Bug Summary

File:out/../deps/openssl/openssl/crypto/evp/m_sigver.c
Warning:line 459, column 17
Access to field 'digest_custom' results in a dereference of a null pointer (loaded from field 'pmeth')

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-unknown-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name m_sigver.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/home/maurizio/node-v18.6.0/out -resource-dir /usr/local/lib/clang/16.0.0 -D V8_DEPRECATION_WARNINGS -D V8_IMMINENT_DEPRECATION_WARNINGS -D _GLIBCXX_USE_CXX11_ABI=1 -D NODE_OPENSSL_CONF_NAME=nodejs_conf -D NODE_OPENSSL_HAS_QUIC -D __STDC_FORMAT_MACROS -D OPENSSL_NO_PINSHARED -D OPENSSL_THREADS -D OPENSSL_NO_HW -D OPENSSL_API_COMPAT=0x10100001L -D STATIC_LEGACY -D NDEBUG -D OPENSSL_USE_NODELETE -D L_ENDIAN -D OPENSSL_BUILDING_OPENSSL -D AES_ASM -D BSAES_ASM -D CMLL_ASM -D ECP_NISTZ256_ASM -D GHASH_ASM -D KECCAK1600_ASM -D MD5_ASM -D OPENSSL_BN_ASM_GF2m -D OPENSSL_BN_ASM_MONT -D OPENSSL_BN_ASM_MONT5 -D OPENSSL_CPUID_OBJ -D OPENSSL_IA32_SSE2 -D PADLOCK_ASM -D POLY1305_ASM -D SHA1_ASM -D SHA256_ASM -D SHA512_ASM -D VPAES_ASM -D WHIRLPOOL_ASM -D X25519_ASM -D OPENSSL_PIC -D MODULESDIR="/home/maurizio/node-v18.6.0/out/Release/obj.target/deps/openssl/lib/openssl-modules" -D OPENSSLDIR="/home/maurizio/node-v18.6.0/out/Release/obj.target/deps/openssl" -D OPENSSLDIR="/etc/ssl" -D ENGINESDIR="/dev/null" -D TERMIOS -I ../deps/openssl/openssl -I ../deps/openssl/openssl/include -I ../deps/openssl/openssl/crypto -I ../deps/openssl/openssl/crypto/include -I ../deps/openssl/openssl/crypto/modes -I ../deps/openssl/openssl/crypto/ec/curve448 -I ../deps/openssl/openssl/crypto/ec/curve448/arch_32 -I ../deps/openssl/openssl/providers/common/include -I ../deps/openssl/openssl/providers/implementations/include -I ../deps/openssl/config -I ../deps/openssl/config/archs/linux-x86_64/asm -I ../deps/openssl/config/archs/linux-x86_64/asm/include -I ../deps/openssl/config/archs/linux-x86_64/asm/crypto -I ../deps/openssl/config/archs/linux-x86_64/asm/crypto/include/internal -I ../deps/openssl/config/archs/linux-x86_64/asm/providers/common/include -internal-isystem /usr/local/lib/clang/16.0.0/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-redhat-linux/8/../../../../x86_64-redhat-linux/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -O3 -Wno-unused-parameter -Wno-missing-field-initializers -Wno-old-style-declaration -fdebug-compilation-dir=/home/maurizio/node-v18.6.0/out -ferror-limit 19 -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2022-08-22-142216-507842-1 -x c ../deps/openssl/openssl/crypto/evp/m_sigver.c
1/*
2 * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <stdio.h>
11#include "internal/cryptlib.h"
12#include <openssl/evp.h>
13#include <openssl/objects.h>
14#include "crypto/evp.h"
15#include "internal/provider.h"
16#include "internal/numbers.h" /* includes SIZE_MAX */
17#include "evp_local.h"
18
19#ifndef FIPS_MODULE
20
21static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
22{
23 ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c"
,23,__func__), ERR_set_error)((6),(177),((void*)0));
24 return 0;
25}
26
27/*
28 * If we get the "NULL" md then the name comes back as "UNDEF". We want to use
29 * NULL for this.
