File _service:tar_scm:backport-Fix-a-possible-memlea... of Package compat-openssl11

File _service:tar_scm:backport-Fix-a-possible-memleak-in-eckey_priv_encode.patch of Package compat-openssl11

From 7c51c0e56a0f21912f4504c7a06c21eb4bc43c85 Mon Sep 17 00:00:00 2001
From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Thu, 7 Sep 2023 17:38:50 +0200
Subject: [PATCH] Fix a possible memleak in eckey_priv_encode

Additionally use OPENSSL_clear_free on the private
key data in case of error.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22007)
---
 crypto/ec/ec_ameth.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index 5098bd7a66..c48b7cb754 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -38,7 +38,6 @@ static int eckey_param2type(int *pptype, void **ppval, const EC_KEY *ec_key)
         ASN1_OBJECT *asn1obj = OBJ_nid2obj(nid);
 
         if (asn1obj == NULL || OBJ_length(asn1obj) == 0) {
-            ASN1_OBJECT_free(asn1obj);
             ECerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_OID);
             return 0;
         }
@@ -98,9 +97,7 @@ static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
                                ptype, pval, penc, penclen))
         return 1;
  err:
-    if (ptype == V_ASN1_OBJECT)
-        ASN1_OBJECT_free(pval);
-    else
+    if (ptype == V_ASN1_SEQUENCE)
         ASN1_STRING_free(pval);
     OPENSSL_free(penc);
     return 0;
@@ -256,24 +253,32 @@ static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
 
     eplen = i2d_ECPrivateKey(&ec_key, NULL);
     if (!eplen) {
+        if (ptype == V_ASN1_SEQUENCE)
+            ASN1_STRING_free(pval);
         ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
         return 0;
     }
     ep = OPENSSL_malloc(eplen);
     if (ep == NULL) {
+        if (ptype == V_ASN1_SEQUENCE)
+            ASN1_STRING_free(pval);
         ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
         return 0;
     }
     p = ep;
     if (!i2d_ECPrivateKey(&ec_key, &p)) {
-        OPENSSL_free(ep);
+        OPENSSL_clear_free(ep, eplen);
+        if (ptype == V_ASN1_SEQUENCE)
+            ASN1_STRING_free(pval);
         ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
         return 0;
     }
 
     if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0,
                          ptype, pval, ep, eplen)) {
-        OPENSSL_free(ep);
+        OPENSSL_clear_free(ep, eplen);
+        if (ptype == V_ASN1_SEQUENCE)
+            ASN1_STRING_free(pval);
         return 0;
     }
 
-- 
2.33.0