yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-07 01:09:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix memory leaks in PKCS#5 and PKCS#12

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-11-17 12:24:41 +01:00
parent d8a1ea72b1
commit 1c022a6983
3 changed files with 38 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
ChangeLog
View file

@ -17,6 +17,7 @@ Security
Bugfix Bugfix
* Fix potential undefined behaviour in Camellia. * Fix potential undefined behaviour in Camellia.
* Fix memory leaks in PKCS#5 and PKCS#12.
Changes Changes
* Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined. * Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined.

33
library/pkcs12.c
View file

@ -190,21 +190,27 @@ int pkcs12_pbe( asn1_buf *pbe_params, int mode,
return( ret ); return( ret );
if( ( ret = cipher_setkey( &cipher_ctx, key, keylen, mode ) ) != 0 ) if( ( ret = cipher_setkey( &cipher_ctx, key, keylen, mode ) ) != 0 )
return( ret ); goto cleanup;
if( ( ret = cipher_reset( &cipher_ctx, iv ) ) != 0 ) if( ( ret = cipher_reset( &cipher_ctx, iv ) ) != 0 )
return( ret ); goto cleanup;
if( ( ret = cipher_update( &cipher_ctx, data, len, if( ( ret = cipher_update( &cipher_ctx, data, len,
output, &olen ) ) != 0 ) output, &olen ) ) != 0 )
{ {
return( ret ); goto cleanup;
} }
if( ( ret = cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 ) if( ( ret = cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 )
return( POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH ); {
ret = POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH;
goto cleanup;
}
return( 0 ); cleanup:
cipher_free_ctx( &cipher_ctx );
return( ret );
} }
static void pkcs12_fill_buffer( unsigned char *data, size_t data_len, static void pkcs12_fill_buffer( unsigned char *data, size_t data_len,
@ -268,25 +274,25 @@ int pkcs12_derivation( unsigned char *data, size_t datalen,
{ {
// Calculate hash( diversifier || salt_block || pwd_block ) // Calculate hash( diversifier || salt_block || pwd_block )
if( ( ret = md_starts( &md_ctx ) ) != 0 ) if( ( ret = md_starts( &md_ctx ) ) != 0 )
return( ret ); goto cleanup;
if( ( ret = md_update( &md_ctx, diversifier, v ) ) != 0 ) if( ( ret = md_update( &md_ctx, diversifier, v ) ) != 0 )
return( ret ); goto cleanup;
if( ( ret = md_update( &md_ctx, salt_block, v ) ) != 0 ) if( ( ret = md_update( &md_ctx, salt_block, v ) ) != 0 )
return( ret ); goto cleanup;
if( ( ret = md_update( &md_ctx, pwd_block, v ) ) != 0 ) if( ( ret = md_update( &md_ctx, pwd_block, v ) ) != 0 )
return( ret ); goto cleanup;
if( ( ret = md_finish( &md_ctx, hash_output ) ) != 0 ) if( ( ret = md_finish( &md_ctx, hash_output ) ) != 0 )
return( ret ); goto cleanup;
// Perform remaining ( iterations - 1 ) recursive hash calculations // Perform remaining ( iterations - 1 ) recursive hash calculations
for( i = 1; i < iterations; i++ ) for( i = 1; i < iterations; i++ )
{ {
if( ( ret = md( md_info, hash_output, hlen, hash_output ) ) != 0 ) if( ( ret = md( md_info, hash_output, hlen, hash_output ) ) != 0 )
return( ret ); goto cleanup;
} }
use_len = ( datalen > hlen ) ? hlen : datalen; use_len = ( datalen > hlen ) ? hlen : datalen;
@ -324,7 +330,10 @@ int pkcs12_derivation( unsigned char *data, size_t datalen,
} }
} }
return( 0 ); cleanup:
md_free_ctx( &md_ctx );
return( ret );
} }
#endif /* POLARSSL_PKCS12_C */ #endif /* POLARSSL_PKCS12_C */

22
library/pkcs5.c
View file

@ -214,30 +214,40 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode,
return( ret ); return( ret );
if( ( ret = cipher_init_ctx( &cipher_ctx, cipher_info ) ) != 0 ) if( ( ret = cipher_init_ctx( &cipher_ctx, cipher_info ) ) != 0 )
{
md_free_ctx( &md_ctx );
return( ret ); return( ret );
}
if ( ( ret = pkcs5_pbkdf2_hmac( &md_ctx, pwd, pwdlen, salt.p, salt.len, if ( ( ret = pkcs5_pbkdf2_hmac( &md_ctx, pwd, pwdlen, salt.p, salt.len,
iterations, keylen, key ) ) != 0 ) iterations, keylen, key ) ) != 0 )
{ {
return( ret ); goto cleanup;
} }
if( ( ret = cipher_setkey( &cipher_ctx, key, keylen, mode ) ) != 0 ) if( ( ret = cipher_setkey( &cipher_ctx, key, keylen, mode ) ) != 0 )
return( ret ); goto cleanup;
if( ( ret = cipher_reset( &cipher_ctx, iv ) ) != 0 ) if( ( ret = cipher_reset( &cipher_ctx, iv ) ) != 0 )
return( ret ); goto cleanup;
if( ( ret = cipher_update( &cipher_ctx, data, datalen, if( ( ret = cipher_update( &cipher_ctx, data, datalen,
output, &olen ) ) != 0 ) output, &olen ) ) != 0 )
{ {
return( ret ); goto cleanup;
} }
if( ( ret = cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 ) if( ( ret = cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 )
return( POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH ); {
ret = POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH;
goto cleanup;
}
return( 0 ); cleanup:
md_free_ctx( &md_ctx );
cipher_free_ctx( &cipher_ctx );
return( ret );
} }
int pkcs5_pbkdf2_hmac( md_context_t *ctx, const unsigned char *password, int pkcs5_pbkdf2_hmac( md_context_t *ctx, const unsigned char *password,