wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7178 from anhu/OQS_MEM_LEAKS

Browse Source 
Fixes that prevent memory leaks when using OQS.
This commit is contained in:
Daniel Pouzzner
2024-02-05 13:26:43 -05:00
committed by GitHub
parent 851f059023 fe87f16114
commit 5c421d0207
5 changed files with 35 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/tls.c
View File

@ -7658,6 +7658,13 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
word32 privSz = 0; word32 privSz = 0;
word32 pubSz = 0; word32 pubSz = 0;
/* This gets called twice. Once during parsing of the key share and once
* during the population of the extension. No need to do work the second
* time. Just return success if its already been done. */
if (kse->pubKey != NULL) {
return ret;
}
findEccPqc(&ecc_group, &oqs_group, kse->group); findEccPqc(&ecc_group, &oqs_group, kse->group);
ret = kyber_id2type(oqs_group, &type); ret = kyber_id2type(oqs_group, &type);
if (ret == NOT_COMPILED_IN) { if (ret == NOT_COMPILED_IN) {
@ -7735,10 +7742,11 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
/* Note we are saving the OQS private key and ECC private key /* Note we are saving the OQS private key and ECC private key
* separately. That's because the ECC private key is not simply a * separately. That's because the ECC private key is not simply a
* buffer. Its is an ecc_key struct. * buffer. Its is an ecc_key struct. Typically do not need the private
*/ * key size, but will need to zero it out upon freeing. */
kse->privKey = privKey; kse->privKey = privKey;
privKey = NULL; privKey = NULL;
kse->privKeyLen = privSz;
kse->key = ecc_kse->key; kse->key = ecc_kse->key;
ecc_kse->key = NULL; ecc_kse->key = NULL;
@ -7814,9 +7822,19 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap)
#endif #endif
} }
#ifdef HAVE_PQC #ifdef HAVE_PQC
else if (WOLFSSL_NAMED_GROUP_IS_PQC(current->group) && else if (WOLFSSL_NAMED_GROUP_IS_PQC(current->group)) {
current->key != NULL) { if (current->key != NULL) {
ForceZero((byte*)current->key, current->keyLen); ForceZero((byte*)current->key, current->keyLen);
}
if (current->pubKey != NULL) {
XFREE(current->pubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
current->pubKey = NULL;
}
if (current->privKey != NULL) {
ForceZero(current->privKey, current->privKeyLen);
XFREE(current->privKey, heap, DYNAMIC_TYPE_PRIVATE_KEY);
current->privKey = NULL;
}
} }
#endif #endif
else { else {

5
wolfcrypt/src/port/liboqs/liboqs.c
View File

@ -99,6 +99,11 @@ int wolfSSL_liboqsInit(void)
return ret; return ret;
} }
void wolfSSL_liboqsClose(void)
{
wc_FreeRng(&liboqsDefaultRNG);
}
int wolfSSL_liboqsRngMutexLock(WC_RNG* rng) int wolfSSL_liboqsRngMutexLock(WC_RNG* rng)
{ {
int ret = wolfSSL_liboqsInit(); int ret = wolfSSL_liboqsInit();

4
wolfcrypt/src/wc_port.c
View File

@ -493,6 +493,10 @@ int wolfCrypt_Cleanup(void)
#endif #endif
} }
#if defined(HAVE_LIBOQS)
wolfSSL_liboqsClose();
#endif
return ret; return ret;
} }

1
wolfssl/internal.h
View File

@ -3365,6 +3365,7 @@ typedef struct KeyShareEntry {
word32 pubKeyLen; /* Public key length */ word32 pubKeyLen; /* Public key length */
#if !defined(NO_DH) || defined(HAVE_PQC) #if !defined(NO_DH) || defined(HAVE_PQC)
byte* privKey; /* Private key - DH and PQ KEMs only */ byte* privKey; /* Private key - DH and PQ KEMs only */
word32 privKeyLen;/* Only for PQ KEMs. */
#endif #endif
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
int lastRet; int lastRet;

2
wolfssl/wolfcrypt/port/liboqs/liboqs.h
View File

@ -47,6 +47,8 @@ implementations for Post-Quantum cryptography algorithms.
int wolfSSL_liboqsInit(void); int wolfSSL_liboqsInit(void);
void wolfSSL_liboqsClose(void);
int wolfSSL_liboqsRngMutexLock(WC_RNG* rng); int wolfSSL_liboqsRngMutexLock(WC_RNG* rng);
int wolfSSL_liboqsRngMutexUnlock(void); int wolfSSL_liboqsRngMutexUnlock(void);