feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

perfer local IPP libraries, memory usage and casting

Browse Source
This commit is contained in:
Jacob Barthelmeh
2015-11-29 23:34:58 -07:00
parent db599bb361
commit 6030970026
3 changed files with 274 additions and 124 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile.am
View File

@ -59,7 +59,7 @@ EXTRA_DIST+= gencertbuf.pl
EXTRA_DIST+= README.md EXTRA_DIST+= README.md
EXTRA_DIST+= LICENSING EXTRA_DIST+= LICENSING
EXTRA_DIST+= INSTALL EXTRA_DIST+= INSTALL
EXTRA_DIST+= IPP/ EXTRA_DIST+= IPP
# user crypto plug in example # user crypto plug in example
EXTRA_DIST+= wolfcrypt/user-crypto/configure.ac EXTRA_DIST+= wolfcrypt/user-crypto/configure.ac

131
configure.ac
View File

@ -2285,8 +2285,9 @@ AC_ARG_WITH([cavium],
# Fast RSA using Intel IPP # Fast RSA using Intel IPP
ippdir="${srcdir}/IPP" ippdir="${srcdir}/IPP"
ipplib="lib" # if autoconf guesses 32 changes lib directory ipplib="lib" # if autoconf guesses 32bit system changes lib directory
fastRSA_headers=no fastRSA_found=no
abs_path=`pwd`
# set up variables used # set up variables used
IPPLIBS= IPPLIBS=
@ -2301,11 +2302,12 @@ AC_ARG_ENABLE([fast-rsa],
if test "$ENABLED_USER_RSA" = "no" && test "$ENABLED_FIPS" = "no"; then if test "$ENABLED_USER_RSA" = "no" && test "$ENABLED_FIPS" = "no"; then
if test "$enable_shared" = "no" && test "$ENABLED_FAST_RSA" = "yes"; then
if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then
ipplib="lib_32" # 32 bit OS detected ipplib="lib_32" # 32 bit OS detected
fi fi
# Use static IPP Libraries
if test "$enable_shared" = "no" && test "$ENABLED_FAST_RSA" = "yes"; then
case $host_os in case $host_os in
*darwin*) *darwin*)
ipplib="$ipplib/mac_static" ipplib="$ipplib/mac_static"
@ -2322,92 +2324,100 @@ if test "$enable_shared" = "no" && test "$ENABLED_FAST_RSA" = "yes"; then
AC_CHECK_FILES([$srcdir/IPP/$ipplib/libippcore.a $srcdir/IPP/$ipplib/libippcp.a], [], [ENABLED_FAST_RSA=no]) AC_CHECK_FILES([$srcdir/IPP/$ipplib/libippcore.a $srcdir/IPP/$ipplib/libippcp.a], [], [ENABLED_FAST_RSA=no])
AC_CHECK_FILES([$srcdir/IPP/include/ipp.h $srcdir/IPP/include/ippcp.h], [AM_CPPFLAGS="-I$srcdir/IPP/include $AM_CPPFLAGS"], [ENABLED_FAST_RSA=no]) AC_CHECK_FILES([$srcdir/IPP/include/ipp.h $srcdir/IPP/include/ippcp.h], [AM_CPPFLAGS="-I$srcdir/IPP/include $AM_CPPFLAGS"], [ENABLED_FAST_RSA=no])
LIB_STATIC_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a" LIB_STATIC_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a $LIB_STATIC_ADD"
if test "$ENABLED_FAST_RSA" = "no"; then if test "$ENABLED_FAST_RSA" = "no"; then
AC_MSG_ERROR([Could not find fast rsa libraries]) AC_MSG_ERROR([Could not find fast rsa libraries])
fi fi
else else
# just check link and see if user has already exported paths
if test "$ENABLED_FAST_RSA" = "yes"
then
AC_MSG_NOTICE([Checking if IPP crypto library installed])
AC_CHECK_HEADER([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15], [LIBS="$LIBS -lippcore"; fastRSA_headers=yes], [AS_UNSET([ac_cv_lib_ippcp_ippsRSAEncrypt_PKCSv15]); fastRSA_headers=no])], [fastRSA_headers=no])
if test "$fastRSA_headers" = "yes"; then
AM_LDFLAGS="${AM_LDFLAGS} -lippcore -lippcp"
fi
fi
# Don't cache the result so it can be checked again # Check for and use bundled IPP libraries
AS_UNSET([ac_cv_header_ippcp_h])
AS_UNSET([ac_cv_header_ipp_h])
if test "$fastRSA_headers" = "no"; then
dnl set default paths
if test "$ENABLED_FAST_RSA" = "yes"; then if test "$ENABLED_FAST_RSA" = "yes"; then
AC_MSG_NOTICE([Using local IPP crypto library]) AC_MSG_NOTICE([Using local IPP crypto library])
# build and default locations on linux and mac
STORE_LDFLAGS=${LDFLAGS}
STORE_CPPFLAGS=${CPPFLAGS}
if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then
ipplib="lib_32" # 32 bit OS detected
fi
# using LDFLAGS instead of AM_ temporarily to test link to library
LDFLAGS="-L$ippdir/$ipplib -lippcp -lippcore"
CPPFLAGS="-I$ippdir/include"
AC_CHECK_HEADERS([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15], [], [ENABLED_FAST_RSA=no])], [ENABLED_FAST_RSA=no])
if test "$ENABLED_FAST_RSA" = "yes"; then AC_CHECK_FILES([$abs_path/IPP/include/ippcp.h],
# was succesfull so add tested LDFLAGS to AM_ flags [
AM_LDFLAGS="${AM_LDFLAGS} ${LDFLAGS}" # build and default locations on linux and mac
AM_CPPFLAGS="${AM_CPPFLAGS} ${CPPFLAGS}" STORE_LDFLAGS=${LDFLAGS}
STORE_CPPFLAGS=${CPPFLAGS}
case $host_os in # using LDFLAGS instead of AM_ temporarily to test link to library
*darwin*) LDFLAGS="-L$ippdir/$ipplib -lippcp -lippcore"
CPPFLAGS="-I$ippdir/include"
