Add 'false' parameter to ossl_ptr instances for proper initialization…

… and error handling across multiple files.

certs/certfactory.cpp

@@ -341,7 +341,7 @@ void CertFactory::addCustomExtensionByNid(const ossl_ptr<X509> &certificate, int
     X509V3_set_ctx(&context, const_cast<X509 *>(issuer_certificate_ptr), certificate.get(), nullptr, nullptr, 0);
 
     // Construct the string value using ASN1_STRING with IA5String type
-    ossl_ptr<ASN1_IA5STRING> string_data(ASN1_IA5STRING_new());
+    ossl_ptr<ASN1_IA5STRING> string_data(ASN1_IA5STRING_new(), false);
     if (!string_data) {
         throw std::runtime_error("Adding custom extension: Failed to create ASN1_IA5STRING object");
     }
@@ -354,7 +354,7 @@ void CertFactory::addCustomExtensionByNid(const ossl_ptr<X509> &certificate, int
     }
 
     // Create a new extension using your smart pointer
-    ossl_ptr<X509_EXTENSION> ext(X509_EXTENSION_create_by_NID(nullptr, nid, false, string_data.get()));
+    ossl_ptr<X509_EXTENSION> ext(X509_EXTENSION_create_by_NID(nullptr, nid, false, string_data.get()), false);
     if (!ext) {
         unsigned long err = ERR_get_error();
         ERR_error_string_n(err, err_msg, sizeof(err_msg));
@@ -412,7 +412,7 @@ std::string CertFactory::getCertsDirectory() {
  */
 ossl_ptr<BIO> CertFactory::newBio() {
     ERR_clear_error();
-    ossl_ptr<BIO> bio(BIO_new(BIO_s_mem()));
+    ossl_ptr<BIO> bio(BIO_new(BIO_s_mem()), false);
     if (!bio) {
         throw std::runtime_error(SB() << "Error: Failed to create bio for output: " << getError());
     }
@@ -569,7 +569,7 @@ void CertFactory::set_skid(ossl_ptr<X509> &certificate) {
     pos = X509_get_ext_by_NID(certificate.get(), NID_subject_key_identifier, pos);
     X509_EXTENSION *ex = X509_get_ext(certificate.get(), pos);
 
-    ossl_ptr<ASN1_OCTET_STRING> skid(reinterpret_cast<ASN1_OCTET_STRING *>(X509V3_EXT_d2i(ex)));
+    ossl_ptr<ASN1_OCTET_STRING> skid(reinterpret_cast<ASN1_OCTET_STRING *>(X509V3_EXT_d2i(ex)), false);
 
     if (skid != NULL) {
         // Convert to hexadecimal string

certs/certfactory.h

@@ -147,12 +147,12 @@ class PVXS_API CertFactory {
         std::string cert_data((std::istreambuf_iterator<char>(cert_file)),
                               std::istreambuf_iterator<char>());
 
-        ossl_ptr<BIO> bio(BIO_new_mem_buf(cert_data.data(), cert_data.size()));
+        ossl_ptr<BIO> bio(BIO_new_mem_buf(cert_data.data(), cert_data.size()), false);
         if (!bio) {
             throw std::runtime_error("Failed to create BIO");
         }
 
-        ossl_ptr<X509> cert(PEM_read_bio_X509_AUX(bio.get(), NULL, NULL, NULL));
+        ossl_ptr<X509> cert(PEM_read_bio_X509_AUX(bio.get(), NULL, NULL, NULL), false);
         if (!cert) {
             throw std::runtime_error("Failed to read certificate");
         }

certs/certfilefactory.cpp

@@ -114,7 +114,7 @@ CertData CertFileFactory::getCertData(const std::shared_ptr<KeyPair>& key_pair)
 
     if (!pem_string_.empty()) {
         // Parse certificates from PEM string
-        ossl_ptr<BIO> bio(BIO_new_mem_buf(pem_string_.data(), pem_string_.size()));
+        ossl_ptr<BIO> bio(BIO_new_mem_buf(pem_string_.data(), pem_string_.size()), false);
         if (!bio) {
             throw std::runtime_error("Failed to create BIO for PEM data");
         }
@@ -127,7 +127,7 @@ CertData CertFileFactory::getCertData(const std::shared_ptr<KeyPair>& key_pair)
 
