search

jntass / TASSL-1.1.1b

此仓库已停止维护,请移步https://github.com/jntass/TASSL-1.1.1
http://www.tass.com.cn
Other
138 stars 67 forks source link

国密双向认证中的client端存在内存泄漏的问题 #34

Closed tengliu0929 closed 2 years ago

tengliu0929 commented 4 years ago

在函数tls_construct_cke_sm2dh中,有内存泄漏

修复方法: static int tls_construct_cke_sm2dh(SSL s, WPACKET pkt) { unsigned char encodedPoint = NULL; size_t encoded_pt_len = 0; EVP_PKEY ckey = NULL, skey = NULL; int ret = 0; uint16_t curve_id = 0; ENGINE e_tmp = NULL; EVP_PKEY_CTX *pctx = NULL;

skey = s->s3->peer_tmp;
if (skey == NULL) {
    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SM2DH,
             ERR_R_INTERNAL_ERROR);
    return 0;
}
/*签名私钥使用引擎时,使用引擎产生临时秘钥对*/
if(s->cert->pkeys[SSL_PKEY_ECC].privatekey)
    e_tmp = EVP_PKEY_pmeth_engine(s->cert->pkeys[SSL_PKEY_ECC].privatekey);
else{
    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SM2DH,
             ERR_R_INTERNAL_ERROR);
    goto err;
}

ckey = EVP_PKEY_new();
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, e_tmp);  

EVP_PKEY_keygen_init(pctx);
EVP_PKEY_CTX_set_sm2_paramgen_curve_nid(pctx, NID_sm2);
EVP_PKEY_CTX_set_ec_param_enc(pctx, OPENSSL_EC_NAMED_CURVE);

if(!EVP_PKEY_keygen(pctx, &ckey))
{
    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SM2DH,
             ERR_R_INTERNAL_ERROR);
    goto err;
}

if (ssl_derive_SM2(s, ckey, skey, 0) == 0) {
    /* SSLfatal() already called */
    goto err;
}

/* Generate encoding of client key */
encoded_pt_len = EVP_PKEY_get1_tls_encodedpoint(ckey, &encodedPoint);

if (encoded_pt_len == 0) {
    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SM2DH,
             ERR_R_EC_LIB);
    goto err;
}

/* 国密局检测用的是00,有的厂商用的也是00,所以默认用00 */

ifdef STD_CURVE_ID

curve_id = tls1_nid2group_id(NID_sm2);

else

curve_id = 0;

endif

if  (!WPACKET_put_bytes_u8(pkt, NAMED_CURVE_TYPE)
            || !WPACKET_put_bytes_u8(pkt, 0)
            || !WPACKET_put_bytes_u8(pkt, curve_id)
            || !WPACKET_sub_memcpy_u8(pkt, encodedPoint, encoded_pt_len)){
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SM2DH,
             ERR_R_INTERNAL_ERROR);
    goto err;

}

ret = 1;

err: OPENSSL_free(encodedPoint); EVP_PKEY_free(ckey); //!!!这里添加释放 EVP_PKEY_CTX_free(pctx); return ret; }

jntass commented 2 years ago

此问题在TASSL-1.1.1k已修复