Fix a_{digest,verify}.c error codepaths.

Not that these functions can actually fail. The only codepaths that do so are user errors. Change-Id: I9fcbd402ab6574b5423ae22b462a0e1192ef01d7 Reviewed-on: https://boringssl-review.googlesource.com/1900 Reviewed-by: Adam Langley <agl@google.com>
11 years ago · bce495c9f3
parent 51fcd87102
commit bce495c9f3
2 changed files with 8 additions and 8 deletions
--- a/crypto/x509/a_digest.c
+++ b/crypto/x509/a_digest.c
@ -65,7 +65,7 @@
 int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
 		unsigned char *md, unsigned int *len)
 	{
-	int i;
+	int i, ret;
 	unsigned char *str,*p;

 	i=i2d(data,NULL);
@ -77,23 +77,21 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
 	p=str;
 	i2d(data,&p);

-	if (!EVP_Digest(str, i, md, len, type, NULL))
-		return 0;
+	ret = EVP_Digest(str, i, md, len, type, NULL);
 	OPENSSL_free(str);
-	return(1);
+	return ret;
 	}

 int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
 		unsigned char *md, unsigned int *len)
 	{
-	int i;
+	int i, ret;
 	unsigned char *str = NULL;

 	i=ASN1_item_i2d(asn,&str, it);
 	if (!str) return(0);

-	if (!EVP_Digest(str, i, md, len, type, NULL))
-		return 0;
+	ret = EVP_Digest(str, i, md, len, type, NULL);
 	OPENSSL_free(str);
-	return(1);
+	return ret;
 	}
--- a/crypto/x509/a_verify.c
+++ b/crypto/x509/a_verify.c
@ -149,6 +149,8 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,

 	if (!EVP_DigestVerifyUpdate(&ctx,buf_in,inl))
 		{
+		OPENSSL_cleanse(buf_in,(unsigned int)inl);
+		OPENSSL_free(buf_in);
 		OPENSSL_PUT_ERROR(X509, ASN1_item_verify, ERR_R_EVP_LIB);
 		ret=0;
 		goto err;