Don't leak EVP_KDF_CTX on error

Found by Coverity Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/8260)
2024-11-21 01:15:20 +08:00 · 2019-02-17 16:13:08 +00:00 · 2019-02-17 16:13:08 +00:00 · 4c3941c2eb
commit 4c3941c2eb
parent 3037d0aadf
1 changed files with 5 additions and 4 deletions
--- a/crypto/evp/pbe_scrypt.c
+++ b/crypto/evp/pbe_scrypt.c
@ -41,6 +41,11 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
    int rv = 1;
    EVP_KDF_CTX *kctx;

+    if (r > UINT32_MAX || p > UINT32_MAX) {
+        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PARAMETER_TOO_LARGE);
+        return 0;
+    }
+
    /* Maintain existing behaviour. */
    if (pass == NULL) {
        pass = empty;
@ -53,10 +58,6 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
    if (kctx == NULL)
        return 0;

-    if (r > UINT32_MAX || p > UINT32_MAX) {
-        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PARAMETER_TOO_LARGE);
-        return 0;
-    }
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, pass, (size_t)passlen) != 1
            || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
                            salt, (size_t)saltlen) != 1