From 69569dd1684ec67ccf8f0a7007872ebbb7a724d5 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 2 Nov 2011 19:17:30 +0000 Subject: [PATCH] Add support for memory leak checking in fips_algvs. Fix many memory leaks in algorithm test utilities. --- fips/aes/fips_aesavs.c | 3 ++- fips/aes/fips_gcmtest.c | 6 ++++++ fips/des/fips_desmovs.c | 2 ++ fips/dsa/fips_dssvs.c | 29 +++++++++++++++++++++++------ fips/ecdh/fips_ecdhvs.c | 20 +++++++++++++++++--- fips/ecdsa/fips_ecdsavs.c | 17 ++++++++++++++++- fips/fips_test_suite.c | 4 +++- fips/rsa/fips_rsastest.c | 3 +++ test/fips_algvs.c | 24 +++++++++++++++++++++--- 9 files changed, 93 insertions(+), 15 deletions(-) diff --git a/fips/aes/fips_aesavs.c b/fips/aes/fips_aesavs.c index 9a09964221..bbdb93aab9 100644 --- a/fips/aes/fips_aesavs.c +++ b/fips/aes/fips_aesavs.c @@ -535,7 +535,7 @@ static int do_mct(char *amode, } } } - + FIPS_cipher_ctx_cleanup(&ctx); return ret; } @@ -850,6 +850,7 @@ static int proc_file(char *rqfile, char *rspfile) fclose(rfp); if (afp) fclose(afp); + FIPS_cipher_ctx_cleanup(&ctx); return err; } diff --git a/fips/aes/fips_gcmtest.c b/fips/aes/fips_gcmtest.c index a7c787368a..02849bc2ab 100644 --- a/fips/aes/fips_gcmtest.c +++ b/fips/aes/fips_gcmtest.c @@ -261,6 +261,7 @@ static void gcmtest(FILE *in, FILE *out, int encrypt) iv = aad = ct = pt = key = tag = NULL; } } + FIPS_cipher_ctx_cleanup(&ctx); } static void xtstest(FILE *in, FILE *out) @@ -335,6 +336,7 @@ static void xtstest(FILE *in, FILE *out) iv = key = inbuf = outbuf = NULL; } } + FIPS_cipher_ctx_cleanup(&ctx); } static void ccmtest(FILE *in, FILE *out) @@ -428,6 +430,8 @@ static void ccmtest(FILE *in, FILE *out) } else if (!strcmp(keyword,"Adata")) { + if (Adata) + OPENSSL_free(Adata); Adata = hex2bin_m(value, &l); if (Alen && l != Alen) { @@ -493,6 +497,8 @@ static void ccmtest(FILE *in, FILE *out) OPENSSL_free(Key); if (Nonce) OPENSSL_free(Nonce); + if (Adata) + OPENSSL_free(Adata); FIPS_cipher_ctx_cleanup(&ctx); } diff --git a/fips/des/fips_desmovs.c b/fips/des/fips_desmovs.c index 29035f08c7..79900aeae2 100644 --- a/fips/des/fips_desmovs.c +++ b/fips/des/fips_desmovs.c @@ -263,6 +263,7 @@ static int do_tmct(char *amode, if(imode == TOFB) for(n=0 ; n < 8 ; ++n) text[n]=text0[n]^old_iv[n]; + FIPS_cipher_ctx_cleanup(&ctx); } return 1; } @@ -622,6 +623,7 @@ static int tproc_file(char *rqfile, char *rspfile) fclose(rfp); if (afp) fclose(afp); + FIPS_cipher_ctx_cleanup(&ctx); return err; } diff --git a/fips/dsa/fips_dssvs.c b/fips/dsa/fips_dssvs.c index 706babf050..45eefb7c63 100644 --- a/fips/dsa/fips_dssvs.c +++ b/fips/dsa/fips_dssvs.c @@ -199,6 +199,7 @@ static void pqg(FILE *in, FILE *out) { fprintf(out, "counter = %d" RESP_EOL RESP_EOL, counter); } + FIPS_dsa_free(dsa); } } else if(!strcmp(keyword,"P")) @@ -519,6 +520,8 @@ static void keyver(FILE *in, FILE *out) BN_free(g); if (Y2) BN_free(Y2); + if (ctx) + BN_CTX_free(ctx); } static void keypair(FILE *in, FILE *out) @@ -575,6 +578,8 @@ static void keypair(FILE *in, FILE *out) do_bn_print_name(out, "Y",dsa->pub_key); fputs(RESP_EOL, out); } + if (dsa) + FIPS_dsa_free(dsa); } } } @@ -648,8 +653,8 @@ static void siggen(FILE *in, FILE *out) FIPS_md_ctx_cleanup(&mctx); } } - if (dsa) - FIPS_dsa_free(dsa); + if (dsa) + FIPS_dsa_free(dsa); } static void sigver(FILE *in, FILE *out) @@ -687,15 +692,15 @@ static void sigver(FILE *in, FILE *out) dsa = FIPS_dsa_new(); } else if(!strcmp(keyword,"P")) - dsa->p=hex2bn(value); + do_hex2bn(&dsa->p, value); else if(!strcmp(keyword,"Q")) - dsa->q=hex2bn(value); + do_hex2bn(&dsa->q, value); else if(!strcmp(keyword,"G")) - dsa->g=hex2bn(value); + do_hex2bn(&dsa->g, value); else if(!strcmp(keyword,"Msg")) n=hex2bin(value,msg); else if(!strcmp(keyword,"Y")) - dsa->pub_key=hex2bn(value); + do_hex2bn(&dsa->pub_key, value); else if(!strcmp(keyword,"R")) sig->r=hex2bn(value); else if(!strcmp(keyword,"S")) @@ -711,10 +716,22 @@ static void sigver(FILE *in, FILE *out) r = FIPS_dsa_verify_ctx(dsa, &mctx, sig); no_err = 0; FIPS_md_ctx_cleanup(&mctx); + if (sig->s) + { + BN_free(sig->s); + sig->s = NULL; + } + if (sig->r) + { + BN_free(sig->r); + sig->r = NULL; + } fprintf(out, "Result = %c" RESP_EOL RESP_EOL, r == 1 ? 