diff options
author | Matt Caswell <matt@openssl.org> | 2019-10-07 18:47:04 +0200 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-10-11 12:42:43 +0200 |
commit | 72df8f8825d54a7f1be48cc9035f4e3a86f639b4 (patch) | |
tree | f87744718e29ab032a9dffac989057a4d484924c /crypto/evp/m_sigver.c | |
parent | Don't use internal knowledge about EVP_MD_CTX in and MD BIO (diff) | |
download | openssl-72df8f8825d54a7f1be48cc9035f4e3a86f639b4.tar.xz openssl-72df8f8825d54a7f1be48cc9035f4e3a86f639b4.zip |
Support calling EVP_DigestUpdate instead of EVP_Digest[Sign|Verify]Update
Prior to OpenSSL 3.0 EVP_Digest[Sign|Verify|Update were just macros for
EVP_DigestUpdate. They are now separate functions. Unfortunately some
code assumes that EVP_Digest[Sign|Verify]Update is interchangeable with
EVP_DigestUpdate. For example the dgst app uses an MD bio which always
calls EVP_DigestUpdate(). However the dgst app supports signing instead
of digesting and may initialise with EVP_DigestSignInit_ex() instead of
just EVP_DigestInit().
We now detect these differences and redirect to the correct function
where appropriate.
Fixes #10114
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10116)
Diffstat (limited to 'crypto/evp/m_sigver.c')
-rw-r--r-- | crypto/evp/m_sigver.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 85272c9516..7912c8dd59 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -16,6 +16,8 @@ #include "internal/provider.h" #include "evp_local.h" +#ifndef FIPS_MODE + static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) { EVPerr(EVP_F_UPDATE, EVP_R_ONLY_ONESHOT_SUPPORTED); @@ -220,6 +222,7 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, { return do_sigver_init(ctx, pctx, type, NULL, NULL, e, pkey, NULL, 1); } +#endif /* FIPS_MDOE */ int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) { @@ -255,7 +258,7 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) return EVP_DigestUpdate(ctx, data, dsize); } - +#ifndef FIPS_MODE int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen) { @@ -397,3 +400,4 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, return -1; return EVP_DigestVerifyFinal(ctx, sigret, siglen); } +#endif /* FIPS_MODE */ |