From: Howard Chu <hyc@openldap.org>
Date: Fri, 7 Jun 2024 14:33:04 +0000 (+0100)
Subject: ITS#10224 libldap: check for OpenSSL EVP_Digest* failure
X-Git-Tag: OPENLDAP_REL_ENG_2_5_19~29
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bee6e76cd9d03327ee25bd59b539d7ca2ed3da98;p=thirdparty%2Fopenldap.git

ITS#10224 libldap: check for OpenSSL EVP_Digest* failure
---

diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c
index c93579fd86..e7afeaa938 100644
--- a/libraries/libldap/tls_o.c
+++ b/libraries/libldap/tls_o.c
@@ -1170,15 +1170,19 @@ tlso_session_pinning( LDAP *ld, tls_session *sess, char *hashalg, struct berval
 			goto done;
 		}
 
-		EVP_DigestInit_ex( mdctx, md, NULL );
-		EVP_DigestUpdate( mdctx, key.bv_val, key.bv_len );
-		EVP_DigestFinal_ex( mdctx, (unsigned char *)keyhash.bv_val, &len );
-		keyhash.bv_len = len;
+		if ( EVP_DigestInit_ex( mdctx, md, NULL ) &&
+			EVP_DigestUpdate( mdctx, key.bv_val, key.bv_len ) &&
+			EVP_DigestFinal_ex( mdctx, (unsigned char *)keyhash.bv_val, &len ))
+			keyhash.bv_len = len;
+		else
+			rc = -1;
 #if OPENSSL_VERSION_NUMBER >= 0x10100000
 		EVP_MD_CTX_free( mdctx );
 #else
 		EVP_MD_CTX_destroy( mdctx );
 #endif
+		if ( rc )
+			goto done;
 	} else {
 		keyhash = key;
 	}