From 6030970026b4033f2ee6d69b8fb4ae3b05d5bcb0 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Sun, 29 Nov 2015 23:34:58 -0700 Subject: [PATCH] perfer local IPP libraries, memory usage and casting --- Makefile.am | 2 +- configure.ac | 131 ++++++++-------- wolfcrypt/user-crypto/src/rsa.c | 265 ++++++++++++++++++++++++-------- 3 files changed, 274 insertions(+), 124 deletions(-) diff --git a/Makefile.am b/Makefile.am index e8941e6b5..043b9328d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -59,7 +59,7 @@ EXTRA_DIST+= gencertbuf.pl EXTRA_DIST+= README.md EXTRA_DIST+= LICENSING EXTRA_DIST+= INSTALL -EXTRA_DIST+= IPP/ +EXTRA_DIST+= IPP # user crypto plug in example EXTRA_DIST+= wolfcrypt/user-crypto/configure.ac diff --git a/configure.ac b/configure.ac index a4ccb5ce0..9dcb798db 100644 --- a/configure.ac +++ b/configure.ac @@ -2285,8 +2285,9 @@ AC_ARG_WITH([cavium], # Fast RSA using Intel IPP ippdir="${srcdir}/IPP" -ipplib="lib" # if autoconf guesses 32 changes lib directory -fastRSA_headers=no +ipplib="lib" # if autoconf guesses 32bit system changes lib directory +fastRSA_found=no +abs_path=`pwd` # set up variables used IPPLIBS= @@ -2301,11 +2302,12 @@ AC_ARG_ENABLE([fast-rsa], if test "$ENABLED_USER_RSA" = "no" && test "$ENABLED_FIPS" = "no"; then -if test "$enable_shared" = "no" && test "$ENABLED_FAST_RSA" = "yes"; then if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then ipplib="lib_32" # 32 bit OS detected fi +# Use static IPP Libraries +if test "$enable_shared" = "no" && test "$ENABLED_FAST_RSA" = "yes"; then case $host_os in *darwin*) ipplib="$ipplib/mac_static" @@ -2322,92 +2324,100 @@ if test "$enable_shared" = "no" && test "$ENABLED_FAST_RSA" = "yes"; then AC_CHECK_FILES([$srcdir/IPP/$ipplib/libippcore.a $srcdir/IPP/$ipplib/libippcp.a], [], [ENABLED_FAST_RSA=no]) AC_CHECK_FILES([$srcdir/IPP/include/ipp.h $srcdir/IPP/include/ippcp.h], [AM_CPPFLAGS="-I$srcdir/IPP/include $AM_CPPFLAGS"], [ENABLED_FAST_RSA=no]) - LIB_STATIC_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a" + LIB_STATIC_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a $LIB_STATIC_ADD" if test "$ENABLED_FAST_RSA" = "no"; then AC_MSG_ERROR([Could not find fast rsa libraries]) fi else -# just check link and see if user has already exported paths -if test "$ENABLED_FAST_RSA" = "yes" - then - AC_MSG_NOTICE([Checking if IPP crypto library installed]) - AC_CHECK_HEADER([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15], [LIBS="$LIBS -lippcore"; fastRSA_headers=yes], [AS_UNSET([ac_cv_lib_ippcp_ippsRSAEncrypt_PKCSv15]); fastRSA_headers=no])], [fastRSA_headers=no]) - if test "$fastRSA_headers" = "yes"; then - AM_LDFLAGS="${AM_LDFLAGS} -lippcore -lippcp" - fi -fi -# Don't cache the result so it can be checked again -AS_UNSET([ac_cv_header_ippcp_h]) -AS_UNSET([ac_cv_header_ipp_h]) - -if test "$fastRSA_headers" = "no"; then -dnl set default paths +# Check for and use bundled IPP libraries if test "$ENABLED_FAST_RSA" = "yes"; then AC_MSG_NOTICE([Using local IPP crypto library]) - # build and default locations on linux and mac - STORE_LDFLAGS=${LDFLAGS} - STORE_CPPFLAGS=${CPPFLAGS} - if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then - ipplib="lib_32" # 32 bit OS detected - fi - # using LDFLAGS instead of AM_ temporarily to test link to library - LDFLAGS="-L$ippdir/$ipplib -lippcp -lippcore" - CPPFLAGS="-I$ippdir/include" - AC_CHECK_HEADERS([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15], [], [ENABLED_FAST_RSA=no])], [ENABLED_FAST_RSA=no]) - if test "$ENABLED_FAST_RSA" = "yes"; then - # was succesfull so add tested LDFLAGS to AM_ flags - AM_LDFLAGS="${AM_LDFLAGS} ${LDFLAGS}" - AM_CPPFLAGS="${AM_CPPFLAGS} ${CPPFLAGS}" + AC_CHECK_FILES([$abs_path/IPP/include/ippcp.h], + [ + # build and default locations on linux and mac + STORE_LDFLAGS=${LDFLAGS} + STORE_CPPFLAGS=${CPPFLAGS} - case $host_os in - *darwin*) + # using LDFLAGS instead of AM_ temporarily to test link to library + LDFLAGS="-L$ippdir/$ipplib -lippcp -lippcore" + CPPFLAGS="-I$ippdir/include" + AC_CHECK_HEADERS([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15], [fastRSA_found=yes], [fastRSA_found=no])], [fastRSA_found=no]) name="$ippdir/$ipplib/libippcp" - IPPLIBS="${name}.dylib ${name}-9.0.dylib ${name}e9-9.0.dylib ${name}g9-9.0.dylib ${name}h9-9.0.dylib ${name}k0-9.0.dylib ${name}l9-9.0.dylib ${name}n8-9.0.dylib ${name}p8-9.0.dylib ${name}s8-9.0.dylib ${name}y8-9.0.dylib IPP/lib/libippcore.dylib IPP/lib/libippcore-9.0.dylib" - IPPLINK="mkdir -p src/.libs && ln -f ${name}.dylib src/.libs/libippcp.dylib && ln -f ${srcdir}/${name}-9.0.dylib src/.libs/libippcp-9.0.dylib && ln -f ${srcdir}/${name}e9-9.0.dylib src/.libs/libippcpe9-9.0.dylib && ln -f ${srcdir}/${name}g9-9.0.dylib src/.libs/libippcpg9-9.0.dylib && ln -f ${srcdir}/${name}h9-9.0.dylib src/.libs/libippcph9-9.0.dylib && ln -f ${srcdir}/${name}k0-9.0.dylib src/.libs/libippcpk0-9.0.dylib && ln -f ${srcdir}/${name}l9-9.0.dylib src/.libs/libippcpl9-9.0.dylib && ln -f ${srcdir}/${name}n8-9.0.dylib src/.libs/libippcpn8-9.0.dylib && ln -f ${srcdir}/${name}p8-9.0.dylib src/.libs/libippcpp8-9.0.dylib && ln -f ${srcdir}/${name}s8-9.0.dylib src/.libs/libippcps8-9.0.dylib && ln -f ${srcdir}/${name}y8-9.0.dylib src/.libs/libippcpy8-9.0.dylib && ln -f ${srcdir}/IPP/lib/libippcore.dylib src/.libs/libippcore.dylib && ln -f ${srcdir}/IPP/lib/libippcore-9.0.dylib src/.libs/libippcore-9.0.dylib" - break;; + case $host_os in + *darwin*) + # check file existence and conditionally set variables + AC_CHECK_FILES([$abs_path/IPP/$ipplib/libippcp.dylib], [ + IPPLIBS="${name}.dylib ${name}-9.0.dylib ${name}e9-9.0.dylib ${name}g9-9.0.dylib ${name}h9-9.0.dylib ${name}k0-9.0.dylib ${name}l9-9.0.dylib ${name}n8-9.0.dylib ${name}p8-9.0.dylib ${name}s8-9.0.dylib ${name}y8-9.0.dylib IPP/lib/libippcore.dylib IPP/lib/libippcore-9.0.dylib" + IPPLINK="mkdir -p src/.libs && ln -f ${name}.dylib src/.libs/libippcp.dylib && ln -f ${srcdir}/${name}-9.0.dylib src/.libs/libippcp-9.0.dylib && ln -f ${srcdir}/${name}e9-9.0.dylib src/.libs/libippcpe9-9.0.dylib && ln -f ${srcdir}/${name}g9-9.0.dylib src/.libs/libippcpg9-9.0.dylib && ln -f ${srcdir}/${name}h9-9.0.dylib src/.libs/libippcph9-9.0.dylib && ln -f ${srcdir}/${name}k0-9.0.dylib src/.libs/libippcpk0-9.0.dylib && ln -f ${srcdir}/${name}l9-9.0.dylib src/.libs/libippcpl9-9.0.dylib && ln -f ${srcdir}/${name}n8-9.0.dylib src/.libs/libippcpn8-9.0.dylib && ln -f ${srcdir}/${name}p8-9.0.dylib src/.libs/libippcpp8-9.0.dylib && ln -f ${srcdir}/${name}s8-9.0.dylib src/.libs/libippcps8-9.0.dylib && ln -f ${srcdir}/${name}y8-9.0.dylib src/.libs/libippcpy8-9.0.dylib && ln -f ${srcdir}/IPP/lib/libippcore.dylib src/.libs/libippcore.dylib && ln -f ${srcdir}/IPP/lib/libippcore-9.0.dylib src/.libs/libippcore-9.0.dylib" + ], [fastRSA_found=no]) + break;; - *linux*) - if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then - name="$ippdir/$ipplib/libippcp" - IPPLIBS="${name}.so.9.0 ${name}g9.so.9.0 ${name}h9.so.9.0 ${name}p8.so.9.0 ${name}px.so.9.0 ${name}s8.so.9.0 ${name}.so ${name}w7.so.9.0 IPP/$ipplib/libippcore.so" - IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}g9.so.9.0 src/.libs/libippcpg9.so.9.0 && ln -f ${name}h9.so.9.0 src/.libs/libippcph9.so.9.0 && ln -f ${name}p8.so.9.0 src/.libs/libippcpp8.so.9.0 && ln -f ${name}px.so.9.0 src/.libs/libippcppx.so.9.0 && ln -f ${name}s8.so.9.0 src/.libs/libippcps8.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}w7.so.9.0 src/.libs/libippcpw7.so.9.0 && ln -f IPP/$ipplib/libippcore.so src/.libs/libippcore.so && ln -f IPP/$ipplib/libippcore.so.9.0 src/.libs/libippcore.so.9.0" - else - name="$ippdir/$ipplib/libippcp" - IPPLIBS="${name}.so.9.0 ${name}e9.so.9.0 ${name}k0.so.9.0 ${name}l9.so.9.0 ${name}m7.so.9.0 ${name}mx.so.9.0 ${name}.so ${name}n8.so.9.0 ${name}y8.so.9.0 IPP/lib/libippcore.so" - IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}e9.so.9.0 src/.libs/libippcpe9.so.9.0 && ln -f ${name}k0.so.9.0 src/.libs/libippcpk0.so.9.0 && ln -f ${name}l9.so.9.0 src/.libs/libippcpl9.so.9.0 && ln -f ${name}m7.so.9.0 src/.libs/libippcpm7.so.9.0 && ln -f ${name}mx.so.9.0 src/.libs/libippcpmx.