Fixed mismatched free/delete; removed one dangerous and unused function; added missing memory release calls

git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7370 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler 2014-05-15 21:55:34 +00:00
parent d782d8eed9
commit d3b92ddab9
3 changed files with 77 additions and 64 deletions

View File

@ -181,6 +181,7 @@ bool GxsSecurity::validateNxsMsg(RsNxsMsg& msg, RsTlvKeySignature& sign, RsTlvSe
memcpy(allMsgData, msg.msg.bin_data, msg.msg.bin_len); memcpy(allMsgData, msg.msg.bin_data, msg.msg.bin_len);
memcpy(allMsgData+(msg.msg.bin_len), metaData, metaDataLen); memcpy(allMsgData+(msg.msg.bin_len), metaData, metaDataLen);
delete[] metaData ;
EVP_PKEY *signKey = EVP_PKEY_new(); EVP_PKEY *signKey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(signKey, rsakey); EVP_PKEY_assign_RSA(signKey, rsakey);
@ -192,6 +193,8 @@ bool GxsSecurity::validateNxsMsg(RsNxsMsg& msg, RsTlvKeySignature& sign, RsTlvSe
EVP_VerifyUpdate(mdctx, allMsgData, allMsgDataLen); EVP_VerifyUpdate(mdctx, allMsgData, allMsgDataLen);
int signOk = EVP_VerifyFinal(mdctx, sigbuf, siglen, signKey); int signOk = EVP_VerifyFinal(mdctx, sigbuf, siglen, signKey);
delete[] allMsgData ;
/* clean up */ /* clean up */
EVP_PKEY_free(signKey); EVP_PKEY_free(signKey);
EVP_MD_CTX_destroy(mdctx); EVP_MD_CTX_destroy(mdctx);
@ -217,30 +220,7 @@ bool GxsSecurity::validateNxsMsg(RsNxsMsg& msg, RsTlvKeySignature& sign, RsTlvSe
return false; return false;
} }
bool GxsSecurity::encrypt(uint8_t *& out, int & outlen, const uint8_t *in, int inlen, const RsTlvSecurityKey& key)
std::string GxsSecurity::getBinDataSign(void *data, int len)
{
unsigned char *tmp = (unsigned char *) data;
// copy first CERTSIGNLEN bytes...
if (len > CERTSIGNLEN)
{
len = CERTSIGNLEN;
}
std::string id;
for(uint32_t i = 0; i < CERTSIGNLEN; i++)
{
rs_sprintf_append(id, "%02x", (uint16_t) (((uint8_t *) (tmp))[i]));
}
return id;
}
bool GxsSecurity::encrypt(void *& out, int & outlen, const void *in, int inlen, const RsTlvSecurityKey& key)
{ {
#ifdef DISTRIB_DEBUG #ifdef DISTRIB_DEBUG
std::cerr << "GxsSecurity::encrypt() " << std::endl; std::cerr << "GxsSecurity::encrypt() " << std::endl;
@ -257,7 +237,9 @@ bool GxsSecurity::encrypt(void *& out, int & outlen, const void *in, int inlen,
{ {
public_key = EVP_PKEY_new(); public_key = EVP_PKEY_new();
EVP_PKEY_assign_RSA(public_key, rsa_publish_pub); EVP_PKEY_assign_RSA(public_key, rsa_publish_pub);
}else{ }
else
{
#ifdef DISTRIB_DEBUG #ifdef DISTRIB_DEBUG
std::cerr << "GxsSecurity(): Could not generate publish key " << grpId std::cerr << "GxsSecurity(): Could not generate publish key " << grpId
<< std::endl; << std::endl;
@ -285,7 +267,7 @@ bool GxsSecurity::encrypt(void *& out, int & outlen, const void *in, int inlen,
if(!EVP_SealInit(&ctx, EVP_aes_128_cbc(), &ek, &eklen, iv, &public_key, 1)) return false; if(!EVP_SealInit(&ctx, EVP_aes_128_cbc(), &ek, &eklen, iv, &public_key, 1)) return false;
// now assign memory to out accounting for data, and cipher block size, key length, and key length val // now assign memory to out accounting for data, and cipher block size, key length, and key length val
out = new unsigned char[inlen + cipher_block_size + size_net_ekl + eklen + EVP_MAX_IV_LENGTH]; out = new uint8_t[inlen + cipher_block_size + size_net_ekl + eklen + EVP_MAX_IV_LENGTH];
net_ekl = htonl(eklen); net_ekl = htonl(eklen);
memcpy((unsigned char*)out + out_offset, &net_ekl, size_net_ekl); memcpy((unsigned char*)out + out_offset, &net_ekl, size_net_ekl);
