diff --git a/src/ssl.c b/src/ssl.c index 30c4fa9a1..723c43069 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -9798,7 +9798,11 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) WOLFSSL_X509_EXTENSION* ext = NULL; WOLFSSL_ASN1_INTEGER* a; WOLFSSL_STACK* sk; - DecodedCert cert; +#ifdef WOLFSSL_SMALL_STACK + DecodedCert* cert = NULL; +#else + DecodedCert cert[1]; +#endif WOLFSSL_ENTER("wolfSSL_X509_set_ext"); @@ -9825,9 +9829,18 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) return NULL; } - InitDecodedCert( &cert, rawCert, (word32)outSz, 0); +#ifdef WOLFSSL_SMALL_STACK + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT); + if (cert == NULL) { + WOLFSSL_MSG("Failed to allocate memory for DecodedCert"); + wolfSSL_X509_EXTENSION_free(ext); + return NULL; + } +#endif - if (ParseCert(&cert, + InitDecodedCert(cert, rawCert, (word32)outSz, 0); + + if (ParseCert(cert, #ifdef WOLFSSL_CERT_REQ x509->isCSR ? CERTREQ_TYPE : #endif @@ -9835,17 +9848,23 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) NO_VERIFY, NULL) < 0) { WOLFSSL_MSG("\tCertificate parsing failed"); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } - input = cert.extensions; - sz = cert.extensionsSz; + input = cert->extensions; + sz = cert->extensionsSz; if (input == NULL || sz == 0) { WOLFSSL_MSG("\tfail: should be an EXTENSIONS"); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); +#ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); +#endif return NULL; } @@ -9856,14 +9875,20 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) if (input[idx++] != ASN_EXTENSIONS) { WOLFSSL_MSG("\tfail: should be an EXTENSIONS"); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } if (GetLength(input, &idx, &length, sz) < 0) { WOLFSSL_MSG("\tfail: invalid length"); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } } @@ -9871,7 +9896,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) if (GetSequence(input, &idx, &length, sz) < 0) { WOLFSSL_MSG("\tfail: should be a SEQUENCE (1)"); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); +#ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); +#endif return NULL; } @@ -9881,7 +9909,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) if (GetSequence(input, &idx, &length, sz) < 0) { WOLFSSL_MSG("\tfail: should be a SEQUENCE"); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } @@ -9890,7 +9921,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) if (ret < 0) { WOLFSSL_MSG("\tfail: OBJECT ID"); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } idx = tmpIdx; @@ -9909,7 +9943,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) if (ext->obj == NULL) { WOLFSSL_MSG("\tfail: Invalid OBJECT"); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } ext->obj->nid = nid; @@ -9922,7 +9959,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) a = wolfSSL_ASN1_INTEGER_new(); if (a == NULL) { wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } a->length = x509->pathLength; @@ -9944,7 +9984,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) if (sk == NULL) { WOLFSSL_MSG("Failed to malloc stack"); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } @@ -9958,7 +10001,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) WOLFSSL_MSG("Error creating ASN1 object"); wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } obj->obj = (byte*)x509->authInfoCaIssuer; @@ -9972,7 +10018,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) wolfSSL_ASN1_OBJECT_free(obj); wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } } @@ -9987,7 +10036,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) WOLFSSL_MSG("Error creating ASN1 object"); wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } obj->obj = x509->authInfo; @@ -10001,7 +10053,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) wolfSSL_ASN1_OBJECT_free(obj); wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } } @@ -10018,7 +10073,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("ASN1_STRING_set() failed"); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } ext->crit = x509->authKeyIdCrit; @@ -10033,7 +10091,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("ASN1_STRING_set() failed"); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } ext->crit = x509->subjKeyIdCrit; @@ -10054,7 +10115,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("ASN1_STRING_set() failed"); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } ext->crit = x509->keyUsageCrit; @@ -10069,7 +10133,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("ASN1_STRING_set() failed"); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } ext->crit = x509->keyUsageCrit; @@ -10094,7 +10161,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("ASN1_STRING_set() failed"); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } #endif @@ -10104,7 +10174,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) DYNAMIC_TYPE_ASN1); if (sk == NULL) { wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } XMEMSET(sk, 0, sizeof(WOLFSSL_GENERAL_NAMES)); @@ -10119,8 +10192,11 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) if (gn == NULL) { WOLFSSL_MSG("Error creating GENERAL_NAME"); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); wolfSSL_sk_pop_free(sk, NULL); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } @@ -10130,9 +10206,12 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) gn->d.ia5->length) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("ASN1_STRING_set failed"); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); wolfSSL_GENERAL_NAME_free(gn); wolfSSL_sk_pop_free(sk, NULL); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } @@ -10143,9 +10222,12 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error pushing onto stack"); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); wolfSSL_GENERAL_NAME_free(gn); wolfSSL_sk_pop_free(sk, NULL); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } } @@ -10154,9 +10236,12 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error pushing onto stack"); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); wolfSSL_GENERAL_NAME_free(gn); wolfSSL_sk_pop_free(sk, NULL); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } } @@ -10175,7 +10260,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) if (GetASNObjectId(input, &idx, &length, sz) != 0) { WOLFSSL_MSG("Failed to Get ASN Object Id"); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } oidBuf = (byte*)XMALLOC(length+1+MAX_LENGTH_SZ, NULL, @@ -10183,7 +10271,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) if (oidBuf == NULL) { WOLFSSL_MSG("Failed to malloc tmp buffer"); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } oidBuf[0] = ASN_OBJECT_ID; @@ -10201,8 +10292,11 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) if (ext->obj->obj == NULL) { wolfSSL_ASN1_OBJECT_free(ext->obj); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); XFREE(oidBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } ext->obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA; @@ -10223,7 +10317,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) WOLFSSL_MSG("Error decoding unknown extension data"); wolfSSL_ASN1_OBJECT_free(ext->obj); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } @@ -10231,7 +10328,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) WOLFSSL_MSG("Error: Invalid Input Length."); wolfSSL_ASN1_OBJECT_free(ext->obj); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } ext->value.data = (char*)XMALLOC(length, NULL, DYNAMIC_TYPE_ASN1); @@ -10239,7 +10339,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) if (ext->value.data == NULL) { WOLFSSL_MSG("Failed to malloc ASN1_STRING data"); wolfSSL_X509_EXTENSION_free(ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return NULL; } XMEMCPY(ext->value.data,input+tmpIdx,length); @@ -10258,7 +10361,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) if (x509->ext_sk != NULL) wolfSSL_sk_X509_EXTENSION_push(x509->ext_sk, ext); - FreeDecodedCert(&cert); + FreeDecodedCert(cert); +#ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); +#endif return ext; } @@ -40235,7 +40341,11 @@ int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group, WOLFSSL_BN_CTX *ctx) { mp_digit mp; - mp_int modulus; +#ifdef WOLFSSL_SMALL_STACK + mp_int* modulus = NULL; +#else + mp_int modulus[1]; +#endif (void)ctx; WOLFSSL_ENTER("wolfSSL_EC_POINT_get_affine_coordinates_GFp"); @@ -40250,39 +40360,65 @@ int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group, return WOLFSSL_FAILURE; } +#ifdef WOLFSSL_SMALL_STACK + modulus = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); + if (modulus == NULL) { + return WOLFSSL_FAILURE; + } +#endif + if (!wolfSSL_BN_is_one(point->Z)) { - if (mp_init(&modulus) != MP_OKAY) { + if (mp_init(modulus) != MP_OKAY) { WOLFSSL_MSG("mp_init failed"); + #ifdef WOLFSSL_SMALL_STACK + XFREE(modulus, NULL, DYNAMIC_TYPE_BIGINT); + #endif return WOLFSSL_FAILURE; } /* Map the Jacobian point back to affine space */ - if (mp_read_radix(&modulus, ecc_sets[group->curve_idx].prime, MP_RADIX_HEX) != MP_OKAY) { + if (mp_read_radix(modulus, ecc_sets[group->curve_idx].prime, MP_RADIX_HEX) != MP_OKAY) { WOLFSSL_MSG("mp_read_radix failed"); - mp_clear(&modulus); + mp_clear(modulus); + #ifdef WOLFSSL_SMALL_STACK + XFREE(modulus, NULL, DYNAMIC_TYPE_BIGINT); + #endif return WOLFSSL_FAILURE; } - if (mp_montgomery_setup(&modulus, &mp) != MP_OKAY) { + if (mp_montgomery_setup(modulus, &mp) != MP_OKAY) { WOLFSSL_MSG("mp_montgomery_setup failed"); - mp_clear(&modulus); + mp_clear(modulus); + #ifdef WOLFSSL_SMALL_STACK + XFREE(modulus, NULL, DYNAMIC_TYPE_BIGINT); + #endif return WOLFSSL_FAILURE; } - if (ecc_map((ecc_point*)point->internal, &modulus, mp) != MP_OKAY) { + if (ecc_map((ecc_point*)point->internal, modulus, mp) != MP_OKAY) { WOLFSSL_MSG("ecc_map failed"); - mp_clear(&modulus); + mp_clear(modulus); + #ifdef WOLFSSL_SMALL_STACK + XFREE(modulus, NULL, DYNAMIC_TYPE_BIGINT); + #endif return WOLFSSL_FAILURE; } if (SetECPointExternal((WOLFSSL_EC_POINT *)point) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("SetECPointExternal failed"); - mp_clear(&modulus); + mp_clear(modulus); + #ifdef WOLFSSL_SMALL_STACK + XFREE(modulus, NULL, DYNAMIC_TYPE_BIGINT); + #endif return WOLFSSL_FAILURE; } - mp_clear(&modulus); + mp_clear(modulus); } BN_copy(x, point->X); BN_copy(y, point->Y); +#ifdef WOLFSSL_SMALL_STACK + XFREE(modulus, NULL, DYNAMIC_TYPE_BIGINT); +#endif + return WOLFSSL_SUCCESS; } #endif @@ -40481,7 +40617,12 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, const WOLFSSL_BIGNUM *n, const WOLFSSL_EC_POINT *q, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx) { - mp_int a, prime; +#ifdef WOLFSSL_SMALL_STACK + mp_int* a = NULL; + mp_int* prime = NULL; +#else + mp_int a[1], prime[1]; +#endif int ret = WOLFSSL_FAILURE; ecc_point* result = NULL; ecc_point* tmp = NULL; @@ -40495,13 +40636,25 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, return WOLFSSL_FAILURE; } +#ifdef WOLFSSL_SMALL_STACK + a = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); + if (a == NULL) { + return WOLFSSL_FAILURE; + } + prime = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); + if (prime == NULL) { + XFREE(a, NULL, DYNAMIC_TYPE_BIGINT); + return WOLFSSL_FAILURE; + } +#endif + if (!(result = wc_ecc_new_point())) { WOLFSSL_MSG("wolfSSL_EC_POINT_new error"); return WOLFSSL_FAILURE; } /* read the curve prime and a */ - if (mp_init_multi(&prime, &a, NULL, NULL, NULL, NULL) != MP_OKAY) { + if (mp_init_multi(prime, a, NULL, NULL, NULL, NULL) != MP_OKAY) { WOLFSSL_MSG("mp_init_multi error"); goto cleanup; } @@ -40511,13 +40664,13 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, goto cleanup; } - if (mp_read_radix(&prime, ecc_sets[group->curve_idx].prime, MP_RADIX_HEX) + if (mp_read_radix(prime, ecc_sets[group->curve_idx].prime, MP_RADIX_HEX) != MP_OKAY) { WOLFSSL_MSG("mp_read_radix prime error"); goto cleanup; } - if (mp_read_radix(&a, ecc_sets[group->curve_idx].Af, MP_RADIX_HEX) + if (mp_read_radix(a, ecc_sets[group->curve_idx].Af, MP_RADIX_HEX) != MP_OKAY) { WOLFSSL_MSG("mp_read_radix a error"); goto cleanup; @@ -40555,14 +40708,14 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, #ifdef ECC_SHAMIR if (ecc_mul2add(result, (mp_int*)n->internal, (ecc_point*)q->internal, (mp_int*)m->internal, - result, &a, &prime, NULL) + result, a, prime, NULL) != MP_OKAY) { WOLFSSL_MSG("ecc_mul2add error"); goto cleanup; } #else mp_digit mp = 0; - if (mp_montgomery_setup(&prime, &mp) != MP_OKAY) { + if (mp_montgomery_setup(prime, &mp) != MP_OKAY) { WOLFSSL_MSG("mp_montgomery_setup nqm error"); goto cleanup; } @@ -40571,24 +40724,24 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, goto cleanup; } /* r = generator * n */ - if (wc_ecc_mulmod((mp_int*)n->internal, result, result, &a, &prime, 0) + if (wc_ecc_mulmod((mp_int*)n->internal, result, result, a, prime, 0) != MP_OKAY) { WOLFSSL_MSG("wc_ecc_mulmod