-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Memory leak if ecdsa_sign/ecdsa_verify fail with an error #19
Comments
We will check this out and fix accordingly. Thanks for noticing. |
Can you elaborate? All MPIs initialized in the sign and verify functions are cleared as well. Are you referring to the MPIs in the group? You should free the group yourself outside of the sign and verify functions. |
For example, ecdsa_verify declares (from https://github.com/polarssl/polarssl/blob/polarssl-1.3/library/ecdsa.c) Line 118: mpi e, s_inv, u1, u2; These variables are freed at line 171,172 in the success case, but not if R is zero @ line 161 or if the signature fails @ line 167. |
Correct.. Fixed in cca998a |
Includes PRs Mbed-TLS#6, Mbed-TLS#18, Mbed-TLS#19.
…_allocate_key Don't require a type and size when creating a key slot
The sign&verify functions will not free up some mpi's if they fail.
I used the alpha 1.3.1 that was released a couple of months ago.
The text was updated successfully, but these errors were encountered: