GH634: fix potential memory leak

[openssl.git] / apps / dgst.c

diff --git a/apps/dgst.c b/apps/dgst.c
index 69211d34aca1bf16e9075d7c49eef699bd2c6145..5d25c58e32392a253694a6da29dd8f6d92b9349c 100644 (file)
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -80,7 +80,7 @@ typedef enum OPTION_choice {
     OPT_C, OPT_R, OPT_RAND, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
     OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,
     OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
-    OPT_NON_FIPS_ALLOW, OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT,
+    OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT,
     OPT_DIGEST
 } OPTION_CHOICE;
 
@@ -106,16 +106,15 @@ OPTIONS dgst_options[] = {
     {"d", OPT_DEBUG, '-', "Print debug info"},
     {"debug", OPT_DEBUG, '-'},
     {"fips-fingerprint", OPT_FIPS_FINGERPRINT, '-'},
-    {"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'},
     {"hmac", OPT_HMAC, 's', "Create hashed MAC with key"},
-    {"mac", OPT_MAC, 's', "Create MAC (not neccessarily HMAC)"},
-    {"sigop", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
-    {"macop", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
+    {"mac", OPT_MAC, 's', "Create MAC (not necessarily HMAC)"},
+    {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
+    {"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
+    {"", OPT_DIGEST, '-', "Any supported digest"},
 #ifndef OPENSSL_NO_ENGINE
     {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
     {"engine_impl", OPT_ENGINE_IMPL, '-'},
 #endif
-    {"", OPT_DIGEST, '-', "Any supported digest"},
     {NULL}
 };
 
@@ -133,8 +132,7 @@ int dgst_main(int argc, char **argv)
     const char *sigfile = NULL, *randfile = NULL;
     OPTION_CHOICE o;
     int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0;
-    int i, ret = 1, out_bin = -1, want_pub = 0, do_verify =
-        0, non_fips_allow = 0;
+    int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0;
     unsigned char *buf = NULL, *sigbuf = NULL;
     int engine_impl = 0;
 
@@ -205,9 +203,6 @@ int dgst_main(int argc, char **argv)
         case OPT_FIPS_FINGERPRINT:
             hmac_key = "etaonrishdlcupfm";
             break;
-        case OPT_NON_FIPS_ALLOW:
-            non_fips_allow = 1;
-            break;
         case OPT_HMAC:
             hmac_key = opt_arg();
             break;
@@ -272,7 +267,7 @@ int dgst_main(int argc, char **argv)
     if (randfile)
         app_RAND_load_file(randfile, 0);
 
-    out = bio_open_default(outfile, out_bin ? "wb" : "w");
+    out = bio_open_default(outfile, 'w', out_bin ? FORMAT_BINARY : FORMAT_TEXT);
     if (out == NULL)
         goto end;
 
@@ -323,12 +318,6 @@ int dgst_main(int argc, char **argv)
             goto end;
     }
 
-    if (non_fips_allow) {
-        EVP_MD_CTX *md_ctx;
-        BIO_get_md_ctx(bmd, &md_ctx);
-        EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-    }
-
     if (hmac_key) {
         sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, impl,
                                       (unsigned char *)hmac_key, -1);
@@ -375,7 +364,7 @@ int dgst_main(int argc, char **argv)
             goto end;
         }
         if (md == NULL)
-            md = EVP_md5();
+            md = EVP_sha256();
         if (!EVP_DigestInit_ex(mctx, md, impl)) {
             BIO_printf(bio_err, "Error setting digest\n");
             ERR_print_errors(bio_err);
@@ -443,16 +432,12 @@ int dgst_main(int argc, char **argv)
  end:
     OPENSSL_clear_free(buf, BUFSIZE);
     BIO_free(in);
-    if (passin)
-        OPENSSL_free(passin);
+    OPENSSL_free(passin);
     BIO_free_all(out);
     EVP_PKEY_free(sigkey);
-    if (sigopts)
-        sk_OPENSSL_STRING_free(sigopts);
-    if (macopts)
-        sk_OPENSSL_STRING_free(macopts);
-    if (sigbuf)
-        OPENSSL_free(sigbuf);
+    sk_OPENSSL_STRING_free(sigopts);
+    sk_OPENSSL_STRING_free(macopts);
+    OPENSSL_free(sigbuf);
     BIO_free(bmd);
     return (ret);
 }