crypto/evp/signature.c: add checks for consistent presence of 'update' and 'final' functions

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27367)
2025-04-16 06:20:23 +02:00 · 2025-04-16 06:20:23 +02:00 · 8626a716b0
parent 1146b74a8a
commit 8626a716b0
1 changed files with 29 additions and 0 deletions
--- a/crypto/evp/signature.c
+++ b/crypto/evp/signature.c
@ -421,6 +421,35 @@ static void *evp_signature_from_algorithm(int name_id,
        goto err;
    }

+    if ((signature->sign_message_update == NULL) !=
+        (signature->sign_message_final == NULL)) {
+        ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
+                       "only one of %s message signing update and final available:%s",
+                       signature->type_name, desc);
+        goto err;
+    }
+    if ((signature->verify_message_update == NULL) !=
+        (signature->verify_message_final == NULL)) {
+        ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
+                       "only one of %s message verification update and final available:%s",
+                       signature->type_name, desc);
+        goto err;
+    }
+    if ((signature->digest_sign_update == NULL) !=
+        (signature->digest_sign_final == NULL)) {
+        ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
+                       "only one of %s digest signing update and final available:%s",
+                       signature->type_name, desc);
+        goto err;
+    }
+    if ((signature->digest_verify_update == NULL) !=
+        (signature->digest_verify_final == NULL)) {
+        ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
+                       "only one of %s digest verification update and final available:%s",
+                       signature->type_name, desc);
+        goto err;
+    }
+
    return signature;
 err:
    EVP_SIGNATURE_free(signature);