diff --git a/wolfcrypt/src/chacha20_poly1305.c b/wolfcrypt/src/chacha20_poly1305.c index cadf7ff5b41..abea24d4dd8 100644 --- a/wolfcrypt/src/chacha20_poly1305.c +++ b/wolfcrypt/src/chacha20_poly1305.c @@ -422,7 +422,7 @@ static WC_INLINE int wc_XChaCha20Poly1305_crypt_oneshot( if (aead->poly.leftover) { if ((ret = wc_Poly1305_Pad(&aead->poly, (word32)aead->poly.leftover)) < 0) - return ret; + goto out; } #ifdef WORD64_AVAILABLE diff --git a/wolfcrypt/src/compress.c b/wolfcrypt/src/compress.c index f2e8b3e6d81..ff2aaeed021 100644 --- a/wolfcrypt/src/compress.c +++ b/wolfcrypt/src/compress.c @@ -230,7 +230,10 @@ int wc_DeCompressDynamic(byte** out, int maxSz, int memoryType, stream.next_out = tmp; stream.avail_out = (uInt)tmpSz; - if ((uLong)stream.avail_out != tmpSz) return DECOMPRESS_INIT_E; + if ((uLong)stream.avail_out != tmpSz) { + XFREE(tmp, heap, memoryType); + return DECOMPRESS_INIT_E; + } stream.zalloc = (alloc_func)myAlloc; stream.zfree = (free_func)myFree; diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c index 86e92113c19..ab59d183a7a 100644 --- a/wolfcrypt/src/dilithium.c +++ b/wolfcrypt/src/dilithium.c @@ -9953,20 +9953,18 @@ static int oqs_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig, if (ret == 0) { ret = wolfSSL_liboqsRngMutexLock(rng); + if (ret == 0) { + if (OQS_SIG_sign(oqssig, sig, &localOutLen, msg, msgLen, key->k) + == OQS_ERROR) { + ret = BAD_FUNC_ARG; + } + } + if (ret == 0) { + *sigLen = (word32)localOutLen; + } + wolfSSL_liboqsRngMutexUnlock(); } - if ((ret == 0) && - (OQS_SIG_sign(oqssig, sig, &localOutLen, msg, msgLen, key->k) - == OQS_ERROR)) { - ret = BAD_FUNC_ARG; - } - - if (ret == 0) { - *sigLen = (word32)localOutLen; - } - - wolfSSL_liboqsRngMutexUnlock(); - if (oqssig != NULL) { OQS_SIG_free(oqssig); } diff --git a/wolfcrypt/src/falcon.c b/wolfcrypt/src/falcon.c index 720001896b3..1fc38515af2 100644 --- a/wolfcrypt/src/falcon.c +++ b/wolfcrypt/src/falcon.c @@ -98,10 +98,6 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen, } } - if ((ret == 0) && (oqssig == NULL)) { - ret = BUFFER_E; - } - /* check and set up out length */ if (ret == 0) { if ((key->level == 1) && (*outLen < FALCON_LEVEL1_SIG_SIZE)) { @@ -117,20 +113,18 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen, if (ret == 0) { ret = wolfSSL_liboqsRngMutexLock(rng); + if (ret == 0) { + if (OQS_SIG_sign(oqssig, out, &localOutLen, in, inLen, key->k) + == OQS_ERROR) { + ret = BAD_FUNC_ARG; + } + } + if (ret == 0) { + *outLen = (word32)localOutLen; + } + wolfSSL_liboqsRngMutexUnlock(); } - if ((ret == 0) && - (OQS_SIG_sign(oqssig, out, &localOutLen, in, inLen, key->k) - == OQS_ERROR)) { - ret = BAD_FUNC_ARG; - } - - if (ret == 0) { - *outLen = (word32)localOutLen; - } - - wolfSSL_liboqsRngMutexUnlock(); - if (oqssig != NULL) { OQS_SIG_free(oqssig); } @@ -196,10 +190,6 @@ int wc_falcon_verify_msg(const byte* sig, word32 sigLen, const byte* msg, } } - if ((ret == 0) && (oqssig == NULL)) { - ret = BUFFER_E; - } - if ((ret == 0) && (OQS_SIG_verify(oqssig, msg, msgLen, sig, sigLen, key->p) == OQS_ERROR)) { diff --git a/wolfcrypt/src/sphincs.c b/wolfcrypt/src/sphincs.c index c8510b48ccf..fd483a52eab 100644 --- a/wolfcrypt/src/sphincs.c +++ b/wolfcrypt/src/sphincs.c @@ -131,20 +131,18 @@ int wc_sphincs_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen, if (ret == 0) { ret = wolfSSL_liboqsRngMutexLock(rng); + if (ret == 0) { + if (OQS_SIG_sign(oqssig, out, &localOutLen, in, inLen, key->k) + == OQS_ERROR) { + ret = BAD_FUNC_ARG; + } + } + if (ret == 0) { + *outLen = (word32)localOutLen; + } + wolfSSL_liboqsRngMutexUnlock(); } - if ((ret == 0) && - (OQS_SIG_sign(oqssig, out, &localOutLen, in, inLen, key->k) - == OQS_ERROR)) { - ret = BAD_FUNC_ARG; - } - - if (ret == 0) { - *outLen = (word32)localOutLen; - } - - wolfSSL_liboqsRngMutexUnlock(); - if (oqssig != NULL) { OQS_SIG_free(oqssig); }