summaryrefslogtreecommitdiffstats
path: root/crypto/evp/m_sigver.c
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2020-09-03 12:50:30 +0200
committerTomas Mraz <tmraz@fedoraproject.org>2020-09-10 11:35:42 +0200
commit3101ab603cd82cdbc81de0902b2b4718e8f1279b (patch)
tree02647b1a149bc52bd9973534eac593dc0744fe74 /crypto/evp/m_sigver.c
parentDiverse build.info: Adjust paths (diff)
downloadopenssl-3101ab603cd82cdbc81de0902b2b4718e8f1279b.tar.xz
openssl-3101ab603cd82cdbc81de0902b2b4718e8f1279b.zip
Fix an EVP_MD_CTX leak
If we initialise an EVP_MD_CTX with a legacy MD, and then reuse the same EVP_MD_CTX with a provided MD then we end up leaking the md_data. We need to ensure we free the md_data if we change to a provided MD. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12779)
Diffstat (limited to 'crypto/evp/m_sigver.c')
-rw-r--r--crypto/evp/m_sigver.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index a60d6e770b..e2bb613a20 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -177,6 +177,12 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
if (mdname != NULL) {
/*
+ * We're about to get a new digest so clear anything associated with
+ * an old digest.
+ */
+ evp_md_ctx_clear_digest(ctx, 1);
+
+ /*
* This might be requested by a later call to EVP_MD_CTX_md().
* In that case the "explicit fetch" rules apply for that
* function (as per man pages), i.e. the ref count is not updated
@@ -185,6 +191,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
*/
ctx->digest = ctx->reqdigest = ctx->fetched_digest =
EVP_MD_fetch(locpctx->libctx, mdname, props);
+ if (ctx->digest == NULL) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+ goto err;
+ }
}
}