FIPS: Fix memory leak in digest_sign self-test

Contrary to what the documentation for EVP_DigestSignInit(3) and
EVP_DigestVerifyInit(3) says, the EVP_PKEY_CTX created by these
functions is not automatically released inside of the FIPS provider due
to an #ifndef FIPS_MODULE in evp_md_ctx_reset_ex.

Resolves: rhbz#2102535
This commit is contained in:
Clemens Lang 2022-08-03 18:04:36 +02:00
parent 08d6c35051
commit 61f739868e

View File

@ -247,7 +247,7 @@ index b6d5e8e134..77eec075e6 100644
size_t siglen = sizeof(sig);
static const unsigned char dgst[] = {
0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
@@ -488,23 +491,22 @@ static int self_test_sign(const ST_KAT_SIGN *t,
@@ -488,23 +491,26 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|| EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
goto err;
@ -279,12 +279,16 @@ index b6d5e8e134..77eec075e6 100644
- if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
- || EVP_PKEY_verify_init(sctx) <= 0
+ /* sctx is not freed automatically inside the FIPS module */
+ EVP_PKEY_CTX_free(sctx);
+ sctx = NULL;
+
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT);
+ if (EVP_DigestVerifyInit(ctx, &sctx, md, NULL, pkey) <= 0
|| EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
goto err;
@@ -518,14 +520,15 @@ static int self_test_sign(const ST_KAT_SIGN *t,
@@ -509,14 +510,17 @@ static int self_test_sign(const ST_KAT_SIGN *t,
goto err;
OSSL_SELF_TEST_oncorrupt_byte(st, sig);
@ -295,10 +299,12 @@ index b6d5e8e134..77eec075e6 100644
err:
BN_CTX_free(bnctx);
EVP_PKEY_free(pkey);
- EVP_PKEY_CTX_free(kctx);
+ EVP_MD_free(md);
+ EVP_MD_CTX_free(ctx);
EVP_PKEY_CTX_free(kctx);
- EVP_PKEY_CTX_free(sctx);
+ /* sctx is not freed automatically inside the FIPS module */
EVP_PKEY_CTX_free(sctx);
+ EVP_PKEY_CTX_free(kctx);
OSSL_PARAM_free(params);
OSSL_PARAM_free(params_sig);
OSSL_PARAM_BLD_free(bld);