diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-09-09 18:18:27 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-09-09 18:55:43 +0200 |
| commit | 4d57e71e9916543258118c05d6580b8c64127b58 (patch) | |
| tree | 8272366146ef974a5d8739c513ad8b1190007e5a /lib/nettle | |
| parent | 85381e3cd276df73c16e61ac69d7e3f3951a5d53 (diff) | |
| download | gnutls-4d57e71e9916543258118c05d6580b8c64127b58.tar.gz | |
Memory leak fixes in ECC ciphersuites and the trust_list.
Diffstat (limited to 'lib/nettle')
| -rw-r--r-- | lib/nettle/ecc_free.c | 2 | ||||
| -rw-r--r-- | lib/nettle/pk.c | 24 |
2 files changed, 23 insertions, 3 deletions
diff --git a/lib/nettle/ecc_free.c b/lib/nettle/ecc_free.c index 81a9241173..ab04d033db 100644 --- a/lib/nettle/ecc_free.c +++ b/lib/nettle/ecc_free.c @@ -37,7 +37,7 @@ void ecc_free (ecc_key * key) { mp_clear_multi (&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, - &key->prime, &key->order, &key->Gx, &key->Gy, NULL); + &key->prime, &key->order, &key->Gx, &key->Gy, &key->A, NULL); } /* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_free.c,v $ */ diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 5cc7746aaf..794a2c99be 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -97,6 +97,11 @@ _ecc_params_to_privkey(const gnutls_pk_params_st * pk_params, mpz_init_set_ui(priv->pubkey.z, 1); } +static void _ecc_params_clear(ecc_key * key) +{ + mpz_clear(key->pubkey.z); +} + static void _ecc_params_to_pubkey(const gnutls_pk_params_st * pk_params, ecc_key * pub) @@ -126,6 +131,8 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, gnutls_datum_t * o int curve = priv->flags; unsigned long sz; + out->data = NULL; + if (is_supported_curve(curve) == 0) return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES); @@ -135,14 +142,25 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, gnutls_datum_t * o sz = ECC_BUF_SIZE; out->data = gnutls_malloc(sz); if (out->data == NULL) - return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + { + ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + goto ecc_cleanup; + } ret = ecc_shared_secret(&ecc_priv, &ecc_pub, out->data, &sz); if (ret != 0) + ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + +ecc_cleanup: + _ecc_params_clear(&ecc_pub); + _ecc_params_clear(&ecc_priv); + + if (ret < 0) { gnutls_free(out->data); - return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + return ret; } + out->size = sz; break; } @@ -378,6 +396,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorithm_t algo, ecdsa_fail: dsa_signature_clear (&sig); + _ecc_params_clear( &priv); if (ret < 0) { @@ -560,6 +579,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo, _gnutls_mpi_release (&tmp[0]); _gnutls_mpi_release (&tmp[1]); + _ecc_params_clear( &pub); break; } case GNUTLS_PK_DSA: |