feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fixed FreeCRL issue with strdup memory. Added additional checks for WOLF_AES_CBC and WOLF_AES_COUNTER. Disabled memory tracker by default for wolfCrypt test and benchmark. Updated README to better document Linux Binutils LD bug workaround.

Browse Source
This commit is contained in:
David Garske
2016-03-16 09:41:19 -07:00
parent f0ea9d747f
commit 0683ecb727
9 changed files with 90 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README
View File

@@ -162,8 +162,8 @@ Release 3.6.0 of wolfSSL has bug fixes and new features including:
- ECC make key crash fix on RNG failure, ECC users must update. - ECC make key crash fix on RNG failure, ECC users must update.
- Improvements to usage of time code. - Improvements to usage of time code.
- Improvements to VS solution files. - Improvements to VS solution files.
- GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error - GNU Binutils 2.24 (and late 2.23) ld has problems with some debug builds,
add -fdebug-types-section to C_EXTRA_FLAGS to fix an ld error add C_EXTRA_FLAGS="-fdebug-types-section -g1".
- No high level security fixes that requires an update though we always - No high level security fixes that requires an update though we always
recommend updating to the latest (except note 14, ecc RNG failure) recommend updating to the latest (except note 14, ecc RNG failure)

27
src/crl.c
View File

@@ -832,14 +832,14 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
if (s.st_mode & S_IFREG) { if (s.st_mode & S_IFREG) {
if (type == SSL_FILETYPE_PEM) { if (type == SSL_FILETYPE_PEM) {
if (strstr(entry->d_name, ".pem") == NULL) { if (XSTRSTR(entry->d_name, ".pem") == NULL) {
WOLFSSL_MSG("not .pem file, skipping"); WOLFSSL_MSG("not .pem file, skipping");
continue; continue;
} }
} }
else { else {
if (strstr(entry->d_name, ".der") == NULL && if (XSTRSTR(entry->d_name, ".der") == NULL &&
strstr(entry->d_name, ".crl") == NULL) { XSTRSTR(entry->d_name, ".crl") == NULL) {
WOLFSSL_MSG("not .der or .crl file, skipping"); WOLFSSL_MSG("not .der or .crl file, skipping");
continue; continue;
@@ -858,18 +858,23 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
#endif #endif
if (monitor & WOLFSSL_CRL_MONITOR) { if (monitor & WOLFSSL_CRL_MONITOR) {
word32 pathLen;
char* pathBuf;
WOLFSSL_MSG("monitor path requested"); WOLFSSL_MSG("monitor path requested");
pathLen = (word32)XSTRLEN(path);
pathBuf = (char*)XMALLOC(pathLen+1, NULL, DYNAMIC_TYPE_CRL_MONITOR);
if (pathBuf) {
XSTRNCPY(pathBuf, path, pathLen);
pathBuf[pathLen] = '\0'; /* Null Terminate */
if (type == SSL_FILETYPE_PEM) { if (type == SSL_FILETYPE_PEM) {
crl->monitors[0].path = strdup(path); crl->monitors[0].path = pathBuf;
crl->monitors[0].type = SSL_FILETYPE_PEM; crl->monitors[0].type = SSL_FILETYPE_PEM;
if (crl->monitors[0].path == NULL)
ret = MEMORY_E;
} else { } else {
crl->monitors[1].path = strdup(path); crl->monitors[1].path = pathBuf;
crl->monitors[1].type = SSL_FILETYPE_ASN1; crl->monitors[1].type = SSL_FILETYPE_ASN1;
if (crl->monitors[1].path == NULL)
ret = MEMORY_E;
} }
if (monitor & WOLFSSL_CRL_START_MON) { if (monitor & WOLFSSL_CRL_START_MON) {
@@ -878,6 +883,10 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
ret = StartMonitorCRL(crl); ret = StartMonitorCRL(crl);
} }
} }
else {
ret = MEMORY_E;
}
}
closedir(dir); closedir(dir);

