commit 50408fc3ae0f25b256dda2033d538f88c9b4f903
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Mon Jul 5 16:02:28 2021 +0200
COMMON: Fix memory leaks
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
diff --git a/usr/lib/common/mech_aes.c b/usr/lib/common/mech_aes.c
index 59f82482..a1241693 100644
--- a/usr/lib/common/mech_aes.c
+++ b/usr/lib/common/mech_aes.c
@@ -2359,6 +2359,8 @@ CK_RV aes_mac_sign(STDLL_TokData_t *tokdata,
memcpy(out_data, ((AES_DATA_CONTEXT *) ctx->context)->iv, mac_len);
*out_data_len = mac_len;
+ sign_mgr_cleanup(tokdata, sess, ctx);
+
return rc;
}
}
@@ -2497,6 +2499,8 @@ CK_RV aes_mac_sign_final(STDLL_TokData_t *tokdata,
memcpy(out_data, context->iv, mac_len);
*out_data_len = mac_len;
+ sign_mgr_cleanup(tokdata, sess, ctx);
+
return rc;
}
@@ -2554,8 +2558,12 @@ CK_RV aes_mac_verify(STDLL_TokData_t *tokdata,
}
if (CRYPTO_memcmp(out_data, ((AES_DATA_CONTEXT *) ctx->context)->iv,
- out_data_len) == 0)
+ out_data_len) == 0) {
+ verify_mgr_cleanup(tokdata, sess, ctx);
return CKR_OK;
+ }
+
+ verify_mgr_cleanup(tokdata, sess, ctx);
return CKR_SIGNATURE_INVALID;
}
@@ -2685,8 +2693,12 @@ CK_RV aes_mac_verify_final(STDLL_TokData_t *tokdata,
}
}
- if (CRYPTO_memcmp(signature, context->iv, signature_len) == 0)
+ if (CRYPTO_memcmp(signature, context->iv, signature_len) == 0) {
+ verify_mgr_cleanup(tokdata, sess, ctx);
return CKR_OK;
+ }
+
+ verify_mgr_cleanup(tokdata, sess, ctx);
return CKR_SIGNATURE_INVALID;
}
@@ -2766,6 +2778,8 @@ CK_RV aes_cmac_sign(STDLL_TokData_t *tokdata,
memcpy(out_data, ((AES_CMAC_CONTEXT *) ctx->context)->iv, mac_len);
*out_data_len = mac_len;
+ sign_mgr_cleanup(tokdata, sess, ctx);
+
done:
object_put(tokdata, key_obj, TRUE);
key_obj = NULL;
@@ -2913,6 +2927,8 @@ done:
object_put(tokdata, key_obj, TRUE);
key_obj = NULL;
+ sign_mgr_cleanup(tokdata, sess, ctx);
+
return rc;
}
@@ -2969,9 +2985,12 @@ CK_RV aes_cmac_verify(STDLL_TokData_t *tokdata,
if (CRYPTO_memcmp(out_data, ((AES_CMAC_CONTEXT *) ctx->context)->iv,
out_data_len) == 0) {
+ verify_mgr_cleanup(tokdata, sess, ctx);
return CKR_OK;
}
+ verify_mgr_cleanup(tokdata, sess, ctx);
+
return CKR_SIGNATURE_INVALID;
}
@@ -3105,8 +3124,12 @@ CK_RV aes_cmac_verify_final(STDLL_TokData_t *tokdata,
return rc;
}
- if (CRYPTO_memcmp(signature, context->iv, signature_len) == 0)
+ if (CRYPTO_memcmp(signature, context->iv, signature_len) == 0) {
+ verify_mgr_cleanup(tokdata, sess, ctx);
return CKR_OK;
+ }
+
+ verify_mgr_cleanup(tokdata, sess, ctx);
return CKR_SIGNATURE_INVALID;
}
diff --git a/usr/lib/common/mech_des3.c b/usr/lib/common/mech_des3.c
index 591ad3fa..3582102a 100644
--- a/usr/lib/common/mech_des3.c
+++ b/usr/lib/common/mech_des3.c
@@ -2006,6 +2006,8 @@ CK_RV des3_mac_sign(STDLL_TokData_t *tokdata,
*out_data_len = mac_len;
+ sign_mgr_cleanup(tokdata, sess, ctx);
+
return rc;
}
}
@@ -2144,6 +2146,8 @@ CK_RV des3_mac_sign_final(STDLL_TokData_t *tokdata,
