diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 4e5bbc922..82db202bd 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -3818,7 +3818,7 @@ int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx, word32 inSz, const byte** n, word32* nSz, const byte** e, word32* eSz) { int ret = 0; - int length; + int length = 0; #if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA) byte b; #endif @@ -12369,10 +12369,11 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file) WOLFSSL_MSG("wc_SetSubjectKeyId memory Problem"); return MEMORY_E; } + derSz = MAX_PUBLIC_KEY_SZ; - derSz = wc_PemPubKeyToDer(file, der, MAX_PUBLIC_KEY_SZ); - if (derSz <= 0) - { + XMEMSET(der, 0, derSz); + derSz = wc_PemPubKeyToDer(file, der, derSz); + if (derSz <= 0) { XFREE(der, cert->heap, DYNAMIC_TYPE_CERT); return derSz; } diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c index b215ecd61..ee3326c12 100644 --- a/wolfcrypt/src/pkcs12.c +++ b/wolfcrypt/src/pkcs12.c @@ -416,7 +416,7 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx, ERROR_OUT(ASN_PARSE_E, exit_gsd); } - if ((ret = GetLength(mem, &curIdx, &size, totalSz)) <= 0) { + if ((ret = GetLength(mem, &curIdx, &size, totalSz)) < 0) { goto exit_gsd; } mac->saltSz = size; @@ -1050,7 +1050,7 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, /* put the new node into the list */ if (certList != NULL) { WOLFSSL_MSG("Pushing new cert onto queue"); - tailList->next = node; + certList->next = node; tailList = node; } else { @@ -1108,6 +1108,7 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, /* free list, not wanted */ wc_FreeCertList(certList, pkcs12->heap); } + (void)tailList; /* not used */ ret = 0; /* success */ diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 3e36080be..72b6c7ed1 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -5464,6 +5464,14 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, issuerSKIDSeqSz = SetExplicit(0, issuerSKIDSz + KEYID_SIZE, issuerSKIDSeq); } else { + FreeDecodedCert(decoded); +#ifdef WOLFSSL_SMALL_STACK + XFREE(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return PKCS7_RECIP_E; } @@ -6731,7 +6739,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek, word32 recipSeqSz = 0, verSz = 0; word32 kekIdSeqSz = 0, kekIdOctetStrSz = 0; word32 otherAttSeqSz = 0, encAlgoIdSz = 0, encKeyOctetStrSz = 0; - word32 encryptedKeySz; + int encryptedKeySz; int timeSz = 0; #ifndef NO_ASN_TIME @@ -6783,15 +6791,19 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek, encryptedKeySz = wc_PKCS7_KeyWrap(pkcs7->cek, pkcs7->cekSz, kek, kekSz, encryptedKey, encryptedKeySz, keyWrapOID, direction); - if (encryptedKeySz <= 0) { + if (encryptedKeySz < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return encryptedKeySz; } - - if (encryptedKeySz > MAX_ENCRYPTED_KEY_SZ) { + /* handle a zero size encKey case as WC_KEY_SIZE_E */ + if (encryptedKeySz == 0 || encryptedKeySz > MAX_ENCRYPTED_KEY_SZ) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + #endif + XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return WC_KEY_SIZE_E; }