Fix a memory leak in tor-gencert.

This way I can run chutney under asan.

Fixes part of 18672.
This commit is contained in:
Nick Mathewson 2016-03-28 10:06:05 -04:00
parent fc877b3c9e
commit 1d315b28a2

View File

@ -402,6 +402,7 @@ key_to_string(EVP_PKEY *key)
b = BIO_new(BIO_s_mem()); b = BIO_new(BIO_s_mem());
if (!PEM_write_bio_RSAPublicKey(b, rsa)) { if (!PEM_write_bio_RSAPublicKey(b, rsa)) {
crypto_log_errors(LOG_WARN, "writing public key to string"); crypto_log_errors(LOG_WARN, "writing public key to string");
RSA_free(rsa);
return NULL; return NULL;
} }
@ -413,6 +414,7 @@ key_to_string(EVP_PKEY *key)
result[buf->length] = 0; result[buf->length] = 0;
BUF_MEM_free(buf); BUF_MEM_free(buf);
RSA_free(rsa);
return result; return result;
} }
@ -488,10 +490,13 @@ generate_certificate(void)
tor_free(signing); tor_free(signing);
/* Append a cross-certification */ /* Append a cross-certification */
RSA *rsa = EVP_PKEY_get1_RSA(signing_key);
r = RSA_private_encrypt(DIGEST_LEN, (unsigned char*)id_digest, r = RSA_private_encrypt(DIGEST_LEN, (unsigned char*)id_digest,
(unsigned char*)signature, (unsigned char*)signature,
EVP_PKEY_get1_RSA(signing_key), rsa,
RSA_PKCS1_PADDING); RSA_PKCS1_PADDING);
RSA_free(rsa);
signed_len = strlen(buf); signed_len = strlen(buf);
base64_encode(buf+signed_len, sizeof(buf)-signed_len, signature, r, base64_encode(buf+signed_len, sizeof(buf)-signed_len, signature, r,
BASE64_ENCODE_MULTILINE); BASE64_ENCODE_MULTILINE);
@ -503,10 +508,12 @@ generate_certificate(void)
signed_len = strlen(buf); signed_len = strlen(buf);
SHA1((const unsigned char*)buf,signed_len,(unsigned char*)digest); SHA1((const unsigned char*)buf,signed_len,(unsigned char*)digest);
rsa = EVP_PKEY_get1_RSA(identity_key);
r = RSA_private_encrypt(DIGEST_LEN, (unsigned char*)digest, r = RSA_private_encrypt(DIGEST_LEN, (unsigned char*)digest,
(unsigned char*)signature, (unsigned char*)signature,
EVP_PKEY_get1_RSA(identity_key), rsa,
RSA_PKCS1_PADDING); RSA_PKCS1_PADDING);
RSA_free(rsa);
strlcat(buf, "-----BEGIN SIGNATURE-----\n", sizeof(buf)); strlcat(buf, "-----BEGIN SIGNATURE-----\n", sizeof(buf));
signed_len = strlen(buf); signed_len = strlen(buf);
base64_encode(buf+signed_len, sizeof(buf)-signed_len, signature, r, base64_encode(buf+signed_len, sizeof(buf)-signed_len, signature, r,