oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

hcrypto PKCS#11 backend: don't leak sessions on digest reinit

Browse Source 
Clients of the EVP API can reinitialize message digest contexts
without destroying them. The PKCS#11 backend assumed they were
only used once, and was leaking session handles upon reinitialization.
This fix disposes of any existing PKCS#11 message digest context
in the initialization method.
This commit is contained in:
Luke Howard
2018-05-11 20:45:10 +10:00
parent 6a1bb95323
commit 9518f2965b
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/hcrypto/evp-pkcs11.c
View File

@@ -362,12 +362,18 @@ p11_cleanup(EVP_CIPHER_CTX *ctx)
return 1; return 1;
} }
static int
p11_md_cleanup(EVP_MD_CTX *ctx);
static int static int
p11_md_hash_init(CK_MECHANISM_TYPE mechanismType, EVP_MD_CTX *ctx) p11_md_hash_init(CK_MECHANISM_TYPE mechanismType, EVP_MD_CTX *ctx)
{ {
struct pkcs11_md_ctx *p11ctx = (struct pkcs11_md_ctx *)ctx; struct pkcs11_md_ctx *p11ctx = (struct pkcs11_md_ctx *)ctx;
CK_RV rv; CK_RV rv;
if (p11ctx->hSession != CK_INVALID_HANDLE)
p11_md_cleanup(ctx);
rv = p11_session_init(mechanismType, &p11ctx->hSession); rv = p11_session_init(mechanismType, &p11ctx->hSession);
if (rv == CKR_OK) { if (rv == CKR_OK) {
CK_MECHANISM mechanism = { mechanismType, NULL, 0 }; CK_MECHANISM mechanism = { mechanismType, NULL, 0 };