Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-10-01 02:35:48 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixed mismatched free/delete; removed one dangerous and unused function; added missing memory release calls

Browse Source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7370 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler 2014-05-15 21:55:34 +00:00
parent d782d8eed9
commit d3b92ddab9
3 changed files with 77 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
libretroshare/src/gxs/gxssecurity.cc
View File

@ -181,6 +181,7 @@ bool GxsSecurity::validateNxsMsg(RsNxsMsg& msg, RsTlvKeySignature& sign, RsTlvSe
memcpy(allMsgData, msg.msg.bin_data, msg.msg.bin_len);
memcpy(allMsgData+(msg.msg.bin_len), metaData, metaDataLen);
delete[] metaData ;
EVP_PKEY *signKey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(signKey, rsakey);
@ -192,6 +193,8 @@ bool GxsSecurity::validateNxsMsg(RsNxsMsg& msg, RsTlvKeySignature& sign, RsTlvSe
EVP_VerifyUpdate(mdctx, allMsgData, allMsgDataLen);
int signOk = EVP_VerifyFinal(mdctx, sigbuf, siglen, signKey);
delete[] allMsgData ;
/* clean up */
EVP_PKEY_free(signKey);
EVP_MD_CTX_destroy(mdctx);
@ -217,30 +220,7 @@ bool GxsSecurity::validateNxsMsg(RsNxsMsg& msg, RsTlvKeySignature& sign, RsTlvSe
return false;
}
std::string GxsSecurity::getBinDataSign(void *data, int len)
{
unsigned char *tmp = (unsigned char *) data;
// copy first CERTSIGNLEN bytes...
if (len > CERTSIGNLEN)
{
len = CERTSIGNLEN;
}
std::string id;
for(uint32_t i = 0; i < CERTSIGNLEN; i++)
{
rs_sprintf_append(id, "%02x", (uint16_t) (((uint8_t *) (tmp))[i]));
}
return id;
}
bool GxsSecurity::encrypt(void *& out, int & outlen, const void *in, int inlen, const RsTlvSecurityKey& key)
bool GxsSecurity::encrypt(uint8_t *& out, int & outlen, const uint8_t *in, int inlen, const RsTlvSecurityKey& key)
{
#ifdef DISTRIB_DEBUG
std::cerr << "GxsSecurity::encrypt() " << std::endl;
@ -257,7 +237,9 @@ bool GxsSecurity::encrypt(void *& out, int & outlen, const void *in, int inlen,
{
public_key = EVP_PKEY_new();
EVP_PKEY_assign_RSA(public_key, rsa_publish_pub);
}else{
}
else
{
#ifdef DISTRIB_DEBUG
std::cerr << "GxsSecurity(): Could not generate publish key " << grpId
<< std::endl;
@ -285,7 +267,7 @@ bool GxsSecurity::encrypt(void *& out, int & outlen, const void *in, int inlen,
if(!EVP_SealInit(&ctx, EVP_aes_128_cbc(), &ek, &eklen, iv, &public_key, 1)) return false;
// now assign memory to out accounting for data, and cipher block size, key length, and key length val
out = new unsigned char[inlen + cipher_block_size + size_net_ekl + eklen + EVP_MAX_IV_LENGTH];
out = new uint8_t[inlen + cipher_block_size + size_net_ekl + eklen + EVP_MAX_IV_LENGTH];
net_ekl = htonl(eklen);
memcpy((unsigned char*)out + out_offset, &net_ekl, size_net_ekl);
@ -298,19 +280,34 @@ bool GxsSecurity::encrypt(void *& out, int & outlen, const void *in, int inlen,
out_offset += EVP_MAX_IV_LENGTH;
// now encrypt actual data
if(!EVP_SealUpdate(&ctx, (unsigned char*) out + out_offset, &out_currOffset, (unsigned char*) in, inlen)) return false;
if(!EVP_SealUpdate(&ctx, (unsigned char*) out + out_offset, &out_currOffset, (unsigned char*) in, inlen))
{
delete[] out ;
out = NULL ;
return false;
}
// move along to partial block space
out_offset += out_currOffset;
// add padding
if(!EVP_SealFinal(&ctx, (unsigned char*) out + out_offset, &out_currOffset)) return false;
if(!EVP_SealFinal(&ctx, (unsigned char*) out + out_offset, &out_currOffset))
{
delete[] out ;
out = NULL ;
return false;
}
// move to end
out_offset += out_currOffset;
// make sure offset has not gone passed valid memory bounds
if(out_offset > max_outlen) return false;
