diff options
author | tb <> | 2023-12-28 21:47:17 +0000 |
---|---|---|
committer | tb <> | 2023-12-28 21:47:17 +0000 |
commit | 16776370acb9e2b9734a640096c08eade32f50cb (patch) | |
tree | 30b107a9a10bee6798edcf094c0168aa729cda8b /src/lib | |
parent | dda1937e5346b71294b68b786ad65fa1449b1a50 (diff) | |
download | openbsd-16776370acb9e2b9734a640096c08eade32f50cb.tar.gz openbsd-16776370acb9e2b9734a640096c08eade32f50cb.tar.bz2 openbsd-16776370acb9e2b9734a640096c08eade32f50cb.zip |
Clean up pkey_gost_mac_keygen()
Make this function single exit, check and assign and finally error
check EVP_PKEY_assign(). This can't actually fail currently, but
if it did, things would leak. Free the key data with freezero.
ok jsing
CID 471704 (false positive)
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/libcrypto/gost/gost89imit_pmeth.c | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/src/lib/libcrypto/gost/gost89imit_pmeth.c b/src/lib/libcrypto/gost/gost89imit_pmeth.c index 63b7ef59ee..3caa58ac86 100644 --- a/src/lib/libcrypto/gost/gost89imit_pmeth.c +++ b/src/lib/libcrypto/gost/gost89imit_pmeth.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: gost89imit_pmeth.c,v 1.5 2022/11/26 16:08:53 tb Exp $ */ | 1 | /* $OpenBSD: gost89imit_pmeth.c,v 1.6 2023/12/28 21:47:17 tb Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 3 | * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> |
4 | * Copyright (c) 2005-2006 Cryptocom LTD | 4 | * Copyright (c) 2005-2006 Cryptocom LTD |
@@ -107,22 +107,29 @@ static int | |||
107 | pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) | 107 | pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) |
108 | { | 108 | { |
109 | struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); | 109 | struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); |
110 | unsigned char *keydata; | 110 | unsigned char *keydata = NULL; |
111 | int ret = 0; | ||
111 | 112 | ||
112 | if (!data->key_set) { | 113 | if (!data->key_set) { |
113 | GOSTerror(GOST_R_MAC_KEY_NOT_SET); | 114 | GOSTerror(GOST_R_MAC_KEY_NOT_SET); |
114 | return 0; | 115 | goto err; |
115 | } | 116 | } |
116 | 117 | ||
117 | keydata = malloc(32); | 118 | if ((keydata = malloc(32)) == NULL) { |
118 | if (keydata == NULL) { | ||
119 | GOSTerror(ERR_R_MALLOC_FAILURE); | 119 | GOSTerror(ERR_R_MALLOC_FAILURE); |
120 | return 0; | 120 | goto err; |
121 | } | 121 | } |
122 | memcpy(keydata, data->key, 32); | 122 | memcpy(keydata, data->key, 32); |
123 | EVP_PKEY_assign(pkey, NID_id_Gost28147_89_MAC, keydata); | 123 | if (!EVP_PKEY_assign(pkey, NID_id_Gost28147_89_MAC, keydata)) |
124 | goto err; | ||
125 | keydata = NULL; | ||
124 | 126 | ||
125 | return 1; | 127 | ret = 1; |
128 | |||
129 | err: | ||
130 | freezero(keydata, 32); | ||
131 | |||
132 | return ret; | ||
126 | } | 133 | } |
127 | 134 | ||
128 | static int | 135 | static int |