feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #5631 from dgarske/smallstack

Browse Source
This commit is contained in:
Hayden Roche
2022-10-04 14:39:17 -07:00
committed by GitHub
parent 58d482428e 0006d1f91c
commit 79d9bc376f
20 changed files with 1199 additions and 972 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
src/internal.c
View File

@@ -32701,7 +32701,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
byte b; byte b;
byte bogusID = 0; /* flag for a bogus session id */ byte bogusID = 0; /* flag for a bogus session id */
ProtocolVersion pv; ProtocolVersion pv;
Suites clSuites; #ifdef WOLFSSL_SMALL_STACK
Suites* clSuites = NULL;
#else
Suites clSuites[1];
#endif
word32 i = *inOutIdx; word32 i = *inOutIdx;
word32 begin = i; word32 begin = i;
int ret = 0; int ret = 0;
@@ -33019,31 +33023,40 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
goto out; goto out;
} }
ato16(&input[i], &clSuites.suiteSz); #ifdef WOLFSSL_SMALL_STACK
clSuites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
DYNAMIC_TYPE_SUITES);
if (clSuites == NULL) {
ret = MEMORY_E;
goto out;
}
#endif
XMEMSET(clSuites, 0, sizeof(Suites));
ato16(&input[i], &clSuites->suiteSz);
i += OPAQUE16_LEN; i += OPAQUE16_LEN;
/* Cipher suite lists are always multiples of two in length. */ /* Cipher suite lists are always multiples of two in length. */
if (clSuites.suiteSz % 2 != 0) { if (clSuites->suiteSz % 2 != 0) {
ret = BUFFER_ERROR; ret = BUFFER_ERROR;
goto out; goto out;
} }
/* suites and compression length check */ /* suites and compression length check */
if ((i - begin) + clSuites.suiteSz + OPAQUE8_LEN > helloSz) { if ((i - begin) + clSuites->suiteSz + OPAQUE8_LEN > helloSz) {
ret = BUFFER_ERROR; ret = BUFFER_ERROR;
goto out; goto out;
} }
if (clSuites.suiteSz > WOLFSSL_MAX_SUITE_SZ) { if (clSuites->suiteSz > WOLFSSL_MAX_SUITE_SZ) {
ret = BUFFER_ERROR; ret = BUFFER_ERROR;
goto out; goto out;
} }
XMEMCPY(clSuites.suites, input + i, clSuites.suiteSz); XMEMCPY(clSuites->suites, input + i, clSuites->suiteSz);
#ifdef HAVE_SERVER_RENEGOTIATION_INFO #ifdef HAVE_SERVER_RENEGOTIATION_INFO
/* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */ /* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */
if (FindSuite(&clSuites, 0, TLS_EMPTY_RENEGOTIATION_INFO_SCSV) >= 0) { if (FindSuite(clSuites, 0, TLS_EMPTY_RENEGOTIATION_INFO_SCSV) >= 0) {
TLSX* extension; TLSX* extension;
/* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */ /* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */
@@ -33061,7 +33074,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#endif /* HAVE_SERVER_RENEGOTIATION_INFO */ #endif /* HAVE_SERVER_RENEGOTIATION_INFO */
#if defined(HAVE_FALLBACK_SCSV) || defined(OPENSSL_ALL) #if defined(HAVE_FALLBACK_SCSV) || defined(OPENSSL_ALL)
/* check for TLS_FALLBACK_SCSV suite */ /* check for TLS_FALLBACK_SCSV suite */
if (FindSuite(&clSuites, TLS_FALLBACK_SCSV, 0) >= 0) { if (FindSuite(clSuites, TLS_FALLBACK_SCSV, 0) >= 0) {
WOLFSSL_MSG("Found Fallback SCSV"); WOLFSSL_MSG("Found Fallback SCSV");
if (ssl->ctx->method->version.minor > pv.minor) { if (ssl->ctx->method->version.minor > pv.minor) {
WOLFSSL_MSG("Client trying to connect with lesser version"); WOLFSSL_MSG("Client trying to connect with lesser version");
@@ -33076,12 +33089,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (IsDtlsNotSctpMode(ssl) && IsDtlsNotSrtpMode(ssl) && !IsSCR(ssl)) { if (IsDtlsNotSctpMode(ssl) && IsDtlsNotSrtpMode(ssl) && !IsSCR(ssl)) {
ret = wc_HmacUpdate(&cookieHmac, ret = wc_HmacUpdate(&cookieHmac,
input + i - OPAQUE16_LEN, input + i - OPAQUE16_LEN,
clSuites.suiteSz + OPAQUE16_LEN); clSuites->suiteSz + OPAQUE16_LEN);
if (ret != 0) goto out; if (ret != 0) goto out;
} }
#endif /* WOLFSSL_DTLS */ #endif /* WOLFSSL_DTLS */
i += clSuites.suiteSz; i += clSuites->suiteSz;
clSuites.hashSigAlgoSz = 0; clSuites->hashSigAlgoSz = 0;
/* compression length */ /* compression length */
b = input[i++]; b = input[i++];
@@ -33200,7 +33213,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#ifdef HAVE_TLS_EXTENSIONS #ifdef HAVE_TLS_EXTENSIONS
/* tls extensions */ /* tls extensions */
if ((ret = TLSX_Parse(ssl, input + i, totalExtSz, client_hello, if ((ret = TLSX_Parse(ssl, input + i, totalExtSz, client_hello,
&clSuites))) clSuites)))
goto out; goto out;
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
if (TLSX_Find(ssl->extensions, if (TLSX_Find(ssl->extensions,
@@ -33252,15 +33265,15 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
goto out; goto out;
} }
clSuites.hashSigAlgoSz = hashSigAlgoSz; clSuites->hashSigAlgoSz = hashSigAlgoSz;
if (clSuites.hashSigAlgoSz > WOLFSSL_MAX_SIGALGO) { if (clSuites->hashSigAlgoSz > WOLFSSL_MAX_SIGALGO) {
WOLFSSL_MSG("ClientHello SigAlgo list exceeds max, " WOLFSSL_MSG("ClientHello SigAlgo list exceeds max, "
"truncating"); "truncating");
clSuites.hashSigAlgoSz = WOLFSSL_MAX_SIGALGO; clSuites->hashSigAlgoSz = WOLFSSL_MAX_SIGALGO;
} }
XMEMCPY(clSuites.hashSigAlgo, &input[i], XMEMCPY(clSuites->hashSigAlgo, &input[i],
clSuites.hashSigAlgoSz); clSuites->hashSigAlgoSz);
i += hashSigAlgoSz; i += hashSigAlgoSz;
} }
@@ -33290,7 +33303,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* ProcessOld uses same resume code */ /* ProcessOld uses same resume code */
if (ssl->options.resuming) { if (ssl->options.resuming) {
ret = HandleTlsResumption(ssl, bogusID, &clSuites); ret = HandleTlsResumption(ssl, bogusID, clSuites);
if (ret != 0) if (ret != 0)
goto out; goto out;
@@ -33345,7 +33358,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ret = CertSetupCbWrapper(ssl); ret = CertSetupCbWrapper(ssl);
#endif #endif
if (ret == 0) if (ret == 0)
ret = MatchSuite(ssl, &clSuites); ret = MatchSuite(ssl, clSuites);
#ifdef WOLFSSL_EXTRA_ALERTS #ifdef WOLFSSL_EXTRA_ALERTS
if (ret == BUFFER_ERROR) if (ret == BUFFER_ERROR)
@@ -33373,7 +33386,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
wc_HmacFree(&cookieHmac); wc_HmacFree(&cookieHmac);
#endif #endif
#ifdef WOLFSSL_SMALL_STACK
if (clSuites != NULL)
XFREE(clSuites, ssl->heap, DYNAMIC_TYPE_SUITES);
#endif
WOLFSSL_LEAVE("DoClientHello", ret); WOLFSSL_LEAVE("DoClientHello", ret);
WOLFSSL_END(WC_FUNC_CLIENT_HELLO_DO); WOLFSSL_END(WC_FUNC_CLIENT_HELLO_DO);

35
src/tls13.c
View File

@@ -1106,7 +1106,11 @@ int DeriveResumptionPSK(WOLFSSL* ssl, byte* nonce, byte nonceLen, byte* secret)
static int BuildTls13HandshakeHmac(WOLFSSL* ssl, byte* key, byte* hash, static int BuildTls13HandshakeHmac(WOLFSSL* ssl, byte* key, byte* hash,
word32* pHashSz) word32* pHashSz)
{ {
Hmac verifyHmac; #ifdef WOLFSSL_SMALL_STACK
Hmac* verifyHmac;
#else
Hmac verifyHmac[1];
#endif
int hashType = WC_SHA256; int hashType = WC_SHA256;
int hashSz = WC_SHA256_DIGEST_SIZE; int hashSz = WC_SHA256_DIGEST_SIZE;
int ret = BAD_FUNC_ARG; int ret = BAD_FUNC_ARG;
@@ -1151,16 +1155,27 @@ static int BuildTls13HandshakeHmac(WOLFSSL* ssl, byte* key, byte* hash,
WOLFSSL_BUFFER(hash, hashSz); WOLFSSL_BUFFER(hash, hashSz);
#endif #endif
/* Calculate the verify data. */ #ifdef WOLFSSL_SMALL_STACK
ret = wc_HmacInit(&verifyHmac, ssl->heap, ssl->devId); verifyHmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_HMAC);
if (ret == 0) { if (verifyHmac == NULL) {
ret = wc_HmacSetKey(&verifyHmac, hashType, key, ssl->specs.hash_size); return MEMORY_E;
if (ret == 0)
ret = wc_HmacUpdate(&verifyHmac, hash, hashSz);
if (ret == 0)
ret = wc_HmacFinal(&verifyHmac, hash);
wc_HmacFree(&verifyHmac);
} }
#endif
/* Calculate the verify data. */
ret = wc_HmacInit(verifyHmac, ssl->heap, ssl->devId);
if (ret == 0) {
ret = wc_HmacSetKey(verifyHmac, hashType, key, ssl->specs.hash_size);
if (ret == 0)
ret = wc_HmacUpdate(verifyHmac, hash, hashSz);
if (ret == 0)
ret = wc_HmacFinal(verifyHmac, hash);
wc_HmacFree(verifyHmac);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(verifyHmac, NULL, DYNAMIC_TYPE_HMAC);
#endif
#ifdef WOLFSSL_DEBUG_TLS #ifdef WOLFSSL_DEBUG_TLS
WOLFSSL_MSG(" Hash"); WOLFSSL_MSG(" Hash");

6
tests/api.c
View File

@@ -50579,7 +50579,7 @@ static int test_tls13_apis(void)
#ifndef NO_WOLFSSL_SERVER #ifndef NO_WOLFSSL_SERVER
WOLFSSL_CTX* serverCtx; WOLFSSL_CTX* serverCtx;
WOLFSSL* serverSsl; WOLFSSL* serverSsl;
#ifndef NO_CERTS #if !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
const char* ourCert = svrCertFile; const char* ourCert = svrCertFile;
const char* ourKey = svrKeyFile; const char* ourKey = svrKeyFile;
#endif #endif
@@ -50640,7 +50640,7 @@ static int test_tls13_apis(void)
#endif #endif
#ifndef NO_WOLFSSL_SERVER #ifndef NO_WOLFSSL_SERVER
serverTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); serverTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
#ifndef NO_CERTS #if !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
wolfSSL_CTX_use_certificate_chain_file(serverTls12Ctx, ourCert); wolfSSL_CTX_use_certificate_chain_file(serverTls12Ctx, ourCert);
wolfSSL_CTX_use_PrivateKey_file(serverTls12Ctx, ourKey, WOLFSSL_FILETYPE_PEM); wolfSSL_CTX_use_PrivateKey_file(serverTls12Ctx, ourKey, WOLFSSL_FILETYPE_PEM);
#endif #endif
@@ -50654,7 +50654,7 @@ static int test_tls13_apis(void)
#endif #endif
#ifndef NO_WOLFSSL_SERVER #ifndef NO_WOLFSSL_SERVER
serverCtx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()); serverCtx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
#ifndef NO_CERTS #if !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
wolfSSL_CTX_use_certificate_chain_file(serverCtx, ourCert); wolfSSL_CTX_use_certificate_chain_file(serverCtx, ourCert);
wolfSSL_CTX_use_PrivateKey_file(serverCtx, ourKey, WOLFSSL_FILETYPE_PEM); wolfSSL_CTX_use_PrivateKey_file(serverCtx, ourKey, WOLFSSL_FILETYPE_PEM);
#endif #endif

67
wolfcrypt/benchmark/benchmark.c
View File

@@ -52,60 +52,13 @@
/* Macro to disable benchmark */ /* Macro to disable benchmark */
#ifndef NO_CRYPT_BENCHMARK #ifndef NO_CRYPT_BENCHMARK
/* only for stack size check */ #include <wolfssl/wolfcrypt/mem_track.h>
#ifdef HAVE_STACK_SIZE
#include <wolfssl/ssl.h>
#include <wolfssl/test.h>
#elif defined(WOLFSSL_ASYNC_CRYPT) /* only for stack size check */
#if defined(WOLFSSL_ASYNC_CRYPT)
#ifndef WC_NO_ASYNC_THREADING #ifndef WC_NO_ASYNC_THREADING
#define WC_ENABLE_BENCH_THREADING #define WC_ENABLE_BENCH_THREADING
#endif #endif
/* benchmark multi-threading - disable for FIPS self test */
#elif !defined(SINGLE_THREADED) && !defined(WC_NO_BENCH_THREADING) && \
defined(HAVE_PTHREAD) && !defined(HAVE_RENESAS_SYNC)
#define WC_ENABLE_BENCH_THREADING
#if defined(_POSIX_THREADS)
typedef void* THREAD_RETURN;
typedef pthread_t THREAD_TYPE;
#define WOLFSSL_THREAD
#if !defined(__MINGW32__)
#define INFINITE (-1)
#define WAIT_OBJECT_0 0L
#endif
#elif defined(WOLFSSL_MDK_ARM)|| defined(WOLFSSL_KEIL_TCP_NET) || defined(FREESCALE_MQX)
typedef unsigned int THREAD_RETURN;
typedef int THREAD_TYPE;
#define WOLFSSL_THREAD
#elif defined(WOLFSSL_TIRTOS)
typedef void THREAD_RETURN;
typedef Task_Handle THREAD_TYPE;
#ifdef HAVE_STACK_SIZE
#undef EXIT_TEST
#define EXIT_TEST(ret)
#endif
#define WOLFSSL_THREAD
#elif defined(WOLFSSL_ZEPHYR)
typedef void THREAD_RETURN;
typedef struct k_thread THREAD_TYPE;
#ifdef HAVE_STACK_SIZE
#undef EXIT_TEST
#define EXIT_TEST(ret)
#endif
#define WOLFSSL_THREAD
#elif defined(NETOS)
typedef UINT THREAD_RETURN;
typedef TX_THREAD THREAD_TYPE;
#define WOLFSSL_THREAD
#define INFINITE TX_WAIT_FOREVER
#define WAIT_OBJECT_0 TX_NO_WAIT
#else
typedef unsigned int THREAD_RETURN;
typedef intptr_t THREAD_TYPE;
#define WOLFSSL_THREAD __stdcall
#endif
#endif #endif
#ifdef USE_FLAT_BENCHMARK_H #ifdef USE_FLAT_BENCHMARK_H
@@ -1079,10 +1032,9 @@ static const char* bench_desc_words[][15] = {
#pragma warning(disable: 4996) #pragma warning(disable: 4996)
#endif #endif
#ifdef WOLFSSL_CURRTIME_REMAP #ifdef WOLFSSL_CURRTIME_REMAP
#define current_time WOLFSSL_CURRTIME_REMAP #define current_time WOLFSSL_CURRTIME_REMAP
#elif !defined(HAVE_STACK_SIZE) #else
double current_time(int reset); double current_time(int reset);
#endif #endif
@@ -5693,13 +5645,14 @@ static void bench_rsa_helper(int useDeviceID, RsaKey rsaKey[BENCH_MAX_PENDING],
ret = MEMORY_E; ret = MEMORY_E;
goto exit; goto exit;
} }
#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
#ifndef WOLFSSL_RSA_VERIFY_ONLY
#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
if (message == NULL) { if (message == NULL) {
ret = MEMORY_E; ret = MEMORY_E;
goto exit; goto exit;
} }
#endif #endif
#ifndef WOLFSSL_RSA_VERIFY_ONLY
XMEMCPY(message, messageStr, len); XMEMCPY(message, messageStr, len);
#endif #endif
@@ -5855,7 +5808,9 @@ exit:
#if !defined(WOLFSSL_RSA_VERIFY_INLINE) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) #if !defined(WOLFSSL_RSA_VERIFY_INLINE) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
WC_FREE_ARRAY_DYNAMIC(out, BENCH_MAX_PENDING, HEAP_HINT); WC_FREE_ARRAY_DYNAMIC(out, BENCH_MAX_PENDING, HEAP_HINT);
#endif #endif
#ifndef WOLFSSL_RSA_VERIFY_ONLY
WC_FREE_VAR(message, HEAP_HINT); WC_FREE_VAR(message, HEAP_HINT);
#endif
} }
void bench_rsa(int useDeviceID) void bench_rsa(int useDeviceID)
@@ -8100,7 +8055,6 @@ void bench_sphincsKeySign(byte level, byte optim)
#endif /* HAVE_SPHINCS */ #endif /* HAVE_SPHINCS */
#endif /* HAVE_PQC */ #endif /* HAVE_PQC */
#ifndef HAVE_STACK_SIZE
#if defined(_WIN32) && !defined(INTIME_RTOS) #if defined(_WIN32) && !defined(INTIME_RTOS)
#define WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN
@@ -8315,7 +8269,6 @@ void bench_sphincsKeySign(byte level, byte optim)
} }
#endif /* _WIN32 */ #endif /* _WIN32 */
#endif /* !HAVE_STACK_SIZE */
#if defined(HAVE_GET_CYCLES) #if defined(HAVE_GET_CYCLES)

