Merge pull request #9829 from night1rider/tmpSha-fixes

SparkiDev · web-flow · commit 215fe1341c28 · 2026-03-02T21:18:55.000+10:00
Fix potential memory leak when copying into existing SHA contexts and zero init tmpSha
diff --git a/src/internal.c b/src/internal.c
@@ -12368,6 +12368,7 @@ static int BuildMD5(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
 #else
     wc_Md5  md5[1];
 #endif
+    XMEMSET(md5, 0, sizeof(wc_Md5));
 
     /* make md5 inner */
     ret = wc_Md5Copy(&ssl->hsHashes->hashMd5, md5);
@@ -12413,6 +12414,7 @@ static int BuildSHA(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
 #else
     wc_Sha  sha[1];
 #endif
+    XMEMSET(sha, 0, sizeof(wc_Sha));
     /* make sha inner */
     ret = wc_ShaCopy(&ssl->hsHashes->hashSha, sha); /* Save current position */
     if (ret == 0)
@@ -23919,6 +23921,7 @@ static int BuildMD5_CertVerify(const WOLFSSL* ssl, byte* digest)
 #else
     wc_Md5  md5[1];
 #endif
+    XMEMSET(md5, 0, sizeof(wc_Md5));
 
     /* make md5 inner */
     ret = wc_Md5Copy(&ssl->hsHashes->hashMd5, md5); /* Save current position */
@@ -23962,6 +23965,7 @@ static int BuildSHA_CertVerify(const WOLFSSL* ssl, byte* digest)
 #else
     wc_Sha  sha[1];
 #endif
+    XMEMSET(sha, 0, sizeof(wc_Sha));
 
     /* make sha inner */
     ret = wc_ShaCopy(&ssl->hsHashes->hashSha, sha); /* Save current position */
diff --git a/src/tls13.c b/src/tls13.c
@@ -11983,6 +11983,8 @@ static int ExpectedResumptionSecret(WOLFSSL* ssl)
     Digest      digest;
     static byte header[] = { 0x14, 0x00, 0x00, 0x00 };
 
+    XMEMSET(&digest, 0, sizeof(Digest));
+
     /* Copy the running hash so we can restore it after. */
     switch (ssl->specs.mac_algorithm) {
     #ifndef NO_SHA256
diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c
@@ -5846,6 +5846,9 @@ void wolfSSL_EVP_init(void)
             if (out->pctx == NULL)
                 return WOLFSSL_FAILURE;
         }
+        /* Zero hash context after shallow copy to prevent shared sub-pointers
+         * with src. The hash Copy function will perform the proper deep copy. */
+        XMEMSET(&out->hash, 0, sizeof(out->hash));
         return wolfSSL_EVP_MD_Copy_Hasher(out, (WOLFSSL_EVP_MD_CTX*)in);
     }
     #ifndef NO_AES
diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c
@@ -331,6 +331,11 @@ int wc_HmacCopy(Hmac* src, Hmac* dst) {
 
     XMEMCPY(dst, src, sizeof(*dst));
 
+    /* Zero hash context after shallow copy to prevent shared sub-pointers
+     * (e.g., msg, W buffers) with src. The hash Copy function will perform
+     * the proper deep copy. */
+    XMEMSET(&dst->hash, 0, sizeof(wc_HmacHash));
+
     ret = HmacKeyCopyHash(src->macType, &src->hash, &dst->hash);
 
     if (ret != 0)
diff --git a/wolfcrypt/src/md5.c b/wolfcrypt/src/md5.c
@@ -522,6 +522,7 @@ int wc_Md5GetHash(wc_Md5* md5, byte* hash)
     if (md5 == NULL || hash == NULL)
         return BAD_FUNC_ARG;
 
+    XMEMSET(&tmpMd5, 0, sizeof(tmpMd5));
     ret = wc_Md5Copy(md5, &tmpMd5);
     if (ret == 0) {
         ret = wc_Md5Final(&tmpMd5, hash);
@@ -537,6 +538,9 @@ int wc_Md5Copy(wc_Md5* src, wc_Md5* dst)
     if (src == NULL || dst == NULL)
         return BAD_FUNC_ARG;
 
+    /* Free dst resources before copy to prevent memory leaks (e.g.,
+     * hardware contexts). XMEMCPY overwrites dst. */
+    wc_Md5Free(dst);
     XMEMCPY(dst, src, sizeof(wc_Md5));
 
