From 90a51490a9049846a9b795730e722961aefd1766 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Mon, 11 Oct 2021 11:01:03 -0700
Subject: [PATCH] Peer review feedback. Improvements with small stack.

---
 wolfcrypt/src/ecc.c    | 29 ++++++++++++++++++++++++++---
 wolfcrypt/src/sha512.c |  2 --
 2 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index 76f2b3eec..037dba0b0 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -4617,7 +4617,8 @@ int wc_ecc_make_key_ex2(WC_RNG* rng, int keysize, ecc_key* key, int curve_id,
 
     int err;
 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
-    !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_KCAPI_ECC)
+    !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_KCAPI_ECC) && \
+    !defined(WOLFSSL_SE050)
 #if !defined(WOLFSSL_SP_MATH)
     DECLARE_CURVE_SPECS(curve, ECC_CURVE_FIELD_COUNT);
 #endif
@@ -6975,7 +6976,11 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
 #elif defined(WOLFSSL_KCAPI_ECC)
    byte sigRS[MAX_ECC_BYTES*2];
 #elif defined(WOLFSSL_SE050)
-   byte sigRS[ECC_MAX_CRYPTO_HW_SIZE * 2];
+   #ifdef WOLFSSL_SMALL_STACK
+   byte* sigRS = NULL;
+   #else
+   byte  sigRS[ECC_MAX_CRYPTO_HW_SIZE * 2];
+   #endif
 #elif !defined(WOLFSSL_SP_MATH) || defined(FREESCALE_LTC_ECC)
    int          did_init = 0;
    ecc_point    *mG = NULL, *mQ = NULL;
@@ -7129,11 +7134,29 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
         word32 signatureLen = rLeadingZero + sLeadingZero + 
             rLen + sLen + SIG_HEADER_SZ; /* see StoreECC_DSA_Sig */
 
-        err = StoreECC_DSA_Sig(sigRS, &signatureLen, r, s);
+    #ifdef WOLFSSL_SMALL_STACK
+        sigRS = (byte*)XMALLOC(signatureLen, NULL, DYNAMIC_TYPE_SIGNATURE);
+        if (sigRS == NULL) {
+            err = MEMORY_E;
+        }
+    #else
+        if (signatureLen > sizeof(sigRS)) {
+            err = BUFFER_E;
+        }
+    #endif
+        if (err == 0) {
+            err = StoreECC_DSA_Sig(sigRS, &signatureLen, r, s);
+        }
         if (err == 0) {
             err = se050_ecc_verify_hash_ex(hash, hashlen, sigRS,
                 signatureLen, key, res);
         }
+    #ifdef WOLFSSL_SMALL_STACK  
+        if (sigRS != NULL) {
+            XFREE(sigRS, NULL, DYNAMIC_TYPE_SIGNATURE);
+            sigRS = NULL;
+        }
+    #endif
         if (err != 0)
             return err;
     }
diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c
index 13aef4ba0..263c22312 100644
--- a/wolfcrypt/src/sha512.c
+++ b/wolfcrypt/src/sha512.c
@@ -208,7 +208,6 @@
     {
         if (sha512 == NULL)
             return BAD_FUNC_ARG;
-        //void* heap;
         return se050_hash_init(&sha512->se050Ctx, NULL);
     }
     int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId)
@@ -222,7 +221,6 @@
     int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
     {
         return se050_hash_update(&sha512->se050Ctx, data, len);
-    
     }
     int wc_Sha512Final(wc_Sha512* sha512, byte* hash)
     {