nqm error"); goto cleanup; } /* tmp = q * m */ if (wc_ecc_mulmod((mp_int*)m->internal, (ecc_point*)q->internal, - tmp, &a, &prime, 0) != MP_OKAY) { + tmp, a, prime, 0) != MP_OKAY) { WOLFSSL_MSG("wc_ecc_mulmod nqm error"); goto cleanup; } /* result = result + tmp */ - if (ecc_projective_add_point(tmp, result, result, &a, &prime, mp) + if (ecc_projective_add_point(tmp, result, result, a, prime, mp) != MP_OKAY) { WOLFSSL_MSG("wc_ecc_mulmod nqm error"); goto cleanup; } - if (ecc_map(result, &prime, mp) != MP_OKAY) { + if (ecc_map(result, prime, mp) != MP_OKAY) { WOLFSSL_MSG("ecc_map nqm error"); goto cleanup; } @@ -40596,7 +40749,7 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, } else if (n) { /* r = generator * n */ - if (wc_ecc_mulmod((mp_int*)n->internal, result, result, &a, &prime, 1) + if (wc_ecc_mulmod((mp_int*)n->internal, result, result, a, prime, 1) != MP_OKAY) { WOLFSSL_MSG("wc_ecc_mulmod gn error"); goto cleanup; @@ -40605,7 +40758,7 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, else if (q && m) { /* r = q * m */ if (wc_ecc_mulmod((mp_int*)m->internal, (ecc_point*)q->internal, - result, &a, &prime, 1) != MP_OKAY) { + result, a, prime, 1) != MP_OKAY) { WOLFSSL_MSG("wc_ecc_mulmod qm error"); goto cleanup; } @@ -40624,10 +40777,14 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, ret = WOLFSSL_SUCCESS; cleanup: - mp_clear(&a); - mp_clear(&prime); + mp_clear(a); + mp_clear(prime); wc_ecc_del_point(result); wc_ecc_del_point(tmp); +#ifdef WOLFSSL_SMALL_STACK + XFREE(a, NULL, DYNAMIC_TYPE_BIGINT); + XFREE(prime, NULL, DYNAMIC_TYPE_BIGINT); +#endif return ret; } #endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A && !HAVE_SELFTEST && @@ -40638,7 +40795,11 @@ int wolfSSL_EC_POINT_invert(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *a, WOLFSSL_BN_CTX *ctx) { ecc_point* p; - mp_int prime; +#ifdef WOLFSSL_SMALL_STACK + mp_int* prime = NULL; +#else + mp_int prime[1]; +#endif (void)ctx; @@ -40650,22 +40811,42 @@ int wolfSSL_EC_POINT_invert(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *a, p = (ecc_point*)a->internal; +#ifdef WOLFSSL_SMALL_STACK + prime = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); + if (prime == NULL) { + return WOLFSSL_FAILURE; + } +#endif + /* read the curve prime and a */ - if (mp_init_multi(&prime, NULL, NULL, NULL, NULL, NULL) != MP_OKAY) { + if (mp_init_multi(prime, NULL, NULL, NULL, NULL, NULL) != MP_OKAY) { WOLFSSL_MSG("mp_init_multi error"); + #ifdef WOLFSSL_SMALL_STACK + XFREE(prime, NULL, DYNAMIC_TYPE_BIGINT); + #endif return WOLFSSL_FAILURE; } - if (mp_sub(&prime, p->y, p->y) != MP_OKAY) { + if (mp_sub(prime, p->y, p->y) != MP_OKAY) { WOLFSSL_MSG("mp_sub error"); + #ifdef WOLFSSL_SMALL_STACK + XFREE(prime, NULL, DYNAMIC_TYPE_BIGINT); + #endif return WOLFSSL_FAILURE; } if (SetECPointExternal(a) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("SetECPointExternal error"); + #ifdef WOLFSSL_SMALL_STACK + XFREE(prime, NULL, DYNAMIC_TYPE_BIGINT); + #endif return WOLFSSL_FAILURE; } +#ifdef WOLFSSL_SMALL_STACK + XFREE(prime, NULL, DYNAMIC_TYPE_BIGINT); +#endif + return WOLFSSL_SUCCESS; } @@ -40897,9 +41078,15 @@ WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen, WC_RNG* rng = NULL; #ifdef WOLFSSL_SMALL_STACK WC_RNG* tmpRNG = NULL; + byte* out = NULL; + mp_int* sig_r = NULL; + mp_int* sig_s = NULL; #else WC_RNG tmpRNG[1]; + byte out[ECC_BUFSIZE]; + mp_int sig_r[1], sig_s[1]; #endif + word32 outlen = ECC_BUFSIZE; WOLFSSL_ENTER("wolfSSL_ECDSA_do_sign"); @@ -40923,6 +41110,24 @@ WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen, tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); if (tmpRNG == NULL) return NULL; + out = (byte*)XMALLOC(outlen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (out == NULL) { + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); + return NULL; + } + sig_r = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); + if (sig_r == NULL) { + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); + return NULL; + } + sig_s = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); + if (sig_s == NULL) { + XFREE(sig_r, NULL, DYNAMIC_TYPE_BIGINT); + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); + return NULL; + } #endif if (wc_InitRng(tmpRNG) == 0) { @@ -40938,31 +41143,28 @@ WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen, } if (rng) { - byte out[ECC_BUFSIZE]; - word32 outlen = ECC_BUFSIZE; /* use wc_ecc_sign_hash because it supports crypto callbacks */ if (wc_ecc_sign_hash(d, dlen, out, &outlen, rng, (ecc_key*)key->internal) == 0) { - mp_int sig_r, sig_s; - if (mp_init_multi(&sig_r, &sig_s, NULL, NULL, NULL, NULL) == MP_OKAY) { + if (mp_init_multi(sig_r, sig_s, NULL, NULL, NULL, NULL) == MP_OKAY) { /* put signature blob in ECDSA structure */ - if (DecodeECC_DSA_Sig(out, outlen, &sig_r, &sig_s) == 0) { + if (DecodeECC_DSA_Sig(out, outlen, sig_r, sig_s) == 0) { sig = wolfSSL_ECDSA_SIG_new(); if (sig == NULL) WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new failed"); - else if (SetIndividualExternal(&sig->r, &sig_r) != WOLFSSL_SUCCESS) { + else if (SetIndividualExternal(&sig->r, sig_r) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("ecdsa r key error"); wolfSSL_ECDSA_SIG_free(sig); sig = NULL; } - else if (SetIndividualExternal(&sig->s, &sig_s)!=WOLFSSL_SUCCESS){ + else if (SetIndividualExternal(&sig->s, sig_s)!=WOLFSSL_SUCCESS){ WOLFSSL_MSG("ecdsa s key error"); wolfSSL_ECDSA_SIG_free(sig); sig = NULL; } } - mp_free(&sig_r); - mp_free(&sig_s); + mp_free(sig_r); + mp_free(sig_s); } } else { @@ -40973,6 +41175,9 @@ WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen, if (initTmpRng) wc_FreeRng(tmpRNG); #ifdef WOLFSSL_SMALL_STACK + XFREE(sig_s, NULL, DYNAMIC_TYPE_BIGINT); + XFREE(sig_r, NULL, DYNAMIC_TYPE_BIGINT); + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); #endif @@ -45285,7 +45490,11 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) unsigned char **in, long length) { WOLFSSL_X509_NAME* tmp = NULL; - DecodedCert cert; + #ifdef WOLFSSL_SMALL_STACK + DecodedCert* cert = NULL; + #else + DecodedCert cert[1]; + #endif WOLFSSL_ENTER("wolfSSL_d2i_X509_NAME"); @@ -45294,12 +45503,20 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) return NULL; } + #ifdef WOLFSSL_SMALL_STACK + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + DYNAMIC_TYPE_DCERT); + if (cert == NULL) { + return NULL; + } + #endif + /* Set the X509_NAME buffer as the input data for cert. * in is NOT a full certificate. Just the name. */ - InitDecodedCert(&cert, *in, (word32)length, NULL); + InitDecodedCert(cert, *in, (word32)length, NULL); /* Parse the X509 subject name */ - if (GetName(&cert, SUBJECT, (int)length) != 0) { + if (GetName(cert, SUBJECT, (int)length) != 0) { WOLFSSL_MSG("WOLFSSL_X509_NAME parse error"); goto cleanup; } @@ -45309,7 +45526,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) goto cleanup; } - if (wolfSSL_X509_NAME_copy((WOLFSSL_X509_NAME*)cert.subjectName, + if (wolfSSL_X509_NAME_copy((WOLFSSL_X509_NAME*)cert->subjectName, tmp) != WOLFSSL_SUCCESS) { wolfSSL_X509_NAME_free(tmp); tmp = NULL; @@ -45319,7 +45536,10 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) if (name) *name = tmp; cleanup: - FreeDecodedCert(&cert); + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif return tmp; } @@ -53872,7 +54092,11 @@ int SetIndividualInternal(WOLFSSL_BIGNUM* bn, mp_int* mpi) WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai, WOLFSSL_BIGNUM *bn) { - mp_int mpi; +#ifdef WOLFSSL_SMALL_STACK + mp_int* mpi = NULL; +#else + mp_int mpi[1]; +#endif word32 idx = 0; int ret; @@ -53882,29 +54106,49 @@ WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai, return NULL; } - ret = GetInt(&mpi, ai->data, &idx, ai->dataMax); +#ifdef WOLFSSL_SMALL_STACK + mpi = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); + if (mpi == NULL) { + return NULL; + } +#endif + + ret = GetInt(mpi, ai->data, &idx, ai->dataMax); if (ret != 0) { #if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY) - ret = mp_init(&mpi); /* must init mpi */ + ret = mp_init(mpi); /* must init mpi */ if (ret != MP_OKAY) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(mpi, NULL, DYNAMIC_TYPE_BIGINT); + #endif return NULL; } /* Serial number in QT starts at index 0 of data */ - if (mp_read_unsigned_bin(&mpi, (byte*)ai->data, ai->length) != 0) { - mp_clear(&mpi); + if (mp_read_unsigned_bin(mpi, (byte*)ai->data, ai->length) != 0) { + mp_clear(mpi); + #ifdef WOLFSSL_SMALL_STACK + XFREE(mpi, NULL, DYNAMIC_TYPE_BIGINT); + #endif return NULL; } #else /* expecting ASN1 format for INTEGER */ WOLFSSL_LEAVE("wolfSSL_ASN1_INTEGER_to_BN", ret); + #ifdef WOLFSSL_SMALL_STACK + XFREE(mpi, NULL, DYNAMIC_TYPE_BIGINT); + #endif return NULL; #endif } /* mp_clear needs called because mpi is copied and causes memory leak with * --disable-fastmath */ - ret = SetIndividualExternal(&bn, &mpi); - mp_clear(&mpi); + ret = SetIndividualExternal(&bn, mpi); + mp_clear(mpi); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(mpi, NULL, DYNAMIC_TYPE_BIGINT); +#endif if (ret != WOLFSSL_SUCCESS) { return NULL; @@ -57509,27 +57753,47 @@ int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey, const WOLFSSL_EVP_MD *md) { int ret; +#ifdef WOLFSSL_SMALL_STACK + byte* der = NULL; +#else byte der[2048]; - int derSz = sizeof(der); +#endif + int derSz = 2048; if (req == NULL || pkey == NULL || md == NULL) { WOLFSSL_LEAVE("wolfSSL_X509_REQ_sign", BAD_FUNC_ARG); return WOLFSSL_FAILURE; } +#ifdef WOLFSSL_SMALL_STACK + der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + return WOLFSSL_FAILURE; + } +#endif + /* Create a Cert that has the certificate request fields. */ req->sigOID = wolfSSL_sigTypeFromPKEY((WOLFSSL_EVP_MD*)md, pkey); ret = wolfssl_x509_make_der(req, 1, der, &derSz, 0); if (ret != WOLFSSL_SUCCESS) { +#ifdef WOLFSSL_SMALL_STACK + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif WOLFSSL_MSG("Unable to make DER for X509"); WOLFSSL_LEAVE("wolfSSL_X509_REQ_sign", ret); return WOLFSSL_FAILURE; } - if (wolfSSL_X509_resign_cert(req, 1, der, sizeof(der), derSz, + if (wolfSSL_X509_resign_cert(req, 1, der, 2048, derSz, (WOLFSSL_EVP_MD*)md, pkey) <= 0) { +#ifdef WOLFSSL_SMALL_STACK + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return WOLFSSL_FAILURE; } +#ifdef WOLFSSL_SMALL_STACK + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return WOLFSSL_SUCCESS; } diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index d1e5beff3..b56de1392 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -8104,13 +8104,35 @@ int wc_ecc_import_point_der_ex(const byte* in, word32 inLen, #if !defined(WOLFSSL_SP_MATH) { int did_init = 0; - mp_int t1, t2; + #ifdef WOLFSSL_SMALL_STACK + mp_int* t1 = NULL; + mp_int* t2 = NULL; + #else + mp_int t1[1], t2[1]; + #endif DECLARE_CURVE_SPECS(3); ALLOC_CURVE_SPECS(3, err); + #ifdef WOLFSSL_SMALL_STACK if (err == MP_OKAY) { - if (mp_init_multi(&t1, &t2, NULL, NULL, NULL, NULL) != MP_OKAY) + t1 = (mp_int*)XMALLOC(sizeof(mp_int), NULL, + DYNAMIC_TYPE_BIGINT); + if (t1 == NULL) { + err = MEMORY_E; + } + } + if (err == MP_OKAY) { + t2 = (mp_int*)XMALLOC(sizeof(mp_int), NULL, + DYNAMIC_TYPE_BIGINT); + if (t2 == NULL) { + err = MEMORY_E; + } + } + #endif + + if (err == MP_OKAY) { + if (mp_init_multi(t1, t2, NULL, NULL, NULL, NULL) != MP_OKAY) err = MEMORY_E; else did_init = 1; @@ -8135,42 +8157,51 @@ int wc_ecc_import_point_der_ex(const byte* in, word32 inLen, /* compute x^3 */ if (err == MP_OKAY) - err = mp_sqr(point->x, &t1); + err = mp_sqr(point->x, t1); if (err == MP_OKAY) - err = mp_mulmod(&t1, point->x, curve->prime, &t1); + err = mp_mulmod(t1, point->x, curve->prime, t1); /* compute x^3 + a*x */ if (err == MP_OKAY) - err = mp_mulmod(curve->Af, point->x, curve->prime, &t2); + err = mp_mulmod(curve->Af, point->x, curve->prime, t2); if (err == MP_OKAY) - err = mp_add(&t1, &t2, &t1); + err = mp_add(t1, t2, t1); /* compute x^3 + a*x + b */ if (err == MP_OKAY) - err = mp_add(&t1, curve->Bf, &t1); + err = mp_add(t1, curve->Bf, t1); /* compute sqrt(x^3 + a*x + b) */ if (err == MP_OKAY) - err = mp_sqrtmod_prime(&t1, curve->prime, &t2); + err = mp_sqrtmod_prime(t1, curve->prime, t2); /* adjust y */ if (err == MP_OKAY) { - if ((mp_isodd(&t2) == MP_YES && + if ((mp_isodd(t2) == MP_YES && pointType == ECC_POINT_COMP_ODD) || - (mp_isodd(&t2) == MP_NO && + (mp_isodd(t2) == MP_NO && pointType == ECC_POINT_COMP_EVEN)) { - err = mp_mod(&t2, curve->prime, point->y); + err = mp_mod(t2, curve->prime, point->y); } else { - err = mp_submod(curve->prime, &t2, curve->prime, point->y); + err = mp_submod(curve->prime, t2, curve->prime, point->y); } } if (did_init) { - mp_clear(&t2); - mp_clear(&t1); + mp_clear(t2); + mp_clear(t1); } + #ifdef WOLFSSL_SMALL_STACK + if (t1 != NULL) { + XFREE(t1, NULL, DYNAMIC_TYPE_BIGINT); + } + if (t2 != NULL) { + XFREE(t2, NULL, DYNAMIC_TYPE_BIGINT); + } + #endif + wc_ecc_curve_free(curve); FREE_CURVE_SPECS(); } @@ -9254,14 +9285,33 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key, #ifdef HAVE_COMP_KEY if (err == MP_OKAY && compressed == 1) { /* build y */ #if !defined(WOLFSSL_SP_MATH) - mp_int t1, t2; + #ifdef WOLFSSL_SMALL_STACK + mp_int* t1 = NULL; + mp_int* t2 = NULL; + #else + mp_int t1[1], t2[1]; + #endif int did_init = 0; DECLARE_CURVE_SPECS(3); ALLOC_CURVE_SPECS(3, err); + #ifdef WOLFSSL_SMALL_STACK if (err == MP_OKAY) { - if (mp_init_multi(&t1, &t2, NULL, NULL, NULL, NULL) != MP_OKAY) + t1 = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); + if (t1 == NULL) { + err = MEMORY_E; + } + } + if (err == MP_OKAY) { + t2 = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); + if (t2 == NULL) { + err = MEMORY_E; + } + } + #endif + if (err == MP_OKAY) { + if (mp_init_multi(t1, t2, NULL, NULL, NULL, NULL) != MP_OKAY) err = MEMORY_E; else did_init = 1; @@ -9286,41 +9336,49 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key, /* compute x^3 */ if (err == MP_OKAY) - err = mp_sqr(key->pubkey.x, &t1); + err = mp_sqr(key->pubkey.x, t1); if (err == MP_OKAY) - err = mp_mulmod(&t1, key->pubkey.x, curve->prime, &t1); + err = mp_mulmod(t1, key->pubkey.x, curve->prime, t1); /* compute x^3 + a*x */ if (err == MP_OKAY) - err = mp_mulmod(curve->Af, key->pubkey.x, curve->prime, &t2); + err = mp_mulmod(curve->Af, key->pubkey.x, curve->prime, t2); if (err == MP_OKAY) - err = mp_add(&t1, &t2, &t1); + err = mp_add(t1, t2, t1); /* compute x^3 + a*x + b */ if (err == MP_OKAY) - err = mp_add(&t1, curve->Bf, &t1); + err = mp_add(t1, curve->Bf, t1); /* compute sqrt(x^3 + a*x + b) */ if (err == MP_OKAY) - err = mp_sqrtmod_prime(&t1, curve->prime, &t2); + err = mp_sqrtmod_prime(t1, curve->prime, t2); /* adjust y */ if (err == MP_OKAY) { - if ((mp_isodd(&t2) == MP_YES && pointType == ECC_POINT_COMP_ODD) || - (mp_isodd(&t2) == MP_NO && pointType == ECC_POINT_COMP_EVEN)) { - err = mp_mod(&t2, curve->prime, &t2); + if ((mp_isodd(t2) == MP_YES && pointType == ECC_POINT_COMP_ODD) || + (mp_isodd(t2) == MP_NO && pointType == ECC_POINT_COMP_EVEN)) { + err = mp_mod(t2, curve->prime, t2); } else { - err = mp_submod(curve->prime, &t2, curve->prime, &t2); + err = mp_submod(curve->prime, t2, curve->prime, t2); } if (err == MP_OKAY) - err = mp_copy(&t2, key->pubkey.y); + err = mp_copy(t2, key->pubkey.y); } if (did_init) { - mp_clear(&t2); - mp_clear(&t1); + mp_clear(t2); + mp_clear(t1); } + #ifdef WOLFSSL_SMALL_STACK + if (t1 != NULL) { + XFREE(t1, NULL, DYNAMIC_TYPE_BIGINT); + } + if (t2 != NULL) { + XFREE(t2, NULL, DYNAMIC_TYPE_BIGINT); + } + #endif wc_ecc_curve_free(curve); FREE_CURVE_SPECS(); @@ -12943,7 +13001,12 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, */ int mp_jacobi(mp_int* a, mp_int* n, int* c) { - mp_int a1, n1; +#ifdef WOLFSSL_SMALL_STACK + mp_int* a1 = NULL; + mp_int* n1 = NULL; +#else + mp_int a1[1], n1[1]; +#endif int res; int s = 1; int k; @@ -12961,22 +13024,38 @@ int mp_jacobi(mp_int* a, mp_int* n, int* c) return MP_VAL; } - if ((res = mp_init_multi(&a1, &n1, NULL, NULL, NULL, NULL)) != MP_OKAY) { +#ifdef WOLFSSL_SMALL_STACK + a1 = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); + if (a1 == NULL) { + return MP_MEM; + } + n1 = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); + if (n1 == NULL) { + XFREE(a1, NULL, DYNAMIC_TYPE_BIGINT); + return MP_MEM; + } +#endif + + if ((res = mp_init_multi(a1, n1, NULL, NULL, NULL, NULL)) != MP_OKAY) { +#ifdef WOLFSSL_SMALL_STACK + XFREE(a1, NULL, DYNAMIC_TYPE_BIGINT); + XFREE(n1, NULL, DYNAMIC_TYPE_BIGINT); +#endif return res; } SAVE_VECTOR_REGISTERS(return _svr_ret;); - if ((res = mp_mod(a, n, &a1)) != MP_OKAY) { + if ((res = mp_mod(a, n, a1)) != MP_OKAY) { goto done; } - if ((res = mp_copy(n, &n1)) != MP_OKAY) { + if ((res = mp_copy(n, n1)) != MP_OKAY) { goto done; } - t[0] = &a1; - t[1] = &n1; + t[0] = a1; + t[1] = n1; /* Keep reducing until first number is 0. */ while (!mp_iszero(t[0])) { @@ -13026,9 +13105,14 @@ done: RESTORE_VECTOR_REGISTERS(); - /* cleanup */ - mp_clear(&n1); - mp_clear(&a1); + /* cleanup */ + mp_clear(n1); + mp_clear(a1); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(a1, NULL, DYNAMIC_TYPE_BIGINT); + XFREE(n1, NULL, DYNAMIC_TYPE_BIGINT); +#endif return res; } diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index d910a2f3b..0893f5889 