&& !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
}
- EVP_PKEY_CTX_free(ctx->pctx);
+ /*
+ * pctx should be freed by the user of EVP_MD_CTX
+ * if EVP_MD_CTX_FLAG_NEGLECT_PCTX is set
+ */
+ if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_NEGLECT_PCTX))
+ EVP_PKEY_CTX_free(ctx->pctx);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(ctx->engine);
#endif
- memset(ctx, 0, sizeof(*ctx));
+ OPENSSL_cleanse(ctx, sizeof(*ctx));
return 1;
}
* previous handle, re-querying for an ENGINE, and having a
* reinitialisation, when it may all be unnecessary.
*/
- if (ctx->engine && ctx->digest && (!type ||
- (type
- && (type->type ==
- ctx->digest->type))))
+ if (ctx->engine && ctx->digest &&
+ (type == NULL || (type->type == ctx->digest->type)))
goto skip_to_init;
if (type) {
/*
#endif
if (ctx->digest != type) {
if (ctx->digest && ctx->digest->ctx_size) {
- OPENSSL_free(ctx->md_data);
+ OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
ctx->md_data = NULL;
}
ctx->digest = type;
ctx->digest->cleanup(ctx);
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
}
- memset(ctx->md_data, 0, ctx->digest->ctx_size);
+ OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
+ return ret;
+}
+
+int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t size)
+{
+ int ret = 0;
+
+ if (ctx->digest->flags & EVP_MD_FLAG_XOF
+ && size <= INT_MAX
+ && ctx->digest->md_ctrl(ctx, EVP_MD_CTRL_XOF_LEN, (int)size, NULL)) {
+ ret = ctx->digest->final(ctx, md);
+
+ if (ctx->digest->cleanup != NULL) {
+ ctx->digest->cleanup(ctx);
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
+ }
+ OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
+ } else {
+ EVPerr(EVP_F_EVP_DIGESTFINALXOF, EVP_R_NOT_XOF_OR_INVALID_LENGTH);
+ }
+
return ret;
}