Skip to content

Commit df79b10

Browse files
dgarskedgarske
authored
Merge pull request #9359 from douzzer/20251028-fixes
20251028 fixes
2 parents 1d64a4e + 8c60b7b commit df79b10

8 files changed

Lines changed: 103 additions & 55 deletions

File tree

linuxkm/module_hooks.c

Lines changed: 19 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -369,22 +369,38 @@ int wc_linuxkm_GenerateSeed_IntelRD(struct OS_Seed* os, byte* output, word32 sz)
369369

370370
wc_InitRng_IntelRD();
371371

372-
if (!IS_INTEL_RDSEED(intel_flags))
372+
if (!IS_INTEL_RDSEED(intel_flags)) {
373+
static wolfSSL_Atomic_Int warned_on_missing_RDSEED = WOLFSSL_ATOMIC_INITIALIZER(0);
374+
int expected_warned_on_missing_RDSEED = 0;
375+
if (wolfSSL_Atomic_Int_CompareExchange(
376+
&warned_on_missing_RDSEED, &expected_warned_on_missing_RDSEED, 1))
377+
{
378+
pr_err("ERROR: wc_linuxkm_GenerateSeed_IntelRD() called on CPU without RDSEED support.\n");
379+
}
373380
return -1;
381+
}
374382

375383
for (; (sz / sizeof(word64)) > 0; sz -= sizeof(word64),
376384
output += sizeof(word64)) {
377385
ret = IntelRDseed64_r((word64*)output);
378-
if (ret != 0)
386+
if (ret != 0) {
387+
#ifdef WOLFSSL_LINUXKM_VERBOSE_DEBUG
388+
pr_err("ERROR: IntelRDseed64_r() returned code %d.\n", ret);
389+
#endif
379390
return ret;
391+
}
380392
}
381393
if (sz == 0)
382394
return 0;
383395

384396
/* handle unaligned remainder */
385397
ret = IntelRDseed64_r(&rndTmp);
386-
if (ret != 0)
398+
if (ret != 0) {
399+
#ifdef WOLFSSL_LINUXKM_VERBOSE_DEBUG
400+
pr_err("ERROR: IntelRDseed64_r() returned code %d.\n", ret);
401+
#endif
387402
return ret;
403+
}
388404

389405
XMEMCPY(output, &rndTmp, sz);
390406
wc_ForceZero(&rndTmp, sizeof(rndTmp));

src/internal.c

Lines changed: 28 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -34022,9 +34022,11 @@ int SendClientKeyExchange(WOLFSSL* ssl)
3402234022
{
3402334023
#ifdef HAVE_CURVE25519
3402434024
if (ssl->peerX25519KeyPresent) {
34025-
ret = X25519SharedSecret(ssl,
34025+
ret = X25519SharedSecret(
34026+
ssl,
3402634027
(curve25519_key*)ssl->hsKey, ssl->peerX25519Key,
34027-
args->output + OPAQUE8_LEN, &args->length,
34028+
args->output ? args->output + OPAQUE8_LEN : NULL,
34029+
&args->length,
3402834030
ssl->arrays->preMasterSecret + OPAQUE16_LEN,
3402934031
&ssl->arrays->preMasterSz,
3403034032
WOLFSSL_CLIENT_END
@@ -34043,9 +34045,11 @@ int SendClientKeyExchange(WOLFSSL* ssl)
3404334045
#endif
3404434046
#ifdef HAVE_CURVE448
3404534047
if (ssl->peerX448KeyPresent) {
34046-
ret = X448SharedSecret(ssl,
34048+
ret = X448SharedSecret(
34049+
ssl,
3404734050
(curve448_key*)ssl->hsKey, ssl->peerX448Key,
34048-
args->output + OPAQUE8_LEN, &args->length,
34051+
args->output ? args->output + OPAQUE8_LEN : NULL,
34052+
&args->length,
3404934053
ssl->arrays->preMasterSecret + OPAQUE16_LEN,
3405034054
&ssl->arrays->preMasterSz,
3405134055
WOLFSSL_CLIENT_END
@@ -34062,9 +34066,11 @@ int SendClientKeyExchange(WOLFSSL* ssl)
3406234066
break;
3406334067
}
3406434068
#endif
34065-
ret = EccSharedSecret(ssl,
34069+
ret = EccSharedSecret(
34070+
ssl,
3406634071
(ecc_key*)ssl->hsKey, ssl->peerEccKey,
34067-
args->output + OPAQUE8_LEN, &args->length,
34072+
args->output ? args->output + OPAQUE8_LEN : NULL,
34073+
&args->length,
3406834074
ssl->arrays->preMasterSecret + OPAQUE16_LEN,
3406934075
&ssl->arrays->preMasterSz,
3407034076
WOLFSSL_CLIENT_END
@@ -34090,9 +34096,11 @@ int SendClientKeyExchange(WOLFSSL* ssl)
3409034096

