Google Git
Sign in
boringssl/boringssl/3a9254f16eda7a4c5d2260039ff23456a0a34de4
commit
3a9254f16eda7a4c5d2260039ff23456a0a34de4
[log]
author
David Benjamin <davidben@google.com>
Wed May 27 13:39:38 2026 -0400
committer
boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Mon Jun 01 13:22:00 2026 -0700
tree
ffbfb0d20c92bcbb77870acb1e545cbdb2c06a64
parent
b19c870c537716395595936897076143364a2571 [diff]
Fix EVP_MD_CTX reuse across EVP_PKEY algorithms

If you call EVP_DigestInit after EVP_DigestSignInit, the EVP_PKEY_CTX
would stay around, putting the EVP_MD_CTX in a confused state.
Consistently reset it. Also if you call EVP_DigestSignInit after
EVP_DigestSignInit, the EVP_PKEY_CTX would stay around, silently
ignoring the EVP_PKEY you passed in.

Fix this by consistently resetting the EVP_MD_CTX it has a pctx
attached.

Along the way, simplify EVP_DigestInit_ex significantly. After
https://boringssl-review.googlesource.com/c/boringssl/+/79507, there is
no allocation to reuse, etc.

Update-Note: This does come with a behavior change: EVP_DigestInit
cannot be used to reset an EVP_DigestSign context, if the caller
happened to get the hash function right. (If the caller got the hash
function wrong, the object would get into a bad state.)

Change-Id: I01443222e6f1af77f5661a718ed17312aa8335cf
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/95967
Reviewed-by: Rudolf Polzer <rpolzer@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Presubmit-BoringSSL-Verified: boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
3 files changed
tree: ffbfb0d20c92bcbb77870acb1e545cbdb2c06a64
  1. .bcr/
  2. .github/
  3. bench/
  4. cmake/
  5. crypto/
  6. decrepit/
  7. docs/
  8. fuzz/
  9. gen/
  10. include/
  11. infra/
  12. pki/
  13. rust/
  14. ssl/
  15. third_party/
  16. tool/
  17. util/
  18. .bazelignore
  19. .bazelrc
  20. .bazelversion
  21. .clang-format
  22. .clang-format-ignore
  23. .clangd
  24. .gitattributes
  25. .gitignore
  26. API-CONVENTIONS.md
  27. AUTHORS
  28. BREAKING-CHANGES.md
  29. BUILD.bazel
  30. build.json
  31. BUILDING.md
  32. CMakeLists.txt
  33. codereview.settings
  34. CONTRIBUTING.md
  35. FUZZING.md
  36. go.mod
  37. go.sum
  38. INCORPORATING.md
  39. LICENSE
  40. MODULE.bazel
  41. MODULE.bazel.lock
  42. PORTING.md
  43. PRESUBMIT.py
  44. PrivacyInfo.xcprivacy
  45. README.md
  46. SANDBOXING.md
  47. SECURITY.md
  48. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

To file a security issue, use the Chromium process and mention in the report this is for BoringSSL. You can ignore the parts of the process that are specific to Chromium/Chrome.

There are other files in this directory which might be helpful: