From a43cf9fae96175ee91da08aa523c508c3d3e6dde Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 24 Jan 2001 18:39:54 +0000 Subject: [PATCH] Add debugging info to new ASN1 code to trace memory leaks. Fix PKCS7 and PKCS12 memory leaks. Initialise encapsulated content type properly. --- CHANGES | 13 ++++++++++++- Configure | 2 +- crypto/asn1/tasn_new.c | 30 +++++++++++++++++++++++++++--- crypto/pkcs12/p12_init.c | 8 -------- crypto/pkcs7/pk7_asn1.c | 14 ++++++++++++-- crypto/pkcs7/pk7_lib.c | 6 ++++++ 6 files changed, 58 insertions(+), 15 deletions(-) diff --git a/CHANGES b/CHANGES index 9ee6fc0161..52409a97d4 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,18 @@ _______________ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] - + + *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT + to data. This was previously part of the PKCS7 ASN1 code. This + was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures. + [Steve Henson, reported by Kenneth R. Robinette + ] + + *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1 + routines: without these tracing memory leaks is very painful. + Fix leaks in PKCS12 and PKCS7 routines. + [Steve Henson] + *) Fix for Irix with NO_ASM. ["Bruce W. Forsberg" ] diff --git a/Configure b/Configure index 8a111cc22a..a2b26d943c 100755 --- a/Configure +++ b/Configure @@ -128,7 +128,7 @@ my %table=( "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", +"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "dist", "cc:-O::(unknown):::::", diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c index d6f1155928..da0cb266e4 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.c @@ -96,6 +96,10 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int if(!combine) *pval = NULL; +#ifdef CRYPTO_MDEBUG + if(it->sname) CRYPTO_push_info(it->sname); +#endif + switch(it->itype) { case ASN1_ITYPE_EXTERN: @@ -166,15 +170,24 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int goto auxerr; break; } +#ifdef CRYPTO_MDEBUG + if(it->sname) CRYPTO_pop_info(); +#endif return 1; memerr: ASN1err(ASN1_F_ASN1_ITEM_NEW, ERR_R_MALLOC_FAILURE); +#ifdef CRYPTO_MDEBUG + if(it->sname) CRYPTO_pop_info(); +#endif return 0; auxerr: ASN1err(ASN1_F_ASN1_ITEM_NEW, ASN1_R_AUX_ERROR); ASN1_item_ex_free(pval, it); +#ifdef CRYPTO_MDEBUG + if(it->sname) CRYPTO_pop_info(); +#endif return 0; } @@ -216,6 +229,7 @@ static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) { const ASN1_ITEM *it = tt->item; + int ret; if(tt->flags & ASN1_TFLG_OPTIONAL) { asn1_template_clear(pval, tt); return 1; @@ -226,19 +240,29 @@ int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) *pval = NULL; return 1; } +#ifdef CRYPTO_MDEBUG + if(tt->field_name) CRYPTO_push_info(tt->field_name); +#endif /* If SET OF or SEQUENCE OF, its a STACK */ if(tt->flags & ASN1_TFLG_SK_MASK) { STACK_OF(ASN1_VALUE) *skval; skval = sk_ASN1_VALUE_new_null(); if(!skval) { ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE); - return 0; + ret = 0; + goto done; } *pval = (ASN1_VALUE *)skval; - return 1; + ret = 1; + goto done; } /* Otherwise pass it back to the item routine */ - return asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE); + ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE); + done: +#ifdef CRYPTO_MDEBUG + if(it->sname) CRYPTO_pop_info(); +#endif + return ret; } void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) diff --git a/crypto/pkcs12/p12_init.c b/crypto/pkcs12/p12_init.c index d5d4884c82..eb837a78cf 100644 --- a/crypto/pkcs12/p12_init.c +++ b/crypto/pkcs12/p12_init.c @@ -69,15 +69,7 @@ PKCS12 *PKCS12_init (int mode) PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE); return NULL; } - if (!(pkcs12->version = M_ASN1_INTEGER_new ())) { - PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE); - return NULL; - } ASN1_INTEGER_set(pkcs12->version, 3); - if (!(pkcs12->authsafes = PKCS7_new())) { - PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE); - return NULL; - } pkcs12->authsafes->type = OBJ_nid2obj(mode); switch (mode) { case NID_pkcs7_data: diff --git a/crypto/pkcs7/pk7_asn1.c b/crypto/pkcs7/pk7_asn1.c index 9c5eda2b36..34561dfc51 100644 --- a/crypto/pkcs7/pk7_asn1.c +++ b/crypto/pkcs7/pk7_asn1.c @@ -136,12 +136,22 @@ ASN1_SEQUENCE(PKCS7_ENVELOPE) = { IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE) -ASN1_SEQUENCE(PKCS7_RECIP_INFO) = { +/* Minor tweak to operation: free up X509 */ +static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +{ + if(operation == ASN1_OP_FREE_POST) { + PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval; + X509_free(ri->cert); + } + return 1; +} + +ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = { ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER), ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR), ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(PKCS7_RECIP_INFO); +} ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO); IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 656f0e9dfa..f7b5da1f14 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -169,18 +169,24 @@ int PKCS7_set_type(PKCS7 *p7, int type) if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new()) == NULL) goto err; ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1); + p7->d.signed_and_enveloped->enc_data->content_type + = OBJ_nid2obj(NID_pkcs7_data); break; case NID_pkcs7_enveloped: p7->type=obj; if ((p7->d.enveloped=PKCS7_ENVELOPE_new()) == NULL) goto err; ASN1_INTEGER_set(p7->d.enveloped->version,0); + p7->d.enveloped->enc_data->content_type + = OBJ_nid2obj(NID_pkcs7_data); break; case NID_pkcs7_encrypted: p7->type=obj; if ((p7->d.encrypted=PKCS7_ENCRYPT_new()) == NULL) goto err; ASN1_INTEGER_set(p7->d.encrypted->version,0); + p7->d.encrypted->enc_data->content_type + = OBJ_nid2obj(NID_pkcs7_data); break; case NID_pkcs7_digest: -- GitLab