提交 a8236c8c 编写于 作者: D Dr. Stephen Henson

Fix various memory leaks in SSL, apps and DSA

上级 1750ebcb
...@@ -5,9 +5,15 @@ ...@@ -5,9 +5,15 @@
Changes between 0.9.1c and 0.9.2 Changes between 0.9.1c and 0.9.2
*) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory
leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes
in apps/ and an unrellated leak in crypto/dsa/dsa_vrf.c
[Steve Henson]
*) Support for RAW extensions where an arbitrary extension can be *) Support for RAW extensions where an arbitrary extension can be
created by including its DER encoding. See apps/openssl.cnf for created by including its DER encoding. See apps/openssl.cnf for
an example. an example.
[Steve Henson]
*) Make sure latest Perl versions don't interpret some generated C array *) Make sure latest Perl versions don't interpret some generated C array
code as Perl array code in the crypto/err/err_genc.pl script. code as Perl array code in the crypto/err/err_genc.pl script.
......
...@@ -156,9 +156,13 @@ char *key_file; ...@@ -156,9 +156,13 @@ char *key_file;
ssl=SSL_new(ctx); ssl=SSL_new(ctx);
x509=SSL_get_certificate(ssl); x509=SSL_get_certificate(ssl);
if (x509 != NULL) if (x509 != NULL) {
EVP_PKEY_copy_parameters(X509_get_pubkey(x509), EVP_PKEY *pktmp;
pktmp = X509_get_pubkey(x509);
EVP_PKEY_copy_parameters(pktmp,
SSL_get_privatekey(ssl)); SSL_get_privatekey(ssl));
EVP_PKEY_free(pktmp);
}
SSL_free(ssl); SSL_free(ssl);
*/ */
......
...@@ -743,9 +743,13 @@ int full; ...@@ -743,9 +743,13 @@ int full;
BIO_printf(bio,"%s, Cipher is %s\n", BIO_printf(bio,"%s, Cipher is %s\n",
SSL_CIPHER_get_version(c), SSL_CIPHER_get_version(c),
SSL_CIPHER_get_name(c)); SSL_CIPHER_get_name(c));
if (peer != NULL) if (peer != NULL) {
EVP_PKEY *pktmp;
pktmp = X509_get_pubkey(peer);
BIO_printf(bio,"Server public key is %d bit\n", BIO_printf(bio,"Server public key is %d bit\n",
EVP_PKEY_bits(X509_get_pubkey(peer))); EVP_PKEY_bits(pktmp));
EVP_PKEY_free(pktmp);
}
SSL_SESSION_print(bio,SSL_get_session(s)); SSL_SESSION_print(bio,SSL_get_session(s));
BIO_printf(bio,"---\n"); BIO_printf(bio,"---\n");
if (peer != NULL) if (peer != NULL)
......
...@@ -770,8 +770,12 @@ int full; ...@@ -770,8 +770,12 @@ int full;
SSL_CIPHER_get_version(c), SSL_CIPHER_get_version(c),
SSL_CIPHER_get_name(c)); SSL_CIPHER_get_name(c));
if (peer != NULL) if (peer != NULL)
{
EVP_PKEY *pktmp;
BIO_printf(bio,"Server public key is %d bit\n", BIO_printf(bio,"Server public key is %d bit\n",
EVP_PKEY_bits(X509_get_pubkey(peer))); EVP_PKEY_bits(pktmp));
EVP_PKEY_free(pktmp);
}
SSL_SESSION_print(bio,SSL_get_session(s)); SSL_SESSION_print(bio,SSL_get_session(s));
BIO_printf(bio,"---\n"); BIO_printf(bio,"---\n");
if (peer != NULL) if (peer != NULL)
......
...@@ -91,7 +91,6 @@ DSA *dsa; ...@@ -91,7 +91,6 @@ DSA *dsa;
int ret = -1; int ret = -1;
if ((ctx=BN_CTX_new()) == NULL) goto err; if ((ctx=BN_CTX_new()) == NULL) goto err;
if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
BN_init(&u1); BN_init(&u1);
BN_init(&u2); BN_init(&u2);
......
