mirror of
https://github.com/openssl/openssl.git
synced 2024-11-27 05:21:51 +08:00
Add debugging info to new ASN1 code to trace memory leaks.
Fix PKCS7 and PKCS12 memory leaks. Initialise encapsulated content type properly.
This commit is contained in:
Dr. Stephen Henson
parent
9ae9c221de
commit
a43cf9fae9
13
CHANGES
13
CHANGES
@ -2,7 +2,18 @@
|
||||
_______________
|
||||
|
||||
Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
|
||||
|
||||
|
||||
*) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT
|
||||
to data. This was previously part of the PKCS7 ASN1 code. This
|
||||
was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures.
|
||||
[Steve Henson, reported by Kenneth R. Robinette
|
||||
<support@securenetterm.com>]
|
||||
|
||||
*) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1
|
||||
routines: without these tracing memory leaks is very painful.
|
||||
Fix leaks in PKCS12 and PKCS7 routines.
|
||||
[Steve Henson]
|
||||
|
||||
*) Fix for Irix with NO_ASM.
|
||||
["Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
|
||||
|
||||
|
||||
@ -128,7 +128,7 @@ my %table=(
|
||||
"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
||||
"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
||||
"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
||||
"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
||||
"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
||||
"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"dist", "cc:-O::(unknown):::::",
|
||||
|
||||
@ -96,6 +96,10 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int
|
||||
|
||||
if(!combine) *pval = NULL;
|
||||
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
if(it->sname) CRYPTO_push_info(it->sname);
|
||||
#endif
|
||||
|
||||
switch(it->itype) {
|
||||
|
||||
case ASN1_ITYPE_EXTERN:
|
||||
@ -166,15 +170,24 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int
|
||||
goto auxerr;
|
||||
break;
|
||||
}
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
if(it->sname) CRYPTO_pop_info();
|
||||
#endif
|
||||
return 1;
|
||||
|
||||
memerr:
|
||||
ASN1err(ASN1_F_ASN1_ITEM_NEW, ERR_R_MALLOC_FAILURE);
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
if(it->sname) CRYPTO_pop_info();
|
||||
#endif
|
||||
return 0;
|
||||
|
||||
auxerr:
|
||||
ASN1err(ASN1_F_ASN1_ITEM_NEW, ASN1_R_AUX_ERROR);
|
||||
ASN1_item_ex_free(pval, it);
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
if(it->sname) CRYPTO_pop_info();
|
||||
#endif
|
||||
return 0;
|
||||
|
||||
}
|
||||
@ -216,6 +229,7 @@ static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
|
||||
int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
|
||||
{
|
||||
const ASN1_ITEM *it = tt->item;
|
||||
int ret;
|
||||
if(tt->flags & ASN1_TFLG_OPTIONAL) {
|
||||
asn1_template_clear(pval, tt);
|
||||
return 1;
|
||||
@ -226,19 +240,29 @@ int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
|
||||
*pval = NULL;
|
||||
return 1;
|
||||
}
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
if(tt->field_name) CRYPTO_push_info(tt->field_name);
|
||||
#endif
|
||||
/* If SET OF or SEQUENCE OF, its a STACK */
|
||||
if(tt->flags & ASN1_TFLG_SK_MASK) {
|
||||
STACK_OF(ASN1_VALUE) *skval;
|
||||
skval = sk_ASN1_VALUE_new_null();
|
||||
if(!skval) {
|
||||
ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
ret = 0;
|
||||
goto done;
|
||||
}
|
||||
*pval = (ASN1_VALUE *)skval;
|
||||
return 1;
|
||||
ret = 1;
|
||||
goto done;
|
||||
}
|
||||
/* Otherwise pass it back to the item routine */
|
||||
return asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE);
|
||||
ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE);
|
||||
done:
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
if(it->sname) CRYPTO_pop_info();
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
|
||||
void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
|
||||
|
||||
@ -69,15 +69,7 @@ PKCS12 *PKCS12_init (int mode)
|
||||
PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
|
||||
return NULL;
|
||||
}
|
||||
if (!(pkcs12->version = M_ASN1_INTEGER_new ())) {
|
||||
PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
|
||||
return NULL;
|
||||
}
|
||||
ASN1_INTEGER_set(pkcs12->version, 3);
|
||||
if (!(pkcs12->authsafes = PKCS7_new())) {
|
||||
PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
|
||||
return NULL;
|
||||
}
|
||||
pkcs12->authsafes->type = OBJ_nid2obj(mode);
|
||||
switch (mode) {
|
||||
case NID_pkcs7_data:
|
||||
|
||||
@ -136,12 +136,22 @@ ASN1_SEQUENCE(PKCS7_ENVELOPE) = {
|
||||
|
||||
IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
|
||||
|
||||
ASN1_SEQUENCE(PKCS7_RECIP_INFO) = {
|
||||
/* Minor tweak to operation: free up X509 */
|
||||
static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
|
||||
{
|
||||
if(operation == ASN1_OP_FREE_POST) {
|
||||
PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval;
|
||||
X509_free(ri->cert);
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = {
|
||||
ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER),
|
||||
ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
|
||||
ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR),
|
||||
ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING)
|
||||
} ASN1_SEQUENCE_END(PKCS7_RECIP_INFO);
|
||||
} ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO);
|
||||
|
||||
IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
|
||||
|
||||
|
||||
@ -169,18 +169,24 @@ int PKCS7_set_type(PKCS7 *p7, int type)
|
||||
if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
|
||||
== NULL) goto err;
|
||||
ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
|
||||
p7->d.signed_and_enveloped->enc_data->content_type
|
||||
= OBJ_nid2obj(NID_pkcs7_data);
|
||||
break;
|
||||
case NID_pkcs7_enveloped:
|
||||
p7->type=obj;
|
||||
if ((p7->d.enveloped=PKCS7_ENVELOPE_new())
|
||||
== NULL) goto err;
|
||||
ASN1_INTEGER_set(p7->d.enveloped->version,0);
|
||||
p7->d.enveloped->enc_data->content_type
|
||||
= OBJ_nid2obj(NID_pkcs7_data);
|
||||
break;
|
||||
case NID_pkcs7_encrypted:
|
||||
p7->type=obj;
|
||||
if ((p7->d.encrypted=PKCS7_ENCRYPT_new())
|
||||
== NULL) goto err;
|
||||
ASN1_INTEGER_set(p7->d.encrypted->version,0);
|
||||
p7->d.encrypted->enc_data->content_type
|
||||
= OBJ_nid2obj(NID_pkcs7_data);
|
||||
break;
|
||||
|
||||
case NID_pkcs7_digest:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user