Skip to content

Commit 8c0656b

Browse files
aidangarskeaidangarske
committed
F-2390 - https://fenrir.wolfssl.com/finding/2390 - Clean HMAC/CMAC/Digest crypto state on session close
1 parent fb19b79 commit 8c0656b

1 file changed

Lines changed: 17 additions & 0 deletions

File tree

src/internal.c

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -954,6 +954,23 @@ static void wp11_Session_Final(WP11_Session* session)
954954
}
955955
#endif
956956
#endif
957+
if ((session->init & ~WP11_INIT_DIGEST_MASK) == WP11_INIT_HMAC_SIGN ||
958+
(session->init & ~WP11_INIT_DIGEST_MASK) == WP11_INIT_HMAC_VERIFY) {
959+
wc_HmacFree(&session->params.hmac.hmac);
960+
session->init = 0;
961+
}
962+
#ifdef WOLFSSL_CMAC
963+
if ((session->init & ~WP11_INIT_DIGEST_MASK) == WP11_INIT_AES_CMAC_SIGN ||
964+
(session->init & ~WP11_INIT_DIGEST_MASK) == WP11_INIT_AES_CMAC_VERIFY) {
965+
(void)wc_CmacFree(&session->params.cmac.cmac);
966+
session->init = 0;
967+
}
968+
#endif
969+
if ((session->init & ~WP11_INIT_DIGEST_MASK) == WP11_INIT_DIGEST) {
970+
wc_HashFree(&session->params.digest.hash,
971+
session->params.digest.hashType);
972+
session->init = 0;
973+
}
957974
}
958975

959976
#ifndef WOLFPKCS11_NO_STORE

0 commit comments

Comments
 (0)