pkcs12: fix PKCS12_set_pbmac1_pbkdf2 error-path leaks

author Weidong Wang <kenazcharisma@gmail.com>

Tue, 10 Mar 2026 16:07:58 +0000 (11:07 -0500)

committer Tomas Mraz <tomas@openssl.foundation>

Mon, 16 Mar 2026 11:12:24 +0000 (12:12 +0100)
author Weidong Wang <kenazcharisma@gmail.com>
Tue, 10 Mar 2026 16:07:58 +0000 (11:07 -0500)
committer Tomas Mraz <tomas@openssl.foundation>
Mon, 16 Mar 2026 11:12:24 +0000 (12:12 +0100)
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c

index c98f890bc184b68adf05c36e0f0ad54b758da246..1e367902edae465b8a644e514b32e44d0a0102de 100644 (file)
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -529,6 +529,8 @@ int PKCS12_set_pbmac1_pbkdf2(PKCS12 *p12, const char *pass, int passlen,
      X509_ALGOR_free(param->messageAuthScheme);
      param->keyDerivationFunc = alg;
      param->messageAuthScheme = hmac_alg;
+    alg = NULL;
+    hmac_alg = NULL;
  
      X509_SIG_getm(p12->mac->dinfo, &macalg, &macoct);
      if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBMAC1PARAM), param, &macalg->parameter))
@@ -550,6 +552,8 @@ int PKCS12_set_pbmac1_pbkdf2(PKCS12 *p12, const char *pass, int passlen,
      ret = 1;
  
  err:
+    X509_ALGOR_free(alg);
+    X509_ALGOR_free(hmac_alg);
      PBMAC1PARAM_free(param);
      OPENSSL_free(known_salt);
      return ret;
diff --git a/test/pkcs12_api_test.c b/test/pkcs12_api_test.c

index ff32e65b6aa0a6ed3b51644ae811c5b62d3d7f3d..8bb998b9e25357c8f8d6713a92900a4aba45c674 100644 (file)
--- a/test/pkcs12_api_test.c
+++ b/test/pkcs12_api_test.c
@@ -280,6 +280,35 @@ err:
      return ret;
  }
  
+static int test_PKCS12_set_pbmac1_pbkdf2_invalid_saltlen(void)
+{
+    int ret = 0;
+    unsigned char salt[8] = { 0 };
+    EVP_PKEY *key = NULL;
+    X509 *cert = NULL;
+    STACK_OF(X509) *ca = NULL;
+    PKCS12 *p12 = NULL;
+
+    if (!TEST_ptr(p12 = PKCS12_load(in_file)))
+        return 0;
+    if (!TEST_true(PKCS12_parse(p12, in_pass, &key, &cert, &ca)))
+        goto err;
+    PKCS12_free(p12);
+
+    if (!TEST_ptr(p12 = PKCS12_create_ex2("pass", NULL, key, cert, ca,
+                      NID_undef, NID_undef, 0, -1, 0,
+                      testctx, NULL, NULL, NULL)))
+        goto err;
+    ret = TEST_false(PKCS12_set_pbmac1_pbkdf2(p12, "pass", -1,
+        salt, -1, 0, NULL, NULL));
+err:
+    PKCS12_free(p12);
+    EVP_PKEY_free(key);
+    X509_free(cert);
+    OSSL_STACK_OF_X509_free(ca);
+    return ret;
+}
+
  int setup_tests(void)
  {
      OPTION_CHOICE o;
@@ -320,6 +349,7 @@ int setup_tests(void)
      ADD_TEST(pkcs12_parse_test);
      ADD_ALL_TESTS(pkcs12_create_ex2_test, 3);
      ADD_TEST(test_PKCS12_set_pbmac1_pbkdf2_saltlen_zero);
+    ADD_TEST(test_PKCS12_set_pbmac1_pbkdf2_invalid_saltlen);
      return 1;
  }
author	Weidong Wang <kenazcharisma@gmail.com>
	Tue, 10 Mar 2026 16:07:58 +0000 (11:07 -0500)
committer	Tomas Mraz <tomas@openssl.foundation>
	Mon, 16 Mar 2026 11:12:24 +0000 (12:12 +0100)
crypto/pkcs12/p12_mutl.c		patch \| blob \| blame \| history
test/pkcs12_api_test.c		patch \| blob \| blame \| history