Fix memleaks in KDF implementations

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9662)

diff --git a/providers/common/kdfs/hkdf.c b/providers/common/kdfs/hkdf.c
index f5d0295ae3db4728073305149640c48f507143e6..30bda90f6921a01b9e47ed462b2f0cbd650e0d22 100644 (file)
--- a/providers/common/kdfs/hkdf.c
+++ b/providers/common/kdfs/hkdf.c
@@ -75,7 +75,6 @@ static void kdf_hkdf_free(void *vctx)
     KDF_HKDF *ctx = (KDF_HKDF *)vctx;
 
     kdf_hkdf_reset(ctx);
-    EVP_MD_meth_free(ctx->md);
     OPENSSL_free(ctx);
 }
 
@@ -83,6 +82,7 @@ static void kdf_hkdf_reset(void *vctx)
 {
     KDF_HKDF *ctx = (KDF_HKDF *)vctx;
 
+    EVP_MD_meth_free(ctx->md);
     OPENSSL_free(ctx->salt);
     OPENSSL_clear_free(ctx->key, ctx->key_len);
     OPENSSL_cleanse(ctx->info, ctx->info_len);

diff --git a/providers/common/kdfs/pbkdf2.c b/providers/common/kdfs/pbkdf2.c
index e0b4550d6271a5bb394166fdbe2bfdd61d0dc7f7..27bf28a89b18a5b7f954e85e2e64928ee48c1585 100644 (file)
--- a/providers/common/kdfs/pbkdf2.c
+++ b/providers/common/kdfs/pbkdf2.c
@@ -80,7 +80,6 @@ static void kdf_pbkdf2_free(void *vctx)
     KDF_PBKDF2 *ctx = (KDF_PBKDF2 *)vctx;
 
     kdf_pbkdf2_reset(ctx);
-    EVP_MD_meth_free(ctx->md);
     OPENSSL_free(ctx);
 }
 
@@ -88,6 +87,7 @@ static void kdf_pbkdf2_reset(void *vctx)
 {
     KDF_PBKDF2 *ctx = (KDF_PBKDF2 *)vctx;
 
+    EVP_MD_meth_free(ctx->md);
     OPENSSL_free(ctx->salt);
     OPENSSL_clear_free(ctx->pass, ctx->pass_len);
     memset(ctx, 0, sizeof(*ctx));

diff --git a/providers/common/kdfs/sskdf.c b/providers/common/kdfs/sskdf.c
index 61e4607bee88512c5dd4ab15adb24c55fe9b0c15..b8a41fbbaafaa95c65b2db9952b78df272d3e957 100644 (file)
--- a/providers/common/kdfs/sskdf.c
+++ b/providers/common/kdfs/sskdf.c
@@ -315,10 +315,11 @@ static void sskdf_reset(void *vctx)
 {
     KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
 
+    EVP_MD_meth_free(ctx->md);
+    EVP_MAC_free(ctx->mac);
     OPENSSL_clear_free(ctx->secret, ctx->secret_len);
     OPENSSL_clear_free(ctx->info, ctx->info_len);
     OPENSSL_clear_free(ctx->salt, ctx->salt_len);
-    EVP_MAC_free(ctx->mac);
     memset(ctx, 0, sizeof(*ctx));
 }
 
@@ -327,8 +328,6 @@ static void sskdf_free(void *vctx)
     KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
 
     sskdf_reset(ctx);
-    EVP_MD_meth_free(ctx->md);
-    EVP_MAC_free(ctx->mac);
     OPENSSL_free(ctx);
 }
 

diff --git a/providers/common/kdfs/tls1_prf.c b/providers/common/kdfs/tls1_prf.c
index 5d7e599e64e0030fa1a22a25411805806f4fe6cb..38dbaddbf05c6b243c49e37c039ace3364963096 100644 (file)
--- a/providers/common/kdfs/tls1_prf.c
+++ b/providers/common/kdfs/tls1_prf.c
@@ -104,8 +104,6 @@ static void kdf_tls1_prf_free(void *vctx)
     TLS1_PRF *ctx = (TLS1_PRF *)vctx;
 
     kdf_tls1_prf_reset(ctx);
-    EVP_MD_meth_free(ctx->sha1);
-    EVP_MD_meth_free(ctx->md);
     OPENSSL_free(ctx);
 }
 
