Fix potential memory leak in OSSL_HPKE_CTX_new()

ctx->propq is a duplicated string, but the error code does not free
the duplicated string's memory. If e.g. EVP_CIPHER_fetch() fails then
we can leak the string's memory.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25812)

(cherry picked from commit 8ff6edb9da6199b130bfb50bc27b2e58cc815932)

diff --git a/crypto/hpke/hpke.c b/crypto/hpke/hpke.c
index a53488d9ec4085425f7e882e8c8a89db79cf18d2..8fd40bb611738fb4ae4b543049ac81c9050f7d40 100644 (file)
--- a/crypto/hpke/hpke.c
+++ b/crypto/hpke/hpke.c
@@ -842,6 +842,7 @@ OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role,
 
  err:
     EVP_CIPHER_free(ctx->aead_ciph);
+    OPENSSL_free(ctx->propq);
     OPENSSL_free(ctx);
     return NULL;
 }