mirror of
https://github.com/systemd/systemd.git
synced 2024-10-31 16:21:26 +03:00
Merge pull request #8100 from keszybz/free-gcrypt-context
Free gcrypt contexts properly
This commit is contained in:
commit
da4ec1411e
@ -42,7 +42,7 @@ void initialize_libgcrypt(bool secmem) {
|
||||
}
|
||||
|
||||
int string_hashsum(const char *s, size_t len, int md_algorithm, char **out) {
|
||||
gcry_md_hd_t md = NULL;
|
||||
_cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
|
||||
size_t hash_size;
|
||||
void *hash;
|
||||
char *enc;
|
||||
|
@ -20,6 +20,8 @@
|
||||
along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
||||
***/
|
||||
|
||||
#pragma once
|
||||
|
||||
#include <errno.h>
|
||||
#include <stdbool.h>
|
||||
#include <stddef.h>
|
||||
@ -27,8 +29,12 @@
|
||||
#if HAVE_GCRYPT
|
||||
#include <gcrypt.h>
|
||||
|
||||
#include "macro.h"
|
||||
|
||||
void initialize_libgcrypt(bool secmem);
|
||||
int string_hashsum(const char *s, size_t len, int md_algorithm, char **out);
|
||||
|
||||
DEFINE_TRIVIAL_CLEANUP_FUNC(gcry_md_hd_t, gcry_md_close);
|
||||
#endif
|
||||
|
||||
static inline int string_hashsum_sha224(const char *s, size_t len, char **out) {
|
||||
|
@ -716,7 +716,7 @@ int dnssec_verify_rrset(
|
||||
uint8_t wire_format_name[DNS_WIRE_FOMAT_HOSTNAME_MAX];
|
||||
DnsResourceRecord **list, *rr;
|
||||
const char *source, *name;
|
||||
gcry_md_hd_t md = NULL;
|
||||
_cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
|
||||
int r, md_algorithm;
|
||||
size_t k, n = 0;
|
||||
size_t sig_size = 0;
|
||||
@ -841,13 +841,13 @@ int dnssec_verify_rrset(
|
||||
|
||||
r = dns_name_to_wire_format(rrsig->rrsig.signer, wire_format_name, sizeof(wire_format_name), true);
|
||||
if (r < 0)
|
||||
goto finish;
|
||||
return r;
|
||||
fwrite(wire_format_name, 1, r, f);
|
||||
|
||||
/* Convert the source of synthesis into wire format */
|
||||
r = dns_name_to_wire_format(source, wire_format_name, sizeof(wire_format_name), true);
|
||||
if (r < 0)
|
||||
goto finish;
|
||||
return r;
|
||||
|
||||
for (k = 0; k < n; k++) {
|
||||
size_t l;
|
||||
@ -885,26 +885,20 @@ int dnssec_verify_rrset(
|
||||
#endif
|
||||
case DNSSEC_ALGORITHM_ED448:
|
||||
*result = DNSSEC_UNSUPPORTED_ALGORITHM;
|
||||
r = 0;
|
||||
goto finish;
|
||||
return 0;
|
||||
default:
|
||||
/* OK, the RRs are now in canonical order. Let's calculate the digest */
|
||||
md_algorithm = algorithm_to_gcrypt_md(rrsig->rrsig.algorithm);
|
||||
if (md_algorithm == -EOPNOTSUPP) {
|
||||
*result = DNSSEC_UNSUPPORTED_ALGORITHM;
|
||||
r = 0;
|
||||
goto finish;
|
||||
}
|
||||
if (md_algorithm < 0) {
|
||||
r = md_algorithm;
|
||||
goto finish;
|
||||
return 0;
|
||||
}
|
||||
if (md_algorithm < 0)
|
||||
return md_algorithm;
|
||||
|
||||
gcry_md_open(&md, md_algorithm, 0);
|
||||
if (!md) {
|
||||
r = -EIO;
|
||||
goto finish;
|
||||
}
|
||||
if (!md)
|
||||
return -EIO;
|
||||
|
||||
hash_size = gcry_md_get_algo_dlen(md_algorithm);
|
||||
assert(hash_size > 0);
|
||||
@ -912,10 +906,8 @@ int dnssec_verify_rrset(
|
||||
gcry_md_write(md, sig_data, sig_size);
|
||||
|
||||
hash = gcry_md_read(md, 0);
|
||||
if (!hash) {
|
||||
r = -EIO;
|
||||
goto finish;
|
||||
}
|
||||
if (!hash)
|
||||
return -EIO;
|
||||
}
|
||||
|
||||
switch (rrsig->rrsig.algorithm) {
|
||||
@ -950,9 +942,8 @@ int dnssec_verify_rrset(
