From 814fd41b4cce7c22384f7c3b941c93ecc11a3110 Mon Sep 17 00:00:00 2001 From: inoguchi Date: Sun, 27 Mar 2022 00:37:10 +0000 Subject: [PATCH] Check EVP_Digest* functions return value in openssl(1) ts Move up md_ctx and add EVP_MD_CTX_free under the 'err:' label. CID 149810 comment and ok jsing@ --- usr.bin/openssl/ts.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/usr.bin/openssl/ts.c b/usr.bin/openssl/ts.c index a05e9677bc5..94da634b45e 100644 --- a/usr.bin/openssl/ts.c +++ b/usr.bin/openssl/ts.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts.c,v 1.22 2022/03/24 14:07:08 inoguchi Exp $ */ +/* $OpenBSD: ts.c,v 1.23 2022/03/27 00:37:10 inoguchi Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -678,13 +678,14 @@ create_digest(BIO *input, char *digest, const EVP_MD *md, unsigned char **md_value) { int md_value_len; + EVP_MD_CTX *md_ctx = NULL; md_value_len = EVP_MD_size(md); if (md_value_len < 0) goto err; + if (input != NULL) { /* Digest must be computed from an input file. */ - EVP_MD_CTX *md_ctx; unsigned char buffer[4096]; int length; @@ -695,16 +696,24 @@ create_digest(BIO *input, char *digest, const EVP_MD *md, if ((md_ctx = EVP_MD_CTX_new()) == NULL) goto err; - EVP_DigestInit(md_ctx, md); + if (!EVP_DigestInit(md_ctx, md)) + goto err; + while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0) { - EVP_DigestUpdate(md_ctx, buffer, length); + if (!EVP_DigestUpdate(md_ctx, buffer, length)) + goto err; } - EVP_DigestFinal(md_ctx, *md_value, NULL); + + if (!EVP_DigestFinal(md_ctx, *md_value, NULL)) + goto err; EVP_MD_CTX_free(md_ctx); + md_ctx = NULL; + } else { /* Digest bytes are specified with digest. */ long digest_len; + *md_value = string_to_hex(digest, &digest_len); if (*md_value == NULL || md_value_len != digest_len) { free(*md_value); @@ -716,7 +725,9 @@ create_digest(BIO *input, char *digest, const EVP_MD *md, } return md_value_len; + err: + EVP_MD_CTX_free(md_ctx); return 0; } -- 2.20.1