From bc2b184c98e9ede9e27de327ad4a8c1a1a996f79 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Tue, 21 May 2024 08:33:33 +0900
Subject: [PATCH] Add EC_POINT_hex2point: zd #17090

---
 src/pk.c | 55 ++++++++++++++++++++++---------------------------------
 1 file changed, 22 insertions(+), 33 deletions(-)

diff --git a/src/pk.c b/src/pk.c
index ba03fdeb5..e3a16ddde 100644
--- a/src/pk.c
+++ b/src/pk.c
@@ -32,6 +32,12 @@
 
 #ifdef HAVE_ECC
     #include <wolfssl/wolfcrypt/ecc.h>
+    #ifdef HAVE_SELFTEST
+        /* point compression types. */
+        #define ECC_POINT_COMP_EVEN 0x02
+        #define ECC_POINT_COMP_ODD  0x03
+        #define ECC_POINT_UNCOMP    0x04
+    #endif
 #endif
 #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
     /* FIPS build has replaced ecc.h. */
@@ -9787,12 +9793,12 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
              * odd.
              */
             hex[0] = mp_isodd((mp_int*)point->Y->internal) ?
-                0x03 : 0x02;
+                ECC_POINT_COMP_ODD : ECC_POINT_COMP_EVEN;
             /* No y-ordinate. */
         }
         else {
             /* Put in uncompressed format byte. */
-            hex[0] = 0x04;
+            hex[0] = ECC_POINT_UNCOMP;
             /* Calculate offset as leading zeros not encoded. */
             i = 1 + 2 * sz - mp_unsigned_bin_size((mp_int*)point->Y->internal);
             /* Put in y-ordinate after x-ordinate. */
@@ -9826,13 +9832,11 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
 static size_t hex_to_bytes(const char *hex, unsigned char *output, size_t sz)
 {
     word32 i;
-    for (i = 0; i < sz; i++)
-    {
+    for (i = 0; i < sz; i++) {
         signed char ch1, ch2;
         ch1 = HexCharToByte(hex[i * 2]);
         ch2 = HexCharToByte(hex[i * 2 + 1]);
-        if ((ch1 < 0) || (ch2 < 0))
-        {
+        if ((ch1 < 0) || (ch2 < 0)) {
             WOLFSSL_MSG("hex_to_bytes: syntax error");
             return 0;
         }
@@ -9841,20 +9845,19 @@ static size_t hex_to_bytes(const char *hex, unsigned char *output, size_t sz)
     return sz;
 }
 
-WOLFSSL_EC_POINT*wolfSSL_EC_POINT_hex2point(const EC_GROUP *group,
+WOLFSSL_EC_POINT* wolfSSL_EC_POINT_hex2point(const EC_GROUP *group,
             const char *hex, WOLFSSL_EC_POINT*p, WOLFSSL_BN_CTX *ctx)
 {
     /* for uncompressed mode */
     size_t str_sz;
     BIGNUM *Gx  = NULL;
     BIGNUM *Gy  = NULL;
-    char   *strGx = NULL;
+    char   strGx[MAX_ECC_BYTES * 2 + 1];
 
-     /* for compressed mode */
+    /* for compressed mode */
     int    key_sz;
-    byte   *octGx = NULL;
+    byte   *octGx = (byte *)strGx; /* octGx[MAX_ECC_BYTES] */
 
-    #define P_ALLOC 1
     int p_alloc = 0;
     int ret;
 
@@ -9868,24 +9871,20 @@ WOLFSSL_EC_POINT*wolfSSL_EC_POINT_hex2point(const EC_GROUP *group,
             WOLFSSL_MSG("wolfSSL_EC_POINT_new");
             goto err;
         }
-        p_alloc = P_ALLOC;
+        p_alloc = 1;
     }
 
+    key_sz = (wolfSSL_EC_GROUP_get_degree(group) + 7) / 8;
     if (hex[0] ==  '0' && hex[1] == '4') { /* uncompressed mode */
-        str_sz = ((wolfSSL_EC_GROUP_get_degree(group) + 7) / 8) * 2;
-        strGx = (char *)XMALLOC(str_sz + 1, NULL, DYNAMIC_TYPE_ECC);
-        if (strGx == NULL) {
-            WOLFSSL_MSG("malloc error");
-            goto err;
-        }
+        str_sz = key_sz * 2;
 
         XMEMSET(strGx, 0x0, str_sz + 1);
         XMEMCPY(strGx, hex + 2, str_sz);
 
-        if (BN_hex2bn(&Gx, strGx) == 0)
+        if (wolfSSL_BN_hex2bn(&Gx, strGx) == 0)
             goto err;
 
-        if (BN_hex2bn(&Gy, hex + 2 + str_sz) == 0)
+        if (wolfSSL_BN_hex2bn(&Gy, hex + 2 + str_sz) == 0)
             goto err;
 
         ret = wolfSSL_EC_POINT_set_affine_coordinates_GFp
@@ -9897,16 +9896,10 @@ WOLFSSL_EC_POINT*wolfSSL_EC_POINT_hex2point(const EC_GROUP *group,
         }
     }
     else if (hex[0] == '0' && (hex[1] == '2' || hex[1] == '3')) {
+        size_t sz = XSTRLEN(hex + 2) / 2;
         /* compressed mode */
-        key_sz = ((wolfSSL_EC_GROUP_get_degree(group) + 7) / 8);
-        octGx = (byte *)XMALLOC(key_sz + 1, NULL, DYNAMIC_TYPE_ECC);
-        if (octGx == NULL) {
-            WOLFSSL_MSG("EEC_KEY_get_byte_size, XMALLOC");
-            goto err;
-        }
-        octGx[0] = 0x03;
-        if (hex_to_bytes(hex + 2, octGx + 1, XSTRLEN(hex + 2) / 2)
-                                            != XSTRLEN(hex + 2) / 2) {
+        octGx[0] = ECC_POINT_COMP_ODD;
+        if (hex_to_bytes(hex + 2, octGx + 1, sz) != sz) {
             goto err;
         }
         if (wolfSSL_ECPoint_d2i(octGx, key_sz + 1, group, p)
@@ -9917,15 +9910,11 @@ WOLFSSL_EC_POINT*wolfSSL_EC_POINT_hex2point(const EC_GROUP *group,
     else
         goto err;
 
-    XFREE(strGx, NULL, DYNAMIC_TYPE_ECC);
-    XFREE(octGx, NULL, DYNAMIC_TYPE_ECC);
     wolfSSL_BN_free(Gx);
     wolfSSL_BN_free(Gy);
     return p;
 
 err:
-    XFREE(strGx, NULL, DYNAMIC_TYPE_ECC);
-    XFREE(octGx, NULL, DYNAMIC_TYPE_ECC);
     wolfSSL_BN_free(Gx);
     wolfSSL_BN_free(Gy);
     if (p_alloc) {