Clean up and fix int_ctx_new()

Compare explicitly against NULL, ensure the engine is always finished on error, switch to using calloc() instead of malloc() + forgetting to set some members to 0, use EVP_PKEY_up_ref() and also use pkey_ctx instead of ret for the newly created EVP_PKEY_CTX. ok jsing
author: tb <> 2023-06-20 14:10:05 +0000
committer: tb <> 2023-06-20 14:10:05 +0000
commit: 8ee8908c1e8d7f63191d0d1be9b8dd96f87bbe29 (patch)
tree: 0b77001eee09431dfd146ff9b723f5686a5c54a4
parent: e8ccdf253cfa0ff21ced6e923e65faaafc0f0e50 (diff)
download: openbsd-8ee8908c1e8d7f63191d0d1be9b8dd96f87bbe29.tar.gz
openbsd-8ee8908c1e8d7f63191d0d1be9b8dd96f87bbe29.tar.bz2
openbsd-8ee8908c1e8d7f63191d0d1be9b8dd96f87bbe29.zip
1 files changed, 30 insertions, 34 deletions
diff --git a/src/lib/libcrypto/evp/pmeth_lib.c b/src/lib/libcrypto/evp/pmeth_lib.c
index 480a36b9ed..1eb73f57bd 100644
--- a/src/lib/libcrypto/evp/pmeth_lib.c
+++ b/src/lib/libcrypto/evp/pmeth_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_lib.c,v 1.28 2023/06/20 14:05:46 tb Exp $ */
+/* $OpenBSD: pmeth_lib.c,v 1.29 2023/06/20 14:10:05 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -153,19 +153,19 @@ EVP_PKEY_meth_find(int type)
 static EVP_PKEY_CTX *
 int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
 {
-        EVP_PKEY_CTX *ret;
+        EVP_PKEY_CTX *pkey_ctx = NULL;
        const EVP_PKEY_METHOD *pmeth;
        if (id == -1) {
-                if (!pkey || !pkey->ameth)
+                if (pkey == NULL || pkey->ameth == NULL)
                        return NULL;
                id = pkey->ameth->pkey_id;
        }
 #ifndef OPENSSL_NO_ENGINE
-        if (pkey && pkey->engine)
+        if (pkey != NULL && pkey->engine != NULL)
                e = pkey->engine;
-        /* Try to find an ENGINE which implements this method */
+        /* Try to find an ENGINE which implements this method. */
-        if (e) {
+        if (e != NULL) {
                if (!ENGINE_init(e)) {
                        EVPerror(ERR_R_ENGINE_LIB);
                        return NULL;
@@ -173,11 +173,8 @@ int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
        } else
                e = ENGINE_get_pkey_meth_engine(id);
-        /* If an ENGINE handled this method look it up. Otherwise
+        /* Look up method handler in ENGINE or use internal tables. */
-         * use internal tables.
+        if (e != NULL)
-         */
-        if (e)
                pmeth = ENGINE_get_pkey_meth(e, id);
        else
 #endif
@@ -185,35 +182,34 @@ int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
        if (pmeth == NULL) {
                EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);
-                return NULL;
+                goto err;
        }
-        ret = malloc(sizeof(EVP_PKEY_CTX));
+        if ((pkey_ctx = calloc(1, sizeof(*pkey_ctx))) == NULL) {
-        if (ret == NULL) {
-#ifndef OPENSSL_NO_ENGINE
-                ENGINE_finish(e);
-#endif
                EVPerror(ERR_R_MALLOC_FAILURE);
-                return NULL;
+                goto err;
        }
-        ret->engine = e;
+        pkey_ctx->engine = e;
-        ret->pmeth = pmeth;
+        e = NULL;
-        ret->operation = EVP_PKEY_OP_UNDEFINED;
+        pkey_ctx->pmeth = pmeth;
-        ret->pkey = pkey;
+        pkey_ctx->operation = EVP_PKEY_OP_UNDEFINED;
-        ret->peerkey = NULL;
+        if ((pkey_ctx->pkey = pkey) != NULL)
-        ret->pkey_gencb = 0;
+                EVP_PKEY_up_ref(pkey_ctx->pkey);
-        if (pkey)
-                CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+        if (pmeth->init != NULL) {
-        ret->data = NULL;
+                if (pmeth->init(pkey_ctx) <= 0)
+                        goto err;
-        if (pmeth->init) {
-                if (pmeth->init(ret) <= 0) {
-                        EVP_PKEY_CTX_free(ret);
-                        return NULL;
-                }
        }
-        return ret;
+        return pkey_ctx;
+ err:
+        EVP_PKEY_CTX_free(pkey_ctx);
