openharmony/security_certificate_framework
1
0
Fork 0
mirror of https://gitee.com/openharmony/security_certificate_framework synced 2024-11-27 00:30:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

证书算法库内存泄漏问题修改

Browse Source 
Signed-off-by: 王静 <wangjing561@huawei.com>
This commit is contained in:
王静 2024-09-30 14:31:17 +08:00
parent e75d3eb052
commit 78b0b9656c
5 changed files with 44 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
frameworks/adapter/v1.0/src/x509_cert_chain_openssl.c
View File

@ -872,31 +872,49 @@ static CfResult ParseResp(OCSP_BASICRESP *bs, OCSP_CERTID *certid)
return res;
}
static void ValidateOcspLocalGetTrustCert(STACK_OF(X509) *x509CertChain, HcfX509TrustAnchor *trustAnchor,
const HcfX509CertChainValidateParams *params, HcfRevocationCheckParam *revo, X509 **trustCert)
{
if (revo->ocspResponderCert != NULL) {
*trustCert = GetX509FromHcfX509Certificate((HcfCertificate *)(params->revocationCheckParam->ocspResponderCert));
} else if (trustAnchor->CACert != NULL) {
*trustCert = GetX509FromHcfX509Certificate((HcfCertificate *)(trustAnchor->CACert));
} else {
*trustCert = sk_X509_value(x509CertChain, sk_X509_num(x509CertChain) - 1);
}
}
static CfResult ValidateOcspLocal(OcspLocalParam localParam, STACK_OF(X509) *x509CertChain,
HcfX509TrustAnchor *trustAnchor, const HcfX509CertChainValidateParams *params)
{
int i;
OCSP_BASICRESP *bs = NULL;
X509 *trustCert = NULL;
OCSP_RESPONSE *rsp = NULL;
if (localParam.certid == NULL) {
LOGE("The input data is null!");
return CF_INVALID_PARAMS;
}
HcfRevocationCheckParam *revo = params->revocationCheckParam;
if (localParam.resp == NULL && revo->ocspResponses != NULL) {
localParam.resp =
d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&(revo->ocspResponses->data), revo->ocspResponses->size);
rsp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&(revo->ocspResponses->data), revo->ocspResponses->size);
localParam.resp = rsp;
}
if (localParam.resp == NULL || localParam.certid == NULL) {
if (localParam.resp == NULL) {
LOGE("The input data is null!");
return CF_ERR_CRYPTO_OPERATION;
}
if (OCSP_response_status(localParam.resp) != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
LOGE("The resp status is not success!");
OCSP_RESPONSE_free(rsp);
return CF_ERR_CRYPTO_OPERATION;
}
bs = OCSP_response_get1_basic(localParam.resp);
OCSP_BASICRESP *bs = OCSP_response_get1_basic(localParam.resp);
if (bs == NULL) {
LOGE("Error parsing response!");
OCSP_RESPONSE_free(rsp);
return CF_ERR_CRYPTO_OPERATION;
}
OCSP_RESPONSE_free(rsp);
if (localParam.req != NULL && ((i = OCSP_check_nonce(localParam.req, bs)) <= 0)) {
if (i == -1) {
LOGW("No nonce in response!");
@ -906,14 +924,8 @@ static CfResult ValidateOcspLocal(OcspLocalParam localParam, STACK_OF(X509) *x50
return CF_ERR_CRYPTO_OPERATION;
}
}
if (revo->ocspResponderCert != NULL) {
trustCert = GetX509FromHcfX509Certificate((HcfCertificate *)(params->revocationCheckParam->ocspResponderCert));
} else if (trustAnchor->CACert != NULL) {
trustCert = GetX509FromHcfX509Certificate((HcfCertificate *)(trustAnchor->CACert));
} else {
trustCert = sk_X509_value(x509CertChain, sk_X509_num(x509CertChain) - 1);
}
ValidateOcspLocalGetTrustCert(x509CertChain, trustAnchor, params, revo, &trustCert);
CfResult res = VerifyOcspSigner(bs, x509CertChain, trustCert);
if (res != CF_SUCCESS) {
LOGE("VerifySinger failed!");
@ -921,7 +933,6 @@ static CfResult ValidateOcspLocal(OcspLocalParam localParam, STACK_OF(X509) *x50
return res;
}
res = ParseResp(bs, localParam.certid);
OCSP_RESPONSE_free(localParam.resp);
OCSP_BASICRESP_free(bs);
return res;
}

16
frameworks/adapter/v1.0/src/x509_cert_chain_openssl_ex.c
View File

@ -137,6 +137,18 @@ X509 *GetX509FromHcfX509Certificate(const HcfCertificate *cert)
return realCert->x509;
}
static void FreeCertArrayData(HcfX509CertificateArray *certs)
{
if (certs == NULL || certs->data == NULL) {
return;
}
for (uint32_t i = 0; i < certs->count; ++i) {
CfObjDestroy(certs->data[i]);
}
CF_FREE_PTR(certs->data);
certs->count = 0;
}
static CfResult GetCertChainFromCollection(const HcfX509CertChainBuildParameters *inParams, STACK_OF(X509) *certStack)
{
if (inParams->validateParameters.certCRLCollections == NULL) {
@ -156,20 +168,24 @@ static CfResult GetCertChainFromCollection(const HcfX509CertChainBuildParameters
X509 *cert = GetX509FromHcfX509Certificate((HcfCertificate *)retCerts.data[j]);
if (cert == NULL) {
LOGE("GetX509Cert from inParams failed!");
FreeCertArrayData(&retCerts);
return CF_INVALID_PARAMS;
}
X509 *certDup = X509_dup(cert);
if (certDup == NULL) {
LOGE("Memory allocation failure!");
FreeCertArrayData(&retCerts);
return CF_ERR_MALLOC;
}
if (sk_X509_push(certStack, certDup) <= 0) {
LOGE("Push cert to SK failed!");
X509_free(certDup);
FreeCertArrayData(&retCerts);
return CF_ERR_CRYPTO_OPERATION;
}
}
FreeCertArrayData(&retCerts);
}
return CF_SUCCESS;
}

2
frameworks/core/v1.0/certificate/cert_crl_common.c
View File

@ -59,7 +59,7 @@ CfResult CloneCrlObj(HcfX509Crl *in, HcfX509Crl **out)
void FreeCertArrayData(HcfX509CertificateArray *certs)
{
if (certs == NULL) {
if (certs == NULL|| certs->data == NULL) {
return;
}
for (uint32_t i = 0; i < certs->count; ++i) {

2
test/fuzztest/v1.0/x509certchain_fuzzer/x509certchain_fuzzer.cpp
View File

@ -520,7 +520,7 @@ namespace OHOS {
static void FreeCertArrayData(HcfX509CertificateArray *certs)
{
if (certs == nullptr) {
if (certs == nullptr || certs->data == nullptr) {
return;
}
for (uint32_t i = 0; i < certs->count; ++i) {

1
test/unittest/v1.0/src/crypto_x509_cert_chain_test_part2.cpp
View File

@ -355,6 +355,7 @@ HWTEST_F(CryptoX509CertChainTestPart2, ValidateOpensslInvaidCertId, TestSize.Lev
FreeValidateResult(result);
FreeTrustAnchorArr(trustAnchorArray);
CfFree(revChkOpArray.data);
}
HWTEST_F(CryptoX509CertChainTestPart2, ValidateOpensslRevocationLocalTest001, TestSize.Level0)