shithub: riscv

Download patch

ref: 7250c438bb124f76aa006dad47b5a3b8f277d1b7
parent: 0ac260b18a9a41ba944e6dadec5d15c058af23fd
author: cinap_lenrek <[email protected]>
date: Sat Aug 27 16:37:14 EDT 2016 

devssl: allocate cipher states in secret memory


--- a/sys/src/9/port/devssl.c
+++ b/sys/src/9/port/devssl.c
@@ -373,14 +373,10 @@
 		sslhangup(s);
 		if(s->c)
 			cclose(s->c);
-		if(s->in.secret)
-			free(s->in.secret);
-		if(s->out.secret)
-			free(s->out.secret);
-		if(s->in.state)
-			free(s->in.state);
-		if(s->out.state)
-			free(s->out.state);
+		secfree(s->in.secret);
+		secfree(s->out.secret);
+		secfree(s->in.state);
+		secfree(s->out.state);
 		free(s);
 
 	}
@@ -826,10 +822,8 @@
 static void
 setsecret(OneWay *w, uchar *secret, int n)
 {
-	if(w->secret)
-		free(w->secret);
-
-	w->secret = smalloc(n);
+	secfree(w->secret);
+	w->secret = secalloc(n);
 	memmove(w->secret, secret, n);
 	w->slen = n;
 }
@@ -837,12 +831,8 @@
 static void
 initDESkey(OneWay *w)
 {
-	if(w->state){
-		free(w->state);
-		w->state = 0;
-	}
-
-	w->state = smalloc(sizeof(DESstate));
+	secfree(w->state);
+	w->state = secalloc(sizeof(DESstate));
 	if(w->slen >= 16)
 		setupDESstate(w->state, w->secret, w->secret+8);
 	else if(w->slen >= 8)
@@ -860,11 +850,6 @@
 {
 	uchar key[8];
 
-	if(w->state){
-		free(w->state);
-		w->state = 0;
-	}
-
 	if(w->slen >= 8){
 		memmove(key, w->secret, 8);
 		key[0] &= 0x0f;
@@ -872,25 +857,14 @@
 		key[4] &= 0x0f;
 		key[6] &= 0x0f;
 	}
-
-	w->state = smalloc(sizeof(DESstate));
-	if(w->slen >= 16)
-		setupDESstate(w->state, key, w->secret+8);
-	else if(w->slen >= 8)
-		setupDESstate(w->state, key, 0);
-	else
-		error("secret too short");
+	initDESkey(w);
 }
 
 static void
 initRC4key(OneWay *w)
 {
-	if(w->state){
-		free(w->state);
-		w->state = 0;
-	}
-
-	w->state = smalloc(sizeof(RC4state));
+	secfree(w->state);
+	w->state = secalloc(sizeof(RC4state));
 	setupRC4state(w->state, w->secret, w->slen);
 }
 
@@ -901,16 +875,9 @@
 static void
 initRC4key_40(OneWay *w)
 {
-	if(w->state){
-		free(w->state);
-		w->state = 0;
-	}
-
 	if(w->slen > 5)
 		w->slen = 5;
-
-	w->state = smalloc(sizeof(RC4state));
-	setupRC4state(w->state, w->secret, w->slen);
+	initRC4key(w);
 }
 
 /*
@@ -920,16 +887,9 @@
 static void
 initRC4key_128(OneWay *w)
 {
-	if(w->state){
-		free(w->state);
-		w->state = 0;
-	}
-
 	if(w->slen > 16)
 		w->slen = 16;
-
-	w->state = smalloc(sizeof(RC4state));
-	setupRC4state(w->state, w->secret, w->slen);
+	initRC4key(w);
 }
 
 
@@ -1177,27 +1137,29 @@
 		break;
 	case Csin:
 		p = cb->f[1];
-		m = (strlen(p)*3)/2;
-		x = smalloc(m);
+		m = (strlen(p)*3)/2 + 1;
+		x = secalloc(m);
 		t = dec64(x, m, p, strlen(p));
+		memset(p, 0, strlen(p));
 		if(t <= 0){
-			free(x);
+			secfree(x);
 			error(Ebadarg);
 		}
 		setsecret(&s->in, x, t);
-		free(x);
+		secfree(x);
 		break;
 	case Csout:
 		p = cb->f[1];
 		m = (strlen(p)*3)/2 + 1;
-		x = smalloc(m);
+		x = secalloc(m);
 		t = dec64(x, m, p, strlen(p));
+		memset(p, 0, strlen(p));
 		if(t <= 0){
-			free(x);
+			secfree(x);
 			error(Ebadarg);
 		}
 		setsecret(&s->out, x, t);
-		free(x);
+		secfree(x);
 		break;
 	}
 	poperror();