3409134097
#ifdef HAVE_CURVE25519
3409234098
if (ssl->peerX25519KeyPresent) {
34093-
ret = X25519SharedSecret(ssl,
34099+
ret = X25519SharedSecret(
34100+
ssl,
3409434101
(curve25519_key*)ssl->hsKey, ssl->peerX25519Key,
34095-
args->encSecret + OPAQUE8_LEN, &args->encSz,
34102+
args->encSecret ? args->encSecret + OPAQUE8_LEN : NULL,
34103+
&args->encSz,
3409634104
ssl->arrays->preMasterSecret,
3409734105
&ssl->arrays->preMasterSz,
3409834106
WOLFSSL_CLIENT_END
@@ -34111,9 +34119,11 @@ int SendClientKeyExchange(WOLFSSL* ssl)
3411134119
#endif
3411234120
#ifdef HAVE_CURVE448
3411334121
if (ssl->peerX448KeyPresent) {
34114-
ret = X448SharedSecret(ssl,
34122+
ret = X448SharedSecret(
34123+
ssl,
3411534124
(curve448_key*)ssl->hsKey, ssl->peerX448Key,
34116-
args->encSecret + OPAQUE8_LEN, &args->encSz,
34125+
args->encSecret ? args->encSecret + OPAQUE8_LEN : NULL,
34126+
&args->encSz,
3411734127
ssl->arrays->preMasterSecret,
3411834128
&ssl->arrays->preMasterSz,
3411934129
WOLFSSL_CLIENT_END
@@ -34134,12 +34144,14 @@ int SendClientKeyExchange(WOLFSSL* ssl)
3413434144
peerKey = (ssl->specs.static_ecdh) ?
3413534145
ssl->peerEccDsaKey : ssl->peerEccKey;
3413634146

34137-
ret = EccSharedSecret(ssl,
34138-
(ecc_key*)ssl->hsKey, peerKey,
34139-
args->encSecret + OPAQUE8_LEN, &args->encSz,
34140-
ssl->arrays->preMasterSecret,
34141-
&ssl->arrays->preMasterSz,
34142-
WOLFSSL_CLIENT_END);
34147+
ret = EccSharedSecret(
34148+
ssl,
34149+
(ecc_key*)ssl->hsKey, peerKey,
34150+
args->encSecret ? args->encSecret + OPAQUE8_LEN : NULL,
34151+
&args->encSz,
34152+
ssl->arrays->preMasterSecret,
34153+
&ssl->arrays->preMasterSz,
34154+
WOLFSSL_CLIENT_END);
3414334155

3414434156
if (!ssl->specs.static_ecdh
3414534157
#ifdef WOLFSSL_ASYNC_CRYPT

src/x509.c

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -463,10 +463,14 @@ int wolfSSL_X509_get_ext_by_OBJ(const WOLFSSL_X509 *x,
463463
lastpos++;
464464
if (lastpos < 0)
465465
lastpos = 0;
466-
for (; lastpos < wolfSSL_sk_num(sk); lastpos++)
467-
if (wolfSSL_OBJ_cmp(wolfSSL_sk_X509_EXTENSION_value(sk,
468-
lastpos)->obj, obj) == 0)
466+
for (; lastpos < wolfSSL_sk_num(sk); lastpos++) {
467+
const WOLFSSL_X509_EXTENSION *ext =
468+
wolfSSL_sk_X509_EXTENSION_value(sk, lastpos);
469+
if (ext == NULL)
470+
continue;
471+
if (wolfSSL_OBJ_cmp(ext->obj, obj) == 0)
469472
return lastpos;
473+
}
470474
return WOLFSSL_FATAL_ERROR;
471475
}
472476