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}n8.so.9.0 src/.libs/libippcpn8.so.9.0 && ln -f ${name}y8.so.9.0 src/.libs/libippcpy8.so.9.0 && ln -f IPP/lib/libippcore.so src/.libs/libippcore.so && ln -f IPP/lib/libippcore.so.9.0 src/.libs/libippcore.so.9.0" + *linux*) + # check file existence and conditionally set variables + AC_CHECK_FILES([$abs_path/IPP/$ipplib/libippcp.so.9.0], [ + if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then + IPPLIBS="${name}.so.9.0 ${name}g9.so.9.0 ${name}h9.so.9.0 ${name}p8.so.9.0 ${name}px.so.9.0 ${name}s8.so.9.0 ${name}.so ${name}w7.so.9.0 IPP/$ipplib/libippcore.so IPP/$ipplib/libippcore.so.9.0" + IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}g9.so.9.0 src/.libs/libippcpg9.so.9.0 && ln -f ${name}h9.so.9.0 src/.libs/libippcph9.so.9.0 && ln -f ${name}p8.so.9.0 src/.libs/libippcpp8.so.9.0 && ln -f ${name}px.so.9.0 src/.libs/libippcppx.so.9.0 && ln -f ${name}s8.so.9.0 src/.libs/libippcps8.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}w7.so.9.0 src/.libs/libippcpw7.so.9.0 && ln -f IPP/$ipplib/libippcore.so src/.libs/libippcore.so && ln -f IPP/$ipplib/libippcore.so.9.0 src/.libs/libippcore.so.9.0" + else + IPPLIBS="${name}.so.9.0 ${name}e9.so.9.0 ${name}k0.so.9.0 ${name}l9.so.9.0 ${name}m7.so.9.0 ${name}mx.so.9.0 ${name}.so ${name}n8.so.9.0 ${name}y8.so.9.0 IPP/lib/libippcore.so IPP/lib/libippcore.so.9.0" + IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}e9.so.9.0 src/.libs/libippcpe9.so.9.0 && ln -f ${name}k0.so.9.0 src/.libs/libippcpk0.so.9.0 && ln -f ${name}l9.so.9.0 src/.libs/libippcpl9.so.9.0 && ln -f ${name}m7.so.9.0 src/.libs/libippcpm7.so.9.0 && ln -f ${name}mx.so.9.0 src/.libs/libippcpmx.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}n8.so.9.0 src/.libs/libippcpn8.so.9.0 && ln -f ${name}y8.so.9.0 src/.libs/libippcpy8.so.9.0 && ln -f IPP/lib/libippcore.so src/.libs/libippcore.so && ln -f IPP/lib/libippcore.so.9.0 src/.libs/libippcore.so.9.0" + fi + ], [fastRSA_found=no]) + break;; + *) + fastRSA_found=no + esac + + if test "$fastRSA_found" = "yes"; then + # was succesfull so add tested LDFLAGS to AM_ flags + AM_LDFLAGS="${AM_LDFLAGS} ${LDFLAGS}" + AM_CPPFLAGS="${AM_CPPFLAGS} ${CPPFLAGS}" + IPPHEADERS="${srcdir}/IPP/include/*.h" fi - break;; - *) - ENABLED_FAST_RSA=no - esac - fi - # restore LDFLAGS to user set - LDFLAGS=${STORE_LDFLAGS} - CPPFLAGS=${STORE_CPPFLAGS} - IPPHEADERS="${srcdir}/IPP/include/*.h" + + # restore LDFLAGS to user set + LDFLAGS=${STORE_LDFLAGS} + CPPFLAGS=${STORE_CPPFLAGS} + ], [fastRSA_found=no]) +fi + +# Don't cache the result so it can be checked +AS_UNSET([ac_cv_header_ippcp_h]) +AS_UNSET([ac_cv_header_ipp_h]) +AS_UNSET([ac_cv_lib_ippcp_ippsRSAEncrypt_PKCSv15]); + +# Check link and see if user has pre-existing IPP Libraries if not using local +if test "$ENABLED_FAST_RSA" = "yes" && test "$fastRSA_found" = "no"; then + AC_MSG_NOTICE([Checking if IPP crypto library installed]) + AC_CHECK_HEADER([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15], + [ + fastRSA_found=yes + AM_LDFLAGS="${AM_LDFLAGS} -lippcore -lippcp" + ], [ fastRSA_found=no]) + ], [fastRSA_found=no]) # Error out on not finding libraries - if test "$ENABLED_FAST_RSA" = "no"; then + if test "$fastRSA_found" = "no"; then AC_MSG_ERROR([Could not find fast rsa libraries]) fi fi -fi # end of if found exported paths fi # end of if for shared library else # if user rsa is set than do not use fast rsa option if test "$ENABLED_FAST_RSA" = "yes"; then AC_MSG_ERROR([Could not use fast rsa libraries with user crypto or fips]) fi -fi # end of if for user rsa crypto +fi # end of if for user rsa crypto or fips +# End result of checking for IPP Libraries AC_MSG_CHECKING([for fast RSA]) if test "$ENABLED_FAST_RSA" = "yes"; then AM_CFLAGS="$AM_CFLAGS -DHAVE_FAST_RSA -DHAVE_USER_RSA" # add