From b0002eb09ac744d0c702c85648b2517e214580ea Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 11 Sep 2020 16:47:53 +0100 Subject: [PATCH] Redirect EVP_DigestInit to EVP_DigestSignInit_ex if appropriate Prior to OpenSSL 3.0 calling EVP_DigestInit_ex() on an mdctx previously initialised with EVP_DigestSignInit() would retain information about the key, and re-initialise for another sign operation. To emulate that we redirect calls to EVP_DigestInit() to EVP_DigestSignInit_ex() if appropriate. Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12850) --- crypto/evp/digest.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index a177abdb67f..fb29ab5f083 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -140,6 +140,25 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) ENGINE *tmpimpl = NULL; #endif +#if !defined(FIPS_MODULE) + if (ctx->pctx != NULL + && EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx) + && ctx->pctx->op.sig.sigprovctx != NULL) { + /* + * Prior to OpenSSL 3.0 calling EVP_DigestInit_ex() on an mdctx + * previously initialised with EVP_DigestSignInit() would retain + * information about the key, and re-initialise for another sign + * operation. So in that case we redirect to EVP_DigestSignInit() + */ + if (ctx->pctx->operation == EVP_PKEY_OP_SIGNCTX) + return EVP_DigestSignInit(ctx, NULL, type, impl, NULL); + if (ctx->pctx->operation == EVP_PKEY_OP_VERIFYCTX) + return EVP_DigestVerifyInit(ctx, NULL, type, impl, NULL); + EVPerr(0, EVP_R_UPDATE_ERROR); + return 0; + } +#endif + EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); if (ctx->provctx != NULL) { -- 2.47.3