deon/gnuk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix memory handling

Browse Source
This commit is contained in:
NIIBE Yutaka
2013-07-19 12:16:14 +09:00
parent 596a307219
commit 4db6994fa0
5 changed files with 35 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@@ -1,5 +1,12 @@
2013-07-19 Niibe Yutaka <gniibe@fsij.org> 2013-07-19 Niibe Yutaka <gniibe@fsij.org>
* src/openpgp-do.c (gpg_do_write_prvkey, gpg_do_keygen): Fix
allocated memory handling. Clean up before free.
* src/call-rsa.c (modulus_calc, rsa_genkey): Fix removing const.
* src/call-ec_p256.c (ecdsa_compute_public): Likewise.
2013-07-18 Niibe Yutaka <gniibe@fsij.org>
Port to Chopstx. Port to Chopstx.
* src/Makefile.in: Change for Chopstx. * src/Makefile.in: Change for Chopstx.
* src/configure: Likewise. * src/configure: Likewise.

2
src/call-ec_p256.c
View File

@@ -62,7 +62,7 @@ ecdsa_sign (const uint8_t *hash, uint8_t *output,
return 0; return 0;
} }
const uint8_t * uint8_t *
ecdsa_compute_public (const uint8_t *key_data) ecdsa_compute_public (const uint8_t *key_data)
{ {
uint8_t *p0, *p, *p1; uint8_t *p0, *p, *p1;

4
src/call-rsa.c
View File

@@ -94,7 +94,7 @@ rsa_sign (const uint8_t *raw_message, uint8_t *output, int msg_len,
/* /*
* LEN: length in byte * LEN: length in byte
*/ */
const uint8_t * uint8_t *
modulus_calc (const uint8_t *p, int len) modulus_calc (const uint8_t *p, int len)
{ {
mpi P, Q, N; mpi P, Q, N;
@@ -207,7 +207,7 @@ rsa_verify (const uint8_t *pubkey, const uint8_t *hash, const uint8_t *sig)
#define RSA_EXPONENT 0x10001 #define RSA_EXPONENT 0x10001
#ifdef KEYGEN_SUPPORT #ifdef KEYGEN_SUPPORT
const uint8_t * uint8_t *
rsa_genkey (void) rsa_genkey (void)
{ {
int r; int r;

6
src/gnuk.h
View File

@@ -220,15 +220,15 @@ extern void put_binary (const char *s, int len);
#endif #endif
extern int rsa_sign (const uint8_t *, uint8_t *, int, struct key_data *); extern int rsa_sign (const uint8_t *, uint8_t *, int, struct key_data *);
extern const uint8_t *modulus_calc (const uint8_t *, int); extern uint8_t *modulus_calc (const uint8_t *, int);
extern int rsa_decrypt (const uint8_t *, uint8_t *, int, struct key_data *); extern int rsa_decrypt (const uint8_t *, uint8_t *, int, struct key_data *);
extern int rsa_verify (const uint8_t *pubkey, const uint8_t *hash, extern int rsa_verify (const uint8_t *pubkey, const uint8_t *hash,
const uint8_t *signature); const uint8_t *signature);
extern const uint8_t *rsa_genkey (void); extern uint8_t *rsa_genkey (void);
extern int ecdsa_sign (const uint8_t *hash, uint8_t *output, extern int ecdsa_sign (const uint8_t *hash, uint8_t *output,
const struct key_data *kd); const struct key_data *kd);
extern const uint8_t *ecdsa_compute_public (const uint8_t *key_data); extern uint8_t *ecdsa_compute_public (const uint8_t *key_data);
extern const uint8_t *gpg_do_read_simple (uint8_t); extern const uint8_t *gpg_do_read_simple (uint8_t);
extern void gpg_do_write_simple (uint8_t, const uint8_t *, int); extern void gpg_do_write_simple (uint8_t, const uint8_t *, int);

