Make sure applications free up pkey structures and add netscape extension

handling to x509.c
1999-01-03 01:08:33 +00:00 · 1999-01-03 01:08:33 +00:00 · cfcf645356
commit cfcf645356
parent cdbb8c2f26
7 changed files with 25 additions and 4 deletions
--- a/4
+++ b/4
@ -5,6 +5,10 @@

 Changes between 0.9.1c and 0.9.2

+  *) Fix the various library and apps files to free up pkeys obtained from
+     EVP_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.
+     [Steve Henson]
+
  *) Fix reference counting in X509_PUBKEY_get(). This makes
     demos/maurice/example2.c work, amongst others, probably.
     [Steve Henson and Ben Laurie]
--- a/apps/req.c
+++ b/apps/req.c
@ -663,7 +663,10 @@ loop:
 			}

 		i=X509_REQ_verify(req,pkey);
-		if (tmp) pkey=NULL;
+		if (tmp) {
+			EVP_PKEY_free(pkey);
+			pkey=NULL;
+		}

 		if (i < 0)
 			{
--- a/apps/x509.c
+++ b/apps/x509.c
@ -305,6 +305,7 @@ bad:
 		}

 	ERR_load_crypto_strings();
+	X509v3_add_netscape_extensions();

 	if (!X509_STORE_set_default_paths(ctx))
 		{
@ -368,6 +369,7 @@ bad:
 	                goto end;
 	                }
 		i=X509_REQ_verify(req,pkey);
+		EVP_PKEY_free(pkey);
 		if (i < 0)
 			{
 			BIO_printf(bio_err,"Signature verification error\n");
@ -481,6 +483,7 @@ bad:
 				else
 					BIO_printf(STDout,"Wrong Algorithm type");
 				BIO_printf(STDout,"\n");
+				EVP_PKEY_free(pkey);
 				}
 			else
 #endif
@ -688,6 +691,7 @@ end:
 	if (Upkey != NULL) EVP_PKEY_free(Upkey);
 	if (CApkey != NULL) EVP_PKEY_free(CApkey);
 	if (rq != NULL) X509_REQ_free(rq);
+	X509v3_cleanup_extensions();
 	EXIT(ret);
 	}

--- a/crypto/asn1/t_req.c
+++ b/crypto/asn1/t_req.c
@ -138,6 +138,8 @@ X509_REQ *x;
 #endif
 		BIO_printf(bp,"%12sUnknown Public Key:\n","");

+	EVP_PKEY_free(pkey);
+
 	/* may not be */
 	sprintf(str,"%8sAttributes:\n","");
 	if (BIO_puts(bp,str) <= 0) goto err;
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@ -182,6 +182,8 @@ X509 *x;
 #endif
 		BIO_printf(bp,"%12sUnknown Public Key:\n","");

+	EVP_PKEY_free(pkey);
+
 	n=X509_get_ext_count(x);
 	if (n > 0)
 		{
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@ -345,11 +345,13 @@ X509_STORE_CTX *ctx;
 				}
 			if (X509_verify(xs,pkey) <= 0)
 				{
+				EVP_PKEY_free(pkey);
 				ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
 				ctx->current_cert=xs;
 				ok=(*cb)(0,ctx);
 				if (!ok) goto end;
 				}
+			EVP_PKEY_free(pkey);
 			pkey=NULL;

 			i=X509_cmp_current_time(X509_get_notBefore(xs));
@ -403,6 +405,7 @@ X509_STORE_CTX *ctx;
 		}
 	ok=1;
 end:
+	EVP_PKEY_free(pkey);
 	return(ok);
 	}

@ -492,6 +495,7 @@ STACK *chain;
 			break;
 		else
 			{
+			EVP_PKEY_free(ktmp);
 			ktmp=NULL;
 			}
 		}
@ -506,10 +510,11 @@ STACK *chain;
 		{
 		ktmp2=X509_get_pubkey((X509 *)sk_value(chain,j));
 		EVP_PKEY_copy_parameters(ktmp2,ktmp);
+		EVP_PKEY_free(ktmp2);
 		}
 	
-	if (pkey != NULL)
-		EVP_PKEY_copy_parameters(pkey,ktmp);
+	if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp);
+	EVP_PKEY_free(ktmp);
 	return(1);
 	}

--- a/crypto/x509/x509type.c
+++ b/crypto/x509/x509type.c
@ -108,8 +108,9 @@ EVP_PKEY *pkey;
 		break;
 		}

-	if (EVP_PKEY_size(pkey) <= 512)
+	if (EVP_PKEY_size(pk) <= 512)
 		ret|=EVP_PKT_EXP;
+	if(pkey==NULL) EVP_PKEY_free(pk);
 	return(ret);
 	}