diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index 87e7ef4f5ec0f83368299e8c221b9b395ef46512..aacf4763b585c267dc5762f0c57742f3dba06eec 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -101,16 +101,20 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, p=buf_in; i2d(data,&p); - if (!EVP_VerifyInit_ex(&ctx,type, NULL) - || !EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl)) + ret= + EVP_VerifyInit_ex(&ctx,type, NULL) + && EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); + + OPENSSL_cleanse(buf_in,(unsigned int)inl); + OPENSSL_free(buf_in); + + if (!ret) { ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); - ret=0; goto err; } + ret = -1; - OPENSSL_cleanse(buf_in,(unsigned int)inl); - OPENSSL_free(buf_in); if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, (unsigned int)signature->length,pkey) <= 0) @@ -205,15 +209,17 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, goto err; } - if (!EVP_DigestVerifyUpdate(&ctx,buf_in,inl)) + ret = EVP_DigestVerifyUpdate(&ctx,buf_in,inl); + + OPENSSL_cleanse(buf_in,(unsigned int)inl); + OPENSSL_free(buf_in); + + if (!ret) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); - ret=0; goto err; } - - OPENSSL_cleanse(buf_in,(unsigned int)inl); - OPENSSL_free(buf_in); + ret = -1; if (EVP_DigestVerifyFinal(&ctx,signature->data, (size_t)signature->length) <= 0)