wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 19:54:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes for small stack in TLS v1.3, HKDF and SHA2. Add new WC_ASN_HASH_SHA256 build option to allow forcing SHA2-256 for the internal certificate calculations. Fixes for integer.c with small stack (allocate only the size needed, not the max).

Browse Source
This commit is contained in:
David Garske
2022-10-03 12:52:11 -07:00
parent f9506dc05a
commit 09f4a94b24
10 changed files with 233 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
src/tls13.c
View File

@@ -1106,7 +1106,11 @@ int DeriveResumptionPSK(WOLFSSL* ssl, byte* nonce, byte nonceLen, byte* secret)
static int BuildTls13HandshakeHmac(WOLFSSL* ssl, byte* key, byte* hash, static int BuildTls13HandshakeHmac(WOLFSSL* ssl, byte* key, byte* hash,
word32* pHashSz) word32* pHashSz)
{ {
Hmac verifyHmac; #ifdef WOLFSSL_SMALL_STACK
Hmac* verifyHmac;
#else
Hmac verifyHmac[1];
#endif
int hashType = WC_SHA256; int hashType = WC_SHA256;
int hashSz = WC_SHA256_DIGEST_SIZE; int hashSz = WC_SHA256_DIGEST_SIZE;
int ret = BAD_FUNC_ARG; int ret = BAD_FUNC_ARG;
@@ -1151,16 +1155,27 @@ static int BuildTls13HandshakeHmac(WOLFSSL* ssl, byte* key, byte* hash,
WOLFSSL_BUFFER(hash, hashSz); WOLFSSL_BUFFER(hash, hashSz);
#endif #endif
/* Calculate the verify data. */ #ifdef WOLFSSL_SMALL_STACK
ret = wc_HmacInit(&verifyHmac, ssl->heap, ssl->devId); verifyHmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_HMAC);
if (ret == 0) { if (verifyHmac == NULL) {
ret = wc_HmacSetKey(&verifyHmac, hashType, key, ssl->specs.hash_size); return MEMORY_E;
if (ret == 0)
ret = wc_HmacUpdate(&verifyHmac, hash, hashSz);
if (ret == 0)
ret = wc_HmacFinal(&verifyHmac, hash);
wc_HmacFree(&verifyHmac);
} }
#endif
/* Calculate the verify data. */
ret = wc_HmacInit(verifyHmac, ssl->heap, ssl->devId);
if (ret == 0) {
ret = wc_HmacSetKey(verifyHmac, hashType, key, ssl->specs.hash_size);
if (ret == 0)
ret = wc_HmacUpdate(verifyHmac, hash, hashSz);
if (ret == 0)
ret = wc_HmacFinal(verifyHmac, hash);
wc_HmacFree(verifyHmac);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(verifyHmac, NULL, DYNAMIC_TYPE_HMAC);
#endif
#ifdef WOLFSSL_DEBUG_TLS #ifdef WOLFSSL_DEBUG_TLS
WOLFSSL_MSG(" Hash"); WOLFSSL_MSG(" Hash");

