Commit Graph

73 Commits

Author SHA1 Message Date
Pankaj Gupta b94bf967e6 cert_create: updated tool for platform defined certs, keys & extensions
Changes to 'tools/cert_create' folder, to include platform defined
certificates, keys, and extensions.

NXP SoC lx2160a : based platforms requires additional
FIP DDR to be loaded before initializing the DDR.

To enable chain of trust on these platforms, FIP DDR
image needs to be authenticated, additionally.

Platform specific folder 'tools/nxp/cert_create_helper'
is added to support platform specific macros and definitions.

Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I4752a30a9ff3aa1d403e9babe3a07ba0e6b2bf8f
2021-03-24 09:49:31 +05:30
Sandrine Bailleux 5bc6f28424 Merge "tools: cert_create: Create only requested certificates" into integration 2021-01-28 15:04:22 +00:00
Lauren Wehrmeister 42ea70e86a Merge "cert-tool: avoid duplicates in extension stack" into integration 2021-01-27 18:06:18 +00:00
Jimmy Brisson 1ed941c0b0 cert-tool: avoid duplicates in extension stack
This bug manifests itself as a segfault triggered by a double-free.

I noticed that right before the double-free, the sk list contained 2
elements with the same address.

    (gdb) p sk_X509_EXTENSION_value(sk, 1)
    $34 = (X509_EXTENSION *) 0x431ad0
    (gdb) p sk_X509_EXTENSION_value(sk, 0)
    $35 = (X509_EXTENSION *) 0x431ad0
    (gdb) p sk_X509_EXTENSION_num(sk)
    $36 = 2

This caused confusion; this should never happen.

I figured that this was caused by a ext_new_xxxx function freeing
something before it is added to the list, so I put a breakpoint on
each of them to step through. I was suprised to find that none of my
breakpoints triggered for the second element of the iteration through
the outer loop just before the double-free.

Looking through the code, I noticed that it's possible to avoid doing
a ext_new_xxxx, when either:
   * ext->type == NVCOUNTER and ext->arg == NULL
   * ext->type == HASH and ext->arg == NULL and ext->optional == false
So I put a breakpoint on both.

It turns out that it was the HASH version, but I added a fix for both.
The fix for the Hash case is simple, as it was a mistake. The fix for
the NVCOUNTER case, however, is a bit more subtle. The NVCOUNTER may
be optional, and when it's optional we can skip it. The other case,
when the NVCOUNTER is required (not optinal), the `check_cmd_params`
function has already verified that the `ext->arg` must be non-NULL.
We assert that before processing it to covert any possible segfaults
into more descriptive errors.

This should no longer cause double-frees by adding the same ext twice.

Change-Id: Idae2a24ecd964b0a3929e6193c7f85ec769f6470
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
2021-01-27 14:42:43 +00:00
Manish V Badarkhe 294e26566b tools: cert_create: Create only requested certificates
The certification tool creates all the certificates mentioned
statically in the code rather than taking explicit certificate
requests from the command line parameters.

Code is optimized to avoid unnecessary attempts to create
non-requested certificates.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I78feac25bc701bf8f08c6aa5a2e1590bec92d0f2
2021-01-27 13:48:35 +00:00
Sandrine Bailleux dfa04b3dce Merge changes from topic "certtool-memleak" into integration
* changes:
  Use preallocated parts of the HASH struct
  Free arguments copied with strdup
  Free keys after use
  Free X509_EXTENSIONs
2021-01-15 14:44:47 +00:00
Ross Burton 69a9165954 tools: don't clean when building
Don't depend on clean when building, as the user is capable of cleaning
if required and this introduces a race where "all" depends on both the
compile and the clean in parallel.  It's quite possible for some of the
compile to happen in parallel with the clean, which results in the link
failing as objects just built are missing.

Change-Id: I710711eea7483cafa13251c5d94ec693148bd001
Signed-off-by: Ross Burton <ross.burton@arm.com>
2021-01-13 16:35:03 +00:00
Jimmy Brisson bcad20308f Use preallocated parts of the HASH struct
When OpenSSL's macro allocates the HASH struct, it allocates the fields
as well. After this allocation, the prior code would assign over the
pointers inside the HASH struct, leaking these fields. This patch
avoids allocating extra copies of these members.

