From: Dr. Stephen Henson Date: Sun, 3 Jan 1999 01:08:33 +0000 (+0000) Subject: Make sure applications free up pkey structures and add netscape extension X-Git-Tag: OpenSSL_0_9_2b~286 X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=cfcf645356b0957e9ec7190e3afb3e4d6c406d5b Make sure applications free up pkey structures and add netscape extension handling to x509.c --- diff --git a/CHANGES b/CHANGES index 8d1294d9f5..7ab80cf249 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,10 @@ Changes between 0.9.1c and 0.9.2 + *) Fix the various library and apps files to free up pkeys obtained from + EVP_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions. + [Steve Henson] + *) Fix reference counting in X509_PUBKEY_get(). This makes demos/maurice/example2.c work, amongst others, probably. [Steve Henson and Ben Laurie] diff --git a/apps/req.c b/apps/req.c index 17f58d07cb..525995dd51 100644 --- a/apps/req.c +++ b/apps/req.c @@ -663,7 +663,10 @@ loop: } i=X509_REQ_verify(req,pkey); - if (tmp) pkey=NULL; + if (tmp) { + EVP_PKEY_free(pkey); + pkey=NULL; + } if (i < 0) { diff --git a/apps/x509.c b/apps/x509.c index 1d7bad111a..71af49f7f5 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -305,6 +305,7 @@ bad: } ERR_load_crypto_strings(); + X509v3_add_netscape_extensions(); if (!X509_STORE_set_default_paths(ctx)) { @@ -368,6 +369,7 @@ bad: goto end; } i=X509_REQ_verify(req,pkey); + EVP_PKEY_free(pkey); if (i < 0) { BIO_printf(bio_err,"Signature verification error\n"); @@ -481,6 +483,7 @@ bad: else BIO_printf(STDout,"Wrong Algorithm type"); BIO_printf(STDout,"\n"); + EVP_PKEY_free(pkey); } else #endif @@ -688,6 +691,7 @@ end: if (Upkey != NULL) EVP_PKEY_free(Upkey); if (CApkey != NULL) EVP_PKEY_free(CApkey); if (rq != NULL) X509_REQ_free(rq); + X509v3_cleanup_extensions(); EXIT(ret); } diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c index 7df749a48f..5caee74c5e 100644 --- a/crypto/asn1/t_req.c +++ b/crypto/asn1/t_req.c @@ -138,6 +138,8 @@ X509_REQ *x; #endif BIO_printf(bp,"%12sUnknown Public Key:\n",""); + EVP_PKEY_free(pkey); + /* may not be */ sprintf(str,"%8sAttributes:\n",""); if (BIO_puts(bp,str) <= 0) goto err; diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index 9a8c8bf0ca..4bf1bd4536 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -182,6 +182,8 @@ X509 *x; #endif BIO_printf(bp,"%12sUnknown Public Key:\n",""); + EVP_PKEY_free(pkey); + n=X509_get_ext_count(x); if (n > 0) { diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index f8c0865743..f5face18df 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -345,11 +345,13 @@ X509_STORE_CTX *ctx; } if (X509_verify(xs,pkey) <= 0) { + EVP_PKEY_free(pkey); ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; ctx->current_cert=xs; ok=(*cb)(0,ctx); if (!ok) goto end; } + EVP_PKEY_free(pkey); pkey=NULL; i=X509_cmp_current_time(X509_get_notBefore(xs)); @@ -403,6 +405,7 @@ X509_STORE_CTX *ctx; } ok=1; end: + EVP_PKEY_free(pkey); return(ok); } @@ -492,6 +495,7 @@ STACK *chain; break; else { + EVP_PKEY_free(ktmp); ktmp=NULL; } } @@ -506,10 +510,11 @@ STACK *chain; { ktmp2=X509_get_pubkey((X509 *)sk_value(chain,j)); EVP_PKEY_copy_parameters(ktmp2,ktmp); + EVP_PKEY_free(ktmp2); } - if (pkey != NULL) - EVP_PKEY_copy_parameters(pkey,ktmp); + if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp); + EVP_PKEY_free(ktmp); return(1); } diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c index 42c23bcfca..5274ded737 100644 --- a/crypto/x509/x509type.c +++ b/crypto/x509/x509type.c @@ -108,8 +108,9 @@ EVP_PKEY *pkey; break; } - if (EVP_PKEY_size(pkey) <= 512) + if (EVP_PKEY_size(pk) <= 512) ret|=EVP_PKT_EXP; + if(pkey==NULL) EVP_PKEY_free(pk); return(ret); }