Some builds (depends on crypto engine support?) of OpenSSL
0.9.7x have EVP_DigestFinal function which which clears all of
EVP_MD_CTX. This makes pgcrypto crash in functions which
re-use one digest context several times: hmac() and crypt()
with md5 algorithm.
Following patch fixes it by carring the digest info around
EVP_DigestFinal and re-initializing cipher.
Please apply this also to stable branches (8.0 / 7.4).
Note that this can be blamed on OpenSSL 0.9.7x backwards-
compatibility functions: 0.9.6x and new 0.9.7x API
(EVP_DigestFinal_ex) do clear the "secret data" but keep the
general algorithm info.
But still, the fact is that pgcrypto was relying on
undocumented beheviour.
--
marko
