From d9d3f9a4f4fbe8144b514ba54e7125bd20434228 Mon Sep 17 00:00:00 2001
From: John Bland <john.bland@wolfssl.com>
Date: Mon, 25 Mar 2024 10:13:59 -0400
Subject: [PATCH] fix wc_MakeRsaKey and wc_RsaKeyToDer to work with

WOLFSSL_NO_MALLOC
---
 wolfcrypt/src/asn.c | 40 ++++++++++++++++++++++++++++++++++------
 wolfcrypt/src/rsa.c |  8 ++++++++
 2 files changed, 42 insertions(+), 6 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 9377297e9..c52b44ae7 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -25937,10 +25937,13 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
 {
 #ifndef WOLFSSL_ASN_TEMPLATE
     int ret = 0, i;
+    int mpSz;
+        word32 rawLen;
     word32 seqSz = 0, verSz = 0, intTotalLen = 0, outLen = 0;
     word32 sizes[RSA_INTS];
     byte  seq[MAX_SEQ_SZ];
     byte  ver[MAX_VERSION_SZ];
+    mp_int* keyInt;
     byte* tmps[RSA_INTS];
 
     if (key == NULL)
@@ -25949,20 +25952,28 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
     if (key->type != RSA_PRIVATE)
         return BAD_FUNC_ARG;
 
+    XMEMSET(tmps, 0, sizeof(tmps));
+
     for (i = 0; i < RSA_INTS; i++)
         tmps[i] = NULL;
 
     /* write all big ints from key to DER tmps */
     for (i = 0; i < RSA_INTS; i++) {
-        mp_int* keyInt = GetRsaInt(key, i);
-        int mpSz;
-        word32 rawLen;
-
+        keyInt = GetRsaInt(key, i);
         ret = mp_unsigned_bin_size(keyInt);
-        if (ret < 0)
+        if (ret < 0) {
+#ifndef WOLFSSL_NO_MALLOC
+            /* free outstanding tmps */
+            for (i = 0; i < RSA_INTS; i++) {
+                if (tmps[i] != NULL)
+                    XFREE(tmps[i]);
+            }
+#endif
             return ret;
+        }
         rawLen = (word32)ret + 1;
         ret = 0;
+#ifndef WOLFSSL_NO_MALLOC
         if (output != NULL) {
             tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap,
                                  DYNAMIC_TYPE_RSA);
@@ -25971,7 +25982,7 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
                 break;
             }
         }
-
+#endif
         mpSz = SetASNIntMP(keyInt, MAX_RSA_INT_SZ, tmps[i]);
         if (mpSz < 0) {
             ret = mpSz;
@@ -26004,8 +26015,25 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
         j += verSz;
 
         for (i = 0; i < RSA_INTS; i++) {
+/* copy from tmps if we have malloc, otherwise re-export with buffer */
+#ifndef WOLFSSL_NO_MALLOC
             XMEMCPY(output + j, tmps[i], sizes[i]);
             j += sizes[i];
+#else
+        keyInt = GetRsaInt(key, i);
+        ret = mp_unsigned_bin_size(keyInt);
+        if (ret < 0) {
+            return ret;
+        }
+        rawLen = (word32)ret + 1;
+        ret = 0;
+        mpSz = SetASNIntMP(keyInt, MAX_RSA_INT_SZ, output + j);
+        if (mpSz < 0) {
+            ret = mpSz;
+            break;
+        }
+        j += mpSz;
+#endif
         }
     }
 
diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c
index 4299fd2f8..8f4e521a3 100644
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@@ -4721,7 +4721,11 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
 #endif /* WOLFSSL_SMALL_STACK */
     int i, failCount, isPrime = 0;
     word32 primeSz;
+#ifndef WOLFSSL_NO_MALLOC
     byte* buf = NULL;
+#else
+    byte buf[RSA_MAX_SIZE/16];
+#endif
 #endif /* !WOLFSSL_CRYPTOCELL && !WOLFSSL_SE050 */
     int err;
 
@@ -4827,12 +4831,14 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
     primeSz = (word32)size / 16; /* size is the size of n in bits.
                             primeSz is in bytes. */
 
+#ifndef WOLFSSL_NO_MALLOC
     /* allocate buffer to work with */
     if (err == MP_OKAY) {
         buf = (byte*)XMALLOC(primeSz, key->heap, DYNAMIC_TYPE_RSA);
         if (buf == NULL)
             err = MEMORY_E;
     }
+#endif
 
     SAVE_VECTOR_REGISTERS(err = _svr_ret;);
 
@@ -4935,10 +4941,12 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
     if (err == MP_OKAY && !isPrime)
         err = PRIME_GEN_E;
 
+#ifndef WOLFSSL_NO_MALLOC
     if (buf) {
         ForceZero(buf, primeSz);
         XFREE(buf, key->heap, DYNAMIC_TYPE_RSA);
     }
+#endif
 
     if (err == MP_OKAY && mp_cmp(p, q) < 0) {
         err = mp_copy(p, tmp1);