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_MD5)
diff --git a/wolfcrypt/src/port/riscv/riscv-64-sha256.c b/wolfcrypt/src/port/riscv/riscv-64-sha256.c
@@ -1031,6 +1031,7 @@ int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash)
     }
     else {
         wc_Sha256 tmpSha256;
+        XMEMSET(&tmpSha256, 0, sizeof(tmpSha256));
         /* Create a copy of the hash to finalize. */
         ret = wc_Sha256Copy(sha256, &tmpSha256);
         if (ret == 0) {
@@ -1350,6 +1351,7 @@ int wc_Sha224GetHash(wc_Sha224* sha224, byte* hash)
     }
     else {
         wc_Sha224 tmpSha224;
+        XMEMSET(&tmpSha224, 0, sizeof(tmpSha224));
         /* Create a copy of the hash to finalize. */
         ret = wc_Sha224Copy(sha224, &tmpSha224);
         if (ret == 0) {
diff --git a/wolfcrypt/src/port/riscv/riscv-64-sha512.c b/wolfcrypt/src/port/riscv/riscv-64-sha512.c
@@ -1140,6 +1140,7 @@ int wc_Sha512GetHash(wc_Sha512* sha512, byte* hash)
     }
     else {
         wc_Sha512 tmpSha512;
+        XMEMSET(&tmpSha512, 0, sizeof(tmpSha512));
         /* Create a copy of the hash to finalize. */
         ret = wc_Sha512Copy(sha512, &tmpSha512);
         if (ret == 0) {
@@ -1357,6 +1358,7 @@ int wc_Sha512_224GetHash(wc_Sha512* sha512, byte* hash)
     }
     else {
         wc_Sha512 tmpSha512;
+        XMEMSET(&tmpSha512, 0, sizeof(tmpSha512));
         /* Create a copy of the hash to finalize. */
         ret = wc_Sha512Copy(sha512, &tmpSha512);
         if (ret == 0) {
@@ -1456,6 +1458,7 @@ int wc_Sha512_256GetHash(wc_Sha512* sha512, byte* hash)
     }
     else {
         wc_Sha512 tmpSha512;
+        XMEMSET(&tmpSha512, 0, sizeof(tmpSha512));
         /* Create a copy of the hash to finalize. */
         ret = wc_Sha512Copy(sha512, &tmpSha512);
         if (ret == 0) {
@@ -1671,6 +1674,7 @@ int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash)
     }
     else {
         wc_Sha384 tmpSha384;
+        XMEMSET(&tmpSha384, 0, sizeof(tmpSha384));
         /* Create a copy of the hash to finalize. */
         ret = wc_Sha384Copy(sha384, &tmpSha384);
         if (ret == 0) {
diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c
@@ -1137,7 +1137,7 @@ int wc_ShaGetHash(wc_Sha* sha, byte* hash)
         return BAD_FUNC_ARG;
     }
 
-    WC_ALLOC_VAR_EX(tmpSha, wc_Sha, 1, NULL, DYNAMIC_TYPE_TMP_BUFFER,
+    WC_CALLOC_VAR_EX(tmpSha, wc_Sha, 1, NULL, DYNAMIC_TYPE_TMP_BUFFER,
         return MEMORY_E);
 
     ret = wc_ShaCopy(sha, tmpSha);
@@ -1172,6 +1172,9 @@ int wc_ShaCopy(wc_Sha* src, wc_Sha* dst)
     ret = 0; /* Reset ret to 0 to avoid returning the callback error code */
 #endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_COPY */
 
+    /* Free dst resources before copy to prevent memory leaks (e.g., msg
+     * buffer, W cache, hardware contexts). XMEMCPY overwrites dst. */
+    wc_ShaFree(dst);
     XMEMCPY(dst, src, sizeof(wc_Sha));
 
 #if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_SE_ACCEL_3)
diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c
@@ -2546,7 +2546,7 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
             return BAD_FUNC_ARG;
         }
 
-        WC_ALLOC_VAR_EX(tmpSha224, wc_Sha224, 1, NULL,
+        WC_CALLOC_VAR_EX(tmpSha224, wc_Sha224, 1, NULL,
             DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E);
 
         ret = wc_Sha224Copy(sha224, tmpSha224);
@@ -2582,6 +2582,9 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
         ret = 0; /* Reset ret to 0 to avoid returning the callback error code */
 #endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_COPY */
 
+        /* Free dst resources before copy to prevent memory leaks (e.g., msg
+         * buffer, W cache, hardware contexts). XMEMCPY overwrites dst. */
+        wc_Sha224Free(dst);
         XMEMCPY(dst, src, sizeof(wc_Sha224));
 
     #ifdef WOLFSSL_SMALL_STACK_CACHE
@@ -2691,7 +2694,7 @@ int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash)
         return BAD_FUNC_ARG;
     }
 
