code check modification

Signed-off-by: Vincentchenhao <chenhao286@huawei.com>

frameworks/huks_standard/main/common/include/hks_config.h

@@ -39,14 +39,10 @@
 #define HKS_SUPPORT_ECC_GET_PUBLIC_KEY
 
 #define HKS_SUPPORT_ECDH_C
-#define HKS_SUPPORT_ECDH_GENERATE_KEY
 #define HKS_SUPPORT_ECDH_AGREE_KEY
-#define HKS_SUPPORT_ECDH_GET_PUBLIC_KEY
 
 #define HKS_SUPPORT_ECDSA_C
-#define HKS_SUPPORT_ECDSA_GENERATE_KEY
 #define HKS_SUPPORT_ECDSA_SIGN_VERIFY
-#define HKS_SUPPORT_EDDSA_GET_PUBLIC_KEY
 
 /* ED25519 */
 #define HKS_SUPPORT_ED25519_C
@@ -115,7 +111,6 @@
 
 #if defined(HKS_SUPPORT_AES_GENERATE_KEY) || defined(HKS_SUPPORT_DH_GENERATE_KEY) ||       \
     defined(HKS_SUPPORT_DSA_GENERATE_KEY) || defined(HKS_SUPPORT_ECC_GENERATE_KEY) ||      \
-    defined(HKS_SUPPORT_ECDH_GENERATE_KEY) || defined(HKS_SUPPORT_ECDSA_GENERATE_KEY) ||   \
     defined(HKS_SUPPORT_ED25519_GENERATE_KEY) || defined(HKS_SUPPORT_HMAC_GENERATE_KEY) || \
     defined(HKS_SUPPORT_RSA_GENERATE_KEY) || defined(HKS_SUPPORT_X25519_GENERATE_KEY)
 #define HKS_SUPPORT_API_GENERATE_KEY

frameworks/huks_standard/main/common/include/hks_config_base.h

@@ -40,14 +40,10 @@
 #define HKS_SUPPORT_ECC_GET_PUBLIC_KEY
 
 #define HKS_SUPPORT_ECDH_C
-#define HKS_SUPPORT_ECDH_GENERATE_KEY
 #define HKS_SUPPORT_ECDH_AGREE_KEY
-#define HKS_SUPPORT_ECDH_GET_PUBLIC_KEY
 
 #define HKS_SUPPORT_ECDSA_C
-#define HKS_SUPPORT_ECDSA_GENERATE_KEY
 #define HKS_SUPPORT_ECDSA_SIGN_VERIFY
-#define HKS_SUPPORT_EDDSA_GET_PUBLIC_KEY
 
 /* ED25519 */
 #define HKS_SUPPORT_ED25519_C
@@ -116,7 +112,6 @@
 
 #if defined(HKS_SUPPORT_AES_GENERATE_KEY) || defined(HKS_SUPPORT_DH_GENERATE_KEY) ||       \
     defined(HKS_SUPPORT_DSA_GENERATE_KEY) || defined(HKS_SUPPORT_ECC_GENERATE_KEY) ||      \
-    defined(HKS_SUPPORT_ECDH_GENERATE_KEY) || defined(HKS_SUPPORT_ECDSA_GENERATE_KEY) ||   \
     defined(HKS_SUPPORT_ED25519_GENERATE_KEY) || defined(HKS_SUPPORT_HMAC_GENERATE_KEY) || \
     defined(HKS_SUPPORT_RSA_GENERATE_KEY) || defined(HKS_SUPPORT_X25519_GENERATE_KEY)
 #define HKS_SUPPORT_API_GENERATE_KEY

frameworks/huks_standard/main/common/include/hks_config_lite.h

@@ -30,9 +30,15 @@
 
 /* HASH */
 #define HKS_SUPPORT_HASH_C
+#define HKS_SUPPORT_HASH_SHA256
+#define HKS_SUPPORT_HASH_SHA384
+#define HKS_SUPPORT_HASH_SHA512
 
 /* HMAC */
 #define HKS_SUPPORT_HMAC_C
+#define HKS_SUPPORT_HMAC_SHA256
+#define HKS_SUPPORT_HMAC_SHA384
+#define HKS_SUPPORT_HMAC_SHA512
 
 /* KDF */
 #define HKS_SUPPORT_KDF_C

frameworks/huks_standard/main/common/include/hks_config_small.h

@@ -108,10 +108,16 @@
 
 #ifdef HKS_SUPPORT_HMAC_C
 #define HKS_SUPPORT_API_MAC
+#define HKS_SUPPORT_HMAC_SHA256
+#define HKS_SUPPORT_HMAC_SHA384
+#define HKS_SUPPORT_HMAC_SHA512
 #endif
 
 #ifdef HKS_SUPPORT_HASH_C
 #define HKS_SUPPORT_API_HASH
+#define HKS_SUPPORT_HASH_SHA256
+#define HKS_SUPPORT_HASH_SHA384
+#define HKS_SUPPORT_HASH_SHA512
 #endif
 
 #ifdef HKS_SUPPORT_BN_C

frameworks/huks_standard/main/common/src/hks_base_check.c

@@ -411,7 +411,7 @@ static const struct ExpectParamsValuesChecker g_expectEcdhParams[] = {
 };
 #endif
 
-static uint32_t INVALID_PURPOSE[][2] = {
+static uint32_t g_invalidPurpose[][2] = {
 #ifdef HKS_SUPPORT_RSA_C
     {
         HKS_ALG_RSA,
@@ -551,14 +551,14 @@ static int32_t CheckPurposeUnique(uint32_t inputPurpose)
 static int32_t GetInvalidPurpose(uint32_t alg, uint32_t *inputPurpose)
 {
     int32_t result = HKS_ERROR_INVALID_ALGORITHM;
-    if (sizeof(INVALID_PURPOSE) == 0) {
+    if (sizeof(g_invalidPurpose) == 0) {
         return result;
     }
-    uint32_t count = sizeof(INVALID_PURPOSE) / sizeof(INVALID_PURPOSE[0]);
+    uint32_t count = sizeof(g_invalidPurpose) / sizeof(g_invalidPurpose[0]);
     for (uint32_t i = 0; i < count; i++) {
-        if (alg == INVALID_PURPOSE[i][0]) {
+        if (alg == g_invalidPurpose[i][0]) {
             result = HKS_SUCCESS;
-            *inputPurpose = INVALID_PURPOSE[i][1];
+            *inputPurpose = g_invalidPurpose[i][1];
             break;
         }
     }
@@ -935,11 +935,11 @@ static int32_t CheckAesPadding(uint32_t mode, uint32_t padding)
     }
 
     if (mode == HKS_MODE_CTR) {
-        return HksCheckValue(padding, g_aesCtrPadding, HKS_ARRAY_SIZE(g_aesCbcPadding));
+        return HksCheckValue(padding, g_aesCtrPadding, HKS_ARRAY_SIZE(g_aesCtrPadding));
     }
 
     if (mode == HKS_MODE_ECB) {
-        return HksCheckValue(padding, g_aesEcbPadding, HKS_ARRAY_SIZE(g_aesCbcPadding));
+        return HksCheckValue(padding, g_aesEcbPadding, HKS_ARRAY_SIZE(g_aesEcbPadding));
     }
 
     if ((mode == HKS_MODE_GCM) || (mode == HKS_MODE_CCM)) {

frameworks/huks_standard/main/common/src/hks_crypto_adapter.c

@@ -495,7 +495,11 @@ static int32_t FormatDsaKey(const struct HksBlob *keyIn, struct HksParamSet *par
     (void)memcpy_s(publicKey, publicKeySize, keyIn->data, sizeof(struct KeyMaterialDsa));
     uint32_t inOffset = sizeof(struct KeyMaterialDsa);
     uint32_t outOffset = sizeof(struct KeyMaterialDsa) + keyMaterial->xSize;
-    (void)memcpy_s(publicKey + inOffset, publicKeySize - inOffset, keyIn->data + outOffset, publicKeySize - inOffset);
+    if (memcpy_s(publicKey + inOffset, publicKeySize - inOffset, keyIn->data + outOffset, publicKeySize - inOffset) !=
+        EOK) {
+        HKS_FREE_PTR(publicKey);
+        return HKS_ERROR_INVALID_OPERATION;
+    }
     ((struct KeyMaterialDsa *)publicKey)->xSize = 0;
 
     struct HksParam params[] = {
@@ -610,7 +614,9 @@ int32_t HksSetKeyToMaterial(uint32_t alg, bool isPubKey, const struct HksBlob *k
             keyMaterial->size = key->size;
             keyMaterial->data = HksMalloc(keyMaterial->size);
             if (keyMaterial->data != NULL) {
-                (void)memcpy_s(keyMaterial->data, keyMaterial->size, key->data, key->size);
+                if (memcpy_s(keyMaterial->data, keyMaterial->size, key->data, key->size) != EOK) {
+                    return HKS_ERROR_INVALID_OPERATION;
+                }
                 return HKS_SUCCESS;
             } else {
                 return HKS_ERROR_MALLOC_FAIL;

frameworks/huks_standard/main/crypto_engine/mbedtls/include/hks_mbedtls_ecdsa.h

@@ -29,8 +29,12 @@
 extern "C" {
 #endif
 
+#ifdef HKS_SUPPORT_ECDSA_C
+#ifdef HKS_SUPPORT_ECDSA_SIGN_VERIFY
 int32_t HksMbedtlsEcdsaSignVerify(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
     const struct HksBlob *message, const struct HksBlob *signature, bool isVerify);
+#endif /* HKS_SUPPORT_ECDSA_SIGN_VERIFY */
+#endif /* HKS_SUPPORT_ECDSA_C */
 
 #ifdef __cplusplus
 }

frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_aes.c

@@ -370,14 +370,14 @@ static int32_t AesCtrCrypt(const struct HksBlob *key, const struct HksUsageSpec
             break;
         }
 
-        size_t olen;
+        size_t outLen;
         ret = mbedtls_cipher_crypt(
-            &ctx, cipherParam->iv.data, cipherParam->iv.size, message->data, message->size, cipherText->data, &olen);
+            &ctx, cipherParam->iv.data, cipherParam->iv.size, message->data, message->size, cipherText->data, &outLen);
         if (ret != HKS_MBEDTLS_SUCCESS) {
             HKS_LOG_E("Mbedtls failed ret = 0x%X", ret);
             break;
         }
-        cipherText->size = olen;
+        cipherText->size = outLen;
 
         mbedtls_cipher_free(&ctx);
         return HKS_SUCCESS;
@@ -413,13 +413,13 @@ static int32_t AesEcbNoPaddingCrypt(const struct HksBlob *key, const struct HksU
             break;
         }
 
-        size_t olen;
-        ret = mbedtls_cipher_crypt(&ctx, NULL, 0, message->data, message->size, cipherText->data, &olen);
+        size_t outLen;
+        ret = mbedtls_cipher_crypt(&ctx, NULL, 0, message->data, message->size, cipherText->data, &outLen);
         if (ret != HKS_MBEDTLS_SUCCESS) {
             HKS_LOG_E("Mbedtls failed ret = 0x%X", ret);
             break;
         }
-        cipherText->size = olen;
+        cipherText->size = outLen;
 
         mbedtls_cipher_free(&ctx);
         return HKS_SUCCESS;

frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_dh.c

@@ -29,36 +29,36 @@
 #include "hks_mbedtls_common.h"
 #include "hks_mem.h"
 
-#define HKS_Dh_KEYPAIR_CNT 2
+#define HKS_DH_KEYPAIR_CNT 2
 
 #if defined(HKS_SUPPORT_DH_GENERATE_KEY) || defined(HKS_SUPPORT_DH_AGREE_KEY)
-static uint8_t ffdhe2048ParamG[] = MBEDTLS_DHM_RFC7919_FFDHE2048_G_BIN;
-static uint8_t ffdhe2048ParamP[] = MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN;
-static uint8_t ffdhe3072ParamG[] = MBEDTLS_DHM_RFC7919_FFDHE3072_G_BIN;
-static uint8_t ffdhe3072ParamP[] = MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN;
-static uint8_t ffdhe4096ParamG[] = MBEDTLS_DHM_RFC7919_FFDHE4096_G_BIN;
-static uint8_t ffdhe4096ParamP[] = MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN;
+static uint8_t g_ffdhe2048ParamG[] = MBEDTLS_DHM_RFC7919_FFDHE2048_G_BIN;
+static uint8_t g_ffdhe2048ParamP[] = MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN;
+static uint8_t g_ffdhe3072ParamG[] = MBEDTLS_DHM_RFC7919_FFDHE3072_G_BIN;
+static uint8_t g_ffdhe3072ParamP[] = MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN;
+static uint8_t g_ffdhe4096ParamG[] = MBEDTLS_DHM_RFC7919_FFDHE4096_G_BIN;
+static uint8_t g_ffdhe4096ParamP[] = MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN;
 
 static int32_t GetDhParam(uint32_t keySize, struct HksBlob *P, struct HksBlob *G)
 {
     switch (keySize) {
         case HKS_DH_KEY_SIZE_2048:
-            P->data = ffdhe2048ParamP;
-            P->size = sizeof(ffdhe2048ParamP);
-            G->data = ffdhe2048ParamG;
-            G->size = sizeof(ffdhe2048ParamG);
+            P->data = g_ffdhe2048ParamP;
+            P->size = sizeof(g_ffdhe2048ParamP);
+            G->data = g_ffdhe2048ParamG;
+            G->size = sizeof(g_ffdhe2048ParamG);
             return HKS_SUCCESS;
         case HKS_DH_KEY_SIZE_3072:
-            P->data = ffdhe3072ParamP;
-            P->size = sizeof(ffdhe3072ParamP);
-            G->data = ffdhe3072ParamG;
-            G->size = sizeof(ffdhe3072ParamG);
+            P->data = g_ffdhe3072ParamP;
+            P->size = sizeof(g_ffdhe3072ParamP);
+            G->data = g_ffdhe3072ParamG;
+            G->size = sizeof(g_ffdhe3072ParamG);
             return HKS_SUCCESS;
         case HKS_DH_KEY_SIZE_4096:
-            P->data = ffdhe4096ParamP;
-            P->size = sizeof(ffdhe4096ParamP);
-            G->data = ffdhe4096ParamG;
-            G->size = sizeof(ffdhe4096ParamG);
+            P->data = g_ffdhe4096ParamP;
+            P->size = sizeof(g_ffdhe4096ParamP);
+            G->data = g_ffdhe4096ParamG;
+            G->size = sizeof(g_ffdhe4096ParamG);
             return HKS_SUCCESS;
         default:
             return HKS_ERROR_INVALID_KEY_SIZE;
@@ -70,7 +70,7 @@ static int32_t GetDhParam(uint32_t keySize, struct HksBlob *P, struct HksBlob *G
 static int32_t DhSaveKeyMaterial(const mbedtls_dhm_context *ctx, const uint32_t keySize, struct HksBlob *key)
 {
     const uint32_t keyByteLen = HKS_KEY_BYTES(keySize);
-    const uint32_t rawMaterialLen = sizeof(struct KeyMaterialDh) + keyByteLen * HKS_Dh_KEYPAIR_CNT;
+    const uint32_t rawMaterialLen = sizeof(struct KeyMaterialDh) + keyByteLen * HKS_DH_KEYPAIR_CNT;
     uint8_t *rawMaterial = (uint8_t *)HksMalloc(rawMaterialLen);
     if (rawMaterial == NULL) {
         return HKS_ERROR_MALLOC_FAIL;

frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_hash.c

@@ -40,24 +40,36 @@ int32_t HksMbedtlsHash(uint32_t alg, const struct HksBlob *msg, struct HksBlob *
 {
     int32_t ret;
     switch (alg) {
+#ifdef HKS_SUPPORT_HASH_MD5
         case HKS_DIGEST_MD5:
             ret = mbedtls_md5_ret(msg->data, msg->size, hash->data); /* 0 for MD5 */
             break;
+#endif
+#ifdef HKS_SUPPORT_HASH_SHA1
         case HKS_DIGEST_SHA1:
             ret = mbedtls_sha1_ret(msg->data, msg->size, hash->data); /* 0 for SHA-1 */
             break;
+#endif
+#ifdef HKS_SUPPORT_HASH_SHA224
         case HKS_DIGEST_SHA224:
             ret = mbedtls_sha256_ret(msg->data, msg->size, hash->data, 1); /* 0 for SHA-224 */
             break;
+#endif
+#ifdef HKS_SUPPORT_HASH_SHA256
         case HKS_DIGEST_SHA256:
             ret = mbedtls_sha256_ret(msg->data, msg->size, hash->data, 0); /* 0 for SHA-256 */
             break;
+#endif
+#ifdef HKS_SUPPORT_HASH_SHA384
         case HKS_DIGEST_SHA384:
             ret = mbedtls_sha512_ret(msg->data, msg->size, hash->data, 1); /* 1 for SHA-384 */
             break;
+#endif
+#ifdef HKS_SUPPORT_HASH_SHA512
         case HKS_DIGEST_SHA512:
             ret = mbedtls_sha512_ret(msg->data, msg->size, hash->data, 0); /* 0 for SHA-512 */
             break;
+#endif
         default:
             return HKS_ERROR_INVALID_DIGEST;
     }

frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_hmac.c

@@ -33,7 +33,7 @@
 #ifdef HKS_SUPPORT_HMAC_GENERATE_KEY
 int32_t HksMbedtlsHmacGenerateKey(const struct HksKeySpec *spec, struct HksBlob *key)
 {
-    if (spec->keyLen % HKS_BITS_PER_BYTE != 0) {
+    if ((spec->keyLen == 0) || (spec->keyLen % HKS_BITS_PER_BYTE != 0)) {
         return HKS_ERROR_INVALID_ARGUMENT;
     }
 

frameworks/huks_standard/main/crypto_engine/openssl/BUILD.gn

@@ -34,6 +34,7 @@ ohos_static_library("libhuks_openssl_standard_static") {
   ]
   sources = [
     "src/hks_openssl_aes.c",
+    "src/hks_openssl_common.c",
     "src/hks_openssl_curve25519.c",
     "src/hks_openssl_dh.c",
     "src/hks_openssl_dsa.c",

frameworks/huks_standard/main/crypto_engine/openssl/include/hks_openssl_common.h

@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef HKS_OPENSSL_COMMON_H
+#define HKS_OPENSSL_COMMON_H
+
+#include "hks_type_inner.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int32_t HksOpensslGenerateRandomKey(const uint32_t keySize, struct HksBlob *key);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* HKS_OPENSSL_COMMON_H */

frameworks/huks_standard/main/crypto_engine/openssl/include/hks_openssl_ecc.h

@@ -24,12 +24,10 @@ extern "C" {
 
 #define ECC_KEYPAIR_CNT 3
 
-#if defined(HKS_SUPPORT_ECC_GENERATE_KEY) || defined(HKS_SUPPORT_ECDH_GENERATE_KEY) || \
-    defined(HKS_SUPPORT_ECDSA_GENERATE_KEY)
+#if defined(HKS_SUPPORT_ECC_GENERATE_KEY)
 int32_t HksOpensslEccGenerateKey(const struct HksKeySpec *spec, struct HksBlob *key);
 #endif
-#if defined(HKS_SUPPORT_ECC_GET_PUBLIC_KEY) || defined(HKS_SUPPORT_ECDH_GET_PUBLIC_KEY) || \
-    defined(HKS_SUPPORT_EDDSA_GET_PUBLIC_KEY)
+#if defined(HKS_SUPPORT_ECC_GET_PUBLIC_KEY)
 int32_t HksOpensslGetEccPubKey(const struct HksBlob *input, struct HksBlob *output);
 #endif
 

frameworks/huks_standard/main/crypto_engine/openssl/src/hks_openssl_aes.c

@@ -28,6 +28,7 @@
 
 #include "hks_log.h"
 #include "hks_mem.h"
+#include "hks_openssl_common.h"
 #include "hks_openssl_engine.h"
 #include "hks_type_inner.h"
 
@@ -49,31 +50,7 @@ int32_t HksOpensslAesGenerateKey(const struct HksKeySpec *spec, struct HksBlob *
         return HKS_ERROR_INVALID_ARGUMENT;
     }
 
-    uint32_t keySizeByte = spec->keyLen / BIT_NUM_OF_UINT8;
-    int32_t ret = HKS_FAILURE;
-
-    uint8_t *tmpKey = (uint8_t *)HksMalloc(keySizeByte);
-    if (tmpKey == NULL) {
-        HKS_LOG_E("malloc buffer failed");
-        return HKS_ERROR_MALLOC_FAIL;
-    }
-
-    do {
-        if (RAND_bytes(tmpKey, keySizeByte) <= 0) {
-            HKS_LOG_E("generate key is failed:0x%x", ret);
-            break;
-        }
-
-        key->data = tmpKey;
-        key->size = keySizeByte;
-        ret = HKS_SUCCESS;
-    } while (0);
-
-    if (ret != HKS_SUCCESS) {
-        (void)memset_s(tmpKey, keySizeByte, 0, keySizeByte);
-        HksFree(tmpKey);
-    }
-    return ret;
+    return HksOpensslGenerateRandomKey(spec->keyLen, key);
 }
 #endif
 
