diff --git a/IDE/INTIME-RTOS/user_settings.h b/IDE/INTIME-RTOS/user_settings.h
index 8458f3814..529dad4d1 100644
--- a/IDE/INTIME-RTOS/user_settings.h
+++ b/IDE/INTIME-RTOS/user_settings.h
@@ -14,7 +14,7 @@ extern "C" {
#define INTIME_RTOS
#undef WOLF_EXAMPLES_STACK
-#define WOLF_EXAMPLES_STACK 65536
+#define WOLF_EXAMPLES_STACK (1<<17)
#undef WOLFSSL_GENERAL_ALIGNMENT
#define WOLFSSL_GENERAL_ALIGNMENT 4
@@ -27,7 +27,7 @@ extern "C" {
/* disable directory support */
#undef NO_WOLFSSL_DIR
-#define NO_WOLFSSL_DIR
+//#define NO_WOLFSSL_DIR
/* disable writev */
#undef NO_WRITEV
diff --git a/IDE/INTIME-RTOS/wolfExamples.vcxproj b/IDE/INTIME-RTOS/wolfExamples.vcxproj
index 81b1e6d4f..f650244c0 100755
--- a/IDE/INTIME-RTOS/wolfExamples.vcxproj
+++ b/IDE/INTIME-RTOS/wolfExamples.vcxproj
@@ -66,7 +66,7 @@
Async
- WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)
+ WOLFSSL_USER_SETTINGS;_USE_64BIT_TIME_T;%(PreprocessorDefinitions)
$(ProjectDir);$(ProjectDir)..\..\;%(AdditionalIncludeDirectories)
diff --git a/IDE/QNX/example-cmac/cmac-test.c b/IDE/QNX/example-cmac/cmac-test.c
index 0027031d4..f82155652 100644
--- a/IDE/QNX/example-cmac/cmac-test.c
+++ b/IDE/QNX/example-cmac/cmac-test.c
@@ -94,6 +94,9 @@ int main(int argc, char* argv[])
if (virtual_base == (uintptr_t)MAP_FAILED) {
perror("mmap_device_io failed for base address ");
}
+ else {
+ munmap_device_io(virtual_base, 0x00010000);
+ }
wolfCrypt_Init();
diff --git a/IDE/STM32Cube/default_conf.ftl b/IDE/STM32Cube/default_conf.ftl
index 3f67578e5..f7f21e6be 100644
--- a/IDE/STM32Cube/default_conf.ftl
+++ b/IDE/STM32Cube/default_conf.ftl
@@ -122,6 +122,11 @@ extern ${variable.value} ${variable.name};
#define HAL_CONSOLE_UART huart2
#define NO_STM32_RNG
#define WOLFSSL_GENSEED_FORTEST
+#elif defined(STM32G071xx)
+ #define WOLFSSL_STM32G0
+ #define HAL_CONSOLE_UART huart2
+ #define NO_STM32_RNG
+ #define WOLFSSL_GENSEED_FORTEST
#else
#warning Please define a hardware platform!
/* This means there is not a pre-defined platform for your board/CPU */
diff --git a/IDE/STM32Cube/wolfSSL_conf.h b/IDE/STM32Cube/wolfSSL_conf.h
index 793e12858..0cc1c1261 100644
--- a/IDE/STM32Cube/wolfSSL_conf.h
+++ b/IDE/STM32Cube/wolfSSL_conf.h
@@ -177,6 +177,11 @@
#define HAL_CONSOLE_UART huart2
#define NO_STM32_RNG
#define WOLFSSL_GENSEED_FORTEST
+#elif defined(STM32G071xx)
+ #define WOLFSSL_STM32G0
+ #define HAL_CONSOLE_UART huart2
+ #define NO_STM32_RNG
+ #define WOLFSSL_GENSEED_FORTEST
#else
#warning Please define a hardware platform!
/* This means there is not a pre-defined platform for your board/CPU */
diff --git a/IDE/WINCE/include.am b/IDE/WINCE/include.am
new file mode 100644
index 000000000..052fdce8a
--- /dev/null
+++ b/IDE/WINCE/include.am
@@ -0,0 +1,5 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST+= IDE/WINCE/user_settings.h
diff --git a/IDE/WINCE/user_settings.h b/IDE/WINCE/user_settings.h
new file mode 100644
index 000000000..604aba93e
--- /dev/null
+++ b/IDE/WINCE/user_settings.h
@@ -0,0 +1,333 @@
+#ifndef _WIN_USER_SETTINGS_H_
+#define _WIN_USER_SETTINGS_H_
+
+/* For FIPS Ready, uncomment the following: */
+/* #define WOLFSSL_FIPS_READY */
+#ifdef WOLFSSL_FIPS_READY
+ #undef HAVE_FIPS_VERSION
+ #define HAVE_FIPS_VERSION 3
+#endif
+
+
+/* Verify this is Windows */
+#ifndef _WIN32
+#error This user_settings.h header is only designed for Windows
+#endif
+
+/* Configurations */
+#define WOLFCRYPT_ONLY
+
+#undef USE_FAST_MATH
+#if 1
+ #define USE_FAST_MATH
+
+ #undef TFM_TIMING_RESISTANT
+ #define TFM_TIMING_RESISTANT
+
+ /* Optimizations */
+ //#define TFM_ARM
+#endif
+
+/* Wolf Single Precision Math */
+#undef WOLFSSL_SP
+#if 0
+ #define WOLFSSL_SP
+ //#define WOLFSSL_SP_SMALL /* use smaller version of code */
+ #define WOLFSSL_HAVE_SP_RSA
+ #define WOLFSSL_HAVE_SP_DH
+ #define WOLFSSL_HAVE_SP_ECC
+ //#define WOLFSSL_SP_CACHE_RESISTANT
+ //#define WOLFSSL_SP_MATH /* only SP math - eliminates fast math code */
+
+ /* SP Assembly Speedups */
+ //#define WOLFSSL_SP_ASM /* required if using the ASM versions */
+ //#define WOLFSSL_SP_ARM32_ASM
+ //#define WOLFSSL_SP_ARM64_ASM
+ //#define WOLFSSL_SP_ARM_THUMB_ASM
+ //#define WOLFSSL_SP_ARM_CORTEX_M_ASM
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* FIPS - Requires eval or license from wolfSSL */
+/* ------------------------------------------------------------------------- */
+#undef HAVE_FIPS
+#if 1
+ #define HAVE_FIPS
+
+ #undef HAVE_FIPS_VERSION
+ #define HAVE_FIPS_VERSION 2
+
+ #ifdef SINGLE_THREADED
+ #undef NO_THREAD_LS
+ #define NO_THREAD_LS
+ #else
+ #ifndef USE_WINDOWS_API
+ #define USE_WINDOWS_API
+ #endif
+ #endif
+
+ #undef NO_ATTRIBUTE_CONSTRUCTOR
+ //#define NO_ATTRIBUTE_CONSTRUCTOR
+
+#endif
+
+
+/* FIPS */
+//#define OPENSSL_EXTRA
+//#define HAVE_THREAD_LS
+#define WOLFSSL_KEY_GEN
+#define HAVE_AESGCM
+#define HAVE_HASHDRBG
+#define WOLFSSL_SHA384
+#define WOLFSSL_SHA512
+#define NO_PSK
+#define NO_HC128
+#define NO_RC4
+#define NO_RABBIT
+//#define NO_DSA
+#define NO_MD4
+
+#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+ /* ------------------------------------------------------------------------- */
+ /* Crypto */
+ /* ------------------------------------------------------------------------- */
+ #define USE_CERT_BUFFERS_2048
+ #define USE_CERT_BUFFERS_256
+ /* RSA */
+ #undef NO_RSA
+ #if 1
+ #ifdef USE_FAST_MATH
+ /* Maximum math bits (Max RSA key bits * 2) */
+ #undef FP_MAX_BITS
+ #define FP_MAX_BITS 8192
+ #endif
+
+ /* half as much memory but twice as slow */
+ #undef RSA_LOW_MEM
+ //#define RSA_LOW_MEM
+
+ /* Enables blinding mode, to prevent timing attacks */
+ #if 0
+ #undef WC_RSA_BLINDING
+ #define WC_RSA_BLINDING
+ #else
+ #undef WC_NO_HARDEN
+ #define WC_NO_HARDEN
+ #endif
+
+ /* RSA PSS Support */
+ #if 1
+ #define WC_RSA_PSS
+ #endif
+
+ #if 1
+ #define WC_RSA_NO_PADDING
+ #endif
+ #else
+ #define NO_RSA
+ #endif
+ /* ECC */
+ #undef HAVE_ECC
+ #if 1
+ #define HAVE_ECC
+
+ /* Manually define enabled curves */
+ #undef ECC_USER_CURVES
+ //#define ECC_USER_CURVES
+
+ #ifdef ECC_USER_CURVES
+ /* Manual Curve Selection */
+ //#define HAVE_ECC192
+ //#define HAVE_ECC224
+ #undef NO_ECC256
+ //#define HAVE_ECC384
+ //#define HAVE_ECC521
+ #endif
+
+ /* Fixed point cache (speeds repeated operations against same private key) */
+ #undef FP_ECC
+ //#define FP_ECC
+ #ifdef FP_ECC
+ /* Bits / Entries */
+ #undef FP_ENTRIES
+ #define FP_ENTRIES 2
+ #undef FP_LUT
+ #define FP_LUT 4
+ #endif
+
+ /* Optional ECC calculation method */
+ /* Note: doubles heap usage, but slightly faster */
+ #undef ECC_SHAMIR
+ #define ECC_SHAMIR
+
+ /* Reduces heap usage, but slower */
+ #undef ECC_TIMING_RESISTANT
+ #define ECC_TIMING_RESISTANT
+
+ #ifdef HAVE_FIPS
+ #undef HAVE_ECC_CDH
+ #define HAVE_ECC_CDH /* Enable cofactor support */
+
+ #undef NO_STRICT_ECDSA_LEN
+ #define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */
+
+ #undef WOLFSSL_VALIDATE_ECC_IMPORT
+ #define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */
+ #endif
+
+ /* Compressed Key Support */
+ #undef HAVE_COMP_KEY
+ //#define HAVE_COMP_KEY
+
+ /* Use alternate ECC size for ECC math */
+ #ifdef USE_FAST_MATH
+ /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
+ #ifdef NO_RSA
+ /* Custom fastmath size if not using RSA */
+ #undef FP_MAX_BITS
+ #define FP_MAX_BITS (256 * 2)
+ #else
+ #undef ALT_ECC_SIZE
+ #define ALT_ECC_SIZE
+ /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */
+ //#undef FP_MAX_BITS_ECC
+ //#define FP_MAX_BITS_ECC (256 * 2)
+ #endif
+
+ /* Speedups specific to curve */
+ #ifndef NO_ECC256
+ #undef TFM_ECC256
+ #define TFM_ECC256
+ #endif
+ #endif
+ #endif
+
+ /* AES */
+ #undef NO_AES
+ #if 1
+ #undef HAVE_AES_CBC
+ #define HAVE_AES_CBC
+
+ #undef HAVE_AESGCM
+ #define HAVE_AESGCM
+
+ /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
+ //#define GCM_SMALL
+ //#define GCM_WORD32
+ #define GCM_TABLE
+
+ #undef WOLFSSL_AES_DIRECT
+ #define WOLFSSL_AES_DIRECT
+
+ #undef HAVE_AES_ECB
+ #define HAVE_AES_ECB
+
+ #undef WOLFSSL_AES_COUNTER
+ #define WOLFSSL_AES_COUNTER
+
+ #undef HAVE_AESCCM
+ #define HAVE_AESCCM
+
+ #else
+ #define NO_AES
+ #endif
+
+
+ /* DES3 */
+ #undef NO_DES3
+ #if 1
+ #else
+ #define NO_DES3
+ #endif
+
+ /* ------------------------------------------------------------------------- */
+ /* Hashing */
+ /* ------------------------------------------------------------------------- */
+ /* Sha */
+ #undef NO_SHA
+ #if 1
+ /* 1k smaller, but 25% slower */
+ //#define USE_SLOW_SHA
+ #else
+ #define NO_SHA
+ #endif
+
+ /* Sha256 */
+ #undef NO_SHA256
+ #if 1
+ /* not unrolled - ~2k smaller and ~25% slower */
+ //#define USE_SLOW_SHA256
+
+ /* Sha224 */
+ #if 1
+ #define WOLFSSL_SHA224
+ #endif
+ #else
+ #define NO_SHA256
+ #endif
+
+ /* Sha512 */
+ #undef WOLFSSL_SHA512
+ #if 1
+ #define WOLFSSL_SHA512
+
+ /* Sha384 */
+ #undef WOLFSSL_SHA384
+ #if 1
+ #define WOLFSSL_SHA384
+ #endif
+
+ /* over twice as small, but 50% slower */
+ //#define USE_SLOW_SHA512
+ #endif
+
+ /* Sha3 */
+ #undef WOLFSSL_SHA3
+ #if 1
+ #define WOLFSSL_SHA3
+ #endif
+
+ /* MD5 */
+ #undef NO_MD5
+ #if 1
+
+ #else
+ #define NO_MD5
+ #endif
+
+ /* HKDF */
+ #undef HAVE_HKDF
+ #if 1
+ #define HAVE_HKDF
+ #endif
+
+ /* CMAC */
+ #undef WOLFSSL_CMAC
+ #if 1
+ #define WOLFSSL_CMAC
+ #endif
+
+ /* DH */
+ #undef NO_DH
+ #if 1
+ /* Use table for DH instead of -lm (math) lib dependency */
+ #if 0
+ #define WOLFSSL_DH_CONST
+ #define HAVE_FFDHE_2048
+ #define HAVE_FFDHE_4096
+ //#define HAVE_FFDHE_6144
+ //#define HAVE_FFDHE_8192
+ #endif
+
+ #ifdef HAVE_FIPS
+ #define WOLFSSL_VALIDATE_FFC_IMPORT
+ #define HAVE_FFDHE_Q
+ #endif
+ #else
+ #define NO_DH
+ #endif
+#endif /* FIPS v2 */
+
+//#define DEBUG_WOLFSSL
+#define NO_MAIN_DRIVER
+#endif /* _WIN_USER_SETTINGS_H_ */
diff --git a/IDE/include.am b/IDE/include.am
index e45a90820..c11e6e3a8 100644
--- a/IDE/include.am
+++ b/IDE/include.am
@@ -37,6 +37,7 @@ include IDE/RISCV/include.am
include IDE/XilinxSDK/include.am
include IDE/VisualDSP/include.am
include IDE/QNX/include.am
+include IDE/WINCE/include.am
EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR IDE/Espressif IDE/zephyr
EXTRA_DIST+= IDE/OPENSTM32/README.md
diff --git a/README.md b/README.md
index 6827ad5f0..075543457 100644
--- a/README.md
+++ b/README.md
@@ -155,3 +155,5 @@ More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html
[TLS 1.3](https://www.wolfssl.com/docs/tls13/)
[wolfSSL Vulnerabilities](https://www.wolfssl.com/docs/security-vulnerabilities/)
+
+[Additional wolfSSL Examples](https://github.com/wolfssl/wolfssl-examples)
diff --git a/configure.ac b/configure.ac
index 1ec1f11a5..36fcc6d19 100644
--- a/configure.ac
+++ b/configure.ac
@@ -324,6 +324,11 @@ then
AC_MSG_ERROR([cannot enable sp-math and sp-math-all simultaneously.])
fi
+AC_ARG_ENABLE([sp-asm],
+ [AS_HELP_STRING([--enable-sp-asm],[Enable Single Precision assembly implementation (default: disabled)])],
+ [ ENABLED_SP_ASM=$enableval ],
+ [ ENABLED_SP_ASM=no ],
+ )
# ALL FEATURES
AC_ARG_ENABLE([all],
@@ -348,6 +353,7 @@ then
test "$enable_aesctr" = "" && enable_aesctr=yes
test "$enable_aesofb" = "" && enable_aesofb=yes
test "$enable_aescfb" = "" && enable_aescfb=yes
+ test "$enable_aescbc_length_checks" = "" && enable_aescbc_length_checks=yes
test "$enable_camellia" = "" && enable_camellia=yes
test "$enable_ripemd" = "" && enable_ripemd=yes
test "$enable_sha512" = "" && enable_sha512=yes
@@ -949,16 +955,12 @@ then
AM_CFLAGS="-DHAVE_EXT_CACHE $AM_CFLAGS"
fi
-if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_SMALL" = "yes"
-then
- AC_MSG_ERROR([cannot enable small and opensslextra, only one or the other.])
-fi
-
if test "$ENABLED_OPENSSLEXTRA" = "x509small"
then
AC_MSG_NOTICE([Enabling only a subset of X509 opensslextra])
AM_CFLAGS="-DOPENSSL_EXTRA_X509_SMALL $AM_CFLAGS"
AM_CFLAGS="-DWOLFSSL_EKU_OID -DWOLFSSL_MULTI_ATTRIB $AM_CFLAGS"
+ AM_CFLAGS="-DWOLFSSL_NO_OPENSSL_RAND_CB $AM_CFLAGS"
fi
# One Error Queue per Thread
@@ -1287,6 +1289,18 @@ then
AM_CFLAGS="$AM_CFLAGS -DNO_AES_CBC"
fi
+# AES-CBC length checks (checks that input lengths are multiples of block size)
+AC_ARG_ENABLE([aescbc_length_checks],
+ [AS_HELP_STRING([--enable-aescbc-length-checks],[Enable AES-CBC length validity checks (default: disabled)])],
+ [ ENABLED_AESCBC_LENGTH_CHECKS=$enableval ],
+ [ ENABLED_AESCBC_LENGTH_CHECKS=no ]
+ )
+
+if test "$ENABLED_AESCBC_LENGTH_CHECKS" = "yes"
+then
+ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CBC_LENGTH_CHECKS"
+fi
+
# leanpsk and leantls don't need gcm
# AES-GCM
@@ -1295,6 +1309,11 @@ AC_ARG_ENABLE([aesgcm],
[ ENABLED_AESGCM=$enableval ],
[ ENABLED_AESGCM=yes ]
)
+AC_ARG_ENABLE([aesgcm-stream],
+ [AS_HELP_STRING([--enable-aesgcm-stream],[Enable wolfSSL AES-GCM support with streaming APIs (default: enabled)])],
+ [ ENABLED_AESGCM_STREAM=$enableval ],
+ [ ENABLED_AESGCM_STREAM=no ]
+ )
# leanpsk and leantls don't need gcm
if test "$ENABLED_LEANPSK" = "yes" || ( test "$ENABLED_LEANTLS" = "yes" &&
@@ -4269,6 +4288,7 @@ then
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_COMP"
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DWOLFSSL_SIGNER_DER_CERT"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN"
+ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
# Requires OCSP make sure on
if test "x$ENABLED_OCSP" = "xno"
@@ -5134,6 +5154,10 @@ do
ENABLED_SP_SMALL=yes
;;
+ asm)
+ ENABLED_SP_ASM=yes
+ ;;
+
*)
AC_MSG_ERROR([Invalid choice of Single Precision length in bits [256, 2048, 3072]: $ENABLED_SP.])
break;;
@@ -5194,11 +5218,6 @@ if test "$ENABLED_SP_NONBLOCK" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NONBLOCK"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NONBLOCK"
fi
-if test "$ENABLED_SMALL" = "yes"; then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SMALL"
-fi
-
if test "$ENABLED_SP_MATH" = "yes"; then
if test "$ENABLED_SP" = "no"; then
@@ -5313,11 +5332,6 @@ if test "$ENABLED_SP_MATH_ALL" = "yes"; then
fi
-AC_ARG_ENABLE([sp-asm],
- [AS_HELP_STRING([--enable-sp-asm],[Enable Single Precision assembly implementation (default: disabled)])],
- [ ENABLED_SP_ASM=$enableval ],
- [ ENABLED_SP_ASM=no ],
- )
if test "$ENABLED_SP_ASM" = "yes"; then
if test "$ENABLED_SP" = "no"; then
AC_MSG_ERROR([Must have SP enabled: --enable-sp])
@@ -5975,6 +5989,16 @@ then
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"
fi
+if test "$ENABLED_AESGCM_STREAM" != "no"
+then
+ if test "$ENABLED_AESGCM" = "no"
+ then
+ AC_MSG_ERROR([AES-GCM streaming enabled but AES-GCM is disabled])
+ else
+ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESGCM_STREAM"
+ AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AESGCM_STREAM"
+ fi
+fi
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes"],
@@ -6494,6 +6518,7 @@ echo " * ARC4: $ENABLED_ARC4"
echo " * AES: $ENABLED_AES"
echo " * AES-NI: $ENABLED_AESNI"
echo " * AES-CBC: $ENABLED_AESCBC"
+echo " * AES-CBC length checks: $ENABLED_AESCBC_LENGTH_CHECKS"
echo " * AES-GCM: $ENABLED_AESGCM"
echo " * AES-CCM: $ENABLED_AESCCM"
echo " * AES-CTR: $ENABLED_AESCTR"
diff --git a/doc/dox_comments/header_files/aes.h b/doc/dox_comments/header_files/aes.h
index 862f7a778..72df22e65 100644
--- a/doc/dox_comments/header_files/aes.h
+++ b/doc/dox_comments/header_files/aes.h
@@ -66,16 +66,22 @@ WOLFSSL_API int wc_AesSetIV(Aes* aes, const byte* iv);
the resulting cipher text in the output buffer out using cipher block
chaining with AES. This function requires that the AES object has been
initialized by calling AesSetKey before a message is able to be encrypted.
- This function assumes that the input message is AES block length aligned.
- PKCS#7 style padding should be added beforehand. This differs from the
- OpenSSL AES-CBC methods which add the padding for you. To make the wolfSSL
- function and equivalent OpenSSL functions interoperate, one should specify
+ This function assumes that the input message is AES block length aligned,
+ and expects the input length to be a multiple of the block length, which
+ will optionally be checked and enforced if WOLFSSL_AES_CBC_LENGTH_CHECKS
+ is defined in the build configuration. In order to assure block-multiple
+ input, PKCS#7 style padding should be added beforehand. This differs from
+ the OpenSSL AES-CBC methods which add the padding for you. To make the
+ wolfSSL and corresponding OpenSSL functions interoperate, one should specify
the -nopad option in the OpenSSL command line function so that it behaves
like the wolfSSL AesCbcEncrypt method and does not add extra padding
during encryption.
\return 0 On successfully encrypting message.
- \return BAD_ALIGN_E: Returned on block align error
+ \return BAD_ALIGN_E: may be returned on block align error
+ \return BAD_LENGTH_E will be returned if the input length isn't a
+ multiple of the AES block length, when the library is built with
+ WOLFSSL_AES_CBC_LENGTH_CHECKS.
\param aes pointer to the AES object used to encrypt data
\param out pointer to the output buffer in which to store the ciphertext
@@ -110,15 +116,21 @@ WOLFSSL_API int wc_AesCbcEncrypt(Aes* aes, byte* out,
with AES. This function requires that the AES structure has been
initialized by calling AesSetKey before a message is able to be decrypted.
This function assumes that the original message was AES block length
- aligned. This differs from the OpenSSL AES-CBC methods which do not
- require alignment as it adds PKCS#7 padding automatically. To make the
+ aligned, and expects the input length to be a multiple of the block length,
+ which will optionally be checked and enforced if
+ WOLFSSL_AES_CBC_LENGTH_CHECKS is defined in the build configuration.
+ This differs from the OpenSSL AES-CBC methods, which add PKCS#7 padding
+ automatically, and so do not require block-multiple input. To make the
wolfSSL function and equivalent OpenSSL functions interoperate, one
should specify the -nopad option in the OpenSSL command line function
so that it behaves like the wolfSSL AesCbcEncrypt method and does not
create errors during decryption.
\return 0 On successfully decrypting message.
- \return BAD_ALIGN_E Returned on block align error.
+ \return BAD_ALIGN_E may be returned on block align error.
+ \return BAD_LENGTH_E will be returned if the input length isn't a
+ multiple of the AES block length, when the library is built with
+ WOLFSSL_AES_CBC_LENGTH_CHECKS.
\param aes pointer to the AES object used to decrypt data.
\param out pointer to the output buffer in which to store the plain text
diff --git a/examples/client/client.c b/examples/client/client.c
index e47cf054f..ad760148c 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -949,7 +949,7 @@ static int ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead,
/* 4. add the same message into Japanese section */
/* (will be translated later) */
/* 5. add printf() into suitable position of Usage() */
-static const char* client_usage_msg[][66] = {
+static const char* client_usage_msg[][67] = {
/* English */
{
" NOTE: All files relative to wolfSSL home dir\n", /* 0 */
@@ -1120,8 +1120,15 @@ static const char* client_usage_msg[][66] = {
#ifdef HAVE_CURVE448
"-8 Use X448 for key exchange\n", /* 66 */
#endif
-#ifdef HAVE_CRL
- "-C Disable CRL\n",
+#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ "-9 Use hash dir look up for certificate loading\n"
+ " loading from /certs folder\n"
+ " files in the folder would have the form \"hash.N\" file name\n"
+ " e.g symbolic link to the file at certs folder\n"
+ " ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n",
+ /* 67 */
#endif
NULL,
},
@@ -1294,8 +1301,19 @@ static const char* client_usage_msg[][66] = {
#ifdef HAVE_TRUSTED_CA
"-5 信頼できる認証局の鍵表示を使用する\n", /* 63 */
#endif
+ "-6 WANT_WRITE エラーを全てのIO 送信でシュミレートします\n",
#ifdef HAVE_CURVE448
"-8 Use X448 for key exchange\n", /* 66 */
+#endif
+#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ "-9 証明書の読み込みに hash dir 機能を使用する\n"
+ " /certs フォルダーからロードします\n"
+ " フォルダー中のファイルは、\"hash.N\"[N:0-9]名である必要があります\n"
+ " 以下の例ではca-cert.pemにシンボリックリンクを設定します\n"
+ " ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n",
+ /* 67 */
#endif
NULL,
},
@@ -1465,9 +1483,15 @@ static void Usage(void)
#ifdef HAVE_TRUSTED_CA
printf("%s", msg[++msgid]); /* -5 */
#endif
+ printf("%s", msg[++msgid]); /* -6 */
#ifdef HAVE_CURVE448
printf("%s", msg[++msgid]); /* -8 */
#endif
+#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ printf("%s", msg[++msgid]); /* -9 */
+#endif
}
THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
@@ -1601,6 +1625,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifdef HAVE_WNR
const char* wnrConfigFile = wnrConfig;
+#endif
+#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ int useCertFolder = 0;
#endif
char buffer[WOLFSSL_MAX_ERROR_SZ];
@@ -1686,7 +1715,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
while ((ch = mygetopt(argc, argv, "?:"
"ab:c:defgh:i;jk:l:mnop:q:rstuv:wxyz"
"A:B:CDE:F:GH:IJKL:M:NO:PQRS:TUVW:XYZ:"
- "01:23:4568"
+ "01:23:45689"
"@#")) != -1) {
switch (ch) {
case '?' :
@@ -2162,7 +2191,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#endif
#endif
break;
-
+ case '9' :
+#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ useCertFolder = 1;
+ break;
+#endif
case '@' :
{
#ifdef HAVE_WC_INTROSPECTION
@@ -2622,6 +2657,29 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
}
if (!usePsk && !useAnon && !useVerifyCb && myVerifyAction != VERIFY_FORCE_FAIL) {
+ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ if (useCertFolder) {
+ WOLFSSL_X509_STORE *store;
+ WOLFSSL_X509_LOOKUP *lookup;
+
+ store = wolfSSL_CTX_get_cert_store(ctx);
+ if (store == NULL) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("can't get WOLFSSL_X509_STORE");
+ }
+ lookup = wolfSSL_X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
+ if (lookup == NULL) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("can't add lookup");
+ }
+ if (wolfSSL_X509_LOOKUP_ctrl(lookup, WOLFSSL_X509_L_ADD_DIR, caCertFolder,
+ X509_FILETYPE_PEM, NULL) != WOLFSSL_SUCCESS) {
+ err_sys("X509_LOOKUP_ctrl w/ L_ADD_DIR failed");
+ }
+ } else {
+ #endif
#ifdef NO_FILESYSTEM
if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048,
sizeof_ca_cert_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
@@ -2669,6 +2727,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
}
}
#endif /* WOLFSSL_TRUST_PEER_CERT && !NO_FILESYSTEM */
+ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ }
+ #endif
}
if (useVerifyCb || myVerifyAction == VERIFY_FORCE_FAIL ||
myVerifyAction == VERIFY_USE_PREVERFIY) {
@@ -2692,7 +2755,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifdef HAVE_SNI
if (sniHostName) {
- if (wolfSSL_CTX_UseSNI(ctx, 0, sniHostName,
+ if (wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, sniHostName,
(word16) XSTRLEN(sniHostName)) != WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("UseSNI failed");
@@ -3230,7 +3293,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#endif
#endif
-#ifdef OPENSSL_EXTRA
+#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK)
printf("Session timeout set to %ld seconds\n", wolfSSL_get_timeout(ssl));
{
byte* rnd;
@@ -3266,9 +3329,14 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
+#endif
- #if defined(OPENSSL_ALL) && !defined(NO_SESSION_CACHE)
-
+#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
+ defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
+ defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH)))
+#if !defined(NO_SESSION_CACHE) && \
+ (defined(HAVE_SESSION_TICKET) || defined(SESSION_CERTS)) && \
+ !defined(NO_FILESYSTEM)
#ifndef NO_BIO
/* print out session to stdout */
{
@@ -3281,8 +3349,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
}
wolfSSL_BIO_free(bio);
}
- #endif
- #endif
+ #endif /* !NO_BIO */
+#endif
#endif
if (doSTARTTLS && starttlsProt != NULL) {
diff --git a/examples/server/server.c b/examples/server/server.c
index d69b276c7..4f4a6b3af 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -582,7 +582,7 @@ static void ServerWrite(WOLFSSL* ssl, const char* output, int outputLen)
/* 4. add the same message into Japanese section */
/* (will be translated later) */
/* 5. add printf() into suitable position of Usage() */
-static const char* server_usage_msg[][56] = {
+static const char* server_usage_msg[][57] = {
/* English */
{
" NOTE: All files relative to wolfSSL home dir\n", /* 0 */
@@ -705,6 +705,16 @@ static const char* server_usage_msg[][56] = {
/* 55 */
#ifdef HAVE_CURVE448
"-8 Pre-generate Key share using Curve448 only\n", /* 56 */
+#endif
+#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ "-9 Use hash dir look up for certificate loading\n"
+ " loading from /certs folder\n"
+ " files in the folder would have the form \"hash.N\" file name\n"
+ " e.g symbolic link to the file at certs folder\n"
+ " ln -s client-ca.pem `openssl x509 -in client-ca.pem -hash -noout`.0\n",
+ /* 57 */
#endif
NULL,
},
@@ -838,6 +848,16 @@ static const char* server_usage_msg[][56] = {
/* 55 */
#ifdef HAVE_CURVE448
"-8 Pre-generate Key share using Curve448 only\n", /* 56 */
+#endif
+#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ "-9 証明書の読み込みに hash dir 機能を使用する\n"
+ " /certs フォルダーからロードします\n"
+ " フォルダー中のファイルは、\"hash.N\"[N:0-9]名である必要があります\n"
+ " 以下の例ではca-cert.pemにシンボリックリンクを設定します\n"
+ " ln -s client-ca.pem `openssl x509 -in client-ca.pem -hash -noout`.0\n",
+ /* 57 */
#endif
NULL,
},
@@ -966,9 +986,15 @@ static void Usage(void)
#ifdef HAVE_TRUSTED_CA
printf("%s", msg[++msgId]); /* -5 */
#endif /* HAVE_TRUSTED_CA */
+ printf("%s", msg[++msgId]); /* -6 */
#ifdef HAVE_CURVE448
printf("%s", msg[++msgId]); /* -8 */
#endif
+#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ printf("%s", msg[++msgId]); /* -9 */
+#endif
}
THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
@@ -1126,6 +1152,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#ifdef HAVE_ENCRYPT_THEN_MAC
int disallowETM = 0;
#endif
+#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ int useCertFolder = 0;
+#endif
((func_args*)args)->return_code = -1; /* error state */
@@ -1191,8 +1222,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
while ((ch = mygetopt(argc, argv, "?:"
"abc:defgijk:l:mnop:q:rstuv:wxy"
"A:B:C:D:E:FGH:IJKL:MNO:PQR:S:T;UVYZ:"
- "01:23:4:568"
- "@#")) != -1) {
+ "01:23:4:5689"
+ "@#")) != -1) {
switch (ch) {
case '?' :
if(myoptarg!=NULL) {
@@ -1620,7 +1651,13 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#endif
#endif
break;
-
+ case '9' :
+#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ useCertFolder = 1;
+ break;
+#endif
case '@' :
{
#ifdef HAVE_WC_INTROSPECTION
@@ -2011,7 +2048,29 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#ifdef TEST_BEFORE_DATE
verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY;
#endif
-
+ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ if (useCertFolder) {
+ WOLFSSL_X509_STORE *store;
+ WOLFSSL_X509_LOOKUP *lookup;
+
+ store = wolfSSL_CTX_get_cert_store(ctx);
+ if (store == NULL) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("can't get WOLFSSL_X509_STORE");
+ }
+ lookup = wolfSSL_X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
+ if (lookup == NULL) {
+ wolfSSL_CTX_free(ctx); ctx = NULL;
+ err_sys("can't add lookup");
+ }
+ if (wolfSSL_X509_LOOKUP_ctrl(lookup, WOLFSSL_X509_L_ADD_DIR, caCertFolder,
+ X509_FILETYPE_PEM, NULL) != WOLFSSL_SUCCESS) {
+ err_sys("X509_LOOKUP_ctrl w/ L_ADD_DIR failed");
+ }
+ } else {
+ #endif
if (wolfSSL_CTX_load_verify_locations_ex(ctx, verifyCert, 0,
verify_flags) != WOLFSSL_SUCCESS) {
err_sys_ex(catastrophic,
@@ -2026,6 +2085,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
}
}
#endif /* WOLFSSL_TRUST_PEER_CERT */
+ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ }
+ #endif
}
#endif
@@ -2584,7 +2648,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
}
}
-#ifdef OPENSSL_EXTRA
+#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK)
{
byte* rnd = NULL;
byte* pt;
diff --git a/scripts/crl-revoked.test b/scripts/crl-revoked.test
index 9d7f7eba0..46d511a1c 100755
--- a/scripts/crl-revoked.test
+++ b/scripts/crl-revoked.test
@@ -107,9 +107,13 @@ run_test() {
echo ""
echo "Successful Revocation!!!!"
echo ""
- exit_code=0
- echo "exiting with $exit_code"
- exit $exit_code
+ if [ $exit_hash_dir_code -ne 0 ]; then
+ exit_code=1
+ else
+ exit_code=0
+ echo "exiting with $exit_code"
+ exit $exit_code
+ fi
;;
*)
echo ""
@@ -120,9 +124,88 @@ run_test() {
esac
}
+run_hashdir_test() {
+ echo -e "\n\nHash dir with CRL and Certificate loading"
+ remove_ready_file
+ # create hashed cert and crl
+ pushd ${CERT_DIR}
+ # ca file
+ ca_hash_name=`openssl x509 -in ca-cert.pem -hash -noout`
+ if [ -f "$ca_hash_name".0 ]; then
+ rm "$ca_hash_name".0
+ fi
+ ln -s ca-cert.pem "$ca_hash_name".0
+ # crl file
+ crl_hash_name=`openssl crl -in ./crl/crl.pem -hash -noout`
+ if [ -f "$crl_hash_name".r0 ]; then
+ rm "$crl_hash_name".r0
+ fi
+ ln -s ./crl/crl.pem "$crl_hash_name".r0
+ popd
+
+ # starts the server on crl_port, -R generates ready file to be used as a
+ # mutex lock, -c loads the revoked certificate. We capture the processid
+ # into the variable server_pid
+ ./examples/server/server -R $ready_file -p $crl_port \
+ -c ${CERT_DIR}/server-revoked-cert.pem \
+ -k ${CERT_DIR}/server-revoked-key.pem &
+ server_pid=$!
+ while [ ! -s $ready_file -a "$counter" -lt 20 ]; do
+ echo -e "waiting for ready file..."
+ sleep 0.1
+ counter=$((counter+ 1))
+ done
+
+ # get created port 0 ephemeral port
+ crl_port="$(cat $ready_file)"
+
+ # starts client on crl_port and captures the output from client
+ capture_out=$(./examples/client/client -p $crl_port -9 2>&1)
+ client_result=$?
+
+ wait $server_pid
+ server_result=$?
+
+ case "$capture_out" in
+ *$revocation_code*)
+ # only exit with zero on detection of the expected error code
+ echo ""
+ echo "Successful Revocation!!!! with hash dir"
+ echo ""
+ exit_hash_dir_code=0
+ ;;
+ *)
+ echo ""
+ echo "Certificate was not revoked saw this instead: $capture_out"
+ echo ""
+ echo "configure with --enable-crl and run this script again"
+ echo ""
+ exit_hash_dir_code=1
+ esac
+
+ # clean up hashed cert and crl
+ pushd ${CERT_DIR}
+ rm "$ca_hash_name".0
+ rm "$crl_hash_name".r0
+ popd
+
+}
######### begin program #########
+# Check for enabling hash dir feature
+./examples/client/client -? 2>&1 | grep -- 'hash dir'
+if [ $? -eq 0 ]; then
+ hash_dir=yes
+ exit_hash_dir_code=1
+fi
+
+if [ "$hash_dir" = "yes" ]; then
+ run_hashdir_test
+else
+ exit_hash_dir_code=0
+fi
+
# run the test
run_test
diff --git a/src/crl.c b/src/crl.c
index 34f6281a8..41dad91c8 100644
--- a/src/crl.c
+++ b/src/crl.c
@@ -364,6 +364,25 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
}
#endif
+#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ /* if not find entry in the CRL list, it looks at the folder that sets */
+ /* by LOOKUP_ctrl because user would want to use hash_dir. */
+ /* Loading .rN form CRL file if find at the folder, */
+ /* and try again checking Cert in the CRL list. */
+ /* When not set the folder or not use hash_dir, do nothing. */
+ if (foundEntry == 0) {
+ if (crl->cm->x509_store_p != NULL) {
+ ret = LoadCertByIssuer(crl->cm->x509_store_p,
+ (WOLFSSL_X509_NAME*)cert->issuerName, X509_LU_CRL);
+ if (ret == WOLFSSL_SUCCESS) {
+ /* try again */
+ ret = CheckCertCRLList(crl, cert, &foundEntry);
+ }
+ }
+ }
+#endif
if (foundEntry == 0) {
WOLFSSL_MSG("Couldn't find CRL for status check");
ret = CRL_MISSING;
@@ -633,6 +652,7 @@ static CRL_Entry* DupCRL_list(CRL_Entry* crl, void* heap)
current = head;
head = head->next;
FreeCRL_Entry(current, heap);
+ XFREE(current, heap, DYNAMIC_TYPE_CRL_ENTRY);
}
return NULL;
@@ -701,7 +721,8 @@ int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newc
if (store->cm->crl == NULL) {
crl = wolfSSL_X509_crl_new(store->cm);
if (DupX509_CRL(crl, newcrl) != 0) {
- FreeCRL(crl, 1);
+ if (crl != NULL)
+ FreeCRL(crl, 1);
return WOLFSSL_FAILURE;
}
store->crl = store->cm->crl = crl;
diff --git a/src/internal.c b/src/internal.c
index 7397c73ef..9ae87fd59 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -1117,7 +1117,7 @@ static int dtls_export_load(WOLFSSL* ssl, const byte* exp, word32 len, byte ver)
}
#else
if (ver > DTLS_EXPORT_VERSION_3) {
- exp[idx++] = 0;
+ idx++;
}
#endif
#else
@@ -1809,7 +1809,9 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
#ifdef OPENSSL_EXTRA
/* setup WOLFSSL_X509_STORE */
ctx->x509_store.cm = ctx->cm;
-
+ /* set pointer back to x509 store */
+ ctx->cm->x509_store_p = &ctx->x509_store;
+
/* WOLFSSL_X509_VERIFY_PARAM */
if ((ctx->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
sizeof(WOLFSSL_X509_VERIFY_PARAM),
@@ -1818,6 +1820,21 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
return MEMORY_E;
}
XMEMSET(ctx->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
+ /* WOLFSSL_X509_LOOKUP */
+ if ((ctx->x509_store.lookup.dirs =
+ (WOLFSSL_BY_DIR*)XMALLOC(sizeof(WOLFSSL_BY_DIR),
+ heap, DYNAMIC_TYPE_OPENSSL)) == NULL) {
+ WOLFSSL_MSG("ctx-x509_store.lookup.dir memory allocation error");
+ XFREE(ctx->param, heap, DYNAMIC_TYPE_OPENSSL);
+ return MEMORY_E;
+ }
+ XMEMSET(ctx->x509_store.lookup.dirs, 0, sizeof(WOLFSSL_BY_DIR));
+ if (wc_InitMutex(&ctx->x509_store.lookup.dirs->lock) != 0) {
+ WOLFSSL_MSG("Bad mutex init");
+ XFREE(ctx->param, heap, DYNAMIC_TYPE_OPENSSL);
+ XFREE(ctx->x509_store.lookup.dirs, heap, DYNAMIC_TYPE_OPENSSL);
+ return BAD_MUTEX_E;
+ }
#endif
#endif
@@ -1969,6 +1986,17 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
if (ctx->param) {
XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL);
}
+
+ if (ctx->x509_store.lookup.dirs) {
+#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ if (ctx->x509_store.lookup.dirs->dir_entry) {
+ wolfSSL_sk_BY_DIR_entry_free(ctx->x509_store.lookup.dirs->dir_entry);
+ }
+
+#endif
+ wc_FreeMutex(&ctx->x509_store.lookup.dirs->lock);
+ XFREE(ctx->x509_store.lookup.dirs, ctx->heap, DYNAMIC_TYPE_OPENSSL);
+ }
#endif
#ifdef WOLFSSL_STATIC_EPHEMERAL
#ifndef NO_DH
@@ -6367,7 +6395,9 @@ void FreeSuites(WOLFSSL* ssl)
#endif
{
#ifdef OPENSSL_ALL
- wolfSSL_sk_SSL_CIPHER_free(ssl->suites->stack);
+ if (ssl->suites != NULL) {
+ wolfSSL_sk_SSL_CIPHER_free(ssl->suites->stack);
+ }
#endif
XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
}
@@ -7130,7 +7160,8 @@ int DtlsMsgSet(DtlsMsg* msg, word32 seq, word16 epoch, const byte* data, byte ty
{
WOLFSSL_ENTER("DtlsMsgSet()");
if (msg != NULL && data != NULL && msg->fragSz <= msg->sz &&
- (fragOffset + fragSz) <= msg->sz) {
+ fragSz <= msg->sz && fragOffset <= msg->sz &&
+ (fragOffset + fragSz) <= msg->sz) {
DtlsFrag* cur = msg->fragList;
DtlsFrag* prev = cur;
DtlsFrag* newFrag;
@@ -8600,6 +8631,11 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
return LENGTH_ERROR;
#endif
+ if (*size == 0 && rh->type != application_data) {
+ WOLFSSL_MSG("0 length, non-app data record.");
+ return LENGTH_ERROR;
+ }
+
/* verify record type here as well */
switch (rh->type) {
case handshake:
@@ -9829,9 +9865,13 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
} else {
wolfSSL_ASN1_OBJECT_free(x509->key.algor->algorithm);
}
- if (!(x509->key.algor->algorithm =
- wolfSSL_OBJ_nid2obj(dCert->keyOID))) {
- ret = PUBLIC_KEY_E;
+ if (!x509->key.algor) {
+ ret = MEMORY_E;
+ } else {
+ if (!(x509->key.algor->algorithm =
+ wolfSSL_OBJ_nid2obj(dCert->keyOID))) {
+ ret = PUBLIC_KEY_E;
+ }
}
wolfSSL_EVP_PKEY_free(x509->key.pkey);
@@ -10553,6 +10593,198 @@ static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs)
args->dCert = NULL;
}
}
+#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+/* load certificate file which has the form .(r)N[0..N] */
+/* in the folder. */
+/* (r), in the case of CRL file */
+/* @param store a pointer to X509_STORE structure */
+/* @param issuer a pointer to X509_NAME that presents an issuer */
+/* @param type X509_LU_X509 or X509_LU_CRL */
+/* @return WOLFSSL_SUCCESS on successful, otherwise WOLFSSL_FAILURE */
+int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
+{
+ const int MAX_SUFFIX = 10;/* The number comes from CA_TABLE_SIZE=10 */
+ int ret = WOLFSSL_SUCCESS;
+ WOLFSSL_X509_LOOKUP* lookup;
+ WOLFSSL_BY_DIR_entry* entry;
+ WOLFSSL_BY_DIR_HASH hash_tmp;
+ WOLFSSL_BY_DIR_HASH* ph = NULL;
+ WOLFSSL_X509* x509;
+ unsigned long hash = 0;
+ char* filename = NULL;
+ const char* post = "";
+ byte* pbuf = NULL;
+ int len, num, i, index;
+ byte suffix = 0;
+ int retHash = NOT_COMPILED_IN;
+ byte dgt[WC_MAX_DIGEST_SIZE];
+
+ WOLFSSL_ENTER("LoadCertByIssuer");
+
+ /* sanity check */
+ if (store == NULL || issuer == NULL || (type != X509_LU_X509 && type != X509_LU_CRL)) {
+ return WOLFSSL_FAILURE;
+ }
+ lookup = &store->lookup;
+ if (lookup->dirs == NULL || lookup->type != 1) {
+ return WOLFSSL_FAILURE;
+ }
+
+ len = wolfSSL_i2d_X509_NAME_canon(issuer, &pbuf);
+ if (len > 0) {
+ #ifndef NO_SHA
+ retHash = wc_ShaHash((const byte*)pbuf, len, dgt);
+ #endif
+ if (retHash == 0) {
+ /* 4 bytes in little endian as unsigned long */
+ hash = (((unsigned long)dgt[3] << 24) |
+ ((unsigned long)dgt[2] << 16) |
+ ((unsigned long)dgt[1] << 8) |
+ ((unsigned long)dgt[0]));
+ } else {
+ WOLFSSL_MSG("failed hash operation");
+ return WOLFSSL_FAILURE;
+ }
+ wolfSSL_OPENSSL_free(pbuf);
+ }
+
+ /* try to load each hashed name file in path */
+#if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+
+ if (type == X509_LU_CRL) {
+ post = "r";
+ }
+
+ num = wolfSSL_sk_BY_DIR_entry_num(lookup->dirs->dir_entry);
+
+ for (i=0; idirs->dir_entry, i);
+
+ if (type == X509_LU_CRL && entry->hashes != NULL &&
+ wolfSSL_sk_BY_DIR_HASH_num(entry->hashes) > 0) {
+ /* lock the list */
+ if (wc_LockMutex(&lookup->dirs->lock) != 0) {
+ WOLFSSL_MSG("wc_LockMutex cdir Lock error");
+ return BAD_MUTEX_E;
+ }
+
+ hash_tmp.hash_value = hash;
+ index = wolfSSL_sk_BY_DIR_HASH_find(entry->hashes, &hash_tmp);
+ if (index >= 0) {
+ WOLFSSL_MSG("find hashed CRL in list");
+ ph = wolfSSL_sk_BY_DIR_HASH_value(entry->hashes, index);
+ suffix = ph->last_suffix;
+ } else {
+ ph = NULL;
+ suffix = 0;
+ }
+
+ wc_UnLockMutex(&lookup->dirs->lock);
+ }
+
+ /* Additional buffer length for file name memory allocation : */
+ /* / .(r)N\0 */
+ /*|1| 8 |1|1|1|1| => 13 */
+ len = (int)XSTRLEN(entry->dir_name) + 13;
+ if (filename != NULL) {
+ XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL);
+ }
+
+ filename = (char*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL);
+ if (filename == NULL) {
+ WOLFSSL_MSG("memory allocation error");
+ return MEMORY_E;
+ }
+
+ /* set as FAILURE, if successfuly loading cert of CRL, this becomes */
+ /* WOLFSSL_SUCCESS */
+ ret = WOLFSSL_FAILURE;
+
+ for (; suffix < MAX_SUFFIX; suffix++) {
+ /* /folder-path/.(r)N[0..9] */
+ XSNPRINTF(filename, len, "%s/%08lx.%s%d", entry->dir_name,
+ hash, post, suffix);
+ if(wc_FileExists(filename) == 0/*0 file exists */) {
+
+ if (type == X509_LU_X509) {
+ x509 = wolfSSL_X509_load_certificate_file(filename,
+ WOLFSSL_FILETYPE_PEM);
+ if (x509 != NULL) {
+ ret = wolfSSL_X509_STORE_add_cert(store, x509);
+ wolfSSL_X509_free(x509);
+ } else {
+ WOLFSSL_MSG("failed to load certificate\n");
+ ret = WOLFSSL_FAILURE;
+ break;
+ }
+ }
+#ifdef HAVE_CRL
+ else if (type == X509_LU_CRL) {
+ ret = wolfSSL_X509_load_crl_file(&store->lookup, filename,
+ WOLFSSL_FILETYPE_PEM);
+ if (ret != WOLFSSL_SUCCESS) {
+ WOLFSSL_MSG("failed to load CRL\n");
+ break;
+ }
+ }
+#else
+ else if (type == X509_LU_CRL) {
+ WOLFSSL_MSG("CRL is not supported");
+ ret = WOLFSSL_FAILURE;
+ break;
+ }
+#endif
+ } else
+ break;
+ }
+
+ if (ret != WOLFSSL_SUCCESS) {
+ WOLFSSL_MSG("not found file");
+ ret = WOLFSSL_FAILURE;
+ } else {
+ if (type == X509_LU_CRL) {
+ if (wc_LockMutex(&lookup->dirs->lock) != 0) {
+ WOLFSSL_MSG("wc_LockMutex cdir Lock error");
+ XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL);
+ return BAD_MUTEX_E;
+ }
+ if (ph == NULL) {
+ ph = wolfSSL_BY_DIR_HASH_new();
+ if (ph == NULL) {
+ WOLFSSL_MSG("failed to allocate hash stack");
+ ret = WOLFSSL_FAILURE;
+ } else {
+ ph->hash_value = hash;
+ ph->last_suffix = suffix;
+
+ ret = wolfSSL_sk_BY_DIR_HASH_push(entry->hashes, ph);
+ }
+ }
+ wc_UnLockMutex(&lookup->dirs->lock);
+ }
+ }
+
+ XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL);
+ }
+#else
+ (void) type;
+ (void) ret;
+ (void) x509;
+ (void) filename;
+ (void) suffix;
+ (void) num;
+ (void) i;
+ ret = WOLFSSL_NOT_IMPLEMENTED;
+#endif
+ WOLFSSL_LEAVE("LoadCertByIssuer", ret);
+
+ return ret;
+}
+#endif
+
static int ProcessPeerCertParse(WOLFSSL* ssl, ProcPeerCertArgs* args,
int certType, int verify, byte** pSubjectHash, int* pAlreadySigner)
@@ -11080,6 +11312,31 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
ret = ProcessPeerCertParse(ssl, args, CERT_TYPE,
!ssl->options.verifyNone ? VERIFY : NO_VERIFY,
&subjectHash, &alreadySigner);
+#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ if (ret == ASN_NO_SIGNER_E) {
+ WOLFSSL_MSG("try to load certificate if hash dir is set");
+ if (ssl->ctx->x509_store_pt != NULL) {
+ ret = LoadCertByIssuer(ssl->ctx->x509_store_pt,
+ (WOLFSSL_X509_NAME*)args->dCert->issuerName,
+ X509_LU_X509);
+ } else {
+ ret = LoadCertByIssuer(&ssl->ctx->x509_store,
+ (WOLFSSL_X509_NAME*)args->dCert->issuerName,
+ X509_LU_X509);
+ }
+ if (ret == WOLFSSL_SUCCESS) {
+ FreeDecodedCert(args->dCert);
+ args->dCertInit = 0;
+ /* once again */
+ ret = ProcessPeerCertParse(ssl, args, CERT_TYPE,
+ !ssl->options.verifyNone ? VERIFY : NO_VERIFY,
+ &subjectHash, &alreadySigner);
+ } else
+ ret = ASN_NO_SIGNER_E;
+ }
+#endif
#ifdef WOLFSSL_ASYNC_CRYPT
if (ret == WC_PENDING_E)
goto exit_ppc;
@@ -11273,6 +11530,31 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
ret = ProcessPeerCertParse(ssl, args, CERT_TYPE,
!ssl->options.verifyNone ? VERIFY : NO_VERIFY,
&subjectHash, &alreadySigner);
+#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ if (ret == ASN_NO_SIGNER_E) {
+ WOLFSSL_MSG("try to load certificate if hash dir is set");
+ if (ssl->ctx->x509_store_pt != NULL) {
+ ret = LoadCertByIssuer(ssl->ctx->x509_store_pt,
+ (WOLFSSL_X509_NAME*)args->dCert->issuerName,
+ X509_LU_X509);
+ } else {
+ ret = LoadCertByIssuer(&ssl->ctx->x509_store,
+ (WOLFSSL_X509_NAME*)args->dCert->issuerName,
+ X509_LU_X509);
+ }
+ if (ret == WOLFSSL_SUCCESS) {
+ FreeDecodedCert(args->dCert);
+ args->dCertInit = 0;
+ /* once again */
+ ret = ProcessPeerCertParse(ssl, args, CERT_TYPE,
+ !ssl->options.verifyNone ? VERIFY : NO_VERIFY,
+ &subjectHash, &alreadySigner);
+ } else
+ ret = ASN_NO_SIGNER_E;
+ }
+#endif
#ifdef WOLFSSL_ASYNC_CRYPT
if (ret == WC_PENDING_E)
goto exit_ppc;
@@ -13784,14 +14066,34 @@ static int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
#ifdef CHACHA_AEAD_TEST
int i;
#endif
+ Keys* keys = &ssl->keys;
XMEMSET(tag, 0, sizeof(tag));
XMEMSET(nonce, 0, sizeof(nonce));
XMEMSET(poly, 0, sizeof(poly));
XMEMSET(add, 0, sizeof(add));
+#if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION)
+ /*
+ * For epochs 2+:
+ * * use ssl->secure_renegotiation when encrypting the current epoch as it
+ * has the current epoch cipher material
+ * * use PREV_ORDER if encrypting the epoch not in
+ * ssl->secure_renegotiation
+ */
/* opaque SEQ number stored for AD */
- WriteSEQ(ssl, CUR_ORDER, add);
+ if (ssl->options.dtls && DtlsSCRKeysSet(ssl)) {
+ if (ssl->keys.dtls_epoch ==
+ ssl->secure_renegotiation->tmp_keys.dtls_epoch) {
+ keys = &ssl->secure_renegotiation->tmp_keys;
+ WriteSEQ(ssl, CUR_ORDER, add);
+ }
+ else
+ WriteSEQ(ssl, PREV_ORDER, add);
+ }
+ else
+#endif
+ WriteSEQ(ssl, CUR_ORDER, add);
if (ssl->options.oldPoly != 0) {
/* get nonce. SEQ should not be incremented again here */
@@ -13830,7 +14132,7 @@ static int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
if (ssl->options.oldPoly == 0) {
/* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte
* record sequence number XORed with client_write_IV/server_write_IV */
- XMEMCPY(nonce, ssl->keys.aead_enc_imp_IV, CHACHA20_IMP_IV_SZ);
+ XMEMCPY(nonce, keys->aead_enc_imp_IV, CHACHA20_IMP_IV_SZ);
nonce[4] ^= add[0];
nonce[5] ^= add[1];
nonce[6] ^= add[2];
@@ -13938,6 +14240,7 @@ static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for mac */
int ret = 0;
int msgLen = (sz - ssl->specs.aead_mac_size);
+ Keys* keys = &ssl->keys;
#ifdef CHACHA_AEAD_TEST
int i;
@@ -13955,6 +14258,17 @@ static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
XMEMSET(nonce, 0, sizeof(nonce));
XMEMSET(add, 0, sizeof(add));
+#if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION)
+ /*
+ * For epochs 2+:
+ * * use ssl->secure_renegotiation when decrypting the latest epoch as it
+ * has the latest epoch cipher material
+ */
+ if (ssl->options.dtls && DtlsSCRKeysSet(ssl) &&
+ ssl->keys.curEpoch == ssl->secure_renegotiation->tmp_keys.dtls_epoch)
+ keys = &ssl->secure_renegotiation->tmp_keys;
+#endif
+
/* sequence number field is 64-bits */
WriteSEQ(ssl, PEER_ORDER, add);
@@ -13984,7 +14298,7 @@ static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
if (ssl->options.oldPoly == 0) {
/* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte
* record sequence number XORed with client_write_IV/server_write_IV */
- XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, CHACHA20_IMP_IV_SZ);
+ XMEMCPY(nonce, keys->aead_dec_imp_IV, CHACHA20_IMP_IV_SZ);
nonce[4] ^= add[0];
nonce[5] ^= add[1];
nonce[6] ^= add[2];
@@ -15387,7 +15701,7 @@ int ProcessReply(WOLFSSL* ssl)
used = ssl->buffers.inputBuffer.length -
ssl->buffers.inputBuffer.idx;
if (used < ssl->curSize)
- if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
+ if ((ret = GetInputData(ssl, ssl->curSize - used)) < 0)
return ret;
#endif /* WOLFSSL_DTLS */
}
@@ -15415,6 +15729,7 @@ int ProcessReply(WOLFSSL* ssl)
ret = GetRecordHeader(ssl, ssl->buffers.inputBuffer.buffer,
&ssl->buffers.inputBuffer.idx,
&ssl->curRL, &ssl->curSize);
+
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls && ret == SEQUENCE_ERROR) {
WOLFSSL_MSG("Silently dropping out of order DTLS message");
@@ -15902,6 +16217,12 @@ int ProcessReply(WOLFSSL* ssl)
#endif
#ifndef WOLFSSL_NO_TLS12
+ if (ssl->buffers.inputBuffer.idx >=
+ ssl->buffers.inputBuffer.length ||
+ ssl->curSize < 1) {
+ WOLFSSL_MSG("ChangeCipher msg too short");
+ return LENGTH_ERROR;
+ }
if (ssl->buffers.inputBuffer.buffer[
ssl->buffers.inputBuffer.idx] != 1) {
WOLFSSL_MSG("ChangeCipher msg wrong value");
@@ -21537,7 +21858,7 @@ exit_dpk:
ato16(input + *inOutIdx, &len);
*inOutIdx += OPAQUE16_LEN;
- if ((*inOutIdx - begin) + len > size)
+ if ((len > size) || ((*inOutIdx - begin) + len > size))
return BUFFER_ERROR;
if (PickHashSigAlgo(ssl, input + *inOutIdx, len) != 0 &&
@@ -31333,6 +31654,393 @@ int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment)
return maxFragment;
}
+#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+/* create an instance of WOLFSSL_BY_DIR_HASH structure */
+WOLFSSL_BY_DIR_HASH* wolfSSL_BY_DIR_HASH_new(void)
+{
+ WOLFSSL_BY_DIR_HASH* dir_hash;
+
+ WOLFSSL_ENTER("wolfSSL_BY_DIR_HASH_new");
+
+ dir_hash = (WOLFSSL_BY_DIR_HASH*)XMALLOC(sizeof(WOLFSSL_BY_DIR_HASH), NULL,
+ DYNAMIC_TYPE_OPENSSL);
+ if (dir_hash) {
+ XMEMSET(dir_hash, 0, sizeof(WOLFSSL_BY_DIR_HASH));
+ }
+ return dir_hash;
+}
+/* release a WOLFSSL_BY_DIR_HASH resource */
+void wolfSSL_BY_DIR_HASH_free(WOLFSSL_BY_DIR_HASH* dir_hash)
+{
+ if (dir_hash == NULL)
+ return;
+
+ XFREE(dir_hash, NULL, DYNAMIC_TYPE_OPENSSL);
+}
+/* create an instance of WOLFSSL_STACK for STACK_TYPE_BY_DIR_hash */
+WOLFSSL_STACK* wolfSSL_sk_BY_DIR_HASH_new_null(void)
+{
+ WOLFSSL_STACK* sk = wolfSSL_sk_new_node(NULL);
+
+ WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_new_null");
+
+ if (sk) {
+ sk->type = STACK_TYPE_BY_DIR_hash;
+ }
+ return sk;
+}
+
+/* returns value less than 0 on fail to match
+ * On a successful match the priority level found is returned
+ */
+int wolfSSL_sk_BY_DIR_HASH_find(
+ WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, const WOLFSSL_BY_DIR_HASH* toFind)
+{
+ WOLFSSL_STACK* next;
+ int i, sz;
+
+ WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_find");
+
+ if (sk == NULL || toFind == NULL) {
+ return WOLFSSL_FAILURE;
+ }
+
+ sz = wolfSSL_sk_BY_DIR_HASH_num(sk);
+ next = sk;
+ for (i = 0; i < sz && next != NULL; i++) {
+ if (next->data.dir_hash->hash_value == toFind->hash_value) {
+ return sz - i; /* reverse because stack pushed highest on first */
+ }
+ next = next->next;
+ }
+ return -1;
+}
+/* return a number of WOLFSSL_BY_DIR_HASH in stack */
+int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk)
+{
+ WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_num");
+
+ if (sk == NULL)
+ return -1;
+ return (int)sk->num;
+}
+/* return WOLFSSL_BY_DIR_HASH instance at i */
+WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_value(
+ const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk, int i)
+{
+ WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_value");
+
+ for (; sk != NULL && i > 0; i--)
+ sk = sk->next;
+
+ if (i != 0 || sk == NULL)
+ return NULL;
+ return sk->data.dir_hash;
+}
+/* pop WOLFSSL_BY_DIR_HASH instance, and remove its node from stack */
+WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_pop(
+ WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk)
+{
+ WOLFSSL_STACK* node;
+ WOLFSSL_BY_DIR_HASH* hash;
+
+ WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_pop");
+
+ if (sk == NULL) {
+ return NULL;
+ }
+
+ node = sk->next;
+ hash = sk->data.dir_hash;
+
+ if (node != NULL) { /* update sk and remove node from stack */
+ sk->data.dir_hash = node->data.dir_hash;
+ sk->next = node->next;
+ wolfSSL_sk_free_node(node);
+ }
+ else { /* last x509 in stack */
+ sk->data.dir_hash = NULL;
+ }
+
+ if (sk->num > 0) {
+ sk->num -= 1;
+ }
+
+ return hash;
+}
+/* release all contents in stack, and then release stack itself. */
+/* Second argument is a function pointer to release resouces. */
+/* It calls the function to release resouces when t is passed */
+/* instead of wolfSSL_BY_DIR_HASH_free(). */
+void wolfSSL_sk_BY_DIR_HASH_pop_free(WOLF_STACK_OF(BY_DIR_HASH)* sk,
+ void (*f) (WOLFSSL_BY_DIR_HASH*))
+{
+ WOLFSSL_STACK* node;
+
+ WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_pop_free");
+
+ if (sk == NULL) {
+ return;
+ }
+
+ /* parse through stack freeing each node */
+ node = sk->next;
+ while (node && sk->num > 1) {
+ WOLFSSL_STACK* tmp = node;
+ node = node->next;
+
+ if (f)
+ f(tmp->data.dir_hash);
+ else
+ wolfSSL_BY_DIR_HASH_free(tmp->data.dir_hash);
+ tmp->data.dir_hash = NULL;
+ XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
+ sk->num -= 1;
+ }
+
+ /* free head of stack */
+ if (sk->num == 1) {
+ if (f)
+ f(sk->data.dir_hash);
+ else
+ wolfSSL_BY_DIR_HASH_free(sk->data.dir_hash);
+ sk->data.dir_hash = NULL;
+ }
+ XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL);
+}
+/* release all contents in stack, and then release stack itself */
+void wolfSSL_sk_BY_DIR_HASH_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk)
+{
+ wolfSSL_sk_BY_DIR_HASH_pop_free(sk, NULL);
+}
+/* Adds the WOLFSSL_BY_DIR_HASH to the stack "sk". "sk" takes control of "in" and
+ * tries to free it when the stack is free'd.
+ *
+ * return 1 on success 0 on fail
+ */
+int wolfSSL_sk_BY_DIR_HASH_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk,
+ WOLFSSL_BY_DIR_HASH* in)
+{
+ WOLFSSL_STACK* node;
+
+ WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_push");
+
+ if (sk == NULL || in == NULL) {
+ return WOLFSSL_FAILURE;
+ }
+
+ /* no previous values in stack */
+ if (sk->data.dir_hash == NULL) {
+ sk->data.dir_hash = in;
+ sk->num += 1;
+ return WOLFSSL_SUCCESS;
+ }
+
+ /* stack already has value(s) create a new node and add more */
+ node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
+ DYNAMIC_TYPE_OPENSSL);
+ if (node == NULL) {
+ WOLFSSL_MSG("Memory error");
+ return WOLFSSL_FAILURE;
+ }
+ XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
+
+ /* push new obj onto head of stack */
+ node->data.dir_hash = sk->data.dir_hash;
+ node->next = sk->next;
+ node->type = sk->type;
+ sk->next = node;
+ sk->data.dir_hash = in;
+ sk->num += 1;
+
+ return WOLFSSL_SUCCESS;
+}
+/* create an instance of WOLFSSL_BY_DIR_entry structure */
+WOLFSSL_BY_DIR_entry* wolfSSL_BY_DIR_entry_new(void)
+{
+ WOLFSSL_BY_DIR_entry* entry;
+
+ WOLFSSL_ENTER("wolfSSL_BY_DIR_entry_new");
+
+ entry = (WOLFSSL_BY_DIR_entry*)XMALLOC(sizeof(WOLFSSL_BY_DIR_entry), NULL,
+ DYNAMIC_TYPE_OPENSSL);
+
+ if (entry) {
+ XMEMSET(entry, 0, sizeof(WOLFSSL_BY_DIR_entry));
+ }
+ return entry;
+}
+/* release a WOLFSSL_BY_DIR_entry resource */
+void wolfSSL_BY_DIR_entry_free(WOLFSSL_BY_DIR_entry* entry)
+{
+ WOLFSSL_ENTER("wolfSSL_BY_DIR_entry_free");
+
+ if (entry == NULL)
+ return;
+
+ if (entry->hashes) {
+ wolfSSL_sk_BY_DIR_HASH_free(entry->hashes);
+ }
+
+ if (entry->dir_name != NULL) {
+ XFREE(entry->dir_name, NULL, DYNAMIC_TYPE_OPENSSL);
+ }
+
+ XFREE(entry, NULL, DYNAMIC_TYPE_OPENSSL);
+}
+
+WOLFSSL_STACK* wolfSSL_sk_BY_DIR_entry_new_null(void)
+{
+ WOLFSSL_STACK* sk = wolfSSL_sk_new_node(NULL);
+
+ WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_new_null");
+
+ if (sk) {
+ sk->type = STACK_TYPE_BY_DIR_entry;
+ }
+ return sk;
+}
+/* return a number of WOLFSSL_BY_DIR_entry in stack */
+int wolfSSL_sk_BY_DIR_entry_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk)
+{
+ WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_num");
+
+ if (sk == NULL)
+ return -1;
+ return (int)sk->num;
+}
+/* return WOLFSSL_BY_DIR_entry instance at i */
+WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_value(
+ const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk, int i)
+{
+ WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_value");
+
+ for (; sk != NULL && i > 0; i--)
+ sk = sk->next;
+
+ if (i != 0 || sk == NULL)
+ return NULL;
+ return sk->data.dir_entry;
+}
+/* pop WOLFSSL_BY_DIR_entry instance first, and remove its node from stack */
+WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_pop(
+ WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk)
+{
+ WOLFSSL_STACK* node;
+ WOLFSSL_BY_DIR_entry* entry;
+
+ WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_pop");
+
+ if (sk == NULL) {
+ return NULL;
+ }
+
+ node = sk->next;
+ entry = sk->data.dir_entry;
+
+ if (node != NULL) { /* update sk and remove node from stack */
+ sk->data.dir_entry = node->data.dir_entry;
+ sk->next = node->next;
+ wolfSSL_sk_free_node(node);
+ }
+ else { /* last x509 in stack */
+ sk->data.dir_entry = NULL;
+ }
+
+ if (sk->num > 0) {
+ sk->num -= 1;
+ }
+
+ return entry;
+}
+/* release all contents in stack, and then release stack itself. */
+/* Second argument is a function pointer to release resouces. */
+/* It calls the function to release resouces when t is passed */
+/* instead of wolfSSL_BY_DIR_entry_free(). */
+void wolfSSL_sk_BY_DIR_entry_pop_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk,
+ void (*f) (WOLFSSL_BY_DIR_entry*))
+{
+ WOLFSSL_STACK* node;
+
+ WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_pop_free");
+
+ if (sk == NULL) {
+ return;
+ }
+
+ /* parse through stack freeing each node */
+ node = sk->next;
+ while (node && sk->num > 1) {
+ WOLFSSL_STACK* tmp = node;
+ node = node->next;
+
+ if (f)
+ f(tmp->data.dir_entry);
+ else
+ wolfSSL_BY_DIR_entry_free(tmp->data.dir_entry);
+ tmp->data.dir_entry = NULL;
+ XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
+ sk->num -= 1;
+ }
+
+ /* free head of stack */
+ if (sk->num == 1) {
+ if (f)
+ f(sk->data.dir_entry);
+ else
+ wolfSSL_BY_DIR_entry_free(sk->data.dir_entry);
+ sk->data.dir_entry = NULL;
+ }
+ XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL);
+}
+/* release all contents in stack, and then release stack itself */
+void wolfSSL_sk_BY_DIR_entry_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry) *sk)
+{
+ wolfSSL_sk_BY_DIR_entry_pop_free(sk, NULL);
+}
+
+/* Adds the wolfSSL_BY_DIR_entry to the stack "sk". "sk" takes control of "in" and
+ * tries to free it when the stack is free'd.
+ *
+ * return 1 on success 0 on fail
+ */
+int wolfSSL_sk_BY_DIR_entry_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk,
+ WOLFSSL_BY_DIR_entry* in)
+{
+ WOLFSSL_STACK* node;
+
+ if (sk == NULL || in == NULL) {
+ return WOLFSSL_FAILURE;
+ }
+
+ /* no previous values in stack */
+ if (sk->data.dir_entry == NULL) {
+ sk->data.dir_entry = in;
+ sk->num += 1;
+ return WOLFSSL_SUCCESS;
+ }
+
+ /* stack already has value(s) create a new node and add more */
+ node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
+ DYNAMIC_TYPE_OPENSSL);
+ if (node == NULL) {
+ WOLFSSL_MSG("Memory error");
+ return WOLFSSL_FAILURE;
+ }
+ XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
+
+ /* push new obj onto head of stack */
+ node->data.dir_entry = sk->data.dir_entry;
+ node->next = sk->next;
+ node->type = sk->type;
+ sk->next = node;
+ sk->data.dir_entry = in;
+ sk->num += 1;
+
+ return WOLFSSL_SUCCESS;
+}
+
+#endif /* OPENSSL_ALL */
#undef ERROR_OUT
diff --git a/src/keys.c b/src/keys.c
index 71da4eb73..67e65feea 100644
--- a/src/keys.c
+++ b/src/keys.c
@@ -3086,10 +3086,10 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
#ifdef WOLFSSL_DEBUG_TLS
WOLFSSL_MSG("Provisioning ENCRYPT key");
if (ssl->options.side == WOLFSSL_CLIENT_END) {
- WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size);
+ WOLFSSL_BUFFER(keys->client_write_key, ssl->specs.key_size);
}
else {
- WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size);
+ WOLFSSL_BUFFER(keys->server_write_key, ssl->specs.key_size);
}
#endif
wc_encrypt = &ssl->encrypt;
@@ -3099,10 +3099,10 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
#ifdef WOLFSSL_DEBUG_TLS
WOLFSSL_MSG("Provisioning DECRYPT key");
if (ssl->options.side == WOLFSSL_CLIENT_END) {
- WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size);
+ WOLFSSL_BUFFER(keys->server_write_key, ssl->specs.key_size);
}
else {
- WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size);
+ WOLFSSL_BUFFER(keys->client_write_key, ssl->specs.key_size);
}
#endif
wc_decrypt = &ssl->decrypt;
@@ -3112,17 +3112,17 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
#ifdef WOLFSSL_DEBUG_TLS
WOLFSSL_MSG("Provisioning ENCRYPT key");
if (ssl->options.side == WOLFSSL_CLIENT_END) {
- WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size);
+ WOLFSSL_BUFFER(keys->client_write_key, ssl->specs.key_size);
}
else {
- WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size);
+ WOLFSSL_BUFFER(keys->server_write_key, ssl->specs.key_size);
}
WOLFSSL_MSG("Provisioning DECRYPT key");
if (ssl->options.side == WOLFSSL_CLIENT_END) {
- WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size);
+ WOLFSSL_BUFFER(keys->server_write_key, ssl->specs.key_size);
}
else {
- WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size);
+ WOLFSSL_BUFFER(keys->client_write_key, ssl->specs.key_size);
}
#endif
wc_encrypt = &ssl->encrypt;
diff --git a/src/ocsp.c b/src/ocsp.c
index 06a4ecb5f..f4b264bd3 100644
--- a/src/ocsp.c
+++ b/src/ocsp.c
@@ -610,7 +610,11 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
/* AddCA() frees the buffer. */
XMEMCPY(derCert->buffer, issuer->derCert->buffer,
issuer->derCert->length);
- AddCA(cm, &derCert, WOLFSSL_USER_CA, 1);
+ ret = AddCA(cm, &derCert, WOLFSSL_USER_CA, 1);
+ if (ret != WOLFSSL_SUCCESS) {
+ wolfSSL_CertManagerFree(cm);
+ return NULL;
+ }
}
certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(WOLFSSL_OCSP_CERTID), NULL,
@@ -624,28 +628,30 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
if (certStatus)
XFREE(certStatus, NULL, DYNAMIC_TYPE_OPENSSL);
- return NULL;
- }
-
- XMEMSET(certId, 0, sizeof(WOLFSSL_OCSP_CERTID));
- XMEMSET(certStatus, 0, sizeof(CertStatus));
-
- certId->status = certStatus;
- certId->ownStatus = 1;
-
- InitDecodedCert(&cert, subject->derCert->buffer,
- subject->derCert->length, NULL);
- if (ParseCertRelative(&cert, CERT_TYPE, VERIFY_OCSP, cm) != 0) {
- XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
certId = NULL;
}
- else {
- XMEMCPY(certId->issuerHash, cert.issuerHash, OCSP_DIGEST_SIZE);
- XMEMCPY(certId->issuerKeyHash, cert.issuerKeyHash, OCSP_DIGEST_SIZE);
- XMEMCPY(certId->status->serial, cert.serial, cert.serialSz);
- certId->status->serialSz = cert.serialSz;
+
+ if (certId != NULL) {
+ XMEMSET(certId, 0, sizeof(WOLFSSL_OCSP_CERTID));
+ XMEMSET(certStatus, 0, sizeof(CertStatus));
+
+ certId->status = certStatus;
+ certId->ownStatus = 1;
+
+ InitDecodedCert(&cert, subject->derCert->buffer,
+ subject->derCert->length, NULL);
+ if (ParseCertRelative(&cert, CERT_TYPE, VERIFY_OCSP, cm) != 0) {
+ XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
+ certId = NULL;
+ }
+ else {
+ XMEMCPY(certId->issuerHash, cert.issuerHash, OCSP_DIGEST_SIZE);
+ XMEMCPY(certId->issuerKeyHash, cert.issuerKeyHash, OCSP_DIGEST_SIZE);
+ XMEMCPY(certId->status->serial, cert.serial, cert.serialSz);
+ certId->status->serialSz = cert.serialSz;
+ }
+ FreeDecodedCert(&cert);
}
- FreeDecodedCert(&cert);
wolfSSL_CertManagerFree(cm);
@@ -804,8 +810,8 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
resp->single->ownStatus = 1;
if (resp->single->status == NULL) {
XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
XFREE(resp->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
+ XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
return NULL;
}
XMEMSET(resp->single->status, 0, sizeof(CertStatus));
diff --git a/src/ssl.c b/src/ssl.c
index 3ec3512f9..49378cdf3 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -151,9 +151,17 @@
#ifndef WOLFCRYPT_ONLY
#ifdef OPENSSL_EXTRA
-/* Global pointer to constant BN on */
-static WOLFSSL_BIGNUM* bn_one = NULL;
-#endif
+ /* Global pointer to constant BN on */
+ static WOLFSSL_BIGNUM* bn_one = NULL;
+
+ /* WOLFSSL_NO_OPENSSL_RAND_CB: Allows way to reduce code size for
+ * OPENSSL_EXTRA where RAND callbacks are not used */
+ #ifndef WOLFSSL_NO_OPENSSL_RAND_CB
+ static const WOLFSSL_RAND_METHOD* gRandMethods = NULL;
+ static int gRandMethodsInit = 0;
+ static wolfSSL_Mutex gRandMethodMutex;
+ #endif /* !WOLFSSL_NO_OPENSSL_RAND_CB */
+#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
const WOLF_EC_NIST_NAME kNistCurves[] = {
@@ -4520,13 +4528,16 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify)
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), cm->heap,
DYNAMIC_TYPE_DCERT);
- if (cert == NULL)
+ if (cert == NULL) {
+ FreeDer(&der);
return MEMORY_E;
+ }
InitDecodedCert(cert, der->buffer, der->length, cm->heap);
if ((ret = ParseCert(cert, TRUSTED_PEER_TYPE, verify, cm)) != 0) {
FreeDecodedCert(cert);
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
+ FreeDer(&der);
return ret;
}
WOLFSSL_MSG("\tParsed new trusted peer cert");
@@ -4536,6 +4547,7 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify)
if (peerCert == NULL) {
FreeDecodedCert(cert);
XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT);
+ FreeDer(&der);
return MEMORY_E;
}
XMEMSET(peerCert, 0, sizeof(TrustedPeerCert));
@@ -4572,6 +4584,7 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify)
FreeDecodedCert(cert);
XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT);
FreeTrustedPeer(peerCert, cm->heap);
+ FreeDer(&der);
return MEMORY_E;
}
XMEMCPY(peerCert->sig, cert->signature, cert->sigLength);
@@ -4619,6 +4632,7 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify)
FreeDecodedCert(cert);
XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT);
FreeTrustedPeer(peerCert, cm->heap);
+ FreeDer(&der);
return BAD_MUTEX_E;
}
}
@@ -4927,9 +4941,25 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
#if defined(OPENSSL_EXTRA) || \
(defined(OPENSSL_EXTRA_X509_SMALL) && !defined(NO_RSA))
-static WC_RNG globalRNG;
-static int initGlobalRNG = 0;
-static wolfSSL_Mutex globalRNGMutex;
+
+ #define HAVE_GLOBAL_RNG /* consolidate flags for using globalRNG */
+ static WC_RNG globalRNG;
+ static int initGlobalRNG = 0;
+ static wolfSSL_Mutex globalRNGMutex;
+#endif
+
+#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB)
+static int wolfSSL_RAND_InitMutex(void)
+{
+ if (gRandMethodsInit == 0) {
+ if (wc_InitMutex(&gRandMethodMutex) != 0) {
+ WOLFSSL_MSG("Bad Init Mutex rand methods");
+ return BAD_MUTEX_E;
+ }
+ gRandMethodsInit = 1;
+ }
+ return 0;
+}
#endif
WOLFSSL_ABI
@@ -4944,8 +4974,7 @@ int wolfSSL_Init(void)
return WC_INIT_E;
}
-#if defined(OPENSSL_EXTRA) || \
- (defined(OPENSSL_EXTRA_X509_SMALL) && !defined(NO_RSA))
+#ifdef HAVE_GLOBAL_RNG
if (wc_InitMutex(&globalRNGMutex) != 0) {
WOLFSSL_MSG("Bad Init Mutex rng");
return BAD_MUTEX_E;
@@ -4953,6 +4982,11 @@ int wolfSSL_Init(void)
#endif
#ifdef OPENSSL_EXTRA
+ #ifndef WOLFSSL_NO_OPENSSL_RAND_CB
+ if (wolfSSL_RAND_InitMutex() != 0) {
+ return BAD_MUTEX_E;
+ }
+ #endif
if (wolfSSL_RAND_seed(NULL, 0) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("wolfSSL_RAND_Seed failed");
return WC_INIT_E;
@@ -5537,8 +5571,11 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
FreeDer(&der);
return BAD_FUNC_ARG;
}
- /* add trusted peer cert */
+ /* add trusted peer cert. der is freed within */
ret = AddTrustedPeer(ctx->cm, &der, !ctx->verifyNone);
+ if (ret != WOLFSSL_SUCCESS) {
+ WOLFSSL_MSG("Error adding trusted peer");
+ }
done = 1;
}
#endif /* WOLFSSL_TRUST_PEER_CERT */
@@ -8204,6 +8241,7 @@ int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert)
CA_TYPE,
NO_VERIFY, NULL) < 0) {
WOLFSSL_MSG("\tCertificate parsing failed");
+ FreeDecodedCert(&cert);
return WOLFSSL_FAILURE;
}
@@ -8563,6 +8601,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
NO_VERIFY, NULL) < 0) {
WOLFSSL_MSG("\tCertificate parsing failed");
wolfSSL_X509_EXTENSION_free(ext);
+ FreeDecodedCert(&cert);
return NULL;
}
@@ -9071,7 +9110,7 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext,
int nid;
const int sz = CTC_NAME_SIZE*2;
int rc = WOLFSSL_FAILURE;
- char tmp[CTC_NAME_SIZE*2] = {0};
+ char tmp[CTC_NAME_SIZE*2 + 1] = {0};
WOLFSSL_ENTER("wolfSSL_X509V3_EXT_print");
if ((out == NULL) || (ext == NULL)) {
@@ -9127,7 +9166,7 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext,
return rc;
}
if (sk->next)
- XSNPRINTF(val, len, "%*s%s, ", indent, "", str->strData);
+ XSNPRINTF(val, len, "%*s%s,", indent, "", str->strData);
else
XSNPRINTF(val, len, "%*s%s", indent, "", str->strData);
@@ -9362,6 +9401,8 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
WOLFSSL_MSG("Failed to malloc authority key id");
return NULL;
}
+
+ XMEMSET(akey, 0, sizeof(WOLFSSL_AUTHORITY_KEYID));
akey->keyid = wolfSSL_ASN1_STRING_new();
if (akey->keyid == NULL) {
@@ -9508,6 +9549,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
WOLFSSL_MSG("ASN1_STRING_set() failed");
wolfSSL_ASN1_OBJECT_free(ad->method);
XFREE(aia, NULL, DYNAMIC_TYPE_X509_EXT);
+ XFREE(ad->location, NULL, DYNAMIC_TYPE_OPENSSL);
XFREE(ad, NULL, DYNAMIC_TYPE_X509_EXT);
return NULL;
}
@@ -9580,6 +9622,7 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos)
CA_TYPE,
NO_VERIFY, NULL) < 0) {
WOLFSSL_MSG("\tCertificate parsing failed");
+ FreeDecodedCert(&cert);
return WOLFSSL_FATAL_ERROR;
}
@@ -9790,8 +9833,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
gn = wolfSSL_GENERAL_NAME_new();
if (gn == NULL) {
WOLFSSL_MSG("Error creating GENERAL_NAME");
- wolfSSL_sk_free(sk);
- return NULL;
+ goto err;
}
gn->type = dns->type;
@@ -9799,18 +9841,14 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
if (wolfSSL_ASN1_STRING_set(gn->d.ia5, dns->name,
gn->d.ia5->length) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("ASN1_STRING_set failed");
- wolfSSL_GENERAL_NAME_free(gn);
- wolfSSL_sk_free(sk);
- return NULL;
+ goto err;
}
dns = dns->next;
if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) !=
WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Error pushing ASN1 object onto stack");
- wolfSSL_GENERAL_NAME_free(gn);
- wolfSSL_sk_free(sk);
- sk = NULL;
+ goto err;
}
/* null so that it doesn't get pushed again after switch */
gn = NULL;
@@ -12225,10 +12263,21 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
if (ssl == NULL)
return WOLFSSL_FATAL_ERROR;
- if ((IsSCR(ssl) || !ssl->options.handShakeDone) &&
- (DtlsMsgPoolTimeout(ssl) < 0 || DtlsMsgPoolSend(ssl, 0) < 0)) {
-
- result = WOLFSSL_FATAL_ERROR;
+ if ((IsSCR(ssl) || !ssl->options.handShakeDone)) {
+ if (DtlsMsgPoolTimeout(ssl) < 0){
+ ssl->error = SOCKET_ERROR_E;
+ WOLFSSL_ERROR(ssl->error);
+ result = WOLFSSL_FATAL_ERROR;
+ }
+ else if ((result = DtlsMsgPoolSend(ssl, 0)) < 0) {
+ ssl->error = result;
+ WOLFSSL_ERROR(result);
+ result = WOLFSSL_FATAL_ERROR;
+ }
+ else {
+ /* Reset return value to success */
+ result = WOLFSSL_SUCCESS;
+ }
}
WOLFSSL_LEAVE("wolfSSL_dtls_got_timeout()", result);
@@ -15812,6 +15861,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
ctx->x509_store.cache = str->cache;
ctx->x509_store_pt = str; /* take ownership of store and free it
with CTX free */
+ ctx->cm->x509_store_p = ctx->x509_store_pt;/* CTX has onwership
+ and free it with CTX free*/
}
@@ -16190,7 +16241,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
}
if (len < 0) {
- len = (int)XSTRLEN((const char*)buf);
+ /* The length of the string including terminating null. */
+ len = (int)XSTRLEN((const char*)buf) + 1;
}
bio->num = bio->wrSz = len;
bio->ptr = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL);
@@ -16460,14 +16512,17 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
wc_RemoveErrorNode(0);
}
} while (ret >= 0);
- wolfSSL_BIO_write(bio, "", 1);
+ if (wolfSSL_BIO_write(bio, "", 1) != 1) {
+ WOLFSSL_MSG("Issue writing final string terminator");
+ }
}
#endif /* !NO_BIO */
#endif /* OPENSSL_EXTRA || DEBUG_WOLFSSL_VERBOSE */
#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
-#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
+ defined(HAVE_SECRET_CALLBACK)
#if !defined(NO_WOLFSSL_SERVER)
size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out,
size_t outSz)
@@ -16499,7 +16554,7 @@ size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out,
return size;
}
#endif /* !NO_WOLFSSL_SERVER */
-#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || HAVE_SECRET_CALLBACK */
#ifdef OPENSSL_EXTRA
#if !defined(NO_WOLFSSL_SERVER)
@@ -16761,7 +16816,8 @@ WOLFSSL_API int wolfSSL_CTX_get_min_proto_version(WOLFSSL_CTX* ctx)
#endif /* OPENSSL_EXTRA */
-#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
+ defined(HAVE_SECRET_CALLBACK)
#if !defined(NO_WOLFSSL_CLIENT)
/* Return the amount of random bytes copied over or error case.
* ssl : ssl struct after handshake
@@ -16800,7 +16856,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
return size;
}
#endif /* !NO_WOLFSSL_CLIENT */
-#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || HAVE_SECRET_CALLBACK */
#ifdef OPENSSL_EXTRA
unsigned long wolfSSLeay(void)
@@ -17808,24 +17864,62 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
#endif
}
+ /* If a valid struct is provided with function pointers, will override
+ RAND_seed, bytes, cleanup, add, pseudo_bytes and status. If a NULL
+ pointer is passed in, it will cancel any previous function overrides.
- int wolfSSL_RAND_status(void)
+ Returns WOLFSSL_SUCCESS on success, WOLFSSL_FAILURE on failure. */
+ int wolfSSL_RAND_set_rand_method(const WOLFSSL_RAND_METHOD *methods)
{
- return WOLFSSL_SUCCESS; /* wolfCrypt provides enough seed internally */
+ #ifndef WOLFSSL_NO_OPENSSL_RAND_CB
+ if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) {
+ gRandMethods = methods;
+ wc_UnLockMutex(&gRandMethodMutex);
+ return WOLFSSL_SUCCESS;
+ }
+ #else
+ (void)methods;
+ #endif
+ return WOLFSSL_FAILURE;
}
+ /* Returns WOLFSSL_SUCCESS if the RNG has been seeded with enough data */
+ int wolfSSL_RAND_status(void)
+ {
+ int ret = WOLFSSL_SUCCESS;
+ #ifndef WOLFSSL_NO_OPENSSL_RAND_CB
+ if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) {
+ if (gRandMethods && gRandMethods->status)
+ ret = gRandMethods->status();
+ wc_UnLockMutex(&gRandMethodMutex);
+ }
+ else {
+ ret = WOLFSSL_FAILURE;
+ }
+ #else
+ /* wolfCrypt provides enough seed internally, so return success */
+ #endif
+ return ret;
+ }
- #ifndef NO_WOLFSSL_STUB
void wolfSSL_RAND_add(const void* add, int len, double entropy)
{
+ #ifndef WOLFSSL_NO_OPENSSL_RAND_CB
+ if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) {
+ if (gRandMethods && gRandMethods->add) {
+ /* callback has return code, but RAND_add does not */
+ (void)gRandMethods->add(add, len, entropy);
+ }
+ wc_UnLockMutex(&gRandMethodMutex);
+ }
+ #else
+ /* wolfSSL seeds/adds internally, use explicit RNG if you want
+ to take control */
(void)add;
(void)len;
(void)entropy;
- WOLFSSL_STUB("RAND_add");
- /* wolfSSL seeds/adds internally, use explicit RNG if you want
- to take control */
- }
#endif
+ }
#ifndef NO_DES3
/* 0 on ok */
@@ -18580,6 +18674,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
x509 = wolfSSL_X509_new();
if (x509 == NULL) {
WOLFSSL_MSG("Error Creating X509");
+ wolfSSL_sk_X509_free(sk);
return NULL;
}
ret = DecodeToX509(x509, ssl->session.chain.certs[i].buffer,
@@ -20563,8 +20658,11 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline)
}
sectionName[sectionNameLen] = '\0';
- if (!(section = wolfSSL_CONF_get_section(conf, sectionName)))
+ if (!(section = wolfSSL_CONF_get_section(conf, sectionName))) {
section = wolfSSL_CONF_new_section(conf, sectionName);
+ if (!section)
+ goto cleanup;
+ }
}
else {
char* name;
@@ -23124,6 +23222,21 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
#if !defined(NO_CERTS) && (defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL))
+ int wolfSSL_ASN1_STRING_copy(WOLFSSL_ASN1_STRING* dest,
+ const WOLFSSL_ASN1_STRING* src)
+ {
+ if (src == NULL || dest == NULL) {
+ return WOLFSSL_FAILURE;
+ }
+ dest->type = src->type;
+ if(wolfSSL_ASN1_STRING_set(dest, src->data, src->length)
+ != WOLFSSL_SUCCESS) {
+ return WOLFSSL_FAILURE;
+ }
+ dest->flags = src->flags;
+
+ return WOLFSSL_SUCCESS;
+ }
/* Creates a new WOLFSSL_ASN1_STRING structure given the input type.
*
* type is the type of set when WOLFSSL_ASN1_STRING is created
@@ -23971,6 +24084,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("wolfSSL_BIO_set_fp error");
+ wolfSSL_BIO_free(bio);
return WOLFSSL_FAILURE;
}
@@ -24080,7 +24194,7 @@ int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER* cipher)
strLen = (int)XSTRLEN(name);
for (i = 0, j = 0, k = 0; i <= strLen; i++) {
- if (k > MAX_SEGMENTS || j > MAX_SEGMENT_SZ)
+ if (k >= MAX_SEGMENTS || j >= MAX_SEGMENT_SZ)
break;
if (name[i] != '-' && name[i] != '\0') {
@@ -24805,35 +24919,185 @@ WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_file(void)
return &meth;
}
+/* set directory path to load certificate or CRL which have the hash.N form */
+/* for late use */
+/* @param ctx a pointer to WOLFSSL_BY_DIR structure */
+/* @param argc directory path */
+/* @param argl file type, either WOLFSSL_FILETYPE_PEM or */
+/* WOLFSSL_FILETYPE_ASN1 */
+/* @return WOLFSSL_SUCCESS on successful, othewise negative or zero */
+static int x509AddCertDir(WOLFSSL_BY_DIR *ctx, const char *argc, long argl)
+{
+ WOLFSSL_ENTER("x509AddCertDir");
+ (void)argl;
+#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ WOLFSSL_BY_DIR_entry *entry;
+ size_t pathLen;
+ int i, num;
+ const char* c;
+#ifdef WOLFSSL_SMALL_STACK
+ char *buf;
+#else
+ char buf[MAX_FILENAME_SZ];
+#endif
+
+ pathLen = 0;
+ c = argc;
+ /* sanity check, zero length */
+ if (ctx == NULL || c == NULL || *c == '\0')
+ return WOLFSSL_FAILURE;
+
+#ifdef WOLFSSL_SMALL_STACK
+ buf = (char*)XMALLOC(MAX_FILENAME_SZ, NULL, DYNAMIC_TYPE_OPENSSL);
+ if (buf == NULL) {
+ WOLFSSL_LEAVE("x509AddCertDir", MEMORY_E);
+ return MEMORY_E;
+ }
+#endif
+
+ XMEMSET(buf, 0, MAX_FILENAME_SZ);
+
+ do {
+ if (*c == SEPARATOR_CHAR || *c == '\0') {
+
+ num = wolfSSL_sk_BY_DIR_entry_num(ctx->dir_entry);
+
+ for (i=0; idir_entry, i);
+
+ if (XSTRLEN(entry->dir_name) == pathLen &&
+ XSTRNCMP(entry->dir_name, buf, pathLen) == 0) {
+ WOLFSSL_MSG("dir entry found");
+ break;
+ }
+ }
+
+ if (num == -1 || i == num) {
+ WOLFSSL_MSG("no entry found");
+
+ if (ctx->dir_entry == NULL) {
+ ctx->dir_entry = wolfSSL_sk_BY_DIR_entry_new_null();
+
+ if (ctx->dir_entry == NULL) {
+ WOLFSSL_MSG("failed to allocate dir_entry");
+ #ifdef WOLFSSL_SMALL_STACK
+ XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL);
+ #endif
+ return 0;
+ }
+ }
+
+ entry = wolfSSL_BY_DIR_entry_new();
+ if (entry == NULL) {
+ WOLFSSL_MSG("failed to allocate dir entry");
+ #ifdef WOLFSSL_SMALL_STACK
+ XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL);
+ #endif
+ return 0;
+ }
+ entry->dir_type = (int)argl;
+ entry->dir_name = (char*)XMALLOC(pathLen + 1/* \0 termination*/
+ , NULL, DYNAMIC_TYPE_OPENSSL);
+ entry->hashes = wolfSSL_sk_BY_DIR_HASH_new_null();
+ if (entry->dir_name == NULL || entry->hashes == NULL) {
+ WOLFSSL_MSG("failed to allocate dir name");
+ wolfSSL_BY_DIR_entry_free(entry);
+ #ifdef WOLFSSL_SMALL_STACK
+ XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL);
+ #endif
+ return 0;
+ }
+
+ XSTRNCPY(entry->dir_name, buf, pathLen);
+ entry->dir_name[pathLen] = '\0';
+
+ if (wolfSSL_sk_BY_DIR_entry_push(ctx->dir_entry, entry)
+ != WOLFSSL_SUCCESS) {
+ wolfSSL_BY_DIR_entry_free(entry);
+ #ifdef WOLFSSL_SMALL_STACK
+ XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL);
+ #endif
+ return 0;
+ }
+ }
+ /* skip separator */
+ if (*c == SEPARATOR_CHAR) c++;
+
+ pathLen = 0;
+ XMEMSET(buf, 0, MAX_FILENAME_SZ);
+ }
+ buf[pathLen++] = *c;
+
+ } while(*c++ != '\0');
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL);
+#endif
+
+ return WOLFSSL_SUCCESS;
+#else
+ (void)ctx;
+ (void)argc;
+ return WOLFSSL_NOT_IMPLEMENTED;
+#endif
+}
+
+/* set additional data to X509_LOOKUP */
+/* @param ctx a pointer to X509_LOOKUP structure */
+/* @param cmd control command : */
+/* X509_L_FILE_LOAD, X509_L_ADD_DIR X509_L_ADD_STORE or */
+/* X509_L_LOAD_STORE */
+/* @param argc arguments for the control command */
+/* @param argl arguments for the control command */
+/* @param **ret return value of the control command */
+/* @return WOLFSSL_SUCCESS on successful, othewise WOLFSSL_FAILURE */
+/* note: WOLFSSL_X509_L_ADD_STORE and WOLFSSL_X509_L_LOAD_STORE have not*/
+/* yet implemented. It retutns WOLFSSL_NOT_IMPLEMENTED */
+/* when those control commands are passed. */
int wolfSSL_X509_LOOKUP_ctrl(WOLFSSL_X509_LOOKUP *ctx, int cmd,
const char *argc, long argl, char **ret)
{
- /* control commands:
- * X509_L_FILE_LOAD, X509_L_ADD_DIR, X509_L_ADD_STORE, X509_L_LOAD_STORE
- */
-
- /* returns -1 if the X509_LOOKUP doesn't have an associated X509_LOOKUP_METHOD */
-
-
+ int lret = WOLFSSL_FAILURE;
+ WOLFSSL_ENTER("wolfSSL_X509_LOOKUP_ctrl");
+#if !defined(NO_FILESYSTEM)
if (ctx != NULL) {
switch (cmd) {
case WOLFSSL_X509_L_FILE_LOAD:
+ /* expects to return a number of processed cert or crl file */
+ lret = wolfSSL_X509_load_cert_crl_file(ctx, argc, (int)argl) > 0 ?
+ WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
+ break;
case WOLFSSL_X509_L_ADD_DIR:
+ /* store directory loaction to use it later */
+#if !defined(NO_WOLFSSL_DIR)
+ lret = x509AddCertDir(ctx->dirs, argc, argl);
+#else
+ (void)x509AddCertDir;
+ lret = WOLFSSL_NOT_IMPLEMENTED;
+#endif
+ break;
case WOLFSSL_X509_L_ADD_STORE:
case WOLFSSL_X509_L_LOAD_STORE:
- return WOLFSSL_SUCCESS;
+ return WOLFSSL_NOT_IMPLEMENTED;
default:
break;
}
-
}
-
- (void)argc; (void)argl; (void)ret;
-
- return WOLFSSL_FAILURE;
+ (void)ret;
+#else
+ (void)ctx;
+ (void)argc;
+ (void)argl;
+ (void)ret;
+ (void)cmd;
+ (void)x509AddCertDir;
+ lret = WOLFSSL_NOT_IMPLEMENTED;
+#endif
+ return lret;
}
@@ -24841,13 +25105,13 @@ WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store,
WOLFSSL_X509_LOOKUP_METHOD* m)
{
WOLFSSL_ENTER("SSL_X509_STORE_add_lookup");
- if (store == NULL)
+ if (store == NULL || m == NULL)
return NULL;
- /* Method is a dummy value and is not needed. */
- (void)m;
/* Make sure the lookup has a back reference to the store. */
store->lookup.store = store;
+ /* store a type to know which method wants to be used for */
+ store->lookup.type = m->type;
return &store->lookup;
}
@@ -24993,7 +25257,7 @@ static WOLFSSL_X509* d2i_X509orX509REQ_bio(WOLFSSL_BIO* bio,
}
size = wolfSSL_BIO_get_len(bio);
- if (size == 0) {
+ if (size <= 0) {
WOLFSSL_MSG("wolfSSL_BIO_get_len error. Possibly no pending data.");
return NULL;
}
@@ -25702,7 +25966,17 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void)
NULL, DYNAMIC_TYPE_OPENSSL)) == NULL) {
goto err_exit;
}
-
+ XMEMSET(store->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
+ if ((store->lookup.dirs = (WOLFSSL_BY_DIR*)XMALLOC(sizeof(WOLFSSL_BY_DIR),
+ NULL, DYNAMIC_TYPE_OPENSSL)) == NULL) {
+ WOLFSSL_MSG("store->lookup.dir memory allocation error");
+ goto err_exit;
+ }
+ XMEMSET(store->lookup.dirs, 0, sizeof(WOLFSSL_BY_DIR));
+ if (wc_InitMutex(&store->lookup.dirs->lock) != 0) {
+ WOLFSSL_MSG("Bad mutex init");
+ goto err_exit;
+ }
#endif
return store;
@@ -25728,6 +26002,17 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
XFREE(store->param, NULL, DYNAMIC_TYPE_OPENSSL);
store->param = NULL;
}
+
+ if (store->lookup.dirs != NULL) {
+#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ if (store->lookup.dirs->dir_entry) {
+ wolfSSL_sk_BY_DIR_entry_free(store->lookup.dirs->dir_entry);
+ }
+#endif
+ wc_FreeMutex(&store->lookup.dirs->lock);
+ XFREE(store->lookup.dirs, NULL, DYNAMIC_TYPE_OPENSSL);
+ store->lookup.dirs = NULL;
+ }
#endif
XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE);
}
@@ -26141,6 +26426,99 @@ WOLFSSL_X509 *wolfSSL_d2i_X509_fp(XFILE fp, WOLFSSL_X509 **x509)
WOLFSSL_ENTER("wolfSSL_d2i_X509_fp");
return (WOLFSSL_X509 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)x509, CERT_TYPE);
}
+/* load certificate or CRL file, and add it to the STORE */
+/* @param ctx a pointer to X509_LOOKUP structure */
+/* @param file file name to load */
+/* @param type WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1 */
+/* @return a number of loading CRL or certificate, otherwise zero */
+WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,
+ const char *file, int type)
+{
+ STACK_OF(WOLFSSL_X509_INFO) *info;
+ WOLFSSL_X509_INFO *info_tmp;
+ WOLFSSL_BIO *bio;
+ WOLFSSL_X509 *x509 = NULL;
+
+ int i;
+ int cnt = 0;
+ int num = 0;
+
+ WOLFSSL_ENTER("wolfSSL_X509_load_cert_crl_file");
+
+ /* stanity check */
+ if (ctx == NULL || file == NULL) {
+ WOLFSSL_MSG("bad arguments");
+ return 0;
+ }
+
+ if (type != WOLFSSL_FILETYPE_PEM) {
+ x509 = wolfSSL_X509_load_certificate_file(file, type);
+ if (x509 != NULL) {
+ if (wolfSSL_X509_STORE_add_cert(ctx->store, x509)
+ == WOLFSSL_SUCCESS) {
+ cnt++;
+ } else {
+ WOLFSSL_MSG("wolfSSL_X509_STORE_add_cert error");
+ }
+ wolfSSL_X509_free(x509);
+ x509 = NULL;
+ } else {
+ WOLFSSL_MSG("wolfSSL_X509_load_certificate_file error");
+ }
+
+ } else {
+#ifdef OPENSSL_ALL
+ bio = wolfSSL_BIO_new_file(file, "rb");
+ if(!bio) {
+ WOLFSSL_MSG("wolfSSL_BIO_new error");
+ return cnt;
+ }
+
+ info = wolfSSL_PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL);
+
+ wolfSSL_BIO_free(bio);
+
+ if (!info) {
+ WOLFSSL_MSG("wolfSSL_PEM_X509_INFO_read_bio error");
+ return cnt;
+ }
+ num = wolfSSL_sk_X509_INFO_num(info);
+ for (i=0; i < num; i++) {
+ info_tmp = wolfSSL_sk_X509_INFO_value(info, i);
+
+ if (info_tmp->x509) {
+ if(wolfSSL_X509_STORE_add_cert(ctx->store, info_tmp->x509) ==
+ WOLFSSL_SUCCESS) {
+ cnt ++;
+ } else {
+ WOLFSSL_MSG("wolfSSL_X509_STORE_add_cert failed");
+ }
+ }
+#ifdef HAVE_CRL
+ if (info_tmp->crl) {
+ if(wolfSSL_X509_STORE_add_crl(ctx->store, info_tmp->crl) ==
+ WOLFSSL_SUCCESS) {
+ cnt ++;
+ } else {
+ WOLFSSL_MSG("wolfSSL_X509_STORE_add_crl failed");
+ }
+ }
+#endif
+ }
+ wolfSSL_sk_X509_INFO_pop_free(info, X509_INFO_free);
+#else
+ (void)i;
+ (void)cnt;
+ (void)num;
+ (void)info_tmp;
+ (void)info;
+ (void)bio;
+#endif
+ }
+
+ WOLFSSL_LEAVE("wolfSSL_X509_load_ceretificate_crl_file", cnt);
+ return cnt;
+}
#endif /* !NO_FILESYSTEM */
@@ -30179,21 +30557,36 @@ int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO* bio,
}
p = (const char *)(asnTime->data);
/* GetTimeString not always available. */
- wolfSSL_BIO_write(bio, MonthStr(p + 4), 3);
- wolfSSL_BIO_write(bio, " ", 1);
+ if (wolfSSL_BIO_write(bio, MonthStr(p + 4), 3) <= 0)
+ return WOLFSSL_FAILURE;
+ if (wolfSSL_BIO_write(bio, " ", 1) <= 0)
+ return WOLFSSL_FAILURE;
+
/* Day */
- wolfSSL_BIO_write(bio, p + 6, 2);
- wolfSSL_BIO_write(bio, " ", 1);
+ if (wolfSSL_BIO_write(bio, p + 6, 2) <= 0)
+ return WOLFSSL_FAILURE;
+ if (wolfSSL_BIO_write(bio, " ", 1) <= 0)
+ return WOLFSSL_FAILURE;
+
/* Hour */
- wolfSSL_BIO_write(bio, p + 8, 2);
- wolfSSL_BIO_write(bio, ":", 1);
+ if (wolfSSL_BIO_write(bio, p + 8, 2) <= 0)
+ return WOLFSSL_FAILURE;
+ if (wolfSSL_BIO_write(bio, ":", 1) <= 0)
+ return WOLFSSL_FAILURE;
+
/* Min */
- wolfSSL_BIO_write(bio, p + 10, 2);
- wolfSSL_BIO_write(bio, ":", 1);
+ if (wolfSSL_BIO_write(bio, p + 10, 2) <= 0)
+ return WOLFSSL_FAILURE;
+ if (wolfSSL_BIO_write(bio, ":", 1) <= 0)
+ return WOLFSSL_FAILURE;
+
/* Secs */
- wolfSSL_BIO_write(bio, p + 12, 2);
- wolfSSL_BIO_write(bio, " ", 1);
- wolfSSL_BIO_write(bio, p, 4);
+ if (wolfSSL_BIO_write(bio, p + 12, 2) <= 0)
+ return WOLFSSL_FAILURE;
+ if (wolfSSL_BIO_write(bio, " ", 1) <= 0)
+ return WOLFSSL_FAILURE;
+ if (wolfSSL_BIO_write(bio, p, 4) <= 0)
+ return WOLFSSL_FAILURE;
return 0;
}
@@ -31492,33 +31885,41 @@ WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG, int *initTmpRng)
*/
static int wolfSSL_RAND_Init(void)
{
- if (wc_LockMutex(&globalRNGMutex) != 0) {
- WOLFSSL_MSG("Bad Lock Mutex rng");
- return 0;
- }
- if (initGlobalRNG == 0) {
- if (wc_InitRng(&globalRNG) < 0) {
- WOLFSSL_MSG("wolfSSL Init Global RNG failed");
- wc_UnLockMutex(&globalRNGMutex);
- return 0;
+ int ret = WOLFSSL_FAILURE;
+#ifdef HAVE_GLOBAL_RNG
+ if (wc_LockMutex(&globalRNGMutex) == 0) {
+ if (initGlobalRNG == 0) {
+ ret = wc_InitRng(&globalRNG);
+ if (ret == 0) {
+ initGlobalRNG = 1;
+ ret = WOLFSSL_SUCCESS;
+ }
}
- initGlobalRNG = 1;
+ wc_UnLockMutex(&globalRNGMutex);
}
-
- wc_UnLockMutex(&globalRNGMutex);
- return WOLFSSL_SUCCESS;
+#endif
+ return ret;
}
/* WOLFSSL_SUCCESS on ok */
int wolfSSL_RAND_seed(const void* seed, int len)
{
-
- WOLFSSL_MSG("wolfSSL_RAND_seed");
-
+#ifndef WOLFSSL_NO_OPENSSL_RAND_CB
+ if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) {
+ if (gRandMethods && gRandMethods->seed) {
+ int ret = gRandMethods->seed(seed, len);
+ wc_UnLockMutex(&gRandMethodMutex);
+ return ret;
+ }
+ wc_UnLockMutex(&gRandMethodMutex);
+ }
+#else
(void)seed;
(void)len;
+#endif
+ /* Make sure global shared RNG (globalRNG) is initialized */
return wolfSSL_RAND_Init();
}
@@ -31822,48 +32223,75 @@ int wolfSSL_RAND_egd(const char* nm)
void wolfSSL_RAND_Cleanup(void)
{
- WOLFSSL_ENTER("wolfSSL_RAND_Cleanup()");
+#ifndef WOLFSSL_NO_OPENSSL_RAND_CB
+ if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) {
+ if (gRandMethods && gRandMethods->cleanup)
+ gRandMethods->cleanup();
+ wc_UnLockMutex(&gRandMethodMutex);
+ }
- if (wc_LockMutex(&globalRNGMutex) != 0) {
- WOLFSSL_MSG("Bad Lock Mutex rng");
- return;
+ if (wc_FreeMutex(&gRandMethodMutex) == 0)
+ gRandMethodsInit = 0;
+#endif
+#ifdef HAVE_GLOBAL_RNG
+ if (wc_LockMutex(&globalRNGMutex) == 0) {
+ if (initGlobalRNG) {
+ wc_FreeRng(&globalRNG);
+ initGlobalRNG = 0;
+ }
+ wc_UnLockMutex(&globalRNGMutex);
}
- if (initGlobalRNG != 0) {
- wc_FreeRng(&globalRNG);
- initGlobalRNG = 0;
- }
- wc_UnLockMutex(&globalRNGMutex);
+#endif
}
-
+/* returns WOLFSSL_SUCCESS if the bytes generated are valid otherwise WOLFSSL_FAILURE */
int wolfSSL_RAND_pseudo_bytes(unsigned char* buf, int num)
{
+#ifndef WOLFSSL_NO_OPENSSL_RAND_CB
+ if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) {
+ if (gRandMethods && gRandMethods->pseudorand) {
+ int ret = gRandMethods->pseudorand(buf, num);
+ wc_UnLockMutex(&gRandMethodMutex);
+ return ret;
+ }
+ wc_UnLockMutex(&gRandMethodMutex);
+ }
+#endif
+
+ /* fallback to using the global shared RNG */
return wolfSSL_RAND_bytes(buf, num);
}
-
-/* WOLFSSL_SUCCESS on ok */
+/* returns WOLFSSL_SUCCESS if the bytes generated are valid otherwise WOLFSSL_FAILURE */
int wolfSSL_RAND_bytes(unsigned char* buf, int num)
{
int ret = 0;
- int initTmpRng = 0;
WC_RNG* rng = NULL;
#ifdef WOLFSSL_SMALL_STACK
- WC_RNG* tmpRNG;
+ WC_RNG* tmpRNG = NULL;
#else
WC_RNG tmpRNG[1];
#endif
- int used_global = 0;
+ int initTmpRng = 0;
int blockCount = 0;
+#ifdef HAVE_GLOBAL_RNG
+ int used_global = 0;
+#endif
WOLFSSL_ENTER("wolfSSL_RAND_bytes");
-#ifdef WOLFSSL_SMALL_STACK
- tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
- if (tmpRNG == NULL)
- return ret;
+ /* if a RAND callback has been set try and use it */
+#ifndef WOLFSSL_NO_OPENSSL_RAND_CB
+ if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) {
+ if (gRandMethods && gRandMethods->bytes) {
+ ret = gRandMethods->bytes(buf, num);
+ wc_UnLockMutex(&gRandMethodMutex);
+ return ret;
+ }
+ wc_UnLockMutex(&gRandMethodMutex);
+ }
#endif
-
+#ifdef HAVE_GLOBAL_RNG
if (initGlobalRNG) {
if (wc_LockMutex(&globalRNGMutex) != 0) {
WOLFSSL_MSG("Bad Lock Mutex rng");
@@ -31873,41 +32301,51 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num)
rng = &globalRNG;
used_global = 1;
}
- else if(wc_InitRng(tmpRNG) == 0) {
- rng = tmpRNG;
- initTmpRng = 1;
+ else
+#endif
+ {
+ #ifdef WOLFSSL_SMALL_STACK
+ tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
+ if (tmpRNG == NULL)
+ return ret;
+ #endif
+ if (wc_InitRng(tmpRNG) == 0) {
+ rng = tmpRNG;
+ initTmpRng = 1;
+ }
}
if (rng) {
- /* handles size grater than RNG_MAX_BLOCK_LEN */
+ /* handles size greater than RNG_MAX_BLOCK_LEN */
blockCount = num / RNG_MAX_BLOCK_LEN;
-
- while(blockCount--) {
- if((ret = wc_RNG_GenerateBlock(rng, buf, RNG_MAX_BLOCK_LEN) != 0)){
+
+ while (blockCount--) {
+ ret = wc_RNG_GenerateBlock(rng, buf, RNG_MAX_BLOCK_LEN);
+ if (ret != 0) {
WOLFSSL_MSG("Bad wc_RNG_GenerateBlock");
break;
}
num -= RNG_MAX_BLOCK_LEN;
buf += RNG_MAX_BLOCK_LEN;
}
-
+
if (ret == 0 && num)
ret = wc_RNG_GenerateBlock(rng, buf, num);
-
+
if (ret != 0)
WOLFSSL_MSG("Bad wc_RNG_GenerateBlock");
else
ret = WOLFSSL_SUCCESS;
}
- if (used_global == 1) {
+#ifdef HAVE_GLOBAL_RNG
+ if (used_global == 1)
wc_UnLockMutex(&globalRNGMutex);
- }
-
+#endif
if (initTmpRng)
wc_FreeRng(tmpRNG);
-
#ifdef WOLFSSL_SMALL_STACK
- XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
+ if (tmpRNG)
+ XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
#endif
return ret;
@@ -31993,6 +32431,10 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_BN_to_ASN1_INTEGER(const WOLFSSL_BIGNUM *bn, WOLFS
}
else {
len = wolfSSL_BN_bn2bin(bn, a->data);
+ if (len < 0) {
+ wolfSSL_ASN1_INTEGER_free(a);
+ return NULL;
+ }
}
a->length = len;
@@ -32435,6 +32877,7 @@ int SetDhExternal(WOLFSSL_DH *dh)
if (dh == NULL || dh->internal == NULL) {
WOLFSSL_MSG("dh key NULL error");
+ return WOLFSSL_FATAL_ERROR;
}
key = (DhKey*)dh->internal;
@@ -37091,11 +37534,12 @@ int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
mp_clear(&modulus);
return WOLFSSL_FAILURE;
}
+
+ mp_clear(&modulus);
}
BN_copy(x, point->X);
BN_copy(y, point->Y);
- mp_clear(&modulus);
return WOLFSSL_SUCCESS;
}
@@ -39079,7 +39523,10 @@ int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset)
return WOLFSSL_FAILURE;
}
XMEMSET(rawKey, 0, rawLen);
- mp_to_unsigned_bin(rsaElem, rawKey);
+ if (mp_to_unsigned_bin(rsaElem, rawKey) < 0) {
+ XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return WOLFSSL_FAILURE;
+ }
if ((word32)rawLen <= sizeof(word32)) {
idx = *(word32*)rawKey;
#ifdef BIG_ENDIAN_ORDER
@@ -39107,7 +39554,10 @@ int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset)
WOLFSSL_MSG("Memory error");
return WOLFSSL_FAILURE;
}
- mp_to_unsigned_bin(rsaElem, rawKey);
+ if (mp_to_unsigned_bin(rsaElem, rawKey) < 0) {
+ XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return WOLFSSL_FAILURE;
+ }
for (idx = 0; idx < (word32)rawLen; idx++) {
char val[5];
int valSz = 5;
@@ -40815,6 +41265,10 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
WOLFSSL_MSG("Serial size error");
return WOLFSSL_FAILURE;
}
+ if ((int)sizeof(cert->serial) < serialSz) {
+ WOLFSSL_MSG("Serial buffer too small");
+ return BUFFER_E;
+ }
XMEMCPY(cert->serial, serial, serialSz);
cert->serialSz = serialSz;
#else
@@ -41304,6 +41758,193 @@ static int ConvertNIDToWolfSSL(int nid)
}
}
+#if defined(OPENSSL_ALL)
+/* Convert ASN1 input string into canonical ASN1 string */
+/* , which has the following rules: */
+/* convert to UTF8 */
+/* convert to lower case */
+/* multi-spaces collapsed */
+/* @param asn_out a pointer to ASN1_STRING to be converted */
+/* @param asn_in a pointer to input ASN1_STRING */
+/* @return WOLFSSL_SUCCESS on successful converted, otherwise <=0 error code*/
+static int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
+ const WOLFSSL_ASN1_STRING* asn_in)
+{
+ char* dst;
+ char* src;
+ int i, len;
+
+ WOLFSSL_ENTER("wolfSSL_ASN1_STRING_canon");
+
+ /* sanity check */
+ if (asn_out == NULL || asn_in == NULL) {
+ WOLFSSL_MSG("invalid function arguments");
+ return BAD_FUNC_ARG;
+ }
+
+ switch (asn_in->type) {
+ case MBSTRING_UTF8:
+ case V_ASN1_PRINTABLESTRING:
+ break;
+ default:
+ WOLFSSL_MSG("just copy string");
+ return wolfSSL_ASN1_STRING_copy(asn_out, asn_in);
+ }
+ /* type is set as UTF8 */
+ asn_out->type = MBSTRING_UTF8;
+ asn_out->length = wolfSSL_ASN1_STRING_to_UTF8(
+ (unsigned char**)&asn_out->data
+ , (WOLFSSL_ASN1_STRING*)asn_in);
+
+ if (asn_out->length < 0) {
+ return WOLFSSL_FAILURE;
+ }
+ /* point to the last */
+ dst = asn_out->data + asn_out->length;
+ /* point to the start */
+ src = asn_out->data;
+
+ len = asn_out->length;
+
+ /* trimming spaces at the head and tail */
+ dst--;
+ for (; (len > 0 && XISSPACE(*dst)); len--) {
+ dst--;
+ }
+ for (; (len > 0 && XISSPACE(*src)); len--) {
+ src++;
+ }
+
+ /* point to the start */
+ dst = asn_out->data;
+
+ for (i = 0; i < len; dst++, i++) {
+ if (!XISASCII(*src)) {
+ /* keep non-ascii code */
+ *dst = *src++;
+ } else if (XISSPACE(*src)) {
+ *dst = 0x20; /* space */
+ /* remove the rest of spaces */
+ while (XISSPACE(*++src) && i++ < len);
+ } else {
+ *dst = XTOLOWER(*src++);
+ }
+ }
+ /* put actual length */
+ asn_out->length = (int)(dst - asn_out->data);
+ return WOLFSSL_SUCCESS;
+}
+
+/* This is to convert the x509 name structure into canonical DER format */
+/* , which has the following rules: */
+/* convert to UTF8 */
+/* convert to lower case */
+/* multi-spaces collapsed */
+/* leading SEQUENCE hader is skipped */
+/* @param name a pointer to X509_NAME that is to be converted */
+/* @param out a pointer to conveted data */
+/* @return a number of converted bytes, otherwise <=0 error code */
+int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, unsigned char** out)
+{
+ int totalBytes = 0, i, idx;
+ byte *output, *local = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+ EncodedName* names = NULL;
+#else
+ EncodedName names[MAX_NAME_ENTRIES];
+#endif
+
+ if (out == NULL || name == NULL)
+ return BAD_FUNC_ARG;
+
+#ifdef WOLFSSL_SMALL_STACK
+ names = (EncodedName*)XMALLOC(sizeof(EncodedName) * MAX_NAME_ENTRIES, NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+ if (names == NULL)
+ return MEMORY_E;
+#endif
+
+ XMEMSET(names, 0, sizeof(EncodedName) * MAX_NAME_ENTRIES);
+
+ for (i = 0; i < MAX_NAME_ENTRIES; i++) {
+ WOLFSSL_X509_NAME_ENTRY* entry;
+ int ret;
+
+ entry = wolfSSL_X509_NAME_get_entry(name, i);
+ if (entry != NULL && entry->set == 1) {
+ const char* nameStr;
+ WOLFSSL_ASN1_STRING* data;
+ WOLFSSL_ASN1_STRING* cano_data;
+
+ cano_data = wolfSSL_ASN1_STRING_new();
+ if (cano_data == NULL) {
+ #ifdef WOLFSSL_SMALL_STACK
+ XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ #endif
+ return MEMORY_E;
+ }
+
+ data = wolfSSL_X509_NAME_ENTRY_get_data(entry);
+ if (data == NULL) {
+ #ifdef WOLFSSL_SMALL_STACK
+ XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ #endif
+ wolfSSL_ASN1_STRING_free(cano_data);
+ WOLFSSL_MSG("Error getting entry data");
+ return WOLFSSL_FATAL_ERROR;
+ }
+ if (wolfSSL_ASN1_STRING_canon(cano_data, data) != WOLFSSL_SUCCESS) {
+ return WOLFSSL_FAILURE;
+ }
+ nameStr = (const char*)wolfSSL_ASN1_STRING_data(cano_data);
+
+ ret = wc_EncodeNameCanonical(&names[i], nameStr, CTC_UTF8,
+ ConvertNIDToWolfSSL(entry->nid));
+ if (ret < 0) {
+ #ifdef WOLFSSL_SMALL_STACK
+ XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ #endif
+ wolfSSL_ASN1_STRING_free(cano_data);
+ WOLFSSL_MSG("EncodeName failed");
+ return WOLFSSL_FATAL_ERROR;
+ }
+ totalBytes += ret;
+ wolfSSL_OPENSSL_free(cano_data->data);
+ wolfSSL_ASN1_STRING_free(cano_data);
+ }
+ }
+
+ /* skip header */
+ /* check if using buffer passed in */
+ if (*out == NULL) {
+ *out = local = (unsigned char*)XMALLOC(totalBytes, NULL,
+ DYNAMIC_TYPE_OPENSSL);
+ if (*out == NULL) {
+ return MEMORY_E;
+ }
+ }
+ output = *out;
+ idx = 0;
+
+ for (i = 0; i < MAX_NAME_ENTRIES; i++) {
+ if (names[i].used) {
+ XMEMCPY(output + idx, names[i].encoded, names[i].totalLen);
+ idx += names[i].totalLen;
+ }
+ }
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ /* used existing buffer passed in, so increment pointer */
+ if (local == NULL) {
+ *out += totalBytes;
+ }
+ return totalBytes;
+}
+#endif
+
/* Converts the x509 name structure into DER format.
*
* out pointer to either a pre setup buffer or a pointer to null for
@@ -41555,6 +42196,7 @@ cleanup:
pem = (unsigned char*)XMALLOC(l, 0, DYNAMIC_TYPE_PEM);
if (pem == NULL)
return NULL;
+ XMEMSET(pem, 0, l);
i = 0;
if (wc_PemGetHeaderFooter(type, NULL, &footer) != 0) {
@@ -42232,15 +42874,19 @@ err:
*
* returns WOLFSSL_SUCCESS on success
*/
- static int wolfSSL_X509_INFO_set(WOLFSSL_X509_INFO* info,
+ static int wolfSSL_X509_INFO_set(WOLFSSL_X509_INFO** info,
WOLFSSL_X509* x509)
{
if (info == NULL || x509 == NULL) {
return BAD_FUNC_ARG;
}
+ if (*info == NULL) {
+ return BAD_FUNC_ARG;
+ }
+
/* check is fresh "info" passed in, if not free it */
- if (info->x509 != NULL || info->x_pkey != NULL) {
+ if ((*info)->x509 != NULL || (*info)->x_pkey != NULL) {
WOLFSSL_X509_INFO* tmp;
tmp = wolfSSL_X509_INFO_new();
@@ -42248,11 +42894,11 @@ err:
WOLFSSL_MSG("Unable to create new structure");
return MEMORY_E;
}
- wolfSSL_X509_INFO_free(info);
- info = tmp;
+ wolfSSL_X509_INFO_free(*info);
+ (*info) = tmp;
}
- info->x509 = x509;
+ (*info)->x509 = x509;
//@TODO info->num
//@TODO info->enc_cipher
@@ -42260,8 +42906,8 @@ err:
//@TODO info->enc_data
//@TODO info->crl
- info->x_pkey = wolfSSL_X509_PKEY_new(x509->heap);
- return wolfSSL_X509_PKEY_set(info->x_pkey, x509);
+ (*info)->x_pkey = wolfSSL_X509_PKEY_new(x509->heap);
+ return wolfSSL_X509_PKEY_set((*info)->x_pkey, x509);
}
/**
@@ -42410,6 +43056,8 @@ err:
}
XFREE(pem, 0, DYNAMIC_TYPE_PEM);
+ if (der)
+ FreeDer(&der);
return WOLFSSL_SUCCESS;
err:
if (pem)
@@ -42456,7 +43104,7 @@ err:
return NULL;
}
if (x509) {
- ret = wolfSSL_X509_INFO_set(current, x509);
+ ret = wolfSSL_X509_INFO_set(¤t, x509);
}
else if (crl) {
current->crl = crl;
@@ -42571,8 +43219,10 @@ err:
ne->object = wolfSSL_OBJ_nid2obj_ex(nid, ne->object);
ne->value = wolfSSL_ASN1_STRING_type_new(type);
if (ne->value != NULL) {
- wolfSSL_ASN1_STRING_set(ne->value, (const void*)data, dataSz);
- ne->set = 1;
+ if (wolfSSL_ASN1_STRING_set(ne->value, (const void*)data,
+ dataSz) == WOLFSSL_SUCCESS) {
+ ne->set = 1;
+ }
}
}
@@ -42616,8 +43266,10 @@ err:
ne->object = wolfSSL_OBJ_nid2obj_ex(nid, ne->object);
ne->value = wolfSSL_ASN1_STRING_type_new(type);
if (ne->value != NULL) {
- wolfSSL_ASN1_STRING_set(ne->value, (const void*)data, dataSz);
- ne->set = 1;
+ if (wolfSSL_ASN1_STRING_set(ne->value, (const void*)data, dataSz)
+ == WOLFSSL_SUCCESS) {
+ ne->set = 1;
+ }
}
return ne;
@@ -43032,6 +43684,10 @@ err:
const char* name = wolfSSL_OBJ_nid2ln(wolfSSL_OBJ_obj2nid(a));
#endif
+ if (name == NULL) {
+ WOLFSSL_MSG("Name not found");
+ return WOLFSSL_FAILURE;
+ }
if (XSTRLEN(name) + 1 < (word32)bufLen - 1) {
bufSz = (int)XSTRLEN(name);
}
@@ -45315,6 +45971,7 @@ WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out)
const byte* bioMemPt = bioMem; /* leave bioMem pointer unaltered */
if ((key = wolfSSL_d2i_RSAPrivateKey(NULL, &bioMemPt, bioMemSz)) == NULL) {
XFREE((unsigned char*)bioMem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE((unsigned char*)maxKeyBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
return NULL;
}
@@ -45660,6 +46317,7 @@ void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx)
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || FORTRESS */
+/* Note: This is a huge section of API's - through wolfSSL_SESSION_print */
#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH)))
@@ -45761,19 +46419,6 @@ int wolfSSL_FIPS_mode_set(int r)
}
#endif
-#ifndef NO_WOLFSSL_STUB
-int wolfSSL_RAND_set_rand_method(const void *meth)
-{
- (void) meth;
- WOLFSSL_ENTER("wolfSSL_RAND_set_rand_method");
- WOLFSSL_STUB("RAND_set_rand_method");
-
- /* if implemented RAND_bytes and RAND_pseudo_bytes need updated
- * those two functions will call the respective functions from meth */
- return SSL_FAILURE;
-}
-#endif
-
int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits)
{
int ret = WOLFSSL_FAILURE;
@@ -45884,7 +46529,6 @@ void wolfSSL_sk_SSL_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk)
}
}
-
int wolfSSL_sk_X509_INFO_num(const WOLF_STACK_OF(WOLFSSL_X509_INFO) *sk)
{
WOLFSSL_ENTER("wolfSSL_sk_X509_INFO_num");
@@ -46323,7 +46967,7 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
int count = 0, len = 0, totalSz = 0, tmpSz = 0;
char tmp[ASN_NAME_MAX+1];
- char fullName[ASN_NAME_MAX];
+ char fullName[ASN_NAME_MAX+2];
const char *buf = NULL;
WOLFSSL_X509_NAME_ENTRY* ne;
WOLFSSL_ASN1_STRING* str;
@@ -48231,7 +48875,7 @@ int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1,
XFREE(asn1->data, NULL, DYNAMIC_TYPE_OPENSSL);
asn1->isDynamic = 0;
}
- XMEMSET(asn1->intData, 0, sizeof(WOLFSSL_ASN1_INTEGER));
+ XMEMSET(asn1->intData, 0, WOLFSSL_ASN1_INTEGER_MAX);
asn1->data = asn1->intData;
asn1->length = 0;
asn1->negative = 0;
@@ -48260,7 +48904,7 @@ int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1,
len = asn1->length + (lineLen/2);
/* Check if it will fit in static memory and
* save space for the ASN tag in front */
- if (len > (int)(sizeof(asn1->intData) - extraTagSz)) {
+ if (len > (int)(WOLFSSL_ASN1_INTEGER_MAX - extraTagSz)) {
/* Allocate mem for data */
if (asn1->isDynamic) {
byte* tmp = (byte*)XREALLOC(asn1->data, len + extraTagSz, NULL,
@@ -48272,12 +48916,17 @@ int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1,
asn1->data = tmp;
}
else {
+ /* Up to this point asn1->data pointed to asn1->intData.
+ * Now that the size has grown larger than intData can handle
+ * the asn1 structure moves to a dynamic type with isDynamic
+ * flag being set and asn1->data being malloc'd. */
asn1->data = (byte*)XMALLOC(len + extraTagSz, NULL,
DYNAMIC_TYPE_OPENSSL);
if (!asn1->data) {
WOLFSSL_MSG("malloc error");
return WOLFSSL_FAILURE;
}
+ asn1->isDynamic = 1;
XMEMCPY(asn1->data, asn1->intData, asn1->length);
}
}
@@ -48319,8 +48968,7 @@ int wolfSSL_i2a_ASN1_INTEGER(BIO *bp, const WOLFSSL_ASN1_INTEGER *a)
/* Zero length integer is the value zero. */
if (len == 0) {
- wolfSSL_BIO_write(bp, "00", 2);
- return 2;
+ return wolfSSL_BIO_write(bp, "00", 2);
}
if (Base16_Encode(a->data + idx, len, buf, &bufLen) != 0 ||
@@ -49059,7 +49707,7 @@ int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names)
#endif
}
- if (curve > (sizeof(word32) * WOLFSSL_BIT_SIZE)) {
+ if (curve >= (sizeof(word32) * WOLFSSL_BIT_SIZE)) {
/* shift left more than size of ctx->disabledCurves causes static
* analysis report */
WOLFSSL_MSG("curve value is too large for upcoming shift");
@@ -50804,6 +51452,9 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* str, int len,
return NULL;
}
} else {
+ /* This may be overly defensive */
+ if (weOwn)
+ wolfSSL_BN_free(ret);
return NULL;
}
@@ -50828,7 +51479,7 @@ int wolfSSL_mask_bits(WOLFSSL_BIGNUM* bn, int n)
int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
{
int ret = 0;
- int len = bits / 8;
+ int len;
int initTmpRng = 0;
WC_RNG* rng = NULL;
#ifdef WOLFSSL_SMALL_STACK
@@ -50843,9 +51494,19 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
(void)bottom;
WOLFSSL_MSG("wolfSSL_BN_rand");
+ if (bits <= 0) {
+ return WOLFSSL_FAILURE;
+ }
+
+ len = bits / 8;
if (bits % 8)
len++;
+ /* has to be a length of at least 1 since we set buf[0] and buf[len-1] */
+ if (len < 1) {
+ return WOLFSSL_FAILURE;
+ }
+
#ifdef WOLFSSL_SMALL_STACK
buff = (byte*)XMALLOC(1024, NULL, DYNAMIC_TYPE_TMP_BUFFER);
tmpRNG = (WC_RNG*) XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
@@ -50901,7 +51562,7 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
int wolfSSL_BN_pseudo_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
{
int ret = 0;
- int len = bits / 8;
+ int len;
int initTmpRng = 0;
WC_RNG* rng = NULL;
#ifdef WOLFSSL_SMALL_STACK
@@ -50912,11 +51573,23 @@ int wolfSSL_BN_pseudo_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
byte buff[1024];
#endif
- WOLFSSL_MSG("wolfSSL_BN_rand");
+ WOLFSSL_ENTER("wolfSSL_BN_pseudo_rand");
+ if (bits <= 0) {
+ return WOLFSSL_FAILURE;
+ }
+
+ len = bits / 8;
if (bits % 8)
len++;
+ /* has to be a length of at least 1 since we set buf[0] and buf[len-1] */
+ if (top == 1 || top == 0 || bottom == 1) {
+ if (len < 1) {
+ return WOLFSSL_FAILURE;
+ }
+ }
+
#ifdef WOLFSSL_SMALL_STACK
buff = (byte*)XMALLOC(1024, NULL, DYNAMIC_TYPE_TMP_BUFFER);
tmpRNG = (WC_RNG*) XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -51018,17 +51691,17 @@ int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM* bn, int n)
if (bn == NULL || bn->internal == NULL) {
WOLFSSL_MSG("bn NULL error");
- goto cleanup;
+ goto end;
}
if (mp_is_bit_set((mp_int*)bn->internal, n)) {
#ifdef WOLFSSL_SMALL_STACK
tmp = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
if (tmp == NULL) {
- goto cleanup;
+ goto end;
}
#endif
if (mp_init(tmp) != MP_OKAY) {
- goto cleanup;
+ goto end;
}
if (mp_set_bit(tmp, n) != MP_OKAY) {
goto cleanup;
@@ -51036,11 +51709,15 @@ int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM* bn, int n)
if (mp_sub((mp_int*)bn->internal, tmp, (mp_int*)bn->internal) != MP_OKAY) {
goto cleanup;
}
+ } else {
+ goto end;
}
ret = WOLFSSL_SUCCESS;
cleanup:
mp_clear(tmp);
+
+end:
#ifdef WOLFSSL_SMALL_STACK
if (tmp)
XFREE(tmp, NULL, DYNAMIC_TYPE_BIGINT);
@@ -52182,6 +52859,18 @@ int wolfSSL_RSA_size(const WOLFSSL_RSA* rsa)
}
return wc_RsaEncryptSize((RsaKey*)rsa->internal);
}
+/* return RSA modulus in bits */
+/* @param rsa a pointer to WOLFSSL_RSA structur */
+/* @return RSA modulus size in bits, 0 if error */
+int wolfSSL_RSA_bits(const WOLFSSL_RSA* rsa)
+{
+ WOLFSSL_ENTER("wolfSSL_RSA_bits");
+
+ if (rsa == NULL)
+ return WOLFSSL_FAILURE;
+
+ return wolfSSL_BN_num_bits(rsa->n);
+}
#endif
#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) && \
diff --git a/src/tls.c b/src/tls.c
index 60fcc7a48..8859a94b4 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -2024,18 +2024,24 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, const byte* input, word16 length,
#ifndef NO_WOLFSSL_SERVER
if (!extension || !extension->data) {
- #if defined(WOLFSSL_ALWAYS_KEEP_SNI) && !defined(NO_WOLFSSL_SERVER)
- /* This will keep SNI even though TLSX_UseSNI has not been called.
- * Enable it so that the received sni is available to functions
- * that use a custom callback when SNI is received.
- */
-
+ /* This will keep SNI even though TLSX_UseSNI has not been called.
+ * Enable it so that the received sni is available to functions
+ * that use a custom callback when SNI is received.