10
wolfcrypt/src/asn.c
View File

@@ -87,6 +87,7 @@ ASN Options:
* WOLFSSL_CERT_NAME_ALL: Adds more certificate name capability at the * WOLFSSL_CERT_NAME_ALL: Adds more certificate name capability at the
cost of taking up more memory. Adds initials, givenname, dnQualifer for cost of taking up more memory. Adds initials, givenname, dnQualifer for
example. example.
* WC_ASN_HASH_SHA256: Force use of SHA2-256 for the internal hash ID calcs.
*/ */
#ifndef NO_ASN #ifndef NO_ASN
@@ -12014,7 +12015,7 @@ int CalcHashId(const byte* data, word32 len, byte* hash)
{ {
int ret; int ret;
#if defined(NO_SHA) && !defined(NO_SHA256) #if defined(NO_SHA) || (!defined(NO_SHA256) && defined(WC_ASN_HASH_SHA256))
ret = wc_Sha256Hash(data, len, hash); ret = wc_Sha256Hash(data, len, hash);
#elif !defined(NO_SHA) #elif !defined(NO_SHA)
ret = wc_ShaHash(data, len, hash); ret = wc_ShaHash(data, len, hash);
@@ -23530,7 +23531,7 @@ int wc_PemToDer(const unsigned char* buff, long longSz, int type,
return ret; return ret;
} }
#ifdef WOLFSSL_ENCRYPTED_KEYS
/* our KeyPemToDer password callback, password in userData */ /* our KeyPemToDer password callback, password in userData */
static int KeyPemToDerPassCb(char* passwd, int sz, int rw, void* userdata) static int KeyPemToDerPassCb(char* passwd, int sz, int rw, void* userdata)
{ {
@@ -23542,6 +23543,7 @@ static int KeyPemToDerPassCb(char* passwd, int sz, int rw, void* userdata)
XSTRNCPY(passwd, (char*)userdata, sz); XSTRNCPY(passwd, (char*)userdata, sz);
return min((word32)sz, (word32)XSTRLEN((char*)userdata)); return min((word32)sz, (word32)XSTRLEN((char*)userdata));
} }
#endif
/* Return bytes written to buff or < 0 for error */ /* Return bytes written to buff or < 0 for error */
int wc_KeyPemToDer(const unsigned char* pem, int pemSz, int wc_KeyPemToDer(const unsigned char* pem, int pemSz,
@@ -23570,8 +23572,12 @@ int wc_KeyPemToDer(const unsigned char* pem, int pemSz,
#endif #endif
XMEMSET(info, 0, sizeof(EncryptedInfo)); XMEMSET(info, 0, sizeof(EncryptedInfo));
#ifdef WOLFSSL_ENCRYPTED_KEYS
info->passwd_cb = KeyPemToDerPassCb; info->passwd_cb = KeyPemToDerPassCb;
info->passwd_userdata = (void*)pass; info->passwd_userdata = (void*)pass;
#else
(void)pass;
#endif
ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, info, NULL); ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, info, NULL);

