diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-10-14 12:08:57 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-10-14 13:14:52 +0900 |
commit | 0c187b37cf35b5b37efce69add5188f233428de4 (patch) | |
tree | 92642ecf64665812b6efac8b825d1f4cf6faa0b1 /ext/openssl/ossl_pkey.c | |
parent | 0be7f41c647f5754313b60b370f3804c8ee453e5 (diff) | |
download | ruby-openssl-0c187b37cf35b5b37efce69add5188f233428de4.tar.gz |
pkey: add missing return value check in PKey#{sign,verify}
We are currently not checking the return value of EVP_{Sign,Verify}*()
functions, but of course, this is a bad habit. So do check. Calls for
EVP_{Sign,Verify}Init() are replaced by *_ex() functions as they does
not return error but just ignore.
Diffstat (limited to 'ext/openssl/ossl_pkey.c')
-rw-r--r-- | ext/openssl/ossl_pkey.c | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c index 7f22c0df..9a94a465 100644 --- a/ext/openssl/ossl_pkey.c +++ b/ext/openssl/ossl_pkey.c @@ -308,13 +308,18 @@ ossl_pkey_sign(VALUE self, VALUE digest, VALUE data) ctx = EVP_MD_CTX_new(); if (!ctx) ossl_raise(ePKeyError, "EVP_MD_CTX_new"); - EVP_SignInit(ctx, md); - EVP_SignUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data)); + if (!EVP_SignInit_ex(ctx, md, NULL)) { + EVP_MD_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_SignInit_ex"); + } + if (!EVP_SignUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data))) { + EVP_MD_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_SignUpdate"); + } result = EVP_SignFinal(ctx, (unsigned char *)RSTRING_PTR(str), &buf_len, pkey); EVP_MD_CTX_free(ctx); if (!result) - ossl_raise(ePKeyError, NULL); - assert((long)buf_len <= RSTRING_LEN(str)); + ossl_raise(ePKeyError, "EVP_SignFinal"); rb_str_set_len(str, buf_len); return str; @@ -358,8 +363,14 @@ ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data) ctx = EVP_MD_CTX_new(); if (!ctx) ossl_raise(ePKeyError, "EVP_MD_CTX_new"); - EVP_VerifyInit(ctx, md); - EVP_VerifyUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data)); + if (!EVP_VerifyInit_ex(ctx, md, NULL)) { + EVP_MD_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_VerifyInit_ex"); + } + if (!EVP_VerifyUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data))) { + EVP_MD_CTX_free(ctx); + ossl_raise(ePKeyError, "EVP_VerifyUpdate"); + } result = EVP_VerifyFinal(ctx, (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), pkey); EVP_MD_CTX_free(ctx); switch (result) { @@ -369,9 +380,8 @@ ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data) case 1: return Qtrue; default: - ossl_raise(ePKeyError, NULL); + ossl_raise(ePKeyError, "EVP_VerifyFinal"); } - return Qnil; /* dummy */ } /* |