diff options
| author | Clemens Lang via Gcrypt-devel <gcrypt-devel@lists.gnupg.org> | 2022-02-11 16:55:24 +0100 |
|---|---|---|
| committer | NIIBE Yutaka <gniibe@fsij.org> | 2022-02-14 15:01:25 +0900 |
| commit | 7fc5d33e74164519edcd8127a35cc21228d2727f (patch) | |
| tree | 12c019fc7e78231af410c7bbed88a8f7f7807020 /cipher | |
| parent | b7dcb576bc1bb2cc23c29395f0c78c495af971d3 (diff) | |
| download | libgcrypt-7fc5d33e74164519edcd8127a35cc21228d2727f.tar.gz | |
fips: Fix memory leaks in FIPS mode
* cipher/pubkey.c (_gcry_pk_sign_md): Fix memory leak in FIPS mode when
used with SHA1
* tests/basic.c (check_one_cipher_core): Add missing free in error code
triggered in FIPS mode
* tests/dsa-rfc6979.c (check_dsa_rfc6979): Likewise
* tests/pubkey.c (check_x931_derived_key): Likewise
--
Signed-off-by: Clemens Lang <cllang@redhat.com>
Diffstat (limited to 'cipher')
| -rw-r--r-- | cipher/pubkey.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/cipher/pubkey.c b/cipher/pubkey.c index 7fdb7771..8deeced6 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -516,7 +516,10 @@ _gcry_pk_sign_md (gcry_sexp_t *r_sig, const char *tmpl, gcry_md_hd_t hd_orig, algo = _gcry_md_get_algo (hd); if (fips_mode () && algo == GCRY_MD_SHA1) - return GPG_ERR_DIGEST_ALGO; + { + _gcry_md_close (hd); + return GPG_ERR_DIGEST_ALGO; + } digest = _gcry_md_read (hd, 0); } |