Skip to content

Commit bf1013b

Browse files
night1ridernight1rider
committed
Address feedback from Fenrir
1 parent 642a65a commit bf1013b

3 files changed

Lines changed: 611 additions & 416 deletions

File tree

wolfcrypt/src/asn.c

Lines changed: 60 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -8336,6 +8336,8 @@ int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
83368336
wc_RsaEncryptSize(tmpKey), NULL, 0, 0);
83378337
}
83388338

8339+
/* wc_FreeRsaKey calls mp_forcezero on all private key components,
8340+
* so no separate ForceZero of the struct is needed here. */
83398341
wc_FreeRsaKey(tmpKey);
83408342
WC_FREE_VAR(tmpKey, key->heap);
83418343

@@ -36543,6 +36545,59 @@ int wc_Asn1_PrintAll(Asn1* asn1, Asn1PrintOptions* opts, unsigned char* data,
3654336545

3654436546
/* Functions that parse, but are not using ASN.1 */
3654536547
#if !defined(NO_RSA) && (!defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH))
36548+
/* Software-only import of RSA public key elements (n, e) into RsaKey.
36549+
* This internal helper avoids recursion when called from the SETKEY path. */
36550+
static int _RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
36551+
word32 eSz, RsaKey* key)
36552+
{
36553+
if (n == NULL || e == NULL || key == NULL) {
36554+
return BAD_FUNC_ARG;
36555+
}
36556+
36557+
key->type = RSA_PUBLIC;
36558+
36559+
if (mp_init(&key->n) != MP_OKAY) {
36560+
return MP_INIT_E;
36561+
}
36562+
36563+
if (mp_read_unsigned_bin(&key->n, n, nSz) != 0) {
36564+
mp_clear(&key->n);
36565+
return ASN_GETINT_E;
36566+
}
36567+
#ifdef HAVE_WOLF_BIGINT
36568+
if ((int)nSz > 0 && wc_bigint_from_unsigned_bin(&key->n.raw, n, nSz) != 0) {
36569+
mp_clear(&key->n);
36570+
return ASN_GETINT_E;
36571+
}
36572+
#endif /* HAVE_WOLF_BIGINT */
36573+
36574+
if (mp_init(&key->e) != MP_OKAY) {
36575+
mp_clear(&key->n);
36576+
return MP_INIT_E;
36577+
}
36578+
36579+
if (mp_read_unsigned_bin(&key->e, e, eSz) != 0) {
36580+
mp_clear(&key->n);
36581+
mp_clear(&key->e);
36582+
return ASN_GETINT_E;
36583+
}
36584+
#ifdef HAVE_WOLF_BIGINT
36585+
if ((int)eSz > 0 && wc_bigint_from_unsigned_bin(&key->e.raw, e, eSz) != 0) {
36586+
mp_clear(&key->n);
36587+
mp_clear(&key->e);
36588+
return ASN_GETINT_E;
36589+
}
36590+
#endif /* HAVE_WOLF_BIGINT */
36591+
36592+
#ifdef WOLFSSL_XILINX_CRYPT
36593+
if (wc_InitRsaHw(key) != 0) {
36594+
return BAD_STATE_E;
36595+
}
36596+
#endif
36597+
36598+
return 0;
36599+
}
36600+
3654636601
/* import RSA public key elements (n, e) into RsaKey structure (key) */
3654736602
/* this function does not use any ASN.1 parsing */
3654836603
int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
@@ -36554,8 +36609,9 @@ int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
3655436609
WC_DECLARE_VAR(tmpKey, RsaKey, 1, NULL);
3655536610
#endif
3655636611

36557-
if (n == NULL || e == NULL || key == NULL)
36612+
if (n == NULL || e == NULL || key == NULL) {
3655836613
return BAD_FUNC_ARG;
36614+
}
3655936615

3656036616
#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_SETKEY)
3656136617
#ifndef WOLF_CRYPTO_CB_FIND
@@ -36575,8 +36631,8 @@ int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
3657536631
return tmpErr;
3657636632
}
3657736633

36578-
/* Recursive call imports n, e into temp via software */
36579-
tmpErr = wc_RsaPublicKeyDecodeRaw(n, nSz, e, eSz, tmpKey);
36634+
/* Import into temp via software helper (no callback recursion) */
36635+
tmpErr = _RsaPublicKeyDecodeRaw(n, nSz, e, eSz, tmpKey);
3658036636
if (tmpErr == 0) {
3658136637
cbRet = wc_CryptoCb_SetKey(key->devId,
3658236638
WC_SETKEY_RSA_PUB, key, tmpKey,
@@ -36596,47 +36652,7 @@ int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
3659636652
}
3659736653
#endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_SETKEY */
3659836654

36599-
key->type = RSA_PUBLIC;
36600-
36601-
if (mp_init(&key->n) != MP_OKAY)
36602-
return MP_INIT_E;
36603-
36604-
if (mp_read_unsigned_bin(&key->n, n, nSz) != 0) {
36605-
mp_clear(&key->n);
36606-
return ASN_GETINT_E;
36607-
}
36608-
#ifdef HAVE_WOLF_BIGINT
36609-
if ((int)nSz > 0 && wc_bigint_from_unsigned_bin(&key->n.raw, n, nSz) != 0) {
36610-
mp_clear(&key->n);
36611-
return ASN_GETINT_E;
36612-
}
36613-
#endif /* HAVE_WOLF_BIGINT */
36614-
36615-
if (mp_init(&key->e) != MP_OKAY) {
36616-
mp_clear(&key->n);
36617-
return MP_INIT_E;
36618-
}
36619-
36620-
if (mp_read_unsigned_bin(&key->e, e, eSz) != 0) {
36621-
mp_clear(&key->n);
36622-
mp_clear(&key->e);
36623-
return ASN_GETINT_E;
36624-
}
36625-
#ifdef HAVE_WOLF_BIGINT
36626-
if ((int)eSz > 0 && wc_bigint_from_unsigned_bin(&key->e.raw, e, eSz) != 0) {
36627-
mp_clear(&key->n);
36628-
mp_clear(&key->e);
36629-
return ASN_GETINT_E;
36630-
}
36631-
#endif /* HAVE_WOLF_BIGINT */
36632-
36633-
#ifdef WOLFSSL_XILINX_CRYPT
36634-
if (wc_InitRsaHw(key) != 0) {
36635-
return BAD_STATE_E;
36636-
}
36637-
#endif
36638-
36639-
return 0;
36655+
return _RsaPublicKeyDecodeRaw(n, nSz, e, eSz, key);
3664036656
}
3664136657
#endif /* !NO_RSA && (!NO_BIG_INT || WOLFSSL_SP_MATH) */
3664236658

0 commit comments

Comments
 (0)