feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

smallstack reduction for wolfSSL_X509_set_ext, wolfSSL_EC_POINT_mul, wolfSSL_ECDSA_do_sign, wolfSSL_i2d_X509_NAME, wolfSSL_X509_REQ_sign

Browse Source
This commit is contained in:
Chris Conlon
2022-03-17 18:07:15 -06:00
parent 210eb6283c
commit 94e1b87ae0
1 changed files with 252 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

318
src/ssl.c
View File

@ -9772,7 +9772,11 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
WOLFSSL_X509_EXTENSION* ext = NULL;
WOLFSSL_ASN1_INTEGER* a;
WOLFSSL_STACK* sk;
DecodedCert cert;
#ifdef WOLFSSL_SMALL_STACK
DecodedCert* cert = NULL;
#else
DecodedCert cert[1];
#endif
WOLFSSL_ENTER("wolfSSL_X509_set_ext");
@ -9799,9 +9803,18 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
return NULL;
}
InitDecodedCert( &cert, rawCert, (word32)outSz, 0);
#ifdef WOLFSSL_SMALL_STACK
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
if (cert == NULL) {
WOLFSSL_MSG("Failed to allocate memory for DecodedCert");
wolfSSL_X509_EXTENSION_free(ext);
return NULL;
}
#endif
if (ParseCert(&cert,
InitDecodedCert(cert, rawCert, (word32)outSz, 0);
if (ParseCert(cert,
#ifdef WOLFSSL_CERT_REQ
x509->isCSR ? CERTREQ_TYPE :
#endif
@ -9809,17 +9822,23 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
NO_VERIFY, NULL) < 0) {
WOLFSSL_MSG("\tCertificate parsing failed");
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
input = cert.extensions;
sz = cert.extensionsSz;
input = cert->extensions;
sz = cert->extensionsSz;
if (input == NULL || sz == 0) {
WOLFSSL_MSG("\tfail: should be an EXTENSIONS");
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
@ -9830,14 +9849,20 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
if (input[idx++] != ASN_EXTENSIONS) {
WOLFSSL_MSG("\tfail: should be an EXTENSIONS");
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
if (GetLength(input, &idx, &length, sz) < 0) {
WOLFSSL_MSG("\tfail: invalid length");
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
}
@ -9845,7 +9870,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
if (GetSequence(input, &idx, &length, sz) < 0) {
WOLFSSL_MSG("\tfail: should be a SEQUENCE (1)");
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
@ -9855,7 +9883,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
if (GetSequence(input, &idx, &length, sz) < 0) {
WOLFSSL_MSG("\tfail: should be a SEQUENCE");
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
@ -9864,7 +9895,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
if (ret < 0) {
WOLFSSL_MSG("\tfail: OBJECT ID");
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
idx = tmpIdx;
@ -9883,7 +9917,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
if (ext->obj == NULL) {
WOLFSSL_MSG("\tfail: Invalid OBJECT");
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
ext->obj->nid = nid;
@ -9896,7 +9933,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
a = wolfSSL_ASN1_INTEGER_new();
if (a == NULL) {
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
a->length = x509->pathLength;
@ -9918,7 +9958,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
if (sk == NULL) {
WOLFSSL_MSG("Failed to malloc stack");
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
@ -9932,7 +9975,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
WOLFSSL_MSG("Error creating ASN1 object");
wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
obj->obj = (byte*)x509->authInfoCaIssuer;
@ -9946,7 +9992,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
wolfSSL_ASN1_OBJECT_free(obj);
wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
}
@ -9961,7 +10010,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
WOLFSSL_MSG("Error creating ASN1 object");
wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
obj->obj = x509->authInfo;
@ -9975,7 +10027,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
wolfSSL_ASN1_OBJECT_free(obj);
wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
}
@ -9992,7 +10047,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
if (ret != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("ASN1_STRING_set() failed");
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
ext->crit = x509->authKeyIdCrit;
@ -10007,7 +10065,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
if (ret != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("ASN1_STRING_set() failed");
