OpenSC · mtrojnar · Nov 29, 2024 · Nov 29, 2024
diff --git a/tests/check-privkey.c b/tests/check-privkey.c
@@ -125,6 +125,11 @@ int main(int argc, char *argv[])
 		ret = 1;
 		goto end;
 	}
+	/*
+	 * ENGINE_init() returned a functional reference, so free the structural
+	 * reference from ENGINE_by_id().
+	 */
+	ENGINE_free(engine);
 
 	if (!strncmp(certfile, "pkcs11:", 7)) {
 		params.cert_id = certfile;
@@ -154,17 +159,18 @@ int main(int argc, char *argv[])
 	}
 
 	pkey = ENGINE_load_private_key(engine, privkey, 0, 0);
-
 	if (pkey == NULL) {
 		printf("Could not load key\n");
 		display_openssl_errors(__LINE__);
 		ret = 1;
 		goto end;
 	}
 
+	/* Free the functional reference from ENGINE_init */
 	ENGINE_finish(engine);
 
 	ret = X509_check_private_key(cert, pkey);
+	EVP_PKEY_free(pkey);
 	if (!ret) {
 		printf("Could not check private key\n");
 		display_openssl_errors(__LINE__);
@@ -178,7 +184,6 @@ int main(int argc, char *argv[])
 	CONF_modules_unload(1);
 end:
 	X509_free(cert);
-	EVP_PKEY_free(pkey);
 
 	return ret;
 }
diff --git a/tests/evp-sign.c b/tests/evp-sign.c
@@ -220,6 +220,11 @@ int main(int argc, char **argv)
 		display_openssl_errors(__LINE__);
 		exit(1);
 	}
+	/*
+	 * ENGINE_init() returned a functional reference, so free the structural
+	 * reference from ENGINE_by_id().
+	 */
+	ENGINE_free(e);
 
 	switch (pin_method) {
 	case BY_DEFAULT:
@@ -253,6 +258,9 @@ int main(int argc, char **argv)
 		exit(1);
 	}
 
+	/* Free the functional reference from ENGINE_init */
+	ENGINE_finish(e);
+
 	digest_algo = EVP_get_digestbyname("sha256");
 
 	ctx = EVP_MD_CTX_create();
@@ -275,6 +283,7 @@ int main(int argc, char **argv)
 		exit(1);
 	}
 	EVP_MD_CTX_destroy(ctx);
+	EVP_PKEY_free(private_key);
 
 	printf("Signature created\n");
 
@@ -301,6 +310,7 @@ int main(int argc, char **argv)
 		exit(1);
 	}
 	EVP_MD_CTX_destroy(ctx);
+	EVP_PKEY_free(public_key);
 
 	printf("Signature verified\n");
 
@@ -310,8 +320,10 @@ int main(int argc, char **argv)
 
 #endif /* OPENSSL_VERSION_NUMBER >= 0x1000000fL */
 
-	ENGINE_finish(e);
 	CONF_modules_unload(1);
+	UI_destroy_method(ui_detect_failed_ctrl);
+	UI_destroy_method(ui_console_with_default);
+
 	return 0;
 }
 

diff --git a/tests/fork-change-slot.c b/tests/fork-change-slot.c
@@ -232,20 +232,22 @@ int main(int argc, char *argv[])
     }
 
     /* Initialize to get the engine functional reference */
-    if (ENGINE_init(engine)) {
-        pkey = ENGINE_load_private_key(engine, argv[1], 0, 0);
-        if (pkey == NULL) {
-            error_queue("ENGINE_load_private_key", pid);
-            goto failed;
-        }
-
-        ENGINE_free(engine);
-        engine = NULL;
-    }
-    else {
+    if (!ENGINE_init(engine)) {
+        printf("Could not initialize engine\n");
         error_queue("ENGINE_init", pid);
         goto failed;
     }
+    /*
+     * ENGINE_init() returned a functional reference, so free the structural
+     * reference from ENGINE_by_id().
+     */
+    ENGINE_free(engine);
+
+    pkey = ENGINE_load_private_key(engine, argv[1], 0, 0);
+    if (pkey == NULL) {
+        error_queue("ENGINE_load_private_key", pid);
+        goto failed;
+    }
 
     /* Spawn processes and check child return */
     if (spawn_processes(num_processes)) {
@@ -307,8 +309,9 @@ int main(int argc, char *argv[])
         EVP_MD_CTX_destroy(md_ctx);
     if (pkey != NULL)
         EVP_PKEY_free(pkey);
-    if (engine != NULL)
-        ENGINE_free(engine);
+
+    /* Free the functional reference from ENGINE_init */
+    ENGINE_finish(engine);
 
     return rv;
 }
diff --git a/tests/fork-test.c b/tests/fork-test.c
@@ -195,6 +195,7 @@ int main(int argc, char *argv[])
 		goto failed;
 	}
 
+	do_fork();
 	/* ask for a sha256 hash of the random data, signed by the key */
 	siglen = MAX_SIGSIZE;
 	signature = OPENSSL_malloc(MAX_SIGSIZE);
@@ -203,7 +204,6 @@ int main(int argc, char *argv[])
 
 	digest_algo = EVP_get_digestbyname("sha256");
 