30 */
31static const char *canon_mdname(const char *mdname)
32{
33 if (mdname != NULL((void*)0) && strcmp(mdname, "UNDEF") == 0)
34 return NULL((void*)0);
35
36 return mdname;
37}
38
39static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
40 const EVP_MD *type, const char *mdname,
41 OSSL_LIB_CTX *libctx, const char *props,
42 ENGINE *e, EVP_PKEY *pkey, int ver,
43 const OSSL_PARAM params[])
44{
45 EVP_PKEY_CTX *locpctx = NULL((void*)0);
46 EVP_SIGNATURE *signature = NULL((void*)0);
47 EVP_KEYMGMT *tmp_keymgmt = NULL((void*)0);
48 const OSSL_PROVIDER *tmp_prov = NULL((void*)0);
49 const char *supported_sig = NULL((void*)0);
50 char locmdname[80] = ""; /* 80 chars should be enough */
51 void *provkey = NULL((void*)0);
52 int ret, iter, reinit = 1;
53
54 if (ctx->algctx != NULL((void*)0)) {
55 if (!ossl_assert(ctx->digest != NULL)((ctx->digest != ((void*)0)) != 0)) {
56 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c"
,56,__func__), ERR_set_error)((6),(134),((void*)0));
57 return 0;
58 }
59 if (ctx->digest->freectx != NULL((void*)0))
60 ctx->digest->freectx(ctx->algctx);
61 ctx->algctx = NULL((void*)0);
62 }
63
64 if (ctx->pctx == NULL((void*)0)) {
65 reinit = 0;
66 if (e == NULL((void*)0))
67 ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props);
68 else
69 ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
70 }
71 if (ctx->pctx == NULL((void*)0))
72 return 0;
73
74 locpctx = ctx->pctx;
75 ERR_set_mark();
76
77 if (evp_pkey_ctx_is_legacy(locpctx)((locpctx)->keymgmt == ((void*)0)))
78 goto legacy;
79
80 /* do not reinitialize if pkey is set or operation is different */
81 if (reinit
82 && (pkey != NULL((void*)0)
83 || locpctx->operation != (ver ? EVP_PKEY_OP_VERIFYCTX(1<<8)
84 : EVP_PKEY_OP_SIGNCTX(1<<7))
85 || (signature = locpctx->op.sig.signature) == NULL((void*)0)
86 || locpctx->op.sig.algctx == NULL((void*)0)))
87 reinit = 0;
88
89 if (props == NULL((void*)0))
90 props = locpctx->propquery;
91
92 if (locpctx->pkey == NULL((void*)0)) {
93 ERR_clear_last_mark();
94 ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c"
,94,__func__), ERR_set_error)((6),(154),((void*)0));
95 goto err;
96 }
97
98 if (!reinit) {
99 evp_pkey_ctx_free_old_ops(locpctx);
100 } else {
101 if (mdname == NULL((void*)0) && type == NULL((void*)0))
102 mdname = canon_mdname(EVP_MD_get0_name(ctx->reqdigest));
103 goto reinitialize;
104 }
105
106 /*
107 * Try to derive the supported signature from |locpctx->keymgmt|.
108 */
109 if (!ossl_assert(locpctx->pkey->keymgmt == NULL((locpctx->pkey->keymgmt == ((void*)0) || locpctx->pkey
->keymgmt == locpctx->keymgmt) != 0)
110 || locpctx->pkey->keymgmt == locpctx->keymgmt)((locpctx->pkey->keymgmt == ((void*)0) || locpctx->pkey
->keymgmt == locpctx->keymgmt) != 0)) {
111 ERR_clear_last_mark();
112 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c"
,112,__func__), ERR_set_error)((6),((259|((0x1 << 18L)|
(0x2 << 18L)))),((void*)0));
113 goto err;
114 }
115 supported_sig = evp_keymgmt_util_query_operation_name(locpctx->keymgmt,
116 OSSL_OP_SIGNATURE12);
117 if (supported_sig == NULL((void*)0)) {
118 ERR_clear_last_mark();
119 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c"
,119,__func__), ERR_set_error)((6),(134),((void*)0));
120 goto err;
121 }
122
123 /*
124 * We perform two iterations:
125 *
126 * 1. Do the normal signature fetch, using the fetching data given by
127 * the EVP_PKEY_CTX.
128 * 2. Do the provider specific signature fetch, from the same provider
129 * as |ctx->keymgmt|
130 *
131 * We then try to fetch the keymgmt from the same provider as the
132 * signature, and try to export |ctx->pkey| to that keymgmt (when
133 * this keymgmt happens to be the same as |ctx->keymgmt|, the export
134 * is a no-op, but we call it anyway to not complicate the code even
135 * more).
