root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Ensure we look at EVP_MD_CTX_FLAG_KEEP_PKEY_CTX in non-legacy code 

This flag is still relevant even for non-legacy code so we should check
it where appropriate.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10013)
This commit is contained in:
Matt Caswell 2019-09-24 10:23:41 +01:00
parent 45a845e40b
commit aa64cf248f
1 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
crypto/evp/digest.c
View File

@ -24,6 +24,16 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
if (ctx == NULL) if (ctx == NULL)
return 1; return 1;
#ifndef FIPS_MODE
/* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */
/*
* pctx should be freed by the user of EVP_MD_CTX
* if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set
*/
if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX))
EVP_PKEY_CTX_free(ctx->pctx);
#endif
if (ctx->digest == NULL || ctx->digest->prov == NULL) if (ctx->digest == NULL || ctx->digest->prov == NULL)
goto legacy; goto legacy;
@ -53,18 +63,9 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
&& !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
} }
/*
* pctx should be freed by the user of EVP_MD_CTX
* if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set
*/
#ifndef FIPS_MODE
/* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */
if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX))
EVP_PKEY_CTX_free(ctx->pctx);
# ifndef OPENSSL_NO_ENGINE #if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE)
ENGINE_finish(ctx->engine); ENGINE_finish(ctx->engine);
# endif
#endif #endif
OPENSSL_cleanse(ctx, sizeof(*ctx)); OPENSSL_cleanse(ctx, sizeof(*ctx));