@@ -159,6 +136,9 @@ static int32_t OpensslAesAeadInit(
 {
     int32_t ret;
     struct HksAeadParam *aeadParam = (struct HksAeadParam *)usageSpec->algParam;
+    if (aeadParam == NULL) {
+        return HKS_ERROR_INVALID_ARGUMENT;
+    }
 
     *ctx = EVP_CIPHER_CTX_new();
     if (*ctx == NULL) {

frameworks/huks_standard/main/crypto_engine/openssl/src/hks_openssl_common.c

@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "hks_openssl_common.h"
+
+#include <openssl/rand.h>
+
+#include "hks_log.h"
+#include "hks_mem.h"
+#include "hks_openssl_engine.h"
+#include "hks_type_inner.h"
+
+int32_t HksOpensslGenerateRandomKey(const uint32_t keySize, struct HksBlob *key)
+{
+    uint32_t keySizeByte = keySize / BIT_NUM_OF_UINT8;
+    int32_t ret = HKS_FAILURE;
+
+    uint8_t *tmpKey = (uint8_t *)HksMalloc(keySizeByte);
+    if (tmpKey == NULL) {
+        HKS_LOG_E("malloc buffer failed");
+        return HKS_ERROR_MALLOC_FAIL;
+    }
+
+    do {
+        if (RAND_bytes(tmpKey, keySizeByte) <= 0) {
+            HKS_LOG_E("generate key is failed:0x%x", ret);
+            break;
+        }
+
+        key->data = tmpKey;
+        key->size = keySizeByte;
+        ret = HKS_SUCCESS;
+    } while (0);
+
+    if (ret != HKS_SUCCESS) {
+        (void)memset_s(tmpKey, keySizeByte, 0, keySizeByte);
+        HksFree(tmpKey);
+    }
+    return ret;
+}

frameworks/huks_standard/main/crypto_engine/openssl/src/hks_openssl_dh.c

@@ -185,7 +185,7 @@ int32_t HksOpensslDhAgreeKey(const struct HksBlob *nativeKey, const struct HksBl
 
     uint8_t computeKey[DH_size(dh)];
 
-    if (DH_compute_key_padded(computeKey, pub, dh) <= 0) {
+    if (DH_compute_key_padded(&computeKey[0], pub, dh) <= 0) {
         HksLogOpensslError();
         BN_free(pub);
         DH_free(dh);
@@ -195,9 +195,12 @@ int32_t HksOpensslDhAgreeKey(const struct HksBlob *nativeKey, const struct HksBl
     if (HKS_KEY_BYTES(spec->keyLen) > (uint32_t)DH_size(dh)) {
         ret = HKS_ERROR_INVALID_KEY_SIZE;
     } else {
-        (void)memcpy_s(sharedKey->data, sharedKey->size, computeKey, HKS_KEY_BYTES(spec->keyLen));
-        sharedKey->size = DH_size(dh);
-        ret = HKS_SUCCESS;
+        if (memcpy_s(sharedKey->data, sharedKey->size, computeKey, HKS_KEY_BYTES(spec->keyLen)) != EOK) {
+            ret = HKS_ERROR_INVALID_OPERATION;
+        } else {
+            sharedKey->size = DH_size(dh);
+            ret = HKS_SUCCESS;
+        }
     }
 
     BN_free(pub);

frameworks/huks_standard/main/crypto_engine/openssl/src/hks_openssl_dsa.c

@@ -59,23 +59,33 @@ static DSA *InitDsaStruct(const struct HksBlob *key, const bool needPrivateExpon
             return NULL;
         } else {
             (void)memcpy_s(buff, sizeof(buff), key->data + offset, keyMaterial->xSize);
-            x = BN_bin2bn(buff, keyMaterial->xSize, NULL);
+            x = BN_bin2bn(&buff[0], keyMaterial->xSize, NULL);
         }
     }
     offset += keyMaterial->xSize;
     (void)memcpy_s(buff, sizeof(buff), key->data + offset, keyMaterial->ySize);
-    BIGNUM *y = BN_bin2bn(buff, keyMaterial->ySize, NULL);
+    BIGNUM *y = BN_bin2bn(&buff[0], keyMaterial->ySize, NULL);
     offset += keyMaterial->ySize;
+    if (DSA_set0_key(dsa, y, x) != HKS_OPENSSL_SUCCESS) {
+        BN_free(y);
+        BN_free(x);
+        DSA_free(dsa);
+        return NULL;
+    }
+
     (void)memcpy_s(buff, sizeof(buff), key->data + offset, keyMaterial->pSize);
-    BIGNUM *p = BN_bin2bn(buff, keyMaterial->pSize, NULL);
+    BIGNUM *p = BN_bin2bn(&buff[0], keyMaterial->pSize, NULL);
     offset += keyMaterial->pSize;
     (void)memcpy_s(buff, sizeof(buff), key->data + offset, keyMaterial->qSize);
-    BIGNUM *q = BN_bin2bn(buff, keyMaterial->qSize, NULL);
+    BIGNUM *q = BN_bin2bn(&buff[0], keyMaterial->qSize, NULL);
     offset += keyMaterial->qSize;
     (void)memcpy_s(buff, sizeof(buff), key->data + offset, keyMaterial->gSize);
-    BIGNUM *g = BN_bin2bn(buff, keyMaterial->gSize, NULL);
+    BIGNUM *g = BN_bin2bn(&buff[0], keyMaterial->gSize, NULL);
 
-    if (DSA_set0_key(dsa, y, x) != HKS_OPENSSL_SUCCESS || DSA_set0_pqg(dsa, p, q, g) != HKS_OPENSSL_SUCCESS) {
+    if (DSA_set0_pqg(dsa, p, q, g) != HKS_OPENSSL_SUCCESS) {
+        BN_free(p);
+        BN_free(q);
+        BN_free(g);
         DSA_free(dsa);
         return NULL;
     }
@@ -257,10 +267,12 @@ int32_t HksOpensslGetDsaPubKey(const struct HksBlob *input, struct HksBlob *outp
     publickeyMaterial->qSize = keyMaterial->qSize;
     publickeyMaterial->gSize = keyMaterial->gSize;
 
-    memcpy_s(output->data + sizeof(struct KeyMaterialDsa) + publickeyMaterial->xSize,
-        output->size - (sizeof(struct KeyMaterialDsa) + publickeyMaterial->xSize),
-        input->data + sizeof(struct KeyMaterialDsa) + keyMaterial->xSize,
-        keyMaterial->ySize + keyMaterial->pSize + keyMaterial->qSize + keyMaterial->gSize);
+    if (memcpy_s(output->data + sizeof(struct KeyMaterialDsa) + publickeyMaterial->xSize,
+                 output->size - (sizeof(struct KeyMaterialDsa) + publickeyMaterial->xSize),
+                 input->data + sizeof(struct KeyMaterialDsa) + keyMaterial->xSize,
+                 keyMaterial->ySize + keyMaterial->pSize + keyMaterial->qSize + keyMaterial->gSize) != EOK) {
+        return HKS_ERROR_INVALID_OPERATION;
+    }
 
     return HKS_SUCCESS;
 }

frameworks/huks_standard/main/crypto_engine/openssl/src/hks_openssl_ecc.c

@@ -210,10 +210,12 @@ int32_t HksOpensslGetEccPubKey(const struct HksBlob *input, struct HksBlob *outp
     publickeyMaterial->ySize = keyMaterial->ySize;
     publickeyMaterial->zSize = 0;
 
