openharmony/security_certificate_framework
1
0
Fork 0
mirror of https://gitee.com/openharmony/security_certificate_framework synced 2024-11-27 00:30:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

!209 修改证书算法库内存泄漏

Browse Source 
Merge pull request !209 from 王静/OpenHarmony-5.0-Release
This commit is contained in:
openharmony_ci 2024-09-26 01:51:48 +00:00 committed by Gitee
commit 61c28148c2
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
4 changed files with 76 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
frameworks/adapter/v1.0/src/x509_cert_chain_openssl.c
View File

@ -921,6 +921,7 @@ static CfResult ValidateOcspLocal(OcspLocalParam localParam, STACK_OF(X509) *x50
return res;
}
res = ParseResp(bs, localParam.certid);
OCSP_RESPONSE_free(localParam.resp);
OCSP_BASICRESP_free(bs);
return res;
}
@ -1302,15 +1303,18 @@ static CfResult ValidateRevocation(
res = ValidateRevocationOnLine(params, x509CertChain, trustAnchor, certId);
if (res != CF_SUCCESS) {
LOGE("Try to validate revocation online failed.");
OCSP_CERTID_free(certId);
return res;
}
} else {
res = ValidateRevocationLocal(params, x509CertChain, trustAnchor, certId);
if (res != CF_SUCCESS) {
LOGE("Try to validate revocation local failed.");
OCSP_CERTID_free(certId);
return res;
}
}
OCSP_CERTID_free(certId);
return res;
} else {
return ValidateCrlLocal(params->certCRLCollections, x509CertChain);

2
frameworks/adapter/v1.0/src/x509_certificate_openssl.c
View File

@ -1632,7 +1632,7 @@ static CfResult CompareSubAltNameX509Openssl(
if (res == CF_SUCCESS && CompareSubAltNameMatch(subAltNameArray, &subAltNameArrayOut, matchAllSubAltNames)) {
*out = true;
}
sk_GENERAL_NAME_free(altname);
GENERAL_NAMES_free(altname);
SubAltNameArrayDataClearAndFree(&subAltNameArrayOut);
return res;
}

