X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fed25519%2Fecdsa.c;h=1ba01cfac86d68dd8146024a3da1214684bd2d23;hb=021293e0d03de8d29b22104a8f9bef625b135640;hp=f0ce2c162709d732ca58a1bf1d50356e87787572;hpb=28b7a53b693f6b4e70218a926e68a36ece54cda1;p=tinc

diff --git a/src/ed25519/ecdsa.c b/src/ed25519/ecdsa.c
index f0ce2c16..1ba01cfa 100644
--- a/src/ed25519/ecdsa.c
+++ b/src/ed25519/ecdsa.c
@@ -32,6 +32,11 @@ typedef struct {
 #include "../utils.h"
 #include "../xalloc.h"
 
+static ecdsa_t *ecdsa_new(void) ATTR_MALLOC ATTR_DEALLOCATOR(ecdsa_free);
+static ecdsa_t *ecdsa_new(void) {
+	return xzalloc(sizeof(ecdsa_t));
+}
+
 // Get and set ECDSA keys
 //
 ecdsa_t *ecdsa_set_base64_public_key(const char *p) {
@@ -42,12 +47,12 @@ ecdsa_t *ecdsa_set_base64_public_key(const char *p) {
 		return 0;
 	}
 
-	ecdsa_t *ecdsa = xzalloc(sizeof(*ecdsa));
+	ecdsa_t *ecdsa = ecdsa_new();
 	len = b64decode_tinc(p, ecdsa->public, len);
 
 	if(len != 32) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Invalid format of public key! len = %lu", (unsigned long)len);
-		free(ecdsa);
+		ecdsa_free(ecdsa);
 		return 0;
 	}
 
@@ -64,6 +69,7 @@ char *ecdsa_get_base64_public_key(ecdsa_t *ecdsa) {
 // Read PEM ECDSA keys
 
 static bool read_pem(FILE *fp, const char *type, void *vbuf, size_t size) {
+	const size_t buflen = size;
 	char line[1024];
 	bool data = false;
 	size_t typelen = strlen(type);
@@ -90,16 +96,10 @@ static bool read_pem(FILE *fp, const char *type, void *vbuf, size_t size) {
 		size_t linelen = strcspn(line, "\r\n");
 		size_t len = b64decode_tinc(line, line, linelen);
 
-		if(!len) {
-			logger(DEBUG_ALWAYS, LOG_ERR, "Invalid base64 data in PEM file\n");
-			errno = EINVAL;
-			return false;
-		}
-
-		if(len > size) {
-			logger(DEBUG_ALWAYS, LOG_ERR, "Too much base64 data in PEM file\n");
+		if(!len || len > size) {
+			logger(DEBUG_ALWAYS, LOG_ERR, "%s base64 data in PEM file\n", len ? "Too much" : "Invalid");
 			errno = EINVAL;
-			return false;
+			goto exit;
 		}
 
 		memcpy(buf, line, len);
@@ -114,7 +114,13 @@ static bool read_pem(FILE *fp, const char *type, void *vbuf, size_t size) {
 		} else {
 			errno = ENOENT;
 		}
+	}
 
+exit:
+	memzero(line, sizeof(line));
+
+	if(size) {
+		memzero(vbuf, buflen);
 		return false;
 	}
 
@@ -122,25 +128,25 @@ static bool read_pem(FILE *fp, const char *type, void *vbuf, size_t size) {
 }
 
 ecdsa_t *ecdsa_read_pem_public_key(FILE *fp) {
-	ecdsa_t *ecdsa = xzalloc(sizeof(*ecdsa));
+	ecdsa_t *ecdsa = ecdsa_new();
 
 	if(read_pem(fp, "ED25519 PUBLIC KEY", ecdsa->public, sizeof(ecdsa->public))) {
 		return ecdsa;
 	}
 
-	free(ecdsa);
-	return 0;
+	ecdsa_free(ecdsa);
+	return NULL;
 }
 
 ecdsa_t *ecdsa_read_pem_private_key(FILE *fp) {
-	ecdsa_t *ecdsa = xmalloc(sizeof(*ecdsa));
+	ecdsa_t *ecdsa = ecdsa_new();
 
 	if(read_pem(fp, "ED25519 PRIVATE KEY", ecdsa->private, sizeof(*ecdsa))) {
 		return ecdsa;
 	}
 
-	free(ecdsa);
-	return 0;
+	ecdsa_free(ecdsa);
+	return NULL;
 }
 
 size_t ecdsa_size(ecdsa_t *ecdsa) {
@@ -164,5 +170,5 @@ bool ecdsa_active(ecdsa_t *ecdsa) {
 }
 
 void ecdsa_free(ecdsa_t *ecdsa) {
-	free(ecdsa);
+	xzfree(ecdsa, sizeof(ecdsa_t));
 }