feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

fix resource leak (missing calls to wc_AesFree()) in wolfSSL_EVP_CIPHER_CTX_cleanup();

Browse Source 
fix file descriptor leaks in AF_ALG code, and fix return codes (WC_AFALG_SOCK_E, not -1) in afalg_aes.c;

fixes for sanitizer-detected forbidden null pointer args in AfalgHashUpdate() and AfalgHashCopy();

fixes for resource leaks in api.c test_wolfSSL_AES_cbc_encrypt() (missing wc_AesFree()s);

fixes for resource leaks in test.c openssl_test() (missing wolfSSL_EVP_CIPHER_CTX_cleanup());

also some local fixes for bugprone-signed-char-misuse, readability-redundant-preprocessor, and clang-diagnostic-strict-prototypes, in src/pk.c and src/ssl.c.
This commit is contained in:
Daniel Pouzzner
2023-02-01 00:49:34 -06:00
parent 462f76c1ff
commit 38c057a084
8 changed files with 145 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/pk.c
View File

@ -12521,7 +12521,7 @@ point_conversion_form_t wolfSSL_EC_KEY_get_conv_form(const WOLFSSL_EC_KEY* key)
int ret = -1; int ret = -1;
if (key != NULL) { if (key != NULL) {
ret = key->form; ret = (int)(unsigned char)key->form;
} }
return ret; return ret;

5
src/ssl.c
View File

@ -295,14 +295,13 @@ int wc_OBJ_sn2nid(const char *sn)
#define HAVE_GLOBAL_RNG /* consolidate flags for using globalRNG */ #define HAVE_GLOBAL_RNG /* consolidate flags for using globalRNG */
static WC_RNG globalRNG; static WC_RNG globalRNG;
static int initGlobalRNG = 0; static int initGlobalRNG = 0;
#ifndef WOLFCRYPT_ONLY
static wolfSSL_Mutex globalRNGMutex; static wolfSSL_Mutex globalRNGMutex;
static int globalRNGMutex_valid = 0; static int globalRNGMutex_valid = 0;
#if defined(OPENSSL_EXTRA) && defined(HAVE_HASHDRBG) #if defined(OPENSSL_EXTRA) && defined(HAVE_HASHDRBG)
static WOLFSSL_DRBG_CTX* gDrbgDefCtx = NULL; static WOLFSSL_DRBG_CTX* gDrbgDefCtx = NULL;
#endif #endif
#endif
WC_RNG* wolfssl_get_global_rng(void) WC_RNG* wolfssl_get_global_rng(void)
{ {
@ -321,7 +320,7 @@ WC_RNG* wolfssl_get_global_rng(void)
* @return Global RNG on success. * @return Global RNG on success.
* @return NULL on error. * @return NULL on error.
*/ */
WC_RNG* wolfssl_make_global_rng() WC_RNG* wolfssl_make_global_rng(void)
{ {
WC_RNG* ret; WC_RNG* ret;

