diff options
author | Dr. David von Oheimb <dev@ddvo.net> | 2023-10-20 21:00:10 +0200 |
---|---|---|
committer | Hugo Landau <hlandau@openssl.org> | 2023-10-26 16:03:48 +0100 |
commit | d7ad09da778bcc0090a7cdfd87edb56eea22382b (patch) | |
tree | 8f1a0bafa5a0ba49c1dbcf84e1dc8214dbaf1f12 | |
parent | f03ce9e0194ab1b5422bc582eb81b8babaef49c5 (diff) | |
download | openssl-d7ad09da778bcc0090a7cdfd87edb56eea22382b.tar.gz |
CMS and PKCS7: fix handlling of EVP_PKEY_get_size() failure
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22459)
-rw-r--r-- | crypto/cms/cms_sd.c | 7 | ||||
-rw-r--r-- | crypto/pkcs7/pk7_doit.c | 7 |
2 files changed, 6 insertions, 8 deletions
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 43a404da14..b41e3571b2 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -764,8 +764,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, md = computed_md; } siglen = EVP_PKEY_get_size(si->pkey); - sig = OPENSSL_malloc(siglen); - if (sig == NULL) + if (siglen == 0 || (sig = OPENSSL_malloc(siglen)) == NULL) goto err; if (EVP_PKEY_sign(pctx, sig, &siglen, md, mdlen) <= 0) { OPENSSL_free(sig); @@ -780,8 +779,8 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, ERR_raise(ERR_LIB_CMS, CMS_R_OPERATION_UNSUPPORTED); goto err; } - sig = OPENSSL_malloc(EVP_PKEY_get_size(si->pkey)); - if (sig == NULL) + siglen = EVP_PKEY_get_size(si->pkey); + if (siglen == 0 || (sig = OPENSSL_malloc(siglen)) == NULL) goto err; if (!EVP_SignFinal_ex(mctx, sig, &siglen, si->pkey, ossl_cms_ctx_get0_libctx(ctx), diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 43ea2a9b60..c753a0880b 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -834,10 +834,9 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) goto err; } else { unsigned char *abuf = NULL; - unsigned int abuflen; - abuflen = EVP_PKEY_get_size(si->pkey); - abuf = OPENSSL_malloc(abuflen); - if (abuf == NULL) + unsigned int abuflen = EVP_PKEY_get_size(si->pkey); + + if (abuflen == 0 || (abuf = OPENSSL_malloc(abuflen)) == NULL) goto err; if (!EVP_SignFinal_ex(ctx_tmp, abuf, &abuflen, si->pkey, |