71
wolfcrypt/src/hmac.c
View File

@@ -1184,14 +1184,26 @@ int wolfSSL_GetHmacMaxSize(void)
const byte* inKey, word32 inKeySz, byte* out) const byte* inKey, word32 inKeySz, byte* out)
{ {
byte tmp[WC_MAX_DIGEST_SIZE]; /* localSalt helper */ byte tmp[WC_MAX_DIGEST_SIZE]; /* localSalt helper */
Hmac myHmac; #ifdef WOLFSSL_SMALL_STACK
Hmac* myHmac;
#else
Hmac myHmac[1];
#endif
int ret; int ret;
const byte* localSalt; /* either points to user input or tmp */ const byte* localSalt; /* either points to user input or tmp */
int hashSz; int hashSz;
ret = wc_HmacSizeByType(type); ret = wc_HmacSizeByType(type);
if (ret < 0) if (ret < 0) {
return ret; return ret;
}
#ifdef WOLFSSL_SMALL_STACK
myHmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_HMAC);
if (myHmac == NULL) {
return MEMORY_E;
}
#endif
hashSz = ret; hashSz = ret;
localSalt = salt; localSalt = salt;
@@ -1201,15 +1213,18 @@ int wolfSSL_GetHmacMaxSize(void)
saltSz = hashSz; saltSz = hashSz;
} }
ret = wc_HmacInit(&myHmac, NULL, INVALID_DEVID); ret = wc_HmacInit(myHmac, NULL, INVALID_DEVID);
if (ret == 0) { if (ret == 0) {
ret = wc_HmacSetKey(&myHmac, type, localSalt, saltSz); ret = wc_HmacSetKey(myHmac, type, localSalt, saltSz);
if (ret == 0) if (ret == 0)
ret = wc_HmacUpdate(&myHmac, inKey, inKeySz); ret = wc_HmacUpdate(myHmac, inKey, inKeySz);
if (ret == 0) if (ret == 0)
ret = wc_HmacFinal(&myHmac, out); ret = wc_HmacFinal(myHmac, out);
wc_HmacFree(&myHmac); wc_HmacFree(myHmac);
} }
#ifdef WOLFSSL_SMALL_STACK
XFREE(myHmac, NULL, DYNAMIC_TYPE_HMAC);
#endif
return ret; return ret;
} }
@@ -1229,40 +1244,55 @@ int wolfSSL_GetHmacMaxSize(void)
const byte* info, word32 infoSz, byte* out, word32 outSz) const byte* info, word32 infoSz, byte* out, word32 outSz)
{ {
byte tmp[WC_MAX_DIGEST_SIZE]; byte tmp[WC_MAX_DIGEST_SIZE];
Hmac myHmac; #ifdef WOLFSSL_SMALL_STACK
Hmac* myHmac;
#else
Hmac myHmac[1];
#endif
int ret = 0; int ret = 0;
word32 outIdx = 0; word32 outIdx = 0;
word32 hashSz = wc_HmacSizeByType(type); word32 hashSz = wc_HmacSizeByType(type);
byte n = 0x1; byte n = 0x1;
/* RFC 5869 states that the length of output keying material in /* RFC 5869 states that the length of output keying material in
octets must be L <= 255*HashLen or N = ceil(L/HashLen) */ * octets must be L <= 255*HashLen or N = ceil(L/HashLen) */
if (out == NULL || ((outSz/hashSz) + ((outSz % hashSz) != 0)) > 255) if (out == NULL || ((outSz/hashSz) + ((outSz % hashSz) != 0)) > 255) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
}
ret = wc_HmacInit(&myHmac, NULL, INVALID_DEVID); #ifdef WOLFSSL_SMALL_STACK
if (ret != 0) myHmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_HMAC);
if (myHmac == NULL) {
return MEMORY_E;
}
#endif
ret = wc_HmacInit(myHmac, NULL, INVALID_DEVID);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(myHmac, NULL, DYNAMIC_TYPE_HMAC);
#endif
return ret; return ret;
}
while (outIdx < outSz) { while (outIdx < outSz) {
int tmpSz = (n == 1) ? 0 : hashSz; int tmpSz = (n == 1) ? 0 : hashSz;
word32 left = outSz - outIdx; word32 left = outSz - outIdx;
ret = wc_HmacSetKey(&myHmac, type, inKey, inKeySz); ret = wc_HmacSetKey(myHmac, type, inKey, inKeySz);
if (ret != 0) if (ret != 0)
break; break;
ret = wc_HmacUpdate(&myHmac, tmp, tmpSz); ret = wc_HmacUpdate(myHmac, tmp, tmpSz);
if (ret != 0) if (ret != 0)
break; break;
ret = wc_HmacUpdate(&myHmac, info, infoSz); ret = wc_HmacUpdate(myHmac, info, infoSz);
if (ret != 0) if (ret != 0)
break; break;
ret = wc_HmacUpdate(&myHmac, &n, 1); ret = wc_HmacUpdate(myHmac, &n, 1);
if (ret != 0) if (ret != 0)
break; break;
ret = wc_HmacFinal(&myHmac, tmp); ret = wc_HmacFinal(myHmac, tmp);
if (ret != 0) if (ret != 0)
break; break;
@@ -1273,7 +1303,10 @@ int wolfSSL_GetHmacMaxSize(void)
n++; n++;
} }
wc_HmacFree(&myHmac); wc_HmacFree(myHmac);
#ifdef WOLFSSL_SMALL_STACK
XFREE(myHmac, NULL, DYNAMIC_TYPE_HMAC);
#endif
return ret; return ret;
} }

