From db6d3e6b18498cb55d8e0f10180846108c079c47 Mon Sep 17 00:00:00 2001 From: tb Date: Fri, 12 Apr 2024 02:56:15 +0000 Subject: [PATCH] Fix a potential NULL-deref in EVP_PKEY_keygen() After a EVP_PKEY_new() failure, a NULL pointer would be passed to the keygen pmeth, which could result in tears. ok beck jsing --- lib/libcrypto/evp/pmeth_gn.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/lib/libcrypto/evp/pmeth_gn.c b/lib/libcrypto/evp/pmeth_gn.c index 2711ba1a9e8..b86ecc68113 100644 --- a/lib/libcrypto/evp/pmeth_gn.c +++ b/lib/libcrypto/evp/pmeth_gn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pmeth_gn.c,v 1.16 2024/04/09 13:52:41 beck Exp $ */ +/* $OpenBSD: pmeth_gn.c,v 1.17 2024/04/12 02:56:15 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -141,7 +141,7 @@ EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) { int ret; - if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) { + if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->keygen == NULL) { EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; } @@ -150,17 +150,19 @@ EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) return -1; } - if (!ppkey) + if (ppkey == NULL) return -1; - if (!*ppkey) + if (*ppkey == NULL) *ppkey = EVP_PKEY_new(); + if (*ppkey == NULL) + return -1; - ret = ctx->pmeth->keygen(ctx, *ppkey); - if (ret <= 0) { + if ((ret = ctx->pmeth->keygen(ctx, *ppkey)) <= 0) { EVP_PKEY_free(*ppkey); *ppkey = NULL; } + return ret; } LCRYPTO_ALIAS(EVP_PKEY_keygen); -- 2.20.1