         // Read remaining certificates into chain
         while (true) {
-            ossl_ptr<X509> chain_cert(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
+            ossl_ptr<X509> chain_cert(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr), false);
             if (!chain_cert) {
                 ERR_clear_error();  // Clear EOF error
                 break;
@@ -147,7 +147,7 @@ CertData CertFileFactory::getCertData(const std::shared_ptr<KeyPair>& key_pair)
         if (certs_ptr_) {
             // Duplicate each certificate in the chain
             for (int i = 0; i < sk_X509_num(certs_ptr_); i++) {
-                ossl_ptr<X509> int_cert(X509_dup(sk_X509_value(certs_ptr_, i)));
+                ossl_ptr<X509> int_cert(X509_dup(sk_X509_value(certs_ptr_, i)), false);
                 if (!int_cert || sk_X509_push(chain.get(), int_cert.get()) != 1) {
                     throw std::runtime_error("Failed to duplicate chain certificate");
                 }
@@ -199,7 +199,7 @@ std::shared_ptr<KeyPair> CertFileFactory::createKeyPair() {
     const int kKeyType = EVP_PKEY_RSA;  // Key type
 
     // Initialize the context for the key generation operation
-    ossl_ptr<EVP_PKEY_CTX> context(EVP_PKEY_CTX_new_id(kKeyType, nullptr));
+    ossl_ptr<EVP_PKEY_CTX> context(EVP_PKEY_CTX_new_id(kKeyType, nullptr), false);
     if (!context) {
         throw std::runtime_error("Failed to create EVP_PKEY_CTX");
     }

certs/p12filefactory.cpp

@@ -60,7 +60,7 @@ std::shared_ptr<KeyPair> P12FileFactory::getKeyFromFile() {
         throw std::runtime_error(SB() << "Error opening private key file for reading binary contents: \"" << filename_ << "\"");
     }
 
-    ossl_ptr<PKCS12> p12(d2i_PKCS12_fp(fp.get(), NULL));
+    ossl_ptr<PKCS12> p12(d2i_PKCS12_fp(fp.get(), NULL), false);
     if (!p12) {
         throw std::runtime_error(SB() << "Error opening private key file as a PKCS#12 object: " << filename_);
     }
@@ -95,7 +95,7 @@ CertData P12FileFactory::getCertDataFromFile() {
     }
     file_ptr fp(file);
 
-    ossl_ptr<PKCS12> p12(d2i_PKCS12_fp(fp.get(), NULL));
+    ossl_ptr<PKCS12> p12(d2i_PKCS12_fp(fp.get(), NULL), false);
     if (!p12) {
         throw std::runtime_error(SB() << "Error opening certificate file as a PKCS#12 object: " << filename_);
     }
@@ -140,7 +140,7 @@ CertData P12FileFactory::getCertDataFromFile() {
  */
 ossl_ptr<PKCS12> P12FileFactory::pemStringToP12(std::string password, EVP_PKEY *keys_ptr, std::string pem_string, bool certs_only) {
     // Read PEM data into a new BIO
-    ossl_ptr<BIO> bio(BIO_new_mem_buf(pem_string.c_str(), -1));
+    ossl_ptr<BIO> bio(BIO_new_mem_buf(pem_string.c_str(), -1), false);
     if (!bio) {
         throw std::runtime_error("Unable to allocate BIO");
     }

certs/pemfilefactory.cpp

@@ -50,7 +50,7 @@ bool PEMFileFactory::createRootPemFile(const std::string& p12PemString, bool ove
     }
 
     // Build filename based on the CA certificate's CN field
-    ossl_ptr<X509_NAME> name(X509_get_subject_name(xi->x509));
+    ossl_ptr<X509_NAME> name(X509_get_subject_name(xi->x509), false);
     if (!name) {
         throw std::runtime_error("Failed to get subject name from certificate");
     }
@@ -275,7 +275,7 @@ std::shared_ptr<KeyPair> PEMFileFactory::getKeyFromFile() {
     }
 
