fix small memory leak in FIPS aes selftest

2013-09-20 16:04:50 +02:00 · 2013-09-20 16:04:50 +02:00 · 372f3ac997
commit 372f3ac997
parent 8c28623e94
2 changed files with 12 additions and 9 deletions
--- a/openssl-1.0.1e-fips.patch
+++ b/openssl-1.0.1e-fips.patch
@ -8392,7 +8392,7 @@ diff -up openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1e/cryp
 +	EVP_CIPHER_CTX ctx;
 +	EVP_CIPHER_CTX_init(&ctx);
 +	memset(out, 0, sizeof(out));
-+	if (!EVP_CipherInit(&ctx, EVP_aes_192_ccm(), NULL, NULL, 1))
+	if (!EVP_CipherInit_ex(&ctx, EVP_aes_192_ccm(),NULL, NULL, NULL, 1))
 +		goto err;
 +	if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
 +					sizeof(ccm_nonce), NULL))
@ -8400,7 +8400,7 @@ diff -up openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1e/cryp
 +	if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG,
 +					sizeof(ccm_tag), NULL))
 +		goto err;
-+	if (!EVP_CipherInit(&ctx, NULL, ccm_key, ccm_nonce, 1))
+	if (!EVP_CipherInit_ex(&ctx, NULL, NULL, ccm_key, ccm_nonce, 1))
 +		goto err;
 +	if (EVP_Cipher(&ctx, NULL, NULL, sizeof(ccm_pt)) != sizeof(ccm_pt))
 +		goto err;
@ -8417,14 +8417,14 @@ diff -up openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1e/cryp
 +
 +	memset(out, 0, sizeof(out));
 +
-+	if (!EVP_CipherInit(&ctx, EVP_aes_192_ccm(), NULL, NULL, 0))
+	if (!EVP_CipherInit_ex(&ctx, EVP_aes_192_ccm(), NULL, NULL, NULL, 0))
 +		goto err;
 +	if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
 +					sizeof(ccm_nonce), NULL))
 +		goto err;
 +	if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, 16, tag))
 +		goto err;
-+	if (!EVP_CipherInit(&ctx, NULL, ccm_key, ccm_nonce, 0))
+	if (!EVP_CipherInit_ex(&ctx, NULL, NULL, ccm_key, ccm_nonce, 0))
 +		goto err;
 +	if (EVP_Cipher(&ctx, NULL, NULL, sizeof(ccm_ct)) != sizeof(ccm_ct))
 +		goto err;
@ -8486,12 +8486,12 @@ diff -up openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1e/cryp
 +	EVP_CIPHER_CTX_init(&ctx);
 +	memset(out, 0, sizeof(out));
 +	memset(tag, 0, sizeof(tag));
-+	if (!EVP_CipherInit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1))
+	if (!EVP_CipherInit_ex(&ctx, EVP_aes_256_gcm(), NULL, NULL, NULL, 1))
 +		goto err;
 +	if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
 +					sizeof(gcm_iv), NULL))
 +		goto err;
-+	if (!EVP_CipherInit(&ctx, NULL, gcm_key, gcm_iv, 1))
+	if (!EVP_CipherInit_ex(&ctx, NULL, NULL, gcm_key, gcm_iv, 1))
 +		goto err;
 +	if (EVP_Cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
 +		goto err;
@ -8508,14 +8508,14 @@ diff -up openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1e/cryp
 +
 +	memset(out, 0, sizeof(out));
 +
-+	if (!EVP_CipherInit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 0))
+	if (!EVP_CipherInit_ex(&ctx, EVP_aes_256_gcm(), NULL, NULL, NULL, 0))
 +		goto err;
 +	if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
 +					sizeof(gcm_iv), NULL))
 +		goto err;
 +	if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
 +		goto err;
-+	if (!EVP_CipherInit(&ctx, NULL, gcm_key, gcm_iv, 0))
+	if (!EVP_CipherInit_ex(&ctx, NULL, NULL, gcm_key, gcm_iv, 0))
 +		goto err;
 +	if (EVP_Cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
 +		goto err;
--- a/openssl.spec
+++ b/openssl.spec
@ -21,7 +21,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.1e
-Release: 23%{?dist}
+Release: 24%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@ -473,6 +473,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 prelink -u %{_libdir}/libcrypto.so.%{version} %{_libdir}/libssl.so.%{version} 2>/dev/null || :

 %changelog
+* Fri Sep 20 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-24
+- fix small memory leak in FIPS aes selftest
+
 * Thu Sep 19 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-23
 - fix segfault in openssl speed hmac in the FIPS mode