AC_CHECK_HEADERS([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15], [fastRSA_found=yes], [fastRSA_found=no])], [fastRSA_found=no])
name="$ippdir/$ipplib/libippcp" name="$ippdir/$ipplib/libippcp"
IPPLIBS="${name}.dylib ${name}-9.0.dylib ${name}e9-9.0.dylib ${name}g9-9.0.dylib ${name}h9-9.0.dylib ${name}k0-9.0.dylib ${name}l9-9.0.dylib ${name}n8-9.0.dylib ${name}p8-9.0.dylib ${name}s8-9.0.dylib ${name}y8-9.0.dylib IPP/lib/libippcore.dylib IPP/lib/libippcore-9.0.dylib" case $host_os in
IPPLINK="mkdir -p src/.libs && ln -f ${name}.dylib src/.libs/libippcp.dylib && ln -f ${srcdir}/${name}-9.0.dylib src/.libs/libippcp-9.0.dylib && ln -f ${srcdir}/${name}e9-9.0.dylib src/.libs/libippcpe9-9.0.dylib && ln -f ${srcdir}/${name}g9-9.0.dylib src/.libs/libippcpg9-9.0.dylib && ln -f ${srcdir}/${name}h9-9.0.dylib src/.libs/libippcph9-9.0.dylib && ln -f ${srcdir}/${name}k0-9.0.dylib src/.libs/libippcpk0-9.0.dylib && ln -f ${srcdir}/${name}l9-9.0.dylib src/.libs/libippcpl9-9.0.dylib && ln -f ${srcdir}/${name}n8-9.0.dylib src/.libs/libippcpn8-9.0.dylib && ln -f ${srcdir}/${name}p8-9.0.dylib src/.libs/libippcpp8-9.0.dylib && ln -f ${srcdir}/${name}s8-9.0.dylib src/.libs/libippcps8-9.0.dylib && ln -f ${srcdir}/${name}y8-9.0.dylib src/.libs/libippcpy8-9.0.dylib && ln -f ${srcdir}/IPP/lib/libippcore.dylib src/.libs/libippcore.dylib && ln -f ${srcdir}/IPP/lib/libippcore-9.0.dylib src/.libs/libippcore-9.0.dylib" *darwin*)
break;; # check file existence and conditionally set variables
AC_CHECK_FILES([$abs_path/IPP/$ipplib/libippcp.dylib], [
IPPLIBS="${name}.dylib ${name}-9.0.dylib ${name}e9-9.0.dylib ${name}g9-9.0.dylib ${name}h9-9.0.dylib ${name}k0-9.0.dylib ${name}l9-9.0.dylib ${name}n8-9.0.dylib ${name}p8-9.0.dylib ${name}s8-9.0.dylib ${name}y8-9.0.dylib IPP/lib/libippcore.dylib IPP/lib/libippcore-9.0.dylib"
IPPLINK="mkdir -p src/.libs && ln -f ${name}.dylib src/.libs/libippcp.dylib && ln -f ${srcdir}/${name}-9.0.dylib src/.libs/libippcp-9.0.dylib && ln -f ${srcdir}/${name}e9-9.0.dylib src/.libs/libippcpe9-9.0.dylib && ln -f ${srcdir}/${name}g9-9.0.dylib src/.libs/libippcpg9-9.0.dylib && ln -f ${srcdir}/${name}h9-9.0.dylib src/.libs/libippcph9-9.0.dylib && ln -f ${srcdir}/${name}k0-9.0.dylib src/.libs/libippcpk0-9.0.dylib && ln -f ${srcdir}/${name}l9-9.0.dylib src/.libs/libippcpl9-9.0.dylib && ln -f ${srcdir}/${name}n8-9.0.dylib src/.libs/libippcpn8-9.0.dylib && ln -f ${srcdir}/${name}p8-9.0.dylib src/.libs/libippcpp8-9.0.dylib && ln -f ${srcdir}/${name}s8-9.0.dylib src/.libs/libippcps8-9.0.dylib && ln -f ${srcdir}/${name}y8-9.0.dylib src/.libs/libippcpy8-9.0.dylib && ln -f ${srcdir}/IPP/lib/libippcore.dylib src/.libs/libippcore.dylib && ln -f ${srcdir}/IPP/lib/libippcore-9.0.dylib src/.libs/libippcore-9.0.dylib"
], [fastRSA_found=no])
break;;
*linux*) *linux*)
if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then # check file existence and conditionally set variables
name="$ippdir/$ipplib/libippcp" AC_CHECK_FILES([$abs_path/IPP/$ipplib/libippcp.so.9.0], [
IPPLIBS="${name}.so.9.0 ${name}g9.so.9.0 ${name}h9.so.9.0 ${name}p8.so.9.0 ${name}px.so.9.0 ${name}s8.so.9.0 ${name}.so ${name}w7.so.9.0 IPP/$ipplib/libippcore.so" if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then
IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}g9.so.9.0 src/.libs/libippcpg9.so.9.0 && ln -f ${name}h9.so.9.0 src/.libs/libippcph9.so.9.0 && ln -f ${name}p8.so.9.0 src/.libs/libippcpp8.so.9.0 && ln -f ${name}px.so.9.0 src/.libs/libippcppx.so.9.0 && ln -f ${name}s8.so.9.0 src/.libs/libippcps8.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}w7.so.9.0 src/.libs/libippcpw7.so.9.0 && ln -f IPP/$ipplib/libippcore.so src/.libs/libippcore.so && ln -f IPP/$ipplib/libippcore.so.9.0 src/.libs/libippcore.so.9.0" IPPLIBS="${name}.so.9.0 ${name}g9.so.9.0 ${name}h9.so.9.0 ${name}p8.so.9.0 ${name}px.so.9.0 ${name}s8.so.9.0 ${name}.so ${name}w7.so.9.0 IPP/$ipplib/libippcore.so IPP/$ipplib/libippcore.so.9.0"
else IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}g9.so.9.0 src/.libs/libippcpg9.so.9.0 && ln -f ${name}h9.so.9.0 src/.libs/libippcph9.so.9.0 && ln -f ${name}p8.so.9.0 src/.libs/libippcpp8.so.9.0 && ln -f ${name}px.so.9.0 src/.libs/libippcppx.so.9.0 && ln -f ${name}s8.so.9.0 src/.libs/libippcps8.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}w7.so.9.0 src/.libs/libippcpw7.so.9.0 && ln -f IPP/$ipplib/libippcore.so src/.libs/libippcore.so && ln -f IPP/$ipplib/libippcore.so.9.0 src/.libs/libippcore.so.9.0"
name="$ippdir/$ipplib/libippcp" else
