ecc.c: fix mp_init_multi() vs mp_clear() dynamics in wc_ecc_verify_hash_ex() and mp_sqrtmod_prime().

2025-07-29 18:27:29 +02:00 · 2020-12-07 13:41:21 -06:00
parent ec96e5ad74
commit bfff28ab28
1 changed files with 41 additions and 28 deletions
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@ -6571,8 +6571,9 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
   if (err == MP_OKAY) {
       if ((err = mp_init_multi(v, w, u1, u2, NULL, NULL)) != MP_OKAY) {
          err = MEMORY_E;
+       } else {
+           did_init = 1;
       }
-       did_init = 1;
   }

   /* allocate points */
@ -10801,7 +10802,17 @@ int mp_sqrtmod_prime(mp_int* n, mp_int* prime, mp_int* ret)
  mp_int *T = (mp_int *)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC_BUFFER);
  mp_int *R = (mp_int *)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC_BUFFER);
  mp_int *two = (mp_int *)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC_BUFFER);
+#else
+  mp_int t1[1], C[1], Q[1], S[1], Z[1], M[1], T[1], R[1], two[1];
+#endif

+  if ((mp_init_multi(t1, C, Q, S, Z, M) != MP_OKAY) ||
+      (mp_init_multi(T, R, two, NULL, NULL, NULL) != MP_OKAY)) {
+    res = MP_INIT_E;
+    goto out;
+  }
+
+#ifdef WOLFSSL_SMALL_STACK
  if ((t1 == NULL) ||
      (C == NULL) ||
      (Q == NULL) ||
@ -10814,8 +10825,6 @@ int mp_sqrtmod_prime(mp_int* n, mp_int* prime, mp_int* ret)
    res = MP_MEM;
    goto out;
  }
-#else
-  mp_int t1[1], C[1], Q[1], S[1], Z[1], M[1], T[1], R[1], two[1];
 #endif

  /* first handle the simple cases n = 0 or n = 1 */
@ -10844,13 +10853,6 @@ int mp_sqrtmod_prime(mp_int* n, mp_int* prime, mp_int* ret)
    goto out;
  }

-  if ((res = mp_init_multi(t1, C, Q, S, Z, M)) != MP_OKAY)
-    goto out;
-
-  if ((res = mp_init_multi(T, R, two, NULL, NULL, NULL))
-                          != MP_OKAY)
-    goto out;
-
  /* SPECIAL CASE: if prime mod 4 == 3
   * compute directly: res = n^(prime+1)/4 mod prime
   * Handbook of Applied Cryptography algorithm 3.36
@ -10985,51 +10987,62 @@ int mp_sqrtmod_prime(mp_int* n, mp_int* prime, mp_int* ret)

 #ifdef WOLFSSL_SMALL_STACK
  if (t1) {
-    mp_clear(t1);
+    if (res != MP_INIT_E)
+      mp_clear(t1);
    XFREE(t1, NULL, DYNAMIC_TYPE_ECC_BUFFER);
  }
  if (C) {
-    mp_clear(C);
+    if (res != MP_INIT_E)
+      mp_clear(C);
    XFREE(C, NULL, DYNAMIC_TYPE_ECC_BUFFER);
  }
  if (Q) {
-    mp_clear(Q);
+    if (res != MP_INIT_E)
+      mp_clear(Q);
    XFREE(Q, NULL, DYNAMIC_TYPE_ECC_BUFFER);
  }
  if (S) {
-    mp_clear(S);
+    if (res != MP_INIT_E)
+      mp_clear(S);
    XFREE(S, NULL, DYNAMIC_TYPE_ECC_BUFFER);
  }
  if (Z) {
-    mp_clear(Z);
+    if (res != MP_INIT_E)
+      mp_clear(Z);
    XFREE(Z, NULL, DYNAMIC_TYPE_ECC_BUFFER);
  }
  if (M) {
-    mp_clear(M);
+    if (res != MP_INIT_E)
+      mp_clear(M);
    XFREE(M, NULL, DYNAMIC_TYPE_ECC_BUFFER);
  }
  if (T) {
-    mp_clear(T);
+    if (res != MP_INIT_E)
+      mp_clear(T);
    XFREE(T, NULL, DYNAMIC_TYPE_ECC_BUFFER);
  }
  if (R) {
-    mp_clear(R);
+    if (res != MP_INIT_E)
+      mp_clear(R);
    XFREE(R, NULL, DYNAMIC_TYPE_ECC_BUFFER);
  }
  if (two) {
-    mp_clear(two);
+    if (res != MP_INIT_E)
+      mp_clear(two);
    XFREE(two, NULL, DYNAMIC_TYPE_ECC_BUFFER);
  }
 #else
-  mp_clear(t1);
-  mp_clear(C);
-  mp_clear(Q);
-  mp_clear(S);
-  mp_clear(Z);
-  mp_clear(M);
-  mp_clear(T);
-  mp_clear(R);
-  mp_clear(two);
+  if (res != MP_INIT_E) {
+    mp_clear(t1);
+    mp_clear(C);
+    mp_clear(Q);
+    mp_clear(S);
+    mp_clear(Z);
+    mp_clear(M);
+    mp_clear(T);
+    mp_clear(R);
+    mp_clear(two);
+  }
 #endif

  return res;