CMS and PKCS7: fix handlling of EVP_PKEY_get_size() failure

author Dr. David von Oheimb <dev@ddvo.net>

Fri, 20 Oct 2023 19:00:10 +0000 (21:00 +0200)

committer Hugo Landau <hlandau@openssl.org>

Thu, 26 Oct 2023 15:03:48 +0000 (16:03 +0100)
author Dr. David von Oheimb <dev@ddvo.net>
Fri, 20 Oct 2023 19:00:10 +0000 (21:00 +0200)
committer Hugo Landau <hlandau@openssl.org>
Thu, 26 Oct 2023 15:03:48 +0000 (16:03 +0100)
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c

index 43a404da14890ba93e00425a5665f5f8c853812e..b41e3571b2ff7f198b019302b83300ac2a297c99 100644 (file)
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -764,8 +764,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
              md = computed_md;
          }
          siglen = EVP_PKEY_get_size(si->pkey);
-        sig = OPENSSL_malloc(siglen);
-        if (sig == NULL)
+        if (siglen == 0 || (sig = OPENSSL_malloc(siglen)) == NULL)
              goto err;
          if (EVP_PKEY_sign(pctx, sig, &siglen, md, mdlen) <= 0) {
              OPENSSL_free(sig);
@@ -780,8 +779,8 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
              ERR_raise(ERR_LIB_CMS, CMS_R_OPERATION_UNSUPPORTED);
              goto err;
          }
-        sig = OPENSSL_malloc(EVP_PKEY_get_size(si->pkey));
-        if (sig == NULL)
+        siglen = EVP_PKEY_get_size(si->pkey);
+        if (siglen == 0 || (sig = OPENSSL_malloc(siglen)) == NULL)
              goto err;
          if (!EVP_SignFinal_ex(mctx, sig, &siglen, si->pkey,
                                ossl_cms_ctx_get0_libctx(ctx),
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c

index 43ea2a9b60f9ba534b9371a54b7c6f82e2ecada4..c753a0880b14f5be019d3f12dd4aa93b42bc52f3 100644 (file)
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -834,10 +834,9 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                      goto err;
              } else {
                  unsigned char *abuf = NULL;
-                unsigned int abuflen;
-                abuflen = EVP_PKEY_get_size(si->pkey);
-                abuf = OPENSSL_malloc(abuflen);
-                if (abuf == NULL)
+                unsigned int abuflen = EVP_PKEY_get_size(si->pkey);
+
+                if (abuflen == 0 || (abuf = OPENSSL_malloc(abuflen)) == NULL)
                      goto err;
  
                  if (!EVP_SignFinal_ex(ctx_tmp, abuf, &abuflen, si->pkey,
author	Dr. David von Oheimb <dev@ddvo.net>
	Fri, 20 Oct 2023 19:00:10 +0000 (21:00 +0200)
committer	Hugo Landau <hlandau@openssl.org>
	Thu, 26 Oct 2023 15:03:48 +0000 (16:03 +0100)
crypto/cms/cms_sd.c		patch \| blob \| history
crypto/pkcs7/pk7_doit.c		patch \| blob \| history