From 22778abad905536fa6c93cdc6fffc8c736dfee79 Mon Sep 17 00:00:00 2001 From: Peiwei Hu <jlu.hpw@foxmail.com> Date: Thu, 6 Jan 2022 09:47:05 +0800 Subject: [PATCH] providers/implementations/keymgmt/rsa_kmgmt.c: refactor gen_init There is risk to pass the gctx with NULL value to rsa_gen_set_params which dereference gctx directly. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17429) --- providers/implementations/keymgmt/rsa_kmgmt.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c index b1c3011f14..29e5d10813 100644 --- a/providers/implementations/keymgmt/rsa_kmgmt.c +++ b/providers/implementations/keymgmt/rsa_kmgmt.c @@ -454,19 +454,24 @@ static void *gen_init(void *provctx, int selection, int rsa_type, gctx->libctx = libctx; if ((gctx->pub_exp = BN_new()) == NULL || !BN_set_word(gctx->pub_exp, RSA_F4)) { - BN_free(gctx->pub_exp); - OPENSSL_free(gctx); - return NULL; + goto err; } gctx->nbits = 2048; gctx->primes = RSA_DEFAULT_PRIME_NUM; gctx->rsa_type = rsa_type; + } else { + goto err; } - if (!rsa_gen_set_params(gctx, params)) { - OPENSSL_free(gctx); - return NULL; - } + + if (!rsa_gen_set_params(gctx, params)) + goto err; return gctx; + +err: + if (gctx != NULL) + BN_free(gctx->pub_exp); + OPENSSL_free(gctx); + return NULL; } static void *rsa_gen_init(void *provctx, int selection,