From 549490569f0efe3683a9580bfafc40d5b6f52a37 Mon Sep 17 00:00:00 2001 From: tb Date: Thu, 15 Jun 2023 13:22:25 +0000 Subject: [PATCH] Make NULL checks explicit in ASN1_item_sign_ctx() Also move the NULL check for the EVP_MD into the rv == 2 path, which is the only branch where it is used. ok jsing --- lib/libcrypto/asn1/asn1_item.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/lib/libcrypto/asn1/asn1_item.c b/lib/libcrypto/asn1/asn1_item.c index 10b67805909..6efe7314e7a 100644 --- a/lib/libcrypto/asn1/asn1_item.c +++ b/lib/libcrypto/asn1/asn1_item.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1_item.c,v 1.9 2023/06/15 13:07:45 tb Exp $ */ +/* $OpenBSD: asn1_item.c,v 1.10 2023/06/15 13:22:25 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -240,10 +240,7 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, int rv = 2; int ret = 0; - type = EVP_MD_CTX_md(ctx); - pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); - - if (!type || !pkey) { + if ((pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx)) == NULL) { ASN1error(ASN1_R_CONTEXT_NOT_INITIALISED); return 0; } @@ -253,7 +250,7 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, return 0; } - if (pkey->ameth->item_sign) { + if (pkey->ameth->item_sign != NULL) { rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, signature); if (rv == 1) { @@ -273,6 +270,11 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, } if (rv == 2) { + if ((type = EVP_MD_CTX_md(ctx)) == NULL) { + ASN1error(ASN1_R_CONTEXT_NOT_INITIALISED); + return 0; + } + if (!OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type), pkey->ameth->pkey_id)) { ASN1error(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); -- 2.20.1