Don't leak EVP_KDF_CTX on error

Found by Coverity Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/8260)
author: Matt Caswell <matt@openssl.org> 2019-02-17 17:13:08 +0100
committer: Matt Caswell <matt@openssl.org> 2019-02-18 10:44:09 +0100
commit: 4c3941c2eb22c44398bccb50dbd019530bb01c7d (patch)
tree: 5d871a31c9f6ca7ef7ee790131812cd5968695f5
parent: generated files (diff)
download: openssl-4c3941c2eb22c44398bccb50dbd019530bb01c7d.tar.xz
openssl-4c3941c2eb22c44398bccb50dbd019530bb01c7d.zip
1 files changed, 5 insertions, 4 deletions
diff --git a/crypto/evp/pbe_scrypt.c b/crypto/evp/pbe_scrypt.c
index f8ea1fab38..722402528a 100644
--- a/crypto/evp/pbe_scrypt.c
+++ b/crypto/evp/pbe_scrypt.c
@@ -41,6 +41,11 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
     int rv = 1;
     EVP_KDF_CTX *kctx;
 
+    if (r > UINT32_MAX || p > UINT32_MAX) {
+        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PARAMETER_TOO_LARGE);
+        return 0;
+    }
+
     /* Maintain existing behaviour. */
     if (pass == NULL) {
         pass = empty;
@@ -53,10 +58,6 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
     if (kctx == NULL)
         return 0;
 
-    if (r > UINT32_MAX || p > UINT32_MAX) {
-        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PARAMETER_TOO_LARGE);
-        return 0;
-    }
     if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, pass, (size_t)passlen) != 1
             || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
                             salt, (size_t)saltlen) != 1
author	Matt Caswell <matt@openssl.org>	2019-02-17 17:13:08 +0100
committer	Matt Caswell <matt@openssl.org>	2019-02-18 10:44:09 +0100
commit	4c3941c2eb22c44398bccb50dbd019530bb01c7d (patch)
tree	5d871a31c9f6ca7ef7ee790131812cd5968695f5
parent	generated files (diff)
download	openssl-4c3941c2eb22c44398bccb50dbd019530bb01c7d.tar.xz openssl-4c3941c2eb22c44398bccb50dbd019530bb01c7d.zip