IPPLIBS="${name}.so.9.0 ${name}e9.so.9.0 ${name}k0.so.9.0 ${name}l9.so.9.0 ${name}m7.so.9.0 ${name}mx.so.9.0 ${name}.so ${name}n8.so.9.0 ${name}y8.so.9.0 IPP/lib/libippcore.so" IPPLIBS="${name}.so.9.0 ${name}e9.so.9.0 ${name}k0.so.9.0 ${name}l9.so.9.0 ${name}m7.so.9.0 ${name}mx.so.9.0 ${name}.so ${name}n8.so.9.0 ${name}y8.so.9.0 IPP/lib/libippcore.so IPP/lib/libippcore.so.9.0"
IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}e9.so.9.0 src/.libs/libippcpe9.so.9.0 && ln -f ${name}k0.so.9.0 src/.libs/libippcpk0.so.9.0 && ln -f ${name}l9.so.9.0 src/.libs/libippcpl9.so.9.0 && ln -f ${name}m7.so.9.0 src/.libs/libippcpm7.so.9.0 && ln -f ${name}mx.so.9.0 src/.libs/libippcpmx.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}n8.so.9.0 src/.libs/libippcpn8.so.9.0 && ln -f ${name}y8.so.9.0 src/.libs/libippcpy8.so.9.0 && ln -f IPP/lib/libippcore.so src/.libs/libippcore.so && ln -f IPP/lib/libippcore.so.9.0 src/.libs/libippcore.so.9.0" IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}e9.so.9.0 src/.libs/libippcpe9.so.9.0 && ln -f ${name}k0.so.9.0 src/.libs/libippcpk0.so.9.0 && ln -f ${name}l9.so.9.0 src/.libs/libippcpl9.so.9.0 && ln -f ${name}m7.so.9.0 src/.libs/libippcpm7.so.9.0 && ln -f ${name}mx.so.9.0 src/.libs/libippcpmx.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}n8.so.9.0 src/.libs/libippcpn8.so.9.0 && ln -f ${name}y8.so.9.0 src/.libs/libippcpy8.so.9.0 && ln -f IPP/lib/libippcore.so src/.libs/libippcore.so && ln -f IPP/lib/libippcore.so.9.0 src/.libs/libippcore.so.9.0"
fi
], [fastRSA_found=no])
break;;
*)
fastRSA_found=no
esac
if test "$fastRSA_found" = "yes"; then
# was succesfull so add tested LDFLAGS to AM_ flags
AM_LDFLAGS="${AM_LDFLAGS} ${LDFLAGS}"
AM_CPPFLAGS="${AM_CPPFLAGS} ${CPPFLAGS}"
IPPHEADERS="${srcdir}/IPP/include/*.h"
fi fi
break;;
*) # restore LDFLAGS to user set
ENABLED_FAST_RSA=no LDFLAGS=${STORE_LDFLAGS}
esac CPPFLAGS=${STORE_CPPFLAGS}
fi ], [fastRSA_found=no])
# restore LDFLAGS to user set fi
LDFLAGS=${STORE_LDFLAGS}
CPPFLAGS=${STORE_CPPFLAGS} # Don't cache the result so it can be checked
IPPHEADERS="${srcdir}/IPP/include/*.h" AS_UNSET([ac_cv_header_ippcp_h])
AS_UNSET([ac_cv_header_ipp_h])
AS_UNSET([ac_cv_lib_ippcp_ippsRSAEncrypt_PKCSv15]);
# Check link and see if user has pre-existing IPP Libraries if not using local
if test "$ENABLED_FAST_RSA" = "yes" && test "$fastRSA_found" = "no"; then
AC_MSG_NOTICE([Checking if IPP crypto library installed])
AC_CHECK_HEADER([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15],
[
fastRSA_found=yes
AM_LDFLAGS="${AM_LDFLAGS} -lippcore -lippcp"
], [ fastRSA_found=no])
], [fastRSA_found=no])
# Error out on not finding libraries # Error out on not finding libraries
if test "$ENABLED_FAST_RSA" = "no"; then if test "$fastRSA_found" = "no"; then
AC_MSG_ERROR([Could not find fast rsa libraries]) AC_MSG_ERROR([Could not find fast rsa libraries])
fi fi
fi fi
fi # end of if found exported paths
fi # end of if for shared library fi # end of if for shared library
else # if user rsa is set than do not use fast rsa option else # if user rsa is set than do not use fast rsa option
if test "$ENABLED_FAST_RSA" = "yes"; then if test "$ENABLED_FAST_RSA" = "yes"; then
AC_MSG_ERROR([Could not use fast rsa libraries with user crypto or fips]) AC_MSG_ERROR([Could not use fast rsa libraries with user crypto or fips])
fi fi
fi # end of if for user rsa crypto fi # end of if for user rsa crypto or fips
# End result of checking for IPP Libraries
AC_MSG_CHECKING([for fast RSA]) AC_MSG_CHECKING([for fast RSA])
if test "$ENABLED_FAST_RSA" = "yes"; then if test "$ENABLED_FAST_RSA" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DHAVE_FAST_RSA -DHAVE_USER_RSA" AM_CFLAGS="$AM_CFLAGS -DHAVE_FAST_RSA -DHAVE_USER_RSA"
# add in user crypto header that uses Intel IPP # add in user crypto header that uses Intel IPP
AM_CPPFLAGS="$AM_CPPFLAGS -I$srcdir/wolfcrypt/user-crypto/include" AM_CPPFLAGS="$AM_CPPFLAGS -I$srcdir/wolfcrypt/user-crypto/include"
if test "$enable_shared" = "yes"; then if test "$enable_shared" = "yes"; then
LIBS="$LIBS -lippcore" LIBS="$LIBS -lippcore -lippcp"
LIB_ADD="-lippcp -lippcore $LIB_ADD" LIB_ADD="-lippcp -lippcore $LIB_ADD"
else else
LIB_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a $LIB_ADD" LIB_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a $LIB_ADD"
@ -2420,7 +2430,6 @@ fi
AC_SUBST([IPPLIBS]) AC_SUBST([IPPLIBS])
AC_SUBST([IPPHEADERS]) AC_SUBST([IPPHEADERS])
AC_SUBST([IPPLINK]) AC_SUBST([IPPLINK])
# Found IPP library now build in user crypto to use it
AM_CONDITIONAL([BUILD_FAST_RSA], [test "x$ENABLED_FAST_RSA" = "xyes"]) AM_CONDITIONAL([BUILD_FAST_RSA], [test "x$ENABLED_FAST_RSA" = "xyes"])

