Release Fixes

1. Fix for the enable-afalg option from Jacob Barthelmeh.
2. Client fix for enable-sp+enable-sp-math option from David Garske.
3. Added a couple of typecasts to some mallocs.
4. Modified the option guard for the mask member of Options for the webserver build.
5. Added some more padding to the opaque structures used for SHA_CTX and AES_KEY.
6. Added WOLFSSL_API to the stack logging functions.

examples/client/client.c

@@ -44,7 +44,8 @@
 
 #ifdef USE_FAST_MATH
     /* included to inspect the size of FP_MAX_BITS */
-    #include <wolfssl/wolfcrypt/tfm.h>
+    /* need integer.h header to make sure right math version used */
+    #include <wolfssl/wolfcrypt/integer.h>
 #endif
 #ifdef HAVE_ECC
     #include <wolfssl/wolfcrypt/ecc.h>

src/ssl.c

@@ -345,7 +345,7 @@ int wolfSSL_CTX_new_rng(WOLFSSL_CTX* ctx)
         return BAD_FUNC_ARG;
     }
 
-    rng = XMALLOC(sizeof(WC_RNG), ctx->heap, DYNAMIC_TYPE_RNG);
+    rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), ctx->heap, DYNAMIC_TYPE_RNG);
     if (rng == NULL) {
         return MEMORY_E;
     }

wolfcrypt/src/port/af_alg/afalg_aes.c

@@ -664,17 +664,25 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         return ret;
     }
 
-    /* first 16 bytes was all 0's */
-    iov[0].iov_base = scratch;
-    iov[0].iov_len  = authInSz;
+    {
+        byte* tmp = (byte*)XMALLOC(authInSz, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        if (tmp == NULL) {
+            return MEMORY_E;
+        }
+        /* first 16 bytes was all 0's */
+        iov[0].iov_base = tmp;
+        (void)scratch;
+        iov[0].iov_len  = authInSz;
 
-    iov[1].iov_base = out;
-    iov[1].iov_len  = sz;
+        iov[1].iov_base = out;
+        iov[1].iov_len  = sz;
 
-    iov[2].iov_base = authTag;
-    iov[2].iov_len  = authTagSz;
+        iov[2].iov_base = authTag;
+        iov[2].iov_len  = authTagSz;
 
-    ret = (int)readv(aes->rdFd, iov, 3);
+        ret = (int)readv(aes->rdFd, iov, 3);
+        XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    }
     if (ret < 0) {
         return ret;
     }
@@ -852,14 +860,22 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
         return ret;
     }
 
-    iov[0].iov_base = scratch;
-    iov[0].iov_len  = authInSz;
-    iov[1].iov_base = out;
-    iov[1].iov_len  = sz;
-    ret = (int)readv(aes->rdFd, iov, 2);
+    {
+        byte* tmp = (byte*)XMALLOC(authInSz, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        if (tmp == NULL) {
+            return MEMORY_E;
+        }
+        iov[0].iov_base = tmp;
+        iov[0].iov_len  = authInSz;
+        iov[1].iov_base = out;
+        iov[1].iov_len  = sz;
+        ret = (int)readv(aes->rdFd, iov, 2);
+        XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    }
     if (ret < 0) {
         return AES_GCM_AUTH_E;
     }
+    (void)scratch;
 #endif
 
     return 0;

wolfcrypt/src/rsa.c

@@ -1839,7 +1839,8 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
                 int cleara = 0, clearb = 0;
 
             #ifdef WOLFSSL_SMALL_STACK
-                tmpa = XMALLOC(sizeof(mp_int) * 2, key->heap, DYNAMIC_TYPE_RSA);
+                tmpa = (mp_int*)XMALLOC(sizeof(mp_int) * 2,
+                        key->heap, DYNAMIC_TYPE_RSA);
                 if (tmpa != NULL)
                     tmpb = tmpa + 1;
                 else

wolfcrypt/test/test.c

@@ -9208,7 +9208,7 @@ int decodedCertCache_test(void)
 #endif /* defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) &&
           defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) */
 
-#if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
+#if !defined(NO_ASN) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
 static int rsa_flatten_test(RsaKey* key)
 {
     int    ret;
@@ -11575,7 +11575,7 @@ int rsa_test(void)
         return ret;
 #endif
 
-#if !defined(NO_ASN) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
+#if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
     ret = rsa_flatten_test(&key);
     if (ret != 0)
         return ret;

wolfssl/internal.h

@@ -3182,7 +3182,7 @@ typedef struct Options {
     wc_psk_server_tls13_callback server_psk_tls13_cb;  /* server callback */
 #endif
 #endif /* NO_PSK */
-#ifdef OPENSSL_EXTRA
+#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
     unsigned long     mask; /* store SSL_OP_ flags */
 #endif
 

wolfssl/openssl/aes.h

@@ -56,6 +56,9 @@ typedef struct WOLFSSL_AES_KEY {
     #ifdef WOLFSSL_AFALG
     void* afalg_holder[288 / sizeof(void*)];
     #endif
+    #ifdef HAVE_PKCS11
+    void* pkcs11_holder[(AES_MAX_ID_LEN + sizeof(int)) / sizeof(void*)];
+    #endif
 } WOLFSSL_AES_KEY;
 typedef WOLFSSL_AES_KEY AES_KEY;
 

wolfssl/openssl/sha.h

@@ -40,6 +40,9 @@
 typedef struct WOLFSSL_SHA_CTX {
     /* big enough to hold wolfcrypt Sha, but check on init */
     void* holder[(112 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
+    #ifdef WOLF_CRYPTO_CB
+    void* cryptocb_holder[(sizeof(int) + sizeof(void*) + 4) / sizeof(void*)];
+    #endif
 } WOLFSSL_SHA_CTX;
 
 WOLFSSL_API int wolfSSL_SHA_Init(WOLFSSL_SHA_CTX*);

wolfssl/wolfcrypt/memory.h

@@ -197,6 +197,13 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb*,
     WOLFSSL_API int wolfSSL_MemoryPaddingSz(void);
 #endif /* WOLFSSL_STATIC_MEMORY */
 
+#ifdef WOLFSSL_STACK_LOG
+    WOLFSSL_API void __attribute__((no_instrument_function))
+            __cyg_profile_func_enter(void *func,  void *caller);
+    WOLFSSL_API void __attribute__((no_instrument_function))
+            __cyg_profile_func_exit(void *func, void *caller);
+#endif /* WOLFSSL_STACK_LOG */
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif