mirror of
https://github.com/RetroShare/RetroShare.git
synced 2024-12-29 09:26:18 -05:00
Fixed mismatched free/delete; removed one dangerous and unused function; added missing memory release calls
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7370 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
parent
d782d8eed9
commit
d3b92ddab9
@ -181,6 +181,7 @@ bool GxsSecurity::validateNxsMsg(RsNxsMsg& msg, RsTlvKeySignature& sign, RsTlvSe
|
||||
memcpy(allMsgData, msg.msg.bin_data, msg.msg.bin_len);
|
||||
memcpy(allMsgData+(msg.msg.bin_len), metaData, metaDataLen);
|
||||
|
||||
delete[] metaData ;
|
||||
|
||||
EVP_PKEY *signKey = EVP_PKEY_new();
|
||||
EVP_PKEY_assign_RSA(signKey, rsakey);
|
||||
@ -192,6 +193,8 @@ bool GxsSecurity::validateNxsMsg(RsNxsMsg& msg, RsTlvKeySignature& sign, RsTlvSe
|
||||
EVP_VerifyUpdate(mdctx, allMsgData, allMsgDataLen);
|
||||
int signOk = EVP_VerifyFinal(mdctx, sigbuf, siglen, signKey);
|
||||
|
||||
delete[] allMsgData ;
|
||||
|
||||
/* clean up */
|
||||
EVP_PKEY_free(signKey);
|
||||
EVP_MD_CTX_destroy(mdctx);
|
||||
@ -217,30 +220,7 @@ bool GxsSecurity::validateNxsMsg(RsNxsMsg& msg, RsTlvKeySignature& sign, RsTlvSe
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
|
||||
std::string GxsSecurity::getBinDataSign(void *data, int len)
|
||||
{
|
||||
unsigned char *tmp = (unsigned char *) data;
|
||||
|
||||
// copy first CERTSIGNLEN bytes...
|
||||
if (len > CERTSIGNLEN)
|
||||
{
|
||||
len = CERTSIGNLEN;
|
||||
}
|
||||
|
||||
std::string id;
|
||||
for(uint32_t i = 0; i < CERTSIGNLEN; i++)
|
||||
{
|
||||
rs_sprintf_append(id, "%02x", (uint16_t) (((uint8_t *) (tmp))[i]));
|
||||
}
|
||||
|
||||
return id;
|
||||
}
|
||||
|
||||
|
||||
|
||||
bool GxsSecurity::encrypt(void *& out, int & outlen, const void *in, int inlen, const RsTlvSecurityKey& key)
|
||||
bool GxsSecurity::encrypt(uint8_t *& out, int & outlen, const uint8_t *in, int inlen, const RsTlvSecurityKey& key)
|
||||
{
|
||||
#ifdef DISTRIB_DEBUG
|
||||
std::cerr << "GxsSecurity::encrypt() " << std::endl;
|
||||
@ -257,7 +237,9 @@ bool GxsSecurity::encrypt(void *& out, int & outlen, const void *in, int inlen,
|
||||
{
|
||||
public_key = EVP_PKEY_new();
|
||||
EVP_PKEY_assign_RSA(public_key, rsa_publish_pub);
|
||||
}else{
|
||||
}
|
||||
else
|
||||
{
|
||||
#ifdef DISTRIB_DEBUG
|
||||
std::cerr << "GxsSecurity(): Could not generate publish key " << grpId
|
||||
<< std::endl;
|
||||
@ -285,7 +267,7 @@ bool GxsSecurity::encrypt(void *& out, int & outlen, const void *in, int inlen,
|
||||
if(!EVP_SealInit(&ctx, EVP_aes_128_cbc(), &ek, &eklen, iv, &public_key, 1)) return false;
|
||||
|
||||
// now assign memory to out accounting for data, and cipher block size, key length, and key length val
|
||||
out = new unsigned char[inlen + cipher_block_size + size_net_ekl + eklen + EVP_MAX_IV_LENGTH];
|
||||
out = new uint8_t[inlen + cipher_block_size + size_net_ekl + eklen + EVP_MAX_IV_LENGTH];
|
||||
|
||||
net_ekl = htonl(eklen);
|
||||
memcpy((unsigned char*)out + out_offset, &net_ekl, size_net_ekl);
|
||||
@ -298,19 +280,34 @@ bool GxsSecurity::encrypt(void *& out, int & outlen, const void *in, int inlen,
|
||||
out_offset += EVP_MAX_IV_LENGTH;
|
||||
|
||||
// now encrypt actual data
|
||||
if(!EVP_SealUpdate(&ctx, (unsigned char*) out + out_offset, &out_currOffset, (unsigned char*) in, inlen)) return false;
|
||||
if(!EVP_SealUpdate(&ctx, (unsigned char*) out + out_offset, &out_currOffset, (unsigned char*) in, inlen))
|
||||
{
|
||||
delete[] out ;
|
||||
out = NULL ;
|
||||
return false;
|
||||
}
|
||||
|
||||
// move along to partial block space
|
||||
out_offset += out_currOffset;
|
||||
|
||||
// add padding
|
||||
if(!EVP_SealFinal(&ctx, (unsigned char*) out + out_offset, &out_currOffset)) return false;
|
||||
if(!EVP_SealFinal(&ctx, (unsigned char*) out + out_offset, &out_currOffset))
|
||||
{
|
||||
delete[] out ;
|
||||
out = NULL ;
|
||||
return false;
|
||||
}
|
||||
|
||||
// move to end
|
||||
out_offset += out_currOffset;
|
||||
|
||||
// make sure offset has not gone passed valid memory bounds
|
||||
if(out_offset > max_outlen) return false;
|
||||
if(out_offset > max_outlen)
|
||||
{
|
||||
delete[] out ;
|
||||
out = NULL ;
|
||||
return false;
|
||||
}
|
||||
|
||||
// free encrypted key data
|
||||
free(ek);
|
||||
@ -320,7 +317,7 @@ bool GxsSecurity::encrypt(void *& out, int & outlen, const void *in, int inlen,
|
||||
}
|
||||
|
||||
|
||||
bool GxsSecurity::decrypt(void *& out, int & outlen, const void *in, int inlen, const RsTlvSecurityKey& key)
|
||||
bool GxsSecurity::decrypt(uint8_t *& out, int & outlen, const uint8_t *in, int inlen, const RsTlvSecurityKey& key)
|
||||
{
|
||||
|
||||
#ifdef DISTRIB_DEBUG
|
||||
@ -371,20 +368,34 @@ bool GxsSecurity::decrypt(void *& out, int & outlen, const void *in, int inlen,
|
||||
|
||||
if(!EVP_OpenInit(&ctx, cipher, ek, eklen, iv, privateKey)) return false;
|
||||
|
||||
out = new unsigned char[inlen - in_offset];
|
||||
if(inlen < in_offset)
|
||||
{
|
||||
std::cerr << "Severe error in " << __PRETTY_FUNCTION__ << ": cannot encrypt. " << std::endl;
|
||||
return false ;
|
||||
}
|
||||
out = new uint8_t[inlen - in_offset];
|
||||
|
||||
if(!EVP_OpenUpdate(&ctx, (unsigned char*) out, &out_currOffset, (unsigned char*)in + in_offset, inlen - in_offset)) return false;
|
||||
if(!EVP_OpenUpdate(&ctx, (unsigned char*) out, &out_currOffset, (unsigned char*)in + in_offset, inlen - in_offset))
|
||||
{
|
||||
delete[] out ;
|
||||
out = NULL ;
|
||||
return false;
|
||||
}
|
||||
|
||||
in_offset += out_currOffset;
|
||||
outlen += out_currOffset;
|
||||
|
||||
if(!EVP_OpenFinal(&ctx, (unsigned char*)out + out_currOffset, &out_currOffset)) return false;
|
||||
if(!EVP_OpenFinal(&ctx, (unsigned char*)out + out_currOffset, &out_currOffset))
|
||||
{
|
||||
delete[] out ;
|
||||
out = NULL ;
|
||||
return false;
|
||||
}
|
||||
|
||||
outlen += out_currOffset;
|
||||
|
||||
free(ek);
|
||||
|
||||
return true;
|
||||
return true;
|
||||
}
|
||||
|
||||
std::string GxsSecurity::getRsaKeySign(RSA *pubkey)
|
||||
@ -476,6 +487,7 @@ bool GxsSecurity::validateNxsGrp(RsNxsGrp& grp, RsTlvKeySignature& sign, RsTlvSe
|
||||
memcpy(allGrpData, grp.grp.bin_data, grp.grp.bin_len);
|
||||
memcpy(allGrpData+(grp.grp.bin_len), metaData, metaDataLen);
|
||||
|
||||
delete[] metaData ;
|
||||
|
||||
EVP_PKEY *signKey = EVP_PKEY_new();
|
||||
EVP_PKEY_assign_RSA(signKey, rsakey);
|
||||
@ -487,6 +499,8 @@ bool GxsSecurity::validateNxsGrp(RsNxsGrp& grp, RsTlvKeySignature& sign, RsTlvSe
|
||||
EVP_VerifyUpdate(mdctx, allGrpData, allGrpDataLen);
|
||||
int signOk = EVP_VerifyFinal(mdctx, sigbuf, siglen, signKey);
|
||||
|
||||
delete[] allGrpData ;
|
||||
|
||||
/* clean up */
|
||||
EVP_PKEY_free(signKey);
|
||||
EVP_MD_CTX_destroy(mdctx);
|
||||
@ -512,26 +526,26 @@ return false;
|
||||
|
||||
void GxsSecurity::setRSAPublicKey(RsTlvSecurityKey & key, RSA *rsa_pub)
|
||||
{
|
||||
unsigned char data[10240]; /* more than enough space */
|
||||
unsigned char *ptr = data;
|
||||
int reqspace = i2d_RSAPublicKey(rsa_pub, &ptr);
|
||||
unsigned char *data = NULL ; // this works for OpenSSL > 0.9.7
|
||||
int reqspace = i2d_RSAPublicKey(rsa_pub, &data);
|
||||
|
||||
key.keyData.setBinData(data, reqspace);
|
||||
|
||||
key.keyId = getRsaKeySign(rsa_pub);
|
||||
|
||||
free(data) ;
|
||||
}
|
||||
|
||||
|
||||
|
||||
void GxsSecurity::setRSAPrivateKey(RsTlvSecurityKey & key, RSA *rsa_priv)
|
||||
{
|
||||
unsigned char data[10240]; /* more than enough space */
|
||||
unsigned char *ptr = data;
|
||||
int reqspace = i2d_RSAPrivateKey(rsa_priv, &ptr);
|
||||
unsigned char *data = NULL ;
|
||||
int reqspace = i2d_RSAPrivateKey(rsa_priv, &data);
|
||||
|
||||
key.keyData.setBinData(data, reqspace);
|
||||
|
||||
key.keyId = getRsaKeySign(rsa_priv);
|
||||
|
||||
free(data) ;
|
||||
}
|
||||
|
||||
RSA *GxsSecurity::extractPrivateKey(const RsTlvSecurityKey & key)
|
||||
|
@ -98,7 +98,7 @@ public:
|
||||
*@param in
|
||||
*@param inlen
|
||||
*/
|
||||
static bool encrypt(void *&out, int &outlen, const void *in, int inlen, const RsTlvSecurityKey& key) ;
|
||||
static bool encrypt(uint8_t *&out, int &outlen, const uint8_t *in, int inlen, const RsTlvSecurityKey& key) ;
|
||||
|
||||
|
||||
/**
|
||||
@ -110,7 +110,7 @@ public:
|
||||
* @param inlen
|
||||
* @return false if encryption failed
|
||||
*/
|
||||
static bool decrypt(void *&out, int &outlen, const void *in, int inlen, const RsTlvSecurityKey& key) ;
|
||||
static bool decrypt(uint8_t *&out, int &outlen, const uint8_t *in, int inlen, const RsTlvSecurityKey& key) ;
|
||||
|
||||
/*!
