Add openssl method null pointer judgement of ecc algs to avoid null pointer access in abnornal cases. And release the pkey method in error handling branch.
Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/uadk_ec.c | 21 +++++++++++++++++++++ src/uadk_ecx.c | 2 ++ src/uadk_sm2.c | 1 + 3 files changed, 24 insertions(+)
diff --git a/src/uadk_ec.c b/src/uadk_ec.c index 781e7f1..5852d04 100644 --- a/src/uadk_ec.c +++ b/src/uadk_ec.c @@ -405,6 +405,11 @@ static ECDSA_SIG *openssl_do_sign(const unsigned char *dgst, int dlen, EC_KEY_METHOD *openssl_meth;
openssl_meth = (EC_KEY_METHOD *)EC_KEY_OpenSSL(); + if (!openssl_meth) { + fprintf(stderr, "failed to get OpenSSL method\n"); + return NULL; + } + EC_KEY_METHOD_get_sign(openssl_meth, NULL, NULL, &sign_sig_pfunc); if (!sign_sig_pfunc) { @@ -647,6 +652,11 @@ static int openssl_do_verify(const unsigned char *dgst, int dlen, EC_KEY_METHOD *openssl_meth;
openssl_meth = (EC_KEY_METHOD *)EC_KEY_OpenSSL(); + if (!openssl_meth) { + fprintf(stderr, "failed to get OpenSSL method\n"); + return -1; + } + EC_KEY_METHOD_get_verify(openssl_meth, NULL, &verify_sig_pfunc); if (!verify_sig_pfunc) { @@ -814,6 +824,11 @@ static int openssl_do_generate(EC_KEY *eckey) EC_KEY_METHOD *openssl_meth;
openssl_meth = (EC_KEY_METHOD *)EC_KEY_OpenSSL(); + if (!openssl_meth) { + fprintf(stderr, "failed to get OpenSSL method\n"); + return -1; + } + EC_KEY_METHOD_get_keygen(openssl_meth, &gen_key_pfunc); if (!gen_key_pfunc) { fprintf(stderr, "gen_key_pfunc is NULL\n"); @@ -1255,6 +1270,11 @@ static int openssl_do_compute(unsigned char **pout, EC_KEY_METHOD *openssl_meth;
openssl_meth = (EC_KEY_METHOD *)EC_KEY_OpenSSL(); + if (!openssl_meth) { + fprintf(stderr, "failed to get OpenSSL method\n"); + return -1; + } + EC_KEY_METHOD_get_compute_key(openssl_meth, &comp_key_pfunc); if (!comp_key_pfunc) { fprintf(stderr, "comp_key_pfunc is NULL\n"); @@ -1420,6 +1440,7 @@ int uadk_ec_create_pmeth(struct uadk_pkey_meth *pkey_meth) openssl_meth = get_openssl_pkey_meth(EVP_PKEY_EC); if (!openssl_meth) { fprintf(stderr, "failed to get ec pkey methods\n"); + EVP_PKEY_meth_free(meth); return 0; }
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c index aebd808..3eafdfb 100644 --- a/src/uadk_ecx.c +++ b/src/uadk_ecx.c @@ -813,6 +813,7 @@ int uadk_x25519_create_pmeth(struct uadk_pkey_meth *pkey_meth) openssl_meth = get_openssl_pkey_meth(EVP_PKEY_X25519); if (!openssl_meth) { fprintf(stderr, "failed to get x25519 pkey methods\n"); + EVP_PKEY_meth_free(meth); return UADK_E_FAIL; }
@@ -858,6 +859,7 @@ int uadk_x448_create_pmeth(struct uadk_pkey_meth *pkey_meth) openssl_meth = get_openssl_pkey_meth(EVP_PKEY_X448); if (!openssl_meth) { fprintf(stderr, "failed to get x448 pkey methods\n"); + EVP_PKEY_meth_free(meth); return UADK_E_FAIL; }
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c index ba90f68..f393641 100644 --- a/src/uadk_sm2.c +++ b/src/uadk_sm2.c @@ -1643,6 +1643,7 @@ int uadk_sm2_create_pmeth(struct uadk_pkey_meth *pkey_meth) openssl_meth = get_openssl_pkey_meth(EVP_PKEY_SM2); if (!openssl_meth) { fprintf(stderr, "failed to get sm2 pkey methods\n"); + EVP_PKEY_meth_free(meth); return -1; }