Commit 4c3941c2 authored by Matt Caswell's avatar Matt Caswell
Browse files

Don't leak EVP_KDF_CTX on error 



Found by Coverity

Reviewed-by: default avatarKurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/8260)
parent 3037d0aa

crypto/evp/pbe_scrypt.c

+5 −4
Original line number Diff line number Diff line
@@ -41,6 +41,11 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, 
    int rv = 1;

    EVP_KDF_CTX *kctx;



    if (r > UINT32_MAX || p > UINT32_MAX) {

        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PARAMETER_TOO_LARGE);

        return 0;

    }



    /* Maintain existing behaviour. */

    if (pass == NULL) {

        pass = empty;
@@ -53,10 +58,6 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, 
    if (kctx == NULL)

        return 0;



    if (r > UINT32_MAX || p > UINT32_MAX) {

        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PARAMETER_TOO_LARGE);

        return 0;

    }

    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, pass, (size_t)passlen) != 1

            || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,

                            salt, (size_t)saltlen) != 1