OLD | NEW |
1 /* crypto/evp/digest.c */ | 1 /* crypto/evp/digest.c */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
109 * | 109 * |
110 */ | 110 */ |
111 | 111 |
112 #include <stdio.h> | 112 #include <stdio.h> |
113 #include "cryptlib.h" | 113 #include "cryptlib.h" |
114 #include <openssl/objects.h> | 114 #include <openssl/objects.h> |
115 #include <openssl/evp.h> | 115 #include <openssl/evp.h> |
116 #ifndef OPENSSL_NO_ENGINE | 116 #ifndef OPENSSL_NO_ENGINE |
117 #include <openssl/engine.h> | 117 #include <openssl/engine.h> |
118 #endif | 118 #endif |
119 #include "evp_locl.h" | |
120 | 119 |
121 void EVP_MD_CTX_init(EVP_MD_CTX *ctx) | 120 void EVP_MD_CTX_init(EVP_MD_CTX *ctx) |
122 { | 121 { |
123 memset(ctx,'\0',sizeof *ctx); | 122 memset(ctx,'\0',sizeof *ctx); |
124 } | 123 } |
125 | 124 |
126 EVP_MD_CTX *EVP_MD_CTX_create(void) | 125 EVP_MD_CTX *EVP_MD_CTX_create(void) |
127 { | 126 { |
128 EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx); | 127 EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx); |
129 | 128 |
130 if (ctx) | 129 if (ctx) |
131 EVP_MD_CTX_init(ctx); | 130 EVP_MD_CTX_init(ctx); |
132 | 131 |
133 return ctx; | 132 return ctx; |
134 } | 133 } |
135 | 134 |
136 int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) | 135 int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) |
137 { | 136 { |
138 EVP_MD_CTX_init(ctx); | 137 EVP_MD_CTX_init(ctx); |
139 return EVP_DigestInit_ex(ctx, type, NULL); | 138 return EVP_DigestInit_ex(ctx, type, NULL); |
140 } | 139 } |
141 | 140 |
142 #ifdef OPENSSL_FIPS | 141 int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) |
143 | |
144 /* The purpose of these is to trap programs that attempt to use non FIPS | |
145 * algorithms in FIPS mode and ignore the errors. | |
146 */ | |
147 | |
148 static int bad_init(EVP_MD_CTX *ctx) | |
149 » { FIPS_ERROR_IGNORED("Digest init"); return 0;} | |
150 | |
151 static int bad_update(EVP_MD_CTX *ctx,const void *data,size_t count) | |
152 » { FIPS_ERROR_IGNORED("Digest update"); return 0;} | |
153 | |
154 static int bad_final(EVP_MD_CTX *ctx,unsigned char *md) | |
155 » { FIPS_ERROR_IGNORED("Digest Final"); return 0;} | |
156 | |
157 static const EVP_MD bad_md = | |
158 { | 142 { |
159 » 0, | 143 » EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); |
160 » 0, | |
161 » 0, | |
162 » 0, | |
163 » bad_init, | |
164 » bad_update, | |
165 » bad_final, | |
166 » NULL, | |
167 » NULL, | |
168 » NULL, | |
169 » 0, | |
170 » {0,0,0,0}, | |
171 » }; | |
172 | |
173 #endif | |
174 | |
175 #ifndef OPENSSL_NO_ENGINE | 144 #ifndef OPENSSL_NO_ENGINE |
176 | 145 » /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts |
177 #ifdef OPENSSL_FIPS | 146 » * so this context may already have an ENGINE! Try to avoid releasing |
178 | 147 » * the previous handle, re-querying for an ENGINE, and having a |
179 static int do_engine_null(ENGINE *impl) { return 0;} | 148 » * reinitialisation, when it may all be unecessary. */ |
180 static int do_evp_md_engine_null(EVP_MD_CTX *ctx, | 149 » if (ctx->engine && ctx->digest && (!type || |
181 » » » » const EVP_MD **ptype, ENGINE *impl) | 150 » » » (type && (type->type == ctx->digest->type)))) |
182 » { return 1; } | 151 » » goto skip_to_init; |
183 | 152 » if (type) |
184 static int (*do_engine_init)(ENGINE *impl) | |
185 » » = do_engine_null; | |
186 | |
187 static int (*do_engine_finish)(ENGINE *impl) | |
188 » » = do_engine_null; | |
189 | |
190 static int (*do_evp_md_engine) | |
191 » (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) | |
192 » » = do_evp_md_engine_null; | |
193 | |
194 void int_EVP_MD_set_engine_callbacks( | |
195 » int (*eng_md_init)(ENGINE *impl), | |
196 » int (*eng_md_fin)(ENGINE *impl), | |
197 » int (*eng_md_evp) | |
198 » » (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)) | |
199 » { | |
200 » do_engine_init = eng_md_init; | |
201 » do_engine_finish = eng_md_fin; | |
202 » do_evp_md_engine = eng_md_evp; | |
203 » } | |
204 | |
205 #else | |
206 | |
207 #define do_engine_init» ENGINE_init | |
208 #define do_engine_finish ENGINE_finish | |
209 | |
210 static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) | |
211 » { | |
212 » if (*ptype) | |
213 { | 153 { |
214 /* Ensure an ENGINE left lying around from last time is cleared | 154 /* Ensure an ENGINE left lying around from last time is cleared |
215 * (the previous check attempted to avoid this if the same | 155 * (the previous check attempted to avoid this if the same |
216 * ENGINE and EVP_MD could be used). */ | 156 * ENGINE and EVP_MD could be used). */ |
217 if(ctx->engine) | 157 if(ctx->engine) |
218 ENGINE_finish(ctx->engine); | 158 ENGINE_finish(ctx->engine); |
219 if(impl) | 159 if(impl) |
220 { | 160 { |
221 if (!ENGINE_init(impl)) | 161 if (!ENGINE_init(impl)) |
222 { | 162 { |
223 » » » » EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATI
ON_ERROR); | 163 » » » » EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZAT
ION_ERROR); |
224 return 0; | 164 return 0; |
225 } | 165 } |
226 } | 166 } |
227 else | 167 else |
228 /* Ask if an ENGINE is reserved for this job */ | 168 /* Ask if an ENGINE is reserved for this job */ |
229 » » » impl = ENGINE_get_digest_engine((*ptype)->type); | 169 » » » impl = ENGINE_get_digest_engine(type->type); |
230 if(impl) | 170 if(impl) |
231 { | 171 { |
232 /* There's an ENGINE for this job ... (apparently) */ | 172 /* There's an ENGINE for this job ... (apparently) */ |
233 » » » const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type
); | 173 » » » const EVP_MD *d = ENGINE_get_digest(impl, type->type); |
234 if(!d) | 174 if(!d) |
235 { | 175 { |
236 /* Same comment from evp_enc.c */ | 176 /* Same comment from evp_enc.c */ |
237 » » » » EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATI
ON_ERROR); | 177 » » » » EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZAT
ION_ERROR); |
238 ENGINE_finish(impl); | 178 ENGINE_finish(impl); |
239 return 0; | 179 return 0; |
240 } | 180 } |
241 /* We'll use the ENGINE's private digest definition */ | 181 /* We'll use the ENGINE's private digest definition */ |
242 » » » *ptype = d; | 182 » » » type = d; |
243 /* Store the ENGINE functional reference so we know | 183 /* Store the ENGINE functional reference so we know |
244 * 'type' came from an ENGINE and we need to release | 184 * 'type' came from an ENGINE and we need to release |
245 * it when done. */ | 185 * it when done. */ |
246 ctx->engine = impl; | 186 ctx->engine = impl; |
247 } | 187 } |
248 else | 188 else |
249 ctx->engine = NULL; | 189 ctx->engine = NULL; |
250 } | 190 } |
251 else | 191 else |
252 if(!ctx->digest) | 192 if(!ctx->digest) |
253 { | 193 { |
254 » » EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_NO_DIGEST_SET); | 194 » » EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_NO_DIGEST_SET); |
255 » » return 0; | |
256 » » } | |
257 » return 1; | |
258 » } | |
259 | |
260 #endif | |
261 | |
262 #endif | |
263 | |
264 int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) | |
265 » { | |
266 » M_EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); | |
267 #ifdef OPENSSL_FIPS | |
268 » if(FIPS_selftest_failed()) | |
269 » » { | |
270 » » FIPSerr(FIPS_F_EVP_DIGESTINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED); | |
