summaryrefslogtreecommitdiffstats
path: root/crypto/evp/m_sigver.c
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2019-10-07 18:47:04 +0200
committerMatt Caswell <matt@openssl.org>2019-10-11 12:42:43 +0200
commit72df8f8825d54a7f1be48cc9035f4e3a86f639b4 (patch)
treef87744718e29ab032a9dffac989057a4d484924c /crypto/evp/m_sigver.c
parentDon't use internal knowledge about EVP_MD_CTX in and MD BIO (diff)
downloadopenssl-72df8f8825d54a7f1be48cc9035f4e3a86f639b4.tar.xz
openssl-72df8f8825d54a7f1be48cc9035f4e3a86f639b4.zip
Support calling EVP_DigestUpdate instead of EVP_Digest[Sign|Verify]Update
Prior to OpenSSL 3.0 EVP_Digest[Sign|Verify|Update were just macros for EVP_DigestUpdate. They are now separate functions. Unfortunately some code assumes that EVP_Digest[Sign|Verify]Update is interchangeable with EVP_DigestUpdate. For example the dgst app uses an MD bio which always calls EVP_DigestUpdate(). However the dgst app supports signing instead of digesting and may initialise with EVP_DigestSignInit_ex() instead of just EVP_DigestInit(). We now detect these differences and redirect to the correct function where appropriate. Fixes #10114 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10116)
Diffstat (limited to 'crypto/evp/m_sigver.c')
-rw-r--r--crypto/evp/m_sigver.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 85272c9516..7912c8dd59 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -16,6 +16,8 @@
#include "internal/provider.h"
#include "evp_local.h"
+#ifndef FIPS_MODE
+
static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
{
EVPerr(EVP_F_UPDATE, EVP_R_ONLY_ONESHOT_SUPPORTED);
@@ -220,6 +222,7 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
{
return do_sigver_init(ctx, pctx, type, NULL, NULL, e, pkey, NULL, 1);
}
+#endif /* FIPS_MDOE */
int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
{
@@ -255,7 +258,7 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
return EVP_DigestUpdate(ctx, data, dsize);
}
-
+#ifndef FIPS_MODE
int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
size_t *siglen)
{
@@ -397,3 +400,4 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
return -1;
return EVP_DigestVerifyFinal(ctx, sigret, siglen);
}
+#endif /* FIPS_MODE */