Added check for GetLength result in asn GetIntRsa function. Fixed return code in random.c for "wolfAsync_DevCtxInit" due to copy/paste error. Added RSA wc_RsaCleanup to make sure allocated tmp buffer is always free'd. Eliminated invalid RSA key type checks and "RSA_CHECK_KEYTYPE".

wolfcrypt/src/asn.c

@@ -692,10 +692,13 @@ static int GetIntRsa(RsaKey* key, mp_int* mpi, const byte* input,
     if (GetLength(input, &i, &length, maxIdx) < 0)
         return ASN_PARSE_E;
 
-    if ( (b = input[i++]) == 0x00)
+    if (length > 0) {
-        length--;
+        /* remove leading zero */
-    else
+        if ( (b = input[i++]) == 0x00)
-        i--;
+            length--;
+        else
+            i--;
+    }
 
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
     if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) {

wolfcrypt/src/random.c

@@ -810,7 +810,7 @@ int wc_InitRng(WC_RNG* rng)
 
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
     ret = wolfAsync_DevCtxInit(&rng->asyncDev, WOLFSSL_ASYNC_MARKER_RNG, INVALID_DEVID);
-    if (ret != 0) return -2007;
+    if (ret != 0) return ret;
 #endif
 
 #ifdef WOLFSSL_SMALL_STACK

wolfcrypt/src/rsa.c

@@ -38,7 +38,7 @@ Possible RSA enable options:
  * WOLFSSL_KEY_GEN:     Allows Private Key Generation               default: off
  * RSA_LOW_MEM:         NON CRT Private Operations, less memory     default: off
  * WC_NO_RSA_OAEP:      Disables RSA OAEP padding                   default: on (not defined)
- * RSA_CHECK_KEYTYPE:   RSA check key type                          default: off
+
 */
 
 /*
@@ -165,6 +165,23 @@ enum {
     RSA_STATE_DECRYPT_RES,
 };
 
+static void wc_RsaCleanup(RsaKey* key)
+{
+    if (key && key->tmp) {
+        /* make sure any allocated memory is free'd */
+        if (key->tmpIsAlloc) {
+            if (key->type == RSA_PRIVATE_DECRYPT ||
+                key->type == RSA_PRIVATE_ENCRYPT) {
+                ForceZero(key->tmp, key->tmpLen);
+            }
+            XFREE(key->tmp, key->heap, DYNAMIC_TYPE_RSA);
+            key->tmpIsAlloc = 0;
+        }
+        key->tmp = NULL;
+        key->tmpLen = 0;
+    }
+}
+
 int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
 {
     int ret = 0;
@@ -180,6 +197,7 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
     key->heap = heap;
     key->tmp = NULL;
     key->tmpLen = 0;
+    key->tmpIsAlloc = 0;
 
 #ifdef WOLFSSL_ASYNC_CRYPT
     if (devId != INVALID_DEVID) {
@@ -227,6 +245,8 @@ int wc_FreeRsaKey(RsaKey* key)
         return BAD_FUNC_ARG;
     }
 
+    wc_RsaCleanup(key);
+
 #ifdef WOLFSSL_ASYNC_CRYPT
     if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) {
         ret = FreeAsyncRsaKey(key);
@@ -791,13 +811,13 @@ static int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out,
     switch (padType)
     {
         case WC_RSA_PKCSV15_PAD:
-            //WOLFSSL_MSG("wolfSSL Using RSA PKCSV15 padding");
+            WOLFSSL_MSG("wolfSSL Using RSA PKCSV15 padding");
             ret = RsaUnPad(pkcsBlock, pkcsBlockLen, out, padValue);
             break;
 
     #ifndef WC_NO_RSA_OAEP
         case WC_RSA_OAEP_PAD:
-            //WOLFSSL_MSG("wolfSSL Using RSA OAEP padding");
+            WOLFSSL_MSG("wolfSSL Using RSA OAEP padding");
             ret = RsaUnPad_OAEP((byte*)pkcsBlock, pkcsBlockLen, out,
                                         hType, mgf, optLabel, labelLen, heap);
             break;
@@ -1159,16 +1179,6 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
         return RSA_BUFFER_E;
     }
 
-    /* Optional key type check (disabled by default) */
-    /* Note: internal tests allow private to be used as public */
-#ifdef RSA_CHECK_KEYTYPE
-    if ((rsa_type == RSA_PUBLIC_ENCRYPT && key->type != RSA_PUBLIC) || 
-        (rsa_type == RSA_PRIVATE_ENCRYPT && key->type != RSA_PRIVATE)) {
-        WOLFSSL_MSG("Wrong RSA Encrypt key type");
-        return RSA_WRONG_TYPE_E;
-    }
-#endif
-
     switch (key->state) {
     case RSA_STATE_NONE:
     case RSA_STATE_ENCRYPT_PAD:
@@ -1251,16 +1261,6 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
         return ret;
     }
 
-    /* Optional key type check (disabled by default) */
-    /* Note: internal tests allow private to be used as public */
-#ifdef RSA_CHECK_KEYTYPE
-    if ((rsa_type == RSA_PUBLIC_DECRYPT && key->type != RSA_PUBLIC) || 
-        (rsa_type == RSA_PRIVATE_DECRYPT && key->type != RSA_PRIVATE)) {
-        WOLFSSL_MSG("Wrong RSA Decrypt key type");
-        return RSA_WRONG_TYPE_E;
-    }
-#endif
-
     switch (key->state) {
     case RSA_STATE_NONE:
     case RSA_STATE_DECRYPT_EXPTMOD:
@@ -1296,6 +1296,7 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
         key->tmpLen = inLen;
         if (outPtr == NULL) {
             key->tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_RSA);
+            key->tmpIsAlloc = 1;
             if (key->tmp == NULL) {
                 ERROR_OUT(MEMORY_E);
             }
@@ -1353,15 +1354,7 @@ static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
 done:
 
     key->state = RSA_STATE_NONE;
-    if (key->tmp) {
+    wc_RsaCleanup(key);
-        /* if not inline */
-        if (outPtr == NULL) {
-            ForceZero(key->tmp, key->tmpLen);
-            XFREE(key->tmp, key->heap, DYNAMIC_TYPE_RSA);
-        }
-        key->tmp = NULL;
-        key->tmpLen = 0;
-    }
 
     return ret;
 }

wolfssl/wolfcrypt/rsa.h

@@ -82,8 +82,9 @@ typedef struct RsaKey {
     int   type;                               /* public or private */
     void* heap;                               /* for user memory overrides */
     int   state;
-    byte* tmp;
+    byte*  tmp;                               /* temp buffer for async RSA */
     word32 tmpLen;
+    byte   tmpIsAlloc;
 #ifdef WC_RSA_BLINDING
     WC_RNG* rng;                              /* for PrivateDecrypt blinding */
 #endif