*out_data_len = mac_len;
+ sign_mgr_cleanup(tokdata, sess, ctx);
+
return rc;
}
@@ -2197,8 +2201,12 @@ CK_RV des3_mac_verify(STDLL_TokData_t *tokdata,
key_obj = NULL;
if (CRYPTO_memcmp(out_data, ((DES_DATA_CONTEXT *) ctx->context)->iv,
- out_data_len) == 0)
+ out_data_len) == 0) {
+ verify_mgr_cleanup(tokdata, sess, ctx);
return CKR_OK;
+ }
+
+ verify_mgr_cleanup(tokdata, sess, ctx);
return CKR_SIGNATURE_INVALID;
}
@@ -2328,8 +2336,12 @@ CK_RV des3_mac_verify_final(STDLL_TokData_t *tokdata,
}
}
- if (CRYPTO_memcmp(signature, context->iv, signature_len) == 0)
+ if (CRYPTO_memcmp(signature, context->iv, signature_len) == 0) {
+ verify_mgr_cleanup(tokdata, sess, ctx);
return CKR_OK;
+ }
+
+ verify_mgr_cleanup(tokdata, sess, ctx);
return CKR_SIGNATURE_INVALID;
}
@@ -2410,6 +2422,8 @@ CK_RV des3_cmac_sign(STDLL_TokData_t *tokdata,
object_put(tokdata, key_obj, TRUE);
key_obj = NULL;
+ sign_mgr_cleanup(tokdata, sess, ctx);
+
return rc;
}
@@ -2553,6 +2567,8 @@ done:
object_put(tokdata, key_obj, TRUE);
key_obj = NULL;
+ sign_mgr_cleanup(tokdata, sess, ctx);
+
return rc;
}
@@ -2605,8 +2621,12 @@ CK_RV des3_cmac_verify(STDLL_TokData_t *tokdata,
if (CRYPTO_memcmp(out_data, ((DES_CMAC_CONTEXT *) ctx->context)->iv,
out_data_len) == 0) {
+ verify_mgr_cleanup(tokdata, sess, ctx);
return CKR_OK;
}
+
+ verify_mgr_cleanup(tokdata, sess, ctx);
+
return CKR_SIGNATURE_INVALID;
}
@@ -2739,8 +2759,12 @@ CK_RV des3_cmac_verify_final(STDLL_TokData_t *tokdata,
ctx->context_free_func = des3_cmac_cleanup;
- if (CRYPTO_memcmp(signature, context->iv, signature_len) == 0)
+ if (CRYPTO_memcmp(signature, context->iv, signature_len) == 0) {
+ verify_mgr_cleanup(tokdata, sess, ctx);
return CKR_OK;
+ }
+
+ verify_mgr_cleanup(tokdata, sess, ctx);
return CKR_SIGNATURE_INVALID;
}
diff --git a/usr/lib/common/new_host.c b/usr/lib/common/new_host.c
index d01091f9..8bff6ada 100644
--- a/usr/lib/common/new_host.c
+++ b/usr/lib/common/new_host.c
@@ -174,6 +174,7 @@ CK_RV ST_Initialize(API_Slot_t *sltp, CK_SLOT_ID SlotNumber,
if (rc != 0) {
sltp->FcnList = NULL;
detach_shm(sltp->TokData, 0);
+ final_data_store(sltp->TokData);
if (sltp->TokData)
free(sltp->TokData);
sltp->TokData = NULL;
@@ -186,6 +187,7 @@ CK_RV ST_Initialize(API_Slot_t *sltp, CK_SLOT_ID SlotNumber,
rc = load_token_data(sltp->TokData, SlotNumber);
if (rc != CKR_OK) {
sltp->FcnList = NULL;
+ final_data_store(sltp->TokData);
if (sltp->TokData)
free(sltp->TokData);
sltp->TokData = NULL;
@@ -218,6 +220,7 @@ done:
SC_Finalize(sltp->TokData, SlotNumber, sinfp, NULL, 0);
} else {
CloseXProcLock(sltp->TokData);
+ final_data_store(sltp->TokData);
free(sltp->TokData);
sltp->TokData = NULL;
}
diff --git a/usr/lib/ep11_stdll/new_host.c b/usr/lib/ep11_stdll/new_host.c
index a0e7517c..45f13551 100644
--- a/usr/lib/ep11_stdll/new_host.c
+++ b/usr/lib/ep11_stdll/new_host.c
@@ -164,6 +164,7 @@ CK_RV ST_Initialize(API_Slot_t *sltp, CK_SLOT_ID SlotNumber,
