Backport libcrypto audit: check return values of EVP functions instead

of assuming they will always suceed.
author: Dr. Stephen Henson <steve@openssl.org> 2011-06-03 20:53:00 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-06-03 20:53:00 +0000
commit: 24d7159abd5e8a3fb5a75167e01b24230fb0874b (patch)
tree: 16bdf4ef0a62f645b5954de9a6bc137e38d79c83 /crypto/cms
parent: 7978dc989d09061913ce14a23a97c8c5f1821cdb (diff)
2 files changed, 3 insertions, 3 deletions
diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
index d00fe0f87b..f88e8f3b52 100644
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -412,8 +412,7 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
 		 */
 			|| EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
 			{
-			EVP_MD_CTX_copy_ex(mctx, mtmp);
-			return 1;
+			return EVP_MD_CTX_copy_ex(mctx, mtmp);
 			}
 		chain = BIO_next(chain);
 		}
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index e3192b9c57..77fbd13596 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -641,7 +641,8 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
 			cms->d.signedData->encapContentInfo->eContentType; 
 		unsigned char md[EVP_MAX_MD_SIZE];
 		unsigned int mdlen;
-		EVP_DigestFinal_ex(&mctx, md, &mdlen);
+		if (!EVP_DigestFinal_ex(&mctx, md, &mdlen))
+			goto err;
 		if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
 						V_ASN1_OCTET_STRING,
 						md, mdlen))
author	Dr. Stephen Henson <steve@openssl.org>	2011-06-03 20:53:00 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-06-03 20:53:00 +0000
commit	24d7159abd5e8a3fb5a75167e01b24230fb0874b (patch)
tree	16bdf4ef0a62f645b5954de9a6bc137e38d79c83 /crypto/cms
parent	7978dc989d09061913ce14a23a97c8c5f1821cdb (diff)