diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index b060754d..3438fe12 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -713,16 +713,15 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) aString[i] = ASN1_OCTET_STRING_new(); tempOct[i] = ASN1_OCTET_STRING_new(); temp[i] = NULL; + buflen = 0; if ((name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i)) == NULL) { OPENSSL_free(name); for (i = 0; i < oqsxkey->numkeys; i++) { - OPENSSL_free(temp[i]); - OPENSSL_free(cbuf[i]); - OPENSSL_free(aType[i]); - OPENSSL_free(aString[i]); - OPENSSL_free(tempOct[i]); + ASN1_OCTET_STRING_free(aString[i]); + ASN1_OCTET_STRING_free(tempOct[i]); + ASN1_TYPE_free(aType[i]); } OPENSSL_free(sk); return -1; @@ -740,11 +739,9 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) if (buflen > oqsxkey->privkeylen_cmp[i]) { OPENSSL_free(name); for (i = 0; i < oqsxkey->numkeys; i++) { - OPENSSL_free(temp[i]); - OPENSSL_free(cbuf[i]); - OPENSSL_free(aType[i]); - OPENSSL_free(aString[i]); - OPENSSL_free(tempOct[i]); + ASN1_OCTET_STRING_free(aString[i]); + ASN1_OCTET_STRING_free(tempOct[i]); + ASN1_TYPE_free(aType[i]); } OPENSSL_free(sk); ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); @@ -756,7 +753,6 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) buflen = oqsxkey->privkeylen_cmp[i] + oqsxkey->pubkeylen_cmp[i]; cbuf[i] = OPENSSL_malloc(buflen); - memcpy(cbuf[i], oqsxkey->comp_privkey[i], buflen); if (get_oqsname_fromtls(name) != 0) { // include pubkey in privkey for PQC memcpy(cbuf[i], oqsxkey->comp_privkey[i], @@ -773,11 +769,9 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) if (!sk_ASN1_TYPE_push(sk, aType[i])) { for (i = 0; i < oqsxkey->numkeys; i++) { - OPENSSL_free(temp[i]); - OPENSSL_free(cbuf[i]); - OPENSSL_free(aType[i]); - OPENSSL_free(aString[i]); - OPENSSL_free(tempOct[i]); + ASN1_OCTET_STRING_free(aString[i]); + ASN1_OCTET_STRING_free(tempOct[i]); + ASN1_TYPE_free(aType[i]); } OPENSSL_free(sk); OPENSSL_free(name); @@ -788,11 +782,9 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) keybloblen = i2d_ASN1_SEQUENCE_ANY(sk, pder); for (i = 0; i < oqsxkey->numkeys; i++) { - OPENSSL_free(temp[i]); - OPENSSL_free(cbuf[i]); - OPENSSL_free(aType[i]); - OPENSSL_free(aString[i]); - OPENSSL_free(tempOct[i]); + ASN1_OCTET_STRING_free(aString[i]); + ASN1_OCTET_STRING_free(tempOct[i]); + ASN1_TYPE_free(aType[i]); } OPENSSL_free(sk); diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 17117459..45fffb79 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -471,11 +471,11 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, <= 0)) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); OPENSSL_free(name); - OPENSSL_free(evp_ctx); + EVP_MD_CTX_free(evp_ctx); OPENSSL_free(buf); goto endsign; } - OPENSSL_free(evp_ctx); + EVP_MD_CTX_free(evp_ctx); } else { if ((classical_ctx_sign = EVP_PKEY_CTX_new(oqs_key_classic, NULL)) @@ -591,9 +591,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } oqs_sig_len = i2d_CompositeSignature(compsig, &sig); - OPENSSL_free(compsig->sig1->data); - OPENSSL_free(compsig->sig2->data); - OPENSSL_free(compsig); + CompositeSignature_free(compsig); OPENSSL_free(final_tbs); } else if (OQS_SIG_sign(oqs_key, sig + index, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys - 1]) @@ -809,10 +807,10 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, <= 0)) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); OPENSSL_free(name); - OPENSSL_free(evp_ctx); + EVP_MD_CTX_free(evp_ctx); goto endverify; } - OPENSSL_free(evp_ctx); + EVP_MD_CTX_free(evp_ctx); } else { if (((ctx_verify = EVP_PKEY_CTX_new(oqsxkey->classical_pkey, NULL)) @@ -893,7 +891,7 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, OPENSSL_free(name); } - OPENSSL_free(compsig); + CompositeSignature_free(compsig); OPENSSL_free(final_tbs); } else { if (!oqsxkey->comp_pubkey[oqsxkey->numkeys - 1]) { diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 4ed9666e..81bbb072 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -1387,29 +1387,32 @@ void oqsx_key_free(OQSX_KEY *key) #endif OPENSSL_free(key->propq); + OPENSSL_free(key->tls_name); OPENSSL_secure_clear_free(key->privkey, key->privkeylen); OPENSSL_secure_clear_free(key->pubkey, key->pubkeylen); OPENSSL_free(key->comp_pubkey); OPENSSL_free(key->comp_privkey); + if (key->keytype == KEY_TYPE_CMP_SIG) { + OPENSSL_free(key->privkeylen_cmp); + OPENSSL_free(key->pubkeylen_cmp); + } if (key->keytype == KEY_TYPE_KEM) OQS_KEM_free(key->oqsx_provider_ctx.oqsx_qs_ctx.kem); else if (key->keytype == KEY_TYPE_ECP_HYB_KEM || key->keytype == KEY_TYPE_ECX_HYB_KEM) { OQS_KEM_free(key->oqsx_provider_ctx.oqsx_qs_ctx.kem); - } else { + } else OQS_SIG_free(key->oqsx_provider_ctx.oqsx_qs_ctx.sig); - if (key->oqsx_provider_ctx.oqsx_evp_ctx) { - EVP_PKEY_CTX_free(key->oqsx_provider_ctx.oqsx_evp_ctx->ctx); - EVP_PKEY_free(key->oqsx_provider_ctx.oqsx_evp_ctx->keyParam); - OPENSSL_free(key->oqsx_provider_ctx.oqsx_evp_ctx); - } + EVP_PKEY_free(key->classical_pkey); + if (key->oqsx_provider_ctx.oqsx_evp_ctx) { + EVP_PKEY_CTX_free(key->oqsx_provider_ctx.oqsx_evp_ctx->ctx); + EVP_PKEY_free(key->oqsx_provider_ctx.oqsx_evp_ctx->keyParam); + OPENSSL_free(key->oqsx_provider_ctx.oqsx_evp_ctx); } - OPENSSL_free(key->tls_name); #ifdef OQS_PROVIDER_NOATOMIC CRYPTO_THREAD_lock_free(key->lock); #endif - OPENSSL_free(key->classical_pkey); OPENSSL_free(key); }