17283726 memory leak with EVP_CipherInit_ex
authorRonald Jordan <ron.jordan@oracle.com>
Mon, 28 Apr 2014 14:59:28 -0700
changeset 1858 90719b88d5f8
parent 1857 807203564f54
child 1859 738bdaba65e4
17283726 memory leak with EVP_CipherInit_ex
components/openssl/openssl-1.0.1-fips-140/patches/36_evp_leak.patch
components/openssl/openssl-1.0.1/patches/36_evp_leak.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-1.0.1-fips-140/patches/36_evp_leak.patch	Mon Apr 28 14:59:28 2014 -0700
@@ -0,0 +1,146 @@
+Patch developed in-house.  Solaris-specific; not suitable for upstream.
+
+--- openssl-1.0.1f/crypto/evp/evp_enc.c.orig	Mon Feb 11 07:26:04 2013
++++ openssl-1.0.1f/crypto/evp/evp_enc.c	Mon Feb  3 16:40:48 2014
[email protected]@ -393,10 +393,14 @@
+ 		{
+ 		ret = M_do_cipher(ctx, out, NULL, 0);
+ 		if (ret < 0)
+-			return 0;
++			{
++			ret = 0;
++			goto cleanup;
++			}
+ 		else 
+ 			*outl = ret;
+-		return 1;
++		ret = 1;
++		goto cleanup;
+ 		}
+ 
+ 	b=ctx->cipher->block_size;
[email protected]@ -404,7 +408,8 @@
+ 	if (b == 1)
+ 		{
+ 		*outl=0;
+-		return 1;
++		ret = 1;
++		goto cleanup;
+ 		}
+ 	bl=ctx->buf_len;
+ 	if (ctx->flags & EVP_CIPH_NO_PADDING)
[email protected]@ -412,10 +417,12 @@
+ 		if(bl)
+ 			{
+ 			EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+-			return 0;
++			ret = 0;
++			goto cleanup;
+ 			}
+ 		*outl = 0;
+-		return 1;
++		ret = 1;
++		goto cleanup;
+ 		}
+ 
+ 	n=b-bl;
[email protected]@ -427,6 +434,12 @@
+ 	if(ret)
+ 		*outl=b;
+ 
++cleanup:
++	if (ctx->cipher->cleanup)
++		{
++		ctx->cipher->cleanup(ctx);
++		}
++
+ 	return ret;
+ 	}
+ 
[email protected]@ -500,7 +513,7 @@
+ 
+ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+ 	{
+-	int i,n;
++	int i,n,ret = 1;
+ 	unsigned int b;
+ 	*outl=0;
+ 
[email protected]@ -508,10 +521,14 @@
+ 		{
+ 		i = M_do_cipher(ctx, out, NULL, 0);
+ 		if (i < 0)
+-			return 0;
++			{
++			ret = 0;
++			goto cleanup;
++			}
+ 		else
+ 			*outl = i;
+-		return 1;
++		ret = 1;
++		goto cleanup;
+ 		}
+ 
+ 	b=ctx->cipher->block_size;
[email protected]@ -520,10 +537,12 @@
+ 		if(ctx->buf_len)
+ 			{
+ 			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+-			return 0;
++			ret = 0;
++			goto cleanup;
+ 			}
+ 		*outl = 0;
+-		return 1;
++		ret = 1;
++		goto cleanup;
+ 		}
+ 	if (b > 1)
+ 		{
[email protected]@ -530,7 +549,8 @@
+ 		if (ctx->buf_len || !ctx->final_used)
+ 			{
+ 			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
+-			return(0);
++			ret = 0;
++			goto cleanup;
+ 			}
+ 		OPENSSL_assert(b <= sizeof ctx->final);
+ 		n=ctx->final[b-1];
[email protected]@ -537,7 +557,8 @@
+ 		if (n == 0 || n > (int)b)
+ 			{
+ 			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
+-			return(0);
++			ret = 0;
++			goto cleanup;
+ 			}
+ 		for (i=0; i<n; i++)
+ 			{
[email protected]@ -544,7 +565,8 @@
+ 			if (ctx->final[--b] != n)
+ 				{
+ 				EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
+-				return(0);
++				ret = 0;
++				goto cleanup;
+ 				}
+ 			}
+ 		n=ctx->cipher->block_size-n;
[email protected]@ -554,7 +576,14 @@
+ 		}
+ 	else
+ 		*outl=0;
+-	return(1);
++
++cleanup:
++	if (ctx->cipher->cleanup)
++		{
++		ctx->cipher->cleanup(ctx);
++		}
++
++	return ret;
+ 	}
+ 
+ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-1.0.1/patches/36_evp_leak.patch	Mon Apr 28 14:59:28 2014 -0700
@@ -0,0 +1,146 @@
+Patch developed in-house.  Solaris-specific; not suitable for upstream.
