diff --git a/cyassl/ctaocrypt/random.h b/cyassl/ctaocrypt/random.h index 9018da5af..6d3a96fea 100644 --- a/cyassl/ctaocrypt/random.h +++ b/cyassl/ctaocrypt/random.h @@ -28,9 +28,9 @@ #define InitRng wc_InitRng #define RNG_GenerateBlock wc_RNG_GenerateBlock #define RNG_GenerateByte wc_RNG_GenerateByte + #define FreeRng wc_FreeRng #if defined(HAVE_HASHDRBG) || defined(NO_RC4) - #define FreeRng wc_FreeRng #define RNG_HealthTest wc_RNG_HealthTest #endif /* HAVE_HASHDRBG || NO_RC4 */ diff --git a/src/internal.c b/src/internal.c index e8044cc82..d79c24373 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1719,9 +1719,7 @@ void SSL_ResourceFree(WOLFSSL* ssl) FreeCiphers(ssl); FreeArrays(ssl, 0); -#if defined(HAVE_HASHDRBG) || defined(NO_RC4) wc_FreeRng(ssl->rng); -#endif XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG); XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES); XFREE(ssl->hsHashes, ssl->heap, DYNAMIC_TYPE_HASHES); @@ -1836,9 +1834,7 @@ void FreeHandshakeResources(WOLFSSL* ssl) /* RNG */ if (ssl->specs.cipher_type == stream || ssl->options.tls1_1 == 0) { -#if defined(HAVE_HASHDRBG) || defined(NO_RC4) wc_FreeRng(ssl->rng); -#endif XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG); ssl->rng = NULL; } diff --git a/src/ssl.c b/src/ssl.c index 1a6696e6e..1cf5d7e74 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10451,11 +10451,8 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) ret = SSL_SUCCESS; } - if (initTmpRng) { - #if defined(HAVE_HASHDRBG) || defined(NO_RC4) - wc_FreeRng(tmpRNG); - #endif - } + if (initTmpRng) + wc_FreeRng(tmpRNG); #ifdef WOLFSSL_SMALL_STACK XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -10730,6 +10727,7 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom) { int ret = 0; int len = bits / 8; + int initTmpRng = 0; RNG* rng = NULL; #ifdef WOLFSSL_SMALL_STACK RNG* tmpRNG = NULL; @@ -10758,8 +10756,10 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom) if (bn == NULL || bn->internal == NULL) WOLFSSL_MSG("Bad function arguments"); - else if (wc_InitRng(tmpRNG) == 0) + else if (wc_InitRng(tmpRNG) == 0) { rng = tmpRNG; + initTmpRng = 1; + } else if (initGlobalRNG) rng = &globalRNG; @@ -10777,6 +10777,9 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom) } } + if (initTmpRng) + wc_FreeRng(tmpRNG); + #ifdef WOLFSSL_SMALL_STACK XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -11051,6 +11054,7 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh) int ret = 0; word32 pubSz = 768; word32 privSz = 768; + int initTmpRng = 0; RNG* rng = NULL; #ifdef WOLFSSL_SMALL_STACK unsigned char* pub = NULL; @@ -11081,8 +11085,10 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh) WOLFSSL_MSG("Bad function arguments"); else if (dh->inSet == 0 && SetDhInternal(dh) < 0) WOLFSSL_MSG("Bad DH set internal"); - else if (wc_InitRng(tmpRNG) == 0) + else if (wc_InitRng(tmpRNG) == 0) { rng = tmpRNG; + initTmpRng = 1; + } else { WOLFSSL_MSG("Bad RNG Init, trying global"); if (initGlobalRNG == 0) @@ -11123,6 +11129,9 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh) } } + if (initTmpRng) + wc_FreeRng(tmpRNG); + #ifdef WOLFSSL_SMALL_STACK XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -11538,6 +11547,7 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn, ret = SSL_SUCCESS; } + wc_FreeRng(rng); #ifdef WOLFSSL_SMALL_STACK XFREE(rng, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -11609,6 +11619,7 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, WOLFSSL_DSA* dsa) { int ret = SSL_FATAL_ERROR; + int initTmpRng = 0; RNG* rng = NULL; #ifdef WOLFSSL_SMALL_STACK RNG* tmpRNG = NULL; @@ -11629,8 +11640,10 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, return SSL_FATAL_ERROR; #endif - if (wc_InitRng(tmpRNG) == 0) + if (wc_InitRng(tmpRNG) == 0) { rng = tmpRNG; + initTmpRng = 1; + } else { WOLFSSL_MSG("Bad RNG Init, trying global"); if (initGlobalRNG == 0) @@ -11646,8 +11659,10 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, ret = SSL_SUCCESS; } + if (initTmpRng) + wc_FreeRng(tmpRNG); #ifdef WOLFSSL_SMALL_STACK - XFREE(RNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif } @@ -11664,6 +11679,7 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m, { word32 outLen; word32 signSz; + int initTmpRng = 0; RNG* rng = NULL; int ret = 0; #ifdef WOLFSSL_SMALL_STACK @@ -11700,8 +11716,10 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m, if (outLen == 0) WOLFSSL_MSG("Bad RSA size"); - else if (wc_InitRng(tmpRNG) == 0) + else if (wc_InitRng(tmpRNG) == 0) { rng = tmpRNG; + initTmpRng = 1; + } else { WOLFSSL_MSG("Bad RNG Init, trying global"); @@ -11730,6 +11748,9 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m, } + if (initTmpRng) + wc_FreeRng(tmpRNG); + #ifdef WOLFSSL_SMALL_STACK XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER); diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 30f88ae10..9a57064ac 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -366,7 +366,7 @@ int benchmark_test(void *args) bench_ed25519KeySign(); #endif -#if defined(HAVE_LOCAL_RNG) && (defined(HAVE_HASHDRBG) || defined(NO_RC4)) +#if defined(HAVE_LOCAL_RNG) wc_FreeRng(&rng); #endif diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 500b39ebb..95208e448 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -7397,6 +7397,7 @@ int EncodeOcspRequest(OcspRequest* req) extSz = SetOcspReqExtensions(MAX_OCSP_EXT_SZ, extArray, req->nonce, req->nonceSz); } + wc_FreeRng(&rng); } } diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 6ef70f6f9..babb7b9dd 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -1238,9 +1238,11 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) return ret; ret = wc_RNG_GenerateBlock(&rng, contentKeyPlain, blockKeySz); - if (ret != 0) + if (ret != 0) { + wc_FreeRng(&rng); return ret; - + } + #ifdef WOLFSSL_SMALL_STACK recip = (byte*)XMALLOC(MAX_RECIP_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); contentKeyEnc = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, NULL, @@ -1248,6 +1250,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) if (contentKeyEnc == NULL || recip == NULL) { if (recip) XFREE(recip, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (contentKeyEnc) XFREE(contentKeyEnc, NULL, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeRng(&rng); return MEMORY_E; } @@ -1267,6 +1270,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) if (recipSz < 0) { WOLFSSL_MSG("Failed to create RecipientInfo"); + wc_FreeRng(&rng); #ifdef WOLFSSL_SMALL_STACK XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER); #endif @@ -1276,6 +1280,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) /* generate IV for block cipher */ ret = wc_RNG_GenerateBlock(&rng, tmpIv, DES_BLOCK_SIZE); + wc_FreeRng(&rng); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER); @@ -1447,10 +1452,6 