Skip to content

Commit caf9201

Browse files
douzzerdouzzer
authored
Merge pull request #8051 from cconlon/eccOidCacheLock
Add lock around static ECC ecc_oid_cache
2 parents dfd8ead + 7b805d7 commit caf9201

3 files changed

Lines changed: 68 additions & 5 deletions

File tree

wolfcrypt/src/ecc.c

Lines changed: 52 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1426,7 +1426,13 @@ size_t wc_ecc_get_sets_count(void) {
14261426
byte oid[ECC_MAX_OID_LEN];
14271427
} oid_cache_t;
14281428
static oid_cache_t ecc_oid_cache[ECC_SET_COUNT];
1429+
1430+
static wolfSSL_Mutex ecc_oid_cache_lock
1431+
WOLFSSL_MUTEX_INITIALIZER_CLAUSE(ecc_oid_cache_lock);
1432+
#ifndef WOLFSSL_MUTEX_INITIALIZER
1433+
static volatile int eccOidLockInit = 0;
14291434
#endif
1435+
#endif /* HAVE_OID_ENCODING */
14301436

14311437
/* Forward declarations */
14321438
#if defined(HAVE_COMP_KEY) && defined(HAVE_ECC_KEY_EXPORT)
@@ -15429,22 +15435,57 @@ static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen
1542915435
#endif /* HAVE_ECC_KEY_EXPORT */
1543015436
#endif /* HAVE_COMP_KEY */
1543115437

15438+
#ifdef HAVE_OID_ENCODING
15439+
int wc_ecc_oid_cache_init(void)
15440+
{
15441+
int ret = 0;
15442+
#if !defined(SINGLE_THREADED) && !defined(WOLFSSL_MUTEX_INITIALIZER)
15443+
ret = wc_InitMutex(&ecc_oid_cache_lock);
15444+
#endif
15445+
return ret;
15446+
}
15447+
15448+
void wc_ecc_oid_cache_free(void)
15449+
{
15450+
#if !defined(SINGLE_THREADED) && !defined(WOLFSSL_MUTEX_INITIALIZER)
15451+
wc_FreeMutex(&ecc_oid_cache_lock);
15452+
#endif
15453+
}
15454+
#endif /* HAVE_OID_ENCODING */
1543215455

1543315456
int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz)
1543415457
{
1543515458
int x;
15459+
int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
15460+
#ifdef HAVE_OID_ENCODING
15461+
oid_cache_t* o = NULL;
15462+
#endif
1543615463

1543715464
if (oidSum == 0) {
1543815465
return BAD_FUNC_ARG;
1543915466
}
1544015467

15468+
#ifdef HAVE_OID_ENCODING
15469+
#ifndef WOLFSSL_MUTEX_INITIALIZER
15470+
/* extra sanity check if wolfCrypt_Init not called */
15471+
if (eccOidLockInit == 0) {
15472+
wc_InitMutex(&ecc_oid_cache_lock);
15473+
eccOidLockInit = 1;
15474+
}
15475+
#endif
15476+
15477+
if (wc_LockMutex(&ecc_oid_cache_lock) != 0) {
15478+
return BAD_MUTEX_E;
15479+
}
15480+
#endif
15481+
1544115482
/* find matching OID sum (based on encoded value) */
1544215483
for (x = 0; ecc_sets[x].size != 0; x++) {
1544315484
if (ecc_sets[x].oidSum == oidSum) {
1544415485
#ifdef HAVE_OID_ENCODING
15445-
int ret = 0;
1544615486
/* check cache */
15447-
oid_cache_t* o = &ecc_oid_cache[x];
15487+
ret = 0;
15488+
o = &ecc_oid_cache[x];
1544815489
if (o->oidSz == 0) {
1544915490
o->oidSz = sizeof(o->oid);
1545015491
ret = EncodeObjectId(ecc_sets[x].oid, ecc_sets[x].oidSz,
@@ -15456,24 +15497,30 @@ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz)
1545615497
if (oid) {
1545715498
*oid = o->oid;
1545815499
}
15500+
1545915501
/* on success return curve id */
1546015502
if (ret == 0) {
1546115503
ret = ecc_sets[x].id;
1546215504
}
15463-
return ret;
15505+
break;
1546415506
#else
1546515507
if (oidSz) {
1546615508
*oidSz = ecc_sets[x].oidSz;
1546715509
}
1546815510
if (oid) {
1546915511
*oid = ecc_sets[x].oid;
1547015512
}
15471-
return ecc_sets[x].id;
15513+
ret = ecc_sets[x].id;
15514+
break;
1547215515
#endif
1547315516
}
1547415517
}
1547515518

15476-
return NOT_COMPILED_IN;
15519+
#ifdef HAVE_OID_ENCODING
15520+
wc_UnLockMutex(&ecc_oid_cache_lock);
15521+
#endif
15522+
15523+
return ret;
1547715524
}
1547815525

1547915526
#ifdef WOLFSSL_CUSTOM_CURVES

wolfcrypt/src/wc_port.c

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -365,6 +365,13 @@ int wolfCrypt_Init(void)
365365
return ret;
366366
}
367367
#endif
368+
#if defined(HAVE_OID_ENCODING) && (!defined(HAVE_FIPS) || \
369+
(defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0)))
370+
if ((ret = wc_ecc_oid_cache_init()) != 0) {
371+
WOLFSSL_MSG("Error creating ECC oid cache");
372+
return ret;
373+
}
374+
#endif
368375
#endif
369376

370377
#ifdef WOLFSSL_SCE
@@ -456,6 +463,10 @@ int wolfCrypt_Cleanup(void)
456463
#ifdef ECC_CACHE_CURVE
457464
wc_ecc_curve_cache_free();
458465
#endif
466+
#if defined(HAVE_OID_ENCODING) && (!defined(HAVE_FIPS) || \
467+
(defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0)))
468+
wc_ecc_oid_cache_free();
469+
#endif
459470
#endif /* HAVE_ECC */
460471

461472
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)

wolfssl/wolfcrypt/ecc.h

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1027,6 +1027,11 @@ WOLFSSL_API int wc_ecc_curve_cache_init(void);
10271027
WOLFSSL_API void wc_ecc_curve_cache_free(void);
10281028
#endif
10291029

1030+
#ifdef HAVE_OID_ENCODING
1031+
WOLFSSL_LOCAL int wc_ecc_oid_cache_init(void);
1032+
WOLFSSL_LOCAL void wc_ecc_oid_cache_free(void);
1033+
#endif
1034+
10301035
WOLFSSL_API
10311036
int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order);
10321037

0 commit comments

Comments
 (0)