136 * If the export call succeeds (returns a non-NULL provider key pointer),
137 * we're done and can perform the operation itself. If not, we perform
138 * the second iteration, or jump to legacy.
139 */
140 for (iter = 1, provkey = NULL((void*)0); iter < 3 && provkey == NULL((void*)0); iter++) {
141 EVP_KEYMGMT *tmp_keymgmt_tofree = NULL((void*)0);
142
143 /*
144 * If we're on the second iteration, free the results from the first.
145 * They are NULL on the first iteration, so no need to check what
146 * iteration we're on.
147 */
148 EVP_SIGNATURE_free(signature);
149 EVP_KEYMGMT_free(tmp_keymgmt);
150
151 switch (iter) {
152 case 1:
153 signature = EVP_SIGNATURE_fetch(locpctx->libctx, supported_sig,
154 locpctx->propquery);
155 if (signature != NULL((void*)0))
156 tmp_prov = EVP_SIGNATURE_get0_provider(signature);
157 break;
158 case 2:
159 tmp_prov = EVP_KEYMGMT_get0_provider(locpctx->keymgmt);
160 signature =
161 evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
162 supported_sig, locpctx->propquery);
163 if (signature == NULL((void*)0))
164 goto legacy;
165 break;
166 }
167 if (signature == NULL((void*)0))
168 continue;
169
170 /*
171 * Ensure that the key is provided, either natively, or as a cached
172 * export. We start by fetching the keymgmt with the same name as
173 * |locpctx->pkey|, but from the provider of the signature method, using
174 * the same property query as when fetching the signature method.
175 * With the keymgmt we found (if we did), we try to export |locpctx->pkey|
176 * to it (evp_pkey_export_to_provider() is smart enough to only actually
177
178 * export it if |tmp_keymgmt| is different from |locpctx->pkey|'s keymgmt)
179 */
180 tmp_keymgmt_tofree = tmp_keymgmt =
181 evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
182 EVP_KEYMGMT_get0_name(locpctx->keymgmt),
183 locpctx->propquery);
184 if (tmp_keymgmt != NULL((void*)0))
185 provkey = evp_pkey_export_to_provider(locpctx->pkey, locpctx->libctx,
186 &tmp_keymgmt, locpctx->propquery);
187 if (tmp_keymgmt == NULL((void*)0))
188 EVP_KEYMGMT_free(tmp_keymgmt_tofree);
189 }
190
191 if (provkey == NULL((void*)0)) {
192 EVP_SIGNATURE_free(signature);
193 ERR_clear_last_mark();
194 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c"
,194,__func__), ERR_set_error)((6),(134),((void*)0));
195 goto err;
196 }
197
198 ERR_pop_to_mark();
199
200 /* No more legacy from here down to legacy: */
201
202 locpctx->op.sig.signature = signature;
203 locpctx->operation = ver ? EVP_PKEY_OP_VERIFYCTX(1<<8)
204 : EVP_PKEY_OP_SIGNCTX(1<<7);
205 locpctx->op.sig.algctx
206 = signature->newctx(ossl_provider_ctx(signature->prov), props);
207 if (locpctx->op.sig.algctx == NULL((void*)0)) {
208 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c"
,208,__func__), ERR_set_error)((6),(134),((void*)0));
209 goto err;
210 }
211
212 reinitialize:
213 if (pctx != NULL((void*)0))
214 *pctx = locpctx;
215
216 if (type != NULL((void*)0)) {
217 ctx->reqdigest = type;
218 if (mdname == NULL((void*)0))
219 mdname = canon_mdname(EVP_MD_get0_name(type));
220 } else {
221 if (mdname == NULL((void*)0) && !reinit) {
222 if (evp_keymgmt_util_get_deflt_digest_name(tmp_keymgmt, provkey,
223 locmdname,
224 sizeof(locmdname)) > 0) {
225 mdname = canon_mdname(locmdname);
226 }
227 }
228
229 if (mdname != NULL((void*)0)) {
230 /*
231 * We're about to get a new digest so clear anything associated with
232 * an old digest.
