From: Matt Caswell <matt@openssl.org>
Date: Thu, 9 Jan 2020 15:58:19 +0000 (+0000)
Subject: Always go the legacy route if EVP_MD_CTX_FLAG_NO_INIT is set
X-Git-Tag: openssl-3.0.0-alpha1~691
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=557d673783f82795e8ae8ca71b0092f9dbdaaeef;p=oweals%2Fopenssl.git

Always go the legacy route if EVP_MD_CTX_FLAG_NO_INIT is set

If we're using an explicitly fetched digest in an EVP_DigestUpdate
operation, then we should still go the legacy route if
EVP_MD_CTX_FLAG_NO_INIT has been set because we are being used in the
context of a legacy signature algorithm and EVP_DigestInit has not been
called.

This fixes a seg fault in EVP_DigestSignUpdate()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10796)
---

diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 92dca9854b..adde3e13ab 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -303,7 +303,9 @@ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
         return 0;
     }
 
-    if (ctx->digest == NULL || ctx->digest->prov == NULL)
+    if (ctx->digest == NULL
+            || ctx->digest->prov == NULL
+            || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0)
         goto legacy;
 
     if (ctx->digest->dupdate == NULL) {
@@ -422,7 +424,8 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
         return 0;
     }
 
-    if (in->digest->prov == NULL)
+    if (in->digest->prov == NULL
+            || (in->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0)
         goto legacy;
 
     if (in->digest->dupctx == NULL) {