@@ -113,6 +111,8 @@ static void kdf_tls1_prf_reset(void *vctx)
 {
     TLS1_PRF *ctx = (TLS1_PRF *)vctx;
 
+    EVP_MD_meth_free(ctx->sha1);
+    EVP_MD_meth_free(ctx->md);
     OPENSSL_clear_free(ctx->sec, ctx->seclen);
     OPENSSL_cleanse(ctx->seed, ctx->seedlen);
     memset(ctx, 0, sizeof(*ctx));

diff --git a/providers/default/kdfs/scrypt.c b/providers/default/kdfs/scrypt.c
index 57dc317d217dddff76fef973b73c64ad72d7134b..abb4437d706ac2f39f4a9845b4c6465c5a6d2c83 100644 (file)
--- a/providers/default/kdfs/scrypt.c
+++ b/providers/default/kdfs/scrypt.c
@@ -74,8 +74,8 @@ static void kdf_scrypt_free(void *vctx)
 {
     KDF_SCRYPT *ctx = (KDF_SCRYPT *)vctx;
 
-    kdf_scrypt_reset(ctx);
     EVP_MD_meth_free(ctx->sha256);
+    kdf_scrypt_reset(ctx);
     OPENSSL_free(ctx);
 }
 
@@ -85,7 +85,6 @@ static void kdf_scrypt_reset(void *vctx)
 
     OPENSSL_free(ctx->salt);
     OPENSSL_clear_free(ctx->pass, ctx->pass_len);
-    memset(ctx, 0, sizeof(*ctx));
     kdf_scrypt_init(ctx);
 }
 

diff --git a/providers/default/kdfs/sshkdf.c b/providers/default/kdfs/sshkdf.c
index 529a98006c06597e6c873bcacfbc7d2154c1a97b..da59aaf8616111d95b0034cdd41e3422f590e413 100644 (file)
--- a/providers/default/kdfs/sshkdf.c
+++ b/providers/default/kdfs/sshkdf.c
@@ -63,7 +63,6 @@ static void kdf_sshkdf_free(void *vctx)
     KDF_SSHKDF *ctx = (KDF_SSHKDF *)vctx;
 
     kdf_sshkdf_reset(ctx);
-    EVP_MD_meth_free(ctx->md);
     OPENSSL_free(ctx);
 }
 
@@ -71,6 +70,7 @@ static void kdf_sshkdf_reset(void *vctx)
 {
     KDF_SSHKDF *ctx = (KDF_SSHKDF *)vctx;
 
+    EVP_MD_meth_free(ctx->md);
     OPENSSL_clear_free(ctx->key, ctx->key_len);
     OPENSSL_clear_free(ctx->xcghash, ctx->xcghash_len);
     OPENSSL_clear_free(ctx->session_id, ctx->session_id_len);

diff --git a/providers/default/kdfs/x942kdf.c b/providers/default/kdfs/x942kdf.c
index e8a5e4cad5b14bb21a036c57f7d3a71556162efb..af2b4a8db44a39dad1af392c95accbeb485b882e 100644 (file)
--- a/providers/default/kdfs/x942kdf.c
+++ b/providers/default/kdfs/x942kdf.c
@@ -255,6 +255,7 @@ static void x942kdf_reset(void *vctx)
 {
     KDF_X942 *ctx = (KDF_X942 *)vctx;
 
+    EVP_MD_meth_free(ctx->md);
     OPENSSL_clear_free(ctx->secret, ctx->secret_len);
     OPENSSL_clear_free(ctx->ukm, ctx->ukm_len);
     memset(ctx, 0, sizeof(*ctx));
@@ -265,7 +266,6 @@ static void x942kdf_free(void *vctx)
     KDF_X942 *ctx = (KDF_X942 *)vctx;
 
     x942kdf_reset(ctx);
-    EVP_MD_meth_free(ctx->md);
     OPENSSL_free(ctx);
 }