Merge pull request #367 from padelsbach/wp-finding-166-167

ColtonWilley · web-flow · commit 5fd1f57595a0 · 2026-03-06T11:19:30.000-08:00
Erase password buffers when exiting routines
diff --git a/src/wp_dec_epki2pki.c b/src/wp_dec_epki2pki.c
@@ -263,6 +263,8 @@ static int wp_epki2pki_decode(wp_Epki2Pki* ctx, OSSL_CORE_BIO* coreBio,
     /* Dispose of the EPKI data buffer. */
     OPENSSL_free(data);
 
+    OPENSSL_cleanse(password, sizeof(password));
+
     WOLFPROV_LEAVE(WP_LOG_COMP_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
     return ok;
 }
diff --git a/src/wp_dh_exch.c b/src/wp_dh_exch.c
@@ -512,8 +512,10 @@ static int wp_dh_set_param_kdf_digest(wp_DhCtx* ctx, const OSSL_PARAM params[])
     }
     if (ok && (mdName != NULL)) {
         const char* mdProps = NULL;
+        size_t mdNameLen = OPENSSL_strnlen(mdName, sizeof(ctx->kdfMdName) - 1);
 
-        XMEMCPY(ctx->kdfMdName, mdName, XSTRLEN(mdName) + 1);
+        XMEMCPY(ctx->kdfMdName, mdName, mdNameLen);
+        ctx->kdfMdName[mdNameLen] = '\0';
         if (!wp_params_get_utf8_string_ptr(params,
                     OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS, &mdProps)) {
             ok = 0;
diff --git a/src/wp_ecdh_exch.c b/src/wp_ecdh_exch.c
@@ -315,7 +315,8 @@ static int wp_ecdh_derive(wp_EcdhCtx* ctx, unsigned char* secret,
     int done = 0;
     unsigned char* out;
     size_t outLen;
-    unsigned char tmp[72];
+    unsigned char* tmp = NULL;
+    size_t maxLen = (size_t)wp_ecc_get_size(ctx->key);
 
     WOLFPROV_ENTER(WP_LOG_COMP_ECDH, "wp_ecdh_derive");
 
@@ -326,10 +327,10 @@ static int wp_ecdh_derive(wp_EcdhCtx* ctx, unsigned char* secret,
     /* No output buffer, return maximum size only. */
     if (ok && (secret == NULL)) {
         if (ctx->kdfType == WP_KDF_NONE) {
-            *secLen = wp_ecc_get_size(ctx->key);
+            *secLen = maxLen;
         }
         else {
-            *secLen = ctx->keyLen;;
+            *secLen = ctx->keyLen;
         }
         done = 1;
     }
@@ -342,8 +343,15 @@ static int wp_ecdh_derive(wp_EcdhCtx* ctx, unsigned char* secret,
         }
         else if (ctx->kdfType == WP_KDF_X963) {
             /* Output of ECDH key exchange goes into temporary buffer. */
-            out = tmp;
-            outLen = sizeof(tmp);
+            tmp = OPENSSL_malloc(maxLen);
+            if (tmp == NULL) {
+                ok = 0;
+                outLen = 0;
+            }
+            else {
+                out = tmp;
+                outLen = maxLen;
+            }
         }
         else {
             ok = 0;
@@ -365,6 +373,8 @@ static int wp_ecdh_derive(wp_EcdhCtx* ctx, unsigned char* secret,
         }
     }
 
+    OPENSSL_clear_free(tmp, maxLen);
+
     WOLFPROV_LEAVE(WP_LOG_COMP_ECDH, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
     return ok;
 }
@@ -460,8 +470,10 @@ static int wp_ecdh_set_param_kdf_digest(wp_EcdhCtx* ctx,
     }
     if (ok && (mdName != NULL)) {
         const char* mdProps = NULL;
+        size_t mdNameLen = OPENSSL_strnlen(mdName, sizeof(ctx->kdfMdName) - 1);
 
