generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

ASN1_verify, ASN1_item_verify: cleanse and free buf_in on error path

Browse Source 
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Jonas Maebe 2013-12-02 22:44:31 +01:00 committed by Kurt Roeckx
parent b9b9f853b5
commit c9c63b0180
1 changed files with 19 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
crypto/asn1/a_verify.c
View File

@ -101,17 +101,21 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
p=buf_in; p=buf_in;
i2d(data,&p); i2d(data,&p);
if (!EVP_VerifyInit_ex(&ctx,type, NULL) ret=
|| !EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl)) EVP_VerifyInit_ex(&ctx,type, NULL)
{ && EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
ret=0;
goto err;
}
OPENSSL_cleanse(buf_in,(unsigned int)inl); OPENSSL_cleanse(buf_in,(unsigned int)inl);
OPENSSL_free(buf_in); OPENSSL_free(buf_in);
if (!ret)
{
ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
goto err;
}
ret = -1;
if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
(unsigned int)signature->length,pkey) <= 0) (unsigned int)signature->length,pkey) <= 0)
{ {
@ -205,16 +209,18 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
goto err; goto err;
} }
if (!EVP_DigestVerifyUpdate(&ctx,buf_in,inl)) ret = EVP_DigestVerifyUpdate(&ctx,buf_in,inl);
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
ret=0;
goto err;
}
OPENSSL_cleanse(buf_in,(unsigned int)inl); OPENSSL_cleanse(buf_in,(unsigned int)inl);
OPENSSL_free(buf_in); OPENSSL_free(buf_in);
if (!ret)
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
goto err;
}
ret = -1;
if (EVP_DigestVerifyFinal(&ctx,signature->data, if (EVP_DigestVerifyFinal(&ctx,signature->data,
(size_t)signature->length) <= 0) (size_t)signature->length) <= 0)
{ {