[openssl/openssl] fcd614: free oaep label-octet-string on error
James Muir
noreply at github.com
Wed Nov 1 11:06:05 UTC 2023
Branch: refs/heads/openssl-3.1
Home: https://github.com/openssl/openssl
Commit: fcd614f7790aeeab294a488187b2a406aa415203
https://github.com/openssl/openssl/commit/fcd614f7790aeeab294a488187b2a406aa415203
Author: James Muir <james at openssl.org>
Date: 2023-11-01 (Wed, 01 Nov 2023)
Changed paths:
M crypto/cms/cms_rsa.c
Log Message:
-----------
free oaep label-octet-string on error
When X509_ALGOR_set0() fails, ownership of the the ASN1 object "los"
(label octet string) has not been passed on to the X509_ALGOR object
"oaep->pSourceFunc", so we need to free "los" in that case.
Check return value of X509_ALGOR_set0(), change the scope of "los" and
ensure it is freed on failure (on success, set it to NULL so it is not
freed inside the function).
Fixes #22336
Testing:
You can use the following script to test cms encryption with rsa-oaep:
#!/bin/bash -x
OSSLCMD="apps/openssl"
# check we are calling the right openssl app
LD_LIBRARY_PATH=. valgrind $OSSLCMD version
echo "this is a confidential message." > msg.txt
LD_LIBRARY_PATH=. valgrind $OSSLCMD cms -encrypt -in msg.txt \
-stream -out msg.txt.cms \
-recip test/smime-certs/smrsa1.pem \
-keyopt rsa_padding_mode:oaep \
-keyopt rsa_oaep_md:sha256 \
-keyopt rsa_oaep_label:deadbeef
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22556)
(cherry picked from commit a9a1b3da876456e1eecffbba15fb6d1820e8f379)
More information about the openssl-commits
mailing list