From df2f8af4cb3e19fe5a1ed41582d1659aa6c4ef50 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 30 Aug 2019 14:35:43 +0200 Subject: [PATCH] Fix memleaks in KDF implementations Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9662) --- providers/common/kdfs/hkdf.c | 2 +- providers/common/kdfs/pbkdf2.c | 2 +- providers/common/kdfs/sskdf.c | 5 ++--- providers/common/kdfs/tls1_prf.c | 4 ++-- providers/default/kdfs/scrypt.c | 3 +-- providers/default/kdfs/sshkdf.c | 2 +- providers/default/kdfs/x942kdf.c | 2 +- 7 files changed, 9 insertions(+), 11 deletions(-) diff --git a/providers/common/kdfs/hkdf.c b/providers/common/kdfs/hkdf.c index f5d0295ae3..30bda90f69 100644 --- a/providers/common/kdfs/hkdf.c +++ b/providers/common/kdfs/hkdf.c @@ -75,7 +75,6 @@ static void kdf_hkdf_free(void *vctx) KDF_HKDF *ctx = (KDF_HKDF *)vctx; kdf_hkdf_reset(ctx); - EVP_MD_meth_free(ctx->md); OPENSSL_free(ctx); } @@ -83,6 +82,7 @@ static void kdf_hkdf_reset(void *vctx) { KDF_HKDF *ctx = (KDF_HKDF *)vctx; + EVP_MD_meth_free(ctx->md); OPENSSL_free(ctx->salt); OPENSSL_clear_free(ctx->key, ctx->key_len); OPENSSL_cleanse(ctx->info, ctx->info_len); diff --git a/providers/common/kdfs/pbkdf2.c b/providers/common/kdfs/pbkdf2.c index e0b4550d62..27bf28a89b 100644 --- a/providers/common/kdfs/pbkdf2.c +++ b/providers/common/kdfs/pbkdf2.c @@ -80,7 +80,6 @@ static void kdf_pbkdf2_free(void *vctx) KDF_PBKDF2 *ctx = (KDF_PBKDF2 *)vctx; kdf_pbkdf2_reset(ctx); - EVP_MD_meth_free(ctx->md); OPENSSL_free(ctx); } @@ -88,6 +87,7 @@ static void kdf_pbkdf2_reset(void *vctx) { KDF_PBKDF2 *ctx = (KDF_PBKDF2 *)vctx; + EVP_MD_meth_free(ctx->md); OPENSSL_free(ctx->salt); OPENSSL_clear_free(ctx->pass, ctx->pass_len); memset(ctx, 0, sizeof(*ctx)); diff --git a/providers/common/kdfs/sskdf.c b/providers/common/kdfs/sskdf.c index 61e4607bee..b8a41fbbaa 100644 --- a/providers/common/kdfs/sskdf.c +++ b/providers/common/kdfs/sskdf.c @@ -315,10 +315,11 @@ static void sskdf_reset(void *vctx) { KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; + EVP_MD_meth_free(ctx->md); + EVP_MAC_free(ctx->mac); OPENSSL_clear_free(ctx->secret, ctx->secret_len); OPENSSL_clear_free(ctx->info, ctx->info_len); OPENSSL_clear_free(ctx->salt, ctx->salt_len); - EVP_MAC_free(ctx->mac); memset(ctx, 0, sizeof(*ctx)); } @@ -327,8 +328,6 @@ static void sskdf_free(void *vctx) KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; sskdf_reset(ctx); - EVP_MD_meth_free(ctx->md); - EVP_MAC_free(ctx->mac); OPENSSL_free(ctx); } diff --git a/providers/common/kdfs/tls1_prf.c b/providers/common/kdfs/tls1_prf.c index 5d7e599e64..38dbaddbf0 100644 --- a/providers/common/kdfs/tls1_prf.c +++ b/providers/common/kdfs/tls1_prf.c @@ -104,8 +104,6 @@ static void kdf_tls1_prf_free(void *vctx) TLS1_PRF *ctx = (TLS1_PRF *)vctx; kdf_tls1_prf_reset(ctx); - EVP_MD_meth_free(ctx->sha1); - EVP_MD_meth_free(ctx->md); OPENSSL_free(ctx); } @@ -113,6 +111,8 @@ static void kdf_tls1_prf_reset(void *vctx) { TLS1_PRF *ctx = (TLS1_PRF *)vctx; + EVP_MD_meth_free(ctx->sha1); + EVP_MD_meth_free(ctx->md); OPENSSL_clear_free(ctx->sec, ctx->seclen); OPENSSL_cleanse(ctx->seed, ctx->seedlen); memset(ctx, 0, sizeof(*ctx)); diff --git a/providers/default/kdfs/scrypt.c b/providers/default/kdfs/scrypt.c index 57dc317d21..abb4437d70 100644 --- a/providers/default/kdfs/scrypt.c +++ b/providers/default/kdfs/scrypt.c @@ -74,8 +74,8 @@ static void kdf_scrypt_free(void *vctx) { KDF_SCRYPT *ctx = (KDF_SCRYPT *)vctx; - kdf_scrypt_reset(ctx); EVP_MD_meth_free(ctx->sha256); + kdf_scrypt_reset(ctx); OPENSSL_free(ctx); } @@ -85,7 +85,6 @@ static void kdf_scrypt_reset(void *vctx) OPENSSL_free(ctx->salt); OPENSSL_clear_free(ctx->pass, ctx->pass_len); - memset(ctx, 0, sizeof(*ctx)); kdf_scrypt_init(ctx); } diff --git a/providers/default/kdfs/sshkdf.c b/providers/default/kdfs/sshkdf.c index 529a98006c..da59aaf861 100644 --- a/providers/default/kdfs/sshkdf.c +++ b/providers/default/kdfs/sshkdf.c @@ -63,7 +63,6 @@ static void kdf_sshkdf_free(void *vctx) KDF_SSHKDF *ctx = (KDF_SSHKDF *)vctx; kdf_sshkdf_reset(ctx); - EVP_MD_meth_free(ctx->md); OPENSSL_free(ctx); } @@ -71,6 +70,7 @@ static void kdf_sshkdf_reset(void *vctx) { KDF_SSHKDF *ctx = (KDF_SSHKDF *)vctx; + EVP_MD_meth_free(ctx->md); OPENSSL_clear_free(ctx->key, ctx->key_len); OPENSSL_clear_free(ctx->xcghash, ctx->xcghash_len); OPENSSL_clear_free(ctx->session_id, ctx->session_id_len); diff --git a/providers/default/kdfs/x942kdf.c b/providers/default/kdfs/x942kdf.c index e8a5e4cad5..af2b4a8db4 100644 --- a/providers/default/kdfs/x942kdf.c +++ b/providers/default/kdfs/x942kdf.c @@ -255,6 +255,7 @@ static void x942kdf_reset(void *vctx) { KDF_X942 *ctx = (KDF_X942 *)vctx; + EVP_MD_meth_free(ctx->md); OPENSSL_clear_free(ctx->secret, ctx->secret_len); OPENSSL_clear_free(ctx->ukm, ctx->ukm_len); memset(ctx, 0, sizeof(*ctx)); @@ -265,7 +266,6 @@ static void x942kdf_free(void *vctx) KDF_X942 *ctx = (KDF_X942 *)vctx; x942kdf_reset(ctx); - EVP_MD_meth_free(ctx->md); OPENSSL_free(ctx); } -- 2.25.1