-    WC_ALLOC_VAR_EX(tmpSha256, wc_Sha256, 1, NULL, DYNAMIC_TYPE_TMP_BUFFER,
+    WC_CALLOC_VAR_EX(tmpSha256, wc_Sha256, 1, NULL, DYNAMIC_TYPE_TMP_BUFFER,
         return MEMORY_E);
 
     ret = wc_Sha256Copy(sha256, tmpSha256);
@@ -2728,6 +2731,9 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
     ret = 0; /* Reset ret to 0 to avoid returning the callback error code */
 #endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_COPY */
 
+    /* Free dst resources before copy to prevent memory leaks (e.g., msg
+     * buffer, W cache, hardware contexts). XMEMCPY overwrites dst. */
+    wc_Sha256Free(dst);
     XMEMCPY(dst, src, sizeof(wc_Sha256));
 
 #ifdef WOLFSSL_MAXQ10XX_CRYPTO
diff --git a/wolfcrypt/src/sha3.c b/wolfcrypt/src/sha3.c
@@ -1306,6 +1306,9 @@ static int wc_Sha3Copy(wc_Sha3* src, wc_Sha3* dst)
     ret = 0; /* Reset ret to 0 to avoid returning the callback error code */
 #endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_COPY */
 
+    /* Free dst resources before copy to prevent memory leaks (e.g.,
+     * hardware contexts). XMEMCPY overwrites dst. */
+    wc_Sha3Free(dst);
     XMEMCPY(dst, src, sizeof(wc_Sha3));
 
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3)
@@ -1342,6 +1345,7 @@ static int wc_Sha3GetHash(wc_Sha3* sha3, byte* hash, byte p, byte len)
     if (sha3 == NULL || hash == NULL)
         return BAD_FUNC_ARG;
 
+    XMEMSET(&tmpSha3, 0, sizeof(tmpSha3));
     ret = wc_Sha3Copy(sha3, &tmpSha3);
     if (ret == 0) {
         ret = wc_Sha3Final(&tmpSha3, hash, p, len);
diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c
@@ -2206,7 +2206,7 @@ static int Sha512_Family_GetHash(wc_Sha512* sha512, byte* hash,
         return BAD_FUNC_ARG;
     }
 
-    WC_ALLOC_VAR_EX(tmpSha512, wc_Sha512, 1, NULL, DYNAMIC_TYPE_TMP_BUFFER,
+    WC_CALLOC_VAR_EX(tmpSha512, wc_Sha512, 1, NULL, DYNAMIC_TYPE_TMP_BUFFER,
         return MEMORY_E);
 
     /* copy this sha512 into tmpSha */
@@ -2249,6 +2249,9 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
     ret = 0; /* Reset ret to 0 to avoid returning the callback error code */
 #endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_COPY */
 
+    /* Free dst resources before copy to prevent memory leaks (e.g., msg
+     * buffer, W cache, hardware contexts). XMEMCPY overwrites dst. */
+    wc_Sha512Free(dst);
     XMEMCPY(dst, src, sizeof(wc_Sha512));
 #ifdef WOLFSSL_SMALL_STACK_CACHE
     /* This allocation combines the customary W buffer used by
@@ -2649,7 +2652,7 @@ int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash)
         return BAD_FUNC_ARG;
     }
 
-    WC_ALLOC_VAR_EX(tmpSha384, wc_Sha384, 1, NULL, DYNAMIC_TYPE_TMP_BUFFER,
+    WC_CALLOC_VAR_EX(tmpSha384, wc_Sha384, 1, NULL, DYNAMIC_TYPE_TMP_BUFFER,
         return MEMORY_E);
 
     /* copy this sha384 into tmpSha */
@@ -2687,6 +2690,9 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
     ret = 0; /* Reset ret to 0 to avoid returning the callback error code */
 #endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_COPY */
 
+    /* Free dst resources before copy to prevent memory leaks (e.g., msg
+     * buffer, W cache, hardware contexts). XMEMCPY overwrites dst. */
+    wc_Sha384Free(dst);
     XMEMCPY(dst, src, sizeof(wc_Sha384));
 
 #ifdef WOLFSSL_SMALL_STACK_CACHE
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c

Original file line number	Diff line number	Diff line change
`@@ -5846,6 +5846,9 @@ void wolfSSL_EVP_init(void)`
`5846`	`5846`	`if (out->pctx == NULL)`
`5847`	`5847`	`return WOLFSSL_FAILURE;`
`5848`	`5848`	`}`
	`5849`	`+ /* Zero hash context after shallow copy to prevent shared sub-pointers`
	`5850`	`+ * with src. The hash Copy function will perform the proper deep copy. */`
	`5851`	`+ XMEMSET(&out->hash, 0, sizeof(out->hash));`
`5849`	`5852`	`return wolfSSL_EVP_MD_Copy_Hasher(out, (WOLFSSL_EVP_MD_CTX*)in);`
`5850`	`5853`	`}`
`5851`	`5854`	`#ifndef NO_AES`