diff options
| author | joshua <joshua@cvs.openbsd.org> | 2024-01-28 14:43:49 +0000 |
|---|---|---|
| committer | joshua <joshua@cvs.openbsd.org> | 2024-01-28 14:43:49 +0000 |
| commit | 83f504fcd162e7ef20cf472ebc5d78423c860ed8 (patch) | |
| tree | 4583ac828a95571d292cad91884883b18d00a62e | |
| parent | 8511762a57552154007bbdcbf8bce4ba28e60032 (diff) | |
Clean up EVP_MD_CTX_{init,cleanup}() usage in ASN1_item_verify()
ok tb@
| -rw-r--r-- | lib/libcrypto/asn1/asn1_item.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/lib/libcrypto/asn1/asn1_item.c b/lib/libcrypto/asn1/asn1_item.c index 18da77433e9..99a08698c8d 100644 --- a/lib/libcrypto/asn1/asn1_item.c +++ b/lib/libcrypto/asn1/asn1_item.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1_item.c,v 1.19 2024/01/13 13:59:18 joshua Exp $ */ +/* $OpenBSD: asn1_item.c,v 1.20 2024/01/28 14:43:48 joshua Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -381,7 +381,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) { - EVP_MD_CTX ctx; + EVP_MD_CTX *md_ctx = NULL; unsigned char *in = NULL; int mdnid, pknid; int in_len = 0; @@ -389,15 +389,16 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, if (pkey == NULL) { ASN1error(ERR_R_PASSED_NULL_PARAMETER); - return -1; + goto err; } if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { ASN1error(ASN1_R_INVALID_BIT_STRING_BITS_LEFT); - return -1; + goto err; } - EVP_MD_CTX_init(&ctx); + if ((md_ctx = EVP_MD_CTX_new()) == NULL) + goto err; /* Convert signature OID into digest and public key OIDs */ if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { @@ -409,7 +410,7 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1error(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); goto err; } - ret = pkey->ameth->item_verify(&ctx, it, asn, a, + ret = pkey->ameth->item_verify(md_ctx, it, asn, a, signature, pkey); /* Return value of 2 means carry on, anything else means we * exit straight away: either a fatal error of the underlying @@ -432,7 +433,7 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, goto err; } - if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) { + if (!EVP_DigestVerifyInit(md_ctx, NULL, type, NULL, pkey)) { ASN1error(ERR_R_EVP_LIB); ret = 0; goto err; @@ -446,7 +447,7 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, goto err; } - if (EVP_DigestVerify(&ctx, signature->data, signature->length, + if (EVP_DigestVerify(md_ctx, signature->data, signature->length, in, in_len) <= 0) { ASN1error(ERR_R_EVP_LIB); ret = 0; @@ -456,7 +457,7 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ret = 1; err: - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_free(md_ctx); freezero(in, in_len); return ret; |