forked from wolfSSL/wolfssl
chacha20_poly1305.c: add _SMALL_STACK code in wc_XChaCha20Poly1305_crypt_oneshot().
This commit is contained in:
Daniel Pouzzner
@@ -352,7 +352,6 @@ static WC_INLINE int wc_XChaCha20Poly1305_crypt_oneshot(
|
|||||||
const byte *key, const size_t key_len,
|
const byte *key, const size_t key_len,
|
||||||
int isEncrypt)
|
int isEncrypt)
|
||||||
{
|
{
|
||||||
ChaChaPoly_Aead aead;
|
|
||||||
int ret;
|
int ret;
|
||||||
ssize_t dst_len = isEncrypt ?
|
ssize_t dst_len = isEncrypt ?
|
||||||
(ssize_t)src_len + POLY1305_DIGEST_SIZE :
|
(ssize_t)src_len + POLY1305_DIGEST_SIZE :
|
||||||
@@ -360,14 +359,26 @@ static WC_INLINE int wc_XChaCha20Poly1305_crypt_oneshot(
|
|||||||
const byte *src_i;
|
const byte *src_i;
|
||||||
byte *dst_i;
|
byte *dst_i;
|
||||||
size_t src_len_rem;
|
size_t src_len_rem;
|
||||||
|
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
|
||||||
|
ChaChaPoly_Aead *aead = XMALLOC(sizeof *aead, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
|
||||||
if ((dst == NULL) || (src == NULL))
|
if (aead == NULL)
|
||||||
return BAD_FUNC_ARG;
|
return MEMORY_E;
|
||||||
|
#else
|
||||||
|
ChaChaPoly_Aead aead_buf, *aead = &aead_buf;
|
||||||
|
#endif
|
||||||
|
|
||||||
if ((ssize_t)dst_space < dst_len)
|
if ((dst == NULL) || (src == NULL)) {
|
||||||
return BUFFER_E;
|
ret = BAD_FUNC_ARG;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
if ((ret = wc_XChaCha20Poly1305_Init(&aead, ad, (word32)ad_len,
|
if ((ssize_t)dst_space < dst_len) {
|
||||||
|
ret = BUFFER_E;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((ret = wc_XChaCha20Poly1305_Init(aead, ad, (word32)ad_len,
|
||||||
nonce, (word32)nonce_len,
|
nonce, (word32)nonce_len,
|
||||||
key, (word32)key_len, 1)) < 0)
|
key, (word32)key_len, 1)) < 0)
|
||||||
goto out;
|
goto out;
|
||||||
@@ -375,18 +386,19 @@ static WC_INLINE int wc_XChaCha20Poly1305_crypt_oneshot(
|
|||||||
/* process the input in 16k pieces to accommodate src_lens that don't fit in a word32,
|
/* process the input in 16k pieces to accommodate src_lens that don't fit in a word32,
|
||||||
* and to exploit hot cache for the input data.
|
* and to exploit hot cache for the input data.
|
||||||
*/
|
*/
|
||||||
for (src_i = src, src_len_rem = isEncrypt ? src_len : (size_t)dst_len, dst_i = dst;
|
src_i = src;
|
||||||
src_len_rem > 0;
|
src_len_rem = isEncrypt ? src_len : (size_t)dst_len;
|
||||||
) {
|
dst_i = dst;
|
||||||
|
while (src_len_rem > 0) {
|
||||||
word32 this_src_len =
|
word32 this_src_len =
|
||||||
(src_len_rem > 16384) ?
|
(src_len_rem > 16384) ?
|
||||||
16384 :
|
16384 :
|
||||||
(word32)src_len_rem;
|
(word32)src_len_rem;
|
||||||
|
|
||||||
if ((ret = wc_Chacha_Process(&aead.chacha, dst_i, src_i, this_src_len)) < 0)
|
if ((ret = wc_Chacha_Process(&aead->chacha, dst_i, src_i, this_src_len)) < 0)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
if ((ret = wc_Poly1305Update(&aead.poly, isEncrypt ? dst_i : src_i, this_src_len)) < 0)
|
if ((ret = wc_Poly1305Update(&aead->poly, isEncrypt ? dst_i : src_i, this_src_len)) < 0)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
src_len_rem -= (size_t)this_src_len;
|
src_len_rem -= (size_t)this_src_len;
|
||||||
@@ -394,25 +406,25 @@ static WC_INLINE int wc_XChaCha20Poly1305_crypt_oneshot(
|
|||||||
dst_i += this_src_len;
|
dst_i += this_src_len;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (aead.poly.leftover) {
|
if (aead->poly.leftover) {
|
||||||
if ((ret = wc_Poly1305_Pad(&aead.poly, (word32)aead.poly.leftover)) < 0)
|
if ((ret = wc_Poly1305_Pad(&aead->poly, (word32)aead->poly.leftover)) < 0)
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef WORD64_AVAILABLE
|
#ifdef WORD64_AVAILABLE
|
||||||
ret = wc_Poly1305_EncodeSizes64(&aead.poly, ad_len, isEncrypt ? src_len : (size_t)dst_len);
|
ret = wc_Poly1305_EncodeSizes64(&aead->poly, ad_len, isEncrypt ? src_len : (size_t)dst_len);
|
||||||
#else
|
#else
|
||||||
ret = wc_Poly1305_EncodeSizes(&aead.poly, ad_len, isEncrypt ? src_len : (size_t)dst_len);
|
ret = wc_Poly1305_EncodeSizes(&aead->poly, ad_len, isEncrypt ? src_len : (size_t)dst_len);
|
||||||
#endif
|
#endif
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
if (isEncrypt)
|
if (isEncrypt)
|
||||||
ret = wc_Poly1305Final(&aead.poly, dst + src_len);
|
ret = wc_Poly1305Final(&aead->poly, dst + src_len);
|
||||||
else {
|
else {
|
||||||
byte outAuthTag[POLY1305_DIGEST_SIZE];
|
byte outAuthTag[POLY1305_DIGEST_SIZE];
|
||||||
|
|
||||||
if ((ret = wc_Poly1305Final(&aead.poly, outAuthTag)) < 0)
|
if ((ret = wc_Poly1305Final(&aead->poly, outAuthTag)) < 0)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
if (ConstantCompare(outAuthTag, src + dst_len, POLY1305_DIGEST_SIZE) != 0) {
|
if (ConstantCompare(outAuthTag, src + dst_len, POLY1305_DIGEST_SIZE) != 0) {
|
||||||
@@ -423,7 +435,10 @@ static WC_INLINE int wc_XChaCha20Poly1305_crypt_oneshot(
|
|||||||
|
|
||||||
out:
|
out:
|
||||||
|
|
||||||
XMEMSET(&aead, 0, sizeof aead);
|
XMEMSET(aead, 0, sizeof *aead);
|
||||||
|
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
|
||||||
|
XFREE(aead, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
#endif
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user