From 532d936be80c742d0746045d8396909822416eb5 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Thu, 27 Jan 2005 01:49:23 +0000
Subject: [PATCH] Check for errors from EVP_VerifyInit_ex(), or
 EVP_VerifyUpdate might cause a segfault...  This was uncovered because
 EVP_VerifyInit() may fail in FIPS mode if the wrong algorithm is chosen...

---
 crypto/asn1/a_verify.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
index da2a0a6d69..b91678a9f6 100644
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -150,7 +150,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
 		goto err;
 		}
 
-	EVP_VerifyInit_ex(&ctx,type, NULL);
+	if (!EVP_VerifyInit_ex(&ctx,type, NULL))
+		{
+		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+		ret=0;
+		goto err;
+		}
 	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
 
 	OPENSSL_cleanse(buf_in,(unsigned int)inl);
-- 
2.25.1