You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
111 lines
4.5 KiB
111 lines
4.5 KiB
From d77514273aa88f67b85c398a222ab2195c42f5fd Mon Sep 17 00:00:00 2001 |
|
From: Ken Goldman <kgold@linux.ibm.com> |
|
Date: Tue, 31 Aug 2021 13:45:21 -0400 |
|
Subject: [PATCH 4/7] utils: Clean up certifyx509 memory allocation |
|
|
|
Make TPM_ADDTOCERT input const. Annotate malloc and free calls. Free |
|
TPM_PARTIAL_CERT. Use TPM_ADDTOCERT_free. Remove unused |
|
x509IssuerName and x509SubjectName and their frees. Free |
|
TPM_PARTIAL_CERT issuer and subject because createX509Name() mallocs. |
|
|
|
Signed-off-by: Ken Goldman <kgold@linux.ibm.com> |
|
--- |
|
utils/certifyx509.c | 26 +++++++++++++++++--------- |
|
1 file changed, 17 insertions(+), 9 deletions(-) |
|
|
|
diff --git a/utils/certifyx509.c b/utils/certifyx509.c |
|
index 5602f62..8ac5abd 100644 |
|
--- a/utils/certifyx509.c |
|
+++ b/utils/certifyx509.c |
|
@@ -147,7 +147,7 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *certificate, |
|
TPM_RC reformCertificate(X509 *x509Certificate, |
|
TPMI_ALG_HASH halg, |
|
TPMI_ALG_SIG_SCHEME scheme, |
|
- TPM_ADDTOCERT *addToCert, |
|
+ const TPM_ADDTOCERT *addToCert, |
|
TPMT_SIGNATURE *tSignature); |
|
TPM_RC addSignatureRsa(X509 *x509Certificate, |
|
TPMI_ALG_HASH halg, |
|
@@ -618,7 +618,7 @@ int main(int argc, char *argv[]) |
|
if (rc == 0) { |
|
if (verbose) X509_print_fp(stdout, x509Certificate); /* for debug */ |
|
rc = convertX509ToDer(&x509DerLength, |
|
- &x509Der, /* freed @2 */ |
|
+ &x509Der, /* freed @4 */ |
|
x509Certificate); |
|
} |
|
if ((rc == 0) && (outCertificateFilename != NULL)) { |
|
@@ -628,8 +628,13 @@ int main(int argc, char *argv[]) |
|
if (x509Certificate != NULL) { |
|
X509_free(x509Certificate); /* @1 */ |
|
} |
|
- free(x509Der); /* @2 */ |
|
- OPENSSL_free(addToCert); /* @3 */ |
|
+ if (partialCertificate != NULL) { |
|
+ TPM_PARTIAL_CERT_free(partialCertificate); /* @2 */ |
|
+ } |
|
+ if (addToCert != NULL) { |
|
+ TPM_ADDTOCERT_free(addToCert); /* @3 */ |
|
+ } |
|
+ free(x509Der); /* @4 */ |
|
return rc; |
|
} |
|
|
|
@@ -683,8 +688,6 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input / |
|
int irc; |
|
ASN1_TIME *arc; /* return code */ |
|
|
|
- X509_NAME *x509IssuerName = NULL; /* composite issuer name, key/value pairs */ |
|
- X509_NAME *x509SubjectName = NULL;/* composite subject name, key/value pairs */ |
|
size_t issuerEntriesSize = sizeof(issuerEntries)/sizeof(char *); |
|
size_t subjectEntriesSize = sizeof(subjectEntries)/sizeof(char *); |
|
uint8_t *tmpPartialDer = NULL; /* for the i2d */ |
|
@@ -693,6 +696,9 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input / |
|
if (rc == 0) { |
|
if (verbose) printf("createPartialCertificate: Adding issuer, size %lu\n", |
|
(unsigned long)issuerEntriesSize); |
|
+ /* _new allocates the member. free it because createX509Name() allocates a new structure */ |
|
+ X509_NAME_free(partialCertificate->issuer); |
|
+ partialCertificate->issuer = NULL; |
|
rc = createX509Name(&partialCertificate->issuer, /* freed @1 */ |
|
issuerEntriesSize, |
|
issuerEntries); |
|
@@ -746,6 +752,8 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input / |
|
if (!subeqiss) { |
|
if (verbose) printf("createPartialCertificate: Adding subject, size %lu\n", |
|
(unsigned long)subjectEntriesSize); |
|
+ X509_NAME_free(partialCertificate->subject); |
|
+ partialCertificate->subject = NULL; |
|
rc = createX509Name(&partialCertificate->subject, /* freed @2 */ |
|
subjectEntriesSize, |
|
subjectEntries); |
|
@@ -754,6 +762,8 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input / |
|
else { |
|
if (verbose) printf("createPartialCertificate: Adding subject (issuer), size %lu\n", |
|
(unsigned long)issuerEntriesSize); |
|
+ X509_NAME_free(partialCertificate->subject); |
|
+ partialCertificate->subject = NULL; |
|
rc = createX509Name(&partialCertificate->subject, /* freed @2 */ |
|
issuerEntriesSize, |
|
issuerEntries); |
|
@@ -806,8 +816,6 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input / |
|
if (verbose) X509_print_fp(stdout, x509Certificate); |
|
} |
|
#endif |
|
- X509_NAME_free(x509IssuerName); /* @1 */ |
|
- X509_NAME_free(x509SubjectName); /* @2 */ |
|
OPENSSL_free(tmpPartialDer); /* @3 */ |
|
return rc; |
|
} |
|
@@ -956,7 +964,7 @@ TPM_RC addPartialCertExtensionTpmaOid(TPM_PARTIAL_CERT *partialCertificate, |
|
TPM_RC reformCertificate(X509 *x509Certificate, |
|
TPMI_ALG_HASH halg, |
|
TPMI_ALG_SIG_SCHEME scheme, |
|
- TPM_ADDTOCERT *addToCert, |
|
+ const TPM_ADDTOCERT *addToCert, |
|
TPMT_SIGNATURE *tSignature) |
|
{ |
|
TPM_RC rc = 0; |
|
-- |
|
2.34.1 |
|
|
|
|