DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

OpenSSL: Fix memory leak with EVP_CIPHER_CTX_new()

Browse source 
Commit 1eb87ae48d ('OpenSSL: Use
EVP_CIPHER_CTX_new() to work with OpenSSL 1.1.0') started using
EVP_CIPHER_CTX_new() to allocate EVP_CIPHER_CTX from heap instead of
using stack memory. This commit used incorrect EVP_CIPHER_CTX_reset()
function in number of cases when the allocated memory was supposed to be
freed instead of just reset for reuse. Fix this by using
EVP_CIPHER_CTX_free() properly.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2016-02-16 00:30:43 +02:00 committed by Jouni Malinen
parent 99a17351c7
commit 6014890bfb
1 changed files with 8 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
src/crypto/crypto_openssl.c
View file

@ -34,12 +34,6 @@
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
/* Compatibility wrappers for older versions. */
static int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
{
return EVP_CIPHER_CTX_cleanup(ctx);
}
static HMAC_CTX * HMAC_CTX_new(void)
{
HMAC_CTX *ctx;
@ -209,7 +203,7 @@ int rc4_skip(const u8 *key, size_t keylen, size_t skip,
out:
if (ctx)
EVP_CIPHER_CTX_reset(ctx);
EVP_CIPHER_CTX_free(ctx);
return res;
#endif /* OPENSSL_NO_RC4 */
}
@ -304,7 +298,6 @@ void aes_encrypt_deinit(void *ctx)
wpa_printf(MSG_ERROR, "OpenSSL: Unexpected padding length %d "
"in AES encrypt", len);
}
EVP_CIPHER_CTX_reset(c);
EVP_CIPHER_CTX_free(c);
}
@ -357,7 +350,6 @@ void aes_decrypt_deinit(void *ctx)
wpa_printf(MSG_ERROR, "OpenSSL: Unexpected padding length %d "
"in AES decrypt", len);
}
EVP_CIPHER_CTX_reset(c);
EVP_CIPHER_CTX_free(c);
}
@ -416,7 +408,7 @@ int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
clen == (int) data_len &&
EVP_EncryptFinal_ex(ctx, buf, &len) == 1 && len == 0)
res = 0;
EVP_CIPHER_CTX_reset(ctx);
EVP_CIPHER_CTX_free(ctx);
return res;
}
@ -443,7 +435,7 @@ int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
plen == (int) data_len &&
EVP_DecryptFinal_ex(ctx, buf, &len) == 1 && len == 0)
res = 0;
EVP_CIPHER_CTX_reset(ctx);
EVP_CIPHER_CTX_free(ctx);
return res;
@ -557,7 +549,7 @@ struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
!EVP_CIPHER_CTX_set_key_length(ctx->enc, key_len) ||
!EVP_EncryptInit_ex(ctx->enc, NULL, NULL, key, iv)) {
if (ctx->enc)
EVP_CIPHER_CTX_reset(ctx->enc);
EVP_CIPHER_CTX_free(ctx->enc);
os_free(ctx);
return NULL;
}
@ -567,9 +559,9 @@ struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
!EVP_DecryptInit_ex(ctx->dec, cipher, NULL, NULL, NULL) ||
!EVP_CIPHER_CTX_set_key_length(ctx->dec, key_len) ||
!EVP_DecryptInit_ex(ctx->dec, NULL, NULL, key, iv)) {
EVP_CIPHER_CTX_reset(ctx->enc);
EVP_CIPHER_CTX_free(ctx->enc);
if (ctx->dec)
EVP_CIPHER_CTX_reset(ctx->dec);
EVP_CIPHER_CTX_free(ctx->dec);
os_free(ctx);
return NULL;
}
@ -601,8 +593,8 @@ int crypto_cipher_decrypt(struct crypto_cipher *ctx, const u8 *crypt,
void crypto_cipher_deinit(struct crypto_cipher *ctx)
{
EVP_CIPHER_CTX_reset(ctx->enc);
EVP_CIPHER_CTX_reset(ctx->dec);
EVP_CIPHER_CTX_free(ctx->enc);
EVP_CIPHER_CTX_free(ctx->dec);
os_free(ctx);
}