diff --git a/src/tls.c b/src/tls.c index 5fc3557f28..e1413a96d4 100644 --- a/src/tls.c +++ b/src/tls.c @@ -8396,17 +8396,24 @@ static int TLSX_KeyShare_GenPqcHybridKeyClient(WOLFSSL *ssl, KeyShareEntry* kse) if (ret == 0) { ecc_kse = (KeyShareEntry*)XMALLOC(sizeof(*ecc_kse), ssl->heap, DYNAMIC_TYPE_TLSX); - pqc_kse = (KeyShareEntry*)XMALLOC(sizeof(*pqc_kse), ssl->heap, - DYNAMIC_TYPE_TLSX); - if (ecc_kse == NULL || pqc_kse == NULL) { + if (ecc_kse == NULL) { WOLFSSL_MSG("kse memory allocation failure"); ret = MEMORY_ERROR; } + else { + XMEMSET(ecc_kse, 0, sizeof(*ecc_kse)); + } } - if (ret == 0) { - XMEMSET(ecc_kse, 0, sizeof(*ecc_kse)); - XMEMSET(pqc_kse, 0, sizeof(*pqc_kse)); + pqc_kse = (KeyShareEntry*)XMALLOC(sizeof(*pqc_kse), ssl->heap, + DYNAMIC_TYPE_TLSX); + if (pqc_kse == NULL) { + WOLFSSL_MSG("kse memory allocation failure"); + ret = MEMORY_ERROR; + } + else { + XMEMSET(pqc_kse, 0, sizeof(*pqc_kse)); + } } /* Generate ECC key share part */ @@ -8555,9 +8562,8 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap) } #ifdef WOLFSSL_HAVE_KYBER else if (WOLFSSL_NAMED_GROUP_IS_PQC(current->group)) { - #ifdef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ wc_KyberKey_Free((KyberKey*)current->key); - #else + #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ if (current->privKey != NULL) { ForceZero(current->privKey, current->privKeyLen); } @@ -9355,12 +9361,24 @@ static int TLSX_KeyShare_ProcessPqcHybridClient(WOLFSSL* ssl, if (ret == 0) { ecc_kse = (KeyShareEntry*)XMALLOC(sizeof(*ecc_kse), ssl->heap, DYNAMIC_TYPE_TLSX); + if (ecc_kse == NULL) { + WOLFSSL_MSG("kse memory allocation failure"); + ret = MEMORY_ERROR; + } + else { + XMEMSET(ecc_kse, 0, sizeof(*ecc_kse)); + } + } + if (ret == 0) { pqc_kse = (KeyShareEntry*)XMALLOC(sizeof(*pqc_kse), ssl->heap, DYNAMIC_TYPE_TLSX); - if (ecc_kse == NULL || pqc_kse == NULL) { + if (pqc_kse == NULL) { WOLFSSL_MSG("kse memory allocation failure"); ret = MEMORY_ERROR; } + else { + XMEMSET(pqc_kse, 0, sizeof(*pqc_kse)); + } } /* The ciphertext and shared secret sizes of a KEM are fixed. Hence, we @@ -9369,42 +9387,36 @@ static int TLSX_KeyShare_ProcessPqcHybridClient(WOLFSSL* ssl, if (ret == 0) { #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ int type; - KyberKey* kem; - #endif - XMEMSET(pqc_kse, 0, sizeof(*pqc_kse)); - pqc_kse->group = pqc_group; - pqc_kse->privKeyLen = keyShareEntry->privKeyLen; - #ifdef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ - pqc_kse->key = keyShareEntry->privKey; - #else pqc_kse->privKey = keyShareEntry->privKey; - /* Allocate a Kyber key to hold private key. */ - kem = (KyberKey*) XMALLOC(sizeof(KyberKey), ssl->heap, - DYNAMIC_TYPE_PRIVATE_KEY); - if (kem == NULL) { - WOLFSSL_MSG("GenPqcKey memory error"); - ret = MEMORY_E; - } - if (ret == 0) { - ret = kyber_id2type(pqc_group, &type); - } + ret = kyber_id2type(pqc_group, &type); if (ret != 0) { WOLFSSL_MSG("Invalid Kyber algorithm specified."); ret = BAD_FUNC_ARG; } if (ret == 0) { - ret = wc_KyberKey_Init(type, kem, ssl->heap, ssl->devId); - if (ret != 0) { - WOLFSSL_MSG("Error creating Kyber KEM"); + pqc_kse->key = XMALLOC(sizeof(KyberKey), ssl->heap, + DYNAMIC_TYPE_PRIVATE_KEY); + if (pqc_kse->key == NULL) { + WOLFSSL_MSG("GenPqcKey memory error"); + ret = MEMORY_E; } } if (ret == 0) { - pqc_kse->key = kem; + ret = wc_KyberKey_Init(type, (KyberKey*)pqc_kse->key, + ssl->heap, ssl->devId); + if (ret != 0) { + WOLFSSL_MSG("Error creating Kyber KEM"); + } } + #else + pqc_kse->key = keyShareEntry->privKey; #endif + pqc_kse->group = pqc_group; + pqc_kse->privKeyLen = keyShareEntry->privKeyLen; + if (ret == 0) { ret = wc_KyberKey_SharedSecretSize((KyberKey*)pqc_kse->key, &ssSzPqc); @@ -9439,7 +9451,6 @@ static int TLSX_KeyShare_ProcessPqcHybridClient(WOLFSSL* ssl, } if (ret == 0) { - XMEMSET(ecc_kse, 0, sizeof(*ecc_kse)); ecc_kse->group = ecc_group; ecc_kse->keLen = keyShareEntry->keLen - ctSz; ecc_kse->key = keyShareEntry->key;