Skip to content

Commit 4e4eec1

Browse files
JeremiahM37JeremiahM37
committed
srp: harden secret intermediates
1 parent 6a3eb6f commit 4e4eec1

1 file changed

Lines changed: 10 additions & 4 deletions

File tree

wolfcrypt/src/srp.c

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -498,7 +498,7 @@ int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size)
498498
if (!r) r = mp_to_unsigned_bin(v, verifier);
499499
if (!r) *size = (word32)mp_unsigned_bin_size(v);
500500

501-
mp_clear(v);
501+
mp_forcezero(v);
502502
WC_FREE_VAR_EX(v, srp->heap, DYNAMIC_TYPE_TMP_BUFFER);
503503

504504
return r;
@@ -535,7 +535,7 @@ int wc_SrpSetPrivate(Srp* srp, const byte* priv, word32 size)
535535
if (!r) r = mp_mod(p, &srp->N, &srp->priv);
536536
if (!r) r = mp_iszero(&srp->priv) == MP_YES ? SRP_BAD_KEY_E : 0;
537537

538-
mp_clear(p);
538+
mp_forcezero(p);
539539
WC_FREE_VAR_EX(p, srp->heap, DYNAMIC_TYPE_TMP_BUFFER);
540540

541541
return r;
@@ -624,11 +624,11 @@ int wc_SrpGetPublic(Srp* srp, byte* pub, word32* size)
624624
XFREE(i, srp->heap, DYNAMIC_TYPE_TMP_BUFFER);
625625
}
626626
if (j != NULL) {
627-
mp_clear(j);
627+
mp_forcezero(j);
628628
XFREE(j, srp->heap, DYNAMIC_TYPE_TMP_BUFFER);
629629
}
630630
#else
631-
mp_clear(i); mp_clear(j);
631+
mp_clear(i); mp_forcezero(j);
632632
#endif
633633
}
634634
}
@@ -720,6 +720,7 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
720720
int digestSz;
721721
byte pad = 0;
722722
int r;
723+
int hashInited = 0;
723724

724725
/* validating params */
725726

@@ -761,6 +762,7 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
761762

762763
if ((r = SrpHashInit(hash, srp->type, srp->heap)) != 0)
763764
goto out;
765+
hashInited = 1;
764766

765767
digestSz = SrpHashSize(srp->type);
766768
if (digestSz < 0) {
@@ -805,6 +807,7 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
805807
if ((r = mp_read_unsigned_bin(u, digest, (word32)digestSz)))
806808
goto out;
807809
SrpHashFree(hash);
810+
hashInited = 0;
808811

809812
/* building s (secret) */
810813

@@ -909,6 +912,9 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
909912
XFREE(secret, srp->heap, DYNAMIC_TYPE_SRP);
910913
}
911914

915+
if (hashInited)
916+
SrpHashFree(hash);
917+
912918
#ifdef WOLFSSL_SMALL_STACK
913919
XFREE(hash, srp->heap, DYNAMIC_TYPE_SRP);
914920
XFREE(digest, srp->heap, DYNAMIC_TYPE_SRP);

0 commit comments

Comments
 (0)