Bug Summary

File:src/usr.sbin/relayd/ca.c
Warning:line 579, column 2
3rd function call argument is an uninitialized value

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name ca.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/usr.sbin/relayd/obj -resource-dir /usr/local/lib/clang/13.0.0 -I /usr/src/usr.sbin/relayd -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/usr.sbin/relayd/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/usr.sbin/relayd/ca.c
1/* $OpenBSD: ca.c,v 1.38 2022/01/11 19:06:23 tb Exp $ */
2
3/*
4 * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <sys/types.h>
20#include <sys/queue.h>
21#include <sys/uio.h>
22
23#include <unistd.h>
24#include <string.h>
25#include <stdlib.h>
26#include <poll.h>
27#include <imsg.h>
28
29#include <openssl/bio.h>
30#include <openssl/pem.h>
31#include <openssl/evp.h>
32#include <openssl/rsa.h>
33#include <openssl/engine.h>
34
35#include "relayd.h"
36
37void ca_init(struct privsep *, struct privsep_proc *p, void *);
38void ca_launch(void);
39
40int ca_dispatch_parent(int, struct privsep_proc *, struct imsg *);
41int ca_dispatch_relay(int, struct privsep_proc *, struct imsg *);
42
43int rsae_pub_enc(int, const u_char *, u_char *, RSA *, int);
44int rsae_pub_dec(int,const u_char *, u_char *, RSA *, int);
45int rsae_priv_enc(int, const u_char *, u_char *, RSA *, int);
46int rsae_priv_dec(int, const u_char *, u_char *, RSA *, int);
47int rsae_mod_exp(BIGNUM *, const BIGNUM *, RSA *, BN_CTX *);
48int rsae_bn_mod_exp(BIGNUM *, const BIGNUM *, const BIGNUM *,
49 const BIGNUM *, BN_CTX *, BN_MONT_CTX *);
50int rsae_init(RSA *);
51int rsae_finish(RSA *);
52int rsae_sign(int, const u_char *, u_int, u_char *, u_int *,
53 const RSA *);
54int rsae_verify(int dtype, const u_char *m, u_int, const u_char *,
55 u_int, const RSA *);
56int rsae_keygen(RSA *, int, BIGNUM *, BN_GENCB *);
57
58static struct relayd *env = NULL((void*)0);
59
60static struct privsep_proc procs[] = {
61 { "parent", PROC_PARENT, ca_dispatch_parent },
62 { "relay", PROC_RELAY, ca_dispatch_relay },
63};
64
65void
66ca(struct privsep *ps, struct privsep_proc *p)
67{
68 env = ps->ps_env;
69
70 proc_run(ps, p, procs, nitems(procs)(sizeof((procs)) / sizeof((procs)[0])), ca_init, NULL((void*)0));
71}
72
73void
74ca_init(struct privsep *ps, struct privsep_proc *p, void *arg)
75{
76 if (pledge("stdio recvfd", NULL((void*)0)) == -1)
77 fatal("pledge");
78
79 if (config_init(ps->ps_env) == -1)
80 fatal("failed to initialize configuration");
81
82 env->sc_id = getpid() & 0xffff;
83}
84
85void
86hash_x509(X509 *cert, char *hash, size_t hashlen)
87{
88 static const char hex[] = "0123456789abcdef";
89 size_t off;
90 char digest[EVP_MAX_MD_SIZE64];
91 int dlen, i;
92
93 if (X509_pubkey_digest(cert, EVP_sha256(), digest, &dlen) != 1)
