diff options
| author | Richard Levitte <levitte@openssl.org> | 2005-01-27 01:49:25 +0000 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2005-01-27 01:49:25 +0000 |
| commit | bf746f0f466221e1c395e5d23bc68f70650dea25 (patch) | |
| tree | 529a6d65044d479569223b9635902a869ad51722 | |
| parent | a229e3038ea0200c3ff035cb96cf01071eb7b6ad (diff) | |
| download | openssl-new-bf746f0f466221e1c395e5d23bc68f70650dea25.tar.gz | |
Check for errors from EVP_VerifyInit_ex(), or EVP_VerifyUpdate might
cause a segfault... This was uncovered because EVP_VerifyInit() may fail
in FIPS mode if the wrong algorithm is chosen...
| -rw-r--r-- | crypto/asn1/a_verify.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index da2a0a6d69..b91678a9f6 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -150,7 +150,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat goto err; } - EVP_VerifyInit_ex(&ctx,type, NULL); + if (!EVP_VerifyInit_ex(&ctx,type, NULL)) + { + ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); + ret=0; + goto err; + } EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); OPENSSL_cleanse(buf_in,(unsigned int)inl); |