Erase password buffers when exiting routines

src/wp_dec_epki2pki.c

@@ -263,6 +263,8 @@ static int wp_epki2pki_decode(wp_Epki2Pki* ctx, OSSL_CORE_BIO* coreBio,
     /* Dispose of the EPKI data buffer. */
     OPENSSL_free(data);
 
+    OPENSSL_cleanse(password, sizeof(password));
+
     WOLFPROV_LEAVE(WP_LOG_COMP_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
     return ok;
 }

src/wp_dh_exch.c

@@ -512,8 +512,10 @@ static int wp_dh_set_param_kdf_digest(wp_DhCtx* ctx, const OSSL_PARAM params[])
     }
     if (ok && (mdName != NULL)) {
         const char* mdProps = NULL;
+        size_t mdNameLen = OPENSSL_strnlen(mdName, sizeof(ctx->kdfMdName) - 1);
 
-        XMEMCPY(ctx->kdfMdName, mdName, XSTRLEN(mdName) + 1);
+        XMEMCPY(ctx->kdfMdName, mdName, mdNameLen);
+        ctx->kdfMdName[mdNameLen] = '\0';
         if (!wp_params_get_utf8_string_ptr(params,
                     OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS, &mdProps)) {
             ok = 0;

src/wp_ecdh_exch.c

@@ -315,7 +315,8 @@ static int wp_ecdh_derive(wp_EcdhCtx* ctx, unsigned char* secret,
     int done = 0;
     unsigned char* out;
     size_t outLen;
-    unsigned char tmp[72];
+    unsigned char* tmp = NULL;
+    size_t maxLen = (size_t)wp_ecc_get_size(ctx->key);
 
     WOLFPROV_ENTER(WP_LOG_COMP_ECDH, "wp_ecdh_derive");
 
@@ -326,10 +327,10 @@ static int wp_ecdh_derive(wp_EcdhCtx* ctx, unsigned char* secret,
     /* No output buffer, return maximum size only. */
     if (ok && (secret == NULL)) {
         if (ctx->kdfType == WP_KDF_NONE) {
-            *secLen = wp_ecc_get_size(ctx->key);
+            *secLen = maxLen;
         }
         else {
-            *secLen = ctx->keyLen;;
+            *secLen = ctx->keyLen;
         }
         done = 1;
     }
@@ -342,8 +343,15 @@ static int wp_ecdh_derive(wp_EcdhCtx* ctx, unsigned char* secret,
         }
         else if (ctx->kdfType == WP_KDF_X963) {
             /* Output of ECDH key exchange goes into temporary buffer. */
-            out = tmp;
-            outLen = sizeof(tmp);
+            tmp = OPENSSL_malloc(maxLen);
+            if (tmp == NULL) {
+                ok = 0;
+                outLen = 0;
+            }
+            else {
+                out = tmp;
+                outLen = maxLen;
+            }
         }
         else {
             ok = 0;
@@ -365,6 +373,8 @@ static int wp_ecdh_derive(wp_EcdhCtx* ctx, unsigned char* secret,
         }
     }
 
+    OPENSSL_clear_free(tmp, maxLen);
+
     WOLFPROV_LEAVE(WP_LOG_COMP_ECDH, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
     return ok;
 }
@@ -460,8 +470,10 @@ static int wp_ecdh_set_param_kdf_digest(wp_EcdhCtx* ctx,
     }
     if (ok && (mdName != NULL)) {
         const char* mdProps = NULL;
+        size_t mdNameLen = OPENSSL_strnlen(mdName, sizeof(ctx->kdfMdName) - 1);
 
-        XMEMCPY(ctx->kdfMdName, mdName, XSTRLEN(mdName) + 1);
+        XMEMCPY(ctx->kdfMdName, mdName, mdNameLen);
+        ctx->kdfMdName[mdNameLen] = '\0';
         if (!wp_params_get_utf8_string_ptr(params,
                     OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS, &mdProps)) {
             ok = 0;

src/wp_internal.c

@@ -994,6 +994,8 @@ int wp_encrypt_key(WOLFPROV_CTX* provCtx, const char* cipherName,
         *keyLen = len;
     }
 
+    OPENSSL_cleanse(password, sizeof(password));
+
     WOLFPROV_LEAVE(WP_LOG_COMP_PROVIDER, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
     return ok;
 #else

src/wp_rsa_kmgmt.c

@@ -2472,6 +2472,8 @@ static int wp_rsa_decode_enc_pki(wp_Rsa* rsa, unsigned char* data, word32 len,
         ok = wp_rsa_decode_pki(rsa, data, len);
     }
 
+    OPENSSL_cleanse(password, sizeof(password));
+
     WOLFPROV_LEAVE_SILENT(WP_LOG_COMP_RSA, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__),
         ok);
     return ok;
@@ -3263,6 +3265,8 @@ static int wp_rsa_encode_enc_pki(const wp_RsaEncDecCtx* ctx, const wp_Rsa* rsa,
 
     XFREE(encodedKey, NULL, DYNAMIC_TYPE_RSA_BUFFER);
 
+    OPENSSL_cleanse(password, sizeof(password));
+
     WOLFPROV_LEAVE(WP_LOG_COMP_RSA, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
     return ok;
 }