Fix a_{digest,verify}.c error codepaths.

Not that these functions can actually fail. The only codepaths that do so are
user errors.

Change-Id: I9fcbd402ab6574b5423ae22b462a0e1192ef01d7
Reviewed-on: https://boringssl-review.googlesource.com/1900
Reviewed-by: Adam Langley <agl@google.com>

crypto/x509/a_digest.c

@@ -65,7 +65,7 @@
 int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
 		unsigned char *md, unsigned int *len)
 	{
-	int i;
+	int i, ret;
 	unsigned char *str,*p;
 
 	i=i2d(data,NULL);
@@ -77,23 +77,21 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
 	p=str;
 	i2d(data,&p);
 
-	if (!EVP_Digest(str, i, md, len, type, NULL))
+	ret = EVP_Digest(str, i, md, len, type, NULL);
-		return 0;
 	OPENSSL_free(str);
-	return(1);
+	return ret;
 	}
 
 int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
 		unsigned char *md, unsigned int *len)
 	{
-	int i;
+	int i, ret;
 	unsigned char *str = NULL;
 
 	i=ASN1_item_i2d(asn,&str, it);
 	if (!str) return(0);
 
-	if (!EVP_Digest(str, i, md, len, type, NULL))
+	ret = EVP_Digest(str, i, md, len, type, NULL);
-		return 0;
 	OPENSSL_free(str);
-	return(1);
+	return ret;
 	}

crypto/x509/a_verify.c

@@ -149,6 +149,8 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
 
 	if (!EVP_DigestVerifyUpdate(&ctx,buf_in,inl))
 		{
+		OPENSSL_cleanse(buf_in,(unsigned int)inl);
+		OPENSSL_free(buf_in);
 		OPENSSL_PUT_ERROR(X509, ASN1_item_verify, ERR_R_EVP_LIB);
 		ret=0;
 		goto err;