diff --git a/configure.ac b/configure.ac index b81f7c393..fb0717859 100644 --- a/configure.ac +++ b/configure.ac @@ -2278,7 +2278,7 @@ AC_ARG_ENABLE([fast-rsa], if test "$ENABLED_USER_RSA" = "no" && test "$ENABLED_FIPS" = "no"; then -if test "$enable_shared" = "no" && test "$ENABLED_USER_RSA" = "yes"; then +if test "$enable_shared" = "no" && test "$ENABLED_FAST_RSA" = "yes"; then if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then ipplib="lib_32" # 32 bit OS detected fi diff --git a/wolfcrypt/user-crypto/src/rsa.c b/wolfcrypt/user-crypto/src/rsa.c index 573f2ad08..55ef3b1e4 100644 --- a/wolfcrypt/user-crypto/src/rsa.c +++ b/wolfcrypt/user-crypto/src/rsa.c @@ -80,10 +80,14 @@ enum { static int ippSet = 0; int wc_InitRsaKey(RsaKey* key, void* heap) { + + USER_DEBUG(("Entering wc_InitRsaKey\n")); + if (key == NULL) return USER_CRYPTO_ERROR; if (!ippSet) { + USER_DEBUG(("Setting up IPP Library\n")); /* Selects the right optimizations to use */ if (ippInit() != ippStsNoErr) { USER_DEBUG(("Error setting up optimized library to use!\n")); @@ -94,6 +98,8 @@ int wc_InitRsaKey(RsaKey* key, void* heap) /* set full struct as 0 */ ForceZero(key, sizeof(RsaKey)); + USER_DEBUG(("\tExit wc_InitRsaKey\n")); + (void)heap; return 0; } @@ -173,8 +179,10 @@ static int SetIndividualExternal(WOLFSSL_BIGNUM** bn, IppsBigNumState* in) return USER_CRYPTO_ERROR; ret = ippsGetOctString_BN(data, sz, in); - if (ret != ippStsNoErr) + if (ret != ippStsNoErr) { + XFREE(data, NULL, DYNAMIC_TYPE_ARRAYS); return USER_CRYPTO_ERROR; + } /* store the data into a wolfSSL Big Number */ *bn = wolfSSL_BN_bin2bn(data, sz, *bn); @@ -231,13 +239,16 @@ static int SetIndividualInternal(WOLFSSL_BIGNUM* bn, IppsBigNumState** mpi) /* extract the wolfSSL BigNum and store it into IPP BigNum */ if (wolfSSL_BN_bn2bin(bn, data) < 0) { + XFREE(data, NULL, DYNAMIC_TYPE_ARRAYS); USER_DEBUG(("error in getting bin from wolfssl bn\n")); return USER_CRYPTO_ERROR; } ret = ippsSetOctString_BN(data, length, *mpi); - if (ret != ippStsNoErr) + if (ret != ippStsNoErr) { + XFREE(data, NULL, DYNAMIC_TYPE_ARRAYS); return USER_CRYPTO_ERROR; + } XFREE(data, NULL, DYNAMIC_TYPE_ARRAYS); @@ -850,6 +861,8 @@ int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, return USER_CRYPTO_ERROR; } + USER_DEBUG(("\tExit wc_RsaPrivateKeyDecode\n")); + return 0; } @@ -1078,6 +1091,7 @@ int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen, ret = ippsRSAEncrypt_PKCSv15((Ipp8u*)in, inLen, NULL, (Ipp8u*)out, key->pPub, scratchBuffer); if (ret != ippStsNoErr) { + XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_ARRAYS); USER_DEBUG(("encrypt error of %s\n", ippGetStatusString(ret))); return USER_CRYPTO_ERROR; } @@ -1108,17 +1122,20 @@ int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen, /* set size of scratch buffer */ ret = ippsRSA_GetBufferSizePrivateKey(&scratchSz, key->pPrv); - if (ret != ippStsNoErr) + if (ret != ippStsNoErr) { return USER_CRYPTO_ERROR; + } scratchBuffer = XMALLOC(scratchSz*(sizeof(Ipp8u)), 0, DYNAMIC_TYPE_ARRAYS); - if (scratchBuffer == NULL) + if (scratchBuffer == NULL) { return USER_CRYPTO_ERROR; + } /* perform decryption using IPP */ ret = ippsRSADecrypt_PKCSv15((Ipp8u*)in, (Ipp8u*)out, &outSz, key->pPrv, scratchBuffer); if (ret != ippStsNoErr) { + XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_ARRAYS); USER_DEBUG(("decrypt