From: Matt Caswell Date: Tue, 24 Sep 2019 09:23:41 +0000 (+0100) Subject: Ensure we look at EVP_MD_CTX_FLAG_KEEP_PKEY_CTX in non-legacy code X-Git-Tag: openssl-3.0.0-alpha1~1224 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=aa64cf248f29b14ae4525e31445d247033c3dddb;p=oweals%2Fopenssl.git Ensure we look at EVP_MD_CTX_FLAG_KEEP_PKEY_CTX in non-legacy code This flag is still relevant even for non-legacy code so we should check it where appropriate. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/10013) --- diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 4b9395d58b..2af28c6157 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -24,6 +24,16 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) if (ctx == NULL) return 1; +#ifndef FIPS_MODE + /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */ + /* + * pctx should be freed by the user of EVP_MD_CTX + * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set + */ + if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) + EVP_PKEY_CTX_free(ctx->pctx); +#endif + if (ctx->digest == NULL || ctx->digest->prov == NULL) goto legacy; @@ -53,18 +63,9 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); } - /* - * pctx should be freed by the user of EVP_MD_CTX - * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set - */ -#ifndef FIPS_MODE - /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */ - if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) - EVP_PKEY_CTX_free(ctx->pctx); -# ifndef OPENSSL_NO_ENGINE +#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE) ENGINE_finish(ctx->engine); -# endif #endif OPENSSL_cleanse(ctx, sizeof(*ctx));