cpan-authors · timlegge · Mar 22, 2026 · Mar 22, 2026
diff --git a/RSA.xs b/RSA.xs
@@ -214,14 +214,11 @@ EVP_MD *get_md_bynid(int hash_method)
     }
 }
 #endif
-unsigned char* get_message_digest(SV* text_SV, int hash_method)
+unsigned char* get_message_digest(SV* text_SV, int hash_method, unsigned char* md)
 {
     STRLEN text_length;
     unsigned char* text;
-    unsigned char *md;
-    static unsigned char m[EVP_MAX_MD_SIZE];
     text = (unsigned char*) SvPV(text_SV, text_length);
-    md = m;
 
     switch(hash_method)
     {
@@ -1115,7 +1112,8 @@ sign(p_rsa, text_SV)
         croak("Public keys cannot sign messages");
     }
 
-    CHECK_OPEN_SSL(digest = get_message_digest(text_SV, p_rsa->hashMode));
+    unsigned char digest_buf[EVP_MAX_MD_SIZE];
+    CHECK_OPEN_SSL(digest = get_message_digest(text_SV, p_rsa->hashMode, digest_buf));
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
     ctx = EVP_PKEY_CTX_new(p_rsa->rsa, NULL /* no engine */);
     THROW(ctx);
@@ -1193,7 +1191,8 @@ PPCODE:
         croak("Signature longer than key");
     }
 
-    CHECK_OPEN_SSL(digest = get_message_digest(text_SV, p_rsa->hashMode));
+    unsigned char digest_buf[EVP_MAX_MD_SIZE];
+    CHECK_OPEN_SSL(digest = get_message_digest(text_SV, p_rsa->hashMode, digest_buf));
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
     ctx = EVP_PKEY_CTX_new(p_rsa->rsa, NULL /* no engine */);
     THROW(ctx);