From 614231f71c84cb65e04c37076f23a828a1300940 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 13 Mar 2017 11:33:39 +1000 Subject: [PATCH 1/5] Fixes for extended configuration testing --- src/crl.c | 13 ++++++------- src/ocsp.c | 2 -- wolfcrypt/src/integer.c | 10 +++++++--- wolfcrypt/test/test.c | 11 +++++++---- 4 files changed, 20 insertions(+), 16 deletions(-) diff --git a/src/crl.c b/src/crl.c index e4a876aad..09e633373 100755 --- a/src/crl.c +++ b/src/crl.c @@ -790,12 +790,12 @@ static int StartMonitorCRL(WOLFSSL_CRL* crl) /* Load CRL path files of type, SSL_SUCCESS on ok */ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor) { - int ret = SSL_SUCCESS; - char* name = NULL; + int ret = SSL_SUCCESS; + char* name = NULL; #ifdef WOLFSSL_SMALL_STACK ReadDirCtx* readCtx = NULL; #else - ReadDirCtx readCtx[1]; + ReadDirCtx readCtx[1]; #endif WOLFSSL_ENTER("LoadCRL"); @@ -803,10 +803,9 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor) return BAD_FUNC_ARG; #ifdef WOLFSSL_SMALL_STACK - ReadDirCtx* readCtx = NULL; - readCtx = (char*)XMALLOC(sizeof(ReadDirCtx), ctx->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (name == NULL) + readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), crl->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (readCtx == NULL) return MEMORY_E; #endif diff --git a/src/ocsp.c b/src/ocsp.c index bcf973b54..0af304f34 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -278,8 +278,6 @@ static int CheckResponse(WOLFSSL_OCSP* ocsp, byte* response, int responseSz, if (newStatus) XFREE(newStatus, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (ocspResponse) XFREE(ocspResponse, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(request, NULL, DYNAMIC_TYPE_OCSP); - WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR); return MEMORY_E; } diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index a9d4b9234..6736b18e4 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -542,6 +542,7 @@ void mp_rshb (mp_int *c, int x) /* set the carry to the carry bits of the current word found above */ r = rr; } + mp_clamp(c); } @@ -4100,14 +4101,17 @@ int mp_sub_d (mp_int * a, mp_digit b, mp_int * c) c->used = a->used; /* subtract first digit */ - *tmpc = *tmpa++ - b; - mu = *tmpc >> (sizeof(mp_digit) * CHAR_BIT - 1); + *tmpc = *tmpa - b; + if (b > *tmpa++) + mu = ((-*tmpc) >> DIGIT_BIT) + 1; + else + mu = *tmpc >> DIGIT_BIT; *tmpc++ &= MP_MASK; /* handle rest of the digits */ for (ix = 1; ix < a->used; ix++) { *tmpc = *tmpa++ - mu; - mu = *tmpc >> (sizeof(mp_digit) * CHAR_BIT - 1); + mu = *tmpc >> DIGIT_BIT; *tmpc++ &= MP_MASK; } } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index ffbd6b552..169432f20 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -254,7 +254,7 @@ int scrypt_test(void); int pkcs7signed_test(void); int pkcs7encrypted_test(void); #endif -#if !defined(NO_ASN_TIME) && defined(WOLFSSL_TEST_CERT) +#if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) int cert_test(void); #endif #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) @@ -660,7 +660,7 @@ int wolfcrypt_test(void* args) printf( "RSA test passed!\n"); #endif -#if !defined(NO_ASN_TIME) && defined(WOLFSSL_TEST_CERT) +#if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) if ( (ret = cert_test()) != 0) return err_sys("CERT test failed!