shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-10 18:28:10 +09:00
Code Issues Packages Projects Releases Wiki Activity

pki_mbedtls: Simplify memory cleanup

Browse Source 
The spread out initialization and variable definition (and alising)
was hell to keep up with and was causing memory issues as reported by valgrind:

==4480== 128 bytes in 1 blocks are definitely lost in loss record 1 of 12
==4480==    at 0x48463F3: calloc (vg_replace_malloc.c:1675)
==4480==    by 0x487D152: mbedtls_mpi_grow (bignum.c:218)
==4480==    by 0x487D6C5: mbedtls_mpi_copy (bignum.c:334)
==4480==    by 0x48B9627: mbedtls_rsa_export (rsa.c:899)
==4480==    by 0x283955: pki_key_to_blob (pki_mbedcrypto.c:976)
==4480==    by 0x24F162: ssh_pki_export_privkey_blob (pki.c:2188)
==4480==    by 0x278001: ssh_pki_openssh_privkey_export (pki_container_openssh.c:546)
==4480==    by 0x24D7D2: ssh_pki_export_privkey_file_format (pki.c:1122)
==4480==    by 0x24D916: torture_pki_rsa_write_privkey_format (torture_pki_rsa.c:895)
==4480==    by 0x24D916: torture_pki_rsa_write_privkey (torture_pki_rsa.c:962)
==4480==    by 0x4865499: ??? (in /usr/lib64/libcmocka.so.0.8.0)
==4480==    by 0x4865C0B: _cmocka_run_group_tests (in /usr/lib64/libcmocka.so.0.8.0)
==4480==    by 0x252115: torture_run_tests (torture_pki_rsa.c:1160)
==4480==    by 0x2546B8: main (torture.c:1984)
==4480==

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
This commit is contained in:
Jakub Jelen
2025-05-14 13:34:00 +02:00
parent 7c34fa783d
commit 6d2a3e4eb6
1 changed files with 24 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
src/pki_mbedcrypto.c
View File

