From 40dd9be90a93082c9195fca50ebbc8620fb7244a Mon Sep 17 00:00:00 2001
From: miod <miod@openbsd.org>
Date: Sun, 13 Jul 2014 12:53:46 +0000
Subject: [PATCH] Make sure all error conditions in
 RSA_padding_add_PKCS1_PSS_mgf1() cause EVP_MD_CTX_cleanup() to be called.

---
 lib/libcrypto/rsa/rsa_pss.c         | 7 ++++---
 lib/libssl/src/crypto/rsa/rsa_pss.c | 7 ++++---
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/lib/libcrypto/rsa/rsa_pss.c b/lib/libcrypto/rsa/rsa_pss.c
index e18ca632aab..f841b2f8a31 100644
--- a/lib/libcrypto/rsa/rsa_pss.c
+++ b/lib/libcrypto/rsa/rsa_pss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pss.c,v 1.9 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: rsa_pss.c,v 1.10 2014/07/13 12:53:46 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2005.
  */
@@ -199,6 +199,8 @@ RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
 	unsigned char *H, *salt = NULL, *p;
 	EVP_MD_CTX ctx;
 
+	EVP_MD_CTX_init(&ctx);
+
 	if (mgf1Hash == NULL)
 		mgf1Hash = Hash;
 
@@ -246,7 +248,6 @@ RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
 	}
 	maskedDBLen = emLen - hLen - 1;
 	H = EM + maskedDBLen;
-	EVP_MD_CTX_init(&ctx);
 	if (!EVP_DigestInit_ex(&ctx, Hash, NULL) ||
 	    !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) ||
 	    !EVP_DigestUpdate(&ctx, mHash, hLen))
@@ -255,7 +256,6 @@ RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
 		goto err;
 	if (!EVP_DigestFinal_ex(&ctx, H, NULL))
 		goto err;
-	EVP_MD_CTX_cleanup(&ctx);
 
 	/* Generate dbMask in place then perform XOR on it */
 	if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash))
@@ -284,6 +284,7 @@ RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
 
 err:
 	free(salt);
+	EVP_MD_CTX_cleanup(&ctx);
 
 	return ret;
 }
diff --git a/lib/libssl/src/crypto/rsa/rsa_pss.c b/lib/libssl/src/crypto/rsa/rsa_pss.c
index e18ca632aab..f841b2f8a31 100644
--- a/lib/libssl/src/crypto/rsa/rsa_pss.c
+++ b/lib/libssl/src/crypto/rsa/rsa_pss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pss.c,v 1.9 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: rsa_pss.c,v 1.10 2014/07/13 12:53:46 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2005.
  */
@@ -199,6 +199,8 @@ RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
 	unsigned char *H, *salt = NULL, *p;
 	EVP_MD_CTX ctx;
 
+	EVP_MD_CTX_init(&ctx);
+
 	if (mgf1Hash == NULL)
 		mgf1Hash = Hash;
 
@@ -246,7 +248,6 @@ RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
 	}
 	maskedDBLen = emLen - hLen - 1;
 	H = EM + maskedDBLen;
-	EVP_MD_CTX_init(&ctx);
 	if (!EVP_DigestInit_ex(&ctx, Hash, NULL) ||
 	    !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) ||
 	    !EVP_DigestUpdate(&ctx, mHash, hLen))
@@ -255,7 +256,6 @@ RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
 		goto err;
 	if (!EVP_DigestFinal_ex(&ctx, H, NULL))
 		goto err;
-	EVP_MD_CTX_cleanup(&ctx);
 
 	/* Generate dbMask in place then perform XOR on it */
 	if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash))
@@ -284,6 +284,7 @@ RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
 
 err:
 	free(salt);
+	EVP_MD_CTX_cleanup(&ctx);
 
 	return ret;
 }
-- 
2.20.1