wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 11:17:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes for buffers when testing with Intel QAT hardware and fsanitize=address:

Browse Source 
* PKCS7 should use allocated buffer for RSA.
* PKCS7 small stack typo for `keyAlgArray` size in `wc_PKCS7_AddRecipient_KTRI`.
* Fix for use of `free`, which should be `XFREE` in api.c.
* Cleanup old RSA benchmarking MDK5/WINCE code no longer needed with `WC_DECLARE_ARRAY_DYNAMIC_DEC` and `WC_DECLARE_ARRAY_DYNAMIC_EXE`.
This commit is contained in:
David Garske
2022-06-01 10:51:59 -07:00
parent cced5bd700
commit 5672e2a885
3 changed files with 49 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
tests/api.c
View File

@@ -48194,7 +48194,8 @@ static void test_wolfSSL_PKCS7_sign(void)
tmpPtr = NULL; tmpPtr = NULL;
AssertIntEQ(i2d_X509(signCert, &tmpPtr), p7Ver->verifyCertSz); AssertIntEQ(i2d_X509(signCert, &tmpPtr), p7Ver->verifyCertSz);
AssertIntEQ(XMEMCMP(tmpPtr, p7Ver->verifyCert, p7Ver->verifyCertSz), 0); AssertIntEQ(XMEMCMP(tmpPtr, p7Ver->verifyCert, p7Ver->verifyCertSz), 0);
free(tmpPtr); XFREE(tmpPtr, NULL, DYNAMIC_TYPE_OPENSSL);
tmpPtr = NULL;
wc_PKCS7_Free(p7Ver); wc_PKCS7_Free(p7Ver);

12
wolfcrypt/benchmark/benchmark.c
View File

@@ -5233,19 +5233,9 @@ static void bench_rsa_helper(int useDeviceID, RsaKey rsaKey[BENCH_MAX_PENDING],
#ifndef WOLFSSL_RSA_VERIFY_ONLY #ifndef WOLFSSL_RSA_VERIFY_ONLY
WC_DECLARE_VAR(message, byte, TEST_STRING_SZ, HEAP_HINT); WC_DECLARE_VAR(message, byte, TEST_STRING_SZ, HEAP_HINT);
#endif #endif
#if !defined(WOLFSSL_MDK5_COMPLv5) && !defined(_WIN32_WCE)
/* MDK5 compiler regard this as a executable statement, and does not allow declarations after the line. */
WC_DECLARE_ARRAY_DYNAMIC_DEC(enc, byte, BENCH_MAX_PENDING, rsaKeySz, HEAP_HINT); WC_DECLARE_ARRAY_DYNAMIC_DEC(enc, byte, BENCH_MAX_PENDING, rsaKeySz, HEAP_HINT);
#else
byte* enc[BENCH_MAX_PENDING];
#endif
#if !defined(WOLFSSL_RSA_VERIFY_INLINE) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) #if !defined(WOLFSSL_RSA_VERIFY_INLINE) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
#if !defined(WOLFSSL_MDK5_COMPLv5) && !defined(_WIN32_WCE) WC_DECLARE_ARRAY_DYNAMIC_DEC(out, byte, BENCH_MAX_PENDING, rsaKeySz, HEAP_HINT);
/* MDK5 compiler regard this as a executable statement, and does not allow declarations after the line. */
WC_DECLARE_ARRAY_DYNAMIC_DEC(out, byte, BENCH_MAX_PENDING, rsaKeySz, HEAP_HINT);
#else
byte* out[BENCH_MAX_PENDING];
#endif
#else #else
byte* out[BENCH_MAX_PENDING]; byte* out[BENCH_MAX_PENDING];
#endif #endif

