[PATCH 1/8] md: clear bctx.count at final function

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH 1/8] md: clear bctx.count at final function

Jussi Kivilinna-2
* cipher/md4.c (md4_final): Set bctx.count zero after
finalizing.
* cipher/md5.c (md5_final): Ditto.
* cipher/rmd160.c (rmd160_final): Ditto.
* cipher/sha1.c (sha1_final): Ditto.
* cipher/sha256.c (sha256_final): Ditto.
* cipher/sha512.c (sha512_final): Ditto.
* cipher/sm3.c (sm3_final): Ditto.
* cipher/stribog.c (stribog_final): Ditto.
* cipher/tiger.c (tiger_final): Ditto.
--

Final functions used to use _gcry_md_block_write for passing
final blocks to transform function and thus set bctx.count
to zero in _gcry_md_block_write. Final functions were then
changed to use transform functions directly, but bctx.count
was not set zero after this change. Then later optimization
to final functions to pass two blocks to transform functions
in one call also changed values set to bctx.count, causing
bctx.count getting value larger than block-size of digest
algorithm.

Signed-off-by: Jussi Kivilinna <[hidden email]>
---
 cipher/md4.c     | 4 ++--
 cipher/md5.c     | 4 ++--
 cipher/rmd160.c  | 4 ++--
 cipher/sha1.c    | 4 ++--
 cipher/sha256.c  | 4 ++--
 cipher/sha512.c  | 3 ++-
 cipher/sm3.c     | 4 ++--
 cipher/stribog.c | 2 ++
 cipher/tiger.c   | 5 +++--
 9 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/cipher/md4.c b/cipher/md4.c
index 24986c27..b55443a8 100644
--- a/cipher/md4.c
+++ b/cipher/md4.c
@@ -237,7 +237,6 @@ md4_final( void *context )
       hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */
       if (hd->bctx.count < 56)
  memset (&hd->bctx.buf[hd->bctx.count], 0, 56 - hd->bctx.count);
-      hd->bctx.count = 56;
 
       /* append the 64 bit count */
       buf_put_le32(hd->bctx.buf + 56, lsb);
@@ -249,7 +248,6 @@ md4_final( void *context )
       hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad character */
       /* fill pad and next block with zeroes */
       memset (&hd->bctx.buf[hd->bctx.count], 0, 64 - hd->bctx.count + 56);
-      hd->bctx.count = 64 + 56;
 
       /* append the 64 bit count */
       buf_put_le32(hd->bctx.buf + 64 + 56, lsb);
@@ -265,6 +263,8 @@ md4_final( void *context )
   X(D);
 #undef X
 
+  hd->bctx.count = 0;
+
   _gcry_burn_stack (burn);
 }
 
diff --git a/cipher/md5.c b/cipher/md5.c
index 6859d566..32cb535a 100644
--- a/cipher/md5.c
+++ b/cipher/md5.c
@@ -261,7 +261,6 @@ md5_final( void *context)
       hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */
       if (hd->bctx.count < 56)
  memset (&hd->bctx.buf[hd->bctx.count], 0, 56 - hd->bctx.count);
-      hd->bctx.count = 56;
 
       /* append the 64 bit count */
       buf_put_le32(hd->bctx.buf + 56, lsb);
@@ -273,7 +272,6 @@ md5_final( void *context)
       hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad character */
       /* fill pad and next block with zeroes */
       memset (&hd->bctx.buf[hd->bctx.count], 0, 64 - hd->bctx.count + 56);
-      hd->bctx.count = 64 + 56;
 
       /* append the 64 bit count */
       buf_put_le32(hd->bctx.buf + 64 + 56, lsb);
@@ -289,6 +287,8 @@ md5_final( void *context)
   X(D);
 #undef X
 
+  hd->bctx.count = 0;
+
   _gcry_burn_stack (burn);
 }
 
diff --git a/cipher/rmd160.c b/cipher/rmd160.c
index 0608f74c..e12ff017 100644
--- a/cipher/rmd160.c
+++ b/cipher/rmd160.c
@@ -434,7 +434,6 @@ rmd160_final( void *context )
       hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */
       if (hd->bctx.count < 56)
  memset (&hd->bctx.buf[hd->bctx.count], 0, 56 - hd->bctx.count);
-      hd->bctx.count = 56;
 
