mirror of
https://github.com/openssl/openssl.git
synced 2025-01-18 13:44:20 +08:00
Fix RSA_X931_derive_ex
In the RSA_X931_derive_ex a call to BN_CTX_new is made. This can return NULL on error. However the return value is not tested until *after* it is derefed! Also at the top of the function a test is made to ensure that |rsa| is not NULL. If it is we go to the "err" label. Unfortunately the error handling code deref's rsa. Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
parent
d813f9eb38
commit
007fd1404f
@ -72,14 +72,15 @@ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
|
|||||||
{
|
{
|
||||||
BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL;
|
BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL;
|
||||||
BN_CTX *ctx = NULL, *ctx2 = NULL;
|
BN_CTX *ctx = NULL, *ctx2 = NULL;
|
||||||
|
int ret = 0;
|
||||||
|
|
||||||
if (!rsa)
|
if (!rsa)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
ctx = BN_CTX_new();
|
ctx = BN_CTX_new();
|
||||||
BN_CTX_start(ctx);
|
|
||||||
if (!ctx)
|
if (!ctx)
|
||||||
goto err;
|
goto err;
|
||||||
|
BN_CTX_start(ctx);
|
||||||
|
|
||||||
r0 = BN_CTX_get(ctx);
|
r0 = BN_CTX_get(ctx);
|
||||||
r1 = BN_CTX_get(ctx);
|
r1 = BN_CTX_get(ctx);
|
||||||
@ -176,6 +177,7 @@ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
|
|||||||
/* calculate inverse of q mod p */
|
/* calculate inverse of q mod p */
|
||||||
rsa->iqmp = BN_mod_inverse(NULL, rsa->q, rsa->p, ctx2);
|
rsa->iqmp = BN_mod_inverse(NULL, rsa->q, rsa->p, ctx2);
|
||||||
|
|
||||||
|
ret = 1;
|
||||||
err:
|
err:
|
||||||
if (ctx) {
|
if (ctx) {
|
||||||
BN_CTX_end(ctx);
|
BN_CTX_end(ctx);
|
||||||
@ -183,11 +185,8 @@ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
|
|||||||
}
|
}
|
||||||
if (ctx2)
|
if (ctx2)
|
||||||
BN_CTX_free(ctx2);
|
BN_CTX_free(ctx2);
|
||||||
/* If this is set all calls successful */
|
|
||||||
if (rsa->iqmp != NULL)
|
|
||||||
return 1;
|
|
||||||
|
|
||||||
return 0;
|
return ret;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user