From: Tomas Mraz Date: Mon, 10 Oct 2022 06:59:23 +0000 (+0200) Subject: eckey_priv_encode(): Call ASN1_STRING_free() only on an ASN1_STRING X-Git-Tag: openssl-3.2.0-alpha1~1945 X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=8b5424eae5577809264e73a229fcc4c384611fae eckey_priv_encode(): Call ASN1_STRING_free() only on an ASN1_STRING Also ASN1_OBJECT_free() never needs to be called on objects returned from OBJ_nid2obj(). Fixes #19138 Reviewed-by: Dmitry Belyavskiy Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19367) --- diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index e9866a4e69..290838b18c 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -42,7 +42,6 @@ static int eckey_param2type(int *pptype, void **ppval, const EC_KEY *ec_key) ASN1_OBJECT *asn1obj = OBJ_nid2obj(nid); if (asn1obj == NULL || OBJ_length(asn1obj) == 0) { - ASN1_OBJECT_free(asn1obj); ERR_raise(ERR_LIB_EC, EC_R_MISSING_OID); return 0; } @@ -92,9 +91,7 @@ static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) ptype, pval, penc, penclen)) return 1; err: - if (ptype == V_ASN1_OBJECT) - ASN1_OBJECT_free(pval); - else + if (ptype == V_ASN1_SEQUENCE) ASN1_STRING_free(pval); OPENSSL_free(penc); return 0; @@ -187,19 +184,22 @@ static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) eplen = i2d_ECPrivateKey(&ec_key, &ep); if (eplen <= 0) { ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - ASN1_STRING_free(pval); - return 0; + goto err; } if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0, ptype, pval, ep, eplen)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - ASN1_STRING_free(pval); + ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); OPENSSL_clear_free(ep, eplen); - return 0; + goto err; } return 1; + + err: + if (ptype == V_ASN1_SEQUENCE) + ASN1_STRING_free(pval); + return 0; } static int int_ec_size(const EVP_PKEY *pkey)