70
test/unittest/v1.0/src/crypto_x509_certificate_test_part3.cpp
View File

@ -370,7 +370,7 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareExtendedKeyUsageTest001, TestSiz
CfFree(certMatchParameters.extendedKeyUsage);
}
HWTEST_F(CryptoX509CertificateTestPart3, CompareNameConstraintsTest001, TestSize.Level0)
HWTEST_F(CryptoX509CertificateTestPart3, CompareNameConstraintsTest000, TestSize.Level0)
{
ASSERT_NE(g_x509CertExtAttrObj, nullptr);
bool bResult = true;
@ -409,9 +409,37 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareNameConstraintsTest001, TestSize
EXPECT_EQ(ret, CF_SUCCESS);
EXPECT_EQ(bResult, false);
X509OpensslMock::SetMockFlag(false);
OTHERNAME_free(tree->base->d.otherName);
tree->base->d.otherName = nullptr;
GENERAL_NAME_free(tree->base);
tree->base = nullptr;
GENERAL_SUBTREE_free(tree);
}
HWTEST_F(CryptoX509CertificateTestPart3, CompareNameConstraintsTest001, TestSize.Level0)
{
ASSERT_NE(g_x509CertExtAttrObj, nullptr);
bool bResult = true;
HcfX509CertMatchParams certMatchParameters = { 0 };
CfBlob blob;
blob.data = const_cast<uint8_t *>(g_testNameConstraints);
blob.size = sizeof(g_testNameConstraints);
certMatchParameters.nameConstraints = &blob;
CfResult ret =
g_testCertWithPrivateKeyValidObj->match(g_testCertWithPrivateKeyValidObj, &certMatchParameters, &bResult);
EXPECT_EQ(ret, CF_SUCCESS);
EXPECT_EQ(bResult, false);
certMatchParameters.minPathLenConstraint = -1;
ret = g_testCertWithPrivateKeyValidObj->match(g_testCertWithPrivateKeyValidObj, &certMatchParameters, &bResult);
EXPECT_EQ(ret, CF_SUCCESS);
EXPECT_EQ(bResult, true);
// GEN_X400
tree = reinterpret_cast<GENERAL_SUBTREE *>sk_GENERAL_SUBTREE_new_null();
GENERAL_SUBTREE *tree = reinterpret_cast<GENERAL_SUBTREE *>sk_GENERAL_SUBTREE_new_null();
EXPECT_NE(tree, nullptr);
tree->base = GENERAL_NAME_new();
EXPECT_NE(tree->base, nullptr);
@ -426,6 +454,11 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareNameConstraintsTest001, TestSize
EXPECT_EQ(ret, CF_SUCCESS);
EXPECT_EQ(bResult, false);
X509OpensslMock::SetMockFlag(false);
ASN1_STRING_free(tree->base->d.x400Address);
tree->base->d.x400Address = nullptr;
GENERAL_NAME_free(tree->base);
tree->base = nullptr;
GENERAL_SUBTREE_free(tree);
}
HWTEST_F(CryptoX509CertificateTestPart3, CompareNameConstraintsTest002, TestSize.Level0)
@ -456,6 +489,11 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareNameConstraintsTest002, TestSize
EXPECT_EQ(ret, CF_SUCCESS);
EXPECT_EQ(bResult, false);
X509OpensslMock::SetMockFlag(false);
ASN1_OCTET_STRING_free(tree->base->d.ip);
tree->base->d.ip = nullptr;
GENERAL_NAME_free(tree->base);
tree->base = nullptr;
GENERAL_SUBTREE_free(tree);
}
HWTEST_F(CryptoX509CertificateTestPart3, CompareNameConstraintsTest003, TestSize.Level0)
@ -484,6 +522,11 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareNameConstraintsTest003, TestSize
EXPECT_EQ(ret, CF_SUCCESS);
EXPECT_EQ(bResult, false);
X509OpensslMock::SetMockFlag(false);
EDIPARTYNAME_free(tree->base->d.ediPartyName);
tree->base->d.ediPartyName = nullptr;
GENERAL_NAME_free(tree->base);
tree->base = nullptr;
GENERAL_SUBTREE_free(tree);
tree = reinterpret_cast<GENERAL_SUBTREE *>sk_GENERAL_SUBTREE_new_null();
EXPECT_NE(tree, nullptr);
@ -500,6 +543,11 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareNameConstraintsTest003, TestSize
EXPECT_EQ(ret, CF_SUCCESS);
EXPECT_EQ(bResult, false);
X509OpensslMock::SetMockFlag(false);
EDIPARTYNAME_free(tree->base->d.ediPartyName);
tree->base->d.ediPartyName = nullptr;
GENERAL_NAME_free(tree->base);
tree->base = nullptr;
GENERAL_SUBTREE_free(tree);
}
HWTEST_F(CryptoX509CertificateTestPart3, CompareNameConstraintsTest004, TestSize.Level0)
@ -530,6 +578,11 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareNameConstraintsTest004, TestSize
EXPECT_EQ(ret, CF_SUCCESS);
EXPECT_EQ(bResult, false);
X509OpensslMock::SetMockFlag(false);
X509_NAME_free(tree->base->d.directoryName);
tree->base->d.directoryName = nullptr;
GENERAL_NAME_free(tree->base);
tree->base = nullptr;
GENERAL_SUBTREE_free(tree);
// GEN_RID
tree = reinterpret_cast<GENERAL_SUBTREE *>sk_GENERAL_SUBTREE_new_null();
@ -547,6 +600,11 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareNameConstraintsTest004, TestSize
EXPECT_EQ(ret, CF_SUCCESS);
EXPECT_EQ(bResult, false);
X509OpensslMock::SetMockFlag(false);
ASN1_OBJECT_free(tree->base->d.registeredID);
tree->base->d.registeredID = nullptr;
GENERAL_NAME_free(tree->base);
tree->base = nullptr;
GENERAL_SUBTREE_free(tree);
}
HWTEST_F(CryptoX509CertificateTestPart3, CompareNameConstraintsTest005, TestSize.Level0)
@ -578,6 +636,7 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareNameConstraintsTest005, TestSize
EXPECT_EQ(ret, CF_SUCCESS);
EXPECT_EQ(bResult, false);
X509OpensslMock::SetMockFlag(false);
NAME_CONSTRAINTS_free(nc);
nc = NAME_CONSTRAINTS_new();
EXPECT_NE(nc, nullptr);
@ -591,6 +650,7 @@ HWTEST_F(CryptoX509CertificateTestPart3, CompareNameConstraintsTest005, TestSize
EXPECT_EQ(ret, CF_SUCCESS);
EXPECT_EQ(bResult, false);
X509OpensslMock::SetMockFlag(false);
NAME_CONSTRAINTS_free(nc);
}
HWTEST_F(CryptoX509CertificateTestPart3, CompareCertPolicyTest001, TestSize.Level0)
@ -731,6 +791,12 @@ HWTEST_F(CryptoX509CertificateTestPart3, ComparePrivateKeyValidTest002, TestSize
EXPECT_EQ(ret, CF_SUCCESS);
EXPECT_EQ(bResult, false);
X509OpensslMock::SetMockFlag(false);
CfFree(pKeyValid->notBefore->data);
pKeyValid->notBefore->data = nullptr;
CfFree(pKeyValid->notBefore);
pKeyValid->notBefore = nullptr;
CfFree(pKeyValid);
pKeyValid = nullptr;
}
HWTEST_F(CryptoX509CertificateTestPart3, CompareSubjectKeyIdentifierTest001, TestSize.Level0)

