Skip to content

Commit a6e9bd7

Browse files
douzzerdouzzer
authored
Merge pull request #8803 from dgarske/csr_nomalloc
Refactor to support CSR generation and signing with `WOLFSSL_NO_MALLOC`
2 parents 316681b + 165f868 commit a6e9bd7

5 files changed

Lines changed: 172 additions & 117 deletions

File tree

wolfcrypt/src/asn.c

Lines changed: 20 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27751,13 +27751,13 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
2775127751
int ret = 0, i;
2775227752
int mpSz;
2775327753
word32 seqSz = 0, verSz = 0, intTotalLen = 0, outLen = 0;
27754-
word32 sizes[RSA_INTS];
2775527754
byte seq[MAX_SEQ_SZ];
2775627755
byte ver[MAX_VERSION_SZ];
2775727756
mp_int* keyInt;
2775827757
#ifndef WOLFSSL_NO_MALLOC
2775927758
word32 rawLen;
2776027759
byte* tmps[RSA_INTS];
27760+
word32 sizes[RSA_INTS];
2776127761
#endif
2776227762

2776327763
if (key == NULL)
@@ -27797,7 +27797,9 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
2779727797
ret = mpSz;
2779827798
break;
2779927799
}
27800+
#ifndef WOLFSSL_NO_MALLOC
2780027801
sizes[i] = (word32)mpSz;
27802+
#endif
2780127803
intTotalLen += (word32)mpSz;
2780227804
}
2780327805

@@ -31430,11 +31432,13 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
3143031432
case CERTSIGN_STATE_DIGEST:
3143131433

3143231434
certSignCtx->state = CERTSIGN_STATE_DIGEST;
31435+
#ifndef WOLFSSL_NO_MALLOC
3143331436
certSignCtx->digest = (byte*)XMALLOC(WC_MAX_DIGEST_SIZE, heap,
3143431437
DYNAMIC_TYPE_TMP_BUFFER);
3143531438
if (certSignCtx->digest == NULL) {
3143631439
ret = MEMORY_E; goto exit_ms;
3143731440
}
31441+
#endif
3143831442

3143931443
ret = HashForSignature(buf, sz, sigAlgoType, certSignCtx->digest,
3144031444
&typeH, &digestSz, 0);
@@ -31448,11 +31452,13 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
3144831452
case CERTSIGN_STATE_ENCODE:
3144931453
#ifndef NO_RSA
3145031454
if (rsaKey) {
31455+
#ifndef WOLFSSL_NO_MALLOC
3145131456
certSignCtx->encSig = (byte*)XMALLOC(MAX_DER_DIGEST_SZ, heap,
3145231457
DYNAMIC_TYPE_TMP_BUFFER);
3145331458
if (certSignCtx->encSig == NULL) {
3145431459
ret = MEMORY_E; goto exit_ms;
3145531460
}
31461+
#endif
3145631462

3145731463
/* signature */
3145831464
certSignCtx->encSigSz = (int)wc_EncodeSignature(certSignCtx->encSig,
@@ -31560,14 +31566,17 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
3156031566
}
3156131567
#endif
3156231568

31569+
#ifndef WOLFSSL_NO_MALLOC
3156331570
#ifndef NO_RSA
3156431571
if (rsaKey) {
3156531572
XFREE(certSignCtx->encSig, heap, DYNAMIC_TYPE_TMP_BUFFER);
31573+
certSignCtx->encSig = NULL;
3156631574
}
3156731575
#endif /* !NO_RSA */
3156831576

3156931577
XFREE(certSignCtx->digest, heap, DYNAMIC_TYPE_TMP_BUFFER);
3157031578
certSignCtx->digest = NULL;
31579+
#endif /* !WOLFSSL_NO_MALLOC */
3157131580