233 */
234 evp_md_ctx_clear_digest(ctx, 1, 0);
235
236 /* legacy code support for engines */
237 ERR_set_mark();
238 /*
239 * This might be requested by a later call to EVP_MD_CTX_get0_md().
240 * In that case the "explicit fetch" rules apply for that
241 * function (as per man pages), i.e. the ref count is not updated
242 * so the EVP_MD should not be used beyound the lifetime of the
243 * EVP_MD_CTX.
244 */
245 ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props);
246 if (ctx->fetched_digest != NULL((void*)0)) {
247 ctx->digest = ctx->reqdigest = ctx->fetched_digest;
248 } else {
249 /* legacy engine support : remove the mark when this is deleted */
250 ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname);
251 if (ctx->digest == NULL((void*)0)) {
252 (void)ERR_clear_last_mark();
253 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c"
,253,__func__), ERR_set_error)((6),(134),((void*)0));
254 goto err;
255 }
256 }
257 (void)ERR_pop_to_mark();
258 }
259 }
260
261 if (ver) {
262 if (signature->digest_verify_init == NULL((void*)0)) {
263 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c"
,263,__func__), ERR_set_error)((6),(134),((void*)0));
264 goto err;
265 }
266 ret = signature->digest_verify_init(locpctx->op.sig.algctx,
267 mdname, provkey, params);
268 } else {
269 if (signature->digest_sign_init == NULL((void*)0)) {
270 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c"
,270,__func__), ERR_set_error)((6),(134),((void*)0));
271 goto err;
272 }
273 ret = signature->digest_sign_init(locpctx->op.sig.algctx,
274 mdname, provkey, params);
275 }
276
277 /*
278 * If the operation was not a success and no digest was found, an error
279 * needs to be raised.
280 */
281 if (ret > 0 || mdname != NULL((void*)0))
282 goto end;
283 if (type == NULL((void*)0)) /* This check is redundant but clarifies matters */
284 ERR_raise(ERR_LIB_EVP, EVP_R_NO_DEFAULT_DIGEST)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c"
,284,__func__), ERR_set_error)((6),(158),((void*)0));
285
286 err:
287 evp_pkey_ctx_free_old_ops(locpctx);
288 locpctx->operation = EVP_PKEY_OP_UNDEFINED0;
289 EVP_KEYMGMT_free(tmp_keymgmt);
290 return 0;
291
292 legacy:
293 /*
294 * If we don't have the full support we need with provided methods,
295 * let's go see if legacy does.
296 */
297 ERR_pop_to_mark();
298 EVP_KEYMGMT_free(tmp_keymgmt);
299 tmp_keymgmt = NULL((void*)0);
300
301 if (type == NULL((void*)0) && mdname != NULL((void*)0))
302 type = evp_get_digestbyname_ex(locpctx->libctx, mdname);
303
304 if (ctx->pctx->pmeth == NULL((void*)0)) {
305 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c"
,305,__func__), ERR_set_error)((6),(150),((void*)0));
306 return 0;
307 }
308
309 if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM4)) {
310
311 if (type == NULL((void*)0)) {
312 int def_nid;
313 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
314 type = EVP_get_digestbynid(def_nid)EVP_get_digestbyname(OBJ_nid2sn(def_nid));
315 }
316
317 if (type == NULL((void*)0)) {
318 ERR_raise(ERR_LIB_EVP, EVP_R_NO_DEFAULT_DIGEST)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c"
,318,__func__), ERR_set_error)((6),(158),((void*)0));
319 return 0;
320 }
321 }
322
323 if (ver) {
324 if (ctx->pctx->pmeth->verifyctx_init) {
325 if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <= 0)
326 return 0;
327 ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX(1<<8);
328 } else if (ctx->pctx->pmeth->digestverify != 0) {
329 ctx->pctx->operation = EVP_PKEY_OP_VERIFY(1<<5);
330 ctx->update = update;
331 } else if (EVP_PKEY_verify_init(ctx->pctx) <= 0) {
332 return 0;
333 }
334 } else {
335 if (ctx->pctx->pmeth->signctx_init) {
336 if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0)
337 return 0;
338 ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX(1<<7);
339 } else if (ctx->pctx->pmeth->digestsign != 0) {
340 ctx->pctx->operation = EVP_PKEY_OP_SIGN(1<<4);
341 ctx->update = update;
342 } else if (EVP_PKEY_sign_init(ctx->pctx) <= 0) {
343 return 0;
344 }
345 }
346 if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0)
347 return 0;
348 if (pctx)
349 *pctx = ctx->pctx;
350 if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM4)
351 return 1;
352 if (!EVP_DigestInit_ex(ctx, type, e))
353 return 0;
354 /*
355 * This indicates the current algorithm requires
356 * special treatment before hashing the tbs-message.
