From 4dea933132664879a9885cff1a6ee7da680d0370 Mon Sep 17 00:00:00 2001 From: miod Date: Sun, 13 Jul 2014 12:46:44 +0000 Subject: [PATCH] Possible PBEPARAM leak in the error path. --- lib/libcrypto/evp/p5_crpt.c | 14 ++++++++------ lib/libssl/src/crypto/evp/p5_crpt.c | 14 ++++++++------ 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/lib/libcrypto/evp/p5_crpt.c b/lib/libcrypto/evp/p5_crpt.c index ec8d816f32d..3b1419b5452 100644 --- a/lib/libcrypto/evp/p5_crpt.c +++ b/lib/libcrypto/evp/p5_crpt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p5_crpt.c,v 1.13 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: p5_crpt.c,v 1.14 2014/07/13 12:46:44 miod Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -86,7 +86,6 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, const unsigned char *pbuf; int mdsize; int rv = 0; - EVP_MD_CTX_init(&ctx); /* Extract useful info from parameter */ if (param == NULL || param->type != V_ASN1_SEQUENCE || @@ -95,6 +94,10 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, return 0; } + mdsize = EVP_MD_size(md); + if (mdsize < 0) + return 0; + pbuf = param->value.sequence->data; if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); @@ -113,18 +116,16 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, else if (passlen == -1) passlen = strlen(pass); + EVP_MD_CTX_init(&ctx); + if (!EVP_DigestInit_ex(&ctx, md, NULL)) goto err; if (!EVP_DigestUpdate(&ctx, pass, passlen)) goto err; if (!EVP_DigestUpdate(&ctx, salt, saltlen)) goto err; - PBEPARAM_free(pbe); if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL)) goto err; - mdsize = EVP_MD_size(md); - if (mdsize < 0) - return 0; for (i = 1; i < iter; i++) { if (!EVP_DigestInit_ex(&ctx, md, NULL)) goto err; @@ -146,5 +147,6 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, rv = 1; err: EVP_MD_CTX_cleanup(&ctx); + PBEPARAM_free(pbe); return rv; } diff --git a/lib/libssl/src/crypto/evp/p5_crpt.c b/lib/libssl/src/crypto/evp/p5_crpt.c index ec8d816f32d..3b1419b5452 100644 --- a/lib/libssl/src/crypto/evp/p5_crpt.c +++ b/lib/libssl/src/crypto/evp/p5_crpt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p5_crpt.c,v 1.13 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: p5_crpt.c,v 1.14 2014/07/13 12:46:44 miod Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -86,7 +86,6 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, const unsigned char *pbuf; int mdsize; int rv = 0; - EVP_MD_CTX_init(&ctx); /* Extract useful info from parameter */ if (param == NULL || param->type != V_ASN1_SEQUENCE || @@ -95,6 +94,10 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, return 0; } + mdsize = EVP_MD_size(md); + if (mdsize < 0) + return 0; + pbuf = param->value.sequence->data; if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); @@ -113,18 +116,16 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, else if (passlen == -1) passlen = strlen(pass); + EVP_MD_CTX_init(&ctx); + if (!EVP_DigestInit_ex(&ctx, md, NULL)) goto err; if (!EVP_DigestUpdate(&ctx, pass, passlen)) goto err; if (!EVP_DigestUpdate(&ctx, salt, saltlen)) goto err; - PBEPARAM_free(pbe); if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL)) goto err; - mdsize = EVP_MD_size(md); - if (mdsize < 0) - return 0; for (i = 1; i < iter; i++) { if (!EVP_DigestInit_ex(&ctx, md, NULL)) goto err; @@ -146,5 +147,6 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, rv = 1; err: EVP_MD_CTX_cleanup(&ctx); + PBEPARAM_free(pbe); return rv; } -- 2.20.1