27
wolfcrypt/src/asn.c
View File

@@ -87,6 +87,7 @@ ASN Options:
* WOLFSSL_CERT_NAME_ALL: Adds more certificate name capability at the * WOLFSSL_CERT_NAME_ALL: Adds more certificate name capability at the
cost of taking up more memory. Adds initials, givenname, dnQualifer for cost of taking up more memory. Adds initials, givenname, dnQualifer for
example. example.
* WC_ASN_HASH_SHA256: Force use of SHA2-256 for the internal hash ID calcs.
*/ */
#ifndef NO_ASN #ifndef NO_ASN
@@ -12014,7 +12015,7 @@ int CalcHashId(const byte* data, word32 len, byte* hash)
{ {
int ret; int ret;
#if defined(NO_SHA) && !defined(NO_SHA256) #if defined(NO_SHA) || (!defined(NO_SHA256) && defined(WC_ASN_HASH_SHA256))
ret = wc_Sha256Hash(data, len, hash); ret = wc_Sha256Hash(data, len, hash);
#elif !defined(NO_SHA) #elif !defined(NO_SHA)
ret = wc_ShaHash(data, len, hash); ret = wc_ShaHash(data, len, hash);
@@ -13587,7 +13588,7 @@ int GetName(DecodedCert* cert, int nameType, int maxIdx)
word32 localIdx; word32 localIdx;
byte tag; byte tag;
WOLFSSL_MSG("Getting Cert Name"); WOLFSSL_MSG("Getting Name");
if (nameType == ISSUER) { if (nameType == ISSUER) {
full = cert->issuer; full = cert->issuer;
@@ -13634,7 +13635,7 @@ int GetName(DecodedCert* cert, int nameType, int maxIdx)
char* full; char* full;
byte* hash; byte* hash;
WOLFSSL_MSG("Getting Cert Name"); WOLFSSL_MSG("Getting Name");
XMEMSET(dataASN, 0, sizeof(dataASN)); XMEMSET(dataASN, 0, sizeof(dataASN));
/* Initialize for data and don't check optional prefix OID. */ /* Initialize for data and don't check optional prefix OID. */
@@ -14008,9 +14009,9 @@ int wc_ValidateDate(const byte* date, byte format, int dateType)
struct tm* localTime; struct tm* localTime;
struct tm* tmpTime; struct tm* tmpTime;
int i = 0; int i = 0;
int timeDiff = 0 ; int timeDiff = 0;
int diffHH = 0 ; int diffMM = 0 ; int diffHH = 0, diffMM = 0;
int diffSign = 0 ; int diffSign = 0;
#if defined(NEED_TMP_TIME) #if defined(NEED_TMP_TIME)
struct tm tmpTimeStorage; struct tm tmpTimeStorage;
@@ -15345,6 +15346,9 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
byte* rsaKeyIdx) byte* rsaKeyIdx)
{ {
int ret = 0; int ret = 0;
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT)
CertAttribute* certatt = NULL;
#endif
if (sigCtx == NULL || buf == NULL || bufSz == 0 || key == NULL || if (sigCtx == NULL || buf == NULL || bufSz == 0 || key == NULL ||
keySz == 0 || sig == NULL || sigSz == 0) { keySz == 0 || sig == NULL || sigSz == 0) {
@@ -15363,12 +15367,10 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
#if !defined(WOLFSSL_RENESAS_TSIP_TLS) && !defined(WOLFSSL_RENESAS_SCEPROTECT) #if !defined(WOLFSSL_RENESAS_TSIP_TLS) && !defined(WOLFSSL_RENESAS_SCEPROTECT)
(void)rsaKeyIdx; (void)rsaKeyIdx;
#else #else
CertAttribute* certatt = NULL;
#if !defined(NO_RSA) || defined(HAVE_ECC) #if !defined(NO_RSA) || defined(HAVE_ECC)
certatt = (CertAttribute*)&sigCtx->CertAtt; certatt = (CertAttribute*)&sigCtx->CertAtt;
#endif #endif
if(certatt) { if (certatt) {
certatt->keyIndex = rsaKeyIdx; certatt->keyIndex = rsaKeyIdx;
certatt->cert = buf; certatt->cert = buf;
certatt->certSz = bufSz; certatt->certSz = bufSz;
@@ -23529,7 +23531,7 @@ int wc_PemToDer(const unsigned char* buff, long longSz, int type,
return ret; return ret;
} }
#ifdef WOLFSSL_ENCRYPTED_KEYS
/* our KeyPemToDer password callback, password in userData */ /* our KeyPemToDer password callback, password in userData */
static int KeyPemToDerPassCb(char* passwd, int sz, int rw, void* userdata) static int KeyPemToDerPassCb(char* passwd, int sz, int rw, void* userdata)
{ {
@@ -23541,6 +23543,7 @@ static int KeyPemToDerPassCb(char* passwd, int sz, int rw, void* userdata)
XSTRNCPY(passwd, (char*)userdata, sz); XSTRNCPY(passwd, (char*)userdata, sz);
return min((word32)sz, (word32)XSTRLEN((char*)userdata)); return min((word32)sz, (word32)XSTRLEN((char*)userdata));
} }
#endif
/* Return bytes written to buff or < 0 for error */ /* Return bytes written to buff or < 0 for error */
int wc_KeyPemToDer(const unsigned char* pem, int pemSz, int wc_KeyPemToDer(const unsigned char* pem, int pemSz,
@@ -23569,8 +23572,12 @@ int wc_KeyPemToDer(const unsigned char* pem, int pemSz,
#endif #endif
XMEMSET(info, 0, sizeof(EncryptedInfo)); XMEMSET(info, 0, sizeof(EncryptedInfo));
#ifdef WOLFSSL_ENCRYPTED_KEYS
info->passwd_cb = KeyPemToDerPassCb; info->passwd_cb = KeyPemToDerPassCb;
info->passwd_userdata = (void*)pass; info->passwd_userdata = (void*)pass;
#else
(void)pass;
#endif
ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, info, NULL); ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, info, NULL);

71
wolfcrypt/src/hmac.c
View File

@@ -1184,14 +1184,26 @@ int wolfSSL_GetHmacMaxSize(void)
const byte* inKey, word32 inKeySz, byte* out) const byte* inKey, word32 inKeySz, byte* out)
{ {
byte tmp[WC_MAX_DIGEST_SIZE]; /* localSalt helper */ byte tmp[WC_MAX_DIGEST_SIZE]; /* localSalt helper */
Hmac myHmac; #ifdef WOLFSSL_SMALL_STACK
Hmac* myHmac;
#else
Hmac myHmac[1];
#endif
int ret; int ret;
const byte* localSalt; /* either points to user input or tmp */ const byte* localSalt; /* either points to user input or tmp */
int hashSz; int hashSz;
ret = wc_HmacSizeByType(type); ret = wc_HmacSizeByType(type);
if (ret < 0) if (ret < 0) {
return ret; return ret;
}
#ifdef WOLFSSL_SMALL_STACK
myHmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_HMAC);
if (myHmac == NULL) {
return MEMORY_E;
}
#endif
hashSz = ret; hashSz = ret;
localSalt = salt; localSalt = salt;
@@ -1201,15 +1213,18 @@ int wolfSSL_GetHmacMaxSize(void)
saltSz = hashSz; saltSz = hashSz;
} }
ret = wc_HmacInit(&myHmac, NULL, INVALID_DEVID); ret = wc_HmacInit(myHmac, NULL, INVALID_DEVID);
if (ret == 0) { if (ret == 0) {
ret = wc_HmacSetKey(&myHmac, type, localSalt, saltSz); ret = wc_HmacSetKey(myHmac, type, localSalt, saltSz);
if (ret == 0) if (ret == 0)
ret = wc_HmacUpdate(&myHmac, inKey, inKeySz); ret = wc_HmacUpdate(myHmac, inKey, inKeySz);
if (ret == 0) if (ret == 0)
ret = wc_HmacFinal(&myHmac, out); ret = wc_HmacFinal(myHmac, out);
wc_HmacFree(&myHmac); wc_HmacFree(myHmac);
} }
#ifdef WOLFSSL_SMALL_STACK
XFREE(myHmac, NULL, DYNAMIC_TYPE_HMAC);
#endif
return ret; return ret;
} }
@@ -1229,40 +1244,55 @@ int wolfSSL_GetHmacMaxSize(void)
const byte* info, word32 infoSz, byte* out, word32 outSz) const byte* info, word32 infoSz, byte* out, word32 outSz)
{ {
byte tmp[WC_MAX_DIGEST_SIZE]; byte tmp[WC_MAX_DIGEST_SIZE];
Hmac myHmac; #ifdef WOLFSSL_SMALL_STACK
Hmac* myHmac;
#else
Hmac myHmac[1];
#endif
int ret = 0; int ret = 0;
word32 outIdx = 0; word32 outIdx = 0;
word32 hashSz = wc_HmacSizeByType(type); word32 hashSz = wc_HmacSizeByType(type);
byte n = 0x1; byte n = 0x1;
/* RFC 5869 states that the length of output keying material in /* RFC 5869 states that the length of output keying material in
octets must be L <= 255*HashLen or N = ceil(L/HashLen) */ * octets must be L <= 255*HashLen or N = ceil(L/HashLen) */
if (out == NULL || ((outSz/hashSz) + ((outSz % hashSz) != 0)) > 255) if (out == NULL || ((outSz/hashSz) + ((outSz % hashSz) != 0)) > 255) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
}
ret = wc_HmacInit(&myHmac, NULL, INVALID_DEVID); #ifdef WOLFSSL_SMALL_STACK
if (ret != 0) myHmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_HMAC);
if (myHmac == NULL) {
return MEMORY_E;
}
#endif
ret = wc_HmacInit(myHmac, NULL, INVALID_DEVID);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(myHmac, NULL, DYNAMIC_TYPE_HMAC);
#endif
return ret; return ret;
}
while (outIdx < outSz) { while (outIdx < outSz) {
int tmpSz = (n == 1) ? 0 : hashSz; int tmpSz = (n == 1) ? 0 : hashSz;
word32 left = outSz - outIdx; word32 left = outSz - outIdx;
ret = wc_HmacSetKey(&myHmac, type, inKey, inKeySz); ret = wc_HmacSetKey(myHmac, type, inKey, inKeySz);
if (ret != 0) if (ret != 0)
break; break;
ret = wc_HmacUpdate(&myHmac, tmp, tmpSz); ret = wc_HmacUpdate(myHmac, tmp, tmpSz);
if (ret != 0) if (ret != 0)
break; break;
ret = wc_HmacUpdate(&myHmac, info, infoSz); ret = wc_HmacUpdate(myHmac, info, infoSz);
if (ret != 0) if (ret != 0)
break; break;
ret = wc_HmacUpdate(&myHmac, &n, 1); ret = wc_HmacUpdate(myHmac, &n, 1);
if (ret != 0) if (ret != 0)
break; break;
ret = wc_HmacFinal(&myHmac, tmp); ret = wc_HmacFinal(myHmac, tmp);
if (ret != 0) if (ret != 0)
break; break;
@@ -1273,7 +1303,10 @@ int wolfSSL_GetHmacMaxSize(void)
n++; n++;
} }
wc_HmacFree(&myHmac); wc_HmacFree(myHmac);
#ifdef WOLFSSL_SMALL_STACK
XFREE(myHmac, NULL, DYNAMIC_TYPE_HMAC);
#endif
return ret; return ret;
} }