       /* append the 64 bit count */
       buf_put_le32(hd->bctx.buf + 56, lsb);
@@ -446,7 +445,6 @@ rmd160_final( void *context )
       hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad character */
       /* fill pad and next block with zeroes */
       memset (&hd->bctx.buf[hd->bctx.count], 0, 64 - hd->bctx.count + 56);
-      hd->bctx.count = 64 + 56;
 
       /* append the 64 bit count */
       buf_put_le32(hd->bctx.buf + 64 + 56, lsb);
@@ -463,6 +461,8 @@ rmd160_final( void *context )
   X(4);
 #undef X
 
+  hd->bctx.count = 0;
+
   _gcry_burn_stack (burn);
 }
 
diff --git a/cipher/sha1.c b/cipher/sha1.c
index 287bd826..35f7376c 100644
--- a/cipher/sha1.c
+++ b/cipher/sha1.c
@@ -591,7 +591,6 @@ sha1_final(void *context)
       hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */
       if (hd->bctx.count < 56)
  memset (&hd->bctx.buf[hd->bctx.count], 0, 56 - hd->bctx.count);
-      hd->bctx.count = 56;
 
       /* append the 64 bit count */
       buf_put_be32(hd->bctx.buf + 56, msb);
@@ -603,7 +602,6 @@ sha1_final(void *context)
       hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad character */
       /* fill pad and next block with zeroes */
       memset (&hd->bctx.buf[hd->bctx.count], 0, 64 - hd->bctx.count + 56);
-      hd->bctx.count = 64 + 56;
 
       /* append the 64 bit count */
       buf_put_be32(hd->bctx.buf + 64 + 56, msb);
@@ -620,6 +618,8 @@ sha1_final(void *context)
   X(4);
 #undef X
 
+  hd->bctx.count = 0;
+
   _gcry_burn_stack (burn);
 }
 
diff --git a/cipher/sha256.c b/cipher/sha256.c
index 5c761b20..93505891 100644
--- a/cipher/sha256.c
+++ b/cipher/sha256.c
@@ -584,7 +584,6 @@ sha256_final(void *context)
       hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */
       if (hd->bctx.count < 56)
  memset (&hd->bctx.buf[hd->bctx.count], 0, 56 - hd->bctx.count);
-      hd->bctx.count = 56;
 
       /* append the 64 bit count */
       buf_put_be32(hd->bctx.buf + 56, msb);
@@ -596,7 +595,6 @@ sha256_final(void *context)
       hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad character */
       /* fill pad and next block with zeroes */
       memset (&hd->bctx.buf[hd->bctx.count], 0, 64 - hd->bctx.count + 56);
-      hd->bctx.count = 64 + 56;
 
       /* append the 64 bit count */
       buf_put_be32(hd->bctx.buf + 64 + 56, msb);
@@ -616,6 +614,8 @@ sha256_final(void *context)
   X(7);
 #undef X
 
+  hd->bctx.count = 0;
+
   _gcry_burn_stack (burn);
 }
 
diff --git a/cipher/sha512.c b/cipher/sha512.c
index 0f4c304f..bc4657a8 100644
--- a/cipher/sha512.c
+++ b/cipher/sha512.c
@@ -818,7 +818,6 @@ sha512_final (void *context)
   hd->bctx.buf[hd->bctx.count++] = 0x80;  /* pad */
   if (hd->bctx.count < 112)
     memset (&hd->bctx.buf[hd->bctx.count], 0, 112 - hd->bctx.count);
-  hd->bctx.count = 112;
  }
       else
  {
@@ -850,6 +849,8 @@ sha512_final (void *context)
   X (7);
 #undef X
 
