Fix return paths with missing EVP_CIPHER_CTX_cleanup() calls.

ok doug@
author: jsg <jsg@openbsd.org> 2015-05-15 11:00:14 +0000
committer: jsg <jsg@openbsd.org> 2015-05-15 11:00:14 +0000
commit: d5eebd0bd527e182d99d439c6b21696b548e51bb (patch)
tree: e176399f54ff40297b2993d164e589f26a14097e /lib/libssl/src
parent: rename the probe and free members of atascsi_methods to ata_probe (diff)
download: wireguard-openbsd-d5eebd0bd527e182d99d439c6b21696b548e51bb.tar.xz
wireguard-openbsd-d5eebd0bd527e182d99d439c6b21696b548e51bb.zip
5 files changed, 16 insertions, 15 deletions
diff --git a/lib/libssl/src/crypto/cms/cms_pwri.c b/lib/libssl/src/crypto/cms/cms_pwri.c
index 89f79259388..11509e3c113 100644
--- a/lib/libssl/src/crypto/cms/cms_pwri.c
+++ b/lib/libssl/src/crypto/cms/cms_pwri.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_pwri.c,v 1.8 2014/10/22 13:02:04 jsing Exp $ */
+/* $OpenBSD: cms_pwri.c,v 1.9 2015/05/15 11:00:14 jsg Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -332,14 +332,14 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
 
 	if (!pwri->pass) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD);
-		return 0;
+		goto err;
 	}
 	algtmp = pwri->keyEncryptionAlgorithm;
 
 	if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
 		    CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
-		return 0;
+		goto err;
 	}
 
 	if (algtmp->parameter->type == V_ASN1_SEQUENCE) {
@@ -350,7 +350,7 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
 	if (kekalg == NULL) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
 		    CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER);
-		return 0;
+		goto err;
 	}
 
 	kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
diff --git a/lib/libssl/src/crypto/pem/pvkfmt.c b/lib/libssl/src/crypto/pem/pvkfmt.c
index 2009c9db801..025381bcc0d 100644
--- a/lib/libssl/src/crypto/pem/pvkfmt.c
+++ b/lib/libssl/src/crypto/pem/pvkfmt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pvkfmt.c,v 1.12 2014/10/22 13:02:04 jsing Exp $ */
+/* $OpenBSD: pvkfmt.c,v 1.13 2015/05/15 11:00:14 jsg Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2005.
  */
@@ -731,17 +731,16 @@ do_PVK_body(const unsigned char **in, unsigned int saltlen,
 			inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
 		if (inlen <= 0) {
 			PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);
-			return NULL;
+			goto err;
 		}
 		enctmp = malloc(keylen + 8);
 		if (!enctmp) {
 			PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE);
-			return NULL;
+			goto err;
 		}
 		if (!derive_pvk_key(keybuf, p, saltlen, (unsigned char *)psbuf,
 		    inlen)) {
-			free(enctmp);
-			return NULL;
+			goto err;
 		}
 		p += saltlen;
 		/* Copy BLOBHEADER across, decrypt rest */
@@ -749,8 +748,7 @@ do_PVK_body(const unsigned char **in, unsigned int saltlen,
 		p += 8;
 		if (keylen < 8) {
 			PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT);
-			free(enctmp);
-			return NULL;
+			goto err;
 		}
 		inlen = keylen - 8;
 		q = enctmp + 8;
diff --git a/lib/libssl/src/crypto/pkcs12/p12_decr.c b/lib/libssl/src/crypto/pkcs12/p12_decr.c
index 13be237b4c3..4cccf43d3f8 100644
--- a/lib/libssl/src/crypto/pkcs12/p12_decr.c
+++ b/lib/libssl/src/crypto/pkcs12/p12_decr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_decr.c,v 1.14 2015/02/14 12:43:07 miod Exp $ */
+/* $OpenBSD: p12_decr.c,v 1.15 2015/05/15 11:00:14 jsg Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -77,9 +77,10 @@ PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, int passlen,
 	/* Decrypt data */
 	if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
 	    algor->parameter, &ctx, en_de)) {
+		out = NULL;
 		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
 		    PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
-		return NULL;
+		goto err;
 	}
 
 	if (!(out = malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
diff --git a/lib/libssl/src/ssl/d1_srvr.c b/lib/libssl/src/ssl/d1_srvr.c
index 1d3779f5671..27f350fcb67 100644
--- a/lib/libssl/src/ssl/d1_srvr.c
+++ b/lib/libssl/src/ssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.50 2015/03/27 12:29:54 jsing Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.51 2015/05/15 11:00:14 jsg Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -1288,6 +1288,7 @@ dtls1_send_newsession_ticket(SSL *s)
 			if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
 			    &hctx, 1) < 0) {
 				free(senc);
+				EVP_CIPHER_CTX_cleanup(&ctx);
 				return -1;
 			}
 		} else {
diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c
index 5248cc864c2..921d7797809 100644
--- a/lib/libssl/src/ssl/s3_srvr.c
+++ b/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.102 2015/04/15 16:25:43 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.103 2015/05/15 11:00:14 jsg Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2689,6 +2689,7 @@ ssl3_send_newsession_ticket(SSL *s)
 			if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
 			    &hctx, 1) < 0) {
 				free(senc);
+				EVP_CIPHER_CTX_cleanup(&ctx);
 				return (-1);
 			}
 		} else {
author	jsg <jsg@openbsd.org>	2015-05-15 11:00:14 +0000
committer	jsg <jsg@openbsd.org>	2015-05-15 11:00:14 +0000
commit	d5eebd0bd527e182d99d439c6b21696b548e51bb (patch)
tree	e176399f54ff40297b2993d164e589f26a14097e /lib/libssl/src
parent	rename the probe and free members of atascsi_methods to ata_probe (diff)
download	wireguard-openbsd-d5eebd0bd527e182d99d439c6b21696b548e51bb.tar.xz wireguard-openbsd-d5eebd0bd527e182d99d439c6b21696b548e51bb.zip