From 17587d38f8131c85b506a33c3c56a22cb2ca0616 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 5 May 2017 10:19:03 -0700 Subject: [PATCH 1/5] Fix for new AES 192/256 tests to handle async wait. --- wolfcrypt/test/test.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index b48389e75..b9d72989c 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -4087,10 +4087,16 @@ int aes192_test(void) #endif ret = wc_AesCbcEncrypt(&enc, cipher, msg, (int) sizeof(msg)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); +#endif if (ret != 0) return -21005; #ifdef HAVE_AES_DECRYPT ret = wc_AesCbcDecrypt(&dec, plain, cipher, (int) sizeof(cipher)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); +#endif if (ret != 0) return -21006; if (XMEMCMP(plain, msg, (int) sizeof(plain))) { @@ -4161,10 +4167,16 @@ int aes256_test(void) #endif ret = wc_AesCbcEncrypt(&enc, cipher, msg, (int) sizeof(msg)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); +#endif if (ret != 0) return -22005; #ifdef HAVE_AES_DECRYPT ret = wc_AesCbcDecrypt(&dec, plain, cipher, (int) sizeof(cipher)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); +#endif if (ret != 0) return -22006; if (XMEMCMP(plain, msg, (int) sizeof(plain))) { From 6cc3983894ff8435d331454f81bde04b589e7a44 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 5 May 2017 10:29:48 -0700 Subject: [PATCH 2/5] =?UTF-8?q?Fix=20for=20using=20async=20with=20?= =?UTF-8?q?=E2=80=94enable-eccencrypt.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- wolfcrypt/src/ecc.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 558380a1c..f3d7dbb41 100755 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -7163,8 +7163,13 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, } #endif - ret = wc_ecc_shared_secret(privKey, pubKey, sharedSecret, &sharedSz); - + ret = 0; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &privKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + ret = wc_ecc_shared_secret(privKey, pubKey, sharedSecret, &sharedSz); + } while (ret == WC_PENDING_E); if (ret == 0) { switch (ctx->kdfAlgo) { case ecHKDF_SHA256 : @@ -7193,6 +7198,9 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, if (ret != 0) break; ret = wc_AesCbcEncrypt(&aes, out, msg, msgSz); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif } break; @@ -7316,8 +7324,13 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, } #endif - ret = wc_ecc_shared_secret(privKey, pubKey, sharedSecret, &sharedSz); - + ret = 0; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &privKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + ret = wc_ecc_shared_secret(privKey, pubKey, sharedSecret, &sharedSz); + } while (ret == WC_PENDING_E); if (ret == 0) { switch (ctx->kdfAlgo) { case ecHKDF_SHA256 : @@ -7379,6 +7392,9 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, if (ret != 0) break; ret = wc_AesCbcDecrypt(&aes, out, msg, msgSz-digestSz); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif } break; #endif From 011178994b4bf8004047eccc0ab436d2b9b995aa Mon Sep 17 00:00:00 2001 From: David Garske Date: Sat, 6 May 2017 00:32:02 -0400 Subject: [PATCH 3/5] Fix typos with goto exit labels and heap. --- src/internal.c | 4 ++-- src/tls.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/internal.c b/src/internal.c index 25fa2ac48..e1a10e895 100755 --- a/src/internal.c +++ b/src/internal.c @@ -7142,7 +7142,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz ret = wolfSSL_AsyncPush(ssl, args->dCert->sigCtx.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - goto exit_dc; + goto exit_ppc; } #endif @@ -7306,7 +7306,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz ret = wolfSSL_AsyncPush(ssl, args->dCert->sigCtx.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - goto exit_dc; + goto exit_ppc; } #endif } diff --git a/src/tls.c b/src/tls.c index 9c6d39dcb..65e03b3e6 100755 --- a/src/tls.c +++ b/src/tls.c @@ -5422,7 +5422,7 @@ int TLSX_KeyShare_Establish(WOLFSSL *ssl) /* Move private key to client entry. */ if (clientKSE->key != NULL) - XFREE(clientKSE->key, heap, DYNAMIC_TYPE_TLSX); + XFREE(clientKSE->key, ssl->heap, DYNAMIC_TYPE_TLSX); clientKSE->key = serverKSE->key; serverKSE->key = NULL; clientKSE->keyLen = serverKSE->keyLen; From 8cd78edac112358bbdb44aa0c35499c6e6e3cbf7 Mon Sep 17 00:00:00 2001 From: David Garske Date: Sat, 6 May 2017 00:39:12 -0400 Subject: [PATCH 4/5] Fixes for building with smallstack --- src/crl.c | 2 +- wolfcrypt/src/pkcs7.c | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/crl.c b/src/crl.c index d2033dd53..bedf9718b 100755 --- a/src/crl.c +++ b/src/crl.c @@ -870,7 +870,7 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor) ret = SSL_SUCCESS; /* load failures not reported, for backwards compat */ #ifdef WOLFSSL_SMALL_STACK - XFREE(readCtx, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(readCtx, crl->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif if (monitor & WOLFSSL_CRL_MONITOR) { diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index e5a3f90d6..428e55b0f 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -3017,7 +3017,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) WOLFSSL_MSG("Failed to create RecipientInfo"); wc_FreeRng(&rng); #ifdef WOLFSSL_SMALL_STACK - XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER); + XFREE(recip, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return recipSz; } @@ -3028,7 +3028,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) wc_FreeRng(&rng); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER); + XFREE(recip, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -3037,7 +3037,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) contentTypeSz = wc_SetContentType(pkcs7->contentOID, contentType); if (contentTypeSz == 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER); + XFREE(recip, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return BAD_FUNC_ARG; } @@ -3066,7 +3066,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) if (encryptedContent == NULL) { XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #ifdef WOLFSSL_SMALL_STACK - XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER); + XFREE(recip, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return MEMORY_E; } @@ -3133,7 +3133,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #ifdef WOLFSSL_SMALL_STACK - XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER); + XFREE(recip, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return BUFFER_E; } @@ -3173,7 +3173,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #ifdef WOLFSSL_SMALL_STACK - XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER); + XFREE(recip, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return idx; From 5726c23d81784f3f03f30124335b9e8daa289419 Mon Sep 17 00:00:00 2001 From: David Garske Date: Sat, 6 May 2017 14:00:24 -0700 Subject: [PATCH 5/5] Fix for scan-build warning with ret not being read in DoServerHello. --- src/internal.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/internal.c b/src/internal.c index e1a10e895..a39c7c5f7 100755 --- a/src/internal.c +++ b/src/internal.c @@ -15428,20 +15428,20 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz if (ssl->options.resuming) { if (DSH_CheckSessionId(ssl)) { if (SetCipherSpecs(ssl) == 0) { - ret = -1; XMEMCPY(ssl->arrays->masterSecret, ssl->session.masterSecret, SECRET_LEN); - #ifdef NO_OLD_TLS + #ifdef NO_OLD_TLS + ret = DeriveTlsKeys(ssl); + #else + ret = -1; /* default value */ + #ifndef NO_TLS + if (ssl->options.tls) ret = DeriveTlsKeys(ssl); - #else - #ifndef NO_TLS - if (ssl->options.tls) - ret = DeriveTlsKeys(ssl); - #endif - if (!ssl->options.tls) - ret = DeriveKeys(ssl); - #endif + #endif + if (!ssl->options.tls) + ret = DeriveKeys(ssl); + #endif /* NO_OLD_TLS */ ssl->options.serverState = SERVER_HELLODONE_COMPLETE; return ret;