From f60b3c5fdcf75fc3e9a257c2f67867ffae63006b Mon Sep 17 00:00:00 2001
From: Jiasheng Jiang <jiashengjiangcool@outlook.com>
Date: Tue, 3 Sep 2024 19:18:47 +0000
Subject: [PATCH] crypto/pkcs12/p12_mutl.c: Add check and EVP_MD_free() for
 EVP_MD_fetch()

Add check and EVP_MD_free() for EVP_MD_fetch() to avoid NULL pointer
dereference and memory leak, like "md_fetch".

Fixes: fe79159be0 ("Implementation of the RFC 9579, PBMAC1 in PKCS#12")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25370)
---
 crypto/pkcs12/p12_mutl.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index 62a06357c6..db2b6da616 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -236,6 +236,8 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
             if (OBJ_obj2txt(hmac_md_name, sizeof(hmac_md_name), OBJ_nid2obj(pbmac1_kdf_nid), 0) < 0)
                 goto err;
             hmac_md = EVP_MD_fetch(NULL, hmac_md_name, NULL);
+            if (hmac_md == NULL)
+                goto err;
             fetched = 1;
         }
         if (pkcs12_key_gen != NULL) {
@@ -249,6 +251,8 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
                 goto err;
             }
         } else {
+            if (fetched)
+                EVP_MD_free(hmac_md);
             /* Default to UTF-8 password */
             if (!PKCS12_key_gen_utf8_ex(pass, passlen, salt, saltlen, PKCS12_MAC_ID,
                                         iter, keylen, key, md,