From a5fabda5c6bf615f827e04f955d2b2ba246407f5 Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 30 May 2019 15:59:12 -0700 Subject: [PATCH] Added compile-time check for DRBG size. Added support for all build variations DRBG size. --- wolfcrypt/src/random.c | 6 +++++- wolfssl/wolfcrypt/random.h | 14 ++++++++++++-- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 7f7289170..7ab7f92ec 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -274,7 +274,7 @@ enum { drbgInitV }; - +/* NOTE: if DRBG struct is changed please update random.h drbg_data size */ typedef struct DRBG { word32 reseedCtr; word32 lastBlock; @@ -758,6 +758,10 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz, (struct DRBG*)XMALLOC(sizeof(DRBG), rng->heap, DYNAMIC_TYPE_RNG); #else + /* compile-time validation of drbg_data size */ + typedef char drbg_data_test[sizeof(rng->drbg_data) >= + sizeof(struct DRBG) ? 1 : -1]; + (void)sizeof(drbg_data_test); rng->drbg = (struct DRBG*)rng->drbg_data; #endif diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index f821614b9..62eb25979 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -157,8 +157,18 @@ struct WC_RNG { /* Hash-based Deterministic Random Bit Generator */ struct DRBG* drbg; #if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_STATIC_MEMORY) - #define DRBG_STRUCT_SZ ((sizeof(word32)*2) + (DRBG_SEED_LEN*2) + sizeof(byte)) - byte drbg_data[DRBG_STRUCT_SZ]; + #define DRBG_STRUCT_SZ ((sizeof(word32)*3) + (DRBG_SEED_LEN*2)) + #ifdef WOLFSSL_SMALL_STACK_CACHE + #define DRBG_STRUCT_SZ_SHA256 (sizeof(wc_Sha256)) + #else + #define DRBG_STRUCT_SZ_SHA256 0 + #endif + #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) + #define DRBG_STRUCT_SZ_ASYNC (sizeof(void*) + sizeof(int)) + #else + #define DRBG_STRUCT_SZ_ASYNC 0 + #endif + byte drbg_data[DRBG_STRUCT_SZ + DRBG_STRUCT_SZ_SHA256 + DRBG_STRUCT_SZ_ASYNC]; #endif byte status; #endif