diff options
| author | miod <> | 2015-02-14 12:43:07 +0000 |
|---|---|---|
| committer | miod <> | 2015-02-14 12:43:07 +0000 |
| commit | 297b0d4a8bf51772b3f0e84123424a8a85e55eab (patch) | |
| tree | 57a9e3eb3014ef86834a30a199e0838e0f74d7c9 /src | |
| parent | d18f9324ae82e670faf7e01361779f8b667bce93 (diff) | |
| download | openbsd-297b0d4a8bf51772b3f0e84123424a8a85e55eab.tar.gz openbsd-297b0d4a8bf51772b3f0e84123424a8a85e55eab.tar.bz2 openbsd-297b0d4a8bf51772b3f0e84123424a8a85e55eab.zip | |
Try and fix a bunch of memory leaks upon error;
ok tedu@ about 7 months ago and I was sitting upon this diff for no reason
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/pkcs12/p12_add.c | 23 | ||||
| -rw-r--r-- | src/lib/libcrypto/pkcs12/p12_crt.c | 10 | ||||
| -rw-r--r-- | src/lib/libcrypto/pkcs12/p12_decr.c | 12 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/pkcs12/p12_add.c | 23 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/pkcs12/p12_crt.c | 10 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/pkcs12/p12_decr.c | 12 |
6 files changed, 66 insertions, 24 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c index 11373cda4f..b141851514 100644 --- a/src/lib/libcrypto/pkcs12/p12_add.c +++ b/src/lib/libcrypto/pkcs12/p12_add.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p12_add.c,v 1.11 2014/07/11 08:44:49 jsing Exp $ */ | 1 | /* $OpenBSD: p12_add.c,v 1.12 2015/02/14 12:43:07 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -78,11 +78,13 @@ PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2) | |||
| 78 | if (!ASN1_item_pack(obj, it, &bag->value.octet)) { | 78 | if (!ASN1_item_pack(obj, it, &bag->value.octet)) { |
| 79 | PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, | 79 | PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, |
| 80 | ERR_R_MALLOC_FAILURE); | 80 | ERR_R_MALLOC_FAILURE); |
| 81 | PKCS12_BAGS_free(bag); | ||
| 81 | return NULL; | 82 | return NULL; |
| 82 | } | 83 | } |
| 83 | if (!(safebag = PKCS12_SAFEBAG_new())) { | 84 | if (!(safebag = PKCS12_SAFEBAG_new())) { |
| 84 | PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, | 85 | PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, |
| 85 | ERR_R_MALLOC_FAILURE); | 86 | ERR_R_MALLOC_FAILURE); |
| 87 | PKCS12_BAGS_free(bag); | ||
| 86 | return NULL; | 88 | return NULL; |
| 87 | } | 89 | } |
| 88 | safebag->value.bag = bag; | 90 | safebag->value.bag = bag; |
| @@ -131,6 +133,7 @@ PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, int passlen, | |||
| 131 | if (!(bag->value.shkeybag = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, | 133 | if (!(bag->value.shkeybag = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, |
| 132 | passlen, salt, saltlen, iter, p8))) { | 134 | passlen, salt, saltlen, iter, p8))) { |
| 133 | PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); | 135 | PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); |
| 136 | PKCS12_SAFEBAG_free(bag); | ||
| 134 | return NULL; | 137 | return NULL; |
| 135 | } | 138 | } |
| 136 | 139 | ||
| @@ -150,15 +153,19 @@ PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk) | |||
| 150 | p7->type = OBJ_nid2obj(NID_pkcs7_data); | 153 | p7->type = OBJ_nid2obj(NID_pkcs7_data); |
| 151 | if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) { | 154 | if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) { |
| 152 | PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); | 155 | PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); |
| 153 | return NULL; | 156 | goto err; |
| 154 | } | 157 | } |
| 155 | 158 | ||
| 156 | if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) { | 159 | if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) { |
| 157 | PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, | 160 | PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, |
| 158 | PKCS12_R_CANT_PACK_STRUCTURE); | 161 | PKCS12_R_CANT_PACK_STRUCTURE); |
| 159 | return NULL; | 162 | goto err; |
| 160 | } | 163 | } |
| 161 | return p7; | 164 | return p7; |
| 165 | |||
| 166 | err: | ||
| 167 | PKCS7_free(p7); | ||
| 168 | return NULL; | ||
| 162 | } | 169 | } |
| 163 | 170 | ||
| 164 | /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */ | 171 | /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */ |
| @@ -190,7 +197,7 @@ PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, | |||
| 190 | if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) { | 197 | if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) { |
