From e4f165e71ecc836dd0a2ebe46f6a4891883384a0 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Fri, 25 Jan 2002 17:46:34 +0000
Subject: [PATCH] Apply a change by Toomas Kiisk <vix@cyber.ee>:

* Fix a crashbug and a logic bug in hwcrhk_load_pubkey()
---
 crypto/engine/hw_ncipher.c | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/crypto/engine/hw_ncipher.c b/crypto/engine/hw_ncipher.c
index b947e8d177..3afde04176 100644
--- a/crypto/engine/hw_ncipher.c
+++ b/crypto/engine/hw_ncipher.c
@@ -359,7 +359,7 @@ static int get_context(HWCryptoHook_ContextHandle *hac)
 	HWCryptoHook_ErrMsgBuf rmsg;
 
 	rmsg.buf = tempbuf;
-	rmsg.size = 1024;
+	rmsg.size = sizeof(tempbuf);
 
         *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg,
 		NULL);
@@ -576,8 +576,12 @@ static EVP_PKEY *hwcrhk_load_privkey(const char *key_id,
 	EVP_PKEY *res = NULL;
 	HWCryptoHook_MPI e, n;
 	HWCryptoHook_RSAKeyHandle *hptr;
+ 	char tempbuf[1024];
 	HWCryptoHook_ErrMsgBuf rmsg;
 
+ 	rmsg.buf = tempbuf;
+ 	rmsg.size = sizeof(tempbuf);
+
 	if(!hwcrhk_context)
 		{
 		ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY,
@@ -665,9 +669,12 @@ static EVP_PKEY *hwcrhk_load_pubkey(const char *key_id, const char *passphrase)
 			res->pkey.rsa = RSA_new();
 			res->pkey.rsa->n = rsa->n;
 			res->pkey.rsa->e = rsa->e;
+ 			rsa->n = NULL;
+ 			rsa->e = NULL;
 			CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
 			RSA_free(rsa);
 			}
+			break;
 		default:
 			ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY,
 				ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
@@ -695,7 +702,7 @@ static int hwcrhk_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
  
 	to_return = 0; /* expect failure */
 	rmsg.buf = tempbuf;
-	rmsg.size = 1024;
+	rmsg.size = sizeof(tempbuf);
 
 	if(!hwcrhk_context)
 		{
@@ -745,6 +752,9 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, BIGNUM *I, RSA *rsa)
 	HWCryptoHook_RSAKeyHandle *hptr;
 	int to_return = 0, ret;
 
+	rmsg.buf = tempbuf;
+	rmsg.size = sizeof(tempbuf);
+
 	if(!hwcrhk_context)
 		{
 		ENGINEerr(ENGINE_F_HWCRHK_MOD_EXP,ENGINE_R_NOT_INITIALISED);
@@ -766,9 +776,6 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, BIGNUM *I, RSA *rsa)
 			goto err;
 			}
 
-		rmsg.buf = tempbuf;
-		rmsg.size = 1024;
-
 		/* Prepare the params */
 		bn_expand2(r, rsa->n->top); /* Check for error !! */
 		BN2MPI(m_a, I);
@@ -809,9 +816,6 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, BIGNUM *I, RSA *rsa)
 			goto err;
 			}
 
-		rmsg.buf = tempbuf;
-		rmsg.size = 1024;
-
 		/* Prepare the params */
 		bn_expand2(r, rsa->n->top); /* Check for error !! */
 		BN2MPI(m_a, I);
@@ -876,7 +880,7 @@ static int hwcrhk_rand_bytes(unsigned char *buf, int num)
 	int ret;
 
 	rmsg.buf = tempbuf;
-	rmsg.size = 1024;
+	rmsg.size = sizeof(tempbuf);
 
 	if(!hwcrhk_context)
 		{
@@ -922,7 +926,7 @@ static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
 	int ret;
 
 	rmsg.buf = tempbuf;
-	rmsg.size = 1024;
+	rmsg.size = sizeof(tempbuf);
 
 	hptr = (HWCryptoHook_RSAKeyHandle *) item;
 	if(!hptr) return;
-- 
2.25.1