kmac_prov.c.in: avoid resource leak on kmac_new_decoder fail in kmac_fetch_new

esyr · nhorman · commit 3ae8755aa22a · 2025-09-12T13:35:32.000-04:00
kctx was not freed in a case of kmac_new_decoder failure; consolidate all the error paths under the "err:" label and jump to it on kmac_new_decoder() returning 0. Fixes: d5efc85 "kmac: avoid using ossl_prov_digest_load_from_params()" Resolves: openssl/project#1419 Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1453634 Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from #28516)
diff --git a/providers/implementations/macs/kmac_prov.c.in b/providers/implementations/macs/kmac_prov.c.in
@@ -203,21 +203,23 @@ static void *kmac_fetch_new(void *provctx, const OSSL_PARAM *params)
     struct kmac_new_st p;
     int md_size;
 
-    if (kctx == NULL || !kmac_new_decoder(params, &p))
+    if (kctx == NULL)
         return 0;
+    if (!kmac_new_decoder(params, &p))
+        goto err;
     if (!ossl_prov_digest_load(&kctx->digest, p.digest, p.propq, p.engine,
-                               PROV_LIBCTX_OF(provctx))) {
-        kmac_free(kctx);
-        return 0;
-    }
+                               PROV_LIBCTX_OF(provctx)))
+        goto err;
 
     md_size = EVP_MD_get_size(ossl_prov_digest_md(&kctx->digest));
-    if (md_size <= 0) {
-        kmac_free(kctx);
-        return 0;
-    }
+    if (md_size <= 0)
+        goto err;
     kctx->out_len = (size_t)md_size;
     return kctx;
+
+err:
+    kmac_free(kctx);
+    return NULL;
 }
 
 static void *kmac128_new(void *provctx)
