crypto: Add ssh_crypto_free().

The intention is that this releases memory allocated by the crypto library, for functions like bignum_bn2hex() and bignum_bn2dec(). Consequently, ssh_gcry_bn2dec and ssh_mbedcry_bn2num should use gcry_malloc() and mbedtls_calloc() respectively to allocate memory since it will/should be released by ssh_crypto_free() so that the internal APIs are consistent between crypto libraries. Signed-off-by: Simon Josefsson <simon@josefsson.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2025-12-24 19:37:48 +03:00 · 2023-08-23 09:16:34 +02:00
parent 06fbf5c159
commit 504faca67a
6 changed files with 15 additions and 9 deletions
--- a/include/libssh/libcrypto.h
+++ b/include/libssh/libcrypto.h
@@ -59,8 +59,15 @@ typedef void *EVPCTX;
 #define EVP_DIGEST_LEN EVP_MAX_MD_SIZE
 #endif

+/* Use ssh_crypto_free() to release memory allocated by bignum_bn2dec(),
+   bignum_bn2hex() and other functions that use crypto-library functions that
+   are documented to allocate memory that needs to be de-allocate with
+   OPENSSL_free. */
+#define ssh_crypto_free(x) OPENSSL_free(x)
+
 #include <openssl/bn.h>
 #include <openssl/opensslv.h>
+
 typedef BIGNUM*  bignum;
 typedef const BIGNUM* const_bignum;
 typedef BN_CTX* bignum_CTX;
--- a/include/libssh/libgcrypt.h
+++ b/include/libssh/libgcrypt.h
@@ -49,6 +49,8 @@ typedef gcry_md_hd_t EVPCTX;

 #define EVP_DIGEST_LEN EVP_MAX_MD_SIZE

+#define ssh_crypto_free(x) gcry_free(x)
+
 typedef gcry_mpi_t bignum;
 typedef const struct gcry_mpi *const_bignum;
 typedef void* bignum_CTX;
--- a/include/libssh/libmbedcrypto.h
+++ b/include/libssh/libmbedcrypto.h
@@ -34,6 +34,7 @@
 #include <mbedtls/cipher.h>
 #include <mbedtls/entropy.h>
 #include <mbedtls/ctr_drbg.h>
+#include <mbedtls/platform.h>

 typedef mbedtls_md_context_t *SHACTX;
 typedef mbedtls_md_context_t *SHA256CTX;
@@ -59,6 +60,8 @@ typedef mbedtls_md_context_t *EVPCTX;

 #define EVP_DIGEST_LEN EVP_MAX_MD_SIZE

+#define ssh_crypto_free(x) mbedtls_free(x)
+
 typedef mbedtls_mpi *bignum;
 typedef const mbedtls_mpi *const_bignum;
 typedef void* bignum_CTX;
--- a/src/bignum.c
+++ b/src/bignum.c
@@ -88,11 +88,5 @@ void ssh_print_bignum(const char *name, const_bignum num)
    }
    SSH_LOG(SSH_LOG_DEBUG, "%s value: %s", name,
            (hex == NULL) ? "(null)" : (char *)hex);
-#ifdef HAVE_LIBGCRYPT
-    SAFE_FREE(hex);
-#elif defined HAVE_LIBCRYPTO
-    OPENSSL_free(hex);
-#elif defined HAVE_LIBMBEDCRYPTO
-    SAFE_FREE(hex);
-#endif
+    ssh_crypto_free(hex);
 }
--- a/src/gcrypt_missing.c
+++ b/src/gcrypt_missing.c
@@ -55,7 +55,7 @@ char *ssh_gcry_bn2dec(bignum bn) {
  size = gcry_mpi_get_nbits(bn) * 3;
  rsize = size / 10 + size / 1000 + 2;

-  ret = malloc(rsize + 1);
+  ret = gcry_malloc(rsize + 1);
  if (ret == NULL) {
    return NULL;
  }
--- a/src/mbedcrypto_missing.c
+++ b/src/mbedcrypto_missing.c
@@ -56,7 +56,7 @@ char *ssh_mbedcry_bn2num(const_bignum num, int radix)
        return NULL;
    }

-    buf = malloc(olen);
+    buf = mbedtls_calloc(1, olen);
    if (buf == NULL) {
        return NULL;
    }