From fbfd7a4deaa491cfb444d6665ab1cb80ba3cbbe4 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 20 Mar 2019 11:01:24 -0700 Subject: [PATCH] Release Fixes 1. Rearrange the deprecation cryptodev option so it doesn't overwrite the cryptocb option, and so it doesn't break its case in the build-test. 2. Fix the content length in the sample HTTP used by the example server. 3. Disable OCSP stapling in the example server if RSA is disabled. 4. Fix a variable in asn.c that was declared in the middle of its scope. 5. Retag the xmalloc, xrealloc, xfree functions used in the memory test as WOLFSSL_API like all the other allocators, instead of extern. --- configure.ac | 10 +++++++--- examples/server/server.c | 28 ++++++++++++++-------------- wolfcrypt/src/asn.c | 6 +++--- wolfssl/wolfcrypt/types.h | 12 ++++++------ 4 files changed, 30 insertions(+), 26 deletions(-) diff --git a/configure.ac b/configure.ac index 03f39a36c..5de988fc5 100644 --- a/configure.ac +++ b/configure.ac @@ -4357,14 +4357,17 @@ else fi +# cryptodev is old name, replaced with cryptocb +AC_ARG_ENABLE([cryptodev], + [AS_HELP_STRING([--enable-cryptodev],[DEPRECATED, use cryptocb instead])], + [ ENABLED_CRYPTOCB=$enableval ],[ ENABLED_CRYPTOCB=no ]) + # Support for crypto callbacks AC_ARG_ENABLE([cryptocb], [AS_HELP_STRING([--enable-cryptocb],[Enable crypto callbacks (default: disabled)])], [ ENABLED_CRYPTOCB=$enableval ], [ ENABLED_CRYPTOCB=no ] ) -# cryptodev is old name, replaced with cryptocb -AC_ARG_ENABLE([cryptodev],,[ ENABLED_CRYPTOCB=$enableval ],[ ENABLED_CRYPTOCB=no ]) if test "x$ENABLED_PKCS11" = "xyes" then @@ -4996,7 +4999,8 @@ echo " * Intel Quick Assist: $ENABLED_INTEL_QA" echo " * Xilinx Hardware Acc.: $ENABLED_XILINX" echo " * Inline Code: $ENABLED_INLINE" echo " * Linux AF_ALG: $ENABLED_AFALG" -echo " * Linux cryptodev: $ENABLED_DEVCRYPTO" +echo " * Linux devcrypto: $ENABLED_DEVCRYPTO" +echo " * Crypto callback: $ENABLED_CRYPTOCB" echo "" echo "---" diff --git a/examples/server/server.c b/examples/server/server.c index afa50a242..ed5221301 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -60,7 +60,7 @@ static const char webServerMsg[] = "HTTP/1.1 200 OK\r\n" "Content-Type: text/html\r\n" "Connection: close\r\n" - "Content-Length: 225\r\n" + "Content-Length: 141\r\n" "\r\n" "\r\n" "\r\n" @@ -1888,21 +1888,21 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) else wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE); } -#endif #ifndef NO_RSA -/* All the OSCP Stapling test certs are RSA. */ + /* All the OSCP Stapling test certs are RSA. */ #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ - || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) - if (wolfSSL_CTX_EnableOCSPStapling(ctx) != WOLFSSL_SUCCESS) - err_sys_ex(runWithErrors, "can't enable OCSP Stapling Certificate Manager"); - if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate1-ca-cert.pem", 0) != WOLFSSL_SUCCESS) - err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir"); - if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate2-ca-cert.pem", 0) != WOLFSSL_SUCCESS) - err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir"); - if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate3-ca-cert.pem", 0) != WOLFSSL_SUCCESS) - err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir"); -#endif -#endif + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + if (wolfSSL_CTX_EnableOCSPStapling(ctx) != WOLFSSL_SUCCESS) + err_sys_ex(runWithErrors, "can't enable OCSP Stapling Certificate Manager"); + if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate1-ca-cert.pem", 0) != WOLFSSL_SUCCESS) + err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir"); + if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate2-ca-cert.pem", 0) != WOLFSSL_SUCCESS) + err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir"); + if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate3-ca-cert.pem", 0) != WOLFSSL_SUCCESS) + err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir"); +#endif /* HAVE_CERTIFICATE_STATUS_REQUEST HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ +#endif /* NO_RSA */ +#endif /* HAVE_OCSP */ #ifdef HAVE_PK_CALLBACKS if (pkCallbacks) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 26c7bfffe..eef4035b9 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -10168,12 +10168,12 @@ static int SetEd25519PublicKey(byte* output, ed25519_key* key, int with_header) return MEMORY_E; #endif - int ret = wc_ed25519_export_public(key, pub, &pubSz); - if (ret != 0) { + idx = wc_ed25519_export_public(key, pub, &pubSz); + if (idx != 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif - return ret; + return idx; } /* headers */ diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index d660e0ad5..44aebaa5a 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -249,12 +249,12 @@ /* prototypes for user heap override functions */ #include /* for size_t */ #include - extern void *xmalloc(size_t n, void* heap, int type, const char* func, - const char* file, unsigned int line); - extern void *xrealloc(void *p, size_t n, void* heap, int type, - const char* func, const char* file, unsigned int line); - extern void xfree(void *p, void* heap, int type, const char* func, - const char* file, unsigned int line); + WOLFSSL_API void *xmalloc(size_t n, void* heap, int type, + const char* func, const char* file, unsigned int line); + WOLFSSL_API void *xrealloc(void *p, size_t n, void* heap, int type, + const char* func, const char* file, unsigned int line); + WOLFSSL_API void xfree(void *p, void* heap, int type, const char* func, + const char* file, unsigned int line); #elif defined(XMALLOC_OVERRIDE) /* override the XMALLOC, XFREE and XREALLOC macros */ #elif defined(NO_WOLFSSL_MEMORY)