@ -298,19 +280,34 @@ bool GxsSecurity::encrypt(void *& out, int & outlen, const void *in, int inlen,
out_offset += EVP_MAX_IV_LENGTH; out_offset += EVP_MAX_IV_LENGTH;
// now encrypt actual data // now encrypt actual data
if(!EVP_SealUpdate(&ctx, (unsigned char*) out + out_offset, &out_currOffset, (unsigned char*) in, inlen)) return false; if(!EVP_SealUpdate(&ctx, (unsigned char*) out + out_offset, &out_currOffset, (unsigned char*) in, inlen))
{
delete[] out ;
out = NULL ;
return false;
}
// move along to partial block space // move along to partial block space
out_offset += out_currOffset; out_offset += out_currOffset;
// add padding // add padding
if(!EVP_SealFinal(&ctx, (unsigned char*) out + out_offset, &out_currOffset)) return false; if(!EVP_SealFinal(&ctx, (unsigned char*) out + out_offset, &out_currOffset))
{
delete[] out ;
out = NULL ;
return false;
}
// move to end // move to end
out_offset += out_currOffset; out_offset += out_currOffset;
// make sure offset has not gone passed valid memory bounds // make sure offset has not gone passed valid memory bounds
if(out_offset > max_outlen) return false; if(out_offset > max_outlen)
{
delete[] out ;
out = NULL ;
return false;
}
// free encrypted key data // free encrypted key data
free(ek); free(ek);
@ -320,7 +317,7 @@ bool GxsSecurity::encrypt(void *& out, int & outlen, const void *in, int inlen,
} }
bool GxsSecurity::decrypt(void *& out, int & outlen, const void *in, int inlen, const RsTlvSecurityKey& key) bool GxsSecurity::decrypt(uint8_t *& out, int & outlen, const uint8_t *in, int inlen, const RsTlvSecurityKey& key)
{ {
#ifdef DISTRIB_DEBUG #ifdef DISTRIB_DEBUG
@ -371,20 +368,34 @@ bool GxsSecurity::decrypt(void *& out, int & outlen, const void *in, int inlen,
if(!EVP_OpenInit(&ctx, cipher, ek, eklen, iv, privateKey)) return false; if(!EVP_OpenInit(&ctx, cipher, ek, eklen, iv, privateKey)) return false;
out = new unsigned char[inlen - in_offset]; if(inlen < in_offset)
{
std::cerr << "Severe error in " << __PRETTY_FUNCTION__ << ": cannot encrypt. " << std::endl;
return false ;
}
out = new uint8_t[inlen - in_offset];
if(!EVP_OpenUpdate(&ctx, (unsigned char*) out, &out_currOffset, (unsigned char*)in + in_offset, inlen - in_offset)) return false; if(!EVP_OpenUpdate(&ctx, (unsigned char*) out, &out_currOffset, (unsigned char*)in + in_offset, inlen - in_offset))
{
delete[] out ;
out = NULL ;
return false;
}
in_offset += out_currOffset; in_offset += out_currOffset;
outlen += out_currOffset; outlen += out_currOffset;
if(!EVP_OpenFinal(&ctx, (unsigned char*)out + out_currOffset, &out_currOffset)) return false; if(!EVP_OpenFinal(&ctx, (unsigned char*)out + out_currOffset, &out_currOffset))
{
delete[] out ;
out = NULL ;
return false;
}
outlen += out_currOffset; outlen += out_currOffset;
free(ek); free(ek);
return true; return true;
} }
std::string GxsSecurity::getRsaKeySign(RSA *pubkey) std::string GxsSecurity::getRsaKeySign(RSA *pubkey)
@ -476,6 +487,7 @@ bool GxsSecurity::validateNxsGrp(RsNxsGrp& grp, RsTlvKeySignature& sign, RsTlvSe
memcpy(allGrpData, grp.grp.bin_data, grp.grp.bin_len); memcpy(allGrpData, grp.grp.bin_data, grp.grp.bin_len);
memcpy(allGrpData+(grp.grp.bin_len), metaData, metaDataLen); memcpy(allGrpData+(grp.grp.bin_len), metaData, metaDataLen);
delete[] metaData ;
EVP_PKEY *signKey = EVP_PKEY_new(); EVP_PKEY *signKey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(signKey, rsakey); EVP_PKEY_assign_RSA(signKey, rsakey);
