There were a few instances where we set the EVP_PKEY_CTX operation to
EVP_PKEY_OP_UNDEFINED, but forgot to clean up first. After the
operation is made undefined, there's no way to know what should be
cleaned away, so that must be done first, in all spots.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11750)
return ret ? 1 : 0;
err:
+ evp_pkey_ctx_free_old_ops(ctx);
ctx->operation = EVP_PKEY_OP_UNDEFINED;
return 0;
goto err;
}
- if (ret <= 0) {
- cipher->freectx(ctx->op.ciph.ciphprovctx);
- ctx->op.ciph.ciphprovctx = NULL;
+ if (ret <= 0)
goto err;
- }
return 1;
legacy:
}
err:
- if (ret <= 0)
+ if (ret <= 0) {
+ evp_pkey_ctx_free_old_ops(ctx);
ctx->operation = EVP_PKEY_OP_UNDEFINED;
+ }
return ret;
}
#endif
end:
- if (ret <= 0 && ctx != NULL)
+ if (ret <= 0 && ctx != NULL) {
+ evp_pkey_ctx_free_old_ops(ctx);
ctx->operation = EVP_PKEY_OP_UNDEFINED;
+ }
return ret;
not_supported:
return ret;
err:
+ evp_pkey_ctx_free_old_ops(ctx);
ctx->operation = EVP_PKEY_OP_UNDEFINED;
return ret;
}