Clean up EVP_MD_CTX_{init,cleanup}() usage in ASN1_item_verify()

ok tb@
author: joshua <> 2024-01-28 14:43:48 +0000
committer: joshua <> 2024-01-28 14:43:48 +0000
commit: c33469682cf8c8a1224319946356725ae23ade27 (patch)
tree: 61ef0416333eef6219afc4ccaefb6f49c9cf217e /src
parent: 49b41170f3f0edb587f1b7107d440f81b0369b5a (diff)
download: openbsd-c33469682cf8c8a1224319946356725ae23ade27.tar.gz
openbsd-c33469682cf8c8a1224319946356725ae23ade27.tar.bz2
openbsd-c33469682cf8c8a1224319946356725ae23ade27.zip
1 files changed, 10 insertions, 9 deletions
diff --git a/src/lib/libcrypto/asn1/asn1_item.c b/src/lib/libcrypto/asn1/asn1_item.c
index 18da77433e..99a08698c8 100644
--- a/src/lib/libcrypto/asn1/asn1_item.c
+++ b/src/lib/libcrypto/asn1/asn1_item.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_item.c,v 1.19 2024/01/13 13:59:18 joshua Exp $ */
+/* $OpenBSD: asn1_item.c,v 1.20 2024/01/28 14:43:48 joshua Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -381,7 +381,7 @@ int
 ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
    ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
 {
-        EVP_MD_CTX ctx;
+        EVP_MD_CTX *md_ctx = NULL;
        unsigned char *in = NULL;
        int mdnid, pknid;
        int in_len = 0;
@@ -389,15 +389,16 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
        if (pkey == NULL) {
                ASN1error(ERR_R_PASSED_NULL_PARAMETER);
-                return -1;
+                goto err;
        }
        if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {
                ASN1error(ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
-                return -1;
+                goto err;
        }
-        EVP_MD_CTX_init(&ctx);
+        if ((md_ctx = EVP_MD_CTX_new()) == NULL)
+                goto err;
        /* Convert signature OID into digest and public key OIDs */
        if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) {
@@ -409,7 +410,7 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
                        ASN1error(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
                        goto err;
                }
-                ret = pkey->ameth->item_verify(&ctx, it, asn, a,
+                ret = pkey->ameth->item_verify(md_ctx, it, asn, a,
                    signature, pkey);
                /* Return value of 2 means carry on, anything else means we
                 * exit straight away: either a fatal error of the underlying
@@ -432,7 +433,7 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
                        goto err;
                }
-                if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) {
+                if (!EVP_DigestVerifyInit(md_ctx, NULL, type, NULL, pkey)) {
                        ASN1error(ERR_R_EVP_LIB);
                        ret = 0;
                        goto err;
@@ -446,7 +447,7 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
                goto err;
        }
-        if (EVP_DigestVerify(&ctx, signature->data, signature->length,
+        if (EVP_DigestVerify(md_ctx, signature->data, signature->length,
            in, in_len) <= 0) {
                ASN1error(ERR_R_EVP_LIB);
                ret = 0;
@@ -456,7 +457,7 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
        ret = 1;
 err:
-        EVP_MD_CTX_cleanup(&ctx);
+        EVP_MD_CTX_free(md_ctx);
        freezero(in, in_len);
        return ret;
author	joshua <>	2024-01-28 14:43:48 +0000
committer	joshua <>	2024-01-28 14:43:48 +0000
commit	c33469682cf8c8a1224319946356725ae23ade27 (patch)
tree	61ef0416333eef6219afc4ccaefb6f49c9cf217e /src
parent	49b41170f3f0edb587f1b7107d440f81b0369b5a (diff)
download	openbsd-c33469682cf8c8a1224319946356725ae23ade27.tar.gz openbsd-c33469682cf8c8a1224319946356725ae23ade27.tar.bz2 openbsd-c33469682cf8c8a1224319946356725ae23ade27.zip