in user crypto header that uses Intel IPP AM_CPPFLAGS="$AM_CPPFLAGS -I$srcdir/wolfcrypt/user-crypto/include" if test "$enable_shared" = "yes"; then - LIBS="$LIBS -lippcore" + LIBS="$LIBS -lippcore -lippcp" LIB_ADD="-lippcp -lippcore $LIB_ADD" else LIB_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a $LIB_ADD" @@ -2420,7 +2430,6 @@ fi AC_SUBST([IPPLIBS]) AC_SUBST([IPPHEADERS]) AC_SUBST([IPPLINK]) -# Found IPP library now build in user crypto to use it AM_CONDITIONAL([BUILD_FAST_RSA], [test "x$ENABLED_FAST_RSA" = "xyes"]) diff --git a/wolfcrypt/user-crypto/src/rsa.c b/wolfcrypt/user-crypto/src/rsa.c index 05d7388e6..a61d61781 100644 --- a/wolfcrypt/user-crypto/src/rsa.c +++ b/wolfcrypt/user-crypto/src/rsa.c @@ -160,7 +160,7 @@ static int SetIndividualExternal(WOLFSSL_BIGNUM** bn, IppsBigNumState* in) if (ret != ippStsNoErr) return USER_CRYPTO_ERROR; - data = XMALLOC(sz, NULL, DYNAMIC_TYPE_USER_CRYPTO); + data = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_USER_CRYPTO); if (data == NULL) return USER_CRYPTO_ERROR; @@ -200,13 +200,15 @@ static int SetIndividualInternal(WOLFSSL_BIGNUM* bn, IppsBigNumState** mpi) if (ret != ippStsNoErr) return USER_CRYPTO_ERROR; - *mpi = XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO); + *mpi = (IppsBigNumState*)XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO); if (*mpi == NULL) return USER_CRYPTO_ERROR; ret = ippsBigNumInit(length, *mpi); - if (ret != ippStsNoErr) + if (ret != ippStsNoErr) { + XFREE(*mpi, NULL, DYNAMIC_TYPE_USER_CRYPTO); return USER_CRYPTO_ERROR; + } } @@ -219,7 +221,7 @@ static int SetIndividualInternal(WOLFSSL_BIGNUM* bn, IppsBigNumState** mpi) return USER_CRYPTO_ERROR; } - data = XMALLOC(length, NULL, DYNAMIC_TYPE_USER_CRYPTO); + data = (Ipp8u*)XMALLOC(length, NULL, DYNAMIC_TYPE_USER_CRYPTO); if (data == NULL) return USER_CRYPTO_ERROR; @@ -399,7 +401,8 @@ int SetRsaInternal(WOLFSSL_RSA* rsa) return USER_CRYPTO_ERROR; } - key->pPub = XMALLOC(ctxSz, NULL, DYNAMIC_TYPE_USER_CRYPTO); + key->pPub = (IppsRSAPublicKeyState*)XMALLOC(ctxSz, NULL, + DYNAMIC_TYPE_USER_CRYPTO); if (key->pPub == NULL) return USER_CRYPTO_ERROR; @@ -452,7 +455,8 @@ int SetRsaInternal(WOLFSSL_RSA* rsa) } key->prvSz = ctxSz; - key->pPrv = XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO); + key->pPrv = (IppsRSAPrivateKeyState*)XMALLOC(ctxSz, 0, + DYNAMIC_TYPE_USER_CRYPTO); if (key->pPrv == NULL) return USER_CRYPTO_ERROR; @@ -575,13 +579,15 @@ static IppStatus init_bn(IppsBigNumState** in, int sz) return ret; } - *in = XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO); + *in = (IppsBigNumState*)XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO); if (*in == NULL) { return ippStsNoMemErr; } ret = ippsBigNumInit(sz, *in); if (ret != ippStsNoErr) { + XFREE(*in, NULL, DYNAMIC_TYPE_USER_CRYPTO); + *in = NULL; return ret; } @@ -592,41 +598,51 @@ static IppStatus init_bn(IppsBigNumState** in, int sz) /* Set up memory and structure for a Montgomery struct * returns ippStsNoErr on success */ -static IppStatus init_mont(IppsMontState** mont, IppsBigNumState* modul) +static IppStatus init_mont(IppsMontState** mont, int* ctxSz, + IppsBigNumState* modul) { - int ctxSz, mSz; - Ipp32u* m; - IppStatus ret; + int mSz; + Ipp32u* m; + IppStatus ret; - ret = ippsExtGet_BN(NULL, &ctxSz, NULL, modul); + ret = ippsExtGet_BN(NULL, ctxSz, NULL, modul); if (ret != ippStsNoErr) { return ret; } - mSz = (ctxSz/32)+((ctxSz % 32)? 1: 0); - m = XMALLOC(mSz * sizeof(Ipp32u), 0, DYNAMIC_TYPE_USER_CRYPTO); + /* convert bits to Ipp32u array size and round up + 32 is number of bits in type */ + mSz = (*ctxSz/32)+((*ctxSz % 32)? 