2
0
mirror of https://github.com/openssl/openssl.git synced 2024-12-15 06:01:37 +08:00

crypto/pkcs12/p12_mutl.c: Add check and EVP_MD_free() for EVP_MD_fetch()

Add check and EVP_MD_free() for EVP_MD_fetch() to avoid NULL pointer
dereference and memory leak, like "md_fetch".

Fixes: fe79159be0 ("Implementation of the RFC 9579, PBMAC1 in PKCS#12")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25370)
This commit is contained in:
Jiasheng Jiang 2024-09-03 19:18:47 +00:00 committed by Tomas Mraz
parent 8439337036
commit f60b3c5fdc

View File

@ -236,6 +236,8 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
if (OBJ_obj2txt(hmac_md_name, sizeof(hmac_md_name), OBJ_nid2obj(pbmac1_kdf_nid), 0) < 0)
goto err;
hmac_md = EVP_MD_fetch(NULL, hmac_md_name, NULL);
if (hmac_md == NULL)
goto err;
fetched = 1;
}
if (pkcs12_key_gen != NULL) {
@ -249,6 +251,8 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
goto err;
}
} else {
if (fetched)
EVP_MD_free(hmac_md);
/* Default to UTF-8 password */
if (!PKCS12_key_gen_utf8_ex(pass, passlen, salt, saltlen, PKCS12_MAC_ID,
iter, keylen, key, md,