From c9c63b0180f658561f16afeb64e88d125d0ab4ca Mon Sep 17 00:00:00 2001 From: Jonas Maebe Date: Mon, 2 Dec 2013 22:44:31 +0100 Subject: [PATCH] ASN1_verify, ASN1_item_verify: cleanse and free buf_in on error path Signed-off-by: Kurt Roeckx Reviewed-by: Rich Salz --- crypto/asn1/a_verify.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index 87e7ef4f5e..aacf4763b5 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -101,16 +101,20 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, p=buf_in; i2d(data,&p); - if (!EVP_VerifyInit_ex(&ctx,type, NULL) - || !EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl)) + ret= + EVP_VerifyInit_ex(&ctx,type, NULL) + && EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); + + OPENSSL_cleanse(buf_in,(unsigned int)inl); + OPENSSL_free(buf_in); + + if (!ret) { ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); - ret=0; goto err; } + ret = -1; - OPENSSL_cleanse(buf_in,(unsigned int)inl); - OPENSSL_free(buf_in); if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, (unsigned int)signature->length,pkey) <= 0) @@ -205,15 +209,17 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, goto err; } - if (!EVP_DigestVerifyUpdate(&ctx,buf_in,inl)) + ret = EVP_DigestVerifyUpdate(&ctx,buf_in,inl); + + OPENSSL_cleanse(buf_in,(unsigned int)inl); + OPENSSL_free(buf_in); + + if (!ret) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); - ret=0; goto err; } - - OPENSSL_cleanse(buf_in,(unsigned int)inl); - OPENSSL_free(buf_in); + ret = -1; if (EVP_DigestVerifyFinal(&ctx,signature->data, (size_t)signature->length) <= 0) -- 2.25.1