30
wolfcrypt/src/integer.c
View File

@@ -2306,11 +2306,7 @@ int mp_exptmod_base_2(mp_int * X, mp_int * P, mp_int * Y)
{ {
mp_digit buf, mp; mp_digit buf, mp;
int err = MP_OKAY, bitbuf, bitcpy, bitcnt, digidx, x, y; int err = MP_OKAY, bitbuf, bitcpy, bitcnt, digidx, x, y;
#ifdef WOLFSSL_SMALL_STACK
mp_int *res = NULL;
#else
mp_int res[1]; mp_int res[1];
#endif
int (*redux)(mp_int*,mp_int*,mp_digit) = NULL; int (*redux)(mp_int*,mp_int*,mp_digit) = NULL;
/* automatically pick the comba one if available (saves quite a few /* automatically pick the comba one if available (saves quite a few
@@ -2332,13 +2328,6 @@ int mp_exptmod_base_2(mp_int * X, mp_int * P, mp_int * Y)
return MP_VAL; return MP_VAL;
} }
#ifdef WOLFSSL_SMALL_STACK
res = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (res == NULL) {
return MP_MEM;
}
#endif
/* now setup montgomery */ /* now setup montgomery */
if ((err = mp_montgomery_setup(P, &mp)) != MP_OKAY) { if ((err = mp_montgomery_setup(P, &mp)) != MP_OKAY) {
goto LBL_M; goto LBL_M;
@@ -2449,9 +2438,6 @@ int mp_exptmod_base_2(mp_int * X, mp_int * P, mp_int * Y)
LBL_RES:mp_clear (res); LBL_RES:mp_clear (res);
LBL_M: LBL_M:
#ifdef WOLFSSL_SMALL_STACK
XFREE(res, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return err; return err;
} }
@@ -2526,12 +2512,13 @@ int fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho)
} }
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
W = (mp_word*)XMALLOC(sizeof(mp_word) * MP_WARRAY, NULL, DYNAMIC_TYPE_BIGINT); W = (mp_word*)XMALLOC(sizeof(mp_word) * (n->used * 2 + 1), NULL,
DYNAMIC_TYPE_BIGINT);
if (W == NULL) if (W == NULL)
return MP_MEM; return MP_MEM;
#endif #endif
XMEMSET(W, 0, (n->used * 2 + 1) * sizeof(mp_word)); XMEMSET(W, 0, sizeof(mp_word) * (n->used * 2 + 1));
/* first we have to get the digits of the input into /* first we have to get the digits of the input into
* an array of double precision words W[...] * an array of double precision words W[...]
@@ -3349,7 +3336,7 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b)
return MP_RANGE; /* TAO range check */ return MP_RANGE; /* TAO range check */
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, NULL, DYNAMIC_TYPE_BIGINT); W = (mp_digit*)XMALLOC(sizeof(mp_digit) * pa, NULL, DYNAMIC_TYPE_BIGINT);
if (W == NULL) if (W == NULL)
return MP_MEM; return MP_MEM;
#endif #endif
@@ -3468,7 +3455,7 @@ int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
return MP_RANGE; /* TAO range check */ return MP_RANGE; /* TAO range check */
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, NULL, DYNAMIC_TYPE_BIGINT); W = (mp_digit*)XMALLOC(sizeof(mp_digit) * pa, NULL, DYNAMIC_TYPE_BIGINT);
if (W == NULL) if (W == NULL)
return MP_MEM; return MP_MEM;
#endif #endif
@@ -4203,13 +4190,12 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
return MP_RANGE; /* TAO range check */ return MP_RANGE; /* TAO range check */
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, NULL, DYNAMIC_TYPE_BIGINT); W = (mp_digit*)XMALLOC(sizeof(mp_digit) * pa, NULL, DYNAMIC_TYPE_BIGINT);
if (W == NULL) if (W == NULL)
return MP_MEM; return MP_MEM;
#endif #endif
/* number of output digits to produce */ /* number of output digits to produce */
pa = a->used + b->used;
_W = 0; _W = 0;
for (ix = digs; ix < pa; ix++) { /* JRB, have a->dp check at top of function*/ for (ix = digs; ix < pa; ix++) { /* JRB, have a->dp check at top of function*/
int tx, ty, iy; int tx, ty, iy;
@@ -4667,7 +4653,7 @@ int mp_mod_d (mp_int * a, mp_digit b, mp_digit * c)
#endif /* WOLFSSL_KEY_GEN || HAVE_COMP_KEY || HAVE_ECC || DEBUG_WOLFSSL */ #endif /* WOLFSSL_KEY_GEN || HAVE_COMP_KEY || HAVE_ECC || DEBUG_WOLFSSL */
#if defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || !defined(NO_DSA) || !defined(NO_RSA) #if (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || !defined(NO_DH) || !defined(NO_DSA)
const FLASH_QUALIFIER mp_digit ltm_prime_tab[PRIME_SIZE] = { const FLASH_QUALIFIER mp_digit ltm_prime_tab[PRIME_SIZE] = {
0x0002, 0x0003, 0x0005, 0x0007, 0x000B, 0x000D, 0x0011, 0x0013, 0x0002, 0x0003, 0x0005, 0x0007, 0x000B, 0x000D, 0x0011, 0x0013,
@@ -5018,7 +5004,7 @@ LBL_B:mp_clear (&b);
return err; return err;
} }
#endif /* WOLFSSL_KEY_GEN NO_DH NO_DSA NO_RSA */ #endif /* (WOLFSSL_KEY_GEN && !NO_RSA) || !NO_DH || !NO_DSA */
#ifdef WOLFSSL_KEY_GEN #ifdef WOLFSSL_KEY_GEN

17
wolfcrypt/src/kdf.c
View File

@@ -435,13 +435,25 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
{ {
int ret = 0; int ret = 0;
int idx = 0; int idx = 0;
#ifdef WOLFSSL_SMALL_STACK
byte* data;
#else
byte data[MAX_TLS13_HKDF_LABEL_SZ]; byte data[MAX_TLS13_HKDF_LABEL_SZ];
#endif
/* okmLen (2) + protocol|label len (1) + info len(1) + protocollen + /* okmLen (2) + protocol|label len (1) + info len(1) + protocollen +
* labellen + infolen */ * labellen + infolen */
idx = 4 + protocolLen + labelLen + infoLen; idx = 4 + protocolLen + labelLen + infoLen;
if (idx > MAX_TLS13_HKDF_LABEL_SZ) if (idx > MAX_TLS13_HKDF_LABEL_SZ) {
return BUFFER_E; return BUFFER_E;
}
#ifdef WOLFSSL_SMALL_STACK
data = (byte*)XMALLOC(idx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (data == NULL) {
return MEMORY_E;
}
#endif
idx = 0; idx = 0;
/* Output length. */ /* Output length. */
@@ -484,6 +496,9 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
#ifdef WOLFSSL_CHECK_MEM_ZERO #ifdef WOLFSSL_CHECK_MEM_ZERO
wc_MemZero_Check(data, MAX_TLS13_HKDF_LABEL_SZ); wc_MemZero_Check(data, MAX_TLS13_HKDF_LABEL_SZ);
#endif
#ifdef WOLFSSL_SMALL_STACK
XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
return ret; return ret;
} }

7
wolfcrypt/src/logging.c
View File

@@ -318,6 +318,10 @@ void WOLFSSL_TIME(int count)
int dc_log_printf(char*, ...); int dc_log_printf(char*, ...);
#endif #endif
#ifdef HAVE_STACK_SIZE_VERBOSE
#include <wolfssl/wolfcrypt/mem_track.h>
#endif
static void wolfssl_log(const int logLevel, const char *const logMessage) static void wolfssl_log(const int logLevel, const char *const logMessage)
{ {
if (log_function) if (log_function)
@@ -359,6 +363,9 @@ static void wolfssl_log(const int logLevel, const char *const logMessage)
printk("%s\n", logMessage); printk("%s\n", logMessage);
#elif defined(WOLFSSL_RENESAS_RA6M4) #elif defined(WOLFSSL_RENESAS_RA6M4)
myprintf("%s\n", logMessage); myprintf("%s\n", logMessage);
#elif defined(STACK_SIZE_CHECKPOINT_MSG) && \
defined(HAVE_STACK_SIZE_VERBOSE) && defined(HAVE_STACK_SIZE_VERBOSE_LOG)
STACK_SIZE_CHECKPOINT_MSG(logMessage);
#else #else
fprintf(stderr, "%s\n", logMessage); fprintf(stderr, "%s\n", logMessage);
#endif #endif

