From: Tomas Mraz <tomas@openssl.org>
Date: Mon, 10 Jan 2022 16:09:59 +0000 (+0100)
Subject: EVP_DigestSignFinal: *siglen should not be read if sigret == NULL
X-Git-Tag: openssl-3.2.0-alpha1~3088
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a4e01187d3648d9ce99507097400902cf21f9b55;p=thirdparty%2Fopenssl.git

EVP_DigestSignFinal: *siglen should not be read if sigret == NULL

This fixes small regression from #16962.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17460)
---

diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index e034189bb56..0993de09377 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -480,14 +480,14 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
     if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
         return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
                                                          sigret, siglen,
-                                                         (siglen == NULL) ? 0 : *siglen);
+                                                         sigret == NULL ? 0 : *siglen);
     dctx = EVP_PKEY_CTX_dup(pctx);
     if (dctx == NULL)
         return 0;
 
     r = dctx->op.sig.signature->digest_sign_final(dctx->op.sig.algctx,
                                                   sigret, siglen,
-                                                  (siglen == NULL) ? 0 : *siglen);
+                                                  *siglen);
     EVP_PKEY_CTX_free(dctx);
     return r;