PKCS8_pkey_set0 doesn't take ownership on error.
It carefully NULLs all references to the buffer, so the failure cases
still need to call OPENSSL_free.
Change-Id: Ia14341ecea81296f94e467325ab6eff1362e987e
Reviewed-on: https://boringssl-review.googlesource.com/5271
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/evp/p_ec_asn1.c b/crypto/evp/p_ec_asn1.c
index 75f4d8d..e08f192 100644
--- a/crypto/evp/p_ec_asn1.c
+++ b/crypto/evp/p_ec_asn1.c
@@ -325,6 +325,7 @@
if (!PKCS8_pkey_set0(p8, (ASN1_OBJECT *)OBJ_nid2obj(NID_X9_62_id_ecPublicKey),
0, ptype, pval, ep, eplen)) {
+ OPENSSL_free(ep);
return 0;
}
diff --git a/crypto/evp/p_rsa_asn1.c b/crypto/evp/p_rsa_asn1.c
index a6f5b22..a966af5 100644
--- a/crypto/evp/p_rsa_asn1.c
+++ b/crypto/evp/p_rsa_asn1.c
@@ -122,6 +122,7 @@
/* TODO(fork): const correctness in next line. */
if (!PKCS8_pkey_set0(p8, (ASN1_OBJECT *)OBJ_nid2obj(NID_rsaEncryption), 0,
V_ASN1_NULL, NULL, rk, rklen)) {
+ OPENSSL_free(rk);
OPENSSL_PUT_ERROR(EVP, rsa_priv_encode, ERR_R_MALLOC_FAILURE);
return 0;
}