ASN1_verify, ASN1_item_verify: cleanse and free buf_in on error path

Signed-off-by: NKurt Roeckx <kurt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

crypto/asn1/a_verify.c

@@ -101,16 +101,20 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
 	p=buf_in;
 
 	i2d(data,&p);
-	if (!EVP_VerifyInit_ex(&ctx,type, NULL)
-		|| !EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl))
+	ret=
+		EVP_VerifyInit_ex(&ctx,type, NULL)
+		&& EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+
+	OPENSSL_cleanse(buf_in,(unsigned int)inl);
+	OPENSSL_free(buf_in);
+
+	if (!ret)
 		{
 		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
-		ret=0;
 		goto err;
 		}
+	ret = -1;
 
-	OPENSSL_cleanse(buf_in,(unsigned int)inl);
-	OPENSSL_free(buf_in);
 
 	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
 			(unsigned int)signature->length,pkey) <= 0)
@@ -205,15 +209,17 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
 		goto err;
 		}
 
-	if (!EVP_DigestVerifyUpdate(&ctx,buf_in,inl))
+	ret = EVP_DigestVerifyUpdate(&ctx,buf_in,inl);
+
+	OPENSSL_cleanse(buf_in,(unsigned int)inl);
+	OPENSSL_free(buf_in);
+
+	if (!ret)
 		{
 		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
-		ret=0;
 		goto err;
 		}
-
-	OPENSSL_cleanse(buf_in,(unsigned int)inl);
-	OPENSSL_free(buf_in);
+	ret = -1;
 
 	if (EVP_DigestVerifyFinal(&ctx,signature->data,
 			(size_t)signature->length) <= 0)