From 7d58dc5678d76296fb81ed7db911376dd0323b9d Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Thu, 30 Jun 2022 21:18:08 +1000 Subject: [PATCH] TLS memusage: reduce usage Reduce the amount allocated to reduce maximum overall dynamic memory usage. Rework ServerKeyExchange by extracting the handling of the signed data. --- src/internal.c | 247 +++++++++++++++++------------------------ wolfcrypt/src/asn.c | 4 +- wolfcrypt/src/rsa.c | 4 + wolfcrypt/src/sp_int.c | 98 +++++++++++----- wolfssl/internal.h | 42 +++++-- 5 files changed, 208 insertions(+), 187 deletions(-) diff --git a/src/internal.c b/src/internal.c index afc634272..80cb8ade9 100644 --- a/src/internal.c +++ b/src/internal.c @@ -24208,6 +24208,66 @@ exit_dpk: } #endif /* WOLFSSL_TLS13 */ +#ifndef WOLFSSL_NO_TLS12 +#if (!defined(NO_WOLFSSL_CLIENT) && (!defined(NO_DH) || defined(HAVE_ECC) || \ + defined(HAVE_CURVE25519) || defined(HAVE_CURVE448))) || \ + (!defined(NO_WOLFSSL_SERVER) && (defined(HAVE_ECC) || \ + ((defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) && \ + (defined(HAVE_ED25519) || defined(HAVE_ED448) || !defined(NO_RSA)))) || \ + (!defined(NO_DH) && (!defined(NO_RSA) || defined(HAVE_ANON)))) +static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, + const byte* data, int sz, byte sigAlgo) +{ + int ret = 0; + int digest_sz = wc_HashGetDigestSize(hashType); + + if (digest_sz <= 0) { + ret = BUFFER_ERROR; + } + + if (ret == 0) { + /* buffer for signature */ + ssl->buffers.sig.buffer = (byte*)XMALLOC(SEED_LEN + sz, ssl->heap, + DYNAMIC_TYPE_SIGNATURE); + if (ssl->buffers.sig.buffer == NULL) { + ret = MEMORY_E; + } + } + if (ret == 0) { + ssl->buffers.sig.length = SEED_LEN + sz; + + /* build message to hash */ + XMEMCPY(ssl->buffers.sig.buffer, ssl->arrays->clientRandom, RAN_LEN); + XMEMCPY(&ssl->buffers.sig.buffer[RAN_LEN], ssl->arrays->serverRandom, + RAN_LEN); + /* message */ + XMEMCPY(&ssl->buffers.sig.buffer[RAN_LEN * 2], data, sz); + } + if (ret == 0 && sigAlgo != ed25519_sa_algo && sigAlgo != ed448_sa_algo) { + ssl->buffers.digest.length = (unsigned int)digest_sz; + + /* buffer for hash */ + ssl->buffers.digest.buffer = (byte*)XMALLOC(ssl->buffers.digest.length, + ssl->heap, DYNAMIC_TYPE_DIGEST); + if (ssl->buffers.digest.buffer == NULL) { + ret = MEMORY_E; + } + } + if (ret == 0 && sigAlgo != ed25519_sa_algo && sigAlgo != ed448_sa_algo) { + /* Perform hash. Only wc_Hash supports MD5_SHA1. */ + ret = wc_Hash(hashType, ssl->buffers.sig.buffer, + ssl->buffers.sig.length, + ssl->buffers.digest.buffer, + ssl->buffers.digest.length); + XFREE(ssl->buffers.sig.buffer, ssl->heap, DYNAMIC_TYPE_SIGNATURE); + ssl->buffers.sig.buffer = NULL; + } + + return ret; +} +#endif +#endif /* !WOLFSSL_NO_TLS12 */ + /* client only parts */ #ifndef NO_WOLFSSL_CLIENT @@ -26116,45 +26176,10 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, ERROR_OUT(BUFFER_ERROR, exit_dske); } - /* buffer for signature */ - ssl->buffers.sig.buffer = (byte*)XMALLOC(SEED_LEN + verifySz, - ssl->heap, DYNAMIC_TYPE_SIGNATURE); - if (ssl->buffers.sig.buffer == NULL) { - ERROR_OUT(MEMORY_E, exit_dske); - } - ssl->buffers.sig.length = SEED_LEN + verifySz; - - /* build message to hash */ - XMEMCPY(ssl->buffers.sig.buffer, - ssl->arrays->clientRandom, RAN_LEN); - XMEMCPY(&ssl->buffers.sig.buffer[RAN_LEN], - ssl->arrays->serverRandom, RAN_LEN); - XMEMCPY(&ssl->buffers.sig.buffer[RAN_LEN * 2], - input + args->begin, verifySz); /* message */ - - if (args->sigAlgo != ed25519_sa_algo) { - int digest_sz = wc_HashGetDigestSize(hashType); - if (digest_sz <= 0) { - ERROR_OUT(BUFFER_ERROR, exit_dske); - } - ssl->buffers.digest.length = (unsigned int)digest_sz; - - /* buffer for hash */ - ssl->buffers.digest.buffer = (byte*)XMALLOC( - ssl->buffers.digest.length, ssl->heap, - DYNAMIC_TYPE_DIGEST); - if (ssl->buffers.digest.buffer == NULL) { - ERROR_OUT(MEMORY_E, exit_dske); - } - - /* Perform hash */ - ret = wc_Hash(hashType, ssl->buffers.sig.buffer, - ssl->buffers.sig.length, - ssl->buffers.digest.buffer, - ssl->buffers.digest.length); - if (ret != 0) { - goto exit_dske; - } + ret = HashSkeData(ssl, hashType, input + args->begin, + verifySz, args->sigAlgo); + if (ret != 0) { + goto exit_dske; } switch (args->sigAlgo) @@ -28809,10 +28834,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, typedef struct SskeArgs { byte* output; /* not allocated */ - #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \ - !defined(NO_RSA) - byte* sigDataBuf; - #endif #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) byte* exportBuf; #endif @@ -28847,13 +28868,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, args->exportBuf = NULL; } #endif - #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \ - (!defined(NO_DH) && !defined(NO_RSA)) - if (args->sigDataBuf) { - XFREE(args->sigDataBuf, ssl->heap, DYNAMIC_TYPE_SIGNATURE); - args->sigDataBuf = NULL; - } - #endif #ifndef NO_RSA if (args->verifySig) { XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE); @@ -29714,42 +29728,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #endif - /* Assemble buffer to hash for signature */ - args->sigDataSz = RAN_LEN + RAN_LEN + preSigSz; - args->sigDataBuf = (byte*)XMALLOC(args->sigDataSz, - ssl->heap, DYNAMIC_TYPE_SIGNATURE); - if (args->sigDataBuf == NULL) { - ERROR_OUT(MEMORY_E, exit_sske); - } - XMEMCPY(args->sigDataBuf, ssl->arrays->clientRandom, - RAN_LEN); - XMEMCPY(args->sigDataBuf+RAN_LEN, - ssl->arrays->serverRandom, RAN_LEN); - XMEMCPY(args->sigDataBuf+RAN_LEN+RAN_LEN, - args->output + preSigIdx, preSigSz); - - if (ssl->suites->sigAlgo != ed25519_sa_algo && - ssl->suites->sigAlgo != ed448_sa_algo) { - ssl->buffers.sig.length = - wc_HashGetDigestSize(hashType); - if ((int)ssl->buffers.sig.length < 0) { - ERROR_OUT(HASH_TYPE_E, exit_sske); - } - ssl->buffers.sig.buffer = (byte*)XMALLOC( - ssl->buffers.sig.length, - ssl->heap, DYNAMIC_TYPE_SIGNATURE); - if (ssl->buffers.sig.buffer == NULL) { - ERROR_OUT(MEMORY_E, exit_sske); - } - - /* Perform hash */ - ret = wc_Hash(hashType, args->sigDataBuf, - args->sigDataSz, - ssl->buffers.sig.buffer, - ssl->buffers.sig.length); - if (ret != 0) { - goto exit_sske; - } + ret = HashSkeData(ssl, hashType, + args->output + preSigIdx, preSigSz, + ssl->suites->sigAlgo); + if (ret != 0) { + goto exit_sske; } args->sigSz = args->tmpSigSz; @@ -29764,21 +29747,21 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (IsAtLeastTLSv1_2(ssl)) { byte* encodedSig = (byte*)XMALLOC( MAX_ENCODED_SIG_SZ, ssl->heap, - DYNAMIC_TYPE_SIGNATURE); + DYNAMIC_TYPE_DIGEST); if (encodedSig == NULL) { ERROR_OUT(MEMORY_E, exit_sske); } - ssl->buffers.sig.length = + ssl->buffers.digest.length = wc_EncodeSignature(encodedSig, - ssl->buffers.sig.buffer, - ssl->buffers.sig.length, + ssl->buffers.digest.buffer, + ssl->buffers.digest.length, TypeHash(ssl->suites->hashAlgo)); /* Replace sig buffer with new one */ - XFREE(ssl->buffers.sig.buffer, ssl->heap, - DYNAMIC_TYPE_SIGNATURE); - ssl->buffers.sig.buffer = encodedSig; + XFREE(ssl->buffers.digest.buffer, ssl->heap, + DYNAMIC_TYPE_DIGEST); + ssl->buffers.digest.buffer = encodedSig; } /* write sig size here */ @@ -29963,39 +29946,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, c16toa((word16)args->tmpSigSz, args->output + args->idx); args->idx += LENGTH_SZ; - /* Assemble buffer to hash for signature */ - args->sigDataSz = RAN_LEN + RAN_LEN + preSigSz; - args->sigDataBuf = (byte*)XMALLOC(args->sigDataSz, - ssl->heap, DYNAMIC_TYPE_SIGNATURE); - if (args->sigDataBuf == NULL) { - ERROR_OUT(MEMORY_E, exit_sske); - } - XMEMCPY(args->sigDataBuf, ssl->arrays->clientRandom, - RAN_LEN); - XMEMCPY(args->sigDataBuf+RAN_LEN, - ssl->arrays->serverRandom, RAN_LEN); - XMEMCPY(args->sigDataBuf+RAN_LEN+RAN_LEN, - args->output + preSigIdx, preSigSz); - - if (ssl->suites->sigAlgo != ed25519_sa_algo && - ssl->suites->sigAlgo != ed448_sa_algo) { - ssl->buffers.sig.length = - wc_HashGetDigestSize(hashType); - ssl->buffers.sig.buffer = (byte*)XMALLOC( - ssl->buffers.sig.length, ssl->heap, - DYNAMIC_TYPE_SIGNATURE); - if (ssl->buffers.sig.buffer == NULL) { - ERROR_OUT(MEMORY_E, exit_sske); - } - - /* Perform hash */ - ret = wc_Hash(hashType, args->sigDataBuf, - args->sigDataSz, - ssl->buffers.sig.buffer, - ssl->buffers.sig.length); - if (ret != 0) { - goto exit_sske; - } + ret = HashSkeData(ssl, hashType, + args->output + preSigIdx, preSigSz, + ssl->suites->sigAlgo); + if (ret != 0) { + goto exit_sske; } args->sigSz = args->tmpSigSz; @@ -30010,21 +29965,21 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (IsAtLeastTLSv1_2(ssl)) { byte* encodedSig = (byte*)XMALLOC( MAX_ENCODED_SIG_SZ, ssl->heap, - DYNAMIC_TYPE_SIGNATURE); + DYNAMIC_TYPE_DIGEST); if (encodedSig == NULL) { ERROR_OUT(MEMORY_E, exit_sske); } - ssl->buffers.sig.length = + ssl->buffers.digest.length = wc_EncodeSignature(encodedSig, - ssl->buffers.sig.buffer, - ssl->buffers.sig.length, + ssl->buffers.digest.buffer, + ssl->buffers.digest.length, TypeHash(ssl->suites->hashAlgo)); /* Replace sig buffer with new one */ - XFREE(ssl->buffers.sig.buffer, ssl->heap, - DYNAMIC_TYPE_SIGNATURE); - ssl->buffers.sig.buffer = encodedSig; + XFREE(ssl->buffers.digest.buffer, ssl->heap, + DYNAMIC_TYPE_DIGEST); + ssl->buffers.digest.buffer = encodedSig; } break; } @@ -30088,8 +30043,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, RsaKey* key = (RsaKey*)ssl->hsKey; ret = RsaSign(ssl, - ssl->buffers.sig.buffer, - ssl->buffers.sig.length, + ssl->buffers.digest.buffer, + ssl->buffers.digest.length, args->output + args->idx, &args->sigSz, ssl->suites->sigAlgo, ssl->suites->hashAlgo, @@ -30105,8 +30060,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ecc_key* key = (ecc_key*)ssl->hsKey; ret = EccSign(ssl, - ssl->buffers.sig.buffer, - ssl->buffers.sig.length, + ssl->buffers.digest.buffer, + ssl->buffers.digest.length, args->output + LENGTH_SZ + args->idx, &args->sigSz, key, @@ -30125,7 +30080,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ed25519_key* key = (ed25519_key*)ssl->hsKey; ret = Ed25519Sign(ssl, - args->sigDataBuf, args->sigDataSz, + ssl->buffers.sig.buffer, + ssl->buffers.sig.length, args->output + LENGTH_SZ + args->idx, &args->sigSz, key, @@ -30144,7 +30100,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ed448_key* key = (ed448_key*)ssl->hsKey; ret = Ed448Sign(ssl, - args->sigDataBuf, args->sigDataSz, + ssl->buffers.sig.buffer, + ssl->buffers.sig.length, args->output + LENGTH_SZ + args->idx, &args->sigSz, key, @@ -30182,8 +30139,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } ret = RsaSign(ssl, - ssl->buffers.sig.buffer, - ssl->buffers.sig.length, + ssl->buffers.digest.buffer, + ssl->buffers.digest.length, args->output + args->idx, &args->sigSz, ssl->suites->sigAlgo, ssl->suites->hashAlgo, @@ -30271,8 +30228,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* check for signature faults */ ret = VerifyRsaSign(ssl, args->verifySig, args->sigSz, - ssl->buffers.sig.buffer, - ssl->buffers.sig.length, + ssl->buffers.digest.buffer, + ssl->buffers.digest.length, ssl->suites->sigAlgo, ssl->suites->hashAlgo, key, ssl->buffers.key ); @@ -30336,8 +30293,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* check for signature faults */ ret = VerifyRsaSign(ssl, args->verifySig, args->sigSz, - ssl->buffers.sig.buffer, - ssl->buffers.sig.length, + ssl->buffers.digest.buffer, + ssl->buffers.digest.length, ssl->suites->sigAlgo, ssl->suites->hashAlgo, key, ssl->buffers.key ); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 907e34727..cdcbd095c 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -13909,8 +13909,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx, sigCtx->key.rsa = (RsaKey*)XMALLOC(sizeof(RsaKey), sigCtx->heap, DYNAMIC_TYPE_RSA); - sigCtx->sigCpy = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, - sigCtx->heap, DYNAMIC_TYPE_SIGNATURE); + sigCtx->sigCpy = (byte*)XMALLOC(sigSz, sigCtx->heap, + DYNAMIC_TYPE_SIGNATURE); if (sigCtx->key.rsa == NULL || sigCtx->sigCpy == NULL) { ERROR_OUT(MEMORY_E, exit_cs); } diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 3e626b0b2..77932e7a2 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -921,17 +921,21 @@ static int RsaMGF1(enum wc_HashType hType, byte* seed, word32 seedSz, #ifdef WOLFSSL_SMALL_STACK_CACHE hash = (wc_HashAlg*)XMALLOC(sizeof(*hash), heap, DYNAMIC_TYPE_DIGEST); if (hash == NULL) { + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) if (tmpF) { XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER); } + #endif