Add debugging info to new ASN1 code to trace memory leaks.

Fix PKCS7 and PKCS12 memory leaks.

Initialise encapsulated content type properly.

diff --git a/CHANGES b/CHANGES
index 9ee6fc0161f484a7534bf4a2ac328a5938383a47..52409a97d4c2bdf0f7593606e5a48b7e56bc72db 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,18 @@
  _______________
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
- 
+
+  *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT
+     to data. This was previously part of the PKCS7 ASN1 code. This
+     was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures.
+     [Steve Henson, reported by Kenneth R. Robinette
+                               <support@securenetterm.com>]
+
+  *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1
+     routines: without these tracing memory leaks is very painful.
+     Fix leaks in PKCS12 and PKCS7 routines.
+     [Steve Henson]
+
   *) Fix for Irix with NO_ASM.
      ["Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
 

diff --git a/Configure b/Configure
index 8a111cc22a7a85540a606a9a36fbdd2ba4248e93..a2b26d943c218e1cdcc1e9ee8013c00b41840270 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -128,7 +128,7 @@ my %table=(
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-bodo",  "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-ulf",   "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "dist",                "cc:-O::(unknown):::::",

diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c
index d6f115592823a22fdb38cd0d1b04741f3d2058f0..da0cb266e4abca777fe8c3aae528fec068890d81 100644 (file)
--- a/crypto/asn1/tasn_new.c
+++ b/crypto/asn1/tasn_new.c
@@ -96,6 +96,10 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int
 
        if(!combine) *pval = NULL;
 
+#ifdef CRYPTO_MDEBUG
+       if(it->sname) CRYPTO_push_info(it->sname);
+#endif
+
        switch(it->itype) {
 
                case ASN1_ITYPE_EXTERN:
@@ -166,15 +170,24 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int
                                goto auxerr;
                break;
        }
+#ifdef CRYPTO_MDEBUG
+       if(it->sname) CRYPTO_pop_info();
+#endif
        return 1;
 
        memerr:
        ASN1err(ASN1_F_ASN1_ITEM_NEW, ERR_R_MALLOC_FAILURE);
+#ifdef CRYPTO_MDEBUG
+       if(it->sname) CRYPTO_pop_info();
+#endif
        return 0;
 
        auxerr:
        ASN1err(ASN1_F_ASN1_ITEM_NEW, ASN1_R_AUX_ERROR);
        ASN1_item_ex_free(pval, it);
+#ifdef CRYPTO_MDEBUG
+       if(it->sname) CRYPTO_pop_info();
+#endif
        return 0;
 
 }
@@ -216,6 +229,7 @@ static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
 int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
 {
        const ASN1_ITEM *it = tt->item;
+       int ret;
        if(tt->flags & ASN1_TFLG_OPTIONAL) {
                asn1_template_clear(pval, tt);
                return 1;
@@ -226,19 +240,29 @@ int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
                *pval = NULL;
                return 1;
        }
+#ifdef CRYPTO_MDEBUG
+       if(tt->field_name) CRYPTO_push_info(tt->field_name);
+#endif
        /* If SET OF or SEQUENCE OF, its a STACK */
        if(tt->flags & ASN1_TFLG_SK_MASK) {
                STACK_OF(ASN1_VALUE) *skval;
                skval = sk_ASN1_VALUE_new_null();
                if(!skval) {
                        ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE);
-                       return 0;
+                       ret = 0;
+                       goto done;
                }
                *pval = (ASN1_VALUE *)skval;
-               return 1;
+               ret = 1;
+               goto done;
        }
        /* Otherwise pass it back to the item routine */
-       return asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE);
+       ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE);
+       done:
+#ifdef CRYPTO_MDEBUG
+       if(it->sname) CRYPTO_pop_info();
+#endif
+       return ret;
 }
 
 void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)

diff --git a/crypto/pkcs12/p12_init.c b/crypto/pkcs12/p12_init.c
index d5d4884c82018d264bf38c4e6bddd4b107bd2320..eb837a78cf7d1519bff74e5e0a7afe620c556666 100644 (file)
--- a/crypto/pkcs12/p12_init.c
+++ b/crypto/pkcs12/p12_init.c
@@ -69,15 +69,7 @@ PKCS12 *PKCS12_init (int mode)
                PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
                return NULL;
        }
-       if (!(pkcs12->version = M_ASN1_INTEGER_new ())) {
-               PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
-               return NULL;
-       }
        ASN1_INTEGER_set(pkcs12->version, 3);
-       if (!(pkcs12->authsafes = PKCS7_new())) {
-               PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
-               return NULL;
-       }
        pkcs12->authsafes->type = OBJ_nid2obj(mode);
        switch (mode) {
                case NID_pkcs7_data:

diff --git a/crypto/pkcs7/pk7_asn1.c b/crypto/pkcs7/pk7_asn1.c
index 9c5eda2b36ddd5c67964966291c909413d87399d..34561dfc5149b2ce6e6aba895d3b9091cfe9883f 100644 (file)
--- a/crypto/pkcs7/pk7_asn1.c
+++ b/crypto/pkcs7/pk7_asn1.c
@@ -136,12 +136,22 @@ ASN1_SEQUENCE(PKCS7_ENVELOPE) = {
 
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
 
-ASN1_SEQUENCE(PKCS7_RECIP_INFO) = {
+/* Minor tweak to operation: free up X509 */
+static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+       if(operation == ASN1_OP_FREE_POST) {
+               PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval;
+               X509_free(ri->cert);
+       }
+       return 1;
+}
+
+ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = {
        ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER),
        ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
        ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR),
        ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(PKCS7_RECIP_INFO);
+} ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO);
 
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
 

diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index 656f0e9dfa169c74bbf148d62d8d61785a2b7dc4..f7b5da1f14bbba75677ab775094d1256179f0e69 100644 (file)
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -169,18 +169,24 @@ int PKCS7_set_type(PKCS7 *p7, int type)
                if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
                        == NULL) goto err;
                ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
+               p7->d.signed_and_enveloped->enc_data->content_type
+                                               = OBJ_nid2obj(NID_pkcs7_data);
                break;
        case NID_pkcs7_enveloped:
                p7->type=obj;
                if ((p7->d.enveloped=PKCS7_ENVELOPE_new())
                        == NULL) goto err;
                ASN1_INTEGER_set(p7->d.enveloped->version,0);
+               p7->d.enveloped->enc_data->content_type
+                                               = OBJ_nid2obj(NID_pkcs7_data);
                break;
        case NID_pkcs7_encrypted:
                p7->type=obj;
                if ((p7->d.encrypted=PKCS7_ENCRYPT_new())
                        == NULL) goto err;
                ASN1_INTEGER_set(p7->d.encrypted->version,0);
+               p7->d.encrypted->enc_data->content_type
+                                               = OBJ_nid2obj(NID_pkcs7_data);
                break;
 
        case NID_pkcs7_digest: