From: Matt Caswell <matt@openssl.org>
Date: Fri, 13 Mar 2015 15:04:54 +0000 (+0000)
Subject: Fix misc NULL derefs in sureware engine
X-Git-Tag: OpenSSL_1_1_0-pre1~1457
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=7b611e5fe8eaac9512f72094c460f3ed6040076a

Fix misc NULL derefs in sureware engine

Fix miscellaneous NULL pointer derefs in the sureware engine.

Reviewed-by: Richard Levitte <levitte@openssl.org>
---

diff --git a/engines/e_sureware.c b/engines/e_sureware.c
index 262766c602..3c7b2b26bf 100644
--- a/engines/e_sureware.c
+++ b/engines/e_sureware.c
@@ -713,10 +713,12 @@ static EVP_PKEY *sureware_load_public(ENGINE *e, const char *key_id,
         /* set public big nums */
         rsatmp->e = BN_new();
         rsatmp->n = BN_new();
+        if(!rsatmp->e || !rsatmp->n)
+            goto err;
         bn_expand2(rsatmp->e, el / sizeof(BN_ULONG));
         bn_expand2(rsatmp->n, el / sizeof(BN_ULONG));
-        if (!rsatmp->e || rsatmp->e->dmax != (int)(el / sizeof(BN_ULONG)) ||
-            !rsatmp->n || rsatmp->n->dmax != (int)(el / sizeof(BN_ULONG)))
+        if (rsatmp->e->dmax != (int)(el / sizeof(BN_ULONG)) ||
+            rsatmp->n->dmax != (int)(el / sizeof(BN_ULONG)))
             goto err;
         ret = p_surewarehk_Load_Rsa_Pubkey(msg, key_id, el,
                                            (unsigned long *)rsatmp->n->d,
@@ -753,15 +755,16 @@ static EVP_PKEY *sureware_load_public(ENGINE *e, const char *key_id,
         dsatmp->p = BN_new();
         dsatmp->q = BN_new();
         dsatmp->g = BN_new();
+        if(!dsatmp->pub_key || !dsatmp->p || !dsatmp->q || !dsatmp->g)
+            goto err;
         bn_expand2(dsatmp->pub_key, el / sizeof(BN_ULONG));
         bn_expand2(dsatmp->p, el / sizeof(BN_ULONG));
         bn_expand2(dsatmp->q, 20 / sizeof(BN_ULONG));
         bn_expand2(dsatmp->g, el / sizeof(BN_ULONG));
-        if (!dsatmp->pub_key
-            || dsatmp->pub_key->dmax != (int)(el / sizeof(BN_ULONG))
-            || !dsatmp->p || dsatmp->p->dmax != (int)(el / sizeof(BN_ULONG))
-            || !dsatmp->q || dsatmp->q->dmax != 20 / sizeof(BN_ULONG)
-            || !dsatmp->g || dsatmp->g->dmax != (int)(el / sizeof(BN_ULONG)))
+        if (dsatmp->pub_key->dmax != (int)(el / sizeof(BN_ULONG))
+            || dsatmp->p->dmax != (int)(el / sizeof(BN_ULONG))
+            || dsatmp->q->dmax != 20 / sizeof(BN_ULONG)
+            || dsatmp->g->dmax != (int)(el / sizeof(BN_ULONG)))
             goto err;
 
         ret = p_surewarehk_Load_Dsa_Pubkey(msg, key_id, el,
@@ -1018,10 +1021,12 @@ static DSA_SIG *surewarehk_dsa_do_sign(const unsigned char *from, int flen,
         }
         psign->r = BN_new();
         psign->s = BN_new();
+        if(!psign->r || !psign->s)
+            goto err;
         bn_expand2(psign->r, 20 / sizeof(BN_ULONG));
         bn_expand2(psign->s, 20 / sizeof(BN_ULONG));
-        if (!psign->r || psign->r->dmax != 20 / sizeof(BN_ULONG) ||
-            !psign->s || psign->s->dmax != 20 / sizeof(BN_ULONG))
+        if (psign->r->dmax != 20 / sizeof(BN_ULONG) ||
+            psign->s->dmax != 20 / sizeof(BN_ULONG))
             goto err;
         ret = p_surewarehk_Dsa_Sign(msg, flen, from,
                                     (unsigned long *)psign->r->d,
@@ -1050,9 +1055,9 @@ static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
     char msg[64] = "ENGINE_modexp";
     if (!p_surewarehk_Mod_Exp) {
         SUREWAREerr(SUREWARE_F_SUREWAREHK_MODEXP, ENGINE_R_NOT_INITIALISED);
-    } else {
+    } else if (r) {
         bn_expand2(r, m->top);
-        if (r && r->dmax == m->top) {
+        if (r->dmax == m->top) {
             /* do it */
             ret = p_surewarehk_Mod_Exp(msg,
                                        m->top * sizeof(BN_ULONG),