Make sure applications free up pkey structures and add netscape extension

handling to x509.c

Make sure applications free up pkey structures and add netscape extension
handling to x509.c
cfcf6453 · Dr. Stephen Henson · cdbb8c2f · cfcf6453 · cfcf6453 · cfcf6453
7 changed file
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,10 @@

 Changes between 0.9.1c and 0.9.2

+  *) Fix the various library and apps files to free up pkeys obtained from
+     EVP_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.
+     [Steve Henson]
+
  *) Fix reference counting in X509_PUBKEY_get(). This makes
     demos/maurice/example2.c work, amongst others, probably.
     [Steve Henson and Ben Laurie]

--- a/apps/req.c
+++ b/apps/req.c
@@ -663,7 +663,10 @@ loop:
 			}

 		i=X509_REQ_verify(req,pkey);
-		if (tmp) pkey=NULL;
+		if (tmp) {
+			EVP_PKEY_free(pkey);
+			pkey=NULL;
+		}

 		if (i < 0)
 			{

--- a/apps/x509.c
+++ b/apps/x509.c
@@ -305,6 +305,7 @@ bad:
 		}

 	ERR_load_crypto_strings();
+	X509v3_add_netscape_extensions();

 	if (!X509_STORE_set_default_paths(ctx))
 		{
@@ -368,6 +369,7 @@ bad:
 	                goto end;
 	                }
 		i=X509_REQ_verify(req,pkey);
+		EVP_PKEY_free(pkey);
 		if (i < 0)
 			{
 			BIO_printf(bio_err,"Signature verification error\n");
@@ -481,6 +483,7 @@ bad:
 				else
 					BIO_printf(STDout,"Wrong Algorithm type");
 				BIO_printf(STDout,"\n");
+				EVP_PKEY_free(pkey);
 				}
 			else
 #endif
@@ -688,6 +691,7 @@ end:
 	if (Upkey != NULL) EVP_PKEY_free(Upkey);
 	if (CApkey != NULL) EVP_PKEY_free(CApkey);
 	if (rq != NULL) X509_REQ_free(rq);
+	X509v3_cleanup_extensions();
 	EXIT(ret);
 	}


--- a/crypto/asn1/t_req.c
+++ b/crypto/asn1/t_req.c
@@ -138,6 +138,8 @@ X509_REQ *x;
 #endif
 		BIO_printf(bp,"%12sUnknown Public Key:\n","");

+	EVP_PKEY_free(pkey);
+
 	/* may not be */
 	sprintf(str,"%8sAttributes:\n","");
 	if (BIO_puts(bp,str) <= 0) goto err;

--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@@ -182,6 +182,8 @@ X509 *x;
 #endif
 		BIO_printf(bp,"%12sUnknown Public Key:\n","");

+	EVP_PKEY_free(pkey);
+
 	n=X509_get_ext_count(x);
 	if (n > 0)
 		{

--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -345,11 +345,13 @@ X509_STORE_CTX *ctx;
 				}
 			if (X509_verify(xs,pkey) <= 0)
 				{
+				EVP_PKEY_free(pkey);
 				ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
 				ctx->current_cert=xs;
 				ok=(*cb)(0,ctx);
 				if (!ok) goto end;
 				}
+			EVP_PKEY_free(pkey);
 			pkey=NULL;

 			i=X509_cmp_current_time(X509_get_notBefore(xs));
@@ -403,6 +405,7 @@ X509_STORE_CTX *ctx;
 		}
 	ok=1;
 end:
+	EVP_PKEY_free(pkey);
 	return(ok);
 	}

@@ -492,6 +495,7 @@ STACK *chain;
 			break;
 		else
 			{
+			EVP_PKEY_free(ktmp);
 			ktmp=NULL;
 			}
 		}
@@ -506,10 +510,11 @@ STACK *chain;
 		{
 		ktmp2=X509_get_pubkey((X509 *)sk_value(chain,j));
 		EVP_PKEY_copy_parameters(ktmp2,ktmp);
+		EVP_PKEY_free(ktmp2);
 		}
 	
-	if (pkey != NULL)
-		EVP_PKEY_copy_parameters(pkey,ktmp);
+	if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp);
+	EVP_PKEY_free(ktmp);
 	return(1);
 	}


--- a/crypto/x509/x509type.c
+++ b/crypto/x509/x509type.c
@@ -108,8 +108,9 @@ EVP_PKEY *pkey;
 		break;
 		}

-	if (EVP_PKEY_size(pkey) <= 512)
+	if (EVP_PKEY_size(pk) <= 512)
 		ret|=EVP_PKT_EXP;
+	if(pkey==NULL) EVP_PKEY_free(pk);
 	return(ret);
 	}