Merge pull request #9895 from embhorn/f283-287

Hardening in GeneratePrivateDh186 and wc_DhImportKeyPair
This commit is contained in:
Daniel Pouzzner
2026-03-06 22:36:14 -06:00
committed by GitHub
+3 -2
View File
@@ -1157,8 +1157,9 @@ static int GeneratePrivateDh186(DhKey* key, WC_RNG* rng, byte* priv,
if (err == MP_OKAY)
err = mp_read_unsigned_bin(tmpX, cBuf, cSz);
if (err != MP_OKAY) {
mp_clear(tmpX);
mp_forcezero(tmpX);
mp_clear(tmpQ);
ForceZero(cBuf, cSz);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH);
@@ -2403,7 +2404,7 @@ int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,
}
if (havePriv) {
if (mp_read_unsigned_bin(&key->priv, priv, privSz) != MP_OKAY) {
mp_clear(&key->priv);
mp_forcezero(&key->priv);
havePriv = 0;
} else {
WOLFSSL_MSG("DH Private Key Set");