diff options
author | Shinwoo Kim <cinoo.kim@samsung.com> | 2021-02-04 10:11:16 +0900 |
---|---|---|
committer | Shinwoo Kim <cinoo.kim@samsung.com> | 2021-02-04 10:11:33 +0900 |
commit | ab969c5915847ba2133608283249c92ebe89c9e8 (patch) | |
tree | 09252994e5684aae7ee5229a62216053e46e196e | |
parent | 90e5fd831d11a0d378999b90a3c24e6ecef2a284 (diff) | |
download | efl-ab969c5915847ba2133608283249c92ebe89c9e8.tar.gz |
eet, emile: safety++
Summary:
(1) EVP_MD_CTX_new could return NULL
(2) EVP_DigestUpdate returns 0 for failure.
https://www.openssl.org/docs/man1.0.2/man3/EVP_DigestUpdate.html
Reviewers: raster, Hermet, cedric, devilhorns
Reviewed By: devilhorns
Subscribers: SPAM-roll99, devilhorns, #reviewers, #committers
Tags: #efl
Differential Revision: https://phab.enlightenment.org/D12237
-rw-r--r-- | src/lib/eet/eet_cipher.c | 15 | ||||
-rw-r--r-- | src/lib/emile/emile_cipher_openssl.c | 8 |
2 files changed, 22 insertions, 1 deletions
diff --git a/src/lib/eet/eet_cipher.c b/src/lib/eet/eet_cipher.c index 51f8513dce..025750cc98 100644 --- a/src/lib/eet/eet_cipher.c +++ b/src/lib/eet/eet_cipher.c @@ -564,6 +564,11 @@ eet_identity_sign(FILE *fp, /* Do the signature. */ #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) md_ctx = EVP_MD_CTX_new(); + if (!md_ctx) + { + err = EET_ERROR_OUT_OF_MEMORY; + goto on_error; + } EVP_SignInit(md_ctx, EVP_sha1()); EVP_SignUpdate(md_ctx, data, st_buf.st_size); err = EVP_SignFinal(md_ctx, @@ -776,6 +781,16 @@ eet_identity_check(const void *data_base, /* Verify the signature */ #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) md_ctx = EVP_MD_CTX_new(); + if (!md_ctx) + { + err = EET_ERROR_OUT_OF_MEMORY; + + X509_free(x509); + EVP_PKEY_free(pkey); + + return NULL; + } + EVP_VerifyInit(md_ctx, EVP_sha1()); EVP_VerifyUpdate(md_ctx, data_base, data_length); err = EVP_VerifyFinal(md_ctx, sign, sign_len, pkey); diff --git a/src/lib/emile/emile_cipher_openssl.c b/src/lib/emile/emile_cipher_openssl.c index b09897ec9b..e5a1ed4135 100644 --- a/src/lib/emile/emile_cipher_openssl.c +++ b/src/lib/emile/emile_cipher_openssl.c @@ -75,10 +75,16 @@ emile_binbuf_sha1(const Eina_Binbuf * data, unsigned char digest[20]) Eina_Slice slice = eina_binbuf_slice_get(data); #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) EVP_MD_CTX *ctx = EVP_MD_CTX_new(); + if (!ctx) return EINA_FALSE; EVP_DigestInit_ex(ctx, md, NULL); - EVP_DigestUpdate(ctx, slice.mem, slice.len); + if (!EVP_DigestUpdate(ctx, slice.mem, slice.len)) + { + EVP_MD_CTX_free(ctx); + return EINA_FALSE; + } + EVP_DigestFinal_ex(ctx, digest, NULL); EVP_MD_CTX_free(ctx); |