9
src/ssl.c
View File

@@ -2785,7 +2785,7 @@ static int wolfssl_decrypt_buffer_key(DerBuffer* der, byte* password,
ret = wc_Des3_CbcDecryptWithKey(der->buffer, der->buffer, der->length, ret = wc_Des3_CbcDecryptWithKey(der->buffer, der->buffer, der->length,
key, info->iv); key, info->iv);
#endif /* NO_DES3 */ #endif /* NO_DES3 */
#ifndef NO_AES #if !defined(NO_AES) && defined(HAVE_AES_CBC)
if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0) if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length, ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
key, AES_128_KEY_SIZE, info->iv); key, AES_128_KEY_SIZE, info->iv);
@@ -2795,7 +2795,7 @@ static int wolfssl_decrypt_buffer_key(DerBuffer* der, byte* password,
else if (XSTRNCMP(info->name, EVP_AES_256_CBC, EVP_AES_SIZE) == 0) else if (XSTRNCMP(info->name, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)
ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length, ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
key, AES_256_KEY_SIZE, info->iv); key, AES_256_KEY_SIZE, info->iv);
#endif /* NO_AES */ #endif /* !NO_AES && HAVE_AES_CBC */
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -9123,6 +9123,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
switch (ctx->cipherType) { switch (ctx->cipherType) {
#ifndef NO_AES #ifndef NO_AES
#ifdef HAVE_AES_CBC
case AES_128_CBC_TYPE : case AES_128_CBC_TYPE :
case AES_192_CBC_TYPE : case AES_192_CBC_TYPE :
case AES_256_CBC_TYPE : case AES_256_CBC_TYPE :
@@ -9132,7 +9133,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
else else
ret = wc_AesCbcDecrypt(&ctx->cipher.aes, dst, src, len); ret = wc_AesCbcDecrypt(&ctx->cipher.aes, dst, src, len);
break; break;
#endif /* HAVE_AES_CBC */
#ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_COUNTER
case AES_128_CTR_TYPE : case AES_128_CTR_TYPE :
case AES_192_CTR_TYPE : case AES_192_CTR_TYPE :
@@ -9140,7 +9141,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
WOLFSSL_MSG("AES CTR"); WOLFSSL_MSG("AES CTR");
wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len); wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len);
break; break;
#endif #endif /* WOLFSSL_AES_COUNTER */
#endif /* NO_AES */ #endif /* NO_AES */
#ifndef NO_DES3 #ifndef NO_DES3

22
wolfcrypt/benchmark/benchmark.c
View File

@@ -256,7 +256,7 @@ int benchmark_test(void *args)
(void)args; (void)args;
#endif #endif
#ifdef USE_WOLFSSL_MEMORY #if defined(USE_WOLFSSL_MEMORY) && defined(WOLFSSL_TRACK_MEMORY)
InitMemoryTracker(); InitMemoryTracker();
#endif #endif
@@ -290,20 +290,21 @@ int benchmark_test(void *args)
#endif #endif
#ifndef NO_AES #ifndef NO_AES
#ifdef HAVE_AES_CBC
bench_aes(0); bench_aes(0);
bench_aes(1); bench_aes(1);
#endif #endif
#ifdef HAVE_AESGCM #ifdef HAVE_AESGCM
bench_aesgcm(); bench_aesgcm();
#endif #endif
#ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_COUNTER
bench_aesctr(); bench_aesctr();
#endif #endif
#ifdef HAVE_AESCCM #ifdef HAVE_AESCCM
bench_aesccm(); bench_aesccm();
#endif #endif
#endif /* !NO_AES */
#ifdef HAVE_CAMELLIA #ifdef HAVE_CAMELLIA
bench_camellia(); bench_camellia();
#endif #endif
@@ -399,7 +400,7 @@ int benchmark_test(void *args)
wc_FreeRng(&rng); wc_FreeRng(&rng);
#endif #endif
#ifdef USE_WOLFSSL_MEMORY #if defined(USE_WOLFSSL_MEMORY) && defined(WOLFSSL_TRACK_MEMORY)
ShowMemoryTracker(); ShowMemoryTracker();
#endif #endif
@@ -428,6 +429,7 @@ static const char blockType[] = "megs"; /* used in printf output */
#ifndef NO_AES #ifndef NO_AES
#ifdef HAVE_AES_CBC
void bench_aes(int show) void bench_aes(int show)
{ {
Aes enc; Aes enc;
@@ -472,8 +474,7 @@ void bench_aes(int show)
wc_AesFreeCavium(&enc); wc_AesFreeCavium(&enc);
#endif #endif
} }
#endif #endif /* HAVE_AES_CBC */
#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
static byte additional[13]; static byte additional[13];
@@ -533,7 +534,8 @@ void bench_aesgcm(void)
printf("\n"); printf("\n");
#endif #endif
} }
#endif #endif /* HAVE_AESGCM */
#ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_COUNTER
void bench_aesctr(void) void bench_aesctr(void)
@@ -563,8 +565,7 @@ void bench_aesctr(void)
SHOW_INTEL_CYCLES SHOW_INTEL_CYCLES
printf("\n"); printf("\n");
} }
#endif #endif /* WOLFSSL_AES_COUNTER */
#ifdef HAVE_AESCCM #ifdef HAVE_AESCCM
@@ -596,7 +597,8 @@ void bench_aesccm(void)
SHOW_INTEL_CYCLES SHOW_INTEL_CYCLES
printf("\n"); printf("\n");
} }
#endif #endif /* HAVE_AESCCM */
#endif /* !NO_AES */
#ifdef HAVE_POLY1305 #ifdef HAVE_POLY1305

