From: Greg Hudson <ghudson@mit.edu>
Date: Thu, 30 Sep 2010 03:40:17 +0000 (+0000)
Subject: Follow-up to r24365: call both PK11_Finalize and PK11_DestroyContext
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8ef8194f471d5513f4eac0a8e0a80ffdea045e02;p=thirdparty%2Fkrb5.git

Follow-up to r24365: call both PK11_Finalize and PK11_DestroyContext
to clean up crypto contexts.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/nss@24384 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/crypto/nss/enc_provider/enc_gen.c b/src/lib/crypto/nss/enc_provider/enc_gen.c
index 92d30b0491..4b1b03886d 100644
--- a/src/lib/crypto/nss/enc_provider/enc_gen.c
+++ b/src/lib/crypto/nss/enc_provider/enc_gen.c
@@ -233,8 +233,10 @@ k5_nss_gen_block_iov(krb5_key krb_key, CK_MECHANISM_TYPE mech,
         memcpy(ivec->data, lastptr, blocksize);
     }
 done:
-    if (ctx)
+    if (ctx) {
+        PK11_Finalize(ctx);
         PK11_DestroyContext(ctx, PR_TRUE);
+    }
     if (param)
         SECITEM_FreeItem(param, PR_TRUE);
     return ret;
@@ -261,8 +263,10 @@ k5_nss_stream_free_state(krb5_data *state)
     struct stream_state *sstate = (struct stream_state *) state->data;
 
     /* Clean up the OpenSSL context if it was initialized. */
-    if (sstate && sstate->loopback == sstate)
+    if (sstate && sstate->loopback == sstate) {
+        PK11_Finalize(sstate->ctx);
         PK11_DestroyContext(sstate->ctx, PR_TRUE);
+    }
     free(sstate);
     return 0;
 }
@@ -321,8 +325,10 @@ k5_nss_gen_stream_iov(krb5_key krb_key, krb5_data *state,
         }
     }
 done:
-    if (!state && ctx)
+    if (!state && ctx) {
+        PK11_Finalize(ctx);
         PK11_DestroyContext(ctx, PR_TRUE);
+    }
     return ret;
 }
 
@@ -510,8 +516,10 @@ k5_nss_gen_cts_iov(krb5_key krb_key, CK_MECHANISM_TYPE mech,
     }
 
 done:
-    if (ctx)
+    if (ctx) {
+        PK11_Finalize(ctx);
         PK11_DestroyContext(ctx, PR_TRUE);
+    }
     if (param)
         SECITEM_FreeItem(param, PR_TRUE);
     return ret;
@@ -624,6 +632,7 @@ k5_nss_gen_import(krb5_key krb_key, CK_MECHANISM_TYPE mech,
         ret = k5_nss_map_last_error();
         goto done;
     }
+    PK11_Finalize(ctx);
     PK11_DestroyContext(ctx, PR_TRUE);
     ctx = NULL;
 
@@ -645,8 +654,10 @@ done:
     if (slot)
         PK11_FreeSlot(slot);
 #ifdef FAKE_FIPS
-    if (ctx)
+    if (ctx) {
+        PK11_Finalize(ctx);
         PK11_DestroyContext(ctx, PR_TRUE);
+    }
     if (wrapping_key)
         PK11_FreeSymKey(wrapping_key);
 #endif