357 */
358 ctx->pctx->flag_call_digest_custom = 0;
359 if (ctx->pctx->pmeth->digest_custom != NULL((void*)0))
360 ctx->pctx->flag_call_digest_custom = 1;
361
362 ret = 1;
363
364 end:
365#ifndef FIPS_MODULE
366 if (ret > 0)
367 ret = evp_pkey_ctx_use_cached_data(locpctx);
368#endif
369
370 EVP_KEYMGMT_free(tmp_keymgmt);
371 return ret > 0 ? 1 : 0;
372}
373
374int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
375 const char *mdname, OSSL_LIB_CTX *libctx,
376 const char *props, EVP_PKEY *pkey,
377 const OSSL_PARAM params[])
378{
379 return do_sigver_init(ctx, pctx, NULL((void*)0), mdname, libctx, props, NULL((void*)0), pkey, 0,
380 params);
381}
382
383int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
384 const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
385{
386 return do_sigver_init(ctx, pctx, type, NULL((void*)0), NULL((void*)0), NULL((void*)0), e, pkey, 0,
387 NULL((void*)0));
388}
389
390int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
391 const char *mdname, OSSL_LIB_CTX *libctx,
392 const char *props, EVP_PKEY *pkey,
393 const OSSL_PARAM params[])
394{
395 return do_sigver_init(ctx, pctx, NULL((void*)0), mdname, libctx, props, NULL((void*)0), pkey, 1,
396 params);
397}
398
399int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
400 const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
401{
402 return do_sigver_init(ctx, pctx, type, NULL((void*)0), NULL((void*)0), NULL((void*)0), e, pkey, 1,
403 NULL((void*)0));
404}
405#endif /* FIPS_MDOE */
406
407int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
408{
409 EVP_PKEY_CTX *pctx = ctx->pctx;
410
411 if (pctx == NULL((void*)0)
412 || pctx->operation != EVP_PKEY_OP_SIGNCTX(1<<7)
413 || pctx->op.sig.algctx == NULL((void*)0)
414 || pctx->op.sig.signature == NULL((void*)0))
415 goto legacy;
416
417 if (pctx->op.sig.signature->digest_sign_update == NULL((void*)0)) {
418 ERR_raise(ERR_LIB_EVP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c"
,418,__func__), ERR_set_error)((6),((257|((0x1 << 18L)|
(0x2 << 18L)))),((void*)0));
419 return 0;
420 }
421
422 return pctx->op.sig.signature->digest_sign_update(pctx->op.sig.algctx,
423 data, dsize);
424
425 legacy:
426 if (pctx != NULL((void*)0)) {
427 /* do_sigver_init() checked that |digest_custom| is non-NULL */
428 if (pctx->flag_call_digest_custom
429 && !ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx))
430 return 0;
431 pctx->flag_call_digest_custom = 0;
432 }
433
434 return EVP_DigestUpdate(ctx, data, dsize);
435}
436
437int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
438{
439 EVP_PKEY_CTX *pctx = ctx->pctx;
440
441 if (pctx
4.1
'pctx' is not equal to NULL
 == NULL((void*)0)
442 || pctx->operation != EVP_PKEY_OP_VERIFYCTX(1<<8)
443 || pctx->op.sig.algctx == NULL((void*)0)
444 || pctx->op.sig.signature == NULL((void*)0))
445 goto legacy;
5
Control jumps to line 456
446
447 if (pctx->op.sig.signature->digest_verify_update == NULL((void*)0)) {
448 ERR_raise(ERR_LIB_EVP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c"
,448,__func__), ERR_set_error)((6),((257|((0x1 << 18L)|
(0x2 << 18L)))),((void*)0));
449 return 0;
450 }
451
452 return pctx->op.sig.signature->digest_verify_update(pctx->op.sig.algctx,
453 data, dsize);
454
455 legacy:
456 if (pctx
5.1
'pctx' is not equal to NULL
 != NULL((void*)0)) {
457 /* do_sigver_init() checked that |digest_custom| is non-NULL */
458 if (pctx->flag_call_digest_custom
6
Assuming field 'flag_call_digest_custom' is not equal to 0
459 && !ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx))
7
Access to field 'digest_custom' results in a dereference of a null pointer (loaded from field 'pmeth')
