diff options
| author | Schüller Felix <F.Schueller@infodas.de> | 2016-03-18 20:20:34 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2016-03-19 02:02:02 +0100 |
| commit | c6aca19bb5541883cf8233b03d92e9ef6d91357c (patch) | |
| tree | f2a8072fc3c2652cb6742411e18c0e91fb98e005 | |
| parent | Use the dependencies received in generatesrc() (diff) | |
| download | openssl-c6aca19bb5541883cf8233b03d92e9ef6d91357c.tar.xz openssl-c6aca19bb5541883cf8233b03d92e9ef6d91357c.zip | |
Don't free up EVP_MD_CTX.
Don't free up passed EVP_MD_CTX in ASN1_item_sign_ctx(). This
simplifies handling and retains compatiblity with previous behaviour.
PR#4446
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
| -rw-r--r-- | apps/req.c | 18 | ||||
| -rw-r--r-- | crypto/asn1/a_sign.c | 8 |
2 files changed, 9 insertions, 17 deletions
diff --git a/apps/req.c b/apps/req.c index b128fa8c3e..edf998ba70 100644 --- a/apps/req.c +++ b/apps/req.c @@ -1523,13 +1523,9 @@ int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md, EVP_MD_CTX *mctx = EVP_MD_CTX_new(); rv = do_sign_init(mctx, pkey, md, sigopts); - /* Note: X509_sign_ctx() calls ASN1_item_sign_ctx(), which destroys - * the EVP_MD_CTX we send it, so only destroy it here if the former - * isn't called */ if (rv > 0) rv = X509_sign_ctx(x, mctx); - else - EVP_MD_CTX_free(mctx); + EVP_MD_CTX_free(mctx); return rv > 0 ? 1 : 0; } @@ -1539,13 +1535,9 @@ int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md, int rv; EVP_MD_CTX *mctx = EVP_MD_CTX_new(); rv = do_sign_init(mctx, pkey, md, sigopts); - /* Note: X509_REQ_sign_ctx() calls ASN1_item_sign_ctx(), which destroys - * the EVP_MD_CTX we send it, so only destroy it here if the former - * isn't called */ if (rv > 0) rv = X509_REQ_sign_ctx(x, mctx); - else - EVP_MD_CTX_free(mctx); + EVP_MD_CTX_free(mctx); return rv > 0 ? 1 : 0; } @@ -1555,12 +1547,8 @@ int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, int rv; EVP_MD_CTX *mctx = EVP_MD_CTX_new(); rv = do_sign_init(mctx, pkey, md, sigopts); - /* Note: X509_CRL_sign_ctx() calls ASN1_item_sign_ctx(), which destroys - * the EVP_MD_CTX we send it, so only destroy it here if the former - * isn't called */ if (rv > 0) rv = X509_CRL_sign_ctx(x, mctx); - else - EVP_MD_CTX_free(mctx); + EVP_MD_CTX_free(mctx); return rv > 0 ? 1 : 0; } diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index 2abbe77805..616f97993f 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -216,6 +216,7 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey, const EVP_MD *type) { + int rv; EVP_MD_CTX *ctx = EVP_MD_CTX_new(); if (ctx == NULL) { @@ -226,7 +227,11 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, EVP_MD_CTX_free(ctx); return 0; } - return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx); + + rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx); + + EVP_MD_CTX_free(ctx); + return rv; } int ASN1_item_sign_ctx(const ASN1_ITEM *it, @@ -318,7 +323,6 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; err: - EVP_MD_CTX_free(ctx); OPENSSL_clear_free((char *)buf_in, (unsigned int)inl); OPENSSL_clear_free((char *)buf_out, outll); return (outl); |