wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-03-24 12:47:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9545 from douzzer/20251211-DRBG-SHA2-smallstackcache-prealloc

Browse Source 
20251211-DRBG-SHA2-smallstackcache-prealloc
This commit is contained in:
Sean Parkinson
2025-12-18 10:07:37 +10:00
committed by GitHub
parent b7e69fb2f3 fc7d4ffad4
commit a103f5af8b
28 changed files with 941 additions and 263 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
.github/workflows/trackmemory.yml vendored Normal file
View File

@@ -0,0 +1,60 @@
name: WOLFSSL_TRACK_MEMORY Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
make_check:
strategy:
matrix:
config: [
# Add new configs here
'--enable-all CFLAGS="-DWC_RNG_SEED_CB -DWOLFSSL_TRACK_MEMORY -DWOLFSSL_DEBUG_MEMORY"',
'--enable-smallstack --enable-all CFLAGS="-DWC_RNG_SEED_CB -DWOLFSSL_TRACK_MEMORY -DWOLFSSL_DEBUG_MEMORY"',
'--enable-smallstackcache --enable-smallstack --enable-all CFLAGS="-DWC_RNG_SEED_CB -DWOLFSSL_TRACK_MEMORY -DWOLFSSL_DEBUG_MEMORY"',
# Note the below smallstackcache tests are crucial coverage for the Linux kernel
# module, when targeting a kernel with the randomness patch (linuxkm/patches/)
# applied.
#
# Note, don't combine wolfEntropy with the full TLS cipher suite test -- the implicit wc_InitRng()s in each suite have an enormous CPU footprint.
'--enable-wolfEntropy --enable-smallstackcache --enable-smallstack --enable-all CFLAGS="-DWC_RNG_SEED_CB -DWOLFSSL_TRACK_MEMORY -DWOLFSSL_DEBUG_MEMORY -DNO_WOLFSSL_CIPHER_SUITE_TEST"',
'--enable-intelrdseed --enable-smallstackcache --enable-smallstack --enable-all CFLAGS="-DWC_RNG_SEED_CB -DWOLFSSL_TRACK_MEMORY -DWOLFSSL_DEBUG_MEMORY -DNO_WOLFSSL_CIPHER_SUITE_TEST"',
'--enable-amdrand --enable-smallstackcache --enable-smallstack --enable-all CFLAGS="-DWC_RNG_SEED_CB -DWOLFSSL_TRACK_MEMORY -DWOLFSSL_DEBUG_MEMORY -DNO_WOLFSSL_CIPHER_SUITE_TEST"',
'--disable-asm --enable-wolfEntropy --enable-smallstackcache --enable-smallstack --enable-all CFLAGS="-DWC_RNG_SEED_CB -DWOLFSSL_TRACK_MEMORY -DWOLFSSL_DEBUG_MEMORY -DNO_WOLFSSL_CIPHER_SUITE_TEST"'
]
name: make check
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:
- uses: actions/checkout@v4
name: Checkout wolfSSL
- name: Test wolfSSL
run: |
./autogen.sh
./configure ${{ matrix.config }}
make -j 4
make check
- name: Print errors
if: ${{ failure() }}
run: |
for file in scripts/*.log
do
if [ -f "$file" ]; then
echo "${file}:"
cat "$file"
echo "========================================================================"
fi
done

3
.wolfssl_known_macro_extras
View File

@@ -65,6 +65,7 @@ CONFIG_CRYPTO_CBC
CONFIG_CRYPTO_CTR
CONFIG_CRYPTO_DH
CONFIG_CRYPTO_DH_RFC7919_GROUPS
CONFIG_CRYPTO_DRBG
CONFIG_CRYPTO_ECB
CONFIG_CRYPTO_ECDH
CONFIG_CRYPTO_ECDSA
@@ -663,8 +664,8 @@ WOLFSSL_ALLOW_SERVER_SC_EXT
WOLFSSL_ALLOW_TLS_SHA1
WOLFSSL_ALTERNATIVE_DOWNGRADE
WOLFSSL_ALT_NAMES_NO_REV
WOLFSSL_ARM_ARCH_NEON_64BIT
WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP
WOLFSSL_ARM_ARCH_NEON_64BIT
WOLFSSL_ASCON_UNROLL
WOLFSSL_ASNC_CRYPT
WOLFSSL_ASN_EXTRA

2
configure.ac
View File

@@ -7512,7 +7512,7 @@ then
fi
# Small Stack - Cache on object
if test "$KERNEL_MODE_DEFAULTS" = "yes" && (test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6)
if test "$KERNEL_MODE_DEFAULTS" = "yes"
then
ENABLED_SMALL_STACK_CACHE_DEFAULT=yes
else

17
linuxkm/lkcapi_aes_glue.c
View File

@@ -121,7 +121,8 @@
#define LINUXKM_LKCAPI_REGISTER_AESCBC
#endif
#else
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_CBC)
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_CBC) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_AESCBC)
#error Config conflict: target kernel has CONFIG_CRYPTO_CBC, but module is missing HAVE_AES_CBC.
#endif
#undef LINUXKM_LKCAPI_REGISTER_AESCBC
@@ -151,7 +152,8 @@
#define LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106
#endif
#else
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_GCM)
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_GCM) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_AESGCM)
#error Config conflict: target kernel has CONFIG_CRYPTO_GCM, but module is missing HAVE_AESGCM.
#endif
#undef LINUXKM_LKCAPI_REGISTER_AESGCM
@@ -166,8 +168,9 @@
#define LINUXKM_LKCAPI_REGISTER_AESXTS
#endif
#else
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_XTS)
#error Config conflict: target kernel has CONFIG_CRYPTO_GCM, but module is missing WOLFSSL_AES_XTS.
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_XTS) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_AESXTS)
#error Config conflict: target kernel has CONFIG_CRYPTO_XTS, but module is missing WOLFSSL_AES_XTS.
#endif
#undef LINUXKM_LKCAPI_REGISTER_AESXTS
#endif
@@ -180,7 +183,8 @@
#define LINUXKM_LKCAPI_REGISTER_AESCTR
#endif
#else
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_CTR)
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_CTR) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_AESCTR)
#error Config conflict: target kernel has CONFIG_CRYPTO_CTR, but module is missing WOLFSSL_AES_COUNTER.
#endif
#undef LINUXKM_LKCAPI_REGISTER_AESCTR
@@ -204,7 +208,8 @@
#define LINUXKM_LKCAPI_REGISTER_AESECB
#endif
#else
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_ECB)
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_ECB) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_AESECB)
#error Config conflict: target kernel has CONFIG_CRYPTO_ECB, but module is missing HAVE_AES_ECB.
#endif
#undef LINUXKM_LKCAPI_REGISTER_AESECB

8
linuxkm/lkcapi_dh_glue.c
View File

@@ -58,7 +58,10 @@
#undef LINUXKM_LKCAPI_REGISTER_DH
#endif
#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 18, 0)
#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 18, 0)) && \
!(defined(RHEL_MAJOR) && \
((RHEL_MAJOR > 9) || ((RHEL_MAJOR == 9) && (RHEL_MINOR >= 5))))
/* Support for FFDHE was added in kernel 5.18, and generic DH support
* pre-5.18 used a different binary format for the secret (an additional
* slot for q).
@@ -73,7 +76,8 @@
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && \
(defined(CONFIG_CRYPTO_DH) || defined(CONFIG_CRYPTO_DH_RFC7919_GROUPS)) && \
!defined(LINUXKM_LKCAPI_REGISTER_DH)
!defined(LINUXKM_LKCAPI_REGISTER_DH) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_DH)
#error Config conflict: target kernel has CONFIG_CRYPTO_DH and/or \
_DH_RFC7919_GROUPS, but module is missing LINUXKM_LKCAPI_REGISTER_DH.
#endif

4
linuxkm/lkcapi_ecdh_glue.c
View File

@@ -43,7 +43,8 @@
/* currently incompatible with kernel 5.12 or earlier. */
#undef LINUXKM_LKCAPI_REGISTER_ECDH
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_ECDH)
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_ECDH) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_ECDH)
#error Config conflict: missing implementation forces off LINUXKM_LKCAPI_REGISTER_ECDH.
#endif
#endif
@@ -51,6 +52,7 @@
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && \
defined(CONFIG_CRYPTO_ECDH) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_ECDH) && \
!defined(LINUXKM_LKCAPI_REGISTER_ECDH)
#error Config conflict: target kernel has CONFIG_CRYPTO_ECDH, but module is missing LINUXKM_LKCAPI_REGISTER_ECDH.
#endif

4
linuxkm/lkcapi_ecdsa_glue.c
View File

@@ -64,13 +64,15 @@
#undef LINUXKM_LKCAPI_REGISTER_ECDSA
#endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_ECDSA)
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_ECDSA) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_ECDSA)
#error Config conflict: missing implementation forces off LINUXKM_LKCAPI_REGISTER_ECDSA.
#endif
#endif
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && \
defined(CONFIG_CRYPTO_ECDSA) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_ECDSA) && \
!defined(LINUXKM_LKCAPI_REGISTER_ECDSA)
#error Config conflict: target kernel has CONFIG_CRYPTO_ECDSA, but module is missing LINUXKM_LKCAPI_REGISTER_ECDSA.
#endif

5
linuxkm/lkcapi_rsa_glue.c
View File

@@ -63,7 +63,8 @@
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && \
defined(CONFIG_CRYPTO_RSA) && \
!defined(LINUXKM_LKCAPI_REGISTER_RSA)
!defined(LINUXKM_LKCAPI_REGISTER_RSA) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_RSA)
#error Config conflict: target kernel has CONFIG_CRYPTO_RSA, but module is missing LINUXKM_LKCAPI_REGISTER_RSA.
#endif
@@ -71,7 +72,7 @@
#if defined(WOLFSSL_RSA_VERIFY_ONLY) || \
defined(WOLFSSL_RSA_PUBLIC_ONLY)
#error LINUXKM_LKCAPI_REGISTER_RSA and RSA_VERIFY_ONLY not supported
#error LINUXKM_LKCAPI_REGISTER_RSA with RSA_VERIFY_ONLY/WOLFSSL_RSA_PUBLIC_ONLY not supported
#endif /* WOLFSSL_RSA_VERIFY_ONLY || WOLFSSL_RSA_PUBLIC_ONLY */
#ifdef WC_RSA_NO_PADDING

