ITS#10224 libldap: check for OpenSSL EVP_Digest* failure

diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c
index 04330e6694bfdb5a9ab30efc0e3597ec5041613b..71677847a9452edec9403379848e1b8493dc9257 100644 (file)
--- a/libraries/libldap/tls_o.c
+++ b/libraries/libldap/tls_o.c
@@ -1194,15 +1194,19 @@ tlso_session_pinning( LDAP *ld, tls_session *sess, char *hashalg, struct berval
                        goto done;
                }
 
-               EVP_DigestInit_ex( mdctx, md, NULL );
-               EVP_DigestUpdate( mdctx, key.bv_val, key.bv_len );
-               EVP_DigestFinal_ex( mdctx, (unsigned char *)keyhash.bv_val, &len );
-               keyhash.bv_len = len;
+               if ( EVP_DigestInit_ex( mdctx, md, NULL ) &&
+                       EVP_DigestUpdate( mdctx, key.bv_val, key.bv_len ) &&
+                       EVP_DigestFinal_ex( mdctx, (unsigned char *)keyhash.bv_val, &len ))
+                       keyhash.bv_len = len;
+               else
+                       rc = -1;
 #if OPENSSL_VERSION_NUMBER >= 0x10100000
                EVP_MD_CTX_free( mdctx );
 #else
                EVP_MD_CTX_destroy( mdctx );
 #endif
+               if ( rc )
+                       goto done;
        } else {
                keyhash = key;
        }