Skip to content

Commit 5fea5ea

Browse files
https://fenrir.wolfssl.com/finding/6145
https://fenrir.wolfssl.com/finding/5384 https://fenrir.wolfssl.com/finding/4432 https://fenrir.wolfssl.com/finding/5392 https://fenrir.wolfssl.com/finding/5392 skoll fixes Changed type for keys for CAAM in ecc so it matches assignment with out cast to never truncate Added check to see if CAAM_ADDRESS is defined before using in ecc.h https://fenrir.wolfssl.com/finding/5994 https://fenrir.wolfssl.com/finding/4445 Fixed memory leaks for dev crypto and fixed https://fenrir.wolfssl.com/finding/4446 https://fenrir.wolfssl.com/finding/5418 https://fenrir.wolfssl.com/finding/5420 https://fenrir.wolfssl.com/finding/5411 https://fenrir.wolfssl.com/finding/5412 https://fenrir.wolfssl.com/finding/5413 Skoll Fixes github comment fix github review fixes
1 parent 64a4c7a commit 5fea5ea

13 files changed

Lines changed: 97 additions & 58 deletions

File tree

tests/api/test_aes.c

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3727,7 +3727,8 @@ int test_wc_AesGcmNonStdNonce(void)
37273727
* and cannot exercise the GHASH-based counter derivation. */
37283728
#if !defined(NO_AES) && defined(HAVE_AESGCM) && \
37293729
!defined(HAVE_FIPS) && \
3730-
!defined(WOLFSSL_AFALG) && !defined(WOLFSSL_KCAPI)
3730+
!defined(WOLFSSL_AFALG) && !defined(WOLFSSL_KCAPI) && \
3731+
!defined(WOLFSSL_DEVCRYPTO_AES)
37313732

37323733
/* ------------------------------------------------------------------
37333734
* Section 1: 1-byte IV, AES-128

wolfcrypt/src/des3.c

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1571,10 +1571,14 @@
15711571

15721572
/* rotate left and right halves independently */
15731573
for (j = 0; j < 48; j++) { /* select bits individually */
1574-
if (pcr[pc2[j] - 1]) { /* check bit that goes to ks[j] */
1575-
l= j % 6; /* mask it in if it's there */
1576-
ks[j/6] |= (byte)(bytebit[l] >> 2);
1577-
}
1574+
byte bit;
1575+
byte mask;
1576+
bit =
1577+
(byte)(pcr[pc2[j] - 1]); /* all pcr values are either 0 or 1 */
1578+
mask = (byte)(0 - bit); /* mask is either 0xFF or 0x00 */
1579+
ks[j/6] |=
1580+
(byte)((bytebit[j % 6] >> 2) & mask); /* only set to bytebit value
1581+
if bit == 1*/
15781582
}
15791583

15801584
/* Now convert to odd/even interleaved form for use in F */

wolfcrypt/src/dsa.c

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1121,6 +1121,9 @@ int wc_DsaVerify_ex(const byte* digest, word32 digestSz, const byte* sig,
11211121
if (digest == NULL || sig == NULL || key == NULL || answer == NULL)
11221122
return BAD_FUNC_ARG;
11231123

1124+
/* assign default value so we return 0 on error */
1125+
*answer = 0;
1126+
11241127
/* Note the min allowed digestSz here is WC_SHA_DIGEST_SIZE, not
11251128
* WC_MIN_DIGEST_SIZE, to allow verify-only legacy DSA operations, as
11261129
* expressly allowed under FIPS 186-5, FIPS 140-3, and SP 800-131A.

wolfcrypt/src/ecc.c

Lines changed: 3 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -256,10 +256,6 @@ ECC Curve Sizes:
256256
#include <wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h>
257257
#endif
258258

259-
#if defined(WOLFSSL_CAAM)
260-
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
261-
#endif
262-
263259
#if defined(WOLFSSL_KCAPI_ECC)
264260
#include <wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h>
265261
#endif
@@ -10045,7 +10041,7 @@ static int _ecc_export_x963(ecc_key* key, byte* out, word32* outLen)
1004510041
/* store byte point type */
1004610042
out[0] = ECC_POINT_UNCOMP;
1004710043

10048-
if (caamReadPartition((CAAM_ADDRESS)key->securePubKey, out+1, keySz*2) != 0)
10044+
if (caamReadPartition(key->securePubKey, out+1, keySz*2) != 0)
1004910045
return WC_HW_E;
1005010046

1005110047
*outLen = 1 + 2*keySz;
@@ -11638,15 +11634,15 @@ static int _ecc_import_private_key_ex(const byte* priv, word32 privSz,
1163811634
}
1163911635

1164011636
key->partNum = part;
11641-
key->blackKey = (word32)vaddr;
11637+
key->blackKey = vaddr;
1164211638
if (caamWriteToPartition(vaddr, priv, privSz) != 0)
1164311639
return WC_HW_E;
1164411640

1164511641
if (pub != NULL) {
1164611642
/* +1 to account for x963 compressed bit */
1164711643
if (caamWriteToPartition(vaddr + privSz, pub + 1, pubSz - 1) != 0)
1164811644
return WC_HW_E;
11649-
key->securePubKey = (word32)vaddr + privSz;
11645+
key->securePubKey = vaddr + privSz;
1165011646
}
1165111647
}
1165211648
else {

wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -983,14 +983,12 @@ static CB_INLINE int wolfssl_ssl_conf_verify_cb_no_signer(int preverify,
983983
/* Clean up and exit */
984984
if ((_crt_found == 0) && (bundle_cert != NULL)) {
985985
ESP_LOGW(TAG, "Cert not found, free bundle_cert");
986+
/* this_subject and this_issuer are apart of bundle_cert and will be
987+
* freed here*/
986988
wolfSSL_X509_free(bundle_cert);
987989
bundle_cert = NULL;
988-
/* this_subject and this_issuer are pointers into cert used.
989-
* Don't free if the cert was found. */
990-
wolfSSL_X509_NAME_free(this_subject);
991-
this_subject = NULL;
992-
wolfSSL_X509_NAME_free(this_issuer);
993990
this_issuer = NULL;
991+
this_subject = NULL;
994992
}
995993

996994
/* We don't clean up the store_cert and x509 as we are in a callback,

wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -414,6 +414,7 @@ int wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
414414
XFREE(plainBuf, aes->heap, DYNAMIC_TYPE_AES);
415415
XFREE(cipherBuf, aes->heap, DYNAMIC_TYPE_AES);
416416
XFREE(aTagBuf, aes->heap, DYNAMIC_TYPE_AES);
417+
wc_fspsm_hw_unlock();
417418
return MEMORY_E;
418419
}
419420

wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -418,7 +418,7 @@ static int FSPSM_HashFinal(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz)
418418
#endif
419419
wc_fspsm_hw_lock();
420420

421-
if (Init(&handle) == FSP_SUCCESS) {
421+
if ((ret = Init(&handle)) == FSP_SUCCESS) {
422422
ret = Update(&handle, (uint8_t*)hash->msg, hash->used);
423423
if (ret == FSP_SUCCESS) {
424424
ret = Final(&handle, out, (uint32_t*)&sz);

wolfcrypt/src/port/devcrypto/devcrypto_aes.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -110,7 +110,7 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
110110
const word32 max_key_len = (AES_MAX_KEY_SIZE / 8);
111111
#endif
112112

113-
if (aes == NULL ||
113+
if (aes == NULL || userKey == NULL ||
114114
!((keylen == 16) || (keylen == 24) || (keylen == 32))) {
115115
return BAD_FUNC_ARG;
116116
}

wolfcrypt/src/port/devcrypto/devcrypto_hash.c

Lines changed: 36 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -135,20 +135,14 @@ int wc_Sha256Update(wc_Sha256* sha, const byte* in, word32 sz)
135135
#ifdef WOLFSSL_DEVCRYPTO_HASH_KEEP
136136
/* keep full message to hash at end instead of incremental updates */
137137
if (sha->len < sha->used + sz) {
138-
if (sha->msg == NULL) {
139-
sha->msg = (byte*)XMALLOC(sha->used + sz, sha->heap,
140-
DYNAMIC_TYPE_TMP_BUFFER);
141-
} else {
142-
byte* pt = (byte*)XREALLOC(sha->msg, sha->used + sz, sha->heap,
143-
DYNAMIC_TYPE_TMP_BUFFER);
144-
if (pt == NULL) {
145-
return MEMORY_E;
146-
}
147-
sha->msg = pt;
148-
}
149-
if (sha->msg == NULL) {
138+
byte* pt = (byte*)XREALLOC(sha->msg, sha->used + sz, sha->heap,
139+
DYNAMIC_TYPE_TMP_BUFFER);
140+
if (pt == NULL) {
150141
return MEMORY_E;
151142
}
143+
144+
sha->msg = pt;
145+
152146
sha->len = sha->used + sz;
153147
}
154148
XMEMCPY(sha->msg + sha->used, in, sz);
@@ -180,7 +174,8 @@ int wc_Sha256Final(wc_Sha256* sha, byte* hash)
180174
#endif
181175
ret = GetDigest(sha, CRYPTO_SHA2_256, hash);
182176
if (ret != 0) {
183-
return ret;
177+
wc_Sha256Free(sha);
178+
return ret;
184179
}
185180

186181
wc_Sha256Free(sha);
@@ -190,6 +185,7 @@ int wc_Sha256Final(wc_Sha256* sha, byte* hash)
190185

