EVP* function results in lib/util/digest_openssl.c are not checked

[ngie-eign]

Coverity reported the fact that the results of EVP_DigestInit_ex and EVP_DigestFinal_ex are not checked. In the event that the md provided is invalid and the corresponding ctx is not checked, attempting to use ctx after the fact can result in semi-undefined behavior (SIGBUS, SIGSEGV crash, etc).

These issues were reported by Coverity.

• https://github.com/sudo-project/sudo/blob/648ce410f379b1a0de4f18cb0c8513d8a5322603/lib/util/digest_openssl.c#L146
• https://github.com/sudo-project/sudo/blob/648ce410f379b1a0de4f18cb0c8513d8a5322603/lib/util/digest_openssl.c#L156

[millert]

This is a false positive. The call to EVP_DigestInit_ex() in sudo_digest_alloc_v1() is checked. The call in sudo_digest_reset_v1() is not checked because it cannot fail since it is preceded by a call to EVP_MD_CTX_reset() so there is no additional memory to allocate. The md in the call to EVP_DigestFinal_ex() is a result variable, it is not a EVP_MD. Even if EVP_DigestFinal_ex() were to fail it would just fail to fill in md, not crash.