80
linuxkm/lkcapi_sha_glue.c
View File

@@ -176,7 +176,8 @@
#define LINUXKM_LKCAPI_DONT_REGISTER_SHA3_512_HMAC
#endif
#if defined(NO_HMAC) && defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_HMAC)
#if defined(NO_HMAC) && defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_HMAC) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_HMAC_ALL)
#error Config conflict: target kernel has CONFIG_CRYPTO_HMAC, but module has NO_HMAC
#endif
@@ -196,7 +197,8 @@
#define LINUXKM_LKCAPI_REGISTER_SHA1_HMAC
#endif
#else
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA1)
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA1) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA1)
#error Config conflict: target kernel has CONFIG_CRYPTO_SHA1, but module has NO_SHA
#endif
@@ -220,7 +222,8 @@
#define LINUXKM_LKCAPI_REGISTER_SHA2_224_HMAC
#endif
#else
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA256)
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA256) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_224)
#error Config conflict: target kernel has CONFIG_CRYPTO_SHA256, but module is missing WOLFSSL_SHA224
#endif
@@ -244,7 +247,8 @@
#define LINUXKM_LKCAPI_REGISTER_SHA2_256_HMAC
#endif
#else
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA256)
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA256) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_256)
#error Config conflict: target kernel has CONFIG_CRYPTO_SHA256, but module has NO_SHA256
#endif
@@ -268,7 +272,8 @@
#define LINUXKM_LKCAPI_REGISTER_SHA2_384_HMAC
#endif
#else
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA512)
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA512) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_384)
#error Config conflict: target kernel has CONFIG_CRYPTO_SHA512, but module is missing WOLFSSL_SHA384
#endif
@@ -292,7 +297,8 @@
#define LINUXKM_LKCAPI_REGISTER_SHA2_512_HMAC
#endif
#else
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA512)
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA512) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_512)
#error Config conflict: target kernel has CONFIG_CRYPTO_SHA512, but module is missing WOLFSSL_SHA512
#endif
@@ -345,7 +351,8 @@
#endif
#endif
#else
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA3)
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA3) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA3)
#error Config conflict: target kernel has CONFIG_CRYPTO_SHA3, but module is missing WOLFSSL_SHA3
#endif
@@ -379,6 +386,10 @@
#endif
/* setup for LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT is in linuxkm_wc_port.h */
#else
#if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_DRBG) && \
!defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG)
#error Config conflict: target kernel has CONFIG_CRYPTO_SHA3, but module is missing WOLFSSL_SHA3
#endif
#undef LINUXKM_LKCAPI_REGISTER_HASH_DRBG
#endif
@@ -757,6 +768,7 @@ WC_MAYBE_UNUSED static void km_hmac_exit_tfm(struct crypto_shash *tfm)
}
WC_MAYBE_UNUSED static int km_hmac_init(struct shash_desc *desc) {
int ret;
struct km_sha_hmac_state *t_ctx = (struct km_sha_hmac_state *)shash_desc_ctx(desc);
struct km_sha_hmac_pstate *p_ctx = (struct km_sha_hmac_pstate *)crypto_shash_ctx(desc->tfm);
@@ -764,34 +776,12 @@ WC_MAYBE_UNUSED static int km_hmac_init(struct shash_desc *desc) {
if (! t_ctx->wc_hmac)
return -ENOMEM;
XMEMCPY(t_ctx->wc_hmac, &p_ctx->wc_hmac, sizeof *t_ctx->wc_hmac);
#ifdef WOLFSSL_SMALL_STACK_CACHE
/* The cached W buffer from the persistent ctx can't be used because it
* would be double-freed, first by km_hmac_free_tstate(), then by
* km_hmac_exit_tfm().
*/
switch (t_ctx->wc_hmac->macType) {
#ifndef NO_SHA256
case WC_SHA256:
#ifdef WOLFSSL_SHA224
case WC_SHA224:
#endif
t_ctx->wc_hmac->hash.sha256.W = NULL;
break;
#endif /* WOLFSSL_SHA256 */
#ifdef WOLFSSL_SHA512
case WC_SHA512:
#ifdef WOLFSSL_SHA384
case WC_SHA384:
#endif
t_ctx->wc_hmac->hash.sha512.W = NULL;
break;
#endif /* WOLFSSL_SHA512 */
ret = wc_HmacCopy(&p_ctx->wc_hmac, t_ctx->wc_hmac);
if (ret != 0) {
free(t_ctx->wc_hmac);
t_ctx->wc_hmac = NULL;
return -EINVAL;
}
#endif /* WOLFSSL_SMALL_STACK_CACHE */
return 0;
}
@@ -1073,7 +1063,7 @@ static inline struct wc_rng_inst *get_drbg(struct crypto_rng *tfm) {
return NULL;
}
if (tfm == crypto_default_rng) {
if ((tfm == crypto_default_rng) && (preempt_count() == 0)) {
#if defined(CONFIG_SMP) && (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
migrate_disable(); /* this actually makes irq_count() nonzero, so that
* DISABLE_VECTOR_REGISTERS() is superfluous, but
@@ -1108,14 +1098,14 @@ static inline struct wc_rng_inst *get_drbg(struct crypto_rng *tfm) {
* caller can't sleep and the requested DRBG is busy, it returns immediately --
* this avoids priority inversions and deadlocks.
*/
static inline struct wc_rng_inst *get_drbg_n(struct wc_linuxkm_drbg_ctx *ctx, int n) {
static inline struct wc_rng_inst *get_drbg_n(struct wc_linuxkm_drbg_ctx *ctx, int n, int can_spin) {
int can_sleep = (preempt_count() == 0);
for (;;) {
int expected = 0;
if (likely(__atomic_compare_exchange_n(&ctx->rngs[n].lock, &expected, 1, 0, __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE)))
return &ctx->rngs[n];
if (can_sleep) {
if (can_sleep && can_spin) {
if (signal_pending(current))
return NULL;
cond_resched();
@@ -1242,7 +1232,7 @@ static int wc_linuxkm_drbg_seed(struct crypto_rng *tfm,
* up, to assure they can't possibly phase-lock to each other.
*/
for (n = ctx->n_rngs - 1; n >= 0; --n) {
struct wc_rng_inst *drbg = get_drbg_n(ctx, n);
struct wc_rng_inst *drbg = get_drbg_n(ctx, n, 1);
if (! drbg) {
ret = -EINTR;
@@ -1313,6 +1303,14 @@ static int wc_linuxkm_drbg_loaded = 0;
#ifdef LINUXKM_DRBG_GET_RANDOM_BYTES
#ifndef WOLFSSL_SMALL_STACK_CACHE
/* WOLFSSL_SMALL_STACK_CACHE eliminates post-init heap allocations in SHA-2
* and the Hash DRBG, fixing circular call dependencies between
* get_random_u32() from kernel heap and wolfCrypt DRBG.
*/
#error LINUXKM_DRBG_GET_RANDOM_BYTES requires WOLFSSL_SMALL_STACK_CACHE.
#endif
#if !(defined(HAVE_ENTROPY_MEMUSE) || defined(HAVE_INTEL_RDSEED) || \
defined(HAVE_AMD_RDSEED) || defined(WC_LINUXKM_RDSEED_IN_GLUE_LAYER))
#error LINUXKM_DRBG_GET_RANDOM_BYTES requires a native or intrinsic entropy source.
@@ -1491,11 +1489,11 @@ static int wc_mix_pool_bytes(const void *buf, size_t len) {
return -EFAULT;
for (n = ctx->n_rngs - 1; n >= 0; --n) {
struct wc_rng_inst *drbg = get_drbg_n(ctx, n);
struct wc_rng_inst *drbg = get_drbg_n(ctx, n, 0);
int V_offset;
if (! drbg)
return -EINTR;
continue;
for (i = 0, V_offset = 0; i < len; ++i) {
((struct DRBG_internal *)drbg->rng.drbg)->V[V_offset++] += ((byte *)buf)[i];
@@ -1523,7 +1521,7 @@ static int wc_crng_reseed(void) {
return -EFAULT;
for (n = ctx->n_rngs - 1; n >= 0; --n) {
struct wc_rng_inst *drbg = get_drbg_n(ctx, n);
struct wc_rng_inst *drbg = get_drbg_n(ctx, n, 1);
if (! drbg)
return -EINTR;

44
src/internal.c
View File

@@ -7344,36 +7344,48 @@ int InitHandshakeHashesAndCopy(WOLFSSL* ssl, HS_Hashes* source,
HS_Hashes** destination)
{
int ret;
HS_Hashes* tmpHashes;
if (source == NULL)
if ((ssl == NULL) || (source == NULL) || (destination == NULL))
return BAD_FUNC_ARG;
/* save the original so we can put it back afterward */
tmpHashes = ssl->hsHashes;
ssl->hsHashes = *destination;
ret = InitHandshakeHashes(ssl);
if (ret != 0) {
WOLFSSL_MSG_EX("InitHandshakeHashes failed. err = %d", ret);
ssl->hsHashes = tmpHashes; /* restore hsHashes pointer to original
* before returning */
return ret;
/* If *destination is already allocated, its constituent hashes need to be
* freed, else they would leak. To keep things simple, we reuse
* FreeHandshakeHashes(), which deallocates *destination.
*/
if (*destination != NULL) {
HS_Hashes* tmp = ssl->hsHashes;
ssl->hsHashes = *destination;
FreeHandshakeHashes(ssl);
ssl->hsHashes = tmp;
}
*destination = ssl->hsHashes;
ssl->hsHashes = tmpHashes;
/* allocate handshake hashes */
*destination = (HS_Hashes*)XMALLOC(sizeof(HS_Hashes), ssl->heap,
DYNAMIC_TYPE_HASHES);
if (*destination == NULL) {
WOLFSSL_MSG("HS_Hashes Memory error");
return MEMORY_E;
}
/* Note we can't call InitHandshakeHashes() here, because the copy methods
* overwrite the entire dest low level hash struct. With some hashes and
* settings (e.g. SHA-2 hashes with WOLFSSL_SMALL_STACK_CACHE), internal
* scratch buffers are preallocated at init and will leak if overwritten.
*/
XMEMSET(*destination, 0, sizeof(HS_Hashes));
/* now copy the source contents to the destination */
ret = 0;
#ifndef NO_OLD_TLS
#ifndef NO_SHA
ret = wc_ShaCopy(&source->hashSha, &(*destination)->hashSha);
if (ret == 0)
ret = wc_ShaCopy(&source->hashSha, &(*destination)->hashSha);
#endif
#ifndef NO_MD5
if (ret == 0)
ret = wc_Md5Copy(&source->hashMd5, &(*destination)->hashMd5);
#endif
#endif /* !NO_OLD_TLS */
#endif /* !NO_OLD_TLS */
#ifndef NO_SHA256
if (ret == 0)
ret = wc_Sha256Copy(&source->hashSha256,

2
src/ssl_load.c
View File

@@ -2064,7 +2064,7 @@ static int ProcessBufferCert(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der)
}
/* Don't check if no SSL object verification is disabled for SSL
* context. */
else if ((ssl == NULL) && ctx->verifyNone) {
else if ((ssl == NULL) && (ctx != NULL) && ctx->verifyNone) {
checkKeySz = 0;
}

