Merge pull request #2283 from alex/md-ctx-errors

Don't leave errors on the stack in `MdCtxRef::digest_verify_final`

Author: alex

openssl/src/md_ctx.rs

@@ -85,7 +85,7 @@ use crate::error::ErrorStack;
 use crate::md::MdRef;
 use crate::pkey::{HasPrivate, HasPublic, PKeyRef};
 use crate::pkey_ctx::PkeyCtxRef;
-use crate::{cvt, cvt_n, cvt_p};
+use crate::{cvt, cvt_p};
 use cfg_if::cfg_if;
 use foreign_types::{ForeignType, ForeignTypeRef};
 use openssl_macros::corresponds;
@@ -309,12 +309,21 @@ impl MdCtxRef {
     #[inline]
     pub fn digest_verify_final(&mut self, signature: &[u8]) -> Result<bool, ErrorStack> {
         unsafe {
-            let r = cvt_n(ffi::EVP_DigestVerifyFinal(
+            let r = ffi::EVP_DigestVerifyFinal(
                 self.as_ptr(),
                 signature.as_ptr() as *mut _,
                 signature.len(),
-            ))?;
-            Ok(r == 1)
+            );
+            if r == 1 {
+                Ok(true)
+            } else {
+                let errors = ErrorStack::get();
+                if errors.errors().is_empty() {
+                    Ok(false)
+                } else {
+                    Err(errors)
+                }
+            }
         }
     }
 
@@ -424,8 +433,11 @@ mod test {
 
         ctx.digest_verify_init(Some(md), &key1).unwrap();
         ctx.digest_verify_update(bad_data).unwrap();
-        let valid = ctx.digest_verify_final(&signature).unwrap();
-        assert!(!valid);
+        assert!(matches!(
+            ctx.digest_verify_final(&signature),
+            Ok(false) | Err(_)
+        ));
+        assert!(ErrorStack::get().errors().is_empty());
     }
 
     #[test]