mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 13:40:49 +02:00
Fix wc_tsip_MakeRsaKey ignoring errors and not freeing buffers in some error cases.
Fixes F-4005.
This commit is contained in:
@@ -55,6 +55,7 @@ This code assumes at least one is enabled
|
||||
int wc_tsip_MakeRsaKey(int size, void* ctx)
|
||||
{
|
||||
e_tsip_err_t ret;
|
||||
int wcRet = WC_HW_E;
|
||||
TsipUserCtx *info = (TsipUserCtx*)ctx;
|
||||
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
|
||||
tsip_rsa1024_key_pair_index_t *tsip_pair1024_key = NULL;
|
||||
@@ -148,6 +149,7 @@ int wc_tsip_MakeRsaKey(int size, void* ctx)
|
||||
info->keyflgs_crypt.bits.rsapri1024_key_set = 1;
|
||||
info->keyflgs_crypt.bits.rsapub1024_key_set = 1;
|
||||
info->wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
|
||||
wcRet = 0;
|
||||
#endif
|
||||
}
|
||||
else if (size == 2048) {
|
||||
@@ -191,13 +193,31 @@ int wc_tsip_MakeRsaKey(int size, void* ctx)
|
||||
info->keyflgs_crypt.bits.rsapri2048_key_set = 1;
|
||||
info->keyflgs_crypt.bits.rsapub2048_key_set = 1;
|
||||
info->wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
|
||||
wcRet = 0;
|
||||
#endif
|
||||
}
|
||||
}
|
||||
else {
|
||||
/* hardware key generation failed; free the key pair buffer that
|
||||
* was allocated above so it does not leak, and report the error */
|
||||
WOLFSSL_MSG_EX("TSIP RSA key generation failed: %d", ret);
|
||||
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
|
||||
XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
#endif
|
||||
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
|
||||
XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
#endif
|
||||
wcRet = WC_HW_E;
|
||||
}
|
||||
tsip_hw_unlock();
|
||||
}
|
||||
else {
|
||||
/* could not obtain the TSIP hardware lock */
|
||||
WOLFSSL_MSG_EX("TSIP hardware lock failed: %d", ret);
|
||||
wcRet = WC_HW_E;
|
||||
}
|
||||
|
||||
return 0;
|
||||
return wcRet;
|
||||
}
|
||||
|
||||
/* Generate TSIP key index if needed
|
||||
|
||||
Reference in New Issue
Block a user