Add support for memory leak checking in fips_algvs.

Fix many memory leaks in algorithm test utilities.

Add support for memory leak checking in fips_algvs.
Fix many memory leaks in algorithm test utilities.
69569dd1 · Dr. Stephen Henson · 12cc4378 · 69569dd1 · 69569dd1 · 69569dd1
9 changed file
--- a/fips/aes/fips_aesavs.c
+++ b/fips/aes/fips_aesavs.c
@@ -535,7 +535,7 @@ static int do_mct(char *amode,
 		}
 	    }
 	}
-    
+    FIPS_cipher_ctx_cleanup(&ctx);
    return ret;
    }

@@ -850,6 +850,7 @@ static int proc_file(char *rqfile, char *rspfile)
 	fclose(rfp);
    if (afp)
 	fclose(afp);
+    FIPS_cipher_ctx_cleanup(&ctx);
    return err;
    }


--- a/fips/aes/fips_gcmtest.c
+++ b/fips/aes/fips_gcmtest.c
@@ -261,6 +261,7 @@ static void gcmtest(FILE *in, FILE *out, int encrypt)
 			iv = aad = ct = pt = key = tag = NULL;
 			}
 		}
+	FIPS_cipher_ctx_cleanup(&ctx);	
 	}

 static void xtstest(FILE *in, FILE *out)
@@ -335,6 +336,7 @@ static void xtstest(FILE *in, FILE *out)
 			iv = key = inbuf = outbuf = NULL;
 			}	
 		}
+	FIPS_cipher_ctx_cleanup(&ctx);	
 	}

 static void ccmtest(FILE *in, FILE *out)
@@ -428,6 +430,8 @@ static void ccmtest(FILE *in, FILE *out)
 			}
 		else if (!strcmp(keyword,"Adata"))
 			{
+			if (Adata)
+				OPENSSL_free(Adata);
 			Adata = hex2bin_m(value, &l);
 			if (Alen && l != Alen)
 				{
@@ -493,6 +497,8 @@ static void ccmtest(FILE *in, FILE *out)
 		OPENSSL_free(Key);
 	if (Nonce)
 		OPENSSL_free(Nonce);
+	if (Adata)
+		OPENSSL_free(Adata);
 	FIPS_cipher_ctx_cleanup(&ctx);
 	}


--- a/fips/des/fips_desmovs.c
+++ b/fips/des/fips_desmovs.c
@@ -263,6 +263,7 @@ static int do_tmct(char *amode,
 	if(imode == TOFB)
 	    for(n=0 ; n < 8 ; ++n)
 		text[n]=text0[n]^old_iv[n];
+	FIPS_cipher_ctx_cleanup(&ctx);
 	}
    return 1;
    }
@@ -622,6 +623,7 @@ static int tproc_file(char *rqfile, char *rspfile)
 	fclose(rfp);
    if (afp)
 	fclose(afp);
+    FIPS_cipher_ctx_cleanup(&ctx);
    return err;
    }


--- a/fips/dsa/fips_dssvs.c
+++ b/fips/dsa/fips_dssvs.c
@@ -199,6 +199,7 @@ static void pqg(FILE *in, FILE *out)
 			{
 			fprintf(out, "counter = %d" RESP_EOL RESP_EOL, counter);
 			}
+		FIPS_dsa_free(dsa);
 		}
 	    }
 	else if(!strcmp(keyword,"P"))
@@ -519,6 +520,8 @@ static void keyver(FILE *in, FILE *out)
 	    BN_free(g);
 	if (Y2)
 	    BN_free(Y2);
+	if (ctx)
+	    BN_CTX_free(ctx);
    }

 static void keypair(FILE *in, FILE *out)
@@ -575,6 +578,8 @@ static void keypair(FILE *in, FILE *out)
 		do_bn_print_name(out, "Y",dsa->pub_key);
 	    	fputs(RESP_EOL, out);
 		}
+	    if (dsa)
+		FIPS_dsa_free(dsa);
 	    }
 	}
    }
@@ -648,8 +653,8 @@ static void siggen(FILE *in, FILE *out)
 	    FIPS_md_ctx_cleanup(&mctx);
 	    }
 	}
-	if (dsa)
-		FIPS_dsa_free(dsa);
+    if (dsa)
+	FIPS_dsa_free(dsa);
    }

 static void sigver(FILE *in, FILE *out)
@@ -687,15 +692,15 @@ static void sigver(FILE *in, FILE *out)
 	    dsa = FIPS_dsa_new();
 	    }
 	else if(!strcmp(keyword,"P"))
-	    dsa->p=hex2bn(value);
+	    do_hex2bn(&dsa->p, value);
 	else if(!strcmp(keyword,"Q"))
-	    dsa->q=hex2bn(value);
+	    do_hex2bn(&dsa->q, value);
 	else if(!strcmp(keyword,"G"))
-	    dsa->g=hex2bn(value);
+	    do_hex2bn(&dsa->g, value);
 	else if(!strcmp(keyword,"Msg"))
 	    n=hex2bin(value,msg);
 	else if(!strcmp(keyword,"Y"))
-	    dsa->pub_key=hex2bn(value);
+	    do_hex2bn(&dsa->pub_key, value);
 	else if(!strcmp(keyword,"R"))
 	    sig->r=hex2bn(value);
 	else if(!strcmp(keyword,"S"))
@@ -711,10 +716,22 @@ static void sigver(FILE *in, FILE *out)
 	    r = FIPS_dsa_verify_ctx(dsa, &mctx, sig);
 	    no_err = 0;
 	    FIPS_md_ctx_cleanup(&mctx);
+	    if (sig->s)
+		{
+		BN_free(sig->s);
+		sig->s = NULL;
+		}
+	    if (sig->r)
+		{
+		BN_free(sig->r);
+		sig->r = NULL;
+		}
 	
 	    fprintf(out, "Result = %c" RESP_EOL RESP_EOL, r == 1 ? 'P' : 'F');
 	    }
 	}
+	if (dsa)
+	    FIPS_dsa_free(dsa);
    }

