Conversation
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #10203
Scan targets checked: wolfcrypt-api_misuse, wolfcrypt-bugs, wolfcrypt-compliance, wolfcrypt-concurrency, wolfcrypt-consttime, wolfcrypt-defaults, wolfcrypt-mutation, wolfcrypt-portability, wolfcrypt-proptest, wolfcrypt-src, wolfcrypt-zeroize
Findings: 5
5 finding(s) posted as inline comments (see file-level comments below)
This review was generated automatically by Fenrir. Findings are non-blocking.
Frauschi
force-pushed
the
pkcs7_fixes
branch
2 times, most recently
from
52b6384 to
f381fda
Compare
|
Jenkins retest this please |
|
Frauschi
force-pushed
the
pkcs7_fixes
branch
2 times, most recently
from
5e42078 to
14c9823
Compare
|
Jenkins retest this please |
|
|
||
| /* free any buffers that may be allocated */ | ||
| if (pkcs7->stream->aad != NULL && pkcs7->stream->aadSz > 0) | ||
| ForceZero(pkcs7->stream->aad, pkcs7->stream->aadSz); |
There was a problem hiding this comment.
Since we are adding ForceZeros then we should put in wc_MemZero_Add calls in constructor.
If memory is dynamic then it will be checked in the free, otherwise you need a wc_MemZero_Check() in the destructor.
There was a problem hiding this comment.
Where were they added.
Thanks.
Frauschi
force-pushed
the
pkcs7_fixes
branch
2 times, most recently
from
5829b06 to
9959856
Compare
Also add missing ForceZero for ECDH shared secret on the heap.
|
|
||
| /* free any buffers that may be allocated */ | ||
| if (pkcs7->stream->aad != NULL && pkcs7->stream->aadSz > 0) | ||
| ForceZero(pkcs7->stream->aad, pkcs7->stream->aadSz); |
There was a problem hiding this comment.
Where were they added.
Thanks.
4 participants
Fixes for various issues found in PKCS#7 code.
Fixes zd21593, F-2683, F-2684, F-2686, F-1552, F-1990, F-2681, F-2685, F-1991, F-1992, F-2679, F-2680. Also fixes a regression when building with
--enable-allandNO_PKCS7_STREAM.