From 79620b4c52c925d67e045a74f684717cb6cc0856 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Thu, 14 Jun 2018 17:14:12 +0000
Subject: Fix a potential leak/incorrect return value in DSA signature
 generation.

In the very unlikely case where we have to repeat the signature generation,
the DSA_SIG return value has already been allocated. This will either
result in a leak when we allocate again on the next iteration, or it
will give a false success (with missing signature values) if any error
occurs on the next iteration.

ok tb@
---
 src/lib/libcrypto/dsa/dsa_ossl.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index 7c23bb4909..d864875266 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ossl.c,v 1.33 2018/06/13 18:01:04 jsing Exp $ */
+/* $OpenBSD: dsa_ossl.c,v 1.34 2018/06/14 17:14:12 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -146,9 +146,6 @@ dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 	if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))
 		goto err;
 
-	ret = DSA_SIG_new();
-	if (ret == NULL)
-		goto err;
 	/*
 	 * Redo if r or s is zero as required by FIPS 186-3: this is very
 	 * unlikely.
@@ -160,6 +157,11 @@ dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 		}
 		goto redo;
 	}
+
+	if ((ret = DSA_SIG_new()) == NULL) {
+		reason = ERR_R_MALLOC_FAILURE;
+		goto err;
+	}
 	ret->r = r;
 	ret->s = s;
 	
-- 
cgit v1.2.3-55-g6feb