|
||||
* uses grp signature to check if group has been
|
||||
|
@ -1681,7 +1681,7 @@ bool p3MsgService::createDistantMessage(const RsGxsId& destination_gxs_id,const
|
||||
std::cerr << "Creating distant message for recipient " << destination_gxs_id << std::endl;
|
||||
#endif
|
||||
unsigned char *data = NULL ;
|
||||
void *encrypted_data = NULL ;
|
||||
uint8_t *encrypted_data = NULL ;
|
||||
|
||||
try
|
||||
{
|
||||
@ -1800,7 +1800,7 @@ bool p3MsgService::createDistantMessage(const RsGxsId& destination_gxs_id,const
|
||||
std::string armoured_data ;
|
||||
Radix64::encode((char *)encrypted_data,encrypted_size,armoured_data) ;
|
||||
|
||||
free(encrypted_data) ;
|
||||
delete[] encrypted_data ;
|
||||
encrypted_data = NULL ;
|
||||
|
||||
// wipe the item clean and replace the message by the encrypted data.
|
||||
@ -1841,7 +1841,7 @@ std::string printNumber(uint32_t n,bool hex)
|
||||
}
|
||||
bool p3MsgService::decryptMessage(const std::string& mId)
|
||||
{
|
||||
void *decrypted_data = NULL;
|
||||
uint8_t *decrypted_data = NULL;
|
||||
char *encrypted_data = NULL;
|
||||
|
||||
try
|
||||
@ -1892,19 +1892,18 @@ bool p3MsgService::decryptMessage(const std::string& mId)
|
||||
if(!mIdService->getPrivateKey(destination_gxs_id,encryption_key))
|
||||
throw std::runtime_error("Cannot get private encryption key for id " + destination_gxs_id.toStdString()) ;
|
||||
|
||||
if(!GxsSecurity::decrypt(decrypted_data,decrypted_size,(void*)encrypted_data,encrypted_size,encryption_key))
|
||||
if(!GxsSecurity::decrypt(decrypted_data,decrypted_size,(uint8_t*)encrypted_data,encrypted_size,encryption_key))
|
||||
throw std::runtime_error("Decryption failed!") ;
|
||||
|
||||
std::cerr << " First bytes of decrypted data: " << RsUtil::BinToHex((const char *)decrypted_data,std::min(decrypted_size,50)) << "..."<< std::endl;
|
||||
|
||||
uint8_t *decr_data = (uint8_t*)decrypted_data ;
|
||||
#ifdef DEBUG_DISTANT_MSG
|
||||
std::cerr << " Message has succesfully decrypted. Decrypted size = " << decrypted_size << std::endl;
|
||||
#endif
|
||||
// 1 - get the sender's id
|
||||
|
||||
uint32_t offset = 0 ;
|
||||
unsigned char protocol_version = decr_data[offset++] ;
|
||||
unsigned char protocol_version = decrypted_data[offset++] ;
|
||||
|
||||
#ifdef DEBUG_DISTANT_MSG
|
||||
std::cerr << " Read protocol version number " << std::hex << (int)protocol_version << std::dec << std::endl;
|
||||
@ -1915,12 +1914,12 @@ bool p3MsgService::decryptMessage(const std::string& mId)
|
||||
#ifdef DEBUG_DISTANT_MSG
|
||||
std::cerr << " Reading identity section " << std::endl;
|
||||
#endif
|
||||
uint8_t ptag = decr_data[offset++] ;
|
||||
uint8_t ptag = decrypted_data[offset++] ;
|
||||
|
||||
if(ptag != DISTANT_MSG_TAG_IDENTITY)
|
||||
throw std::runtime_error("Bad ptag in encrypted msg packet "+printNumber(ptag,true)+" => packet is dropped.") ;
|
||||
|
||||
unsigned char *tmp_data = &decr_data[offset] ;
|
||||
unsigned char *tmp_data = &decrypted_data[offset] ;
|
||||
unsigned char *old_data = tmp_data ;
|
||||
uint32_t identity_size = PGPKeyParser::read_125Size(tmp_data) ;
|
||||
offset += tmp_data - old_data ;
|
||||
@ -1928,7 +1927,7 @@ bool p3MsgService::decryptMessage(const std::string& mId)
|
||||
if(identity_size != RsGxsId::SIZE_IN_BYTES)
|
||||
throw std::runtime_error("Bad size in Identity section " + printNumber(identity_size,false) + " => packet is dropped.") ;
