summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@crystal.(none)>2008-09-27 21:01:02 +0300
committerNikos Mavrogiannopoulos <nmav@crystal.(none)>2008-09-27 21:01:02 +0300
commit2079a64d4fb65a0e62e1b361d2200860aa52af18 (patch)
tree7f6a01337b50ffc48b3271b3afbc5caba2b486b9
parent0ab6c5faf197c3e45927f9e878e9d08bdc10ad44 (diff)
downloadgnutls-2079a64d4fb65a0e62e1b361d2200860aa52af18.tar.gz
Revert "Revert C99 uses. Fixes gnutls_mpi.c mem leak, but not others."
This reverts commit bdfa289133b15ad7d92eb3151ce86cca4c879426.
-rw-r--r--lib/gnutls_constate.c110
-rw-r--r--lib/gnutls_mpi.c12
2 files changed, 41 insertions, 81 deletions
diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c
index 12e1719880..946e59ad8a 100644
--- a/lib/gnutls_constate.c
+++ b/lib/gnutls_constate.c
@@ -58,10 +58,6 @@ static int
_gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
int key_size, int export_flag)
{
-
-/* FIXME: This function is too long
- */
- opaque *key_block;
opaque rnd[2 * GNUTLS_RANDOM_SIZE];
opaque rrnd[2 * GNUTLS_RANDOM_SIZE];
int pos, ret;
@@ -81,12 +77,8 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
if (export_flag == 0)
block_size += 2 * IV_size;
- key_block = gnutls_secure_malloc (block_size);
- if (key_block == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ /* avoid using malloc */
+ opaque key_block[block_size];
memcpy (rnd, session->security_parameters.server_random,
GNUTLS_RANDOM_SIZE);
@@ -116,7 +108,6 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
if (ret < 0)
{
gnutls_assert ();
- gnutls_free (key_block);
return ret;
}
@@ -127,11 +118,18 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
pos = 0;
if (hash_size > 0)
{
+
+ if (session->cipher_specs.client_write_mac_secret.data != NULL)
+ _gnutls_free_datum(&session->cipher_specs.client_write_mac_secret);
+
+ if (session->cipher_specs.server_write_mac_secret.data != NULL)
+ _gnutls_free_datum(&session->cipher_specs.server_write_mac_secret);
+
if (_gnutls_sset_datum
(&session->cipher_specs.client_write_mac_secret,
&key_block[pos], hash_size) < 0)
{
- gnutls_free (key_block);
+ gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
pos += hash_size;
@@ -140,7 +138,7 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
(&session->cipher_specs.server_write_mac_secret,
&key_block[pos], hash_size) < 0)
{
- gnutls_free (key_block);
+ gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
pos += hash_size;
@@ -148,9 +146,10 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
if (key_size > 0)
{
+ opaque key1[EXPORT_FINAL_KEY_SIZE];
+ opaque key2[EXPORT_FINAL_KEY_SIZE];
opaque *client_write_key, *server_write_key;
int client_write_key_size, server_write_key_size;
- int free_keys = 0;
if (export_flag == 0)
{
@@ -167,24 +166,8 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
}
else
{ /* export */
- free_keys = 1;
-
- client_write_key = gnutls_secure_malloc (EXPORT_FINAL_KEY_SIZE);
- if (client_write_key == NULL)
- {
- gnutls_assert ();
- gnutls_free (key_block);
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- server_write_key = gnutls_secure_malloc (EXPORT_FINAL_KEY_SIZE);
- if (server_write_key == NULL)
- {
- gnutls_assert ();
- gnutls_free (key_block);
- gnutls_free (client_write_key);
- return GNUTLS_E_MEMORY_ERROR;
- }
+ client_write_key = key1;
+ server_write_key = key2;
/* generate the final keys */
@@ -211,9 +194,6 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
if (ret < 0)
{
gnutls_assert ();
- gnutls_free (key_block);
- gnutls_free (server_write_key);
- gnutls_free (client_write_key);
return ret;
}
@@ -240,9 +220,6 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
if (ret < 0)
{
gnutls_assert ();
- gnutls_free (key_block);
- gnutls_free (server_write_key);
- gnutls_free (client_write_key);
return ret;
}
@@ -250,13 +227,14 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
pos += key_size;
}
+ if (session->cipher_specs.client_write_key.data != NULL)
+ _gnutls_free_datum(&session->cipher_specs.client_write_key);
+
if (_gnutls_sset_datum