if(out_offset > max_outlen)
{
delete[] out ;
out = NULL ;
return false;
}
// free encrypted key data
free(ek);
@ -320,7 +317,7 @@ bool GxsSecurity::encrypt(void *& out, int & outlen, const void *in, int inlen,
}
bool GxsSecurity::decrypt(void *& out, int & outlen, const void *in, int inlen, const RsTlvSecurityKey& key)
bool GxsSecurity::decrypt(uint8_t *& out, int & outlen, const uint8_t *in, int inlen, const RsTlvSecurityKey& key)
{
#ifdef DISTRIB_DEBUG
@ -371,20 +368,34 @@ bool GxsSecurity::decrypt(void *& out, int & outlen, const void *in, int inlen,
if(!EVP_OpenInit(&ctx, cipher, ek, eklen, iv, privateKey)) return false;
out = new unsigned char[inlen - in_offset];
if(inlen < in_offset)
{
std::cerr << "Severe error in " << __PRETTY_FUNCTION__ << ": cannot encrypt. " << std::endl;
return false ;
}
out = new uint8_t[inlen - in_offset];
if(!EVP_OpenUpdate(&ctx, (unsigned char*) out, &out_currOffset, (unsigned char*)in + in_offset, inlen - in_offset)) return false;
if(!EVP_OpenUpdate(&ctx, (unsigned char*) out, &out_currOffset, (unsigned char*)in + in_offset, inlen - in_offset))
{
delete[] out ;
out = NULL ;
return false;
}
in_offset += out_currOffset;
outlen += out_currOffset;
if(!EVP_OpenFinal(&ctx, (unsigned char*)out + out_currOffset, &out_currOffset)) return false;
if(!EVP_OpenFinal(&ctx, (unsigned char*)out + out_currOffset, &out_currOffset))
{
delete[] out ;
out = NULL ;
return false;
}
outlen += out_currOffset;
free(ek);
return true;
return true;
}
std::string GxsSecurity::getRsaKeySign(RSA *pubkey)
@ -476,6 +487,7 @@ bool GxsSecurity::validateNxsGrp(RsNxsGrp& grp, RsTlvKeySignature& sign, RsTlvSe
memcpy(allGrpData, grp.grp.bin_data, grp.grp.bin_len);
memcpy(allGrpData+(grp.grp.bin_len), metaData, metaDataLen);
delete[] metaData ;
EVP_PKEY *signKey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(signKey, rsakey);
@ -487,6 +499,8 @@ bool GxsSecurity::validateNxsGrp(RsNxsGrp& grp, RsTlvKeySignature& sign, RsTlvSe
EVP_VerifyUpdate(mdctx, allGrpData, allGrpDataLen);
int signOk = EVP_VerifyFinal(mdctx, sigbuf, siglen, signKey);
delete[] allGrpData ;
/* clean up */
EVP_PKEY_free(signKey);
EVP_MD_CTX_destroy(mdctx);
@ -512,26 +526,26 @@ return false;
void GxsSecurity::setRSAPublicKey(RsTlvSecurityKey & key, RSA *rsa_pub)
{
unsigned char data[10240]; /* more than enough space */
unsigned char *ptr = data;
int reqspace = i2d_RSAPublicKey(rsa_pub, &ptr);
unsigned char *data = NULL ; // this works for OpenSSL > 0.9.7
int reqspace = i2d_RSAPublicKey(rsa_pub, &data);
key.keyData.setBinData(data, reqspace);
key.keyId = getRsaKeySign(rsa_pub);
free(data) ;
}
void GxsSecurity::setRSAPrivateKey(RsTlvSecurityKey & key, RSA *rsa_priv)
{
unsigned char data[10240]; /* more than enough space */
unsigned char *ptr = data;
int reqspace = i2d_RSAPrivateKey(rsa_priv, &ptr);
unsigned char *data = NULL ;
int reqspace = i2d_RSAPrivateKey(rsa_priv, &data);
key.keyData.setBinData(data, reqspace);
key.keyId = getRsaKeySign(rsa_priv);
free(data) ;
}
RSA *GxsSecurity::extractPrivateKey(const RsTlvSecurityKey & key)

4
libretroshare/src/gxs/gxssecurity.h
View File

@ -98,7 +98,7 @@ public:
*@param in
*@param inlen
*/
static bool encrypt(void *&out, int &outlen, const void *in, int inlen, const RsTlvSecurityKey& key) ;
static bool encrypt(uint8_t *&out, int &outlen, const uint8_t *in, int inlen, const RsTlvSecurityKey& key) ;
/**
@ -110,7 +110,7 @@ public:
* @param inlen
* @return false if encryption failed
*/
static bool decrypt(void *&out, int &outlen, const void *in, int inlen, const RsTlvSecurityKey& key) ;
static bool decrypt(uint8_t *&out, int &outlen, const uint8_t *in, int inlen, const RsTlvSecurityKey& key) ;
/*!
