Hello All, In reviewing code in directory 'crypto/evp', file 'pmeth_gn.c', in function 'EVP_PKEY_keygen()', there is a call to EVP_PKEY_new() which is not checked for a return value of NULL, indicating failure.
This test is done in function 'EVP_PKEY_paramgen()', but looks like it was left out in function 'EVP_PKEY_keygen()' it would appear. The patch file below should address/correct this issue: --- pmeth_gn.c.orig 2016-03-05 06:15:29.530259070 -0800 +++ pmeth_gn.c 2016-03-05 06:18:17.940663167 -0800 @@ -152,6 +152,11 @@ if (!*ppkey) *ppkey = EVP_PKEY_new(); + if (*ppkey == NULL) { + EVPerr(EVP_F_EVP_PKEY_PARAMGEN, ERR_R_MALLOC_FAILURE); + return -1; + } + ret = ctx->pmeth->keygen(ctx, *ppkey); if (ret <= 0) { EVP_PKEY_free(*ppkey); ======================================================================= In directory 'engines/ccgost', file 'gost94_keyx.c', there is a call to 'EVP_PKEY_new()' which are not checked for a return value of NULL, indicating failure. The patch file below should address/correct this issue: --- gost94_keyx.c.orig 2016-03-05 06:25:00.168784292 -0800 +++ gost94_keyx.c 2016-03-05 06:27:47.325028991 -0800 @@ -126,6 +126,8 @@ key_is_ephemeral = 1; if (out) { mykey = EVP_PKEY_new(); + if (!mykey) + goto memerr; EVP_PKEY_assign(mykey, EVP_PKEY_base_id(pubk), DSA_new()); EVP_PKEY_copy_parameters(mykey, pubk); if (!gost_sign_keygen(EVP_PKEY_get0(mykey))) { ======================================================================= In directory 'engines/ccgost', file 'gost2001_keyx.c', there is a call to 'EVP_PKEY_new()' which are not checked for a return value of NULL, indicating failure. The patch file below should address/correct this issue: --- gost2001_keyx.c.orig 2016-03-05 06:29:48.056373325 -0800 +++ gost2001_keyx.c 2016-03-05 06:30:23.400865428 -0800 @@ -147,6 +147,8 @@ key_is_ephemeral = 1; if (out) { sec_key = EVP_PKEY_new(); + if (!sec_key) + goto memerr; EVP_PKEY_assign(sec_key, EVP_PKEY_base_id(pubk), EC_KEY_new()); EVP_PKEY_copy_parameters(sec_key, pubk); if (!gost2001_keygen(EVP_PKEY_get0(sec_key))) { ======================================================================= Bill Parker (wp02855 at gmail dot com) -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4380 Please log in as guest with password guest if prompted
pmeth_gn.c.patch
Description: Binary data
gost94_keyx.c.patch
Description: Binary data
gost2001_keyx.c.patch
Description: Binary data
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev