diff options
author | Matt Caswell <matt@openssl.org> | 2020-09-03 12:50:30 +0200 |
---|---|---|
committer | Tomas Mraz <tmraz@fedoraproject.org> | 2020-09-10 11:35:42 +0200 |
commit | 3101ab603cd82cdbc81de0902b2b4718e8f1279b (patch) | |
tree | 02647b1a149bc52bd9973534eac593dc0744fe74 /crypto/evp/m_sigver.c | |
parent | Diverse build.info: Adjust paths (diff) | |
download | openssl-3101ab603cd82cdbc81de0902b2b4718e8f1279b.tar.xz openssl-3101ab603cd82cdbc81de0902b2b4718e8f1279b.zip |
Fix an EVP_MD_CTX leak
If we initialise an EVP_MD_CTX with a legacy MD, and then reuse the same
EVP_MD_CTX with a provided MD then we end up leaking the md_data.
We need to ensure we free the md_data if we change to a provided MD.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12779)
Diffstat (limited to 'crypto/evp/m_sigver.c')
-rw-r--r-- | crypto/evp/m_sigver.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index a60d6e770b..e2bb613a20 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -177,6 +177,12 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, if (mdname != NULL) { /* + * We're about to get a new digest so clear anything associated with + * an old digest. + */ + evp_md_ctx_clear_digest(ctx, 1); + + /* * This might be requested by a later call to EVP_MD_CTX_md(). * In that case the "explicit fetch" rules apply for that * function (as per man pages), i.e. the ref count is not updated @@ -185,6 +191,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, */ ctx->digest = ctx->reqdigest = ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props); + if (ctx->digest == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); + goto err; + } } } |