size_t *siglen)
{
int sctx = 0, r = 0;
- EVP_PKEY_CTX *pctx = ctx->pctx;
+ EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
if (pctx == NULL
|| pctx->operation != EVP_PKEY_OP_SIGNCTX
|| pctx->op.sig.signature == NULL)
goto legacy;
- return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
- sigret, siglen, SIZE_MAX);
+ if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
+ return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
+ sigret, siglen,
+ SIZE_MAX);
+ dctx = EVP_PKEY_CTX_dup(pctx);
+ if (dctx == NULL)
+ return 0;
+
+ r = dctx->op.sig.signature->digest_sign_final(dctx->op.sig.algctx,
+ sigret, siglen,
+ SIZE_MAX);
+ EVP_PKEY_CTX_free(dctx);
+ return r;
legacy:
if (pctx == NULL || pctx->pmeth == NULL) {
if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE)
r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
else {
- EVP_PKEY_CTX *dctx = EVP_PKEY_CTX_dup(pctx);
-
+ dctx = EVP_PKEY_CTX_dup(pctx);
if (dctx == NULL)
return 0;
r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx);
int r = 0;
unsigned int mdlen = 0;
int vctx = 0;
- EVP_PKEY_CTX *pctx = ctx->pctx;
+ EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
if (pctx == NULL
|| pctx->operation != EVP_PKEY_OP_VERIFYCTX
|| pctx->op.sig.signature == NULL)
goto legacy;
- return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
- sig, siglen);
+ if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
+ return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
+ sig, siglen);
+ dctx = EVP_PKEY_CTX_dup(pctx);
+ if (dctx == NULL)
+ return 0;
+
+ r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx,
+ sig, siglen);
+ EVP_PKEY_CTX_free(dctx);
+ return r;
legacy:
if (pctx == NULL || pctx->pmeth == NULL) {
{
int ret = 0;
EVP_PKEY *pkey = NULL;
- unsigned char *sig = NULL;
- size_t sig_len = 0;
+ unsigned char *sig = NULL, *sig2 = NULL;
+ size_t sig_len = 0, sig2_len = 0;
EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
BIO *mdbio = NULL, *membio = NULL;
|| !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
goto out;
- if (tst >= 6) {
- if (!TEST_int_gt(BIO_reset(mdbio), 0)
- || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
- goto out;
- }
-
/*
* Ensure that the signature round-trips (Verification isn't supported for
* HMAC via EVP_DigestVerify*)
*/
if (tst != 2 && tst != 5 && tst != 8) {
+ if (tst >= 6) {
+ if (!TEST_int_gt(BIO_reset(mdbio), 0)
+ || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
+ goto out;
+ }
+
if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
NULL, pkey)))
goto out;
}
if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
goto out;
+
+ /* Multiple calls to EVP_DigestVerifyFinal should work */
+ if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
+ goto out;
+ } else {
+ /*
+ * For HMAC a doubled call to DigestSignFinal should produce the same
+ * value as finalization should not happen.
+ */
+ if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
+ || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
+ || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
+ goto out;
+
+ if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
+ goto out;
}
ret = 1;
EVP_MD_CTX_free(a_md_ctx_verify);
EVP_PKEY_free(pkey);
OPENSSL_free(sig);
+ OPENSSL_free(sig2);
EVP_MD_free(mdexp);
return ret;
projects / openssl.git / commitdiff