[pkg-opensc-commit] [libp11] 69/239: patch by Nils: fix memory leaks, improve documentation.

Eric Dorland eric at moszumanska.debian.org
Sat Oct 17 06:21:10 UTC 2015 

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository libp11.

commit ac5335f4a376967c01265de154ecce5f4a47c29d
Author: Andreas Jellinghaus <andreas at ionisiert.de>
Date:   Sun Oct 30 11:40:17 2005 +0000

    patch by Nils: fix memory leaks, improve documentation.
---
 src/libp11.h   | 30 ++++++++++++++++++++++++++++--
 src/p11_attr.c |  2 +-
 src/p11_key.c  | 22 +++++++++++++---------
 src/p11_ops.c  |  2 +-
 src/p11_rsa.c  | 16 ++++++++++++----
 src/p11_slot.c |  4 +++-
 6 files changed, 58 insertions(+), 18 deletions(-)

diff --git a/src/libp11.h b/src/libp11.h
index 0c04def..4f7a672 100644
--- a/src/libp11.h
+++ b/src/libp11.h
@@ -207,8 +207,24 @@ extern int PKCS11_get_key_modulus(PKCS11_KEY *, BIGNUM **);
 extern int PKCS11_get_key_exponent(PKCS11_KEY *, BIGNUM **);
 
 /* Get the enveloped private key */
-extern EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY *);
-extern EVP_PKEY *PKCS11_get_public_key(PKCS11_KEY *);
+/**
+ * Returns a EVP_PKEY object for the private key
+ *
+ * @param   key  PKCS11_KEY object
+ * @return reference to EVP_PKEY object or NULL if an error occurred.
+ *         The returned EVP_PKEY object should be treated as const 
+ *         and must not be freed.
+ */
+extern EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY *key);
+/**
+ * Returns a EVP_PKEY object with the public key
+ *
+ * @param  key  PKCS11_KEY object
+ * @return reference to EVP_PKEY object or NULL if an error occurred.
+ *         The returned EVP_PKEY object should be treated as const
+ *         and must not be freed.
+ */
+extern EVP_PKEY *PKCS11_get_public_key(PKCS11_KEY *key);
 
 /* Find the corresponding certificate (if any) */
 extern PKCS11_CERT *PKCS11_find_certificate(PKCS11_KEY *);
@@ -262,6 +278,16 @@ extern int PKCS11_sign(int type, const unsigned char *m, unsigned int m_len,
 	unsigned char *sigret, unsigned int *siglen, const PKCS11_KEY * key);
 extern int PKCS11_private_encrypt(int flen, const unsigned char *from,
 	unsigned char *to, const PKCS11_KEY * rsa, int padding);
+/**
+ * Decrypts data using the private key
+ * 
+ * @param  flen     length of the encrypted data
+ * @param  from     encrypted data
+ * @param  to       output buffer (MUST be a least flen bytes long)
+ * @param  key      private key object 
+ * @param  padding  padding algorithm to be used
+ * @return the length of the decrypted data or 0 if an error occurred
+ */
 extern int PKCS11_private_decrypt(int flen, const unsigned char *from,
 	unsigned char *to, PKCS11_KEY * key, int padding);
 extern int PKCS11_verify(int type, const unsigned char *m, unsigned int m_len,
diff --git a/src/p11_attr.c b/src/p11_attr.c
index e1eab58..9519ca6 100644
--- a/src/p11_attr.c
+++ b/src/p11_attr.c
@@ -93,7 +93,7 @@ pkcs11_getattr_bn(PKCS11_TOKEN * token, CK_OBJECT_HANDLE object,
 			  pkcs11_map_err(CKR_ATTRIBUTE_TYPE_INVALID));
 		return -1;
 	}
-	*bn = BN_bin2bn(binary, size, NULL);
+	*bn = BN_bin2bn(binary, size, *bn);
 	return *bn ? 0 : -1;
 }
 
diff --git a/src/p11_key.c b/src/p11_key.c
index 813d88e..42358cb 100644
--- a/src/p11_key.c
+++ b/src/p11_key.c
@@ -160,16 +160,20 @@ int PKCS11_get_key_type(PKCS11_KEY * key)
 EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY * key)
 {
 	PKCS11_KEY_private *priv = PRIVKEY(key);
-	EVP_PKEY *pk;
 
