Skip to content

Commit 842e236

Browse files
dgarskedgarske
authored
Merge pull request #8881 from douzzer/20250615-heapmath-FREE_MP_INT_SIZE
20250615-heapmath-FREE_MP_INT_SIZE
2 parents 5151a22 + d5ce974 commit 842e236

3 files changed

Lines changed: 58 additions & 30 deletions

File tree

.wolfssl_known_macro_extras

Lines changed: 0 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -87,7 +87,6 @@ CONFIG_ESP_TLS_USING_WOLFSSL
8787
CONFIG_ESP_WIFI_PASSWORD
8888
CONFIG_ESP_WIFI_SSID
8989
CONFIG_ESP_WOLFSSL_ENABLE_KYBER
90-
CONFIG_ESP_WOLFSSL_ENABLE_MLKEM
9190
CONFIG_ESP_WOLFSSL_ENABLE_WOLFSSH
9291
CONFIG_ESP_WOLFSSL_NO_ESP32_CRYPT
9392
CONFIG_ESP_WOLFSSL_NO_HW_AES
@@ -287,7 +286,6 @@ IOTSAFE_NO_GETDATA
287286
IOTSAFE_SIG_8BIT_LENGTH
288287
KCAPI_USE_XMALLOC
289288
K_SERIES
290-
LIBWOLFSSL_CMAKE_OUTPUT
291289
LIBWOLFSSL_VERSION_GIT_BRANCH
292290
LIBWOLFSSL_VERSION_GIT_HASH
293291
LIBWOLFSSL_VERSION_GIT_HASH_DATE
@@ -460,7 +458,6 @@ SHOW_CERTS
460458
SHOW_GEN
461459
SHOW_SIZES
462460
SHOW_SSID_AND_PASSWORD
463-
SHOW_WOLFSSL_BUNDLE_ERROR
464461
SIM_SCGC3_RNGA_MASK
465462
SIM_SCGC5_PORTC_MASK
466463
SIM_SCGC5_PORTD_MASK
@@ -682,7 +679,6 @@ WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN
682679
WOLFSSL_EMNET
683680
WOLFSSL_ESPWROOM32
684681
WOLFSSL_EVP_PRINT
685-
WOLFSSL_EXPERIMENTAL_SETTINGS
686682
WOLFSSL_EXPORT_INT
687683
WOLFSSL_EXPORT_SPC_SZ
688684
WOLFSSL_EXTRA
@@ -699,7 +695,6 @@ WOLFSSL_HARDEN_TLS_ALLOW_OLD_TLS
699695
WOLFSSL_HARDEN_TLS_ALLOW_TRUNCATED_HMAC
700696
WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK
701697
WOLFSSL_HARDEN_TLS_NO_SCR_CHECK
702-
WOLFSSL_HAVE_MLKEM
703698
WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
704699
WOLFSSL_I2D_ECDSA_SIG_ALLOC
705700
WOLFSSL_IAR_ARM_TIME
@@ -712,9 +707,6 @@ WOLFSSL_IMXRT_DCP
712707
WOLFSSL_ISOTP
713708
WOLFSSL_KEIL
714709
WOLFSSL_KEIL_NET
715-
WOLFSSL_KYBER1024
716-
WOLFSSL_KYBER512
717-
WOLFSSL_KYBER768
718710
WOLFSSL_KYBER_NO_DECAPSULATE
719711
WOLFSSL_KYBER_NO_ENCAPSULATE
720712
WOLFSSL_KYBER_NO_MAKE_KEY
@@ -737,7 +729,6 @@ WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM
737729
WOLFSSL_MLKEM_NO_LARGE_CODE
738730
WOLFSSL_MLKEM_NO_MALLOC
739731
WOLFSSL_MLKEM_NTT_UNROLL
740-
WOLFSSL_ML_KEM_USE_OLD_IDS
741732
WOLFSSL_MONT_RED_CT
742733
WOLFSSL_MP_COND_COPY
743734
WOLFSSL_MP_INVMOD_CONSTANT_TIME
@@ -768,9 +759,6 @@ WOLFSSL_NO_KCAPI_HMAC_SHA256
768759
WOLFSSL_NO_KCAPI_HMAC_SHA384
769760
WOLFSSL_NO_KCAPI_HMAC_SHA512
770761
WOLFSSL_NO_KCAPI_SHA224
771-
WOLFSSL_NO_ML_KEM_1024
772-
WOLFSSL_NO_ML_KEM_512
773-
WOLFSSL_NO_ML_KEM_768
774762
WOLFSSL_NO_OCSP_DATE_CHECK
775763
WOLFSSL_NO_OCSP_ISSUER_CHAIN_CHECK
776764
WOLFSSL_NO_OCSP_OPTIONAL_CERTS
@@ -833,8 +821,6 @@ WOLFSSL_SERVER_EXAMPLE
833821
WOLFSSL_SETTINGS_FILE
834822
WOLFSSL_SH224
835823
WOLFSSL_SHA256_ALT_CH_MAJ
836-
WOLFSSL_SHAKE128
837-
WOLFSSL_SHAKE256
838824
WOLFSSL_SHUTDOWNONCE
839825
WOLFSSL_SILABS_TRNG
840826
WOLFSSL_SM4_EBC
@@ -876,7 +862,6 @@ WOLFSSL_USE_FLASHMEM
876862
WOLFSSL_USE_OPTIONS_H
877863
WOLFSSL_USE_POPEN_HOST
878864
WOLFSSL_VALIDATE_DH_KEYGEN
879-
WOLFSSL_WC_MLKEM
880865
WOLFSSL_WC_XMSS_NO_SHA256
881866
WOLFSSL_WC_XMSS_NO_SHAKE256
882867
WOLFSSL_WICED_PSEUDO_UNIX_EPOCH_TIME

linuxkm/lkcapi_sha_glue.c

Lines changed: 52 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -414,7 +414,7 @@ WC_MAYBE_UNUSED static int sha3_test_once(void) {
414414
#define WC_LINUXKM_SHA_IMPLEMENT(name, digest_size, block_size, \
415415
this_cra_name, this_cra_driver_name, \
416416
init_f, update_f, final_f, \
417-
test_routine) \
417+
free_f, test_routine) \
418418
\
419419
\
420420
static int km_ ## name ## _init(struct shash_desc *desc) { \
@@ -436,15 +436,19 @@ static int km_ ## name ## _update(struct shash_desc *desc, const u8 *data, \
436436
\
437437
if (ret == 0) \
438438
return 0; \
439-
else \
439+
else { \
440+
free_f(&ctx-> name ## _state); \
440441
return -EINVAL; \
442+
} \
441443
} \
442444
\
443445
static int km_ ## name ## _final(struct shash_desc *desc, u8 *out) { \
444446
struct km_sha_state *ctx = (struct km_sha_state *)shash_desc_ctx(desc);\
445447
\
446448
int ret = final_f(&ctx-> name ## _state, out); \
447449
\
450+
free_f(&ctx-> name ## _state); \
451+
\
448452
if (ret == 0) \
449453
return 0; \
450454
else \
@@ -458,8 +462,10 @@ static int km_ ## name ## _finup(struct shash_desc *desc, const u8 *data, \
458462
\
459463
int ret = update_f(&ctx-> name ## _state, data, len); \
460464
\
461-
if (ret != 0) \
465+
if (ret != 0) { \
466+
free_f(&ctx-> name ## _state); \
462467
return -EINVAL; \
468+
} \
463469
\
464470
return km_ ## name ## _final(desc, out); \
465471
} \
@@ -510,7 +516,7 @@ struct wc_swallow_the_semicolon
510516
#define WC_LINUXKM_SHA3_IMPLEMENT(name, digest_size, block_size, \
511517
this_cra_name, this_cra_driver_name, \
512518
init_f, update_f, final_f, \
513-
test_routine) \
519+
free_f, test_routine) \
514520
\
515521
\
516522
static int km_ ## name ## _init(struct shash_desc *desc) { \
@@ -537,6 +543,7 @@ static int km_ ## name ## _update(struct shash_desc *desc, const u8 *data, \
537543
if (ret == 0) \
538544
return 0; \
539545
else { \
546+
free_f(ctx-> name ## _state); \
540547
km_sha3_free_tstate(ctx); \
541548
return -EINVAL; \
542549
} \
@@ -547,6 +554,7 @@ static int km_ ## name ## _final(struct shash_desc *desc, u8 *out) { \
547554
\
548555
int ret = final_f(ctx-> name ## _state, out); \
549556
\
557+
free_f(ctx-> name ## _state); \
550558
km_sha3_free_tstate(ctx); \
551559
if (ret == 0) \
552560
return 0; \
@@ -561,8 +569,10 @@ static int km_ ## name ## _finup(struct shash_desc *desc, const u8 *data, \
561569
\
562570
int ret = update_f(ctx-> name ## _state, data, len); \
563571
\
564-
if (ret != 0) \
572+
if (ret != 0) { \
573+
free_f(ctx-> name ## _state); \
565574
return -EINVAL; \
575+
} \
566576
\
567577
return km_ ## name ## _final(desc, out); \
568578
} \
@@ -613,63 +623,63 @@ struct wc_swallow_the_semicolon
613623
WC_LINUXKM_SHA_IMPLEMENT(sha1, WC_SHA_DIGEST_SIZE, WC_SHA_BLOCK_SIZE,
614624
WOLFKM_SHA1_NAME, WOLFKM_SHA1_DRIVER,
615625
wc_InitSha, wc_ShaUpdate, wc_ShaFinal,
616-
sha_test);
626+
wc_ShaFree, sha_test);
617627
#endif
618628

