Using OpenSSL-provided memory functions where appropriate.
This commit is contained in:
parent
af3a5ff013
commit
12e6f5b132
@ -166,8 +166,7 @@ clean_up:
|
|||||||
|
|
||||||
if (passwd)
|
if (passwd)
|
||||||
{
|
{
|
||||||
OPENSSL_cleanse(passwd, strlen(passwd));
|
OPENSSL_clear_free(passwd, strlen(passwd));
|
||||||
free(passwd);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (file_pubkey)
|
if (file_pubkey)
|
||||||
|
|||||||
@ -170,7 +170,7 @@ int MAIN(int argc, CHAR_T *argv[])
|
|||||||
/* Compute the RSA signature */
|
/* Compute the RSA signature */
|
||||||
/*-------------------------------------------------------*/
|
/*-------------------------------------------------------*/
|
||||||
|
|
||||||
output = (unsigned char*) malloc(RSA_size(rsa) + sizeof(ts_buffer));
|
output = (unsigned char*) OPENSSL_zalloc(RSA_size(rsa) + sizeof(ts_buffer));
|
||||||
if (!output)
|
if (!output)
|
||||||
{
|
{
|
||||||
fputs("Failed!\n\nError: Failed to allocate output buffer!\n\n", stderr);
|
fputs("Failed!\n\nError: Failed to allocate output buffer!\n\n", stderr);
|
||||||
@ -192,7 +192,7 @@ int MAIN(int argc, CHAR_T *argv[])
|
|||||||
/* Write signature the output file */
|
/* Write signature the output file */
|
||||||
/*-------------------------------------------------------*/
|
/*-------------------------------------------------------*/
|
||||||
|
|
||||||
base64 = (char*) malloc(1U + (base64_length = 4U * (((output_length = signature_length + sizeof(ts_buffer)) + 2U) / 3U)));
|
base64 = (char*) OPENSSL_zalloc(1U + (base64_length = 4U * (((output_length = signature_length + sizeof(ts_buffer)) + 2U) / 3U)));
|
||||||
if (!base64)
|
if (!base64)
|
||||||
{
|
{
|
||||||
fputs("Error: Failed to allocate hex-string buffer!\n\n", stderr);
|
fputs("Error: Failed to allocate hex-string buffer!\n\n", stderr);
|
||||||
@ -226,22 +226,12 @@ int MAIN(int argc, CHAR_T *argv[])
|
|||||||
|
|
||||||
clean_up:
|
clean_up:
|
||||||
|
|
||||||
|
OPENSSL_clear_free(base64, base64_length);
|
||||||
|
OPENSSL_clear_free(output, output_length);
|
||||||
|
|
||||||
if (passwd)
|
if (passwd)
|
||||||
{
|
{
|
||||||
OPENSSL_cleanse(passwd, strlen(passwd));
|
OPENSSL_clear_free(passwd, strlen(passwd));
|
||||||
free(passwd);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (base64)
|
|
||||||
{
|
|
||||||
OPENSSL_cleanse(base64, strlen(base64));
|
|
||||||
free(base64);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (output)
|
|
||||||
{
|
|
||||||
OPENSSL_cleanse(output, MSIZE(output));
|
|
||||||
free(output);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (file_privkey)
|
if (file_privkey)
|
||||||
@ -264,7 +254,6 @@ clean_up:
|
|||||||
RSA_free(rsa);
|
RSA_free(rsa);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
OPENSSL_cleanse(ts_buffer, sizeof(ts_buffer));
|
OPENSSL_cleanse(ts_buffer, sizeof(ts_buffer));
|
||||||
OPENSSL_cleanse(&sha512, sizeof(SHA512_CTX));
|
OPENSSL_cleanse(&sha512, sizeof(SHA512_CTX));
|
||||||
OPENSSL_cleanse(×tamp, sizeof(uint64_t));
|
OPENSSL_cleanse(×tamp, sizeof(uint64_t));
|
||||||
|
|||||||
@ -31,8 +31,8 @@ int MAIN(int argc, CHAR_T *argv[])
|
|||||||
SHA512_CTX sha512 = { };
|
SHA512_CTX sha512 = { };
|
||||||
char *base64 = NULL;
|
char *base64 = NULL;
|
||||||