+  hd->bctx.count = 0;
+
   _gcry_burn_stack (burn);
 }
 
diff --git a/cipher/sm3.c b/cipher/sm3.c
index aee94987..0f9bae3b 100644
--- a/cipher/sm3.c
+++ b/cipher/sm3.c
@@ -294,7 +294,6 @@ sm3_final(void *context)
       hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */
       if (hd->bctx.count < 56)
  memset (&hd->bctx.buf[hd->bctx.count], 0, 56 - hd->bctx.count);
-      hd->bctx.count = 56;
 
       /* append the 64 bit count */
       buf_put_be32(hd->bctx.buf + 56, msb);
@@ -306,7 +305,6 @@ sm3_final(void *context)
       hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad character */
       /* fill pad and next block with zeroes */
       memset (&hd->bctx.buf[hd->bctx.count], 0, 64 - hd->bctx.count + 56);
-      hd->bctx.count = 64 + 56;
 
       /* append the 64 bit count */
       buf_put_be32(hd->bctx.buf + 64 + 56, msb);
@@ -326,6 +324,8 @@ sm3_final(void *context)
   X(7);
 #undef X
 
+  hd->bctx.count = 0;
+
   _gcry_burn_stack (burn);
 }
 
diff --git a/cipher/stribog.c b/cipher/stribog.c
index c919182a..f8776a3e 100644
--- a/cipher/stribog.c
+++ b/cipher/stribog.c
@@ -1304,6 +1304,8 @@ stribog_final (void *context)
   for (i = 0; i < 8; i++)
     hd->h[i] = le_bswap64(hd->h[i]);
 
+  hd->bctx.count = 0;
+
   _gcry_burn_stack (768);
 }
 
diff --git a/cipher/tiger.c b/cipher/tiger.c
index b2f16677..4039b22b 100644
--- a/cipher/tiger.c
+++ b/cipher/tiger.c
@@ -760,7 +760,7 @@ tiger_final( void *context )
       hd->bctx.buf[hd->bctx.count++] = pad;
       if (hd->bctx.count < 56)
  memset (&hd->bctx.buf[hd->bctx.count], 0, 56 - hd->bctx.count);
-      hd->bctx.count = 56;
+
       /* append the 64 bit count */
       buf_put_le32(hd->bctx.buf + 56, lsb);
       buf_put_le32(hd->bctx.buf + 60, msb);
@@ -771,7 +771,6 @@ tiger_final( void *context )
       hd->bctx.buf[hd->bctx.count++] = pad; /* pad character */
       /* fill pad and next block with zeroes */
       memset (&hd->bctx.buf[hd->bctx.count], 0, 64 - hd->bctx.count + 56);
-      hd->bctx.count = 64 + 56;
 
       /* append the 64 bit count */
       buf_put_le32(hd->bctx.buf + 64 + 56, lsb);
@@ -797,6 +796,8 @@ tiger_final( void *context )
 #undef X
 #undef Y
 
+  hd->bctx.count = 0;
+
   _gcry_burn_stack (burn);
 }
 
--
2.27.0


_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Reply | Threaded
Open this post in threaded view
|

[PATCH 2/8] Fix building with --disable-asm on x86

Jussi Kivilinna-2
* cipher/keccak.c (USE_64BIT_BMI2, USE_64BIT_SHLD)
(USE_32BIT_BMI2): Depend also on HAVE_CPU_ARCH_X86.
* random/rndjent.c [__i386__ || __x86_64__] (USE_JENT): Depend
also on HAVE_CPU_ARCH_X86.
--

Signed-off-by: Jussi Kivilinna <[hidden email]>
---
 cipher/keccak.c  | 9 ++++++---
 random/rndjent.c | 2 +-
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/cipher/keccak.c b/cipher/keccak.c
index 87a47ac3..795a02e5 100644
--- a/cipher/keccak.c
+++ b/cipher/keccak.c
@@ -40,21 +40,24 @@
 
 /* USE_64BIT_BMI2 indicates whether to compile with 64-bit Intel BMI2 code. */
 #undef USE_64BIT_BMI2
-#if defined(USE_64BIT) && defined(HAVE_GCC_INLINE_ASM_BMI2)
+#if defined(USE_64BIT) && defined(HAVE_GCC_INLINE_ASM_BMI2) && \
+    defined(HAVE_CPU_ARCH_X86)
 # define USE_64BIT_BMI2 1
 #endif
 
