Fix two more unchecked EVP_PKEY_assign() calls

In SSL{_CTX}_use_RSAPrivateKey() switch from EVP_PKEY_assign_RSA() to EVP_PKEY_set1_RSA() and hold on to the reference of the the pkey for the duration of ssl_set_pkey(). Use single exit and other minor style cleanups. ok joshua jsing
author: tb <> 2023-12-30 06:25:56 +0000
committer: tb <> 2023-12-30 06:25:56 +0000
commit: ffe12448f0e1ab90b703cce3485e78e81ca7f19d (patch)
tree: daaacefd6c6007beed80f4a2b47f761a777d78b0
parent: 38575dc7e35f3ec68131b57eb13b84b81514f350 (diff)
download: openbsd-ffe12448f0e1ab90b703cce3485e78e81ca7f19d.tar.gz
openbsd-ffe12448f0e1ab90b703cce3485e78e81ca7f19d.tar.bz2
openbsd-ffe12448f0e1ab90b703cce3485e78e81ca7f19d.zip
1 files changed, 25 insertions, 17 deletions
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
index 68137bc5fb..6c8a2be3d3 100644
--- a/src/lib/libssl/ssl_rsa.c
+++ b/src/lib/libssl/ssl_rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_rsa.c,v 1.50 2023/07/08 16:40:13 beck Exp $ */
+/* $OpenBSD: ssl_rsa.c,v 1.51 2023/12/30 06:25:56 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -150,24 +150,28 @@ LSSL_ALIAS(SSL_use_certificate_ASN1);
 int
 SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
 {
-        EVP_PKEY *pkey;
+        EVP_PKEY *pkey = NULL;
-        int ret;
+        int ret = 0;
        if (rsa == NULL) {
                SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER);
-                return (0);
+                goto err;
        }
        if ((pkey = EVP_PKEY_new()) == NULL) {
                SSLerror(ssl, ERR_R_EVP_LIB);
-                return (0);
+                goto err;
        }
+        if (!EVP_PKEY_set1_RSA(pkey, rsa))
+                goto err;
+        if (!ssl_set_pkey(NULL, ssl, pkey))
+                goto err;
-        RSA_up_ref(rsa);
+        ret = 1;
-        EVP_PKEY_assign_RSA(pkey, rsa);
-        ret = ssl_set_pkey(NULL, ssl, pkey);
+ err:
        EVP_PKEY_free(pkey);
-        return (ret);
+        return ret;
 }
 LSSL_ALIAS(SSL_use_RSAPrivateKey);
@@ -508,24 +512,28 @@ LSSL_ALIAS(SSL_CTX_use_certificate_ASN1);
 int
 SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
 {
-        int ret;
+        EVP_PKEY *pkey = NULL;
-        EVP_PKEY *pkey;
+        int ret = 0;
        if (rsa == NULL) {
                SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
-                return (0);
+                goto err;
        }
        if ((pkey = EVP_PKEY_new()) == NULL) {
                SSLerrorx(ERR_R_EVP_LIB);
-                return (0);
+                goto err;
        }
+        if (!EVP_PKEY_set1_RSA(pkey, rsa))
+                goto err;
+        if (!ssl_set_pkey(ctx, NULL, pkey))
+                goto err;
-        RSA_up_ref(rsa);
+        ret = 1;
-        EVP_PKEY_assign_RSA(pkey, rsa);
-        ret = ssl_set_pkey(ctx, NULL, pkey);
+ err:
        EVP_PKEY_free(pkey);
-        return (ret);
+        return ret;
 }
 LSSL_ALIAS(SSL_CTX_use_RSAPrivateKey);
