Missing OpenSSL guards in common code
Closed this issue · 0 comments
SWilson4 commented
Calls to the OpenSSL EVP API are not being error-checked in the SHA2 code. We should be using the OQS_OPENSSL_GUARD
macro here.
liboqs/src/common/sha2/sha2_ossl.c
Lines 16 to 25 in 4cc8884
We could also use the macro here instead of error-checking manually:
liboqs/src/common/rand/rand_nist.c
Lines 59 to 70 in 4cc8884
Reported by @trailofbits in Week 1 of their audit of liboqs
.