国密双向认证中的client端存在内存泄漏的问题
tengliu0929 opened this issue · 1 comments
在函数tls_construct_cke_sm2dh中,有内存泄漏
修复方法:
static int tls_construct_cke_sm2dh(SSL *s, WPACKET *pkt)
{
unsigned char *encodedPoint = NULL;
size_t encoded_pt_len = 0;
EVP_PKEY *ckey = NULL, *skey = NULL;
int ret = 0;
uint16_t curve_id = 0;
ENGINE *e_tmp = NULL;
EVP_PKEY_CTX *pctx = NULL;
skey = s->s3->peer_tmp;
if (skey == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SM2DH,
ERR_R_INTERNAL_ERROR);
return 0;
}
/*签名私钥使用引擎时,使用引擎产生临时秘钥对*/
if(s->cert->pkeys[SSL_PKEY_ECC].privatekey)
e_tmp = EVP_PKEY_pmeth_engine(s->cert->pkeys[SSL_PKEY_ECC].privatekey);
else{
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SM2DH,
ERR_R_INTERNAL_ERROR);
goto err;
}
ckey = EVP_PKEY_new();
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, e_tmp);
EVP_PKEY_keygen_init(pctx);
EVP_PKEY_CTX_set_sm2_paramgen_curve_nid(pctx, NID_sm2);
EVP_PKEY_CTX_set_ec_param_enc(pctx, OPENSSL_EC_NAMED_CURVE);
if(!EVP_PKEY_keygen(pctx, &ckey))
{
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SM2DH,
ERR_R_INTERNAL_ERROR);
goto err;
}
if (ssl_derive_SM2(s, ckey, skey, 0) == 0) {
/* SSLfatal() already called */
goto err;
}
/* Generate encoding of client key */
encoded_pt_len = EVP_PKEY_get1_tls_encodedpoint(ckey, &encodedPoint);
if (encoded_pt_len == 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SM2DH,
ERR_R_EC_LIB);
goto err;
}
/* 国密局检测用的是00,有的厂商用的也是00,所以默认用00 */
#ifdef STD_CURVE_ID
curve_id = tls1_nid2group_id(NID_sm2);
#else
curve_id = 0;
#endif
if (!WPACKET_put_bytes_u8(pkt, NAMED_CURVE_TYPE)
|| !WPACKET_put_bytes_u8(pkt, 0)
|| !WPACKET_put_bytes_u8(pkt, curve_id)
|| !WPACKET_sub_memcpy_u8(pkt, encodedPoint, encoded_pt_len)){
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SM2DH,
ERR_R_INTERNAL_ERROR);
goto err;
}
ret = 1;
err:
OPENSSL_free(encodedPoint);
EVP_PKEY_free(ckey);
//!!!这里添加释放
EVP_PKEY_CTX_free(pctx);
return ret;
}
此问题在TASSL-1.1.1k已修复