|
||||
|
||||
RsGxsId senders_id(&decr_data[offset]) ;
|
||||
RsGxsId senders_id(&decrypted_data[offset]) ;
|
||||
offset += identity_size ;
|
||||
|
||||
#ifdef DEBUG_DISTANT_MSG
|
||||
@ -1936,12 +1935,12 @@ bool p3MsgService::decryptMessage(const std::string& mId)
|
||||
#endif
|
||||
// 2 - deserialize the item
|
||||
|
||||
ptag = decr_data[offset++] ;
|
||||
ptag = decrypted_data[offset++] ;
|
||||
|
||||
if(ptag != DISTANT_MSG_TAG_CLEAR_MSG)
|
||||
throw std::runtime_error("Bad ptag in encrypted msg packet " + printNumber(ptag,true) + " => packet is dropped.") ;
|
||||
|
||||
tmp_data = &decr_data[offset] ;
|
||||
tmp_data = &decrypted_data[offset] ;
|
||||
old_data = tmp_data ;
|
||||
uint32_t item_size = PGPKeyParser::read_125Size(tmp_data) ;
|
||||
offset += tmp_data - old_data ;
|
||||
@ -1949,7 +1948,7 @@ bool p3MsgService::decryptMessage(const std::string& mId)
|
||||
#ifdef DEBUG_DISTANT_MSG
|
||||
std::cerr << " Deserializing..." << std::endl;
|
||||
#endif
|
||||
RsMsgItem *item = dynamic_cast<RsMsgItem*>(_serialiser->deserialise(&decr_data[offset],&item_size)) ;
|
||||
RsMsgItem *item = dynamic_cast<RsMsgItem*>(_serialiser->deserialise(&decrypted_data[offset],&item_size)) ;
|
||||
offset += item_size ;
|
||||
|
||||
if(item == NULL)
|
||||
@ -1963,12 +1962,12 @@ bool p3MsgService::decryptMessage(const std::string& mId)
|
||||
|
||||
if(offset < decrypted_size)
|
||||
{
|
||||
uint8_t ptag = decr_data[offset++] ;
|
||||
uint8_t ptag = decrypted_data[offset++] ;
|
||||
|
||||
if(ptag != DISTANT_MSG_TAG_SIGNATURE)
|
||||
throw std::runtime_error("Bad ptag in signature packet " + printNumber(ptag,true) + " => packet is dropped.") ;
|
||||
|
||||
tmp_data = &decr_data[offset] ;
|
||||
tmp_data = &decrypted_data[offset] ;
|
||||
old_data = tmp_data ;
|
||||
uint32_t signature_size = PGPKeyParser::read_125Size(tmp_data) ;
|
||||
offset += tmp_data - old_data ;
|
||||
@ -1977,7 +1976,7 @@ bool p3MsgService::decryptMessage(const std::string& mId)
|
||||
signature.keyId = senders_id.toStdString() ;
|
||||
signature.signData.bin_len = signature_size ;
|
||||
signature.signData.bin_data = malloc(signature_size) ;
|
||||
memcpy(signature.signData.bin_data,&decr_data[offset],signature_size) ;
|
||||
memcpy(signature.signData.bin_data,&decrypted_data[offset],signature_size) ;
|
||||
|
||||
std::cerr << " Signature is present. Verifying it..." << std::endl;
|
||||
signature_present = true ;
|
||||
@ -1998,8 +1997,8 @@ bool p3MsgService::decryptMessage(const std::string& mId)
|
||||
else
|
||||
throw std::runtime_error("Structural error in packet: sizes do not match. Dropping the message.") ;
|
||||
|
||||
free(decr_data) ;
|
||||
decr_data = NULL ;
|
||||
delete[] decrypted_data ;
|
||||
decrypted_data = NULL ;
|
||||
|
||||
// 4 - replace the item with the decrypted data, and update flags
|
||||
|
||||
@ -2062,8 +2061,8 @@ bool p3MsgService::decryptMessage(const std::string& mId)
|
||||
catch(std::exception& e)
|
||||
{
|
||||
std::cerr << "Decryption failed: " << e.what() << std::endl;
|
||||
if(encrypted_data != NULL) free(encrypted_data) ;
|
||||
if(decrypted_data != NULL) free(decrypted_data) ;
|
||||
if(encrypted_data != NULL) delete[] encrypted_data ;
|
||||
if(decrypted_data != NULL) delete[] decrypted_data ;
|
||||
|
||||
return false ;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user