Skip to content

Commit be37ca2

Browse files
aidangarskeaidangarske
committed
Test and fix skoll finding
1 parent f6416fa commit be37ca2

3 files changed

Lines changed: 50 additions & 19 deletions

File tree

src/certgen/clu_certgen_ed25519.c

Lines changed: 47 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -68,19 +68,26 @@ int make_self_signed_ed25519_certificate(char* keyPath, char* certOut)
6868
}
6969
XFCLOSE(keyFile);
7070

71+
int keyInit = 0, rngInit = 0;
72+
7173
ret = wc_ed25519_init(&key);
7274
if (ret != 0) {
7375
wolfCLU_LogError("Failed to initialize ed25519 key\nRET: %d", ret);
76+
wolfCLU_ForceZero(keyBuf, keyFileSz);
7477
XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
7578
return ret;
7679
}
80+
keyInit = 1;
7781

7882
ret = wc_InitRng(&rng);
7983
if (ret != 0) {
8084
wolfCLU_LogError("Failed to initialize rng.\nRET: %d", ret);
85+
wolfCLU_ForceZero(keyBuf, keyFileSz);
8186
XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
87+
wc_ed25519_free(&key);
8288
return ret;
8389
}
90+
rngInit = 1;
8491

8592
ret = wc_ed25519_import_private_key(keyBuf,
8693
ED25519_KEY_SIZE,
@@ -90,7 +97,7 @@ int make_self_signed_ed25519_certificate(char* keyPath, char* certOut)
9097
XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
9198
if (ret != 0 ) {
9299
wolfCLU_LogError("Failed to decode private key.\nRET: %d", ret);
93-
return ret;
100+
goto cleanup;
94101
}
95102

96103
wc_InitCert(&newCert);
@@ -105,36 +112,44 @@ int make_self_signed_ed25519_certificate(char* keyPath, char* certOut)
105112

106113
WOLFCLU_LOG(WOLFCLU_L0, "Enter your countries 2 digit code (ex: United States -> US): ");
107114
if (XFGETS(country,CTC_NAME_SIZE, stdin) == NULL) {
108-
return WOLFCLU_FAILURE;
115+
ret = WOLFCLU_FAILURE;
116+
goto cleanup;
109117
}
110118
country[CTC_NAME_SIZE-1] = '\0';
111119
WOLFCLU_LOG(WOLFCLU_L0, "Enter the name of the province you are located at: ");
112120
if (XFGETS(province,CTC_NAME_SIZE, stdin) == NULL) {
113-
return WOLFCLU_FAILURE;
121+
ret = WOLFCLU_FAILURE;
122+
goto cleanup;
114123
}
115124
WOLFCLU_LOG(WOLFCLU_L0, "Enter the name of the city you are located at: ");
116125
if (XFGETS(city,CTC_NAME_SIZE, stdin) == NULL) {
117-
return WOLFCLU_FAILURE;
126+
ret = WOLFCLU_FAILURE;
127+
goto cleanup;
118128
}
119129
WOLFCLU_LOG(WOLFCLU_L0, "Enter the name of your orginization: ");
120130
if (XFGETS(org,CTC_NAME_SIZE, stdin) == NULL) {
121-
return WOLFCLU_FAILURE;
131+
ret = WOLFCLU_FAILURE;
132+
goto cleanup;
122133
}
123134
WOLFCLU_LOG(WOLFCLU_L0, "Enter the name of your unit: ");
124135
if (XFGETS(unit,CTC_NAME_SIZE, stdin) == NULL) {
125-
return WOLFCLU_FAILURE;
136+
ret = WOLFCLU_FAILURE;
137+
goto cleanup;
126138
}
127139
WOLFCLU_LOG(WOLFCLU_L0, "Enter the common name of your domain: ");
128140
if (XFGETS(commonName,CTC_NAME_SIZE, stdin) == NULL) {
129-
return WOLFCLU_FAILURE;
141+
ret = WOLFCLU_FAILURE;
142+
goto cleanup;
130143
}
131144
WOLFCLU_LOG(WOLFCLU_L0, "Enter your email address: ");
132145
if (XFGETS(email,CTC_NAME_SIZE, stdin) == NULL) {
133-
return WOLFCLU_FAILURE;
146+
ret = WOLFCLU_FAILURE;
147+
goto cleanup;
134148
}
135149
WOLFCLU_LOG(WOLFCLU_L0, "Enter the number of days this certificate should be valid: ");
136150
if (XFGETS(daysValid,CTC_NAME_SIZE, stdin) == NULL) {
137-
return WOLFCLU_FAILURE;
151+
ret = WOLFCLU_FAILURE;
152+
goto cleanup;
138153
}
139154

140155
XSTRNCPY(newCert.subject.country, country, CTC_NAME_SIZE);
@@ -151,22 +166,23 @@ int make_self_signed_ed25519_certificate(char* keyPath, char* certOut)
151166
certBuf = (byte*)XMALLOC(FOURK_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
152167
if (certBuf == NULL) {
153168
wolfCLU_LogError("Failed to initialize buffer to stort certificate.");
154-
return -1;
169+
ret = MEMORY_E;
170+
goto cleanup;
155171
}
156172
XMEMSET(certBuf, 0, FOURK_SZ);
157173