17
tests/api.c
View File

@@ -22832,8 +22832,6 @@ static int test_wolfSSL_EVP_Cipher_extra(void)
set_plain(plain, BUFFSZ * RECORDS);
SSL_library_init();
ExpectNotNull(evp = EVP_CIPHER_CTX_new());
ExpectIntNE((ret = EVP_CipherInit(evp, type, NULL, iv, 0)), 0);
@@ -32566,8 +32564,10 @@ static word32 test_wolfSSL_dtls_stateless_HashWOLFSSL(const WOLFSSL* ssl)
wc_HashAlg hash;
const TLSX* exts = ssl->extensions;
WOLFSSL sslCopy; /* Use a copy to omit certain fields */
#ifndef WOLFSSL_SMALL_STACK_CACHE
HS_Hashes* hsHashes = ssl->hsHashes; /* Is re-allocated in
* InitHandshakeHashes */
#endif
XMEMCPY(&sslCopy, ssl, sizeof(*ssl));
XMEMSET(hashBuf, 0, sizeof(hashBuf));
@@ -32614,9 +32614,17 @@ static word32 test_wolfSSL_dtls_stateless_HashWOLFSSL(const WOLFSSL* ssl)
AssertIntEQ(wc_HashUpdate(&hash, hashType, (byte*)sslCopy.suites,
sizeof(struct Suites)), 0);
}
#ifdef WOLFSSL_SMALL_STACK_CACHE
/* with WOLFSSL_SMALL_STACK_CACHE, the SHA-2 objects always differ after
* initialization because of cached W and (for SHA512) X buffers.
*/
#else
/* Hash hsHashes */
AssertIntEQ(wc_HashUpdate(&hash, hashType, (byte*)hsHashes,
sizeof(*hsHashes)), 0);
#endif
AssertIntEQ(wc_HashFinal(&hash, hashType, hashBuf), 0);
AssertIntEQ(wc_HashFree(&hash, hashType), 0);
@@ -41493,8 +41501,6 @@ TEST_CASE testCases[] = {
TEST_MLDSA_DECLS,
/* Signature API */
TEST_SIGNATURE_DECLS,
/* x509 */
TEST_X509_DECLS,
/* ASN */
TEST_ASN_DECLS,
@@ -41552,6 +41558,9 @@ TEST_CASE testCases[] = {
TEST_DECL(test_wolfSSL_Init),
/* x509 -- must appear after test_wolfSSL_Init(). */
TEST_X509_DECLS,
TEST_DECL(test_dual_alg_support),
TEST_DECL(test_dual_alg_crit_ext_support),

2
tests/api/test_random.c
View File

@@ -327,7 +327,7 @@ int test_wc_RNG_TestSeed(void)
#if defined(HAVE_HASHDRBG) && \
(!(defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
byte seed[16];
byte seed[32];
byte i;
#ifdef TEST_WC_RNG_TESTSEED_BAD_PARAMS

8
tests/quic.c
View File

@@ -1892,6 +1892,12 @@ int QuicTest(void)
int ret = 0;
#ifdef WOLFSSL_QUIC
int verbose = 0;
if (wolfSSL_Init() != WOLFSSL_SUCCESS) {
printf("wolfSSL_Init() failed in QuicTest().");
return -1;
}
printf(" Begin QUIC Tests\n");
if ((ret = test_set_quic_method()) != TEST_SUCCESS) goto leave;
@@ -1917,6 +1923,8 @@ leave:
printf(" FAILED: some tests did not pass.\n");
}
printf(" End QUIC Tests\n");
(void)wolfSSL_Cleanup();
#endif
return ret == TEST_SUCCESS ? 0 : -1;
}

30
tests/unit.c
View File

@@ -273,6 +273,7 @@ int unit_test(int argc, char** argv)
}
printf("wolfCrypt unit test completed successfully.\n\n");
fflush(stdout);
}
#endif
@@ -282,6 +283,7 @@ int unit_test(int argc, char** argv)
{
if (apiTesting) {
ret = ApiTest();
fflush(stdout);
if (ret != 0)
goto exit;
}
@@ -291,20 +293,25 @@ int unit_test(int argc, char** argv)
}
#ifdef WOLFSSL_W64_WRAPPER
if ((ret = w64wrapper_test()) != 0) {
ret = w64wrapper_test();
fflush(stdout);
if (ret != 0) {
fprintf(stderr, "w64wrapper test failed with %d\n", ret);
goto exit;
}
#endif /* WOLFSSL_W64_WRAPPER */
#ifdef WOLFSSL_QUIC
if ((ret = QuicTest()) != 0) {
ret = QuicTest();
fflush(stdout);
if (ret != 0) {
fprintf(stderr, "quic test failed with %d\n", ret);
goto exit;
}
#endif
SrpTest();
fflush(stdout);
}
#if !defined(NO_WOLFSSL_CIPHER_SUITE_TEST) && \
@@ -324,6 +331,25 @@ exit:
err_sys("Failed to free netRandom context");
#endif /* HAVE_WNR */
#ifdef WOLFSSL_TRACK_MEMORY
if (ret == 0) {
ret = wolfSSL_Cleanup(); /* no-op in a successful full run. */
if (ret == WOLFSSL_SUCCESS)
ret = 0;
else
fprintf(stderr, "wolfSSL_Cleanup() returned %d\n", ret);
if (wc_MemStats_Ptr->currentBytes > 0)
{
fprintf(stderr,
"WOLFSSL_TRACK_MEMORY: currentBytes after cleanup is %ld\n",
wc_MemStats_Ptr->currentBytes);
ret = MEMORY_E;
}
}
#endif
if (ret == 0) {
puts("\nunit_test: Success for all configured tests.");
fflush(stdout);

17
wolfcrypt/src/hmac.c
View File

@@ -248,7 +248,6 @@ int _InitHmac(Hmac* hmac, int type, void* heap)
return ret;
}
#ifdef WOLFSSL_HMAC_COPY_HASH
static int HmacKeyCopyHash(byte macType, wc_HmacHash* src, wc_HmacHash* dst)
{
int ret = 0;
@@ -323,7 +322,21 @@ static int HmacKeyCopyHash(byte macType, wc_HmacHash* src, wc_HmacHash* dst)
return ret;
}
#endif
int wc_HmacCopy(Hmac* src, Hmac* dst) {
int ret;
if ((src == NULL) || (dst == NULL))
return BAD_FUNC_ARG;
XMEMCPY(dst, src, sizeof(*dst));
ret = HmacKeyCopyHash(src->macType, &src->hash, &dst->hash);
if (ret != 0)
XMEMSET(dst, 0, sizeof(*dst));
return ret;
}
static int HmacKeyHashUpdate(byte macType, wc_HmacHash* hash, byte* pad)
{

5
wolfcrypt/src/memory.c
View File

@@ -521,6 +521,11 @@ void* wolfSSL_Realloc(void *ptr, size_t size)
}
#endif /* WOLFSSL_STATIC_MEMORY */
#ifdef WOLFSSL_TRACK_MEMORY
#include <wolfssl/wolfcrypt/mem_track.h>
WOLFSSL_API memoryStats *wc_MemStats_Ptr;
#endif
#ifdef WOLFSSL_STATIC_MEMORY
struct wc_Memory {

