From ae25a485094adc3e022df92d1ac10aa07b15c376 Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 17 Mar 2022 14:01:57 -0700 Subject: [PATCH] Improve the build message to not always allocate the IV (16 byte) (use fixed buffer if <= 16 bytes). --- src/internal.c | 17 +++++++++++++---- wolfssl/internal.h | 1 + 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/src/internal.c b/src/internal.c index 109b256a9..8658c0d27 100644 --- a/src/internal.c +++ b/src/internal.c @@ -18116,8 +18116,10 @@ int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes) void FreeBuildMsgArgs(WOLFSSL* ssl, BuildMsgArgs* args) { if (args) { - if (ssl && args->iv) + /* only free the IV if it was dynamically allocated */ + if (ssl && args->iv && (args->iv != args->staticIvBuffer)) { XFREE(args->iv, ssl->heap, DYNAMIC_TYPE_SALT); + } XMEMSET(args, 0, sizeof(BuildMsgArgs)); } } @@ -18312,9 +18314,16 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, } if (args->ivSz > 0) { - args->iv = (byte*)XMALLOC(args->ivSz, ssl->heap, DYNAMIC_TYPE_SALT); - if (args->iv == NULL) - ERROR_OUT(MEMORY_E, exit_buildmsg); + if (args->ivSz > sizeof(args->staticIvBuffer)) { + args->iv = (byte*)XMALLOC(args->ivSz, ssl->heap, + DYNAMIC_TYPE_SALT); + if (args->iv == NULL) { + ERROR_OUT(MEMORY_E, exit_buildmsg); + } + } + else { + args->iv = args->staticIvBuffer; + } ret = wc_RNG_GenerateBlock(ssl->rng, args->iv, args->ivSz); if (ret != 0) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 3832f3aa9..496a9b682 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -4183,6 +4183,7 @@ typedef struct BuildMsgArgs { word16 size; word32 ivSz; /* TLSv1.1 IV */ byte* iv; + ALIGN16 byte staticIvBuffer[MAX_IV_SZ]; } BuildMsgArgs; #endif