323 lines
10 KiB
Diff
323 lines
10 KiB
Diff
commit 50408fc3ae0f25b256dda2033d538f88c9b4f903
|
|
Author: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
Date: Mon Jul 5 16:02:28 2021 +0200
|
|
|
|
COMMON: Fix memory leaks
|
|
|
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
|
|
diff --git a/usr/lib/common/mech_aes.c b/usr/lib/common/mech_aes.c
|
|
index 59f82482..a1241693 100644
|
|
--- a/usr/lib/common/mech_aes.c
|
|
+++ b/usr/lib/common/mech_aes.c
|
|
@@ -2359,6 +2359,8 @@ CK_RV aes_mac_sign(STDLL_TokData_t *tokdata,
|
|
memcpy(out_data, ((AES_DATA_CONTEXT *) ctx->context)->iv, mac_len);
|
|
*out_data_len = mac_len;
|
|
|
|
+ sign_mgr_cleanup(tokdata, sess, ctx);
|
|
+
|
|
return rc;
|
|
}
|
|
}
|
|
@@ -2497,6 +2499,8 @@ CK_RV aes_mac_sign_final(STDLL_TokData_t *tokdata,
|
|
memcpy(out_data, context->iv, mac_len);
|
|
*out_data_len = mac_len;
|
|
|
|
+ sign_mgr_cleanup(tokdata, sess, ctx);
|
|
+
|
|
return rc;
|
|
}
|
|
|
|
@@ -2554,8 +2558,12 @@ CK_RV aes_mac_verify(STDLL_TokData_t *tokdata,
|
|
}
|
|
|
|
if (CRYPTO_memcmp(out_data, ((AES_DATA_CONTEXT *) ctx->context)->iv,
|
|
- out_data_len) == 0)
|
|
+ out_data_len) == 0) {
|
|
+ verify_mgr_cleanup(tokdata, sess, ctx);
|
|
return CKR_OK;
|
|
+ }
|
|
+
|
|
+ verify_mgr_cleanup(tokdata, sess, ctx);
|
|
|
|
return CKR_SIGNATURE_INVALID;
|
|
}
|
|
@@ -2685,8 +2693,12 @@ CK_RV aes_mac_verify_final(STDLL_TokData_t *tokdata,
|
|
}
|
|
}
|
|
|
|
- if (CRYPTO_memcmp(signature, context->iv, signature_len) == 0)
|
|
+ if (CRYPTO_memcmp(signature, context->iv, signature_len) == 0) {
|
|
+ verify_mgr_cleanup(tokdata, sess, ctx);
|
|
return CKR_OK;
|
|
+ }
|
|
+
|
|
+ verify_mgr_cleanup(tokdata, sess, ctx);
|
|
|
|
return CKR_SIGNATURE_INVALID;
|
|
}
|
|
@@ -2766,6 +2778,8 @@ CK_RV aes_cmac_sign(STDLL_TokData_t *tokdata,
|
|
memcpy(out_data, ((AES_CMAC_CONTEXT *) ctx->context)->iv, mac_len);
|
|
*out_data_len = mac_len;
|
|
|
|
+ sign_mgr_cleanup(tokdata, sess, ctx);
|
|
+
|
|
done:
|
|
object_put(tokdata, key_obj, TRUE);
|
|
key_obj = NULL;
|
|
@@ -2913,6 +2927,8 @@ done:
|
|
object_put(tokdata, key_obj, TRUE);
|
|
key_obj = NULL;
|
|
|
|
+ sign_mgr_cleanup(tokdata, sess, ctx);
|
|
+
|
|
return rc;
|
|
}
|
|
|
|
@@ -2969,9 +2985,12 @@ CK_RV aes_cmac_verify(STDLL_TokData_t *tokdata,
|
|
|
|
if (CRYPTO_memcmp(out_data, ((AES_CMAC_CONTEXT *) ctx->context)->iv,
|
|
out_data_len) == 0) {
|
|
+ verify_mgr_cleanup(tokdata, sess, ctx);
|
|
return CKR_OK;
|
|
}
|
|
|
|
+ verify_mgr_cleanup(tokdata, sess, ctx);
|