FILE *file_pubkey = NULL, *file_data = NULL, *file_signature = NULL;
|
FILE *file_pubkey = NULL, *file_data = NULL, *file_signature = NULL;
|
||||||
unsigned char buffer[BUFFSIZE], digest[SHA512_DIGEST_LENGTH], *input = NULL;
|
unsigned char buffer[BUFFSIZE], digest[SHA512_DIGEST_LENGTH], *source = NULL;
|
||||||
unsigned int input_length = 0U, base64_length = 0U;
|
unsigned int source_length = 0U, base64_length = 0U;
|
||||||
#ifdef EMBED_PUBKEY
|
#ifdef EMBED_PUBKEY
|
||||||
const unsigned char *public_key = NULL, *checksum_pubkey = NULL;
|
const unsigned char *public_key = NULL, *checksum_pubkey = NULL;
|
||||||
unsigned int pubkey_length = 0U, checksum_length = 0U;
|
unsigned int pubkey_length = 0U, checksum_length = 0U;
|
||||||
@ -163,21 +163,21 @@ int MAIN(int argc, CHAR_T *argv[])
|
|||||||
/* Decode signature input data */
|
/* Decode signature input data */
|
||||||
/*-------------------------------------------------------*/
|
/*-------------------------------------------------------*/
|
||||||
|
|
||||||
input = (unsigned char*) malloc(1U + (3U * ((base64_length + 3U) / 4U)));
|
source = (unsigned char*) OPENSSL_zalloc(1U + (3U * ((base64_length + 3U) / 4U)));
|
||||||
if (!input)
|
if (!source)
|
||||||
{
|
{
|
||||||
fputs("Error: Failed to allocate the input buffer!\n\n", stderr);
|
fputs("Error: Failed to allocate the input buffer!\n\n", stderr);
|
||||||
goto clean_up;
|
goto clean_up;
|
||||||
}
|
}
|
||||||
|
|
||||||
input_length = EVP_DecodeBlock(input, (unsigned char*)base64, base64_length);
|
source_length = EVP_DecodeBlock(source, (unsigned char*)base64, base64_length);
|
||||||
if ((int)input_length <= 0)
|
if ((int)source_length <= 0)
|
||||||
{
|
{
|
||||||
fputs("Error: Failed to decode signature data from Base64 format!\n\n", stderr);
|
fputs("Error: Failed to decode signature data from Base64 format!\n\n", stderr);
|
||||||
goto clean_up;
|
goto clean_up;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (input_length <= 2U + sizeof(uint64_t))
|
if (source_length <= 2U + sizeof(uint64_t))
|
||||||
{
|
{
|
||||||
fputs("Error: Signature binary data appears to be truncated!\n\n", stderr);
|
fputs("Error: Signature binary data appears to be truncated!\n\n", stderr);
|
||||||
goto clean_up;
|
goto clean_up;
|
||||||
@ -185,7 +185,7 @@ int MAIN(int argc, CHAR_T *argv[])
|
|||||||
|
|
||||||
if (base64[base64_length - 1U] == '=')
|
if (base64[base64_length - 1U] == '=')
|
||||||
{
|
{
|
||||||
input_length -= (base64[base64_length - 2U] == '=') ? 2U : 1U; /*remove padding!*/
|
source_length -= (base64[base64_length - 2U] == '=') ? 2U : 1U; /*remove padding!*/
|
||||||
}
|
}
|
||||||
|
|
||||||
/*-------------------------------------------------------*/
|
/*-------------------------------------------------------*/
|
||||||
@ -201,7 +201,7 @@ int MAIN(int argc, CHAR_T *argv[])
|
|||||||
fputs("Verifying the RSA signature, please wait...\n", stderr);
|
fputs("Verifying the RSA signature, please wait...\n", stderr);
|
||||||
fflush(stderr);
|
fflush(stderr);
|
||||||
|
|
||||||
if (SHA512_Update(&sha512, input, sizeof(uint64_t)) != 1)
|
if (SHA512_Update(&sha512, source, sizeof(uint64_t)) != 1)
|
||||||
{
|
{
|
||||||
fputs("Failed!\n\nError: Failed to update SHA-512 digest!\n\n", stderr);
|
