Fix leaks in priv_encode_gost()

diff --git a/gost_ameth.c b/gost_ameth.c
index b73f9189dd0ce2bbfab343f41b0e8198058c2270..22631c0fc51babdb753dd95ae030be1e0857e2fc 100644 (file)
--- a/gost_ameth.c
+++ b/gost_ameth.c
@@ -424,16 +424,12 @@ static int priv_decode_gost(EVP_PKEY *pk,
 static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)
 {
     ASN1_OBJECT *algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
-    ASN1_STRING *params = encode_gost_algor_params(pk);
+    ASN1_STRING *params = NULL;
     unsigned char *buf = NULL;
     int key_len = pkey_bits_gost(pk), i = 0;
     /* unmasked private key */
     const char *pk_format = get_gost_engine_param(GOST_PARAM_PK_FORMAT);
 
-    if (!params) {
-        return 0;
-    }
-
     key_len = (key_len < 0) ? 0 : key_len / 8;
     if (key_len == 0 || !(buf = OPENSSL_malloc(key_len))) {
         return 0;
@@ -444,6 +440,12 @@ static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)
         return 0;
     }
 
+    params = encode_gost_algor_params(pk);
+    if (!params) {
+        OPENSSL_free(buf);
+        return 0;
+    }
+
     /* Convert buf to Little-endian */
     for (i = 0; i < key_len / 2; i++) {
         unsigned char tmp = buf[i];
@@ -455,9 +457,13 @@ static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)
         ASN1_STRING *octet = NULL;
         int priv_len = 0;
         unsigned char *priv_buf = NULL;
-
-        octet = ASN1_STRING_new();
-        ASN1_OCTET_STRING_set(octet, buf, key_len);
+        octet = ASN1_STRING_new();        
+        if (!octet || !ASN1_OCTET_STRING_set(octet, buf, key_len)) {
+            ASN1_STRING_free(octet);
+            ASN1_STRING_free(params);
+            OPENSSL_free(buf);
+            return 0;
+        }
         priv_len = i2d_ASN1_OCTET_STRING(octet, &priv_buf);
         ASN1_STRING_free(octet);
         OPENSSL_free(buf);