Mitigate cache-timing attack in CBC mode. This is done by implementing

[openssl.git] / crypto / evp / p_verify.c

diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c
index af175b84f703cc576456c48dcb006000fa1483a5..21a40a375e1b71b6e3a2c17bd0a8ee840cde1ec2 100644 (file)
--- a/crypto/evp/p_verify.c
+++ b/crypto/evp/p_verify.c
@@ -62,7 +62,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
-int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf,
+int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
             unsigned int siglen, EVP_PKEY *pkey)
        {
        unsigned char m[EVP_MAX_MD_SIZE];
@@ -86,8 +86,8 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf,
                return(-1);
                }
        EVP_MD_CTX_init(&tmp_ctx);
-       EVP_MD_CTX_copy(&tmp_ctx,ctx);     
-       EVP_DigestFinal(&tmp_ctx,&(m[0]),&m_len);
+       EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);     
+       EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
        EVP_MD_CTX_cleanup(&tmp_ctx);
         if (ctx->digest->verify == NULL)
                 {