From ccc226eae4b9a5b95aa1402c3ee9df4524ad2e0e Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 15 Aug 2017 15:58:22 -0700 Subject: [PATCH] Fixes for refactor to initialize the asyncDev.event prior to call for ParseCertRelative, ConfirmSignature and ECC shared secret (return code). Scan-build and G++ fixes. --- src/internal.c | 145 +++++++++++++++++++------------------- wolfcrypt/src/aes.c | 12 ++++ wolfcrypt/src/asn.c | 10 +-- wolfcrypt/src/ecc.c | 33 +++------ wolfcrypt/test/test.c | 5 ++ wolfssl/wolfcrypt/types.h | 2 +- 6 files changed, 106 insertions(+), 101 deletions(-) diff --git a/src/internal.c b/src/internal.c index 93ecd9d9b..0f30b9e2e 100755 --- a/src/internal.c +++ b/src/internal.c @@ -7780,6 +7780,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, { int ret = 0; #ifdef WOLFSSL_ASYNC_CRYPT + WC_ASYNC_DEV* asyncDev; ProcPeerCertArgs* args = (ProcPeerCertArgs*)ssl->async.args; typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1]; (void)sizeof(args_test); @@ -8011,27 +8012,28 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } #ifdef WOLFSSL_ASYNC_CRYPT - /* intialize event */ - if (args->dCert->sigCtx.asyncDev) { - ret = wolfSSL_AsyncInit(ssl, - args->dCert->sigCtx.asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - if (ret != 0) - break; - } - #endif - - ret = ParseCertRelative(args->dCert, CERT_TYPE, 0, - ssl->ctx->cm); - if (ret != 0) { - #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { - ret = wolfSSL_AsyncPush(ssl, - args->dCert->sigCtx.asyncDev); + do { + /* intialize event */ + asyncDev = args->dCert->sigCtx.asyncDev; + if (asyncDev) { + ret = wolfSSL_AsyncInit(ssl, asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + if (ret != 0) + break; } - #endif - goto exit_ppc; - } + #endif + ret = ParseCertRelative(args->dCert, CERT_TYPE, 0, + ssl->ctx->cm); + if (ret != 0 && ret != WC_PENDING_E) + goto exit_ppc; + + #ifdef WOLFSSL_ASYNC_CRYPT + if (asyncDev && ret == WC_PENDING_E) { + ret = wolfSSL_AsyncPush(ssl, asyncDev); + goto exit_ppc; + } + } while (ret == WC_PENDING_E && asyncDev == NULL) + #endif #ifndef NO_SKID if (args->dCert->extAuthKeyIdSet) { @@ -8086,27 +8088,28 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } #ifdef WOLFSSL_ASYNC_CRYPT - /* intialize event */ - if (args->dCert->sigCtx.asyncDev) { - ret = wolfSSL_AsyncInit(ssl, - args->dCert->sigCtx.asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - if (ret != 0) - break; - } - #endif - - ret = ParseCertRelative(args->dCert, CERT_TYPE, 0, - ssl->ctx->cm); - if (ret != 0) { - #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { - ret = wolfSSL_AsyncPush(ssl, - args->dCert->sigCtx.asyncDev); + do { + /* intialize event */ + asyncDev = args->dCert->sigCtx.asyncDev; + if (asyncDev) { + ret = wolfSSL_AsyncInit(ssl, asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + if (ret != 0) + goto exit_ppc; } - #endif - goto exit_ppc; - } + #endif + ret = ParseCertRelative(args->dCert, CERT_TYPE, 0, + ssl->ctx->cm); + if (ret != 0 && ret != WC_PENDING_E) { + goto exit_ppc; + } + #ifdef WOLFSSL_ASYNC_CRYPT + if (asyncDev && ret == WC_PENDING_E) { + ret = wolfSSL_AsyncPush(ssl, asyncDev); + goto exit_ppc; + } + } while (ret == WC_PENDING_E && asyncDev == NULL); + #endif #ifndef NO_SKID subjectHash = args->dCert->extSubjKeyId; @@ -8140,24 +8143,24 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } #ifdef WOLFSSL_ASYNC_CRYPT - /* intialize event */ - if (args->dCert->sigCtx.asyncDev) { - ret = wolfSSL_AsyncInit(ssl, - args->dCert->sigCtx.asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - if (ret != 0) - goto exit_ppc; - } + do { + /* intialize event */ + asyncDev = args->dCert->sigCtx.asyncDev; + if (asyncDev) { + ret = wolfSSL_AsyncInit(ssl, asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + if (ret != 0) + goto exit_ppc; + } #endif - - ret = ParseCertRelative(args->dCert, CERT_TYPE, + ret = ParseCertRelative(args->dCert, CERT_TYPE, !ssl->options.verifyNone, ssl->ctx->cm); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { - ret = wolfSSL_AsyncPush(ssl, - args->dCert->sigCtx.asyncDev); - goto exit_ppc; - } + if (asyncDev && ret == WC_PENDING_E) { + ret = wolfSSL_AsyncPush(ssl, asyncDev); + goto exit_ppc; + } + } while (ret == WC_PENDING_E && asyncDev == NULL); #endif #ifndef NO_SKID @@ -8343,25 +8346,25 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, #endif { #ifdef WOLFSSL_ASYNC_CRYPT - /* intialize event */ - if (args->dCert->sigCtx.asyncDev) { - ret = wolfSSL_AsyncInit(ssl, - args->dCert->sigCtx.asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - if (ret != 0) - goto exit_ppc; - } + do { + /* intialize event */ + asyncDev = args->dCert->sigCtx.asyncDev; + if (asyncDev) { + ret = wolfSSL_AsyncInit(ssl, asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + if (ret != 0) + goto exit_ppc; + } #endif - - /* only parse if not already present in dCert from above */ - ret = ParseCertRelative(args->dCert, CERT_TYPE, + /* only parse if not already present in dCert from above */ + ret = ParseCertRelative(args->dCert, CERT_TYPE, !ssl->options.verifyNone, ssl->ctx->cm); #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { - ret = wolfSSL_AsyncPush(ssl, - args->dCert->sigCtx.asyncDev); - goto exit_ppc; - } + if (asyncDev && ret == WC_PENDING_E) { + ret = wolfSSL_AsyncPush(ssl, asyncDev); + goto exit_ppc; + } + } while (ret == WC_PENDING_E && asyncDev == NULL); #endif } diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 786233782..c59fa616d 100755 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -7897,6 +7897,10 @@ int wc_AesKeyWrap(const byte* key, word32 keySz, const byte* in, word32 inSz, XMEMCPY(r, in, inSz); XMEMSET(t, 0, sizeof(t)); + ret = wc_AesInit(&aes, NULL, INVALID_DEVID); + if (ret != 0) + return ret; + ret = wc_AesSetKey(&aes, key, keySz, NULL, AES_ENCRYPTION); if (ret != 0) return ret; @@ -7923,6 +7927,8 @@ int wc_AesKeyWrap(const byte* key, word32 keySz, const byte* in, word32 inSz, /* C[0] = A */ XMEMCPY(out, tmp, KEYWRAP_BLOCK_SIZE); + wc_AesFree(&aes); + return inSz + KEYWRAP_BLOCK_SIZE; } @@ -7964,6 +7970,10 @@ int wc_AesKeyUnWrap(const byte* key, word32 keySz, const byte* in, word32 inSz, XMEMCPY(out, in + KEYWRAP_BLOCK_SIZE, inSz - KEYWRAP_BLOCK_SIZE); XMEMSET(t, 0, sizeof(t)); + ret = wc_AesInit(&aes, NULL, INVALID_DEVID); + if (ret != 0) + return ret; + ret = wc_AesSetKey(&aes, key, keySz, NULL, AES_DECRYPTION); if (ret != 0) return ret; @@ -7989,6 +7999,8 @@ int wc_AesKeyUnWrap(const byte* key, word32 keySz, const byte* in, word32 inSz, } } + wc_AesFree(&aes); + /* verify IV */ if (XMEMCMP(tmp, expIv, KEYWRAP_BLOCK_SIZE) != 0) return BAD_KEYWRAP_IV_E; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 2869b3cf6..d27a63fd2 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -4697,10 +4697,12 @@ static int ConfirmSignature(SignatureCtx* sigCtx, sigCtx->state = SIG_STATE_DO; #ifdef WOLFSSL_ASYNC_CRYPT - /* always return here, so we can properly init the async - context back in SSL world */ - ret = WC_PENDING_E; - goto exit_cs; + if (sigCtx->devId != INVALID_DEVID) { + /* always return here, so we can properly init the async + context back in SSL world */ + ret = WC_PENDING_E; + goto exit_cs; + } #endif } /* SIG_STATE_KEY */ FALL_THROUGH; diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index faec6ca3e..8659a09fd 100755 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -2898,13 +2898,6 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point, case ECC_STATE_SHARED_SEC_RES: private_key->state = ECC_STATE_SHARED_SEC_RES; err = 0; - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) - if (private_key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) { - #if defined(HAVE_CAVIUM) || defined(HAVE_INTEL_QA) - err = private_key->asyncDev.event.ret; - #endif - } - #endif break; default: @@ -7175,15 +7168,10 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, } #endif - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = 0; - #endif - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &privKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - ret = wc_ecc_shared_secret(privKey, pubKey, sharedSecret, &sharedSz); - } while (ret == WC_PENDING_E); + ret = wc_ecc_shared_secret(privKey, pubKey, sharedSecret, &sharedSz); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &privKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif if (ret == 0) { switch (ctx->kdfAlgo) { case ecHKDF_SHA256 : @@ -7338,15 +7326,10 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, } #endif - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = 0; - #endif - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &privKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - ret = wc_ecc_shared_secret(privKey, pubKey, sharedSecret, &sharedSz); - } while (ret == WC_PENDING_E); + ret = wc_ecc_shared_secret(privKey, pubKey, sharedSecret, &sharedSz); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &privKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif if (ret == 0) { switch (ctx->kdfAlgo) { case ecHKDF_SHA256 : diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 3dac5603e..d175b5597 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -6740,6 +6740,11 @@ int rsa_test(void) DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT); DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT); +#ifdef WOLFSSL_ASYNC_CRYPT + if (in == NULL) + return MEMORY_E; +#endif + /* initialize stack structures */ XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 30ef7a944..917e0f2b1 100755 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -257,7 +257,7 @@ VAR_TYPE* VAR_NAME = (VAR_TYPE*)XMALLOC(sizeof(VAR_TYPE) * VAR_SIZE, HEAP, DYNAMIC_TYPE_WOLF_BIGINT); #define DECLARE_VAR_INIT(VAR_NAME, VAR_TYPE, VAR_SIZE, INIT_VALUE, HEAP) \ VAR_TYPE* VAR_NAME = ({ \ - VAR_TYPE* ptr = XMALLOC(sizeof(VAR_TYPE) * VAR_SIZE, HEAP, DYNAMIC_TYPE_WOLF_BIGINT); \ + VAR_TYPE* ptr = (VAR_TYPE*)XMALLOC(sizeof(VAR_TYPE) * VAR_SIZE, HEAP, DYNAMIC_TYPE_WOLF_BIGINT); \ if (ptr && INIT_VALUE) { \ XMEMCPY(ptr, INIT_VALUE, sizeof(VAR_TYPE) * VAR_SIZE); \ } \