[pkg-opensc-commit] [libp11] 31/67: Memory allocation cleanup
Eric Dorland
eric at moszumanska.debian.org
Sat Jan 30 05:34:14 UTC 2016
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository libp11.
commit 74e22388ab1d26732b0d6e5ff9179f65d9b85228
Author: Michał Trojnara <Michal.Trojnara at stunnel.org>
Date: Mon Jan 4 13:21:37 2016 +0100
Memory allocation cleanup
---
examples/auth.c | 18 ++++++-------
examples/decrypt.c | 24 ++++++++---------
examples/getrandom.c | 2 +-
examples/rawrsasign.c | 18 ++++++-------
src/libp11-int.h | 3 ---
src/libpkcs11.c | 19 ++++++-------
src/p11_attr.c | 18 ++++++++-----
src/p11_cert.c | 61 +++++++++++++++++++++++-------------------
src/p11_key.c | 18 +++++++------
src/p11_load.c | 8 +++---
src/p11_misc.c | 13 ++-------
src/p11_ops.c | 4 +--
src/p11_slot.c | 74 ++++++++++++++++++++++++++++++---------------------
tests/fork-test.c | 16 +++++------
14 files changed, 156 insertions(+), 140 deletions(-)
diff --git a/examples/auth.c b/examples/auth.c
index b4bc3c0..21216a3 100644
--- a/examples/auth.c
+++ b/examples/auth.c
@@ -62,7 +62,7 @@ int main(int argc, char *argv[])
/* get first slot with a token */
slot = PKCS11_find_token(ctx, slots, nslots);
- if (!slot || !slot->token) {
+ if (slot == NULL || slot->token == NULL) {
fprintf(stderr, "no token available\n");
rc = 3;
goto notoken;
@@ -94,7 +94,7 @@ int main(int argc, char *argv[])
/* Read the password. */
printf("Password for token %.32s: ", slot->token->label);
- if (!fgets(password, sizeof(password), stdin))
+ if (fgets(password, sizeof(password), stdin) == NULL)
goto failed;
/* Restore terminal. */
@@ -153,8 +153,8 @@ int main(int argc, char *argv[])
authcert=&certs[0];
/* get random bytes */
- random = malloc(RANDOM_SIZE);
- if (!random)
+ random = OPENSSL_malloc(RANDOM_SIZE);
+ if (random == NULL)
goto failed;
fd = open(RANDOM_SOURCE, O_RDONLY);
@@ -182,15 +182,15 @@ int main(int argc, char *argv[])
close(fd);
authkey = PKCS11_find_key(authcert);
- if (!authkey) {
+ if (authkey == NULL) {
fprintf(stderr, "no key matching certificate available\n");
goto failed;
}
/* ask for a sha1 hash of the random data, signed by the key */
siglen = MAX_SIGSIZE;
- signature = malloc(MAX_SIGSIZE);
- if (!signature)
+ signature = OPENSSL_malloc(MAX_SIGSIZE);
+ if (signature == NULL)
goto failed;
rc = PKCS11_sign(NID_sha1, random, RANDOM_SIZE, signature, &siglen,
@@ -219,9 +219,9 @@ int main(int argc, char *argv[])
EVP_PKEY_free(pubkey);
if (random != NULL)
- free(random);
+ OPENSSL_free(random);
if (signature != NULL)
- free(signature);
+ OPENSSL_free(signature);
PKCS11_release_all_slots(ctx, slots, nslots);
PKCS11_CTX_unload(ctx);
diff --git a/examples/decrypt.c b/examples/decrypt.c
index 550ab46..e209733 100644
--- a/examples/decrypt.c
+++ b/examples/decrypt.c
@@ -62,7 +62,7 @@ int main(int argc, char *argv[])
/* get first slot with a token */
slot = PKCS11_find_token(ctx, slots, nslots);
- if (!slot || !slot->token) {
+ if (slot == NULL || slot->token == NULL) {
fprintf(stderr, "no token available\n");
rc = 3;
goto notoken;
@@ -89,8 +89,8 @@ int main(int argc, char *argv[])
authcert=&certs[0];
/* get random bytes */
- random = malloc(RANDOM_SIZE);
- if (!random)
+ random = OPENSSL_malloc(RANDOM_SIZE);
+ if (random == NULL)
goto failed;
fd = open(RANDOM_SOURCE, O_RDONLY);
@@ -125,8 +125,8 @@ int main(int argc, char *argv[])
}
/* allocate destination buffer */
- encrypted = malloc(RSA_size(pubkey->pkey.rsa));
- if (!encrypted) {
+ encrypted = OPENSSL_malloc(RSA_size(pubkey->pkey.rsa));
+ if (encrypted == NULL) {
fprintf(stderr,"out of memory for encrypted data");
goto failed;
}
@@ -157,7 +157,7 @@ int main(int argc, char *argv[])
/* Read the password. */
printf("Password for token %.32s: ", slot->token->label);
- if (!fgets(password, sizeof(password), stdin))
+ if (fgets(password, sizeof(password), stdin) == NULL)
goto failed;
/* Restore terminal. */
@@ -180,14 +180,14 @@ int main(int argc, char *argv[])
loggedin:
authkey = PKCS11_find_key(authcert);
- if (!authkey) {
+ if (authkey == NULL) {
fprintf(stderr, "no key matching certificate available\n");
goto failed;
}
/* allocate space for decrypted data */
- decrypted = malloc(RSA_size(pubkey->pkey.rsa));
- if (!decrypted)
+ decrypted = OPENSSL_malloc(RSA_size(pubkey->pkey.rsa));
+ if (decrypted == NULL)
goto failed;
rc = PKCS11_private_decrypt(len, encrypted,
@@ -210,11 +210,11 @@ int main(int argc, char *argv[])
if (pubkey != NULL)
EVP_PKEY_free(pubkey);
if (random != NULL)
- free(random);
+ OPENSSL_free(random);
if (encrypted != NULL)
- free(encrypted);
+ OPENSSL_free(encrypted);
if (decrypted != NULL)
- free(decrypted);
+ OPENSSL_free(decrypted);
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
diff --git a/examples/getrandom.c b/examples/getrandom.c
index b8f0a69..f1c074c 100644
--- a/examples/getrandom.c
+++ b/examples/getrandom.c
@@ -46,7 +46,7 @@ int main(int argc, char *argv[])
/* get first slot with a token */
slot = PKCS11_find_token(ctx, slots, nslots);
- if (!slot || !slot->token) {
+ if (slot == NULL || slot->token == NULL) {
fprintf(stderr, "no token available\n");
rc = 3;
goto notoken;
diff --git a/examples/rawrsasign.c b/examples/rawrsasign.c
index 72c3491..aab1fe2 100644
--- a/examples/rawrsasign.c
+++ b/examples/rawrsasign.c
@@ -92,7 +92,7 @@ int main(int argc, char *argv[])
/* get first slot with a token */
slot = PKCS11_find_token(ctx, slots, nslots);
- if (!slot || !slot->token) {
+ if (slot == NULL || slot->token == NULL) {
fprintf(stderr, "no token available\n");
END(1);
}
@@ -123,7 +123,7 @@ int main(int argc, char *argv[])
/* Read the password. */
printf("Password for token %.32s: ", slot->token->label);
- if (!fgets(password, sizeof(password), stdin))
+ if (fgets(password, sizeof(password), stdin) == NULL)
END(1);
/* Restore terminal. */
@@ -160,8 +160,8 @@ loggedin:
authcert=&certs[0];
/* get random bytes */
- random = malloc(RANDOM_SIZE);
- if (!random)
+ random = OPENSSL_malloc(RANDOM_SIZE);
+ if (random == NULL)
END(1);
fd = open(RANDOM_SOURCE, O_RDONLY);
@@ -189,7 +189,7 @@ loggedin:
close(fd);
authkey = PKCS11_find_key(authcert);
- if (!authkey) {
+ if (authkey == NULL) {
fprintf(stderr, "no key matching certificate available\n");
END(1);
}
@@ -229,8 +229,8 @@ loggedin:
}
siglen = MAX_SIGSIZE;
- signature = malloc(MAX_SIGSIZE);
- if (!signature)
+ signature = OPENSSL_malloc(MAX_SIGSIZE);
+ if (signature == NULL)
END(1);
/* Do a raw RSA sign operation with the smart card */
@@ -282,9 +282,9 @@ end:
if (pubkey != NULL)
EVP_PKEY_free(pubkey);
if (random != NULL)
- free(random);
+ OPENSSL_free(random);
if (signature != NULL)
- free(signature);
+ OPENSSL_free(signature);
if (slots != NULL)
PKCS11_release_all_slots(ctx, slots, nslots);
diff --git a/src/libp11-int.h b/src/libp11-int.h
index 9f44546..863c9a3 100644
--- a/src/libp11-int.h
+++ b/src/libp11-int.h
@@ -143,8 +143,6 @@ typedef struct pkcs11_cert_private {
PRIVCTX(ctx)->method->func_and_args
/* Memory allocation */
-#define PKCS11_NEW(type) \
- ((type *) pkcs11_malloc(sizeof(type)))
#define PKCS11_DUP(s) \
pkcs11_strdup((char *) s, sizeof(s))
@@ -153,7 +151,6 @@ extern void pkcs11_release_slot(PKCS11_CTX *, PKCS11_SLOT *slot);
extern void pkcs11_destroy_keys(PKCS11_TOKEN *, unsigned int);
extern void pkcs11_destroy_certs(PKCS11_TOKEN *);
-extern void *pkcs11_malloc(size_t);
extern char *pkcs11_strdup(char *, size_t);
extern int pkcs11_getattr(PKCS11_TOKEN *, CK_OBJECT_HANDLE,
diff --git a/src/libpkcs11.c b/src/libpkcs11.c
index 92bc689..c4abf29 100644
--- a/src/libpkcs11.c
+++ b/src/libpkcs11.c
@@ -56,7 +56,10 @@ C_LoadModule(const char *mspec, CK_FUNCTION_LIST_PTR_PTR funcs)
if (mspec == NULL)
return NULL;
- mod = (sc_pkcs11_module_t *) calloc(1, sizeof(*mod));
+ mod = OPENSSL_malloc(sizeof(sc_pkcs11_module_t));
+ if (mod == NULL)
+ return NULL;
+ memset(mod, 0, sizeof(sc_pkcs11_module_t));
mod->_magic = MAGIC;
#ifdef WIN32
@@ -69,10 +72,8 @@ C_LoadModule(const char *mspec, CK_FUNCTION_LIST_PTR_PTR funcs)
goto failed;
#ifdef WIN32
- c_get_function_list = (CK_C_GetFunctionList)GetProcAddress (
- mod->handle,
- "C_GetFunctionList"
- );
+ c_get_function_list = (CK_C_GetFunctionList)
+ GetProcAddress(mod->handle, "C_GetFunctionList");
#else
{
/*
@@ -90,7 +91,7 @@ C_LoadModule(const char *mspec, CK_FUNCTION_LIST_PTR_PTR funcs)
}
#endif
- if (!c_get_function_list)
+ if (c_get_function_list == NULL)
goto failed;
rv = c_get_function_list(funcs);
if (rv == CKR_OK)
@@ -111,7 +112,7 @@ C_UnloadModule(void *module)
{
sc_pkcs11_module_t *mod = (sc_pkcs11_module_t *) module;
- if (!mod || mod->_magic != MAGIC)
+ if (mod == NULL || mod->_magic != MAGIC)
return CKR_ARGUMENTS_BAD;
if (mod->handle) {
@@ -122,8 +123,8 @@ C_UnloadModule(void *module)
#endif
}
- memset(mod, 0, sizeof(*mod));
- free(mod);
+ memset(mod, 0, sizeof(sc_pkcs11_module_t));
+ OPENSSL_free(mod);
return CKR_OK;
}
diff --git a/src/p11_attr.c b/src/p11_attr.c
index 3f5cfcb..b79a234 100644
--- a/src/p11_attr.c
+++ b/src/p11_attr.c
@@ -89,9 +89,10 @@ pkcs11_getattr_bn(PKCS11_TOKEN * token, CK_OBJECT_HANDLE object,
if (pkcs11_getattr_var(token, object, type, NULL, &size) || size == 0)
return -1;
- binary = calloc(1, size);
+ binary = OPENSSL_malloc(size);
if (binary == NULL)
return -1;
+ memset(binary, 0, size);
if (pkcs11_getattr_var(token, object, type, binary, &size)) {
ret = -1;
@@ -112,8 +113,8 @@ pkcs11_getattr_bn(PKCS11_TOKEN * token, CK_OBJECT_HANDLE object,
ret = *bn ? 0 : -1;
cleanup:
- free(binary);
- return ret;
+ OPENSSL_free(binary);
+ return ret;
}
/*
@@ -122,7 +123,9 @@ pkcs11_getattr_bn(PKCS11_TOKEN * token, CK_OBJECT_HANDLE object,
void pkcs11_addattr(CK_ATTRIBUTE_PTR ap, int type, const void *data, size_t size)
{
ap->type = type;
- ap->pValue = malloc(size);
+ ap->pValue = OPENSSL_malloc(size);
