From 9518f2965b4d0daef0eda733c31c6c26ccae20a4 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Fri, 11 May 2018 20:45:10 +1000 Subject: [PATCH] hcrypto PKCS#11 backend: don't leak sessions on digest reinit Clients of the EVP API can reinitialize message digest contexts without destroying them. The PKCS#11 backend assumed they were only used once, and was leaking session handles upon reinitialization. This fix disposes of any existing PKCS#11 message digest context in the initialization method. --- lib/hcrypto/evp-pkcs11.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/hcrypto/evp-pkcs11.c b/lib/hcrypto/evp-pkcs11.c index ea47dd871..7d792b84d 100644 --- a/lib/hcrypto/evp-pkcs11.c +++ b/lib/hcrypto/evp-pkcs11.c @@ -362,12 +362,18 @@ p11_cleanup(EVP_CIPHER_CTX *ctx) return 1; } +static int +p11_md_cleanup(EVP_MD_CTX *ctx); + static int p11_md_hash_init(CK_MECHANISM_TYPE mechanismType, EVP_MD_CTX *ctx) { struct pkcs11_md_ctx *p11ctx = (struct pkcs11_md_ctx *)ctx; CK_RV rv; + if (p11ctx->hSession != CK_INVALID_HANDLE) + p11_md_cleanup(ctx); + rv = p11_session_init(mechanismType, &p11ctx->hSession); if (rv == CKR_OK) { CK_MECHANISM mechanism = { mechanismType, NULL, 0 };