diff --git a/tests/unit.c b/tests/unit.c index 5d7325983..bebcc2a97 100644 --- a/tests/unit.c +++ b/tests/unit.c @@ -80,6 +80,7 @@ int unit_test(int argc, char** argv) goto exit; } +#ifndef NO_WOLFSSL_CIPHER_SUITE_TEST #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) #ifndef SINGLE_THREADED if ( (ret = SuiteTest(argc, argv)) != 0){ @@ -88,6 +89,7 @@ int unit_test(int argc, char** argv) } #endif #endif +#endif /* NO_WOLFSSL_CIPHER_SUITE_TEST */ SrpTest(); diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c index 53a8d6099..74254c518 100644 --- a/wolfcrypt/src/dsa.c +++ b/wolfcrypt/src/dsa.c @@ -665,22 +665,15 @@ int wc_DsaExportKeyRaw(DsaKey* dsa, byte* x, word32* xSz, byte* y, word32* ySz) int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, WC_RNG* rng) { #ifdef WOLFSSL_SMALL_STACK - mp_int *k = (mp_int *)XMALLOC(sizeof *k, - key->heap, DYNAMIC_TYPE_TMP_BUFFER); - mp_int *kInv = (mp_int *)XMALLOC(sizeof *kInv, - key->heap, DYNAMIC_TYPE_TMP_BUFFER); - mp_int *r = (mp_int *)XMALLOC(sizeof *r, - key->heap, DYNAMIC_TYPE_TMP_BUFFER); - mp_int *s = (mp_int *)XMALLOC(sizeof *s, - key->heap, DYNAMIC_TYPE_TMP_BUFFER); - mp_int *H = (mp_int *)XMALLOC(sizeof *H, - key->heap, DYNAMIC_TYPE_TMP_BUFFER); + mp_int *k = NULL; + mp_int *kInv = NULL; + mp_int *r = NULL; + mp_int *s = NULL; + mp_int *H = NULL; #ifndef WOLFSSL_MP_INVMOD_CONSTANT_TIME - mp_int *b = (mp_int *)XMALLOC(sizeof *b, - key->heap, DYNAMIC_TYPE_TMP_BUFFER); + mp_int *b = NULL; #endif - byte *buffer = (byte *)XMALLOC(DSA_HALF_SIZE, key->heap, - DYNAMIC_TYPE_TMP_BUFFER); + byte *buffer = NULL; #else mp_int k[1], kInv[1], r[1], s[1], H[1]; #ifndef WOLFSSL_MP_INVMOD_CONSTANT_TIME @@ -693,17 +686,24 @@ int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, WC_RNG* rng) byte* tmp; /* initial output pointer */ do { -#ifdef WOLFSSL_MP_INVMOD_CONSTANT_TIME - if (mp_init_multi(k, kInv, r, s, H, 0) != MP_OKAY) -#else - if (mp_init_multi(k, kInv, r, s, H, b) != MP_OKAY) -#endif - { - ret = MP_INIT_E; - break; - } + if (digest == NULL || out == NULL || key == NULL || rng == NULL) { + ret = BAD_FUNC_ARG; + break; + } #ifdef WOLFSSL_SMALL_STACK + k = (mp_int *)XMALLOC(sizeof *k, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + kInv = (mp_int *)XMALLOC(sizeof *kInv, key->heap, + DYNAMIC_TYPE_TMP_BUFFER); + r = (mp_int *)XMALLOC(sizeof *r, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + s = (mp_int *)XMALLOC(sizeof *s, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + H = (mp_int *)XMALLOC(sizeof *H, key->heap, DYNAMIC_TYPE_TMP_BUFFER); +#ifndef WOLFSSL_MP_INVMOD_CONSTANT_TIME + b = (mp_int *)XMALLOC(sizeof *b, key->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + buffer = (byte *)XMALLOC(DSA_HALF_SIZE, key->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if ((k == NULL) || (kInv == NULL) || (r == NULL) || @@ -718,10 +718,15 @@ int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, WC_RNG* rng) } #endif - if (digest == NULL || out == NULL || key == NULL || rng == NULL) { - ret = BAD_FUNC_ARG; - break; - } +#ifdef WOLFSSL_MP_INVMOD_CONSTANT_TIME + if (mp_init_multi(k, kInv, r, s, H, 0) != MP_OKAY) +#else + if (mp_init_multi(k, kInv, r, s, H, b) != MP_OKAY) +#endif + { + ret = MP_INIT_E; + break; + } sz = min(DSA_HALF_SIZE, mp_unsigned_bin_size(&key->q)); tmp = out; @@ -979,35 +984,31 @@ int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, WC_RNG* rng) int wc_DsaVerify(const byte* digest, const byte* sig, DsaKey* key, int* answer) { #ifdef WOLFSSL_SMALL_STACK - mp_int *w = (mp_int *)XMALLOC(sizeof *w, - key->heap, DYNAMIC_TYPE_TMP_BUFFER); - mp_int *u1 = (mp_int *)XMALLOC(sizeof *u1, - key->heap, DYNAMIC_TYPE_TMP_BUFFER); - mp_int *u2 = (mp_int *)XMALLOC(sizeof *u2, - key->heap, DYNAMIC_TYPE_TMP_BUFFER); - mp_int *v = (mp_int *)XMALLOC(sizeof *v, - key->heap, DYNAMIC_TYPE_TMP_BUFFER); - mp_int *r = (mp_int *)XMALLOC(sizeof *r, - key->heap, DYNAMIC_TYPE_TMP_BUFFER); - mp_int *s = (mp_int *)XMALLOC(sizeof *s, - key->heap, DYNAMIC_TYPE_TMP_BUFFER); + mp_int *w = NULL; + mp_int *u1 = NULL; + mp_int *u2 = NULL; + mp_int *v = NULL; + mp_int *r = NULL; + mp_int *s = NULL; #else mp_int w[1], u1[1], u2[1], v[1], r[1], s[1]; #endif int ret = 0; do { - if (mp_init_multi(w, u1, u2, v, r, s) != MP_OKAY) { - ret = MP_INIT_E; - break; - } - if (digest == NULL || sig == NULL || key == NULL || answer == NULL) { ret = BAD_FUNC_ARG; break; } #ifdef WOLFSSL_SMALL_STACK + w = (mp_int *)XMALLOC(sizeof *w, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + u1 = (mp_int *)XMALLOC(sizeof *u1, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + u2 = (mp_int *)XMALLOC(sizeof *u2, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + v = (mp_int *)XMALLOC(sizeof *v, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + r = (mp_int *)XMALLOC(sizeof *r, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + s = (mp_int *)XMALLOC(sizeof *s, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if ((w == NULL) || (u1 == NULL) || (u2 == NULL) || @@ -1019,6 +1020,11 @@ int wc_DsaVerify(const byte* digest, const byte* sig, DsaKey* key, int* answer) } #endif + if (mp_init_multi(w, u1, u2, v, r, s) != MP_OKAY) { + ret = MP_INIT_E; + break; + } + /* set r and s from signature */ if (mp_read_unsigned_bin(r, sig, DSA_HALF_SIZE) != MP_OKAY || mp_read_unsigned_bin(s, sig + DSA_HALF_SIZE, DSA_HALF_SIZE) != MP_OKAY) { diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 8cc68b005..13c528217 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -4377,7 +4377,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if ((ctx->cipherType == AES_128_GCM_TYPE) || (ctx->cipherType == AES_192_GCM_TYPE) || (ctx->cipherType == AES_256_GCM_TYPE)) { - wc_AesFree(&ctx->cipher.aes); + wc_AesFree(&ctx->cipher.aes); } #endif /* HAVE_AESGCM && WOLFSSL_AESGCM_STREAM */ #endif /* not FIPS or new FIPS */ diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 0362e531b..d45e21024 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -4098,11 +4098,11 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) { #ifndef WC_NO_RNG #ifdef WOLFSSL_SMALL_STACK - mp_int *p = (mp_int *)XMALLOC(sizeof *p, key->heap, DYNAMIC_TYPE_RSA); - mp_int *q = (mp_int *)XMALLOC(sizeof *q, key->heap, DYNAMIC_TYPE_RSA); - mp_int *tmp1 = (mp_int *)XMALLOC(sizeof *tmp1, key->heap, DYNAMIC_TYPE_RSA); - mp_int *tmp2 = (mp_int *)XMALLOC(sizeof *tmp2, key->heap, DYNAMIC_TYPE_RSA); - mp_int *tmp3 = (mp_int *)XMALLOC(sizeof *tmp3, key->heap, DYNAMIC_TYPE_RSA); + mp_int *p = NULL; + mp_int *q = NULL; + mp_int *tmp1 = NULL; + mp_int *tmp2 = NULL; + mp_int *tmp3 = NULL; #else mp_int p_buf, *p = &p_buf; mp_int q_buf, *q = &q_buf; @@ -4113,7 +4113,18 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) int err, i, failCount, primeSz, isPrime = 0; byte* buf = NULL; + if (key == NULL || rng == NULL) { + err = BAD_FUNC_ARG; + goto out; + } + #ifdef WOLFSSL_SMALL_STACK + p = (mp_int *)XMALLOC(sizeof *p, key->heap, DYNAMIC_TYPE_RSA); + q = (mp_int *)XMALLOC(sizeof *q, key->heap, DYNAMIC_TYPE_RSA); + tmp1 = (mp_int *)XMALLOC(sizeof *tmp1, key->heap, DYNAMIC_TYPE_RSA); + tmp2 = (mp_int *)XMALLOC(sizeof *tmp2, key->heap, DYNAMIC_TYPE_RSA); + tmp3 = (mp_int *)XMALLOC(sizeof *tmp3, key->heap, DYNAMIC_TYPE_RSA); + if ((p == NULL) || (q == NULL) || (tmp1 == NULL) || @@ -4124,11 +4135,6 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) } #endif - if (key == NULL || rng == NULL) { - err = BAD_FUNC_ARG; - goto out; - } - if (!RsaSizeCheck(size)) { err = BAD_FUNC_ARG; goto out; diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index f8d98fb14..d772496b0 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -956,25 +956,26 @@ void wc_Sha512Free(wc_Sha512* sha512) /* @return 0 on successful, otherwise non-zero on failure */ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data) { - int ret ; + int ret; /* back up buffer */ - #if defined(WOLFSSL_SMALL_STACK) - word64* buffer; - buffer = (word64*) XMALLOC(sizeof(word64) * 16, sha->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (buffer == NULL) - return MEMORY_E; - #else +#ifdef WOLFSSL_SMALL_STACK + word64 *buffer; +#else word64 buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64)]; - #endif - +#endif + /* sanity check */ if (sha == NULL || data == NULL) { - #if defined(WOLFSSL_SMALL_STACK) - XFREE(buffer, sha->heap, DYNAMIC_TYPE_TMP_BUFFER); - #endif return BAD_FUNC_ARG; } + +#ifdef WOLFSSL_SMALL_STACK + buffer = (word64 *)XMALLOC(sizeof(word64) * 16, sha->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (buffer == NULL) + return MEMORY_E; +#endif + #if defined(USE_INTEL_SPEEDUP) && \ (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) Sha512_SetTransform(); @@ -997,9 +998,9 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data) ret = Transform_Sha512(sha); XMEMCPY(sha->buffer, buffer, WC_SHA512_BLOCK_SIZE); - #if defined(WOLFSSL_SMALL_STACK) +#ifdef WOLFSSL_SMALL_STACK XFREE(buffer, sha->heap, DYNAMIC_TYPE_TMP_BUFFER); - #endif +#endif return ret; } #endif /* OPENSSL_EXTRA */ diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index cb3c575e2..b30f415bf 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -634,12 +634,12 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, byte* serverPubKey, word32 serverPubKeySz) { #ifdef WOLFSSL_SMALL_STACK - SrpHash *hash = (SrpHash *)XMALLOC(sizeof *hash, srp->heap, DYNAMIC_TYPE_SRP); - byte *digest = (byte *)XMALLOC(SRP_MAX_DIGEST_SIZE, srp->heap, DYNAMIC_TYPE_SRP); - mp_int *u = (mp_int *)XMALLOC(sizeof *u, srp->heap, DYNAMIC_TYPE_SRP); - mp_int *s = (mp_int *)XMALLOC(sizeof *s, srp->heap, DYNAMIC_TYPE_SRP); - mp_int *temp1 = (mp_int *)XMALLOC(sizeof *temp1, srp->heap, DYNAMIC_TYPE_SRP); - mp_int *temp2 = (mp_int *)XMALLOC(sizeof *temp2, srp->heap, DYNAMIC_TYPE_SRP); + SrpHash *hash = NULL; + byte *digest = NULL; + mp_int *u = NULL; + mp_int *s = NULL; + mp_int *temp1 = NULL; + mp_int *temp2 = NULL; #else SrpHash hash[1]; byte digest[SRP_MAX_DIGEST_SIZE]; @@ -652,11 +652,6 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, /* validating params */ - if ((mp_init_multi(u, s, temp1, temp2, 0, 0)) != MP_OKAY) { - r = MP_INIT_E; - goto out; - } - if (!srp || !clientPubKey || clientPubKeySz == 0 || !serverPubKey || serverPubKeySz == 0) { r = BAD_FUNC_ARG; @@ -664,6 +659,13 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, } #ifdef WOLFSSL_SMALL_STACK + hash = (SrpHash *)XMALLOC(sizeof *hash, srp->heap, DYNAMIC_TYPE_SRP); + digest = (byte *)XMALLOC(SRP_MAX_DIGEST_SIZE, srp->heap, DYNAMIC_TYPE_SRP); + u = (mp_int *)XMALLOC(sizeof *u, srp->heap, DYNAMIC_TYPE_SRP); + s = (mp_int *)XMALLOC(sizeof *s, srp->heap, DYNAMIC_TYPE_SRP); + temp1 = (mp_int *)XMALLOC(sizeof *temp1, srp->heap, DYNAMIC_TYPE_SRP); + temp2 = (mp_int *)XMALLOC(sizeof *temp2, srp->heap, DYNAMIC_TYPE_SRP); + if ((hash == NULL) || (digest == NULL) || (u == NULL) || @@ -675,6 +677,11 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, } #endif + if ((mp_init_multi(u, s, temp1, temp2, 0, 0)) != MP_OKAY) { + r = MP_INIT_E; + goto out; + } + if (mp_iszero(&srp->priv) == MP_YES) { r = SRP_CALL_ORDER_E; goto out;