 
 /* USE_64BIT_SHLD indicates whether to compile with 64-bit Intel SHLD code. */
 #undef USE_64BIT_SHLD
-#if defined(USE_64BIT) && defined (__GNUC__) && defined(__x86_64__)
+#if defined(USE_64BIT) && defined (__GNUC__) && defined(__x86_64__) && \
+    defined(HAVE_CPU_ARCH_X86)
 # define USE_64BIT_SHLD 1
 #endif
 
 
 /* USE_32BIT_BMI2 indicates whether to compile with 32-bit Intel BMI2 code. */
 #undef USE_32BIT_BMI2
-#if defined(USE_32BIT) && defined(HAVE_GCC_INLINE_ASM_BMI2)
+#if defined(USE_32BIT) && defined(HAVE_GCC_INLINE_ASM_BMI2) && \
+    defined(HAVE_CPU_ARCH_X86)
 # define USE_32BIT_BMI2 1
 #endif
 
diff --git a/random/rndjent.c b/random/rndjent.c
index 3d01290f..56648a87 100644
--- a/random/rndjent.c
+++ b/random/rndjent.c
@@ -57,7 +57,7 @@
 #define JENT_USES_GETTIME 2
 #define JENT_USES_READ_REAL_TIME 3
 #ifdef ENABLE_JENT_SUPPORT
-# if defined (__i386__) || defined(__x86_64__)
+# if (defined (__i386__) || defined(__x86_64__)) && defined(HAVE_CPU_ARCH_X86)
 #   define USE_JENT JENT_USES_RDTSC
 # elif defined (HAVE_CLOCK_GETTIME)
 #  if _AIX
--
2.27.0


_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Reply | Threaded
Open this post in threaded view
|

[PATCH 3/8] Fix ubsan warnings for i386 build

Jussi Kivilinna-2
In reply to this post by Jussi Kivilinna-2
* mpi/mpicoder.c (_gcry_mpi_set_buffer) [BYTES_PER_MPI_LIMB == 4]: Cast
"*p--" values to mpi_limb_t before left shifting.
* tests/t-lock.c (main): Cast 'time(NULL)' to unsigned type.
--

Signed-off-by: Jussi Kivilinna <[hidden email]>
---
 mpi/mpicoder.c | 16 ++++++++--------
 tests/t-lock.c |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/mpi/mpicoder.c b/mpi/mpicoder.c
index a133421e..f61f777f 100644
--- a/mpi/mpicoder.c
+++ b/mpi/mpicoder.c
@@ -354,10 +354,10 @@ _gcry_mpi_set_buffer (gcry_mpi_t a, const void *buffer_arg,
   for (i=0, p = buffer+nbytes-1; p >= buffer+BYTES_PER_MPI_LIMB; )
     {
 #if BYTES_PER_MPI_LIMB == 4
-      alimb  = *p--    ;
-      alimb |= *p-- <<  8 ;
-      alimb |= *p-- << 16 ;
-      alimb |= *p-- << 24 ;
+      alimb  = (mpi_limb_t)*p--    ;
+      alimb |= (mpi_limb_t)*p-- <<  8 ;
+      alimb |= (mpi_limb_t)*p-- << 16 ;
+      alimb |= (mpi_limb_t)*p-- << 24 ;
 #elif BYTES_PER_MPI_LIMB == 8
       alimb  = (mpi_limb_t)*p-- ;
       alimb |= (mpi_limb_t)*p-- <<  8 ;
@@ -375,13 +375,13 @@ _gcry_mpi_set_buffer (gcry_mpi_t a, const void *buffer_arg,
   if ( p >= buffer )
     {
 #if BYTES_PER_MPI_LIMB == 4
-      alimb  = *p--;
+      alimb  = (mpi_limb_t)*p--;
       if (p >= buffer)
-        alimb |= *p-- <<  8;
+        alimb |= (mpi_limb_t)*p-- <<  8;
       if (p >= buffer)
-        alimb |= *p-- << 16;
+        alimb |= (mpi_limb_t)*p-- << 16;
       if (p >= buffer)
-        alimb |= *p-- << 24;
+        alimb |= (mpi_limb_t)*p-- << 24;
 #elif BYTES_PER_MPI_LIMB == 8
       alimb  = (mpi_limb_t)*p--;
       if (p >= buffer)
diff --git a/tests/t-lock.c b/tests/t-lock.c
index e263aff2..cacc3835 100644
--- a/tests/t-lock.c
+++ b/tests/t-lock.c
@@ -433,7 +433,7 @@ main (int argc, char **argv)
         }
     }
 