271 » » ctx->digest = &bad_md; | |
272 return 0; | 195 return 0; |
273 } | 196 } |
274 #endif | 197 #endif |
275 #ifndef OPENSSL_NO_ENGINE | |
276 /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts | |
277 * so this context may already have an ENGINE! Try to avoid releasing | |
278 * the previous handle, re-querying for an ENGINE, and having a | |
279 * reinitialisation, when it may all be unecessary. */ | |
280 if (ctx->engine && ctx->digest && (!type || | |
281 (type && (type->type == ctx->digest->type)))) | |
282 goto skip_to_init; | |
283 if (!do_evp_md_engine(ctx, &type, impl)) | |
284 return 0; | |
285 #endif | |
286 if (ctx->digest != type) | 198 if (ctx->digest != type) |
287 { | 199 { |
288 #ifdef OPENSSL_FIPS | |
289 if (FIPS_mode()) | |
290 { | |
291 if (!(type->flags & EVP_MD_FLAG_FIPS) | |
292 && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) | |
293 { | |
294 EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_F
OR_FIPS); | |
295 ctx->digest = &bad_md; | |
296 return 0; | |
297 } | |
298 } | |
299 #endif | |
300 if (ctx->digest && ctx->digest->ctx_size) | 200 if (ctx->digest && ctx->digest->ctx_size) |
301 OPENSSL_free(ctx->md_data); | 201 OPENSSL_free(ctx->md_data); |
302 ctx->digest=type; | 202 ctx->digest=type; |
303 » » if (type->ctx_size) | 203 » » if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) |
304 { | 204 { |
| 205 ctx->update = type->update; |
305 ctx->md_data=OPENSSL_malloc(type->ctx_size); | 206 ctx->md_data=OPENSSL_malloc(type->ctx_size); |
306 » » » if (!ctx->md_data) | 207 » » » if (ctx->md_data == NULL) |
307 { | 208 { |
308 » » » » EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAI
LURE); | 209 » » » » EVPerr(EVP_F_EVP_DIGESTINIT_EX, |
| 210 » » » » » » » ERR_R_MALLOC_FAILURE); |
309 return 0; | 211 return 0; |
310 } | 212 } |
311 } | 213 } |
312 } | 214 } |
313 #ifndef OPENSSL_NO_ENGINE | 215 #ifndef OPENSSL_NO_ENGINE |
314 » skip_to_init: | 216 skip_to_init: |
315 #endif | 217 #endif |
| 218 if (ctx->pctx) |
| 219 { |
| 220 int r; |
| 221 r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG, |
| 222 EVP_PKEY_CTRL_DIGESTINIT, 0, ctx); |
| 223 if (r <= 0 && (r != -2)) |
| 224 return 0; |
| 225 } |
| 226 if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) |
| 227 return 1; |
316 return ctx->digest->init(ctx); | 228 return ctx->digest->init(ctx); |
317 } | 229 } |
318 | 230 |
319 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, | 231 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) |
320 » size_t count) | |
321 { | 232 { |
322 #ifdef OPENSSL_FIPS | 233 » return ctx->update(ctx,data,count); |
323 » FIPS_selftest_check(); | |
324 #endif | |
325 » return ctx->digest->update(ctx,data,count); | |
326 } | 234 } |
327 | 235 |
328 /* The caller can assume that this removes any secret data from the context */ | 236 /* The caller can assume that this removes any secret data from the context */ |
329 int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) | 237 int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) |
330 { | 238 { |
331 int ret; | 239 int ret; |
332 ret = EVP_DigestFinal_ex(ctx, md, size); | 240 ret = EVP_DigestFinal_ex(ctx, md, size); |
333 EVP_MD_CTX_cleanup(ctx); | 241 EVP_MD_CTX_cleanup(ctx); |
334 return ret; | 242 return ret; |
335 } | 243 } |
336 | 244 |
337 /* The caller can assume that this removes any secret data from the context */ | 245 /* The caller can assume that this removes any secret data from the context */ |
338 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) | 246 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) |
339 { | 247 { |
340 int ret; | 248 int ret; |