-    memcpy_s(output->data + sizeof(struct KeyMaterialEcc),
-        output->size - sizeof(struct KeyMaterialEcc),
-        input->data + sizeof(struct KeyMaterialEcc),
-        keyMaterial->xSize + keyMaterial->ySize);
+    if (memcpy_s(output->data + sizeof(struct KeyMaterialEcc),
+                 output->size - sizeof(struct KeyMaterialEcc),
+                 input->data + sizeof(struct KeyMaterialEcc),
+                 keyMaterial->xSize + keyMaterial->ySize) != EOK) {
+        return HKS_ERROR_INVALID_OPERATION;
+    }
 
     return HKS_SUCCESS;
 }

frameworks/huks_standard/main/crypto_engine/openssl/src/hks_openssl_hash.c

@@ -13,6 +13,14 @@
  * limitations under the License.
  */
 
+#ifdef HKS_CONFIG_FILE
+#include HKS_CONFIG_FILE
+#else
+#include "hks_config.h"
+#endif
+
+#ifdef HKS_SUPPORT_HASH_C
+
 #include "hks_openssl_hash.h"
 
 #include <openssl/evp.h>
@@ -24,11 +32,24 @@
 static int32_t CheckDigestAlg(uint32_t alg)
 {
     switch (alg) {
+#ifdef HKS_SUPPORT_HASH_SHA1
         case HKS_DIGEST_SHA1:
+#endif
+#ifdef HKS_SUPPORT_HASH_SHA224
         case HKS_DIGEST_SHA224:
+#endif
+#ifdef HKS_SUPPORT_HASH_SHA256
         case HKS_DIGEST_SHA256:
+#endif
+#ifdef HKS_SUPPORT_HASH_SHA384
         case HKS_DIGEST_SHA384:
+#endif
+#ifdef HKS_SUPPORT_HASH_SHA512
         case HKS_DIGEST_SHA512:
+#endif
+#ifdef HKS_SUPPORT_HASH_MD5
+        case HKS_DIGEST_MD5:
+#endif
             break;
         default:
             HKS_LOG_E("Unsupport HASH Type!");
@@ -75,3 +96,4 @@ int32_t HksOpensslHash(uint32_t alg, const struct HksBlob *msg, struct HksBlob *
     }
     return HKS_SUCCESS;
 }
+#endif

frameworks/huks_standard/main/crypto_engine/openssl/src/hks_openssl_hmac.c

@@ -30,6 +30,7 @@
 #include "hks_common_check.h"
 #include "hks_log.h"
 #include "hks_mem.h"
+#include "hks_openssl_common.h"
 #include "hks_openssl_engine.h"
 #include "hks_type_inner.h"
 
@@ -50,25 +51,9 @@ static int32_t HmacCheckBuffer(const struct HksBlob *key, const struct HksBlob *
     return HKS_SUCCESS;
 }
 
-static uint32_t HmacGetDigestLen(uint32_t alg)
-{
-    switch (alg) {
-        case HKS_DIGEST_SHA1:
-            return HKS_DIGEST_SHA1_LEN;
-        case HKS_DIGEST_SHA224:
-            return HKS_DIGEST_SHA224_LEN;
-        case HKS_DIGEST_SHA256:
-            return HKS_DIGEST_SHA256_LEN;
-        case HKS_DIGEST_SHA384:
-            return HKS_DIGEST_SHA384_LEN;
-        default:
-            return HKS_DIGEST_SHA512_LEN;
-    }
-}
-
 static int32_t HmacGenKeyCheckParam(const struct HksKeySpec *spec)
 {
-    if (spec->keyLen % BIT_NUM_OF_UINT8 != 0) {
+    if ((spec->keyLen == 0) || (spec->keyLen % BIT_NUM_OF_UINT8 != 0)) {
         return HKS_ERROR_INVALID_ARGUMENT;
     }
     return HKS_SUCCESS;
@@ -82,31 +67,7 @@ int32_t HksOpensslHmacGenerateKey(const struct HksKeySpec *spec, struct HksBlob
         return HKS_ERROR_INVALID_ARGUMENT;
     }
 
-    uint32_t keySizeByte = spec->keyLen / BIT_NUM_OF_UINT8;
-    int32_t ret = HKS_FAILURE;
-
-    uint8_t *tmpKey = (uint8_t *)HksMalloc(keySizeByte);
-    if (tmpKey == NULL) {
-        HKS_LOG_E("malloc buffer failed");
-        return HKS_ERROR_MALLOC_FAIL;
-    }
-
-    do {
-        if (RAND_bytes(tmpKey, keySizeByte) <= 0) {
-            HKS_LOG_E("generate key is failed:0x%x", ret);
-            break;
-        }
-
-        key->data = tmpKey;
-        key->size = keySizeByte;
-        ret = HKS_SUCCESS;
-    } while (0);
-
-    if (ret != HKS_SUCCESS) {
-        (void)memset_s(tmpKey, keySizeByte, 0, keySizeByte);
-        HksFree(tmpKey);
-    }
-    return ret;
+    return HksOpensslGenerateRandomKey(spec->keyLen, key);
 }
 #endif /* HKS_SUPPORT_HMAC_GENERATE_KEY */
 
@@ -124,7 +85,12 @@ static int32_t HmacCheckParam(
         return HKS_ERROR_INVALID_ARGUMENT;
     }
 
-    uint32_t digestLen = HmacGetDigestLen(alg);
+    uint32_t digestLen;
+    if (HksGetDigestLen(alg, &digestLen) != HKS_SUCCESS) {
+        HKS_LOG_E("Invalid alg(0x%x)", alg);
+        return HKS_ERROR_INVALID_ARGUMENT;
+    }
+
     if (mac->size < digestLen) {
         HKS_LOG_E("invalid mac->size(0x%x) for digestLen(0x%x)", mac->size, digestLen);
         return HKS_ERROR_INVALID_ARGUMENT;

frameworks/huks_standard/main/crypto_engine/openssl/src/hks_openssl_rsa.c

@@ -64,24 +64,44 @@ static RSA *InitRsaStruct(const struct HksBlob *key, const bool needPrivateExpon
     const struct KeyMaterialRsa *keyMaterial = (struct KeyMaterialRsa *)(key->data);
     uint8_t buff[HKS_KEY_BYTES(keyMaterial->keySize)];
 
