Skip to content

Commit 536e5ee

Browse files
FrauschiFrauschi
committed
Add missing ForceZero calls in PKCS#7
1 parent 14cfb62 commit 536e5ee

File tree

1 file changed

+26
-7
lines changed

1 file changed

+26
-7
lines changed

wolfcrypt/src/pkcs7.c

Lines changed: 26 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -211,6 +211,8 @@ static void wc_PKCS7_ResetStream(wc_PKCS7* pkcs7)
211211
XFREE(pkcs7->stream->tag, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
212212
XFREE(pkcs7->stream->nonce, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
213213
XFREE(pkcs7->stream->buffer, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
214+
if (pkcs7->stream->key != NULL)
215+
ForceZero(pkcs7->stream->key, MAX_ENCRYPTED_KEY_SZ);
214216
XFREE(pkcs7->stream->key, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
215217
pkcs7->stream->aad = NULL;
216218
pkcs7->stream->tag = NULL;
@@ -7759,6 +7761,7 @@ static int wc_PKCS7_KariGenerateKEK(WC_PKCS7_KARI* kari, WC_RNG* rng,
77597761
}
77607762

77617763
if (ret != 0) {
7764+
ForceZero(secret, secretSz);
77627765
XFREE(secret, kari->heap, DYNAMIC_TYPE_PKCS7);
77637766
return ret;
77647767
}
@@ -9752,6 +9755,7 @@ int wc_PKCS7_AddRecipient_PWRI(wc_PKCS7* pkcs7, byte* passwd, word32 pLen,
97529755
(word32)kekKeySz);
97539756
if (ret < 0) {
97549757
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
9758+
ForceZero(kek, (word32)kekKeySz);
97559759
XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
97569760
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
97579761
return ret;
@@ -9763,6 +9767,7 @@ int wc_PKCS7_AddRecipient_PWRI(wc_PKCS7* pkcs7, byte* passwd, word32 pLen,
97639767
tmpIv, (word32)kekBlockSz, encryptOID);
97649768
if (ret < 0) {
97659769
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
9770+
ForceZero(kek, (word32)kekKeySz);
97669771
XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
97679772
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
97689773
return ret;
@@ -9787,6 +9792,7 @@ int wc_PKCS7_AddRecipient_PWRI(wc_PKCS7* pkcs7, byte* passwd, word32 pLen,
97879792
ret = wc_SetContentType(PWRI_KEK_WRAP, keyEncAlgoId, sizeof(keyEncAlgoId));
97889793
if (ret <= 0) {
97899794
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
9795+
ForceZero(kek, (word32)kekKeySz);
97909796
XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
97919797
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
97929798
return ret;
@@ -9818,6 +9824,7 @@ int wc_PKCS7_AddRecipient_PWRI(wc_PKCS7* pkcs7, byte* passwd, word32 pLen,
98189824
ret = wc_SetContentType(kdfOID, kdfAlgoId, sizeof(kdfAlgoId));
98199825
if (ret <= 0) {
98209826
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
9827+
ForceZero(kek, (word32)kekKeySz);
98219828
XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
98229829
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
98239830
return ret;
@@ -9843,6 +9850,7 @@ int wc_PKCS7_AddRecipient_PWRI(wc_PKCS7* pkcs7, byte* passwd, word32 pLen,
98439850
if (totalSz > MAX_RECIP_SZ) {
98449851
WOLFSSL_MSG("CMS Recipient output buffer too small");
98459852
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
9853+
ForceZero(kek, (word32)kekKeySz);
98469854
XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
98479855
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
98489856
return BUFFER_E;
@@ -9880,7 +9888,7 @@ int wc_PKCS7_AddRecipient_PWRI(wc_PKCS7* pkcs7, byte* passwd, word32 pLen,
98809888
XMEMCPY(recip->recip + idx, encryptedKey, encryptedKeySz);
98819889
idx += encryptedKeySz;
98829890

9883-
ForceZero(kek, (word32)kekBlockSz);
9891+
ForceZero(kek, (word32)kekKeySz);
98849892
ForceZero(encryptedKey, encryptedKeySz);
98859893
XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
98869894
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -10601,7 +10609,9 @@ static int wc_PKCS7_DecryptKtri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
1060110609
word32 pkiMsgSz = inSz;
1060210610
byte tag;
1060310611