341 #ifdef OPENSSL_FIPS | |
342 FIPS_selftest_check(); | |
343 #endif | |
344 | 249 |
345 OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); | 250 OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); |
346 ret=ctx->digest->final(ctx,md); | 251 ret=ctx->digest->final(ctx,md); |
347 if (size != NULL) | 252 if (size != NULL) |
348 *size=ctx->digest->md_size; | 253 *size=ctx->digest->md_size; |
349 if (ctx->digest->cleanup) | 254 if (ctx->digest->cleanup) |
350 { | 255 { |
351 ctx->digest->cleanup(ctx); | 256 ctx->digest->cleanup(ctx); |
352 » » M_EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); | 257 » » EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); |
353 } | 258 } |
354 memset(ctx->md_data,0,ctx->digest->ctx_size); | 259 memset(ctx->md_data,0,ctx->digest->ctx_size); |
355 return ret; | 260 return ret; |
356 } | 261 } |
357 | 262 |
358 int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) | 263 int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) |
359 { | 264 { |
360 EVP_MD_CTX_init(out); | 265 EVP_MD_CTX_init(out); |
361 return EVP_MD_CTX_copy_ex(out, in); | 266 return EVP_MD_CTX_copy_ex(out, in); |
362 } | 267 } |
363 | 268 |
364 int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) | 269 int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) |
365 { | 270 { |
366 unsigned char *tmp_buf; | 271 unsigned char *tmp_buf; |
367 if ((in == NULL) || (in->digest == NULL)) | 272 if ((in == NULL) || (in->digest == NULL)) |
368 { | 273 { |
369 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,EVP_R_INPUT_NOT_INITIALIZED); | 274 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,EVP_R_INPUT_NOT_INITIALIZED); |
370 return 0; | 275 return 0; |
371 } | 276 } |
372 #ifndef OPENSSL_NO_ENGINE | 277 #ifndef OPENSSL_NO_ENGINE |
373 /* Make sure it's safe to copy a digest context using an ENGINE */ | 278 /* Make sure it's safe to copy a digest context using an ENGINE */ |
374 » if (in->engine && !do_engine_init(in->engine)) | 279 » if (in->engine && !ENGINE_init(in->engine)) |
375 { | 280 { |
376 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB); | 281 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB); |
377 return 0; | 282 return 0; |
378 } | 283 } |
379 #endif | 284 #endif |
380 | 285 |
381 if (out->digest == in->digest) | 286 if (out->digest == in->digest) |
382 { | 287 { |
383 tmp_buf = out->md_data; | 288 tmp_buf = out->md_data; |
384 » » M_EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE); | 289 » » EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE); |
385 } | 290 } |
386 else tmp_buf = NULL; | 291 else tmp_buf = NULL; |
387 EVP_MD_CTX_cleanup(out); | 292 EVP_MD_CTX_cleanup(out); |
388 memcpy(out,in,sizeof *out); | 293 memcpy(out,in,sizeof *out); |
389 | 294 |
390 » if (out->digest->ctx_size) | 295 » if (in->md_data && out->digest->ctx_size) |
391 { | 296 { |
392 if (tmp_buf) | 297 if (tmp_buf) |
393 out->md_data = tmp_buf; | 298 out->md_data = tmp_buf; |
394 else | 299 else |
395 { | 300 { |
396 out->md_data=OPENSSL_malloc(out->digest->ctx_size); | 301 out->md_data=OPENSSL_malloc(out->digest->ctx_size); |
397 if (!out->md_data) | 302 if (!out->md_data) |
398 { | 303 { |
399 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_MALLOC_FAI
LURE); | 304 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_MALLOC_FAI
LURE); |
400 return 0; | 305 return 0; |
401 } | 306 } |
402 } | 307 } |
403 memcpy(out->md_data,in->md_data,out->digest->ctx_size); | 308 memcpy(out->md_data,in->md_data,out->digest->ctx_size); |
404 } | 309 } |
405 | 310 |
| 311 out->update = in->update; |
| 312 |
| 313 if (in->pctx) |
| 314 { |