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
ext->crit = x509->subjKeyIdCrit;
@ -10028,7 +10089,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
if (ret != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("ASN1_STRING_set() failed");
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
ext->crit = x509->keyUsageCrit;
@ -10043,7 +10107,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
if (ret != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("ASN1_STRING_set() failed");
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
ext->crit = x509->keyUsageCrit;
@ -10068,7 +10135,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
if (ret != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("ASN1_STRING_set() failed");
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
#endif
@ -10078,7 +10148,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
DYNAMIC_TYPE_ASN1);
if (sk == NULL) {
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
XMEMSET(sk, 0, sizeof(WOLFSSL_GENERAL_NAMES));
@ -10093,8 +10166,11 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
if (gn == NULL) {
WOLFSSL_MSG("Error creating GENERAL_NAME");
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
wolfSSL_sk_pop_free(sk, NULL);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
@ -10104,9 +10180,12 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
gn->d.ia5->length) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("ASN1_STRING_set failed");
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
wolfSSL_GENERAL_NAME_free(gn);
wolfSSL_sk_pop_free(sk, NULL);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
@ -10117,9 +10196,12 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Error pushing onto stack");
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
wolfSSL_GENERAL_NAME_free(gn);
wolfSSL_sk_pop_free(sk, NULL);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
}
@ -10128,9 +10210,12 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Error pushing onto stack");
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
wolfSSL_GENERAL_NAME_free(gn);
wolfSSL_sk_pop_free(sk, NULL);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
}
@ -10149,7 +10234,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
if (GetASNObjectId(input, &idx, &length, sz) != 0) {
WOLFSSL_MSG("Failed to Get ASN Object Id");
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
oidBuf = (byte*)XMALLOC(length+1+MAX_LENGTH_SZ, NULL,
@ -10157,7 +10245,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
if (oidBuf == NULL) {
WOLFSSL_MSG("Failed to malloc tmp buffer");
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
oidBuf[0] = ASN_OBJECT_ID;
@ -10175,8 +10266,11 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
if (ext->obj->obj == NULL) {
wolfSSL_ASN1_OBJECT_free(ext->obj);
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
XFREE(oidBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
ext->obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
@ -10197,7 +10291,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
WOLFSSL_MSG("Error decoding unknown extension data");
wolfSSL_ASN1_OBJECT_free(ext->obj);
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
@ -10205,7 +10302,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
WOLFSSL_MSG("Error: Invalid Input Length.");
wolfSSL_ASN1_OBJECT_free(ext->obj);
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
ext->value.data = (char*)XMALLOC(length, NULL, DYNAMIC_TYPE_ASN1);
@ -10213,7 +10313,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
if (ext->value.data == NULL) {
WOLFSSL_MSG("Failed to malloc ASN1_STRING data");
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return NULL;
}
XMEMCPY(ext->value.data,input+tmpIdx,length);
@ -10232,7 +10335,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
if (x509->ext_sk != NULL)
wolfSSL_sk_X509_EXTENSION_push(x509->ext_sk, ext);
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return ext;
}
@ -40421,7 +40527,12 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
const WOLFSSL_BIGNUM *n, const WOLFSSL_EC_POINT *q,
const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx)
{
mp_int a, prime;
#ifdef WOLFSSL_SMALL_STACK
mp_int* a = NULL;
mp_int* prime = NULL;
#else
mp_int a[1], prime[1];
#endif
int ret = WOLFSSL_FAILURE;
ecc_point* result = NULL;
ecc_point* tmp = NULL;
@ -40435,13 +40546,25 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