\n", ret); else @@ -12522,6 +12522,7 @@ int mp_test() ret = wc_RNG_GenerateBlock(&rng, (byte*)&d, sizeof(d)); if (ret != 0) return -11003; + d &= MP_MASK; /* Ensure sqrmod produce same result as mulmod. */ ret = mp_sqrmod(&a, &p, &r1); @@ -12558,7 +12559,7 @@ int mp_test() * - if p and a are even it will fail. */ ret = mp_invmod(&a, &p, &r1); - if (ret != 0 && ret != FP_VAL) + if (ret != 0 && ret != MP_VAL) return -11019; ret = 0; @@ -12577,7 +12578,8 @@ int mp_test() } } - /* Check that setting a digit works. */ + /* Check that setting a 32-bit digit works. */ + d &= 0xffffffff; mp_set_int(&a, d); if (a.used != 1 || a.dp[0] != d) return -11025; @@ -12595,6 +12597,7 @@ done: mp_clear(&p); mp_clear(&r2); mp_clear(&r1); + mp_clear(&b); mp_clear(&a); wc_FreeRng(&rng); return ret; From d4f0c79272ed7662b6a101086094e411543734b6 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 13 Mar 2017 12:18:45 +1000 Subject: [PATCH 2/5] Cast for Windows --- wolfcrypt/src/integer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index 6736b18e4..1c8fd87d3 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -4103,7 +4103,7 @@ int mp_sub_d (mp_int * a, mp_digit b, mp_int * c) /* subtract first digit */ *tmpc = *tmpa - b; if (b > *tmpa++) - mu = ((-*tmpc) >> DIGIT_BIT) + 1; + mu = (mp_digit)(((-*tmpc) >> DIGIT_BIT) + 1); else mu = *tmpc >> DIGIT_BIT; *tmpc++ &= MP_MASK; From 8ac2f5cb9ceda593d4afad989fb5ef9709b91792 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 13 Mar 2017 12:29:58 +1000 Subject: [PATCH 3/5] Windows warning about negating unsigned fix --- wolfcrypt/src/integer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index 1c8fd87d3..ab0040d0d 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -4103,7 +4103,7 @@ int mp_sub_d (mp_int * a, mp_digit b, mp_int * c) /* subtract first digit */ *tmpc = *tmpa - b; if (b > *tmpa++) - mu = (mp_digit)(((-*tmpc) >> DIGIT_BIT) + 1); + mu = ((0 - *tmpc) >> DIGIT_BIT) + 1; else mu = *tmpc >> DIGIT_BIT; *tmpc++ &= MP_MASK; From 610ac07cd81b9b2fc320ff70612cf2d8d9f4052a Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 13 Mar 2017 16:28:36 +1000 Subject: [PATCH 4/5] Add MP_MASK --- wolfssl/wolfcrypt/tfm.h | 1 + 1 file changed, 1 insertion(+) diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h index 6fe7c03bb..53357b78a 100644 --- a/wolfssl/wolfcrypt/tfm.h +++ b/wolfssl/wolfcrypt/tfm.h @@ -608,6 +608,7 @@ typedef fp_int mp_int; #define MP_YES FP_YES /* yes/no result */ #define MP_ZPOS FP_ZPOS #define MP_NEG FP_NEG +#define MP_MASK FP_MASK /* Prototypes */ #define mp_zero(a) fp_zero(a) From 72728b21af081267b0082f9fc26a712d30ba275c Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Tue, 14 Mar 2017 10:23:13 +1000 Subject: [PATCH 5/5] Undo as mp_digit is not allowed to get as large as tested --- wolfcrypt/src/integer.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index ab0040d0d..669d54d43 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -4101,17 +4101,14 @@ int mp_sub_d (mp_int * a, mp_digit b, mp_int * c) c->used = a->used; /* subtract first digit */ - *tmpc = *tmpa - b; - if (b > *tmpa++) - mu = ((0 - *tmpc) >> DIGIT_BIT) + 1; - else - mu = *tmpc >> DIGIT_BIT; + *tmpc = *tmpa++ - b; + mu = *tmpc >> (sizeof(mp_digit) * CHAR_BIT - 1); *tmpc++ &= MP_MASK; /* handle rest of the digits */ for (ix = 1; ix < a->used; ix++) { *tmpc = *tmpa++ - mu; - mu = *tmpc >> DIGIT_BIT; + mu = *tmpc >> (sizeof(mp_digit) * CHAR_BIT - 1); *tmpc++ &= MP_MASK; } }