Re: [PATCH] crypto: fix a memory leak in rsa-kcs1pad's encryption mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 9/17/18 1:28 PM, Dan Aloni wrote:
> On Mon, Sep 17, 2018 at 12:52:44PM -0700, Tadeusz Struk wrote:
>> On 9/17/18 10:24 AM, Dan Aloni wrote:
>>> The encryption mode of pkcs1pad never uses out_sg and out_buf, so
>>> there's no need to allocate the buffer, which presently is not even
>>> being freed.
>>
>> It is used and freed in pkcs1pad_decrypt_complete().
> 
> True, but how is pkcs1pad_decrypt_complete() reachable from the
> encryption path of the code? Or, is there a hidden API assumption that
> the alg.decrypt callback will be called for every alg.encrypt call?  It
> does not seem right. Same question for pkcs1pad_verify_complete(), which
> is the only other free path for this field.

This is only used in the decrypt operation. The pkcs1pad_decrypt()
sets the callback pkcs1pad_decrypt_complete_cb(), and calls
crypto_akcipher_decrypt().
If the implementation is synchronous it returns SUCCESS
and the pkcs1pad_decrypt_complete() is called directly.
If the implementation is asynchronous it returns -EINPROGRESS and
after the job is done the callback is called and the
pkcs1pad_decrypt_complete() is called from the callback.
The same pattern applies to verify.
-- 
Tadeusz



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux