summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsg <>2015-05-15 11:00:14 +0000
committerjsg <>2015-05-15 11:00:14 +0000
commit5e21cdbca851c965cd196f1d77d376bda7ff1e4f (patch)
treef00dd64612742b35f7b46f91be93e5056960a0c1
parentdfd58b2d262bb801a9048813d922b51c08607ba1 (diff)
downloadopenbsd-5e21cdbca851c965cd196f1d77d376bda7ff1e4f.tar.gz
openbsd-5e21cdbca851c965cd196f1d77d376bda7ff1e4f.tar.bz2
openbsd-5e21cdbca851c965cd196f1d77d376bda7ff1e4f.zip
Fix return paths with missing EVP_CIPHER_CTX_cleanup() calls.
ok doug@
Diffstat
-rw-r--r--src/lib/libcrypto/cms/cms_pwri.c8
-rw-r--r--src/lib/libcrypto/pem/pvkfmt.c12
-rw-r--r--src/lib/libcrypto/pkcs12/p12_decr.c5
-rw-r--r--src/lib/libssl/d1_srvr.c3
-rw-r--r--src/lib/libssl/s3_srvr.c3
-rw-r--r--src/lib/libssl/src/crypto/cms/cms_pwri.c8
-rw-r--r--src/lib/libssl/src/crypto/pem/pvkfmt.c12
-rw-r--r--src/lib/libssl/src/crypto/pkcs12/p12_decr.c5
-rw-r--r--src/lib/libssl/src/ssl/d1_srvr.c3
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c3
10 files changed, 32 insertions, 30 deletions
diff --git a/src/lib/libcrypto/cms/cms_pwri.c b/src/lib/libcrypto/cms/cms_pwri.c
index 89f7925938..11509e3c11 100644
--- a/src/lib/libcrypto/cms/cms_pwri.c
+++ b/src/lib/libcrypto/cms/cms_pwri.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms_pwri.c,v 1.8 2014/10/22 13:02:04 jsing Exp $ */ 1/* $OpenBSD: cms_pwri.c,v 1.9 2015/05/15 11:00:14 jsg Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -332,14 +332,14 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
332 332
333 if (!pwri->pass) { 333 if (!pwri->pass) {
334 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD); 334 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD);
335 return 0; 335 goto err;
336 } 336 }
337 algtmp = pwri->keyEncryptionAlgorithm; 337 algtmp = pwri->keyEncryptionAlgorithm;
338 338
339 if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) { 339 if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) {
340 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 340 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
341 CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM); 341 CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
342 return 0; 342 goto err;
343 } 343 }
344 344
345 if (algtmp->parameter->type == V_ASN1_SEQUENCE) { 345 if (algtmp->parameter->type == V_ASN1_SEQUENCE) {
@@ -350,7 +350,7 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
350 if (kekalg == NULL) { 350 if (kekalg == NULL) {
351 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 351 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
352 CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER); 352 CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER);
353 return 0; 353 goto err;
354 } 354 }
355 355
356 kekcipher = EVP_get_cipherbyobj(kekalg->algorithm); 356 kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
diff --git a/src/lib/libcrypto/pem/pvkfmt.c b/src/lib/libcrypto/pem/pvkfmt.c
index 2009c9db80..025381bcc0 100644
--- a/src/lib/libcrypto/pem/pvkfmt.c
+++ b/src/lib/libcrypto/pem/pvkfmt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pvkfmt.c,v 1.12 2014/10/22 13:02:04 jsing Exp $ */ 1/* $OpenBSD: pvkfmt.c,v 1.13 2015/05/15 11:00:14 jsg Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2005. 3 * project 2005.
4 */ 4 */
@@ -731,17 +731,16 @@ do_PVK_body(const unsigned char **in, unsigned int saltlen,
731 inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); 731 inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
732 if (inlen <= 0) { 732 if (inlen <= 0) {
733 PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ); 733 PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);
734 return NULL; 734 goto err;
735 } 735 }
736 enctmp = malloc(keylen + 8); 736 enctmp = malloc(keylen + 8);
737 if (!enctmp) { 737 if (!enctmp) {
738 PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE); 738 PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE);
739 return NULL; 739 goto err;
740 } 740 }
741 if (!derive_pvk_key(keybuf, p, saltlen, (unsigned char *)psbuf, 741 if (!derive_pvk_key(keybuf, p, saltlen, (unsigned char *)psbuf,
742 inlen)) { 742 inlen)) {
743 free(enctmp); 743 goto err;
744 return NULL;
745 } 744 }
746 p += saltlen; 745 p += saltlen;
747 /* Copy BLOBHEADER across, decrypt rest */ 746 /* Copy BLOBHEADER across, decrypt rest */
@@ -749,8 +748,7 @@ do_PVK_body(const unsigned char **in, unsigned int saltlen,
749 p += 8; 748 p += 8;
750 if (keylen < 8) { 749 if (keylen < 8) {
751 PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT); 750 PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT);
752 free(enctmp); 751 goto err;
753 return NULL;
754 } 752 }
755 inlen = keylen - 8; 753 inlen = keylen - 8;
756 q = enctmp + 8; 754 q = enctmp + 8;
diff --git a/src/lib/libcrypto/pkcs12/p12_decr.c b/src/lib/libcrypto/pkcs12/p12_decr.c
index 13be237b4c..4cccf43d3f 100644
--- a/src/lib/libcrypto/pkcs12/p12_decr.c
+++ b/src/lib/libcrypto/pkcs12/p12_decr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_decr.c,v 1.14 2015/02/14 12:43:07 miod Exp $ */ 1/* $OpenBSD: p12_decr.c,v 1.15 2015/05/15 11:00:14 jsg Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -77,9 +77,10 @@ PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, int passlen,
77 /* Decrypt data */ 77 /* Decrypt data */
78 if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen, 78 if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
79 algor->parameter, &ctx, en_de)) { 79 algor->parameter, &ctx, en_de)) {
80 out = NULL;
80 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, 81 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
81 PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR); 82 PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
82 return NULL; 83 goto err;
83 } 84 }
84 85
85 if (!(out = malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) { 86 if (!(out = malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 1d3779f567..27f350fcb6 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srvr.c,v 1.50 2015/03/27 12:29:54 jsing Exp $ */ 1/* $OpenBSD: d1_srvr.c,v 1.51 2015/05/15 11:00:14 jsg Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -1288,6 +1288,7 @@ dtls1_send_newsession_ticket(SSL *s)
1288 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, 1288 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
1289 &hctx, 1) < 0) { 1289 &hctx, 1) < 0) {
1290 free(senc); 1290 free(senc);
1291 EVP_CIPHER_CTX_cleanup(&ctx);
1291 return -1; 1292 return -1;
1292 } 1293 }
1293 } else { 1294 } else {
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 5248cc864c..921d779780 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.102 2015/04/15 16:25:43 jsing Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.103 2015/05/15 11:00:14 jsg Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2689,6 +2689,7 @@ ssl3_send_newsession_ticket(SSL *s)
2689 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, 2689 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
2690 &hctx, 1) < 0) { 2690 &hctx, 1) < 0) {
2691 free(senc); 2691 free(senc);
2692 EVP_CIPHER_CTX_cleanup(&ctx);
2692 return (-1); 2693 return (-1);
2693 } 2694 }
2694 } else { 2695 } else {
diff --git a/src/lib/libssl/src/crypto/cms/cms_pwri.c b/src/lib/libssl/src/crypto/cms/cms_pwri.c
index 89f7925938..11509e3c11 100644
--- a/src/lib/libssl/src/crypto/cms/cms_pwri.c
+++ b/src/lib/libssl/src/crypto/cms/cms_pwri.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms_pwri.c,v 1.8 2014/10/22 13:02:04 jsing Exp $ */ 1/* $OpenBSD: cms_pwri.c,v 1.9 2015/05/15 11:00:14 jsg Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -332,14 +332,14 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
332 332
333 if (!pwri->pass) { 333 if (!pwri->pass) {
334 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD); 334 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD);
335 return 0; 335 goto err;
336 } 336 }
337 algtmp = pwri->keyEncryptionAlgorithm; 337 algtmp = pwri->keyEncryptionAlgorithm;
338 338
339 if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) { 339 if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) {
340 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 340 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
341 CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM); 341 CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
342 return 0; 342 goto err;
343 } 343 }
344 344
345 if (algtmp->parameter->type == V_ASN1_SEQUENCE) { 345 if (algtmp->parameter->type == V_ASN1_SEQUENCE) {
@@ -350,7 +350,7 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
350 if (kekalg == NULL) { 350 if (kekalg == NULL) {
351 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 351 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
352 CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER); 352 CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER);
353 return 0; 353 goto err;
354 } 354 }
355 355
356 kekcipher = EVP_get_cipherbyobj(kekalg->algorithm); 356 kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
diff --git a/src/lib/libssl/src/crypto/pem/pvkfmt.c b/src/lib/libssl/src/crypto/pem/pvkfmt.c
index 2009c9db80..025381bcc0 100644
--- a/src/lib/libssl/src/crypto/pem/pvkfmt.c
+++ b/src/lib/libssl/src/crypto/pem/pvkfmt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pvkfmt.c,v 1.12 2014/10/22 13:02:04 jsing Exp $ */ 1/* $OpenBSD: pvkfmt.c,v 1.13 2015/05/15 11:00:14 jsg Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2005. 3 * project 2005.