fputs("Failed!\n\nError: Failed to update SHA-512 digest!\n\n", stderr);
|
||||||
goto clean_up;
|
goto clean_up;
|
||||||
@ -242,7 +242,7 @@ int MAIN(int argc, CHAR_T *argv[])
|
|||||||
/* Validate the RSA signature */
|
/* Validate the RSA signature */
|
||||||
/*-------------------------------------------------------*/
|
/*-------------------------------------------------------*/
|
||||||
|
|
||||||
if (RSA_verify(NID_sha512, digest, SHA512_DIGEST_LENGTH, input + sizeof(uint64_t), input_length - sizeof(uint64_t), rsa) != 1)
|
if (RSA_verify(NID_sha512, digest, SHA512_DIGEST_LENGTH, source + sizeof(uint64_t), source_length - sizeof(uint64_t), rsa) != 1)
|
||||||
{
|
{
|
||||||
fputs("Failed!\n\nInvalid signature or corrupted file :-(\n\n", stderr);
|
fputs("Failed!\n\nInvalid signature or corrupted file :-(\n\n", stderr);
|
||||||
goto clean_up;
|
goto clean_up;
|
||||||
@ -257,17 +257,8 @@ int MAIN(int argc, CHAR_T *argv[])
|
|||||||
|
|
||||||
clean_up:
|
clean_up:
|
||||||
|
|
||||||
if (input)
|
OPENSSL_clear_free(source, source_length);
|
||||||
{
|
OPENSSL_clear_free(base64, base64_length);
|
||||||
OPENSSL_cleanse(input, MSIZE(input));
|
|
||||||
free(input);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (base64)
|
|
||||||
{
|
|
||||||
OPENSSL_cleanse(base64, strlen(base64));
|
|
||||||
free(base64);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (file_pubkey)
|
if (file_pubkey)
|
||||||
{
|
{
|
||||||
|
|||||||
@ -53,19 +53,19 @@ char *convert_CHAR_to_UTF8(const CHAR_T *str)
|
|||||||
int bytes = WideCharToMultiByte(CP_UTF8, 0, str, -1, NULL, 0, NULL, NULL);
|
int bytes = WideCharToMultiByte(CP_UTF8, 0, str, -1, NULL, 0, NULL, NULL);
|
||||||
if (bytes > 0)
|
if (bytes > 0)
|
||||||
{
|
{
|
||||||
str_utf8 = malloc(bytes);
|
str_utf8 = OPENSSL_zalloc(bytes);
|
||||||
if(str_utf8)
|
if(str_utf8)
|
||||||
{
|
{
|
||||||
if (WideCharToMultiByte(CP_UTF8, 0, str, -1, str_utf8, bytes, NULL, NULL) == 0)
|
if (WideCharToMultiByte(CP_UTF8, 0, str, -1, str_utf8, bytes, NULL, NULL) == 0)
|
||||||
{
|
{
|
||||||
free(str_utf8);
|
OPENSSL_clear_free(str_utf8, bytes);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
str_utf8 = strdup(str);
|
str_utf8 = OPENSSL_strdup(str);
|
||||||
#endif
|
#endif
|
||||||
return str_utf8;
|
return str_utf8;
|
||||||
}
|
}
|
||||||
@ -111,7 +111,7 @@ char *read_line_from_file(FILE *const file, const int trim)
|
|||||||
}
|
}
|
||||||
if (len > 0)
|
if (len > 0)
|
||||||
{
|
{
|
||||||
return strdup(line);
|
return OPENSSL_strdup(line);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -12,7 +12,6 @@
|
|||||||
#define CHAR_T wchar_t
|
#define CHAR_T wchar_t
|
||||||
#define MAIN wmain
|
#define MAIN wmain
|
||||||
#define FOPEN(X,Y) _wfsopen((X),(Y),_SH_SECURE)
|
#define FOPEN(X,Y) _wfsopen((X),(Y),_SH_SECURE)
|
||||||
#define MSIZE(X) _msize((X))
|
|
||||||
#define _T(X) L##X
|
#define _T(X) L##X
|
||||||
#define T(X) _T(X)
|
#define T(X) _T(X)
|
||||||
|
|
||||||
@ -21,7 +20,6 @@
|
|||||||
#define CHAR_T char
|
#define CHAR_T char
|
||||||
#define MAIN main
|
#define MAIN main
|
||||||
#define FOPEN(X,Y) fopen((X),(Y))
|
#define FOPEN(X,Y) fopen((X),(Y))
|
||||||
#define MSIZE(X) malloc_usable_size((X))
|
|
||||||
#define T(X) X
|
#define T(X) X
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user