cppcheck: Variable is reassigned a value before the old one has been used.

[openssl-gost/engine.git] / gost_ameth.c

diff --git a/gost_ameth.c b/gost_ameth.c
index 50d0804a4f3706311ed0309bb946e7282858c194..f13b4ed8a544a6ab21b4d7262fc6952d5ea53fce 100644 (file)
--- a/gost_ameth.c
+++ b/gost_ameth.c
@@ -79,6 +79,12 @@ static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key)
         break;
     case NID_id_GostR3410_2012_512:
         pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key_ptr));
+       switch (pkey_param_nid) {
+           case NID_id_tc26_gost_3410_2012_512_paramSetTest:
+           case NID_id_tc26_gost_3410_2012_512_paramSetA:
+           case NID_id_tc26_gost_3410_2012_512_paramSetB:
+               gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_2012_512);
+       }
         break;
     case NID_id_GostR3410_2001:
         pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key_ptr));
@@ -304,7 +310,7 @@ static BIGNUM *unmask_priv_key(EVP_PKEY *pk,
     const EC_KEY *key_ptr = (pk) ? EVP_PKEY_get0(pk) : NULL;
     const EC_GROUP *group = (key_ptr) ? EC_KEY_get0_group(key_ptr) : NULL;
 
-    pknum_masked = hashsum2bn(buf, len);
+    pknum_masked = BN_lebin2bn(buf, len, BN_secure_new());
     if (!pknum_masked)
         return NULL;
 
@@ -322,8 +328,8 @@ static BIGNUM *unmask_priv_key(EVP_PKEY *pk,
         }
 
         for (; p != buf; p -= len) {
-            BIGNUM *mask = hashsum2bn(p, len);
-            BN_CTX *ctx = BN_CTX_new();
+            BIGNUM *mask = BN_lebin2bn(p, len, BN_secure_new());
+            BN_CTX *ctx = BN_CTX_secure_new();
 
             BN_mod_mul(pknum_masked, pknum_masked, mask, q, ctx);
 
@@ -348,7 +354,7 @@ static int priv_decode_gost(EVP_PKEY *pk,
     const X509_ALGOR *palg = NULL;
     const ASN1_OBJECT *palg_obj = NULL;
     ASN1_INTEGER *priv_key = NULL;
-    int expected_key_len = 32;
+    int expected_key_len;
 
     if (!PKCS8_pkey_get0(&palg_obj, &pkey_buf, &priv_len, &palg, p8inf))
         return 0;
@@ -375,7 +381,7 @@ static int priv_decode_gost(EVP_PKEY *pk,
             GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
             return 0;
         }
-        pk_num = hashsum2bn(s->data, s->length);
+        pk_num = BN_lebin2bn(s->data, s->length, BN_secure_new());
         ASN1_STRING_free(s);
     } else if (V_ASN1_INTEGER == *p) {
         priv_key = d2i_ASN1_INTEGER(NULL, &p, priv_len);
@@ -383,11 +389,10 @@ static int priv_decode_gost(EVP_PKEY *pk,
             GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
             return 0;
         }
-        pk_num = ASN1_INTEGER_to_BN(priv_key, NULL);
+        pk_num = ASN1_INTEGER_to_BN(priv_key, BN_secure_new());
         ASN1_INTEGER_free(priv_key);
     } else if ((V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) == *p) {
-        MASKED_GOST_KEY *mgk = NULL;
-        mgk = d2i_MASKED_GOST_KEY(NULL, &p, priv_len);
+        MASKED_GOST_KEY *mgk = d2i_MASKED_GOST_KEY(NULL, &p, priv_len);
 
         if (!mgk) {
             GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR);
@@ -424,23 +429,25 @@ static int priv_decode_gost(EVP_PKEY *pk,
 static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)
 {
     ASN1_OBJECT *algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
-    ASN1_STRING *params = encode_gost_algor_params(pk);
+    ASN1_STRING *params = NULL;
     unsigned char *buf = NULL;
     int key_len = pkey_bits_gost(pk), i = 0;
     /* unmasked private key */
     const char *pk_format = get_gost_engine_param(GOST_PARAM_PK_FORMAT);
 
-    if (!params) {
+    key_len = (key_len < 0) ? 0 : key_len / 8;
+    if (key_len == 0 || !(buf = OPENSSL_secure_malloc(key_len))) {
         return 0;
     }
 
-    key_len = (key_len < 0) ? 0 : key_len / 8;
-    if (key_len == 0 || !(buf = OPENSSL_malloc(key_len))) {
+    if (!store_bignum(gost_get0_priv_key(pk), buf, key_len)) {
+        OPENSSL_secure_free(buf);
         return 0;
     }
 
-    if (!store_bignum(gost_get0_priv_key(pk), buf, key_len)) {
-        OPENSSL_free(buf);
+    params = encode_gost_algor_params(pk);
+    if (!params) {
+        OPENSSL_secure_free(buf);
         return 0;
     }
 
@@ -452,15 +459,18 @@ static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)
     }
 
     if (pk_format != NULL && strcmp(pk_format, PK_WRAP_PARAM) == 0) {
-        ASN1_STRING *octet = NULL;
+        ASN1_STRING *octet = ASN1_STRING_new();
         int priv_len = 0;
         unsigned char *priv_buf = NULL;
-
-        octet = ASN1_STRING_new();
-        ASN1_OCTET_STRING_set(octet, buf, key_len);
+        if (!octet || !ASN1_OCTET_STRING_set(octet, buf, key_len)) {
+            ASN1_STRING_free(octet);
+            ASN1_STRING_free(params);
+            OPENSSL_secure_free(buf);
+            return 0;
+        }
         priv_len = i2d_ASN1_OCTET_STRING(octet, &priv_buf);
         ASN1_STRING_free(octet);
-        OPENSSL_free(buf);
+        OPENSSL_secure_free(buf);
 
         return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params,
                                priv_buf, priv_len);
@@ -711,21 +721,21 @@ static int pub_decode_gost_ec(EVP_PKEY *pk, X509_PUBKEY *pub)
 
 static int pub_encode_gost_ec(X509_PUBKEY *pub, const EVP_PKEY *pk)
 {
-    ASN1_OBJECT *algobj = NULL;
+    ASN1_OBJECT *algobj;
     ASN1_OCTET_STRING *octet = NULL;
-    void *pval = NULL;
+    void *pval;
     unsigned char *buf = NULL, *databuf = NULL;
     int data_len, ret = -1;
     const EC_POINT *pub_key;
-    BIGNUM *X = NULL, *Y = NULL, *order = NULL;
+    BIGNUM *X = NULL, *Y = NULL, *order;
     const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk);
-    int ptype = V_ASN1_UNDEF;
+    int ptype = V_ASN1_SEQUENCE;
+    ASN1_STRING *params;
 
     algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
 
-    ASN1_STRING *params = encode_gost_algor_params(pk);
+    params = encode_gost_algor_params(pk);
     pval = params;
-    ptype = V_ASN1_SEQUENCE;
 
     order = BN_new();
     if (!order) {