summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp/digest.c
diff options
context:
space:
mode:
authorjsing <>2019-04-19 17:04:45 +0000
committerjsing <>2019-04-19 17:04:45 +0000
commitad2f78627bd2e79d4aba75e47b15534a130af405 (patch)
tree6a87db8ed162a79d017ada09480789a9dc12a906 /src/lib/libcrypto/evp/digest.c
parentbe3777d5a1a8feec1ef0a141b1696da4a94b43b0 (diff)
downloadopenbsd-ad2f78627bd2e79d4aba75e47b15534a130af405.tar.gz
openbsd-ad2f78627bd2e79d4aba75e47b15534a130af405.tar.bz2
openbsd-ad2f78627bd2e79d4aba75e47b15534a130af405.zip
Allocate md_data with calloc to avoid use of uninitialised memory.
Found by Guido Vranken when fuzzing and trying to use GOST with HMAC. Fix confirmed by Guido; ok tb@
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/evp/digest.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index 6a7d86d702..4cd3565c65 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */ 1/* $OpenBSD: digest.c,v 1.31 2019/04/19 17:04:45 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -186,7 +186,7 @@ EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
186 ctx->digest = type; 186 ctx->digest = type;
187 if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) { 187 if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
188 ctx->update = type->update; 188 ctx->update = type->update;
189 ctx->md_data = malloc(type->ctx_size); 189 ctx->md_data = calloc(1, type->ctx_size);
190 if (ctx->md_data == NULL) { 190 if (ctx->md_data == NULL) {
191 EVP_PKEY_CTX_free(ctx->pctx); 191 EVP_PKEY_CTX_free(ctx->pctx);
192 ctx->pctx = NULL; 192 ctx->pctx = NULL;
@@ -281,11 +281,11 @@ EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
281 memcpy(out, in, sizeof *out); 281 memcpy(out, in, sizeof *out);
282 282
283 if (in->md_data && out->digest->ctx_size) { 283 if (in->md_data && out->digest->ctx_size) {
284 if (tmp_buf) 284 if (tmp_buf) {
285 out->md_data = tmp_buf; 285 out->md_data = tmp_buf;
286 else { 286 } else {
287 out->md_data = malloc(out->digest->ctx_size); 287 out->md_data = calloc(1, out->digest->ctx_size);
288 if (!out->md_data) { 288 if (out->md_data == NULL) {
289 EVPerror(ERR_R_MALLOC_FAILURE); 289 EVPerror(ERR_R_MALLOC_FAILURE);
290 return 0; 290 return 0;
291 } 291 }