[openssl] master update

tomas at openssl.org tomas at openssl.org
Tue Oct 12 14:45:53 UTC 2021


The branch master has been updated
       via  374d5cf2f6b8bdf87c04b5e293a7d291f2c23203 (commit)
       via  922422119df1f6aabd2a15e6e4108d98b6143adf (commit)
      from  58608487a44b3991ecc6d431d6273b2ca8c980a6 (commit)


- Log -----------------------------------------------------------------
commit 374d5cf2f6b8bdf87c04b5e293a7d291f2c23203
Author: Tomas Mraz <tomas at openssl.org>
Date:   Mon Oct 11 15:04:46 2021 +0200

    cmp_vfy.c, encoder_lib.c: Fix potential leak of a BIO
    
    Fixes #16787
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    (Merged from https://github.com/openssl/openssl/pull/16804)

commit 922422119df1f6aabd2a15e6e4108d98b6143adf
Author: Tomas Mraz <tomas at openssl.org>
Date:   Mon Oct 11 15:03:47 2021 +0200

    ctrl_params_translate: Fix leak of BN_CTX
    
    Also add a missing allocation failure check.
    
    Fixes #16788
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    (Merged from https://github.com/openssl/openssl/pull/16804)

-----------------------------------------------------------------------

Summary of changes:
 crypto/cmp/cmp_vfy.c               | 4 +++-
 crypto/encode_decode/encoder_lib.c | 7 +++++--
 crypto/evp/ctrl_params_translate.c | 3 +++
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index aa4665a562..b9d6fc2bdd 100644
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -27,12 +27,14 @@ static int verify_signature(const OSSL_CMP_CTX *cmp_ctx,
 {
     OSSL_CMP_PROTECTEDPART prot_part;
     EVP_PKEY *pubkey = NULL;
-    BIO *bio = BIO_new(BIO_s_mem()); /* may be NULL */
+    BIO *bio;
     int res = 0;
 
     if (!ossl_assert(cmp_ctx != NULL && msg != NULL && cert != NULL))
         return 0;
 
+    bio = BIO_new(BIO_s_mem()); /* may be NULL */
+
     /* verify that keyUsage, if present, contains digitalSignature */
     if (!cmp_ctx->ignore_keyusage
             && (X509_get_key_usage(cert) & X509v3_KU_DIGITAL_SIGNATURE) == 0) {
diff --git a/crypto/encode_decode/encoder_lib.c b/crypto/encode_decode/encoder_lib.c
index 6c20fbb3d1..cfd9275172 100644
--- a/crypto/encode_decode/encoder_lib.c
+++ b/crypto/encode_decode/encoder_lib.c
@@ -92,7 +92,7 @@ int OSSL_ENCODER_to_fp(OSSL_ENCODER_CTX *ctx, FILE *fp)
 int OSSL_ENCODER_to_data(OSSL_ENCODER_CTX *ctx, unsigned char **pdata,
                          size_t *pdata_len)
 {
-    BIO *out = BIO_new(BIO_s_mem());
+    BIO *out;
     BUF_MEM *buf = NULL;
     int ret = 0;
 
@@ -101,7 +101,10 @@ int OSSL_ENCODER_to_data(OSSL_ENCODER_CTX *ctx, unsigned char **pdata,
         return 0;
     }
 
-    if (OSSL_ENCODER_to_bio(ctx, out)
+    out = BIO_new(BIO_s_mem());
+
+    if (out != NULL
+        && OSSL_ENCODER_to_bio(ctx, out)
         && BIO_get_mem_ptr(out, &buf) > 0) {
         ret = 1; /* Hope for the best. A too small buffer will clear this */
 
diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
index 88945e13e6..b17ce3cbf9 100644
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
@@ -1595,10 +1595,13 @@ static int get_payload_public_key(enum state state,
             const EC_GROUP *ecg = EC_KEY_get0_group(eckey);
             const EC_POINT *point = EC_KEY_get0_public_key(eckey);
 
+            if (bnctx == NULL)
+                return 0;
             ctx->sz = EC_POINT_point2buf(ecg, point,
                                          POINT_CONVERSION_COMPRESSED,
                                          &buf, bnctx);
             ctx->p2 = buf;
+            BN_CTX_free(bnctx);
             break;
         }
         return 0;


More information about the openssl-commits mailing list