From: Richard Levitte <levitte@openssl.org>
Date: Wed, 16 Apr 2003 06:25:21 +0000 (+0000)
Subject: Memory leak fix: RSA_blinding_on() didn't free Ai under certain circumstances.
X-Git-Tag: BEN_FIPS_TEST_1~38^2~134
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=040c687ce479bda5b68fd865d5ab97a91035e29e

Memory leak fix: RSA_blinding_on() didn't free Ai under certain circumstances.
Memory leak fix: RSA_blinding_on() would leave a dangling pointer in
                 rsa->blinding under certain circumstances.
Double definition fix: RSA_FLAG_NO_BLINDING was defined twice.
---

diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
index 604fc26442..12689fc22d 100644
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -162,11 +162,6 @@ struct rsa_st
 #define RSA_FLAG_CACHE_PUBLIC		0x02
 #define RSA_FLAG_CACHE_PRIVATE		0x04
 #define RSA_FLAG_BLINDING		0x08
-#define RSA_FLAG_NO_BLINDING		0x80 /* new with 0.9.6j and 0.9.7b; the built-in
-                                              * RSA implementation now uses blinding by
-                                              * default (ignoring RSA_FLAG_BLINDING),
-                                              * but other engines might not need it
-                                              */
 #define RSA_FLAG_THREAD_SAFE		0x10
 /* This flag means the private key operations will be handled by rsa_mod_exp
  * and that they do not depend on the private key components being present:
@@ -179,7 +174,11 @@ struct rsa_st
  */
 #define RSA_FLAG_SIGN_VER		0x40
 
-#define RSA_FLAG_NO_BLINDING		0x80
+#define RSA_FLAG_NO_BLINDING		0x80 /* new with 0.9.6j and 0.9.7b; the built-in
+                                              * RSA implementation now uses blinding by
+                                              * default (ignoring RSA_FLAG_BLINDING),
+                                              * but other engines might not need it
+                                              */
 
 #define RSA_PKCS1_PADDING	1
 #define RSA_SSLV23_PADDING	2
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index 53c5092014..e4d622851e 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -316,7 +316,7 @@ void RSA_blinding_off(RSA *rsa)
 
 int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
 	{
-	BIGNUM *A,*Ai;
+	BIGNUM *A,*Ai = NULL;
 	BN_CTX *ctx;
 	int ret=0;
 
@@ -327,8 +327,12 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
 	else
 		ctx=p_ctx;
 
+	/* XXXXX: Shouldn't this be RSA_blinding_off(rsa)? */
 	if (rsa->blinding != NULL)
+		{
 		BN_BLINDING_free(rsa->blinding);
+		rsa->blinding = NULL;
+		}
 
 	/* NB: similar code appears in setup_blinding (rsa_eay.c);
 	 * this should be placed in a new function of its own, but for reasons
@@ -356,9 +360,9 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
 	rsa->blinding->thread_id = CRYPTO_thread_id();
 	rsa->flags |= RSA_FLAG_BLINDING;
 	rsa->flags &= ~RSA_FLAG_NO_BLINDING;
-	BN_free(Ai);
 	ret=1;
 err:
+	if (Ai != NULL) BN_free(Ai);
 	BN_CTX_end(ctx);
 	if (ctx != p_ctx) BN_CTX_free(ctx);
 	return(ret);