10
tests/api.c
View File

@ -44173,6 +44173,7 @@ static int test_wolfSSL_AES_cbc_encrypt(void)
AssertIntEQ(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(pt128, out, len, &aes, iv128tmp, AES_ENCRYPT); wolfSSL_AES_cbc_encrypt(pt128, out, len, &aes, iv128tmp, AES_ENCRYPT);
AssertIntEQ(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
wc_AesFree((Aes*)&aes);
#ifdef HAVE_AES_DECRYPT #ifdef HAVE_AES_DECRYPT
@ -44184,6 +44185,7 @@ static int test_wolfSSL_AES_cbc_encrypt(void)
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key128, sizeof(key128)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_set_decrypt_key(key128, sizeof(key128)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(ct128, out, len, &aes, iv128tmp, AES_DECRYPT); wolfSSL_AES_cbc_encrypt(ct128, out, len, &aes, iv128tmp, AES_DECRYPT);
AssertIntEQ(XMEMCMP(out, pt128, AES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(out, pt128, AES_BLOCK_SIZE), 0);
wc_AesFree((Aes*)&aes);
#endif #endif
@ -44217,6 +44219,7 @@ static int test_wolfSSL_AES_cbc_encrypt(void)
AssertIntEQ(wolfSSL_AES_set_encrypt_key(key192, sizeof(key192)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_set_encrypt_key(key192, sizeof(key192)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(pt192, out, len, &aes, iv192tmp, AES_ENCRYPT); wolfSSL_AES_cbc_encrypt(pt192, out, len, &aes, iv192tmp, AES_ENCRYPT);
AssertIntEQ(XMEMCMP(out, ct192, AES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(out, ct192, AES_BLOCK_SIZE), 0);
wc_AesFree((Aes*)&aes);
#ifdef HAVE_AES_DECRYPT #ifdef HAVE_AES_DECRYPT
@ -44228,6 +44231,7 @@ static int test_wolfSSL_AES_cbc_encrypt(void)
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key192, sizeof(key192)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_set_decrypt_key(key192, sizeof(key192)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(ct192, out, len, &aes, iv192tmp, AES_DECRYPT); wolfSSL_AES_cbc_encrypt(ct192, out, len, &aes, iv192tmp, AES_DECRYPT);
AssertIntEQ(XMEMCMP(out, pt192, AES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(out, pt192, AES_BLOCK_SIZE), 0);
wc_AesFree((Aes*)&aes);
#endif #endif
} }
@ -44262,6 +44266,7 @@ static int test_wolfSSL_AES_cbc_encrypt(void)
AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(pt256, out, len, &aes, iv256tmp, AES_ENCRYPT); wolfSSL_AES_cbc_encrypt(pt256, out, len, &aes, iv256tmp, AES_ENCRYPT);
AssertIntEQ(XMEMCMP(out, ct256, AES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(out, ct256, AES_BLOCK_SIZE), 0);
wc_AesFree((Aes*)&aes);
#ifdef HAVE_AES_DECRYPT #ifdef HAVE_AES_DECRYPT
@ -44273,6 +44278,7 @@ static int test_wolfSSL_AES_cbc_encrypt(void)
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(ct256, out, len, &aes, iv256tmp, AES_DECRYPT); wolfSSL_AES_cbc_encrypt(ct256, out, len, &aes, iv256tmp, AES_DECRYPT);
AssertIntEQ(XMEMCMP(out, pt256, AES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(out, pt256, AES_BLOCK_SIZE), 0);
wc_AesFree((Aes*)&aes);
#endif #endif
@ -44288,6 +44294,7 @@ static int test_wolfSSL_AES_cbc_encrypt(void)
15), WOLFSSL_FAILURE); 15), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256, AssertIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256,
sizeof(key256)), sizeof(wrapCipher)); sizeof(key256)), sizeof(wrapCipher));
wc_AesFree((Aes*)&aes);
/* wolfSSL_AES_unwrap_key() 256-bit NULL iv */ /* wolfSSL_AES_unwrap_key() 256-bit NULL iv */
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
@ -44298,17 +44305,20 @@ static int test_wolfSSL_AES_cbc_encrypt(void)
AssertIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0); AssertIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
XMEMSET(wrapCipher, 0, sizeof(wrapCipher)); XMEMSET(wrapCipher, 0, sizeof(wrapCipher));
XMEMSET(wrapPlain, 0, sizeof(wrapPlain)); XMEMSET(wrapPlain, 0, sizeof(wrapPlain));
wc_AesFree((Aes*)&aes);
/* wolfSSL_AES_wrap_key() 256-bit custom iv */ /* wolfSSL_AES_wrap_key() 256-bit custom iv */
AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
AssertIntEQ(wolfSSL_AES_wrap_key(&aes, wrapIV, wrapCipher, key256, AssertIntEQ(wolfSSL_AES_wrap_key(&aes, wrapIV, wrapCipher, key256,
sizeof(key256)), sizeof(wrapCipher)); sizeof(key256)), sizeof(wrapCipher));
wc_AesFree((Aes*)&aes);
/* wolfSSL_AES_unwrap_key() 256-bit custom iv */ /* wolfSSL_AES_unwrap_key() 256-bit custom iv */
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, wrapIV, wrapPlain, wrapCipher, AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, wrapIV, wrapPlain, wrapCipher,
sizeof(wrapCipher)), sizeof(wrapPlain)); sizeof(wrapCipher)), sizeof(wrapPlain));
AssertIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0); AssertIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
wc_AesFree((Aes*)&aes);
} }
#endif /* HAVE_AES_KEYWRAP */ #endif /* HAVE_AES_KEYWRAP */
} }

