From 2ba6c66d4467f6c75f9a6b40c40a202f8ec5b818 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Thu, 22 Aug 2019 14:17:21 -0700
Subject: [PATCH 1/2] Fix ECC key load test When using the configure options
 '--enable-certgen --enable-certext CPPFLAGS=-DWOLFSSL_VALIDATE_ECC_IMPORT',
 the ecc_decode_test() will fail the "good" test case. It is using the point
 (1, 1) in the test, and that fails the key validation. Changed the good key
 to one of the keys we have in the certs directory. The additional validation
 checks that the point is on the curve, and is validated in FIPS mode.

---
 wolfcrypt/test/test.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 900346dc2..bdf7f0d76 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -17813,9 +17813,18 @@ static int ecc_decode_test(void)
 
     /* SECP256R1 OID: 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 */
 
-    static const byte good[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00,
-            0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
-            0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
+    /* This is ecc_clikeypub_der_256. */
+    static const byte good[] = {
+            0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce,
+            0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
+            0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x55, 0xbf, 0xf4,
+            0x0f, 0x44, 0x50, 0x9a, 0x3d, 0xce, 0x9b, 0xb7, 0xf0, 0xc5,
+            0x4d, 0xf5, 0x70, 0x7b, 0xd4, 0xec, 0x24, 0x8e, 0x19, 0x80,
+            0xec, 0x5a, 0x4c, 0xa2, 0x24, 0x03, 0x62, 0x2c, 0x9b, 0xda,
+            0xef, 0xa2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xc6, 0x56,
+            0x95, 0x06, 0xcc, 0x01, 0xa9, 0xbd, 0xf6, 0x75, 0x1a, 0x42,
+            0xf7, 0xbd, 0xa9, 0xb2, 0x36, 0x22, 0x5f, 0xc7, 0x5d, 0x7f,
+            0xb4 };
     static const byte badNoObjId[] = { 0x30, 0x08, 0x30, 0x06, 0x03, 0x04,
             0x00, 0x04, 0x01, 0x01 };
     static const byte badOneObjId[] = { 0x30, 0x0a, 0x30, 0x08, 0x06, 0x00,

From 7fcb85b7436e808289e65f7bbaeb159a2fa31367 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Tue, 27 Aug 2019 14:41:54 -0700
Subject: [PATCH 2/2] ECC-FP Cache Memory Leak Each test case for ECC should be
 cleaning up the FP cache if it uses the cache. Only a couple cases were
 getting freed.

---
 tests/api.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/tests/api.c b/tests/api.c
index a1ade6296..6ebfe603b 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -2480,6 +2480,11 @@ done:
     fdCloseSession(Task_self());
 #endif
 
+#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
+                            && defined(HAVE_THREAD_LS)
+    wc_ecc_fp_free();  /* free per thread cache */
+#endif
+
     return;
 }
 
@@ -14195,6 +14200,10 @@ static int test_wc_ecc_make_key (void)
         ret = WOLFSSL_FATAL_ERROR;
     }
 
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+
     printf(resultFmt, ret == 0 ? passed : failed);
 #endif
 
@@ -14277,6 +14286,10 @@ static int test_wc_ecc_check_key (void)
     }
     wc_ecc_free(&key);
 
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+
 #endif
     return ret;
 
@@ -14454,6 +14467,11 @@ static int test_wc_ecc_signVerify_hash (void)
             ret = WOLFSSL_FATAL_ERROR;
         }
         wc_ecc_free(&key);
+
+    #ifdef FP_ECC
+        wc_ecc_fp_free();
+    #endif
+
 #endif
     return ret;
 
@@ -14522,6 +14540,10 @@ static int test_wc_ecc_shared_secret (void)
     wc_ecc_free(&key);
     wc_ecc_free(&pubKey);
 
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+
 #endif
     return ret;
 
@@ -14583,6 +14605,10 @@ static int test_wc_ecc_export_x963 (void)
     }
     wc_ecc_free(&key);
 
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+
 #endif
     return ret;
 
@@ -14682,6 +14708,10 @@ static int test_wc_ecc_export_x963_ex (void)
     }
     wc_ecc_free(&key);
 
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+
 #endif
     return ret;
 
@@ -14746,6 +14776,10 @@ static int test_wc_ecc_import_x963 (void)
     wc_ecc_free(&key);
     wc_ecc_free(&pubKey);
 
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+
 #endif
     return ret;
 
@@ -14817,6 +14851,10 @@ static int ecc_import_private_key (void)
     wc_ecc_free(&key);
     wc_ecc_free(&keyImp);
 
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+
 #endif
     return ret;
 
@@ -14874,6 +14912,10 @@ static int test_wc_ecc_export_private_only (void)
     }
     wc_ecc_free(&key);
 
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+
 #endif
     return ret;
 
@@ -15684,6 +15726,10 @@ static int test_wc_ecc_shared_secret_ssh (void)
     wc_ecc_free(&key);
     wc_ecc_free(&key2);
 
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
+
 #endif
     return ret;
 
@@ -15893,6 +15939,9 @@ static int test_wc_ecc_mulmod (void)
     wc_ecc_free(&key2);
     wc_ecc_free(&key3);
 
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
 
 #endif /* HAVE_ECC && !WOLFSSL_ATECC508A */
     return ret;
@@ -15948,6 +15997,9 @@ static int test_wc_ecc_is_valid_idx (void)
         ret = WOLFSSL_FATAL_ERROR;
     }
     wc_ecc_free(&key);
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
 
 #endif
     return ret;
@@ -24199,6 +24251,9 @@ static void test_wolfSSL_PEM_write_bio_PKCS7(void)
         if (cert_buf)
             free(cert_buf);
 
+#ifdef FP_ECC
+    wc_ecc_fp_free();
+#endif
         return ret;
     }