-  srand (time(NULL)*getpid());
+  srand ((unsigned int)time(NULL)*getpid());
 
   if (debug)
     xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u, 0));
--
2.27.0


_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Reply | Threaded
Open this post in threaded view
|

[PATCH 4/8] jent: silence ubsan warning about signed overflow

Jussi Kivilinna-2
In reply to this post by Jussi Kivilinna-2
* random/jitterentropy-base.c (jent_stuck): Cast 'delta2' values to
'uint64_t' for calculation.
--

Signed-off-by: Jussi Kivilinna <[hidden email]>
---
 random/jitterentropy-base.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/random/jitterentropy-base.c b/random/jitterentropy-base.c
index 32fdea46..ba435e1b 100644
--- a/random/jitterentropy-base.c
+++ b/random/jitterentropy-base.c
@@ -306,7 +306,7 @@ static unsigned int jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
 static int jent_stuck(struct rand_data *ec, uint64_t current_delta)
 {
  int64_t delta2 = ec->last_delta - current_delta;
- int64_t delta3 = delta2 - ec->last_delta2;
+ int64_t delta3 = (uint64_t)delta2 - (uint64_t)ec->last_delta2;
 
  ec->last_delta = current_delta;
  ec->last_delta2 = delta2;
--
2.27.0


_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Reply | Threaded
Open this post in threaded view
|

[PATCH 5/8] Add handling for -Og with O-flag munging

Jussi Kivilinna-2
In reply to this post by Jussi Kivilinna-2
* cipher/Makefile.am (o_flag_munging): Add handling for '-Og'.
* random/Makefile.am (o_flag_munging): Add handling for '-Og'.
--

Signed-off-by: Jussi Kivilinna <[hidden email]>
---
 cipher/Makefile.am | 2 +-
 random/Makefile.am | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cipher/Makefile.am b/cipher/Makefile.am
index 6d3ec35e..d6440056 100644
--- a/cipher/Makefile.am
+++ b/cipher/Makefile.am
@@ -147,7 +147,7 @@ gost-s-box: gost-s-box.c
 
 
 if ENABLE_O_FLAG_MUNGING
-o_flag_munging = sed -e 's/-O\([2-9s][2-9s]*\)/-O1/' -e 's/-Ofast/-O1/g'
+o_flag_munging = sed -e 's/-O\([2-9sg][2-9sg]*\)/-O1/' -e 's/-Ofast/-O1/g'
 else
 o_flag_munging = cat
 endif
diff --git a/random/Makefile.am b/random/Makefile.am
index 60af5b4a..7e6e6f03 100644
--- a/random/Makefile.am
+++ b/random/Makefile.am
@@ -55,7 +55,7 @@ jitterentropy-base.c jitterentropy.h jitterentropy-base-user.h
 
 # The rndjent module needs to be compiled without optimization.  */
 if ENABLE_O_FLAG_MUNGING
-o_flag_munging = sed -e 's/-O\([1-9s][1-9s]*\)/-O0/g' -e 's/-Ofast/-O0/g'
+o_flag_munging = sed -e 's/-O\([1-9sg][1-9sg]*\)/-O0/g' -e 's/-Ofast/-O0/g'
 else
 o_flag_munging = cat
 endif
--
2.27.0


_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Reply | Threaded
Open this post in threaded view
|

[PATCH 6/8] global: make sure that bulk config string is null-terminated

Jussi Kivilinna-2
In reply to this post by Jussi Kivilinna-2
* src/global.c (_gcry_get_config): Append null-terminator to output
in the 'what == NULL' case.
--

Config string was not being explicitly null-terminated which resulted
garbage output from tests/version with ASAN enabled builds.