177
wolfcrypt/src/random.c
View File

@@ -363,16 +363,19 @@ static int Hash_df(DRBG_internal* drbg, byte* out, word32 outSz, byte type,
#else #else
wc_Sha256 sha[1]; wc_Sha256 sha[1];
#endif #endif
#ifdef WC_ASYNC_ENABLE_SHA256 #ifdef WOLFSSL_SMALL_STACK
WC_DECLARE_VAR(digest, byte, WC_SHA256_DIGEST_SIZE, drbg->heap); byte* digest;
if (digest == NULL)
return MEMORY_E;
#else #else
byte digest[WC_SHA256_DIGEST_SIZE]; byte digest[WC_SHA256_DIGEST_SIZE];
#endif #endif
(void)drbg; if (drbg == NULL) {
#ifdef WC_ASYNC_ENABLE_SHA256 return DRBG_FAILURE;
}
#ifdef WOLFSSL_SMALL_STACK
digest = (byte*)XMALLOC(WC_SHA256_DIGEST_SIZE, drbg->heap,
DYNAMIC_TYPE_DIGEST);
if (digest == NULL) if (digest == NULL)
return DRBG_FAILURE; return DRBG_FAILURE;
#endif #endif
@@ -431,8 +434,8 @@ static int Hash_df(DRBG_internal* drbg, byte* out, word32 outSz, byte type,
ForceZero(digest, WC_SHA256_DIGEST_SIZE); ForceZero(digest, WC_SHA256_DIGEST_SIZE);
#ifdef WC_ASYNC_ENABLE_SHA256 #ifdef WOLFSSL_SMALL_STACK
WC_FREE_VAR(digest, drbg->heap); XFREE(digest, drbg->heap, DYNAMIC_TYPE_DIGEST);
#endif #endif
return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE; return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
@@ -441,31 +444,44 @@ static int Hash_df(DRBG_internal* drbg, byte* out, word32 outSz, byte type,
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ /* Returns: DRBG_SUCCESS or DRBG_FAILURE */
static int Hash_DRBG_Reseed(DRBG_internal* drbg, const byte* seed, word32 seedSz) static int Hash_DRBG_Reseed(DRBG_internal* drbg, const byte* seed, word32 seedSz)
{ {
int ret;
#ifdef WOLFSSL_SMALL_STACK
byte* newV;
#else
byte newV[DRBG_SEED_LEN]; byte newV[DRBG_SEED_LEN];
#endif
if (drbg == NULL) { if (drbg == NULL) {
return DRBG_FAILURE; return DRBG_FAILURE;
} }
#ifdef WOLFSSL_SMALL_STACK
newV = (byte*)XMALLOC(DRBG_SEED_LEN, drbg->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (newV == NULL) {
return MEMORY_E;
}
#endif
XMEMSET(newV, 0, DRBG_SEED_LEN); XMEMSET(newV, 0, DRBG_SEED_LEN);
if (Hash_df(drbg, newV, sizeof(newV), drbgReseed, ret = Hash_df(drbg, newV, DRBG_SEED_LEN, drbgReseed,
drbg->V, sizeof(drbg->V), seed, seedSz) != DRBG_SUCCESS) { drbg->V, sizeof(drbg->V), seed, seedSz);
return DRBG_FAILURE; if (ret == DRBG_SUCCESS) {
XMEMCPY(drbg->V, newV, sizeof(drbg->V));
ForceZero(newV, DRBG_SEED_LEN);
ret = Hash_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V,
sizeof(drbg->V), NULL, 0);
}
if (ret == DRBG_SUCCESS) {
drbg->reseedCtr = 1;
drbg->lastBlock = 0;
drbg->matchCount = 0;
} }
XMEMCPY(drbg->V, newV, sizeof(drbg->V)); #ifdef WOLFSSL_SMALL_STACK
ForceZero(newV, sizeof(newV)); XFREE(newV, drbg->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if (Hash_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V, return ret;
sizeof(drbg->V), NULL, 0) != DRBG_SUCCESS) {
return DRBG_FAILURE;
}
drbg->reseedCtr = 1;
drbg->lastBlock = 0;
drbg->matchCount = 0;
return DRBG_SUCCESS;
} }
/* Returns: DRBG_SUCCESS and DRBG_FAILURE or BAD_FUNC_ARG on fail */ /* Returns: DRBG_SUCCESS and DRBG_FAILURE or BAD_FUNC_ARG on fail */
@@ -491,9 +507,7 @@ int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* seed, word32 seedSz)
static WC_INLINE void array_add_one(byte* data, word32 dataSz) static WC_INLINE void array_add_one(byte* data, word32 dataSz)
{ {
int i; int i;
for (i = dataSz - 1; i >= 0; i--) {
for (i = dataSz - 1; i >= 0; i--)
{
data[i]++; data[i]++;
if (data[i] != 0) break; if (data[i] != 0) break;
} }
@@ -503,7 +517,13 @@ static WC_INLINE void array_add_one(byte* data, word32 dataSz)
static int Hash_gen(DRBG_internal* drbg, byte* out, word32 outSz, const byte* V) static int Hash_gen(DRBG_internal* drbg, byte* out, word32 outSz, const byte* V)
{ {
int ret = DRBG_FAILURE; int ret = DRBG_FAILURE;
#ifdef WOLFSSL_SMALL_STACK
byte* data;
byte* digest;
#else
byte data[DRBG_SEED_LEN]; byte data[DRBG_SEED_LEN];
byte digest[WC_SHA256_DIGEST_SIZE];
#endif
int i; int i;
int len; int len;
word32 checkBlock; word32 checkBlock;
@@ -512,22 +532,32 @@ static int Hash_gen(DRBG_internal* drbg, byte* out, word32 outSz, const byte* V)
#else #else
wc_Sha256 sha[1]; wc_Sha256 sha[1];
#endif #endif
#ifdef WC_ASYNC_ENABLE_SHA256
WC_DECLARE_VAR(digest, byte, WC_SHA256_DIGEST_SIZE, drbg->heap); if (drbg == NULL) {
if (digest == NULL) return DRBG_FAILURE;
return MEMORY_E; }
#else
byte digest[WC_SHA256_DIGEST_SIZE]; #ifdef WOLFSSL_SMALL_STACK
data = (byte*)XMALLOC(DRBG_SEED_LEN, drbg->heap, DYNAMIC_TYPE_TMP_BUFFER);
digest = (byte*)XMALLOC(WC_SHA256_DIGEST_SIZE, drbg->heap,
DYNAMIC_TYPE_DIGEST);
if (data == NULL || digest == NULL) {
XFREE(digest, drbg->heap, DYNAMIC_TYPE_DIGEST);
XFREE(data, drbg->heap, DYNAMIC_TYPE_TMP_BUFFER);
return DRBG_FAILURE;
}
#endif #endif
/* Special case: outSz is 0 and out is NULL. wc_Generate a block to save for /* Special case: outSz is 0 and out is NULL. wc_Generate a block to save for
* the continuous test. */ * the continuous test. */
if (outSz == 0) outSz = 1; if (outSz == 0) {
outSz = 1;
}
len = (outSz / OUTPUT_BLOCK_LEN) + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0); len = (outSz / OUTPUT_BLOCK_LEN) + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0);
XMEMCPY(data, V, sizeof(data)); XMEMCPY(data, V, DRBG_SEED_LEN);
for (i = 0; i < len; i++) { for (i = 0; i < len; i++) {
#ifndef WOLFSSL_SMALL_STACK_CACHE #ifndef WOLFSSL_SMALL_STACK_CACHE
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
@@ -537,7 +567,7 @@ static int Hash_gen(DRBG_internal* drbg, byte* out, word32 outSz, const byte* V)
#endif #endif
if (ret == 0) if (ret == 0)
#endif #endif
ret = wc_Sha256Update(sha, data, sizeof(data)); ret = wc_Sha256Update(sha, data, DRBG_SEED_LEN);
if (ret == 0) if (ret == 0)
ret = wc_Sha256Final(sha, digest); ret = wc_Sha256Final(sha, digest);
#ifndef WOLFSSL_SMALL_STACK_CACHE #ifndef WOLFSSL_SMALL_STACK_CACHE
@@ -580,10 +610,11 @@ static int Hash_gen(DRBG_internal* drbg, byte* out, word32 outSz, const byte* V)
break; break;
} }
} }
ForceZero(data, sizeof(data)); ForceZero(data, DRBG_SEED_LEN);
#ifdef WC_ASYNC_ENABLE_SHA256 #ifdef WOLFSSL_SMALL_STACK
WC_FREE_VAR(digest, drbg->heap); XFREE(digest, drbg->heap, DYNAMIC_TYPE_DIGEST);
XFREE(data, drbg->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE; return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
@@ -630,14 +661,17 @@ static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz)
if (drbg->reseedCtr == RESEED_INTERVAL) { if (drbg->reseedCtr == RESEED_INTERVAL) {
return DRBG_NEED_RESEED; return DRBG_NEED_RESEED;
} else { }
#ifdef WC_ASYNC_ENABLE_SHA256 else {
WC_DECLARE_VAR(digest, byte, WC_SHA256_DIGEST_SIZE, drbg->heap); #ifndef WOLFSSL_SMALL_STACK
if (digest == NULL)
return MEMORY_E;
#else
byte digest[WC_SHA256_DIGEST_SIZE]; byte digest[WC_SHA256_DIGEST_SIZE];
#else
byte* digest = (byte*)XMALLOC(WC_SHA256_DIGEST_SIZE, drbg->heap,
DYNAMIC_TYPE_DIGEST);
if (digest == NULL)
return DRBG_FAILURE;
#endif #endif
type = drbgGenerateH; type = drbgGenerateH;
reseedCtr = drbg->reseedCtr; reseedCtr = drbg->reseedCtr;
@@ -674,8 +708,8 @@ static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz)
drbg->reseedCtr++; drbg->reseedCtr++;
} }
ForceZero(digest, WC_SHA256_DIGEST_SIZE); ForceZero(digest, WC_SHA256_DIGEST_SIZE);
#ifdef WC_ASYNC_ENABLE_SHA256 #ifdef WOLFSSL_SMALL_STACK
WC_FREE_VAR(digest, drbg->heap); XFREE(digest, drbg->heap, DYNAMIC_TYPE_DIGEST);
#endif #endif
} }
@@ -690,11 +724,10 @@ static int Hash_DRBG_Instantiate(DRBG_internal* drbg, const byte* seed, word32 s
int ret = DRBG_FAILURE; int ret = DRBG_FAILURE;
XMEMSET(drbg, 0, sizeof(DRBG_internal)); XMEMSET(drbg, 0, sizeof(DRBG_internal));
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
drbg->heap = heap; drbg->heap = heap;
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
drbg->devId = devId; drbg->devId = devId;
#else #else
(void)heap;
(void)devId; (void)devId;
#endif #endif
@@ -735,8 +768,9 @@ static int Hash_DRBG_Uninstantiate(DRBG_internal* drbg)
ForceZero(drbg, sizeof(DRBG_internal)); ForceZero(drbg, sizeof(DRBG_internal));
for (i = 0; i < sizeof(DRBG_internal); i++) for (i = 0; i < sizeof(DRBG_internal); i++) {
compareSum |= compareDrbg[i] ^ 0; compareSum |= compareDrbg[i] ^ 0;
}
return (compareSum == 0) ? DRBG_SUCCESS : DRBG_FAILURE; return (compareSum == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
} }
@@ -838,12 +872,13 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
seedSz = MAX_SEED_SZ; seedSz = MAX_SEED_SZ;
if (wc_RNG_HealthTestLocal(0) == 0) { if (wc_RNG_HealthTestLocal(0) == 0) {
#ifdef WC_ASYNC_ENABLE_SHA256 #ifndef WOLFSSL_SMALL_STACK
WC_DECLARE_VAR(seed, byte, MAX_SEED_SZ, rng->heap); byte seed[MAX_SEED_SZ];
#else
byte* seed = (byte*)XMALLOC(MAX_SEED_SZ, rng->heap,
DYNAMIC_TYPE_SEED);
if (seed == NULL) if (seed == NULL)
return MEMORY_E; return MEMORY_E;
#else
byte seed[MAX_SEED_SZ];
#endif #endif
#if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY) #if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY)
@@ -892,12 +927,13 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
} }
ForceZero(seed, seedSz); ForceZero(seed, seedSz);
#ifdef WC_ASYNC_ENABLE_SHA256 #ifdef WOLFSSL_SMALL_STACK
WC_FREE_VAR(seed, rng->heap); XFREE(seed, rng->heap, DYNAMIC_TYPE_SEED);
#endif #endif
} }
else else {
ret = DRBG_CONT_FAILURE; ret = DRBG_CONT_FAILURE;
}
if (ret == DRBG_SUCCESS) { if (ret == DRBG_SUCCESS) {
#ifdef WOLFSSL_CHECK_MEM_ZERO #ifdef WOLFSSL_CHECK_MEM_ZERO
@@ -1044,13 +1080,21 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
ret = Hash_DRBG_Generate((DRBG_internal *)rng->drbg, output, sz); ret = Hash_DRBG_Generate((DRBG_internal *)rng->drbg, output, sz);
if (ret == DRBG_NEED_RESEED) { if (ret == DRBG_NEED_RESEED) {
if (wc_RNG_HealthTestLocal(1) == 0) { if (wc_RNG_HealthTestLocal(1) == 0) {
#ifndef WOLFSSL_SMALL_STACK
byte newSeed[SEED_SZ + SEED_BLOCK_SZ]; byte newSeed[SEED_SZ + SEED_BLOCK_SZ];
ret = DRBG_SUCCESS;
ret = wc_GenerateSeed(&rng->seed, newSeed, #else
byte* newSeed = (byte*)XMALLOC(SEED_SZ + SEED_BLOCK_SZ, rng->heap,
DYNAMIC_TYPE_SEED);
ret = (newSeed == NULL) ? MEMORY_E : DRBG_SUCCESS;
#endif
if (ret == DRBG_SUCCESS) {
ret = wc_GenerateSeed(&rng->seed, newSeed,
SEED_SZ + SEED_BLOCK_SZ); SEED_SZ + SEED_BLOCK_SZ);
if (ret != 0) if (ret != 0)
ret = DRBG_FAILURE; ret = DRBG_FAILURE;
else }
if (ret == DRBG_SUCCESS)
ret = wc_RNG_TestSeed(newSeed, SEED_SZ + SEED_BLOCK_SZ); ret = wc_RNG_TestSeed(newSeed, SEED_SZ + SEED_BLOCK_SZ);
if (ret == DRBG_SUCCESS) if (ret == DRBG_SUCCESS)
@@ -1060,9 +1104,13 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
ret = Hash_DRBG_Generate((DRBG_internal *)rng->drbg, output, sz); ret = Hash_DRBG_Generate((DRBG_internal *)rng->drbg, output, sz);
ForceZero(newSeed, sizeof(newSeed)); ForceZero(newSeed, sizeof(newSeed));
#ifdef WOLFSSL_SMALL_STACK
XFREE(newSeed, rng->heap, DYNAMIC_TYPE_SEED);
#endif
} }
else else {
ret = DRBG_CONT_FAILURE; ret = DRBG_CONT_FAILURE;
}
} }
if (ret == DRBG_SUCCESS) { if (ret == DRBG_SUCCESS) {
@@ -1167,7 +1215,8 @@ int wc_RNG_HealthTest_ex(int reseed, const byte* nonce, word32 nonceSz,
} }
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
drbg = (DRBG_internal*)XMALLOC(sizeof(DRBG_internal), NULL, DYNAMIC_TYPE_RNG); drbg = (DRBG_internal*)XMALLOC(sizeof(DRBG_internal), heap,
DYNAMIC_TYPE_RNG);
if (drbg == NULL) { if (drbg == NULL) {
return MEMORY_E; return MEMORY_E;
} }
@@ -1210,7 +1259,7 @@ exit_rng_ht:
} }
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(drbg, NULL, DYNAMIC_TYPE_RNG); XFREE(drbg, heap, DYNAMIC_TYPE_RNG);
#endif #endif
return ret; return ret;

