diff --git a/IDE/Espressif/ESP-IDF/test/test_wolfssl.c b/IDE/Espressif/ESP-IDF/test/test_wolfssl.c index b1cb8bd4c..f7db98dc7 100644 --- a/IDE/Espressif/ESP-IDF/test/test_wolfssl.c +++ b/IDE/Espressif/ESP-IDF/test/test_wolfssl.c @@ -666,7 +666,7 @@ TEST_CASE("wolfssl sha crypt-test", "[wolfssl]") ESP_LOGI(TAG, "sha256_test()"); TEST_ASSERT_EQUAL(0, sha256_test()); #endif -#ifdef WOLSSL_SHA384 +#ifdef WOLFSSL_SHA384 ESP_LOGI(TAG, "sha384_test()"); TEST_ASSERT_EQUAL(0, sha384_test()); #endif diff --git a/src/ssl.c b/src/ssl.c index d1e23a49e..2f7f7806e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -3888,8 +3888,10 @@ error: if (sk) wolfSSL_sk_X509_free(sk); - for (i = 0; i < numCerts && certBuffers[i] != NULL; ++i) { - FreeDer(&certBuffers[i]); + if (certBuffers != NULL) { + for (i = 0; i < numCerts && certBuffers[i] != NULL; ++i) { + FreeDer(&certBuffers[i]); + } } if (certBuffers) @@ -26570,8 +26572,8 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, int ret = WOLFSSL_FAILURE; int count = 0; WOLFSSL_BIO *bio = NULL; - WOLFSSL_X509_CRL *crl =NULL; - + WOLFSSL_X509_CRL *crl = NULL; + WOLFSSL_ENTER("wolfSSL_X509_load_crl_file"); if (ctx == NULL || file == NULL) @@ -26584,7 +26586,12 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, wolfSSL_BIO_free(bio); return ret; } - + + if (wolfSSL_BIO_read_filename(bio, file) <= 0) { + wolfSSL_BIO_free(bio); + return ret; + } + if (type == WOLFSSL_FILETYPE_PEM) { do { crl = wolfSSL_PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL); @@ -26594,7 +26601,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, } break; } - + ret = wolfSSL_X509_STORE_add_crl(ctx->store, crl); if (ret == WOLFSSL_FAILURE) { WOLFSSL_MSG("Adding crl failed"); @@ -26604,7 +26611,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, wolfSSL_X509_CRL_free(crl); crl = NULL; } while(crl == NULL); - + ret = count; } else if (type == WOLFSSL_FILETYPE_ASN1) { crl = wolfSSL_d2i_X509_CRL_bio(bio, NULL); @@ -26621,10 +26628,10 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, } else { WOLFSSL_MSG("Invalid file type"); } - + wolfSSL_X509_CRL_free(crl); wolfSSL_BIO_free(bio); - + WOLFSSL_LEAVE("wolfSSL_X509_load_crl_file", ret); return ret; } @@ -32099,6 +32106,7 @@ int wolfSSL_RAND_egd(const char* nm) } #endif + XMEMSET(&rem, 0, sizeof(struct sockaddr_un)); if (nm == NULL) { #ifdef WOLFSSL_SMALL_STACK XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -36390,8 +36398,8 @@ WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void) goto error; } - /* curve group */ - external->group = wolfSSL_EC_GROUP_new_by_curve_name(ECC_CURVE_DEF); + /* Group unknown at creation */ + external->group = wolfSSL_EC_GROUP_new_by_curve_name(NID_undef); if (external->group == NULL) { WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_GROUP failure"); goto error; @@ -36436,18 +36444,28 @@ void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key) } } -#ifndef NO_WOLFSSL_STUB + +/* set the group in WOLFSSL_EC_KEY and return WOLFSSL_SUCCESS on success */ int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group) { - (void)key; - (void)group; + if (key == NULL || group == NULL) + return WOLFSSL_FAILURE; WOLFSSL_ENTER("wolfSSL_EC_KEY_set_group"); - WOLFSSL_STUB("EC_KEY_set_group"); - return -1; + if (key->group != NULL) { + /* free the current group */ + wolfSSL_EC_GROUP_free(key->group); + } + + key->group = wolfSSL_EC_GROUP_dup(group); + if (key->group == NULL) { + return WOLFSSL_FAILURE; + } + + return WOLFSSL_SUCCESS; } -#endif + int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key) { @@ -41275,9 +41293,11 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) WOLFSSL_MSG("Serial size error"); return WOLFSSL_FAILURE; } - if ((int)sizeof(cert->serial) < serialSz) { - WOLFSSL_MSG("Serial buffer too small"); - return BUFFER_E; + + if (serialSz > EXTERNAL_SERIAL_SIZE || + serialSz > CTC_SERIAL_SIZE) { + WOLFSSL_MSG("Serial size too large error"); + return WOLFSSL_FAILURE; } XMEMCPY(cert->serial, serial, serialSz); cert->serialSz = serialSz; @@ -52576,7 +52596,7 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME *s, time_t t, ts = (struct tm *)XGMTIME(&t_adj, tmpTime); if (ts == NULL){ WOLFSSL_MSG("failed to get time data."); - XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL); + wolfSSL_ASN1_TIME_free(s); return NULL; } @@ -52599,8 +52619,10 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME *s, time_t t, XSNPRINTF((char *)utc_str, sizeof(utc_str), "%02d%02d%02d%02d%02d%02dZ", utc_year, utc_mon, utc_day, utc_hour, utc_min, utc_sec); - if (wolfSSL_ASN1_TIME_set_string(s, utc_str) != WOLFSSL_SUCCESS) + if (wolfSSL_ASN1_TIME_set_string(s, utc_str) != WOLFSSL_SUCCESS) { + wolfSSL_ASN1_TIME_free(s); return NULL; + } /* GeneralizedTime */ } else { char gt_str[ASN_GENERALIZED_TIME_MAX]; @@ -52615,8 +52637,10 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME *s, time_t t, XSNPRINTF((char *)gt_str, sizeof(gt_str), "%4d%02d%02d%02d%02d%02dZ", gt_year, gt_mon, gt_day, gt_hour, gt_min,gt_sec); - if (wolfSSL_ASN1_TIME_set_string(s, gt_str) != WOLFSSL_SUCCESS) + if (wolfSSL_ASN1_TIME_set_string(s, gt_str) != WOLFSSL_SUCCESS) { + wolfSSL_ASN1_TIME_free(s); return NULL; + } } return s; @@ -53386,6 +53410,7 @@ PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7) pkcs7->len = ret; if (wc_PKCS7_VerifySignedData(&pkcs7->pkcs7, pkcs7->data, pkcs7->len) != 0) { + wolfSSL_PKCS7_free((PKCS7*)pkcs7); return NULL; } diff --git a/src/tls.c b/src/tls.c index 8859a94b4..ebbd9f4c1 100644 --- a/src/tls.c +++ b/src/tls.c @@ -5040,7 +5040,7 @@ static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl) } } } -#endif /* WLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */ +#endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */ static word16 TLSX_SessionTicket_GetSize(SessionTicket* ticket, int isRequest) @@ -11049,7 +11049,7 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, ato16(input + offset, &size); offset += OPAQUE16_LEN; - if (offset + size > length) + if (length - offset < size) return BUFFER_ERROR; switch (type) { diff --git a/tests/api.c b/tests/api.c index 017635660..4f24dc497 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2750,6 +2750,9 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) } ctx = wolfSSL_CTX_new(method); } + if (ctx == NULL) { + goto done; + } #if defined(HAVE_SESSION_TICKET) && \ ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)) @@ -36936,6 +36939,28 @@ static void test_wolfSSL_NCONF(void) } #endif /* OPENSSL_ALL */ +static void test_wolfSSL_EC_KEY_set_group(void) +{ +#if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(NO_ECC_SECP) && \ + defined(OPENSSL_EXTRA) + EC_KEY *key = NULL; + EC_GROUP *group = NULL; + const EC_GROUP *group2 = NULL; + + printf(testingFmt, "wolfSSL_EC_KEY_dup()"); + + AssertNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); + AssertNotNull(key = EC_KEY_new()); + AssertIntEQ(EC_KEY_set_group(key, group), WOLFSSL_SUCCESS); + AssertNotNull(group2 = EC_KEY_get0_group(key)); + AssertIntEQ(EC_GROUP_cmp(group2, group, NULL), 0); + + EC_GROUP_free(group); + EC_KEY_free(key); + + printf(resultFmt, passed); +#endif +} static void test_wolfSSL_X509V3_EXT_get(void) { #if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL) @@ -42481,6 +42506,7 @@ void ApiTest(void) test_CRYPTO_THREADID_xxx(); test_ENGINE_cleanup(); + test_wolfSSL_EC_KEY_set_group(); #if defined(OPENSSL_ALL) test_wolfSSL_X509_PUBKEY_get(); test_wolfSSL_sk_CIPHER_description(); diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 71f451007..3260d02fc 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -6188,7 +6188,7 @@ void bench_eccsiPairGen(void) byte id[] = { 0x01, 0x23, 0x34, 0x45 }; int ret; - mp_init(&ssk); + (void)mp_init(&ssk); pvt = wc_ecc_new_point(); wc_InitEccsiKey(&genKey, NULL, INVALID_DEVID); (void)wc_MakeEccsiKey(&genKey, &gRng); @@ -6227,7 +6227,7 @@ void bench_eccsiValidate(void) int valid; int ret; - mp_init(&ssk); + (void)mp_init(&ssk); pvt = wc_ecc_new_point(); wc_InitEccsiKey(&genKey, NULL, INVALID_DEVID); (void)wc_MakeEccsiKey(&genKey, &gRng); @@ -6272,7 +6272,7 @@ void bench_eccsi(void) int ret; int verified; - mp_init(&ssk); + (void)mp_init(&ssk); pvt = wc_ecc_new_point(); (void)wc_InitEccsiKey(&genKey, NULL, INVALID_DEVID); (void)wc_MakeEccsiKey(&genKey, &gRng); @@ -6518,10 +6518,10 @@ void bench_sakke(void) bench_stats_asym_finish("SAKKE", 1024, desc[10], 0, count, start, 0); len = 0; - wc_GenerateSakkeRskTable(&genKey, rsk, NULL, &len); + (void)wc_GenerateSakkeRskTable(&genKey, rsk, NULL, &len); if (len > 0) { table = (byte*)XMALLOC(len, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_GenerateSakkeRskTable(&genKey, rsk, table, &len); + (void)wc_GenerateSakkeRskTable(&genKey, rsk, table, &len); } (void)wc_SetSakkeRsk(&genKey, rsk, table, len); diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 696da3eb1..dbeee2e32 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -171,6 +171,9 @@ ECC Curve Sizes: #define GEN_MEM_ERR MP_MEM #endif +/* forward declarations */ +static int wc_ecc_new_point_ex(ecc_point** point, void* heap); +static void wc_ecc_del_point_ex(ecc_point* p, void* heap); /* internal ECC states */ enum { @@ -3002,9 +3005,12 