author	tb <>	2023-12-30 06:25:56 +0000
committer	tb <>	2023-12-30 06:25:56 +0000
commit	ffe12448f0e1ab90b703cce3485e78e81ca7f19d (patch)
tree	daaacefd6c6007beed80f4a2b47f761a777d78b0
parent	38575dc7e35f3ec68131b57eb13b84b81514f350 (diff)
download	openbsd-ffe12448f0e1ab90b703cce3485e78e81ca7f19d.tar.gz openbsd-ffe12448f0e1ab90b703cce3485e78e81ca7f19d.tar.bz2 openbsd-ffe12448f0e1ab90b703cce3485e78e81ca7f19d.zip

diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c index 68137bc5fb..6c8a2be3d3 100644 --- a/src/lib/libssl/ssl_rsa.c +++ b/src/lib/libssl/ssl_rsa.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_rsa.c,v 1.50 2023/07/08 16:40:13 beck Exp $ */	1	/* $OpenBSD: ssl_rsa.c,v 1.51 2023/12/30 06:25:56 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -150,24 +150,28 @@ LSSL_ALIAS(SSL_use_certificate_ASN1);
150	int	150	int
151	SSL_use_RSAPrivateKey(SSL ssl, RSA rsa)	151	SSL_use_RSAPrivateKey(SSL ssl, RSA rsa)
152	{	152	{
153	EVP_PKEY *pkey;	153	EVP_PKEY *pkey = NULL;
154	int ret;	154	int ret = 0;
155		155
156	if (rsa == NULL) {	156	if (rsa == NULL) {
157	SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER);	157	SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER);
158	return (0);	158	goto err;
159	}	159	}
160	if ((pkey = EVP_PKEY_new()) == NULL) {	160	if ((pkey = EVP_PKEY_new()) == NULL) {
161	SSLerror(ssl, ERR_R_EVP_LIB);	161	SSLerror(ssl, ERR_R_EVP_LIB);
162	return (0);	162	goto err;
163	}	163	}
		164	if (!EVP_PKEY_set1_RSA(pkey, rsa))
		165	goto err;
		166	if (!ssl_set_pkey(NULL, ssl, pkey))
		167	goto err;
164		168
165	RSA_up_ref(rsa);	169	ret = 1;
166	EVP_PKEY_assign_RSA(pkey, rsa);
167		170
168	ret = ssl_set_pkey(NULL, ssl, pkey);	171	err:
169	EVP_PKEY_free(pkey);	172	EVP_PKEY_free(pkey);
170	return (ret);	173
		174	return ret;
171	}	175	}
172	LSSL_ALIAS(SSL_use_RSAPrivateKey);	176	LSSL_ALIAS(SSL_use_RSAPrivateKey);
173		177
@@ -508,24 +512,28 @@ LSSL_ALIAS(SSL_CTX_use_certificate_ASN1);
508	int	512	int
509	SSL_CTX_use_RSAPrivateKey(SSL_CTX ctx, RSA rsa)	513	SSL_CTX_use_RSAPrivateKey(SSL_CTX ctx, RSA rsa)
510	{	514	{
511	int ret;	515	EVP_PKEY *pkey = NULL;
512	EVP_PKEY *pkey;	516	int ret = 0;
513		517
514	if (rsa == NULL) {	518	if (rsa == NULL) {
515	SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);	519	SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
516	return (0);	520	goto err;
517	}	521	}
518	if ((pkey = EVP_PKEY_new()) == NULL) {	522	if ((pkey = EVP_PKEY_new()) == NULL) {
519	SSLerrorx(ERR_R_EVP_LIB);	523	SSLerrorx(ERR_R_EVP_LIB);
520	return (0);	524	goto err;
521	}	525	}
		526	if (!EVP_PKEY_set1_RSA(pkey, rsa))
		527	goto err;
		528	if (!ssl_set_pkey(ctx, NULL, pkey))
		529	goto err;
522		530
523	RSA_up_ref(rsa);	531	ret = 1;
524	EVP_PKEY_assign_RSA(pkey, rsa);
525		532
526	ret = ssl_set_pkey(ctx, NULL, pkey);	533	err:
527	EVP_PKEY_free(pkey);	534	EVP_PKEY_free(pkey);
528	return (ret);	535
		536	return ret;
529	}	537	}
530	LSSL_ALIAS(SSL_CTX_use_RSAPrivateKey);	538	LSSL_ALIAS(SSL_CTX_use_RSAPrivateKey);
531		539