| 191 | PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, | 198 | PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, |
| 192 | PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE); | 199 | PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE); |
| 193 | return NULL; | 200 | goto err; |
| 194 | } | 201 | } |
| 195 | 202 | ||
| 196 | pbe_ciph = EVP_get_cipherbynid(pbe_nid); | 203 | pbe_ciph = EVP_get_cipherbynid(pbe_nid); |
| @@ -202,7 +209,7 @@ PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, | |||
| 202 | 209 | ||
| 203 | if (!pbe) { | 210 | if (!pbe) { |
| 204 | PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); | 211 | PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); |
| 205 | return NULL; | 212 | goto err; |
| 206 | } | 213 | } |
| 207 | X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); | 214 | X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); |
| 208 | p7->d.encrypted->enc_data->algorithm = pbe; | 215 | p7->d.encrypted->enc_data->algorithm = pbe; |
| @@ -211,10 +218,14 @@ PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, | |||
| 211 | pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen, bags, 1))) { | 218 | pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen, bags, 1))) { |
| 212 | PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, | 219 | PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, |
| 213 | PKCS12_R_ENCRYPT_ERROR); | 220 | PKCS12_R_ENCRYPT_ERROR); |
| 214 | return NULL; | 221 | goto err; |
| 215 | } | 222 | } |
| 216 | 223 | ||
| 217 | return p7; | 224 | return p7; |
| 225 | |||
| 226 | err: | ||
| 227 | PKCS7_free(p7); | ||
| 228 | return NULL; | ||
| 218 | } | 229 | } |
| 219 | 230 | ||
| 220 | STACK_OF(PKCS12_SAFEBAG) * | 231 | STACK_OF(PKCS12_SAFEBAG) * |
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c index 1d5c3dfd16..bef4d54cd9 100644 --- a/src/lib/libcrypto/pkcs12/p12_crt.c +++ b/src/lib/libcrypto/pkcs12/p12_crt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p12_crt.c,v 1.15 2014/07/11 08:44:49 jsing Exp $ */ | 1 | /* $OpenBSD: p12_crt.c,v 1.16 2015/02/14 12:43:07 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project. | 3 | * project. |
| 4 | */ | 4 | */ |
| @@ -236,8 +236,12 @@ PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, int key_usage, | |||
| 236 | bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, | 236 | bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, |
| 237 | iter, p8); | 237 | iter, p8); |
| 238 | PKCS8_PRIV_KEY_INFO_free(p8); | 238 | PKCS8_PRIV_KEY_INFO_free(p8); |
| 239 | } else | 239 | p8 = NULL; |
| 240 | } else { | ||
| 240 | bag = PKCS12_MAKE_KEYBAG(p8); | 241 | bag = PKCS12_MAKE_KEYBAG(p8); |
| 242 | if (bag != NULL) | ||
| 243 | p8 = NULL; | ||
| 244 | } | ||
| 241 | 245 | ||
| 242 | if (!bag) | 246 | if (!bag) |
| 243 | goto err; | 247 | goto err; |
| @@ -250,6 +254,8 @@ PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, int key_usage, | |||
| 250 | err: | 254 | err: |
| 251 | if (bag) | 255 | if (bag) |
| 252 | PKCS12_SAFEBAG_free(bag); | 256 | PKCS12_SAFEBAG_free(bag); |
| 257 | if (p8) | ||
| 258 | PKCS8_PRIV_KEY_INFO_free(p8); | ||
| 253 | 259 | ||
| 254 | return NULL; | 260 | return NULL; |
| 255 | } | 261 | } |
diff --git a/src/lib/libcrypto/pkcs12/p12_decr.c b/src/lib/libcrypto/pkcs12/p12_decr.c index b6bd508bf1..13be237b4c 100644 --- a/src/lib/libcrypto/pkcs12/p12_decr.c +++ b/src/lib/libcrypto/pkcs12/p12_decr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p12_decr.c,v 1.13 2014/07/11 08:44:49 jsing Exp $ */ | 1 | /* $OpenBSD: p12_decr.c,v 1.14 2015/02/14 12:43:07 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -166,19 +166,23 @@ PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it, | |||
| 166 | if (!in) { | 166 | if (!in) { |
| 167 | PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, | 167 | PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, |
| 168 | PKCS12_R_ENCODE_ERROR); | 168 | PKCS12_R_ENCODE_ERROR); |
| 169 | return NULL; | 169 | goto err; |
| 170 | } | 170 | } |
| 171 | if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data, | 171 | if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data, |
| 172 | &oct->length, 1)) { | 172 | &oct->length, 1)) { |
| 173 | PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, | 173 | PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, |
| 174 | PKCS12_R_ENCRYPT_ERROR); | 174 | PKCS12_R_ENCRYPT_ERROR); |
| 175 | free(in); | 175 | goto err; |
| 176 | return NULL; | ||