10604-
10612+
#ifndef WC_NO_RSA_OAEP
10613+
word32 outKeySz = 0;
10614+
#endif
1060510615
#ifndef NO_PKCS7_STREAM
1060610616
word32 tmpIdx = *idx;
1060710617
#endif
@@ -10910,8 +10920,8 @@ static int wc_PKCS7_DecryptKtri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
1091010920
#ifndef WC_NO_RSA_OAEP
1091110921
}
1091210922
else {
10913-
word32 outLen = (word32)wc_RsaEncryptSize(privKey);
10914-
outKey = (byte*)XMALLOC(outLen, pkcs7->heap,
10923+
outKeySz = (word32)wc_RsaEncryptSize(privKey);
10924+
outKey = (byte*)XMALLOC(outKeySz, pkcs7->heap,
1091510925
DYNAMIC_TYPE_TMP_BUFFER);
1091610926
if (!outKey) {
1091710927
WOLFSSL_MSG("Failed to allocate out key buffer");
@@ -10925,9 +10935,9 @@ static int wc_PKCS7_DecryptKtri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
1092510935
}
1092610936

1092710937
keySz = wc_RsaPrivateDecrypt_ex(encryptedKey,
10928-
(word32)encryptedKeySz, outKey, outLen, privKey,
10929-
WC_RSA_OAEP_PAD,
10930-
WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
10938+
(word32)encryptedKeySz, outKey, outKeySz,
10939+
privKey, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA,
10940+
WC_MGF1SHA1, NULL, 0);
1093110941
}
1093210942
#endif
1093310943
}
@@ -10950,6 +10960,7 @@ static int wc_PKCS7_DecryptKtri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
1095010960
#ifndef WC_NO_RSA_OAEP
1095110961
if (encOID == RSAESOAEPk) {
1095210962
if (outKey) {
10963+
ForceZero(outKey, outKeySz);
1095310964
XFREE(outKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
1095410965
}
1095510966
}
@@ -10966,6 +10977,7 @@ static int wc_PKCS7_DecryptKtri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
1096610977
#ifndef WC_NO_RSA_OAEP
1096710978
if (encOID == RSAESOAEPk) {
1096810979
if (outKey) {
10980+
ForceZero(outKey, outKeySz);
1096910981
XFREE(outKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
1097010982
}
1097110983
}
@@ -11780,6 +11792,7 @@ static int wc_PKCS7_DecryptPwri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
1178011792
iterations, kek, (word32)kekKeySz);
1178111793
if (ret < 0) {
1178211794
XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
11795+
ForceZero(kek, (word32)kekKeySz);
1178311796
XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
1178411797
XFREE(cek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
1178511798
return ASN_PARSE_E;
@@ -11792,7 +11805,9 @@ static int wc_PKCS7_DecryptPwri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
1179211805
pwriEncAlgoId);
1179311806
if (ret < 0) {
1179411807
XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
11808+
ForceZero(kek, (word32)kekKeySz);
1179511809
XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
11810+
ForceZero(cek, cekSz);
1179611811
XFREE(cek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
1179711812
return ret;
1179811813
}
@@ -11801,7 +11816,9 @@ static int wc_PKCS7_DecryptPwri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
1180111816
if (*decryptedKeySz < cekSz) {
1180211817
WOLFSSL_MSG("Decrypted key buffer too small for CEK");
1180311818
XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
11819+
ForceZero(kek, (word32)kekKeySz);
1180411820
XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
11821+
ForceZero(cek, cekSz);
1180511822
XFREE(cek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
1180611823
return BUFFER_E;
1180711824
}
@@ -11810,7 +11827,9 @@ static int wc_PKCS7_DecryptPwri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
1181011827
*decryptedKeySz = cekSz;
1181111828

1181211829
XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
11830+
ForceZero(kek, (word32)kekKeySz);
1181311831
XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
11832+
ForceZero(cek, cekSz);
1181411833
XFREE(cek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
1181511834

1181611835
/* mark recipFound, since we only support one RecipientInfo for now */

0 commit comments

Comments
 (0)