mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-07 14:30:49 +02:00
@@ -1180,6 +1180,8 @@ static int ImportKeyState(WOLFSSL* ssl, const byte* exp, word32 len, byte ver,
|
||||
word16 i, wordCount, wordAdj = 0;
|
||||
|
||||
/* do window */
|
||||
if (idx + OPAQUE16_LEN > len)
|
||||
return BUFFER_E;
|
||||
ato16(exp + idx, &wordCount);
|
||||
idx += OPAQUE16_LEN;
|
||||
|
||||
@@ -1188,6 +1190,8 @@ static int ImportKeyState(WOLFSSL* ssl, const byte* exp, word32 len, byte ver,
|
||||
wordCount = WOLFSSL_DTLS_WINDOW_WORDS;
|
||||
}
|
||||
|
||||
if (idx + (wordCount * OPAQUE32_LEN) + wordAdj > len)
|
||||
return BUFFER_E;
|
||||
XMEMSET(keys->peerSeq[0].window, 0xFF, DTLS_SEQ_SZ);
|
||||
for (i = 0; i < wordCount; i++) {
|
||||
ato32(exp + idx, &keys->peerSeq[0].window[i]);
|
||||
@@ -1196,6 +1200,9 @@ static int ImportKeyState(WOLFSSL* ssl, const byte* exp, word32 len, byte ver,
|
||||
idx += wordAdj;
|
||||
|
||||
/* do prevWindow */
|
||||
wordAdj = 0;
|
||||
if (idx + OPAQUE16_LEN > len)
|
||||
return BUFFER_E;
|
||||
ato16(exp + idx, &wordCount);
|
||||
idx += OPAQUE16_LEN;
|
||||
|
||||
@@ -1204,6 +1211,8 @@ static int ImportKeyState(WOLFSSL* ssl, const byte* exp, word32 len, byte ver,
|
||||
wordCount = WOLFSSL_DTLS_WINDOW_WORDS;
|
||||
}
|
||||
|
||||
if (idx + (wordCount * OPAQUE32_LEN) + wordAdj > len)
|
||||
return BUFFER_E;
|
||||
XMEMSET(keys->peerSeq[0].prevWindow, 0xFF, DTLS_SEQ_SZ);
|
||||
for (i = 0; i < wordCount; i++) {
|
||||
ato32(exp + idx, &keys->peerSeq[0].prevWindow[i]);
|
||||
|
||||
@@ -87,6 +87,7 @@ static int wc_CAAM_DevEccSign(const byte* in, int inlen, byte* out,
|
||||
/* private key */
|
||||
if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(key), pk, keySz) != MP_OKAY)
|
||||
{
|
||||
ForceZero(pk, sizeof(pk));
|
||||
return MP_TO_E;
|
||||
}
|
||||
|
||||
@@ -108,10 +109,12 @@ static int wc_CAAM_DevEccSign(const byte* in, int inlen, byte* out,
|
||||
mp_free(&mps);
|
||||
if (ret != 0) {
|
||||
WOLFSSL_MSG("Issue converting to signature\n");
|
||||
ForceZero(pk, sizeof(pk));
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
ForceZero(pk, sizeof(pk));
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -201,6 +204,7 @@ static int wc_CAAM_DevEcdh(ecc_key* private_key, ecc_key* public_key, byte* out,
|
||||
if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(private_key), pk, keySz) !=
|
||||
MP_OKAY) {
|
||||
WOLFSSL_MSG("error getting private key buffer");
|
||||
ForceZero(pk, sizeof(pk));
|
||||
return MP_TO_E;
|
||||
}
|
||||
|
||||
@@ -209,6 +213,7 @@ static int wc_CAAM_DevEcdh(ecc_key* private_key, ecc_key* public_key, byte* out,
|
||||
if (ret == 0) {
|
||||
*outlen = keySz;
|
||||
}
|
||||
ForceZero(pk, sizeof(pk));
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -237,10 +242,12 @@ static int wc_CAAM_DevMakeEccKey(WC_RNG* rng, int keySize, ecc_key* key,
|
||||
ret = wc_DevCryptoEccKeyGen(curveId, blackKey, s, keySize, xy, keySize*2);
|
||||
if (wc_ecc_import_unsigned(key, xy, xy + keySize, s, curveId) != 0) {
|
||||
WOLFSSL_MSG("issue importing key");
|
||||
ForceZero(s, sizeof(s));
|
||||
return -1;
|
||||
}
|
||||
key->blackKey = blackKey;
|
||||
|
||||
ForceZero(s, sizeof(s));
|
||||
(void)rng;
|
||||
return ret;
|
||||
}
|
||||
@@ -340,6 +347,7 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,