345
wolfcrypt/src/random.c
View File

@@ -345,7 +345,8 @@ enum {
typedef struct DRBG_internal DRBG_internal;
static int wc_RNG_HealthTestLocal(int reseed, void* heap, int devId);
static int wc_RNG_HealthTestLocal(WC_RNG* rng, int reseed, void* heap,
int devId);
/* Hash Derivation Function */
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
@@ -363,7 +364,9 @@ static int Hash_df(DRBG_internal* drbg, byte* out, word32 outSz, byte type,
#else
wc_Sha256 sha[1];
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_KERNEL_MODE)
#if defined(WOLFSSL_SMALL_STACK_CACHE)
byte* digest = drbg->digest_scratch;
#elif defined(WOLFSSL_SMALL_STACK)
byte* digest;
#else
byte digest[WC_SHA256_DIGEST_SIZE];
@@ -373,7 +376,7 @@ static int Hash_df(DRBG_internal* drbg, byte* out, word32 outSz, byte type,
return DRBG_FAILURE;
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_KERNEL_MODE)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE)
digest = (byte*)XMALLOC(WC_SHA256_DIGEST_SIZE, drbg->heap,
DYNAMIC_TYPE_DIGEST);
if (digest == NULL)
@@ -434,7 +437,7 @@ static int Hash_df(DRBG_internal* drbg, byte* out, word32 outSz, byte type,
ForceZero(digest, WC_SHA256_DIGEST_SIZE);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_KERNEL_MODE)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE)
XFREE(digest, drbg->heap, DYNAMIC_TYPE_DIGEST);
#endif
@@ -451,8 +454,12 @@ static int Hash_DRBG_Reseed(DRBG_internal* drbg, const byte* seed, word32 seedSz
return DRBG_FAILURE;
}
#ifdef WOLFSSL_SMALL_STACK_CACHE
newV = drbg->seed_scratch;
#else
WC_ALLOC_VAR_EX(newV, byte, DRBG_SEED_LEN, drbg->heap,
DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E);
#endif
XMEMSET(newV, 0, DRBG_SEED_LEN);
ret = Hash_df(drbg, newV, DRBG_SEED_LEN, drbgReseed,
@@ -468,7 +475,9 @@ static int Hash_DRBG_Reseed(DRBG_internal* drbg, const byte* seed, word32 seedSz
drbg->reseedCtr = 1;
}
#ifndef WOLFSSL_SMALL_STACK_CACHE
WC_FREE_VAR_EX(newV, drbg->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
@@ -505,26 +514,27 @@ static WC_INLINE void array_add_one(byte* data, word32 dataSz)
static int Hash_gen(DRBG_internal* drbg, byte* out, word32 outSz, const byte* V)
{
int ret = DRBG_FAILURE;
#ifdef WOLFSSL_SMALL_STACK
byte* data;
byte* digest;
#else
byte data[DRBG_SEED_LEN];
byte digest[WC_SHA256_DIGEST_SIZE];
#endif
word32 i;
word32 len;
#ifdef WOLFSSL_SMALL_STACK_CACHE
#if defined(WOLFSSL_SMALL_STACK_CACHE)
wc_Sha256* sha = &drbg->sha256;
byte* data = drbg->seed_scratch;
byte* digest = drbg->digest_scratch;
#elif defined(WOLFSSL_SMALL_STACK)
wc_Sha256 sha[1];
byte* data = NULL;
byte* digest = NULL;
#else
wc_Sha256 sha[1];
byte data[DRBG_SEED_LEN];
byte digest[WC_SHA256_DIGEST_SIZE];
#endif
if (drbg == NULL) {
return DRBG_FAILURE;
}
#ifdef WOLFSSL_SMALL_STACK
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE)
data = (byte*)XMALLOC(DRBG_SEED_LEN, drbg->heap, DYNAMIC_TYPE_TMP_BUFFER);
digest = (byte*)XMALLOC(WC_SHA256_DIGEST_SIZE, drbg->heap,
DYNAMIC_TYPE_DIGEST);
@@ -582,8 +592,10 @@ static int Hash_gen(DRBG_internal* drbg, byte* out, word32 outSz, const byte* V)
}
ForceZero(data, DRBG_SEED_LEN);
#ifndef WOLFSSL_SMALL_STACK_CACHE
WC_FREE_VAR_EX(digest, drbg->heap, DYNAMIC_TYPE_DIGEST);
WC_FREE_VAR_EX(data, drbg->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
}
@@ -639,7 +651,9 @@ static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz)
return DRBG_NEED_RESEED;
}
else {
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_KERNEL_MODE)
#if defined(WOLFSSL_SMALL_STACK_CACHE)
byte* digest = drbg->digest_scratch;
#elif defined(WOLFSSL_SMALL_STACK)
byte* digest = (byte*)XMALLOC(WC_SHA256_DIGEST_SIZE, drbg->heap,
DYNAMIC_TYPE_DIGEST);
if (digest == NULL)
@@ -688,7 +702,7 @@ static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz)
drbg->reseedCtr++;
}
ForceZero(digest, WC_SHA256_DIGEST_SIZE);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_KERNEL_MODE)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE)
XFREE(digest, drbg->heap, DYNAMIC_TYPE_DIGEST);
#endif
}
@@ -696,6 +710,26 @@ static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz)
return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
}
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
static int Hash_DRBG_Init(DRBG_internal* drbg, const byte* seed, word32 seedSz,
const byte* nonce, word32 nonceSz)
{
if (seed == NULL)
return DRBG_FAILURE;
if (Hash_df(drbg, drbg->V, sizeof(drbg->V), drbgInitV, seed, seedSz,
nonce, nonceSz) == DRBG_SUCCESS &&
Hash_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V,
sizeof(drbg->V), NULL, 0) == DRBG_SUCCESS) {
drbg->reseedCtr = 1;
return DRBG_SUCCESS;
}
else {
return DRBG_FAILURE;
}
}
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
static int Hash_DRBG_Instantiate(DRBG_internal* drbg, const byte* seed, word32 seedSz,
const byte* nonce, word32 nonceSz,
@@ -721,15 +755,8 @@ static int Hash_DRBG_Instantiate(DRBG_internal* drbg, const byte* seed, word32 s
return ret;
#endif
if (Hash_df(drbg, drbg->V, sizeof(drbg->V), drbgInitV, seed, seedSz,
nonce, nonceSz) == DRBG_SUCCESS &&
Hash_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V,
sizeof(drbg->V), NULL, 0) == DRBG_SUCCESS) {
drbg->reseedCtr = 1;
ret = DRBG_SUCCESS;
}
if (seed != NULL)
ret = Hash_DRBG_Init(drbg, seed, seedSz, nonce, nonceSz);
return ret;
}
@@ -785,6 +812,11 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
int ret = 0;
#ifdef HAVE_HASHDRBG
word32 seedSz = SEED_SZ + SEED_BLOCK_SZ;
WC_DECLARE_VAR(seed, byte, MAX_SEED_SZ, rng->heap);
int drbg_instantiated = 0;
#ifdef WOLFSSL_SMALL_STACK_CACHE
int drbg_scratch_instantiated = 0;
#endif
#endif
(void)nonce;
@@ -795,6 +827,8 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
if (nonce == NULL && nonceSz != 0)
return BAD_FUNC_ARG;
XMEMSET(rng, 0, sizeof(*rng));
#ifdef WOLFSSL_HEAP_TEST
rng->heap = (void*)WOLFSSL_HEAP_TEST;
(void)heap;
@@ -816,6 +850,9 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
#ifdef HAVE_HASHDRBG
/* init the DBRG to known values */
rng->drbg = NULL;
#ifdef WOLFSSL_SMALL_STACK_CACHE
rng->drbg_scratch = NULL;
#endif
rng->status = DRBG_NOT_INIT;
#endif
@@ -867,45 +904,90 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
seedSz = MAX_SEED_SZ;
}
ret = wc_RNG_HealthTestLocal(0, rng->heap, devId);
if (ret != 0) {
#if defined(DEBUG_WOLFSSL)
WOLFSSL_MSG_EX("wc_RNG_HealthTestLocal failed err = %d", ret);
#endif
ret = DRBG_CONT_FAILURE;
}
else {
#ifndef WOLFSSL_SMALL_STACK
byte seed[MAX_SEED_SZ];
#else
byte* seed = (byte*)XMALLOC(MAX_SEED_SZ, rng->heap,
DYNAMIC_TYPE_SEED);
if (seed == NULL)
return MEMORY_E;
#endif
#if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY)
rng->drbg =
(struct DRBG*)XMALLOC(sizeof(DRBG_internal), rng->heap,
DYNAMIC_TYPE_RNG);
if (rng->drbg == NULL) {
rng->drbg =
(struct DRBG*)XMALLOC(sizeof(DRBG_internal), rng->heap,
DYNAMIC_TYPE_RNG);
if (rng->drbg == NULL) {
#if defined(DEBUG_WOLFSSL)
WOLFSSL_MSG_EX("_InitRng XMALLOC failed to allocate %d bytes",
sizeof(DRBG_internal));
#endif
ret = MEMORY_E;
rng->status = DRBG_FAILED;
}
#else
rng->drbg = (struct DRBG*)&rng->drbg_data;
#endif /* WOLFSSL_NO_MALLOC or WOLFSSL_STATIC_MEMORY */
#ifdef WOLFSSL_SMALL_STACK_CACHE
if (ret == 0) {
rng->drbg_scratch =
(DRBG_internal *)XMALLOC(sizeof(DRBG_internal), rng->heap,
DYNAMIC_TYPE_RNG);
if (rng->drbg_scratch == NULL) {
#if defined(DEBUG_WOLFSSL)
WOLFSSL_MSG_EX("_InitRng XMALLOC failed to allocate %d bytes",
sizeof(DRBG_internal));
#endif
#endif
ret = MEMORY_E;
rng->status = DRBG_FAILED;
}
#else
rng->drbg = (struct DRBG*)&rng->drbg_data;
#endif /* WOLFSSL_NO_MALLOC or WOLFSSL_STATIC_MEMORY */
}
if (ret != 0) {
#if defined(DEBUG_WOLFSSL)
WOLFSSL_MSG_EX("_InitRng failed. err = %d", ret);
#endif
if (ret == 0) {
ret = Hash_DRBG_Instantiate((DRBG_internal *)rng->drbg_scratch,
NULL /* seed */, 0, NULL /* nonce */, 0, rng->heap, devId);
if (ret == 0)
drbg_scratch_instantiated = 1;
}
if (ret == 0) {
rng->health_check_scratch =
(byte *)XMALLOC(RNG_HEALTH_TEST_CHECK_SIZE, rng->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (rng->health_check_scratch == NULL) {
ret = MEMORY_E;
rng->status = DRBG_FAILED;
}
else {
}
if (ret == 0) {
rng->newSeed_buf = (byte*)XMALLOC(SEED_SZ + SEED_BLOCK_SZ, rng->heap,
DYNAMIC_TYPE_SEED);
if (rng->newSeed_buf == NULL) {
ret = MEMORY_E;
rng->status = DRBG_FAILED;
}
}
#endif /* WOLFSSL_SMALL_STACK_CACHE */
if (ret == 0) {
ret = wc_RNG_HealthTestLocal(rng, 0, rng->heap, devId);
if (ret != 0) {
#if defined(DEBUG_WOLFSSL)
WOLFSSL_MSG_EX("wc_RNG_HealthTestLocal failed err = %d", ret);
#endif
ret = DRBG_CONT_FAILURE;
}
}
#ifdef WOLFSSL_SMALL_STACK
if (ret == 0) {
WC_ALLOC_VAR_EX(seed, byte, MAX_SEED_SZ, rng->heap, DYNAMIC_TYPE_SEED, WC_DO_NOTHING);
if (seed == NULL) {
ret = MEMORY_E;
rng->status = DRBG_FAILED;
}
}
#endif
if (ret != 0) {
#if defined(DEBUG_WOLFSSL)
WOLFSSL_MSG_EX("_InitRng failed. err = %d", ret);
#endif
}
else {
#ifdef WC_RNG_SEED_CB
if (seedCb == NULL) {
ret = DRBG_NO_SEED_CB;
@@ -938,18 +1020,37 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
ret = Hash_DRBG_Instantiate((DRBG_internal *)rng->drbg,
seed + SEED_BLOCK_SZ, seedSz - SEED_BLOCK_SZ,
nonce, nonceSz, rng->heap, devId);
if (ret == 0)
drbg_instantiated = 1;
} /* ret == 0 */
if (ret != DRBG_SUCCESS) {
#if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY)
XFREE(rng->drbg, rng->heap, DYNAMIC_TYPE_RNG);
#endif
rng->drbg = NULL;
}
} /* ret == 0 */
#ifdef WOLFSSL_SMALL_STACK
if (seed)
#endif
{
ForceZero(seed, seedSz);
WC_FREE_VAR_EX(seed, rng->heap, DYNAMIC_TYPE_SEED);
} /* else swc_RNG_HealthTestLocal was successful */
}
WC_FREE_VAR_EX(seed, rng->heap, DYNAMIC_TYPE_SEED);
if (ret != DRBG_SUCCESS) {
if (drbg_instantiated)
(void)Hash_DRBG_Uninstantiate((DRBG_internal *)rng->drbg);
#if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY)
XFREE(rng->drbg, rng->heap, DYNAMIC_TYPE_RNG);
#endif
rng->drbg = NULL;
#ifdef WOLFSSL_SMALL_STACK_CACHE
XFREE(rng->health_check_scratch, rng->heap, DYNAMIC_TYPE_TMP_BUFFER);
rng->health_check_scratch = NULL;
XFREE(rng->newSeed_buf, rng->heap, DYNAMIC_TYPE_TMP_BUFFER);
rng->newSeed_buf = NULL;
if (drbg_scratch_instantiated)
(void)Hash_DRBG_Uninstantiate((DRBG_internal *)rng->drbg_scratch);
XFREE(rng->drbg_scratch, rng->heap, DYNAMIC_TYPE_RNG);
rng->drbg_scratch = NULL;
#endif
}
/* else swc_RNG_HealthTestLocal was successful */
if (ret == DRBG_SUCCESS) {
#ifdef WOLFSSL_CHECK_MEM_ZERO
@@ -1068,14 +1169,17 @@ static int PollAndReSeed(WC_RNG* rng)
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
devId = rng->devId;
#endif
if (wc_RNG_HealthTestLocal(1, rng->heap, devId) == 0) {
#ifndef WOLFSSL_SMALL_STACK
byte newSeed[SEED_SZ + SEED_BLOCK_SZ];
if (wc_RNG_HealthTestLocal(rng, 1, rng->heap, devId) == 0) {
#if defined(WOLFSSL_SMALL_STACK_CACHE)
byte* newSeed = rng->newSeed_buf;
ret = DRBG_SUCCESS;
#else
#elif defined(WOLFSSL_SMALL_STACK)
byte* newSeed = (byte*)XMALLOC(SEED_SZ + SEED_BLOCK_SZ, rng->heap,
DYNAMIC_TYPE_SEED);
ret = (newSeed == NULL) ? MEMORY_E : DRBG_SUCCESS;
#else
byte newSeed[SEED_SZ + SEED_BLOCK_SZ];
ret = DRBG_SUCCESS;
#endif
if (ret == DRBG_SUCCESS) {
#ifdef WC_RNG_SEED_CB
@@ -1101,7 +1205,7 @@ static int PollAndReSeed(WC_RNG* rng)
if (ret == DRBG_SUCCESS)
ret = Hash_DRBG_Reseed((DRBG_internal *)rng->drbg,
newSeed + SEED_BLOCK_SZ, SEED_SZ);
#ifdef WOLFSSL_SMALL_STACK
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE)
if (newSeed != NULL) {
ForceZero(newSeed, SEED_SZ + SEED_BLOCK_SZ);
}
@@ -1247,6 +1351,19 @@ int wc_FreeRng(WC_RNG* rng)
rng->drbg = NULL;
}
#ifdef WOLFSSL_SMALL_STACK_CACHE
if (rng->drbg_scratch != NULL) {
if (Hash_DRBG_Uninstantiate((DRBG_internal *)rng->drbg_scratch) != DRBG_SUCCESS)
ret = RNG_FAILURE_E;
XFREE(rng->drbg_scratch, rng->heap, DYNAMIC_TYPE_RNG);
rng->drbg_scratch = NULL;
}
XFREE(rng->health_check_scratch, rng->heap, DYNAMIC_TYPE_RNG);
rng->health_check_scratch = NULL;
XFREE(rng->newSeed_buf, rng->heap, DYNAMIC_TYPE_RNG);
rng->newSeed_buf = NULL;
#endif
rng->status = DRBG_NOT_INIT;
#endif /* HAVE_HASHDRBG */
@@ -1271,17 +1388,14 @@ int wc_RNG_HealthTest(int reseed, const byte* seedA, word32 seedASz,
}
int wc_RNG_HealthTest_ex(int reseed, const byte* nonce, word32 nonceSz,
static int wc_RNG_HealthTest_ex_internal(DRBG_internal* drbg,
int reseed, const byte* nonce, word32 nonceSz,
const byte* seedA, word32 seedASz,
const byte* seedB, word32 seedBSz,
byte* output, word32 outputSz,
void* heap, int devId)
{
int ret = -1;
DRBG_internal* drbg;
#ifndef WOLFSSL_SMALL_STACK
DRBG_internal drbg_var;
#endif
if (seedA == NULL || output == NULL) {
return BAD_FUNC_ARG;
@@ -1295,20 +1409,19 @@ int wc_RNG_HealthTest_ex(int reseed, const byte* nonce, word32 nonceSz,
return ret;
}
#ifdef WOLFSSL_SMALL_STACK
drbg = (DRBG_internal*)XMALLOC(sizeof(DRBG_internal), heap,
DYNAMIC_TYPE_RNG);
if (drbg == NULL) {
return MEMORY_E;
#ifdef WOLFSSL_SMALL_STACK_CACHE
(void)heap;
(void)devId;
if (Hash_DRBG_Init(drbg, seedA, seedASz, nonce, nonceSz) != 0) {
goto exit_rng_ht;
}
#else
drbg = &drbg_var;
#endif
if (Hash_DRBG_Instantiate(drbg, seedA, seedASz, nonce, nonceSz,
heap, devId) != 0) {
goto exit_rng_ht;
}
#endif
if (reseed) {
if (Hash_DRBG_Reseed(drbg, seedB, seedBSz) != 0) {
@@ -1334,11 +1447,51 @@ int wc_RNG_HealthTest_ex(int reseed, const byte* nonce, word32 nonceSz,
exit_rng_ht:
#ifndef WOLFSSL_SMALL_STACK_CACHE
/* This is safe to call even if Hash_DRBG_Instantiate fails */
if (Hash_DRBG_Uninstantiate(drbg) != 0) {
ret = -1;
}
#endif
return ret;
}
int wc_RNG_HealthTest_ex(int reseed, const byte* nonce, word32 nonceSz,
const byte* seedA, word32 seedASz,
const byte* seedB, word32 seedBSz,
byte* output, word32 outputSz,
void* heap, int devId)
{
int ret = -1;
DRBG_internal* drbg;
#ifndef WOLFSSL_SMALL_STACK
DRBG_internal drbg_var;
#endif
#ifdef WOLFSSL_SMALL_STACK
drbg = (DRBG_internal*)XMALLOC(sizeof(DRBG_internal), heap,
DYNAMIC_TYPE_RNG);
if (drbg == NULL) {
return MEMORY_E;
}
#else
drbg = &drbg_var;
#endif
#ifdef WOLFSSL_SMALL_STACK_CACHE
ret = Hash_DRBG_Instantiate(drbg,
NULL /* seed */, 0, NULL /* nonce */, 0, heap, devId);
if (ret == 0)
#endif
{
ret = wc_RNG_HealthTest_ex_internal(
drbg, reseed, nonce, nonceSz, seedA, seedASz,
seedB, seedBSz, output, outputSz, heap, devId);
#ifdef WOLFSSL_SMALL_STACK_CACHE
Hash_DRBG_Uninstantiate(drbg);
#endif
}
WC_FREE_VAR_EX(drbg, heap, DYNAMIC_TYPE_RNG);
return ret;
@@ -1395,13 +1548,30 @@ const FLASH_QUALIFIER byte outputB_data[] = {
};
static int wc_RNG_HealthTestLocal(int reseed, void* heap, int devId)
static int wc_RNG_HealthTestLocal(WC_RNG* rng, int reseed, void* heap,
int devId)
{
int ret = 0;
#ifdef WOLFSSL_SMALL_STACK_CACHE
byte *check = rng->health_check_scratch;
DRBG_internal* drbg = (DRBG_internal *)rng->drbg_scratch;
#else
WC_DECLARE_VAR(check, byte, RNG_HEALTH_TEST_CHECK_SIZE, 0);
WC_DECLARE_VAR(drbg, DRBG_internal, 1, 0);
(void)rng;
WC_ALLOC_VAR_EX(check, byte, RNG_HEALTH_TEST_CHECK_SIZE, heap,
DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E);
WC_ALLOC_VAR_EX(drbg, DRBG_internal, sizeof(DRBG_internal), heap,
DYNAMIC_TYPE_TMP_BUFFER, WC_DO_NOTHING);
#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
if (drbg == NULL) {
WC_FREE_VAR_EX(check, heap, DYNAMIC_TYPE_TMP_BUFFER);
return MEMORY_E;
}
#endif
#endif
if (reseed) {
#ifdef WOLFSSL_USE_FLASHMEM
@@ -1427,7 +1597,7 @@ static int wc_RNG_HealthTestLocal(int reseed, void* heap, int devId)
const byte* reseedSeedA = reseedSeedA_data;
const byte* outputA = outputA_data;
#endif
ret = wc_RNG_HealthTest_ex(1, NULL, 0,
ret = wc_RNG_HealthTest_ex_internal(drbg, 1, NULL, 0,
seedA, sizeof(seedA_data),
reseedSeedA, sizeof(reseedSeedA_data),
check, RNG_HEALTH_TEST_CHECK_SIZE,
@@ -1470,7 +1640,7 @@ static int wc_RNG_HealthTestLocal(int reseed, void* heap, int devId)
WOLFSSL_MSG_EX("sizeof(seedB_data) = %d",
(int)sizeof(outputB_data));
#endif
ret = wc_RNG_HealthTest_ex(0, NULL, 0,
ret = wc_RNG_HealthTest_ex_internal(drbg, 0, NULL, 0,
seedB, sizeof(seedB_data),
NULL, 0,
check, RNG_HEALTH_TEST_CHECK_SIZE,
@@ -1496,7 +1666,7 @@ static int wc_RNG_HealthTestLocal(int reseed, void* heap, int devId)
* just concatenates them. The pivot point between seed and nonce is
* byte 32, feed them into the health test separately. */
if (ret == 0) {
ret = wc_RNG_HealthTest_ex(0,
ret = wc_RNG_HealthTest_ex_internal(drbg, 0,
seedB + 32, sizeof(seedB_data) - 32,
seedB, 32,
NULL, 0,
@@ -1515,7 +1685,10 @@ static int wc_RNG_HealthTestLocal(int reseed, void* heap, int devId)
#endif
}
#ifndef WOLFSSL_SMALL_STACK_CACHE
WC_FREE_VAR_EX(check, heap, DYNAMIC_TYPE_TMP_BUFFER);
WC_FREE_VAR_EX(drbg, heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}

