From: J Mohan Rao Arisankala <mohan@barracuda.com>
Date: Tue, 23 Feb 2016 17:03:28 +0000 (+0530)
Subject: Check method before access and release ctx in error paths
X-Git-Tag: OpenSSL_1_1_0-pre4~501
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=2c91b3f5bf01de198ca45d49fcba3d6c24e8c7f6

Check method before access and release ctx in error paths

- In error paths, EVP_MD_CTX allocated by the callee is not released.
- Checking method before accessing

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
---

diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c
index 99124c1bed..6e6f497880 100644
--- a/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
@@ -245,7 +245,12 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
 
     if (!type || !pkey) {
         ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED);
-        return 0;
+        goto err;
+    }
+
+    if (!pkey->ameth) {
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
+        goto err;
     }
 
     if (pkey->ameth->item_sign) {
@@ -267,13 +272,12 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
         rv = 2;
 
     if (rv == 2) {
-        if (!pkey->ameth ||
-            !OBJ_find_sigid_by_algs(&signid,
+        if (!OBJ_find_sigid_by_algs(&signid,
                                     EVP_MD_nid(type),
                                     pkey->ameth->pkey_id)) {
             ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,
                     ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
-            return 0;
+            goto err;
         }
 
         if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)