7
test/unittest/v1.0/src/x509_distinguished_name_test.cpp
View File

@ -188,7 +188,6 @@ HWTEST_F(X509DistinguishedNameTest, HcfX509DistinguishedNameCreateTest002, TestS
HWTEST_F(X509DistinguishedNameTest, OpensslX509DistinguishedNameSpiCreateTest001, TestSize.Level0)
{
CF_LOG_I("OpensslX509DistinguishedNameSpiCreateTest001");
ASSERT_NE(g_x509CertObj, nullptr);
CfBlob out = { 0 };
@ -223,6 +222,7 @@ HWTEST_F(X509DistinguishedNameTest, OpensslX509DistinguishedNameSpiCreateTest001
ret = OpensslX509DistinguishedNameSpiCreate(&out, true, &spi);
EXPECT_EQ(ret, CF_SUCCESS);
X509OpensslMock::SetMockFlag(false);
CfObjDestroy(spi);
// test ParseName failed case
X509OpensslMock::SetMockFlag(true);
@ -233,18 +233,16 @@ HWTEST_F(X509DistinguishedNameTest, OpensslX509DistinguishedNameSpiCreateTest001
EXPECT_EQ(ret, CF_ERR_CRYPTO_OPERATION);
X509OpensslMock::SetMockFlag(false);
CF_LOG_I("OpensslX509DistinguishedNameSpiCreateTest001 - 1");
out.data[3] = '+';
ret = OpensslX509DistinguishedNameSpiCreate(&out, true, &spi);
EXPECT_EQ(ret, CF_SUCCESS);
CfObjDestroy(spi);
CF_LOG_I("OpensslX509DistinguishedNameSpiCreateTest001 - 2");
out.data[3] = '\\';
out.data[4] = '\0';
ret = OpensslX509DistinguishedNameSpiCreate(&out, true, &spi);
EXPECT_EQ(ret, CF_ERR_CRYPTO_OPERATION);
CF_LOG_I("OpensslX509DistinguishedNameSpiCreateTest001 - 3");
out.data[2] = '\0';
ret = OpensslX509DistinguishedNameSpiCreate(&out, true, &spi);
EXPECT_EQ(ret, CF_ERR_CRYPTO_OPERATION);
@ -365,6 +363,7 @@ HWTEST_F(X509DistinguishedNameTest, GetNameTest001, TestSize.Level0)
ret = g_x509Name->getName(g_x509Name, &inPara, NULL, &outArr);
EXPECT_EQ(ret, CF_SUCCESS);
CfArrayDataClearAndFree(&outArr);
ret = g_x509Name->getName(g_x509Name, NULL, NULL, NULL);
EXPECT_EQ(ret, CF_INVALID_PARAMS);