error of %s\n", ippGetStatusString(ret))); return USER_CRYPTO_ERROR; } @@ -1140,10 +1157,29 @@ int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key) outSz = wc_RsaPrivateDecrypt(in, inLen, in, inLen, key); *out = in; + USER_DEBUG(("\tExit wc_RsaPrivateDecryptInline\n")); + return outSz; } +/* Used to clean up memory when exiting, clean up memory used */ +static int FreeHelper(IppsBigNumState* pTxt, IppsBigNumState* cTxt, + Ipp8u* scratchBuffer, void* pPub) +{ + if (pTxt != NULL) + XFREE(pTxt, NULL, DYNAMIC_TYPE_ARRAYS); + if (cTxt != NULL) + XFREE(cTxt, NULL, DYNAMIC_TYPE_ARRAYS); + if (scratchBuffer != NULL) + XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_ARRAYS); + if (pPub != NULL) + XFREE(pPub, NULL, DYNAMIC_TYPE_ARRAYS); + + return 0; +} + + /* for Rsa Verify in : byte array to be verified inLen : length of input array @@ -1154,11 +1190,11 @@ int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) int ctxSz; int scratchSz; - Ipp8u* scratchBuffer; + Ipp8u* scratchBuffer = NULL; IppStatus ret; - IppsRSAPrivateKeyState* pPub; - IppsBigNumState* pTxt; - IppsBigNumState* cTxt; + IppsRSAPrivateKeyState* pPub = NULL; + IppsBigNumState* pTxt = NULL; + IppsBigNumState* cTxt = NULL; USER_DEBUG(("Entering wc_RsaSSL_VerifyInline\n")); @@ -1184,6 +1220,7 @@ int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) ret = ippsRSA_InitPrivateKeyType1(key->nSz, key->eSz, pPub, ctxSz); if (ret != ippStsNoErr) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPub); USER_DEBUG(("ippsRSA_InitPrivateKey error %s\n", ippGetStatusString(ret))); return USER_CRYPTO_ERROR; } @@ -1191,56 +1228,78 @@ int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) ret = ippsRSA_SetPrivateKeyType1(key->n, key->e, pPub); if (ret != ippStsNoErr) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPub); USER_DEBUG(("ippsRSA_SetPrivateKey error %s\n", ippGetStatusString(ret))); return USER_CRYPTO_ERROR; } /* set size of scratch buffer */ ret = ippsRSA_GetBufferSizePrivateKey(&scratchSz, pPub); - if (ret != ippStsNoErr) + if (ret != ippStsNoErr) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPub); return USER_CRYPTO_ERROR; + } scratchBuffer = XMALLOC(scratchSz*(sizeof(Ipp8u)), 0, DYNAMIC_TYPE_ARRAYS); - if (scratchBuffer == NULL) + if (scratchBuffer == NULL) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPub); return USER_CRYPTO_ERROR; + } /* load plain and cipher into big num states */ ret = ippsBigNumGetSize(key->sz, &ctxSz); - if (ret != ippStsNoErr) + if (ret != ippStsNoErr) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPub); return USER_CRYPTO_ERROR; + } pTxt = XMALLOC(ctxSz, 0, DYNAMIC_TYPE_ARRAYS); - if (pTxt == NULL) + if (pTxt == NULL) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPub); return USER_CRYPTO_ERROR; + } ret = ippsBigNumInit(key->sz, pTxt); - if (ret != ippStsNoErr) + if (ret != ippStsNoErr) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPub); return USER_CRYPTO_ERROR; + } ret = ippsSetOctString_BN((Ipp8u*)in, key->sz, pTxt); - if (ret != ippStsNoErr) + if (ret != ippStsNoErr) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPub); return USER_CRYPTO_ERROR; + } /* set up cipher to hold signature */ ret = ippsBigNumGetSize(key->sz, &ctxSz); - if (ret != ippStsNoErr) + if (ret != ippStsNoErr) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPub); return USER_CRYPTO_ERROR; + } cTxt = XMALLOC(ctxSz, 0, DYNAMIC_TYPE_ARRAYS); - if (pTxt == NULL) + if (cTxt == NULL) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPub); return USER_CRYPTO_ERROR; + } ret = ippsBigNumInit(key->sz, cTxt); - if (ret != ippStsNoErr) + if (ret != ippStsNoErr) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPub); return USER_CRYPTO_ERROR; + } ret = ippsSetOctString_BN((Ipp8u*)in, key->sz, cTxt); - if (ret != ippStsNoErr) + if (ret != ippStsNoErr) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPub); return USER_CRYPTO_ERROR; + } /* decrypt using public key information */ ret = ippsRSA_Decrypt(cTxt, pTxt, pPub, scratchBuffer); if (ret != ippStsNoErr) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPub); USER_DEBUG(("decrypt error of %s\n", ippGetStatusString(ret))); return USER_CRYPTO_ERROR; } @@ -1248,15 +1307,12 @@ int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) /* extract big num struct to octect string */ ret = ippsGetOctString_BN((Ipp8u*)in, key->sz, pTxt); if (ret != ippStsNoErr) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPub); USER_DEBUG(("BN get string error of %s\n", ippGetStatusString(ret))); return USER_CRYPTO_ERROR; } - /* clean up memory used */ - XFREE(pTxt, NULL, DYNAMIC_TYPE_ARRAYS); - XFREE(cTxt, NULL, DYNAMIC_TYPE_ARRAYS); - XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_ARRAYS); - XFREE(pPub, NULL, DYNAMIC_TYPE_ARRAYS); + FreeHelper(pTxt, cTxt, scratchBuffer, pPub); /* unpad the decrypted information and return size of array */ return RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_1); @@ -1283,8 +1339,10 @@ int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, /* verify signature and test if output buffer is large enough */ plainLen = wc_RsaSSL_VerifyInline(tmp, inLen, &pad, key); - if (plainLen < 0) + if (plainLen < 0) { + XFREE(tmp, NULL, DYNAMIC_TYPE_RSA); return plainLen; + } if (plainLen > (int)outLen) plainLen = USER_CRYPTO_ERROR; @@ -1307,10 +1365,10 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, int ctxSz; int prvSz; IppStatus ret; - Ipp8u* scratchBuffer; - IppsRSAPublicKeyState* pPrv; - IppsBigNumState* pTxt; - IppsBigNumState* cTxt; + Ipp8u* scratchBuffer = NULL; + IppsRSAPublicKeyState* pPrv = NULL; + IppsBigNumState* pTxt = NULL; + IppsBigNumState* cTxt = NULL; sz = key->sz; @@ -1331,12 +1389,14 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, ret = ippsRSA_InitPublicKey(key->nSz, key->dSz, pPrv, ctxSz); if (ret != ippStsNoErr) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPrv); USER_DEBUG(("ippsRSA_InitPrivateKey error %s\n", ippGetStatusString(ret))); return USER_CRYPTO_ERROR; } ret = ippsRSA_SetPublicKey(key->n, key->dipp, pPrv); if (ret != ippStsNoErr) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPrv); USER_DEBUG(("ippsRSA_SetPrivateKey error %s\n", ippGetStatusString(ret))); return USER_CRYPTO_ERROR; } @@ -1344,6 +1404,7 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, /* set size of scratch buffer */ ret = ippsRSA_GetBufferSizePublicKey(&scratchSz, pPrv); if (ret != ippStsNoErr) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPrv); USER_DEBUG(("ippsRSA_GetBufferSizePublicKey error %s\n", ippGetStatusString(ret))); return