diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-03-08 23:26:50 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-03-08 23:27:24 +0100 |
| commit | ff19ba8b9c5540e46ec876f264ffdbb92cfcf8c9 (patch) | |
| tree | ff7db88bcca33dd84e492aa99aa45b72e9a78bf6 | |
| parent | 2e5b226f2eaee6591aae3b35ad8fb0c4cc41a5b4 (diff) | |
| download | gnutls-ff19ba8b9c5540e46ec876f264ffdbb92cfcf8c9.tar.gz | |
Fixed leaks in key generation and other cleanups. Patch by Tomas Mraz.
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | lib/gcrypt/pk.c | 9 | ||||
| -rw-r--r-- | lib/gnutls_pk.c | 1 | ||||
| -rw-r--r-- | lib/x509/privkey.c | 19 |
4 files changed, 15 insertions, 17 deletions
@@ -7,6 +7,9 @@ Version 2.12.18 (unreleased) ** Corrected SRP-RSA ciphersuites when used under TLS 1.2. +** Fixed leaks in key generation. Reported by Sam Varshavchik, +patch by Tomas Mraz. + ** API and ABI modifications: No changes since last version. diff --git a/lib/gcrypt/pk.c b/lib/gcrypt/pk.c index 2ed72953f6..e3bedafb7a 100644 --- a/lib/gcrypt/pk.c +++ b/lib/gcrypt/pk.c @@ -627,7 +627,6 @@ _rsa_generate_params (bigint_t * resarr, int *resarr_len, int bits) int ret, i; gcry_sexp_t parms, key, list; - bigint_t tmp; if (*resarr_len < RSA_PRIVATE_PARAMS) { @@ -733,14 +732,6 @@ _rsa_generate_params (bigint_t * resarr, int *resarr_len, int bits) *resarr_len = 6; - tmp = _gnutls_mpi_alloc_like (resarr[0]); - if (tmp == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - ret = _gnutls_calc_rsa_exp (resarr, 2 + *resarr_len); if (ret < 0) { diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c index 43d1893dcf..0a580910a3 100644 --- a/lib/gnutls_pk.c +++ b/lib/gnutls_pk.c @@ -547,6 +547,7 @@ _generate_params (int algo, bigint_t * resarr, unsigned int *resarr_len, } else { + gnutls_pk_params_release(¶ms); gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 593c9bcedd..41e65875e3 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -1462,16 +1462,17 @@ gnutls_x509_privkey_generate (gnutls_x509_privkey_t key, { case GNUTLS_PK_DSA: ret = _gnutls_dsa_generate_params (key->params, ¶ms_len, bits); - if (params_len != DSA_PRIVATE_PARAMS) + if (ret < 0) { gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; + return ret; } - if (ret < 0) + if (params_len != DSA_PRIVATE_PARAMS) { gnutls_assert (); - return ret; + ret = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; } ret = _gnutls_asn1_encode_dsa (&key->key, key->params); @@ -1486,15 +1487,17 @@ gnutls_x509_privkey_generate (gnutls_x509_privkey_t key, break; case GNUTLS_PK_RSA: ret = _gnutls_rsa_generate_params (key->params, ¶ms_len, bits); - if (params_len != RSA_PRIVATE_PARAMS) + if (ret < 0) { gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; + return ret; } - if (ret < 0) + + if (params_len != RSA_PRIVATE_PARAMS) { gnutls_assert (); - return ret; + ret = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; } ret = _gnutls_asn1_encode_rsa (&key->key, key->params); |