Add debugging info to new ASN1 code to trace memory leaks.

Fix PKCS7 and PKCS12 memory leaks.

Initialise encapsulated content type properly.

6 files changed, 58 insertions, 15 deletions

diff --git a/CHANGES b/CHANGES
index 9ee6fc0161..52409a97d4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,18 @@
  _______________
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
- 
+
+  *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT
+     to data. This was previously part of the PKCS7 ASN1 code. This
+     was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures.
+     [Steve Henson, reported by Kenneth R. Robinette
+				<support@securenetterm.com>]
+
+  *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1
+     routines: without these tracing memory leaks is very painful.
+     Fix leaks in PKCS12 and PKCS7 routines.
+     [Steve Henson]
+
   *) Fix for Irix with NO_ASM.
      ["Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
 
diff --git a/Configure b/Configure
index 8a111cc22a..a2b26d943c 100755
--- a/Configure
+++ b/Configure
@@ -128,7 +128,7 @@ my %table=(
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "dist",		"cc:-O::(unknown):::::",
diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c
index d6f1155928..da0cb266e4 100644
--- a/crypto/asn1/tasn_new.c
+++ b/crypto/asn1/tasn_new.c
@@ -96,6 +96,10 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int
 
 	if(!combine) *pval = NULL;
 
+#ifdef CRYPTO_MDEBUG
+	if(it->sname) CRYPTO_push_info(it->sname);
+#endif
+
 	switch(it->itype) {
 
 		case ASN1_ITYPE_EXTERN:
@@ -166,15 +170,24 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int
 				goto auxerr;
 		break;
 	}
+#ifdef CRYPTO_MDEBUG
+	if(it->sname) CRYPTO_pop_info();
+#endif
 	return 1;
 
 	memerr:
 	ASN1err(ASN1_F_ASN1_ITEM_NEW, ERR_R_MALLOC_FAILURE);
+#ifdef CRYPTO_MDEBUG
+	if(it->sname) CRYPTO_pop_info();
+#endif
 	return 0;
 
 	auxerr:
 	ASN1err(ASN1_F_ASN1_ITEM_NEW, ASN1_R_AUX_ERROR);
 	ASN1_item_ex_free(pval, it);
+#ifdef CRYPTO_MDEBUG
+	if(it->sname) CRYPTO_pop_info();
+#endif
 	return 0;
 
 }
@@ -216,6 +229,7 @@ static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
 int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
 {
 	const ASN1_ITEM *it = tt->item;
+	int ret;
 	if(tt->flags & ASN1_TFLG_OPTIONAL) {
 		asn1_template_clear(pval, tt);
 		return 1;
@@ -226,19 +240,29 @@ int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
 		*pval = NULL;
 		return 1;
 	}
+#ifdef CRYPTO_MDEBUG
+	if(tt->field_name) CRYPTO_push_info(tt->field_name);
+#endif
 	/* If SET OF or SEQUENCE OF, its a STACK */
 	if(tt->flags & ASN1_TFLG_SK_MASK) {
 		STACK_OF(ASN1_VALUE) *skval;
 		skval = sk_ASN1_VALUE_new_null();
 		if(!skval) {
 			ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE);
-			return 0;
+			ret = 0;
+			goto done;
 		}
 		*pval = (ASN1_VALUE *)skval;
-		return 1;
+		ret = 1;
+		goto done;
 	}
 	/* Otherwise pass it back to the item routine */
-	return asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE);
+	ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE);
+	done:
+#ifdef CRYPTO_MDEBUG
+	if(it->sname) CRYPTO_pop_info();
+#endif
+	return ret;
 }
 
 void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
diff --git a/crypto/pkcs12/p12_init.c b/crypto/pkcs12/p12_init.c
index d5d4884c82..eb837a78cf 100644
--- a/crypto/pkcs12/p12_init.c
+++ b/crypto/pkcs12/p12_init.c
@@ -69,15 +69,7 @@ PKCS12 *PKCS12_init (int mode)
 		PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
-	if (!(pkcs12->version = M_ASN1_INTEGER_new ())) {
-		PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
 	ASN1_INTEGER_set(pkcs12->version, 3);
-	if (!(pkcs12->authsafes = PKCS7_new())) {
-		PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
 	pkcs12->authsafes->type = OBJ_nid2obj(mode);
 	switch (mode) {
 		case NID_pkcs7_data:
diff --git a/crypto/pkcs7/pk7_asn1.c b/crypto/pkcs7/pk7_asn1.c
index 9c5eda2b36..34561dfc51 100644
--- a/crypto/pkcs7/pk7_asn1.c
+++ b/crypto/pkcs7/pk7_asn1.c
@@ -136,12 +136,22 @@ ASN1_SEQUENCE(PKCS7_ENVELOPE) = {
 
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
 
-ASN1_SEQUENCE(PKCS7_RECIP_INFO) = {
+/* Minor tweak to operation: free up X509 */
+static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	if(operation == ASN1_OP_FREE_POST) {
+		PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval;
+		X509_free(ri->cert);
+	}
+	return 1;
+}
+
+ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = {
 	ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER),
 	ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
 	ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR),
 	ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(PKCS7_RECIP_INFO);
+} ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO);
 
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
 
diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index 656f0e9dfa..f7b5da1f14 100644
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -169,18 +169,24 @@ int PKCS7_set_type(PKCS7 *p7, int type)
 		if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
 			== NULL) goto err;
 		ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
+		p7->d.signed_and_enveloped->enc_data->content_type
+						= OBJ_nid2obj(NID_pkcs7_data);
 		break;
 	case NID_pkcs7_enveloped:
 		p7->type=obj;
 		if ((p7->d.enveloped=PKCS7_ENVELOPE_new())
 			== NULL) goto err;
 		ASN1_INTEGER_set(p7->d.enveloped->version,0);
+		p7->d.enveloped->enc_data->content_type
+						= OBJ_nid2obj(NID_pkcs7_data);
 		break;
 	case NID_pkcs7_encrypted:
 		p7->type=obj;
 		if ((p7->d.encrypted=PKCS7_ENCRYPT_new())
 			== NULL) goto err;
 		ASN1_INTEGER_set(p7->d.encrypted->version,0);
+		p7->d.encrypted->enc_data->content_type
+						= OBJ_nid2obj(NID_pkcs7_data);
 		break;
 
 	case NID_pkcs7_digest: