TKSS-1028: Reset struct members after freeing them

kona-crypto/src/main/java/com/tencent/kona/crypto/provider/nativeImpl/NativeSM4.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2024, THL A29 Limited, a Tencent company. All rights reserved.
+ * Copyright (C) 2024, 2025, THL A29 Limited, a Tencent company. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify
@@ -185,7 +185,7 @@ void setIV(byte[] iv) {
 
             if (pointer == 0
                     || nativeCrypto().sm4GCMSetIV(pointer, iv) != OPENSSL_SUCCESS) {
-                throw new IllegalStateException("SM4 re-init context operation failed");
+                throw new IllegalStateException("SM4 setting IV operation failed");
             }
 
             this.iv = iv;

kona-crypto/src/main/jni/kona_sm2_cipher.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2024, THL A29 Limited, a Tencent company. All rights reserved.
+ * Copyright (C) 2024, 2025, THL A29 Limited, a Tencent company. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -67,6 +67,7 @@ JNIEXPORT jlong JNICALL Java_com_tencent_kona_crypto_provider_nativeImpl_NativeC
         uint8_t* pri_key_buf = OPENSSL_malloc(SM2_PRI_KEY_LEN);
         if (!pri_key_buf) {
             (*env)->ReleaseByteArrayElements(env, key, key_bytes, JNI_ABORT);
+
             return OPENSSL_FAILURE;
         }
         memcpy(pri_key_buf, (const uint8_t*)key_bytes, SM2_PRI_KEY_LEN);
@@ -75,6 +76,7 @@ JNIEXPORT jlong JNICALL Java_com_tencent_kona_crypto_provider_nativeImpl_NativeC
         if (!pub_key_buf) {
             OPENSSL_free(pri_key_buf);
             (*env)->ReleaseByteArrayElements(env, key, key_bytes, JNI_ABORT);
+
             return OPENSSL_FAILURE;
         }
         memcpy(pub_key_buf, (const uint8_t*)key_bytes + SM2_PRI_KEY_LEN, SM2_PUB_KEY_LEN);
@@ -93,13 +95,15 @@ JNIEXPORT jlong JNICALL Java_com_tencent_kona_crypto_provider_nativeImpl_NativeC
     EVP_PKEY_CTX* pctx = sm2_create_pkey_ctx(pkey);
     if (pctx == NULL) {
         EVP_PKEY_free(pkey);
+
         return OPENSSL_FAILURE;
     }
 
     SM2_CIPHER_CTX* ctx = (SM2_CIPHER_CTX*)OPENSSL_malloc(sizeof(SM2_CIPHER_CTX));
     if (ctx == NULL) {
         EVP_PKEY_free(pkey);
         EVP_PKEY_CTX_free(pctx);
+
         return OPENSSL_FAILURE;
     }
     ctx->pkey = pkey;
@@ -110,8 +114,14 @@ JNIEXPORT jlong JNICALL Java_com_tencent_kona_crypto_provider_nativeImpl_NativeC
 
 void sm2_cipher_ctx_free(SM2_CIPHER_CTX* ctx) {
     if (ctx != NULL) {
-        if (ctx->pkey != NULL) EVP_PKEY_free(ctx->pkey);
-        if (ctx->pctx != NULL) EVP_PKEY_CTX_free(ctx->pctx);
+        if (ctx->pkey != NULL) {
+            EVP_PKEY_free(ctx->pkey);
+            ctx->pkey = NULL;
+        }
+        if (ctx->pctx != NULL) {
+            EVP_PKEY_CTX_free(ctx->pctx);
+            ctx->pctx = NULL;
+        }
 
         OPENSSL_free(ctx);
     }
@@ -159,7 +169,7 @@ uint8_t* sm2_encrypt(EVP_PKEY_CTX* ctx, const uint8_t* plaintext, size_t plainte
 JNIEXPORT jbyteArray JNICALL Java_com_tencent_kona_crypto_provider_nativeImpl_NativeCrypto_sm2CipherEncrypt
   (JNIEnv* env, jobject thisObj, jlong pointer, jbyteArray plaintext) {
     SM2_CIPHER_CTX* ctx = (SM2_CIPHER_CTX*)pointer;
-    if (ctx == NULL) {
+    if (ctx == NULL || ctx->pctx == NULL) {
         return NULL;
     }
 