+    bool copyFail = false;
+
     uint32_t offset = sizeof(*keyMaterial);
-    (void)memcpy_s(buff, sizeof(buff), key->data + offset, keyMaterial->nSize);
-    BIGNUM *n = BN_bin2bn(buff, keyMaterial->nSize, NULL);
+    if (memcpy_s(buff, sizeof(buff), key->data + offset, keyMaterial->nSize) != EOK) {
+        copyFail = true;
+    }
+    BIGNUM *n = BN_bin2bn(&buff[0], keyMaterial->nSize, NULL);
     offset += keyMaterial->nSize;
-    (void)memcpy_s(buff, sizeof(buff), key->data + offset, keyMaterial->eSize);
-    BIGNUM *e = BN_bin2bn(buff, keyMaterial->eSize, NULL);
+    if (memcpy_s(buff, sizeof(buff), key->data + offset, keyMaterial->eSize) != EOK) {
+        copyFail = true;
+    }
+    BIGNUM *e = BN_bin2bn(&buff[0], keyMaterial->eSize, NULL);
     offset += keyMaterial->eSize;
     BIGNUM *d = NULL;
     if (needPrivateExponent) {
-        (void)memcpy_s(buff, sizeof(buff), key->data + offset, keyMaterial->dSize);
-        d = BN_bin2bn(buff, keyMaterial->dSize, NULL);
+        if (memcpy_s(buff, sizeof(buff), key->data + offset, keyMaterial->dSize) != EOK) {
+            copyFail = true;
+        }
+        d = BN_bin2bn(&buff[0], keyMaterial->dSize, NULL);
+    }
+    if (copyFail) {
+        SELF_FREE_PTR(n, BN_free);
+        SELF_FREE_PTR(e, BN_free);
+        SELF_FREE_PTR(d, BN_free);
+        return NULL;
     }
 
     RSA *rsa = RSA_new();
-    int32_t ret = RSA_set0_key(rsa, n, e, d);
-    if (ret != HKS_OPENSSL_SUCCESS) {
-        RSA_free(rsa);
-        return NULL;
+    if (rsa != NULL) {
+        int32_t ret = RSA_set0_key(rsa, n, e, d);
+        if (ret != HKS_OPENSSL_SUCCESS) {
+            RSA_free(rsa);
+            return NULL;
+        }
+    } else {
+        SELF_FREE_PTR(n, BN_free);
+        SELF_FREE_PTR(e, BN_free);
+        SELF_FREE_PTR(d, BN_free);
     }
 
     return rsa;
@@ -106,15 +126,21 @@ static int32_t RsaSaveKeyMaterial(const RSA *rsa, const uint32_t keySize, struct
 
     uint32_t offset = sizeof(*keyMaterial);
     keyMaterial->nSize = BN_bn2bin(RSA_get0_n(rsa), tmp_buff);
-    memcpy_s(rawMaterial + offset, keyByteLen, tmp_buff, keyMaterial->nSize);
+    if (memcpy_s(rawMaterial + offset, keyByteLen, tmp_buff, keyMaterial->nSize) != EOK) {
+        return HKS_ERROR_INVALID_OPERATION;
+    }
 
     offset += keyMaterial->nSize;
     keyMaterial->eSize = BN_bn2bin(RSA_get0_e(rsa), tmp_buff);
-    memcpy_s(rawMaterial + offset, keyByteLen, tmp_buff, keyMaterial->eSize);
+    if (memcpy_s(rawMaterial + offset, keyByteLen, tmp_buff, keyMaterial->eSize) != EOK) {
+        return HKS_ERROR_INVALID_OPERATION;
+    }
 
     offset += keyMaterial->eSize;
     keyMaterial->dSize = BN_bn2bin(RSA_get0_d(rsa), tmp_buff);
-    memcpy_s(rawMaterial + offset, keyByteLen, tmp_buff, keyMaterial->dSize);
+    if (memcpy_s(rawMaterial + offset, keyByteLen, tmp_buff, keyMaterial->dSize) != EOK) {
+        return HKS_ERROR_INVALID_OPERATION;
+    }
 
     key->data = rawMaterial;
     key->size = sizeof(struct KeyMaterialRsa) + keyMaterial->nSize + keyMaterial->eSize + keyMaterial->dSize;
@@ -163,10 +189,12 @@ int32_t HksOpensslGetRsaPubKey(const struct HksBlob *input, struct HksBlob *outp
     publickeyMaterial->eSize = keyMaterial->eSize;
     publickeyMaterial->dSize = 0;
 
-    memcpy_s(output->data + sizeof(struct KeyMaterialRsa),
-        output->size - sizeof(struct KeyMaterialRsa),
-        input->data + sizeof(struct KeyMaterialRsa),
-        keyMaterial->nSize + keyMaterial->eSize);
+    if (memcpy_s(output->data + sizeof(struct KeyMaterialRsa),
+                 output->size - sizeof(struct KeyMaterialRsa),
+                 input->data + sizeof(struct KeyMaterialRsa),
+                 keyMaterial->nSize + keyMaterial->eSize) != EOK) {
+        return HKS_ERROR_INVALID_OPERATION;
+    }
 
     return HKS_SUCCESS;
 }
@@ -176,15 +204,23 @@ int32_t HksOpensslGetRsaPubKey(const struct HksBlob *input, struct HksBlob *outp
 static int32_t GetRsaCryptPadding(uint32_t padding, uint32_t *rsaPadding)
 {
     switch (padding) {
+#ifdef HKS_SUPPORT_RSA_ECB_NOPADDING
         case HKS_PADDING_NONE:
             *rsaPadding = RSA_NO_PADDING;
             return HKS_SUCCESS;
+#endif
+#ifdef HKS_SUPPORT_RSA_ECB_PKCS1PADDING
         case HKS_PADDING_PKCS1_V1_5:
             *rsaPadding = RSA_PKCS1_PADDING;
             return HKS_SUCCESS;
+#endif
+#if defined(HKS_SUPPORT_RSA_ECB_OEAPPADDING) || defined(HKS_SUPPORT_RSA_ECB_OAEPPADDING_SHA1MGF1) ||              \
+    defined(HKS_SUPPORT_RSA_ECB_OAEPPADDING_SHA224MGF1) || defined(HKS_SUPPORT_RSA_ECB_OAEPPADDING_SHA256MGF1) || \
+    defined(HKS_SUPPORT_RSA_ECB_OAEPPADDING_SHA384MGF1) || defined(HKS_SUPPORT_RSA_ECB_OAEPPADDING_SHA512MGF1)
         case HKS_PADDING_OAEP:
             *rsaPadding = RSA_PKCS1_OAEP_PADDING;
             return HKS_SUCCESS;
+#endif
         default:
             return HKS_FAILURE;
     }
@@ -234,6 +270,7 @@ static EVP_PKEY_CTX *InitEvpPkeyCtx(const struct HksBlob *key, bool encrypt)
     if (ret != HKS_OPENSSL_SUCCESS) {
         HksLogOpensslError();
         EVP_PKEY_free(pkey);
+        EVP_PKEY_CTX_free(ctx);
         return NULL;
     }
 

frameworks/huks_standard/main/crypto_engine/test/unittest/hks_crypto_hal_api_openssl.cpp

@@ -210,7 +210,7 @@ HWTEST_F(HksCryptoHalApiOpenssl, HksCryptoHalApiOpenssl_006, Function | SmallTes
 
     spec.mode = HKS_MODE_GCM;
     ret = HksCryptoHalEncrypt(&key, &spec, &message, &cipherText, &tagAead);
-    EXPECT_EQ(HKS_ERROR_CRYPTO_ENGINE_ERROR, ret);
+    EXPECT_EQ(HKS_ERROR_INVALID_ARGUMENT, ret);
 }
 