@ -487,6 +499,8 @@ bool GxsSecurity::validateNxsGrp(RsNxsGrp& grp, RsTlvKeySignature& sign, RsTlvSe
EVP_VerifyUpdate(mdctx, allGrpData, allGrpDataLen); EVP_VerifyUpdate(mdctx, allGrpData, allGrpDataLen);
int signOk = EVP_VerifyFinal(mdctx, sigbuf, siglen, signKey); int signOk = EVP_VerifyFinal(mdctx, sigbuf, siglen, signKey);
delete[] allGrpData ;
/* clean up */ /* clean up */
EVP_PKEY_free(signKey); EVP_PKEY_free(signKey);
EVP_MD_CTX_destroy(mdctx); EVP_MD_CTX_destroy(mdctx);
@ -512,26 +526,26 @@ return false;
void GxsSecurity::setRSAPublicKey(RsTlvSecurityKey & key, RSA *rsa_pub) void GxsSecurity::setRSAPublicKey(RsTlvSecurityKey & key, RSA *rsa_pub)
{ {
unsigned char data[10240]; /* more than enough space */ unsigned char *data = NULL ; // this works for OpenSSL > 0.9.7
unsigned char *ptr = data; int reqspace = i2d_RSAPublicKey(rsa_pub, &data);
int reqspace = i2d_RSAPublicKey(rsa_pub, &ptr);
key.keyData.setBinData(data, reqspace); key.keyData.setBinData(data, reqspace);
key.keyId = getRsaKeySign(rsa_pub); key.keyId = getRsaKeySign(rsa_pub);
free(data) ;
} }
void GxsSecurity::setRSAPrivateKey(RsTlvSecurityKey & key, RSA *rsa_priv) void GxsSecurity::setRSAPrivateKey(RsTlvSecurityKey & key, RSA *rsa_priv)
{ {
unsigned char data[10240]; /* more than enough space */ unsigned char *data = NULL ;
unsigned char *ptr = data; int reqspace = i2d_RSAPrivateKey(rsa_priv, &data);
int reqspace = i2d_RSAPrivateKey(rsa_priv, &ptr);
key.keyData.setBinData(data, reqspace); key.keyData.setBinData(data, reqspace);
key.keyId = getRsaKeySign(rsa_priv); key.keyId = getRsaKeySign(rsa_priv);
free(data) ;
} }
RSA *GxsSecurity::extractPrivateKey(const RsTlvSecurityKey & key) RSA *GxsSecurity::extractPrivateKey(const RsTlvSecurityKey & key)

View File

@ -98,7 +98,7 @@ public:
*@param in *@param in
*@param inlen *@param inlen
*/ */
static bool encrypt(void *&out, int &outlen, const void *in, int inlen, const RsTlvSecurityKey& key) ; static bool encrypt(uint8_t *&out, int &outlen, const uint8_t *in, int inlen, const RsTlvSecurityKey& key) ;
/** /**
@ -110,7 +110,7 @@ public:
* @param inlen * @param inlen
* @return false if encryption failed * @return false if encryption failed
*/ */
static bool decrypt(void *&out, int &outlen, const void *in, int inlen, const RsTlvSecurityKey& key) ; static bool decrypt(uint8_t *&out, int &outlen, const uint8_t *in, int inlen, const RsTlvSecurityKey& key) ;
/*! /*!
* uses grp signature to check if group has been * uses grp signature to check if group has been

View File

@ -1681,7 +1681,7 @@ bool p3MsgService::createDistantMessage(const RsGxsId& destination_gxs_id,const
std::cerr << "Creating distant message for recipient " << destination_gxs_id << std::endl; std::cerr << "Creating distant message for recipient " << destination_gxs_id << std::endl;
#endif #endif
unsigned char *data = NULL ; unsigned char *data = NULL ;
void *encrypted_data = NULL ; uint8_t *encrypted_data = NULL ;
try try
{ {
@ -1800,7 +1800,7 @@ bool p3MsgService::createDistantMessage(const RsGxsId& destination_gxs_id,const
std::string armoured_data ; std::string armoured_data ;
Radix64::encode((char *)encrypted_data,encrypted_size,armoured_data) ; Radix64::encode((char *)encrypted_data,encrypted_size,armoured_data) ;
free(encrypted_data) ; delete[] encrypted_data ;
encrypted_data = NULL ; encrypted_data = NULL ;
// wipe the item clean and replace the message by the encrypted data. // wipe the item clean and replace the message by the encrypted data.
