mime_hdr_new: free mhdr, tmpname, tmpval on error path

[oweals/openssl.git] / crypto / asn1 / a_verify.c

diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
index 432722e4099e6d9ecdc73646e8b931826705b69d..aacf4763b585c267dc5762f0c57742f3dba06eec 100644 (file)
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -60,7 +60,6 @@
 #include <time.h>
 
 #include "cryptlib.h"
-#include "asn1_locl.h"
 
 #ifndef NO_SYS_TYPES_H
 # include <sys/types.h>
@@ -71,6 +70,7 @@
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
+#include "asn1_locl.h"
 
 #ifndef NO_ASN1_OLD
 
@@ -101,16 +101,20 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
        p=buf_in;
 
        i2d(data,&p);
-       if (!EVP_VerifyInit_ex(&ctx,type, NULL)
-               || !EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl))
+       ret=
+               EVP_VerifyInit_ex(&ctx,type, NULL)
+               && EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+
+       OPENSSL_cleanse(buf_in,(unsigned int)inl);
+       OPENSSL_free(buf_in);
+
+       if (!ret)
                {
                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
-               ret=0;
                goto err;
                }
+       ret = -1;
 
-       OPENSSL_cleanse(buf_in,(unsigned int)inl);
-       OPENSSL_free(buf_in);
 
        if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
                        (unsigned int)signature->length,pkey) <= 0)
@@ -140,6 +144,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
 
        int mdnid, pknid;
 
+       if (!pkey)
+               {
+               ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
+               return -1;
+               }
+
        EVP_MD_CTX_init(&ctx);
 
        /* Convert signature OID into digest and public key OIDs */
@@ -199,15 +209,17 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
                goto err;
                }
 
-       if (!EVP_DigestVerifyUpdate(&ctx,buf_in,inl))
+       ret = EVP_DigestVerifyUpdate(&ctx,buf_in,inl);
+
+       OPENSSL_cleanse(buf_in,(unsigned int)inl);
+       OPENSSL_free(buf_in);
+
+       if (!ret)
                {
                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
-               ret=0;
                goto err;
                }
-
-       OPENSSL_cleanse(buf_in,(unsigned int)inl);
-       OPENSSL_free(buf_in);
+       ret = -1;
 
        if (EVP_DigestVerifyFinal(&ctx,signature->data,
                        (size_t)signature->length) <= 0)