diff options
| author | xkernel <xkernel.wang@foxmail.com> | 2022-01-05 09:38:05 +0800 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2022-01-07 09:47:59 +0100 |
| commit | 949e4f79d202d43519d373b2af6b1a4948bf1a74 (patch) | |
| tree | 7732989f216fc4836a0e00b5bc6b9cb0f1f264e7 /ssl | |
| parent | 1b87116a0c43b8b4e1ad88b851d5bcf27c1a5f64 (diff) | |
| download | openssl-new-949e4f79d202d43519d373b2af6b1a4948bf1a74.tar.gz | |
properly free the resource from EVP_MD_CTX_new() at ssl3_record.c:1413
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17415)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/record/ssl3_record.c | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 55b5e99f24..86203849a9 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1392,6 +1392,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) int tlstree_mac = sending ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_TLSTREE) : (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_TLSTREE); int t; + int ret = 0; if (sending) { seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer); @@ -1412,15 +1413,13 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) } else { hmac = EVP_MD_CTX_new(); if (hmac == NULL || !EVP_MD_CTX_copy(hmac, hash)) { - EVP_MD_CTX_free(hmac); - return 0; + goto end; } mac_ctx = hmac; } if (!SSL_IS_DTLS(ssl) && tlstree_mac && EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_TLSTREE, 0, seq) <= 0) { - EVP_MD_CTX_free(hmac); - return 0; + goto end; } if (SSL_IS_DTLS(ssl)) { @@ -1450,19 +1449,17 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) *p++ = OSSL_PARAM_construct_end(); if (!EVP_PKEY_CTX_set_params(EVP_MD_CTX_get_pkey_ctx(mac_ctx), - tls_hmac_params)) - return 0; + tls_hmac_params)) { + goto end; + } } if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0 || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0 || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) { - EVP_MD_CTX_free(hmac); - return 0; + goto end; } - EVP_MD_CTX_free(hmac); - OSSL_TRACE_BEGIN(TLS) { BIO_printf(trc_out, "seq:\n"); BIO_dump_indent(trc_out, seq, 8, 4); @@ -1481,7 +1478,10 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) BIO_printf(trc_out, "md:\n"); BIO_dump_indent(trc_out, md, md_size, 4); } OSSL_TRACE_END(TLS); - return 1; + ret = 1; + end: + EVP_MD_CTX_free(hmac); + return ret; } int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) |