'P' : 'F'); } } + if (dsa) + FIPS_dsa_free(dsa); } #ifdef FIPS_ALGVS diff --git a/fips/ecdh/fips_ecdhvs.c b/fips/ecdh/fips_ecdhvs.c index 821821a96d..a30e335e2b 100644 --- a/fips/ecdh/fips_ecdhvs.c +++ b/fips/ecdh/fips_ecdhvs.c @@ -319,6 +319,7 @@ int main(int argc, char **argv) EC_GROUP *group = NULL; char *keyword = NULL, *value = NULL; int do_verify = -1, exout = 0; + int rv = 1; int curve_nids[5] = {0,0,0,0,0}; int param_set = -1; @@ -463,10 +464,23 @@ int main(int argc, char **argv) md, rhash, rhashlen); } } - return 0; + rv = 0; parse_error: - fprintf(stderr, "Error Parsing request file\n"); - exit(1); + if (id) + BN_free(id); + if (ix) + BN_free(ix); + if (iy) + BN_free(iy); + if (cx) + BN_free(cx); + if (cy) + BN_free(cy); + if (group) + EC_GROUP_free(group); + if (rv) + fprintf(stderr, "Error Parsing request file\n"); + return rv; } #endif diff --git a/fips/ecdsa/fips_ecdsavs.c b/fips/ecdsa/fips_ecdsavs.c index 50b1b7ca5d..35ff251060 100644 --- a/fips/ecdsa/fips_ecdsavs.c +++ b/fips/ecdsa/fips_ecdsavs.c @@ -287,10 +287,13 @@ static int PKV(FILE *in, FILE *out) no_err = 1; rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy); no_err = 0; + EC_KEY_free(key); fprintf(out, "Result = %s" RESP_EOL, rv ? "P":"F"); } } + BN_free(Qx); + BN_free(Qy); return 1; } @@ -358,7 +361,7 @@ static int SigGen(FILE *in, FILE *out) do_bn_print_name(out, "S", sig->s); EC_KEY_free(key); - + OPENSSL_free(msg); FIPS_ecdsa_sig_free(sig); } @@ -451,12 +454,24 @@ static int SigVer(FILE *in, FILE *out) FIPS_digestupdate(&mctx, msg, mlen); no_err = 1; rv = FIPS_ecdsa_verify_ctx(key, &mctx, sig); + EC_KEY_free(key); + if (msg) + OPENSSL_free(msg); no_err = 0; fprintf(out, "Result = %s" RESP_EOL, rv ? "P":"F"); } } + if (sig->r) + BN_free(sig->r); + if (sig->s) + BN_free(sig->s); + if (Qx) + BN_free(Qx); + if (Qy) + BN_free(Qy); + EVP_MD_CTX_cleanup(&mctx); return 1; } #ifdef FIPS_ALGVS diff --git a/fips/fips_test_suite.c b/fips/fips_test_suite.c index 1344b1108d..db0f18a16b 100644 --- a/fips/fips_test_suite.c +++ b/fips/fips_test_suite.c @@ -651,6 +651,8 @@ static int Zeroize() for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]); printf("\n"); + FIPS_rsa_free(key); + return 1; } @@ -696,7 +698,7 @@ static int do_drbg_test(int type, int flags) } rv = 1; err: - FIPS_drbg_uninstantiate(dctx); + FIPS_drbg_free(dctx); return rv; } diff --git a/fips/rsa/fips_rsastest.c b/fips/rsa/fips_rsastest.c index d11b06316b..72e75a3cc6 100644 --- a/fips/rsa/fips_rsastest.c +++ b/fips/rsa/fips_rsastest.c @@ -362,6 +362,9 @@ static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst, error: + if (sigbuf) + OPENSSL_free(sigbuf); + return ret; } #endif diff --git a/test/fips_algvs.c b/test/fips_algvs.c index a662d01df4..36d7fb3338 100644 --- a/test/fips_algvs.c +++ b/test/fips_algvs.c @@ -229,9 +229,23 @@ int main(int argc, char **argv) char **xargv; int lineno = 0, badarg = 0; int nerr = 0, quiet = 0, verbose = 0; + int rv; FILE *in = NULL; +#ifdef FIPS_ALGVS_MEMCHECK + CRYPTO_malloc_debug_init(); + OPENSSL_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); +#endif + if (*args && *args[0] != '-') - return run_prg(argc - 1, args); + { + rv = run_prg(argc - 1, args); +#ifdef FIPS_ALGVS_MEMCHECK + CRYPTO_mem_leaks_fp(stderr); +#endif + return rv; + } while (!badarg && *args && *args[0] == '-') { if (!strcmp(*args, "-script")) @@ -276,7 +290,6 @@ int main(int argc, char **argv) fprintf(stderr, "Error processing line %d\n", lineno); else { - int rv; if (!quiet) { int i; @@ -303,10 +316,15 @@ int main(int argc, char **argv) if (!quiet) printf("Completed with %d errors\n", nerr); + if (arg.data) + OPENSSL_free(arg.data); + fclose(in); +#ifdef FIPS_ALGVS_MEMCHECK + CRYPTO_mem_leaks_fp(stderr); +#endif if (nerr == 0) return 0; return 1; } - #endif -- 2.34.1