libgcrypt: fix cipher handle leaks on setkey error paths

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
author: Jussi Kivilinna <jussi.kivilinna@iki.fi> 2019-11-25 23:21:35 +0200
committer: Jussi Kivilinna <jussi.kivilinna@iki.fi> 2019-12-16 22:45:45 +0200
commit: 08f4469e21981185eaf9da5d6f84eec9e845b124 (patch)
tree: 7f75f3185eb6087c59485cfb8fa2b87f9ff9f38b /src/libgcrypt.c
parent: de4b8f88a292d2bf1491e174d4498b7a28c769ea (diff)
download: libssh-08f4469e21981185eaf9da5d6f84eec9e845b124.tar.gz
libssh-08f4469e21981185eaf9da5d6f84eec9e845b124.tar.xz
libssh-08f4469e21981185eaf9da5d6f84eec9e845b124.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/src/libgcrypt.c b/src/libgcrypt.c
index 06decc29..90eb42a3 100644
--- a/src/libgcrypt.c
+++ b/src/libgcrypt.c
@@ -302,10 +302,12 @@ static int blowfish_set_key(struct ssh_cipher_struct *cipher, void *key, void *I
       return -1;
     }
     if (gcry_cipher_setkey(cipher->key[0], key, 16)) {
+      gcry_cipher_close(cipher->key[0]);
       SAFE_FREE(cipher->key);
       return -1;
     }
     if (gcry_cipher_setiv(cipher->key[0], IV, 8)) {
+      gcry_cipher_close(cipher->key[0]);
       SAFE_FREE(cipher->key);
       return -1;
     }
@@ -359,12 +361,13 @@ static int aes_set_key(struct ssh_cipher_struct *cipher, void *key, void *IV) {
         break;
     }
     if (gcry_cipher_setkey(cipher->key[0], key, cipher->keysize / 8)) {
+      gcry_cipher_close(cipher->key[0]);
       SAFE_FREE(cipher->key);
       return -1;
     }
     if(mode == GCRY_CIPHER_MODE_CBC){
       if (gcry_cipher_setiv(cipher->key[0], IV, 16)) {
-
+        gcry_cipher_close(cipher->key[0]);
         SAFE_FREE(cipher->key);
         return -1;
       }
@@ -375,6 +378,7 @@ static int aes_set_key(struct ssh_cipher_struct *cipher, void *key, void *IV) {
       memcpy(cipher->last_iv, IV, AES_GCM_IVLEN);
     } else {
       if(gcry_cipher_setctr(cipher->key[0],IV,16)){
+        gcry_cipher_close(cipher->key[0]);
         SAFE_FREE(cipher->key);
         return -1;
       }
@@ -565,10 +569,12 @@ static int des3_set_key(struct ssh_cipher_struct *cipher, void *key, void *IV) {
       return -1;
     }
     if (gcry_cipher_setkey(cipher->key[0], key, 24)) {
+      gcry_cipher_close(cipher->key[0]);
       SAFE_FREE(cipher->key);
       return -1;
     }
     if (gcry_cipher_setiv(cipher->key[0], IV, 8)) {
+      gcry_cipher_close(cipher->key[0]);
       SAFE_FREE(cipher->key);
       return -1;
     }
author	Jussi Kivilinna <jussi.kivilinna@iki.fi>	2019-11-25 23:21:35 +0200
committer	Jussi Kivilinna <jussi.kivilinna@iki.fi>	2019-12-16 22:45:45 +0200
commit	08f4469e21981185eaf9da5d6f84eec9e845b124 (patch)
tree	7f75f3185eb6087c59485cfb8fa2b87f9ff9f38b /src/libgcrypt.c
parent	de4b8f88a292d2bf1491e174d4498b7a28c769ea (diff)
download	libssh-08f4469e21981185eaf9da5d6f84eec9e845b124.tar.gz libssh-08f4469e21981185eaf9da5d6f84eec9e845b124.tar.xz libssh-08f4469e21981185eaf9da5d6f84eec9e845b124.zip