+ */
+ #ifdef WOLFSSL_ALWAYS_KEEP_SNI
+ cacheOnly = 1;
+ #endif
+ if (ssl->ctx->sniRecvCb) {
cacheOnly = 1;
+ }
+
+ if (cacheOnly) {
WOLFSSL_MSG("Forcing SSL object to store SNI parameter");
- #else
+ }
+ else {
/* Skipping, SNI not enabled at server side. */
return 0;
- #endif
+ }
}
if (OPAQUE16_LEN > length)
@@ -2096,7 +2102,7 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, const byte* input, word16 length,
TLSX_SNI_SetStatus(ssl->extensions, type, (byte)matchStat);
- if(!cacheOnly)
+ if (!cacheOnly)
TLSX_SetResponse(ssl, TLSX_SERVER_NAME);
}
else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) {
diff --git a/src/tls13.c b/src/tls13.c
index 25de3907d..2fd6e18ba 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -1485,6 +1485,7 @@ end:
#else
return (word32)(ktime_get_real_ns() / (ktime_t)1000000);
#endif
+ }
#elif defined(WOLFSSL_QNX_CAAM)
word32 TimeNowInMilliseconds(void)
{
@@ -4211,6 +4212,9 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
}
if (!usingPSK) {
+ /* Not using PSK so don't require no KE. */
+ ssl->options.noPskDheKe = 0;
+
#ifndef NO_CERTS
if (TLSX_Find(ssl->extensions, TLSX_KEY_SHARE) == NULL) {
WOLFSSL_MSG("Client did not send a KeyShare extension");
diff --git a/src/wolfio.c b/src/wolfio.c
index cff63d3e2..3a5677fe2 100644
--- a/src/wolfio.c
+++ b/src/wolfio.c
@@ -800,6 +800,11 @@ int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags)
nfds = (int)sockfd + 1;
#endif
+ if ((sockfd < 0) || (sockfd >= FD_SETSIZE)) {
+ WOLFSSL_MSG("socket fd out of FDSET range");
+ return -1;
+ }
+
FD_ZERO(&rfds);
FD_SET(sockfd, &rfds);
wfds = rfds;
diff --git a/tests/api.c b/tests/api.c
index 2ab3158ef..da2b3ebcf 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -19,6 +19,11 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
+/* For AES-CBC, input lengths can optionally be validated to be a
+ * multiple of the block size, by defining WOLFSSL_AES_CBC_LENGTH_CHECKS,
+ * also available via the configure option --enable-aescbc-length-checks.
+ */
+
/*----------------------------------------------------------------------------*
| Includes
@@ -307,6 +312,7 @@
#include
#include
#include
+ #include
#ifdef OPENSSL_ALL
#include
#include
@@ -11616,6 +11622,208 @@ static int test_wc_AesCmacGenerate (void)
} /* END test_wc_AesCmacGenerate */
+/*
+ * Testing streaming AES-GCM API.
+ */
+static int test_wc_AesGcmStream (void)
+{
+ int ret = 0;
+#if !defined(NO_AES) && defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM) && \
+ defined(WOLFSSL_AESGCM_STREAM)
+
+ int i;
+ WC_RNG rng[1];
+ Aes aesEnc[1];
+ Aes aesDec[1];
+ byte tag[AES_BLOCK_SIZE];
+ byte in[AES_BLOCK_SIZE * 3 + 2] = { 0, };
+ byte out[AES_BLOCK_SIZE * 3 + 2];
+ byte plain[AES_BLOCK_SIZE * 3 + 2];
+ byte aad[AES_BLOCK_SIZE * 3 + 2] = { 0, };
+ byte key[AES_128_KEY_SIZE] = { 0, };
+ byte iv[AES_IV_SIZE] = { 1, };
+ byte ivOut[AES_IV_SIZE];
+ static const byte expTagAAD1[AES_BLOCK_SIZE] = {
+ 0x6c, 0x35, 0xe6, 0x7f, 0x59, 0x9e, 0xa9, 0x2f,
+ 0x27, 0x2d, 0x5f, 0x8e, 0x7e, 0x42, 0xd3, 0x05
+ };
+ static const byte expTagPlain1[AES_BLOCK_SIZE] = {
+ 0x24, 0xba, 0x57, 0x95, 0xd0, 0x27, 0x9e, 0x78,
+ 0x3a, 0x88, 0x4c, 0x0a, 0x5d, 0x50, 0x23, 0xd1
+ };
+ static const byte expTag[AES_BLOCK_SIZE] = {
+ 0x22, 0x91, 0x70, 0xad, 0x42, 0xc3, 0xad, 0x96,
+ 0xe0, 0x31, 0x57, 0x60, 0xb7, 0x92, 0xa3, 0x6d
+ };
+
+ /* Create a random for generating IV/nonce. */
+ AssertIntEQ(wc_InitRng(rng), 0);
+
+ /* Initialize data structures. */
+ AssertIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
+ AssertIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
+
+ /* BadParameters to streaming init. */
+ AssertIntEQ(wc_AesGcmEncryptInit(NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG);
+ AssertIntEQ(wc_AesGcmDecryptInit(NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG);
+ AssertIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, AES_128_KEY_SIZE, NULL, 0),
+ BAD_FUNC_ARG);
+ AssertIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, 0, NULL, GCM_NONCE_MID_SZ),
+ BAD_FUNC_ARG);
+
+ /* Bad parameters to encrypt update. */
+ AssertIntEQ(wc_AesGcmEncryptUpdate(NULL, NULL, NULL, 0, NULL, 0),
+ BAD_FUNC_ARG);
+ AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 1, NULL, 0),
+ BAD_FUNC_ARG);
+ AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, in, 1, NULL, 0),
+ BAD_FUNC_ARG);
+ AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, NULL, 1, NULL, 0),
+ BAD_FUNC_ARG);
+ AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, NULL, 1),
+ BAD_FUNC_ARG);
+ /* Bad parameters to decrypt update. */
+ AssertIntEQ(wc_AesGcmDecryptUpdate(NULL, NULL, NULL, 0, NULL, 0),
+ BAD_FUNC_ARG);
+ AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 1, NULL, 0),
+ BAD_FUNC_ARG);
+ AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, in, 1, NULL, 0),
+ BAD_FUNC_ARG);
+ AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, out, NULL, 1, NULL, 0),
+ BAD_FUNC_ARG);
+ AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, NULL, 1),
+ BAD_FUNC_ARG);
+
+ /* Bad parameters to encrypt final. */
+ AssertIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, 0), BAD_FUNC_ARG);
+ AssertIntEQ(wc_AesGcmEncryptFinal(NULL, tag, 0), BAD_FUNC_ARG);
+ AssertIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, AES_BLOCK_SIZE),
+ BAD_FUNC_ARG);
+ AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, 0), BAD_FUNC_ARG);
+ AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, NULL, AES_BLOCK_SIZE),
+ BAD_FUNC_ARG);
+ AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE + 1),
+ BAD_FUNC_ARG);
+ /* Bad parameters to decrypt final. */
+ AssertIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, 0), BAD_FUNC_ARG);
+ AssertIntEQ(wc_AesGcmDecryptFinal(NULL, tag, 0), BAD_FUNC_ARG);
+ AssertIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, AES_BLOCK_SIZE),
+ BAD_FUNC_ARG);
+ AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, 0), BAD_FUNC_ARG);
+ AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, NULL, AES_BLOCK_SIZE),
+ BAD_FUNC_ARG);
+ AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE + 1),
+ BAD_FUNC_ARG);
+
+ /* Check calling final before setting key fails. */
+ AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), MISSING_KEY);
+ AssertIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), MISSING_KEY);
+ /* Check calling update before setting key else fails. */
+ AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1),
+ MISSING_KEY);
+ AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1),
+ MISSING_KEY);
+
+ /* Set key but not IV. */
+ AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), NULL, 0), 0);
+ AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), NULL, 0), 0);
+ /* Check calling final before setting IV fails. */
+ AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), MISSING_IV);
+ AssertIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), MISSING_IV);
+ /* Check calling update before setting IV else fails. */
+ AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1),
+ MISSING_IV);
+ AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1),
+ MISSING_IV);
+
+ /* Set IV using fixed part IV and external IV APIs. */
+ AssertIntEQ(wc_AesGcmSetIV(aesEnc, GCM_NONCE_MID_SZ, iv, AES_IV_FIXED_SZ,
+ rng), 0);
+ AssertIntEQ(wc_AesGcmEncryptInit_ex(aesEnc, NULL, 0, ivOut,
+ GCM_NONCE_MID_SZ), 0);
+ AssertIntEQ(wc_AesGcmSetExtIV(aesDec, ivOut, GCM_NONCE_MID_SZ), 0);
+ AssertIntEQ(wc_AesGcmInit(aesDec, NULL, 0, NULL, 0), 0);
+ /* Encrypt and decrypt data. */
+ AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, aad, 1), 0);
+ AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, aad, 1), 0);
+ AssertIntEQ(XMEMCMP(plain, in, 1), 0);
+ /* Finalize and check tag matches. */
+ AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
+ AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
+
+ /* Set key and IV through streaming init API. */
+ AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
+ AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
+ /* Encrypt/decrypt one block and AAD of one block. */
+ AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, AES_BLOCK_SIZE, aad,
+ AES_BLOCK_SIZE), 0);
+ AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, AES_BLOCK_SIZE, aad,
+ AES_BLOCK_SIZE), 0);
+ AssertIntEQ(XMEMCMP(plain, in, AES_BLOCK_SIZE), 0);
+ /* Finalize and check tag matches. */
+ AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
+ AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
+
+ /* Set key and IV through streaming init API. */
+ AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
+ AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
+ /* No data to encrypt/decrypt one byte of AAD. */
+ AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), 0);
+ AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), 0);
+ /* Finalize and check tag matches. */
+ AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
+ AssertIntEQ(XMEMCMP(tag, expTagAAD1, AES_BLOCK_SIZE), 0);
+ AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
+
+ /* Set key and IV through streaming init API. */
+ AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
+ AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
+ /* Encrypt/decrypt one byte and no AAD. */
+ AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, NULL, 0), 0);
+ AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, NULL, 0), 0);
+ AssertIntEQ(XMEMCMP(plain, in, 1), 0);
+ /* Finalize and check tag matches. */
+ AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
+ AssertIntEQ(XMEMCMP(tag, expTagPlain1, AES_BLOCK_SIZE), 0);
+ AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
+
+ /* Set key and IV through streaming init API. */
+ AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
+ AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
+ /* Encryption AES is one byte at a time */
+ for (i = 0; i < (int)sizeof(aad); i++) {
+ AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad + i, 1),
+ 0);
+ }
+ for (i = 0; i < (int)sizeof(in); i++) {
+ AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out + i, in + i, 1, NULL, 0),
+ 0);
+ }
+ /* Decryption AES is two bytes at a time */
+ for (i = 0; i < (int)sizeof(aad); i += 2) {
+ AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad + i, 2),
+ 0);
+ }
+ for (i = 0; i < (int)sizeof(aad); i += 2) {
+ AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain + i, out + i, 2, NULL,
+ 0), 0);
+ }
+ AssertIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);
+ /* Finalize and check tag matches. */
+ AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
+ AssertIntEQ(XMEMCMP(tag, expTag, AES_BLOCK_SIZE), 0);
+ AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
+
+ /* Check streaming encryption can be decrypted with one shot. */
+ AssertIntEQ(wc_AesGcmSetKey(aesDec, key, sizeof(key)), 0);
+ AssertIntEQ(wc_AesGcmDecrypt(aesDec, plain, out, sizeof(in), iv,
+ AES_IV_SIZE, tag, AES_BLOCK_SIZE, aad, sizeof(aad)), 0);
+ AssertIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);
+
+#endif
+ return ret;
+
+} /* END test_wc_AesGcmStream */
/*
@@ -12882,11 +13090,12 @@ static int test_wc_AesCbcEncryptDecrypt (void)
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
};
- byte vector[] = /* Now is the time for all w/o trailing 0 */
+ byte vector[] = /* Now is the time for all good men w/o trailing 0 */
{
0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
+ 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20,
+ 0x67,0x6f,0x6f,0x64,0x20,0x6d,0x65,0x6e
};
byte iv[] = "1234567890abcdef";
byte enc[sizeof(vector)];
@@ -12916,8 +13125,8 @@ static int test_wc_AesCbcEncryptDecrypt (void)
iv, AES_DECRYPTION);
}
if (ret == 0) {
- ret = wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE);
- if (ret != 0 || XMEMCMP(vector, dec, AES_BLOCK_SIZE) != 0) {
+ ret = wc_AesCbcDecrypt(&aes, dec, enc, sizeof(vector));
+ if (ret != 0 || XMEMCMP(vector, dec, sizeof(vector)) != 0) {
ret = WOLFSSL_FATAL_ERROR;
} else {
/* Set flag. */
@@ -12949,6 +13158,16 @@ static int test_wc_AesCbcEncryptDecrypt (void)
} else {
cbcE = WOLFSSL_FATAL_ERROR;
}
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+ if (cbcE == 0) {
+ cbcE = wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector) - 1);
+ }
+ if (cbcE == BAD_LENGTH_E) {
+ cbcE = 0;
+ } else {
+ cbcE = WOLFSSL_FATAL_ERROR;
+ }
+#endif
}
if (cbcE == 0) {
/* Test passing in size of 0 */
@@ -12977,11 +13196,19 @@ static int test_wc_AesCbcEncryptDecrypt (void)
if (cbcD == BAD_FUNC_ARG) {
cbcD = wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE * 2 - 1);
}
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+ if (cbcD == BAD_LENGTH_E) {
+ cbcD = 0;
+ } else {
+ cbcD = WOLFSSL_FATAL_ERROR;
+ }
+#else
if (cbcD == BAD_FUNC_ARG) {
cbcD = 0;
} else {
cbcD = WOLFSSL_FATAL_ERROR;
}
+#endif
}
if (cbcD == 0) {
/* Test passing in size of 0 */
@@ -27767,7 +27994,272 @@ static int verify_cb(int ok, X509_STORE_CTX *ctx)
}
#endif
+static void test_wolfSSL_X509_Name_canon(void)
+{
+#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_SHA) && \
+ defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT))
+
+ const long ex_hash1 = 0x0fdb2da4;
+ const long ex_hash2 = 0x9f3e8c9e;
+ X509_NAME *name = NULL;
+ X509 *x509 = NULL;
+ FILE* file = NULL;
+ unsigned long hash = 0;
+ byte digest[WC_MAX_DIGEST_SIZE] = {0};
+ byte *pbuf = NULL;
+ word32 len = 0;
+ (void) ex_hash2;
+ printf(testingFmt, "test_wolfSSL_X509_Name_canon()");
+ file = XFOPEN(caCertFile, "rb");
+ AssertNotNull(file);
+ AssertNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL));
+ AssertNotNull(name = X509_get_issuer_name(x509));
+
+ AssertIntGT((len = wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0);
+ AssertIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0);
+
+ hash = (((unsigned long)digest[3] << 24) |
+ ((unsigned long)digest[2] << 16) |
+ ((unsigned long)digest[1] << 8) |
+ ((unsigned long)digest[0]));
+ AssertIntEQ(hash, ex_hash1);
+
+ XFCLOSE(file);
+ X509_free(x509);
+ XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL);
+ pbuf = NULL;
+
+ file = XFOPEN(cliCertFile, "rb");
+ AssertNotNull(file);
+ AssertNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL));
+ AssertNotNull(name = X509_get_issuer_name(x509));
+
+ AssertIntGT((len = wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0);
+ AssertIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0);
+
+ hash = (((unsigned long)digest[3] << 24) |
+ ((unsigned long)digest[2] << 16) |
+ ((unsigned long)digest[1] << 8) |
+ ((unsigned long)digest[0]));
+
+ AssertIntEQ(hash, ex_hash2);
+
+ XFCLOSE(file);
+ X509_free(x509);
+ XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL);
+
+ printf(resultFmt, passed);
+
+#endif
+
+}
+
+static void test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void)
+{
+#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+ const int MAX_DIR = 4;
+ const char paths[][32] = {
+ "./certs/ed25519",
+ "./certs/ecc",
+ "./certs/crl",
+ "./certs/",
+ };
+
+ char CertCrl_path[MAX_FILENAME_SZ];
+ char *p;
+ X509_STORE* str;
+ X509_LOOKUP* lookup;
+ WOLFSSL_STACK* sk = NULL;
+ int len, total_len, i;
+
+ (void) sk;
+
+ printf(testingFmt, "test_wolfSSL_X509_LOOKUP_ctrl_hash_dir()");
+
+ XMEMSET(CertCrl_path, 0, MAX_FILENAME_SZ);
+
+ /* illegal string */
+ AssertNotNull((str = wolfSSL_X509_STORE_new()));
+ AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
+ AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "",
+ SSL_FILETYPE_PEM,NULL), 0);
+
+ /* free store */
+ X509_STORE_free(str);
+
+ /* short folder string */
+ AssertNotNull((str = wolfSSL_X509_STORE_new()));
+ AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
+ AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "./",
+ SSL_FILETYPE_PEM,NULL), 1);
+ #if defined(WOLFSSL_INT_H)
+ /* only available when including internal.h */
+ AssertNotNull(sk = lookup->dirs->dir_entry);
+ #endif
+ /* free store */
+ X509_STORE_free(str);
+
+ /* typical function check */
+ p = &CertCrl_path[0];
+ total_len = 0;
+
+ for(i = MAX_DIR - 1; i>=0 && total_len < MAX_FILENAME_SZ; i--) {
+ len = (int)XSTRLEN((const char*)&paths[i]);
+ total_len += len;
+ XSTRNCPY(p, paths[i], MAX_FILENAME_SZ - total_len);
+ p += len;
+ if (i != 0) *(p++) = SEPARATOR_CHAR;
+ }
+
+ AssertNotNull((str = wolfSSL_X509_STORE_new()));
+ AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
+ AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, CertCrl_path,
+ SSL_FILETYPE_PEM,NULL), 1);
+ #if defined(WOLFSSL_INT_H)
+ /* only available when including internal.h */
+ AssertNotNull(sk = lookup->dirs->dir_entry);
+ #endif
+
+ X509_STORE_free(str);
+
+ printf(resultFmt, passed);
+#endif
+
+}
+
+static void test_wolfSSL_X509_LOOKUP_ctrl_file(void)
+{
+#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
+ defined(WOLFSSL_SIGNER_DER_CERT)
+
+ X509_STORE_CTX* ctx;
+ X509_STORE* str;
+ X509_LOOKUP* lookup;
+
+ X509* cert1;
+ X509* x509Ca;
+ X509* x509Svr;
+ X509* issuer;
+
+ WOLFSSL_STACK* sk = NULL;
+ X509_NAME* caName;
+ X509_NAME* issuerName;
+
+ FILE* file1 = NULL;
+ int i, cert_count, cmp;
+
+ char der[] = "certs/ca-cert.der";
+
+#ifdef HAVE_CRL
+ char pem[][100] = {
+ "./certs/crl/crl.pem",
+ "./certs/crl/crl2.pem",
+ "./certs/crl/caEccCrl.pem",
+ "./certs/crl/eccCliCRL.pem",
+ "./certs/crl/eccSrvCRL.pem",
+ ""
+ };
+#endif
+ printf(testingFmt, "test_wolfSSL_X509_LOOKUP_ctrl_file()");
+ AssertNotNull(file1=fopen("./certs/ca-cert.pem", "rb"));
+
+ AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL));
+ fclose(file1);
+
+ AssertNotNull(ctx = X509_STORE_CTX_new());
+ AssertNotNull((str = wolfSSL_X509_STORE_new()));
+ AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
+ AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile,
+ SSL_FILETYPE_PEM,NULL), 1);
+ AssertNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm));
+ AssertIntEQ((cert_count = sk_X509_num(sk)), 1);
+
+ /* check if CA cert is loaded into the store */
+ for (i = 0; i < cert_count; i++) {
+ x509Ca = sk_X509_value(sk, i);
+ AssertIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1));
+ }
+
+ AssertNotNull((x509Svr =
+ wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));
+
+ AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS);
+
+ AssertNull(X509_STORE_CTX_get0_current_issuer(NULL));
+ issuer = X509_STORE_CTX_get0_current_issuer(ctx);
+ AssertNotNull(issuer);
+
+ caName = X509_get_subject_name(x509Ca);
+ AssertNotNull(caName);
+ issuerName = X509_get_subject_name(issuer);
+ AssertNotNull(issuerName);
+ cmp = X509_NAME_cmp(caName, issuerName);
+ AssertIntEQ(cmp, 0);
+
+ /* load der format */
+ X509_free(issuer);
+ X509_STORE_CTX_free(ctx);
+ X509_STORE_free(str);
+ sk_X509_free(sk);
+ X509_free(x509Svr);
+
+ AssertNotNull((str = wolfSSL_X509_STORE_new()));
+ AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
+ AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, der,
+ SSL_FILETYPE_ASN1,NULL), 1);
+ AssertNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm));
+ AssertIntEQ((cert_count = sk_X509_num(sk)), 1);
+ /* check if CA cert is loaded into the store */
+ for (i = 0; i < cert_count; i++) {
+ x509Ca = sk_X509_value(sk, i);
+ AssertIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1));
+ }
+
+ X509_STORE_free(str);
+ sk_X509_free(sk);
+ X509_free(cert1);
+
+#ifdef HAVE_CRL
+ AssertNotNull(str = wolfSSL_X509_STORE_new());
+ AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
+ AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile,
+ SSL_FILETYPE_PEM,NULL), 1);
+ AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD,
+ "certs/server-revoked-cert.pem",
+ SSL_FILETYPE_PEM,NULL), 1);
+ if (str) {
+ AssertIntEQ(wolfSSL_CertManagerVerify(str->cm, svrCertFile,
+ WOLFSSL_FILETYPE_PEM), 1);
+ /* since store hasn't yet known the revoked cert*/
+ AssertIntEQ(wolfSSL_CertManagerVerify(str->cm,
+ "certs/server-revoked-cert.pem",
+ WOLFSSL_FILETYPE_PEM), 1);
+ }
+ for (i = 0; pem[i][0] != '\0'; i++)
+ {
+ AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, pem[i],
+ SSL_FILETYPE_PEM, NULL), 1);
+ }
+
+ if (str) {
+ /* since store knows crl list */
+ AssertIntEQ(wolfSSL_CertManagerVerify(str->cm,
+ "certs/server-revoked-cert.pem",
+ WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
+ }
+
+ X509_STORE_free(str);
+
+#endif
+
+
+ printf(resultFmt, passed);
+#endif
+}
static void test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
@@ -28460,7 +28952,8 @@ static void test_wolfSSL_X509_STORE(void)
static void test_wolfSSL_X509_STORE_load_locations(void)
{
-#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_FILESYSTEM)
+#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_FILESYSTEM)\
+ && !defined(NO_WOLFSSL_DIR)
SSL_CTX *ctx;
X509_STORE *store;
@@ -29451,6 +29944,51 @@ static void test_wolfSSL_ASN1_BIT_STRING(void)
#endif
}
+static void test_wolfSSL_a2i_ASN1_INTEGER(void)
+{
+#ifdef OPENSSL_EXTRA
+ BIO *bio, *out;
+ ASN1_INTEGER* ai;
+ char buf[] = "123456\n12345\n112345678912345678901234567890\n";
+ char tmp[1024];
+ int tmpSz;
+
+ const char expected1[] = "123456";
+ const char expected2[] = "112345678912345678901234567890";
+
+ printf(testingFmt, "test_wolfSSL_a2i_ASN1_INTEGER()");
+
+ AssertNotNull(bio = BIO_new_mem_buf(buf, -1));
+ AssertNotNull(out = BIO_new(BIO_s_mem()));
+ AssertNotNull(ai = ASN1_INTEGER_new());
+
+ /* read first line */
+ AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS);
+ AssertIntEQ(i2a_ASN1_INTEGER(out, ai), 6);
+ XMEMSET(tmp, 0, 1024);
+ tmpSz = BIO_read(out, tmp, 1024);
+ AssertIntEQ(tmpSz, 6);
+ AssertIntEQ(XMEMCMP(tmp, expected1, tmpSz), 0);
+
+ /* fail on second line (not % 2) */
+ AssertIntNE(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS);
+
+ /* read 3rd long line */
+ AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS);
+ AssertIntEQ(i2a_ASN1_INTEGER(out, ai), 30);
+ XMEMSET(tmp, 0, 1024);
+ tmpSz = BIO_read(out, tmp, 1024);
+ AssertIntEQ(tmpSz, 30);
+ AssertIntEQ(XMEMCMP(tmp, expected2, tmpSz), 0);
+
+ BIO_free(out);
+ BIO_free(bio);
+ ASN1_INTEGER_free(ai);
+
+ printf(resultFmt, passed);
+
+#endif
+}
static void test_wolfSSL_DES_ecb_encrypt(void)
{
@@ -30384,6 +30922,125 @@ static void test_wolfSSL_BUF(void)
#endif /* OPENSSL_EXTRA */
}
+#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB)
+static int stub_rand_seed(const void *buf, int num)
+{
+ (void)buf;
+ (void)num;
+
+ return 123;
+}
+
+static int stub_rand_bytes(unsigned char *buf, int num)
+{
+ (void)buf;
+ (void)num;
+
+ return 456;
+}
+
+static byte* was_stub_rand_cleanup_called(void)
+{
+ static byte was_called = 0;
+
+ return &was_called;
+}
+
+static void stub_rand_cleanup(void)
+{
+ byte* was_called = was_stub_rand_cleanup_called();
+
+ *was_called = 1;
+
+ return;
+}
+
+static byte* was_stub_rand_add_called(void)
+{
+ static byte was_called = 0;
+
+ return &was_called;
+}
+
+static int stub_rand_add(const void *buf, int num, double entropy)
+{
+ byte* was_called = was_stub_rand_add_called();
+
+ (void)buf;
+ (void)num;
+ (void)entropy;
+
+ *was_called = 1;
+
+ return 0;
+}
+
+static int stub_rand_pseudo_bytes(unsigned char *buf, int num)
+{
+ (void)buf;
+ (void)num;
+
+ return 9876;
+}
+
+static int stub_rand_status(void)
+{
+ return 5432;
+}
+#endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */
+
+static void test_wolfSSL_RAND_set_rand_method(void)
+{
+#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB)
+ WOLFSSL_RAND_METHOD rand_methods = {NULL, NULL, NULL, NULL, NULL, NULL};
+ unsigned char* buf = NULL;
+ int num = 0;
+ double entropy = 0;
+ byte* was_cleanup_called = was_stub_rand_cleanup_called();
+ byte* was_add_called = was_stub_rand_add_called();
+
+ printf(testingFmt, "wolfSSL_RAND_set_rand_method()");
+
+ AssertIntNE(wolfSSL_RAND_status(), 5432);
+ AssertIntEQ(*was_cleanup_called, 0);
+ wolfSSL_RAND_Cleanup();
+ AssertIntEQ(*was_cleanup_called, 0);
+
+
+ rand_methods.seed = &stub_rand_seed;
+ rand_methods.bytes = &stub_rand_bytes;
+ rand_methods.cleanup = &stub_rand_cleanup;
+ rand_methods.add = &stub_rand_add;
+ rand_methods.pseudorand = &stub_rand_pseudo_bytes;
+ rand_methods.status = &stub_rand_status;
+
+ AssertIntEQ(wolfSSL_RAND_set_rand_method(&rand_methods), WOLFSSL_SUCCESS);
+ AssertIntEQ(wolfSSL_RAND_seed(buf, num), 123);
+ AssertIntEQ(wolfSSL_RAND_bytes(buf, num), 456);
+ AssertIntEQ(wolfSSL_RAND_pseudo_bytes(buf, num), 9876);
+ AssertIntEQ(wolfSSL_RAND_status(), 5432);
+
+ AssertIntEQ(*was_add_called, 0);
+ /* The function pointer for RAND_add returns int, but RAND_add itself returns void. */
+ wolfSSL_RAND_add(buf, num, entropy);
+ AssertIntEQ(*was_add_called, 1);
+ was_add_called = 0;
+ AssertIntEQ(*was_cleanup_called, 0);
+ wolfSSL_RAND_Cleanup();
+ AssertIntEQ(*was_cleanup_called, 1);
+ *was_cleanup_called = 0;
+
+
+ AssertIntEQ(wolfSSL_RAND_set_rand_method(NULL), WOLFSSL_SUCCESS);
+ AssertIntNE(wolfSSL_RAND_status(), 5432);
+ AssertIntEQ(*was_cleanup_called, 0);
+ wolfSSL_RAND_Cleanup();
+ AssertIntEQ(*was_cleanup_called, 0);
+
+ printf(resultFmt, passed);
+#endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */
+}
+
static void test_wolfSSL_RAND_bytes(void)
{
#if defined(OPENSSL_EXTRA)
@@ -30414,6 +31071,29 @@ static void test_wolfSSL_RAND_bytes(void)
#endif
}
+static void test_wolfSSL_BN_rand(void)
+{
+ #if defined(OPENSSL_EXTRA)
+ BIGNUM* bn;
+
+ printf(testingFmt, "wolfSSL_BN_rand()");
+
+ AssertNotNull(bn = BN_new());
+ AssertIntNE(BN_rand(bn, 0, 0, 0), SSL_SUCCESS);
+ BN_free(bn);
+
+ AssertNotNull(bn = BN_new());
+ AssertIntEQ(BN_rand(bn, 8, 0, 0), SSL_SUCCESS);
+ BN_free(bn);
+
+ AssertNotNull(bn = BN_new());
+ AssertIntEQ(BN_rand(bn, 64, 0, 0), SSL_SUCCESS);
+ BN_free(bn);
+
+ printf(resultFmt, passed);
+ #endif
+}
+
static void test_wolfSSL_pseudo_rand(void)
{
#if defined(OPENSSL_EXTRA)
@@ -32533,6 +33213,11 @@ static void test_wolfSSL_RSA(void)
AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
AssertIntEQ(RSA_size(rsa), 256);
+
+ /* sanity check */
+ AssertIntEQ(RSA_bits(NULL), 0);
+
+ AssertIntEQ(RSA_bits(rsa), 2048);
RSA_get0_key(rsa, &n, &e, &d);
AssertPtrEq(rsa->n, n);
AssertPtrEq(rsa->e, e);
@@ -32544,11 +33229,15 @@ static void test_wolfSSL_RSA(void)
AssertPtrEq(rsa->n, n);
AssertPtrEq(rsa->e, e);
AssertPtrEq(rsa->d, d);
+
+ AssertIntEQ(BN_hex2bn(&rsa->n, "1FFFFF"), 1);
+ AssertIntEQ(RSA_bits(rsa), 21);
RSA_free(rsa);
-
+
#if !defined(USE_FAST_MATH) || (FP_MAX_BITS >= (3072*2))
AssertNotNull(rsa = RSA_generate_key(3072, 17, NULL, NULL));
AssertIntEQ(RSA_size(rsa), 384);
+ AssertIntEQ(RSA_bits(rsa), 3072);
RSA_free(rsa);
#endif
@@ -33346,7 +34035,7 @@ static void test_wolfSSL_MD5_Transform(void)
unsigned char output2[] =
"\x8d\x79\xd3\xef\x90\x25\x17\x67\xc7\x79\x13\xa4\xbc\x7b\xa7\xe3";
- WOLFSSL_MD5_CTX md5;
+ MD5_CTX md5;
printf(testingFmt, "wolfSSL_MD5_Transform()");
@@ -33354,9 +34043,9 @@ static void test_wolfSSL_MD5_Transform(void)
XMEMSET(&local, 0, sizeof(local));
/* sanity check */
- AssertIntEQ(wolfSSL_MD5_Transform(NULL, NULL), 0);
- AssertIntEQ(wolfSSL_MD5_Transform(NULL, (const byte*)&input1), 0);
- AssertIntEQ(wolfSSL_MD5_Transform(&md5, NULL), 0);
+ AssertIntEQ(MD5_Transform(NULL, NULL), 0);
+ AssertIntEQ(MD5_Transform(NULL, (const byte*)&input1), 0);
+ AssertIntEQ(MD5_Transform(&md5, NULL), 0);
AssertIntEQ(wc_Md5Transform(NULL, NULL), BAD_FUNC_ARG);
AssertIntEQ(wc_Md5Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
AssertIntEQ(wc_Md5Transform((wc_Md5*)&md5, NULL), BAD_FUNC_ARG);
@@ -33366,17 +34055,17 @@ static void test_wolfSSL_MD5_Transform(void)
/* Do Transform*/
sLen = (word32)XSTRLEN((char*)input1);
XMEMCPY(local, input1, sLen);
- AssertIntEQ(wolfSSL_MD5_Transform(&md5, (const byte*)&local[0]), 1);
+ AssertIntEQ(MD5_Transform(&md5, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Md5*)&md5)->digest[0], output1,
WC_MD5_DIGEST_SIZE), 0);
/* Init MD5 CTX */
- AssertIntEQ(wolfSSL_MD5_Init(&md5), 1);
+ AssertIntEQ(MD5_Init(&md5), 1);
sLen = (word32)XSTRLEN((char*)input2);
XMEMSET(local, 0, WC_MD5_BLOCK_SIZE);
XMEMCPY(local, input2, sLen);
- AssertIntEQ(wolfSSL_MD5_Transform(&md5, (const byte*)&local[0]), 1);
+ AssertIntEQ(MD5_Transform(&md5, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Md5*)&md5)->digest[0], output2,
WC_MD5_DIGEST_SIZE), 0);
@@ -33423,7 +34112,8 @@ static void test_wolfSSL_SHA_Transform(void)
"\x8b\x74\xb2\x97\xca\xbc\x5b\x4f\xea\xe6\xc0\x5b\xa0\xb4\x40\x2d"
"\xb8\x08\x6e\x7c";
- WOLFSSL_SHA_CTX sha;
+ SHA_CTX sha;
+ SHA_CTX sha1;
printf(testingFmt, "wolfSSL_SHA_Transform()");
@@ -33431,31 +34121,51 @@ static void test_wolfSSL_SHA_Transform(void)
XMEMSET(&local, 0, sizeof(local));
/* sanity check */
- AssertIntEQ(wolfSSL_SHA_Transform(NULL, NULL), 0);
- AssertIntEQ(wolfSSL_SHA_Transform(NULL, (const byte*)&input1), 0);
- AssertIntEQ(wolfSSL_SHA_Transform(&sha, NULL), 0);
+ AssertIntEQ(SHA_Transform(NULL, NULL), 0);
+ AssertIntEQ(SHA_Transform(NULL, (const byte*)&input1), 0);
+ AssertIntEQ(SHA_Transform(&sha, NULL), 0);
+ AssertIntEQ(SHA1_Transform(NULL, NULL), 0);
+ AssertIntEQ(SHA1_Transform(NULL, (const byte*)&input1), 0);
+ AssertIntEQ(SHA1_Transform(&sha, NULL), 0);
AssertIntEQ(wc_ShaTransform(NULL, NULL), BAD_FUNC_ARG);
AssertIntEQ(wc_ShaTransform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
AssertIntEQ(wc_ShaTransform((wc_Sha*)&sha, NULL), BAD_FUNC_ARG);
/* Init SHA CTX */
- AssertIntEQ(wolfSSL_SHA_Init(&sha), 1);
+ AssertIntEQ(SHA_Init(&sha), 1);
/* Do Transform*/
sLen = (word32)XSTRLEN((char*)input1);
XMEMCPY(local, input1, sLen);
- AssertIntEQ(wolfSSL_SHA_Transform(&sha, (const byte*)&local[0]), 1);
+ AssertIntEQ(SHA_Transform(&sha, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha)->digest[0], output1,
WC_SHA_DIGEST_SIZE), 0);
-
- /* Init SHA256 CTX */
- AssertIntEQ(wolfSSL_SHA_Init(&sha), 1);
+ /* Init SHA CTX */
+ AssertIntEQ(SHA_Init(&sha), 1);
sLen = (word32)XSTRLEN((char*)input2);
XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
XMEMCPY(local, input2, sLen);
- AssertIntEQ(wolfSSL_SHA_Transform(&sha, (const byte*)&local[0]), 1);
+ AssertIntEQ(SHA_Transform(&sha, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha)->digest[0], output2,
WC_SHA_DIGEST_SIZE), 0);
-
+ /* SHA1 */
+ XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
+ /* Init SHA CTX */
+ AssertIntEQ(SHA1_Init(&sha1), 1);
+ /* Do Transform*/
+ sLen = (word32)XSTRLEN((char*)input1);
+ XMEMCPY(local, input1, sLen);
+ AssertIntEQ(SHA1_Transform(&sha1, (const byte*)&local[0]), 1);
+ AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha1)->digest[0], output1,
+ WC_SHA_DIGEST_SIZE), 0);
+ /* Init SHA CTX */
+ AssertIntEQ(SHA1_Init(&sha1), 1);
+ sLen = (word32)XSTRLEN((char*)input2);
+ XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
+ XMEMCPY(local, input2, sLen);
+ AssertIntEQ(SHA1_Transform(&sha1, (const byte*)&local[0]), 1);
+ AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha1)->digest[0], output2,
+ WC_SHA_DIGEST_SIZE), 0);
+
printf(resultFmt, passed);
#endif
#endif
@@ -33477,7 +34187,7 @@ static void test_wolfSSL_SHA256_Transform(void)
"\x67\xd4\x4e\x1d\x67\x61\x7c\x67\x26\x76\x10\x44\xb8\xff\x10\x78"
"\x39\x9a\xc8\x40\x8c\x60\x16\x73\x05\xd6\x61\xa6\x35\x8c\xf2\x91";
- WOLFSSL_SHA256_CTX sha256;
+ SHA256_CTX sha256;
printf(testingFmt, "wolfSSL_SHA256_Transform()");
@@ -33485,28 +34195,28 @@ static void test_wolfSSL_SHA256_Transform(void)
XMEMSET(&local, 0, sizeof(local));
/* sanity check */
- AssertIntEQ(wolfSSL_SHA256_Transform(NULL, NULL), 0);
- AssertIntEQ(wolfSSL_SHA256_Transform(NULL, (const byte*)&input1), 0);
- AssertIntEQ(wolfSSL_SHA256_Transform(&sha256, NULL), 0);
+ AssertIntEQ(SHA256_Transform(NULL, NULL), 0);
+ AssertIntEQ(SHA256_Transform(NULL, (const byte*)&input1), 0);
+ AssertIntEQ(SHA256_Transform(&sha256, NULL), 0);
AssertIntEQ(wc_Sha256Transform(NULL, NULL), BAD_FUNC_ARG);
AssertIntEQ(wc_Sha256Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
AssertIntEQ(wc_Sha256Transform((wc_Sha256*)&sha256, NULL), BAD_FUNC_ARG);
/* Init SHA256 CTX */
- AssertIntEQ(wolfSSL_SHA256_Init(&sha256), 1);
+ AssertIntEQ(SHA256_Init(&sha256), 1);
/* Do Transform*/
sLen = (word32)XSTRLEN((char*)input1);
XMEMCPY(local, input1, sLen);
- AssertIntEQ(wolfSSL_SHA256_Transform(&sha256, (const byte*)&local[0]), 1);
+ AssertIntEQ(SHA256_Transform(&sha256, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha256*)&sha256)->digest[0], output1,
WC_SHA256_DIGEST_SIZE), 0);
/* Init SHA256 CTX */
- AssertIntEQ(wolfSSL_SHA256_Init(&sha256), 1);
+ AssertIntEQ(SHA256_Init(&sha256), 1);
sLen = (word32)XSTRLEN((char*)input2);
XMEMSET(local, 0, WC_SHA256_BLOCK_SIZE);
XMEMCPY(local, input2, sLen);
- AssertIntEQ(wolfSSL_SHA256_Transform(&sha256, (const byte*)&local[0]), 1);
+ AssertIntEQ(SHA256_Transform(&sha256, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha256*)&sha256)->digest[0], output2,
WC_SHA256_DIGEST_SIZE), 0);
@@ -33559,7 +34269,7 @@ static void test_wolfSSL_SHA512_Transform(void)
"\x83\x4e\xba\x2c\x54\x2e\x8f\x31\x98\x38\x2b\x8f\x9d\xec\x88\xbe"
"\x4d\x5e\x8b\x53\x9d\x4e\xd2\x14\xf0\x96\x20\xaf\x69\x6c\x68\xde";
- WOLFSSL_SHA512_CTX sha512;
+ SHA512_CTX sha512;
printf(testingFmt, "wolfSSL_SHA512_Transform()");
@@ -33567,9 +34277,9 @@ static void test_wolfSSL_SHA512_Transform(void)
XMEMSET(&local, 0, sizeof(local));
/* sanity check */
- AssertIntEQ(wolfSSL_SHA512_Transform(NULL, NULL), 0);
- AssertIntEQ(wolfSSL_SHA512_Transform(NULL, (const byte*)&input1), 0);
- AssertIntEQ(wolfSSL_SHA512_Transform(&sha512, NULL), 0);
+ AssertIntEQ(SHA512_Transform(NULL, NULL), 0);
+ AssertIntEQ(SHA512_Transform(NULL, (const byte*)&input1), 0);
+ AssertIntEQ(SHA512_Transform(&sha512, NULL), 0);
AssertIntEQ(wc_Sha512Transform(NULL, NULL), BAD_FUNC_ARG);
AssertIntEQ(wc_Sha512Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
AssertIntEQ(wc_Sha512Transform((wc_Sha512*)&sha512, NULL), BAD_FUNC_ARG);
@@ -33580,16 +34290,16 @@ static void test_wolfSSL_SHA512_Transform(void)
/* Do Transform*/
sLen = (word32)XSTRLEN((char*)input1);
XMEMCPY(local, input1, sLen);
- AssertIntEQ(wolfSSL_SHA512_Transform(&sha512, (const byte*)&local[0]), 1);
+ AssertIntEQ(SHA512_Transform(&sha512, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha512*)&sha512)->digest[0], output1,
WC_SHA512_DIGEST_SIZE), 0);
/* Init SHA512 CTX */
- AssertIntEQ(wolfSSL_SHA512_Init(&sha512), 1);
+ AssertIntEQ(SHA512_Init(&sha512), 1);
sLen = (word32)XSTRLEN((char*)input2);
XMEMSET(local, 0, WC_SHA512_BLOCK_SIZE);
XMEMCPY(local, input2, sLen);
- AssertIntEQ(wolfSSL_SHA512_Transform(&sha512, (const byte*)&local[0]), 1);
+ AssertIntEQ(SHA512_Transform(&sha512, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha512*)&sha512)->digest[0], output2,
WC_SHA512_DIGEST_SIZE), 0);
(void)input1;
@@ -39429,14 +40139,14 @@ static void test_wolfSSL_X509_load_crl_file(void)
WOLFSSL_X509_STORE* store;
WOLFSSL_X509_LOOKUP* lookup;
- printf(testingFmt, "wolfSSL_X509_laod_crl_file");
+ printf(testingFmt, "wolfSSL_X509_load_crl_file");
AssertNotNull(store = wolfSSL_X509_STORE_new());
AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
- AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
+ AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
X509_FILETYPE_PEM), 1);
- AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem",
+ AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem",
X509_FILETYPE_PEM), 1);
if (store) {
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
@@ -39448,7 +40158,7 @@ static void test_wolfSSL_X509_load_crl_file(void)
for (i = 0; pem[i][0] != '\0'; i++)
{
- AssertIntEQ(wolfSSL_X509_load_crl_file(lookup, pem[i], WOLFSSL_FILETYPE_PEM), 1);
+ AssertIntEQ(X509_load_crl_file(lookup, pem[i], WOLFSSL_FILETYPE_PEM), 1);
}
if (store) {
@@ -39457,15 +40167,15 @@ static void test_wolfSSL_X509_load_crl_file(void)
WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
}
/* once feeing store */
- wolfSSL_X509_STORE_free(store);
+ X509_STORE_free(store);
store = NULL;
AssertNotNull(store = wolfSSL_X509_STORE_new());
AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
- AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
+ AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
X509_FILETYPE_PEM), 1);
- AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem",
+ AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem",
X509_FILETYPE_PEM), 1);
if (store) {
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
@@ -39477,7 +40187,7 @@ static void test_wolfSSL_X509_load_crl_file(void)
for (i = 0; der[i][0] != '\0'; i++)
{
- AssertIntEQ(wolfSSL_X509_load_crl_file(lookup, der[i], WOLFSSL_FILETYPE_ASN1), 1);
+ AssertIntEQ(X509_load_crl_file(lookup, der[i], WOLFSSL_FILETYPE_ASN1), 1);
}
if (store) {
@@ -39486,7 +40196,7 @@ static void test_wolfSSL_X509_load_crl_file(void)
WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
}
- wolfSSL_X509_STORE_free(store);
+ X509_STORE_free(store);
store = NULL;
printf(resultFmt, passed);
@@ -39771,15 +40481,19 @@ static void test_wolfssl_EVP_aes_gcm_AAD_2_parts(void)
const byte iv[12] = { 0 };
const byte key[16] = { 0 };
const byte cleartext[16] = { 0 };
- const byte aad[] = {0x01, 0x10, 0x00, 0x2a, 0x08, 0x00, 0x04, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0xdc, 0x4d,
- 0xad, 0x6b, 0x06, 0x93, 0x4f};
+ const byte aad[] = {
+ 0x01, 0x10, 0x00, 0x2a, 0x08, 0x00, 0x04, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08,
+ 0x00, 0x00, 0xdc, 0x4d, 0xad, 0x6b, 0x06, 0x93,
+ 0x4f
+ };
byte out1Part[16];
byte outTag1Part[16];
byte out2Part[16];
byte outTag2Part[16];
byte decryptBuf[16];
int len;
+ int tlen;
EVP_CIPHER_CTX* ctx = NULL;
printf(testingFmt, "wolfssl_EVP_aes_gcm_AAD_2_parts");
@@ -39787,25 +40501,37 @@ static void test_wolfssl_EVP_aes_gcm_AAD_2_parts(void)
/* ENCRYPT */
/* Send AAD and data in 1 part */
AssertNotNull(ctx = EVP_CIPHER_CTX_new());
- AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), 1);
+ tlen = 0;
+ AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
+ 1);
AssertIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1);
AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1);
- AssertIntEQ(EVP_EncryptUpdate(ctx, out1Part, &len, cleartext, sizeof(cleartext)), 1);
+ AssertIntEQ(EVP_EncryptUpdate(ctx, out1Part, &len, cleartext,
+ sizeof(cleartext)), 1);
+ tlen += len;
AssertIntEQ(EVP_EncryptFinal_ex(ctx, out1Part, &len), 1);
- AssertIntEQ(len, sizeof(cleartext));
- AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, outTag1Part), 1);
+ tlen += len;
+ AssertIntEQ(tlen, sizeof(cleartext));
+ AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16,
+ outTag1Part), 1);
EVP_CIPHER_CTX_free(ctx);
/* DECRYPT */
/* Send AAD and data in 1 part */
AssertNotNull(ctx = EVP_CIPHER_CTX_new());
- AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), 1);
+ tlen = 0;
+ AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
+ 1);
AssertIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1);
AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1);
- AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part, sizeof(cleartext)), 1);
- AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, outTag1Part), 1);
+ AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part,
+ sizeof(cleartext)), 1);
+ tlen += len;
+ AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16,
+ outTag1Part), 1);
AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf, &len), 1);
- AssertIntEQ(len, sizeof(cleartext));
+ tlen += len;
+ AssertIntEQ(tlen, sizeof(cleartext));
EVP_CIPHER_CTX_free(ctx);
AssertIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0);
@@ -39813,16 +40539,23 @@ static void test_wolfssl_EVP_aes_gcm_AAD_2_parts(void)
/* ENCRYPT */
/* Send AAD and data in 2 parts */
AssertNotNull(ctx = EVP_CIPHER_CTX_new());
- AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), 1);
+ tlen = 0;
+ AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
+ 1);
AssertIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1);
AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, 1), 1);
- AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1), 1);
+ AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1),
+ 1);
AssertIntEQ(EVP_EncryptUpdate(ctx, out2Part, &len, cleartext, 1), 1);
- AssertIntEQ(EVP_EncryptUpdate(ctx, out2Part, &len, cleartext + 1,
+ tlen += len;
+ AssertIntEQ(EVP_EncryptUpdate(ctx, out2Part + tlen, &len, cleartext + 1,
sizeof(cleartext) - 1), 1);
- AssertIntEQ(EVP_EncryptFinal_ex(ctx, out2Part, &len), 1);
- AssertIntEQ(len, sizeof(cleartext));
- AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, outTag2Part), 1);
+ tlen += len;
+ AssertIntEQ(EVP_EncryptFinal_ex(ctx, out2Part + tlen, &len), 1);
+ tlen += len;
+ AssertIntEQ(tlen, sizeof(cleartext));
+ AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16,
+ outTag2Part), 1);
AssertIntEQ(XMEMCMP(out1Part, out2Part, sizeof(out1Part)), 0);
AssertIntEQ(XMEMCMP(outTag1Part, outTag2Part, sizeof(outTag1Part)), 0);
@@ -39831,16 +40564,23 @@ static void test_wolfssl_EVP_aes_gcm_AAD_2_parts(void)
/* DECRYPT */
/* Send AAD and data in 2 parts */
AssertNotNull(ctx = EVP_CIPHER_CTX_new());
- AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), 1);
+ tlen = 0;
+ AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
+ 1);
AssertIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1);
AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, 1), 1);
- AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1), 1);
+ AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1),
+ 1);
AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part, 1), 1);
- AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part + 1,
+ tlen += len;
+ AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf + tlen, &len, out1Part + 1,
sizeof(cleartext) - 1), 1);
- AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, outTag1Part), 1);
- AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf, &len), 1);
- AssertIntEQ(len, sizeof(cleartext));
+ tlen += len;
+ AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16,
+ outTag1Part), 1);
+ AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf + tlen, &len), 1);
+ tlen += len;
+ AssertIntEQ(tlen, sizeof(cleartext));
AssertIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0);
@@ -39857,14 +40597,15 @@ static void test_wolfssl_EVP_aes_gcm_zeroLen(void)
{
/* Zero length plain text */
- byte key[] =
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ byte key[] = {
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; /* align */
- byte iv[] =
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
- /* align */
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
+ }; /* align */
+ byte iv[] = {
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
+ }; /* align */
byte plaintxt[0];
int ivSz = 12;
int plaintxtSz = 0;
@@ -39884,7 +40625,8 @@ static void test_wolfssl_EVP_aes_gcm_zeroLen(void)
AssertIntEQ(1, EVP_EncryptInit_ex(en, EVP_aes_256_gcm(), NULL, key, iv));
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
- AssertIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt, plaintxtSz));
+ AssertIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt,
+ plaintxtSz));
AssertIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len));
ciphertxtSz += len;
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_GET_TAG, 16, tag));
@@ -40391,7 +41133,7 @@ static void test_wolfSSL_X509_print(void)
!defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(XSNPRINTF)
X509 *x509;
BIO *bio;
-#ifdef OPENSSL_ALL
+#if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR)
const X509_ALGOR *cert_sig_alg;
#endif
@@ -40412,14 +41154,16 @@ static void test_wolfSSL_X509_print(void)
AssertNotNull(bio = BIO_new_fd(STDOUT_FILENO, BIO_NOCLOSE));
-#ifdef OPENSSL_ALL
+#if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR)
/* Print signature */
AssertNotNull(cert_sig_alg = X509_get0_tbs_sigalg(x509));
AssertIntEQ(X509_signature_print(bio, cert_sig_alg, NULL), SSL_SUCCESS);
#endif
/* print to stdout */
+#if !defined(NO_WOLFSSL_DIR)
AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS);
+#endif
/* print again */
AssertIntEQ(X509_print_fp(stdout, x509), SSL_SUCCESS);
@@ -40805,6 +41549,72 @@ static void test_stubs_are_stubs(void)
#endif /* OPENSSL_EXTRA && !NO_WOLFSSL_STUB */
}
+
+static void test_CONF_modules_xxx(void)
+{
+#if defined(OPENSSL_EXTRA)
+ CONF_modules_free();
+ AssertTrue(1); /* to confirm previous call gives no harm */
+
+ CONF_modules_unload(0);
+ AssertTrue(1);
+
+ CONF_modules_unload(1);
+ AssertTrue(1);
+
+ CONF_modules_unload(-1);
+ AssertTrue(1);
+
+#endif /* OPENSSL_EXTRA */
+}
+static void test_CRYPTO_set_dynlock_xxx(void)
+{
+#if defined(OPENSSL_EXTRA)
+ printf(testingFmt, "CRYPTO_set_dynlock_xxx()");
+
+ CRYPTO_set_dynlock_create_callback(
+ (struct CRYPTO_dynlock_value *(*)(const char*, int))NULL);
+
+ CRYPTO_set_dynlock_create_callback(
+ (struct CRYPTO_dynlock_value *(*)(const char*, int))1);
+
+ CRYPTO_set_dynlock_destroy_callback(
+ (void (*)(struct CRYPTO_dynlock_value*, const char*, int))NULL);
+
+ CRYPTO_set_dynlock_destroy_callback(
+ (void (*)(struct CRYPTO_dynlock_value*, const char*, int))1);
+
+ CRYPTO_set_dynlock_lock_callback(
+ (void (*)(int, struct CRYPTO_dynlock_value *, const char*, int))NULL);
+
+ CRYPTO_set_dynlock_lock_callback(
+ (void (*)(int, struct CRYPTO_dynlock_value *, const char*, int))1);
+
+ AssertTrue(1); /* to confirm previous call gives no harm */
+ printf(resultFmt, passed);
+#endif /* OPENSSL_EXTRA */
+}
+static void test_CRYPTO_THREADID_xxx(void)
+{
+#if defined(OPENSSL_EXTRA)
+ printf(testingFmt, "CRYPTO_THREADID_xxx()");
+
+ CRYPTO_THREADID_current((CRYPTO_THREADID*)NULL);
+ CRYPTO_THREADID_current((CRYPTO_THREADID*)1);
+ AssertIntEQ(CRYPTO_THREADID_hash((const CRYPTO_THREADID*)NULL), 0);
+ printf(resultFmt, passed);
+#endif /* OPENSSL_EXTRA */
+}
+static void test_ENGINE_cleanup(void)
+{
+#if defined(OPENSSL_EXTRA)
+ printf(testingFmt, "ENGINE_cleanup()");
+ ENGINE_cleanup();
+ AssertTrue(1); /* to confirm previous call gives no harm */
+ printf(resultFmt, passed);
+#endif /* OPENSSL_EXTRA */
+}
+
static void test_wolfSSL_CTX_LoadCRL(void)
{
#ifdef HAVE_CRL
@@ -41260,11 +42070,11 @@ static int test_wolfSSL_CTX_set_ecdh_auto(void)
int ret = 0;
WOLFSSL_CTX* ctx = NULL;
#if defined(OPENSSL_EXTRA)
- printf(testingFmt, "wolfSSL_CTX_set_ecdh_auto");
- AssertIntEQ( wolfSSL_CTX_set_ecdh_auto(NULL,0),1);
- AssertIntEQ( wolfSSL_CTX_set_ecdh_auto(NULL,1),1);
- AssertIntEQ( wolfSSL_CTX_set_ecdh_auto(ctx,0),1);
- AssertIntEQ( wolfSSL_CTX_set_ecdh_auto(ctx,1),1);
+ printf(testingFmt, "SSL_CTX_set_ecdh_auto");
+ AssertIntEQ( SSL_CTX_set_ecdh_auto(NULL,0),1);
+ AssertIntEQ( SSL_CTX_set_ecdh_auto(NULL,1),1);
+ AssertIntEQ( SSL_CTX_set_ecdh_auto(ctx,0),1);
+ AssertIntEQ( SSL_CTX_set_ecdh_auto(ctx,1),1);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
(void)ctx;
@@ -41487,6 +42297,9 @@ void ApiTest(void)
test_generate_cookie();
test_wolfSSL_X509_STORE_set_flags();
test_wolfSSL_X509_LOOKUP_load_file();
+ test_wolfSSL_X509_Name_canon();
+ test_wolfSSL_X509_LOOKUP_ctrl_file();
+ test_wolfSSL_X509_LOOKUP_ctrl_hash_dir();
test_wolfSSL_X509_NID();
test_wolfSSL_X509_STORE_CTX_set_time();
test_wolfSSL_get0_param();
@@ -41503,6 +42316,7 @@ void ApiTest(void)
#endif
test_wolfSSL_ASN1_STRING();
test_wolfSSL_ASN1_BIT_STRING();
+ test_wolfSSL_a2i_ASN1_INTEGER();
test_wolfSSL_X509();
test_wolfSSL_X509_VERIFY_PARAM();
test_wolfSSL_X509_sign();
@@ -41523,7 +42337,9 @@ void ApiTest(void)
test_wolfSSL_CTX_set_srp_password();
test_wolfSSL_CTX_set_ecdh_auto();
test_wolfSSL_THREADID_hash();
+ test_wolfSSL_RAND_set_rand_method();
test_wolfSSL_RAND_bytes();
+ test_wolfSSL_BN_rand();
test_wolfSSL_pseudo_rand();
test_wolfSSL_PKCS8_Compat();
test_wolfSSL_PKCS8_d2i();
@@ -41613,6 +42429,11 @@ void ApiTest(void)
test_wolfSSL_RSA_padding_add_PKCS1_PSS();
#endif
+ test_CONF_modules_xxx();
+ test_CRYPTO_set_dynlock_xxx();
+ test_CRYPTO_THREADID_xxx();
+ test_ENGINE_cleanup();
+
#if defined(OPENSSL_ALL)
test_wolfSSL_X509_PUBKEY_get();
test_wolfSSL_sk_CIPHER_description();
@@ -41856,6 +42677,7 @@ void ApiTest(void)
AssertIntEQ(test_wc_CmacUpdate(), 0);
AssertIntEQ(test_wc_CmacFinal(), 0);
AssertIntEQ(test_wc_AesCmacGenerate(), 0);
+ AssertIntEQ(test_wc_AesGcmStream(), 0);
AssertIntEQ(test_wc_Des3_SetIV(), 0);
AssertIntEQ(test_wc_Des3_SetKey(), 0);
diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index adea5980f..71f451007 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -2394,10 +2394,23 @@ static void bench_aesgcm_internal(int doAsync, const byte* key, word32 keySz,
/* while free pending slots in queue, submit ops */
for (i = 0; i < BENCH_MAX_PENDING; i++) {
if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0, ×, numBlocks, &pending)) {
+#ifndef BENCHMARK_AESGCM_STREAM
ret = wc_AesGcmEncrypt(&enc[i], bench_cipher,
bench_plain, BENCH_SIZE,
iv, ivSz, bench_tag, AES_AUTH_TAG_SZ,
bench_additional, aesAuthAddSz);
+#else
+ ret = wc_AesGcmEncryptInit(&enc[i], NULL, 0, iv, ivSz);
+ if (ret == 0) {
+ ret = wc_AesGcmEncryptUpdate(&enc[i], bench_cipher,
+ bench_plain, BENCH_SIZE, bench_additional,
+ aesAuthAddSz);
+ }
+ if (ret == 0) {
+ ret = wc_AesGcmEncryptFinal(&enc[i], bench_tag,
+ AES_AUTH_TAG_SZ);
+ }
+#endif
if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0, ×, &pending)) {
goto exit_aes_gcm;
}
@@ -2433,10 +2446,23 @@ exit_aes_gcm:
/* while free pending slots in queue, submit ops */
for (i = 0; i < BENCH_MAX_PENDING; i++) {
if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&dec[i]), 0, ×, numBlocks, &pending)) {
+#ifndef BENCHMARK_AESGCM_STREAM
ret = wc_AesGcmDecrypt(&dec[i], bench_plain,
bench_cipher, BENCH_SIZE,
iv, ivSz, bench_tag, AES_AUTH_TAG_SZ,
bench_additional, aesAuthAddSz);
+#else
+ ret = wc_AesGcmDecryptInit(&enc[i], NULL, 0, iv, ivSz);
+ if (ret == 0) {
+ ret = wc_AesGcmDecryptUpdate(&enc[i], bench_plain,
+ bench_cipher, BENCH_SIZE, bench_additional,
+ aesAuthAddSz);
+ }
+ if (ret == 0) {
+ ret = wc_AesGcmDecryptFinal(&enc[i], bench_tag,
+ AES_AUTH_TAG_SZ);
+ }
+#endif
if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&dec[i]), 0, ×, &pending)) {
goto exit_aes_gcm_dec;
}
@@ -4651,18 +4677,17 @@ static void bench_rsa_helper(int doAsync, RsaKey rsaKey[BENCH_MAX_PENDING],
#ifndef WOLFSSL_RSA_VERIFY_ONLY
DECLARE_VAR(message, byte, TEST_STRING_SZ, HEAP_HINT);
#endif
- #if !defined(WOLFSSL_MDK5_COMPLv5)
+ #if !defined(WOLFSSL_MDK5_COMPLv5) && !defined(_WIN32_WCE)
/* MDK5 compiler regard this as a executable statement, and does not allow declarations after the line. */
DECLARE_ARRAY_DYNAMIC_DEC(enc, byte, BENCH_MAX_PENDING, rsaKeySz, HEAP_HINT);
#else
byte* enc[BENCH_MAX_PENDING];
#endif
#if !defined(WOLFSSL_RSA_VERIFY_INLINE) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
- #if !defined(WOLFSSL_MDK5_COMPLv5)
+ #if !defined(WOLFSSL_MDK5_COMPLv5) && !defined(_WIN32_WCE)
/* MDK5 compiler regard this as a executable statement, and does not allow declarations after the line. */
DECLARE_ARRAY_DYNAMIC_DEC(out, byte, BENCH_MAX_PENDING, rsaKeySz, HEAP_HINT);
#else
- int idxout;
byte* out[BENCH_MAX_PENDING];
#endif
#else
@@ -6890,7 +6915,7 @@ static int string_matches(const char* arg, const char* str)
}
#endif /* MAIN_NO_ARGS */
-#ifdef WOLFSSL_ESPIDF
+#if defined(WOLFSSL_ESPIDF) || defined(_WIN32_WCE)
int wolf_benchmark_task( )
#elif defined(MAIN_NO_ARGS)
int main()
diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index b1c0d6a1f..5ced9b2f7 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -3085,8 +3085,16 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
int ret = 0;
- word32 blocks = (sz / AES_BLOCK_SIZE);
CRYP_HandleTypeDef hcryp;
+ word32 blocks = (sz / AES_BLOCK_SIZE);
+
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+ if (sz % AES_BLOCK_SIZE) {
+ return BAD_LENGTH_E;
+ }
+#endif
+ if (blocks == 0)
+ return 0;
ret = wc_Stm32_Aes_Init(aes, &hcryp);
if (ret != 0)
@@ -3135,8 +3143,16 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
int ret = 0;
- word32 blocks = (sz / AES_BLOCK_SIZE);
CRYP_HandleTypeDef hcryp;
+ word32 blocks = (sz / AES_BLOCK_SIZE);
+
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+ if (sz % AES_BLOCK_SIZE) {
+ return BAD_LENGTH_E;
+ }
+#endif
+ if (blocks == 0)
+ return 0;
ret = wc_Stm32_Aes_Init(aes, &hcryp);
if (ret != 0)
@@ -3191,10 +3207,18 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
{
int ret;
word32 *iv;
- word32 blocks = (sz / AES_BLOCK_SIZE);
CRYP_InitTypeDef cryptInit;
CRYP_KeyInitTypeDef keyInit;
CRYP_IVInitTypeDef ivInit;
+ word32 blocks = (sz / AES_BLOCK_SIZE);
+
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+ if (sz % AES_BLOCK_SIZE) {
+ return BAD_LENGTH_E;
+ }
+#endif
+ if (blocks == 0)
+ return 0;
ret = wc_Stm32_Aes_Init(aes, &cryptInit, &keyInit);
if (ret != 0)
@@ -3266,10 +3290,18 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
{
int ret;
word32 *iv;
- word32 blocks = (sz / AES_BLOCK_SIZE);
CRYP_InitTypeDef cryptInit;
CRYP_KeyInitTypeDef keyInit;
CRYP_IVInitTypeDef ivInit;
+ word32 blocks = (sz / AES_BLOCK_SIZE);
+
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+ if (sz % AES_BLOCK_SIZE) {
+ return BAD_LENGTH_E;
+ }
+#endif
+ if (blocks == 0)
+ return 0;
ret = wc_Stm32_Aes_Init(aes, &cryptInit, &keyInit);
if (ret != 0)
@@ -3363,6 +3395,12 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
if ((pi == NULL) || (po == NULL))
return BAD_FUNC_ARG; /*wrong pointer*/
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+ if (sz % AES_BLOCK_SIZE) {
+ return BAD_LENGTH_E;
+ }
+#endif
+
wc_LockMutex(&Mutex_AesSEC);
/* Set descriptor for SEC */
@@ -3388,16 +3426,24 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
secDesc->pointer7 = NULL;
secDesc->nextDescriptorPtr = NULL;
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+ size = AES_BUFFER_SIZE;
+#endif
while (sz) {
secDesc->header = descHeader;
XMEMCPY(secReg, aes->reg, AES_BLOCK_SIZE);
- if ((sz % AES_BUFFER_SIZE) == sz) {
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+ sz -= AES_BUFFER_SIZE;
+#else
+ if (sz < AES_BUFFER_SIZE) {
size = sz;
sz = 0;
} else {
size = AES_BUFFER_SIZE;
sz -= AES_BUFFER_SIZE;
}
+#endif
+
secDesc->length4 = size;
secDesc->length5 = size;
@@ -3463,6 +3509,14 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
byte *iv, *enc_key;
word32 blocks = (sz / AES_BLOCK_SIZE);
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+ if (sz % AES_BLOCK_SIZE) {
+ return BAD_LENGTH_E;
+ }
+#endif
+ if (blocks == 0)
+ return 0;
+
iv = (byte*)aes->reg;
enc_key = (byte*)aes->key;
@@ -3492,8 +3546,16 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
word32 keySize;
status_t status;
byte* iv, *dec_key;
- word32 blocks = (sz / AES_BLOCK_SIZE);
byte temp_block[AES_BLOCK_SIZE];
+ word32 blocks = (sz / AES_BLOCK_SIZE);
+
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+ if (sz % AES_BLOCK_SIZE) {
+ return BAD_LENGTH_E;
+ }
+#endif
+ if (blocks == 0)
+ return 0;
iv = (byte*)aes->reg;
dec_key = (byte*)aes->key;
@@ -3527,9 +3589,17 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
{
int i;
int offset = 0;
- word32 blocks = (sz / AES_BLOCK_SIZE);
byte *iv;
byte temp_block[AES_BLOCK_SIZE];
+ word32 blocks = (sz / AES_BLOCK_SIZE);
+
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+ if (sz % AES_BLOCK_SIZE) {
+ return BAD_LENGTH_E;
+ }
+#endif
+ if (blocks == 0)
+ return 0;
iv = (byte*)aes->reg;
@@ -3555,9 +3625,17 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
{
int i;
int offset = 0;
- word32 blocks = (sz / AES_BLOCK_SIZE);
byte* iv;
byte temp_block[AES_BLOCK_SIZE];
+ word32 blocks = (sz / AES_BLOCK_SIZE);
+
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+ if (sz % AES_BLOCK_SIZE) {
+ return BAD_LENGTH_E;
+ }
+#endif
+ if (blocks == 0)
+ return 0;
iv = (byte*)aes->reg;
@@ -3586,9 +3664,16 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
{
int ret;
+ if (sz == 0)
+ return 0;
+
/* hardware fails on input that is not a multiple of AES block size */
if (sz % AES_BLOCK_SIZE != 0) {
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+ return BAD_LENGTH_E;
+#else
return BAD_FUNC_ARG;
+#endif
}
ret = wc_Pic32AesCrypt(
@@ -3609,9 +3694,16 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
int ret;
byte scratch[AES_BLOCK_SIZE];
+ if (sz == 0)
+ return 0;
+
/* hardware fails on input that is not a multiple of AES block size */
if (sz % AES_BLOCK_SIZE != 0) {
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+ return BAD_LENGTH_E;
+#else
return BAD_FUNC_ARG;
+#endif
}
XMEMCPY(scratch, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
@@ -3666,7 +3758,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
/* Software AES - CBC Encrypt */
int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
- word32 blocks = (sz / AES_BLOCK_SIZE);
+ word32 blocks;
if (aes == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG;
@@ -3675,6 +3767,14 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
if (sz == 0) {
return 0;
}
+
+ blocks = sz / AES_BLOCK_SIZE;
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+ if (sz % AES_BLOCK_SIZE) {
+ return BAD_LENGTH_E;
+ }
+#endif
+
#ifdef WOLFSSL_IMXRT_DCP
/* Implemented in wolfcrypt/src/port/nxp/dcp_port.c */
if (aes->keylen == 16)
@@ -3779,14 +3879,23 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
{
word32 blocks;
- if (aes == NULL || out == NULL || in == NULL
- || sz % AES_BLOCK_SIZE != 0) {
+ if (aes == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG;
}
if (sz == 0) {
return 0;
}
+
+ blocks = sz / AES_BLOCK_SIZE;
+ if (sz % AES_BLOCK_SIZE) {
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+ return BAD_LENGTH_E;
+#else
+ return BAD_FUNC_ARG;
+#endif
+ }
+
#ifdef WOLFSSL_IMXRT_DCP
/* Implemented in wolfcrypt/src/port/nxp/dcp_port.c */
if (aes->keylen == 16)
@@ -3856,7 +3965,6 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
}
#endif
- blocks = sz / AES_BLOCK_SIZE;
while (blocks--) {
XMEMCPY(aes->tmp, in, AES_BLOCK_SIZE);
wc_AesDecrypt(aes, (byte*)aes->tmp, out);
@@ -4171,6 +4279,19 @@ static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz)
#ifdef HAVE_AESGCM
+#ifdef WOLFSSL_AESGCM_STREAM
+ /* Access initialization counter data. */
+ #define AES_INITCTR(aes) ((aes)->streamData + 0 * AES_BLOCK_SIZE)
+ /* Access counter data. */
+ #define AES_COUNTER(aes) ((aes)->streamData + 1 * AES_BLOCK_SIZE)
+ /* Access tag data. */
+ #define AES_TAG(aes) ((aes)->streamData + 2 * AES_BLOCK_SIZE)
+ /* Access last GHASH block. */
+ #define AES_LASTGBLOCK(aes) ((aes)->streamData + 3 * AES_BLOCK_SIZE)
+ /* Access last encrypted block. */
+ #define AES_LASTBLOCK(aes) ((aes)->streamData + 4 * AES_BLOCK_SIZE)
+#endif
+
#if defined(HAVE_COLDFIRE_SEC)
#error "Coldfire SEC doesn't currently support AES-GCM mode"
@@ -4364,6 +4485,9 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
#endif
XMEMSET(iv, 0, AES_BLOCK_SIZE);
ret = wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION);
+#ifdef WOLFSSL_AESGCM_STREAM
+ aes->gcmKeySet = 1;
+#endif
#ifdef WOLFSSL_AESNI
/* AES-NI code generates its own H value. */
@@ -5569,7 +5693,6 @@ static void AES_GCM_decrypt(const unsigned char *in, unsigned char *out,
#endif /* _MSC_VER */
#endif /* WOLFSSL_AESNI */
-
#if defined(GCM_SMALL)
static void GMULT(byte* X, byte* Y)
{
@@ -5650,6 +5773,27 @@ void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c,
XMEMCPY(s, x, sSz);
}
+#ifdef WOLFSSL_AESGCM_STREAM
+/* No extra initialization for small implementation.
+ *
+ * @param [in] aes AES GCM object.
+ */
+#define GHASH_INIT_EXTRA(aes)
+
+/* GHASH one block of data..
+ *
+ * XOR block into tag and GMULT with H.
+ *
+ * @param [in, out] aes AES GCM object.
+ * @param [in] block Block of AAD or cipher text.
+ */
+#define GHASH_ONE_BLOCK(aes, block) \
+ do { \
+ xorbuf(AES_TAG(aes), block, AES_BLOCK_SIZE); \
+ GMULT(AES_TAG(aes), aes->H); \
+ } \
+ while (0)
+#endif /* WOLFSSL_AESGCM_STREAM */
/* end GCM_SMALL */
#elif defined(GCM_TABLE)
@@ -5826,6 +5970,27 @@ void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c,
XMEMCPY(s, x, sSz);
}
+#ifdef WOLFSSL_AESGCM_STREAM
+/* No extra initialization for table implementation.
+ *
+ * @param [in] aes AES GCM object.
+ */
+#define GHASH_INIT_EXTRA(aes)
+
+/* GHASH one block of data..
+ *
+ * XOR block into tag and GMULT with H using pre-computed table.
+ *
+ * @param [in, out] aes AES GCM object.
+ * @param [in] block Block of AAD or cipher text.
+ */
+#define GHASH_ONE_BLOCK(aes, block) \
+ do { \
+ xorbuf(AES_TAG(aes), block, AES_BLOCK_SIZE); \
+ GMULT(AES_TAG(aes), aes->M0); \
+ } \
+ while (0)
+#endif /* WOLFSSL_AESGCM_STREAM */
/* end GCM_TABLE */
#elif defined(GCM_TABLE_4BIT)
@@ -6101,6 +6266,27 @@ void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c,
XMEMCPY(s, x, sSz);
}
+#ifdef WOLFSSL_AESGCM_STREAM
+/* No extra initialization for 4-bit table implementation.
+ *
+ * @param [in] aes AES GCM object.
+ */
+#define GHASH_INIT_EXTRA(aes)
+
+/* GHASH one block of data..
+ *
+ * XOR block into tag and GMULT with H using pre-computed table.
+ *
+ * @param [in, out] aes AES GCM object.
+ * @param [in] block Block of AAD or cipher text.
+ */
+#define GHASH_ONE_BLOCK(aes, block) \
+ do { \
+ xorbuf(AES_TAG(aes), block, AES_BLOCK_SIZE); \
+ GMULT(AES_TAG(aes), aes->M0); \
+ } \
+ while (0)
+#endif /* WOLFSSL_AESGCM_STREAM */
#elif defined(WORD64_AVAILABLE) && !defined(GCM_WORD32)
#if !defined(FREESCALE_LTC_AES_GCM)
@@ -6409,10 +6595,282 @@ void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c,
XMEMCPY(s, x, sSz);
}
+#ifdef WOLFSSL_AESGCM_STREAM
+#ifdef LITTLE_ENDIAN_ORDER
+/* Little-endian 32-bit word implementation requires byte reversal of H.
+ *
+ * H is all-zeros block encrypted with key.
+ *
+ * @param [in, out] aes AES GCM object.
+ */
+#define GHASH_INIT_EXTRA(aes) \
+ ByteReverseWords((word32*)aes->H, (word32*)aes->H, AES_BLOCK_SIZE)
+
+/* GHASH one block of data..
+ *
+ * XOR block, in big-endian form, into tag and GMULT with H.
+ *
+ * @param [in, out] aes AES GCM object.
+ * @param [in] block Block of AAD or cipher text.
+ */
+#define GHASH_ONE_BLOCK(aes, block) \
+ do { \
+ word32* x = (word32*)AES_TAG(aes); \
+ word32* h = (word32*)aes->H; \
+ word32 bigEnd[4]; \
+ XMEMCPY(bigEnd, block, AES_BLOCK_SIZE); \
+ ByteReverseWords(bigEnd, bigEnd, AES_BLOCK_SIZE); \
+ x[0] ^= bigEnd[0]; \
+ x[1] ^= bigEnd[1]; \
+ x[2] ^= bigEnd[2]; \
+ x[3] ^= bigEnd[3]; \
+ GMULT(x, h); \
+ } \
+ while (0)
+
+/* GHASH in AAD and cipher text lengths in bits.
+ *
+ * Convert tag back to little-endian.
+ *
+ * @param [in, out] aes AES GCM object.
+ */
+#define GHASH_LEN_BLOCK(aes) \
+ do { \
+ word32 len[4]; \
+ word32* x = (word32*)AES_TAG(aes); \
+ word32* h = (word32*)aes->H; \
+ len[0] = (aes->aSz >> (8*sizeof(aes->aSz) - 3)); \
+ len[1] = aes->aSz << 3; \
+ len[2] = (aes->cSz >> (8*sizeof(aes->cSz) - 3)); \
+ len[3] = aes->cSz << 3; \
+ x[0] ^= len[0]; \
+ x[1] ^= len[1]; \
+ x[2] ^= len[2]; \
+ x[3] ^= len[3]; \
+ GMULT(x, h); \
+ ByteReverseWords(x, x, AES_BLOCK_SIZE); \
+ } \
+ while (0)
+#else
+/* No extra initialization for 32-bit word implementation.
+ *
+ * @param [in] aes AES GCM object.
+ */
+#define GHASH_INIT_EXTRA(aes)
+
+/* GHASH one block of data..
+ *
+ * XOR block into tag and GMULT with H.
+ *
+ * @param [in, out] aes AES GCM object.
+ * @param [in] block Block of AAD or cipher text.
+ */
+#define GHASH_ONE_BLOCK(aes, block) \
+ do { \
+ word32* x = (word32*)AES_TAG(aes); \
+ word32* h = (word32*)aes->H; \
+ word32 block32[4]; \
+ XMEMCPY(block32, block, AES_BLOCK_SIZE); \
+ x[0] ^= block32[0]; \
+ x[1] ^= block32[1]; \
+ x[2] ^= block32[2]; \
+ x[3] ^= block32[3]; \
+ GMULT(x, h); \
+ } \
+ while (0)
+
+/* GHASH in AAD and cipher text lengths in bits.
+ *
+ * @param [in, out] aes AES GCM object.
+ */
+#define GHASH_LEN_BLOCK(aes) \
+ do { \
+ word32 len[4]; \
+ word32* x = (word32*)AES_TAG(aes); \
+ word32* h = (word32*)aes->H; \
+ len[0] = (aes->aSz >> (8*sizeof(aes->aSz) - 3)); \
+ len[1] = aes->aSz << 3; \
+ len[2] = (aes->cSz >> (8*sizeof(aes->cSz) - 3)); \
+ len[3] = aes->cSz << 3; \
+ x[0] ^= len[0]; \
+ x[1] ^= len[1]; \
+ x[2] ^= len[2]; \
+ x[3] ^= len[3]; \
+ GMULT(x, h); \
+ } \
+ while (0)
+#endif /* LITTLE_ENDIAN_ORDER */
+#endif /* WOLFSSL_AESGCM_STREAM */
#endif /* end GCM_WORD32 */
-
#if !defined(WOLFSSL_XILINX_CRYPT) && !defined(WOLFSSL_AFALG_XILINX_AES)
+#ifdef WOLFSSL_AESGCM_STREAM
+#ifndef GHASH_LEN_BLOCK
+/* Hash in the lengths of the AAD and cipher text in bits.
+ *
+ * Default implementation.
+ *
+ * @param [in, out] aes AES GCM object.
+ */
+#define GHASH_LEN_BLOCK(aes) \
+ do { \
+ byte scratch[AES_BLOCK_SIZE]; \
+ FlattenSzInBits(&scratch[0], aes->aSz); \
+ FlattenSzInBits(&scratch[8], aes->cSz); \
+ GHASH_ONE_BLOCK(aes, scratch); \
+ } \
+ while (0)
+#endif
+
+/* Initialize a GHASH for streaming operations.
+ *
+ * @param [in, out] aes AES GCM object.
+ */
+static void GHASH_INIT(Aes* aes) {
+ /* Set tag to all zeros as initial value. */
+ XMEMSET(AES_TAG(aes), 0, AES_BLOCK_SIZE);
+ /* Reset counts of AAD and cipher text. */
+ aes->aOver = 0;
+ aes->cOver = 0;
+ /* Extra initialization baed on implementation. */
+ GHASH_INIT_EXTRA(aes);
+}
+
+/* Update the GHASH with AAD and/or cipher text.
+ *
+ * @param [in,out] aes AES GCM object.
+ * @param [in] a Additional authentication data buffer.
+ * @param [in] aSz Size of data in AAD buffer.
+ * @param [in] c Cipher text buffer.
+ * @param [in] cSz Size of data in cipher text buffer.
+ */
+static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c,
+ word32 cSz)
+{
+ word32 blocks;
+ word32 partial;
+
+ /* Hash in A, the Additional Authentication Data */
+ if (aSz != 0 && a != NULL) {
+ /* Update count of AAD we have hashed. */
+ aes->aSz += aSz;
+ /* Check if we have unprocessed data. */
+ if (aes->aOver > 0) {
+ /* Calculate amount we can use - fill up the block. */
+ byte sz = AES_BLOCK_SIZE - aes->aOver;
+ if (sz > aSz) {
+ sz = aSz;
+ }
+ /* Copy extra into last GHASH block array and update count. */
+ XMEMCPY(AES_LASTGBLOCK(aes) + aes->aOver, a, sz);
+ aes->aOver += sz;
+ if (aes->aOver == AES_BLOCK_SIZE) {
+ /* We have filled up the block and can process. */
+ GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes));
+ /* Reset count. */
+ aes->aOver = 0;
+ }
+ /* Used up some data. */
+ aSz -= sz;
+ a += sz;
+ }
+
+ /* Calculate number of blocks of AAD and the leftover. */
+ blocks = aSz / AES_BLOCK_SIZE;
+ partial = aSz % AES_BLOCK_SIZE;
+ /* GHASH full blocks now. */
+ while (blocks--) {
+ GHASH_ONE_BLOCK(aes, a);
+ a += AES_BLOCK_SIZE;
+ }
+ if (partial != 0) {
+ /* Cache the partial block. */
+ XMEMCPY(AES_LASTGBLOCK(aes), a, partial);
+ aes->aOver = (byte)partial;
+ }
+ }
+ if (aes->aOver > 0 && cSz > 0 && c != NULL) {
+ /* No more AAD coming and we have a partial block. */
+ /* Fill the rest of the block with zeros. */
+ byte sz = AES_BLOCK_SIZE - aes->aOver;
+ XMEMSET(AES_LASTGBLOCK(aes) + aes->aOver, 0, sz);
+ /* GHASH last AAD block. */
+ GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes));
+ /* Clear partial count for next time through. */
+ aes->aOver = 0;
+ }
+
+ /* Hash in C, the Ciphertext */
+ if (cSz != 0 && c != NULL) {
+ /* Update count of cipher text we have hashed. */
+ aes->cSz += cSz;
+ if (aes->cOver > 0) {
+ /* Calculate amount we can use - fill up the block. */
+ byte sz = AES_BLOCK_SIZE - aes->cOver;
+ if (sz > cSz) {
+ sz = cSz;
+ }
+ XMEMCPY(AES_LASTGBLOCK(aes) + aes->cOver, c, sz);
+ /* Update count of unsed encrypted counter. */
+ aes->cOver += sz;
+ if (aes->cOver == AES_BLOCK_SIZE) {
+ /* We have filled up the block and can process. */
+ GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes));
+ /* Reset count. */
+ aes->cOver = 0;
+ }
+ /* Used up some data. */
+ cSz -= sz;
+ c += sz;
+ }
+
+ /* Calculate number of blocks of cipher text and the leftover. */
+ blocks = cSz / AES_BLOCK_SIZE;
+ partial = cSz % AES_BLOCK_SIZE;
+ /* GHASH full blocks now. */
+ while (blocks--) {
+ GHASH_ONE_BLOCK(aes, c);
+ c += AES_BLOCK_SIZE;
+ }
+ if (partial != 0) {
+ /* Cache the partial block. */
+ XMEMCPY(AES_LASTGBLOCK(aes), c, partial);
+ aes->cOver = (byte)partial;
+ }
+ }
+}
+
+/* Finalize the GHASH calculation.
+ *
+ * Complete hashing cipher text and hash the AAD and cipher text lengths.
+ *
+ * @param [in, out] aes AES GCM object.
+ * @param [out] s Authentication tag.
+ * @param [in] sSz Size of authentication tag required.
+ */
+static void GHASH_FINAL(Aes* aes, byte* s, word32 sSz)
+{
+ /* AAD block incomplete when > 0 */
+ byte over = aes->aOver;
+
+ if (aes->cOver > 0) {
+ /* Cipher text block incomplete. */
+ over = aes->cOver;
+ }
+ if (over > 0) {
+ /* Zeroize the unused part of the block. */
+ XMEMSET(AES_LASTGBLOCK(aes) + over, 0, AES_BLOCK_SIZE - over);
+ /* Hash the last block of cipher text. */
+ GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes));
+ }
+ /* Hash in the lengths of AAD and cipher text in bits */
+ GHASH_LEN_BLOCK(aes);
+ /* Copy the result into s. */
+ XMEMCPY(s, AES_TAG(aes), sSz);
+}
+#endif /* WOLFSSL_AESGCM_STREAM */
+
+
#ifdef FREESCALE_LTC_AES_GCM
int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
const byte* iv, word32 ivSz,
@@ -6452,8 +6910,8 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
#ifdef STM32_CRYPTO_AES_GCM
/* this function supports inline encrypt */
-/* define STM32_AESGCM_PARTIAL for newer STM Cube HAL's with workaround
- for handling partial packets to improve auth tag calculation performance by
+/* define STM32_AESGCM_PARTIAL for newer STM Cube HAL's with workaround
+ for handling partial packets to improve auth tag calculation performance by
using hardware */
static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz,
const byte* iv, word32 ivSz,
@@ -6668,6 +7126,7 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz
#endif /* STM32_CRYPTO_AES_GCM */
#ifdef WOLFSSL_AESNI
+/* For performance reasons, this code needs to be not inlined. */
int AES_GCM_encrypt_C(Aes* aes, byte* out, const byte* in, word32 sz,
const byte* iv, word32 ivSz,
byte* authTag, word32 authTagSz,
@@ -6885,7 +7344,6 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
#endif
-
/* AES GCM Decrypt */
#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AESGCM_DECRYPT)
#ifdef FREESCALE_LTC_AES_GCM
@@ -6973,7 +7431,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out,
GHASH(aes, NULL, 0, iv, ivSz, (byte*)ctr, AES_BLOCK_SIZE);
}
- /* Make copy of expected authTag, which could get corrupted in some
+ /* Make copy of expected authTag, which could get corrupted in some
* Cube HAL versions without proper partial block support.
* For TLS blocks the authTag is after the output buffer, so save it */
XMEMCPY(tagExpected, authTag, authTagSz);
@@ -7150,6 +7608,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out,
#endif /* STM32_CRYPTO_AES_GCM */
#ifdef WOLFSSL_AESNI
+/* For performance reasons, this code needs to be not inlined. */
int AES_GCM_decrypt_C(Aes* aes, byte* out, const byte* in, word32 sz,
const byte* iv, word32 ivSz,
const byte* authTag, word32 authTagSz,
@@ -7384,6 +7843,1177 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
}
#endif
#endif /* HAVE_AES_DECRYPT || HAVE_AESGCM_DECRYPT */
+
+#ifdef WOLFSSL_AESGCM_STREAM
+/* Initialize the AES GCM cipher with an IV. C implementation.
+ *
+ * @param [in, out] aes AES object.
+ * @param [in] iv IV/nonce buffer.
+ * @param [in] ivSz Length of IV/nonce data.
+ */
+static void AesGcmInit_C(Aes* aes, const byte* iv, word32 ivSz)
+{
+ ALIGN32 byte counter[AES_BLOCK_SIZE];
+
+ if (ivSz == GCM_NONCE_MID_SZ) {
+ /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */
+ XMEMCPY(counter, iv, ivSz);
+ XMEMSET(counter + GCM_NONCE_MID_SZ, 0,
+ AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1);
+ counter[AES_BLOCK_SIZE - 1] = 1;
+ }
+ else {
+ /* Counter is GHASH of IV. */
+ #ifdef OPENSSL_EXTRA
+ word32 aadTemp = aes->aadLen;
+ aes->aadLen = 0;
+ #endif
+ GHASH(aes, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE);
+ #ifdef OPENSSL_EXTRA
+ aes->aadLen = aadTemp;
+ #endif
+ }
+
+ /* Copy in the counter for use with cipher. */
+ XMEMCPY(AES_COUNTER(aes), counter, AES_BLOCK_SIZE);
+ /* Encrypt initial counter into a buffer for GCM. */
+ wc_AesEncrypt(aes, counter, AES_INITCTR(aes));
+ /* Reset state fields. */
+ aes->over = 0;
+ aes->aSz = 0;
+ aes->cSz = 0;
+ /* Initialization for GHASH. */
+ GHASH_INIT(aes);
+}
+
+/* Update the AES GCM cipher with data. C implementation.
+ *
+ * Only enciphers data.
+ *
+ * @param [in, out] aes AES object.
+ * @param [in] out Cipher text or plaintext buffer.
+ * @param [in] in Plaintext or cipher text buffer.
+ * @param [in] sz Length of data.
+ */
+static void AesGcmCryptUpdate_C(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+ word32 blocks;
+ word32 partial;
+
+ /* Check if previous encrypted block was not used up. */
+ if (aes->over > 0) {
+ byte pSz = AES_BLOCK_SIZE - aes->over;
+ if (pSz > sz) pSz = sz;
+
+ /* Use some/all of last encrypted block. */
+ xorbufout(out, AES_LASTBLOCK(aes) + aes->over, in, pSz);
+ aes->over = (aes->over + pSz) & (AES_BLOCK_SIZE - 1);
+
+ /* Some data used. */
+ sz -= pSz;
+ in += pSz;
+ out += pSz;
+ }
+
+ /* Calculate the number of blocks needing to be encrypted and any leftover.
+ */
+ blocks = sz / AES_BLOCK_SIZE;
+ partial = sz & (AES_BLOCK_SIZE - 1);
+
+#if defined(HAVE_AES_ECB)
+ /* Some hardware acceleration can gain performance from doing AES encryption
+ * of the whole buffer at once.
+ * Overwrites the cipher text before using plaintext - no inline encryption.
+ */
+ if ((out != in) && blocks > 0) {
+ word32 b;
+ /* Place incrementing counter blocks into cipher text. */
+ for (b = 0; b < blocks; b++) {
+ IncrementGcmCounter(AES_COUNTER(aes));
+ XMEMCPY(out + b * AES_BLOCK_SIZE, AES_COUNTER(aes), AES_BLOCK_SIZE);
+ }
+
+ /* Encrypt counter blocks. */
+ wc_AesEcbEncrypt(aes, out, out, AES_BLOCK_SIZE * blocks);
+ /* XOR in plaintext. */
+ xorbuf(out, in, AES_BLOCK_SIZE * blocks);
+ /* Skip over processed data. */
+ in += AES_BLOCK_SIZE * blocks;
+ out += AES_BLOCK_SIZE * blocks;
+ }
+ else
+#endif /* HAVE_AES_ECB */
+ {
+ /* Encrypt block by block. */
+ while (blocks--) {
+ ALIGN32 byte scratch[AES_BLOCK_SIZE];
+ IncrementGcmCounter(AES_COUNTER(aes));
+ /* Encrypt counter into a buffer. */
+ wc_AesEncrypt(aes, AES_COUNTER(aes), scratch);
+ /* XOR plain text into encrypted counter into cipher text buffer. */
+ xorbufout(out, scratch, in, AES_BLOCK_SIZE);
+ /* Data complete. */
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+ }
+
+ if (partial != 0) {
+ /* Generate an extra block and use up as much as needed. */
+ IncrementGcmCounter(AES_COUNTER(aes));
+ /* Encrypt counter into cache. */
+ wc_AesEncrypt(aes, AES_COUNTER(aes), AES_LASTBLOCK(aes));
+ /* XOR plain text into encrypted counter into cipher text buffer. */
+ xorbufout(out, AES_LASTBLOCK(aes), in, partial);
+ /* Keep amount of encrypted block used. */
+ aes->over = partial;
+ }
+}
+
+/* Calculates authentication tag for AES GCM. C implementation.
+ *
+ * @param [in, out] aes AES object.
+ * @param [out] authTag Buffer to store authentication tag in.
+ * @param [in] authTagSz Length of tag to create.
+ */
+static void AesGcmFinal_C(Aes* aes, byte* authTag, word32 authTagSz)
+{
+ /* Calculate authentication tag. */
+ GHASH_FINAL(aes, authTag, authTagSz);
+ /* XOR in as much of encrypted counter as is required. */
+ xorbuf(authTag, AES_INITCTR(aes), authTagSz);
+#ifdef OPENSSL_EXTRA
+ /* store AAD size for next call */
+ aes->aadLen = aes->aSz;
+#endif
+ /* Zeroize last block to protect sensitive data. */
+ ForceZero(AES_LASTBLOCK(aes), sizeof(AES_LASTBLOCK(aes)));
+}
+
+#ifdef WOLFSSL_AESNI
+/* Assembly code implementations in: aes_gcm_asm.S */
+#ifdef HAVE_INTEL_AVX2
+extern void AES_GCM_init_avx2(const unsigned char* key, int nr,
+ const unsigned char* ivec, unsigned int ibytes, unsigned char* h,
+ unsigned char* counter, unsigned char* initCtr);
+extern void AES_GCM_aad_update_avx2(const unsigned char* addt,
+ unsigned int abytes, unsigned char* tag, unsigned char* h);
+extern void AES_GCM_encrypt_block_avx2(const unsigned char* key, int nr,
+ unsigned char* out, const unsigned char* in, unsigned char* counter);
+extern void AES_GCM_ghash_block_avx2(const unsigned char* data,
+ unsigned char* tag, unsigned char* h);
+
+extern void AES_GCM_encrypt_update_avx2(const unsigned char* key, int nr,
+ unsigned char* out, const unsigned char* in, unsigned int nbytes,
+ unsigned char* tag, unsigned char* h, unsigned char* counter);
+extern void AES_GCM_encrypt_final_avx2(unsigned char* tag,
+ unsigned char* authTag, unsigned int tbytes, unsigned int nbytes,
+ unsigned int abytes, unsigned char* h, unsigned char* initCtr);
+#endif
+#ifdef HAVE_INTEL_AVX1
+extern void AES_GCM_init_avx1(const unsigned char* key, int nr,
+ const unsigned char* ivec, unsigned int ibytes, unsigned char* h,
+ unsigned char* counter, unsigned char* initCtr);
+extern void AES_GCM_aad_update_avx1(const unsigned char* addt,
+ unsigned int abytes, unsigned char* tag, unsigned char* h);
+extern void AES_GCM_encrypt_block_avx1(const unsigned char* key, int nr,
+ unsigned char* out, const unsigned char* in, unsigned char* counter);
+extern void AES_GCM_ghash_block_avx1(const unsigned char* data,
+ unsigned char* tag, unsigned char* h);
+
+extern void AES_GCM_encrypt_update_avx1(const unsigned char* key, int nr,
+ unsigned char* out, const unsigned char* in, unsigned int nbytes,
+ unsigned char* tag, unsigned char* h, unsigned char* counter);
+extern void AES_GCM_encrypt_final_avx1(unsigned char* tag,
+ unsigned char* authTag, unsigned int tbytes, unsigned int nbytes,
+ unsigned int abytes, unsigned char* h, unsigned char* initCtr);
+#endif
+extern void AES_GCM_init_aesni(const unsigned char* key, int nr,
+ const unsigned char* ivec, unsigned int ibytes, unsigned char* h,
+ unsigned char* counter, unsigned char* initCtr);
+extern void AES_GCM_aad_update_aesni(const unsigned char* addt,
+ unsigned int abytes, unsigned char* tag, unsigned char* h);
+extern void AES_GCM_encrypt_block_aesni(const unsigned char* key, int nr,
+ unsigned char* out, const unsigned char* in, unsigned char* counter);
+extern void AES_GCM_ghash_block_aesni(const unsigned char* data,
+ unsigned char* tag, unsigned char* h);
+
+extern void AES_GCM_encrypt_update_aesni(const unsigned char* key, int nr,
+ unsigned char* out, const unsigned char* in, unsigned int nbytes,
+ unsigned char* tag, unsigned char* h, unsigned char* counter);
+extern void AES_GCM_encrypt_final_aesni(unsigned char* tag,
+ unsigned char* authTag, unsigned int tbytes, unsigned int nbytes,
+ unsigned int abytes, unsigned char* h, unsigned char* initCtr);
+
+/* Initialize the AES GCM cipher with an IV. AES-NI implementations.
+ *
+ * @param [in, out] aes AES object.
+ * @param [in] iv IV/nonce buffer.
+ * @param [in] ivSz Length of IV/nonce data.
+ */
+static void AesGcmInit_aesni(Aes* aes, const byte* iv, word32 ivSz)
+{
+ /* Reset state fields. */
+ aes->aSz = 0;
+ aes->cSz = 0;
+ /* Set tag to all zeros as initial value. */
+ XMEMSET(AES_TAG(aes), 0, AES_BLOCK_SIZE);
+ /* Reset counts of AAD and cipher text. */
+ aes->aOver = 0;
+ aes->cOver = 0;
+
+#ifdef HAVE_INTEL_AVX2
+ if (IS_INTEL_AVX2(intel_flags)) {
+ SAVE_VECTOR_REGISTERS();
+ AES_GCM_init_avx2((byte*)aes->key, aes->rounds, iv, ivSz, aes->H,
+ AES_COUNTER(aes), AES_INITCTR(aes));
+ RESTORE_VECTOR_REGISTERS();
+ }
+ else
+#endif
+#ifdef HAVE_INTEL_AVX1
+ if (IS_INTEL_AVX1(intel_flags)) {
+ SAVE_VECTOR_REGISTERS();
+ AES_GCM_init_avx1((byte*)aes->key, aes->rounds, iv, ivSz, aes->H,
+ AES_COUNTER(aes), AES_INITCTR(aes));
+ RESTORE_VECTOR_REGISTERS();
+ }
+ else
+#endif
+ {
+ SAVE_VECTOR_REGISTERS();
+ AES_GCM_init_aesni((byte*)aes->key, aes->rounds, iv, ivSz, aes->H,
+ AES_COUNTER(aes), AES_INITCTR(aes));
+ RESTORE_VECTOR_REGISTERS();
+ }
+}
+
+/* Update the AES GCM for encryption with authentication data.
+ *
+ * Implementation uses AVX2, AVX1 or straight AES-NI optimized assembly code.
+ *
+ * @param [in, out] aes AES object.
+ * @param [in] a Buffer holding authentication data.
+ * @param [in] aSz Length of authentication data in bytes.
+ * @param [in] endA Whether no more authentication data is expected.
+ */
+static void AesGcmAadUpdate_aesni(Aes* aes, const byte* a, word32 aSz, int endA)
+{
+ word32 blocks;
+ int partial;
+
+ if (aSz != 0 && a != NULL) {
+ /* Total count of AAD updated. */
+ aes->aSz += aSz;
+ /* Check if we have unprocessed data. */
+ if (aes->aOver > 0) {
+ /* Calculate amount we can use - fill up the block. */
+ byte sz = AES_BLOCK_SIZE - aes->aOver;
+ if (sz > aSz) {
+ sz = aSz;
+ }
+ /* Copy extra into last GHASH block array and update count. */
+ XMEMCPY(AES_LASTGBLOCK(aes) + aes->aOver, a, sz);
+ aes->aOver += sz;
+ if (aes->aOver == AES_BLOCK_SIZE) {
+ /* We have filled up the block and can process. */
+ #ifdef HAVE_INTEL_AVX2
+ if (IS_INTEL_AVX2(intel_flags)) {
+ AES_GCM_ghash_block_avx2(AES_LASTGBLOCK(aes), AES_TAG(aes),
+ aes->H);
+ }
+ else
+ #endif
+ #ifdef HAVE_INTEL_AVX1
+ if (IS_INTEL_AVX1(intel_flags)) {
+ AES_GCM_ghash_block_avx1(AES_LASTGBLOCK(aes), AES_TAG(aes),
+ aes->H);
+ }
+ else
+ #endif
+ {
+ AES_GCM_ghash_block_aesni(AES_LASTGBLOCK(aes), AES_TAG(aes),
+ aes->H);
+ }
+ /* Reset count. */
+ aes->aOver = 0;
+ }
+ /* Used up some data. */
+ aSz -= sz;
+ a += sz;
+ }
+
+ /* Calculate number of blocks of AAD and the leftover. */
+ blocks = aSz / AES_BLOCK_SIZE;
+ partial = aSz % AES_BLOCK_SIZE;
+ if (blocks > 0) {
+ /* GHASH full blocks now. */
+ #ifdef HAVE_INTEL_AVX2
+ if (IS_INTEL_AVX2(intel_flags)) {
+ AES_GCM_aad_update_avx2(a, blocks * AES_BLOCK_SIZE,
+ AES_TAG(aes), aes->H);
+ }
+ else
+ #endif
+ #ifdef HAVE_INTEL_AVX1
+ if (IS_INTEL_AVX1(intel_flags)) {
+ AES_GCM_aad_update_avx1(a, blocks * AES_BLOCK_SIZE,
+ AES_TAG(aes), aes->H);
+ }
+ else
+ #endif
+ {
+ AES_GCM_aad_update_aesni(a, blocks * AES_BLOCK_SIZE,
+ AES_TAG(aes), aes->H);
+ }
+ /* Skip over to end of AAD blocks. */
+ a += blocks * AES_BLOCK_SIZE;
+ }
+ if (partial != 0) {
+ /* Cache the partial block. */
+ XMEMCPY(AES_LASTGBLOCK(aes), a, partial);
+ aes->aOver = (byte)partial;
+ }
+ }
+ if (endA && (aes->aOver > 0)) {
+ /* No more AAD coming and we have a partial block. */
+ /* Fill the rest of the block with zeros. */
+ XMEMSET(AES_LASTGBLOCK(aes) + aes->aOver, 0,
+ AES_BLOCK_SIZE - aes->aOver);
+ /* GHASH last AAD block. */
+ #ifdef HAVE_INTEL_AVX2
+ if (IS_INTEL_AVX2(intel_flags)) {
+ AES_GCM_ghash_block_avx2(AES_LASTGBLOCK(aes), AES_TAG(aes), aes->H);
+ }
+ else
+ #endif
+ #ifdef HAVE_INTEL_AVX1
+ if (IS_INTEL_AVX1(intel_flags)) {
+ AES_GCM_ghash_block_avx1(AES_LASTGBLOCK(aes), AES_TAG(aes), aes->H);
+ }
+ else
+ #endif
+ {
+ AES_GCM_ghash_block_aesni(AES_LASTGBLOCK(aes), AES_TAG(aes),
+ aes->H);
+ }
+ /* Clear partial count for next time through. */
+ aes->aOver = 0;
+ }
+}
+
+/* Update the AES GCM for encryption with data and/or authentication data.
+ *
+ * Implementation uses AVX2, AVX1 or straight AES-NI optimized assembly code.
+ *
+ * @param [in, out] aes AES object.
+ * @param [out] c Buffer to hold cipher text.
+ * @param [in] p Buffer holding plaintext.
+ * @param [in] cSz Length of cipher text/plaintext in bytes.
+ * @param [in] a Buffer holding authentication data.
+ * @param [in] aSz Length of authentication data in bytes.
+ */
+static void AesGcmEncryptUpdate_aesni(Aes* aes, byte* c, const byte* p,
+ word32 cSz, const byte* a, word32 aSz)
+{
+ word32 blocks;
+ int partial;
+
+ SAVE_VECTOR_REGISTERS();
+ /* Hash in A, the Authentication Data */
+ AesGcmAadUpdate_aesni(aes, a, aSz, (cSz > 0) && (c != NULL));
+
+ /* Encrypt plaintext and Hash in C, the Cipher text */
+ if (cSz != 0 && c != NULL) {
+ /* Update count of cipher text we have hashed. */
+ aes->cSz += cSz;
+ if (aes->cOver > 0) {
+ /* Calculate amount we can use - fill up the block. */
+ byte sz = AES_BLOCK_SIZE - aes->cOver;
+ if (sz > cSz) {
+ sz = cSz;
+ }
+ /* Encrypt some of the plaintext. */
+ xorbuf(AES_LASTGBLOCK(aes) + aes->cOver, p, sz);
+ XMEMCPY(c, AES_LASTGBLOCK(aes) + aes->cOver, sz);
+ /* Update count of unsed encrypted counter. */
+ aes->cOver += sz;
+ if (aes->cOver == AES_BLOCK_SIZE) {
+ /* We have filled up the block and can process. */
+ #ifdef HAVE_INTEL_AVX2
+ if (IS_INTEL_AVX2(intel_flags)) {
+ AES_GCM_ghash_block_avx2(AES_LASTGBLOCK(aes), AES_TAG(aes),
+ aes->H);
+ }
+ else
+ #endif
+ #ifdef HAVE_INTEL_AVX1
+ if (IS_INTEL_AVX1(intel_flags)) {
+ AES_GCM_ghash_block_avx1(AES_LASTGBLOCK(aes), AES_TAG(aes),
+ aes->H);
+ }
+ else
+ #endif
+ {
+ AES_GCM_ghash_block_aesni(AES_LASTGBLOCK(aes), AES_TAG(aes),
+ aes->H);
+ }
+ /* Reset count. */
+ aes->cOver = 0;
+ }
+ /* Used up some data. */
+ cSz -= sz;
+ p += sz;
+ c += sz;
+ }
+
+ /* Calculate number of blocks of plaintext and the leftover. */
+ blocks = cSz / AES_BLOCK_SIZE;
+ partial = cSz % AES_BLOCK_SIZE;
+ if (blocks > 0) {
+ /* Encrypt and GHASH full blocks now. */
+ #ifdef HAVE_INTEL_AVX2
+ if (IS_INTEL_AVX2(intel_flags)) {
+ AES_GCM_encrypt_update_avx2((byte*)aes->key, aes->rounds, c, p,
+ blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->H,
+ AES_COUNTER(aes));
+ }
+ else
+ #endif
+ #ifdef HAVE_INTEL_AVX1
+ if (IS_INTEL_AVX1(intel_flags)) {
+ AES_GCM_encrypt_update_avx1((byte*)aes->key, aes->rounds, c, p,
+ blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->H,
+ AES_COUNTER(aes));
+ }
+ else
+ #endif
+ {
+ AES_GCM_encrypt_update_aesni((byte*)aes->key, aes->rounds, c, p,
+ blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->H,
+ AES_COUNTER(aes));
+ }
+ /* Skip over to end of blocks. */
+ p += blocks * AES_BLOCK_SIZE;
+ c += blocks * AES_BLOCK_SIZE;
+ }
+ if (partial != 0) {
+ /* Encrypt the counter - XOR in zeros as proxy for plaintext. */
+ XMEMSET(AES_LASTGBLOCK(aes), 0, AES_BLOCK_SIZE);
+ #ifdef HAVE_INTEL_AVX2
+ if (IS_INTEL_AVX2(intel_flags)) {
+ AES_GCM_encrypt_block_avx2((byte*)aes->key, aes->rounds,
+ AES_LASTGBLOCK(aes), AES_LASTGBLOCK(aes), AES_COUNTER(aes));
+ }
+ else
+ #endif
+ #ifdef HAVE_INTEL_AVX1
+ if (IS_INTEL_AVX1(intel_flags)) {
+ AES_GCM_encrypt_block_avx1((byte*)aes->key, aes->rounds,
+ AES_LASTGBLOCK(aes), AES_LASTGBLOCK(aes), AES_COUNTER(aes));
+ }
+ else
+ #endif
+ {
+ AES_GCM_encrypt_block_aesni((byte*)aes->key, aes->rounds,
+ AES_LASTGBLOCK(aes), AES_LASTGBLOCK(aes), AES_COUNTER(aes));
+ }
+ /* XOR the remaining plaintext to calculate cipher text.
+ * Keep cipher text for GHASH of last partial block.
+ */
+ xorbuf(AES_LASTGBLOCK(aes), p, partial);
+ XMEMCPY(c, AES_LASTGBLOCK(aes), partial);
+ /* Update count of the block used. */
+ aes->cOver = (byte)partial;
+ }
+ }
+ RESTORE_VECTOR_REGISTERS();
+}
+
+/* Finalize the AES GCM for encryption and calculate the authentication tag.
+ *
+ * Calls AVX2, AVX1 or straight AES-NI optimized assembly code.
+ *
+ * @param [in, out] aes AES object.
+ * @param [in] authTag Buffer to hold authentication tag.
+ * @param [in] authTagSz Length of authentication tag in bytes.
+ * @return 0 on success.
+ */
+static void AesGcmEncryptFinal_aesni(Aes* aes, byte* authTag, word32 authTagSz)
+{
+ /* AAD block incomplete when > 0 */
+ byte over = aes->aOver;
+
+ SAVE_VECTOR_REGISTERS();
+ if (aes->cOver > 0) {
+ /* Cipher text block incomplete. */
+ over = aes->cOver;
+ }
+ if (over > 0) {
+ /* Fill the rest of the block with zeros. */
+ XMEMSET(AES_LASTGBLOCK(aes) + over, 0, AES_BLOCK_SIZE - over);
+ /* GHASH last cipher block. */
+ #ifdef HAVE_INTEL_AVX2
+ if (IS_INTEL_AVX2(intel_flags)) {
+ AES_GCM_ghash_block_avx2(AES_LASTGBLOCK(aes), AES_TAG(aes), aes->H);
+ }
+ else
+ #endif
+ #ifdef HAVE_INTEL_AVX1
+ if (IS_INTEL_AVX1(intel_flags)) {
+ AES_GCM_ghash_block_avx1(AES_LASTGBLOCK(aes), AES_TAG(aes), aes->H);
+ }
+ else
+ #endif
+ {
+ AES_GCM_ghash_block_aesni(AES_LASTGBLOCK(aes), AES_TAG(aes),
+ aes->H);
+ }
+ }
+ /* Calculate the authentication tag. */
+#ifdef HAVE_INTEL_AVX2
+ if (IS_INTEL_AVX2(intel_flags)) {
+ AES_GCM_encrypt_final_avx2(AES_TAG(aes), authTag, authTagSz, aes->cSz,
+ aes->aSz, aes->H, AES_INITCTR(aes));
+ }
+ else
+#endif
+#ifdef HAVE_INTEL_AVX1
+ if (IS_INTEL_AVX1(intel_flags)) {
+ AES_GCM_encrypt_final_avx1(AES_TAG(aes), authTag, authTagSz, aes->cSz,
+ aes->aSz, aes->H, AES_INITCTR(aes));
+ }
+ else
+#endif
+ {
+ AES_GCM_encrypt_final_aesni(AES_TAG(aes), authTag, authTagSz, aes->cSz,
+ aes->aSz, aes->H, AES_INITCTR(aes));
+ }
+ RESTORE_VECTOR_REGISTERS();
+}
+
+#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AESGCM_DECRYPT)
+/* Assembly code implementations in: aes_gcm_asm.S */
+#ifdef HAVE_INTEL_AVX2
+extern void AES_GCM_decrypt_update_avx2(const unsigned char* key, int nr,
+ unsigned char* out, const unsigned char* in, unsigned int nbytes,
+ unsigned char* tag, unsigned char* h, unsigned char* counter);
+extern void AES_GCM_decrypt_final_avx2(unsigned char* tag,
+ const unsigned char* authTag, unsigned int tbytes, unsigned int nbytes,
+ unsigned int abytes, unsigned char* h, unsigned char* initCtr, int* res);
+#endif
+#ifdef HAVE_INTEL_AVX1
+extern void AES_GCM_decrypt_update_avx1(const unsigned char* key, int nr,
+ unsigned char* out, const unsigned char* in, unsigned int nbytes,
+ unsigned char* tag, unsigned char* h, unsigned char* counter);
+extern void AES_GCM_decrypt_final_avx1(unsigned char* tag,
+ const unsigned char* authTag, unsigned int tbytes, unsigned int nbytes,
+ unsigned int abytes, unsigned char* h, unsigned char* initCtr, int* res);
+#endif
+extern void AES_GCM_decrypt_update_aesni(const unsigned char* key, int nr,
+ unsigned char* out, const unsigned char* in, unsigned int nbytes,
+ unsigned char* tag, unsigned char* h, unsigned char* counter);
+extern void AES_GCM_decrypt_final_aesni(unsigned char* tag,
+ const unsigned char* authTag, unsigned int tbytes, unsigned int nbytes,
+ unsigned int abytes, unsigned char* h, unsigned char* initCtr, int* res);
+
+/* Update the AES GCM for decryption with data and/or authentication data.
+ *
+ * @param [in, out] aes AES object.
+ * @param [out] p Buffer to hold plaintext.
+ * @param [in] c Buffer holding ciper text.
+ * @param [in] cSz Length of cipher text/plaintext in bytes.
+ * @param [in] a Buffer holding authentication data.
+ * @param [in] aSz Length of authentication data in bytes.
+ */
+static void AesGcmDecryptUpdate_aesni(Aes* aes, byte* p, const byte* c,
+ word32 cSz, const byte* a, word32 aSz)
+{
+ word32 blocks;
+ int partial;
+
+ SAVE_VECTOR_REGISTERS();
+ /* Hash in A, the Authentication Data */
+ AesGcmAadUpdate_aesni(aes, a, aSz, (cSz > 0) && (c != NULL));
+
+ /* Hash in C, the Cipher text, and decrypt. */
+ if (cSz != 0 && p != NULL) {
+ /* Update count of cipher text we have hashed. */
+ aes->cSz += cSz;
+ if (aes->cOver > 0) {
+ /* Calculate amount we can use - fill up the block. */
+ byte sz = AES_BLOCK_SIZE - aes->cOver;
+ if (sz > cSz) {
+ sz = cSz;
+ }
+ /* Keep a copy of the cipher text for GHASH. */
+ XMEMCPY(AES_LASTBLOCK(aes) + aes->cOver, c, sz);
+ /* Decrypt some of the cipher text. */
+ xorbuf(AES_LASTGBLOCK(aes) + aes->cOver, c, sz);
+ XMEMCPY(p, AES_LASTGBLOCK(aes) + aes->cOver, sz);
+ /* Update count of unsed encrypted counter. */
+ aes->cOver += sz;
+ if (aes->cOver == AES_BLOCK_SIZE) {
+ /* We have filled up the block and can process. */
+ #ifdef HAVE_INTEL_AVX2
+ if (IS_INTEL_AVX2(intel_flags)) {
+ AES_GCM_ghash_block_avx2(AES_LASTBLOCK(aes), AES_TAG(aes),
+ aes->H);
+ }
+ else
+ #endif
+ #ifdef HAVE_INTEL_AVX1
+ if (IS_INTEL_AVX1(intel_flags)) {
+ AES_GCM_ghash_block_avx1(AES_LASTBLOCK(aes), AES_TAG(aes),
+ aes->H);
+ }
+ else
+ #endif
+ {
+ AES_GCM_ghash_block_aesni(AES_LASTBLOCK(aes), AES_TAG(aes),
+ aes->H);
+ }
+ /* Reset count. */
+ aes->cOver = 0;
+ }
+ /* Used up some data. */
+ cSz -= sz;
+ c += sz;
+ p += sz;
+ }
+
+ /* Calculate number of blocks of plaintext and the leftover. */
+ blocks = cSz / AES_BLOCK_SIZE;
+ partial = cSz % AES_BLOCK_SIZE;
+ if (blocks > 0) {
+ /* Decrypt and GHASH full blocks now. */
+ #ifdef HAVE_INTEL_AVX2
+ if (IS_INTEL_AVX2(intel_flags)) {
+ AES_GCM_decrypt_update_avx2((byte*)aes->key, aes->rounds, p, c,
+ blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->H,
+ AES_COUNTER(aes));
+ }
+ else
+ #endif
+ #ifdef HAVE_INTEL_AVX1
+ if (IS_INTEL_AVX1(intel_flags)) {
+ AES_GCM_decrypt_update_avx1((byte*)aes->key, aes->rounds, p, c,
+ blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->H,
+ AES_COUNTER(aes));
+ }
+ else
+ #endif
+ {
+ AES_GCM_decrypt_update_aesni((byte*)aes->key, aes->rounds, p, c,
+ blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->H,
+ AES_COUNTER(aes));
+ }
+ /* Skip over to end of blocks. */
+ c += blocks * AES_BLOCK_SIZE;
+ p += blocks * AES_BLOCK_SIZE;
+ }
+ if (partial != 0) {
+ /* Encrypt the counter - XOR in zeros as proxy for cipher text. */
+ XMEMSET(AES_LASTGBLOCK(aes), 0, AES_BLOCK_SIZE);
+ #ifdef HAVE_INTEL_AVX2
+ if (IS_INTEL_AVX2(intel_flags)) {
+ AES_GCM_encrypt_block_avx2((byte*)aes->key, aes->rounds,
+ AES_LASTGBLOCK(aes), AES_LASTGBLOCK(aes), AES_COUNTER(aes));
+ }
+ else
+ #endif
+ #ifdef HAVE_INTEL_AVX1
+ if (IS_INTEL_AVX1(intel_flags)) {
+ AES_GCM_encrypt_block_avx1((byte*)aes->key, aes->rounds,
+ AES_LASTGBLOCK(aes), AES_LASTGBLOCK(aes), AES_COUNTER(aes));
+ }
+ else
+ #endif
+ {
+ AES_GCM_encrypt_block_aesni((byte*)aes->key, aes->rounds,
+ AES_LASTGBLOCK(aes), AES_LASTGBLOCK(aes), AES_COUNTER(aes));
+ }
+ /* Keep cipher text for GHASH of last partial block. */
+ XMEMCPY(AES_LASTBLOCK(aes), c, partial);
+ /* XOR the remaining cipher text to calculate plaintext. */
+ xorbuf(AES_LASTGBLOCK(aes), c, partial);
+ XMEMCPY(p, AES_LASTGBLOCK(aes), partial);
+ /* Update count of the block used. */
+ aes->cOver = (byte)partial;
+ }
+ }
+ RESTORE_VECTOR_REGISTERS();
+}
+
+/* Finalize the AES GCM for decryption and check the authentication tag.
+ *
+ * Calls AVX2, AVX1 or straight AES-NI optimized assembly code.
+ *
+ * @param [in, out] aes AES object.
+ * @param [in] authTag Buffer holding authentication tag.
+ * @param [in] authTagSz Length of authentication tag in bytes.
+ * @return 0 on success.
+ * @return AES_GCM_AUTH_E when authentication tag doesn't match calculated
+ * value.
+ */
+static int AesGcmDecryptFinal_aesni(Aes* aes, const byte* authTag,
+ word32 authTagSz)
+{
+ int ret = 0;
+ int res;
+ /* AAD block incomplete when > 0 */
+ byte over = aes->aOver;
+ byte *lastBlock = AES_LASTGBLOCK(aes);
+
+ SAVE_VECTOR_REGISTERS();
+ if (aes->cOver > 0) {
+ /* Cipher text block incomplete. */
+ over = aes->cOver;
+ lastBlock = AES_LASTBLOCK(aes);
+ }
+ if (over > 0) {
+ /* Zeroize the unused part of the block. */
+ XMEMSET(lastBlock + over, 0, AES_BLOCK_SIZE - over);
+ /* Hash the last block of cipher text. */
+ #ifdef HAVE_INTEL_AVX2
+ if (IS_INTEL_AVX2(intel_flags)) {
+ AES_GCM_ghash_block_avx2(lastBlock, AES_TAG(aes), aes->H);
+ }
+ else
+ #endif
+ #ifdef HAVE_INTEL_AVX1
+ if (IS_INTEL_AVX1(intel_flags)) {
+ AES_GCM_ghash_block_avx1(lastBlock, AES_TAG(aes), aes->H);
+ }
+ else
+ #endif
+ {
+ AES_GCM_ghash_block_aesni(lastBlock, AES_TAG(aes), aes->H);
+ }
+ }
+ /* Calculate and compare the authentication tag. */
+#ifdef HAVE_INTEL_AVX2
+ if (IS_INTEL_AVX2(intel_flags)) {
+ AES_GCM_decrypt_final_avx2(AES_TAG(aes), authTag, authTagSz, aes->cSz,
+ aes->aSz, aes->H, AES_INITCTR(aes), &res);
+ }
+ else
+#endif
+#ifdef HAVE_INTEL_AVX1
+ if (IS_INTEL_AVX1(intel_flags)) {
+ AES_GCM_decrypt_final_avx1(AES_TAG(aes), authTag, authTagSz, aes->cSz,
+ aes->aSz, aes->H, AES_INITCTR(aes), &res);
+ }
+ else
+#endif
+ {
+ AES_GCM_decrypt_final_aesni(AES_TAG(aes), authTag, authTagSz, aes->cSz,
+ aes->aSz, aes->H, AES_INITCTR(aes), &res);
+ }
+ RESTORE_VECTOR_REGISTERS();
+ /* Return error code when calculated doesn't match input. */
+ if (res == 0) {
+ ret = AES_GCM_AUTH_E;
+ }
+ return ret;
+}
+#endif /* HAVE_AES_DECRYPT || HAVE_AESGCM_DECRYPT */
+#endif /* WOLFSSL_AESNI */
+
+/* Initialize an AES GCM cipher for encryption or decryption.
+ *
+ * Must call wc_AesInit() before calling this function.
+ *
+ * @param [in, out] aes AES object.
+ * @param [in] key Buffer holding key.
+ * @param [in] len Length of key in bytes.
+ * @param [in] iv Buffer holding IV/nonce.
+ * @param [in] ivSz Length of IV/nonce in bytes.
+ * @return 0 on success.
+ * @return BAD_FUNC_ARG when aes is NULL, or a length is non-zero but buffer
+ * is NULL, or the IV is NULL and no previous IV has been set.
+ * @return MEMORY_E when dynamic memory allocation fails. (WOLFSSL_SMALL_STACK)
+ */
+int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv,
+ word32 ivSz)
+{
+ int ret = 0;
+
+ /* Check validity of parameters. */
+ if ((aes == NULL) || ((len > 0) && (key == NULL)) ||
+ ((ivSz == 0) && (iv != NULL)) || (ivSz > AES_BLOCK_SIZE) ||
+ ((ivSz > 0) && (iv == NULL))) {
+ ret = BAD_FUNC_ARG;
+ }
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI)
+ if ((ret == 0) && (aes->streamData == NULL)) {
+ /* Allocate buffers for streaming. */
+ aes->streamData = (byte*)XMALLOC(5 * AES_BLOCK_SIZE, aes->heap,
+ DYNAMIC_TYPE_AES);
+ if (aes->streamData == NULL) {
+ ret = MEMORY_E;
+ }
+ }
+#endif
+
+ /* Set the key if passed in. */
+ if ((ret == 0) && (key != NULL)) {
+ ret = wc_AesGcmSetKey(aes, key, len);
+ }
+
+ if (ret == 0) {
+ /* Setup with IV if needed. */
+ if (iv != NULL) {
+ /* Cache the IV in AES GCM object. */
+ XMEMCPY((byte*)aes->reg, iv, ivSz);
+ aes->nonceSz = ivSz;
+ }
+ else if (aes->nonceSz != 0) {
+ /* Copy out the cached copy. */
+ iv = (byte*)aes->reg;
+ ivSz = aes->nonceSz;
+ }
+
+ if (iv != NULL) {
+ /* Initialize with the IV. */
+ #ifdef WOLFSSL_AESNI
+ if (haveAESNI
+ #ifdef HAVE_INTEL_AVX2
+ || IS_INTEL_AVX2(intel_flags)
+ #endif
+ #ifdef HAVE_INTEL_AVX1
+ || IS_INTEL_AVX1(intel_flags)
+ #endif
+ ) {
+ AesGcmInit_aesni(aes, iv, ivSz);
+ }
+ else
+ #endif
+ {
+ AesGcmInit_C(aes, iv, ivSz);
+ }
+
+ aes->nonceSet = 1;
+ }
+ }
+
+ return ret;
+}
+
+/* Initialize an AES GCM cipher for encryption.
+ *
+ * Must call wc_AesInit() before calling this function.
+ *
+ * @param [in, out] aes AES object.
+ * @param [in] key Buffer holding key.
+ * @param [in] len Length of key in bytes.
+ * @param [in] iv Buffer holding IV/nonce.
+ * @param [in] ivSz Length of IV/nonce in bytes.
+ * @return 0 on success.
+ * @return BAD_FUNC_ARG when aes is NULL, or a length is non-zero but buffer
+ * is NULL, or the IV is NULL and no previous IV has been set.
+ */
+int wc_AesGcmEncryptInit(Aes* aes, const byte* key, word32 len, const byte* iv,
+ word32 ivSz)
+{
+ return wc_AesGcmInit(aes, key, len, iv, ivSz);
+}
+
+/* Initialize an AES GCM cipher for encryption or decryption. Get IV.
+ *
+ * Must call wc_AesInit() before calling this function.
+ *
+ * @param [in, out] aes AES object.
+ * @param [in] key Buffer holding key.
+ * @param [in] len Length of key in bytes.
+ * @param [in] iv Buffer holding IV/nonce.
+ * @param [in] ivSz Length of IV/nonce in bytes.
+ * @return 0 on success.
+ * @return BAD_FUNC_ARG when aes is NULL, or a length is non-zero but buffer
+ * is NULL, or the IV is NULL and no previous IV has been set.
+ */
+int wc_AesGcmEncryptInit_ex(Aes* aes, const byte* key, word32 len, byte* ivOut,
+ word32 ivOutSz)
+{
+ XMEMCPY(ivOut, aes->reg, ivOutSz);
+ return wc_AesGcmInit(aes, key, len, NULL, 0);
+}
+
+/* Update the AES GCM for encryption with data and/or authentication data.
+ *
+ * All the AAD must be passed to update before the plaintext.
+ * Last part of AAD can be passed with first part of plaintext.
+ *
+ * Must set key and IV before calling this function.
+ * Must call wc_AesGcmInit() before calling this function.
+ *
+ * @param [in, out] aes AES object.
+ * @param [out] out Buffer to hold cipher text.
+ * @param [in] in Buffer holding plaintext.
+ * @param [in] sz Length of plaintext in bytes.
+ * @param [in] authIn Buffer holding authentication data.
+ * @param [in] authInSz Length of authentication data in bytes.
+ * @return 0 on success.
+ * @return BAD_FUNC_ARG when aes is NULL, or a length is non-zero but buffer
+ * is NULL.
+ */
+int wc_AesGcmEncryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz,
+ const byte* authIn, word32 authInSz)
+{
+ int ret = 0;
+
+ /* Check validity of parameters. */
+ if ((aes == NULL) || ((authInSz > 0) && (authIn == NULL)) || ((sz > 0) &&
+ ((out == NULL) || (in == NULL)))) {
+ ret = BAD_FUNC_ARG;
+ }
+
+ /* Check key has been set. */
+ if ((ret == 0) && (!aes->gcmKeySet)) {
+ ret = MISSING_KEY;
+ }
+ /* Check IV has been set. */
+ if ((ret == 0) && (!aes->nonceSet)) {
+ ret = MISSING_IV;
+ }
+
+ if ((ret == 0) && aes->ctrSet && (aes->aSz == 0) && (aes->cSz == 0)) {
+ aes->invokeCtr[0]++;
+ if (aes->invokeCtr[0] == 0) {
+ aes->invokeCtr[1]++;
+ if (aes->invokeCtr[1] == 0)
+ ret = AES_GCM_OVERFLOW_E;
+ }
+ }
+
+ if (ret == 0) {
+ /* Encrypt with AAD and/or plaintext. */
+ #if defined(WOLFSSL_AESNI)
+ if (haveAESNI
+ #ifdef HAVE_INTEL_AVX2
+ || IS_INTEL_AVX2(intel_flags)
+ #endif
+ #ifdef HAVE_INTEL_AVX1
+ || IS_INTEL_AVX1(intel_flags)
+ #endif
+ ) {
+ AesGcmEncryptUpdate_aesni(aes, out, in, sz, authIn, authInSz);
+ }
+ else
+ #endif
+ {
+ /* Encrypt the plaintext. */
+ AesGcmCryptUpdate_C(aes, out, in, sz);
+ /* Update the authenication tag with any authentication data and the
+ * new cipher text. */
+ GHASH_UPDATE(aes, authIn, authInSz, out, sz);
+ }
+ }
+
+ return ret;
+}
+
+/* Finalize the AES GCM for encryption and return the authentication tag.
+ *
+ * Must set key and IV before calling this function.
+ * Must call wc_AesGcmInit() before calling this function.
+ *
+ * @param [in, out] aes AES object.
+ * @param [out] authTag Buffer to hold authentication tag.
+ * @param [in] authTagSz Length of authentication tag in bytes.
+ * @return 0 on success.
+ */
+int wc_AesGcmEncryptFinal(Aes* aes, byte* authTag, word32 authTagSz)
+{
+ int ret = 0;
+
+ /* Check validity of parameters. */
+ if ((aes == NULL) || (authTag == NULL) || (authTagSz > AES_BLOCK_SIZE) ||
+ (authTagSz == 0)) {
+ ret = BAD_FUNC_ARG;
+ }
+
+ /* Check key has been set. */
+ if ((ret == 0) && (!aes->gcmKeySet)) {
+ ret = MISSING_KEY;
+ }
+ /* Check IV has been set. */
+ if ((ret == 0) && (!aes->nonceSet)) {
+ ret = MISSING_IV;
+ }
+
+ if (ret == 0) {
+ /* Calculate authentication tag. */
+ #ifdef WOLFSSL_AESNI
+ if (haveAESNI
+ #ifdef HAVE_INTEL_AVX2
+ || IS_INTEL_AVX2(intel_flags)
+ #endif
+ #ifdef HAVE_INTEL_AVX1
+ || IS_INTEL_AVX1(intel_flags)
+ #endif
+ ) {
+ AesGcmEncryptFinal_aesni(aes, authTag, authTagSz);
+ }
+ else
+ #endif
+ {
+ AesGcmFinal_C(aes, authTag, authTagSz);
+ }
+ }
+
+ if ((ret == 0) && aes->ctrSet) {
+ IncCtr((byte*)aes->reg, aes->nonceSz);
+ }
+
+ return ret;
+}
+
+#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AESGCM_DECRYPT)
+/* Initialize an AES GCM cipher for decryption.
+ *
+ * Must call wc_AesInit() before calling this function.
+ *
+ * @param [in, out] aes AES object.
+ * @param [in] key Buffer holding key.
+ * @param [in] len Length of key in bytes.
+ * @param [in] iv Buffer holding IV/nonce.
+ * @param [in] ivSz Length of IV/nonce in bytes.
+ * @return 0 on success.
+ * @return BAD_FUNC_ARG when aes is NULL, or a length is non-zero but buffer
+ * is NULL, or the IV is NULL and no previous IV has been set.
+ */
+int wc_AesGcmDecryptInit(Aes* aes, const byte* key, word32 len, const byte* iv,
+ word32 ivSz)
+{
+ return wc_AesGcmInit(aes, key, len, iv, ivSz);
+}
+
+/* Update the AES GCM for decryption with data and/or authentication data.
+ *
+ * All the AAD must be passed to update before the cipher text.
+ * Last part of AAD can be passed with first part of cipher text.
+ *
+ * Must set key and IV before calling this function.
+ * Must call wc_AesGcmInit() before calling this function.
+ *
+ * @param [in, out] aes AES object.
+ * @param [out] out Buffer to hold plaintext.
+ * @param [in] in Buffer holding cipher text.
+ * @param [in] sz Length of cipher text in bytes.
+ * @param [in] authIn Buffer holding authentication data.
+ * @param [in] authInSz Length of authentication data in bytes.
+ * @return 0 on success.
+ * @return BAD_FUNC_ARG when aes is NULL, or a length is non-zero but buffer
+ * is NULL.
+ */
+int wc_AesGcmDecryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz,
+ const byte* authIn, word32 authInSz)
+{
+ int ret = 0;
+
+ /* Check validity of parameters. */
+ if ((aes == NULL) || ((authInSz > 0) && (authIn == NULL)) || ((sz > 0) &&
+ ((out == NULL) || (in == NULL)))) {
+ ret = BAD_FUNC_ARG;
+ }
+
+ /* Check key has been set. */
+ if ((ret == 0) && (!aes->gcmKeySet)) {
+ ret = MISSING_KEY;
+ }
+ /* Check IV has been set. */
+ if ((ret == 0) && (!aes->nonceSet)) {
+ ret = MISSING_IV;
+ }
+
+ if (ret == 0) {
+ /* Decrypt with AAD and/or cipher text. */
+ #if defined(WOLFSSL_AESNI)
+ if (haveAESNI
+ #ifdef HAVE_INTEL_AVX2
+ || IS_INTEL_AVX2(intel_flags)
+ #endif
+ #ifdef HAVE_INTEL_AVX1
+ || IS_INTEL_AVX1(intel_flags)
+ #endif
+ ) {
+ AesGcmDecryptUpdate_aesni(aes, out, in, sz, authIn, authInSz);
+ }
+ else
+ #endif
+ {
+ /* Update the authenication tag with any authentication data and
+ * cipher text. */
+ GHASH_UPDATE(aes, authIn, authInSz, in, sz);
+ /* Decrypt the cipher text. */
+ AesGcmCryptUpdate_C(aes, out, in, sz);
+ }
+ }
+
+ return ret;
+}
+
+/* Finalize the AES GCM for decryption and check the authentication tag.
+ *
+ * Must set key and IV before calling this function.
+ * Must call wc_AesGcmInit() before calling this function.
+ *
+ * @param [in, out] aes AES object.
+ * @param [in] authTag Buffer holding authentication tag.
+ * @param [in] authTagSz Length of authentication tag in bytes.
+ * @return 0 on success.
+ */
+int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz)
+{
+ int ret = 0;
+
+ /* Check validity of parameters. */
+ if ((aes == NULL) || (authTag == NULL) || (authTagSz > AES_BLOCK_SIZE) ||
+ (authTagSz == 0)) {
+ ret = BAD_FUNC_ARG;
+ }
+
+ /* Check key has been set. */
+ if ((ret == 0) && (!aes->gcmKeySet)) {
+ ret = MISSING_KEY;
+ }
+ /* Check IV has been set. */
+ if ((ret == 0) && (!aes->nonceSet)) {
+ ret = MISSING_IV;
+ }
+
+ if (ret == 0) {
+ /* Calculate authentication tag and compare with one passed in.. */
+ #ifdef WOLFSSL_AESNI
+ if (haveAESNI
+ #ifdef HAVE_INTEL_AVX2
+ || IS_INTEL_AVX2(intel_flags)
+ #endif
+ #ifdef HAVE_INTEL_AVX1
+ || IS_INTEL_AVX1(intel_flags)
+ #endif
+ ) {
+ ret = AesGcmDecryptFinal_aesni(aes, authTag, authTagSz);
+ }
+ else
+ #endif
+ {
+ ALIGN32 byte calcTag[AES_BLOCK_SIZE];
+ /* Calculate authentication tag. */
+ AesGcmFinal_C(aes, calcTag, authTagSz);
+ /* Check calculated tag matches the one passed in. */
+ if (ConstantCompare(authTag, calcTag, authTagSz) != 0) {
+ ret = AES_GCM_AUTH_E;
+ }
+ }
+ }
+
+ return ret;
+}
+#endif /* HAVE_AES_DECRYPT || HAVE_AESGCM_DECRYPT */
+#endif /* WOLFSSL_AESGCM_STREAM */
#endif /* WOLFSSL_XILINX_CRYPT */
#endif /* end of block for AESGCM implementation selection */
@@ -7411,6 +9041,9 @@ int wc_AesGcmSetExtIV(Aes* aes, const byte* iv, word32 ivSz)
* counter to 32-bits. (SP 800-38D 8.3) */
aes->invokeCtr[0] = 0;
aes->invokeCtr[1] = (ivSz == GCM_NONCE_MID_SZ) ? 0 : 0xFFFFFFFF;
+ #ifdef WOLFSSL_AESGCM_STREAM
+ aes->ctrSet = 1;
+ #endif
aes->nonceSz = ivSz;
}
@@ -7448,6 +9081,9 @@ int wc_AesGcmSetIV(Aes* aes, word32 ivSz,
* counter to 32-bits. (SP 800-38D 8.3) */
aes->invokeCtr[0] = 0;
aes->invokeCtr[1] = (ivSz == GCM_NONCE_MID_SZ) ? 0 : 0xFFFFFFFF;
+ #ifdef WOLFSSL_AESGCM_STREAM
+ aes->ctrSet = 1;
+ #endif
aes->nonceSz = ivSz;
}
@@ -7734,7 +9370,7 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
if (status != 0) {
return status;
}
-
+
status = wolfSSL_CryptHwMutexLock();
if (status != 0)
return status;
@@ -8210,6 +9846,18 @@ int wc_AesInit(Aes* aes, void* heap, int devId)
aes->aadLen = 0;
#endif
#endif
+
+#ifdef WOLFSSL_AESGCM_STREAM
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI)
+ aes->streamData = NULL;
+#endif
+ aes->keylen = 0;
+ aes->nonceSz = 0;
+ aes->gcmKeySet = 0;
+ aes->nonceSet = 0;
+ aes->ctrSet = 0;
+#endif
+
return ret;
}
@@ -8288,6 +9936,12 @@ void wc_AesFree(Aes* aes)
#if defined(WOLFSSL_IMXRT_DCP)
DCPAesFree(aes);
#endif
+#if defined(WOLFSSL_AESGCM_STREAM) && defined(WOLFSSL_SMALL_STACK) && \
+ !defined(WOLFSSL_AESNI)
+ if (aes->streamData != NULL) {
+ XFREE(aes->streamData, aes->heap, DYNAMIC_TYPE_AES);
+ }
+#endif
}
diff --git a/wolfcrypt/src/aes_gcm_asm.S b/wolfcrypt/src/aes_gcm_asm.S
index 53546af66..1a1641056 100644
--- a/wolfcrypt/src/aes_gcm_asm.S
+++ b/wolfcrypt/src/aes_gcm_asm.S
@@ -3418,6 +3418,2778 @@ L_AES_GCM_decrypt_cmp_tag_done:
#ifndef __APPLE__
.size AES_GCM_decrypt,.-AES_GCM_decrypt
#endif /* __APPLE__ */
+#ifdef WOLFSSL_AESGCM_STREAM
+#ifndef __APPLE__
+.text
+.globl AES_GCM_init_aesni
+.type AES_GCM_init_aesni,@function
+.align 16
+AES_GCM_init_aesni:
+#else
+.section __TEXT,__text
+.globl _AES_GCM_init_aesni
+.p2align 4
+_AES_GCM_init_aesni:
+#endif /* __APPLE__ */
+ pushq %r12
+ pushq %r13
+ pushq %r14
+ movq %rdx, %r10
+ movl %ecx, %r11d
+ movq 32(%rsp), %rax
+ subq $16, %rsp
+ pxor %xmm4, %xmm4
+ movl %r11d, %edx
+ cmpl $12, %edx
+ jne L_AES_GCM_init_aesni_iv_not_12
+ # # Calculate values when IV is 12 bytes
+ # Set counter based on IV
+ movl $0x1000000, %ecx
+ pinsrq $0x00, (%r10), %xmm4
+ pinsrd $2, 8(%r10), %xmm4
+ pinsrd $3, %ecx, %xmm4
+ # H = Encrypt X(=0) and T = Encrypt counter
+ movdqa %xmm4, %xmm1
+ movdqa (%rdi), %xmm5
+ pxor %xmm5, %xmm1
+ movdqa 16(%rdi), %xmm7
+ aesenc %xmm7, %xmm5
+ aesenc %xmm7, %xmm1
+ movdqa 32(%rdi), %xmm7
+ aesenc %xmm7, %xmm5
+ aesenc %xmm7, %xmm1
+ movdqa 48(%rdi), %xmm7
+ aesenc %xmm7, %xmm5
+ aesenc %xmm7, %xmm1
+ movdqa 64(%rdi), %xmm7
+ aesenc %xmm7, %xmm5
+ aesenc %xmm7, %xmm1
+ movdqa 80(%rdi), %xmm7
+ aesenc %xmm7, %xmm5
+ aesenc %xmm7, %xmm1
+ movdqa 96(%rdi), %xmm7
+ aesenc %xmm7, %xmm5
+ aesenc %xmm7, %xmm1
+ movdqa 112(%rdi), %xmm7
+ aesenc %xmm7, %xmm5
+ aesenc %xmm7, %xmm1
+ movdqa 128(%rdi), %xmm7
+ aesenc %xmm7, %xmm5
+ aesenc %xmm7, %xmm1
+ movdqa 144(%rdi), %xmm7
+ aesenc %xmm7, %xmm5
+ aesenc %xmm7, %xmm1
+ cmpl $11, %esi
+ movdqa 160(%rdi), %xmm7
+ jl L_AES_GCM_init_aesni_calc_iv_12_last
+ aesenc %xmm7, %xmm5
+ aesenc %xmm7, %xmm1
+ movdqa 176(%rdi), %xmm7
+ aesenc %xmm7, %xmm5
+ aesenc %xmm7, %xmm1
+ cmpl $13, %esi
+ movdqa 192(%rdi), %xmm7
+ jl L_AES_GCM_init_aesni_calc_iv_12_last
+ aesenc %xmm7, %xmm5
+ aesenc %xmm7, %xmm1
+ movdqa 208(%rdi), %xmm7
+ aesenc %xmm7, %xmm5
+ aesenc %xmm7, %xmm1
+ movdqa 224(%rdi), %xmm7
+L_AES_GCM_init_aesni_calc_iv_12_last:
+ aesenclast %xmm7, %xmm5
+ aesenclast %xmm7, %xmm1
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm5
+ movdqa %xmm1, %xmm15
+ jmp L_AES_GCM_init_aesni_iv_done
+L_AES_GCM_init_aesni_iv_not_12:
+ # Calculate values when IV is not 12 bytes
+ # H = Encrypt X(=0)
+ movdqa (%rdi), %xmm5
+ aesenc 16(%rdi), %xmm5
+ aesenc 32(%rdi), %xmm5
+ aesenc 48(%rdi), %xmm5
+ aesenc 64(%rdi), %xmm5
+ aesenc 80(%rdi), %xmm5
+ aesenc 96(%rdi), %xmm5
+ aesenc 112(%rdi), %xmm5
+ aesenc 128(%rdi), %xmm5
+ aesenc 144(%rdi), %xmm5
+ cmpl $11, %esi
+ movdqa 160(%rdi), %xmm9
+ jl L_AES_GCM_init_aesni_calc_iv_1_aesenc_avx_last
+ aesenc %xmm9, %xmm5
+ aesenc 176(%rdi), %xmm5
+ cmpl $13, %esi
+ movdqa 192(%rdi), %xmm9
+ jl L_AES_GCM_init_aesni_calc_iv_1_aesenc_avx_last
+ aesenc %xmm9, %xmm5
+ aesenc 208(%rdi), %xmm5
+ movdqa 224(%rdi), %xmm9
+L_AES_GCM_init_aesni_calc_iv_1_aesenc_avx_last:
+ aesenclast %xmm9, %xmm5
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm5
+ # Calc counter
+ # Initialization vector
+ cmpl $0x00, %edx
+ movq $0x00, %rcx
+ je L_AES_GCM_init_aesni_calc_iv_done
+ cmpl $16, %edx
+ jl L_AES_GCM_init_aesni_calc_iv_lt16
+ andl $0xfffffff0, %edx
+L_AES_GCM_init_aesni_calc_iv_16_loop:
+ movdqu (%r10,%rcx,1), %xmm8
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm8
+ pxor %xmm8, %xmm4
+ pshufd $0x4e, %xmm4, %xmm1
+ pshufd $0x4e, %xmm5, %xmm2
+ movdqa %xmm5, %xmm3
+ movdqa %xmm5, %xmm0
+ pclmulqdq $0x11, %xmm4, %xmm3
+ pclmulqdq $0x00, %xmm4, %xmm0
+ pxor %xmm4, %xmm1
+ pxor %xmm5, %xmm2
+ pclmulqdq $0x00, %xmm2, %xmm1
+ pxor %xmm0, %xmm1
+ pxor %xmm3, %xmm1
+ movdqa %xmm1, %xmm2
+ movdqa %xmm0, %xmm7
+ movdqa %xmm3, %xmm4
+ pslldq $8, %xmm2
+ psrldq $8, %xmm1
+ pxor %xmm2, %xmm7
+ pxor %xmm1, %xmm4
+ movdqa %xmm7, %xmm0
+ movdqa %xmm4, %xmm1
+ psrld $31, %xmm0
+ psrld $31, %xmm1
+ pslld $0x01, %xmm7
+ pslld $0x01, %xmm4
+ movdqa %xmm0, %xmm2
+ pslldq $4, %xmm0
+ psrldq $12, %xmm2
+ pslldq $4, %xmm1
+ por %xmm2, %xmm4
+ por %xmm0, %xmm7
+ por %xmm1, %xmm4
+ movdqa %xmm7, %xmm0
+ movdqa %xmm7, %xmm1
+ movdqa %xmm7, %xmm2
+ pslld $31, %xmm0
+ pslld $30, %xmm1
+ pslld $25, %xmm2
+ pxor %xmm1, %xmm0
+ pxor %xmm2, %xmm0
+ movdqa %xmm0, %xmm1
+ psrldq $4, %xmm1
+ pslldq $12, %xmm0
+ pxor %xmm0, %xmm7
+ movdqa %xmm7, %xmm2
+ movdqa %xmm7, %xmm3
+ movdqa %xmm7, %xmm0
+ psrld $0x01, %xmm2
+ psrld $2, %xmm3
+ psrld $7, %xmm0
+ pxor %xmm3, %xmm2
+ pxor %xmm0, %xmm2
+ pxor %xmm1, %xmm2
+ pxor %xmm7, %xmm2
+ pxor %xmm2, %xmm4
+ addl $16, %ecx
+ cmpl %edx, %ecx
+ jl L_AES_GCM_init_aesni_calc_iv_16_loop
+ movl %r11d, %edx
+ cmpl %edx, %ecx
+ je L_AES_GCM_init_aesni_calc_iv_done
+L_AES_GCM_init_aesni_calc_iv_lt16:
+ subq $16, %rsp
+ pxor %xmm8, %xmm8
+ xorl %r13d, %r13d
+ movdqa %xmm8, (%rsp)
+L_AES_GCM_init_aesni_calc_iv_loop:
+ movzbl (%r10,%rcx,1), %r12d
+ movb %r12b, (%rsp,%r13,1)
+ incl %ecx
+ incl %r13d
+ cmpl %edx, %ecx
+ jl L_AES_GCM_init_aesni_calc_iv_loop
+ movdqa (%rsp), %xmm8
+ addq $16, %rsp
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm8
+ pxor %xmm8, %xmm4
+ pshufd $0x4e, %xmm4, %xmm1
+ pshufd $0x4e, %xmm5, %xmm2
+ movdqa %xmm5, %xmm3
+ movdqa %xmm5, %xmm0
+ pclmulqdq $0x11, %xmm4, %xmm3
+ pclmulqdq $0x00, %xmm4, %xmm0
+ pxor %xmm4, %xmm1
+ pxor %xmm5, %xmm2
+ pclmulqdq $0x00, %xmm2, %xmm1
+ pxor %xmm0, %xmm1
+ pxor %xmm3, %xmm1
+ movdqa %xmm1, %xmm2
+ movdqa %xmm0, %xmm7
+ movdqa %xmm3, %xmm4
+ pslldq $8, %xmm2
+ psrldq $8, %xmm1
+ pxor %xmm2, %xmm7
+ pxor %xmm1, %xmm4
+ movdqa %xmm7, %xmm0
+ movdqa %xmm4, %xmm1
+ psrld $31, %xmm0
+ psrld $31, %xmm1
+ pslld $0x01, %xmm7
+ pslld $0x01, %xmm4
+ movdqa %xmm0, %xmm2
+ pslldq $4, %xmm0
+ psrldq $12, %xmm2
+ pslldq $4, %xmm1
+ por %xmm2, %xmm4
+ por %xmm0, %xmm7
+ por %xmm1, %xmm4
+ movdqa %xmm7, %xmm0
+ movdqa %xmm7, %xmm1
+ movdqa %xmm7, %xmm2
+ pslld $31, %xmm0
+ pslld $30, %xmm1
+ pslld $25, %xmm2
+ pxor %xmm1, %xmm0
+ pxor %xmm2, %xmm0
+ movdqa %xmm0, %xmm1
+ psrldq $4, %xmm1
+ pslldq $12, %xmm0
+ pxor %xmm0, %xmm7
+ movdqa %xmm7, %xmm2
+ movdqa %xmm7, %xmm3
+ movdqa %xmm7, %xmm0
+ psrld $0x01, %xmm2
+ psrld $2, %xmm3
+ psrld $7, %xmm0
+ pxor %xmm3, %xmm2
+ pxor %xmm0, %xmm2
+ pxor %xmm1, %xmm2
+ pxor %xmm7, %xmm2
+ pxor %xmm2, %xmm4
+L_AES_GCM_init_aesni_calc_iv_done:
+ # T = Encrypt counter
+ pxor %xmm0, %xmm0
+ shll $3, %edx
+ pinsrq $0x00, %rdx, %xmm0
+ pxor %xmm0, %xmm4
+ pshufd $0x4e, %xmm4, %xmm1
+ pshufd $0x4e, %xmm5, %xmm2
+ movdqa %xmm5, %xmm3
+ movdqa %xmm5, %xmm0
+ pclmulqdq $0x11, %xmm4, %xmm3
+ pclmulqdq $0x00, %xmm4, %xmm0
+ pxor %xmm4, %xmm1
+ pxor %xmm5, %xmm2
+ pclmulqdq $0x00, %xmm2, %xmm1
+ pxor %xmm0, %xmm1
+ pxor %xmm3, %xmm1
+ movdqa %xmm1, %xmm2
+ movdqa %xmm0, %xmm7
+ movdqa %xmm3, %xmm4
+ pslldq $8, %xmm2
+ psrldq $8, %xmm1
+ pxor %xmm2, %xmm7
+ pxor %xmm1, %xmm4
+ movdqa %xmm7, %xmm0
+ movdqa %xmm4, %xmm1
+ psrld $31, %xmm0
+ psrld $31, %xmm1
+ pslld $0x01, %xmm7
+ pslld $0x01, %xmm4
+ movdqa %xmm0, %xmm2
+ pslldq $4, %xmm0
+ psrldq $12, %xmm2
+ pslldq $4, %xmm1
+ por %xmm2, %xmm4
+ por %xmm0, %xmm7
+ por %xmm1, %xmm4
+ movdqa %xmm7, %xmm0
+ movdqa %xmm7, %xmm1
+ movdqa %xmm7, %xmm2
+ pslld $31, %xmm0
+ pslld $30, %xmm1
+ pslld $25, %xmm2
+ pxor %xmm1, %xmm0
+ pxor %xmm2, %xmm0
+ movdqa %xmm0, %xmm1
+ psrldq $4, %xmm1
+ pslldq $12, %xmm0
+ pxor %xmm0, %xmm7
+ movdqa %xmm7, %xmm2
+ movdqa %xmm7, %xmm3
+ movdqa %xmm7, %xmm0
+ psrld $0x01, %xmm2
+ psrld $2, %xmm3
+ psrld $7, %xmm0
+ pxor %xmm3, %xmm2
+ pxor %xmm0, %xmm2
+ pxor %xmm1, %xmm2
+ pxor %xmm7, %xmm2
+ pxor %xmm2, %xmm4
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm4
+ # Encrypt counter
+ movdqa (%rdi), %xmm8
+ pxor %xmm4, %xmm8
+ aesenc 16(%rdi), %xmm8
+ aesenc 32(%rdi), %xmm8
+ aesenc 48(%rdi), %xmm8
+ aesenc 64(%rdi), %xmm8
+ aesenc 80(%rdi), %xmm8
+ aesenc 96(%rdi), %xmm8
+ aesenc 112(%rdi), %xmm8
+ aesenc 128(%rdi), %xmm8
+ aesenc 144(%rdi), %xmm8
+ cmpl $11, %esi
+ movdqa 160(%rdi), %xmm9
+ jl L_AES_GCM_init_aesni_calc_iv_2_aesenc_avx_last
+ aesenc %xmm9, %xmm8
+ aesenc 176(%rdi), %xmm8
+ cmpl $13, %esi
+ movdqa 192(%rdi), %xmm9
+ jl L_AES_GCM_init_aesni_calc_iv_2_aesenc_avx_last
+ aesenc %xmm9, %xmm8
+ aesenc 208(%rdi), %xmm8
+ movdqa 224(%rdi), %xmm9
+L_AES_GCM_init_aesni_calc_iv_2_aesenc_avx_last:
+ aesenclast %xmm9, %xmm8
+ movdqa %xmm8, %xmm15
+L_AES_GCM_init_aesni_iv_done:
+ movdqa %xmm15, (%rax)
+ pshufb L_aes_gcm_bswap_epi64(%rip), %xmm4
+ paddd L_aes_gcm_one(%rip), %xmm4
+ movdqa %xmm5, (%r8)
+ movdqa %xmm4, (%r9)
+ addq $16, %rsp
+ popq %r14
+ popq %r13
+ popq %r12
+ repz retq
+#ifndef __APPLE__
+.size AES_GCM_init_aesni,.-AES_GCM_init_aesni
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl AES_GCM_aad_update_aesni
+.type AES_GCM_aad_update_aesni,@function
+.align 16
+AES_GCM_aad_update_aesni:
+#else
+.section __TEXT,__text
+.globl _AES_GCM_aad_update_aesni
+.p2align 4
+_AES_GCM_aad_update_aesni:
+#endif /* __APPLE__ */
+ movq %rcx, %rax
+ movdqa (%rdx), %xmm5
+ movdqa (%rax), %xmm6
+ xorl %ecx, %ecx
+L_AES_GCM_aad_update_aesni_16_loop:
+ movdqu (%rdi,%rcx,1), %xmm8
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm8
+ pxor %xmm8, %xmm5
+ pshufd $0x4e, %xmm5, %xmm1
+ pshufd $0x4e, %xmm6, %xmm2
+ movdqa %xmm6, %xmm3
+ movdqa %xmm6, %xmm0
+ pclmulqdq $0x11, %xmm5, %xmm3
+ pclmulqdq $0x00, %xmm5, %xmm0
+ pxor %xmm5, %xmm1
+ pxor %xmm6, %xmm2
+ pclmulqdq $0x00, %xmm2, %xmm1
+ pxor %xmm0, %xmm1
+ pxor %xmm3, %xmm1
+ movdqa %xmm1, %xmm2
+ movdqa %xmm0, %xmm4
+ movdqa %xmm3, %xmm5
+ pslldq $8, %xmm2
+ psrldq $8, %xmm1
+ pxor %xmm2, %xmm4
+ pxor %xmm1, %xmm5
+ movdqa %xmm4, %xmm0
+ movdqa %xmm5, %xmm1
+ psrld $31, %xmm0
+ psrld $31, %xmm1
+ pslld $0x01, %xmm4
+ pslld $0x01, %xmm5
+ movdqa %xmm0, %xmm2
+ pslldq $4, %xmm0
+ psrldq $12, %xmm2
+ pslldq $4, %xmm1
+ por %xmm2, %xmm5
+ por %xmm0, %xmm4
+ por %xmm1, %xmm5
+ movdqa %xmm4, %xmm0
+ movdqa %xmm4, %xmm1
+ movdqa %xmm4, %xmm2
+ pslld $31, %xmm0
+ pslld $30, %xmm1
+ pslld $25, %xmm2
+ pxor %xmm1, %xmm0
+ pxor %xmm2, %xmm0
+ movdqa %xmm0, %xmm1
+ psrldq $4, %xmm1
+ pslldq $12, %xmm0
+ pxor %xmm0, %xmm4
+ movdqa %xmm4, %xmm2
+ movdqa %xmm4, %xmm3
+ movdqa %xmm4, %xmm0
+ psrld $0x01, %xmm2
+ psrld $2, %xmm3
+ psrld $7, %xmm0
+ pxor %xmm3, %xmm2
+ pxor %xmm0, %xmm2
+ pxor %xmm1, %xmm2
+ pxor %xmm4, %xmm2
+ pxor %xmm2, %xmm5
+ addl $16, %ecx
+ cmpl %esi, %ecx
+ jl L_AES_GCM_aad_update_aesni_16_loop
+ movdqa %xmm5, (%rdx)
+ repz retq
+#ifndef __APPLE__
+.size AES_GCM_aad_update_aesni,.-AES_GCM_aad_update_aesni
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl AES_GCM_encrypt_block_aesni
+.type AES_GCM_encrypt_block_aesni,@function
+.align 16
+AES_GCM_encrypt_block_aesni:
+#else
+.section __TEXT,__text
+.globl _AES_GCM_encrypt_block_aesni
+.p2align 4
+_AES_GCM_encrypt_block_aesni:
+#endif /* __APPLE__ */
+ movq %rdx, %r10
+ movq %rcx, %r11
+ movdqa (%r8), %xmm8
+ movdqa %xmm8, %xmm9
+ pshufb L_aes_gcm_bswap_epi64(%rip), %xmm8
+ paddd L_aes_gcm_one(%rip), %xmm9
+ pxor (%rdi), %xmm8
+ movdqa %xmm9, (%r8)
+ aesenc 16(%rdi), %xmm8
+ aesenc 32(%rdi), %xmm8
+ aesenc 48(%rdi), %xmm8
+ aesenc 64(%rdi), %xmm8
+ aesenc 80(%rdi), %xmm8
+ aesenc 96(%rdi), %xmm8
+ aesenc 112(%rdi), %xmm8
+ aesenc 128(%rdi), %xmm8
+ aesenc 144(%rdi), %xmm8
+ cmpl $11, %esi
+ movdqa 160(%rdi), %xmm9
+ jl L_AES_GCM_encrypt_block_aesni_aesenc_block_aesenc_avx_last
+ aesenc %xmm9, %xmm8
+ aesenc 176(%rdi), %xmm8
+ cmpl $13, %esi
+ movdqa 192(%rdi), %xmm9
+ jl L_AES_GCM_encrypt_block_aesni_aesenc_block_aesenc_avx_last
+ aesenc %xmm9, %xmm8
+ aesenc 208(%rdi), %xmm8
+ movdqa 224(%rdi), %xmm9
+L_AES_GCM_encrypt_block_aesni_aesenc_block_aesenc_avx_last:
+ aesenclast %xmm9, %xmm8
+ movdqu (%r11), %xmm9
+ pxor %xmm9, %xmm8
+ movdqu %xmm8, (%r10)
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm8
+ repz retq
+#ifndef __APPLE__
+.size AES_GCM_encrypt_block_aesni,.-AES_GCM_encrypt_block_aesni
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl AES_GCM_ghash_block_aesni
+.type AES_GCM_ghash_block_aesni,@function
+.align 16
+AES_GCM_ghash_block_aesni:
+#else
+.section __TEXT,__text
+.globl _AES_GCM_ghash_block_aesni
+.p2align 4
+_AES_GCM_ghash_block_aesni:
+#endif /* __APPLE__ */
+ movdqa (%rsi), %xmm4
+ movdqa (%rdx), %xmm5
+ movdqu (%rdi), %xmm8
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm8
+ pxor %xmm8, %xmm4
+ pshufd $0x4e, %xmm4, %xmm1
+ pshufd $0x4e, %xmm5, %xmm2
+ movdqa %xmm5, %xmm3
+ movdqa %xmm5, %xmm0
+ pclmulqdq $0x11, %xmm4, %xmm3
+ pclmulqdq $0x00, %xmm4, %xmm0
+ pxor %xmm4, %xmm1
+ pxor %xmm5, %xmm2
+ pclmulqdq $0x00, %xmm2, %xmm1
+ pxor %xmm0, %xmm1
+ pxor %xmm3, %xmm1
+ movdqa %xmm1, %xmm2
+ movdqa %xmm0, %xmm6
+ movdqa %xmm3, %xmm4
+ pslldq $8, %xmm2
+ psrldq $8, %xmm1
+ pxor %xmm2, %xmm6
+ pxor %xmm1, %xmm4
+ movdqa %xmm6, %xmm0
+ movdqa %xmm4, %xmm1
+ psrld $31, %xmm0
+ psrld $31, %xmm1
+ pslld $0x01, %xmm6
+ pslld $0x01, %xmm4
+ movdqa %xmm0, %xmm2
+ pslldq $4, %xmm0
+ psrldq $12, %xmm2
+ pslldq $4, %xmm1
+ por %xmm2, %xmm4
+ por %xmm0, %xmm6
+ por %xmm1, %xmm4
+ movdqa %xmm6, %xmm0
+ movdqa %xmm6, %xmm1
+ movdqa %xmm6, %xmm2
+ pslld $31, %xmm0
+ pslld $30, %xmm1
+ pslld $25, %xmm2
+ pxor %xmm1, %xmm0
+ pxor %xmm2, %xmm0
+ movdqa %xmm0, %xmm1
+ psrldq $4, %xmm1
+ pslldq $12, %xmm0
+ pxor %xmm0, %xmm6
+ movdqa %xmm6, %xmm2
+ movdqa %xmm6, %xmm3
+ movdqa %xmm6, %xmm0
+ psrld $0x01, %xmm2
+ psrld $2, %xmm3
+ psrld $7, %xmm0
+ pxor %xmm3, %xmm2
+ pxor %xmm0, %xmm2
+ pxor %xmm1, %xmm2
+ pxor %xmm6, %xmm2
+ pxor %xmm2, %xmm4
+ movdqa %xmm4, (%rsi)
+ repz retq
+#ifndef __APPLE__
+.size AES_GCM_ghash_block_aesni,.-AES_GCM_ghash_block_aesni
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl AES_GCM_encrypt_update_aesni
+.type AES_GCM_encrypt_update_aesni,@function
+.align 16
+AES_GCM_encrypt_update_aesni:
+#else
+.section __TEXT,__text
+.globl _AES_GCM_encrypt_update_aesni
+.p2align 4
+_AES_GCM_encrypt_update_aesni:
+#endif /* __APPLE__ */
+ pushq %r13
+ pushq %r12
+ pushq %r14
+ movq %rdx, %r10
+ movq %rcx, %r11
+ movq 32(%rsp), %rax
+ movq 40(%rsp), %r12
+ subq $0xa0, %rsp
+ movdqa (%r9), %xmm6
+ movdqa (%rax), %xmm5
+ movdqa %xmm5, %xmm9
+ movdqa %xmm5, %xmm8
+ psrlq $63, %xmm9
+ psllq $0x01, %xmm8
+ pslldq $8, %xmm9
+ por %xmm9, %xmm8
+ pshufd $0xff, %xmm5, %xmm5
+ psrad $31, %xmm5
+ pand L_aes_gcm_mod2_128(%rip), %xmm5
+ pxor %xmm8, %xmm5
+ xorq %r14, %r14
+ cmpl $0x80, %r8d
+ movl %r8d, %r13d
+ jl L_AES_GCM_encrypt_update_aesni_done_128
+ andl $0xffffff80, %r13d
+ movdqa %xmm6, %xmm2
+ # H ^ 1
+ movdqa %xmm5, (%rsp)
+ # H ^ 2
+ pshufd $0x4e, %xmm5, %xmm9
+ pshufd $0x4e, %xmm5, %xmm10
+ movdqa %xmm5, %xmm11
+ movdqa %xmm5, %xmm8
+ pclmulqdq $0x11, %xmm5, %xmm11
+ pclmulqdq $0x00, %xmm5, %xmm8
+ pxor %xmm5, %xmm9
+ pxor %xmm5, %xmm10
+ pclmulqdq $0x00, %xmm10, %xmm9
+ pxor %xmm8, %xmm9
+ pxor %xmm11, %xmm9
+ movdqa %xmm9, %xmm10
+ movdqa %xmm11, %xmm0
+ pslldq $8, %xmm10
+ psrldq $8, %xmm9
+ pxor %xmm10, %xmm8
+ pxor %xmm9, %xmm0
+ movdqa %xmm8, %xmm12
+ movdqa %xmm8, %xmm13
+ movdqa %xmm8, %xmm14
+ pslld $31, %xmm12
+ pslld $30, %xmm13
+ pslld $25, %xmm14
+ pxor %xmm13, %xmm12
+ pxor %xmm14, %xmm12
+ movdqa %xmm12, %xmm13
+ psrldq $4, %xmm13
+ pslldq $12, %xmm12
+ pxor %xmm12, %xmm8
+ movdqa %xmm8, %xmm14
+ movdqa %xmm8, %xmm10
+ movdqa %xmm8, %xmm9
+ psrld $0x01, %xmm14
+ psrld $2, %xmm10
+ psrld $7, %xmm9
+ pxor %xmm10, %xmm14
+ pxor %xmm9, %xmm14
+ pxor %xmm13, %xmm14
+ pxor %xmm8, %xmm14
+ pxor %xmm14, %xmm0
+ movdqa %xmm0, 16(%rsp)
+ # H ^ 3
+ pshufd $0x4e, %xmm5, %xmm9
+ pshufd $0x4e, %xmm0, %xmm10
+ movdqa %xmm0, %xmm11
+ movdqa %xmm0, %xmm8
+ pclmulqdq $0x11, %xmm5, %xmm11
+ pclmulqdq $0x00, %xmm5, %xmm8
+ pxor %xmm5, %xmm9
+ pxor %xmm0, %xmm10
+ pclmulqdq $0x00, %xmm10, %xmm9
+ pxor %xmm8, %xmm9
+ pxor %xmm11, %xmm9
+ movdqa %xmm9, %xmm10
+ movdqa %xmm11, %xmm1
+ pslldq $8, %xmm10
+ psrldq $8, %xmm9
+ pxor %xmm10, %xmm8
+ pxor %xmm9, %xmm1
+ movdqa %xmm8, %xmm12
+ movdqa %xmm8, %xmm13
+ movdqa %xmm8, %xmm14
+ pslld $31, %xmm12
+ pslld $30, %xmm13
+ pslld $25, %xmm14
+ pxor %xmm13, %xmm12
+ pxor %xmm14, %xmm12
+ movdqa %xmm12, %xmm13
+ psrldq $4, %xmm13
+ pslldq $12, %xmm12
+ pxor %xmm12, %xmm8
+ movdqa %xmm8, %xmm14
+ movdqa %xmm8, %xmm10
+ movdqa %xmm8, %xmm9
+ psrld $0x01, %xmm14
+ psrld $2, %xmm10
+ psrld $7, %xmm9
+ pxor %xmm10, %xmm14
+ pxor %xmm9, %xmm14
+ pxor %xmm13, %xmm14
+ pxor %xmm8, %xmm14
+ pxor %xmm14, %xmm1
+ movdqa %xmm1, 32(%rsp)
+ # H ^ 4
+ pshufd $0x4e, %xmm0, %xmm9
+ pshufd $0x4e, %xmm0, %xmm10
+ movdqa %xmm0, %xmm11
+ movdqa %xmm0, %xmm8
+ pclmulqdq $0x11, %xmm0, %xmm11
+ pclmulqdq $0x00, %xmm0, %xmm8
+ pxor %xmm0, %xmm9
+ pxor %xmm0, %xmm10
+ pclmulqdq $0x00, %xmm10, %xmm9
+ pxor %xmm8, %xmm9
+ pxor %xmm11, %xmm9
+ movdqa %xmm9, %xmm10
+ movdqa %xmm11, %xmm3
+ pslldq $8, %xmm10
+ psrldq $8, %xmm9
+ pxor %xmm10, %xmm8
+ pxor %xmm9, %xmm3
+ movdqa %xmm8, %xmm12
+ movdqa %xmm8, %xmm13
+ movdqa %xmm8, %xmm14
+ pslld $31, %xmm12
+ pslld $30, %xmm13
+ pslld $25, %xmm14
+ pxor %xmm13, %xmm12
+ pxor %xmm14, %xmm12
+ movdqa %xmm12, %xmm13
+ psrldq $4, %xmm13
+ pslldq $12, %xmm12
+ pxor %xmm12, %xmm8
+ movdqa %xmm8, %xmm14
+ movdqa %xmm8, %xmm10
+ movdqa %xmm8, %xmm9
+ psrld $0x01, %xmm14
+ psrld $2, %xmm10
+ psrld $7, %xmm9
+ pxor %xmm10, %xmm14
+ pxor %xmm9, %xmm14
+ pxor %xmm13, %xmm14
+ pxor %xmm8, %xmm14
+ pxor %xmm14, %xmm3
+ movdqa %xmm3, 48(%rsp)
+ # H ^ 5
+ pshufd $0x4e, %xmm0, %xmm9
+ pshufd $0x4e, %xmm1, %xmm10
+ movdqa %xmm1, %xmm11
+ movdqa %xmm1, %xmm8
+ pclmulqdq $0x11, %xmm0, %xmm11
+ pclmulqdq $0x00, %xmm0, %xmm8
+ pxor %xmm0, %xmm9
+ pxor %xmm1, %xmm10
+ pclmulqdq $0x00, %xmm10, %xmm9
+ pxor %xmm8, %xmm9
+ pxor %xmm11, %xmm9
+ movdqa %xmm9, %xmm10
+ movdqa %xmm11, %xmm7
+ pslldq $8, %xmm10
+ psrldq $8, %xmm9
+ pxor %xmm10, %xmm8
+ pxor %xmm9, %xmm7
+ movdqa %xmm8, %xmm12
+ movdqa %xmm8, %xmm13
+ movdqa %xmm8, %xmm14
+ pslld $31, %xmm12
+ pslld $30, %xmm13
+ pslld $25, %xmm14
+ pxor %xmm13, %xmm12
+ pxor %xmm14, %xmm12
+ movdqa %xmm12, %xmm13
+ psrldq $4, %xmm13
+ pslldq $12, %xmm12
+ pxor %xmm12, %xmm8
+ movdqa %xmm8, %xmm14
+ movdqa %xmm8, %xmm10
+ movdqa %xmm8, %xmm9
+ psrld $0x01, %xmm14
+ psrld $2, %xmm10
+ psrld $7, %xmm9
+ pxor %xmm10, %xmm14
+ pxor %xmm9, %xmm14
+ pxor %xmm13, %xmm14
+ pxor %xmm8, %xmm14
+ pxor %xmm14, %xmm7
+ movdqa %xmm7, 64(%rsp)
+ # H ^ 6
+ pshufd $0x4e, %xmm1, %xmm9
+ pshufd $0x4e, %xmm1, %xmm10
+ movdqa %xmm1, %xmm11
+ movdqa %xmm1, %xmm8
+ pclmulqdq $0x11, %xmm1, %xmm11
+ pclmulqdq $0x00, %xmm1, %xmm8
+ pxor %xmm1, %xmm9
+ pxor %xmm1, %xmm10
+ pclmulqdq $0x00, %xmm10, %xmm9
+ pxor %xmm8, %xmm9
+ pxor %xmm11, %xmm9
+ movdqa %xmm9, %xmm10
+ movdqa %xmm11, %xmm7
+ pslldq $8, %xmm10
+ psrldq $8, %xmm9
+ pxor %xmm10, %xmm8
+ pxor %xmm9, %xmm7
+ movdqa %xmm8, %xmm12
+ movdqa %xmm8, %xmm13
+ movdqa %xmm8, %xmm14
+ pslld $31, %xmm12
+ pslld $30, %xmm13
+ pslld $25, %xmm14
+ pxor %xmm13, %xmm12
+ pxor %xmm14, %xmm12
+ movdqa %xmm12, %xmm13
+ psrldq $4, %xmm13
+ pslldq $12, %xmm12
+ pxor %xmm12, %xmm8
+ movdqa %xmm8, %xmm14
+ movdqa %xmm8, %xmm10
+ movdqa %xmm8, %xmm9
+ psrld $0x01, %xmm14
+ psrld $2, %xmm10
+ psrld $7, %xmm9
+ pxor %xmm10, %xmm14
+ pxor %xmm9, %xmm14
+ pxor %xmm13, %xmm14
+ pxor %xmm8, %xmm14
+ pxor %xmm14, %xmm7
+ movdqa %xmm7, 80(%rsp)
+ # H ^ 7
+ pshufd $0x4e, %xmm1, %xmm9
+ pshufd $0x4e, %xmm3, %xmm10
+ movdqa %xmm3, %xmm11
+ movdqa %xmm3, %xmm8
+ pclmulqdq $0x11, %xmm1, %xmm11
+ pclmulqdq $0x00, %xmm1, %xmm8
+ pxor %xmm1, %xmm9
+ pxor %xmm3, %xmm10
+ pclmulqdq $0x00, %xmm10, %xmm9
+ pxor %xmm8, %xmm9
+ pxor %xmm11, %xmm9
+ movdqa %xmm9, %xmm10
+ movdqa %xmm11, %xmm7
+ pslldq $8, %xmm10
+ psrldq $8, %xmm9
+ pxor %xmm10, %xmm8
+ pxor %xmm9, %xmm7
+ movdqa %xmm8, %xmm12
+ movdqa %xmm8, %xmm13
+ movdqa %xmm8, %xmm14
+ pslld $31, %xmm12
+ pslld $30, %xmm13
+ pslld $25, %xmm14
+ pxor %xmm13, %xmm12
+ pxor %xmm14, %xmm12
+ movdqa %xmm12, %xmm13
+ psrldq $4, %xmm13
+ pslldq $12, %xmm12
+ pxor %xmm12, %xmm8
+ movdqa %xmm8, %xmm14
+ movdqa %xmm8, %xmm10
+ movdqa %xmm8, %xmm9
+ psrld $0x01, %xmm14
+ psrld $2, %xmm10
+ psrld $7, %xmm9
+ pxor %xmm10, %xmm14
+ pxor %xmm9, %xmm14
+ pxor %xmm13, %xmm14
+ pxor %xmm8, %xmm14
+ pxor %xmm14, %xmm7
+ movdqa %xmm7, 96(%rsp)
+ # H ^ 8
+ pshufd $0x4e, %xmm3, %xmm9
+ pshufd $0x4e, %xmm3, %xmm10
+ movdqa %xmm3, %xmm11
+ movdqa %xmm3, %xmm8
+ pclmulqdq $0x11, %xmm3, %xmm11
+ pclmulqdq $0x00, %xmm3, %xmm8
+ pxor %xmm3, %xmm9
+ pxor %xmm3, %xmm10
+ pclmulqdq $0x00, %xmm10, %xmm9
+ pxor %xmm8, %xmm9
+ pxor %xmm11, %xmm9
+ movdqa %xmm9, %xmm10
+ movdqa %xmm11, %xmm7
+ pslldq $8, %xmm10
+ psrldq $8, %xmm9
+ pxor %xmm10, %xmm8
+ pxor %xmm9, %xmm7
+ movdqa %xmm8, %xmm12
+ movdqa %xmm8, %xmm13
+ movdqa %xmm8, %xmm14
+ pslld $31, %xmm12
+ pslld $30, %xmm13
+ pslld $25, %xmm14
+ pxor %xmm13, %xmm12
+ pxor %xmm14, %xmm12
+ movdqa %xmm12, %xmm13
+ psrldq $4, %xmm13
+ pslldq $12, %xmm12
+ pxor %xmm12, %xmm8
+ movdqa %xmm8, %xmm14
+ movdqa %xmm8, %xmm10
+ movdqa %xmm8, %xmm9
+ psrld $0x01, %xmm14
+ psrld $2, %xmm10
+ psrld $7, %xmm9
+ pxor %xmm10, %xmm14
+ pxor %xmm9, %xmm14
+ pxor %xmm13, %xmm14
+ pxor %xmm8, %xmm14
+ pxor %xmm14, %xmm7
+ movdqa %xmm7, 112(%rsp)
+ # First 128 bytes of input
+ movdqa (%r12), %xmm8
+ movdqa L_aes_gcm_bswap_epi64(%rip), %xmm1
+ movdqa %xmm8, %xmm0
+ pshufb %xmm1, %xmm8
+ movdqa %xmm0, %xmm9
+ paddd L_aes_gcm_one(%rip), %xmm9
+ pshufb %xmm1, %xmm9
+ movdqa %xmm0, %xmm10
+ paddd L_aes_gcm_two(%rip), %xmm10
+ pshufb %xmm1, %xmm10
+ movdqa %xmm0, %xmm11
+ paddd L_aes_gcm_three(%rip), %xmm11
+ pshufb %xmm1, %xmm11
+ movdqa %xmm0, %xmm12
+ paddd L_aes_gcm_four(%rip), %xmm12
+ pshufb %xmm1, %xmm12
+ movdqa %xmm0, %xmm13
+ paddd L_aes_gcm_five(%rip), %xmm13
+ pshufb %xmm1, %xmm13
+ movdqa %xmm0, %xmm14
+ paddd L_aes_gcm_six(%rip), %xmm14
+ pshufb %xmm1, %xmm14
+ movdqa %xmm0, %xmm15
+ paddd L_aes_gcm_seven(%rip), %xmm15
+ pshufb %xmm1, %xmm15
+ paddd L_aes_gcm_eight(%rip), %xmm0
+ movdqa (%rdi), %xmm7
+ movdqa %xmm0, (%r12)
+ pxor %xmm7, %xmm8
+ pxor %xmm7, %xmm9
+ pxor %xmm7, %xmm10
+ pxor %xmm7, %xmm11
+ pxor %xmm7, %xmm12
+ pxor %xmm7, %xmm13
+ pxor %xmm7, %xmm14
+ pxor %xmm7, %xmm15
+ movdqa 16(%rdi), %xmm7
+ aesenc %xmm7, %xmm8
+ aesenc %xmm7, %xmm9
+ aesenc %xmm7, %xmm10
+ aesenc %xmm7, %xmm11
+ aesenc %xmm7, %xmm12
+ aesenc %xmm7, %xmm13
+ aesenc %xmm7, %xmm14
+ aesenc %xmm7, %xmm15
+ movdqa 32(%rdi), %xmm7
+ aesenc %xmm7, %xmm8
+ aesenc %xmm7, %xmm9
+ aesenc %xmm7, %xmm10
+ aesenc %xmm7, %xmm11
+ aesenc %xmm7, %xmm12
+ aesenc %xmm7, %xmm13
+ aesenc %xmm7, %xmm14
+ aesenc %xmm7, %xmm15
+ movdqa 48(%rdi), %xmm7
+ aesenc %xmm7, %xmm8
+ aesenc %xmm7, %xmm9
+ aesenc %xmm7, %xmm10
+ aesenc %xmm7, %xmm11
+ aesenc %xmm7, %xmm12
+ aesenc %xmm7, %xmm13
+ aesenc %xmm7, %xmm14
+ aesenc %xmm7, %xmm15
+ movdqa 64(%rdi), %xmm7
+ aesenc %xmm7, %xmm8
+ aesenc %xmm7, %xmm9
+ aesenc %xmm7, %xmm10
+ aesenc %xmm7, %xmm11
+ aesenc %xmm7, %xmm12
+ aesenc %xmm7, %xmm13
+ aesenc %xmm7, %xmm14
+ aesenc %xmm7, %xmm15
+ movdqa 80(%rdi), %xmm7
+ aesenc %xmm7, %xmm8
+ aesenc %xmm7, %xmm9
+ aesenc %xmm7, %xmm10
+ aesenc %xmm7, %xmm11
+ aesenc %xmm7, %xmm12
+ aesenc %xmm7, %xmm13
+ aesenc %xmm7, %xmm14
+ aesenc %xmm7, %xmm15
+ movdqa 96(%rdi), %xmm7
+ aesenc %xmm7, %xmm8
+ aesenc %xmm7, %xmm9
+ aesenc %xmm7, %xmm10
+ aesenc %xmm7, %xmm11
+ aesenc %xmm7, %xmm12
+ aesenc %xmm7, %xmm13
+ aesenc %xmm7, %xmm14
+ aesenc %xmm7, %xmm15
+ movdqa 112(%rdi), %xmm7
+ aesenc %xmm7, %xmm8
+ aesenc %xmm7, %xmm9
+ aesenc %xmm7, %xmm10
+ aesenc %xmm7, %xmm11
+ aesenc %xmm7, %xmm12
+ aesenc %xmm7, %xmm13
+ aesenc %xmm7, %xmm14
+ aesenc %xmm7, %xmm15
+ movdqa 128(%rdi), %xmm7
+ aesenc %xmm7, %xmm8
+ aesenc %xmm7, %xmm9
+ aesenc %xmm7, %xmm10
+ aesenc %xmm7, %xmm11
+ aesenc %xmm7, %xmm12
+ aesenc %xmm7, %xmm13
+ aesenc %xmm7, %xmm14
+ aesenc %xmm7, %xmm15
+ movdqa 144(%rdi), %xmm7
+ aesenc %xmm7, %xmm8
+ aesenc %xmm7, %xmm9
+ aesenc %xmm7, %xmm10
+ aesenc %xmm7, %xmm11
+ aesenc %xmm7, %xmm12
+ aesenc %xmm7, %xmm13
+ aesenc %xmm7, %xmm14
+ aesenc %xmm7, %xmm15
+ cmpl $11, %esi
+ movdqa 160(%rdi), %xmm7
+ jl L_AES_GCM_encrypt_update_aesni_enc_done
+ aesenc %xmm7, %xmm8
+ aesenc %xmm7, %xmm9
+ aesenc %xmm7, %xmm10
+ aesenc %xmm7, %xmm11
+ aesenc %xmm7, %xmm12
+ aesenc %xmm7, %xmm13
+ aesenc %xmm7, %xmm14
+ aesenc %xmm7, %xmm15
+ movdqa 176(%rdi), %xmm7
+ aesenc %xmm7, %xmm8
+ aesenc %xmm7, %xmm9
+ aesenc %xmm7, %xmm10
+ aesenc %xmm7, %xmm11
+ aesenc %xmm7, %xmm12
+ aesenc %xmm7, %xmm13
+ aesenc %xmm7, %xmm14
+ aesenc %xmm7, %xmm15
+ cmpl $13, %esi
+ movdqa 192(%rdi), %xmm7
+ jl L_AES_GCM_encrypt_update_aesni_enc_done
+ aesenc %xmm7, %xmm8
+ aesenc %xmm7, %xmm9
+ aesenc %xmm7, %xmm10
+ aesenc %xmm7, %xmm11
+ aesenc %xmm7, %xmm12
+ aesenc %xmm7, %xmm13
+ aesenc %xmm7, %xmm14
+ aesenc %xmm7, %xmm15
+ movdqa 208(%rdi), %xmm7
+ aesenc %xmm7, %xmm8
+ aesenc %xmm7, %xmm9
+ aesenc %xmm7, %xmm10
+ aesenc %xmm7, %xmm11
+ aesenc %xmm7, %xmm12
+ aesenc %xmm7, %xmm13
+ aesenc %xmm7, %xmm14
+ aesenc %xmm7, %xmm15
+ movdqa 224(%rdi), %xmm7
+L_AES_GCM_encrypt_update_aesni_enc_done:
+ aesenclast %xmm7, %xmm8
+ aesenclast %xmm7, %xmm9
+ movdqu (%r11), %xmm0
+ movdqu 16(%r11), %xmm1
+ pxor %xmm0, %xmm8
+ pxor %xmm1, %xmm9
+ movdqu %xmm8, (%r10)
+ movdqu %xmm9, 16(%r10)
+ aesenclast %xmm7, %xmm10
+ aesenclast %xmm7, %xmm11
+ movdqu 32(%r11), %xmm0
+ movdqu 48(%r11), %xmm1
+ pxor %xmm0, %xmm10
+ pxor %xmm1, %xmm11
+ movdqu %xmm10, 32(%r10)
+ movdqu %xmm11, 48(%r10)
+ aesenclast %xmm7, %xmm12
+ aesenclast %xmm7, %xmm13
+ movdqu 64(%r11), %xmm0
+ movdqu 80(%r11), %xmm1
+ pxor %xmm0, %xmm12
+ pxor %xmm1, %xmm13
+ movdqu %xmm12, 64(%r10)
+ movdqu %xmm13, 80(%r10)
+ aesenclast %xmm7, %xmm14
+ aesenclast %xmm7, %xmm15
+ movdqu 96(%r11), %xmm0
+ movdqu 112(%r11), %xmm1
+ pxor %xmm0, %xmm14
+ pxor %xmm1, %xmm15
+ movdqu %xmm14, 96(%r10)
+ movdqu %xmm15, 112(%r10)
+ cmpl $0x80, %r13d
+ movl $0x80, %r14d
+ jle L_AES_GCM_encrypt_update_aesni_end_128
+ # More 128 bytes of input
+L_AES_GCM_encrypt_update_aesni_ghash_128:
+ leaq (%r11,%r14,1), %rcx
+ leaq (%r10,%r14,1), %rdx
+ movdqa (%r12), %xmm8
+ movdqa L_aes_gcm_bswap_epi64(%rip), %xmm1
+ movdqa %xmm8, %xmm0
+ pshufb %xmm1, %xmm8
+ movdqa %xmm0, %xmm9
+ paddd L_aes_gcm_one(%rip), %xmm9
+ pshufb %xmm1, %xmm9
+ movdqa %xmm0, %xmm10
+ paddd L_aes_gcm_two(%rip), %xmm10
+ pshufb %xmm1, %xmm10
+ movdqa %xmm0, %xmm11
+ paddd L_aes_gcm_three(%rip), %xmm11
+ pshufb %xmm1, %xmm11
+ movdqa %xmm0, %xmm12
+ paddd L_aes_gcm_four(%rip), %xmm12
+ pshufb %xmm1, %xmm12
+ movdqa %xmm0, %xmm13
+ paddd L_aes_gcm_five(%rip), %xmm13
+ pshufb %xmm1, %xmm13
+ movdqa %xmm0, %xmm14
+ paddd L_aes_gcm_six(%rip), %xmm14
+ pshufb %xmm1, %xmm14
+ movdqa %xmm0, %xmm15
+ paddd L_aes_gcm_seven(%rip), %xmm15
+ pshufb %xmm1, %xmm15
+ paddd L_aes_gcm_eight(%rip), %xmm0
+ movdqa (%rdi), %xmm7
+ movdqa %xmm0, (%r12)
+ pxor %xmm7, %xmm8
+ pxor %xmm7, %xmm9
+ pxor %xmm7, %xmm10
+ pxor %xmm7, %xmm11
+ pxor %xmm7, %xmm12
+ pxor %xmm7, %xmm13
+ pxor %xmm7, %xmm14
+ pxor %xmm7, %xmm15
+ movdqa 112(%rsp), %xmm7
+ movdqu -128(%rdx), %xmm0
+ aesenc 16(%rdi), %xmm8
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm0
+ pxor %xmm2, %xmm0
+ pshufd $0x4e, %xmm7, %xmm1
+ pshufd $0x4e, %xmm0, %xmm5
+ pxor %xmm7, %xmm1
+ pxor %xmm0, %xmm5
+ movdqa %xmm0, %xmm3
+ pclmulqdq $0x11, %xmm7, %xmm3
+ aesenc 16(%rdi), %xmm9
+ aesenc 16(%rdi), %xmm10
+ movdqa %xmm0, %xmm2
+ pclmulqdq $0x00, %xmm7, %xmm2
+ aesenc 16(%rdi), %xmm11
+ aesenc 16(%rdi), %xmm12
+ pclmulqdq $0x00, %xmm5, %xmm1
+ aesenc 16(%rdi), %xmm13
+ aesenc 16(%rdi), %xmm14
+ aesenc 16(%rdi), %xmm15
+ pxor %xmm2, %xmm1
+ pxor %xmm3, %xmm1
+ movdqa 96(%rsp), %xmm7
+ movdqu -112(%rdx), %xmm0
+ pshufd $0x4e, %xmm7, %xmm4
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm0
+ aesenc 32(%rdi), %xmm8
+ pxor %xmm7, %xmm4
+ pshufd $0x4e, %xmm0, %xmm5
+ pxor %xmm0, %xmm5
+ movdqa %xmm0, %xmm6
+ pclmulqdq $0x11, %xmm7, %xmm6
+ aesenc 32(%rdi), %xmm9
+ aesenc 32(%rdi), %xmm10
+ pclmulqdq $0x00, %xmm0, %xmm7
+ aesenc 32(%rdi), %xmm11
+ aesenc 32(%rdi), %xmm12
+ pclmulqdq $0x00, %xmm5, %xmm4
+ aesenc 32(%rdi), %xmm13
+ aesenc 32(%rdi), %xmm14
+ aesenc 32(%rdi), %xmm15
+ pxor %xmm7, %xmm1
+ pxor %xmm7, %xmm2
+ pxor %xmm6, %xmm1
+ pxor %xmm6, %xmm3
+ pxor %xmm4, %xmm1
+ movdqa 80(%rsp), %xmm7
+ movdqu -96(%rdx), %xmm0
+ pshufd $0x4e, %xmm7, %xmm4
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm0
+ aesenc 48(%rdi), %xmm8
+ pxor %xmm7, %xmm4
+ pshufd $0x4e, %xmm0, %xmm5
+ pxor %xmm0, %xmm5
+ movdqa %xmm0, %xmm6
+ pclmulqdq $0x11, %xmm7, %xmm6
+ aesenc 48(%rdi), %xmm9
+ aesenc 48(%rdi), %xmm10
+ pclmulqdq $0x00, %xmm0, %xmm7
+ aesenc 48(%rdi), %xmm11
+ aesenc 48(%rdi), %xmm12
+ pclmulqdq $0x00, %xmm5, %xmm4
+ aesenc 48(%rdi), %xmm13
+ aesenc 48(%rdi), %xmm14
+ aesenc 48(%rdi), %xmm15
+ pxor %xmm7, %xmm1
+ pxor %xmm7, %xmm2
+ pxor %xmm6, %xmm1
+ pxor %xmm6, %xmm3
+ pxor %xmm4, %xmm1
+ movdqa 64(%rsp), %xmm7
+ movdqu -80(%rdx), %xmm0
+ pshufd $0x4e, %xmm7, %xmm4
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm0
+ aesenc 64(%rdi), %xmm8
+ pxor %xmm7, %xmm4
+ pshufd $0x4e, %xmm0, %xmm5
+ pxor %xmm0, %xmm5
+ movdqa %xmm0, %xmm6
+ pclmulqdq $0x11, %xmm7, %xmm6
+ aesenc 64(%rdi), %xmm9
+ aesenc 64(%rdi), %xmm10
+ pclmulqdq $0x00, %xmm0, %xmm7
+ aesenc 64(%rdi), %xmm11
+ aesenc 64(%rdi), %xmm12
+ pclmulqdq $0x00, %xmm5, %xmm4
+ aesenc 64(%rdi), %xmm13
+ aesenc 64(%rdi), %xmm14
+ aesenc 64(%rdi), %xmm15
+ pxor %xmm7, %xmm1
+ pxor %xmm7, %xmm2
+ pxor %xmm6, %xmm1
+ pxor %xmm6, %xmm3
+ pxor %xmm4, %xmm1
+ movdqa 48(%rsp), %xmm7
+ movdqu -64(%rdx), %xmm0
+ pshufd $0x4e, %xmm7, %xmm4
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm0
+ aesenc 80(%rdi), %xmm8
+ pxor %xmm7, %xmm4
+ pshufd $0x4e, %xmm0, %xmm5
+ pxor %xmm0, %xmm5
+ movdqa %xmm0, %xmm6
+ pclmulqdq $0x11, %xmm7, %xmm6
+ aesenc 80(%rdi), %xmm9
+ aesenc 80(%rdi), %xmm10
+ pclmulqdq $0x00, %xmm0, %xmm7
+ aesenc 80(%rdi), %xmm11
+ aesenc 80(%rdi), %xmm12
+ pclmulqdq $0x00, %xmm5, %xmm4
+ aesenc 80(%rdi), %xmm13
+ aesenc 80(%rdi), %xmm14
+ aesenc 80(%rdi), %xmm15
+ pxor %xmm7, %xmm1
+ pxor %xmm7, %xmm2
+ pxor %xmm6, %xmm1
+ pxor %xmm6, %xmm3
+ pxor %xmm4, %xmm1
+ movdqa 32(%rsp), %xmm7
+ movdqu -48(%rdx), %xmm0
+ pshufd $0x4e, %xmm7, %xmm4
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm0
+ aesenc 96(%rdi), %xmm8
+ pxor %xmm7, %xmm4
+ pshufd $0x4e, %xmm0, %xmm5
+ pxor %xmm0, %xmm5
+ movdqa %xmm0, %xmm6
+ pclmulqdq $0x11, %xmm7, %xmm6
+ aesenc 96(%rdi), %xmm9
+ aesenc 96(%rdi), %xmm10
+ pclmulqdq $0x00, %xmm0, %xmm7
+ aesenc 96(%rdi), %xmm11
+ aesenc 96(%rdi), %xmm12
+ pclmulqdq $0x00, %xmm5, %xmm4
+ aesenc 96(%rdi), %xmm13
+ aesenc 96(%rdi), %xmm14
+ aesenc 96(%rdi), %xmm15
+ pxor %xmm7, %xmm1
+ pxor %xmm7, %xmm2
+ pxor %xmm6, %xmm1
+ pxor %xmm6, %xmm3
+ pxor %xmm4, %xmm1
+ movdqa 16(%rsp), %xmm7
+ movdqu -32(%rdx), %xmm0
+ pshufd $0x4e, %xmm7, %xmm4
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm0
+ aesenc 112(%rdi), %xmm8
+ pxor %xmm7, %xmm4
+ pshufd $0x4e, %xmm0, %xmm5
+ pxor %xmm0, %xmm5
+ movdqa %xmm0, %xmm6
+ pclmulqdq $0x11, %xmm7, %xmm6
+ aesenc 112(%rdi), %xmm9
+ aesenc 112(%rdi), %xmm10
+ pclmulqdq $0x00, %xmm0, %xmm7
+ aesenc 112(%rdi), %xmm11
+ aesenc 112(%rdi), %xmm12
+ pclmulqdq $0x00, %xmm5, %xmm4
+ aesenc 112(%rdi), %xmm13
+ aesenc 112(%rdi), %xmm14
+ aesenc 112(%rdi), %xmm15
+ pxor %xmm7, %xmm1
+ pxor %xmm7, %xmm2
+ pxor %xmm6, %xmm1
+ pxor %xmm6, %xmm3
+ pxor %xmm4, %xmm1
+ movdqa (%rsp), %xmm7
+ movdqu -16(%rdx), %xmm0
+ pshufd $0x4e, %xmm7, %xmm4
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm0
+ aesenc 128(%rdi), %xmm8
+ pxor %xmm7, %xmm4
+ pshufd $0x4e, %xmm0, %xmm5
+ pxor %xmm0, %xmm5
+ movdqa %xmm0, %xmm6
+ pclmulqdq $0x11, %xmm7, %xmm6
+ aesenc 128(%rdi), %xmm9
+ aesenc 128(%rdi), %xmm10
+ pclmulqdq $0x00, %xmm0, %xmm7
+ aesenc 128(%rdi), %xmm11
+ aesenc 128(%rdi), %xmm12
+ pclmulqdq $0x00, %xmm5, %xmm4
+ aesenc 128(%rdi), %xmm13
+ aesenc 128(%rdi), %xmm14
+ aesenc 128(%rdi), %xmm15
+ pxor %xmm7, %xmm1
+ pxor %xmm7, %xmm2
+ pxor %xmm6, %xmm1
+ pxor %xmm6, %xmm3
+ pxor %xmm4, %xmm1
+ movdqa %xmm1, %xmm5
+ psrldq $8, %xmm1
+ pslldq $8, %xmm5
+ aesenc 144(%rdi), %xmm8
+ pxor %xmm5, %xmm2
+ pxor %xmm1, %xmm3
+ movdqa %xmm2, %xmm7
+ movdqa %xmm2, %xmm4
+ movdqa %xmm2, %xmm5
+ aesenc 144(%rdi), %xmm9
+ pslld $31, %xmm7
+ pslld $30, %xmm4
+ pslld $25, %xmm5
+ aesenc 144(%rdi), %xmm10
+ pxor %xmm4, %xmm7
+ pxor %xmm5, %xmm7
+ aesenc 144(%rdi), %xmm11
+ movdqa %xmm7, %xmm4
+ pslldq $12, %xmm7
+ psrldq $4, %xmm4
+ aesenc 144(%rdi), %xmm12
+ pxor %xmm7, %xmm2
+ movdqa %xmm2, %xmm5
+ movdqa %xmm2, %xmm1
+ movdqa %xmm2, %xmm0
+ aesenc 144(%rdi), %xmm13
+ psrld $0x01, %xmm5
+ psrld $2, %xmm1
+ psrld $7, %xmm0
+ aesenc 144(%rdi), %xmm14
+ pxor %xmm1, %xmm5
+ pxor %xmm0, %xmm5
+ aesenc 144(%rdi), %xmm15
+ pxor %xmm4, %xmm5
+ pxor %xmm5, %xmm2
+ pxor %xmm3, %xmm2
+ cmpl $11, %esi
+ movdqa 160(%rdi), %xmm7
+ jl L_AES_GCM_encrypt_update_aesni_aesenc_128_ghash_avx_done
+ aesenc %xmm7, %xmm8
+ aesenc %xmm7, %xmm9
+ aesenc %xmm7, %xmm10
+ aesenc %xmm7, %xmm11
+ aesenc %xmm7, %xmm12
+ aesenc %xmm7, %xmm13
+ aesenc %xmm7, %xmm14
+ aesenc %xmm7, %xmm15
+ movdqa 176(%rdi), %xmm7
+ aesenc %xmm7, %xmm8
+ aesenc %xmm7, %xmm9
+ aesenc %xmm7, %xmm10
+ aesenc %xmm7, %xmm11
+ aesenc %xmm7, %xmm12
+ aesenc %xmm7, %xmm13
+ aesenc %xmm7, %xmm14
+ aesenc %xmm7, %xmm15
+ cmpl $13, %esi
+ movdqa 192(%rdi), %xmm7
+ jl L_AES_GCM_encrypt_update_aesni_aesenc_128_ghash_avx_done
+ aesenc %xmm7, %xmm8
+ aesenc %xmm7, %xmm9
+ aesenc %xmm7, %xmm10
+ aesenc %xmm7, %xmm11
+ aesenc %xmm7, %xmm12
+ aesenc %xmm7, %xmm13
+ aesenc %xmm7, %xmm14
+ aesenc %xmm7, %xmm15
+ movdqa 208(%rdi), %xmm7
+ aesenc %xmm7, %xmm8
+ aesenc %xmm7, %xmm9
+ aesenc %xmm7, %xmm10
+ aesenc %xmm7, %xmm11
+ aesenc %xmm7, %xmm12
+ aesenc %xmm7, %xmm13
+ aesenc %xmm7, %xmm14
+ aesenc %xmm7, %xmm15
+ movdqa 224(%rdi), %xmm7
+L_AES_GCM_encrypt_update_aesni_aesenc_128_ghash_avx_done:
+ aesenclast %xmm7, %xmm8
+ aesenclast %xmm7, %xmm9
+ movdqu (%rcx), %xmm0
+ movdqu 16(%rcx), %xmm1
+ pxor %xmm0, %xmm8
+ pxor %xmm1, %xmm9
+ movdqu %xmm8, (%rdx)
+ movdqu %xmm9, 16(%rdx)
+ aesenclast %xmm7, %xmm10
+ aesenclast %xmm7, %xmm11
+ movdqu 32(%rcx), %xmm0
+ movdqu 48(%rcx), %xmm1
+ pxor %xmm0, %xmm10
+ pxor %xmm1, %xmm11
+ movdqu %xmm10, 32(%rdx)
+ movdqu %xmm11, 48(%rdx)
+ aesenclast %xmm7, %xmm12
+ aesenclast %xmm7, %xmm13
+ movdqu 64(%rcx), %xmm0
+ movdqu 80(%rcx), %xmm1
+ pxor %xmm0, %xmm12
+ pxor %xmm1, %xmm13
+ movdqu %xmm12, 64(%rdx)
+ movdqu %xmm13, 80(%rdx)
+ aesenclast %xmm7, %xmm14
+ aesenclast %xmm7, %xmm15
+ movdqu 96(%rcx), %xmm0
+ movdqu 112(%rcx), %xmm1
+ pxor %xmm0, %xmm14
+ pxor %xmm1, %xmm15
+ movdqu %xmm14, 96(%rdx)
+ movdqu %xmm15, 112(%rdx)
+ addl $0x80, %r14d
+ cmpl %r13d, %r14d
+ jl L_AES_GCM_encrypt_update_aesni_ghash_128
+L_AES_GCM_encrypt_update_aesni_end_128:
+ movdqa L_aes_gcm_bswap_mask(%rip), %xmm4
+ pshufb %xmm4, %xmm8
+ pshufb %xmm4, %xmm9
+ pshufb %xmm4, %xmm10
+ pshufb %xmm4, %xmm11
+ pxor %xmm2, %xmm8
+ pshufb %xmm4, %xmm12
+ pshufb %xmm4, %xmm13
+ pshufb %xmm4, %xmm14
+ pshufb %xmm4, %xmm15
+ movdqa 112(%rsp), %xmm7
+ pshufd $0x4e, %xmm8, %xmm1
+ pshufd $0x4e, %xmm7, %xmm2
+ movdqa %xmm7, %xmm3
+ movdqa %xmm7, %xmm0
+ pclmulqdq $0x11, %xmm8, %xmm3
+ pclmulqdq $0x00, %xmm8, %xmm0
+ pxor %xmm8, %xmm1
+ pxor %xmm7, %xmm2
+ pclmulqdq $0x00, %xmm2, %xmm1
+ pxor %xmm0, %xmm1
+ pxor %xmm3, %xmm1
+ movdqa %xmm1, %xmm2
+ movdqa %xmm0, %xmm4
+ movdqa %xmm3, %xmm6
+ pslldq $8, %xmm2
+ psrldq $8, %xmm1
+ pxor %xmm2, %xmm4
+ pxor %xmm1, %xmm6
+ movdqa 96(%rsp), %xmm7
+ pshufd $0x4e, %xmm9, %xmm1
+ pshufd $0x4e, %xmm7, %xmm2
+ movdqa %xmm7, %xmm3
+ movdqa %xmm7, %xmm0
+ pclmulqdq $0x11, %xmm9, %xmm3
+ pclmulqdq $0x00, %xmm9, %xmm0
+ pxor %xmm9, %xmm1
+ pxor %xmm7, %xmm2
+ pclmulqdq $0x00, %xmm2, %xmm1
+ pxor %xmm0, %xmm1
+ pxor %xmm3, %xmm1
+ movdqa %xmm1, %xmm2
+ pxor %xmm0, %xmm4
+ pxor %xmm3, %xmm6
+ pslldq $8, %xmm2
+ psrldq $8, %xmm1
+ pxor %xmm2, %xmm4
+ pxor %xmm1, %xmm6
+ movdqa 80(%rsp), %xmm7
+ pshufd $0x4e, %xmm10, %xmm1
+ pshufd $0x4e, %xmm7, %xmm2
+ movdqa %xmm7, %xmm3
+ movdqa %xmm7, %xmm0
+ pclmulqdq $0x11, %xmm10, %xmm3
+ pclmulqdq $0x00, %xmm10, %xmm0
+ pxor %xmm10, %xmm1
+ pxor %xmm7, %xmm2
+ pclmulqdq $0x00, %xmm2, %xmm1
+ pxor %xmm0, %xmm1
+ pxor %xmm3, %xmm1
+ movdqa %xmm1, %xmm2
+ pxor %xmm0, %xmm4
+ pxor %xmm3, %xmm6
+ pslldq $8, %xmm2
+ psrldq $8, %xmm1
+ pxor %xmm2, %xmm4
+ pxor %xmm1, %xmm6
+ movdqa 64(%rsp), %xmm7
+ pshufd $0x4e, %xmm11, %xmm1
+ pshufd $0x4e, %xmm7, %xmm2
+ movdqa %xmm7, %xmm3
+ movdqa %xmm7, %xmm0
+ pclmulqdq $0x11, %xmm11, %xmm3
+ pclmulqdq $0x00, %xmm11, %xmm0
+ pxor %xmm11, %xmm1
+ pxor %xmm7, %xmm2
+ pclmulqdq $0x00, %xmm2, %xmm1
+ pxor %xmm0, %xmm1
+ pxor %xmm3, %xmm1
+ movdqa %xmm1, %xmm2
+ pxor %xmm0, %xmm4
+ pxor %xmm3, %xmm6
+ pslldq $8, %xmm2
+ psrldq $8, %xmm1
+ pxor %xmm2, %xmm4
+ pxor %xmm1, %xmm6
+ movdqa 48(%rsp), %xmm7
+ pshufd $0x4e, %xmm12, %xmm1
+ pshufd $0x4e, %xmm7, %xmm2
+ movdqa %xmm7, %xmm3
+ movdqa %xmm7, %xmm0
+ pclmulqdq $0x11, %xmm12, %xmm3
+ pclmulqdq $0x00, %xmm12, %xmm0
+ pxor %xmm12, %xmm1
+ pxor %xmm7, %xmm2
+ pclmulqdq $0x00, %xmm2, %xmm1
+ pxor %xmm0, %xmm1
+ pxor %xmm3, %xmm1
+ movdqa %xmm1, %xmm2
+ pxor %xmm0, %xmm4
+ pxor %xmm3, %xmm6
+ pslldq $8, %xmm2
+ psrldq $8, %xmm1
+ pxor %xmm2, %xmm4
+ pxor %xmm1, %xmm6
+ movdqa 32(%rsp), %xmm7
+ pshufd $0x4e, %xmm13, %xmm1
+ pshufd $0x4e, %xmm7, %xmm2
+ movdqa %xmm7, %xmm3
+ movdqa %xmm7, %xmm0
+ pclmulqdq $0x11, %xmm13, %xmm3
+ pclmulqdq $0x00, %xmm13, %xmm0
+ pxor %xmm13, %xmm1
+ pxor %xmm7, %xmm2
+ pclmulqdq $0x00, %xmm2, %xmm1
+ pxor %xmm0, %xmm1
+ pxor %xmm3, %xmm1
+ movdqa %xmm1, %xmm2
+ pxor %xmm0, %xmm4
+ pxor %xmm3, %xmm6
+ pslldq $8, %xmm2
+ psrldq $8, %xmm1
+ pxor %xmm2, %xmm4
+ pxor %xmm1, %xmm6
+ movdqa 16(%rsp), %xmm7
+ pshufd $0x4e, %xmm14, %xmm1
+ pshufd $0x4e, %xmm7, %xmm2
+ movdqa %xmm7, %xmm3
+ movdqa %xmm7, %xmm0
+ pclmulqdq $0x11, %xmm14, %xmm3
+ pclmulqdq $0x00, %xmm14, %xmm0
+ pxor %xmm14, %xmm1
+ pxor %xmm7, %xmm2
+ pclmulqdq $0x00, %xmm2, %xmm1
+ pxor %xmm0, %xmm1
+ pxor %xmm3, %xmm1
+ movdqa %xmm1, %xmm2
+ pxor %xmm0, %xmm4
+ pxor %xmm3, %xmm6
+ pslldq $8, %xmm2
+ psrldq $8, %xmm1
+ pxor %xmm2, %xmm4
+ pxor %xmm1, %xmm6
+ movdqa (%rsp), %xmm7
+ pshufd $0x4e, %xmm15, %xmm1
+ pshufd $0x4e, %xmm7, %xmm2
+ movdqa %xmm7, %xmm3
+ movdqa %xmm7, %xmm0
+ pclmulqdq $0x11, %xmm15, %xmm3
+ pclmulqdq $0x00, %xmm15, %xmm0
+ pxor %xmm15, %xmm1
+ pxor %xmm7, %xmm2
+ pclmulqdq $0x00, %xmm2, %xmm1
+ pxor %xmm0, %xmm1
+ pxor %xmm3, %xmm1
+ movdqa %xmm1, %xmm2
+ pxor %xmm0, %xmm4
+ pxor %xmm3, %xmm6
+ pslldq $8, %xmm2
+ psrldq $8, %xmm1
+ pxor %xmm2, %xmm4
+ pxor %xmm1, %xmm6
+ movdqa %xmm4, %xmm0
+ movdqa %xmm4, %xmm1
+ movdqa %xmm4, %xmm2
+ pslld $31, %xmm0
+ pslld $30, %xmm1
+ pslld $25, %xmm2
+ pxor %xmm1, %xmm0
+ pxor %xmm2, %xmm0
+ movdqa %xmm0, %xmm1
+ psrldq $4, %xmm1
+ pslldq $12, %xmm0
+ pxor %xmm0, %xmm4
+ movdqa %xmm4, %xmm2
+ movdqa %xmm4, %xmm3
+ movdqa %xmm4, %xmm0
+ psrld $0x01, %xmm2
+ psrld $2, %xmm3
+ psrld $7, %xmm0
+ pxor %xmm3, %xmm2
+ pxor %xmm0, %xmm2
+ pxor %xmm1, %xmm2
+ pxor %xmm4, %xmm2
+ pxor %xmm2, %xmm6
+ movdqa (%rsp), %xmm5
+L_AES_GCM_encrypt_update_aesni_done_128:
+ movl %r8d, %edx
+ cmpl %edx, %r14d
+ jge L_AES_GCM_encrypt_update_aesni_done_enc
+ movl %r8d, %r13d
+ andl $0xfffffff0, %r13d
+ cmpl %r13d, %r14d
+ jge L_AES_GCM_encrypt_update_aesni_last_block_done
+ leaq (%r11,%r14,1), %rcx
+ leaq (%r10,%r14,1), %rdx
+ movdqa (%r12), %xmm8
+ movdqa %xmm8, %xmm9
+ pshufb L_aes_gcm_bswap_epi64(%rip), %xmm8
+ paddd L_aes_gcm_one(%rip), %xmm9
+ pxor (%rdi), %xmm8
+ movdqa %xmm9, (%r12)
+ aesenc 16(%rdi), %xmm8
+ aesenc 32(%rdi), %xmm8
+ aesenc 48(%rdi), %xmm8
+ aesenc 64(%rdi), %xmm8
+ aesenc 80(%rdi), %xmm8
+ aesenc 96(%rdi), %xmm8
+ aesenc 112(%rdi), %xmm8
+ aesenc 128(%rdi), %xmm8
+ aesenc 144(%rdi), %xmm8
+ cmpl $11, %esi
+ movdqa 160(%rdi), %xmm9
+ jl L_AES_GCM_encrypt_update_aesni_aesenc_block_aesenc_avx_last
+ aesenc %xmm9, %xmm8
+ aesenc 176(%rdi), %xmm8
+ cmpl $13, %esi
+ movdqa 192(%rdi), %xmm9
+ jl L_AES_GCM_encrypt_update_aesni_aesenc_block_aesenc_avx_last
+ aesenc %xmm9, %xmm8
+ aesenc 208(%rdi), %xmm8
+ movdqa 224(%rdi), %xmm9
+L_AES_GCM_encrypt_update_aesni_aesenc_block_aesenc_avx_last:
+ aesenclast %xmm9, %xmm8
+ movdqu (%rcx), %xmm9
+ pxor %xmm9, %xmm8
+ movdqu %xmm8, (%rdx)
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm8
+ pxor %xmm8, %xmm6
+ addl $16, %r14d
+ cmpl %r13d, %r14d
+ jge L_AES_GCM_encrypt_update_aesni_last_block_ghash
+L_AES_GCM_encrypt_update_aesni_last_block_start:
+ leaq (%r11,%r14,1), %rcx
+ leaq (%r10,%r14,1), %rdx
+ movdqa (%r12), %xmm8
+ movdqa %xmm8, %xmm9
+ pshufb L_aes_gcm_bswap_epi64(%rip), %xmm8
+ paddd L_aes_gcm_one(%rip), %xmm9
+ pxor (%rdi), %xmm8
+ movdqa %xmm9, (%r12)
+ movdqa %xmm6, %xmm10
+ pclmulqdq $16, %xmm5, %xmm10
+ aesenc 16(%rdi), %xmm8
+ aesenc 32(%rdi), %xmm8
+ movdqa %xmm6, %xmm11
+ pclmulqdq $0x01, %xmm5, %xmm11
+ aesenc 48(%rdi), %xmm8
+ aesenc 64(%rdi), %xmm8
+ movdqa %xmm6, %xmm12
+ pclmulqdq $0x00, %xmm5, %xmm12
+ aesenc 80(%rdi), %xmm8
+ movdqa %xmm6, %xmm1
+ pclmulqdq $0x11, %xmm5, %xmm1
+ aesenc 96(%rdi), %xmm8
+ pxor %xmm11, %xmm10
+ movdqa %xmm10, %xmm2
+ psrldq $8, %xmm10
+ pslldq $8, %xmm2
+ aesenc 112(%rdi), %xmm8
+ movdqa %xmm1, %xmm3
+ pxor %xmm12, %xmm2
+ pxor %xmm10, %xmm3
+ movdqa L_aes_gcm_mod2_128(%rip), %xmm0
+ movdqa %xmm2, %xmm11
+ pclmulqdq $16, %xmm0, %xmm11
+ aesenc 128(%rdi), %xmm8
+ pshufd $0x4e, %xmm2, %xmm10
+ pxor %xmm11, %xmm10
+ movdqa %xmm10, %xmm11
+ pclmulqdq $16, %xmm0, %xmm11
+ aesenc 144(%rdi), %xmm8
+ pshufd $0x4e, %xmm10, %xmm6
+ pxor %xmm11, %xmm6
+ pxor %xmm3, %xmm6
+ cmpl $11, %esi
+ movdqa 160(%rdi), %xmm9
+ jl L_AES_GCM_encrypt_update_aesni_aesenc_gfmul_last
+ aesenc %xmm9, %xmm8
+ aesenc 176(%rdi), %xmm8
+ cmpl $13, %esi
+ movdqa 192(%rdi), %xmm9
+ jl L_AES_GCM_encrypt_update_aesni_aesenc_gfmul_last
+ aesenc %xmm9, %xmm8
+ aesenc 208(%rdi), %xmm8
+ movdqa 224(%rdi), %xmm9
+L_AES_GCM_encrypt_update_aesni_aesenc_gfmul_last:
+ aesenclast %xmm9, %xmm8
+ movdqu (%rcx), %xmm9
+ pxor %xmm9, %xmm8
+ movdqu %xmm8, (%rdx)
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm8
+ pxor %xmm8, %xmm6
+ addl $16, %r14d
+ cmpl %r13d, %r14d
+ jl L_AES_GCM_encrypt_update_aesni_last_block_start
+L_AES_GCM_encrypt_update_aesni_last_block_ghash:
+ pshufd $0x4e, %xmm5, %xmm9
+ pshufd $0x4e, %xmm6, %xmm10
+ movdqa %xmm6, %xmm11
+ movdqa %xmm6, %xmm8
+ pclmulqdq $0x11, %xmm5, %xmm11
+ pclmulqdq $0x00, %xmm5, %xmm8
+ pxor %xmm5, %xmm9
+ pxor %xmm6, %xmm10
+ pclmulqdq $0x00, %xmm10, %xmm9
+ pxor %xmm8, %xmm9
+ pxor %xmm11, %xmm9
+ movdqa %xmm9, %xmm10
+ movdqa %xmm11, %xmm6
+ pslldq $8, %xmm10
+ psrldq $8, %xmm9
+ pxor %xmm10, %xmm8
+ pxor %xmm9, %xmm6
+ movdqa %xmm8, %xmm12
+ movdqa %xmm8, %xmm13
+ movdqa %xmm8, %xmm14
+ pslld $31, %xmm12
+ pslld $30, %xmm13
+ pslld $25, %xmm14
+ pxor %xmm13, %xmm12
+ pxor %xmm14, %xmm12
+ movdqa %xmm12, %xmm13
+ psrldq $4, %xmm13
+ pslldq $12, %xmm12
+ pxor %xmm12, %xmm8
+ movdqa %xmm8, %xmm14
+ movdqa %xmm8, %xmm10
+ movdqa %xmm8, %xmm9
+ psrld $0x01, %xmm14
+ psrld $2, %xmm10
+ psrld $7, %xmm9
+ pxor %xmm10, %xmm14
+ pxor %xmm9, %xmm14
+ pxor %xmm13, %xmm14
+ pxor %xmm8, %xmm14
+ pxor %xmm14, %xmm6
+L_AES_GCM_encrypt_update_aesni_last_block_done:
+L_AES_GCM_encrypt_update_aesni_done_enc:
+ movdqa %xmm6, (%r9)
+ addq $0xa0, %rsp
+ popq %r14
+ popq %r12
+ popq %r13
+ repz retq
+#ifndef __APPLE__
+.size AES_GCM_encrypt_update_aesni,.-AES_GCM_encrypt_update_aesni
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl AES_GCM_encrypt_final_aesni
+.type AES_GCM_encrypt_final_aesni,@function
+.align 16
+AES_GCM_encrypt_final_aesni:
+#else
+.section __TEXT,__text
+.globl _AES_GCM_encrypt_final_aesni
+.p2align 4
+_AES_GCM_encrypt_final_aesni:
+#endif /* __APPLE__ */
+ pushq %r13
+ movq %rdx, %rax
+ movl %ecx, %r10d
+ movl %r8d, %r11d
+ movq 16(%rsp), %r8
+ subq $16, %rsp
+ movdqa (%rdi), %xmm4
+ movdqa (%r9), %xmm5
+ movdqa (%r8), %xmm6
+ movdqa %xmm5, %xmm9
+ movdqa %xmm5, %xmm8
+ psrlq $63, %xmm9
+ psllq $0x01, %xmm8
+ pslldq $8, %xmm9
+ por %xmm9, %xmm8
+ pshufd $0xff, %xmm5, %xmm5
+ psrad $31, %xmm5
+ pand L_aes_gcm_mod2_128(%rip), %xmm5
+ pxor %xmm8, %xmm5
+ movl %r10d, %edx
+ movl %r11d, %ecx
+ shlq $3, %rdx
+ shlq $3, %rcx
+ pinsrq $0x00, %rdx, %xmm0
+ pinsrq $0x01, %rcx, %xmm0
+ pxor %xmm0, %xmm4
+ pshufd $0x4e, %xmm5, %xmm9
+ pshufd $0x4e, %xmm4, %xmm10
+ movdqa %xmm4, %xmm11
+ movdqa %xmm4, %xmm8
+ pclmulqdq $0x11, %xmm5, %xmm11
+ pclmulqdq $0x00, %xmm5, %xmm8
+ pxor %xmm5, %xmm9
+ pxor %xmm4, %xmm10
+ pclmulqdq $0x00, %xmm10, %xmm9
+ pxor %xmm8, %xmm9
+ pxor %xmm11, %xmm9
+ movdqa %xmm9, %xmm10
+ movdqa %xmm11, %xmm4
+ pslldq $8, %xmm10
+ psrldq $8, %xmm9
+ pxor %xmm10, %xmm8
+ pxor %xmm9, %xmm4
+ movdqa %xmm8, %xmm12
+ movdqa %xmm8, %xmm13
+ movdqa %xmm8, %xmm14
+ pslld $31, %xmm12
+ pslld $30, %xmm13
+ pslld $25, %xmm14
+ pxor %xmm13, %xmm12
+ pxor %xmm14, %xmm12
+ movdqa %xmm12, %xmm13
+ psrldq $4, %xmm13
+ pslldq $12, %xmm12
+ pxor %xmm12, %xmm8
+ movdqa %xmm8, %xmm14
+ movdqa %xmm8, %xmm10
+ movdqa %xmm8, %xmm9
+ psrld $0x01, %xmm14
+ psrld $2, %xmm10
+ psrld $7, %xmm9
+ pxor %xmm10, %xmm14
+ pxor %xmm9, %xmm14
+ pxor %xmm13, %xmm14
+ pxor %xmm8, %xmm14
+ pxor %xmm14, %xmm4
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm4
+ movdqa %xmm6, %xmm0
+ pxor %xmm4, %xmm0
+ cmpl $16, %eax
+ je L_AES_GCM_encrypt_final_aesni_store_tag_16
+ xorq %rcx, %rcx
+ movdqa %xmm0, (%rsp)
+L_AES_GCM_encrypt_final_aesni_store_tag_loop:
+ movzbl (%rsp,%rcx,1), %r13d
+ movb %r13b, (%rsi,%rcx,1)
+ incl %ecx
+ cmpl %eax, %ecx
+ jne L_AES_GCM_encrypt_final_aesni_store_tag_loop
+ jmp L_AES_GCM_encrypt_final_aesni_store_tag_done
+L_AES_GCM_encrypt_final_aesni_store_tag_16:
+ movdqu %xmm0, (%rsi)
+L_AES_GCM_encrypt_final_aesni_store_tag_done:
+ addq $16, %rsp
+ popq %r13
+ repz retq
+#ifndef __APPLE__
+.size AES_GCM_encrypt_final_aesni,.-AES_GCM_encrypt_final_aesni
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl AES_GCM_decrypt_update_aesni
+.type AES_GCM_decrypt_update_aesni,@function
+.align 16
+AES_GCM_decrypt_update_aesni:
+#else
+.section __TEXT,__text
+.globl _AES_GCM_decrypt_update_aesni
+.p2align 4
+_AES_GCM_decrypt_update_aesni:
+#endif /* __APPLE__ */
+ pushq %r13
+ pushq %r12
+ pushq %r14
+ pushq %r15
+ movq %rdx, %r10
+ movq %rcx, %r11
+ movq 40(%rsp), %rax
+ movq 48(%rsp), %r12
+ subq $0xa8, %rsp
+ movdqa (%r9), %xmm6
+ movdqa (%rax), %xmm5
+ movdqa %xmm5, %xmm9
+ movdqa %xmm5, %xmm8
+ psrlq $63, %xmm9
+ psllq $0x01, %xmm8
+ pslldq $8, %xmm9
+ por %xmm9, %xmm8
+ pshufd $0xff, %xmm5, %xmm5
+ psrad $31, %xmm5
+ pand L_aes_gcm_mod2_128(%rip), %xmm5
+ pxor %xmm8, %xmm5
+ xorl %r14d, %r14d
+ cmpl $0x80, %r8d
+ movl %r8d, %r13d
+ jl L_AES_GCM_decrypt_update_aesni_done_128
+ andl $0xffffff80, %r13d
+ movdqa %xmm6, %xmm2
+ # H ^ 1
+ movdqa %xmm5, (%rsp)
+ # H ^ 2
+ pshufd $0x4e, %xmm5, %xmm9
+ pshufd $0x4e, %xmm5, %xmm10
+ movdqa %xmm5, %xmm11
+ movdqa %xmm5, %xmm8
+ pclmulqdq $0x11, %xmm5, %xmm11
+ pclmulqdq $0x00, %xmm5, %xmm8
+ pxor %xmm5, %xmm9
+ pxor %xmm5, %xmm10
+ pclmulqdq $0x00, %xmm10, %xmm9
+ pxor %xmm8, %xmm9
+ pxor %xmm11, %xmm9
+ movdqa %xmm9, %xmm10
+ movdqa %xmm11, %xmm0
+ pslldq $8, %xmm10
+ psrldq $8, %xmm9
+ pxor %xmm10, %xmm8
+ pxor %xmm9, %xmm0
+ movdqa %xmm8, %xmm12
+ movdqa %xmm8, %xmm13
+ movdqa %xmm8, %xmm14
+ pslld $31, %xmm12
+ pslld $30, %xmm13
+ pslld $25, %xmm14
+ pxor %xmm13, %xmm12
+ pxor %xmm14, %xmm12
+ movdqa %xmm12, %xmm13
+ psrldq $4, %xmm13
+ pslldq $12, %xmm12
+ pxor %xmm12, %xmm8
+ movdqa %xmm8, %xmm14
+ movdqa %xmm8, %xmm10
+ movdqa %xmm8, %xmm9
+ psrld $0x01, %xmm14
+ psrld $2, %xmm10
+ psrld $7, %xmm9
+ pxor %xmm10, %xmm14
+ pxor %xmm9, %xmm14
+ pxor %xmm13, %xmm14
+ pxor %xmm8, %xmm14
+ pxor %xmm14, %xmm0
+ movdqa %xmm0, 16(%rsp)
+ # H ^ 3
+ pshufd $0x4e, %xmm5, %xmm9
+ pshufd $0x4e, %xmm0, %xmm10
+ movdqa %xmm0, %xmm11
+ movdqa %xmm0, %xmm8
+ pclmulqdq $0x11, %xmm5, %xmm11
+ pclmulqdq $0x00, %xmm5, %xmm8
+ pxor %xmm5, %xmm9
+ pxor %xmm0, %xmm10
+ pclmulqdq $0x00, %xmm10, %xmm9
+ pxor %xmm8, %xmm9
+ pxor %xmm11, %xmm9
+ movdqa %xmm9, %xmm10
+ movdqa %xmm11, %xmm1
+ pslldq $8, %xmm10
+ psrldq $8, %xmm9
+ pxor %xmm10, %xmm8
+ pxor %xmm9, %xmm1
+ movdqa %xmm8, %xmm12
+ movdqa %xmm8, %xmm13
+ movdqa %xmm8, %xmm14
+ pslld $31, %xmm12
+ pslld $30, %xmm13
+ pslld $25, %xmm14
+ pxor %xmm13, %xmm12
+ pxor %xmm14, %xmm12
+ movdqa %xmm12, %xmm13
+ psrldq $4, %xmm13
+ pslldq $12, %xmm12
+ pxor %xmm12, %xmm8
+ movdqa %xmm8, %xmm14
+ movdqa %xmm8, %xmm10
+ movdqa %xmm8, %xmm9
+ psrld $0x01, %xmm14
+ psrld $2, %xmm10
+ psrld $7, %xmm9
+ pxor %xmm10, %xmm14
+ pxor %xmm9, %xmm14
+ pxor %xmm13, %xmm14
+ pxor %xmm8, %xmm14
+ pxor %xmm14, %xmm1
+ movdqa %xmm1, 32(%rsp)
+ # H ^ 4
+ pshufd $0x4e, %xmm0, %xmm9
+ pshufd $0x4e, %xmm0, %xmm10
+ movdqa %xmm0, %xmm11
+ movdqa %xmm0, %xmm8
+ pclmulqdq $0x11, %xmm0, %xmm11
+ pclmulqdq $0x00, %xmm0, %xmm8
+ pxor %xmm0, %xmm9
+ pxor %xmm0, %xmm10
+ pclmulqdq $0x00, %xmm10, %xmm9
+ pxor %xmm8, %xmm9
+ pxor %xmm11, %xmm9
+ movdqa %xmm9, %xmm10
+ movdqa %xmm11, %xmm3
+ pslldq $8, %xmm10
+ psrldq $8, %xmm9
+ pxor %xmm10, %xmm8
+ pxor %xmm9, %xmm3
+ movdqa %xmm8, %xmm12
+ movdqa %xmm8, %xmm13
+ movdqa %xmm8, %xmm14
+ pslld $31, %xmm12
+ pslld $30, %xmm13
+ pslld $25, %xmm14
+ pxor %xmm13, %xmm12
+ pxor %xmm14, %xmm12
+ movdqa %xmm12, %xmm13
+ psrldq $4, %xmm13
+ pslldq $12, %xmm12
+ pxor %xmm12, %xmm8
+ movdqa %xmm8, %xmm14
+ movdqa %xmm8, %xmm10
+ movdqa %xmm8, %xmm9
+ psrld $0x01, %xmm14
+ psrld $2, %xmm10
+ psrld $7, %xmm9
+ pxor %xmm10, %xmm14
+ pxor %xmm9, %xmm14
+ pxor %xmm13, %xmm14
+ pxor %xmm8, %xmm14
+ pxor %xmm14, %xmm3
+ movdqa %xmm3, 48(%rsp)
+ # H ^ 5
+ pshufd $0x4e, %xmm0, %xmm9
+ pshufd $0x4e, %xmm1, %xmm10
+ movdqa %xmm1, %xmm11
+ movdqa %xmm1, %xmm8
+ pclmulqdq $0x11, %xmm0, %xmm11
+ pclmulqdq $0x00, %xmm0, %xmm8
+ pxor %xmm0, %xmm9
+ pxor %xmm1, %xmm10
+ pclmulqdq $0x00, %xmm10, %xmm9
+ pxor %xmm8, %xmm9
+ pxor %xmm11, %xmm9
+ movdqa %xmm9, %xmm10
+ movdqa %xmm11, %xmm7
+ pslldq $8, %xmm10
+ psrldq $8, %xmm9
+ pxor %xmm10, %xmm8
+ pxor %xmm9, %xmm7
+ movdqa %xmm8, %xmm12
+ movdqa %xmm8, %xmm13
+ movdqa %xmm8, %xmm14
+ pslld $31, %xmm12
+ pslld $30, %xmm13
+ pslld $25, %xmm14
+ pxor %xmm13, %xmm12
+ pxor %xmm14, %xmm12
+ movdqa %xmm12, %xmm13
+ psrldq $4, %xmm13
+ pslldq $12, %xmm12
+ pxor %xmm12, %xmm8
+ movdqa %xmm8, %xmm14
+ movdqa %xmm8, %xmm10
+ movdqa %xmm8, %xmm9
+ psrld $0x01, %xmm14
+ psrld $2, %xmm10
+ psrld $7, %xmm9
+ pxor %xmm10, %xmm14
+ pxor %xmm9, %xmm14
+ pxor %xmm13, %xmm14
+ pxor %xmm8, %xmm14
+ pxor %xmm14, %xmm7
+ movdqa %xmm7, 64(%rsp)
+ # H ^ 6
+ pshufd $0x4e, %xmm1, %xmm9
+ pshufd $0x4e, %xmm1, %xmm10
+ movdqa %xmm1, %xmm11
+ movdqa %xmm1, %xmm8
+ pclmulqdq $0x11, %xmm1, %xmm11
+ pclmulqdq $0x00, %xmm1, %xmm8
+ pxor %xmm1, %xmm9
+ pxor %xmm1, %xmm10
+ pclmulqdq $0x00, %xmm10, %xmm9
+ pxor %xmm8, %xmm9
+ pxor %xmm11, %xmm9
+ movdqa %xmm9, %xmm10
+ movdqa %xmm11, %xmm7
+ pslldq $8, %xmm10
+ psrldq $8, %xmm9
+ pxor %xmm10, %xmm8
+ pxor %xmm9, %xmm7
+ movdqa %xmm8, %xmm12
+ movdqa %xmm8, %xmm13
+ movdqa %xmm8, %xmm14
+ pslld $31, %xmm12
+ pslld $30, %xmm13
+ pslld $25, %xmm14
+ pxor %xmm13, %xmm12
+ pxor %xmm14, %xmm12
+ movdqa %xmm12, %xmm13
+ psrldq $4, %xmm13
+ pslldq $12, %xmm12
+ pxor %xmm12, %xmm8
+ movdqa %xmm8, %xmm14
+ movdqa %xmm8, %xmm10
+ movdqa %xmm8, %xmm9
+ psrld $0x01, %xmm14
+ psrld $2, %xmm10
+ psrld $7, %xmm9
+ pxor %xmm10, %xmm14
+ pxor %xmm9, %xmm14
+ pxor %xmm13, %xmm14
+ pxor %xmm8, %xmm14
+ pxor %xmm14, %xmm7
+ movdqa %xmm7, 80(%rsp)
+ # H ^ 7
+ pshufd $0x4e, %xmm1, %xmm9
+ pshufd $0x4e, %xmm3, %xmm10
+ movdqa %xmm3, %xmm11
+ movdqa %xmm3, %xmm8
+ pclmulqdq $0x11, %xmm1, %xmm11
+ pclmulqdq $0x00, %xmm1, %xmm8
+ pxor %xmm1, %xmm9
+ pxor %xmm3, %xmm10
+ pclmulqdq $0x00, %xmm10, %xmm9
+ pxor %xmm8, %xmm9
+ pxor %xmm11, %xmm9
+ movdqa %xmm9, %xmm10
+ movdqa %xmm11, %xmm7
+ pslldq $8, %xmm10
+ psrldq $8, %xmm9
+ pxor %xmm10, %xmm8
+ pxor %xmm9, %xmm7
+ movdqa %xmm8, %xmm12
+ movdqa %xmm8, %xmm13
+ movdqa %xmm8, %xmm14
+ pslld $31, %xmm12
+ pslld $30, %xmm13
+ pslld $25, %xmm14
+ pxor %xmm13, %xmm12
+ pxor %xmm14, %xmm12
+ movdqa %xmm12, %xmm13
+ psrldq $4, %xmm13
+ pslldq $12, %xmm12
+ pxor %xmm12, %xmm8
+ movdqa %xmm8, %xmm14
+ movdqa %xmm8, %xmm10
+ movdqa %xmm8, %xmm9
+ psrld $0x01, %xmm14
+ psrld $2, %xmm10
+ psrld $7, %xmm9
+ pxor %xmm10, %xmm14
+ pxor %xmm9, %xmm14
+ pxor %xmm13, %xmm14
+ pxor %xmm8, %xmm14
+ pxor %xmm14, %xmm7
+ movdqa %xmm7, 96(%rsp)
+ # H ^ 8
+ pshufd $0x4e, %xmm3, %xmm9
+ pshufd $0x4e, %xmm3, %xmm10
+ movdqa %xmm3, %xmm11
+ movdqa %xmm3, %xmm8
+ pclmulqdq $0x11, %xmm3, %xmm11
+ pclmulqdq $0x00, %xmm3, %xmm8
+ pxor %xmm3, %xmm9
+ pxor %xmm3, %xmm10
+ pclmulqdq $0x00, %xmm10, %xmm9
+ pxor %xmm8, %xmm9
+ pxor %xmm11, %xmm9
+ movdqa %xmm9, %xmm10
+ movdqa %xmm11, %xmm7
+ pslldq $8, %xmm10
+ psrldq $8, %xmm9
+ pxor %xmm10, %xmm8
+ pxor %xmm9, %xmm7
+ movdqa %xmm8, %xmm12
+ movdqa %xmm8, %xmm13
+ movdqa %xmm8, %xmm14
+ pslld $31, %xmm12
+ pslld $30, %xmm13
+ pslld $25, %xmm14
+ pxor %xmm13, %xmm12
+ pxor %xmm14, %xmm12
+ movdqa %xmm12, %xmm13
+ psrldq $4, %xmm13
+ pslldq $12, %xmm12
+ pxor %xmm12, %xmm8
+ movdqa %xmm8, %xmm14
+ movdqa %xmm8, %xmm10
+ movdqa %xmm8, %xmm9
+ psrld $0x01, %xmm14
+ psrld $2, %xmm10
+ psrld $7, %xmm9
+ pxor %xmm10, %xmm14
+ pxor %xmm9, %xmm14
+ pxor %xmm13, %xmm14
+ pxor %xmm8, %xmm14
+ pxor %xmm14, %xmm7
+ movdqa %xmm7, 112(%rsp)
+L_AES_GCM_decrypt_update_aesni_ghash_128:
+ leaq (%r11,%r14,1), %rcx
+ leaq (%r10,%r14,1), %rdx
+ movdqa (%r12), %xmm8
+ movdqa L_aes_gcm_bswap_epi64(%rip), %xmm1
+ movdqa %xmm8, %xmm0
+ pshufb %xmm1, %xmm8
+ movdqa %xmm0, %xmm9
+ paddd L_aes_gcm_one(%rip), %xmm9
+ pshufb %xmm1, %xmm9
+ movdqa %xmm0, %xmm10
+ paddd L_aes_gcm_two(%rip), %xmm10
+ pshufb %xmm1, %xmm10
+ movdqa %xmm0, %xmm11
+ paddd L_aes_gcm_three(%rip), %xmm11
+ pshufb %xmm1, %xmm11
+ movdqa %xmm0, %xmm12
+ paddd L_aes_gcm_four(%rip), %xmm12
+ pshufb %xmm1, %xmm12
+ movdqa %xmm0, %xmm13
+ paddd L_aes_gcm_five(%rip), %xmm13
+ pshufb %xmm1, %xmm13
+ movdqa %xmm0, %xmm14
+ paddd L_aes_gcm_six(%rip), %xmm14
+ pshufb %xmm1, %xmm14
+ movdqa %xmm0, %xmm15
+ paddd L_aes_gcm_seven(%rip), %xmm15
+ pshufb %xmm1, %xmm15
+ paddd L_aes_gcm_eight(%rip), %xmm0
+ movdqa (%rdi), %xmm7
+ movdqa %xmm0, (%r12)
+ pxor %xmm7, %xmm8
+ pxor %xmm7, %xmm9
+ pxor %xmm7, %xmm10
+ pxor %xmm7, %xmm11
+ pxor %xmm7, %xmm12
+ pxor %xmm7, %xmm13
+ pxor %xmm7, %xmm14
+ pxor %xmm7, %xmm15
+ movdqa 112(%rsp), %xmm7
+ movdqu (%rcx), %xmm0
+ aesenc 16(%rdi), %xmm8
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm0
+ pxor %xmm2, %xmm0
+ pshufd $0x4e, %xmm7, %xmm1
+ pshufd $0x4e, %xmm0, %xmm5
+ pxor %xmm7, %xmm1
+ pxor %xmm0, %xmm5
+ movdqa %xmm0, %xmm3
+ pclmulqdq $0x11, %xmm7, %xmm3
+ aesenc 16(%rdi), %xmm9
+ aesenc 16(%rdi), %xmm10
+ movdqa %xmm0, %xmm2
+ pclmulqdq $0x00, %xmm7, %xmm2
+ aesenc 16(%rdi), %xmm11
+ aesenc 16(%rdi), %xmm12
+ pclmulqdq $0x00, %xmm5, %xmm1
+ aesenc 16(%rdi), %xmm13
+ aesenc 16(%rdi), %xmm14
+ aesenc 16(%rdi), %xmm15
+ pxor %xmm2, %xmm1
+ pxor %xmm3, %xmm1
+ movdqa 96(%rsp), %xmm7
+ movdqu 16(%rcx), %xmm0
+ pshufd $0x4e, %xmm7, %xmm4
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm0
+ aesenc 32(%rdi), %xmm8
+ pxor %xmm7, %xmm4
+ pshufd $0x4e, %xmm0, %xmm5
+ pxor %xmm0, %xmm5
+ movdqa %xmm0, %xmm6
+ pclmulqdq $0x11, %xmm7, %xmm6
+ aesenc 32(%rdi), %xmm9
+ aesenc 32(%rdi), %xmm10
+ pclmulqdq $0x00, %xmm0, %xmm7
+ aesenc 32(%rdi), %xmm11
+ aesenc 32(%rdi), %xmm12
+ pclmulqdq $0x00, %xmm5, %xmm4
+ aesenc 32(%rdi), %xmm13
+ aesenc 32(%rdi), %xmm14
+ aesenc 32(%rdi), %xmm15
+ pxor %xmm7, %xmm1
+ pxor %xmm7, %xmm2
+ pxor %xmm6, %xmm1
+ pxor %xmm6, %xmm3
+ pxor %xmm4, %xmm1
+ movdqa 80(%rsp), %xmm7
+ movdqu 32(%rcx), %xmm0
+ pshufd $0x4e, %xmm7, %xmm4
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm0
+ aesenc 48(%rdi), %xmm8
+ pxor %xmm7, %xmm4
+ pshufd $0x4e, %xmm0, %xmm5
+ pxor %xmm0, %xmm5
+ movdqa %xmm0, %xmm6
+ pclmulqdq $0x11, %xmm7, %xmm6
+ aesenc 48(%rdi), %xmm9
+ aesenc 48(%rdi), %xmm10
+ pclmulqdq $0x00, %xmm0, %xmm7
+ aesenc 48(%rdi), %xmm11
+ aesenc 48(%rdi), %xmm12
+ pclmulqdq $0x00, %xmm5, %xmm4
+ aesenc 48(%rdi), %xmm13
+ aesenc 48(%rdi), %xmm14
+ aesenc 48(%rdi), %xmm15
+ pxor %xmm7, %xmm1
+ pxor %xmm7, %xmm2
+ pxor %xmm6, %xmm1
+ pxor %xmm6, %xmm3
+ pxor %xmm4, %xmm1
+ movdqa 64(%rsp), %xmm7
+ movdqu 48(%rcx), %xmm0
+ pshufd $0x4e, %xmm7, %xmm4
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm0
+ aesenc 64(%rdi), %xmm8
+ pxor %xmm7, %xmm4
+ pshufd $0x4e, %xmm0, %xmm5
+ pxor %xmm0, %xmm5
+ movdqa %xmm0, %xmm6
+ pclmulqdq $0x11, %xmm7, %xmm6
+ aesenc 64(%rdi), %xmm9
+ aesenc 64(%rdi), %xmm10
+ pclmulqdq $0x00, %xmm0, %xmm7
+ aesenc 64(%rdi), %xmm11
+ aesenc 64(%rdi), %xmm12
+ pclmulqdq $0x00, %xmm5, %xmm4
+ aesenc 64(%rdi), %xmm13
+ aesenc 64(%rdi), %xmm14
+ aesenc 64(%rdi), %xmm15
+ pxor %xmm7, %xmm1
+ pxor %xmm7, %xmm2
+ pxor %xmm6, %xmm1
+ pxor %xmm6, %xmm3
+ pxor %xmm4, %xmm1
+ movdqa 48(%rsp), %xmm7
+ movdqu 64(%rcx), %xmm0
+ pshufd $0x4e, %xmm7, %xmm4
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm0
+ aesenc 80(%rdi), %xmm8
+ pxor %xmm7, %xmm4
+ pshufd $0x4e, %xmm0, %xmm5
+ pxor %xmm0, %xmm5
+ movdqa %xmm0, %xmm6
+ pclmulqdq $0x11, %xmm7, %xmm6
+ aesenc 80(%rdi), %xmm9
+ aesenc 80(%rdi), %xmm10
+ pclmulqdq $0x00, %xmm0, %xmm7
+ aesenc 80(%rdi), %xmm11
+ aesenc 80(%rdi), %xmm12
+ pclmulqdq $0x00, %xmm5, %xmm4
+ aesenc 80(%rdi), %xmm13
+ aesenc 80(%rdi), %xmm14
+ aesenc 80(%rdi), %xmm15
+ pxor %xmm7, %xmm1
+ pxor %xmm7, %xmm2
+ pxor %xmm6, %xmm1
+ pxor %xmm6, %xmm3
+ pxor %xmm4, %xmm1
+ movdqa 32(%rsp), %xmm7
+ movdqu 80(%rcx), %xmm0
+ pshufd $0x4e, %xmm7, %xmm4
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm0
+ aesenc 96(%rdi), %xmm8
+ pxor %xmm7, %xmm4
+ pshufd $0x4e, %xmm0, %xmm5
+ pxor %xmm0, %xmm5
+ movdqa %xmm0, %xmm6
+ pclmulqdq $0x11, %xmm7, %xmm6
+ aesenc 96(%rdi), %xmm9
+ aesenc 96(%rdi), %xmm10
+ pclmulqdq $0x00, %xmm0, %xmm7
+ aesenc 96(%rdi), %xmm11
+ aesenc 96(%rdi), %xmm12
+ pclmulqdq $0x00, %xmm5, %xmm4
+ aesenc 96(%rdi), %xmm13
+ aesenc 96(%rdi), %xmm14
+ aesenc 96(%rdi), %xmm15
+ pxor %xmm7, %xmm1
+ pxor %xmm7, %xmm2
+ pxor %xmm6, %xmm1
+ pxor %xmm6, %xmm3
+ pxor %xmm4, %xmm1
+ movdqa 16(%rsp), %xmm7
+ movdqu 96(%rcx), %xmm0
+ pshufd $0x4e, %xmm7, %xmm4
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm0
+ aesenc 112(%rdi), %xmm8
+ pxor %xmm7, %xmm4
+ pshufd $0x4e, %xmm0, %xmm5
+ pxor %xmm0, %xmm5
+ movdqa %xmm0, %xmm6
+ pclmulqdq $0x11, %xmm7, %xmm6
+ aesenc 112(%rdi), %xmm9
+ aesenc 112(%rdi), %xmm10
+ pclmulqdq $0x00, %xmm0, %xmm7
+ aesenc 112(%rdi), %xmm11
+ aesenc 112(%rdi), %xmm12
+ pclmulqdq $0x00, %xmm5, %xmm4
+ aesenc 112(%rdi), %xmm13
+ aesenc 112(%rdi), %xmm14
+ aesenc 112(%rdi), %xmm15
+ pxor %xmm7, %xmm1
+ pxor %xmm7, %xmm2
+ pxor %xmm6, %xmm1
+ pxor %xmm6, %xmm3
+ pxor %xmm4, %xmm1
+ movdqa (%rsp), %xmm7
+ movdqu 112(%rcx), %xmm0
+ pshufd $0x4e, %xmm7, %xmm4
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm0
+ aesenc 128(%rdi), %xmm8
+ pxor %xmm7, %xmm4
+ pshufd $0x4e, %xmm0, %xmm5
+ pxor %xmm0, %xmm5
+ movdqa %xmm0, %xmm6
+ pclmulqdq $0x11, %xmm7, %xmm6
+ aesenc 128(%rdi), %xmm9
+ aesenc 128(%rdi), %xmm10
+ pclmulqdq $0x00, %xmm0, %xmm7
+ aesenc 128(%rdi), %xmm11
+ aesenc 128(%rdi), %xmm12
+ pclmulqdq $0x00, %xmm5, %xmm4
+ aesenc 128(%rdi), %xmm13
+ aesenc 128(%rdi), %xmm14
+ aesenc 128(%rdi), %xmm15
+ pxor %xmm7, %xmm1
+ pxor %xmm7, %xmm2
+ pxor %xmm6, %xmm1
+ pxor %xmm6, %xmm3
+ pxor %xmm4, %xmm1
+ movdqa %xmm1, %xmm5
+ psrldq $8, %xmm1
+ pslldq $8, %xmm5
+ aesenc 144(%rdi), %xmm8
+ pxor %xmm5, %xmm2
+ pxor %xmm1, %xmm3
+ movdqa %xmm2, %xmm7
+ movdqa %xmm2, %xmm4
+ movdqa %xmm2, %xmm5
+ aesenc 144(%rdi), %xmm9
+ pslld $31, %xmm7
+ pslld $30, %xmm4
+ pslld $25, %xmm5
+ aesenc 144(%rdi), %xmm10
+ pxor %xmm4, %xmm7
+ pxor %xmm5, %xmm7
+ aesenc 144(%rdi), %xmm11
+ movdqa %xmm7, %xmm4
+ pslldq $12, %xmm7
+ psrldq $4, %xmm4
+ aesenc 144(%rdi), %xmm12
+ pxor %xmm7, %xmm2
+ movdqa %xmm2, %xmm5
+ movdqa %xmm2, %xmm1
+ movdqa %xmm2, %xmm0
+ aesenc 144(%rdi), %xmm13
+ psrld $0x01, %xmm5
+ psrld $2, %xmm1
+ psrld $7, %xmm0
+ aesenc 144(%rdi), %xmm14
+ pxor %xmm1, %xmm5
+ pxor %xmm0, %xmm5
+ aesenc 144(%rdi), %xmm15
+ pxor %xmm4, %xmm5
+ pxor %xmm5, %xmm2
+ pxor %xmm3, %xmm2
+ cmpl $11, %esi
+ movdqa 160(%rdi), %xmm7
+ jl L_AES_GCM_decrypt_update_aesni_aesenc_128_ghash_avx_done
+ aesenc %xmm7, %xmm8
+ aesenc %xmm7, %xmm9
+ aesenc %xmm7, %xmm10
+ aesenc %xmm7, %xmm11
+ aesenc %xmm7, %xmm12
+ aesenc %xmm7, %xmm13
+ aesenc %xmm7, %xmm14
+ aesenc %xmm7, %xmm15
+ movdqa 176(%rdi), %xmm7
+ aesenc %xmm7, %xmm8
+ aesenc %xmm7, %xmm9
+ aesenc %xmm7, %xmm10
+ aesenc %xmm7, %xmm11
+ aesenc %xmm7, %xmm12
+ aesenc %xmm7, %xmm13
+ aesenc %xmm7, %xmm14
+ aesenc %xmm7, %xmm15
+ cmpl $13, %esi
+ movdqa 192(%rdi), %xmm7
+ jl L_AES_GCM_decrypt_update_aesni_aesenc_128_ghash_avx_done
+ aesenc %xmm7, %xmm8
+ aesenc %xmm7, %xmm9
+ aesenc %xmm7, %xmm10
+ aesenc %xmm7, %xmm11
+ aesenc %xmm7, %xmm12
+ aesenc %xmm7, %xmm13
+ aesenc %xmm7, %xmm14
+ aesenc %xmm7, %xmm15
+ movdqa 208(%rdi), %xmm7
+ aesenc %xmm7, %xmm8
+ aesenc %xmm7, %xmm9
+ aesenc %xmm7, %xmm10
+ aesenc %xmm7, %xmm11
+ aesenc %xmm7, %xmm12
+ aesenc %xmm7, %xmm13
+ aesenc %xmm7, %xmm14
+ aesenc %xmm7, %xmm15
+ movdqa 224(%rdi), %xmm7
+L_AES_GCM_decrypt_update_aesni_aesenc_128_ghash_avx_done:
+ aesenclast %xmm7, %xmm8
+ aesenclast %xmm7, %xmm9
+ movdqu (%rcx), %xmm0
+ movdqu 16(%rcx), %xmm1
+ pxor %xmm0, %xmm8
+ pxor %xmm1, %xmm9
+ movdqu %xmm8, (%rdx)
+ movdqu %xmm9, 16(%rdx)
+ aesenclast %xmm7, %xmm10
+ aesenclast %xmm7, %xmm11
+ movdqu 32(%rcx), %xmm0
+ movdqu 48(%rcx), %xmm1
+ pxor %xmm0, %xmm10
+ pxor %xmm1, %xmm11
+ movdqu %xmm10, 32(%rdx)
+ movdqu %xmm11, 48(%rdx)
+ aesenclast %xmm7, %xmm12
+ aesenclast %xmm7, %xmm13
+ movdqu 64(%rcx), %xmm0
+ movdqu 80(%rcx), %xmm1
+ pxor %xmm0, %xmm12
+ pxor %xmm1, %xmm13
+ movdqu %xmm12, 64(%rdx)
+ movdqu %xmm13, 80(%rdx)
+ aesenclast %xmm7, %xmm14
+ aesenclast %xmm7, %xmm15
+ movdqu 96(%rcx), %xmm0
+ movdqu 112(%rcx), %xmm1
+ pxor %xmm0, %xmm14
+ pxor %xmm1, %xmm15
+ movdqu %xmm14, 96(%rdx)
+ movdqu %xmm15, 112(%rdx)
+ addl $0x80, %r14d
+ cmpl %r13d, %r14d
+ jl L_AES_GCM_decrypt_update_aesni_ghash_128
+ movdqa %xmm2, %xmm6
+ movdqa (%rsp), %xmm5
+L_AES_GCM_decrypt_update_aesni_done_128:
+ movl %r8d, %edx
+ cmpl %edx, %r14d
+ jge L_AES_GCM_decrypt_update_aesni_done_dec
+ movl %r8d, %r13d
+ andl $0xfffffff0, %r13d
+ cmpl %r13d, %r14d
+ jge L_AES_GCM_decrypt_update_aesni_last_block_done
+L_AES_GCM_decrypt_update_aesni_last_block_start:
+ leaq (%r11,%r14,1), %rcx
+ leaq (%r10,%r14,1), %rdx
+ movdqu (%rcx), %xmm1
+ movdqa %xmm5, %xmm0
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm1
+ pxor %xmm6, %xmm1
+ movdqa (%r12), %xmm8
+ movdqa %xmm8, %xmm9
+ pshufb L_aes_gcm_bswap_epi64(%rip), %xmm8
+ paddd L_aes_gcm_one(%rip), %xmm9
+ pxor (%rdi), %xmm8
+ movdqa %xmm9, (%r12)
+ movdqa %xmm1, %xmm10
+ pclmulqdq $16, %xmm0, %xmm10
+ aesenc 16(%rdi), %xmm8
+ aesenc 32(%rdi), %xmm8
+ movdqa %xmm1, %xmm11
+ pclmulqdq $0x01, %xmm0, %xmm11
+ aesenc 48(%rdi), %xmm8
+ aesenc 64(%rdi), %xmm8
+ movdqa %xmm1, %xmm12
+ pclmulqdq $0x00, %xmm0, %xmm12
+ aesenc 80(%rdi), %xmm8
+ movdqa %xmm1, %xmm1
+ pclmulqdq $0x11, %xmm0, %xmm1
+ aesenc 96(%rdi), %xmm8
+ pxor %xmm11, %xmm10
+ movdqa %xmm10, %xmm2
+ psrldq $8, %xmm10
+ pslldq $8, %xmm2
+ aesenc 112(%rdi), %xmm8
+ movdqa %xmm1, %xmm3
+ pxor %xmm12, %xmm2
+ pxor %xmm10, %xmm3
+ movdqa L_aes_gcm_mod2_128(%rip), %xmm0
+ movdqa %xmm2, %xmm11
+ pclmulqdq $16, %xmm0, %xmm11
+ aesenc 128(%rdi), %xmm8
+ pshufd $0x4e, %xmm2, %xmm10
+ pxor %xmm11, %xmm10
+ movdqa %xmm10, %xmm11
+ pclmulqdq $16, %xmm0, %xmm11
+ aesenc 144(%rdi), %xmm8
+ pshufd $0x4e, %xmm10, %xmm6
+ pxor %xmm11, %xmm6
+ pxor %xmm3, %xmm6
+ cmpl $11, %esi
+ movdqa 160(%rdi), %xmm9
+ jl L_AES_GCM_decrypt_update_aesni_aesenc_gfmul_last
+ aesenc %xmm9, %xmm8
+ aesenc 176(%rdi), %xmm8
+ cmpl $13, %esi
+ movdqa 192(%rdi), %xmm9
+ jl L_AES_GCM_decrypt_update_aesni_aesenc_gfmul_last
+ aesenc %xmm9, %xmm8
+ aesenc 208(%rdi), %xmm8
+ movdqa 224(%rdi), %xmm9
+L_AES_GCM_decrypt_update_aesni_aesenc_gfmul_last:
+ aesenclast %xmm9, %xmm8
+ movdqu (%rcx), %xmm9
+ pxor %xmm9, %xmm8
+ movdqu %xmm8, (%rdx)
+ addl $16, %r14d
+ cmpl %r13d, %r14d
+ jl L_AES_GCM_decrypt_update_aesni_last_block_start
+L_AES_GCM_decrypt_update_aesni_last_block_done:
+L_AES_GCM_decrypt_update_aesni_done_dec:
+ movdqa %xmm6, (%r9)
+ addq $0xa8, %rsp
+ popq %r15
+ popq %r14
+ popq %r12
+ popq %r13
+ repz retq
+#ifndef __APPLE__
+.size AES_GCM_decrypt_update_aesni,.-AES_GCM_decrypt_update_aesni
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl AES_GCM_decrypt_final_aesni
+.type AES_GCM_decrypt_final_aesni,@function
+.align 16
+AES_GCM_decrypt_final_aesni:
+#else
+.section __TEXT,__text
+.globl _AES_GCM_decrypt_final_aesni
+.p2align 4
+_AES_GCM_decrypt_final_aesni:
+#endif /* __APPLE__ */
+ pushq %r13
+ pushq %rbp
+ pushq %r12
+ movq %rdx, %rax
+ movl %ecx, %r10d
+ movl %r8d, %r11d
+ movq 32(%rsp), %r8
+ movq 40(%rsp), %rbp
+ subq $16, %rsp
+ movdqa (%rdi), %xmm6
+ movdqa (%r9), %xmm5
+ movdqa (%r8), %xmm15
+ movdqa %xmm5, %xmm9
+ movdqa %xmm5, %xmm8
+ psrlq $63, %xmm9
+ psllq $0x01, %xmm8
+ pslldq $8, %xmm9
+ por %xmm9, %xmm8
+ pshufd $0xff, %xmm5, %xmm5
+ psrad $31, %xmm5
+ pand L_aes_gcm_mod2_128(%rip), %xmm5
+ pxor %xmm8, %xmm5
+ movl %r10d, %edx
+ movl %r11d, %ecx
+ shlq $3, %rdx
+ shlq $3, %rcx
+ pinsrq $0x00, %rdx, %xmm0
+ pinsrq $0x01, %rcx, %xmm0
+ pxor %xmm0, %xmm6
+ pshufd $0x4e, %xmm5, %xmm9
+ pshufd $0x4e, %xmm6, %xmm10
+ movdqa %xmm6, %xmm11
+ movdqa %xmm6, %xmm8
+ pclmulqdq $0x11, %xmm5, %xmm11
+ pclmulqdq $0x00, %xmm5, %xmm8
+ pxor %xmm5, %xmm9
+ pxor %xmm6, %xmm10
+ pclmulqdq $0x00, %xmm10, %xmm9
+ pxor %xmm8, %xmm9
+ pxor %xmm11, %xmm9
+ movdqa %xmm9, %xmm10
+ movdqa %xmm11, %xmm6
+ pslldq $8, %xmm10
+ psrldq $8, %xmm9
+ pxor %xmm10, %xmm8
+ pxor %xmm9, %xmm6
+ movdqa %xmm8, %xmm12
+ movdqa %xmm8, %xmm13
+ movdqa %xmm8, %xmm14
+ pslld $31, %xmm12
+ pslld $30, %xmm13
+ pslld $25, %xmm14
+ pxor %xmm13, %xmm12
+ pxor %xmm14, %xmm12
+ movdqa %xmm12, %xmm13
+ psrldq $4, %xmm13
+ pslldq $12, %xmm12
+ pxor %xmm12, %xmm8
+ movdqa %xmm8, %xmm14
+ movdqa %xmm8, %xmm10
+ movdqa %xmm8, %xmm9
+ psrld $0x01, %xmm14
+ psrld $2, %xmm10
+ psrld $7, %xmm9
+ pxor %xmm10, %xmm14
+ pxor %xmm9, %xmm14
+ pxor %xmm13, %xmm14
+ pxor %xmm8, %xmm14
+ pxor %xmm14, %xmm6
+ pshufb L_aes_gcm_bswap_mask(%rip), %xmm6
+ movdqa %xmm15, %xmm0
+ pxor %xmm6, %xmm0
+ cmpl $16, %eax
+ je L_AES_GCM_decrypt_final_aesni_cmp_tag_16
+ subq $16, %rsp
+ xorq %rcx, %rcx
+ xorq %r12, %r12
+ movdqa %xmm0, (%rsp)
+L_AES_GCM_decrypt_final_aesni_cmp_tag_loop:
+ movzbl (%rsp,%rcx,1), %r13d
+ xorb (%rsi,%rcx,1), %r13b
+ orb %r13b, %r12b
+ incl %ecx
+ cmpl %eax, %ecx
+ jne L_AES_GCM_decrypt_final_aesni_cmp_tag_loop
+ cmpb $0x00, %r12b
+ sete %r12b
+ addq $16, %rsp
+ xorq %rcx, %rcx
+ jmp L_AES_GCM_decrypt_final_aesni_cmp_tag_done
+L_AES_GCM_decrypt_final_aesni_cmp_tag_16:
+ movdqu (%rsi), %xmm1
+ pcmpeqb %xmm1, %xmm0
+ pmovmskb %xmm0, %rdx
+ # %%edx == 0xFFFF then return 1 else => return 0
+ xorl %r12d, %r12d
+ cmpl $0xffff, %edx
+ sete %r12b
+L_AES_GCM_decrypt_final_aesni_cmp_tag_done:
+ movl %r12d, (%rbp)
+ addq $16, %rsp
+ popq %r12
+ popq %rbp
+ popq %r13
+ repz retq
+#ifndef __APPLE__
+.size AES_GCM_decrypt_final_aesni,.-AES_GCM_decrypt_final_aesni
+#endif /* __APPLE__ */
+#endif /* WOLFSSL_AESGCM_STREAM */
#ifdef HAVE_INTEL_AVX1
#ifndef __APPLE__
.data
@@ -3732,7 +6504,7 @@ L_AES_GCM_encrypt_avx1_calc_iv_lt16:
subq $16, %rsp
vpxor %xmm8, %xmm8, %xmm8
xorl %ebx, %ebx
- vmovdqa %xmm8, (%rsp)
+ vmovdqu %xmm8, (%rsp)
L_AES_GCM_encrypt_avx1_calc_iv_loop:
movzbl (%rax,%rcx,1), %r13d
movb %r13b, (%rsp,%rbx,1)
@@ -3740,7 +6512,7 @@ L_AES_GCM_encrypt_avx1_calc_iv_loop:
incl %ebx
cmpl %edx, %ecx
jl L_AES_GCM_encrypt_avx1_calc_iv_loop
- vmovdqa (%rsp), %xmm8
+ vmovdqu (%rsp), %xmm8
addq $16, %rsp
vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm8, %xmm8
vpxor %xmm8, %xmm4, %xmm4
@@ -3929,7 +6701,7 @@ L_AES_GCM_encrypt_avx1_calc_aad_lt16:
subq $16, %rsp
vpxor %xmm8, %xmm8, %xmm8
xorl %ebx, %ebx
- vmovdqa %xmm8, (%rsp)
+ vmovdqu %xmm8, (%rsp)
L_AES_GCM_encrypt_avx1_calc_aad_loop:
movzbl (%r12,%rcx,1), %r13d
movb %r13b, (%rsp,%rbx,1)
@@ -3937,7 +6709,7 @@ L_AES_GCM_encrypt_avx1_calc_aad_loop:
incl %ebx
cmpl %edx, %ecx
jl L_AES_GCM_encrypt_avx1_calc_aad_loop
- vmovdqa (%rsp), %xmm8
+ vmovdqu (%rsp), %xmm8
addq $16, %rsp
vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm8, %xmm8
vpxor %xmm8, %xmm6, %xmm6
@@ -5012,7 +7784,7 @@ L_AES_GCM_encrypt_avx1_aesenc_last15_enc_avx_aesenc_avx_last:
vaesenclast %xmm9, %xmm4, %xmm4
subq $16, %rsp
xorl %ecx, %ecx
- vmovdqa %xmm4, (%rsp)
+ vmovdqu %xmm4, (%rsp)
L_AES_GCM_encrypt_avx1_aesenc_last15_enc_avx_loop:
movzbl (%rdi,%rbx,1), %r13d
xorb (%rsp,%rcx,1), %r13b
@@ -5031,7 +7803,7 @@ L_AES_GCM_encrypt_avx1_aesenc_last15_enc_avx_byte_loop:
cmpl $16, %ecx
jl L_AES_GCM_encrypt_avx1_aesenc_last15_enc_avx_byte_loop
L_AES_GCM_encrypt_avx1_aesenc_last15_enc_avx_finish_enc:
- vmovdqa (%rsp), %xmm4
+ vmovdqu (%rsp), %xmm4
addq $16, %rsp
vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm4, %xmm4
vpxor %xmm4, %xmm6, %xmm6
@@ -5109,7 +7881,7 @@ L_AES_GCM_encrypt_avx1_done_enc:
cmpl $16, %r14d
je L_AES_GCM_encrypt_avx1_store_tag_16
xorq %rcx, %rcx
- vmovdqa %xmm0, (%rsp)
+ vmovdqu %xmm0, (%rsp)
L_AES_GCM_encrypt_avx1_store_tag_loop:
movzbl (%rsp,%rcx,1), %r13d
movb %r13b, (%r8,%rcx,1)
@@ -5314,7 +8086,7 @@ L_AES_GCM_decrypt_avx1_calc_iv_lt16:
subq $16, %rsp
vpxor %xmm8, %xmm8, %xmm8
xorl %ebx, %ebx
- vmovdqa %xmm8, (%rsp)
+ vmovdqu %xmm8, (%rsp)
L_AES_GCM_decrypt_avx1_calc_iv_loop:
movzbl (%rax,%rcx,1), %r13d
movb %r13b, (%rsp,%rbx,1)
@@ -5322,7 +8094,7 @@ L_AES_GCM_decrypt_avx1_calc_iv_loop:
incl %ebx
cmpl %edx, %ecx
jl L_AES_GCM_decrypt_avx1_calc_iv_loop
- vmovdqa (%rsp), %xmm8
+ vmovdqu (%rsp), %xmm8
addq $16, %rsp
vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm8, %xmm8
vpxor %xmm8, %xmm4, %xmm4
@@ -5511,7 +8283,7 @@ L_AES_GCM_decrypt_avx1_calc_aad_lt16:
subq $16, %rsp
vpxor %xmm8, %xmm8, %xmm8
xorl %ebx, %ebx
- vmovdqa %xmm8, (%rsp)
+ vmovdqu %xmm8, (%rsp)
L_AES_GCM_decrypt_avx1_calc_aad_loop:
movzbl (%r12,%rcx,1), %r13d
movb %r13b, (%rsp,%rbx,1)
@@ -5519,7 +8291,7 @@ L_AES_GCM_decrypt_avx1_calc_aad_loop:
incl %ebx
cmpl %edx, %ecx
jl L_AES_GCM_decrypt_avx1_calc_aad_loop
- vmovdqa (%rsp), %xmm8
+ vmovdqu (%rsp), %xmm8
addq $16, %rsp
vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm8, %xmm8
vpxor %xmm8, %xmm6, %xmm6
@@ -6178,9 +8950,9 @@ L_AES_GCM_decrypt_avx1_aesenc_last15_dec_avx_aesenc_avx_last:
vaesenclast %xmm9, %xmm4, %xmm4
subq $32, %rsp
xorl %ecx, %ecx
- vmovdqa %xmm4, (%rsp)
+ vmovdqu %xmm4, (%rsp)
vpxor %xmm0, %xmm0, %xmm0
- vmovdqa %xmm0, 16(%rsp)
+ vmovdqu %xmm0, 16(%rsp)
L_AES_GCM_decrypt_avx1_aesenc_last15_dec_avx_loop:
movzbl (%rdi,%rbx,1), %r13d
movb %r13b, 16(%rsp,%rcx,1)
@@ -6190,7 +8962,7 @@ L_AES_GCM_decrypt_avx1_aesenc_last15_dec_avx_loop:
incl %ecx
cmpl %edx, %ebx
jl L_AES_GCM_decrypt_avx1_aesenc_last15_dec_avx_loop
- vmovdqa 16(%rsp), %xmm4
+ vmovdqu 16(%rsp), %xmm4
addq $32, %rsp
vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm4, %xmm4
vpxor %xmm4, %xmm6, %xmm6
@@ -6270,7 +9042,7 @@ L_AES_GCM_decrypt_avx1_done_dec:
subq $16, %rsp
xorq %rcx, %rcx
xorq %rbx, %rbx
- vmovdqa %xmm0, (%rsp)
+ vmovdqu %xmm0, (%rsp)
L_AES_GCM_decrypt_avx1_cmp_tag_loop:
movzbl (%rsp,%rcx,1), %r13d
xorb (%r8,%rcx,1), %r13b
@@ -6305,6 +9077,2345 @@ L_AES_GCM_decrypt_avx1_cmp_tag_done:
#ifndef __APPLE__
.size AES_GCM_decrypt_avx1,.-AES_GCM_decrypt_avx1
#endif /* __APPLE__ */
+#ifdef WOLFSSL_AESGCM_STREAM
+#ifndef __APPLE__
+.text
+.globl AES_GCM_init_avx1
+.type AES_GCM_init_avx1,@function
+.align 16
+AES_GCM_init_avx1:
+#else
+.section __TEXT,__text
+.globl _AES_GCM_init_avx1
+.p2align 4
+_AES_GCM_init_avx1:
+#endif /* __APPLE__ */
+ pushq %r12
+ pushq %r13
+ movq %rdx, %r10
+ movl %ecx, %r11d
+ movq 24(%rsp), %rax
+ subq $16, %rsp
+ vpxor %xmm4, %xmm4, %xmm4
+ movl %r11d, %edx
+ cmpl $12, %edx
+ jne L_AES_GCM_init_avx1_iv_not_12
+ # # Calculate values when IV is 12 bytes
+ # Set counter based on IV
+ movl $0x1000000, %ecx
+ vpinsrq $0x00, (%r10), %xmm4, %xmm4
+ vpinsrd $2, 8(%r10), %xmm4, %xmm4
+ vpinsrd $3, %ecx, %xmm4, %xmm4
+ # H = Encrypt X(=0) and T = Encrypt counter
+ vmovdqa (%rdi), %xmm5
+ vpxor %xmm5, %xmm4, %xmm1
+ vmovdqa 16(%rdi), %xmm7
+ vaesenc %xmm7, %xmm5, %xmm5
+ vaesenc %xmm7, %xmm1, %xmm1
+ vmovdqa 32(%rdi), %xmm7
+ vaesenc %xmm7, %xmm5, %xmm5
+ vaesenc %xmm7, %xmm1, %xmm1
+ vmovdqa 48(%rdi), %xmm7
+ vaesenc %xmm7, %xmm5, %xmm5
+ vaesenc %xmm7, %xmm1, %xmm1
+ vmovdqa 64(%rdi), %xmm7
+ vaesenc %xmm7, %xmm5, %xmm5
+ vaesenc %xmm7, %xmm1, %xmm1
+ vmovdqa 80(%rdi), %xmm7
+ vaesenc %xmm7, %xmm5, %xmm5
+ vaesenc %xmm7, %xmm1, %xmm1
+ vmovdqa 96(%rdi), %xmm7
+ vaesenc %xmm7, %xmm5, %xmm5
+ vaesenc %xmm7, %xmm1, %xmm1
+ vmovdqa 112(%rdi), %xmm7
+ vaesenc %xmm7, %xmm5, %xmm5
+ vaesenc %xmm7, %xmm1, %xmm1
+ vmovdqa 128(%rdi), %xmm7
+ vaesenc %xmm7, %xmm5, %xmm5
+ vaesenc %xmm7, %xmm1, %xmm1
+ vmovdqa 144(%rdi), %xmm7
+ vaesenc %xmm7, %xmm5, %xmm5
+ vaesenc %xmm7, %xmm1, %xmm1
+ cmpl $11, %esi
+ vmovdqa 160(%rdi), %xmm7
+ jl L_AES_GCM_init_avx1_calc_iv_12_last
+ vaesenc %xmm7, %xmm5, %xmm5
+ vaesenc %xmm7, %xmm1, %xmm1
+ vmovdqa 176(%rdi), %xmm7
+ vaesenc %xmm7, %xmm5, %xmm5
+ vaesenc %xmm7, %xmm1, %xmm1
+ cmpl $13, %esi
+ vmovdqa 192(%rdi), %xmm7
+ jl L_AES_GCM_init_avx1_calc_iv_12_last
+ vaesenc %xmm7, %xmm5, %xmm5
+ vaesenc %xmm7, %xmm1, %xmm1
+ vmovdqa 208(%rdi), %xmm7
+ vaesenc %xmm7, %xmm5, %xmm5
+ vaesenc %xmm7, %xmm1, %xmm1
+ vmovdqa 224(%rdi), %xmm7
+L_AES_GCM_init_avx1_calc_iv_12_last:
+ vaesenclast %xmm7, %xmm5, %xmm5
+ vaesenclast %xmm7, %xmm1, %xmm1
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm5, %xmm5
+ vmovdqa %xmm1, %xmm15
+ jmp L_AES_GCM_init_avx1_iv_done
+L_AES_GCM_init_avx1_iv_not_12:
+ # Calculate values when IV is not 12 bytes
+ # H = Encrypt X(=0)
+ vmovdqa (%rdi), %xmm5
+ vaesenc 16(%rdi), %xmm5, %xmm5
+ vaesenc 32(%rdi), %xmm5, %xmm5
+ vaesenc 48(%rdi), %xmm5, %xmm5
+ vaesenc 64(%rdi), %xmm5, %xmm5
+ vaesenc 80(%rdi), %xmm5, %xmm5
+ vaesenc 96(%rdi), %xmm5, %xmm5
+ vaesenc 112(%rdi), %xmm5, %xmm5
+ vaesenc 128(%rdi), %xmm5, %xmm5
+ vaesenc 144(%rdi), %xmm5, %xmm5
+ cmpl $11, %esi
+ vmovdqa 160(%rdi), %xmm9
+ jl L_AES_GCM_init_avx1_calc_iv_1_aesenc_avx_last
+ vaesenc %xmm9, %xmm5, %xmm5
+ vaesenc 176(%rdi), %xmm5, %xmm5
+ cmpl $13, %esi
+ vmovdqa 192(%rdi), %xmm9
+ jl L_AES_GCM_init_avx1_calc_iv_1_aesenc_avx_last
+ vaesenc %xmm9, %xmm5, %xmm5
+ vaesenc 208(%rdi), %xmm5, %xmm5
+ vmovdqa 224(%rdi), %xmm9
+L_AES_GCM_init_avx1_calc_iv_1_aesenc_avx_last:
+ vaesenclast %xmm9, %xmm5, %xmm5
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm5, %xmm5
+ # Calc counter
+ # Initialization vector
+ cmpl $0x00, %edx
+ movq $0x00, %rcx
+ je L_AES_GCM_init_avx1_calc_iv_done
+ cmpl $16, %edx
+ jl L_AES_GCM_init_avx1_calc_iv_lt16
+ andl $0xfffffff0, %edx
+L_AES_GCM_init_avx1_calc_iv_16_loop:
+ vmovdqu (%r10,%rcx,1), %xmm8
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm8, %xmm8
+ vpxor %xmm8, %xmm4, %xmm4
+ # ghash_gfmul_avx
+ vpshufd $0x4e, %xmm4, %xmm1
+ vpshufd $0x4e, %xmm5, %xmm2
+ vpclmulqdq $0x11, %xmm4, %xmm5, %xmm3
+ vpclmulqdq $0x00, %xmm4, %xmm5, %xmm0
+ vpxor %xmm4, %xmm1, %xmm1
+ vpxor %xmm5, %xmm2, %xmm2
+ vpclmulqdq $0x00, %xmm2, %xmm1, %xmm1
+ vpxor %xmm0, %xmm1, %xmm1
+ vpxor %xmm3, %xmm1, %xmm1
+ vmovdqa %xmm0, %xmm7
+ vmovdqa %xmm3, %xmm4
+ vpslldq $8, %xmm1, %xmm2
+ vpsrldq $8, %xmm1, %xmm1
+ vpxor %xmm2, %xmm7, %xmm7
+ vpxor %xmm1, %xmm4, %xmm4
+ vpsrld $31, %xmm7, %xmm0
+ vpsrld $31, %xmm4, %xmm1
+ vpslld $0x01, %xmm7, %xmm7
+ vpslld $0x01, %xmm4, %xmm4
+ vpsrldq $12, %xmm0, %xmm2
+ vpslldq $4, %xmm0, %xmm0
+ vpslldq $4, %xmm1, %xmm1
+ vpor %xmm2, %xmm4, %xmm4
+ vpor %xmm0, %xmm7, %xmm7
+ vpor %xmm1, %xmm4, %xmm4
+ vpslld $31, %xmm7, %xmm0
+ vpslld $30, %xmm7, %xmm1
+ vpslld $25, %xmm7, %xmm2
+ vpxor %xmm1, %xmm0, %xmm0
+ vpxor %xmm2, %xmm0, %xmm0
+ vmovdqa %xmm0, %xmm1
+ vpsrldq $4, %xmm1, %xmm1
+ vpslldq $12, %xmm0, %xmm0
+ vpxor %xmm0, %xmm7, %xmm7
+ vpsrld $0x01, %xmm7, %xmm2
+ vpsrld $2, %xmm7, %xmm3
+ vpsrld $7, %xmm7, %xmm0
+ vpxor %xmm3, %xmm2, %xmm2
+ vpxor %xmm0, %xmm2, %xmm2
+ vpxor %xmm1, %xmm2, %xmm2
+ vpxor %xmm7, %xmm2, %xmm2
+ vpxor %xmm2, %xmm4, %xmm4
+ addl $16, %ecx
+ cmpl %edx, %ecx
+ jl L_AES_GCM_init_avx1_calc_iv_16_loop
+ movl %r11d, %edx
+ cmpl %edx, %ecx
+ je L_AES_GCM_init_avx1_calc_iv_done
+L_AES_GCM_init_avx1_calc_iv_lt16:
+ subq $16, %rsp
+ vpxor %xmm8, %xmm8, %xmm8
+ xorl %r13d, %r13d
+ vmovdqu %xmm8, (%rsp)
+L_AES_GCM_init_avx1_calc_iv_loop:
+ movzbl (%r10,%rcx,1), %r12d
+ movb %r12b, (%rsp,%r13,1)
+ incl %ecx
+ incl %r13d
+ cmpl %edx, %ecx
+ jl L_AES_GCM_init_avx1_calc_iv_loop
+ vmovdqu (%rsp), %xmm8
+ addq $16, %rsp
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm8, %xmm8
+ vpxor %xmm8, %xmm4, %xmm4
+ # ghash_gfmul_avx
+ vpshufd $0x4e, %xmm4, %xmm1
+ vpshufd $0x4e, %xmm5, %xmm2
+ vpclmulqdq $0x11, %xmm4, %xmm5, %xmm3
+ vpclmulqdq $0x00, %xmm4, %xmm5, %xmm0
+ vpxor %xmm4, %xmm1, %xmm1
+ vpxor %xmm5, %xmm2, %xmm2
+ vpclmulqdq $0x00, %xmm2, %xmm1, %xmm1
+ vpxor %xmm0, %xmm1, %xmm1
+ vpxor %xmm3, %xmm1, %xmm1
+ vmovdqa %xmm0, %xmm7
+ vmovdqa %xmm3, %xmm4
+ vpslldq $8, %xmm1, %xmm2
+ vpsrldq $8, %xmm1, %xmm1
+ vpxor %xmm2, %xmm7, %xmm7
+ vpxor %xmm1, %xmm4, %xmm4
+ vpsrld $31, %xmm7, %xmm0
+ vpsrld $31, %xmm4, %xmm1
+ vpslld $0x01, %xmm7, %xmm7
+ vpslld $0x01, %xmm4, %xmm4
+ vpsrldq $12, %xmm0, %xmm2
+ vpslldq $4, %xmm0, %xmm0
+ vpslldq $4, %xmm1, %xmm1
+ vpor %xmm2, %xmm4, %xmm4
+ vpor %xmm0, %xmm7, %xmm7
+ vpor %xmm1, %xmm4, %xmm4
+ vpslld $31, %xmm7, %xmm0
+ vpslld $30, %xmm7, %xmm1
+ vpslld $25, %xmm7, %xmm2
+ vpxor %xmm1, %xmm0, %xmm0
+ vpxor %xmm2, %xmm0, %xmm0
+ vmovdqa %xmm0, %xmm1
+ vpsrldq $4, %xmm1, %xmm1
+ vpslldq $12, %xmm0, %xmm0
+ vpxor %xmm0, %xmm7, %xmm7
+ vpsrld $0x01, %xmm7, %xmm2
+ vpsrld $2, %xmm7, %xmm3
+ vpsrld $7, %xmm7, %xmm0
+ vpxor %xmm3, %xmm2, %xmm2
+ vpxor %xmm0, %xmm2, %xmm2
+ vpxor %xmm1, %xmm2, %xmm2
+ vpxor %xmm7, %xmm2, %xmm2
+ vpxor %xmm2, %xmm4, %xmm4
+L_AES_GCM_init_avx1_calc_iv_done:
+ # T = Encrypt counter
+ vpxor %xmm0, %xmm0, %xmm0
+ shll $3, %edx
+ vpinsrq $0x00, %rdx, %xmm0, %xmm0
+ vpxor %xmm0, %xmm4, %xmm4
+ # ghash_gfmul_avx
+ vpshufd $0x4e, %xmm4, %xmm1
+ vpshufd $0x4e, %xmm5, %xmm2
+ vpclmulqdq $0x11, %xmm4, %xmm5, %xmm3
+ vpclmulqdq $0x00, %xmm4, %xmm5, %xmm0
+ vpxor %xmm4, %xmm1, %xmm1
+ vpxor %xmm5, %xmm2, %xmm2
+ vpclmulqdq $0x00, %xmm2, %xmm1, %xmm1
+ vpxor %xmm0, %xmm1, %xmm1
+ vpxor %xmm3, %xmm1, %xmm1
+ vmovdqa %xmm0, %xmm7
+ vmovdqa %xmm3, %xmm4
+ vpslldq $8, %xmm1, %xmm2
+ vpsrldq $8, %xmm1, %xmm1
+ vpxor %xmm2, %xmm7, %xmm7
+ vpxor %xmm1, %xmm4, %xmm4
+ vpsrld $31, %xmm7, %xmm0
+ vpsrld $31, %xmm4, %xmm1
+ vpslld $0x01, %xmm7, %xmm7
+ vpslld $0x01, %xmm4, %xmm4
+ vpsrldq $12, %xmm0, %xmm2
+ vpslldq $4, %xmm0, %xmm0
+ vpslldq $4, %xmm1, %xmm1
+ vpor %xmm2, %xmm4, %xmm4
+ vpor %xmm0, %xmm7, %xmm7
+ vpor %xmm1, %xmm4, %xmm4
+ vpslld $31, %xmm7, %xmm0
+ vpslld $30, %xmm7, %xmm1
+ vpslld $25, %xmm7, %xmm2
+ vpxor %xmm1, %xmm0, %xmm0
+ vpxor %xmm2, %xmm0, %xmm0
+ vmovdqa %xmm0, %xmm1
+ vpsrldq $4, %xmm1, %xmm1
+ vpslldq $12, %xmm0, %xmm0
+ vpxor %xmm0, %xmm7, %xmm7
+ vpsrld $0x01, %xmm7, %xmm2
+ vpsrld $2, %xmm7, %xmm3
+ vpsrld $7, %xmm7, %xmm0
+ vpxor %xmm3, %xmm2, %xmm2
+ vpxor %xmm0, %xmm2, %xmm2
+ vpxor %xmm1, %xmm2, %xmm2
+ vpxor %xmm7, %xmm2, %xmm2
+ vpxor %xmm2, %xmm4, %xmm4
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm4, %xmm4
+ # Encrypt counter
+ vmovdqa (%rdi), %xmm8
+ vpxor %xmm4, %xmm8, %xmm8
+ vaesenc 16(%rdi), %xmm8, %xmm8
+ vaesenc 32(%rdi), %xmm8, %xmm8
+ vaesenc 48(%rdi), %xmm8, %xmm8
+ vaesenc 64(%rdi), %xmm8, %xmm8
+ vaesenc 80(%rdi), %xmm8, %xmm8
+ vaesenc 96(%rdi), %xmm8, %xmm8
+ vaesenc 112(%rdi), %xmm8, %xmm8
+ vaesenc 128(%rdi), %xmm8, %xmm8
+ vaesenc 144(%rdi), %xmm8, %xmm8
+ cmpl $11, %esi
+ vmovdqa 160(%rdi), %xmm9
+ jl L_AES_GCM_init_avx1_calc_iv_2_aesenc_avx_last
+ vaesenc %xmm9, %xmm8, %xmm8
+ vaesenc 176(%rdi), %xmm8, %xmm8
+ cmpl $13, %esi
+ vmovdqa 192(%rdi), %xmm9
+ jl L_AES_GCM_init_avx1_calc_iv_2_aesenc_avx_last
+ vaesenc %xmm9, %xmm8, %xmm8
+ vaesenc 208(%rdi), %xmm8, %xmm8
+ vmovdqa 224(%rdi), %xmm9
+L_AES_GCM_init_avx1_calc_iv_2_aesenc_avx_last:
+ vaesenclast %xmm9, %xmm8, %xmm8
+ vmovdqa %xmm8, %xmm15
+L_AES_GCM_init_avx1_iv_done:
+ vmovdqa %xmm15, (%rax)
+ vpshufb L_avx1_aes_gcm_bswap_epi64(%rip), %xmm4, %xmm4
+ vpaddd L_avx1_aes_gcm_one(%rip), %xmm4, %xmm4
+ vmovdqa %xmm5, (%r8)
+ vmovdqa %xmm4, (%r9)
+ vzeroupper
+ addq $16, %rsp
+ popq %r13
+ popq %r12
+ repz retq
+#ifndef __APPLE__
+.size AES_GCM_init_avx1,.-AES_GCM_init_avx1
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl AES_GCM_aad_update_avx1
+.type AES_GCM_aad_update_avx1,@function
+.align 16
+AES_GCM_aad_update_avx1:
+#else
+.section __TEXT,__text
+.globl _AES_GCM_aad_update_avx1
+.p2align 4
+_AES_GCM_aad_update_avx1:
+#endif /* __APPLE__ */
+ movq %rcx, %rax
+ vmovdqa (%rdx), %xmm5
+ vmovdqa (%rax), %xmm6
+ xorl %ecx, %ecx
+L_AES_GCM_aad_update_avx1_16_loop:
+ vmovdqu (%rdi,%rcx,1), %xmm8
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm8, %xmm8
+ vpxor %xmm8, %xmm5, %xmm5
+ # ghash_gfmul_avx
+ vpshufd $0x4e, %xmm5, %xmm1
+ vpshufd $0x4e, %xmm6, %xmm2
+ vpclmulqdq $0x11, %xmm5, %xmm6, %xmm3
+ vpclmulqdq $0x00, %xmm5, %xmm6, %xmm0
+ vpxor %xmm5, %xmm1, %xmm1
+ vpxor %xmm6, %xmm2, %xmm2
+ vpclmulqdq $0x00, %xmm2, %xmm1, %xmm1
+ vpxor %xmm0, %xmm1, %xmm1
+ vpxor %xmm3, %xmm1, %xmm1
+ vmovdqa %xmm0, %xmm4
+ vmovdqa %xmm3, %xmm5
+ vpslldq $8, %xmm1, %xmm2
+ vpsrldq $8, %xmm1, %xmm1
+ vpxor %xmm2, %xmm4, %xmm4
+ vpxor %xmm1, %xmm5, %xmm5
+ vpsrld $31, %xmm4, %xmm0
+ vpsrld $31, %xmm5, %xmm1
+ vpslld $0x01, %xmm4, %xmm4
+ vpslld $0x01, %xmm5, %xmm5
+ vpsrldq $12, %xmm0, %xmm2
+ vpslldq $4, %xmm0, %xmm0
+ vpslldq $4, %xmm1, %xmm1
+ vpor %xmm2, %xmm5, %xmm5
+ vpor %xmm0, %xmm4, %xmm4
+ vpor %xmm1, %xmm5, %xmm5
+ vpslld $31, %xmm4, %xmm0
+ vpslld $30, %xmm4, %xmm1
+ vpslld $25, %xmm4, %xmm2
+ vpxor %xmm1, %xmm0, %xmm0
+ vpxor %xmm2, %xmm0, %xmm0
+ vmovdqa %xmm0, %xmm1
+ vpsrldq $4, %xmm1, %xmm1
+ vpslldq $12, %xmm0, %xmm0
+ vpxor %xmm0, %xmm4, %xmm4
+ vpsrld $0x01, %xmm4, %xmm2
+ vpsrld $2, %xmm4, %xmm3
+ vpsrld $7, %xmm4, %xmm0
+ vpxor %xmm3, %xmm2, %xmm2
+ vpxor %xmm0, %xmm2, %xmm2
+ vpxor %xmm1, %xmm2, %xmm2
+ vpxor %xmm4, %xmm2, %xmm2
+ vpxor %xmm2, %xmm5, %xmm5
+ addl $16, %ecx
+ cmpl %esi, %ecx
+ jl L_AES_GCM_aad_update_avx1_16_loop
+ vmovdqa %xmm5, (%rdx)
+ vzeroupper
+ repz retq
+#ifndef __APPLE__
+.size AES_GCM_aad_update_avx1,.-AES_GCM_aad_update_avx1
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl AES_GCM_encrypt_block_avx1
+.type AES_GCM_encrypt_block_avx1,@function
+.align 16
+AES_GCM_encrypt_block_avx1:
+#else
+.section __TEXT,__text
+.globl _AES_GCM_encrypt_block_avx1
+.p2align 4
+_AES_GCM_encrypt_block_avx1:
+#endif /* __APPLE__ */
+ movq %rdx, %r10
+ movq %rcx, %r11
+ vmovdqa (%r8), %xmm9
+ vpshufb L_avx1_aes_gcm_bswap_epi64(%rip), %xmm9, %xmm8
+ vpaddd L_avx1_aes_gcm_one(%rip), %xmm9, %xmm9
+ vmovdqa %xmm9, (%r8)
+ vpxor (%rdi), %xmm8, %xmm8
+ vaesenc 16(%rdi), %xmm8, %xmm8
+ vaesenc 32(%rdi), %xmm8, %xmm8
+ vaesenc 48(%rdi), %xmm8, %xmm8
+ vaesenc 64(%rdi), %xmm8, %xmm8
+ vaesenc 80(%rdi), %xmm8, %xmm8
+ vaesenc 96(%rdi), %xmm8, %xmm8
+ vaesenc 112(%rdi), %xmm8, %xmm8
+ vaesenc 128(%rdi), %xmm8, %xmm8
+ vaesenc 144(%rdi), %xmm8, %xmm8
+ cmpl $11, %esi
+ vmovdqa 160(%rdi), %xmm9
+ jl L_AES_GCM_encrypt_block_avx1_aesenc_block_last
+ vaesenc %xmm9, %xmm8, %xmm8
+ vaesenc 176(%rdi), %xmm8, %xmm8
+ cmpl $13, %esi
+ vmovdqa 192(%rdi), %xmm9
+ jl L_AES_GCM_encrypt_block_avx1_aesenc_block_last
+ vaesenc %xmm9, %xmm8, %xmm8
+ vaesenc 208(%rdi), %xmm8, %xmm8
+ vmovdqa 224(%rdi), %xmm9
+L_AES_GCM_encrypt_block_avx1_aesenc_block_last:
+ vaesenclast %xmm9, %xmm8, %xmm8
+ vmovdqu (%r11), %xmm9
+ vpxor %xmm9, %xmm8, %xmm8
+ vmovdqu %xmm8, (%r10)
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm8, %xmm8
+ vzeroupper
+ repz retq
+#ifndef __APPLE__
+.size AES_GCM_encrypt_block_avx1,.-AES_GCM_encrypt_block_avx1
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl AES_GCM_ghash_block_avx1
+.type AES_GCM_ghash_block_avx1,@function
+.align 16
+AES_GCM_ghash_block_avx1:
+#else
+.section __TEXT,__text
+.globl _AES_GCM_ghash_block_avx1
+.p2align 4
+_AES_GCM_ghash_block_avx1:
+#endif /* __APPLE__ */
+ vmovdqa (%rsi), %xmm4
+ vmovdqa (%rdx), %xmm5
+ vmovdqu (%rdi), %xmm8
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm8, %xmm8
+ vpxor %xmm8, %xmm4, %xmm4
+ # ghash_gfmul_avx
+ vpshufd $0x4e, %xmm4, %xmm1
+ vpshufd $0x4e, %xmm5, %xmm2
+ vpclmulqdq $0x11, %xmm4, %xmm5, %xmm3
+ vpclmulqdq $0x00, %xmm4, %xmm5, %xmm0
+ vpxor %xmm4, %xmm1, %xmm1
+ vpxor %xmm5, %xmm2, %xmm2
+ vpclmulqdq $0x00, %xmm2, %xmm1, %xmm1
+ vpxor %xmm0, %xmm1, %xmm1
+ vpxor %xmm3, %xmm1, %xmm1
+ vmovdqa %xmm0, %xmm6
+ vmovdqa %xmm3, %xmm4
+ vpslldq $8, %xmm1, %xmm2
+ vpsrldq $8, %xmm1, %xmm1
+ vpxor %xmm2, %xmm6, %xmm6
+ vpxor %xmm1, %xmm4, %xmm4
+ vpsrld $31, %xmm6, %xmm0
+ vpsrld $31, %xmm4, %xmm1
+ vpslld $0x01, %xmm6, %xmm6
+ vpslld $0x01, %xmm4, %xmm4
+ vpsrldq $12, %xmm0, %xmm2
+ vpslldq $4, %xmm0, %xmm0
+ vpslldq $4, %xmm1, %xmm1
+ vpor %xmm2, %xmm4, %xmm4
+ vpor %xmm0, %xmm6, %xmm6
+ vpor %xmm1, %xmm4, %xmm4
+ vpslld $31, %xmm6, %xmm0
+ vpslld $30, %xmm6, %xmm1
+ vpslld $25, %xmm6, %xmm2
+ vpxor %xmm1, %xmm0, %xmm0
+ vpxor %xmm2, %xmm0, %xmm0
+ vmovdqa %xmm0, %xmm1
+ vpsrldq $4, %xmm1, %xmm1
+ vpslldq $12, %xmm0, %xmm0
+ vpxor %xmm0, %xmm6, %xmm6
+ vpsrld $0x01, %xmm6, %xmm2
+ vpsrld $2, %xmm6, %xmm3
+ vpsrld $7, %xmm6, %xmm0
+ vpxor %xmm3, %xmm2, %xmm2
+ vpxor %xmm0, %xmm2, %xmm2
+ vpxor %xmm1, %xmm2, %xmm2
+ vpxor %xmm6, %xmm2, %xmm2
+ vpxor %xmm2, %xmm4, %xmm4
+ vmovdqa %xmm4, (%rsi)
+ vzeroupper
+ repz retq
+#ifndef __APPLE__
+.size AES_GCM_ghash_block_avx1,.-AES_GCM_ghash_block_avx1
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl AES_GCM_encrypt_update_avx1
+.type AES_GCM_encrypt_update_avx1,@function
+.align 16
+AES_GCM_encrypt_update_avx1:
+#else
+.section __TEXT,__text
+.globl _AES_GCM_encrypt_update_avx1
+.p2align 4
+_AES_GCM_encrypt_update_avx1:
+#endif /* __APPLE__ */
+ pushq %r13
+ pushq %r12
+ pushq %r14
+ movq %rdx, %r10
+ movq %rcx, %r11
+ movq 32(%rsp), %rax
+ movq 40(%rsp), %r12
+ subq $0xa0, %rsp
+ vmovdqa (%r9), %xmm6
+ vmovdqa (%rax), %xmm5
+ vpsrlq $63, %xmm5, %xmm9
+ vpsllq $0x01, %xmm5, %xmm8
+ vpslldq $8, %xmm9, %xmm9
+ vpor %xmm9, %xmm8, %xmm8
+ vpshufd $0xff, %xmm5, %xmm5
+ vpsrad $31, %xmm5, %xmm5
+ vpand L_avx1_aes_gcm_mod2_128(%rip), %xmm5, %xmm5
+ vpxor %xmm8, %xmm5, %xmm5
+ xorl %r14d, %r14d
+ cmpl $0x80, %r8d
+ movl %r8d, %r13d
+ jl L_AES_GCM_encrypt_update_avx1_done_128
+ andl $0xffffff80, %r13d
+ vmovdqa %xmm6, %xmm2
+ # H ^ 1
+ vmovdqa %xmm5, (%rsp)
+ # H ^ 2
+ vpclmulqdq $0x00, %xmm5, %xmm5, %xmm8
+ vpclmulqdq $0x11, %xmm5, %xmm5, %xmm0
+ vpslld $31, %xmm8, %xmm12
+ vpslld $30, %xmm8, %xmm13
+ vpslld $25, %xmm8, %xmm14
+ vpxor %xmm13, %xmm12, %xmm12
+ vpxor %xmm14, %xmm12, %xmm12
+ vpsrldq $4, %xmm12, %xmm13
+ vpslldq $12, %xmm12, %xmm12
+ vpxor %xmm12, %xmm8, %xmm8
+ vpsrld $0x01, %xmm8, %xmm14
+ vpsrld $2, %xmm8, %xmm10
+ vpsrld $7, %xmm8, %xmm9
+ vpxor %xmm10, %xmm14, %xmm14
+ vpxor %xmm9, %xmm14, %xmm14
+ vpxor %xmm13, %xmm14, %xmm14
+ vpxor %xmm8, %xmm14, %xmm14
+ vpxor %xmm14, %xmm0, %xmm0
+ vmovdqa %xmm0, 16(%rsp)
+ # H ^ 3
+ # ghash_gfmul_red_avx
+ vpshufd $0x4e, %xmm5, %xmm9
+ vpshufd $0x4e, %xmm0, %xmm10
+ vpclmulqdq $0x11, %xmm5, %xmm0, %xmm11
+ vpclmulqdq $0x00, %xmm5, %xmm0, %xmm8
+ vpxor %xmm5, %xmm9, %xmm9
+ vpxor %xmm0, %xmm10, %xmm10
+ vpclmulqdq $0x00, %xmm10, %xmm9, %xmm9
+ vpxor %xmm8, %xmm9, %xmm9
+ vpxor %xmm11, %xmm9, %xmm9
+ vpslldq $8, %xmm9, %xmm10
+ vpsrldq $8, %xmm9, %xmm9
+ vpxor %xmm10, %xmm8, %xmm8
+ vpxor %xmm9, %xmm11, %xmm1
+ vpslld $31, %xmm8, %xmm12
+ vpslld $30, %xmm8, %xmm13
+ vpslld $25, %xmm8, %xmm14
+ vpxor %xmm13, %xmm12, %xmm12
+ vpxor %xmm14, %xmm12, %xmm12
+ vpsrldq $4, %xmm12, %xmm13
+ vpslldq $12, %xmm12, %xmm12
+ vpxor %xmm12, %xmm8, %xmm8
+ vpsrld $0x01, %xmm8, %xmm14
+ vpsrld $2, %xmm8, %xmm10
+ vpsrld $7, %xmm8, %xmm9
+ vpxor %xmm10, %xmm14, %xmm14
+ vpxor %xmm9, %xmm14, %xmm14
+ vpxor %xmm13, %xmm14, %xmm14
+ vpxor %xmm8, %xmm14, %xmm14
+ vpxor %xmm14, %xmm1, %xmm1
+ vmovdqa %xmm1, 32(%rsp)
+ # H ^ 4
+ vpclmulqdq $0x00, %xmm0, %xmm0, %xmm8
+ vpclmulqdq $0x11, %xmm0, %xmm0, %xmm3
+ vpslld $31, %xmm8, %xmm12
+ vpslld $30, %xmm8, %xmm13
+ vpslld $25, %xmm8, %xmm14
+ vpxor %xmm13, %xmm12, %xmm12
+ vpxor %xmm14, %xmm12, %xmm12
+ vpsrldq $4, %xmm12, %xmm13
+ vpslldq $12, %xmm12, %xmm12
+ vpxor %xmm12, %xmm8, %xmm8
+ vpsrld $0x01, %xmm8, %xmm14
+ vpsrld $2, %xmm8, %xmm10
+ vpsrld $7, %xmm8, %xmm9
+ vpxor %xmm10, %xmm14, %xmm14
+ vpxor %xmm9, %xmm14, %xmm14
+ vpxor %xmm13, %xmm14, %xmm14
+ vpxor %xmm8, %xmm14, %xmm14
+ vpxor %xmm14, %xmm3, %xmm3
+ vmovdqa %xmm3, 48(%rsp)
+ # H ^ 5
+ # ghash_gfmul_red_avx
+ vpshufd $0x4e, %xmm0, %xmm9
+ vpshufd $0x4e, %xmm1, %xmm10
+ vpclmulqdq $0x11, %xmm0, %xmm1, %xmm11
+ vpclmulqdq $0x00, %xmm0, %xmm1, %xmm8
+ vpxor %xmm0, %xmm9, %xmm9
+ vpxor %xmm1, %xmm10, %xmm10
+ vpclmulqdq $0x00, %xmm10, %xmm9, %xmm9
+ vpxor %xmm8, %xmm9, %xmm9
+ vpxor %xmm11, %xmm9, %xmm9
+ vpslldq $8, %xmm9, %xmm10
+ vpsrldq $8, %xmm9, %xmm9
+ vpxor %xmm10, %xmm8, %xmm8
+ vpxor %xmm9, %xmm11, %xmm7
+ vpslld $31, %xmm8, %xmm12
+ vpslld $30, %xmm8, %xmm13
+ vpslld $25, %xmm8, %xmm14
+ vpxor %xmm13, %xmm12, %xmm12
+ vpxor %xmm14, %xmm12, %xmm12
+ vpsrldq $4, %xmm12, %xmm13
+ vpslldq $12, %xmm12, %xmm12
+ vpxor %xmm12, %xmm8, %xmm8
+ vpsrld $0x01, %xmm8, %xmm14
+ vpsrld $2, %xmm8, %xmm10
+ vpsrld $7, %xmm8, %xmm9
+ vpxor %xmm10, %xmm14, %xmm14
+ vpxor %xmm9, %xmm14, %xmm14
+ vpxor %xmm13, %xmm14, %xmm14
+ vpxor %xmm8, %xmm14, %xmm14
+ vpxor %xmm14, %xmm7, %xmm7
+ vmovdqa %xmm7, 64(%rsp)
+ # H ^ 6
+ vpclmulqdq $0x00, %xmm1, %xmm1, %xmm8
+ vpclmulqdq $0x11, %xmm1, %xmm1, %xmm7
+ vpslld $31, %xmm8, %xmm12
+ vpslld $30, %xmm8, %xmm13
+ vpslld $25, %xmm8, %xmm14
+ vpxor %xmm13, %xmm12, %xmm12
+ vpxor %xmm14, %xmm12, %xmm12
+ vpsrldq $4, %xmm12, %xmm13
+ vpslldq $12, %xmm12, %xmm12
+ vpxor %xmm12, %xmm8, %xmm8
+ vpsrld $0x01, %xmm8, %xmm14
+ vpsrld $2, %xmm8, %xmm10
+ vpsrld $7, %xmm8, %xmm9
+ vpxor %xmm10, %xmm14, %xmm14
+ vpxor %xmm9, %xmm14, %xmm14
+ vpxor %xmm13, %xmm14, %xmm14
+ vpxor %xmm8, %xmm14, %xmm14
+ vpxor %xmm14, %xmm7, %xmm7
+ vmovdqa %xmm7, 80(%rsp)
+ # H ^ 7
+ # ghash_gfmul_red_avx
+ vpshufd $0x4e, %xmm1, %xmm9
+ vpshufd $0x4e, %xmm3, %xmm10
+ vpclmulqdq $0x11, %xmm1, %xmm3, %xmm11
+ vpclmulqdq $0x00, %xmm1, %xmm3, %xmm8
+ vpxor %xmm1, %xmm9, %xmm9
+ vpxor %xmm3, %xmm10, %xmm10
+ vpclmulqdq $0x00, %xmm10, %xmm9, %xmm9
+ vpxor %xmm8, %xmm9, %xmm9
+ vpxor %xmm11, %xmm9, %xmm9
+ vpslldq $8, %xmm9, %xmm10
+ vpsrldq $8, %xmm9, %xmm9
+ vpxor %xmm10, %xmm8, %xmm8
+ vpxor %xmm9, %xmm11, %xmm7
+ vpslld $31, %xmm8, %xmm12
+ vpslld $30, %xmm8, %xmm13
+ vpslld $25, %xmm8, %xmm14
+ vpxor %xmm13, %xmm12, %xmm12
+ vpxor %xmm14, %xmm12, %xmm12
+ vpsrldq $4, %xmm12, %xmm13
+ vpslldq $12, %xmm12, %xmm12
+ vpxor %xmm12, %xmm8, %xmm8
+ vpsrld $0x01, %xmm8, %xmm14
+ vpsrld $2, %xmm8, %xmm10
+ vpsrld $7, %xmm8, %xmm9
+ vpxor %xmm10, %xmm14, %xmm14
+ vpxor %xmm9, %xmm14, %xmm14
+ vpxor %xmm13, %xmm14, %xmm14
+ vpxor %xmm8, %xmm14, %xmm14
+ vpxor %xmm14, %xmm7, %xmm7
+ vmovdqa %xmm7, 96(%rsp)
+ # H ^ 8
+ vpclmulqdq $0x00, %xmm3, %xmm3, %xmm8
+ vpclmulqdq $0x11, %xmm3, %xmm3, %xmm7
+ vpslld $31, %xmm8, %xmm12
+ vpslld $30, %xmm8, %xmm13
+ vpslld $25, %xmm8, %xmm14
+ vpxor %xmm13, %xmm12, %xmm12
+ vpxor %xmm14, %xmm12, %xmm12
+ vpsrldq $4, %xmm12, %xmm13
+ vpslldq $12, %xmm12, %xmm12
+ vpxor %xmm12, %xmm8, %xmm8
+ vpsrld $0x01, %xmm8, %xmm14
+ vpsrld $2, %xmm8, %xmm10
+ vpsrld $7, %xmm8, %xmm9
+ vpxor %xmm10, %xmm14, %xmm14
+ vpxor %xmm9, %xmm14, %xmm14
+ vpxor %xmm13, %xmm14, %xmm14
+ vpxor %xmm8, %xmm14, %xmm14
+ vpxor %xmm14, %xmm7, %xmm7
+ vmovdqa %xmm7, 112(%rsp)
+ # First 128 bytes of input
+ vmovdqa (%r12), %xmm0
+ vmovdqa L_avx1_aes_gcm_bswap_epi64(%rip), %xmm1
+ vpshufb %xmm1, %xmm0, %xmm8
+ vpaddd L_avx1_aes_gcm_one(%rip), %xmm0, %xmm9
+ vpshufb %xmm1, %xmm9, %xmm9
+ vpaddd L_avx1_aes_gcm_two(%rip), %xmm0, %xmm10
+ vpshufb %xmm1, %xmm10, %xmm10
+ vpaddd L_avx1_aes_gcm_three(%rip), %xmm0, %xmm11
+ vpshufb %xmm1, %xmm11, %xmm11
+ vpaddd L_avx1_aes_gcm_four(%rip), %xmm0, %xmm12
+ vpshufb %xmm1, %xmm12, %xmm12
+ vpaddd L_avx1_aes_gcm_five(%rip), %xmm0, %xmm13
+ vpshufb %xmm1, %xmm13, %xmm13
+ vpaddd L_avx1_aes_gcm_six(%rip), %xmm0, %xmm14
+ vpshufb %xmm1, %xmm14, %xmm14
+ vpaddd L_avx1_aes_gcm_seven(%rip), %xmm0, %xmm15
+ vpshufb %xmm1, %xmm15, %xmm15
+ vpaddd L_avx1_aes_gcm_eight(%rip), %xmm0, %xmm0
+ vmovdqa (%rdi), %xmm7
+ vmovdqa %xmm0, (%r12)
+ vpxor %xmm7, %xmm8, %xmm8
+ vpxor %xmm7, %xmm9, %xmm9
+ vpxor %xmm7, %xmm10, %xmm10
+ vpxor %xmm7, %xmm11, %xmm11
+ vpxor %xmm7, %xmm12, %xmm12
+ vpxor %xmm7, %xmm13, %xmm13
+ vpxor %xmm7, %xmm14, %xmm14
+ vpxor %xmm7, %xmm15, %xmm15
+ vmovdqa 16(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 32(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 48(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 64(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 80(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 96(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 112(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 128(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 144(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ cmpl $11, %esi
+ vmovdqa 160(%rdi), %xmm7
+ jl L_AES_GCM_encrypt_update_avx1_aesenc_128_enc_done
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 176(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ cmpl $13, %esi
+ vmovdqa 192(%rdi), %xmm7
+ jl L_AES_GCM_encrypt_update_avx1_aesenc_128_enc_done
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 208(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 224(%rdi), %xmm7
+L_AES_GCM_encrypt_update_avx1_aesenc_128_enc_done:
+ vaesenclast %xmm7, %xmm8, %xmm8
+ vaesenclast %xmm7, %xmm9, %xmm9
+ vmovdqu (%r11), %xmm0
+ vmovdqu 16(%r11), %xmm1
+ vpxor %xmm0, %xmm8, %xmm8
+ vpxor %xmm1, %xmm9, %xmm9
+ vmovdqu %xmm8, (%r10)
+ vmovdqu %xmm9, 16(%r10)
+ vaesenclast %xmm7, %xmm10, %xmm10
+ vaesenclast %xmm7, %xmm11, %xmm11
+ vmovdqu 32(%r11), %xmm0
+ vmovdqu 48(%r11), %xmm1
+ vpxor %xmm0, %xmm10, %xmm10
+ vpxor %xmm1, %xmm11, %xmm11
+ vmovdqu %xmm10, 32(%r10)
+ vmovdqu %xmm11, 48(%r10)
+ vaesenclast %xmm7, %xmm12, %xmm12
+ vaesenclast %xmm7, %xmm13, %xmm13
+ vmovdqu 64(%r11), %xmm0
+ vmovdqu 80(%r11), %xmm1
+ vpxor %xmm0, %xmm12, %xmm12
+ vpxor %xmm1, %xmm13, %xmm13
+ vmovdqu %xmm12, 64(%r10)
+ vmovdqu %xmm13, 80(%r10)
+ vaesenclast %xmm7, %xmm14, %xmm14
+ vaesenclast %xmm7, %xmm15, %xmm15
+ vmovdqu 96(%r11), %xmm0
+ vmovdqu 112(%r11), %xmm1
+ vpxor %xmm0, %xmm14, %xmm14
+ vpxor %xmm1, %xmm15, %xmm15
+ vmovdqu %xmm14, 96(%r10)
+ vmovdqu %xmm15, 112(%r10)
+ cmpl $0x80, %r13d
+ movl $0x80, %r14d
+ jle L_AES_GCM_encrypt_update_avx1_end_128
+ # More 128 bytes of input
+L_AES_GCM_encrypt_update_avx1_ghash_128:
+ leaq (%r11,%r14,1), %rcx
+ leaq (%r10,%r14,1), %rdx
+ vmovdqa (%r12), %xmm0
+ vmovdqa L_avx1_aes_gcm_bswap_epi64(%rip), %xmm1
+ vpshufb %xmm1, %xmm0, %xmm8
+ vpaddd L_avx1_aes_gcm_one(%rip), %xmm0, %xmm9
+ vpshufb %xmm1, %xmm9, %xmm9
+ vpaddd L_avx1_aes_gcm_two(%rip), %xmm0, %xmm10
+ vpshufb %xmm1, %xmm10, %xmm10
+ vpaddd L_avx1_aes_gcm_three(%rip), %xmm0, %xmm11
+ vpshufb %xmm1, %xmm11, %xmm11
+ vpaddd L_avx1_aes_gcm_four(%rip), %xmm0, %xmm12
+ vpshufb %xmm1, %xmm12, %xmm12
+ vpaddd L_avx1_aes_gcm_five(%rip), %xmm0, %xmm13
+ vpshufb %xmm1, %xmm13, %xmm13
+ vpaddd L_avx1_aes_gcm_six(%rip), %xmm0, %xmm14
+ vpshufb %xmm1, %xmm14, %xmm14
+ vpaddd L_avx1_aes_gcm_seven(%rip), %xmm0, %xmm15
+ vpshufb %xmm1, %xmm15, %xmm15
+ vpaddd L_avx1_aes_gcm_eight(%rip), %xmm0, %xmm0
+ vmovdqa (%rdi), %xmm7
+ vmovdqa %xmm0, (%r12)
+ vpxor %xmm7, %xmm8, %xmm8
+ vpxor %xmm7, %xmm9, %xmm9
+ vpxor %xmm7, %xmm10, %xmm10
+ vpxor %xmm7, %xmm11, %xmm11
+ vpxor %xmm7, %xmm12, %xmm12
+ vpxor %xmm7, %xmm13, %xmm13
+ vpxor %xmm7, %xmm14, %xmm14
+ vpxor %xmm7, %xmm15, %xmm15
+ vmovdqa 112(%rsp), %xmm7
+ vmovdqu -128(%rdx), %xmm0
+ vaesenc 16(%rdi), %xmm8, %xmm8
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
+ vpxor %xmm2, %xmm0, %xmm0
+ vpshufd $0x4e, %xmm7, %xmm1
+ vpshufd $0x4e, %xmm0, %xmm5
+ vpxor %xmm7, %xmm1, %xmm1
+ vpxor %xmm0, %xmm5, %xmm5
+ vpclmulqdq $0x11, %xmm7, %xmm0, %xmm3
+ vaesenc 16(%rdi), %xmm9, %xmm9
+ vaesenc 16(%rdi), %xmm10, %xmm10
+ vpclmulqdq $0x00, %xmm7, %xmm0, %xmm2
+ vaesenc 16(%rdi), %xmm11, %xmm11
+ vaesenc 16(%rdi), %xmm12, %xmm12
+ vpclmulqdq $0x00, %xmm5, %xmm1, %xmm1
+ vaesenc 16(%rdi), %xmm13, %xmm13
+ vaesenc 16(%rdi), %xmm14, %xmm14
+ vaesenc 16(%rdi), %xmm15, %xmm15
+ vpxor %xmm2, %xmm1, %xmm1
+ vpxor %xmm3, %xmm1, %xmm1
+ vmovdqa 96(%rsp), %xmm7
+ vmovdqu -112(%rdx), %xmm0
+ vpshufd $0x4e, %xmm7, %xmm4
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
+ vaesenc 32(%rdi), %xmm8, %xmm8
+ vpxor %xmm7, %xmm4, %xmm4
+ vpshufd $0x4e, %xmm0, %xmm5
+ vpxor %xmm0, %xmm5, %xmm5
+ vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6
+ vaesenc 32(%rdi), %xmm9, %xmm9
+ vaesenc 32(%rdi), %xmm10, %xmm10
+ vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7
+ vaesenc 32(%rdi), %xmm11, %xmm11
+ vaesenc 32(%rdi), %xmm12, %xmm12
+ vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4
+ vaesenc 32(%rdi), %xmm13, %xmm13
+ vaesenc 32(%rdi), %xmm14, %xmm14
+ vaesenc 32(%rdi), %xmm15, %xmm15
+ vpxor %xmm7, %xmm1, %xmm1
+ vpxor %xmm7, %xmm2, %xmm2
+ vpxor %xmm6, %xmm1, %xmm1
+ vpxor %xmm6, %xmm3, %xmm3
+ vpxor %xmm4, %xmm1, %xmm1
+ vmovdqa 80(%rsp), %xmm7
+ vmovdqu -96(%rdx), %xmm0
+ vpshufd $0x4e, %xmm7, %xmm4
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
+ vaesenc 48(%rdi), %xmm8, %xmm8
+ vpxor %xmm7, %xmm4, %xmm4
+ vpshufd $0x4e, %xmm0, %xmm5
+ vpxor %xmm0, %xmm5, %xmm5
+ vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6
+ vaesenc 48(%rdi), %xmm9, %xmm9
+ vaesenc 48(%rdi), %xmm10, %xmm10
+ vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7
+ vaesenc 48(%rdi), %xmm11, %xmm11
+ vaesenc 48(%rdi), %xmm12, %xmm12
+ vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4
+ vaesenc 48(%rdi), %xmm13, %xmm13
+ vaesenc 48(%rdi), %xmm14, %xmm14
+ vaesenc 48(%rdi), %xmm15, %xmm15
+ vpxor %xmm7, %xmm1, %xmm1
+ vpxor %xmm7, %xmm2, %xmm2
+ vpxor %xmm6, %xmm1, %xmm1
+ vpxor %xmm6, %xmm3, %xmm3
+ vpxor %xmm4, %xmm1, %xmm1
+ vmovdqa 64(%rsp), %xmm7
+ vmovdqu -80(%rdx), %xmm0
+ vpshufd $0x4e, %xmm7, %xmm4
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
+ vaesenc 64(%rdi), %xmm8, %xmm8
+ vpxor %xmm7, %xmm4, %xmm4
+ vpshufd $0x4e, %xmm0, %xmm5
+ vpxor %xmm0, %xmm5, %xmm5
+ vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6
+ vaesenc 64(%rdi), %xmm9, %xmm9
+ vaesenc 64(%rdi), %xmm10, %xmm10
+ vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7
+ vaesenc 64(%rdi), %xmm11, %xmm11
+ vaesenc 64(%rdi), %xmm12, %xmm12
+ vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4
+ vaesenc 64(%rdi), %xmm13, %xmm13
+ vaesenc 64(%rdi), %xmm14, %xmm14
+ vaesenc 64(%rdi), %xmm15, %xmm15
+ vpxor %xmm7, %xmm1, %xmm1
+ vpxor %xmm7, %xmm2, %xmm2
+ vpxor %xmm6, %xmm1, %xmm1
+ vpxor %xmm6, %xmm3, %xmm3
+ vpxor %xmm4, %xmm1, %xmm1
+ vmovdqa 48(%rsp), %xmm7
+ vmovdqu -64(%rdx), %xmm0
+ vpshufd $0x4e, %xmm7, %xmm4
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
+ vaesenc 80(%rdi), %xmm8, %xmm8
+ vpxor %xmm7, %xmm4, %xmm4
+ vpshufd $0x4e, %xmm0, %xmm5
+ vpxor %xmm0, %xmm5, %xmm5
+ vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6
+ vaesenc 80(%rdi), %xmm9, %xmm9
+ vaesenc 80(%rdi), %xmm10, %xmm10
+ vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7
+ vaesenc 80(%rdi), %xmm11, %xmm11
+ vaesenc 80(%rdi), %xmm12, %xmm12
+ vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4
+ vaesenc 80(%rdi), %xmm13, %xmm13
+ vaesenc 80(%rdi), %xmm14, %xmm14
+ vaesenc 80(%rdi), %xmm15, %xmm15
+ vpxor %xmm7, %xmm1, %xmm1
+ vpxor %xmm7, %xmm2, %xmm2
+ vpxor %xmm6, %xmm1, %xmm1
+ vpxor %xmm6, %xmm3, %xmm3
+ vpxor %xmm4, %xmm1, %xmm1
+ vmovdqa 32(%rsp), %xmm7
+ vmovdqu -48(%rdx), %xmm0
+ vpshufd $0x4e, %xmm7, %xmm4
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
+ vaesenc 96(%rdi), %xmm8, %xmm8
+ vpxor %xmm7, %xmm4, %xmm4
+ vpshufd $0x4e, %xmm0, %xmm5
+ vpxor %xmm0, %xmm5, %xmm5
+ vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6
+ vaesenc 96(%rdi), %xmm9, %xmm9
+ vaesenc 96(%rdi), %xmm10, %xmm10
+ vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7
+ vaesenc 96(%rdi), %xmm11, %xmm11
+ vaesenc 96(%rdi), %xmm12, %xmm12
+ vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4
+ vaesenc 96(%rdi), %xmm13, %xmm13
+ vaesenc 96(%rdi), %xmm14, %xmm14
+ vaesenc 96(%rdi), %xmm15, %xmm15
+ vpxor %xmm7, %xmm1, %xmm1
+ vpxor %xmm7, %xmm2, %xmm2
+ vpxor %xmm6, %xmm1, %xmm1
+ vpxor %xmm6, %xmm3, %xmm3
+ vpxor %xmm4, %xmm1, %xmm1
+ vmovdqa 16(%rsp), %xmm7
+ vmovdqu -32(%rdx), %xmm0
+ vpshufd $0x4e, %xmm7, %xmm4
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
+ vaesenc 112(%rdi), %xmm8, %xmm8
+ vpxor %xmm7, %xmm4, %xmm4
+ vpshufd $0x4e, %xmm0, %xmm5
+ vpxor %xmm0, %xmm5, %xmm5
+ vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6
+ vaesenc 112(%rdi), %xmm9, %xmm9
+ vaesenc 112(%rdi), %xmm10, %xmm10
+ vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7
+ vaesenc 112(%rdi), %xmm11, %xmm11
+ vaesenc 112(%rdi), %xmm12, %xmm12
+ vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4
+ vaesenc 112(%rdi), %xmm13, %xmm13
+ vaesenc 112(%rdi), %xmm14, %xmm14
+ vaesenc 112(%rdi), %xmm15, %xmm15
+ vpxor %xmm7, %xmm1, %xmm1
+ vpxor %xmm7, %xmm2, %xmm2
+ vpxor %xmm6, %xmm1, %xmm1
+ vpxor %xmm6, %xmm3, %xmm3
+ vpxor %xmm4, %xmm1, %xmm1
+ vmovdqa (%rsp), %xmm7
+ vmovdqu -16(%rdx), %xmm0
+ vpshufd $0x4e, %xmm7, %xmm4
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
+ vaesenc 128(%rdi), %xmm8, %xmm8
+ vpxor %xmm7, %xmm4, %xmm4
+ vpshufd $0x4e, %xmm0, %xmm5
+ vpxor %xmm0, %xmm5, %xmm5
+ vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6
+ vaesenc 128(%rdi), %xmm9, %xmm9
+ vaesenc 128(%rdi), %xmm10, %xmm10
+ vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7
+ vaesenc 128(%rdi), %xmm11, %xmm11
+ vaesenc 128(%rdi), %xmm12, %xmm12
+ vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4
+ vaesenc 128(%rdi), %xmm13, %xmm13
+ vaesenc 128(%rdi), %xmm14, %xmm14
+ vaesenc 128(%rdi), %xmm15, %xmm15
+ vpxor %xmm7, %xmm1, %xmm1
+ vpxor %xmm7, %xmm2, %xmm2
+ vpxor %xmm6, %xmm1, %xmm1
+ vpxor %xmm6, %xmm3, %xmm3
+ vpxor %xmm4, %xmm1, %xmm1
+ vpslldq $8, %xmm1, %xmm5
+ vpsrldq $8, %xmm1, %xmm1
+ vaesenc 144(%rdi), %xmm8, %xmm8
+ vpxor %xmm5, %xmm2, %xmm2
+ vpxor %xmm1, %xmm3, %xmm3
+ vaesenc 144(%rdi), %xmm9, %xmm9
+ vpslld $31, %xmm2, %xmm7
+ vpslld $30, %xmm2, %xmm4
+ vpslld $25, %xmm2, %xmm5
+ vaesenc 144(%rdi), %xmm10, %xmm10
+ vpxor %xmm4, %xmm7, %xmm7
+ vpxor %xmm5, %xmm7, %xmm7
+ vaesenc 144(%rdi), %xmm11, %xmm11
+ vpsrldq $4, %xmm7, %xmm4
+ vpslldq $12, %xmm7, %xmm7
+ vaesenc 144(%rdi), %xmm12, %xmm12
+ vpxor %xmm7, %xmm2, %xmm2
+ vpsrld $0x01, %xmm2, %xmm5
+ vaesenc 144(%rdi), %xmm13, %xmm13
+ vpsrld $2, %xmm2, %xmm1
+ vpsrld $7, %xmm2, %xmm0
+ vaesenc 144(%rdi), %xmm14, %xmm14
+ vpxor %xmm1, %xmm5, %xmm5
+ vpxor %xmm0, %xmm5, %xmm5
+ vaesenc 144(%rdi), %xmm15, %xmm15
+ vpxor %xmm4, %xmm5, %xmm5
+ vpxor %xmm5, %xmm2, %xmm2
+ vpxor %xmm3, %xmm2, %xmm2
+ cmpl $11, %esi
+ vmovdqa 160(%rdi), %xmm7
+ jl L_AES_GCM_encrypt_update_avx1_aesenc_128_ghash_avx_done
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 176(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ cmpl $13, %esi
+ vmovdqa 192(%rdi), %xmm7
+ jl L_AES_GCM_encrypt_update_avx1_aesenc_128_ghash_avx_done
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 208(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 224(%rdi), %xmm7
+L_AES_GCM_encrypt_update_avx1_aesenc_128_ghash_avx_done:
+ vaesenclast %xmm7, %xmm8, %xmm8
+ vaesenclast %xmm7, %xmm9, %xmm9
+ vmovdqu (%rcx), %xmm0
+ vmovdqu 16(%rcx), %xmm1
+ vpxor %xmm0, %xmm8, %xmm8
+ vpxor %xmm1, %xmm9, %xmm9
+ vmovdqu %xmm8, (%rdx)
+ vmovdqu %xmm9, 16(%rdx)
+ vaesenclast %xmm7, %xmm10, %xmm10
+ vaesenclast %xmm7, %xmm11, %xmm11
+ vmovdqu 32(%rcx), %xmm0
+ vmovdqu 48(%rcx), %xmm1
+ vpxor %xmm0, %xmm10, %xmm10
+ vpxor %xmm1, %xmm11, %xmm11
+ vmovdqu %xmm10, 32(%rdx)
+ vmovdqu %xmm11, 48(%rdx)
+ vaesenclast %xmm7, %xmm12, %xmm12
+ vaesenclast %xmm7, %xmm13, %xmm13
+ vmovdqu 64(%rcx), %xmm0
+ vmovdqu 80(%rcx), %xmm1
+ vpxor %xmm0, %xmm12, %xmm12
+ vpxor %xmm1, %xmm13, %xmm13
+ vmovdqu %xmm12, 64(%rdx)
+ vmovdqu %xmm13, 80(%rdx)
+ vaesenclast %xmm7, %xmm14, %xmm14
+ vaesenclast %xmm7, %xmm15, %xmm15
+ vmovdqu 96(%rcx), %xmm0
+ vmovdqu 112(%rcx), %xmm1
+ vpxor %xmm0, %xmm14, %xmm14
+ vpxor %xmm1, %xmm15, %xmm15
+ vmovdqu %xmm14, 96(%rdx)
+ vmovdqu %xmm15, 112(%rdx)
+ addl $0x80, %r14d
+ cmpl %r13d, %r14d
+ jl L_AES_GCM_encrypt_update_avx1_ghash_128
+L_AES_GCM_encrypt_update_avx1_end_128:
+ vmovdqa L_avx1_aes_gcm_bswap_mask(%rip), %xmm4
+ vpshufb %xmm4, %xmm8, %xmm8
+ vpshufb %xmm4, %xmm9, %xmm9
+ vpshufb %xmm4, %xmm10, %xmm10
+ vpshufb %xmm4, %xmm11, %xmm11
+ vpxor %xmm2, %xmm8, %xmm8
+ vpshufb %xmm4, %xmm12, %xmm12
+ vpshufb %xmm4, %xmm13, %xmm13
+ vpshufb %xmm4, %xmm14, %xmm14
+ vpshufb %xmm4, %xmm15, %xmm15
+ vmovdqa (%rsp), %xmm7
+ vmovdqa 16(%rsp), %xmm5
+ # ghash_gfmul_avx
+ vpshufd $0x4e, %xmm15, %xmm1
+ vpshufd $0x4e, %xmm7, %xmm2
+ vpclmulqdq $0x11, %xmm15, %xmm7, %xmm3
+ vpclmulqdq $0x00, %xmm15, %xmm7, %xmm0
+ vpxor %xmm15, %xmm1, %xmm1
+ vpxor %xmm7, %xmm2, %xmm2
+ vpclmulqdq $0x00, %xmm2, %xmm1, %xmm1
+ vpxor %xmm0, %xmm1, %xmm1
+ vpxor %xmm3, %xmm1, %xmm1
+ vmovdqa %xmm0, %xmm4
+ vmovdqa %xmm3, %xmm6
+ vpslldq $8, %xmm1, %xmm2
+ vpsrldq $8, %xmm1, %xmm1
+ vpxor %xmm2, %xmm4, %xmm4
+ vpxor %xmm1, %xmm6, %xmm6
+ # ghash_gfmul_xor_avx
+ vpshufd $0x4e, %xmm14, %xmm1
+ vpshufd $0x4e, %xmm5, %xmm2
+ vpclmulqdq $0x11, %xmm14, %xmm5, %xmm3
+ vpclmulqdq $0x00, %xmm14, %xmm5, %xmm0
+ vpxor %xmm14, %xmm1, %xmm1
+ vpxor %xmm5, %xmm2, %xmm2
+ vpclmulqdq $0x00, %xmm2, %xmm1, %xmm1
+ vpxor %xmm0, %xmm1, %xmm1
+ vpxor %xmm3, %xmm1, %xmm1
+ vpxor %xmm0, %xmm4, %xmm4
+ vpxor %xmm3, %xmm6, %xmm6
+ vpslldq $8, %xmm1, %xmm2
+ vpsrldq $8, %xmm1, %xmm1
+ vpxor %xmm2, %xmm4, %xmm4
+ vpxor %xmm1, %xmm6, %xmm6
+ vmovdqa 32(%rsp), %xmm7
+ vmovdqa 48(%rsp), %xmm5
+ # ghash_gfmul_xor_avx
+ vpshufd $0x4e, %xmm13, %xmm1
+ vpshufd $0x4e, %xmm7, %xmm2
+ vpclmulqdq $0x11, %xmm13, %xmm7, %xmm3
+ vpclmulqdq $0x00, %xmm13, %xmm7, %xmm0
+ vpxor %xmm13, %xmm1, %xmm1
+ vpxor %xmm7, %xmm2, %xmm2
+ vpclmulqdq $0x00, %xmm2, %xmm1, %xmm1
+ vpxor %xmm0, %xmm1, %xmm1
+ vpxor %xmm3, %xmm1, %xmm1
+ vpxor %xmm0, %xmm4, %xmm4
+ vpxor %xmm3, %xmm6, %xmm6
+ vpslldq $8, %xmm1, %xmm2
+ vpsrldq $8, %xmm1, %xmm1
+ vpxor %xmm2, %xmm4, %xmm4
+ vpxor %xmm1, %xmm6, %xmm6
+ # ghash_gfmul_xor_avx
+ vpshufd $0x4e, %xmm12, %xmm1
+ vpshufd $0x4e, %xmm5, %xmm2
+ vpclmulqdq $0x11, %xmm12, %xmm5, %xmm3
+ vpclmulqdq $0x00, %xmm12, %xmm5, %xmm0
+ vpxor %xmm12, %xmm1, %xmm1
+ vpxor %xmm5, %xmm2, %xmm2
+ vpclmulqdq $0x00, %xmm2, %xmm1, %xmm1
+ vpxor %xmm0, %xmm1, %xmm1
+ vpxor %xmm3, %xmm1, %xmm1
+ vpxor %xmm0, %xmm4, %xmm4
+ vpxor %xmm3, %xmm6, %xmm6
+ vpslldq $8, %xmm1, %xmm2
+ vpsrldq $8, %xmm1, %xmm1
+ vpxor %xmm2, %xmm4, %xmm4
+ vpxor %xmm1, %xmm6, %xmm6
+ vmovdqa 64(%rsp), %xmm7
+ vmovdqa 80(%rsp), %xmm5
+ # ghash_gfmul_xor_avx
+ vpshufd $0x4e, %xmm11, %xmm1
+ vpshufd $0x4e, %xmm7, %xmm2
+ vpclmulqdq $0x11, %xmm11, %xmm7, %xmm3
+ vpclmulqdq $0x00, %xmm11, %xmm7, %xmm0
+ vpxor %xmm11, %xmm1, %xmm1
+ vpxor %xmm7, %xmm2, %xmm2
+ vpclmulqdq $0x00, %xmm2, %xmm1, %xmm1
+ vpxor %xmm0, %xmm1, %xmm1
+ vpxor %xmm3, %xmm1, %xmm1
+ vpxor %xmm0, %xmm4, %xmm4
+ vpxor %xmm3, %xmm6, %xmm6
+ vpslldq $8, %xmm1, %xmm2
+ vpsrldq $8, %xmm1, %xmm1
+ vpxor %xmm2, %xmm4, %xmm4
+ vpxor %xmm1, %xmm6, %xmm6
+ # ghash_gfmul_xor_avx
+ vpshufd $0x4e, %xmm10, %xmm1
+ vpshufd $0x4e, %xmm5, %xmm2
+ vpclmulqdq $0x11, %xmm10, %xmm5, %xmm3
+ vpclmulqdq $0x00, %xmm10, %xmm5, %xmm0
+ vpxor %xmm10, %xmm1, %xmm1
+ vpxor %xmm5, %xmm2, %xmm2
+ vpclmulqdq $0x00, %xmm2, %xmm1, %xmm1
+ vpxor %xmm0, %xmm1, %xmm1
+ vpxor %xmm3, %xmm1, %xmm1
+ vpxor %xmm0, %xmm4, %xmm4
+ vpxor %xmm3, %xmm6, %xmm6
+ vpslldq $8, %xmm1, %xmm2
+ vpsrldq $8, %xmm1, %xmm1
+ vpxor %xmm2, %xmm4, %xmm4
+ vpxor %xmm1, %xmm6, %xmm6
+ vmovdqa 96(%rsp), %xmm7
+ vmovdqa 112(%rsp), %xmm5
+ # ghash_gfmul_xor_avx
+ vpshufd $0x4e, %xmm9, %xmm1
+ vpshufd $0x4e, %xmm7, %xmm2
+ vpclmulqdq $0x11, %xmm9, %xmm7, %xmm3
+ vpclmulqdq $0x00, %xmm9, %xmm7, %xmm0
+ vpxor %xmm9, %xmm1, %xmm1
+ vpxor %xmm7, %xmm2, %xmm2
+ vpclmulqdq $0x00, %xmm2, %xmm1, %xmm1
+ vpxor %xmm0, %xmm1, %xmm1
+ vpxor %xmm3, %xmm1, %xmm1
+ vpxor %xmm0, %xmm4, %xmm4
+ vpxor %xmm3, %xmm6, %xmm6
+ vpslldq $8, %xmm1, %xmm2
+ vpsrldq $8, %xmm1, %xmm1
+ vpxor %xmm2, %xmm4, %xmm4
+ vpxor %xmm1, %xmm6, %xmm6
+ # ghash_gfmul_xor_avx
+ vpshufd $0x4e, %xmm8, %xmm1
+ vpshufd $0x4e, %xmm5, %xmm2
+ vpclmulqdq $0x11, %xmm8, %xmm5, %xmm3
+ vpclmulqdq $0x00, %xmm8, %xmm5, %xmm0
+ vpxor %xmm8, %xmm1, %xmm1
+ vpxor %xmm5, %xmm2, %xmm2
+ vpclmulqdq $0x00, %xmm2, %xmm1, %xmm1
+ vpxor %xmm0, %xmm1, %xmm1
+ vpxor %xmm3, %xmm1, %xmm1
+ vpxor %xmm0, %xmm4, %xmm4
+ vpxor %xmm3, %xmm6, %xmm6
+ vpslldq $8, %xmm1, %xmm2
+ vpsrldq $8, %xmm1, %xmm1
+ vpxor %xmm2, %xmm4, %xmm4
+ vpxor %xmm1, %xmm6, %xmm6
+ vpslld $31, %xmm4, %xmm0
+ vpslld $30, %xmm4, %xmm1
+ vpslld $25, %xmm4, %xmm2
+ vpxor %xmm1, %xmm0, %xmm0
+ vpxor %xmm2, %xmm0, %xmm0
+ vmovdqa %xmm0, %xmm1
+ vpsrldq $4, %xmm1, %xmm1
+ vpslldq $12, %xmm0, %xmm0
+ vpxor %xmm0, %xmm4, %xmm4
+ vpsrld $0x01, %xmm4, %xmm2
+ vpsrld $2, %xmm4, %xmm3
+ vpsrld $7, %xmm4, %xmm0
+ vpxor %xmm3, %xmm2, %xmm2
+ vpxor %xmm0, %xmm2, %xmm2
+ vpxor %xmm1, %xmm2, %xmm2
+ vpxor %xmm4, %xmm2, %xmm2
+ vpxor %xmm2, %xmm6, %xmm6
+ vmovdqa (%rsp), %xmm5
+L_AES_GCM_encrypt_update_avx1_done_128:
+ movl %r8d, %edx
+ cmpl %edx, %r14d
+ jge L_AES_GCM_encrypt_update_avx1_done_enc
+ movl %r8d, %r13d
+ andl $0xfffffff0, %r13d
+ cmpl %r13d, %r14d
+ jge L_AES_GCM_encrypt_update_avx1_last_block_done
+ vmovdqa (%r12), %xmm9
+ vpshufb L_avx1_aes_gcm_bswap_epi64(%rip), %xmm9, %xmm8
+ vpaddd L_avx1_aes_gcm_one(%rip), %xmm9, %xmm9
+ vmovdqa %xmm9, (%r12)
+ vpxor (%rdi), %xmm8, %xmm8
+ vaesenc 16(%rdi), %xmm8, %xmm8
+ vaesenc 32(%rdi), %xmm8, %xmm8
+ vaesenc 48(%rdi), %xmm8, %xmm8
+ vaesenc 64(%rdi), %xmm8, %xmm8
+ vaesenc 80(%rdi), %xmm8, %xmm8
+ vaesenc 96(%rdi), %xmm8, %xmm8
+ vaesenc 112(%rdi), %xmm8, %xmm8
+ vaesenc 128(%rdi), %xmm8, %xmm8
+ vaesenc 144(%rdi), %xmm8, %xmm8
+ cmpl $11, %esi
+ vmovdqa 160(%rdi), %xmm9
+ jl L_AES_GCM_encrypt_update_avx1_aesenc_block_last
+ vaesenc %xmm9, %xmm8, %xmm8
+ vaesenc 176(%rdi), %xmm8, %xmm8
+ cmpl $13, %esi
+ vmovdqa 192(%rdi), %xmm9
+ jl L_AES_GCM_encrypt_update_avx1_aesenc_block_last
+ vaesenc %xmm9, %xmm8, %xmm8
+ vaesenc 208(%rdi), %xmm8, %xmm8
+ vmovdqa 224(%rdi), %xmm9
+L_AES_GCM_encrypt_update_avx1_aesenc_block_last:
+ vaesenclast %xmm9, %xmm8, %xmm8
+ vmovdqu (%r11,%r14,1), %xmm9
+ vpxor %xmm9, %xmm8, %xmm8
+ vmovdqu %xmm8, (%r10,%r14,1)
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm8, %xmm8
+ vpxor %xmm8, %xmm6, %xmm6
+ addl $16, %r14d
+ cmpl %r13d, %r14d
+ jge L_AES_GCM_encrypt_update_avx1_last_block_ghash
+L_AES_GCM_encrypt_update_avx1_last_block_start:
+ vmovdqu (%r11,%r14,1), %xmm13
+ vmovdqa (%r12), %xmm9
+ vpshufb L_avx1_aes_gcm_bswap_epi64(%rip), %xmm9, %xmm8
+ vpaddd L_avx1_aes_gcm_one(%rip), %xmm9, %xmm9
+ vmovdqa %xmm9, (%r12)
+ vpxor (%rdi), %xmm8, %xmm8
+ vpclmulqdq $16, %xmm5, %xmm6, %xmm10
+ vaesenc 16(%rdi), %xmm8, %xmm8
+ vaesenc 32(%rdi), %xmm8, %xmm8
+ vpclmulqdq $0x01, %xmm5, %xmm6, %xmm11
+ vaesenc 48(%rdi), %xmm8, %xmm8
+ vaesenc 64(%rdi), %xmm8, %xmm8
+ vpclmulqdq $0x00, %xmm5, %xmm6, %xmm12
+ vaesenc 80(%rdi), %xmm8, %xmm8
+ vpclmulqdq $0x11, %xmm5, %xmm6, %xmm1
+ vaesenc 96(%rdi), %xmm8, %xmm8
+ vpxor %xmm11, %xmm10, %xmm10
+ vpslldq $8, %xmm10, %xmm2
+ vpsrldq $8, %xmm10, %xmm10
+ vaesenc 112(%rdi), %xmm8, %xmm8
+ vpxor %xmm12, %xmm2, %xmm2
+ vpxor %xmm10, %xmm1, %xmm3
+ vmovdqa L_avx1_aes_gcm_mod2_128(%rip), %xmm0
+ vpclmulqdq $16, %xmm0, %xmm2, %xmm11
+ vaesenc 128(%rdi), %xmm8, %xmm8
+ vpshufd $0x4e, %xmm2, %xmm10
+ vpxor %xmm11, %xmm10, %xmm10
+ vpclmulqdq $16, %xmm0, %xmm10, %xmm11
+ vaesenc 144(%rdi), %xmm8, %xmm8
+ vpshufd $0x4e, %xmm10, %xmm10
+ vpxor %xmm11, %xmm10, %xmm10
+ vpxor %xmm3, %xmm10, %xmm6
+ cmpl $11, %esi
+ vmovdqa 160(%rdi), %xmm9
+ jl L_AES_GCM_encrypt_update_avx1_aesenc_gfmul_last
+ vaesenc %xmm9, %xmm8, %xmm8
+ vaesenc 176(%rdi), %xmm8, %xmm8
+ cmpl $13, %esi
+ vmovdqa 192(%rdi), %xmm9
+ jl L_AES_GCM_encrypt_update_avx1_aesenc_gfmul_last
+ vaesenc %xmm9, %xmm8, %xmm8
+ vaesenc 208(%rdi), %xmm8, %xmm8
+ vmovdqa 224(%rdi), %xmm9
+L_AES_GCM_encrypt_update_avx1_aesenc_gfmul_last:
+ vaesenclast %xmm9, %xmm8, %xmm8
+ vmovdqa %xmm13, %xmm0
+ vpxor %xmm0, %xmm8, %xmm8
+ vmovdqu %xmm8, (%r10,%r14,1)
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm8, %xmm8
+ addl $16, %r14d
+ vpxor %xmm8, %xmm6, %xmm6
+ cmpl %r13d, %r14d
+ jl L_AES_GCM_encrypt_update_avx1_last_block_start
+L_AES_GCM_encrypt_update_avx1_last_block_ghash:
+ # ghash_gfmul_red_avx
+ vpshufd $0x4e, %xmm5, %xmm9
+ vpshufd $0x4e, %xmm6, %xmm10
+ vpclmulqdq $0x11, %xmm5, %xmm6, %xmm11
+ vpclmulqdq $0x00, %xmm5, %xmm6, %xmm8
+ vpxor %xmm5, %xmm9, %xmm9
+ vpxor %xmm6, %xmm10, %xmm10
+ vpclmulqdq $0x00, %xmm10, %xmm9, %xmm9
+ vpxor %xmm8, %xmm9, %xmm9
+ vpxor %xmm11, %xmm9, %xmm9
+ vpslldq $8, %xmm9, %xmm10
+ vpsrldq $8, %xmm9, %xmm9
+ vpxor %xmm10, %xmm8, %xmm8
+ vpxor %xmm9, %xmm11, %xmm6
+ vpslld $31, %xmm8, %xmm12
+ vpslld $30, %xmm8, %xmm13
+ vpslld $25, %xmm8, %xmm14
+ vpxor %xmm13, %xmm12, %xmm12
+ vpxor %xmm14, %xmm12, %xmm12
+ vpsrldq $4, %xmm12, %xmm13
+ vpslldq $12, %xmm12, %xmm12
+ vpxor %xmm12, %xmm8, %xmm8
+ vpsrld $0x01, %xmm8, %xmm14
+ vpsrld $2, %xmm8, %xmm10
+ vpsrld $7, %xmm8, %xmm9
+ vpxor %xmm10, %xmm14, %xmm14
+ vpxor %xmm9, %xmm14, %xmm14
+ vpxor %xmm13, %xmm14, %xmm14
+ vpxor %xmm8, %xmm14, %xmm14
+ vpxor %xmm14, %xmm6, %xmm6
+L_AES_GCM_encrypt_update_avx1_last_block_done:
+L_AES_GCM_encrypt_update_avx1_done_enc:
+ vmovdqa %xmm6, (%r9)
+ vzeroupper
+ addq $0xa0, %rsp
+ popq %r14
+ popq %r12
+ popq %r13
+ repz retq
+#ifndef __APPLE__
+.size AES_GCM_encrypt_update_avx1,.-AES_GCM_encrypt_update_avx1
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl AES_GCM_encrypt_final_avx1
+.type AES_GCM_encrypt_final_avx1,@function
+.align 16
+AES_GCM_encrypt_final_avx1:
+#else
+.section __TEXT,__text
+.globl _AES_GCM_encrypt_final_avx1
+.p2align 4
+_AES_GCM_encrypt_final_avx1:
+#endif /* __APPLE__ */
+ pushq %r13
+ movq %rdx, %rax
+ movl %ecx, %r10d
+ movl %r8d, %r11d
+ movq 16(%rsp), %r8
+ subq $16, %rsp
+ vmovdqa (%rdi), %xmm4
+ vmovdqa (%r9), %xmm5
+ vmovdqa (%r8), %xmm6
+ vpsrlq $63, %xmm5, %xmm9
+ vpsllq $0x01, %xmm5, %xmm8
+ vpslldq $8, %xmm9, %xmm9
+ vpor %xmm9, %xmm8, %xmm8
+ vpshufd $0xff, %xmm5, %xmm5
+ vpsrad $31, %xmm5, %xmm5
+ vpand L_avx1_aes_gcm_mod2_128(%rip), %xmm5, %xmm5
+ vpxor %xmm8, %xmm5, %xmm5
+ movl %r10d, %edx
+ movl %r11d, %ecx
+ shlq $3, %rdx
+ shlq $3, %rcx
+ vpinsrq $0x00, %rdx, %xmm0, %xmm0
+ vpinsrq $0x01, %rcx, %xmm0, %xmm0
+ vpxor %xmm0, %xmm4, %xmm4
+ # ghash_gfmul_red_avx
+ vpshufd $0x4e, %xmm5, %xmm9
+ vpshufd $0x4e, %xmm4, %xmm10
+ vpclmulqdq $0x11, %xmm5, %xmm4, %xmm11
+ vpclmulqdq $0x00, %xmm5, %xmm4, %xmm8
+ vpxor %xmm5, %xmm9, %xmm9
+ vpxor %xmm4, %xmm10, %xmm10
+ vpclmulqdq $0x00, %xmm10, %xmm9, %xmm9
+ vpxor %xmm8, %xmm9, %xmm9
+ vpxor %xmm11, %xmm9, %xmm9
+ vpslldq $8, %xmm9, %xmm10
+ vpsrldq $8, %xmm9, %xmm9
+ vpxor %xmm10, %xmm8, %xmm8
+ vpxor %xmm9, %xmm11, %xmm4
+ vpslld $31, %xmm8, %xmm12
+ vpslld $30, %xmm8, %xmm13
+ vpslld $25, %xmm8, %xmm14
+ vpxor %xmm13, %xmm12, %xmm12
+ vpxor %xmm14, %xmm12, %xmm12
+ vpsrldq $4, %xmm12, %xmm13
+ vpslldq $12, %xmm12, %xmm12
+ vpxor %xmm12, %xmm8, %xmm8
+ vpsrld $0x01, %xmm8, %xmm14
+ vpsrld $2, %xmm8, %xmm10
+ vpsrld $7, %xmm8, %xmm9
+ vpxor %xmm10, %xmm14, %xmm14
+ vpxor %xmm9, %xmm14, %xmm14
+ vpxor %xmm13, %xmm14, %xmm14
+ vpxor %xmm8, %xmm14, %xmm14
+ vpxor %xmm14, %xmm4, %xmm4
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm4, %xmm4
+ vpxor %xmm6, %xmm4, %xmm0
+ cmpl $16, %eax
+ je L_AES_GCM_encrypt_final_avx1_store_tag_16
+ xorq %rcx, %rcx
+ vmovdqu %xmm0, (%rsp)
+L_AES_GCM_encrypt_final_avx1_store_tag_loop:
+ movzbl (%rsp,%rcx,1), %r13d
+ movb %r13b, (%rsi,%rcx,1)
+ incl %ecx
+ cmpl %eax, %ecx
+ jne L_AES_GCM_encrypt_final_avx1_store_tag_loop
+ jmp L_AES_GCM_encrypt_final_avx1_store_tag_done
+L_AES_GCM_encrypt_final_avx1_store_tag_16:
+ vmovdqu %xmm0, (%rsi)
+L_AES_GCM_encrypt_final_avx1_store_tag_done:
+ vzeroupper
+ addq $16, %rsp
+ popq %r13
+ repz retq
+#ifndef __APPLE__
+.size AES_GCM_encrypt_final_avx1,.-AES_GCM_encrypt_final_avx1
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl AES_GCM_decrypt_update_avx1
+.type AES_GCM_decrypt_update_avx1,@function
+.align 16
+AES_GCM_decrypt_update_avx1:
+#else
+.section __TEXT,__text
+.globl _AES_GCM_decrypt_update_avx1
+.p2align 4
+_AES_GCM_decrypt_update_avx1:
+#endif /* __APPLE__ */
+ pushq %r13
+ pushq %r12
+ pushq %r14
+ movq %rdx, %r10
+ movq %rcx, %r11
+ movq 32(%rsp), %rax
+ movq 40(%rsp), %r12
+ subq $0xa8, %rsp
+ vmovdqa (%r9), %xmm6
+ vmovdqa (%rax), %xmm5
+ vpsrlq $63, %xmm5, %xmm9
+ vpsllq $0x01, %xmm5, %xmm8
+ vpslldq $8, %xmm9, %xmm9
+ vpor %xmm9, %xmm8, %xmm8
+ vpshufd $0xff, %xmm5, %xmm5
+ vpsrad $31, %xmm5, %xmm5
+ vpand L_avx1_aes_gcm_mod2_128(%rip), %xmm5, %xmm5
+ vpxor %xmm8, %xmm5, %xmm5
+ xorl %r14d, %r14d
+ cmpl $0x80, %r8d
+ movl %r8d, %r13d
+ jl L_AES_GCM_decrypt_update_avx1_done_128
+ andl $0xffffff80, %r13d
+ vmovdqa %xmm6, %xmm2
+ # H ^ 1
+ vmovdqa %xmm5, (%rsp)
+ # H ^ 2
+ vpclmulqdq $0x00, %xmm5, %xmm5, %xmm8
+ vpclmulqdq $0x11, %xmm5, %xmm5, %xmm0
+ vpslld $31, %xmm8, %xmm12
+ vpslld $30, %xmm8, %xmm13
+ vpslld $25, %xmm8, %xmm14
+ vpxor %xmm13, %xmm12, %xmm12
+ vpxor %xmm14, %xmm12, %xmm12
+ vpsrldq $4, %xmm12, %xmm13
+ vpslldq $12, %xmm12, %xmm12
+ vpxor %xmm12, %xmm8, %xmm8
+ vpsrld $0x01, %xmm8, %xmm14
+ vpsrld $2, %xmm8, %xmm10
+ vpsrld $7, %xmm8, %xmm9
+ vpxor %xmm10, %xmm14, %xmm14
+ vpxor %xmm9, %xmm14, %xmm14
+ vpxor %xmm13, %xmm14, %xmm14
+ vpxor %xmm8, %xmm14, %xmm14
+ vpxor %xmm14, %xmm0, %xmm0
+ vmovdqa %xmm0, 16(%rsp)
+ # H ^ 3
+ # ghash_gfmul_red_avx
+ vpshufd $0x4e, %xmm5, %xmm9
+ vpshufd $0x4e, %xmm0, %xmm10
+ vpclmulqdq $0x11, %xmm5, %xmm0, %xmm11
+ vpclmulqdq $0x00, %xmm5, %xmm0, %xmm8
+ vpxor %xmm5, %xmm9, %xmm9
+ vpxor %xmm0, %xmm10, %xmm10
+ vpclmulqdq $0x00, %xmm10, %xmm9, %xmm9
+ vpxor %xmm8, %xmm9, %xmm9
+ vpxor %xmm11, %xmm9, %xmm9
+ vpslldq $8, %xmm9, %xmm10
+ vpsrldq $8, %xmm9, %xmm9
+ vpxor %xmm10, %xmm8, %xmm8
+ vpxor %xmm9, %xmm11, %xmm1
+ vpslld $31, %xmm8, %xmm12
+ vpslld $30, %xmm8, %xmm13
+ vpslld $25, %xmm8, %xmm14
+ vpxor %xmm13, %xmm12, %xmm12
+ vpxor %xmm14, %xmm12, %xmm12
+ vpsrldq $4, %xmm12, %xmm13
+ vpslldq $12, %xmm12, %xmm12
+ vpxor %xmm12, %xmm8, %xmm8
+ vpsrld $0x01, %xmm8, %xmm14
+ vpsrld $2, %xmm8, %xmm10
+ vpsrld $7, %xmm8, %xmm9
+ vpxor %xmm10, %xmm14, %xmm14
+ vpxor %xmm9, %xmm14, %xmm14
+ vpxor %xmm13, %xmm14, %xmm14
+ vpxor %xmm8, %xmm14, %xmm14
+ vpxor %xmm14, %xmm1, %xmm1
+ vmovdqa %xmm1, 32(%rsp)
+ # H ^ 4
+ vpclmulqdq $0x00, %xmm0, %xmm0, %xmm8
+ vpclmulqdq $0x11, %xmm0, %xmm0, %xmm3
+ vpslld $31, %xmm8, %xmm12
+ vpslld $30, %xmm8, %xmm13
+ vpslld $25, %xmm8, %xmm14
+ vpxor %xmm13, %xmm12, %xmm12
+ vpxor %xmm14, %xmm12, %xmm12
+ vpsrldq $4, %xmm12, %xmm13
+ vpslldq $12, %xmm12, %xmm12
+ vpxor %xmm12, %xmm8, %xmm8
+ vpsrld $0x01, %xmm8, %xmm14
+ vpsrld $2, %xmm8, %xmm10
+ vpsrld $7, %xmm8, %xmm9
+ vpxor %xmm10, %xmm14, %xmm14
+ vpxor %xmm9, %xmm14, %xmm14
+ vpxor %xmm13, %xmm14, %xmm14
+ vpxor %xmm8, %xmm14, %xmm14
+ vpxor %xmm14, %xmm3, %xmm3
+ vmovdqa %xmm3, 48(%rsp)
+ # H ^ 5
+ # ghash_gfmul_red_avx
+ vpshufd $0x4e, %xmm0, %xmm9
+ vpshufd $0x4e, %xmm1, %xmm10
+ vpclmulqdq $0x11, %xmm0, %xmm1, %xmm11
+ vpclmulqdq $0x00, %xmm0, %xmm1, %xmm8
+ vpxor %xmm0, %xmm9, %xmm9
+ vpxor %xmm1, %xmm10, %xmm10
+ vpclmulqdq $0x00, %xmm10, %xmm9, %xmm9
+ vpxor %xmm8, %xmm9, %xmm9
+ vpxor %xmm11, %xmm9, %xmm9
+ vpslldq $8, %xmm9, %xmm10
+ vpsrldq $8, %xmm9, %xmm9
+ vpxor %xmm10, %xmm8, %xmm8
+ vpxor %xmm9, %xmm11, %xmm7
+ vpslld $31, %xmm8, %xmm12
+ vpslld $30, %xmm8, %xmm13
+ vpslld $25, %xmm8, %xmm14
+ vpxor %xmm13, %xmm12, %xmm12
+ vpxor %xmm14, %xmm12, %xmm12
+ vpsrldq $4, %xmm12, %xmm13
+ vpslldq $12, %xmm12, %xmm12
+ vpxor %xmm12, %xmm8, %xmm8
+ vpsrld $0x01, %xmm8, %xmm14
+ vpsrld $2, %xmm8, %xmm10
+ vpsrld $7, %xmm8, %xmm9
+ vpxor %xmm10, %xmm14, %xmm14
+ vpxor %xmm9, %xmm14, %xmm14
+ vpxor %xmm13, %xmm14, %xmm14
+ vpxor %xmm8, %xmm14, %xmm14
+ vpxor %xmm14, %xmm7, %xmm7
+ vmovdqa %xmm7, 64(%rsp)
+ # H ^ 6
+ vpclmulqdq $0x00, %xmm1, %xmm1, %xmm8
+ vpclmulqdq $0x11, %xmm1, %xmm1, %xmm7
+ vpslld $31, %xmm8, %xmm12
+ vpslld $30, %xmm8, %xmm13
+ vpslld $25, %xmm8, %xmm14
+ vpxor %xmm13, %xmm12, %xmm12
+ vpxor %xmm14, %xmm12, %xmm12
+ vpsrldq $4, %xmm12, %xmm13
+ vpslldq $12, %xmm12, %xmm12
+ vpxor %xmm12, %xmm8, %xmm8
+ vpsrld $0x01, %xmm8, %xmm14
+ vpsrld $2, %xmm8, %xmm10
+ vpsrld $7, %xmm8, %xmm9
+ vpxor %xmm10, %xmm14, %xmm14
+ vpxor %xmm9, %xmm14, %xmm14
+ vpxor %xmm13, %xmm14, %xmm14
+ vpxor %xmm8, %xmm14, %xmm14
+ vpxor %xmm14, %xmm7, %xmm7
+ vmovdqa %xmm7, 80(%rsp)
+ # H ^ 7
+ # ghash_gfmul_red_avx
+ vpshufd $0x4e, %xmm1, %xmm9
+ vpshufd $0x4e, %xmm3, %xmm10
+ vpclmulqdq $0x11, %xmm1, %xmm3, %xmm11
+ vpclmulqdq $0x00, %xmm1, %xmm3, %xmm8
+ vpxor %xmm1, %xmm9, %xmm9
+ vpxor %xmm3, %xmm10, %xmm10
+ vpclmulqdq $0x00, %xmm10, %xmm9, %xmm9
+ vpxor %xmm8, %xmm9, %xmm9
+ vpxor %xmm11, %xmm9, %xmm9
+ vpslldq $8, %xmm9, %xmm10
+ vpsrldq $8, %xmm9, %xmm9
+ vpxor %xmm10, %xmm8, %xmm8
+ vpxor %xmm9, %xmm11, %xmm7
+ vpslld $31, %xmm8, %xmm12
+ vpslld $30, %xmm8, %xmm13
+ vpslld $25, %xmm8, %xmm14
+ vpxor %xmm13, %xmm12, %xmm12
+ vpxor %xmm14, %xmm12, %xmm12
+ vpsrldq $4, %xmm12, %xmm13
+ vpslldq $12, %xmm12, %xmm12
+ vpxor %xmm12, %xmm8, %xmm8
+ vpsrld $0x01, %xmm8, %xmm14
+ vpsrld $2, %xmm8, %xmm10
+ vpsrld $7, %xmm8, %xmm9
+ vpxor %xmm10, %xmm14, %xmm14
+ vpxor %xmm9, %xmm14, %xmm14
+ vpxor %xmm13, %xmm14, %xmm14
+ vpxor %xmm8, %xmm14, %xmm14
+ vpxor %xmm14, %xmm7, %xmm7
+ vmovdqa %xmm7, 96(%rsp)
+ # H ^ 8
+ vpclmulqdq $0x00, %xmm3, %xmm3, %xmm8
+ vpclmulqdq $0x11, %xmm3, %xmm3, %xmm7
+ vpslld $31, %xmm8, %xmm12
+ vpslld $30, %xmm8, %xmm13
+ vpslld $25, %xmm8, %xmm14
+ vpxor %xmm13, %xmm12, %xmm12
+ vpxor %xmm14, %xmm12, %xmm12
+ vpsrldq $4, %xmm12, %xmm13
+ vpslldq $12, %xmm12, %xmm12
+ vpxor %xmm12, %xmm8, %xmm8
+ vpsrld $0x01, %xmm8, %xmm14
+ vpsrld $2, %xmm8, %xmm10
+ vpsrld $7, %xmm8, %xmm9
+ vpxor %xmm10, %xmm14, %xmm14
+ vpxor %xmm9, %xmm14, %xmm14
+ vpxor %xmm13, %xmm14, %xmm14
+ vpxor %xmm8, %xmm14, %xmm14
+ vpxor %xmm14, %xmm7, %xmm7
+ vmovdqa %xmm7, 112(%rsp)
+L_AES_GCM_decrypt_update_avx1_ghash_128:
+ leaq (%r11,%r14,1), %rcx
+ leaq (%r10,%r14,1), %rdx
+ vmovdqa (%r12), %xmm0
+ vmovdqa L_avx1_aes_gcm_bswap_epi64(%rip), %xmm1
+ vpshufb %xmm1, %xmm0, %xmm8
+ vpaddd L_avx1_aes_gcm_one(%rip), %xmm0, %xmm9
+ vpshufb %xmm1, %xmm9, %xmm9
+ vpaddd L_avx1_aes_gcm_two(%rip), %xmm0, %xmm10
+ vpshufb %xmm1, %xmm10, %xmm10
+ vpaddd L_avx1_aes_gcm_three(%rip), %xmm0, %xmm11
+ vpshufb %xmm1, %xmm11, %xmm11
+ vpaddd L_avx1_aes_gcm_four(%rip), %xmm0, %xmm12
+ vpshufb %xmm1, %xmm12, %xmm12
+ vpaddd L_avx1_aes_gcm_five(%rip), %xmm0, %xmm13
+ vpshufb %xmm1, %xmm13, %xmm13
+ vpaddd L_avx1_aes_gcm_six(%rip), %xmm0, %xmm14
+ vpshufb %xmm1, %xmm14, %xmm14
+ vpaddd L_avx1_aes_gcm_seven(%rip), %xmm0, %xmm15
+ vpshufb %xmm1, %xmm15, %xmm15
+ vpaddd L_avx1_aes_gcm_eight(%rip), %xmm0, %xmm0
+ vmovdqa (%rdi), %xmm7
+ vmovdqa %xmm0, (%r12)
+ vpxor %xmm7, %xmm8, %xmm8
+ vpxor %xmm7, %xmm9, %xmm9
+ vpxor %xmm7, %xmm10, %xmm10
+ vpxor %xmm7, %xmm11, %xmm11
+ vpxor %xmm7, %xmm12, %xmm12
+ vpxor %xmm7, %xmm13, %xmm13
+ vpxor %xmm7, %xmm14, %xmm14
+ vpxor %xmm7, %xmm15, %xmm15
+ vmovdqa 112(%rsp), %xmm7
+ vmovdqu (%rcx), %xmm0
+ vaesenc 16(%rdi), %xmm8, %xmm8
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
+ vpxor %xmm2, %xmm0, %xmm0
+ vpshufd $0x4e, %xmm7, %xmm1
+ vpshufd $0x4e, %xmm0, %xmm5
+ vpxor %xmm7, %xmm1, %xmm1
+ vpxor %xmm0, %xmm5, %xmm5
+ vpclmulqdq $0x11, %xmm7, %xmm0, %xmm3
+ vaesenc 16(%rdi), %xmm9, %xmm9
+ vaesenc 16(%rdi), %xmm10, %xmm10
+ vpclmulqdq $0x00, %xmm7, %xmm0, %xmm2
+ vaesenc 16(%rdi), %xmm11, %xmm11
+ vaesenc 16(%rdi), %xmm12, %xmm12
+ vpclmulqdq $0x00, %xmm5, %xmm1, %xmm1
+ vaesenc 16(%rdi), %xmm13, %xmm13
+ vaesenc 16(%rdi), %xmm14, %xmm14
+ vaesenc 16(%rdi), %xmm15, %xmm15
+ vpxor %xmm2, %xmm1, %xmm1
+ vpxor %xmm3, %xmm1, %xmm1
+ vmovdqa 96(%rsp), %xmm7
+ vmovdqu 16(%rcx), %xmm0
+ vpshufd $0x4e, %xmm7, %xmm4
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
+ vaesenc 32(%rdi), %xmm8, %xmm8
+ vpxor %xmm7, %xmm4, %xmm4
+ vpshufd $0x4e, %xmm0, %xmm5
+ vpxor %xmm0, %xmm5, %xmm5
+ vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6
+ vaesenc 32(%rdi), %xmm9, %xmm9
+ vaesenc 32(%rdi), %xmm10, %xmm10
+ vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7
+ vaesenc 32(%rdi), %xmm11, %xmm11
+ vaesenc 32(%rdi), %xmm12, %xmm12
+ vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4
+ vaesenc 32(%rdi), %xmm13, %xmm13
+ vaesenc 32(%rdi), %xmm14, %xmm14
+ vaesenc 32(%rdi), %xmm15, %xmm15
+ vpxor %xmm7, %xmm1, %xmm1
+ vpxor %xmm7, %xmm2, %xmm2
+ vpxor %xmm6, %xmm1, %xmm1
+ vpxor %xmm6, %xmm3, %xmm3
+ vpxor %xmm4, %xmm1, %xmm1
+ vmovdqa 80(%rsp), %xmm7
+ vmovdqu 32(%rcx), %xmm0
+ vpshufd $0x4e, %xmm7, %xmm4
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
+ vaesenc 48(%rdi), %xmm8, %xmm8
+ vpxor %xmm7, %xmm4, %xmm4
+ vpshufd $0x4e, %xmm0, %xmm5
+ vpxor %xmm0, %xmm5, %xmm5
+ vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6
+ vaesenc 48(%rdi), %xmm9, %xmm9
+ vaesenc 48(%rdi), %xmm10, %xmm10
+ vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7
+ vaesenc 48(%rdi), %xmm11, %xmm11
+ vaesenc 48(%rdi), %xmm12, %xmm12
+ vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4
+ vaesenc 48(%rdi), %xmm13, %xmm13
+ vaesenc 48(%rdi), %xmm14, %xmm14
+ vaesenc 48(%rdi), %xmm15, %xmm15
+ vpxor %xmm7, %xmm1, %xmm1
+ vpxor %xmm7, %xmm2, %xmm2
+ vpxor %xmm6, %xmm1, %xmm1
+ vpxor %xmm6, %xmm3, %xmm3
+ vpxor %xmm4, %xmm1, %xmm1
+ vmovdqa 64(%rsp), %xmm7
+ vmovdqu 48(%rcx), %xmm0
+ vpshufd $0x4e, %xmm7, %xmm4
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
+ vaesenc 64(%rdi), %xmm8, %xmm8
+ vpxor %xmm7, %xmm4, %xmm4
+ vpshufd $0x4e, %xmm0, %xmm5
+ vpxor %xmm0, %xmm5, %xmm5
+ vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6
+ vaesenc 64(%rdi), %xmm9, %xmm9
+ vaesenc 64(%rdi), %xmm10, %xmm10
+ vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7
+ vaesenc 64(%rdi), %xmm11, %xmm11
+ vaesenc 64(%rdi), %xmm12, %xmm12
+ vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4
+ vaesenc 64(%rdi), %xmm13, %xmm13
+ vaesenc 64(%rdi), %xmm14, %xmm14
+ vaesenc 64(%rdi), %xmm15, %xmm15
+ vpxor %xmm7, %xmm1, %xmm1
+ vpxor %xmm7, %xmm2, %xmm2
+ vpxor %xmm6, %xmm1, %xmm1
+ vpxor %xmm6, %xmm3, %xmm3
+ vpxor %xmm4, %xmm1, %xmm1
+ vmovdqa 48(%rsp), %xmm7
+ vmovdqu 64(%rcx), %xmm0
+ vpshufd $0x4e, %xmm7, %xmm4
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
+ vaesenc 80(%rdi), %xmm8, %xmm8
+ vpxor %xmm7, %xmm4, %xmm4
+ vpshufd $0x4e, %xmm0, %xmm5
+ vpxor %xmm0, %xmm5, %xmm5
+ vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6
+ vaesenc 80(%rdi), %xmm9, %xmm9
+ vaesenc 80(%rdi), %xmm10, %xmm10
+ vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7
+ vaesenc 80(%rdi), %xmm11, %xmm11
+ vaesenc 80(%rdi), %xmm12, %xmm12
+ vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4
+ vaesenc 80(%rdi), %xmm13, %xmm13
+ vaesenc 80(%rdi), %xmm14, %xmm14
+ vaesenc 80(%rdi), %xmm15, %xmm15
+ vpxor %xmm7, %xmm1, %xmm1
+ vpxor %xmm7, %xmm2, %xmm2
+ vpxor %xmm6, %xmm1, %xmm1
+ vpxor %xmm6, %xmm3, %xmm3
+ vpxor %xmm4, %xmm1, %xmm1
+ vmovdqa 32(%rsp), %xmm7
+ vmovdqu 80(%rcx), %xmm0
+ vpshufd $0x4e, %xmm7, %xmm4
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
+ vaesenc 96(%rdi), %xmm8, %xmm8
+ vpxor %xmm7, %xmm4, %xmm4
+ vpshufd $0x4e, %xmm0, %xmm5
+ vpxor %xmm0, %xmm5, %xmm5
+ vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6
+ vaesenc 96(%rdi), %xmm9, %xmm9
+ vaesenc 96(%rdi), %xmm10, %xmm10
+ vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7
+ vaesenc 96(%rdi), %xmm11, %xmm11
+ vaesenc 96(%rdi), %xmm12, %xmm12
+ vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4
+ vaesenc 96(%rdi), %xmm13, %xmm13
+ vaesenc 96(%rdi), %xmm14, %xmm14
+ vaesenc 96(%rdi), %xmm15, %xmm15
+ vpxor %xmm7, %xmm1, %xmm1
+ vpxor %xmm7, %xmm2, %xmm2
+ vpxor %xmm6, %xmm1, %xmm1
+ vpxor %xmm6, %xmm3, %xmm3
+ vpxor %xmm4, %xmm1, %xmm1
+ vmovdqa 16(%rsp), %xmm7
+ vmovdqu 96(%rcx), %xmm0
+ vpshufd $0x4e, %xmm7, %xmm4
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
+ vaesenc 112(%rdi), %xmm8, %xmm8
+ vpxor %xmm7, %xmm4, %xmm4
+ vpshufd $0x4e, %xmm0, %xmm5
+ vpxor %xmm0, %xmm5, %xmm5
+ vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6
+ vaesenc 112(%rdi), %xmm9, %xmm9
+ vaesenc 112(%rdi), %xmm10, %xmm10
+ vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7
+ vaesenc 112(%rdi), %xmm11, %xmm11
+ vaesenc 112(%rdi), %xmm12, %xmm12
+ vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4
+ vaesenc 112(%rdi), %xmm13, %xmm13
+ vaesenc 112(%rdi), %xmm14, %xmm14
+ vaesenc 112(%rdi), %xmm15, %xmm15
+ vpxor %xmm7, %xmm1, %xmm1
+ vpxor %xmm7, %xmm2, %xmm2
+ vpxor %xmm6, %xmm1, %xmm1
+ vpxor %xmm6, %xmm3, %xmm3
+ vpxor %xmm4, %xmm1, %xmm1
+ vmovdqa (%rsp), %xmm7
+ vmovdqu 112(%rcx), %xmm0
+ vpshufd $0x4e, %xmm7, %xmm4
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
+ vaesenc 128(%rdi), %xmm8, %xmm8
+ vpxor %xmm7, %xmm4, %xmm4
+ vpshufd $0x4e, %xmm0, %xmm5
+ vpxor %xmm0, %xmm5, %xmm5
+ vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6
+ vaesenc 128(%rdi), %xmm9, %xmm9
+ vaesenc 128(%rdi), %xmm10, %xmm10
+ vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7
+ vaesenc 128(%rdi), %xmm11, %xmm11
+ vaesenc 128(%rdi), %xmm12, %xmm12
+ vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4
+ vaesenc 128(%rdi), %xmm13, %xmm13
+ vaesenc 128(%rdi), %xmm14, %xmm14
+ vaesenc 128(%rdi), %xmm15, %xmm15
+ vpxor %xmm7, %xmm1, %xmm1
+ vpxor %xmm7, %xmm2, %xmm2
+ vpxor %xmm6, %xmm1, %xmm1
+ vpxor %xmm6, %xmm3, %xmm3
+ vpxor %xmm4, %xmm1, %xmm1
+ vpslldq $8, %xmm1, %xmm5
+ vpsrldq $8, %xmm1, %xmm1
+ vaesenc 144(%rdi), %xmm8, %xmm8
+ vpxor %xmm5, %xmm2, %xmm2
+ vpxor %xmm1, %xmm3, %xmm3
+ vaesenc 144(%rdi), %xmm9, %xmm9
+ vpslld $31, %xmm2, %xmm7
+ vpslld $30, %xmm2, %xmm4
+ vpslld $25, %xmm2, %xmm5
+ vaesenc 144(%rdi), %xmm10, %xmm10
+ vpxor %xmm4, %xmm7, %xmm7
+ vpxor %xmm5, %xmm7, %xmm7
+ vaesenc 144(%rdi), %xmm11, %xmm11
+ vpsrldq $4, %xmm7, %xmm4
+ vpslldq $12, %xmm7, %xmm7
+ vaesenc 144(%rdi), %xmm12, %xmm12
+ vpxor %xmm7, %xmm2, %xmm2
+ vpsrld $0x01, %xmm2, %xmm5
+ vaesenc 144(%rdi), %xmm13, %xmm13
+ vpsrld $2, %xmm2, %xmm1
+ vpsrld $7, %xmm2, %xmm0
+ vaesenc 144(%rdi), %xmm14, %xmm14
+ vpxor %xmm1, %xmm5, %xmm5
+ vpxor %xmm0, %xmm5, %xmm5
+ vaesenc 144(%rdi), %xmm15, %xmm15
+ vpxor %xmm4, %xmm5, %xmm5
+ vpxor %xmm5, %xmm2, %xmm2
+ vpxor %xmm3, %xmm2, %xmm2
+ cmpl $11, %esi
+ vmovdqa 160(%rdi), %xmm7
+ jl L_AES_GCM_decrypt_update_avx1_aesenc_128_ghash_avx_done
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 176(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ cmpl $13, %esi
+ vmovdqa 192(%rdi), %xmm7
+ jl L_AES_GCM_decrypt_update_avx1_aesenc_128_ghash_avx_done
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 208(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 224(%rdi), %xmm7
+L_AES_GCM_decrypt_update_avx1_aesenc_128_ghash_avx_done:
+ vaesenclast %xmm7, %xmm8, %xmm8
+ vaesenclast %xmm7, %xmm9, %xmm9
+ vmovdqu (%rcx), %xmm0
+ vmovdqu 16(%rcx), %xmm1
+ vpxor %xmm0, %xmm8, %xmm8
+ vpxor %xmm1, %xmm9, %xmm9
+ vmovdqu %xmm8, (%rdx)
+ vmovdqu %xmm9, 16(%rdx)
+ vaesenclast %xmm7, %xmm10, %xmm10
+ vaesenclast %xmm7, %xmm11, %xmm11
+ vmovdqu 32(%rcx), %xmm0
+ vmovdqu 48(%rcx), %xmm1
+ vpxor %xmm0, %xmm10, %xmm10
+ vpxor %xmm1, %xmm11, %xmm11
+ vmovdqu %xmm10, 32(%rdx)
+ vmovdqu %xmm11, 48(%rdx)
+ vaesenclast %xmm7, %xmm12, %xmm12
+ vaesenclast %xmm7, %xmm13, %xmm13
+ vmovdqu 64(%rcx), %xmm0
+ vmovdqu 80(%rcx), %xmm1
+ vpxor %xmm0, %xmm12, %xmm12
+ vpxor %xmm1, %xmm13, %xmm13
+ vmovdqu %xmm12, 64(%rdx)
+ vmovdqu %xmm13, 80(%rdx)
+ vaesenclast %xmm7, %xmm14, %xmm14
+ vaesenclast %xmm7, %xmm15, %xmm15
+ vmovdqu 96(%rcx), %xmm0
+ vmovdqu 112(%rcx), %xmm1
+ vpxor %xmm0, %xmm14, %xmm14
+ vpxor %xmm1, %xmm15, %xmm15
+ vmovdqu %xmm14, 96(%rdx)
+ vmovdqu %xmm15, 112(%rdx)
+ addl $0x80, %r14d
+ cmpl %r13d, %r14d
+ jl L_AES_GCM_decrypt_update_avx1_ghash_128
+ vmovdqa %xmm2, %xmm6
+ vmovdqa (%rsp), %xmm5
+L_AES_GCM_decrypt_update_avx1_done_128:
+ movl %r8d, %edx
+ cmpl %edx, %r14d
+ jge L_AES_GCM_decrypt_update_avx1_done_dec
+ movl %r8d, %r13d
+ andl $0xfffffff0, %r13d
+ cmpl %r13d, %r14d
+ jge L_AES_GCM_decrypt_update_avx1_last_block_done
+L_AES_GCM_decrypt_update_avx1_last_block_start:
+ vmovdqu (%r11,%r14,1), %xmm13
+ vmovdqa %xmm5, %xmm0
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm13, %xmm1
+ vpxor %xmm6, %xmm1, %xmm1
+ vmovdqa (%r12), %xmm9
+ vpshufb L_avx1_aes_gcm_bswap_epi64(%rip), %xmm9, %xmm8
+ vpaddd L_avx1_aes_gcm_one(%rip), %xmm9, %xmm9
+ vmovdqa %xmm9, (%r12)
+ vpxor (%rdi), %xmm8, %xmm8
+ vpclmulqdq $16, %xmm0, %xmm1, %xmm10
+ vaesenc 16(%rdi), %xmm8, %xmm8
+ vaesenc 32(%rdi), %xmm8, %xmm8
+ vpclmulqdq $0x01, %xmm0, %xmm1, %xmm11
+ vaesenc 48(%rdi), %xmm8, %xmm8
+ vaesenc 64(%rdi), %xmm8, %xmm8
+ vpclmulqdq $0x00, %xmm0, %xmm1, %xmm12
+ vaesenc 80(%rdi), %xmm8, %xmm8
+ vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1
+ vaesenc 96(%rdi), %xmm8, %xmm8
+ vpxor %xmm11, %xmm10, %xmm10
+ vpslldq $8, %xmm10, %xmm2
+ vpsrldq $8, %xmm10, %xmm10
+ vaesenc 112(%rdi), %xmm8, %xmm8
+ vpxor %xmm12, %xmm2, %xmm2
+ vpxor %xmm10, %xmm1, %xmm3
+ vmovdqa L_avx1_aes_gcm_mod2_128(%rip), %xmm0
+ vpclmulqdq $16, %xmm0, %xmm2, %xmm11
+ vaesenc 128(%rdi), %xmm8, %xmm8
+ vpshufd $0x4e, %xmm2, %xmm10
+ vpxor %xmm11, %xmm10, %xmm10
+ vpclmulqdq $16, %xmm0, %xmm10, %xmm11
+ vaesenc 144(%rdi), %xmm8, %xmm8
+ vpshufd $0x4e, %xmm10, %xmm10
+ vpxor %xmm11, %xmm10, %xmm10
+ vpxor %xmm3, %xmm10, %xmm6
+ cmpl $11, %esi
+ vmovdqa 160(%rdi), %xmm9
+ jl L_AES_GCM_decrypt_update_avx1_aesenc_gfmul_last
+ vaesenc %xmm9, %xmm8, %xmm8
+ vaesenc 176(%rdi), %xmm8, %xmm8
+ cmpl $13, %esi
+ vmovdqa 192(%rdi), %xmm9
+ jl L_AES_GCM_decrypt_update_avx1_aesenc_gfmul_last
+ vaesenc %xmm9, %xmm8, %xmm8
+ vaesenc 208(%rdi), %xmm8, %xmm8
+ vmovdqa 224(%rdi), %xmm9
+L_AES_GCM_decrypt_update_avx1_aesenc_gfmul_last:
+ vaesenclast %xmm9, %xmm8, %xmm8
+ vmovdqa %xmm13, %xmm0
+ vpxor %xmm0, %xmm8, %xmm8
+ vmovdqu %xmm8, (%r10,%r14,1)
+ addl $16, %r14d
+ cmpl %r13d, %r14d
+ jl L_AES_GCM_decrypt_update_avx1_last_block_start
+L_AES_GCM_decrypt_update_avx1_last_block_done:
+L_AES_GCM_decrypt_update_avx1_done_dec:
+ vmovdqa %xmm6, (%r9)
+ vzeroupper
+ addq $0xa8, %rsp
+ popq %r14
+ popq %r12
+ popq %r13
+ repz retq
+#ifndef __APPLE__
+.size AES_GCM_decrypt_update_avx1,.-AES_GCM_decrypt_update_avx1
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl AES_GCM_decrypt_final_avx1
+.type AES_GCM_decrypt_final_avx1,@function
+.align 16
+AES_GCM_decrypt_final_avx1:
+#else
+.section __TEXT,__text
+.globl _AES_GCM_decrypt_final_avx1
+.p2align 4
+_AES_GCM_decrypt_final_avx1:
+#endif /* __APPLE__ */
+ pushq %r13
+ pushq %rbp
+ pushq %r12
+ movq %rdx, %rax
+ movl %ecx, %r10d
+ movl %r8d, %r11d
+ movq 32(%rsp), %r8
+ movq 40(%rsp), %rbp
+ subq $16, %rsp
+ vmovdqa (%rdi), %xmm6
+ vmovdqa (%r9), %xmm5
+ vmovdqa (%r8), %xmm15
+ vpsrlq $63, %xmm5, %xmm9
+ vpsllq $0x01, %xmm5, %xmm8
+ vpslldq $8, %xmm9, %xmm9
+ vpor %xmm9, %xmm8, %xmm8
+ vpshufd $0xff, %xmm5, %xmm5
+ vpsrad $31, %xmm5, %xmm5
+ vpand L_avx1_aes_gcm_mod2_128(%rip), %xmm5, %xmm5
+ vpxor %xmm8, %xmm5, %xmm5
+ movl %r10d, %edx
+ movl %r11d, %ecx
+ shlq $3, %rdx
+ shlq $3, %rcx
+ vpinsrq $0x00, %rdx, %xmm0, %xmm0
+ vpinsrq $0x01, %rcx, %xmm0, %xmm0
+ vpxor %xmm0, %xmm6, %xmm6
+ # ghash_gfmul_red_avx
+ vpshufd $0x4e, %xmm5, %xmm9
+ vpshufd $0x4e, %xmm6, %xmm10
+ vpclmulqdq $0x11, %xmm5, %xmm6, %xmm11
+ vpclmulqdq $0x00, %xmm5, %xmm6, %xmm8
+ vpxor %xmm5, %xmm9, %xmm9
+ vpxor %xmm6, %xmm10, %xmm10
+ vpclmulqdq $0x00, %xmm10, %xmm9, %xmm9
+ vpxor %xmm8, %xmm9, %xmm9
+ vpxor %xmm11, %xmm9, %xmm9
+ vpslldq $8, %xmm9, %xmm10
+ vpsrldq $8, %xmm9, %xmm9
+ vpxor %xmm10, %xmm8, %xmm8
+ vpxor %xmm9, %xmm11, %xmm6
+ vpslld $31, %xmm8, %xmm12
+ vpslld $30, %xmm8, %xmm13
+ vpslld $25, %xmm8, %xmm14
+ vpxor %xmm13, %xmm12, %xmm12
+ vpxor %xmm14, %xmm12, %xmm12
+ vpsrldq $4, %xmm12, %xmm13
+ vpslldq $12, %xmm12, %xmm12
+ vpxor %xmm12, %xmm8, %xmm8
+ vpsrld $0x01, %xmm8, %xmm14
+ vpsrld $2, %xmm8, %xmm10
+ vpsrld $7, %xmm8, %xmm9
+ vpxor %xmm10, %xmm14, %xmm14
+ vpxor %xmm9, %xmm14, %xmm14
+ vpxor %xmm13, %xmm14, %xmm14
+ vpxor %xmm8, %xmm14, %xmm14
+ vpxor %xmm14, %xmm6, %xmm6
+ vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm6, %xmm6
+ vpxor %xmm15, %xmm6, %xmm0
+ cmpl $16, %eax
+ je L_AES_GCM_decrypt_final_avx1_cmp_tag_16
+ subq $16, %rsp
+ xorq %rcx, %rcx
+ xorq %r12, %r12
+ vmovdqu %xmm0, (%rsp)
+L_AES_GCM_decrypt_final_avx1_cmp_tag_loop:
+ movzbl (%rsp,%rcx,1), %r13d
+ xorb (%rsi,%rcx,1), %r13b
+ orb %r13b, %r12b
+ incl %ecx
+ cmpl %eax, %ecx
+ jne L_AES_GCM_decrypt_final_avx1_cmp_tag_loop
+ cmpb $0x00, %r12b
+ sete %r12b
+ addq $16, %rsp
+ xorq %rcx, %rcx
+ jmp L_AES_GCM_decrypt_final_avx1_cmp_tag_done
+L_AES_GCM_decrypt_final_avx1_cmp_tag_16:
+ vmovdqu (%rsi), %xmm1
+ vpcmpeqb %xmm1, %xmm0, %xmm0
+ vpmovmskb %xmm0, %rdx
+ # %%edx == 0xFFFF then return 1 else => return 0
+ xorl %r12d, %r12d
+ cmpl $0xffff, %edx
+ sete %r12b
+L_AES_GCM_decrypt_final_avx1_cmp_tag_done:
+ movl %r12d, (%rbp)
+ vzeroupper
+ addq $16, %rsp
+ popq %r12
+ popq %rbp
+ popq %r13
+ repz retq
+#ifndef __APPLE__
+.size AES_GCM_decrypt_final_avx1,.-AES_GCM_decrypt_final_avx1
+#endif /* __APPLE__ */
+#endif /* WOLFSSL_AESGCM_STREAM */
#endif /* HAVE_INTEL_AVX1 */
#ifdef HAVE_INTEL_AVX2
#ifndef __APPLE__
@@ -6561,7 +11672,7 @@ L_AES_GCM_encrypt_avx2_calc_iv_16_loop:
L_AES_GCM_encrypt_avx2_calc_iv_lt16:
vpxor %xmm0, %xmm0, %xmm0
xorl %ebx, %ebx
- vmovdqa %xmm0, (%rsp)
+ vmovdqu %xmm0, (%rsp)
L_AES_GCM_encrypt_avx2_calc_iv_loop:
movzbl (%rax,%rcx,1), %r13d
movb %r13b, (%rsp,%rbx,1)
@@ -6569,7 +11680,7 @@ L_AES_GCM_encrypt_avx2_calc_iv_loop:
incl %ebx
cmpl %edx, %ecx
jl L_AES_GCM_encrypt_avx2_calc_iv_loop
- vmovdqa (%rsp), %xmm0
+ vmovdqu (%rsp), %xmm0
vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
vpxor %xmm0, %xmm4, %xmm4
# ghash_gfmul_avx
@@ -6773,7 +11884,7 @@ L_AES_GCM_encrypt_avx2_calc_aad_16_loop:
L_AES_GCM_encrypt_avx2_calc_aad_lt16:
vpxor %xmm0, %xmm0, %xmm0
xorl %ebx, %ebx
- vmovdqa %xmm0, (%rsp)
+ vmovdqu %xmm0, (%rsp)
L_AES_GCM_encrypt_avx2_calc_aad_loop:
movzbl (%r12,%rcx,1), %r13d
movb %r13b, (%rsp,%rbx,1)
@@ -6781,7 +11892,7 @@ L_AES_GCM_encrypt_avx2_calc_aad_loop:
incl %ebx
cmpl %edx, %ecx
jl L_AES_GCM_encrypt_avx2_calc_aad_loop
- vmovdqa (%rsp), %xmm0
+ vmovdqu (%rsp), %xmm0
vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
vpxor %xmm0, %xmm6, %xmm6
# ghash_gfmul_avx
@@ -7674,8 +12785,8 @@ L_AES_GCM_encrypt_avx2_aesenc_last15_enc_avx_aesenc_avx_last:
vaesenclast %xmm0, %xmm4, %xmm4
xorl %ecx, %ecx
vpxor %xmm0, %xmm0, %xmm0
- vmovdqa %xmm4, (%rsp)
- vmovdqa %xmm0, 16(%rsp)
+ vmovdqu %xmm4, (%rsp)
+ vmovdqu %xmm0, 16(%rsp)
L_AES_GCM_encrypt_avx2_aesenc_last15_enc_avx_loop:
movzbl (%rdi,%rbx,1), %r13d
xorb (%rsp,%rcx,1), %r13b
@@ -7686,7 +12797,7 @@ L_AES_GCM_encrypt_avx2_aesenc_last15_enc_avx_loop:
cmpl %edx, %ebx
jl L_AES_GCM_encrypt_avx2_aesenc_last15_enc_avx_loop
L_AES_GCM_encrypt_avx2_aesenc_last15_enc_avx_finish_enc:
- vmovdqa 16(%rsp), %xmm4
+ vmovdqu 16(%rsp), %xmm4
vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm4, %xmm4
vpxor %xmm4, %xmm6, %xmm6
# ghash_gfmul_red
@@ -7737,7 +12848,7 @@ L_AES_GCM_encrypt_avx2_done_enc:
cmpl $16, %r14d
je L_AES_GCM_encrypt_avx2_store_tag_16
xorq %rcx, %rcx
- vmovdqa %xmm0, (%rsp)
+ vmovdqu %xmm0, (%rsp)
L_AES_GCM_encrypt_avx2_store_tag_loop:
movzbl (%rsp,%rcx,1), %r13d
movb %r13b, (%r15,%rcx,1)
@@ -7871,7 +12982,7 @@ L_AES_GCM_decrypt_avx2_calc_iv_16_loop:
L_AES_GCM_decrypt_avx2_calc_iv_lt16:
vpxor %xmm0, %xmm0, %xmm0
xorl %ebx, %ebx
- vmovdqa %xmm0, (%rsp)
+ vmovdqu %xmm0, (%rsp)
L_AES_GCM_decrypt_avx2_calc_iv_loop:
movzbl (%rax,%rcx,1), %r13d
movb %r13b, (%rsp,%rbx,1)
@@ -7879,7 +12990,7 @@ L_AES_GCM_decrypt_avx2_calc_iv_loop:
incl %ebx
cmpl %edx, %ecx
jl L_AES_GCM_decrypt_avx2_calc_iv_loop
- vmovdqa (%rsp), %xmm0
+ vmovdqu (%rsp), %xmm0
vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
vpxor %xmm0, %xmm4, %xmm4
# ghash_gfmul_avx
@@ -8083,7 +13194,7 @@ L_AES_GCM_decrypt_avx2_calc_aad_16_loop:
L_AES_GCM_decrypt_avx2_calc_aad_lt16:
vpxor %xmm0, %xmm0, %xmm0
xorl %ebx, %ebx
- vmovdqa %xmm0, (%rsp)
+ vmovdqu %xmm0, (%rsp)
L_AES_GCM_decrypt_avx2_calc_aad_loop:
movzbl (%r12,%rcx,1), %r13d
movb %r13b, (%rsp,%rbx,1)
@@ -8091,7 +13202,7 @@ L_AES_GCM_decrypt_avx2_calc_aad_loop:
incl %ebx
cmpl %edx, %ecx
jl L_AES_GCM_decrypt_avx2_calc_aad_loop
- vmovdqa (%rsp), %xmm0
+ vmovdqu (%rsp), %xmm0
vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
vpxor %xmm0, %xmm6, %xmm6
# ghash_gfmul_avx
@@ -8634,8 +13745,8 @@ L_AES_GCM_decrypt_avx2_aesenc_last15_dec_avx_aesenc_avx_last:
vaesenclast %xmm1, %xmm4, %xmm4
xorl %ecx, %ecx
vpxor %xmm0, %xmm0, %xmm0
- vmovdqa %xmm4, (%rsp)
- vmovdqa %xmm0, 16(%rsp)
+ vmovdqu %xmm4, (%rsp)
+ vmovdqu %xmm0, 16(%rsp)
L_AES_GCM_decrypt_avx2_aesenc_last15_dec_avx_loop:
movzbl (%rdi,%rbx,1), %r13d
movb %r13b, 16(%rsp,%rcx,1)
@@ -8645,7 +13756,7 @@ L_AES_GCM_decrypt_avx2_aesenc_last15_dec_avx_loop:
incl %ecx
cmpl %edx, %ebx
jl L_AES_GCM_decrypt_avx2_aesenc_last15_dec_avx_loop
- vmovdqa 16(%rsp), %xmm4
+ vmovdqu 16(%rsp), %xmm4
vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm4, %xmm4
vpxor %xmm4, %xmm6, %xmm6
# ghash_gfmul_red
@@ -8697,7 +13808,7 @@ L_AES_GCM_decrypt_avx2_done_dec:
je L_AES_GCM_decrypt_avx2_cmp_tag_16
xorq %rdx, %rdx
xorq %rax, %rax
- vmovdqa %xmm0, (%rsp)
+ vmovdqu %xmm0, (%rsp)
L_AES_GCM_decrypt_avx2_cmp_tag_loop:
movzbl (%rsp,%rdx,1), %r13d
xorb (%r14,%rdx,1), %r13b
@@ -8730,6 +13841,1993 @@ L_AES_GCM_decrypt_avx2_cmp_tag_done:
#ifndef __APPLE__
.size AES_GCM_decrypt_avx2,.-AES_GCM_decrypt_avx2
#endif /* __APPLE__ */
+#ifdef WOLFSSL_AESGCM_STREAM
+#ifndef __APPLE__
+.text
+.globl AES_GCM_init_avx2
+.type AES_GCM_init_avx2,@function
+.align 16
+AES_GCM_init_avx2:
+#else
+.section __TEXT,__text
+.globl _AES_GCM_init_avx2
+.p2align 4
+_AES_GCM_init_avx2:
+#endif /* __APPLE__ */
+ pushq %rbx
+ pushq %r12
+ movq %rdx, %r10
+ movl %ecx, %r11d
+ movq 24(%rsp), %rax
+ subq $16, %rsp
+ vpxor %xmm4, %xmm4, %xmm4
+ movl %r11d, %edx
+ cmpl $12, %edx
+ je L_AES_GCM_init_avx2_iv_12
+ # Calculate values when IV is not 12 bytes
+ # H = Encrypt X(=0)
+ vmovdqa (%rdi), %xmm5
+ vaesenc 16(%rdi), %xmm5, %xmm5
+ vaesenc 32(%rdi), %xmm5, %xmm5
+ vaesenc 48(%rdi), %xmm5, %xmm5
+ vaesenc 64(%rdi), %xmm5, %xmm5
+ vaesenc 80(%rdi), %xmm5, %xmm5
+ vaesenc 96(%rdi), %xmm5, %xmm5
+ vaesenc 112(%rdi), %xmm5, %xmm5
+ vaesenc 128(%rdi), %xmm5, %xmm5
+ vaesenc 144(%rdi), %xmm5, %xmm5
+ cmpl $11, %esi
+ vmovdqa 160(%rdi), %xmm0
+ jl L_AES_GCM_init_avx2_calc_iv_1_aesenc_avx_last
+ vaesenc %xmm0, %xmm5, %xmm5
+ vaesenc 176(%rdi), %xmm5, %xmm5
+ cmpl $13, %esi
+ vmovdqa 192(%rdi), %xmm0
+ jl L_AES_GCM_init_avx2_calc_iv_1_aesenc_avx_last
+ vaesenc %xmm0, %xmm5, %xmm5
+ vaesenc 208(%rdi), %xmm5, %xmm5
+ vmovdqa 224(%rdi), %xmm0
+L_AES_GCM_init_avx2_calc_iv_1_aesenc_avx_last:
+ vaesenclast %xmm0, %xmm5, %xmm5
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm5, %xmm5
+ # Calc counter
+ # Initialization vector
+ cmpl $0x00, %edx
+ movq $0x00, %rcx
+ je L_AES_GCM_init_avx2_calc_iv_done
+ cmpl $16, %edx
+ jl L_AES_GCM_init_avx2_calc_iv_lt16
+ andl $0xfffffff0, %edx
+L_AES_GCM_init_avx2_calc_iv_16_loop:
+ vmovdqu (%r10,%rcx,1), %xmm0
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
+ vpxor %xmm0, %xmm4, %xmm4
+ # ghash_gfmul_avx
+ vpclmulqdq $16, %xmm4, %xmm5, %xmm2
+ vpclmulqdq $0x01, %xmm4, %xmm5, %xmm1
+ vpclmulqdq $0x00, %xmm4, %xmm5, %xmm0
+ vpclmulqdq $0x11, %xmm4, %xmm5, %xmm3
+ vpxor %xmm1, %xmm2, %xmm2
+ vpslldq $8, %xmm2, %xmm1
+ vpsrldq $8, %xmm2, %xmm2
+ vpxor %xmm1, %xmm0, %xmm6
+ vpxor %xmm2, %xmm3, %xmm4
+ # ghash_mid
+ vpsrld $31, %xmm6, %xmm0
+ vpsrld $31, %xmm4, %xmm1
+ vpslld $0x01, %xmm6, %xmm6
+ vpslld $0x01, %xmm4, %xmm4
+ vpsrldq $12, %xmm0, %xmm2
+ vpslldq $4, %xmm0, %xmm0
+ vpslldq $4, %xmm1, %xmm1
+ vpor %xmm2, %xmm4, %xmm4
+ vpor %xmm0, %xmm6, %xmm6
+ vpor %xmm1, %xmm4, %xmm4
+ # ghash_red
+ vmovdqa L_avx2_aes_gcm_mod2_128(%rip), %xmm2
+ vpclmulqdq $16, %xmm2, %xmm6, %xmm0
+ vpshufd $0x4e, %xmm6, %xmm1
+ vpxor %xmm0, %xmm1, %xmm1
+ vpclmulqdq $16, %xmm2, %xmm1, %xmm0
+ vpshufd $0x4e, %xmm1, %xmm1
+ vpxor %xmm0, %xmm1, %xmm1
+ vpxor %xmm1, %xmm4, %xmm4
+ addl $16, %ecx
+ cmpl %edx, %ecx
+ jl L_AES_GCM_init_avx2_calc_iv_16_loop
+ movl %r11d, %edx
+ cmpl %edx, %ecx
+ je L_AES_GCM_init_avx2_calc_iv_done
+L_AES_GCM_init_avx2_calc_iv_lt16:
+ vpxor %xmm0, %xmm0, %xmm0
+ xorl %ebx, %ebx
+ vmovdqu %xmm0, (%rsp)
+L_AES_GCM_init_avx2_calc_iv_loop:
+ movzbl (%r10,%rcx,1), %r12d
+ movb %r12b, (%rsp,%rbx,1)
+ incl %ecx
+ incl %ebx
+ cmpl %edx, %ecx
+ jl L_AES_GCM_init_avx2_calc_iv_loop
+ vmovdqu (%rsp), %xmm0
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
+ vpxor %xmm0, %xmm4, %xmm4
+ # ghash_gfmul_avx
+ vpclmulqdq $16, %xmm4, %xmm5, %xmm2
+ vpclmulqdq $0x01, %xmm4, %xmm5, %xmm1
+ vpclmulqdq $0x00, %xmm4, %xmm5, %xmm0
+ vpclmulqdq $0x11, %xmm4, %xmm5, %xmm3
+ vpxor %xmm1, %xmm2, %xmm2
+ vpslldq $8, %xmm2, %xmm1
+ vpsrldq $8, %xmm2, %xmm2
+ vpxor %xmm1, %xmm0, %xmm6
+ vpxor %xmm2, %xmm3, %xmm4
+ # ghash_mid
+ vpsrld $31, %xmm6, %xmm0
+ vpsrld $31, %xmm4, %xmm1
+ vpslld $0x01, %xmm6, %xmm6
+ vpslld $0x01, %xmm4, %xmm4
+ vpsrldq $12, %xmm0, %xmm2
+ vpslldq $4, %xmm0, %xmm0
+ vpslldq $4, %xmm1, %xmm1
+ vpor %xmm2, %xmm4, %xmm4
+ vpor %xmm0, %xmm6, %xmm6
+ vpor %xmm1, %xmm4, %xmm4
+ # ghash_red
+ vmovdqa L_avx2_aes_gcm_mod2_128(%rip), %xmm2
+ vpclmulqdq $16, %xmm2, %xmm6, %xmm0
+ vpshufd $0x4e, %xmm6, %xmm1
+ vpxor %xmm0, %xmm1, %xmm1
+ vpclmulqdq $16, %xmm2, %xmm1, %xmm0
+ vpshufd $0x4e, %xmm1, %xmm1
+ vpxor %xmm0, %xmm1, %xmm1
+ vpxor %xmm1, %xmm4, %xmm4
+L_AES_GCM_init_avx2_calc_iv_done:
+ # T = Encrypt counter
+ vpxor %xmm0, %xmm0, %xmm0
+ shll $3, %edx
+ vpinsrq $0x00, %rdx, %xmm0, %xmm0
+ vpxor %xmm0, %xmm4, %xmm4
+ # ghash_gfmul_avx
+ vpclmulqdq $16, %xmm4, %xmm5, %xmm2
+ vpclmulqdq $0x01, %xmm4, %xmm5, %xmm1
+ vpclmulqdq $0x00, %xmm4, %xmm5, %xmm0
+ vpclmulqdq $0x11, %xmm4, %xmm5, %xmm3
+ vpxor %xmm1, %xmm2, %xmm2
+ vpslldq $8, %xmm2, %xmm1
+ vpsrldq $8, %xmm2, %xmm2
+ vpxor %xmm1, %xmm0, %xmm6
+ vpxor %xmm2, %xmm3, %xmm4
+ # ghash_mid
+ vpsrld $31, %xmm6, %xmm0
+ vpsrld $31, %xmm4, %xmm1
+ vpslld $0x01, %xmm6, %xmm6
+ vpslld $0x01, %xmm4, %xmm4
+ vpsrldq $12, %xmm0, %xmm2
+ vpslldq $4, %xmm0, %xmm0
+ vpslldq $4, %xmm1, %xmm1
+ vpor %xmm2, %xmm4, %xmm4
+ vpor %xmm0, %xmm6, %xmm6
+ vpor %xmm1, %xmm4, %xmm4
+ # ghash_red
+ vmovdqa L_avx2_aes_gcm_mod2_128(%rip), %xmm2
+ vpclmulqdq $16, %xmm2, %xmm6, %xmm0
+ vpshufd $0x4e, %xmm6, %xmm1
+ vpxor %xmm0, %xmm1, %xmm1
+ vpclmulqdq $16, %xmm2, %xmm1, %xmm0
+ vpshufd $0x4e, %xmm1, %xmm1
+ vpxor %xmm0, %xmm1, %xmm1
+ vpxor %xmm1, %xmm4, %xmm4
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm4, %xmm4
+ # Encrypt counter
+ vmovdqa (%rdi), %xmm7
+ vpxor %xmm4, %xmm7, %xmm7
+ vaesenc 16(%rdi), %xmm7, %xmm7
+ vaesenc 32(%rdi), %xmm7, %xmm7
+ vaesenc 48(%rdi), %xmm7, %xmm7
+ vaesenc 64(%rdi), %xmm7, %xmm7
+ vaesenc 80(%rdi), %xmm7, %xmm7
+ vaesenc 96(%rdi), %xmm7, %xmm7
+ vaesenc 112(%rdi), %xmm7, %xmm7
+ vaesenc 128(%rdi), %xmm7, %xmm7
+ vaesenc 144(%rdi), %xmm7, %xmm7
+ cmpl $11, %esi
+ vmovdqa 160(%rdi), %xmm0
+ jl L_AES_GCM_init_avx2_calc_iv_2_aesenc_avx_last
+ vaesenc %xmm0, %xmm7, %xmm7
+ vaesenc 176(%rdi), %xmm7, %xmm7
+ cmpl $13, %esi
+ vmovdqa 192(%rdi), %xmm0
+ jl L_AES_GCM_init_avx2_calc_iv_2_aesenc_avx_last
+ vaesenc %xmm0, %xmm7, %xmm7
+ vaesenc 208(%rdi), %xmm7, %xmm7
+ vmovdqa 224(%rdi), %xmm0
+L_AES_GCM_init_avx2_calc_iv_2_aesenc_avx_last:
+ vaesenclast %xmm0, %xmm7, %xmm7
+ jmp L_AES_GCM_init_avx2_iv_done
+L_AES_GCM_init_avx2_iv_12:
+ # # Calculate values when IV is 12 bytes
+ # Set counter based on IV
+ vmovdqa L_avx2_aes_gcm_bswap_one(%rip), %xmm4
+ vmovdqa (%rdi), %xmm5
+ vpblendd $7, (%r10), %xmm4, %xmm4
+ # H = Encrypt X(=0) and T = Encrypt counter
+ vmovdqa 16(%rdi), %xmm6
+ vpxor %xmm5, %xmm4, %xmm7
+ vaesenc %xmm6, %xmm5, %xmm5
+ vaesenc %xmm6, %xmm7, %xmm7
+ vmovdqa 32(%rdi), %xmm0
+ vaesenc %xmm0, %xmm5, %xmm5
+ vaesenc %xmm0, %xmm7, %xmm7
+ vmovdqa 48(%rdi), %xmm0
+ vaesenc %xmm0, %xmm5, %xmm5
+ vaesenc %xmm0, %xmm7, %xmm7
+ vmovdqa 64(%rdi), %xmm0
+ vaesenc %xmm0, %xmm5, %xmm5
+ vaesenc %xmm0, %xmm7, %xmm7
+ vmovdqa 80(%rdi), %xmm0
+ vaesenc %xmm0, %xmm5, %xmm5
+ vaesenc %xmm0, %xmm7, %xmm7
+ vmovdqa 96(%rdi), %xmm0
+ vaesenc %xmm0, %xmm5, %xmm5
+ vaesenc %xmm0, %xmm7, %xmm7
+ vmovdqa 112(%rdi), %xmm0
+ vaesenc %xmm0, %xmm5, %xmm5
+ vaesenc %xmm0, %xmm7, %xmm7
+ vmovdqa 128(%rdi), %xmm0
+ vaesenc %xmm0, %xmm5, %xmm5
+ vaesenc %xmm0, %xmm7, %xmm7
+ vmovdqa 144(%rdi), %xmm0
+ vaesenc %xmm0, %xmm5, %xmm5
+ vaesenc %xmm0, %xmm7, %xmm7
+ cmpl $11, %esi
+ vmovdqa 160(%rdi), %xmm0
+ jl L_AES_GCM_init_avx2_calc_iv_12_last
+ vaesenc %xmm0, %xmm5, %xmm5
+ vaesenc %xmm0, %xmm7, %xmm7
+ vmovdqa 176(%rdi), %xmm0
+ vaesenc %xmm0, %xmm5, %xmm5
+ vaesenc %xmm0, %xmm7, %xmm7
+ cmpl $13, %esi
+ vmovdqa 192(%rdi), %xmm0
+ jl L_AES_GCM_init_avx2_calc_iv_12_last
+ vaesenc %xmm0, %xmm5, %xmm5
+ vaesenc %xmm0, %xmm7, %xmm7
+ vmovdqa 208(%rdi), %xmm0
+ vaesenc %xmm0, %xmm5, %xmm5
+ vaesenc %xmm0, %xmm7, %xmm7
+ vmovdqa 224(%rdi), %xmm0
+L_AES_GCM_init_avx2_calc_iv_12_last:
+ vaesenclast %xmm0, %xmm5, %xmm5
+ vaesenclast %xmm0, %xmm7, %xmm7
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm5, %xmm5
+L_AES_GCM_init_avx2_iv_done:
+ vmovdqa %xmm7, (%rax)
+ vpshufb L_avx2_aes_gcm_bswap_epi64(%rip), %xmm4, %xmm4
+ vpaddd L_avx2_aes_gcm_one(%rip), %xmm4, %xmm4
+ vmovdqa %xmm5, (%r8)
+ vmovdqa %xmm4, (%r9)
+ vzeroupper
+ addq $16, %rsp
+ popq %r12
+ popq %rbx
+ repz retq
+#ifndef __APPLE__
+.size AES_GCM_init_avx2,.-AES_GCM_init_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl AES_GCM_aad_update_avx2
+.type AES_GCM_aad_update_avx2,@function
+.align 16
+AES_GCM_aad_update_avx2:
+#else
+.section __TEXT,__text
+.globl _AES_GCM_aad_update_avx2
+.p2align 4
+_AES_GCM_aad_update_avx2:
+#endif /* __APPLE__ */
+ movq %rcx, %rax
+ vmovdqa (%rdx), %xmm4
+ vmovdqa (%rax), %xmm5
+ xorl %ecx, %ecx
+L_AES_GCM_aad_update_avx2_16_loop:
+ vmovdqu (%rdi,%rcx,1), %xmm0
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
+ vpxor %xmm0, %xmm4, %xmm4
+ # ghash_gfmul_avx
+ vpclmulqdq $16, %xmm4, %xmm5, %xmm2
+ vpclmulqdq $0x01, %xmm4, %xmm5, %xmm1
+ vpclmulqdq $0x00, %xmm4, %xmm5, %xmm0
+ vpclmulqdq $0x11, %xmm4, %xmm5, %xmm3
+ vpxor %xmm1, %xmm2, %xmm2
+ vpslldq $8, %xmm2, %xmm1
+ vpsrldq $8, %xmm2, %xmm2
+ vpxor %xmm1, %xmm0, %xmm6
+ vpxor %xmm2, %xmm3, %xmm4
+ # ghash_mid
+ vpsrld $31, %xmm6, %xmm0
+ vpsrld $31, %xmm4, %xmm1
+ vpslld $0x01, %xmm6, %xmm6
+ vpslld $0x01, %xmm4, %xmm4
+ vpsrldq $12, %xmm0, %xmm2
+ vpslldq $4, %xmm0, %xmm0
+ vpslldq $4, %xmm1, %xmm1
+ vpor %xmm2, %xmm4, %xmm4
+ vpor %xmm0, %xmm6, %xmm6
+ vpor %xmm1, %xmm4, %xmm4
+ # ghash_red
+ vmovdqa L_avx2_aes_gcm_mod2_128(%rip), %xmm2
+ vpclmulqdq $16, %xmm2, %xmm6, %xmm0
+ vpshufd $0x4e, %xmm6, %xmm1
+ vpxor %xmm0, %xmm1, %xmm1
+ vpclmulqdq $16, %xmm2, %xmm1, %xmm0
+ vpshufd $0x4e, %xmm1, %xmm1
+ vpxor %xmm0, %xmm1, %xmm1
+ vpxor %xmm1, %xmm4, %xmm4
+ addl $16, %ecx
+ cmpl %esi, %ecx
+ jl L_AES_GCM_aad_update_avx2_16_loop
+ vmovdqa %xmm4, (%rdx)
+ vzeroupper
+ repz retq
+#ifndef __APPLE__
+.size AES_GCM_aad_update_avx2,.-AES_GCM_aad_update_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl AES_GCM_encrypt_block_avx2
+.type AES_GCM_encrypt_block_avx2,@function
+.align 16
+AES_GCM_encrypt_block_avx2:
+#else
+.section __TEXT,__text
+.globl _AES_GCM_encrypt_block_avx2
+.p2align 4
+_AES_GCM_encrypt_block_avx2:
+#endif /* __APPLE__ */
+ movq %rdx, %r10
+ movq %rcx, %r11
+ subq $0x98, %rsp
+ vmovdqa (%r8), %xmm3
+ # aesenc_block
+ vmovdqa %xmm3, %xmm1
+ vpshufb L_avx2_aes_gcm_bswap_epi64(%rip), %xmm1, %xmm0
+ vpaddd L_avx2_aes_gcm_one(%rip), %xmm1, %xmm1
+ vpxor (%rdi), %xmm0, %xmm0
+ vmovdqa 16(%rdi), %xmm2
+ vaesenc %xmm2, %xmm0, %xmm0
+ vmovdqa 32(%rdi), %xmm2
+ vaesenc %xmm2, %xmm0, %xmm0
+ vmovdqa 48(%rdi), %xmm2
+ vaesenc %xmm2, %xmm0, %xmm0
+ vmovdqa 64(%rdi), %xmm2
+ vaesenc %xmm2, %xmm0, %xmm0
+ vmovdqa 80(%rdi), %xmm2
+ vaesenc %xmm2, %xmm0, %xmm0
+ vmovdqa 96(%rdi), %xmm2
+ vaesenc %xmm2, %xmm0, %xmm0
+ vmovdqa 112(%rdi), %xmm2
+ vaesenc %xmm2, %xmm0, %xmm0
+ vmovdqa 128(%rdi), %xmm2
+ vaesenc %xmm2, %xmm0, %xmm0
+ vmovdqa 144(%rdi), %xmm2
+ vaesenc %xmm2, %xmm0, %xmm0
+ vmovdqa %xmm1, %xmm3
+ cmpl $11, %esi
+ vmovdqa 160(%rdi), %xmm1
+ jl L_AES_GCM_encrypt_block_avx2_aesenc_block_last
+ vaesenc %xmm1, %xmm0, %xmm0
+ vmovdqa 176(%rdi), %xmm2
+ vaesenc %xmm2, %xmm0, %xmm0
+ cmpl $13, %esi
+ vmovdqa 192(%rdi), %xmm1
+ jl L_AES_GCM_encrypt_block_avx2_aesenc_block_last
+ vaesenc %xmm1, %xmm0, %xmm0
+ vmovdqa 208(%rdi), %xmm2
+ vaesenc %xmm2, %xmm0, %xmm0
+ vmovdqa 224(%rdi), %xmm1
+L_AES_GCM_encrypt_block_avx2_aesenc_block_last:
+ vaesenclast %xmm1, %xmm0, %xmm0
+ vmovdqu (%r11), %xmm1
+ vpxor %xmm1, %xmm0, %xmm0
+ vmovdqu %xmm0, (%r10)
+ vmovdqa %xmm3, (%r8)
+ vzeroupper
+ addq $0x98, %rsp
+ repz retq
+#ifndef __APPLE__
+.size AES_GCM_encrypt_block_avx2,.-AES_GCM_encrypt_block_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl AES_GCM_ghash_block_avx2
+.type AES_GCM_ghash_block_avx2,@function
+.align 16
+AES_GCM_ghash_block_avx2:
+#else
+.section __TEXT,__text
+.globl _AES_GCM_ghash_block_avx2
+.p2align 4
+_AES_GCM_ghash_block_avx2:
+#endif /* __APPLE__ */
+ vmovdqa (%rsi), %xmm4
+ vmovdqa (%rdx), %xmm5
+ vmovdqu (%rdi), %xmm0
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
+ vpxor %xmm0, %xmm4, %xmm4
+ # ghash_gfmul_avx
+ vpclmulqdq $16, %xmm4, %xmm5, %xmm2
+ vpclmulqdq $0x01, %xmm4, %xmm5, %xmm1
+ vpclmulqdq $0x00, %xmm4, %xmm5, %xmm0
+ vpclmulqdq $0x11, %xmm4, %xmm5, %xmm3
+ vpxor %xmm1, %xmm2, %xmm2
+ vpslldq $8, %xmm2, %xmm1
+ vpsrldq $8, %xmm2, %xmm2
+ vpxor %xmm1, %xmm0, %xmm6
+ vpxor %xmm2, %xmm3, %xmm4
+ # ghash_mid
+ vpsrld $31, %xmm6, %xmm0
+ vpsrld $31, %xmm4, %xmm1
+ vpslld $0x01, %xmm6, %xmm6
+ vpslld $0x01, %xmm4, %xmm4
+ vpsrldq $12, %xmm0, %xmm2
+ vpslldq $4, %xmm0, %xmm0
+ vpslldq $4, %xmm1, %xmm1
+ vpor %xmm2, %xmm4, %xmm4
+ vpor %xmm0, %xmm6, %xmm6
+ vpor %xmm1, %xmm4, %xmm4
+ # ghash_red
+ vmovdqa L_avx2_aes_gcm_mod2_128(%rip), %xmm2
+ vpclmulqdq $16, %xmm2, %xmm6, %xmm0
+ vpshufd $0x4e, %xmm6, %xmm1
+ vpxor %xmm0, %xmm1, %xmm1
+ vpclmulqdq $16, %xmm2, %xmm1, %xmm0
+ vpshufd $0x4e, %xmm1, %xmm1
+ vpxor %xmm0, %xmm1, %xmm1
+ vpxor %xmm1, %xmm4, %xmm4
+ vmovdqa %xmm4, (%rsi)
+ vzeroupper
+ repz retq
+#ifndef __APPLE__
+.size AES_GCM_ghash_block_avx2,.-AES_GCM_ghash_block_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl AES_GCM_encrypt_update_avx2
+.type AES_GCM_encrypt_update_avx2,@function
+.align 16
+AES_GCM_encrypt_update_avx2:
+#else
+.section __TEXT,__text
+.globl _AES_GCM_encrypt_update_avx2
+.p2align 4
+_AES_GCM_encrypt_update_avx2:
+#endif /* __APPLE__ */
+ pushq %r12
+ pushq %r13
+ pushq %r14
+ movq %rdx, %r10
+ movq %rcx, %r11
+ movq 32(%rsp), %rax
+ movq 40(%rsp), %r12
+ subq $0x98, %rsp
+ vmovdqa (%r9), %xmm6
+ vmovdqa (%rax), %xmm5
+ vmovdqa (%r12), %xmm4
+ vpsrlq $63, %xmm5, %xmm1
+ vpsllq $0x01, %xmm5, %xmm0
+ vpslldq $8, %xmm1, %xmm1
+ vpor %xmm1, %xmm0, %xmm0
+ vpshufd $0xff, %xmm5, %xmm5
+ vpsrad $31, %xmm5, %xmm5
+ vpand L_avx2_aes_gcm_mod2_128(%rip), %xmm5, %xmm5
+ vpxor %xmm0, %xmm5, %xmm5
+ xorl %r14d, %r14d
+ cmpl $0x80, %r8d
+ movl %r8d, %r13d
+ jl L_AES_GCM_encrypt_update_avx2_done_128
+ andl $0xffffff80, %r13d
+ vmovdqa %xmm4, 128(%rsp)
+ vmovdqa L_avx2_aes_gcm_mod2_128(%rip), %xmm3
+ # H ^ 1 and H ^ 2
+ vpclmulqdq $0x00, %xmm5, %xmm5, %xmm9
+ vpclmulqdq $0x11, %xmm5, %xmm5, %xmm10
+ vpclmulqdq $16, %xmm3, %xmm9, %xmm8
+ vpshufd $0x4e, %xmm9, %xmm9
+ vpxor %xmm8, %xmm9, %xmm9
+ vpclmulqdq $16, %xmm3, %xmm9, %xmm8
+ vpshufd $0x4e, %xmm9, %xmm9
+ vpxor %xmm8, %xmm9, %xmm9
+ vpxor %xmm9, %xmm10, %xmm0
+ vmovdqa %xmm5, (%rsp)
+ vmovdqa %xmm0, 16(%rsp)
+ # H ^ 3 and H ^ 4
+ vpclmulqdq $16, %xmm5, %xmm0, %xmm11
+ vpclmulqdq $0x01, %xmm5, %xmm0, %xmm10
+ vpclmulqdq $0x00, %xmm5, %xmm0, %xmm9
+ vpclmulqdq $0x11, %xmm5, %xmm0, %xmm12
+ vpclmulqdq $0x00, %xmm0, %xmm0, %xmm13
+ vpclmulqdq $0x11, %xmm0, %xmm0, %xmm14
+ vpxor %xmm10, %xmm11, %xmm11
+ vpslldq $8, %xmm11, %xmm10
+ vpsrldq $8, %xmm11, %xmm11
+ vpxor %xmm9, %xmm10, %xmm10
+ vpclmulqdq $16, %xmm3, %xmm13, %xmm8
+ vpclmulqdq $16, %xmm3, %xmm10, %xmm9
+ vpshufd $0x4e, %xmm10, %xmm10
+ vpshufd $0x4e, %xmm13, %xmm13
+ vpxor %xmm9, %xmm10, %xmm10
+ vpxor %xmm8, %xmm13, %xmm13
+ vpclmulqdq $16, %xmm3, %xmm10, %xmm9
+ vpclmulqdq $16, %xmm3, %xmm13, %xmm8
+ vpshufd $0x4e, %xmm10, %xmm10
+ vpshufd $0x4e, %xmm13, %xmm13
+ vpxor %xmm11, %xmm12, %xmm12
+ vpxor %xmm8, %xmm13, %xmm13
+ vpxor %xmm12, %xmm10, %xmm10
+ vpxor %xmm14, %xmm13, %xmm2
+ vpxor %xmm9, %xmm10, %xmm1
+ vmovdqa %xmm1, 32(%rsp)
+ vmovdqa %xmm2, 48(%rsp)
+ # H ^ 5 and H ^ 6
+ vpclmulqdq $16, %xmm0, %xmm1, %xmm11
+ vpclmulqdq $0x01, %xmm0, %xmm1, %xmm10
+ vpclmulqdq $0x00, %xmm0, %xmm1, %xmm9
+ vpclmulqdq $0x11, %xmm0, %xmm1, %xmm12
+ vpclmulqdq $0x00, %xmm1, %xmm1, %xmm13
+ vpclmulqdq $0x11, %xmm1, %xmm1, %xmm14
+ vpxor %xmm10, %xmm11, %xmm11
+ vpslldq $8, %xmm11, %xmm10
+ vpsrldq $8, %xmm11, %xmm11
+ vpxor %xmm9, %xmm10, %xmm10
+ vpclmulqdq $16, %xmm3, %xmm13, %xmm8
+ vpclmulqdq $16, %xmm3, %xmm10, %xmm9
+ vpshufd $0x4e, %xmm10, %xmm10
+ vpshufd $0x4e, %xmm13, %xmm13
+ vpxor %xmm9, %xmm10, %xmm10
+ vpxor %xmm8, %xmm13, %xmm13
+ vpclmulqdq $16, %xmm3, %xmm10, %xmm9
+ vpclmulqdq $16, %xmm3, %xmm13, %xmm8
+ vpshufd $0x4e, %xmm10, %xmm10
+ vpshufd $0x4e, %xmm13, %xmm13
+ vpxor %xmm11, %xmm12, %xmm12
+ vpxor %xmm8, %xmm13, %xmm13
+ vpxor %xmm12, %xmm10, %xmm10
+ vpxor %xmm14, %xmm13, %xmm0
+ vpxor %xmm9, %xmm10, %xmm7
+ vmovdqa %xmm7, 64(%rsp)
+ vmovdqa %xmm0, 80(%rsp)
+ # H ^ 7 and H ^ 8
+ vpclmulqdq $16, %xmm1, %xmm2, %xmm11
+ vpclmulqdq $0x01, %xmm1, %xmm2, %xmm10
+ vpclmulqdq $0x00, %xmm1, %xmm2, %xmm9
+ vpclmulqdq $0x11, %xmm1, %xmm2, %xmm12
+ vpclmulqdq $0x00, %xmm2, %xmm2, %xmm13
+ vpclmulqdq $0x11, %xmm2, %xmm2, %xmm14
+ vpxor %xmm10, %xmm11, %xmm11
+ vpslldq $8, %xmm11, %xmm10
+ vpsrldq $8, %xmm11, %xmm11
+ vpxor %xmm9, %xmm10, %xmm10
+ vpclmulqdq $16, %xmm3, %xmm13, %xmm8
+ vpclmulqdq $16, %xmm3, %xmm10, %xmm9
+ vpshufd $0x4e, %xmm10, %xmm10
+ vpshufd $0x4e, %xmm13, %xmm13
+ vpxor %xmm9, %xmm10, %xmm10
+ vpxor %xmm8, %xmm13, %xmm13
+ vpclmulqdq $16, %xmm3, %xmm10, %xmm9
+ vpclmulqdq $16, %xmm3, %xmm13, %xmm8
+ vpshufd $0x4e, %xmm10, %xmm10
+ vpshufd $0x4e, %xmm13, %xmm13
+ vpxor %xmm11, %xmm12, %xmm12
+ vpxor %xmm8, %xmm13, %xmm13
+ vpxor %xmm12, %xmm10, %xmm10
+ vpxor %xmm14, %xmm13, %xmm0
+ vpxor %xmm9, %xmm10, %xmm7
+ vmovdqa %xmm7, 96(%rsp)
+ vmovdqa %xmm0, 112(%rsp)
+ # First 128 bytes of input
+ # aesenc_128
+ # aesenc_ctr
+ vmovdqa 128(%rsp), %xmm0
+ vmovdqa L_avx2_aes_gcm_bswap_epi64(%rip), %xmm1
+ vpaddd L_avx2_aes_gcm_one(%rip), %xmm0, %xmm9
+ vpshufb %xmm1, %xmm0, %xmm8
+ vpaddd L_avx2_aes_gcm_two(%rip), %xmm0, %xmm10
+ vpshufb %xmm1, %xmm9, %xmm9
+ vpaddd L_avx2_aes_gcm_three(%rip), %xmm0, %xmm11
+ vpshufb %xmm1, %xmm10, %xmm10
+ vpaddd L_avx2_aes_gcm_four(%rip), %xmm0, %xmm12
+ vpshufb %xmm1, %xmm11, %xmm11
+ vpaddd L_avx2_aes_gcm_five(%rip), %xmm0, %xmm13
+ vpshufb %xmm1, %xmm12, %xmm12
+ vpaddd L_avx2_aes_gcm_six(%rip), %xmm0, %xmm14
+ vpshufb %xmm1, %xmm13, %xmm13
+ vpaddd L_avx2_aes_gcm_seven(%rip), %xmm0, %xmm15
+ vpshufb %xmm1, %xmm14, %xmm14
+ vpaddd L_avx2_aes_gcm_eight(%rip), %xmm0, %xmm0
+ vpshufb %xmm1, %xmm15, %xmm15
+ # aesenc_xor
+ vmovdqa (%rdi), %xmm7
+ vmovdqa %xmm0, 128(%rsp)
+ vpxor %xmm7, %xmm8, %xmm8
+ vpxor %xmm7, %xmm9, %xmm9
+ vpxor %xmm7, %xmm10, %xmm10
+ vpxor %xmm7, %xmm11, %xmm11
+ vpxor %xmm7, %xmm12, %xmm12
+ vpxor %xmm7, %xmm13, %xmm13
+ vpxor %xmm7, %xmm14, %xmm14
+ vpxor %xmm7, %xmm15, %xmm15
+ vmovdqa 16(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 32(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 48(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 64(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 80(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 96(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 112(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 128(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 144(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ cmpl $11, %esi
+ vmovdqa 160(%rdi), %xmm7
+ jl L_AES_GCM_encrypt_update_avx2_aesenc_128_enc_done
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 176(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ cmpl $13, %esi
+ vmovdqa 192(%rdi), %xmm7
+ jl L_AES_GCM_encrypt_update_avx2_aesenc_128_enc_done
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 208(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 224(%rdi), %xmm7
+L_AES_GCM_encrypt_update_avx2_aesenc_128_enc_done:
+ # aesenc_last
+ vaesenclast %xmm7, %xmm8, %xmm8
+ vaesenclast %xmm7, %xmm9, %xmm9
+ vaesenclast %xmm7, %xmm10, %xmm10
+ vaesenclast %xmm7, %xmm11, %xmm11
+ vmovdqu (%r11), %xmm0
+ vmovdqu 16(%r11), %xmm1
+ vmovdqu 32(%r11), %xmm2
+ vmovdqu 48(%r11), %xmm3
+ vpxor %xmm0, %xmm8, %xmm8
+ vpxor %xmm1, %xmm9, %xmm9
+ vpxor %xmm2, %xmm10, %xmm10
+ vpxor %xmm3, %xmm11, %xmm11
+ vmovdqu %xmm8, (%r10)
+ vmovdqu %xmm9, 16(%r10)
+ vmovdqu %xmm10, 32(%r10)
+ vmovdqu %xmm11, 48(%r10)
+ vaesenclast %xmm7, %xmm12, %xmm12
+ vaesenclast %xmm7, %xmm13, %xmm13
+ vaesenclast %xmm7, %xmm14, %xmm14
+ vaesenclast %xmm7, %xmm15, %xmm15
+ vmovdqu 64(%r11), %xmm0
+ vmovdqu 80(%r11), %xmm1
+ vmovdqu 96(%r11), %xmm2
+ vmovdqu 112(%r11), %xmm3
+ vpxor %xmm0, %xmm12, %xmm12
+ vpxor %xmm1, %xmm13, %xmm13
+ vpxor %xmm2, %xmm14, %xmm14
+ vpxor %xmm3, %xmm15, %xmm15
+ vmovdqu %xmm12, 64(%r10)
+ vmovdqu %xmm13, 80(%r10)
+ vmovdqu %xmm14, 96(%r10)
+ vmovdqu %xmm15, 112(%r10)
+ cmpl $0x80, %r13d
+ movl $0x80, %r14d
+ jle L_AES_GCM_encrypt_update_avx2_end_128
+ # More 128 bytes of input
+L_AES_GCM_encrypt_update_avx2_ghash_128:
+ # aesenc_128_ghash
+ leaq (%r11,%r14,1), %rcx
+ leaq (%r10,%r14,1), %rdx
+ # aesenc_ctr
+ vmovdqa 128(%rsp), %xmm0
+ vmovdqa L_avx2_aes_gcm_bswap_epi64(%rip), %xmm1
+ vpaddd L_avx2_aes_gcm_one(%rip), %xmm0, %xmm9
+ vpshufb %xmm1, %xmm0, %xmm8
+ vpaddd L_avx2_aes_gcm_two(%rip), %xmm0, %xmm10
+ vpshufb %xmm1, %xmm9, %xmm9
+ vpaddd L_avx2_aes_gcm_three(%rip), %xmm0, %xmm11
+ vpshufb %xmm1, %xmm10, %xmm10
+ vpaddd L_avx2_aes_gcm_four(%rip), %xmm0, %xmm12
+ vpshufb %xmm1, %xmm11, %xmm11
+ vpaddd L_avx2_aes_gcm_five(%rip), %xmm0, %xmm13
+ vpshufb %xmm1, %xmm12, %xmm12
+ vpaddd L_avx2_aes_gcm_six(%rip), %xmm0, %xmm14
+ vpshufb %xmm1, %xmm13, %xmm13
+ vpaddd L_avx2_aes_gcm_seven(%rip), %xmm0, %xmm15
+ vpshufb %xmm1, %xmm14, %xmm14
+ vpaddd L_avx2_aes_gcm_eight(%rip), %xmm0, %xmm0
+ vpshufb %xmm1, %xmm15, %xmm15
+ # aesenc_xor
+ vmovdqa (%rdi), %xmm7
+ vmovdqa %xmm0, 128(%rsp)
+ vpxor %xmm7, %xmm8, %xmm8
+ vpxor %xmm7, %xmm9, %xmm9
+ vpxor %xmm7, %xmm10, %xmm10
+ vpxor %xmm7, %xmm11, %xmm11
+ vpxor %xmm7, %xmm12, %xmm12
+ vpxor %xmm7, %xmm13, %xmm13
+ vpxor %xmm7, %xmm14, %xmm14
+ vpxor %xmm7, %xmm15, %xmm15
+ # aesenc_pclmul_1
+ vmovdqu -128(%rdx), %xmm1
+ vmovdqu 16(%rdi), %xmm0
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1
+ vmovdqa 112(%rsp), %xmm2
+ vpxor %xmm6, %xmm1, %xmm1
+ vpclmulqdq $16, %xmm2, %xmm1, %xmm5
+ vpclmulqdq $0x01, %xmm2, %xmm1, %xmm3
+ vpclmulqdq $0x00, %xmm2, %xmm1, %xmm6
+ vpclmulqdq $0x11, %xmm2, %xmm1, %xmm7
+ vaesenc %xmm0, %xmm8, %xmm8
+ vaesenc %xmm0, %xmm9, %xmm9
+ vaesenc %xmm0, %xmm10, %xmm10
+ vaesenc %xmm0, %xmm11, %xmm11
+ vaesenc %xmm0, %xmm12, %xmm12
+ vaesenc %xmm0, %xmm13, %xmm13
+ vaesenc %xmm0, %xmm14, %xmm14
+ vaesenc %xmm0, %xmm15, %xmm15
+ # aesenc_pclmul_2
+ vmovdqu -112(%rdx), %xmm1
+ vmovdqa 96(%rsp), %xmm0
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1
+ vpxor %xmm3, %xmm5, %xmm5
+ vpclmulqdq $16, %xmm0, %xmm1, %xmm2
+ vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3
+ vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4
+ vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1
+ vmovdqu 32(%rdi), %xmm0
+ vpxor %xmm1, %xmm7, %xmm7
+ vaesenc %xmm0, %xmm8, %xmm8
+ vaesenc %xmm0, %xmm9, %xmm9
+ vaesenc %xmm0, %xmm10, %xmm10
+ vaesenc %xmm0, %xmm11, %xmm11
+ vaesenc %xmm0, %xmm12, %xmm12
+ vaesenc %xmm0, %xmm13, %xmm13
+ vaesenc %xmm0, %xmm14, %xmm14
+ vaesenc %xmm0, %xmm15, %xmm15
+ # aesenc_pclmul_n
+ vmovdqu -96(%rdx), %xmm1
+ vmovdqa 80(%rsp), %xmm0
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1
+ vpxor %xmm2, %xmm5, %xmm5
+ vpclmulqdq $16, %xmm0, %xmm1, %xmm2
+ vpxor %xmm3, %xmm5, %xmm5
+ vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3
+ vpxor %xmm4, %xmm6, %xmm6
+ vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4
+ vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1
+ vmovdqu 48(%rdi), %xmm0
+ vpxor %xmm1, %xmm7, %xmm7
+ vaesenc %xmm0, %xmm8, %xmm8
+ vaesenc %xmm0, %xmm9, %xmm9
+ vaesenc %xmm0, %xmm10, %xmm10
+ vaesenc %xmm0, %xmm11, %xmm11
+ vaesenc %xmm0, %xmm12, %xmm12
+ vaesenc %xmm0, %xmm13, %xmm13
+ vaesenc %xmm0, %xmm14, %xmm14
+ vaesenc %xmm0, %xmm15, %xmm15
+ # aesenc_pclmul_n
+ vmovdqu -80(%rdx), %xmm1
+ vmovdqa 64(%rsp), %xmm0
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1
+ vpxor %xmm2, %xmm5, %xmm5
+ vpclmulqdq $16, %xmm0, %xmm1, %xmm2
+ vpxor %xmm3, %xmm5, %xmm5
+ vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3
+ vpxor %xmm4, %xmm6, %xmm6
+ vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4
+ vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1
+ vmovdqu 64(%rdi), %xmm0
+ vpxor %xmm1, %xmm7, %xmm7
+ vaesenc %xmm0, %xmm8, %xmm8
+ vaesenc %xmm0, %xmm9, %xmm9
+ vaesenc %xmm0, %xmm10, %xmm10
+ vaesenc %xmm0, %xmm11, %xmm11
+ vaesenc %xmm0, %xmm12, %xmm12
+ vaesenc %xmm0, %xmm13, %xmm13
+ vaesenc %xmm0, %xmm14, %xmm14
+ vaesenc %xmm0, %xmm15, %xmm15
+ # aesenc_pclmul_n
+ vmovdqu -64(%rdx), %xmm1
+ vmovdqa 48(%rsp), %xmm0
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1
+ vpxor %xmm2, %xmm5, %xmm5
+ vpclmulqdq $16, %xmm0, %xmm1, %xmm2
+ vpxor %xmm3, %xmm5, %xmm5
+ vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3
+ vpxor %xmm4, %xmm6, %xmm6
+ vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4
+ vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1
+ vmovdqu 80(%rdi), %xmm0
+ vpxor %xmm1, %xmm7, %xmm7
+ vaesenc %xmm0, %xmm8, %xmm8
+ vaesenc %xmm0, %xmm9, %xmm9
+ vaesenc %xmm0, %xmm10, %xmm10
+ vaesenc %xmm0, %xmm11, %xmm11
+ vaesenc %xmm0, %xmm12, %xmm12
+ vaesenc %xmm0, %xmm13, %xmm13
+ vaesenc %xmm0, %xmm14, %xmm14
+ vaesenc %xmm0, %xmm15, %xmm15
+ # aesenc_pclmul_n
+ vmovdqu -48(%rdx), %xmm1
+ vmovdqa 32(%rsp), %xmm0
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1
+ vpxor %xmm2, %xmm5, %xmm5
+ vpclmulqdq $16, %xmm0, %xmm1, %xmm2
+ vpxor %xmm3, %xmm5, %xmm5
+ vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3
+ vpxor %xmm4, %xmm6, %xmm6
+ vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4
+ vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1
+ vmovdqu 96(%rdi), %xmm0
+ vpxor %xmm1, %xmm7, %xmm7
+ vaesenc %xmm0, %xmm8, %xmm8
+ vaesenc %xmm0, %xmm9, %xmm9
+ vaesenc %xmm0, %xmm10, %xmm10
+ vaesenc %xmm0, %xmm11, %xmm11
+ vaesenc %xmm0, %xmm12, %xmm12
+ vaesenc %xmm0, %xmm13, %xmm13
+ vaesenc %xmm0, %xmm14, %xmm14
+ vaesenc %xmm0, %xmm15, %xmm15
+ # aesenc_pclmul_n
+ vmovdqu -32(%rdx), %xmm1
+ vmovdqa 16(%rsp), %xmm0
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1
+ vpxor %xmm2, %xmm5, %xmm5
+ vpclmulqdq $16, %xmm0, %xmm1, %xmm2
+ vpxor %xmm3, %xmm5, %xmm5
+ vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3
+ vpxor %xmm4, %xmm6, %xmm6
+ vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4
+ vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1
+ vmovdqu 112(%rdi), %xmm0
+ vpxor %xmm1, %xmm7, %xmm7
+ vaesenc %xmm0, %xmm8, %xmm8
+ vaesenc %xmm0, %xmm9, %xmm9
+ vaesenc %xmm0, %xmm10, %xmm10
+ vaesenc %xmm0, %xmm11, %xmm11
+ vaesenc %xmm0, %xmm12, %xmm12
+ vaesenc %xmm0, %xmm13, %xmm13
+ vaesenc %xmm0, %xmm14, %xmm14
+ vaesenc %xmm0, %xmm15, %xmm15
+ # aesenc_pclmul_n
+ vmovdqu -16(%rdx), %xmm1
+ vmovdqa (%rsp), %xmm0
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1
+ vpxor %xmm2, %xmm5, %xmm5
+ vpclmulqdq $16, %xmm0, %xmm1, %xmm2
+ vpxor %xmm3, %xmm5, %xmm5
+ vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3
+ vpxor %xmm4, %xmm6, %xmm6
+ vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4
+ vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1
+ vmovdqu 128(%rdi), %xmm0
+ vpxor %xmm1, %xmm7, %xmm7
+ vaesenc %xmm0, %xmm8, %xmm8
+ vaesenc %xmm0, %xmm9, %xmm9
+ vaesenc %xmm0, %xmm10, %xmm10
+ vaesenc %xmm0, %xmm11, %xmm11
+ vaesenc %xmm0, %xmm12, %xmm12
+ vaesenc %xmm0, %xmm13, %xmm13
+ vaesenc %xmm0, %xmm14, %xmm14
+ vaesenc %xmm0, %xmm15, %xmm15
+ # aesenc_pclmul_l
+ vpxor %xmm2, %xmm5, %xmm5
+ vpxor %xmm4, %xmm6, %xmm6
+ vpxor %xmm3, %xmm5, %xmm5
+ vpslldq $8, %xmm5, %xmm1
+ vpsrldq $8, %xmm5, %xmm5
+ vmovdqa 144(%rdi), %xmm4
+ vmovdqa L_avx2_aes_gcm_mod2_128(%rip), %xmm0
+ vaesenc %xmm4, %xmm8, %xmm8
+ vpxor %xmm1, %xmm6, %xmm6
+ vpxor %xmm5, %xmm7, %xmm7
+ vpclmulqdq $16, %xmm0, %xmm6, %xmm3
+ vaesenc %xmm4, %xmm9, %xmm9
+ vaesenc %xmm4, %xmm10, %xmm10
+ vaesenc %xmm4, %xmm11, %xmm11
+ vpshufd $0x4e, %xmm6, %xmm6
+ vpxor %xmm3, %xmm6, %xmm6
+ vpclmulqdq $16, %xmm0, %xmm6, %xmm3
+ vaesenc %xmm4, %xmm12, %xmm12
+ vaesenc %xmm4, %xmm13, %xmm13
+ vaesenc %xmm4, %xmm14, %xmm14
+ vpshufd $0x4e, %xmm6, %xmm6
+ vpxor %xmm3, %xmm6, %xmm6
+ vpxor %xmm7, %xmm6, %xmm6
+ vaesenc %xmm4, %xmm15, %xmm15
+ cmpl $11, %esi
+ vmovdqa 160(%rdi), %xmm7
+ jl L_AES_GCM_encrypt_update_avx2_aesenc_128_ghash_avx_done
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 176(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ cmpl $13, %esi
+ vmovdqa 192(%rdi), %xmm7
+ jl L_AES_GCM_encrypt_update_avx2_aesenc_128_ghash_avx_done
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 208(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 224(%rdi), %xmm7
+L_AES_GCM_encrypt_update_avx2_aesenc_128_ghash_avx_done:
+ # aesenc_last
+ vaesenclast %xmm7, %xmm8, %xmm8
+ vaesenclast %xmm7, %xmm9, %xmm9
+ vaesenclast %xmm7, %xmm10, %xmm10
+ vaesenclast %xmm7, %xmm11, %xmm11
+ vmovdqu (%rcx), %xmm0
+ vmovdqu 16(%rcx), %xmm1
+ vmovdqu 32(%rcx), %xmm2
+ vmovdqu 48(%rcx), %xmm3
+ vpxor %xmm0, %xmm8, %xmm8
+ vpxor %xmm1, %xmm9, %xmm9
+ vpxor %xmm2, %xmm10, %xmm10
+ vpxor %xmm3, %xmm11, %xmm11
+ vmovdqu %xmm8, (%rdx)
+ vmovdqu %xmm9, 16(%rdx)
+ vmovdqu %xmm10, 32(%rdx)
+ vmovdqu %xmm11, 48(%rdx)
+ vaesenclast %xmm7, %xmm12, %xmm12
+ vaesenclast %xmm7, %xmm13, %xmm13
+ vaesenclast %xmm7, %xmm14, %xmm14
+ vaesenclast %xmm7, %xmm15, %xmm15
+ vmovdqu 64(%rcx), %xmm0
+ vmovdqu 80(%rcx), %xmm1
+ vmovdqu 96(%rcx), %xmm2
+ vmovdqu 112(%rcx), %xmm3
+ vpxor %xmm0, %xmm12, %xmm12
+ vpxor %xmm1, %xmm13, %xmm13
+ vpxor %xmm2, %xmm14, %xmm14
+ vpxor %xmm3, %xmm15, %xmm15
+ vmovdqu %xmm12, 64(%rdx)
+ vmovdqu %xmm13, 80(%rdx)
+ vmovdqu %xmm14, 96(%rdx)
+ vmovdqu %xmm15, 112(%rdx)
+ # aesenc_128_ghash - end
+ addl $0x80, %r14d
+ cmpl %r13d, %r14d
+ jl L_AES_GCM_encrypt_update_avx2_ghash_128
+L_AES_GCM_encrypt_update_avx2_end_128:
+ vmovdqa L_avx2_aes_gcm_bswap_mask(%rip), %xmm4
+ vpshufb %xmm4, %xmm8, %xmm8
+ vpshufb %xmm4, %xmm9, %xmm9
+ vpshufb %xmm4, %xmm10, %xmm10
+ vpshufb %xmm4, %xmm11, %xmm11
+ vpshufb %xmm4, %xmm12, %xmm12
+ vpshufb %xmm4, %xmm13, %xmm13
+ vpshufb %xmm4, %xmm14, %xmm14
+ vpshufb %xmm4, %xmm15, %xmm15
+ vpxor %xmm6, %xmm8, %xmm8
+ vmovdqu (%rsp), %xmm7
+ vpclmulqdq $16, %xmm15, %xmm7, %xmm5
+ vpclmulqdq $0x01, %xmm15, %xmm7, %xmm1
+ vpclmulqdq $0x00, %xmm15, %xmm7, %xmm4
+ vpclmulqdq $0x11, %xmm15, %xmm7, %xmm6
+ vpxor %xmm1, %xmm5, %xmm5
+ vmovdqu 16(%rsp), %xmm7
+ vpclmulqdq $16, %xmm14, %xmm7, %xmm2
+ vpclmulqdq $0x01, %xmm14, %xmm7, %xmm1
+ vpclmulqdq $0x00, %xmm14, %xmm7, %xmm0
+ vpclmulqdq $0x11, %xmm14, %xmm7, %xmm3
+ vpxor %xmm1, %xmm2, %xmm2
+ vpxor %xmm3, %xmm6, %xmm6
+ vpxor %xmm2, %xmm5, %xmm5
+ vpxor %xmm0, %xmm4, %xmm4
+ vmovdqu 32(%rsp), %xmm15
+ vmovdqu 48(%rsp), %xmm7
+ vpclmulqdq $16, %xmm13, %xmm15, %xmm2
+ vpclmulqdq $0x01, %xmm13, %xmm15, %xmm1
+ vpclmulqdq $0x00, %xmm13, %xmm15, %xmm0
+ vpclmulqdq $0x11, %xmm13, %xmm15, %xmm3
+ vpxor %xmm1, %xmm2, %xmm2
+ vpxor %xmm3, %xmm6, %xmm6
+ vpxor %xmm2, %xmm5, %xmm5
+ vpxor %xmm0, %xmm4, %xmm4
+ vpclmulqdq $16, %xmm12, %xmm7, %xmm2
+ vpclmulqdq $0x01, %xmm12, %xmm7, %xmm1
+ vpclmulqdq $0x00, %xmm12, %xmm7, %xmm0
+ vpclmulqdq $0x11, %xmm12, %xmm7, %xmm3
+ vpxor %xmm1, %xmm2, %xmm2
+ vpxor %xmm3, %xmm6, %xmm6
+ vpxor %xmm2, %xmm5, %xmm5
+ vpxor %xmm0, %xmm4, %xmm4
+ vmovdqu 64(%rsp), %xmm15
+ vmovdqu 80(%rsp), %xmm7
+ vpclmulqdq $16, %xmm11, %xmm15, %xmm2
+ vpclmulqdq $0x01, %xmm11, %xmm15, %xmm1
+ vpclmulqdq $0x00, %xmm11, %xmm15, %xmm0
+ vpclmulqdq $0x11, %xmm11, %xmm15, %xmm3
+ vpxor %xmm1, %xmm2, %xmm2
+ vpxor %xmm3, %xmm6, %xmm6
+ vpxor %xmm2, %xmm5, %xmm5
+ vpxor %xmm0, %xmm4, %xmm4
+ vpclmulqdq $16, %xmm10, %xmm7, %xmm2
+ vpclmulqdq $0x01, %xmm10, %xmm7, %xmm1
+ vpclmulqdq $0x00, %xmm10, %xmm7, %xmm0
+ vpclmulqdq $0x11, %xmm10, %xmm7, %xmm3
+ vpxor %xmm1, %xmm2, %xmm2
+ vpxor %xmm3, %xmm6, %xmm6
+ vpxor %xmm2, %xmm5, %xmm5
+ vpxor %xmm0, %xmm4, %xmm4
+ vmovdqu 96(%rsp), %xmm15
+ vmovdqu 112(%rsp), %xmm7
+ vpclmulqdq $16, %xmm9, %xmm15, %xmm2
+ vpclmulqdq $0x01, %xmm9, %xmm15, %xmm1
+ vpclmulqdq $0x00, %xmm9, %xmm15, %xmm0
+ vpclmulqdq $0x11, %xmm9, %xmm15, %xmm3
+ vpxor %xmm1, %xmm2, %xmm2
+ vpxor %xmm3, %xmm6, %xmm6
+ vpxor %xmm2, %xmm5, %xmm5
+ vpxor %xmm0, %xmm4, %xmm4
+ vpclmulqdq $16, %xmm8, %xmm7, %xmm2
+ vpclmulqdq $0x01, %xmm8, %xmm7, %xmm1
+ vpclmulqdq $0x00, %xmm8, %xmm7, %xmm0
+ vpclmulqdq $0x11, %xmm8, %xmm7, %xmm3
+ vpxor %xmm1, %xmm2, %xmm2
+ vpxor %xmm3, %xmm6, %xmm6
+ vpxor %xmm2, %xmm5, %xmm5
+ vpxor %xmm0, %xmm4, %xmm4
+ vpslldq $8, %xmm5, %xmm7
+ vpsrldq $8, %xmm5, %xmm5
+ vpxor %xmm7, %xmm4, %xmm4
+ vpxor %xmm5, %xmm6, %xmm6
+ # ghash_red
+ vmovdqa L_avx2_aes_gcm_mod2_128(%rip), %xmm2
+ vpclmulqdq $16, %xmm2, %xmm4, %xmm0
+ vpshufd $0x4e, %xmm4, %xmm1
+ vpxor %xmm0, %xmm1, %xmm1
+ vpclmulqdq $16, %xmm2, %xmm1, %xmm0
+ vpshufd $0x4e, %xmm1, %xmm1
+ vpxor %xmm0, %xmm1, %xmm1
+ vpxor %xmm1, %xmm6, %xmm6
+ vmovdqa (%rsp), %xmm5
+ vmovdqu 128(%rsp), %xmm4
+L_AES_GCM_encrypt_update_avx2_done_128:
+ cmpl %r8d, %r14d
+ je L_AES_GCM_encrypt_update_avx2_done_enc
+ movl %r8d, %r13d
+ andl $0xfffffff0, %r13d
+ cmpl %r13d, %r14d
+ jge L_AES_GCM_encrypt_update_avx2_last_block_done
+ # aesenc_block
+ vmovdqa %xmm4, %xmm1
+ vpshufb L_avx2_aes_gcm_bswap_epi64(%rip), %xmm1, %xmm0
+ vpaddd L_avx2_aes_gcm_one(%rip), %xmm1, %xmm1
+ vpxor (%rdi), %xmm0, %xmm0
+ vmovdqa 16(%rdi), %xmm2
+ vaesenc %xmm2, %xmm0, %xmm0
+ vmovdqa 32(%rdi), %xmm2
+ vaesenc %xmm2, %xmm0, %xmm0
+ vmovdqa 48(%rdi), %xmm2
+ vaesenc %xmm2, %xmm0, %xmm0
+ vmovdqa 64(%rdi), %xmm2
+ vaesenc %xmm2, %xmm0, %xmm0
+ vmovdqa 80(%rdi), %xmm2
+ vaesenc %xmm2, %xmm0, %xmm0
+ vmovdqa 96(%rdi), %xmm2
+ vaesenc %xmm2, %xmm0, %xmm0
+ vmovdqa 112(%rdi), %xmm2
+ vaesenc %xmm2, %xmm0, %xmm0
+ vmovdqa 128(%rdi), %xmm2
+ vaesenc %xmm2, %xmm0, %xmm0
+ vmovdqa 144(%rdi), %xmm2
+ vaesenc %xmm2, %xmm0, %xmm0
+ vmovdqa %xmm1, %xmm4
+ cmpl $11, %esi
+ vmovdqa 160(%rdi), %xmm1
+ jl L_AES_GCM_encrypt_update_avx2_aesenc_block_last
+ vaesenc %xmm1, %xmm0, %xmm0
+ vmovdqa 176(%rdi), %xmm2
+ vaesenc %xmm2, %xmm0, %xmm0
+ cmpl $13, %esi
+ vmovdqa 192(%rdi), %xmm1
+ jl L_AES_GCM_encrypt_update_avx2_aesenc_block_last
+ vaesenc %xmm1, %xmm0, %xmm0
+ vmovdqa 208(%rdi), %xmm2
+ vaesenc %xmm2, %xmm0, %xmm0
+ vmovdqa 224(%rdi), %xmm1
+L_AES_GCM_encrypt_update_avx2_aesenc_block_last:
+ vaesenclast %xmm1, %xmm0, %xmm0
+ vmovdqu (%r11,%r14,1), %xmm1
+ vpxor %xmm1, %xmm0, %xmm0
+ vmovdqu %xmm0, (%r10,%r14,1)
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
+ vpxor %xmm0, %xmm6, %xmm6
+ addl $16, %r14d
+ cmpl %r13d, %r14d
+ jge L_AES_GCM_encrypt_update_avx2_last_block_ghash
+L_AES_GCM_encrypt_update_avx2_last_block_start:
+ vmovdqu (%r11,%r14,1), %xmm12
+ vpshufb L_avx2_aes_gcm_bswap_epi64(%rip), %xmm4, %xmm11
+ vpaddd L_avx2_aes_gcm_one(%rip), %xmm4, %xmm4
+ # aesenc_gfmul_sb
+ vpclmulqdq $0x01, %xmm5, %xmm6, %xmm2
+ vpclmulqdq $16, %xmm5, %xmm6, %xmm3
+ vpclmulqdq $0x00, %xmm5, %xmm6, %xmm1
+ vpclmulqdq $0x11, %xmm5, %xmm6, %xmm8
+ vpxor (%rdi), %xmm11, %xmm11
+ vaesenc 16(%rdi), %xmm11, %xmm11
+ vpxor %xmm2, %xmm3, %xmm3
+ vpslldq $8, %xmm3, %xmm2
+ vpsrldq $8, %xmm3, %xmm3
+ vaesenc 32(%rdi), %xmm11, %xmm11
+ vpxor %xmm1, %xmm2, %xmm2
+ vpclmulqdq $16, L_avx2_aes_gcm_mod2_128(%rip), %xmm2, %xmm1
+ vaesenc 48(%rdi), %xmm11, %xmm11
+ vaesenc 64(%rdi), %xmm11, %xmm11
+ vaesenc 80(%rdi), %xmm11, %xmm11
+ vpshufd $0x4e, %xmm2, %xmm2
+ vpxor %xmm1, %xmm2, %xmm2
+ vpclmulqdq $16, L_avx2_aes_gcm_mod2_128(%rip), %xmm2, %xmm1
+ vaesenc 96(%rdi), %xmm11, %xmm11
+ vaesenc 112(%rdi), %xmm11, %xmm11
+ vaesenc 128(%rdi), %xmm11, %xmm11
+ vpshufd $0x4e, %xmm2, %xmm2
+ vaesenc 144(%rdi), %xmm11, %xmm11
+ vpxor %xmm3, %xmm8, %xmm8
+ vpxor %xmm8, %xmm2, %xmm2
+ vmovdqa 160(%rdi), %xmm0
+ cmpl $11, %esi
+ jl L_AES_GCM_encrypt_update_avx2_aesenc_gfmul_sb_last
+ vaesenc %xmm0, %xmm11, %xmm11
+ vaesenc 176(%rdi), %xmm11, %xmm11
+ vmovdqa 192(%rdi), %xmm0
+ cmpl $13, %esi
+ jl L_AES_GCM_encrypt_update_avx2_aesenc_gfmul_sb_last
+ vaesenc %xmm0, %xmm11, %xmm11
+ vaesenc 208(%rdi), %xmm11, %xmm11
+ vmovdqa 224(%rdi), %xmm0
+L_AES_GCM_encrypt_update_avx2_aesenc_gfmul_sb_last:
+ vaesenclast %xmm0, %xmm11, %xmm11
+ vpxor %xmm1, %xmm2, %xmm6
+ vpxor %xmm12, %xmm11, %xmm11
+ vmovdqu %xmm11, (%r10,%r14,1)
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm11, %xmm11
+ vpxor %xmm11, %xmm6, %xmm6
+ addl $16, %r14d
+ cmpl %r13d, %r14d
+ jl L_AES_GCM_encrypt_update_avx2_last_block_start
+L_AES_GCM_encrypt_update_avx2_last_block_ghash:
+ # ghash_gfmul_red
+ vpclmulqdq $16, %xmm5, %xmm6, %xmm10
+ vpclmulqdq $0x01, %xmm5, %xmm6, %xmm9
+ vpclmulqdq $0x00, %xmm5, %xmm6, %xmm8
+ vpxor %xmm9, %xmm10, %xmm10
+ vpslldq $8, %xmm10, %xmm9
+ vpsrldq $8, %xmm10, %xmm10
+ vpxor %xmm8, %xmm9, %xmm9
+ vpclmulqdq $0x11, %xmm5, %xmm6, %xmm6
+ vpclmulqdq $16, L_avx2_aes_gcm_mod2_128(%rip), %xmm9, %xmm8
+ vpshufd $0x4e, %xmm9, %xmm9
+ vpxor %xmm8, %xmm9, %xmm9
+ vpclmulqdq $16, L_avx2_aes_gcm_mod2_128(%rip), %xmm9, %xmm8
+ vpshufd $0x4e, %xmm9, %xmm9
+ vpxor %xmm10, %xmm6, %xmm6
+ vpxor %xmm9, %xmm6, %xmm6
+ vpxor %xmm8, %xmm6, %xmm6
+L_AES_GCM_encrypt_update_avx2_last_block_done:
+L_AES_GCM_encrypt_update_avx2_done_enc:
+ vmovdqa %xmm6, (%r9)
+ vmovdqa %xmm4, (%r12)
+ vzeroupper
+ addq $0x98, %rsp
+ popq %r14
+ popq %r13
+ popq %r12
+ repz retq
+#ifndef __APPLE__
+.size AES_GCM_encrypt_update_avx2,.-AES_GCM_encrypt_update_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl AES_GCM_encrypt_final_avx2
+.type AES_GCM_encrypt_final_avx2,@function
+.align 16
+AES_GCM_encrypt_final_avx2:
+#else
+.section __TEXT,__text
+.globl _AES_GCM_encrypt_final_avx2
+.p2align 4
+_AES_GCM_encrypt_final_avx2:
+#endif /* __APPLE__ */
+ pushq %r13
+ movl %ecx, %r10d
+ movl %r8d, %r11d
+ movq 16(%rsp), %rax
+ subq $16, %rsp
+ vmovdqa (%rdi), %xmm4
+ vmovdqa (%r9), %xmm5
+ vmovdqa (%rax), %xmm6
+ vpsrlq $63, %xmm5, %xmm1
+ vpsllq $0x01, %xmm5, %xmm0
+ vpslldq $8, %xmm1, %xmm1
+ vpor %xmm1, %xmm0, %xmm0
+ vpshufd $0xff, %xmm5, %xmm5
+ vpsrad $31, %xmm5, %xmm5
+ vpand L_avx2_aes_gcm_mod2_128(%rip), %xmm5, %xmm5
+ vpxor %xmm0, %xmm5, %xmm5
+ # calc_tag
+ shlq $3, %r10
+ vpinsrq $0x00, %r10, %xmm0, %xmm0
+ shlq $3, %r11
+ vpinsrq $0x01, %r11, %xmm1, %xmm1
+ vpblendd $12, %xmm1, %xmm0, %xmm0
+ vpxor %xmm4, %xmm0, %xmm0
+ # ghash_gfmul_red
+ vpclmulqdq $16, %xmm5, %xmm0, %xmm7
+ vpclmulqdq $0x01, %xmm5, %xmm0, %xmm3
+ vpclmulqdq $0x00, %xmm5, %xmm0, %xmm2
+ vpxor %xmm3, %xmm7, %xmm7
+ vpslldq $8, %xmm7, %xmm3
+ vpsrldq $8, %xmm7, %xmm7
+ vpxor %xmm2, %xmm3, %xmm3
+ vpclmulqdq $0x11, %xmm5, %xmm0, %xmm0
+ vpclmulqdq $16, L_avx2_aes_gcm_mod2_128(%rip), %xmm3, %xmm2
+ vpshufd $0x4e, %xmm3, %xmm3
+ vpxor %xmm2, %xmm3, %xmm3
+ vpclmulqdq $16, L_avx2_aes_gcm_mod2_128(%rip), %xmm3, %xmm2
+ vpshufd $0x4e, %xmm3, %xmm3
+ vpxor %xmm7, %xmm0, %xmm0
+ vpxor %xmm3, %xmm0, %xmm0
+ vpxor %xmm2, %xmm0, %xmm0
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
+ vpxor %xmm6, %xmm0, %xmm0
+ # store_tag
+ cmpl $16, %edx
+ je L_AES_GCM_encrypt_final_avx2_store_tag_16
+ xorq %rcx, %rcx
+ vmovdqu %xmm0, (%rsp)
+L_AES_GCM_encrypt_final_avx2_store_tag_loop:
+ movzbl (%rsp,%rcx,1), %r13d
+ movb %r13b, (%rsi,%rcx,1)
+ incl %ecx
+ cmpl %edx, %ecx
+ jne L_AES_GCM_encrypt_final_avx2_store_tag_loop
+ jmp L_AES_GCM_encrypt_final_avx2_store_tag_done
+L_AES_GCM_encrypt_final_avx2_store_tag_16:
+ vmovdqu %xmm0, (%rsi)
+L_AES_GCM_encrypt_final_avx2_store_tag_done:
+ vzeroupper
+ addq $16, %rsp
+ popq %r13
+ repz retq
+#ifndef __APPLE__
+.size AES_GCM_encrypt_final_avx2,.-AES_GCM_encrypt_final_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl AES_GCM_decrypt_update_avx2
+.type AES_GCM_decrypt_update_avx2,@function
+.align 16
+AES_GCM_decrypt_update_avx2:
+#else
+.section __TEXT,__text
+.globl _AES_GCM_decrypt_update_avx2
+.p2align 4
+_AES_GCM_decrypt_update_avx2:
+#endif /* __APPLE__ */
+ pushq %r13
+ pushq %r12
+ pushq %r14
+ movq %rdx, %r10
+ movq %rcx, %r11
+ movq 32(%rsp), %rax
+ movq 40(%rsp), %r12
+ subq $0xa8, %rsp
+ vmovdqa (%r9), %xmm6
+ vmovdqa (%rax), %xmm5
+ vmovdqa (%r12), %xmm4
+ # Calculate H
+ vpsrlq $63, %xmm5, %xmm1
+ vpsllq $0x01, %xmm5, %xmm0
+ vpslldq $8, %xmm1, %xmm1
+ vpor %xmm1, %xmm0, %xmm0
+ vpshufd $0xff, %xmm5, %xmm5
+ vpsrad $31, %xmm5, %xmm5
+ vpand L_avx2_aes_gcm_mod2_128(%rip), %xmm5, %xmm5
+ vpxor %xmm0, %xmm5, %xmm5
+ xorl %r14d, %r14d
+ cmpl $0x80, %r8d
+ movl %r8d, %r13d
+ jl L_AES_GCM_decrypt_update_avx2_done_128
+ andl $0xffffff80, %r13d
+ vmovdqa %xmm4, 128(%rsp)
+ vmovdqa %xmm15, 144(%rsp)
+ vmovdqa L_avx2_aes_gcm_mod2_128(%rip), %xmm3
+ # H ^ 1 and H ^ 2
+ vpclmulqdq $0x00, %xmm5, %xmm5, %xmm9
+ vpclmulqdq $0x11, %xmm5, %xmm5, %xmm10
+ vpclmulqdq $16, %xmm3, %xmm9, %xmm8
+ vpshufd $0x4e, %xmm9, %xmm9
+ vpxor %xmm8, %xmm9, %xmm9
+ vpclmulqdq $16, %xmm3, %xmm9, %xmm8
+ vpshufd $0x4e, %xmm9, %xmm9
+ vpxor %xmm8, %xmm9, %xmm9
+ vpxor %xmm9, %xmm10, %xmm0
+ vmovdqa %xmm5, (%rsp)
+ vmovdqa %xmm0, 16(%rsp)
+ # H ^ 3 and H ^ 4
+ vpclmulqdq $16, %xmm5, %xmm0, %xmm11
+ vpclmulqdq $0x01, %xmm5, %xmm0, %xmm10
+ vpclmulqdq $0x00, %xmm5, %xmm0, %xmm9
+ vpclmulqdq $0x11, %xmm5, %xmm0, %xmm12
+ vpclmulqdq $0x00, %xmm0, %xmm0, %xmm13
+ vpclmulqdq $0x11, %xmm0, %xmm0, %xmm14
+ vpxor %xmm10, %xmm11, %xmm11
+ vpslldq $8, %xmm11, %xmm10
+ vpsrldq $8, %xmm11, %xmm11
+ vpxor %xmm9, %xmm10, %xmm10
+ vpclmulqdq $16, %xmm3, %xmm13, %xmm8
+ vpclmulqdq $16, %xmm3, %xmm10, %xmm9
+ vpshufd $0x4e, %xmm10, %xmm10
+ vpshufd $0x4e, %xmm13, %xmm13
+ vpxor %xmm9, %xmm10, %xmm10
+ vpxor %xmm8, %xmm13, %xmm13
+ vpclmulqdq $16, %xmm3, %xmm10, %xmm9
+ vpclmulqdq $16, %xmm3, %xmm13, %xmm8
+ vpshufd $0x4e, %xmm10, %xmm10
+ vpshufd $0x4e, %xmm13, %xmm13
+ vpxor %xmm11, %xmm12, %xmm12
+ vpxor %xmm8, %xmm13, %xmm13
+ vpxor %xmm12, %xmm10, %xmm10
+ vpxor %xmm14, %xmm13, %xmm2
+ vpxor %xmm9, %xmm10, %xmm1
+ vmovdqa %xmm1, 32(%rsp)
+ vmovdqa %xmm2, 48(%rsp)
+ # H ^ 5 and H ^ 6
+ vpclmulqdq $16, %xmm0, %xmm1, %xmm11
+ vpclmulqdq $0x01, %xmm0, %xmm1, %xmm10
+ vpclmulqdq $0x00, %xmm0, %xmm1, %xmm9
+ vpclmulqdq $0x11, %xmm0, %xmm1, %xmm12
+ vpclmulqdq $0x00, %xmm1, %xmm1, %xmm13
+ vpclmulqdq $0x11, %xmm1, %xmm1, %xmm14
+ vpxor %xmm10, %xmm11, %xmm11
+ vpslldq $8, %xmm11, %xmm10
+ vpsrldq $8, %xmm11, %xmm11
+ vpxor %xmm9, %xmm10, %xmm10
+ vpclmulqdq $16, %xmm3, %xmm13, %xmm8
+ vpclmulqdq $16, %xmm3, %xmm10, %xmm9
+ vpshufd $0x4e, %xmm10, %xmm10
+ vpshufd $0x4e, %xmm13, %xmm13
+ vpxor %xmm9, %xmm10, %xmm10
+ vpxor %xmm8, %xmm13, %xmm13
+ vpclmulqdq $16, %xmm3, %xmm10, %xmm9
+ vpclmulqdq $16, %xmm3, %xmm13, %xmm8
+ vpshufd $0x4e, %xmm10, %xmm10
+ vpshufd $0x4e, %xmm13, %xmm13
+ vpxor %xmm11, %xmm12, %xmm12
+ vpxor %xmm8, %xmm13, %xmm13
+ vpxor %xmm12, %xmm10, %xmm10
+ vpxor %xmm14, %xmm13, %xmm0
+ vpxor %xmm9, %xmm10, %xmm7
+ vmovdqa %xmm7, 64(%rsp)
+ vmovdqa %xmm0, 80(%rsp)
+ # H ^ 7 and H ^ 8
+ vpclmulqdq $16, %xmm1, %xmm2, %xmm11
+ vpclmulqdq $0x01, %xmm1, %xmm2, %xmm10
+ vpclmulqdq $0x00, %xmm1, %xmm2, %xmm9
+ vpclmulqdq $0x11, %xmm1, %xmm2, %xmm12
+ vpclmulqdq $0x00, %xmm2, %xmm2, %xmm13
+ vpclmulqdq $0x11, %xmm2, %xmm2, %xmm14
+ vpxor %xmm10, %xmm11, %xmm11
+ vpslldq $8, %xmm11, %xmm10
+ vpsrldq $8, %xmm11, %xmm11
+ vpxor %xmm9, %xmm10, %xmm10
+ vpclmulqdq $16, %xmm3, %xmm13, %xmm8
+ vpclmulqdq $16, %xmm3, %xmm10, %xmm9
+ vpshufd $0x4e, %xmm10, %xmm10
+ vpshufd $0x4e, %xmm13, %xmm13
+ vpxor %xmm9, %xmm10, %xmm10
+ vpxor %xmm8, %xmm13, %xmm13
+ vpclmulqdq $16, %xmm3, %xmm10, %xmm9
+ vpclmulqdq $16, %xmm3, %xmm13, %xmm8
+ vpshufd $0x4e, %xmm10, %xmm10
+ vpshufd $0x4e, %xmm13, %xmm13
+ vpxor %xmm11, %xmm12, %xmm12
+ vpxor %xmm8, %xmm13, %xmm13
+ vpxor %xmm12, %xmm10, %xmm10
+ vpxor %xmm14, %xmm13, %xmm0
+ vpxor %xmm9, %xmm10, %xmm7
+ vmovdqa %xmm7, 96(%rsp)
+ vmovdqa %xmm0, 112(%rsp)
+L_AES_GCM_decrypt_update_avx2_ghash_128:
+ # aesenc_128_ghash
+ leaq (%r11,%r14,1), %rcx
+ leaq (%r10,%r14,1), %rdx
+ # aesenc_ctr
+ vmovdqa 128(%rsp), %xmm0
+ vmovdqa L_avx2_aes_gcm_bswap_epi64(%rip), %xmm1
+ vpaddd L_avx2_aes_gcm_one(%rip), %xmm0, %xmm9
+ vpshufb %xmm1, %xmm0, %xmm8
+ vpaddd L_avx2_aes_gcm_two(%rip), %xmm0, %xmm10
+ vpshufb %xmm1, %xmm9, %xmm9
+ vpaddd L_avx2_aes_gcm_three(%rip), %xmm0, %xmm11
+ vpshufb %xmm1, %xmm10, %xmm10
+ vpaddd L_avx2_aes_gcm_four(%rip), %xmm0, %xmm12
+ vpshufb %xmm1, %xmm11, %xmm11
+ vpaddd L_avx2_aes_gcm_five(%rip), %xmm0, %xmm13
+ vpshufb %xmm1, %xmm12, %xmm12
+ vpaddd L_avx2_aes_gcm_six(%rip), %xmm0, %xmm14
+ vpshufb %xmm1, %xmm13, %xmm13
+ vpaddd L_avx2_aes_gcm_seven(%rip), %xmm0, %xmm15
+ vpshufb %xmm1, %xmm14, %xmm14
+ vpaddd L_avx2_aes_gcm_eight(%rip), %xmm0, %xmm0
+ vpshufb %xmm1, %xmm15, %xmm15
+ # aesenc_xor
+ vmovdqa (%rdi), %xmm7
+ vmovdqa %xmm0, 128(%rsp)
+ vpxor %xmm7, %xmm8, %xmm8
+ vpxor %xmm7, %xmm9, %xmm9
+ vpxor %xmm7, %xmm10, %xmm10
+ vpxor %xmm7, %xmm11, %xmm11
+ vpxor %xmm7, %xmm12, %xmm12
+ vpxor %xmm7, %xmm13, %xmm13
+ vpxor %xmm7, %xmm14, %xmm14
+ vpxor %xmm7, %xmm15, %xmm15
+ # aesenc_pclmul_1
+ vmovdqu (%rcx), %xmm1
+ vmovdqu 16(%rdi), %xmm0
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1
+ vmovdqa 112(%rsp), %xmm2
+ vpxor %xmm6, %xmm1, %xmm1
+ vpclmulqdq $16, %xmm2, %xmm1, %xmm5
+ vpclmulqdq $0x01, %xmm2, %xmm1, %xmm3
+ vpclmulqdq $0x00, %xmm2, %xmm1, %xmm6
+ vpclmulqdq $0x11, %xmm2, %xmm1, %xmm7
+ vaesenc %xmm0, %xmm8, %xmm8
+ vaesenc %xmm0, %xmm9, %xmm9
+ vaesenc %xmm0, %xmm10, %xmm10
+ vaesenc %xmm0, %xmm11, %xmm11
+ vaesenc %xmm0, %xmm12, %xmm12
+ vaesenc %xmm0, %xmm13, %xmm13
+ vaesenc %xmm0, %xmm14, %xmm14
+ vaesenc %xmm0, %xmm15, %xmm15
+ # aesenc_pclmul_2
+ vmovdqu 16(%rcx), %xmm1
+ vmovdqa 96(%rsp), %xmm0
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1
+ vpxor %xmm3, %xmm5, %xmm5
+ vpclmulqdq $16, %xmm0, %xmm1, %xmm2
+ vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3
+ vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4
+ vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1
+ vmovdqu 32(%rdi), %xmm0
+ vpxor %xmm1, %xmm7, %xmm7
+ vaesenc %xmm0, %xmm8, %xmm8
+ vaesenc %xmm0, %xmm9, %xmm9
+ vaesenc %xmm0, %xmm10, %xmm10
+ vaesenc %xmm0, %xmm11, %xmm11
+ vaesenc %xmm0, %xmm12, %xmm12
+ vaesenc %xmm0, %xmm13, %xmm13
+ vaesenc %xmm0, %xmm14, %xmm14
+ vaesenc %xmm0, %xmm15, %xmm15
+ # aesenc_pclmul_n
+ vmovdqu 32(%rcx), %xmm1
+ vmovdqa 80(%rsp), %xmm0
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1
+ vpxor %xmm2, %xmm5, %xmm5
+ vpclmulqdq $16, %xmm0, %xmm1, %xmm2
+ vpxor %xmm3, %xmm5, %xmm5
+ vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3
+ vpxor %xmm4, %xmm6, %xmm6
+ vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4
+ vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1
+ vmovdqu 48(%rdi), %xmm0
+ vpxor %xmm1, %xmm7, %xmm7
+ vaesenc %xmm0, %xmm8, %xmm8
+ vaesenc %xmm0, %xmm9, %xmm9
+ vaesenc %xmm0, %xmm10, %xmm10
+ vaesenc %xmm0, %xmm11, %xmm11
+ vaesenc %xmm0, %xmm12, %xmm12
+ vaesenc %xmm0, %xmm13, %xmm13
+ vaesenc %xmm0, %xmm14, %xmm14
+ vaesenc %xmm0, %xmm15, %xmm15
+ # aesenc_pclmul_n
+ vmovdqu 48(%rcx), %xmm1
+ vmovdqa 64(%rsp), %xmm0
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1
+ vpxor %xmm2, %xmm5, %xmm5
+ vpclmulqdq $16, %xmm0, %xmm1, %xmm2
+ vpxor %xmm3, %xmm5, %xmm5
+ vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3
+ vpxor %xmm4, %xmm6, %xmm6
+ vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4
+ vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1
+ vmovdqu 64(%rdi), %xmm0
+ vpxor %xmm1, %xmm7, %xmm7
+ vaesenc %xmm0, %xmm8, %xmm8
+ vaesenc %xmm0, %xmm9, %xmm9
+ vaesenc %xmm0, %xmm10, %xmm10
+ vaesenc %xmm0, %xmm11, %xmm11
+ vaesenc %xmm0, %xmm12, %xmm12
+ vaesenc %xmm0, %xmm13, %xmm13
+ vaesenc %xmm0, %xmm14, %xmm14
+ vaesenc %xmm0, %xmm15, %xmm15
+ # aesenc_pclmul_n
+ vmovdqu 64(%rcx), %xmm1
+ vmovdqa 48(%rsp), %xmm0
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1
+ vpxor %xmm2, %xmm5, %xmm5
+ vpclmulqdq $16, %xmm0, %xmm1, %xmm2
+ vpxor %xmm3, %xmm5, %xmm5
+ vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3
+ vpxor %xmm4, %xmm6, %xmm6
+ vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4
+ vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1
+ vmovdqu 80(%rdi), %xmm0
+ vpxor %xmm1, %xmm7, %xmm7
+ vaesenc %xmm0, %xmm8, %xmm8
+ vaesenc %xmm0, %xmm9, %xmm9
+ vaesenc %xmm0, %xmm10, %xmm10
+ vaesenc %xmm0, %xmm11, %xmm11
+ vaesenc %xmm0, %xmm12, %xmm12
+ vaesenc %xmm0, %xmm13, %xmm13
+ vaesenc %xmm0, %xmm14, %xmm14
+ vaesenc %xmm0, %xmm15, %xmm15
+ # aesenc_pclmul_n
+ vmovdqu 80(%rcx), %xmm1
+ vmovdqa 32(%rsp), %xmm0
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1
+ vpxor %xmm2, %xmm5, %xmm5
+ vpclmulqdq $16, %xmm0, %xmm1, %xmm2
+ vpxor %xmm3, %xmm5, %xmm5
+ vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3
+ vpxor %xmm4, %xmm6, %xmm6
+ vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4
+ vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1
+ vmovdqu 96(%rdi), %xmm0
+ vpxor %xmm1, %xmm7, %xmm7
+ vaesenc %xmm0, %xmm8, %xmm8
+ vaesenc %xmm0, %xmm9, %xmm9
+ vaesenc %xmm0, %xmm10, %xmm10
+ vaesenc %xmm0, %xmm11, %xmm11
+ vaesenc %xmm0, %xmm12, %xmm12
+ vaesenc %xmm0, %xmm13, %xmm13
+ vaesenc %xmm0, %xmm14, %xmm14
+ vaesenc %xmm0, %xmm15, %xmm15
+ # aesenc_pclmul_n
+ vmovdqu 96(%rcx), %xmm1
+ vmovdqa 16(%rsp), %xmm0
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1
+ vpxor %xmm2, %xmm5, %xmm5
+ vpclmulqdq $16, %xmm0, %xmm1, %xmm2
+ vpxor %xmm3, %xmm5, %xmm5
+ vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3
+ vpxor %xmm4, %xmm6, %xmm6
+ vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4
+ vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1
+ vmovdqu 112(%rdi), %xmm0
+ vpxor %xmm1, %xmm7, %xmm7
+ vaesenc %xmm0, %xmm8, %xmm8
+ vaesenc %xmm0, %xmm9, %xmm9
+ vaesenc %xmm0, %xmm10, %xmm10
+ vaesenc %xmm0, %xmm11, %xmm11
+ vaesenc %xmm0, %xmm12, %xmm12
+ vaesenc %xmm0, %xmm13, %xmm13
+ vaesenc %xmm0, %xmm14, %xmm14
+ vaesenc %xmm0, %xmm15, %xmm15
+ # aesenc_pclmul_n
+ vmovdqu 112(%rcx), %xmm1
+ vmovdqa (%rsp), %xmm0
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1
+ vpxor %xmm2, %xmm5, %xmm5
+ vpclmulqdq $16, %xmm0, %xmm1, %xmm2
+ vpxor %xmm3, %xmm5, %xmm5
+ vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3
+ vpxor %xmm4, %xmm6, %xmm6
+ vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4
+ vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1
+ vmovdqu 128(%rdi), %xmm0
+ vpxor %xmm1, %xmm7, %xmm7
+ vaesenc %xmm0, %xmm8, %xmm8
+ vaesenc %xmm0, %xmm9, %xmm9
+ vaesenc %xmm0, %xmm10, %xmm10
+ vaesenc %xmm0, %xmm11, %xmm11
+ vaesenc %xmm0, %xmm12, %xmm12
+ vaesenc %xmm0, %xmm13, %xmm13
+ vaesenc %xmm0, %xmm14, %xmm14
+ vaesenc %xmm0, %xmm15, %xmm15
+ # aesenc_pclmul_l
+ vpxor %xmm2, %xmm5, %xmm5
+ vpxor %xmm4, %xmm6, %xmm6
+ vpxor %xmm3, %xmm5, %xmm5
+ vpslldq $8, %xmm5, %xmm1
+ vpsrldq $8, %xmm5, %xmm5
+ vmovdqa 144(%rdi), %xmm4
+ vmovdqa L_avx2_aes_gcm_mod2_128(%rip), %xmm0
+ vaesenc %xmm4, %xmm8, %xmm8
+ vpxor %xmm1, %xmm6, %xmm6
+ vpxor %xmm5, %xmm7, %xmm7
+ vpclmulqdq $16, %xmm0, %xmm6, %xmm3
+ vaesenc %xmm4, %xmm9, %xmm9
+ vaesenc %xmm4, %xmm10, %xmm10
+ vaesenc %xmm4, %xmm11, %xmm11
+ vpshufd $0x4e, %xmm6, %xmm6
+ vpxor %xmm3, %xmm6, %xmm6
+ vpclmulqdq $16, %xmm0, %xmm6, %xmm3
+ vaesenc %xmm4, %xmm12, %xmm12
+ vaesenc %xmm4, %xmm13, %xmm13
+ vaesenc %xmm4, %xmm14, %xmm14
+ vpshufd $0x4e, %xmm6, %xmm6
+ vpxor %xmm3, %xmm6, %xmm6
+ vpxor %xmm7, %xmm6, %xmm6
+ vaesenc %xmm4, %xmm15, %xmm15
+ cmpl $11, %esi
+ vmovdqa 160(%rdi), %xmm7
+ jl L_AES_GCM_decrypt_update_avx2_aesenc_128_ghash_avx_done
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 176(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ cmpl $13, %esi
+ vmovdqa 192(%rdi), %xmm7
+ jl L_AES_GCM_decrypt_update_avx2_aesenc_128_ghash_avx_done
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 208(%rdi), %xmm7
+ vaesenc %xmm7, %xmm8, %xmm8
+ vaesenc %xmm7, %xmm9, %xmm9
+ vaesenc %xmm7, %xmm10, %xmm10
+ vaesenc %xmm7, %xmm11, %xmm11
+ vaesenc %xmm7, %xmm12, %xmm12
+ vaesenc %xmm7, %xmm13, %xmm13
+ vaesenc %xmm7, %xmm14, %xmm14
+ vaesenc %xmm7, %xmm15, %xmm15
+ vmovdqa 224(%rdi), %xmm7
+L_AES_GCM_decrypt_update_avx2_aesenc_128_ghash_avx_done:
+ # aesenc_last
+ vaesenclast %xmm7, %xmm8, %xmm8
+ vaesenclast %xmm7, %xmm9, %xmm9
+ vaesenclast %xmm7, %xmm10, %xmm10
+ vaesenclast %xmm7, %xmm11, %xmm11
+ vmovdqu (%rcx), %xmm0
+ vmovdqu 16(%rcx), %xmm1
+ vmovdqu 32(%rcx), %xmm2
+ vmovdqu 48(%rcx), %xmm3
+ vpxor %xmm0, %xmm8, %xmm8
+ vpxor %xmm1, %xmm9, %xmm9
+ vpxor %xmm2, %xmm10, %xmm10
+ vpxor %xmm3, %xmm11, %xmm11
+ vmovdqu %xmm8, (%rdx)
+ vmovdqu %xmm9, 16(%rdx)
+ vmovdqu %xmm10, 32(%rdx)
+ vmovdqu %xmm11, 48(%rdx)
+ vaesenclast %xmm7, %xmm12, %xmm12
+ vaesenclast %xmm7, %xmm13, %xmm13
+ vaesenclast %xmm7, %xmm14, %xmm14
+ vaesenclast %xmm7, %xmm15, %xmm15
+ vmovdqu 64(%rcx), %xmm0
+ vmovdqu 80(%rcx), %xmm1
+ vmovdqu 96(%rcx), %xmm2
+ vmovdqu 112(%rcx), %xmm3
+ vpxor %xmm0, %xmm12, %xmm12
+ vpxor %xmm1, %xmm13, %xmm13
+ vpxor %xmm2, %xmm14, %xmm14
+ vpxor %xmm3, %xmm15, %xmm15
+ vmovdqu %xmm12, 64(%rdx)
+ vmovdqu %xmm13, 80(%rdx)
+ vmovdqu %xmm14, 96(%rdx)
+ vmovdqu %xmm15, 112(%rdx)
+ # aesenc_128_ghash - end
+ addl $0x80, %r14d
+ cmpl %r13d, %r14d
+ jl L_AES_GCM_decrypt_update_avx2_ghash_128
+ vmovdqa (%rsp), %xmm5
+ vmovdqa 128(%rsp), %xmm4
+ vmovdqa 144(%rsp), %xmm15
+L_AES_GCM_decrypt_update_avx2_done_128:
+ cmpl %r8d, %r14d
+ jge L_AES_GCM_decrypt_update_avx2_done_dec
+ movl %r8d, %r13d
+ andl $0xfffffff0, %r13d
+ cmpl %r13d, %r14d
+ jge L_AES_GCM_decrypt_update_avx2_last_block_done
+L_AES_GCM_decrypt_update_avx2_last_block_start:
+ vmovdqu (%r11,%r14,1), %xmm11
+ vpshufb L_avx2_aes_gcm_bswap_epi64(%rip), %xmm4, %xmm10
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm11, %xmm12
+ vpaddd L_avx2_aes_gcm_one(%rip), %xmm4, %xmm4
+ vpxor %xmm6, %xmm12, %xmm12
+ # aesenc_gfmul_sb
+ vpclmulqdq $0x01, %xmm5, %xmm12, %xmm2
+ vpclmulqdq $16, %xmm5, %xmm12, %xmm3
+ vpclmulqdq $0x00, %xmm5, %xmm12, %xmm1
+ vpclmulqdq $0x11, %xmm5, %xmm12, %xmm8
+ vpxor (%rdi), %xmm10, %xmm10
+ vaesenc 16(%rdi), %xmm10, %xmm10
+ vpxor %xmm2, %xmm3, %xmm3
+ vpslldq $8, %xmm3, %xmm2
+ vpsrldq $8, %xmm3, %xmm3
+ vaesenc 32(%rdi), %xmm10, %xmm10
+ vpxor %xmm1, %xmm2, %xmm2
+ vpclmulqdq $16, L_avx2_aes_gcm_mod2_128(%rip), %xmm2, %xmm1
+ vaesenc 48(%rdi), %xmm10, %xmm10
+ vaesenc 64(%rdi), %xmm10, %xmm10
+ vaesenc 80(%rdi), %xmm10, %xmm10
+ vpshufd $0x4e, %xmm2, %xmm2
+ vpxor %xmm1, %xmm2, %xmm2
+ vpclmulqdq $16, L_avx2_aes_gcm_mod2_128(%rip), %xmm2, %xmm1
+ vaesenc 96(%rdi), %xmm10, %xmm10
+ vaesenc 112(%rdi), %xmm10, %xmm10
+ vaesenc 128(%rdi), %xmm10, %xmm10
+ vpshufd $0x4e, %xmm2, %xmm2
+ vaesenc 144(%rdi), %xmm10, %xmm10
+ vpxor %xmm3, %xmm8, %xmm8
+ vpxor %xmm8, %xmm2, %xmm2
+ vmovdqa 160(%rdi), %xmm0
+ cmpl $11, %esi
+ jl L_AES_GCM_decrypt_update_avx2_aesenc_gfmul_sb_last
+ vaesenc %xmm0, %xmm10, %xmm10
+ vaesenc 176(%rdi), %xmm10, %xmm10
+ vmovdqa 192(%rdi), %xmm0
+ cmpl $13, %esi
+ jl L_AES_GCM_decrypt_update_avx2_aesenc_gfmul_sb_last
+ vaesenc %xmm0, %xmm10, %xmm10
+ vaesenc 208(%rdi), %xmm10, %xmm10
+ vmovdqa 224(%rdi), %xmm0
+L_AES_GCM_decrypt_update_avx2_aesenc_gfmul_sb_last:
+ vaesenclast %xmm0, %xmm10, %xmm10
+ vpxor %xmm1, %xmm2, %xmm6
+ vpxor %xmm11, %xmm10, %xmm10
+ vmovdqu %xmm10, (%r10,%r14,1)
+ addl $16, %r14d
+ cmpl %r13d, %r14d
+ jl L_AES_GCM_decrypt_update_avx2_last_block_start
+L_AES_GCM_decrypt_update_avx2_last_block_done:
+L_AES_GCM_decrypt_update_avx2_done_dec:
+ vmovdqa %xmm6, (%r9)
+ vmovdqa %xmm4, (%r12)
+ vzeroupper
+ addq $0xa8, %rsp
+ popq %r14
+ popq %r12
+ popq %r13
+ repz retq
+#ifndef __APPLE__
+.size AES_GCM_decrypt_update_avx2,.-AES_GCM_decrypt_update_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl AES_GCM_decrypt_final_avx2
+.type AES_GCM_decrypt_final_avx2,@function
+.align 16
+AES_GCM_decrypt_final_avx2:
+#else
+.section __TEXT,__text
+.globl _AES_GCM_decrypt_final_avx2
+.p2align 4
+_AES_GCM_decrypt_final_avx2:
+#endif /* __APPLE__ */
+ pushq %r13
+ pushq %rbp
+ movl %ecx, %r10d
+ movl %r8d, %r11d
+ movq 24(%rsp), %rax
+ movq 32(%rsp), %rbp
+ subq $16, %rsp
+ vmovdqa (%rdi), %xmm4
+ vmovdqa (%r9), %xmm5
+ vmovdqa (%rax), %xmm6
+ vpsrlq $63, %xmm5, %xmm1
+ vpsllq $0x01, %xmm5, %xmm0
+ vpslldq $8, %xmm1, %xmm1
+ vpor %xmm1, %xmm0, %xmm0
+ vpshufd $0xff, %xmm5, %xmm5
+ vpsrad $31, %xmm5, %xmm5
+ vpand L_avx2_aes_gcm_mod2_128(%rip), %xmm5, %xmm5
+ vpxor %xmm0, %xmm5, %xmm5
+ # calc_tag
+ shlq $3, %r10
+ vpinsrq $0x00, %r10, %xmm0, %xmm0
+ shlq $3, %r11
+ vpinsrq $0x01, %r11, %xmm1, %xmm1
+ vpblendd $12, %xmm1, %xmm0, %xmm0
+ vpxor %xmm4, %xmm0, %xmm0
+ # ghash_gfmul_red
+ vpclmulqdq $16, %xmm5, %xmm0, %xmm7
+ vpclmulqdq $0x01, %xmm5, %xmm0, %xmm3
+ vpclmulqdq $0x00, %xmm5, %xmm0, %xmm2
+ vpxor %xmm3, %xmm7, %xmm7
+ vpslldq $8, %xmm7, %xmm3
+ vpsrldq $8, %xmm7, %xmm7
+ vpxor %xmm2, %xmm3, %xmm3
+ vpclmulqdq $0x11, %xmm5, %xmm0, %xmm0
+ vpclmulqdq $16, L_avx2_aes_gcm_mod2_128(%rip), %xmm3, %xmm2
+ vpshufd $0x4e, %xmm3, %xmm3
+ vpxor %xmm2, %xmm3, %xmm3
+ vpclmulqdq $16, L_avx2_aes_gcm_mod2_128(%rip), %xmm3, %xmm2
+ vpshufd $0x4e, %xmm3, %xmm3
+ vpxor %xmm7, %xmm0, %xmm0
+ vpxor %xmm3, %xmm0, %xmm0
+ vpxor %xmm2, %xmm0, %xmm0
+ vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0
+ vpxor %xmm6, %xmm0, %xmm0
+ # cmp_tag
+ cmpl $16, %edx
+ je L_AES_GCM_decrypt_final_avx2_cmp_tag_16
+ xorq %rcx, %rcx
+ xorq %r9, %r9
+ vmovdqu %xmm0, (%rsp)
+L_AES_GCM_decrypt_final_avx2_cmp_tag_loop:
+ movzbl (%rsp,%rcx,1), %r13d
+ xorb (%rsi,%rcx,1), %r13b
+ orb %r13b, %r9b
+ incl %ecx
+ cmpl %edx, %ecx
+ jne L_AES_GCM_decrypt_final_avx2_cmp_tag_loop
+ cmpb $0x00, %r9b
+ sete %r9b
+ jmp L_AES_GCM_decrypt_final_avx2_cmp_tag_done
+L_AES_GCM_decrypt_final_avx2_cmp_tag_16:
+ vmovdqu (%rsi), %xmm1
+ vpcmpeqb %xmm1, %xmm0, %xmm0
+ vpmovmskb %xmm0, %rcx
+ # %%edx == 0xFFFF then return 1 else => return 0
+ xorl %r9d, %r9d
+ cmpl $0xffff, %ecx
+ sete %r9b
+L_AES_GCM_decrypt_final_avx2_cmp_tag_done:
+ movl %r9d, (%rbp)
+ vzeroupper
+ addq $16, %rsp
+ popq %rbp
+ popq %r13
+ repz retq
+#ifndef __APPLE__
+.size AES_GCM_decrypt_final_avx2,.-AES_GCM_decrypt_final_avx2
+#endif /* __APPLE__ */
+#endif /* WOLFSSL_AESGCM_STREAM */
#endif /* HAVE_INTEL_AVX2 */
#if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index f70c69a86..7d2ad33d7 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -4214,7 +4214,13 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
seqSz += sz;
tmpIdx = 0;
- seqSz += SetShortInt(shr, &tmpIdx, itt, maxShr);
+ ret = SetShortInt(shr, &tmpIdx, itt, maxShr);
+ if (ret >= 0) {
+ seqSz += ret;
+ }
+ else {
+ return ret;
+ }
innerSz += seqSz + SetSequence(seqSz, seq);
totalSz += innerSz + SetSequence(innerSz, seq);
@@ -13048,11 +13054,11 @@ int FlattenAltNames(byte* output, word32 outputSz, const DNS_entry* names)
* nameStr value to be encoded
* nameType type of encoding i.e CTC_UTF8
* type id of attribute i.e ASN_COMMON_NAME
- *
+ * emailType type of email i.e CTC_UTF8
* returns length on success
*/
-int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType,
- byte type)
+static int wc_EncodeName_ex(EncodedName* name, const char* nameStr, char nameType,
+ byte type, byte emailType)
{
word32 idx = 0;
/* bottom up */
@@ -13127,11 +13133,12 @@ int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType,
case ASN_EMAIL_NAME:
{
const byte EMAIL_OID[] = {
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16
+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01
};
/* email joint id */
XMEMCPY(name->encoded + idx, EMAIL_OID, sizeof(EMAIL_OID));
idx += (int)sizeof(EMAIL_OID);
+ name->encoded[idx++] = emailType;
break;
}
@@ -13172,6 +13179,36 @@ int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType,
return idx;
}
+/* canonical encoding one attribute of the name (issuer/subject)
+ * call wc_EncodeName_ex with CTC_UTF8 for email type
+ *
+ * name structure to hold result of encoding
+ * nameStr value to be encoded
+ * nameType type of encoding i.e CTC_UTF8
+ * type id of attribute i.e ASN_COMMON_NAME
+ *
+ * returns length on success
+ */
+int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr, char nameType,
+ byte type)
+{
+ return wc_EncodeName_ex(name, nameStr, nameType, type, 0x0c/* CTC_UTF8 */);
+}
+
+/* Encodes one attribute of the name (issuer/subject)
+ * call we_EncodeName_ex with 0x16, IA5String for email type
+ * name structure to hold result of encoding
+ * nameStr value to be encoded
+ * nameType type of encoding i.e CTC_UTF8
+ * type id of attribute i.e ASN_COMMON_NAME
+ *
+ * returns length on success
+ */
+int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType,
+ byte type)
+{
+ return wc_EncodeName_ex(name, nameStr, nameType, type, ASN_IA5_STRING);
+}
/* encode CertName into output, return total bytes written */
int SetName(byte* output, word32 outputSz, CertName* name)
{
diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c
index 5f5a1f8b4..93486eda6 100644
--- a/wolfcrypt/src/cmac.c
+++ b/wolfcrypt/src/cmac.c
@@ -95,16 +95,18 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz,
XMEMSET(cmac, 0, sizeof(Cmac));
- #ifdef WOLF_CRYPTO_CB
+#ifdef WOLF_CRYPTO_CB
if (devId != INVALID_DEVID) {
cmac->devId = devId;
+ cmac->devCtx = NULL;
+
ret = wc_CryptoCb_Cmac(cmac, key, keySz, NULL, 0, NULL, NULL,
type, unused);
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
/* fall-through when unavailable */
}
- #endif
+#endif
if (key == NULL)
return BAD_FUNC_ARG;
diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c
index c7803c33b..79895267d 100644
--- a/wolfcrypt/src/dh.c
+++ b/wolfcrypt/src/dh.c
@@ -2126,7 +2126,6 @@ int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,
const byte* pub, word32 pubSz)
{
byte havePriv, havePub;
- mp_int *keyPriv = NULL, *keyPub = NULL;
if (key == NULL) {
return BAD_FUNC_ARG;
@@ -2154,7 +2153,6 @@ int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,
mp_clear(&key->priv);
havePriv = 0;
} else {
- keyPriv = &key->priv;
WOLFSSL_MSG("DH Private Key Set");
}
}
@@ -2172,16 +2170,14 @@ int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,
if (mp_read_unsigned_bin(&key->pub, pub, pubSz) != MP_OKAY) {
mp_clear(&key->pub);
havePub = 0;
+ if (havePriv) {
+ mp_clear(&key->priv);
+ havePriv = 0; /* set to 0 to error out with failed read pub */
+ }
} else {
- keyPub = &key->pub;
WOLFSSL_MSG("DH Public Key Set");
}
}
- /* Free Memory if error occurred */
- if (havePriv == 0 && keyPriv != NULL)
- mp_clear(keyPriv);
- if (havePub == 0 && keyPub != NULL)
- mp_clear(keyPub);
if (havePriv == 0 && havePub == 0) {
return MEMORY_E;
diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c
index 24eb04449..7b1252bcf 100644
--- a/wolfcrypt/src/error.c
+++ b/wolfcrypt/src/error.c
@@ -521,6 +521,15 @@ const char* wc_GetErrorString(int error)
case SAKKE_VERIFY_FAIL_E:
return "SAKKE derivation verification error";
+ case MISSING_IV:
+ return "Required IV not set";
+
+ case MISSING_KEY:
+ return "Required key not set";
+
+ case BAD_LENGTH_E:
+ return "Value of length parameter is invalid.";
+
default:
return "unknown error number";
diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c
index 8334c0ba7..8f3041170 100644
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@@ -553,6 +553,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
}
#if defined(HAVE_AESGCM)
+#ifndef WOLFSSL_AESGCM_STREAM
static int wolfSSL_EVP_CipherUpdate_GCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx,
const unsigned char *in, int inl) {
if (in && inl > 0) {
@@ -570,11 +571,13 @@ static int wolfSSL_EVP_CipherUpdate_GCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx,
}
return 0;
}
+#endif /* WOLFSSL_AESGCM_STREAM */
static int wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX *ctx,
unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
+#ifndef WOLFSSL_AESGCM_STREAM
int ret = 0;
*outl = inl;
@@ -606,8 +609,42 @@ static int wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX *ctx,
}
return WOLFSSL_SUCCESS;
+#else
+ int ret;
+
+ /* When out is NULL then this is AAD. */
+ if (out == NULL) {
+ if (ctx->enc) {
+ ret = wc_AesGcmEncryptUpdate(&ctx->cipher.aes, NULL, NULL, 0, in,
+ inl);
+ }
+ else {
+ ret = wc_AesGcmDecryptUpdate(&ctx->cipher.aes, NULL, NULL, 0, in,
+ inl);
+ }
+ }
+ /* When out is not NULL then this is plaintext/cipher text. */
+ else {
+ if (ctx->enc) {
+ ret = wc_AesGcmEncryptUpdate(&ctx->cipher.aes, out, in, inl, NULL,
+ 0);
+ }
+ else {
+ ret = wc_AesGcmDecryptUpdate(&ctx->cipher.aes, out, in, inl, NULL,
+ 0);
+ }
+ }
+ *outl = inl;
+ if (ret == 0) {
+ ret = WOLFSSL_SUCCESS;
+ }
+ else {
+ ret = WOLFSSL_FAILURE;
+ }
+ return ret;
+#endif /* WOLFSSL_AESGCM_STREAM */
}
-#endif
+#endif /* HAVE_AESGCM */
/* returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure */
WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
@@ -626,16 +663,16 @@ WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
*outl = 0;
#if !defined(NO_AES) && defined(HAVE_AESGCM)
- switch (ctx->cipherType) {
- case AES_128_GCM_TYPE:
- case AES_192_GCM_TYPE:
- case AES_256_GCM_TYPE:
-/* if out == NULL, in/inl contains the additional authenticated data for GCM */
- return wolfSSL_EVP_CipherUpdate_GCM(ctx, out, outl, in, inl);
- default:
- /* fall-through */
- break;
- }
+ switch (ctx->cipherType) {
+ case AES_128_GCM_TYPE:
+ case AES_192_GCM_TYPE:
+ case AES_256_GCM_TYPE:
+ /* if out == NULL, in/inl contains the additional authenticated data * for GCM */
+ return wolfSSL_EVP_CipherUpdate_GCM(ctx, out, outl, in, inl);
+ default:
+ /* fall-through */
+ break;
+ }
#endif /* !defined(NO_AES) && defined(HAVE_AESGCM) */
if (out == NULL) {
@@ -770,6 +807,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
case AES_128_GCM_TYPE:
case AES_192_GCM_TYPE:
case AES_256_GCM_TYPE:
+#ifndef WOLFSSL_AESGCM_STREAM
if ((ctx->gcmBuffer && ctx->gcmBufferLen > 0)
|| (ctx->gcmBufferLen == 0)) {
if (ctx->enc)
@@ -799,6 +837,24 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
else {
*outl = 0;
}
+#else
+ /* No data to return - all handled in Update. */
+ *outl = 0;
+ if (ctx->enc) {
+ ret = wc_AesGcmEncryptFinal(&ctx->cipher.aes, ctx->authTag,
+ ctx->authTagSz);
+ }
+ else {
+ ret = wc_AesGcmDecryptFinal(&ctx->cipher.aes, ctx->authTag,
+ ctx->authTagSz);
+ }
+ if (ret == 0) {
+ ret = WOLFSSL_SUCCESS;
+ }
+ else {
+ ret = WOLFSSL_FAILURE;
+ }
+#endif /* WOLFSSL_AESGCM_STREAM */
/* Clear IV, since IV reuse is not recommended for AES GCM. */
XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE);
break;
@@ -2172,7 +2228,10 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
switch (pkey->type) {
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
case EVP_PKEY_RSA: {
- int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx));
+ int nid;
+ const WOLFSSL_EVP_MD *ctxmd = wolfSSL_EVP_MD_CTX_md(ctx);
+ if (ctxmd == NULL) break;
+ nid = wolfSSL_EVP_MD_type(ctxmd);
if (nid < 0) break;
return wolfSSL_RSA_sign(nid, md, mdsize, sigret,
siglen, pkey->rsa);
@@ -2248,7 +2307,10 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
switch (pkey->type) {
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
case EVP_PKEY_RSA: {
- int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx));
+ int nid;
+ const WOLFSSL_EVP_MD *ctxmd = wolfSSL_EVP_MD_CTX_md(ctx);
+ if (ctxmd == NULL) break;
+ nid = wolfSSL_EVP_MD_type(ctxmd);
if (nid < 0) break;
return wolfSSL_RSA_verify(nid, md, mdsize, sig,
(unsigned int)siglen, pkey->rsa);
@@ -2624,7 +2686,11 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
case EVP_PKEY_RSA: {
unsigned int sigSz;
- int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx));
+ int nid;
+ const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx);
+ if (md == NULL)
+ break;
+ nid = wolfSSL_EVP_MD_type(md);
if (nid < 0)
break;
ret = wolfSSL_RSA_sign_generic_padding(nid, digest, hashLen,
@@ -2717,7 +2783,11 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
switch (ctx->pctx->pkey->type) {
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
case EVP_PKEY_RSA: {
- int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx));
+ int nid;
+ const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx);
+ if (md == NULL)
+ return WOLFSSL_FAILURE;
+ nid = wolfSSL_EVP_MD_type(md);
if (nid < 0)
return WOLFSSL_FAILURE;
return wolfSSL_RSA_verify_ex(nid, digest, hashLen, sig,
@@ -4089,10 +4159,18 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
WOLFSSL_MSG("Key or IV not set");
break;
}
- if ((ret = wc_AesGcmSetExtIV(&ctx->cipher.aes, ctx->iv, ctx->ivSz)) != 0) {
+ if ((ret = wc_AesGcmSetExtIV(&ctx->cipher.aes, ctx->iv,
+ ctx->ivSz)) != 0) {
WOLFSSL_MSG("wc_AesGcmSetIV failed");
ret = WOLFSSL_FAILURE;
}
+#ifdef WOLFSSL_AESGCM_STREAM
+ /* Initialize using IV cached in Aes object. */
+ if (wc_AesGcmInit(&ctx->cipher.aes, NULL, 0, NULL, 0) != 0) {
+ WOLFSSL_MSG("wc_AesGcmInit failed");
+ ret = WOLFSSL_FAILURE;
+ }
+#endif /* WOLFSSL_AESGCM_STREAM */
/* OpenSSL increments the IV. Not sure why */
IncCtr(ctx->iv, ctx->ivSz);
break;
@@ -4389,14 +4467,25 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
ctx->authTagSz = AES_BLOCK_SIZE;
ctx->ivSz = GCM_NONCE_MID_SZ;
+#ifndef WOLFSSL_AESGCM_STREAM
if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) {
WOLFSSL_MSG("wc_AesGcmSetKey() failed");
return WOLFSSL_FAILURE;
}
+#endif /* !WOLFSSL_AESGCM_STREAM */
if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) {
WOLFSSL_MSG("wc_AesGcmSetExtIV() failed");
return WOLFSSL_FAILURE;
}
+#ifdef WOLFSSL_AESGCM_STREAM
+ /* Initialize with key and IV if available. */
+ if (wc_AesGcmInit(&ctx->cipher.aes, key,
+ (key == NULL) ? 0 : ctx->keyLen, iv,
+ (iv == NULL) ? 0 : GCM_NONCE_MID_SZ) != 0) {
+ WOLFSSL_MSG("wc_AesGcmInit() failed");
+ return WOLFSSL_FAILURE;
+ }
+#endif /* WOLFSSL_AESGCM_STREAM */
if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0;
}
@@ -4414,14 +4503,25 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
ctx->authTagSz = AES_BLOCK_SIZE;
ctx->ivSz = GCM_NONCE_MID_SZ;
+#ifndef WOLFSSL_AESGCM_STREAM
if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) {
WOLFSSL_MSG("wc_AesGcmSetKey() failed");
return WOLFSSL_FAILURE;
}
+#endif /* !WOLFSSL_AESGCM_STREAM */
if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) {
WOLFSSL_MSG("wc_AesGcmSetExtIV() failed");
return WOLFSSL_FAILURE;
}
+#ifdef WOLFSSL_AESGCM_STREAM
+ /* Initialize with key and IV if available. */
+ if (wc_AesGcmInit(&ctx->cipher.aes, key,
+ (key == NULL) ? 0 : ctx->keyLen, iv,
+ (iv == NULL) ? 0 : GCM_NONCE_MID_SZ) != 0) {
+ WOLFSSL_MSG("wc_AesGcmInit() failed");
+ return WOLFSSL_FAILURE;
+ }
+#endif /* WOLFSSL_AESGCM_STREAM */
if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0;
}
@@ -4439,14 +4539,25 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
ctx->authTagSz = AES_BLOCK_SIZE;
ctx->ivSz = GCM_NONCE_MID_SZ;
+#ifndef WOLFSSL_AESGCM_STREAM
if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) {
WOLFSSL_MSG("wc_AesGcmSetKey() failed");
return WOLFSSL_FAILURE;
}
+#endif /* !WOLFSSL_AESGCM_STREAM */
if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) {
WOLFSSL_MSG("wc_AesGcmSetExtIV() failed");
return WOLFSSL_FAILURE;
}
+#ifdef WOLFSSL_AESGCM_STREAM
+ /* Initialize with key and IV if available. */
+ if (wc_AesGcmInit(&ctx->cipher.aes,
+ key, (key == NULL) ? 0 : ctx->keyLen,
+ iv, (iv == NULL) ? 0 : GCM_NONCE_MID_SZ) != 0) {
+ WOLFSSL_MSG("wc_AesGcmInit() failed");
+ return WOLFSSL_FAILURE;
+ }
+#endif /* WOLFSSL_AESGCM_STREAM */
if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0;
}
@@ -4498,7 +4609,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0;
if (key) {
- ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
+ ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
AES_ENCRYPTION, 1);
if (ret != 0)
return WOLFSSL_FAILURE;
@@ -4526,7 +4637,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0;
if (key) {
- ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
+ ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
AES_ENCRYPTION, 1);
if (ret != 0)
return WOLFSSL_FAILURE;
@@ -4552,7 +4663,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0;
if (key) {
- ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, NULL,
+ ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, NULL,
ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 1);
}
if (ret != 0)
@@ -5278,6 +5389,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
case AES_192_GCM_TYPE :
case AES_256_GCM_TYPE :
WOLFSSL_MSG("AES GCM");
+#ifndef WOLFSSL_AESGCM_STREAM
if (!dst) {
ret = wolfSSL_EVP_CipherUpdate_GCM_AAD(ctx, src, len);
}
@@ -5291,6 +5403,50 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
len, ctx->iv, ctx->ivSz, ctx->authTag,
ctx->authTagSz, ctx->gcmAuthIn, ctx->gcmAuthInSz);
}
+#else
+ /* Do one shot operation with streaming API as other
+ * initialization set up for streaming. */
+ ret = wc_AesGcmInit(&ctx->cipher.aes, NULL, 0, ctx->iv,
+ ctx->ivSz);
+ /* No destination means only AAD. */
+ if ((ret == 0) && (dst == NULL)) {
+ if (ctx->enc) {
+ ret = wc_AesGcmEncryptUpdate(&ctx->cipher.aes, NULL,
+ NULL, 0, src, len);
+ }
+ else {
+ ret = wc_AesGcmDecryptUpdate(&ctx->cipher.aes, NULL,
+ NULL, 0, src, len);
+ }
+ }
+ /* Only plaintext/cipher text. */
+ else if (ret == 0) {
+ if (ctx->enc) {
+ ret = wc_AesGcmEncryptUpdate(&ctx->cipher.aes, dst, src,
+ len, NULL, 0);
+ }
+ else {
+ ret = wc_AesGcmDecryptUpdate(&ctx->cipher.aes, dst, src,
+ len, NULL, 0);
+ if (ret == 0) {
+ ret = wc_AesGcmDecryptFinal(&ctx->cipher.aes,
+ ctx->authTag, ctx->authTagSz);
+ }
+ }
+ }
+ if (ret == 0) {
+ if (ctx->enc) {
+ /* Calculate authentication tag. */
+ ret = wc_AesGcmEncryptFinal(&ctx->cipher.aes,
+ ctx->authTag, ctx->authTagSz);
+ }
+ else {
+ /* Calculate authentication tag and compare. */
+ ret = wc_AesGcmDecryptFinal(&ctx->cipher.aes,
+ ctx->authTag, ctx->authTagSz);
+ }
+ }
+#endif /* WOLFSSL_AESGCM_STREAM */
if (ret == 0)
ret = len;
break;
@@ -6726,17 +6882,24 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_ex(void* heap)
XMEMSET(pkey, 0, sizeof(WOLFSSL_EVP_PKEY));
pkey->heap = heap;
pkey->type = WOLFSSL_EVP_PKEY_DEFAULT;
+
+ /* init of mutex needs to come before wolfSSL_EVP_PKEY_free */
+ ret = wc_InitMutex(&pkey->refMutex);
+ if (ret != 0){
+ XFREE(pkey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
+ WOLFSSL_MSG("Issue initializing mutex");
+ return NULL;
+ }
+
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&pkey->rng, heap, INVALID_DEVID);
#else
ret = wc_InitRng(&pkey->rng);
#endif
pkey->references = 1;
- wc_InitMutex(&pkey->refMutex); /* init of mutex needs to come before
- * wolfSSL_EVP_PKEY_free */
if (ret != 0){
wolfSSL_EVP_PKEY_free(pkey);
- WOLFSSL_MSG("memory failure");
+ WOLFSSL_MSG("Issue initializing RNG");
return NULL;
}
}
diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c
index 818c505af..4344fb962 100644
--- a/wolfcrypt/src/hmac.c
+++ b/wolfcrypt/src/hmac.c
@@ -200,62 +200,66 @@ int wc_HmacSizeByType(int type)
int _InitHmac(Hmac* hmac, int type, void* heap)
{
int ret = 0;
-
+#ifdef WOLF_CRYPTO_CB
+ int devId = hmac->devId;
+#else
+ int devId = INVALID_DEVID;
+#endif
switch (type) {
#ifndef NO_MD5
case WC_MD5:
- ret = wc_InitMd5(&hmac->hash.md5);
+ ret = wc_InitMd5_ex(&hmac->hash.md5, heap, devId);
break;
#endif /* !NO_MD5 */
#ifndef NO_SHA
case WC_SHA:
- ret = wc_InitSha(&hmac->hash.sha);
+ ret = wc_InitSha_ex(&hmac->hash.sha, heap, devId);
break;
#endif /* !NO_SHA */
#ifdef WOLFSSL_SHA224
case WC_SHA224:
- ret = wc_InitSha224(&hmac->hash.sha224);
+ ret = wc_InitSha224_ex(&hmac->hash.sha224, heap, devId);
break;
#endif /* WOLFSSL_SHA224 */
#ifndef NO_SHA256
case WC_SHA256:
- ret = wc_InitSha256(&hmac->hash.sha256);
+ ret = wc_InitSha256_ex(&hmac->hash.sha256, heap, devId);
break;
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_SHA384
case WC_SHA384:
- ret = wc_InitSha384(&hmac->hash.sha384);
+ ret = wc_InitSha384_ex(&hmac->hash.sha384, heap, devId);
break;
#endif /* WOLFSSL_SHA384 */
#ifdef WOLFSSL_SHA512
case WC_SHA512:
- ret = wc_InitSha512(&hmac->hash.sha512);
+ ret = wc_InitSha512_ex(&hmac->hash.sha512, heap, devId);
break;
#endif /* WOLFSSL_SHA512 */
#ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224
case WC_SHA3_224:
- ret = wc_InitSha3_224(&hmac->hash.sha3, heap, INVALID_DEVID);
+ ret = wc_InitSha3_224(&hmac->hash.sha3, heap, devId);
break;
#endif
#ifndef WOLFSSL_NOSHA3_256
case WC_SHA3_256:
- ret = wc_InitSha3_256(&hmac->hash.sha3, heap, INVALID_DEVID);
+ ret = wc_InitSha3_256(&hmac->hash.sha3, heap, devId);
break;
#endif
#ifndef WOLFSSL_NOSHA3_384
case WC_SHA3_384:
- ret = wc_InitSha3_384(&hmac->hash.sha3, heap, INVALID_DEVID);
+ ret = wc_InitSha3_384(&hmac->hash.sha3, heap, devId);
break;
#endif
#ifndef WOLFSSL_NOSHA3_512
case WC_SHA3_512:
- ret = wc_InitSha3_512(&hmac->hash.sha3, heap, INVALID_DEVID);
+ ret = wc_InitSha3_512(&hmac->hash.sha3, heap, devId);
break;
#endif
#endif
diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
index fbdff4c6f..5dd9e15fc 100644
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -868,16 +868,13 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
return MP_VAL;
}
if (mp_isone(P)) {
- mp_set(Y, 0);
- return MP_OKAY;
+ return mp_set(Y, 0);
}
if (mp_iszero(X)) {
- mp_set(Y, 1);
- return MP_OKAY;
+ return mp_set(Y, 1);
}
if (mp_iszero(G)) {
- mp_set(Y, 0);
- return MP_OKAY;
+ return mp_set(Y, 0);
}
/* if exponent X is negative we have to recurse */
@@ -1449,10 +1446,10 @@ int mp_set (mp_int * a, mp_digit b)
/* check if a bit is set */
int mp_is_bit_set (mp_int *a, mp_digit b)
{
- int i = (int)(b / DIGIT_BIT); /* word index */
- int s = b % DIGIT_BIT; /* bit index */
+ mp_digit i = b / DIGIT_BIT; /* word index */
+ mp_digit s = b % DIGIT_BIT; /* bit index */
- if (a->used <= i) {
+ if ((mp_digit)a->used <= i) {
/* no words avaialable at that bit count */
return 0;
}
@@ -2415,7 +2412,7 @@ int mp_exptmod_base_2(mp_int * X, mp_int * P, mp_int * Y)
}
/* swap res with Y */
- mp_copy(res, Y);
+ err = mp_copy(res, Y);
LBL_RES:mp_clear (res);
LBL_M:
diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c
index 824f91aa0..9b581c0ac 100644
--- a/wolfcrypt/src/pkcs12.c
+++ b/wolfcrypt/src/pkcs12.c
@@ -755,7 +755,14 @@ int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz)
outerSz += mac->saltSz;
/* MAC iterations */
- outerSz += SetShortInt(ASNSHORT, &tmpIdx, mac->itt, MAX_SHORT_SZ);
+ ret = SetShortInt(ASNSHORT, &tmpIdx, mac->itt, MAX_SHORT_SZ);
+ if (ret >= 0) {
+ outerSz += ret;
+ ret = 0;
+ }
+ else {
+ return ret;
+ }
/* sequence of inner data */
outerSz += SetSequence(innerSz, seq);
@@ -1817,6 +1824,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
idx += SetObjectId(sizeof(WC_PKCS12_DATA_OID), out + idx);
if (idx + sizeof(WC_PKCS12_DATA_OID) > *outSz){
WOLFSSL_MSG("Buffer not large enough for DATA OID");
+ XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
return BUFFER_E;
}
XMEMCPY(out + idx, WC_PKCS12_DATA_OID, sizeof(WC_PKCS12_DATA_OID));
@@ -1824,6 +1832,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
/* copy over encrypted data */
if (idx + encSz > *outSz){
+ XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
return BUFFER_E;
}
XMEMCPY(out + idx, tmp, encSz);
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 460e00575..0073e895e 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -5077,6 +5077,11 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length);
if (pkcs7->stream->flagOne) {
pkiMsg2 = pkiMsg;
+
+ /* check if using internal stream buffer and should adjust sz */
+ if (pkiMsg != in && pkcs7->stream->length > 0) {
+ pkiMsg2Sz = pkcs7->stream->length;
+ }
}
/* restore content type */
@@ -5136,7 +5141,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
}
}
else {
- /* last state expect the reset of the buffer */
+ /* last state expect the rest of the buffer */
pkcs7->stream->expected = (pkcs7->stream->maxLen -
pkcs7->stream->totalRd) + pkcs7->stream->length;
}
@@ -5155,6 +5160,11 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length);
if (pkcs7->stream->flagOne) {
pkiMsg2 = pkiMsg;
+
+ /* check if using internal stream buffer and should adjust sz */
+ if (pkiMsg != in && pkcs7->stream->length > 0) {
+ pkiMsg2Sz = pkcs7->stream->length;
+ }
}
/* restore content */
diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519.S b/wolfcrypt/src/port/arm/armv8-32-curve25519.S
index f52fc07ac..26fe61855 100644
--- a/wolfcrypt/src/port/arm/armv8-32-curve25519.S
+++ b/wolfcrypt/src/port/arm/armv8-32-curve25519.S
@@ -23,7 +23,7 @@
* cd ../scripts
* ruby ./x25519/x25519.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.S
*/
-#ifdef WOLFSSL_ARMASM
+#if defined(WOLFSSL_ARMASM) && defined(HAVE_CURVE25519)
#ifndef __aarch64__
.text
.align 2
@@ -6008,7 +6008,7 @@ fe_ge_sub:
pop {r4, r5, r6, r7, r8, r9, r10, r11, pc}
.size fe_ge_sub,.-fe_ge_sub
#endif /* !__aarch64__ */
-#endif /* WOLFSSL_ARMASM */
+#endif /* WOLFSSL_ARMASM && HAVE_CURVE25519 */
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519.c b/wolfcrypt/src/port/arm/armv8-32-curve25519.c
index 607ad913e..ddc08f644 100644
--- a/wolfcrypt/src/port/arm/armv8-32-curve25519.c
+++ b/wolfcrypt/src/port/arm/armv8-32-curve25519.c
@@ -23,7 +23,7 @@
* cd ../scripts
* ruby ./x25519/x25519.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.c
*/
-#ifdef WOLFSSL_ARMASM
+#if defined(WOLFSSL_ARMASM) && defined(HAVE_CURVE25519)
#ifndef __aarch64__
#include
#ifdef HAVE_CONFIG_H
@@ -5573,4 +5573,4 @@ void fe_ge_sub(fe rx, fe ry, fe rz, fe rt, const fe px, const fe py, const fe pz
}
#endif /* !__aarch64__ */
-#endif /* WOLFSSL_ARMASM */
+#endif /* WOLFSSL_ARMASM && HAVE_CURVE25519 */
diff --git a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
index 23e67fa3d..c42cf63b1 100644
--- a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
+++ b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
@@ -23,7 +23,7 @@
* cd ../scripts
* ruby ./sha2/sha512.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
*/
-#ifdef WOLFSSL_ARMASM
+#if defined(WOLFSSL_ARMASM) && defined(WOLFSSL_SHA512)
#ifndef __aarch64__
#ifdef WOLFSSL_ARMASM_NO_NEON
.text
@@ -5331,7 +5331,7 @@ L_sha512_len_neon_start:
.size Transform_Sha512_Len,.-Transform_Sha512_Len
#endif /* !WOLFSSL_ARMASM_NO_NEON */
#endif /* !__aarch64__ */
-#endif /* WOLFSSL_ARMASM */
+#endif /* WOLFSSL_ARMASM && WOLFSSL_SHA512 */
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.c b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.c
index a52cd75c6..53e5b9743 100644
--- a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.c
+++ b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.c
@@ -23,7 +23,7 @@
* cd ../scripts
* ruby ./sha2/sha512.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.c
*/
-#ifdef WOLFSSL_ARMASM
+#if defined(WOLFSSL_ARMASM) && defined(WOLFSSL_SHA512)
#ifndef __aarch64__
#include
#ifdef HAVE_CONFIG_H
@@ -4776,4 +4776,4 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len)
#endif /* !WOLFSSL_ARMASM_NO_NEON */
#endif /* !__aarch64__ */
-#endif /* WOLFSSL_ARMASM */
+#endif /* WOLFSSL_ARMASM && WOLFSSL_SHA512 */
diff --git a/wolfcrypt/src/port/arm/armv8-curve25519.S b/wolfcrypt/src/port/arm/armv8-curve25519.S
index b05f0a23b..d07210a68 100644
--- a/wolfcrypt/src/port/arm/armv8-curve25519.S
+++ b/wolfcrypt/src/port/arm/armv8-curve25519.S
@@ -28,7 +28,7 @@
* cd ../scripts
* ruby ./x25519/x25519.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-curve25519.S
*/
-#ifdef WOLFSSL_ARMASM
+#if defined(WOLFSSL_ARMASM) && defined(HAVE_CURVE25519)
#ifdef __aarch64__
#ifndef __APPLE__
.text
@@ -7472,7 +7472,7 @@ _fe_ge_sub:
.size fe_ge_sub,.-fe_ge_sub
#endif /* __APPLE__ */
#endif /* __aarch64__ */
-#endif /* WOLFSSL_ARMASM */
+#endif /* WOLFSSL_ARMASM && HAVE_CURVE25519 */
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/wolfcrypt/src/port/arm/armv8-curve25519.c b/wolfcrypt/src/port/arm/armv8-curve25519.c
index 213512297..81352c705 100644
--- a/wolfcrypt/src/port/arm/armv8-curve25519.c
+++ b/wolfcrypt/src/port/arm/armv8-curve25519.c
@@ -28,7 +28,7 @@
* cd ../scripts
* ruby ./x25519/x25519.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-curve25519.c
*/
-#ifdef WOLFSSL_ARMASM
+#if defined(WOLFSSL_ARMASM) && defined(HAVE_CURVE25519)
#ifdef __aarch64__
#include
@@ -7217,4 +7217,4 @@ void fe_ge_sub(fe rx, fe ry, fe rz, fe rt, const fe px, const fe py, const fe pz
}
#endif /* __aarch64__ */
-#endif /* WOLFSSL_ARMASM */
+#endif /* WOLFSSL_ARMASM && HAVE_CURVE25519 */
diff --git a/wolfcrypt/src/port/arm/armv8-sha256.c b/wolfcrypt/src/port/arm/armv8-sha256.c
index 8ae994fc8..de65ec2e6 100644
--- a/wolfcrypt/src/port/arm/armv8-sha256.c
+++ b/wolfcrypt/src/port/arm/armv8-sha256.c
@@ -96,6 +96,188 @@ static WC_INLINE void AddLength(wc_Sha256* sha256, word32 len)
#ifdef __aarch64__
+/* First block is in sha256->buffer and rest in data. */
+static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data,
+ word32 numBlocks)
+{
+ word32* k = (word32*)K;
+
+ __asm__ volatile (
+ "#load leftover data\n"
+ "LD1 {v0.2d-v3.2d}, %[buffer] \n"
+
+ "#load current digest\n"
+ "LD1 {v12.2d-v13.2d}, %[digest] \n"
+ "MOV w8, %w[blocks] \n"
+ "REV32 v0.16b, v0.16b \n"
+ "REV32 v1.16b, v1.16b \n"
+ "REV32 v2.16b, v2.16b \n"
+ "REV32 v3.16b, v3.16b \n"
+
+ "#load K values in \n"
+ "LD1 {v16.4s-v19.4s}, [%[k]], #64 \n"
+ "LD1 {v20.4s-v23.4s}, [%[k]], #64 \n"
+ "MOV v14.16b, v12.16b \n" /* store digest for add at the end */
+ "MOV v15.16b, v13.16b \n"
+ "LD1 {v24.4s-v27.4s}, [%[k]], #64 \n"
+ "LD1 {v28.4s-v31.4s}, [%[k]], #64 \n"
+
+ /* beginning of SHA256 block operation */
+ "1:\n"
+ /* Round 1 */
+ "MOV v4.16b, v0.16b \n"
+ "ADD v0.4s, v0.4s, v16.4s \n"
+ "MOV v11.16b, v12.16b \n"
+ "SHA256H q12, q13, v0.4s \n"
+ "SHA256H2 q13, q11, v0.4s \n"
+
+ /* Round 2 */
+ "SHA256SU0 v4.4s, v1.4s \n"
+ "ADD v0.4s, v1.4s, v17.4s \n"
+ "MOV v11.16b, v12.16b \n"
+ "SHA256SU1 v4.4s, v2.4s, v3.4s \n"
+ "SHA256H q12, q13, v0.4s \n"
+ "SHA256H2 q13, q11, v0.4s \n"
+
+ /* Round 3 */
+ "SHA256SU0 v1.4s, v2.4s \n"
+ "ADD v0.4s, v2.4s, v18.4s \n"
+ "MOV v11.16b, v12.16b \n"
+ "SHA256SU1 v1.4s, v3.4s, v4.4s \n"
+ "SHA256H q12, q13, v0.4s \n"
+ "SHA256H2 q13, q11, v0.4s \n"
+
+ /* Round 4 */
+ "SHA256SU0 v2.4s, v3.4s \n"
+ "ADD v0.4s, v3.4s, v19.4s \n"
+ "MOV v11.16b, v12.16b \n"
+ "SHA256SU1 v2.4s, v4.4s, v1.4s \n"
+ "SHA256H q12, q13, v0.4s \n"
+ "SHA256H2 q13, q11, v0.4s \n"
+
+ /* Round 5 */
+ "SHA256SU0 v3.4s, v4.4s \n"
+ "ADD v0.4s, v4.4s, v20.4s \n"
+ "MOV v11.16b, v12.16b \n"
+ "SHA256SU1 v3.4s, v1.4s, v2.4s \n"
+ "SHA256H q12, q13, v0.4s \n"
+ "SHA256H2 q13, q11, v0.4s \n"
+
+ /* Round 6 */
+ "SHA256SU0 v4.4s, v1.4s \n"
+ "ADD v0.4s, v1.4s, v21.4s \n"
+ "MOV v11.16b, v12.16b \n"
+ "SHA256SU1 v4.4s, v2.4s, v3.4s \n"
+ "SHA256H q12, q13, v0.4s \n"
+ "SHA256H2 q13, q11, v0.4s \n"
+
+ /* Round 7 */
+ "SHA256SU0 v1.4s, v2.4s \n"
+ "ADD v0.4s, v2.4s, v22.4s \n"
+ "MOV v11.16b, v12.16b \n"
+ "SHA256SU1 v1.4s, v3.4s, v4.4s \n"
+ "SHA256H q12, q13, v0.4s \n"
+ "SHA256H2 q13, q11, v0.4s \n"
+
+ /* Round 8 */
+ "SHA256SU0 v2.4s, v3.4s \n"
+ "ADD v0.4s, v3.4s, v23.4s \n"
+ "MOV v11.16b, v12.16b \n"
+ "SHA256SU1 v2.4s, v4.4s, v1.4s \n"
+ "SHA256H q12, q13, v0.4s \n"
+ "SHA256H2 q13, q11, v0.4s \n"
+
+ /* Round 9 */
+ "SHA256SU0 v3.4s, v4.4s \n"
+ "ADD v0.4s, v4.4s, v24.4s \n"
+ "MOV v11.16b, v12.16b \n"
+ "SHA256SU1 v3.4s, v1.4s, v2.4s \n"
+ "SHA256H q12, q13, v0.4s \n"
+ "SHA256H2 q13, q11, v0.4s \n"
+
+ /* Round 10 */
+ "SHA256SU0 v4.4s, v1.4s \n"
+ "ADD v0.4s, v1.4s, v25.4s \n"
+ "MOV v11.16b, v12.16b \n"
+ "SHA256SU1 v4.4s, v2.4s, v3.4s \n"
+ "SHA256H q12, q13, v0.4s \n"
+ "SHA256H2 q13, q11, v0.4s \n"
+
+ /* Round 11 */
+ "SHA256SU0 v1.4s, v2.4s \n"
+ "ADD v0.4s, v2.4s, v26.4s \n"
+ "MOV v11.16b, v12.16b \n"
+ "SHA256SU1 v1.4s, v3.4s, v4.4s \n"
+ "SHA256H q12, q13, v0.4s \n"
+ "SHA256H2 q13, q11, v0.4s \n"
+
+ /* Round 12 */
+ "SHA256SU0 v2.4s, v3.4s \n"
+ "ADD v0.4s, v3.4s, v27.4s \n"
+ "MOV v11.16b, v12.16b \n"
+ "SHA256SU1 v2.4s, v4.4s, v1.4s \n"
+ "SHA256H q12, q13, v0.4s \n"
+ "SHA256H2 q13, q11, v0.4s \n"
+
+ /* Round 13 */
+ "SHA256SU0 v3.4s, v4.4s \n"
+ "ADD v0.4s, v4.4s, v28.4s \n"
+ "MOV v11.16b, v12.16b \n"
+ "SHA256SU1 v3.4s, v1.4s, v2.4s \n"
+ "SHA256H q12, q13, v0.4s \n"
+ "SHA256H2 q13, q11, v0.4s \n"
+
+ /* Round 14 */
+ "ADD v0.4s, v1.4s, v29.4s \n"
+ "MOV v11.16b, v12.16b \n"
+ "SHA256H q12, q13, v0.4s \n"
+ "SHA256H2 q13, q11, v0.4s \n"
+
+ /* Round 15 */
+ "ADD v0.4s, v2.4s, v30.4s \n"
+ "MOV v11.16b, v12.16b \n"
+ "SHA256H q12, q13, v0.4s \n"
+ "SHA256H2 q13, q11, v0.4s \n"
+
+ /* Round 16 */
+ "ADD v0.4s, v3.4s, v31.4s \n"
+ "MOV v11.16b, v12.16b \n"
+ "SHA256H q12, q13, v0.4s \n"
+ "SHA256H2 q13, q11, v0.4s \n"
+
+ "#Add working vars back into digest state \n"
+ "SUB w8, w8, #1 \n"
+ "ADD v12.4s, v12.4s, v14.4s \n"
+ "ADD v13.4s, v13.4s, v15.4s \n"
+
+ "#check if more blocks should be done\n"
+ "CBZ w8, 2f \n"
+
+ "#load in message and schedule updates \n"
+ "LD1 {v0.2d-v3.2d}, [%[dataIn]], #64 \n"
+ "MOV v14.16b, v12.16b \n"
+ "MOV v15.16b, v13.16b \n"
+ "REV32 v0.16b, v0.16b \n"
+ "REV32 v1.16b, v1.16b \n"
+ "REV32 v2.16b, v2.16b \n"
+ "REV32 v3.16b, v3.16b \n"
+ "B 1b \n" /* do another block */
+
+ "2:\n"
+ "STP q12, q13, %[out] \n"
+
+ : [out] "=m" (sha256->digest), "=m" (sha256->buffer), "=r" (numBlocks),
+ "=r" (data), "=r" (k)
+ : [k] "4" (k), [digest] "m" (sha256->digest), [buffer] "m" (sha256->buffer),
+ [blocks] "2" (numBlocks), [dataIn] "3" (data)
+ : "cc", "memory", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
+ "v8", "v9", "v10", "v11", "v12", "v13", "v14",
+ "v15", "v16", "v17", "v18", "v19", "v20", "v21",
+ "v22", "v23", "v24", "v25", "v26", "v27", "v28",
+ "v29", "v30", "v31", "w8"
+ );
+}
+
/* ARMv8 hardware acceleration */
static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
{
@@ -115,184 +297,10 @@ static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 le
numBlocks = (len + sha256->buffLen)/WC_SHA256_BLOCK_SIZE;
if (numBlocks > 0) {
- word32* k = (word32*)K;
-
/* get leftover amount after blocks */
add = (len + sha256->buffLen) - numBlocks * WC_SHA256_BLOCK_SIZE;
- __asm__ volatile (
- "#load leftover data\n"
- "LD1 {v0.2d-v3.2d}, %[buffer] \n"
- "#load current digest\n"
- "LD1 {v12.2d-v13.2d}, %[digest] \n"
- "MOV w8, %w[blocks] \n"
- "REV32 v0.16b, v0.16b \n"
- "REV32 v1.16b, v1.16b \n"
- "REV32 v2.16b, v2.16b \n"
- "REV32 v3.16b, v3.16b \n"
-
- "#load K values in \n"
- "LD1 {v16.4s-v19.4s}, [%[k]], #64 \n"
- "LD1 {v20.4s-v23.4s}, [%[k]], #64 \n"
- "MOV v14.16b, v12.16b \n" /* store digest for add at the end */
- "MOV v15.16b, v13.16b \n"
- "LD1 {v24.4s-v27.4s}, [%[k]], #64 \n"
- "LD1 {v28.4s-v31.4s}, [%[k]], #64 \n"
-
- /* beginning of SHA256 block operation */
- "1:\n"
- /* Round 1 */
- "MOV v4.16b, v0.16b \n"
- "ADD v0.4s, v0.4s, v16.4s \n"
- "MOV v11.16b, v12.16b \n"
- "SHA256H q12, q13, v0.4s \n"
- "SHA256H2 q13, q11, v0.4s \n"
-
- /* Round 2 */
- "SHA256SU0 v4.4s, v1.4s \n"
- "ADD v0.4s, v1.4s, v17.4s \n"
- "MOV v11.16b, v12.16b \n"
- "SHA256SU1 v4.4s, v2.4s, v3.4s \n"
- "SHA256H q12, q13, v0.4s \n"
- "SHA256H2 q13, q11, v0.4s \n"
-
- /* Round 3 */
- "SHA256SU0 v1.4s, v2.4s \n"
- "ADD v0.4s, v2.4s, v18.4s \n"
- "MOV v11.16b, v12.16b \n"
- "SHA256SU1 v1.4s, v3.4s, v4.4s \n"
- "SHA256H q12, q13, v0.4s \n"
- "SHA256H2 q13, q11, v0.4s \n"
-
- /* Round 4 */
- "SHA256SU0 v2.4s, v3.4s \n"
- "ADD v0.4s, v3.4s, v19.4s \n"
- "MOV v11.16b, v12.16b \n"
- "SHA256SU1 v2.4s, v4.4s, v1.4s \n"
- "SHA256H q12, q13, v0.4s \n"
- "SHA256H2 q13, q11, v0.4s \n"
-
- /* Round 5 */
- "SHA256SU0 v3.4s, v4.4s \n"
- "ADD v0.4s, v4.4s, v20.4s \n"
- "MOV v11.16b, v12.16b \n"
- "SHA256SU1 v3.4s, v1.4s, v2.4s \n"
- "SHA256H q12, q13, v0.4s \n"
- "SHA256H2 q13, q11, v0.4s \n"
-
- /* Round 6 */
- "SHA256SU0 v4.4s, v1.4s \n"
- "ADD v0.4s, v1.4s, v21.4s \n"
- "MOV v11.16b, v12.16b \n"
- "SHA256SU1 v4.4s, v2.4s, v3.4s \n"
- "SHA256H q12, q13, v0.4s \n"
- "SHA256H2 q13, q11, v0.4s \n"
-
- /* Round 7 */
- "SHA256SU0 v1.4s, v2.4s \n"
- "ADD v0.4s, v2.4s, v22.4s \n"
- "MOV v11.16b, v12.16b \n"
- "SHA256SU1 v1.4s, v3.4s, v4.4s \n"
- "SHA256H q12, q13, v0.4s \n"
- "SHA256H2 q13, q11, v0.4s \n"
-
- /* Round 8 */
- "SHA256SU0 v2.4s, v3.4s \n"
- "ADD v0.4s, v3.4s, v23.4s \n"
- "MOV v11.16b, v12.16b \n"
- "SHA256SU1 v2.4s, v4.4s, v1.4s \n"
- "SHA256H q12, q13, v0.4s \n"
- "SHA256H2 q13, q11, v0.4s \n"
-
- /* Round 9 */
- "SHA256SU0 v3.4s, v4.4s \n"
- "ADD v0.4s, v4.4s, v24.4s \n"
- "MOV v11.16b, v12.16b \n"
- "SHA256SU1 v3.4s, v1.4s, v2.4s \n"
- "SHA256H q12, q13, v0.4s \n"
- "SHA256H2 q13, q11, v0.4s \n"
-
- /* Round 10 */
- "SHA256SU0 v4.4s, v1.4s \n"
- "ADD v0.4s, v1.4s, v25.4s \n"
- "MOV v11.16b, v12.16b \n"
- "SHA256SU1 v4.4s, v2.4s, v3.4s \n"
- "SHA256H q12, q13, v0.4s \n"
- "SHA256H2 q13, q11, v0.4s \n"
-
- /* Round 11 */
- "SHA256SU0 v1.4s, v2.4s \n"
- "ADD v0.4s, v2.4s, v26.4s \n"
- "MOV v11.16b, v12.16b \n"
- "SHA256SU1 v1.4s, v3.4s, v4.4s \n"
- "SHA256H q12, q13, v0.4s \n"
- "SHA256H2 q13, q11, v0.4s \n"
-
- /* Round 12 */
- "SHA256SU0 v2.4s, v3.4s \n"
- "ADD v0.4s, v3.4s, v27.4s \n"
- "MOV v11.16b, v12.16b \n"
- "SHA256SU1 v2.4s, v4.4s, v1.4s \n"
- "SHA256H q12, q13, v0.4s \n"
- "SHA256H2 q13, q11, v0.4s \n"
-
- /* Round 13 */
- "SHA256SU0 v3.4s, v4.4s \n"
- "ADD v0.4s, v4.4s, v28.4s \n"
- "MOV v11.16b, v12.16b \n"
- "SHA256SU1 v3.4s, v1.4s, v2.4s \n"
- "SHA256H q12, q13, v0.4s \n"
- "SHA256H2 q13, q11, v0.4s \n"
-
- /* Round 14 */
- "ADD v0.4s, v1.4s, v29.4s \n"
- "MOV v11.16b, v12.16b \n"
- "SHA256H q12, q13, v0.4s \n"
- "SHA256H2 q13, q11, v0.4s \n"
-
- /* Round 15 */
- "ADD v0.4s, v2.4s, v30.4s \n"
- "MOV v11.16b, v12.16b \n"
- "SHA256H q12, q13, v0.4s \n"
- "SHA256H2 q13, q11, v0.4s \n"
-
- /* Round 16 */
- "ADD v0.4s, v3.4s, v31.4s \n"
- "MOV v11.16b, v12.16b \n"
- "SHA256H q12, q13, v0.4s \n"
- "SHA256H2 q13, q11, v0.4s \n"
-
- "#Add working vars back into digest state \n"
- "SUB w8, w8, #1 \n"
- "ADD v12.4s, v12.4s, v14.4s \n"
- "ADD v13.4s, v13.4s, v15.4s \n"
-
- "#check if more blocks should be done\n"
- "CBZ w8, 2f \n"
-
- "#load in message and schedule updates \n"
- "LD1 {v0.2d-v3.2d}, [%[dataIn]], #64 \n"
- "MOV v14.16b, v12.16b \n"
- "MOV v15.16b, v13.16b \n"
- "REV32 v0.16b, v0.16b \n"
- "REV32 v1.16b, v1.16b \n"
- "REV32 v2.16b, v2.16b \n"
- "REV32 v3.16b, v3.16b \n"
- "B 1b \n" /* do another block */
-
- "2:\n"
- "STP q12, q13, %[out] \n"
-
- : [out] "=m" (sha256->digest), "=m" (sha256->buffer), "=r" (numBlocks),
- "=r" (data), "=r" (k)
- : [k] "4" (k), [digest] "m" (sha256->digest), [buffer] "m" (sha256->buffer),
- [blocks] "2" (numBlocks), [dataIn] "3" (data)
- : "cc", "memory", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
- "v8", "v9", "v10", "v11", "v12", "v13", "v14",
- "v15", "v16", "v17", "v18", "v19", "v20", "v21",
- "v22", "v23", "v24", "v25", "v26", "v27", "v28",
- "v29", "v30", "v31", "w8"
- );
+ Sha256Transform(sha256, data, numBlocks);
AddLength(sha256, WC_SHA256_BLOCK_SIZE * numBlocks);
@@ -658,6 +666,202 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
#else /* not using 64 bit */
+static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data,
+ word32 numBlocks)
+{
+ word32* bufPt = sha256->buffer;
+ word32* digPt = sha256->digest;
+
+ __asm__ volatile (
+ "#load leftover data\n"
+ "VLDM %[buffer]!, {q0-q3} \n"
+
+ "#load current digest\n"
+ "VLDM %[digest], {q12-q13} \n"
+ "MOV r8, %[blocks] \n"
+ "VREV32.8 q0, q0 \n"
+ "VREV32.8 q1, q1 \n"
+ "VREV32.8 q2, q2 \n"
+ "VREV32.8 q3, q3 \n"
+ "VLDM %[k]! ,{q5-q8} \n"
+ "VLDM %[k]! ,{q9}\n"
+
+ "VMOV.32 q14, q12 \n" /* store digest for add at the end */
+ "VMOV.32 q15, q13 \n"
+
+ /* beginning of SHA256 block operation */
+ "1:\n"
+
+ /* Round 1 */
+ "VMOV.32 q4, q0 \n"
+ "VADD.i32 q0, q0, q5 \n"
+ "VMOV.32 q11, q12 \n"
+ "SHA256H.32 q12, q13, q0 \n"
+ "SHA256H2.32 q13, q11, q0 \n"
+
+ /* Round 2 */
+ "SHA256SU0.32 q4, q1 \n"
+ "VADD.i32 q0, q1, q6 \n"
+ "VMOV.32 q11, q12 \n"
+ "SHA256SU1.32 q4, q2, q3 \n"
+ "SHA256H.32 q12, q13, q0 \n"
+ "SHA256H2.32 q13, q11, q0 \n"
+
+ /* Round 3 */
+ "SHA256SU0.32 q1, q2 \n"
+ "VADD.i32 q0, q2, q7 \n"
+ "VMOV.32 q11, q12 \n"
+ "SHA256SU1.32 q1, q3, q4 \n"
+ "SHA256H.32 q12, q13, q0 \n"
+ "SHA256H2.32 q13, q11, q0 \n"
+
+ /* Round 4 */
+ "SHA256SU0.32 q2, q3 \n"
+ "VADD.i32 q0, q3, q8 \n"
+ "VMOV.32 q11, q12 \n"
+ "SHA256SU1.32 q2, q4, q1 \n"
+ "SHA256H.32 q12, q13, q0 \n"
+ "SHA256H2.32 q13, q11, q0 \n"
+
+ /* Round 5 */
+ "SHA256SU0.32 q3, q4 \n"
+ "VADD.i32 q0, q4, q9 \n"
+ "VMOV.32 q11, q12 \n"
+ "SHA256SU1.32 q3, q1, q2 \n"
+ "SHA256H.32 q12, q13, q0 \n"
+ "SHA256H2.32 q13, q11, q0 \n"
+
+ /* Round 6 */
+ "VLD1.32 {q10}, [%[k]]! \n"
+ "SHA256SU0.32 q4, q1 \n"
+ "VADD.i32 q0, q1, q10 \n"
+ "VMOV.32 q11, q12 \n"
+ "SHA256SU1.32 q4, q2, q3 \n"
+ "SHA256H.32 q12, q13, q0 \n"
+ "SHA256H2.32 q13, q11, q0 \n"
+
+ /* Round 7 */
+ "VLD1.32 {q10}, [%[k]]! \n"
+ "SHA256SU0.32 q1, q2 \n"
+ "VADD.i32 q0, q2, q10 \n"
+ "VMOV.32 q11, q12 \n"
+ "SHA256SU1.32 q1, q3, q4 \n"
+ "SHA256H.32 q12, q13, q0 \n"
+ "SHA256H2.32 q13, q11, q0 \n"
+
+ /* Round 8 */
+ "VLD1.32 {q10}, [%[k]]! \n"
+ "SHA256SU0.32 q2, q3 \n"
+ "VADD.i32 q0, q3, q10 \n"
+ "VMOV.32 q11, q12 \n"
+ "SHA256SU1.32 q2, q4, q1 \n"
+ "SHA256H.32 q12, q13, q0 \n"
+ "SHA256H2.32 q13, q11, q0 \n"
+
+ /* Round 9 */
+ "VLD1.32 {q10}, [%[k]]! \n"
+ "SHA256SU0.32 q3, q4 \n"
+ "VADD.i32 q0, q4, q10 \n"
+ "VMOV.32 q11, q12 \n"
+ "SHA256SU1.32 q3, q1, q2 \n"
+ "SHA256H.32 q12, q13, q0 \n"
+ "SHA256H2.32 q13, q11, q0 \n"
+
+ /* Round 10 */
+ "VLD1.32 {q10}, [%[k]]! \n"
+ "SHA256SU0.32 q4, q1 \n"
+ "VADD.i32 q0, q1, q10 \n"
+ "VMOV.32 q11, q12 \n"
+ "SHA256SU1.32 q4, q2, q3 \n"
+ "SHA256H.32 q12, q13, q0 \n"
+ "SHA256H2.32 q13, q11, q0 \n"
+
+ /* Round 11 */
+ "VLD1.32 {q10}, [%[k]]! \n"
+ "SHA256SU0.32 q1, q2 \n"
+ "VADD.i32 q0, q2, q10 \n"
+ "VMOV.32 q11, q12 \n"
+ "SHA256SU1.32 q1, q3, q4 \n"
+ "SHA256H.32 q12, q13, q0 \n"
+ "SHA256H2.32 q13, q11, q0 \n"
+
+ /* Round 12 */
+ "VLD1.32 {q10}, [%[k]]! \n"
+ "SHA256SU0.32 q2, q3 \n"
+ "VADD.i32 q0, q3, q10 \n"
+ "VMOV.32 q11, q12 \n"
+ "SHA256SU1.32 q2, q4, q1 \n"
+ "SHA256H.32 q12, q13, q0 \n"
+ "SHA256H2.32 q13, q11, q0 \n"
+
+ /* Round 13 */
+ "VLD1.32 {q10}, [%[k]]! \n"
+ "SHA256SU0.32 q3, q4 \n"
+ "VADD.i32 q0, q4, q10 \n"
+ "VMOV.32 q11, q12 \n"
+ "SHA256SU1.32 q3, q1, q2 \n"
+ "SHA256H.32 q12, q13, q0 \n"
+ "SHA256H2.32 q13, q11, q0 \n"
+
+ /* Round 14 */
+ "VLD1.32 {q10}, [%[k]]! \n"
+ "VADD.i32 q0, q1, q10 \n"
+ "VMOV.32 q11, q12 \n"
+ "SHA256H.32 q12, q13, q0 \n"
+ "SHA256H2.32 q13, q11, q0 \n"
+
+ /* Round 15 */
+ "VLD1.32 {q10}, [%[k]]! \n"
+ "VADD.i32 q0, q2, q10 \n"
+ "VMOV.32 q11, q12 \n"
+ "SHA256H.32 q12, q13, q0 \n"
+ "SHA256H2.32 q13, q11, q0 \n"
+
+ /* Round 16 */
+ "VLD1.32 {q10}, [%[k]] \n"
+ "SUB r8, r8, #1 \n"
+ "VADD.i32 q0, q3, q10 \n"
+ "VMOV.32 q11, q12 \n"
+ "SHA256H.32 q12, q13, q0 \n"
+ "SHA256H2.32 q13, q11, q0 \n"
+
+ "#Add working vars back into digest state \n"
+ "VADD.i32 q12, q12, q14 \n"
+ "VADD.i32 q13, q13, q15 \n"
+
+ "#check if more blocks should be done\n"
+ "CMP r8, #0 \n"
+ "BEQ 2f \n"
+
+ "#load in message and schedule updates \n"
+ "VLD1.32 {q0}, [%[dataIn]]! \n"
+ "VLD1.32 {q1}, [%[dataIn]]! \n"
+ "VLD1.32 {q2}, [%[dataIn]]! \n"
+ "VLD1.32 {q3}, [%[dataIn]]! \n"
+
+ /* reset K pointer */
+ "SUB %[k], %[k], #160 \n"
+ "VREV32.8 q0, q0 \n"
+ "VREV32.8 q1, q1 \n"
+ "VREV32.8 q2, q2 \n"
+ "VREV32.8 q3, q3 \n"
+ "VMOV.32 q14, q12 \n"
+ "VMOV.32 q15, q13 \n"
+ "B 1b \n" /* do another block */
+
+ "2:\n"
+ "VST1.32 {q12, q13}, [%[out]] \n"
+
+ : [out] "=r" (digPt), "=r" (bufPt), "=r" (numBlocks),
+ "=r" (data)
+ : [k] "r" (K), [digest] "0" (digPt), [buffer] "1" (bufPt),
+ [blocks] "2" (numBlocks), [dataIn] "3" (data)
+ : "cc", "memory", "q0", "q1", "q2", "q3", "q4", "q5", "q6", "q7",
+ "q8", "q9", "q10", "q11", "q12", "q13", "q14",
+ "q15", "r8"
+ );
+}
+
/* ARMv8 hardware acceleration Aarch32 */
static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
{
@@ -677,198 +881,10 @@ static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 le
numBlocks = (len + sha256->buffLen)/WC_SHA256_BLOCK_SIZE;
if (numBlocks > 0) {
- word32* bufPt = sha256->buffer;
- word32* digPt = sha256->digest;
/* get leftover amount after blocks */
add = (len + sha256->buffLen) - numBlocks * WC_SHA256_BLOCK_SIZE;
- __asm__ volatile (
- "#load leftover data\n"
- "VLDM %[buffer]!, {q0-q3} \n"
- "#load current digest\n"
- "VLDM %[digest], {q12-q13} \n"
- "MOV r8, %[blocks] \n"
- "VREV32.8 q0, q0 \n"
- "VREV32.8 q1, q1 \n"
- "VREV32.8 q2, q2 \n"
- "VREV32.8 q3, q3 \n"
- "VLDM %[k]! ,{q5-q8} \n"
- "VLDM %[k]! ,{q9}\n"
-
- "VMOV.32 q14, q12 \n" /* store digest for add at the end */
- "VMOV.32 q15, q13 \n"
-
- /* beginning of SHA256 block operation */
- "1:\n"
-
- /* Round 1 */
- "VMOV.32 q4, q0 \n"
- "VADD.i32 q0, q0, q5 \n"
- "VMOV.32 q11, q12 \n"
- "SHA256H.32 q12, q13, q0 \n"
- "SHA256H2.32 q13, q11, q0 \n"
-
- /* Round 2 */
- "SHA256SU0.32 q4, q1 \n"
- "VADD.i32 q0, q1, q6 \n"
- "VMOV.32 q11, q12 \n"
- "SHA256SU1.32 q4, q2, q3 \n"
- "SHA256H.32 q12, q13, q0 \n"
- "SHA256H2.32 q13, q11, q0 \n"
-
- /* Round 3 */
- "SHA256SU0.32 q1, q2 \n"
- "VADD.i32 q0, q2, q7 \n"
- "VMOV.32 q11, q12 \n"
- "SHA256SU1.32 q1, q3, q4 \n"
- "SHA256H.32 q12, q13, q0 \n"
- "SHA256H2.32 q13, q11, q0 \n"
-
- /* Round 4 */
- "SHA256SU0.32 q2, q3 \n"
- "VADD.i32 q0, q3, q8 \n"
- "VMOV.32 q11, q12 \n"
- "SHA256SU1.32 q2, q4, q1 \n"
- "SHA256H.32 q12, q13, q0 \n"
- "SHA256H2.32 q13, q11, q0 \n"
-
- /* Round 5 */
- "SHA256SU0.32 q3, q4 \n"
- "VADD.i32 q0, q4, q9 \n"
- "VMOV.32 q11, q12 \n"
- "SHA256SU1.32 q3, q1, q2 \n"
- "SHA256H.32 q12, q13, q0 \n"
- "SHA256H2.32 q13, q11, q0 \n"
-
- /* Round 6 */
- "VLD1.32 {q10}, [%[k]]! \n"
- "SHA256SU0.32 q4, q1 \n"
- "VADD.i32 q0, q1, q10 \n"
- "VMOV.32 q11, q12 \n"
- "SHA256SU1.32 q4, q2, q3 \n"
- "SHA256H.32 q12, q13, q0 \n"
- "SHA256H2.32 q13, q11, q0 \n"
-
- /* Round 7 */
- "VLD1.32 {q10}, [%[k]]! \n"
- "SHA256SU0.32 q1, q2 \n"
- "VADD.i32 q0, q2, q10 \n"
- "VMOV.32 q11, q12 \n"
- "SHA256SU1.32 q1, q3, q4 \n"
- "SHA256H.32 q12, q13, q0 \n"
- "SHA256H2.32 q13, q11, q0 \n"
-
- /* Round 8 */
- "VLD1.32 {q10}, [%[k]]! \n"
- "SHA256SU0.32 q2, q3 \n"
- "VADD.i32 q0, q3, q10 \n"
- "VMOV.32 q11, q12 \n"
- "SHA256SU1.32 q2, q4, q1 \n"
- "SHA256H.32 q12, q13, q0 \n"
- "SHA256H2.32 q13, q11, q0 \n"
-
- /* Round 9 */
- "VLD1.32 {q10}, [%[k]]! \n"
- "SHA256SU0.32 q3, q4 \n"
- "VADD.i32 q0, q4, q10 \n"
- "VMOV.32 q11, q12 \n"
- "SHA256SU1.32 q3, q1, q2 \n"
- "SHA256H.32 q12, q13, q0 \n"
- "SHA256H2.32 q13, q11, q0 \n"
-
- /* Round 10 */
- "VLD1.32 {q10}, [%[k]]! \n"
- "SHA256SU0.32 q4, q1 \n"
- "VADD.i32 q0, q1, q10 \n"
- "VMOV.32 q11, q12 \n"
- "SHA256SU1.32 q4, q2, q3 \n"
- "SHA256H.32 q12, q13, q0 \n"
- "SHA256H2.32 q13, q11, q0 \n"
-
- /* Round 11 */
- "VLD1.32 {q10}, [%[k]]! \n"
- "SHA256SU0.32 q1, q2 \n"
- "VADD.i32 q0, q2, q10 \n"
- "VMOV.32 q11, q12 \n"
- "SHA256SU1.32 q1, q3, q4 \n"
- "SHA256H.32 q12, q13, q0 \n"
- "SHA256H2.32 q13, q11, q0 \n"
-
- /* Round 12 */
- "VLD1.32 {q10}, [%[k]]! \n"
- "SHA256SU0.32 q2, q3 \n"
- "VADD.i32 q0, q3, q10 \n"
- "VMOV.32 q11, q12 \n"
- "SHA256SU1.32 q2, q4, q1 \n"
- "SHA256H.32 q12, q13, q0 \n"
- "SHA256H2.32 q13, q11, q0 \n"
-
- /* Round 13 */
- "VLD1.32 {q10}, [%[k]]! \n"
- "SHA256SU0.32 q3, q4 \n"
- "VADD.i32 q0, q4, q10 \n"
- "VMOV.32 q11, q12 \n"
- "SHA256SU1.32 q3, q1, q2 \n"
- "SHA256H.32 q12, q13, q0 \n"
- "SHA256H2.32 q13, q11, q0 \n"
-
- /* Round 14 */
- "VLD1.32 {q10}, [%[k]]! \n"
- "VADD.i32 q0, q1, q10 \n"
- "VMOV.32 q11, q12 \n"
- "SHA256H.32 q12, q13, q0 \n"
- "SHA256H2.32 q13, q11, q0 \n"
-
- /* Round 15 */
- "VLD1.32 {q10}, [%[k]]! \n"
- "VADD.i32 q0, q2, q10 \n"
- "VMOV.32 q11, q12 \n"
- "SHA256H.32 q12, q13, q0 \n"
- "SHA256H2.32 q13, q11, q0 \n"
-
- /* Round 16 */
- "VLD1.32 {q10}, [%[k]] \n"
- "SUB r8, r8, #1 \n"
- "VADD.i32 q0, q3, q10 \n"
- "VMOV.32 q11, q12 \n"
- "SHA256H.32 q12, q13, q0 \n"
- "SHA256H2.32 q13, q11, q0 \n"
-
- "#Add working vars back into digest state \n"
- "VADD.i32 q12, q12, q14 \n"
- "VADD.i32 q13, q13, q15 \n"
-
- "#check if more blocks should be done\n"
- "CMP r8, #0 \n"
- "BEQ 2f \n"
-
- "#load in message and schedule updates \n"
- "VLD1.32 {q0}, [%[dataIn]]! \n"
- "VLD1.32 {q1}, [%[dataIn]]! \n"
- "VLD1.32 {q2}, [%[dataIn]]! \n"
- "VLD1.32 {q3}, [%[dataIn]]! \n"
-
- /* reset K pointer */
- "SUB %[k], %[k], #160 \n"
- "VREV32.8 q0, q0 \n"
- "VREV32.8 q1, q1 \n"
- "VREV32.8 q2, q2 \n"
- "VREV32.8 q3, q3 \n"
- "VMOV.32 q14, q12 \n"
- "VMOV.32 q15, q13 \n"
- "B 1b \n" /* do another block */
-
- "2:\n"
- "VST1.32 {q12, q13}, [%[out]] \n"
-
- : [out] "=r" (digPt), "=r" (bufPt), "=r" (numBlocks),
- "=r" (data)
- : [k] "r" (K), [digest] "0" (digPt), [buffer] "1" (bufPt),
- [blocks] "2" (numBlocks), [dataIn] "3" (data)
- : "cc", "memory", "q0", "q1", "q2", "q3", "q4", "q5", "q6", "q7",
- "q8", "q9", "q10", "q11", "q12", "q13", "q14",
- "q15", "r8"
- );
+ Sha256Transform(sha256, data, numBlocks);
AddLength(sha256, WC_SHA256_BLOCK_SIZE * numBlocks);
@@ -1401,6 +1417,22 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
return ret;
}
+#ifdef OPENSSL_EXTRA
+int wc_Sha256Transform(wc_Sha256* sha256, const unsigned char* data)
+{
+ if (sha256 == NULL || data == NULL) {
+ return BAD_FUNC_ARG;
+ }
+#ifdef LITTLE_ENDIAN_ORDER
+ ByteReverseWords(sha256->buffer, (word32*)data, WC_SHA256_BLOCK_SIZE);
+#else
+ XMEMCPY(sha256->buffer, data, WC_SHA256_BLOCK_SIZE);
+#endif
+ Sha256Transform(sha256, data, 1);
+ return 0;
+}
+#endif
+
#endif /* !NO_SHA256 */
diff --git a/wolfcrypt/src/port/arm/armv8-sha512-asm.S b/wolfcrypt/src/port/arm/armv8-sha512-asm.S
index 0236bb8a4..9b28a8231 100644
--- a/wolfcrypt/src/port/arm/armv8-sha512-asm.S
+++ b/wolfcrypt/src/port/arm/armv8-sha512-asm.S
@@ -28,7 +28,7 @@
* cd ../scripts
* ruby ./sha2/sha512.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-sha512-asm.S
*/
-#ifdef WOLFSSL_ARMASM
+#if defined(WOLFSSL_ARMASM) && defined(WOLFSSL_SHA512)
#ifdef __aarch64__
#ifndef __APPLE__
.text
@@ -1093,7 +1093,7 @@ L_sha512_len_neon_start:
.size Transform_Sha512_Len,.-Transform_Sha512_Len
#endif /* __APPLE__ */
#endif /* __aarch64__ */
-#endif /* WOLFSSL_ARMASM */
+#endif /* WOLFSSL_ARMASM && WOLFSSL_SHA512 */
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/wolfcrypt/src/port/arm/armv8-sha512-asm.c b/wolfcrypt/src/port/arm/armv8-sha512-asm.c
index 21679d21e..87e7496f0 100644
--- a/wolfcrypt/src/port/arm/armv8-sha512-asm.c
+++ b/wolfcrypt/src/port/arm/armv8-sha512-asm.c
@@ -28,7 +28,7 @@
* cd ../scripts
* ruby ./sha2/sha512.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-sha512-asm.c
*/
-#ifdef WOLFSSL_ARMASM
+#if defined(WOLFSSL_ARMASM) && defined(WOLFSSL_SHA512)
#ifdef __aarch64__
#include
@@ -1050,4 +1050,4 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len)
}
#endif /* __aarch64__ */
-#endif /* WOLFSSL_ARMASM */
+#endif /* WOLFSSL_ARMASM && WOLFSSL_SHA512 */
diff --git a/wolfcrypt/src/port/arm/armv8-sha512.c b/wolfcrypt/src/port/arm/armv8-sha512.c
index 6258a6bdd..956ee3c3c 100644
--- a/wolfcrypt/src/port/arm/armv8-sha512.c
+++ b/wolfcrypt/src/port/arm/armv8-sha512.c
@@ -483,6 +483,17 @@ void wc_Sha512Free(wc_Sha512* sha512)
#endif
}
+#ifdef OPENSSL_EXTRA
+int wc_Sha512Transform(wc_Sha512* sha512, const unsigned char* data)
+{
+ if (sha512 == NULL || data == NULL) {
+ return BAD_FUNC_ARG;
+ }
+ Transform_Sha512_Len(sha512, data, WC_SHA512_BLOCK_SIZE);
+ return 0;
+}
+#endif
+
#endif /* WOLFSSL_SHA512 */
/* -------------------------------------------------------------------------- */
diff --git a/wolfcrypt/src/port/caam/caam_driver.c b/wolfcrypt/src/port/caam/caam_driver.c
index 8ef1ac3dd..105bc7d28 100644
--- a/wolfcrypt/src/port/caam/caam_driver.c
+++ b/wolfcrypt/src/port/caam/caam_driver.c
@@ -335,13 +335,10 @@ static Error caamCreatePartition(unsigned int page, unsigned int par,
}
-/* return a mapped address to the partition on success, returns 0 on fail */
-CAAM_ADDRESS caamGetPartition(unsigned int part, int partSz, unsigned int* phys,
- unsigned int flag)
+/* return a partitions physical address on success, returns 0 on fail */
+CAAM_ADDRESS caamGetPartition(unsigned int part, int partSz, unsigned int flag)
{
int err;
- CAAM_ADDRESS vaddr;
- unsigned int local;
(void)flag; /* flag is for future changes to flag passed when creating */
@@ -353,13 +350,7 @@ CAAM_ADDRESS caamGetPartition(unsigned int part, int partSz, unsigned int* phys,
return 0;
}
- /* map secure partition to virtual address */
- local = (CAAM_PAGE + (part << 12));
- vaddr = CAAM_ADR_TO_VIRTUAL(local, partSz);
- if (phys != NULL) {
- *phys = local;
- }
- return vaddr;
+ return (CAAM_ADDRESS)(CAAM_PAGE + (part << 12));
}
@@ -839,11 +830,19 @@ int caamAesCmac(DESCSTRUCT* desc, int sz, unsigned int args[4])
}
#endif
- CAAM_ADR_UNMAP(vaddr[0], desc->buf[1].data, desc->buf[1].dataSz, 1);
- CAAM_ADR_UNMAP(vaddr[1], desc->buf[0].data, desc->buf[0].dataSz + macSz, 0);
- for (vidx = 2, i = 2; i < sz; i = i + 1) { /* unmap the input buffers */
- CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[i].data, desc->buf[i].dataSz, 0);
+ vidx = 0;
+ CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[1].data, desc->buf[1].dataSz, 1);
+ CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[0].data, desc->buf[0].dataSz + macSz, 0);
+ if (sz == 2) {
+ CAAM_ADR_UNMAP(vaddr[vidx], 0, 0, 0);
}
+ else {
+ for (i = 2; i < sz; i = i + 1) { /* unmap the input buffers */
+ CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[i].data,
+ desc->buf[i].dataSz, 0);
+ }
+ }
+
return err;
}
@@ -888,8 +887,7 @@ int caamECDSAMake(DESCSTRUCT* desc, CAAM_BUFFER* buf, unsigned int args[4])
/* map secure partition to virtual address */
phys = (CAAM_PAGE + (part << 12));
- buf[0].TheAddress = CAAM_ADR_TO_VIRTUAL(phys,
- buf[0].Length + buf[1].Length + BLACK_KEY_MAC_SZ);
+ buf[0].TheAddress = phys;
desc->desc[desc->idx++] = phys;
/* public x,y out */
@@ -979,8 +977,7 @@ int caamECDSAVerify(DESCSTRUCT* desc, CAAM_BUFFER* buf, int sz,
vidx = vidx + 1;
}
else {
- desc->desc[desc->idx++] = CAAM_ADR_TO_PHYSICAL((void*)desc->buf[i].data,
- desc->buf[i].dataSz);
+ desc->desc[desc->idx++] = desc->buf[i].data;
}
i = i + 1;
@@ -1089,8 +1086,7 @@ int caamECDSASign(DESCSTRUCT* desc, int sz, unsigned int args[4])
vidx++;
}
else {
- desc->desc[desc->idx++] = CAAM_ADR_TO_PHYSICAL((void*)desc->buf[i].data,
- desc->buf[i].dataSz);
+ desc->desc[desc->idx++] = desc->buf[i].data;
}
i++;
@@ -1162,9 +1158,9 @@ int caamECDSA_ECDH(DESCSTRUCT* desc, int sz, unsigned int args[4])
void* vaddr[sz];
if (args != NULL) {
- isBlackKey = args[0];
+ isBlackKey = args[0];
peerBlackKey = args[1];
- pdECDSEL = args[2];
+ pdECDSEL = args[2];
}
if (pdECDSEL == 0) {
@@ -1193,8 +1189,7 @@ int caamECDSA_ECDH(DESCSTRUCT* desc, int sz, unsigned int args[4])
vidx++;
}
else {
- desc->desc[desc->idx++] = CAAM_ADR_TO_PHYSICAL((void*)desc->buf[i].data,
- desc->buf[i].dataSz);
+ desc->desc[desc->idx++] = desc->buf[i].data;
}
i++;
@@ -1216,8 +1211,7 @@ int caamECDSA_ECDH(DESCSTRUCT* desc, int sz, unsigned int args[4])
vidx++;
}
else {
- desc->desc[desc->idx++] = CAAM_ADR_TO_PHYSICAL((void*)desc->buf[i].data,
- desc->buf[i].dataSz);
+ desc->desc[desc->idx++] = desc->buf[i].data;
}
i++;
@@ -1507,9 +1501,10 @@ int InitCAAM(void)
}
-int caamJobRingFree()
+int CleanupCAAM()
{
CAAM_FREE_MUTEX(&caam.ring.jr_lock);
+ CAAM_UNSET_BASEADDR();
caamFreeAllPart();
return 0;
}
diff --git a/wolfcrypt/src/port/caam/caam_qnx.c b/wolfcrypt/src/port/caam/caam_qnx.c
index 336acfbb9..29f6d0f6f 100644
--- a/wolfcrypt/src/port/caam/caam_qnx.c
+++ b/wolfcrypt/src/port/caam/caam_qnx.c
@@ -85,6 +85,11 @@ int CAAM_SET_BASEADDR()
}
+/* cleans up having set the base address */
+void CAAM_UNSET_BASEADDR()
+{
+ munmap_device_io(virtual_base, 0x00010000);
+}
/* convert a virtual address to a physical address
* returns the physical address on success
@@ -105,7 +110,7 @@ CAAM_ADDRESS CAAM_ADR_TO_PHYSICAL(void* in, int inSz)
if (ret != 0) {
WOLFSSL_MSG("posix offset failed");
#if defined(WOLFSSL_CAAM_DEBUG) || defined(WOLFSSL_CAAM_PRINT)
- perror("");
+ perror("posix offset failed : ");
#endif
}
msync(in, inSz, MS_INVALIDATE);
@@ -146,7 +151,7 @@ void* CAAM_ADR_MAP(unsigned int in, int inSz, unsigned char copy)
if (vaddr == MAP_FAILED) {
WOLFSSL_MSG("Failed to map memory");
#if defined(WOLFSSL_CAAM_DEBUG) || defined(WOLFSSL_CAAM_PRINT)
- perror("");
+ perror("Failed to map memory : ");
#endif
}
else {
@@ -229,10 +234,8 @@ int CAAM_ADR_SYNC(void* vaddr, int sz)
*/
static int sanityCheckPartitionAddress(CAAM_ADDRESS partAddr, int partSz)
{
- unsigned int phys;
-
- phys = CAAM_ADR_TO_PHYSICAL((void*)partAddr, partSz);
- if (phys < CAAM_PAGE || (phys + partSz) > CAAM_PAGE*7) {
+ if (partAddr < CAAM_PAGE || partAddr > CAAM_PAGE * MAX_PART ||
+ partSz > 4096) {
WOLFSSL_MSG("error in physical address range");
return -1;
}
@@ -924,7 +927,11 @@ static int doGET_PART(resmgr_context_t *ctp, io_devctl_t *msg,
partNumber = args[0];
partSz = args[1];
- partAddr = caamGetPartition(partNumber, partSz, NULL, 0);
+ partAddr = caamGetPartition(partNumber, partSz, 0);
+ if (partAddr == 0) {
+ return EBADMSG;
+ }
+
SETIOV(&out_iov, &partAddr, sizeof(CAAM_ADDRESS));
resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o));
@@ -943,6 +950,7 @@ static int doWRITE_PART(resmgr_context_t *ctp, io_devctl_t *msg,
{
int partSz, ret;
CAAM_ADDRESS partAddr;
+ CAAM_ADDRESS vaddr;
unsigned char *buf;
iov_t in_iov;
@@ -968,7 +976,14 @@ static int doWRITE_PART(resmgr_context_t *ctp, io_devctl_t *msg,
return EBADMSG;
}
- CAAM_ADR_UNMAP(buf, partAddr, partSz, 1);
+ vaddr = CAAM_ADR_TO_VIRTUAL(partAddr, partSz);
+ if (vaddr == 0) {
+ CAAM_ADR_UNMAP(buf, 0, partSz, 0);
+ return ECANCELED;
+ }
+
+ CAAM_ADR_UNMAP(buf, vaddr, partSz, 1);
+ CAAM_ADR_UNMAP((void*)vaddr, 0, partSz, 0);
return EOK;
}
@@ -981,6 +996,7 @@ static int doREAD_PART(resmgr_context_t *ctp, io_devctl_t *msg,
{
int partSz;
CAAM_ADDRESS partAddr;
+ CAAM_ADDRESS vaddr;
unsigned char *buf;
iov_t out_iov;
@@ -1002,10 +1018,18 @@ static int doREAD_PART(resmgr_context_t *ctp, io_devctl_t *msg,
if (buf == NULL) {
return ECANCELED;
}
- memcpy(buf, (unsigned int*)partAddr, partSz);
+
+ vaddr = CAAM_ADR_TO_VIRTUAL(partAddr, partSz);
+ if (vaddr == 0) {
+ CAAM_ADR_UNMAP(buf, 0, partSz, 0);
+ return ECANCELED;
+ }
+
+ memcpy(buf, (unsigned char*)vaddr, partSz);
SETIOV(&out_iov, buf, partSz);
resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o));
- CAAM_ADR_UNMAP(buf, 0, partSz, 0);
+ CAAM_ADR_UNMAP(buf, 0, partSz, 0);
+ CAAM_ADR_UNMAP((void*)vaddr, 0, partSz, 0);
return EOK;
}
@@ -1249,14 +1273,14 @@ int main(int argc, char *argv[])
while (1) {
ctp = dispatch_block(ctp);
if (ctp == NULL) {
- caamJobRingFree();
+ CleanupCAAM();
exit (1);
}
dispatch_handler (ctp);
}
pthread_mutex_destroy(&sm_mutex);
- caamJobRingFree();
+ CleanupCAAM();
return 0;
}
diff --git a/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c b/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c
index f80c33617..0f5f2f967 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c
@@ -97,7 +97,6 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,
word32 ecdsel = 0;
byte r[MAX_ECC_BYTES] = {0};
byte s[MAX_ECC_BYTES] = {0};
- word32 outSz;
word32 idx = 0;
byte pk[MAX_ECC_BYTES] = {0};
@@ -127,16 +126,16 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,
/* private key */
if (key->blackKey > 0) {
buf[idx].TheAddress = (CAAM_ADDRESS)key->blackKey;
- buf[idx].Length = keySz;
args[0] = 1; /* is a black key */
}
else {
- outSz = mp_unsigned_bin_size(&key->k);
- mp_to_unsigned_bin(&key->k, pk);
+ if (mp_to_unsigned_bin_len(&key->k, pk, keySz) != MP_OKAY) {
+ return MP_TO_E;
+ }
buf[idx].TheAddress = (CAAM_ADDRESS)pk;
- buf[idx].Length = outSz;
args[0] = 0; /* non black key */
}
+ buf[idx].Length = keySz;
idx++;
/* hash to sign */
@@ -195,7 +194,7 @@ static int wc_CAAM_EccVerify_ex(mp_int* r, mp_int *s, const byte* hash,
word32 args[4] = {0};
CAAM_BUFFER buf[9] = {0};
int ret;
- int rSz, sSz;
+ int keySz;
word32 idx = 0;
word32 ecdsel = 0;
@@ -230,9 +229,8 @@ static int wc_CAAM_EccVerify_ex(mp_int* r, mp_int *s, const byte* hash,
}
/* Wx,y public key */
+ keySz = wc_ecc_size(key);
if (key->securePubKey > 0) {
- int keySz = wc_ecc_size(key);
-
buf[idx].TheAddress = (CAAM_ADDRESS)key->securePubKey;
buf[idx].Length = keySz * 2;
args[0] = 1; /* using public key in secure memory */
@@ -251,18 +249,20 @@ static int wc_CAAM_EccVerify_ex(mp_int* r, mp_int *s, const byte* hash,
buf[idx].Length = hashlen;
idx++;
- rSz = mp_unsigned_bin_size(r);
- mp_to_unsigned_bin(r, rbuf);
+ if (mp_to_unsigned_bin_len(r, rbuf, keySz) != MP_OKAY) {
+ return MP_TO_E;
+ }
buf[idx].TheAddress = (CAAM_ADDRESS)rbuf;
- buf[idx].Length = rSz;
+ buf[idx].Length = keySz;
idx++;
- sSz = mp_unsigned_bin_size(s);
- mp_to_unsigned_bin(s, sbuf);
+ if (mp_to_unsigned_bin_len(s, sbuf, keySz) != MP_OKAY) {
+ return MP_TO_E;
+ }
buf[idx].TheAddress = (CAAM_ADDRESS)sbuf;
- buf[idx].Length = sSz;
+ buf[idx].Length = keySz;
idx++;
/* temporary scratch buffer, the manual calls for it and HW expects it */
@@ -313,7 +313,6 @@ int wc_CAAM_Ecdh(ecc_key* private_key, ecc_key* public_key, byte* out,
CAAM_BUFFER buf[9] = {0};
int ret, keySz;
word32 ecdsel = 0; /* ecc parameters in hardware */
- word32 outSz;
word32 idx = 0;
byte pk[MAX_ECC_BYTES] = {0};
@@ -365,16 +364,21 @@ int wc_CAAM_Ecdh(ecc_key* private_key, ecc_key* public_key, byte* out,
/* private key */
if (private_key->blackKey > 0) {
buf[idx].TheAddress = (CAAM_ADDRESS)private_key->blackKey;
- buf[idx].Length = keySz;
args[0] = 1; /* is a black key */
}
else {
- outSz = mp_unsigned_bin_size(&private_key->k);
- mp_to_unsigned_bin(&private_key->k, pk);
+ if (keySz > MAX_ECC_BYTES) {
+ return BUFFER_E;
+ }
+
+ if (mp_to_unsigned_bin_len(&private_key->k, pk, keySz) != MP_OKAY) {
+ return MP_TO_E;
+ }
+
buf[idx].TheAddress = (CAAM_ADDRESS)pk;
- buf[idx].Length = outSz;
args[0] = 0; /* non black key */
}
+ buf[idx].Length = keySz;
idx++;
/* output shared secret */
diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c
index 74a20ec10..034f3d72d 100644
--- a/wolfcrypt/src/sha.c
+++ b/wolfcrypt/src/sha.c
@@ -495,6 +495,7 @@ int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId)
sha->heap = heap;
#ifdef WOLF_CRYPTO_CB
sha->devId = devId;
+ sha->devCtx = NULL;
#endif
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c
index 1195223a4..4bee0ccc3 100644
--- a/wolfcrypt/src/sha256.c
+++ b/wolfcrypt/src/sha256.c
@@ -399,6 +399,7 @@ static int InitSha256(wc_Sha256* sha256)
sha256->heap = heap;
#ifdef WOLF_CRYPTO_CB
sha256->devId = devId;
+ sha256->devCtx = NULL;
#endif
#ifdef WOLFSSL_SMALL_STACK_CACHE
sha256->W = NULL;
diff --git a/wolfcrypt/src/sha3.c b/wolfcrypt/src/sha3.c
index 74375640f..b58be411e 100644
--- a/wolfcrypt/src/sha3.c
+++ b/wolfcrypt/src/sha3.c
@@ -636,30 +636,38 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
* len Number of bytes in output.
* returns 0 on success.
*/
-static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, byte l)
+static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l)
{
+ word32 rate = p * 8;
+ word32 j;
byte i;
- byte *state = (byte *)sha3->s;
- sha3->t[p * 8 - 1] = 0x00;
+ sha3->t[rate - 1] = 0x00;
#ifdef WOLFSSL_HASH_FLAGS
- if (p == WC_SHA3_256_COUNT && sha3->flags & WC_HASH_SHA3_KECCAK256) {
+ if (p == WC_SHA3_256_COUNT && sha3->flags & WC_HASH_SHA3_KECCAK256)
padChar = 0x01;
- }
#endif
- sha3->t[ sha3->i] = padChar;
- sha3->t[p * 8 - 1] |= 0x80;
- for (i=sha3->i + 1; i < p * 8 - 1; i++)
+ sha3->t[sha3->i ] = padChar;
+ sha3->t[rate - 1] |= 0x80;
+ for (i=sha3->i + 1; i < rate - 1; i++)
sha3->t[i] = 0;
for (i = 0; i < p; i++)
sha3->s[i] ^= Load64BitBigEndian(sha3->t + 8 * i);
- BlockSha3(sha3->s);
-#if defined(BIG_ENDIAN_ORDER)
- ByteReverseWords64(sha3->s, sha3->s, ((l+7)/8)*8);
-#endif
- for (i = 0; i < l; i++)
- hash[i] = state[i];
-
+ for (j = 0; l - j >= rate; j += rate) {
+ BlockSha3(sha3->s);
+ #if defined(BIG_ENDIAN_ORDER)
+ ByteReverseWords64((word64*)(hash + j), sha3->s, rate);
+ #else
+ XMEMCPY(hash + j, sha3->s, rate);
+ #endif
+ }
+ if (j != l) {
+ BlockSha3(sha3->s);
+ #if defined(BIG_ENDIAN_ORDER)
+ ByteReverseWords64(sha3->s, sha3->s, rate);
+ #endif
+ XMEMCPY(hash + j, sha3->s, l - j);
+ }
return 0;
}
@@ -763,7 +771,7 @@ static int wc_Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte len)
}
#endif /* WOLFSSL_ASYNC_CRYPT */
- ret = Sha3Final(sha3, 0x06, hash, p, len);
+ ret = Sha3Final(sha3, 0x06, hash, p, (word32)len);
if (ret != 0)
return ret;
@@ -1193,7 +1201,7 @@ int wc_Shake256_Final(wc_Shake* shake, byte* hash, word32 hashLen)
return BAD_FUNC_ARG;
}
- ret = Sha3Final(shake, 0x1f, hash, WC_SHA3_256_COUNT, (byte)hashLen);
+ ret = Sha3Final(shake, 0x1f, hash, WC_SHA3_256_COUNT, hashLen);
if (ret != 0)
return ret;
diff --git a/wolfcrypt/src/sp_arm32.c b/wolfcrypt/src/sp_arm32.c
index 2af49347f..feed015d3 100644
--- a/wolfcrypt/src/sp_arm32.c
+++ b/wolfcrypt/src/sp_arm32.c
@@ -4701,12 +4701,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[16 * 64];
#endif
sp_digit* t[16];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -4718,19 +4718,14 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 64), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<16; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 64;
-#else
- t[i] = &td[i * 64];
-#endif
}
sp_2048_mont_setup(m, &mp);
@@ -4826,9 +4821,8 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -4847,12 +4841,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[32 * 64];
#endif
sp_digit* t[32];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -4864,19 +4858,14 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 64), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<32; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 64;
-#else
- t[i] = &td[i * 64];
-#endif
}
sp_2048_mont_setup(m, &mp);
@@ -4989,9 +4978,8 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -6992,12 +6980,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[16 * 128];
#endif
sp_digit* t[16];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -7009,19 +6997,14 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 128), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<16; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 128;
-#else
- t[i] = &td[i * 128];
-#endif
}
sp_2048_mont_setup(m, &mp);
@@ -7117,9 +7100,8 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -7138,12 +7120,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[32 * 128];
#endif
sp_digit* t[32];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -7155,19 +7137,14 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 128), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<32; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 128;
-#else
- t[i] = &td[i * 128];
-#endif
}
sp_2048_mont_setup(m, &mp);
@@ -7280,9 +7257,8 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -7306,18 +7282,15 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
const mp_int* mm, byte* out, word32* outLen)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit a[128];
- sp_digit m[64];
- sp_digit r[128];
-#else
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[64 * 5];
+#endif
sp_digit* m = NULL;
sp_digit* r = NULL;
-#endif
sp_digit *ah = NULL;
- sp_digit e[1];
+ sp_digit e[1] = {0};
int err = MP_OKAY;
if (*outLen < 256) {
@@ -7331,22 +7304,18 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 5, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- a = d;
- r = a + 64 * 2;
- m = r + 64 * 2;
- }
#endif
if (err == MP_OKAY) {
+ r = a + 64 * 2;
+ m = r + 64 * 2;
ah = a + 64;
sp_2048_from_bin(ah, 64, in, inLen);
@@ -7419,10 +7388,9 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
*outLen = 256;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
#endif
return err;
@@ -7657,8 +7625,12 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
#if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM)
- sp_digit* a = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[64 * 4];
+#endif
+ sp_digit* a = NULL;
sp_digit* m = NULL;
sp_digit* r = NULL;
int err = MP_OKAY;
@@ -7687,13 +7659,15 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 4, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL) {
+ if (d == NULL)
err = MEMORY_E;
- }
}
+#endif
+
if (err == MP_OKAY) {
a = d + 64;
m = a + 128;
@@ -7704,34 +7678,36 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
sp_2048_from_mp(m, 64, mm);
err = sp_2048_mod_exp_64(r, a, d, 2048, m, 0);
}
+
if (err == MP_OKAY) {
sp_2048_to_bin(r, out);
*outLen = 256;
}
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 64);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
+#endif
+ {
+ /* only "a" and "r" are sensitive and need zeroized (same pointer) */
+ if (a != NULL)
+ ForceZero(a, sizeof(sp_digit) * 64);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#endif
}
return err;
#else
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit a[64 * 2];
- sp_digit p[32];
- sp_digit q[32];
- sp_digit dp[32];
- sp_digit tmpa[64];
- sp_digit tmpb[64];
-#else
- sp_digit* t = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[32 * 11];
+#endif
sp_digit* p = NULL;
sp_digit* q = NULL;
sp_digit* dp = NULL;
sp_digit* tmpa = NULL;
sp_digit* tmpb = NULL;
-#endif
sp_digit* r = NULL;
sp_digit* qi = NULL;
sp_digit* dq = NULL;
@@ -7751,31 +7727,23 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 11, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 11, NULL,
DYNAMIC_TYPE_RSA);
- if (t == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
+#endif
+
if (err == MP_OKAY) {
- a = t;
p = a + 64 * 2;
q = p + 32;
qi = dq = dp = q + 32;
tmpa = qi + 32;
tmpb = tmpa + 64;
-
- r = t + 64;
- }
-#else
-#endif
-
- if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
r = a;
- qi = dq = dp;
-#endif
+
sp_2048_from_bin(a, 64, in, inLen);
sp_2048_from_mp(p, 32, pm);
sp_2048_from_mp(q, 32, qm);
@@ -7807,19 +7775,16 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 256;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_digit) * 32 * 11);
- XFREE(t, NULL, DYNAMIC_TYPE_RSA);
- }
-#else
- XMEMSET(tmpa, 0, sizeof(tmpa));
- XMEMSET(tmpb, 0, sizeof(tmpb));
- XMEMSET(p, 0, sizeof(p));
- XMEMSET(q, 0, sizeof(q));
- XMEMSET(dp, 0, sizeof(dp));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
#endif
-#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */
+ {
+ ForceZero(a, sizeof(sp_digit) * 32 * 11);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+ #endif
+ }
+#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */
return err;
}
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
@@ -8353,12 +8318,12 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
const sp_digit* m)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[193];
#endif
- sp_digit* norm;
- sp_digit* tmp;
+ sp_digit* norm = NULL;
+ sp_digit* tmp = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit o;
@@ -8371,18 +8336,13 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 193, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
tmp = td + 128;
-#else
- tmp = &td[128];
-#endif
sp_2048_mont_setup(m, &mp);
sp_2048_mont_norm_64(norm, m);
@@ -8453,9 +8413,8 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -15331,12 +15290,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[16 * 96];
#endif
sp_digit* t[16];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -15348,19 +15307,14 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 96), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<16; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 96;
-#else
- t[i] = &td[i * 96];
-#endif
}
sp_3072_mont_setup(m, &mp);
@@ -15456,9 +15410,8 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -15477,12 +15430,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[32 * 96];
#endif
sp_digit* t[32];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -15494,19 +15447,14 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 96), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<32; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 96;
-#else
- t[i] = &td[i * 96];
-#endif
}
sp_3072_mont_setup(m, &mp);
@@ -15619,9 +15567,8 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -18422,12 +18369,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[16 * 192];
#endif
sp_digit* t[16];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -18439,19 +18386,14 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 192), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<16; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 192;
-#else
- t[i] = &td[i * 192];
-#endif
}
sp_3072_mont_setup(m, &mp);
@@ -18547,9 +18489,8 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -18568,12 +18509,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[32 * 192];
#endif
sp_digit* t[32];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -18585,19 +18526,14 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 192), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<32; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 192;
-#else
- t[i] = &td[i * 192];
-#endif
}
sp_3072_mont_setup(m, &mp);
@@ -18710,9 +18646,8 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -18736,18 +18671,15 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
const mp_int* mm, byte* out, word32* outLen)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit a[192];
- sp_digit m[96];
- sp_digit r[192];
-#else
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[96 * 5];
+#endif
sp_digit* m = NULL;
sp_digit* r = NULL;
-#endif
sp_digit *ah = NULL;
- sp_digit e[1];
+ sp_digit e[1] = {0};
int err = MP_OKAY;
if (*outLen < 384) {
@@ -18761,22 +18693,18 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 96 * 5, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 96 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- a = d;
- r = a + 96 * 2;
- m = r + 96 * 2;
- }
#endif
if (err == MP_OKAY) {
+ r = a + 96 * 2;
+ m = r + 96 * 2;
ah = a + 96;
sp_3072_from_bin(ah, 96, in, inLen);
@@ -18849,10 +18777,9 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
*outLen = 384;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
#endif
return err;
@@ -19167,8 +19094,12 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
#if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM)
- sp_digit* a = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[96 * 4];
+#endif
+ sp_digit* a = NULL;
sp_digit* m = NULL;
sp_digit* r = NULL;
int err = MP_OKAY;
@@ -19197,13 +19128,15 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 96 * 4, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL) {
+ if (d == NULL)
err = MEMORY_E;
- }
}
+#endif
+
if (err == MP_OKAY) {
a = d + 96;
m = a + 192;
@@ -19214,34 +19147,36 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
sp_3072_from_mp(m, 96, mm);
err = sp_3072_mod_exp_96(r, a, d, 3072, m, 0);
}
+
if (err == MP_OKAY) {
sp_3072_to_bin(r, out);
*outLen = 384;
}
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 96);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
+#endif
+ {
+ /* only "a" and "r" are sensitive and need zeroized (same pointer) */
+ if (a != NULL)
+ ForceZero(a, sizeof(sp_digit) * 96);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#endif
}
return err;
#else
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit a[96 * 2];
- sp_digit p[48];
- sp_digit q[48];
- sp_digit dp[48];
- sp_digit tmpa[96];
- sp_digit tmpb[96];
-#else
- sp_digit* t = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[48 * 11];
+#endif
sp_digit* p = NULL;
sp_digit* q = NULL;
sp_digit* dp = NULL;
sp_digit* tmpa = NULL;
sp_digit* tmpb = NULL;
-#endif
sp_digit* r = NULL;
sp_digit* qi = NULL;
sp_digit* dq = NULL;
@@ -19261,31 +19196,23 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 48 * 11, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 48 * 11, NULL,
DYNAMIC_TYPE_RSA);
- if (t == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
+#endif
+
if (err == MP_OKAY) {
- a = t;
p = a + 96 * 2;
q = p + 48;
qi = dq = dp = q + 48;
tmpa = qi + 48;
tmpb = tmpa + 96;
-
- r = t + 96;
- }
-#else
-#endif
-
- if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
r = a;
- qi = dq = dp;
-#endif
+
sp_3072_from_bin(a, 96, in, inLen);
sp_3072_from_mp(p, 48, pm);
sp_3072_from_mp(q, 48, qm);
@@ -19317,19 +19244,16 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 384;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_digit) * 48 * 11);
- XFREE(t, NULL, DYNAMIC_TYPE_RSA);
- }
-#else
- XMEMSET(tmpa, 0, sizeof(tmpa));
- XMEMSET(tmpb, 0, sizeof(tmpb));
- XMEMSET(p, 0, sizeof(p));
- XMEMSET(q, 0, sizeof(q));
- XMEMSET(dp, 0, sizeof(dp));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
#endif
-#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */
+ {
+ ForceZero(a, sizeof(sp_digit) * 48 * 11);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+ #endif
+ }
+#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */
return err;
}
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
@@ -20055,12 +19979,12 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits,
const sp_digit* m)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[289];
#endif
- sp_digit* norm;
- sp_digit* tmp;
+ sp_digit* norm = NULL;
+ sp_digit* tmp = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit o;
@@ -20073,18 +19997,13 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 289, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
tmp = td + 192;
-#else
- tmp = &td[192];
-#endif
sp_3072_mont_setup(m, &mp);
sp_3072_mont_norm_96(norm, m);
@@ -20155,9 +20074,8 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -26354,12 +26272,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[16 * 256];
#endif
sp_digit* t[16];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -26371,19 +26289,14 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 256), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<16; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 256;
-#else
- t[i] = &td[i * 256];
-#endif
}
sp_4096_mont_setup(m, &mp);
@@ -26479,9 +26392,8 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -26500,12 +26412,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[32 * 256];
#endif
sp_digit* t[32];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -26517,19 +26429,14 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 256), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<32; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 256;
-#else
- t[i] = &td[i * 256];
-#endif
}
sp_4096_mont_setup(m, &mp);
@@ -26642,9 +26549,8 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -26668,18 +26574,15 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
const mp_int* mm, byte* out, word32* outLen)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit a[256];
- sp_digit m[128];
- sp_digit r[256];
-#else
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[128 * 5];
+#endif
sp_digit* m = NULL;
sp_digit* r = NULL;
-#endif
sp_digit *ah = NULL;
- sp_digit e[1];
+ sp_digit e[1] = {0};
int err = MP_OKAY;
if (*outLen < 512) {
@@ -26693,22 +26596,18 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 128 * 5, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 128 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- a = d;
- r = a + 128 * 2;
- m = r + 128 * 2;
- }
#endif
if (err == MP_OKAY) {
+ r = a + 128 * 2;
+ m = r + 128 * 2;
ah = a + 128;
sp_4096_from_bin(ah, 128, in, inLen);
@@ -26781,10 +26680,9 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
*outLen = 512;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
#endif
return err;
@@ -27179,8 +27077,12 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
#if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM)
- sp_digit* a = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[128 * 4];
+#endif
+ sp_digit* a = NULL;
sp_digit* m = NULL;
sp_digit* r = NULL;
int err = MP_OKAY;
@@ -27209,13 +27111,15 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 128 * 4, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL) {
+ if (d == NULL)
err = MEMORY_E;
- }
}
+#endif
+
if (err == MP_OKAY) {
a = d + 128;
m = a + 256;
@@ -27226,34 +27130,36 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
sp_4096_from_mp(m, 128, mm);
err = sp_4096_mod_exp_128(r, a, d, 4096, m, 0);
}
+
if (err == MP_OKAY) {
sp_4096_to_bin(r, out);
*outLen = 512;
}
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 128);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
+#endif
+ {
+ /* only "a" and "r" are sensitive and need zeroized (same pointer) */
+ if (a != NULL)
+ ForceZero(a, sizeof(sp_digit) * 128);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#endif
}
return err;
#else
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit a[128 * 2];
- sp_digit p[64];
- sp_digit q[64];
- sp_digit dp[64];
- sp_digit tmpa[128];
- sp_digit tmpb[128];
-#else
- sp_digit* t = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[64 * 11];
+#endif
sp_digit* p = NULL;
sp_digit* q = NULL;
sp_digit* dp = NULL;
sp_digit* tmpa = NULL;
sp_digit* tmpb = NULL;
-#endif
sp_digit* r = NULL;
sp_digit* qi = NULL;
sp_digit* dq = NULL;
@@ -27273,31 +27179,23 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 11, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 11, NULL,
DYNAMIC_TYPE_RSA);
- if (t == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
+#endif
+
if (err == MP_OKAY) {
- a = t;
p = a + 128 * 2;
q = p + 64;
qi = dq = dp = q + 64;
tmpa = qi + 64;
tmpb = tmpa + 128;
-
- r = t + 128;
- }
-#else
-#endif
-
- if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
r = a;
- qi = dq = dp;
-#endif
+
sp_4096_from_bin(a, 128, in, inLen);
sp_4096_from_mp(p, 64, pm);
sp_4096_from_mp(q, 64, qm);
@@ -27329,19 +27227,16 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 512;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_digit) * 64 * 11);
- XFREE(t, NULL, DYNAMIC_TYPE_RSA);
- }
-#else
- XMEMSET(tmpa, 0, sizeof(tmpa));
- XMEMSET(tmpb, 0, sizeof(tmpb));
- XMEMSET(p, 0, sizeof(p));
- XMEMSET(q, 0, sizeof(q));
- XMEMSET(dp, 0, sizeof(dp));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
#endif
-#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */
+ {
+ ForceZero(a, sizeof(sp_digit) * 64 * 11);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+ #endif
+ }
+#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */
return err;
}
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
@@ -28259,12 +28154,12 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits,
const sp_digit* m)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[385];
#endif
- sp_digit* norm;
- sp_digit* tmp;
+ sp_digit* norm = NULL;
+ sp_digit* tmp = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit o;
@@ -28277,18 +28172,13 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 385, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
tmp = td + 256;
-#else
- tmp = &td[256];
-#endif
sp_4096_mont_setup(m, &mp);
sp_4096_mont_norm_128(norm, m);
@@ -28359,9 +28249,8 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -29648,64 +29537,6 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a,
}
#endif /* WOLFSSL_SP_SMALL */
-/* Create a new point.
- *
- * heap [in] Buffer to allocate dynamic memory from.
- * sp [in] Data for point - only if not allocating.
- * p [out] New point.
- * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise.
- */
-static int sp_256_point_new_ex_8(void* heap, sp_point_256* sp,
- sp_point_256** p)
-{
- int ret = MP_OKAY;
- (void)heap;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- (void)sp;
- *p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC);
-#else
- *p = sp;
-#endif
- if (*p == NULL) {
- ret = MEMORY_E;
- }
- return ret;
-}
-
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* Allocate memory for point and return error. */
-#define sp_256_point_new_8(heap, sp, p) sp_256_point_new_ex_8((heap), NULL, &(p))
-#else
-/* Set pointer to data and return no error. */
-#define sp_256_point_new_8(heap, sp, p) sp_256_point_new_ex_8((heap), &(sp), &(p))
-#endif
-
-
-/* Free the point.
- *
- * p [in,out] Point to free.
- * clear [in] Indicates whether to zeroize point.
- * heap [in] Buffer from which dynamic memory was allocate from.
- */
-static void sp_256_point_free_8(sp_point_256* p, int clear, void* heap)
-{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* If valid pointer then clear point data if requested and free data. */
- if (p != NULL) {
- if (clear != 0) {
- XMEMSET(p, 0, sizeof(*p));
- }
- XFREE(p, heap, DYNAMIC_TYPE_ECC);
- }
-#else
-/* Clear point data if requested. */
- if ((p != NULL) && (clear != 0)) {
- XMEMSET(p, 0, sizeof(*p));
- }
-#endif
- (void)heap;
-}
-
/* Multiply a number by Montogmery normalizer mod modulus (prime).
*
* r The resulting Montgomery form number.
@@ -32739,56 +32570,55 @@ static void sp_256_get_point_16_8(sp_point_256* r, const sp_point_256* table,
static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, const sp_digit* k,
int map, int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 td[16];
- sp_point_256 rtd;
- sp_digit tmpd[2 * 8 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* t = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_256 t[16 + 1];
+ sp_digit tmp[2 * 8 * 5];
+#endif
+ sp_point_256* rt = NULL;
#ifndef WC_NO_CACHE_RESISTANT
- sp_point_256 pd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* p = NULL;
+#else
+ sp_point_256 p[1];
#endif
-#endif
- sp_point_256* t;
- sp_point_256* rt;
-#ifndef WC_NO_CACHE_RESISTANT
- sp_point_256* p;
-#endif
- sp_digit* tmp;
+#endif /* !WC_NO_CACHE_RESISTANT */
sp_digit n;
int i;
int c;
int y;
- int err;
+ int err = MP_OKAY;
/* Constant time used for cache attack resistance implementation. */
(void)ct;
(void)heap;
- err = sp_256_point_new_8(heap, rtd, rt);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-#ifndef WC_NO_CACHE_RESISTANT
- t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 17, heap, DYNAMIC_TYPE_ECC);
-#else
- t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 16, heap, DYNAMIC_TYPE_ECC);
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 16 + 1,
+ heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
-#else
- t = td;
- tmp = tmpd;
+ #ifndef WC_NO_CACHE_RESISTANT
+ if (err == MP_OKAY) {
+ p = (sp_point_256*)XMALLOC(sizeof(sp_point_256),
+ heap, DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
+ #endif
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
if (err == MP_OKAY) {
-#ifndef WC_NO_CACHE_RESISTANT
- #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- p = t + 16;
- #else
- p = &pd;
- #endif
-#endif
+ rt = t + 16;
+
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
@@ -32876,20 +32706,35 @@ static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, cons
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
- XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 8 * 5);
- XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
- }
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_point_256) * 16);
- XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- ForceZero(tmpd, sizeof(tmpd));
- ForceZero(td, sizeof(td));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
#endif
- sp_256_point_free_8(rt, 1, heap);
+ {
+ ForceZero(tmp, sizeof(sp_digit) * 2 * 8 * 5);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#ifndef WC_NO_CACHE_RESISTANT
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (p != NULL)
+ #endif
+ {
+ ForceZero(p, sizeof(sp_point_256));
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(p, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#endif /* !WC_NO_CACHE_RESISTANT */
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+#endif
+ {
+ ForceZero(t, sizeof(sp_point_256) * 17);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -33113,29 +32958,30 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r, const sp_point_256* p,
static int sp_256_gen_stripe_table_8(const sp_point_256* a,
sp_table_entry_256* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 td;
- sp_point_256 s1d;
- sp_point_256 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* t = NULL;
+#else
+ sp_point_256 t[3];
#endif
- sp_point_256* t;
sp_point_256* s1 = NULL;
sp_point_256* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_256_point_new_8(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_256_mod_mul_norm_8(t->x, a->x, p256_mod);
}
if (err == MP_OKAY) {
@@ -33180,9 +33026,10 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a,
}
}
- sp_256_point_free_8(s2, 0, heap);
- sp_256_point_free_8(s1, 0, heap);
- sp_256_point_free_8( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -33258,19 +33105,19 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
const sp_table_entry_256* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 rtd;
- sp_point_256 pd;
- sp_digit td[2 * 8 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_256 rt[2];
+ sp_digit t[2 * 8 * 5];
#endif
- sp_point_256* rt;
sp_point_256* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -33278,21 +33125,22 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
(void)heap;
- err = sp_256_point_new_8(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod));
XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod));
@@ -33343,13 +33191,12 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(p, 0, heap);
- sp_256_point_free_8(rt, 0, heap);
return err;
}
@@ -33515,29 +33362,30 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g, const sp_
static int sp_256_gen_stripe_table_8(const sp_point_256* a,
sp_table_entry_256* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 td;
- sp_point_256 s1d;
- sp_point_256 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* t = NULL;
+#else
+ sp_point_256 t[3];
#endif
- sp_point_256* t;
sp_point_256* s1 = NULL;
sp_point_256* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_256_point_new_8(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_256_mod_mul_norm_8(t->x, a->x, p256_mod);
}
if (err == MP_OKAY) {
@@ -33582,9 +33430,10 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a,
}
}
- sp_256_point_free_8(s2, 0, heap);
- sp_256_point_free_8(s1, 0, heap);
- sp_256_point_free_8( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -33660,19 +33509,19 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
const sp_table_entry_256* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 rtd;
- sp_point_256 pd;
- sp_digit td[2 * 8 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_256 rt[2];
+ sp_digit t[2 * 8 * 5];
#endif
- sp_point_256* rt;
sp_point_256* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -33680,21 +33529,22 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
(void)heap;
- err = sp_256_point_new_8(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod));
XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod));
@@ -33745,13 +33595,12 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(p, 0, heap);
- sp_256_point_free_8(rt, 0, heap);
return err;
}
@@ -33915,25 +33764,28 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g, const sp_
int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[8];
-#endif
- sp_point_256* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[1];
+ sp_digit k[8];
+#endif
int err = MP_OKAY;
- err = sp_256_point_new_8(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_256_from_mp(k, 8, km);
sp_256_point_from_ecc_point_8(point, gm);
@@ -33944,12 +33796,12 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
err = sp_256_point_to_ecc_point_8(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(point, 0, heap);
return err;
}
@@ -33969,37 +33821,35 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
const ecc_point* am, int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_point_256 a;
- sp_digit kd[8];
- sp_digit t[8 * 2 * 5];
-#endif
- sp_point_256* point;
- sp_point_256* addP = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[2];
+ sp_digit k[8 + 8 * 2 * 5];
+#endif
+ sp_point_256* addP = NULL;
sp_digit* tmp = NULL;
int err = MP_OKAY;
- err = sp_256_point_new_8(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 + 8 * 2 * 5), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (8 + 8 * 2 * 5), heap,
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 8;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 8;
+
sp_256_from_mp(k, 8, km);
sp_256_point_from_ecc_point_8(point, gm);
sp_256_point_from_ecc_point_8(addP, am);
@@ -34026,13 +33876,12 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
err = sp_256_point_to_ecc_point_8(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(addP, 0, heap);
- sp_256_point_free_8(point, 0, heap);
return err;
}
@@ -35466,26 +35315,28 @@ static int sp_256_ecc_mulmod_base_8(sp_point_256* r, const sp_digit* k,
*/
int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[8];
-#endif
- sp_point_256* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[1];
+ sp_digit k[8];
+#endif
int err = MP_OKAY;
- err = sp_256_point_new_8(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_256_from_mp(k, 8, km);
@@ -35495,12 +35346,12 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
err = sp_256_point_to_ecc_point_8(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(point, 0, heap);
return err;
}
@@ -35519,37 +35370,35 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_point_256 a;
- sp_digit kd[8];
- sp_digit t[8 * 2 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
+ sp_digit* k = NULL;
+#else
+ sp_point_256 point[2];
+ sp_digit k[8 + 8 * 2 * 5];
#endif
- sp_point_256* point;
sp_point_256* addP = NULL;
sp_digit* tmp = NULL;
- sp_digit* k = NULL;
int err = MP_OKAY;
- err = sp_256_point_new_8(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 + 8 * 2 * 5), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (8 + 8 * 2 * 5),
+ heap, DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 8;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 8;
+
sp_256_from_mp(k, 8, km);
sp_256_point_from_ecc_point_8(addP, am);
}
@@ -35575,13 +35424,12 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
err = sp_256_point_to_ecc_point_8(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(addP, 0, heap);
- sp_256_point_free_8(point, 0, heap);
return err;
}
@@ -35710,41 +35558,46 @@ static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k)
*/
int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[8];
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_point_256 inf;
-#endif
-#endif
- sp_point_256* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ sp_point_256 point[2];
+ #else
+ sp_point_256 point[1];
+ #endif
+ sp_digit k[8];
+#endif
#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
sp_point_256* infinity = NULL;
#endif
- int err;
+ int err = MP_OKAY;
+
(void)heap;
- err = sp_256_point_new_8(heap, p, point);
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, inf, infinity);
- }
-#endif
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, DYNAMIC_TYPE_ECC);
+ #else
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC);
+ #endif
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ infinity = point + 1;
+ #endif
+
err = sp_256_ecc_gen_k_8(rng, k);
}
if (err == MP_OKAY) {
@@ -35769,15 +35622,14 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
err = sp_256_point_to_ecc_point_8(point, pub);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
+ if (point != NULL) {
+ /* point is not sensitive, so no need to zeroize */
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
}
#endif
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_256_point_free_8(infinity, 1, heap);
-#endif
- sp_256_point_free_8(point, 1, heap);
return err;
}
@@ -35838,30 +35690,32 @@ static void sp_256_to_bin(sp_digit* r, byte* a)
int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
word32* outLen, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[8];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[1];
+ sp_digit k[8];
+#endif
int err = MP_OKAY;
if (*outLen < 32U) {
err = BUFFER_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, p, point);
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
@@ -35874,12 +35728,12 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
*outLen = 32;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(point, 0, heap);
return err;
}
@@ -36531,13 +36385,10 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
hashLen = 32U;
}
- sp_256_from_bin(ctx->e, 8, hash, (int)hashLen);
-
ctx->i = SP_ECC_MAX_SIG_GEN;
ctx->state = 1;
break;
case 1: /* GEN */
- sp_256_from_mp(ctx->x, 8, priv);
/* New random point. */
if (km == NULL || mp_iszero(km)) {
err = sp_256_ecc_gen_k_8(rng, ctx->k);
@@ -36565,6 +36416,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
c = sp_256_cmp_8(ctx->r, p256_order);
sp_256_cond_sub_8(ctx->r, ctx->r, p256_order, 0L - (sp_digit)(c >= 0));
sp_256_norm_8(ctx->r);
+
+ sp_256_from_mp(ctx->x, 8, priv);
+ sp_256_from_bin(ctx->e, 8, hash, (int)hashLen);
ctx->state = 4;
break;
}
@@ -36621,6 +36475,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
ctx->state = 10;
break;
}
+ #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP
+ ctx->i = 1;
+ #endif
/* not usable gen, try again */
ctx->i--;
@@ -36656,22 +36513,17 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng,
const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit ed[2*8];
- sp_digit xd[2*8];
- sp_digit kd[2*8];
- sp_digit rd[2*8];
- sp_digit td[3 * 2*8];
- sp_point_256 p;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* e = NULL;
+ sp_point_256* point = NULL;
+#else
+ sp_digit e[7 * 2 * 8];
+ sp_point_256 point[1];
+#endif
sp_digit* x = NULL;
sp_digit* k = NULL;
sp_digit* r = NULL;
sp_digit* tmp = NULL;
- sp_point_256* point = NULL;
sp_digit* s = NULL;
int32_t c;
int err = MP_OKAY;
@@ -36679,31 +36531,26 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng,
(void)heap;
- err = sp_256_point_new_8(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 8, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 8, heap,
+ DYNAMIC_TYPE_ECC);
+ if (e == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- e = d + 0 * 8;
- x = d + 2 * 8;
- k = d + 4 * 8;
- r = d + 6 * 8;
- tmp = d + 8 * 8;
-#else
- e = ed;
- x = xd;
- k = kd;
- r = rd;
- tmp = td;
-#endif
+ x = e + 2 * 8;
+ k = e + 4 * 8;
+ r = e + 6 * 8;
+ tmp = e + 8 * 8;
s = e;
if (hashLen > 32U) {
@@ -36758,19 +36605,24 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng,
err = sp_256_to_mp(s, sm);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 8 * 8);
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 2U * 8U);
- XMEMSET(x, 0, sizeof(sp_digit) * 2U * 8U);
- XMEMSET(k, 0, sizeof(sp_digit) * 2U * 8U);
- XMEMSET(r, 0, sizeof(sp_digit) * 2U * 8U);
- XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 8U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (e != NULL)
#endif
- sp_256_point_free_8(point, 1, heap);
+ {
+ ForceZero(e, sizeof(sp_digit) * 7 * 2 * 8);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(e, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (point != NULL)
+#endif
+ {
+ ForceZero(point, sizeof(sp_point_256));
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -37192,7 +37044,7 @@ typedef struct sp_ecc_verify_256_ctx {
int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ,
- const mp_int* r, const mp_int* sm, int* res, void* heap)
+ const mp_int* rm, const mp_int* sm, int* res, void* heap)
{
int err = FP_WOULDBLOCK;
sp_ecc_verify_256_ctx* ctx = (sp_ecc_verify_256_ctx*)sp_ctx->data;
@@ -37207,7 +37059,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
}
sp_256_from_bin(ctx->u1, 8, hash, (int)hashLen);
- sp_256_from_mp(ctx->u2, 8, r);
+ sp_256_from_mp(ctx->u2, 8, rm);
sp_256_from_mp(ctx->s, 8, sm);
sp_256_from_mp(ctx->p2.x, 8, pX);
sp_256_from_mp(ctx->p2.y, 8, pY);
@@ -37265,57 +37117,33 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
if (err == MP_OKAY)
ctx->state = 9;
break;
- case 9: /* DBLPREP */
- if (sp_256_iszero_8(ctx->p1.z)) {
- if (sp_256_iszero_8(ctx->p1.x) && sp_256_iszero_8(ctx->p1.y)) {
- XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
- ctx->state = 10;
- break;
- }
- else {
- /* Y ordinate is not used from here - don't set. */
- int i;
- for (i=0; i<8; i++) {
- ctx->p1.x[i] = 0;
- }
- XMEMCPY(ctx->p1.z, p256_norm_mod, sizeof(p256_norm_mod));
- }
- }
- ctx->state = 11;
- break;
- case 10: /* DBL */
- err = sp_256_proj_point_dbl_8_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1,
- &ctx->p2, ctx->tmp);
- if (err == MP_OKAY) {
- ctx->state = 11;
- }
- break;
- case 11: /* MONT */
+ case 9: /* MONT */
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_256_from_mp(ctx->u2, 8, r);
+ sp_256_from_mp(ctx->u2, 8, rm);
err = sp_256_mod_mul_norm_8(ctx->u2, ctx->u2, p256_mod);
if (err == MP_OKAY)
- ctx->state = 12;
+ ctx->state = 10;
break;
- case 12: /* SQR */
+ case 10: /* SQR */
/* u1 = r.z'.z' mod prime */
sp_256_mont_sqr_8(ctx->p1.z, ctx->p1.z, p256_mod, p256_mp_mod);
- ctx->state = 13;
+ ctx->state = 11;
break;
- case 13: /* MUL */
+ case 11: /* MUL */
sp_256_mont_mul_8(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, p256_mp_mod);
- ctx->state = 14;
+ ctx->state = 12;
break;
- case 14: /* RES */
+ case 12: /* RES */
+ {
+ int32_t c = 0;
err = MP_OKAY; /* math okay, now check result */
*res = (int)(sp_256_cmp_8(ctx->p1.x, ctx->u1) == 0);
if (*res == 0) {
sp_digit carry;
- int32_t c;
/* Reload r and add order. */
- sp_256_from_mp(ctx->u2, 8, r);
+ sp_256_from_mp(ctx->u2, 8, rm);
carry = sp_256_add_8(ctx->u2, ctx->u2, p256_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -37323,22 +37151,23 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
/* Compare with mod and if greater or equal then not valid. */
c = sp_256_cmp_8(ctx->u2, p256_mod);
- if (c < 0) {
- /* Convert to Montogomery form */
- err = sp_256_mod_mul_norm_8(ctx->u2, ctx->u2, p256_mod);
- if (err == MP_OKAY) {
- /* u1 = (r + 1*order).z'.z' mod prime */
- sp_256_mont_mul_8(ctx->u1, ctx->u2, ctx->p1.z, p256_mod,
- p256_mp_mod);
- *res = (int)(sp_256_cmp_8(ctx->p1.x, ctx->u1) == 0);
- }
- }
+ }
+ }
+ if ((*res == 0) && (c < 0)) {
+ /* Convert to Montogomery form */
+ err = sp_256_mod_mul_norm_8(ctx->u2, ctx->u2, p256_mod);
+ if (err == MP_OKAY) {
+ /* u1 = (r + 1*order).z'.z' mod prime */
+ sp_256_mont_mul_8(ctx->u1, ctx->u2, ctx->p1.z, p256_mod,
+ p256_mp_mod);
+ *res = (int)(sp_256_cmp_8(ctx->p1.x, ctx->u1) == 0);
}
}
break;
}
+ } /* switch */
- if (err == MP_OKAY && ctx->state != 14) {
+ if (err == MP_OKAY && ctx->state != 12) {
err = FP_WOULDBLOCK;
}
@@ -37347,62 +37176,51 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
#endif /* WOLFSSL_SP_NONBLOCK */
int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
- const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm,
+ const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm,
int* res, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit u1d[2*8];
- sp_digit u2d[2*8];
- sp_digit sd[2*8];
- sp_digit tmpd[2*8 * 5];
- sp_point_256 p1d;
- sp_point_256 p2d;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* u1 = NULL;
+ sp_point_256* p1 = NULL;
+#else
+ sp_digit u1[16 * 8];
+ sp_point_256 p1[2];
+#endif
sp_digit* u2 = NULL;
sp_digit* s = NULL;
sp_digit* tmp = NULL;
- sp_point_256* p1;
sp_point_256* p2 = NULL;
sp_digit carry;
int32_t c = 0;
- int err;
+ int err = MP_OKAY;
- err = sp_256_point_new_8(heap, p1d, p1);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, p2d, p2);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 8, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ p1 = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (p1 == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 8, heap,
+ DYNAMIC_TYPE_ECC);
+ if (u1 == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- u1 = d + 0 * 8;
- u2 = d + 2 * 8;
- s = d + 4 * 8;
- tmp = d + 6 * 8;
-#else
- u1 = u1d;
- u2 = u2d;
- s = sd;
- tmp = tmpd;
-#endif
+ u2 = u1 + 2 * 8;
+ s = u1 + 4 * 8;
+ tmp = u1 + 6 * 8;
+ p2 = p1 + 1;
if (hashLen > 32U) {
hashLen = 32U;
}
sp_256_from_bin(u1, 8, hash, (int)hashLen);
- sp_256_from_mp(u2, 8, r);
+ sp_256_from_mp(u2, 8, rm);
sp_256_from_mp(s, 8, sm);
sp_256_from_mp(p2->x, 8, pX);
sp_256_from_mp(p2->y, 8, pY);
@@ -37413,7 +37231,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
if (err == MP_OKAY) {
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_256_from_mp(u2, 8, r);
+ sp_256_from_mp(u2, 8, rm);
err = sp_256_mod_mul_norm_8(u2, u2, p256_mod);
}
@@ -37424,7 +37242,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
*res = (int)(sp_256_cmp_8(p1->x, u1) == 0);
if (*res == 0) {
/* Reload r and add order. */
- sp_256_from_mp(u2, 8, r);
+ sp_256_from_mp(u2, 8, rm);
carry = sp_256_add_8(u2, u2, p256_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -37433,8 +37251,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
/* Compare with mod and if greater or equal then not valid. */
c = sp_256_cmp_8(u2, p256_mod);
}
- }
- if ((*res == 0) && (c < 0)) {
+ }
+ if ((*res == 0) && (c < 0)) {
/* Convert to Montogomery form */
err = sp_256_mod_mul_norm_8(u2, u2, p256_mod);
if (err == MP_OKAY) {
@@ -37446,12 +37264,12 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL)
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (u1 != NULL)
+ XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+ if (p1 != NULL)
+ XFREE(p1, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(p1, 0, heap);
- sp_256_point_free_8(p2, 0, heap);
return err;
}
@@ -37468,32 +37286,23 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
static int sp_256_ecc_is_point_8(const sp_point_256* point,
void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2*8];
- sp_digit t2d[2*8];
+ sp_digit t1[8 * 4];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8 * 4, heap, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8 * 4, heap, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)heap;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 8;
- t2 = d + 2 * 8;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 8;
sp_256_sqr_8(t1, point->y);
(void)sp_256_mod_8(t1, t1, p256_mod);
@@ -37513,10 +37322,9 @@ static int sp_256_ecc_is_point_8(const sp_point_256* point,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, heap, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -37531,14 +37339,21 @@ static int sp_256_ecc_is_point_8(const sp_point_256* point,
*/
int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 pubd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* pub = NULL;
+#else
+ sp_point_256 pub[1];
+#endif
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
#endif
- sp_point_256* pub;
- byte one[1] = { 1 };
- int err;
- err = sp_256_point_new_8(NULL, pubd, pub);
if (err == MP_OKAY) {
sp_256_from_mp(pub->x, 8, pX);
sp_256_from_mp(pub->y, 8, pY);
@@ -37547,7 +37362,10 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
err = sp_256_ecc_is_point_8(pub, NULL);
}
- sp_256_point_free_8(pub, 0, NULL);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -37566,45 +37384,45 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
const mp_int* privm, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit privd[8];
- sp_point_256 pubd;
- sp_point_256 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* priv = NULL;
- sp_point_256* pub;
- sp_point_256* p = NULL;
- byte one[1] = { 1 };
- int err;
-
- err = sp_256_point_new_8(heap, pubd, pub);
- if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY && privm) {
- priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
- DYNAMIC_TYPE_ECC);
- if (priv == NULL) {
- err = MEMORY_E;
- }
- }
+ sp_point_256* pub = NULL;
+#else
+ sp_digit priv[8];
+ sp_point_256 pub[2];
#endif
+ sp_point_256* p = NULL;
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
/* Quick check the lengs of public key ordinates and private key are in
* range. Proper check later.
*/
- if ((err == MP_OKAY) && ((mp_count_bits(pX) > 256) ||
+ if (((mp_count_bits(pX) > 256) ||
(mp_count_bits(pY) > 256) ||
((privm != NULL) && (mp_count_bits(privm) > 256)))) {
err = ECC_OUT_OF_RANGE_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- priv = privd;
+ pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY && privm) {
+ priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
+ DYNAMIC_TYPE_ECC);
+ if (priv == NULL)
+ err = MEMORY_E;
+ }
#endif
+ if (err == MP_OKAY) {
+ p = pub + 1;
+
sp_256_from_mp(pub->x, 8, pX);
sp_256_from_mp(pub->y, 8, pY);
sp_256_from_bin(pub->z, 8, one, (int)sizeof(one));
@@ -37653,13 +37471,12 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (priv != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+ if (priv != NULL)
XFREE(priv, heap, DYNAMIC_TYPE_ECC);
- }
#endif
- sp_256_point_free_8(p, 0, heap);
- sp_256_point_free_8(pub, 0, heap);
return err;
}
@@ -37683,33 +37500,35 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* qX, mp_int* qY, mp_int* qZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 8 * 5];
- sp_point_256 pd;
- sp_point_256 qd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_256* p;
+ sp_point_256* p = NULL;
+#else
+ sp_digit tmp[2 * 8 * 5];
+ sp_point_256 p[2];
+#endif
sp_point_256* q = NULL;
int err;
- err = sp_256_point_new_8(NULL, pd, p);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_256_point_new_8(NULL, qd, q);
+ p = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, NULL,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (tmp == NULL) {
err = MEMORY_E;
}
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
+ q = p + 1;
+
sp_256_from_mp(p->x, 8, pX);
sp_256_from_mp(p->y, 8, pY);
sp_256_from_mp(p->z, 8, pZ);
@@ -37730,13 +37549,12 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_256_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(q, 0, NULL);
- sp_256_point_free_8(p, 0, NULL);
return err;
}
@@ -37755,25 +37573,28 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 8 * 2];
- sp_point_256 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_256* p;
- int err;
+ sp_point_256* p = NULL;
+#else
+ sp_digit tmp[2 * 8 * 2];
+ sp_point_256 p[1];
+#endif
+ int err = MP_OKAY;
- err = sp_256_point_new_8(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 2, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
@@ -37794,12 +37615,12 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_256_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(p, 0, NULL);
return err;
}
@@ -37814,25 +37635,29 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
*/
int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 8 * 4];
- sp_point_256 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_256* p;
- int err;
+ sp_point_256* p = NULL;
+#else
+ sp_digit tmp[2 * 8 * 4];
+ sp_point_256 p[1];
+#endif
+ int err = MP_OKAY;
- err = sp_256_point_new_8(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 4, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
sp_256_from_mp(p->x, 8, pX);
@@ -37852,12 +37677,12 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
err = sp_256_to_mp(p->z, pZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(p, 0, NULL);
return err;
}
@@ -37870,31 +37695,23 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
*/
static int sp_256_mont_sqrt_8(sp_digit* y)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2 * 8];
- sp_digit t2d[2 * 8];
+ sp_digit t1[4 * 8];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL) {
err = MEMORY_E;
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 8;
- t2 = d + 2 * 8;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 8;
{
/* t2 = y ^ 0x2 */
@@ -37929,10 +37746,9 @@ static int sp_256_mont_sqrt_8(sp_digit* y)
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -37948,31 +37764,22 @@ static int sp_256_mont_sqrt_8(sp_digit* y)
*/
int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
-#else
- sp_digit xd[2 * 8];
- sp_digit yd[2 * 8];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* x = NULL;
+#else
+ sp_digit x[4 * 8];
+#endif
sp_digit* y = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC);
+ if (x == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- x = d + 0 * 8;
- y = d + 2 * 8;
-#else
- x = xd;
- y = yd;
-#endif
+ y = x + 2 * 8;
sp_256_from_mp(x, 8, xm);
err = sp_256_mod_mul_norm_8(x, x, p256_mod);
@@ -38005,10 +37812,9 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
err = sp_256_to_mp(y, ym);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (x != NULL)
+ XFREE(x, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -40145,64 +39951,6 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a,
}
#endif /* WOLFSSL_SP_SMALL */
-/* Create a new point.
- *
- * heap [in] Buffer to allocate dynamic memory from.
- * sp [in] Data for point - only if not allocating.
- * p [out] New point.
- * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise.
- */
-static int sp_384_point_new_ex_12(void* heap, sp_point_384* sp,
- sp_point_384** p)
-{
- int ret = MP_OKAY;
- (void)heap;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- (void)sp;
- *p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC);
-#else
- *p = sp;
-#endif
- if (*p == NULL) {
- ret = MEMORY_E;
- }
- return ret;
-}
-
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* Allocate memory for point and return error. */
-#define sp_384_point_new_12(heap, sp, p) sp_384_point_new_ex_12((heap), NULL, &(p))
-#else
-/* Set pointer to data and return no error. */
-#define sp_384_point_new_12(heap, sp, p) sp_384_point_new_ex_12((heap), &(sp), &(p))
-#endif
-
-
-/* Free the point.
- *
- * p [in,out] Point to free.
- * clear [in] Indicates whether to zeroize point.
- * heap [in] Buffer from which dynamic memory was allocate from.
- */
-static void sp_384_point_free_12(sp_point_384* p, int clear, void* heap)
-{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* If valid pointer then clear point data if requested and free data. */
- if (p != NULL) {
- if (clear != 0) {
- XMEMSET(p, 0, sizeof(*p));
- }
- XFREE(p, heap, DYNAMIC_TYPE_ECC);
- }
-#else
-/* Clear point data if requested. */
- if ((p != NULL) && (clear != 0)) {
- XMEMSET(p, 0, sizeof(*p));
- }
-#endif
- (void)heap;
-}
-
/* Multiply a number by Montogmery normalizer mod modulus (prime).
*
* r The resulting Montgomery form number.
@@ -40212,8 +39960,8 @@ static void sp_384_point_free_12(sp_point_384* p, int clear, void* heap)
*/
static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- int64_t* t;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ int64_t* t = NULL;
#else
int64_t t[12];
#endif
@@ -40222,7 +39970,7 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t = (int64_t*)XMALLOC(sizeof(int64_t) * 12, NULL, DYNAMIC_TYPE_ECC);
if (t == NULL) {
err = MEMORY_E;
@@ -40297,7 +40045,7 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit
r[11] = t[11];
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (t != NULL)
XFREE(t, NULL, DYNAMIC_TYPE_ECC);
#endif
@@ -41976,56 +41724,55 @@ static void sp_384_get_point_16_12(sp_point_384* r, const sp_point_384* table,
static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, const sp_digit* k,
int map, int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 td[16];
- sp_point_384 rtd;
- sp_digit tmpd[2 * 12 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* t = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_384 t[16 + 1];
+ sp_digit tmp[2 * 12 * 6];
+#endif
+ sp_point_384* rt = NULL;
#ifndef WC_NO_CACHE_RESISTANT
- sp_point_384 pd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* p = NULL;
+#else
+ sp_point_384 p[1];
#endif
-#endif
- sp_point_384* t;
- sp_point_384* rt;
-#ifndef WC_NO_CACHE_RESISTANT
- sp_point_384* p;
-#endif
- sp_digit* tmp;
+#endif /* !WC_NO_CACHE_RESISTANT */
sp_digit n;
int i;
int c;
int y;
- int err;
+ int err = MP_OKAY;
/* Constant time used for cache attack resistance implementation. */
(void)ct;
(void)heap;
- err = sp_384_point_new_12(heap, rtd, rt);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-#ifndef WC_NO_CACHE_RESISTANT
- t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 17, heap, DYNAMIC_TYPE_ECC);
-#else
- t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 16, heap, DYNAMIC_TYPE_ECC);
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 16 + 1,
+ heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
-#else
- t = td;
- tmp = tmpd;
+ #ifndef WC_NO_CACHE_RESISTANT
+ if (err == MP_OKAY) {
+ p = (sp_point_384*)XMALLOC(sizeof(sp_point_384),
+ heap, DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
+ #endif
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap,
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
if (err == MP_OKAY) {
-#ifndef WC_NO_CACHE_RESISTANT
- #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- p = t + 16;
- #else
- p = &pd;
- #endif
-#endif
+ rt = t + 16;
+
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
@@ -42113,20 +41860,35 @@ static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, con
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
- XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 12 * 6);
- XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
- }
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_point_384) * 16);
- XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- ForceZero(tmpd, sizeof(tmpd));
- ForceZero(td, sizeof(td));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
#endif
- sp_384_point_free_12(rt, 1, heap);
+ {
+ ForceZero(tmp, sizeof(sp_digit) * 2 * 12 * 6);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#ifndef WC_NO_CACHE_RESISTANT
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (p != NULL)
+ #endif
+ {
+ ForceZero(p, sizeof(sp_point_384));
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(p, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#endif /* !WC_NO_CACHE_RESISTANT */
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+#endif
+ {
+ ForceZero(t, sizeof(sp_point_384) * 17);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -42350,29 +42112,30 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r, const sp_point_384* p,
static int sp_384_gen_stripe_table_12(const sp_point_384* a,
sp_table_entry_384* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 td;
- sp_point_384 s1d;
- sp_point_384 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* t = NULL;
+#else
+ sp_point_384 t[3];
#endif
- sp_point_384* t;
sp_point_384* s1 = NULL;
sp_point_384* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_384_point_new_12(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_384_mod_mul_norm_12(t->x, a->x, p384_mod);
}
if (err == MP_OKAY) {
@@ -42417,9 +42180,10 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a,
}
}
- sp_384_point_free_12(s2, 0, heap);
- sp_384_point_free_12(s1, 0, heap);
- sp_384_point_free_12( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -42511,19 +42275,19 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
const sp_table_entry_384* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 rtd;
- sp_point_384 pd;
- sp_digit td[2 * 12 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_384 rt[2];
+ sp_digit t[2 * 12 * 6];
#endif
- sp_point_384* rt;
sp_point_384* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -42531,21 +42295,22 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
(void)heap;
- err = sp_384_point_new_12(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p384_norm_mod, sizeof(p384_norm_mod));
XMEMCPY(rt->z, p384_norm_mod, sizeof(p384_norm_mod));
@@ -42596,13 +42361,12 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(p, 0, heap);
- sp_384_point_free_12(rt, 0, heap);
return err;
}
@@ -42768,29 +42532,30 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g, const sp
static int sp_384_gen_stripe_table_12(const sp_point_384* a,
sp_table_entry_384* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 td;
- sp_point_384 s1d;
- sp_point_384 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* t = NULL;
+#else
+ sp_point_384 t[3];
#endif
- sp_point_384* t;
sp_point_384* s1 = NULL;
sp_point_384* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_384_point_new_12(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_384_mod_mul_norm_12(t->x, a->x, p384_mod);
}
if (err == MP_OKAY) {
@@ -42835,9 +42600,10 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a,
}
}
- sp_384_point_free_12(s2, 0, heap);
- sp_384_point_free_12(s1, 0, heap);
- sp_384_point_free_12( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -42929,19 +42695,19 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
const sp_table_entry_384* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 rtd;
- sp_point_384 pd;
- sp_digit td[2 * 12 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_384 rt[2];
+ sp_digit t[2 * 12 * 6];
#endif
- sp_point_384* rt;
sp_point_384* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -42949,21 +42715,22 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
(void)heap;
- err = sp_384_point_new_12(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p384_norm_mod, sizeof(p384_norm_mod));
XMEMCPY(rt->z, p384_norm_mod, sizeof(p384_norm_mod));
@@ -43014,13 +42781,12 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(p, 0, heap);
- sp_384_point_free_12(rt, 0, heap);
return err;
}
@@ -43184,25 +42950,28 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g, const sp
int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[12];
-#endif
- sp_point_384* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[1];
+ sp_digit k[12];
+#endif
int err = MP_OKAY;
- err = sp_384_point_new_12(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_384_from_mp(k, 12, km);
sp_384_point_from_ecc_point_12(point, gm);
@@ -43213,12 +42982,12 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
err = sp_384_point_to_ecc_point_12(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(point, 0, heap);
return err;
}
@@ -43238,37 +43007,35 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
const ecc_point* am, int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_point_384 a;
- sp_digit kd[12];
- sp_digit t[12 * 2 * 6];
-#endif
- sp_point_384* point;
- sp_point_384* addP = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[2];
+ sp_digit k[12 + 12 * 2 * 6];
+#endif
+ sp_point_384* addP = NULL;
sp_digit* tmp = NULL;
int err = MP_OKAY;
- err = sp_384_point_new_12(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (12 + 12 * 2 * 6), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (12 + 12 * 2 * 6), heap,
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 12;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 12;
+
sp_384_from_mp(k, 12, km);
sp_384_point_from_ecc_point_12(point, gm);
sp_384_point_from_ecc_point_12(addP, am);
@@ -43295,13 +43062,12 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
err = sp_384_point_to_ecc_point_12(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(addP, 0, heap);
- sp_384_point_free_12(point, 0, heap);
return err;
}
@@ -44735,26 +44501,28 @@ static int sp_384_ecc_mulmod_base_12(sp_point_384* r, const sp_digit* k,
*/
int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[12];
-#endif
- sp_point_384* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[1];
+ sp_digit k[12];
+#endif
int err = MP_OKAY;
- err = sp_384_point_new_12(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_384_from_mp(k, 12, km);
@@ -44764,12 +44532,12 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
err = sp_384_point_to_ecc_point_12(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(point, 0, heap);
return err;
}
@@ -44788,37 +44556,35 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_point_384 a;
- sp_digit kd[12];
- sp_digit t[12 * 2 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
+ sp_digit* k = NULL;
+#else
+ sp_point_384 point[2];
+ sp_digit k[12 + 12 * 2 * 6];
#endif
- sp_point_384* point;
sp_point_384* addP = NULL;
sp_digit* tmp = NULL;
- sp_digit* k = NULL;
int err = MP_OKAY;
- err = sp_384_point_new_12(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (12 + 12 * 2 * 6), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (12 + 12 * 2 * 6),
+ heap, DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 12;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 12;
+
sp_384_from_mp(k, 12, km);
sp_384_point_from_ecc_point_12(addP, am);
}
@@ -44844,13 +44610,12 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
err = sp_384_point_to_ecc_point_12(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(addP, 0, heap);
- sp_384_point_free_12(point, 0, heap);
return err;
}
@@ -44992,41 +44757,46 @@ static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k)
*/
int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[12];
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_point_384 inf;
-#endif
-#endif
- sp_point_384* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ sp_point_384 point[2];
+ #else
+ sp_point_384 point[1];
+ #endif
+ sp_digit k[12];
+#endif
#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
sp_point_384* infinity = NULL;
#endif
- int err;
+ int err = MP_OKAY;
+
(void)heap;
- err = sp_384_point_new_12(heap, p, point);
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, inf, infinity);
- }
-#endif
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, DYNAMIC_TYPE_ECC);
+ #else
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC);
+ #endif
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ infinity = point + 1;
+ #endif
+
err = sp_384_ecc_gen_k_12(rng, k);
}
if (err == MP_OKAY) {
@@ -45051,15 +44821,14 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
err = sp_384_point_to_ecc_point_12(point, pub);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
+ if (point != NULL) {
+ /* point is not sensitive, so no need to zeroize */
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
}
#endif
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_384_point_free_12(infinity, 1, heap);
-#endif
- sp_384_point_free_12(point, 1, heap);
return err;
}
@@ -45120,30 +44889,32 @@ static void sp_384_to_bin(sp_digit* r, byte* a)
int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
word32* outLen, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[12];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[1];
+ sp_digit k[12];
+#endif
int err = MP_OKAY;
if (*outLen < 48U) {
err = BUFFER_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, p, point);
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
@@ -45156,12 +44927,12 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
*outLen = 48;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(point, 0, heap);
return err;
}
@@ -45832,13 +45603,10 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
hashLen = 48U;
}
- sp_384_from_bin(ctx->e, 12, hash, (int)hashLen);
-
ctx->i = SP_ECC_MAX_SIG_GEN;
ctx->state = 1;
break;
case 1: /* GEN */
- sp_384_from_mp(ctx->x, 12, priv);
/* New random point. */
if (km == NULL || mp_iszero(km)) {
err = sp_384_ecc_gen_k_12(rng, ctx->k);
@@ -45866,6 +45634,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
c = sp_384_cmp_12(ctx->r, p384_order);
sp_384_cond_sub_12(ctx->r, ctx->r, p384_order, 0L - (sp_digit)(c >= 0));
sp_384_norm_12(ctx->r);
+
+ sp_384_from_mp(ctx->x, 12, priv);
+ sp_384_from_bin(ctx->e, 12, hash, (int)hashLen);
ctx->state = 4;
break;
}
@@ -45922,6 +45693,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
ctx->state = 10;
break;
}
+ #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP
+ ctx->i = 1;
+ #endif
/* not usable gen, try again */
ctx->i--;
@@ -45957,22 +45731,17 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng,
const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit ed[2*12];
- sp_digit xd[2*12];
- sp_digit kd[2*12];
- sp_digit rd[2*12];
- sp_digit td[3 * 2*12];
- sp_point_384 p;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* e = NULL;
+ sp_point_384* point = NULL;
+#else
+ sp_digit e[7 * 2 * 12];
+ sp_point_384 point[1];
+#endif
sp_digit* x = NULL;
sp_digit* k = NULL;
sp_digit* r = NULL;
sp_digit* tmp = NULL;
- sp_point_384* point = NULL;
sp_digit* s = NULL;
int32_t c;
int err = MP_OKAY;
@@ -45980,31 +45749,26 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng,
(void)heap;
- err = sp_384_point_new_12(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 12, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 12, heap,
+ DYNAMIC_TYPE_ECC);
+ if (e == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- e = d + 0 * 12;
- x = d + 2 * 12;
- k = d + 4 * 12;
- r = d + 6 * 12;
- tmp = d + 8 * 12;
-#else
- e = ed;
- x = xd;
- k = kd;
- r = rd;
- tmp = td;
-#endif
+ x = e + 2 * 12;
+ k = e + 4 * 12;
+ r = e + 6 * 12;
+ tmp = e + 8 * 12;
s = e;
if (hashLen > 48U) {
@@ -46059,19 +45823,24 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng,
err = sp_384_to_mp(s, sm);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 8 * 12);
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 2U * 12U);
- XMEMSET(x, 0, sizeof(sp_digit) * 2U * 12U);
- XMEMSET(k, 0, sizeof(sp_digit) * 2U * 12U);
- XMEMSET(r, 0, sizeof(sp_digit) * 2U * 12U);
- XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 12U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (e != NULL)
#endif
- sp_384_point_free_12(point, 1, heap);
+ {
+ ForceZero(e, sizeof(sp_digit) * 7 * 2 * 12);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(e, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (point != NULL)
+#endif
+ {
+ ForceZero(point, sizeof(sp_point_384));
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -46540,7 +46309,7 @@ typedef struct sp_ecc_verify_384_ctx {
int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ,
- const mp_int* r, const mp_int* sm, int* res, void* heap)
+ const mp_int* rm, const mp_int* sm, int* res, void* heap)
{
int err = FP_WOULDBLOCK;
sp_ecc_verify_384_ctx* ctx = (sp_ecc_verify_384_ctx*)sp_ctx->data;
@@ -46555,7 +46324,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
}
sp_384_from_bin(ctx->u1, 12, hash, (int)hashLen);
- sp_384_from_mp(ctx->u2, 12, r);
+ sp_384_from_mp(ctx->u2, 12, rm);
sp_384_from_mp(ctx->s, 12, sm);
sp_384_from_mp(ctx->p2.x, 12, pX);
sp_384_from_mp(ctx->p2.y, 12, pY);
@@ -46613,57 +46382,33 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
if (err == MP_OKAY)
ctx->state = 9;
break;
- case 9: /* DBLPREP */
- if (sp_384_iszero_12(ctx->p1.z)) {
- if (sp_384_iszero_12(ctx->p1.x) && sp_384_iszero_12(ctx->p1.y)) {
- XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
- ctx->state = 10;
- break;
- }
- else {
- /* Y ordinate is not used from here - don't set. */
- int i;
- for (i=0; i<12; i++) {
- ctx->p1.x[i] = 0;
- }
- XMEMCPY(ctx->p1.z, p384_norm_mod, sizeof(p384_norm_mod));
- }
- }
- ctx->state = 11;
- break;
- case 10: /* DBL */
- err = sp_384_proj_point_dbl_12_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1,
- &ctx->p2, ctx->tmp);
- if (err == MP_OKAY) {
- ctx->state = 11;
- }
- break;
- case 11: /* MONT */
+ case 9: /* MONT */
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_384_from_mp(ctx->u2, 12, r);
+ sp_384_from_mp(ctx->u2, 12, rm);
err = sp_384_mod_mul_norm_12(ctx->u2, ctx->u2, p384_mod);
if (err == MP_OKAY)
- ctx->state = 12;
+ ctx->state = 10;
break;
- case 12: /* SQR */
+ case 10: /* SQR */
/* u1 = r.z'.z' mod prime */
sp_384_mont_sqr_12(ctx->p1.z, ctx->p1.z, p384_mod, p384_mp_mod);
- ctx->state = 13;
+ ctx->state = 11;
break;
- case 13: /* MUL */
+ case 11: /* MUL */
sp_384_mont_mul_12(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, p384_mp_mod);
- ctx->state = 14;
+ ctx->state = 12;
break;
- case 14: /* RES */
+ case 12: /* RES */
+ {
+ int32_t c = 0;
err = MP_OKAY; /* math okay, now check result */
*res = (int)(sp_384_cmp_12(ctx->p1.x, ctx->u1) == 0);
if (*res == 0) {
sp_digit carry;
- int32_t c;
/* Reload r and add order. */
- sp_384_from_mp(ctx->u2, 12, r);
+ sp_384_from_mp(ctx->u2, 12, rm);
carry = sp_384_add_12(ctx->u2, ctx->u2, p384_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -46671,22 +46416,23 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
/* Compare with mod and if greater or equal then not valid. */
c = sp_384_cmp_12(ctx->u2, p384_mod);
- if (c < 0) {
- /* Convert to Montogomery form */
- err = sp_384_mod_mul_norm_12(ctx->u2, ctx->u2, p384_mod);
- if (err == MP_OKAY) {
- /* u1 = (r + 1*order).z'.z' mod prime */
- sp_384_mont_mul_12(ctx->u1, ctx->u2, ctx->p1.z, p384_mod,
- p384_mp_mod);
- *res = (int)(sp_384_cmp_12(ctx->p1.x, ctx->u1) == 0);
- }
- }
+ }
+ }
+ if ((*res == 0) && (c < 0)) {
+ /* Convert to Montogomery form */
+ err = sp_384_mod_mul_norm_12(ctx->u2, ctx->u2, p384_mod);
+ if (err == MP_OKAY) {
+ /* u1 = (r + 1*order).z'.z' mod prime */
+ sp_384_mont_mul_12(ctx->u1, ctx->u2, ctx->p1.z, p384_mod,
+ p384_mp_mod);
+ *res = (int)(sp_384_cmp_12(ctx->p1.x, ctx->u1) == 0);
}
}
break;
}
+ } /* switch */
- if (err == MP_OKAY && ctx->state != 14) {
+ if (err == MP_OKAY && ctx->state != 12) {
err = FP_WOULDBLOCK;
}
@@ -46695,62 +46441,51 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
#endif /* WOLFSSL_SP_NONBLOCK */
int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
- const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm,
+ const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm,
int* res, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit u1d[2*12];
- sp_digit u2d[2*12];
- sp_digit sd[2*12];
- sp_digit tmpd[2*12 * 5];
- sp_point_384 p1d;
- sp_point_384 p2d;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* u1 = NULL;
+ sp_point_384* p1 = NULL;
+#else
+ sp_digit u1[16 * 12];
+ sp_point_384 p1[2];
+#endif
sp_digit* u2 = NULL;
sp_digit* s = NULL;
sp_digit* tmp = NULL;
- sp_point_384* p1;
sp_point_384* p2 = NULL;
sp_digit carry;
int32_t c = 0;
- int err;
+ int err = MP_OKAY;
- err = sp_384_point_new_12(heap, p1d, p1);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, p2d, p2);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 12, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ p1 = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (p1 == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 12, heap,
+ DYNAMIC_TYPE_ECC);
+ if (u1 == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- u1 = d + 0 * 12;
- u2 = d + 2 * 12;
- s = d + 4 * 12;
- tmp = d + 6 * 12;
-#else
- u1 = u1d;
- u2 = u2d;
- s = sd;
- tmp = tmpd;
-#endif
+ u2 = u1 + 2 * 12;
+ s = u1 + 4 * 12;
+ tmp = u1 + 6 * 12;
+ p2 = p1 + 1;
if (hashLen > 48U) {
hashLen = 48U;
}
sp_384_from_bin(u1, 12, hash, (int)hashLen);
- sp_384_from_mp(u2, 12, r);
+ sp_384_from_mp(u2, 12, rm);
sp_384_from_mp(s, 12, sm);
sp_384_from_mp(p2->x, 12, pX);
sp_384_from_mp(p2->y, 12, pY);
@@ -46761,7 +46496,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
if (err == MP_OKAY) {
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_384_from_mp(u2, 12, r);
+ sp_384_from_mp(u2, 12, rm);
err = sp_384_mod_mul_norm_12(u2, u2, p384_mod);
}
@@ -46772,7 +46507,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
*res = (int)(sp_384_cmp_12(p1->x, u1) == 0);
if (*res == 0) {
/* Reload r and add order. */
- sp_384_from_mp(u2, 12, r);
+ sp_384_from_mp(u2, 12, rm);
carry = sp_384_add_12(u2, u2, p384_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -46781,8 +46516,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
/* Compare with mod and if greater or equal then not valid. */
c = sp_384_cmp_12(u2, p384_mod);
}
- }
- if ((*res == 0) && (c < 0)) {
+ }
+ if ((*res == 0) && (c < 0)) {
/* Convert to Montogomery form */
err = sp_384_mod_mul_norm_12(u2, u2, p384_mod);
if (err == MP_OKAY) {
@@ -46794,12 +46529,12 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL)
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (u1 != NULL)
+ XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+ if (p1 != NULL)
+ XFREE(p1, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(p1, 0, heap);
- sp_384_point_free_12(p2, 0, heap);
return err;
}
@@ -46816,32 +46551,23 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
static int sp_384_ecc_is_point_12(const sp_point_384* point,
void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2*12];
- sp_digit t2d[2*12];
+ sp_digit t1[12 * 4];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12 * 4, heap, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12 * 4, heap, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)heap;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 12;
- t2 = d + 2 * 12;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 12;
sp_384_sqr_12(t1, point->y);
(void)sp_384_mod_12(t1, t1, p384_mod);
@@ -46861,10 +46587,9 @@ static int sp_384_ecc_is_point_12(const sp_point_384* point,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, heap, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -46879,14 +46604,21 @@ static int sp_384_ecc_is_point_12(const sp_point_384* point,
*/
int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 pubd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* pub = NULL;
+#else
+ sp_point_384 pub[1];
+#endif
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
#endif
- sp_point_384* pub;
- byte one[1] = { 1 };
- int err;
- err = sp_384_point_new_12(NULL, pubd, pub);
if (err == MP_OKAY) {
sp_384_from_mp(pub->x, 12, pX);
sp_384_from_mp(pub->y, 12, pY);
@@ -46895,7 +46627,10 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
err = sp_384_ecc_is_point_12(pub, NULL);
}
- sp_384_point_free_12(pub, 0, NULL);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -46914,45 +46649,45 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
const mp_int* privm, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit privd[12];
- sp_point_384 pubd;
- sp_point_384 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* priv = NULL;
- sp_point_384* pub;
- sp_point_384* p = NULL;
- byte one[1] = { 1 };
- int err;
-
- err = sp_384_point_new_12(heap, pubd, pub);
- if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY && privm) {
- priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap,
- DYNAMIC_TYPE_ECC);
- if (priv == NULL) {
- err = MEMORY_E;
- }
- }
+ sp_point_384* pub = NULL;
+#else
+ sp_digit priv[12];
+ sp_point_384 pub[2];
#endif
+ sp_point_384* p = NULL;
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
/* Quick check the lengs of public key ordinates and private key are in
* range. Proper check later.
*/
- if ((err == MP_OKAY) && ((mp_count_bits(pX) > 384) ||
+ if (((mp_count_bits(pX) > 384) ||
(mp_count_bits(pY) > 384) ||
((privm != NULL) && (mp_count_bits(privm) > 384)))) {
err = ECC_OUT_OF_RANGE_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- priv = privd;
+ pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY && privm) {
+ priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap,
+ DYNAMIC_TYPE_ECC);
+ if (priv == NULL)
+ err = MEMORY_E;
+ }
#endif
+ if (err == MP_OKAY) {
+ p = pub + 1;
+
sp_384_from_mp(pub->x, 12, pX);
sp_384_from_mp(pub->y, 12, pY);
sp_384_from_bin(pub->z, 12, one, (int)sizeof(one));
@@ -47001,13 +46736,12 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (priv != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+ if (priv != NULL)
XFREE(priv, heap, DYNAMIC_TYPE_ECC);
- }
#endif
- sp_384_point_free_12(p, 0, heap);
- sp_384_point_free_12(pub, 0, heap);
return err;
}
@@ -47031,33 +46765,35 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* qX, mp_int* qY, mp_int* qZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 12 * 5];
- sp_point_384 pd;
- sp_point_384 qd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_384* p;
+ sp_point_384* p = NULL;
+#else
+ sp_digit tmp[2 * 12 * 5];
+ sp_point_384 p[2];
+#endif
sp_point_384* q = NULL;
int err;
- err = sp_384_point_new_12(NULL, pd, p);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_384_point_new_12(NULL, qd, q);
+ p = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 5, NULL,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (tmp == NULL) {
err = MEMORY_E;
}
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
+ q = p + 1;
+
sp_384_from_mp(p->x, 12, pX);
sp_384_from_mp(p->y, 12, pY);
sp_384_from_mp(p->z, 12, pZ);
@@ -47078,13 +46814,12 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_384_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(q, 0, NULL);
- sp_384_point_free_12(p, 0, NULL);
return err;
}
@@ -47103,25 +46838,28 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 12 * 2];
- sp_point_384 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_384* p;
- int err;
+ sp_point_384* p = NULL;
+#else
+ sp_digit tmp[2 * 12 * 2];
+ sp_point_384 p[1];
+#endif
+ int err = MP_OKAY;
- err = sp_384_point_new_12(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 2, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
@@ -47142,12 +46880,12 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_384_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(p, 0, NULL);
return err;
}
@@ -47162,25 +46900,29 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
*/
int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 12 * 6];
- sp_point_384 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_384* p;
- int err;
+ sp_point_384* p = NULL;
+#else
+ sp_digit tmp[2 * 12 * 6];
+ sp_point_384 p[1];
+#endif
+ int err = MP_OKAY;
- err = sp_384_point_new_12(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
sp_384_from_mp(p->x, 12, pX);
@@ -47200,12 +46942,12 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
err = sp_384_to_mp(p->z, pZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(p, 0, NULL);
return err;
}
@@ -47218,43 +46960,28 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
*/
static int sp_384_mont_sqrt_12(sp_digit* y)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2 * 12];
- sp_digit t2d[2 * 12];
- sp_digit t3d[2 * 12];
- sp_digit t4d[2 * 12];
- sp_digit t5d[2 * 12];
+ sp_digit t1[5 * 2 * 12];
#endif
- sp_digit* t1;
- sp_digit* t2;
- sp_digit* t3;
- sp_digit* t4;
- sp_digit* t5;
+ sp_digit* t2 = NULL;
+ sp_digit* t3 = NULL;
+ sp_digit* t4 = NULL;
+ sp_digit* t5 = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 12, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 12, NULL, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 12;
- t2 = d + 2 * 12;
- t3 = d + 4 * 12;
- t4 = d + 6 * 12;
- t5 = d + 8 * 12;
-#else
- t1 = t1d;
- t2 = t2d;
- t3 = t3d;
- t4 = t4d;
- t5 = t5d;
-#endif
+ t2 = t1 + 2 * 12;
+ t3 = t1 + 4 * 12;
+ t4 = t1 + 6 * 12;
+ t5 = t1 + 8 * 12;
{
/* t2 = y ^ 0x2 */
@@ -47314,10 +47041,9 @@ static int sp_384_mont_sqrt_12(sp_digit* y)
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -47333,31 +47059,22 @@ static int sp_384_mont_sqrt_12(sp_digit* y)
*/
int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
-#else
- sp_digit xd[2 * 12];
- sp_digit yd[2 * 12];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* x = NULL;
+#else
+ sp_digit x[4 * 12];
+#endif
sp_digit* y = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 12, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 12, NULL, DYNAMIC_TYPE_ECC);
+ if (x == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- x = d + 0 * 12;
- y = d + 2 * 12;
-#else
- x = xd;
- y = yd;
-#endif
+ y = x + 2 * 12;
sp_384_from_mp(x, 12, xm);
err = sp_384_mod_mul_norm_12(x, x, p384_mod);
@@ -47390,10 +47107,9 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
err = sp_384_to_mp(y, ym);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (x != NULL)
+ XFREE(x, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -52123,6 +51839,8 @@ static int sp_1024_mod_mul_norm_32(sp_digit* r, const sp_digit* a,
return sp_1024_mod_32(r, r, m);
}
+
+#ifdef WOLFCRYPT_HAVE_SAKKE
/* Create a new point.
*
* heap [in] Buffer to allocate dynamic memory from.
@@ -52154,8 +51872,8 @@ static int sp_1024_point_new_ex_32(void* heap, sp_point_1024* sp,
/* Set pointer to data and return no error. */
#define sp_1024_point_new_32(heap, sp, p) sp_1024_point_new_ex_32((heap), &(sp), &(p))
#endif
-
-
+#endif /* WOLFCRYPT_HAVE_SAKKE */
+#ifdef WOLFCRYPT_HAVE_SAKKE
/* Free the point.
*
* p [in,out] Point to free.
@@ -52180,6 +51898,7 @@ static void sp_1024_point_free_32(sp_point_1024* p, int clear, void* heap)
#endif
(void)heap;
}
+#endif /* WOLFCRYPT_HAVE_SAKKE */
/* Convert an mp_int to an array of sp_digit.
*
@@ -54713,43 +54432,40 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
static int sp_1024_ecc_mulmod_fast_32(sp_point_1024* r, const sp_point_1024* g, const sp_digit* k,
int map, int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 td[16];
- sp_point_1024 rtd;
- sp_digit tmpd[2 * 32 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* t = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_1024 t[16 + 1];
+ sp_digit tmp[2 * 32 * 5];
#endif
- sp_point_1024* t;
- sp_point_1024* rt;
- sp_digit* tmp;
+ sp_point_1024* rt = NULL;
sp_digit n;
int i;
int c;
int y;
- int err;
+ int err = MP_OKAY;
/* Constant time used for cache attack resistance implementation. */
(void)ct;
(void)heap;
- err = sp_1024_point_new_32(heap, rtd, rt);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-#ifndef WC_NO_CACHE_RESISTANT
- t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 17, heap, DYNAMIC_TYPE_ECC);
-#else
- t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 16, heap, DYNAMIC_TYPE_ECC);
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 16 + 1,
+ heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
-#else
- t = td;
- tmp = tmpd;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
if (err == MP_OKAY) {
+ rt = t + 16;
+
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
@@ -54817,20 +54533,24 @@ static int sp_1024_ecc_mulmod_fast_32(sp_point_1024* r, const sp_point_1024* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
- XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 32 * 5);
- XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
- }
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_point_1024) * 16);
- XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- ForceZero(tmpd, sizeof(tmpd));
- ForceZero(td, sizeof(td));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
#endif
- sp_1024_point_free_32(rt, 1, heap);
+ {
+ ForceZero(tmp, sizeof(sp_digit) * 2 * 32 * 5);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+#endif
+ {
+ ForceZero(t, sizeof(sp_point_1024) * 17);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -55054,29 +54774,30 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r, const sp_point_1024*
static int sp_1024_gen_stripe_table_32(const sp_point_1024* a,
sp_table_entry_1024* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 td;
- sp_point_1024 s1d;
- sp_point_1024 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* t = NULL;
+#else
+ sp_point_1024 t[3];
#endif
- sp_point_1024* t;
sp_point_1024* s1 = NULL;
sp_point_1024* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_1024_point_new_32(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_32(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_1024_point_new_32(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_1024_mod_mul_norm_32(t->x, a->x, p1024_mod);
}
if (err == MP_OKAY) {
@@ -55121,9 +54842,10 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a,
}
}
- sp_1024_point_free_32(s2, 0, heap);
- sp_1024_point_free_32(s1, 0, heap);
- sp_1024_point_free_32( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -55149,19 +54871,19 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
const sp_table_entry_1024* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 rtd;
- sp_point_1024 pd;
- sp_digit td[2 * 32 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_1024 rt[2];
+ sp_digit t[2 * 32 * 5];
#endif
- sp_point_1024* rt;
sp_point_1024* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -55169,21 +54891,22 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
(void)heap;
- err = sp_1024_point_new_32(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_32(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p1024_norm_mod, sizeof(p1024_norm_mod));
XMEMCPY(rt->z, p1024_norm_mod, sizeof(p1024_norm_mod));
@@ -55219,13 +54942,12 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_32(p, 0, heap);
- sp_1024_point_free_32(rt, 0, heap);
return err;
}
@@ -55391,29 +55113,30 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g, const
static int sp_1024_gen_stripe_table_32(const sp_point_1024* a,
sp_table_entry_1024* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 td;
- sp_point_1024 s1d;
- sp_point_1024 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* t = NULL;
+#else
+ sp_point_1024 t[3];
#endif
- sp_point_1024* t;
sp_point_1024* s1 = NULL;
sp_point_1024* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_1024_point_new_32(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_32(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_1024_point_new_32(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_1024_mod_mul_norm_32(t->x, a->x, p1024_mod);
}
if (err == MP_OKAY) {
@@ -55458,9 +55181,10 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a,
}
}
- sp_1024_point_free_32(s2, 0, heap);
- sp_1024_point_free_32(s1, 0, heap);
- sp_1024_point_free_32( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -55486,19 +55210,19 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
const sp_table_entry_1024* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 rtd;
- sp_point_1024 pd;
- sp_digit td[2 * 32 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_1024 rt[2];
+ sp_digit t[2 * 32 * 5];
#endif
- sp_point_1024* rt;
sp_point_1024* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -55506,21 +55230,22 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
(void)heap;
- err = sp_1024_point_new_32(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_32(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p1024_norm_mod, sizeof(p1024_norm_mod));
XMEMCPY(rt->z, p1024_norm_mod, sizeof(p1024_norm_mod));
@@ -55556,13 +55281,12 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_32(p, 0, heap);
- sp_1024_point_free_32(rt, 0, heap);
return err;
}
@@ -55726,25 +55450,28 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g, const
int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_digit kd[32];
-#endif
- sp_point_1024* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_1024 point[1];
+ sp_digit k[32];
+#endif
int err = MP_OKAY;
- err = sp_1024_point_new_32(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_1024_from_mp(k, 32, km);
sp_1024_point_from_ecc_point_32(point, gm);
@@ -55755,12 +55482,12 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
err = sp_1024_point_to_ecc_point_32(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_32(point, 0, heap);
return err;
}
@@ -59354,26 +59081,28 @@ static int sp_1024_ecc_mulmod_base_32(sp_point_1024* r, const sp_digit* k,
*/
int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_digit kd[32];
-#endif
- sp_point_1024* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_1024 point[1];
+ sp_digit k[32];
+#endif
int err = MP_OKAY;
- err = sp_1024_point_new_32(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_1024_from_mp(k, 32, km);
@@ -59383,12 +59112,12 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
err = sp_1024_point_to_ecc_point_32(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_32(point, 0, heap);
return err;
}
@@ -59407,37 +59136,35 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_point_1024 a;
- sp_digit kd[32];
- sp_digit t[32 * 2 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
+ sp_digit* k = NULL;
+#else
+ sp_point_1024 point[2];
+ sp_digit k[32 + 32 * 2 * 5];
#endif
- sp_point_1024* point;
sp_point_1024* addP = NULL;
sp_digit* tmp = NULL;
- sp_digit* k = NULL;
int err = MP_OKAY;
- err = sp_1024_point_new_32(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_1024_point_new_32(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 + 32 * 2 * 5), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (32 + 32 * 2 * 5),
+ heap, DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 32;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 32;
+
sp_1024_from_mp(k, 32, km);
sp_1024_point_from_ecc_point_32(addP, am);
}
@@ -59463,13 +59190,12 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
err = sp_1024_point_to_ecc_point_32(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_32(addP, 0, heap);
- sp_1024_point_free_32(point, 0, heap);
return err;
}
@@ -59487,29 +59213,43 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
void* heap)
{
- int err = 0;
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_point_1024* point = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_1024 point[1];
sp_digit t[5 * 2 * 32];
+#endif
+ int err = MP_OKAY;
if ((gm == NULL) || (len == NULL)) {
err = BAD_FUNC_ARG;
}
- if ((err == 0) && (table == NULL)) {
+ if ((err == MP_OKAY) && (table == NULL)) {
*len = sizeof(sp_table_entry_1024) * 256;
err = LENGTH_ONLY_E;
}
- if ((err == 0) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
+ if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
err = BUFFER_E;
}
- if (err == 0) {
- err = sp_1024_point_new_32(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
}
- if (err == 0) {
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 32, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+ }
+#endif
+
+ if (err == MP_OKAY) {
sp_1024_point_from_ecc_point_32(point, gm);
err = sp_1024_gen_stripe_table_32(point,
(sp_table_entry_1024*)table, t, heap);
@@ -59518,7 +59258,12 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
*len = sizeof(sp_table_entry_1024) * 256;
}
- sp_1024_point_free_32(point, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -59571,24 +59316,28 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_digit kd[32];
-#endif
- sp_point_1024* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_1024 point[1];
+ sp_digit k[32];
+#endif
int err = MP_OKAY;
- err = sp_1024_point_new_32(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap, DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_1024_from_mp(k, 32, km);
sp_1024_point_from_ecc_point_32(point, gm);
@@ -59605,12 +59354,12 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
err = sp_1024_point_to_ecc_point_32(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_32(point, 0, heap);
return err;
}
@@ -63061,33 +62810,24 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n)
static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2*32];
- sp_digit t2d[2*32];
+ sp_digit t1[32 * 4];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int32_t n;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 4, heap, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 4, heap, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)heap;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 32;
- t2 = d + 2 * 32;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 32;
sp_1024_sqr_32(t1, point->y);
(void)sp_1024_mod_32(t1, t1, p1024_mod);
@@ -63111,10 +62851,9 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, heap, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -63129,14 +62868,21 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
*/
int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 pubd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* pub = NULL;
+#else
+ sp_point_1024 pub[1];
+#endif
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
#endif
- sp_point_1024* pub;
- byte one[1] = { 1 };
- int err;
- err = sp_1024_point_new_32(NULL, pubd, pub);
if (err == MP_OKAY) {
sp_1024_from_mp(pub->x, 32, pX);
sp_1024_from_mp(pub->y, 32, pY);
@@ -63145,7 +62891,10 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
err = sp_1024_ecc_is_point_32(pub, NULL);
}
- sp_1024_point_free_32(pub, 0, NULL);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -63164,45 +62913,45 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
const mp_int* privm, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit privd[32];
- sp_point_1024 pubd;
- sp_point_1024 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* priv = NULL;
- sp_point_1024* pub;
- sp_point_1024* p = NULL;
- byte one[1] = { 1 };
- int err;
-
- err = sp_1024_point_new_32(heap, pubd, pub);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_32(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY && privm) {
- priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap,
- DYNAMIC_TYPE_ECC);
- if (priv == NULL) {
- err = MEMORY_E;
- }
- }
+ sp_point_1024* pub = NULL;
+#else
+ sp_digit priv[32];
+ sp_point_1024 pub[2];
#endif
+ sp_point_1024* p = NULL;
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
/* Quick check the lengs of public key ordinates and private key are in
* range. Proper check later.
*/
- if ((err == MP_OKAY) && ((mp_count_bits(pX) > 1024) ||
+ if (((mp_count_bits(pX) > 1024) ||
(mp_count_bits(pY) > 1024) ||
((privm != NULL) && (mp_count_bits(privm) > 1024)))) {
err = ECC_OUT_OF_RANGE_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- priv = privd;
+ pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY && privm) {
+ priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap,
+ DYNAMIC_TYPE_ECC);
+ if (priv == NULL)
+ err = MEMORY_E;
+ }
#endif
+ if (err == MP_OKAY) {
+ p = pub + 1;
+
sp_1024_from_mp(pub->x, 32, pX);
sp_1024_from_mp(pub->y, 32, pY);
sp_1024_from_bin(pub->z, 32, one, (int)sizeof(one));
@@ -63251,13 +63000,12 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (priv != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+ if (priv != NULL)
XFREE(priv, heap, DYNAMIC_TYPE_ECC);
- }
#endif
- sp_1024_point_free_32(p, 0, heap);
- sp_1024_point_free_32(pub, 0, heap);
return err;
}
diff --git a/wolfcrypt/src/sp_arm64.c b/wolfcrypt/src/sp_arm64.c
index 546ea4ac5..c5b80e9f2 100644
--- a/wolfcrypt/src/sp_arm64.c
+++ b/wolfcrypt/src/sp_arm64.c
@@ -3203,12 +3203,12 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[16 * 32];
#endif
sp_digit* t[16];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -3220,19 +3220,14 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 32), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<16; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 32;
-#else
- t[i] = &td[i * 32];
-#endif
}
sp_2048_mont_setup(m, &mp);
@@ -3328,9 +3323,8 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -3349,12 +3343,12 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[32 * 32];
#endif
sp_digit* t[32];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -3366,19 +3360,14 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 32), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<32; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 32;
-#else
- t[i] = &td[i * 32];
-#endif
}
sp_2048_mont_setup(m, &mp);
@@ -3491,9 +3480,8 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -4779,12 +4767,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[16 * 64];
#endif
sp_digit* t[16];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -4796,19 +4784,14 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 64), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<16; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 64;
-#else
- t[i] = &td[i * 64];
-#endif
}
sp_2048_mont_setup(m, &mp);
@@ -4904,9 +4887,8 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -4925,12 +4907,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[32 * 64];
#endif
sp_digit* t[32];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -4942,19 +4924,14 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 64), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<32; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 64;
-#else
- t[i] = &td[i * 64];
-#endif
}
sp_2048_mont_setup(m, &mp);
@@ -5067,9 +5044,8 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -5093,18 +5069,15 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
const mp_int* mm, byte* out, word32* outLen)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit a[64];
- sp_digit m[32];
- sp_digit r[64];
-#else
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[32 * 5];
+#endif
sp_digit* m = NULL;
sp_digit* r = NULL;
-#endif
sp_digit *ah = NULL;
- sp_digit e[1];
+ sp_digit e[1] = {0};
int err = MP_OKAY;
if (*outLen < 256) {
@@ -5118,22 +5091,18 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 5, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- a = d;
- r = a + 32 * 2;
- m = r + 32 * 2;
- }
#endif
if (err == MP_OKAY) {
+ r = a + 32 * 2;
+ m = r + 32 * 2;
ah = a + 32;
sp_2048_from_bin(ah, 32, in, inLen);
@@ -5206,10 +5175,9 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
*outLen = 256;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
#endif
return err;
@@ -5340,8 +5308,12 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
#if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM)
- sp_digit* a = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[32 * 4];
+#endif
+ sp_digit* a = NULL;
sp_digit* m = NULL;
sp_digit* r = NULL;
int err = MP_OKAY;
@@ -5370,13 +5342,15 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 4, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL) {
+ if (d == NULL)
err = MEMORY_E;
- }
}
+#endif
+
if (err == MP_OKAY) {
a = d + 32;
m = a + 64;
@@ -5387,34 +5361,36 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
sp_2048_from_mp(m, 32, mm);
err = sp_2048_mod_exp_32(r, a, d, 2048, m, 0);
}
+
if (err == MP_OKAY) {
sp_2048_to_bin(r, out);
*outLen = 256;
}
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 32);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
+#endif
+ {
+ /* only "a" and "r" are sensitive and need zeroized (same pointer) */
+ if (a != NULL)
+ ForceZero(a, sizeof(sp_digit) * 32);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#endif
}
return err;
#else
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit a[32 * 2];
- sp_digit p[16];
- sp_digit q[16];
- sp_digit dp[16];
- sp_digit tmpa[32];
- sp_digit tmpb[32];
-#else
- sp_digit* t = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[16 * 11];
+#endif
sp_digit* p = NULL;
sp_digit* q = NULL;
sp_digit* dp = NULL;
sp_digit* tmpa = NULL;
sp_digit* tmpb = NULL;
-#endif
sp_digit* r = NULL;
sp_digit* qi = NULL;
sp_digit* dq = NULL;
@@ -5434,31 +5410,23 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 11, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 11, NULL,
DYNAMIC_TYPE_RSA);
- if (t == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
+#endif
+
if (err == MP_OKAY) {
- a = t;
p = a + 32 * 2;
q = p + 16;
qi = dq = dp = q + 16;
tmpa = qi + 16;
tmpb = tmpa + 32;
-
- r = t + 32;
- }
-#else
-#endif
-
- if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
r = a;
- qi = dq = dp;
-#endif
+
sp_2048_from_bin(a, 32, in, inLen);
sp_2048_from_mp(p, 16, pm);
sp_2048_from_mp(q, 16, qm);
@@ -5490,19 +5458,16 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 256;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_digit) * 16 * 11);
- XFREE(t, NULL, DYNAMIC_TYPE_RSA);
- }
-#else
- XMEMSET(tmpa, 0, sizeof(tmpa));
- XMEMSET(tmpb, 0, sizeof(tmpb));
- XMEMSET(p, 0, sizeof(p));
- XMEMSET(q, 0, sizeof(q));
- XMEMSET(dp, 0, sizeof(dp));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
#endif
-#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */
+ {
+ ForceZero(a, sizeof(sp_digit) * 16 * 11);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+ #endif
+ }
+#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */
return err;
}
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
@@ -5845,12 +5810,12 @@ static int sp_2048_mod_exp_2_32(sp_digit* r, const sp_digit* e, int bits,
const sp_digit* m)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[97];
#endif
- sp_digit* norm;
- sp_digit* tmp;
+ sp_digit* norm = NULL;
+ sp_digit* tmp = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit o;
@@ -5863,18 +5828,13 @@ static int sp_2048_mod_exp_2_32(sp_digit* r, const sp_digit* e, int bits,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 97, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
tmp = td + 64;
-#else
- tmp = &td[64];
-#endif
sp_2048_mont_setup(m, &mp);
sp_2048_mont_norm_32(norm, m);
@@ -5946,9 +5906,8 @@ static int sp_2048_mod_exp_2_32(sp_digit* r, const sp_digit* e, int bits,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -10825,12 +10784,12 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[16 * 48];
#endif
sp_digit* t[16];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -10842,19 +10801,14 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 48), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<16; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 48;
-#else
- t[i] = &td[i * 48];
-#endif
}
sp_3072_mont_setup(m, &mp);
@@ -10950,9 +10904,8 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -10971,12 +10924,12 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[32 * 48];
#endif
sp_digit* t[32];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -10988,19 +10941,14 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 48), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<32; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 48;
-#else
- t[i] = &td[i * 48];
-#endif
}
sp_3072_mont_setup(m, &mp);
@@ -11113,9 +11061,8 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -12825,12 +12772,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[16 * 96];
#endif
sp_digit* t[16];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -12842,19 +12789,14 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 96), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<16; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 96;
-#else
- t[i] = &td[i * 96];
-#endif
}
sp_3072_mont_setup(m, &mp);
@@ -12950,9 +12892,8 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -12971,12 +12912,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[32 * 96];
#endif
sp_digit* t[32];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -12988,19 +12929,14 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 96), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<32; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 96;
-#else
- t[i] = &td[i * 96];
-#endif
}
sp_3072_mont_setup(m, &mp);
@@ -13113,9 +13049,8 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -13139,18 +13074,15 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
const mp_int* mm, byte* out, word32* outLen)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit a[96];
- sp_digit m[48];
- sp_digit r[96];
-#else
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[48 * 5];
+#endif
sp_digit* m = NULL;
sp_digit* r = NULL;
-#endif
sp_digit *ah = NULL;
- sp_digit e[1];
+ sp_digit e[1] = {0};
int err = MP_OKAY;
if (*outLen < 384) {
@@ -13164,22 +13096,18 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 48 * 5, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 48 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- a = d;
- r = a + 48 * 2;
- m = r + 48 * 2;
- }
#endif
if (err == MP_OKAY) {
+ r = a + 48 * 2;
+ m = r + 48 * 2;
ah = a + 48;
sp_3072_from_bin(ah, 48, in, inLen);
@@ -13252,10 +13180,9 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
*outLen = 384;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
#endif
return err;
@@ -13414,8 +13341,12 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
#if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM)
- sp_digit* a = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[48 * 4];
+#endif
+ sp_digit* a = NULL;
sp_digit* m = NULL;
sp_digit* r = NULL;
int err = MP_OKAY;
@@ -13444,13 +13375,15 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 48 * 4, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL) {
+ if (d == NULL)
err = MEMORY_E;
- }
}
+#endif
+
if (err == MP_OKAY) {
a = d + 48;
m = a + 96;
@@ -13461,34 +13394,36 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
sp_3072_from_mp(m, 48, mm);
err = sp_3072_mod_exp_48(r, a, d, 3072, m, 0);
}
+
if (err == MP_OKAY) {
sp_3072_to_bin(r, out);
*outLen = 384;
}
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 48);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
+#endif
+ {
+ /* only "a" and "r" are sensitive and need zeroized (same pointer) */
+ if (a != NULL)
+ ForceZero(a, sizeof(sp_digit) * 48);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#endif
}
return err;
#else
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit a[48 * 2];
- sp_digit p[24];
- sp_digit q[24];
- sp_digit dp[24];
- sp_digit tmpa[48];
- sp_digit tmpb[48];
-#else
- sp_digit* t = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[24 * 11];
+#endif
sp_digit* p = NULL;
sp_digit* q = NULL;
sp_digit* dp = NULL;
sp_digit* tmpa = NULL;
sp_digit* tmpb = NULL;
-#endif
sp_digit* r = NULL;
sp_digit* qi = NULL;
sp_digit* dq = NULL;
@@ -13508,31 +13443,23 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 24 * 11, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 24 * 11, NULL,
DYNAMIC_TYPE_RSA);
- if (t == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
+#endif
+
if (err == MP_OKAY) {
- a = t;
p = a + 48 * 2;
q = p + 24;
qi = dq = dp = q + 24;
tmpa = qi + 24;
tmpb = tmpa + 48;
-
- r = t + 48;
- }
-#else
-#endif
-
- if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
r = a;
- qi = dq = dp;
-#endif
+
sp_3072_from_bin(a, 48, in, inLen);
sp_3072_from_mp(p, 24, pm);
sp_3072_from_mp(q, 24, qm);
@@ -13564,19 +13491,16 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 384;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_digit) * 24 * 11);
- XFREE(t, NULL, DYNAMIC_TYPE_RSA);
- }
-#else
- XMEMSET(tmpa, 0, sizeof(tmpa));
- XMEMSET(tmpb, 0, sizeof(tmpb));
- XMEMSET(p, 0, sizeof(p));
- XMEMSET(q, 0, sizeof(q));
- XMEMSET(dp, 0, sizeof(dp));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
#endif
-#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */
+ {
+ ForceZero(a, sizeof(sp_digit) * 24 * 11);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+ #endif
+ }
+#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */
return err;
}
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
@@ -14015,12 +13939,12 @@ static int sp_3072_mod_exp_2_48(sp_digit* r, const sp_digit* e, int bits,
const sp_digit* m)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[145];
#endif
- sp_digit* norm;
- sp_digit* tmp;
+ sp_digit* norm = NULL;
+ sp_digit* tmp = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit o;
@@ -14033,18 +13957,13 @@ static int sp_3072_mod_exp_2_48(sp_digit* r, const sp_digit* e, int bits,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 145, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
tmp = td + 96;
-#else
- tmp = &td[96];
-#endif
sp_3072_mont_setup(m, &mp);
sp_3072_mont_norm_48(norm, m);
@@ -14116,9 +14035,8 @@ static int sp_3072_mod_exp_2_48(sp_digit* r, const sp_digit* e, int bits,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -18044,12 +17962,12 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[16 * 128];
#endif
sp_digit* t[16];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -18061,19 +17979,14 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 128), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<16; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 128;
-#else
- t[i] = &td[i * 128];
-#endif
}
sp_4096_mont_setup(m, &mp);
@@ -18169,9 +18082,8 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -18190,12 +18102,12 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[32 * 128];
#endif
sp_digit* t[32];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -18207,19 +18119,14 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 128), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<32; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 128;
-#else
- t[i] = &td[i * 128];
-#endif
}
sp_4096_mont_setup(m, &mp);
@@ -18332,9 +18239,8 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -18358,18 +18264,15 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
const mp_int* mm, byte* out, word32* outLen)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit a[128];
- sp_digit m[64];
- sp_digit r[128];
-#else
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[64 * 5];
+#endif
sp_digit* m = NULL;
sp_digit* r = NULL;
-#endif
sp_digit *ah = NULL;
- sp_digit e[1];
+ sp_digit e[1] = {0};
int err = MP_OKAY;
if (*outLen < 512) {
@@ -18383,22 +18286,18 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 5, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- a = d;
- r = a + 64 * 2;
- m = r + 64 * 2;
- }
#endif
if (err == MP_OKAY) {
+ r = a + 64 * 2;
+ m = r + 64 * 2;
ah = a + 64;
sp_4096_from_bin(ah, 64, in, inLen);
@@ -18471,10 +18370,9 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
*outLen = 512;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
#endif
return err;
@@ -18661,8 +18559,12 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
#if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM)
- sp_digit* a = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[64 * 4];
+#endif
+ sp_digit* a = NULL;
sp_digit* m = NULL;
sp_digit* r = NULL;
int err = MP_OKAY;
@@ -18691,13 +18593,15 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 4, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL) {
+ if (d == NULL)
err = MEMORY_E;
- }
}
+#endif
+
if (err == MP_OKAY) {
a = d + 64;
m = a + 128;
@@ -18708,34 +18612,36 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
sp_4096_from_mp(m, 64, mm);
err = sp_4096_mod_exp_64(r, a, d, 4096, m, 0);
}
+
if (err == MP_OKAY) {
sp_4096_to_bin(r, out);
*outLen = 512;
}
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 64);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
+#endif
+ {
+ /* only "a" and "r" are sensitive and need zeroized (same pointer) */
+ if (a != NULL)
+ ForceZero(a, sizeof(sp_digit) * 64);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#endif
}
return err;
#else
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit a[64 * 2];
- sp_digit p[32];
- sp_digit q[32];
- sp_digit dp[32];
- sp_digit tmpa[64];
- sp_digit tmpb[64];
-#else
- sp_digit* t = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[32 * 11];
+#endif
sp_digit* p = NULL;
sp_digit* q = NULL;
sp_digit* dp = NULL;
sp_digit* tmpa = NULL;
sp_digit* tmpb = NULL;
-#endif
sp_digit* r = NULL;
sp_digit* qi = NULL;
sp_digit* dq = NULL;
@@ -18755,31 +18661,23 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 11, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 11, NULL,
DYNAMIC_TYPE_RSA);
- if (t == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
+#endif
+
if (err == MP_OKAY) {
- a = t;
p = a + 64 * 2;
q = p + 32;
qi = dq = dp = q + 32;
tmpa = qi + 32;
tmpb = tmpa + 64;
-
- r = t + 64;
- }
-#else
-#endif
-
- if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
r = a;
- qi = dq = dp;
-#endif
+
sp_4096_from_bin(a, 64, in, inLen);
sp_4096_from_mp(p, 32, pm);
sp_4096_from_mp(q, 32, qm);
@@ -18811,19 +18709,16 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 512;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_digit) * 32 * 11);
- XFREE(t, NULL, DYNAMIC_TYPE_RSA);
- }
-#else
- XMEMSET(tmpa, 0, sizeof(tmpa));
- XMEMSET(tmpb, 0, sizeof(tmpb));
- XMEMSET(p, 0, sizeof(p));
- XMEMSET(q, 0, sizeof(q));
- XMEMSET(dp, 0, sizeof(dp));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
#endif
-#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */
+ {
+ ForceZero(a, sizeof(sp_digit) * 32 * 11);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+ #endif
+ }
+#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */
return err;
}
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
@@ -19358,12 +19253,12 @@ static int sp_4096_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
const sp_digit* m)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[193];
#endif
- sp_digit* norm;
- sp_digit* tmp;
+ sp_digit* norm = NULL;
+ sp_digit* tmp = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit o;
@@ -19376,18 +19271,13 @@ static int sp_4096_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 193, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
tmp = td + 128;
-#else
- tmp = &td[128];
-#endif
sp_4096_mont_setup(m, &mp);
sp_4096_mont_norm_64(norm, m);
@@ -19459,9 +19349,8 @@ static int sp_4096_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -19927,64 +19816,6 @@ static sp_digit sp_256_sub_4(sp_digit* r, const sp_digit* a,
return (sp_digit)r;
}
-/* Create a new point.
- *
- * heap [in] Buffer to allocate dynamic memory from.
- * sp [in] Data for point - only if not allocating.
- * p [out] New point.
- * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise.
- */
-static int sp_256_point_new_ex_4(void* heap, sp_point_256* sp,
- sp_point_256** p)
-{
- int ret = MP_OKAY;
- (void)heap;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- (void)sp;
- *p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC);
-#else
- *p = sp;
-#endif
- if (*p == NULL) {
- ret = MEMORY_E;
- }
- return ret;
-}
-
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* Allocate memory for point and return error. */
-#define sp_256_point_new_4(heap, sp, p) sp_256_point_new_ex_4((heap), NULL, &(p))
-#else
-/* Set pointer to data and return no error. */
-#define sp_256_point_new_4(heap, sp, p) sp_256_point_new_ex_4((heap), &(sp), &(p))
-#endif
-
-
-/* Free the point.
- *
- * p [in,out] Point to free.
- * clear [in] Indicates whether to zeroize point.
- * heap [in] Buffer from which dynamic memory was allocate from.
- */
-static void sp_256_point_free_4(sp_point_256* p, int clear, void* heap)
-{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* If valid pointer then clear point data if requested and free data. */
- if (p != NULL) {
- if (clear != 0) {
- XMEMSET(p, 0, sizeof(*p));
- }
- XFREE(p, heap, DYNAMIC_TYPE_ECC);
- }
-#else
-/* Clear point data if requested. */
- if ((p != NULL) && (clear != 0)) {
- XMEMSET(p, 0, sizeof(*p));
- }
-#endif
- (void)heap;
-}
-
/* Multiply a number by Montogmery normalizer mod modulus (prime).
*
* r The resulting Montgomery form number.
@@ -22188,43 +22019,41 @@ static void sp_256_get_point_33_4(sp_point_256* r, const sp_point_256* table,
static int sp_256_ecc_mulmod_win_add_sub_4(sp_point_256* r, const sp_point_256* g,
const sp_digit* k, int map, int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 td[33];
- sp_point_256 rtd;
- sp_point_256 pd;
- sp_digit tmpd[2 * 4 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* t = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_256 t[33+2];
+ sp_digit tmp[2 * 4 * 6];
#endif
- sp_point_256* t;
- sp_point_256* rt;
+ sp_point_256* rt = NULL;
sp_point_256* p = NULL;
- sp_digit* tmp;
sp_digit* negy;
int i;
ecc_recode_256 v[43];
- int err;
+ int err = MP_OKAY;
/* Constant time used for cache attack resistance implementation. */
(void)ct;
(void)heap;
- err = sp_256_point_new_4(heap, rtd, rt);
- if (err == MP_OKAY)
- err = sp_256_point_new_4(heap, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 33, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) *
+ (33+2), heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
-#else
- t = td;
- tmp = tmpd;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 6,
+ heap, DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
-
if (err == MP_OKAY) {
+ rt = t + 33;
+ p = t + 33+1;
+
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
@@ -22304,14 +22133,12 @@ static int sp_256_ecc_mulmod_win_add_sub_4(sp_point_256* r, const sp_point_256*
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
if (tmp != NULL)
XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(p, 0, heap);
- sp_256_point_free_4(rt, 0, heap);
return err;
}
@@ -22444,29 +22271,30 @@ static void sp_256_proj_to_affine_4(sp_point_256* a, sp_digit* t)
static int sp_256_gen_stripe_table_4(const sp_point_256* a,
sp_table_entry_256* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 td;
- sp_point_256 s1d;
- sp_point_256 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* t = NULL;
+#else
+ sp_point_256 t[3];
#endif
- sp_point_256* t;
sp_point_256* s1 = NULL;
sp_point_256* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_256_point_new_4(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_256_point_new_4(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_256_point_new_4(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_256_mod_mul_norm_4(t->x, a->x, p256_mod);
}
if (err == MP_OKAY) {
@@ -22511,9 +22339,10 @@ static int sp_256_gen_stripe_table_4(const sp_point_256* a,
}
}
- sp_256_point_free_4(s2, 0, heap);
- sp_256_point_free_4(s1, 0, heap);
- sp_256_point_free_4( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -22574,19 +22403,19 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g,
const sp_table_entry_256* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 rtd;
- sp_point_256 pd;
- sp_digit td[2 * 4 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_256 rt[2];
+ sp_digit t[2 * 4 * 5];
#endif
- sp_point_256* rt;
sp_point_256* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -22594,21 +22423,22 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g,
(void)heap;
- err = sp_256_point_new_4(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_256_point_new_4(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod));
XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod));
@@ -22659,13 +22489,12 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(p, 0, heap);
- sp_256_point_free_4(rt, 0, heap);
return err;
}
@@ -22834,29 +22663,30 @@ static int sp_256_ecc_mulmod_4(sp_point_256* r, const sp_point_256* g, const sp_
static int sp_256_gen_stripe_table_4(const sp_point_256* a,
sp_table_entry_256* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 td;
- sp_point_256 s1d;
- sp_point_256 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* t = NULL;
+#else
+ sp_point_256 t[3];
#endif
- sp_point_256* t;
sp_point_256* s1 = NULL;
sp_point_256* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_256_point_new_4(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_256_point_new_4(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_256_point_new_4(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_256_mod_mul_norm_4(t->x, a->x, p256_mod);
}
if (err == MP_OKAY) {
@@ -22901,9 +22731,10 @@ static int sp_256_gen_stripe_table_4(const sp_point_256* a,
}
}
- sp_256_point_free_4(s2, 0, heap);
- sp_256_point_free_4(s1, 0, heap);
- sp_256_point_free_4( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -22964,19 +22795,19 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g,
const sp_table_entry_256* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 rtd;
- sp_point_256 pd;
- sp_digit td[2 * 4 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_256 rt[2];
+ sp_digit t[2 * 4 * 5];
#endif
- sp_point_256* rt;
sp_point_256* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -22984,21 +22815,22 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g,
(void)heap;
- err = sp_256_point_new_4(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_256_point_new_4(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod));
XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod));
@@ -23049,13 +22881,12 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(p, 0, heap);
- sp_256_point_free_4(rt, 0, heap);
return err;
}
@@ -23220,25 +23051,28 @@ static int sp_256_ecc_mulmod_4(sp_point_256* r, const sp_point_256* g, const sp_
int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[4];
-#endif
- sp_point_256* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[1];
+ sp_digit k[4];
+#endif
int err = MP_OKAY;
- err = sp_256_point_new_4(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_256_from_mp(k, 4, km);
sp_256_point_from_ecc_point_4(point, gm);
@@ -23249,12 +23083,12 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
err = sp_256_point_to_ecc_point_4(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(point, 0, heap);
return err;
}
@@ -23274,37 +23108,35 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
const ecc_point* am, int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_point_256 a;
- sp_digit kd[4];
- sp_digit t[4 * 2 * 5];
-#endif
- sp_point_256* point;
- sp_point_256* addP = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[2];
+ sp_digit k[4 + 4 * 2 * 5];
+#endif
+ sp_point_256* addP = NULL;
sp_digit* tmp = NULL;
int err = MP_OKAY;
- err = sp_256_point_new_4(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_256_point_new_4(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 + 4 * 2 * 5), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (4 + 4 * 2 * 5), heap,
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 4;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 4;
+
sp_256_from_mp(k, 4, km);
sp_256_point_from_ecc_point_4(point, gm);
sp_256_point_from_ecc_point_4(addP, am);
@@ -23331,13 +23163,12 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
err = sp_256_point_to_ecc_point_4(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(addP, 0, heap);
- sp_256_point_free_4(point, 0, heap);
return err;
}
@@ -37080,35 +36911,41 @@ static int sp_256_ecc_mulmod_add_only_4(sp_point_256* r, const sp_point_256* g,
const sp_table_entry_256* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 rtd;
- sp_point_256 pd;
- sp_digit tmpd[2 * 4 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* rt = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_256 rt[2];
+ sp_digit tmp[2 * 4 * 5];
#endif
- sp_point_256* rt;
sp_point_256* p = NULL;
- sp_digit* tmp;
- sp_digit* negy;
+ sp_digit* negy = NULL;
int i;
ecc_recode_256 v[37];
- int err;
+ int err = MP_OKAY;
(void)g;
(void)ct;
(void)heap;
- err = sp_256_point_new_4(heap, rtd, rt);
- if (err == MP_OKAY)
- err = sp_256_point_new_4(heap, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
-#else
- tmp = tmpd;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
- negy = tmp;
+
+ if (err == MP_OKAY) {
+ negy = tmp;
+ p = rt + 1;
+ }
if (err == MP_OKAY) {
sp_256_ecc_recode_7_4(k, v);
@@ -37153,16 +36990,19 @@ static int sp_256_ecc_mulmod_add_only_4(sp_point_256* r, const sp_point_256* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
- XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 4 * 5);
- XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- ForceZero(tmp, sizeof(sp_digit) * 2 * 4 * 5);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
+#endif
+ {
+ ForceZero(tmp, sizeof(sp_digit) * 2 * 4 * 5);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(p, 0, heap);
- sp_256_point_free_4(rt, 0, heap);
return MP_OKAY;
}
@@ -37196,26 +37036,28 @@ static int sp_256_ecc_mulmod_base_4(sp_point_256* r, const sp_digit* k,
*/
int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[4];
-#endif
- sp_point_256* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[1];
+ sp_digit k[4];
+#endif
int err = MP_OKAY;
- err = sp_256_point_new_4(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_256_from_mp(k, 4, km);
@@ -37225,12 +37067,12 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
err = sp_256_point_to_ecc_point_4(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(point, 0, heap);
return err;
}
@@ -37249,37 +37091,35 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_point_256 a;
- sp_digit kd[4];
- sp_digit t[4 * 2 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
+ sp_digit* k = NULL;
+#else
+ sp_point_256 point[2];
+ sp_digit k[4 + 4 * 2 * 5];
#endif
- sp_point_256* point;
sp_point_256* addP = NULL;
sp_digit* tmp = NULL;
- sp_digit* k = NULL;
int err = MP_OKAY;
- err = sp_256_point_new_4(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_256_point_new_4(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 + 4 * 2 * 5), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (4 + 4 * 2 * 5),
+ heap, DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 4;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 4;
+
sp_256_from_mp(k, 4, km);
sp_256_point_from_ecc_point_4(addP, am);
}
@@ -37305,13 +37145,12 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
err = sp_256_point_to_ecc_point_4(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(addP, 0, heap);
- sp_256_point_free_4(point, 0, heap);
return err;
}
@@ -37436,41 +37275,46 @@ static int sp_256_ecc_gen_k_4(WC_RNG* rng, sp_digit* k)
*/
int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[4];
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_point_256 inf;
-#endif
-#endif
- sp_point_256* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ sp_point_256 point[2];
+ #else
+ sp_point_256 point[1];
+ #endif
+ sp_digit k[4];
+#endif
#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
sp_point_256* infinity = NULL;
#endif
- int err;
+ int err = MP_OKAY;
+
(void)heap;
- err = sp_256_point_new_4(heap, p, point);
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- if (err == MP_OKAY) {
- err = sp_256_point_new_4(heap, inf, infinity);
- }
-#endif
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, DYNAMIC_TYPE_ECC);
+ #else
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC);
+ #endif
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ infinity = point + 1;
+ #endif
+
err = sp_256_ecc_gen_k_4(rng, k);
}
if (err == MP_OKAY) {
@@ -37495,15 +37339,14 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
err = sp_256_point_to_ecc_point_4(point, pub);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
+ if (point != NULL) {
+ /* point is not sensitive, so no need to zeroize */
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
}
#endif
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_256_point_free_4(infinity, 1, heap);
-#endif
- sp_256_point_free_4(point, 1, heap);
return err;
}
@@ -37547,30 +37390,32 @@ static void sp_256_to_bin(sp_digit* r, byte* a)
int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
word32* outLen, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[4];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[1];
+ sp_digit k[4];
+#endif
int err = MP_OKAY;
if (*outLen < 32U) {
err = BUFFER_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_256_point_new_4(heap, p, point);
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
@@ -37583,12 +37428,12 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
*outLen = 32;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(point, 0, heap);
return err;
}
@@ -38102,13 +37947,10 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
hashLen = 32U;
}
- sp_256_from_bin(ctx->e, 4, hash, (int)hashLen);
-
ctx->i = SP_ECC_MAX_SIG_GEN;
ctx->state = 1;
break;
case 1: /* GEN */
- sp_256_from_mp(ctx->x, 4, priv);
/* New random point. */
if (km == NULL || mp_iszero(km)) {
err = sp_256_ecc_gen_k_4(rng, ctx->k);
@@ -38136,6 +37978,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
c = sp_256_cmp_4(ctx->r, p256_order);
sp_256_cond_sub_4(ctx->r, ctx->r, p256_order, 0L - (sp_digit)(c >= 0));
sp_256_norm_4(ctx->r);
+
+ sp_256_from_mp(ctx->x, 4, priv);
+ sp_256_from_bin(ctx->e, 4, hash, (int)hashLen);
ctx->state = 4;
break;
}
@@ -38192,6 +38037,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
ctx->state = 10;
break;
}
+ #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP
+ ctx->i = 1;
+ #endif
/* not usable gen, try again */
ctx->i--;
@@ -38227,22 +38075,17 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng,
const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit ed[2*4];
- sp_digit xd[2*4];
- sp_digit kd[2*4];
- sp_digit rd[2*4];
- sp_digit td[3 * 2*4];
- sp_point_256 p;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* e = NULL;
+ sp_point_256* point = NULL;
+#else
+ sp_digit e[7 * 2 * 4];
+ sp_point_256 point[1];
+#endif
sp_digit* x = NULL;
sp_digit* k = NULL;
sp_digit* r = NULL;
sp_digit* tmp = NULL;
- sp_point_256* point = NULL;
sp_digit* s = NULL;
int64_t c;
int err = MP_OKAY;
@@ -38250,31 +38093,26 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng,
(void)heap;
- err = sp_256_point_new_4(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 4, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 4, heap,
+ DYNAMIC_TYPE_ECC);
+ if (e == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- e = d + 0 * 4;
- x = d + 2 * 4;
- k = d + 4 * 4;
- r = d + 6 * 4;
- tmp = d + 8 * 4;
-#else
- e = ed;
- x = xd;
- k = kd;
- r = rd;
- tmp = td;
-#endif
+ x = e + 2 * 4;
+ k = e + 4 * 4;
+ r = e + 6 * 4;
+ tmp = e + 8 * 4;
s = e;
if (hashLen > 32U) {
@@ -38329,19 +38167,24 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng,
err = sp_256_to_mp(s, sm);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 8 * 4);
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 2U * 4U);
- XMEMSET(x, 0, sizeof(sp_digit) * 2U * 4U);
- XMEMSET(k, 0, sizeof(sp_digit) * 2U * 4U);
- XMEMSET(r, 0, sizeof(sp_digit) * 2U * 4U);
- XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 4U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (e != NULL)
#endif
- sp_256_point_free_4(point, 1, heap);
+ {
+ ForceZero(e, sizeof(sp_digit) * 7 * 2 * 4);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(e, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (point != NULL)
+#endif
+ {
+ ForceZero(point, sizeof(sp_point_256));
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -38759,7 +38602,7 @@ typedef struct sp_ecc_verify_256_ctx {
int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ,
- const mp_int* r, const mp_int* sm, int* res, void* heap)
+ const mp_int* rm, const mp_int* sm, int* res, void* heap)
{
int err = FP_WOULDBLOCK;
sp_ecc_verify_256_ctx* ctx = (sp_ecc_verify_256_ctx*)sp_ctx->data;
@@ -38774,7 +38617,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
}
sp_256_from_bin(ctx->u1, 4, hash, (int)hashLen);
- sp_256_from_mp(ctx->u2, 4, r);
+ sp_256_from_mp(ctx->u2, 4, rm);
sp_256_from_mp(ctx->s, 4, sm);
sp_256_from_mp(ctx->p2.x, 4, pX);
sp_256_from_mp(ctx->p2.y, 4, pY);
@@ -38832,57 +38675,33 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
if (err == MP_OKAY)
ctx->state = 9;
break;
- case 9: /* DBLPREP */
- if (sp_256_iszero_4(ctx->p1.z)) {
- if (sp_256_iszero_4(ctx->p1.x) && sp_256_iszero_4(ctx->p1.y)) {
- XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
- ctx->state = 10;
- break;
- }
- else {
- /* Y ordinate is not used from here - don't set. */
- int i;
- for (i=0; i<4; i++) {
- ctx->p1.x[i] = 0;
- }
- XMEMCPY(ctx->p1.z, p256_norm_mod, sizeof(p256_norm_mod));
- }
- }
- ctx->state = 11;
- break;
- case 10: /* DBL */
- err = sp_256_proj_point_dbl_4_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1,
- &ctx->p2, ctx->tmp);
- if (err == MP_OKAY) {
- ctx->state = 11;
- }
- break;
- case 11: /* MONT */
+ case 9: /* MONT */
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_256_from_mp(ctx->u2, 4, r);
+ sp_256_from_mp(ctx->u2, 4, rm);
err = sp_256_mod_mul_norm_4(ctx->u2, ctx->u2, p256_mod);
if (err == MP_OKAY)
- ctx->state = 12;
+ ctx->state = 10;
break;
- case 12: /* SQR */
+ case 10: /* SQR */
/* u1 = r.z'.z' mod prime */
sp_256_mont_sqr_4(ctx->p1.z, ctx->p1.z, p256_mod, p256_mp_mod);
- ctx->state = 13;
+ ctx->state = 11;
break;
- case 13: /* MUL */
+ case 11: /* MUL */
sp_256_mont_mul_4(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, p256_mp_mod);
- ctx->state = 14;
+ ctx->state = 12;
break;
- case 14: /* RES */
+ case 12: /* RES */
+ {
+ int64_t c = 0;
err = MP_OKAY; /* math okay, now check result */
*res = (int)(sp_256_cmp_4(ctx->p1.x, ctx->u1) == 0);
if (*res == 0) {
sp_digit carry;
- int64_t c;
/* Reload r and add order. */
- sp_256_from_mp(ctx->u2, 4, r);
+ sp_256_from_mp(ctx->u2, 4, rm);
carry = sp_256_add_4(ctx->u2, ctx->u2, p256_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -38890,22 +38709,23 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
/* Compare with mod and if greater or equal then not valid. */
c = sp_256_cmp_4(ctx->u2, p256_mod);
- if (c < 0) {
- /* Convert to Montogomery form */
- err = sp_256_mod_mul_norm_4(ctx->u2, ctx->u2, p256_mod);
- if (err == MP_OKAY) {
- /* u1 = (r + 1*order).z'.z' mod prime */
- sp_256_mont_mul_4(ctx->u1, ctx->u2, ctx->p1.z, p256_mod,
- p256_mp_mod);
- *res = (int)(sp_256_cmp_4(ctx->p1.x, ctx->u1) == 0);
- }
- }
+ }
+ }
+ if ((*res == 0) && (c < 0)) {
+ /* Convert to Montogomery form */
+ err = sp_256_mod_mul_norm_4(ctx->u2, ctx->u2, p256_mod);
+ if (err == MP_OKAY) {
+ /* u1 = (r + 1*order).z'.z' mod prime */
+ sp_256_mont_mul_4(ctx->u1, ctx->u2, ctx->p1.z, p256_mod,
+ p256_mp_mod);
+ *res = (int)(sp_256_cmp_4(ctx->p1.x, ctx->u1) == 0);
}
}
break;
}
+ } /* switch */
- if (err == MP_OKAY && ctx->state != 14) {
+ if (err == MP_OKAY && ctx->state != 12) {
err = FP_WOULDBLOCK;
}
@@ -38914,62 +38734,51 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
#endif /* WOLFSSL_SP_NONBLOCK */
int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
- const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm,
+ const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm,
int* res, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit u1d[2*4];
- sp_digit u2d[2*4];
- sp_digit sd[2*4];
- sp_digit tmpd[2*4 * 5];
- sp_point_256 p1d;
- sp_point_256 p2d;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* u1 = NULL;
+ sp_point_256* p1 = NULL;
+#else
+ sp_digit u1[16 * 4];
+ sp_point_256 p1[2];
+#endif
sp_digit* u2 = NULL;
sp_digit* s = NULL;
sp_digit* tmp = NULL;
- sp_point_256* p1;
sp_point_256* p2 = NULL;
sp_digit carry;
int64_t c = 0;
- int err;
+ int err = MP_OKAY;
- err = sp_256_point_new_4(heap, p1d, p1);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_256_point_new_4(heap, p2d, p2);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 4, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ p1 = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (p1 == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 4, heap,
+ DYNAMIC_TYPE_ECC);
+ if (u1 == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- u1 = d + 0 * 4;
- u2 = d + 2 * 4;
- s = d + 4 * 4;
- tmp = d + 6 * 4;
-#else
- u1 = u1d;
- u2 = u2d;
- s = sd;
- tmp = tmpd;
-#endif
+ u2 = u1 + 2 * 4;
+ s = u1 + 4 * 4;
+ tmp = u1 + 6 * 4;
+ p2 = p1 + 1;
if (hashLen > 32U) {
hashLen = 32U;
}
sp_256_from_bin(u1, 4, hash, (int)hashLen);
- sp_256_from_mp(u2, 4, r);
+ sp_256_from_mp(u2, 4, rm);
sp_256_from_mp(s, 4, sm);
sp_256_from_mp(p2->x, 4, pX);
sp_256_from_mp(p2->y, 4, pY);
@@ -38980,7 +38789,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
if (err == MP_OKAY) {
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_256_from_mp(u2, 4, r);
+ sp_256_from_mp(u2, 4, rm);
err = sp_256_mod_mul_norm_4(u2, u2, p256_mod);
}
@@ -38991,7 +38800,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
*res = (int)(sp_256_cmp_4(p1->x, u1) == 0);
if (*res == 0) {
/* Reload r and add order. */
- sp_256_from_mp(u2, 4, r);
+ sp_256_from_mp(u2, 4, rm);
carry = sp_256_add_4(u2, u2, p256_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -39000,8 +38809,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
/* Compare with mod and if greater or equal then not valid. */
c = sp_256_cmp_4(u2, p256_mod);
}
- }
- if ((*res == 0) && (c < 0)) {
+ }
+ if ((*res == 0) && (c < 0)) {
/* Convert to Montogomery form */
err = sp_256_mod_mul_norm_4(u2, u2, p256_mod);
if (err == MP_OKAY) {
@@ -39013,12 +38822,12 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL)
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (u1 != NULL)
+ XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+ if (p1 != NULL)
+ XFREE(p1, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(p1, 0, heap);
- sp_256_point_free_4(p2, 0, heap);
return err;
}
@@ -39035,32 +38844,23 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
static int sp_256_ecc_is_point_4(const sp_point_256* point,
void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2*4];
- sp_digit t2d[2*4];
+ sp_digit t1[4 * 4];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 4, heap, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 4, heap, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)heap;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 4;
- t2 = d + 2 * 4;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 4;
sp_256_sqr_4(t1, point->y);
(void)sp_256_mod_4(t1, t1, p256_mod);
@@ -39080,10 +38880,9 @@ static int sp_256_ecc_is_point_4(const sp_point_256* point,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, heap, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -39098,14 +38897,21 @@ static int sp_256_ecc_is_point_4(const sp_point_256* point,
*/
int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 pubd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* pub = NULL;
+#else
+ sp_point_256 pub[1];
+#endif
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
#endif
- sp_point_256* pub;
- byte one[1] = { 1 };
- int err;
- err = sp_256_point_new_4(NULL, pubd, pub);
if (err == MP_OKAY) {
sp_256_from_mp(pub->x, 4, pX);
sp_256_from_mp(pub->y, 4, pY);
@@ -39114,7 +38920,10 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
err = sp_256_ecc_is_point_4(pub, NULL);
}
- sp_256_point_free_4(pub, 0, NULL);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -39133,45 +38942,45 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
const mp_int* privm, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit privd[4];
- sp_point_256 pubd;
- sp_point_256 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* priv = NULL;
- sp_point_256* pub;
- sp_point_256* p = NULL;
- byte one[1] = { 1 };
- int err;
-
- err = sp_256_point_new_4(heap, pubd, pub);
- if (err == MP_OKAY) {
- err = sp_256_point_new_4(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY && privm) {
- priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4, heap,
- DYNAMIC_TYPE_ECC);
- if (priv == NULL) {
- err = MEMORY_E;
- }
- }
+ sp_point_256* pub = NULL;
+#else
+ sp_digit priv[4];
+ sp_point_256 pub[2];
#endif
+ sp_point_256* p = NULL;
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
/* Quick check the lengs of public key ordinates and private key are in
* range. Proper check later.
*/
- if ((err == MP_OKAY) && ((mp_count_bits(pX) > 256) ||
+ if (((mp_count_bits(pX) > 256) ||
(mp_count_bits(pY) > 256) ||
((privm != NULL) && (mp_count_bits(privm) > 256)))) {
err = ECC_OUT_OF_RANGE_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- priv = privd;
+ pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY && privm) {
+ priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4, heap,
+ DYNAMIC_TYPE_ECC);
+ if (priv == NULL)
+ err = MEMORY_E;
+ }
#endif
+ if (err == MP_OKAY) {
+ p = pub + 1;
+
sp_256_from_mp(pub->x, 4, pX);
sp_256_from_mp(pub->y, 4, pY);
sp_256_from_bin(pub->z, 4, one, (int)sizeof(one));
@@ -39220,13 +39029,12 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (priv != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+ if (priv != NULL)
XFREE(priv, heap, DYNAMIC_TYPE_ECC);
- }
#endif
- sp_256_point_free_4(p, 0, heap);
- sp_256_point_free_4(pub, 0, heap);
return err;
}
@@ -39250,33 +39058,35 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* qX, mp_int* qY, mp_int* qZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 4 * 5];
- sp_point_256 pd;
- sp_point_256 qd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_256* p;
+ sp_point_256* p = NULL;
+#else
+ sp_digit tmp[2 * 4 * 5];
+ sp_point_256 p[2];
+#endif
sp_point_256* q = NULL;
int err;
- err = sp_256_point_new_4(NULL, pd, p);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_256_point_new_4(NULL, qd, q);
+ p = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, NULL,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (tmp == NULL) {
err = MEMORY_E;
}
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
+ q = p + 1;
+
sp_256_from_mp(p->x, 4, pX);
sp_256_from_mp(p->y, 4, pY);
sp_256_from_mp(p->z, 4, pZ);
@@ -39297,13 +39107,12 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_256_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(q, 0, NULL);
- sp_256_point_free_4(p, 0, NULL);
return err;
}
@@ -39322,25 +39131,28 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 4 * 2];
- sp_point_256 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_256* p;
- int err;
+ sp_point_256* p = NULL;
+#else
+ sp_digit tmp[2 * 4 * 2];
+ sp_point_256 p[1];
+#endif
+ int err = MP_OKAY;
- err = sp_256_point_new_4(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 2, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
@@ -39361,12 +39173,12 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_256_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(p, 0, NULL);
return err;
}
@@ -39381,25 +39193,29 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
*/
int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 4 * 4];
- sp_point_256 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_256* p;
- int err;
+ sp_point_256* p = NULL;
+#else
+ sp_digit tmp[2 * 4 * 4];
+ sp_point_256 p[1];
+#endif
+ int err = MP_OKAY;
- err = sp_256_point_new_4(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 4, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
sp_256_from_mp(p->x, 4, pX);
@@ -39419,12 +39235,12 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
err = sp_256_to_mp(p->z, pZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(p, 0, NULL);
return err;
}
@@ -39437,31 +39253,23 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
*/
static int sp_256_mont_sqrt_4(sp_digit* y)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2 * 4];
- sp_digit t2d[2 * 4];
+ sp_digit t1[4 * 4];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 4, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 4, NULL, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL) {
err = MEMORY_E;
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 4;
- t2 = d + 2 * 4;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 4;
{
/* t2 = y ^ 0x2 */
@@ -39496,10 +39304,9 @@ static int sp_256_mont_sqrt_4(sp_digit* y)
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -39515,31 +39322,22 @@ static int sp_256_mont_sqrt_4(sp_digit* y)
*/
int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
-#else
- sp_digit xd[2 * 4];
- sp_digit yd[2 * 4];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* x = NULL;
+#else
+ sp_digit x[4 * 4];
+#endif
sp_digit* y = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 4, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 4, NULL, DYNAMIC_TYPE_ECC);
+ if (x == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- x = d + 0 * 4;
- y = d + 2 * 4;
-#else
- x = xd;
- y = yd;
-#endif
+ y = x + 2 * 4;
sp_256_from_mp(x, 4, xm);
err = sp_256_mod_mul_norm_4(x, x, p256_mod);
@@ -39572,10 +39370,9 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
err = sp_256_to_mp(y, ym);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (x != NULL)
+ XFREE(x, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -40250,64 +40047,6 @@ static sp_digit sp_384_sub_6(sp_digit* r, const sp_digit* a,
return (sp_digit)r;
}
-/* Create a new point.
- *
- * heap [in] Buffer to allocate dynamic memory from.
- * sp [in] Data for point - only if not allocating.
- * p [out] New point.
- * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise.
- */
-static int sp_384_point_new_ex_6(void* heap, sp_point_384* sp,
- sp_point_384** p)
-{
- int ret = MP_OKAY;
- (void)heap;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- (void)sp;
- *p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC);
-#else
- *p = sp;
-#endif
- if (*p == NULL) {
- ret = MEMORY_E;
- }
- return ret;
-}
-
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* Allocate memory for point and return error. */
-#define sp_384_point_new_6(heap, sp, p) sp_384_point_new_ex_6((heap), NULL, &(p))
-#else
-/* Set pointer to data and return no error. */
-#define sp_384_point_new_6(heap, sp, p) sp_384_point_new_ex_6((heap), &(sp), &(p))
-#endif
-
-
-/* Free the point.
- *
- * p [in,out] Point to free.
- * clear [in] Indicates whether to zeroize point.
- * heap [in] Buffer from which dynamic memory was allocate from.
- */
-static void sp_384_point_free_6(sp_point_384* p, int clear, void* heap)
-{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* If valid pointer then clear point data if requested and free data. */
- if (p != NULL) {
- if (clear != 0) {
- XMEMSET(p, 0, sizeof(*p));
- }
- XFREE(p, heap, DYNAMIC_TYPE_ECC);
- }
-#else
-/* Clear point data if requested. */
- if ((p != NULL) && (clear != 0)) {
- XMEMSET(p, 0, sizeof(*p));
- }
-#endif
- (void)heap;
-}
-
/* Multiply a number by Montogmery normalizer mod modulus (prime).
*
* r The resulting Montgomery form number.
@@ -40317,34 +40056,25 @@ static void sp_384_point_free_6(sp_point_384* p, int clear, void* heap)
*/
static int sp_384_mod_mul_norm_6(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- int64_t* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ int64_t* t = NULL;
#else
- int64_t td[12];
- int64_t a32d[12];
+ int64_t t[2 * 12];
#endif
- int64_t* t;
- int64_t* a32;
+ int64_t* a32 = NULL;
int64_t o;
int err = MP_OKAY;
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- td = (int64_t*)XMALLOC(sizeof(int64_t) * 2 * 12, NULL, DYNAMIC_TYPE_ECC);
- if (td == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (int64_t*)XMALLOC(sizeof(int64_t) * 2 * 12, NULL, DYNAMIC_TYPE_ECC);
+ if (t == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = td;
- a32 = td + 12;
-#else
- t = td;
- a32 = a32d;
-#endif
+ a32 = t + 12;
a32[0] = a[0] & 0xffffffff;
a32[1] = a[0] >> 32;
@@ -40420,9 +40150,9 @@ static int sp_384_mod_mul_norm_6(sp_digit* r, const sp_digit* a, const sp_digit*
r[5] = (t[11] << 32) | t[10];
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL)
- XFREE(td, NULL, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -42155,43 +41885,41 @@ static void sp_384_get_point_33_6(sp_point_384* r, const sp_point_384* table,
static int sp_384_ecc_mulmod_win_add_sub_6(sp_point_384* r, const sp_point_384* g,
const sp_digit* k, int map, int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 td[33];
- sp_point_384 rtd;
- sp_point_384 pd;
- sp_digit tmpd[2 * 6 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* t = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_384 t[33+2];
+ sp_digit tmp[2 * 6 * 6];
#endif
- sp_point_384* t;
- sp_point_384* rt;
+ sp_point_384* rt = NULL;
sp_point_384* p = NULL;
- sp_digit* tmp;
sp_digit* negy;
int i;
ecc_recode_384 v[65];
- int err;
+ int err = MP_OKAY;
/* Constant time used for cache attack resistance implementation. */
(void)ct;
(void)heap;
- err = sp_384_point_new_6(heap, rtd, rt);
- if (err == MP_OKAY)
- err = sp_384_point_new_6(heap, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 33, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) *
+ (33+2), heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
-#else
- t = td;
- tmp = tmpd;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6,
+ heap, DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
-
if (err == MP_OKAY) {
+ rt = t + 33;
+ p = t + 33+1;
+
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
@@ -42271,14 +41999,12 @@ static int sp_384_ecc_mulmod_win_add_sub_6(sp_point_384* r, const sp_point_384*
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
if (tmp != NULL)
XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(p, 0, heap);
- sp_384_point_free_6(rt, 0, heap);
return err;
}
@@ -42411,29 +42137,30 @@ static void sp_384_proj_to_affine_6(sp_point_384* a, sp_digit* t)
static int sp_384_gen_stripe_table_6(const sp_point_384* a,
sp_table_entry_384* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 td;
- sp_point_384 s1d;
- sp_point_384 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* t = NULL;
+#else
+ sp_point_384 t[3];
#endif
- sp_point_384* t;
sp_point_384* s1 = NULL;
sp_point_384* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_384_point_new_6(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_384_point_new_6(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_384_point_new_6(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_384_mod_mul_norm_6(t->x, a->x, p384_mod);
}
if (err == MP_OKAY) {
@@ -42478,9 +42205,10 @@ static int sp_384_gen_stripe_table_6(const sp_point_384* a,
}
}
- sp_384_point_free_6(s2, 0, heap);
- sp_384_point_free_6(s1, 0, heap);
- sp_384_point_free_6( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -42549,19 +42277,19 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g,
const sp_table_entry_384* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 rtd;
- sp_point_384 pd;
- sp_digit td[2 * 6 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_384 rt[2];
+ sp_digit t[2 * 6 * 6];
#endif
- sp_point_384* rt;
sp_point_384* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -42569,21 +42297,22 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g,
(void)heap;
- err = sp_384_point_new_6(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_384_point_new_6(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p384_norm_mod, sizeof(p384_norm_mod));
XMEMCPY(rt->z, p384_norm_mod, sizeof(p384_norm_mod));
@@ -42634,13 +42363,12 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(p, 0, heap);
- sp_384_point_free_6(rt, 0, heap);
return err;
}
@@ -42809,29 +42537,30 @@ static int sp_384_ecc_mulmod_6(sp_point_384* r, const sp_point_384* g, const sp_
static int sp_384_gen_stripe_table_6(const sp_point_384* a,
sp_table_entry_384* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 td;
- sp_point_384 s1d;
- sp_point_384 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* t = NULL;
+#else
+ sp_point_384 t[3];
#endif
- sp_point_384* t;
sp_point_384* s1 = NULL;
sp_point_384* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_384_point_new_6(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_384_point_new_6(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_384_point_new_6(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_384_mod_mul_norm_6(t->x, a->x, p384_mod);
}
if (err == MP_OKAY) {
@@ -42876,9 +42605,10 @@ static int sp_384_gen_stripe_table_6(const sp_point_384* a,
}
}
- sp_384_point_free_6(s2, 0, heap);
- sp_384_point_free_6(s1, 0, heap);
- sp_384_point_free_6( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -42947,19 +42677,19 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g,
const sp_table_entry_384* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 rtd;
- sp_point_384 pd;
- sp_digit td[2 * 6 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_384 rt[2];
+ sp_digit t[2 * 6 * 6];
#endif
- sp_point_384* rt;
sp_point_384* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -42967,21 +42697,22 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g,
(void)heap;
- err = sp_384_point_new_6(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_384_point_new_6(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p384_norm_mod, sizeof(p384_norm_mod));
XMEMCPY(rt->z, p384_norm_mod, sizeof(p384_norm_mod));
@@ -43032,13 +42763,12 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(p, 0, heap);
- sp_384_point_free_6(rt, 0, heap);
return err;
}
@@ -43203,25 +42933,28 @@ static int sp_384_ecc_mulmod_6(sp_point_384* r, const sp_point_384* g, const sp_
int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[6];
-#endif
- sp_point_384* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[1];
+ sp_digit k[6];
+#endif
int err = MP_OKAY;
- err = sp_384_point_new_6(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_384_from_mp(k, 6, km);
sp_384_point_from_ecc_point_6(point, gm);
@@ -43232,12 +42965,12 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
err = sp_384_point_to_ecc_point_6(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(point, 0, heap);
return err;
}
@@ -43257,37 +42990,35 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
const ecc_point* am, int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_point_384 a;
- sp_digit kd[6];
- sp_digit t[6 * 2 * 6];
-#endif
- sp_point_384* point;
- sp_point_384* addP = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[2];
+ sp_digit k[6 + 6 * 2 * 6];
+#endif
+ sp_point_384* addP = NULL;
sp_digit* tmp = NULL;
int err = MP_OKAY;
- err = sp_384_point_new_6(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_384_point_new_6(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (6 + 6 * 2 * 6), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (6 + 6 * 2 * 6), heap,
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 6;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 6;
+
sp_384_from_mp(k, 6, km);
sp_384_point_from_ecc_point_6(point, gm);
sp_384_point_from_ecc_point_6(addP, am);
@@ -43314,13 +43045,12 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
err = sp_384_point_to_ecc_point_6(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(addP, 0, heap);
- sp_384_point_free_6(point, 0, heap);
return err;
}
@@ -62885,35 +62615,41 @@ static int sp_384_ecc_mulmod_add_only_6(sp_point_384* r, const sp_point_384* g,
const sp_table_entry_384* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 rtd;
- sp_point_384 pd;
- sp_digit tmpd[2 * 6 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* rt = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_384 rt[2];
+ sp_digit tmp[2 * 6 * 6];
#endif
- sp_point_384* rt;
sp_point_384* p = NULL;
- sp_digit* tmp;
- sp_digit* negy;
+ sp_digit* negy = NULL;
int i;
ecc_recode_384 v[55];
- int err;
+ int err = MP_OKAY;
(void)g;
(void)ct;
(void)heap;
- err = sp_384_point_new_6(heap, rtd, rt);
- if (err == MP_OKAY)
- err = sp_384_point_new_6(heap, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
-#else
- tmp = tmpd;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap,
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
- negy = tmp;
+
+ if (err == MP_OKAY) {
+ negy = tmp;
+ p = rt + 1;
+ }
if (err == MP_OKAY) {
sp_384_ecc_recode_7_6(k, v);
@@ -62958,16 +62694,19 @@ static int sp_384_ecc_mulmod_add_only_6(sp_point_384* r, const sp_point_384* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
- XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 6 * 6);
- XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- ForceZero(tmp, sizeof(sp_digit) * 2 * 6 * 6);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
+#endif
+ {
+ ForceZero(tmp, sizeof(sp_digit) * 2 * 6 * 6);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(p, 0, heap);
- sp_384_point_free_6(rt, 0, heap);
return MP_OKAY;
}
@@ -63001,26 +62740,28 @@ static int sp_384_ecc_mulmod_base_6(sp_point_384* r, const sp_digit* k,
*/
int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[6];
-#endif
- sp_point_384* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[1];
+ sp_digit k[6];
+#endif
int err = MP_OKAY;
- err = sp_384_point_new_6(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_384_from_mp(k, 6, km);
@@ -63030,12 +62771,12 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
err = sp_384_point_to_ecc_point_6(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(point, 0, heap);
return err;
}
@@ -63054,37 +62795,35 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_point_384 a;
- sp_digit kd[6];
- sp_digit t[6 * 2 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
+ sp_digit* k = NULL;
+#else
+ sp_point_384 point[2];
+ sp_digit k[6 + 6 * 2 * 6];
#endif
- sp_point_384* point;
sp_point_384* addP = NULL;
sp_digit* tmp = NULL;
- sp_digit* k = NULL;
int err = MP_OKAY;
- err = sp_384_point_new_6(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_384_point_new_6(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (6 + 6 * 2 * 6), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (6 + 6 * 2 * 6),
+ heap, DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 6;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 6;
+
sp_384_from_mp(k, 6, km);
sp_384_point_from_ecc_point_6(addP, am);
}
@@ -63110,13 +62849,12 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
err = sp_384_point_to_ecc_point_6(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(addP, 0, heap);
- sp_384_point_free_6(point, 0, heap);
return err;
}
@@ -63245,41 +62983,46 @@ static int sp_384_ecc_gen_k_6(WC_RNG* rng, sp_digit* k)
*/
int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[6];
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_point_384 inf;
-#endif
-#endif
- sp_point_384* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ sp_point_384 point[2];
+ #else
+ sp_point_384 point[1];
+ #endif
+ sp_digit k[6];
+#endif
#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
sp_point_384* infinity = NULL;
#endif
- int err;
+ int err = MP_OKAY;
+
(void)heap;
- err = sp_384_point_new_6(heap, p, point);
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- if (err == MP_OKAY) {
- err = sp_384_point_new_6(heap, inf, infinity);
- }
-#endif
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, DYNAMIC_TYPE_ECC);
+ #else
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC);
+ #endif
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ infinity = point + 1;
+ #endif
+
err = sp_384_ecc_gen_k_6(rng, k);
}
if (err == MP_OKAY) {
@@ -63304,15 +63047,14 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
err = sp_384_point_to_ecc_point_6(point, pub);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
+ if (point != NULL) {
+ /* point is not sensitive, so no need to zeroize */
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
}
#endif
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_384_point_free_6(infinity, 1, heap);
-#endif
- sp_384_point_free_6(point, 1, heap);
return err;
}
@@ -63356,30 +63098,32 @@ static void sp_384_to_bin(sp_digit* r, byte* a)
int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
word32* outLen, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[6];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[1];
+ sp_digit k[6];
+#endif
int err = MP_OKAY;
if (*outLen < 48U) {
err = BUFFER_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_384_point_new_6(heap, p, point);
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
@@ -63392,12 +63136,12 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
*outLen = 48;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(point, 0, heap);
return err;
}
@@ -63946,13 +63690,10 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
hashLen = 48U;
}
- sp_384_from_bin(ctx->e, 6, hash, (int)hashLen);
-
ctx->i = SP_ECC_MAX_SIG_GEN;
ctx->state = 1;
break;
case 1: /* GEN */
- sp_384_from_mp(ctx->x, 6, priv);
/* New random point. */
if (km == NULL || mp_iszero(km)) {
err = sp_384_ecc_gen_k_6(rng, ctx->k);
@@ -63980,6 +63721,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
c = sp_384_cmp_6(ctx->r, p384_order);
sp_384_cond_sub_6(ctx->r, ctx->r, p384_order, 0L - (sp_digit)(c >= 0));
sp_384_norm_6(ctx->r);
+
+ sp_384_from_mp(ctx->x, 6, priv);
+ sp_384_from_bin(ctx->e, 6, hash, (int)hashLen);
ctx->state = 4;
break;
}
@@ -64036,6 +63780,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
ctx->state = 10;
break;
}
+ #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP
+ ctx->i = 1;
+ #endif
/* not usable gen, try again */
ctx->i--;
@@ -64071,22 +63818,17 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng,
const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit ed[2*6];
- sp_digit xd[2*6];
- sp_digit kd[2*6];
- sp_digit rd[2*6];
- sp_digit td[3 * 2*6];
- sp_point_384 p;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* e = NULL;
+ sp_point_384* point = NULL;
+#else
+ sp_digit e[7 * 2 * 6];
+ sp_point_384 point[1];
+#endif
sp_digit* x = NULL;
sp_digit* k = NULL;
sp_digit* r = NULL;
sp_digit* tmp = NULL;
- sp_point_384* point = NULL;
sp_digit* s = NULL;
int64_t c;
int err = MP_OKAY;
@@ -64094,31 +63836,26 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng,
(void)heap;
- err = sp_384_point_new_6(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 6, heap,
+ DYNAMIC_TYPE_ECC);
+ if (e == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- e = d + 0 * 6;
- x = d + 2 * 6;
- k = d + 4 * 6;
- r = d + 6 * 6;
- tmp = d + 8 * 6;
-#else
- e = ed;
- x = xd;
- k = kd;
- r = rd;
- tmp = td;
-#endif
+ x = e + 2 * 6;
+ k = e + 4 * 6;
+ r = e + 6 * 6;
+ tmp = e + 8 * 6;
s = e;
if (hashLen > 48U) {
@@ -64173,19 +63910,24 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng,
err = sp_384_to_mp(s, sm);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 8 * 6);
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 2U * 6U);
- XMEMSET(x, 0, sizeof(sp_digit) * 2U * 6U);
- XMEMSET(k, 0, sizeof(sp_digit) * 2U * 6U);
- XMEMSET(r, 0, sizeof(sp_digit) * 2U * 6U);
- XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 6U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (e != NULL)
#endif
- sp_384_point_free_6(point, 1, heap);
+ {
+ ForceZero(e, sizeof(sp_digit) * 7 * 2 * 6);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(e, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (point != NULL)
+#endif
+ {
+ ForceZero(point, sizeof(sp_point_384));
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -64488,7 +64230,7 @@ typedef struct sp_ecc_verify_384_ctx {
int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ,
- const mp_int* r, const mp_int* sm, int* res, void* heap)
+ const mp_int* rm, const mp_int* sm, int* res, void* heap)
{
int err = FP_WOULDBLOCK;
sp_ecc_verify_384_ctx* ctx = (sp_ecc_verify_384_ctx*)sp_ctx->data;
@@ -64503,7 +64245,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
}
sp_384_from_bin(ctx->u1, 6, hash, (int)hashLen);
- sp_384_from_mp(ctx->u2, 6, r);
+ sp_384_from_mp(ctx->u2, 6, rm);
sp_384_from_mp(ctx->s, 6, sm);
sp_384_from_mp(ctx->p2.x, 6, pX);
sp_384_from_mp(ctx->p2.y, 6, pY);
@@ -64561,57 +64303,33 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
if (err == MP_OKAY)
ctx->state = 9;
break;
- case 9: /* DBLPREP */
- if (sp_384_iszero_6(ctx->p1.z)) {
- if (sp_384_iszero_6(ctx->p1.x) && sp_384_iszero_6(ctx->p1.y)) {
- XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
- ctx->state = 10;
- break;
- }
- else {
- /* Y ordinate is not used from here - don't set. */
- int i;
- for (i=0; i<6; i++) {
- ctx->p1.x[i] = 0;
- }
- XMEMCPY(ctx->p1.z, p384_norm_mod, sizeof(p384_norm_mod));
- }
- }
- ctx->state = 11;
- break;
- case 10: /* DBL */
- err = sp_384_proj_point_dbl_6_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1,
- &ctx->p2, ctx->tmp);
- if (err == MP_OKAY) {
- ctx->state = 11;
- }
- break;
- case 11: /* MONT */
+ case 9: /* MONT */
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_384_from_mp(ctx->u2, 6, r);
+ sp_384_from_mp(ctx->u2, 6, rm);
err = sp_384_mod_mul_norm_6(ctx->u2, ctx->u2, p384_mod);
if (err == MP_OKAY)
- ctx->state = 12;
+ ctx->state = 10;
break;
- case 12: /* SQR */
+ case 10: /* SQR */
/* u1 = r.z'.z' mod prime */
sp_384_mont_sqr_6(ctx->p1.z, ctx->p1.z, p384_mod, p384_mp_mod);
- ctx->state = 13;
+ ctx->state = 11;
break;
- case 13: /* MUL */
+ case 11: /* MUL */
sp_384_mont_mul_6(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, p384_mp_mod);
- ctx->state = 14;
+ ctx->state = 12;
break;
- case 14: /* RES */
+ case 12: /* RES */
+ {
+ int64_t c = 0;
err = MP_OKAY; /* math okay, now check result */
*res = (int)(sp_384_cmp_6(ctx->p1.x, ctx->u1) == 0);
if (*res == 0) {
sp_digit carry;
- int64_t c;
/* Reload r and add order. */
- sp_384_from_mp(ctx->u2, 6, r);
+ sp_384_from_mp(ctx->u2, 6, rm);
carry = sp_384_add_6(ctx->u2, ctx->u2, p384_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -64619,22 +64337,23 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
/* Compare with mod and if greater or equal then not valid. */
c = sp_384_cmp_6(ctx->u2, p384_mod);
- if (c < 0) {
- /* Convert to Montogomery form */
- err = sp_384_mod_mul_norm_6(ctx->u2, ctx->u2, p384_mod);
- if (err == MP_OKAY) {
- /* u1 = (r + 1*order).z'.z' mod prime */
- sp_384_mont_mul_6(ctx->u1, ctx->u2, ctx->p1.z, p384_mod,
- p384_mp_mod);
- *res = (int)(sp_384_cmp_6(ctx->p1.x, ctx->u1) == 0);
- }
- }
+ }
+ }
+ if ((*res == 0) && (c < 0)) {
+ /* Convert to Montogomery form */
+ err = sp_384_mod_mul_norm_6(ctx->u2, ctx->u2, p384_mod);
+ if (err == MP_OKAY) {
+ /* u1 = (r + 1*order).z'.z' mod prime */
+ sp_384_mont_mul_6(ctx->u1, ctx->u2, ctx->p1.z, p384_mod,
+ p384_mp_mod);
+ *res = (int)(sp_384_cmp_6(ctx->p1.x, ctx->u1) == 0);
}
}
break;
}
+ } /* switch */
- if (err == MP_OKAY && ctx->state != 14) {
+ if (err == MP_OKAY && ctx->state != 12) {
err = FP_WOULDBLOCK;
}
@@ -64643,62 +64362,51 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
#endif /* WOLFSSL_SP_NONBLOCK */
int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
- const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm,
+ const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm,
int* res, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit u1d[2*6];
- sp_digit u2d[2*6];
- sp_digit sd[2*6];
- sp_digit tmpd[2*6 * 5];
- sp_point_384 p1d;
- sp_point_384 p2d;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* u1 = NULL;
+ sp_point_384* p1 = NULL;
+#else
+ sp_digit u1[16 * 6];
+ sp_point_384 p1[2];
+#endif
sp_digit* u2 = NULL;
sp_digit* s = NULL;
sp_digit* tmp = NULL;
- sp_point_384* p1;
sp_point_384* p2 = NULL;
sp_digit carry;
int64_t c = 0;
- int err;
+ int err = MP_OKAY;
- err = sp_384_point_new_6(heap, p1d, p1);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_384_point_new_6(heap, p2d, p2);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ p1 = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (p1 == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 6, heap,
+ DYNAMIC_TYPE_ECC);
+ if (u1 == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- u1 = d + 0 * 6;
- u2 = d + 2 * 6;
- s = d + 4 * 6;
- tmp = d + 6 * 6;
-#else
- u1 = u1d;
- u2 = u2d;
- s = sd;
- tmp = tmpd;
-#endif
+ u2 = u1 + 2 * 6;
+ s = u1 + 4 * 6;
+ tmp = u1 + 6 * 6;
+ p2 = p1 + 1;
if (hashLen > 48U) {
hashLen = 48U;
}
sp_384_from_bin(u1, 6, hash, (int)hashLen);
- sp_384_from_mp(u2, 6, r);
+ sp_384_from_mp(u2, 6, rm);
sp_384_from_mp(s, 6, sm);
sp_384_from_mp(p2->x, 6, pX);
sp_384_from_mp(p2->y, 6, pY);
@@ -64709,7 +64417,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
if (err == MP_OKAY) {
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_384_from_mp(u2, 6, r);
+ sp_384_from_mp(u2, 6, rm);
err = sp_384_mod_mul_norm_6(u2, u2, p384_mod);
}
@@ -64720,7 +64428,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
*res = (int)(sp_384_cmp_6(p1->x, u1) == 0);
if (*res == 0) {
/* Reload r and add order. */
- sp_384_from_mp(u2, 6, r);
+ sp_384_from_mp(u2, 6, rm);
carry = sp_384_add_6(u2, u2, p384_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -64729,8 +64437,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
/* Compare with mod and if greater or equal then not valid. */
c = sp_384_cmp_6(u2, p384_mod);
}
- }
- if ((*res == 0) && (c < 0)) {
+ }
+ if ((*res == 0) && (c < 0)) {
/* Convert to Montogomery form */
err = sp_384_mod_mul_norm_6(u2, u2, p384_mod);
if (err == MP_OKAY) {
@@ -64742,12 +64450,12 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL)
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (u1 != NULL)
+ XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+ if (p1 != NULL)
+ XFREE(p1, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(p1, 0, heap);
- sp_384_point_free_6(p2, 0, heap);
return err;
}
@@ -64764,32 +64472,23 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
static int sp_384_ecc_is_point_6(const sp_point_384* point,
void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2*6];
- sp_digit t2d[2*6];
+ sp_digit t1[6 * 4];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6 * 4, heap, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6 * 4, heap, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)heap;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 6;
- t2 = d + 2 * 6;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 6;
sp_384_sqr_6(t1, point->y);
(void)sp_384_mod_6(t1, t1, p384_mod);
@@ -64809,10 +64508,9 @@ static int sp_384_ecc_is_point_6(const sp_point_384* point,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, heap, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -64827,14 +64525,21 @@ static int sp_384_ecc_is_point_6(const sp_point_384* point,
*/
int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 pubd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* pub = NULL;
+#else
+ sp_point_384 pub[1];
+#endif
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
#endif
- sp_point_384* pub;
- byte one[1] = { 1 };
- int err;
- err = sp_384_point_new_6(NULL, pubd, pub);
if (err == MP_OKAY) {
sp_384_from_mp(pub->x, 6, pX);
sp_384_from_mp(pub->y, 6, pY);
@@ -64843,7 +64548,10 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
err = sp_384_ecc_is_point_6(pub, NULL);
}
- sp_384_point_free_6(pub, 0, NULL);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -64862,45 +64570,45 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
const mp_int* privm, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit privd[6];
- sp_point_384 pubd;
- sp_point_384 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* priv = NULL;
- sp_point_384* pub;
- sp_point_384* p = NULL;
- byte one[1] = { 1 };
- int err;
-
- err = sp_384_point_new_6(heap, pubd, pub);
- if (err == MP_OKAY) {
- err = sp_384_point_new_6(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY && privm) {
- priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (priv == NULL) {
- err = MEMORY_E;
- }
- }
+ sp_point_384* pub = NULL;
+#else
+ sp_digit priv[6];
+ sp_point_384 pub[2];
#endif
+ sp_point_384* p = NULL;
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
/* Quick check the lengs of public key ordinates and private key are in
* range. Proper check later.
*/
- if ((err == MP_OKAY) && ((mp_count_bits(pX) > 384) ||
+ if (((mp_count_bits(pX) > 384) ||
(mp_count_bits(pY) > 384) ||
((privm != NULL) && (mp_count_bits(privm) > 384)))) {
err = ECC_OUT_OF_RANGE_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- priv = privd;
+ pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY && privm) {
+ priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6, heap,
+ DYNAMIC_TYPE_ECC);
+ if (priv == NULL)
+ err = MEMORY_E;
+ }
#endif
+ if (err == MP_OKAY) {
+ p = pub + 1;
+
sp_384_from_mp(pub->x, 6, pX);
sp_384_from_mp(pub->y, 6, pY);
sp_384_from_bin(pub->z, 6, one, (int)sizeof(one));
@@ -64949,13 +64657,12 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (priv != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+ if (priv != NULL)
XFREE(priv, heap, DYNAMIC_TYPE_ECC);
- }
#endif
- sp_384_point_free_6(p, 0, heap);
- sp_384_point_free_6(pub, 0, heap);
return err;
}
@@ -64979,33 +64686,35 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* qX, mp_int* qY, mp_int* qZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 6 * 5];
- sp_point_384 pd;
- sp_point_384 qd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_384* p;
+ sp_point_384* p = NULL;
+#else
+ sp_digit tmp[2 * 6 * 5];
+ sp_point_384 p[2];
+#endif
sp_point_384* q = NULL;
int err;
- err = sp_384_point_new_6(NULL, pd, p);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_384_point_new_6(NULL, qd, q);
+ p = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 5, NULL,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (tmp == NULL) {
err = MEMORY_E;
}
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
+ q = p + 1;
+
sp_384_from_mp(p->x, 6, pX);
sp_384_from_mp(p->y, 6, pY);
sp_384_from_mp(p->z, 6, pZ);
@@ -65026,13 +64735,12 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_384_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(q, 0, NULL);
- sp_384_point_free_6(p, 0, NULL);
return err;
}
@@ -65051,25 +64759,28 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 6 * 2];
- sp_point_384 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_384* p;
- int err;
+ sp_point_384* p = NULL;
+#else
+ sp_digit tmp[2 * 6 * 2];
+ sp_point_384 p[1];
+#endif
+ int err = MP_OKAY;
- err = sp_384_point_new_6(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 2, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
@@ -65090,12 +64801,12 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_384_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(p, 0, NULL);
return err;
}
@@ -65110,25 +64821,29 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
*/
int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 6 * 6];
- sp_point_384 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_384* p;
- int err;
+ sp_point_384* p = NULL;
+#else
+ sp_digit tmp[2 * 6 * 6];
+ sp_point_384 p[1];
+#endif
+ int err = MP_OKAY;
- err = sp_384_point_new_6(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
sp_384_from_mp(p->x, 6, pX);
@@ -65148,12 +64863,12 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
err = sp_384_to_mp(p->z, pZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(p, 0, NULL);
return err;
}
@@ -65166,43 +64881,28 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
*/
static int sp_384_mont_sqrt_6(sp_digit* y)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2 * 6];
- sp_digit t2d[2 * 6];
- sp_digit t3d[2 * 6];
- sp_digit t4d[2 * 6];
- sp_digit t5d[2 * 6];
+ sp_digit t1[5 * 2 * 6];
#endif
- sp_digit* t1;
- sp_digit* t2;
- sp_digit* t3;
- sp_digit* t4;
- sp_digit* t5;
+ sp_digit* t2 = NULL;
+ sp_digit* t3 = NULL;
+ sp_digit* t4 = NULL;
+ sp_digit* t5 = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 6, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 6, NULL, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 6;
- t2 = d + 2 * 6;
- t3 = d + 4 * 6;
- t4 = d + 6 * 6;
- t5 = d + 8 * 6;
-#else
- t1 = t1d;
- t2 = t2d;
- t3 = t3d;
- t4 = t4d;
- t5 = t5d;
-#endif
+ t2 = t1 + 2 * 6;
+ t3 = t1 + 4 * 6;
+ t4 = t1 + 6 * 6;
+ t5 = t1 + 8 * 6;
{
/* t2 = y ^ 0x2 */
@@ -65262,10 +64962,9 @@ static int sp_384_mont_sqrt_6(sp_digit* y)
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -65281,31 +64980,22 @@ static int sp_384_mont_sqrt_6(sp_digit* y)
*/
int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
-#else
- sp_digit xd[2 * 6];
- sp_digit yd[2 * 6];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* x = NULL;
+#else
+ sp_digit x[4 * 6];
+#endif
sp_digit* y = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 6, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 6, NULL, DYNAMIC_TYPE_ECC);
+ if (x == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- x = d + 0 * 6;
- y = d + 2 * 6;
-#else
- x = xd;
- y = yd;
-#endif
+ y = x + 2 * 6;
sp_384_from_mp(x, 6, xm);
err = sp_384_mod_mul_norm_6(x, x, p384_mod);
@@ -65338,10 +65028,9 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
err = sp_384_to_mp(y, ym);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (x != NULL)
+ XFREE(x, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -67214,6 +66903,8 @@ static int sp_1024_mod_mul_norm_16(sp_digit* r, const sp_digit* a,
return sp_1024_mod_16(r, r, m);
}
+
+#ifdef WOLFCRYPT_HAVE_SAKKE
/* Create a new point.
*
* heap [in] Buffer to allocate dynamic memory from.
@@ -67245,8 +66936,8 @@ static int sp_1024_point_new_ex_16(void* heap, sp_point_1024* sp,
/* Set pointer to data and return no error. */
#define sp_1024_point_new_16(heap, sp, p) sp_1024_point_new_ex_16((heap), &(sp), &(p))
#endif
-
-
+#endif /* WOLFCRYPT_HAVE_SAKKE */
+#ifdef WOLFCRYPT_HAVE_SAKKE
/* Free the point.
*
* p [in,out] Point to free.
@@ -67271,6 +66962,7 @@ static void sp_1024_point_free_16(sp_point_1024* p, int clear, void* heap)
#endif
(void)heap;
}
+#endif /* WOLFCRYPT_HAVE_SAKKE */
/* Convert an mp_int to an array of sp_digit.
*
@@ -69514,43 +69206,41 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v)
static int sp_1024_ecc_mulmod_win_add_sub_16(sp_point_1024* r, const sp_point_1024* g,
const sp_digit* k, int map, int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 td[65];
- sp_point_1024 rtd;
- sp_point_1024 pd;
- sp_digit tmpd[2 * 16 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* t = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_1024 t[65+2];
+ sp_digit tmp[2 * 16 * 6];
#endif
- sp_point_1024* t;
- sp_point_1024* rt;
+ sp_point_1024* rt = NULL;
sp_point_1024* p = NULL;
- sp_digit* tmp;
sp_digit* negy;
int i;
ecc_recode_1024 v[147];
- int err;
+ int err = MP_OKAY;
/* Constant time used for cache attack resistance implementation. */
(void)ct;
(void)heap;
- err = sp_1024_point_new_16(heap, rtd, rt);
- if (err == MP_OKAY)
- err = sp_1024_point_new_16(heap, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 65, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) *
+ (65+2), heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 16 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
-#else
- t = td;
- tmp = tmpd;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 16 * 6,
+ heap, DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
-
if (err == MP_OKAY) {
+ rt = t + 65;
+ p = t + 65+1;
+
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
@@ -69634,14 +69324,12 @@ static int sp_1024_ecc_mulmod_win_add_sub_16(sp_point_1024* r, const sp_point_10
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
if (tmp != NULL)
XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_16(p, 0, heap);
- sp_1024_point_free_16(rt, 0, heap);
return err;
}
@@ -69773,29 +69461,30 @@ static void sp_1024_proj_to_affine_16(sp_point_1024* a, sp_digit* t)
static int sp_1024_gen_stripe_table_16(const sp_point_1024* a,
sp_table_entry_1024* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 td;
- sp_point_1024 s1d;
- sp_point_1024 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* t = NULL;
+#else
+ sp_point_1024 t[3];
#endif
- sp_point_1024* t;
sp_point_1024* s1 = NULL;
sp_point_1024* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_1024_point_new_16(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_16(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_1024_point_new_16(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_1024_mod_mul_norm_16(t->x, a->x, p1024_mod);
}
if (err == MP_OKAY) {
@@ -69840,9 +69529,10 @@ static int sp_1024_gen_stripe_table_16(const sp_point_1024* a,
}
}
- sp_1024_point_free_16(s2, 0, heap);
- sp_1024_point_free_16(s1, 0, heap);
- sp_1024_point_free_16( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -69868,19 +69558,19 @@ static int sp_1024_ecc_mulmod_stripe_16(sp_point_1024* r, const sp_point_1024* g
const sp_table_entry_1024* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 rtd;
- sp_point_1024 pd;
- sp_digit td[2 * 16 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_1024 rt[2];
+ sp_digit t[2 * 16 * 5];
#endif
- sp_point_1024* rt;
sp_point_1024* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -69888,21 +69578,22 @@ static int sp_1024_ecc_mulmod_stripe_16(sp_point_1024* r, const sp_point_1024* g
(void)heap;
- err = sp_1024_point_new_16(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_16(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 16 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 16 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p1024_norm_mod, sizeof(p1024_norm_mod));
XMEMCPY(rt->z, p1024_norm_mod, sizeof(p1024_norm_mod));
@@ -69938,13 +69629,12 @@ static int sp_1024_ecc_mulmod_stripe_16(sp_point_1024* r, const sp_point_1024* g
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_16(p, 0, heap);
- sp_1024_point_free_16(rt, 0, heap);
return err;
}
@@ -70107,25 +69797,28 @@ static int sp_1024_ecc_mulmod_16(sp_point_1024* r, const sp_point_1024* g, const
int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_digit kd[16];
-#endif
- sp_point_1024* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_1024 point[1];
+ sp_digit k[16];
+#endif
int err = MP_OKAY;
- err = sp_1024_point_new_16(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_1024_from_mp(k, 16, km);
sp_1024_point_from_ecc_point_16(point, gm);
@@ -70136,12 +69829,12 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
err = sp_1024_point_to_ecc_point_16(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_16(point, 0, heap);
return err;
}
@@ -73504,26 +73197,28 @@ static int sp_1024_ecc_mulmod_base_16(sp_point_1024* r, const sp_digit* k,
*/
int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_digit kd[16];
-#endif
- sp_point_1024* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_1024 point[1];
+ sp_digit k[16];
+#endif
int err = MP_OKAY;
- err = sp_1024_point_new_16(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_1024_from_mp(k, 16, km);
@@ -73533,12 +73228,12 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
err = sp_1024_point_to_ecc_point_16(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_16(point, 0, heap);
return err;
}
@@ -73557,37 +73252,35 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_point_1024 a;
- sp_digit kd[16];
- sp_digit t[16 * 2 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
+ sp_digit* k = NULL;
+#else
+ sp_point_1024 point[2];
+ sp_digit k[16 + 16 * 2 * 5];
#endif
- sp_point_1024* point;
sp_point_1024* addP = NULL;
sp_digit* tmp = NULL;
- sp_digit* k = NULL;
int err = MP_OKAY;
- err = sp_1024_point_new_16(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_1024_point_new_16(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 + 16 * 2 * 5), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (16 + 16 * 2 * 5),
+ heap, DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 16;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 16;
+
sp_1024_from_mp(k, 16, km);
sp_1024_point_from_ecc_point_16(addP, am);
}
@@ -73613,13 +73306,12 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
err = sp_1024_point_to_ecc_point_16(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_16(addP, 0, heap);
- sp_1024_point_free_16(point, 0, heap);
return err;
}
@@ -73637,29 +73329,43 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
void* heap)
{
- int err = 0;
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_point_1024* point = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_1024 point[1];
sp_digit t[5 * 2 * 16];
+#endif
+ int err = MP_OKAY;
if ((gm == NULL) || (len == NULL)) {
err = BAD_FUNC_ARG;
}
- if ((err == 0) && (table == NULL)) {
+ if ((err == MP_OKAY) && (table == NULL)) {
*len = sizeof(sp_table_entry_1024) * 256;
err = LENGTH_ONLY_E;
}
- if ((err == 0) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
+ if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
err = BUFFER_E;
}
- if (err == 0) {
- err = sp_1024_point_new_16(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
}
- if (err == 0) {
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 16, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+ }
+#endif
+
+ if (err == MP_OKAY) {
sp_1024_point_from_ecc_point_16(point, gm);
err = sp_1024_gen_stripe_table_16(point,
(sp_table_entry_1024*)table, t, heap);
@@ -73668,7 +73374,12 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
*len = sizeof(sp_table_entry_1024) * 256;
}
- sp_1024_point_free_16(point, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -73721,24 +73432,28 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_digit kd[16];
-#endif
- sp_point_1024* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_1024 point[1];
+ sp_digit k[16];
+#endif
int err = MP_OKAY;
- err = sp_1024_point_new_16(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16, heap, DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_1024_from_mp(k, 16, km);
sp_1024_point_from_ecc_point_16(point, gm);
@@ -73755,12 +73470,12 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
err = sp_1024_point_to_ecc_point_16(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_16(point, 0, heap);
return err;
}
@@ -76964,33 +76679,24 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n)
static int sp_1024_ecc_is_point_16(const sp_point_1024* point,
void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2*16];
- sp_digit t2d[2*16];
+ sp_digit t1[16 * 4];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int64_t n;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 4, heap, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 4, heap, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)heap;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 16;
- t2 = d + 2 * 16;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 16;
sp_1024_sqr_16(t1, point->y);
(void)sp_1024_mod_16(t1, t1, p1024_mod);
@@ -77014,10 +76720,9 @@ static int sp_1024_ecc_is_point_16(const sp_point_1024* point,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, heap, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -77032,14 +76737,21 @@ static int sp_1024_ecc_is_point_16(const sp_point_1024* point,
*/
int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 pubd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* pub = NULL;
+#else
+ sp_point_1024 pub[1];
+#endif
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
#endif
- sp_point_1024* pub;
- byte one[1] = { 1 };
- int err;
- err = sp_1024_point_new_16(NULL, pubd, pub);
if (err == MP_OKAY) {
sp_1024_from_mp(pub->x, 16, pX);
sp_1024_from_mp(pub->y, 16, pY);
@@ -77048,7 +76760,10 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
err = sp_1024_ecc_is_point_16(pub, NULL);
}
- sp_1024_point_free_16(pub, 0, NULL);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -77067,45 +76782,45 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
const mp_int* privm, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit privd[16];
- sp_point_1024 pubd;
- sp_point_1024 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* priv = NULL;
- sp_point_1024* pub;
- sp_point_1024* p = NULL;
- byte one[1] = { 1 };
- int err;
-
- err = sp_1024_point_new_16(heap, pubd, pub);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_16(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY && privm) {
- priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16, heap,
- DYNAMIC_TYPE_ECC);
- if (priv == NULL) {
- err = MEMORY_E;
- }
- }
+ sp_point_1024* pub = NULL;
+#else
+ sp_digit priv[16];
+ sp_point_1024 pub[2];
#endif
+ sp_point_1024* p = NULL;
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
/* Quick check the lengs of public key ordinates and private key are in
* range. Proper check later.
*/
- if ((err == MP_OKAY) && ((mp_count_bits(pX) > 1024) ||
+ if (((mp_count_bits(pX) > 1024) ||
(mp_count_bits(pY) > 1024) ||
((privm != NULL) && (mp_count_bits(privm) > 1024)))) {
err = ECC_OUT_OF_RANGE_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- priv = privd;
+ pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY && privm) {
+ priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16, heap,
+ DYNAMIC_TYPE_ECC);
+ if (priv == NULL)
+ err = MEMORY_E;
+ }
#endif
+ if (err == MP_OKAY) {
+ p = pub + 1;
+
sp_1024_from_mp(pub->x, 16, pX);
sp_1024_from_mp(pub->y, 16, pY);
sp_1024_from_bin(pub->z, 16, one, (int)sizeof(one));
@@ -77154,13 +76869,12 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (priv != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+ if (priv != NULL)
XFREE(priv, heap, DYNAMIC_TYPE_ECC);
- }
#endif
- sp_1024_point_free_16(p, 0, heap);
- sp_1024_point_free_16(pub, 0, heap);
return err;
}
diff --git a/wolfcrypt/src/sp_armthumb.c b/wolfcrypt/src/sp_armthumb.c
index a7e2ddd70..24276ebf1 100644
--- a/wolfcrypt/src/sp_armthumb.c
+++ b/wolfcrypt/src/sp_armthumb.c
@@ -3144,12 +3144,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[16 * 64];
#endif
sp_digit* t[16];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -3161,19 +3161,14 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 64), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<16; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 64;
-#else
- t[i] = &td[i * 64];
-#endif
}
sp_2048_mont_setup(m, &mp);
@@ -3269,9 +3264,8 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -3290,12 +3284,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[32 * 64];
#endif
sp_digit* t[32];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -3307,19 +3301,14 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 64), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<32; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 64;
-#else
- t[i] = &td[i * 64];
-#endif
}
sp_2048_mont_setup(m, &mp);
@@ -3432,9 +3421,8 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -4006,12 +3994,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[16 * 128];
#endif
sp_digit* t[16];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -4023,19 +4011,14 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 128), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<16; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 128;
-#else
- t[i] = &td[i * 128];
-#endif
}
sp_2048_mont_setup(m, &mp);
@@ -4131,9 +4114,8 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -4152,12 +4134,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[32 * 128];
#endif
sp_digit* t[32];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -4169,19 +4151,14 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 128), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<32; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 128;
-#else
- t[i] = &td[i * 128];
-#endif
}
sp_2048_mont_setup(m, &mp);
@@ -4294,9 +4271,8 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -4320,18 +4296,15 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
const mp_int* mm, byte* out, word32* outLen)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit a[128];
- sp_digit m[64];
- sp_digit r[128];
-#else
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[64 * 5];
+#endif
sp_digit* m = NULL;
sp_digit* r = NULL;
-#endif
sp_digit *ah = NULL;
- sp_digit e[1];
+ sp_digit e[1] = {0};
int err = MP_OKAY;
if (*outLen < 256) {
@@ -4345,22 +4318,18 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 5, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- a = d;
- r = a + 64 * 2;
- m = r + 64 * 2;
- }
#endif
if (err == MP_OKAY) {
+ r = a + 64 * 2;
+ m = r + 64 * 2;
ah = a + 64;
sp_2048_from_bin(ah, 64, in, inLen);
@@ -4433,10 +4402,9 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
*outLen = 256;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
#endif
return err;
@@ -4504,8 +4472,12 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
#if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM)
- sp_digit* a = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[64 * 4];
+#endif
+ sp_digit* a = NULL;
sp_digit* m = NULL;
sp_digit* r = NULL;
int err = MP_OKAY;
@@ -4534,13 +4506,15 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 4, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL) {
+ if (d == NULL)
err = MEMORY_E;
- }
}
+#endif
+
if (err == MP_OKAY) {
a = d + 64;
m = a + 128;
@@ -4551,34 +4525,36 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
sp_2048_from_mp(m, 64, mm);
err = sp_2048_mod_exp_64(r, a, d, 2048, m, 0);
}
+
if (err == MP_OKAY) {
sp_2048_to_bin(r, out);
*outLen = 256;
}
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 64);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
+#endif
+ {
+ /* only "a" and "r" are sensitive and need zeroized (same pointer) */
+ if (a != NULL)
+ ForceZero(a, sizeof(sp_digit) * 64);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#endif
}
return err;
#else
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit a[64 * 2];
- sp_digit p[32];
- sp_digit q[32];
- sp_digit dp[32];
- sp_digit tmpa[64];
- sp_digit tmpb[64];
-#else
- sp_digit* t = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[32 * 11];
+#endif
sp_digit* p = NULL;
sp_digit* q = NULL;
sp_digit* dp = NULL;
sp_digit* tmpa = NULL;
sp_digit* tmpb = NULL;
-#endif
sp_digit* r = NULL;
sp_digit* qi = NULL;
sp_digit* dq = NULL;
@@ -4598,31 +4574,23 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 11, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 11, NULL,
DYNAMIC_TYPE_RSA);
- if (t == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
+#endif
+
if (err == MP_OKAY) {
- a = t;
p = a + 64 * 2;
q = p + 32;
qi = dq = dp = q + 32;
tmpa = qi + 32;
tmpb = tmpa + 64;
-
- r = t + 64;
- }
-#else
-#endif
-
- if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
r = a;
- qi = dq = dp;
-#endif
+
sp_2048_from_bin(a, 64, in, inLen);
sp_2048_from_mp(p, 32, pm);
sp_2048_from_mp(q, 32, qm);
@@ -4654,19 +4622,16 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 256;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_digit) * 32 * 11);
- XFREE(t, NULL, DYNAMIC_TYPE_RSA);
- }
-#else
- XMEMSET(tmpa, 0, sizeof(tmpa));
- XMEMSET(tmpb, 0, sizeof(tmpb));
- XMEMSET(p, 0, sizeof(p));
- XMEMSET(q, 0, sizeof(q));
- XMEMSET(dp, 0, sizeof(dp));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
#endif
-#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */
+ {
+ ForceZero(a, sizeof(sp_digit) * 32 * 11);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+ #endif
+ }
+#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */
return err;
}
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
@@ -5208,12 +5173,12 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
const sp_digit* m)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[193];
#endif
- sp_digit* norm;
- sp_digit* tmp;
+ sp_digit* norm = NULL;
+ sp_digit* tmp = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit o;
@@ -5226,18 +5191,13 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 193, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
tmp = td + 128;
-#else
- tmp = &td[128];
-#endif
sp_2048_mont_setup(m, &mp);
sp_2048_mont_norm_64(norm, m);
@@ -5308,9 +5268,8 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -9044,12 +9003,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[16 * 96];
#endif
sp_digit* t[16];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -9061,19 +9020,14 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 96), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<16; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 96;
-#else
- t[i] = &td[i * 96];
-#endif
}
sp_3072_mont_setup(m, &mp);
@@ -9169,9 +9123,8 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -9190,12 +9143,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[32 * 96];
#endif
sp_digit* t[32];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -9207,19 +9160,14 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 96), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<32; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 96;
-#else
- t[i] = &td[i * 96];
-#endif
}
sp_3072_mont_setup(m, &mp);
@@ -9332,9 +9280,8 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -9912,12 +9859,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[16 * 192];
#endif
sp_digit* t[16];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -9929,19 +9876,14 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 192), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<16; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 192;
-#else
- t[i] = &td[i * 192];
-#endif
}
sp_3072_mont_setup(m, &mp);
@@ -10037,9 +9979,8 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -10058,12 +9999,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[32 * 192];
#endif
sp_digit* t[32];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -10075,19 +10016,14 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 192), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<32; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 192;
-#else
- t[i] = &td[i * 192];
-#endif
}
sp_3072_mont_setup(m, &mp);
@@ -10200,9 +10136,8 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -10226,18 +10161,15 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
const mp_int* mm, byte* out, word32* outLen)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit a[192];
- sp_digit m[96];
- sp_digit r[192];
-#else
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[96 * 5];
+#endif
sp_digit* m = NULL;
sp_digit* r = NULL;
-#endif
sp_digit *ah = NULL;
- sp_digit e[1];
+ sp_digit e[1] = {0};
int err = MP_OKAY;
if (*outLen < 384) {
@@ -10251,22 +10183,18 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 96 * 5, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 96 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- a = d;
- r = a + 96 * 2;
- m = r + 96 * 2;
- }
#endif
if (err == MP_OKAY) {
+ r = a + 96 * 2;
+ m = r + 96 * 2;
ah = a + 96;
sp_3072_from_bin(ah, 96, in, inLen);
@@ -10339,10 +10267,9 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
*outLen = 384;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
#endif
return err;
@@ -10410,8 +10337,12 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
#if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM)
- sp_digit* a = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[96 * 4];
+#endif
+ sp_digit* a = NULL;
sp_digit* m = NULL;
sp_digit* r = NULL;
int err = MP_OKAY;
@@ -10440,13 +10371,15 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 96 * 4, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL) {
+ if (d == NULL)
err = MEMORY_E;
- }
}
+#endif
+
if (err == MP_OKAY) {
a = d + 96;
m = a + 192;
@@ -10457,34 +10390,36 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
sp_3072_from_mp(m, 96, mm);
err = sp_3072_mod_exp_96(r, a, d, 3072, m, 0);
}
+
if (err == MP_OKAY) {
sp_3072_to_bin(r, out);
*outLen = 384;
}
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 96);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
+#endif
+ {
+ /* only "a" and "r" are sensitive and need zeroized (same pointer) */
+ if (a != NULL)
+ ForceZero(a, sizeof(sp_digit) * 96);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#endif
}
return err;
#else
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit a[96 * 2];
- sp_digit p[48];
- sp_digit q[48];
- sp_digit dp[48];
- sp_digit tmpa[96];
- sp_digit tmpb[96];
-#else
- sp_digit* t = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[48 * 11];
+#endif
sp_digit* p = NULL;
sp_digit* q = NULL;
sp_digit* dp = NULL;
sp_digit* tmpa = NULL;
sp_digit* tmpb = NULL;
-#endif
sp_digit* r = NULL;
sp_digit* qi = NULL;
sp_digit* dq = NULL;
@@ -10504,31 +10439,23 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 48 * 11, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 48 * 11, NULL,
DYNAMIC_TYPE_RSA);
- if (t == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
+#endif
+
if (err == MP_OKAY) {
- a = t;
p = a + 96 * 2;
q = p + 48;
qi = dq = dp = q + 48;
tmpa = qi + 48;
tmpb = tmpa + 96;
-
- r = t + 96;
- }
-#else
-#endif
-
- if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
r = a;
- qi = dq = dp;
-#endif
+
sp_3072_from_bin(a, 96, in, inLen);
sp_3072_from_mp(p, 48, pm);
sp_3072_from_mp(q, 48, qm);
@@ -10560,19 +10487,16 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 384;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_digit) * 48 * 11);
- XFREE(t, NULL, DYNAMIC_TYPE_RSA);
- }
-#else
- XMEMSET(tmpa, 0, sizeof(tmpa));
- XMEMSET(tmpb, 0, sizeof(tmpb));
- XMEMSET(p, 0, sizeof(p));
- XMEMSET(q, 0, sizeof(q));
- XMEMSET(dp, 0, sizeof(dp));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
#endif
-#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */
+ {
+ ForceZero(a, sizeof(sp_digit) * 48 * 11);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+ #endif
+ }
+#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */
return err;
}
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
@@ -11312,12 +11236,12 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits,
const sp_digit* m)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[289];
#endif
- sp_digit* norm;
- sp_digit* tmp;
+ sp_digit* norm = NULL;
+ sp_digit* tmp = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit o;
@@ -11330,18 +11254,13 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 289, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
tmp = td + 192;
-#else
- tmp = &td[192];
-#endif
sp_3072_mont_setup(m, &mp);
sp_3072_mont_norm_96(norm, m);
@@ -11412,9 +11331,8 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -13870,12 +13788,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[16 * 256];
#endif
sp_digit* t[16];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -13887,19 +13805,14 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 256), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<16; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 256;
-#else
- t[i] = &td[i * 256];
-#endif
}
sp_4096_mont_setup(m, &mp);
@@ -13995,9 +13908,8 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -14016,12 +13928,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[32 * 256];
#endif
sp_digit* t[32];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -14033,19 +13945,14 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 256), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<32; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 256;
-#else
- t[i] = &td[i * 256];
-#endif
}
sp_4096_mont_setup(m, &mp);
@@ -14158,9 +14065,8 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -14184,18 +14090,15 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
const mp_int* mm, byte* out, word32* outLen)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit a[256];
- sp_digit m[128];
- sp_digit r[256];
-#else
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[128 * 5];
+#endif
sp_digit* m = NULL;
sp_digit* r = NULL;
-#endif
sp_digit *ah = NULL;
- sp_digit e[1];
+ sp_digit e[1] = {0};
int err = MP_OKAY;
if (*outLen < 512) {
@@ -14209,22 +14112,18 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 128 * 5, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 128 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- a = d;
- r = a + 128 * 2;
- m = r + 128 * 2;
- }
#endif
if (err == MP_OKAY) {
+ r = a + 128 * 2;
+ m = r + 128 * 2;
ah = a + 128;
sp_4096_from_bin(ah, 128, in, inLen);
@@ -14297,10 +14196,9 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
*outLen = 512;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
#endif
return err;
@@ -14369,8 +14267,12 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
#if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM)
- sp_digit* a = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[128 * 4];
+#endif
+ sp_digit* a = NULL;
sp_digit* m = NULL;
sp_digit* r = NULL;
int err = MP_OKAY;
@@ -14399,13 +14301,15 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 128 * 4, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL) {
+ if (d == NULL)
err = MEMORY_E;
- }
}
+#endif
+
if (err == MP_OKAY) {
a = d + 128;
m = a + 256;
@@ -14416,34 +14320,36 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
sp_4096_from_mp(m, 128, mm);
err = sp_4096_mod_exp_128(r, a, d, 4096, m, 0);
}
+
if (err == MP_OKAY) {
sp_4096_to_bin(r, out);
*outLen = 512;
}
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 128);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
+#endif
+ {
+ /* only "a" and "r" are sensitive and need zeroized (same pointer) */
+ if (a != NULL)
+ ForceZero(a, sizeof(sp_digit) * 128);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#endif
}
return err;
#else
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit a[128 * 2];
- sp_digit p[64];
- sp_digit q[64];
- sp_digit dp[64];
- sp_digit tmpa[128];
- sp_digit tmpb[128];
-#else
- sp_digit* t = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[64 * 11];
+#endif
sp_digit* p = NULL;
sp_digit* q = NULL;
sp_digit* dp = NULL;
sp_digit* tmpa = NULL;
sp_digit* tmpb = NULL;
-#endif
sp_digit* r = NULL;
sp_digit* qi = NULL;
sp_digit* dq = NULL;
@@ -14463,31 +14369,23 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 11, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 11, NULL,
DYNAMIC_TYPE_RSA);
- if (t == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
+#endif
+
if (err == MP_OKAY) {
- a = t;
p = a + 128 * 2;
q = p + 64;
qi = dq = dp = q + 64;
tmpa = qi + 64;
tmpb = tmpa + 128;
-
- r = t + 128;
- }
-#else
-#endif
-
- if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
r = a;
- qi = dq = dp;
-#endif
+
sp_4096_from_bin(a, 128, in, inLen);
sp_4096_from_mp(p, 64, pm);
sp_4096_from_mp(q, 64, qm);
@@ -14519,19 +14417,16 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 512;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_digit) * 64 * 11);
- XFREE(t, NULL, DYNAMIC_TYPE_RSA);
- }
-#else
- XMEMSET(tmpa, 0, sizeof(tmpa));
- XMEMSET(tmpb, 0, sizeof(tmpb));
- XMEMSET(p, 0, sizeof(p));
- XMEMSET(q, 0, sizeof(q));
- XMEMSET(dp, 0, sizeof(dp));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
#endif
-#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */
+ {
+ ForceZero(a, sizeof(sp_digit) * 64 * 11);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+ #endif
+ }
+#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */
return err;
}
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
@@ -15467,12 +15362,12 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits,
const sp_digit* m)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[385];
#endif
- sp_digit* norm;
- sp_digit* tmp;
+ sp_digit* norm = NULL;
+ sp_digit* tmp = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit o;
@@ -15485,18 +15380,13 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 385, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
tmp = td + 256;
-#else
- tmp = &td[256];
-#endif
sp_4096_mont_setup(m, &mp);
sp_4096_mont_norm_128(norm, m);
@@ -15567,9 +15457,8 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -16161,64 +16050,6 @@ SP_NOINLINE static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a,
}
#endif /* WOLFSSL_SP_SMALL */
-/* Create a new point.
- *
- * heap [in] Buffer to allocate dynamic memory from.
- * sp [in] Data for point - only if not allocating.
- * p [out] New point.
- * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise.
- */
-static int sp_256_point_new_ex_8(void* heap, sp_point_256* sp,
- sp_point_256** p)
-{
- int ret = MP_OKAY;
- (void)heap;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- (void)sp;
- *p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC);
-#else
- *p = sp;
-#endif
- if (*p == NULL) {
- ret = MEMORY_E;
- }
- return ret;
-}
-
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* Allocate memory for point and return error. */
-#define sp_256_point_new_8(heap, sp, p) sp_256_point_new_ex_8((heap), NULL, &(p))
-#else
-/* Set pointer to data and return no error. */
-#define sp_256_point_new_8(heap, sp, p) sp_256_point_new_ex_8((heap), &(sp), &(p))
-#endif
-
-
-/* Free the point.
- *
- * p [in,out] Point to free.
- * clear [in] Indicates whether to zeroize point.
- * heap [in] Buffer from which dynamic memory was allocate from.
- */
-static void sp_256_point_free_8(sp_point_256* p, int clear, void* heap)
-{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* If valid pointer then clear point data if requested and free data. */
- if (p != NULL) {
- if (clear != 0) {
- XMEMSET(p, 0, sizeof(*p));
- }
- XFREE(p, heap, DYNAMIC_TYPE_ECC);
- }
-#else
-/* Clear point data if requested. */
- if ((p != NULL) && (clear != 0)) {
- XMEMSET(p, 0, sizeof(*p));
- }
-#endif
- (void)heap;
-}
-
/* Multiply a number by Montogmery normalizer mod modulus (prime).
*
* r The resulting Montgomery form number.
@@ -18034,56 +17865,55 @@ static void sp_256_get_point_16_8(sp_point_256* r, const sp_point_256* table,
static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, const sp_digit* k,
int map, int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 td[16];
- sp_point_256 rtd;
- sp_digit tmpd[2 * 8 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* t = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_256 t[16 + 1];
+ sp_digit tmp[2 * 8 * 5];
+#endif
+ sp_point_256* rt = NULL;
#ifndef WC_NO_CACHE_RESISTANT
- sp_point_256 pd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* p = NULL;
+#else
+ sp_point_256 p[1];
#endif
-#endif
- sp_point_256* t;
- sp_point_256* rt;
-#ifndef WC_NO_CACHE_RESISTANT
- sp_point_256* p;
-#endif
- sp_digit* tmp;
+#endif /* !WC_NO_CACHE_RESISTANT */
sp_digit n;
int i;
int c;
int y;
- int err;
+ int err = MP_OKAY;
/* Constant time used for cache attack resistance implementation. */
(void)ct;
(void)heap;
- err = sp_256_point_new_8(heap, rtd, rt);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-#ifndef WC_NO_CACHE_RESISTANT
- t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 17, heap, DYNAMIC_TYPE_ECC);
-#else
- t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 16, heap, DYNAMIC_TYPE_ECC);
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 16 + 1,
+ heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
-#else
- t = td;
- tmp = tmpd;
+ #ifndef WC_NO_CACHE_RESISTANT
+ if (err == MP_OKAY) {
+ p = (sp_point_256*)XMALLOC(sizeof(sp_point_256),
+ heap, DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
+ #endif
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
if (err == MP_OKAY) {
-#ifndef WC_NO_CACHE_RESISTANT
- #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- p = t + 16;
- #else
- p = &pd;
- #endif
-#endif
+ rt = t + 16;
+
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
@@ -18171,20 +18001,35 @@ static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, cons
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
- XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 8 * 5);
- XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
- }
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_point_256) * 16);
- XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- ForceZero(tmpd, sizeof(tmpd));
- ForceZero(td, sizeof(td));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
#endif
- sp_256_point_free_8(rt, 1, heap);
+ {
+ ForceZero(tmp, sizeof(sp_digit) * 2 * 8 * 5);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#ifndef WC_NO_CACHE_RESISTANT
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (p != NULL)
+ #endif
+ {
+ ForceZero(p, sizeof(sp_point_256));
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(p, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#endif /* !WC_NO_CACHE_RESISTANT */
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+#endif
+ {
+ ForceZero(t, sizeof(sp_point_256) * 17);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -18408,29 +18253,30 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r, const sp_point_256* p,
static int sp_256_gen_stripe_table_8(const sp_point_256* a,
sp_table_entry_256* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 td;
- sp_point_256 s1d;
- sp_point_256 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* t = NULL;
+#else
+ sp_point_256 t[3];
#endif
- sp_point_256* t;
sp_point_256* s1 = NULL;
sp_point_256* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_256_point_new_8(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_256_mod_mul_norm_8(t->x, a->x, p256_mod);
}
if (err == MP_OKAY) {
@@ -18475,9 +18321,10 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a,
}
}
- sp_256_point_free_8(s2, 0, heap);
- sp_256_point_free_8(s1, 0, heap);
- sp_256_point_free_8( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -18553,19 +18400,19 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
const sp_table_entry_256* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 rtd;
- sp_point_256 pd;
- sp_digit td[2 * 8 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_256 rt[2];
+ sp_digit t[2 * 8 * 5];
#endif
- sp_point_256* rt;
sp_point_256* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -18573,21 +18420,22 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
(void)heap;
- err = sp_256_point_new_8(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod));
XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod));
@@ -18638,13 +18486,12 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(p, 0, heap);
- sp_256_point_free_8(rt, 0, heap);
return err;
}
@@ -18810,29 +18657,30 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g, const sp_
static int sp_256_gen_stripe_table_8(const sp_point_256* a,
sp_table_entry_256* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 td;
- sp_point_256 s1d;
- sp_point_256 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* t = NULL;
+#else
+ sp_point_256 t[3];
#endif
- sp_point_256* t;
sp_point_256* s1 = NULL;
sp_point_256* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_256_point_new_8(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_256_mod_mul_norm_8(t->x, a->x, p256_mod);
}
if (err == MP_OKAY) {
@@ -18877,9 +18725,10 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a,
}
}
- sp_256_point_free_8(s2, 0, heap);
- sp_256_point_free_8(s1, 0, heap);
- sp_256_point_free_8( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -18955,19 +18804,19 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
const sp_table_entry_256* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 rtd;
- sp_point_256 pd;
- sp_digit td[2 * 8 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_256 rt[2];
+ sp_digit t[2 * 8 * 5];
#endif
- sp_point_256* rt;
sp_point_256* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -18975,21 +18824,22 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
(void)heap;
- err = sp_256_point_new_8(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod));
XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod));
@@ -19040,13 +18890,12 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(p, 0, heap);
- sp_256_point_free_8(rt, 0, heap);
return err;
}
@@ -19210,25 +19059,28 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g, const sp_
int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[8];
-#endif
- sp_point_256* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[1];
+ sp_digit k[8];
+#endif
int err = MP_OKAY;
- err = sp_256_point_new_8(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_256_from_mp(k, 8, km);
sp_256_point_from_ecc_point_8(point, gm);
@@ -19239,12 +19091,12 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
err = sp_256_point_to_ecc_point_8(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(point, 0, heap);
return err;
}
@@ -19264,37 +19116,35 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
const ecc_point* am, int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_point_256 a;
- sp_digit kd[8];
- sp_digit t[8 * 2 * 5];
-#endif
- sp_point_256* point;
- sp_point_256* addP = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[2];
+ sp_digit k[8 + 8 * 2 * 5];
+#endif
+ sp_point_256* addP = NULL;
sp_digit* tmp = NULL;
int err = MP_OKAY;
- err = sp_256_point_new_8(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 + 8 * 2 * 5), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (8 + 8 * 2 * 5), heap,
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 8;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 8;
+
sp_256_from_mp(k, 8, km);
sp_256_point_from_ecc_point_8(point, gm);
sp_256_point_from_ecc_point_8(addP, am);
@@ -19321,13 +19171,12 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
err = sp_256_point_to_ecc_point_8(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(addP, 0, heap);
- sp_256_point_free_8(point, 0, heap);
return err;
}
@@ -20761,26 +20610,28 @@ static int sp_256_ecc_mulmod_base_8(sp_point_256* r, const sp_digit* k,
*/
int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[8];
-#endif
- sp_point_256* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[1];
+ sp_digit k[8];
+#endif
int err = MP_OKAY;
- err = sp_256_point_new_8(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_256_from_mp(k, 8, km);
@@ -20790,12 +20641,12 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
err = sp_256_point_to_ecc_point_8(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(point, 0, heap);
return err;
}
@@ -20814,37 +20665,35 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_point_256 a;
- sp_digit kd[8];
- sp_digit t[8 * 2 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
+ sp_digit* k = NULL;
+#else
+ sp_point_256 point[2];
+ sp_digit k[8 + 8 * 2 * 5];
#endif
- sp_point_256* point;
sp_point_256* addP = NULL;
sp_digit* tmp = NULL;
- sp_digit* k = NULL;
int err = MP_OKAY;
- err = sp_256_point_new_8(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 + 8 * 2 * 5), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (8 + 8 * 2 * 5),
+ heap, DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 8;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 8;
+
sp_256_from_mp(k, 8, km);
sp_256_point_from_ecc_point_8(addP, am);
}
@@ -20870,13 +20719,12 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
err = sp_256_point_to_ecc_point_8(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(addP, 0, heap);
- sp_256_point_free_8(point, 0, heap);
return err;
}
@@ -21007,41 +20855,46 @@ static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k)
*/
int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[8];
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_point_256 inf;
-#endif
-#endif
- sp_point_256* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ sp_point_256 point[2];
+ #else
+ sp_point_256 point[1];
+ #endif
+ sp_digit k[8];
+#endif
#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
sp_point_256* infinity = NULL;
#endif
- int err;
+ int err = MP_OKAY;
+
(void)heap;
- err = sp_256_point_new_8(heap, p, point);
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, inf, infinity);
- }
-#endif
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, DYNAMIC_TYPE_ECC);
+ #else
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC);
+ #endif
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ infinity = point + 1;
+ #endif
+
err = sp_256_ecc_gen_k_8(rng, k);
}
if (err == MP_OKAY) {
@@ -21066,15 +20919,14 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
err = sp_256_point_to_ecc_point_8(point, pub);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
+ if (point != NULL) {
+ /* point is not sensitive, so no need to zeroize */
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
}
#endif
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_256_point_free_8(infinity, 1, heap);
-#endif
- sp_256_point_free_8(point, 1, heap);
return err;
}
@@ -21135,30 +20987,32 @@ static void sp_256_to_bin(sp_digit* r, byte* a)
int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
word32* outLen, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[8];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[1];
+ sp_digit k[8];
+#endif
int err = MP_OKAY;
if (*outLen < 32U) {
err = BUFFER_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, p, point);
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
@@ -21171,12 +21025,12 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
*outLen = 32;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(point, 0, heap);
return err;
}
@@ -21871,13 +21725,10 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
hashLen = 32U;
}
- sp_256_from_bin(ctx->e, 8, hash, (int)hashLen);
-
ctx->i = SP_ECC_MAX_SIG_GEN;
ctx->state = 1;
break;
case 1: /* GEN */
- sp_256_from_mp(ctx->x, 8, priv);
/* New random point. */
if (km == NULL || mp_iszero(km)) {
err = sp_256_ecc_gen_k_8(rng, ctx->k);
@@ -21905,6 +21756,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
c = sp_256_cmp_8(ctx->r, p256_order);
sp_256_cond_sub_8(ctx->r, ctx->r, p256_order, 0L - (sp_digit)(c >= 0));
sp_256_norm_8(ctx->r);
+
+ sp_256_from_mp(ctx->x, 8, priv);
+ sp_256_from_bin(ctx->e, 8, hash, (int)hashLen);
ctx->state = 4;
break;
}
@@ -21961,6 +21815,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
ctx->state = 10;
break;
}
+ #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP
+ ctx->i = 1;
+ #endif
/* not usable gen, try again */
ctx->i--;
@@ -21996,22 +21853,17 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng,
const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit ed[2*8];
- sp_digit xd[2*8];
- sp_digit kd[2*8];
- sp_digit rd[2*8];
- sp_digit td[3 * 2*8];
- sp_point_256 p;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* e = NULL;
+ sp_point_256* point = NULL;
+#else
+ sp_digit e[7 * 2 * 8];
+ sp_point_256 point[1];
+#endif
sp_digit* x = NULL;
sp_digit* k = NULL;
sp_digit* r = NULL;
sp_digit* tmp = NULL;
- sp_point_256* point = NULL;
sp_digit* s = NULL;
int32_t c;
int err = MP_OKAY;
@@ -22019,31 +21871,26 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng,
(void)heap;
- err = sp_256_point_new_8(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 8, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 8, heap,
+ DYNAMIC_TYPE_ECC);
+ if (e == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- e = d + 0 * 8;
- x = d + 2 * 8;
- k = d + 4 * 8;
- r = d + 6 * 8;
- tmp = d + 8 * 8;
-#else
- e = ed;
- x = xd;
- k = kd;
- r = rd;
- tmp = td;
-#endif
+ x = e + 2 * 8;
+ k = e + 4 * 8;
+ r = e + 6 * 8;
+ tmp = e + 8 * 8;
s = e;
if (hashLen > 32U) {
@@ -22098,19 +21945,24 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng,
err = sp_256_to_mp(s, sm);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 8 * 8);
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 2U * 8U);
- XMEMSET(x, 0, sizeof(sp_digit) * 2U * 8U);
- XMEMSET(k, 0, sizeof(sp_digit) * 2U * 8U);
- XMEMSET(r, 0, sizeof(sp_digit) * 2U * 8U);
- XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 8U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (e != NULL)
#endif
- sp_256_point_free_8(point, 1, heap);
+ {
+ ForceZero(e, sizeof(sp_digit) * 7 * 2 * 8);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(e, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (point != NULL)
+#endif
+ {
+ ForceZero(point, sizeof(sp_point_256));
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -22821,7 +22673,7 @@ typedef struct sp_ecc_verify_256_ctx {
int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ,
- const mp_int* r, const mp_int* sm, int* res, void* heap)
+ const mp_int* rm, const mp_int* sm, int* res, void* heap)
{
int err = FP_WOULDBLOCK;
sp_ecc_verify_256_ctx* ctx = (sp_ecc_verify_256_ctx*)sp_ctx->data;
@@ -22836,7 +22688,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
}
sp_256_from_bin(ctx->u1, 8, hash, (int)hashLen);
- sp_256_from_mp(ctx->u2, 8, r);
+ sp_256_from_mp(ctx->u2, 8, rm);
sp_256_from_mp(ctx->s, 8, sm);
sp_256_from_mp(ctx->p2.x, 8, pX);
sp_256_from_mp(ctx->p2.y, 8, pY);
@@ -22894,57 +22746,33 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
if (err == MP_OKAY)
ctx->state = 9;
break;
- case 9: /* DBLPREP */
- if (sp_256_iszero_8(ctx->p1.z)) {
- if (sp_256_iszero_8(ctx->p1.x) && sp_256_iszero_8(ctx->p1.y)) {
- XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
- ctx->state = 10;
- break;
- }
- else {
- /* Y ordinate is not used from here - don't set. */
- int i;
- for (i=0; i<8; i++) {
- ctx->p1.x[i] = 0;
- }
- XMEMCPY(ctx->p1.z, p256_norm_mod, sizeof(p256_norm_mod));
- }
- }
- ctx->state = 11;
- break;
- case 10: /* DBL */
- err = sp_256_proj_point_dbl_8_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1,
- &ctx->p2, ctx->tmp);
- if (err == MP_OKAY) {
- ctx->state = 11;
- }
- break;
- case 11: /* MONT */
+ case 9: /* MONT */
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_256_from_mp(ctx->u2, 8, r);
+ sp_256_from_mp(ctx->u2, 8, rm);
err = sp_256_mod_mul_norm_8(ctx->u2, ctx->u2, p256_mod);
if (err == MP_OKAY)
- ctx->state = 12;
+ ctx->state = 10;
break;
- case 12: /* SQR */
+ case 10: /* SQR */
/* u1 = r.z'.z' mod prime */
sp_256_mont_sqr_8(ctx->p1.z, ctx->p1.z, p256_mod, p256_mp_mod);
- ctx->state = 13;
+ ctx->state = 11;
break;
- case 13: /* MUL */
+ case 11: /* MUL */
sp_256_mont_mul_8(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, p256_mp_mod);
- ctx->state = 14;
+ ctx->state = 12;
break;
- case 14: /* RES */
+ case 12: /* RES */
+ {
+ int32_t c = 0;
err = MP_OKAY; /* math okay, now check result */
*res = (int)(sp_256_cmp_8(ctx->p1.x, ctx->u1) == 0);
if (*res == 0) {
sp_digit carry;
- int32_t c;
/* Reload r and add order. */
- sp_256_from_mp(ctx->u2, 8, r);
+ sp_256_from_mp(ctx->u2, 8, rm);
carry = sp_256_add_8(ctx->u2, ctx->u2, p256_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -22952,22 +22780,23 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
/* Compare with mod and if greater or equal then not valid. */
c = sp_256_cmp_8(ctx->u2, p256_mod);
- if (c < 0) {
- /* Convert to Montogomery form */
- err = sp_256_mod_mul_norm_8(ctx->u2, ctx->u2, p256_mod);
- if (err == MP_OKAY) {
- /* u1 = (r + 1*order).z'.z' mod prime */
- sp_256_mont_mul_8(ctx->u1, ctx->u2, ctx->p1.z, p256_mod,
- p256_mp_mod);
- *res = (int)(sp_256_cmp_8(ctx->p1.x, ctx->u1) == 0);
- }
- }
+ }
+ }
+ if ((*res == 0) && (c < 0)) {
+ /* Convert to Montogomery form */
+ err = sp_256_mod_mul_norm_8(ctx->u2, ctx->u2, p256_mod);
+ if (err == MP_OKAY) {
+ /* u1 = (r + 1*order).z'.z' mod prime */
+ sp_256_mont_mul_8(ctx->u1, ctx->u2, ctx->p1.z, p256_mod,
+ p256_mp_mod);
+ *res = (int)(sp_256_cmp_8(ctx->p1.x, ctx->u1) == 0);
}
}
break;
}
+ } /* switch */
- if (err == MP_OKAY && ctx->state != 14) {
+ if (err == MP_OKAY && ctx->state != 12) {
err = FP_WOULDBLOCK;
}
@@ -22976,62 +22805,51 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
#endif /* WOLFSSL_SP_NONBLOCK */
int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
- const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm,
+ const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm,
int* res, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit u1d[2*8];
- sp_digit u2d[2*8];
- sp_digit sd[2*8];
- sp_digit tmpd[2*8 * 5];
- sp_point_256 p1d;
- sp_point_256 p2d;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* u1 = NULL;
+ sp_point_256* p1 = NULL;
+#else
+ sp_digit u1[16 * 8];
+ sp_point_256 p1[2];
+#endif
sp_digit* u2 = NULL;
sp_digit* s = NULL;
sp_digit* tmp = NULL;
- sp_point_256* p1;
sp_point_256* p2 = NULL;
sp_digit carry;
int32_t c = 0;
- int err;
+ int err = MP_OKAY;
- err = sp_256_point_new_8(heap, p1d, p1);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, p2d, p2);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 8, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ p1 = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (p1 == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 8, heap,
+ DYNAMIC_TYPE_ECC);
+ if (u1 == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- u1 = d + 0 * 8;
- u2 = d + 2 * 8;
- s = d + 4 * 8;
- tmp = d + 6 * 8;
-#else
- u1 = u1d;
- u2 = u2d;
- s = sd;
- tmp = tmpd;
-#endif
+ u2 = u1 + 2 * 8;
+ s = u1 + 4 * 8;
+ tmp = u1 + 6 * 8;
+ p2 = p1 + 1;
if (hashLen > 32U) {
hashLen = 32U;
}
sp_256_from_bin(u1, 8, hash, (int)hashLen);
- sp_256_from_mp(u2, 8, r);
+ sp_256_from_mp(u2, 8, rm);
sp_256_from_mp(s, 8, sm);
sp_256_from_mp(p2->x, 8, pX);
sp_256_from_mp(p2->y, 8, pY);
@@ -23042,7 +22860,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
if (err == MP_OKAY) {
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_256_from_mp(u2, 8, r);
+ sp_256_from_mp(u2, 8, rm);
err = sp_256_mod_mul_norm_8(u2, u2, p256_mod);
}
@@ -23053,7 +22871,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
*res = (int)(sp_256_cmp_8(p1->x, u1) == 0);
if (*res == 0) {
/* Reload r and add order. */
- sp_256_from_mp(u2, 8, r);
+ sp_256_from_mp(u2, 8, rm);
carry = sp_256_add_8(u2, u2, p256_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -23062,8 +22880,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
/* Compare with mod and if greater or equal then not valid. */
c = sp_256_cmp_8(u2, p256_mod);
}
- }
- if ((*res == 0) && (c < 0)) {
+ }
+ if ((*res == 0) && (c < 0)) {
/* Convert to Montogomery form */
err = sp_256_mod_mul_norm_8(u2, u2, p256_mod);
if (err == MP_OKAY) {
@@ -23075,12 +22893,12 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL)
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (u1 != NULL)
+ XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+ if (p1 != NULL)
+ XFREE(p1, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(p1, 0, heap);
- sp_256_point_free_8(p2, 0, heap);
return err;
}
@@ -23097,32 +22915,23 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
static int sp_256_ecc_is_point_8(const sp_point_256* point,
void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2*8];
- sp_digit t2d[2*8];
+ sp_digit t1[8 * 4];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8 * 4, heap, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8 * 4, heap, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)heap;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 8;
- t2 = d + 2 * 8;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 8;
sp_256_sqr_8(t1, point->y);
(void)sp_256_mod_8(t1, t1, p256_mod);
@@ -23142,10 +22951,9 @@ static int sp_256_ecc_is_point_8(const sp_point_256* point,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, heap, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -23160,14 +22968,21 @@ static int sp_256_ecc_is_point_8(const sp_point_256* point,
*/
int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 pubd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* pub = NULL;
+#else
+ sp_point_256 pub[1];
+#endif
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
#endif
- sp_point_256* pub;
- byte one[1] = { 1 };
- int err;
- err = sp_256_point_new_8(NULL, pubd, pub);
if (err == MP_OKAY) {
sp_256_from_mp(pub->x, 8, pX);
sp_256_from_mp(pub->y, 8, pY);
@@ -23176,7 +22991,10 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
err = sp_256_ecc_is_point_8(pub, NULL);
}
- sp_256_point_free_8(pub, 0, NULL);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -23195,45 +23013,45 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
const mp_int* privm, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit privd[8];
- sp_point_256 pubd;
- sp_point_256 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* priv = NULL;
- sp_point_256* pub;
- sp_point_256* p = NULL;
- byte one[1] = { 1 };
- int err;
-
- err = sp_256_point_new_8(heap, pubd, pub);
- if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY && privm) {
- priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
- DYNAMIC_TYPE_ECC);
- if (priv == NULL) {
- err = MEMORY_E;
- }
- }
+ sp_point_256* pub = NULL;
+#else
+ sp_digit priv[8];
+ sp_point_256 pub[2];
#endif
+ sp_point_256* p = NULL;
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
/* Quick check the lengs of public key ordinates and private key are in
* range. Proper check later.
*/
- if ((err == MP_OKAY) && ((mp_count_bits(pX) > 256) ||
+ if (((mp_count_bits(pX) > 256) ||
(mp_count_bits(pY) > 256) ||
((privm != NULL) && (mp_count_bits(privm) > 256)))) {
err = ECC_OUT_OF_RANGE_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- priv = privd;
+ pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY && privm) {
+ priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
+ DYNAMIC_TYPE_ECC);
+ if (priv == NULL)
+ err = MEMORY_E;
+ }
#endif
+ if (err == MP_OKAY) {
+ p = pub + 1;
+
sp_256_from_mp(pub->x, 8, pX);
sp_256_from_mp(pub->y, 8, pY);
sp_256_from_bin(pub->z, 8, one, (int)sizeof(one));
@@ -23282,13 +23100,12 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (priv != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+ if (priv != NULL)
XFREE(priv, heap, DYNAMIC_TYPE_ECC);
- }
#endif
- sp_256_point_free_8(p, 0, heap);
- sp_256_point_free_8(pub, 0, heap);
return err;
}
@@ -23312,33 +23129,35 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* qX, mp_int* qY, mp_int* qZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 8 * 5];
- sp_point_256 pd;
- sp_point_256 qd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_256* p;
+ sp_point_256* p = NULL;
+#else
+ sp_digit tmp[2 * 8 * 5];
+ sp_point_256 p[2];
+#endif
sp_point_256* q = NULL;
int err;
- err = sp_256_point_new_8(NULL, pd, p);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_256_point_new_8(NULL, qd, q);
+ p = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, NULL,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (tmp == NULL) {
err = MEMORY_E;
}
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
+ q = p + 1;
+
sp_256_from_mp(p->x, 8, pX);
sp_256_from_mp(p->y, 8, pY);
sp_256_from_mp(p->z, 8, pZ);
@@ -23359,13 +23178,12 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_256_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(q, 0, NULL);
- sp_256_point_free_8(p, 0, NULL);
return err;
}
@@ -23384,25 +23202,28 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 8 * 2];
- sp_point_256 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_256* p;
- int err;
+ sp_point_256* p = NULL;
+#else
+ sp_digit tmp[2 * 8 * 2];
+ sp_point_256 p[1];
+#endif
+ int err = MP_OKAY;
- err = sp_256_point_new_8(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 2, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
@@ -23423,12 +23244,12 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_256_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(p, 0, NULL);
return err;
}
@@ -23443,25 +23264,29 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
*/
int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 8 * 4];
- sp_point_256 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_256* p;
- int err;
+ sp_point_256* p = NULL;
+#else
+ sp_digit tmp[2 * 8 * 4];
+ sp_point_256 p[1];
+#endif
+ int err = MP_OKAY;
- err = sp_256_point_new_8(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 4, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
sp_256_from_mp(p->x, 8, pX);
@@ -23481,12 +23306,12 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
err = sp_256_to_mp(p->z, pZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(p, 0, NULL);
return err;
}
@@ -23499,31 +23324,23 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
*/
static int sp_256_mont_sqrt_8(sp_digit* y)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2 * 8];
- sp_digit t2d[2 * 8];
+ sp_digit t1[4 * 8];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL) {
err = MEMORY_E;
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 8;
- t2 = d + 2 * 8;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 8;
{
/* t2 = y ^ 0x2 */
@@ -23558,10 +23375,9 @@ static int sp_256_mont_sqrt_8(sp_digit* y)
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -23577,31 +23393,22 @@ static int sp_256_mont_sqrt_8(sp_digit* y)
*/
int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
-#else
- sp_digit xd[2 * 8];
- sp_digit yd[2 * 8];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* x = NULL;
+#else
+ sp_digit x[4 * 8];
+#endif
sp_digit* y = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC);
+ if (x == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- x = d + 0 * 8;
- y = d + 2 * 8;
-#else
- x = xd;
- y = yd;
-#endif
+ y = x + 2 * 8;
sp_256_from_mp(x, 8, xm);
err = sp_256_mod_mul_norm_8(x, x, p256_mod);
@@ -23634,10 +23441,9 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
err = sp_256_to_mp(y, ym);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (x != NULL)
+ XFREE(x, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -24189,64 +23995,6 @@ SP_NOINLINE static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a,
}
#endif /* WOLFSSL_SP_SMALL */
-/* Create a new point.
- *
- * heap [in] Buffer to allocate dynamic memory from.
- * sp [in] Data for point - only if not allocating.
- * p [out] New point.
- * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise.
- */
-static int sp_384_point_new_ex_12(void* heap, sp_point_384* sp,
- sp_point_384** p)
-{
- int ret = MP_OKAY;
- (void)heap;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- (void)sp;
- *p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC);
-#else
- *p = sp;
-#endif
- if (*p == NULL) {
- ret = MEMORY_E;
- }
- return ret;
-}
-
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* Allocate memory for point and return error. */
-#define sp_384_point_new_12(heap, sp, p) sp_384_point_new_ex_12((heap), NULL, &(p))
-#else
-/* Set pointer to data and return no error. */
-#define sp_384_point_new_12(heap, sp, p) sp_384_point_new_ex_12((heap), &(sp), &(p))
-#endif
-
-
-/* Free the point.
- *
- * p [in,out] Point to free.
- * clear [in] Indicates whether to zeroize point.
- * heap [in] Buffer from which dynamic memory was allocate from.
- */
-static void sp_384_point_free_12(sp_point_384* p, int clear, void* heap)
-{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* If valid pointer then clear point data if requested and free data. */
- if (p != NULL) {
- if (clear != 0) {
- XMEMSET(p, 0, sizeof(*p));
- }
- XFREE(p, heap, DYNAMIC_TYPE_ECC);
- }
-#else
-/* Clear point data if requested. */
- if ((p != NULL) && (clear != 0)) {
- XMEMSET(p, 0, sizeof(*p));
- }
-#endif
- (void)heap;
-}
-
/* Multiply a number by Montogmery normalizer mod modulus (prime).
*
* r The resulting Montgomery form number.
@@ -24256,8 +24004,8 @@ static void sp_384_point_free_12(sp_point_384* p, int clear, void* heap)
*/
static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- int64_t* t;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ int64_t* t = NULL;
#else
int64_t t[12];
#endif
@@ -24266,7 +24014,7 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t = (int64_t*)XMALLOC(sizeof(int64_t) * 12, NULL, DYNAMIC_TYPE_ECC);
if (t == NULL) {
err = MEMORY_E;
@@ -24341,7 +24089,7 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit
r[11] = t[11];
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (t != NULL)
XFREE(t, NULL, DYNAMIC_TYPE_ECC);
#endif
@@ -25756,56 +25504,55 @@ static void sp_384_get_point_16_12(sp_point_384* r, const sp_point_384* table,
static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, const sp_digit* k,
int map, int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 td[16];
- sp_point_384 rtd;
- sp_digit tmpd[2 * 12 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* t = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_384 t[16 + 1];
+ sp_digit tmp[2 * 12 * 6];
+#endif
+ sp_point_384* rt = NULL;
#ifndef WC_NO_CACHE_RESISTANT
- sp_point_384 pd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* p = NULL;
+#else
+ sp_point_384 p[1];
#endif
-#endif
- sp_point_384* t;
- sp_point_384* rt;
-#ifndef WC_NO_CACHE_RESISTANT
- sp_point_384* p;
-#endif
- sp_digit* tmp;
+#endif /* !WC_NO_CACHE_RESISTANT */
sp_digit n;
int i;
int c;
int y;
- int err;
+ int err = MP_OKAY;
/* Constant time used for cache attack resistance implementation. */
(void)ct;
(void)heap;
- err = sp_384_point_new_12(heap, rtd, rt);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-#ifndef WC_NO_CACHE_RESISTANT
- t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 17, heap, DYNAMIC_TYPE_ECC);
-#else
- t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 16, heap, DYNAMIC_TYPE_ECC);
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 16 + 1,
+ heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
-#else
- t = td;
- tmp = tmpd;
+ #ifndef WC_NO_CACHE_RESISTANT
+ if (err == MP_OKAY) {
+ p = (sp_point_384*)XMALLOC(sizeof(sp_point_384),
+ heap, DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
+ #endif
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap,
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
if (err == MP_OKAY) {
-#ifndef WC_NO_CACHE_RESISTANT
- #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- p = t + 16;
- #else
- p = &pd;
- #endif
-#endif
+ rt = t + 16;
+
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
@@ -25893,20 +25640,35 @@ static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, con
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
- XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 12 * 6);
- XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
- }
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_point_384) * 16);
- XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- ForceZero(tmpd, sizeof(tmpd));
- ForceZero(td, sizeof(td));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
#endif
- sp_384_point_free_12(rt, 1, heap);
+ {
+ ForceZero(tmp, sizeof(sp_digit) * 2 * 12 * 6);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#ifndef WC_NO_CACHE_RESISTANT
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (p != NULL)
+ #endif
+ {
+ ForceZero(p, sizeof(sp_point_384));
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(p, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#endif /* !WC_NO_CACHE_RESISTANT */
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+#endif
+ {
+ ForceZero(t, sizeof(sp_point_384) * 17);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -26130,29 +25892,30 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r, const sp_point_384* p,
static int sp_384_gen_stripe_table_12(const sp_point_384* a,
sp_table_entry_384* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 td;
- sp_point_384 s1d;
- sp_point_384 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* t = NULL;
+#else
+ sp_point_384 t[3];
#endif
- sp_point_384* t;
sp_point_384* s1 = NULL;
sp_point_384* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_384_point_new_12(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_384_mod_mul_norm_12(t->x, a->x, p384_mod);
}
if (err == MP_OKAY) {
@@ -26197,9 +25960,10 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a,
}
}
- sp_384_point_free_12(s2, 0, heap);
- sp_384_point_free_12(s1, 0, heap);
- sp_384_point_free_12( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -26291,19 +26055,19 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
const sp_table_entry_384* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 rtd;
- sp_point_384 pd;
- sp_digit td[2 * 12 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_384 rt[2];
+ sp_digit t[2 * 12 * 6];
#endif
- sp_point_384* rt;
sp_point_384* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -26311,21 +26075,22 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
(void)heap;
- err = sp_384_point_new_12(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p384_norm_mod, sizeof(p384_norm_mod));
XMEMCPY(rt->z, p384_norm_mod, sizeof(p384_norm_mod));
@@ -26376,13 +26141,12 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(p, 0, heap);
- sp_384_point_free_12(rt, 0, heap);
return err;
}
@@ -26548,29 +26312,30 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g, const sp
static int sp_384_gen_stripe_table_12(const sp_point_384* a,
sp_table_entry_384* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 td;
- sp_point_384 s1d;
- sp_point_384 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* t = NULL;
+#else
+ sp_point_384 t[3];
#endif
- sp_point_384* t;
sp_point_384* s1 = NULL;
sp_point_384* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_384_point_new_12(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_384_mod_mul_norm_12(t->x, a->x, p384_mod);
}
if (err == MP_OKAY) {
@@ -26615,9 +26380,10 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a,
}
}
- sp_384_point_free_12(s2, 0, heap);
- sp_384_point_free_12(s1, 0, heap);
- sp_384_point_free_12( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -26709,19 +26475,19 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
const sp_table_entry_384* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 rtd;
- sp_point_384 pd;
- sp_digit td[2 * 12 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_384 rt[2];
+ sp_digit t[2 * 12 * 6];
#endif
- sp_point_384* rt;
sp_point_384* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -26729,21 +26495,22 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
(void)heap;
- err = sp_384_point_new_12(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p384_norm_mod, sizeof(p384_norm_mod));
XMEMCPY(rt->z, p384_norm_mod, sizeof(p384_norm_mod));
@@ -26794,13 +26561,12 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(p, 0, heap);
- sp_384_point_free_12(rt, 0, heap);
return err;
}
@@ -26964,25 +26730,28 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g, const sp
int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[12];
-#endif
- sp_point_384* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[1];
+ sp_digit k[12];
+#endif
int err = MP_OKAY;
- err = sp_384_point_new_12(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_384_from_mp(k, 12, km);
sp_384_point_from_ecc_point_12(point, gm);
@@ -26993,12 +26762,12 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
err = sp_384_point_to_ecc_point_12(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(point, 0, heap);
return err;
}
@@ -27018,37 +26787,35 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
const ecc_point* am, int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_point_384 a;
- sp_digit kd[12];
- sp_digit t[12 * 2 * 6];
-#endif
- sp_point_384* point;
- sp_point_384* addP = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[2];
+ sp_digit k[12 + 12 * 2 * 6];
+#endif
+ sp_point_384* addP = NULL;
sp_digit* tmp = NULL;
int err = MP_OKAY;
- err = sp_384_point_new_12(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (12 + 12 * 2 * 6), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (12 + 12 * 2 * 6), heap,
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 12;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 12;
+
sp_384_from_mp(k, 12, km);
sp_384_point_from_ecc_point_12(point, gm);
sp_384_point_from_ecc_point_12(addP, am);
@@ -27075,13 +26842,12 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
err = sp_384_point_to_ecc_point_12(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(addP, 0, heap);
- sp_384_point_free_12(point, 0, heap);
return err;
}
@@ -28515,26 +28281,28 @@ static int sp_384_ecc_mulmod_base_12(sp_point_384* r, const sp_digit* k,
*/
int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[12];
-#endif
- sp_point_384* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[1];
+ sp_digit k[12];
+#endif
int err = MP_OKAY;
- err = sp_384_point_new_12(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_384_from_mp(k, 12, km);
@@ -28544,12 +28312,12 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
err = sp_384_point_to_ecc_point_12(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(point, 0, heap);
return err;
}
@@ -28568,37 +28336,35 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_point_384 a;
- sp_digit kd[12];
- sp_digit t[12 * 2 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
+ sp_digit* k = NULL;
+#else
+ sp_point_384 point[2];
+ sp_digit k[12 + 12 * 2 * 6];
#endif
- sp_point_384* point;
sp_point_384* addP = NULL;
sp_digit* tmp = NULL;
- sp_digit* k = NULL;
int err = MP_OKAY;
- err = sp_384_point_new_12(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (12 + 12 * 2 * 6), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (12 + 12 * 2 * 6),
+ heap, DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 12;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 12;
+
sp_384_from_mp(k, 12, km);
sp_384_point_from_ecc_point_12(addP, am);
}
@@ -28624,13 +28390,12 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
err = sp_384_point_to_ecc_point_12(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(addP, 0, heap);
- sp_384_point_free_12(point, 0, heap);
return err;
}
@@ -28774,41 +28539,46 @@ static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k)
*/
int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[12];
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_point_384 inf;
-#endif
-#endif
- sp_point_384* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ sp_point_384 point[2];
+ #else
+ sp_point_384 point[1];
+ #endif
+ sp_digit k[12];
+#endif
#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
sp_point_384* infinity = NULL;
#endif
- int err;
+ int err = MP_OKAY;
+
(void)heap;
- err = sp_384_point_new_12(heap, p, point);
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, inf, infinity);
- }
-#endif
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, DYNAMIC_TYPE_ECC);
+ #else
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC);
+ #endif
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ infinity = point + 1;
+ #endif
+
err = sp_384_ecc_gen_k_12(rng, k);
}
if (err == MP_OKAY) {
@@ -28833,15 +28603,14 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
err = sp_384_point_to_ecc_point_12(point, pub);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
+ if (point != NULL) {
+ /* point is not sensitive, so no need to zeroize */
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
}
#endif
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_384_point_free_12(infinity, 1, heap);
-#endif
- sp_384_point_free_12(point, 1, heap);
return err;
}
@@ -28902,30 +28671,32 @@ static void sp_384_to_bin(sp_digit* r, byte* a)
int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
word32* outLen, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[12];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[1];
+ sp_digit k[12];
+#endif
int err = MP_OKAY;
if (*outLen < 48U) {
err = BUFFER_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, p, point);
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
@@ -28938,12 +28709,12 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
*outLen = 48;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(point, 0, heap);
return err;
}
@@ -29629,13 +29400,10 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
hashLen = 48U;
}
- sp_384_from_bin(ctx->e, 12, hash, (int)hashLen);
-
ctx->i = SP_ECC_MAX_SIG_GEN;
ctx->state = 1;
break;
case 1: /* GEN */
- sp_384_from_mp(ctx->x, 12, priv);
/* New random point. */
if (km == NULL || mp_iszero(km)) {
err = sp_384_ecc_gen_k_12(rng, ctx->k);
@@ -29663,6 +29431,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
c = sp_384_cmp_12(ctx->r, p384_order);
sp_384_cond_sub_12(ctx->r, ctx->r, p384_order, 0L - (sp_digit)(c >= 0));
sp_384_norm_12(ctx->r);
+
+ sp_384_from_mp(ctx->x, 12, priv);
+ sp_384_from_bin(ctx->e, 12, hash, (int)hashLen);
ctx->state = 4;
break;
}
@@ -29719,6 +29490,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
ctx->state = 10;
break;
}
+ #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP
+ ctx->i = 1;
+ #endif
/* not usable gen, try again */
ctx->i--;
@@ -29754,22 +29528,17 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng,
const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit ed[2*12];
- sp_digit xd[2*12];
- sp_digit kd[2*12];
- sp_digit rd[2*12];
- sp_digit td[3 * 2*12];
- sp_point_384 p;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* e = NULL;
+ sp_point_384* point = NULL;
+#else
+ sp_digit e[7 * 2 * 12];
+ sp_point_384 point[1];
+#endif
sp_digit* x = NULL;
sp_digit* k = NULL;
sp_digit* r = NULL;
sp_digit* tmp = NULL;
- sp_point_384* point = NULL;
sp_digit* s = NULL;
int32_t c;
int err = MP_OKAY;
@@ -29777,31 +29546,26 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng,
(void)heap;
- err = sp_384_point_new_12(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 12, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 12, heap,
+ DYNAMIC_TYPE_ECC);
+ if (e == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- e = d + 0 * 12;
- x = d + 2 * 12;
- k = d + 4 * 12;
- r = d + 6 * 12;
- tmp = d + 8 * 12;
-#else
- e = ed;
- x = xd;
- k = kd;
- r = rd;
- tmp = td;
-#endif
+ x = e + 2 * 12;
+ k = e + 4 * 12;
+ r = e + 6 * 12;
+ tmp = e + 8 * 12;
s = e;
if (hashLen > 48U) {
@@ -29856,19 +29620,24 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng,
err = sp_384_to_mp(s, sm);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 8 * 12);
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 2U * 12U);
- XMEMSET(x, 0, sizeof(sp_digit) * 2U * 12U);
- XMEMSET(k, 0, sizeof(sp_digit) * 2U * 12U);
- XMEMSET(r, 0, sizeof(sp_digit) * 2U * 12U);
- XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 12U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (e != NULL)
#endif
- sp_384_point_free_12(point, 1, heap);
+ {
+ ForceZero(e, sizeof(sp_digit) * 7 * 2 * 12);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(e, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (point != NULL)
+#endif
+ {
+ ForceZero(point, sizeof(sp_point_384));
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -30790,7 +30559,7 @@ typedef struct sp_ecc_verify_384_ctx {
int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ,
- const mp_int* r, const mp_int* sm, int* res, void* heap)
+ const mp_int* rm, const mp_int* sm, int* res, void* heap)
{
int err = FP_WOULDBLOCK;
sp_ecc_verify_384_ctx* ctx = (sp_ecc_verify_384_ctx*)sp_ctx->data;
@@ -30805,7 +30574,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
}
sp_384_from_bin(ctx->u1, 12, hash, (int)hashLen);
- sp_384_from_mp(ctx->u2, 12, r);
+ sp_384_from_mp(ctx->u2, 12, rm);
sp_384_from_mp(ctx->s, 12, sm);
sp_384_from_mp(ctx->p2.x, 12, pX);
sp_384_from_mp(ctx->p2.y, 12, pY);
@@ -30863,57 +30632,33 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
if (err == MP_OKAY)
ctx->state = 9;
break;
- case 9: /* DBLPREP */
- if (sp_384_iszero_12(ctx->p1.z)) {
- if (sp_384_iszero_12(ctx->p1.x) && sp_384_iszero_12(ctx->p1.y)) {
- XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
- ctx->state = 10;
- break;
- }
- else {
- /* Y ordinate is not used from here - don't set. */
- int i;
- for (i=0; i<12; i++) {
- ctx->p1.x[i] = 0;
- }
- XMEMCPY(ctx->p1.z, p384_norm_mod, sizeof(p384_norm_mod));
- }
- }
- ctx->state = 11;
- break;
- case 10: /* DBL */
- err = sp_384_proj_point_dbl_12_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1,
- &ctx->p2, ctx->tmp);
- if (err == MP_OKAY) {
- ctx->state = 11;
- }
- break;
- case 11: /* MONT */
+ case 9: /* MONT */
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_384_from_mp(ctx->u2, 12, r);
+ sp_384_from_mp(ctx->u2, 12, rm);
err = sp_384_mod_mul_norm_12(ctx->u2, ctx->u2, p384_mod);
if (err == MP_OKAY)
- ctx->state = 12;
+ ctx->state = 10;
break;
- case 12: /* SQR */
+ case 10: /* SQR */
/* u1 = r.z'.z' mod prime */
sp_384_mont_sqr_12(ctx->p1.z, ctx->p1.z, p384_mod, p384_mp_mod);
- ctx->state = 13;
+ ctx->state = 11;
break;
- case 13: /* MUL */
+ case 11: /* MUL */
sp_384_mont_mul_12(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, p384_mp_mod);
- ctx->state = 14;
+ ctx->state = 12;
break;
- case 14: /* RES */
+ case 12: /* RES */
+ {
+ int32_t c = 0;
err = MP_OKAY; /* math okay, now check result */
*res = (int)(sp_384_cmp_12(ctx->p1.x, ctx->u1) == 0);
if (*res == 0) {
sp_digit carry;
- int32_t c;
/* Reload r and add order. */
- sp_384_from_mp(ctx->u2, 12, r);
+ sp_384_from_mp(ctx->u2, 12, rm);
carry = sp_384_add_12(ctx->u2, ctx->u2, p384_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -30921,22 +30666,23 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
/* Compare with mod and if greater or equal then not valid. */
c = sp_384_cmp_12(ctx->u2, p384_mod);
- if (c < 0) {
- /* Convert to Montogomery form */
- err = sp_384_mod_mul_norm_12(ctx->u2, ctx->u2, p384_mod);
- if (err == MP_OKAY) {
- /* u1 = (r + 1*order).z'.z' mod prime */
- sp_384_mont_mul_12(ctx->u1, ctx->u2, ctx->p1.z, p384_mod,
- p384_mp_mod);
- *res = (int)(sp_384_cmp_12(ctx->p1.x, ctx->u1) == 0);
- }
- }
+ }
+ }
+ if ((*res == 0) && (c < 0)) {
+ /* Convert to Montogomery form */
+ err = sp_384_mod_mul_norm_12(ctx->u2, ctx->u2, p384_mod);
+ if (err == MP_OKAY) {
+ /* u1 = (r + 1*order).z'.z' mod prime */
+ sp_384_mont_mul_12(ctx->u1, ctx->u2, ctx->p1.z, p384_mod,
+ p384_mp_mod);
+ *res = (int)(sp_384_cmp_12(ctx->p1.x, ctx->u1) == 0);
}
}
break;
}
+ } /* switch */
- if (err == MP_OKAY && ctx->state != 14) {
+ if (err == MP_OKAY && ctx->state != 12) {
err = FP_WOULDBLOCK;
}
@@ -30945,62 +30691,51 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
#endif /* WOLFSSL_SP_NONBLOCK */
int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
- const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm,
+ const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm,
int* res, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit u1d[2*12];
- sp_digit u2d[2*12];
- sp_digit sd[2*12];
- sp_digit tmpd[2*12 * 5];
- sp_point_384 p1d;
- sp_point_384 p2d;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* u1 = NULL;
+ sp_point_384* p1 = NULL;
+#else
+ sp_digit u1[16 * 12];
+ sp_point_384 p1[2];
+#endif
sp_digit* u2 = NULL;
sp_digit* s = NULL;
sp_digit* tmp = NULL;
- sp_point_384* p1;
sp_point_384* p2 = NULL;
sp_digit carry;
int32_t c = 0;
- int err;
+ int err = MP_OKAY;
- err = sp_384_point_new_12(heap, p1d, p1);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, p2d, p2);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 12, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ p1 = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (p1 == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 12, heap,
+ DYNAMIC_TYPE_ECC);
+ if (u1 == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- u1 = d + 0 * 12;
- u2 = d + 2 * 12;
- s = d + 4 * 12;
- tmp = d + 6 * 12;
-#else
- u1 = u1d;
- u2 = u2d;
- s = sd;
- tmp = tmpd;
-#endif
+ u2 = u1 + 2 * 12;
+ s = u1 + 4 * 12;
+ tmp = u1 + 6 * 12;
+ p2 = p1 + 1;
if (hashLen > 48U) {
hashLen = 48U;
}
sp_384_from_bin(u1, 12, hash, (int)hashLen);
- sp_384_from_mp(u2, 12, r);
+ sp_384_from_mp(u2, 12, rm);
sp_384_from_mp(s, 12, sm);
sp_384_from_mp(p2->x, 12, pX);
sp_384_from_mp(p2->y, 12, pY);
@@ -31011,7 +30746,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
if (err == MP_OKAY) {
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_384_from_mp(u2, 12, r);
+ sp_384_from_mp(u2, 12, rm);
err = sp_384_mod_mul_norm_12(u2, u2, p384_mod);
}
@@ -31022,7 +30757,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
*res = (int)(sp_384_cmp_12(p1->x, u1) == 0);
if (*res == 0) {
/* Reload r and add order. */
- sp_384_from_mp(u2, 12, r);
+ sp_384_from_mp(u2, 12, rm);
carry = sp_384_add_12(u2, u2, p384_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -31031,8 +30766,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
/* Compare with mod and if greater or equal then not valid. */
c = sp_384_cmp_12(u2, p384_mod);
}
- }
- if ((*res == 0) && (c < 0)) {
+ }
+ if ((*res == 0) && (c < 0)) {
/* Convert to Montogomery form */
err = sp_384_mod_mul_norm_12(u2, u2, p384_mod);
if (err == MP_OKAY) {
@@ -31044,12 +30779,12 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL)
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (u1 != NULL)
+ XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+ if (p1 != NULL)
+ XFREE(p1, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(p1, 0, heap);
- sp_384_point_free_12(p2, 0, heap);
return err;
}
@@ -31066,32 +30801,23 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
static int sp_384_ecc_is_point_12(const sp_point_384* point,
void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2*12];
- sp_digit t2d[2*12];
+ sp_digit t1[12 * 4];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12 * 4, heap, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12 * 4, heap, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)heap;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 12;
- t2 = d + 2 * 12;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 12;
sp_384_sqr_12(t1, point->y);
(void)sp_384_mod_12(t1, t1, p384_mod);
@@ -31111,10 +30837,9 @@ static int sp_384_ecc_is_point_12(const sp_point_384* point,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, heap, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -31129,14 +30854,21 @@ static int sp_384_ecc_is_point_12(const sp_point_384* point,
*/
int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 pubd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* pub = NULL;
+#else
+ sp_point_384 pub[1];
+#endif
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
#endif
- sp_point_384* pub;
- byte one[1] = { 1 };
- int err;
- err = sp_384_point_new_12(NULL, pubd, pub);
if (err == MP_OKAY) {
sp_384_from_mp(pub->x, 12, pX);
sp_384_from_mp(pub->y, 12, pY);
@@ -31145,7 +30877,10 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
err = sp_384_ecc_is_point_12(pub, NULL);
}
- sp_384_point_free_12(pub, 0, NULL);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -31164,45 +30899,45 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
const mp_int* privm, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit privd[12];
- sp_point_384 pubd;
- sp_point_384 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* priv = NULL;
- sp_point_384* pub;
- sp_point_384* p = NULL;
- byte one[1] = { 1 };
- int err;
-
- err = sp_384_point_new_12(heap, pubd, pub);
- if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY && privm) {
- priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap,
- DYNAMIC_TYPE_ECC);
- if (priv == NULL) {
- err = MEMORY_E;
- }
- }
+ sp_point_384* pub = NULL;
+#else
+ sp_digit priv[12];
+ sp_point_384 pub[2];
#endif
+ sp_point_384* p = NULL;
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
/* Quick check the lengs of public key ordinates and private key are in
* range. Proper check later.
*/
- if ((err == MP_OKAY) && ((mp_count_bits(pX) > 384) ||
+ if (((mp_count_bits(pX) > 384) ||
(mp_count_bits(pY) > 384) ||
((privm != NULL) && (mp_count_bits(privm) > 384)))) {
err = ECC_OUT_OF_RANGE_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- priv = privd;
+ pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY && privm) {
+ priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap,
+ DYNAMIC_TYPE_ECC);
+ if (priv == NULL)
+ err = MEMORY_E;
+ }
#endif
+ if (err == MP_OKAY) {
+ p = pub + 1;
+
sp_384_from_mp(pub->x, 12, pX);
sp_384_from_mp(pub->y, 12, pY);
sp_384_from_bin(pub->z, 12, one, (int)sizeof(one));
@@ -31251,13 +30986,12 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (priv != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+ if (priv != NULL)
XFREE(priv, heap, DYNAMIC_TYPE_ECC);
- }
#endif
- sp_384_point_free_12(p, 0, heap);
- sp_384_point_free_12(pub, 0, heap);
return err;
}
@@ -31281,33 +31015,35 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* qX, mp_int* qY, mp_int* qZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 12 * 5];
- sp_point_384 pd;
- sp_point_384 qd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_384* p;
+ sp_point_384* p = NULL;
+#else
+ sp_digit tmp[2 * 12 * 5];
+ sp_point_384 p[2];
+#endif
sp_point_384* q = NULL;
int err;
- err = sp_384_point_new_12(NULL, pd, p);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_384_point_new_12(NULL, qd, q);
+ p = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 5, NULL,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (tmp == NULL) {
err = MEMORY_E;
}
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
+ q = p + 1;
+
sp_384_from_mp(p->x, 12, pX);
sp_384_from_mp(p->y, 12, pY);
sp_384_from_mp(p->z, 12, pZ);
@@ -31328,13 +31064,12 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_384_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(q, 0, NULL);
- sp_384_point_free_12(p, 0, NULL);
return err;
}
@@ -31353,25 +31088,28 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 12 * 2];
- sp_point_384 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_384* p;
- int err;
+ sp_point_384* p = NULL;
+#else
+ sp_digit tmp[2 * 12 * 2];
+ sp_point_384 p[1];
+#endif
+ int err = MP_OKAY;
- err = sp_384_point_new_12(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 2, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
@@ -31392,12 +31130,12 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_384_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(p, 0, NULL);
return err;
}
@@ -31412,25 +31150,29 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
*/
int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 12 * 6];
- sp_point_384 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_384* p;
- int err;
+ sp_point_384* p = NULL;
+#else
+ sp_digit tmp[2 * 12 * 6];
+ sp_point_384 p[1];
+#endif
+ int err = MP_OKAY;
- err = sp_384_point_new_12(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
sp_384_from_mp(p->x, 12, pX);
@@ -31450,12 +31192,12 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
err = sp_384_to_mp(p->z, pZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(p, 0, NULL);
return err;
}
@@ -31468,43 +31210,28 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
*/
static int sp_384_mont_sqrt_12(sp_digit* y)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2 * 12];
- sp_digit t2d[2 * 12];
- sp_digit t3d[2 * 12];
- sp_digit t4d[2 * 12];
- sp_digit t5d[2 * 12];
+ sp_digit t1[5 * 2 * 12];
#endif
- sp_digit* t1;
- sp_digit* t2;
- sp_digit* t3;
- sp_digit* t4;
- sp_digit* t5;
+ sp_digit* t2 = NULL;
+ sp_digit* t3 = NULL;
+ sp_digit* t4 = NULL;
+ sp_digit* t5 = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 12, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 12, NULL, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 12;
- t2 = d + 2 * 12;
- t3 = d + 4 * 12;
- t4 = d + 6 * 12;
- t5 = d + 8 * 12;
-#else
- t1 = t1d;
- t2 = t2d;
- t3 = t3d;
- t4 = t4d;
- t5 = t5d;
-#endif
+ t2 = t1 + 2 * 12;
+ t3 = t1 + 4 * 12;
+ t4 = t1 + 6 * 12;
+ t5 = t1 + 8 * 12;
{
/* t2 = y ^ 0x2 */
@@ -31564,10 +31291,9 @@ static int sp_384_mont_sqrt_12(sp_digit* y)
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -31583,31 +31309,22 @@ static int sp_384_mont_sqrt_12(sp_digit* y)
*/
int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
-#else
- sp_digit xd[2 * 12];
- sp_digit yd[2 * 12];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* x = NULL;
+#else
+ sp_digit x[4 * 12];
+#endif
sp_digit* y = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 12, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 12, NULL, DYNAMIC_TYPE_ECC);
+ if (x == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- x = d + 0 * 12;
- y = d + 2 * 12;
-#else
- x = xd;
- y = yd;
-#endif
+ y = x + 2 * 12;
sp_384_from_mp(x, 12, xm);
err = sp_384_mod_mul_norm_12(x, x, p384_mod);
@@ -31640,10 +31357,9 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
err = sp_384_to_mp(y, ym);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (x != NULL)
+ XFREE(x, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -33171,6 +32887,8 @@ static int sp_1024_mod_mul_norm_32(sp_digit* r, const sp_digit* a,
return sp_1024_mod_32(r, r, m);
}
+
+#ifdef WOLFCRYPT_HAVE_SAKKE
/* Create a new point.
*
* heap [in] Buffer to allocate dynamic memory from.
@@ -33202,8 +32920,8 @@ static int sp_1024_point_new_ex_32(void* heap, sp_point_1024* sp,
/* Set pointer to data and return no error. */
#define sp_1024_point_new_32(heap, sp, p) sp_1024_point_new_ex_32((heap), &(sp), &(p))
#endif
-
-
+#endif /* WOLFCRYPT_HAVE_SAKKE */
+#ifdef WOLFCRYPT_HAVE_SAKKE
/* Free the point.
*
* p [in,out] Point to free.
@@ -33228,6 +32946,7 @@ static void sp_1024_point_free_32(sp_point_1024* p, int clear, void* heap)
#endif
(void)heap;
}
+#endif /* WOLFCRYPT_HAVE_SAKKE */
/* Convert an mp_int to an array of sp_digit.