|
||||
if (key->blackKey == CAAM_BLACK_KEY_CCM) {
|
||||
if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(key), pk,
|
||||
keySz + WC_CAAM_MAC_SZ) != MP_OKAY) {
|
||||
ForceZero(pk, sizeof(pk));
|
||||
return MP_TO_E;
|
||||
}
|
||||
buf[idx].Length = keySz + WC_CAAM_MAC_SZ;
|
||||
@@ -347,6 +355,7 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,
|
||||
else {
|
||||
if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(key), pk, keySz) !=
|
||||
MP_OKAY) {
|
||||
ForceZero(pk, sizeof(pk));
|
||||
return MP_TO_E;
|
||||
}
|
||||
buf[idx].Length = keySz;
|
||||
@@ -376,8 +385,10 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,
|
||||
args[3] = keySz;
|
||||
|
||||
ret = wc_caamAddAndWait(buf, idx, args, CAAM_ECDSA_SIGN);
|
||||
if (ret != 0)
|
||||
if (ret != 0) {
|
||||
ForceZero(pk, sizeof(pk));
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* convert signature from raw bytes to signature format */
|
||||
{
|
||||
@@ -394,10 +405,12 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,
|
||||
mp_free(&mps);
|
||||
if (ret != 0) {
|
||||
WOLFSSL_MSG("Issue converting to signature");
|
||||
ForceZero(pk, sizeof(pk));
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
ForceZero(pk, sizeof(pk));
|
||||
(void)devId;
|
||||
return MP_OKAY;
|
||||
}
|
||||
@@ -610,6 +623,7 @@ int wc_CAAM_Ecdh(ecc_key* private_key, ecc_key* public_key, byte* out,
|
||||
if (private_key->blackKey == CAAM_BLACK_KEY_CCM) {
|
||||
if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(private_key), pk,
|
||||
keySz + WC_CAAM_MAC_SZ) != MP_OKAY) {
|
||||
ForceZero(pk, sizeof(pk));
|
||||
return MP_TO_E;
|
||||
}
|
||||
buf[idx].Length = keySz + WC_CAAM_MAC_SZ;
|
||||
@@ -617,6 +631,7 @@ int wc_CAAM_Ecdh(ecc_key* private_key, ecc_key* public_key, byte* out,
|
||||
else {
|
||||
if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(private_key), pk,
|
||||
keySz) != MP_OKAY) {
|
||||
ForceZero(pk, sizeof(pk));
|
||||
return MP_TO_E;
|
||||
}
|
||||
buf[idx].Length = keySz;
|
||||
@@ -646,6 +661,7 @@ int wc_CAAM_Ecdh(ecc_key* private_key, ecc_key* public_key, byte* out,
|
||||
args[2] = ecdsel;
|
||||
args[3] = keySz;
|
||||
ret = wc_caamAddAndWait(buf, idx, args, CAAM_ECDSA_ECDH);
|
||||
ForceZero(pk, sizeof(pk));
|
||||
(void)devId;
|
||||
if (ret == 0) {
|
||||
*outlen = keySz;
|
||||
@@ -737,20 +753,25 @@ int wc_CAAM_MakeEccKey(WC_RNG* rng, int keySize, ecc_key* key, int curveId,
|
||||
key->blackKey = (pt[0] << 24) | (pt[1] << 16) | (pt[2] << 8) | pt[3];
|
||||
if (wc_ecc_import_unsigned(key, xy, xy + keySize, NULL, curveId) != 0) {
|
||||
WOLFSSL_MSG("issue importing public key");
|
||||
ForceZero(s, sizeof(s));
|
||||
return -1;
|
||||
}
|
||||
key->partNum = args[2];
|
||||
ForceZero(s, sizeof(s));
|
||||
return MP_OKAY;
|
||||
}
|
||||
else if (ret == 0) {
|
||||
if (wc_ecc_import_unsigned(key, xy, xy + keySize,
|
||||
s, curveId) != 0) {
|
||||
WOLFSSL_MSG("issue importing key");
|
||||
ForceZero(s, sizeof(s));
|
||||
return -1;
|
||||
}
|
||||
key->blackKey = args[0];
|
||||
ForceZero(s, sizeof(s));
|
||||
return MP_OKAY;
|
||||
}
|
||||
ForceZero(s, sizeof(s));
|
||||
return -1;
|
||||
}
|
||||
#endif /* WOLFSSL_KEY_GEN */
|
||||
|
||||
@@ -443,12 +443,14 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,