-	pk = EVP_PKEY_new();
-	if (priv->ops->get_private(key, pk)
-	    || priv->ops->get_public(key, pk)) {
-		EVP_PKEY_free(pk);
-		return NULL;
+	if (key->evp_key == NULL) {
+		EVP_PKEY *pk = EVP_PKEY_new();
+		if (pk == NULL)
+			return NULL;
+		if (priv->ops->get_private(key, pk)
+		    || priv->ops->get_public(key, pk)) {
+			EVP_PKEY_free(pk);
+			return NULL;
+		}
+		key->evp_key = pk;
 	}
-	key->evp_key = pk;
-	return pk;
+
+	return key->evp_key;
 }
 
 EVP_PKEY *PKCS11_get_public_key(PKCS11_KEY * key)
@@ -437,7 +441,7 @@ int PKCS11_get_key_exponent(PKCS11_KEY * key, BIGNUM **bn)
 
 int PKCS11_get_key_size(const PKCS11_KEY * key) 
 {
-	BIGNUM* n;
+	BIGNUM* n = NULL;
 	int     numbytes = 0;
 	if(key_getattr_bn(key, CKA_MODULUS, &n))
 		return 0;
diff --git a/src/p11_ops.c b/src/p11_ops.c
index 2dd9f06..7c61900 100644
--- a/src/p11_ops.c
+++ b/src/p11_ops.c
@@ -118,7 +118,7 @@ PKCS11_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
 	PKCS11_CTX *ctx;
 	CK_SESSION_HANDLE session;
 	CK_MECHANISM mechanism;
-	CK_ULONG size;
+	CK_ULONG size = flen;
 								
 	if (padding != RSA_PKCS1_PADDING) {
 			printf("pkcs11 engine: only RSA_PKCS1_PADDING allowed so far\n");
diff --git a/src/p11_rsa.c b/src/p11_rsa.c
index c392958..d0595ba 100644
--- a/src/p11_rsa.c
+++ b/src/p11_rsa.c
@@ -46,13 +46,16 @@ int pkcs11_get_rsa_private(PKCS11_KEY * key, EVP_PKEY * pk)
 	}
 
 	if (key_getattr(key, CKA_SENSITIVE, &sensitive, sizeof(sensitive))
-	    || key_getattr(key, CKA_EXTRACTABLE, &extractable, sizeof(extractable)))
+	    || key_getattr(key, CKA_EXTRACTABLE, &extractable, sizeof(extractable))) {
+		RSA_free(rsa);
 		return -1;
+	}
 
-	if (!rsa->n && key_getattr_bn(key, CKA_MODULUS, &rsa->n))
-		return -1;
-	if (!rsa->e && key_getattr_bn(key, CKA_PUBLIC_EXPONENT, &rsa->e))
+	if (key_getattr_bn(key, CKA_MODULUS, &rsa->n) ||
+	    key_getattr_bn(key, CKA_PUBLIC_EXPONENT, &rsa->e)) {
+		RSA_free(rsa);
 		return -1;
+	}
 
 	/* If the key is not extractable, create a key object
 	 * that will use the card's functions to sign & decrypt */
@@ -60,6 +63,8 @@ int pkcs11_get_rsa_private(PKCS11_KEY * key, EVP_PKEY * pk)
 		RSA_set_method(rsa, pkcs11_get_rsa_method());
 		rsa->flags |= RSA_FLAG_SIGN_VER;
 		RSA_set_app_data(rsa, key);
+
+		RSA_free(rsa);
 		return 0;
 	}
 
@@ -68,6 +73,9 @@ int pkcs11_get_rsa_private(PKCS11_KEY * key, EVP_PKEY * pk)
 	RSA_set_method(rsa, pkcs11_get_rsa_method());
 	rsa->flags |= RSA_FLAG_SIGN_VER;
 	RSA_set_app_data(rsa, key);
+
+	RSA_free(rsa);
+
 	return 0;
 	/*
 	PKCS11err(PKCS11_F_PKCS11_GET_KEY, PKCS11_NOT_SUPPORTED);
diff --git a/src/p11_slot.c b/src/p11_slot.c
index 707d53a..3df9d50 100644
--- a/src/p11_slot.c
+++ b/src/p11_slot.c
@@ -371,7 +371,9 @@ int pkcs11_check_token(PKCS11_CTX * ctx, PKCS11_SLOT * slot)
 
 void pkcs11_destroy_token(PKCS11_TOKEN * token)
 {
-	/* XXX destroy keys associated with this token */
+	pkcs11_destroy_keys(token);
+	pkcs11_destroy_certs(token);
+
 	OPENSSL_free(token->label);
 	OPENSSL_free(token->manufacturer);
 	OPENSSL_free(token->model);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git

More information about the pkg-opensc-commit mailing list