@ -1841,7 +1841,7 @@ std::string printNumber(uint32_t n,bool hex)
} }
bool p3MsgService::decryptMessage(const std::string& mId) bool p3MsgService::decryptMessage(const std::string& mId)
{ {
void *decrypted_data = NULL; uint8_t *decrypted_data = NULL;
char *encrypted_data = NULL; char *encrypted_data = NULL;
try try
@ -1892,19 +1892,18 @@ bool p3MsgService::decryptMessage(const std::string& mId)
if(!mIdService->getPrivateKey(destination_gxs_id,encryption_key)) if(!mIdService->getPrivateKey(destination_gxs_id,encryption_key))
throw std::runtime_error("Cannot get private encryption key for id " + destination_gxs_id.toStdString()) ; throw std::runtime_error("Cannot get private encryption key for id " + destination_gxs_id.toStdString()) ;
if(!GxsSecurity::decrypt(decrypted_data,decrypted_size,(void*)encrypted_data,encrypted_size,encryption_key)) if(!GxsSecurity::decrypt(decrypted_data,decrypted_size,(uint8_t*)encrypted_data,encrypted_size,encryption_key))
throw std::runtime_error("Decryption failed!") ; throw std::runtime_error("Decryption failed!") ;
std::cerr << " First bytes of decrypted data: " << RsUtil::BinToHex((const char *)decrypted_data,std::min(decrypted_size,50)) << "..."<< std::endl; std::cerr << " First bytes of decrypted data: " << RsUtil::BinToHex((const char *)decrypted_data,std::min(decrypted_size,50)) << "..."<< std::endl;
uint8_t *decr_data = (uint8_t*)decrypted_data ;
#ifdef DEBUG_DISTANT_MSG #ifdef DEBUG_DISTANT_MSG
std::cerr << " Message has succesfully decrypted. Decrypted size = " << decrypted_size << std::endl; std::cerr << " Message has succesfully decrypted. Decrypted size = " << decrypted_size << std::endl;
#endif #endif
// 1 - get the sender's id // 1 - get the sender's id
uint32_t offset = 0 ; uint32_t offset = 0 ;
unsigned char protocol_version = decr_data[offset++] ; unsigned char protocol_version = decrypted_data[offset++] ;
#ifdef DEBUG_DISTANT_MSG #ifdef DEBUG_DISTANT_MSG
std::cerr << " Read protocol version number " << std::hex << (int)protocol_version << std::dec << std::endl; std::cerr << " Read protocol version number " << std::hex << (int)protocol_version << std::dec << std::endl;
@ -1915,12 +1914,12 @@ bool p3MsgService::decryptMessage(const std::string& mId)
#ifdef DEBUG_DISTANT_MSG #ifdef DEBUG_DISTANT_MSG
std::cerr << " Reading identity section " << std::endl; std::cerr << " Reading identity section " << std::endl;
#endif #endif
uint8_t ptag = decr_data[offset++] ; uint8_t ptag = decrypted_data[offset++] ;
if(ptag != DISTANT_MSG_TAG_IDENTITY) if(ptag != DISTANT_MSG_TAG_IDENTITY)
throw std::runtime_error("Bad ptag in encrypted msg packet "+printNumber(ptag,true)+" => packet is dropped.") ; throw std::runtime_error("Bad ptag in encrypted msg packet "+printNumber(ptag,true)+" => packet is dropped.") ;
unsigned char *tmp_data = &decr_data[offset] ; unsigned char *tmp_data = &decrypted_data[offset] ;
unsigned char *old_data = tmp_data ; unsigned char *old_data = tmp_data ;
uint32_t identity_size = PGPKeyParser::read_125Size(tmp_data) ; uint32_t identity_size = PGPKeyParser::read_125Size(tmp_data) ;
offset += tmp_data - old_data ; offset += tmp_data - old_data ;
@ -1928,7 +1927,7 @@ bool p3MsgService::decryptMessage(const std::string& mId)
if(identity_size != RsGxsId::SIZE_IN_BYTES) if(identity_size != RsGxsId::SIZE_IN_BYTES)
throw std::runtime_error("Bad size in Identity section " + printNumber(identity_size,false) + " => packet is dropped.") ; throw std::runtime_error("Bad size in Identity section " + printNumber(identity_size,false) + " => packet is dropped.") ;
RsGxsId senders_id(&decr_data[offset]) ; RsGxsId senders_id(&decrypted_data[offset]) ;
offset += identity_size ; offset += identity_size ;
#ifdef DEBUG_DISTANT_MSG #ifdef DEBUG_DISTANT_MSG
@ -1936,12 +1935,12 @@ bool p3MsgService::decryptMessage(const std::string& mId)
