Browse Source

Merge changes from topic "certtool-memleak" into integration

* changes:
  Use preallocated parts of the HASH struct
  Free arguments copied with strdup
  Free keys after use
  Free X509_EXTENSIONs
pull/1940/head
Sandrine Bailleux 4 years ago
committed by TrustedFirmware Code Review
parent
commit
dfa04b3dce
  1. 37
      tools/cert_create/src/ext.c
  2. 39
      tools/cert_create/src/main.c

37
tools/cert_create/src/ext.c

@ -158,51 +158,36 @@ X509_EXTENSION *ext_new_hash(int nid, int crit, const EVP_MD *md,
unsigned char *buf, size_t len)
{
X509_EXTENSION *ex;
ASN1_OCTET_STRING *octet;
HASH *hash;
ASN1_OBJECT *algorithm;
X509_ALGOR *x509_algor;
unsigned char *p = NULL;
int sz;
/* HASH structure containing algorithm + hash */
hash = HASH_new();
if (hash == NULL) {
return NULL;
}
/* OBJECT_IDENTIFIER with hash algorithm */
algorithm = OBJ_nid2obj(EVP_MD_type(md));
if (algorithm == NULL) {
HASH_free(hash);
return NULL;
}
/* Create X509_ALGOR */
x509_algor = X509_ALGOR_new();
if (x509_algor == NULL) {
return NULL;
}
x509_algor->algorithm = algorithm;
x509_algor->parameter = ASN1_TYPE_new();
ASN1_TYPE_set(x509_algor->parameter, V_ASN1_NULL, NULL);
hash->hashAlgorithm->algorithm = algorithm;
hash->hashAlgorithm->parameter = ASN1_TYPE_new();
ASN1_TYPE_set(hash->hashAlgorithm->parameter, V_ASN1_NULL, NULL);
/* OCTET_STRING with the actual hash */
octet = ASN1_OCTET_STRING_new();
if (octet == NULL) {
X509_ALGOR_free(x509_algor);
return NULL;
}
ASN1_OCTET_STRING_set(octet, buf, len);
/* HASH structure containing algorithm + hash */
hash = HASH_new();
if (hash == NULL) {
ASN1_OCTET_STRING_free(octet);
X509_ALGOR_free(x509_algor);
return NULL;
}
hash->hashAlgorithm = x509_algor;
hash->dataHash = octet;
ASN1_OCTET_STRING_set(hash->dataHash, buf, len);
/* DER encoded HASH */
sz = i2d_HASH(hash, &p);
if ((sz <= 0) || (p == NULL)) {
HASH_free(hash);
X509_ALGOR_free(x509_algor);
return NULL;
}

39
tools/cert_create/src/main.c

@ -539,6 +539,11 @@ int main(int argc, char *argv[])
exit(1);
}
for (cert_ext = sk_X509_EXTENSION_pop(sk); cert_ext != NULL;
cert_ext = sk_X509_EXTENSION_pop(sk)) {
X509_EXTENSION_free(cert_ext);
}
sk_X509_EXTENSION_free(sk);
}
@ -576,10 +581,44 @@ int main(int argc, char *argv[])
}
}
/* If we got here, then we must have filled the key array completely.
* We can then safely call free on all of the keys in the array
*/
for (i = 0; i < num_keys; i++) {
EVP_PKEY_free(keys[i].key);
}
#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
#endif
CRYPTO_cleanup_all_ex_data();
/* We allocated strings through strdup, so now we have to free them */
for (i = 0; i < num_keys; i++) {
if (keys[i].fn != NULL) {
void *ptr = keys[i].fn;
keys[i].fn = NULL;
free(ptr);
}
}
for (i = 0; i < num_extensions; i++) {
if (extensions[i].arg != NULL) {
void *ptr = (void *)extensions[i].arg;
extensions[i].arg = NULL;
free(ptr);
}
}
for (i = 0; i < num_certs; i++) {
if (certs[i].fn != NULL) {
void *ptr = (void *)certs[i].fn;
certs[i].fn = NULL;
free(ptr);
}
}
return 0;
}

Loading…
Cancel
Save