use EVP_CIPHER_CTX_new to use malloc memory instead of a nodejs Buffer that gets written on top of

Author: John Bland

WolfSSLEVP.js

@@ -20,7 +20,7 @@ var wolfcrypt = require('./build/Release/wolfcrypt');
 var stream = require('stream');
 var WolfSSLEVP = /** @class */ (function () {
     function WolfSSLEVP() {
-        this.evp = Buffer.alloc(wolfcrypt.sizeof_EVP_CIPHER_CTX());
+        this.evp = wolfcrypt.EVP_CIPHER_CTX_new();
         this.totalInputLength = 0;
     }
     /**
@@ -64,6 +64,7 @@ var WolfSSLEVP = /** @class */ (function () {
         var outBuffer = Buffer.alloc(this.totalInputLength);
         this.totalInputLength = 0;
         var ret = wolfcrypt.EVP_CipherFinal(this.evp, outBuffer);
+        wolfcrypt.EVP_CIPHER_CTX_free(this.evp);
         if (ret < 0) {
             throw 'Failed to finalize cipher';
         }

WolfSSLEVP.ts

@@ -2,11 +2,11 @@ const wolfcrypt = require( './build/Release/wolfcrypt' );
 const stream = require( 'stream' );
 
 class WolfSSLEVP {
-  protected evp: Buffer
+  protected evp: number
   protected totalInputLength: number
 
   public constructor() {
-    this.evp = Buffer.alloc( wolfcrypt.sizeof_EVP_CIPHER_CTX() )
+    this.evp = wolfcrypt.EVP_CIPHER_CTX_new()
     this.totalInputLength = 0
   }
 
@@ -63,6 +63,7 @@ class WolfSSLEVP {
     this.totalInputLength = 0;
 
     let ret = wolfcrypt.EVP_CipherFinal( this.evp, outBuffer )
+    wolfcrypt.EVP_CIPHER_CTX_free( this.evp )
 
     if ( ret < 0 )
     {

binding.gyp

@@ -4,7 +4,8 @@
         "cflags!": [ "-fno-exceptions" ],
         "cflags_cc!": [ "-fno-exceptions" ],
         "sources": [
-            "wolfbind/main.cpp"
+            "wolfbind/main.cpp",
+            "wolfbind/evp.cpp"
         ],
         'include_dirs': [
             "<!@(node -p \"require('node-addon-api').include\")"

main.js

@@ -29,6 +29,9 @@ if (actual == expected) {
 else {
     console.log('FAIL plaintext does not match what we expected', expected, expected.length, actual, actual.length);
 }
+// finalize frees the evp context, need to make it again
+decrypt = new WolfSSLEVP_1.WolfSSLDecryptor('AES-256-CBC', key, iv);
+encrypt = new WolfSSLEVP_1.WolfSSLEncryptor('AES-256-CBC', key, iv);
 var parts = [];
 var i;
 // lets put the api through its paces

main.ts

@@ -2,8 +2,8 @@ import { WolfSSLEncryptor, WolfSSLDecryptor, WolfSSLEncryptionStream, WolfSSLDec
 
 const key = Buffer.from('12345678901234567890123456789012')
 const iv = Buffer.from('1234567890123456')
-const decrypt = new WolfSSLDecryptor('AES-256-CBC', key, iv)
-const encrypt = new WolfSSLEncryptor('AES-256-CBC', key, iv)
+let decrypt = new WolfSSLDecryptor('AES-256-CBC', key, iv)
+let encrypt = new WolfSSLEncryptor('AES-256-CBC', key, iv)
 const expected = 'test'
 const expectedCiphertext = '24d31b1e41fc8c40e521531d67c72c20'
 // 17 bytes to test padding
@@ -37,6 +37,10 @@ else
   console.log( 'FAIL plaintext does not match what we expected', expected, expected.length, actual, actual.length )
 }
 
+// finalize frees the evp context, need to make it again
+decrypt = new WolfSSLDecryptor('AES-256-CBC', key, iv)
+encrypt = new WolfSSLEncryptor('AES-256-CBC', key, iv)
+
 let parts = []
 let i;
 

wolfbind/evp.cpp

@@ -0,0 +1,73 @@
+#include "./h/evp.h"
+
+Napi::Number sizeof_EVP_CIPHER_CTX(const Napi::CallbackInfo& info)
+{
+  Napi::Env env = info.Env();
+
+  return Napi::Number::New( env, sizeof( EVP_CIPHER_CTX ) );
+}
+
+Napi::Value bind_EVP_CIPHER_CTX_new(const Napi::CallbackInfo& info)
+{
+  Napi::Env env = info.Env();
+  EVP_CIPHER_CTX* evp = EVP_CIPHER_CTX_new();
+  Napi::External<EVP_CIPHER_CTX> evp_ext = Napi::External<EVP_CIPHER_CTX>::New( env, evp );
+
+  return evp_ext;
+}
+
+Napi::Number bind_EVP_CipherInit(const Napi::CallbackInfo& info)
+{
+  Napi::Env env = info.Env();
+  int ret;
+  EVP_CIPHER_CTX* evp = info[0].As<Napi::External<EVP_CIPHER_CTX>>().Data();
+  std::string type = info[1].As<Napi::String>().Utf8Value();
+  uint8_t* key = info[2].As<Napi::Uint8Array>().Data();
+  uint8_t* iv = info[3].As<Napi::Uint8Array>().Data();
+  int enc = info[4].As<Napi::Number>().Int32Value();
+
+  ret = EVP_CipherInit( evp, type.c_str(), key, iv, enc );
+
+  return Napi::Number::New( env, ret );
+}
+
+Napi::Number bind_EVP_CipherUpdate(const Napi::CallbackInfo& info)
+{
+  Napi::Env env = info.Env();
+  int ret;
+  EVP_CIPHER_CTX* evp = info[0].As<Napi::External<EVP_CIPHER_CTX>>().Data();
+  uint8_t* out_buf = info[1].As<Napi::Uint8Array>().Data();
+  int out_len;
+  uint8_t* in_buf = info[2].As<Napi::Uint8Array>().Data();
+  int in_len = info[3].As<Napi::Number>().Int32Value();
+
+  ret = EVP_CipherUpdate( evp, out_buf, &out_len, in_buf, in_len );
+
+  if ( ret != WOLFSSL_SUCCESS )
+    out_len = -1;
+
+  return Napi::Number::New( env, out_len );
+}
+
+Napi::Number bind_EVP_CipherFinal(const Napi::CallbackInfo& info)
+{
+  Napi::Env env = info.Env();
+  int ret;
+  EVP_CIPHER_CTX* evp = info[0].As<Napi::External<EVP_CIPHER_CTX>>().Data();
+  uint8_t* out_buf = info[1].As<Napi::Uint8Array>().Data();
+  int out_len;
+
+  ret = EVP_CipherFinal( evp, out_buf, &out_len );
+
+  if ( ret != WOLFSSL_SUCCESS )
+    out_len = -1;
+
+  return Napi::Number::New( env, out_len );
+}
+
+void bind_EVP_CIPHER_CTX_free(const Napi::CallbackInfo& info)
+{
+  EVP_CIPHER_CTX* evp = info[0].As<Napi::External<EVP_CIPHER_CTX>>().Data();
+
+  EVP_CIPHER_CTX_free( evp );
+}

wolfbind/h/evp.h

@@ -0,0 +1,13 @@
+#include <napi.h>
+#include <stdio.h>
+#include <cstring>
+#include "wolfssl/options.h"
+#include "wolfssl/ssl.h"
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/openssl/evp.h>
+
+Napi::Value bind_EVP_CIPHER_CTX_new(const Napi::CallbackInfo& info);
+Napi::Number bind_EVP_CipherInit(const Napi::CallbackInfo& info);
+Napi::Number bind_EVP_CipherUpdate(const Napi::CallbackInfo& info);
+Napi::Number bind_EVP_CipherFinal(const Napi::CallbackInfo& info);
+void bind_EVP_CIPHER_CTX_free(const Napi::CallbackInfo& info);

wolfbind/hmac.c

@@ -0,0 +1,58 @@
+#include "./h/hmac.h"
+
+Napi::Number sizeof_EVP_CIPHER_CTX(const Napi::CallbackInfo& info)
+{
+  Napi::Env env = info.Env();
+
+  return Napi::Number::New( env, sizeof( Hmac ) );
+}
+
+Napi::Number bind_wc_HmacSetKey(const Napi::CallbackInfo& info)
+{
+  Napi::Env env = info.Env();
+  int ret;
+  Hmac* hmac = (Hmac*)( info[0].As<Napi::Uint8Array>().Data() );
+  int type = info[1].As<Napi::Number>().Int32Value();
+  uint8_t* key = info[2].As<Napi::Uint8Array>().Data();
+  uint32_t keySz = info[3].As<Napi::Number>().Uint32Value();
+
+  ret = wc_HmacSetKey( hmac, type, key, keySz );
+
+  return Napi::Number::New( env, ret );
+}
+
+Napi::Number bind_wc_HmacUpdate(const Napi::CallbackInfo& info)
+{
+  Napi::Env env = info.Env();
+  int ret;
+  Hmac* hmac = (Hmac*)( info[0].As<Napi::Uint8Array>().Data() );
+  uint8_t* in = info[1].As<Napi::Uint8Array>().Data();
+  int inSz = info[2].As<Napi::Number>().Int32Value();
+
+  ret = wc_HmacUpdate( hmac, in, inSz );
+
+  return Napi::Number::New( env, ret );
+}
+
+Napi::Number bind_wc_HmacFinal(const Napi::CallbackInfo& info)
+{
+  Napi::Env env = info.Env();
+  int ret;
+  Hmac* hmac = (Hmac*)( info[0].As<Napi::Uint8Array>().Data() );
+  uint8_t* out = info[1].As<Napi::Uint8Array>().Data();
+
+  ret = wc_HmacFinal( hmac, out );
+
+  return Napi::Number::New( env, ret );
+}
+
+Napi::Number bind_wc_HmacFree(const Napi::CallbackInfo& info)
+{
+  Napi::Env env = info.Env();
+  int ret;
+  Hmac* hmac = (Hmac*)( info[0].As<Napi::Uint8Array>().Data() );
+
+  ret = wc_HmacFree( hmac );
+
+  return Napi::Number::New( env, ret );
+}