619629
#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_224
620630
WC_LINUXKM_SHA_IMPLEMENT(sha2_224, WC_SHA224_DIGEST_SIZE, WC_SHA224_BLOCK_SIZE,
621631
WOLFKM_SHA2_224_NAME, WOLFKM_SHA2_224_DRIVER,
622632
wc_InitSha224, wc_Sha224Update, wc_Sha224Final,
623-
sha224_test);
633+
wc_Sha224Free, sha224_test);
624634
#endif
625635

626636
#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_256
627637
WC_LINUXKM_SHA_IMPLEMENT(sha2_256, WC_SHA256_DIGEST_SIZE, WC_SHA256_BLOCK_SIZE,
628638
WOLFKM_SHA2_256_NAME, WOLFKM_SHA2_256_DRIVER,
629639
wc_InitSha256, wc_Sha256Update, wc_Sha256Final,
630-
sha256_test);
640+
wc_Sha256Free, sha256_test);
631641
#endif
632642

633643
#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_384
634644
WC_LINUXKM_SHA_IMPLEMENT(sha2_384, WC_SHA384_DIGEST_SIZE, WC_SHA384_BLOCK_SIZE,
635645
WOLFKM_SHA2_384_NAME, WOLFKM_SHA2_384_DRIVER,
636646
wc_InitSha384, wc_Sha384Update, wc_Sha384Final,
637-
sha384_test);
647+
wc_Sha384Free, sha384_test);
638648
#endif
639649

640650
#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_512
641651
WC_LINUXKM_SHA_IMPLEMENT(sha2_512, WC_SHA512_DIGEST_SIZE, WC_SHA512_BLOCK_SIZE,
642652
WOLFKM_SHA2_512_NAME, WOLFKM_SHA2_512_DRIVER,
643653
wc_InitSha512, wc_Sha512Update, wc_Sha512Final,
644-
sha512_test);
654+
wc_Sha512Free, sha512_test);
645655
#endif
646656

647657
#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_224
648658
WC_LINUXKM_SHA3_IMPLEMENT(sha3_224, WC_SHA3_224_DIGEST_SIZE, WC_SHA3_224_BLOCK_SIZE,
649659
WOLFKM_SHA3_224_NAME, WOLFKM_SHA3_224_DRIVER,
650660
wc_InitSha3_224, wc_Sha3_224_Update, wc_Sha3_224_Final,
651-
sha3_test_once);
661+
wc_Sha3_224_Free, sha3_test_once);
652662
#endif
653663