460 return 0;
461 pctx->flag_call_digest_custom = 0;
462 }
463
464 return EVP_DigestUpdate(ctx, data, dsize);
465}
466
467#ifndef FIPS_MODULE
468int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
469 size_t *siglen)
470{
471 int sctx = 0, r = 0;
472 EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
473
474 if (pctx == NULL((void*)0)
475 || pctx->operation != EVP_PKEY_OP_SIGNCTX(1<<7)
476 || pctx->op.sig.algctx == NULL((void*)0)
477 || pctx->op.sig.signature == NULL((void*)0))
478 goto legacy;
479
480 if (sigret == NULL((void*)0) || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE0x0200) != 0)
481 return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
482 sigret, siglen,
483 sigret == NULL((void*)0) ? 0 : *siglen);
484 dctx = EVP_PKEY_CTX_dup(pctx);
485 if (dctx == NULL((void*)0))
486 return 0;
487
488 r = dctx->op.sig.signature->digest_sign_final(dctx->op.sig.algctx,
489 sigret, siglen,
490 *siglen);
491 EVP_PKEY_CTX_free(dctx);
492 return r;
493
494 legacy:
495 if (pctx == NULL((void*)0) || pctx->pmeth == NULL((void*)0)) {
496 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c"
,496,__func__), ERR_set_error)((6),(134),((void*)0));
497 return 0;
498 }
499
500 /* do_sigver_init() checked that |digest_custom| is non-NULL */
501 if (pctx->flag_call_digest_custom
502 && !ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx))
503 return 0;
504 pctx->flag_call_digest_custom = 0;
505
506 if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM4) {
507 if (sigret == NULL((void*)0))
508 return pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
509 if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE0x0200)
510 r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
511 else {
512 dctx = EVP_PKEY_CTX_dup(pctx);
513 if (dctx == NULL((void*)0))
514 return 0;
515 r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx);
516 EVP_PKEY_CTX_free(dctx);
517 }
518 return r;
519 }
520 if (pctx->pmeth->signctx != NULL((void*)0))
521 sctx = 1;
522 else
523 sctx = 0;
524 if (sigret != NULL((void*)0)) {
525 unsigned char md[EVP_MAX_MD_SIZE64];
526 unsigned int mdlen = 0;
527
528 if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE0x0200) {
529 if (sctx)
530 r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
531 else
532 r = EVP_DigestFinal_ex(ctx, md, &mdlen);
533 } else {
534 EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
535
536 if (tmp_ctx == NULL((void*)0))
537 return 0;
538 if (!EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) {
539 EVP_MD_CTX_free(tmp_ctx);
540 return 0;
541 }
542 if (sctx)
543 r = tmp_ctx->pctx->pmeth->signctx(tmp_ctx->pctx,
544 sigret, siglen, tmp_ctx);
545 else
546 r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen);
547 EVP_MD_CTX_free(tmp_ctx);
548 }
549 if (sctx || !r)
550 return r;
551 if (EVP_PKEY_sign(pctx, sigret, siglen, md, mdlen) <= 0)
552 return 0;
553 } else {
554 if (sctx) {
555 if (pctx->pmeth->signctx(pctx, sigret, siglen, ctx) <= 0)
556 return 0;
557 } else {
558 int s = EVP_MD_get_size(ctx->digest);
559
560 if (s < 0 || EVP_PKEY_sign(pctx, sigret, siglen, NULL((void*)0), s) <= 0)
561 return 0;
562 }
563 }
564 return 1;
565}
566
567int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
568 const unsigned char *tbs, size_t tbslen)
569{
570 EVP_PKEY_CTX *pctx = ctx->pctx;
571
572 if (pctx != NULL((void*)0)
573 && pctx->operation == EVP_PKEY_OP_SIGNCTX(1<<7)
574 && pctx->op.sig.algctx != NULL((void*)0)
575 && pctx->op.sig.signature != NULL((void*)0)) {
576 if (pctx->op.sig.signature->digest_sign != NULL((void*)0))
577 return pctx->op.sig.signature->digest_sign(pctx->op.sig.algctx,
