[openssl] master update

Dr. Paul Dale pauli at openssl.org
Fri Jan 7 10:11:49 UTC 2022


The branch master has been updated
       via  10481d33844218694929a7bad57314411a33ab74 (commit)
      from  22778abad905536fa6c93cdc6fffc8c736dfee79 (commit)


- Log -----------------------------------------------------------------
commit 10481d33844218694929a7bad57314411a33ab74
Author: Peiwei Hu <jlu.hpw at foxmail.com>
Date:   Wed Jan 5 23:17:53 2022 +0800

    Fix: some patches related to error exiting
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17417)

-----------------------------------------------------------------------

Summary of changes:
 apps/verify.c            | 1 +
 crypto/ec/ec_lib.c       | 4 ++--
 crypto/objects/obj_dat.c | 5 +++--
 crypto/x509/v3_crld.c    | 1 +
 crypto/x509/v3_sxnet.c   | 8 +++++---
 ssl/statem/statem_clnt.c | 2 +-
 test/evp_test.c          | 2 +-
 7 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/apps/verify.c b/apps/verify.c
index 24bbebf3f3..d504acd5b8 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -263,6 +263,7 @@ static int check(X509_STORE *ctx, const char *file,
             if (x509_ctrl_string(x, opt) <= 0) {
                 BIO_printf(bio_err, "parameter error \"%s\"\n", opt);
                 ERR_print_errors(bio_err);
+                X509_free(x);
                 return 0;
             }
         }
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index 3d3cf96962..2d85d4f23a 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -1710,8 +1710,8 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
         ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_ENCODING);
         if (ptmp != NULL
             && !ossl_ec_encoding_param2id(ptmp, &encoding_flag)) {
-            ECerr(0, EC_R_INVALID_ENCODING);
-            return 0;
+            ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING);
+            goto err;
         }
         if (encoding_flag == OPENSSL_EC_NAMED_CURVE) {
             ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING);
diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index eef80d63ce..26d2508e86 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -747,16 +747,17 @@ int OBJ_create(const char *oid, const char *sn, const char *ln)
     if ((sn != NULL && OBJ_sn2nid(sn) != NID_undef)
             || (ln != NULL && OBJ_ln2nid(ln) != NID_undef)) {
         ERR_raise(ERR_LIB_OBJ, OBJ_R_OID_EXISTS);
-        goto err;
+        return 0;
     }
 
     /* Convert numerical OID string to an ASN1_OBJECT structure */
     tmpoid = OBJ_txt2obj(oid, 1);
     if (tmpoid == NULL)
-        goto err;
+        return 0;
 
     if (!ossl_obj_write_lock(1)) {
         ERR_raise(ERR_LIB_OBJ, ERR_R_UNABLE_TO_GET_WRITE_LOCK);
+        ASN1_OBJECT_free(tmpoid);
         return 0;
     }
 
diff --git a/crypto/x509/v3_crld.c b/crypto/x509/v3_crld.c
index b831f775db..0f239ca568 100644
--- a/crypto/x509/v3_crld.c
+++ b/crypto/x509/v3_crld.c
@@ -83,6 +83,7 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
             return -1;
         dnsect = X509V3_get_section(ctx, cnf->value);
         if (!dnsect) {
+            X509_NAME_free(nm);
             ERR_raise(ERR_LIB_X509V3, X509V3_R_SECTION_NOT_FOUND);
             return -1;
         }
diff --git a/crypto/x509/v3_sxnet.c b/crypto/x509/v3_sxnet.c
index 4b19ce07d5..9d4113386a 100644
--- a/crypto/x509/v3_sxnet.c
+++ b/crypto/x509/v3_sxnet.c
@@ -167,11 +167,12 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user,
             goto err;
         if (!ASN1_INTEGER_set(sx->version, 0))
             goto err;
-        *psx = sx;
     } else
         sx = *psx;
     if (SXNET_get_id_INTEGER(sx, zone)) {
         ERR_raise(ERR_LIB_X509V3, X509V3_R_DUPLICATE_ZONE_ID);
+        if (*psx == NULL)
+            SXNET_free(sx);
         return 0;
     }
 
@@ -183,13 +184,14 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user,
     if (!sk_SXNETID_push(sx->ids, id))
         goto err;
     id->zone = zone;
+    *psx = sx;
     return 1;
 
  err:
     ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
     SXNETID_free(id);
-    SXNET_free(sx);
-    *psx = NULL;
+    if (*psx == NULL)
+        SXNET_free(sx);
     return 0;
 }
 
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index b7e40e6db8..05f915bd91 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2926,7 +2926,7 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt)
     encoded_pub_len = EVP_PKEY_get1_encoded_public_key(ckey, &encoded_pub);
     if (encoded_pub_len == 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
-        EVP_PKEY_free(skey);
+        EVP_PKEY_free(ckey);
         return EXT_RETURN_FAIL;
     }
 
diff --git a/test/evp_test.c b/test/evp_test.c
index 6ae862b044..d068d6fa8e 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -2510,7 +2510,7 @@ static int rand_test_run(EVP_TEST *t)
                             item->pr_entropyB_len);
             params[1] = OSSL_PARAM_construct_end();
             if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params)))
-                return 0;
+                goto err;
         }
         if (!TEST_true(EVP_RAND_generate
                            (expected->ctx, got, got_len,


More information about the openssl-commits mailing list