generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Don't free up EVP_MD_CTX.

Browse Source 
Don't free up passed EVP_MD_CTX in ASN1_item_sign_ctx(). This
simplifies handling and retains compatiblity with previous behaviour.

PR#4446

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
This commit is contained in:
Schüller Felix
2016-03-18 19:20:34 +00:00
committed by Dr. Stephen Henson
parent 769777b0a2
commit c6aca19bb5
2 changed files with 9 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
apps/req.c
View File

@@ -1523,13 +1523,9 @@ int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
EVP_MD_CTX *mctx = EVP_MD_CTX_new(); EVP_MD_CTX *mctx = EVP_MD_CTX_new();
rv = do_sign_init(mctx, pkey, md, sigopts); rv = do_sign_init(mctx, pkey, md, sigopts);
/* Note: X509_sign_ctx() calls ASN1_item_sign_ctx(), which destroys
* the EVP_MD_CTX we send it, so only destroy it here if the former
* isn't called */
if (rv > 0) if (rv > 0)
rv = X509_sign_ctx(x, mctx); rv = X509_sign_ctx(x, mctx);
else EVP_MD_CTX_free(mctx);
EVP_MD_CTX_free(mctx);
return rv > 0 ? 1 : 0; return rv > 0 ? 1 : 0;
} }
@@ -1539,13 +1535,9 @@ int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
int rv; int rv;
EVP_MD_CTX *mctx = EVP_MD_CTX_new(); EVP_MD_CTX *mctx = EVP_MD_CTX_new();
rv = do_sign_init(mctx, pkey, md, sigopts); rv = do_sign_init(mctx, pkey, md, sigopts);
/* Note: X509_REQ_sign_ctx() calls ASN1_item_sign_ctx(), which destroys
* the EVP_MD_CTX we send it, so only destroy it here if the former
* isn't called */
if (rv > 0) if (rv > 0)
rv = X509_REQ_sign_ctx(x, mctx); rv = X509_REQ_sign_ctx(x, mctx);
else EVP_MD_CTX_free(mctx);
EVP_MD_CTX_free(mctx);
return rv > 0 ? 1 : 0; return rv > 0 ? 1 : 0;
} }
@@ -1555,12 +1547,8 @@ int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
int rv; int rv;
EVP_MD_CTX *mctx = EVP_MD_CTX_new(); EVP_MD_CTX *mctx = EVP_MD_CTX_new();
rv = do_sign_init(mctx, pkey, md, sigopts); rv = do_sign_init(mctx, pkey, md, sigopts);
/* Note: X509_CRL_sign_ctx() calls ASN1_item_sign_ctx(), which destroys
* the EVP_MD_CTX we send it, so only destroy it here if the former
* isn't called */
if (rv > 0) if (rv > 0)
rv = X509_CRL_sign_ctx(x, mctx); rv = X509_CRL_sign_ctx(x, mctx);
else EVP_MD_CTX_free(mctx);
EVP_MD_CTX_free(mctx);
return rv > 0 ? 1 : 0; return rv > 0 ? 1 : 0;
} }

8
crypto/asn1/a_sign.c
View File

@@ -216,6 +216,7 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn,
EVP_PKEY *pkey, const EVP_MD *type) EVP_PKEY *pkey, const EVP_MD *type)
{ {
int rv;
EVP_MD_CTX *ctx = EVP_MD_CTX_new(); EVP_MD_CTX *ctx = EVP_MD_CTX_new();
if (ctx == NULL) { if (ctx == NULL) {
@@ -226,7 +227,11 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
EVP_MD_CTX_free(ctx); EVP_MD_CTX_free(ctx);
return 0; return 0;
} }
return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx);
rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx);
EVP_MD_CTX_free(ctx);
return rv;
} }
int ASN1_item_sign_ctx(const ASN1_ITEM *it, int ASN1_item_sign_ctx(const ASN1_ITEM *it,
@@ -318,7 +323,6 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
err: err:
EVP_MD_CTX_free(ctx);
OPENSSL_clear_free((char *)buf_in, (unsigned int)inl); OPENSSL_clear_free((char *)buf_in, (unsigned int)inl);
OPENSSL_clear_free((char *)buf_out, outll); OPENSSL_clear_free((char *)buf_out, outll);
return (outl); return (outl);