summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorShinwoo Kim <cinoo.kim@samsung.com>2021-02-04 10:11:16 +0900
committerShinwoo Kim <cinoo.kim@samsung.com>2021-02-04 10:11:33 +0900
commitab969c5915847ba2133608283249c92ebe89c9e8 (patch)
tree09252994e5684aae7ee5229a62216053e46e196e /src
parent90e5fd831d11a0d378999b90a3c24e6ecef2a284 (diff)
eet, emile: safety++
Summary: (1) EVP_MD_CTX_new could return NULL (2) EVP_DigestUpdate returns 0 for failure. https://www.openssl.org/docs/man1.0.2/man3/EVP_DigestUpdate.html Reviewers: raster, Hermet, cedric, devilhorns Reviewed By: devilhorns Subscribers: SPAM-roll99, devilhorns, #reviewers, #committers Tags: #efl Differential Revision: https://phab.enlightenment.org/D12237
Diffstat (limited to 'src')
-rw-r--r--src/lib/eet/eet_cipher.c15
-rw-r--r--src/lib/emile/emile_cipher_openssl.c8
2 files changed, 22 insertions, 1 deletions
diff --git a/src/lib/eet/eet_cipher.c b/src/lib/eet/eet_cipher.c
index 51f8513dce..025750cc98 100644
--- a/src/lib/eet/eet_cipher.c
+++ b/src/lib/eet/eet_cipher.c
@@ -564,6 +564,11 @@ eet_identity_sign(FILE *fp,
564 /* Do the signature. */ 564 /* Do the signature. */
565#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) 565#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
566 md_ctx = EVP_MD_CTX_new(); 566 md_ctx = EVP_MD_CTX_new();
567 if (!md_ctx)
568 {
569 err = EET_ERROR_OUT_OF_MEMORY;
570 goto on_error;
571 }
567 EVP_SignInit(md_ctx, EVP_sha1()); 572 EVP_SignInit(md_ctx, EVP_sha1());
568 EVP_SignUpdate(md_ctx, data, st_buf.st_size); 573 EVP_SignUpdate(md_ctx, data, st_buf.st_size);
569 err = EVP_SignFinal(md_ctx, 574 err = EVP_SignFinal(md_ctx,
@@ -776,6 +781,16 @@ eet_identity_check(const void *data_base,
776 /* Verify the signature */ 781 /* Verify the signature */
777#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) 782#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
778 md_ctx = EVP_MD_CTX_new(); 783 md_ctx = EVP_MD_CTX_new();
784 if (!md_ctx)
785 {
786 err = EET_ERROR_OUT_OF_MEMORY;
787
788 X509_free(x509);
789 EVP_PKEY_free(pkey);
790
791 return NULL;
792 }
793
779 EVP_VerifyInit(md_ctx, EVP_sha1()); 794 EVP_VerifyInit(md_ctx, EVP_sha1());
780 EVP_VerifyUpdate(md_ctx, data_base, data_length); 795 EVP_VerifyUpdate(md_ctx, data_base, data_length);
781 err = EVP_VerifyFinal(md_ctx, sign, sign_len, pkey); 796 err = EVP_VerifyFinal(md_ctx, sign, sign_len, pkey);
diff --git a/src/lib/emile/emile_cipher_openssl.c b/src/lib/emile/emile_cipher_openssl.c
index b09897ec9b..e5a1ed4135 100644
--- a/src/lib/emile/emile_cipher_openssl.c
+++ b/src/lib/emile/emile_cipher_openssl.c
@@ -75,10 +75,16 @@ emile_binbuf_sha1(const Eina_Binbuf * data, unsigned char digest[20])
75 Eina_Slice slice = eina_binbuf_slice_get(data); 75 Eina_Slice slice = eina_binbuf_slice_get(data);
76#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) 76#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
77 EVP_MD_CTX *ctx = EVP_MD_CTX_new(); 77 EVP_MD_CTX *ctx = EVP_MD_CTX_new();
78 if (!ctx) return EINA_FALSE;
78 79
79 EVP_DigestInit_ex(ctx, md, NULL); 80 EVP_DigestInit_ex(ctx, md, NULL);
80 81
81 EVP_DigestUpdate(ctx, slice.mem, slice.len); 82 if (!EVP_DigestUpdate(ctx, slice.mem, slice.len))
83 {
84 EVP_MD_CTX_free(ctx);
85 return EINA_FALSE;
86 }
87
82 EVP_DigestFinal_ex(ctx, digest, NULL); 88 EVP_DigestFinal_ex(ctx, digest, NULL);
83 89
84 EVP_MD_CTX_free(ctx); 90 EVP_MD_CTX_free(ctx);