6
wolfcrypt/src/aes.c
View File

@ -10664,8 +10664,8 @@ int wc_AesInit(Aes* aes, void* heap, int devId)
#endif /* WOLFSSL_ASYNC_CRYPT */ #endif /* WOLFSSL_ASYNC_CRYPT */
#ifdef WOLFSSL_AFALG #ifdef WOLFSSL_AFALG
aes->alFd = -1; aes->alFd = WC_SOCK_NOTSET;
aes->rdFd = -1; aes->rdFd = WC_SOCK_NOTSET;
#endif #endif
#ifdef WOLFSSL_KCAPI_AES #ifdef WOLFSSL_KCAPI_AES
aes->handle = NULL; aes->handle = NULL;
@ -10769,9 +10769,11 @@ void wc_AesFree(Aes* aes)
#if defined(WOLFSSL_AFALG) || defined(WOLFSSL_AFALG_XILINX_AES) #if defined(WOLFSSL_AFALG) || defined(WOLFSSL_AFALG_XILINX_AES)
if (aes->rdFd > 0) { /* negative is error case */ if (aes->rdFd > 0) { /* negative is error case */
close(aes->rdFd); close(aes->rdFd);
aes->rdFd = WC_SOCK_NOTSET;
} }
if (aes->alFd > 0) { if (aes->alFd > 0) {
close(aes->alFd); close(aes->alFd);
aes->alFd = WC_SOCK_NOTSET;
} }
#endif /* WOLFSSL_AFALG */ #endif /* WOLFSSL_AFALG */
#ifdef WOLFSSL_KCAPI_AES #ifdef WOLFSSL_KCAPI_AES

57
wolfcrypt/src/evp.c
View File

@ -5991,20 +5991,57 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
if (ctx) { if (ctx) {
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
#ifndef NO_AES
switch (ctx->cipherType) {
#if defined(HAVE_AESGCM) && defined(WOLFSSL_AESGCM_STREAM) #if defined(HAVE_AESGCM) && defined(WOLFSSL_AESGCM_STREAM)
if ((ctx->cipherType == AES_128_GCM_TYPE) || case AES_128_GCM_TYPE:
(ctx->cipherType == AES_192_GCM_TYPE) || case AES_192_GCM_TYPE:
(ctx->cipherType == AES_256_GCM_TYPE)) { case AES_256_GCM_TYPE:
wc_AesFree(&ctx->cipher.aes);
}
#endif /* HAVE_AESGCM && WOLFSSL_AESGCM_STREAM */ #endif /* HAVE_AESGCM && WOLFSSL_AESGCM_STREAM */
#if defined(HAVE_AESCCM) #if defined(HAVE_AESCCM)
if ((ctx->cipherType == AES_128_CCM_TYPE) || case AES_128_CCM_TYPE:
(ctx->cipherType == AES_192_CCM_TYPE) || case AES_192_CCM_TYPE:
(ctx->cipherType == AES_256_CCM_TYPE)) { case AES_256_CCM_TYPE:
wc_AesFree(&ctx->cipher.aes);
}
#endif /* HAVE_AESCCM */ #endif /* HAVE_AESCCM */
#ifdef HAVE_AESCBC
case AES_128_CBC_TYPE:
case AES_192_CBC_TYPE:
case AES_256_CBC_TYPE:
#endif
#ifdef WOLFSSL_AES_COUNTER
case AES_128_CTR_TYPE:
case AES_192_CTR_TYPE:
case AES_256_CTR_TYPE:
#endif
#ifdef HAVE_AES_ECB
case AES_128_ECB_TYPE:
case AES_192_ECB_TYPE:
case AES_256_ECB_TYPE:
#endif
#ifdef HAVE_AES_CFB
case AES_128_CFB1_TYPE:
case AES_192_CFB1_TYPE:
case AES_256_CFB1_TYPE:
case AES_128_CFB8_TYPE:
case AES_192_CFB8_TYPE:
case AES_256_CFB8_TYPE:
case AES_128_CFB128_TYPE:
case AES_192_CFB128_TYPE:
case AES_256_CFB128_TYPE:
#endif
#ifdef HAVE_AES_OFB
case AES_128_OFB_TYPE:
case AES_192_OFB_TYPE:
case AES_256_OFB_TYPE:
#endif
#ifdef WOLFSSL_AES_XTS
case AES_128_XTS_TYPE:
case AES_256_XTS_TYPE:
#endif
wc_AesFree(&ctx->cipher.aes);
}
#endif /* !NO_AES */
#endif /* not FIPS or FIPS v2+ */ #endif /* not FIPS or FIPS v2+ */
ctx->cipherType = WOLFSSL_EVP_CIPH_TYPE_INIT; /* not yet initialized */ ctx->cipherType = WOLFSSL_EVP_CIPH_TYPE_INIT; /* not yet initialized */
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)