@@ -8343,6 +8347,9 @@ int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,
83438347
for (i=0; i < num; i++) {
83448348
info_tmp = wolfSSL_sk_X509_INFO_value(info, i);
83458349

8350+
if (info_tmp == NULL)
8351+
continue;
8352+
83468353
if (info_tmp->x509) {
83478354
if (wolfSSL_X509_STORE_add_cert(ctx->store, info_tmp->x509) ==
83488355
WOLFSSL_SUCCESS) {

tests/api.c

Lines changed: 17 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -36905,6 +36905,7 @@ static int test_wolfSSL_PKCS7_sign(void)
3690536905
flags = PKCS7_BINARY | PKCS7_DETACHED;
3690636906
ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
3690736907
ExpectIntGT((outLen = i2d_PKCS7(p7, &out)), 0);
36908+
ExpectNotNull(out);
3690836909

3690936910
/* verify with wolfCrypt, d2i_PKCS7 does not support detached content */
3691036911
ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId));
@@ -36924,14 +36925,16 @@ static int test_wolfSSL_PKCS7_sign(void)
3692436925
p7Ver->contentSz = sizeof(data);
3692536926
}
3692636927
/* test for streaming */
36927-
ret = -1;
36928-
for (z = 0; z < outLen && ret != 0; z++) {
36929-
ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1);
36930-
if (ret < 0){
36931-
ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
36928+
if (EXPECT_SUCCESS()) {
36929+
ret = -1;
36930+
for (z = 0; z < outLen && ret != 0; z++) {
36931+
ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1);
36932+
if (ret < 0){
36933+
ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
36934+
}
3693236935
}
36936+
ExpectIntEQ(ret, 0);
3693336937
}
36934-
ExpectIntEQ(ret, 0);
3693536938
wc_PKCS7_Free(p7Ver);
3693636939
p7Ver = NULL;
3693736940
#endif /* !NO_PKCS7_STREAM */
@@ -36943,7 +36946,6 @@ static int test_wolfSSL_PKCS7_sign(void)
3694336946
PKCS7_free(p7Ver);
3694436947
p7Ver = NULL;
3694536948

36946-
ExpectNotNull(out);
3694736949
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3694836950
out = NULL;
3694936951
PKCS7_free(p7);
@@ -36983,15 +36985,16 @@ static int test_wolfSSL_PKCS7_sign(void)
3698336985
p7Ver->contentSz = sizeof(data);
3698436986
}
3698536987
/* test for streaming */
36986-
ret = -1;
36987-
for (z = 0; z < outLen && ret != 0; z++) {
36988-
ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1);
36989-
if (ret < 0){
36990-
ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
36988+
if (EXPECT_SUCCESS()) {
36989+
ret = -1;
36990+
for (z = 0; z < outLen && ret != 0; z++) {
36991+
ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1);
36992+
if (ret < 0){
36993+
ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
36994+
}
3699136995
}
36996+
ExpectIntEQ(ret, 0);
3699236997
}
36993-
ExpectIntEQ(ret, 0);
36994-
ExpectNotNull(out);
3699536998
wc_PKCS7_Free(p7Ver);
3699636999
p7Ver = NULL;
3699737000
#endif /* !NO_PKCS7_STREAM */

wolfcrypt/src/chacha.c

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -115,7 +115,7 @@ Public domain.
115115
*/
116116
int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter)
117117
{
118-
#if !defined(WOLFSSL_ARMASM)
118+
#if !defined(USE_ARM_CHACHA_SPEEDUP)
119119
word32 temp[CHACHA_IV_WORDS];/* used for alignment of memory */
120120
#endif
121121

@@ -124,7 +124,7 @@ int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter)
124124