@@ -864,7 +864,12 @@ ssh_string pki_key_to_blob(const ssh_key key, enum ssh_key_e type)
ssh_string type_s = NULL; ssh_string type_s = NULL;
ssh_string e = NULL; ssh_string e = NULL;
ssh_string n = NULL; ssh_string n = NULL;
ssh_string p = NULL;
ssh_string q = NULL;
ssh_string d = NULL;
ssh_string iqmp = NULL;
ssh_string str = NULL; ssh_string str = NULL;
int rc;
#if MBEDTLS_VERSION_MAJOR > 2 #if MBEDTLS_VERSION_MAJOR > 2
mbedtls_mpi E = {0}; mbedtls_mpi E = {0};
mbedtls_mpi N = {0}; mbedtls_mpi N = {0};
@@ -872,12 +877,13 @@ ssh_string pki_key_to_blob(const ssh_key key, enum ssh_key_e type)
mbedtls_mpi IQMP = {0}; mbedtls_mpi IQMP = {0};
mbedtls_mpi P = {0}; mbedtls_mpi P = {0};
mbedtls_mpi Q = {0}; mbedtls_mpi Q = {0};
#endif
int rc;
#if MBEDTLS_VERSION_MAJOR > 2
mbedtls_mpi_init(&E); mbedtls_mpi_init(&E);
mbedtls_mpi_init(&N); mbedtls_mpi_init(&N);
mbedtls_mpi_init(&D);
mbedtls_mpi_init(&IQMP);
mbedtls_mpi_init(&P);
mbedtls_mpi_init(&Q);
#endif #endif
buffer = ssh_buffer_new(); buffer = ssh_buffer_new();
@@ -957,11 +963,6 @@ ssh_string pki_key_to_blob(const ssh_key key, enum ssh_key_e type)
goto fail; goto fail;
} }
} else if (type == SSH_KEY_PRIVATE) { } else if (type == SSH_KEY_PRIVATE) {
ssh_string p = NULL;
ssh_string q = NULL;
ssh_string d = NULL;
ssh_string iqmp = NULL;
rc = ssh_buffer_add_ssh_string(buffer, n); rc = ssh_buffer_add_ssh_string(buffer, n);
if (rc < 0) { if (rc < 0) {
goto fail; goto fail;
@@ -1043,26 +1044,7 @@ ssh_string pki_key_to_blob(const ssh_key key, enum ssh_key_e type)
if (rc < 0) { if (rc < 0) {
goto fail; goto fail;
} }
ssh_string_burn(d);
SSH_STRING_FREE(d);
d = NULL;
ssh_string_burn(iqmp);
SSH_STRING_FREE(iqmp);
iqmp = NULL;
ssh_string_burn(p);
SSH_STRING_FREE(p);
p = NULL;
ssh_string_burn(q);
SSH_STRING_FREE(q);
q = NULL;
} }
ssh_string_burn(e);
SSH_STRING_FREE(e);
e = NULL;
ssh_string_burn(n);
SSH_STRING_FREE(n);
n = NULL;
break; break;
} }
case SSH_KEYTYPE_ECDSA_P256: case SSH_KEYTYPE_ECDSA_P256:
@@ -1096,12 +1078,7 @@ ssh_string pki_key_to_blob(const ssh_key key, enum ssh_key_e type)
goto fail; goto fail;
} }
ssh_string_burn(e);
SSH_STRING_FREE(e);
e = NULL;
if (type == SSH_KEY_PRIVATE) { if (type == SSH_KEY_PRIVATE) {
ssh_string d = NULL;
d = ssh_make_bignum_string(&key->ecdsa->MBEDTLS_PRIVATE(d)); d = ssh_make_bignum_string(&key->ecdsa->MBEDTLS_PRIVATE(d));
if (d == NULL) { if (d == NULL) {
@@ -1113,10 +1090,6 @@ ssh_string pki_key_to_blob(const ssh_key key, enum ssh_key_e type)
if (rc < 0) { if (rc < 0) {
goto fail; goto fail;
} }
ssh_string_burn(d);
SSH_STRING_FREE(d);
d = NULL;
} else if (key->type == SSH_KEYTYPE_SK_ECDSA) { } else if (key->type == SSH_KEYTYPE_SK_ECDSA) {
/* public key can contain certificate sk information */ /* public key can contain certificate sk information */
rc = ssh_buffer_add_ssh_string(buffer, key->sk_application); rc = ssh_buffer_add_ssh_string(buffer, key->sk_application);
@@ -1159,29 +1132,35 @@ makestring:
ssh_buffer_get(buffer), ssh_buffer_get(buffer),
ssh_buffer_get_len(buffer)); ssh_buffer_get_len(buffer));
if (rc < 0) { if (rc < 0) {
ssh_string_burn(str);
SSH_STRING_FREE(str);
goto fail; goto fail;
} }
SSH_BUFFER_FREE(buffer);
#if MBEDTLS_VERSION_MAJOR > 2
mbedtls_mpi_free(&N);
mbedtls_mpi_free(&E);
#endif
return str;
fail: fail:
SSH_BUFFER_FREE(buffer); SSH_BUFFER_FREE(buffer);
ssh_string_burn(str);
SSH_STRING_FREE(str);
ssh_string_burn(e); ssh_string_burn(e);
SSH_STRING_FREE(e); SSH_STRING_FREE(e);
ssh_string_burn(n); ssh_string_burn(n);
SSH_STRING_FREE(n); SSH_STRING_FREE(n);
ssh_string_burn(d);
SSH_STRING_FREE(d);
ssh_string_burn(iqmp);
SSH_STRING_FREE(iqmp);
ssh_string_burn(p);
SSH_STRING_FREE(p);
ssh_string_burn(q);
SSH_STRING_FREE(q);
#if MBEDTLS_VERSION_MAJOR > 2 #if MBEDTLS_VERSION_MAJOR > 2
mbedtls_mpi_free(&N); mbedtls_mpi_free(&N);
mbedtls_mpi_free(&E); mbedtls_mpi_free(&E);
mbedtls_mpi_free(&D);
mbedtls_mpi_free(&IQMP);
mbedtls_mpi_free(&P);
mbedtls_mpi_free(&Q);
#endif #endif
return NULL; return str;
} }
ssh_string pki_signature_to_blob(const ssh_signature sig) ssh_string pki_signature_to_blob(const ssh_signature sig)