crypto/pkcs12/p12_mutl.c: Add check and EVP_MD_free() for EVP_MD_fetch()

Add check and EVP_MD_free() for EVP_MD_fetch() to avoid NULL pointer
dereference and memory leak, like "md_fetch".

Fixes: fe79159be0 ("Implementation of the RFC 9579, PBMAC1 in PKCS#12")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25370)

diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index 62a06357c68826ea3fc13091433672036b56bda3..db2b6da61645e304816b20c307d6ebabad3f2c2e 100644 (file)
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -236,6 +236,8 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
             if (OBJ_obj2txt(hmac_md_name, sizeof(hmac_md_name), OBJ_nid2obj(pbmac1_kdf_nid), 0) < 0)
                 goto err;
             hmac_md = EVP_MD_fetch(NULL, hmac_md_name, NULL);
+            if (hmac_md == NULL)
+                goto err;
             fetched = 1;
         }
         if (pkcs12_key_gen != NULL) {
@@ -249,6 +251,8 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
                 goto err;
             }
         } else {
+            if (fetched)
+                EVP_MD_free(hmac_md);
             /* Default to UTF-8 password */
             if (!PKCS12_key_gen_utf8_ex(pass, passlen, salt, saltlen, PKCS12_MAC_ID,
                                         iter, keylen, key, md,