Percona-Lab · lukin-oleksiy · Mar 25, 2026 · Mar 25, 2026
diff --git a/README.md b/README.md
@@ -16,14 +16,43 @@ For more information on KMIP, check out the
 
 For more information on libkmip, check out the project [Documentation][docs].
 
-## Installation
+## Build
+
+Build with CMake:
+
+```bash
+cmake -S . -B cmake-build-debug
+cmake --build cmake-build-debug -j
+```
+
+## Run Demos
+
+Demo binaries are created in `cmake-build-debug/libkmip/src/`.
+For example:
+
+```bash
+./cmake-build-debug/libkmip/src/demo_query
+```
+
+## Run Tests (ASAN)
 
-You can install libkmip from source using `make`:
+An AddressSanitizer + LeakSanitizer test target is available for
+`libkmip/src/tests.c`:
 
+```bash
+cmake --build cmake-build-debug --target run_tests_asan
 ```
-$ cd libkmip
-$ make
-$ make install
+
+This command builds and runs `kmip_tests_asan` with leak detection enabled.
+
+## Installation
+
+You can also install libkmip from source using `make`:
+
+```bash
+cd libkmip
+make
+make install
 ```
 
 See [Installation][install] for more information.

diff --git a/libkmip/include/kmip.h b/libkmip/include/kmip.h
@@ -1726,6 +1726,7 @@ typedef int64 intptr;
   void kmip_free_symmetric_key (KMIP *, SymmetricKey *);
   void kmip_free_public_key (KMIP *, PublicKey *);
   void kmip_free_private_key (KMIP *, PrivateKey *);
+  void kmip_free_secret_data (KMIP *, SecretData *);
   void kmip_free_key_wrapping_specification (KMIP *, KeyWrappingSpecification *);
   void kmip_free_create_request_payload (KMIP *, CreateRequestPayload *);
   void kmip_free_create_response_payload (KMIP *, CreateResponsePayload *);

diff --git a/libkmip/src/CMakeLists.txt b/libkmip/src/CMakeLists.txt
@@ -45,3 +45,41 @@ add_demo(get)
 add_demo(locate)
 add_demo(register)
 add_demo(query)
+
+# ASAN-enabled test runner for libkmip/src/tests.c.
+add_executable(
+  kmip_tests_asan
+  tests.c
+  kmip_bio.c
+  kmip.c
+  kmip_locate.c
+  kmip_memset.c
+)
+
+target_include_directories(
+  kmip_tests_asan PRIVATE
+  ${KMIP_SOURCE_DIR}/libkmip/include/
+)
+
+target_link_libraries(kmip_tests_asan OpenSSL::SSL OpenSSL::Crypto)
+
+target_compile_options(
+  kmip_tests_asan PRIVATE
+  -fsanitize=address
+  -fno-omit-frame-pointer
+  -include
+  stdio.h
+)
+
+target_link_options(
+  kmip_tests_asan PRIVATE
+  -fsanitize=address
+)
+
+add_custom_target(
+  run_tests_asan
+  COMMAND ${CMAKE_COMMAND} -E env ASAN_OPTIONS=detect_leaks=1:abort_on_error=1:halt_on_error=1 $<TARGET_FILE:kmip_tests_asan>
+  DEPENDS kmip_tests_asan
+  USES_TERMINAL
+)
+
diff --git a/libkmip/src/kmip.c b/libkmip/src/kmip.c
@@ -5804,6 +5804,24 @@ kmip_free_private_key (KMIP *ctx, PrivateKey *value)
   return;
 }
 
+void
+kmip_free_secret_data (KMIP *ctx, SecretData *value)
+{
+  if (value != NULL)
+    {
+      if (value->key_block != NULL)
+        {
+          kmip_free_key_block (ctx, value->key_block);
+          ctx->free_func (ctx->state, value->key_block);
+          value->key_block = NULL;
+        }
+
+      value->secret_data_type = 0;
+    }
+
+  return;
+}
+
 void
 kmip_free_key_wrapping_specification (KMIP *ctx, KeyWrappingSpecification *value)
 {
@@ -6030,6 +6048,10 @@ kmip_free_get_response_payload (KMIP *ctx, GetResponsePayload *value)
               kmip_free_private_key (ctx, (PrivateKey *)value->object);
               break;
 
+            case KMIP_OBJTYPE_SECRET_DATA:
+              kmip_free_secret_data (ctx, (SecretData *)value->object);
+              break;
+
             default:
               /* NOTE (ph) Hitting this case means that we don't know */
               /*      what the actual type, size, or value of         */
@@ -6139,6 +6161,54 @@ kmip_free_destroy_response_payload (KMIP *ctx, DestroyResponsePayload *value)
   return;
 }
 