* uses grp signature to check if group has been

37
libretroshare/src/services/p3msgservice.cc
View File

@ -1681,7 +1681,7 @@ bool p3MsgService::createDistantMessage(const RsGxsId& destination_gxs_id,const
std::cerr << "Creating distant message for recipient " << destination_gxs_id << std::endl;
#endif
unsigned char *data = NULL ;
void *encrypted_data = NULL ;
uint8_t *encrypted_data = NULL ;
try
{
@ -1800,7 +1800,7 @@ bool p3MsgService::createDistantMessage(const RsGxsId& destination_gxs_id,const
std::string armoured_data ;
Radix64::encode((char *)encrypted_data,encrypted_size,armoured_data) ;
free(encrypted_data) ;
delete[] encrypted_data ;
encrypted_data = NULL ;
// wipe the item clean and replace the message by the encrypted data.
@ -1841,7 +1841,7 @@ std::string printNumber(uint32_t n,bool hex)
}
bool p3MsgService::decryptMessage(const std::string& mId)
{
void *decrypted_data = NULL;
uint8_t *decrypted_data = NULL;
char *encrypted_data = NULL;
try
@ -1892,19 +1892,18 @@ bool p3MsgService::decryptMessage(const std::string& mId)
if(!mIdService->getPrivateKey(destination_gxs_id,encryption_key))
throw std::runtime_error("Cannot get private encryption key for id " + destination_gxs_id.toStdString()) ;
if(!GxsSecurity::decrypt(decrypted_data,decrypted_size,(void*)encrypted_data,encrypted_size,encryption_key))
if(!GxsSecurity::decrypt(decrypted_data,decrypted_size,(uint8_t*)encrypted_data,encrypted_size,encryption_key))
throw std::runtime_error("Decryption failed!") ;
std::cerr << " First bytes of decrypted data: " << RsUtil::BinToHex((const char *)decrypted_data,std::min(decrypted_size,50)) << "..."<< std::endl;
uint8_t *decr_data = (uint8_t*)decrypted_data ;
#ifdef DEBUG_DISTANT_MSG
std::cerr << " Message has succesfully decrypted. Decrypted size = " << decrypted_size << std::endl;
#endif
// 1 - get the sender's id
uint32_t offset = 0 ;
unsigned char protocol_version = decr_data[offset++] ;
unsigned char protocol_version = decrypted_data[offset++] ;
#ifdef DEBUG_DISTANT_MSG
std::cerr << " Read protocol version number " << std::hex << (int)protocol_version << std::dec << std::endl;
@ -1915,12 +1914,12 @@ bool p3MsgService::decryptMessage(const std::string& mId)
#ifdef DEBUG_DISTANT_MSG
std::cerr << " Reading identity section " << std::endl;
#endif
uint8_t ptag = decr_data[offset++] ;
uint8_t ptag = decrypted_data[offset++] ;
if(ptag != DISTANT_MSG_TAG_IDENTITY)
throw std::runtime_error("Bad ptag in encrypted msg packet "+printNumber(ptag,true)+" => packet is dropped.") ;
unsigned char *tmp_data = &decr_data[offset] ;
unsigned char *tmp_data = &decrypted_data[offset] ;
unsigned char *old_data = tmp_data ;
uint32_t identity_size = PGPKeyParser::read_125Size(tmp_data) ;
offset += tmp_data - old_data ;
@ -1928,7 +1927,7 @@ bool p3MsgService::decryptMessage(const std::string& mId)
if(identity_size != RsGxsId::SIZE_IN_BYTES)
