privkey: Allow deinit after failed export

The documentation for gnutls_privkey_export_* states that the caller
must use gnutls_*_deinit on key, without mentioning whether this
requirement is still present when the function fails.  But the
implementation has a code path where key is left uninitialized.
Similar to the recent fix for *_init, guarantee that *key is set to a
sane value on all exit paths.

Signed-off-by: Eric Blake <eblake@redhat.com>

diff --git a/lib/privkey.c b/lib/privkey.c
index 1303311e5744f4124c9564c95fc1ce3be876120c..b94db068a8628ff84ff65a5e7797a37475e8ccf3 100644 (file)
--- a/lib/privkey.c
+++ b/lib/privkey.c
@@ -615,6 +615,7 @@ gnutls_privkey_export_pkcs11(gnutls_privkey_t pkey,
 {
        int ret;
 
+       *key = NULL;
        if (pkey->type != GNUTLS_PRIVKEY_PKCS11) {
                gnutls_assert();
                return GNUTLS_E_INVALID_REQUEST;
@@ -978,6 +979,7 @@ gnutls_privkey_export_x509(gnutls_privkey_t pkey,
 {
        int ret;
 
+       *key = NULL;
        if (pkey->type != GNUTLS_PRIVKEY_X509) {
                gnutls_assert();
                return GNUTLS_E_INVALID_REQUEST;