-        XMEMCPY(ctx->kdfMdName, mdName, XSTRLEN(mdName) + 1);
+        XMEMCPY(ctx->kdfMdName, mdName, mdNameLen);
+        ctx->kdfMdName[mdNameLen] = '\0';
         if (!wp_params_get_utf8_string_ptr(params,
                     OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS, &mdProps)) {
             ok = 0;
diff --git a/src/wp_internal.c b/src/wp_internal.c
@@ -997,6 +997,8 @@ int wp_encrypt_key(WOLFPROV_CTX* provCtx, const char* cipherName,
         *keyLen = len;
     }
 
+    OPENSSL_cleanse(password, sizeof(password));
+
     WOLFPROV_LEAVE(WP_LOG_COMP_PROVIDER, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
     return ok;
 #else
diff --git a/src/wp_rsa_kmgmt.c b/src/wp_rsa_kmgmt.c
@@ -2472,6 +2472,8 @@ static int wp_rsa_decode_enc_pki(wp_Rsa* rsa, unsigned char* data, word32 len,
         ok = wp_rsa_decode_pki(rsa, data, len);
     }
 
+    OPENSSL_cleanse(password, sizeof(password));
+
     WOLFPROV_LEAVE_SILENT(WP_LOG_COMP_RSA, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__),
         ok);
     return ok;
@@ -3263,6 +3265,8 @@ static int wp_rsa_encode_enc_pki(const wp_RsaEncDecCtx* ctx, const wp_Rsa* rsa,
 
     XFREE(encodedKey, NULL, DYNAMIC_TYPE_RSA_BUFFER);
 
+    OPENSSL_cleanse(password, sizeof(password));
+
     WOLFPROV_LEAVE(WP_LOG_COMP_RSA, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
     return ok;
 }

Original file line number	Diff line number	Diff line change
`@@ -263,6 +263,8 @@ static int wp_epki2pki_decode(wp_Epki2Pki* ctx, OSSL_CORE_BIO* coreBio,`
`263`	`263`	`/* Dispose of the EPKI data buffer. */`
`264`	`264`	`OPENSSL_free(data);`
`265`	`265`
	`266`	`+ OPENSSL_cleanse(password, sizeof(password));`
	`267`	`+`
`266`	`268`	`WOLFPROV_LEAVE(WP_LOG_COMP_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);`
`267`	`269`	`return ok;`
`268`	`270`	`}`
Original file line number	Diff line number	Diff line change
`@@ -997,6 +997,8 @@ int wp_encrypt_key(WOLFPROV_CTX* provCtx, const char* cipherName,`
`997`	`997`	`*keyLen = len;`
`998`	`998`	`}`
`999`	`999`
	`1000`	`+ OPENSSL_cleanse(password, sizeof(password));`
	`1001`	`+`
`1000`	`1002`	`WOLFPROV_LEAVE(WP_LOG_COMP_PROVIDER, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);`
`1001`	`1003`	`return ok;`
`1002`	`1004`	`#else`
Original file line number	Diff line number	Diff line change
`@@ -2472,6 +2472,8 @@ static int wp_rsa_decode_enc_pki(wp_Rsa* rsa, unsigned char* data, word32 len,`
`2472`	`2472`	`ok = wp_rsa_decode_pki(rsa, data, len);`
`2473`	`2473`	`}`
`2474`	`2474`
	`2475`	`+ OPENSSL_cleanse(password, sizeof(password));`
	`2476`	`+`
`2475`	`2477`	`WOLFPROV_LEAVE_SILENT(WP_LOG_COMP_RSA, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__),`
`2476`	`2478`	`ok);`
`2477`	`2479`	`return ok;`
`@@ -3263,6 +3265,8 @@ static int wp_rsa_encode_enc_pki(const wp_RsaEncDecCtx* ctx, const wp_Rsa* rsa,`
`3263`	`3265`
`3264`	`3266`	`XFREE(encodedKey, NULL, DYNAMIC_TYPE_RSA_BUFFER);`
`3265`	`3267`
	`3268`	`+ OPENSSL_cleanse(password, sizeof(password));`
	`3269`	`+`
`3266`	`3270`	`WOLFPROV_LEAVE(WP_LOG_COMP_RSA, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);`
`3267`	`3271`	`return ok;`
`3268`	`3272`	`}`