feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix for possible ECC sign memory leak when using WOLFSSL_ECDSA_SET_K and wc_ecc_sign_set_k, where the k is not valid. ZD 11438.

Browse Source
This commit is contained in:
David Garske
2020-12-30 09:54:54 -08:00
parent 7fb2c0f63f
commit 060ebd1ca2
1 changed files with 14 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
wolfcrypt/src/ecc.c
View File

@ -5479,13 +5479,17 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
break;
}
/* use provided sign_k */
err = mp_copy(key->sign_k, &pubkey->k);
if (err != MP_OKAY) break;
/* free sign_k, so only used once */
mp_forcezero(key->sign_k);
mp_free(key->sign_k);
XFREE(key->sign_k, key->heap, DYNAMIC_TYPE_ECC);
key->sign_k = NULL;
/* compute public key based on provided "k" */
err = ecc_make_pub_ex(pubkey, curve, NULL, rng);
}
else
@ -5500,15 +5504,7 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
err = mp_mod(pubkey->pubkey.x, curve->order, r);
if (err != MP_OKAY) break;
if (mp_iszero(r) == MP_YES) {
#ifndef ALT_ECC_SIZE
mp_clear(pubkey->pubkey.x);
mp_clear(pubkey->pubkey.y);
mp_clear(pubkey->pubkey.z);
#endif
mp_forcezero(&pubkey->k);
}
else {
if (mp_iszero(r) == MP_NO) {
/* find s = (e + xr)/k
= b.(e/k.b + x.r/k.b) */
@ -5546,9 +5542,17 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
err = mp_mod(s, curve->order, s);
if (err != MP_OKAY) break;
if (mp_iszero(s) == MP_NO)
if (mp_iszero(s) == MP_NO) {
/* sign successful */
break;
}
}
#ifndef ALT_ECC_SIZE
mp_clear(pubkey->pubkey.x);
mp_clear(pubkey->pubkey.y);
mp_clear(pubkey->pubkey.z);
#endif
mp_forcezero(&pubkey->k);
}
mp_clear(b);
#ifdef WOLFSSL_SMALL_STACK