Signed-off-by: Jussi Kivilinna <[hidden email]>
---
 src/global.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/global.c b/src/global.c
index 57f7329b..8940cea0 100644
--- a/src/global.c
+++ b/src/global.c
@@ -434,6 +434,13 @@ _gcry_get_config (int mode, const char *what)
     return NULL;
 
   print_config (what, fp);
+
+  if (!what)
+    {
+      /* Null-terminate bulk output. */
+      gpgrt_fwrite ("\0", 1, 1, fp);
+    }
+
   if (gpgrt_ferror (fp))
     {
       save_errno = errno;
--
2.27.0


_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Reply | Threaded
Open this post in threaded view
|

[PATCH 7/8] tests: allow running 'make check' with ASAN

Jussi Kivilinna-2
In reply to this post by Jussi Kivilinna-2
* tests/t-secmem.c (main): Skip test if environment variable
GCRYPT_IN_ASAN_TEST is defined.
* tests/t-sexp.c (main): Do not initialize secmem if environment
variable GCRYPT_IN_ASAN_TEST is defined.
--

ASAN and mlock are incompatible, so add GCRYPT_IN_ASAN_TEST
environment variant for skipping tests failing as result.
This allows easier automation of ASAN checks.

Signed-off-by: Jussi Kivilinna <[hidden email]>
---
 tests/t-secmem.c | 8 ++++++++
 tests/t-sexp.c   | 9 ++++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/tests/t-secmem.c b/tests/t-secmem.c
index c4d8c66d..2b769134 100644
--- a/tests/t-secmem.c
+++ b/tests/t-secmem.c
@@ -120,6 +120,14 @@ main (int argc, char **argv)
   long int pgsize_val = -1;
   size_t pgsize;
 
+  if (getenv ("GCRYPT_IN_ASAN_TEST"))
+    {
+      /* 'mlock' is not available when build with address sanitizer,
+       * so skip test. */
+      fputs ("Note: " PGM " skipped because running with ASAN.\n", stdout);
+      return 0;
+    }
+
 #if HAVE_MMAP
 # if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE)
   pgsize_val = sysconf (_SC_PAGESIZE);
diff --git a/tests/t-sexp.c b/tests/t-sexp.c
index 4285ffd8..96d5f97e 100644
--- a/tests/t-sexp.c
+++ b/tests/t-sexp.c
@@ -1312,7 +1312,14 @@ main (int argc, char **argv)
   if (debug)
     xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u, 0));
   xgcry_control ((GCRYCTL_DISABLE_SECMEM_WARN));
-  xgcry_control ((GCRYCTL_INIT_SECMEM, 16384, 0));
+  if (getenv ("GCRYPT_IN_ASAN_TEST"))
+    {
+      fputs ("Note: " PGM " not using secmem as running with ASAN.\n", stdout);
+    }
+  else
+    {
+      xgcry_control ((GCRYCTL_INIT_SECMEM, 16384, 0));
+    }
   if (!gcry_check_version (GCRYPT_VERSION))
     die ("version mismatch");
   /* #include "../src/gcrypt-int.h" indicates that internal interfaces
--
2.27.0


_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Reply | Threaded
Open this post in threaded view
|

[PATCH 8/8] ecc-ecdh: fix memory leak

Jussi Kivilinna-2
In reply to this post by Jussi Kivilinna-2
* cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Free 'ec' at function exit.
--

Signed-off-by: Jussi Kivilinna <[hidden email]>
---
 cipher/ecc-ecdh.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cipher/ecc-ecdh.c b/cipher/ecc-ecdh.c
index 43eb731a..d6b8991a 100644
--- a/cipher/ecc-ecdh.c
+++ b/cipher/ecc-ecdh.c
@@ -122,5 +122,6 @@ _gcry_ecc_mul_point (int curveid, unsigned char *result,
   _gcry_mpi_release (x);
   point_free (&Q);
   _gcry_mpi_release (mpi_k);
+  _gcry_mpi_ec_free (ec);
   return err;
 }
--
2.27.0


_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel