Fix memory leaks: uninstantiate DRBG during health checks. Cleanup md_ctx

when performing ECDSA selftest.
author: Dr. Stephen Henson <steve@openssl.org> 2011-04-12 14:28:06 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-04-12 14:28:06 +0000
commit: 49cb5e0b408d24fbd2fe197a18be64068cac1277 (patch)
tree: e134e4b7ff1fe0e45b08931c66e6c8d181c53e7a
parent: e2abfd58cce279d6c986f0fee2b827e7ec243a81 (diff)
download: openssl-49cb5e0b408d24fbd2fe197a18be64068cac1277.tar.gz
4 files changed, 19 insertions, 0 deletions
diff --git a/crypto/fips_err.h b/crypto/fips_err.h
index 9c235080ac..9a824c7306 100644
--- a/crypto/fips_err.h
+++ b/crypto/fips_err.h
@@ -157,6 +157,7 @@ static ERR_STRING_DATA FIPS_str_reasons[]=
 {ERR_REASON(FIPS_R_SELFTEST_FAILURE)     ,"selftest failure"},
 {ERR_REASON(FIPS_R_STRENGTH_ERROR_UNDETECTED),"strength error undetected"},
 {ERR_REASON(FIPS_R_TEST_FAILURE)         ,"test failure"},
+{ERR_REASON(FIPS_R_UNINSTANTIATE_ERROR)  ,"uninstantiate error"},
 {ERR_REASON(FIPS_R_UNINSTANTIATE_ZEROISE_ERROR),"uninstantiate zeroise error"},
 {ERR_REASON(FIPS_R_UNSUPPORTED_DRBG_TYPE),"unsupported drbg type"},
 {ERR_REASON(FIPS_R_UNSUPPORTED_PLATFORM) ,"unsupported platform"},
diff --git a/fips/ecdsa/fips_ecdsa_selftest.c b/fips/ecdsa/fips_ecdsa_selftest.c
index 722ae673bc..7f7ddda603 100644
--- a/fips/ecdsa/fips_ecdsa_selftest.c
+++ b/fips/ecdsa/fips_ecdsa_selftest.c
@@ -151,6 +151,8 @@ int FIPS_selftest_ecdsa()
 
 	err:
 
+	FIPS_md_ctx_cleanup(&mctx);
+
 	if (x)
 		BN_clear_free(x);
 	if (y)
diff --git a/fips/fips.h b/fips/fips.h
index 92f61a89a8..0481983f78 100644
--- a/fips/fips.h
+++ b/fips/fips.h
@@ -280,6 +280,7 @@ void ERR_load_FIPS_strings(void);
 #define FIPS_R_SELFTEST_FAILURE				 135
 #define FIPS_R_STRENGTH_ERROR_UNDETECTED		 136
 #define FIPS_R_TEST_FAILURE				 137
+#define FIPS_R_UNINSTANTIATE_ERROR			 141
 #define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR		 138
 #define FIPS_R_UNSUPPORTED_DRBG_TYPE			 139
 #define FIPS_R_UNSUPPORTED_PLATFORM			 140
diff --git a/fips/rand/fips_drbg_selftest.c b/fips/rand/fips_drbg_selftest.c
index d1f9dd118b..496ea73481 100644
--- a/fips/rand/fips_drbg_selftest.c
+++ b/fips/rand/fips_drbg_selftest.c
@@ -859,6 +859,13 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
 		goto err;
 		}
 
+	dctx->flags &= ~DRBG_FLAG_NOERR;
+	if (!FIPS_drbg_uninstantiate(dctx))
+		{
+		FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
+		goto err;
+		}
+
 	/* Instantiate with valid data. NB: errors now reported again */
 	if (!FIPS_drbg_init(dctx, td->nid, td->flags))
 		goto err;
@@ -911,6 +918,14 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
 		goto err;
 		}
 		
+	dctx->flags &= ~DRBG_FLAG_NOERR;
+
+	if (!FIPS_drbg_uninstantiate(dctx))
+		{
+		FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
+		goto err;
+		}
+
 
 	/* Instantiate again with valid data */
author	Dr. Stephen Henson <steve@openssl.org>	2011-04-12 14:28:06 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-04-12 14:28:06 +0000
commit	49cb5e0b408d24fbd2fe197a18be64068cac1277 (patch)
tree	e134e4b7ff1fe0e45b08931c66e6c8d181c53e7a
parent	e2abfd58cce279d6c986f0fee2b827e7ec243a81 (diff)
download	openssl-49cb5e0b408d24fbd2fe197a18be64068cac1277.tar.gz