forked from wolfSSL/wolfssl
Merge pull request #1854 from dgarske/fix_ecdsa_sig_leak
Fix for leak with openssl compatibility API and normal math
This commit is contained in:
Chris Conlon
GitHub
10
src/ssl.c
10
src/ssl.c
@ -22173,11 +22173,11 @@ WOLFSSL_BIGNUM* wolfSSL_BN_new(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
InitwolfSSL_BigNum(external);
|
InitwolfSSL_BigNum(external);
|
||||||
external->internal = mpi;
|
|
||||||
if (mp_init(mpi) != MP_OKAY) {
|
if (mp_init(mpi) != MP_OKAY) {
|
||||||
wolfSSL_BN_free(external);
|
wolfSSL_BN_free(external);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
external->internal = mpi;
|
||||||
|
|
||||||
return external;
|
return external;
|
||||||
}
|
}
|
||||||
@ -22188,7 +22188,9 @@ void wolfSSL_BN_free(WOLFSSL_BIGNUM* bn)
|
|||||||
WOLFSSL_MSG("wolfSSL_BN_free");
|
WOLFSSL_MSG("wolfSSL_BN_free");
|
||||||
if (bn) {
|
if (bn) {
|
||||||
if (bn->internal) {
|
if (bn->internal) {
|
||||||
mp_forcezero((mp_int*)bn->internal);
|
mp_int* bni = (mp_int*)bn->internal;
|
||||||
|
mp_forcezero(bni);
|
||||||
|
mp_free(bni);
|
||||||
XFREE(bn->internal, NULL, DYNAMIC_TYPE_BIGINT);
|
XFREE(bn->internal, NULL, DYNAMIC_TYPE_BIGINT);
|
||||||
bn->internal = NULL;
|
bn->internal = NULL;
|
||||||
}
|
}
|
||||||
@ -27541,6 +27543,10 @@ WOLFSSL_ECDSA_SIG *wolfSSL_d2i_ECDSA_SIG(WOLFSSL_ECDSA_SIG **sig,
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* DecodeECC_DSA_Sig calls mp_init, so free these */
|
||||||
|
mp_free((mp_int*)s->r->internal);
|
||||||
|
mp_free((mp_int*)s->s->internal);
|
||||||
|
|
||||||
if (DecodeECC_DSA_Sig(*pp, (word32)len, (mp_int*)s->r->internal,
|
if (DecodeECC_DSA_Sig(*pp, (word32)len, (mp_int*)s->r->internal,
|
||||||
(mp_int*)s->s->internal) != MP_OKAY) {
|
(mp_int*)s->s->internal) != MP_OKAY) {
|
||||||
if (sig == NULL || *sig == NULL)
|
if (sig == NULL || *sig == NULL)
|
||||||
|
|||||||
Reference in New Issue
Block a user