[openssl] master update

Richard Levitte levitte at openssl.org
Fri May 8 13:16:00 UTC 2020


The branch master has been updated
       via  c7fa92979c5964966efa298bf2a40ff451ee7482 (commit)
      from  73d6b4efe6835a6c97ce61df6bf339b0903e5b7a (commit)


- Log -----------------------------------------------------------------
commit c7fa92979c5964966efa298bf2a40ff451ee7482
Author: Richard Levitte <levitte at openssl.org>
Date:   Wed May 6 20:48:25 2020 +0200

    EVP: when setting the operation to EVP_PKEY_OP_UNDEFINED, clean up!
    
    There were a few instances where we set the EVP_PKEY_CTX operation to
    EVP_PKEY_OP_UNDEFINED, but forgot to clean up first.  After the
    operation is made undefined, there's no way to know what should be
    cleaned away, so that must be done first, in all spots.
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/11750)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/exchange.c  | 1 +
 crypto/evp/pmeth_fn.c  | 9 ++++-----
 crypto/evp/pmeth_gn.c  | 4 +++-
 crypto/evp/signature.c | 1 +
 4 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c
index 6423fd9eff..26d7e1ce95 100644
--- a/crypto/evp/exchange.c
+++ b/crypto/evp/exchange.c
@@ -264,6 +264,7 @@ int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
 
     return ret ? 1 : 0;
  err:
+    evp_pkey_ctx_free_old_ops(ctx);
     ctx->operation = EVP_PKEY_OP_UNDEFINED;
     return 0;
 
diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c
index 4d8d3e91b1..8bc59c40b9 100644
--- a/crypto/evp/pmeth_fn.c
+++ b/crypto/evp/pmeth_fn.c
@@ -126,11 +126,8 @@ static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation)
         goto err;
     }
 
-    if (ret <= 0) {
-        cipher->freectx(ctx->op.ciph.ciphprovctx);
-        ctx->op.ciph.ciphprovctx = NULL;
+    if (ret <= 0)
         goto err;
-    }
     return 1;
 
  legacy:
@@ -162,8 +159,10 @@ static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation)
     }
 
  err:
-    if (ret <= 0)
+    if (ret <= 0) {
+        evp_pkey_ctx_free_old_ops(ctx);
         ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    }
     return ret;
 }
 
diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c
index a775d2bee7..fb861d2487 100644
--- a/crypto/evp/pmeth_gn.c
+++ b/crypto/evp/pmeth_gn.c
@@ -93,8 +93,10 @@ static int gen_init(EVP_PKEY_CTX *ctx, int operation)
 #endif
 
  end:
-    if (ret <= 0 && ctx != NULL)
+    if (ret <= 0 && ctx != NULL) {
+        evp_pkey_ctx_free_old_ops(ctx);
         ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    }
     return ret;
 
  not_supported:
diff --git a/crypto/evp/signature.c b/crypto/evp/signature.c
index d845ac12db..b7a7f79606 100644
--- a/crypto/evp/signature.c
+++ b/crypto/evp/signature.c
@@ -503,6 +503,7 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation)
     return ret;
 
  err:
+    evp_pkey_ctx_free_old_ops(ctx);
     ctx->operation = EVP_PKEY_OP_UNDEFINED;
     return ret;
 }


More information about the openssl-commits mailing list