diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2009-09-24 01:43:49 +0200 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2009-09-24 01:43:49 +0200 |
| commit | b6dcdbfc94c482f6c15ba725754fc9e827e41851 (patch) | |
| tree | 9fec84d4564530bc97b42d56e01a64abb96adac3 /crypto/rsa | |
| parent | Add more return value checking attributes to evp.h and hmac.h (diff) | |
| download | openssl-b6dcdbfc94c482f6c15ba725754fc9e827e41851.tar.xz openssl-b6dcdbfc94c482f6c15ba725754fc9e827e41851.zip | |
Audit libcrypto for unchecked return values: fix all cases enountered
Diffstat (limited to 'crypto/rsa')
| -rw-r--r-- | crypto/rsa/rsa_oaep.c | 26 | ||||
| -rw-r--r-- | crypto/rsa/rsa_pss.c | 33 |
2 files changed, 37 insertions, 22 deletions
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index e238d10e5c..553d212ebe 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -56,7 +56,8 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, seed = to + 1; db = to + SHA_DIGEST_LENGTH + 1; - EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL); + if (!EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL)) + return 0; memset(db + SHA_DIGEST_LENGTH, 0, emlen - flen - 2 * SHA_DIGEST_LENGTH - 1); db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01; @@ -145,7 +146,8 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, for (i = 0; i < dblen; i++) db[i] ^= maskeddb[i]; - EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL); + if (!EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL)) + return -1; if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) goto decoding_err; @@ -189,34 +191,40 @@ int PKCS1_MGF1(unsigned char *mask, long len, EVP_MD_CTX c; unsigned char md[EVP_MAX_MD_SIZE]; int mdlen; + int rv = -1; EVP_MD_CTX_init(&c); mdlen = EVP_MD_size(dgst); if (mdlen < 0) - return -1; + goto err; for (i = 0; outlen < len; i++) { cnt[0] = (unsigned char)((i >> 24) & 255); cnt[1] = (unsigned char)((i >> 16) & 255); cnt[2] = (unsigned char)((i >> 8)) & 255; cnt[3] = (unsigned char)(i & 255); - EVP_DigestInit_ex(&c,dgst, NULL); - EVP_DigestUpdate(&c, seed, seedlen); - EVP_DigestUpdate(&c, cnt, 4); + if (!EVP_DigestInit_ex(&c,dgst, NULL) + || !EVP_DigestUpdate(&c, seed, seedlen) + || !EVP_DigestUpdate(&c, cnt, 4)) + goto err; if (outlen + mdlen <= len) { - EVP_DigestFinal_ex(&c, mask + outlen, NULL); + if (!EVP_DigestFinal_ex(&c, mask + outlen, NULL)) + goto err; outlen += mdlen; } else { - EVP_DigestFinal_ex(&c, md, NULL); + if (!EVP_DigestFinal_ex(&c, md, NULL)) + goto err; memcpy(mask + outlen, md, len - outlen); outlen = len; } } + rv = 0; + err: EVP_MD_CTX_cleanup(&c); - return 0; + return rv; } static int MGF1(unsigned char *mask, long len, const unsigned char *seed, diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c index ac211e2ffe..4efb8eddad 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -80,6 +80,7 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, unsigned char *DB = NULL; EVP_MD_CTX ctx; unsigned char H_[EVP_MAX_MD_SIZE]; + EVP_MD_CTX_init(&ctx); hLen = EVP_MD_size(Hash); if (hLen < 0) @@ -145,14 +146,17 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED); goto err; } - EVP_MD_CTX_init(&ctx); - EVP_DigestInit_ex(&ctx, Hash, NULL); - EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes); - EVP_DigestUpdate(&ctx, mHash, hLen); + if (!EVP_DigestInit_ex(&ctx, Hash, NULL) + || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) + || !EVP_DigestUpdate(&ctx, mHash, hLen)) + goto err; if (maskedDBLen - i) - EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i); - EVP_DigestFinal(&ctx, H_, NULL); - EVP_MD_CTX_cleanup(&ctx); + { + if (!EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i)) + goto err; + } + if (!EVP_DigestFinal(&ctx, H_, NULL)) + goto err; if (memcmp(H_, H, hLen)) { RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_BAD_SIGNATURE); @@ -164,6 +168,7 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, err: if (DB) OPENSSL_free(DB); + EVP_MD_CTX_cleanup(&ctx); return ret; @@ -228,12 +233,14 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, maskedDBLen = emLen - hLen - 1; H = EM + maskedDBLen; EVP_MD_CTX_init(&ctx); - EVP_DigestInit_ex(&ctx, Hash, NULL); - EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes); - EVP_DigestUpdate(&ctx, mHash, hLen); - if (sLen) - EVP_DigestUpdate(&ctx, salt, sLen); - EVP_DigestFinal(&ctx, H, NULL); + if (!EVP_DigestInit_ex(&ctx, Hash, NULL) + || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) + || !EVP_DigestUpdate(&ctx, mHash, hLen)) + goto err; + if (sLen && !EVP_DigestUpdate(&ctx, salt, sLen)) + goto err; + if (!EVP_DigestFinal(&ctx, H, NULL)) + goto err; EVP_MD_CTX_cleanup(&ctx); /* Generate dbMask in place then perform XOR on it */ |