Make sure applications free up pkey structures and add netscape extension

handling to x509.c
This commit is contained in:
Dr. Stephen Henson 1999-01-03 01:08:33 +00:00
parent cdbb8c2f26
commit cfcf645356
7 changed files with 25 additions and 4 deletions

View File

@ -5,6 +5,10 @@
Changes between 0.9.1c and 0.9.2 Changes between 0.9.1c and 0.9.2
*) Fix the various library and apps files to free up pkeys obtained from
EVP_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.
[Steve Henson]
*) Fix reference counting in X509_PUBKEY_get(). This makes *) Fix reference counting in X509_PUBKEY_get(). This makes
demos/maurice/example2.c work, amongst others, probably. demos/maurice/example2.c work, amongst others, probably.
[Steve Henson and Ben Laurie] [Steve Henson and Ben Laurie]

View File

@ -663,7 +663,10 @@ loop:
} }
i=X509_REQ_verify(req,pkey); i=X509_REQ_verify(req,pkey);
if (tmp) pkey=NULL; if (tmp) {
EVP_PKEY_free(pkey);
pkey=NULL;
}
if (i < 0) if (i < 0)
{ {

View File

@ -305,6 +305,7 @@ bad:
} }
ERR_load_crypto_strings(); ERR_load_crypto_strings();
X509v3_add_netscape_extensions();
if (!X509_STORE_set_default_paths(ctx)) if (!X509_STORE_set_default_paths(ctx))
{ {
@ -368,6 +369,7 @@ bad:
goto end; goto end;
} }
i=X509_REQ_verify(req,pkey); i=X509_REQ_verify(req,pkey);
EVP_PKEY_free(pkey);
if (i < 0) if (i < 0)
{ {
BIO_printf(bio_err,"Signature verification error\n"); BIO_printf(bio_err,"Signature verification error\n");
@ -481,6 +483,7 @@ bad:
else else
BIO_printf(STDout,"Wrong Algorithm type"); BIO_printf(STDout,"Wrong Algorithm type");
BIO_printf(STDout,"\n"); BIO_printf(STDout,"\n");
EVP_PKEY_free(pkey);
} }
else else
#endif #endif
@ -688,6 +691,7 @@ end:
if (Upkey != NULL) EVP_PKEY_free(Upkey); if (Upkey != NULL) EVP_PKEY_free(Upkey);
if (CApkey != NULL) EVP_PKEY_free(CApkey); if (CApkey != NULL) EVP_PKEY_free(CApkey);
if (rq != NULL) X509_REQ_free(rq); if (rq != NULL) X509_REQ_free(rq);
X509v3_cleanup_extensions();
EXIT(ret); EXIT(ret);
} }

View File

@ -138,6 +138,8 @@ X509_REQ *x;
#endif #endif
BIO_printf(bp,"%12sUnknown Public Key:\n",""); BIO_printf(bp,"%12sUnknown Public Key:\n","");
EVP_PKEY_free(pkey);
/* may not be */ /* may not be */
sprintf(str,"%8sAttributes:\n",""); sprintf(str,"%8sAttributes:\n","");
if (BIO_puts(bp,str) <= 0) goto err; if (BIO_puts(bp,str) <= 0) goto err;

View File

@ -182,6 +182,8 @@ X509 *x;
#endif #endif
BIO_printf(bp,"%12sUnknown Public Key:\n",""); BIO_printf(bp,"%12sUnknown Public Key:\n","");
EVP_PKEY_free(pkey);
n=X509_get_ext_count(x); n=X509_get_ext_count(x);
if (n > 0) if (n > 0)
{ {

View File

@ -345,11 +345,13 @@ X509_STORE_CTX *ctx;
} }
if (X509_verify(xs,pkey) <= 0) if (X509_verify(xs,pkey) <= 0)
{ {
EVP_PKEY_free(pkey);
ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
ctx->current_cert=xs; ctx->current_cert=xs;
ok=(*cb)(0,ctx); ok=(*cb)(0,ctx);
if (!ok) goto end; if (!ok) goto end;
} }
EVP_PKEY_free(pkey);
pkey=NULL; pkey=NULL;
i=X509_cmp_current_time(X509_get_notBefore(xs)); i=X509_cmp_current_time(X509_get_notBefore(xs));
@ -403,6 +405,7 @@ X509_STORE_CTX *ctx;
} }
ok=1; ok=1;
end: end:
EVP_PKEY_free(pkey);
return(ok); return(ok);
} }
@ -492,6 +495,7 @@ STACK *chain;
break; break;
else else
{ {
EVP_PKEY_free(ktmp);
ktmp=NULL; ktmp=NULL;
} }
} }
@ -506,10 +510,11 @@ STACK *chain;
{ {
ktmp2=X509_get_pubkey((X509 *)sk_value(chain,j)); ktmp2=X509_get_pubkey((X509 *)sk_value(chain,j));
EVP_PKEY_copy_parameters(ktmp2,ktmp); EVP_PKEY_copy_parameters(ktmp2,ktmp);
EVP_PKEY_free(ktmp2);
} }
if (pkey != NULL) if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp);
EVP_PKEY_copy_parameters(pkey,ktmp); EVP_PKEY_free(ktmp);
return(1); return(1);
} }

View File

@ -108,8 +108,9 @@ EVP_PKEY *pkey;
break; break;
} }
if (EVP_PKEY_size(pkey) <= 512) if (EVP_PKEY_size(pk) <= 512)
ret|=EVP_PKT_EXP; ret|=EVP_PKT_EXP;
if(pkey==NULL) EVP_PKEY_free(pk);
return(ret); return(ret);
} }