projects
/
openssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
cdbb8c2
)
Make sure applications free up pkey structures and add netscape extension
author
Dr. Stephen Henson
<steve@openssl.org>
Sun, 3 Jan 1999 01:08:33 +0000
(
01:08
+0000)
committer
Dr. Stephen Henson
<steve@openssl.org>
Sun, 3 Jan 1999 01:08:33 +0000
(
01:08
+0000)
handling to x509.c
CHANGES
patch
|
blob
|
history
apps/req.c
patch
|
blob
|
history
apps/x509.c
patch
|
blob
|
history
crypto/asn1/t_req.c
patch
|
blob
|
history
crypto/asn1/t_x509.c
patch
|
blob
|
history
crypto/x509/x509_vfy.c
patch
|
blob
|
history
crypto/x509/x509type.c
patch
|
blob
|
history
diff --git
a/CHANGES
b/CHANGES
index 8d1294d9f5dffa4024b100640f5a35e1ea5ee06e..7ab80cf2494dda3c7394643870e774b1c1c47a81 100644
(file)
--- a/
CHANGES
+++ b/
CHANGES
@@
-5,6
+5,10
@@
Changes between 0.9.1c and 0.9.2
Changes between 0.9.1c and 0.9.2
+ *) Fix the various library and apps files to free up pkeys obtained from
+ EVP_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.
+ [Steve Henson]
+
*) Fix reference counting in X509_PUBKEY_get(). This makes
demos/maurice/example2.c work, amongst others, probably.
[Steve Henson and Ben Laurie]
*) Fix reference counting in X509_PUBKEY_get(). This makes
demos/maurice/example2.c work, amongst others, probably.
[Steve Henson and Ben Laurie]
diff --git
a/apps/req.c
b/apps/req.c
index 17f58d07cb825bf82f284e16c81193880e9ae5d9..525995dd51a3e44ce298339844aee4e6ff0f3bad 100644
(file)
--- a/
apps/req.c
+++ b/
apps/req.c
@@
-663,7
+663,10
@@
loop:
}
i=X509_REQ_verify(req,pkey);
}
i=X509_REQ_verify(req,pkey);
- if (tmp) pkey=NULL;
+ if (tmp) {
+ EVP_PKEY_free(pkey);
+ pkey=NULL;
+ }
if (i < 0)
{
if (i < 0)
{
diff --git
a/apps/x509.c
b/apps/x509.c
index 1d7bad111a8fcce99073e133bde05c632f252612..71af49f7f53eee7a87f6415a181668af517e327a 100644
(file)
--- a/
apps/x509.c
+++ b/
apps/x509.c
@@
-305,6
+305,7
@@
bad:
}
ERR_load_crypto_strings();
}
ERR_load_crypto_strings();
+ X509v3_add_netscape_extensions();
if (!X509_STORE_set_default_paths(ctx))
{
if (!X509_STORE_set_default_paths(ctx))
{
@@
-368,6
+369,7
@@
bad:
goto end;
}
i=X509_REQ_verify(req,pkey);
goto end;
}
i=X509_REQ_verify(req,pkey);
+ EVP_PKEY_free(pkey);
if (i < 0)
{
BIO_printf(bio_err,"Signature verification error\n");
if (i < 0)
{
BIO_printf(bio_err,"Signature verification error\n");
@@
-481,6
+483,7
@@
bad:
else
BIO_printf(STDout,"Wrong Algorithm type");
BIO_printf(STDout,"\n");
else
BIO_printf(STDout,"Wrong Algorithm type");
BIO_printf(STDout,"\n");
+ EVP_PKEY_free(pkey);
}
else
#endif
}
else
#endif
@@
-688,6
+691,7
@@
end:
if (Upkey != NULL) EVP_PKEY_free(Upkey);
if (CApkey != NULL) EVP_PKEY_free(CApkey);
if (rq != NULL) X509_REQ_free(rq);
if (Upkey != NULL) EVP_PKEY_free(Upkey);
if (CApkey != NULL) EVP_PKEY_free(CApkey);
if (rq != NULL) X509_REQ_free(rq);
+ X509v3_cleanup_extensions();
