From d5eebd0bd527e182d99d439c6b21696b548e51bb Mon Sep 17 00:00:00 2001 From: jsg Date: Fri, 15 May 2015 11:00:14 +0000 Subject: [PATCH] Fix return paths with missing EVP_CIPHER_CTX_cleanup() calls. ok doug@ --- lib/libcrypto/cms/cms_pwri.c | 8 ++++---- lib/libcrypto/pem/pvkfmt.c | 12 +++++------- lib/libcrypto/pkcs12/p12_decr.c | 5 +++-- lib/libssl/d1_srvr.c | 3 ++- lib/libssl/s3_srvr.c | 3 ++- lib/libssl/src/crypto/cms/cms_pwri.c | 8 ++++---- lib/libssl/src/crypto/pem/pvkfmt.c | 12 +++++------- lib/libssl/src/crypto/pkcs12/p12_decr.c | 5 +++-- lib/libssl/src/ssl/d1_srvr.c | 3 ++- lib/libssl/src/ssl/s3_srvr.c | 3 ++- 10 files changed, 32 insertions(+), 30 deletions(-) diff --git a/lib/libcrypto/cms/cms_pwri.c b/lib/libcrypto/cms/cms_pwri.c index 89f79259388..11509e3c113 100644 --- a/lib/libcrypto/cms/cms_pwri.c +++ b/lib/libcrypto/cms/cms_pwri.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_pwri.c,v 1.8 2014/10/22 13:02:04 jsing Exp $ */ +/* $OpenBSD: cms_pwri.c,v 1.9 2015/05/15 11:00:14 jsg Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -332,14 +332,14 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, if (!pwri->pass) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD); - return 0; + goto err; } algtmp = pwri->keyEncryptionAlgorithm; if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM); - return 0; + goto err; } if (algtmp->parameter->type == V_ASN1_SEQUENCE) { @@ -350,7 +350,7 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, if (kekalg == NULL) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER); - return 0; + goto err; } kekcipher = EVP_get_cipherbyobj(kekalg->algorithm); diff --git a/lib/libcrypto/pem/pvkfmt.c b/lib/libcrypto/pem/pvkfmt.c index 2009c9db801..025381bcc0d 100644 --- a/lib/libcrypto/pem/pvkfmt.c +++ b/lib/libcrypto/pem/pvkfmt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pvkfmt.c,v 1.12 2014/10/22 13:02:04 jsing Exp $ */ +/* $OpenBSD: pvkfmt.c,v 1.13 2015/05/15 11:00:14 jsg Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2005. */ @@ -731,17 +731,16 @@ do_PVK_body(const unsigned char **in, unsigned int saltlen, inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); if (inlen <= 0) { PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ); - return NULL; + goto err; } enctmp = malloc(keylen + 8); if (!enctmp) { PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } if (!derive_pvk_key(keybuf, p, saltlen, (unsigned char *)psbuf, inlen)) { - free(enctmp); - return NULL; + goto err; } p += saltlen; /* Copy BLOBHEADER across, decrypt rest */ @@ -749,8 +748,7 @@ do_PVK_body(const unsigned char **in, unsigned int saltlen, p += 8; if (keylen < 8) { PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT); - free(enctmp); - return NULL; + goto err; } inlen = keylen - 8; q = enctmp + 8; diff --git a/lib/libcrypto/pkcs12/p12_decr.c b/lib/libcrypto/pkcs12/p12_decr.c index 13be237b4c3..4cccf43d3f8 100644 --- a/lib/libcrypto/pkcs12/p12_decr.c +++ b/lib/libcrypto/pkcs12/p12_decr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_decr.c,v 1.14 2015/02/14 12:43:07 miod Exp $ */ +/* $OpenBSD: p12_decr.c,v 1.15 2015/05/15 11:00:14 jsg Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -77,9 +77,10 @@ PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, int passlen, /* Decrypt data */ if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen, algor->parameter, &ctx, en_de)) { + out = NULL; PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR); - return NULL; + goto err; } if (!(out = malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) { diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c index 1d3779f5671..27f350fcb67 100644 --- a/lib/libssl/d1_srvr.c +++ b/lib/libssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.50 2015/03/27 12:29:54 jsing Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.51 2015/05/15 11:00:14 jsg Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -1288,6 +1288,7 @@ dtls1_send_newsession_ticket(SSL *s) if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, &hctx, 1) < 0) { free(senc); + EVP_CIPHER_CTX_cleanup(&ctx); return -1; } } else { diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index 5248cc864c2..921d7797809 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.102 2015/04/15 16:25:43 jsing Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.103 2015/05/15 11:00:14 jsg Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2689,6 +2689,7 @@ ssl3_send_newsession_ticket(SSL *s) if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, &hctx, 1) < 0) { free(senc); + EVP_CIPHER_CTX_cleanup(&ctx); return (-1); } } else { diff --git a/lib/libssl/src/crypto/cms/cms_pwri.c b/lib/libssl/src/crypto/cms/cms_pwri.c index 89f79259388..11509e3c113 100644 --- a/lib/libssl/src/crypto/cms/cms_pwri.c +++ b/lib/libssl/src/crypto/cms/cms_pwri.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_pwri.c,v 1.8 2014/10/22 13:02:04 jsing Exp $ */ +/* $OpenBSD: cms_pwri.c,v 1.9 2015/05/15 11:00:14 jsg Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -332,14 +332,14 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, if (!pwri->pass) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD); - return 0; + goto err; } algtmp = pwri->keyEncryptionAlgorithm; if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM); - return 0; + goto err; } if (algtmp->parameter->type == V_ASN1_SEQUENCE) { @@ -350,7 +350,7 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, if (kekalg == NULL) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER); - return 0; + goto err; } kekcipher = EVP_get_cipherbyobj(kekalg->algorithm); diff --git a/lib/libssl/src/crypto/pem/pvkfmt.c b/lib/libssl/src/crypto/pem/pvkfmt.c index 2009c9db801..025381bcc0d 100644 --- a/lib/libssl/src/crypto/pem/pvkfmt.c +++ b/lib/libssl/src/crypto/pem/pvkfmt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pvkfmt.c,v 1.12 2014/10/22 13:02:04 jsing Exp $ */ +/* $OpenBSD: pvkfmt.c,v 1.13 2015/05/15 11:00:14 jsg Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2005. */ @@ -731,17 +731,16 @@ do_PVK_body(const unsigned char **in, unsigned int saltlen, inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); if (inlen <= 0) { PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ); - return NULL; + goto err; } enctmp = malloc(keylen + 8); if (!enctmp) { PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } if (!derive_pvk_key(keybuf, p, saltlen, (unsigned char *)psbuf, inlen)) { - free(enctmp); - return NULL; + goto err; } p += saltlen; /* Copy BLOBHEADER across, decrypt rest */ @@ -749,8 +748,7 @@ do_PVK_body(const unsigned char **in, unsigned int saltlen, p += 8; if (keylen < 8) { PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT); - free(enctmp); - return NULL; + goto err; } inlen = keylen - 8; q = enctmp + 8; diff --git a/lib/libssl/src/crypto/pkcs12/p12_decr.c b/lib/libssl/src/crypto/pkcs12/p12_decr.c index 13be237b4c3..4cccf43d3f8 100644 --- a/lib/libssl/src/crypto/pkcs12/p12_decr.c +++ b/lib/libssl/src/crypto/pkcs12/p12_decr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_decr.c,v 1.14 2015/02/14 12:43:07 miod Exp $ */ +/* $OpenBSD: p12_decr.c,v 1.15 2015/05/15 11:00:14 jsg Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -77,9 +77,10 @@ PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, int passlen, /* Decrypt data */ if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen, algor->parameter, &ctx, en_de)) { + out = NULL; PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR); - return NULL; + goto err; } if (!(out = malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) { diff --git a/lib/libssl/src/ssl/d1_srvr.c b/lib/libssl/src/ssl/d1_srvr.c index 1d3779f5671..27f350fcb67 100644 --- a/lib/libssl/src/ssl/d1_srvr.c +++ b/lib/libssl/src/ssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.50 2015/03/27 12:29:54 jsing Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.51 2015/05/15 11:00:14 jsg Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -1288,6 +1288,7 @@ dtls1_send_newsession_ticket(SSL *s) if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, &hctx, 1) < 0) { free(senc); + EVP_CIPHER_CTX_cleanup(&ctx); return -1; } } else { diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c index 5248cc864c2..921d7797809 100644 --- a/lib/libssl/src/ssl/s3_srvr.c +++ b/lib/libssl/src/ssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.102 2015/04/15 16:25:43 jsing Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.103 2015/05/15 11:00:14 jsg Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2689,6 +2689,7 @@ ssl3_send_newsession_ticket(SSL *s) if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, &hctx, 1) < 0) { free(senc); + EVP_CIPHER_CTX_cleanup(&ctx); return (-1); } } else { -- 2.20.1