diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-04-12 14:28:06 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-04-12 14:28:06 +0000 |
commit | 49cb5e0b408d24fbd2fe197a18be64068cac1277 (patch) | |
tree | e134e4b7ff1fe0e45b08931c66e6c8d181c53e7a /fips | |
parent | e2abfd58cce279d6c986f0fee2b827e7ec243a81 (diff) | |
download | openssl-49cb5e0b408d24fbd2fe197a18be64068cac1277.tar.gz |
Fix memory leaks: uninstantiate DRBG during health checks. Cleanup md_ctx
when performing ECDSA selftest.
Diffstat (limited to 'fips')
-rw-r--r-- | fips/ecdsa/fips_ecdsa_selftest.c | 2 | ||||
-rw-r--r-- | fips/fips.h | 1 | ||||
-rw-r--r-- | fips/rand/fips_drbg_selftest.c | 15 |
3 files changed, 18 insertions, 0 deletions
diff --git a/fips/ecdsa/fips_ecdsa_selftest.c b/fips/ecdsa/fips_ecdsa_selftest.c index 722ae673bc..7f7ddda603 100644 --- a/fips/ecdsa/fips_ecdsa_selftest.c +++ b/fips/ecdsa/fips_ecdsa_selftest.c @@ -151,6 +151,8 @@ int FIPS_selftest_ecdsa() err: + FIPS_md_ctx_cleanup(&mctx); + if (x) BN_clear_free(x); if (y) diff --git a/fips/fips.h b/fips/fips.h index 92f61a89a8..0481983f78 100644 --- a/fips/fips.h +++ b/fips/fips.h @@ -280,6 +280,7 @@ void ERR_load_FIPS_strings(void); #define FIPS_R_SELFTEST_FAILURE 135 #define FIPS_R_STRENGTH_ERROR_UNDETECTED 136 #define FIPS_R_TEST_FAILURE 137 +#define FIPS_R_UNINSTANTIATE_ERROR 141 #define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR 138 #define FIPS_R_UNSUPPORTED_DRBG_TYPE 139 #define FIPS_R_UNSUPPORTED_PLATFORM 140 diff --git a/fips/rand/fips_drbg_selftest.c b/fips/rand/fips_drbg_selftest.c index d1f9dd118b..496ea73481 100644 --- a/fips/rand/fips_drbg_selftest.c +++ b/fips/rand/fips_drbg_selftest.c @@ -859,6 +859,13 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) goto err; } + dctx->flags &= ~DRBG_FLAG_NOERR; + if (!FIPS_drbg_uninstantiate(dctx)) + { + FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_UNINSTANTIATE_ERROR); + goto err; + } + /* Instantiate with valid data. NB: errors now reported again */ if (!FIPS_drbg_init(dctx, td->nid, td->flags)) goto err; @@ -911,6 +918,14 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) goto err; } + dctx->flags &= ~DRBG_FLAG_NOERR; + + if (!FIPS_drbg_uninstantiate(dctx)) + { + FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_UNINSTANTIATE_ERROR); + goto err; + } + /* Instantiate again with valid data */ |