|
+
|
|
return CKR_SIGNATURE_INVALID;
|
|
}
|
|
|
|
@@ -3105,8 +3124,12 @@ CK_RV aes_cmac_verify_final(STDLL_TokData_t *tokdata,
|
|
return rc;
|
|
}
|
|
|
|
- if (CRYPTO_memcmp(signature, context->iv, signature_len) == 0)
|
|
+ if (CRYPTO_memcmp(signature, context->iv, signature_len) == 0) {
|
|
+ verify_mgr_cleanup(tokdata, sess, ctx);
|
|
return CKR_OK;
|
|
+ }
|
|
+
|
|
+ verify_mgr_cleanup(tokdata, sess, ctx);
|
|
|
|
return CKR_SIGNATURE_INVALID;
|
|
}
|
|
diff --git a/usr/lib/common/mech_des3.c b/usr/lib/common/mech_des3.c
|
|
index 591ad3fa..3582102a 100644
|
|
--- a/usr/lib/common/mech_des3.c
|
|
+++ b/usr/lib/common/mech_des3.c
|
|
@@ -2006,6 +2006,8 @@ CK_RV des3_mac_sign(STDLL_TokData_t *tokdata,
|
|
|
|
*out_data_len = mac_len;
|
|
|
|
+ sign_mgr_cleanup(tokdata, sess, ctx);
|
|
+
|
|
return rc;
|
|
}
|
|
}
|
|
@@ -2144,6 +2146,8 @@ CK_RV des3_mac_sign_final(STDLL_TokData_t *tokdata,
|
|
|
|
*out_data_len = mac_len;
|
|
|
|
+ sign_mgr_cleanup(tokdata, sess, ctx);
|
|
+
|
|
return rc;
|
|
}
|
|
|
|
@@ -2197,8 +2201,12 @@ CK_RV des3_mac_verify(STDLL_TokData_t *tokdata,
|
|
key_obj = NULL;
|
|
|
|
if (CRYPTO_memcmp(out_data, ((DES_DATA_CONTEXT *) ctx->context)->iv,
|
|
- out_data_len) == 0)
|
|
+ out_data_len) == 0) {
|
|
+ verify_mgr_cleanup(tokdata, sess, ctx);
|
|
return CKR_OK;
|
|
+ }
|
|
+
|
|
+ verify_mgr_cleanup(tokdata, sess, ctx);
|
|
|
|
return CKR_SIGNATURE_INVALID;
|
|
}
|
|
@@ -2328,8 +2336,12 @@ CK_RV des3_mac_verify_final(STDLL_TokData_t *tokdata,
|
|
}
|
|
}
|
|
|
|
- if (CRYPTO_memcmp(signature, context->iv, signature_len) == 0)
|
|
+ if (CRYPTO_memcmp(signature, context->iv, signature_len) == 0) {
|
|
+ verify_mgr_cleanup(tokdata, sess, ctx);
|
|
return CKR_OK;
|
|
+ }
|
|
+
|
|
+ verify_mgr_cleanup(tokdata, sess, ctx);
|
|
|
|
return CKR_SIGNATURE_INVALID;
|
|
}
|
|
@@ -2410,6 +2422,8 @@ CK_RV des3_cmac_sign(STDLL_TokData_t *tokdata,
|
|
object_put(tokdata, key_obj, TRUE);
|
|
key_obj = NULL;
|
|
|
|
+ sign_mgr_cleanup(tokdata, sess, ctx);
|
|
+
|
|
return rc;
|
|
}
|
|
|
|
@@ -2553,6 +2567,8 @@ done:
|
|
object_put(tokdata, key_obj, TRUE);
|
|
key_obj = NULL;
|
|
|
|
+ sign_mgr_cleanup(tokdata, sess, ctx);
|
|
+
|
|
return rc;
|
|
}
|
|
|
|
@@ -2605,8 +2621,12 @@ CK_RV des3_cmac_verify(STDLL_TokData_t *tokdata,
|
|
|
|
if (CRYPTO_memcmp(out_data, ((DES_CMAC_CONTEXT *) ctx->context)->iv,
|
|
out_data_len) == 0) {
|
|
+ verify_mgr_cleanup(tokdata, sess, ctx);
|
|
return CKR_OK;
|
|
}
|
|
+
|
|
+ verify_mgr_cleanup(tokdata, sess, ctx);
|
|
+
|
|
return CKR_SIGNATURE_INVALID;
|
|
}
|
|
|
|
@@ -2739,8 +2759,12 @@ CK_RV des3_cmac_verify_final(STDLL_TokData_t *tokdata,
|
|
|
|
ctx->context_free_func = des3_cmac_cleanup;
|
|
|
|
- if (CRYPTO_memcmp(signature, context->iv, signature_len) == 0)
|
|
+ if (CRYPTO_memcmp(signature, context->iv, signature_len) == 0) {
|
|
+ verify_mgr_cleanup(tokdata, sess, ctx);
|
|
return CKR_OK;
|
|
+ }
|
|
+
|
|
+ verify_mgr_cleanup(tokdata, sess, ctx);
|
|
|
|
return CKR_SIGNATURE_INVALID;
|
|
}
|
|
diff --git a/usr/lib/common/new_host.c b/usr/lib/common/new_host.c
|
|
index d01091f9..8bff6ada 100644
|
|
--- a/usr/lib/common/new_host.c
|
|
+++ b/usr/lib/common/new_host.c
|
|
@@ -174,6 +174,7 @@ CK_RV ST_Initialize(API_Slot_t *sltp, CK_SLOT_ID SlotNumber,
|
|
if (rc != 0) {
|
|
sltp->FcnList = NULL;
|
|
detach_shm(sltp->TokData, 0);
|
|
+ final_data_store(sltp->TokData);
|
|
if (sltp->TokData)
|
|
free(sltp->TokData);
|
|
sltp->TokData = NULL;
|
|
@@ -186,6 +187,7 @@ CK_RV ST_Initialize(API_Slot_t *sltp, CK_SLOT_ID SlotNumber,
|
|
rc = load_token_data(sltp->TokData, SlotNumber);
|
|
if (rc != CKR_OK) {
|
|
sltp->FcnList = NULL;
|
|
+ final_data_store(sltp->TokData);
|
|
if (sltp->TokData)
|
|
free(sltp->TokData);
|
|
sltp->TokData = NULL;
|
|
@@ -218,6 +220,7 @@ done:
|
|
SC_Finalize(sltp->TokData, SlotNumber, sinfp, NULL, 0);
|
|
} else {
|
|
CloseXProcLock(sltp->TokData);
|
|
+ final_data_store(sltp->TokData);
|
|
free(sltp->TokData);
|
|
sltp->TokData = NULL;
|
|
}
|
|
diff --git a/usr/lib/ep11_stdll/new_host.c b/usr/lib/ep11_stdll/new_host.c
|
|
index a0e7517c..45f13551 100644
|
|
--- a/usr/lib/ep11_stdll/new_host.c
|
|
+++ b/usr/lib/ep11_stdll/new_host.c
|
|
@@ -164,6 +164,7 @@ CK_RV ST_Initialize(API_Slot_t *sltp, CK_SLOT_ID SlotNumber,
|
|
if (rc != 0) {
|
|
sltp->FcnList = NULL;
|
|
detach_shm(sltp->TokData, 0);
|
|
+ final_data_store(sltp->TokData);
|
|
if (sltp->TokData)
|
|
free(sltp->TokData);
|
|
sltp->TokData = NULL;
|
|
@@ -176,6 +177,7 @@ CK_RV ST_Initialize(API_Slot_t *sltp, CK_SLOT_ID SlotNumber,
|
|
rc = load_token_data(sltp->TokData, SlotNumber);
|
|
if (rc != CKR_OK) {
|
|
sltp->FcnList = NULL;
|
|
+ final_data_store(sltp->TokData);
|
|
if (sltp->TokData)
|
|
free(sltp->TokData);
|
|
sltp->TokData = NULL;
|
|
@@ -208,6 +210,7 @@ done:
|
|
SC_Finalize(sltp->TokData, SlotNumber, sinfp, NULL, 0);
|
|
} else {
|
|
CloseXProcLock(sltp->TokData);
|
|
+ final_data_store(sltp->TokData);
|
|
free(sltp->TokData);
|
|
sltp->TokData = NULL;
|