| 315 out->pctx = EVP_PKEY_CTX_dup(in->pctx); |
| 316 if (!out->pctx) |
| 317 { |
| 318 EVP_MD_CTX_cleanup(out); |
| 319 return 0; |
| 320 } |
| 321 } |
| 322 |
406 if (out->digest->copy) | 323 if (out->digest->copy) |
407 return out->digest->copy(out,in); | 324 return out->digest->copy(out,in); |
408 | 325 |
409 return 1; | 326 return 1; |
410 } | 327 } |
411 | 328 |
412 int EVP_Digest(const void *data, size_t count, | 329 int EVP_Digest(const void *data, size_t count, |
413 unsigned char *md, unsigned int *size, const EVP_MD *type, ENGIN
E *impl) | 330 unsigned char *md, unsigned int *size, const EVP_MD *type, ENGIN
E *impl) |
414 { | 331 { |
415 EVP_MD_CTX ctx; | 332 EVP_MD_CTX ctx; |
416 int ret; | 333 int ret; |
417 | 334 |
418 EVP_MD_CTX_init(&ctx); | 335 EVP_MD_CTX_init(&ctx); |
419 » M_EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT); | 336 » EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT); |
420 ret=EVP_DigestInit_ex(&ctx, type, impl) | 337 ret=EVP_DigestInit_ex(&ctx, type, impl) |
421 && EVP_DigestUpdate(&ctx, data, count) | 338 && EVP_DigestUpdate(&ctx, data, count) |
422 && EVP_DigestFinal_ex(&ctx, md, size); | 339 && EVP_DigestFinal_ex(&ctx, md, size); |
423 EVP_MD_CTX_cleanup(&ctx); | 340 EVP_MD_CTX_cleanup(&ctx); |
424 | 341 |
425 return ret; | 342 return ret; |
426 } | 343 } |
427 | 344 |
428 void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) | 345 void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) |
429 { | 346 { |
430 EVP_MD_CTX_cleanup(ctx); | 347 EVP_MD_CTX_cleanup(ctx); |
431 OPENSSL_free(ctx); | 348 OPENSSL_free(ctx); |
432 } | 349 } |
433 | 350 |
434 /* This call frees resources associated with the context */ | 351 /* This call frees resources associated with the context */ |
435 int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) | 352 int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) |
436 { | 353 { |
437 /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final, | 354 /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final, |
438 * because sometimes only copies of the context are ever finalised. | 355 * because sometimes only copies of the context are ever finalised. |
439 */ | 356 */ |
440 if (ctx->digest && ctx->digest->cleanup | 357 if (ctx->digest && ctx->digest->cleanup |
441 » && !M_EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED)) | 358 » && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED)) |
442 ctx->digest->cleanup(ctx); | 359 ctx->digest->cleanup(ctx); |
443 if (ctx->digest && ctx->digest->ctx_size && ctx->md_data | 360 if (ctx->digest && ctx->digest->ctx_size && ctx->md_data |
444 » && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) | 361 » && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) |
445 { | 362 { |
446 OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); | 363 OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); |
447 OPENSSL_free(ctx->md_data); | 364 OPENSSL_free(ctx->md_data); |
448 } | 365 } |
| 366 if (ctx->pctx) |
| 367 EVP_PKEY_CTX_free(ctx->pctx); |
449 #ifndef OPENSSL_NO_ENGINE | 368 #ifndef OPENSSL_NO_ENGINE |
450 if(ctx->engine) | 369 if(ctx->engine) |
451 /* The EVP_MD we used belongs to an ENGINE, release the | 370 /* The EVP_MD we used belongs to an ENGINE, release the |
452 * functional reference we held for this reason. */ | 371 * functional reference we held for this reason. */ |
453 » » do_engine_finish(ctx->engine); | 372 » » ENGINE_finish(ctx->engine); |
454 #endif | 373 #endif |
455 memset(ctx,'\0',sizeof *ctx); | 374 memset(ctx,'\0',sizeof *ctx); |
456 | 375 |
457 return 1; | 376 return 1; |
458 } | 377 } |
OLD | NEW |