+ if (ap->pValue == NULL)
+ return;
memcpy(ap->pValue, data, size);
ap->ulValueLen = size;
}
@@ -161,7 +164,10 @@ void pkcs11_addattr_obj(CK_ATTRIBUTE_PTR ap, int type, pkcs11_i2d_fn enc, void *
ap->type = type;
ap->ulValueLen = enc(obj, NULL);
- ap->pValue = p = (unsigned char *) malloc(ap->ulValueLen);
+ ap->pValue = OPENSSL_malloc(ap->ulValueLen);
+ if (ap->pValue == NULL)
+ return;
+ p = ap->pValue;
enc(obj, &p);
}
@@ -169,6 +175,6 @@ void pkcs11_zap_attrs(CK_ATTRIBUTE_PTR ap, unsigned int n)
{
while (n--) {
if (ap[n].pValue)
- free(ap[n].pValue);
+ OPENSSL_free(ap[n].pValue);
}
}
diff --git a/src/p11_cert.c b/src/p11_cert.c
index 1970c8d..7e4822f 100644
--- a/src/p11_cert.c
+++ b/src/p11_cert.c
@@ -29,8 +29,7 @@
static int pkcs11_find_certs(PKCS11_TOKEN *);
static int pkcs11_next_cert(PKCS11_CTX *, PKCS11_TOKEN *, CK_SESSION_HANDLE);
static int pkcs11_init_cert(PKCS11_CTX * ctx, PKCS11_TOKEN * token,
- CK_SESSION_HANDLE session, CK_OBJECT_HANDLE o,
- PKCS11_CERT **);
+ CK_SESSION_HANDLE session, CK_OBJECT_HANDLE o, PKCS11_CERT **);
static CK_OBJECT_CLASS cert_search_class;
static CK_ATTRIBUTE cert_search_attrs[] = {
@@ -43,7 +42,7 @@ static CK_ATTRIBUTE cert_search_attrs[] = {
*/
int
PKCS11_enumerate_certs(PKCS11_TOKEN * token,
- PKCS11_CERT ** certp, unsigned int *countp)
+ PKCS11_CERT ** certp, unsigned int *countp)
{
PKCS11_TOKEN_private *priv = PRIVTOKEN(token);
@@ -75,7 +74,7 @@ PKCS11_CERT *PKCS11_find_certificate(PKCS11_KEY * key)
for (n = 0; n < count; n++, cert++) {
cpriv = PRIVCERT(cert);
if (cpriv->id_len == kpriv->id_len
- && !memcmp(cpriv->id, kpriv->id, kpriv->id_len))
+ && !memcmp(cpriv->id, kpriv->id, kpriv->id_len))
return cert;
}
return NULL;
@@ -99,7 +98,7 @@ static int pkcs11_find_certs(PKCS11_TOKEN * token)
/* Tell the PKCS11 lib to enumerate all matching objects */
cert_search_class = CKO_CERTIFICATE;
rv = CRYPTOKI_call(ctx, C_FindObjectsInit(session, cert_search_attrs,
- numof(cert_search_attrs)));
+ numof(cert_search_attrs)));
CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_CERTS, rv);
do {
@@ -131,10 +130,10 @@ static int pkcs11_next_cert(PKCS11_CTX * ctx, PKCS11_TOKEN * token,
}
static int pkcs11_init_cert(PKCS11_CTX * ctx, PKCS11_TOKEN * token,
- CK_SESSION_HANDLE session, CK_OBJECT_HANDLE obj, PKCS11_CERT ** ret)
+ CK_SESSION_HANDLE session, CK_OBJECT_HANDLE obj, PKCS11_CERT ** ret)
{
PKCS11_TOKEN_private *tpriv;
- PKCS11_CERT_private *kpriv;
+ PKCS11_CERT_private *cpriv;
PKCS11_CERT *cert, *tmp;
char label[256];
unsigned char *data;
@@ -154,10 +153,10 @@ static int pkcs11_init_cert(PKCS11_CTX * ctx, PKCS11_TOKEN * token,
return 0;
tpriv = PRIVTOKEN(token);
- tmp = (PKCS11_CERT *) OPENSSL_realloc(tpriv->certs,
- (tpriv->ncerts + 1) * sizeof(PKCS11_CERT));
- if (!tmp) {
- free(tpriv->certs);
+ tmp = OPENSSL_realloc(tpriv->certs,
+ (tpriv->ncerts + 1) * sizeof(PKCS11_CERT));
+ if (tmp == NULL) {
+ OPENSSL_free(tpriv->certs);
tpriv->certs = NULL;
return -1;
}
@@ -165,33 +164,40 @@ static int pkcs11_init_cert(PKCS11_CTX * ctx, PKCS11_TOKEN * token,
cert = tpriv->certs + tpriv->ncerts++;
memset(cert, 0, sizeof(*cert));
- cert->_private = kpriv = PKCS11_NEW(PKCS11_CERT_private);
- kpriv->object = obj;
- kpriv->parent = token;
