From 5672e2a8857ca633c6c69cb61b9c21219c944d74 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 1 Jun 2022 10:51:59 -0700 Subject: [PATCH] Fixes for buffers when testing with Intel QAT hardware and `fsanitize=address`: * PKCS7 should use allocated buffer for RSA. * PKCS7 small stack typo for `keyAlgArray` size in `wc_PKCS7_AddRecipient_KTRI`. * Fix for use of `free`, which should be `XFREE` in api.c. * Cleanup old RSA benchmarking MDK5/WINCE code no longer needed with `WC_DECLARE_ARRAY_DYNAMIC_DEC` and `WC_DECLARE_ARRAY_DYNAMIC_EXE`. --- tests/api.c | 3 +- wolfcrypt/benchmark/benchmark.c | 12 +---- wolfcrypt/src/pkcs7.c | 90 +++++++++++++++++---------------- 3 files changed, 49 insertions(+), 56 deletions(-) diff --git a/tests/api.c b/tests/api.c index 3841913d1..bbd0d8243 100644 --- a/tests/api.c +++ b/tests/api.c @@ -48194,7 +48194,8 @@ static void test_wolfSSL_PKCS7_sign(void) tmpPtr = NULL; AssertIntEQ(i2d_X509(signCert, &tmpPtr), p7Ver->verifyCertSz); AssertIntEQ(XMEMCMP(tmpPtr, p7Ver->verifyCert, p7Ver->verifyCertSz), 0); - free(tmpPtr); + XFREE(tmpPtr, NULL, DYNAMIC_TYPE_OPENSSL); + tmpPtr = NULL; wc_PKCS7_Free(p7Ver); diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 7111e2691..01bae642d 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -5233,19 +5233,9 @@ static void bench_rsa_helper(int useDeviceID, RsaKey rsaKey[BENCH_MAX_PENDING], #ifndef WOLFSSL_RSA_VERIFY_ONLY WC_DECLARE_VAR(message, byte, TEST_STRING_SZ, HEAP_HINT); #endif - #if !defined(WOLFSSL_MDK5_COMPLv5) && !defined(_WIN32_WCE) - /* MDK5 compiler regard this as a executable statement, and does not allow declarations after the line. */ WC_DECLARE_ARRAY_DYNAMIC_DEC(enc, byte, BENCH_MAX_PENDING, rsaKeySz, HEAP_HINT); - #else - byte* enc[BENCH_MAX_PENDING]; - #endif #if !defined(WOLFSSL_RSA_VERIFY_INLINE) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) - #if !defined(WOLFSSL_MDK5_COMPLv5) && !defined(_WIN32_WCE) - /* MDK5 compiler regard this as a executable statement, and does not allow declarations after the line. */ - WC_DECLARE_ARRAY_DYNAMIC_DEC(out, byte, BENCH_MAX_PENDING, rsaKeySz, HEAP_HINT); - #else - byte* out[BENCH_MAX_PENDING]; - #endif + WC_DECLARE_ARRAY_DYNAMIC_DEC(out, byte, BENCH_MAX_PENDING, rsaKeySz, HEAP_HINT); #else byte* out[BENCH_MAX_PENDING]; #endif diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 7f6963097..da8acbf26 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -6435,42 +6435,45 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, byte issuerSKID[MAX_LENGTH_SZ]; word32 issuerSKIDSz = 0; + byte* encryptedKey; + #ifdef WOLFSSL_SMALL_STACK byte* serial; byte* keyAlgArray; - byte* encryptedKey; RsaKey* pubKey; DecodedCert* decoded; serial = (byte*)XMALLOC(MAX_SN_SZ, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - keyAlgArray = (byte*)XMALLOC(MAX_SN_SZ, pkcs7->heap, + keyAlgArray = (byte*)XMALLOC(MAX_ALGO_SZ, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - encryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, pkcs7->heap, - DYNAMIC_TYPE_TMP_BUFFER); decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (decoded == NULL || serial == NULL || - encryptedKey == NULL || keyAlgArray == NULL) { - if (serial) - XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (keyAlgArray) - XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (encryptedKey) - XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (decoded) - XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (decoded == NULL || serial == NULL || keyAlgArray == NULL) { + XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E; } #else byte serial[MAX_SN_SZ]; byte keyAlgArray[MAX_ALGO_SZ]; - byte encryptedKey[MAX_ENCRYPTED_KEY_SZ]; - RsaKey pubKey[1]; DecodedCert decoded[1]; #endif + /* Always allocate to ensure aligned use with RSA */ + encryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, pkcs7->heap, + DYNAMIC_TYPE_WOLF_BIGINT); + if (encryptedKey == NULL) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif + return MEMORY_E; + } + encryptedKeySz = MAX_ENCRYPTED_KEY_SZ; XMEMSET(encryptedKey, 0, encryptedKeySz); @@ -6495,9 +6498,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, #ifdef WOLFSSL_SMALL_STACK XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); return MEMORY_E; } XMEMSET(recip, 0, sizeof(Pkcs7EncodedRecip)); @@ -6508,9 +6511,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, #ifdef WOLFSSL_SMALL_STACK XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return blockKeySz; } @@ -6521,9 +6524,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, #ifdef WOLFSSL_SMALL_STACK XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ret; } @@ -6535,9 +6538,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, #ifdef WOLFSSL_SMALL_STACK XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ret; } @@ -6555,9 +6558,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, #ifdef WOLFSSL_SMALL_STACK XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return -1; } @@ -6570,9 +6573,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, #ifdef WOLFSSL_SMALL_STACK XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return -1; } @@ -6584,9 +6587,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, #ifdef WOLFSSL_SMALL_STACK XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return -1; } @@ -6604,9 +6607,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, #ifdef WOLFSSL_SMALL_STACK XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return PKCS7_RECIP_E; } @@ -6619,9 +6622,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, #ifdef WOLFSSL_SMALL_STACK XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ALGO_ID_E; } @@ -6632,9 +6635,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, #ifdef WOLFSSL_SMALL_STACK XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return BAD_FUNC_ARG; } @@ -6646,7 +6649,7 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, FreeDecodedCert(decoded); XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return MEMORY_E; @@ -6661,9 +6664,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, XFREE(pubKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ret; } @@ -6677,9 +6680,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, XFREE(pubKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return PUBLIC_KEY_E; } @@ -6692,9 +6695,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, XFREE(pubKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return MEMORY_E; } @@ -6726,9 +6729,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, #ifdef WOLFSSL_SMALL_STACK XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ret; } @@ -6749,9 +6752,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, #ifdef WOLFSSL_SMALL_STACK XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return BUFFER_E; } @@ -6768,9 +6771,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, #ifdef WOLFSSL_SMALL_STACK XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return BUFFER_E; } @@ -6810,9 +6813,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, #ifdef WOLFSSL_SMALL_STACK XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); /* store recipient size */ recip->recipSz = idx; @@ -8483,13 +8486,13 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, WC_RNG rng; #endif + byte* encryptedKey = NULL; + #ifdef WOLFSSL_SMALL_STACK mp_int* serialNum = NULL; - byte* encryptedKey = NULL; RsaKey* privKey = NULL; #else mp_int serialNum[1]; - byte encryptedKey[MAX_ENCRYPTED_KEY_SZ]; RsaKey privKey[1]; #endif @@ -8683,12 +8686,11 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, encryptedKeySz = pkcs7->stream->expected; #endif - #ifdef WOLFSSL_SMALL_STACK + /* Always allocate to ensure aligned use with RSA */ encryptedKey = (byte*)XMALLOC(encryptedKeySz, pkcs7->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_WOLF_BIGINT); if (encryptedKey == NULL) return MEMORY_E; - #endif if (*recipFound == 1) XMEMCPY(encryptedKey, &pkiMsg[*idx], encryptedKeySz); @@ -8699,15 +8701,15 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, privKey = (RsaKey*)XMALLOC(sizeof(RsaKey), pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); if (privKey == NULL) { - XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); return MEMORY_E; } #endif ret = wc_InitRsaKey_ex(privKey, pkcs7->heap, pkcs7->devId); if (ret != 0) { + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); #ifdef WOLFSSL_SMALL_STACK - XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; @@ -8724,8 +8726,8 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, if (ret != 0) { WOLFSSL_MSG("Failed to decode RSA private key"); wc_FreeRsaKey(privKey); + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); #ifdef WOLFSSL_SMALL_STACK - XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; @@ -8765,8 +8767,8 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, if (keySz <= 0 || outKey == NULL) { ForceZero(encryptedKey, encryptedKeySz); + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); #ifdef WOLFSSL_SMALL_STACK - XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return keySz; @@ -8776,8 +8778,8 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, ForceZero(encryptedKey, encryptedKeySz); } + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); #ifdef WOLFSSL_SMALL_STACK - XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif