[pkg-opensc-commit] [libp11] 69/239: patch by Nils: fix memory leaks, improve documentation.
Eric Dorland
eric at moszumanska.debian.org
Sat Oct 17 06:21:10 UTC 2015
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository libp11.
commit ac5335f4a376967c01265de154ecce5f4a47c29d
Author: Andreas Jellinghaus <andreas at ionisiert.de>
Date: Sun Oct 30 11:40:17 2005 +0000
patch by Nils: fix memory leaks, improve documentation.
---
src/libp11.h | 30 ++++++++++++++++++++++++++++--
src/p11_attr.c | 2 +-
src/p11_key.c | 22 +++++++++++++---------
src/p11_ops.c | 2 +-
src/p11_rsa.c | 16 ++++++++++++----
src/p11_slot.c | 4 +++-
6 files changed, 58 insertions(+), 18 deletions(-)
diff --git a/src/libp11.h b/src/libp11.h
index 0c04def..4f7a672 100644
--- a/src/libp11.h
+++ b/src/libp11.h
@@ -207,8 +207,24 @@ extern int PKCS11_get_key_modulus(PKCS11_KEY *, BIGNUM **);
extern int PKCS11_get_key_exponent(PKCS11_KEY *, BIGNUM **);
/* Get the enveloped private key */
-extern EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY *);
-extern EVP_PKEY *PKCS11_get_public_key(PKCS11_KEY *);
+/**
+ * Returns a EVP_PKEY object for the private key
+ *
+ * @param key PKCS11_KEY object
+ * @return reference to EVP_PKEY object or NULL if an error occurred.
+ * The returned EVP_PKEY object should be treated as const
+ * and must not be freed.
+ */
+extern EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY *key);
+/**
+ * Returns a EVP_PKEY object with the public key
+ *
+ * @param key PKCS11_KEY object
+ * @return reference to EVP_PKEY object or NULL if an error occurred.
+ * The returned EVP_PKEY object should be treated as const
+ * and must not be freed.
+ */
+extern EVP_PKEY *PKCS11_get_public_key(PKCS11_KEY *key);
/* Find the corresponding certificate (if any) */
extern PKCS11_CERT *PKCS11_find_certificate(PKCS11_KEY *);
@@ -262,6 +278,16 @@ extern int PKCS11_sign(int type, const unsigned char *m, unsigned int m_len,
unsigned char *sigret, unsigned int *siglen, const PKCS11_KEY * key);
extern int PKCS11_private_encrypt(int flen, const unsigned char *from,
unsigned char *to, const PKCS11_KEY * rsa, int padding);
+/**
+ * Decrypts data using the private key
+ *
+ * @param flen length of the encrypted data
+ * @param from encrypted data
+ * @param to output buffer (MUST be a least flen bytes long)
+ * @param key private key object
+ * @param padding padding algorithm to be used
+ * @return the length of the decrypted data or 0 if an error occurred
+ */
extern int PKCS11_private_decrypt(int flen, const unsigned char *from,
unsigned char *to, PKCS11_KEY * key, int padding);
extern int PKCS11_verify(int type, const unsigned char *m, unsigned int m_len,
diff --git a/src/p11_attr.c b/src/p11_attr.c
index e1eab58..9519ca6 100644
--- a/src/p11_attr.c
+++ b/src/p11_attr.c
@@ -93,7 +93,7 @@ pkcs11_getattr_bn(PKCS11_TOKEN * token, CK_OBJECT_HANDLE object,
pkcs11_map_err(CKR_ATTRIBUTE_TYPE_INVALID));
return -1;
}
- *bn = BN_bin2bn(binary, size, NULL);
+ *bn = BN_bin2bn(binary, size, *bn);
return *bn ? 0 : -1;
}
diff --git a/src/p11_key.c b/src/p11_key.c
index 813d88e..42358cb 100644
--- a/src/p11_key.c
+++ b/src/p11_key.c
