diff options
author | Sandrine Bailleux <sandrine.bailleux@arm.com> | 2021-01-15 14:44:47 +0000 |
---|---|---|
committer | TrustedFirmware Code Review <review@review.trustedfirmware.org> | 2021-01-15 14:44:47 +0000 |
commit | dfa04b3dce01ba322c212fa6e820db2b8c4f08c9 (patch) | |
tree | 233dc59269a9c89cdeb579285d3202ec2ef73b32 /tools/cert_create | |
parent | 57d6f839260eb5516e9a9f67e4c8bada09721b23 (diff) | |
parent | bcad20308fbaad350ad0486d7cb36ae23b44a18b (diff) | |
download | arm-trusted-firmware-dfa04b3dce01ba322c212fa6e820db2b8c4f08c9.tar.gz |
Merge changes from topic "certtool-memleak" into integration
* changes:
Use preallocated parts of the HASH struct
Free arguments copied with strdup
Free keys after use
Free X509_EXTENSIONs
Diffstat (limited to 'tools/cert_create')
-rw-r--r-- | tools/cert_create/src/ext.c | 37 | ||||
-rw-r--r-- | tools/cert_create/src/main.c | 39 |
2 files changed, 50 insertions, 26 deletions
diff --git a/tools/cert_create/src/ext.c b/tools/cert_create/src/ext.c index d9a92bb10..65dd3e583 100644 --- a/tools/cert_create/src/ext.c +++ b/tools/cert_create/src/ext.c @@ -158,51 +158,36 @@ X509_EXTENSION *ext_new_hash(int nid, int crit, const EVP_MD *md, unsigned char *buf, size_t len) { X509_EXTENSION *ex; - ASN1_OCTET_STRING *octet; HASH *hash; ASN1_OBJECT *algorithm; - X509_ALGOR *x509_algor; unsigned char *p = NULL; int sz; + /* HASH structure containing algorithm + hash */ + hash = HASH_new(); + if (hash == NULL) { + return NULL; + } + /* OBJECT_IDENTIFIER with hash algorithm */ algorithm = OBJ_nid2obj(EVP_MD_type(md)); if (algorithm == NULL) { + HASH_free(hash); return NULL; } /* Create X509_ALGOR */ - x509_algor = X509_ALGOR_new(); - if (x509_algor == NULL) { - return NULL; - } - x509_algor->algorithm = algorithm; - x509_algor->parameter = ASN1_TYPE_new(); - ASN1_TYPE_set(x509_algor->parameter, V_ASN1_NULL, NULL); + hash->hashAlgorithm->algorithm = algorithm; + hash->hashAlgorithm->parameter = ASN1_TYPE_new(); + ASN1_TYPE_set(hash->hashAlgorithm->parameter, V_ASN1_NULL, NULL); /* OCTET_STRING with the actual hash */ - octet = ASN1_OCTET_STRING_new(); - if (octet == NULL) { - X509_ALGOR_free(x509_algor); - return NULL; - } - ASN1_OCTET_STRING_set(octet, buf, len); - - /* HASH structure containing algorithm + hash */ - hash = HASH_new(); - if (hash == NULL) { - ASN1_OCTET_STRING_free(octet); - X509_ALGOR_free(x509_algor); - return NULL; - } - hash->hashAlgorithm = x509_algor; - hash->dataHash = octet; + ASN1_OCTET_STRING_set(hash->dataHash, buf, len); /* DER encoded HASH */ sz = i2d_HASH(hash, &p); if ((sz <= 0) || (p == NULL)) { HASH_free(hash); - X509_ALGOR_free(x509_algor); return NULL; } diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c index 2ba110132..d5abe4917 100644 --- a/tools/cert_create/src/main.c +++ b/tools/cert_create/src/main.c @@ -539,6 +539,11 @@ int main(int argc, char *argv[]) exit(1); } + for (cert_ext = sk_X509_EXTENSION_pop(sk); cert_ext != NULL; + cert_ext = sk_X509_EXTENSION_pop(sk)) { + X509_EXTENSION_free(cert_ext); + } + sk_X509_EXTENSION_free(sk); } @@ -576,10 +581,44 @@ int main(int argc, char *argv[]) } } + /* If we got here, then we must have filled the key array completely. + * We can then safely call free on all of the keys in the array + */ + for (i = 0; i < num_keys; i++) { + EVP_PKEY_free(keys[i].key); + } + #ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); #endif CRYPTO_cleanup_all_ex_data(); + + /* We allocated strings through strdup, so now we have to free them */ + for (i = 0; i < num_keys; i++) { + if (keys[i].fn != NULL) { + void *ptr = keys[i].fn; + + keys[i].fn = NULL; + free(ptr); + } + } + for (i = 0; i < num_extensions; i++) { + if (extensions[i].arg != NULL) { + void *ptr = (void *)extensions[i].arg; + + extensions[i].arg = NULL; + free(ptr); + } + } + for (i = 0; i < num_certs; i++) { + if (certs[i].fn != NULL) { + void *ptr = (void *)certs[i].fn; + + certs[i].fn = NULL; + free(ptr); + } + } + return 0; } |