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, #if !defined(WOLFSSL_SP_MATH) { ecc_point *tG, *M[M_POINTS]; +#ifdef WOLFSSL_NO_MALLOC + ecc_point lcl_tG, lcl_M[M_POINTS]; +#endif int i, err; #ifdef WOLFSSL_SMALL_STACK_CACHE - ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, heap, DYNAMIC_TYPE_ECC); + ecc_key *key = (ecc_key *)XMALLOC(sizeof(*key), heap, DYNAMIC_TYPE_ECC); #endif mp_digit mp; @@ -3030,9 +3036,11 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, /* alloc ram for window temps */ for (i = 0; i < M_POINTS; i++) { - M[i] = wc_ecc_new_point_h(heap); - if (M[i] == NULL) { - err = MEMORY_E; + #ifdef WOLFSSL_NO_MALLOC + M[i] = &lcl_M[i]; + #endif + err = wc_ecc_new_point_ex(&M[i], heap); + if (err != MP_OKAY) { goto exit; } #ifdef WOLFSSL_SMALL_STACK_CACHE @@ -3041,9 +3049,11 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, } /* make a copy of G in case R==G */ - tG = wc_ecc_new_point_h(heap); - if (tG == NULL) { - err = MEMORY_E; +#ifdef WOLFSSL_NO_MALLOC + tG = &lcl_tG; +#endif + err = wc_ecc_new_point_ex(&tG, heap); + if (err != MP_OKAY) { goto exit; } if ((err = ecc_point_to_mont(G, tG, modulus, heap)) != MP_OKAY) { @@ -3067,10 +3077,11 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, exit: /* done */ - wc_ecc_del_point_h(tG, heap); + wc_ecc_del_point_ex(tG, heap); for (i = 0; i < M_POINTS; i++) { - wc_ecc_del_point_h(M[i], heap); + wc_ecc_del_point_ex(M[i], heap); } + #ifdef WOLFSSL_SMALL_STACK_CACHE if (key) { if (R) @@ -3130,6 +3141,9 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, #if !defined(WOLFSSL_SP_MATH) { ecc_point *tG, *M[M_POINTS]; +#ifdef WOLFSSL_NO_MALLOC + ecc_point lcl_tG, lcl_M[M_POINTS]; +#endif int i, err; #ifdef WOLFSSL_SMALL_STACK_CACHE ecc_key key; @@ -3154,11 +3168,13 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, R->key = &key; #endif /* WOLFSSL_SMALL_STACK_CACHE */ - /* alloc ram for window temps */ - for (i = 0; i < M_POINTS; i++) { - M[i] = wc_ecc_new_point_h(heap); - if (M[i] == NULL) { - err = MEMORY_E; + /* alloc ram for window temps */ + for (i = 0; i < M_POINTS; i++) { + #ifdef WOLFSSL_NO_MALLOC + M[i] = &lcl_M[i]; + #endif + err = wc_ecc_new_point_ex(&M[i], heap); + if (err != MP_OKAY) { goto exit; } #ifdef WOLFSSL_SMALL_STACK_CACHE @@ -3167,9 +3183,11 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, } /* make a copy of G in case R==G */ - tG = wc_ecc_new_point_h(heap); - if (tG == NULL) { - err = MEMORY_E; +#ifdef WOLFSSL_NO_MALLOC + tG = &lcl_tG; +#endif + err = wc_ecc_new_point_ex(&tG, heap); + if (err != MP_OKAY) { goto exit; } if ((err = ecc_point_to_mont(G, tG, modulus, heap)) != MP_OKAY) { @@ -3228,9 +3246,9 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, exit: /* done */ - wc_ecc_del_point_h(tG, heap); + wc_ecc_del_point_ex(tG, heap); for (i = 0; i < M_POINTS; i++) { - wc_ecc_del_point_h(M[i], heap); + wc_ecc_del_point_ex(M[i], heap); } #ifdef WOLFSSL_SMALL_STACK_CACHE R->key = NULL; @@ -3290,25 +3308,37 @@ int wc_ecc_mulmod(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, #endif /* !WOLFSSL_ATECC508A */ /** + * Allocate a new ECC point (if one not provided) * use a heap hint when creating new ecc_point * return an allocated point on success or NULL on failure - */ -ecc_point* wc_ecc_new_point_h(void* heap) +*/ +static int wc_ecc_new_point_ex(ecc_point** point, void* heap) { + int err = MP_OKAY; ecc_point* p; - (void)heap; + if (point == NULL) { + return BAD_FUNC_ARG; + } - p = (ecc_point*)XMALLOC(sizeof(ecc_point), heap, DYNAMIC_TYPE_ECC); + p = *point; +#ifndef WOLFSSL_NO_MALLOC if (p == NULL) { - return NULL; + p = (ecc_point*)XMALLOC(sizeof(ecc_point), heap, DYNAMIC_TYPE_ECC); + } +#endif + if (p == NULL) { + return MEMORY_E; } XMEMSET(p, 0, sizeof(ecc_point)); #ifndef ALT_ECC_SIZE - if (mp_init_multi(p->x, p->y, p->z, NULL, NULL, NULL) != MP_OKAY) { + err = mp_init_multi(p->x, p->y, p->z, NULL, NULL, NULL); + if (err != MP_OKAY) { + #ifndef WOLFSSL_NO_MALLOC XFREE(p, heap, DYNAMIC_TYPE_ECC); - return NULL; + #endif + return err; } #else p->x = (mp_int*)&p->xyz[0]; @@ -3319,42 +3349,47 @@ ecc_point* wc_ecc_new_point_h(void* heap) alt_fp_init(p->z); #endif - return p; + *point = p; + (void)heap; + return err; +} +ecc_point* wc_ecc_new_point_h(void* heap) +{ + ecc_point* p = NULL; + (void)wc_ecc_new_point_ex(&p, heap); + return p; } - - -/** - Allocate a new ECC point - return A newly allocated point or NULL on error -*/ ecc_point* wc_ecc_new_point(void) { - return wc_ecc_new_point_h(NULL); + ecc_point* p = NULL; + (void)wc_ecc_new_point_ex(&p, NULL); + return p; } - -void wc_ecc_del_point_h(ecc_point* p, void* heap) -{ - /* prevents free'ing null arguments */ - if (p != NULL) { - mp_clear(p->x); - mp_clear(p->y); - mp_clear(p->z); - XFREE(p, heap, DYNAMIC_TYPE_ECC); - } - (void)heap; -} - - /** Free an ECC point from memory p The point to free */ +static void wc_ecc_del_point_ex(ecc_point* p, void* heap) +{ + if (p != NULL) { + mp_clear(p->x); + mp_clear(p->y); + mp_clear(p->z); + #ifndef WOLFSSL_NO_MALLOC + XFREE(p, heap, DYNAMIC_TYPE_ECC); + #endif + } + (void)heap; +} +void wc_ecc_del_point_h(ecc_point* p, void* heap) +{ + wc_ecc_del_point_ex(p, heap); +} void wc_ecc_del_point(ecc_point* p) { - wc_ecc_del_point_h(p, NULL); + wc_ecc_del_point_ex(p, NULL); } - void wc_ecc_forcezero_point(ecc_point* p) { if (p != NULL) { @@ -3890,13 +3925,19 @@ static int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point, int err = MP_OKAY; #if !defined(WOLFSSL_SP_MATH) ecc_point* result = NULL; + #ifdef WOLFSSL_NO_MALLOC + ecc_point lcl_result; + #endif word32 x = 0; #endif mp_int* k = &private_key->k; #ifdef HAVE_ECC_CDH mp_int k_lcl; +#endif WOLFSSL_ENTER("wc_ecc_shared_secret_gen_sync"); + +#ifdef HAVE_ECC_CDH /* if cofactor flag has been set */ if (private_key->flags & WC_ECC_FLAG_COFACTOR) { mp_digit cofactor = (mp_digit)private_key->dp->cofactor; @@ -3913,8 +3954,6 @@ static int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point, } } } -#else - WOLFSSL_ENTER("wc_ecc_shared_secret_gen_sync"); #endif #ifdef WOLFSSL_HAVE_SP_ECC @@ -3949,13 +3988,16 @@ static int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point, mp_digit mp = 0; /* make new point */ - result = wc_ecc_new_point_h(private_key->heap); - if (result == NULL) { -#ifdef HAVE_ECC_CDH + #ifdef WOLFSSL_NO_MALLOC + result = &lcl_result; + #endif + err = wc_ecc_new_point_ex(&result, private_key->heap); + if (err != MP_OKAY) { + #ifdef HAVE_ECC_CDH if (k == &k_lcl) mp_clear(k); -#endif - return MEMORY_E; + #endif + return err; } #ifdef ECC_TIMING_RESISTANT @@ -3996,7 +4038,7 @@ static int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point, } *outlen = x; - wc_ecc_del_point_h(result, private_key->heap); + wc_ecc_del_point_ex(result, private_key->heap); } #endif #ifdef HAVE_ECC_CDH @@ -4312,6 +4354,9 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curveIn, && !defined(WOLFSSL_SILABS_SE_ACCEL) #if !defined(WOLFSSL_SP_MATH) ecc_point* base = NULL; + #ifdef WOLFSSL_NO_MALLOC + ecc_point lcl_base; + #endif #endif ecc_point* pub; DECLARE_CURVE_SPECS(curve, ECC_CURVE_FIELD_COUNT); @@ -4390,10 +4435,11 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curveIn, #else { mp_digit mp = 0; + #ifdef WOLFSSL_NO_MALLOC + base = &lcl_base; + #endif + err = wc_ecc_new_point_ex(&base, key->heap); - base = wc_ecc_new_point_h(key->heap); - if (base == NULL) - err = MEMORY_E; /* read in the x/y for this key */ if (err == MP_OKAY) err = mp_copy(curve->Gx, base->x); @@ -4418,7 +4464,7 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curveIn, err = ecc_map_ex(pub, curve->prime, mp, 1); } - wc_ecc_del_point_h(base, key->heap); + wc_ecc_del_point_ex(base, key->heap); } #endif @@ -5961,10 +6007,18 @@ int ecc_mul2add(ecc_point* A, mp_int* kA, ecc_point** precomp = NULL; #else ecc_point* precomp[SHAMIR_PRECOMP_SZ]; + #ifdef WOLFSSL_NO_MALLOC + ecc_point lcl_precomp[SHAMIR_PRECOMP_SZ]; + #endif #endif unsigned bitbufA, bitbufB, lenA, lenB, len, nA, nB, nibble; - unsigned char* tA; - unsigned char* tB; +#ifdef WOLFSSL_NO_MALLOC + unsigned char tA[ECC_BUFSIZE]; + unsigned char tB[ECC_BUFSIZE]; +#else + unsigned char* tA = NULL; + unsigned char* tB = NULL; +#endif int err = MP_OKAY, first, x, y; mp_digit mp = 0; @@ -5974,6 +6028,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA, return ECC_BAD_ARG_E; } +#ifndef WOLFSSL_NO_MALLOC /* allocate memory */ tA = (unsigned char*)XMALLOC(ECC_BUFSIZE, heap, DYNAMIC_TYPE_ECC_BUFFER); if (tA == NULL) { @@ -5984,6 +6039,8 @@ int ecc_mul2add(ecc_point* A, mp_int* kA, XFREE(tA, heap, DYNAMIC_TYPE_ECC_BUFFER); return GEN_MEM_ERR; } +#endif + #ifdef WOLFSSL_SMALL_STACK precomp = (ecc_point**)XMALLOC(sizeof(ecc_point*) * SHAMIR_PRECOMP_SZ, heap, DYNAMIC_TYPE_ECC_BUFFER); @@ -6001,6 +6058,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA, key.y = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); key.z = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); #endif + if (key.t1 == NULL || key.t2 == NULL #ifdef ALT_ECC_SIZE || key.x == NULL || key.y == NULL || key.z == NULL @@ -6051,11 +6109,12 @@ int ecc_mul2add(ecc_point* A, mp_int* kA, /* allocate the table */ if (err == MP_OKAY) { for (x = 0; x < SHAMIR_PRECOMP_SZ; x++) { - precomp[x] = wc_ecc_new_point_h(heap); - if (precomp[x] == NULL) { - err = GEN_MEM_ERR; + #ifdef WOLFSSL_NO_MALLOC + precomp[x] = &lcl_precomp[x]; + #endif + err = wc_ecc_new_point_ex(&precomp[x], heap); + if (err != MP_OKAY) break; - } #ifdef WOLFSSL_SMALL_STACK_CACHE precomp[x]->key = &key; #endif @@ -6215,7 +6274,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA, /* clean up */ for (x = 0; x < SHAMIR_PRECOMP_SZ; x++) { - wc_ecc_del_point_h(precomp[x], heap); + wc_ecc_del_point_ex(precomp[x], heap); } ForceZero(tA, ECC_BUFSIZE); @@ -6233,9 +6292,10 @@ int ecc_mul2add(ecc_point* A, mp_int* kA, #ifdef WOLFSSL_SMALL_STACK XFREE(precomp, heap, DYNAMIC_TYPE_ECC_BUFFER); #endif +#ifndef WOLFSSL_NO_MALLOC XFREE(tB, heap, DYNAMIC_TYPE_ECC_BUFFER); XFREE(tA, heap, DYNAMIC_TYPE_ECC_BUFFER); - +#endif return err; } @@ -6449,6 +6509,9 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, #elif !defined(WOLFSSL_SP_MATH) || defined(FREESCALE_LTC_ECC) int did_init = 0; ecc_point *mG = NULL, *mQ = NULL; + #ifdef WOLFSSL_NO_MALLOC + ecc_point lcl_mG, lcl_mQ; + #endif #ifdef WOLFSSL_SMALL_STACK mp_int* v = NULL; mp_int* w = NULL; @@ -6779,10 +6842,16 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, /* allocate points */ if (err == MP_OKAY) { - mG = wc_ecc_new_point_h(key->heap); - mQ = wc_ecc_new_point_h(key->heap); - if (mQ == NULL || mG == NULL) - err = MEMORY_E; + #ifdef WOLFSSL_NO_MALLOC + mG = &lcl_mG; + #endif + err = wc_ecc_new_point_ex(&mG, key->heap); + } + if (err == MP_OKAY) { + #ifdef WOLFSSL_NO_MALLOC + mQ = &lcl_mQ; + #endif + err = wc_ecc_new_point_ex(&mQ, key->heap); } /* w = s^-1 mod n */ @@ -6876,8 +6945,8 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, } /* cleanup */ - wc_ecc_del_point_h(mG, key->heap); - wc_ecc_del_point_h(mQ, key->heap); + wc_ecc_del_point_ex(mG, key->heap); + wc_ecc_del_point_ex(mQ, key->heap); mp_clear(e); if (did_init) { @@ -7498,9 +7567,13 @@ int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime) /* validate privkey * generator == pubkey, 0 on success */ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime) { - int err = MP_OKAY; + int err; ecc_point* base = NULL; ecc_point* res = NULL; +#ifdef WOLFSSL_NO_MALLOC + ecc_point lcl_base; + ecc_point lcl_res; +#endif DECLARE_CURVE_SPECS(curve, 3); if (key == NULL) @@ -7508,9 +7581,10 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime) ALLOC_CURVE_SPECS(3); - res = wc_ecc_new_point_h(key->heap); - if (res == NULL) - err = MEMORY_E; +#ifdef WOLFSSL_NO_MALLOC + res = &lcl_res; +#endif + err = wc_ecc_new_point_ex(&res, key->heap); #ifdef WOLFSSL_HAVE_SP_ECC #ifndef WOLFSSL_SP_NO_256 @@ -7531,9 +7605,12 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime) #endif #endif { - base = wc_ecc_new_point_h(key->heap); - if (base == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + #ifdef WOLFSSL_NO_MALLOC + base = &lcl_base; + #endif + err = wc_ecc_new_point_ex(&base, key->heap); + } if (err == MP_OKAY) { /* load curve info */ @@ -7571,8 +7648,8 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime) } wc_ecc_curve_free(curve); - wc_ecc_del_point_h(res, key->heap); - wc_ecc_del_point_h(base, key->heap); + wc_ecc_del_point_ex(res, key->heap); + wc_ecc_del_point_ex(base, key->heap); FREE_CURVE_SPECS(); return err; @@ -7624,15 +7701,19 @@ static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a, mp_int* prime, mp_int* order) { ecc_point* inf = NULL; - int err; +#ifdef WOLFSSL_NO_MALLOC + ecc_point lcl_inf; +#endif + int err; if (key == NULL) return BAD_FUNC_ARG; - inf = wc_ecc_new_point_h(key->heap); - if (inf == NULL) - err = MEMORY_E; - else { +#ifdef WOLFSSL_NO_MALLOC + inf = &lcl_inf; +#endif + err = wc_ecc_new_point_ex(&inf, key->heap); + if (err == MP_OKAY) { #ifdef WOLFSSL_HAVE_SP_ECC #ifndef WOLFSSL_SP_NO_256 if (key->idx != ECC_CUSTOM_IDX && @@ -7663,7 +7744,7 @@ static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a, #endif } - wc_ecc_del_point_h(inf, key->heap); + wc_ecc_del_point_ex(inf, key->heap); return err; } diff --git a/wolfcrypt/src/eccsi.c b/wolfcrypt/src/eccsi.c index 555020c35..ca58c893b 100644 --- a/wolfcrypt/src/eccsi.c +++ b/wolfcrypt/src/eccsi.c @@ -1666,6 +1666,7 @@ int wc_SetEccsiHash(EccsiKey* key, const byte* hash, byte hashSz) * @param [in] pvt Public Validation Token (PVT) as an ECC point. * @return 0 on success. * @return BAD_FUNC_ARG when key, ssk or pvt is NULL. + * @return MP math errors when copy fails */ int wc_SetEccsiPair(EccsiKey* key, const mp_int* ssk, const ecc_point* pvt) { @@ -1674,9 +1675,13 @@ int wc_SetEccsiPair(EccsiKey* key, const mp_int* ssk, const ecc_point* pvt) if ((key == NULL) || (ssk == NULL) || (pvt == NULL)) { err = BAD_FUNC_ARG; } + if (err == 0) { - mp_copy(ssk, &key->ssk); - wc_ecc_copy_point(pvt, key->pvt); + err = mp_copy(ssk, &key->ssk); + } + + if (err == 0) { + err = wc_ecc_copy_point(pvt, key->pvt); } return err; diff --git a/wolfcrypt/src/port/arm/armv8-sha256.c b/wolfcrypt/src/port/arm/armv8-sha256.c index de65ec2e6..d2acf9edb 100644 --- a/wolfcrypt/src/port/arm/armv8-sha256.c +++ b/wolfcrypt/src/port/arm/armv8-sha256.c @@ -301,6 +301,7 @@ static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 le add = (len + sha256->buffLen) - numBlocks * WC_SHA256_BLOCK_SIZE; Sha256Transform(sha256, data, numBlocks); + data += numBlocks * WC_SHA256_BLOCK_SIZE - sha256->buffLen; AddLength(sha256, WC_SHA256_BLOCK_SIZE * numBlocks); @@ -885,6 +886,7 @@ static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 le add = (len + sha256->buffLen) - numBlocks * WC_SHA256_BLOCK_SIZE; Sha256Transform(sha256, data, numBlocks); + data += numBlocks * WC_SHA256_BLOCK_SIZE - sha256->buffLen; AddLength(sha256, WC_SHA256_BLOCK_SIZE * numBlocks); diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c index 5ca96e6b6..2515d789f 100644 --- a/wolfcrypt/src/pwdbased.c +++ b/wolfcrypt/src/pwdbased.c @@ -415,10 +415,10 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen, dLen = v; sLen = v * ((saltLen + v - 1) / v); - if (passLen) - pLen = v * ((passLen + v - 1) / v); - else - pLen = 0; + + /* with passLen checked at the top of the function for >= 0 then passLen + * must be 1 or greater here and is always 'true' */ + pLen = v * ((passLen + v - 1) / v); iLen = sLen + pLen; totalLen = dLen + sLen + pLen; diff --git a/wolfcrypt/src/sakke.c b/wolfcrypt/src/sakke.c index 789347528..8468d08b5 100644 --- a/wolfcrypt/src/sakke.c +++ b/wolfcrypt/src/sakke.c @@ -6120,7 +6120,7 @@ static int sakke_hash_to_range(SakkeKey* key, enum wc_HashType hashType, int err = 0; byte h[WC_MAX_DIGEST_SIZE]; byte v[WC_MAX_DIGEST_SIZE]; - word32 hashSz = wc_HashGetDigestSize(hashType); + word32 hashSz = 0; word32 i; /* Step 1: A = hashfn( s ), where s = data | extra @@ -6128,7 +6128,16 @@ static int sakke_hash_to_range(SakkeKey* key, enum wc_HashType hashType, */ /* Step 2: h_0 = 00...00, a string of null bits of length hashlen bits */ - XMEMSET(h, 0, hashSz); + err = wc_HashGetDigestSize(hashType); + if (err > 0) { + hashSz = (word32)err; + XMEMSET(h, 0, hashSz); + err = 0; /* reset err value after getting digest size */ + } + else if (err == 0) { + /* invalid hash digest size */ + err = BAD_FUNC_ARG; + } /* Step 3: l = Ceiling(lg(n)/hashlen) */ /* Step 4: For each i in 1 to l, do */ diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index d22dd82bc..fc0b74bf6 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -2360,7 +2360,7 @@ void sp_forcezero(sp_int* a) } #endif /* !WOLFSSL_RSA_VERIFY_ONLY || !NO_DH || HAVE_ECC */ -#if defined(WOLSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \ +#if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \ !defined(NO_RSA) || defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) /* Copy value of multi-precision number a into r. * @@ -2390,7 +2390,7 @@ int sp_copy(const sp_int* a, sp_int* r) } #endif -#if defined(WOLSSL_SP_MATH_ALL) || (defined(HAVE_ECC) && defined(FP_ECC)) +#if defined(WOLFSSL_SP_MATH_ALL) || (defined(HAVE_ECC) && defined(FP_ECC)) /* Initializes r and copies in value from a. * * @param [out] r SP integer - destination. @@ -2409,7 +2409,7 @@ int sp_init_copy(sp_int* r, sp_int* a) } return err; } -#endif /* WOLSSL_SP_MATH_ALL || (HAVE_ECC && FP_ECC) */ +#endif /* WOLFSSL_SP_MATH_ALL || (HAVE_ECC && FP_ECC) */ #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ !defined(NO_DH) || !defined(NO_DSA) @@ -12290,7 +12290,7 @@ int sp_to_unsigned_bin_len(sp_int* a, byte* out, int outSz) return err; } -#if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) +#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) /* Store the number in big-endian format in array at an offset. * The array must be large enough for encoded number - use mp_unsigned_bin_size * to calculate the number of bytes required. @@ -12312,10 +12312,10 @@ int sp_to_unsigned_bin_at_pos(int o, sp_int*a, unsigned char* out) return ret; } -#endif /* WOLFSSL_SP_MATH_ALL */ +#endif /* WOLFSSL_SP_MATH_ALL && !NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY */ -#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - defined(HAVE_ECC) +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + defined(HAVE_ECC) || !defined(NO_DSA) /* Convert hexadecimal number as string in big-endian format to a * multi-precision number. * @@ -12388,9 +12388,9 @@ static int _sp_read_radix_16(sp_int* a, const char* in) } return err; } -#endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) || HAVE_ECC */ +#endif /* (WOLFSSL_SP_MATH_ALL && !NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) || HAVE_ECC */ -#if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) +#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) /* Convert decimal number as string in big-endian format to a multi-precision * number. * @@ -12447,10 +12447,10 @@ static int _sp_read_radix_10(sp_int* a, const char* in) return err; } -#endif /* WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY */ +#endif /* WOLFSSL_SP_MATH_ALL && !NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY */ -#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - defined(HAVE_ECC) +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + defined(HAVE_ECC) || !defined(NO_DSA) /* Convert a number as string in big-endian format to a big number. * Only supports base-16 (hexadecimal) and base-10 (decimal). * @@ -12482,7 +12482,7 @@ int sp_read_radix(sp_int* a, const char* in, int radix) if (radix == 16) { err = _sp_read_radix_16(a, in); } - #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) + #if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) else if (radix == 10) { err = _sp_read_radix_10(a, in); } @@ -12494,7 +12494,7 @@ int sp_read_radix(sp_int* a, const char* in, int radix) return err; } -#endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) || HAVE_ECC */ +#endif /* (WOLFSSL_SP_MATH_ALL && !NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) || HAVE_ECC */ #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ defined(WC_MP_TO_RADIX) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 5be88a07a..2d4e74046 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -27281,7 +27281,7 @@ static int eccsi_enc_dec_pair_test(EccsiKey* priv, mp_int* ssk, ecc_point* pvt) return -10117; decPvt = wc_ecc_new_point(); - if (ret != 0) + if (decPvt == NULL) return -10118; ret = wc_EncodeEccsiPair(priv, ssk, pvt, NULL, &sz); @@ -27645,80 +27645,100 @@ static int eccsi_sign_verify_test(EccsiKey* priv, EccsiKey* pub, WC_RNG* rng, int eccsi_test(void) { - int ret; + int ret = 0; WC_RNG rng; - EccsiKey* priv; - EccsiKey* pub; - mp_int* ssk; - ecc_point* pvt; + EccsiKey* priv = NULL; + EccsiKey* pub = NULL; + mp_int* ssk = NULL; + ecc_point* pvt = NULL; priv = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (priv == NULL) { - return -10205; + ret = -10205; } - pub = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT, + + if (ret == 0) { + pub = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pub == NULL) { - XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -10206; - } - ssk = (mp_int*)XMALLOC(sizeof(mp_int), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (ssk == NULL) { - XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -10207; + if (pub == NULL) { + ret = -10206; + } } -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) - return -10200; + if (ret == 0) { + ssk = (mp_int*)XMALLOC(sizeof(mp_int), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (ssk == NULL) { + ret = -10207; + } + } - pvt = wc_ecc_new_point(); - if (pvt == NULL) - return -10201; - ret = mp_init(ssk); - if (ret != 0) - return -10202; + if (ret == 0) { + #ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); + #else + ret = wc_InitRng(&rng); + #endif + if (ret != 0) + ret = -10200; + } - ret = eccsi_api_test(&rng, priv, ssk, pvt); - if (ret != 0) - return ret; + if (ret == 0) { + pvt = wc_ecc_new_point(); + if (pvt == NULL) + ret = -10201; + } - ret = wc_InitEccsiKey(pub, HEAP_HINT, INVALID_DEVID); - if (ret != 0) - return -10203; + if (ret == 0) { + ret = mp_init(ssk); + if (ret != 0) + ret = -10202; + } - ret = wc_InitEccsiKey(priv, HEAP_HINT, INVALID_DEVID); - if (ret != 0) - return -10204; + if (ret == 0) { + ret = eccsi_api_test(&rng, priv, ssk, pvt); + } - ret = eccsi_kat_verify_test(pub, pvt); - if (ret != 0) - return ret; + if (ret == 0) { + ret = wc_InitEccsiKey(pub, HEAP_HINT, INVALID_DEVID); + if (ret != 0) + ret = -10203; + } - ret = eccsi_make_key_test(priv, pub, &rng, ssk, pvt); - if (ret != 0) - return ret; + if (ret == 0) { + ret = wc_InitEccsiKey(priv, HEAP_HINT, INVALID_DEVID); + if (ret != 0) + ret = -10204; + } - ret = eccsi_sign_verify_test(priv, pub, &rng, ssk, pvt); - if (ret != 0) - return ret; + if (ret == 0) { + ret = eccsi_kat_verify_test(pub, pvt); + } + + if (ret == 0) { + ret = eccsi_make_key_test(priv, pub, &rng, ssk, pvt); + } + + if (ret == 0) { + ret = eccsi_sign_verify_test(priv, pub, &rng, ssk, pvt); + } wc_FreeEccsiKey(priv); wc_FreeEccsiKey(pub); mp_free(ssk); wc_ecc_del_point(pvt); - wc_FreeRng(&rng); - XFREE(ssk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return 0; + if (ret != -10200) + wc_FreeRng(&rng); + if (ssk != NULL) + XFREE(ssk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (pub != NULL) + XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (priv != NULL) + XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; } #endif /* WOLFCRYPT_HAVE_ECCSI */ @@ -28771,82 +28791,99 @@ static int sakke_op_test(SakkeKey* priv, SakkeKey* pub, WC_RNG* rng, int sakke_test(void) { - int ret; + int ret = 0; WC_RNG rng; - SakkeKey* priv; - SakkeKey* pub; - SakkeKey* key; + SakkeKey* priv = NULL; + SakkeKey* pub = NULL; + SakkeKey* key = NULL; ecc_point* rsk = NULL; priv = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (priv == NULL) { - return -10404; + ret = -10404; } - pub = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT, + + if (ret == 0) { + pub = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pub == NULL) { - XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -10405; + if (pub == NULL) { + ret = -10405; + } } - key = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT, + + if (ret == 0) { + key = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (key == NULL) { - XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -10406; + if (key == NULL) { + ret = -10406; + } } -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) - return -10400; + if (ret == 0) { + #ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); + #else + ret = wc_InitRng(&rng); + #endif + if (ret != 0) + ret = -10400; + } - rsk = wc_ecc_new_point(); - if (rsk == NULL) - return -10401; + if (ret == 0) { + rsk = wc_ecc_new_point(); + if (rsk == NULL) + ret = -10401; + } - ret = wc_InitSakkeKey(pub, HEAP_HINT, INVALID_DEVID); - if (ret != 0) - return -10402; + if (ret == 0) { + ret = wc_InitSakkeKey(pub, HEAP_HINT, INVALID_DEVID); + if (ret != 0) + ret = -10402; + } - ret = wc_InitSakkeKey(priv, HEAP_HINT, INVALID_DEVID); - if (ret != 0) - return -10403; + if (ret == 0) { + ret = wc_InitSakkeKey(priv, HEAP_HINT, INVALID_DEVID); + if (ret != 0) + ret = -10403; + } - ret = sakke_api_test(&rng, key, rsk); - if (ret != 0) - return ret; + if (ret == 0) { + ret = sakke_api_test(&rng, key, rsk); + } - ret = sakke_kat_derive_test(pub, rsk); - if (ret != 0) - return ret; + if (ret == 0) { + ret = sakke_kat_derive_test(pub, rsk); + } - ret = sakke_kat_encapsulate_test(pub); - if (ret != 0) - return ret; + if (ret == 0) { + ret = sakke_kat_encapsulate_test(pub); + } - ret = sakke_make_key_test(priv, pub, key, &rng, rsk); - if (ret != 0) - return ret; + if (ret == 0) { + ret = sakke_make_key_test(priv, pub, key, &rng, rsk); + } - ret = sakke_op_test(priv, pub, &rng, rsk); - if (ret != 0) - return ret; + if (ret == 0) { + ret = sakke_op_test(priv, pub, &rng, rsk); + } wc_FreeSakkeKey(priv); wc_FreeSakkeKey(pub); wc_ecc_forcezero_point(rsk); wc_ecc_del_point(rsk); - wc_FreeRng(&rng); - XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return 0; + if (ret != -10400) + wc_FreeRng(&rng); + + if (key != NULL) + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (pub != NULL) + XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (priv != NULL) + XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; } #endif /* WOLFCRYPT_HAVE_SAKKE */ @@ -35554,7 +35591,7 @@ WOLFSSL_TEST_SUBROUTINE int mp_test(void) if (ret != 0) return -13300; -#ifdef WOLSSL_SP_MATH_ALL +#ifdef WOLFSSL_SP_MATH_ALL mp_init_copy(&p, &a); #else ret = mp_init(&p); diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index 75a86beb3..3901e4295 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -316,6 +316,9 @@ typedef struct ecc_set_type { #ifndef USE_FAST_MATH #error USE_FAST_MATH must be defined to use ALT_ECC_SIZE #endif +#ifdef WOLFSSL_NO_MALLOC + #error ALT_ECC_SIZE cannot be used with no malloc (WOLFSSL_NO_MALLOC) +#endif /* determine max bits required for ECC math */ #ifndef FP_MAX_BITS_ECC diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index ee7caec50..be15856f9 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2437,6 +2437,12 @@ extern void uITRON4_free(void *p) ; #define NO_STRICT_ECDSA_LEN #endif +/* Do not allow using small stack with no malloc */ +#if defined(WOLFSSL_NO_MALLOC) && \ + (defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_SMALL_STACK_CACHE)) + #error Small stack cannot be used with no malloc (WOLFSSL_NO_MALLOC) +#endif + #ifdef __cplusplus } /* extern "C" */