[openssl] fix small memory leak in FIPS aes selftest

Fri Sep 20 14:05:04 UTC 2013

commit 372f3ac99746824f0a3ce6aa46dffe4759ea75af
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date:   Fri Sep 20 16:04:50 2013 +0200

    fix small memory leak in FIPS aes selftest

 openssl-1.0.1e-fips.patch |   16 ++++++++--------
 openssl.spec              |    5 ++++-
 2 files changed, 12 insertions(+), 9 deletions(-)
---

diff --git a/openssl-1.0.1e-fips.patch b/openssl-1.0.1e-fips.patch
index 3e2ff42..42e4558 100644
--- a/openssl-1.0.1e-fips.patch
+++ b/openssl-1.0.1e-fips.patch
@@ -8392,7 +8392,7 @@ diff -up openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1e/cryp
 +	EVP_CIPHER_CTX ctx;
 +	EVP_CIPHER_CTX_init(&ctx);
 +	memset(out, 0, sizeof(out));
-+	if (!EVP_CipherInit(&ctx, EVP_aes_192_ccm(), NULL, NULL, 1))
++	if (!EVP_CipherInit_ex(&ctx, EVP_aes_192_ccm(),NULL, NULL, NULL, 1))
 +		goto err;
 +	if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
 +					sizeof(ccm_nonce), NULL))
@@ -8400,7 +8400,7 @@ diff -up openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1e/cryp
 +	if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG,
 +					sizeof(ccm_tag), NULL))
 +		goto err;
-+	if (!EVP_CipherInit(&ctx, NULL, ccm_key, ccm_nonce, 1))
++	if (!EVP_CipherInit_ex(&ctx, NULL, NULL, ccm_key, ccm_nonce, 1))
 +		goto err;
 +	if (EVP_Cipher(&ctx, NULL, NULL, sizeof(ccm_pt)) != sizeof(ccm_pt))
 +		goto err;
@@ -8417,14 +8417,14 @@ diff -up openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1e/cryp
 +
 +	memset(out, 0, sizeof(out));
 +
-+	if (!EVP_CipherInit(&ctx, EVP_aes_192_ccm(), NULL, NULL, 0))
++	if (!EVP_CipherInit_ex(&ctx, EVP_aes_192_ccm(), NULL, NULL, NULL, 0))
 +		goto err;
 +	if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
 +					sizeof(ccm_nonce), NULL))
 +		goto err;
 +	if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, 16, tag))
 +		goto err;
-+	if (!EVP_CipherInit(&ctx, NULL, ccm_key, ccm_nonce, 0))
++	if (!EVP_CipherInit_ex(&ctx, NULL, NULL, ccm_key, ccm_nonce, 0))
 +		goto err;
 +	if (EVP_Cipher(&ctx, NULL, NULL, sizeof(ccm_ct)) != sizeof(ccm_ct))
 +		goto err;
@@ -8486,12 +8486,12 @@ diff -up openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1e/cryp
 +	EVP_CIPHER_CTX_init(&ctx);
 +	memset(out, 0, sizeof(out));
 +	memset(tag, 0, sizeof(tag));
-+	if (!EVP_CipherInit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1))
++	if (!EVP_CipherInit_ex(&ctx, EVP_aes_256_gcm(), NULL, NULL, NULL, 1))
 +		goto err;
 +	if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
 +					sizeof(gcm_iv), NULL))
 +		goto err;
-+	if (!EVP_CipherInit(&ctx, NULL, gcm_key, gcm_iv, 1))
++	if (!EVP_CipherInit_ex(&ctx, NULL, NULL, gcm_key, gcm_iv, 1))
 +		goto err;
 +	if (EVP_Cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
 +		goto err;
@@ -8508,14 +8508,14 @@ diff -up openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1e/cryp
 +
 +	memset(out, 0, sizeof(out));
 +
-+	if (!EVP_CipherInit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 0))
++	if (!EVP_CipherInit_ex(&ctx, EVP_aes_256_gcm(), NULL, NULL, NULL, 0))
 +		goto err;
 +	if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
 +					sizeof(gcm_iv), NULL))
 +		goto err;
 +	if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
 +		goto err;
-+	if (!EVP_CipherInit(&ctx, NULL, gcm_key, gcm_iv, 0))
++	if (!EVP_CipherInit_ex(&ctx, NULL, NULL, gcm_key, gcm_iv, 0))
 +		goto err;
 +	if (EVP_Cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
 +		goto err;
diff --git a/openssl.spec b/openssl.spec
index 333e788..122e00d 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,7 +21,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.1e
-Release: 23%{?dist}
+Release: 24%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -473,6 +473,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 prelink -u %{_libdir}/libcrypto.so.%{version} %{_libdir}/libssl.so.%{version} 2>/dev/null || :
 
 %changelog
+* Fri Sep 20 2013 Tomáš Mráz <tmraz at redhat.com> 1.0.1e-24
+- fix small memory leak in FIPS aes selftest
+
 * Thu Sep 19 2013 Tomáš Mráz <tmraz at redhat.com> 1.0.1e-23
 - fix segfault in openssl speed hmac in the FIPS mode
 