1: 0); + m = (Ipp32u*)XMALLOC(mSz * sizeof(Ipp32u), 0, DYNAMIC_TYPE_USER_CRYPTO); if (m == NULL) { + XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO); return ippStsNoMemErr; } ret = ippsExtGet_BN(NULL, NULL, m, modul); if (ret != ippStsNoErr) { + XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO); return ret; } - ret = ippsMontGetSize(IppsBinaryMethod, mSz, &ctxSz); + ret = ippsMontGetSize(IppsSlidingWindows, mSz, ctxSz); if (ret != ippStsNoErr) { + XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO); return ret; } /* 2. Allocate working buffer using malloc */ - *mont = XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO); + *mont = (IppsMontState*)XMALLOC(*ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO); if (mont == NULL) { + XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO); return ippStsNoMemErr; } - ret = ippsMontInit(IppsBinaryMethod, mSz, *mont); + ret = ippsMontInit(IppsSlidingWindows, mSz, *mont); if (ret != ippStsNoErr) { USER_DEBUG(("ippsMontInit error of %s\n", ippGetStatusString(ret))); + XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO); + XFREE(*mont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + *mont = NULL; return ret; } @@ -634,6 +650,9 @@ static IppStatus init_mont(IppsMontState** mont, IppsBigNumState* modul) ret = ippsMontSet(m, mSz, *mont); if (ret != ippStsNoErr) { USER_DEBUG(("ippsMontSet error of %s\n", ippGetStatusString(ret))); + XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO); + XFREE(*mont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + *mont = NULL; return ret; } @@ -779,7 +798,7 @@ static int GetInt(IppsBigNumState** mpi, const byte* input, word32* inOutIdx, if (ret != ippStsNoErr) return USER_CRYPTO_ERROR; - *mpi = XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO); + *mpi = (IppsBigNumState*)XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO); if (*mpi == NULL) return USER_CRYPTO_ERROR; @@ -886,7 +905,8 @@ int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, return USER_CRYPTO_ERROR; } - key->pPub = XMALLOC(ctxSz, NULL, DYNAMIC_TYPE_USER_CRYPTO); + key->pPub = (IppsRSAPublicKeyState*)XMALLOC(ctxSz, NULL, + DYNAMIC_TYPE_USER_CRYPTO); if (key->pPub == NULL) return USER_CRYPTO_ERROR; @@ -938,7 +958,8 @@ int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, } key->prvSz = ctxSz; - key->pPrv = XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO); + key->pPrv = (IppsRSAPrivateKeyState*)XMALLOC(ctxSz, 0, + DYNAMIC_TYPE_USER_CRYPTO); if (key->pPrv == NULL) return USER_CRYPTO_ERROR; @@ -1056,7 +1077,8 @@ int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, return USER_CRYPTO_ERROR; } - key->pPub = XMALLOC(ctxSz, NULL, DYNAMIC_TYPE_USER_CRYPTO); + key->pPub = (IppsRSAPublicKeyState*)XMALLOC(ctxSz, NULL, + DYNAMIC_TYPE_USER_CRYPTO); if (key->pPub == NULL) return USER_CRYPTO_ERROR; @@ -1123,7 +1145,8 @@ int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e, return USER_CRYPTO_ERROR; } - key->pPub = XMALLOC(ctxSz, NULL, DYNAMIC_TYPE_USER_CRYPTO); + key->pPub = (IppsRSAPublicKeyState*)XMALLOC(ctxSz, NULL, + DYNAMIC_TYPE_USER_CRYPTO); if (key->pPub == NULL) return USER_CRYPTO_ERROR; @@ -1168,8 +1191,8 @@ int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen, if (ret != ippStsNoErr) return USER_CRYPTO_ERROR; - scratchBuffer = XMALLOC(scratchSz*(sizeof(Ipp8u)), 0, - DYNAMIC_TYPE_USER_CRYPTO); + scratchBuffer = (Ipp8u*)XMALLOC(scratchSz*(sizeof(Ipp8u)), 0, + DYNAMIC_TYPE_USER_CRYPTO); if (scratchBuffer == NULL) return USER_CRYPTO_ERROR; @@ -1211,8 +1234,8 @@ int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen, return USER_CRYPTO_ERROR; } - scratchBuffer = XMALLOC(scratchSz*(sizeof(Ipp8u)), 0, - DYNAMIC_TYPE_USER_CRYPTO); + scratchBuffer = (Ipp8u*)XMALLOC(scratchSz*(sizeof(Ipp8u)), 0, + DYNAMIC_TYPE_USER_CRYPTO); if (scratchBuffer == NULL) { return USER_CRYPTO_ERROR; } @@ -1242,7 +1265,7 @@ int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key) USER_DEBUG(("Entering wc_RsaPrivateDecryptInline\n")); /* allocate a buffer for max decrypted text */ - tmp = XMALLOC(key->sz, NULL, DYNAMIC_TYPE_USER_CRYPTO); + tmp = (byte*)XMALLOC(key->sz, NULL, DYNAMIC_TYPE_USER_CRYPTO); if (tmp == NULL) return USER_CRYPTO_ERROR; @@ -1314,7 +1337,7 @@ int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) return USER_CRYPTO_ERROR; } - pPub = XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO); + pPub = (IppsRSAPrivateKeyState*)XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO); if (pPub == NULL) return USER_CRYPTO_ERROR; @@ -1341,8 +1364,8 @@ int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) return USER_CRYPTO_ERROR; } - scratchBuffer = XMALLOC(scratchSz*(sizeof(Ipp8u)), 0, - DYNAMIC_TYPE_USER_CRYPTO); + scratchBuffer = (Ipp8u*)XMALLOC(scratchSz*(sizeof(Ipp8u)), 0, + DYNAMIC_TYPE_USER_CRYPTO); if (scratchBuffer == NULL) { FreeHelper(pTxt, cTxt, scratchBuffer, pPub); return USER_CRYPTO_ERROR; @@ -1475,23 +1498,58 @@ static IppStatus exptmod(IppsBigNumState* a, IppsBigNumState* b, } +static void Free_BN(IppsBigNumState* bn) +{ + int sz, ctxSz; + IppStatus ret; + + if (bn != NULL) { + ret = ippStsNoErr; + ret |= ippsGetSize_BN(bn, &sz); + ret |= ippsBigNumGetSize(sz, &ctxSz); + if (ret == ippStsNoErr) { + ForceZero(bn, ctxSz); + } + else { + USER_DEBUG(("Issue with clearing a struct in RsaSSL_Sign free\n")); + } + XFREE(bn, NULL, DYNAMIC_TYPE_USER_CRYPTO); + bn = NULL; + } +} + + +/* free up memory used during CRT sign operation */ +static void FreeSignHelper(IppsBigNumState* one, IppsBigNumState* tmp, + IppsBigNumState* tmpP, IppsBigNumState* tmpQ, IppsBigNumState* tmpa, + IppsBigNumState* tmpb) +{ + Free_BN(one); + Free_BN(tmp); + Free_BN(tmpP); + Free_BN(tmpQ); + Free_BN(tmpa); + Free_BN(tmpb); +} + + /* for Rsa Sign */ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, WC_RNG* rng) { - int sz; + int sz, pSz, qSz; IppStatus ret; word32 outSz = outLen; - IppsMontState* pMont; - IppsMontState* qMont; + IppsMontState* pMont = NULL; + IppsMontState* qMont = NULL; - IppsBigNumState* one; - IppsBigNumState* tmp; - IppsBigNumState* tmpP; - IppsBigNumState* tmpQ; - IppsBigNumState* tmpa; - IppsBigNumState* tmpb; + IppsBigNumState* one = NULL; + IppsBigNumState* tmp = NULL; + IppsBigNumState* tmpP = NULL; + IppsBigNumState* tmpQ = NULL; + IppsBigNumState* tmpa = NULL; + IppsBigNumState* tmpb = NULL; IppsBigNumSGN sa, sb; @@ -1507,6 +1565,13 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, return USER_CRYPTO_ERROR; } + /* sanity check on key being used */ + if (key->pipp == NULL || key->qipp == NULL || key->uipp == NULL || + key->dPipp == NULL || key->dQipp == NULL) { + USER_DEBUG(("Bad key argument to wc_RsaSSL_Sign\n")); + return USER_CRYPTO_ERROR; + } + if (sz > (int)outLen) { USER_DEBUG(("Bad argument outLen to wc_RsaSSL_Sign\n")); return USER_CRYPTO_ERROR; @@ -1527,11 +1592,14 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, ret = init_bn(&tmp, sz); if (ret != ippStsNoErr) { USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret))); + FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); return USER_CRYPTO_ERROR; } ret = ippsSetOctString_BN(out, sz, tmp); if (ret != ippStsNoErr) { - USER_DEBUG(("ippsSetOctString_BN error of %s\n", ippGetStatusString(ret))); + USER_DEBUG(("ippsSetOctString_BN error of %s\n", + ippGetStatusString(ret))); + FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); return USER_CRYPTO_ERROR; } @@ -1539,6 +1607,7 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, ret = init_bn(&tmpP, sz); if (ret != ippStsNoErr) { USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret))); + FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); return USER_CRYPTO_ERROR; } @@ -1546,6 +1615,7 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, ret = init_bn(&tmpQ, sz); if (ret != ippStsNoErr) { USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret))); + FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); return USER_CRYPTO_ERROR; } @@ -1553,6 +1623,7 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, ret = init_bn(&tmpa, sz); if (ret != ippStsNoErr) { USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret))); + FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); return USER_CRYPTO_ERROR; } @@ -1560,6 +1631,7 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, ret = init_bn(&tmpb, sz); if (ret != ippStsNoErr) { USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret))); + FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); return USER_CRYPTO_ERROR; } @@ -1567,27 +1639,39 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, ret = init_bn(&one, sz); if (ret != ippStsNoErr) { USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret))); + FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); return USER_CRYPTO_ERROR; } ret = ippsSetOctString_BN(o, 1, one); if (ret != ippStsNoErr) { USER_DEBUG(("ippsSetOctString_BN error of %s\n", ippGetStatusString(ret))); + FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); return USER_CRYPTO_ERROR; } /** Set up Montgomery state */ - ret = init_mont(&pMont, key->pipp); + ret = init_mont(&pMont, &pSz, key->pipp); if (ret != ippStsNoErr) { USER_DEBUG(("init_mont error of %s\n", ippGetStatusString(ret))); + if (pMont != NULL) { + XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + } + FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); return USER_CRYPTO_ERROR; } - ret = init_mont(&qMont, key->qipp); + ret = init_mont(&qMont, &qSz, key->qipp); if (ret != ippStsNoErr) { USER_DEBUG(("init_mont error of %s\n", ippGetStatusString(ret))); + if (qMont != NULL) { + XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + } + ForceZero(pMont, pSz); + XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); return USER_CRYPTO_ERROR; } @@ -1599,6 +1683,11 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, if (ret != ippStsNoErr) { USER_DEBUG(("reduce error of %s\n", ippGetStatusString(ret))); + ForceZero(pMont, pSz); + ForceZero(qMont, qSz); + XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); return USER_CRYPTO_ERROR; } @@ -1606,6 +1695,11 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, if (ret != ippStsNoErr) { USER_DEBUG(("reduce error of %s\n", ippGetStatusString(ret))); + ForceZero(pMont, pSz); + ForceZero(qMont, qSz); + XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); return USER_CRYPTO_ERROR; } @@ -1613,6 +1707,11 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, ret = exptmod(tmpP, key->dPipp, pMont, tmpa, one); if (ret != ippStsNoErr) { USER_DEBUG(("exptmod error of %s\n", ippGetStatusString(ret))); + ForceZero(pMont, pSz); + ForceZero(qMont, qSz); + XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); return USER_CRYPTO_ERROR; } @@ -1620,6 +1719,11 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, ret = exptmod(tmpQ, key->dQipp, qMont, tmpb, one); if (ret != ippStsNoErr) { USER_DEBUG(("exptmod error of %s\n", ippGetStatusString(ret))); + ForceZero(pMont, pSz); + ForceZero(qMont, qSz); + XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); return USER_CRYPTO_ERROR; } @@ -1627,12 +1731,22 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, ret = ippsSub_BN(tmpa, tmpb, tmp); if (ret != ippStsNoErr) { USER_DEBUG(("ippsSub_BN error of %s\n", ippGetStatusString(ret))); + ForceZero(pMont, pSz); + ForceZero(qMont, qSz); + XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); return USER_CRYPTO_ERROR; } ret = ippsMul_BN(tmp, key->uipp, tmp); if (ret != ippStsNoErr) { USER_DEBUG(("ippsMul_BN error of %s\n", ippGetStatusString(ret))); + ForceZero(pMont, pSz); + ForceZero(qMont, qSz); + XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); return USER_CRYPTO_ERROR; } @@ -1640,6 +1754,11 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, ret = ippsDiv_BN(tmp, key->pipp, tmpa, tmp); if (ret != ippStsNoErr) { USER_DEBUG(("ippsDiv_BN error of %s\n", ippGetStatusString(ret))); + ForceZero(pMont, pSz); + ForceZero(qMont, qSz); + XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); return USER_CRYPTO_ERROR; } @@ -1647,17 +1766,32 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, ret = ippsExtGet_BN(&sa, NULL, NULL, tmp); if (ret != ippStsNoErr) { USER_DEBUG(("ippsExtGet_BN error of %s\n", ippGetStatusString(ret))); + ForceZero(pMont, pSz); + ForceZero(qMont, qSz); + XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); return