125125
ctx->left = 0; /* resets state */
126126

127-
#if !defined(WOLFSSL_ARMASM)
127+
#if !defined(USE_ARM_CHACHA_SPEEDUP)
128128
XMEMCPY(temp, inIv, CHACHA_IV_BYTES);
129129
/* block counter */
130130
ctx->X[CHACHA_MATRIX_CNT_IV+0] = counter;
@@ -141,7 +141,7 @@ int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter)
141141
return 0;
142142
}
143143

144-
#if !defined(WOLFSSL_ARMASM)
144+
#if !defined(USE_ARM_CHACHA_SPEEDUP)
145145
/* "expand 32-byte k" as unsigned 32 byte */
146146
static const word32 sigma[4] = {0x61707865, 0x3320646e, 0x79622d32, 0x6b206574};
147147
/* "expand 16-byte k" as unsigned 16 byte */
@@ -153,7 +153,7 @@ static const word32 tau[4] = {0x61707865, 0x3120646e, 0x79622d36, 0x6b206574};
153153
*/
154154
int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
155155
{
156-
#if !defined(WOLFSSL_ARMASM)
156+
#if !defined(USE_ARM_CHACHA_SPEEDUP)
157157
const word32* constants;
158158
const byte* k;
159159
#ifdef XSTREAM_ALIGN
@@ -167,7 +167,7 @@ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
167167
if (keySz != (CHACHA_MAX_KEY_SZ/2) && keySz != CHACHA_MAX_KEY_SZ)
168168
return BAD_FUNC_ARG;
169169

170-
#if !defined(WOLFSSL_ARMASM)
170+
#if !defined(USE_ARM_CHACHA_SPEEDUP)
171171
#ifdef XSTREAM_ALIGN
172172
if ((wc_ptr_t)key % 4) {
173173
WOLFSSL_MSG("wc_ChachaSetKey unaligned key");
@@ -220,7 +220,7 @@ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
220220
return 0;
221221
}
222222

223-
#if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM)
223+
#if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(USE_ARM_CHACHA_SPEEDUP)
224224
/**
225225
* Converts word into bytes with rotations having been done.
226226
*/
@@ -267,7 +267,7 @@ extern void chacha_encrypt_avx2(ChaCha* ctx, const byte* m, byte* c,
267267
#endif
268268

269269

270-
#if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM)
270+
#if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(USE_ARM_CHACHA_SPEEDUP)
271271
/**
272272
* Encrypt a stream of bytes
273273
*/
@@ -365,7 +365,7 @@ int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input,
365365
chacha_encrypt_x64(ctx, input, output, msglen);
366366
return 0;
367367
}
368-
#elif defined(WOLFSSL_ARMASM)
368+
#elif defined(USE_ARM_CHACHA_SPEEDUP)
369369
/* Handle left over bytes from last block. */
370370
if ((msglen > 0) && (ctx->left > 0)) {
371371
byte* over = ((byte*)ctx->over) + CHACHA_CHUNK_BYTES - ctx->left;

wolfcrypt/src/kdf.c

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -797,8 +797,10 @@ int wc_SSH_KDF(byte hashId, byte keyId, byte* key, word32 keySz,
797797
remainder = keySz % digestSz;
798798

799799
ret = _HashInit(enmhashId, &hash);
800-
if (ret == 0)
801-
ret = _HashUpdate(enmhashId, &hash, kSzFlat, LENGTH_SZ);
800+
if (ret != 0)
801+
return ret;
802+
803+
ret = _HashUpdate(enmhashId, &hash, kSzFlat, LENGTH_SZ);
802804
if (ret == 0 && kPad)
803805
ret = _HashUpdate(enmhashId, &hash, &pad, 1);
804806
if (ret == 0)

wolfcrypt/src/sha256.c

Lines changed: 11 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1105,6 +1105,10 @@ int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
11051105
sha256->heap = heap;
11061106
(void)devId;
11071107

1108+
#ifdef WOLFSSL_SMALL_STACK_CACHE
1109+
sha256->W = NULL;
1110+
#endif
1111+
11081112
return ret;
11091113
}
11101114