265
wolfcrypt/user-crypto/src/rsa.c
View File

@ -160,7 +160,7 @@ static int SetIndividualExternal(WOLFSSL_BIGNUM** bn, IppsBigNumState* in)
if (ret != ippStsNoErr) if (ret != ippStsNoErr)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
data = XMALLOC(sz, NULL, DYNAMIC_TYPE_USER_CRYPTO); data = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_USER_CRYPTO);
if (data == NULL) if (data == NULL)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
@ -200,13 +200,15 @@ static int SetIndividualInternal(WOLFSSL_BIGNUM* bn, IppsBigNumState** mpi)
if (ret != ippStsNoErr) if (ret != ippStsNoErr)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
*mpi = XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO); *mpi = (IppsBigNumState*)XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO);
if (*mpi == NULL) if (*mpi == NULL)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
ret = ippsBigNumInit(length, *mpi); ret = ippsBigNumInit(length, *mpi);
if (ret != ippStsNoErr) if (ret != ippStsNoErr) {
XFREE(*mpi, NULL, DYNAMIC_TYPE_USER_CRYPTO);
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
}
} }
@ -219,7 +221,7 @@ static int SetIndividualInternal(WOLFSSL_BIGNUM* bn, IppsBigNumState** mpi)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
data = XMALLOC(length, NULL, DYNAMIC_TYPE_USER_CRYPTO); data = (Ipp8u*)XMALLOC(length, NULL, DYNAMIC_TYPE_USER_CRYPTO);
if (data == NULL) if (data == NULL)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
@ -399,7 +401,8 @@ int SetRsaInternal(WOLFSSL_RSA* rsa)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
key->pPub = XMALLOC(ctxSz, NULL, DYNAMIC_TYPE_USER_CRYPTO); key->pPub = (IppsRSAPublicKeyState*)XMALLOC(ctxSz, NULL,
DYNAMIC_TYPE_USER_CRYPTO);
if (key->pPub == NULL) if (key->pPub == NULL)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
@ -452,7 +455,8 @@ int SetRsaInternal(WOLFSSL_RSA* rsa)
} }
key->prvSz = ctxSz; key->prvSz = ctxSz;
key->pPrv = XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO); key->pPrv = (IppsRSAPrivateKeyState*)XMALLOC(ctxSz, 0,
DYNAMIC_TYPE_USER_CRYPTO);
if (key->pPrv == NULL) if (key->pPrv == NULL)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
@ -575,13 +579,15 @@ static IppStatus init_bn(IppsBigNumState** in, int sz)
return ret; return ret;
} }
*in = XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO); *in = (IppsBigNumState*)XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO);
if (*in == NULL) { if (*in == NULL) {
return ippStsNoMemErr; return ippStsNoMemErr;
} }
ret = ippsBigNumInit(sz, *in); ret = ippsBigNumInit(sz, *in);
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
XFREE(*in, NULL, DYNAMIC_TYPE_USER_CRYPTO);
*in = NULL;
return ret; return ret;
} }
@ -592,41 +598,51 @@ static IppStatus init_bn(IppsBigNumState** in, int sz)
/* Set up memory and structure for a Montgomery struct /* Set up memory and structure for a Montgomery struct
* returns ippStsNoErr on success * returns ippStsNoErr on success
*/ */
static IppStatus init_mont(IppsMontState** mont, IppsBigNumState* modul) static IppStatus init_mont(IppsMontState** mont, int* ctxSz,
IppsBigNumState* modul)
{ {
int ctxSz, mSz; int mSz;
Ipp32u* m; Ipp32u* m;
IppStatus ret; IppStatus ret;
ret = ippsExtGet_BN(NULL, &ctxSz, NULL, modul); ret = ippsExtGet_BN(NULL, ctxSz, NULL, modul);
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
return ret; return ret;
} }
mSz = (ctxSz/32)+((ctxSz % 32)? 1: 0); /* convert bits to Ipp32u array size and round up
m = XMALLOC(mSz * sizeof(Ipp32u), 0, DYNAMIC_TYPE_USER_CRYPTO); 32 is number of bits in type */
mSz = (*ctxSz/32)+((*ctxSz % 32)? 1: 0);
m = (Ipp32u*)XMALLOC(mSz * sizeof(Ipp32u), 0, DYNAMIC_TYPE_USER_CRYPTO);
if (m == NULL) { if (m == NULL) {
XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
return ippStsNoMemErr; return ippStsNoMemErr;
} }
ret = ippsExtGet_BN(NULL, NULL, m, modul); ret = ippsExtGet_BN(NULL, NULL, m, modul);
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
return ret; return ret;
} }
ret = ippsMontGetSize(IppsBinaryMethod, mSz, &ctxSz); ret = ippsMontGetSize(IppsSlidingWindows, mSz, ctxSz);
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
return ret; return ret;
} }
/* 2. Allocate working buffer using malloc */ /* 2. Allocate working buffer using malloc */
*mont = XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO); *mont = (IppsMontState*)XMALLOC(*ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO);
if (mont == NULL) { if (mont == NULL) {
XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
