]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
projects / thirdparty / gnutls.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4a4cefe)
gnutls_privkey_decrypt_data: don't free plaintext on failure
authorDaiki Ueno <ueno@gnu.org>
Sun, 24 Mar 2024 21:45:39 +0000 (06:45 +0900)
committerDaiki Ueno <ueno@gnu.org>
Sun, 24 Mar 2024 23:24:44 +0000 (08:24 +0900)
As _wrap_nettle_pk_decrypt uses a locally allocated buffer for the
plaintext, it doesn't need to free the plaintext given by the caller.

Signed-off-by: Daiki Ueno <ueno@gnu.org>
lib/nettle/pk.c patch | blob | blame | history
tests/rsa-rsa-oaep.c patch | blob | blame | history

diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index dd6b9936a8d1a592dea9ca5c693d641a2a8778b0..13546673eb24f05f58c39dd7fa43f62bfb432af9 100644 (file)
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -1034,7 +1034,6 @@ static int _wrap_nettle_pk_decrypt(gnutls_pk_algorithm_t algo,
 cleanup:
        gnutls_free(buf);
        if (ret < 0) {
-               gnutls_free(plaintext->data);
                _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
        } else if (not_approved) {
                _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_NOT_APPROVED);
diff --git a/tests/rsa-rsa-oaep.c b/tests/rsa-rsa-oaep.c
index 175dc6d54fd38fcfae3bb172b7dd7d3380cc9ec5..3a2bd9aa998936a38f9b1f230925a12f4fcadd62 100644 (file)
--- a/tests/rsa-rsa-oaep.c
+++ b/tests/rsa-rsa-oaep.c
@@ -53,6 +53,7 @@ static void encrypt_decrypt_data(gnutls_privkey_t privkey,
        gnutls_pubkey_t pubkey;
        gnutls_datum_t ciphertext = { NULL, 0 };
        gnutls_datum_t decrypted = { NULL, 0 };
+       gnutls_datum_t uninitialized;
 
        assert(gnutls_pubkey_init(&pubkey) >= 0);
        ret = gnutls_pubkey_import_privkey(pubkey, privkey, 0, 0);
@@ -70,6 +71,15 @@ static void encrypt_decrypt_data(gnutls_privkey_t privkey,
        ret = gnutls_privkey_decrypt_data(privkey, 0, &ciphertext, &decrypted);
        fips_pop_context(fips_context, exp_state);
 
+       /* gnutls_privkey_decrypt_data shouldn't touch plaintext upon
+        * failure */
+       assert(ciphertext.size >= 4);
+       memcpy(ciphertext.data, "\xde\xad\xbe\xef", 4);
+       ret = gnutls_privkey_decrypt_data(privkey, 0, &ciphertext,
+                                         &uninitialized);
+       if (ret >= 0)
+               fail("gnutls_privkey_decrypt_data unexpectedly succeeded\n");
+
 out:
        gnutls_pubkey_deinit(pubkey);
        gnutls_free(ciphertext.data);
Mirror of https://gitlab.com/gnutls/gnutls.git