94 fatalx("%s: X509_pubkey_digest failed", __func__);
95
96 if (hashlen < 2 * dlen + sizeof("SHA256:"))
97 fatalx("%s: hash buffer to small", __func__);
98
99 off = strlcpy(hash, "SHA256:", hashlen);
100
101 for (i = 0; i < dlen; i++) {
102 hash[off++] = hex[(digest[i] >> 4) & 0x0f];
103 hash[off++] = hex[digest[i] & 0x0f];
104 }
105 hash[off] = 0;
106}
107
108void
109ca_launch(void)
110{
111 char hash[TLS_CERT_HASH_SIZE128];
112 char *buf;
113 BIO *in = NULL((void*)0);
114 EVP_PKEY *pkey = NULL((void*)0);
115 struct relay *rlay;
116 struct relay_cert *cert;
117 X509 *x509 = NULL((void*)0);
118 off_t len;
119
120 TAILQ_FOREACH(cert, env->sc_certs, cert_entry)for((cert) = ((env->sc_certs)->tqh_first); (cert) != ((
void*)0); (cert) = ((cert)->cert_entry.tqe_next)) {
121 if (cert->cert_fd == -1 || cert->cert_key_fd == -1)
122 continue;
123
124 if ((buf = relay_load_fd(cert->cert_fd, &len)) == NULL((void*)0))
125 fatal("ca_launch: cert relay_load_fd");
126
127 if ((in = BIO_new_mem_buf(buf, len)) == NULL((void*)0))
128 fatalx("ca_launch: cert BIO_new_mem_buf");
129
130 if ((x509 = PEM_read_bio_X509(in, NULL((void*)0),
131 NULL((void*)0), NULL((void*)0))) == NULL((void*)0))
132 fatalx("ca_launch: cert PEM_read_bio_X509");
133
134 hash_x509(x509, hash, sizeof(hash));
135
136 BIO_free(in);
137 X509_free(x509);
138 purge_key(&buf, len);
139
140 if ((buf = relay_load_fd(cert->cert_key_fd, &len)) == NULL((void*)0))
141 fatal("ca_launch: key relay_load_fd");
142
143 if ((in = BIO_new_mem_buf(buf, len)) == NULL((void*)0))
144 fatalx("%s: key", __func__);
145
146 if ((pkey = PEM_read_bio_PrivateKey(in,
147 NULL((void*)0), NULL((void*)0), NULL((void*)0))) == NULL((void*)0))
148 fatalx("%s: PEM", __func__);
149
150 cert->cert_pkey = pkey;
151
152 if (pkey_add(env, pkey, hash) == NULL((void*)0))
153 fatalx("tls pkey");
154
155 BIO_free(in);
156 purge_key(&buf, len);
157 }
158
159 TAILQ_FOREACH(rlay, env->sc_relays, rl_entry)for((rlay) = ((env->sc_relays)->tqh_first); (rlay) != (
(void*)0); (rlay) = ((rlay)->rl_entry.tqe_next)) {
160 if ((rlay->rl_conf.flags & (F_TLS0x00000800|F_TLSCLIENT0x00200000)) == 0)
161 continue;
162
163 if (rlay->rl_tls_cacert_fd != -1 &&
164 rlay->rl_conf.tls_cakey_len) {
165 if ((buf = relay_load_fd(rlay->rl_tls_cacert_fd,
166 &len)) == NULL((void*)0))
167 fatal("ca_launch: cacert relay_load_fd");
168
169 if ((in = BIO_new_mem_buf(buf, len)) == NULL((void*)0))
170 fatalx("ca_launch: cacert BIO_new_mem_buf");
171
172 if ((x509 = PEM_read_bio_X509(in, NULL((void*)0),
173 NULL((void*)0), NULL((void*)0))) == NULL((void*)0))
174 fatalx("ca_launch: cacert PEM_read_bio_X509");
175
176 hash_x509(x509, hash, sizeof(hash));
177
178 BIO_free(in);
179 X509_free(x509);
180 purge_key(&buf, len);
181
182 if ((in = BIO_new_mem_buf(rlay->rl_tls_cakey,
