From: tb Date: Sat, 12 Aug 2023 07:50:47 +0000 (+0000) Subject: Free {priv,pub}_key before assigning to it X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=52d22fd75a470a5df94fdb4fe83c70bb9580a74a;p=openbsd Free {priv,pub}_key before assigning to it While it isn't the case for the default implementations, custom DH and DSA methods could conceivably populate private and public keys, which in turn would result in leaks in the pub/priv decode methods. ok jsing --- diff --git a/lib/libcrypto/dh/dh_ameth.c b/lib/libcrypto/dh/dh_ameth.c index 88fec6bf4ac..ec9fe43d2b2 100644 --- a/lib/libcrypto/dh/dh_ameth.c +++ b/lib/libcrypto/dh/dh_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_ameth.c,v 1.37 2023/08/12 07:43:48 tb Exp $ */ +/* $OpenBSD: dh_ameth.c,v 1.38 2023/08/12 07:50:47 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -111,6 +111,7 @@ dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) DHerror(DH_R_DECODE_ERROR); goto err; } + BN_free(dh->pub_key); if ((dh->pub_key = ASN1_INTEGER_to_BN(aint, NULL)) == NULL) { DHerror(DH_R_BN_DECODE_ERROR); goto err; @@ -223,6 +224,7 @@ dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) DHerror(DH_R_DECODE_ERROR); goto err; } + BN_free(dh->priv_key); if ((dh->priv_key = ASN1_INTEGER_to_BN(aint, NULL)) == NULL) { DHerror(DH_R_BN_DECODE_ERROR); goto err; diff --git a/lib/libcrypto/dsa/dsa_ameth.c b/lib/libcrypto/dsa/dsa_ameth.c index 83fdf2129f1..d6b0546c040 100644 --- a/lib/libcrypto/dsa/dsa_ameth.c +++ b/lib/libcrypto/dsa/dsa_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_ameth.c,v 1.53 2023/08/12 07:46:14 tb Exp $ */ +/* $OpenBSD: dsa_ameth.c,v 1.54 2023/08/12 07:50:47 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -114,6 +114,7 @@ dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) DSAerror(DSA_R_DECODE_ERROR); goto err; } + BN_free(dsa->pub_key); if ((dsa->pub_key = ASN1_INTEGER_to_BN(aint, NULL)) == NULL) { DSAerror(DSA_R_BN_DECODE_ERROR); goto err; @@ -236,6 +237,7 @@ dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) DSAerror(DSA_R_DECODE_ERROR); goto err; } + BN_free(dsa->priv_key); if ((dsa->priv_key = ASN1_INTEGER_to_BN(aint, NULL)) == NULL) { DSAerror(DSA_R_BN_DECODE_ERROR); goto err; @@ -246,6 +248,7 @@ dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) goto err; /* Calculate public key */ + BN_free(dsa->pub_key); if ((dsa->pub_key = BN_new()) == NULL) { DSAerror(ERR_R_MALLOC_FAILURE); goto err;