578 sigret, siglen,
579 sigret == NULL((void*)0) ? 0 : *siglen,
580 tbs, tbslen);
581 } else {
582 /* legacy */
583 if (ctx->pctx->pmeth != NULL((void*)0) && ctx->pctx->pmeth->digestsign != NULL((void*)0))
584 return ctx->pctx->pmeth->digestsign(ctx, sigret, siglen, tbs, tbslen);
585 }
586
587 if (sigret != NULL((void*)0) && EVP_DigestSignUpdate(ctx, tbs, tbslen) <= 0)
588 return 0;
589 return EVP_DigestSignFinal(ctx, sigret, siglen);
590}
591
592int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
593 size_t siglen)
594{
595 unsigned char md[EVP_MAX_MD_SIZE64];
596 int r = 0;
597 unsigned int mdlen = 0;
598 int vctx = 0;
599 EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
600
601 if (pctx == NULL((void*)0)
602 || pctx->operation != EVP_PKEY_OP_VERIFYCTX(1<<8)
603 || pctx->op.sig.algctx == NULL((void*)0)
604 || pctx->op.sig.signature == NULL((void*)0))
605 goto legacy;
606
607 if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE0x0200) != 0)
608 return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
609 sig, siglen);
610 dctx = EVP_PKEY_CTX_dup(pctx);
611 if (dctx == NULL((void*)0))
612 return 0;
613
614 r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx,
615 sig, siglen);
616 EVP_PKEY_CTX_free(dctx);
617 return r;
618
619 legacy:
620 if (pctx == NULL((void*)0) || pctx->pmeth == NULL((void*)0)) {
621 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/evp/m_sigver.c"
,621,__func__), ERR_set_error)((6),(134),((void*)0));
622 return 0;
623 }
624
625 /* do_sigver_init() checked that |digest_custom| is non-NULL */
626 if (pctx->flag_call_digest_custom
627 && !ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx))
628 return 0;
629 pctx->flag_call_digest_custom = 0;
630
631 if (pctx->pmeth->verifyctx != NULL((void*)0))
632 vctx = 1;
633 else
634 vctx = 0;
635 if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE0x0200) {
636 if (vctx)
637 r = pctx->pmeth->verifyctx(pctx, sig, siglen, ctx);
638 else
639 r = EVP_DigestFinal_ex(ctx, md, &mdlen);
640 } else {
641 EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
642 if (tmp_ctx == NULL((void*)0))
643 return -1;
644 if (!EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) {
645 EVP_MD_CTX_free(tmp_ctx);
646 return -1;
647 }
648 if (vctx)
649 r = tmp_ctx->pctx->pmeth->verifyctx(tmp_ctx->pctx,
650 sig, siglen, tmp_ctx);
651 else
652 r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen);
653 EVP_MD_CTX_free(tmp_ctx);
654 }
655 if (vctx || !r)
656 return r;
657 return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen);
658}
659
660int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
661 size_t siglen, const unsigned char *tbs, size_t tbslen)
662{
663 EVP_PKEY_CTX *pctx = ctx->pctx;
664
665 if (pctx != NULL((void*)0)
1
Assuming 'pctx' is not equal to NULL
666 && pctx->operation == EVP_PKEY_OP_VERIFYCTX(1<<8)
2
Assuming the condition is false
667 && pctx->op.sig.algctx != NULL((void*)0)
668 && pctx->op.sig.signature != NULL((void*)0)) {
669 if (pctx->op.sig.signature->digest_verify != NULL((void*)0))
670 return pctx->op.sig.signature->digest_verify(pctx->op.sig.algctx,
671 sigret, siglen,
672 tbs, tbslen);
673 } else {
674 /* legacy */
675 if (ctx->pctx->pmeth != NULL((void*)0) && ctx->pctx->pmeth->digestverify != NULL((void*)0))
3
Assuming field 'pmeth' is equal to NULL
676 return ctx->pctx->pmeth->digestverify(ctx, sigret, siglen, tbs, tbslen);
677 }
678
679 if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0)
4
Calling 'EVP_DigestVerifyUpdate'
680 return -1;
681 return EVP_DigestVerifyFinal(ctx, sigret, siglen);
682}
683#endif /* FIPS_MODULE */