From 8262960174586c76c1ae30f6ad2c85823f7ad2c8 Mon Sep 17 00:00:00 2001 From: tb Date: Thu, 28 Dec 2023 21:47:17 +0000 Subject: [PATCH] Clean up pkey_gost_mac_keygen() Make this function single exit, check and assign and finally error check EVP_PKEY_assign(). This can't actually fail currently, but if it did, things would leak. Free the key data with freezero. ok jsing CID 471704 (false positive) --- lib/libcrypto/gost/gost89imit_pmeth.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/lib/libcrypto/gost/gost89imit_pmeth.c b/lib/libcrypto/gost/gost89imit_pmeth.c index 63b7ef59eeb..3caa58ac863 100644 --- a/lib/libcrypto/gost/gost89imit_pmeth.c +++ b/lib/libcrypto/gost/gost89imit_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gost89imit_pmeth.c,v 1.5 2022/11/26 16:08:53 tb Exp $ */ +/* $OpenBSD: gost89imit_pmeth.c,v 1.6 2023/12/28 21:47:17 tb Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -107,22 +107,29 @@ static int pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); - unsigned char *keydata; + unsigned char *keydata = NULL; + int ret = 0; if (!data->key_set) { GOSTerror(GOST_R_MAC_KEY_NOT_SET); - return 0; + goto err; } - keydata = malloc(32); - if (keydata == NULL) { + if ((keydata = malloc(32)) == NULL) { GOSTerror(ERR_R_MALLOC_FAILURE); - return 0; + goto err; } memcpy(keydata, data->key, 32); - EVP_PKEY_assign(pkey, NID_id_Gost28147_89_MAC, keydata); + if (!EVP_PKEY_assign(pkey, NID_id_Gost28147_89_MAC, keydata)) + goto err; + keydata = NULL; - return 1; + ret = 1; + + err: + freezero(keydata, 32); + + return ret; } static int -- 2.20.1