[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via 1ed9fafccc37bcc78c12d20d586842ee7c7cd8a6 (commit)
from a842be9cf7bdf3cb3abbfe152d811cbc57dded27 (commit)
- Log -
commit 1ed9fafccc37bcc78c12d20d586842ee7c7cd8a6
Author: Shane Lontis
Date: Mon Sep 3 11:39:50 2018 +1000
RSA padding Zeroization fixes
Reviewed-by: Paul Yang
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7090)
(cherry picked from commit 82eba370daeb6d80b01b521d9e2963451487f0cb)
---
Summary of changes:
crypto/rsa/rsa_oaep.c | 33 +++--
crypto/rsa/rsa_pss.c | 4 ++--
2 files changed, 21 insertions(+), 16 deletions(-)
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index f313519..df08a2f 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -43,10 +43,12 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int
tlen,
const unsigned char *param, int plen,
const EVP_MD *md, const EVP_MD *mgf1md)
{
+int rv = 0;
int i, emlen = tlen - 1;
unsigned char *db, *seed;
-unsigned char *dbmask, seedmask[EVP_MAX_MD_SIZE];
-int mdlen;
+unsigned char *dbmask = NULL;
+unsigned char seedmask[EVP_MAX_MD_SIZE];
+int mdlen, dbmask_len = 0;
if (md == NULL)
md = EVP_sha1();
@@ -72,40 +74,41 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int
tlen,
db = to + mdlen + 1;
if (!EVP_Digest((void *)param, plen, db, NULL, md, NULL))
-return 0;
+goto err;
memset(db + mdlen, 0, emlen - flen - 2 * mdlen - 1);
db[emlen - flen - mdlen - 1] = 0x01;
memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);
if (RAND_bytes(seed, mdlen) <= 0)
-return 0;
+goto err;
+
#ifdef PKCS_TESTVECT
memcpy(seed,
"\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
20);
#endif
-dbmask = OPENSSL_malloc(emlen - mdlen);
+dbmask_len = emlen - mdlen;
+dbmask = OPENSSL_malloc(dbmask_len);
if (dbmask == NULL) {
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1, ERR_R_MALLOC_FAILURE);
-return 0;
+goto err;
}
-if (PKCS1_MGF1(dbmask, emlen - mdlen, seed, mdlen, mgf1md) < 0)
+if (PKCS1_MGF1(dbmask, dbmask_len, seed, mdlen, mgf1md) < 0)
goto err;
-for (i = 0; i < emlen - mdlen; i++)
+for (i = 0; i < dbmask_len; i++)
db[i] ^= dbmask[i];
-if (PKCS1_MGF1(seedmask, mdlen, db, emlen - mdlen, mgf1md) < 0)
+if (PKCS1_MGF1(seedmask, mdlen, db, dbmask_len, mgf1md) < 0)
goto err;
for (i = 0; i < mdlen; i++)
seed[i] ^= seedmask[i];
-
-OPENSSL_free(dbmask);
-return 1;
+rv = 1;
err:
-OPENSSL_free(dbmask);
-return 0;
+OPENSSL_cleanse(seedmask, sizeof(seedmask));
+OPENSSL_clear_free(dbmask, dbmask_len);
+return rv;
}
int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
@@ -247,6 +250,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to,
int tlen,
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
RSA_R_OAEP_DECODING_ERROR);
cleanup:
+OPENSSL_cleanse(seed, sizeof(seed));
OPENSSL_clear_free(db, dblen);
OPENSSL_clear_free(em, num);
return mlen;
@@ -289,6 +293,7 @@ int PKCS1_MGF1(unsigned char *mask, long len,
}
rv = 0;
err:
+OPENSSL_cleanse(md, sizeof(md));
EVP_MD_CTX_free(c);
return rv;
}
diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
index f814338..4a1e599 100644
--- a/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -242,7 +242,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char
*EM,
err:
EVP_MD_CTX_free(ctx);
-OPENSSL_free(salt);
+OPENSSL_clear_free(salt, sLen);
return ret;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 82eba370daeb6d80b01b521d9e2963451487f0cb (commit)
from 2eb2b4f3a12d0b8807447913a3b16f21104c701b (commit)
- Log -
commit 82eba370daeb6d80b01b521d9e2963451487f0cb