| 177 | } | 176 | } |
| 178 | if (zbuf) | 177 | if (zbuf) |
| 179 | OPENSSL_cleanse(in, inlen); | 178 | OPENSSL_cleanse(in, inlen); |
| 180 | free(in); | 179 | free(in); |
| 181 | return oct; | 180 | return oct; |
| 181 | |||
| 182 | err: | ||
| 183 | free(in); | ||
| 184 | M_ASN1_OCTET_STRING_free(oct); | ||
| 185 | return NULL; | ||
| 182 | } | 186 | } |
| 183 | 187 | ||
| 184 | IMPLEMENT_PKCS12_STACK_OF(PKCS7) | 188 | IMPLEMENT_PKCS12_STACK_OF(PKCS7) |
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_add.c b/src/lib/libssl/src/crypto/pkcs12/p12_add.c index 11373cda4f..b141851514 100644 --- a/src/lib/libssl/src/crypto/pkcs12/p12_add.c +++ b/src/lib/libssl/src/crypto/pkcs12/p12_add.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p12_add.c,v 1.11 2014/07/11 08:44:49 jsing Exp $ */ | 1 | /* $OpenBSD: p12_add.c,v 1.12 2015/02/14 12:43:07 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -78,11 +78,13 @@ PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2) | |||
| 78 | if (!ASN1_item_pack(obj, it, &bag->value.octet)) { | 78 | if (!ASN1_item_pack(obj, it, &bag->value.octet)) { |
| 79 | PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, | 79 | PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, |
| 80 | ERR_R_MALLOC_FAILURE); | 80 | ERR_R_MALLOC_FAILURE); |
| 81 | PKCS12_BAGS_free(bag); | ||
| 81 | return NULL; | 82 | return NULL; |
| 82 | } | 83 | } |
| 83 | if (!(safebag = PKCS12_SAFEBAG_new())) { | 84 | if (!(safebag = PKCS12_SAFEBAG_new())) { |
| 84 | PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, | 85 | PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, |
| 85 | ERR_R_MALLOC_FAILURE); | 86 | ERR_R_MALLOC_FAILURE); |
| 87 | PKCS12_BAGS_free(bag); | ||
| 86 | return NULL; | 88 | return NULL; |
| 87 | } | 89 | } |
| 88 | safebag->value.bag = bag; | 90 | safebag->value.bag = bag; |
| @@ -131,6 +133,7 @@ PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, int passlen, | |||
| 131 | if (!(bag->value.shkeybag = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, | 133 | if (!(bag->value.shkeybag = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, |
| 132 | passlen, salt, saltlen, iter, p8))) { | 134 | passlen, salt, saltlen, iter, p8))) { |
| 133 | PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); | 135 | PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); |
| 136 | PKCS12_SAFEBAG_free(bag); | ||
| 134 | return NULL; | 137 | return NULL; |
| 135 | } | 138 | } |
| 136 | 139 | ||
| @@ -150,15 +153,19 @@ PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk) | |||
| 150 | p7->type = OBJ_nid2obj(NID_pkcs7_data); | 153 | p7->type = OBJ_nid2obj(NID_pkcs7_data); |
| 151 | if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) { | 154 | if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) { |
| 152 | PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); | 155 | PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); |
| 153 | return NULL; | 156 | goto err; |
| 154 | } | 157 | } |
| 155 | 158 | ||
| 156 | if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) { | 159 | if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) { |
| 157 | PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, | 160 | PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, |
| 158 | PKCS12_R_CANT_PACK_STRUCTURE); | 161 | PKCS12_R_CANT_PACK_STRUCTURE); |
| 159 | return NULL; | 162 | goto err; |
| 160 | } | 163 | } |
| 161 | return p7; | 164 | return p7; |
| 165 | |||
| 166 | err: | ||
| 167 | PKCS7_free(p7); | ||
| 168 | return NULL; | ||
| 162 | } | 169 | } |
| 163 | 170 | ||
| 164 | /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */ | 171 | /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */ |
| @@ -190,7 +197,7 @@ PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, | |||
| 190 | if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) { | 197 | if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) { |
| 191 | PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, | 198 | PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, |
| 192 | PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE); | 199 | PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE); |
| 193 | return NULL; | 200 | goto err; |
| 194 | } | 201 | } |
| 195 | 202 | ||
| 196 | pbe_ciph = EVP_get_cipherbynid(pbe_nid); | 203 | pbe_ciph = EVP_get_cipherbynid(pbe_nid); |
| @@ -202,7 +209,7 @@ PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, | |||
| 202 | 209 | ||
