Fix memory leaks: uninstantiate DRBG during health checks. Cleanup md_ctx

when performing ECDSA selftest.

crypto/fips_err.h

@@ -157,6 +157,7 @@ static ERR_STRING_DATA FIPS_str_reasons[]=
 {ERR_REASON(FIPS_R_SELFTEST_FAILURE)     ,"selftest failure"},
 {ERR_REASON(FIPS_R_STRENGTH_ERROR_UNDETECTED),"strength error undetected"},
 {ERR_REASON(FIPS_R_TEST_FAILURE)         ,"test failure"},
+{ERR_REASON(FIPS_R_UNINSTANTIATE_ERROR)  ,"uninstantiate error"},
 {ERR_REASON(FIPS_R_UNINSTANTIATE_ZEROISE_ERROR),"uninstantiate zeroise error"},
 {ERR_REASON(FIPS_R_UNSUPPORTED_DRBG_TYPE),"unsupported drbg type"},
 {ERR_REASON(FIPS_R_UNSUPPORTED_PLATFORM) ,"unsupported platform"},

fips/ecdsa/fips_ecdsa_selftest.c

@@ -151,6 +151,8 @@ int FIPS_selftest_ecdsa()
 
 	err:
 
+	FIPS_md_ctx_cleanup(&mctx);
+
 	if (x)
 		BN_clear_free(x);
 	if (y)

fips/fips.h

@@ -280,6 +280,7 @@ void ERR_load_FIPS_strings(void);
 #define FIPS_R_SELFTEST_FAILURE				 135
 #define FIPS_R_STRENGTH_ERROR_UNDETECTED		 136
 #define FIPS_R_TEST_FAILURE				 137
+#define FIPS_R_UNINSTANTIATE_ERROR			 141
 #define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR		 138
 #define FIPS_R_UNSUPPORTED_DRBG_TYPE			 139
 #define FIPS_R_UNSUPPORTED_PLATFORM			 140

fips/rand/fips_drbg_selftest.c

@@ -859,6 +859,13 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
 		goto err;
 		}
 
+	dctx->flags &= ~DRBG_FLAG_NOERR;
+	if (!FIPS_drbg_uninstantiate(dctx))
+		{
+		FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
+		goto err;
+		}
+
 	/* Instantiate with valid data. NB: errors now reported again */
 	if (!FIPS_drbg_init(dctx, td->nid, td->flags))
 		goto err;
@@ -911,6 +918,14 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
 		goto err;
 		}
 		
+	dctx->flags &= ~DRBG_FLAG_NOERR;
+
+	if (!FIPS_drbg_uninstantiate(dctx))
+		{
+		FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
+		goto err;
+		}
+
 
 	/* Instantiate again with valid data */