mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-18 13:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix memory leaks: uninstantiate DRBG during health checks. Cleanup md_ctx

Browse Source 
when performing ECDSA selftest.
This commit is contained in:
Dr. Stephen Henson 2011-04-12 14:28:06 +00:00
parent e2abfd58cc
commit 49cb5e0b40
4 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
crypto/fips_err.h
View File

@ -157,6 +157,7 @@ static ERR_STRING_DATA FIPS_str_reasons[]=
{ERR_REASON(FIPS_R_SELFTEST_FAILURE) ,"selftest failure"},
{ERR_REASON(FIPS_R_STRENGTH_ERROR_UNDETECTED),"strength error undetected"},
{ERR_REASON(FIPS_R_TEST_FAILURE) ,"test failure"},
{ERR_REASON(FIPS_R_UNINSTANTIATE_ERROR) ,"uninstantiate error"},
{ERR_REASON(FIPS_R_UNINSTANTIATE_ZEROISE_ERROR),"uninstantiate zeroise error"},
{ERR_REASON(FIPS_R_UNSUPPORTED_DRBG_TYPE),"unsupported drbg type"},
{ERR_REASON(FIPS_R_UNSUPPORTED_PLATFORM) ,"unsupported platform"},

2
fips/ecdsa/fips_ecdsa_selftest.c
View File

@ -151,6 +151,8 @@ int FIPS_selftest_ecdsa()
err:
FIPS_md_ctx_cleanup(&mctx);
if (x)
BN_clear_free(x);
if (y)

1
fips/fips.h
View File

@ -280,6 +280,7 @@ void ERR_load_FIPS_strings(void);
#define FIPS_R_SELFTEST_FAILURE 135
#define FIPS_R_STRENGTH_ERROR_UNDETECTED 136
#define FIPS_R_TEST_FAILURE 137
#define FIPS_R_UNINSTANTIATE_ERROR 141
#define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR 138
#define FIPS_R_UNSUPPORTED_DRBG_TYPE 139
#define FIPS_R_UNSUPPORTED_PLATFORM 140

15
fips/rand/fips_drbg_selftest.c
View File

@ -859,6 +859,13 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
goto err;
}
dctx->flags &= ~DRBG_FLAG_NOERR;
if (!FIPS_drbg_uninstantiate(dctx))
{
FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
goto err;
}
/* Instantiate with valid data. NB: errors now reported again */
if (!FIPS_drbg_init(dctx, td->nid, td->flags))
goto err;
@ -911,6 +918,14 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
goto err;
}
dctx->flags &= ~DRBG_FLAG_NOERR;
if (!FIPS_drbg_uninstantiate(dctx))
{
FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
goto err;
}
/* Instantiate again with valid data */