Apply a change by Toomas Kiisk <vix@cyber.ee>:

* Fix a crashbug and a logic bug in hwcrhk_load_pubkey()

Apply a change by Toomas Kiisk <vix@cyber.ee>:
* Fix a crashbug and a logic bug in hwcrhk_load_pubkey()
a297985f · Richard Levitte · 404dcc5e · a297985f
隐藏空白更改
内联并排

Showing with 16 addition and 10 deletion

crypto/engine/hw_ncipher.c crypto/engine/hw_ncipher.c +16 -10

未找到文件。
--- a/crypto/engine/hw_ncipher.c
+++ b/crypto/engine/hw_ncipher.c
@@ -533,7 +533,7 @@ static int get_context(HWCryptoHook_ContextHandle *hac,
 	HWCryptoHook_ErrMsgBuf rmsg;

 	rmsg.buf = tempbuf;
-	rmsg.size = 1024;
+	rmsg.size = sizeof(tempbuf);

        *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg,
 		cac);
@@ -802,10 +802,16 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
 	HWCryptoHook_RSAKeyHandle *hptr;
 #endif
 #if !defined(OPENSSL_NO_RSA)
+	char tempbuf[1024];
 	HWCryptoHook_ErrMsgBuf rmsg;
 #endif
 	HWCryptoHook_PassphraseContext ppctx;

+#if !defined(OPENSSL_NO_RSA)
+	rmsg.buf = tempbuf;
+	rmsg.size = sizeof(tempbuf);
+#endif
+
 	if(!hwcrhk_context)
 		{
 		HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
@@ -912,9 +918,12 @@ static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
 			res->pkey.rsa = RSA_new();
 			res->pkey.rsa->n = rsa->n;
 			res->pkey.rsa->e = rsa->e;
+			rsa->n = NULL;
+			rsa->e = NULL;
 			CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
 			RSA_free(rsa);
 			}
+			break;
 #endif
 		default:
 			HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
@@ -943,7 +952,7 @@ static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 
 	to_return = 0; /* expect failure */
 	rmsg.buf = tempbuf;
-	rmsg.size = 1024;
+	rmsg.size = sizeof(tempbuf);

 	if(!hwcrhk_context)
 		{
@@ -994,6 +1003,9 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa)
 	HWCryptoHook_RSAKeyHandle *hptr;
 	int to_return = 0, ret;

+	rmsg.buf = tempbuf;
+	rmsg.size = sizeof(tempbuf);
+
 	if(!hwcrhk_context)
 		{
 		HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED);
@@ -1015,9 +1027,6 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa)
 			goto err;
 			}

-		rmsg.buf = tempbuf;
-		rmsg.size = 1024;
-
 		/* Prepare the params */
 		bn_expand2(r, rsa->n->top); /* Check for error !! */
 		BN2MPI(m_a, I);
@@ -1060,9 +1069,6 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa)
 			goto err;
 			}

-		rmsg.buf = tempbuf;
-		rmsg.size = 1024;
-
 		/* Prepare the params */
 		bn_expand2(r, rsa->n->top); /* Check for error !! */
 		BN2MPI(m_a, I);
@@ -1131,7 +1137,7 @@ static int hwcrhk_rand_bytes(unsigned char *buf, int num)
 	int ret;

 	rmsg.buf = tempbuf;
-	rmsg.size = 1024;
+	rmsg.size = sizeof(tempbuf);

 	if(!hwcrhk_context)
 		{
@@ -1183,7 +1189,7 @@ static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
 #endif

 	rmsg.buf = tempbuf;
-	rmsg.size = 1024;
+	rmsg.size = sizeof(tempbuf);

 #ifndef OPENSSL_NO_RSA
 	hptr = (HWCryptoHook_RSAKeyHandle *) item;