90
wolfcrypt/src/pkcs7.c
View File

@@ -6435,42 +6435,45 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
byte issuerSKID[MAX_LENGTH_SZ]; byte issuerSKID[MAX_LENGTH_SZ];
word32 issuerSKIDSz = 0; word32 issuerSKIDSz = 0;
byte* encryptedKey;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
byte* serial; byte* serial;
byte* keyAlgArray; byte* keyAlgArray;
byte* encryptedKey;
RsaKey* pubKey; RsaKey* pubKey;
DecodedCert* decoded; DecodedCert* decoded;
serial = (byte*)XMALLOC(MAX_SN_SZ, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); serial = (byte*)XMALLOC(MAX_SN_SZ, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
keyAlgArray = (byte*)XMALLOC(MAX_SN_SZ, pkcs7->heap, keyAlgArray = (byte*)XMALLOC(MAX_ALGO_SZ, pkcs7->heap,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
encryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, pkcs7->heap,
DYNAMIC_TYPE_TMP_BUFFER);
decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), pkcs7->heap, decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), pkcs7->heap,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
if (decoded == NULL || serial == NULL || if (decoded == NULL || serial == NULL || keyAlgArray == NULL) {
encryptedKey == NULL || keyAlgArray == NULL) { XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (serial) XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (keyAlgArray)
XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (encryptedKey)
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (decoded)
XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
return MEMORY_E; return MEMORY_E;
} }
#else #else
byte serial[MAX_SN_SZ]; byte serial[MAX_SN_SZ];
byte keyAlgArray[MAX_ALGO_SZ]; byte keyAlgArray[MAX_ALGO_SZ];
byte encryptedKey[MAX_ENCRYPTED_KEY_SZ];
RsaKey pubKey[1]; RsaKey pubKey[1];
DecodedCert decoded[1]; DecodedCert decoded[1];
#endif #endif
/* Always allocate to ensure aligned use with RSA */
encryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, pkcs7->heap,
DYNAMIC_TYPE_WOLF_BIGINT);
if (encryptedKey == NULL) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return MEMORY_E;
}
encryptedKeySz = MAX_ENCRYPTED_KEY_SZ; encryptedKeySz = MAX_ENCRYPTED_KEY_SZ;
XMEMSET(encryptedKey, 0, encryptedKeySz); XMEMSET(encryptedKey, 0, encryptedKeySz);
@@ -6495,9 +6498,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
return MEMORY_E; return MEMORY_E;
} }
XMEMSET(recip, 0, sizeof(Pkcs7EncodedRecip)); XMEMSET(recip, 0, sizeof(Pkcs7EncodedRecip));
@@ -6508,9 +6511,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return blockKeySz; return blockKeySz;
} }
@@ -6521,9 +6524,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return ret; return ret;
} }
@@ -6535,9 +6538,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return ret; return ret;
} }
@@ -6555,9 +6558,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return -1; return -1;
} }
@@ -6570,9 +6573,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return -1; return -1;
} }
@@ -6584,9 +6587,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return -1; return -1;
} }
@@ -6604,9 +6607,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return PKCS7_RECIP_E; return PKCS7_RECIP_E;
} }
@@ -6619,9 +6622,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return ALGO_ID_E; return ALGO_ID_E;
} }
@@ -6632,9 +6635,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
@@ -6646,7 +6649,7 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
FreeDecodedCert(decoded); FreeDecodedCert(decoded);
XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return MEMORY_E; return MEMORY_E;
@@ -6661,9 +6664,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
XFREE(pubKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(pubKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return ret; return ret;
} }
@@ -6677,9 +6680,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
XFREE(pubKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(pubKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return PUBLIC_KEY_E; return PUBLIC_KEY_E;
} }
@@ -6692,9 +6695,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
XFREE(pubKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(pubKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return MEMORY_E; return MEMORY_E;
} }
@@ -6726,9 +6729,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return ret; return ret;
} }
@@ -6749,9 +6752,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return BUFFER_E; return BUFFER_E;
} }
@@ -6768,9 +6771,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return BUFFER_E; return BUFFER_E;
} }
@@ -6810,9 +6813,9 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz,
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
/* store recipient size */ /* store recipient size */
recip->recipSz = idx; recip->recipSz = idx;
@@ -8483,13 +8486,13 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
WC_RNG rng; WC_RNG rng;
#endif #endif
byte* encryptedKey = NULL;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
mp_int* serialNum = NULL; mp_int* serialNum = NULL;
byte* encryptedKey = NULL;
RsaKey* privKey = NULL; RsaKey* privKey = NULL;
#else #else
mp_int serialNum[1]; mp_int serialNum[1];
byte encryptedKey[MAX_ENCRYPTED_KEY_SZ];
RsaKey privKey[1]; RsaKey privKey[1];
#endif #endif
@@ -8683,12 +8686,11 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
encryptedKeySz = pkcs7->stream->expected; encryptedKeySz = pkcs7->stream->expected;
#endif #endif
#ifdef WOLFSSL_SMALL_STACK /* Always allocate to ensure aligned use with RSA */
encryptedKey = (byte*)XMALLOC(encryptedKeySz, pkcs7->heap, encryptedKey = (byte*)XMALLOC(encryptedKeySz, pkcs7->heap,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_WOLF_BIGINT);
if (encryptedKey == NULL) if (encryptedKey == NULL)
return MEMORY_E; return MEMORY_E;
#endif
if (*recipFound == 1) if (*recipFound == 1)
XMEMCPY(encryptedKey, &pkiMsg[*idx], encryptedKeySz); XMEMCPY(encryptedKey, &pkiMsg[*idx], encryptedKeySz);
@@ -8699,15 +8701,15 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
privKey = (RsaKey*)XMALLOC(sizeof(RsaKey), pkcs7->heap, privKey = (RsaKey*)XMALLOC(sizeof(RsaKey), pkcs7->heap,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
if (privKey == NULL) { if (privKey == NULL) {
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
return MEMORY_E; return MEMORY_E;
} }
#endif #endif
ret = wc_InitRsaKey_ex(privKey, pkcs7->heap, pkcs7->devId); ret = wc_InitRsaKey_ex(privKey, pkcs7->heap, pkcs7->devId);
if (ret != 0) { if (ret != 0) {
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
return ret; return ret;
@@ -8724,8 +8726,8 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
if (ret != 0) { if (ret != 0) {
WOLFSSL_MSG("Failed to decode RSA private key"); WOLFSSL_MSG("Failed to decode RSA private key");
wc_FreeRsaKey(privKey); wc_FreeRsaKey(privKey);
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
return ret; return ret;
@@ -8765,8 +8767,8 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
if (keySz <= 0 || outKey == NULL) { if (keySz <= 0 || outKey == NULL) {
ForceZero(encryptedKey, encryptedKeySz); ForceZero(encryptedKey, encryptedKeySz);
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
return keySz; return keySz;
@@ -8776,8 +8778,8 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
ForceZero(encryptedKey, encryptedKeySz); ForceZero(encryptedKey, encryptedKeySz);
} }
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif