more WOLFSSL_NO_MALLOC fixes:

wolfcrypt/src/dh.c: in wc_DhGenerateParams(), use named constant for buf size, and only XFREE it if !WOLFSSL_NO_MALLOC; wolfcrypt/src/ecc.c and wolfssl/wolfcrypt/ecc.h: in wc_ecc_new_point_ex(), remove !WOLFSSL_NO_MALLOC gate around XMALLOC(), and if XMALLOC()ed, set ecc_point.isAllocated, then in wc_ecc_del_point_ex, XFREE() iff ecc_point.isAllocated; wolfcrypt/src/pkcs7.c: in wc_PKCS7_RsaVerify(), when WOLFSSL_NO_MALLOC, jumbo-size the digest buffer to cope with in-place dynamics in RsaUnPad(); wolfcrypt/test/test.c: add !WOLFSSL_NO_MALLOC gates around various XFREE()s of objects that are on the stack in WOLFSSL_NO_MALLOC builds; wolfssl/wolfcrypt/types.h: add an unconditional include of memory.h (itself guarded against multiple inclusion) to assure availability of WC_DEBUG_CIPHER_LIFECYCLE prototypes/macros.
2025-07-30 02:37:28 +02:00 · 2024-10-12 16:31:45 -05:00
parent 9312f3cb86
commit 0d5d05d44d
7 changed files with 30 additions and 9 deletions
--- a/wolfcrypt/src/dh.c
+++ b/wolfcrypt/src/dh.c
@ -2980,7 +2980,7 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
    int     primeCheck = MP_NO,
            ret = 0;
 #ifdef WOLFSSL_NO_MALLOC
-    unsigned char buf[4096 / WOLFSSL_BIT_SIZE];
+    unsigned char buf[DH_MAX_SIZE / WOLFSSL_BIT_SIZE];
 #else
    unsigned char *buf = NULL;
 #endif
@ -3181,9 +3181,11 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
 #endif
    {
        ForceZero(buf, bufSz);
+#ifndef WOLFSSL_NO_MALLOC
        if (dh != NULL) {
            XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
        }
+#endif
    }

 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@ -4092,23 +4092,23 @@ static int wc_ecc_new_point_ex(ecc_point** point, void* heap)
   }

   p = *point;
-#ifndef WOLFSSL_NO_MALLOC
   if (p == NULL) {
      p = (ecc_point*)XMALLOC(sizeof(ecc_point), heap, DYNAMIC_TYPE_ECC);
   }
-#endif
   if (p == NULL) {
      return MEMORY_E;
   }
   XMEMSET(p, 0, sizeof(ecc_point));

+   if (*point == NULL)
+       p->isAllocated = 1;
+
 #ifndef ALT_ECC_SIZE
   err = mp_init_multi(p->x, p->y, p->z, NULL, NULL, NULL);
   if (err != MP_OKAY) {
      WOLFSSL_MSG("mp_init_multi failed.");
-   #ifndef WOLFSSL_NO_MALLOC
-      XFREE(p, heap, DYNAMIC_TYPE_ECC);
-   #endif
+      if (p->isAllocated)
+          XFREE(p, heap, DYNAMIC_TYPE_ECC);
      p = NULL;
   }
 #else
@ -4148,9 +4148,8 @@ static void wc_ecc_del_point_ex(ecc_point* p, void* heap)
      mp_clear(p->x);
      mp_clear(p->y);
      mp_clear(p->z);
-   #ifndef WOLFSSL_NO_MALLOC
-      XFREE(p, heap, DYNAMIC_TYPE_ECC);
-   #endif
+      if (p->isAllocated)
+          XFREE(p, heap, DYNAMIC_TYPE_ECC);
   }
   (void)heap;
 }
--- a/wolfcrypt/src/memory.c
+++ b/wolfcrypt/src/memory.c
@ -32,6 +32,7 @@
 #endif

 #include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>

 /*
 Possible memory options:
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@ -4040,8 +4040,14 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
    byte* digest;
    RsaKey* key;
    DecodedCert* dCert;
+#else
+#ifdef WOLFSSL_NO_MALLOC
+    byte digest[RSA_MAX_SIZE / WOLFSSL_BIT_SIZE]; /* accessed in-place with size
+                                                   * key->dataLen
+                                                   */
 #else
    byte digest[MAX_PKCS7_DIGEST_SZ];
+#endif
    RsaKey key[1];
    DecodedCert stack_dCert;
    DecodedCert* dCert = &stack_dCert;
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@ -2673,23 +2673,31 @@ static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz,
        /* Convert to PEM */
        pemSz = wc_DerToPem(der, (word32)derSz, pem, (word32)pemSz, pemType);
        if (pemSz < 0) {
+            #ifndef WOLFSSL_NO_MALLOC
            XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
            return WC_TEST_RET_ENC(calling_line, 4, WC_TEST_RET_TAG_I);
        }
    #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
        pemFile = XFOPEN(filePem, "wb");
        if (!pemFile) {
+            #ifndef WOLFSSL_NO_MALLOC
            XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
            return WC_TEST_RET_ENC(calling_line, 5, WC_TEST_RET_TAG_I);
        }
        ret = (int)XFWRITE(pem, 1, (size_t)pemSz, pemFile);
        XFCLOSE(pemFile);
        if (ret != pemSz) {
+            #ifndef WOLFSSL_NO_MALLOC
            XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
            return WC_TEST_RET_ENC(calling_line, 6, WC_TEST_RET_TAG_I);
        }
    #endif
+        #ifndef WOLFSSL_NO_MALLOC
        XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        #endif
    }
 #endif /* WOLFSSL_DER_TO_PEM */

@ -37926,8 +37934,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void)
                }
            } while(0);

+            #ifndef WOLFSSL_NO_MALLOC
            XFREE(exportPKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
            XFREE(exportSKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif

            if (ret != 0)
                goto out;
--- a/wolfssl/wolfcrypt/ecc.h
+++ b/wolfssl/wolfcrypt/ecc.h
@ -467,6 +467,7 @@ struct ecc_point {
 #if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_ECC_NO_SMALL_STACK)
    ecc_key* key;
 #endif
+    byte isAllocated:1;
 };

 /* ECC Flags */
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@ -602,6 +602,8 @@ typedef struct w64wrapper {
        #endif /* WOLFSSL_STATIC_MEMORY */
    #endif

+    #include <wolfssl/wolfcrypt/memory.h>
+
    /* declare/free variable handling for async and smallstack */
    #ifndef WC_ALLOC_DO_ON_FAILURE
        #define WC_ALLOC_DO_ON_FAILURE() WC_DO_NOTHING