55
wolfcrypt/src/port/af_alg/afalg_aes.c
View File

@ -62,11 +62,12 @@ static int wc_AesSetup(Aes* aes, const char* type, const char* name, int ivSz, i
if (aes->rdFd < 0) { if (aes->rdFd < 0) {
WOLFSSL_MSG("Unable to accept and get AF_ALG read socket"); WOLFSSL_MSG("Unable to accept and get AF_ALG read socket");
aes->rdFd = WC_SOCK_NOTSET; aes->rdFd = WC_SOCK_NOTSET;
return aes->rdFd; return WC_AFALG_SOCK_E;
} }
if (setsockopt(aes->alFd, SOL_ALG, ALG_SET_KEY, key, aes->keylen) != 0) { if (setsockopt(aes->alFd, SOL_ALG, ALG_SET_KEY, key, aes->keylen) != 0) {
WOLFSSL_MSG("Unable to set AF_ALG key"); WOLFSSL_MSG("Unable to set AF_ALG key");
(void)close(aes->rdFd);
aes->rdFd = WC_SOCK_NOTSET; aes->rdFd = WC_SOCK_NOTSET;
return WC_AFALG_SOCK_E; return WC_AFALG_SOCK_E;
} }
@ -93,8 +94,9 @@ static int wc_AesSetup(Aes* aes, const char* type, const char* name, int ivSz, i
if (wc_Afalg_SetOp(CMSG_FIRSTHDR(&(aes->msg)), aes->dir) < 0) { if (wc_Afalg_SetOp(CMSG_FIRSTHDR(&(aes->msg)), aes->dir) < 0) {
WOLFSSL_MSG("Error with setting AF_ALG operation"); WOLFSSL_MSG("Error with setting AF_ALG operation");
(void)close(aes->rdFd);
aes->rdFd = WC_SOCK_NOTSET; aes->rdFd = WC_SOCK_NOTSET;
return -1; return WC_AFALG_SOCK_E;
} }
return 0; return 0;
@ -127,8 +129,14 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
aes->left = 0; aes->left = 0;
#endif #endif
if (aes->rdFd > 0) {
(void)close(aes->rdFd);
}
aes->rdFd = WC_SOCK_NOTSET; aes->rdFd = WC_SOCK_NOTSET;
aes->alFd = wc_Afalg_Socket(); if (aes->alFd <= 0) {
aes->alFd = wc_Afalg_Socket();
}
if (aes->alFd < 0) { if (aes->alFd < 0) {
WOLFSSL_MSG("Unable to open an AF_ALG socket"); WOLFSSL_MSG("Unable to open an AF_ALG socket");
return WC_AFALG_SOCK_E; return WC_AFALG_SOCK_E;
@ -190,11 +198,11 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
ret = (int)sendmsg(aes->rdFd, &(aes->msg), 0); ret = (int)sendmsg(aes->rdFd, &(aes->msg), 0);
if (ret < 0) { if (ret < 0) {
return ret; return WC_AFALG_SOCK_E;
} }
ret = (int)read(aes->rdFd, out, sz); ret = (int)read(aes->rdFd, out, sz);
if (ret < 0) { if (ret < 0) {
return ret; return WC_AFALG_SOCK_E;
} }
/* set IV for next CBC call */ /* set IV for next CBC call */
@ -251,11 +259,11 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
ret = (int)sendmsg(aes->rdFd, &(aes->msg), 0); ret = (int)sendmsg(aes->rdFd, &(aes->msg), 0);
if (ret < 0) { if (ret < 0) {
return ret; return WC_AFALG_SOCK_E;
} }
ret = (int)read(aes->rdFd, out, sz); ret = (int)read(aes->rdFd, out, sz);
if (ret < 0) { if (ret < 0) {
return ret; return WC_AFALG_SOCK_E;
} }
} }
@ -301,11 +309,11 @@ static int wc_Afalg_AesDirect(Aes* aes, byte* out, const byte* in, word32 sz)
ret = (int)sendmsg(aes->rdFd, &(aes->msg), 0); ret = (int)sendmsg(aes->rdFd, &(aes->msg), 0);
if (ret < 0) { if (ret < 0) {
return ret; return WC_AFALG_SOCK_E;
} }
ret = (int)read(aes->rdFd, out, sz); ret = (int)read(aes->rdFd, out, sz);
