diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2020-08-11 17:31:11 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2020-08-24 11:19:28 +1000 |
commit | 4bec3f6d5103c8244aa50d5d5a5b0374c91e7dfb (patch) | |
tree | 084d549230985bca70ca318fda81b5a398af4230 | |
parent | 1f9ad4f953fb178137dbcd625da5ee2440b5449d (diff) |
Fix coverity CID #1452773 - Dereference before NULL check in EVP_DigestFinal_ex()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12628)
-rw-r--r-- | crypto/evp/digest.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index f5ec573828..f9ba59ca63 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -367,11 +367,18 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) /* The caller can assume that this removes any secret data from the context */ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize) { - int ret; + int ret, sz; size_t size = 0; - size_t mdsize = EVP_MD_size(ctx->digest); + size_t mdsize = 0; - if (ctx->digest == NULL || ctx->digest->prov == NULL) + if (ctx->digest == NULL) + return 0; + + sz = EVP_MD_size(ctx->digest); + if (sz < 0) + return 0; + mdsize = sz; + if (ctx->digest->prov == NULL) goto legacy; if (ctx->digest->dfinal == NULL) { |