27
wolfcrypt/src/rsa.c
View File

@@ -1538,7 +1538,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
byte* optLabel, word32 labelLen, void* heap)
{
word32 hLen;
volatile int ret;
int ret;
byte h[WC_MAX_DIGEST_SIZE]; /* max digest size */
word32 idx;
word32 i;
@@ -1573,8 +1573,9 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
#endif
/* find seedMask value */
if ((ret = RsaMGF(mgf, (byte*)(pkcsBlock + (hLen + 1)),
pkcsBlockLen - hLen - 1, tmp, hLen, heap)) != 0) {
ret = RsaMGF(mgf, (byte*)(pkcsBlock + (hLen + 1)),
pkcsBlockLen - hLen - 1, tmp, hLen, heap);
if (ret != 0) {
WC_FREE_VAR_EX(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);
return ret;
}
@@ -1583,8 +1584,8 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
xorbuf(tmp, pkcsBlock + 1, hLen);
/* get dbMask value */
if ((ret = RsaMGF(mgf, tmp, hLen, tmp + hLen,
pkcsBlockLen - hLen - 1, heap)) != 0) {
ret = RsaMGF(mgf, tmp, hLen, tmp + hLen, pkcsBlockLen - hLen - 1, heap);
if (ret != 0) {
ForceZero(tmp, hLen);
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmp, NULL, DYNAMIC_TYPE_RSA_BUFFER);
@@ -1616,7 +1617,8 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
}
/* create hash of label for comparison with hash sent */
if ((ret = wc_Hash(hType, optLabel, labelLen, h, hLen)) != 0) {
ret = wc_Hash(hType, optLabel, labelLen, h, hLen);
if (ret != 0) {
return ret;
}
@@ -1626,13 +1628,14 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
Attackers should not be able to get error condition from the timing of
these checks.
*/
ret = 0;
ret |= ConstantCompare(pkcsBlock + hLen + 1, h, (int)hLen);
ret += pkcsBlock[idx++] ^ 0x01; /* separator value is 0x01 */
ret += pkcsBlock[0] ^ 0x00; /* Y, the first value, should be 0 */
{
volatile int c = ConstantCompare(pkcsBlock + hLen + 1, h, (int)hLen);
c = c + (pkcsBlock[idx++] ^ 0x01); /* separator value is 0x01 */
c = c + (pkcsBlock[0] ^ 0x00); /* Y, the first value, should be 0 */
/* Return 0 data length on error. */
idx = ctMaskSelWord32(ctMaskEq(ret, 0), idx, pkcsBlockLen);
/* Return 0 data length on error. */
idx = ctMaskSelWord32(ctMaskEq(c, 0), idx, pkcsBlockLen);
}
/* adjust pointer to correct location in array and return size of M */
*output = (byte*)(pkcsBlock + idx);

