feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Memory Usage: reduce maximum in use

Browse Source 
CheckCertSignature
Free the dataASN before calling ConfirmSignature.
dataASN not needed at this point and ConfirmSignature uses lots of
memory.

DecodeCertInternal:
Free the dataASN before calling DecodeCertExtensions,
dataASN not needed at this point and DecodeCertExtensions uses more
memory.

ecc_verify_hash:
v doesn't need to be a new allocated variable - reuse w.
v is the modular reduction of x-ordinate to prime calculated at end.
This commit is contained in:
Sean Parkinson
2023-04-19 14:17:30 +10:00
parent 70322f620d
commit 436c647acc
2 changed files with 23 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
wolfcrypt/src/asn.c
View File

@@ -20275,33 +20275,35 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
cert->extensionsSz = (int)GetASNItem_Length( cert->extensionsSz = (int)GetASNItem_Length(
dataASN[X509CERTASN_IDX_TBS_EXT], cert->source); dataASN[X509CERTASN_IDX_TBS_EXT], cert->source);
cert->extensionsIdx = dataASN[X509CERTASN_IDX_TBS_EXT].offset; cert->extensionsIdx = dataASN[X509CERTASN_IDX_TBS_EXT].offset;
/* Decode the extension data starting at [3]. */
ret = DecodeCertExtensions(cert);
if (criticalExt != NULL) {
if (ret == ASN_CRIT_EXT_E) {
/* Return critical extension not recognized. */
*criticalExt = ret;
ret = 0;
}
else {
/* No critical extension error. */
*criticalExt = 0;
}
}
}
if (ret == 0) {
/* Advance past extensions. */ /* Advance past extensions. */
cert->srcIdx = dataASN[X509CERTASN_IDX_SIGALGO_SEQ].offset; cert->srcIdx = dataASN[X509CERTASN_IDX_SIGALGO_SEQ].offset;
} }
} }
/* Dispose of memory before allocating for extension decoding. */
FREE_ASNGETDATA(dataASN, cert->heap);
if ((ret == 0) && (!done) && (cert->extensions != NULL)) {
/* Decode the extension data starting at [3]. */
ret = DecodeCertExtensions(cert);
if (criticalExt != NULL) {
if (ret == ASN_CRIT_EXT_E) {
/* Return critical extension not recognized. */
*criticalExt = ret;
ret = 0;
}
else {
/* No critical extension error. */
*criticalExt = 0;
}
}
}
if ((ret == 0) && (!done) && (badDate != 0)) { if ((ret == 0) && (!done) && (badDate != 0)) {
/* Parsed whole certificate fine but return any date errors. */ /* Parsed whole certificate fine but return any date errors. */
ret = badDate; ret = badDate;
} }
FREE_ASNGETDATA(dataASN, cert->heap);
return ret; return ret;
} }
@@ -21408,6 +21410,8 @@ static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap,
} }
} }
FREE_ASNGETDATA(dataASN, heap);
if (ret == 0) { if (ret == 0) {
/* Check signature. */ /* Check signature. */
ret = ConfirmSignature(sigCtx, tbs, tbsSz, pubKey, pubKeySz, pubKeyOID, ret = ConfirmSignature(sigCtx, tbs, tbsSz, pubKey, pubKeySz, pubKeyOID,
@@ -21422,7 +21426,6 @@ static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap,
if (sigCtx != NULL) if (sigCtx != NULL)
XFREE(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE); XFREE(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE);
#endif #endif
FREE_ASNGETDATA(dataASN, heap);
return ret; return ret;
#endif /* WOLFSSL_ASN_TEMPLATE */ #endif /* WOLFSSL_ASN_TEMPLATE */
} }

13
wolfcrypt/src/ecc.c
View File

@@ -8284,12 +8284,12 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
ecc_point lcl_mG; ecc_point lcl_mG;
ecc_point lcl_mQ; ecc_point lcl_mQ;
#endif #endif
DECL_MP_INT_SIZE_DYN(v, ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE);
DECL_MP_INT_SIZE_DYN(w, ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE); DECL_MP_INT_SIZE_DYN(w, ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE);
#if !defined(WOLFSSL_ASYNC_CRYPT) || !defined(HAVE_CAVIUM_V) #if !defined(WOLFSSL_ASYNC_CRYPT) || !defined(HAVE_CAVIUM_V)
DECL_MP_INT_SIZE_DYN(e_lcl, ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE); DECL_MP_INT_SIZE_DYN(e_lcl, ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE);
#endif #endif
mp_int* e; mp_int* e;
mp_int* v = NULL; /* Will be w. */
mp_int* u1 = NULL; /* Will be e. */ mp_int* u1 = NULL; /* Will be e. */
mp_int* u2 = NULL; /* Will be w. */ mp_int* u2 = NULL; /* Will be w. */
@@ -8371,12 +8371,6 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
} }
#endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_ECC */ #endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_ECC */
NEW_MP_INT_SIZE(v, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC);
#ifdef MP_INT_SIZE_CHECK_NULL
if (v == NULL) {
err = MEMORY_E;
}
#endif
NEW_MP_INT_SIZE(w, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC); NEW_MP_INT_SIZE(w, ECC_KEY_MAX_BITS(key), key->heap, DYNAMIC_TYPE_ECC);
#ifdef MP_INT_SIZE_CHECK_NULL #ifdef MP_INT_SIZE_CHECK_NULL
if (w == NULL) { if (w == NULL) {
@@ -8387,8 +8381,7 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
if (err == MP_OKAY) { if (err == MP_OKAY) {
u1 = e; u1 = e;
u2 = w; u2 = w;
v = w;
err = INIT_MP_INT_SIZE(v, ECC_KEY_MAX_BITS(key));
} }
if (err == MP_OKAY) { if (err == MP_OKAY) {
err = INIT_MP_INT_SIZE(w, ECC_KEY_MAX_BITS(key)); err = INIT_MP_INT_SIZE(w, ECC_KEY_MAX_BITS(key));
@@ -8503,10 +8496,8 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
wc_ecc_del_point_ex(mQ, key->heap); wc_ecc_del_point_ex(mQ, key->heap);
mp_clear(e); mp_clear(e);
mp_clear(v);
mp_clear(w); mp_clear(w);
FREE_MP_INT_SIZE(w, key->heap, DYNAMIC_TYPE_ECC); FREE_MP_INT_SIZE(w, key->heap, DYNAMIC_TYPE_ECC);
FREE_MP_INT_SIZE(v, key->heap, DYNAMIC_TYPE_ECC);
#if !defined(WOLFSSL_ASYNC_CRYPT) || !defined(HAVE_CAVIUM_V) #if !defined(WOLFSSL_ASYNC_CRYPT) || !defined(HAVE_CAVIUM_V)
FREE_MP_INT_SIZE(e_lcl, key->heap, DYNAMIC_TYPE_ECC); FREE_MP_INT_SIZE(e_lcl, key->heap, DYNAMIC_TYPE_ECC);
#endif #endif