183 rlay->rl_conf.tls_cakey_len)) == NULL((void*)0))
184 fatalx("%s: key", __func__);
185
186 if ((pkey = PEM_read_bio_PrivateKey(in,
187 NULL((void*)0), NULL((void*)0), NULL((void*)0))) == NULL((void*)0))
188 fatalx("%s: PEM", __func__);
189 BIO_free(in);
190
191 rlay->rl_tls_capkey = pkey;
192
193 if (pkey_add(env, pkey, hash) == NULL((void*)0))
194 fatalx("ca pkey");
195
196 purge_key(&rlay->rl_tls_cakey,
197 rlay->rl_conf.tls_cakey_len);
198 }
199 close(rlay->rl_tls_ca_fd);
200 }
201}
202
203int
204ca_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg)
205{
206 switch (imsg->hdr.type) {
207 case IMSG_CFG_RELAY:
208 config_getrelay(env, imsg);
209 break;
210 case IMSG_CFG_RELAY_FD:
211 config_getrelayfd(env, imsg);
212 break;
213 case IMSG_CFG_DONE:
214 config_getcfg(env, imsg);
215 break;
216 case IMSG_CTL_START:
217 ca_launch();
218 break;
219 case IMSG_CTL_RESET:
220 config_getreset(env, imsg);
221 break;
222 default:
223 return -1;
224 }
225
226 return 0;
227}
228
229int
230ca_dispatch_relay(int fd, struct privsep_proc *p, struct imsg *imsg)
231{
232 struct ctl_keyop cko;
233 EVP_PKEY *pkey;
234 RSA *rsa;
235 u_char *from = NULL((void*)0), *to = NULL((void*)0);
236 struct iovec iov[2];
237 int c = 0;
238
239 switch (imsg->hdr.type) {
240 case IMSG_CA_PRIVENC:
241 case IMSG_CA_PRIVDEC:
242 IMSG_SIZE_CHECK(imsg, (&cko))do { if (((imsg)->hdr.len - sizeof(struct imsg_hdr)) < sizeof
(*(&cko))) fatalx("bad length imsg received"); } while (0
);
243 bcopy(imsg->data, &cko, sizeof(cko));
244 if (cko.cko_proc > env->sc_conf.prefork_relay)
245 fatalx("%s: invalid relay proc", __func__);
246 if (IMSG_DATA_SIZE(imsg)((imsg)->hdr.len - sizeof(struct imsg_hdr)) != (sizeof(cko) + cko.cko_flen))
247 fatalx("%s: invalid key operation", __func__);
248 if ((pkey = pkey_find(env, cko.cko_hash)) == NULL((void*)0))
249 fatalx("%s: invalid relay hash '%s'",
250 __func__, cko.cko_hash);
251 if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL((void*)0))
252 fatalx("%s: invalid relay key", __func__);
253
254 DPRINTF("%s:%d: key hash %s proc %d",do {} while(0)
255 __func__, __LINE__, cko.cko_hash, cko.cko_proc)do {} while(0);
256
257 from = (u_char *)imsg->data + sizeof(cko);
258 if ((to = calloc(1, cko.cko_tlen)) == NULL((void*)0))
259 fatalx("%s: calloc", __func__);
260
261 switch (imsg->hdr.type) {
262 case IMSG_CA_PRIVENC:
263 cko.cko_tlen = RSA_private_encrypt(cko.cko_flen,
264 from, to, rsa, cko.cko_padding);
265 break;
266 case IMSG_CA_PRIVDEC:
267 cko.cko_tlen = RSA_private_decrypt(cko.cko_flen,
268 from, to, rsa, cko.cko_padding);
269 break;
270 }
271
272 if (cko.cko_tlen == -1) {
273 char buf[256];
274 log_warnx("%s: %s", __func__,
275 ERR_error_string(ERR_get_error(), buf));
276 }
277
278 iov[c].iov_base = &cko;
