The branch OpenSSL_1_1_1-stable has been updated
via 503eb0e108ca5819dacd5ae171aedd37268654d9 (commit)
from 2fd9c433712a08474af071cef538ffcd94dc4b57 (commit)
- Log -----------------------------------------------------------------
commit 503eb0e108ca5819dacd5ae171aedd37268654d9
Author: Bernd Edlinger <bernd.edlin...@hotmail.de>
Date: Wed Oct 6 09:23:17 2021 +0200
Fix some possible memory leaks in EVP_CipherInit_ex
An EVP_CONTEXT with zero cipher but non-zero engine,
and/or cipher_data is possible if an error happens
in EVP_CTRL_INIT or in EVP_CTRL_COPY, the error handling
will just clear the cipher in that case.
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16756)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/evp_enc.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index e3c165d48e..d835968f25 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -85,7 +85,11 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER
*cipher,
* previous check attempted to avoid this if the same ENGINE and
* EVP_CIPHER could be used).
*/
- if (ctx->cipher) {
+ if (ctx->cipher
+#ifndef OPENSSL_NO_ENGINE
+ || ctx->engine
+#endif
+ || ctx->cipher_data) {
unsigned long flags = ctx->flags;
EVP_CIPHER_CTX_reset(ctx);
/* Restore encrypt and flags */
@@ -105,11 +109,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const
EVP_CIPHER *cipher,
/* There's an ENGINE for this job ... (apparently) */
const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
if (!c) {
- /*
- * One positive side-effect of US's export control history,
- * is that we should at least be able to avoid using US
- * misspellings of "initialisation"?
- */
+ ENGINE_finish(impl);
EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
return 0;
}
