From: Eugene Syromiatnikov Date: Wed, 10 Sep 2025 23:34:12 +0000 (+0200) Subject: kmac_prov.c.in: avoid resource leak on kmac_new_decoder fail in kmac_fetch_new X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3ae8755aa22a7b704d78453e3467f7355eb9c538;p=thirdparty%2Fopenssl.git kmac_prov.c.in: avoid resource leak on kmac_new_decoder fail in kmac_fetch_new kctx was not freed in a case of kmac_new_decoder failure; consolidate all the error paths under the "err:" label and jump to it on kmac_new_decoder() returning 0. Fixes: d5efc853796b "kmac: avoid using ossl_prov_digest_load_from_params()" Resolves: https://github.com/openssl/project/issues/1419 Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1453634 Signed-off-by: Eugene Syromiatnikov Reviewed-by: Saša Nedvědický Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale Reviewed-by: Tom Cosgrove Reviewed-by: Neil Horman (Merged from https://github.com/openssl/openssl/pull/28516) --- diff --git a/providers/implementations/macs/kmac_prov.c.in b/providers/implementations/macs/kmac_prov.c.in index a1cf8ea2bb8..6046d2ddcc7 100644 --- a/providers/implementations/macs/kmac_prov.c.in +++ b/providers/implementations/macs/kmac_prov.c.in @@ -203,21 +203,23 @@ static void *kmac_fetch_new(void *provctx, const OSSL_PARAM *params) struct kmac_new_st p; int md_size; - if (kctx == NULL || !kmac_new_decoder(params, &p)) + if (kctx == NULL) return 0; + if (!kmac_new_decoder(params, &p)) + goto err; if (!ossl_prov_digest_load(&kctx->digest, p.digest, p.propq, p.engine, - PROV_LIBCTX_OF(provctx))) { - kmac_free(kctx); - return 0; - } + PROV_LIBCTX_OF(provctx))) + goto err; md_size = EVP_MD_get_size(ossl_prov_digest_md(&kctx->digest)); - if (md_size <= 0) { - kmac_free(kctx); - return 0; - } + if (md_size <= 0) + goto err; kctx->out_len = (size_t)md_size; return kctx; + +err: + kmac_free(kctx); + return NULL; } static void *kmac128_new(void *provctx)