diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index cd7a67f09..43fc4fec6 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -2768,7 +2768,11 @@ int wc_DhCopyNamedKey(int name, /* modulus_size in bits */ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) { - mp_int tmp, tmp2; +#ifdef WOLFSSL_SMALL_STACK + mp_int *tmp = NULL, *tmp2 = NULL; +#else + mp_int tmp[1], tmp2[2]; +#endif int groupSz = 0, bufSz = 0, primeCheckCount = 0, primeCheck = MP_NO, @@ -2812,20 +2816,28 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) if (ret == 0) ret = wc_RNG_GenerateBlock(rng, buf, bufSz); +#ifdef WOLFSSL_SMALL_STACK + if (ret == 0) { + if (((tmp = (mp_int *)XMALLOC(sizeof(*tmp), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL) || + ((tmp2 = (mp_int *)XMALLOC(sizeof(*tmp2), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL)) + ret = MEMORY_E; + } +#endif + if (ret == 0) { /* force magnitude */ buf[0] |= 0xC0; /* force even */ buf[bufSz - 1] &= ~1; - if (mp_init_multi(&tmp, &tmp2, &dh->p, &dh->q, &dh->g, 0) + if (mp_init_multi(tmp, tmp2, &dh->p, &dh->q, &dh->g, 0) != MP_OKAY) { ret = MP_INIT_E; } } if (ret == 0) { - if (mp_read_unsigned_bin(&tmp2, buf, bufSz) != MP_OKAY) + if (mp_read_unsigned_bin(tmp2, buf, bufSz) != MP_OKAY) ret = MP_READ_E; } @@ -2837,7 +2849,7 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) /* p = random * q */ if (ret == 0) { - if (mp_mul(&dh->q, &tmp2, &dh->p) != MP_OKAY) + if (mp_mul(&dh->q, tmp2, &dh->p) != MP_OKAY) ret = MP_MUL_E; } @@ -2849,7 +2861,7 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) /* tmp = 2q */ if (ret == 0) { - if (mp_add(&dh->q, &dh->q, &tmp) != MP_OKAY) + if (mp_add(&dh->q, &dh->q, tmp) != MP_OKAY) ret = MP_ADD_E; } @@ -2861,7 +2873,7 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) if (primeCheck != MP_YES) { /* p += 2q */ - if (mp_add(&tmp, &dh->p, &dh->p) != MP_OKAY) + if (mp_add(tmp, &dh->p, &dh->p) != MP_OKAY) ret = MP_ADD_E; else primeCheckCount++; @@ -2873,7 +2885,7 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) * to have p = (q * tmp2) + 1 prime */ if ((ret == 0) && (primeCheckCount)) { - if (mp_add_d(&tmp2, 2 * primeCheckCount, &tmp2) != MP_OKAY) + if (mp_add_d(tmp2, 2 * primeCheckCount, tmp2) != MP_OKAY) ret = MP_ADD_E; } @@ -2885,18 +2897,18 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) do { if (mp_add_d(&dh->g, 1, &dh->g) != MP_OKAY) ret = MP_ADD_E; - else if (mp_exptmod(&dh->g, &tmp2, &dh->p, &tmp) != MP_OKAY) + else if (mp_exptmod(&dh->g, tmp2, &dh->p, tmp) != MP_OKAY) ret = MP_EXPTMOD_E; - } while (ret == 0 && mp_cmp_d(&tmp, 1) == MP_EQ); + } while (ret == 0 && mp_cmp_d(tmp, 1) == MP_EQ); } if (ret == 0) { /* at this point tmp generates a group of order q mod p */ #ifndef USE_FAST_MATH /* Exchanging is quick when the data pointer can be copied. */ - mp_exch(&tmp, &dh->g); + mp_exch(tmp, &dh->g); #else - mp_copy(&tmp, &dh->g); + mp_copy(tmp, &dh->g); #endif } @@ -2913,8 +2925,20 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER); } } - mp_clear(&tmp); - mp_clear(&tmp2); + +#ifdef WOLFSSL_SMALL_STACK + if (tmp != NULL) { + mp_clear(tmp); + XFREE(tmp, NULL, DYNAMIC_TYPE_WOLF_BIGINT); + } + if (tmp2 != NULL) { + mp_clear(tmp2); + XFREE(tmp2, NULL, DYNAMIC_TYPE_WOLF_BIGINT); + } +#else + mp_clear(tmp); + mp_clear(tmp2); +#endif return ret; } diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c index 7e6cf17bc..13a186f9e 100644 --- a/wolfcrypt/src/dsa.c +++ b/wolfcrypt/src/dsa.c @@ -142,7 +142,11 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa) { byte* cBuf; int qSz, pSz, cSz, err; - mp_int tmpQ; +#ifdef WOLFSSL_SMALL_STACK + mp_int *tmpQ = NULL; +#else + mp_int tmpQ[1]; +#endif if (rng == NULL || dsa == NULL) return BAD_FUNC_ARG; @@ -161,47 +165,40 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa) return MEMORY_E; } - if ((err = mp_init_multi(&dsa->x, &dsa->y, &tmpQ, NULL, NULL, NULL)) - != MP_OKAY) { - XFREE(cBuf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); - return err; +#ifdef WOLFSSL_SMALL_STACK + if ((tmpQ = (mp_int *)XMALLOC(sizeof(*tmpQ), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL) + err = MEMORY_E; + else + err = MP_OKAY; + + if (err == MP_OKAY) +#endif + err = mp_init_multi(&dsa->x, &dsa->y, tmpQ, NULL, NULL, NULL); + + if (err == MP_OKAY) { + do { + /* generate N+64 bits (c) from RBG into &dsa->x, making sure positive. + * Hash_DRBG uses SHA-256 which matches maximum + * requested_security_strength of (L,N) */ + err = wc_RNG_GenerateBlock(rng, cBuf, cSz); + if (err != MP_OKAY) + break; + err = mp_read_unsigned_bin(&dsa->x, cBuf, cSz); + if (err != MP_OKAY) + break; + } while (mp_cmp_d(&dsa->x, 1) != MP_GT); } - do { - /* generate N+64 bits (c) from RBG into &dsa->x, making sure positive. - * Hash_DRBG uses SHA-256 which matches maximum - * requested_security_strength of (L,N) */ - err = wc_RNG_GenerateBlock(rng, cBuf, cSz); - if (err != MP_OKAY) { - mp_clear(&dsa->x); - mp_clear(&dsa->y); - mp_clear(&tmpQ); - XFREE(cBuf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); - return err; - } - - err = mp_read_unsigned_bin(&dsa->x, cBuf, cSz); - if (err != MP_OKAY) { - mp_clear(&dsa->x); - mp_clear(&dsa->y); - mp_clear(&tmpQ); - XFREE(cBuf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); - return err; - } - } while (mp_cmp_d(&dsa->x, 1) != MP_GT); - - XFREE(cBuf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); - /* tmpQ = q - 1 */ if (err == MP_OKAY) - err = mp_copy(&dsa->q, &tmpQ); + err = mp_copy(&dsa->q, tmpQ); if (err == MP_OKAY) - err = mp_sub_d(&tmpQ, 1, &tmpQ); + err = mp_sub_d(tmpQ, 1, tmpQ); /* x = c mod (q-1), &dsa->x holds c */ if (err == MP_OKAY) - err = mp_mod(&dsa->x, &tmpQ, &dsa->x); + err = mp_mod(&dsa->x, tmpQ, &dsa->x); /* x = c mod (q-1) + 1 */ if (err == MP_OKAY) @@ -218,7 +215,17 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa) mp_clear(&dsa->x); mp_clear(&dsa->y); } - mp_clear(&tmpQ); + + XFREE(cBuf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); + +#ifdef WOLFSSL_SMALL_STACK + if (tmpQ != NULL) { + mp_clear(tmpQ); + XFREE(tmpQ, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); + } +#else + mp_clear(tmpQ); +#endif return err; } @@ -227,7 +234,11 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa) /* modulus_size in bits */ int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa) { - mp_int tmp, tmp2; +#ifdef WOLFSSL_SMALL_STACK + mp_int *tmp = NULL, *tmp2 = NULL; +#else + mp_int tmp[1], tmp2[1]; +#endif int err, msize, qsize, loop_check_prime = 0, check_prime = MP_NO; @@ -278,158 +289,113 @@ int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa) /* force even */ buf[msize - qsize - 1] &= ~1; - if (mp_init_multi(&tmp2, &dsa->p, &dsa->q, 0, 0, 0) != MP_OKAY) { - mp_clear(&dsa->q); - XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); - return MP_INIT_E; - } +#ifdef WOLFSSL_SMALL_STACK + if (((tmp = (mp_int *)XMALLOC(sizeof(*tmp), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL) || + ((tmp2 = (mp_int *)XMALLOC(sizeof(*tmp2), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL)) + err = MEMORY_E; + else + err = MP_OKAY; - err = mp_read_unsigned_bin(&tmp2, buf, msize - qsize); - if (err != MP_OKAY) { - mp_clear(&dsa->q); - mp_clear(&dsa->p); - mp_clear(&tmp2); - XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); - return err; - } - XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (err == MP_OKAY) +#endif + err = mp_init_multi(tmp2, &dsa->p, &dsa->q, 0, 0, 0); + + if (err == MP_OKAY) + err = mp_read_unsigned_bin(tmp2, buf, msize - qsize); /* make our prime q */ - err = mp_rand_prime(&dsa->q, qsize, rng, NULL); - if (err != MP_OKAY) { - mp_clear(&dsa->q); - mp_clear(&dsa->p); - mp_clear(&tmp2); - return err; - } + if (err == MP_OKAY) + err = mp_rand_prime(&dsa->q, qsize, rng, NULL); /* p = random * q */ - err = mp_mul(&dsa->q, &tmp2, &dsa->p); - if (err != MP_OKAY) { - mp_clear(&dsa->q); - mp_clear(&dsa->p); - mp_clear(&tmp2); - return err; - } + if (err == MP_OKAY) + err = mp_mul(&dsa->q, tmp2, &dsa->p); /* p = random * q + 1, so q is a prime divisor of p-1 */ - err = mp_add_d(&dsa->p, 1, &dsa->p); - if (err != MP_OKAY) { - mp_clear(&dsa->q); - mp_clear(&dsa->p); - mp_clear(&tmp2); - return err; - } + if (err == MP_OKAY) + err = mp_add_d(&dsa->p, 1, &dsa->p); - if (mp_init(&tmp) != MP_OKAY) { - mp_clear(&dsa->q); - mp_clear(&dsa->p); - mp_clear(&tmp2); - return MP_INIT_E; - } + if (err == MP_OKAY) + err = mp_init(tmp); /* tmp = 2q */ - err = mp_add(&dsa->q, &dsa->q, &tmp); - if (err != MP_OKAY) { - mp_clear(&dsa->q); - mp_clear(&dsa->p); - mp_clear(&tmp); - mp_clear(&tmp2); - return