Change-Id: I50a38b0a04b52ec54d6388db0f694feb578d2818
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
2020-10-20 20:17:41 +00:00
Jimmy Brisson 4a34d18f35 Free arguments copied with strdup
Change-Id: I0ad9620145c2a9c4450b9bf20cd1f70c9db6593c
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
2020-10-20 20:17:35 +00:00
Jimmy Brisson 1f111f12b5 Free keys after use
Change-Id: I16ba4420ffeb9aa439e0a09a1b34d2aba2e1eb6e
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
2020-10-20 20:17:29 +00:00
Jimmy Brisson bea8019826 Free X509_EXTENSIONs
Previously, we would leak these extensions as they are not freed by the
stack. An except from the `sk_TYPE_free` documentation:

    sk_TYPE_free() frees up the sk structure. It does not free up any
    elements of sk. After this call sk is no longer valid.

The fix is to drain the stack and free its elements before freeing the
stack. sk_TYPE_pop_free does this, so we use that instead.

Change-Id: Ie70c302f9dda5af1a7243f163d36e99916ee639c
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
2020-10-20 20:17:25 +00:00
Manish V Badarkhe b13e3f9f98 tools: Set the tool's default binary name
This patch: fafd3ec9c assumes that tools must build from
the main makefile folder.
This assumption leads to the error when somebody wants to
build a tool from the tool's folder.
Hence changes are done to provide the default binary name
in the tool's makefile.

Change-Id: Iae570a7f8d322151376b6feb19e739300eecc3fc
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
2020-09-07 12:58:24 +01:00
Manish V Badarkhe fafd3ec9c9 tools: Get the tool's binary name from the main makefile
Currently, the tool's makefile override the tool's binary name
which is already been defined in the main makefile.
Hence fix is provided so that the tool's makefile get the tool's
binary name from the main makefile instead of overriding it.

Change-Id: I8af2bd391a96bba2dbcddef711338a94ebf5f038
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
2020-08-23 05:41:13 +01:00
Manish Pandey 23d5f03ad0 cert_create: add Platform owned secure partitions support
Add support to generate a certificate named "plat-sp-cert" for Secure
Partitions(SP) owned by Platform.
Earlier a single certificate file "sip-sp-cert" was generated which
contained hash of all 8 SPs, with this change SPs are divided into
two categories viz "SiP owned" and "Plat owned" containing 4 SPs each.

Platform RoT key pair is used for signing.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I5bd493cfce4cf3fc14b87c8ed1045f633d0c92b6
2020-08-12 14:30:18 +01:00
Manish V Badarkhe 9b3ca9b120 cert_tool: Update cert_tool for fw_config image support
Updated cert_tool to add hash information of fw_config image into
the existing "trusted boot fw" certificate.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I720319225925806a2a9f50a1ac9c8a464be975f0
2020-06-24 08:44:26 +01:00
Manish Pandey a8818bbf75 cert_create: extend Secure partition support for tbbr CoT
with sha 0792dd7, support to generate certificate for Secure
Partitions was added for dualroot CoT only, this patch extends
this support for tbbr CoT.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I451c0333536dd1cbe17861d454bdb0dc7a17c63f
2020-06-11 23:13:09 +01:00
Manish Pandey 0792dd7d64 cert_create: add SiP owned secure partitions support
Add support to generate certificate "sip-sp-cert" for Secure
Partitions(SP) owned by Silicon provider(SiP).
To avoid deviation from TBBR specification the support is only added for
dualroot CoT and not for TBBR CoT.

A single certificate file is generated containing hash of individual
packages. Maximum 8 secure partitions are supported.

Following new options added to cert_tool:
 --sip-sp-cert --> SiP owned Secure Partition Content Certificate
 --sp-pkg1 --> Secure Partition Package1 file
 --sp-pkg2
 .....
 --sp-pkg8

Trusted world key pair is used for signing.

Going forward, this feature can be extended for Platfrom owned
Partitions, if required.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ia6dfbc1447cfb41b1fcbd12cf2bf7b88f409bd8d
2020-06-08 22:42:06 +01:00
Sandrine Bailleux a9d5c273c1 cert_create: Define the dualroot CoT
Selection of the chain of trust is done through the COT build option:

> make COT=dualroot

Change-Id: Id87c7a5116bdd13bdb29645ecf31d111ad094c1e
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2020-02-24 11:01:40 +01:00
Sandrine Bailleux 067f7e9c52 cert_create: Remove references to TBBR in common code
In preparation of supporting alternate chains of trust, reword comments
and error messages that explicitly mentioned TBBR.

Change-Id: I85a0b08e16d0cd82f3b767fcc092d1f20f45939f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2020-01-29 14:00:32 +01:00
Sandrine Bailleux 43743ea57d cert_create: Introduce COT build option
It allows to select the desired chain of trust. Right now, only the TBBR
CoT is available.