279 iov[c++].iov_len = sizeof(cko);
280 if (cko.cko_tlen > 0) {
281 iov[c].iov_base = to;
282 iov[c++].iov_len = cko.cko_tlen;
283 }
284
285 if (proc_composev_imsg(env->sc_ps, PROC_RELAY, cko.cko_proc,
286 imsg->hdr.type, -1, -1, iov, c) == -1)
287 log_warn("%s: proc_composev_imsg", __func__);
288
289 free(to);
290 RSA_free(rsa);
291 break;
292 default:
293 return -1;
294 }
295
296 return 0;
297}
298
299/*
300 * RSA privsep engine (called from unprivileged processes)
301 */
302
303const RSA_METHOD *rsa_default = NULL((void*)0);
304static RSA_METHOD *rsae_method;
305
306static int
307rsae_send_imsg(int flen, const u_char *from, u_char *to, RSA *rsa,
308 int padding, u_int cmd)
309{
310 struct privsep *ps = env->sc_ps;
311 struct pollfd pfd[1];
312 struct ctl_keyop cko;
313 int ret = 0;
314 char *hash;
315 struct iovec iov[2];
316 struct imsgbuf *ibuf;
317 struct imsgev *iev;
318 struct imsg imsg;
319 int n, done = 0, cnt = 0;
320 u_char *toptr;
321 static u_int seq = 0;
322
323 if ((hash = RSA_get_ex_data(rsa, 0)) == NULL((void*)0))
324 return 0;
325
326 iev = proc_iev(ps, PROC_CA, ps->ps_instance);
327 ibuf = &iev->ibuf;
328
329 /*
330 * XXX this could be nicer...
331 */
332
333 (void)strlcpy(cko.cko_hash, hash, sizeof(cko.cko_hash));
334 cko.cko_proc = ps->ps_instance;
335 cko.cko_flen = flen;
336 cko.cko_tlen = RSA_size(rsa);
337 cko.cko_padding = padding;
338 cko.cko_cookie = seq++;
339
340 iov[cnt].iov_base = &cko;
341 iov[cnt++].iov_len = sizeof(cko);
342 iov[cnt].iov_base = (void *)(uintptr_t)from;
343 iov[cnt++].iov_len = flen;
344
345 /*
346 * Send a synchronous imsg because we cannot defer the RSA
347 * operation in OpenSSL's engine layer.
348 */
349 if (imsg_composev(ibuf, cmd, 0, 0, -1, iov, cnt) == -1)
350 log_warn("%s: imsg_composev", __func__);
351 if (imsg_flush(ibuf) == -1)
352 log_warn("%s: imsg_flush", __func__);
353
354 pfd[0].fd = ibuf->fd;
355 pfd[0].events = POLLIN0x0001;
356 while (!done) {
357 switch (poll(pfd, 1, RELAY_TLS_PRIV_TIMEOUT1000)) {
358 case -1:
359 fatal("%s: poll", __func__);
360 case 0:
361 log_warnx("%s: priv%s poll timeout, keyop #%x",
362 __func__,
363 cmd == IMSG_CA_PRIVENC ? "enc" : "dec",
364 cko.cko_cookie);
365 return -1;
366 default:
367 break;
368 }
369 if ((n = imsg_read(ibuf)) == -1 && errno(*__errno()) != EAGAIN35)
370 fatalx("imsg_read");
371 if (n == 0)
372 fatalx("pipe closed");
373
374 while (!done) {
375 if ((n = imsg_get(ibuf, &imsg)) == -1)
376 fatalx("imsg_get error");
377 if (n == 0)
378 break;
379
380 IMSG_SIZE_CHECK(&imsg, (&cko))do { if (((&imsg)->hdr.len - sizeof(struct imsg_hdr)) <
sizeof(*(&cko))) fatalx("bad length imsg received"); } while
(0);
381 memcpy(&cko, imsg.data, sizeof(cko));
382
383 /*
384 * Due to earlier timed out requests, there may be
385 * responses that need to be skipped.