| 203 | if (!pbe) { | 210 | if (!pbe) { |
| 204 | PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); | 211 | PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); |
| 205 | return NULL; | 212 | goto err; |
| 206 | } | 213 | } |
| 207 | X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); | 214 | X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); |
| 208 | p7->d.encrypted->enc_data->algorithm = pbe; | 215 | p7->d.encrypted->enc_data->algorithm = pbe; |
| @@ -211,10 +218,14 @@ PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, | |||
| 211 | pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen, bags, 1))) { | 218 | pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen, bags, 1))) { |
| 212 | PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, | 219 | PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, |
| 213 | PKCS12_R_ENCRYPT_ERROR); | 220 | PKCS12_R_ENCRYPT_ERROR); |
| 214 | return NULL; | 221 | goto err; |
| 215 | } | 222 | } |
| 216 | 223 | ||
| 217 | return p7; | 224 | return p7; |
| 225 | |||
| 226 | err: | ||
| 227 | PKCS7_free(p7); | ||
| 228 | return NULL; | ||
| 218 | } | 229 | } |
| 219 | 230 | ||
| 220 | STACK_OF(PKCS12_SAFEBAG) * | 231 | STACK_OF(PKCS12_SAFEBAG) * |
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_crt.c b/src/lib/libssl/src/crypto/pkcs12/p12_crt.c index 1d5c3dfd16..bef4d54cd9 100644 --- a/src/lib/libssl/src/crypto/pkcs12/p12_crt.c +++ b/src/lib/libssl/src/crypto/pkcs12/p12_crt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p12_crt.c,v 1.15 2014/07/11 08:44:49 jsing Exp $ */ | 1 | /* $OpenBSD: p12_crt.c,v 1.16 2015/02/14 12:43:07 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project. | 3 | * project. |
| 4 | */ | 4 | */ |
| @@ -236,8 +236,12 @@ PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, int key_usage, | |||
| 236 | bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, | 236 | bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, |
| 237 | iter, p8); | 237 | iter, p8); |
| 238 | PKCS8_PRIV_KEY_INFO_free(p8); | 238 | PKCS8_PRIV_KEY_INFO_free(p8); |
| 239 | } else | 239 | p8 = NULL; |
| 240 | } else { | ||
| 240 | bag = PKCS12_MAKE_KEYBAG(p8); | 241 | bag = PKCS12_MAKE_KEYBAG(p8); |
| 242 | if (bag != NULL) | ||
| 243 | p8 = NULL; | ||
| 244 | } | ||
| 241 | 245 | ||
| 242 | if (!bag) | 246 | if (!bag) |
| 243 | goto err; | 247 | goto err; |
| @@ -250,6 +254,8 @@ PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, int key_usage, | |||
| 250 | err: | 254 | err: |
| 251 | if (bag) | 255 | if (bag) |
| 252 | PKCS12_SAFEBAG_free(bag); | 256 | PKCS12_SAFEBAG_free(bag); |
| 257 | if (p8) | ||
| 258 | PKCS8_PRIV_KEY_INFO_free(p8); | ||
| 253 | 259 | ||
| 254 | return NULL; | 260 | return NULL; |
| 255 | } | 261 | } |
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_decr.c b/src/lib/libssl/src/crypto/pkcs12/p12_decr.c index b6bd508bf1..13be237b4c 100644 --- a/src/lib/libssl/src/crypto/pkcs12/p12_decr.c +++ b/src/lib/libssl/src/crypto/pkcs12/p12_decr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p12_decr.c,v 1.13 2014/07/11 08:44:49 jsing Exp $ */ | 1 | /* $OpenBSD: p12_decr.c,v 1.14 2015/02/14 12:43:07 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -166,19 +166,23 @@ PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it, | |||
| 166 | if (!in) { | 166 | if (!in) { |
| 167 | PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, | 167 | PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, |
| 168 | PKCS12_R_ENCODE_ERROR); | 168 | PKCS12_R_ENCODE_ERROR); |
| 169 | return NULL; | 169 | goto err; |
| 170 | } | 170 | } |
| 171 | if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data, | 171 | if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data, |
| 172 | &oct->length, 1)) { | 172 | &oct->length, 1)) { |
| 173 | PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, | 173 | PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, |
| 174 | PKCS12_R_ENCRYPT_ERROR); | 174 | PKCS12_R_ENCRYPT_ERROR); |
| 175 | free(in); | 175 | goto err; |
| 176 | return NULL; | ||
| 177 | } | 176 | } |
| 178 | if (zbuf) | 177 | if (zbuf) |
| 179 | OPENSSL_cleanse(in, inlen); | 178 | OPENSSL_cleanse(in, inlen); |
| 180 | free(in); | 179 | free(in); |
| 181 | return oct; | 180 | return oct; |
| 181 | |||
| 182 | err: | ||
| 183 | free(in); | ||
| 184 | M_ASN1_OCTET_STRING_free(oct); | ||
| 185 | return NULL; | ||
| 182 | } | 186 | } |
| 183 | 187 | ||
| 184 | IMPLEMENT_PKCS12_STACK_OF(PKCS7) | 188 | IMPLEMENT_PKCS12_STACK_OF(PKCS7) |