EXIT(ret);
}
EXIT(ret);
}
diff --git
a/crypto/asn1/t_req.c
b/crypto/asn1/t_req.c
index 7df749a48fdf5e3e6d970940ebcff61de306f261..5caee74c5e503e40ccc7e41bc8bd25105a1cca9e 100644
(file)
--- a/
crypto/asn1/t_req.c
+++ b/
crypto/asn1/t_req.c
@@
-138,6
+138,8
@@
X509_REQ *x;
#endif
BIO_printf(bp,"%12sUnknown Public Key:\n","");
#endif
BIO_printf(bp,"%12sUnknown Public Key:\n","");
+ EVP_PKEY_free(pkey);
+
/* may not be */
sprintf(str,"%8sAttributes:\n","");
if (BIO_puts(bp,str) <= 0) goto err;
/* may not be */
sprintf(str,"%8sAttributes:\n","");
if (BIO_puts(bp,str) <= 0) goto err;
diff --git
a/crypto/asn1/t_x509.c
b/crypto/asn1/t_x509.c
index 9a8c8bf0ca7354c35d1c717226dfd2c038c964b5..4bf1bd4536a37c6a0b2a67daaeebf8f36d3be82a 100644
(file)
--- a/
crypto/asn1/t_x509.c
+++ b/
crypto/asn1/t_x509.c
@@
-182,6
+182,8
@@
X509 *x;
#endif
BIO_printf(bp,"%12sUnknown Public Key:\n","");
#endif
BIO_printf(bp,"%12sUnknown Public Key:\n","");
+ EVP_PKEY_free(pkey);
+
n=X509_get_ext_count(x);
if (n > 0)
{
n=X509_get_ext_count(x);
if (n > 0)
{
diff --git
a/crypto/x509/x509_vfy.c
b/crypto/x509/x509_vfy.c
index f8c0865743de87edf2bcd28fdbbdcc85b79e5a59..f5face18df575631fb7352654acd170b7265ed38 100644
(file)
--- a/
crypto/x509/x509_vfy.c
+++ b/
crypto/x509/x509_vfy.c
@@
-345,11
+345,13
@@
X509_STORE_CTX *ctx;
}
if (X509_verify(xs,pkey) <= 0)
{
}
if (X509_verify(xs,pkey) <= 0)
{
+ EVP_PKEY_free(pkey);
ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
ctx->current_cert=xs;
ok=(*cb)(0,ctx);
if (!ok) goto end;
}
ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
ctx->current_cert=xs;
ok=(*cb)(0,ctx);
if (!ok) goto end;
}
+ EVP_PKEY_free(pkey);
pkey=NULL;
i=X509_cmp_current_time(X509_get_notBefore(xs));
pkey=NULL;
i=X509_cmp_current_time(X509_get_notBefore(xs));
@@
-403,6
+405,7
@@
X509_STORE_CTX *ctx;
}
ok=1;
end:
}
ok=1;
end:
+ EVP_PKEY_free(pkey);
return(ok);
}
return(ok);
}
@@
-492,6
+495,7
@@
STACK *chain;
break;
else
{
break;
else
{
+ EVP_PKEY_free(ktmp);
ktmp=NULL;
}
}
ktmp=NULL;
}
}
@@
-506,10
+510,11
@@
STACK *chain;
{
ktmp2=X509_get_pubkey((X509 *)sk_value(chain,j));
EVP_PKEY_copy_parameters(ktmp2,ktmp);
{
ktmp2=X509_get_pubkey((X509 *)sk_value(chain,j));
EVP_PKEY_copy_parameters(ktmp2,ktmp);
+ EVP_PKEY_free(ktmp2);
}
}
- if (pkey != NULL)
-
EVP_PKEY_copy_parameters(pkey,
ktmp);
+ if (pkey != NULL)
EVP_PKEY_copy_parameters(pkey,ktmp);
+
EVP_PKEY_free(
ktmp);
return(1);
}
return(1);
}
diff --git
a/crypto/x509/x509type.c
b/crypto/x509/x509type.c
index 42c23bcfca0bc0d989ad09524325c6f94e5b79ec..5274ded737dac6cee86f1f741364f8a85d7f669a 100644
(file)
--- a/
crypto/x509/x509type.c
+++ b/
crypto/x509/x509type.c
@@
-108,8
+108,9
@@
EVP_PKEY *pkey;
break;
}
break;
}
- if (EVP_PKEY_size(pk
ey
) <= 512)
+ if (EVP_PKEY_size(pk) <= 512)
ret|=EVP_PKT_EXP;
ret|=EVP_PKT_EXP;
+ if(pkey==NULL) EVP_PKEY_free(pk);
return(ret);
}
return(ret);
}