if (rc != 0) {
sltp->FcnList = NULL;
detach_shm(sltp->TokData, 0);
+ final_data_store(sltp->TokData);
if (sltp->TokData)
free(sltp->TokData);
sltp->TokData = NULL;
@@ -176,6 +177,7 @@ CK_RV ST_Initialize(API_Slot_t *sltp, CK_SLOT_ID SlotNumber,
rc = load_token_data(sltp->TokData, SlotNumber);
if (rc != CKR_OK) {
sltp->FcnList = NULL;
+ final_data_store(sltp->TokData);
if (sltp->TokData)
free(sltp->TokData);
sltp->TokData = NULL;
@@ -208,6 +210,7 @@ done:
SC_Finalize(sltp->TokData, SlotNumber, sinfp, NULL, 0);
} else {
CloseXProcLock(sltp->TokData);
+ final_data_store(sltp->TokData);
free(sltp->TokData);
sltp->TokData = NULL;
}
diff --git a/usr/lib/icsf_stdll/new_host.c b/usr/lib/icsf_stdll/new_host.c
index 09e9d27a..eed632c3 100644
--- a/usr/lib/icsf_stdll/new_host.c
+++ b/usr/lib/icsf_stdll/new_host.c
@@ -162,6 +162,7 @@ CK_RV ST_Initialize(API_Slot_t *sltp, CK_SLOT_ID SlotNumber,
if (rc != 0) {
sltp->FcnList = NULL;
detach_shm(sltp->TokData, 0);
+ final_data_store(sltp->TokData);
if (sltp->TokData)
free(sltp->TokData);
sltp->TokData = NULL;
@@ -174,6 +175,7 @@ CK_RV ST_Initialize(API_Slot_t *sltp, CK_SLOT_ID SlotNumber,
rc = load_token_data(sltp->TokData, SlotNumber);
if (rc != CKR_OK) {
sltp->FcnList = NULL;
+ final_data_store(sltp->TokData);
if (sltp->TokData)
free(sltp->TokData);
sltp->TokData = NULL;
@@ -206,6 +208,7 @@ done:
SC_Finalize(sltp->TokData, SlotNumber, sinfp, NULL, 0);
} else {
CloseXProcLock(sltp->TokData);
+ final_data_store(sltp->TokData);
free(sltp->TokData);
sltp->TokData = NULL;
}
diff --git a/usr/lib/tpm_stdll/tpm_specific.c b/usr/lib/tpm_stdll/tpm_specific.c
index 45bc4b78..c7557108 100644
--- a/usr/lib/tpm_stdll/tpm_specific.c
+++ b/usr/lib/tpm_stdll/tpm_specific.c
@@ -213,6 +213,10 @@ CK_RV token_specific_init(STDLL_TokData_t * tokdata, CK_SLOT_ID SlotNumber,
}
tpm_data = (tpm_private_data_t *)calloc(1, sizeof(tpm_private_data_t));
+ if (tpm_data == NULL) {
+ TRACE_ERROR("calloc failed\n");
+ return CKR_HOST_MEMORY;
+ }
tokdata->private_data = tpm_data;
tpm_data->tspContext = NULL_HCONTEXT;
@@ -221,12 +225,15 @@ CK_RV token_specific_init(STDLL_TokData_t * tokdata, CK_SLOT_ID SlotNumber,
result = Tspi_Context_Create(&tpm_data->tspContext);
if (result) {
TRACE_ERROR("Tspi_Context_Create failed. rc=0x%x\n", result);
+ free(tpm_data);
return CKR_FUNCTION_FAILED;
}
result = Tspi_Context_Connect(tpm_data->tspContext, NULL);
if (result) {
TRACE_ERROR("Tspi_Context_Connect failed. rc=0x%x\n", result);
+ Tspi_Context_Close(tpm_data->tspContext);
+ free(tpm_data);
return CKR_FUNCTION_FAILED;
}
@@ -234,6 +241,8 @@ CK_RV token_specific_init(STDLL_TokData_t * tokdata, CK_SLOT_ID SlotNumber,
&tpm_data->hDefaultPolicy);
if (result) {
TRACE_ERROR("Tspi_Context_GetDefaultPolicy failed. rc=0x%x\n", result);
+ Tspi_Context_Close(tpm_data->tspContext);
+ free(tpm_data);
return CKR_FUNCTION_FAILED;
}