+
+--- openssl-1.0.1f/crypto/evp/evp_enc.c.orig	Mon Feb 11 07:26:04 2013
++++ openssl-1.0.1f/crypto/evp/evp_enc.c	Mon Feb  3 16:40:48 2014
[email protected]@ -393,10 +393,14 @@
+ 		{
+ 		ret = M_do_cipher(ctx, out, NULL, 0);
+ 		if (ret < 0)
+-			return 0;
++			{
++			ret = 0;
++			goto cleanup;
++			}
+ 		else 
+ 			*outl = ret;
+-		return 1;
++		ret = 1;
++		goto cleanup;
+ 		}
+ 
+ 	b=ctx->cipher->block_size;
[email protected]@ -404,7 +408,8 @@
+ 	if (b == 1)
+ 		{
+ 		*outl=0;
+-		return 1;
++		ret = 1;
++		goto cleanup;
+ 		}
+ 	bl=ctx->buf_len;
+ 	if (ctx->flags & EVP_CIPH_NO_PADDING)
[email protected]@ -412,10 +417,12 @@
+ 		if(bl)
+ 			{
+ 			EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+-			return 0;
++			ret = 0;
++			goto cleanup;
+ 			}
+ 		*outl = 0;
+-		return 1;
++		ret = 1;
++		goto cleanup;
+ 		}
+ 
+ 	n=b-bl;
[email protected]@ -427,6 +434,12 @@
+ 	if(ret)
+ 		*outl=b;
+ 
++cleanup:
++	if (ctx->cipher->cleanup)
++		{
++		ctx->cipher->cleanup(ctx);
++		}
++
+ 	return ret;
+ 	}
+ 
[email protected]@ -500,7 +513,7 @@
+ 
+ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+ 	{
+-	int i,n;
++	int i,n,ret = 1;
+ 	unsigned int b;
+ 	*outl=0;
+ 
[email protected]@ -508,10 +521,14 @@
+ 		{
+ 		i = M_do_cipher(ctx, out, NULL, 0);
+ 		if (i < 0)
+-			return 0;
++			{
++			ret = 0;
++			goto cleanup;
++			}
+ 		else
+ 			*outl = i;
+-		return 1;
++		ret = 1;
++		goto cleanup;
+ 		}
+ 
+ 	b=ctx->cipher->block_size;
[email protected]@ -520,10 +537,12 @@
+ 		if(ctx->buf_len)
+ 			{
+ 			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+-			return 0;
++			ret = 0;
++			goto cleanup;
+ 			}
+ 		*outl = 0;
+-		return 1;
++		ret = 1;
++		goto cleanup;
+ 		}
+ 	if (b > 1)
+ 		{
[email protected]@ -530,7 +549,8 @@
+ 		if (ctx->buf_len || !ctx->final_used)
+ 			{
+ 			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
+-			return(0);
++			ret = 0;
++			goto cleanup;
+ 			}
+ 		OPENSSL_assert(b <= sizeof ctx->final);
+ 		n=ctx->final[b-1];
[email protected]@ -537,7 +557,8 @@
+ 		if (n == 0 || n > (int)b)
+ 			{
+ 			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
+-			return(0);
++			ret = 0;
++			goto cleanup;
+ 			}
+ 		for (i=0; i<n; i++)
+ 			{
[email protected]@ -544,7 +565,8 @@
+ 			if (ctx->final[--b] != n)
+ 				{
+ 				EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
+-				return(0);
++				ret = 0;
++				goto cleanup;
+ 				}
+ 			}
+ 		n=ctx->cipher->block_size-n;
[email protected]@ -554,7 +576,14 @@
+ 		}
+ 	else
+ 		*outl=0;
+-	return(1);
++
++cleanup:
++	if (ctx->cipher->cleanup)
++		{
++		ctx->cipher->cleanup(ctx);
++		}
++
++	return ret;
+ 	}
+ 
+ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)