191186
int wc_Sha256GetHash(wc_Sha256* sha, byte* hash)
192187
{
188+
193189
if (sha == NULL || hash == NULL) {
194190
return BAD_FUNC_ARG;
195191
}
@@ -198,9 +194,15 @@ int wc_Sha256GetHash(wc_Sha256* sha, byte* hash)
198194
{
199195
int ret;
200196
wc_Sha256 cpy;
201-
wc_Sha256Copy(sha, &cpy);
202-
203-
if ((ret = HashUpdate(&cpy, CRYPTO_SHA2_256, cpy.msg, cpy.used)) == 0) {
197+
XMEMSET(&cpy, 0, sizeof(cpy)); /* ZII */
198+
/* mark as having no /dev/crypto session yet so the wc_Sha256Free()
199+
* in wc_Sha256Copy() does not close fd 0 (cfd == -1 is the
200+
* "no session" sentinel, matching wc_AesInit()) */
201+
cpy.ctx.cfd = -1;
202+
ret = wc_Sha256Copy(sha, &cpy);
203+
204+
if (ret == 0 &&
205+
(ret = HashUpdate(&cpy, CRYPTO_SHA2_256, cpy.msg, cpy.used)) == 0) {
204206
/* help static analysis tools out */
205207
XMEMSET(hash, 0, WC_SHA256_DIGEST_SIZE);
206208
ret = GetDigest(&cpy, CRYPTO_SHA2_256, hash);
@@ -219,22 +221,37 @@ int wc_Sha256GetHash(wc_Sha256* sha, byte* hash)
219221

220222
int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
221223
{
224+
int ret = 0;
225+
222226
if (src == NULL || dst == NULL) {
223227
return BAD_FUNC_ARG;
224228
}
225229

226-
wc_InitSha256_ex(dst, src->heap, 0);
227230
#ifdef WOLFSSL_DEVCRYPTO_HASH_KEEP
231+
if (dst->ctx.cfd > 0) {
232+
wc_Sha256Free(dst);
233+
}
234+
if ((ret = wc_InitSha256_ex(dst, src->heap, 0)) != 0) {
235+
dst->ctx.cfd = -1;
236+
return ret;
237+
}
228238
dst->len = src->len;
229239
dst->used = src->used;
230240
dst->msg = (byte*)XMALLOC(src->len, dst->heap, DYNAMIC_TYPE_TMP_BUFFER);
231241
if (dst->msg == NULL) {
242+
wc_Sha256Free(dst);
232243
return MEMORY_E;
233244
}
234245
XMEMCPY(dst->msg, src->msg, src->len);
235-
#endif
236246

237-
return 0;
247+
return ret;
248+
#else
249+
(void)src;
250+
(void)dst;
251+
252+
WOLFSSL_MSG("Compile with WOLFSSL_DEVCRYPTO_HASH_KEEP for this feature");
253+
return NOT_COMPILED_IN;
254+
#endif
238255
}
239256

240257
#endif /* !NO_SHA256 */

wolfcrypt/src/random.c

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -382,19 +382,29 @@ static int sha512DrbgDisabled = 0;
382382
static wolfSSL_Mutex drbgStateMutex
383383
WOLFSSL_MUTEX_INITIALIZER_CLAUSE(drbgStateMutex);
384384
#ifndef WOLFSSL_MUTEX_INITIALIZER
385+
#ifdef WOLFSSL_ATOMIC_OPS
386+
static wolfSSL_Atomic_Int drbgStateMutex_inited = WOLFSSL_ATOMIC_INITIALIZER(0);
387+
#else
385388
static int drbgStateMutex_inited = 0;
386389
#endif
390+
#endif
387391
#endif /* !SINGLE_THREADED */
388392

389393
int wc_DrbgState_MutexInit(void)
390394
{
391395
#ifndef SINGLE_THREADED
392396
#ifndef WOLFSSL_MUTEX_INITIALIZER
393-
if (!drbgStateMutex_inited) {
397+
int expected = 0;
398+
/* Check if mutex is not inited and set it to true before init.
399+
* This means that the mutex is marked as init before it actually is.
400+
* Necessary to ensure that two threads don't init at the same time.*/
401+
if (wolfSSL_Atomic_Int_CompareExchange(&drbgStateMutex_inited,
402+
&expected, 1)) {
394403
int ret = wc_InitMutex(&drbgStateMutex);
395-
if (ret != 0)
404+
if (ret != 0) {
405+
(void)wolfSSL_Atomic_Int_Exchange(&drbgStateMutex_inited, 0);
396406
return ret;
397-
drbgStateMutex_inited = 1;
407+
}
398408
}
399409
#endif
400410
#endif
@@ -3718,9 +3728,11 @@ static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz)
37183728

37193729
for (; (sz / sizeof(word64)) > 0; sz -= sizeof(word64),
37203730
output += sizeof(word64)) {
3721-
ret = IntelRDseed64_r((word64*)output);
3731+
word64 rndTmpLocal;
3732+
ret = IntelRDseed64_r(&rndTmpLocal);
37223733
if (ret != 0)
37233734
return ret;
3735+
writeUnalignedWord64(output, rndTmpLocal);
37243736
}
37253737
if (sz == 0)
37263738
return 0;

0 commit comments

Comments
 (0)