cms_RecipientInfo_pwri_crypt: plug leak of kekalg

ok jsing
author: tb <> 2025-09-30 12:46:55 +0000
committer: tb <> 2025-09-30 12:46:55 +0000
commit: 9c492217dca486db9aacff39780c63445db043a4 (patch)
tree: 785c7c1c75a53e089da6f53948c9b204c47802d6
parent: 46c56e258ad51543fa1d174ca9568ef545233a34 (diff)
download: openbsd-9c492217dca486db9aacff39780c63445db043a4.tar.gz
openbsd-9c492217dca486db9aacff39780c63445db043a4.tar.bz2
openbsd-9c492217dca486db9aacff39780c63445db043a4.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libcrypto/cms/cms_pwri.c b/src/lib/libcrypto/cms/cms_pwri.c
index 1f64fc71f7..298c67a5f4 100644
--- a/src/lib/libcrypto/cms/cms_pwri.c
+++ b/src/lib/libcrypto/cms/cms_pwri.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_pwri.c,v 1.32 2025/05/10 05:54:38 tb Exp $ */
+/* $OpenBSD: cms_pwri.c,v 1.33 2025/09/30 12:46:55 tb Exp $ */
 /*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
@@ -368,13 +368,13 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
        kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
        if (!kekcipher) {
                CMSerror(CMS_R_UNKNOWN_CIPHER);
-                return 0;
+                goto err;
        }
        kekctx = EVP_CIPHER_CTX_new();
        if (kekctx == NULL) {
                CMSerror(ERR_R_MALLOC_FAILURE);
-                return 0;
+                goto err;
        }
        /* Fixup cipher based on AlgorithmIdentifier to set IV etc */
        if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de))
author	tb <>	2025-09-30 12:46:55 +0000
committer	tb <>	2025-09-30 12:46:55 +0000
commit	9c492217dca486db9aacff39780c63445db043a4 (patch)
tree	785c7c1c75a53e089da6f53948c9b204c47802d6
parent	46c56e258ad51543fa1d174ca9568ef545233a34 (diff)
download	openbsd-9c492217dca486db9aacff39780c63445db043a4.tar.gz openbsd-9c492217dca486db9aacff39780c63445db043a4.tar.bz2 openbsd-9c492217dca486db9aacff39780c63445db043a4.zip

diff --git a/src/lib/libcrypto/cms/cms_pwri.c b/src/lib/libcrypto/cms/cms_pwri.c index 1f64fc71f7..298c67a5f4 100644 --- a/src/lib/libcrypto/cms/cms_pwri.c +++ b/src/lib/libcrypto/cms/cms_pwri.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: cms_pwri.c,v 1.32 2025/05/10 05:54:38 tb Exp $ */	1	/* $OpenBSD: cms_pwri.c,v 1.33 2025/09/30 12:46:55 tb Exp $ */
2	/*	2	/*
3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4	* project.	4	* project.
@@ -368,13 +368,13 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo cms, CMS_RecipientInfo ri,
368	kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);	368	kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
369	if (!kekcipher) {	369	if (!kekcipher) {
370	CMSerror(CMS_R_UNKNOWN_CIPHER);	370	CMSerror(CMS_R_UNKNOWN_CIPHER);
371	return 0;	371	goto err;
372	}	372	}
373		373
374	kekctx = EVP_CIPHER_CTX_new();	374	kekctx = EVP_CIPHER_CTX_new();
375	if (kekctx == NULL) {	375	if (kekctx == NULL) {
376	CMSerror(ERR_R_MALLOC_FAILURE);	376	CMSerror(ERR_R_MALLOC_FAILURE);
377	return 0;	377	goto err;
378	}	378	}
379	/* Fixup cipher based on AlgorithmIdentifier to set IV etc */	379	/* Fixup cipher based on AlgorithmIdentifier to set IV etc */
380	if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de))	380	if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de))