386 */
387 if (cko.cko_cookie != seq - 1) {
388 log_warnx(
389 "%s: priv%s obsolete keyop #%x", __func__,
390 cmd == IMSG_CA_PRIVENC ? "enc" : "dec",
391 cko.cko_cookie);
392 continue;
393 }
394
395 if (imsg.hdr.type != cmd)
396 fatalx("invalid response");
397
398 ret = cko.cko_tlen;
399 if (ret > 0) {
400 if (IMSG_DATA_SIZE(&imsg)((&imsg)->hdr.len - sizeof(struct imsg_hdr)) !=
401 (sizeof(cko) + ret))
402 fatalx("data size");
403 toptr = (u_char *)imsg.data + sizeof(cko);
404 memcpy(to, toptr, ret);
405 }
406 done = 1;
407
408 imsg_free(&imsg);
409 }
410 }
411 imsg_event_add(iev);
412
413 return ret;
414}
415
416int
417rsae_pub_enc(int flen,const u_char *from, u_char *to, RSA *rsa,int padding)
418{
419 DPRINTF("%s:%d", __func__, __LINE__)do {} while(0);
420 return RSA_meth_get_pub_enc(rsa_default)(flen, from, to, rsa, padding);
421}
422
423int
424rsae_pub_dec(int flen,const u_char *from, u_char *to, RSA *rsa,int padding)
425{
426 DPRINTF("%s:%d", __func__, __LINE__)do {} while(0);
427 return RSA_meth_get_pub_dec(rsa_default)(flen, from, to, rsa, padding);
428}
429
430int
431rsae_priv_enc(int flen, const u_char *from, u_char *to, RSA *rsa, int padding)
432{
433 DPRINTF("%s:%d", __func__, __LINE__)do {} while(0);
434 return rsae_send_imsg(flen, from, to, rsa, padding, IMSG_CA_PRIVENC);
435}
436
437int
438rsae_priv_dec(int flen, const u_char *from, u_char *to, RSA *rsa, int padding)
439{
440 DPRINTF("%s:%d", __func__, __LINE__)do {} while(0);
441 return rsae_send_imsg(flen, from, to, rsa, padding, IMSG_CA_PRIVDEC);
442}
443
444int
445rsae_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
446{
447 DPRINTF("%s:%d", __func__, __LINE__)do {} while(0);
448 return RSA_meth_get_mod_exp(rsa_default)(r0, I, rsa, ctx);
449}
450
451int
452rsae_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
453 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
454{
455 DPRINTF("%s:%d", __func__, __LINE__)do {} while(0);
456 return RSA_meth_get_bn_mod_exp(rsa_default)(r, a, p, m, ctx, m_ctx);
457}
458
459int
460rsae_init(RSA *rsa)
461{
462 DPRINTF("%s:%d", __func__, __LINE__)do {} while(0);
463 if (RSA_meth_get_init(rsa_default) == NULL((void*)0))
464 return 1;
465 return RSA_meth_get_init(rsa_default)(rsa);
466}
467
468int
469rsae_finish(RSA *rsa)
470{
471 DPRINTF("%s:%d", __func__, __LINE__)do {} while(0);
472 if (RSA_meth_get_finish(rsa_default) == NULL((void*)0))
473 return 1;
474 return RSA_meth_get_finish(rsa_default)(rsa);
475}
476
477int
478rsae_sign(int type, const u_char *m, u_int m_length, u_char *sigret,
479 u_int *siglen, const RSA *rsa)
480{
481 DPRINTF("%s:%d", __func__, __LINE__)do {} while(0);
482 return RSA_meth_get_sign(rsa_default)(type, m, m_length,
483 sigret, siglen, rsa);
484}
485
486int
487rsae_verify(int dtype, const u_char *m, u_int m_length, const u_char *sigbuf,
488 u_int siglen, const RSA *rsa)
489{
490 DPRINTF("%s:%d", __func__, __LINE__)do {} while(0);
491 return RSA_meth_get_verify(rsa_default)(dtype, m, m_length,
492 sigbuf, siglen, rsa);
493}
494
495int
