commit c048493374504313b8717dbec2452fccd7a77994
author Paul Bakker <p.j.bakker@polarssl.org> Thu Jan 03 10:50:31 2013 +0100
committer Paul Bakker <p.j.bakker@polarssl.org> Wed Jan 16 13:16:09 2013 +0100
tree 135884c7a3bb6f188f34dab7516cbefbd2a6dd9f
parent 5aef1e10f93a3381c7e5281ee8c70f793b9f180e

Memory leak when using RSA_PKCS_V21 operations fixed
(cherry picked from commit 40628bad98973fb7270b6822924086c4d27b3b79 and
from commit 02303e8be478dc8836093331bde1341936ce1dc9)

library/rsa.c

diff --git a/library/rsa.c b/library/rsa.c
index b36801e..0ddada2 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -420,9 +420,6 @@
                 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
 
             memset( output, 0, olen );
-            memset( &md_ctx, 0, sizeof( md_context_t ) );
-
-            md_init_ctx( &md_ctx, md_info );
 
             *p++ = 0;
 
@@ -441,6 +438,8 @@
             *p++ = 1;
             memcpy( p, input, ilen ); 
 
+            md_init_ctx( &md_ctx, md_info );
+
             // maskedDB: Apply dbMask to DB
             //
             mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen,  
@@ -450,6 +449,8 @@
             //
             mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1,  
                        &md_ctx );
+
+            md_free_ctx( &md_ctx );
             break;
 #endif
 
@@ -524,7 +525,6 @@
                 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
                 
             hlen = md_get_size( md_info );
-            memset( &md_ctx, 0, sizeof( md_context_t ) );
 
             md_init_ctx( &md_ctx, md_info );
             
@@ -543,6 +543,7 @@
                        &md_ctx );
 
             p += hlen;
+            md_free_ctx( &md_ctx );
 
             // Check validity
             //
@@ -756,9 +757,6 @@
                 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
 
             memset( sig, 0, olen );
-            memset( &md_ctx, 0, sizeof( md_context_t ) );
-
-            md_init_ctx( &md_ctx, md_info );
 
             msb = mpi_msb( &ctx->N ) - 1;
 
@@ -775,6 +773,8 @@
             memcpy( p, salt, slen );
             p += slen;
 
+            md_init_ctx( &md_ctx, md_info );
+
             // Generate H = Hash( M' )
             //
             md_starts( &md_ctx );
@@ -792,6 +792,8 @@
             //
             mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, &md_ctx );
 
+            md_free_ctx( &md_ctx );
+
             msb = mpi_msb( &ctx->N ) - 1;
             sig[0] &= 0xFF >> ( olen * 8 - msb );
 
@@ -962,11 +964,8 @@
             hlen = md_get_size( md_info );
             slen = siglen - hlen - 1;
 
-            memset( &md_ctx, 0, sizeof( md_context_t ) );
             memset( zeros, 0, 8 );
 
-            md_init_ctx( &md_ctx, md_info );
-
             // Note: EMSA-PSS verification is over the length of N - 1 bits
             //
             msb = mpi_msb( &ctx->N ) - 1;
@@ -981,6 +980,8 @@
             if( buf[0] >> ( 8 - siglen * 8 + msb ) )
                 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
 
+            md_init_ctx( &md_ctx, md_info );
+
             mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx );
 
             buf[0] &= 0xFF >> ( siglen * 8 - msb );
@@ -988,11 +989,12 @@
             while( *p == 0 && p < buf + siglen )
                 p++;
 
-            if( p == buf + siglen )
+            if( p == buf + siglen ||
+                *p++ != 0x01 )
+            {
+                md_free_ctx( &md_ctx );
                 return( POLARSSL_ERR_RSA_INVALID_PADDING );
-
-            if( *p++ != 0x01 )
-                return( POLARSSL_ERR_RSA_INVALID_PADDING );
+            }
 
             slen -= p - buf;
 
@@ -1004,6 +1006,8 @@
             md_update( &md_ctx, p, slen );
             md_finish( &md_ctx, result );
 
+            md_free_ctx( &md_ctx );
+
             if( memcmp( p + slen, result, hlen ) == 0 )
                 return( 0 );
             else