Hi,
We are using openssl-1.0.0e. I am facing a memory leak of 98 bytes when I
use d2i_X509() function. This memory leak is seen even if d2i_X509() return
NULL. I couldn't find the source code for d2i_X509() and X509_free()
function. Can you please help me in this.
int secwrap_certCheckExtKeyUsage(unsigned char *cert, // pointer to
certificate
unsigned int certLen) // length of
certificate
{
int iReturnStatus = OPENSSL_SECWRAP_FAILURE, iCritical;
X509 *x509Cert = NULL;
const unsigned char *pCert = cert; // See OpenSSL
FAQ. Temp pointer recommended.
EXTENDED_KEY_USAGE *extusage = NULL;
int count;
if(cert == NULL || certLen == 0)
{
DEBUGPRINT(DEBUG_DEFAULT,"%s - %d FAIL\n",__FUNCTION__,__LINE__);
return OPENSSL_SECWRAP_FAILURE; // bad
parameters
}
x509Cert = d2i_X509(NULL, &pCert, certLen);
if(x509Cert == NULL)
{
DEBUGPRINT(DEBUG_DEFAULT,"%s - %d FAIL\n",__FUNCTION__,__LINE__);
return OPENSSL_SECWRAP_FAILURE; // unable to
parse cert
}
count = X509_get_ext_count(x509Cert);
if(count == 1) // only 1 extension allowed
{
extusage = (EXTENDED_KEY_USAGE *) X509_get_ext_d2i(x509Cert,
NID_ext_key_usage, &iCritical, NULL);
if(extusage != NULL && iCritical != 0) // MUST be
Extended Key Usage and marked critical
{
if(sk_ASN1_OBJECT_num(extusage) == 1) // only 1
purpose OID allowed
{
if(OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage,0)) ==
NID_code_sign) // MUST be for code signing
{
iReturnStatus = OPENSSL_SECWRAP_SUCCESS;
}
else
{
DEBUGPRINT(DEBUG_DEFAULT,"%s - %d
FAIL\n",__FUNCTION__,__LINE__);
}
}
else
{
DEBUGPRINT(DEBUG_DEFAULT,"%s - %d
FAIL\n",__FUNCTION__,__LINE__);
}
}
else
{
DEBUGPRINT(DEBUG_DEFAULT,"%s - %d
FAIL\n",__FUNCTION__,__LINE__);
}
}
else
{
DEBUGPRINT(DEBUG_DEFAULT,"%s - %d FAIL count
%d\n",__FUNCTION__,__LINE__,count);
}
if(x509Cert != NULL)
X509_free(x509Cert);
return iReturnStatus;
}
Regards,
Sandeepa Sharma