 /**
@@ -238,7 +238,7 @@ HWTEST_F(HksCryptoHalApiOpenssl, HksCryptoHalApiOpenssl_007, Function | SmallTes
     spec.mode = HKS_MODE_GCM;
     key.size = 1;
     ret = HksCryptoHalDecrypt(&key, &spec, &message, &cipherText);
-    EXPECT_EQ(HKS_ERROR_CRYPTO_ENGINE_ERROR, ret);
+    EXPECT_EQ(HKS_ERROR_INVALID_ARGUMENT, ret);
 }
 
 /**
@@ -336,14 +336,14 @@ HWTEST_F(HksCryptoHalApiOpenssl, HksCryptoHalApiOpenssl_011, Function | SmallTes
 
     uint8_t buff[HKS_KEY_BYTES(HKS_RSA_KEY_SIZE_512)] = {0};
     HksBlob key = { .size = sizeof(buff), .data = buff };
-    HksUsageSpec signSpec = { .algType = HKS_ALG_RSA };
+    HksUsageSpec signSpec = { .algType = HKS_ALG_RSA, .padding = HKS_PADDING_PKCS1_V1_5 };
     HksBlob message = { .size = 1, .data = buff };
     HksBlob signature = { .size = 1, .data = buff };
 
     EXPECT_EQ(HksCryptoHalSign(&key, &signSpec, &message, &signature), HKS_ERROR_INVALID_KEY_INFO);
 
     signSpec.padding = HKS_PADDING_PSS;
-    EXPECT_EQ(HksCryptoHalSign(&key, &signSpec, &message, &signature), HKS_ERROR_CRYPTO_ENGINE_ERROR);
+    EXPECT_EQ(HksCryptoHalSign(&key, &signSpec, &message, &signature), HKS_ERROR_INVALID_KEY_INFO);
 
     HksCryptoHalGenerateKey(&spec, &key);
     EXPECT_EQ(HksCryptoHalSign(&key, &signSpec, &message, &signature), HKS_ERROR_BUFFER_TOO_SMALL);
@@ -366,7 +366,7 @@ HWTEST_F(HksCryptoHalApiOpenssl, HksCryptoHalApiOpenssl_012, Function | SmallTes
     EXPECT_EQ(HksCryptoHalVerify(&key, &signSpec, &message, &signature), HKS_ERROR_INVALID_KEY_INFO);
 
     signSpec.padding = HKS_PADDING_PSS;
-    EXPECT_EQ(HksCryptoHalVerify(&key, &signSpec, &message, &signature), HKS_ERROR_CRYPTO_ENGINE_ERROR);
+    EXPECT_EQ(HksCryptoHalVerify(&key, &signSpec, &message, &signature), HKS_ERROR_INVALID_KEY_INFO);
 }
 
 /**
@@ -549,16 +549,16 @@ HWTEST_F(HksCryptoHalApiOpenssl, HksCryptoHalApiOpenssl_020, Function | SmallTes
     HksBlob signature = { .size = 0, .data = nullptr };
     uint8_t buff[1] = {0};
 
-    EXPECT_EQ(HksCryptoHalHmac(&key, NULL, &message, &signature), HKS_ERROR_INVALID_ARGUMENT);
+    EXPECT_EQ(HksCryptoHalHmac(&key, 0, &message, &signature), HKS_ERROR_INVALID_ARGUMENT);
 
     key = { .size = 1, .data = buff };
-    EXPECT_EQ(HksCryptoHalHmac(&key, NULL, &message, &signature), HKS_ERROR_INVALID_ARGUMENT);
+    EXPECT_EQ(HksCryptoHalHmac(&key, 0, &message, &signature), HKS_ERROR_INVALID_ARGUMENT);
 
     message = { .size = 1, .data = buff };
-    EXPECT_EQ(HksCryptoHalHmac(&key, NULL, &message, &signature), HKS_ERROR_INVALID_ARGUMENT);
+    EXPECT_EQ(HksCryptoHalHmac(&key, 0, &message, &signature), HKS_ERROR_INVALID_ARGUMENT);
 
     signature = { .size = 1, .data = buff };
-    EXPECT_EQ(HksCryptoHalHmac(&key, NULL, &message, &signature), HKS_ERROR_INVALID_ARGUMENT);
+    EXPECT_EQ(HksCryptoHalHmac(&key, 0, &message, &signature), HKS_ERROR_INVALID_ARGUMENT);
 
     EXPECT_EQ(HksCryptoHalHmac(&key, HKS_DIGEST_SHA512, &message, &signature), HKS_ERROR_INVALID_ARGUMENT);
 }

frameworks/huks_standard/main/crypto_engine/test/unittest/hks_crypto_hal_dsa_key.cpp

@@ -88,6 +88,7 @@ HWTEST_F(HksCryptoHalDsaKey, HksCryptoHalDsaKey_002, Function | SmallTest | Leve
 #endif
 
     KeyMaterialDsa *keyMaterial = (KeyMaterialDsa *)key.data;
+    ASSERT_NE(keyMaterial, nullptr);
 
     uint32_t keyOutLen =
         sizeof(KeyMaterialDsa) + keyMaterial->ySize + keyMaterial->pSize + keyMaterial->qSize + keyMaterial->gSize;

frameworks/huks_standard/main/crypto_engine/test/unittest/hks_crypto_hal_ecc_key.cpp

@@ -160,6 +160,7 @@ HWTEST_F(HksCryptoHalEccKey, HksCryptoHalEccKey_005, Function | SmallTest | Leve
     ASSERT_EQ(ret, HKS_SUCCESS);
 
     KeyMaterialEcc *keyMaterial = (KeyMaterialEcc *)key.data;
+    ASSERT_NE(keyMaterial, nullptr);
 
     uint32_t keyOutLen = sizeof(KeyMaterialEcc) + keyMaterial->xSize + keyMaterial->ySize;
     HksBlob keyOut = { .size = keyOutLen, .data = (uint8_t *)HksMalloc(keyOutLen) };

frameworks/huks_standard/main/crypto_engine/test/unittest/hks_crypto_hal_rsa_key.cpp

@@ -206,6 +206,7 @@ HWTEST_F(HksCryptoHalRsaKey, HksCryptoHalRsaKey_007, Function | SmallTest | Leve
     ASSERT_EQ(ret, HKS_SUCCESS);
 
     KeyMaterialRsa *keyMaterial = (KeyMaterialRsa *)key.data;
+    ASSERT_NE(keyMaterial, nullptr);
 
     uint32_t keyOutLen = sizeof(KeyMaterialRsa) + keyMaterial->nSize + keyMaterial->eSize;
     HksBlob keyOut = { .size = keyOutLen, .data = (uint8_t *)HksMalloc(keyOutLen) };

interfaces/innerkits/huks_standard/test/moduletest/src/openssl_rsa_helper.c

@@ -210,6 +210,7 @@ int32_t EncryptRSA(const struct HksBlob *inData, struct HksBlob *outData, struct
     }
     EVP_PKEY *pkey = EVP_PKEY_new();
     if (pkey == NULL) {
+        RSA_free(rsa);
         return RSA_FAILED;
     }
     if (EVP_PKEY_assign_RSA(pkey, rsa) != 1) {

interfaces/kits/napi/src/huks_napi_agree_key.cpp

@@ -170,7 +170,7 @@ static napi_value AgreeKeyAsyncWork(napi_env env, AgreeKeyAsyncContext context)
         NAPI_CALL(env, napi_create_promise(env, &context->deferred, &promise));
     }
 
