != type) { + if (!EVP_MD_up_ref((EVP_MD *)type)) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); + return 0; + } + EVP_MD_free(ctx->fetched_digest); + ctx->fetched_digest = (EVP_MD *)type; + } ctx->digest = type; if (ctx->provctx == NULL) { ctx->provctx = ctx->digest->newctx(ossl_provider_ctx(type->prov)); -- 2.47.2