-	do_fork();
 	privkey = PKCS11_get_private_key(authkey);
 	if (privkey == NULL) {
 		fprintf(stderr, "Could not extract the private key\n");
@@ -255,18 +255,16 @@ int main(int argc, char *argv[])
 		error_queue("EVP_VerifyFinal");
 		goto failed;
 	}
+	EVP_MD_CTX_destroy(md_ctx);
+
 	printf("Signature matched\n");
 
-	if (md_ctx != NULL)
-		EVP_MD_CTX_destroy(md_ctx);
-	if (privkey != NULL)
-		EVP_PKEY_free(privkey);
-	if (pubkey != NULL)
-		EVP_PKEY_free(pubkey);
-	if (random != NULL)
-		OPENSSL_free(random);
-	if (signature != NULL)
-		OPENSSL_free(signature);
+	/* If key is NULL nothing is done */
+	EVP_PKEY_free(privkey);
+	EVP_PKEY_free(pubkey);
+
+	OPENSSL_free(random);
+	OPENSSL_free(signature);
 
 	PKCS11_release_all_slots(ctx, slots, nslots);
 	PKCS11_CTX_unload(ctx);

diff --git a/tests/rsa-oaep.c b/tests/rsa-oaep.c
@@ -131,6 +131,11 @@ int main(int argc, char **argv)
 		display_openssl_errors(__LINE__);
 		exit(1);
 	}
+	/*
+	 * ENGINE_init() returned a functional reference, so free the structural
+	 * reference from ENGINE_by_id().
+	 */
+	ENGINE_free(e);
 
 	if (key_pass && !ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0)) {
 		display_openssl_errors(__LINE__);
@@ -160,7 +165,6 @@ int main(int argc, char **argv)
 
 	/* Encrypt the data */
 	pkey_ctx = EVP_PKEY_CTX_new(public_key, e);
-
 	if (pkey_ctx == NULL) {
 		fprintf(stderr, "Could not create context\n");
 		display_openssl_errors(__LINE__);
@@ -186,6 +190,7 @@ int main(int argc, char **argv)
 	}
 
 	EVP_PKEY_CTX_free(pkey_ctx);
+	EVP_PKEY_free(public_key);
 
 	printf("Data encrypted\n");
 
@@ -230,6 +235,7 @@ int main(int argc, char **argv)
 	}
 
 	EVP_PKEY_CTX_free(pkey_ctx);
+	EVP_PKEY_free(private_key);
 
 	/* Compare output */
 
@@ -242,6 +248,7 @@ int main(int argc, char **argv)
 		exit(1);
 	}
 
+	/* Free the functional reference from ENGINE_init */
 	ENGINE_finish(e);
 	CONF_modules_unload(1);
 	return 0;

diff --git a/tests/rsa-pss-sign.c b/tests/rsa-pss-sign.c
@@ -132,6 +132,11 @@ int main(int argc, char **argv)
 		display_openssl_errors(__LINE__);
 		exit(1);
 	}
+	/*
+	 * ENGINE_init() returned a functional reference, so free the structural
+	 * reference from ENGINE_by_id().
+	 */
+	ENGINE_free(e);
 
 	if (key_pass && !ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0)) {
 		display_openssl_errors(__LINE__);
@@ -211,6 +216,7 @@ int main(int argc, char **argv)
 	}
 
 	EVP_PKEY_CTX_free(pkey_ctx);
+	EVP_PKEY_free(private_key);
 
 	printf("Signature created\n");
 
@@ -249,6 +255,7 @@ int main(int argc, char **argv)
 	}
 
 	EVP_PKEY_CTX_free(pkey_ctx);
+	EVP_PKEY_free(public_key);
 
 	if (ret == 1) {
 		printf("Signature verified\n");
@@ -265,6 +272,7 @@ int main(int argc, char **argv)
 
 #endif /* OPENSSL_VERSION_NUMBER >= 0x1000000fL */
 
+	/* Free the functional reference from ENGINE_init */
 	ENGINE_finish(e);
 	CONF_modules_unload(1);
 	return 0;

diff --git a/tests/store-cert.c b/tests/store-cert.c
@@ -143,6 +143,8 @@ store_certificate(char* address, X509* cert)
 		printf("Could not store certificate\n");
 		return -1;
 	}
+	PKCS11_release_all_slots(global_pkcs11_ctx, global_pkcs11_slots,
+	        global_pkcs11_slot_num);
 
 	return 0;
 }
@@ -221,6 +223,11 @@ main(int argc, char* argv[])
 		ret = 1;
 		goto end;
 	}
+	/*
+	 * ENGINE_init() returned a functional reference, so free the structural
+	 * reference from ENGINE_by_id().
+	 */
+	ENGINE_free(engine);
 
 	if (!strncmp(certfile, "pkcs11:", 7)) {
 		params.cert_id = certfile;
@@ -267,7 +274,9 @@ main(int argc, char* argv[])
 		printf("Certificate stored\n");
 		ret = 0;
 	}
+	PKCS11_CTX_free(global_pkcs11_ctx);
 
+	/* Free the functional reference from ENGINE_init */
 	ENGINE_finish(engine);
 
 	CONF_modules_unload(1);