This flag is still relevant even for non-legacy code so we should check
it where appropriate.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10013)
if (ctx == NULL)
return 1;
if (ctx == NULL)
return 1;
+#ifndef FIPS_MODE
+ /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */
+ /*
+ * pctx should be freed by the user of EVP_MD_CTX
+ * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set
+ */
+ if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX))
+ EVP_PKEY_CTX_free(ctx->pctx);
+#endif
+
if (ctx->digest == NULL || ctx->digest->prov == NULL)
goto legacy;
if (ctx->digest == NULL || ctx->digest->prov == NULL)
goto legacy;
&& !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
}
&& !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
}
- /*
- * pctx should be freed by the user of EVP_MD_CTX
- * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set
- */
-#ifndef FIPS_MODE
- /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */
- if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX))
- EVP_PKEY_CTX_free(ctx->pctx);
-# ifndef OPENSSL_NO_ENGINE
+#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE)
ENGINE_finish(ctx->engine);
ENGINE_finish(ctx->engine);
#endif
OPENSSL_cleanse(ctx, sizeof(*ctx));
#endif
OPENSSL_cleanse(ctx, sizeof(*ctx));
projects / openssl.git / commitdiff