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -8225,12 +8225,26 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int wsz; word32 i; unsigned long exponent = 0; - mp_int a; +#ifdef WOLFSSL_SMALL_STACK + mp_int* a = NULL; +#else + mp_int a[1]; +#endif char line[32] = { 0 }; (void)pctx; - if( mp_init(&a) != 0) { +#ifdef WOLFSSL_SMALL_STACK + a = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); + if (a == NULL) { + return WOLFSSL_FAILURE; + } +#endif + + if( mp_init(a) != 0) { +#ifdef WOLFSSL_SMALL_STACK + XFREE(a, NULL, DYNAMIC_TYPE_BIGINT); +#endif return WOLFSSL_FAILURE; } if (indent < 0) { @@ -8255,10 +8269,10 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) { break; } - if (mp_set_int(&a, bitlen) != 0) { + if (mp_set_int(a, bitlen) != 0) { break; } - if (mp_todecimal(&a, (char*)buff) != 0) { + if (mp_todecimal(a, (char*)buff) != 0) { break; } wsz = (int)XSTRLEN((const char*)buff); @@ -8298,10 +8312,10 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, } XMEMSET(buff, 0, sizeof(buff)); - if (mp_set_int(&a, exponent) != 0) { + if (mp_set_int(a, exponent) != 0) { break; } - if (mp_todecimal(&a, (char*)buff) != 0) { + if (mp_todecimal(a, (char*)buff) != 0) { break; } wsz = (int)XSTRLEN((const char*)buff); @@ -8314,7 +8328,7 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, break; } XMEMSET(buff, 0, sizeof(buff)); - if (mp_tohex(&a, (char*)buff) != 0) { + if (mp_tohex(a, (char*)buff) != 0) { break; } if (wolfSSL_BIO_write(out, buff, (int)XSTRLEN((char*)buff)) <= 0) { @@ -8328,7 +8342,10 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, res = WOLFSSL_SUCCESS; } while (0); - mp_free(&a); + mp_free(a); +#ifdef WOLFSSL_SMALL_STACK + XFREE(a, NULL, DYNAMIC_TYPE_BIGINT); +#endif return res; } #endif /* !NO_RSA */ @@ -8557,11 +8574,26 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int pSz, qSz, gSz, ySz; int idx; int wsz; - mp_int a; +#ifdef WOLFSSL_SMALL_STACK + mp_int* a = NULL; +#else + mp_int a[1]; +#endif char line[32] = { 0 }; - if( mp_init(&a) != 0) +#ifdef WOLFSSL_SMALL_STACK + a = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); + if (a == NULL) { return WOLFSSL_FAILURE; + } +#endif + + if( mp_init(a) != 0) { +#ifdef WOLFSSL_SMALL_STACK + XFREE(a, NULL, DYNAMIC_TYPE_BIGINT); +#endif + return WOLFSSL_FAILURE; + } inOutIdx = 0; (void)pctx; @@ -8667,10 +8699,10 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) { break; } - if (mp_set_int(&a, bitlen) != 0) { + if (mp_set_int(a, bitlen) != 0) { break; } - if (mp_todecimal(&a, (char*)buff) != 0) { + if (mp_todecimal(a, (char*)buff) != 0) { break; } wsz = (int)XSTRLEN((const char*)buff); @@ -8721,7 +8753,10 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, res = WOLFSSL_SUCCESS; } while (0); - mp_free(&a); + mp_free(a); +#ifdef WOLFSSL_SMALL_STACK + XFREE(a, NULL, DYNAMIC_TYPE_BIGINT); +#endif return res; } #endif /* !NO_DSA */ @@ -8757,11 +8792,26 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int wsz; word32 outSz; byte outHex[3]; - mp_int a; +#ifdef WOLFSSL_SMALL_STACK + mp_int* a = NULL; +#else + mp_int a[1]; +#endif char line[32] = { 0 }; - if( mp_init(&a) != 0) +#ifdef WOLFSSL_SMALL_STACK + a = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); + if (a == NULL) { return WOLFSSL_FAILURE; + } +#endif + + if( mp_init(a) != 0) { +#ifdef WOLFSSL_SMALL_STACK + XFREE(a, NULL, DYNAMIC_TYPE_BIGINT); +#endif + return WOLFSSL_FAILURE; + } inOutIdx = 0; (void)pctx; @@ -8855,10 +8905,10 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) { break; } - if (mp_set_int(&a, bitlen) != 0) { + if (mp_set_int(a, bitlen) != 0) { break; } - if (mp_todecimal(&a, (char*)buff) != 0) { + if (mp_todecimal(a, (char*)buff) != 0) { break; } wsz = (int)XSTRLEN((const char*)buff); @@ -8894,10 +8944,10 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) { break; } - if (mp_set_int(&a, generator) != 0) { + if (mp_set_int(a, generator) != 0) { break; } - if (mp_todecimal(&a, (char*)buff) != 0) { + if (mp_todecimal(a, (char*)buff) != 0) { break; } wsz = (int)XSTRLEN((const char*)buff); @@ -8929,7 +8979,10 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, res = WOLFSSL_SUCCESS; } while (0); - mp_free(&a); + mp_free(a); +#ifdef WOLFSSL_SMALL_STACK + XFREE(a, NULL, DYNAMIC_TYPE_BIGINT); +#endif return res; } #endif /* WOLFSSL_DH_EXTRA */