diff options
author | Jimmy Brisson <jimmy.brisson@arm.com> | 2020-07-27 13:22:42 -0500 |
---|---|---|
committer | Manish Pandey <manish.pandey2@arm.com> | 2020-10-20 20:17:41 +0000 |
commit | bcad20308fbaad350ad0486d7cb36ae23b44a18b (patch) | |
tree | 73dcde8e59fef400b5178aa7ea288bc20d34d1e9 /tools/cert_create | |
parent | 4a34d18f35b76f1df282b1a077ad749d13c1d19d (diff) | |
download | arm-trusted-firmware-bcad20308fbaad350ad0486d7cb36ae23b44a18b.tar.gz |
Use preallocated parts of the HASH struct
When OpenSSL's macro allocates the HASH struct, it allocates the fields
as well. After this allocation, the prior code would assign over the
pointers inside the HASH struct, leaking these fields. This patch
avoids allocating extra copies of these members.
Change-Id: I50a38b0a04b52ec54d6388db0f694feb578d2818
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Diffstat (limited to 'tools/cert_create')
-rw-r--r-- | tools/cert_create/src/ext.c | 37 |
1 files changed, 11 insertions, 26 deletions
diff --git a/tools/cert_create/src/ext.c b/tools/cert_create/src/ext.c index d9a92bb10..65dd3e583 100644 --- a/tools/cert_create/src/ext.c +++ b/tools/cert_create/src/ext.c @@ -158,51 +158,36 @@ X509_EXTENSION *ext_new_hash(int nid, int crit, const EVP_MD *md, unsigned char *buf, size_t len) { X509_EXTENSION *ex; - ASN1_OCTET_STRING *octet; HASH *hash; ASN1_OBJECT *algorithm; - X509_ALGOR *x509_algor; unsigned char *p = NULL; int sz; + /* HASH structure containing algorithm + hash */ + hash = HASH_new(); + if (hash == NULL) { + return NULL; + } + /* OBJECT_IDENTIFIER with hash algorithm */ algorithm = OBJ_nid2obj(EVP_MD_type(md)); if (algorithm == NULL) { + HASH_free(hash); return NULL; } /* Create X509_ALGOR */ - x509_algor = X509_ALGOR_new(); - if (x509_algor == NULL) { - return NULL; - } - x509_algor->algorithm = algorithm; - x509_algor->parameter = ASN1_TYPE_new(); - ASN1_TYPE_set(x509_algor->parameter, V_ASN1_NULL, NULL); + hash->hashAlgorithm->algorithm = algorithm; + hash->hashAlgorithm->parameter = ASN1_TYPE_new(); + ASN1_TYPE_set(hash->hashAlgorithm->parameter, V_ASN1_NULL, NULL); /* OCTET_STRING with the actual hash */ - octet = ASN1_OCTET_STRING_new(); - if (octet == NULL) { - X509_ALGOR_free(x509_algor); - return NULL; - } - ASN1_OCTET_STRING_set(octet, buf, len); - - /* HASH structure containing algorithm + hash */ - hash = HASH_new(); - if (hash == NULL) { - ASN1_OCTET_STRING_free(octet); - X509_ALGOR_free(x509_algor); - return NULL; - } - hash->hashAlgorithm = x509_algor; - hash->dataHash = octet; + ASN1_OCTET_STRING_set(hash->dataHash, buf, len); /* DER encoded HASH */ sz = i2d_HASH(hash, &p); if ((sz <= 0) || (p == NULL)) { HASH_free(hash); - X509_ALGOR_free(x509_algor); return NULL; } |