4 */ 4 */
@@ -731,17 +731,16 @@ do_PVK_body(const unsigned char **in, unsigned int saltlen,
731 inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); 731 inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
732 if (inlen <= 0) { 732 if (inlen <= 0) {
733 PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ); 733 PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);
734 return NULL; 734 goto err;
735 } 735 }
736 enctmp = malloc(keylen + 8); 736 enctmp = malloc(keylen + 8);
737 if (!enctmp) { 737 if (!enctmp) {
738 PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE); 738 PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE);
739 return NULL; 739 goto err;
740 } 740 }
741 if (!derive_pvk_key(keybuf, p, saltlen, (unsigned char *)psbuf, 741 if (!derive_pvk_key(keybuf, p, saltlen, (unsigned char *)psbuf,
742 inlen)) { 742 inlen)) {
743 free(enctmp); 743 goto err;
744 return NULL;
745 } 744 }
746 p += saltlen; 745 p += saltlen;
747 /* Copy BLOBHEADER across, decrypt rest */ 746 /* Copy BLOBHEADER across, decrypt rest */
@@ -749,8 +748,7 @@ do_PVK_body(const unsigned char **in, unsigned int saltlen,
749 p += 8; 748 p += 8;
750 if (keylen < 8) { 749 if (keylen < 8) {
751 PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT); 750 PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT);
752 free(enctmp); 751 goto err;
753 return NULL;
754 } 752 }
755 inlen = keylen - 8; 753 inlen = keylen - 8;
756 q = enctmp + 8; 754 q = enctmp + 8;
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_decr.c b/src/lib/libssl/src/crypto/pkcs12/p12_decr.c
index 13be237b4c..4cccf43d3f 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_decr.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_decr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_decr.c,v 1.14 2015/02/14 12:43:07 miod Exp $ */ 1/* $OpenBSD: p12_decr.c,v 1.15 2015/05/15 11:00:14 jsg Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -77,9 +77,10 @@ PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, int passlen,
77 /* Decrypt data */ 77 /* Decrypt data */
78 if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen, 78 if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
79 algor->parameter, &ctx, en_de)) { 79 algor->parameter, &ctx, en_de)) {
80 out = NULL;
80 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, 81 PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
81 PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR); 82 PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
82 return NULL; 83 goto err;
83 } 84 }
84 85
85 if (!(out = malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) { 86 if (!(out = malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c
index 1d3779f567..27f350fcb6 100644
--- a/src/lib/libssl/src/ssl/d1_srvr.c
+++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srvr.c,v 1.50 2015/03/27 12:29:54 jsing Exp $ */ 1/* $OpenBSD: d1_srvr.c,v 1.51 2015/05/15 11:00:14 jsg Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -1288,6 +1288,7 @@ dtls1_send_newsession_ticket(SSL *s)
1288 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, 1288 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
1289 &hctx, 1) < 0) { 1289 &hctx, 1) < 0) {
1290 free(senc); 1290 free(senc);
1291 EVP_CIPHER_CTX_cleanup(&ctx);
1291 return -1; 1292 return -1;
1292 } 1293 }
1293 } else { 1294 } else {
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 5248cc864c..921d779780 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.102 2015/04/15 16:25:43 jsing Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.103 2015/05/15 11:00:14 jsg Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2689,6 +2689,7 @@ ssl3_send_newsession_ticket(SSL *s)
2689 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, 2689 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
2690 &hctx, 1) < 0) { 2690 &hctx, 1) < 0) {
2691 free(senc); 2691 free(senc);
2692 EVP_CIPHER_CTX_cleanup(&ctx);
2692 return (-1); 2693 return (-1);
2693 } 2694 }
2694 } else { 2695 } else {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 19:40:53 +0000