@@ -160,16 +160,20 @@ int PKCS11_get_key_type(PKCS11_KEY * key)
EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY * key)
{
PKCS11_KEY_private *priv = PRIVKEY(key);
- EVP_PKEY *pk;
- pk = EVP_PKEY_new();
- if (priv->ops->get_private(key, pk)
- || priv->ops->get_public(key, pk)) {
- EVP_PKEY_free(pk);
- return NULL;
+ if (key->evp_key == NULL) {
+ EVP_PKEY *pk = EVP_PKEY_new();
+ if (pk == NULL)
+ return NULL;
+ if (priv->ops->get_private(key, pk)
+ || priv->ops->get_public(key, pk)) {
+ EVP_PKEY_free(pk);
+ return NULL;
+ }
+ key->evp_key = pk;
}
- key->evp_key = pk;
- return pk;
+
+ return key->evp_key;
}
EVP_PKEY *PKCS11_get_public_key(PKCS11_KEY * key)
@@ -437,7 +441,7 @@ int PKCS11_get_key_exponent(PKCS11_KEY * key, BIGNUM **bn)
int PKCS11_get_key_size(const PKCS11_KEY * key)
{
- BIGNUM* n;
+ BIGNUM* n = NULL;
int numbytes = 0;
if(key_getattr_bn(key, CKA_MODULUS, &n))
return 0;
diff --git a/src/p11_ops.c b/src/p11_ops.c
index 2dd9f06..7c61900 100644
--- a/src/p11_ops.c
+++ b/src/p11_ops.c
@@ -118,7 +118,7 @@ PKCS11_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
PKCS11_CTX *ctx;
CK_SESSION_HANDLE session;
CK_MECHANISM mechanism;
- CK_ULONG size;
+ CK_ULONG size = flen;
if (padding != RSA_PKCS1_PADDING) {
printf("pkcs11 engine: only RSA_PKCS1_PADDING allowed so far\n");
diff --git a/src/p11_rsa.c b/src/p11_rsa.c
index c392958..d0595ba 100644
--- a/src/p11_rsa.c
+++ b/src/p11_rsa.c
@@ -46,13 +46,16 @@ int pkcs11_get_rsa_private(PKCS11_KEY * key, EVP_PKEY * pk)
}
if (key_getattr(key, CKA_SENSITIVE, &sensitive, sizeof(sensitive))
- || key_getattr(key, CKA_EXTRACTABLE, &extractable, sizeof(extractable)))
+ || key_getattr(key, CKA_EXTRACTABLE, &extractable, sizeof(extractable))) {
+ RSA_free(rsa);
return -1;
+ }
- if (!rsa->n && key_getattr_bn(key, CKA_MODULUS, &rsa->n))
- return -1;
- if (!rsa->e && key_getattr_bn(key, CKA_PUBLIC_EXPONENT, &rsa->e))
+ if (key_getattr_bn(key, CKA_MODULUS, &rsa->n) ||
+ key_getattr_bn(key, CKA_PUBLIC_EXPONENT, &rsa->e)) {
+ RSA_free(rsa);
return -1;
+ }
/* If the key is not extractable, create a key object
* that will use the card's functions to sign & decrypt */
@@ -60,6 +63,8 @@ int pkcs11_get_rsa_private(PKCS11_KEY * key, EVP_PKEY * pk)
RSA_set_method(rsa, pkcs11_get_rsa_method());
rsa->flags |= RSA_FLAG_SIGN_VER;
RSA_set_app_data(rsa, key);
+
+ RSA_free(rsa);
return 0;
}
@@ -68,6 +73,9 @@ int pkcs11_get_rsa_private(PKCS11_KEY * key, EVP_PKEY * pk)
RSA_set_method(rsa, pkcs11_get_rsa_method());
rsa->flags |= RSA_FLAG_SIGN_VER;
RSA_set_app_data(rsa, key);
+
+ RSA_free(rsa);
+
return 0;
/*
PKCS11err(PKCS11_F_PKCS11_GET_KEY, PKCS11_NOT_SUPPORTED);
diff --git a/src/p11_slot.c b/src/p11_slot.c
index 707d53a..3df9d50 100644
--- a/src/p11_slot.c
+++ b/src/p11_slot.c
@@ -371,7 +371,9 @@ int pkcs11_check_token(PKCS11_CTX * ctx, PKCS11_SLOT * slot)
void pkcs11_destroy_token(PKCS11_TOKEN * token)
{
- /* XXX destroy keys associated with this token */
+ pkcs11_destroy_keys(token);
+ pkcs11_destroy_certs(token);
+
OPENSSL_free(token->label);
OPENSSL_free(token->manufacturer);
OPENSSL_free(token->model);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git
More information about the pkg-opensc-commit
mailing list