75
wolfcrypt/src/sha256.c
View File

@@ -1793,19 +1793,36 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
int wc_Sha224GetHash(wc_Sha224* sha224, byte* hash) int wc_Sha224GetHash(wc_Sha224* sha224, byte* hash)
{ {
int ret; int ret;
wc_Sha224 tmpSha224; #ifdef WOLFSSL_SMALL_STACK
wc_Sha224* tmpSha224;
#else
wc_Sha224 tmpSha224[1];
#endif
wc_InitSha224(&tmpSha224); if (sha224 == NULL || hash == NULL) {
if (sha224 == NULL || hash == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
ret = wc_Sha224Copy(sha224, &tmpSha224);
if (ret == 0) {
ret = wc_Sha224Final(&tmpSha224, hash);
wc_Sha224Free(&tmpSha224);
} }
#ifdef WOLFSSL_SMALL_STACK
tmpSha224 = (wc_Sha224*)XMALLOC(sizeof(wc_Sha224), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (tmpSha224 == NULL) {
return MEMORY_E;
}
#endif
ret = wc_Sha224Copy(sha224, tmpSha224);
if (ret == 0) {
ret = wc_Sha224Final(tmpSha224, hash);
wc_Sha224Free(tmpSha224);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmpSha224, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret; return ret;
} }
int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst) int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst)
{ {
int ret = 0; int ret = 0;
@@ -1894,44 +1911,54 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash) int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash)
{ {
int ret; int ret;
wc_Sha256 tmpSha256; #ifdef WOLFSSL_SMALL_STACK
wc_Sha256* tmpSha256;
#else
wc_Sha256 tmpSha256[1];
#endif
if (sha256 == NULL || hash == NULL) if (sha256 == NULL || hash == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_SMALL_STACK
tmpSha256 = (wc_Sha256*)XMALLOC(sizeof(wc_Sha256), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (tmpSha256 == NULL) {
return MEMORY_E;
}
#endif
#if defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW) #if defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW)
/* ESP32 hardware can only handle only 1 active hardware hashing /* ESP32 hardware can only handle only 1 active hardware hashing
* at a time. If the mutex lock is acquired the first time then * at a time. If the mutex lock is acquired the first time then
* that Sha256 instance has exclusive access to hardware. The * that Sha256 instance has exclusive access to hardware. The
* final or free needs to release the mutex. Operations that * final or free needs to release the mutex. Operations that
* do not get the lock fallback to software based Sha256 */ * do not get the lock fallback to software based Sha256 */
if(sha256->ctx.mode == ESP32_SHA_INIT){ if (sha256->ctx.mode == ESP32_SHA_INIT) {
esp_sha_try_hw_lock(&sha256->ctx); esp_sha_try_hw_lock(&sha256->ctx);
} }
if(sha256->ctx.mode == ESP32_SHA_HW) if (sha256->ctx.mode == ESP32_SHA_HW) {
{
esp_sha256_digest_process(sha256, 0); esp_sha256_digest_process(sha256, 0);
} }
#endif #endif
ret = wc_Sha256Copy(sha256, &tmpSha256);
ret = wc_Sha256Copy(sha256, tmpSha256);
if (ret == 0) { if (ret == 0) {
ret = wc_Sha256Final(&tmpSha256, hash); ret = wc_Sha256Final(tmpSha256, hash);
#if defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW) #if defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW)
{
sha256->ctx.mode = ESP32_SHA_SW; sha256->ctx.mode = ESP32_SHA_SW;
} #endif
#endif
wc_Sha256Free(&tmpSha256); wc_Sha256Free(tmpSha256);
} }
#if defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW) #ifdef WOLFSSL_SMALL_STACK
/* TODO: Make sure the ESP32 crypto mutex is released (in case final is not XFREE(tmpSha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
* called */
#endif #endif
return ret; return ret;
} }
int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst) int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)

94
wolfcrypt/src/sha512.c
View File

@@ -1502,29 +1502,49 @@ static int Sha512_Family_GetHash(wc_Sha512* sha512, byte* hash,
int (*finalfp)(wc_Sha512*, byte*)) int (*finalfp)(wc_Sha512*, byte*))
{ {
int ret; int ret;
wc_Sha512 tmpSha512; #ifdef WOLFSSL_SMALL_STACK
wc_Sha512* tmpSha512;
if (sha512 == NULL || hash == NULL) #else
return BAD_FUNC_ARG; wc_Sha512 tmpSha512[1];
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
!defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
if(sha512->ctx.mode == ESP32_SHA_INIT) {
esp_sha_try_hw_lock(&sha512->ctx);
}
if(sha512->ctx.mode != ESP32_SHA_SW)
esp_sha512_digest_process(sha512, 0);
#endif #endif
ret = wc_Sha512Copy(sha512, &tmpSha512); if (sha512 == NULL || hash == NULL) {
return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_SMALL_STACK
tmpSha512 = (wc_Sha512*)XMALLOC(sizeof(wc_Sha512), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (tmpSha512 == NULL) {
return MEMORY_E;
}
#endif
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
!defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
if (sha512->ctx.mode == ESP32_SHA_INIT) {
esp_sha_try_hw_lock(&sha512->ctx);
}
if (sha512->ctx.mode != ESP32_SHA_SW) {
esp_sha512_digest_process(sha512, 0);
}
#endif
ret = wc_Sha512Copy(sha512, tmpSha512);
if (ret == 0) { if (ret == 0) {
ret = finalfp(&tmpSha512, hash); ret = finalfp(tmpSha512, hash);
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
!defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
sha512->ctx.mode = ESP32_SHA_SW;; sha512->ctx.mode = ESP32_SHA_SW;;
#endif #endif
wc_Sha512Free(&tmpSha512); wc_Sha512Free(tmpSha512);
} }
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmpSha512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret; return ret;
} }
@@ -1735,36 +1755,58 @@ int wc_Sha512_256Transform(wc_Sha512* sha, const unsigned char* data)
int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash) int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash)
{ {
int ret; int ret;
wc_Sha384 tmpSha384; #ifdef WOLFSSL_SMALL_STACK
wc_Sha384* tmpSha384;
#else
wc_Sha384 tmpSha384[1];
#endif
if (sha384 == NULL || hash == NULL) if (sha384 == NULL || hash == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ }
#ifdef WOLFSSL_SMALL_STACK
tmpSha384 = (wc_Sha384*)XMALLOC(sizeof(wc_Sha384), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (tmpSha384 == NULL) {
return MEMORY_E;
}
#endif
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
!defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
if(sha384->ctx.mode == ESP32_SHA_INIT) { if (sha384->ctx.mode == ESP32_SHA_INIT) {
esp_sha_try_hw_lock(&sha384->ctx); esp_sha_try_hw_lock(&sha384->ctx);
} }
if(sha384->ctx.mode != ESP32_SHA_SW) { if (sha384->ctx.mode != ESP32_SHA_SW) {
esp_sha512_digest_process(sha384, 0); esp_sha512_digest_process(sha384, 0);
} }
#endif #endif
ret = wc_Sha384Copy(sha384, &tmpSha384); ret = wc_Sha384Copy(sha384, tmpSha384);
if (ret == 0) { if (ret == 0) {
ret = wc_Sha384Final(&tmpSha384, hash); ret = wc_Sha384Final(tmpSha384, hash);
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
!defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
sha384->ctx.mode = ESP32_SHA_SW; sha384->ctx.mode = ESP32_SHA_SW;
#endif #endif
wc_Sha384Free(&tmpSha384); wc_Sha384Free(tmpSha384);
} }
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmpSha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret; return ret;
} }
int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst) int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
{ {
int ret = 0; int ret = 0;
if (src == NULL || dst == NULL) if (src == NULL || dst == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
}
XMEMCPY(dst, src, sizeof(wc_Sha384)); XMEMCPY(dst, src, sizeof(wc_Sha384));
#ifdef WOLFSSL_SMALL_STACK_CACHE #ifdef WOLFSSL_SMALL_STACK_CACHE

