Skip to content

Commit e2d82ed

Browse files
FrauschiFrauschi
committed
Add missing ForceZero calls in PKCS#7
1 parent f55ebd5 commit e2d82ed

File tree

1 file changed

+24
-6
lines changed

1 file changed

+24
-6
lines changed

wolfcrypt/src/pkcs7.c

Lines changed: 24 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -211,6 +211,8 @@ static void wc_PKCS7_ResetStream(wc_PKCS7* pkcs7)
211211
XFREE(pkcs7->stream->tag, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
212212
XFREE(pkcs7->stream->nonce, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
213213
XFREE(pkcs7->stream->buffer, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
214+
if (pkcs7->stream->key != NULL)
215+
ForceZero(pkcs7->stream->key, MAX_ENCRYPTED_KEY_SZ);
214216
XFREE(pkcs7->stream->key, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
215217
pkcs7->stream->aad = NULL;
216218
pkcs7->stream->tag = NULL;
@@ -7759,6 +7761,7 @@ static int wc_PKCS7_KariGenerateKEK(WC_PKCS7_KARI* kari, WC_RNG* rng,
77597761
}
77607762

77617763
if (ret != 0) {
7764+
ForceZero(secret, secretSz);
77627765
XFREE(secret, kari->heap, DYNAMIC_TYPE_PKCS7);
77637766
return ret;
77647767
}
@@ -9752,6 +9755,7 @@ int wc_PKCS7_AddRecipient_PWRI(wc_PKCS7* pkcs7, byte* passwd, word32 pLen,
97529755
(word32)kekKeySz);
97539756
if (ret < 0) {
97549757
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
9758+
ForceZero(kek, (word32)kekKeySz);
97559759
XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
97569760
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
97579761
return ret;
@@ -9763,6 +9767,7 @@ int wc_PKCS7_AddRecipient_PWRI(wc_PKCS7* pkcs7, byte* passwd, word32 pLen,
97639767
tmpIv, (word32)kekBlockSz, encryptOID);
97649768
if (ret < 0) {
97659769
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
9770+
ForceZero(kek, (word32)kekKeySz);
97669771
XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
97679772
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
97689773
return ret;
@@ -9787,6 +9792,7 @@ int wc_PKCS7_AddRecipient_PWRI(wc_PKCS7* pkcs7, byte* passwd, word32 pLen,
97879792
ret = wc_SetContentType(PWRI_KEK_WRAP, keyEncAlgoId, sizeof(keyEncAlgoId));
97889793
if (ret <= 0) {
97899794
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
9795+
ForceZero(kek, (word32)kekKeySz);
97909796
XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
97919797
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
97929798
return ret;
@@ -9818,6 +9824,7 @@ int wc_PKCS7_AddRecipient_PWRI(wc_PKCS7* pkcs7, byte* passwd, word32 pLen,
98189824
ret = wc_SetContentType(kdfOID, kdfAlgoId, sizeof(kdfAlgoId));
98199825
if (ret <= 0) {
98209826
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
9827+
ForceZero(kek, (word32)kekKeySz);
98219828
XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
98229829
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
98239830
return ret;
@@ -9843,6 +9850,7 @@ int wc_PKCS7_AddRecipient_PWRI(wc_PKCS7* pkcs7, byte* passwd, word32 pLen,
98439850
if (totalSz > MAX_RECIP_SZ) {
98449851
WOLFSSL_MSG("CMS Recipient output buffer too small");
98459852
XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
9853+
ForceZero(kek, (word32)kekKeySz);
98469854
XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
98479855
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
98489856
return BUFFER_E;
@@ -9880,7 +9888,7 @@ int wc_PKCS7_AddRecipient_PWRI(wc_PKCS7* pkcs7, byte* passwd, word32 pLen,
98809888
XMEMCPY(recip->recip + idx, encryptedKey, encryptedKeySz);
98819889
idx += encryptedKeySz;
98829890