if (ret < 0) { if (ret < 0) {
return ret; return WC_AFALG_SOCK_E;
} }
return 0; return 0;
@ -410,7 +418,7 @@ int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
ret = (int)sendmsg(aes->rdFd, &(aes->msg), 0); ret = (int)sendmsg(aes->rdFd, &(aes->msg), 0);
if (ret < 0) { if (ret < 0) {
return ret; return WC_AFALG_SOCK_E;
} }
@ -428,7 +436,7 @@ int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
ret = (int)readv(aes->rdFd, iov, 2); ret = (int)readv(aes->rdFd, iov, 2);
if (ret < 0) { if (ret < 0) {
return ret; return WC_AFALG_SOCK_E;
} }
if (aes->left > 0) { if (aes->left > 0) {
@ -503,8 +511,14 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
aes->keylen = len; aes->keylen = len;
aes->rounds = len/4 + 6; aes->rounds = len/4 + 6;
if (aes->rdFd > 0) {
(void)close(aes->rdFd);
}
aes->rdFd = WC_SOCK_NOTSET; aes->rdFd = WC_SOCK_NOTSET;
aes->alFd = wc_Afalg_Socket(); if (aes->alFd <= 0) {
aes->alFd = wc_Afalg_Socket();
}
if (aes->alFd < 0) { if (aes->alFd < 0) {
WOLFSSL_MSG("Unable to open an AF_ALG socket"); WOLFSSL_MSG("Unable to open an AF_ALG socket");
return WC_AFALG_SOCK_E; return WC_AFALG_SOCK_E;
@ -564,6 +578,11 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
if (aes->alFd <= 0) {
WOLFSSL_MSG("AF_ALG GcmEncrypt called with alFd unset");
return BAD_FUNC_ARG;
}
if (aes->rdFd == WC_SOCK_NOTSET) { if (aes->rdFd == WC_SOCK_NOTSET) {
aes->dir = AES_ENCRYPTION; aes->dir = AES_ENCRYPTION;
if ((ret = wc_AesSetup(aes, WC_TYPE_AEAD, WC_NAME_AESGCM, ivSz, if ((ret = wc_AesSetup(aes, WC_TYPE_AEAD, WC_NAME_AESGCM, ivSz,
@ -634,12 +653,12 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
if (ret < 0) { if (ret < 0) {
return ret; return WC_AFALG_SOCK_E;
} }
ret = read(aes->rdFd, out, sz + AES_BLOCK_SIZE); ret = read(aes->rdFd, out, sz + AES_BLOCK_SIZE);
if (ret < 0) { if (ret < 0) {
return ret; return WC_AFALG_SOCK_E;
} }
XMEMCPY(authTag, out + sz, authTagSz); XMEMCPY(authTag, out + sz, authTagSz);
} }
@ -679,7 +698,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
ret = (int)sendmsg(aes->rdFd, msg, 0); ret = (int)sendmsg(aes->rdFd, msg, 0);
if (ret < 0) { if (ret < 0) {
return ret; return WC_AFALG_SOCK_E;
} }
{ {
@ -702,7 +721,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
} }
if (ret < 0) { if (ret < 0) {
return ret; return WC_AFALG_SOCK_E;
} }
#endif #endif
@ -845,7 +864,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
if (ret < 0) { if (ret < 0) {
return ret; return WC_AFALG_SOCK_E;
} }
ret = read(aes->rdFd, out, sz + AES_BLOCK_SIZE); ret = read(aes->rdFd, out, sz + AES_BLOCK_SIZE);
@ -886,7 +905,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
msg->msg_iovlen = 3; /* # of iov structures */ msg->msg_iovlen = 3; /* # of iov structures */
ret = (int)sendmsg(aes->rdFd, &(aes->msg), 0); ret = (int)sendmsg(aes->rdFd, &(aes->msg), 0);
if (ret < 0) { if (ret < 0) {
return ret; return WC_AFALG_SOCK_E;
} }
{ {

32
wolfcrypt/src/port/af_alg/afalg_hash.c
View File

@ -121,8 +121,10 @@ static int AfalgHashUpdate(wolfssl_AFALG_Hash* hash, const byte* in, word32 sz)
} }
hash->len = hash->used + sz; hash->len = hash->used + sz;
} }
XMEMCPY(hash->msg + hash->used, in, sz); if (sz > 0) {
hash->used += sz; XMEMCPY(hash->msg + hash->used, in, sz);
hash->used += sz;
}
#else #else
int ret; int ret;
@ -139,32 +141,41 @@ static int AfalgHashFinal(wolfssl_AFALG_Hash* hash, byte* out, word32 outSz,
const char* type) const char* type)
{ {
int ret; int ret;
void* heap;
if (hash == NULL || out == NULL) { if (hash == NULL || out == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
heap = hash->heap; /* keep because AfalgHashInit clears the pointer */
#ifdef WOLFSSL_AFALG_HASH_KEEP #ifdef WOLFSSL_AFALG_HASH_KEEP
/* keep full message to out at end instead of incremental updates */ /* keep full message to out at end instead of incremental updates */
if ((ret = (int)send(hash->rdFd, hash->msg, hash->used, 0)) < 0) { if ((ret = (int)send(hash->rdFd, hash->msg, hash->used, 0)) < 0) {
return ret; ret = WC_AFALG_SOCK_E;
goto out;
} }
XFREE(hash->msg, heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER);
hash->msg = NULL; hash->msg = NULL;
#else #else
if ((ret = (int)send(hash->rdFd, NULL, 0, 0)) < 0) { if ((ret = (int)send(hash->rdFd, NULL, 0, 0)) < 0) {
return ret; ret = WC_AFALG_SOCK_E;
goto out;
} }
#endif #endif
if ((ret = (int)read(hash->rdFd, out, outSz)) != (int)outSz) { if ((ret = (int)read(hash->rdFd, out, outSz)) != (int)outSz) {
return ret; ret = WC_AFALG_SOCK_E;
goto out;
} }
ret = 0;
out:
AfalgHashFree(hash); AfalgHashFree(hash);
return AfalgHashInit(hash, heap, 0, type);
if (ret != 0)
return ret;
else
return AfalgHashInit(hash, hash->heap, 0, type);
} }
@ -212,7 +223,8 @@ static int AfalgHashCopy(wolfssl_AFALG_Hash* src, wolfssl_AFALG_Hash* dst)
if (dst->msg == NULL) { if (dst->msg == NULL) {
return MEMORY_E; return MEMORY_E;
} }
XMEMCPY(dst->msg, src->msg, src->len); if (src->len > 0)
XMEMCPY(dst->msg, src->msg, src->len);
#endif #endif
dst->rdFd = accept(src->rdFd, NULL, 0); dst->rdFd = accept(src->rdFd, NULL, 0);

22
wolfcrypt/test/test.c
View File

@ -20327,6 +20327,8 @@ WOLFSSL_TEST_SUBROUTINE int openssl_test(void)
(byte*)cbcPlain, 0) != 1) (byte*)cbcPlain, 0) != 1)
return -8666; return -8666;
if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
return -8724;
EVP_CIPHER_CTX_init(en); EVP_CIPHER_CTX_init(en);
if (EVP_CipherInit(en, EVP_aes_128_cbc(), if (EVP_CipherInit(en, EVP_aes_128_cbc(),
(unsigned char*)key, (unsigned char*)iv, 1) == 0) (unsigned char*)key, (unsigned char*)iv, 1) == 0)
@ -20391,6 +20393,8 @@ WOLFSSL_TEST_SUBROUTINE int openssl_test(void)
return -8684; return -8684;
total = 0; total = 0;
if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
return -8725;
EVP_CIPHER_CTX_init(en); EVP_CIPHER_CTX_init(en);
if (EVP_EncryptInit(en, EVP_aes_128_cbc(), if (EVP_EncryptInit(en, EVP_aes_128_cbc(),
(unsigned char*)key, (unsigned char*)iv) == 0) (unsigned char*)key, (unsigned char*)iv) == 0)
@ -20416,6 +20420,8 @@ WOLFSSL_TEST_SUBROUTINE int openssl_test(void)
return 3438; return 3438;
total = 0; total = 0;
if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
return -8726;
EVP_CIPHER_CTX_init(de); EVP_CIPHER_CTX_init(de);
if (EVP_DecryptInit(de, EVP_aes_128_cbc(), if (EVP_DecryptInit(de, EVP_aes_128_cbc(),
(unsigned char*)key, (unsigned char*)iv) == 0) (unsigned char*)key, (unsigned char*)iv) == 0)
@ -20462,11 +20468,15 @@ WOLFSSL_TEST_SUBROUTINE int openssl_test(void)
if (EVP_CIPHER_CTX_mode(en) != (en->flags & WOLFSSL_EVP_CIPH_MODE)) if (EVP_CIPHER_CTX_mode(en) != (en->flags & WOLFSSL_EVP_CIPH_MODE))
return -8704; return -8704;
if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
return -8727;
EVP_CIPHER_CTX_init(en); EVP_CIPHER_CTX_init(en);
if (EVP_CipherInit_ex(en, EVP_aes_128_cbc(), NULL, if (EVP_CipherInit_ex(en, EVP_aes_128_cbc(), NULL,
(unsigned char*)key, (unsigned char*)iv, 0) == 0) (unsigned char*)key, (unsigned char*)iv, 0) == 0)
return -8705; return -8705;
if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
return -8728;
EVP_CIPHER_CTX_init(en); EVP_CIPHER_CTX_init(en);
if (EVP_EncryptInit_ex(en, EVP_aes_128_cbc(), NULL, if (EVP_EncryptInit_ex(en, EVP_aes_128_cbc(), NULL,
(unsigned char*)key, (unsigned char*)iv) == 0) (unsigned char*)key, (unsigned char*)iv) == 0)
@ -20478,6 +20488,11 @@ WOLFSSL_TEST_SUBROUTINE int openssl_test(void)
if (wolfSSL_EVP_EncryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE) if (wolfSSL_EVP_EncryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE)
return -8708; return -8708;
if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
return -8729;
if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
return -8730;
EVP_CIPHER_CTX_init(de); EVP_CIPHER_CTX_init(de);
if (EVP_DecryptInit_ex(de, EVP_aes_128_cbc(), NULL, if (EVP_DecryptInit_ex(de, EVP_aes_128_cbc(), NULL,
(unsigned char*)key, (unsigned char*)iv) == 0) (unsigned char*)key, (unsigned char*)iv) == 0)
@ -20492,6 +20507,8 @@ WOLFSSL_TEST_SUBROUTINE int openssl_test(void)
if (EVP_CIPHER_CTX_block_size(NULL) != BAD_FUNC_ARG) if (EVP_CIPHER_CTX_block_size(NULL) != BAD_FUNC_ARG)
return -8712; return -8712;
if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
return -8731;
EVP_CIPHER_CTX_init(en); EVP_CIPHER_CTX_init(en);
EVP_EncryptInit_ex(en, EVP_aes_128_cbc(), NULL, EVP_EncryptInit_ex(en, EVP_aes_128_cbc(), NULL,
(unsigned char*)key, (unsigned char*)iv); (unsigned char*)key, (unsigned char*)iv);
@ -20522,6 +20539,11 @@ WOLFSSL_TEST_SUBROUTINE int openssl_test(void)
if (EVP_CIPHER_CTX_set_padding(en, 1) != WOLFSSL_SUCCESS) if (EVP_CIPHER_CTX_set_padding(en, 1) != WOLFSSL_SUCCESS)
return -8721; return -8721;
if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
return -8732;
if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
return -8733;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wolfSSL_EVP_CIPHER_CTX_free(en); wolfSSL_EVP_CIPHER_CTX_free(en);
wolfSSL_EVP_CIPHER_CTX_free(de); wolfSSL_EVP_CIPHER_CTX_free(de);