[Cryptech-Commits] [sw/libhal] branch ksng updated: Plug pkey handle leak.

git at cryptech.is git at cryptech.is
Sat Sep 3 06:24:35 UTC 2016

Previous message (by thread): [Cryptech-Commits] [sw/stm32] 01/01: Whack with club until working with new keystore API.
Next message (by thread): [Cryptech-Commits] [sw/pkcs11] branch ksng created (now 8a36a9c)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch ksng
in repository sw/libhal.

The following commit(s) were added to refs/heads/ksng by this push:
       new  1e1604b   Plug pkey handle leak.
1e1604b is described below

commit 1e1604b3bd25c3214b95a4a3280e9041a86a55a2
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Sat Sep 3 02:20:49 2016 -0400

    Plug pkey handle leak.
    
    New keystore code requires slightly different cleanup to avoid leaking
    pkey handle table slots.  Pricetag for reducing the amount of data
    duplicated between pkey and keystore layers.
---
 rpc_pkey.c | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/rpc_pkey.c b/rpc_pkey.c
index 265076c..069a73b 100644
--- a/rpc_pkey.c
+++ b/rpc_pkey.c
@@ -203,8 +203,10 @@ static hal_error_t pkey_local_load(const hal_client_handle_t client,
   else if (ks != NULL)
     (void) hal_ks_close(ks);
 
-  if (err != HAL_OK)
+  if (err != HAL_OK) {
+    slot->type = HAL_KEY_TYPE_NONE;
     return err;
+  }
 
   *pkey = slot->pkey_handle;
   *name = slot->name;
@@ -242,8 +244,10 @@ static hal_error_t pkey_local_find(const hal_client_handle_t client,
   else if (ks != NULL)
     (void) hal_ks_close(ks);
 
-  if (err != HAL_OK)
+  if (err != HAL_OK) {
+    slot->type = HAL_KEY_TYPE_NONE;
     return err;
+  }
 
   *pkey = slot->pkey_handle;
   return HAL_OK;
@@ -282,8 +286,10 @@ static hal_error_t pkey_local_generate_rsa(const hal_client_handle_t client,
   slot->flags = flags;
 
   if ((err = hal_rsa_key_gen(NULL, &key, keybuf, sizeof(keybuf), key_length / 8,
-                             public_exponent, public_exponent_len)) != HAL_OK)
+                             public_exponent, public_exponent_len)) != HAL_OK) {
+    slot->type = HAL_KEY_TYPE_NONE;
     return err;
+  }
 
   uint8_t der[hal_rsa_private_key_to_der_len(key)];
   size_t der_len;
@@ -298,8 +304,10 @@ static hal_error_t pkey_local_generate_rsa(const hal_client_handle_t client,
   memset(keybuf, 0, sizeof(keybuf));
   memset(der, 0, sizeof(der));
 
-  if (err != HAL_OK)
+  if (err != HAL_OK) {
+    slot->type = HAL_KEY_TYPE_NONE;
     return err;
+  }
 
   *pkey = slot->pkey_handle;
   *name = slot->name;
@@ -338,8 +346,10 @@ static hal_error_t pkey_local_generate_ec(const hal_client_handle_t client,
   slot->curve = curve;
   slot->flags = flags;
 
-  if ((err = hal_ecdsa_key_gen(NULL, &key, keybuf, sizeof(keybuf), curve)) != HAL_OK)
+  if ((err = hal_ecdsa_key_gen(NULL, &key, keybuf, sizeof(keybuf), curve)) != HAL_OK) {
+    slot->type = HAL_KEY_TYPE_NONE;
     return err;
+  }
 
   uint8_t der[hal_ecdsa_private_key_to_der_len(key)];
   size_t der_len;
@@ -354,8 +364,10 @@ static hal_error_t pkey_local_generate_ec(const hal_client_handle_t client,
   memset(keybuf, 0, sizeof(keybuf));
   memset(der, 0, sizeof(der));
 
-  if (err != HAL_OK)
+  if (err != HAL_OK) {
+    slot->type = HAL_KEY_TYPE_NONE;
     return err;
+  }
 
   *pkey = slot->pkey_handle;
   *name = slot->name;

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

Previous message (by thread): [Cryptech-Commits] [sw/stm32] 01/01: Whack with club until working with new keystore API.
Next message (by thread): [Cryptech-Commits] [sw/pkcs11] branch ksng created (now 8a36a9c)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Commits mailing list