[git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-364-g4a064e2

by Peter Wu cvs at cvs.gnupg.org
Thu Mar 24 17:04:08 CET 2016


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  4a064e2a06fe737f344d1dfd8a45cc4c2abbe4c9 (commit)
       via  470a30db241a2d567739ef2adb2a2ee64992d8b4 (commit)
      from  fea5971488e049f902d7912df22a945bc755ad6d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4a064e2a06fe737f344d1dfd8a45cc4c2abbe4c9
Author: Peter Wu <peter at lekensteyn.nl>
Date:   Wed Mar 23 18:21:53 2016 +0100

    cipher: Fix memleaks in (self)tests.
    
    * cipher/dsa.c: Release memory for MPI and sexp structures.
    * cipher/ecc.c: Release memory for sexp structure.
    * tests/keygen.c: Likewise.
    --
    
    These leaks broke the mpitests, basic and keygen tests when running
    under AddressSanitizer.
    
    Signed-off-by: Peter Wu <peter at lekensteyn.nl>
    
    Minor formatting changes by -wk.

diff --git a/cipher/dsa.c b/cipher/dsa.c
index 909a8ca..22d8d78 100644
--- a/cipher/dsa.c
+++ b/cipher/dsa.c
@@ -1255,6 +1255,7 @@ selftest_sign (gcry_sexp_t pkey, gcry_sexp_t skey)
   if (!calculated_r)
     goto leave;
 
+  sexp_release (l2);
   l2 = _gcry_sexp_find_token (l1, "s", 0);
   if (!l2)
     goto leave;
@@ -1289,6 +1290,12 @@ selftest_sign (gcry_sexp_t pkey, gcry_sexp_t skey)
 
 
  leave:
+  _gcry_mpi_release (calculated_s);
+  _gcry_mpi_release (calculated_r);
+  _gcry_mpi_release (s);
+  _gcry_mpi_release (r);
+  sexp_release (l2);
+  sexp_release (l1);
   sexp_release (sig);
   sexp_release (data_bad);
   sexp_release (data);
diff --git a/cipher/ecc.c b/cipher/ecc.c
index 5b03530..8dbf5bd 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -2046,6 +2046,7 @@ selftest_sign (gcry_sexp_t pkey, gcry_sexp_t skey)
   if (!calculated_r)
     goto leave;
 
+  sexp_release (l2);
   l2 = _gcry_sexp_find_token (l1, "s", 0);
   if (!l2)
     goto leave;
diff --git a/tests/keygen.c b/tests/keygen.c
index ebb708b..c4520e9 100644
--- a/tests/keygen.c
+++ b/tests/keygen.c
@@ -219,6 +219,8 @@ check_rsa_keys (void)
                       " ))", 0, 1);
   if (rc)
     die ("error creating S-expression: %s\n", gpg_strerror (rc));
+
+  gcry_sexp_release (key);
   rc = gcry_pk_genkey (&key, keyparm);
   gcry_sexp_release (keyparm);
   if (rc && !in_fips_mode)
@@ -560,6 +562,7 @@ check_ecc_keys (void)
   if (verbose && rc && in_fips_mode)
     show ("... correctly rejected key creation in FIPS mode (%s)\n",
           gpg_strerror (rc));
+  gcry_sexp_release (key);
 
   if (verbose)
     show ("creating ECC key using curve NIST P-384 for ECDSA\n");

commit 470a30db241a2d567739ef2adb2a2ee64992d8b4
Author: Peter Wu <peter at lekensteyn.nl>
Date:   Thu Mar 24 11:06:23 2016 +0100

    Mark constant MPIs as non-leaked
    
    * mpi/mpiutil.c: Mark "constant" MPIs as explicitly leaked.
    --
    
    Requires libgpg-error 1.22 (unreleased) for the macros, but since it is
    a minor debugging aid, do not bump the minimum required version.
    
    Signed-off-by: Peter Wu <peter at lekensteyn.nl>

diff --git a/mpi/mpiutil.c b/mpi/mpiutil.c
index 99402b8..6dee0b9 100644
--- a/mpi/mpiutil.c
+++ b/mpi/mpiutil.c
@@ -211,7 +211,12 @@ _gcry_mpi_free( gcry_mpi_t a )
   if (!a )
     return;
   if ((a->flags & 32))
+  {
+#if GPGRT_VERSION_NUMBER >= 0x011600  /* 1.22 */
+    gpgrt_annotate_leaked_object(a);
+#endif
     return; /* Never release a constant. */
+  }
   if ((a->flags & 4))
     xfree( a->d );
   else

-----------------------------------------------------------------------

Summary of changes:
 cipher/dsa.c   | 7 +++++++
 cipher/ecc.c   | 1 +
 mpi/mpiutil.c  | 5 +++++
 tests/keygen.c | 3 +++
 4 files changed, 16 insertions(+)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org




More information about the Gnupg-commits mailing list