9883-
ForceZero(kek, (word32)kekBlockSz);
9891+
ForceZero(kek, (word32)kekKeySz);
98849892
ForceZero(encryptedKey, encryptedKeySz);
98859893
XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
98869894
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -10597,6 +10605,7 @@ static int wc_PKCS7_DecryptKtri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
1059710605
word32 keyIdx;
1059810606
byte issuerHash[KEYID_SIZE];
1059910607
byte* outKey = NULL;
10608+
word32 outKeySz = 0;
1060010609
byte* pkiMsg = in;
1060110610
word32 pkiMsgSz = inSz;
1060210611
byte tag;
@@ -10910,8 +10919,8 @@ static int wc_PKCS7_DecryptKtri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
1091010919
#ifndef WC_NO_RSA_OAEP
1091110920
}
1091210921
else {
10913-
word32 outLen = (word32)wc_RsaEncryptSize(privKey);
10914-
outKey = (byte*)XMALLOC(outLen, pkcs7->heap,
10922+
outKeySz = (word32)wc_RsaEncryptSize(privKey);
10923+
outKey = (byte*)XMALLOC(outKeySz, pkcs7->heap,
1091510924
DYNAMIC_TYPE_TMP_BUFFER);
1091610925
if (!outKey) {
1091710926
WOLFSSL_MSG("Failed to allocate out key buffer");
@@ -10925,9 +10934,9 @@ static int wc_PKCS7_DecryptKtri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
1092510934
}
1092610935

1092710936
keySz = wc_RsaPrivateDecrypt_ex(encryptedKey,
10928-
(word32)encryptedKeySz, outKey, outLen, privKey,
10929-
WC_RSA_OAEP_PAD,
10930-
WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
10937+
(word32)encryptedKeySz, outKey, outKeySz,
10938+
privKey, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA,
10939+
WC_MGF1SHA1, NULL, 0);
1093110940
}
1093210941
#endif
1093310942
}
@@ -10950,6 +10959,7 @@ static int wc_PKCS7_DecryptKtri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
1095010959
#ifndef WC_NO_RSA_OAEP
1095110960
if (encOID == RSAESOAEPk) {
1095210961
if (outKey) {
10962+
ForceZero(outKey, outKeySz);
1095310963
XFREE(outKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
1095410964
}
1095510965
}
@@ -10966,6 +10976,7 @@ static int wc_PKCS7_DecryptKtri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
1096610976
#ifndef WC_NO_RSA_OAEP
1096710977
if (encOID == RSAESOAEPk) {
1096810978
if (outKey) {
10979+
ForceZero(outKey, outKeySz);
1096910980
XFREE(outKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
1097010981
}
1097110982
}
@@ -11780,6 +11791,7 @@ static int wc_PKCS7_DecryptPwri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
1178011791
iterations, kek, (word32)kekKeySz);
1178111792
if (ret < 0) {
1178211793
XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
11794+
ForceZero(kek, (word32)kekKeySz);
1178311795
XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
1178411796
XFREE(cek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
1178511797
return ASN_PARSE_E;
@@ -11792,7 +11804,9 @@ static int wc_PKCS7_DecryptPwri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
1179211804
pwriEncAlgoId);
1179311805
if (ret < 0) {
1179411806
XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
11807+
ForceZero(kek, (word32)kekKeySz);
1179511808
XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
11809+
ForceZero(cek, cekSz);
1179611810
XFREE(cek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
1179711811
return ret;
1179811812
}
@@ -11801,7 +11815,9 @@ static int wc_PKCS7_DecryptPwri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
1180111815
if (*decryptedKeySz < cekSz) {
1180211816
WOLFSSL_MSG("Decrypted key buffer too small for CEK");
1180311817
XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
11818+
ForceZero(kek, (word32)kekKeySz);
1180411819
XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
11820+
ForceZero(cek, cekSz);
1180511821
XFREE(cek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
1180611822
return BUFFER_E;
1180711823
}
@@ -11810,7 +11826,9 @@ static int wc_PKCS7_DecryptPwri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
1181011826
*decryptedKeySz = cekSz;
1181111827

1181211828
XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
11829+
ForceZero(kek, (word32)kekKeySz);
1181311830
XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
11831+
ForceZero(cek, cekSz);
1181411832
XFREE(cek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
1181511833

1181611834
/* mark recipFound, since we only support one RecipientInfo for now */

0 commit comments

Comments
 (0)