654664
#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_256
655665
WC_LINUXKM_SHA3_IMPLEMENT(sha3_256, WC_SHA3_256_DIGEST_SIZE, WC_SHA3_256_BLOCK_SIZE,
656666
WOLFKM_SHA3_256_NAME, WOLFKM_SHA3_256_DRIVER,
657667
wc_InitSha3_256, wc_Sha3_256_Update, wc_Sha3_256_Final,
658-
sha3_test_once);
668+
wc_Sha3_256_Free, sha3_test_once);
659669
#endif
660670

661671
#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_384
662672
WC_LINUXKM_SHA3_IMPLEMENT(sha3_384, WC_SHA3_384_DIGEST_SIZE, WC_SHA3_384_BLOCK_SIZE,
663673
WOLFKM_SHA3_384_NAME, WOLFKM_SHA3_384_DRIVER,
664674
wc_InitSha3_384, wc_Sha3_384_Update, wc_Sha3_384_Final,
665-
sha3_test_once);
675+
wc_Sha3_384_Free, sha3_test_once);
666676
#endif
667677

668678
#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_512
669679
WC_LINUXKM_SHA3_IMPLEMENT(sha3_512, WC_SHA3_512_DIGEST_SIZE, WC_SHA3_512_BLOCK_SIZE,
670680
WOLFKM_SHA3_512_NAME, WOLFKM_SHA3_512_DRIVER,
671681
wc_InitSha3_512, wc_Sha3_512_Update, wc_Sha3_512_Final,
672-
sha3_test_once);
682+
wc_Sha3_512_Free, sha3_test_once);
673683
#endif
674684

675685
struct km_sha_hmac_pstate {
@@ -700,6 +710,7 @@ WC_MAYBE_UNUSED static int linuxkm_hmac_setkey_common(struct crypto_shash *tfm,
700710
}
701711

702712
WC_MAYBE_UNUSED static void km_hmac_free_tstate(struct km_sha_hmac_state *t_ctx) {
713+
wc_HmacFree(t_ctx->wc_hmac);
703714
free(t_ctx->wc_hmac);
704715
t_ctx->wc_hmac = NULL;
705716
}
@@ -731,6 +742,33 @@ WC_MAYBE_UNUSED static int km_hmac_init(struct shash_desc *desc) {
731742

732743
XMEMCPY(t_ctx->wc_hmac, &p_ctx->wc_hmac, sizeof *t_ctx->wc_hmac);
733744

745+
#ifdef WOLFSSL_SMALL_STACK_CACHE
746+
/* The cached W buffer from the persistent ctx can't be used because it
747+
* would be double-freed, first by km_hmac_free_tstate(), then by
748+
* km_hmac_exit_tfm().
749+
*/
750+
switch (t_ctx->wc_hmac->macType) {
751+
752+
#ifndef NO_SHA256
753+
case WC_SHA256:
754+
#ifdef WOLFSSL_SHA224
755+
case WC_SHA224:
756+
#endif
757+
t_ctx->wc_hmac->hash.sha256.W = NULL;
758+
break;
759+
#endif /* WOLFSSL_SHA256 */
760+
761+
#ifdef WOLFSSL_SHA512
762+
case WC_SHA512:
763+
#ifdef WOLFSSL_SHA384
764+
case WC_SHA384:
765+
#endif
766+
t_ctx->wc_hmac->hash.sha512.W = NULL;
767+
break;
768+
#endif /* WOLFSSL_SHA512 */
769+
}
770+
#endif /* WOLFSSL_SMALL_STACK_CACHE */
771+
734772
return 0;
735773
}
736774

wolfssl/wolfcrypt/integer.h

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -205,7 +205,12 @@ typedef int mp_err;
205205
#define NEW_MP_INT_SIZE(name, bits, heap, type) \
206206
XMEMSET(name, 0, sizeof(mp_int))
207207
/* Dispose of static mp_int. */
208-
#define FREE_MP_INT_SIZE(name, heap, type) WC_DO_NOTHING
208+
#define FREE_MP_INT_SIZE(name, heap, type) \
209+
do { \
210+
if ((name) != NULL) { \
211+
mp_free(name); \
212+
} \
213+
} while (0)
209214
/* Initialize an mp_int. */
210215
#define INIT_MP_INT_SIZE(name, bits) \
211216
mp_init(name)

0 commit comments

Comments
 (0)