3157231581
/* reset state */
3157331582
certSignCtx->state = CERTSIGN_STATE_BEGIN;
@@ -33334,12 +33343,14 @@ static int SignCert(int requestSz, int sType, byte* buf, word32 buffSz,
3333433343
#endif /* HAVE_ECC */
3333533344
}
3333633345

33346+
#ifndef WOLFSSL_NO_MALLOC
3333733347
if (certSignCtx->sig == NULL) {
3333833348
certSignCtx->sig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, heap,
3333933349
DYNAMIC_TYPE_TMP_BUFFER);
3334033350
if (certSignCtx->sig == NULL)
3334133351
return MEMORY_E;
3334233352
}
33353+
#endif
3334333354

3334433355
sigSz = MakeSignature(certSignCtx, buf, (word32)requestSz, certSignCtx->sig,
3334533356
MAX_ENCODED_SIG_SZ, rsaKey, eccKey, ed25519Key, ed448Key,
@@ -33360,8 +33371,10 @@ static int SignCert(int requestSz, int sType, byte* buf, word32 buffSz,
3336033371
sType);
3336133372
}
3336233373

33374+
#ifndef WOLFSSL_NO_MALLOC
3336333375
XFREE(certSignCtx->sig, heap, DYNAMIC_TYPE_TMP_BUFFER);
3336433376
certSignCtx->sig = NULL;
33377+
#endif
3336533378

3336633379
return sigSz;
3336733380
}
@@ -33468,12 +33481,14 @@ int wc_MakeSigWithBitStr(byte *sig, int sigSz, int sType, byte* buf,
3346833481
#endif /* HAVE_ECC */
3346933482
}
3347033483

33484+
#ifndef WOLFSSL_NO_MALLOC
3347133485
if (certSignCtx->sig == NULL) {
3347233486
certSignCtx->sig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, heap,
3347333487
DYNAMIC_TYPE_TMP_BUFFER);
3347433488
if (certSignCtx->sig == NULL)
3347533489
return MEMORY_E;
3347633490
}
33491+
#endif
3347733492

3347833493
ret = MakeSignature(certSignCtx, buf, (word32)bufSz, certSignCtx->sig,
3347933494
MAX_ENCODED_SIG_SZ, rsaKey, eccKey, ed25519Key, ed448Key,
@@ -33487,8 +33502,10 @@ int wc_MakeSigWithBitStr(byte *sig, int sigSz, int sType, byte* buf,
3348733502
#endif
3348833503

3348933504
if (ret <= 0) {
33505+
#ifndef WOLFSSL_NO_MALLOC
3349033506
XFREE(certSignCtx->sig, heap, DYNAMIC_TYPE_TMP_BUFFER);
3349133507
certSignCtx->sig = NULL;
33508+
#endif
3349233509
return ret;
3349333510
}
3349433511

@@ -33503,8 +33520,10 @@ int wc_MakeSigWithBitStr(byte *sig, int sigSz, int sType, byte* buf,
3350333520
ret += headerSz;
3350433521
}
3350533522

33523+
#ifndef WOLFSSL_NO_MALLOC
3350633524
XFREE(certSignCtx->sig, heap, DYNAMIC_TYPE_TMP_BUFFER);
3350733525
certSignCtx->sig = NULL;
33526+
#endif
3350833527
return ret;
3350933528
}
3351033529
#endif /* WOLFSSL_DUAL_ALG_CERTS */

wolfcrypt/src/dsa.c

Lines changed: 27 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -141,12 +141,13 @@ static int CheckDsaLN(int modLen, int divLen)
141141
* return 0 on success, negative on error */
142142
int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa)
143143
{
144-
byte* cBuf;
145144
int qSz, pSz, cSz, err;
146-
#ifdef WOLFSSL_SMALL_STACK
145+
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
147146
mp_int *tmpQ = NULL;
147+
byte* cBuf = NULL;
148148
#else
149149
mp_int tmpQ[1];
150+
byte cBuf[(3072+64)/WOLFSSL_BIT_SIZE ];
150151
#endif
151152

152153
if (rng == NULL || dsa == NULL)
@@ -161,15 +162,22 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa)
161162

162163
/* generate extra 64 bits so that bias from mod function is negligible */
163164
cSz = qSz + (64 / WOLFSSL_BIT_SIZE);
165+
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
164166
cBuf = (byte*)XMALLOC((size_t)cSz, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
165167
if (cBuf == NULL) {
166168
return MEMORY_E;
167169
}
170+
#else
171+
if (sizeof(cBuf) < (size_t)cSz) {
172+
return BUFFER_E;
173+
}
174+
#endif
168175

169176
SAVE_VECTOR_REGISTERS(;);
170177

171-
#ifdef WOLFSSL_SMALL_STACK
172-
if ((tmpQ = (mp_int *)XMALLOC(sizeof(*tmpQ), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL)
178+
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
179+
if ((tmpQ = (mp_int *)XMALLOC(sizeof(*tmpQ), NULL,
180+
DYNAMIC_TYPE_WOLF_BIGINT)) == NULL)
173181
err = MEMORY_E;
174182
else
175183
err = MP_OKAY;
@@ -223,9 +231,8 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa)
223231
mp_clear(&dsa->y);
224232
}
225233

234+
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
226235
XFREE(cBuf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
227-
228-
#ifdef WOLFSSL_SMALL_STACK
229236
if (tmpQ != NULL) {
230237
mp_clear(tmpQ);
231238
XFREE(tmpQ, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -239,19 +246,20 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa)
239246
return err;
240247
}
241248

242-
243249
/* modulus_size in bits */
244250
int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa)
245251
{
246-
#ifdef WOLFSSL_SMALL_STACK
252+
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
247253
mp_int *tmp = NULL, *tmp2 = NULL;
254+
unsigned char *buf = NULL;
248255
#else
249256
mp_int tmp[1], tmp2[1];
257+
unsigned char buf[(3072/WOLFSSL_BIT_SIZE)-32];
250258
#endif
251259
int err, msize, qsize,
252260
loop_check_prime = 0,
253261
check_prime = MP_NO;
254-
unsigned char *buf;
262+
255263

256264
if (rng == NULL || dsa == NULL)
257265
return BAD_FUNC_ARG;
@@ -278,17 +286,25 @@ int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa)
278286
/* modulus size in bytes */
279287
msize = modulus_size / WOLFSSL_BIT_SIZE;
280288

289+
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
281290
/* allocate ram */
282291
buf = (unsigned char *)XMALLOC((size_t)(msize - qsize),
283292
dsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
284293
if (buf == NULL) {
285294
return MEMORY_E;
286295
}
296+
#else
297+
if (sizeof(buf) < (size_t)(msize - qsize)) {
298+
return BUFFER_E;
299+
}
300+
#endif
287301

288302
/* make a random string that will be multiplied against q */
289303
err = wc_RNG_GenerateBlock(rng, buf, (word32)(msize - qsize));
290304
if (err != MP_OKAY) {
305+
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
291306
XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
307+
#endif
292308
return err;
293309
}
294310

@@ -298,7 +314,7 @@ int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa)
298314
/* force even */
299315
buf[msize - qsize - 1] &= (unsigned char)~1;
300316

301-
#ifdef WOLFSSL_SMALL_STACK
317+
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
302318
if (((tmp = (mp_int *)XMALLOC(sizeof(*tmp), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL) ||
303319
((tmp2 = (mp_int *)XMALLOC(sizeof(*tmp2), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL))
304320
err = MEMORY_E;
@@ -380,9 +396,8 @@ int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa)
380396
#endif
381397
}
382398

399+
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
383400
XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
384-
385-
#ifdef WOLFSSL_SMALL_STACK
386401
if (tmp != NULL) {
387402
mp_clear(tmp);
388403
XFREE(tmp, NULL, DYNAMIC_TYPE_WOLF_BIGINT);

0 commit comments

Comments
 (0)