+ cpriv = OPENSSL_malloc(sizeof(PKCS11_CERT_private));
+ if (cpriv == NULL)
+ return -1;
+ memset(cpriv, 0, sizeof(PKCS11_CERT_private));
+ cert->_private = cpriv;
+ cpriv->object = obj;
+ cpriv->parent = token;
if (!pkcs11_getattr_s(token, obj, CKA_LABEL, label, sizeof(label)))
cert->label = BUF_strdup(label);
size = 0;
if (!pkcs11_getattr_var(token, obj, CKA_VALUE, NULL, &size) && size > 0) {
- data = (unsigned char *) malloc(size);
- if (data && !pkcs11_getattr_var(token, obj, CKA_VALUE, data, &size)) {
- const unsigned char *p = data;
-
- cert->x509 = d2i_X509(NULL, &p, size);
+ data = OPENSSL_malloc(size);
+ if (data) {
+ if (!pkcs11_getattr_var(token, obj, CKA_VALUE, data, &size)) {
+ const unsigned char *p = data;
+
+ cert->x509 = d2i_X509(NULL, &p, size);
+ }
+ OPENSSL_free(data);
}
- if (data)
- free(data);
}
cert->id_len = sizeof(id);
if (!pkcs11_getattr_var(token, obj, CKA_ID, id, &cert->id_len)) {
- cert->id = (unsigned char *) malloc(cert->id_len);
+ cert->id = OPENSSL_malloc(cert->id_len);
+ if (cert->id == NULL)
+ return -1;
memcpy(cert->id, id, cert->id_len);
}
/* Initialize internal information */
- kpriv->id_len = sizeof(kpriv->id);
- if (pkcs11_getattr_var(token, obj, CKA_ID, kpriv->id, &kpriv->id_len))
- kpriv->id_len = 0;
+ cpriv->id_len = sizeof(cpriv->id);
+ if (pkcs11_getattr_var(token, obj, CKA_ID, cpriv->id, &cpriv->id_len))
+ cpriv->id_len = 0;
if (ret)
*ret = cert;
@@ -213,7 +219,7 @@ void pkcs11_destroy_certs(PKCS11_TOKEN * token)
X509_free(cert->x509);
OPENSSL_free(cert->label);
if (cert->id)
- free(cert->id);
+ OPENSSL_free(cert->id);
if (cert->_private != NULL)
OPENSSL_free(cert->_private);
}
@@ -228,8 +234,7 @@ void pkcs11_destroy_certs(PKCS11_TOKEN * token)
*/
int
PKCS11_store_certificate(PKCS11_TOKEN * token, X509 * x509, char *label,
- unsigned char *id, size_t id_len,
- PKCS11_CERT ** ret_cert)
+ unsigned char *id, size_t id_len, PKCS11_CERT ** ret_cert)
{
PKCS11_SLOT *slot = TOKEN2SLOT(token);
PKCS11_CTX *ctx = TOKEN2CTX(token);
diff --git a/src/p11_key.c b/src/p11_key.c
index bc7324c..862967c 100644
--- a/src/p11_key.c
+++ b/src/p11_key.c
@@ -438,18 +438,20 @@ static int pkcs11_init_key(PKCS11_CTX * ctx, PKCS11_TOKEN * token,
return 0;
}
- tmp = (PKCS11_KEY *) OPENSSL_realloc(keys->keys,
- (keys->num + 1) * sizeof(PKCS11_KEY));
- if (!tmp) {
- free(keys->keys);
+ tmp = OPENSSL_realloc(keys->keys, (keys->num + 1) * sizeof(PKCS11_KEY));
+ if (tmp == NULL) {
+ OPENSSL_free(keys->keys);
keys->keys = NULL;
return -1;
}
keys->keys = tmp;
key = keys->keys + keys->num++;
- memset(key, 0, sizeof(*key));
- key->_private = kpriv = PKCS11_NEW(PKCS11_KEY_private);
+ memset(key, 0, sizeof(PKCS11_KEY));
+ kpriv = OPENSSL_malloc(sizeof(PKCS11_KEY_private));
+ if(kpriv)
+ memset(kpriv, 0, sizeof(PKCS11_KEY_private));
+ key->_private = kpriv;
kpriv->object = obj;
kpriv->parent = token;
@@ -457,7 +459,7 @@ static int pkcs11_init_key(PKCS11_CTX * ctx, PKCS11_TOKEN * token,
key->label = BUF_strdup(label);
key->id_len = sizeof(id);
if (!pkcs11_getattr_var(token, obj, CKA_ID, id, &key->id_len)) {
- key->id = (unsigned char *) malloc(key->id_len);
+ key->id = OPENSSL_malloc(key->id_len);
memcpy(key->id, id, key->id_len);
}
key->isPrivate = (type == CKO_PRIVATE_KEY);