-    napi_value resourceName;
+    napi_value resourceName = nullptr;
     napi_create_string_latin1(env, "agreeKeyAsyncWork", NAPI_AUTO_LENGTH, &resourceName);
 
     napi_create_async_work(

interfaces/kits/napi/src/huks_napi_attest_key.cpp

@@ -143,7 +143,7 @@ static napi_value AttestKeyAsyncWork(napi_env env, AttestKeyAsyncContext context
         NAPI_CALL(env, napi_create_promise(env, &context->deferred, &promise));
     }
 
-    napi_value resourceName;
+    napi_value resourceName = nullptr;
     napi_create_string_latin1(env, "attestKeyAsyncWork", NAPI_AUTO_LENGTH, &resourceName);
 
     napi_create_async_work(

interfaces/kits/napi/src/huks_napi_common.cpp

@@ -197,19 +197,24 @@ napi_ref GetCallback(napi_env env, napi_value object)
 
 static napi_value GenerateAarrayBuffer(napi_env env, uint8_t *data, uint32_t size)
 {
-    napi_value outBuffer = nullptr;
     uint8_t *buffer = (uint8_t *)HksMalloc(size);
-    if (buffer != nullptr) {
-        memcpy_s(buffer, size, data, size);
-
-        napi_status status = napi_create_external_arraybuffer(
-            env, buffer, size, [](napi_env env, void *data, void *hint) { HksFree(data); }, nullptr, &outBuffer);
-        if (status != napi_ok) {
-            HksFree(buffer);
-            GET_AND_THROW_LAST_ERROR((env));
-            return nullptr;
-        }
+    if (buffer == nullptr) {
+        return nullptr;
     }
+
+    napi_value outBuffer = nullptr;
+    memcpy_s(buffer, size, data, size);
+
+    napi_status status = napi_create_external_arraybuffer(
+        env, buffer, size, [](napi_env env, void *data, void *hint) { HksFree(data); }, nullptr, &outBuffer);
+    if (status == napi_ok) {
+        // free by finalize callback
+        buffer = nullptr;
+    } else {
+        HksFree(buffer);
+        GET_AND_THROW_LAST_ERROR((env));
+    }
+
     return outBuffer;
 }
 

interfaces/kits/napi/src/huks_napi_decrypt.cpp

@@ -167,7 +167,7 @@ static napi_value DecryptAsyncWork(napi_env env, DecryptAsyncContext context)
         NAPI_CALL(env, napi_create_promise(env, &context->deferred, &promise));
     }
 
-    napi_value resourceName;
+    napi_value resourceName = nullptr;
     napi_create_string_latin1(env, "decryptAsyncWork", NAPI_AUTO_LENGTH, &resourceName);
 
     napi_create_async_work(

interfaces/kits/napi/src/huks_napi_delete_key.cpp

@@ -131,7 +131,7 @@ static napi_value DeleteKeyAsyncWork(napi_env env, DeleteKeyAsyncContext context
         NAPI_CALL(env, napi_create_promise(env, &context->deferred, &promise));
     }
 
-    napi_value resourceName;
+    napi_value resourceName = nullptr;
     napi_create_string_latin1(env, "deleteKeyAsyncWork", NAPI_AUTO_LENGTH, &resourceName);
 
     napi_create_async_work(

interfaces/kits/napi/src/huks_napi_derive_key.cpp

@@ -144,7 +144,7 @@ static napi_value DeriveKeyAsyncWork(napi_env env, DeriveKeyAsyncContext context
         NAPI_CALL(env, napi_create_promise(env, &context->deferred, &promise));
     }
 
-    napi_value resourceName;
+    napi_value resourceName = nullptr;
     napi_create_string_latin1(env, "deriveKeyAsyncWork", NAPI_AUTO_LENGTH, &resourceName);
 
     napi_create_async_work(

interfaces/kits/napi/src/huks_napi_encrypt.cpp

@@ -169,7 +169,7 @@ static napi_value EncryptAsyncWork(napi_env env, EncryptAsyncContext context)
         NAPI_CALL(env, napi_create_promise(env, &context->deferred, &promise));
     }
 
-    napi_value resourceName;
+    napi_value resourceName = nullptr;
     napi_create_string_latin1(env, "encryptAsyncWork", NAPI_AUTO_LENGTH, &resourceName);
 
     napi_create_async_work(

interfaces/kits/napi/src/huks_napi_export_key.cpp

@@ -142,7 +142,7 @@ static napi_value ExportKeyAsyncWork(napi_env env, ExportKeyAsyncContext context
         NAPI_CALL(env, napi_create_promise(env, &context->deferred, &promise));
     }
 
-    napi_value resourceName;
+    napi_value resourceName = nullptr;
     napi_create_string_latin1(env, "exportKeyAsyncWork", NAPI_AUTO_LENGTH, &resourceName);
 
     napi_create_async_work(

interfaces/kits/napi/src/huks_napi_generate_key.cpp

@@ -136,7 +136,7 @@ static napi_value GenerateKeyAsyncWork(napi_env env, GenerateKeyAsyncContext con
         NAPI_CALL(env, napi_create_promise(env, &context->deferred, &promise));
     }
 
-    napi_value resourceName;
+    napi_value resourceName = nullptr;
     napi_create_string_latin1(env, "generateKeyAsyncWork", NAPI_AUTO_LENGTH, &resourceName);
 
     napi_create_async_work(

interfaces/kits/napi/src/huks_napi_get_certificate_chain.cpp

@@ -146,7 +146,7 @@ static napi_value GetCertificateChainAsyncWork(napi_env env, GetCertificateChain
         NAPI_CALL(env, napi_create_promise(env, &context->deferred, &promise));
     }
 
-    napi_value resourceName;
+    napi_value resourceName = nullptr;
     napi_create_string_latin1(env, "getCertificateChainAsyncWork", NAPI_AUTO_LENGTH, &resourceName);
 
     napi_create_async_work(

interfaces/kits/napi/src/huks_napi_get_key_properties.cpp

@@ -140,7 +140,7 @@ static napi_value GetKeyPropertiesAsyncWork(napi_env env, GetKeyPropertiesAsyncC
         NAPI_CALL(env, napi_create_promise(env, &context->deferred, &promise));
     }
 
-    napi_value resourceName;
+    napi_value resourceName = nullptr;
     napi_create_string_latin1(env, "getKeyPropertiesAsyncWork", NAPI_AUTO_LENGTH, &resourceName);
 
     napi_create_async_work(

interfaces/kits/napi/src/huks_napi_get_sdk_version.cpp

@@ -43,12 +43,15 @@ napi_value HuksNapiGetSdkVersion(napi_env env, napi_callback_info info)
 
     int32_t result = HksGetSdkVersion(sdkVersion);
     if (result != HKS_SUCCESS) {
+        HksFree(sdkVersion->data);
         HksFree(sdkVersion);
         return nullptr;
     }
 
     napi_value version = nullptr;
     NAPI_CALL(env, napi_create_string_latin1(env, (const char *)sdkVersion->data, NAPI_AUTO_LENGTH, &version));
+    HksFree(sdkVersion->data);
+    HksFree(sdkVersion);
     return version;
 }
 }  // namespace HuksNapi