forked from rpms/openssl
FIPS: Fix memory leak in digest_sign self-test
Contrary to what the documentation for EVP_DigestSignInit(3) and EVP_DigestVerifyInit(3) says, the EVP_PKEY_CTX created by these functions is not automatically released inside of the FIPS provider due to an #ifndef FIPS_MODULE in evp_md_ctx_reset_ex. Resolves: rhbz#2102535
This commit is contained in:
parent
08d6c35051
commit
61f739868e
@ -247,7 +247,7 @@ index b6d5e8e134..77eec075e6 100644
|
||||
size_t siglen = sizeof(sig);
|
||||
static const unsigned char dgst[] = {
|
||||
0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
|
||||
@@ -488,23 +491,22 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|
||||
@@ -488,23 +491,26 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|
||||
|| EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
|
||||
goto err;
|
||||
|
||||
@ -279,12 +279,16 @@ index b6d5e8e134..77eec075e6 100644
|
||||
|
||||
- if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
|
||||
- || EVP_PKEY_verify_init(sctx) <= 0
|
||||
+ /* sctx is not freed automatically inside the FIPS module */
|
||||
+ EVP_PKEY_CTX_free(sctx);
|
||||
+ sctx = NULL;
|
||||
+
|
||||
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT);
|
||||
+ if (EVP_DigestVerifyInit(ctx, &sctx, md, NULL, pkey) <= 0
|
||||
|| EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
|
||||
goto err;
|
||||
|
||||
@@ -518,14 +520,15 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|
||||
@@ -509,14 +510,17 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|
||||
goto err;
|
||||
|
||||
OSSL_SELF_TEST_oncorrupt_byte(st, sig);
|
||||
@ -295,10 +299,12 @@ index b6d5e8e134..77eec075e6 100644
|
||||
err:
|
||||
BN_CTX_free(bnctx);
|
||||
EVP_PKEY_free(pkey);
|
||||
- EVP_PKEY_CTX_free(kctx);
|
||||
+ EVP_MD_free(md);
|
||||
+ EVP_MD_CTX_free(ctx);
|
||||
EVP_PKEY_CTX_free(kctx);
|
||||
- EVP_PKEY_CTX_free(sctx);
|
||||
+ /* sctx is not freed automatically inside the FIPS module */
|
||||
EVP_PKEY_CTX_free(sctx);
|
||||
+ EVP_PKEY_CTX_free(kctx);
|
||||
OSSL_PARAM_free(params);
|
||||
OSSL_PARAM_free(params_sig);
|
||||
OSSL_PARAM_BLD_free(bld);
|
||||
|
Loading…
Reference in New Issue
Block a user