BIO_read() crash
Tomas Mraz
tomas at openssl.org
Mon Dec 5 10:24:23 UTC 2022
Hi,
there is an error in your code - see my comment below.
On Mon, 2022-12-05 at 08:45 +0000, Zhongyan Wang wrote:
...
> md = EVP_get_digestbyname(dgst);
> if (!md) {
> printf("Error EVP_get_digestbyname %s\n", dgst);
> goto err_exit;
> }
>
> in = BIO_new_file(datain, "rb");
> if (!in) {
> printf("Error BIO_new_file %s\n", datain);
> goto err_exit;
> }
>
> out = BIO_new(BIO_s_mem());
> if (!out) {
> printf("Error BIO_new out\n");
> goto err_exit;
> }
>
> rbio = in;
>
> bmd = BIO_new(BIO_f_md());
> if (!bmd){
> printf("Error BIO_new bmd\n");
> goto err_exit;
> }
>
> BIO_set_md(bmd, md);
You do not check the return value here. This call will return <= 0
return value in case the legacy provider is not loaded.
--
Tomáš Mráz, OpenSSL
More information about the openssl-users
mailing list