Add robustness checks

Author: padelsbach

src/wp_ecdh_exch.c

@@ -156,8 +156,8 @@ static wp_EcdhCtx* wp_ecdh_dup(wp_EcdhCtx* src)
         }
         if (!ok) {
             /* Free allocated memory and up referenced objects. */
-            wp_ecc_free(src->peer);
-            wp_ecc_free(src->key);
+            wp_ecc_free(dst->peer);
+            wp_ecc_free(dst->key);
             OPENSSL_free(dst);
             dst = NULL;
         }

src/wp_ecx_exch.c

@@ -115,7 +115,8 @@ static wp_EcxCtx* wp_ecx_dupctx(wp_EcxCtx* src)
             dst->peer = src->peer;
         }
         if (!ok) {
-            wp_ecx_free(src->key);
+            wp_ecx_free(dst->key);
+            wp_ecx_free(dst->peer);
             OPENSSL_free(dst);
             dst = NULL;
         }

src/wp_internal.c

@@ -332,12 +332,13 @@ int wp_unlock(wolfSSL_Mutex* mutex)
  */
 int wp_name_to_nid(OSSL_LIB_CTX* libCtx, const char* name, const char* propQ)
 {
-    int nid;
+    int nid = NID_undef;
 
     EVP_MD* md = EVP_MD_fetch(libCtx, name, propQ);
-    nid = EVP_MD_type(md);
-    EVP_MD_free(md);
-
+    if (md) {
+        nid = EVP_MD_type(md);
+        EVP_MD_free(md);
+    }
     return nid;
 }
 
@@ -441,11 +442,13 @@ enum wc_HashType wp_nid_to_wc_hash_type(int nid)
 int wp_name_to_wc_mgf(OSSL_LIB_CTX* libCtx, const char* name,
     const char* propQ)
 {
-    int ret;
+    int ret = WC_MGF1NONE;
 
     EVP_MD* md = EVP_MD_fetch(libCtx, name, propQ);
-    ret = wp_mgf1_from_hash(EVP_MD_type(md));
-    EVP_MD_free(md);
+    if (md) {
+        ret = wp_mgf1_from_hash(EVP_MD_type(md));
+        EVP_MD_free(md);
+    }
 
     return ret;
 }

src/wp_kbkdf.c

@@ -394,6 +394,10 @@ static int wp_kbkdf_init_hmac(wp_KbkdfCtx* ctx, unsigned char* key,
         localKeyLen = (word32)keyLen;
     }
 
+    if (localKeyLen > sizeof(localKey)) {
+        ok = 0;
+    }
+
     if (ok) {
         XMEMCPY(localKey, key, keyLen);
         rc = wc_HmacSetKey(&ctx->hmacCtx, ctx->hashType, localKey,