From 53cb50761d712f5e44f88798a01f28f4229cb88b Mon Sep 17 00:00:00 2001 From: toddouska Date: Thu, 4 Dec 2014 11:24:38 -0800 Subject: [PATCH] fix hash hrbg memory leaks --- ctaocrypt/src/pkcs7.c | 2 +- ctaocrypt/test/test.c | 8 ++++++++ src/ssl.c | 11 ++++++++++- 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/ctaocrypt/src/pkcs7.c b/ctaocrypt/src/pkcs7.c index 9e3706da0..772492656 100644 --- a/ctaocrypt/src/pkcs7.c +++ b/ctaocrypt/src/pkcs7.c @@ -1442,7 +1442,7 @@ int PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) XMEMCPY(output + idx, encryptedContent, desOutSz); idx += desOutSz; -#ifdef NO_RC4 +#if defined(HAVE_HASHDRBG) || defined(NO_RC4) FreeRng(&rng); #endif diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index ca18a6764..e1ca24a27 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -4704,6 +4704,10 @@ int ecc_test(void) ecc_free(&userB); ecc_free(&userA); +#if defined(HAVE_HASHDRBG) || defined(NO_RC4) + FreeRng(&rng); +#endif + return 0; } @@ -5267,6 +5271,10 @@ int pkcs7signed_test(void) free(out); PKCS7_Free(&msg); +#if defined(HAVE_HASHDRBG) || defined(NO_RC4) + FreeRng(&rng); +#endif + if (ret > 0) return 0; diff --git a/src/ssl.c b/src/ssl.c index 54e7954dd..0e5801f92 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10263,6 +10263,7 @@ int CyaSSL_RAND_seed(const void* seed, int len) int CyaSSL_RAND_bytes(unsigned char* buf, int num) { int ret = 0; + int initTmpRng = 0; RNG* rng = NULL; #ifdef CYASSL_SMALL_STACK RNG* tmpRNG = NULL; @@ -10278,8 +10279,10 @@ int CyaSSL_RAND_bytes(unsigned char* buf, int num) return ret; #endif - if (InitRng(tmpRNG) == 0) + if (InitRng(tmpRNG) == 0) { rng = tmpRNG; + initTmpRng = 1; + } else if (initGlobalRNG) rng = &globalRNG; @@ -10290,6 +10293,12 @@ int CyaSSL_RAND_bytes(unsigned char* buf, int num) ret = SSL_SUCCESS; } + if (initTmpRng) { + #if defined(HAVE_HASHDRBG) || defined(NO_RC4) + FreeRng(tmpRNG); + #endif + } + #ifdef CYASSL_SMALL_STACK XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif