From d506f56649e5b312a51951da77de5ce255d519e5 Mon Sep 17 00:00:00 2001 From: tb Date: Tue, 20 Jun 2023 14:10:05 +0000 Subject: [PATCH] Clean up and fix int_ctx_new() Compare explicitly against NULL, ensure the engine is always finished on error, switch to using calloc() instead of malloc() + forgetting to set some members to 0, use EVP_PKEY_up_ref() and also use pkey_ctx instead of ret for the newly created EVP_PKEY_CTX. ok jsing --- lib/libcrypto/evp/pmeth_lib.c | 64 ++++++++++++++++------------------- 1 file changed, 30 insertions(+), 34 deletions(-) diff --git a/lib/libcrypto/evp/pmeth_lib.c b/lib/libcrypto/evp/pmeth_lib.c index 480a36b9edf..1eb73f57bdb 100644 --- a/lib/libcrypto/evp/pmeth_lib.c +++ b/lib/libcrypto/evp/pmeth_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pmeth_lib.c,v 1.28 2023/06/20 14:05:46 tb Exp $ */ +/* $OpenBSD: pmeth_lib.c,v 1.29 2023/06/20 14:10:05 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -153,19 +153,19 @@ EVP_PKEY_meth_find(int type) static EVP_PKEY_CTX * int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) { - EVP_PKEY_CTX *ret; + EVP_PKEY_CTX *pkey_ctx = NULL; const EVP_PKEY_METHOD *pmeth; if (id == -1) { - if (!pkey || !pkey->ameth) + if (pkey == NULL || pkey->ameth == NULL) return NULL; id = pkey->ameth->pkey_id; } #ifndef OPENSSL_NO_ENGINE - if (pkey && pkey->engine) + if (pkey != NULL && pkey->engine != NULL) e = pkey->engine; - /* Try to find an ENGINE which implements this method */ - if (e) { + /* Try to find an ENGINE which implements this method. */ + if (e != NULL) { if (!ENGINE_init(e)) { EVPerror(ERR_R_ENGINE_LIB); return NULL; @@ -173,11 +173,8 @@ int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) } else e = ENGINE_get_pkey_meth_engine(id); - /* If an ENGINE handled this method look it up. Otherwise - * use internal tables. - */ - - if (e) + /* Look up method handler in ENGINE or use internal tables. */ + if (e != NULL) pmeth = ENGINE_get_pkey_meth(e, id); else #endif @@ -185,35 +182,34 @@ int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) if (pmeth == NULL) { EVPerror(EVP_R_UNSUPPORTED_ALGORITHM); - return NULL; + goto err; } - ret = malloc(sizeof(EVP_PKEY_CTX)); - if (ret == NULL) { -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(e); -#endif + if ((pkey_ctx = calloc(1, sizeof(*pkey_ctx))) == NULL) { EVPerror(ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } - ret->engine = e; - ret->pmeth = pmeth; - ret->operation = EVP_PKEY_OP_UNDEFINED; - ret->pkey = pkey; - ret->peerkey = NULL; - ret->pkey_gencb = 0; - if (pkey) - CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); - ret->data = NULL; - - if (pmeth->init) { - if (pmeth->init(ret) <= 0) { - EVP_PKEY_CTX_free(ret); - return NULL; - } + pkey_ctx->engine = e; + e = NULL; + pkey_ctx->pmeth = pmeth; + pkey_ctx->operation = EVP_PKEY_OP_UNDEFINED; + if ((pkey_ctx->pkey = pkey) != NULL) + EVP_PKEY_up_ref(pkey_ctx->pkey); + + if (pmeth->init != NULL) { + if (pmeth->init(pkey_ctx) <= 0) + goto err; } - return ret; + return pkey_ctx; + + err: + EVP_PKEY_CTX_free(pkey_ctx); +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(e); +#endif + + return NULL; } EVP_PKEY_METHOD* -- 2.20.1