|
||||
if (key->blackKey == CAAM_BLACK_KEY_CCM) {
|
||||
if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(key), k,
|
||||
kSz + WC_CAAM_MAC_SZ) != MP_OKAY) {
|
||||
ForceZero(k, sizeof(k));
|
||||
return MP_TO_E;
|
||||
}
|
||||
}
|
||||
else {
|
||||
if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(key), k, kSz) !=
|
||||
MP_OKAY) {
|
||||
ForceZero(k, sizeof(k));
|
||||
return MP_TO_E;
|
||||
}
|
||||
}
|
||||
@@ -457,6 +459,7 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,
|
||||
ecdsel = GetECDSEL(dp->id);
|
||||
if (ecdsel == 0) {
|
||||
WOLFSSL_MSG("unknown key type or size");
|
||||
ForceZero(k, sizeof(k));
|
||||
return CRYPTOCB_UNAVAILABLE;
|
||||
}
|
||||
|
||||
@@ -469,6 +472,7 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,
|
||||
break;
|
||||
default:
|
||||
WOLFSSL_MSG("unknown/unsupported key type");
|
||||
ForceZero(k, sizeof(k));
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
@@ -508,10 +512,12 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,
|
||||
mp_free(&mps);
|
||||
if (ret != 0) {
|
||||
WOLFSSL_MSG("Issue converting to signature");
|
||||
ForceZero(k, sizeof(k));
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
ForceZero(k, sizeof(k));
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -697,22 +703,26 @@ int wc_CAAM_Ecdh(ecc_key* private_key, ecc_key* public_key, byte* out,
|
||||
if (private_key->blackKey == CAAM_BLACK_KEY_CCM) {
|
||||
if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(private_key), k,
|
||||
keySz + WC_CAAM_MAC_SZ) != MP_OKAY) {
|
||||
ForceZero(k, sizeof(k));
|
||||
return MP_TO_E;
|
||||
}
|
||||
}
|
||||
else {
|
||||
if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(private_key), k, keySz)
|
||||
!= MP_OKAY) {
|
||||
ForceZero(k, sizeof(k));
|
||||
return MP_TO_E;
|
||||
}
|
||||
}
|
||||
|
||||
if (*outlen < (word32)keySz) {
|
||||
ForceZero(k, sizeof(k));
|
||||
return -1;
|
||||
}
|
||||
|
||||
status = CAAM_ECC_ECDH(CAAM, &hndl, k, keySz, qxy, keySz*2, out, keySz,
|
||||
ecdsel, enc);
|
||||
ForceZero(k, sizeof(k));
|
||||
if (status == kStatus_Success) {
|
||||
*outlen = keySz;
|
||||
return MP_OKAY;
|
||||
@@ -762,17 +772,22 @@ int wc_CAAM_MakeEccKey(WC_RNG* rng, int keySize, ecc_key* key, int curveId,
|
||||
return CRYPTOCB_UNAVAILABLE;
|
||||
}
|
||||
|
||||
if (key->blackKey == CAAM_BLACK_KEY_ECB) {
|
||||
switch (key->blackKey) {
|
||||
case CAAM_BLACK_KEY_ECB:
|
||||
enc = CAAM_PKHA_ENC_PRI_AESECB;
|
||||
}
|
||||
|
||||
if (key->blackKey == 0) {
|
||||
break;
|
||||
case 0:
|
||||
#ifdef WOLFSSL_CAAM_NO_BLACK_KEY
|
||||
enc = 0;
|
||||
#else
|
||||
key->blackKey = CAAM_BLACK_KEY_ECB;
|
||||
enc = CAAM_PKHA_ENC_PRI_AESECB;
|
||||
#endif
|
||||
break;
|
||||
default:
|
||||
WOLFSSL_MSG("unknown/unsupported key type");
|
||||
ForceZero(k, sizeof(k));
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
status = CAAM_ECC_Keygen(CAAM, &hndl, k, &kSz, xy, &xySz, ecdsel,
|
||||
@@ -787,6 +802,7 @@ int wc_CAAM_MakeEccKey(WC_RNG* rng, int keySize, ecc_key* key, int curveId,
|
||||
ret = -1;
|
||||
}
|
||||
|
||||
ForceZero(k, sizeof(k));
|
||||
return ret;
|
||||
}
|
||||
#endif /* WOLFSSL_KEY_GEN */
|
||||
|
||||
@@ -156,9 +156,10 @@ static int _PrivateOperation(const byte* in, word32 inlen, byte* out,
