From: FdaSilvaYY Date: Tue, 8 Mar 2016 19:11:48 +0000 (+0100) Subject: Add checks on CRYPTO_new_ex_data return value... X-Git-Tag: OpenSSL_1_1_0-pre6~1015 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=2bbf0baa9565cce937d85592f12d1279871dfaf6;p=oweals%2Fopenssl.git Add checks on CRYPTO_new_ex_data return value... with some adaptation to new multi-threading API. Once reference, lock, meth and flag fields are setup, DSA_free/DH_free can be called directly. Reviewed-by: Richard Levitte Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/996) --- diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 9db45763fa..650ca43da0 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -109,13 +109,20 @@ DH *DH_new_method(ENGINE *engine) return NULL; } + ret->references = 1; + ret->lock = CRYPTO_THREAD_lock_new(); + if (ret->lock == NULL) { + OPENSSL_free(ret); + return NULL; + } + ret->meth = DH_get_default_method(); #ifndef OPENSSL_NO_ENGINE + ret->flags = ret->meth->flags; /* early default init */ if (engine) { if (!ENGINE_init(engine)) { DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); - OPENSSL_free(ret); - return NULL; + goto err; } ret->engine = engine; } else @@ -124,29 +131,19 @@ DH *DH_new_method(ENGINE *engine) ret->meth = ENGINE_get_DH(ret->engine); if (ret->meth == NULL) { DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); - ENGINE_finish(ret->engine); - OPENSSL_free(ret); - return NULL; + goto err; } } #endif - ret->references = 1; ret->flags = ret->meth->flags; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); - - ret->lock = CRYPTO_THREAD_lock_new(); - if (ret->lock == NULL) { -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(ret->engine); -#endif - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); - OPENSSL_free(ret); - return NULL; - } + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data)) + goto err; if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { + DHerr(DH_F_DH_NEW_METHOD, ERR_R_INIT_FAIL); +err: DH_free(ret); ret = NULL; } diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 7b751a961d..96debebad6 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -111,20 +111,27 @@ const DSA_METHOD *DSA_get_method(DSA *d) DSA *DSA_new_method(ENGINE *engine) { - DSA *ret; + DSA *ret = OPENSSL_zalloc(sizeof(*ret)); - ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE); return NULL; } + + ret->references = 1; + ret->lock = CRYPTO_THREAD_lock_new(); + if (ret->lock == NULL) { + OPENSSL_free(ret); + return NULL; + } + ret->meth = DSA_get_default_method(); #ifndef OPENSSL_NO_ENGINE + ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; /* early default init */ if (engine) { if (!ENGINE_init(engine)) { DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); - OPENSSL_free(ret); - return NULL; + goto err; } ret->engine = engine; } else @@ -133,29 +140,19 @@ DSA *DSA_new_method(ENGINE *engine) ret->meth = ENGINE_get_DSA(ret->engine); if (ret->meth == NULL) { DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); - ENGINE_finish(ret->engine); - OPENSSL_free(ret); - return NULL; + goto err; } } #endif - ret->references = 1; ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); - - ret->lock = CRYPTO_THREAD_lock_new(); - if (ret->lock == NULL) { -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(ret->engine); -#endif - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); - OPENSSL_free(ret); - return NULL; - } + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data)) + goto err; if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { + DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_INIT_FAIL); +err: DSA_free(ret); ret = NULL; }