14
wolfcrypt/test/test.c
View File

@@ -27,14 +27,13 @@
#include <wolfssl/options.h> #include <wolfssl/options.h>
#endif #endif
#include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/version.h>
#include <wolfssl/wolfcrypt/wc_port.h>
#ifndef NO_CRYPT_TEST #ifndef NO_CRYPT_TEST
#if defined(HAVE_STACK_SIZE) && !defined(HAVE_WOLFCRYPT_TEST_OPTIONS) #include <wolfssl/version.h>
#define HAVE_WOLFCRYPT_TEST_OPTIONS #include <wolfssl/wolfcrypt/types.h>
#endif #include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/mem_track.h>
#if defined(HAVE_WOLFCRYPT_TEST_OPTIONS) #if defined(HAVE_WOLFCRYPT_TEST_OPTIONS)
#include <wolfssl/ssl.h> #include <wolfssl/ssl.h>
@@ -48,15 +47,12 @@
#include <stdint.h> #include <stdint.h>
#endif #endif
#if defined(HAVE_STACK_SIZE_VERBOSE) #ifdef HAVE_STACK_SIZE_VERBOSE
#ifdef WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES #ifdef WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES
static ssize_t max_relative_stack = WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES; static ssize_t max_relative_stack = WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES;
#else #else
static ssize_t max_relative_stack = -1; static ssize_t max_relative_stack = -1;
#endif #endif
#else
#define STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK(max, ...) (__VA_ARGS__, 0)
#define STACK_SIZE_INIT()
#endif #endif
#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE

407
wolfssl/test.h
View File

@@ -1,4 +1,29 @@
/* test.h */ /* test.h
*
* Copyright (C) 2006-2022 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*!
\file ../wolfssl/test.h
\brief Header file containing test inline functions
*/
/* Testing functions */
#ifndef wolfSSL_TEST_H #ifndef wolfSSL_TEST_H
#define wolfSSL_TEST_H #define wolfSSL_TEST_H
@@ -252,57 +277,6 @@
#endif #endif
#endif #endif
#ifdef SINGLE_THREADED
#if defined(WC_32BIT_CPU)
typedef void* THREAD_RETURN;
#else
typedef unsigned int THREAD_RETURN;
#endif
typedef void* THREAD_TYPE;
#define WOLFSSL_THREAD
#else
#if defined(_POSIX_THREADS) && !defined(__MINGW32__)
typedef void* THREAD_RETURN;
typedef pthread_t THREAD_TYPE;
#define WOLFSSL_THREAD
#define INFINITE (-1)
#define WAIT_OBJECT_0 0L
#elif defined(WOLFSSL_MDK_ARM)|| defined(WOLFSSL_KEIL_TCP_NET) || defined(FREESCALE_MQX)
typedef unsigned int THREAD_RETURN;
typedef int THREAD_TYPE;
#define WOLFSSL_THREAD
#elif defined(WOLFSSL_TIRTOS)
typedef void THREAD_RETURN;
typedef Task_Handle THREAD_TYPE;
#ifdef HAVE_STACK_SIZE
#undef EXIT_TEST
#define EXIT_TEST(ret)
#endif
#define WOLFSSL_THREAD
#elif defined(WOLFSSL_ZEPHYR)
typedef void THREAD_RETURN;
typedef struct k_thread THREAD_TYPE;
#ifdef HAVE_STACK_SIZE
#undef EXIT_TEST
#define EXIT_TEST(ret)
#endif
#define WOLFSSL_THREAD
#elif defined(NETOS)
typedef UINT THREAD_RETURN;
typedef TX_THREAD THREAD_TYPE;
#define WOLFSSL_THREAD
#define INFINITE TX_WAIT_FOREVER
#define WAIT_OBJECT_0 TX_NO_WAIT
#else
typedef unsigned int THREAD_RETURN;
typedef intptr_t THREAD_TYPE;
#define WOLFSSL_THREAD __stdcall
#endif
#endif
#ifndef MY_EX_USAGE #ifndef MY_EX_USAGE
#define MY_EX_USAGE 2 #define MY_EX_USAGE 2
#endif #endif
@@ -3004,335 +2978,6 @@ static WC_INLINE void CaCb(unsigned char* der, int sz, int type)
} }
#endif /* !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_FS) && !defined(WOLFSSL_TIRTOS) */ #endif /* !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_FS) && !defined(WOLFSSL_TIRTOS) */
#ifdef HAVE_STACK_SIZE
typedef THREAD_RETURN WOLFSSL_THREAD (*thread_func)(void* args);
#define STACK_CHECK_VAL 0x01
struct stack_size_debug_context {
unsigned char *myStack;
size_t stackSize;
#ifdef HAVE_STACK_SIZE_VERBOSE
size_t *stackSizeHWM_ptr;
thread_func fn;
void *args;
#endif
};
#ifdef HAVE_STACK_SIZE_VERBOSE
/* per-subtest stack high water mark tracking.
*
* enable with
*
* ./configure --enable-stacksize=verbose [...]
*/
static THREAD_RETURN debug_stack_size_verbose_shim(struct stack_size_debug_context *shim_args) {
StackSizeCheck_myStack = shim_args->myStack;
StackSizeCheck_stackSize = shim_args->stackSize;
StackSizeCheck_stackSizeHWM_ptr = shim_args->stackSizeHWM_ptr;
return shim_args->fn(shim_args->args);
}
static WC_INLINE int StackSizeSetOffset(const char *funcname, void *p)
{
if (StackSizeCheck_myStack == NULL)
return -BAD_FUNC_ARG;
StackSizeCheck_stackOffsetPointer = p;
printf("setting stack relative offset reference mark in %s to +%lu\n",
funcname, (unsigned long)((char*)(StackSizeCheck_myStack +
StackSizeCheck_stackSize) - (char *)p));
return 0;
}
static WC_INLINE ssize_t StackSizeHWM(void)
{
size_t i;
ssize_t used;
if (StackSizeCheck_myStack == NULL)
return -BAD_FUNC_ARG;
for (i = 0; i < StackSizeCheck_stackSize; i++) {
if (StackSizeCheck_myStack[i] != STACK_CHECK_VAL) {
break;
}
}
used = StackSizeCheck_stackSize - i;
if ((ssize_t)*StackSizeCheck_stackSizeHWM_ptr < used)
*StackSizeCheck_stackSizeHWM_ptr = used;
return used;
}
static WC_INLINE ssize_t StackSizeHWM_OffsetCorrected(void)
{
ssize_t used = StackSizeHWM();
if (used < 0)
return used;
if (StackSizeCheck_stackOffsetPointer)
used -= (ssize_t)(((char *)StackSizeCheck_myStack + StackSizeCheck_stackSize) - (char *)StackSizeCheck_stackOffsetPointer);
return used;
}
static
#ifdef __GNUC__
__attribute__((unused)) __attribute__((noinline))
#endif
int StackSizeHWMReset(void)
{
volatile ssize_t i;
if (StackSizeCheck_myStack == NULL)
return -BAD_FUNC_ARG;
for (i = (ssize_t)((char *)&i - (char *)StackSizeCheck_myStack) - (ssize_t)sizeof i - 1; i >= 0; --i)
{
StackSizeCheck_myStack[i] = STACK_CHECK_VAL;
}
return 0;
}
#define STACK_SIZE_CHECKPOINT(...) ({ \
ssize_t HWM = StackSizeHWM_OffsetCorrected(); \
__VA_ARGS__; \
printf(" relative stack peak usage = %ld bytes\n", (long int)HWM); \
StackSizeHWMReset(); \
})
#define STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK(max, ...) ({ \
ssize_t HWM = StackSizeHWM_OffsetCorrected(); \
int _ret; \
__VA_ARGS__; \
printf(" relative stack peak usage = %ld bytes\n", (long int)HWM); \
_ret = StackSizeHWMReset(); \
if ((max >= 0) && (HWM > (ssize_t)(max))) { \
fprintf(stderr, \
" relative stack usage at %s L%d exceeds designated max %ld bytes.\n", \
__FILE__, __LINE__, (long int)(max)); \
_ret = -1; \
} \
_ret; \
})
#ifdef __GNUC__
#define STACK_SIZE_INIT() (void)StackSizeSetOffset(__FUNCTION__, __builtin_frame_address(0))
#endif
#endif /* HAVE_STACK_SIZE_VERBOSE */
static WC_INLINE int StackSizeCheck(func_args* args, thread_func tf)
{
size_t i;
int ret;
void* status;
unsigned char* myStack = NULL;
size_t stackSize = 1024*1024*2;
pthread_attr_t myAttr;
pthread_t threadId;
#ifdef HAVE_STACK_SIZE_VERBOSE
struct stack_size_debug_context shim_args;
#endif
#ifdef PTHREAD_STACK_MIN
if (stackSize < PTHREAD_STACK_MIN)
stackSize = PTHREAD_STACK_MIN;
#endif
ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize);
if (ret != 0 || myStack == NULL) {
err_sys_with_errno("posix_memalign failed\n");
return -1;
}
XMEMSET(myStack, STACK_CHECK_VAL, stackSize);
ret = pthread_attr_init(&myAttr);
if (ret != 0)
err_sys("attr_init failed");
ret = pthread_attr_setstack(&myAttr, myStack, stackSize);
if (ret != 0)
err_sys("attr_setstackaddr failed");
#ifdef HAVE_STACK_SIZE_VERBOSE
StackSizeCheck_stackSizeHWM = 0;
shim_args.myStack = myStack;
shim_args.stackSize = stackSize;
shim_args.stackSizeHWM_ptr = &StackSizeCheck_stackSizeHWM;
shim_args.fn = tf;
shim_args.args = args;
ret = pthread_create(&threadId, &myAttr, (thread_func)debug_stack_size_verbose_shim, (void *)&shim_args);
#else
ret = pthread_create(&threadId, &myAttr, tf, args);
#endif
if (ret != 0) {
printf("ret = %d\n", ret);
perror("pthread_create failed");
exit(EXIT_FAILURE);
}
ret = pthread_join(threadId, &status);
if (ret != 0)
err_sys("pthread_join failed");
for (i = 0; i < stackSize; i++) {
if (myStack[i] != STACK_CHECK_VAL) {
break;
}
}
free(myStack);
#ifdef HAVE_STACK_SIZE_VERBOSE
printf("stack used = %lu\n", StackSizeCheck_stackSizeHWM > (stackSize - i)
? (unsigned long)StackSizeCheck_stackSizeHWM
: (unsigned long)(stackSize - i));
#else
{
size_t used = stackSize - i;
printf("stack used = %lu\n", (unsigned long)used);
}
#endif
return (int)((size_t)status);
}
static WC_INLINE int StackSizeCheck_launch(func_args* args, thread_func tf, pthread_t *threadId, void **stack_context)
{
int ret;
unsigned char* myStack = NULL;
size_t stackSize = 1024*1024*2;
pthread_attr_t myAttr;
#ifdef PTHREAD_STACK_MIN
if (stackSize < PTHREAD_STACK_MIN)
stackSize = PTHREAD_STACK_MIN;
#endif
struct stack_size_debug_context *shim_args = (struct stack_size_debug_context *)malloc(sizeof *shim_args);
if (! shim_args) {
perror("malloc");
exit(EXIT_FAILURE);
}
ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize);
if (ret != 0 || myStack == NULL) {
err_sys_with_errno("posix_memalign failed\n");
free(shim_args);
return -1;
}
XMEMSET(myStack, STACK_CHECK_VAL, stackSize);
ret = pthread_attr_init(&myAttr);
if (ret != 0)
err_sys("attr_init failed");
ret = pthread_attr_setstack(&myAttr, myStack, stackSize);
if (ret != 0)
err_sys("attr_setstackaddr failed");
shim_args->myStack = myStack;
shim_args->stackSize = stackSize;
#ifdef HAVE_STACK_SIZE_VERBOSE
shim_args->stackSizeHWM_ptr = &StackSizeCheck_stackSizeHWM;
shim_args->fn = tf;
shim_args->args = args;
ret = pthread_create(threadId, &myAttr, (thread_func)debug_stack_size_verbose_shim, (void *)shim_args);
#else
ret = pthread_create(threadId, &myAttr, tf, args);
#endif
if (ret != 0) {
fprintf(stderr,"pthread_create failed: %s",strerror(ret));
exit(EXIT_FAILURE);
}
*stack_context = (void *)shim_args;
return 0;
}
static WC_INLINE int StackSizeCheck_reap(pthread_t threadId, void *stack_context)
{
struct stack_size_debug_context *shim_args = (struct stack_size_debug_context *)stack_context;
size_t i;
void *status;
int ret = pthread_join(threadId, &status);
if (ret != 0)
err_sys("pthread_join failed");
for (i = 0; i < shim_args->stackSize; i++) {
if (shim_args->myStack[i] != STACK_CHECK_VAL) {
break;
}
}
free(shim_args->myStack);
#ifdef HAVE_STACK_SIZE_VERBOSE
printf("stack used = %lu\n",
*shim_args->stackSizeHWM_ptr > (shim_args->stackSize - i)
? (unsigned long)*shim_args->stackSizeHWM_ptr
: (unsigned long)(shim_args->stackSize - i));
#else
{
size_t used = shim_args->stackSize - i;
printf("stack used = %lu\n", (unsigned long)used);
}
#endif
free(shim_args);
return (int)((size_t)status);
}
#endif /* HAVE_STACK_SIZE */
#ifndef STACK_SIZE_CHECKPOINT
#define STACK_SIZE_CHECKPOINT(...) (__VA_ARGS__)
#endif
#ifndef STACK_SIZE_INIT
#define STACK_SIZE_INIT()
#endif
#ifdef STACK_TRAP
/* good settings
--enable-debug --disable-shared C_EXTRA_FLAGS="-DUSER_TIME -DTFM_TIMING_RESISTANT -DPOSITIVE_EXP_ONLY -DSTACK_TRAP"
*/
#ifdef HAVE_STACK_SIZE
/* client only for now, setrlimit will fail if pthread_create() called */
/* STACK_SIZE does pthread_create() on client */
#error "can't use STACK_TRAP with STACK_SIZE, setrlimit will fail"
#endif /* HAVE_STACK_SIZE */
static WC_INLINE void StackTrap(void)
{
struct rlimit rl;
if (getrlimit(RLIMIT_STACK, &rl) != 0)
err_sys_with_errno("getrlimit failed");
printf("rlim_cur = %llu\n", rl.rlim_cur);
rl.rlim_cur = 1024*21; /* adjust trap size here */
if (setrlimit(RLIMIT_STACK, &rl) != 0)
err_sys_with_errno("setrlimit failed");
}
#else /* STACK_TRAP */
static WC_INLINE void StackTrap(void)
{
}
#endif /* STACK_TRAP */
#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY) #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)

