diff options
author | Richard Levitte <levitte@openssl.org> | 2005-01-27 01:49:25 +0000 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2005-01-27 01:49:25 +0000 |
commit | bf746f0f466221e1c395e5d23bc68f70650dea25 (patch) | |
tree | 529a6d65044d479569223b9635902a869ad51722 | |
parent | a229e3038ea0200c3ff035cb96cf01071eb7b6ad (diff) | |
download | openssl-new-bf746f0f466221e1c395e5d23bc68f70650dea25.tar.gz |
Check for errors from EVP_VerifyInit_ex(), or EVP_VerifyUpdate might
cause a segfault... This was uncovered because EVP_VerifyInit() may fail
in FIPS mode if the wrong algorithm is chosen...
-rw-r--r-- | crypto/asn1/a_verify.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index da2a0a6d69..b91678a9f6 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -150,7 +150,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat goto err; } - EVP_VerifyInit_ex(&ctx,type, NULL); + if (!EVP_VerifyInit_ex(&ctx,type, NULL)) + { + ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); + ret=0; + goto err; + } EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); OPENSSL_cleanse(buf_in,(unsigned int)inl); |