@@ -1241,16 +1245,16 @@ static WC_INLINE int Transform_Sha256_Len(wc_Sha256* sha256, const byte* data,
12411245
#if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_NO_MALLOC)
12421246
word32* W = sha256->W;
12431247
if (W == NULL) {
1244-
W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE, NULL,
1245-
DYNAMIC_TYPE_DIGEST);
1248+
W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE,
1249+
sha256->heap, DYNAMIC_TYPE_DIGEST);
12461250
if (W == NULL)
12471251
return MEMORY_E;
12481252
sha256->W = W;
12491253
}
12501254
#elif defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
12511255
word32* W;
1252-
W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE, NULL,
1253-
DYNAMIC_TYPE_TMP_BUFFER);
1256+
W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE,
1257+
sha256->heap, DYNAMIC_TYPE_TMP_BUFFER);
12541258
if (W == NULL)
12551259
return MEMORY_E;
12561260
#else
@@ -1291,7 +1295,7 @@ static WC_INLINE int Transform_Sha256_Len(wc_Sha256* sha256, const byte* data,
12911295
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE) &&\
12921296
!defined(WOLFSSL_NO_MALLOC)
12931297
ForceZero(W, sizeof(word32) * WC_SHA256_BLOCK_SIZE);
1294-
XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1298+
XFREE(W, sha256->heap, DYNAMIC_TYPE_TMP_BUFFER);
12951299
#endif
12961300
return 0;
12971301
}
@@ -2308,7 +2312,7 @@ static WC_INLINE int Transform_Sha256_Len(wc_Sha256* sha256, const byte* data,
23082312
#ifdef WOLFSSL_SMALL_STACK_CACHE
23092313
if (sha224->W != NULL) {
23102314
ForceZero(sha224->W, sizeof(word32) * WC_SHA224_BLOCK_SIZE);
2311-
XFREE(sha224->W, NULL, DYNAMIC_TYPE_DIGEST);
2315+
XFREE(sha224->W, sha224->heap, DYNAMIC_TYPE_DIGEST);
23122316
sha224->W = NULL;
23132317
}
23142318
#endif
@@ -2391,7 +2395,7 @@ void wc_Sha256Free(wc_Sha256* sha256)
23912395
#ifdef WOLFSSL_SMALL_STACK_CACHE
23922396
if (sha256->W != NULL) {
23932397
ForceZero(sha256->W, sizeof(word32) * WC_SHA256_BLOCK_SIZE);
2394-
XFREE(sha256->W, NULL, DYNAMIC_TYPE_DIGEST);
2398+
XFREE(sha256->W, sha256->heap, DYNAMIC_TYPE_DIGEST);
23952399
sha256->W = NULL;
23962400
}
23972401
#endif

wolfssl/wolfcrypt/chacha.h

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,10 @@ Block counter is located at index 12.
6868
#define USE_INTEL_CHACHA_SPEEDUP
6969
#define HAVE_INTEL_AVX1
7070
#endif
71+
#elif defined(WOLFSSL_ARMASM)
72+
#ifndef NO_CHACHA_ASM
73+
#define USE_ARM_CHACHA_SPEEDUP
74+
#endif
7175
#endif
7276

7377
enum {
@@ -82,7 +86,7 @@ typedef struct ChaCha {
8286
byte extra[12];
8387
#endif
8488
word32 left; /* number of bytes leftover */
85-
#if defined(USE_INTEL_CHACHA_SPEEDUP) || defined(WOLFSSL_ARMASM) || \
89+
#if defined(USE_INTEL_CHACHA_SPEEDUP) || defined(USE_ARM_CHACHA_SPEEDUP) || \
8690
defined(WOLFSSL_RISCV_ASM)
8791
word32 over[CHACHA_CHUNK_WORDS];
8892
#endif
@@ -107,7 +111,7 @@ WOLFSSL_API int wc_XChacha_SetKey(ChaCha *ctx, const byte *key, word32 keySz,
107111
word32 counter);
108112
#endif
109113

110-
#if defined(WOLFSSL_ARMASM)
114+
#if defined(USE_ARM_CHACHA_SPEEDUP)
111115

112116
WOLFSSL_LOCAL void wc_chacha_setiv(word32* x, const byte* iv, word32 counter);
113117
WOLFSSL_LOCAL void wc_chacha_setkey(word32* x, const byte* key, word32 keySz);

0 commit comments

Comments
 (0)