@@ -233,7 +243,7 @@ uint8_t* sm2_decrypt(EVP_PKEY_CTX* ctx, const uint8_t* ciphertext, size_t cipher
 JNIEXPORT jbyteArray JNICALL Java_com_tencent_kona_crypto_provider_nativeImpl_NativeCrypto_sm2CipherDecrypt
   (JNIEnv* env, jobject thisObj, jlong pointer, jbyteArray ciphertext) {
     SM2_CIPHER_CTX* ctx = (SM2_CIPHER_CTX*)pointer;
-    if (ctx == NULL) {
+    if (ctx == NULL || ctx->pctx == NULL) {
         return NULL;
     }
 

kona-crypto/src/main/jni/kona_sm2_keyagreement.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2024, THL A29 Limited, a Tencent company. All rights reserved.
+ * Copyright (C) 2024, 2025, THL A29 Limited, a Tencent company. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -59,8 +59,14 @@ SM2_KEYEX_CTX* sm2_create_keyex_ctx() {
 
 void sm2_free_keyex_ctx(SM2_KEYEX_CTX* ctx) {
     if (ctx != NULL) {
-        if (ctx->sm3_ctx != NULL) EVP_MD_CTX_free(ctx->sm3_ctx);
-        if (ctx->bn_ctx != NULL) BN_CTX_free(ctx->bn_ctx);
+        if (ctx->sm3_ctx != NULL) {
+            EVP_MD_CTX_free(ctx->sm3_ctx);
+            ctx->sm3_ctx = NULL;
+        }
+        if (ctx->bn_ctx != NULL) {
+            BN_CTX_free(ctx->bn_ctx);
+            ctx->bn_ctx = NULL;
+        }
 
         OPENSSL_free(ctx);
     }
@@ -358,14 +364,35 @@ int sm2_derive_key(uint8_t* key_out, int key_len,
 
 void sm2_keyex_params_free(SM2_KEYEX_PARAMS* ctx) {
     if (ctx != NULL) {
-        if (ctx->pri_key != NULL) BN_free(ctx->pri_key);
-        if (ctx->pub_key != NULL) EC_POINT_free(ctx->pub_key);
-        if (ctx->e_pri_key != NULL) BN_free(ctx->e_pri_key);
-        if (ctx->id != NULL) OPENSSL_free(ctx->id);
+        if (ctx->pri_key != NULL) {
+            BN_free(ctx->pri_key);
+            ctx->pri_key = NULL;
+        }
+        if (ctx->pub_key != NULL) {
+            EC_POINT_free(ctx->pub_key);
+            ctx->pub_key = NULL;
+        }
+        if (ctx->e_pri_key != NULL) {
+            BN_free(ctx->e_pri_key);
+            ctx->e_pri_key = NULL;
+        }
+        if (ctx->id != NULL) {
+            OPENSSL_free(ctx->id);
+            ctx->id = NULL;
+        }
 
-        if (ctx->peer_pub_key != NULL) EC_POINT_free(ctx->peer_pub_key);
-        if (ctx->peer_e_pub_key != NULL) EC_POINT_free(ctx->peer_e_pub_key);
-        if (ctx->peer_id != NULL) OPENSSL_free(ctx->peer_id);
+        if (ctx->peer_pub_key != NULL) {
+            EC_POINT_free(ctx->peer_pub_key);
+            ctx->peer_pub_key = NULL;
+        }
+        if (ctx->peer_e_pub_key != NULL) {
+            EC_POINT_free(ctx->peer_e_pub_key);
+            ctx->peer_e_pub_key = NULL;
+        }
+        if (ctx->peer_id != NULL) {
+            OPENSSL_free(ctx->peer_id);
+            ctx->peer_id = NULL;
+        }
 
         OPENSSL_free(ctx);
     }
@@ -382,7 +409,7 @@ JNIEXPORT void JNICALL Java_com_tencent_kona_crypto_provider_nativeImpl_NativeCr
 }
 
 JNIEXPORT jbyteArray JNICALL Java_com_tencent_kona_crypto_provider_nativeImpl_NativeCrypto_sm2DeriveKey
- (JNIEnv* env, jobject thisObj, jlong pointer,
+  (JNIEnv* env, jobject thisObj, jlong pointer,
          jbyteArray priKey, jbyteArray pubKey, jbyteArray ePriKey, jbyteArray id,
          jbyteArray peerPubKey, jbyteArray peerEPubKey, jbyteArray peerId,
          jboolean isInitiator, jint sharedKeyLength) {

kona-crypto/src/main/jni/kona_sm2_signature.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2024, THL A29 Limited, a Tencent company. All rights reserved.
+ * Copyright (C) 2024, 2025, THL A29 Limited, a Tencent company. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -177,9 +177,18 @@ JNIEXPORT jlong JNICALL Java_com_tencent_kona_crypto_provider_nativeImpl_NativeC
 
 void sm2_signature_ctx_free(SM2_SIGNATURE_CTX* ctx) {
     if (ctx != NULL) {
-        if (ctx->mctx != NULL) EVP_MD_CTX_free(ctx->mctx);
-        if (ctx->pctx != NULL) EVP_PKEY_CTX_free(ctx->pctx);
-        if (ctx->pkey != NULL) EVP_PKEY_free(ctx->pkey);
+        if (ctx->mctx != NULL) {
+            EVP_MD_CTX_free(ctx->mctx);
+            ctx->mctx = NULL;
+        }
+        if (ctx->pctx != NULL) {
+            EVP_PKEY_CTX_free(ctx->pctx);
+            ctx->pctx = NULL;
+        }
+        if (ctx->pkey != NULL) {
+            EVP_PKEY_free(ctx->pkey);
+            ctx->pkey = NULL;
+        }
 
         OPENSSL_free(ctx);
     }