diff options
| -rw-r--r-- | src/lib/libcrypto/pem/pem_seal.c | 30 |
1 files changed, 22 insertions, 8 deletions
diff --git a/src/lib/libcrypto/pem/pem_seal.c b/src/lib/libcrypto/pem/pem_seal.c index 96687eb77f..79162b32d7 100644 --- a/src/lib/libcrypto/pem/pem_seal.c +++ b/src/lib/libcrypto/pem/pem_seal.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: pem_seal.c,v 1.22 2015/09/10 15:56:25 jsing Exp $ */ | 1 | /* $OpenBSD: pem_seal.c,v 1.23 2016/11/05 11:32:45 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -70,6 +70,14 @@ | |||
| 70 | #include <openssl/rsa.h> | 70 | #include <openssl/rsa.h> |
| 71 | #include <openssl/x509.h> | 71 | #include <openssl/x509.h> |
| 72 | 72 | ||
| 73 | static void | ||
| 74 | PEM_ENCODE_SEAL_CTX_cleanup(PEM_ENCODE_SEAL_CTX *ctx) | ||
| 75 | { | ||
| 76 | EVP_CIPHER_CTX_cleanup(&ctx->cipher); | ||
| 77 | EVP_MD_CTX_cleanup(&ctx->md); | ||
| 78 | explicit_bzero(&ctx->encode, sizeof(ctx->encode)); | ||
| 79 | } | ||
| 80 | |||
| 73 | int | 81 | int |
| 74 | PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, | 82 | PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, |
| 75 | unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk) | 83 | unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk) |
| @@ -79,6 +87,14 @@ PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, | |||
| 79 | int i, j, max = 0; | 87 | int i, j, max = 0; |
| 80 | char *s = NULL; | 88 | char *s = NULL; |
| 81 | 89 | ||
| 90 | /* | ||
| 91 | * Make sure ctx is properly initialized so that we can always pass | ||
| 92 | * it to PEM_ENCODE_SEAL_CTX_cleanup() in the error path. | ||
| 93 | */ | ||
| 94 | EVP_EncodeInit(&ctx->encode); | ||
| 95 | EVP_MD_CTX_init(&ctx->md); | ||
| 96 | EVP_CIPHER_CTX_init(&ctx->cipher); | ||
| 97 | |||
| 82 | for (i = 0; i < npubk; i++) { | 98 | for (i = 0; i < npubk; i++) { |
| 83 | if (pubk[i]->type != EVP_PKEY_RSA) { | 99 | if (pubk[i]->type != EVP_PKEY_RSA) { |
| 84 | PEMerr(PEM_F_PEM_SEALINIT, PEM_R_PUBLIC_KEY_NO_RSA); | 100 | PEMerr(PEM_F_PEM_SEALINIT, PEM_R_PUBLIC_KEY_NO_RSA); |
| @@ -94,13 +110,9 @@ PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, | |||
| 94 | goto err; | 110 | goto err; |
| 95 | } | 111 | } |
| 96 | 112 | ||
| 97 | EVP_EncodeInit(&ctx->encode); | ||
| 98 | |||
| 99 | EVP_MD_CTX_init(&ctx->md); | ||
| 100 | if (!EVP_SignInit(&ctx->md, md_type)) | 113 | if (!EVP_SignInit(&ctx->md, md_type)) |
| 101 | goto err; | 114 | goto err; |
| 102 | 115 | ||
| 103 | EVP_CIPHER_CTX_init(&ctx->cipher); | ||
| 104 | ret = EVP_SealInit(&ctx->cipher, type, ek, ekl, iv, pubk, npubk); | 116 | ret = EVP_SealInit(&ctx->cipher, type, ek, ekl, iv, pubk, npubk); |
| 105 | if (ret <= 0) | 117 | if (ret <= 0) |
| 106 | goto err; | 118 | goto err; |
| @@ -115,9 +127,12 @@ PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, | |||
| 115 | 127 | ||
| 116 | ret = npubk; | 128 | ret = npubk; |
| 117 | 129 | ||
| 130 | if (0) { | ||
| 118 | err: | 131 | err: |
| 132 | PEM_ENCODE_SEAL_CTX_cleanup(ctx); | ||
| 133 | } | ||
| 119 | free(s); | 134 | free(s); |
| 120 | explicit_bzero(key, EVP_MAX_KEY_LENGTH); | 135 | explicit_bzero(key, sizeof(key)); |
| 121 | return (ret); | 136 | return (ret); |
| 122 | } | 137 | } |
| 123 | 138 | ||
| @@ -182,8 +197,7 @@ PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, | |||
| 182 | ret = 1; | 197 | ret = 1; |
| 183 | 198 | ||
| 184 | err: | 199 | err: |
| 185 | EVP_MD_CTX_cleanup(&ctx->md); | 200 | PEM_ENCODE_SEAL_CTX_cleanup(ctx); |
| 186 | EVP_CIPHER_CTX_cleanup(&ctx->cipher); | ||
| 187 | free(s); | 201 | free(s); |
| 188 | return (ret); | 202 | return (ret); |
| 189 | } | 203 | } |