26
wolfcrypt/src/integer.c
View File

@@ -2306,11 +2306,7 @@ int mp_exptmod_base_2(mp_int * X, mp_int * P, mp_int * Y)
{ {
mp_digit buf, mp; mp_digit buf, mp;
int err = MP_OKAY, bitbuf, bitcpy, bitcnt, digidx, x, y; int err = MP_OKAY, bitbuf, bitcpy, bitcnt, digidx, x, y;
#ifdef WOLFSSL_SMALL_STACK
mp_int *res = NULL;
#else
mp_int res[1]; mp_int res[1];
#endif
int (*redux)(mp_int*,mp_int*,mp_digit) = NULL; int (*redux)(mp_int*,mp_int*,mp_digit) = NULL;
/* automatically pick the comba one if available (saves quite a few /* automatically pick the comba one if available (saves quite a few
@@ -2332,13 +2328,6 @@ int mp_exptmod_base_2(mp_int * X, mp_int * P, mp_int * Y)
return MP_VAL; return MP_VAL;
} }
#ifdef WOLFSSL_SMALL_STACK
res = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (res == NULL) {
return MP_MEM;
}
#endif
/* now setup montgomery */ /* now setup montgomery */
if ((err = mp_montgomery_setup(P, &mp)) != MP_OKAY) { if ((err = mp_montgomery_setup(P, &mp)) != MP_OKAY) {
goto LBL_M; goto LBL_M;
@@ -2449,9 +2438,6 @@ int mp_exptmod_base_2(mp_int * X, mp_int * P, mp_int * Y)
LBL_RES:mp_clear (res); LBL_RES:mp_clear (res);
LBL_M: LBL_M:
#ifdef WOLFSSL_SMALL_STACK
XFREE(res, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return err; return err;
} }
@@ -2526,12 +2512,13 @@ int fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho)
} }
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
W = (mp_word*)XMALLOC(sizeof(mp_word) * MP_WARRAY, NULL, DYNAMIC_TYPE_BIGINT); W = (mp_word*)XMALLOC(sizeof(mp_word) * (n->used * 2 + 1), NULL,
DYNAMIC_TYPE_BIGINT);
if (W == NULL) if (W == NULL)
return MP_MEM; return MP_MEM;
#endif #endif
XMEMSET(W, 0, (n->used * 2 + 1) * sizeof(mp_word)); XMEMSET(W, 0, sizeof(mp_word) * (n->used * 2 + 1));
/* first we have to get the digits of the input into /* first we have to get the digits of the input into
* an array of double precision words W[...] * an array of double precision words W[...]
@@ -3349,7 +3336,7 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b)
return MP_RANGE; /* TAO range check */ return MP_RANGE; /* TAO range check */
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, NULL, DYNAMIC_TYPE_BIGINT); W = (mp_digit*)XMALLOC(sizeof(mp_digit) * pa, NULL, DYNAMIC_TYPE_BIGINT);
if (W == NULL) if (W == NULL)
return MP_MEM; return MP_MEM;
#endif #endif
@@ -3468,7 +3455,7 @@ int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
return MP_RANGE; /* TAO range check */ return MP_RANGE; /* TAO range check */
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, NULL, DYNAMIC_TYPE_BIGINT); W = (mp_digit*)XMALLOC(sizeof(mp_digit) * pa, NULL, DYNAMIC_TYPE_BIGINT);
if (W == NULL) if (W == NULL)
return MP_MEM; return MP_MEM;
#endif #endif
@@ -4203,13 +4190,12 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
return MP_RANGE; /* TAO range check */ return MP_RANGE; /* TAO range check */
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, NULL, DYNAMIC_TYPE_BIGINT); W = (mp_digit*)XMALLOC(sizeof(mp_digit) * pa, NULL, DYNAMIC_TYPE_BIGINT);
if (W == NULL) if (W == NULL)
return MP_MEM; return MP_MEM;
#endif #endif
/* number of output digits to produce */ /* number of output digits to produce */
pa = a->used + b->used;
_W = 0; _W = 0;
for (ix = digs; ix < pa; ix++) { /* JRB, have a->dp check at top of function*/ for (ix = digs; ix < pa; ix++) { /* JRB, have a->dp check at top of function*/
int tx, ty, iy; int tx, ty, iy;

17
wolfcrypt/src/kdf.c
View File

@@ -435,13 +435,25 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
{ {
int ret = 0; int ret = 0;
int idx = 0; int idx = 0;
#ifdef WOLFSSL_SMALL_STACK
byte* data;
#else
byte data[MAX_TLS13_HKDF_LABEL_SZ]; byte data[MAX_TLS13_HKDF_LABEL_SZ];
#endif
/* okmLen (2) + protocol|label len (1) + info len(1) + protocollen + /* okmLen (2) + protocol|label len (1) + info len(1) + protocollen +
* labellen + infolen */ * labellen + infolen */
idx = 4 + protocolLen + labelLen + infoLen; idx = 4 + protocolLen + labelLen + infoLen;
if (idx > MAX_TLS13_HKDF_LABEL_SZ) if (idx > MAX_TLS13_HKDF_LABEL_SZ) {
return BUFFER_E; return BUFFER_E;
}
#ifdef WOLFSSL_SMALL_STACK
data = (byte*)XMALLOC(idx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (data == NULL) {
return MEMORY_E;
}
#endif
idx = 0; idx = 0;
/* Output length. */ /* Output length. */
@@ -484,6 +496,9 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
#ifdef WOLFSSL_CHECK_MEM_ZERO #ifdef WOLFSSL_CHECK_MEM_ZERO
wc_MemZero_Check(data, MAX_TLS13_HKDF_LABEL_SZ); wc_MemZero_Check(data, MAX_TLS13_HKDF_LABEL_SZ);
#endif
#ifdef WOLFSSL_SMALL_STACK
XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
return ret; return ret;
} }

75
wolfcrypt/src/sha256.c
View File

@@ -1793,19 +1793,36 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
int wc_Sha224GetHash(wc_Sha224* sha224, byte* hash) int wc_Sha224GetHash(wc_Sha224* sha224, byte* hash)
{ {
int ret; int ret;
wc_Sha224 tmpSha224; #ifdef WOLFSSL_SMALL_STACK
wc_Sha224* tmpSha224;
#else
wc_Sha224 tmpSha224[1];
#endif
wc_InitSha224(&tmpSha224); if (sha224 == NULL || hash == NULL) {
if (sha224 == NULL || hash == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
ret = wc_Sha224Copy(sha224, &tmpSha224);
if (ret == 0) {
ret = wc_Sha224Final(&tmpSha224, hash);
wc_Sha224Free(&tmpSha224);
} }
#ifdef WOLFSSL_SMALL_STACK
tmpSha224 = (wc_Sha224*)XMALLOC(sizeof(wc_Sha224), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (tmpSha224 == NULL) {
return MEMORY_E;
}
#endif
ret = wc_Sha224Copy(sha224, tmpSha224);
if (ret == 0) {
ret = wc_Sha224Final(tmpSha224, hash);
wc_Sha224Free(tmpSha224);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmpSha224, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret; return ret;
} }
int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst) int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst)
{ {
int ret = 0; int ret = 0;
@@ -1894,44 +1911,54 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash) int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash)
{ {
int ret; int ret;
wc_Sha256 tmpSha256; #ifdef WOLFSSL_SMALL_STACK
wc_Sha256* tmpSha256;
#else
wc_Sha256 tmpSha256[1];
#endif
if (sha256 == NULL || hash == NULL) if (sha256 == NULL || hash == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_SMALL_STACK
tmpSha256 = (wc_Sha256*)XMALLOC(sizeof(wc_Sha256), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (tmpSha256 == NULL) {
return MEMORY_E;
}
#endif
#if defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW) #if defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW)
/* ESP32 hardware can only handle only 1 active hardware hashing /* ESP32 hardware can only handle only 1 active hardware hashing
* at a time. If the mutex lock is acquired the first time then * at a time. If the mutex lock is acquired the first time then
* that Sha256 instance has exclusive access to hardware. The * that Sha256 instance has exclusive access to hardware. The
* final or free needs to release the mutex. Operations that * final or free needs to release the mutex. Operations that
* do not get the lock fallback to software based Sha256 */ * do not get the lock fallback to software based Sha256 */
if(sha256->ctx.mode == ESP32_SHA_INIT){ if (sha256->ctx.mode == ESP32_SHA_INIT) {
esp_sha_try_hw_lock(&sha256->ctx); esp_sha_try_hw_lock(&sha256->ctx);
} }
if(sha256->ctx.mode == ESP32_SHA_HW) if (sha256->ctx.mode == ESP32_SHA_HW) {
{
esp_sha256_digest_process(sha256, 0); esp_sha256_digest_process(sha256, 0);
} }
#endif #endif
ret = wc_Sha256Copy(sha256, &tmpSha256);
ret = wc_Sha256Copy(sha256, tmpSha256);
if (ret == 0) { if (ret == 0) {
ret = wc_Sha256Final(&tmpSha256, hash); ret = wc_Sha256Final(tmpSha256, hash);
#if defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW) #if defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW)
{
sha256->ctx.mode = ESP32_SHA_SW; sha256->ctx.mode = ESP32_SHA_SW;
} #endif
#endif
wc_Sha256Free(&tmpSha256); wc_Sha256Free(tmpSha256);
} }
#if defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW) #ifdef WOLFSSL_SMALL_STACK
/* TODO: Make sure the ESP32 crypto mutex is released (in case final is not XFREE(tmpSha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
* called */
#endif #endif
return ret; return ret;
} }
int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst) int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)

