From: Fabian Keil <fk@fabiankeil.de>
Date: Sat, 16 Jan 2021 08:39:45 +0000 (+0100)
Subject: OpenSSL: Save memory allocations in generate_key()
X-Git-Tag: v_3_0_30~100
X-Git-Url: http://www.privoxy.org/gitweb/%22https:/faq/@default-cgi@/diff?a=commitdiff_plain;h=2db090412d0895efe4375249db55fcf9ed059ff2;p=privoxy.git

OpenSSL: Save memory allocations in generate_key()

... if the key already exists.
---

diff --git a/openssl.c b/openssl.c
index fe4da8fd..2af11476 100644
--- a/openssl.c
+++ b/openssl.c
@@ -1472,39 +1472,41 @@ exit:
 static int generate_key(struct client_state *csp, char **key_buf)
 {
    int ret = 0;
-   char* key_file_path = NULL;
-   BIGNUM *exp = BN_new();
-   RSA *rsa = RSA_new();
-   EVP_PKEY *key = EVP_PKEY_new();
+   char* key_file_path;
+   BIGNUM *exp;
+   RSA *rsa;
+   EVP_PKEY *key;
 
-   if (exp == NULL || rsa == NULL || key == NULL)
+   key_file_path = make_certs_path(csp->config->certificate_directory,
+      (char *)csp->http->hash_of_host_hex, KEY_FILE_TYPE);
+   if (key_file_path == NULL)
    {
-      log_ssl_errors(LOG_LEVEL_ERROR, "RSA key memory allocation failure");
-      ret = -1;
-      goto exit;
+      return -1;
    }
 
-   if (BN_set_word(exp, RSA_KEY_PUBLIC_EXPONENT) != 1)
+   /*
+    * Test if key already exists. If so, we don't have to create it again.
+    */
+   if (file_exists(key_file_path) == 1)
    {
-      log_ssl_errors(LOG_LEVEL_ERROR, "Setting RSA key exponent failed");
-      ret = -1;
-      goto exit;
+      freez(key_file_path);
+      return 0;
    }
 
-   key_file_path = make_certs_path(csp->config->certificate_directory,
-      (char *)csp->http->hash_of_host_hex, KEY_FILE_TYPE);
-   if (key_file_path == NULL)
+   exp = BN_new();
+   rsa = RSA_new();
+   key = EVP_PKEY_new();
+   if (exp == NULL || rsa == NULL || key == NULL)
    {
+      log_ssl_errors(LOG_LEVEL_ERROR, "RSA key memory allocation failure");
       ret = -1;
       goto exit;
    }
 
-   /*
-    * Test if key already exists. If so, we don't have to create it again.
-    */
-   if (file_exists(key_file_path) == 1)
+   if (BN_set_word(exp, RSA_KEY_PUBLIC_EXPONENT) != 1)
    {
-      ret = 0;
+      log_ssl_errors(LOG_LEVEL_ERROR, "Setting RSA key exponent failed");
+      ret = -1;
       goto exit;
    }