@@ -489,7 +491,7 @@ void pkcs11_destroy_keys(PKCS11_TOKEN * token, unsigned int type)
EVP_PKEY_free(key->evp_key);
OPENSSL_free(key->label);
if (key->id)
- free(key->id);
+ OPENSSL_free(key->id);
if (key->_private != NULL)
OPENSSL_free(key->_private);
}
diff --git a/src/p11_load.c b/src/p11_load.c
index 940f5a1..a6d6b3d 100644
--- a/src/p11_load.c
+++ b/src/p11_load.c
@@ -33,12 +33,14 @@ PKCS11_CTX *PKCS11_CTX_new(void)
/* Load error strings */
ERR_load_PKCS11_strings();
- priv = PKCS11_NEW(PKCS11_CTX_private);
+ priv = OPENSSL_malloc(sizeof(PKCS11_CTX_private));
if (priv == NULL)
goto fail;
- ctx = PKCS11_NEW(PKCS11_CTX);
+ memset(priv, 0, sizeof(PKCS11_CTX_private));
+ ctx = OPENSSL_malloc(sizeof(PKCS11_CTX));
if (ctx == NULL)
goto fail;
+ memset(ctx, 0, sizeof(PKCS11_CTX));
ctx->_private = priv;
priv->forkid = _P11_get_forkid();
priv->lockid = CRYPTO_get_new_dynlockid();
@@ -79,7 +81,7 @@ int PKCS11_CTX_load(PKCS11_CTX * ctx, const char *name)
return -1;
}
handle = C_LoadModule(name, &priv->method);
- if (!handle) {
+ if (handle == NULL) {
PKCS11err(PKCS11_F_PKCS11_CTX_LOAD, PKCS11_LOAD_MODULE_ERROR);
return -1;
}
diff --git a/src/p11_misc.c b/src/p11_misc.c
index 2f57d0a..4c15263 100644
--- a/src/p11_misc.c
+++ b/src/p11_misc.c
@@ -22,15 +22,6 @@
#include <openssl/crypto.h>
#include "libp11-int.h"
-void *pkcs11_malloc(size_t size)
-{
- void *p = OPENSSL_malloc(size);
- if (p == NULL)
- return NULL;
- memset(p, 0, size);
- return p;
-}
-
/* PKCS11 strings are fixed size blank padded,
* so when strduping them we must make sure
* we stop at the end of the buffer, and while we're
@@ -41,7 +32,7 @@ char *pkcs11_strdup(char *mem, size_t size)
while (size && mem[size - 1] == ' ')
size--;
- res = (char *) OPENSSL_malloc(size + 1);
+ res = OPENSSL_malloc(size + 1);
if (res == NULL)
return NULL;
memcpy(res, mem, size);
@@ -56,7 +47,7 @@ void *memdup(const void *src, size_t size)
{
void *dst;
- dst = malloc(size);
+ dst = OPENSSL_malloc(size);
if (dst == NULL)
return NULL;
memcpy(dst, src, size);
diff --git a/src/p11_ops.c b/src/p11_ops.c
index 82b96ac..de33ef1 100644
--- a/src/p11_ops.c
+++ b/src/p11_ops.c
@@ -103,7 +103,7 @@ PKCS11_sign(int type, const unsigned char *m, unsigned int m_len,
(size = i2d_X509_SIG(&digest_info, NULL)) &&
/* Check that size is compatible with PKCS#11 padding */
(size + RSA_PKCS1_PADDING_SIZE <= sigsize) &&
- (encoded = (unsigned char *) malloc(sigsize))) {
+ (encoded = OPENSSL_malloc(sigsize))) {
unsigned char *tmp = encoded;
/* Actually do the encoding */
i2d_X509_SIG(&digest_info,&tmp);
@@ -124,7 +124,7 @@ PKCS11_sign(int type, const unsigned char *m, unsigned int m_len,
}
if (encoded != NULL) /* NULL on SSL case */
- free(encoded);
+ OPENSSL_free(encoded);
return rv;
}
diff --git a/src/p11_slot.c b/src/p11_slot.c
index 5f91f68..5ce0d5e 100644
--- a/src/p11_slot.c
+++ b/src/p11_slot.c
@@ -60,13 +60,16 @@ pkcs11_enumerate_slots(PKCS11_CTX * ctx, PKCS11_SLOT ** slotp, unsigned int *cou
rv = priv->method->C_GetSlotList(FALSE, NULL_PTR, &nslots);
CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_SLOTS, rv);
- slotid = (CK_SLOT_ID *)OPENSSL_malloc(nslots * sizeof(CK_SLOT_ID));
+ slotid = OPENSSL_malloc(nslots * sizeof(CK_SLOT_ID));
if (slotid == NULL) return (-1);
rv = priv->method->C_GetSlotList(FALSE, slotid, &nslots);
CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_SLOTS, rv);
- slots = (PKCS11_SLOT *) pkcs11_malloc(nslots * sizeof(PKCS11_SLOT));
+ slots = OPENSSL_malloc(nslots * sizeof(PKCS11_SLOT));
+ if (slots == NULL)
+ return -1;
+ memset(slots, 0, nslots * sizeof(PKCS11_SLOT));
for (n = 0; n < nslots; n++) {
if (pkcs11_init_slot(ctx, &slots[n], slotid[n])) {
while (n--)
@@ -98,7 +101,7 @@ PKCS11_SLOT *PKCS11_find_token(PKCS11_CTX * ctx, PKCS11_SLOT * slots, unsigned
(void)ctx;
- if (! slots)
+ if (slots == NULL)
return NULL;
best = NULL;
@@ -306,7 +309,7 @@ int PKCS11_init_token(PKCS11_TOKEN * token, const char *pin, const char *label)
CHECK_FORK(ctx);
- if (!label)
+ if (label == NULL)
label = "PKCS#11 Token";
rv = CRYPTOKI_call(ctx, C_InitToken(priv->id,
(CK_UTF8CHAR *) pin, strlen(pin),
@@ -433,7 +436,11 @@ static int pkcs11_init_slot(PKCS11_CTX * ctx, PKCS11_SLOT * slot, CK_SLOT_ID id)
rv = CRYPTOKI_call(ctx, C_GetSlotInfo(id, &info));
CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_SLOTS, rv);
- priv = PKCS11_NEW(PKCS11_SLOT_private);
+ priv = OPENSSL_malloc(sizeof(PKCS11_SLOT_private));
+ if (priv == NULL)
+ return -1;
+ memset(priv, 0, sizeof(PKCS11_SLOT_private));
+
priv->parent = ctx;
priv->id = id;
priv->forkid = PRIVCTX(ctx)->forkid;
@@ -490,25 +497,30 @@ static int pkcs11_check_token(PKCS11_CTX * ctx, PKCS11_SLOT * slot)
PKCS11_SLOT_private *priv = PRIVSLOT(slot);
PKCS11_TOKEN_private *tpriv;
CK_TOKEN_INFO info;
- PKCS11_TOKEN *token;
int rv;
- if (slot->token)
+ if (slot->token) {
pkcs11_destroy_token(slot->token);
- else
- slot->token = PKCS11_NEW(PKCS11_TOKEN);
- token = slot->token;
+ } else {
+ slot->token = OPENSSL_malloc(sizeof(PKCS11_TOKEN));
+ if (slot->token == NULL)
+ return -1;
+ memset(slot->token, 0, sizeof(PKCS11_TOKEN));
+ }
rv = CRYPTOKI_call(ctx, C_GetTokenInfo(priv->id, &info));
if (rv == CKR_TOKEN_NOT_PRESENT || rv == CKR_TOKEN_NOT_RECOGNIZED) {
- OPENSSL_free(token);
+ OPENSSL_free(slot->token);
slot->token = NULL;
return 0;
}
CRYPTOKI_checkerr(PKCS11_F_PKCS11_CHECK_TOKEN, rv);
/* We have a token */
- tpriv = PKCS11_NEW(PKCS11_TOKEN_private);
+ tpriv = OPENSSL_malloc(sizeof(PKCS11_TOKEN_private));
+ if (tpriv == NULL)
+ return -1;
+ memset(tpriv, 0, sizeof(PKCS11_TOKEN_private));
tpriv->parent = slot;
tpriv->prv.keys = NULL;
tpriv->prv.num = -1;
@@ -516,25 +528,25 @@ static int pkcs11_check_token(PKCS11_CTX * ctx, PKCS11_SLOT * slot)
tpriv->pub.num = -1;
tpriv->ncerts = -1;
- token->label = PKCS11_DUP(info.label);
- token->manufacturer = PKCS11_DUP(info.manufacturerID);
- token->model = PKCS11_DUP(info.model);
- token->serialnr = PKCS11_DUP(info.serialNumber);
- token->initialized = (info.flags & CKF_TOKEN_INITIALIZED) ? 1 : 0;
- token->loginRequired = (info.flags & CKF_LOGIN_REQUIRED) ? 1 : 0;
- token->secureLogin = (info.flags & CKF_PROTECTED_AUTHENTICATION_PATH) ? 1 : 0;
- token->userPinSet = (info.flags & CKF_USER_PIN_INITIALIZED) ? 1 : 0;
- token->readOnly = (info.flags & CKF_WRITE_PROTECTED) ? 1 : 0;
- token->hasRng = (info.flags & CKF_RNG) ? 1 : 0;
- token->userPinCountLow = (info.flags & CKF_USER_PIN_COUNT_LOW) ? 1 : 0;
- token->userPinFinalTry = (info.flags & CKF_USER_PIN_FINAL_TRY) ? 1 : 0;
