X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5c19dc3ae3bd8e40a9c028b0deddd50ff337692c..07691282a056c4efea71e1e505527601e8cc166b:/OSX/libsecurity_transform/lib/EncryptTransform.cpp?ds=inline diff --git a/OSX/libsecurity_transform/lib/EncryptTransform.cpp b/OSX/libsecurity_transform/lib/EncryptTransform.cpp index 8c732c0c..fd2963da 100644 --- a/OSX/libsecurity_transform/lib/EncryptTransform.cpp +++ b/OSX/libsecurity_transform/lib/EncryptTransform.cpp @@ -28,7 +28,7 @@ #include "Utilities.h" #include "SecDigestTransform.h" #include "Digest.h" -#include +#include #include #include "SecMaskGenerationFunctionTransform.h" @@ -94,12 +94,12 @@ EncryptDecryptBase::~EncryptDecryptBase() { if (NULL != m_processedData) { - CFRelease(m_processedData); + CFReleaseNull(m_processedData); m_processedData = NULL; } if (NULL != m_accumulator) { - CFRelease(m_accumulator); + CFReleaseNull(m_accumulator); m_accumulator = NULL; } } @@ -139,7 +139,7 @@ CFErrorRef EncryptDecryptBase::SerializedTransformStartingExecution() { CFStringRef result = SecCopyErrorMessageString(err, NULL); CFErrorRef retValue = CreateSecTransformErrorRef(err, "CDSA error (%@).", result); - CFRelease(result); + CFReleaseNull(result); return retValue; } @@ -149,7 +149,7 @@ CFErrorRef EncryptDecryptBase::SerializedTransformStartingExecution() { CFStringRef result = SecCopyErrorMessageString(err, NULL); CFErrorRef retValue = CreateSecTransformErrorRef(err, "CDSA error (%@).", result); - CFRelease(result); + CFReleaseNull(result); return retValue; } @@ -220,6 +220,9 @@ CFErrorRef EncryptDecryptBase::SerializedTransformStartingExecution() if (isSymmetrical) { + // Clang thinks we're leaking initVect.data. + // While it's difficult to analyze whether that ends up being true or not, this is not code we love enough to refactor +#ifndef __clang_analyzer__ CSSM_DATA initVector; if (hasIVData) { @@ -241,9 +244,10 @@ CFErrorRef EncryptDecryptBase::SerializedTransformStartingExecution() { CFStringRef result = SecCopyErrorMessageString(crtn, NULL); CFErrorRef retValue = CreateSecTransformErrorRef(kSecTransformErrorNotInitializedCorrectly, "CDSA error (%@).", result); - CFRelease(result); + CFReleaseNull(result); return retValue; } +#endif } else { @@ -254,7 +258,7 @@ CFErrorRef EncryptDecryptBase::SerializedTransformStartingExecution() { CFStringRef result = SecCopyErrorMessageString(crtn, NULL); CFErrorRef retValue = CreateSecTransformErrorRef(kSecTransformErrorNotInitializedCorrectly, "CDSA error (%@).", result); - CFRelease(result); + CFReleaseNull(result); return retValue; } } @@ -266,7 +270,7 @@ CFErrorRef EncryptDecryptBase::SerializedTransformStartingExecution() { CFStringRef result = SecCopyErrorMessageString(crtn, NULL); CFErrorRef retValue = CreateSecTransformErrorRef(kSecTransformErrorNotInitializedCorrectly, "CDSA encrypt/decrypt init error (%@).", result); - CFRelease(result); + CFReleaseNull(result); return retValue; } @@ -314,10 +318,10 @@ void EncryptDecryptBase::SendCSSMError(CSSM_RETURN retCode) // make a CFErrorRef for the error message CFStringRef errorString = SecCopyErrorMessageString(retCode, NULL); CFErrorRef errorRef = CreateGenericErrorRef(kCFErrorDomainOSStatus, retCode, "%@", errorString); - CFRelease(errorString); + CFReleaseNull(errorString); SendAttribute(kSecTransformOutputAttributeName, errorRef); - CFRelease(errorRef); + CFReleaseNull(errorRef); } void xor_bytes(UInt8 *dst, const UInt8 *src1, const UInt8 *src2, CFIndex length); @@ -515,7 +519,7 @@ CFDataRef EncryptDecryptBase::apply_oaep_padding(CFDataRef dataValue) if (status != errSecSuccess) { CFStringRef errorString = SecCopyErrorMessageString(status, NULL); error = CreateSecTransformErrorRef(kSecTransformErrorInvalidOperation, "CDSA error (%@).", errorString); - CFRelease(errorString); + CFReleaseNull(errorString); SetAttributeNoCallback(kSecTransformOutputAttributeName, error); (void)transforms_assume_zero(EM); return EM; @@ -562,7 +566,7 @@ CFDataRef EncryptDecryptBase::apply_oaep_padding(CFDataRef dataValue) if (status != errSecSuccess) { CFStringRef errorString = SecCopyErrorMessageString(status, NULL); error = CreateSecTransformErrorRef(kSecTransformErrorInvalidOperation, "CDSA error (%@).", errorString); - CFRelease(errorString); + CFReleaseNull(errorString); goto out; } (void)transforms_assume(RSA_size.SizeInputBlock <= RSA_size.SizeOutputBlock); @@ -627,22 +631,16 @@ CFDataRef EncryptDecryptBase::apply_oaep_padding(CFDataRef dataValue) seed = (CFDataRef)this->GetAttribute(CFSTR("FixedSeedForOAEPTesting")); raw_seed = NULL; if (seed) { - raw_seed = (UInt8*)CFDataGetBytePtr(seed); (void)transforms_assume(hLen == CFDataGetLength(seed)); CFRetain(seed); } else { - raw_seed = (UInt8*)malloc(hLen); - if (!raw_seed) { - error = GetNoMemoryErrorAndRetain(); - goto out; - } - SecRandomCopyBytes(kSecRandomDefault, hLen, raw_seed); - seed = CFDataCreateWithBytesNoCopy(NULL, raw_seed, hLen, kCFAllocatorMalloc); + seed = SecRandomCopyData(kSecRandomDefault, hLen); if (!seed) { - free(raw_seed); error = GetNoMemoryErrorAndRetain(); + goto out; } } + raw_seed = (UInt8*)CFDataGetBytePtr(seed); // (7) Let dbMask = MGF (seed, emLen − hLen). mgf_dbMask = transforms_assume(SecCreateMaskGenerationFunctionTransform(hashAlgo, desired_message_length - hLen, &error)); @@ -755,7 +753,7 @@ void EncryptDecryptBase::AttributeChanged(SecTransformAttributeRef ah, CFTypeRef { CFStringRef realType = CFCopyTypeIDDescription(valueType); CFErrorRef error = CreateSecTransformErrorRef(kSecTransformErrorNotInitializedCorrectly, "Value is not a CFDataRef -- this one is a %@", realType); - CFRelease(realType); + CFReleaseNull(realType); SetAttributeNoCallback(kSecTransformOutputAttributeName, error); return; } @@ -880,7 +878,7 @@ void EncryptDecryptBase::AttributeChanged(SecTransformAttributeRef ah, CFTypeRef if (NULL != m_processedData) { SendAttribute(kSecTransformOutputAttributeName, m_processedData); - CFRelease(m_processedData); + CFReleaseNull(m_processedData); m_processedData = NULL; } @@ -889,7 +887,7 @@ void EncryptDecryptBase::AttributeChanged(SecTransformAttributeRef ah, CFTypeRef if (m_oaep_padding && m_forEncryption == false) { CFTypeRef unpadded = remove_oaep_padding(m_accumulator); SendAttribute(kSecTransformOutputAttributeName, unpadded); - CFRelease(unpadded); + CFReleaseNull(unpadded); } SendAttribute(kSecTransformOutputAttributeName, NULL); }