42
wolfcrypt/src/sha256.c
View File

@@ -678,7 +678,10 @@ static int InitSha256(wc_Sha256* sha256)
sha256->devCtx = NULL;
#endif
#ifdef WOLFSSL_SMALL_STACK_CACHE
sha256->W = NULL;
sha256->W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE,
sha256->heap, DYNAMIC_TYPE_DIGEST);
if (sha256->W == NULL)
return MEMORY_E;
#endif
ret = InitSha256(sha256);
@@ -1163,7 +1166,10 @@ static WC_INLINE int Transform_Sha256_Len(wc_Sha256* sha256, const byte* data,
}
#endif
#ifdef WOLFSSL_SMALL_STACK_CACHE
sha256->W = NULL;
sha256->W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE,
sha256->heap, DYNAMIC_TYPE_DIGEST);
if (sha256->W == NULL)
return MEMORY_E;
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA256)
@@ -1244,13 +1250,8 @@ static WC_INLINE int Transform_Sha256_Len(wc_Sha256* sha256, const byte* data,
#if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_NO_MALLOC)
word32* W = sha256->W;
if (W == NULL) {
W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE,
sha256->heap, DYNAMIC_TYPE_DIGEST);
if (W == NULL)
return MEMORY_E;
sha256->W = W;
}
if (W == NULL)
return BAD_FUNC_ARG;
#elif defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
word32* W;
W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE,
@@ -2065,6 +2066,15 @@ static WC_INLINE int Transform_Sha256_Len(wc_Sha256* sha256, const byte* data,
{
int ret = 0;
#ifdef WOLFSSL_SMALL_STACK_CACHE
if (sha224->W == NULL) {
sha224->W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE,
sha224->heap, DYNAMIC_TYPE_DIGEST);
if (sha224->W == NULL)
return MEMORY_E;
}
#endif
sha224->digest[0] = 0xc1059ed8;
sha224->digest[1] = 0x367cd507;
sha224->digest[2] = 0x3070dd17;
@@ -2575,7 +2585,12 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
XMEMCPY(dst, src, sizeof(wc_Sha224));
#ifdef WOLFSSL_SMALL_STACK_CACHE
dst->W = NULL;
dst->W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE,
dst->heap, DYNAMIC_TYPE_DIGEST);
if (dst->W == NULL) {
XMEMSET(dst, 0, sizeof(wc_Sha224));
return MEMORY_E;
}
#endif
#if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_SE_ACCEL_3)
@@ -2727,7 +2742,12 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
#endif
#ifdef WOLFSSL_SMALL_STACK_CACHE
dst->W = NULL;
dst->W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE,
dst->heap, DYNAMIC_TYPE_DIGEST);
if (dst->W == NULL) {
XMEMSET(dst, 0, sizeof(wc_Sha256));
return MEMORY_E;
}
#endif
#if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_SE_ACCEL_3)

70
wolfcrypt/src/sha512.c
View File

@@ -870,7 +870,14 @@ static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId,
sha512->heap = heap;
#ifdef WOLFSSL_SMALL_STACK_CACHE
sha512->W = NULL;
/* This allocation combines the customary W buffer used by
* _Transform_Sha512() with additional buffer space used by
* wc_Sha512Transform().
*/
sha512->W = (word64 *)XMALLOC((sizeof(word64) * 16) + WC_SHA512_BLOCK_SIZE,
sha512->heap, DYNAMIC_TYPE_DIGEST);
if (sha512->W == NULL)
return MEMORY_E;
#endif
#ifdef WOLF_CRYPTO_CB
sha512->devId = devId;
@@ -1031,14 +1038,10 @@ static int _Transform_Sha512(wc_Sha512* sha512)
word32 j;
word64 T[8];
#ifdef WOLFSSL_SMALL_STACK_CACHE
#if defined(WOLFSSL_SMALL_STACK_CACHE)
word64* W = sha512->W;
if (W == NULL) {
W = (word64*)XMALLOC(sizeof(word64) * 16, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (W == NULL)
return MEMORY_E;
sha512->W = W;
}
if (W == NULL)
return BAD_FUNC_ARG;
#elif defined(WOLFSSL_SMALL_STACK)
word64* W;
W = (word64*) XMALLOC(sizeof(word64) * 16, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1646,7 +1649,7 @@ void wc_Sha512Free(wc_Sha512* sha512)
#ifdef WOLFSSL_SMALL_STACK_CACHE
if (sha512->W != NULL) {
ForceZero(sha512->W, sizeof(word64) * 16);
ForceZero(sha512->W, (sizeof(word64) * 16) + WC_SHA512_BLOCK_SIZE);
XFREE(sha512->W, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
sha512->W = NULL;
}
@@ -1699,7 +1702,15 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_SMALL_STACK
#if defined(WOLFSSL_SMALL_STACK_CACHE)
if (sha->W == NULL)
return BAD_FUNC_ARG;
/* Skip over the initial `W' buffer at the start (used by
* _Transform_Sha512()).
*/
buffer = sha->W + 16;
#elif defined(WOLFSSL_SMALL_STACK)
buffer = (word64*)XMALLOC(WC_SHA512_BLOCK_SIZE, sha->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (buffer == NULL)
@@ -1733,7 +1744,7 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
XMEMCPY(sha->buffer, buffer, WC_SHA512_BLOCK_SIZE);
#endif
#ifdef WOLFSSL_SMALL_STACK
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE)
ForceZero(buffer, WC_SHA512_BLOCK_SIZE);
XFREE(buffer, sha->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@@ -1867,6 +1878,19 @@ static int InitSha384(wc_Sha384* sha384)
return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_SMALL_STACK_CACHE
if (sha384->W == NULL) {
/* This allocation combines the customary W buffer used by
* _Transform_Sha512() with additional buffer space used by
* wc_Sha512Transform().
*/
sha384->W = (word64 *)XMALLOC((sizeof(word64) * 16) + WC_SHA512_BLOCK_SIZE,
sha384->heap, DYNAMIC_TYPE_DIGEST);
if (sha384->W == NULL)
return MEMORY_E;
}
#endif
sha384->digest[0] = W64LIT(0xcbbb9d5dc1059ed8);
sha384->digest[1] = W64LIT(0x629a292a367cd507);
sha384->digest[2] = W64LIT(0x9159015a3070dd17);
@@ -2106,7 +2130,7 @@ void wc_Sha384Free(wc_Sha384* sha384)
#ifdef WOLFSSL_SMALL_STACK_CACHE
if (sha384->W != NULL) {
ForceZero(sha384->W, sizeof(word64) * 16);
ForceZero(sha384->W, (sizeof(word64) * 16) + WC_SHA512_BLOCK_SIZE);
XFREE(sha384->W, sha384->heap, DYNAMIC_TYPE_TMP_BUFFER);
sha384->W = NULL;
}
@@ -2219,7 +2243,16 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
XMEMCPY(dst, src, sizeof(wc_Sha512));
#ifdef WOLFSSL_SMALL_STACK_CACHE
dst->W = NULL;
/* This allocation combines the customary W buffer used by
* _Transform_Sha512() with additional buffer space used by
* wc_Sha512Transform().
*/
dst->W = (word64 *)XMALLOC((sizeof(word64) * 16) + WC_SHA512_BLOCK_SIZE,
dst->heap, DYNAMIC_TYPE_DIGEST);
if (dst->W == NULL) {
XMEMSET(dst, 0, sizeof(wc_Sha512));
return MEMORY_E;
}
#endif
#if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_SE_ACCEL_3) && \
@@ -2649,7 +2682,16 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
XMEMCPY(dst, src, sizeof(wc_Sha384));
#ifdef WOLFSSL_SMALL_STACK_CACHE
dst->W = NULL;
/* This allocation combines the customary W buffer used by
* _Transform_Sha512() with additional buffer space used by
* wc_Sha512Transform().
*/
dst->W = (word64 *)XMALLOC((sizeof(word64) * 16) + WC_SHA384_BLOCK_SIZE,
dst->heap, DYNAMIC_TYPE_DIGEST);
if (dst->W == NULL) {
XMEMSET(dst, 0, sizeof(wc_Sha384));
return MEMORY_E;
}
#endif
#if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_SE_ACCEL_3) && \

13
wolfcrypt/src/wolfentropy.c
View File

@@ -735,13 +735,10 @@ static wolfSSL_Mutex entropy_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(entropy_mute
int wc_Entropy_Get(int bits, unsigned char* entropy, word32 len)
{
int ret = 0;
WC_DECLARE_VAR(noise, byte, MAX_NOISE_CNT, 0);
/* Noise length is the number of 8 byte samples required to get the bits of
* entropy requested. */
int noise_len = (bits + ENTROPY_EXTRA) / ENTROPY_MIN;
WC_ALLOC_VAR_EX(noise, byte, MAX_NOISE_CNT, NULL, DYNAMIC_TYPE_TMP_BUFFER,
return MEMORY_E);
static byte noise[MAX_NOISE_CNT];
/* Lock the mutex as collection uses globals. */
if ((ret == 0) && (wc_LockMutex(&entropy_mutex) != 0)) {
@@ -790,6 +787,12 @@ int wc_Entropy_Get(int bits, unsigned char* entropy, word32 len)
entropy += entropy_len;
len -= entropy_len;
}
if (ret == 0) {
ret = WC_CHECK_FOR_INTR_SIGNALS();
}
if (ret == 0) {
WC_RELAX_LONG_LOOP();
}
}
#ifdef ENTROPY_MEMUSE_THREADED
@@ -802,8 +805,6 @@ int wc_Entropy_Get(int bits, unsigned char* entropy, word32 len)
wc_UnLockMutex(&entropy_mutex);
}
WC_FREE_VAR_EX(noise, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}

