Fix memleaks in KDF implementations

Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9662)
author: Richard Levitte <levitte@openssl.org> 2019-08-30 14:35:43 +0200
committer: Pauli <paul.dale@oracle.com> 2019-09-06 19:27:57 +1000
commit: df2f8af4cb3e19fe5a1ed41582d1659aa6c4ef50 (patch)
tree: 8111943852dcb83154e684a1b3a4e6537ffe64ff /providers
parent: a941920514995b520e7666897347fdcdcb5bf358 (diff)
7 files changed, 9 insertions, 11 deletions
diff --git a/providers/common/kdfs/hkdf.c b/providers/common/kdfs/hkdf.c
index f5d0295ae3..30bda90f69 100644
--- a/providers/common/kdfs/hkdf.c
+++ b/providers/common/kdfs/hkdf.c
@@ -75,7 +75,6 @@ static void kdf_hkdf_free(void *vctx)
     KDF_HKDF *ctx = (KDF_HKDF *)vctx;
 
     kdf_hkdf_reset(ctx);
-    EVP_MD_meth_free(ctx->md);
     OPENSSL_free(ctx);
 }
 
@@ -83,6 +82,7 @@ static void kdf_hkdf_reset(void *vctx)
 {
     KDF_HKDF *ctx = (KDF_HKDF *)vctx;
 
+    EVP_MD_meth_free(ctx->md);
     OPENSSL_free(ctx->salt);
     OPENSSL_clear_free(ctx->key, ctx->key_len);
     OPENSSL_cleanse(ctx->info, ctx->info_len);
diff --git a/providers/common/kdfs/pbkdf2.c b/providers/common/kdfs/pbkdf2.c
index e0b4550d62..27bf28a89b 100644
--- a/providers/common/kdfs/pbkdf2.c
+++ b/providers/common/kdfs/pbkdf2.c
@@ -80,7 +80,6 @@ static void kdf_pbkdf2_free(void *vctx)
     KDF_PBKDF2 *ctx = (KDF_PBKDF2 *)vctx;
 
     kdf_pbkdf2_reset(ctx);
-    EVP_MD_meth_free(ctx->md);
     OPENSSL_free(ctx);
 }
 
@@ -88,6 +87,7 @@ static void kdf_pbkdf2_reset(void *vctx)
 {
     KDF_PBKDF2 *ctx = (KDF_PBKDF2 *)vctx;
 
+    EVP_MD_meth_free(ctx->md);
     OPENSSL_free(ctx->salt);
     OPENSSL_clear_free(ctx->pass, ctx->pass_len);
     memset(ctx, 0, sizeof(*ctx));
diff --git a/providers/common/kdfs/sskdf.c b/providers/common/kdfs/sskdf.c
index 61e4607bee..b8a41fbbaa 100644
--- a/providers/common/kdfs/sskdf.c
+++ b/providers/common/kdfs/sskdf.c
@@ -315,10 +315,11 @@ static void sskdf_reset(void *vctx)
 {
     KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
 
+    EVP_MD_meth_free(ctx->md);
+    EVP_MAC_free(ctx->mac);
     OPENSSL_clear_free(ctx->secret, ctx->secret_len);
     OPENSSL_clear_free(ctx->info, ctx->info_len);
     OPENSSL_clear_free(ctx->salt, ctx->salt_len);
-    EVP_MAC_free(ctx->mac);
     memset(ctx, 0, sizeof(*ctx));
 }
 
@@ -327,8 +328,6 @@ static void sskdf_free(void *vctx)
     KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
 
     sskdf_reset(ctx);
-    EVP_MD_meth_free(ctx->md);
-    EVP_MAC_free(ctx->mac);
     OPENSSL_free(ctx);
 }
 
diff --git a/providers/common/kdfs/tls1_prf.c b/providers/common/kdfs/tls1_prf.c
index 5d7e599e64..38dbaddbf0 100644
--- a/providers/common/kdfs/tls1_prf.c
+++ b/providers/common/kdfs/tls1_prf.c
@@ -104,8 +104,6 @@ static void kdf_tls1_prf_free(void *vctx)
     TLS1_PRF *ctx = (TLS1_PRF *)vctx;
 
     kdf_tls1_prf_reset(ctx);
-    EVP_MD_meth_free(ctx->sha1);
-    EVP_MD_meth_free(ctx->md);
     OPENSSL_free(ctx);
 }
 
@@ -113,6 +111,8 @@ static void kdf_tls1_prf_reset(void *vctx)
 {
     TLS1_PRF *ctx = (TLS1_PRF *)vctx;
 
+    EVP_MD_meth_free(ctx->sha1);
+    EVP_MD_meth_free(ctx->md);
     OPENSSL_clear_free(ctx->sec, ctx->seclen);
     OPENSSL_cleanse(ctx->seed, ctx->seedlen);
     memset(ctx, 0, sizeof(*ctx));
diff --git a/providers/default/kdfs/scrypt.c b/providers/default/kdfs/scrypt.c
index 57dc317d21..abb4437d70 100644
--- a/providers/default/kdfs/scrypt.c
+++ b/providers/default/kdfs/scrypt.c
@@ -74,8 +74,8 @@ static void kdf_scrypt_free(void *vctx)
 {
     KDF_SCRYPT *ctx = (KDF_SCRYPT *)vctx;
 
-    kdf_scrypt_reset(ctx);
     EVP_MD_meth_free(ctx->sha256);
+    kdf_scrypt_reset(ctx);
     OPENSSL_free(ctx);
 }
 
@@ -85,7 +85,6 @@ static void kdf_scrypt_reset(void *vctx)
 
     OPENSSL_free(ctx->salt);
     OPENSSL_clear_free(ctx->pass, ctx->pass_len);
-    memset(ctx, 0, sizeof(*ctx));
     kdf_scrypt_init(ctx);
 }
 
diff --git a/providers/default/kdfs/sshkdf.c b/providers/default/kdfs/sshkdf.c
index 529a98006c..da59aaf861 100644
--- a/providers/default/kdfs/sshkdf.c
+++ b/providers/default/kdfs/sshkdf.c
@@ -63,7 +63,6 @@ static void kdf_sshkdf_free(void *vctx)
     KDF_SSHKDF *ctx = (KDF_SSHKDF *)vctx;
 
     kdf_sshkdf_reset(ctx);
-    EVP_MD_meth_free(ctx->md);
     OPENSSL_free(ctx);
 }
 
@@ -71,6 +70,7 @@ static void kdf_sshkdf_reset(void *vctx)
 {
     KDF_SSHKDF *ctx = (KDF_SSHKDF *)vctx;
 
+    EVP_MD_meth_free(ctx->md);
     OPENSSL_clear_free(ctx->key, ctx->key_len);
     OPENSSL_clear_free(ctx->xcghash, ctx->xcghash_len);
     OPENSSL_clear_free(ctx->session_id, ctx->session_id_len);
diff --git a/providers/default/kdfs/x942kdf.c b/providers/default/kdfs/x942kdf.c
index e8a5e4cad5..af2b4a8db4 100644
--- a/providers/default/kdfs/x942kdf.c
+++ b/providers/default/kdfs/x942kdf.c
@@ -255,6 +255,7 @@ static void x942kdf_reset(void *vctx)
 {
     KDF_X942 *ctx = (KDF_X942 *)vctx;
 
+    EVP_MD_meth_free(ctx->md);
     OPENSSL_clear_free(ctx->secret, ctx->secret_len);
     OPENSSL_clear_free(ctx->ukm, ctx->ukm_len);
     memset(ctx, 0, sizeof(*ctx));
@@ -265,7 +266,6 @@ static void x942kdf_free(void *vctx)
     KDF_X942 *ctx = (KDF_X942 *)vctx;
 
     x942kdf_reset(ctx);
-    EVP_MD_meth_free(ctx->md);
     OPENSSL_free(ctx);
 }
author	Richard Levitte <levitte@openssl.org>	2019-08-30 14:35:43 +0200
committer	Pauli <paul.dale@oracle.com>	2019-09-06 19:27:57 +1000
commit	df2f8af4cb3e19fe5a1ed41582d1659aa6c4ef50 (patch)
tree	8111943852dcb83154e684a1b3a4e6537ffe64ff /providers
parent	a941920514995b520e7666897347fdcdcb5bf358 (diff)