From 19bb7198a2074cec107d0fa93adfaea1ed5e5f23 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 6 Feb 2026 08:59:45 -0800 Subject: [PATCH] Peer review fixes Co-Authored-By: Claude Opus 4.6 --- src/tls.c | 6 ++++-- wolfcrypt/src/asn.c | 2 ++ wolfcrypt/src/curve25519.c | 34 +++++++++++++++++++--------------- wolfcrypt/test/test.c | 14 ++++++++++++++ 4 files changed, 39 insertions(+), 17 deletions(-) diff --git a/src/tls.c b/src/tls.c index c70b446b5e..1bb1355310 100644 --- a/src/tls.c +++ b/src/tls.c @@ -9225,8 +9225,10 @@ static int TLSX_KeyShare_ProcessX25519_ex(WOLFSSL* ssl, } #endif } - /* On CALL_AGAIN re-entry: shared secret is already computed, - * ret stays 0, proceed to cleanup */ + /* On CALL_AGAIN re-entry (lastRet == PENDING): the block above + * is skipped entirely, so wc_curve25519_shared_secret_ex is not + * called again. ret stays 0 from initialization, and execution + * falls through to the cleanup code below. */ } /* done with key share, release resources */ diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index fbab81a34e..27d3a67073 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -18487,6 +18487,8 @@ int ConfirmSignature(SignatureCtx* sigCtx, ret = wc_ecc_set_nonblock(sigCtx->key.ecc, nbCtx); if (ret != 0) { + XFREE(nbCtx, sigCtx->heap, + DYNAMIC_TYPE_TMP_BUFFER); goto exit_cs; } } diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index 47b0d0b055..af74763a86 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -627,22 +627,26 @@ static int wc_curve25519_shared_secret_nb(curve25519_key* privKey, break; case 2: #ifdef WOLFSSL_ECDHX_SHARED_NOT_ZERO - int i; - byte t = 0; - - for (i = 0; i < CURVE25519_KEYSIZE; i++) { - t |= privKey->nbCtx->o.point[i]; - } - if (t == 0) { - ret = ECC_OUT_OF_RANGE_E; - } - else - #endif /* WOLFSSL_ECDHX_SHARED_NOT_ZERO */ { - curve25519_copy_point(out, privKey->nbCtx->o.point, endian); - *outlen = CURVE25519_KEYSIZE; - ret = 0; + int i; + byte t = 0; + + for (i = 0; i < CURVE25519_KEYSIZE; i++) { + t |= privKey->nbCtx->o.point[i]; + } + if (t == 0) { + ret = ECC_OUT_OF_RANGE_E; + } + else + #endif /* WOLFSSL_ECDHX_SHARED_NOT_ZERO */ + { + curve25519_copy_point(out, privKey->nbCtx->o.point, endian); + *outlen = CURVE25519_KEYSIZE; + ret = 0; + } + #ifdef WOLFSSL_ECDHX_SHARED_NOT_ZERO } + #endif break; } @@ -653,7 +657,7 @@ static int wc_curve25519_shared_secret_nb(curve25519_key* privKey, return ret; } -#endif /* WC_X25518_NONBLOCK */ +#endif /* WC_X25519_NONBLOCK */ int wc_curve25519_shared_secret_ex(curve25519_key* private_key, curve25519_key* public_key, diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 83b4325701..fce1446aea 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -38615,6 +38615,7 @@ static int x25519_nonblock_test(WC_RNG* rng) ret = wc_curve25519_set_nonblock(&userA, &nbCtx); if (ret != 0) { printf("wc_curve25519_set_nonblock 1 %d\n", ret); + wc_curve25519_free(&userA); return -10723; } count = 0; @@ -38624,6 +38625,7 @@ static int x25519_nonblock_test(WC_RNG* rng) } while (ret == FP_WOULDBLOCK); if (ret != 0) { printf("wc_curve25519_make_key_nb 1 %d\n", ret); + wc_curve25519_free(&userA); return -10724; } #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK) @@ -38640,6 +38642,8 @@ static int x25519_nonblock_test(WC_RNG* rng) ret = wc_curve25519_set_nonblock(&userB, &nbCtx); if (ret != 0) { printf("wc_curve25519_set_nonblock 2 %d\n", ret); + wc_curve25519_free(&userA); + wc_curve25519_free(&userB); return -10725; } count = 0; @@ -38649,6 +38653,8 @@ static int x25519_nonblock_test(WC_RNG* rng) } while (ret == FP_WOULDBLOCK); if (ret != 0) { printf("wc_curve25519_make_key_nb 2 %d\n", ret); + wc_curve25519_free(&userA); + wc_curve25519_free(&userB); return -10726; } @@ -38659,6 +38665,8 @@ static int x25519_nonblock_test(WC_RNG* rng) } while (ret == FP_WOULDBLOCK); if (ret != 0) { printf("wc_curve25519_shared_secret_nb 1 %d\n", ret); + wc_curve25519_free(&userA); + wc_curve25519_free(&userB); return -10727; } @@ -38671,6 +38679,8 @@ static int x25519_nonblock_test(WC_RNG* rng) while (ret == FP_WOULDBLOCK); if (ret != 0) { printf("wc_curve25519_shared_secret_nb 2 %d\n", ret); + wc_curve25519_free(&userA); + wc_curve25519_free(&userB); return -10728; } #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK) @@ -38680,10 +38690,14 @@ static int x25519_nonblock_test(WC_RNG* rng) /* compare shared secret keys to test they are the same */ if (y != x) { + wc_curve25519_free(&userA); + wc_curve25519_free(&userB); return -10729; } if (XMEMCMP(sharedA, sharedB, x) != 0) { + wc_curve25519_free(&userA); + wc_curve25519_free(&userB); return -10730; } #endif /* HAVE_CURVE25519_SHARED_SECRET */