|
}
|
|
diff --git a/usr/lib/icsf_stdll/new_host.c b/usr/lib/icsf_stdll/new_host.c
|
|
index 09e9d27a..eed632c3 100644
|
|
--- a/usr/lib/icsf_stdll/new_host.c
|
|
+++ b/usr/lib/icsf_stdll/new_host.c
|
|
@@ -162,6 +162,7 @@ CK_RV ST_Initialize(API_Slot_t *sltp, CK_SLOT_ID SlotNumber,
|
|
if (rc != 0) {
|
|
sltp->FcnList = NULL;
|
|
detach_shm(sltp->TokData, 0);
|
|
+ final_data_store(sltp->TokData);
|
|
if (sltp->TokData)
|
|
free(sltp->TokData);
|
|
sltp->TokData = NULL;
|
|
@@ -174,6 +175,7 @@ CK_RV ST_Initialize(API_Slot_t *sltp, CK_SLOT_ID SlotNumber,
|
|
rc = load_token_data(sltp->TokData, SlotNumber);
|
|
if (rc != CKR_OK) {
|
|
sltp->FcnList = NULL;
|
|
+ final_data_store(sltp->TokData);
|
|
if (sltp->TokData)
|
|
free(sltp->TokData);
|
|
sltp->TokData = NULL;
|
|
@@ -206,6 +208,7 @@ done:
|
|
SC_Finalize(sltp->TokData, SlotNumber, sinfp, NULL, 0);
|
|
} else {
|
|
CloseXProcLock(sltp->TokData);
|
|
+ final_data_store(sltp->TokData);
|
|
free(sltp->TokData);
|
|
sltp->TokData = NULL;
|
|
}
|
|
diff --git a/usr/lib/tpm_stdll/tpm_specific.c b/usr/lib/tpm_stdll/tpm_specific.c
|
|
index 45bc4b78..c7557108 100644
|
|
--- a/usr/lib/tpm_stdll/tpm_specific.c
|
|
+++ b/usr/lib/tpm_stdll/tpm_specific.c
|
|
@@ -213,6 +213,10 @@ CK_RV token_specific_init(STDLL_TokData_t * tokdata, CK_SLOT_ID SlotNumber,
|
|
}
|
|
|
|
tpm_data = (tpm_private_data_t *)calloc(1, sizeof(tpm_private_data_t));
|
|
+ if (tpm_data == NULL) {
|
|
+ TRACE_ERROR("calloc failed\n");
|
|
+ return CKR_HOST_MEMORY;
|
|
+ }
|
|
tokdata->private_data = tpm_data;
|
|
|
|
tpm_data->tspContext = NULL_HCONTEXT;
|
|
@@ -221,12 +225,15 @@ CK_RV token_specific_init(STDLL_TokData_t * tokdata, CK_SLOT_ID SlotNumber,
|
|
result = Tspi_Context_Create(&tpm_data->tspContext);
|
|
if (result) {
|
|
TRACE_ERROR("Tspi_Context_Create failed. rc=0x%x\n", result);
|
|
+ free(tpm_data);
|
|
return CKR_FUNCTION_FAILED;
|
|
}
|
|
|
|
result = Tspi_Context_Connect(tpm_data->tspContext, NULL);
|
|
if (result) {
|
|
TRACE_ERROR("Tspi_Context_Connect failed. rc=0x%x\n", result);
|
|
+ Tspi_Context_Close(tpm_data->tspContext);
|
|
+ free(tpm_data);
|
|
return CKR_FUNCTION_FAILED;
|
|
}
|
|
|
|
@@ -234,6 +241,8 @@ CK_RV token_specific_init(STDLL_TokData_t * tokdata, CK_SLOT_ID SlotNumber,
|
|
&tpm_data->hDefaultPolicy);
|
|
if (result) {
|
|
TRACE_ERROR("Tspi_Context_GetDefaultPolicy failed. rc=0x%x\n", result);
|
|
+ Tspi_Context_Close(tpm_data->tspContext);
|
|
+ free(tpm_data);
|
|
return CKR_FUNCTION_FAILED;
|
|
}
|
|
|