Fix coverity CID #1452773 - Dereference before NULL check in EVP_DigestFinal_ex()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12628)
author: Shane Lontis <shane.lontis@oracle.com> 2020-08-11 17:31:11 +1000
committer: Shane Lontis <shane.lontis@oracle.com> 2020-08-24 11:19:28 +1000
commit: 4bec3f6d5103c8244aa50d5d5a5b0374c91e7dfb (patch)
tree: 084d549230985bca70ca318fda81b5a398af4230
parent: 1f9ad4f953fb178137dbcd625da5ee2440b5449d (diff)
1 files changed, 10 insertions, 3 deletions
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index f5ec573828..f9ba59ca63 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -367,11 +367,18 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 /* The caller can assume that this removes any secret data from the context */
 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize)
 {
-    int ret;
+    int ret, sz;
     size_t size = 0;
-    size_t mdsize = EVP_MD_size(ctx->digest);
+    size_t mdsize = 0;
 
-    if (ctx->digest == NULL || ctx->digest->prov == NULL)
+    if (ctx->digest == NULL)
+        return 0;
+
+    sz = EVP_MD_size(ctx->digest);
+    if (sz < 0)
+        return 0;
+    mdsize = sz;
+    if (ctx->digest->prov == NULL)
         goto legacy;
 
     if (ctx->digest->dfinal == NULL) {
author	Shane Lontis <shane.lontis@oracle.com>	2020-08-11 17:31:11 +1000
committer	Shane Lontis <shane.lontis@oracle.com>	2020-08-24 11:19:28 +1000
commit	4bec3f6d5103c8244aa50d5d5a5b0374c91e7dfb (patch)
tree	084d549230985bca70ca318fda81b5a398af4230
parent	1f9ad4f953fb178137dbcd625da5ee2440b5449d (diff)