Fix PQC Memory leak issues.

johnpeck-us-ibm · johnpeck-us-ibm · commit df6c7c3afff0 · 2026-01-21T12:46:13.000-06:00
Make fixes found by zOS. That could or will cause
a memory leak.

Signed-off-by: johnpeck-us-ibm &lt;johnpeck@us.ibm.com&gt;
diff --git a/src/main/native/KEM.c b/src/main/native/KEM.c
@@ -1,5 +1,5 @@
 /*
- * Copyright IBM Corp. 2025
+ * Copyright IBM Corp. 2025, 2026
  *
  * This code is free software; you can redistribute it and/or modify it
  * under the terms provided by IBM in the LICENSE file that accompanied
@@ -67,7 +67,7 @@ Java_com_ibm_crypto_plus_provider_ock_NativeInterface_KEM_1encapsulate(
             free(wrappedKeyLocal);
         }
         if (genkeylocal != NULL) {
-            free(wrappedKeyLocal);
+            free(genkeylocal);
         }
         ICC_EVP_PKEY_CTX_free(ockCtx, evp_pk);
         throwOCKException(env, 0, "malloc failed");
diff --git a/src/main/native/MLKey.c b/src/main/native/MLKey.c
@@ -1,5 +1,5 @@
 /*
- * Copyright IBM Corp. 2025
+ * Copyright IBM Corp. 2025, 2026
  *
  * This code is free software; you can redistribute it and/or modify it
  * under the terms provided by IBM in the LICENSE file that accompanied
@@ -373,49 +373,45 @@ Java_com_ibm_crypto_plus_provider_ock_NativeInterface_MLKEY_1createPrivateKey(
         return mlkeyId;
     }
 
-    keyBytesNative = (unsigned char *)((*env)->GetPrimitiveArrayCritical(
-        env, privateKeyBytes, &isCopy));
-    if (NULL == keyBytesNative) {
-        throwOCKException(env, 0, "NULL from GetPrimitiveArrayCritical!");
-    } else {
-        pBytes = keyBytesNative;
-        size   = (*env)->GetArrayLength(env, privateKeyBytes);
-        if (cipherName == NULL) {
+    if (!(algoChars = (*env)->GetStringUTFChars(env, cipherName, NULL))) {
 #ifdef DEBUG_PQC_KEY_DETAIL
-            if (debug) {
-                gslogMessage("cipherName = NULL");
-            }
-#endif
-            (*env)->ReleasePrimitiveArrayCritical(env, privateKeyBytes,
-                                                  keyBytesNative, JNI_ABORT);
-            return 0;
+        if (debug) {
+            gslogMessage("GetStringUTFChars failed %s", cipherName);
         }
-
-        if (!(algoChars = (*env)->GetStringUTFChars(env, cipherName, NULL))) {
-#ifdef DEBUG_PQC_KEY_DETAIL
-            if (debug) {
-                gslogMessage("GetStringUTFChars failed %s", cipherName);
-            }
 #endif
-            (*env)->ReleasePrimitiveArrayCritical(env, privateKeyBytes,
-                                                  keyBytesNative, JNI_ABORT);
-            return 0;
-        }
-        nid = ICC_OBJ_txt2nid(ockCtx, algoChars);
+        return 0;
+    }
 
-        if (!nid) {
-            throwOCKException(
-                env, 0, "Algorithm not found."); /* Unsupported algorithm */
-        } else {
-            ockPKey =
-                ICC_d2i_PrivateKey(ockCtx, nid, &ockPKey, &pBytes, (long)size);
+    nid = ICC_OBJ_txt2nid(ockCtx, algoChars);
 
-            if (ockPKey == NULL) {
-                ockCheckStatus(ockCtx);
-                throwOCKException(env, 0, "ICC_d2i_PrivateKey failed");
+    if (!nid) {
+        throwOCKException(
+            env, 0, "Algorithm not found."); /* Unsupported algorithm */
+    } else {
+        keyBytesNative = (unsigned char *)((*env)->GetPrimitiveArrayCritical(
+            env, privateKeyBytes, &isCopy));
+
+        if (NULL != keyBytesNative) {
+            pBytes = keyBytesNative;
+            size   = (*env)->GetArrayLength(env, privateKeyBytes);
+
+            if (cipherName != NULL) {
+                ockPKey =
+                    ICC_d2i_PrivateKey(ockCtx, nid, &ockPKey, &pBytes, (long)size);
+
+                if (ockPKey == NULL) {
+                    ockCheckStatus(ockCtx);
+                    throwOCKException(env, 0, "ICC_d2i_PrivateKey failed");
+                } else {
+                    mlkeyId = (jlong)((intptr_t)ockPKey);
+                }
             } else {
-                mlkeyId = (jlong)((intptr_t)ockPKey);
-            }
+#ifdef DEBUG_PQC_KEY_DETAIL
+                if (debug) {
+                    gslogMessage("cipherName = NULL");
+                }
+#endif
+            } 
         }
     }
 
@@ -653,7 +649,7 @@ Java_com_ibm_crypto_plus_provider_ock_NativeInterface_MLKEY_1getPublicKeyBytes(
         (*env)->DeleteLocalRef(env, keyBytes);
     }
 
-    return keyBytes;
+    return retKeyBytes;
 }
 
 //============================================================================
diff --git a/src/main/native/SignaturePQC.c b/src/main/native/SignaturePQC.c
@@ -177,7 +177,7 @@ Java_com_ibm_crypto_plus_provider_ock_NativeInterface_PQC_1SIGNATURE_1verify(
             env, data, &isCopy));
 
         if (dataNative == NULL) {
-            (*env)->ReleasePrimitiveArrayCritical(env, data, dataNative,
+            (*env)->ReleasePrimitiveArrayCritical(env, sigBytes, sigBytesNative,
                                                   JNI_ABORT);
             throwOCKException(env, 0, "GetPrimitiveArrayCritical failed");
             return verified;

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`/*`
`2`		`- * Copyright IBM Corp. 2025`
	`2`	`+ * Copyright IBM Corp. 2025, 2026`
`3`	`3`	`*`
`4`	`4`	`* This code is free software; you can redistribute it and/or modify it`
`5`	`5`	`* under the terms provided by IBM in the LICENSE file that accompanied`
`@@ -67,7 +67,7 @@ Java_com_ibm_crypto_plus_provider_ock_NativeInterface_KEM_1encapsulate(`
`67`	`67`	`free(wrappedKeyLocal);`
`68`	`68`	`}`
`69`	`69`	`if (genkeylocal != NULL) {`
`70`		`- free(wrappedKeyLocal);`
	`70`	`+ free(genkeylocal);`
`71`	`71`	`}`
`72`	`72`	`ICC_EVP_PKEY_CTX_free(ockCtx, evp_pk);`
`73`	`73`	`throwOCKException(env, 0, "malloc failed");`