return MEMORY_E; } ret = wc_HashInit_ex(hash, hType, heap, INVALID_DEVID); if (ret != 0) { XFREE(hash, heap, DYNAMIC_TYPE_DIGEST); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) if (tmpF) { XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER); } + #endif return ret; } #endif diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index 9b3e3b666..1da92e7e0 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -7096,20 +7096,49 @@ int sp_div(sp_int* a, sp_int* d, sp_int* r, sp_int* rem) } if (!done) { +#if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \ + !defined(WOLFSSL_SP_NO_MALLOC) + int cnt = 4; + if ((rem != NULL) && (rem != d)) { + cnt--; + } + if ((r != NULL) && (r != d)) { + cnt--; + } /* Macro always has code associated with it and checks err first. */ + ALLOC_SP_INT_ARRAY(td, a->used + 1, cnt, err, NULL); +#else ALLOC_SP_INT_ARRAY(td, a->used + 1, 4, err, NULL); +#endif } if ((!done) && (err == MP_OKAY)) { - sa = td[0]; - sd = td[1]; - tr = td[2]; - trial = td[3]; + sd = td[0]; + trial = td[1]; + i = 2; +#if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \ + !defined(WOLFSSL_SP_NO_MALLOC) + sa = ((rem != NULL) && (rem != d)) ? rem : td[i++]; + tr = ((r != NULL) && (r != d)) ? r : td[i]; +#else + sa = td[2]; + tr = td[3]; +#endif - sp_init_size(sa, a->used + 1); sp_init_size(sd, d->used + 1); - sp_init_size(tr, a->used - d->used + 2); sp_init_size(trial, a->used + 1); +#if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \ + !defined(WOLFSSL_SP_NO_MALLOC) + if ((rem == NULL) || (rem == d)) { + sp_init_size(sa, a->used + 1); + } + if ((r == NULL) || (r == d)) { + sp_init_size(tr, a->used - d->used + 2); + } +#else + sp_init_size(sa, a->used + 1); + sp_init_size(tr, a->used - d->used + 2); +#endif s = sp_count_bits(d); s = SP_WORD_SIZE - (s & SP_WORD_MASK); @@ -10362,7 +10391,6 @@ int sp_mul(sp_int* a, sp_int* b, sp_int* r) int sp_mulmod(sp_int* a, sp_int* b, sp_int* m, sp_int* r) { int err = MP_OKAY; - DECL_SP_INT(t, ((a == NULL) || (b == NULL)) ? 1 : a->used + b->used); if ((a == NULL) || (b == NULL) || (m == NULL) || (r == NULL)) { err = MP_VAL; @@ -10371,18 +10399,29 @@ int sp_mulmod(sp_int* a, sp_int* b, sp_int* m, sp_int* r) err = MP_VAL; } - ALLOC_SP_INT(t, a->used + b->used, err, NULL); - if (err == MP_OKAY) { - err = sp_init_size(t, a->used + b->used); - } - if (err == MP_OKAY) { - err = sp_mul(a, b, t); - } - if (err == MP_OKAY) { - err = sp_mod(t, m, r); - } + if ((r == m) || (r->size < a->used + b->used)) { + DECL_SP_INT(t, ((a == NULL) || (b == NULL)) ? 1 : a->used + b->used); + ALLOC_SP_INT(t, a->used + b->used, err, NULL); + if (err == MP_OKAY) { + err = sp_init_size(t, a->used + b->used); + } + if (err == MP_OKAY) { + err = sp_mul(a, b, t); + } + if (err == MP_OKAY) { + err = sp_mod(t, m, r); + } - FREE_SP_INT(t, NULL); + FREE_SP_INT(t, NULL); + } + else { + if (err == MP_OKAY) { + err = sp_mul(a, b, r); + } + if (err == MP_OKAY) { + err = sp_mod(r, m, r); + } + } return err; } #endif @@ -16058,20 +16097,22 @@ int sp_prime_is_prime_ex(sp_int* a, int t, int* result, WC_RNG* rng) if ((err == MP_OKAY) && (!haveRes)) { int bits = sp_count_bits(a); word32 baseSz = (bits + 7) / 8; - DECL_SP_INT_ARRAY(d, a->used * 2 + 1, 5); + DECL_SP_INT_ARRAY(ds, a->used + 1, 3); + DECL_SP_INT_ARRAY(d, a->used * 2 + 1, 2); - ALLOC_SP_INT_ARRAY(d, a->used * 2 + 1, 5, err, NULL); + ALLOC_SP_INT_ARRAY(ds, a->used + 1, 3, err, NULL); + ALLOC_SP_INT_ARRAY(d, a->used * 2 + 1, 2, err, NULL); if (err == MP_OKAY) { - b = d[0]; - c = d[1]; - n1 = d[2]; - y = d[3]; - r = d[4]; + b = ds[0]; + c = ds[1]; + n1 = ds[2]; + y = d[0]; + r = d[1]; /* Only 'y' needs to be twice as big. */ - sp_init_size(b , a->used * 2 + 1); - sp_init_size(c , a->used * 2 + 1); - sp_init_size(n1, a->used * 2 + 1); + sp_init_size(b , a->used + 1); + sp_init_size(c , a->used + 1); + sp_init_size(n1, a->used + 1); sp_init_size(y , a->used * 2 + 1); sp_init_size(r , a->used * 2 + 1); @@ -16119,6 +16160,7 @@ int sp_prime_is_prime_ex(sp_int* a, int t, int* result, WC_RNG* rng) } FREE_SP_INT_ARRAY(d, NULL); + FREE_SP_INT_ARRAY(ds, NULL); } #else (void)t; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index b3cf753dd..c8b934d2d 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1166,6 +1166,33 @@ enum { #error RSA maximum bit size must be multiple of 8 #endif +/* MySQL wants to be able to use 8192-bit numbers. */ +#if defined(WOLFSSL_MYSQL_COMPATIBLE) || \ + (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && \ + FP_MAX_BITS >= 16384) || \ + ((defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH)) && \ + SP_INT_MAX_BITS >= 16384) + /* Maximum supported number length is 8192-bit. */ + #define ENCRYPT_BASE_BITS 8192 +#elif defined(USE_FAST_MATH) && defined(FP_MAX_BITS) + /* Use the FP size down to a min of 1024-bit. */ + #if FP_MAX_BITS > 2048 + #define ENCRYPT_BASE_BITS (FP_MAX_BITS / 2) + #else + #define ENCRYPT_BASE_BITS 1024 + #endif +#elif defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH) + /* Use the SP math size down to a min of 1024-bit. */ + #if SP_INT_MAX_BITS > 2048 + #define ENCRYPT_BASE_BITS (SP_INT_MAX_BITS / 2) + #else + #define ENCRYPT_BASE_BITS 1024 + #endif +#else + /* Integer/heap maths - support 4096-bit. */ + #define ENCRYPT_BASE_BITS 4096 +#endif + enum Misc { CIPHER_BYTE = 0x00, /* Default ciphers */ ECC_BYTE = 0xC0, /* ECC first cipher suite byte */ @@ -1204,21 +1231,12 @@ enum Misc { #endif #endif #ifdef HAVE_PQC - ENCRYPT_LEN = 1500, /* allow 1500 bit static buffer for falcon */ -#else -#if defined(WOLFSSL_MYSQL_COMPATIBLE) || \ - (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384) -#if !defined(NO_PSK) && defined(USE_FAST_MATH) - ENCRYPT_LEN = (FP_MAX_BITS / 2 / 8) + MAX_PSK_ID_LEN + 2, -#else - ENCRYPT_LEN = 1024, /* allow 8192 bit static buffer */ -#endif + ENCRYPT_LEN = 1500, /* allow 1500 byte static buffer for falcon */ #else #ifndef NO_PSK - ENCRYPT_LEN = 512 + MAX_PSK_ID_LEN + 2, /* 4096 bit static buffer */ + ENCRYPT_LEN = (ENCRYPT_BASE_BITS / 8) + MAX_PSK_ID_LEN + 2, #else - ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */ -#endif + ENCRYPT_LEN = (ENCRYPT_BASE_BITS / 8), #endif #endif SIZEOF_SENDER = 4, /* clnt or srvr */