feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fixed FreeCRL issue with strdup memory. Added additional checks for WOLF_AES_CBC and WOLF_AES_COUNTER. Disabled memory tracker by default for wolfCrypt test and benchmark. Updated README to better document Linux Binutils LD bug workaround.

Browse Source
This commit is contained in:
David Garske
2016-03-16 09:41:19 -07:00
parent f0ea9d747f
commit 0683ecb727
9 changed files with 90 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README
View File

@ -162,8 +162,8 @@ Release 3.6.0 of wolfSSL has bug fixes and new features including:
- ECC make key crash fix on RNG failure, ECC users must update.
- Improvements to usage of time code.
- Improvements to VS solution files.
- GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
add -fdebug-types-section to C_EXTRA_FLAGS
- GNU Binutils 2.24 (and late 2.23) ld has problems with some debug builds,
to fix an ld error add C_EXTRA_FLAGS="-fdebug-types-section -g1".
- No high level security fixes that requires an update though we always
recommend updating to the latest (except note 14, ecc RNG failure)

27
src/crl.c
View File

@ -832,14 +832,14 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
if (s.st_mode & S_IFREG) {
if (type == SSL_FILETYPE_PEM) {
if (strstr(entry->d_name, ".pem") == NULL) {
if (XSTRSTR(entry->d_name, ".pem") == NULL) {
WOLFSSL_MSG("not .pem file, skipping");
continue;
}
}
else {
if (strstr(entry->d_name, ".der") == NULL &&
strstr(entry->d_name, ".crl") == NULL) {
if (XSTRSTR(entry->d_name, ".der") == NULL &&
XSTRSTR(entry->d_name, ".crl") == NULL) {
WOLFSSL_MSG("not .der or .crl file, skipping");
continue;
@ -858,18 +858,23 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
#endif
if (monitor & WOLFSSL_CRL_MONITOR) {
word32 pathLen;
char* pathBuf;
WOLFSSL_MSG("monitor path requested");
pathLen = (word32)XSTRLEN(path);
pathBuf = (char*)XMALLOC(pathLen+1, NULL, DYNAMIC_TYPE_CRL_MONITOR);
if (pathBuf) {
XSTRNCPY(pathBuf, path, pathLen);
pathBuf[pathLen] = '\0'; /* Null Terminate */
if (type == SSL_FILETYPE_PEM) {
crl->monitors[0].path = strdup(path);
crl->monitors[0].path = pathBuf;
crl->monitors[0].type = SSL_FILETYPE_PEM;
if (crl->monitors[0].path == NULL)
ret = MEMORY_E;
} else {
crl->monitors[1].path = strdup(path);
crl->monitors[1].path = pathBuf;
crl->monitors[1].type = SSL_FILETYPE_ASN1;
if (crl->monitors[1].path == NULL)
ret = MEMORY_E;
}
if (monitor & WOLFSSL_CRL_START_MON) {
@ -878,6 +883,10 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
ret = StartMonitorCRL(crl);
}
}
else {
ret = MEMORY_E;
}
}
closedir(dir);

9
src/ssl.c
View File

@ -2785,7 +2785,7 @@ static int wolfssl_decrypt_buffer_key(DerBuffer* der, byte* password,
ret = wc_Des3_CbcDecryptWithKey(der->buffer, der->buffer, der->length,
key, info->iv);
#endif /* NO_DES3 */
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
key, AES_128_KEY_SIZE, info->iv);
@ -2795,7 +2795,7 @@ static int wolfssl_decrypt_buffer_key(DerBuffer* der, byte* password,
else if (XSTRNCMP(info->name, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)
ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
key, AES_256_KEY_SIZE, info->iv);
#endif /* NO_AES */
#endif /* !NO_AES && HAVE_AES_CBC */
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@ -9123,6 +9123,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
switch (ctx->cipherType) {
#ifndef NO_AES
#ifdef HAVE_AES_CBC
case AES_128_CBC_TYPE :
case AES_192_CBC_TYPE :
case AES_256_CBC_TYPE :
@ -9132,7 +9133,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
else
ret = wc_AesCbcDecrypt(&ctx->cipher.aes, dst, src, len);
break;
#endif /* HAVE_AES_CBC */
#ifdef WOLFSSL_AES_COUNTER
case AES_128_CTR_TYPE :
case AES_192_CTR_TYPE :
@ -9140,7 +9141,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
WOLFSSL_MSG("AES CTR");
wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len);
break;
#endif
#endif /* WOLFSSL_AES_COUNTER */
#endif /* NO_AES */
#ifndef NO_DES3

22
wolfcrypt/benchmark/benchmark.c
View File

@ -256,7 +256,7 @@ int benchmark_test(void *args)
(void)args;
#endif
#ifdef USE_WOLFSSL_MEMORY
#if defined(USE_WOLFSSL_MEMORY) && defined(WOLFSSL_TRACK_MEMORY)
InitMemoryTracker();
#endif
@ -290,20 +290,21 @@ int benchmark_test(void *args)
#endif
#ifndef NO_AES
#ifdef HAVE_AES_CBC
bench_aes(0);
bench_aes(1);
#endif
#ifdef HAVE_AESGCM
bench_aesgcm();
#endif
#ifdef WOLFSSL_AES_COUNTER
bench_aesctr();
#endif
#ifdef HAVE_AESCCM
bench_aesccm();
#endif
#endif /* !NO_AES */
#ifdef HAVE_CAMELLIA
bench_camellia();
#endif
@ -399,7 +400,7 @@ int benchmark_test(void *args)
wc_FreeRng(&rng);
#endif
#ifdef USE_WOLFSSL_MEMORY
#if defined(USE_WOLFSSL_MEMORY) && defined(WOLFSSL_TRACK_MEMORY)
ShowMemoryTracker();
#endif
@ -428,6 +429,7 @@ static const char blockType[] = "megs"; /* used in printf output */
#ifndef NO_AES
#ifdef HAVE_AES_CBC
void bench_aes(int show)
{
Aes enc;
@ -472,8 +474,7 @@ void bench_aes(int show)
wc_AesFreeCavium(&enc);
#endif
}
#endif
#endif /* HAVE_AES_CBC */
#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
static byte additional[13];
@ -533,7 +534,8 @@ void bench_aesgcm(void)
printf("\n");
#endif
}
#endif
#endif /* HAVE_AESGCM */
#ifdef WOLFSSL_AES_COUNTER
void bench_aesctr(void)
@ -563,8 +565,7 @@ void bench_aesctr(void)
SHOW_INTEL_CYCLES
printf("\n");
}
#endif
#endif /* WOLFSSL_AES_COUNTER */
#ifdef HAVE_AESCCM
@ -596,7 +597,8 @@ void bench_aesccm(void)
SHOW_INTEL_CYCLES
printf("\n");
}
#endif
#endif /* HAVE_AESCCM */
#endif /* !NO_AES */
#ifdef HAVE_POLY1305

20
wolfcrypt/src/aes.c
View File

@ -43,6 +43,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
}
#ifdef HAVE_AES_CBC
int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
return AesCbcEncrypt_fips(aes, out, in, sz);
@ -54,6 +55,7 @@ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
return AesCbcDecrypt_fips(aes, out, in, sz);
}
#endif /* HAVE_AES_DECRYPT */
#endif /* HAVE_AES_CBC */
/* AES-CTR */
#ifdef WOLFSSL_AES_COUNTER
@ -252,12 +254,14 @@ void wc_AesFreeCavium(Aes* aes)
static int wc_AesCaviumSetKey(Aes* aes, const byte* key, word32 length,
const byte* iv);
#ifdef HAVE_AES_CBC
static int wc_AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in,
word32 length);
#ifdef HAVE_AES_DECRYPT
static int wc_AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in,
word32 length);
#endif /* HAVE_AES_DECRYPT */
#endif /* HAVE_AES_CBC */
#elif defined(WOLFSSL_NRF51_AES)
/* Use built-in AES hardware - AES 128 ECB Encrypt Only */
#include "wolfssl/wolfcrypt/port/nrf51.h"
@ -271,6 +275,7 @@ void wc_AesFreeCavium(Aes* aes)
#endif /* HAVE_AES_DECRYPT */
#else
/* using wolfCrypt software AES implementation */
#define NEED_AES_TABLES
#endif
@ -996,6 +1001,7 @@ static int haveAESNI = 0;
/* tell C compiler these are asm functions in case any mix up of ABI underscore
prefix between clang/gcc/llvm etc */
#ifdef HAVE_AES_CBC
void AES_CBC_encrypt(const unsigned char* in, unsigned char* out,
unsigned char* ivec, unsigned long length,
const unsigned char* KS, int nr)
@ -1006,7 +1012,8 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out,
unsigned char* ivec, unsigned long length,
const unsigned char* KS, int nr)
XASM_LINK("AES_CBC_decrypt");
#endif
#endif /* HAVE_AES_DECRYPT */
#endif /* HAVE_AES_CBC */
void AES_ECB_encrypt(const unsigned char* in, unsigned char* out,
unsigned long length, const unsigned char* KS, int nr)
@ -1098,6 +1105,8 @@ static int AES_set_decrypt_key(const unsigned char* userKey, const int bits,
#endif /* HAVE_AES_DECRYPT */
#endif /* WOLFSSL_AESNI */
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) ||\
defined(HAVE_AESGCM)
static void wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
{
@ -1277,8 +1286,10 @@ static void wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
XMEMCPY(outBlock + 2 * sizeof(s0), &s2, sizeof(s2));
XMEMCPY(outBlock + 3 * sizeof(s0), &s3, sizeof(s3));
}
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT || HAVE_AESGCM */
#ifdef HAVE_AES_DECRYPT
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
{
word32 s0, s1, s2, s3;
@ -1438,6 +1449,8 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
XMEMCPY(outBlock + 3 * sizeof(s0), &s3, sizeof(s3));
}
#endif /* HAVE_AES_DECRYPT */
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#endif /* NEED_AES_TABLES */
@ -1842,6 +1855,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
/* AES-CBC */
#ifdef HAVE_AES_CBC
#ifdef STM32F2_CRYPTO
int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
@ -2470,6 +2484,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
#endif
#endif /* STM32F2_CRYPTO, AES-CBC block */
#endif /* HAVE_AES_CBC */
/* AES-CTR */
#ifdef WOLFSSL_AES_COUNTER
@ -4246,7 +4261,7 @@ static int wc_AesCaviumSetKey(Aes* aes, const byte* key, word32 length,
return wc_AesSetIV(aes, iv);
}
#ifdef HAVE_AES_CBC
static int wc_AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in,
word32 length)
{
@ -4316,6 +4331,7 @@ static int wc_AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in,
return 0;
}
#endif /* HAVE_AES_DECRYPT */
#endif /* HAVE_AES_CBC */
#endif /* HAVE_CAVIUM */

3
wolfcrypt/src/ecc.c
View File

@ -5281,6 +5281,7 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
if (ret == 0) {
switch (ctx->encAlgo) {
#ifdef HAVE_AES_CBC
case ecAES_128_CBC:
{
Aes aes;
@ -5291,7 +5292,7 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
ret = wc_AesCbcDecrypt(&aes, out, msg, msgSz-digestSz);
}
break;
#endif
default:
ret = BAD_FUNC_ARG;
break;

4
wolfcrypt/src/wc_encrypt.c
View File

@ -30,7 +30,7 @@
#include <wolfssl/wolfcrypt/error-crypt.h>
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
const byte* key, word32 keySz, const byte* iv)
{
@ -84,7 +84,7 @@ int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
return ret;
}
#endif /* !NO_AES */
#endif /* !NO_AES && HAVE_AES_CBC */
#ifndef NO_DES3

6
wolfcrypt/test/test.c
View File

@ -262,7 +262,7 @@ int wolfcrypt_test(void* args)
((func_args*)args)->return_code = -1; /* error state */
#ifdef USE_WOLFSSL_MEMORY
#if defined(USE_WOLFSSL_MEMORY) && defined(WOLFSSL_TRACK_MEMORY)
InitMemoryTracker();
#endif
@ -594,7 +594,7 @@ int wolfcrypt_test(void* args)
printf( "PKCS7signed test passed!\n");
#endif
#ifdef USE_WOLFSSL_MEMORY
#if defined(USE_WOLFSSL_MEMORY) && defined(WOLFSSL_TRACK_MEMORY)
ShowMemoryTracker();
#endif
@ -2616,11 +2616,13 @@ int des3_test(void)
#ifndef NO_AES
int aes_test(void)
{
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER)
Aes enc;
Aes dec;
byte cipher[AES_BLOCK_SIZE * 4];
byte plain [AES_BLOCK_SIZE * 4];
#endif
int ret = 0;
#ifdef HAVE_AES_CBC

4
wolfssl/wolfcrypt/settings.h
View File

@ -1081,6 +1081,10 @@ static char *fgets(char *buff, int sz, FILE *fp)
#ifndef NO_AES_CBC
#undef HAVE_AES_CBC
#define HAVE_AES_CBC
#else
#ifndef WOLFCRYPT_ONLY
#error "AES CBC is required for TLS and can only be disabled for WOLFCRYPT_ONLY builds"
#endif
#endif
#endif