Add missing "Design by Contract" REQUIREs

diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
index 73063682ebd56ef4e8e5f3def600373036db556d..4c264c183a8c9088ec0e23f721bacdc526ff374d 100644 (file)
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@@ -168,6 +168,7 @@ opensslrsa_createctx(dst_key_t *key, dst_context_t *dctx) {
        const EVP_MD *type = NULL;
 
        UNUSED(key);
+       REQUIRE(dctx != NULL && dctx->key != NULL);
        REQUIRE(opensslrsa_valid_key_alg(dctx->key->key_alg));
 
        /*
@@ -229,10 +230,13 @@ opensslrsa_createctx(dst_key_t *key, dst_context_t *dctx) {
 
 static void
 opensslrsa_destroyctx(dst_context_t *dctx) {
-       EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
+       EVP_MD_CTX *evp_md_ctx = NULL;
 
+       REQUIRE(dctx != NULL && dctx->key != NULL);
        REQUIRE(opensslrsa_valid_key_alg(dctx->key->key_alg));
 
+       evp_md_ctx = dctx->ctxdata.evp_md_ctx;
+
        if (evp_md_ctx != NULL) {
                EVP_MD_CTX_destroy(evp_md_ctx);
                dctx->ctxdata.evp_md_ctx = NULL;
@@ -241,10 +245,13 @@ opensslrsa_destroyctx(dst_context_t *dctx) {
 
 static isc_result_t
 opensslrsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
-       EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
+       EVP_MD_CTX *evp_md_ctx = NULL;
 
+       REQUIRE(dctx != NULL && dctx->key != NULL);
        REQUIRE(opensslrsa_valid_key_alg(dctx->key->key_alg));
 
+       evp_md_ctx = dctx->ctxdata.evp_md_ctx;
+
        if (!EVP_DigestUpdate(evp_md_ctx, data->base, data->length)) {
                return (dst__openssl_toresult3(
                        dctx->category, "EVP_DigestUpdate", ISC_R_FAILURE));
@@ -254,14 +261,19 @@ opensslrsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
 
 static isc_result_t
 opensslrsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
-       dst_key_t *key = dctx->key;
+       dst_key_t *key = NULL;
        isc_region_t r;
        unsigned int siglen = 0;
-       EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
-       EVP_PKEY *pkey = key->keydata.pkeypair.priv;
+       EVP_MD_CTX *evp_md_ctx = NULL;
+       EVP_PKEY *pkey = NULL;
 
+       REQUIRE(dctx != NULL && dctx->key != NULL);
        REQUIRE(opensslrsa_valid_key_alg(dctx->key->key_alg));
 
+       key = dctx->key;
+       evp_md_ctx = dctx->ctxdata.evp_md_ctx;
+       pkey = key->keydata.pkeypair.priv;
+
        isc_buffer_availableregion(sig, &r);
 
        if (r.length < (unsigned int)EVP_PKEY_size(pkey)) {
@@ -305,13 +317,18 @@ opensslrsa_check_exponent_bits(EVP_PKEY *pkey, int maxbits) {
 
 static isc_result_t
 opensslrsa_verify2(dst_context_t *dctx, int maxbits, const isc_region_t *sig) {
-       dst_key_t *key = dctx->key;
+       dst_key_t *key = NULL;
        int status = 0;
-       EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
-       EVP_PKEY *pkey = key->keydata.pkeypair.pub;
+       EVP_MD_CTX *evp_md_ctx = NULL;
+       EVP_PKEY *pkey = NULL;
 
+       REQUIRE(dctx != NULL && dctx->key != NULL);
        REQUIRE(opensslrsa_valid_key_alg(dctx->key->key_alg));
 
+       key = dctx->key;
+       evp_md_ctx = dctx->ctxdata.evp_md_ctx;
+       pkey = key->keydata.pkeypair.pub;
+
        if (maxbits != 0 && !opensslrsa_check_exponent_bits(pkey, maxbits)) {
                return (DST_R_VERIFYFAILURE);
        }
@@ -902,13 +919,16 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
        dst_private_t priv;
        isc_result_t ret;
        int i;
-       isc_mem_t *mctx = key->mctx;
+       isc_mem_t *mctx = NULL;
        const char *engine = NULL, *label = NULL;
        EVP_PKEY *pkey = NULL;
        rsa_components_t c = { .bnfree = true };
 
+       REQUIRE(key != NULL);
        REQUIRE(opensslrsa_valid_key_alg(key->key_alg));
 
+       mctx = key->mctx;
+
        /* read private key file */
        ret = dst__privstruct_parse(key, DST_ALG_RSA, lexer, mctx, &priv);
        if (ret != ISC_R_SUCCESS) {