[openssl/openssl] 680b4b: Fix mem leak in ECDSA_sign().

Shane noreply at github.com
Fri Mar 31 19:06:38 UTC 2023

  Branch: refs/heads/openssl-3.1
  Home:   https://github.com/openssl/openssl
  Commit: 680b4be65eba2658c1d807dd9838ca88301bb7dd
  Author: slontis <shane.lontis at oracle.com>
  Date:   2023-03-31 (Fri, 31 Mar 2023)

  Changed paths:
    M crypto/ec/ecdsa_ossl.c
    M crypto/sm2/sm2_sign.c
    M test/ecdsatest.c

  Log Message:
  Fix mem leak in ECDSA_sign().

Similiar to the issue found in PR #20553 for DSA_sign().
ECDSA_sign() leaked memory if the signature was NULL
when i2d_ECDSA_SIG was called.

Note that this does not affect the higher level EVP
functions as they correctly handle NULL.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Todd Short <todd.short at me.com>
(Merged from https://github.com/openssl/openssl/pull/20554)

(cherry picked from commit 4befe81a99b89c52b749a87eece82c1cba4fab12)

More information about the openssl-commits mailing list