diff --git a/examples/asn1/asn1.c b/examples/asn1/asn1.c index 34e7e6280..891e4ec9a 100644 --- a/examples/asn1/asn1.c +++ b/examples/asn1/asn1.c @@ -470,6 +470,10 @@ int main(int argc, char* argv[]) if (ret != 0) { fprintf(stderr, "%s\n", wc_GetErrorString(ret)); } + + if (fp != stdin) { + fclose(fp); + } return (ret == 0) ? 0 : 1; } diff --git a/src/tls13.c b/src/tls13.c index f4028615b..07c7158ef 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -4723,10 +4723,14 @@ static int EchCheckAcceptance(WOLFSSL* ssl, const byte* input, int digestSize; HS_Hashes* tmpHashes; HS_Hashes* acceptHashes; - byte zeros[WC_MAX_DIGEST_SIZE] = {0}; + byte zeros[WC_MAX_DIGEST_SIZE]; byte transcriptEchConf[WC_MAX_DIGEST_SIZE]; byte expandLabelPrk[WC_MAX_DIGEST_SIZE]; byte acceptConfirmation[ECH_ACCEPT_CONFIRMATION_SZ]; + XMEMSET(zeros, 0, sizeof(zeros)); + XMEMSET(transcriptEchConf, 0, sizeof(transcriptEchConf)); + XMEMSET(expandLabelPrk, 0, sizeof(expandLabelPrk)); + XMEMSET(acceptConfirmation, 0, sizeof(acceptConfirmation)); /* copy ech hashes to accept */ ret = InitHandshakeHashesAndCopy(ssl, ssl->hsHashesEch, &acceptHashes); /* swap hsHashes to acceptHashes */ @@ -4839,9 +4843,12 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* output, int digestSize; HS_Hashes* tmpHashes; HS_Hashes* acceptHashes; - byte zeros[WC_MAX_DIGEST_SIZE] = {0}; + byte zeros[WC_MAX_DIGEST_SIZE]; byte transcriptEchConf[WC_MAX_DIGEST_SIZE]; byte expandLabelPrk[WC_MAX_DIGEST_SIZE]; + XMEMSET(zeros, 0, sizeof(zeros)); + XMEMSET(transcriptEchConf, 0, sizeof(transcriptEchConf)); + XMEMSET(expandLabelPrk, 0, sizeof(expandLabelPrk)); /* copy ech hashes to accept */ ret = InitHandshakeHashesAndCopy(ssl, ssl->hsHashes, &acceptHashes); @@ -5710,7 +5717,7 @@ static void RefineSuites(WOLFSSL* ssl, Suites* peerSuites) if (AllocateSuites(ssl) != 0) return; - XMEMSET(suites, 0, WOLFSSL_MAX_SUITE_SZ); + XMEMSET(suites, 0, sizeof(suites)); if (!ssl->options.useClientOrder) { /* Server order refining. */ diff --git a/src/x509.c b/src/x509.c index 1db11f4d8..53a5e2f2f 100644 --- a/src/x509.c +++ b/src/x509.c @@ -14110,7 +14110,8 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req, } } ret = wolfSSL_sk_push(req->reqAttributes, attr); - if (ret != WOLFSSL_SUCCESS) { + if ((ret != WOLFSSL_SUCCESS) || (req->reqAttributes->type == STACK_TYPE_CIPHER)) { + /* CIPHER type makes a copy */ wolfSSL_X509_ATTRIBUTE_free(attr); } } diff --git a/tests/api.c b/tests/api.c index 64afcc9bd..0fa9bb88e 100644 --- a/tests/api.c +++ b/tests/api.c @@ -16878,6 +16878,7 @@ static int test_wc_Chacha_SetKey(void) word32 keySz = (word32)(sizeof(key)/sizeof(byte)); byte cipher[128]; + XMEMSET(cipher, 0, sizeof(cipher)); ExpectIntEQ(wc_Chacha_SetKey(&ctx, key, keySz), 0); /* Test bad args. */ ExpectIntEQ(wc_Chacha_SetKey(NULL, key, keySz), BAD_FUNC_ARG); @@ -54076,6 +54077,8 @@ static int test_wolfssl_EVP_chacha20(void) EVP_CIPHER_CTX* ctx = NULL; int outSz; + XMEMSET(key, 0, sizeof(key)); + XMEMSET(iv, 0, sizeof(iv)); /* Encrypt. */ ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_chacha20(), NULL, NULL, diff --git a/tests/srp.c b/tests/srp.c index fa91237fe..ef6aaad63 100644 --- a/tests/srp.c +++ b/tests/srp.c @@ -208,6 +208,7 @@ static void test_SrpSetPassword(void) byte v[64]; word32 vSz = 0; + XMEMSET(v, 0, sizeof(v)); AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz)); @@ -262,6 +263,7 @@ static void test_SrpGetPublic(void) byte pub[64]; word32 pubSz = 0; + XMEMSET(pub, 0, sizeof(pub)); AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz)); AssertIntEQ(0, wc_SrpSetParams(&srp, srp_N, sizeof(srp_N), @@ -318,6 +320,8 @@ static void test_SrpComputeKey(void) word32 clientPubKeySz = 64; word32 serverPubKeySz = 64; + XMEMSET(clientPubKey, 0, sizeof(clientPubKey)); + XMEMSET(serverPubKey, 0, sizeof(serverPubKey)); AssertIntEQ(0, wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE)); @@ -388,6 +392,10 @@ static void test_SrpGetProofAndVerify(void) word32 clientProofSz = SRP_MAX_DIGEST_SIZE; word32 serverProofSz = SRP_MAX_DIGEST_SIZE; + XMEMSET(clientPubKey, 0, sizeof(clientPubKey)); + XMEMSET(serverPubKey, 0, sizeof(serverPubKey)); + XMEMSET(clientProof, 0, sizeof(clientProof)); + XMEMSET(serverProof, 0, sizeof(serverProof)); AssertIntEQ(0, wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE)); @@ -792,6 +800,10 @@ static void test_SrpKeyGenFunc_cb(void) }; #endif + XMEMSET(clientPubKey, 0, sizeof(clientPubKey)); + XMEMSET(serverPubKey, 0, sizeof(serverPubKey)); + XMEMSET(clientProof, 0, sizeof(clientProof)); + XMEMSET(serverProof, 0, sizeof(serverProof)); AssertIntEQ(0, wc_SrpInit(&cli, SRP_TYPE_SHA512, SRP_CLIENT_SIDE)); AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA512, SRP_SERVER_SIDE)); diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 1ff49a8d4..e49b323e5 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -4732,6 +4732,7 @@ void bench_chacha(void) double start; int i, count; + XMEMSET(&enc, 0, sizeof(enc)); wc_Chacha_SetKey(&enc, bench_key, 16); bench_stats_start(&count, &start); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index b68b15f20..e8b17454b 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -37523,8 +37523,10 @@ int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** headers) } else if (mimeStatus == MIME_BODYVAL && cur == ';' && pos >= 1) { end = pos-1; - if (bodyVal != NULL) + if (bodyVal != NULL) { XFREE(bodyVal, NULL, DYNAMIC_TYPE_PKCS7); + bodyVal = NULL; + } ret = wc_MIME_header_strip(curLine, &bodyVal, start, end); if (ret) { goto error; @@ -37617,9 +37619,12 @@ error: if (ret != 0) wc_MIME_free_hdrs(curHdr); wc_MIME_free_hdrs(nextHdr); - XFREE(nameAttr, NULL, DYNAMIC_TYPE_PKCS7); - XFREE(bodyVal, NULL, DYNAMIC_TYPE_PKCS7); - XFREE(nextParam, NULL, DYNAMIC_TYPE_PKCS7); + if (nameAttr != NULL) + XFREE(nameAttr, NULL, DYNAMIC_TYPE_PKCS7); + if (bodyVal != NULL) + XFREE(bodyVal, NULL, DYNAMIC_TYPE_PKCS7); + if (nextParam != NULL) + XFREE(nextParam, NULL, DYNAMIC_TYPE_PKCS7); return ret; } diff --git a/wolfcrypt/src/hpke.c b/wolfcrypt/src/hpke.c index 7d293bca2..15e8d8569 100644 --- a/wolfcrypt/src/hpke.c +++ b/wolfcrypt/src/hpke.c @@ -1127,6 +1127,7 @@ static int wc_HpkeContextOpenBase(Hpke* hpke, HpkeBaseContext* context, return BAD_FUNC_ARG; } + XMEMSET(nonce, 0, sizeof(nonce)); #ifdef WOLFSSL_SMALL_STACK aes_key = (Aes*)XMALLOC(sizeof(Aes), hpke->heap, DYNAMIC_TYPE_AES); if (aes_key == NULL) { diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index b86ba1d33..0792d5953 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -8697,6 +8697,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, mp_int serialNum[1]; RsaKey privKey[1]; #endif + XMEMSET(issuerHash, 0, sizeof(issuerHash)); #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) keyIdSize = wc_HashGetDigestSize(wc_HashTypeConvert(HashIdAlg(