From 65b8389af0678d1861fbfc2ce03ab329d9953ec1 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Wed, 2 Aug 2017 08:42:04 -0700
Subject: [PATCH] =?UTF-8?q?Fix=20for=20handling=20hash=20copies=20to=20mak?=
 =?UTF-8?q?e=20sure=20copied=20buffer=20is=20not=20free=E2=80=99d.=20Resol?=
 =?UTF-8?q?ves=20issues=20when=20testing=20TLS=20connection=20with=20`wolf?=
 =?UTF-8?q?ssl=5Ftcp=5Fclient`=20and=20`openurl=20https://www.google.com/`?=
 =?UTF-8?q?.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 mcapi/crypto.h                               |  2 +-
 wolfcrypt/src/md5.c                          |  3 +++
 wolfcrypt/src/port/pic32/pic32mz-crypt.c     | 19 +++++++++++++++----
 wolfcrypt/src/sha.c                          |  3 +++
 wolfcrypt/src/sha256.c                       |  3 +++
 wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h |  2 ++
 6 files changed, 27 insertions(+), 5 deletions(-)

diff --git a/mcapi/crypto.h b/mcapi/crypto.h
index c9cd779de..786f561ba 100644
--- a/mcapi/crypto.h
+++ b/mcapi/crypto.h
@@ -48,7 +48,7 @@ enum {
 
 /* SHA */
 typedef struct CRYPT_SHA_CTX {
-    int holder[28];   /* big enough to hold internal, but check on init */
+    int holder[29];   /* big enough to hold internal, but check on init */
 } CRYPT_SHA_CTX;
 
 int CRYPT_SHA_Initialize(CRYPT_SHA_CTX*);
diff --git a/wolfcrypt/src/md5.c b/wolfcrypt/src/md5.c
index 8f7a31681..ea69cfabf 100755
--- a/wolfcrypt/src/md5.c
+++ b/wolfcrypt/src/md5.c
@@ -490,6 +490,9 @@ int wc_Md5Copy(Md5* src, Md5* dst)
 #ifdef WOLFSSL_ASYNC_CRYPT
     ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev);
 #endif
+#ifdef WOLFSSL_PIC32MZ_HASH
+    ret = wc_Pic32HashCopy(&src->cache, &dst->cache);
+#endif
 
     return ret;
 }
diff --git a/wolfcrypt/src/port/pic32/pic32mz-crypt.c b/wolfcrypt/src/port/pic32/pic32mz-crypt.c
index 3ea7b99d4..8bc629deb 100644
--- a/wolfcrypt/src/port/pic32/pic32mz-crypt.c
+++ b/wolfcrypt/src/port/pic32/pic32mz-crypt.c
@@ -279,6 +279,15 @@ int wc_Pic32Hash(const byte* in, int inLen, word32* out, int outLen, int algo)
         NULL, 0, NULL, 0);
 }
 
+int wc_Pic32HashCopy(hashUpdCache* src, hashUpdCache* dst)
+{
+    /* mark destination as copy, so cache->buf is not free'd */
+    if (dst) {
+        dst->isCopy = 1;
+    }
+    return 0;
+}
+
 static int wc_Pic32HashUpdate(hashUpdCache* cache, byte* stdBuf, word32 stdBufLen,
  const byte* data, word32 len, void* heap)
 {
@@ -306,12 +315,15 @@ static int wc_Pic32HashUpdate(hashUpdCache* cache, byte* stdBuf, word32 stdBufLe
         /* alloc buffer */
         newBuf = (byte*)XMALLOC(newLenPad, heap, DYNAMIC_TYPE_HASH_TMP);
         if (newBuf == NULL) {
-            if (cache->buf != stdBuf) {
+            if (cache->buf != stdBuf && !cache->isCopy) {
                 XFREE(cache->buf, heap, DYNAMIC_TYPE_HASH_TMP);
+                cache->buf = NULL;
+                cache->updLen = cache->bufLen = 0;
             }
             return MEMORY_E;
         }
         isNewBuf = 1;
+        cache->isCopy = 0; /* no longer using copy buffer */
     }
     else {
         /* use existing buffer */
@@ -347,12 +359,11 @@ static int wc_Pic32HashFinal(hashUpdCache* cache, byte* stdBuf, byte* hash,
     if (ret == 0) {
         XMEMCPY(hash, digest, digestSz);
     }
-    if (cache->buf != stdBuf) {
+    if (cache->buf != stdBuf && !cache->isCopy) {
         XFREE(cache->buf, heap, DYNAMIC_TYPE_HASH_TMP);
     }
     cache->buf = NULL;
-    cache->bufLen = 0;
-    cache->updLen = 0;
+    cache->bufLen = cache->updLen = 0;
 
     return ret;
 }
diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c
index 47490bc58..111f0f93d 100755
--- a/wolfcrypt/src/sha.c
+++ b/wolfcrypt/src/sha.c
@@ -597,6 +597,9 @@ int wc_ShaCopy(Sha* src, Sha* dst)
 #ifdef WOLFSSL_ASYNC_CRYPT
     ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev);
 #endif
+#ifdef WOLFSSL_PIC32MZ_HASH
+    ret = wc_Pic32HashCopy(&src->cache, &dst->cache);
+#endif
 
     return ret;
 }
diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c
index f044c1aa9..6d81facba 100755
--- a/wolfcrypt/src/sha256.c
+++ b/wolfcrypt/src/sha256.c
@@ -1975,6 +1975,9 @@ int wc_Sha256Copy(Sha256* src, Sha256* dst)
 #ifdef WOLFSSL_ASYNC_CRYPT
     ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev);
 #endif
+#ifdef WOLFSSL_PIC32MZ_HASH
+    ret = wc_Pic32HashCopy(&src->cache, &dst->cache);
+#endif
 
     return ret;
 }
diff --git a/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h b/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h
index 7f4f61662..6be2a2261 100644
--- a/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h
+++ b/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h
@@ -111,6 +111,7 @@ typedef struct hashUpdCache {
     unsigned char*  buf;
     unsigned int    bufLen;
     unsigned int    updLen;
+    int             isCopy;
 } hashUpdCache;
 
 
@@ -187,6 +188,7 @@ int wc_Pic32DesCrypt(word32 *key, int keyLen, word32 *iv, int ivLen,
 
 #ifdef WOLFSSL_PIC32MZ_HASH
 int wc_Pic32Hash(const byte* in, int inLen, word32* out, int outLen, int algo);
+int wc_Pic32HashCopy(hashUpdCache* src, hashUpdCache* dst);
 #endif
 
 #endif /* WOLFSSL_MICROCHIP_PIC32MZ */