From 4db6994fa00a4c5b53afd364ac359e95d6772bb5 Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Fri, 19 Jul 2013 12:16:14 +0900 Subject: [PATCH] fix memory handling --- ChangeLog | 7 +++++++ src/call-ec_p256.c | 2 +- src/call-rsa.c | 4 ++-- src/gnuk.h | 6 +++--- src/openpgp-do.c | 34 ++++++++++++++++++++++------------ 5 files changed, 35 insertions(+), 18 deletions(-) diff --git a/ChangeLog b/ChangeLog index 956949f..b12f018 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ 2013-07-19 Niibe Yutaka + * src/openpgp-do.c (gpg_do_write_prvkey, gpg_do_keygen): Fix + allocated memory handling. Clean up before free. + * src/call-rsa.c (modulus_calc, rsa_genkey): Fix removing const. + * src/call-ec_p256.c (ecdsa_compute_public): Likewise. + +2013-07-18 Niibe Yutaka + Port to Chopstx. * src/Makefile.in: Change for Chopstx. * src/configure: Likewise. diff --git a/src/call-ec_p256.c b/src/call-ec_p256.c index 3cce2ae..82aa526 100644 --- a/src/call-ec_p256.c +++ b/src/call-ec_p256.c @@ -62,7 +62,7 @@ ecdsa_sign (const uint8_t *hash, uint8_t *output, return 0; } -const uint8_t * +uint8_t * ecdsa_compute_public (const uint8_t *key_data) { uint8_t *p0, *p, *p1; diff --git a/src/call-rsa.c b/src/call-rsa.c index 4d47423..2322091 100644 --- a/src/call-rsa.c +++ b/src/call-rsa.c @@ -94,7 +94,7 @@ rsa_sign (const uint8_t *raw_message, uint8_t *output, int msg_len, /* * LEN: length in byte */ -const uint8_t * +uint8_t * modulus_calc (const uint8_t *p, int len) { mpi P, Q, N; @@ -207,7 +207,7 @@ rsa_verify (const uint8_t *pubkey, const uint8_t *hash, const uint8_t *sig) #define RSA_EXPONENT 0x10001 #ifdef KEYGEN_SUPPORT -const uint8_t * +uint8_t * rsa_genkey (void) { int r; diff --git a/src/gnuk.h b/src/gnuk.h index 9601981..9336b82 100644 --- a/src/gnuk.h +++ b/src/gnuk.h @@ -220,15 +220,15 @@ extern void put_binary (const char *s, int len); #endif extern int rsa_sign (const uint8_t *, uint8_t *, int, struct key_data *); -extern const uint8_t *modulus_calc (const uint8_t *, int); +extern uint8_t *modulus_calc (const uint8_t *, int); extern int rsa_decrypt (const uint8_t *, uint8_t *, int, struct key_data *); extern int rsa_verify (const uint8_t *pubkey, const uint8_t *hash, const uint8_t *signature); -extern const uint8_t *rsa_genkey (void); +extern uint8_t *rsa_genkey (void); extern int ecdsa_sign (const uint8_t *hash, uint8_t *output, const struct key_data *kd); -extern const uint8_t *ecdsa_compute_public (const uint8_t *key_data); +extern uint8_t *ecdsa_compute_public (const uint8_t *key_data); extern const uint8_t *gpg_do_read_simple (uint8_t); extern void gpg_do_write_simple (uint8_t, const uint8_t *, int); diff --git a/src/openpgp-do.c b/src/openpgp-do.c index e6e5c3b..57b6909 100644 --- a/src/openpgp-do.c +++ b/src/openpgp-do.c @@ -742,7 +742,7 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len, const uint8_t *ks_pw1; const uint8_t *ks_rc; struct key_data_internal kdi; - int pubkey_allocated_here = 0; + uint8_t *pubkey_allocated_here = NULL; uint8_t ks_pw1_len = 0; uint8_t ks_rc_len = 0; int pubkey_len = KEY_CONTENT_LEN; @@ -775,20 +775,18 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len, if (pubkey == NULL) { #ifdef RSA_AUTH - pubkey = modulus_calc (key_data, key_len); + pubkey_allocated_here = modulus_calc (key_data, key_len); #else /* ECDSA for authentication */ if (kk == GPG_KEY_FOR_AUTHENTICATION) - pubkey = ecdsa_compute_public (key_data); + pubkey_allocated_here = ecdsa_compute_public (key_data); else - pubkey = modulus_calc (key_data, key_len); + pubkey_allocated_here = modulus_calc (key_data, key_len); #endif - if (pubkey == NULL) + if (pubkey_allocated_here == NULL) { free (pd); return -1; } - - pubkey_allocated_here = 1; } DEBUG_INFO ("Getting keystore address...\r\n"); @@ -796,7 +794,10 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len, if (key_addr == NULL) { if (pubkey_allocated_here) - free ((void *)pubkey); + { + memset (pubkey_allocated_here, 0, pubkey_len); + free (pubkey_allocated_here); + } free (pd); return -1; } @@ -827,13 +828,19 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len, encrypt (dek, iv, (uint8_t *)&kdi, sizeof (struct key_data_internal)); - r = flash_key_write (key_addr, (const uint8_t *)kdi.data, pubkey, pubkey_len); + r = flash_key_write (key_addr, (const uint8_t *)kdi.data, + pubkey_allocated_here? pubkey_allocated_here: pubkey, + pubkey_len); if (pubkey_allocated_here) - free ((void *)pubkey); + { + memset (pubkey_allocated_here, 0, pubkey_len); + free (pubkey_allocated_here); + } if (r < 0) { random_bytes_free (dek); + memset (pd, 0, sizeof (struct prvkey_data)); free (pd); return r; } @@ -873,6 +880,7 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len, do_ptr[nr - NR_DO__FIRST__] = p; random_bytes_free (dek); + memset (pd, 0, sizeof (struct prvkey_data)); free (pd); if (p == NULL) return -1; @@ -924,6 +932,7 @@ gpg_do_chks_prvkey (enum kind_of_key kk, p = flash_do_write (nr, (const uint8_t *)pd, sizeof (struct prvkey_data)); do_ptr[nr - NR_DO__FIRST__] = p; + memset (pd, 0, sizeof (struct prvkey_data)); free (pd); if (p == NULL) return -1; @@ -1633,7 +1642,7 @@ gpg_do_keygen (uint8_t kk_byte) { enum kind_of_key kk; const uint8_t *keystring_admin; - const uint8_t *p_q_modulus; + uint8_t *p_q_modulus; const uint8_t *p_q; const uint8_t *modulus; int r; @@ -1665,7 +1674,8 @@ gpg_do_keygen (uint8_t kk_byte) r = gpg_do_write_prvkey (kk, p_q, KEY_CONTENT_LEN, keystring_admin, modulus); - free ((uint8_t *)p_q_modulus); + memset (p_q_modulus, 0, KEY_CONTENT_LEN*2); + free (p_q_modulus); if (r < 0) { GPG_ERROR ();