USER_CRYPTO_ERROR; @@ -1351,51 +1412,71 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, scratchBuffer = XMALLOC(scratchSz*(sizeof(Ipp8u)), 0, DYNAMIC_TYPE_ARRAYS); if (scratchBuffer == NULL) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPrv); USER_DEBUG(("memory error assigning scratch buffer\n")); return USER_CRYPTO_ERROR; } /* Set up needed pkcs v15 padding */ - if (wc_RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_1, rng) != 0) + if (wc_RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_1, rng) != 0) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPrv); return USER_CRYPTO_ERROR; + } /* load plain and cipher into big num states */ ret = ippsBigNumGetSize(sz, &ctxSz); - if (ret != ippStsNoErr) + if (ret != ippStsNoErr) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPrv); return USER_CRYPTO_ERROR; + } pTxt = XMALLOC(ctxSz, 0, DYNAMIC_TYPE_ARRAYS); - if (pTxt == NULL) + if (pTxt == NULL) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPrv); return USER_CRYPTO_ERROR; + } ret = ippsBigNumInit(sz, pTxt); - if (ret != ippStsNoErr) + if (ret != ippStsNoErr) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPrv); return USER_CRYPTO_ERROR; + } ret = ippsSetOctString_BN((Ipp8u*)out, sz, pTxt); - if (ret != ippStsNoErr) + if (ret != ippStsNoErr) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPrv); return USER_CRYPTO_ERROR; + } /* set up cipher to hold signature */ ret = ippsBigNumGetSize(outLen, &ctxSz); - if (ret != ippStsNoErr) + if (ret != ippStsNoErr) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPrv); return USER_CRYPTO_ERROR; + } cTxt = XMALLOC(ctxSz, 0, DYNAMIC_TYPE_ARRAYS); - if (pTxt == NULL) + if (cTxt == NULL) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPrv); return USER_CRYPTO_ERROR; + } ret = ippsBigNumInit(outLen, cTxt); - if (ret != ippStsNoErr) + if (ret != ippStsNoErr) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPrv); return USER_CRYPTO_ERROR; + } ret = ippsSetOctString_BN((Ipp8u*)out, outLen, cTxt); - if (ret != ippStsNoErr) + if (ret != ippStsNoErr) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPrv); return USER_CRYPTO_ERROR; + } /* encrypt using private key */ ret = ippsRSA_Encrypt(pTxt, cTxt, pPrv, scratchBuffer); if (ret != ippStsNoErr) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPrv); USER_DEBUG(("sign error of %s\n", ippGetStatusString(ret))); return USER_CRYPTO_ERROR; } @@ -1403,16 +1484,14 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, /* get output string from big number structure */ ret = ippsGetOctString_BN((Ipp8u*)out, sz, cTxt); if (ret != ippStsNoErr) { + FreeHelper(pTxt, cTxt, scratchBuffer, pPrv); USER_DEBUG(("BN get string error of %s\n", ippGetStatusString(ret))); return USER_CRYPTO_ERROR; } /* clean up memory used */ ForceZero(pPrv, prvSz); /* clear senstive memory */ - XFREE(pPrv, 0, DYNAMIC_TYPE_ARRAYS); - XFREE(pTxt, NULL, DYNAMIC_TYPE_ARRAYS); - XFREE(cTxt, NULL, DYNAMIC_TYPE_ARRAYS); - XFREE(scratchBuffer, NULL, DYNAMIC_TYPE_ARRAYS); + FreeHelper(pTxt, cTxt, scratchBuffer, pPrv); return sz; } @@ -2119,7 +2198,7 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) byte ver[MAX_VERSION_SZ]; byte* tmps[RSA_INTS]; - USER_DEBUG(("Entering RsaKeyToDer\n")); + USER_DEBUG(("Entering RsaKeyToDer\n")); if (!key || !output) return USER_CRYPTO_ERROR;