158174
ret = wc_MakeCert_ex(&newCert, certBuf, FOURK_SZ, ED25519_TYPE, &key, &rng);
159175
if (ret < 0) {
160176
wolfCLU_LogError("Failed to make certificate.");
161-
return ret;
177+
goto cleanup;
162178
}
163179
WOLFCLU_LOG(WOLFCLU_L0, "MakeCert returned %d", ret);
164180

165181
ret = wc_SignCert_ex(newCert.bodySz, newCert.sigType, certBuf, FOURK_SZ,
166182
ED25519_TYPE, &key, &rng);
167183
if (ret < 0) {
168184
wolfCLU_LogError("Failed to sign certificate.");
169-
return ret;
185+
goto cleanup;
170186
}
171187
WOLFCLU_LOG(WOLFCLU_L0, "SignCert returned %d", ret);
172188

@@ -178,7 +194,8 @@ int make_self_signed_ed25519_certificate(char* keyPath, char* certOut)
178194
file = XFOPEN(certOut, "wb");
179195
if (!file) {
180196
wolfCLU_LogError("failed to open file: %s", certOut);
181-
return -1;
197+
ret = WOLFCLU_FATAL_ERROR;
198+
goto cleanup;
182199
}
183200

184201
ret = (int)XFWRITE(certBuf, 1, certBufSz, file);
@@ -194,30 +211,42 @@ int make_self_signed_ed25519_certificate(char* keyPath, char* certOut)
194211
pemBuf = (byte*)XMALLOC(FOURK_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
195212
if (pemBuf == NULL) {
196213
wolfCLU_LogError("Failed to initialize pem buffer.");
197-
return -1;
214+
ret = MEMORY_E;
215+
goto cleanup;
198216
}
199217
XMEMSET(pemBuf, 0, FOURK_SZ);
200218

201219
pemBufSz = wc_DerToPem(certBuf, certBufSz, pemBuf, FOURK_SZ, CERT_TYPE);
202220
if (pemBufSz < 0) {
203221
wolfCLU_LogError("Failed to convert from der to pem.");
204-
return -1;
222+
ret = pemBufSz;
223+
goto cleanup;
205224
}
206225

207226
WOLFCLU_LOG(WOLFCLU_L0, "Resulting pem buffer is %d bytes", pemBufSz);
208227

209228
pemFile = XFOPEN(certOut, "wb");
210229
if (!pemFile) {
211230
wolfCLU_LogError("failed to open file: %s", certOut);
212-
return -1;
231+
ret = WOLFCLU_FATAL_ERROR;
232+
goto cleanup;
213233
}
214234
XFWRITE(pemBuf, 1, pemBufSz, pemFile);
215235
XFCLOSE(pemFile);
216236
WOLFCLU_LOG(WOLFCLU_L0, "Successfully converted the der to pem. Result is in: %s\n",
217237
certOut);
238+
ret = WOLFCLU_SUCCESS;
218239

219-
free_things_ed25519(&pemBuf, &certBuf, NULL, &key, NULL, &rng);
220-
return 1;
240+
cleanup:
241+
if (pemBuf != NULL)
242+
XFREE(pemBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
243+
if (certBuf != NULL)
244+
XFREE(certBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
245+
if (keyInit)
246+
wc_ed25519_free(&key);
247+
if (rngInit)
248+
wc_FreeRng(&rng);
249+
return ret;
221250
}
222251

223252
void free_things_ed25519(byte** a, byte** b, byte** c, ed25519_key* d, ed25519_key* e,

src/certgen/clu_certgen_rsa.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -72,6 +72,7 @@ int make_self_signed_rsa_certificate(char* keyPath, char* certOut, int oid)
7272
ret = wc_InitRsaKey(&key, NULL);
7373
if (ret != 0) {
7474
wolfCLU_LogError("Failed to initialize RsaKey\nRET: %d", ret);
75+
wolfCLU_ForceZero(keyBuf, keyFileSz);
7576
XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
7677
return ret;
7778
}
@@ -80,6 +81,7 @@ int make_self_signed_rsa_certificate(char* keyPath, char* certOut, int oid)
8081
ret = wc_InitRng(&rng);
8182
if (ret != 0) {
8283
wolfCLU_LogError("Failed to initialize rng.\nRET: %d", ret);
84+
wolfCLU_ForceZero(keyBuf, keyFileSz);
8385
XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
8486
wc_FreeRsaKey(&key);
8587
return ret;

src/sign-verify/clu_sign.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -666,7 +666,7 @@ int wolfCLU_sign_data_dilithium (byte* data, char* out, word32 dataSz, char* pri
666666
#ifdef WOLFSSL_SMALL_STACK
667667
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
668668
#endif
669-
return ret;
669+
return WOLFCLU_FATAL_ERROR;
670670
}
671671
XFCLOSE(privKeyFile);
672672

0 commit comments

Comments
 (0)