From d39ca40fee743cd19960eab85cd2d85e05191839 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Fri, 24 Feb 2017 10:27:09 -0700
Subject: [PATCH] wrapper for Aes structure added and checks on structure size

---
 src/ssl.c             | 30 ++++++++++++++++++++++--------
 wolfssl/openssl/aes.h | 21 ++++++++++++++++-----
 2 files changed, 38 insertions(+), 13 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index a7999320f..f7b208d60 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -19376,6 +19376,9 @@ void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa,
 void wolfSSL_RC4_set_key(WOLFSSL_RC4_KEY* key, int len,
         const unsigned char* data)
 {
+    typedef char rc4_test[sizeof(WOLFSSL_RC4_KEY) >= sizeof(Arc4) ? 1 : -1];
+    (void)sizeof(rc4_test);
+
     WOLFSSL_ENTER("wolfSSL_RC4_set_key");
 
     if (key == NULL || len < 0) {
@@ -19427,7 +19430,7 @@ void wolfSSL_AES_encrypt(const unsigned char* input, unsigned char* output,
         return;
     }
 
-    wc_AesEncryptDirect(key, output, input);
+    wc_AesEncryptDirect((Aes*)key, output, input);
 }
 
 
@@ -19447,7 +19450,7 @@ void wolfSSL_AES_decrypt(const unsigned char* input, unsigned char* output,
         return;
     }
 
-    wc_AesDecryptDirect(key, output, input);
+    wc_AesDecryptDirect((Aes*)key, output, input);
 }
 #endif /* WOLFSSL_AES_DIRECT */
 
@@ -19460,6 +19463,9 @@ void wolfSSL_AES_decrypt(const unsigned char* input, unsigned char* output,
 void wolfSSL_AES_set_encrypt_key(const unsigned char *key, const int bits,
         AES_KEY *aes)
 {
+    typedef char aes_test[sizeof(AES_KEY) >= sizeof(Aes) ? 1 : -1];
+    (void)sizeof(aes_test);
+
     WOLFSSL_ENTER("wolfSSL_AES_set_encrypt_key");
 
     if (key == NULL || aes == NULL) {
@@ -19467,7 +19473,8 @@ void wolfSSL_AES_set_encrypt_key(const unsigned char *key, const int bits,
         return;
     }
 
-    if (wc_AesSetKey(aes, key, ((bits)/8), NULL, AES_ENCRYPTION) != 0) {
+    XMEMSET(aes, 0, sizeof(AES_KEY));
+    if (wc_AesSetKey((Aes*)aes, key, ((bits)/8), NULL, AES_ENCRYPTION) != 0) {
         WOLFSSL_MSG("Error in setting AES key");
     }
 }
@@ -19482,6 +19489,9 @@ void wolfSSL_AES_set_encrypt_key(const unsigned char *key, const int bits,
 void wolfSSL_AES_set_decrypt_key(const unsigned char *key, const int bits,
         AES_KEY *aes)
 {
+    typedef char aes_test[sizeof(AES_KEY) >= sizeof(Aes) ? 1 : -1];
+    (void)sizeof(aes_test);
+
     WOLFSSL_ENTER("wolfSSL_AES_set_decrypt_key");
 
     if (key == NULL || aes == NULL) {
@@ -19489,7 +19499,8 @@ void wolfSSL_AES_set_decrypt_key(const unsigned char *key, const int bits,
         return;
     }
 
-    if (wc_AesSetKey(aes, key, ((bits)/8), NULL, AES_DECRYPTION) != 0) {
+    XMEMSET(aes, 0, sizeof(AES_KEY));
+    if (wc_AesSetKey((Aes*)aes, key, ((bits)/8), NULL, AES_DECRYPTION) != 0) {
         WOLFSSL_MSG("Error in setting AES key");
     }
 }
@@ -19508,6 +19519,8 @@ void wolfSSL_AES_set_decrypt_key(const unsigned char *key, const int bits,
 void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out,
         size_t len, AES_KEY *key, unsigned char* iv, const int enc)
 {
+    Aes* aes;
+
     WOLFSSL_ENTER("wolfSSL_AES_cbc_encrypt");
 
     if (key == NULL || in == NULL || out == NULL || iv == NULL) {
@@ -19515,24 +19528,25 @@ void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out,
         return;
     }
 
-    if (wc_AesSetIV(key, (const byte*)iv) != 0) {
+    aes = (Aes*)key;
+    if (wc_AesSetIV(aes, (const byte*)iv) != 0) {
         WOLFSSL_MSG("Error with setting iv");
         return;
     }
 
     if (enc == AES_ENCRYPT) {
-        if (wc_AesCbcEncrypt(key, out, in, (word32)len) != 0) {
+        if (wc_AesCbcEncrypt(aes, out, in, (word32)len) != 0) {
             WOLFSSL_MSG("Error with AES CBC encrypt");
         }
     }
     else {
-        if (wc_AesCbcDecrypt(key, out, in, (word32)len) != 0) {
+        if (wc_AesCbcDecrypt(aes, out, in, (word32)len) != 0) {
             WOLFSSL_MSG("Error with AES CBC decrypt");
         }
     }
 
     /* to be compatible copy iv to iv buffer after completing operation */
-    XMEMCPY(iv, (byte*)(key->reg), AES_BLOCK_SIZE);
+    XMEMCPY(iv, (byte*)(aes->reg), AES_BLOCK_SIZE);
 }
 
 
diff --git a/wolfssl/openssl/aes.h b/wolfssl/openssl/aes.h
index 078912e9d..5ffd5a7bb 100644
--- a/wolfssl/openssl/aes.h
+++ b/wolfssl/openssl/aes.h
@@ -34,14 +34,25 @@
 #ifndef NO_AES
 #include <wolfssl/openssl/ssl.h> /* for size_t */
 
-#include <wolfssl/wolfcrypt/aes.h>
-
 #ifdef __cplusplus
     extern "C" {
 #endif
 
-
-typedef struct Aes AES_KEY;
+/* This structure wrapper is done because there is no aes_new function with
+ * OpenSSL compatibility layer. This makes code working with an AES structure
+ * to need the size of the structure. */
+typedef struct WOLFSSL_AES_KEY {
+    /* aligned and big enough for Aes from wolfssl/wolfcrypt/aes.h */
+    ALIGN16 void* holder[360 / sizeof(void*)];
+    #ifdef WOLFSSL_ASYNC_CRYPT
+        void* additional[64 / sizeof(void*)]; /* async uses additional memory */
+    #endif
+    #ifdef GCM_TABLE
+    /* key-based fast multiplication table. */
+    ALIGN16 void* M0[4096 / sizeof(void*)];
+    #endif /* GCM_TABLE */
+} WOLFSSL_AES_KEY;
+typedef WOLFSSL_AES_KEY AES_KEY;
 
 WOLFSSL_API void wolfSSL_AES_set_encrypt_key
     (const unsigned char *, const int bits, AES_KEY *);
@@ -82,4 +93,4 @@ WOLFSSL_API void wolfSSL_AES_decrypt
 
 #endif /* NO_AES */
 
-#endif /* WOLFSSL_DES_H_ */
+#endif /* WOLFSSL_AES_H_ */