4
wolfssl/wolfcrypt/asn.h
View File

@@ -872,7 +872,7 @@ enum Misc_ASN {
ASN_BOOL_SIZE = 2, /* including type */ ASN_BOOL_SIZE = 2, /* including type */
ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */ ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */
ASN_ECC_CONTEXT_SZ = 2, /* Content specific type + 1 byte len */ ASN_ECC_CONTEXT_SZ = 2, /* Content specific type + 1 byte len */
#ifdef NO_SHA #if defined(NO_SHA) || (!defined(NO_SHA256) && defined(WC_ASN_HASH_SHA256))
KEYID_SIZE = WC_SHA256_DIGEST_SIZE, KEYID_SIZE = WC_SHA256_DIGEST_SIZE,
#else #else
KEYID_SIZE = WC_SHA_DIGEST_SIZE, KEYID_SIZE = WC_SHA_DIGEST_SIZE,
@@ -1591,7 +1591,7 @@ struct DecodedCert {
byte issuerHash[KEYID_SIZE]; /* hash of all Names */ byte issuerHash[KEYID_SIZE]; /* hash of all Names */
#ifdef HAVE_OCSP #ifdef HAVE_OCSP
byte subjectKeyHash[KEYID_SIZE]; /* hash of the public Key */ byte subjectKeyHash[KEYID_SIZE]; /* hash of the public Key */
byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */ byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */
#endif /* HAVE_OCSP */ #endif /* HAVE_OCSP */
const byte* signature; /* not owned, points into raw cert */ const byte* signature; /* not owned, points into raw cert */
char* subjectCN; /* CommonName */ char* subjectCN; /* CommonName */

8
wolfssl/wolfcrypt/asn_public.h
View File

@@ -285,11 +285,12 @@ typedef int (wc_pem_password_cb)(char* passwd, int sz, int rw, void* userdata);
#endif #endif
typedef struct EncryptedInfo { typedef struct EncryptedInfo {
wc_pem_password_cb* passwd_cb;
void* passwd_userdata;
long consumed; /* tracks PEM bytes consumed */ long consumed; /* tracks PEM bytes consumed */
#ifdef WOLFSSL_ENCRYPTED_KEYS
wc_pem_password_cb* passwd_cb;
void* passwd_userdata;
int cipherType; int cipherType;
word32 keySz; word32 keySz;
word32 ivSz; /* salt or encrypted IV size */ word32 ivSz; /* salt or encrypted IV size */
@@ -298,6 +299,7 @@ typedef struct EncryptedInfo {
byte iv[IV_SZ]; /* salt or encrypted IV */ byte iv[IV_SZ]; /* salt or encrypted IV */
word16 set:1; /* if encryption set */ word16 set:1; /* if encryption set */
#endif
} EncryptedInfo; } EncryptedInfo;

1020
wolfssl/wolfcrypt/mem_track.h
View File

File diff suppressed because it is too large Load Diff

2
wolfssl/wolfcrypt/random.h
View File

@@ -162,8 +162,8 @@ struct DRBG_internal {
word32 lastBlock; word32 lastBlock;
byte V[DRBG_SEED_LEN]; byte V[DRBG_SEED_LEN];
byte C[DRBG_SEED_LEN]; byte C[DRBG_SEED_LEN];
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
void* heap; void* heap;
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
int devId; int devId;
#endif #endif
byte matchCount; byte matchCount;

3
wolfssl/wolfcrypt/settings.h
View File

@@ -2377,9 +2377,6 @@ extern void uITRON4_free(void *p) ;
#ifndef USE_WOLF_STRTOK #ifndef USE_WOLF_STRTOK
#define USE_WOLF_STRTOK #define USE_WOLF_STRTOK
#endif #endif
#ifndef WOLFSSL_SP_DIV_WORD_HALF
#define WOLFSSL_SP_DIV_WORD_HALF
#endif
#ifndef WOLFSSL_OLD_PRIME_CHECK #ifndef WOLFSSL_OLD_PRIME_CHECK
#define WOLFSSL_OLD_PRIME_CHECK #define WOLFSSL_OLD_PRIME_CHECK
#endif #endif

51
wolfssl/wolfcrypt/types.h
View File

@@ -1234,6 +1234,57 @@ typedef struct w64wrapper {
#define FALSE 0 #define FALSE 0
#endif #endif
#ifdef SINGLE_THREADED
#if defined(WC_32BIT_CPU)
typedef void* THREAD_RETURN;
#else
typedef unsigned int THREAD_RETURN;
#endif
typedef void* THREAD_TYPE;
#define WOLFSSL_THREAD
#elif (defined(_POSIX_THREADS) || defined(HAVE_PTHREAD)) && \
!defined(__MINGW32__)
typedef void* THREAD_RETURN;
typedef pthread_t THREAD_TYPE;
#define WOLFSSL_THREAD
#define INFINITE (-1)
#define WAIT_OBJECT_0 0L
#elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) || \
defined(FREESCALE_MQX)
typedef unsigned int THREAD_RETURN;
typedef int THREAD_TYPE;
#define WOLFSSL_THREAD
#elif defined(WOLFSSL_TIRTOS)
typedef void THREAD_RETURN;
typedef Task_Handle THREAD_TYPE;
#ifdef HAVE_STACK_SIZE
#undef EXIT_TEST
#define EXIT_TEST(ret)
#endif
#define WOLFSSL_THREAD
#elif defined(WOLFSSL_ZEPHYR)
typedef void THREAD_RETURN;
typedef struct k_thread THREAD_TYPE;
#ifdef HAVE_STACK_SIZE
#undef EXIT_TEST
#define EXIT_TEST(ret)
#endif
#define WOLFSSL_THREAD
#elif defined(NETOS)
typedef UINT THREAD_RETURN;
typedef TX_THREAD THREAD_TYPE;
#define WOLFSSL_THREAD
#define INFINITE TX_WAIT_FOREVER
#define WAIT_OBJECT_0 TX_NO_WAIT
#elif defined(WOLFSSL_LINUXKM)
typedef unsigned int THREAD_RETURN;
typedef size_t THREAD_TYPE;
#define WOLFSSL_THREAD
#else
typedef unsigned int THREAD_RETURN;
typedef size_t THREAD_TYPE;
#define WOLFSSL_THREAD __stdcall
#endif
#if defined(HAVE_STACK_SIZE) #if defined(HAVE_STACK_SIZE)
#define EXIT_TEST(ret) return (THREAD_RETURN)((size_t)(ret)) #define EXIT_TEST(ret) return (THREAD_RETURN)((size_t)(ret))