err; - } + if (err == MP_OKAY) + err = mp_add(&dsa->q, &dsa->q, tmp); - /* loop until p is prime */ - while (check_prime == MP_NO) { - err = mp_prime_is_prime_ex(&dsa->p, 8, &check_prime, rng); - if (err != MP_OKAY) { - mp_clear(&dsa->q); - mp_clear(&dsa->p); - mp_clear(&tmp); - mp_clear(&tmp2); - return err; - } - - if (check_prime != MP_YES) { - /* p += 2q */ - err = mp_add(&tmp, &dsa->p, &dsa->p); - if (err != MP_OKAY) { - mp_clear(&dsa->q); - mp_clear(&dsa->p); - mp_clear(&tmp); - mp_clear(&tmp2); - return err; + if (err == MP_OKAY) { + /* loop until p is prime */ + while (check_prime == MP_NO) { + err = mp_prime_is_prime_ex(&dsa->p, 8, &check_prime, rng); + if (err != MP_OKAY) + break; + if (check_prime != MP_YES) { + /* p += 2q */ + err = mp_add(tmp, &dsa->p, &dsa->p); + if (err != MP_OKAY) + break; + loop_check_prime++; } - - loop_check_prime++; } } /* tmp2 += (2*loop_check_prime) * to have p = (q * tmp2) + 1 prime */ - if (loop_check_prime) { - err = mp_add_d(&tmp2, 2*loop_check_prime, &tmp2); - if (err != MP_OKAY) { - mp_clear(&dsa->q); - mp_clear(&dsa->p); - mp_clear(&tmp); - mp_clear(&tmp2); - return err; - } + if (err == MP_OKAY) { + if (loop_check_prime) + err = mp_add_d(tmp2, 2*loop_check_prime, tmp2); } - if (mp_init(&dsa->g) != MP_OKAY) { - mp_clear(&dsa->q); - mp_clear(&dsa->p); - mp_clear(&tmp); - mp_clear(&tmp2); - return MP_INIT_E; - } + if (err == MP_OKAY) + err = mp_init(&dsa->g); /* find a value g for which g^tmp2 != 1 */ - if (mp_set(&dsa->g, 1) != MP_OKAY) { - mp_clear(&dsa->q); - mp_clear(&dsa->p); - mp_clear(&tmp); - mp_clear(&tmp2); - return MP_INIT_E; + if (err == MP_OKAY) + err = mp_set(&dsa->g, 1); + + if (err == MP_OKAY) { + do { + err = mp_add_d(&dsa->g, 1, &dsa->g); + if (err != MP_OKAY) + break; + err = mp_exptmod(&dsa->g, tmp2, &dsa->p, tmp); + if (err != MP_OKAY) + break; + } while (mp_cmp_d(tmp, 1) == MP_EQ); } - do { - err = mp_add_d(&dsa->g, 1, &dsa->g); - if (err != MP_OKAY) { - mp_clear(&dsa->q); - mp_clear(&dsa->p); - mp_clear(&dsa->g); - mp_clear(&tmp); - mp_clear(&tmp2); - return err; - } - - err = mp_exptmod(&dsa->g, &tmp2, &dsa->p, &tmp); - if (err != MP_OKAY) { - mp_clear(&dsa->q); - mp_clear(&dsa->p); - mp_clear(&dsa->g); - mp_clear(&tmp); - mp_clear(&tmp2); - return err; - } - - } while (mp_cmp_d(&tmp, 1) == MP_EQ); - /* at this point tmp generates a group of order q mod p */ + if (err == MP_OKAY) { #ifndef USE_FAST_MATH - /* Exchanging is quick when the data pointer can be copied. */ - mp_exch(&tmp, &dsa->g); + /* Exchanging is quick when the data pointer can be copied. */ + err = mp_exch(tmp, &dsa->g); #else - mp_copy(&tmp, &dsa->g); + err = mp_copy(tmp, &dsa->g); #endif + } - mp_clear(&tmp); - mp_clear(&tmp2); + XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); - return MP_OKAY; +#ifdef WOLFSSL_SMALL_STACK + if (tmp != NULL) { + mp_clear(tmp); + XFREE(tmp, NULL, DYNAMIC_TYPE_WOLF_BIGINT); + } + if (tmp2 != NULL) { + mp_clear(tmp2); + XFREE(tmp2, NULL, DYNAMIC_TYPE_WOLF_BIGINT); + } +#else + mp_clear(tmp); + mp_clear(tmp2); +#endif + if (err != MP_OKAY) { + mp_clear(&dsa->q); + mp_clear(&dsa->p); + mp_clear(&dsa->g); + } + + return err; } #endif /* WOLFSSL_KEY_GEN */ diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index abfe62f04..be68439d3 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -3972,7 +3972,11 @@ static int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point, #endif mp_int* k = &private_key->k; #ifdef HAVE_ECC_CDH - mp_int k_lcl; +#ifdef WOLFSSL_SMALL_STACK + mp_int *k_lcl = NULL; +#else + mp_int k_lcl[1]; +#endif #endif WOLFSSL_ENTER("wc_ecc_shared_secret_gen_sync"); @@ -3983,15 +3987,19 @@ static int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point, mp_digit cofactor = (mp_digit)private_key->dp->cofactor; /* only perform cofactor calc if not equal to 1 */ if (cofactor != 1) { - k = &k_lcl; - if (mp_init(k) != MP_OKAY) +#ifdef WOLFSSL_SMALL_STACK + if ((k_lcl = (mp_int *)XMALLOC(sizeof(*k_lcl), private_key->heap, DYNAMIC_TYPE_ECC_BUFFER)) == NULL) return MEMORY_E; +#endif + k = k_lcl; + if (mp_init(k) != MP_OKAY) { + err = MEMORY_E; + goto out; + } /* multiply cofactor times private key "k" */ err = mp_mul_d(&private_key->k, cofactor, k); - if (err != MP_OKAY) { - mp_clear(k); - return err; - } + if (err != MP_OKAY) + goto out; } } #endif @@ -4032,13 +4040,8 @@ static int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point, result = &lcl_result; #endif err = wc_ecc_new_point_ex(&result, private_key->heap); - if (err != MP_OKAY) { - #ifdef HAVE_ECC_CDH - if (k == &k_lcl) - mp_clear(k); - #endif - return err; - } + if (err != MP_OKAY) + goto out; #ifdef ECC_TIMING_RESISTANT if (private_key->rng == NULL) { @@ -4081,10 +4084,17 @@ static int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point, wc_ecc_del_point_ex(result, private_key->heap); } #endif + + out: + #ifdef HAVE_ECC_CDH - if (k == &k_lcl) + if (k == k_lcl) mp_clear(k); #endif +#ifdef WOLFSSL_SMALL_STACK + if (k_lcl != NULL) + XFREE(k_lcl, private_key->heap, DYNAMIC_TYPE_ECC_BUFFER); +#endif WOLFSSL_LEAVE("wc_ecc_shared_secret_gen_sync", err); @@ -10255,11 +10265,21 @@ static int build_lut(int idx, mp_int* a, mp_int* modulus, mp_digit mp, { int err; unsigned x, y, bitlen, lut_gap; - mp_int tmp; +#ifdef WOLFSSL_SMALL_STACK + mp_int *tmp = NULL; +#else + mp_int tmp[1]; +#endif int infinity; - if (mp_init(&tmp) != MP_OKAY) - return GEN_MEM_ERR; +#ifdef WOLFSSL_SMALL_STACK + if ((tmp = (mp_int *)XMALLOC(sizeof(*tmp), NULL, DYNAMIC_TYPE_ECC_BUFFER)) == NULL) + return MEMORY_E; +#endif + + err = mp_init(tmp); + if (err != MP_OKAY) + err = GEN_MEM_ERR; /* sanity check to make sure lut_order table is of correct size, should compile out to a NOP if true */ @@ -10348,20 +10368,20 @@ static int build_lut(int idx, mp_int* a, mp_int* modulus, mp_digit mp, if (err == MP_OKAY) /* now square it */ - err = mp_sqrmod(fp_cache[idx].LUT[x]->z, modulus, &tmp); + err = mp_sqrmod(fp_cache[idx].LUT[x]->z, modulus, tmp); if (err == MP_OKAY) /* fix x */ - err = mp_mulmod(fp_cache[idx].LUT[x]->x, &tmp, modulus, + err = mp_mulmod(fp_cache[idx].LUT[x]->x, tmp, modulus, fp_cache[idx].LUT[x]->x); if (err == MP_OKAY) /* get 1/z^3 */ - err = mp_mulmod(&tmp, fp_cache[idx].LUT[x]->z, modulus, &tmp); + err = mp_mulmod(tmp, fp_cache[idx].LUT[x]->z, modulus, tmp); if (err == MP_OKAY) /* fix y */ - err = mp_mulmod(fp_cache[idx].LUT[x]->y, &tmp, modulus, + err = mp_mulmod(fp_cache[idx].LUT[x]->y, tmp, modulus, fp_cache[idx].LUT[x]->y); if (err == MP_OKAY) @@ -10369,7 +10389,10 @@ static int build_lut(int idx, mp_int* a, mp_int* modulus, mp_digit mp, mp_clear(fp_cache[idx].LUT[x]->z); } - mp_clear(&tmp); + mp_clear(tmp); +#ifdef WOLFSSL_SMALL_STACK + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC_BUFFER); +#endif if (err == MP_OKAY) { fp_cache[idx].LUT_set = 1; @@ -10983,8 +11006,15 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, #if !defined(WOLFSSL_SP_MATH) int idx, err = MP_OKAY; mp_digit mp; - mp_int mu; +#ifdef WOLFSSL_SMALL_STACK + mp_int *mu = NULL; +#else + mp_int mu[1]; +#endif int mpSetup = 0; +#ifndef HAVE_THREAD_LS + int got_ecc_fp_lock = 0; +#endif if (k == NULL || G == NULL || R == NULL || a == NULL || modulus == NULL) { return ECC_BAD_ARG_E; @@ -10995,8 +11025,15 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, return ECC_OUT_OF_RANGE_E; } - if (mp_init(&mu) != MP_OKAY) - return MP_INIT_E; +#ifdef WOLFSSL_SMALL_STACK + if ((mu = (mp_int *)XMALLOC(sizeof(*mu), NULL, DYNAMIC_TYPE_ECC_BUFFER)) == NULL) + return MP_MEM; +#endif + + if (mp_init(mu) != MP_OKAY) { + err = MP_INIT_E; + goto out; + } #ifndef HAVE_THREAD_LS if (initMutex == 0) { /* extra sanity check if wolfCrypt_Init not called */ @@ -11004,8 +11041,11 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, initMutex = 1; } - if (wc_LockMutex(&ecc_fp_lock) != 0) - return BAD_MUTEX_E; + if (wc_LockMutex(&ecc_fp_lock) != 0) { + err = BAD_MUTEX_E; + goto out; + } + got_ecc_fp_lock = 1; #endif /* HAVE_THREAD_LS */ /* find point */ @@ -11034,12 +11074,12 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, if (err == MP_OKAY) { /* compute mu */ mpSetup = 1; - err = mp_montgomery_calc_normalization(&mu, modulus); + err = mp_montgomery_calc_normalization(mu, modulus); } if (err == MP_OKAY) /* build the LUT */ - err = build_lut(idx, a, modulus, mp, &mu); + err = build_lut(idx, a, modulus, mp, mu); } } @@ -11056,13 +11096,21 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, } } + out: + #ifndef HAVE_THREAD_LS - wc_UnLockMutex(&ecc_fp_lock); + if (got_ecc_fp_lock) + wc_UnLockMutex(&ecc_fp_lock); #endif /* HAVE_THREAD_LS */ - mp_clear(&mu); + mp_clear(mu); +#ifdef WOLFSSL_SMALL_STACK + XFREE(mu, NULL, DYNAMIC_TYPE_ECC_BUFFER); +#endif return err; -#else + +#else /* WOLFSSL_SP_MATH */ + if (k == NULL || G == NULL || R == NULL || a == NULL || modulus == NULL) { return ECC_BAD_ARG_E; } @@ -11078,7 +11126,7 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, } #endif return WC_KEY_SIZE_E; -#endif +#endif /* WOLFSSL_SP_MATH */ } /** ECC Fixed Point mulmod global @@ -11097,8 +11145,15 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, #if !defined(WOLFSSL_SP_MATH) int idx, err = MP_OKAY; mp_digit mp; - mp_int mu; +#ifdef WOLFSSL_SMALL_STACK + mp_int *mu = NULL; +#else + mp_int mu[1]; +#endif int mpSetup = 0; +#ifndef HAVE_THREAD_LS + int got_ecc_fp_lock = 0; +#endif if (k == NULL || G == NULL || R == NULL || a == NULL || modulus == NULL || order == NULL) { @@ -11110,8 +11165,15 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, return ECC_OUT_OF_RANGE_E; } - if (mp_init(&mu) != MP_OKAY) - return MP_INIT_E; +#ifdef WOLFSSL_SMALL_STACK + if ((mu = (mp_int *)XMALLOC(sizeof(*mu), NULL, DYNAMIC_TYPE_ECC_BUFFER)) == NULL) + return MP_MEM; +#endif + + if (mp_init(mu) != MP_OKAY) { + err = MP_INIT_E; + goto out; + } #ifndef HAVE_THREAD_LS if (initMutex == 0) { /* extra sanity check if wolfCrypt_Init not called */ @@ -11119,8 +11181,11 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, initMutex = 1; } - if (wc_LockMutex(&ecc_fp_lock) != 0) - return BAD_MUTEX_E; + if (wc_LockMutex(&ecc_fp_lock) != 0) { + err = BAD_MUTEX_E; + goto out; + } + got_ecc_fp_lock = 1; #endif /* HAVE_THREAD_LS */ /* find point */ @@ -11149,12 +11214,12 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, if (err == MP_OKAY) { /* compute mu */ mpSetup = 1; - err = mp_montgomery_calc_normalization(&mu, modulus); + err = mp_montgomery_calc_normalization(mu, modulus); } if (err == MP_OKAY) /* build the LUT */ - err = build_lut(idx, a, modulus, mp, &mu); + err = build_lut(idx, a, modulus, mp, mu); } } @@ -11171,13 +11236,21 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, } } + out: + #ifndef HAVE_THREAD_LS - wc_UnLockMutex(&ecc_fp_lock); + if (got_ecc_fp_lock) + wc_UnLockMutex(&ecc_fp_lock); #endif /* HAVE_THREAD_LS */ - mp_clear(&mu); + mp_clear(mu); +#ifdef WOLFSSL_SMALL_STACK + XFREE(mu, NULL, DYNAMIC_TYPE_ECC_BUFFER); +#endif return err; -#else + +#else /* WOLFSSL_SP_MATH */ + (void)rng; if (k == NULL || G == NULL || R == NULL || a == NULL || modulus == NULL || @@ -11196,7 +11269,7 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, } #endif return WC_KEY_SIZE_E; -#endif +#endif /* WOLFSSL_SP_MATH */ } #if !defined(WOLFSSL_SP_MATH) diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c index 66cc63ac5..e5715fd5a 100644 --- a/wolfcrypt/src/pwdbased.c +++ b/wolfcrypt/src/pwdbased.c @@ -537,15 +537,15 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen, #ifdef WOLFSSL_SMALL_STACK out: - if (Ai) + if (Ai != NULL) XFREE(Ai, heap, DYNAMIC_TYPE_TMP_BUFFER); - if (B) + if (B != NULL) XFREE(B, heap, DYNAMIC_TYPE_TMP_BUFFER); - if (B1) + if (B1 != NULL) XFREE(B1, heap, DYNAMIC_TYPE_TMP_BUFFER); - if (i1) + if (i1 != NULL) XFREE(i1, heap, DYNAMIC_TYPE_TMP_BUFFER); - if (res) + if (res != NULL) XFREE(res, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index ac59e4bb8..0b61aab9e 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -3933,37 +3933,61 @@ int wc_RsaExportKey(RsaKey* key, /* Check that |p-q| > 2^((size/2)-100) */ static int wc_CompareDiffPQ(mp_int* p, mp_int* q, int size) { - mp_int c, d; +#ifdef WOLFSSL_SMALL_STACK + mp_int *c = NULL, *d = NULL; +#else + mp_int c[1], d[1]; +#endif int ret; if (p == NULL || q == NULL) return BAD_FUNC_ARG; - ret = mp_init_multi(&c, &d, NULL, NULL, NULL, NULL); +#ifdef WOLFSSL_SMALL_STACK + if (((c = (mp_int *)XMALLOC(sizeof(*c), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL) || + ((d = (mp_int *)XMALLOC(sizeof(*d), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL)) + ret = MEMORY_E; + else + ret = 0; + + if (ret == 0) +#endif + ret = mp_init_multi(c, d, NULL, NULL, NULL, NULL); /* c = 2^((size/2)-100) */ if (ret == 0) - ret = mp_2expt(&c, (size/2)-100); + ret = mp_2expt(c, (size/2)-100); /* d = |p-q| */ if (ret == 0) - ret = mp_sub(p, q, &d); + ret = mp_sub(p, q, d); #if !defined(WOLFSSL_SP_MATH) && (!defined(WOLFSSL_SP_MATH_ALL) || \ defined(WOLFSSL_SP_INT_NEGATIVE)) if (ret == 0) - ret = mp_abs(&d, &d); + ret = mp_abs(d, d); #endif /* compare */ if (ret == 0) - ret = mp_cmp(&d, &c); + ret = mp_cmp(d, c); if (ret == MP_GT) ret = MP_OKAY; - mp_clear(&d); - mp_clear(&c); +#ifdef WOLFSSL_SMALL_STACK + if (d != NULL) { + mp_clear(d); + XFREE(d, NULL, DYNAMIC_TYPE_WOLF_BIGINT); + } + if (c != NULL) { + mp_clear(c); + XFREE(c, NULL, DYNAMIC_TYPE_WOLF_BIGINT); + } +#else + mp_clear(d); + mp_clear(c); +#endif return ret; } @@ -4042,7 +4066,11 @@ static int _CheckProbablePrime(mp_int* p, mp_int* q, mp_int* e, int nlen, int* isPrime, WC_RNG* rng) { int ret; - mp_int tmp1, tmp2; +#ifdef WOLFSSL_SMALL_STACK + mp_int *tmp1 = NULL, *tmp2 = NULL; +#else + mp_int tmp1[1], tmp2[2]; +#endif mp_int* prime; if (p == NULL || e == NULL || isPrime == NULL) @@ -4062,22 +4090,30 @@ static int _CheckProbablePrime(mp_int* p, mp_int* q, mp_int* e, int nlen, else prime = p; - ret = mp_init_multi(&tmp1, &tmp2, NULL, NULL, NULL, NULL); +#ifdef WOLFSSL_SMALL_STACK + if (((tmp1 = (mp_int *)XMALLOC(sizeof(*tmp1), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL) || + ((tmp2 = (mp_int *)XMALLOC(sizeof(*tmp2), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL)) { + ret = MEMORY_E; + goto notOkay; + } +#endif + + ret = mp_init_multi(tmp1, tmp2, NULL, NULL, NULL, NULL); if (ret != MP_OKAY) goto notOkay; /* 4.4,5.5 - Check that prime >= (2^(1/2))(2^((nlen/2)-1)) * This is a comparison against lowerBound */ - ret = mp_read_unsigned_bin(&tmp1, lower_bound, nlen/16); + ret = mp_read_unsigned_bin(tmp1, lower_bound, nlen/16); if (ret != MP_OKAY) goto notOkay; - ret = mp_cmp(prime, &tmp1); + ret = mp_cmp(prime, tmp1); if (ret == MP_LT) goto exit; /* 4.5,5.6 - Check that GCD(p-1, e) == 1 */ - ret = mp_sub_d(prime, 1, &tmp1); /* tmp1 = prime-1 */ + ret = mp_sub_d(prime, 1, tmp1); /* tmp1 = prime-1 */ if (ret != MP_OKAY) goto notOkay; - ret = mp_gcd(&tmp1, e, &tmp2); /* tmp2 = gcd(prime-1, e) */ + ret = mp_gcd(tmp1, e, tmp2); /* tmp2 = gcd(prime-1, e) */ if (ret != MP_OKAY) goto notOkay; - ret = mp_cmp_d(&tmp2, 1); + ret = mp_cmp_d(tmp2, 1); if (ret != MP_EQ) goto exit; /* e divides p-1 */ /* 4.5.1,5.6.1 - Check primality of p with 8 rounds of M-R. @@ -4095,9 +4131,23 @@ static int _CheckProbablePrime(mp_int* p, mp_int* q, mp_int* e, int nlen, exit: ret = MP_OKAY; + notOkay: - mp_clear(&tmp1); - mp_clear(&tmp2); + +#ifdef WOLFSSL_SMALL_STACK + if (tmp1 != NULL) { + mp_clear(tmp1); + XFREE(tmp1, NULL, DYNAMIC_TYPE_WOLF_BIGINT); + } + if (tmp2 != NULL) { + mp_clear(tmp2); + XFREE(tmp2, NULL, DYNAMIC_TYPE_WOLF_BIGINT); + } +#else + mp_clear(tmp1); + mp_clear(tmp2); +#endif + return ret; } @@ -4126,6 +4176,7 @@ int wc_CheckProbablePrime_ex(const byte* pRaw, word32 pRawSz, return BAD_FUNC_ARG; #ifdef WOLFSSL_SMALL_STACK + if (((p = (mp_int *)XMALLOC(sizeof(*p), NULL, DYNAMIC_TYPE_RSA_BUFFER)) == NULL) || ((q = (mp_int *)XMALLOC(sizeof(*q), NULL, DYNAMIC_TYPE_RSA_BUFFER)) == NULL) || ((e = (mp_int *)XMALLOC(sizeof(*e), NULL, DYNAMIC_TYPE_RSA_BUFFER)) == NULL)) @@ -4156,15 +4207,15 @@ int wc_CheckProbablePrime_ex(const byte* pRaw, word32 pRawSz, ret = (ret == MP_OKAY) ? 0 : PRIME_GEN_E; #ifdef WOLFSSL_SMALL_STACK - if (p) { + if (p != NULL) { mp_clear(p); XFREE(p, NULL, DYNAMIC_TYPE_RSA_BUFFER); } - if (q) { + if (q != NULL) { mp_clear(q); XFREE(q, NULL, DYNAMIC_TYPE_RSA_BUFFER); } - if (e) { + if (e != NULL) { mp_clear(e); XFREE(e, NULL, DYNAMIC_TYPE_RSA_BUFFER); } diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index d61e728e1..f05a1e43b 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -472,7 +472,11 @@ int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size) int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size) { - mp_int v; +#ifdef WOLFSSL_SMALL_STACK + mp_int *v = NULL; +#else + mp_int v[1]; +#endif int r; if (!srp || !verifier || !size || srp->side != SRP_CLIENT_SIDE) @@ -481,17 +485,24 @@ int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size) if (mp_iszero(&srp->auth) == MP_YES) return SRP_CALL_ORDER_E; - r = mp_init(&v); +#ifdef WOLFSSL_SMALL_STACK + if ((v = (mp_int *)XMALLOC(sizeof(*v), srp->heap, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) + return MEMORY_E; +#endif + + r = mp_init(v); if (r != MP_OKAY) - return MP_INIT_E; - + r = MP_INIT_E; /* v = g ^ x % N */ - r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &v); - if (!r) r = *size < (word32)mp_unsigned_bin_size(&v) ? BUFFER_E : MP_OKAY; - if (!r) r = mp_to_unsigned_bin(&v, verifier); - if (!r) *size = mp_unsigned_bin_size(&v); + if (!r) r = mp_exptmod(&srp->g, &srp->auth, &srp->N, v); + if (!r) r = *size < (word32)mp_unsigned_bin_size(v) ? BUFFER_E : MP_OKAY; + if (!r) r = mp_to_unsigned_bin(v, verifier); + if (!r) *size = mp_unsigned_bin_size(v); - mp_clear(&v); + mp_clear(v); +#ifdef WOLFSSL_SMALL_STACK + XFREE(v, srp->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif return r; } @@ -506,7 +517,11 @@ int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size) int wc_SrpSetPrivate(Srp* srp, const byte* priv, word32 size) { - mp_int p; +#ifdef WOLFSSL_SMALL_STACK + mp_int *p = NULL; +#else + mp_int p[1]; +#endif int r; if (!srp || !priv || !size) @@ -515,14 +530,22 @@ int wc_SrpSetPrivate(Srp* srp, const byte* priv, word32 size) if (mp_iszero(&srp->auth) == MP_YES) return SRP_CALL_ORDER_E; - r = mp_init(&p); +#ifdef WOLFSSL_SMALL_STACK + if ((p = (mp_int *)XMALLOC(sizeof(*p), srp->heap, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) + return MEMORY_E; +#endif + + r = mp_init(p); if (r != MP_OKAY) - return MP_INIT_E; - r = mp_read_unsigned_bin(&p, priv, size); - if (!r) r = mp_mod(&p, &srp->N, &srp->priv); + r = MP_INIT_E; + if (!r) r = mp_read_unsigned_bin(p, priv, size); + if (!r) r = mp_mod(p, &srp->N, &srp->priv); if (!r) r = mp_iszero(&srp->priv) == MP_YES ? SRP_BAD_KEY_E : 0; - mp_clear(&p); + mp_clear(p); +#ifdef WOLFSSL_SMALL_STACK + XFREE(p, srp->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif return r; } @@ -542,7 +565,11 @@ static int wc_SrpGenPrivate(Srp* srp, byte* priv, word32 size) int wc_SrpGetPublic(Srp* srp, byte* pub, word32* size) { - mp_int pubkey; +#ifdef WOLFSSL_SMALL_STACK + mp_int *pubkey = NULL; +#else + mp_int pubkey[1]; +#endif word32 modulusSz; int r; @@ -556,39 +583,66 @@ int wc_SrpGetPublic(Srp* srp, byte* pub, word32* size) if (*size < modulusSz) return BUFFER_E; - r = mp_init(&pubkey); +#ifdef WOLFSSL_SMALL_STACK + if ((pubkey = (mp_int *)XMALLOC(sizeof(*pubkey), srp->heap, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) + return MEMORY_E; +#endif + r = mp_init(pubkey); if (r != MP_OKAY) - return MP_INIT_E; + r = MP_INIT_E; /* priv = random() */ if (mp_iszero(&srp->priv) == MP_YES) - r = wc_SrpGenPrivate(srp, pub, SRP_PRIVATE_KEY_MIN_BITS / 8); + if (! r) r = wc_SrpGenPrivate(srp, pub, SRP_PRIVATE_KEY_MIN_BITS / 8); /* client side: A = g ^ a % N */ if (srp->side == SRP_CLIENT_SIDE) { - if (!r) r = mp_exptmod(&srp->g, &srp->priv, &srp->N, &pubkey); + if (!r) r = mp_exptmod(&srp->g, &srp->priv, &srp->N, pubkey); /* server side: B = (k * v + (g ^ b % N)) % N */ } else { - mp_int i, j; - - if (mp_init_multi(&i, &j, 0, 0, 0, 0) == MP_OKAY) { - if (!r) r = mp_read_unsigned_bin(&i, srp->k,SrpHashSize(srp->type)); - if (!r) r = mp_iszero(&i) == MP_YES ? SRP_BAD_KEY_E : 0; - if (!r) r = mp_exptmod(&srp->g, &srp->priv, &srp->N, &pubkey); - if (!r) r = mp_mulmod(&i, &srp->auth, &srp->N, &j); - if (!r) r = mp_add(&j, &pubkey, &i); - if (!r) r = mp_mod(&i, &srp->N, &pubkey); - - mp_clear(&i); mp_clear(&j); + if (! r) { +#ifdef WOLFSSL_SMALL_STACK + mp_int *i = NULL, *j = NULL; +#else + mp_int i[1], j[1]; +#endif +#ifdef WOLFSSL_SMALL_STACK + if (((i = (mp_int *)XMALLOC(sizeof(*i), srp->heap, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) || + ((j = (mp_int *)XMALLOC(sizeof(*j), srp->heap, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)) + r = MEMORY_E; +#endif + if (!r) r = mp_init_multi(i, j, 0, 0, 0, 0); + if (!r) r = mp_read_unsigned_bin(i, srp->k,SrpHashSize(srp->type)); + if (!r) r = mp_iszero(i) == MP_YES ? SRP_BAD_KEY_E : 0; + if (!r) r = mp_exptmod(&srp->g, &srp->priv, &srp->N, pubkey); + if (!r) r = mp_mulmod(i, &srp->auth, &srp->N, j); + if (!r) r = mp_add(j, pubkey, i); + if (!r) r = mp_mod(i, &srp->N, pubkey); +#ifdef WOLFSSL_SMALL_STACK + if (i != NULL) { + mp_clear(i); + XFREE(i, srp->heap, DYNAMIC_TYPE_TMP_BUFFER); + } + if (j != NULL) { + mp_clear(j); + XFREE(j, srp->heap, DYNAMIC_TYPE_TMP_BUFFER); + } +#else + mp_clear(i); mp_clear(j); +#endif } } /* extract public key to buffer */ XMEMSET(pub, 0, modulusSz); - if (!r) r = mp_to_unsigned_bin(&pubkey, pub); - if (!r) *size = mp_unsigned_bin_size(&pubkey); - mp_clear(&pubkey); + if (!r) r = mp_to_unsigned_bin(pubkey, pub); + if (!r) *size = mp_unsigned_bin_size(pubkey); + + mp_clear(pubkey); +#ifdef WOLFSSL_SMALL_STACK + XFREE(pubkey, srp->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif return r; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index f50bcbb7f..82c4a128c 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -16165,7 +16165,7 @@ static int dh_generate_test(WC_RNG *rng) { int ret = 0; #ifdef WOLFSSL_SMALL_STACK - DhKey *smallKey = (DhKey*)XMALLOC(sizeof(DhKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + DhKey *smallKey = NULL; #else DhKey smallKey[1]; #endif @@ -16183,16 +16183,17 @@ static int dh_generate_test(WC_RNG *rng) word32 privSz = sizeof(priv); word32 pubSz = sizeof(pub); #endif + int smallKey_inited = 0; #ifdef WOLFSSL_SMALL_STACK - if (smallKey == NULL) { - ERROR_OUT(-8010, exit_gen_test); - } + if ((smallKey = (DhKey *)XMALLOC(sizeof(*smallKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) + return -8019; #endif ret = wc_InitDhKey_ex(smallKey, HEAP_HINT, devId); if (ret != 0) - return -8010; + ERROR_OUT(-8010, exit_gen_test); + smallKey_inited = 1; /* Parameter Validation testing. */ ret = wc_InitDhKey_ex(NULL, HEAP_HINT, devId); @@ -16240,11 +16241,12 @@ static int dh_generate_test(WC_RNG *rng) #endif exit_gen_test: - wc_FreeDhKey(smallKey); + if (smallKey_inited) + wc_FreeDhKey(smallKey); + #ifdef WOLFSSL_SMALL_STACK - if (smallKey != NULL) { + if (smallKey != NULL) XFREE(smallKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return ret; @@ -37013,18 +37015,29 @@ static const unsigned char testOne[] = { 1 }; static int GenerateNextP(mp_int* p1, mp_int* p2, int k) { int ret; - mp_int ki; +#ifdef WOLFSSL_SMALL_STACK + mp_int *ki = (mp_int *)XMALLOC(sizeof(*ki), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - ret = mp_init(&ki); + if (ki == NULL) + return MEMORY_E; +#else + mp_int ki[1]; +#endif + + ret = mp_init(ki); if (ret == 0) - ret = mp_set(&ki, k); + ret = mp_set(ki, k); if (ret == 0) ret = mp_sub_d(p1, 1, p2); if (ret == 0) - ret = mp_mul(p2, &ki, p2); + ret = mp_mul(p2, ki, p2); if (ret == 0) ret = mp_add_d(p2, 1, p2); - mp_clear(&ki); + mp_clear(ki); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(ki, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ret; } @@ -37034,39 +37047,62 @@ static int GenerateP(mp_int* p1, mp_int* p2, mp_int* p3, const pairs_t* ecPairs, int ecPairsSz, const int* k) { - mp_int x,y; +#ifdef WOLFSSL_SMALL_STACK + mp_int *x = NULL, *y = NULL; +#else + mp_int x[1], y[1]; +#endif int ret, i; - ret = mp_init(&x); - if (ret == 0) { - ret = mp_init(&y); - if (ret != 0) { - mp_clear(&x); - return MP_MEM; - } +#ifdef WOLFSSL_SMALL_STACK + if (((x = (mp_int *)XMALLOC(sizeof(*x), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) || + ((y = (mp_int *)XMALLOC(sizeof(*x), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)) { + ret = MEMORY_E; + goto out; + } +#endif + + ret = mp_init_multi(x, y, NULL, NULL, NULL, NULL); + if (ret != 0) { + ret = MP_MEM; + goto out; } for (i = 0; ret == 0 && i < ecPairsSz; i++) { - ret = mp_read_unsigned_bin(&x, ecPairs[i].coeff, ecPairs[i].coeffSz); + ret = mp_read_unsigned_bin(x, ecPairs[i].coeff, ecPairs[i].coeffSz); /* p1 = 2^exp */ if (ret == 0) - ret = mp_2expt(&y, ecPairs[i].exp); + ret = mp_2expt(y, ecPairs[i].exp); /* p1 = p1 * m */ if (ret == 0) - ret = mp_mul(&x, &y, &x); + ret = mp_mul(x, y, x); /* p1 += */ if (ret == 0) - ret = mp_add(p1, &x, p1); - mp_zero(&x); - mp_zero(&y); + ret = mp_add(p1, x, p1); + mp_zero(x); + mp_zero(y); } - mp_clear(&x); - mp_clear(&y); if (ret == 0) ret = GenerateNextP(p1, p2, k[0]); if (ret == 0) ret = GenerateNextP(p1, p3, k[1]); + out: + +#ifdef WOLFSSL_SMALL_STACK + if (x != NULL) { + mp_clear(x); + XFREE(x, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (y != NULL) { + mp_clear(y); + XFREE(y, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#else + mp_clear(x); + mp_clear(y); +#endif + return ret; }