From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Thu, 8 Aug 2024 20:42:48 +0000 (+0300)
Subject: lib-dcrypt: dcrypt_ctx_hmac_init() - Clean up properly in error code paths
X-Git-Tag: 2.4.0~1518
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cffd2fce7d754d42a6262e6dfb6696d1edfaf8a9;p=thirdparty%2Fdovecot%2Fcore.git

lib-dcrypt: dcrypt_ctx_hmac_init() - Clean up properly in error code paths
---

diff --git a/src/lib-dcrypt/dcrypt-openssl1.c b/src/lib-dcrypt/dcrypt-openssl1.c
index 36bc017a36..4291791d0f 100644
--- a/src/lib-dcrypt/dcrypt-openssl1.c
+++ b/src/lib-dcrypt/dcrypt-openssl1.c
@@ -687,6 +687,7 @@ dcrypt_openssl_ctx_hmac_init(struct dcrypt_context_hmac *ctx,
 {
 	int ec;
 
+	i_assert(ctx->ctx == NULL);
 	i_assert(ctx->md != NULL);
 #ifdef HAVE_HMAC_CTX_new
 	ctx->ctx = HMAC_CTX_new();
@@ -696,6 +697,7 @@ dcrypt_openssl_ctx_hmac_init(struct dcrypt_context_hmac *ctx,
 	ec = HMAC_Init_ex(ctx->ctx, ctx->key, ctx->klen, ctx->md, NULL);
 	if (ec != 1) {
 		HMAC_CTX_free(ctx->ctx);
+		ctx->ctx = NULL;
 		return dcrypt_openssl_error(error_r);
 	}
 	return TRUE;
diff --git a/src/lib-dcrypt/dcrypt-openssl3.c b/src/lib-dcrypt/dcrypt-openssl3.c
index 060d65fa5b..0a2359669f 100644
--- a/src/lib-dcrypt/dcrypt-openssl3.c
+++ b/src/lib-dcrypt/dcrypt-openssl3.c
@@ -623,6 +623,7 @@ dcrypt_openssl_ctx_hmac_init(struct dcrypt_context_hmac *ctx,
 {
 	int ec;
 
+	i_assert(ctx->ctx == NULL);
 	i_assert(ctx->mac != NULL);
 	const char *name = EVP_MD_get0_name(ctx->md);
 	OSSL_PARAM params[] = {
@@ -635,6 +636,7 @@ dcrypt_openssl_ctx_hmac_init(struct dcrypt_context_hmac *ctx,
 	ec = EVP_MAC_init(ctx->ctx, ctx->key, ctx->klen, params);
 	if (ec != 1) {
 		EVP_MAC_CTX_free(ctx->ctx);
+		ctx->ctx = NULL;
 		return dcrypt_openssl_error(error_r);
 	}
 	return TRUE;