...@@ -953,8 +953,9 @@ unsigned char *data; ...@@ -953,8 +953,9 @@ unsigned char *data;
goto err; goto err;
ret=1; ret=1;
err: err:
if (sk != NULL) sk_free(sk); sk_free(sk);
if (x509 != NULL) X509_free(x509); X509_free(x509);
EVP_PKEY_free(pkey);
return(ret); return(ret);
} }
...@@ -985,6 +986,7 @@ int padding; ...@@ -985,6 +986,7 @@ int padding;
if (i < 0) if (i < 0)
SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,ERR_R_RSA_LIB); SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,ERR_R_RSA_LIB);
end: end:
EVP_PKEY_free(pkey);
return(i); return(i);
} }
...@@ -910,6 +910,7 @@ SSL *s; ...@@ -910,6 +910,7 @@ SSL *s;
pkey=X509_get_pubkey(x509); pkey=X509_get_pubkey(x509);
if (pkey == NULL) goto end; if (pkey == NULL) goto end;
i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey); i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey);
EVP_PKEY_free(pkey);
memset(&ctx,0,sizeof(ctx)); memset(&ctx,0,sizeof(ctx));
if (i) if (i)
...@@ -933,8 +934,8 @@ msg_end: ...@@ -933,8 +934,8 @@ msg_end:
ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE); ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
} }
end: end:
if (sk != NULL) sk_free(sk); sk_free(sk);
if (x509 != NULL) X509_free(x509); X509_free(x509);
return(ret); return(ret);
} }
......
...@@ -404,6 +404,7 @@ EVP_PKEY *pkey; ...@@ -404,6 +404,7 @@ EVP_PKEY *pkey;
ret= -1; ret= -1;
err: err:
if(!pkey) EVP_PKEY_free(pk);
return(ret); return(ret);
} }
......
...@@ -814,8 +814,9 @@ f_err: ...@@ -814,8 +814,9 @@ f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al); ssl3_send_alert(s,SSL3_AL_FATAL,al);
} }
err: err:
if (x != NULL) X509_free(x); EVP_PKEY_free(pkey);
if (sk != NULL) sk_pop_free(sk,X509_free); X509_free(x);
sk_pop_free(sk,X509_free);
return(ret); return(ret);
} }
...@@ -1103,11 +1104,12 @@ SSL *s; ...@@ -1103,11 +1104,12 @@ SSL *s;
goto f_err; goto f_err;
} }
} }
EVP_PKEY_free(pkey);
return(1); return(1);
f_err: f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al); ssl3_send_alert(s,SSL3_AL_FATAL,al);
err: err:
EVP_PKEY_free(pkey);
return(-1); return(-1);
} }
...@@ -1622,6 +1624,7 @@ SSL *s; ...@@ -1622,6 +1624,7 @@ SSL *s;
idx=c->cert_type; idx=c->cert_type;
pkey=X509_get_pubkey(c->pkeys[idx].x509); pkey=X509_get_pubkey(c->pkeys[idx].x509);
i=X509_certificate_type(c->pkeys[idx].x509,pkey); i=X509_certificate_type(c->pkeys[idx].x509,pkey);
EVP_PKEY_free(pkey);
/* Check that we have a certificate if we require one */ /* Check that we have a certificate if we require one */
......
...@@ -1510,6 +1510,7 @@ f_err: ...@@ -1510,6 +1510,7 @@ f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al); ssl3_send_alert(s,SSL3_AL_FATAL,al);
} }
end: end:
EVP_PKEY_free(pkey);
return(ret); return(ret);
} }
......
...@@ -229,8 +229,10 @@ EVP_PKEY *pkey; ...@@ -229,8 +229,10 @@ EVP_PKEY *pkey;
if (c->pkeys[i].x509 != NULL) if (c->pkeys[i].x509 != NULL)
{ {
EVP_PKEY_copy_parameters( EVP_PKEY *pktmp;
X509_get_pubkey(c->pkeys[i].x509),pkey); pktmp = X509_get_pubkey(c->pkeys[i].x509);
EVP_PKEY_copy_parameters(pktmp,pkey);
EVP_PKEY_free(pktmp);
ERR_clear_error(); ERR_clear_error();
#ifndef NO_RSA #ifndef NO_RSA
...@@ -503,6 +505,7 @@ X509 *x; ...@@ -503,6 +505,7 @@ X509 *x;
if (i < 0) if (i < 0)
{ {
SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE); SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
EVP_PKEY_free(pkey);
return(0); return(0);
} }
...@@ -549,6 +552,7 @@ X509 *x; ...@@ -549,6 +552,7 @@ X509 *x;
else else
ok=1; ok=1;
EVP_PKEY_free(pkey);
if (bad) if (bad)
{ {
EVP_PKEY_free(c->pkeys[i].privatekey); EVP_PKEY_free(c->pkeys[i].privatekey);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册