From fbbb290d9e008940fd6be26ae152271c286f6fc5 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 14 Jul 2021 14:57:32 -0700 Subject: [PATCH] Fixes for possible leaks with `HAVE_WOLF_BIGINT` used by async in ECCSI and DH test. Fixes for GCC `-fsanitize=address` with `--enable-all`. --- wolfcrypt/src/eccsi.c | 10 ++++++++++ wolfcrypt/test/test.c | 4 ++++ 2 files changed, 14 insertions(+) diff --git a/wolfcrypt/src/eccsi.c b/wolfcrypt/src/eccsi.c index 52aa8a579..a059c916e 100644 --- a/wolfcrypt/src/eccsi.c +++ b/wolfcrypt/src/eccsi.c @@ -878,6 +878,8 @@ static int eccsi_make_pair(EccsiKey* key, WC_RNG* rng, } if (err == 0) { + wc_ecc_free(&key->pubkey); + /* Step 1 and 2: Generate ephemeral key - v, PVT = [v]G */ err = wc_ecc_make_key_ex(rng, key->ecc.dp->size, &key->pubkey, key->ecc.dp->id); @@ -1860,6 +1862,8 @@ static int eccsi_gen_sig(EccsiKey* key, WC_RNG* rng, enum wc_HashType hashType, } if (err == 0) { + wc_ecc_free(&key->pubkey); + /* Step 1 and 2: Generate ephemeral key - j, J = [j]G, r = Jx */ err = wc_ecc_make_key_ex(rng, sz, &key->pubkey, key->ecc.dp->id); } @@ -2036,6 +2040,12 @@ static int eccsi_decode_sig_r_pvt(const EccsiKey* key, const byte* sig, err = mp_read_unsigned_bin(r, sig, sz); } if (err == 0) { + /* must free previous public point otherwise wc_ecc_import_point_der + * could leak memory */ + mp_clear(pvt->x); + mp_clear(pvt->y); + mp_clear(pvt->z); + err = wc_ecc_import_point_der(sig + sz * 2, sz * 2 + 1, wc_ecc_get_curve_idx(key->ecc.dp->id), pvt); } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 741b6bf0b..148871cec 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -16781,6 +16781,10 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void) bytes = (word32)XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file); XFCLOSE(file); + /* for HAVE_WOLF_BIGINT prevent leak */ + wc_FreeDhKey(key); + (void)wc_InitDhKey_ex(key, HEAP_HINT, devId); + idx = 0; XMEMSET(tmp2, 0, DH_TEST_TMP_SIZE);