[openssl.org #3132] Query related to d2i_X509 and X509_free

Thu, 26 Sep 2013 01:55:19 -0700 

Hi,

We are using openssl-1.0.0e. I am facing a memory leak of 98 bytes when I use 
d2i_X509() function. This memory leak is seen even if d2i_X509() return NULL. I 
couldn't find the source code for d2i_X509() and X509_free() function. Can you 
please help me in this.

int secwrap_certCheckExtKeyUsage(unsigned char *cert,   // pointer to 
certificate
                    unsigned int certLen)               // length of certificate
{
    int    iReturnStatus = OPENSSL_SECWRAP_FAILURE, iCritical;

    X509 *x509Cert = NULL;
    const unsigned char *pCert = cert;                      // See OpenSSL FAQ. 
Temp pointer recommended.
    EXTENDED_KEY_USAGE *extusage = NULL;
    int count;

    if(cert == NULL || certLen == 0)
    {
        DEBUGPRINT(DEBUG_DEFAULT,"%s - %d FAIL\n",__FUNCTION__,__LINE__);
        return OPENSSL_SECWRAP_FAILURE;                     // bad parameters
    }



   x509Cert = d2i_X509(NULL, &pCert, certLen);   

    if(x509Cert == NULL)
    {
        DEBUGPRINT(DEBUG_DEFAULT,"%s - %d FAIL\n",__FUNCTION__,__LINE__);
        return OPENSSL_SECWRAP_FAILURE;                     // unable to parse 
cert
    }

    count = X509_get_ext_count(x509Cert);
    if(count == 1)                   // only 1 extension allowed
    {
        extusage = (EXTENDED_KEY_USAGE *) X509_get_ext_d2i(x509Cert, 
NID_ext_key_usage, &iCritical, NULL);
        if(extusage != NULL && iCritical != 0)              // MUST be Extended 
Key Usage and marked critical
        {
            if(sk_ASN1_OBJECT_num(extusage) == 1)           // only 1 purpose 
OID allowed
            {
                if(OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage,0)) == 
NID_code_sign)    // MUST be for code signing
                {
                    iReturnStatus = OPENSSL_SECWRAP_SUCCESS;
                }
                else
                {
                    DEBUGPRINT(DEBUG_DEFAULT,"%s - %d 
FAIL\n",__FUNCTION__,__LINE__);
                }
            }
            else
            {
                DEBUGPRINT(DEBUG_DEFAULT,"%s - %d 
FAIL\n",__FUNCTION__,__LINE__);
            }
        }
        else
        {
            DEBUGPRINT(DEBUG_DEFAULT,"%s - %d FAIL\n",__FUNCTION__,__LINE__);
        }
    }
    else
    {
        DEBUGPRINT(DEBUG_DEFAULT,"%s - %d FAIL count 
%d\n",__FUNCTION__,__LINE__,count);
    }



    if(x509Cert != NULL)
                X509_free(x509Cert);


    return iReturnStatus;
}

Regards,
Sandeepa Sharma
Project Leader
(Docsis Team)
STMicrolectonics India
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]

Reply via email to