From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 27 Sep 2010 23:26:03 +0000 (+0000)
Subject: Use the PK11_DestroyContext() instead of PK11_Finalize() to destroy
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=440d17a3cf5d89794cdd6c6d304bcc1bde5ebc56;p=thirdparty%2Fkrb5.git

Use the PK11_DestroyContext() instead of PK11_Finalize() to destroy
crypto contexts in enc_gen.c; the latter seems to leak references.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/nss@24365 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/crypto/nss/enc_provider/enc_gen.c b/src/lib/crypto/nss/enc_provider/enc_gen.c
index 88edb0f33d..6d1b648644 100644
--- a/src/lib/crypto/nss/enc_provider/enc_gen.c
+++ b/src/lib/crypto/nss/enc_provider/enc_gen.c
@@ -262,7 +262,7 @@ k5_nss_gen_block_iov(krb5_key krb_key, CK_MECHANISM_TYPE mech,
     }
 done:
     if (ctx)
-         PK11_Finalize(ctx);
+        PK11_DestroyContext(ctx, PR_TRUE);
     if (param)
         SECITEM_FreeItem(param, PR_TRUE);
     return ret;
@@ -290,7 +290,7 @@ k5_nss_stream_free_state(krb5_data *state)
 
     /* Clean up the OpenSSL context if it was initialized. */
     if (sstate && sstate->loopback == sstate)
-        PK11_Finalize(sstate->ctx);
+        PK11_DestroyContext(sstate->ctx, PR_TRUE);
     free(sstate);
     return 0;
 }
@@ -350,7 +350,7 @@ k5_nss_gen_stream_iov(krb5_key krb_key, krb5_data *state,
     }
 done:
     if (!state && ctx)
-         PK11_Finalize(ctx);
+        PK11_DestroyContext(ctx, PR_TRUE);
     return ret;
 }
 
@@ -539,7 +539,7 @@ k5_nss_gen_cts_iov(krb5_key krb_key, CK_MECHANISM_TYPE mech,
 
 done:
     if (ctx)
-         PK11_Finalize(ctx);
+        PK11_DestroyContext(ctx, PR_TRUE);
     if (param)
         SECITEM_FreeItem(param, PR_TRUE);
     return ret;
@@ -655,7 +655,7 @@ k5_nss_gen_import(krb5_key krb_key, CK_MECHANISM_TYPE mech,
         ret = k5_nss_map_last_error();
         goto done;
     }
-    PK11_Finalize(ctx);
+    PK11_DestroyContext(ctx, PR_TRUE);
     ctx = NULL;
 
     /* Now now we have a 'wrapped' version of the, we can import it into
@@ -677,7 +677,7 @@ done:
         PK11_FreeSlot(slot);
 #ifdef FAKE_FIPS
     if (ctx)
-        PK11_Finalize(ctx);
+        PK11_DestroyContext(ctx, PR_TRUE);
     if (wrapping_key)
         PK11_FreeSymKey(wrapping_key);
 #endif