EVP: when setting the operation to EVP_PKEY_OP_UNDEFINED, clean up!

There were a few instances where we set the EVP_PKEY_CTX operation to
EVP_PKEY_OP_UNDEFINED, but forgot to clean up first.  After the
operation is made undefined, there's no way to know what should be
cleaned away, so that must be done first, in all spots.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11750)

diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c
index 6423fd9effda16759849848b93d84b1e0586b066..26d7e1ce95693b8cbd278e6b3095c47c603e1631 100644 (file)
--- a/crypto/evp/exchange.c
+++ b/crypto/evp/exchange.c
@@ -264,6 +264,7 @@ int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
 
     return ret ? 1 : 0;
  err:
+    evp_pkey_ctx_free_old_ops(ctx);
     ctx->operation = EVP_PKEY_OP_UNDEFINED;
     return 0;
 

diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c
index 4d8d3e91b18040f053c3b2c66cd5a2757593b776..8bc59c40b9fc3f0842d29d27e08e69dc6b6a6329 100644 (file)
--- a/crypto/evp/pmeth_fn.c
+++ b/crypto/evp/pmeth_fn.c
@@ -126,11 +126,8 @@ static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation)
         goto err;
     }
 
-    if (ret <= 0) {
-        cipher->freectx(ctx->op.ciph.ciphprovctx);
-        ctx->op.ciph.ciphprovctx = NULL;
+    if (ret <= 0)
         goto err;
-    }
     return 1;
 
  legacy:
@@ -162,8 +159,10 @@ static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation)
     }
 
  err:
-    if (ret <= 0)
+    if (ret <= 0) {
+        evp_pkey_ctx_free_old_ops(ctx);
         ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    }
     return ret;
 }
 

diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c
index a775d2bee73323f6c66114060f3df34e02b9e743..fb861d24875c8d2409505f3483b31b9429ca03b6 100644 (file)
--- a/crypto/evp/pmeth_gn.c
+++ b/crypto/evp/pmeth_gn.c
@@ -93,8 +93,10 @@ static int gen_init(EVP_PKEY_CTX *ctx, int operation)
 #endif
 
  end:
-    if (ret <= 0 && ctx != NULL)
+    if (ret <= 0 && ctx != NULL) {
+        evp_pkey_ctx_free_old_ops(ctx);
         ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    }
     return ret;
 
  not_supported:

diff --git a/crypto/evp/signature.c b/crypto/evp/signature.c
index d845ac12dbeb0cb3650a00b52404f50dca8d1b04..b7a7f7960624dff3d6bba4c7eb626e10b56149ca 100644 (file)
--- a/crypto/evp/signature.c
+++ b/crypto/evp/signature.c
@@ -503,6 +503,7 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation)
     return ret;
 
  err:
+    evp_pkey_ctx_free_old_ops(ctx);
     ctx->operation = EVP_PKEY_OP_UNDEFINED;
     return ret;
 }