diff options
| author | tb <> | 2022-01-09 15:15:25 +0000 |
|---|---|---|
| committer | tb <> | 2022-01-09 15:15:25 +0000 |
| commit | 12dd2352d38b1ef2237d623bc6b869d169e71567 (patch) | |
| tree | b42edbe525fc7c43874d4c14d0981bb1cb4e2d3d /src/lib/libcrypto/evp/digest.c | |
| parent | 98fb653e64884887dde11a1e705e45a6290548d1 (diff) | |
| download | openbsd-12dd2352d38b1ef2237d623bc6b869d169e71567.tar.gz openbsd-12dd2352d38b1ef2237d623bc6b869d169e71567.tar.bz2 openbsd-12dd2352d38b1ef2237d623bc6b869d169e71567.zip | |
Prepare to provide EVP_MD_CTX{,_set}_pkey_ctx()
This API with very strange ownership handling is used by Ruby 3.1,
unfortunately.
For unclear reasons, it was decided that the caller retains ownership of
the pctx passed in. EVP_PKEY_CTX aren't refcounted, so a flag was added to
make sure that md_ctx->pctx is not freed in EVP_MD_CTX_{cleanup,reset}().
Since EVP_MD_CTX_copy_ex() duplicates the md_ctx->pctx, the flag also needs
to be unset on the duplicated EVP_MD_CTX.
ok inoguchi jsing
Diffstat (limited to 'src/lib/libcrypto/evp/digest.c')
| -rw-r--r-- | src/lib/libcrypto/evp/digest.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c index 59c98b57b8..fd42318044 100644 --- a/src/lib/libcrypto/evp/digest.c +++ b/src/lib/libcrypto/evp/digest.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: digest.c,v 1.32 2021/12/12 21:30:13 tb Exp $ */ | 1 | /* $OpenBSD: digest.c,v 1.33 2022/01/09 15:15:25 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -282,6 +282,12 @@ EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) | |||
| 282 | EVP_MD_CTX_cleanup(out); | 282 | EVP_MD_CTX_cleanup(out); |
| 283 | memcpy(out, in, sizeof *out); | 283 | memcpy(out, in, sizeof *out); |
| 284 | 284 | ||
| 285 | /* | ||
| 286 | * Because of the EVP_PKEY_CTX_dup() below, EVP_MD_CTX_cleanup() needs | ||
| 287 | * to free out->pctx in all cases (even if this flag is set on in). | ||
| 288 | */ | ||
| 289 | EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); | ||
| 290 | |||
| 285 | if (in->md_data && out->digest->ctx_size) { | 291 | if (in->md_data && out->digest->ctx_size) { |
| 286 | if (tmp_buf) { | 292 | if (tmp_buf) { |
| 287 | out->md_data = tmp_buf; | 293 | out->md_data = tmp_buf; |
| @@ -383,7 +389,12 @@ EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) | |||
| 383 | if (ctx->digest && ctx->digest->ctx_size && ctx->md_data && | 389 | if (ctx->digest && ctx->digest->ctx_size && ctx->md_data && |
| 384 | !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) | 390 | !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) |
| 385 | freezero(ctx->md_data, ctx->digest->ctx_size); | 391 | freezero(ctx->md_data, ctx->digest->ctx_size); |
| 386 | EVP_PKEY_CTX_free(ctx->pctx); | 392 | /* |
| 393 | * If EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set, EVP_MD_CTX_set_pkey() was | ||
| 394 | * called and its strange API contract implies we don't own ctx->pctx. | ||
| 395 | */ | ||
| 396 | if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) | ||
| 397 | EVP_PKEY_CTX_free(ctx->pctx); | ||
| 387 | #ifndef OPENSSL_NO_ENGINE | 398 | #ifndef OPENSSL_NO_ENGINE |
| 388 | ENGINE_finish(ctx->engine); | 399 | ENGINE_finish(ctx->engine); |
| 389 | #endif | 400 | #endif |