feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Prevent freeing uninitialized keys

Browse Source
This commit is contained in:
Anthony Hu
2023-12-08 13:27:29 -05:00
parent 448b83697a
commit 40015a06c4
1 changed files with 26 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
src/tls.c
View File

@ -8395,16 +8395,24 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
/* I am the client, the ciphertext is in keyShareEntry->ke */ /* I am the client, the ciphertext is in keyShareEntry->ke */
findEccPqc(&ecc_group, &oqs_group, keyShareEntry->group); findEccPqc(&ecc_group, &oqs_group, keyShareEntry->group);
ret = wc_ecc_init_ex(&eccpubkey, ssl->heap, ssl->devId);
if (ret != 0) {
WOLFSSL_MSG("Memory allocation error.");
return MEMORY_E;
}
ret = kyber_id2type(oqs_group, &type); ret = kyber_id2type(oqs_group, &type);
if (ret != 0) { if (ret != 0) {
wc_ecc_free(&eccpubkey);
WOLFSSL_MSG("Invalid OQS algorithm specified."); WOLFSSL_MSG("Invalid OQS algorithm specified.");
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
if (ret == 0) {
ret = wc_KyberKey_Init(type, kem, ssl->heap, INVALID_DEVID); ret = wc_KyberKey_Init(type, kem, ssl->heap, INVALID_DEVID);
if (ret != 0) { if (ret != 0) {
WOLFSSL_MSG("Error creating Kyber KEM"); wc_ecc_free(&eccpubkey);
} WOLFSSL_MSG("Error creating Kyber KEM");
return MEMORY_E;
} }
if (ret == 0) { if (ret == 0) {
@ -8428,12 +8436,6 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
default: default:
break; break;
} }
ret = wc_ecc_init_ex(&eccpubkey, ssl->heap, ssl->devId);
if (ret != 0) {
WOLFSSL_MSG("Memory allocation error.");
ret = MEMORY_E;
}
} }
if (ret == 0) { if (ret == 0) {
sharedSecret = (byte*)XMALLOC(sharedSecretLen, ssl->heap, sharedSecret = (byte*)XMALLOC(sharedSecretLen, ssl->heap,
@ -8892,13 +8894,19 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl,
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
if (ret == 0) { ret = wc_ecc_init_ex(&eccpubkey, ssl->heap, ssl->devId);
ret = wc_ecc_init_ex(&eccpubkey, ssl->heap, ssl->devId); if (ret != 0) {
if (ret != 0) { WOLFSSL_MSG("Could not do ECC public key initialization.");
WOLFSSL_MSG("Could not do ECC public key initialization."); return MEMORY_E;
ret = MEMORY_E;
}
} }
ret = wc_KyberKey_Init(type, kem, ssl->heap, INVALID_DEVID);
if (ret != 0) {
wc_ecc_free(&eccpubkey);
WOLFSSL_MSG("Error creating Kyber KEM");
return MEMORY_E;
}
if (ret == 0) { if (ret == 0) {
ecc_kse = (KeyShareEntry*)XMALLOC(sizeof(*ecc_kse), ssl->heap, ecc_kse = (KeyShareEntry*)XMALLOC(sizeof(*ecc_kse), ssl->heap,
DYNAMIC_TYPE_TLSX); DYNAMIC_TYPE_TLSX);
@ -8915,19 +8923,9 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl,
if (ret == 0 && ecc_group != 0) { if (ret == 0 && ecc_group != 0) {
ecc_kse->group = ecc_group; ecc_kse->group = ecc_group;
ret = TLSX_KeyShare_GenEccKey(ssl, ecc_kse); ret = TLSX_KeyShare_GenEccKey(ssl, ecc_kse);
if (ret != 0) { /* No message, TLSX_KeyShare_GenEccKey() will do it. */
/* No message, TLSX_KeyShare_GenEccKey() will do it. */
return ret;
}
ret = 0;
} }
if (ret == 0) {
ret = wc_KyberKey_Init(type, kem, ssl->heap, INVALID_DEVID);
if (ret != 0) {
WOLFSSL_MSG("Error creating Kyber KEM");
}
}
if (ret == 0) { if (ret == 0) {
ret = wc_KyberKey_PublicKeySize(kem, &pubSz); ret = wc_KyberKey_PublicKeySize(kem, &pubSz);
} }