|
||||
byte* u = NULL;
|
||||
byte* n = NULL;
|
||||
word32 dSz, pSz, qSz, dpSz = 0, dqSz = 0, uSz = 0, nSz;
|
||||
word32 dAllocSz;
|
||||
|
||||
dev = &key->ctx;
|
||||
dSz = nSz = wc_RsaEncryptSize(key);
|
||||
dAllocSz = dSz = nSz = wc_RsaEncryptSize(key);
|
||||
pSz = qSz = nSz / 2;
|
||||
if (outlen < dSz) {
|
||||
WOLFSSL_MSG("Output buffer is too small");
|
||||
@@ -196,7 +197,7 @@ static int _PrivateOperation(const byte* in, word32 inlen, byte* out,
|
||||
if (!key->blackKey) { /* @TODO unexpected results with black key CRT form */
|
||||
if (ret == 0 && dpSz > 0) {
|
||||
dSz = 0; nSz = 0;
|
||||
dq = (byte*)XMALLOC(dpSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
dq = (byte*)XMALLOC(dqSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
dp = (byte*)XMALLOC(dpSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
u = (byte*)XMALLOC(uSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (dq == NULL || dp == NULL || u == NULL) {
|
||||
@@ -237,12 +238,12 @@ static int _PrivateOperation(const byte* in, word32 inlen, byte* out,
|
||||
}
|
||||
}
|
||||
|
||||
XFREE(d, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(q, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(dp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(dq, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(u, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (d) { ForceZero(d, dAllocSz); XFREE(d, NULL, DYNAMIC_TYPE_TMP_BUFFER); }
|
||||
if (p) { ForceZero(p, pSz); XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER); }
|
||||
if (q) { ForceZero(q, qSz); XFREE(q, NULL, DYNAMIC_TYPE_TMP_BUFFER); }
|
||||
if (dp) { ForceZero(dp, dpSz); XFREE(dp, NULL, DYNAMIC_TYPE_TMP_BUFFER); }
|
||||
if (dq) { ForceZero(dq, dqSz); XFREE(dq, NULL, DYNAMIC_TYPE_TMP_BUFFER); }
|
||||
if (u) { ForceZero(u, uSz); XFREE(u, NULL, DYNAMIC_TYPE_TMP_BUFFER); }
|
||||
XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
wc_DevCryptoFree(dev);
|
||||
@@ -540,13 +541,13 @@ int wc_DevCrypto_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
|
||||
#endif
|
||||
}
|
||||
|
||||
XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(dp, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(dq, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(c, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (p) { ForceZero(p, pSz); XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); }
|
||||
if (q) { ForceZero(q, qSz); XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER); }
|
||||
if (dp) { ForceZero(dp, dpSz); XFREE(dp, key->heap, DYNAMIC_TYPE_TMP_BUFFER); }
|
||||
if (dq) { ForceZero(dq, dqSz); XFREE(dq, key->heap, DYNAMIC_TYPE_TMP_BUFFER); }
|
||||
if (c) { ForceZero(c, cSz); XFREE(c, key->heap, DYNAMIC_TYPE_TMP_BUFFER); }
|
||||
XFREE(n, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(d, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (d) { ForceZero(d, dSz); XFREE(d, key->heap, DYNAMIC_TYPE_TMP_BUFFER); }
|
||||
|
||||
(void)rng;
|
||||
return ret;
|
||||
|
||||
@@ -127,7 +127,10 @@ static int KcapiDh_SetPrivKey(DhKey* key)
|
||||
}
|
||||
}
|
||||
|
||||
XFREE(priv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (priv != NULL) {
|
||||
ForceZero(priv, len);
|
||||
XFREE(priv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -120,6 +120,7 @@ int KcapiEcc_LoadKey(ecc_key* key, byte* pubkey_raw, word32* pubkey_sz,
|
||||
if (ret == 0) {
|
||||
ret = kcapi_kpp_setkey(key->handle, priv, keySz);
|
||||
}
|
||||
ForceZero(priv, sizeof(priv));
|
||||
}
|
||||
else {
|
||||
/* generate new ephemeral key */
|
||||
@@ -241,6 +242,7 @@ int KcapiEcc_SharedSecret(ecc_key* private_key, ecc_key* public_key, byte* out,
|
||||
ret = 0;
|
||||
}
|
||||
}
|
||||
ForceZero(priv, sizeof(priv));
|
||||
}
|
||||
if (ret == 0) {
|
||||
#ifdef KCAPI_USE_XMALLOC
|
||||
@@ -317,6 +319,7 @@ static int KcapiEcc_SetPrivKey(ecc_key* key)
|
||||
}
|
||||
}
|
||||
|
||||
ForceZero(priv, sizeof(priv));
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
@@ -488,7 +488,7 @@ int wc_Sha512_224Final(wc_Sha512* sha, byte* hash)
|
||||
if (sha == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
return KcapiHashFinal(&sha->kcapi, hash, WC_SHA512_DIGEST_SIZE,
|
||||
return KcapiHashFinal(&sha->kcapi, hash, WC_SHA512_224_DIGEST_SIZE,
|
||||
WC_NAME_SHA512_224);
|
||||
}
|
||||
int wc_Sha512_224GetHash(wc_Sha512* sha, byte* hash)
|
||||
@@ -496,7 +496,7 @@ int wc_Sha512_224GetHash(wc_Sha512* sha, byte* hash)
|
||||
if (sha == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
return KcapiHashGet(&sha->kcapi, hash, WC_SHA512_DIGEST_SIZE);
|
||||
return KcapiHashGet(&sha->kcapi, hash, WC_SHA512_224_DIGEST_SIZE);
|
||||
}
|
||||
|
||||
|
||||
@@ -527,7 +527,7 @@ int wc_Sha512_256Final(wc_Sha512* sha, byte* hash)
|
||||
if (sha == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
return KcapiHashFinal(&sha->kcapi, hash, WC_SHA512_DIGEST_SIZE,
|
||||
return KcapiHashFinal(&sha->kcapi, hash, WC_SHA512_256_DIGEST_SIZE,
|
||||
WC_NAME_SHA512_256);
|
||||
}
|
||||
int wc_Sha512_256GetHash(wc_Sha512* sha, byte* hash)
|
||||
@@ -535,7 +535,7 @@ int wc_Sha512_256GetHash(wc_Sha512* sha, byte* hash)
|
||||
if (sha == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
return KcapiHashGet(&sha->kcapi, hash, WC_SHA512_DIGEST_SIZE);
|
||||
return KcapiHashGet(&sha->kcapi, hash, WC_SHA512_256_DIGEST_SIZE);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -44,12 +44,14 @@ static int KcapiRsa_SetPrivKey(RsaKey* key)
|
||||
int ret = 0;
|
||||
unsigned char* priv = NULL;
|
||||
int len;
|
||||
int allocSz = 0;
|
||||
|
||||
len = wc_RsaKeyToDer(key, NULL, 0);
|
||||
if (len < 0) {
|
||||
ret = len;
|
||||
}
|
||||
if (ret == 0) {
|
||||
allocSz = len;
|
||||
priv = (unsigned char*)XMALLOC(len, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (priv == NULL) {
|
||||
ret = MEMORY_E;
|
||||
@@ -69,7 +71,10 @@ static int KcapiRsa_SetPrivKey(RsaKey* key)
|
||||
}
|
||||
}
|
||||
|
||||
XFREE(priv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (priv != NULL) {
|
||||
ForceZero(priv, allocSz);
|
||||
XFREE(priv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
@@ -344,6 +344,7 @@ int se050_hash_final(SE050_HASH_Context* se050Ctx, byte* hash, size_t digestLen,
|
||||
|
||||
if (status == kStatus_SSS_Success) {
|
||||
/* reset state */
|
||||
XFREE(se050Ctx->msg, se050Ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
ret = se050_hash_init(se050Ctx, se050Ctx->heap);
|
||||
} else {
|
||||
ret = WC_HW_E;
|
||||
@@ -572,6 +573,7 @@ int wc_se050_insert_binary_object(word32 keyId, const byte* object,
|
||||
|
||||
/* Avoid key ID conflicts with temporary key storage */
|
||||
if (keyId >= SE050_KEYID_START) {
|
||||
wolfSSL_CryptHwMutexUnLock();
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
@@ -636,10 +638,12 @@ int wc_se050_get_binary_object(word32 keyId, byte* out, word32* outSz)
|
||||
else {
|
||||
if (out == NULL) {
|
||||
*outSz = ret;
|
||||
wolfSSL_CryptHwMutexUnLock();
|
||||
return WC_NO_ERR_TRACE(LENGTH_ONLY_E);
|
||||
}
|
||||
if ((word32)ret > *outSz) {
|
||||
WOLFSSL_MSG("Output buffer not large enough for object");
|
||||
wolfSSL_CryptHwMutexUnLock();
|
||||
return BAD_LENGTH_E;
|
||||
}
|
||||
ret = 0;
|
||||
@@ -931,6 +935,7 @@ static int se050_rsa_insert_key(word32 keyId, const byte* rsaDer,
|
||||
|
||||
/* Avoid key ID conflicts with temporary key storage */
|
||||
if (keyId >= SE050_KEYID_START) {
|
||||
wolfSSL_CryptHwMutexUnLock();
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
@@ -1977,6 +1982,7 @@ static int se050_ecc_insert_key(word32 keyId, const byte* eccDer,
|
||||
|
||||
/* Avoid key ID conflicts with temporary key storage */
|
||||
if (keyId >= SE050_KEYID_START) {
|
||||
wolfSSL_CryptHwMutexUnLock();
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
@@ -2008,7 +2014,9 @@ static int se050_ecc_insert_key(word32 keyId, const byte* eccDer,
|
||||
status = kStatus_SSS_Fail;
|
||||
}
|
||||
}
|
||||
status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
|
||||
if (status == kStatus_SSS_Success) {
|
||||
status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi);
|
||||
}
|
||||
if (status == kStatus_SSS_Success) {
|
||||
status = sss_key_object_init(&newKey, &host_keystore);
|
||||
}
|
||||
|
||||
@@ -108,10 +108,10 @@ int silabs_ecc_sign_hash(const byte* in, word32 inlen, byte* out,
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
slkey = &key->key;
|
||||
siglen = *outlen;
|
||||
siglen = key->dp->size * 2;
|
||||
|
||||
if ((int)siglen >= key->dp->size * 2) {
|
||||
siglen = key->dp->size * 2;
|
||||
if (*outlen < siglen) {
|
||||
return BUFFER_E;
|
||||
}
|
||||
|
||||
#if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT)
|
||||
@@ -138,7 +138,11 @@ int silabs_ecc_sign_hash(const byte* in, word32 inlen, byte* out,
|
||||
siglen
|
||||
);
|
||||
}
|
||||
return (sl_stat == SL_STATUS_OK) ? 0 : WC_HW_E;
|
||||
if (sl_stat == SL_STATUS_OK) {
|
||||
*outlen = siglen;
|
||||
return 0;
|
||||
}
|
||||
return WC_HW_E;
|
||||
}
|
||||
|
||||
#ifdef HAVE_ECC_VERIFY
|
||||
|
||||
@@ -592,7 +592,7 @@ static int AesAuthDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
|
||||
ROM_AESDataProcess(AES_BASE, aes->reg, tmpTag, WC_AES_BLOCK_SIZE);
|
||||
wolfSSL_TI_unlockCCM();
|
||||
|
||||
if (XMEMCMP(authTag, tmpTag, authTagSz) != 0) {
|
||||
if (ConstantCompare(authTag, tmpTag, authTagSz) != 0) {
|
||||
ret = AES_GCM_AUTH_E;
|
||||
}
|
||||
return ret;
|
||||
@@ -645,7 +645,7 @@ static int AesAuthDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
|
||||
(unsigned int*)tmpTag);
|
||||
wolfSSL_TI_unlockCCM();
|
||||
|
||||
if ((ret == false) || (XMEMCMP(authTag, tmpTag, authTagSz) != 0)) {
|
||||
if ((ret == false) || (ConstantCompare(authTag, tmpTag, authTagSz) != 0)) {
|
||||
XMEMSET(out, 0, inSz);
|
||||
ret = AES_GCM_AUTH_E;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user