[openssl] OpenSSL_1_1_1-stable update

patrick.steuer at de.ibm.com patrick.steuer at de.ibm.com
Wed Oct 30 09:35:49 UTC 2019


The branch OpenSSL_1_1_1-stable has been updated
       via  43a8f91f00e35b20e33c393f5b79215c277c508e (commit)
      from  9cebf0d179e9a2baadabbac1f310c053ce4b8e57 (commit)


- Log -----------------------------------------------------------------
commit 43a8f91f00e35b20e33c393f5b79215c277c508e
Author: Pavel Karagodin <nblka0 at gmail.com>
Date:   Mon Oct 28 09:12:06 2019 +0700

    apps/dgst.c: allocate a new signature buffer
    
    ... if the fixed-size buffer is too small.
    
    Fixes #9732
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Patrick Steuer <patrick.steuer at de.ibm.com>
    (Merged from https://github.com/openssl/openssl/pull/10276)
    
    (cherry picked from commit 7c2d95d47ccb3797f0da6bd4446747c6eee07b87)

-----------------------------------------------------------------------

Summary of changes:
 apps/dgst.c | 34 ++++++++++++++++++++++++----------
 1 file changed, 24 insertions(+), 10 deletions(-)

diff --git a/apps/dgst.c b/apps/dgst.c
index 82b8d02cee..e595f7d818 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -501,15 +501,16 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
           const char *sig_name, const char *md_name,
           const char *file)
 {
-    size_t len;
-    int i, backslash = 0;
+    size_t len = BUFSIZE;
+    int i, backslash = 0, ret = 1;
+    unsigned char *sigbuf = NULL;
 
     while (BIO_pending(bp) || !BIO_eof(bp)) {
         i = BIO_read(bp, (char *)buf, BUFSIZE);
         if (i < 0) {
             BIO_printf(bio_err, "Read Error in %s\n", file);
             ERR_print_errors(bio_err);
-            return 1;
+            goto end;
         }
         if (i == 0)
             break;
@@ -522,28 +523,35 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
             BIO_printf(out, "Verified OK\n");
         } else if (i == 0) {
             BIO_printf(out, "Verification Failure\n");
-            return 1;
+            goto end;
         } else {
             BIO_printf(bio_err, "Error Verifying Data\n");
             ERR_print_errors(bio_err);
-            return 1;
+            goto end;
         }
-        return 0;
+        ret = 0;
+        goto end;
     }
     if (key != NULL) {
         EVP_MD_CTX *ctx;
+        int pkey_len;
         BIO_get_md_ctx(bp, &ctx);
-        len = BUFSIZE;
+        pkey_len = EVP_PKEY_size(key);
+        if (pkey_len > BUFSIZE) {
+            len = pkey_len;
+            sigbuf = app_malloc(len, "Signature buffer");
+            buf = sigbuf;
+        }
         if (!EVP_DigestSignFinal(ctx, buf, &len)) {
             BIO_printf(bio_err, "Error Signing Data\n");
             ERR_print_errors(bio_err);
-            return 1;
+            goto end;
         }
     } else {
         len = BIO_gets(bp, (char *)buf, BUFSIZE);
         if ((int)len < 0) {
             ERR_print_errors(bio_err);
-            return 1;
+            goto end;
         }
     }
 
@@ -578,5 +586,11 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
         }
         BIO_printf(out, "\n");
     }
-    return 0;
+
+    ret = 0;
+ end:
+    if (sigbuf != NULL)
+        OPENSSL_clear_free(sigbuf, len);
+
+    return ret;
 }


More information about the openssl-commits mailing list