From 9e532c29bebaebddd0d7236ec3ceb32c15aa9311 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 12 Jun 2018 15:23:16 -0700 Subject: [PATCH 1/2] Fixes for a couple of fsanitize warnings. Fix for possible leak with large request to `IntelQaDrbg`. --- wolfcrypt/src/port/intel/quickassist.c | 13 +++++++++---- wolfcrypt/src/port/intel/quickassist_mem.c | 4 ++-- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/wolfcrypt/src/port/intel/quickassist.c b/wolfcrypt/src/port/intel/quickassist.c index 1a9178b..08234fc 100644 --- a/wolfcrypt/src/port/intel/quickassist.c +++ b/wolfcrypt/src/port/intel/quickassist.c @@ -3404,10 +3404,15 @@ int IntelQaDrbg(WC_ASYNC_DEV* dev, byte* rngBuf, word32 rngSz) gen = 0xFFFF; pOut->dataLenInBytes = gen; - pOut->pData = XREALLOC(&rngBuf[idx], gen, dev->heap, - DYNAMIC_TYPE_ASYNC_NUMA); - if (pOut->pData == NULL) { - ret = MEMORY_E; goto exit; + if (idx == 0 && pOut->pData == NULL) { + pOut->pData = XREALLOC(rngBuf, gen, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + if (pOut->pData == NULL) { + ret = MEMORY_E; goto exit; + } + } + else { + XMEMCPY(pOut->pData, &rngBuf[idx], gen); } opData->sessionHandle = dev->qat.op.drbg.handle; diff --git a/wolfcrypt/src/port/intel/quickassist_mem.c b/wolfcrypt/src/port/intel/quickassist_mem.c index 8707749..f166c25 100644 --- a/wolfcrypt/src/port/intel/quickassist_mem.c +++ b/wolfcrypt/src/port/intel/quickassist_mem.c @@ -374,8 +374,8 @@ static void* _qaeMemAlloc(size_t size, void* heap, int type /* allocate type */ if (isNuma) { /* Node is typically 0 */ - ptr = qaeMemAllocNUMA(size + sizeof(qaeMemHeader), 0, alignment, - &page_offset); + ptr = qaeMemAllocNUMA((Cpa32U)(size + sizeof(qaeMemHeader)), 0, + alignment, &page_offset); } if (ptr == NULL) { isNuma = 0; From 2bb906965d7d9896291d5b1628345644f1642dee Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 20 Jun 2018 17:05:48 -0700 Subject: [PATCH 2/2] Fixes for fsantize tests with Cavium Nitrox V. Removed typedef for `CspHandle` since its already defined. --- wolfcrypt/src/port/cavium/cavium_nitrox.c | 27 ++++++++++++++++--- wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h | 1 - 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/wolfcrypt/src/port/cavium/cavium_nitrox.c b/wolfcrypt/src/port/cavium/cavium_nitrox.c index d6c403d..e3fc4a6 100644 --- a/wolfcrypt/src/port/cavium/cavium_nitrox.c +++ b/wolfcrypt/src/port/cavium/cavium_nitrox.c @@ -815,12 +815,22 @@ int NitroxAesGcmEncrypt(Aes* aes, byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz) { + const byte* ivTmp = iv; + byte ivLcl[AES_BLOCK_SIZE]; + (void)keySz; - (void)ivSz; (void)authTagSz; - return NitroxAesEncrypt(aes, AES_GCM, key, iv, out, in, sz, + + /* Nitrox HW requires IV buffer to be 16-bytes */ + if (ivSz < AES_BLOCK_SIZE) { + ivTmp = ivLcl; + XMEMCPY(ivLcl, iv, ivSz); + } + + return NitroxAesEncrypt(aes, AES_GCM, key, ivTmp, out, in, sz, authInSz, authIn, authTag); } + #ifdef HAVE_AES_DECRYPT int NitroxAesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, @@ -829,10 +839,19 @@ int NitroxAesGcmDecrypt(Aes* aes, const byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz) { + const byte* ivTmp = iv; + byte ivLcl[AES_BLOCK_SIZE]; + (void)keySz; - (void)ivSz; (void)authTagSz; - return NitroxAesDecrypt(aes, AES_GCM, key, iv, out, in, sz, + + /* Nitrox HW requires IV buffer to be 16-bytes */ + if (ivSz < AES_BLOCK_SIZE) { + ivTmp = ivLcl; + XMEMCPY(ivLcl, iv, ivSz); + } + + return NitroxAesDecrypt(aes, AES_GCM, key, ivTmp, out, in, sz, authInSz, authIn, authTag); } #endif /* HAVE_AES_DECRYPT */ diff --git a/wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h b/wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h index d72f78e..95795b2 100644 --- a/wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h +++ b/wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h @@ -51,7 +51,6 @@ #define AES_CBC 0x3 #define AES_GCM 0x7 #else - typedef int CspHandle; typedef word64 CavReqId; #define CAVIUM_DEV_ID 0 #define CAVIUM_BLOCKING BLOCKING