At this stage, this build option only affects the tool itself. It is not
plugged into the rest of the build system yet. To use it:

 > make -C tools/cert_create COT=tbbr

Change-Id: I4484418f76d3c7b330d8653c978499a181534dcd
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2020-01-29 14:00:32 +01:00
Sandrine Bailleux 3b24b66edc cert_create: Introduce TBBR CoT makefile
Move all TBBR-specific stuff out of the tool's makefile into a
sub-makefile. This will make it easier to define and select an alternate
chain of trust in the future.

Change-Id: I92e366a1999b74cf51127d1771b64b807cd94b29
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2020-01-29 14:00:14 +01:00
Sandrine Bailleux ba1eaabfff cert_create: Remove some unused header files inclusions
The chain of trust definitions are only needed in the part of the code
dealing with the TBBR CoT (tbbr/* files).

Change-Id: I6f9a86bba4a2d16313b6842a3ec85b7c951074bc
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
2020-01-14 17:51:23 +01:00
Justin Chadwell 6a415a508e Remove RSA PKCS#1 v1.5 support from cert_tool
Support for PKCS#1 v1.5 was deprecated in SHA 1001202 and fully removed
in SHA fe199e3, however, cert_tool is still able to generate
certificates in that form. This patch fully removes the ability for
cert_tool to generate these certificates.

Additionally, this patch also fixes a bug where the issuing certificate
was a RSA and the issued certificate was EcDSA. In this case, the issued
certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per
PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now
that PKCS#1 v1.5 support is removed, all certificates that are signed
with RSA now use the more modern padding scheme.

Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
2019-09-12 15:27:41 +01:00
Justin Chadwell dfe0f4c299 Add cert_create tool support for RSA key sizes
cert_tool is now able to accept a command line option for specifying the
key size. It now supports the following options: 1024, 2048 (default),
3072 and 4096. This is also modifiable by TFA using the build flag
KEY_SIZE.

Change-Id: Ifadecf84ade3763249ee8cc7123a8178f606f0e5
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
2019-09-12 15:27:41 +01:00
Justin Chadwell 65ec13bce1 Reduce the number of memory leaks in cert_create
The valgrind checks for cert_create have not been run in a long while -
as such there are a few memory leaks present. This patch fixes a few of
the major ones reported by valgrind. However, a few do remain.

Change-Id: Iab002fb2b0090043287d43fb54a4d18928c2ed85
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
2019-08-16 14:11:18 +01:00
Paul Beesley d5dc774cf0 tools: Remove unused cert_create defines
Change-Id: Iea72ef9ba16325cbce07eea1a975d2a96eede274
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
2019-03-12 13:42:08 +00:00
Antonio Nino Diaz c3cf06f1a3 Standardise header guards across codebase
All identifiers, regardless of use, that start with two underscores are
reserved. This means they can't be used in header guards.

The style that this project is now to use the full name of the file in
capital letters followed by 'H'. For example, for a file called
"uart_example.h", the header guard is UART_EXAMPLE_H.

The exceptions are files that are imported from other projects:

- CryptoCell driver
- dt-bindings folders
- zlib headers

Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-11-08 10:20:19 +00:00
Antonio Nino Diaz 750e8d807d tools: Make invocation of host compiler correct
HOSTCC should be used in any of the tools inside the tools/ directory
instead of CC. That way it is possible to override both values from the
command line when building the Trusted Firmware and the tools at the
same time. Also, use HOSTCCFLAGS instead of CFLAGS.

Also, instead of printing the strings CC and LD in the console during
the compilation of the tools, HOSTCC and HOSTLD have to be used for
clarity. This is how it is done in other projects like U-Boot or Linux.

Change-Id: Icd6f74c31eb74cdd1c353583399ab19e173e293e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2018-10-04 14:35:38 +01:00
Ying-Chun Liu (PaulLiu) aba0c7ae8e tools/cert_create: fix makefile to build build_msg.o by HOSTCC
Previously build_msg.o is built by CC. It causes FTBFS when CC
is not equal to HOSTCC.

Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
2018-07-06 23:20:08 +08:00
Roberto Vargas 600835d028 make_cert: return error when invalid options are used
Print_help was used in different contexts and returning no
error in that function was hiding the error when incorrect
options were used.

Change-Id: Ic3f71748be7ff8440c9d54810b986e9f177f4439
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
2018-06-27 08:25:20 +01:00
Soby Mathew 17bc617e80 Dynamic cfg: Enable support on CoT for other configs
This patch implements support for adding dynamic configurations for
BL31 (soc_fw_config), BL32 (tos_fw_config) and BL33 (nt_fw_config). The
necessary cert tool support and changes to default chain of trust are made
for these configs.

Change-Id: I25f266277b5b5501a196d2f2f79639d838794518
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
2018-05-18 12:26:38 +01:00
Jonathan Wright 2f36e853b5 cert_create: fix makefile to remove executable on 'make realclean'
Spurious whitespace existed in the BINARY shell variable which meant
the cert_tool executable was not being removed on 'make realclean'.

Change-Id: Ibfd2fd17889514f6613e33c6df58d53b9232ec14
Signed-off-by: Jonathan Wright <jonathan.wright@arm.com>
2018-04-30 17:25:42 +01:00
Heyi Guo 7d9ee7e380 Change PLATFORM_ROOT to TF_PLATFORM_ROOT
Since we use "?=" to set PLATFORM_ROOT, it is better to change the
name to be more special, or else it may be overridden by some
environment variables, such as in some CI build environments.

Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
2018-03-05 14:18:04 +08:00
Soby Mathew e24659df35 Dynamic cfg: Update the tools
This patch updates the `fiptool` and `cert_create` for the
`hw_config` and `tb_fw_config` dynamic configuration files.
The necessary UUIDs and OIDs are assigned to these files and
the `cert_create` is updated to generate appropriate hashes
and include them in the "Trusted Boot FW Certificate". The
`fiptool` is updated to allow the configs to be specified
via cmdline and included in the generated FIP.

Change-Id: I940e751a49621ae681d14e162aa1f5697eb0cb15
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
2018-02-26 16:31:10 +00:00
Qixiang Xu 2972247cb4 tools: add an option -hash-alg for cert_create
This option enables the user to select the secure hash algorithm
to be used for generating the hash. It supports the following
options:
    - sha256 (default)
    - sha384
    - sha512

Change-Id: Icb093cec1b5715e248c3d1c3749a2479a7ab4b89
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
2017-11-21 14:16:18 +08:00
davidcunado-arm 9679297fae Merge pull request #1120 from michpappas/tf-issues#521_cert_tool_does_not_build_with_openssl_v1.1
cert_tool: update for compatibility with OpenSSL v1.1
2017-10-11 16:39:10 +01:00
Qixiang Xu 1727de0e59 cert_tool: Fix ECDSA certificates create failure
Commit a8eb286ada introduced the
following error when creating ECDSA certificates.
    ERROR:   Error creating key 'Trusted World key'
    Makefile:634: recipe for target 'certificates' failed
    make: *** [certificates] Error 1

this patch adds the function to create PKCS#1 v1.5.

Change-Id: Ief96d55969d5e9877aeb528c6bb503b560563537
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
2017-10-09 13:30:31 +08:00
Michalis Pappas 742c4e1433 cert_tool: update for compatibility with OpenSSL v1.1
This patch fixes incompatibility issues that prevent building the cert_tool
with OpenSSL >= v1.1.0. The changes introduced are still backwards
compatible with OpenSSL v1.0.2.

Fixes arm-software/trusted-fw#521

Signed-off-by: Michalis Pappas <mpappas@fastmail.fm>
2017-10-08 14:32:32 +08:00
Soby Mathew 4a2bf951ac Set default value of USE_TBBR_DEFS
Using the OIDs defined in tbbr_oids.h is the recommended way to build
the cert_create tool. This patch hence sets default value of the build
flag USE_TBBR_DEFS to 1 in the Makefile in `tools/cert_create` folder
when cert_create is built from this folder.

Fixes ARM-software/tf-issues#482

Change-Id: Id1d224826b3417770bccbefa1b68d9bdb3b567f0
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
2017-09-11 16:00:07 +01:00
Soby Mathew a8eb286ada cert_tool: Support for legacy RSA PKCS#1 v1.5
This patch enables choice of RSA version at run time to be used for
generating signatures by the cert_tool. The RSA PSS as defined in
PKCS#1 v2.1 becomes the default version and this patch enables to specify
the RSA PKCS#1 v1.5 algorithm to `cert_create` through the command line
-a option. Also, the build option `KEY_ALG` can be used to pass this
option from the build system. Please note that RSA PSS is mandated
by Trusted Board Boot requirements (TBBR) and legacy RSA support is
being added for compatibility reasons.

Fixes ARM-Software/tf-issues#499
Change-Id: Ifaa3f2f7c9b43f3d7b3effe2cde76bf6745a5d73
Co-Authored-By: Eleanor Bonnici <Eleanor.bonnici@arm.com>
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
2017-08-31 16:42:11 +01:00
Summer Qin 71fb396440 Support Trusted OS firmware extra images in TF tools
Since Trusted OS firmware may have extra images, need to
assign new uuid and image id for them.
The TBBR chain of trust has been extended to add support
for the new images within the existing Trusted OS firmware
content certificate.

Change-Id: I678dac7ba1137e85c5779b05e0c4331134c10e06
Signed-off-by: Summer Qin <summer.qin@arm.com>
2017-08-09 18:06:05 +08:00
Isla Mitchell 2a4b4b71ba Fix order of #includes
This fix modifies the order of system includes to meet the ARM TF coding
standard. There are some exceptions in order to retain header groupings,
minimise changes to imported headers, and where there are headers within
the #if and #ifndef statements.

Change-Id: I65085a142ba6a83792b26efb47df1329153f1624
Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
2017-07-12 14:45:31 +01:00
dp-arm a967390062 tools: Use exported quiet flag from top-level Makefile
When V is set from the command line, the value is passed to the tools'
Makefiles as well.

Change-Id: I91a1f66de5c1ae6f36b6c9f0a9bd550d4a30f092
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
2017-06-12 09:54:08 +01:00
Soby Mathew 1f33ad4e9f cert_create: Use RSASSA-PSS signature scheme for certificates
This patch modifies the `cert_create` tool to use RSASSA-PSS scheme for
signing the certificates. This is compliant with RSA PKCS_2_1 standard as
mandated by TBBR.

Note that the certificates generated by using cert_create tool after this
patch can be authenticated during TBB only if the corresponding mbedtls
driver in ARM Trusted Firmware has the corresponding support.

Change-Id: If224f41c76b3c4765ae2af5259e67f73602818a4
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
2017-06-05 12:25:27 +01:00
dp-arm 72610c4102 build: Introduce HOSTCC flag
Tools are built using the compiler specified in `HOSTCC` instead of
reusing the `CC` variable.  By default, gcc is used.

Change-Id: I83636a375c61f4804b4e80784db9d061fe20af87
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
2017-05-24 14:24:49 +01:00
Masahiro Yamada bb41eb7a9d cert: move platform_oid.h to include/tools_share for all platforms
Platforms aligned with TBBR are supposed to use their own OIDs, but
defining the same macros with different OIDs does not provide any
value (at least technically).

For easier use of TBBR, this commit allows platforms to reuse the OIDs
obtained by ARM Ltd.  This will be useful for non-ARM vendors that
do not need their own extension fields in their certificate files.

The OIDs of ARM Ltd. have been moved to include/tools_share/tbbr_oid.h

Platforms can include <tbbr_oid.h> instead of <platform_oid.h> by
defining USE_TBBR_DEFS as 1.  USE_TBBR_DEFS is 0 by default to keep the
backward compatibility.

For clarification, I inserted a blank line between headers from the
include/ directory (#include <...>) and ones from a local directory
(#include "..." ).

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2017-05-24 00:08:35 +09:00
dp-arm 82cb2c1ad9 Use SPDX license identifiers
To make software license auditing simpler, use SPDX[0] license
identifiers instead of duplicating the license text in every file.

NOTE: Files that have been imported by FreeBSD have not been modified.

[0]: https://spdx.org/

Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
2017-05-03 09:39:28 +01:00
Masahiro Yamada c893c73309 cert_create: remove unneeded initializers
These variables store return values of functions.  Remove all of
meaningless initializers.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2017-02-11 12:59:25 +09:00
Masahiro Yamada 559eb8b79a cert_create: merge successive i2d_ASN1_INTEGER() calls
The ext_new_nvcounter() function calls i2d_ASN1_INTEGER() twice;
the first call to get the return value "sz", and the second one
for writing data into the buffer.  This is actually redundant.
We can do both by one function call.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2017-02-11 12:59:25 +09:00
Masahiro Yamada 762f1ebe8d cert_create: fix memory leak bug caused by key container overwrite
In the current code, both key_load() and key_create() call key_new()
to allocate a key container (and they do not free it even if they
fail).  If a specific key is not given by the command option,
key_load() fails, then key_create() is called.  At this point, the
key container that has been allocated in key_load() is still alive,
and it is overwritten by a new key container created by key_create().

Move the key_new() call to the main() function to make sure it is
called just once for each descriptor.

While we are here, let's fix one more bug; the error handling code
  ERROR("Malloc error while loading '%s'\n", keys[i].fn);
is wrong because keys[i].fn is NULL pointer unless a specific key is
given by the command option.  This code could be run in either case.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2017-02-11 12:59:16 +09:00