}
#endif
- EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
+ EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED
+ | EVP_MD_CTX_FLAG_FINALISED);
if (type != NULL) {
ctx->reqdigest = type;
if (count == 0)
return 1;
+ if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
+ return 0;
+ }
+
if (ctx->pctx != NULL
&& EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx)
&& ctx->pctx->op.sig.algctx != NULL) {
return 0;
}
+ if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
+ return 0;
+ }
+
ret = ctx->digest->dfinal(ctx->algctx, md, &size, mdsize);
+ ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
+
if (isize != NULL) {
if (size <= UINT_MAX) {
*isize = (unsigned int)size;
return 0;
}
+ if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
+ return 0;
+ }
+
params[i++] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, &size);
params[i++] = OSSL_PARAM_construct_end();
if (EVP_MD_CTX_set_params(ctx, params) > 0)
ret = ctx->digest->dfinal(ctx->algctx, md, &size, size);
+ ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
+
return ret;
legacy:
if (ctx->pctx == NULL)
return 0;
+ EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_FINALISED);
+
locpctx = ctx->pctx;
ERR_set_mark();
{
EVP_PKEY_CTX *pctx = ctx->pctx;
+ if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
+ return 0;
+ }
+
if (pctx == NULL
|| pctx->operation != EVP_PKEY_OP_SIGNCTX
|| pctx->op.sig.algctx == NULL
{
EVP_PKEY_CTX *pctx = ctx->pctx;
+ if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
+ return 0;
+ }
+
if (pctx == NULL
|| pctx->operation != EVP_PKEY_OP_VERIFYCTX
|| pctx->op.sig.algctx == NULL
int sctx = 0, r = 0;
EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx;
+ if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
+ return 0;
+ }
+
if (pctx == NULL
|| pctx->operation != EVP_PKEY_OP_SIGNCTX
|| pctx->op.sig.algctx == NULL
r = pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
sigret, siglen,
sigret == NULL ? 0 : *siglen);
- EVP_PKEY_CTX_free(dctx);
+ if (dctx == NULL && sigret != NULL)
+ ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
+ else
+ EVP_PKEY_CTX_free(dctx);
return r;
legacy:
if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) {
if (sigret == NULL)
return pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
- if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE)
+ if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) {
r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
- else {
+ ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
+ } else {
dctx = EVP_PKEY_CTX_dup(pctx);
if (dctx == NULL)
return 0;
{
EVP_PKEY_CTX *pctx = ctx->pctx;
+ if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
+ return 0;
+ }
+
if (pctx != NULL
&& pctx->operation == EVP_PKEY_OP_SIGNCTX
&& pctx->op.sig.algctx != NULL
&& pctx->op.sig.signature != NULL) {
- if (pctx->op.sig.signature->digest_sign != NULL)
+ if (pctx->op.sig.signature->digest_sign != NULL) {
+ if (sigret != NULL)
+ ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
return pctx->op.sig.signature->digest_sign(pctx->op.sig.algctx,
sigret, siglen,
sigret == NULL ? 0 : *siglen,
tbs, tbslen);
+ }
} else {
/* legacy */
if (ctx->pctx->pmeth != NULL && ctx->pctx->pmeth->digestsign != NULL)
int vctx = 0;
EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx;
+ if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
+ return 0;
+ }
+
if (pctx == NULL
|| pctx->operation != EVP_PKEY_OP_VERIFYCTX
|| pctx->op.sig.algctx == NULL
}
r = pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
sig, siglen);
- EVP_PKEY_CTX_free(dctx);
+ if (dctx == NULL)
+ ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
+ else
+ EVP_PKEY_CTX_free(dctx);
return r;
legacy:
else
vctx = 0;
if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) {
- if (vctx)
+ if (vctx) {
r = pctx->pmeth->verifyctx(pctx, sig, siglen, ctx);
- else
+ ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
+ } else
r = EVP_DigestFinal_ex(ctx, md, &mdlen);
} else {
EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
{
EVP_PKEY_CTX *pctx = ctx->pctx;
+ if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
+ return 0;
+ }
+
if (pctx != NULL
&& pctx->operation == EVP_PKEY_OP_VERIFYCTX
&& pctx->op.sig.algctx != NULL
&& pctx->op.sig.signature != NULL) {
- if (pctx->op.sig.signature->digest_verify != NULL)
+ if (pctx->op.sig.signature->digest_verify != NULL) {
+ ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
return pctx->op.sig.signature->digest_verify(pctx->op.sig.algctx,
sigret, siglen,
tbs, tbslen);
+ }
} else {
/* legacy */
if (ctx->pctx->pmeth != NULL && ctx->pctx->pmeth->digestverify != NULL)