20
wolfcrypt/src/aes.c
View File

@@ -43,6 +43,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
} }
#ifdef HAVE_AES_CBC
int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{ {
return AesCbcEncrypt_fips(aes, out, in, sz); return AesCbcEncrypt_fips(aes, out, in, sz);
@@ -54,6 +55,7 @@ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
return AesCbcDecrypt_fips(aes, out, in, sz); return AesCbcDecrypt_fips(aes, out, in, sz);
} }
#endif /* HAVE_AES_DECRYPT */ #endif /* HAVE_AES_DECRYPT */
#endif /* HAVE_AES_CBC */
/* AES-CTR */ /* AES-CTR */
#ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_COUNTER
@@ -252,12 +254,14 @@ void wc_AesFreeCavium(Aes* aes)
static int wc_AesCaviumSetKey(Aes* aes, const byte* key, word32 length, static int wc_AesCaviumSetKey(Aes* aes, const byte* key, word32 length,
const byte* iv); const byte* iv);
#ifdef HAVE_AES_CBC
static int wc_AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in, static int wc_AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in,
word32 length); word32 length);
#ifdef HAVE_AES_DECRYPT #ifdef HAVE_AES_DECRYPT
static int wc_AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in, static int wc_AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in,
word32 length); word32 length);
#endif /* HAVE_AES_DECRYPT */ #endif /* HAVE_AES_DECRYPT */
#endif /* HAVE_AES_CBC */
#elif defined(WOLFSSL_NRF51_AES) #elif defined(WOLFSSL_NRF51_AES)
/* Use built-in AES hardware - AES 128 ECB Encrypt Only */ /* Use built-in AES hardware - AES 128 ECB Encrypt Only */
#include "wolfssl/wolfcrypt/port/nrf51.h" #include "wolfssl/wolfcrypt/port/nrf51.h"
@@ -271,6 +275,7 @@ void wc_AesFreeCavium(Aes* aes)
#endif /* HAVE_AES_DECRYPT */ #endif /* HAVE_AES_DECRYPT */
#else #else
/* using wolfCrypt software AES implementation */ /* using wolfCrypt software AES implementation */
#define NEED_AES_TABLES #define NEED_AES_TABLES
#endif #endif
@@ -996,6 +1001,7 @@ static int haveAESNI = 0;
/* tell C compiler these are asm functions in case any mix up of ABI underscore /* tell C compiler these are asm functions in case any mix up of ABI underscore
prefix between clang/gcc/llvm etc */ prefix between clang/gcc/llvm etc */
#ifdef HAVE_AES_CBC
void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, void AES_CBC_encrypt(const unsigned char* in, unsigned char* out,
unsigned char* ivec, unsigned long length, unsigned char* ivec, unsigned long length,
const unsigned char* KS, int nr) const unsigned char* KS, int nr)
@@ -1006,7 +1012,8 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out,
unsigned char* ivec, unsigned long length, unsigned char* ivec, unsigned long length,
const unsigned char* KS, int nr) const unsigned char* KS, int nr)
XASM_LINK("AES_CBC_decrypt"); XASM_LINK("AES_CBC_decrypt");
#endif #endif /* HAVE_AES_DECRYPT */
#endif /* HAVE_AES_CBC */
void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, void AES_ECB_encrypt(const unsigned char* in, unsigned char* out,
unsigned long length, const unsigned char* KS, int nr) unsigned long length, const unsigned char* KS, int nr)
@@ -1098,6 +1105,8 @@ static int AES_set_decrypt_key(const unsigned char* userKey, const int bits,
#endif /* HAVE_AES_DECRYPT */ #endif /* HAVE_AES_DECRYPT */
#endif /* WOLFSSL_AESNI */ #endif /* WOLFSSL_AESNI */
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) ||\
defined(HAVE_AESGCM)
static void wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) static void wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
{ {
@@ -1277,8 +1286,10 @@ static void wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
XMEMCPY(outBlock + 2 * sizeof(s0), &s2, sizeof(s2)); XMEMCPY(outBlock + 2 * sizeof(s0), &s2, sizeof(s2));
XMEMCPY(outBlock + 3 * sizeof(s0), &s3, sizeof(s3)); XMEMCPY(outBlock + 3 * sizeof(s0), &s3, sizeof(s3));
} }
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT || HAVE_AESGCM */
#ifdef HAVE_AES_DECRYPT #ifdef HAVE_AES_DECRYPT
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
{ {
word32 s0, s1, s2, s3; word32 s0, s1, s2, s3;
@@ -1438,6 +1449,8 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
XMEMCPY(outBlock + 3 * sizeof(s0), &s3, sizeof(s3)); XMEMCPY(outBlock + 3 * sizeof(s0), &s3, sizeof(s3));
} }
#endif /* HAVE_AES_DECRYPT */ #endif /* HAVE_AES_DECRYPT */
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#endif /* NEED_AES_TABLES */ #endif /* NEED_AES_TABLES */
@@ -1842,6 +1855,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
/* AES-CBC */ /* AES-CBC */
#ifdef HAVE_AES_CBC
#ifdef STM32F2_CRYPTO #ifdef STM32F2_CRYPTO
int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{ {
@@ -2470,6 +2484,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
#endif #endif
#endif /* STM32F2_CRYPTO, AES-CBC block */ #endif /* STM32F2_CRYPTO, AES-CBC block */
#endif /* HAVE_AES_CBC */
/* AES-CTR */ /* AES-CTR */
#ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_COUNTER
@@ -4246,7 +4261,7 @@ static int wc_AesCaviumSetKey(Aes* aes, const byte* key, word32 length,
return wc_AesSetIV(aes, iv); return wc_AesSetIV(aes, iv);
} }
#ifdef HAVE_AES_CBC
static int wc_AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in, static int wc_AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in,
word32 length) word32 length)
{ {
@@ -4316,6 +4331,7 @@ static int wc_AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in,
return 0; return 0;
} }
#endif /* HAVE_AES_DECRYPT */ #endif /* HAVE_AES_DECRYPT */
#endif /* HAVE_AES_CBC */
#endif /* HAVE_CAVIUM */ #endif /* HAVE_CAVIUM */

3
wolfcrypt/src/ecc.c
View File

@@ -5281,6 +5281,7 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
if (ret == 0) { if (ret == 0) {
switch (ctx->encAlgo) { switch (ctx->encAlgo) {
#ifdef HAVE_AES_CBC
case ecAES_128_CBC: case ecAES_128_CBC:
{ {
Aes aes; Aes aes;
@@ -5291,7 +5292,7 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
ret = wc_AesCbcDecrypt(&aes, out, msg, msgSz-digestSz); ret = wc_AesCbcDecrypt(&aes, out, msg, msgSz-digestSz);
} }
break; break;
#endif
default: default:
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
break; break;

4
wolfcrypt/src/wc_encrypt.c
View File

@@ -30,7 +30,7 @@
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
#ifndef NO_AES #if !defined(NO_AES) && defined(HAVE_AES_CBC)
int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz, int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
const byte* key, word32 keySz, const byte* iv) const byte* key, word32 keySz, const byte* iv)
{ {
@@ -84,7 +84,7 @@ int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
return ret; return ret;
} }
#endif /* !NO_AES */ #endif /* !NO_AES && HAVE_AES_CBC */
#ifndef NO_DES3 #ifndef NO_DES3

6
wolfcrypt/test/test.c
View File

@@ -262,7 +262,7 @@ int wolfcrypt_test(void* args)
((func_args*)args)->return_code = -1; /* error state */ ((func_args*)args)->return_code = -1; /* error state */
#ifdef USE_WOLFSSL_MEMORY #if defined(USE_WOLFSSL_MEMORY) && defined(WOLFSSL_TRACK_MEMORY)
InitMemoryTracker(); InitMemoryTracker();
#endif #endif
@@ -594,7 +594,7 @@ int wolfcrypt_test(void* args)
printf( "PKCS7signed test passed!\n"); printf( "PKCS7signed test passed!\n");
#endif #endif
#ifdef USE_WOLFSSL_MEMORY #if defined(USE_WOLFSSL_MEMORY) && defined(WOLFSSL_TRACK_MEMORY)
ShowMemoryTracker(); ShowMemoryTracker();
#endif #endif
@@ -2616,11 +2616,13 @@ int des3_test(void)
#ifndef NO_AES #ifndef NO_AES
int aes_test(void) int aes_test(void)
{ {
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER)
Aes enc; Aes enc;
Aes dec; Aes dec;
byte cipher[AES_BLOCK_SIZE * 4]; byte cipher[AES_BLOCK_SIZE * 4];
byte plain [AES_BLOCK_SIZE * 4]; byte plain [AES_BLOCK_SIZE * 4];
#endif
int ret = 0; int ret = 0;
#ifdef HAVE_AES_CBC #ifdef HAVE_AES_CBC

4
wolfssl/wolfcrypt/settings.h
View File

@@ -1081,6 +1081,10 @@ static char *fgets(char *buff, int sz, FILE *fp)
#ifndef NO_AES_CBC #ifndef NO_AES_CBC
#undef HAVE_AES_CBC #undef HAVE_AES_CBC
#define HAVE_AES_CBC #define HAVE_AES_CBC
#else
#ifndef WOLFCRYPT_ONLY
#error "AES CBC is required for TLS and can only be disabled for WOLFCRYPT_ONLY builds"
#endif
#endif #endif
#endif #endif