USER_CRYPTO_ERROR; } ret = ippsExtGet_BN(&sb, NULL, NULL, key->pipp); if (ret != ippStsNoErr) { USER_DEBUG(("ippsExtGet_BN error of %s\n", ippGetStatusString(ret))); + ForceZero(pMont, pSz); + ForceZero(qMont, qSz); + XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); return USER_CRYPTO_ERROR; } if (sa != sb) { ret = ippsAdd_BN(tmp, key->pipp, tmp); if (ret != ippStsNoErr) { USER_DEBUG(("ippsAdd_BN error of %s\n", ippGetStatusString(ret))); + ForceZero(pMont, pSz); + ForceZero(qMont, qSz); + XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); return USER_CRYPTO_ERROR; } } @@ -1666,6 +1800,11 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, ret = ippsMul_BN(tmp, key->qipp, tmp); if (ret != ippStsNoErr) { USER_DEBUG(("ippsSub_BN error of %s\n", ippGetStatusString(ret))); + ForceZero(pMont, pSz); + ForceZero(qMont, qSz); + XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); return USER_CRYPTO_ERROR; } @@ -1673,6 +1812,11 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, ret = ippsAdd_BN(tmp, tmpb, tmp); if (ret != ippStsNoErr) { USER_DEBUG(("ippsSub_BN error of %s\n", ippGetStatusString(ret))); + ForceZero(pMont, pSz); + ForceZero(qMont, qSz); + XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); return USER_CRYPTO_ERROR; } @@ -1681,27 +1825,22 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, if (ret != ippStsNoErr) { USER_DEBUG(("ippsGetOctString_BN error of %s\n", ippGetStatusString(ret))); + ForceZero(pMont, pSz); + ForceZero(qMont, qSz); + XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); return USER_CRYPTO_ERROR; } outSz = sz; - XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + /* clear memory and free */ + ForceZero(pMont, pSz); + ForceZero(qMont, qSz); XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); - - XFREE(one, NULL, DYNAMIC_TYPE_USER_CRYPTO); - - /* clear memory by setting BN to one and then free */ - ippsSetOctString_BN(o, 1, tmp); - XFREE(tmp, NULL, DYNAMIC_TYPE_USER_CRYPTO); - ippsSetOctString_BN(o, 1, tmpP); - XFREE(tmpP, NULL, DYNAMIC_TYPE_USER_CRYPTO); - ippsSetOctString_BN(o, 1, tmpQ); - XFREE(tmpQ, NULL, DYNAMIC_TYPE_USER_CRYPTO); - ippsSetOctString_BN(o, 1, tmpa); - XFREE(tmpa, NULL, DYNAMIC_TYPE_USER_CRYPTO); - ippsSetOctString_BN(o, 1, tmpb); - XFREE(tmpb, NULL, DYNAMIC_TYPE_USER_CRYPTO); + XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); + FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb); return outSz; } @@ -1829,7 +1968,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) return USER_CRYPTO_ERROR; } - pPrime = XMALLOC(ctxSz, NULL, DYNAMIC_TYPE_USER_CRYPTO); + pPrime = (IppsPrimeState*)XMALLOC(ctxSz, NULL, DYNAMIC_TYPE_USER_CRYPTO); if (pPrime == NULL) return USER_CRYPTO_ERROR; @@ -1849,7 +1988,8 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) } key->prvSz = ctxSz; /* used when freeing private key */ - key->pPrv = XMALLOC(ctxSz, NULL, DYNAMIC_TYPE_USER_CRYPTO); + key->pPrv = (IppsRSAPrivateKeyState*)XMALLOC(ctxSz, NULL, + DYNAMIC_TYPE_USER_CRYPTO); if (key->pPrv == NULL) return USER_CRYPTO_ERROR; @@ -1869,7 +2009,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) return USER_CRYPTO_ERROR; } - scratchBuffer = XMALLOC(scratchSz, 0, DYNAMIC_TYPE_USER_CRYPTO); + scratchBuffer = (Ipp8u*)XMALLOC(scratchSz, 0, DYNAMIC_TYPE_USER_CRYPTO); if (scratchBuffer == NULL) return USER_CRYPTO_ERROR; @@ -1943,7 +2083,8 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) return USER_CRYPTO_ERROR; } - key->pPub = XMALLOC(ctxSz, NULL, DYNAMIC_TYPE_USER_CRYPTO); + key->pPub = (IppsRSAPublicKeyState*)XMALLOC(ctxSz, NULL, + DYNAMIC_TYPE_USER_CRYPTO); if (key->pPub == NULL) return USER_CRYPTO_ERROR; @@ -2381,7 +2522,7 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) rawLen += lbit; tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap, - DYNAMIC_TYPE_USER_CRYPTO); + DYNAMIC_TYPE_USER_CRYPTO); if (tmps[i] == NULL) { ret = USER_CRYPTO_ERROR; break;