Overview
| Comment: | Fixed a couple of issues found setting up test cases for the AFL fuzzer |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
633a24960ec641d02d36c5160ad58819 |
| User & Date: | rkeene on 2015-07-23 20:45:50 |
| Other Links: | manifest | tags |
Context
|
2015-07-24
| ||
| 04:07 | Added more fixes for memory leaks or use of uninitialized memory check-in: 846e77f0f5 user: rkeene tags: trunk | |
|
2015-07-23
| ||
| 20:45 | Fixed a couple of issues found setting up test cases for the AFL fuzzer check-in: 633a24960e user: rkeene tags: trunk | |
| 18:28 | Merged in reader filtering check-in: 30f9879615 user: rkeene tags: trunk | |
Changes
Modified cackey.c from [0922233e4d] to [c129398723].
| ︙ | ︙ | |||
2830 2831 2832 2833 2834 2835 2836 |
identity->pcsc_identity->keysize = x509_to_keysize(identity->pcsc_identity->certificate, identity->pcsc_identity->certificate_len);
}
/* Pad message to key size */
if (padInput) {
if (identity->pcsc_identity->keysize > 0) {
if (buflen != identity->pcsc_identity->keysize) {
| | > > | 2830 2831 2832 2833 2834 2835 2836 2837 2838 2839 2840 2841 2842 2843 2844 2845 2846 2847 2848 2849 2850 2851 2852 2853 2854 2855 2856 |
identity->pcsc_identity->keysize = x509_to_keysize(identity->pcsc_identity->certificate, identity->pcsc_identity->certificate_len);
}
/* Pad message to key size */
if (padInput) {
if (identity->pcsc_identity->keysize > 0) {
if (buflen != identity->pcsc_identity->keysize) {
if (buflen > (identity->pcsc_identity->keysize - 3)) {
CACKEY_DEBUG_PRINTF("Error. Message is too large to sign/decrypt");
return(-1);
}
tmpbuflen = identity->pcsc_identity->keysize;
tmpbuf = malloc(tmpbuflen);
free_tmpbuf = 1;
padlen = tmpbuflen - buflen - 3;
CACKEY_DEBUG_PRINTF("Need to pad the buffer with %llu bytes (tmpbuflen = %llu, buflen = %llu)", (unsigned long long) padlen, (unsigned long long) tmpbuflen, (unsigned long long) buflen);
/* RSA PKCS#1 EMSA-PKCS1-v1_5 Padding */
tmpbuf[0] = 0x00;
tmpbuf[1] = 0x01;
memset(&tmpbuf[2], 0xFF, padlen);
tmpbuf[padlen + 2]= 0x00;
memcpy(&tmpbuf[padlen + 3], buf, buflen);
|
| ︙ | ︙ | |||
7185 7186 7187 7188 7189 7190 7191 7192 7193 7194 7195 7196 7197 7198 |
CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);
return(CKR_OK);
}
CK_DEFINE_FUNCTION(CK_RV, C_SignUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen) {
int mutex_retval;
CACKEY_DEBUG_PRINTF("Called.");
if (!cackey_initialized) {
CACKEY_DEBUG_PRINTF("Error. Not initialized.");
return(CKR_CRYPTOKI_NOT_INITIALIZED);
| > > | 7187 7188 7189 7190 7191 7192 7193 7194 7195 7196 7197 7198 7199 7200 7201 7202 |
CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);
return(CKR_OK);
}
CK_DEFINE_FUNCTION(CK_RV, C_SignUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen) {
int mutex_retval;
int resizeRetry;
int needResize;
CACKEY_DEBUG_PRINTF("Called.");
if (!cackey_initialized) {
CACKEY_DEBUG_PRINTF("Error. Not initialized.");
return(CKR_CRYPTOKI_NOT_INITIALIZED);
|
| ︙ | ︙ | |||
7245 7246 7247 7248 7249 7250 7251 |
return(CKR_OPERATION_NOT_INITIALIZED);
}
switch (cackey_sessions[hSession].sign_mechanism) {
case CKM_RSA_PKCS:
/* Accumulate directly */
| > > | > > > > > > > > > > > > > > > > > > > > > > > > > > | 7249 7250 7251 7252 7253 7254 7255 7256 7257 7258 7259 7260 7261 7262 7263 7264 7265 7266 7267 7268 7269 7270 7271 7272 7273 7274 7275 7276 7277 7278 7279 7280 7281 7282 7283 7284 7285 7286 7287 7288 7289 7290 7291 7292 7293 7294 7295 |
return(CKR_OPERATION_NOT_INITIALIZED);
}
switch (cackey_sessions[hSession].sign_mechanism) {
case CKM_RSA_PKCS:
/* Accumulate directly */
for (resizeRetry = 0; resizeRetry < 11; resizeRetry++) {
needResize = 0;
if ((cackey_sessions[hSession].sign_bufused + ulPartLen) > cackey_sessions[hSession].sign_buflen) {
needResize = 1;
}
if (!needResize) {
break;
}
CACKEY_DEBUG_PRINTF("Resizing signing buffer (try #%i of 10 -- 11th is fatal)", resizeRetry);
if (resizeRetry == 10) {
free(cackey_sessions[hSession].sign_buf);
cackey_sessions[hSession].sign_buflen = 0;
cackey_sessions[hSession].sign_buf = NULL;
break;
}
cackey_sessions[hSession].sign_buflen *= 2;
cackey_sessions[hSession].sign_buf = realloc(cackey_sessions[hSession].sign_buf, sizeof(*cackey_sessions[hSession].sign_buf) * cackey_sessions[hSession].sign_buflen);
}
if (cackey_sessions[hSession].sign_buf == NULL) {
cackey_mutex_unlock(cackey_biglock);
CACKEY_DEBUG_PRINTF("Error. Signing buffer is NULL.");
return(CKR_GENERAL_ERROR);
}
memcpy(cackey_sessions[hSession].sign_buf + cackey_sessions[hSession].sign_bufused, pPart, ulPartLen);
cackey_sessions[hSession].sign_bufused += ulPartLen;
break;
}
|
| ︙ | ︙ |