Fix EVP_PKEY_assign_DSA and consorts. Bugfix #406

diff --git a/dnssec_verify.c b/dnssec_verify.c
index 18f8efc38d3c34cd52fc4b53fc6b37eb289b7cd5..90aa719d5ba00d451c1aafbd0f900403a388f73e 100644 (file)
--- a/dnssec_verify.c
+++ b/dnssec_verify.c
@@ -1629,7 +1629,11 @@ ldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo)
                 EC_KEY_free(ec);
                 return NULL;
         }
-        EVP_PKEY_assign_EC_KEY(evp_key, ec);
+        if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
+               EVP_PKEY_free(evp_key);
+               EC_KEY_free(ec);
+               return NULL;
+       }
         return evp_key;
 }
 
@@ -2257,12 +2261,15 @@ ldns_verify_rrsig_dsa_raw(unsigned char* sig, size_t siglen,
        ldns_status result;
 
        evp_key = EVP_PKEY_new();
-       EVP_PKEY_assign_DSA(evp_key, ldns_key_buf2dsa_raw(key, keylen));
-       result = ldns_verify_rrsig_evp_raw(sig,
+       if (EVP_PKEY_assign_DSA(evp_key, ldns_key_buf2dsa_raw(key, keylen))) {
+               result = ldns_verify_rrsig_evp_raw(sig,
                                                                siglen,
                                                                rrset,
                                                                evp_key,
                                                                EVP_dss1());
+       } else {
+               result = LDNS_STATUS_SSL_ERR;
+       }
        EVP_PKEY_free(evp_key);
        return result;
 
@@ -2276,12 +2283,15 @@ ldns_verify_rrsig_rsasha1_raw(unsigned char* sig, size_t siglen,
        ldns_status result;
 
        evp_key = EVP_PKEY_new();
-       EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen));
-       result = ldns_verify_rrsig_evp_raw(sig,
+       if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) {
+               result = ldns_verify_rrsig_evp_raw(sig,
                                                                siglen,
                                                                rrset,
                                                                evp_key,
                                                                EVP_sha1());
+       } else {
+               result = LDNS_STATUS_SSL_ERR;
+       }
        EVP_PKEY_free(evp_key);
 
        return result;
@@ -2299,12 +2309,15 @@ ldns_verify_rrsig_rsasha256_raw(unsigned char* sig,
        ldns_status result;
 
        evp_key = EVP_PKEY_new();
-       EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen));
-       result = ldns_verify_rrsig_evp_raw(sig,
+       if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) {
+               result = ldns_verify_rrsig_evp_raw(sig,
                                                                siglen,
                                                                rrset,
                                                                evp_key,
                                                                EVP_sha256());
+       } else {
+               result = LDNS_STATUS_SSL_ERR;
+       }
        EVP_PKEY_free(evp_key);
 
        return result;
@@ -2331,12 +2344,15 @@ ldns_verify_rrsig_rsasha512_raw(unsigned char* sig,
        ldns_status result;
 
        evp_key = EVP_PKEY_new();
-       EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen));
-       result = ldns_verify_rrsig_evp_raw(sig,
+       if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) {
+               result = ldns_verify_rrsig_evp_raw(sig,
                                                                siglen,
                                                                rrset,
                                                                evp_key,
                                                                EVP_sha512());
+       } else {
+               result = LDNS_STATUS_SSL_ERR;
+       }
        EVP_PKEY_free(evp_key);
 
        return result;
@@ -2363,12 +2379,15 @@ ldns_verify_rrsig_rsamd5_raw(unsigned char* sig,
        ldns_status result;
 
        evp_key = EVP_PKEY_new();
-       EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen));
-       result = ldns_verify_rrsig_evp_raw(sig,
+       if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) {
+               result = ldns_verify_rrsig_evp_raw(sig,
                                                                siglen,
                                                                rrset,
                                                                evp_key,
                                                                EVP_md5());
+       } else {
+               result = LDNS_STATUS_SSL_ERR;
+       }
        EVP_PKEY_free(evp_key);
 
        return result;

diff --git a/keys.c b/keys.c
index c224cd6fe4f83d54aa05a91965021bd2ebfdeb78..2d7f62ab1f4903ccc6848ee0be320e1e5a7008cc 100644 (file)
--- a/keys.c
+++ b/keys.c
@@ -278,8 +278,11 @@ ldns_key_new_frm_fp_ecdsa_l(FILE* fp, ldns_algorithm alg, int* line_nr)
                 EC_KEY_free(ec);
                 return NULL;
         }
-        EVP_PKEY_assign_EC_KEY(evp_key, ec);
-
+        if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
+               EVP_PKEY_free(evp_key);
+                EC_KEY_free(ec);
+                return NULL;
+       }
         return evp_key;
 }
 #endif
@@ -839,7 +842,6 @@ ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
                                ldns_key_free(k);
                                return NULL;
                        }
-
                        ldns_key_set_rsa_key(k, r);
 #endif /* HAVE_SSL */
                        break;
@@ -929,7 +931,11 @@ ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
                                 EC_KEY_free(ec);
                                 return NULL;
                         }
-                        EVP_PKEY_assign_EC_KEY(k->_key.key, ec);
+                        if (!EVP_PKEY_assign_EC_KEY(k->_key.key, ec)) {
+                                ldns_key_free(k);
+                                EC_KEY_free(ec);
+                                return NULL;
+                       }
 #endif /* splint */
                        break;
 #endif