Skip to content

Commit

Permalink
Merge pull request #2283 from alex/md-ctx-errors
Browse files Browse the repository at this point in the history
Don't leave errors on the stack in `MdCtxRef::digest_verify_final`
  • Loading branch information
alex authored Aug 25, 2024
2 parents 28be7ed + 4d49588 commit 36dcae8
Showing 1 changed file with 18 additions and 6 deletions.
24 changes: 18 additions & 6 deletions openssl/src/md_ctx.rs
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ use crate::error::ErrorStack;
use crate::md::MdRef;
use crate::pkey::{HasPrivate, HasPublic, PKeyRef};
use crate::pkey_ctx::PkeyCtxRef;
use crate::{cvt, cvt_n, cvt_p};
use crate::{cvt, cvt_p};
use cfg_if::cfg_if;
use foreign_types::{ForeignType, ForeignTypeRef};
use openssl_macros::corresponds;
Expand Down Expand Up @@ -309,12 +309,21 @@ impl MdCtxRef {
#[inline]
pub fn digest_verify_final(&mut self, signature: &[u8]) -> Result<bool, ErrorStack> {
unsafe {
let r = cvt_n(ffi::EVP_DigestVerifyFinal(
let r = ffi::EVP_DigestVerifyFinal(
self.as_ptr(),
signature.as_ptr() as *mut _,
signature.len(),
))?;
Ok(r == 1)
);
if r == 1 {
Ok(true)
} else {
let errors = ErrorStack::get();
if errors.errors().is_empty() {
Ok(false)
} else {
Err(errors)
}
}
}
}

Expand Down Expand Up @@ -424,8 +433,11 @@ mod test {

ctx.digest_verify_init(Some(md), &key1).unwrap();
ctx.digest_verify_update(bad_data).unwrap();
let valid = ctx.digest_verify_final(&signature).unwrap();
assert!(!valid);
assert!(matches!(
ctx.digest_verify_final(&signature),
Ok(false) | Err(_)
));
assert!(ErrorStack::get().errors().is_empty());
}

#[test]
Expand Down

0 comments on commit 36dcae8

Please sign in to comment.