Don't leave errors on the stack in `MdCtxRef::digest_verify_final` (4d49588a) · Commits · Public Repositories / Rust Openssl

openssl/src/md_ctx.rs

+18 −6

Original line number	Diff line number	Diff line
		@@ -85,7 +85,7 @@ use crate::error::ErrorStack;
		use crate::md::MdRef;
		use crate::pkey::{HasPrivate, HasPublic, PKeyRef};
		use crate::pkey_ctx::PkeyCtxRef;
		use crate::{cvt, cvt_n, cvt_p};
		use crate::{cvt, cvt_p};
		use cfg_if::cfg_if;
		use foreign_types::{ForeignType, ForeignTypeRef};
		use openssl_macros::corresponds;
		@@ -309,12 +309,21 @@ impl MdCtxRef {
		#[inline]
		pub fn digest_verify_final(&mut self, signature: &[u8]) -> Result<bool, ErrorStack> {
		unsafe {
		let r = cvt_n(ffi::EVP_DigestVerifyFinal(
		let r = ffi::EVP_DigestVerifyFinal(
		self.as_ptr(),
		signature.as_ptr() as *mut _,
		signature.len(),
		))?;
		Ok(r == 1)
		);
		if r == 1 {
		Ok(true)
		} else {
		let errors = ErrorStack::get();
		if errors.errors().is_empty() {
		Ok(false)
		} else {
		Err(errors)
		}
		}
		}
		}

		@@ -424,8 +433,11 @@ mod test {

		ctx.digest_verify_init(Some(md), &key1).unwrap();
		ctx.digest_verify_update(bad_data).unwrap();
		let valid = ctx.digest_verify_final(&signature).unwrap();
		assert!(!valid);
		assert!(matches!(
		ctx.digest_verify_final(&signature),
		Ok(false) \| Err(_)
		));
		assert!(ErrorStack::get().errors().is_empty());
		}

		#[test]