496rsae_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
497{
498 DPRINTF("%s:%d", __func__, __LINE__)do {} while(0);
499 return RSA_meth_get_keygen(rsa_default)(rsa, bits, e, cb);
500}
501
502void
503ca_engine_init(struct relayd *x_env)
504{
505 ENGINE *e = NULL((void*)0);
506 const char *errstr, *name;
1
'errstr' declared without an initial value
507
508 if (env == NULL((void*)0))
2
Assuming 'env' is not equal to NULL
3
Taking false branch
509 env = x_env;
510
511 if (rsa_default != NULL((void*)0))
4
Assuming 'rsa_default' is equal to NULL
5
Taking false branch
512 return;
513
514 if ((rsae_method = RSA_meth_new("RSA privsep engine", 0)) == NULL((void*)0))
6
Assuming the condition is true
7
Taking true branch
515 goto fail;
8
Control jumps to line 578
516
517 RSA_meth_set_pub_enc(rsae_method, rsae_pub_enc);
518 RSA_meth_set_pub_dec(rsae_method, rsae_pub_dec);
519 RSA_meth_set_priv_enc(rsae_method, rsae_priv_enc);
520 RSA_meth_set_priv_dec(rsae_method, rsae_priv_dec);
521 RSA_meth_set_mod_exp(rsae_method, rsae_mod_exp);
522 RSA_meth_set_bn_mod_exp(rsae_method, rsae_bn_mod_exp);
523 RSA_meth_set_init(rsae_method, rsae_init);
524 RSA_meth_set_finish(rsae_method, rsae_finish);
525 RSA_meth_set_sign(rsae_method, rsae_sign);
526 RSA_meth_set_verify(rsae_method, rsae_verify);
527 RSA_meth_set_keygen(rsae_method, rsae_keygen);
528
529 if ((e = ENGINE_get_default_RSA()) == NULL((void*)0)) {
530 if ((e = ENGINE_new()) == NULL((void*)0)) {
531 errstr = "ENGINE_new";
532 goto fail;
533 }
534 if (!ENGINE_set_name(e, RSA_meth_get0_name(rsae_method))) {
535 errstr = "ENGINE_set_name";
536 goto fail;
537 }
538 if ((rsa_default = RSA_get_default_method()) == NULL((void*)0)) {
539 errstr = "RSA_get_default_method";
540 goto fail;
541 }
542 } else if ((rsa_default = ENGINE_get_RSA(e)) == NULL((void*)0)) {
543 errstr = "ENGINE_get_RSA";
544 goto fail;
545 }
546
547 if ((name = ENGINE_get_name(e)) == NULL((void*)0))
548 name = "unknown RSA engine";
549
550 log_debug("%s: using %s", __func__, name);
551
552 if (RSA_meth_get_flags(rsa_default) & RSA_FLAG_SIGN_VER0x0040)
553 fatalx("unsupported RSA engine");
554
555 if (RSA_meth_get_mod_exp(rsa_default) == NULL((void*)0))
556 RSA_meth_set_mod_exp(rsae_method, NULL((void*)0));
557 if (RSA_meth_get_bn_mod_exp(rsa_default) == NULL((void*)0))
558 RSA_meth_set_bn_mod_exp(rsae_method, NULL((void*)0));
559 if (RSA_meth_get_keygen(rsa_default) == NULL((void*)0))
560 RSA_meth_set_keygen(rsae_method, NULL((void*)0));
561 RSA_meth_set_flags(rsae_method,
562 RSA_meth_get_flags(rsa_default) | RSA_METHOD_FLAG_NO_CHECK0x0001);
563 RSA_meth_set0_app_data(rsae_method,
564 RSA_meth_get0_app_data(rsa_default));
565
566 if (!ENGINE_set_RSA(e, rsae_method)) {
567 errstr = "ENGINE_set_RSA";
568 goto fail;
569 }
570 if (!ENGINE_set_default_RSA(e)) {
571 errstr = "ENGINE_set_default_RSA";
572 goto fail;
573 }
574
575 return;
576
577 fail:
578 RSA_meth_free(rsae_method);
579 fatalx("%s: %s", __func__, errstr);
9
3rd function call argument is an uninitialized value
580}