#endif #endif
// 2 - deserialize the item // 2 - deserialize the item
ptag = decr_data[offset++] ; ptag = decrypted_data[offset++] ;
if(ptag != DISTANT_MSG_TAG_CLEAR_MSG) if(ptag != DISTANT_MSG_TAG_CLEAR_MSG)
throw std::runtime_error("Bad ptag in encrypted msg packet " + printNumber(ptag,true) + " => packet is dropped.") ; throw std::runtime_error("Bad ptag in encrypted msg packet " + printNumber(ptag,true) + " => packet is dropped.") ;
tmp_data = &decr_data[offset] ; tmp_data = &decrypted_data[offset] ;
old_data = tmp_data ; old_data = tmp_data ;
uint32_t item_size = PGPKeyParser::read_125Size(tmp_data) ; uint32_t item_size = PGPKeyParser::read_125Size(tmp_data) ;
offset += tmp_data - old_data ; offset += tmp_data - old_data ;
@ -1949,7 +1948,7 @@ bool p3MsgService::decryptMessage(const std::string& mId)
#ifdef DEBUG_DISTANT_MSG #ifdef DEBUG_DISTANT_MSG
std::cerr << " Deserializing..." << std::endl; std::cerr << " Deserializing..." << std::endl;
#endif #endif
RsMsgItem *item = dynamic_cast<RsMsgItem*>(_serialiser->deserialise(&decr_data[offset],&item_size)) ; RsMsgItem *item = dynamic_cast<RsMsgItem*>(_serialiser->deserialise(&decrypted_data[offset],&item_size)) ;
offset += item_size ; offset += item_size ;
if(item == NULL) if(item == NULL)
@ -1963,12 +1962,12 @@ bool p3MsgService::decryptMessage(const std::string& mId)
if(offset < decrypted_size) if(offset < decrypted_size)
{ {
uint8_t ptag = decr_data[offset++] ; uint8_t ptag = decrypted_data[offset++] ;
if(ptag != DISTANT_MSG_TAG_SIGNATURE) if(ptag != DISTANT_MSG_TAG_SIGNATURE)
throw std::runtime_error("Bad ptag in signature packet " + printNumber(ptag,true) + " => packet is dropped.") ; throw std::runtime_error("Bad ptag in signature packet " + printNumber(ptag,true) + " => packet is dropped.") ;
tmp_data = &decr_data[offset] ; tmp_data = &decrypted_data[offset] ;
old_data = tmp_data ; old_data = tmp_data ;
uint32_t signature_size = PGPKeyParser::read_125Size(tmp_data) ; uint32_t signature_size = PGPKeyParser::read_125Size(tmp_data) ;
offset += tmp_data - old_data ; offset += tmp_data - old_data ;
@ -1977,7 +1976,7 @@ bool p3MsgService::decryptMessage(const std::string& mId)
signature.keyId = senders_id.toStdString() ; signature.keyId = senders_id.toStdString() ;
signature.signData.bin_len = signature_size ; signature.signData.bin_len = signature_size ;
signature.signData.bin_data = malloc(signature_size) ; signature.signData.bin_data = malloc(signature_size) ;
memcpy(signature.signData.bin_data,&decr_data[offset],signature_size) ; memcpy(signature.signData.bin_data,&decrypted_data[offset],signature_size) ;
std::cerr << " Signature is present. Verifying it..." << std::endl; std::cerr << " Signature is present. Verifying it..." << std::endl;
signature_present = true ; signature_present = true ;
@ -1998,8 +1997,8 @@ bool p3MsgService::decryptMessage(const std::string& mId)
else else
throw std::runtime_error("Structural error in packet: sizes do not match. Dropping the message.") ; throw std::runtime_error("Structural error in packet: sizes do not match. Dropping the message.") ;
free(decr_data) ; delete[] decrypted_data ;
decr_data = NULL ; decrypted_data = NULL ;
// 4 - replace the item with the decrypted data, and update flags // 4 - replace the item with the decrypted data, and update flags
@ -2062,8 +2061,8 @@ bool p3MsgService::decryptMessage(const std::string& mId)
catch(std::exception& e) catch(std::exception& e)
{ {
std::cerr << "Decryption failed: " << e.what() << std::endl; std::cerr << "Decryption failed: " << e.what() << std::endl;
if(encrypted_data != NULL) free(encrypted_data) ; if(encrypted_data != NULL) delete[] encrypted_data ;
if(decrypted_data != NULL) free(decrypted_data) ; if(decrypted_data != NULL) delete[] decrypted_data ;
return false ; return false ;
} }