return WOLFSSL_FAILURE;
}
#ifdef WOLFSSL_SMALL_STACK
a = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
if (a == NULL) {
return WOLFSSL_FAILURE;
}
prime = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
if (prime == NULL) {
XFREE(a, NULL, DYNAMIC_TYPE_BIGINT);
return WOLFSSL_FAILURE;
}
#endif
if (!(result = wc_ecc_new_point())) {
WOLFSSL_MSG("wolfSSL_EC_POINT_new error");
return WOLFSSL_FAILURE;
}
/* read the curve prime and a */
if (mp_init_multi(&prime, &a, NULL, NULL, NULL, NULL) != MP_OKAY) {
if (mp_init_multi(prime, a, NULL, NULL, NULL, NULL) != MP_OKAY) {
WOLFSSL_MSG("mp_init_multi error");
goto cleanup;
}
@ -40451,13 +40574,13 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
goto cleanup;
}
if (mp_read_radix(&prime, ecc_sets[group->curve_idx].prime, MP_RADIX_HEX)
if (mp_read_radix(prime, ecc_sets[group->curve_idx].prime, MP_RADIX_HEX)
!= MP_OKAY) {
WOLFSSL_MSG("mp_read_radix prime error");
goto cleanup;
}
if (mp_read_radix(&a, ecc_sets[group->curve_idx].Af, MP_RADIX_HEX)
if (mp_read_radix(a, ecc_sets[group->curve_idx].Af, MP_RADIX_HEX)
!= MP_OKAY) {
WOLFSSL_MSG("mp_read_radix a error");
goto cleanup;
@ -40495,14 +40618,14 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
#ifdef ECC_SHAMIR
if (ecc_mul2add(result, (mp_int*)n->internal,
(ecc_point*)q->internal, (mp_int*)m->internal,
result, &a, &prime, NULL)
result, a, prime, NULL)
!= MP_OKAY) {
WOLFSSL_MSG("ecc_mul2add error");
goto cleanup;
}
#else
mp_digit mp = 0;
if (mp_montgomery_setup(&prime, &mp) != MP_OKAY) {
if (mp_montgomery_setup(prime, &mp) != MP_OKAY) {
WOLFSSL_MSG("mp_montgomery_setup nqm error");
goto cleanup;
}
@ -40511,24 +40634,24 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
goto cleanup;
}
/* r = generator * n */
if (wc_ecc_mulmod((mp_int*)n->internal, result, result, &a, &prime, 0)
if (wc_ecc_mulmod((mp_int*)n->internal, result, result, a, prime, 0)
!= MP_OKAY) {
WOLFSSL_MSG("wc_ecc_mulmod nqm error");
goto cleanup;
}
/* tmp = q * m */
if (wc_ecc_mulmod((mp_int*)m->internal, (ecc_point*)q->internal,
tmp, &a, &prime, 0) != MP_OKAY) {
tmp, a, prime, 0) != MP_OKAY) {
WOLFSSL_MSG("wc_ecc_mulmod nqm error");
goto cleanup;
}
/* result = result + tmp */
if (ecc_projective_add_point(tmp, result, result, &a, &prime, mp)
if (ecc_projective_add_point(tmp, result, result, a, prime, mp)
!= MP_OKAY) {
WOLFSSL_MSG("wc_ecc_mulmod nqm error");
goto cleanup;
}
if (ecc_map(result, &prime, mp) != MP_OKAY) {
if (ecc_map(result, prime, mp) != MP_OKAY) {
WOLFSSL_MSG("ecc_map nqm error");
goto cleanup;
}
@ -40536,7 +40659,7 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
}
else if (n) {
/* r = generator * n */
if (wc_ecc_mulmod((mp_int*)n->internal, result, result, &a, &prime, 1)
if (wc_ecc_mulmod((mp_int*)n->internal, result, result, a, prime, 1)
!= MP_OKAY) {
WOLFSSL_MSG("wc_ecc_mulmod gn error");
goto cleanup;
@ -40545,7 +40668,7 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
else if (q && m) {
/* r = q * m */
if (wc_ecc_mulmod((mp_int*)m->internal, (ecc_point*)q->internal,
result, &a, &prime, 1) != MP_OKAY) {
result, a, prime, 1) != MP_OKAY) {
WOLFSSL_MSG("wc_ecc_mulmod qm error");
goto cleanup;
}
@ -40564,10 +40687,14 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
ret = WOLFSSL_SUCCESS;
cleanup:
mp_clear(&a);
mp_clear(&prime);
mp_clear(a);
mp_clear(prime);
wc_ecc_del_point(result);
wc_ecc_del_point(tmp);
#ifdef WOLFSSL_SMALL_STACK
XFREE(a, NULL, DYNAMIC_TYPE_BIGINT);
XFREE(prime, NULL, DYNAMIC_TYPE_BIGINT);
#endif
return ret;
}
#endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A && !HAVE_SELFTEST &&
@ -40837,9 +40964,15 @@ WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen,
WC_RNG* rng = NULL;
#ifdef WOLFSSL_SMALL_STACK
WC_RNG* tmpRNG = NULL;
byte* out = NULL;
mp_int* sig_r = NULL;
mp_int* sig_s = NULL;
#else
WC_RNG tmpRNG[1];
byte out[ECC_BUFSIZE];
mp_int sig_r[1], sig_s[1];
#endif
word32 outlen = ECC_BUFSIZE;
WOLFSSL_ENTER("wolfSSL_ECDSA_do_sign");
@ -40863,6 +40996,24 @@ WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen,
tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
if (tmpRNG == NULL)
return NULL;
out = (byte*)XMALLOC(outlen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (out == NULL) {
XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
return NULL;
}
sig_r = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
if (sig_r == NULL) {
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
return NULL;
}
sig_s = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
if (sig_s == NULL) {
XFREE(sig_r, NULL, DYNAMIC_TYPE_BIGINT);
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
return NULL;
}
#endif
if (wc_InitRng(tmpRNG) == 0) {
@ -40878,31 +41029,28 @@ WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen,
}
if (rng) {
byte out[ECC_BUFSIZE];
word32 outlen = ECC_BUFSIZE;
/* use wc_ecc_sign_hash because it supports crypto callbacks */
if (wc_ecc_sign_hash(d, dlen, out, &outlen, rng,
(ecc_key*)key->internal) == 0) {
mp_int sig_r, sig_s;
if (mp_init_multi(&sig_r, &sig_s, NULL, NULL, NULL, NULL) == MP_OKAY) {
if (mp_init_multi(sig_r, sig_s, NULL, NULL, NULL, NULL) == MP_OKAY) {
/* put signature blob in ECDSA structure */
if (DecodeECC_DSA_Sig(out, outlen, &sig_r, &sig_s) == 0) {
if (DecodeECC_DSA_Sig(out, outlen, sig_r, sig_s) == 0) {
sig = wolfSSL_ECDSA_SIG_new();
if (sig == NULL)
WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new failed");
else if (SetIndividualExternal(&sig->r, &sig_r) != WOLFSSL_SUCCESS) {
else if (SetIndividualExternal(&sig->r, sig_r) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("ecdsa r key error");
wolfSSL_ECDSA_SIG_free(sig);
sig = NULL;
}
else if (SetIndividualExternal(&sig->s, &sig_s)!=WOLFSSL_SUCCESS){
else if (SetIndividualExternal(&sig->s, sig_s)!=WOLFSSL_SUCCESS){
WOLFSSL_MSG("ecdsa s key error");
wolfSSL_ECDSA_SIG_free(sig);
sig = NULL;
}
}
mp_free(&sig_r);
mp_free(&sig_s);
mp_free(sig_r);
mp_free(sig_s);
}
}
else {
@ -40913,6 +41061,9 @@ WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen,
if (initTmpRng)
wc_FreeRng(tmpRNG);
#ifdef WOLFSSL_SMALL_STACK
XFREE(sig_s, NULL, DYNAMIC_TYPE_BIGINT);
XFREE(sig_r, NULL, DYNAMIC_TYPE_BIGINT);
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
#endif
@ -45210,7 +45361,11 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
unsigned char **in, long length)
{
WOLFSSL_X509_NAME* tmp = NULL;
DecodedCert cert;
#ifdef WOLFSSL_SMALL_STACK
DecodedCert* cert = NULL;
#else
DecodedCert cert[1];
#endif
WOLFSSL_ENTER("wolfSSL_d2i_X509_NAME");
@ -45219,12 +45374,20 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
return NULL;
}
#ifdef WOLFSSL_SMALL_STACK
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
DYNAMIC_TYPE_DCERT);
if (cert == NULL) {
return NULL;
}
#endif
/* Set the X509_NAME buffer as the input data for cert.
* in is NOT a full certificate. Just the name. */
InitDecodedCert(&cert, *in, (word32)length, NULL);
InitDecodedCert(cert, *in, (word32)length, NULL);
/* Parse the X509 subject name */
if (GetName(&cert, SUBJECT, (int)length) != 0) {
if (GetName(cert, SUBJECT, (int)length) != 0) {
WOLFSSL_MSG("WOLFSSL_X509_NAME parse error");
goto cleanup;
}
@ -45234,7 +45397,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
goto cleanup;
}
if (wolfSSL_X509_NAME_copy((WOLFSSL_X509_NAME*)cert.subjectName,
if (wolfSSL_X509_NAME_copy((WOLFSSL_X509_NAME*)cert->subjectName,
tmp) != WOLFSSL_SUCCESS) {
wolfSSL_X509_NAME_free(tmp);
tmp = NULL;
@ -45244,7 +45407,10 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
if (name)
*name = tmp;
cleanup:
FreeDecodedCert(&cert);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
return tmp;
}
@ -57431,27 +57597,47 @@ int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
const WOLFSSL_EVP_MD *md)
{
int ret;
#ifdef WOLFSSL_SMALL_STACK
byte* der = NULL;
#else
byte der[2048];
int derSz = sizeof(der);
#endif
int derSz = 2048;
if (req == NULL || pkey == NULL || md == NULL) {
WOLFSSL_LEAVE("wolfSSL_X509_REQ_sign", BAD_FUNC_ARG);
return WOLFSSL_FAILURE;
}
#ifdef WOLFSSL_SMALL_STACK
der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
return WOLFSSL_FAILURE;
}
#endif
/* Create a Cert that has the certificate request fields. */
req->sigOID = wolfSSL_sigTypeFromPKEY((WOLFSSL_EVP_MD*)md, pkey);
ret = wolfssl_x509_make_der(req, 1, der, &derSz, 0);
if (ret != WOLFSSL_SUCCESS) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
WOLFSSL_MSG("Unable to make DER for X509");
WOLFSSL_LEAVE("wolfSSL_X509_REQ_sign", ret);
return WOLFSSL_FAILURE;
}
if (wolfSSL_X509_resign_cert(req, 1, der, sizeof(der), derSz,
if (wolfSSL_X509_resign_cert(req, 1, der, 2048, derSz,
(WOLFSSL_EVP_MD*)md, pkey) <= 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return WOLFSSL_FAILURE;
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return WOLFSSL_SUCCESS;
}