crypto: Add ssh_crypto_free().

The intention is that this releases memory allocated by the crypto library, for functions like bignum_bn2hex() and bignum_bn2dec(). Consequently, ssh_gcry_bn2dec and ssh_mbedcry_bn2num should use gcry_malloc() and mbedtls_calloc() respectively to allocate memory since it will/should be released by ssh_crypto_free() so that the internal APIs are consistent between crypto libraries. Signed-off-by: Simon Josefsson <[email protected]> Reviewed-by: Jakub Jelen <[email protected]>
ClibMouse · Aug 25, 2023 · 504faca · 504faca
1 parent 06fbf5c
commit 504faca
Show file tree

Hide file tree

Showing 6 changed files with 15 additions and 9 deletions.
diff --git a/include/libssh/libcrypto.h b/include/libssh/libcrypto.h
@@ -59,8 +59,15 @@ typedef void *EVPCTX;
 #define EVP_DIGEST_LEN EVP_MAX_MD_SIZE
 #endif
 
+/* Use ssh_crypto_free() to release memory allocated by bignum_bn2dec(),
+   bignum_bn2hex() and other functions that use crypto-library functions that
+   are documented to allocate memory that needs to be de-allocate with
+   OPENSSL_free. */
+#define ssh_crypto_free(x) OPENSSL_free(x)
+
 #include <openssl/bn.h>
 #include <openssl/opensslv.h>
+
 typedef BIGNUM*  bignum;
 typedef const BIGNUM* const_bignum;
 typedef BN_CTX* bignum_CTX;

diff --git a/include/libssh/libgcrypt.h b/include/libssh/libgcrypt.h
@@ -49,6 +49,8 @@ typedef gcry_md_hd_t EVPCTX;
 
 #define EVP_DIGEST_LEN EVP_MAX_MD_SIZE
 
+#define ssh_crypto_free(x) gcry_free(x)
+
 typedef gcry_mpi_t bignum;
 typedef const struct gcry_mpi *const_bignum;
 typedef void* bignum_CTX;

diff --git a/include/libssh/libmbedcrypto.h b/include/libssh/libmbedcrypto.h
@@ -34,6 +34,7 @@
 #include <mbedtls/cipher.h>
 #include <mbedtls/entropy.h>
 #include <mbedtls/ctr_drbg.h>
+#include <mbedtls/platform.h>
 
 typedef mbedtls_md_context_t *SHACTX;
 typedef mbedtls_md_context_t *SHA256CTX;
@@ -59,6 +60,8 @@ typedef mbedtls_md_context_t *EVPCTX;
 
 #define EVP_DIGEST_LEN EVP_MAX_MD_SIZE
 
+#define ssh_crypto_free(x) mbedtls_free(x)
+
 typedef mbedtls_mpi *bignum;
 typedef const mbedtls_mpi *const_bignum;
 typedef void* bignum_CTX;

diff --git a/src/bignum.c b/src/bignum.c
@@ -88,11 +88,5 @@ void ssh_print_bignum(const char *name, const_bignum num)
     }
     SSH_LOG(SSH_LOG_DEBUG, "%s value: %s", name,
             (hex == NULL) ? "(null)" : (char *)hex);
-#ifdef HAVE_LIBGCRYPT
-    SAFE_FREE(hex);
-#elif defined HAVE_LIBCRYPTO
-    OPENSSL_free(hex);
-#elif defined HAVE_LIBMBEDCRYPTO
-    SAFE_FREE(hex);
-#endif
+    ssh_crypto_free(hex);
 }
diff --git a/src/gcrypt_missing.c b/src/gcrypt_missing.c
@@ -55,7 +55,7 @@ char *ssh_gcry_bn2dec(bignum bn) {
   size = gcry_mpi_get_nbits(bn) * 3;
   rsize = size / 10 + size / 1000 + 2;
 
-  ret = malloc(rsize + 1);
+  ret = gcry_malloc(rsize + 1);
   if (ret == NULL) {
     return NULL;
   }

diff --git a/src/mbedcrypto_missing.c b/src/mbedcrypto_missing.c
@@ -56,7 +56,7 @@ char *ssh_mbedcry_bn2num(const_bignum num, int radix)
         return NULL;
     }
 
-    buf = malloc(olen);
+    buf = mbedtls_calloc(1, olen);
     if (buf == NULL) {
         return NULL;
     }