94
wolfcrypt/src/sha512.c
View File

@@ -1502,29 +1502,49 @@ static int Sha512_Family_GetHash(wc_Sha512* sha512, byte* hash,
int (*finalfp)(wc_Sha512*, byte*)) int (*finalfp)(wc_Sha512*, byte*))
{ {
int ret; int ret;
wc_Sha512 tmpSha512; #ifdef WOLFSSL_SMALL_STACK
wc_Sha512* tmpSha512;
if (sha512 == NULL || hash == NULL) #else
return BAD_FUNC_ARG; wc_Sha512 tmpSha512[1];
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
!defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
if(sha512->ctx.mode == ESP32_SHA_INIT) {
esp_sha_try_hw_lock(&sha512->ctx);
}
if(sha512->ctx.mode != ESP32_SHA_SW)
esp_sha512_digest_process(sha512, 0);
#endif #endif
ret = wc_Sha512Copy(sha512, &tmpSha512); if (sha512 == NULL || hash == NULL) {
return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_SMALL_STACK
tmpSha512 = (wc_Sha512*)XMALLOC(sizeof(wc_Sha512), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (tmpSha512 == NULL) {
return MEMORY_E;
}
#endif
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
!defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
if (sha512->ctx.mode == ESP32_SHA_INIT) {
esp_sha_try_hw_lock(&sha512->ctx);
}
if (sha512->ctx.mode != ESP32_SHA_SW) {
esp_sha512_digest_process(sha512, 0);
}
#endif
ret = wc_Sha512Copy(sha512, tmpSha512);
if (ret == 0) { if (ret == 0) {
ret = finalfp(&tmpSha512, hash); ret = finalfp(tmpSha512, hash);
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
!defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
sha512->ctx.mode = ESP32_SHA_SW;; sha512->ctx.mode = ESP32_SHA_SW;;
#endif #endif
wc_Sha512Free(&tmpSha512); wc_Sha512Free(tmpSha512);
} }
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmpSha512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret; return ret;
} }
@@ -1735,36 +1755,58 @@ int wc_Sha512_256Transform(wc_Sha512* sha, const unsigned char* data)
int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash) int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash)
{ {
int ret; int ret;
wc_Sha384 tmpSha384; #ifdef WOLFSSL_SMALL_STACK
wc_Sha384* tmpSha384;
#else
wc_Sha384 tmpSha384[1];
#endif
if (sha384 == NULL || hash == NULL) if (sha384 == NULL || hash == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ }
#ifdef WOLFSSL_SMALL_STACK
tmpSha384 = (wc_Sha384*)XMALLOC(sizeof(wc_Sha384), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (tmpSha384 == NULL) {
return MEMORY_E;
}
#endif
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
!defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
if(sha384->ctx.mode == ESP32_SHA_INIT) { if (sha384->ctx.mode == ESP32_SHA_INIT) {
esp_sha_try_hw_lock(&sha384->ctx); esp_sha_try_hw_lock(&sha384->ctx);
} }
if(sha384->ctx.mode != ESP32_SHA_SW) { if (sha384->ctx.mode != ESP32_SHA_SW) {
esp_sha512_digest_process(sha384, 0); esp_sha512_digest_process(sha384, 0);
} }
#endif #endif
ret = wc_Sha384Copy(sha384, &tmpSha384); ret = wc_Sha384Copy(sha384, tmpSha384);
if (ret == 0) { if (ret == 0) {
ret = wc_Sha384Final(&tmpSha384, hash); ret = wc_Sha384Final(tmpSha384, hash);
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
!defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
sha384->ctx.mode = ESP32_SHA_SW; sha384->ctx.mode = ESP32_SHA_SW;
#endif #endif
wc_Sha384Free(&tmpSha384); wc_Sha384Free(tmpSha384);
} }
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmpSha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret; return ret;
} }
int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst) int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
{ {
int ret = 0; int ret = 0;
if (src == NULL || dst == NULL) if (src == NULL || dst == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
}
XMEMCPY(dst, src, sizeof(wc_Sha384)); XMEMCPY(dst, src, sizeof(wc_Sha384));
#ifdef WOLFSSL_SMALL_STACK_CACHE #ifdef WOLFSSL_SMALL_STACK_CACHE