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE_finish(e);
+#endif
+        return NULL;
 }
 EVP_PKEY_METHOD*
author	tb <>	2023-06-20 14:10:05 +0000
committer	tb <>	2023-06-20 14:10:05 +0000
commit	8ee8908c1e8d7f63191d0d1be9b8dd96f87bbe29 (patch)
tree	0b77001eee09431dfd146ff9b723f5686a5c54a4
parent	e8ccdf253cfa0ff21ced6e923e65faaafc0f0e50 (diff)
download	openbsd-8ee8908c1e8d7f63191d0d1be9b8dd96f87bbe29.tar.gz openbsd-8ee8908c1e8d7f63191d0d1be9b8dd96f87bbe29.tar.bz2 openbsd-8ee8908c1e8d7f63191d0d1be9b8dd96f87bbe29.zip

diff --git a/src/lib/libcrypto/evp/pmeth_lib.c b/src/lib/libcrypto/evp/pmeth_lib.c index 480a36b9ed..1eb73f57bd 100644 --- a/src/lib/libcrypto/evp/pmeth_lib.c +++ b/src/lib/libcrypto/evp/pmeth_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pmeth_lib.c,v 1.28 2023/06/20 14:05:46 tb Exp $ */	1	/* $OpenBSD: pmeth_lib.c,v 1.29 2023/06/20 14:10:05 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -153,19 +153,19 @@ EVP_PKEY_meth_find(int type)
153	static EVP_PKEY_CTX *	153	static EVP_PKEY_CTX *
154	int_ctx_new(EVP_PKEY pkey, ENGINE e, int id)	154	int_ctx_new(EVP_PKEY pkey, ENGINE e, int id)
155	{	155	{
156	EVP_PKEY_CTX *ret;	156	EVP_PKEY_CTX *pkey_ctx = NULL;
157	const EVP_PKEY_METHOD *pmeth;	157	const EVP_PKEY_METHOD *pmeth;
158		158
159	if (id == -1) {	159	if (id == -1) {
160	if (!pkey \|\| !pkey->ameth)	160	if (pkey == NULL \|\| pkey->ameth == NULL)
161	return NULL;	161	return NULL;
162	id = pkey->ameth->pkey_id;	162	id = pkey->ameth->pkey_id;
163	}	163	}
164	#ifndef OPENSSL_NO_ENGINE	164	#ifndef OPENSSL_NO_ENGINE
165	if (pkey && pkey->engine)	165	if (pkey != NULL && pkey->engine != NULL)
166	e = pkey->engine;	166	e = pkey->engine;
167	/* Try to find an ENGINE which implements this method */	167	/* Try to find an ENGINE which implements this method. */
168	if (e) {	168	if (e != NULL) {
169	if (!ENGINE_init(e)) {	169	if (!ENGINE_init(e)) {
170	EVPerror(ERR_R_ENGINE_LIB);	170	EVPerror(ERR_R_ENGINE_LIB);
171	return NULL;	171	return NULL;
@@ -173,11 +173,8 @@ int_ctx_new(EVP_PKEY pkey, ENGINE e, int id)
173	} else	173	} else
174	e = ENGINE_get_pkey_meth_engine(id);	174	e = ENGINE_get_pkey_meth_engine(id);
175		175
176	/* If an ENGINE handled this method look it up. Otherwise	176	/* Look up method handler in ENGINE or use internal tables. */
177	* use internal tables.	177	if (e != NULL)
178	*/
179
180	if (e)
181	pmeth = ENGINE_get_pkey_meth(e, id);	178	pmeth = ENGINE_get_pkey_meth(e, id);
182	else	179	else
183	#endif	180	#endif
@@ -185,35 +182,34 @@ int_ctx_new(EVP_PKEY pkey, ENGINE e, int id)
185		182
186	if (pmeth == NULL) {	183	if (pmeth == NULL) {
187	EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);	184	EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);
188	return NULL;	185	goto err;
189	}	186	}
190		187
191	ret = malloc(sizeof(EVP_PKEY_CTX));	188	if ((pkey_ctx = calloc(1, sizeof(*pkey_ctx))) == NULL) {
192	if (ret == NULL) {
193	#ifndef OPENSSL_NO_ENGINE
194	ENGINE_finish(e);
195	#endif
196	EVPerror(ERR_R_MALLOC_FAILURE);	189	EVPerror(ERR_R_MALLOC_FAILURE);
197	return NULL;	190	goto err;
198	}	191	}
199	ret->engine = e;	192	pkey_ctx->engine = e;
200	ret->pmeth = pmeth;	193	e = NULL;
201	ret->operation = EVP_PKEY_OP_UNDEFINED;	194	pkey_ctx->pmeth = pmeth;
202	ret->pkey = pkey;	195	pkey_ctx->operation = EVP_PKEY_OP_UNDEFINED;
203	ret->peerkey = NULL;	196	if ((pkey_ctx->pkey = pkey) != NULL)
204	ret->pkey_gencb = 0;	197	EVP_PKEY_up_ref(pkey_ctx->pkey);
205	if (pkey)	198
206	CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);	199	if (pmeth->init != NULL) {
207	ret->data = NULL;	200	if (pmeth->init(pkey_ctx) <= 0)
208		201	goto err;
209	if (pmeth->init) {
210	if (pmeth->init(ret) <= 0) {
211	EVP_PKEY_CTX_free(ret);
212	return NULL;
213	}
214	}	202	}
215		203
216	return ret;	204	return pkey_ctx;
		205
		206	err:
		207	EVP_PKEY_CTX_free(pkey_ctx);
		208	#ifndef OPENSSL_NO_ENGINE
		209	ENGINE_finish(e);
		210	#endif
		211
		212	return NULL;
217	}	213	}
218		214
219	EVP_PKEY_METHOD*	215	EVP_PKEY_METHOD*