Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
free oaep label-octet-string on error
When X509_ALGOR_set0() fails, ownership of the the ASN1 object "los" (label octet string) has not been passed on to the X509_ALGOR object "oaep->pSourceFunc", so we need to free "los" in that case. Check return value of X509_ALGOR_set0(), change the scope of "los" and ensure it is freed on failure (on success, set it to NULL so it is not freed inside the function). Fixes #22336 Testing: You can use the following script to test cms encryption with rsa-oaep: #!/bin/bash -x OSSLCMD="apps/openssl" # check we are calling the right openssl app LD_LIBRARY_PATH=. valgrind $OSSLCMD version echo "this is a confidential message." > msg.txt LD_LIBRARY_PATH=. valgrind $OSSLCMD cms -encrypt -in msg.txt \ -stream -out msg.txt.cms \ -recip test/smime-certs/smrsa1.pem \ -keyopt rsa_padding_mode:oaep \ -keyopt rsa_oaep_md:sha256 \ -keyopt rsa_oaep_label:deadbeef Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #22556) (cherry picked from commit a9a1b3d)
- Loading branch information