4
wolfssl/wolfcrypt/asn.h
View File

@@ -872,7 +872,7 @@ enum Misc_ASN {
ASN_BOOL_SIZE = 2, /* including type */ ASN_BOOL_SIZE = 2, /* including type */
ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */ ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */
ASN_ECC_CONTEXT_SZ = 2, /* Content specific type + 1 byte len */ ASN_ECC_CONTEXT_SZ = 2, /* Content specific type + 1 byte len */
#ifdef NO_SHA #if defined(NO_SHA) || (!defined(NO_SHA256) && defined(WC_ASN_HASH_SHA256))
KEYID_SIZE = WC_SHA256_DIGEST_SIZE, KEYID_SIZE = WC_SHA256_DIGEST_SIZE,
#else #else
KEYID_SIZE = WC_SHA_DIGEST_SIZE, KEYID_SIZE = WC_SHA_DIGEST_SIZE,
@@ -1591,7 +1591,7 @@ struct DecodedCert {
byte issuerHash[KEYID_SIZE]; /* hash of all Names */ byte issuerHash[KEYID_SIZE]; /* hash of all Names */
#ifdef HAVE_OCSP #ifdef HAVE_OCSP
byte subjectKeyHash[KEYID_SIZE]; /* hash of the public Key */ byte subjectKeyHash[KEYID_SIZE]; /* hash of the public Key */
byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */ byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */
#endif /* HAVE_OCSP */ #endif /* HAVE_OCSP */
const byte* signature; /* not owned, points into raw cert */ const byte* signature; /* not owned, points into raw cert */
char* subjectCN; /* CommonName */ char* subjectCN; /* CommonName */

8
wolfssl/wolfcrypt/asn_public.h
View File

@@ -285,11 +285,12 @@ typedef int (wc_pem_password_cb)(char* passwd, int sz, int rw, void* userdata);
#endif #endif
typedef struct EncryptedInfo { typedef struct EncryptedInfo {
wc_pem_password_cb* passwd_cb;
void* passwd_userdata;
long consumed; /* tracks PEM bytes consumed */ long consumed; /* tracks PEM bytes consumed */
#ifdef WOLFSSL_ENCRYPTED_KEYS
wc_pem_password_cb* passwd_cb;
void* passwd_userdata;
int cipherType; int cipherType;
word32 keySz; word32 keySz;
word32 ivSz; /* salt or encrypted IV size */ word32 ivSz; /* salt or encrypted IV size */
@@ -298,6 +299,7 @@ typedef struct EncryptedInfo {
byte iv[IV_SZ]; /* salt or encrypted IV */ byte iv[IV_SZ]; /* salt or encrypted IV */
word16 set:1; /* if encryption set */ word16 set:1; /* if encryption set */
#endif
} EncryptedInfo; } EncryptedInfo;

3
wolfssl/wolfcrypt/settings.h
View File

@@ -2377,9 +2377,6 @@ extern void uITRON4_free(void *p) ;
#ifndef USE_WOLF_STRTOK #ifndef USE_WOLF_STRTOK
#define USE_WOLF_STRTOK #define USE_WOLF_STRTOK
#endif #endif
#ifndef WOLFSSL_SP_DIV_WORD_HALF
#define WOLFSSL_SP_DIV_WORD_HALF
#endif
#ifndef WOLFSSL_OLD_PRIME_CHECK #ifndef WOLFSSL_OLD_PRIME_CHECK
#define WOLFSSL_OLD_PRIME_CHECK #define WOLFSSL_OLD_PRIME_CHECK
#endif #endif