return ippStsNoMemErr; return ippStsNoMemErr;
} }
ret = ippsMontInit(IppsBinaryMethod, mSz, *mont); ret = ippsMontInit(IppsSlidingWindows, mSz, *mont);
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
USER_DEBUG(("ippsMontInit error of %s\n", ippGetStatusString(ret))); USER_DEBUG(("ippsMontInit error of %s\n", ippGetStatusString(ret)));
XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
XFREE(*mont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
*mont = NULL;
return ret; return ret;
} }
@ -634,6 +650,9 @@ static IppStatus init_mont(IppsMontState** mont, IppsBigNumState* modul)
ret = ippsMontSet(m, mSz, *mont); ret = ippsMontSet(m, mSz, *mont);
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
USER_DEBUG(("ippsMontSet error of %s\n", ippGetStatusString(ret))); USER_DEBUG(("ippsMontSet error of %s\n", ippGetStatusString(ret)));
XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
XFREE(*mont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
*mont = NULL;
return ret; return ret;
} }
@ -779,7 +798,7 @@ static int GetInt(IppsBigNumState** mpi, const byte* input, word32* inOutIdx,
if (ret != ippStsNoErr) if (ret != ippStsNoErr)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
*mpi = XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO); *mpi = (IppsBigNumState*)XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO);
if (*mpi == NULL) if (*mpi == NULL)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
@ -886,7 +905,8 @@ int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
key->pPub = XMALLOC(ctxSz, NULL, DYNAMIC_TYPE_USER_CRYPTO); key->pPub = (IppsRSAPublicKeyState*)XMALLOC(ctxSz, NULL,
DYNAMIC_TYPE_USER_CRYPTO);
if (key->pPub == NULL) if (key->pPub == NULL)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
@ -938,7 +958,8 @@ int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
} }
key->prvSz = ctxSz; key->prvSz = ctxSz;
key->pPrv = XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO); key->pPrv = (IppsRSAPrivateKeyState*)XMALLOC(ctxSz, 0,
DYNAMIC_TYPE_USER_CRYPTO);
if (key->pPrv == NULL) if (key->pPrv == NULL)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
@ -1056,7 +1077,8 @@ int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
key->pPub = XMALLOC(ctxSz, NULL, DYNAMIC_TYPE_USER_CRYPTO); key->pPub = (IppsRSAPublicKeyState*)XMALLOC(ctxSz, NULL,
DYNAMIC_TYPE_USER_CRYPTO);
if (key->pPub == NULL) if (key->pPub == NULL)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
@ -1123,7 +1145,8 @@ int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
key->pPub = XMALLOC(ctxSz, NULL, DYNAMIC_TYPE_USER_CRYPTO); key->pPub = (IppsRSAPublicKeyState*)XMALLOC(ctxSz, NULL,
DYNAMIC_TYPE_USER_CRYPTO);
if (key->pPub == NULL) if (key->pPub == NULL)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
@ -1168,8 +1191,8 @@ int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
if (ret != ippStsNoErr) if (ret != ippStsNoErr)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
scratchBuffer = XMALLOC(scratchSz*(sizeof(Ipp8u)), 0, scratchBuffer = (Ipp8u*)XMALLOC(scratchSz*(sizeof(Ipp8u)), 0,
DYNAMIC_TYPE_USER_CRYPTO); DYNAMIC_TYPE_USER_CRYPTO);
if (scratchBuffer == NULL) if (scratchBuffer == NULL)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
@ -1211,8 +1234,8 @@ int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
scratchBuffer = XMALLOC(scratchSz*(sizeof(Ipp8u)), 0, scratchBuffer = (Ipp8u*)XMALLOC(scratchSz*(sizeof(Ipp8u)), 0,
DYNAMIC_TYPE_USER_CRYPTO); DYNAMIC_TYPE_USER_CRYPTO);
if (scratchBuffer == NULL) { if (scratchBuffer == NULL) {
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
@ -1242,7 +1265,7 @@ int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key)
USER_DEBUG(("Entering wc_RsaPrivateDecryptInline\n")); USER_DEBUG(("Entering wc_RsaPrivateDecryptInline\n"));
/* allocate a buffer for max decrypted text */ /* allocate a buffer for max decrypted text */
tmp = XMALLOC(key->sz, NULL, DYNAMIC_TYPE_USER_CRYPTO); tmp = (byte*)XMALLOC(key->sz, NULL, DYNAMIC_TYPE_USER_CRYPTO);
if (tmp == NULL) if (tmp == NULL)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
@ -1314,7 +1337,7 @@ int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
pPub = XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO); pPub = (IppsRSAPrivateKeyState*)XMALLOC(ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO);
if (pPub == NULL) if (pPub == NULL)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
@ -1341,8 +1364,8 @@ int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
scratchBuffer = XMALLOC(scratchSz*(sizeof(Ipp8u)), 0, scratchBuffer = (Ipp8u*)XMALLOC(scratchSz*(sizeof(Ipp8u)), 0,