Author: Shane Lontis
Date: Mon Sep 3 11:39:50 2018 +1000
RSA padding Zeroization fixes
Reviewed-by: Paul Yang
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7090)
---
Summary of changes:
crypto/rsa/rsa_oaep.c | 34 +++---
crypto/rsa/rsa_pss.c | 4 ++--
2 files changed, 21 insertions(+), 17 deletions(-)
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index dfea063..f13c6fc 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -43,10 +43,12 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int
tlen,
const unsigned char *param, int plen,
const EVP_MD *md, const EVP_MD *mgf1md)
{
+int rv = 0;
int i, emlen = tlen - 1;
unsigned char *db, *seed;
-unsigned char *dbmask, seedmask[EVP_MAX_MD_SIZE];
-int mdlen;
+unsigned char *dbmask = NULL;
+unsigned char seedmask[EVP_MAX_MD_SIZE];
+int mdlen, dbmask_len = 0;
if (md == NULL)
md = EVP_sha1();
@@ -72,35 +74,35 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int
tlen,
db = to + mdlen + 1;
if (!EVP_Digest((void *)param, plen, db, NULL, md, NULL))
-return 0;
+goto err;
memset(db + mdlen, 0, emlen - flen - 2 * mdlen - 1);
db[emlen - flen - mdlen - 1] = 0x01;
memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);
if (RAND_bytes(seed, mdlen) <= 0)
-return 0;
+goto err;
-dbmask = OPENSSL_malloc(emlen - mdlen);
+dbmask_len = emlen - mdlen;
+dbmask = OPENSSL_malloc(dbmask_len);
if (dbmask == NULL) {
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1, ERR_R_MALLOC_FAILURE);
-return 0;
+goto err;
}
-if (PKCS1_MGF1(dbmask, emlen - mdlen, seed, mdlen, mgf1md) < 0)
+if (PKCS1_MGF1(dbmask, dbmask_len, seed, mdlen, mgf1md) < 0)
goto err;
-for (i = 0; i < emlen - mdlen; i++)
+for (i = 0; i < dbmask_len; i++)
db[i] ^= dbmask[i];
-if (PKCS1_MGF1(seedmask, mdlen, db, emlen - mdlen, mgf1md) < 0)
+if (PKCS1_MGF1(seedmask, mdlen, db, dbmask_len, mgf1md) < 0)
goto err;
for (i = 0; i < mdlen; i++)
seed[i] ^= seedmask[i];
-
-OPENSSL_free(dbmask);
-return 1;
+rv = 1;
err:
-OPENSSL_free(dbmask);
-return 0;
+OPENSSL_cleanse(seedmask, sizeof(seedmask));
+OPENSSL_clear_free(dbmask, dbmask_len);
+return rv;
}
int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
@@ -242,6 +244,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to,
int tlen,
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
RSA_R_OAEP_DECODING_ERROR);
cleanup:
+OPENSSL_cleanse(seed, sizeof(seed));
OPENSSL_clear_free(db, dblen);
OPENSSL_clear_free(em, num);
return mlen;
@@ -284,6 +287,7 @@ int PKCS1_MGF1(unsigned char *mask, long len,
}
rv = 0;
err:
+OPENSSL_cleanse(md, sizeof(md));
EVP_MD_CTX_free(c);
return rv;
}
diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
index 4484ff2..26d5f36 100644
--- a/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -244,7 +244,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char
*EM,
err:
EVP_MD_CTX_free(ctx);
-OPENSSL_free(salt);
+OPENSSL_clear_free(salt, sLen);
return ret;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 2eb2b4f3a12d0b8807447913a3b16f21104c701b (commit)
from 544648a8e07612449460ebc0e608a226fde38e67 (commit)
- Log -
commit 2eb2b4f3a12d0b8807447913a3b16f21104c701b
Author: Shane Lontis
Date: Thu Sep 6 08:34:45 2018 +1000
Key zeroization fix for EVP_SealInit + added simple test
Reviewed-by: Nicola Tuveri
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7105)
---
Summary of changes:
crypto/evp/p_seal.c | 19 +--
test/evp_extra_test.c | 45 +
2 files changed, 58 insertions(+), 6 deletions(-)
diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c
index 50ea602..0fc84f3 100644
--- a/crypto/evp/p_seal.c
+++ b/crypto/evp/p_seal.c
@@ -21,6 +21,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
{
unsigned char key[EVP_MAX_KEY_LENGTH];
int i;
+int rv = 0;
if (type) {
EVP_CIPHER_CTX_reset(ctx);
@@ -31,21 +32,27 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER
*type,
return 1;
if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
return 0;
+
if (EVP_CIPHER_CTX_iv_length(ctx)
-&& RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0)
-return 0;
+&& RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0)
+goto err;
if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
-return 0;
+goto err;
for (i = 0; i < npubk; i++) {
ekl[i] =
EVP_PKEY_encrypt_old(ek[i], key, EVP_CIPHER_CTX_key_length(ctx),
pubk[i]);
-if (ekl[i] <= 0)
-return -1;
+if (ekl[i] <= 0) {
+rv = -1;
+goto err;
+}
}
-return npubk;
+rv = npubk;
+err:
+OPENSSL_cleanse(key, sizeof(key));
+return rv;
}
int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index b7b78f5..33a957f 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -356,6 +356,50 @@ end:
return ret;
}
+static int test_EVP_Enveloped(void)
+{
+int ret = 0;
+EVP_CIPHER_CTX *ctx = NULL;
+EVP_PKEY *keypair = NULL;
+unsigned char *kek = NULL;
+unsigned char iv[EVP_MAX_IV_LENGTH];
+static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
+int len, kek_len, ciphertext_len, plaintext_len;
+unsigned char ciphertext[32], plaintext[16];
+const EVP_CIPHER *type = EVP_aes_256_cbc();
+
+if (!TEST_ptr(keypair = load_example_rsa_key())
+|| !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
+|| !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
+|| !TEST_true(EVP_SealInit(ctx, type, , _len, iv,
+ , 1))
+|| !TEST_true(EVP_SealUpdate(ctx, ciphertext, _len,
+ msg, sizeof(msg)))
+|| !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
+)))
+goto err;
+
+ciphertext_len += len;
+
+if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
+|| !TEST_true(EVP_OpenUpdate(ctx, plaintext, _len,
+ ciphertext, ciphertext_len))
+|| !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, )))
+goto err;
+
+plaintext_len += len;
+if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
+goto err;
+
+ret = 1;
+err:
+OPENSSL_free(kek);
+EVP_PKEY_free(keypair);
+EVP_CIPHER_CTX_free(ctx);
+return ret;
+}
+
+
static int test_EVP_DigestSignInit(void)
{
int ret = 0;
@@ -781,6 +825,7 @@ int setup_tests(void)
{
ADD_TEST(test_EVP_DigestSignInit);
ADD_TEST(test_EVP_DigestVerifyInit);
+ADD_TEST(test_EVP_Enveloped);
ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
#ifndef OPENSSL_NO_EC
ADD_TEST(test_EVP_PKCS82PKEY);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via a842be9cf7bdf3cb3abbfe152d811cbc57dded27 (commit)
via c28a2ffd01dc1da932aa55d518b57a933cdc51be (commit)
from 374804bd0973e8af05046caecc40e6b906d1a375 (commit)
- Log -
commit a842be9cf7bdf3cb3abbfe152d811cbc57dded27
Author: Nicola Tuveri
Date: Wed Sep 5 12:08:12 2018 +0300
Harmonize the error handling codepath
Reviewed-by: Richard Levitte
Reviewed-by: Tim Hudson
Reviewed-by: Matt Caswell
Reviewed-by: Matthias St. Pierre
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7121)
commit c28a2ffd01dc1da932aa55d518b57a933cdc51be
Author: Nicola Tuveri
Date: Wed Sep 5 11:58:55 2018 +0300
Fix segfault in RSA_free() (and DSA/DH/EC_KEY)
`RSA_free()` and friends are called in case of error from
`RSA_new_method(ENGINE *e)` (or the respective equivalent functions).