(&session->cipher_specs.client_write_key,
client_write_key, client_write_key_size) < 0)
{
- gnutls_free (key_block);
- gnutls_free (server_write_key);
- gnutls_free (client_write_key);
+ gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
_gnutls_hard_log ("INT: CLIENT WRITE KEY [%d]: %s\n",
@@ -265,13 +243,14 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
client_write_key_size, buf,
sizeof (buf)));
+ if (session->cipher_specs.server_write_key.data != NULL)
+ _gnutls_free_datum(&session->cipher_specs.server_write_key);
+
if (_gnutls_sset_datum
(&session->cipher_specs.server_write_key,
server_write_key, server_write_key_size) < 0)
{
- gnutls_free (key_block);
- gnutls_free (server_write_key);
- gnutls_free (client_write_key);
+ gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
@@ -281,11 +260,6 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
server_write_key_size, buf,
sizeof (buf)));
- if (free_keys != 0)
- {
- gnutls_free (server_write_key);
- gnutls_free (client_write_key);
- }
}
@@ -293,20 +267,26 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
*/
if (IV_size > 0 && export_flag == 0)
{
+ if (session->cipher_specs.client_write_IV.data != NULL)
+ _gnutls_free_datum(&session->cipher_specs.client_write_IV);
+
if (_gnutls_sset_datum
(&session->cipher_specs.client_write_IV, &key_block[pos],
IV_size) < 0)
{
- gnutls_free (key_block);
+ gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
pos += IV_size;
+ if (session->cipher_specs.server_write_IV.data != NULL)
+ _gnutls_free_datum(&session->cipher_specs.server_write_IV);
+
if (_gnutls_sset_datum
(&session->cipher_specs.server_write_IV, &key_block[pos],
IV_size) < 0)
{
- gnutls_free (key_block);
+ gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
pos += IV_size;
@@ -314,13 +294,7 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
}
else if (IV_size > 0 && export_flag != 0)
{
- opaque *iv_block = gnutls_malloc (IV_size * 2);
- if (iv_block == NULL)
- {
- gnutls_assert ();
- gnutls_free (key_block);
- return GNUTLS_E_MEMORY_ERROR;
- }
+ opaque iv_block[IV_size * 2];
if (session->security_parameters.version == GNUTLS_SSL3)
{ /* SSL 3 */
@@ -331,8 +305,6 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
if (ret < 0)
{
gnutls_assert ();
- gnutls_free (key_block);
- gnutls_free (iv_block);
return ret;
}
@@ -351,33 +323,31 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
if (ret < 0)
{
gnutls_assert ();
- gnutls_free (iv_block);
- gnutls_free (key_block);
return ret;
}
+ if (session->cipher_specs.client_write_IV.data != NULL)
+ _gnutls_free_datum(&session->cipher_specs.client_write_IV);
+
if (_gnutls_sset_datum
(&session->cipher_specs.client_write_IV, iv_block, IV_size) < 0)
{
- gnutls_free (iv_block);
- gnutls_free (key_block);
+ gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
+ if (session->cipher_specs.server_write_IV.data != NULL)
+ _gnutls_free_datum(&session->cipher_specs.server_write_IV);
+
if (_gnutls_sset_datum
(&session->cipher_specs.server_write_IV,
&iv_block[IV_size], IV_size) < 0)
{
- gnutls_free (iv_block);
- gnutls_free (key_block);
+ gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
-
- gnutls_free (iv_block);
}
- gnutls_free (key_block);
-
session->cipher_specs.generated_keys = 1;
return 0;
diff --git a/lib/gnutls_mpi.c b/lib/gnutls_mpi.c
index 7ba6c8910c..90763e1679 100644
--- a/lib/gnutls_mpi.c
+++ b/lib/gnutls_mpi.c
@@ -43,17 +43,10 @@ bigint_t
_gnutls_mpi_randomize (bigint_t r, unsigned int bits,
gnutls_rnd_level_t level)
{
- opaque *buf = NULL;
int size = 1 + (bits / 8), ret;
int rem, i;
bigint_t tmp;
-
- buf = gnutls_malloc (size);
- if (buf == NULL)
- {
- gnutls_assert ();
- return NULL;
- }
+ opaque buf[size];
ret = _gnutls_rnd (level, buf, size);
if (ret < 0)
@@ -82,8 +75,6 @@ _gnutls_mpi_randomize (bigint_t r, unsigned int bits,
goto cleanup;
}
- gnutls_free (buf);
-
if (r != NULL)
{
_gnutls_mpi_set (r, tmp);
@@ -94,7 +85,6 @@ _gnutls_mpi_randomize (bigint_t r, unsigned int bits,
return tmp;
cleanup:
- gnutls_free (buf);
return NULL;
}