summaryrefslogtreecommitdiff
path: root/src/tools/tor-gencert.c
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2016-03-28 10:06:05 -0400
committerNick Mathewson <nickm@torproject.org>2016-03-28 10:21:41 -0400
commit1d315b28a21330863039ce27c1996e2a47544fc6 (patch)
treea1f376602c3ab13d54191d926decbe402965d915 /src/tools/tor-gencert.c
parentfc877b3c9e437f097b73f1b3eee22fc66375ca88 (diff)
downloadtor-1d315b28a21330863039ce27c1996e2a47544fc6.tar.gz
tor-1d315b28a21330863039ce27c1996e2a47544fc6.zip
Fix a memory leak in tor-gencert.
This way I can run chutney under asan. Fixes part of 18672.
Diffstat (limited to 'src/tools/tor-gencert.c')
-rw-r--r--src/tools/tor-gencert.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c
index 4e5e1dc590..c05066722a 100644
--- a/src/tools/tor-gencert.c
+++ b/src/tools/tor-gencert.c
@@ -402,6 +402,7 @@ key_to_string(EVP_PKEY *key)
b = BIO_new(BIO_s_mem());
if (!PEM_write_bio_RSAPublicKey(b, rsa)) {
crypto_log_errors(LOG_WARN, "writing public key to string");
+ RSA_free(rsa);
return NULL;
}
@@ -413,6 +414,7 @@ key_to_string(EVP_PKEY *key)
result[buf->length] = 0;
BUF_MEM_free(buf);
+ RSA_free(rsa);
return result;
}
@@ -488,10 +490,13 @@ generate_certificate(void)
tor_free(signing);
/* Append a cross-certification */
+ RSA *rsa = EVP_PKEY_get1_RSA(signing_key);
r = RSA_private_encrypt(DIGEST_LEN, (unsigned char*)id_digest,
(unsigned char*)signature,
- EVP_PKEY_get1_RSA(signing_key),
+ rsa,
RSA_PKCS1_PADDING);
+ RSA_free(rsa);
+
signed_len = strlen(buf);
base64_encode(buf+signed_len, sizeof(buf)-signed_len, signature, r,
BASE64_ENCODE_MULTILINE);
@@ -503,10 +508,12 @@ generate_certificate(void)
signed_len = strlen(buf);
SHA1((const unsigned char*)buf,signed_len,(unsigned char*)digest);
+ rsa = EVP_PKEY_get1_RSA(identity_key);
r = RSA_private_encrypt(DIGEST_LEN, (unsigned char*)digest,
(unsigned char*)signature,
- EVP_PKEY_get1_RSA(identity_key),
+ rsa,
RSA_PKCS1_PADDING);
+ RSA_free(rsa);
strlcat(buf, "-----BEGIN SIGNATURE-----\n", sizeof(buf));
signed_len = strlen(buf);
base64_encode(buf+signed_len, sizeof(buf)-signed_len, signature, r,