[openssl] OpenSSL_1_1_1-stable update
patrick.steuer at de.ibm.com
patrick.steuer at de.ibm.com
Wed Oct 30 09:35:49 UTC 2019
The branch OpenSSL_1_1_1-stable has been updated
via 43a8f91f00e35b20e33c393f5b79215c277c508e (commit)
from 9cebf0d179e9a2baadabbac1f310c053ce4b8e57 (commit)
- Log -----------------------------------------------------------------
commit 43a8f91f00e35b20e33c393f5b79215c277c508e
Author: Pavel Karagodin <nblka0 at gmail.com>
Date: Mon Oct 28 09:12:06 2019 +0700
apps/dgst.c: allocate a new signature buffer
... if the fixed-size buffer is too small.
Fixes #9732
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer at de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10276)
(cherry picked from commit 7c2d95d47ccb3797f0da6bd4446747c6eee07b87)
-----------------------------------------------------------------------
Summary of changes:
apps/dgst.c | 34 ++++++++++++++++++++++++----------
1 file changed, 24 insertions(+), 10 deletions(-)
diff --git a/apps/dgst.c b/apps/dgst.c
index 82b8d02cee..e595f7d818 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -501,15 +501,16 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
const char *sig_name, const char *md_name,
const char *file)
{
- size_t len;
- int i, backslash = 0;
+ size_t len = BUFSIZE;
+ int i, backslash = 0, ret = 1;
+ unsigned char *sigbuf = NULL;
while (BIO_pending(bp) || !BIO_eof(bp)) {
i = BIO_read(bp, (char *)buf, BUFSIZE);
if (i < 0) {
BIO_printf(bio_err, "Read Error in %s\n", file);
ERR_print_errors(bio_err);
- return 1;
+ goto end;
}
if (i == 0)
break;
@@ -522,28 +523,35 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
BIO_printf(out, "Verified OK\n");
} else if (i == 0) {
BIO_printf(out, "Verification Failure\n");
- return 1;
+ goto end;
} else {
BIO_printf(bio_err, "Error Verifying Data\n");
ERR_print_errors(bio_err);
- return 1;
+ goto end;
}
- return 0;
+ ret = 0;
+ goto end;
}
if (key != NULL) {
EVP_MD_CTX *ctx;
+ int pkey_len;
BIO_get_md_ctx(bp, &ctx);
- len = BUFSIZE;
+ pkey_len = EVP_PKEY_size(key);
+ if (pkey_len > BUFSIZE) {
+ len = pkey_len;
+ sigbuf = app_malloc(len, "Signature buffer");
+ buf = sigbuf;
+ }
if (!EVP_DigestSignFinal(ctx, buf, &len)) {
BIO_printf(bio_err, "Error Signing Data\n");
ERR_print_errors(bio_err);
- return 1;
+ goto end;
}
} else {
len = BIO_gets(bp, (char *)buf, BUFSIZE);
if ((int)len < 0) {
ERR_print_errors(bio_err);
- return 1;
+ goto end;
}
}
@@ -578,5 +586,11 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
}
BIO_printf(out, "\n");
}
- return 0;
+
+ ret = 0;
+ end:
+ if (sigbuf != NULL)
+ OPENSSL_clear_free(sigbuf, len);
+
+ return ret;
}
More information about the openssl-commits
mailing list