CMS and PKCS7: fix handlling of EVP_PKEY_get_size() failure

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22459)
author: Dr. David von Oheimb <dev@ddvo.net> 2023-10-20 21:00:10 +0200
committer: Hugo Landau <hlandau@openssl.org> 2023-10-26 16:03:48 +0100
commit: d7ad09da778bcc0090a7cdfd87edb56eea22382b (patch)
tree: 8f1a0bafa5a0ba49c1dbcf84e1dc8214dbaf1f12
parent: f03ce9e0194ab1b5422bc582eb81b8babaef49c5 (diff)
download: openssl-d7ad09da778bcc0090a7cdfd87edb56eea22382b.tar.gz
2 files changed, 6 insertions, 8 deletions
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index 43a404da14..b41e3571b2 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -764,8 +764,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
             md = computed_md;
         }
         siglen = EVP_PKEY_get_size(si->pkey);
-        sig = OPENSSL_malloc(siglen);
-        if (sig == NULL)
+        if (siglen == 0 || (sig = OPENSSL_malloc(siglen)) == NULL)
             goto err;
         if (EVP_PKEY_sign(pctx, sig, &siglen, md, mdlen) <= 0) {
             OPENSSL_free(sig);
@@ -780,8 +779,8 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
             ERR_raise(ERR_LIB_CMS, CMS_R_OPERATION_UNSUPPORTED);
             goto err;
         }
-        sig = OPENSSL_malloc(EVP_PKEY_get_size(si->pkey));
-        if (sig == NULL)
+        siglen = EVP_PKEY_get_size(si->pkey);
+        if (siglen == 0 || (sig = OPENSSL_malloc(siglen)) == NULL)
             goto err;
         if (!EVP_SignFinal_ex(mctx, sig, &siglen, si->pkey,
                               ossl_cms_ctx_get0_libctx(ctx),
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 43ea2a9b60..c753a0880b 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -834,10 +834,9 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                     goto err;
             } else {
                 unsigned char *abuf = NULL;
-                unsigned int abuflen;
-                abuflen = EVP_PKEY_get_size(si->pkey);
-                abuf = OPENSSL_malloc(abuflen);
-                if (abuf == NULL)
+                unsigned int abuflen = EVP_PKEY_get_size(si->pkey);
+
+                if (abuflen == 0 || (abuf = OPENSSL_malloc(abuflen)) == NULL)
                     goto err;
 
                 if (!EVP_SignFinal_ex(ctx_tmp, abuf, &abuflen, si->pkey,
author	Dr. David von Oheimb <dev@ddvo.net>	2023-10-20 21:00:10 +0200
committer	Hugo Landau <hlandau@openssl.org>	2023-10-26 16:03:48 +0100
commit	d7ad09da778bcc0090a7cdfd87edb56eea22382b (patch)
tree	8f1a0bafa5a0ba49c1dbcf84e1dc8214dbaf1f12
parent	f03ce9e0194ab1b5422bc582eb81b8babaef49c5 (diff)
download	openssl-d7ad09da778bcc0090a7cdfd87edb56eea22382b.tar.gz