|
||||
break;
|
||||
#endif
|
||||
}
|
||||
|
||||
if (r < 0)
|
||||
goto finish;
|
||||
return r;
|
||||
|
||||
/* Now, fix the ttl, expiry, and remember the synthesizing source and the signer */
|
||||
if (r > 0)
|
||||
@ -965,13 +956,7 @@ int dnssec_verify_rrset(
|
||||
else
|
||||
*result = DNSSEC_VALIDATED;
|
||||
|
||||
r = 0;
|
||||
|
||||
finish:
|
||||
if (md)
|
||||
gcry_md_close(md);
|
||||
|
||||
return r;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int dnssec_rrsig_match_dnskey(DnsResourceRecord *rrsig, DnsResourceRecord *dnskey, bool revoked_ok) {
|
||||
@ -1182,7 +1167,7 @@ static int digest_to_gcrypt_md(uint8_t algorithm) {
|
||||
|
||||
int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds, bool mask_revoke) {
|
||||
char owner_name[DNSSEC_CANONICAL_HOSTNAME_MAX];
|
||||
gcry_md_hd_t md = NULL;
|
||||
_cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
|
||||
size_t hash_size;
|
||||
int md_algorithm, r;
|
||||
void *result;
|
||||
@ -1238,16 +1223,10 @@ int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds,
|
||||
gcry_md_write(md, dnskey->dnskey.key, dnskey->dnskey.key_size);
|
||||
|
||||
result = gcry_md_read(md, 0);
|
||||
if (!result) {
|
||||
r = -EIO;
|
||||
goto finish;
|
||||
}
|
||||
if (!result)
|
||||
return -EIO;
|
||||
|
||||
r = memcmp(result, ds->ds.digest, ds->ds.digest_size) != 0;
|
||||
|
||||
finish:
|
||||
gcry_md_close(md);
|
||||
return r;
|
||||
return memcmp(result, ds->ds.digest, ds->ds.digest_size) != 0;
|
||||
}
|
||||
|
||||
int dnssec_verify_dnskey_by_ds_search(DnsResourceRecord *dnskey, DnsAnswer *validated_ds) {
|
||||
|
@ -643,6 +643,11 @@ tests += [
|
||||
[],
|
||||
[]],
|
||||
|
||||
[['src/test/test-gcrypt-util.c'],
|
||||
[],
|
||||
[],
|
||||
'HAVE_GCRYPT'],
|
||||
|
||||
[['src/test/test-nss.c'],
|
||||
[],
|
||||
[libdl],
|
||||
|
34
src/test/test-gcrypt-util.c
Normal file
34
src/test/test-gcrypt-util.c
Normal file
@ -0,0 +1,34 @@
|
||||
/* SPDX-License-Identifier: LGPL-2.1+
|
||||
* Copyright 2018 Zbigniew Jędrzejewski-Szmek
|
||||
*/
|
||||
|
||||
#include "alloc-util.h"
|
||||
#include "gcrypt-util.h"
|
||||
#include "macro.h"
|
||||
#include "string-util.h"
|
||||
|
||||
static void test_string_hashsum(void) {
|
||||
_cleanup_free_ char *out1 = NULL, *out2 = NULL, *out3 = NULL, *out4 = NULL;
|
||||
|
||||
assert_se(string_hashsum("asdf", 4, GCRY_MD_SHA224, &out1) == 0);
|
||||
/* echo -n 'asdf' | sha224sum - */
|
||||
assert_se(streq(out1, "7872a74bcbf298a1e77d507cd95d4f8d96131cbbd4cdfc571e776c8a"));
|
||||
|
||||
assert_se(string_hashsum("asdf", 4, GCRY_MD_SHA256, &out2) == 0);
|
||||
/* echo -n 'asdf' | sha256sum - */
|
||||
assert_se(streq(out2, "f0e4c2f76c58916ec258f246851bea091d14d4247a2fc3e18694461b1816e13b"));
|
||||
|
||||
assert_se(string_hashsum("", 0, GCRY_MD_SHA224, &out3) == 0);
|
||||
/* echo -n '' | sha224sum - */
|
||||
assert_se(streq(out3, "d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f"));
|
||||
|
||||
assert_se(string_hashsum("", 0, GCRY_MD_SHA256, &out4) == 0);
|
||||
/* echo -n '' | sha256sum - */
|
||||
assert_se(streq(out4, "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"));
|
||||
}
|
||||
|
||||
int main(int argc, char **argv) {
|
||||
test_string_hashsum();
|
||||
|
||||
return 0;
|
||||
}
|
Loading…
Reference in New Issue
Block a user