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) XMEMCPY(output + idx, encryptedContent, desOutSz); idx += desOutSz; -#if defined(HAVE_HASHDRBG) || defined(NO_RC4) - wc_FreeRng(&rng); -#endif - ForceZero(contentKeyPlain, MAX_CONTENT_KEY_LEN); if (dynamicFlag) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 24206b3b8..8e881bbe4 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -642,6 +642,13 @@ int wc_RNG_GenerateByte(RNG* rng, byte* b) } +int wc_FreeRng(RNG* rng) +{ + (void)rng; + return 0; +} + + #ifdef HAVE_CAVIUM #include diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 7ee96f221..7489a9222 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -3221,6 +3221,8 @@ int random_test(void) ret = wc_RNG_GenerateBlock(&rng, block, sizeof(block)); if (ret != 0) return -40; + wc_FreeRng(&rng); + return 0; } @@ -4226,10 +4228,7 @@ int rsa_test(void) wc_RsaFreeCavium(&key); #endif free(tmp); - -#if defined(HAVE_HASHDRBG) || defined(NO_RC4) wc_FreeRng(&rng); -#endif return 0; } @@ -4310,10 +4309,7 @@ int dh_test(void) wc_FreeDhKey(&key); wc_FreeDhKey(&key2); - -#if defined(HAVE_HASHDRBG) || defined(NO_RC4) wc_FreeRng(&rng); -#endif return 0; } @@ -4381,6 +4377,7 @@ int dsa_test(void) if (answer != 1) return -65; wc_FreeDsaKey(&key); + wc_FreeRng(&rng); return 0; } @@ -5072,10 +5069,7 @@ int ecc_test(void) wc_ecc_free(&pubKey); wc_ecc_free(&userB); wc_ecc_free(&userA); - -#if defined(HAVE_HASHDRBG) || defined(NO_RC4) wc_FreeRng(&rng); -#endif return 0; } @@ -5206,6 +5200,7 @@ int ecc_encrypt_test(void) /* cleanup */ wc_ecc_free(&userB); wc_ecc_free(&userA); + wc_FreeRng(&rng); return 0; } @@ -5342,9 +5337,7 @@ int ecc25519_test(void) wc_ecc25519_free(&userB); wc_ecc25519_free(&userA); -#if defined(HAVE_HASHDRBG) || defined(NO_RC4) wc_FreeRng(&rng); -#endif return 0; } @@ -6190,9 +6183,7 @@ int pkcs7signed_test(void) free(out); wc_PKCS7_Free(&msg); -#if defined(HAVE_HASHDRBG) || defined(NO_RC4) wc_FreeRng(&rng); -#endif if (ret > 0) return 0; diff --git a/wolfssl/test.h b/wolfssl/test.h index 5fd24520e..8d54be866 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -1606,6 +1606,7 @@ static INLINE int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz, if (ret == 0) ret = wc_ecc_sign_hash(in, inSz, out, outSz, &rng, &myKey); wc_ecc_free(&myKey); + wc_FreeRng(&rng); return ret; } @@ -1660,6 +1661,7 @@ static INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, ret = 0; } wc_FreeRsaKey(&myKey); + wc_FreeRng(&rng); return ret; } @@ -1715,6 +1717,7 @@ static INLINE int myRsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, } } wc_FreeRsaKey(&myKey); + wc_FreeRng(&rng); return ret; } @@ -1822,9 +1825,7 @@ static INLINE const char* mymktemp(char *tempfn, int len, int num) } tempfn[len] = '\0'; -#if defined(HAVE_HASHDRBG) wc_FreeRng(&rng); -#endif return tempfn; } diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index c61c78e5d..192144324 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -125,10 +125,10 @@ int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz); WOLFSSL_API int wc_InitRng(RNG*); WOLFSSL_API int wc_RNG_GenerateBlock(RNG*, byte*, word32 sz); WOLFSSL_API int wc_RNG_GenerateByte(RNG*, byte*); +WOLFSSL_API int wc_FreeRng(RNG*); #if defined(HAVE_HASHDRBG) || defined(NO_RC4) - WOLFSSL_API int wc_FreeRng(RNG*); WOLFSSL_API int wc_RNG_HealthTest(int reseed, const byte* entropyA, word32 entropyASz, const byte* entropyB, word32 entropyBSz,