 #ifdef FIPS_ALGVS

--- a/fips/ecdh/fips_ecdhvs.c
+++ b/fips/ecdh/fips_ecdhvs.c
@@ -319,6 +319,7 @@ int main(int argc, char **argv)
 	EC_GROUP *group = NULL;
 	char *keyword = NULL, *value = NULL;
 	int do_verify = -1, exout = 0;
+	int rv = 1;

 	int curve_nids[5] = {0,0,0,0,0};
 	int param_set = -1;
@@ -463,10 +464,23 @@ int main(int argc, char **argv)
 					md, rhash, rhashlen);
 			}
 		}
-	return 0;
+	rv = 0;
 	parse_error:
-	fprintf(stderr, "Error Parsing request file\n");
-	exit(1);
+	if (id)
+		BN_free(id);
+	if (ix)
+		BN_free(ix);
+	if (iy)
+		BN_free(iy);
+	if (cx)
+		BN_free(cx);
+	if (cy)
+		BN_free(cy);
+	if (group)
+		EC_GROUP_free(group);
+	if (rv)
+		fprintf(stderr, "Error Parsing request file\n");
+	return rv;
 	}

 #endif
--- a/fips/ecdsa/fips_ecdsavs.c
+++ b/fips/ecdsa/fips_ecdsavs.c
@@ -287,10 +287,13 @@ static int PKV(FILE *in, FILE *out)
 			no_err = 1;
 			rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy);
 			no_err = 0;
+			EC_KEY_free(key);
 			fprintf(out, "Result = %s" RESP_EOL, rv ? "P":"F");
 			}

 		}
+	BN_free(Qx);
+	BN_free(Qy);
 	return 1;
 	}

@@ -358,7 +361,7 @@ static int SigGen(FILE *in, FILE *out)
 			do_bn_print_name(out, "S", sig->s);

 			EC_KEY_free(key);
-
+			OPENSSL_free(msg);
 			FIPS_ecdsa_sig_free(sig);

 			}
@@ -451,12 +454,24 @@ static int SigVer(FILE *in, FILE *out)
 			FIPS_digestupdate(&mctx, msg, mlen);
 			no_err = 1;
 	    		rv = FIPS_ecdsa_verify_ctx(key, &mctx, sig);
+			EC_KEY_free(key);
+			if (msg)
+				OPENSSL_free(msg);
 			no_err = 0;

 			fprintf(out, "Result = %s" RESP_EOL, rv ? "P":"F");
 			}

 		}
+	if (sig->r)
+		BN_free(sig->r);
+	if (sig->s)
+		BN_free(sig->s);
+	if (Qx)
+		BN_free(Qx);
+	if (Qy)
+		BN_free(Qy);
+	EVP_MD_CTX_cleanup(&mctx);
 	return 1;
 	}
 #ifdef FIPS_ALGVS

--- a/fips/fips_test_suite.c
+++ b/fips/fips_test_suite.c
@@ -651,6 +651,8 @@ static int Zeroize()
    for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
        printf("\n");

+    FIPS_rsa_free(key);
+
    return 1;
    }

@@ -696,7 +698,7 @@ static int do_drbg_test(int type, int flags)
 	}
    rv = 1;
    err:
-    FIPS_drbg_uninstantiate(dctx);
+    FIPS_drbg_free(dctx);
    return rv;
    }


--- a/fips/rsa/fips_rsastest.c
+++ b/fips/rsa/fips_rsastest.c
@@ -362,6 +362,9 @@ static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,

 	error:

+	if (sigbuf)
+		OPENSSL_free(sigbuf);
+
 	return ret;
 	}
 #endif
--- a/test/fips_algvs.c
+++ b/test/fips_algvs.c
@@ -229,9 +229,23 @@ int main(int argc, char **argv)
 	char **xargv;
 	int lineno = 0, badarg = 0;
 	int nerr = 0, quiet = 0, verbose = 0;
+	int rv;
 	FILE *in = NULL;
+#ifdef FIPS_ALGVS_MEMCHECK
+	CRYPTO_malloc_debug_init();
+	OPENSSL_init();
+	CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+#endif
+
 	if (*args && *args[0] != '-')
-		return run_prg(argc - 1, args);
+		{
+		rv = run_prg(argc - 1, args);
+#ifdef FIPS_ALGVS_MEMCHECK
+		CRYPTO_mem_leaks_fp(stderr);
+#endif
+		return rv;
+		}
 	while (!badarg && *args && *args[0] == '-')
 		{
 		if (!strcmp(*args, "-script"))
@@ -276,7 +290,6 @@ int main(int argc, char **argv)
 			fprintf(stderr, "Error processing line %d\n", lineno);
 		else
 			{
-			int rv;
 			if (!quiet)
 				{
 				int i;
@@ -303,10 +316,15 @@ int main(int argc, char **argv)
 	if (!quiet)
 		printf("Completed with %d errors\n", nerr);

+	if (arg.data)
+		OPENSSL_free(arg.data);
+
 	fclose(in);
+#ifdef FIPS_ALGVS_MEMCHECK
+	CRYPTO_mem_leaks_fp(stderr);
+#endif
 	if (nerr == 0)
 		return 0;
 	return 1;
 	}
-
 #endif