summaryrefslogtreecommitdiff
path: root/lib/libcrypto/evp
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2024-03-27 07:37:00 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2024-03-27 07:37:00 +0000
commit7f0426c40896ef0d9c59e621501054d4b52646c2 (patch)
treed92e6590707ec3983876bd9dc90c6019fc81c5a5 /lib/libcrypto/evp
parent57c32cfce5191bc3977237c90daeb06a61bb5b12 (diff)
Explain the weird copy dance in EVP_DigestSignFinal()
with jsing
Diffstat (limited to 'lib/libcrypto/evp')
-rw-r--r--lib/libcrypto/evp/m_sigver.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/libcrypto/evp/m_sigver.c b/lib/libcrypto/evp/m_sigver.c
index 090134c40c0..d427e05db0d 100644
--- a/lib/libcrypto/evp/m_sigver.c
+++ b/lib/libcrypto/evp/m_sigver.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: m_sigver.c,v 1.25 2024/03/27 06:53:15 tb Exp $ */
+/* $OpenBSD: m_sigver.c,v 1.26 2024/03/27 07:36:59 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006.
*/
@@ -191,7 +191,7 @@ EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
return 1;
}
-
+ /* Use a copy since EVP_DigestFinal_ex() clears secrets. */
if ((md_ctx = EVP_MD_CTX_new()) == NULL)
goto err;
if (!EVP_MD_CTX_copy_ex(md_ctx, ctx))
@@ -203,6 +203,7 @@ EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
} else {
if (!EVP_DigestFinal_ex(md_ctx, md, &mdlen))
goto err;
+ /* Use the original ctx since secrets were cleared. */
if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0)
goto err;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-02 18:59:06 +0000