Merge pull request #896 from yosuke-wolfssl/fix_Fenrir858-859

Fix fenrir858-859

Author: dgarske

src/internal.c

@@ -5014,8 +5014,13 @@ static int ParseEd25519PubKey(WOLFSSH *ssh,
     if (ret == WS_SUCCESS) {
         ret = wc_ed25519_import_public(encA, encASz,
                 &sigKeyBlock_ptr->sk.ed25519.key);
-        if (ret != 0)
+        if (ret != 0) {
             ret = WS_ED25519_E;
+        }
+    }
+
+    if (ret == 0) {
+        sigKeyBlock_ptr->keyAllocated = 1;
     }
     return ret;
 }
@@ -5328,6 +5333,11 @@ static void FreePubKey(struct wolfSSH_sigKeyBlock *p)
             wc_ecc_free(&p->sk.ecc.key);
         #endif
         }
+        else if (p->useEd25519) {
+        #ifndef WOLFSSH_NO_ED25519
+            wc_ed25519_free(&p->sk.ed25519.key);
+        #endif
+        }
         p->keyAllocated = 0;
     }
 }
@@ -14090,10 +14100,12 @@ static int BuildUserAuthRequestRsa(WOLFSSH* ssh,
         if (ret == WS_SUCCESS) {
             WMEMSET(digest, 0, sizeof(digest));
             ret = wc_HashInit(&hash, hashId);
-            if (ret == WS_SUCCESS)
+            if (ret == WS_SUCCESS) {
                 ret = HashUpdate(&hash, hashId, checkData, checkDataSz);
-            if (ret == WS_SUCCESS)
-                ret = wc_HashFinal(&hash, hashId, digest);
+                if (ret == WS_SUCCESS)
+                    ret = wc_HashFinal(&hash, hashId, digest);
+                wc_HashFree(&hash, hashId);
+            }
         }
 
         if (ret == WS_SUCCESS) {
@@ -14324,11 +14336,12 @@ static int BuildUserAuthRequestRsaCert(WOLFSSH* ssh,
 
             WMEMSET(digest, 0, sizeof(digest));
             ret = wc_HashInit(&hash, hashId);
-            if (ret == WS_SUCCESS)
+            if (ret == WS_SUCCESS) {
                 ret = HashUpdate(&hash, hashId, checkData, checkDataSz);
-            if (ret == WS_SUCCESS)
-                ret = wc_HashFinal(&hash, hashId, digest);
-
+                if (ret == WS_SUCCESS)
+                    ret = wc_HashFinal(&hash, hashId, digest);
+                wc_HashFree(&hash, hashId);
+            }
             if (ret == WS_SUCCESS) {
                 c32toa(keySig->sigSz + 7 + LENGTH_SZ * 2, output + begin);
                 begin += LENGTH_SZ;
@@ -14547,16 +14560,18 @@ static int BuildUserAuthRequestEcc(WOLFSSH* ssh,
         if (ret == WS_SUCCESS) {
             WLOG(WS_LOG_INFO, "Signing hash with ECDSA.");
             ret = wc_HashInit(&hash, hashId);
-            if (ret == WS_SUCCESS)
+            if (ret == WS_SUCCESS) {
                 ret = HashUpdate(&hash, hashId, checkData, checkDataSz);
-            if (ret == WS_SUCCESS)
-                ret = wc_HashFinal(&hash, hashId, digest);
-            if (ret == WS_SUCCESS)
-                ret = wc_ecc_sign_hash(digest, digestSz, sig_ptr, &sigSz,
-                        ssh->rng, &keySig->ks.ecc.key);
-            if (ret != WS_SUCCESS) {
-                WLOG(WS_LOG_DEBUG, "SUAR: Bad ECC Sign");
-                ret = WS_ECC_E;
+                if (ret == WS_SUCCESS)
+                    ret = wc_HashFinal(&hash, hashId, digest);
+                if (ret == WS_SUCCESS)
+                    ret = wc_ecc_sign_hash(digest, digestSz, sig_ptr, &sigSz,
+                            ssh->rng, &keySig->ks.ecc.key);
+                if (ret != WS_SUCCESS) {
+                    WLOG(WS_LOG_DEBUG, "SUAR: Bad ECC Sign");
+                    ret = WS_ECC_E;
+                }
+                wc_HashFree(&hash, hashId);
             }
         }
 
@@ -14787,16 +14802,18 @@ static int BuildUserAuthRequestEccCert(WOLFSSH* ssh,
         if (ret == WS_SUCCESS) {
             WLOG(WS_LOG_INFO, "Signing hash with ECDSA cert.");
             ret = wc_HashInit(&hash, hashId);
-            if (ret == WS_SUCCESS)
+            if (ret == WS_SUCCESS) {
                 ret = HashUpdate(&hash, hashId, checkData, checkDataSz);
-            if (ret == WS_SUCCESS)
-                ret = wc_HashFinal(&hash, hashId, digest);
-            if (ret == WS_SUCCESS)
-                ret = wc_ecc_sign_hash(digest, digestSz, sig, &sigSz,
-                        ssh->rng, &keySig->ks.ecc.key);
-            if (ret != WS_SUCCESS) {
-                WLOG(WS_LOG_DEBUG, "SUAR: Bad ECC Cert Sign");
-                ret = WS_ECC_E;
+                if (ret == WS_SUCCESS)
+                    ret = wc_HashFinal(&hash, hashId, digest);
+                if (ret == WS_SUCCESS)
+                    ret = wc_ecc_sign_hash(digest, digestSz, sig, &sigSz,
+                            ssh->rng, &keySig->ks.ecc.key);
+                if (ret != WS_SUCCESS) {
+                    WLOG(WS_LOG_DEBUG, "SUAR: Bad ECC Cert Sign");
+                    ret = WS_ECC_E;
+                }
+                wc_HashFree(&hash, hashId);
             }
         }