- token->userPinLocked = (info.flags & CKF_USER_PIN_LOCKED) ? 1 : 0;
- token->userPinToBeChanged = (info.flags & CKF_USER_PIN_TO_BE_CHANGED) ? 1 : 0;
- token->soPinCountLow = (info.flags & CKF_SO_PIN_COUNT_LOW) ? 1 : 0;
- token->soPinFinalTry = (info.flags & CKF_SO_PIN_FINAL_TRY) ? 1 : 0;
- token->soPinLocked = (info.flags & CKF_SO_PIN_LOCKED) ? 1 : 0;
- token->soPinToBeChanged = (info.flags & CKF_SO_PIN_TO_BE_CHANGED) ? 1 : 0;
- token->_private = tpriv;
+ slot->token->label = PKCS11_DUP(info.label);
+ slot->token->manufacturer = PKCS11_DUP(info.manufacturerID);
+ slot->token->model = PKCS11_DUP(info.model);
+ slot->token->serialnr = PKCS11_DUP(info.serialNumber);
+ slot->token->initialized = (info.flags & CKF_TOKEN_INITIALIZED) ? 1 : 0;
+ slot->token->loginRequired = (info.flags & CKF_LOGIN_REQUIRED) ? 1 : 0;
+ slot->token->secureLogin = (info.flags & CKF_PROTECTED_AUTHENTICATION_PATH) ? 1 : 0;
+ slot->token->userPinSet = (info.flags & CKF_USER_PIN_INITIALIZED) ? 1 : 0;
+ slot->token->readOnly = (info.flags & CKF_WRITE_PROTECTED) ? 1 : 0;
+ slot->token->hasRng = (info.flags & CKF_RNG) ? 1 : 0;
+ slot->token->userPinCountLow = (info.flags & CKF_USER_PIN_COUNT_LOW) ? 1 : 0;
+ slot->token->userPinFinalTry = (info.flags & CKF_USER_PIN_FINAL_TRY) ? 1 : 0;
+ slot->token->userPinLocked = (info.flags & CKF_USER_PIN_LOCKED) ? 1 : 0;
+ slot->token->userPinToBeChanged = (info.flags & CKF_USER_PIN_TO_BE_CHANGED) ? 1 : 0;
+ slot->token->soPinCountLow = (info.flags & CKF_SO_PIN_COUNT_LOW) ? 1 : 0;
+ slot->token->soPinFinalTry = (info.flags & CKF_SO_PIN_FINAL_TRY) ? 1 : 0;
+ slot->token->soPinLocked = (info.flags & CKF_SO_PIN_LOCKED) ? 1 : 0;
+ slot->token->soPinToBeChanged = (info.flags & CKF_SO_PIN_TO_BE_CHANGED) ? 1 : 0;
+ slot->token->_private = tpriv;
return 0;
}
diff --git a/tests/fork-test.c b/tests/fork-test.c
index 3acd498..55fe818 100644
--- a/tests/fork-test.c
+++ b/tests/fork-test.c
@@ -78,7 +78,7 @@ int main(int argc, char *argv[])
do_fork();
slot = PKCS11_find_token(ctx, slots, nslots);
error_queue("PKCS11_find_token");
- if (!slot || !slot->token) {
+ if (slot == NULL || slot->token == NULL) {
fprintf(stderr, "no token available\n");
rc = 3;
goto notoken;
@@ -128,8 +128,8 @@ loggedin:
authcert=&certs[0];
/* get random bytes */
- random = malloc(RANDOM_SIZE);
- if (!random)
+ random = OPENSSL_malloc(RANDOM_SIZE);
+ if (random == NULL)
goto failed;
fd = open(RANDOM_SOURCE, O_RDONLY);
@@ -159,15 +159,15 @@ loggedin:
do_fork();
authkey = PKCS11_find_key(authcert);
error_queue("PKCS11_find_key");
- if (!authkey) {
+ if (authkey == NULL) {
fprintf(stderr, "no key matching certificate available\n");
goto failed;
}
/* ask for a sha1 hash of the random data, signed by the key */
siglen = MAX_SIGSIZE;
- signature = malloc(MAX_SIGSIZE);
- if (!signature)
+ signature = OPENSSL_malloc(MAX_SIGSIZE);
+ if (signature == NULL)
goto failed;
/* do the operations in child */
@@ -199,9 +199,9 @@ loggedin:
EVP_PKEY_free(pubkey);
if (random != NULL)
- free(random);
+ OPENSSL_free(random);
if (signature != NULL)
- free(signature);
+ OPENSSL_free(signature);
PKCS11_release_all_slots(ctx, slots, nslots);
PKCS11_CTX_unload(ctx);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git
More information about the pkg-opensc-commit
mailing list