提交 a93e0e78 编写于 作者: J J Mohan Rao Arisankala 提交者: Matt Caswell

#4342: few missing malloc return checks and free in error paths

ossl_hmac_cleanup, pkey_hmac_cleanup:
 - allow to invoke with NULL data
 - using EVP_PKEY_CTX_[get|set]_data

EVP_DigestInit_ex:
 - remove additional check for ‘type’ and doing clear free instead of
free
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
上级 1c7bfec5
...@@ -441,6 +441,10 @@ static int ossl_hmac_init(EVP_PKEY_CTX *ctx) ...@@ -441,6 +441,10 @@ static int ossl_hmac_init(EVP_PKEY_CTX *ctx)
return 0; return 0;
hctx->ktmp.type = V_ASN1_OCTET_STRING; hctx->ktmp.type = V_ASN1_OCTET_STRING;
hctx->ctx = HMAC_CTX_new(); hctx->ctx = HMAC_CTX_new();
if (hctx->ctx == NULL) {
OPENSSL_free(hctx);
return 0;
}
EVP_PKEY_CTX_set_data(ctx, hctx); EVP_PKEY_CTX_set_data(ctx, hctx);
EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0); EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
# ifdef TEST_ENG_OPENSSL_HMAC_INIT # ifdef TEST_ENG_OPENSSL_HMAC_INIT
...@@ -449,31 +453,42 @@ static int ossl_hmac_init(EVP_PKEY_CTX *ctx) ...@@ -449,31 +453,42 @@ static int ossl_hmac_init(EVP_PKEY_CTX *ctx)
return 1; return 1;
} }
static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx);
static int ossl_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) static int ossl_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
{ {
OSSL_HMAC_PKEY_CTX *sctx, *dctx; OSSL_HMAC_PKEY_CTX *sctx, *dctx;
/* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */
if (!ossl_hmac_init(dst)) if (!ossl_hmac_init(dst))
return 0; return 0;
sctx = EVP_PKEY_CTX_get_data(src); sctx = EVP_PKEY_CTX_get_data(src);
dctx = EVP_PKEY_CTX_get_data(dst); dctx = EVP_PKEY_CTX_get_data(dst);
dctx->md = sctx->md; dctx->md = sctx->md;
if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx)) if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
return 0; goto err;
if (sctx->ktmp.data) { if (sctx->ktmp.data) {
if (!ASN1_OCTET_STRING_set(&dctx->ktmp, if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
sctx->ktmp.data, sctx->ktmp.length)) sctx->ktmp.data, sctx->ktmp.length))
return 0; goto err;
} }
return 1; return 1;
err:
/* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */
ossl_hmac_cleanup(dst);
return 0;
} }
static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx) static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx)
{ {
OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx); OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
HMAC_CTX_free(hctx->ctx); if (hctx) {
OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length); HMAC_CTX_free(hctx->ctx);
OPENSSL_free(hctx); OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length);
OPENSSL_free(hctx);
EVP_PKEY_CTX_set_data(ctx, NULL);
}
} }
static int ossl_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) static int ossl_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
......
...@@ -68,10 +68,8 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) ...@@ -68,10 +68,8 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
* previous handle, re-querying for an ENGINE, and having a * previous handle, re-querying for an ENGINE, and having a
* reinitialisation, when it may all be unnecessary. * reinitialisation, when it may all be unnecessary.
*/ */
if (ctx->engine && ctx->digest && (!type || if (ctx->engine && ctx->digest &&
(type (type == NULL || (type->type == ctx->digest->type)))
&& (type->type ==
ctx->digest->type))))
goto skip_to_init; goto skip_to_init;
if (type) { if (type) {
/* /*
...@@ -117,7 +115,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) ...@@ -117,7 +115,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
#endif #endif
if (ctx->digest != type) { if (ctx->digest != type) {
if (ctx->digest && ctx->digest->ctx_size) { if (ctx->digest && ctx->digest->ctx_size) {
OPENSSL_free(ctx->md_data); OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
ctx->md_data = NULL; ctx->md_data = NULL;
} }
ctx->digest = type; ctx->digest = type;
......
...@@ -32,6 +32,10 @@ static int pkey_hmac_init(EVP_PKEY_CTX *ctx) ...@@ -32,6 +32,10 @@ static int pkey_hmac_init(EVP_PKEY_CTX *ctx)
return 0; return 0;
hctx->ktmp.type = V_ASN1_OCTET_STRING; hctx->ktmp.type = V_ASN1_OCTET_STRING;
hctx->ctx = HMAC_CTX_new(); hctx->ctx = HMAC_CTX_new();
if (hctx->ctx == NULL) {
OPENSSL_free(hctx);
return 0;
}
ctx->data = hctx; ctx->data = hctx;
ctx->keygen_info_count = 0; ctx->keygen_info_count = 0;
...@@ -39,33 +43,41 @@ static int pkey_hmac_init(EVP_PKEY_CTX *ctx) ...@@ -39,33 +43,41 @@ static int pkey_hmac_init(EVP_PKEY_CTX *ctx)
return 1; return 1;
} }
static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx);
static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
{ {
HMAC_PKEY_CTX *sctx, *dctx; HMAC_PKEY_CTX *sctx, *dctx;
/* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */
if (!pkey_hmac_init(dst)) if (!pkey_hmac_init(dst))
return 0; return 0;
sctx = src->data; sctx = EVP_PKEY_CTX_get_data(src);
dctx = dst->data; dctx = EVP_PKEY_CTX_get_data(dst);
dctx->md = sctx->md; dctx->md = sctx->md;
if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx)) if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
return 0; goto err;
if (sctx->ktmp.data) { if (sctx->ktmp.data) {
if (!ASN1_OCTET_STRING_set(&dctx->ktmp, if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
sctx->ktmp.data, sctx->ktmp.length)) sctx->ktmp.data, sctx->ktmp.length))
return 0; goto err;
} }
return 1; return 1;
err:
/* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */
pkey_hmac_cleanup (dst);
return 0;
} }
static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx) static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx)
{ {
HMAC_PKEY_CTX *hctx = ctx->data; HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
if (hctx != NULL) { if (hctx != NULL) {
HMAC_CTX_free(hctx->ctx); HMAC_CTX_free(hctx->ctx);
OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length); OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length);
OPENSSL_free(hctx); OPENSSL_free(hctx);
ctx->data = NULL; EVP_PKEY_CTX_set_data(ctx, NULL);
} }
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册