DYNAMIC_TYPE_USER_CRYPTO); DYNAMIC_TYPE_USER_CRYPTO);
if (scratchBuffer == NULL) { if (scratchBuffer == NULL) {
FreeHelper(pTxt, cTxt, scratchBuffer, pPub); FreeHelper(pTxt, cTxt, scratchBuffer, pPub);
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
@ -1475,23 +1498,58 @@ static IppStatus exptmod(IppsBigNumState* a, IppsBigNumState* b,
} }
static void Free_BN(IppsBigNumState* bn)
{
int sz, ctxSz;
IppStatus ret;
if (bn != NULL) {
ret = ippStsNoErr;
ret |= ippsGetSize_BN(bn, &sz);
ret |= ippsBigNumGetSize(sz, &ctxSz);
if (ret == ippStsNoErr) {
ForceZero(bn, ctxSz);
}
else {
USER_DEBUG(("Issue with clearing a struct in RsaSSL_Sign free\n"));
}
XFREE(bn, NULL, DYNAMIC_TYPE_USER_CRYPTO);
bn = NULL;
}
}
/* free up memory used during CRT sign operation */
static void FreeSignHelper(IppsBigNumState* one, IppsBigNumState* tmp,
IppsBigNumState* tmpP, IppsBigNumState* tmpQ, IppsBigNumState* tmpa,
IppsBigNumState* tmpb)
{
Free_BN(one);
Free_BN(tmp);
Free_BN(tmpP);
Free_BN(tmpQ);
Free_BN(tmpa);
Free_BN(tmpb);
}
/* for Rsa Sign */ /* for Rsa Sign */
int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
RsaKey* key, WC_RNG* rng) RsaKey* key, WC_RNG* rng)
{ {
int sz; int sz, pSz, qSz;
IppStatus ret; IppStatus ret;
word32 outSz = outLen; word32 outSz = outLen;
IppsMontState* pMont; IppsMontState* pMont = NULL;
IppsMontState* qMont; IppsMontState* qMont = NULL;
IppsBigNumState* one; IppsBigNumState* one = NULL;
IppsBigNumState* tmp; IppsBigNumState* tmp = NULL;
IppsBigNumState* tmpP; IppsBigNumState* tmpP = NULL;
IppsBigNumState* tmpQ; IppsBigNumState* tmpQ = NULL;
IppsBigNumState* tmpa; IppsBigNumState* tmpa = NULL;
IppsBigNumState* tmpb; IppsBigNumState* tmpb = NULL;
IppsBigNumSGN sa, sb; IppsBigNumSGN sa, sb;
@ -1507,6 +1565,13 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
/* sanity check on key being used */
if (key->pipp == NULL || key->qipp == NULL || key->uipp == NULL ||
key->dPipp == NULL || key->dQipp == NULL) {
USER_DEBUG(("Bad key argument to wc_RsaSSL_Sign\n"));
return USER_CRYPTO_ERROR;
}
if (sz > (int)outLen) { if (sz > (int)outLen) {
USER_DEBUG(("Bad argument outLen to wc_RsaSSL_Sign\n")); USER_DEBUG(("Bad argument outLen to wc_RsaSSL_Sign\n"));
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
@ -1527,11 +1592,14 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
ret = init_bn(&tmp, sz); ret = init_bn(&tmp, sz);
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret))); USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret)));
FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
ret = ippsSetOctString_BN(out, sz, tmp); ret = ippsSetOctString_BN(out, sz, tmp);
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
USER_DEBUG(("ippsSetOctString_BN error of %s\n", ippGetStatusString(ret))); USER_DEBUG(("ippsSetOctString_BN error of %s\n",
ippGetStatusString(ret)));
FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
@ -1539,6 +1607,7 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
ret = init_bn(&tmpP, sz); ret = init_bn(&tmpP, sz);
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret))); USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret)));
FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
@ -1546,6 +1615,7 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
ret = init_bn(&tmpQ, sz); ret = init_bn(&tmpQ, sz);
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret))); USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret)));
FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
@ -1553,6 +1623,7 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
ret = init_bn(&tmpa, sz); ret = init_bn(&tmpa, sz);
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret))); USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret)));
FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
@ -1560,6 +1631,7 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
ret = init_bn(&tmpb, sz); ret = init_bn(&tmpb, sz);
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret))); USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret)));
FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
@ -1567,27 +1639,39 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
ret = init_bn(&one, sz); ret = init_bn(&one, sz);
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret))); USER_DEBUG(("init_BN error of %s\n", ippGetStatusString(ret)));
FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
ret = ippsSetOctString_BN(o, 1, one); ret = ippsSetOctString_BN(o, 1, one);
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
USER_DEBUG(("ippsSetOctString_BN error of %s\n", USER_DEBUG(("ippsSetOctString_BN error of %s\n",
ippGetStatusString(ret))); ippGetStatusString(ret)));
FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
/** /**
Set up Montgomery state Set up Montgomery state
*/ */
ret = init_mont(&pMont, key->pipp); ret = init_mont(&pMont, &pSz, key->pipp);
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
USER_DEBUG(("init_mont error of %s\n", ippGetStatusString(ret))); USER_DEBUG(("init_mont error of %s\n", ippGetStatusString(ret)));
if (pMont != NULL) {
XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
}
FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
ret = init_mont(&qMont, key->qipp); ret = init_mont(&qMont, &qSz, key->qipp);
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
USER_DEBUG(("init_mont error of %s\n", ippGetStatusString(ret))); USER_DEBUG(("init_mont error of %s\n", ippGetStatusString(ret)));
if (qMont != NULL) {
XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
}
ForceZero(pMont, pSz);
XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
@ -1599,6 +1683,11 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
if (ret != ippStsNoErr) if (ret != ippStsNoErr)
{ {
USER_DEBUG(("reduce error of %s\n", ippGetStatusString(ret))); USER_DEBUG(("reduce error of %s\n", ippGetStatusString(ret)));
ForceZero(pMont, pSz);
ForceZero(qMont, qSz);
XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
@ -1606,6 +1695,11 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
if (ret != ippStsNoErr) if (ret != ippStsNoErr)
{ {
USER_DEBUG(("reduce error of %s\n", ippGetStatusString(ret))); USER_DEBUG(("reduce error of %s\n", ippGetStatusString(ret)));
ForceZero(pMont, pSz);
ForceZero(qMont, qSz);
XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
@ -1613,6 +1707,11 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
ret = exptmod(tmpP, key->dPipp, pMont, tmpa, one); ret = exptmod(tmpP, key->dPipp, pMont, tmpa, one);
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
USER_DEBUG(("exptmod error of %s\n", ippGetStatusString(ret))); USER_DEBUG(("exptmod error of %s\n", ippGetStatusString(ret)));
ForceZero(pMont, pSz);
ForceZero(qMont, qSz);
XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
@ -1620,6 +1719,11 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
ret = exptmod(tmpQ, key->dQipp, qMont, tmpb, one); ret = exptmod(tmpQ, key->dQipp, qMont, tmpb, one);
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
USER_DEBUG(("exptmod error of %s\n", ippGetStatusString(ret))); USER_DEBUG(("exptmod error of %s\n", ippGetStatusString(ret)));
ForceZero(pMont, pSz);
ForceZero(qMont, qSz);
XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
@ -1627,12 +1731,22 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
ret = ippsSub_BN(tmpa, tmpb, tmp); ret = ippsSub_BN(tmpa, tmpb, tmp);
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
USER_DEBUG(("ippsSub_BN error of %s\n", ippGetStatusString(ret))); USER_DEBUG(("ippsSub_BN error of %s\n", ippGetStatusString(ret)));
ForceZero(pMont, pSz);
ForceZero(qMont, qSz);
XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
ret = ippsMul_BN(tmp, key->uipp, tmp); ret = ippsMul_BN(tmp, key->uipp, tmp);
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
USER_DEBUG(("ippsMul_BN error of %s\n", ippGetStatusString(ret))); USER_DEBUG(("ippsMul_BN error of %s\n", ippGetStatusString(ret)));
ForceZero(pMont, pSz);
ForceZero(qMont, qSz);
XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
@ -1640,6 +1754,11 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
ret = ippsDiv_BN(tmp, key->pipp, tmpa, tmp); ret = ippsDiv_BN(tmp, key->pipp, tmpa, tmp);
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
USER_DEBUG(("ippsDiv_BN error of %s\n", ippGetStatusString(ret))); USER_DEBUG(("ippsDiv_BN error of %s\n", ippGetStatusString(ret)));
ForceZero(pMont, pSz);
ForceZero(qMont, qSz);
XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
@ -1647,17 +1766,32 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
ret = ippsExtGet_BN(&sa, NULL, NULL, tmp); ret = ippsExtGet_BN(&sa, NULL, NULL, tmp);
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
USER_DEBUG(("ippsExtGet_BN error of %s\n", ippGetStatusString(ret))); USER_DEBUG(("ippsExtGet_BN error of %s\n", ippGetStatusString(ret)));
ForceZero(pMont, pSz);
ForceZero(qMont, qSz);
XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
ret = ippsExtGet_BN(&sb, NULL, NULL, key->pipp); ret = ippsExtGet_BN(&sb, NULL, NULL, key->pipp);
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
USER_DEBUG(("ippsExtGet_BN error of %s\n", ippGetStatusString(ret))); USER_DEBUG(("ippsExtGet_BN error of %s\n", ippGetStatusString(ret)));
ForceZero(pMont, pSz);
ForceZero(qMont, qSz);
XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
if (sa != sb) { if (sa != sb) {
ret = ippsAdd_BN(tmp, key->pipp, tmp); ret = ippsAdd_BN(tmp, key->pipp, tmp);
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
USER_DEBUG(("ippsAdd_BN error of %s\n", ippGetStatusString(ret))); USER_DEBUG(("ippsAdd_BN error of %s\n", ippGetStatusString(ret)));
ForceZero(pMont, pSz);
ForceZero(qMont, qSz);
XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
} }
@ -1666,6 +1800,11 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
ret = ippsMul_BN(tmp, key->qipp, tmp); ret = ippsMul_BN(tmp, key->qipp, tmp);
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
USER_DEBUG(("ippsSub_BN error of %s\n", ippGetStatusString(ret))); USER_DEBUG(("ippsSub_BN error of %s\n", ippGetStatusString(ret)));
ForceZero(pMont, pSz);
ForceZero(qMont, qSz);
XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
@ -1673,6 +1812,11 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
ret = ippsAdd_BN(tmp, tmpb, tmp); ret = ippsAdd_BN(tmp, tmpb, tmp);
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
USER_DEBUG(("ippsSub_BN error of %s\n", ippGetStatusString(ret))); USER_DEBUG(("ippsSub_BN error of %s\n", ippGetStatusString(ret)));
ForceZero(pMont, pSz);
ForceZero(qMont, qSz);
XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
@ -1681,27 +1825,22 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
if (ret != ippStsNoErr) { if (ret != ippStsNoErr) {
USER_DEBUG(("ippsGetOctString_BN error of %s\n", USER_DEBUG(("ippsGetOctString_BN error of %s\n",
ippGetStatusString(ret))); ippGetStatusString(ret)));
ForceZero(pMont, pSz);
ForceZero(qMont, qSz);
XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
outSz = sz; outSz = sz;
XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); /* clear memory and free */
ForceZero(pMont, pSz);
ForceZero(qMont, qSz);
XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO); XFREE(qMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
XFREE(pMont, NULL, DYNAMIC_TYPE_USER_CRYPTO);
XFREE(one, NULL, DYNAMIC_TYPE_USER_CRYPTO); FreeSignHelper(one, tmp, tmpP, tmpQ, tmpa, tmpb);
/* clear memory by setting BN to one and then free */
ippsSetOctString_BN(o, 1, tmp);
XFREE(tmp, NULL, DYNAMIC_TYPE_USER_CRYPTO);
ippsSetOctString_BN(o, 1, tmpP);
XFREE(tmpP, NULL, DYNAMIC_TYPE_USER_CRYPTO);
ippsSetOctString_BN(o, 1, tmpQ);
XFREE(tmpQ, NULL, DYNAMIC_TYPE_USER_CRYPTO);
ippsSetOctString_BN(o, 1, tmpa);
XFREE(tmpa, NULL, DYNAMIC_TYPE_USER_CRYPTO);
ippsSetOctString_BN(o, 1, tmpb);
XFREE(tmpb, NULL, DYNAMIC_TYPE_USER_CRYPTO);
return outSz; return outSz;
} }
@ -1829,7 +1968,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
pPrime = XMALLOC(ctxSz, NULL, DYNAMIC_TYPE_USER_CRYPTO); pPrime = (IppsPrimeState*)XMALLOC(ctxSz, NULL, DYNAMIC_TYPE_USER_CRYPTO);
if (pPrime == NULL) if (pPrime == NULL)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
@ -1849,7 +1988,8 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
} }
key->prvSz = ctxSz; /* used when freeing private key */ key->prvSz = ctxSz; /* used when freeing private key */
key->pPrv = XMALLOC(ctxSz, NULL, DYNAMIC_TYPE_USER_CRYPTO); key->pPrv = (IppsRSAPrivateKeyState*)XMALLOC(ctxSz, NULL,
DYNAMIC_TYPE_USER_CRYPTO);
if (key->pPrv == NULL) if (key->pPrv == NULL)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
@ -1869,7 +2009,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
scratchBuffer = XMALLOC(scratchSz, 0, DYNAMIC_TYPE_USER_CRYPTO); scratchBuffer = (Ipp8u*)XMALLOC(scratchSz, 0, DYNAMIC_TYPE_USER_CRYPTO);
if (scratchBuffer == NULL) if (scratchBuffer == NULL)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
@ -1943,7 +2083,8 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
} }
key->pPub = XMALLOC(ctxSz, NULL, DYNAMIC_TYPE_USER_CRYPTO); key->pPub = (IppsRSAPublicKeyState*)XMALLOC(ctxSz, NULL,
DYNAMIC_TYPE_USER_CRYPTO);
if (key->pPub == NULL) if (key->pPub == NULL)
return USER_CRYPTO_ERROR; return USER_CRYPTO_ERROR;
@ -2381,7 +2522,7 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
rawLen += lbit; rawLen += lbit;
tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap, tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap,
DYNAMIC_TYPE_USER_CRYPTO); DYNAMIC_TYPE_USER_CRYPTO);
if (tmps[i] == NULL) { if (tmps[i] == NULL) {
ret = USER_CRYPTO_ERROR; ret = USER_CRYPTO_ERROR;
break; break;