363
wolfcrypt/test/test.c
View File

@@ -3111,6 +3111,14 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
}
#endif
#ifdef WOLFSSL_TRACK_MEMORY
if (wc_MemStats_Ptr && (wc_MemStats_Ptr->currentBytes > 0) &&
(args.return_code == 0))
{
args.return_code = WC_TEST_RET_ENC_EC(MEMORY_E);
}
#endif
#if defined(WOLFSSL_ESPIDF)
/* ESP_LOGI to print takes up a lot less memory than printf */
ESP_LOGI(ESPIDF_TAG, "Exiting main with return code: % d\n",
@@ -4734,11 +4742,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha224_test(void)
ret = wc_InitSha224_ex(&sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitSha224_ex(&shaCopy, HEAP_HINT, devId);
if (ret != 0) {
wc_Sha224Free(&sha);
return WC_TEST_RET_ENC_EC(ret);
}
XMEMSET(&shaCopy, 0, sizeof(shaCopy));
for (i = 0; i < times; ++i) {
ret = wc_Sha224Update(&sha, (byte*)test_sha[i].input,
@@ -4846,19 +4850,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void)
return WC_TEST_RET_ENC_EC(ret);
#endif
ret = wc_InitSha256_ex(&shaCopy, HEAP_HINT, devId);
if (ret != 0) {
wc_Sha256Free(&sha);
return WC_TEST_RET_ENC_EC(ret);
}
#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
ret = wc_InitSha256_ex(&i_shaCopy, HEAP_HINT, devId);
if (ret != 0) {
wc_Sha256Free(&sha);
wc_Sha256Free(&i_sha);
return WC_TEST_RET_ENC_EC(ret);
}
#endif
XMEMSET(&shaCopy, 0, sizeof(shaCopy));
for (i = 0; i < times; ++i) {
ret = wc_Sha256Update(&sha, (byte*)test_sha[i].input,
@@ -5085,18 +5077,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void)
return WC_TEST_RET_ENC_EC(ret);
#endif
ret = wc_InitSha512_ex(&shaCopy, HEAP_HINT, devId);
if (ret != 0) {
wc_Sha512Free(&sha);
return WC_TEST_RET_ENC_EC(ret);
}
XMEMSET(&shaCopy, 0, sizeof(shaCopy));
#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
ret = wc_InitSha512_ex(&i_shaCopy, HEAP_HINT, devId);
if (ret != 0) {
wc_Sha512Free(&sha);
wc_Sha512Free(&i_sha);
return WC_TEST_RET_ENC_EC(ret);
}
XMEMSET(&i_shaCopy, 0, sizeof(i_shaCopy));
#endif
for (i = 0; i < times; ++i) {
@@ -5296,11 +5279,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_224_test(void)
ret = wc_InitSha512_224_ex(&sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitSha512_224_ex(&shaCopy, HEAP_HINT, devId);
if (ret != 0) {
wc_Sha512_224Free(&sha);
return WC_TEST_RET_ENC_EC(ret);
}
XMEMSET(&shaCopy, 0, sizeof(shaCopy));
for (i = 0; i < times; ++i) {
ret = wc_Sha512_224Update(&sha, (byte*)test_sha[i].input,
@@ -5449,11 +5428,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_256_test(void)
ret = wc_InitSha512_256_ex(&sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitSha512_256_ex(&shaCopy, HEAP_HINT, devId);
if (ret != 0) {
wc_Sha512_256Free(&sha);
return WC_TEST_RET_ENC_EC(ret);
}
XMEMSET(&shaCopy, 0, sizeof(shaCopy));
for (i = 0; i < times; ++i) {
ret = wc_Sha512_256Update(&sha, (byte*)test_sha[i].input,
@@ -5586,11 +5561,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha384_test(void)
ret = wc_InitSha384_ex(&sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitSha384_ex(&shaCopy, HEAP_HINT, devId);
if (ret != 0) {
wc_Sha384Free(&sha);
return WC_TEST_RET_ENC_EC(ret);
}
XMEMSET(&shaCopy, 0, sizeof(shaCopy));
for (i = 0; i < times; ++i) {
ret = wc_Sha384Update(&sha, (byte*)test_sha[i].input,
@@ -7149,17 +7121,20 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(BAD_FUNC_ARG), out);
}
#endif
#else
ret = wc_HashInit(hash, typesGood[i]);
if (ret != exp_ret)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
#endif
ret = wc_HashUpdate(hash, typesGood[i], data, sizeof(data));
if (ret != exp_ret)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
ret = wc_HashFinal(hash, typesGood[i], out);
if (ret != exp_ret)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
wc_HashFree(hash, typesGood[i]);
ret = wc_HashFree(hash, typesGood[i]);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
digestSz = wc_HashGetDigestSize(typesGood[i]);
if (exp_ret == 0 && digestSz < 0)
@@ -7407,6 +7382,9 @@ out:
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void)
{
Hmac hmac;
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_DECLARE_VAR(hmac_copy, Hmac, 1, HEAP_HINT);
#endif
byte hash[WC_MD5_DIGEST_SIZE];
const char* keys[]=
@@ -7462,6 +7440,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void)
test_hmac[2] = c;
test_hmac[3] = d;
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_ALLOC_VAR_EX(hmac_copy, Hmac, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER,
return WC_TEST_RET_ENC_EC(MEMORY_E));
#endif
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
if (i == 1) {
@@ -7477,6 +7460,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void)
(word32)XSTRLEN(keys[i]));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
ret = wc_HmacCopy(&hmac, hmac_copy);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#endif
ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
if (ret != 0)
@@ -7489,8 +7479,27 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void)
return WC_TEST_RET_ENC_I(i);
wc_HmacFree(&hmac);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
ret = wc_HmacUpdate(hmac_copy, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_HmacFinal(hmac_copy, hash);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(hash, test_hmac[i].output, WC_MD5_DIGEST_SIZE) != 0)
return WC_TEST_RET_ENC_I(i);
wc_HmacFree(hmac_copy);
#endif
}
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_FREE_VAR_EX(hmac_copy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
if ((ret = wc_HmacSizeByType(WC_MD5)) != WC_MD5_DIGEST_SIZE)
return WC_TEST_RET_ENC_EC(ret);
@@ -7504,6 +7513,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void)
{
Hmac hmac;
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_DECLARE_VAR(hmac_copy, Hmac, 1, HEAP_HINT);
#endif
byte hash[WC_SHA_DIGEST_SIZE];
const char* keys[]=
@@ -7565,6 +7577,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void)
test_hmac[2] = c;
test_hmac[3] = d;
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_ALLOC_VAR_EX(hmac_copy, Hmac, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER,
return WC_TEST_RET_ENC_EC(MEMORY_E));
#endif
for (i = 0; i < times; ++i) {
#if defined(HAVE_CAVIUM) || (defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0))
if (i == 1)
@@ -7587,6 +7604,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void)
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
ret = wc_HmacCopy(&hmac, hmac_copy);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#endif
ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
if (ret != 0)
@@ -7599,8 +7623,27 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void)
return WC_TEST_RET_ENC_I(i);
wc_HmacFree(&hmac);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
ret = wc_HmacUpdate(hmac_copy, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_HmacFinal(hmac_copy, hash);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(hash, test_hmac[i].output, WC_SHA_DIGEST_SIZE) != 0)
return WC_TEST_RET_ENC_I(i);
wc_HmacFree(hmac_copy);
#endif
}
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_FREE_VAR_EX(hmac_copy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
if ((ret = wc_HmacSizeByType(WC_SHA)) != WC_SHA_DIGEST_SIZE)
return WC_TEST_RET_ENC_EC(ret);
@@ -7615,6 +7658,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void)
{
Hmac hmac;
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_DECLARE_VAR(hmac_copy, Hmac, 1, HEAP_HINT);
#endif
byte hash[WC_SHA224_DIGEST_SIZE];
const char* keys[]=
@@ -7674,6 +7720,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void)
test_hmac[2] = c;
test_hmac[3] = d;
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_ALLOC_VAR_EX(hmac_copy, Hmac, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER,
return WC_TEST_RET_ENC_EC(MEMORY_E));
#endif
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
if (i == 1)
@@ -7687,6 +7738,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void)
(word32)XSTRLEN(keys[i]));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
ret = wc_HmacCopy(&hmac, hmac_copy);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#endif
ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
if (ret != 0)
@@ -7699,8 +7757,27 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void)
return WC_TEST_RET_ENC_I(i);
wc_HmacFree(&hmac);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
ret = wc_HmacUpdate(hmac_copy, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_HmacFinal(hmac_copy, hash);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(hash, test_hmac[i].output, WC_SHA224_DIGEST_SIZE) != 0)
return WC_TEST_RET_ENC_I(i);
wc_HmacFree(hmac_copy);
#endif
}
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_FREE_VAR_EX(hmac_copy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
if ((ret = wc_HmacSizeByType(WC_SHA224)) != WC_SHA224_DIGEST_SIZE)
return WC_TEST_RET_ENC_EC(ret);
@@ -7715,6 +7792,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void)
{
Hmac hmac;
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_DECLARE_VAR(hmac_copy, Hmac, 1, HEAP_HINT);
#endif
byte hash[WC_SHA256_DIGEST_SIZE];
const char* keys[]=
@@ -7789,6 +7869,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void)
test_hmac[3] = d;
test_hmac[4] = e;
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_ALLOC_VAR_EX(hmac_copy, Hmac, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER,
return WC_TEST_RET_ENC_EC(MEMORY_E));
#endif
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
if (i == 1)
@@ -7806,6 +7891,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void)
(word32)XSTRLEN(keys[i]));
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
ret = wc_HmacCopy(&hmac, hmac_copy);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#endif
if (test_hmac[i].input != NULL) {
ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
@@ -7820,8 +7912,29 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void)
return WC_TEST_RET_ENC_I(i);
wc_HmacFree(&hmac);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
if (test_hmac[i].input != NULL) {
ret = wc_HmacUpdate(hmac_copy, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
}
ret = wc_HmacFinal(hmac_copy, hash);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
if (XMEMCMP(hash, test_hmac[i].output, WC_SHA256_DIGEST_SIZE) != 0)
return WC_TEST_RET_ENC_I(i);
wc_HmacFree(hmac_copy);
#endif
}
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_FREE_VAR_EX(hmac_copy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
if ((ret = wc_HmacSizeByType(WC_SHA256)) != WC_SHA256_DIGEST_SIZE)
return WC_TEST_RET_ENC_EC(ret);
@@ -7846,6 +7959,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void)
{
Hmac hmac;
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_DECLARE_VAR(hmac_copy, Hmac, 1, HEAP_HINT);
#endif
byte hash[WC_SHA384_DIGEST_SIZE];
const char* keys[]=
@@ -7914,6 +8030,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void)
test_hmac[2] = c;
test_hmac[3] = d;
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_ALLOC_VAR_EX(hmac_copy, Hmac, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER,
return WC_TEST_RET_ENC_EC(MEMORY_E));
#endif
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS)
if (i == 1)
@@ -7927,6 +8048,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void)
(word32)XSTRLEN(keys[i]));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
ret = wc_HmacCopy(&hmac, hmac_copy);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#endif
ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
if (ret != 0)
@@ -7939,8 +8067,27 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void)
return WC_TEST_RET_ENC_I(i);
wc_HmacFree(&hmac);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
ret = wc_HmacUpdate(hmac_copy, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_HmacFinal(hmac_copy, hash);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(hash, test_hmac[i].output, WC_SHA384_DIGEST_SIZE) != 0)
return WC_TEST_RET_ENC_I(i);
wc_HmacFree(hmac_copy);
#endif
}
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_FREE_VAR_EX(hmac_copy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
if ((ret = wc_HmacSizeByType(WC_SHA384)) != WC_SHA384_DIGEST_SIZE)
return WC_TEST_RET_ENC_EC(ret);
@@ -7955,6 +8102,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void)
{
Hmac hmac;
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_DECLARE_VAR(hmac_copy, Hmac, 1, HEAP_HINT);
#endif
byte hash[WC_SHA512_DIGEST_SIZE];
const char* keys[]=
@@ -8027,6 +8177,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void)
test_hmac[2] = c;
test_hmac[3] = d;
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_ALLOC_VAR_EX(hmac_copy, Hmac, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER,
return WC_TEST_RET_ENC_EC(MEMORY_E));
#endif
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS)
if (i == 1)
@@ -8040,6 +8195,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void)
(word32)XSTRLEN(keys[i]));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
ret = wc_HmacCopy(&hmac, hmac_copy);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#endif
ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
if (ret != 0)
@@ -8052,8 +8214,27 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void)
return WC_TEST_RET_ENC_I(i);
wc_HmacFree(&hmac);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
ret = wc_HmacUpdate(hmac_copy, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_HmacFinal(hmac_copy, hash);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(hash, test_hmac[i].output, WC_SHA512_DIGEST_SIZE) != 0)
return WC_TEST_RET_ENC_I(i);
wc_HmacFree(hmac_copy);
#endif
}
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_FREE_VAR_EX(hmac_copy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
if ((ret = wc_HmacSizeByType(WC_SHA512)) != WC_SHA512_DIGEST_SIZE)
return WC_TEST_RET_ENC_EC(ret);
@@ -8070,6 +8251,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha3_test(void)
{
Hmac hmac;
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_DECLARE_VAR(hmac_copy, Hmac, 1, HEAP_HINT);
#endif
byte hash[WC_SHA3_512_DIGEST_SIZE];
const char* key[4] =
@@ -8197,6 +8381,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha3_test(void)
int ret;
WOLFSSL_ENTER("hmac_sha3_test");
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_ALLOC_VAR_EX(hmac_copy, Hmac, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER,
return WC_TEST_RET_ENC_EC(MEMORY_E));
#endif
#ifdef HAVE_FIPS
/* FIPS requires a minimum length for HMAC keys, and "Jefe" is too
* short. Skip it in FIPS builds. */
@@ -8211,6 +8400,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha3_test(void)
(word32)XSTRLEN(key[i]));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
ret = wc_HmacCopy(&hmac, hmac_copy);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#endif
ret = wc_HmacUpdate(&hmac, (byte*)input[i],
(word32)XSTRLEN(input[i]));
if (ret != 0)
@@ -8223,6 +8419,20 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha3_test(void)
wc_HmacFree(&hmac);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
ret = wc_HmacUpdate(hmac_copy, (byte*)input[i],
(word32)XSTRLEN(input[i]));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_HmacFinal(hmac_copy, hash);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(hash, output[(i*jMax) + j], (size_t)hashSz[j]) != 0)
return WC_TEST_RET_ENC_NC;
wc_HmacFree(hmac_copy);
#endif
if (i > 0)
continue;
@@ -8234,6 +8444,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha3_test(void)
}
}
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_FREE_VAR_EX(hmac_copy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return 0;
}
#endif
@@ -19452,6 +19666,9 @@ static wc_test_ret_t _rng_test(WC_RNG* rng)
byte block[32];
wc_test_ret_t ret;
int i;
#if defined(WOLFSSL_TRACK_MEMORY) && defined(WOLFSSL_SMALL_STACK_CACHE)
long current_totalAllocs = wc_MemStats_Ptr->totalAllocs;
#endif
XMEMSET(block, 0, sizeof(block));
@@ -19476,6 +19693,33 @@ static wc_test_ret_t _rng_test(WC_RNG* rng)
return WC_TEST_RET_ENC_EC(ret);
}
#if defined(HAVE_HASHDRBG) && !defined(HAVE_INTEL_RDRAND) && \
!defined(CUSTOM_RAND_GENERATE_BLOCK) && \
!defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(5,0,0))
/* Test periodic reseed dynamics. */
((struct DRBG_internal *)rng->drbg)->reseedCtr = WC_RESEED_INTERVAL;
ret = wc_RNG_GenerateBlock(rng, block, sizeof(block));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (((struct DRBG_internal *)rng->drbg)->reseedCtr == WC_RESEED_INTERVAL)
return WC_TEST_RET_ENC_NC;
#endif /* HAVE_HASHDRBG && !CUSTOM_RAND_GENERATE_BLOCK && !HAVE_SELFTEST */
#if defined(WOLFSSL_TRACK_MEMORY) && defined(WOLFSSL_SMALL_STACK_CACHE)
/* wc_RNG_GenerateBlock() must not allocate any memory in
* WOLFSSL_SMALL_STACK_CACHE builds, even if it had to reseed.
* LINUXKM_DRBG_GET_RANDOM_BYTES depends on this --
* wolfssl_linuxkm_random_bytes_handlers (wc__get_random_bytes() and
* wc_crng_reseed()) can't call the heap, since the kernel heap will call
* them via get_random_u32().
*/
if (current_totalAllocs != wc_MemStats_Ptr->totalAllocs)
return WC_TEST_RET_ENC_NC;
#endif
/* Parameter validation testing. */
ret = wc_RNG_GenerateBlock(NULL, block, sizeof(block));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
@@ -19555,7 +19799,8 @@ static wc_test_ret_t random_rng_test(void)
return ret;
}
#if defined(HAVE_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
#if defined(HAVE_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK) && \
!defined(HAVE_INTEL_RDRAND)
#if defined(WC_RNG_SEED_CB) && \
!(defined(ENTROPY_SCALE_FACTOR) || defined(SEED_BLOCK_SZ))
@@ -19698,7 +19943,7 @@ static wc_test_ret_t rng_seed_test(void)
out:
return ret;
}
#endif /* WC_RNG_SEED_CB) && !(ENTROPY_SCALE_FACTOR || SEED_BLOCK_SZ) */
#endif /* WC_RNG_SEED_CB && !(ENTROPY_SCALE_FACTOR || SEED_BLOCK_SZ) */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
@@ -19818,7 +20063,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
return 0;
}
#else
#else /* !HAVE_HASHDRBG || CUSTOM_RAND_GENERATE_BLOCK || HAVE_INTEL_RDRAND */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
{
@@ -19828,7 +20073,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
return random_rng_test();
}
#endif /* HAVE_HASHDRBG && !CUSTOM_RAND_GENERATE_BLOCK */
#endif /* !HAVE_HASHDRBG || CUSTOM_RAND_GENERATE_BLOCK || HAVE_INTEL_RDRAND */
#endif /* WC_NO_RNG */
#ifndef MEM_TEST_SZ
@@ -27946,6 +28191,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void)
goto openSSL_evpMD_test_done;
}
ret = wolfSSL_EVP_MD_CTX_cleanup(ctx);
if (ret != WOLFSSL_SUCCESS) {
ret = WC_TEST_RET_ENC_NC;
goto openSSL_evpMD_test_done;
}
ret = wolfSSL_EVP_DigestInit(ctx, wolfSSL_EVP_sha1());
if (ret != WOLFSSL_SUCCESS) {
ret = WC_TEST_RET_ENC_NC;
@@ -27973,6 +28224,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void)
goto openSSL_evpMD_test_done;
}
ret = wolfSSL_EVP_MD_CTX_cleanup(ctx);
if (ret != WOLFSSL_SUCCESS) {
ret = WC_TEST_RET_ENC_NC;
goto openSSL_evpMD_test_done;
}
if (wolfSSL_EVP_DigestInit_ex(ctx, wolfSSL_EVP_sha1(), NULL) != WOLFSSL_SUCCESS) {
ret = WC_TEST_RET_ENC_NC;
goto openSSL_evpMD_test_done;
@@ -27988,6 +28245,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void)
goto openSSL_evpMD_test_done;
}
ret = wolfSSL_EVP_MD_CTX_cleanup(ctx);
if (ret != WOLFSSL_SUCCESS) {
ret = WC_TEST_RET_ENC_NC;
goto openSSL_evpMD_test_done;
}
ret = 0; /* got to success state without jumping to end with a fail */
openSSL_evpMD_test_done:

8
wolfssl/test.h
View File

@@ -2830,7 +2830,7 @@ static WC_INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut,
ret = wc_HmacFinal(&hmac, macOut);
if (ret != 0)
return ret;
wc_HmacFree(&hmac);
/* encrypt setup on first time */
if (encCtx->keySetup == 0) {
@@ -2959,6 +2959,7 @@ static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl,
ret = wc_HmacFinal(&hmac, verify);
if (ret != 0)
return ret;
wc_HmacFree(&hmac);
if (XMEMCMP(verify, decOut + decSz - digestSz - pad - padByte,
(size_t) digestSz) != 0) {
@@ -3041,7 +3042,9 @@ static WC_INLINE int myEncryptMacCb(WOLFSSL* ssl, unsigned char* macOut,
ret = wc_HmacUpdate(&hmac, encOut, encSz);
if (ret != 0)
return ret;
return wc_HmacFinal(&hmac, macOut);
ret = wc_HmacFinal(&hmac, macOut);
wc_HmacFree(&hmac);
return ret;
}
@@ -3088,6 +3091,7 @@ static WC_INLINE int myVerifyDecryptCb(WOLFSSL* ssl,
ret = wc_HmacFinal(&hmac, verify);
if (ret != 0)
return ret;
wc_HmacFree(&hmac);
if (XMEMCMP(verify, decOut + decSz, (size_t) digestSz) != 0) {
printf("myDecryptVerify verify failed\n");

1
wolfssl/wolfcrypt/hmac.h
View File

@@ -190,6 +190,7 @@ WOLFSSL_API int wc_HmacInit_Id(Hmac* hmac, byte* id, int len, void* heap,
WOLFSSL_API int wc_HmacInit_Label(Hmac* hmac, const char* label, void* heap,
int devId);
#endif
WOLFSSL_API int wc_HmacCopy(Hmac* src, Hmac* dst);
WOLFSSL_API void wc_HmacFree(Hmac* hmac);
WOLFSSL_API int wolfSSL_GetHmacMaxSize(void);

10
wolfssl/wolfcrypt/mem_track.h
View File

@@ -83,6 +83,8 @@
#define DO_MEM_LIST
#endif
struct memoryList;
typedef struct memoryStats {
long totalAllocs; /* number of allocations */
long totalDeallocs; /* number of deallocations */
@@ -98,6 +100,9 @@ typedef struct memoryStats {
* by wolfCrypt_heap_peak_checkpoint()
*/
#endif
#ifdef DO_MEM_LIST
struct memoryList *memList;
#endif
} memoryStats;
typedef struct memHint {
@@ -133,6 +138,7 @@ typedef struct memoryList {
static memoryStats ourMemStats;
WOLFSSL_API extern memoryStats *wc_MemStats_Ptr;
#ifdef DO_MEM_LIST
#include <pthread.h>
@@ -379,11 +385,14 @@ static WC_INLINE int InitMemoryTracker(void)
#ifdef DO_MEM_LIST
XMEMSET(&ourMemList, 0, sizeof(ourMemList));
ourMemStats.memList = &ourMemList;
pthread_mutex_unlock(&memLock);
#endif
}
wc_MemStats_Ptr = &ourMemStats;
return ret;
}
@@ -427,6 +436,7 @@ static WC_INLINE void ShowMemoryTracker(void)
static WC_INLINE int CleanupMemoryTracker(void)
{
wc_MemStats_Ptr = NULL;
/* restore default allocators */
return wolfSSL_SetAllocators(mfDefault, ffDefault, rfDefault);
}

10
wolfssl/wolfcrypt/random.h
View File

@@ -177,6 +177,8 @@ struct DRBG_internal {
#endif
#ifdef WOLFSSL_SMALL_STACK_CACHE
wc_Sha256 sha256;
byte seed_scratch[DRBG_SEED_LEN];
byte digest_scratch[WC_SHA256_DIGEST_SIZE];
#endif
};
#endif
@@ -191,8 +193,14 @@ struct WC_RNG {
#if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_STATIC_MEMORY)
struct DRBG_internal drbg_data;
#endif
byte status;
#ifdef WOLFSSL_SMALL_STACK_CACHE
/* Scratch buffer slots -- everything is preallocated by _InitRng(). */
struct DRBG_internal *drbg_scratch;
byte *health_check_scratch;
byte *newSeed_buf;
#endif
byte status;
#endif /* HAVE_HASHDRBG */
#if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID)
pid_t pid;
#endif

7
wolfssl/wolfcrypt/settings.h
View File

@@ -4321,6 +4321,13 @@ extern void uITRON4_free(void *p) ;
without staticmemory (WOLFSSL_STATIC_MEMORY)
#endif
/* Undefine WOLFSSL_SMALL_STACK_CACHE if WOLFSSL_SMALL_STACK is undefined --
* they only work together.
*/
#if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_SMALL_STACK)
#undef WOLFSSL_SMALL_STACK_CACHE
#endif
/* If malloc is disabled make sure it is also disabled in SP math */
#if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_SP_NO_MALLOC) && \
(defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL))