emacs-diffs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Emacs-diffs] scratch/tzz/nettle 0b2bf12: WIP: GnuTLS tests: use make_un


From: Teodor Zlatanov
Subject: [Emacs-diffs] scratch/tzz/nettle 0b2bf12: WIP: GnuTLS tests: use make_uninit_string(); wipe temp storage when possible
Date: Tue, 11 Apr 2017 22:58:21 -0400 (EDT)

branch: scratch/tzz/nettle
commit 0b2bf12df3d652156709acb5d6ee67e508bc9ca9
Author: Ted Zlatanov <address@hidden>
Commit: Ted Zlatanov <address@hidden>

    WIP: GnuTLS tests: use make_uninit_string(); wipe temp storage when possible
---
 src/gnutls.c | 37 +++++++++++++++----------------------
 1 file changed, 15 insertions(+), 22 deletions(-)

diff --git a/src/gnutls.c b/src/gnutls.c
index 7380ce2..80a0c1f 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -1824,6 +1824,7 @@ gnutls_symmetric_aead (bool encrypting, 
gnutls_cipher_algorithm_t gca,
     }
 
   output = make_unibyte_string (storage, storage_length);
+  memset(storage, 0, storage_length);
   xfree (storage);
 
   gnutls_aead_cipher_deinit (acipher);
@@ -1934,24 +1935,24 @@ gnutls_symmetric (bool encrypting, Lisp_Object cipher,
   // GnuTLS docs: "For the supported ciphers the encrypted data length
   // will equal the plaintext size."
   size_t storage_length = SCHARS (input);
-  void *storage = xzalloc (storage_length);
+  Lisp_Object storage = make_uninit_string (storage_length);
 
   if (encrypting)
     {
       ret = gnutls_cipher_encrypt2 (hcipher,
                                     SSDATA (input), SCHARS (input),
-                                    storage, storage_length);
+                                    SDATA (storage), storage_length);
     }
   else
     {
       ret = gnutls_cipher_decrypt2 (hcipher,
                                     SSDATA (input), SCHARS (input),
-                                    storage, storage_length);
+                                    SDATA (storage), storage_length);
     }
 
   if (ret < GNUTLS_E_SUCCESS)
     {
-      xfree (storage);
+      memset(SDATA (storage), 0, storage_length);
       gnutls_cipher_deinit (hcipher);
       const char* str = gnutls_strerror (ret);
       if (!str)
@@ -1961,11 +1962,9 @@ gnutls_symmetric (bool encrypting, Lisp_Object cipher,
       return Qnil;
     }
 
-  output = make_unibyte_string (storage, storage_length);
-  xfree (storage);
   gnutls_cipher_deinit (hcipher);
 
-  return output;
+  return storage;
 }
 
 DEFUN ("gnutls-symmetric-encrypt", Fgnutls_symmetric_encrypt, 
Sgnutls_symmetric_encrypt, 4, 5, 0,
@@ -2137,15 +2136,14 @@ with the `:mac-algorithm-id' numeric property, or the 
number itself. */)
     }
 
   size_t digest_length = gnutls_hmac_get_len (gma);
-  void *digest = xzalloc (digest_length);
+  Lisp_Object digest = make_uninit_string (digest_length);
 
   ret = gnutls_hmac (hmac, SSDATA (input), SCHARS (input));
 
   if (ret < GNUTLS_E_SUCCESS)
     {
-      gnutls_hmac_deinit (hmac, digest);
+      gnutls_hmac_deinit (hmac, NULL);
 
-      xfree (digest);
       const char* str = gnutls_strerror (ret);
       if (!str)
         str = "unknown";
@@ -2154,11 +2152,9 @@ with the `:mac-algorithm-id' numeric property, or the 
number itself. */)
       return Qnil;
     }
 
-  gnutls_hmac_output (hmac, digest);
-  output = make_unibyte_string (digest, digest_length);
-  gnutls_hmac_deinit (hmac, digest);
+  gnutls_hmac_output (hmac, SDATA (digest));
+  gnutls_hmac_deinit (hmac, NULL);
 
-  xfree (digest);
   return output;
 }
 
@@ -2222,15 +2218,14 @@ itself. */)
     }
 
   size_t digest_length = gnutls_hash_get_len (gda);
-  void *digest = xzalloc (digest_length);
+  Lisp_Object digest = make_uninit_string (digest_length);
 
   ret = gnutls_hash (hash, SSDATA (input), SCHARS (input));
 
   if (ret < GNUTLS_E_SUCCESS)
     {
-      gnutls_hash_deinit (hash, digest);
+      gnutls_hash_deinit (hash, NULL);
 
-      xfree (digest);
       const char* str = gnutls_strerror (ret);
       if (!str)
         str = "unknown";
@@ -2238,12 +2233,10 @@ itself. */)
       return Qnil;
     }
 
-  gnutls_hash_output (hash, digest);
-  output = make_unibyte_string (digest, digest_length);
-  gnutls_hash_deinit (hash, digest);
+  gnutls_hash_output (hash, SDATA (digest));
+  gnutls_hash_deinit (hash, NULL);
 
-  xfree (digest);
-  return output;
+  return digest;
 }
 
 #endif



reply via email to

[Prev in Thread] Current Thread [Next in Thread]