Do not fail if ctx dup does not succeed

If the ctx was *really* needed we'll probably fail later with an error anyway, so no point in failing immediately. Document that this behavior is dependent on the provider used to implement the signature/verification. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/20375)
author: Simo Sorce <simo@redhat.com> 2023-02-23 19:51:27 -0500
committer: Pauli <pauli@openssl.org> 2023-03-15 08:42:52 +1100
commit: 0fc00fc0e3867fc5f95fab1046ad7d2a85db06f8 (patch)
tree: 91ef7e2a84349602a3763855227e75754a1e8ac3 /crypto/evp/p_sign.c
parent: dba97d4c7142621fb279ef2074cd5c0a04eca7d3 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c
index 4eb34db267..ae0de57202 100644
--- a/crypto/evp/p_sign.c
+++ b/crypto/evp/p_sign.c
@@ -39,6 +39,8 @@ int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *sigret,
         rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx);
         if (rv)
             rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len);
+        else
+            rv = EVP_DigestFinal_ex(ctx, m, &m_len);
         EVP_MD_CTX_free(tmp_ctx);
         if (!rv)
             return 0;
author	Simo Sorce <simo@redhat.com>	2023-02-23 19:51:27 -0500
committer	Pauli <pauli@openssl.org>	2023-03-15 08:42:52 +1100
commit	0fc00fc0e3867fc5f95fab1046ad7d2a85db06f8 (patch)
tree	91ef7e2a84349602a3763855227e75754a1e8ac3 /crypto/evp/p_sign.c
parent	dba97d4c7142621fb279ef2074cd5c0a04eca7d3 (diff)