throw std::runtime_error("Bad size in Identity section " + printNumber(identity_size,false) + " => packet is dropped.") ;
RsGxsId senders_id(&decr_data[offset]) ;
RsGxsId senders_id(&decrypted_data[offset]) ;
offset += identity_size ;
#ifdef DEBUG_DISTANT_MSG
@ -1936,12 +1935,12 @@ bool p3MsgService::decryptMessage(const std::string& mId)
#endif
// 2 - deserialize the item
ptag = decr_data[offset++] ;
ptag = decrypted_data[offset++] ;
if(ptag != DISTANT_MSG_TAG_CLEAR_MSG)
throw std::runtime_error("Bad ptag in encrypted msg packet " + printNumber(ptag,true) + " => packet is dropped.") ;
tmp_data = &decr_data[offset] ;
tmp_data = &decrypted_data[offset] ;
old_data = tmp_data ;
uint32_t item_size = PGPKeyParser::read_125Size(tmp_data) ;
offset += tmp_data - old_data ;
@ -1949,7 +1948,7 @@ bool p3MsgService::decryptMessage(const std::string& mId)
#ifdef DEBUG_DISTANT_MSG
std::cerr << " Deserializing..." << std::endl;
#endif
RsMsgItem *item = dynamic_cast<RsMsgItem*>(_serialiser->deserialise(&decr_data[offset],&item_size)) ;
RsMsgItem *item = dynamic_cast<RsMsgItem*>(_serialiser->deserialise(&decrypted_data[offset],&item_size)) ;
offset += item_size ;
if(item == NULL)
@ -1963,12 +1962,12 @@ bool p3MsgService::decryptMessage(const std::string& mId)
if(offset < decrypted_size)
{
uint8_t ptag = decr_data[offset++] ;
uint8_t ptag = decrypted_data[offset++] ;
if(ptag != DISTANT_MSG_TAG_SIGNATURE)
throw std::runtime_error("Bad ptag in signature packet " + printNumber(ptag,true) + " => packet is dropped.") ;
tmp_data = &decr_data[offset] ;
tmp_data = &decrypted_data[offset] ;
old_data = tmp_data ;
uint32_t signature_size = PGPKeyParser::read_125Size(tmp_data) ;
offset += tmp_data - old_data ;
@ -1977,7 +1976,7 @@ bool p3MsgService::decryptMessage(const std::string& mId)
signature.keyId = senders_id.toStdString() ;
signature.signData.bin_len = signature_size ;
signature.signData.bin_data = malloc(signature_size) ;
memcpy(signature.signData.bin_data,&decr_data[offset],signature_size) ;
memcpy(signature.signData.bin_data,&decrypted_data[offset],signature_size) ;
std::cerr << " Signature is present. Verifying it..." << std::endl;
signature_present = true ;
@ -1998,8 +1997,8 @@ bool p3MsgService::decryptMessage(const std::string& mId)
else
throw std::runtime_error("Structural error in packet: sizes do not match. Dropping the message.") ;
free(decr_data) ;
decr_data = NULL ;
delete[] decrypted_data ;
decrypted_data = NULL ;
// 4 - replace the item with the decrypted data, and update flags
@ -2062,8 +2061,8 @@ bool p3MsgService::decryptMessage(const std::string& mId)
catch(std::exception& e)
{
std::cerr << "Decryption failed: " << e.what() << std::endl;
if(encrypted_data != NULL) free(encrypted_data) ;
if(decrypted_data != NULL) free(decrypted_data) ;
if(encrypted_data != NULL) delete[] encrypted_data ;
if(decrypted_data != NULL) delete[] decrypted_data ;
return false ;
}