Fix memory leaks: uninstantiate DRBG during health checks. Cleanup md_ctx
authorDr. Stephen Henson <steve@openssl.org>
Tue, 12 Apr 2011 14:28:06 +0000 (14:28 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 12 Apr 2011 14:28:06 +0000 (14:28 +0000)
when performing ECDSA selftest.

crypto/fips_err.h
fips/ecdsa/fips_ecdsa_selftest.c
fips/fips.h
fips/rand/fips_drbg_selftest.c

index 9c23508..9a824c7 100644 (file)
@@ -157,6 +157,7 @@ static ERR_STRING_DATA FIPS_str_reasons[]=
 {ERR_REASON(FIPS_R_SELFTEST_FAILURE)     ,"selftest failure"},
 {ERR_REASON(FIPS_R_STRENGTH_ERROR_UNDETECTED),"strength error undetected"},
 {ERR_REASON(FIPS_R_TEST_FAILURE)         ,"test failure"},
+{ERR_REASON(FIPS_R_UNINSTANTIATE_ERROR)  ,"uninstantiate error"},
 {ERR_REASON(FIPS_R_UNINSTANTIATE_ZEROISE_ERROR),"uninstantiate zeroise error"},
 {ERR_REASON(FIPS_R_UNSUPPORTED_DRBG_TYPE),"unsupported drbg type"},
 {ERR_REASON(FIPS_R_UNSUPPORTED_PLATFORM) ,"unsupported platform"},
index 722ae67..7f7ddda 100644 (file)
@@ -151,6 +151,8 @@ int FIPS_selftest_ecdsa()
 
        err:
 
+       FIPS_md_ctx_cleanup(&mctx);
+
        if (x)
                BN_clear_free(x);
        if (y)
index 92f61a8..0481983 100644 (file)
@@ -280,6 +280,7 @@ void ERR_load_FIPS_strings(void);
 #define FIPS_R_SELFTEST_FAILURE                                 135
 #define FIPS_R_STRENGTH_ERROR_UNDETECTED                136
 #define FIPS_R_TEST_FAILURE                             137
+#define FIPS_R_UNINSTANTIATE_ERROR                      141
 #define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR              138
 #define FIPS_R_UNSUPPORTED_DRBG_TYPE                    139
 #define FIPS_R_UNSUPPORTED_PLATFORM                     140
index d1f9dd1..496ea73 100644 (file)
@@ -859,6 +859,13 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
                goto err;
                }
 
+       dctx->flags &= ~DRBG_FLAG_NOERR;
+       if (!FIPS_drbg_uninstantiate(dctx))
+               {
+               FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
+               goto err;
+               }
+
        /* Instantiate with valid data. NB: errors now reported again */
        if (!FIPS_drbg_init(dctx, td->nid, td->flags))
                goto err;
@@ -911,6 +918,14 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
                goto err;
                }
                
+       dctx->flags &= ~DRBG_FLAG_NOERR;
+
+       if (!FIPS_drbg_uninstantiate(dctx))
+               {
+               FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
+               goto err;
+               }
+
 
        /* Instantiate again with valid data */