From dc19ba2aa7a0500d6798483477b41296db84f4fe Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Tue, 20 Jul 2021 16:31:56 +1000
Subject: [PATCH] Memory allocation: fixes from memory usage generation

1. Configuration: If not fast math then don't set ALT_ECC_SIZE when
configuring.
2. ECC KeyShare: Key share entry's key was allocated with type
DYNAMIC_TYPE_PRIVATE_KEY, free with same type.
3. Ed25519: free the SHA-512 temporary object. WOLFSSL_SMALL_STACK_CACHE
builds have dynamicaly allocated data.
4. RSA: Don't keep allocating a new hash object in RsaMGF1 when compiled
with WOLFSSL_SMALL_STACK_CACHE.
---
 configure.ac            |  7 ++++++-
 src/tls.c               |  3 +--
 wolfcrypt/src/ed25519.c | 18 ++++++++++--------
 wolfcrypt/src/rsa.c     | 37 ++++++++++++++++++++++++++++++++++++-
 4 files changed, 53 insertions(+), 12 deletions(-)

diff --git a/configure.ac b/configure.ac
index 0caa104dd..4584f790b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1100,7 +1100,7 @@ AC_ARG_ENABLE([lowresource],
 if test "$ENABLED_LOWRESOURCE" = "yes"
 then
     # low memory / flash flags
-    AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE -DRSA_LOW_MEM -DALT_ECC_SIZE -DGCM_SMALL -DCURVE25519_SMALL -DED25519_SMALL -DWOLFSSL_SMALL_CERT_VERIFY"
+    AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE -DRSA_LOW_MEM -DGCM_SMALL -DCURVE25519_SMALL -DED25519_SMALL -DWOLFSSL_SMALL_CERT_VERIFY"
 
     # low flash flags
     AM_CFLAGS="$AM_CFLAGS -DUSE_SLOW_SHA -DUSE_SLOW_SHA256 -DUSE_SLOW_SHA512"
@@ -2044,6 +2044,11 @@ then
         AM_CFLAGS="$AM_CFLAGS -DWC_ECC_NONBLOCK"
     fi
 
+    if test "$ENABLED_LOWRESOURCE" = "yes" && test "$ENABLED_FASTMATH" = "yes"
+    then
+        AM_CFLAGS="$AM_CFLAGS -DALT_ECC_SIZE"
+    fi
+
     ENABLED_CERTS=yes
 fi
 
diff --git a/src/tls.c b/src/tls.c
index 7f57ca388..30b453b9b 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -7043,8 +7043,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
         kse->pubKeyLen = keySize * 2 + 1;
 
         /* Allocate an ECC key to hold private key. */
-        kse->key = (byte*)XMALLOC(sizeof(ecc_key), ssl->heap,
-                                                      DYNAMIC_TYPE_PRIVATE_KEY);
+        kse->key = (byte*)XMALLOC(sizeof(ecc_key), ssl->heap, DYNAMIC_TYPE_ECC);
         if (kse->key == NULL) {
             WOLFSSL_MSG("EccTempKey Memory error");
             return MEMORY_E;
diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c
index 9c31699a9..b161008e4 100644
--- a/wolfcrypt/src/ed25519.c
+++ b/wolfcrypt/src/ed25519.c
@@ -699,16 +699,18 @@ int wc_ed25519_verify_msg_ex(const byte* sig, word32 sigLen, const byte* msg,
         return ret;
 #endif
 
-    ret = ed25519_verify_msg_init_with_sha(sig, sigLen, key, sha,
-                                     type, context, contextLen);
-    if (ret < 0)
-        return ret;
+    ret = ed25519_verify_msg_init_with_sha(sig, sigLen, key, sha, type, context,
+        contextLen);
+    if (ret == 0)
+        ret = ed25519_verify_msg_update_with_sha(msg, msgLen, key, sha);
+    if (ret == 0)
+        ret = ed25519_verify_msg_final_with_sha(sig, sigLen, res, key, sha);
 
-    ret = ed25519_verify_msg_update_with_sha(msg, msgLen, key, sha);
-    if (ret < 0)
-        return ret;
+#ifndef WOLFSSL_ED25519_PERSISTENT_SHA
+    ed25519_hash_free(key, sha);
+#endif
 
-    return ed25519_verify_msg_final_with_sha(sig, sigLen, res, key, sha);
+    return ret;
 }
 
 /*
diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c
index d45e21024..0799dfd7e 100644
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@@ -823,6 +823,9 @@ static int RsaMGF1(enum wc_HashType hType, byte* seed, word32 seedSz,
     int ret;
     word32 counter;
     word32 idx;
+#ifdef WOLFSSL_SMALL_STACK_CACHE
+    wc_HashAlg *hash;
+#endif
     hLen    = wc_HashGetDigestSize(hType);
     counter = 0;
     idx     = 0;
@@ -847,11 +850,31 @@ static int RsaMGF1(enum wc_HashType hType, byte* seed, word32 seedSz,
     }
     else {
         /* use array on the stack */
+    #ifndef WOLFSSL_SMALL_STACK_CACHE
         tmpSz = sizeof(tmpA);
+    #endif
         tmp  = tmpA;
         tmpF = 0; /* no need to free memory at end */
     }
 
+#ifdef WOLFSSL_SMALL_STACK_CACHE
+    hash = (wc_HashAlg*)XMALLOC(sizeof(*hash), heap, DYNAMIC_TYPE_DIGEST);
+    if (hash == NULL) {
+        if (tmpF) {
+            XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);
+        }
+        return MEMORY_E;
+    }
+    ret = wc_HashInit_ex(hash, hType, heap, INVALID_DEVID);
+    if (ret != 0) {
+        XFREE(hash, heap, DYNAMIC_TYPE_DIGEST);
+        if (tmpF) {
+            XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);
+        }
+        return ret;
+    }
+#endif
+
     do {
         int i = 0;
         XMEMCPY(tmp, seed, seedSz);
@@ -863,7 +886,15 @@ static int RsaMGF1(enum wc_HashType hType, byte* seed, word32 seedSz,
         tmp[seedSz + 3] = (byte)((counter)       & 0xFF);
 
         /* hash and append to existing output */
-        if ((ret = wc_Hash(hType, tmp, (seedSz + 4), tmp, tmpSz)) != 0) {
+#ifdef WOLFSSL_SMALL_STACK_CACHE
+        ret = wc_HashUpdate(hash, hType, tmp, (seedSz + 4));
+        if (ret == 0) {
+            ret = wc_HashFinal(hash, hType, tmp);
+        }
+#else
+        ret = wc_Hash(hType, tmp, (seedSz + 4), tmp, tmpSz);
+#endif
+        if (ret != 0) {
             /* check for if dynamic memory was needed, then free */
             if (tmpF) {
                 XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);
@@ -881,6 +912,10 @@ static int RsaMGF1(enum wc_HashType hType, byte* seed, word32 seedSz,
     if (tmpF) {
         XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);
     }
+#ifdef WOLFSSL_SMALL_STACK_CACHE
+    wc_HashFree(hash, hType);
+    XFREE(hash, heap, DYNAMIC_TYPE_DIGEST);
+#endif
 
     return 0;
 }