Code review and mp_int memory leak fixes

configure.ac

@@ -4378,6 +4378,9 @@ then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BIND"
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DWOLFSSL_DES_ECB"
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224 -DWOLFSSL_SHA384 -DWOLFSSL_SHA512"
+    ENABLED_SHA224="yes"
+    ENABLED_SHA384="yes"
+    ENABLED_SHA512="yes"
 fi
 
 if test "$ENABLED_OPENVPN" = "yes"

src/ssl.c

@@ -30146,6 +30146,9 @@ int SetDhInternal(WOLFSSL_DH* dh)
         }
     #endif /* WOLFSSL_SMALL_STACK */
 
+        /* Free so that mp_init's don't leak */
+        wc_FreeDhKey((DhKey*)dh->internal);
+
     #ifdef WOLFSSL_DH_EXTRA
         privSz = wolfSSL_BN_bn2bin(dh->priv_key, priv_key);
         pubSz  = wolfSSL_BN_bn2bin(dh->pub_key,  pub_key);
@@ -43615,6 +43618,7 @@ int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH* dh, int prime_len, int generat
 
     WOLFSSL_ENTER("wolfSSL_DH_generate_parameters_ex");
     (void)callback;
+    (void)generator;
 
     if (dh == NULL) {
         WOLFSSL_MSG("Bad parameter");
@@ -43626,23 +43630,21 @@ int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH* dh, int prime_len, int generat
         return WOLFSSL_FAILURE;
     }
 
-    if (dh->inSet == 0) {
-        if (SetDhInternal(dh) != WOLFSSL_SUCCESS) {
-            WOLFSSL_MSG("Unable to set internal DH structure");
-            return WOLFSSL_FAILURE;
-        }
-    }
+    /* Don't need SetDhInternal call since we are generating
+     * parameters ourselves */
 
     key = (DhKey*)dh->internal;
-    if (mp_set_int(&key->g, generator) != MP_OKAY) {
-        WOLFSSL_MSG("Unable to set generator");
-        return WOLFSSL_FAILURE;
-    }
+
+    /* Free so that mp_init's don't leak */
+    wc_FreeDhKey(key);
 
     if (wc_DhGenerateParams(&globalRNG, prime_len, key) != 0) {
         WOLFSSL_MSG("wc_DhGenerateParams error");
         return WOLFSSL_FAILURE;
     }
+    dh->inSet = 1;
+
+    WOLFSSL_MSG("wolfSSL does not support using a custom generator.");
 
     if (SetDhExternal(dh) != WOLFSSL_SUCCESS) {
         WOLFSSL_MSG("SetDhExternal error");
@@ -52491,9 +52493,11 @@ void wolfSSL_DH_get0_key(const WOLFSSL_DH *dh,
     WOLFSSL_ENTER("wolfSSL_DH_get0_key");
 
     if (dh != NULL) {
-        if (pub_key != NULL)
+        if (pub_key != NULL && dh->pub_key != NULL &&
+                wolfSSL_BN_is_zero(dh->pub_key) != WOLFSSL_SUCCESS)
             *pub_key = dh->pub_key;
-        if (priv_key != NULL)
+        if (priv_key != NULL && dh->priv_key != NULL &&
+                wolfSSL_BN_is_zero(dh->priv_key) != WOLFSSL_SUCCESS)
             *priv_key = dh->priv_key;
     }
 }

tests/api.c

@@ -2574,8 +2574,10 @@ static void test_EC_i2d(void)
     buf = NULL;
 
     AssertIntGT((len = i2o_ECPublicKey(key, &buf)), 0);
-    AssertNotNull(o2i_ECPublicKey(&copy, (const unsigned char **)&buf, len));
+    tmp = buf;
+    AssertNotNull(o2i_ECPublicKey(&copy, &tmp, len));
     AssertIntEQ(EC_KEY_check_key(key), 1);
+    XFREE(buf, NULL, DYNAMIC_TYPE_OPENSSL);
 
     EC_KEY_free(key);
     EC_KEY_free(copy);
@@ -45900,7 +45902,7 @@ static void test_wolfSSL_DH(void)
 
     AssertNotNull(dh = d2i_DHparams(NULL, &pt, len));
     AssertNotNull(dh->p);
-    AssertNotNull(dh->p);
+    AssertNotNull(dh->g);
     AssertTrue(pt != buf);
     AssertIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS);
 
@@ -45920,6 +45922,9 @@ static void test_wolfSSL_DH(void)
     AssertPtrEq(priv, dh->priv_key);
 
     DH_free(dh);
+
+    AssertNotNull(dh = DH_generate_parameters(2048, 2, NULL, NULL));
+    DH_free(dh);
 #endif
 #endif
     printf(testingFmt, "test_wolfSSL_DH");

wolfcrypt/src/ecc.c

@@ -7390,6 +7390,11 @@ int wc_ecc_import_point_der_ex(const byte* in, word32 inLen,
         return ECC_BAD_ARG_E;
     }
 
+    /* clear if previously allocated */
+    mp_clear(point->x);
+    mp_clear(point->y);
+    mp_clear(point->z);
+
     /* init point */
 #ifdef ALT_ECC_SIZE
     point->x = (mp_int*)&point->xyz[0];