From patchwork Tue Mar 5 14:20:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chien Wong X-Patchwork-Id: 1908281 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=OaAK1q/O; dkim=fail reason="signature verification failed" (1024-bit key; secure) header.d=xv97.com header.i=m@xv97.com header.a=rsa-sha256 header.s=zmail header.b=C0ozOx+N; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TpyS470ywz23cb for ; Wed, 6 Mar 2024 01:21:56 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:To:From:Reply-To:Cc:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=UK5H+5N63WNsiJY3sedeWDi8cmye98Qg3u6uGb20MOk=; b=OaAK1q/OBz5E79 6+xDQJUSV5D7UwPuOqFxAkdNo8HF9pHWxc5WK2/6R6bBreM2HgdQ76/iQtkgIxPeseCG0X4sEw30S s1Ic38DazGlnTbc6iBWIozsVlwYzlvODBfmc++CJmQ/r14T6KHD0g5CbyevBvhV9oNDJKd/cm7d+1 04jg3QOe9ptBLnx780tP2JDDOFDp7V51Q/8q3MV176OAMa+0Jyn+xPtV8B6BmRALCPh6AoJE/2lHC YyJLQT2hUYdIMRLdGMznpL7PL/1HxkTktRPdOoU9TgnroPMAizE2s1zQw23CRaIzC8u5h5/gtPYT7 YzjJOL218hGO70IogEgw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1rhVfI-0000000E0Hz-1PDl; Tue, 05 Mar 2024 14:21:08 +0000 Received: from sender4-op-o15.zoho.com ([136.143.188.15]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1rhVf7-0000000E0Dh-40pK for hostap@lists.infradead.org; Tue, 05 Mar 2024 14:21:05 +0000 ARC-Seal: i=1; a=rsa-sha256; t=1709648450; cv=none; d=zohomail.com; s=zohoarc; b=BoFL47iOU4F9U98gcmXXPMHV1GoFc1QjhRt9tT6PudN9GYAanPdWV+PW1+HwYltWSwfS5qAzxghJli5+JpucIRLcrg1h4oLuORDKbKoEA4vbE6hHHlx2P08W2qQ7gGiaT3xSP7RREWk/Vn7587aiiBZrmj1eq89ucvlCiXhci3Q= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1709648450; h=Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To:Cc; bh=oEC7iWu0qjcofIfvJbUQX43aQVCi6Jzd6D5cx4hqhlc=; b=iqv7CfGGyzCCGPhgfoeKOFrc87REoFjqYzHStisky+neyITHC1w/3mqhg9cV+DVOx4uQKF2xd69R8ADxH8O00AV1BIOivNDyTVCE1cI2XTkKrCvbZmYfKjJZYIDSaebgL0647UUqoDj5wfkX0pkojYWQVK4P6t0Olv+xpij2A4E= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=xv97.com; spf=pass smtp.mailfrom=m@xv97.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1709648450; s=zmail; d=xv97.com; i=m@xv97.com; h=From:From:To:To:Subject:Subject:Date:Date:Message-ID:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Message-Id:Reply-To:Cc; bh=oEC7iWu0qjcofIfvJbUQX43aQVCi6Jzd6D5cx4hqhlc=; b=C0ozOx+N6nDJSaCFAoymU3i7XThxvaF1ZaiZH8gT/JLDUr0Pyri9v5bH5/PcP0Ib 17LJOq+aTB+zby7hy0fiXJkdqlZ3f2+8NIFyOiUjF60DgQa3zNZCcN800BcV9LvBCqO 8Oe0cp35CK2B8/ocMpbJ+BLLJyBhECQi5FFXdpiA= Received: from archwd500.lan (64.120.121.206 [64.120.121.206]) by mx.zohomail.com with SMTPS id 1709648449314489.99744055457245; Tue, 5 Mar 2024 06:20:49 -0800 (PST) From: Chien Wong To: hostap@lists.infradead.org Subject: [PATCH 2/2] OpenSSL: Fix a memory leak on hpke_labeled_expand() error path Date: Tue, 5 Mar 2024 22:20:41 +0800 Message-ID: <20240305142041.542353-2-m@xv97.com> In-Reply-To: <20240305142041.542353-1-m@xv97.com> References: <20240305142041.542353-1-m@xv97.com> MIME-Version: 1.0 X-ZohoMailClient: External X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240305_062058_109431_46F2D9DD X-CRM114-Status: UNSURE ( 9.05 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Fixes: 786ea402bc5f ("HPKE base mode with single-shot API") Signed-off-by: Chien Wong --- src/crypto/crypto_openssl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c index 315c3feac..07455d91f 100644 --- a/src/crypto/crypto_openssl.c +++ b/src/crypto/crypto_openssl.c @@ -4881,7 +4881,7 @@ hpke_ [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 ARC_VALID Message has a valid ARC signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.0 ARC_SIGNED Message has a ARC signature -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 RCVD_IN_MSPIKE_H4 RBL: Very Good reputation (+4) [136.143.188.15 listed in wl.mailspike.net] 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders -0.0 T_SCC_BODY_TEXT_LINE No description available. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [136.143.188.15 listed in list.dnswl.org] X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Fixes: 786ea402bc5f ("HPKE base mode with single-shot API") Signed-off-by: Chien Wong --- src/crypto/crypto_openssl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c index 315c3feac..07455d91f 100644 --- a/src/crypto/crypto_openssl.c +++ b/src/crypto/crypto_openssl.c @@ -4881,7 +4881,7 @@ hpke_labeled_expand(struct hpke_context *ctx, bool kem, const u8 *prk, #if OPENSSL_VERSION_NUMBER >= 0x30000000L hmac = EVP_MAC_fetch(NULL, "HMAC", NULL); if (!hmac) - return -1; + goto fail; params[0] = OSSL_PARAM_construct_utf8_string( "digest", @@ -4890,7 +4890,7 @@ hpke_labeled_expand(struct hpke_context *ctx, bool kem, const u8 *prk, #else /* OpenSSL version >= 3.0 */ hctx = HMAC_CTX_new(); if (!hctx) - return -1; + goto fail; #endif /* OpenSSL version >= 3.0 */ while (left > 0) { @@ -4899,7 +4899,7 @@ hpke_labeled_expand(struct hpke_context *ctx, bool kem, const u8 *prk, EVP_MAC_CTX_free(hctx); hctx = EVP_MAC_CTX_new(hmac); if (!hctx) - return -1; + goto fail; if (EVP_MAC_init(hctx, prk, mdlen, params) != 1) goto fail;