34
src/openpgp-do.c
View File

@@ -742,7 +742,7 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len,
const uint8_t *ks_pw1; const uint8_t *ks_pw1;
const uint8_t *ks_rc; const uint8_t *ks_rc;
struct key_data_internal kdi; struct key_data_internal kdi;
int pubkey_allocated_here = 0; uint8_t *pubkey_allocated_here = NULL;
uint8_t ks_pw1_len = 0; uint8_t ks_pw1_len = 0;
uint8_t ks_rc_len = 0; uint8_t ks_rc_len = 0;
int pubkey_len = KEY_CONTENT_LEN; int pubkey_len = KEY_CONTENT_LEN;
@@ -775,20 +775,18 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len,
if (pubkey == NULL) if (pubkey == NULL)
{ {
#ifdef RSA_AUTH #ifdef RSA_AUTH
pubkey = modulus_calc (key_data, key_len); pubkey_allocated_here = modulus_calc (key_data, key_len);
#else /* ECDSA for authentication */ #else /* ECDSA for authentication */
if (kk == GPG_KEY_FOR_AUTHENTICATION) if (kk == GPG_KEY_FOR_AUTHENTICATION)
pubkey = ecdsa_compute_public (key_data); pubkey_allocated_here = ecdsa_compute_public (key_data);
else else
pubkey = modulus_calc (key_data, key_len); pubkey_allocated_here = modulus_calc (key_data, key_len);
#endif #endif
if (pubkey == NULL) if (pubkey_allocated_here == NULL)
{ {
free (pd); free (pd);
return -1; return -1;
} }
pubkey_allocated_here = 1;
} }
DEBUG_INFO ("Getting keystore address...\r\n"); DEBUG_INFO ("Getting keystore address...\r\n");
@@ -796,7 +794,10 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len,
if (key_addr == NULL) if (key_addr == NULL)
{ {
if (pubkey_allocated_here) if (pubkey_allocated_here)
free ((void *)pubkey); {
memset (pubkey_allocated_here, 0, pubkey_len);
free (pubkey_allocated_here);
}
free (pd); free (pd);
return -1; return -1;
} }
@@ -827,13 +828,19 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len,
encrypt (dek, iv, (uint8_t *)&kdi, sizeof (struct key_data_internal)); encrypt (dek, iv, (uint8_t *)&kdi, sizeof (struct key_data_internal));
r = flash_key_write (key_addr, (const uint8_t *)kdi.data, pubkey, pubkey_len); r = flash_key_write (key_addr, (const uint8_t *)kdi.data,
pubkey_allocated_here? pubkey_allocated_here: pubkey,
pubkey_len);
if (pubkey_allocated_here) if (pubkey_allocated_here)
free ((void *)pubkey); {
memset (pubkey_allocated_here, 0, pubkey_len);
free (pubkey_allocated_here);
}
if (r < 0) if (r < 0)
{ {
random_bytes_free (dek); random_bytes_free (dek);
memset (pd, 0, sizeof (struct prvkey_data));
free (pd); free (pd);
return r; return r;
} }
@@ -873,6 +880,7 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len,
do_ptr[nr - NR_DO__FIRST__] = p; do_ptr[nr - NR_DO__FIRST__] = p;
random_bytes_free (dek); random_bytes_free (dek);
memset (pd, 0, sizeof (struct prvkey_data));
free (pd); free (pd);
if (p == NULL) if (p == NULL)
return -1; return -1;
@@ -924,6 +932,7 @@ gpg_do_chks_prvkey (enum kind_of_key kk,
p = flash_do_write (nr, (const uint8_t *)pd, sizeof (struct prvkey_data)); p = flash_do_write (nr, (const uint8_t *)pd, sizeof (struct prvkey_data));
do_ptr[nr - NR_DO__FIRST__] = p; do_ptr[nr - NR_DO__FIRST__] = p;
memset (pd, 0, sizeof (struct prvkey_data));
free (pd); free (pd);
if (p == NULL) if (p == NULL)
return -1; return -1;
@@ -1633,7 +1642,7 @@ gpg_do_keygen (uint8_t kk_byte)
{ {
enum kind_of_key kk; enum kind_of_key kk;
const uint8_t *keystring_admin; const uint8_t *keystring_admin;
const uint8_t *p_q_modulus; uint8_t *p_q_modulus;
const uint8_t *p_q; const uint8_t *p_q;
const uint8_t *modulus; const uint8_t *modulus;
int r; int r;
@@ -1665,7 +1674,8 @@ gpg_do_keygen (uint8_t kk_byte)
r = gpg_do_write_prvkey (kk, p_q, KEY_CONTENT_LEN, r = gpg_do_write_prvkey (kk, p_q, KEY_CONTENT_LEN,
keystring_admin, modulus); keystring_admin, modulus);
free ((uint8_t *)p_q_modulus); memset (p_q_modulus, 0, KEY_CONTENT_LEN*2);
free (p_q_modulus);
if (r < 0) if (r < 0)
{ {
GPG_ERROR (); GPG_ERROR ();