For the rest of the description I'll talk about `RSA_*`, but the same
applies for the equivalent `DSA_free()`, `DH_free()`, `EC_KEY_free()`.
If `RSA_new_method()` fails because the engine does not implement the
required method, when `RSA_free(RSA *r)` is called,
`r->meth == NULL` and a segfault happens while checking if
`r->meth->finish` is defined.
This commit fixes this issue by ensuring that `r->meth` is not NULL
before dereferencing it to check for `r->meth->finish`.
Fixes #7102 .
Reviewed-by: Richard Levitte
Reviewed-by: Tim Hudson
Reviewed-by: Matt Caswell
Reviewed-by: Matthias St. Pierre
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7121)
---
Summary of changes:
crypto/dh/dh_lib.c | 10 ++
crypto/dsa/dsa_lib.c | 10 ++
crypto/ec/ec_key.c | 2 +-
crypto/ec/ec_kmeth.c | 2 +-
crypto/rsa/rsa_lib.c | 4 ++--
5 files changed, 16 insertions(+), 12 deletions(-)
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index 716f4a4..4bc62a6 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -82,12 +82,14 @@ DH *DH_new_method(ENGINE *engine)
if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
DHerr(DH_F_DH_NEW_METHOD, ERR_R_INIT_FAIL);
-err:
-DH_free(ret);
-ret = NULL;
+goto err;
}
return ret;
+
+ err:
+DH_free(ret);
+return NULL;
}
void DH_free(DH *r)
@@ -103,7 +105,7 @@ void DH_free(DH *r)
return;
REF_ASSERT_ISNT(i < 0);
-if (r->meth->finish)
+if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(r->engine);
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 9598846..9600c61 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -91,12 +91,14 @@ DSA *DSA_new_method(ENGINE *engine)
if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_INIT_FAIL);
-err:
-DSA_free(ret);
-ret = NULL;
+goto err;
}
return ret;
+
+ err:
+DSA_free(ret);
+return NULL;
}
void DSA_free(DSA *r)
@@ -112,7 +114,7 @@ void DSA_free(DSA *r)
return;
REF_ASSERT_ISNT(i < 0);
-if (r->meth->finish)
+if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(r->engine);
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index f1f0afb..df35b64 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -55,7 +55,7 @@ void EC_KEY_free(EC_KEY *r)
return;
REF_ASSERT_ISNT(i < 0);
-if (r->meth->finish != NULL)
+if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c
index 5e5d1ae..decad65 100644
--- a/crypto/ec/ec_kmeth.c
+++ b/crypto/ec/ec_kmeth.c
@@ -119,7 +119,7 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine)
}
return ret;
-err:
+ err:
EC_KEY_free(ret);
return NULL;
}
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index e1377a0..40dee36 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -94,7 +94,7 @@ RSA *RSA_new_method(ENGINE *engine)
return ret;
-err:
+ err:
RSA_free(ret);
return NULL;
}
@@ -112,7 +112,7 @@ void RSA_free(RSA *r)
return;
REF_ASSERT_ISNT(i < 0);
-if (r->meth->finish)
+if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(r->engine);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 544648a8e07612449460ebc0e608a226fde38e67 (commit)
via 0c5d725ebf31ce7b6db9d638aab508da3263444d (commit)
from 2167640b0bf76ec50a397dd90444b97c242e3f04 (commit)
- Log -
commit 544648a8e07612449460ebc0e608a226fde38e67
Author: Nicola Tuveri
Date: Wed Sep 5 12:08:12 2018 +0300
Harmonize the error handling codepath
Reviewed-by: Richard Levitte
Reviewed-by: Tim Hudson
Reviewed-by: Matt Caswell
Reviewed-by: Matthias St. Pierre
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7121)
commit 0c5d725ebf31ce7b6db9d638aab508da3263444d
Author: Nicola Tuveri
Date: Wed Sep 5 11:58:55 2018 +0300
Fix segfault in RSA_free() (and DSA/DH/EC_KEY)
`RSA_free()` and friends are called in case of error from
`RSA_new_method(ENGINE *e)` (or the respective equivalent functions).
For the rest of the description I'll talk about `RSA_*`, but the same
applies for the equivalent `DSA_free()`, `DH_free()`, `EC_KEY_free()`.
If `RSA_new_method()` fails because the engine does not implement the
required method, when `RSA_free(RSA *r)` is called,
`r->meth == NULL` and a segfault happens while checking if
`r->meth->finish` is defined.
This commit fixes this issue by ensuring that `r->meth` is not NULL
before dereferencing it to check for `r->meth->finish`.
Fixes #7102 .
Reviewed-by: Richard Levitte
Reviewed-by: Tim Hudson
Reviewed-by: Matt Caswell
Reviewed-by: Matthias St. Pierre
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7121)
---
Summary of changes:
crypto/dh/dh_lib.c | 10 ++
crypto/dsa/dsa_lib.c | 10 ++
crypto/ec/ec_key.c | 2 +-
crypto/ec/ec_kmeth.c | 2 +-
crypto/rsa/rsa_lib.c | 4 ++--
5 files changed, 16 insertions(+), 12 deletions(-)
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index e425225..962f864 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -83,12 +83,14 @@ DH *DH_new_method(ENGINE *engine)
if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
DHerr(DH_F_DH_NEW_METHOD, ERR_R_INIT_FAIL);
-err:
-DH_free(ret);
-ret = NULL;
+goto err;
}
return ret;
+
+ err:
+DH_free(ret);
+return NULL;
}
void DH_free(DH *r)
@@ -104,7 +106,7 @@ void DH_free(DH *r)
return;
REF_ASSERT_ISNT(i < 0);
-if (r->meth->finish)
+if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(r->engine);
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 739fde6..1048601 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -90,12 +90,14 @@ DSA *DSA_new_method(ENGINE *engine)
if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_INIT_FAIL);
-err:
-DSA_free(ret);
-ret = NULL;
+goto err;
}
return ret;
+
+ err:
+DSA_free(ret);
+return NULL;
}
void DSA_free(DSA *r)
@@ -111,7 +113,7 @@ void DSA_free(DSA *r)
return;
REF_ASSERT_ISNT(i < 0);
-if (r->meth->finish)
+if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(r->engine);
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index ec10b7e..9349abf 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -51,7 +51,7 @@ void EC_KEY_free(EC_KEY *r)
return;
REF_ASSERT_ISNT(i < 0);
-if (r->meth->finish != NULL)
+if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c
index 5e5d1ae..decad65 100644
--- a/crypto/ec/ec_kmeth.c
+++ b/crypto/ec/ec_kmeth.c
@@ -119,7 +119,7 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine)
}
return ret;
-err:
+ err:
EC_KEY_free(ret);
return NULL;
}
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index 61b1c16..72d1b5e 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -97,7 +97,7 @@ RSA *RSA_new_method(ENGINE *engine)
return ret;
-err:
+ err:
RSA_free(ret);
return NULL;
}
@@ -115,7 +115,7 @@ void RSA_free(RSA *r)
return;
REF_ASSERT_ISNT(i < 0);
-if (r->meth->finish)
+if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(r->engine);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
