Commit c6aca19b authored by Schüller Felix's avatar Schüller Felix Committed by Dr. Stephen Henson
Browse files

Don't free up EVP_MD_CTX. 



Don't free up passed EVP_MD_CTX in ASN1_item_sign_ctx(). This
simplifies handling and retains compatiblity with previous behaviour.

PR#4446

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
Reviewed-by: default avatarStephen Henson <steve@openssl.org>
parent 769777b0

apps/req.c

+3 −15
Original line number Diff line number Diff line
@@ -1523,12 +1523,8 @@ int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md, 
    EVP_MD_CTX *mctx = EVP_MD_CTX_new();



    rv = do_sign_init(mctx, pkey, md, sigopts);

    /* Note: X509_sign_ctx() calls ASN1_item_sign_ctx(), which destroys

     * the EVP_MD_CTX we send it, so only destroy it here if the former

     * isn't called */

    if (rv > 0)

        rv = X509_sign_ctx(x, mctx);

    else

    EVP_MD_CTX_free(mctx);

    return rv > 0 ? 1 : 0;

}
@@ -1539,12 +1535,8 @@ int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md, 
    int rv;

    EVP_MD_CTX *mctx = EVP_MD_CTX_new();

    rv = do_sign_init(mctx, pkey, md, sigopts);

    /* Note: X509_REQ_sign_ctx() calls ASN1_item_sign_ctx(), which destroys

     * the EVP_MD_CTX we send it, so only destroy it here if the former

     * isn't called */

    if (rv > 0)

        rv = X509_REQ_sign_ctx(x, mctx);

    else

    EVP_MD_CTX_free(mctx);

    return rv > 0 ? 1 : 0;

}
@@ -1555,12 +1547,8 @@ int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, 
    int rv;

    EVP_MD_CTX *mctx = EVP_MD_CTX_new();

    rv = do_sign_init(mctx, pkey, md, sigopts);

    /* Note: X509_CRL_sign_ctx() calls ASN1_item_sign_ctx(), which destroys

     * the EVP_MD_CTX we send it, so only destroy it here if the former

     * isn't called */

    if (rv > 0)

        rv = X509_CRL_sign_ctx(x, mctx);

    else

    EVP_MD_CTX_free(mctx);

    return rv > 0 ? 1 : 0;

}

crypto/asn1/a_sign.c

+6 −2
Original line number Diff line number Diff line
@@ -216,6 +216,7 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, 
                   X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn,

                   EVP_PKEY *pkey, const EVP_MD *type)

{

    int rv;

    EVP_MD_CTX *ctx = EVP_MD_CTX_new();



    if (ctx == NULL) {
@@ -226,7 +227,11 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, 
        EVP_MD_CTX_free(ctx);

        return 0;

    }

    return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx);



    rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx);



    EVP_MD_CTX_free(ctx);

    return rv;

}



int ASN1_item_sign_ctx(const ASN1_ITEM *it,
@@ -318,7 +323,6 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, 
    signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);

    signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;

 err:

    EVP_MD_CTX_free(ctx);

    OPENSSL_clear_free((char *)buf_in, (unsigned int)inl);

    OPENSSL_clear_free((char *)buf_out, outll);

    return (outl);