Merge pull request #5514 from julek-wolfssl/wolfSSL_EVP_MD_CTX_copy_ex-leak

Cleanup output object in wolfSSL_EVP_MD_CTX_copy_ex before copy
2022-08-26 11:08:17 -07:00 · 2022-08-26 11:08:17 -07:00 · e88bd66501
parent d84bfd511d 2fb3f58c03
commit e88bd66501
2 changed files with 7 additions and 0 deletions
--- a/tests/api.c
+++ b/tests/api.c
@ -33384,6 +33384,7 @@ static int test_wolfSSL_EVP_MD_rsa_signing(void)
    WOLFSSL_EVP_PKEY_CTX* keyCtx;
    const char testData[] = "Hi There";
    WOLFSSL_EVP_MD_CTX mdCtx;
+    WOLFSSL_EVP_MD_CTX mdCtxCopy;
    size_t checkSz = -1;
    int sz = 2048 / 8;
    const unsigned char* cp;
@ -33408,6 +33409,7 @@ static int test_wolfSSL_EVP_MD_rsa_signing(void)
                                               sizeof_client_keypub_der_2048)));

    wolfSSL_EVP_MD_CTX_init(&mdCtx);
+    wolfSSL_EVP_MD_CTX_init(&mdCtxCopy);
    AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
                                                             NULL, privKey), 1);
    AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
@ -33416,6 +33418,9 @@ static int test_wolfSSL_EVP_MD_rsa_signing(void)
    AssertIntEQ((int)checkSz, sz);
    AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
    AssertIntEQ((int)checkSz,sz);
+    AssertIntEQ(wolfSSL_EVP_MD_CTX_copy_ex(&mdCtxCopy, &mdCtx), 1);
+    AssertIntEQ(wolfSSL_EVP_MD_CTX_copy_ex(&mdCtxCopy, &mdCtx), 1);
+    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtxCopy), 1);
    AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);

    wolfSSL_EVP_MD_CTX_init(&mdCtx);
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@ -3551,6 +3551,7 @@ static int wolfssl_evp_digest_pk_final(WOLFSSL_EVP_MD_CTX *ctx,
    }
    else {
        WOLFSSL_EVP_MD_CTX ctxCopy;
+        wolfSSL_EVP_MD_CTX_init(&ctxCopy);

        if (wolfSSL_EVP_MD_CTX_copy_ex(&ctxCopy, ctx) != WOLFSSL_SUCCESS)
            return WOLFSSL_FAILURE;
@ -4882,6 +4883,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
    {
        if ((out == NULL) || (in == NULL)) return WOLFSSL_FAILURE;
        WOLFSSL_ENTER("EVP_CIPHER_MD_CTX_copy_ex");
+        wolfSSL_EVP_MD_CTX_cleanup(out);
        XMEMCPY(out, in, sizeof(WOLFSSL_EVP_MD_CTX));
        if (in->pctx != NULL) {
            out->pctx = wolfSSL_EVP_PKEY_CTX_new(in->pctx->pkey, NULL);