From: Richard Levitte <levitte@openssl.org>
Date: Thu, 27 Jan 2005 01:49:25 +0000 (+0000)
Subject: Check for errors from EVP_VerifyInit_ex(), or EVP_VerifyUpdate might
X-Git-Tag: OpenSSL_0_9_7g~17^2~52
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=bf746f0f466221e1c395e5d23bc68f70650dea25

Check for errors from EVP_VerifyInit_ex(), or EVP_VerifyUpdate might
cause a segfault...  This was uncovered because EVP_VerifyInit() may fail
in FIPS mode if the wrong algorithm is chosen...
---

diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
index da2a0a6d69..b91678a9f6 100644
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -150,7 +150,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
 		goto err;
 		}
 
-	EVP_VerifyInit_ex(&ctx,type, NULL);
+	if (!EVP_VerifyInit_ex(&ctx,type, NULL))
+		{
+		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+		ret=0;
+		goto err;
+		}
 	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
 
 	OPENSSL_cleanse(buf_in,(unsigned int)inl);