     // Try to read the private key
-    ossl_ptr<EVP_PKEY> pkey(PEM_read_PrivateKey(fp.get(), nullptr, nullptr, nullptr));
+    ossl_ptr<EVP_PKEY> pkey(PEM_read_PrivateKey(fp.get(), nullptr, nullptr, nullptr), false);
     if (!pkey) {
         ERR_clear_error();
         throw std::runtime_error(SB() << "No private key found in file: " << filename_);

certs/security.h

@@ -120,7 +120,7 @@ struct KeyPair final {
             throw std::runtime_error("Unable to create BIO");
         }
 
-        ossl_ptr<EVP_PKEY> key(PEM_read_bio_PUBKEY(bio.get(), NULL, NULL, NULL));
+        ossl_ptr<EVP_PKEY> key(PEM_read_bio_PUBKEY(bio.get(), NULL, NULL, NULL), false);
         if (!key) {
             throw std::runtime_error("Unable to read public key");
         }

src/certstatus.h

@@ -168,8 +168,8 @@ struct CertStatus {
      * @return first 8 hex digits of the hex SKID (subject key identifier)
      */
     static inline std::string getIssuerId(X509* ca_cert_ptr) {
-        ossl_ptr<ASN1_OCTET_STRING> skid(reinterpret_cast<ASN1_OCTET_STRING*>(X509_get_ext_d2i(ca_cert_ptr, NID_subject_key_identifier, nullptr, nullptr)));
-        if (!skid.get()) {
+        ossl_ptr<ASN1_OCTET_STRING> skid(reinterpret_cast<ASN1_OCTET_STRING*>(X509_get_ext_d2i(ca_cert_ptr, NID_subject_key_identifier, nullptr, nullptr)), false);
+        if (!skid) {
             throw std::runtime_error("Failed to get Subject Key Identifier.");
         }
 

src/certstatusmanager.cpp

@@ -49,7 +49,7 @@ ossl_ptr<OCSP_RESPONSE> CertStatusManager::getOCSPResponse(const shared_array<co
     }
 
     // Parse the BIO into an OCSP_RESPONSE
-    ossl_ptr<OCSP_RESPONSE> ocsp_response(d2i_OCSP_RESPONSE_bio(bio.get(), nullptr));
+    ossl_ptr<OCSP_RESPONSE> ocsp_response(d2i_OCSP_RESPONSE_bio(bio.get(), nullptr), false);
     if (!ocsp_response) {
         throw OCSPParseException("Failed to parse OCSP response");
     }
@@ -332,7 +332,7 @@ bool CertStatusManager::verifyOCSPResponse(const ossl_ptr<OCSP_BASICRESP>& basic
     ossl_ptr<STACK_OF(X509)> ca_chain(sk_X509_dup(const_ca_chain_ptr));  // remove const-ness
 
     // Create a new X509_STORE with trusted root CAs
-    ossl_ptr<X509_STORE> store(X509_STORE_new());
+    ossl_ptr<X509_STORE> store(X509_STORE_new(), false);
     if (!store) {
         throw OCSPParseException("Failed to create X509_STORE to verify OCSP response");
     }
@@ -353,7 +353,7 @@ bool CertStatusManager::verifyOCSPResponse(const ossl_ptr<OCSP_BASICRESP>& basic
     }
 
     // Set up the store context for verification
-    ossl_ptr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
+    ossl_ptr<X509_STORE_CTX> ctx(X509_STORE_CTX_new(), false);
     if (!ctx) {
         throw OCSPParseException("Failed to create X509_STORE_CTX to verify OCSP response");
     }

src/openssl.h

@@ -115,7 +115,7 @@ struct CertStatusExData {
      */
     static inline serial_number_t getSerialNumber(X509 *cert_ptr) {
         ASN1_INTEGER *serial = X509_get_serialNumber(cert_ptr);
-        ossl_ptr<BIGNUM> bn(ASN1_INTEGER_to_BN(serial, nullptr));
+        ossl_ptr<BIGNUM> bn(ASN1_INTEGER_to_BN(serial, nullptr), false);
         if (!bn) {
             return 0;
         }