From 64ba151c358ab7106464b5926ff677d36ddc2546 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 6 Jun 2018 16:38:48 -0700 Subject: [PATCH] Experimental fixes for async to resolve runtime fsanitize issues with invalid memory access due to attempting realloc on non NUMA type. Tested with `./configure --with-intelqa=../QAT1.6 --enable-asynccrypt CC="clang -fsanitize=address" --enable-debug --disable-shared --enable-trackmemory CFLAGS="-DWOLFSSL_DEBUG_MEMORY -DWOLFSSL_DEBUG_MEMORY_PRINT" && make` and `sudo ./tests/unit.test`. --- src/internal.c | 13 ++++++++++--- src/tls.c | 38 +++++++++++++++----------------------- wolfcrypt/src/ecc.c | 16 ++-------------- 3 files changed, 27 insertions(+), 40 deletions(-) diff --git a/src/internal.c b/src/internal.c index dfb3a2fe9..0433c643c 100644 --- a/src/internal.c +++ b/src/internal.c @@ -13286,7 +13286,7 @@ typedef struct BuildMsgArgs { word32 headerSz; word16 size; word32 ivSz; /* TLSv1.1 IV */ - byte iv[AES_BLOCK_SIZE]; /* max size */ + byte* iv; } BuildMsgArgs; static void FreeBuildMsgArgs(WOLFSSL* ssl, void* pArgs) @@ -13296,7 +13296,10 @@ static void FreeBuildMsgArgs(WOLFSSL* ssl, void* pArgs) (void)ssl; (void)args; - /* no allocations in BuildMessage */ + if (args->iv) { + XFREE(args->iv, ssl->heap, DYNAMIC_TYPE_SALT); + args->iv = NULL; + } } #endif @@ -13400,7 +13403,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, args->ivSz = blockSz; args->sz += args->ivSz; - if (args->ivSz > (word32)sizeof(args->iv)) + if (args->ivSz > AES_BLOCK_SIZE) ERROR_OUT(BUFFER_E, exit_buildmsg); } args->sz += 1; /* pad byte */ @@ -13431,6 +13434,10 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, } if (args->ivSz > 0) { + args->iv = (byte*)XMALLOC(args->ivSz, ssl->heap, DYNAMIC_TYPE_SALT); + if (args->iv == NULL) + ERROR_OUT(MEMORY_E, exit_buildmsg); + ret = wc_RNG_GenerateBlock(ssl->rng, args->iv, args->ivSz); if (ret != 0) goto exit_buildmsg; diff --git a/src/tls.c b/src/tls.c index 9f0c49497..766613a5a 100644 --- a/src/tls.c +++ b/src/tls.c @@ -260,16 +260,15 @@ static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen, #ifdef WOLFSSL_SMALL_STACK byte* md5_half; byte* sha_half; - byte* labelSeed; byte* md5_result; byte* sha_result; #else byte md5_half[MAX_PRF_HALF]; /* half is real size */ byte sha_half[MAX_PRF_HALF]; /* half is real size */ - byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */ byte md5_result[MAX_PRF_DIG]; /* digLen is real size */ byte sha_result[MAX_PRF_DIG]; /* digLen is real size */ #endif + DECLARE_VAR(labelSeed, byte, MAX_PRF_LABSEED, heap); if (half > MAX_PRF_HALF) return BUFFER_E; @@ -281,17 +280,16 @@ static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen, #ifdef WOLFSSL_SMALL_STACK md5_half = (byte*)XMALLOC(MAX_PRF_HALF, heap, DYNAMIC_TYPE_DIGEST); sha_half = (byte*)XMALLOC(MAX_PRF_HALF, heap, DYNAMIC_TYPE_DIGEST); - labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, heap, DYNAMIC_TYPE_SEED); md5_result = (byte*)XMALLOC(MAX_PRF_DIG, heap, DYNAMIC_TYPE_DIGEST); sha_result = (byte*)XMALLOC(MAX_PRF_DIG, heap, DYNAMIC_TYPE_DIGEST); - if (md5_half == NULL || sha_half == NULL || labelSeed == NULL || - md5_result == NULL || sha_result == NULL) { + if (md5_half == NULL || sha_half == NULL || md5_result == NULL || + sha_result == NULL) { if (md5_half) XFREE(md5_half, heap, DYNAMIC_TYPE_DIGEST); if (sha_half) XFREE(sha_half, heap, DYNAMIC_TYPE_DIGEST); - if (labelSeed) XFREE(labelSeed, heap, DYNAMIC_TYPE_SEED); if (md5_result) XFREE(md5_result, heap, DYNAMIC_TYPE_DIGEST); if (sha_result) XFREE(sha_result, heap, DYNAMIC_TYPE_DIGEST); + FREE_VAR(labelSeed, heap); return MEMORY_E; } @@ -317,11 +315,12 @@ static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen, #ifdef WOLFSSL_SMALL_STACK XFREE(md5_half, heap, DYNAMIC_TYPE_DIGEST); XFREE(sha_half, heap, DYNAMIC_TYPE_DIGEST); - XFREE(labelSeed, heap, DYNAMIC_TYPE_SEED); XFREE(md5_result, heap, DYNAMIC_TYPE_DIGEST); XFREE(sha_result, heap, DYNAMIC_TYPE_DIGEST); #endif + FREE_VAR(labelSeed, heap); + return ret; } @@ -339,21 +338,11 @@ static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen, int ret = 0; if (useAtLeastSha256) { -#ifdef WOLFSSL_SMALL_STACK - byte* labelSeed; -#else - byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */ -#endif + DECLARE_VAR(labelSeed, byte, MAX_PRF_LABSEED, heap); if (labLen + seedLen > MAX_PRF_LABSEED) return BUFFER_E; -#ifdef WOLFSSL_SMALL_STACK - labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, heap, DYNAMIC_TYPE_SEED); - if (labelSeed == NULL) - return MEMORY_E; -#endif - XMEMCPY(labelSeed, label, labLen); XMEMCPY(labelSeed + labLen, seed, seedLen); @@ -364,9 +353,7 @@ static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen, ret = p_hash(digest, digLen, secret, secLen, labelSeed, labLen + seedLen, hash_type, heap, devId); -#ifdef WOLFSSL_SMALL_STACK - XFREE(labelSeed, heap, DYNAMIC_TYPE_SEED); -#endif + FREE_VAR(labelSeed, heap); } #ifndef NO_OLD_TLS else { @@ -528,13 +515,18 @@ static int _DeriveTlsKeys(byte* key_dig, word32 key_dig_len, int tls1_2, int hash_type, void* heap, int devId) { - byte seed[SEED_LEN]; + int ret; + DECLARE_VAR(seed, byte, SEED_LEN, heap); XMEMCPY(seed, sr, RAN_LEN); XMEMCPY(seed + RAN_LEN, cr, RAN_LEN); - return PRF(key_dig, key_dig_len, ms, msLen, key_label, KEY_LABEL_SZ, + ret = PRF(key_dig, key_dig_len, ms, msLen, key_label, KEY_LABEL_SZ, seed, SEED_LEN, tls1_2, hash_type, heap, devId); + + FREE_VAR(seed, heap); + + return ret; } /* External facing wrapper so user can call as well, 0 on success */ diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 8daa52e63..dd551bd54 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -3116,17 +3116,7 @@ int wc_ecc_point_is_at_infinity(ecc_point* p) static int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order) { int err; -#ifdef WOLFSSL_SMALL_STACK - byte* buf; -#else - byte buf[ECC_MAXSIZE_GEN]; -#endif - -#ifdef WOLFSSL_SMALL_STACK - buf = (byte*)XMALLOC(ECC_MAXSIZE_GEN, NULL, DYNAMIC_TYPE_ECC_BUFFER); - if (buf == NULL) - return MEMORY_E; -#endif + DECLARE_VAR(buf, byte, ECC_MAXSIZE_GEN, rng->heap); /*generate 8 extra bytes to mitigate bias from the modulo operation below*/ /*see section A.1.2 in 'Suite B Implementor's Guide to FIPS 186-3 (ECDSA)'*/ @@ -3153,9 +3143,7 @@ static int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order) } ForceZero(buf, ECC_MAXSIZE); -#ifdef WOLFSSL_SMALL_STACK - XFREE(buf, NULL, DYNAMIC_TYPE_ECC_BUFFER); -#endif + FREE_VAR(buf, rng->heap); return err; }