PR: 1961

Submitted by: Martin Gerbershagen <martin.gerbershagen@nsn.com>
Approved by: steve@openssl.org

Avoid memory leak if RAND_bytes() fails.

diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index 4d30c9d2d3527e1442c1d69db2b7ad1b214a6983..697d5779771801e2a6b22eef8bc254f27e0bce2a 100644 (file)
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -52,17 +52,6 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
                return 0;
                }
 
-       dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
-       if (dbmask == NULL)
-               {
-               RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
-               return 0;
-               }
-
-       to[0] = 0;
-       seed = to + 1;
-       db = to + SHA_DIGEST_LENGTH + 1;
-
        EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL);
        memset(db + SHA_DIGEST_LENGTH, 0,
                emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
@@ -76,6 +65,17 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
           20);
 #endif
 
+       to[0] = 0;
+       seed = to + 1;
+       db = to + SHA_DIGEST_LENGTH + 1;
+
+       dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
+       if (dbmask == NULL)
+               {
+               RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
+               return 0;
+               }
+
        MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
        for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
                db[i] ^= dbmask[i];