From 4c3941c2eb22c44398bccb50dbd019530bb01c7d Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Sun, 17 Feb 2019 16:13:08 +0000 Subject: [PATCH] Don't leak EVP_KDF_CTX on error Found by Coverity Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/8260) --- crypto/evp/pbe_scrypt.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/crypto/evp/pbe_scrypt.c b/crypto/evp/pbe_scrypt.c index f8ea1fab38..722402528a 100644 --- a/crypto/evp/pbe_scrypt.c +++ b/crypto/evp/pbe_scrypt.c @@ -41,6 +41,11 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, int rv = 1; EVP_KDF_CTX *kctx; + if (r > UINT32_MAX || p > UINT32_MAX) { + EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PARAMETER_TOO_LARGE); + return 0; + } + /* Maintain existing behaviour. */ if (pass == NULL) { pass = empty; @@ -53,10 +58,6 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, if (kctx == NULL) return 0; - if (r > UINT32_MAX || p > UINT32_MAX) { - EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PARAMETER_TOO_LARGE); - return 0; - } if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, pass, (size_t)passlen) != 1 || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, salt, (size_t)saltlen) != 1 -- 2.25.1