+void
+kmip_free_revoke_request_payload (KMIP *ctx, RevokeRequestPayload *value)
+{
+  if (value != NULL)
+    {
+      if (value->unique_identifier != NULL)
+        {
+          kmip_free_text_string (ctx, value->unique_identifier);
+          ctx->free_func (ctx->state, value->unique_identifier);
+          value->unique_identifier = NULL;
+        }
+
+      if (value->revocation_reason != NULL)
+        {
+          if (value->revocation_reason->message != NULL)
+            {
+              kmip_free_text_string (ctx, value->revocation_reason->message);
+              ctx->free_func (ctx->state, value->revocation_reason->message);
+              value->revocation_reason->message = NULL;
+            }
+
+          value->revocation_reason->reason = 0;
+          ctx->free_func (ctx->state, value->revocation_reason);
+          value->revocation_reason = NULL;
+        }
+
+      value->compromise_occurence_date = 0;
+    }
+
+  return;
+}
+
+void
+kmip_free_revoke_response_payload (KMIP *ctx, RevokeResponsePayload *value)
+{
+  if (value != NULL)
+    {
+      if (value->unique_identifier != NULL)
+        {
+          kmip_free_text_string (ctx, value->unique_identifier);
+          ctx->free_func (ctx->state, value->unique_identifier);
+          value->unique_identifier = NULL;
+        }
+    }
+
+  return;
+}
+
 void
 kmip_free_request_batch_item (KMIP *ctx, RequestBatchItem *value)
 {
@@ -6187,6 +6257,10 @@ kmip_free_request_batch_item (KMIP *ctx, RequestBatchItem *value)
               kmip_free_locate_request_payload (ctx, (LocateRequestPayload *)value->request_payload);
               break;
 
+            case KMIP_OP_REVOKE:
+              kmip_free_revoke_request_payload (ctx, (RevokeRequestPayload *)value->request_payload);
+              break;
+
             default:
               /* NOTE (ph) Hitting this case means that we don't know    */
               /*      what the actual type, size, or value of            */
@@ -6272,6 +6346,10 @@ kmip_free_response_batch_item (KMIP *ctx, ResponseBatchItem *value)
               kmip_free_locate_response_payload (ctx, (LocateResponsePayload *)value->response_payload);
               break;
 
+            case KMIP_OP_REVOKE:
+              kmip_free_revoke_response_payload (ctx, (RevokeResponsePayload *)value->response_payload);
+              break;
+
             default:
               /* NOTE (ph) Hitting this case means that we don't know    */
               /*      what the actual type, size, or value of            */
@@ -6777,14 +6855,47 @@ kmip_free_objects (KMIP *ctx, ObjectTypes *value)
 void
 kmip_free_server_information (KMIP *ctx, ServerInformation *value)
 {
-  kmip_free_text_string (ctx, value->server_name);
-  kmip_free_text_string (ctx, value->server_serial_number);
-  kmip_free_text_string (ctx, value->server_version);
-  kmip_free_text_string (ctx, value->server_load);
-  kmip_free_text_string (ctx, value->product_name);
-  kmip_free_text_string (ctx, value->build_level);
-  kmip_free_text_string (ctx, value->build_date);
-  kmip_free_text_string (ctx, value->cluster_info);
+  if (ctx == NULL || value == NULL)
+    return;
+
+#define FREE_TEXT_FIELD(field)                          \
+  if (value->field != NULL)                             \
+    {                                                   \
+      kmip_free_text_string (ctx, value->field);        \
+      ctx->free_func (ctx->state, value->field);        \
+      value->field = NULL;                              \
+    }
+
+  FREE_TEXT_FIELD (server_name)
+  FREE_TEXT_FIELD (server_serial_number)
+  FREE_TEXT_FIELD (server_version)
+  FREE_TEXT_FIELD (server_load)
+  FREE_TEXT_FIELD (product_name)
+  FREE_TEXT_FIELD (build_level)
+  FREE_TEXT_FIELD (build_date)
+  FREE_TEXT_FIELD (cluster_info)
+
+#undef FREE_TEXT_FIELD
+
+  if (value->alternative_failover_endpoints != NULL)
+    {
+      AltEndpoints *alt = value->alternative_failover_endpoints;
+      if (alt->endpoint_list != NULL)
+        {
+          LinkedListItem *item = kmip_linked_list_pop (alt->endpoint_list);
+          while (item != NULL)
+            {
+              kmip_free_text_string (ctx, (TextString *)item->data);
+              ctx->free_func (ctx->state, item->data);
+              ctx->free_func (ctx->state, item);
+              item = kmip_linked_list_pop (alt->endpoint_list);
+            }
+          ctx->free_func (ctx->state, alt->endpoint_list);
+          alt->endpoint_list = NULL;
+        }
+      ctx->free_func (ctx->state, value->alternative_failover_endpoints);
+      value->alternative_failover_endpoints = NULL;
+    }
 }
 
 /*
@@ -12374,6 +12485,10 @@ kmip_encode_response_batch_item (KMIP *ctx, const ResponseBatchItem *value)
       result = kmip_encode_register_response_payload (ctx, (RegisterResponsePayload *)value->response_payload);
       break;
 
+    case KMIP_OP_GET:
+      result = kmip_encode_get_response_payload (ctx, (GetResponsePayload *)value->response_payload);
+      break;
+
     case KMIP_OP_GET_ATTRIBUTES:
       result = kmip_encode_get_attribute_response_payload (ctx, (GetAttributeResponsePayload *)value->response_payload);
       break;