Skip to content

Commit bd4b29d

Browse files
authored
Merge pull request #172 from LinuxJedi/f-fixes4
Fix resource leaks and secure buffer erasing
2 parents b7627b2 + fa984f9 commit bd4b29d

File tree

2 files changed

+11
-10
lines changed

2 files changed

+11
-10
lines changed

src/crypto.c

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2372,7 +2372,7 @@ CK_RV C_Encrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
23722372

23732373
ret = WP11_AesKeyWrap_Encrypt(paddedData, (word32)ulDataLen + padding,
23742374
pEncryptedData, &encDataLen, session);
2375-
XMEMSET(paddedData, 0, ulDataLen + padding);
2375+
wc_ForceZero(paddedData, ulDataLen + padding);
23762376
XFREE(paddedData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
23772377
if (ret != 0)
23782378
return CKR_FUNCTION_FAILED;
@@ -7301,7 +7301,7 @@ CK_RV C_WrapKey(CK_SESSION_HANDLE hSession,
73017301
err_out:
73027302

73037303
if (serialBuff != NULL) {
7304-
XMEMSET(serialBuff, 0, serialSize);
7304+
wc_ForceZero(serialBuff, serialSize);
73057305
XFREE(serialBuff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
73067306
}
73077307

@@ -7532,7 +7532,7 @@ CK_RV C_UnwrapKey(CK_SESSION_HANDLE hSession,
75327532
err_out:
75337533

75347534
if (workBuffer != NULL) {
7535-
XMEMSET(workBuffer, 0, ulWrappedKeyLen);
7535+
wc_ForceZero(workBuffer, ulWrappedKeyLen);
75367536
XFREE(workBuffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
75377537
}
75387538

@@ -7968,7 +7968,7 @@ CK_RV C_DeriveKey(CK_SESSION_HANDLE hSession,
79687968

79697969
/* Freeing here so that we don't attempt to generate a key at the
79707970
* end of the function */
7971-
XMEMSET(derivedKey, 0, keyLen);
7971+
wc_ForceZero(derivedKey, keyLen);
79727972
XFREE(derivedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
79737973
derivedKey = NULL;
79747974

@@ -8086,7 +8086,7 @@ CK_RV C_DeriveKey(CK_SESSION_HANDLE hSession,
80868086
}
80878087

80888088
if (derivedKey != NULL) {
8089-
XMEMSET(derivedKey, 0, keyLen);
8089+
wc_ForceZero(derivedKey, keyLen);
80908090
XFREE(derivedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
80918091
}
80928092
#endif

src/internal.c

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3964,9 +3964,6 @@ static int wp11_Object_Decode_EccKey(WP11_Object* object)
39643964
sizeof(object->slot->token.key), object->iv,
39653965
sizeof(object->iv), object->devId);
39663966
}
3967-
if (ret == 0) {
3968-
ret = wc_ecc_init_ex(key, NULL, object->devId);
3969-
}
39703967
if (ret == 0) {
39713968
/* Decode ECC private key. */
39723969
ret = wc_EccPrivateKeyDecode(der, &idx, key, len);
@@ -4219,7 +4216,7 @@ static int wp11_Object_Decode_MldsaKey(WP11_Object* object)
42194216
ret = MldsaKeyTryDecode(object->data.mldsaKey, WC_ML_DSA_87,
42204217
der, len, object->objClass);
42214218
}
4222-
XMEMSET(der, 0, len);
4219+
wc_ForceZero(der, len);
42234220
}
42244221
if (der != NULL)
42254222
XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -6424,7 +6421,7 @@ void WP11_Slot_CloseSessions(WP11_Slot* slot)
64246421
WP11_Lock_LockRW(&slot->lock);
64256422
/* Finalize the rest. */
64266423
for (curr = slot->session; curr != NULL; curr = curr->next)
6427-
wp11_Session_Final(slot->session);
6424+
wp11_Session_Final(curr);
64286425
WP11_Lock_UnlockRW(&slot->lock);
64296426
}
64306427

@@ -10663,6 +10660,9 @@ static int WP11_Object_WrapTpmKey(WP11_Object* object)
1066310660
(word32)exponent, q, qSz, TPM_ALG_NULL, TPM_ALG_NULL);
1066410661
}
1066510662
(void)p;
10663+
wc_ForceZero(d, sizeof(d));
10664+
wc_ForceZero(p, sizeof(p));
10665+
wc_ForceZero(q, sizeof(q));
1066610666
#endif
1066710667
if (ret == 0) {
1066810668
/* set flag indicating this is TPM based key */
@@ -10745,6 +10745,7 @@ static int WP11_Object_WrapTpmKey(WP11_Object* object)
1074510745
&object->slot->tpmSrk, object->tpmKey, curve_id,
1074610746
qx, qxSz, qy, qySz, d, dSz);
1074710747
}
10748+
wc_ForceZero(d, sizeof(d));
1074810749
#endif
1074910750
if (ret == 0) {
1075010751
/* set flag indicating this is TPM based key */

0 commit comments

Comments
 (0)