diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c b/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c index 551edeb07c..9bd11deccb 100644 --- a/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c +++ b/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c @@ -156,9 +156,10 @@ static int _PrivateOperation(const byte* in, word32 inlen, byte* out, byte* u = NULL; byte* n = NULL; word32 dSz, pSz, qSz, dpSz = 0, dqSz = 0, uSz = 0, nSz; + word32 dAllocSz; dev = &key->ctx; - dSz = nSz = wc_RsaEncryptSize(key); + dAllocSz = dSz = nSz = wc_RsaEncryptSize(key); pSz = qSz = nSz / 2; if (outlen < dSz) { WOLFSSL_MSG("Output buffer is too small"); @@ -196,7 +197,7 @@ static int _PrivateOperation(const byte* in, word32 inlen, byte* out, if (!key->blackKey) { /* @TODO unexpected results with black key CRT form */ if (ret == 0 && dpSz > 0) { dSz = 0; nSz = 0; - dq = (byte*)XMALLOC(dpSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + dq = (byte*)XMALLOC(dqSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); dp = (byte*)XMALLOC(dpSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); u = (byte*)XMALLOC(uSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (dq == NULL || dp == NULL || u == NULL) { @@ -237,12 +238,12 @@ static int _PrivateOperation(const byte* in, word32 inlen, byte* out, } } - if (d) { ForceZero(d, dSz); XFREE(d, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (p) { ForceZero(p, pSz); XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (q) { ForceZero(q, qSz); XFREE(q, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (dp) { ForceZero(dp, dpSz); XFREE(dp, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (dq) { ForceZero(dq, dqSz); XFREE(dq, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (u) { ForceZero(u, uSz); XFREE(u, NULL, DYNAMIC_TYPE_TMP_BUFFER); } + if (d) { ForceZero(d, dAllocSz); XFREE(d, NULL, DYNAMIC_TYPE_TMP_BUFFER); } + if (p) { ForceZero(p, pSz); XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER); } + if (q) { ForceZero(q, qSz); XFREE(q, NULL, DYNAMIC_TYPE_TMP_BUFFER); } + if (dp) { ForceZero(dp, dpSz); XFREE(dp, NULL, DYNAMIC_TYPE_TMP_BUFFER); } + if (dq) { ForceZero(dq, dqSz); XFREE(dq, NULL, DYNAMIC_TYPE_TMP_BUFFER); } + if (u) { ForceZero(u, uSz); XFREE(u, NULL, DYNAMIC_TYPE_TMP_BUFFER); } XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER); wc_DevCryptoFree(dev); diff --git a/wolfcrypt/src/port/kcapi/kcapi_rsa.c b/wolfcrypt/src/port/kcapi/kcapi_rsa.c index 84eb3902f3..5ae228fded 100644 --- a/wolfcrypt/src/port/kcapi/kcapi_rsa.c +++ b/wolfcrypt/src/port/kcapi/kcapi_rsa.c @@ -44,12 +44,14 @@ static int KcapiRsa_SetPrivKey(RsaKey* key) int ret = 0; unsigned char* priv = NULL; int len; + int allocSz = 0; len = wc_RsaKeyToDer(key, NULL, 0); if (len < 0) { ret = len; } if (ret == 0) { + allocSz = len; priv = (unsigned char*)XMALLOC(len, key->heap, DYNAMIC_TYPE_TMP_BUFFER); if (priv == NULL) { ret = MEMORY_E; @@ -70,7 +72,7 @@ static int KcapiRsa_SetPrivKey(RsaKey* key) } if (priv != NULL) { - ForceZero(priv, len); + ForceZero(priv, allocSz); XFREE(priv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } return ret; diff --git a/wolfcrypt/src/port/nxp/se050_port.c b/wolfcrypt/src/port/nxp/se050_port.c index f20385c9fd..e476874b4e 100644 --- a/wolfcrypt/src/port/nxp/se050_port.c +++ b/wolfcrypt/src/port/nxp/se050_port.c @@ -1982,6 +1982,7 @@ static int se050_ecc_insert_key(word32 keyId, const byte* eccDer, /* Avoid key ID conflicts with temporary key storage */ if (keyId >= SE050_KEYID_START) { + wolfSSL_CryptHwMutexUnLock(); return BAD_FUNC_ARG; } @@ -2013,7 +2014,9 @@ static int se050_ecc_insert_key(word32 keyId, const byte* eccDer, status = kStatus_SSS_Fail; } } - status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); + if (status == kStatus_SSS_Success) { + status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); + } if (status == kStatus_SSS_Success) { status = sss_key_object_init(&newKey, &host_keystore); }