commit | 367d64f84c3c1d01381c18c5a239b85eef47633c | [log] [tgz] |
---|---|---|
author | David Benjamin <davidben@google.com> | Wed Apr 15 11:16:07 2020 -0400 |
committer | CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> | Fri Apr 17 18:40:28 2020 +0000 |
tree | c4e572eabeefd2e03f0a4afc158c63e514d04447 | |
parent | 8f3019e849afe428d0e29f34294a6328c8105b83 [diff] |
Fix error-handling in EVP_BytesToKey. This only matters on malloc failure and I think, even then, EVP_DigestInit_ex will only fail the first time around the loop so it wouldn't actually leak anything. Nonetheless, that should be a goto err. Change-Id: Ieea9db387f9c16915c3a0026c6fd48036da2cfef Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/40748 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/crypto/cipher_extra/derive_key.c b/crypto/cipher_extra/derive_key.c index ff5ae06..45b4963 100644 --- a/crypto/cipher_extra/derive_key.c +++ b/crypto/cipher_extra/derive_key.c
@@ -86,7 +86,7 @@ EVP_MD_CTX_init(&c); for (;;) { if (!EVP_DigestInit_ex(&c, md, NULL)) { - return 0; + goto err; } if (addmd++) { if (!EVP_DigestUpdate(&c, md_buf, mds)) {