wolfbind/main.cpp

@@ -1,11 +1,10 @@
 #include <napi.h>
 #include <stdio.h>
 #include <cstring>
-#include "wolfssl/options.h"
-#include "wolfssl/ssl.h"
+#include "./h/evp.h"
+#include <wolfssl/options.h>
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/aes.h>
-#include <wolfssl/openssl/evp.h>
 
 using namespace Napi;
 
@@ -16,62 +15,6 @@ typedef struct WrappedKey
   uint8_t iv[16];
 } WrappedKey;
 
-Napi::Number sizeof_EVP_CIPHER_CTX(const Napi::CallbackInfo& info)
-{
-  Napi::Env env = info.Env();
-
-  return Napi::Number::New( env, sizeof( EVP_CIPHER_CTX ) );
-}
-
-Napi::Number bind_EVP_CipherInit(const Napi::CallbackInfo& info)
-{
-  Napi::Env env = info.Env();
-  int ret;
-  EVP_CIPHER_CTX* evp = (EVP_CIPHER_CTX*)( info[0].As<Napi::Uint8Array>().Data() );
-  std::string type = info[1].As<Napi::String>().Utf8Value();
-  uint8_t* key = info[2].As<Napi::Uint8Array>().Data();
-  uint8_t* iv = info[3].As<Napi::Uint8Array>().Data();
-  int enc = info[4].As<Napi::Number>().Int32Value();
-
-  ret = EVP_CipherInit( evp, type.c_str(), key, iv, enc );
-
-  return Napi::Number::New( env, ret );
-}
-
-Napi::Number bind_EVP_CipherUpdate(const Napi::CallbackInfo& info)
-{
-  Napi::Env env = info.Env();
-  int ret;
-  EVP_CIPHER_CTX* evp = (EVP_CIPHER_CTX*)( info[0].As<Napi::Uint8Array>().Data() );
-  uint8_t* out_buf = info[1].As<Napi::Uint8Array>().Data();
-  int out_len;
-  uint8_t* in_buf = info[2].As<Napi::Uint8Array>().Data();
-  int in_len = info[3].As<Napi::Number>().Int32Value();
-
-  ret = EVP_CipherUpdate( evp, out_buf, &out_len, in_buf, in_len );
-
-  if ( ret != WOLFSSL_SUCCESS )
-    out_len = -1;
-
-  return Napi::Number::New( env, out_len );
-}
-
-Napi::Number bind_EVP_CipherFinal(const Napi::CallbackInfo& info)
-{
-  Napi::Env env = info.Env();
-  int ret;
-  EVP_CIPHER_CTX* evp = (EVP_CIPHER_CTX*)( info[0].As<Napi::Uint8Array>().Data() );
-  uint8_t* out_buf = info[1].As<Napi::Uint8Array>().Data();
-  int out_len;
-
-  ret = EVP_CipherFinal( evp, out_buf, &out_len );
-
-  if ( ret != WOLFSSL_SUCCESS )
-    out_len = -1;
-
-  return Napi::Number::New( env, out_len );
-}
-
 Napi::Number MakeAes(const Napi::CallbackInfo& info)
 {
   int ret = 0;
@@ -135,10 +78,11 @@ Napi::Object Init(Napi::Env env, Napi::Object exports)
   exports.Set(Napi::String::New(env, "Encrypt"), Napi::Function::New(env, Encrypt));
   exports.Set(Napi::String::New(env, "Decrypt"), Napi::Function::New(env, Decrypt));
 
-  exports.Set(Napi::String::New(env, "sizeof_EVP_CIPHER_CTX"), Napi::Function::New(env, sizeof_EVP_CIPHER_CTX));
+  exports.Set(Napi::String::New(env, "EVP_CIPHER_CTX_new"), Napi::Function::New(env, bind_EVP_CIPHER_CTX_new));
   exports.Set(Napi::String::New(env, "EVP_CipherInit"), Napi::Function::New(env, bind_EVP_CipherInit));
   exports.Set(Napi::String::New(env, "EVP_CipherUpdate"), Napi::Function::New(env, bind_EVP_CipherUpdate));
   exports.Set(Napi::String::New(env, "EVP_CipherFinal"), Napi::Function::New(env, bind_EVP_CipherFinal));
+  exports.Set(Napi::String::New(env, "EVP_CIPHER_CTX_free"), Napi::Function::New(env, bind_EVP_CIPHER_CTX_free));
 
   return exports;
 }