diff --git a/wolfcrypt/src/signature.c b/wolfcrypt/src/signature.c index 5d503338a..d731b5daf 100644 --- a/wolfcrypt/src/signature.c +++ b/wolfcrypt/src/signature.c @@ -195,14 +195,27 @@ int wc_SignatureVerifyHash( #else /* WOLFSSL_CRYPTOCELL */ word32 plain_len = hash_len; + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) byte *plain_data; + #else + byte plain_data[MAX_ENCODED_SIG_SZ]; + #endif + /* Make sure the plain text output is at least key size */ if (plain_len < sig_len) { plain_len = sig_len; } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) plain_data = (byte*)XMALLOC(plain_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (plain_data) { + if (plain_data) + #else + if (plain_len <= sizeof(plain_data)) + #endif + { + byte* plain_ptr = NULL; + XMEMSET(plain_data, 0, plain_len); + XMEMCPY(plain_data, sig, sig_len); /* Perform verification of signature using provided RSA key */ do { #ifdef WOLFSSL_ASYNC_CRYPT @@ -210,12 +223,11 @@ int wc_SignatureVerifyHash( WC_ASYNC_FLAG_CALL_AGAIN); #endif if (ret >= 0) - ret = wc_RsaSSL_Verify(sig, sig_len, plain_data, - plain_len, (RsaKey*)key); + ret = wc_RsaSSL_VerifyInline(plain_data, sig_len, &plain_ptr, (RsaKey*)key); } while (ret == WC_PENDING_E); - if (ret >= 0) { + if (ret >= 0 && plain_ptr) { if ((word32)ret == hash_len && - XMEMCMP(plain_data, hash_data, hash_len) == 0) { + XMEMCMP(plain_ptr, hash_data, hash_len) == 0) { ret = 0; /* Success */ } else { @@ -223,7 +235,9 @@ int wc_SignatureVerifyHash( ret = SIG_VERIFY_E; } } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) XFREE(plain_data, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif } else { ret = MEMORY_E; diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c index b163a35ff..04e639ff3 100644 --- a/wolfcrypt/src/tfm.c +++ b/wolfcrypt/src/tfm.c @@ -1710,9 +1710,13 @@ static int _fp_exptmod_ct(fp_int * G, fp_int * X, int digits, fp_int * P, static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) { fp_int *res; - fp_int *M; fp_digit buf, mp; int err, bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize; +#ifndef WOLFSSL_NO_MALLOC + fp_int *M; +#else + fp_int M[(1 << 6) + 1]; +#endif /* find window size */ x = fp_count_bits (X); @@ -1733,12 +1737,14 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) return err; } +#ifndef WOLFSSL_NO_MALLOC /* only allocate space for what's needed for window plus res */ M = (fp_int*)XMALLOC(sizeof(fp_int)*((1 << winsize) + 1), NULL, DYNAMIC_TYPE_BIGINT); if (M == NULL) { return FP_MEM; } +#endif res = &M[(word32)(1 << winsize)]; /* init M array */ @@ -1774,7 +1780,9 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) fp_sqr (&M[(word32)(1 << (winsize - 1))], &M[(word32)(1 << (winsize - 1))]); err = fp_montgomery_reduce (&M[(word32)(1 << (winsize - 1))], P, mp); if (err != FP_OKAY) { +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); +#endif return err; } } @@ -1783,12 +1791,16 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) for (x = (1 << (winsize - 1)) + 1; x < (1 << winsize); x++) { err = fp_mul(&M[x - 1], &M[1], &M[x]); if (err != FP_OKAY) { +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); +#endif return err; } err = fp_montgomery_reduce(&M[x], P, mp); if (err != FP_OKAY) { +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); +#endif return err; } } @@ -1830,12 +1842,16 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) if (mode == 1 && y == 0) { err = fp_sqr(res, res); if (err != FP_OKAY) { +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); +#endif return err; } fp_montgomery_reduce(res, P, mp); if (err != FP_OKAY) { +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); +#endif return err; } continue; @@ -1851,12 +1867,16 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) for (x = 0; x < winsize; x++) { err = fp_sqr(res, res); if (err != FP_OKAY) { +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); +#endif return err; } err = fp_montgomery_reduce(res, P, mp); if (err != FP_OKAY) { +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); +#endif return err; } } @@ -1864,12 +1884,16 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) /* then multiply */ err = fp_mul(res, &M[bitbuf], res); if (err != FP_OKAY) { +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); +#endif return err; } err = fp_montgomery_reduce(res, P, mp); if (err != FP_OKAY) { +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); +#endif return err; } @@ -1886,12 +1910,16 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) for (x = 0; x < bitcpy; x++) { err = fp_sqr(res, res); if (err != FP_OKAY) { +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); +#endif return err; } err = fp_montgomery_reduce(res, P, mp); if (err != FP_OKAY) { +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); +#endif return err; } @@ -1901,12 +1929,16 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) /* then multiply */ err = fp_mul(res, &M[1], res); if (err != FP_OKAY) { +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); +#endif return err; } err = fp_montgomery_reduce(res, P, mp); if (err != FP_OKAY) { +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); +#endif return err; } } @@ -1924,7 +1956,9 @@ static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) /* swap res with Y */ fp_copy (res, Y); +#ifndef WOLFSSL_NO_MALLOC XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); +#endif return err; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 420a269f5..4e4bbbe48 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -8880,7 +8880,7 @@ int aesgcm_test(void) WC_RNG rng; byte randIV[12]; - result = wc_InitRng(&rng); + result = wc_InitRng_ex(&rng, HEAP_HINT, devId); if (result != 0) return -6135;