Free {priv,pub}_key before assigning to it

While it isn't the case for the default implementations, custom DH and DSA methods could conceivably populate private and public keys, which in turn would result in leaks in the pub/priv decode methods. ok jsing
author: tb <> 2023-08-12 07:50:47 +0000
committer: tb <> 2023-08-12 07:50:47 +0000
commit: f5928511901ba790469237cdd03eba98ebd97973 (patch)
tree: d4bb9a302e2a9007c4e03757faff7454de03ec43 /src/lib/libc
parent: 433040516cb1d48e0ce58ca213a9e7396a5a1dde (diff)
download: openbsd-f5928511901ba790469237cdd03eba98ebd97973.tar.gz
openbsd-f5928511901ba790469237cdd03eba98ebd97973.tar.bz2
openbsd-f5928511901ba790469237cdd03eba98ebd97973.zip
2 files changed, 7 insertions, 2 deletions
diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c
index 88fec6bf4a..ec9fe43d2b 100644
--- a/src/lib/libcrypto/dh/dh_ameth.c
+++ b/src/lib/libcrypto/dh/dh_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_ameth.c,v 1.37 2023/08/12 07:43:48 tb Exp $ */
+/* $OpenBSD: dh_ameth.c,v 1.38 2023/08/12 07:50:47 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -111,6 +111,7 @@ dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
                DHerror(DH_R_DECODE_ERROR);
                goto err;
        }
+        BN_free(dh->pub_key);
        if ((dh->pub_key = ASN1_INTEGER_to_BN(aint, NULL)) == NULL) {
                DHerror(DH_R_BN_DECODE_ERROR);
                goto err;
@@ -223,6 +224,7 @@ dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
                DHerror(DH_R_DECODE_ERROR);
                goto err;
        }
+        BN_free(dh->priv_key);
        if ((dh->priv_key = ASN1_INTEGER_to_BN(aint, NULL)) == NULL) {
                DHerror(DH_R_BN_DECODE_ERROR);
                goto err;
diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c
index 83fdf2129f..d6b0546c04 100644
--- a/src/lib/libcrypto/dsa/dsa_ameth.c
+++ b/src/lib/libcrypto/dsa/dsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ameth.c,v 1.53 2023/08/12 07:46:14 tb Exp $ */
+/* $OpenBSD: dsa_ameth.c,v 1.54 2023/08/12 07:50:47 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -114,6 +114,7 @@ dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
                DSAerror(DSA_R_DECODE_ERROR);
                goto err;
        }
+        BN_free(dsa->pub_key);
        if ((dsa->pub_key = ASN1_INTEGER_to_BN(aint, NULL)) == NULL) {
                DSAerror(DSA_R_BN_DECODE_ERROR);
                goto err;
@@ -236,6 +237,7 @@ dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
                DSAerror(DSA_R_DECODE_ERROR);
                goto err;
        }
+        BN_free(dsa->priv_key);
        if ((dsa->priv_key = ASN1_INTEGER_to_BN(aint, NULL)) == NULL) {
                DSAerror(DSA_R_BN_DECODE_ERROR);
                goto err;
@@ -246,6 +248,7 @@ dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
                goto err;
        /* Calculate public key */
+        BN_free(dsa->pub_key);
        if ((dsa->pub_key = BN_new()) == NULL) {
                DSAerror(ERR_R_MALLOC_FAILURE);
                goto err;
author	tb <>	2023-08-12 07:50:47 +0000
committer	tb <>	2023-08-12 07:50:47 +0000
commit	f5928511901ba790469237cdd03eba98ebd97973 (patch)
tree	d4bb9a302e2a9007c4e03757faff7454de03ec43 /src/lib/libc
parent	433040516cb1d48e0ce58ca213a9e7396a5a1dde (diff)
download	openbsd-f5928511901ba790469237cdd03eba98ebd97973.tar.gz openbsd-f5928511901ba790469237cdd03eba98ebd97973.tar.bz2 openbsd-f5928511901ba790469237cdd03eba98ebd97973.zip