*
@@ -36276,43 +35995,40 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
static int sp_1024_ecc_mulmod_fast_32(sp_point_1024* r, const sp_point_1024* g, const sp_digit* k,
int map, int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 td[16];
- sp_point_1024 rtd;
- sp_digit tmpd[2 * 32 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* t = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_1024 t[16 + 1];
+ sp_digit tmp[2 * 32 * 5];
#endif
- sp_point_1024* t;
- sp_point_1024* rt;
- sp_digit* tmp;
+ sp_point_1024* rt = NULL;
sp_digit n;
int i;
int c;
int y;
- int err;
+ int err = MP_OKAY;
/* Constant time used for cache attack resistance implementation. */
(void)ct;
(void)heap;
- err = sp_1024_point_new_32(heap, rtd, rt);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-#ifndef WC_NO_CACHE_RESISTANT
- t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 17, heap, DYNAMIC_TYPE_ECC);
-#else
- t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 16, heap, DYNAMIC_TYPE_ECC);
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 16 + 1,
+ heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
-#else
- t = td;
- tmp = tmpd;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
if (err == MP_OKAY) {
+ rt = t + 16;
+
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
@@ -36380,20 +36096,24 @@ static int sp_1024_ecc_mulmod_fast_32(sp_point_1024* r, const sp_point_1024* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
- XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 32 * 5);
- XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
- }
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_point_1024) * 16);
- XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- ForceZero(tmpd, sizeof(tmpd));
- ForceZero(td, sizeof(td));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
#endif
- sp_1024_point_free_32(rt, 1, heap);
+ {
+ ForceZero(tmp, sizeof(sp_digit) * 2 * 32 * 5);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+#endif
+ {
+ ForceZero(t, sizeof(sp_point_1024) * 17);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -36617,29 +36337,30 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r, const sp_point_1024*
static int sp_1024_gen_stripe_table_32(const sp_point_1024* a,
sp_table_entry_1024* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 td;
- sp_point_1024 s1d;
- sp_point_1024 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* t = NULL;
+#else
+ sp_point_1024 t[3];
#endif
- sp_point_1024* t;
sp_point_1024* s1 = NULL;
sp_point_1024* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_1024_point_new_32(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_32(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_1024_point_new_32(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_1024_mod_mul_norm_32(t->x, a->x, p1024_mod);
}
if (err == MP_OKAY) {
@@ -36684,9 +36405,10 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a,
}
}
- sp_1024_point_free_32(s2, 0, heap);
- sp_1024_point_free_32(s1, 0, heap);
- sp_1024_point_free_32( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -36712,19 +36434,19 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
const sp_table_entry_1024* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 rtd;
- sp_point_1024 pd;
- sp_digit td[2 * 32 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_1024 rt[2];
+ sp_digit t[2 * 32 * 5];
#endif
- sp_point_1024* rt;
sp_point_1024* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -36732,21 +36454,22 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
(void)heap;
- err = sp_1024_point_new_32(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_32(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p1024_norm_mod, sizeof(p1024_norm_mod));
XMEMCPY(rt->z, p1024_norm_mod, sizeof(p1024_norm_mod));
@@ -36782,13 +36505,12 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_32(p, 0, heap);
- sp_1024_point_free_32(rt, 0, heap);
return err;
}
@@ -36954,29 +36676,30 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g, const
static int sp_1024_gen_stripe_table_32(const sp_point_1024* a,
sp_table_entry_1024* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 td;
- sp_point_1024 s1d;
- sp_point_1024 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* t = NULL;
+#else
+ sp_point_1024 t[3];
#endif
- sp_point_1024* t;
sp_point_1024* s1 = NULL;
sp_point_1024* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_1024_point_new_32(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_32(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_1024_point_new_32(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_1024_mod_mul_norm_32(t->x, a->x, p1024_mod);
}
if (err == MP_OKAY) {
@@ -37021,9 +36744,10 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a,
}
}
- sp_1024_point_free_32(s2, 0, heap);
- sp_1024_point_free_32(s1, 0, heap);
- sp_1024_point_free_32( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -37049,19 +36773,19 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
const sp_table_entry_1024* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 rtd;
- sp_point_1024 pd;
- sp_digit td[2 * 32 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_1024 rt[2];
+ sp_digit t[2 * 32 * 5];
#endif
- sp_point_1024* rt;
sp_point_1024* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -37069,21 +36793,22 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
(void)heap;
- err = sp_1024_point_new_32(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_32(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p1024_norm_mod, sizeof(p1024_norm_mod));
XMEMCPY(rt->z, p1024_norm_mod, sizeof(p1024_norm_mod));
@@ -37119,13 +36844,12 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_32(p, 0, heap);
- sp_1024_point_free_32(rt, 0, heap);
return err;
}
@@ -37289,25 +37013,28 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g, const
int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_digit kd[32];
-#endif
- sp_point_1024* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_1024 point[1];
+ sp_digit k[32];
+#endif
int err = MP_OKAY;
- err = sp_1024_point_new_32(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_1024_from_mp(k, 32, km);
sp_1024_point_from_ecc_point_32(point, gm);
@@ -37318,12 +37045,12 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
err = sp_1024_point_to_ecc_point_32(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_32(point, 0, heap);
return err;
}
@@ -40917,26 +40644,28 @@ static int sp_1024_ecc_mulmod_base_32(sp_point_1024* r, const sp_digit* k,
*/
int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_digit kd[32];
-#endif
- sp_point_1024* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_1024 point[1];
+ sp_digit k[32];
+#endif
int err = MP_OKAY;
- err = sp_1024_point_new_32(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_1024_from_mp(k, 32, km);
@@ -40946,12 +40675,12 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
err = sp_1024_point_to_ecc_point_32(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_32(point, 0, heap);
return err;
}
@@ -40970,37 +40699,35 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_point_1024 a;
- sp_digit kd[32];
- sp_digit t[32 * 2 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
+ sp_digit* k = NULL;
+#else
+ sp_point_1024 point[2];
+ sp_digit k[32 + 32 * 2 * 5];
#endif
- sp_point_1024* point;
sp_point_1024* addP = NULL;
sp_digit* tmp = NULL;
- sp_digit* k = NULL;
int err = MP_OKAY;
- err = sp_1024_point_new_32(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_1024_point_new_32(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 + 32 * 2 * 5), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (32 + 32 * 2 * 5),
+ heap, DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 32;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 32;
+
sp_1024_from_mp(k, 32, km);
sp_1024_point_from_ecc_point_32(addP, am);
}
@@ -41026,13 +40753,12 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
err = sp_1024_point_to_ecc_point_32(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_32(addP, 0, heap);
- sp_1024_point_free_32(point, 0, heap);
return err;
}
@@ -41050,29 +40776,43 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
void* heap)
{
- int err = 0;
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_point_1024* point = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_1024 point[1];
sp_digit t[5 * 2 * 32];
+#endif
+ int err = MP_OKAY;
if ((gm == NULL) || (len == NULL)) {
err = BAD_FUNC_ARG;
}
- if ((err == 0) && (table == NULL)) {
+ if ((err == MP_OKAY) && (table == NULL)) {
*len = sizeof(sp_table_entry_1024) * 256;
err = LENGTH_ONLY_E;
}
- if ((err == 0) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
+ if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
err = BUFFER_E;
}
- if (err == 0) {
- err = sp_1024_point_new_32(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
}
- if (err == 0) {
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 32, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+ }
+#endif
+
+ if (err == MP_OKAY) {
sp_1024_point_from_ecc_point_32(point, gm);
err = sp_1024_gen_stripe_table_32(point,
(sp_table_entry_1024*)table, t, heap);
@@ -41081,7 +40821,12 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
*len = sizeof(sp_table_entry_1024) * 256;
}
- sp_1024_point_free_32(point, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -41134,24 +40879,28 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_digit kd[32];
-#endif
- sp_point_1024* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_1024 point[1];
+ sp_digit k[32];
+#endif
int err = MP_OKAY;
- err = sp_1024_point_new_32(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap, DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_1024_from_mp(k, 32, km);
sp_1024_point_from_ecc_point_32(point, gm);
@@ -41168,12 +40917,12 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
err = sp_1024_point_to_ecc_point_32(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_32(point, 0, heap);
return err;
}
@@ -44624,33 +44373,24 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n)
static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2*32];
- sp_digit t2d[2*32];
+ sp_digit t1[32 * 4];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int32_t n;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 4, heap, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 4, heap, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)heap;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 32;
- t2 = d + 2 * 32;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 32;
sp_1024_sqr_32(t1, point->y);
(void)sp_1024_mod_32(t1, t1, p1024_mod);
@@ -44674,10 +44414,9 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, heap, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -44692,14 +44431,21 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
*/
int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 pubd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* pub = NULL;
+#else
+ sp_point_1024 pub[1];
+#endif
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
#endif
- sp_point_1024* pub;
- byte one[1] = { 1 };
- int err;
- err = sp_1024_point_new_32(NULL, pubd, pub);
if (err == MP_OKAY) {
sp_1024_from_mp(pub->x, 32, pX);
sp_1024_from_mp(pub->y, 32, pY);
@@ -44708,7 +44454,10 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
err = sp_1024_ecc_is_point_32(pub, NULL);
}
- sp_1024_point_free_32(pub, 0, NULL);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -44727,45 +44476,45 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
const mp_int* privm, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit privd[32];
- sp_point_1024 pubd;
- sp_point_1024 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* priv = NULL;
- sp_point_1024* pub;
- sp_point_1024* p = NULL;
- byte one[1] = { 1 };
- int err;
-
- err = sp_1024_point_new_32(heap, pubd, pub);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_32(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY && privm) {
- priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap,
- DYNAMIC_TYPE_ECC);
- if (priv == NULL) {
- err = MEMORY_E;
- }
- }
+ sp_point_1024* pub = NULL;
+#else
+ sp_digit priv[32];
+ sp_point_1024 pub[2];
#endif
+ sp_point_1024* p = NULL;
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
/* Quick check the lengs of public key ordinates and private key are in
* range. Proper check later.
*/
- if ((err == MP_OKAY) && ((mp_count_bits(pX) > 1024) ||
+ if (((mp_count_bits(pX) > 1024) ||
(mp_count_bits(pY) > 1024) ||
((privm != NULL) && (mp_count_bits(privm) > 1024)))) {
err = ECC_OUT_OF_RANGE_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- priv = privd;
+ pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY && privm) {
+ priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap,
+ DYNAMIC_TYPE_ECC);
+ if (priv == NULL)
+ err = MEMORY_E;
+ }
#endif
+ if (err == MP_OKAY) {
+ p = pub + 1;
+
sp_1024_from_mp(pub->x, 32, pX);
sp_1024_from_mp(pub->y, 32, pY);
sp_1024_from_bin(pub->z, 32, one, (int)sizeof(one));
@@ -44814,13 +44563,12 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (priv != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+ if (priv != NULL)
XFREE(priv, heap, DYNAMIC_TYPE_ECC);
- }
#endif
- sp_1024_point_free_32(p, 0, heap);
- sp_1024_point_free_32(pub, 0, heap);
return err;
}
diff --git a/wolfcrypt/src/sp_c32.c b/wolfcrypt/src/sp_c32.c
index 890e1006f..7f66b8d35 100644
--- a/wolfcrypt/src/sp_c32.c
+++ b/wolfcrypt/src/sp_c32.c
@@ -1797,40 +1797,29 @@ static int sp_2048_div_45(const sp_digit* a, const sp_digit* d,
#endif
sp_digit dv;
sp_digit r1;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[90 + 1];
- sp_digit t2d[45 + 1];
- sp_digit sdd[45 + 1];
+ sp_digit t1[4 * 45 + 3];
#endif
- sp_digit* t1;
- sp_digit* t2;
- sp_digit* sd;
+ sp_digit* t2 = NULL;
+ sp_digit* sd = NULL;
int err = MP_OKAY;
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 45 + 3), NULL,
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 45 + 3), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)m;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = td;
- t2 = td + 90 + 1;
+ t2 = t1 + 90 + 1;
sd = t2 + 45 + 1;
-#else
- t1 = t1d;
- t2 = t2d;
- sd = sdd;
-#endif
sp_2048_mul_d_45(sd, d, 1L << 11);
sp_2048_mul_d_90(t1, a, 1L << 11);
@@ -1849,6 +1838,7 @@ static int sp_2048_div_45(const sp_digit* a, const sp_digit* d,
sp_2048_mul_d_45(t2, sd, r1);
(void)sp_2048_sub_45(&t1[i], &t1[i], t2);
+ sp_2048_norm_45(&t1[i]);
t1[45 + i] -= t2[45];
t1[45 + i] += t1[45 + i - 1] >> 23;
t1[45 + i - 1] &= 0x7fffff;
@@ -1877,10 +1867,9 @@ static int sp_2048_div_45(const sp_digit* a, const sp_digit* d,
sp_2048_rshift_45(r, r, 11);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
- XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return err;
@@ -1911,13 +1900,13 @@ static int sp_2048_mod_exp_45(sp_digit* r, const sp_digit* a, const sp_digit* e,
const sp_digit* m, int reduceA)
{
#ifdef WOLFSSL_SP_SMALL
-#if !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* td = NULL;
#else
sp_digit td[3 * 90];
#endif
- sp_digit* t[3];
- sp_digit* norm;
+ sp_digit* t[3] = {0, 0, 0};
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -1925,22 +1914,17 @@ static int sp_2048_mod_exp_45(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
-#if !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 45 * 2, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<3; i++) {
-#if !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + (i * 45 * 2);
-#else
- t[i] = &td[i * 45 * 2];
-#endif
XMEMSET(t[i], 0, sizeof(sp_digit) * 45U * 2U);
}
@@ -1995,21 +1979,20 @@ static int sp_2048_mod_exp_45(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
-#if !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
#elif !defined(WC_NO_CACHE_RESISTANT)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[3 * 90];
#endif
- sp_digit* t[3];
- sp_digit* norm;
+ sp_digit* t[3] = {0, 0, 0};
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -2017,22 +2000,17 @@ static int sp_2048_mod_exp_45(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 45 * 2, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<3; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + (i * 45 * 2);
-#else
- t[i] = &td[i * 45 * 2];
-#endif
}
sp_2048_mont_setup(m, &mp);
@@ -2086,22 +2064,21 @@ static int sp_2048_mod_exp_45(sp_digit* r, const sp_digit* a, const sp_digit* e,
XMEMCPY(r, t[0], sizeof(*r) * 45 * 2);
}
-#ifdef WOLFSSL_SMALL_STACK
- if (td != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
#else
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[(32 * 90) + 90];
#endif
sp_digit* t[32];
sp_digit* rt = NULL;
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -2112,22 +2089,15 @@ static int sp_2048_mod_exp_45(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 90) + 90), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
for (i=0; i<32; i++)
t[i] = td + i * 90;
rt = td + 2880;
-#else
- for (i=0; i<32; i++)
- t[i] = &td[i * 90];
- rt = &td[2880];
-#endif
sp_2048_mont_setup(m, &mp);
sp_2048_mont_norm_45(norm, m);
@@ -2224,9 +2194,8 @@ static int sp_2048_mod_exp_45(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -2716,40 +2685,29 @@ static int sp_2048_div_90(const sp_digit* a, const sp_digit* d,
#endif
sp_digit dv;
sp_digit r1;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[180 + 1];
- sp_digit t2d[90 + 1];
- sp_digit sdd[90 + 1];
+ sp_digit t1[4 * 90 + 3];
#endif
- sp_digit* t1;
- sp_digit* t2;
- sp_digit* sd;
+ sp_digit* t2 = NULL;
+ sp_digit* sd = NULL;
int err = MP_OKAY;
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 90 + 3), NULL,
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 90 + 3), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)m;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = td;
- t2 = td + 180 + 1;
+ t2 = t1 + 180 + 1;
sd = t2 + 90 + 1;
-#else
- t1 = t1d;
- t2 = t2d;
- sd = sdd;
-#endif
sp_2048_mul_d_90(sd, d, 1L << 22);
sp_2048_mul_d_180(t1, a, 1L << 22);
@@ -2768,6 +2726,7 @@ static int sp_2048_div_90(const sp_digit* a, const sp_digit* d,
sp_2048_mul_d_90(t2, sd, r1);
(void)sp_2048_sub_90(&t1[i], &t1[i], t2);
+ sp_2048_norm_90(&t1[i]);
t1[90 + i] -= t2[90];
t1[90 + i] += t1[90 + i - 1] >> 23;
t1[90 + i - 1] &= 0x7fffff;
@@ -2796,10 +2755,9 @@ static int sp_2048_div_90(const sp_digit* a, const sp_digit* d,
sp_2048_rshift_90(r, r, 22);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
- XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return err;
@@ -2832,13 +2790,13 @@ static int sp_2048_mod_exp_90(sp_digit* r, const sp_digit* a, const sp_digit* e,
const sp_digit* m, int reduceA)
{
#ifdef WOLFSSL_SP_SMALL
-#if !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* td = NULL;
#else
sp_digit td[3 * 180];
#endif
- sp_digit* t[3];
- sp_digit* norm;
+ sp_digit* t[3] = {0, 0, 0};
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -2846,22 +2804,17 @@ static int sp_2048_mod_exp_90(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
-#if !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 90 * 2, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<3; i++) {
-#if !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + (i * 90 * 2);
-#else
- t[i] = &td[i * 90 * 2];
-#endif
XMEMSET(t[i], 0, sizeof(sp_digit) * 90U * 2U);
}
@@ -2916,21 +2869,20 @@ static int sp_2048_mod_exp_90(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
-#if !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
#elif !defined(WC_NO_CACHE_RESISTANT)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[3 * 180];
#endif
- sp_digit* t[3];
- sp_digit* norm;
+ sp_digit* t[3] = {0, 0, 0};
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -2938,22 +2890,17 @@ static int sp_2048_mod_exp_90(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 90 * 2, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<3; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + (i * 90 * 2);
-#else
- t[i] = &td[i * 90 * 2];
-#endif
}
sp_2048_mont_setup(m, &mp);
@@ -3007,22 +2954,21 @@ static int sp_2048_mod_exp_90(sp_digit* r, const sp_digit* a, const sp_digit* e,
XMEMCPY(r, t[0], sizeof(*r) * 90 * 2);
}
-#ifdef WOLFSSL_SMALL_STACK
- if (td != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
#else
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[(32 * 180) + 180];
#endif
sp_digit* t[32];
sp_digit* rt = NULL;
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -3033,22 +2979,15 @@ static int sp_2048_mod_exp_90(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 180) + 180), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
for (i=0; i<32; i++)
t[i] = td + i * 180;
rt = td + 5760;
-#else
- for (i=0; i<32; i++)
- t[i] = &td[i * 180];
- rt = &td[5760];
-#endif
sp_2048_mont_setup(m, &mp);
sp_2048_mont_norm_90(norm, m);
@@ -3145,9 +3084,8 @@ static int sp_2048_mod_exp_90(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -3173,8 +3111,11 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
const mp_int* mm, byte* out, word32* outLen)
{
#ifdef WOLFSSL_SP_SMALL
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[90 * 5];
+#endif
sp_digit* m = NULL;
sp_digit* r = NULL;
sp_digit* norm = NULL;
@@ -3202,15 +3143,16 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 90 * 5, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 90 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
+#endif
if (err == MP_OKAY) {
- a = d;
r = a + 90 * 2;
m = r + 90 * 2;
norm = r;
@@ -3263,18 +3205,17 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
*outLen = 256;
}
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+#endif
return err;
#else
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit ad[180];
- sp_digit md[90];
- sp_digit rd[180];
-#else
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[90 * 5];
#endif
sp_digit* a = NULL;
sp_digit* m = NULL;
@@ -3300,27 +3241,20 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 90 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL) {
+ if (d == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
a = d;
r = a + 90 * 2;
m = r + 90 * 2;
- }
-#else
- a = ad;
- m = md;
- r = rd;
-#endif
- if (err == MP_OKAY) {
sp_2048_from_bin(a, 90, in, inLen);
#if DIGIT_BIT >= 23
e[0] = (sp_digit)em->dp[0];
@@ -3384,10 +3318,9 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
*outLen = 256;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
#endif
return err;
@@ -3419,9 +3352,13 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
#if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM)
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* a = NULL;
+#if defined(WOLFSSL_SP_SMALL)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[90 * 4];
+#endif
+ sp_digit* a = NULL;
sp_digit* m = NULL;
sp_digit* r = NULL;
int err = MP_OKAY;
@@ -3450,13 +3387,15 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 90 * 4, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL) {
+ if (d == NULL)
err = MEMORY_E;
- }
}
+#endif
+
if (err == MP_OKAY) {
a = d + 90;
m = a + 180;
@@ -3467,22 +3406,34 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
sp_2048_from_mp(m, 90, mm);
err = sp_2048_mod_exp_90(r, a, d, 2048, m, 0);
}
+
if (err == MP_OKAY) {
sp_2048_to_bin(r, out);
*outLen = 256;
}
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 90);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
+#endif
+ {
+ /* only "a" and "r" are sensitive and need zeroized (same pointer) */
+ if (a != NULL)
+ ForceZero(a, sizeof(sp_digit) * 90);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#endif
}
return err;
#else
- sp_digit a[180];
- sp_digit d[90];
- sp_digit m[90];
- sp_digit* r = a;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* d = NULL;
+#else
+ sp_digit d[90 * 4];
+#endif
+ sp_digit* a = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
int err = MP_OKAY;
(void)pm;
@@ -3509,7 +3460,20 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
+ d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 90 * 4, NULL,
+ DYNAMIC_TYPE_RSA);
+ if (d == NULL)
+ err = MEMORY_E;
+ }
+#endif
+
+ if (err == MP_OKAY) {
+ a = d + 90;
+ m = a + 180;
+ r = a;
+
sp_2048_from_bin(a, 90, in, inLen);
sp_2048_from_mp(d, 90, dm);
sp_2048_from_mp(m, 90, mm);
@@ -3521,14 +3485,27 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 256;
}
- XMEMSET(d, 0, sizeof(sp_digit) * 90);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
+#endif
+ {
+ /* only "a" and "r" are sensitive and need zeroized (same pointer) */
+ if (a != NULL)
+ ForceZero(a, sizeof(sp_digit) * 90);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#endif
+ }
return err;
-#endif /* WOLFSSL_SP_SMALL | defined(WOLFSSL_SMALL_STACK) */
+#endif /* WOLFSSL_SP_SMALL */
#else
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* t = NULL;
+#if defined(WOLFSSL_SP_SMALL)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[45 * 11];
+#endif
sp_digit* p = NULL;
sp_digit* q = NULL;
sp_digit* dp = NULL;
@@ -3557,22 +3534,21 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 45 * 11, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 45 * 11, NULL,
DYNAMIC_TYPE_RSA);
- if (t == NULL) {
+ if (a == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
- a = t;
p = a + 90 * 2;
q = p + 45;
qi = dq = dp = q + 45;
tmpa = qi + 45;
tmpb = tmpa + 90;
-
- r = t + 90;
+ r = a + 90;
sp_2048_from_bin(a, 90, in, inLen);
sp_2048_from_mp(p, 45, pm);
@@ -3586,6 +3562,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
}
if (err == MP_OKAY) {
(void)sp_2048_sub_45(tmpa, tmpa, tmpb);
+ sp_2048_norm_45(tmpa);
sp_2048_cond_add_45(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[44] >> 31));
sp_2048_cond_add_45(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[44] >> 31));
@@ -3603,22 +3580,31 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 256;
}
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_digit) * 45 * 11);
- XFREE(t, NULL, DYNAMIC_TYPE_RSA);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+#endif
+ {
+ ForceZero(a, sizeof(sp_digit) * 45 * 11);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+#endif
}
return err;
#else
- sp_digit a[90 * 2];
- sp_digit p[45];
- sp_digit q[45];
- sp_digit dp[45];
- sp_digit dq[45];
- sp_digit qi[45];
- sp_digit tmpa[90];
- sp_digit tmpb[90];
- sp_digit* r = a;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* a = NULL;
+#else
+ sp_digit a[45 * 13];
+#endif
+ sp_digit* p = NULL;
+ sp_digit* q = NULL;
+ sp_digit* dp = NULL;
+ sp_digit* dq = NULL;
+ sp_digit* qi = NULL;
+ sp_digit* tmpa = NULL;
+ sp_digit* tmpb = NULL;
+ sp_digit* r = NULL;
int err = MP_OKAY;
(void)dm;
@@ -3639,7 +3625,25 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 45 * 13, NULL,
+ DYNAMIC_TYPE_RSA);
+ if (a == NULL)
+ err = MEMORY_E;
+ }
+#endif
+
+ if (err == MP_OKAY) {
+ p = a + 90 * 2;
+ q = p + 45;
+ dp = q + 45;
+ dq = dp + 45;
+ qi = dq + 45;
+ tmpa = qi + 45;
+ tmpb = tmpa + 90;
+ r = a;
+
sp_2048_from_bin(a, 90, in, inLen);
sp_2048_from_mp(p, 45, pm);
sp_2048_from_mp(q, 45, qm);
@@ -3655,6 +3659,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
if (err == MP_OKAY) {
(void)sp_2048_sub_45(tmpa, tmpa, tmpb);
+ sp_2048_norm_45(tmpa);
sp_2048_cond_add_45(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[44] >> 31));
sp_2048_cond_add_45(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[44] >> 31));
sp_2048_mul_45(tmpa, tmpa, qi);
@@ -3670,17 +3675,19 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 256;
}
- XMEMSET(tmpa, 0, sizeof(tmpa));
- XMEMSET(tmpb, 0, sizeof(tmpb));
- XMEMSET(p, 0, sizeof(p));
- XMEMSET(q, 0, sizeof(q));
- XMEMSET(dp, 0, sizeof(dp));
- XMEMSET(dq, 0, sizeof(dq));
- XMEMSET(qi, 0, sizeof(qi));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+if (a != NULL)
+#endif
+ {
+ ForceZero(a, sizeof(sp_digit) * 45 * 13);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+ #endif
+ }
return err;
-#endif /* WOLFSSL_SP_SMALL | defined(WOLFSSL_SMALL_STACK) */
-#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */
+#endif /* WOLFSSL_SP_SMALL */
+#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */
}
#endif /* !WOLFSSL_RSA_PUBLIC_ONLY */
@@ -3769,11 +3776,14 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod,
{
#ifdef WOLFSSL_SP_SMALL
int err = MP_OKAY;
- sp_digit* d = NULL;
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
+#else
+ sp_digit b[90 * 4];
+#endif
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
int expBits = mp_count_bits(exp);
if (mp_count_bits(base) > 2048) {
@@ -3789,16 +3799,16 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = MP_VAL;
}
-
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 90 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL) {
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 90 * 4, NULL,
+ DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
- b = d;
e = b + 90 * 2;
m = e + 90;
r = b;
@@ -3814,23 +3824,27 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = sp_2048_to_mp(r, res);
}
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 90U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
+#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 90U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
}
return err;
#else
-#ifndef WOLFSSL_SMALL_STACK
- sp_digit bd[180];
- sp_digit ed[90];
- sp_digit md[90];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
#else
- sp_digit* d = NULL;
+ sp_digit b[90 * 4];
#endif
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
int err = MP_OKAY;
int expBits = mp_count_bits(exp);
@@ -3847,26 +3861,19 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = MP_VAL;
}
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 90 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL)
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 90 * 4, NULL, DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- b = d;
- e = b + 90 * 2;
- m = e + 90;
- r = b;
- }
-#else
- r = b = bd;
- e = ed;
- m = md;
#endif
if (err == MP_OKAY) {
+ e = b + 90 * 2;
+ m = e + 90;
+ r = b;
+
sp_2048_from_mp(b, 90, base);
sp_2048_from_mp(e, 90, exp);
sp_2048_from_mp(m, 90, mod);
@@ -3879,14 +3886,17 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod,
}
-#ifdef WOLFSSL_SMALL_STACK
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 90U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 90U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 90U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
+ }
return err;
#endif
@@ -4104,12 +4114,12 @@ SP_NOINLINE static void sp_2048_lshift_90(sp_digit* r, const sp_digit* a,
static int sp_2048_mod_exp_2_90(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[271];
#endif
- sp_digit* norm;
- sp_digit* tmp;
+ sp_digit* norm = NULL;
+ sp_digit* tmp = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit o;
@@ -4121,20 +4131,14 @@ static int sp_2048_mod_exp_2_90(sp_digit* r, const sp_digit* e, int bits, const
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 271, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
tmp = td + 180;
XMEMSET(td, 0, sizeof(sp_digit) * 271);
-#else
- tmp = &td[180];
- XMEMSET(td, 0, sizeof(td));
-#endif
sp_2048_mont_setup(m, &mp);
sp_2048_mont_norm_90(norm, m);
@@ -4192,9 +4196,8 @@ static int sp_2048_mod_exp_2_90(sp_digit* r, const sp_digit* e, int bits, const
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -4219,11 +4222,14 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen,
{
#ifdef WOLFSSL_SP_SMALL
int err = MP_OKAY;
- sp_digit* d = NULL;
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
+#else
+ sp_digit b[90 * 4];
+#endif
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
word32 i;
if (mp_count_bits(base) > 2048) {
@@ -4239,15 +4245,15 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen,
err = MP_VAL;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 90 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL) {
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 90 * 4, NULL, DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
- b = d;
e = b + 90 * 2;
m = e + 90;
r = b;
@@ -4275,23 +4281,27 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen,
XMEMMOVE(out, out + i, *outLen);
}
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 90U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
+#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 90U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
}
return err;
#else
-#ifndef WOLFSSL_SMALL_STACK
- sp_digit bd[180];
- sp_digit ed[90];
- sp_digit md[90];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
#else
- sp_digit* d = NULL;
+ sp_digit b[90 * 4];
#endif
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
word32 i;
int err = MP_OKAY;
@@ -4308,26 +4318,20 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen,
err = MP_VAL;
}
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 90 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL)
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 90 * 4, NULL,
+ DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- b = d;
- e = b + 90 * 2;
- m = e + 90;
- r = b;
- }
-#else
- r = b = bd;
- e = ed;
- m = md;
#endif
if (err == MP_OKAY) {
+ e = b + 90 * 2;
+ m = e + 90;
+ r = b;
+
sp_2048_from_mp(b, 90, base);
sp_2048_from_bin(e, 90, exp, expLen);
sp_2048_from_mp(m, 90, mod);
@@ -4355,14 +4359,17 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen,
XMEMMOVE(out, out + i, *outLen);
}
-#ifdef WOLFSSL_SMALL_STACK
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 90U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 90U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 90U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
+ }
return err;
#endif
@@ -4383,11 +4390,14 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod,
{
#ifdef WOLFSSL_SP_SMALL
int err = MP_OKAY;
- sp_digit* d = NULL;
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
+#else
+ sp_digit b[45 * 4];
+#endif
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
int expBits = mp_count_bits(exp);
if (mp_count_bits(base) > 1024) {
@@ -4403,16 +4413,16 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = MP_VAL;
}
-
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 45 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL) {
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 45 * 4, NULL,
+ DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
- b = d;
e = b + 45 * 2;
m = e + 45;
r = b;
@@ -4429,23 +4439,27 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = sp_2048_to_mp(r, res);
}
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 45U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
+#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 90U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
}
return err;
#else
-#ifndef WOLFSSL_SMALL_STACK
- sp_digit bd[90];
- sp_digit ed[45];
- sp_digit md[45];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
#else
- sp_digit* d = NULL;
+ sp_digit b[45 * 4];
#endif
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
int err = MP_OKAY;
int expBits = mp_count_bits(exp);
@@ -4462,26 +4476,19 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = MP_VAL;
}
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 45 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL)
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 45 * 4, NULL, DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- b = d;
- e = b + 45 * 2;
- m = e + 45;
- r = b;
- }
-#else
- r = b = bd;
- e = ed;
- m = md;
#endif
if (err == MP_OKAY) {
+ e = b + 45 * 2;
+ m = e + 45;
+ r = b;
+
sp_2048_from_mp(b, 45, base);
sp_2048_from_mp(e, 45, exp);
sp_2048_from_mp(m, 45, mod);
@@ -4495,14 +4502,17 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod,
}
-#ifdef WOLFSSL_SMALL_STACK
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 45U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 45U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 90U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
+ }
return err;
#endif
@@ -5662,34 +5672,25 @@ static int sp_3072_div_67(const sp_digit* a, const sp_digit* d,
#endif
sp_digit dv;
sp_digit r1;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[134];
- sp_digit t2d[67 + 1];
+ sp_digit t1[3 * 67 + 1];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 67 + 1), NULL,
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 67 + 1), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = td;
- t2 = td + 2 * 67;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 67;
dv = d[66];
XMEMCPY(t1, a, sizeof(*t1) * 2U * 67U);
@@ -5707,6 +5708,7 @@ static int sp_3072_div_67(const sp_digit* a, const sp_digit* d,
sp_3072_mul_d_67(t2, d, r1);
(void)sp_3072_sub_67(&t1[i], &t1[i], t2);
+ sp_3072_norm_67(&t1[i]);
t1[67 + i] -= t2[67];
t1[67 + i] += t1[67 + i - 1] >> 23;
t1[67 + i - 1] &= 0x7fffff;
@@ -5732,10 +5734,9 @@ static int sp_3072_div_67(const sp_digit* a, const sp_digit* d,
(sp_digit)1 : (sp_digit)0));
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
- XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return err;
@@ -5766,13 +5767,13 @@ static int sp_3072_mod_exp_67(sp_digit* r, const sp_digit* a, const sp_digit* e,
const sp_digit* m, int reduceA)
{
#ifdef WOLFSSL_SP_SMALL
-#if !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* td = NULL;
#else
sp_digit td[3 * 134];
#endif
- sp_digit* t[3];
- sp_digit* norm;
+ sp_digit* t[3] = {0, 0, 0};
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -5780,22 +5781,17 @@ static int sp_3072_mod_exp_67(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
-#if !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 67 * 2, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<3; i++) {
-#if !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + (i * 67 * 2);
-#else
- t[i] = &td[i * 67 * 2];
-#endif
XMEMSET(t[i], 0, sizeof(sp_digit) * 67U * 2U);
}
@@ -5850,21 +5846,20 @@ static int sp_3072_mod_exp_67(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
-#if !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
#elif !defined(WC_NO_CACHE_RESISTANT)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[3 * 134];
#endif
- sp_digit* t[3];
- sp_digit* norm;
+ sp_digit* t[3] = {0, 0, 0};
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -5872,22 +5867,17 @@ static int sp_3072_mod_exp_67(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 67 * 2, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<3; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + (i * 67 * 2);
-#else
- t[i] = &td[i * 67 * 2];
-#endif
}
sp_3072_mont_setup(m, &mp);
@@ -5941,22 +5931,21 @@ static int sp_3072_mod_exp_67(sp_digit* r, const sp_digit* a, const sp_digit* e,
XMEMCPY(r, t[0], sizeof(*r) * 67 * 2);
}
-#ifdef WOLFSSL_SMALL_STACK
- if (td != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
#else
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[(32 * 134) + 134];
#endif
sp_digit* t[32];
sp_digit* rt = NULL;
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -5967,22 +5956,15 @@ static int sp_3072_mod_exp_67(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 134) + 134), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
for (i=0; i<32; i++)
t[i] = td + i * 134;
rt = td + 4288;
-#else
- for (i=0; i<32; i++)
- t[i] = &td[i * 134];
- rt = &td[4288];
-#endif
sp_3072_mont_setup(m, &mp);
sp_3072_mont_norm_67(norm, m);
@@ -6079,9 +6061,8 @@ static int sp_3072_mod_exp_67(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -6603,40 +6584,29 @@ static int sp_3072_div_134(const sp_digit* a, const sp_digit* d,
#endif
sp_digit dv;
sp_digit r1;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[268 + 1];
- sp_digit t2d[134 + 1];
- sp_digit sdd[134 + 1];
+ sp_digit t1[4 * 134 + 3];
#endif
- sp_digit* t1;
- sp_digit* t2;
- sp_digit* sd;
+ sp_digit* t2 = NULL;
+ sp_digit* sd = NULL;
int err = MP_OKAY;
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 134 + 3), NULL,
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 134 + 3), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)m;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = td;
- t2 = td + 268 + 1;
+ t2 = t1 + 268 + 1;
sd = t2 + 134 + 1;
-#else
- t1 = t1d;
- t2 = t2d;
- sd = sdd;
-#endif
sp_3072_mul_d_134(sd, d, 1L << 10);
sp_3072_mul_d_268(t1, a, 1L << 10);
@@ -6655,6 +6625,7 @@ static int sp_3072_div_134(const sp_digit* a, const sp_digit* d,
sp_3072_mul_d_134(t2, sd, r1);
(void)sp_3072_sub_134(&t1[i], &t1[i], t2);
+ sp_3072_norm_134(&t1[i]);
t1[134 + i] -= t2[134];
t1[134 + i] += t1[134 + i - 1] >> 23;
t1[134 + i - 1] &= 0x7fffff;
@@ -6683,10 +6654,9 @@ static int sp_3072_div_134(const sp_digit* a, const sp_digit* d,
sp_3072_rshift_134(r, r, 10);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
- XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return err;
@@ -6719,13 +6689,13 @@ static int sp_3072_mod_exp_134(sp_digit* r, const sp_digit* a, const sp_digit* e
const sp_digit* m, int reduceA)
{
#ifdef WOLFSSL_SP_SMALL
-#if !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* td = NULL;
#else
sp_digit td[3 * 268];
#endif
- sp_digit* t[3];
- sp_digit* norm;
+ sp_digit* t[3] = {0, 0, 0};
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -6733,22 +6703,17 @@ static int sp_3072_mod_exp_134(sp_digit* r, const sp_digit* a, const sp_digit* e
byte y;
int err = MP_OKAY;
-#if !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 134 * 2, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<3; i++) {
-#if !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + (i * 134 * 2);
-#else
- t[i] = &td[i * 134 * 2];
-#endif
XMEMSET(t[i], 0, sizeof(sp_digit) * 134U * 2U);
}
@@ -6803,21 +6768,20 @@ static int sp_3072_mod_exp_134(sp_digit* r, const sp_digit* a, const sp_digit* e
}
-#if !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
#elif !defined(WC_NO_CACHE_RESISTANT)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[3 * 268];
#endif
- sp_digit* t[3];
- sp_digit* norm;
+ sp_digit* t[3] = {0, 0, 0};
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -6825,22 +6789,17 @@ static int sp_3072_mod_exp_134(sp_digit* r, const sp_digit* a, const sp_digit* e
byte y;
int err = MP_OKAY;
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 134 * 2, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<3; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + (i * 134 * 2);
-#else
- t[i] = &td[i * 134 * 2];
-#endif
}
sp_3072_mont_setup(m, &mp);
@@ -6894,22 +6853,21 @@ static int sp_3072_mod_exp_134(sp_digit* r, const sp_digit* a, const sp_digit* e
XMEMCPY(r, t[0], sizeof(*r) * 134 * 2);
}
-#ifdef WOLFSSL_SMALL_STACK
- if (td != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
#else
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[(32 * 268) + 268];
#endif
sp_digit* t[32];
sp_digit* rt = NULL;
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -6920,22 +6878,15 @@ static int sp_3072_mod_exp_134(sp_digit* r, const sp_digit* a, const sp_digit* e
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 268) + 268), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
for (i=0; i<32; i++)
t[i] = td + i * 268;
rt = td + 8576;
-#else
- for (i=0; i<32; i++)
- t[i] = &td[i * 268];
- rt = &td[8576];
-#endif
sp_3072_mont_setup(m, &mp);
sp_3072_mont_norm_134(norm, m);
@@ -7032,9 +6983,8 @@ static int sp_3072_mod_exp_134(sp_digit* r, const sp_digit* a, const sp_digit* e
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -7060,8 +7010,11 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
const mp_int* mm, byte* out, word32* outLen)
{
#ifdef WOLFSSL_SP_SMALL
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[134 * 5];
+#endif
sp_digit* m = NULL;
sp_digit* r = NULL;
sp_digit* norm = NULL;
@@ -7089,15 +7042,16 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 134 * 5, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 134 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
+#endif
if (err == MP_OKAY) {
- a = d;
r = a + 134 * 2;
m = r + 134 * 2;
norm = r;
@@ -7150,18 +7104,17 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
*outLen = 384;
}
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+#endif
return err;
#else
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit ad[268];
- sp_digit md[134];
- sp_digit rd[268];
-#else
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[134 * 5];
#endif
sp_digit* a = NULL;
sp_digit* m = NULL;
@@ -7187,27 +7140,20 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 134 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL) {
+ if (d == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
a = d;
r = a + 134 * 2;
m = r + 134 * 2;
- }
-#else
- a = ad;
- m = md;
- r = rd;
-#endif
- if (err == MP_OKAY) {
sp_3072_from_bin(a, 134, in, inLen);
#if DIGIT_BIT >= 23
e[0] = (sp_digit)em->dp[0];
@@ -7271,10 +7217,9 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
*outLen = 384;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
#endif
return err;
@@ -7306,9 +7251,13 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
#if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM)
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* a = NULL;
+#if defined(WOLFSSL_SP_SMALL)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[134 * 4];
+#endif
+ sp_digit* a = NULL;
sp_digit* m = NULL;
sp_digit* r = NULL;
int err = MP_OKAY;
@@ -7337,13 +7286,15 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 134 * 4, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL) {
+ if (d == NULL)
err = MEMORY_E;
- }
}
+#endif
+
if (err == MP_OKAY) {
a = d + 134;
m = a + 268;
@@ -7354,22 +7305,34 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
sp_3072_from_mp(m, 134, mm);
err = sp_3072_mod_exp_134(r, a, d, 3072, m, 0);
}
+
if (err == MP_OKAY) {
sp_3072_to_bin(r, out);
*outLen = 384;
}
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 134);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
+#endif
+ {
+ /* only "a" and "r" are sensitive and need zeroized (same pointer) */
+ if (a != NULL)
+ ForceZero(a, sizeof(sp_digit) * 134);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#endif
}
return err;
#else
- sp_digit a[268];
- sp_digit d[134];
- sp_digit m[134];
- sp_digit* r = a;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* d = NULL;
+#else
+ sp_digit d[134 * 4];
+#endif
+ sp_digit* a = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
int err = MP_OKAY;
(void)pm;
@@ -7396,7 +7359,20 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
+ d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 134 * 4, NULL,
+ DYNAMIC_TYPE_RSA);
+ if (d == NULL)
+ err = MEMORY_E;
+ }
+#endif
+
+ if (err == MP_OKAY) {
+ a = d + 134;
+ m = a + 268;
+ r = a;
+
sp_3072_from_bin(a, 134, in, inLen);
sp_3072_from_mp(d, 134, dm);
sp_3072_from_mp(m, 134, mm);
@@ -7408,14 +7384,27 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 384;
}
- XMEMSET(d, 0, sizeof(sp_digit) * 134);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
+#endif
+ {
+ /* only "a" and "r" are sensitive and need zeroized (same pointer) */
+ if (a != NULL)
+ ForceZero(a, sizeof(sp_digit) * 134);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#endif
+ }
return err;
-#endif /* WOLFSSL_SP_SMALL | defined(WOLFSSL_SMALL_STACK) */
+#endif /* WOLFSSL_SP_SMALL */
#else
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* t = NULL;
+#if defined(WOLFSSL_SP_SMALL)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[67 * 11];
+#endif
sp_digit* p = NULL;
sp_digit* q = NULL;
sp_digit* dp = NULL;
@@ -7444,22 +7433,21 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 67 * 11, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 67 * 11, NULL,
DYNAMIC_TYPE_RSA);
- if (t == NULL) {
+ if (a == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
- a = t;
p = a + 134 * 2;
q = p + 67;
qi = dq = dp = q + 67;
tmpa = qi + 67;
tmpb = tmpa + 134;
-
- r = t + 134;
+ r = a + 134;
sp_3072_from_bin(a, 134, in, inLen);
sp_3072_from_mp(p, 67, pm);
@@ -7473,6 +7461,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
}
if (err == MP_OKAY) {
(void)sp_3072_sub_67(tmpa, tmpa, tmpb);
+ sp_3072_norm_67(tmpa);
sp_3072_cond_add_67(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[66] >> 31));
sp_3072_cond_add_67(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[66] >> 31));
@@ -7490,22 +7479,31 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 384;
}
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_digit) * 67 * 11);
- XFREE(t, NULL, DYNAMIC_TYPE_RSA);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+#endif
+ {
+ ForceZero(a, sizeof(sp_digit) * 67 * 11);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+#endif
}
return err;
#else
- sp_digit a[134 * 2];
- sp_digit p[67];
- sp_digit q[67];
- sp_digit dp[67];
- sp_digit dq[67];
- sp_digit qi[67];
- sp_digit tmpa[134];
- sp_digit tmpb[134];
- sp_digit* r = a;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* a = NULL;
+#else
+ sp_digit a[67 * 13];
+#endif
+ sp_digit* p = NULL;
+ sp_digit* q = NULL;
+ sp_digit* dp = NULL;
+ sp_digit* dq = NULL;
+ sp_digit* qi = NULL;
+ sp_digit* tmpa = NULL;
+ sp_digit* tmpb = NULL;
+ sp_digit* r = NULL;
int err = MP_OKAY;
(void)dm;
@@ -7526,7 +7524,25 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 67 * 13, NULL,
+ DYNAMIC_TYPE_RSA);
+ if (a == NULL)
+ err = MEMORY_E;
+ }
+#endif
+
+ if (err == MP_OKAY) {
+ p = a + 134 * 2;
+ q = p + 67;
+ dp = q + 67;
+ dq = dp + 67;
+ qi = dq + 67;
+ tmpa = qi + 67;
+ tmpb = tmpa + 134;
+ r = a;
+
sp_3072_from_bin(a, 134, in, inLen);
sp_3072_from_mp(p, 67, pm);
sp_3072_from_mp(q, 67, qm);
@@ -7542,6 +7558,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
if (err == MP_OKAY) {
(void)sp_3072_sub_67(tmpa, tmpa, tmpb);
+ sp_3072_norm_67(tmpa);
sp_3072_cond_add_67(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[66] >> 31));
sp_3072_cond_add_67(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[66] >> 31));
sp_3072_mul_67(tmpa, tmpa, qi);
@@ -7557,17 +7574,19 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 384;
}
- XMEMSET(tmpa, 0, sizeof(tmpa));
- XMEMSET(tmpb, 0, sizeof(tmpb));
- XMEMSET(p, 0, sizeof(p));
- XMEMSET(q, 0, sizeof(q));
- XMEMSET(dp, 0, sizeof(dp));
- XMEMSET(dq, 0, sizeof(dq));
- XMEMSET(qi, 0, sizeof(qi));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+if (a != NULL)
+#endif
+ {
+ ForceZero(a, sizeof(sp_digit) * 67 * 13);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+ #endif
+ }
return err;
-#endif /* WOLFSSL_SP_SMALL | defined(WOLFSSL_SMALL_STACK) */
-#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */
+#endif /* WOLFSSL_SP_SMALL */
+#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */
}
#endif /* !WOLFSSL_RSA_PUBLIC_ONLY */
@@ -7656,11 +7675,14 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod,
{
#ifdef WOLFSSL_SP_SMALL
int err = MP_OKAY;
- sp_digit* d = NULL;
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
+#else
+ sp_digit b[134 * 4];
+#endif
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
int expBits = mp_count_bits(exp);
if (mp_count_bits(base) > 3072) {
@@ -7676,16 +7698,16 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = MP_VAL;
}
-
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 134 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL) {
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 134 * 4, NULL,
+ DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
- b = d;
e = b + 134 * 2;
m = e + 134;
r = b;
@@ -7701,23 +7723,27 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = sp_3072_to_mp(r, res);
}
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 134U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
+#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 134U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
}
return err;
#else
-#ifndef WOLFSSL_SMALL_STACK
- sp_digit bd[268];
- sp_digit ed[134];
- sp_digit md[134];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
#else
- sp_digit* d = NULL;
+ sp_digit b[134 * 4];
#endif
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
int err = MP_OKAY;
int expBits = mp_count_bits(exp);
@@ -7734,26 +7760,19 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = MP_VAL;
}
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 134 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL)
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 134 * 4, NULL, DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- b = d;
- e = b + 134 * 2;
- m = e + 134;
- r = b;
- }
-#else
- r = b = bd;
- e = ed;
- m = md;
#endif
if (err == MP_OKAY) {
+ e = b + 134 * 2;
+ m = e + 134;
+ r = b;
+
sp_3072_from_mp(b, 134, base);
sp_3072_from_mp(e, 134, exp);
sp_3072_from_mp(m, 134, mod);
@@ -7766,14 +7785,17 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod,
}
-#ifdef WOLFSSL_SMALL_STACK
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 134U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 134U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 134U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
+ }
return err;
#endif
@@ -8079,12 +8101,12 @@ SP_NOINLINE static void sp_3072_lshift_134(sp_digit* r, const sp_digit* a,
static int sp_3072_mod_exp_2_134(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[403];
#endif
- sp_digit* norm;
- sp_digit* tmp;
+ sp_digit* norm = NULL;
+ sp_digit* tmp = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit o;
@@ -8096,20 +8118,14 @@ static int sp_3072_mod_exp_2_134(sp_digit* r, const sp_digit* e, int bits, const
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 403, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
tmp = td + 268;
XMEMSET(td, 0, sizeof(sp_digit) * 403);
-#else
- tmp = &td[268];
- XMEMSET(td, 0, sizeof(td));
-#endif
sp_3072_mont_setup(m, &mp);
sp_3072_mont_norm_134(norm, m);
@@ -8167,9 +8183,8 @@ static int sp_3072_mod_exp_2_134(sp_digit* r, const sp_digit* e, int bits, const
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -8194,11 +8209,14 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen,
{
#ifdef WOLFSSL_SP_SMALL
int err = MP_OKAY;
- sp_digit* d = NULL;
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
+#else
+ sp_digit b[134 * 4];
+#endif
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
word32 i;
if (mp_count_bits(base) > 3072) {
@@ -8214,15 +8232,15 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen,
err = MP_VAL;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 134 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL) {
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 134 * 4, NULL, DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
- b = d;
e = b + 134 * 2;
m = e + 134;
r = b;
@@ -8250,23 +8268,27 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen,
XMEMMOVE(out, out + i, *outLen);
}
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 134U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
+#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 134U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
}
return err;
#else
-#ifndef WOLFSSL_SMALL_STACK
- sp_digit bd[268];
- sp_digit ed[134];
- sp_digit md[134];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
#else
- sp_digit* d = NULL;
+ sp_digit b[134 * 4];
#endif
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
word32 i;
int err = MP_OKAY;
@@ -8283,26 +8305,20 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen,
err = MP_VAL;
}
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 134 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL)
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 134 * 4, NULL,
+ DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- b = d;
- e = b + 134 * 2;
- m = e + 134;
- r = b;
- }
-#else
- r = b = bd;
- e = ed;
- m = md;
#endif
if (err == MP_OKAY) {
+ e = b + 134 * 2;
+ m = e + 134;
+ r = b;
+
sp_3072_from_mp(b, 134, base);
sp_3072_from_bin(e, 134, exp, expLen);
sp_3072_from_mp(m, 134, mod);
@@ -8330,14 +8346,17 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen,
XMEMMOVE(out, out + i, *outLen);
}
-#ifdef WOLFSSL_SMALL_STACK
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 134U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 134U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 134U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
+ }
return err;
#endif
@@ -8358,11 +8377,14 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod,
{
#ifdef WOLFSSL_SP_SMALL
int err = MP_OKAY;
- sp_digit* d = NULL;
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
+#else
+ sp_digit b[67 * 4];
+#endif
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
int expBits = mp_count_bits(exp);
if (mp_count_bits(base) > 1536) {
@@ -8378,16 +8400,16 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = MP_VAL;
}
-
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 67 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL) {
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 67 * 4, NULL,
+ DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
- b = d;
e = b + 67 * 2;
m = e + 67;
r = b;
@@ -8404,23 +8426,27 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = sp_3072_to_mp(r, res);
}
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 67U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
+#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 134U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
}
return err;
#else
-#ifndef WOLFSSL_SMALL_STACK
- sp_digit bd[134];
- sp_digit ed[67];
- sp_digit md[67];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
#else
- sp_digit* d = NULL;
+ sp_digit b[67 * 4];
#endif
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
int err = MP_OKAY;
int expBits = mp_count_bits(exp);
@@ -8437,26 +8463,19 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = MP_VAL;
}
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 67 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL)
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 67 * 4, NULL, DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- b = d;
- e = b + 67 * 2;
- m = e + 67;
- r = b;
- }
-#else
- r = b = bd;
- e = ed;
- m = md;
#endif
if (err == MP_OKAY) {
+ e = b + 67 * 2;
+ m = e + 67;
+ r = b;
+
sp_3072_from_mp(b, 67, base);
sp_3072_from_mp(e, 67, exp);
sp_3072_from_mp(m, 67, mod);
@@ -8470,14 +8489,17 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod,
}
-#ifdef WOLFSSL_SMALL_STACK
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 67U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 67U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 134U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
+ }
return err;
#endif
@@ -9704,40 +9726,29 @@ static int sp_4096_div_98(const sp_digit* a, const sp_digit* d,
#endif
sp_digit dv;
sp_digit r1;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[196 + 1];
- sp_digit t2d[98 + 1];
- sp_digit sdd[98 + 1];
+ sp_digit t1[4 * 98 + 3];
#endif
- sp_digit* t1;
- sp_digit* t2;
- sp_digit* sd;
+ sp_digit* t2 = NULL;
+ sp_digit* sd = NULL;
int err = MP_OKAY;
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 98 + 3), NULL,
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 98 + 3), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)m;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = td;
- t2 = td + 196 + 1;
+ t2 = t1 + 196 + 1;
sd = t2 + 98 + 1;
-#else
- t1 = t1d;
- t2 = t2d;
- sd = sdd;
-#endif
sp_4096_mul_d_98(sd, d, 1L << 10);
sp_4096_mul_d_196(t1, a, 1L << 10);
@@ -9756,6 +9767,7 @@ static int sp_4096_div_98(const sp_digit* a, const sp_digit* d,
sp_4096_mul_d_98(t2, sd, r1);
(void)sp_4096_sub_98(&t1[i], &t1[i], t2);
+ sp_4096_norm_98(&t1[i]);
t1[98 + i] -= t2[98];
t1[98 + i] += t1[98 + i - 1] >> 21;
t1[98 + i - 1] &= 0x1fffff;
@@ -9784,10 +9796,9 @@ static int sp_4096_div_98(const sp_digit* a, const sp_digit* d,
sp_4096_rshift_98(r, r, 10);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
- XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return err;
@@ -9818,13 +9829,13 @@ static int sp_4096_mod_exp_98(sp_digit* r, const sp_digit* a, const sp_digit* e,
const sp_digit* m, int reduceA)
{
#ifdef WOLFSSL_SP_SMALL
-#if !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* td = NULL;
#else
sp_digit td[3 * 196];
#endif
- sp_digit* t[3];
- sp_digit* norm;
+ sp_digit* t[3] = {0, 0, 0};
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -9832,22 +9843,17 @@ static int sp_4096_mod_exp_98(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
-#if !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 98 * 2, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<3; i++) {
-#if !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + (i * 98 * 2);
-#else
- t[i] = &td[i * 98 * 2];
-#endif
XMEMSET(t[i], 0, sizeof(sp_digit) * 98U * 2U);
}
@@ -9902,21 +9908,20 @@ static int sp_4096_mod_exp_98(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
-#if !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
#elif !defined(WC_NO_CACHE_RESISTANT)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[3 * 196];
#endif
- sp_digit* t[3];
- sp_digit* norm;
+ sp_digit* t[3] = {0, 0, 0};
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -9924,22 +9929,17 @@ static int sp_4096_mod_exp_98(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 98 * 2, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<3; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + (i * 98 * 2);
-#else
- t[i] = &td[i * 98 * 2];
-#endif
}
sp_4096_mont_setup(m, &mp);
@@ -9993,22 +9993,21 @@ static int sp_4096_mod_exp_98(sp_digit* r, const sp_digit* a, const sp_digit* e,
XMEMCPY(r, t[0], sizeof(*r) * 98 * 2);
}
-#ifdef WOLFSSL_SMALL_STACK
- if (td != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
#else
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[(32 * 196) + 196];
#endif
sp_digit* t[32];
sp_digit* rt = NULL;
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -10019,22 +10018,15 @@ static int sp_4096_mod_exp_98(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 196) + 196), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
for (i=0; i<32; i++)
t[i] = td + i * 196;
rt = td + 6272;
-#else
- for (i=0; i<32; i++)
- t[i] = &td[i * 196];
- rt = &td[6272];
-#endif
sp_4096_mont_setup(m, &mp);
sp_4096_mont_norm_98(norm, m);
@@ -10131,9 +10123,8 @@ static int sp_4096_mod_exp_98(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -10640,40 +10631,29 @@ static int sp_4096_div_196(const sp_digit* a, const sp_digit* d,
#endif
sp_digit dv;
sp_digit r1;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[392 + 1];
- sp_digit t2d[196 + 1];
- sp_digit sdd[196 + 1];
+ sp_digit t1[4 * 196 + 3];
#endif
- sp_digit* t1;
- sp_digit* t2;
- sp_digit* sd;
+ sp_digit* t2 = NULL;
+ sp_digit* sd = NULL;
int err = MP_OKAY;
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 196 + 3), NULL,
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 196 + 3), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)m;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = td;
- t2 = td + 392 + 1;
+ t2 = t1 + 392 + 1;
sd = t2 + 196 + 1;
-#else
- t1 = t1d;
- t2 = t2d;
- sd = sdd;
-#endif
sp_4096_mul_d_196(sd, d, 1L << 20);
sp_4096_mul_d_392(t1, a, 1L << 20);
@@ -10692,6 +10672,7 @@ static int sp_4096_div_196(const sp_digit* a, const sp_digit* d,
sp_4096_mul_d_196(t2, sd, r1);
(void)sp_4096_sub_196(&t1[i], &t1[i], t2);
+ sp_4096_norm_196(&t1[i]);
t1[196 + i] -= t2[196];
t1[196 + i] += t1[196 + i - 1] >> 21;
t1[196 + i - 1] &= 0x1fffff;
@@ -10720,10 +10701,9 @@ static int sp_4096_div_196(const sp_digit* a, const sp_digit* d,
sp_4096_rshift_196(r, r, 20);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
- XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return err;
@@ -10756,13 +10736,13 @@ static int sp_4096_mod_exp_196(sp_digit* r, const sp_digit* a, const sp_digit* e
const sp_digit* m, int reduceA)
{
#ifdef WOLFSSL_SP_SMALL
-#if !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* td = NULL;
#else
sp_digit td[3 * 392];
#endif
- sp_digit* t[3];
- sp_digit* norm;
+ sp_digit* t[3] = {0, 0, 0};
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -10770,22 +10750,17 @@ static int sp_4096_mod_exp_196(sp_digit* r, const sp_digit* a, const sp_digit* e
byte y;
int err = MP_OKAY;
-#if !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 196 * 2, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<3; i++) {
-#if !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + (i * 196 * 2);
-#else
- t[i] = &td[i * 196 * 2];
-#endif
XMEMSET(t[i], 0, sizeof(sp_digit) * 196U * 2U);
}
@@ -10840,21 +10815,20 @@ static int sp_4096_mod_exp_196(sp_digit* r, const sp_digit* a, const sp_digit* e
}
-#if !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
#elif !defined(WC_NO_CACHE_RESISTANT)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[3 * 392];
#endif
- sp_digit* t[3];
- sp_digit* norm;
+ sp_digit* t[3] = {0, 0, 0};
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -10862,22 +10836,17 @@ static int sp_4096_mod_exp_196(sp_digit* r, const sp_digit* a, const sp_digit* e
byte y;
int err = MP_OKAY;
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 196 * 2, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<3; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + (i * 196 * 2);
-#else
- t[i] = &td[i * 196 * 2];
-#endif
}
sp_4096_mont_setup(m, &mp);
@@ -10931,22 +10900,21 @@ static int sp_4096_mod_exp_196(sp_digit* r, const sp_digit* a, const sp_digit* e
XMEMCPY(r, t[0], sizeof(*r) * 196 * 2);
}
-#ifdef WOLFSSL_SMALL_STACK
- if (td != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
#else
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[(32 * 392) + 392];
#endif
sp_digit* t[32];
sp_digit* rt = NULL;
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -10957,22 +10925,15 @@ static int sp_4096_mod_exp_196(sp_digit* r, const sp_digit* a, const sp_digit* e
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 392) + 392), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
for (i=0; i<32; i++)
t[i] = td + i * 392;
rt = td + 12544;
-#else
- for (i=0; i<32; i++)
- t[i] = &td[i * 392];
- rt = &td[12544];
-#endif
sp_4096_mont_setup(m, &mp);
sp_4096_mont_norm_196(norm, m);
@@ -11069,9 +11030,8 @@ static int sp_4096_mod_exp_196(sp_digit* r, const sp_digit* a, const sp_digit* e
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -11097,8 +11057,11 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
const mp_int* mm, byte* out, word32* outLen)
{
#ifdef WOLFSSL_SP_SMALL
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[196 * 5];
+#endif
sp_digit* m = NULL;
sp_digit* r = NULL;
sp_digit* norm = NULL;
@@ -11126,15 +11089,16 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 196 * 5, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 196 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
+#endif
if (err == MP_OKAY) {
- a = d;
r = a + 196 * 2;
m = r + 196 * 2;
norm = r;
@@ -11187,18 +11151,17 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
*outLen = 512;
}
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+#endif
return err;
#else
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit ad[392];
- sp_digit md[196];
- sp_digit rd[392];
-#else
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[196 * 5];
#endif
sp_digit* a = NULL;
sp_digit* m = NULL;
@@ -11224,27 +11187,20 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 196 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL) {
+ if (d == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
a = d;
r = a + 196 * 2;
m = r + 196 * 2;
- }
-#else
- a = ad;
- m = md;
- r = rd;
-#endif
- if (err == MP_OKAY) {
sp_4096_from_bin(a, 196, in, inLen);
#if DIGIT_BIT >= 21
e[0] = (sp_digit)em->dp[0];
@@ -11308,10 +11264,9 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
*outLen = 512;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
#endif
return err;
@@ -11343,9 +11298,13 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
#if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM)
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* a = NULL;
+#if defined(WOLFSSL_SP_SMALL)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[196 * 4];
+#endif
+ sp_digit* a = NULL;
sp_digit* m = NULL;
sp_digit* r = NULL;
int err = MP_OKAY;
@@ -11374,13 +11333,15 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 196 * 4, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL) {
+ if (d == NULL)
err = MEMORY_E;
- }
}
+#endif
+
if (err == MP_OKAY) {
a = d + 196;
m = a + 392;
@@ -11391,22 +11352,34 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
sp_4096_from_mp(m, 196, mm);
err = sp_4096_mod_exp_196(r, a, d, 4096, m, 0);
}
+
if (err == MP_OKAY) {
sp_4096_to_bin(r, out);
*outLen = 512;
}
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 196);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
+#endif
+ {
+ /* only "a" and "r" are sensitive and need zeroized (same pointer) */
+ if (a != NULL)
+ ForceZero(a, sizeof(sp_digit) * 196);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#endif
}
return err;
#else
- sp_digit a[392];
- sp_digit d[196];
- sp_digit m[196];
- sp_digit* r = a;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* d = NULL;
+#else
+ sp_digit d[196 * 4];
+#endif
+ sp_digit* a = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
int err = MP_OKAY;
(void)pm;
@@ -11433,7 +11406,20 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
+ d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 196 * 4, NULL,
+ DYNAMIC_TYPE_RSA);
+ if (d == NULL)
+ err = MEMORY_E;
+ }
+#endif
+
+ if (err == MP_OKAY) {
+ a = d + 196;
+ m = a + 392;
+ r = a;
+
sp_4096_from_bin(a, 196, in, inLen);
sp_4096_from_mp(d, 196, dm);
sp_4096_from_mp(m, 196, mm);
@@ -11445,14 +11431,27 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 512;
}
- XMEMSET(d, 0, sizeof(sp_digit) * 196);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
+#endif
+ {
+ /* only "a" and "r" are sensitive and need zeroized (same pointer) */
+ if (a != NULL)
+ ForceZero(a, sizeof(sp_digit) * 196);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#endif
+ }
return err;
-#endif /* WOLFSSL_SP_SMALL | defined(WOLFSSL_SMALL_STACK) */
+#endif /* WOLFSSL_SP_SMALL */
#else
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* t = NULL;
+#if defined(WOLFSSL_SP_SMALL)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[98 * 11];
+#endif
sp_digit* p = NULL;
sp_digit* q = NULL;
sp_digit* dp = NULL;
@@ -11481,22 +11480,21 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 98 * 11, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 98 * 11, NULL,
DYNAMIC_TYPE_RSA);
- if (t == NULL) {
+ if (a == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
- a = t;
p = a + 196 * 2;
q = p + 98;
qi = dq = dp = q + 98;
tmpa = qi + 98;
tmpb = tmpa + 196;
-
- r = t + 196;
+ r = a + 196;
sp_4096_from_bin(a, 196, in, inLen);
sp_4096_from_mp(p, 98, pm);
@@ -11510,6 +11508,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
}
if (err == MP_OKAY) {
(void)sp_4096_sub_98(tmpa, tmpa, tmpb);
+ sp_4096_norm_98(tmpa);
sp_4096_cond_add_98(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[97] >> 31));
sp_4096_cond_add_98(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[97] >> 31));
@@ -11527,22 +11526,31 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 512;
}
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_digit) * 98 * 11);
- XFREE(t, NULL, DYNAMIC_TYPE_RSA);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+#endif
+ {
+ ForceZero(a, sizeof(sp_digit) * 98 * 11);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+#endif
}
return err;
#else
- sp_digit a[196 * 2];
- sp_digit p[98];
- sp_digit q[98];
- sp_digit dp[98];
- sp_digit dq[98];
- sp_digit qi[98];
- sp_digit tmpa[196];
- sp_digit tmpb[196];
- sp_digit* r = a;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* a = NULL;
+#else
+ sp_digit a[98 * 13];
+#endif
+ sp_digit* p = NULL;
+ sp_digit* q = NULL;
+ sp_digit* dp = NULL;
+ sp_digit* dq = NULL;
+ sp_digit* qi = NULL;
+ sp_digit* tmpa = NULL;
+ sp_digit* tmpb = NULL;
+ sp_digit* r = NULL;
int err = MP_OKAY;
(void)dm;
@@ -11563,7 +11571,25 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 98 * 13, NULL,
+ DYNAMIC_TYPE_RSA);
+ if (a == NULL)
+ err = MEMORY_E;
+ }
+#endif
+
+ if (err == MP_OKAY) {
+ p = a + 196 * 2;
+ q = p + 98;
+ dp = q + 98;
+ dq = dp + 98;
+ qi = dq + 98;
+ tmpa = qi + 98;
+ tmpb = tmpa + 196;
+ r = a;
+
sp_4096_from_bin(a, 196, in, inLen);
sp_4096_from_mp(p, 98, pm);
sp_4096_from_mp(q, 98, qm);
@@ -11579,6 +11605,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
if (err == MP_OKAY) {
(void)sp_4096_sub_98(tmpa, tmpa, tmpb);
+ sp_4096_norm_98(tmpa);
sp_4096_cond_add_98(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[97] >> 31));
sp_4096_cond_add_98(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[97] >> 31));
sp_4096_mul_98(tmpa, tmpa, qi);
@@ -11594,17 +11621,19 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 512;
}
- XMEMSET(tmpa, 0, sizeof(tmpa));
- XMEMSET(tmpb, 0, sizeof(tmpb));
- XMEMSET(p, 0, sizeof(p));
- XMEMSET(q, 0, sizeof(q));
- XMEMSET(dp, 0, sizeof(dp));
- XMEMSET(dq, 0, sizeof(dq));
- XMEMSET(qi, 0, sizeof(qi));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+if (a != NULL)
+#endif
+ {
+ ForceZero(a, sizeof(sp_digit) * 98 * 13);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+ #endif
+ }
return err;
-#endif /* WOLFSSL_SP_SMALL | defined(WOLFSSL_SMALL_STACK) */
-#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */
+#endif /* WOLFSSL_SP_SMALL */
+#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */
}
#endif /* !WOLFSSL_RSA_PUBLIC_ONLY */
@@ -11693,11 +11722,14 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod,
{
#ifdef WOLFSSL_SP_SMALL
int err = MP_OKAY;
- sp_digit* d = NULL;
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
+#else
+ sp_digit b[196 * 4];
+#endif
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
int expBits = mp_count_bits(exp);
if (mp_count_bits(base) > 4096) {
@@ -11713,16 +11745,16 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = MP_VAL;
}
-
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 196 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL) {
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 196 * 4, NULL,
+ DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
- b = d;
e = b + 196 * 2;
m = e + 196;
r = b;
@@ -11738,23 +11770,27 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = sp_4096_to_mp(r, res);
}
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 196U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
+#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 196U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
}
return err;
#else
-#ifndef WOLFSSL_SMALL_STACK
- sp_digit bd[392];
- sp_digit ed[196];
- sp_digit md[196];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
#else
- sp_digit* d = NULL;
+ sp_digit b[196 * 4];
#endif
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
int err = MP_OKAY;
int expBits = mp_count_bits(exp);
@@ -11771,26 +11807,19 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = MP_VAL;
}
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 196 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL)
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 196 * 4, NULL, DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- b = d;
- e = b + 196 * 2;
- m = e + 196;
- r = b;
- }
-#else
- r = b = bd;
- e = ed;
- m = md;
#endif
if (err == MP_OKAY) {
+ e = b + 196 * 2;
+ m = e + 196;
+ r = b;
+
sp_4096_from_mp(b, 196, base);
sp_4096_from_mp(e, 196, exp);
sp_4096_from_mp(m, 196, mod);
@@ -11803,14 +11832,17 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod,
}
-#ifdef WOLFSSL_SMALL_STACK
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 196U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 196U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 196U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
+ }
return err;
#endif
@@ -12240,12 +12272,12 @@ SP_NOINLINE static void sp_4096_lshift_196(sp_digit* r, const sp_digit* a,
static int sp_4096_mod_exp_2_196(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[589];
#endif
- sp_digit* norm;
- sp_digit* tmp;
+ sp_digit* norm = NULL;
+ sp_digit* tmp = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit o;
@@ -12257,20 +12289,14 @@ static int sp_4096_mod_exp_2_196(sp_digit* r, const sp_digit* e, int bits, const
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 589, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
tmp = td + 392;
XMEMSET(td, 0, sizeof(sp_digit) * 589);
-#else
- tmp = &td[392];
- XMEMSET(td, 0, sizeof(td));
-#endif
sp_4096_mont_setup(m, &mp);
sp_4096_mont_norm_196(norm, m);
@@ -12328,9 +12354,8 @@ static int sp_4096_mod_exp_2_196(sp_digit* r, const sp_digit* e, int bits, const
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -12355,11 +12380,14 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen,
{
#ifdef WOLFSSL_SP_SMALL
int err = MP_OKAY;
- sp_digit* d = NULL;
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
+#else
+ sp_digit b[196 * 4];
+#endif
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
word32 i;
if (mp_count_bits(base) > 4096) {
@@ -12375,15 +12403,15 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen,
err = MP_VAL;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 196 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL) {
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 196 * 4, NULL, DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
- b = d;
e = b + 196 * 2;
m = e + 196;
r = b;
@@ -12411,23 +12439,27 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen,
XMEMMOVE(out, out + i, *outLen);
}
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 196U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
+#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 196U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
}
return err;
#else
-#ifndef WOLFSSL_SMALL_STACK
- sp_digit bd[392];
- sp_digit ed[196];
- sp_digit md[196];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
#else
- sp_digit* d = NULL;
+ sp_digit b[196 * 4];
#endif
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
word32 i;
int err = MP_OKAY;
@@ -12444,26 +12476,20 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen,
err = MP_VAL;
}
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 196 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL)
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 196 * 4, NULL,
+ DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- b = d;
- e = b + 196 * 2;
- m = e + 196;
- r = b;
- }
-#else
- r = b = bd;
- e = ed;
- m = md;
#endif
if (err == MP_OKAY) {
+ e = b + 196 * 2;
+ m = e + 196;
+ r = b;
+
sp_4096_from_mp(b, 196, base);
sp_4096_from_bin(e, 196, exp, expLen);
sp_4096_from_mp(m, 196, mod);
@@ -12491,14 +12517,17 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen,
XMEMMOVE(out, out + i, *outLen);
}
-#ifdef WOLFSSL_SMALL_STACK
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 196U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 196U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 196U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
+ }
return err;
#endif
@@ -12975,64 +13004,6 @@ SP_NOINLINE static int sp_256_sub_10(sp_digit* r, const sp_digit* a,
}
#endif /* WOLFSSL_SP_SMALL */
-/* Create a new point.
- *
- * heap [in] Buffer to allocate dynamic memory from.
- * sp [in] Data for point - only if not allocating.
- * p [out] New point.
- * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise.
- */
-static int sp_256_point_new_ex_10(void* heap, sp_point_256* sp,
- sp_point_256** p)
-{
- int ret = MP_OKAY;
- (void)heap;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- (void)sp;
- *p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC);
-#else
- *p = sp;
-#endif
- if (*p == NULL) {
- ret = MEMORY_E;
- }
- return ret;
-}
-
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* Allocate memory for point and return error. */
-#define sp_256_point_new_10(heap, sp, p) sp_256_point_new_ex_10((heap), NULL, &(p))
-#else
-/* Set pointer to data and return no error. */
-#define sp_256_point_new_10(heap, sp, p) sp_256_point_new_ex_10((heap), &(sp), &(p))
-#endif
-
-
-/* Free the point.
- *
- * p [in,out] Point to free.
- * clear [in] Indicates whether to zeroize point.
- * heap [in] Buffer from which dynamic memory was allocate from.
- */
-static void sp_256_point_free_10(sp_point_256* p, int clear, void* heap)
-{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* If valid pointer then clear point data if requested and free data. */
- if (p != NULL) {
- if (clear != 0) {
- XMEMSET(p, 0, sizeof(*p));
- }
- XFREE(p, heap, DYNAMIC_TYPE_ECC);
- }
-#else
-/* Clear point data if requested. */
- if ((p != NULL) && (clear != 0)) {
- XMEMSET(p, 0, sizeof(*p));
- }
-#endif
- (void)heap;
-}
-
/* Convert an mp_int to an array of sp_digit.
*
* r A single precision integer.
@@ -14276,34 +14247,25 @@ static void sp_256_proj_point_add_10(sp_point_256* r,
*/
static int sp_256_mod_mul_norm_10(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- int64_t* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ int64_t* t = NULL;
#else
- int64_t td[8];
- int64_t a32d[8];
+ int64_t t[2 * 8];
#endif
- int64_t* t;
- int64_t* a32;
+ int64_t* a32 = NULL;
int64_t o;
int err = MP_OKAY;
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- td = (int64_t*)XMALLOC(sizeof(int64_t) * 2 * 8, NULL, DYNAMIC_TYPE_ECC);
- if (td == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (int64_t*)XMALLOC(sizeof(int64_t) * 2 * 8, NULL, DYNAMIC_TYPE_ECC);
+ if (t == NULL)
return MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = td;
- a32 = td + 8;
-#else
- t = td;
- a32 = a32d;
-#endif
+ a32 = t + 8;
a32[0] = a[0];
a32[0] |= a[1] << 26U;
@@ -14394,10 +14356,9 @@ static int sp_256_mod_mul_norm_10(sp_digit* r, const sp_digit* a, const sp_digit
r[9] = (sp_digit)(t[7] >> 10U);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
- XFREE(td, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -14537,12 +14498,12 @@ static int sp_256_ecc_mulmod_10_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
static int sp_256_ecc_mulmod_10(sp_point_256* r, const sp_point_256* g,
const sp_digit* k, int map, int ct, void* heap)
{
-#ifdef WOLFSSL_SP_NO_MALLOC
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* t = NULL;
+ sp_digit* tmp = NULL;
+#else
sp_point_256 t[3];
sp_digit tmp[2 * 10 * 5];
-#else
- sp_point_256* t;
- sp_digit* tmp;
#endif
sp_digit n;
int i;
@@ -14550,18 +14511,21 @@ static int sp_256_ecc_mulmod_10(sp_point_256* r, const sp_point_256* g,
int y;
int err = MP_OKAY;
- /* Implementatio is constant time. */
+ /* Implementation is constant time. */
(void)ct;
(void)heap;
-#ifndef WOLFSSL_SP_NO_MALLOC
- t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap,
+ DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
if (err == MP_OKAY) {
@@ -14612,19 +14576,24 @@ static int sp_256_ecc_mulmod_10(sp_point_256* r, const sp_point_256* g,
}
}
-#ifndef WOLFSSL_SP_NO_MALLOC
- if (tmp != NULL) {
- XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 10 * 5);
- XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_point_256) * 3);
- XFREE(t, NULL, DYNAMIC_TYPE_ECC);
- }
-#else
- ForceZero(tmp, sizeof(tmp));
- ForceZero(t, sizeof(t));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
#endif
+ {
+ ForceZero(tmp, sizeof(sp_digit) * 2 * 10 * 5);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+#endif
+ {
+ ForceZero(t, sizeof(sp_point_256) * 3);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -15090,43 +15059,41 @@ static void sp_256_get_point_33_10(sp_point_256* r, const sp_point_256* table,
static int sp_256_ecc_mulmod_win_add_sub_10(sp_point_256* r, const sp_point_256* g,
const sp_digit* k, int map, int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 td[33];
- sp_point_256 rtd;
- sp_point_256 pd;
- sp_digit tmpd[2 * 10 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* t = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_256 t[33+2];
+ sp_digit tmp[2 * 10 * 6];
#endif
- sp_point_256* t;
- sp_point_256* rt;
+ sp_point_256* rt = NULL;
sp_point_256* p = NULL;
- sp_digit* tmp;
sp_digit* negy;
int i;
ecc_recode_256 v[43];
- int err;
+ int err = MP_OKAY;
/* Constant time used for cache attack resistance implementation. */
(void)ct;
(void)heap;
- err = sp_256_point_new_10(heap, rtd, rt);
- if (err == MP_OKAY)
- err = sp_256_point_new_10(heap, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 33, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) *
+ (33+2), heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
-#else
- t = td;
- tmp = tmpd;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 6,
+ heap, DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
-
if (err == MP_OKAY) {
+ rt = t + 33;
+ p = t + 33+1;
+
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
@@ -15206,14 +15173,12 @@ static int sp_256_ecc_mulmod_win_add_sub_10(sp_point_256* r, const sp_point_256*
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
if (tmp != NULL)
XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_10(p, 0, heap);
- sp_256_point_free_10(rt, 0, heap);
return err;
}
@@ -15339,29 +15304,30 @@ static void sp_256_proj_to_affine_10(sp_point_256* a, sp_digit* t)
static int sp_256_gen_stripe_table_10(const sp_point_256* a,
sp_table_entry_256* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 td;
- sp_point_256 s1d;
- sp_point_256 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* t = NULL;
+#else
+ sp_point_256 t[3];
#endif
- sp_point_256* t;
sp_point_256* s1 = NULL;
sp_point_256* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_256_point_new_10(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_256_point_new_10(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_256_point_new_10(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_256_mod_mul_norm_10(t->x, a->x, p256_mod);
}
if (err == MP_OKAY) {
@@ -15406,9 +15372,10 @@ static int sp_256_gen_stripe_table_10(const sp_point_256* a,
}
}
- sp_256_point_free_10(s2, 0, heap);
- sp_256_point_free_10(s1, 0, heap);
- sp_256_point_free_10( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -15492,19 +15459,19 @@ static int sp_256_ecc_mulmod_stripe_10(sp_point_256* r, const sp_point_256* g,
const sp_table_entry_256* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 rtd;
- sp_point_256 pd;
- sp_digit td[2 * 10 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_256 rt[2];
+ sp_digit t[2 * 10 * 5];
#endif
- sp_point_256* rt;
sp_point_256* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -15512,21 +15479,22 @@ static int sp_256_ecc_mulmod_stripe_10(sp_point_256* r, const sp_point_256* g,
(void)heap;
- err = sp_256_point_new_10(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_256_point_new_10(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod));
XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod));
@@ -15577,13 +15545,12 @@ static int sp_256_ecc_mulmod_stripe_10(sp_point_256* r, const sp_point_256* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_10(p, 0, heap);
- sp_256_point_free_10(rt, 0, heap);
return err;
}
@@ -15747,25 +15714,28 @@ static int sp_256_ecc_mulmod_10(sp_point_256* r, const sp_point_256* g, const sp
int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[10];
-#endif
- sp_point_256* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[1];
+ sp_digit k[10];
+#endif
int err = MP_OKAY;
- err = sp_256_point_new_10(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 10, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_256_from_mp(k, 10, km);
sp_256_point_from_ecc_point_10(point, gm);
@@ -15776,12 +15746,12 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
err = sp_256_point_to_ecc_point_10(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_10(point, 0, heap);
return err;
}
@@ -15801,37 +15771,35 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
const ecc_point* am, int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_point_256 a;
- sp_digit kd[10];
- sp_digit t[10 * 2 * 5];
-#endif
- sp_point_256* point;
- sp_point_256* addP = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[2];
+ sp_digit k[10 + 10 * 2 * 5];
+#endif
+ sp_point_256* addP = NULL;
sp_digit* tmp = NULL;
int err = MP_OKAY;
- err = sp_256_point_new_10(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_256_point_new_10(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (10 + 10 * 2 * 5), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (10 + 10 * 2 * 5), heap,
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 10;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 10;
+
sp_256_from_mp(k, 10, km);
sp_256_point_from_ecc_point_10(point, gm);
sp_256_point_from_ecc_point_10(addP, am);
@@ -15858,13 +15826,12 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
err = sp_256_point_to_ecc_point_10(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_10(addP, 0, heap);
- sp_256_point_free_10(point, 0, heap);
return err;
}
@@ -17207,26 +17174,28 @@ static int sp_256_ecc_mulmod_base_10(sp_point_256* r, const sp_digit* k,
*/
int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[10];
-#endif
- sp_point_256* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[1];
+ sp_digit k[10];
+#endif
int err = MP_OKAY;
- err = sp_256_point_new_10(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 10, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_256_from_mp(k, 10, km);
@@ -17236,12 +17205,12 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
err = sp_256_point_to_ecc_point_10(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_10(point, 0, heap);
return err;
}
@@ -17260,37 +17229,35 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_point_256 a;
- sp_digit kd[10];
- sp_digit t[10 * 2 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
+ sp_digit* k = NULL;
+#else
+ sp_point_256 point[2];
+ sp_digit k[10 + 10 * 2 * 5];
#endif
- sp_point_256* point;
sp_point_256* addP = NULL;
sp_digit* tmp = NULL;
- sp_digit* k = NULL;
int err = MP_OKAY;
- err = sp_256_point_new_10(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_256_point_new_10(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (10 + 10 * 2 * 5), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (10 + 10 * 2 * 5),
+ heap, DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 10;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 10;
+
sp_256_from_mp(k, 10, km);
sp_256_point_from_ecc_point_10(addP, am);
}
@@ -17316,13 +17283,12 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
err = sp_256_point_to_ecc_point_10(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_10(addP, 0, heap);
- sp_256_point_free_10(point, 0, heap);
return err;
}
@@ -17426,41 +17392,46 @@ static int sp_256_ecc_gen_k_10(WC_RNG* rng, sp_digit* k)
*/
int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[10];
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_point_256 inf;
-#endif
-#endif
- sp_point_256* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ sp_point_256 point[2];
+ #else
+ sp_point_256 point[1];
+ #endif
+ sp_digit k[10];
+#endif
#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
sp_point_256* infinity = NULL;
#endif
- int err;
+ int err = MP_OKAY;
+
(void)heap;
- err = sp_256_point_new_10(heap, p, point);
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- if (err == MP_OKAY) {
- err = sp_256_point_new_10(heap, inf, infinity);
- }
-#endif
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, DYNAMIC_TYPE_ECC);
+ #else
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC);
+ #endif
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 10, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ infinity = point + 1;
+ #endif
+
err = sp_256_ecc_gen_k_10(rng, k);
}
if (err == MP_OKAY) {
@@ -17485,15 +17456,14 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
err = sp_256_point_to_ecc_point_10(point, pub);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
+ if (point != NULL) {
+ /* point is not sensitive, so no need to zeroize */
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
}
#endif
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_256_point_free_10(infinity, 1, heap);
-#endif
- sp_256_point_free_10(point, 1, heap);
return err;
}
@@ -17558,30 +17528,32 @@ static void sp_256_to_bin(sp_digit* r, byte* a)
int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
word32* outLen, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[10];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[1];
+ sp_digit k[10];
+#endif
int err = MP_OKAY;
if (*outLen < 32U) {
err = BUFFER_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_256_point_new_10(heap, p, point);
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 10, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
@@ -17594,12 +17566,12 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
*outLen = 32;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_10(point, 0, heap);
return err;
}
@@ -17732,34 +17704,25 @@ static int sp_256_div_10(const sp_digit* a, const sp_digit* d,
#endif
sp_digit dv;
sp_digit r1;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[20];
- sp_digit t2d[10 + 1];
+ sp_digit t1[3 * 10 + 1];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 10 + 1), NULL,
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 10 + 1), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = td;
- t2 = td + 2 * 10;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 10;
dv = d[9];
XMEMCPY(t1, a, sizeof(*t1) * 2U * 10U);
@@ -17777,6 +17740,7 @@ static int sp_256_div_10(const sp_digit* a, const sp_digit* d,
sp_256_mul_d_10(t2, d, r1);
(void)sp_256_sub_10(&t1[i], &t1[i], t2);
+ sp_256_norm_10(&t1[i]);
t1[10 + i] -= t2[10];
t1[10 + i] += t1[10 + i - 1] >> 26;
t1[10 + i - 1] &= 0x3ffffff;
@@ -17802,10 +17766,9 @@ static int sp_256_div_10(const sp_digit* a, const sp_digit* d,
(sp_digit)1 : (sp_digit)0));
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
- XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return err;
@@ -18130,13 +18093,10 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
hashLen = 32U;
}
- sp_256_from_bin(ctx->e, 10, hash, (int)hashLen);
-
ctx->i = SP_ECC_MAX_SIG_GEN;
ctx->state = 1;
break;
case 1: /* GEN */
- sp_256_from_mp(ctx->x, 10, priv);
/* New random point. */
if (km == NULL || mp_iszero(km)) {
err = sp_256_ecc_gen_k_10(rng, ctx->k);
@@ -18164,6 +18124,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
c = sp_256_cmp_10(ctx->r, p256_order);
sp_256_cond_sub_10(ctx->r, ctx->r, p256_order, 0L - (sp_digit)(c >= 0));
sp_256_norm_10(ctx->r);
+
+ sp_256_from_mp(ctx->x, 10, priv);
+ sp_256_from_bin(ctx->e, 10, hash, (int)hashLen);
ctx->state = 4;
break;
}
@@ -18220,6 +18183,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
ctx->state = 10;
break;
}
+ #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP
+ ctx->i = 1;
+ #endif
/* not usable gen, try again */
ctx->i--;
@@ -18255,22 +18221,17 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng,
const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit ed[2*10];
- sp_digit xd[2*10];
- sp_digit kd[2*10];
- sp_digit rd[2*10];
- sp_digit td[3 * 2*10];
- sp_point_256 p;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* e = NULL;
+ sp_point_256* point = NULL;
+#else
+ sp_digit e[7 * 2 * 10];
+ sp_point_256 point[1];
+#endif
sp_digit* x = NULL;
sp_digit* k = NULL;
sp_digit* r = NULL;
sp_digit* tmp = NULL;
- sp_point_256* point = NULL;
sp_digit* s = NULL;
int32_t c;
int err = MP_OKAY;
@@ -18278,31 +18239,26 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng,
(void)heap;
- err = sp_256_point_new_10(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 10, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 10, heap,
+ DYNAMIC_TYPE_ECC);
+ if (e == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- e = d + 0 * 10;
- x = d + 2 * 10;
- k = d + 4 * 10;
- r = d + 6 * 10;
- tmp = d + 8 * 10;
-#else
- e = ed;
- x = xd;
- k = kd;
- r = rd;
- tmp = td;
-#endif
+ x = e + 2 * 10;
+ k = e + 4 * 10;
+ r = e + 6 * 10;
+ tmp = e + 8 * 10;
s = e;
if (hashLen > 32U) {
@@ -18357,19 +18313,24 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng,
err = sp_256_to_mp(s, sm);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 8 * 10);
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 2U * 10U);
- XMEMSET(x, 0, sizeof(sp_digit) * 2U * 10U);
- XMEMSET(k, 0, sizeof(sp_digit) * 2U * 10U);
- XMEMSET(r, 0, sizeof(sp_digit) * 2U * 10U);
- XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 10U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (e != NULL)
#endif
- sp_256_point_free_10(point, 1, heap);
+ {
+ ForceZero(e, sizeof(sp_digit) * 7 * 2 * 10);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(e, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (point != NULL)
+#endif
+ {
+ ForceZero(point, sizeof(sp_point_256));
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -18419,20 +18380,18 @@ static int sp_256_num_bits_10(const sp_digit* a)
static int sp_256_mod_inv_10(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
int err = MP_OKAY;
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
- sp_digit* u;
- sp_digit* v;
- sp_digit* b;
- sp_digit* d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* u = NULL;
#else
- sp_digit u[10];
- sp_digit v[10];
- sp_digit b[10];
- sp_digit d[10];
+ sp_digit u[10 * 4];
#endif
- int ut, vt;
+ sp_digit* v = NULL;
+ sp_digit* b = NULL;
+ sp_digit* d = NULL;
+ int ut;
+ int vt;
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
u = (sp_digit*)XMALLOC(sizeof(sp_digit) * 10 * 4, NULL,
DYNAMIC_TYPE_ECC);
if (u == NULL)
@@ -18440,11 +18399,9 @@ static int sp_256_mod_inv_10(sp_digit* r, const sp_digit* a, const sp_digit* m)
#endif
if (err == MP_OKAY) {
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
v = u + 10;
b = u + 2 * 10;
d = u + 3 * 10;
-#endif
XMEMCPY(u, m, sizeof(sp_digit) * 10);
XMEMCPY(v, a, sizeof(sp_digit) * 10);
@@ -18522,7 +18479,7 @@ static int sp_256_mod_inv_10(sp_digit* r, const sp_digit* a, const sp_digit* m)
else
XMEMCPY(r, d, sizeof(sp_digit) * 10);
}
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (u != NULL)
XFREE(u, NULL, DYNAMIC_TYPE_ECC);
#endif
@@ -18662,7 +18619,7 @@ typedef struct sp_ecc_verify_256_ctx {
int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ,
- const mp_int* r, const mp_int* sm, int* res, void* heap)
+ const mp_int* rm, const mp_int* sm, int* res, void* heap)
{
int err = FP_WOULDBLOCK;
sp_ecc_verify_256_ctx* ctx = (sp_ecc_verify_256_ctx*)sp_ctx->data;
@@ -18677,7 +18634,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
}
sp_256_from_bin(ctx->u1, 10, hash, (int)hashLen);
- sp_256_from_mp(ctx->u2, 10, r);
+ sp_256_from_mp(ctx->u2, 10, rm);
sp_256_from_mp(ctx->s, 10, sm);
sp_256_from_mp(ctx->p2.x, 10, pX);
sp_256_from_mp(ctx->p2.y, 10, pY);
@@ -18735,57 +18692,33 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
if (err == MP_OKAY)
ctx->state = 9;
break;
- case 9: /* DBLPREP */
- if (sp_256_iszero_10(ctx->p1.z)) {
- if (sp_256_iszero_10(ctx->p1.x) && sp_256_iszero_10(ctx->p1.y)) {
- XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
- ctx->state = 10;
- break;
- }
- else {
- /* Y ordinate is not used from here - don't set. */
- int i;
- for (i=0; i<10; i++) {
- ctx->p1.x[i] = 0;
- }
- XMEMCPY(ctx->p1.z, p256_norm_mod, sizeof(p256_norm_mod));
- }
- }
- ctx->state = 11;
- break;
- case 10: /* DBL */
- err = sp_256_proj_point_dbl_10_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1,
- &ctx->p2, ctx->tmp);
- if (err == MP_OKAY) {
- ctx->state = 11;
- }
- break;
- case 11: /* MONT */
+ case 9: /* MONT */
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_256_from_mp(ctx->u2, 10, r);
+ sp_256_from_mp(ctx->u2, 10, rm);
err = sp_256_mod_mul_norm_10(ctx->u2, ctx->u2, p256_mod);
if (err == MP_OKAY)
- ctx->state = 12;
+ ctx->state = 10;
break;
- case 12: /* SQR */
+ case 10: /* SQR */
/* u1 = r.z'.z' mod prime */
sp_256_mont_sqr_10(ctx->p1.z, ctx->p1.z, p256_mod, p256_mp_mod);
- ctx->state = 13;
+ ctx->state = 11;
break;
- case 13: /* MUL */
+ case 11: /* MUL */
sp_256_mont_mul_10(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, p256_mp_mod);
- ctx->state = 14;
+ ctx->state = 12;
break;
- case 14: /* RES */
+ case 12: /* RES */
+ {
+ int32_t c = 0;
err = MP_OKAY; /* math okay, now check result */
*res = (int)(sp_256_cmp_10(ctx->p1.x, ctx->u1) == 0);
if (*res == 0) {
sp_digit carry;
- int32_t c;
/* Reload r and add order. */
- sp_256_from_mp(ctx->u2, 10, r);
+ sp_256_from_mp(ctx->u2, 10, rm);
carry = sp_256_add_10(ctx->u2, ctx->u2, p256_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -18793,22 +18726,23 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
/* Compare with mod and if greater or equal then not valid. */
c = sp_256_cmp_10(ctx->u2, p256_mod);
- if (c < 0) {
- /* Convert to Montogomery form */
- err = sp_256_mod_mul_norm_10(ctx->u2, ctx->u2, p256_mod);
- if (err == MP_OKAY) {
- /* u1 = (r + 1*order).z'.z' mod prime */
- sp_256_mont_mul_10(ctx->u1, ctx->u2, ctx->p1.z, p256_mod,
- p256_mp_mod);
- *res = (int)(sp_256_cmp_10(ctx->p1.x, ctx->u1) == 0);
- }
- }
+ }
+ }
+ if ((*res == 0) && (c < 0)) {
+ /* Convert to Montogomery form */
+ err = sp_256_mod_mul_norm_10(ctx->u2, ctx->u2, p256_mod);
+ if (err == MP_OKAY) {
+ /* u1 = (r + 1*order).z'.z' mod prime */
+ sp_256_mont_mul_10(ctx->u1, ctx->u2, ctx->p1.z, p256_mod,
+ p256_mp_mod);
+ *res = (int)(sp_256_cmp_10(ctx->p1.x, ctx->u1) == 0);
}
}
break;
}
+ } /* switch */
- if (err == MP_OKAY && ctx->state != 14) {
+ if (err == MP_OKAY && ctx->state != 12) {
err = FP_WOULDBLOCK;
}
@@ -18817,62 +18751,51 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
#endif /* WOLFSSL_SP_NONBLOCK */
int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
- const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm,
+ const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm,
int* res, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit u1d[2*10];
- sp_digit u2d[2*10];
- sp_digit sd[2*10];
- sp_digit tmpd[2*10 * 5];
- sp_point_256 p1d;
- sp_point_256 p2d;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* u1 = NULL;
+ sp_point_256* p1 = NULL;
+#else
+ sp_digit u1[16 * 10];
+ sp_point_256 p1[2];
+#endif
sp_digit* u2 = NULL;
sp_digit* s = NULL;
sp_digit* tmp = NULL;
- sp_point_256* p1;
sp_point_256* p2 = NULL;
sp_digit carry;
int32_t c = 0;
- int err;
+ int err = MP_OKAY;
- err = sp_256_point_new_10(heap, p1d, p1);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_256_point_new_10(heap, p2d, p2);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 10, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ p1 = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (p1 == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 10, heap,
+ DYNAMIC_TYPE_ECC);
+ if (u1 == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- u1 = d + 0 * 10;
- u2 = d + 2 * 10;
- s = d + 4 * 10;
- tmp = d + 6 * 10;
-#else
- u1 = u1d;
- u2 = u2d;
- s = sd;
- tmp = tmpd;
-#endif
+ u2 = u1 + 2 * 10;
+ s = u1 + 4 * 10;
+ tmp = u1 + 6 * 10;
+ p2 = p1 + 1;
if (hashLen > 32U) {
hashLen = 32U;
}
sp_256_from_bin(u1, 10, hash, (int)hashLen);
- sp_256_from_mp(u2, 10, r);
+ sp_256_from_mp(u2, 10, rm);
sp_256_from_mp(s, 10, sm);
sp_256_from_mp(p2->x, 10, pX);
sp_256_from_mp(p2->y, 10, pY);
@@ -18883,7 +18806,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
if (err == MP_OKAY) {
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_256_from_mp(u2, 10, r);
+ sp_256_from_mp(u2, 10, rm);
err = sp_256_mod_mul_norm_10(u2, u2, p256_mod);
}
@@ -18894,7 +18817,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
*res = (int)(sp_256_cmp_10(p1->x, u1) == 0);
if (*res == 0) {
/* Reload r and add order. */
- sp_256_from_mp(u2, 10, r);
+ sp_256_from_mp(u2, 10, rm);
carry = sp_256_add_10(u2, u2, p256_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -18903,8 +18826,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
/* Compare with mod and if greater or equal then not valid. */
c = sp_256_cmp_10(u2, p256_mod);
}
- }
- if ((*res == 0) && (c < 0)) {
+ }
+ if ((*res == 0) && (c < 0)) {
/* Convert to Montogomery form */
err = sp_256_mod_mul_norm_10(u2, u2, p256_mod);
if (err == MP_OKAY) {
@@ -18916,12 +18839,12 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL)
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (u1 != NULL)
+ XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+ if (p1 != NULL)
+ XFREE(p1, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_10(p1, 0, heap);
- sp_256_point_free_10(p2, 0, heap);
return err;
}
@@ -18938,32 +18861,23 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
static int sp_256_ecc_is_point_10(const sp_point_256* point,
void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2*10];
- sp_digit t2d[2*10];
+ sp_digit t1[10 * 4];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 10 * 4, heap, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 10 * 4, heap, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)heap;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 10;
- t2 = d + 2 * 10;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 10;
sp_256_sqr_10(t1, point->y);
(void)sp_256_mod_10(t1, t1, p256_mod);
@@ -18983,10 +18897,9 @@ static int sp_256_ecc_is_point_10(const sp_point_256* point,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, heap, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -19001,14 +18914,21 @@ static int sp_256_ecc_is_point_10(const sp_point_256* point,
*/
int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 pubd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* pub = NULL;
+#else
+ sp_point_256 pub[1];
+#endif
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
#endif
- sp_point_256* pub;
- byte one[1] = { 1 };
- int err;
- err = sp_256_point_new_10(NULL, pubd, pub);
if (err == MP_OKAY) {
sp_256_from_mp(pub->x, 10, pX);
sp_256_from_mp(pub->y, 10, pY);
@@ -19017,7 +18937,10 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
err = sp_256_ecc_is_point_10(pub, NULL);
}
- sp_256_point_free_10(pub, 0, NULL);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -19036,45 +18959,45 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
const mp_int* privm, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit privd[10];
- sp_point_256 pubd;
- sp_point_256 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* priv = NULL;
- sp_point_256* pub;
- sp_point_256* p = NULL;
- byte one[1] = { 1 };
- int err;
-
- err = sp_256_point_new_10(heap, pubd, pub);
- if (err == MP_OKAY) {
- err = sp_256_point_new_10(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY && privm) {
- priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 10, heap,
- DYNAMIC_TYPE_ECC);
- if (priv == NULL) {
- err = MEMORY_E;
- }
- }
+ sp_point_256* pub = NULL;
+#else
+ sp_digit priv[10];
+ sp_point_256 pub[2];
#endif
+ sp_point_256* p = NULL;
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
/* Quick check the lengs of public key ordinates and private key are in
* range. Proper check later.
*/
- if ((err == MP_OKAY) && ((mp_count_bits(pX) > 256) ||
+ if (((mp_count_bits(pX) > 256) ||
(mp_count_bits(pY) > 256) ||
((privm != NULL) && (mp_count_bits(privm) > 256)))) {
err = ECC_OUT_OF_RANGE_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- priv = privd;
+ pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY && privm) {
+ priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 10, heap,
+ DYNAMIC_TYPE_ECC);
+ if (priv == NULL)
+ err = MEMORY_E;
+ }
#endif
+ if (err == MP_OKAY) {
+ p = pub + 1;
+
sp_256_from_mp(pub->x, 10, pX);
sp_256_from_mp(pub->y, 10, pY);
sp_256_from_bin(pub->z, 10, one, (int)sizeof(one));
@@ -19123,13 +19046,12 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (priv != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+ if (priv != NULL)
XFREE(priv, heap, DYNAMIC_TYPE_ECC);
- }
#endif
- sp_256_point_free_10(p, 0, heap);
- sp_256_point_free_10(pub, 0, heap);
return err;
}
@@ -19153,33 +19075,35 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* qX, mp_int* qY, mp_int* qZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 10 * 5];
- sp_point_256 pd;
- sp_point_256 qd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_256* p;
+ sp_point_256* p = NULL;
+#else
+ sp_digit tmp[2 * 10 * 5];
+ sp_point_256 p[2];
+#endif
sp_point_256* q = NULL;
int err;
- err = sp_256_point_new_10(NULL, pd, p);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_256_point_new_10(NULL, qd, q);
+ p = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 5, NULL,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (tmp == NULL) {
err = MEMORY_E;
}
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
+ q = p + 1;
+
sp_256_from_mp(p->x, 10, pX);
sp_256_from_mp(p->y, 10, pY);
sp_256_from_mp(p->z, 10, pZ);
@@ -19200,13 +19124,12 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_256_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_10(q, 0, NULL);
- sp_256_point_free_10(p, 0, NULL);
return err;
}
@@ -19225,25 +19148,28 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 10 * 2];
- sp_point_256 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_256* p;
- int err;
+ sp_point_256* p = NULL;
+#else
+ sp_digit tmp[2 * 10 * 2];
+ sp_point_256 p[1];
+#endif
+ int err = MP_OKAY;
- err = sp_256_point_new_10(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 2, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
@@ -19264,12 +19190,12 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_256_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_10(p, 0, NULL);
return err;
}
@@ -19284,25 +19210,29 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
*/
int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 10 * 4];
- sp_point_256 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_256* p;
- int err;
+ sp_point_256* p = NULL;
+#else
+ sp_digit tmp[2 * 10 * 4];
+ sp_point_256 p[1];
+#endif
+ int err = MP_OKAY;
- err = sp_256_point_new_10(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 4, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
sp_256_from_mp(p->x, 10, pX);
@@ -19322,12 +19252,12 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
err = sp_256_to_mp(p->z, pZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_10(p, 0, NULL);
return err;
}
@@ -19340,31 +19270,23 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
*/
static int sp_256_mont_sqrt_10(sp_digit* y)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2 * 10];
- sp_digit t2d[2 * 10];
+ sp_digit t1[4 * 10];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 10, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 10, NULL, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL) {
err = MEMORY_E;
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 10;
- t2 = d + 2 * 10;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 10;
{
/* t2 = y ^ 0x2 */
@@ -19399,10 +19321,9 @@ static int sp_256_mont_sqrt_10(sp_digit* y)
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -19418,31 +19339,22 @@ static int sp_256_mont_sqrt_10(sp_digit* y)
*/
int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
-#else
- sp_digit xd[2 * 10];
- sp_digit yd[2 * 10];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* x = NULL;
+#else
+ sp_digit x[4 * 10];
+#endif
sp_digit* y = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 10, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 10, NULL, DYNAMIC_TYPE_ECC);
+ if (x == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- x = d + 0 * 10;
- y = d + 2 * 10;
-#else
- x = xd;
- y = yd;
-#endif
+ y = x + 2 * 10;
sp_256_from_mp(x, 10, xm);
err = sp_256_mod_mul_norm_10(x, x, p256_mod);
@@ -19475,10 +19387,9 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
err = sp_256_to_mp(y, ym);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (x != NULL)
+ XFREE(x, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -20178,64 +20089,6 @@ SP_NOINLINE static int sp_384_sub_15(sp_digit* r, const sp_digit* a,
}
#endif /* WOLFSSL_SP_SMALL */
-/* Create a new point.
- *
- * heap [in] Buffer to allocate dynamic memory from.
- * sp [in] Data for point - only if not allocating.
- * p [out] New point.
- * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise.
- */
-static int sp_384_point_new_ex_15(void* heap, sp_point_384* sp,
- sp_point_384** p)
-{
- int ret = MP_OKAY;
- (void)heap;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- (void)sp;
- *p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC);
-#else
- *p = sp;
-#endif
- if (*p == NULL) {
- ret = MEMORY_E;
- }
- return ret;
-}
-
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* Allocate memory for point and return error. */
-#define sp_384_point_new_15(heap, sp, p) sp_384_point_new_ex_15((heap), NULL, &(p))
-#else
-/* Set pointer to data and return no error. */
-#define sp_384_point_new_15(heap, sp, p) sp_384_point_new_ex_15((heap), &(sp), &(p))
-#endif
-
-
-/* Free the point.
- *
- * p [in,out] Point to free.
- * clear [in] Indicates whether to zeroize point.
- * heap [in] Buffer from which dynamic memory was allocate from.
- */
-static void sp_384_point_free_15(sp_point_384* p, int clear, void* heap)
-{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* If valid pointer then clear point data if requested and free data. */
- if (p != NULL) {
- if (clear != 0) {
- XMEMSET(p, 0, sizeof(*p));
- }
- XFREE(p, heap, DYNAMIC_TYPE_ECC);
- }
-#else
-/* Clear point data if requested. */
- if ((p != NULL) && (clear != 0)) {
- XMEMSET(p, 0, sizeof(*p));
- }
-#endif
- (void)heap;
-}
-
/* Convert an mp_int to an array of sp_digit.
*
* r A single precision integer.
@@ -21509,34 +21362,25 @@ static void sp_384_proj_point_add_15(sp_point_384* r,
*/
static int sp_384_mod_mul_norm_15(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- int64_t* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ int64_t* t = NULL;
#else
- int64_t td[12];
- int64_t a32d[12];
+ int64_t t[2 * 12];
#endif
- int64_t* t;
- int64_t* a32;
+ int64_t* a32 = NULL;
int64_t o;
int err = MP_OKAY;
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- td = (int64_t*)XMALLOC(sizeof(int64_t) * 2 * 12, NULL, DYNAMIC_TYPE_ECC);
- if (td == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (int64_t*)XMALLOC(sizeof(int64_t) * 2 * 12, NULL, DYNAMIC_TYPE_ECC);
+ if (t == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = td;
- a32 = td + 12;
-#else
- t = td;
- a32 = a32d;
-#endif
+ a32 = t + 12;
a32[0] = a[0];
a32[0] |= a[1] << 26U;
@@ -21669,9 +21513,9 @@ static int sp_384_mod_mul_norm_15(sp_digit* r, const sp_digit* a, const sp_digit
r[14] = (sp_digit)(t[11] >> 12U);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL)
- XFREE(td, NULL, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -21811,12 +21655,12 @@ static int sp_384_ecc_mulmod_15_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
static int sp_384_ecc_mulmod_15(sp_point_384* r, const sp_point_384* g,
const sp_digit* k, int map, int ct, void* heap)
{
-#ifdef WOLFSSL_SP_NO_MALLOC
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* t = NULL;
+ sp_digit* tmp = NULL;
+#else
sp_point_384 t[3];
sp_digit tmp[2 * 15 * 6];
-#else
- sp_point_384* t;
- sp_digit* tmp;
#endif
sp_digit n;
int i;
@@ -21824,18 +21668,21 @@ static int sp_384_ecc_mulmod_15(sp_point_384* r, const sp_point_384* g,
int y;
int err = MP_OKAY;
- /* Implementatio is constant time. */
+ /* Implementation is constant time. */
(void)ct;
(void)heap;
-#ifndef WOLFSSL_SP_NO_MALLOC
- t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap,
+ DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 15 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 15 * 6, heap,
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
if (err == MP_OKAY) {
@@ -21886,19 +21733,24 @@ static int sp_384_ecc_mulmod_15(sp_point_384* r, const sp_point_384* g,
}
}
-#ifndef WOLFSSL_SP_NO_MALLOC
- if (tmp != NULL) {
- XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 15 * 6);
- XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_point_384) * 3);
- XFREE(t, NULL, DYNAMIC_TYPE_ECC);
- }
-#else
- ForceZero(tmp, sizeof(tmp));
- ForceZero(t, sizeof(t));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
#endif
+ {
+ ForceZero(tmp, sizeof(sp_digit) * 2 * 15 * 6);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+#endif
+ {
+ ForceZero(t, sizeof(sp_point_384) * 3);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -22404,43 +22256,41 @@ static void sp_384_get_point_33_15(sp_point_384* r, const sp_point_384* table,
static int sp_384_ecc_mulmod_win_add_sub_15(sp_point_384* r, const sp_point_384* g,
const sp_digit* k, int map, int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 td[33];
- sp_point_384 rtd;
- sp_point_384 pd;
- sp_digit tmpd[2 * 15 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* t = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_384 t[33+2];
+ sp_digit tmp[2 * 15 * 6];
#endif
- sp_point_384* t;
- sp_point_384* rt;
+ sp_point_384* rt = NULL;
sp_point_384* p = NULL;
- sp_digit* tmp;
sp_digit* negy;
int i;
ecc_recode_384 v[65];
- int err;
+ int err = MP_OKAY;
/* Constant time used for cache attack resistance implementation. */
(void)ct;
(void)heap;
- err = sp_384_point_new_15(heap, rtd, rt);
- if (err == MP_OKAY)
- err = sp_384_point_new_15(heap, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 33, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) *
+ (33+2), heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 15 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
-#else
- t = td;
- tmp = tmpd;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 15 * 6,
+ heap, DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
-
if (err == MP_OKAY) {
+ rt = t + 33;
+ p = t + 33+1;
+
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
@@ -22520,14 +22370,12 @@ static int sp_384_ecc_mulmod_win_add_sub_15(sp_point_384* r, const sp_point_384*
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
if (tmp != NULL)
XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_15(p, 0, heap);
- sp_384_point_free_15(rt, 0, heap);
return err;
}
@@ -22653,29 +22501,30 @@ static void sp_384_proj_to_affine_15(sp_point_384* a, sp_digit* t)
static int sp_384_gen_stripe_table_15(const sp_point_384* a,
sp_table_entry_384* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 td;
- sp_point_384 s1d;
- sp_point_384 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* t = NULL;
+#else
+ sp_point_384 t[3];
#endif
- sp_point_384* t;
sp_point_384* s1 = NULL;
sp_point_384* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_384_point_new_15(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_384_point_new_15(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_384_point_new_15(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_384_mod_mul_norm_15(t->x, a->x, p384_mod);
}
if (err == MP_OKAY) {
@@ -22720,9 +22569,10 @@ static int sp_384_gen_stripe_table_15(const sp_point_384* a,
}
}
- sp_384_point_free_15(s2, 0, heap);
- sp_384_point_free_15(s1, 0, heap);
- sp_384_point_free_15( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -22826,19 +22676,19 @@ static int sp_384_ecc_mulmod_stripe_15(sp_point_384* r, const sp_point_384* g,
const sp_table_entry_384* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 rtd;
- sp_point_384 pd;
- sp_digit td[2 * 15 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_384 rt[2];
+ sp_digit t[2 * 15 * 6];
#endif
- sp_point_384* rt;
sp_point_384* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -22846,21 +22696,22 @@ static int sp_384_ecc_mulmod_stripe_15(sp_point_384* r, const sp_point_384* g,
(void)heap;
- err = sp_384_point_new_15(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_384_point_new_15(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 15 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 15 * 6, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p384_norm_mod, sizeof(p384_norm_mod));
XMEMCPY(rt->z, p384_norm_mod, sizeof(p384_norm_mod));
@@ -22911,13 +22762,12 @@ static int sp_384_ecc_mulmod_stripe_15(sp_point_384* r, const sp_point_384* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_15(p, 0, heap);
- sp_384_point_free_15(rt, 0, heap);
return err;
}
@@ -23081,25 +22931,28 @@ static int sp_384_ecc_mulmod_15(sp_point_384* r, const sp_point_384* g, const sp
int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[15];
-#endif
- sp_point_384* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[1];
+ sp_digit k[15];
+#endif
int err = MP_OKAY;
- err = sp_384_point_new_15(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 15, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_384_from_mp(k, 15, km);
sp_384_point_from_ecc_point_15(point, gm);
@@ -23110,12 +22963,12 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
err = sp_384_point_to_ecc_point_15(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_15(point, 0, heap);
return err;
}
@@ -23135,37 +22988,35 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
const ecc_point* am, int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_point_384 a;
- sp_digit kd[15];
- sp_digit t[15 * 2 * 6];
-#endif
- sp_point_384* point;
- sp_point_384* addP = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[2];
+ sp_digit k[15 + 15 * 2 * 6];
+#endif
+ sp_point_384* addP = NULL;
sp_digit* tmp = NULL;
int err = MP_OKAY;
- err = sp_384_point_new_15(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_384_point_new_15(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (15 + 15 * 2 * 6), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (15 + 15 * 2 * 6), heap,
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 15;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 15;
+
sp_384_from_mp(k, 15, km);
sp_384_point_from_ecc_point_15(point, gm);
sp_384_point_from_ecc_point_15(addP, am);
@@ -23192,13 +23043,12 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
err = sp_384_point_to_ecc_point_15(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_15(addP, 0, heap);
- sp_384_point_free_15(point, 0, heap);
return err;
}
@@ -25051,26 +24901,28 @@ static int sp_384_ecc_mulmod_base_15(sp_point_384* r, const sp_digit* k,
*/
int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[15];
-#endif
- sp_point_384* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[1];
+ sp_digit k[15];
+#endif
int err = MP_OKAY;
- err = sp_384_point_new_15(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 15, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_384_from_mp(k, 15, km);
@@ -25080,12 +24932,12 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
err = sp_384_point_to_ecc_point_15(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_15(point, 0, heap);
return err;
}
@@ -25104,37 +24956,35 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_point_384 a;
- sp_digit kd[15];
- sp_digit t[15 * 2 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
+ sp_digit* k = NULL;
+#else
+ sp_point_384 point[2];
+ sp_digit k[15 + 15 * 2 * 6];
#endif
- sp_point_384* point;
sp_point_384* addP = NULL;
sp_digit* tmp = NULL;
- sp_digit* k = NULL;
int err = MP_OKAY;
- err = sp_384_point_new_15(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_384_point_new_15(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (15 + 15 * 2 * 6), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (15 + 15 * 2 * 6),
+ heap, DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 15;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 15;
+
sp_384_from_mp(k, 15, km);
sp_384_point_from_ecc_point_15(addP, am);
}
@@ -25160,13 +25010,12 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
err = sp_384_point_to_ecc_point_15(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_15(addP, 0, heap);
- sp_384_point_free_15(point, 0, heap);
return err;
}
@@ -25270,41 +25119,46 @@ static int sp_384_ecc_gen_k_15(WC_RNG* rng, sp_digit* k)
*/
int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[15];
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_point_384 inf;
-#endif
-#endif
- sp_point_384* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ sp_point_384 point[2];
+ #else
+ sp_point_384 point[1];
+ #endif
+ sp_digit k[15];
+#endif
#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
sp_point_384* infinity = NULL;
#endif
- int err;
+ int err = MP_OKAY;
+
(void)heap;
- err = sp_384_point_new_15(heap, p, point);
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- if (err == MP_OKAY) {
- err = sp_384_point_new_15(heap, inf, infinity);
- }
-#endif
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, DYNAMIC_TYPE_ECC);
+ #else
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC);
+ #endif
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 15, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ infinity = point + 1;
+ #endif
+
err = sp_384_ecc_gen_k_15(rng, k);
}
if (err == MP_OKAY) {
@@ -25329,15 +25183,14 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
err = sp_384_point_to_ecc_point_15(point, pub);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
+ if (point != NULL) {
+ /* point is not sensitive, so no need to zeroize */
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
}
#endif
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_384_point_free_15(infinity, 1, heap);
-#endif
- sp_384_point_free_15(point, 1, heap);
return err;
}
@@ -25402,30 +25255,32 @@ static void sp_384_to_bin(sp_digit* r, byte* a)
int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
word32* outLen, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[15];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[1];
+ sp_digit k[15];
+#endif
int err = MP_OKAY;
if (*outLen < 48U) {
err = BUFFER_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_384_point_new_15(heap, p, point);
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 15, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
@@ -25438,12 +25293,12 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
*outLen = 48;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_15(point, 0, heap);
return err;
}
@@ -25586,34 +25441,25 @@ static int sp_384_div_15(const sp_digit* a, const sp_digit* d,
#endif
sp_digit dv;
sp_digit r1;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[30];
- sp_digit t2d[15 + 1];
+ sp_digit t1[3 * 15 + 1];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 15 + 1), NULL,
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 15 + 1), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = td;
- t2 = td + 2 * 15;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 15;
dv = d[14];
XMEMCPY(t1, a, sizeof(*t1) * 2U * 15U);
@@ -25631,6 +25477,7 @@ static int sp_384_div_15(const sp_digit* a, const sp_digit* d,
sp_384_mul_d_15(t2, d, r1);
(void)sp_384_sub_15(&t1[i], &t1[i], t2);
+ sp_384_norm_15(&t1[i]);
t1[15 + i] -= t2[15];
t1[15 + i] += t1[15 + i - 1] >> 26;
t1[15 + i - 1] &= 0x3ffffff;
@@ -25656,10 +25503,9 @@ static int sp_384_div_15(const sp_digit* a, const sp_digit* d,
(sp_digit)1 : (sp_digit)0));
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
- XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return err;
@@ -25955,13 +25801,10 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
hashLen = 48U;
}
- sp_384_from_bin(ctx->e, 15, hash, (int)hashLen);
-
ctx->i = SP_ECC_MAX_SIG_GEN;
ctx->state = 1;
break;
case 1: /* GEN */
- sp_384_from_mp(ctx->x, 15, priv);
/* New random point. */
if (km == NULL || mp_iszero(km)) {
err = sp_384_ecc_gen_k_15(rng, ctx->k);
@@ -25989,6 +25832,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
c = sp_384_cmp_15(ctx->r, p384_order);
sp_384_cond_sub_15(ctx->r, ctx->r, p384_order, 0L - (sp_digit)(c >= 0));
sp_384_norm_15(ctx->r);
+
+ sp_384_from_mp(ctx->x, 15, priv);
+ sp_384_from_bin(ctx->e, 15, hash, (int)hashLen);
ctx->state = 4;
break;
}
@@ -26045,6 +25891,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
ctx->state = 10;
break;
}
+ #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP
+ ctx->i = 1;
+ #endif
/* not usable gen, try again */
ctx->i--;
@@ -26080,22 +25929,17 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng,
const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit ed[2*15];
- sp_digit xd[2*15];
- sp_digit kd[2*15];
- sp_digit rd[2*15];
- sp_digit td[3 * 2*15];
- sp_point_384 p;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* e = NULL;
+ sp_point_384* point = NULL;
+#else
+ sp_digit e[7 * 2 * 15];
+ sp_point_384 point[1];
+#endif
sp_digit* x = NULL;
sp_digit* k = NULL;
sp_digit* r = NULL;
sp_digit* tmp = NULL;
- sp_point_384* point = NULL;
sp_digit* s = NULL;
int32_t c;
int err = MP_OKAY;
@@ -26103,31 +25947,26 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng,
(void)heap;
- err = sp_384_point_new_15(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 15, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 15, heap,
+ DYNAMIC_TYPE_ECC);
+ if (e == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- e = d + 0 * 15;
- x = d + 2 * 15;
- k = d + 4 * 15;
- r = d + 6 * 15;
- tmp = d + 8 * 15;
-#else
- e = ed;
- x = xd;
- k = kd;
- r = rd;
- tmp = td;
-#endif
+ x = e + 2 * 15;
+ k = e + 4 * 15;
+ r = e + 6 * 15;
+ tmp = e + 8 * 15;
s = e;
if (hashLen > 48U) {
@@ -26182,19 +26021,24 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng,
err = sp_384_to_mp(s, sm);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 8 * 15);
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 2U * 15U);
- XMEMSET(x, 0, sizeof(sp_digit) * 2U * 15U);
- XMEMSET(k, 0, sizeof(sp_digit) * 2U * 15U);
- XMEMSET(r, 0, sizeof(sp_digit) * 2U * 15U);
- XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 15U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (e != NULL)
#endif
- sp_384_point_free_15(point, 1, heap);
+ {
+ ForceZero(e, sizeof(sp_digit) * 7 * 2 * 15);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(e, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (point != NULL)
+#endif
+ {
+ ForceZero(point, sizeof(sp_point_384));
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -26244,20 +26088,18 @@ static int sp_384_num_bits_15(const sp_digit* a)
static int sp_384_mod_inv_15(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
int err = MP_OKAY;
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
- sp_digit* u;
- sp_digit* v;
- sp_digit* b;
- sp_digit* d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* u = NULL;
#else
- sp_digit u[15];
- sp_digit v[15];
- sp_digit b[15];
- sp_digit d[15];
+ sp_digit u[15 * 4];
#endif
- int ut, vt;
+ sp_digit* v = NULL;
+ sp_digit* b = NULL;
+ sp_digit* d = NULL;
+ int ut;
+ int vt;
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
u = (sp_digit*)XMALLOC(sizeof(sp_digit) * 15 * 4, NULL,
DYNAMIC_TYPE_ECC);
if (u == NULL)
@@ -26265,11 +26107,9 @@ static int sp_384_mod_inv_15(sp_digit* r, const sp_digit* a, const sp_digit* m)
#endif
if (err == MP_OKAY) {
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
v = u + 15;
b = u + 2 * 15;
d = u + 3 * 15;
-#endif
XMEMCPY(u, m, sizeof(sp_digit) * 15);
XMEMCPY(v, a, sizeof(sp_digit) * 15);
@@ -26347,7 +26187,7 @@ static int sp_384_mod_inv_15(sp_digit* r, const sp_digit* a, const sp_digit* m)
else
XMEMCPY(r, d, sizeof(sp_digit) * 15);
}
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (u != NULL)
XFREE(u, NULL, DYNAMIC_TYPE_ECC);
#endif
@@ -26492,7 +26332,7 @@ typedef struct sp_ecc_verify_384_ctx {
int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ,
- const mp_int* r, const mp_int* sm, int* res, void* heap)
+ const mp_int* rm, const mp_int* sm, int* res, void* heap)
{
int err = FP_WOULDBLOCK;
sp_ecc_verify_384_ctx* ctx = (sp_ecc_verify_384_ctx*)sp_ctx->data;
@@ -26507,7 +26347,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
}
sp_384_from_bin(ctx->u1, 15, hash, (int)hashLen);
- sp_384_from_mp(ctx->u2, 15, r);
+ sp_384_from_mp(ctx->u2, 15, rm);
sp_384_from_mp(ctx->s, 15, sm);
sp_384_from_mp(ctx->p2.x, 15, pX);
sp_384_from_mp(ctx->p2.y, 15, pY);
@@ -26565,57 +26405,33 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
if (err == MP_OKAY)
ctx->state = 9;
break;
- case 9: /* DBLPREP */
- if (sp_384_iszero_15(ctx->p1.z)) {
- if (sp_384_iszero_15(ctx->p1.x) && sp_384_iszero_15(ctx->p1.y)) {
- XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
- ctx->state = 10;
- break;
- }
- else {
- /* Y ordinate is not used from here - don't set. */
- int i;
- for (i=0; i<15; i++) {
- ctx->p1.x[i] = 0;
- }
- XMEMCPY(ctx->p1.z, p384_norm_mod, sizeof(p384_norm_mod));
- }
- }
- ctx->state = 11;
- break;
- case 10: /* DBL */
- err = sp_384_proj_point_dbl_15_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1,
- &ctx->p2, ctx->tmp);
- if (err == MP_OKAY) {
- ctx->state = 11;
- }
- break;
- case 11: /* MONT */
+ case 9: /* MONT */
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_384_from_mp(ctx->u2, 15, r);
+ sp_384_from_mp(ctx->u2, 15, rm);
err = sp_384_mod_mul_norm_15(ctx->u2, ctx->u2, p384_mod);
if (err == MP_OKAY)
- ctx->state = 12;
+ ctx->state = 10;
break;
- case 12: /* SQR */
+ case 10: /* SQR */
/* u1 = r.z'.z' mod prime */
sp_384_mont_sqr_15(ctx->p1.z, ctx->p1.z, p384_mod, p384_mp_mod);
- ctx->state = 13;
+ ctx->state = 11;
break;
- case 13: /* MUL */
+ case 11: /* MUL */
sp_384_mont_mul_15(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, p384_mp_mod);
- ctx->state = 14;
+ ctx->state = 12;
break;
- case 14: /* RES */
+ case 12: /* RES */
+ {
+ int32_t c = 0;
err = MP_OKAY; /* math okay, now check result */
*res = (int)(sp_384_cmp_15(ctx->p1.x, ctx->u1) == 0);
if (*res == 0) {
sp_digit carry;
- int32_t c;
/* Reload r and add order. */
- sp_384_from_mp(ctx->u2, 15, r);
+ sp_384_from_mp(ctx->u2, 15, rm);
carry = sp_384_add_15(ctx->u2, ctx->u2, p384_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -26623,22 +26439,23 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
/* Compare with mod and if greater or equal then not valid. */
c = sp_384_cmp_15(ctx->u2, p384_mod);
- if (c < 0) {
- /* Convert to Montogomery form */
- err = sp_384_mod_mul_norm_15(ctx->u2, ctx->u2, p384_mod);
- if (err == MP_OKAY) {
- /* u1 = (r + 1*order).z'.z' mod prime */
- sp_384_mont_mul_15(ctx->u1, ctx->u2, ctx->p1.z, p384_mod,
- p384_mp_mod);
- *res = (int)(sp_384_cmp_15(ctx->p1.x, ctx->u1) == 0);
- }
- }
+ }
+ }
+ if ((*res == 0) && (c < 0)) {
+ /* Convert to Montogomery form */
+ err = sp_384_mod_mul_norm_15(ctx->u2, ctx->u2, p384_mod);
+ if (err == MP_OKAY) {
+ /* u1 = (r + 1*order).z'.z' mod prime */
+ sp_384_mont_mul_15(ctx->u1, ctx->u2, ctx->p1.z, p384_mod,
+ p384_mp_mod);
+ *res = (int)(sp_384_cmp_15(ctx->p1.x, ctx->u1) == 0);
}
}
break;
}
+ } /* switch */
- if (err == MP_OKAY && ctx->state != 14) {
+ if (err == MP_OKAY && ctx->state != 12) {
err = FP_WOULDBLOCK;
}
@@ -26647,62 +26464,51 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
#endif /* WOLFSSL_SP_NONBLOCK */
int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
- const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm,
+ const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm,
int* res, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit u1d[2*15];
- sp_digit u2d[2*15];
- sp_digit sd[2*15];
- sp_digit tmpd[2*15 * 5];
- sp_point_384 p1d;
- sp_point_384 p2d;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* u1 = NULL;
+ sp_point_384* p1 = NULL;
+#else
+ sp_digit u1[16 * 15];
+ sp_point_384 p1[2];
+#endif
sp_digit* u2 = NULL;
sp_digit* s = NULL;
sp_digit* tmp = NULL;
- sp_point_384* p1;
sp_point_384* p2 = NULL;
sp_digit carry;
int32_t c = 0;
- int err;
+ int err = MP_OKAY;
- err = sp_384_point_new_15(heap, p1d, p1);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_384_point_new_15(heap, p2d, p2);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 15, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ p1 = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (p1 == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 15, heap,
+ DYNAMIC_TYPE_ECC);
+ if (u1 == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- u1 = d + 0 * 15;
- u2 = d + 2 * 15;
- s = d + 4 * 15;
- tmp = d + 6 * 15;
-#else
- u1 = u1d;
- u2 = u2d;
- s = sd;
- tmp = tmpd;
-#endif
+ u2 = u1 + 2 * 15;
+ s = u1 + 4 * 15;
+ tmp = u1 + 6 * 15;
+ p2 = p1 + 1;
if (hashLen > 48U) {
hashLen = 48U;
}
sp_384_from_bin(u1, 15, hash, (int)hashLen);
- sp_384_from_mp(u2, 15, r);
+ sp_384_from_mp(u2, 15, rm);
sp_384_from_mp(s, 15, sm);
sp_384_from_mp(p2->x, 15, pX);
sp_384_from_mp(p2->y, 15, pY);
@@ -26713,7 +26519,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
if (err == MP_OKAY) {
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_384_from_mp(u2, 15, r);
+ sp_384_from_mp(u2, 15, rm);
err = sp_384_mod_mul_norm_15(u2, u2, p384_mod);
}
@@ -26724,7 +26530,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
*res = (int)(sp_384_cmp_15(p1->x, u1) == 0);
if (*res == 0) {
/* Reload r and add order. */
- sp_384_from_mp(u2, 15, r);
+ sp_384_from_mp(u2, 15, rm);
carry = sp_384_add_15(u2, u2, p384_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -26733,8 +26539,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
/* Compare with mod and if greater or equal then not valid. */
c = sp_384_cmp_15(u2, p384_mod);
}
- }
- if ((*res == 0) && (c < 0)) {
+ }
+ if ((*res == 0) && (c < 0)) {
/* Convert to Montogomery form */
err = sp_384_mod_mul_norm_15(u2, u2, p384_mod);
if (err == MP_OKAY) {
@@ -26746,12 +26552,12 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL)
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (u1 != NULL)
+ XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+ if (p1 != NULL)
+ XFREE(p1, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_15(p1, 0, heap);
- sp_384_point_free_15(p2, 0, heap);
return err;
}
@@ -26768,32 +26574,23 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
static int sp_384_ecc_is_point_15(const sp_point_384* point,
void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2*15];
- sp_digit t2d[2*15];
+ sp_digit t1[15 * 4];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 15 * 4, heap, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 15 * 4, heap, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)heap;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 15;
- t2 = d + 2 * 15;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 15;
sp_384_sqr_15(t1, point->y);
(void)sp_384_mod_15(t1, t1, p384_mod);
@@ -26813,10 +26610,9 @@ static int sp_384_ecc_is_point_15(const sp_point_384* point,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, heap, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -26831,14 +26627,21 @@ static int sp_384_ecc_is_point_15(const sp_point_384* point,
*/
int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 pubd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* pub = NULL;
+#else
+ sp_point_384 pub[1];
+#endif
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
#endif
- sp_point_384* pub;
- byte one[1] = { 1 };
- int err;
- err = sp_384_point_new_15(NULL, pubd, pub);
if (err == MP_OKAY) {
sp_384_from_mp(pub->x, 15, pX);
sp_384_from_mp(pub->y, 15, pY);
@@ -26847,7 +26650,10 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
err = sp_384_ecc_is_point_15(pub, NULL);
}
- sp_384_point_free_15(pub, 0, NULL);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -26866,45 +26672,45 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
const mp_int* privm, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit privd[15];
- sp_point_384 pubd;
- sp_point_384 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* priv = NULL;
- sp_point_384* pub;
- sp_point_384* p = NULL;
- byte one[1] = { 1 };
- int err;
-
- err = sp_384_point_new_15(heap, pubd, pub);
- if (err == MP_OKAY) {
- err = sp_384_point_new_15(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY && privm) {
- priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 15, heap,
- DYNAMIC_TYPE_ECC);
- if (priv == NULL) {
- err = MEMORY_E;
- }
- }
+ sp_point_384* pub = NULL;
+#else
+ sp_digit priv[15];
+ sp_point_384 pub[2];
#endif
+ sp_point_384* p = NULL;
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
/* Quick check the lengs of public key ordinates and private key are in
* range. Proper check later.
*/
- if ((err == MP_OKAY) && ((mp_count_bits(pX) > 384) ||
+ if (((mp_count_bits(pX) > 384) ||
(mp_count_bits(pY) > 384) ||
((privm != NULL) && (mp_count_bits(privm) > 384)))) {
err = ECC_OUT_OF_RANGE_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- priv = privd;
+ pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY && privm) {
+ priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 15, heap,
+ DYNAMIC_TYPE_ECC);
+ if (priv == NULL)
+ err = MEMORY_E;
+ }
#endif
+ if (err == MP_OKAY) {
+ p = pub + 1;
+
sp_384_from_mp(pub->x, 15, pX);
sp_384_from_mp(pub->y, 15, pY);
sp_384_from_bin(pub->z, 15, one, (int)sizeof(one));
@@ -26953,13 +26759,12 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (priv != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+ if (priv != NULL)
XFREE(priv, heap, DYNAMIC_TYPE_ECC);
- }
#endif
- sp_384_point_free_15(p, 0, heap);
- sp_384_point_free_15(pub, 0, heap);
return err;
}
@@ -26983,33 +26788,35 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* qX, mp_int* qY, mp_int* qZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 15 * 5];
- sp_point_384 pd;
- sp_point_384 qd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_384* p;
+ sp_point_384* p = NULL;
+#else
+ sp_digit tmp[2 * 15 * 5];
+ sp_point_384 p[2];
+#endif
sp_point_384* q = NULL;
int err;
- err = sp_384_point_new_15(NULL, pd, p);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_384_point_new_15(NULL, qd, q);
+ p = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 15 * 5, NULL,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (tmp == NULL) {
err = MEMORY_E;
}
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
+ q = p + 1;
+
sp_384_from_mp(p->x, 15, pX);
sp_384_from_mp(p->y, 15, pY);
sp_384_from_mp(p->z, 15, pZ);
@@ -27030,13 +26837,12 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_384_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_15(q, 0, NULL);
- sp_384_point_free_15(p, 0, NULL);
return err;
}
@@ -27055,25 +26861,28 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 15 * 2];
- sp_point_384 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_384* p;
- int err;
+ sp_point_384* p = NULL;
+#else
+ sp_digit tmp[2 * 15 * 2];
+ sp_point_384 p[1];
+#endif
+ int err = MP_OKAY;
- err = sp_384_point_new_15(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 15 * 2, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
@@ -27094,12 +26903,12 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_384_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_15(p, 0, NULL);
return err;
}
@@ -27114,25 +26923,29 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
*/
int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 15 * 6];
- sp_point_384 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_384* p;
- int err;
+ sp_point_384* p = NULL;
+#else
+ sp_digit tmp[2 * 15 * 6];
+ sp_point_384 p[1];
+#endif
+ int err = MP_OKAY;
- err = sp_384_point_new_15(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 15 * 6, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
sp_384_from_mp(p->x, 15, pX);
@@ -27152,12 +26965,12 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
err = sp_384_to_mp(p->z, pZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_15(p, 0, NULL);
return err;
}
@@ -27170,43 +26983,28 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
*/
static int sp_384_mont_sqrt_15(sp_digit* y)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2 * 15];
- sp_digit t2d[2 * 15];
- sp_digit t3d[2 * 15];
- sp_digit t4d[2 * 15];
- sp_digit t5d[2 * 15];
+ sp_digit t1[5 * 2 * 15];
#endif
- sp_digit* t1;
- sp_digit* t2;
- sp_digit* t3;
- sp_digit* t4;
- sp_digit* t5;
+ sp_digit* t2 = NULL;
+ sp_digit* t3 = NULL;
+ sp_digit* t4 = NULL;
+ sp_digit* t5 = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 15, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 15, NULL, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 15;
- t2 = d + 2 * 15;
- t3 = d + 4 * 15;
- t4 = d + 6 * 15;
- t5 = d + 8 * 15;
-#else
- t1 = t1d;
- t2 = t2d;
- t3 = t3d;
- t4 = t4d;
- t5 = t5d;
-#endif
+ t2 = t1 + 2 * 15;
+ t3 = t1 + 4 * 15;
+ t4 = t1 + 6 * 15;
+ t5 = t1 + 8 * 15;
{
/* t2 = y ^ 0x2 */
@@ -27266,10 +27064,9 @@ static int sp_384_mont_sqrt_15(sp_digit* y)
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -27285,31 +27082,22 @@ static int sp_384_mont_sqrt_15(sp_digit* y)
*/
int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
-#else
- sp_digit xd[2 * 15];
- sp_digit yd[2 * 15];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* x = NULL;
+#else
+ sp_digit x[4 * 15];
+#endif
sp_digit* y = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 15, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 15, NULL, DYNAMIC_TYPE_ECC);
+ if (x == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- x = d + 0 * 15;
- y = d + 2 * 15;
-#else
- x = xd;
- y = yd;
-#endif
+ y = x + 2 * 15;
sp_384_from_mp(x, 15, xm);
err = sp_384_mod_mul_norm_15(x, x, p384_mod);
@@ -27342,10 +27130,9 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
err = sp_384_to_mp(y, ym);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (x != NULL)
+ XFREE(x, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -28132,34 +27919,25 @@ static int sp_1024_div_42(const sp_digit* a, const sp_digit* d,
#endif
sp_digit dv;
sp_digit r1;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[84];
- sp_digit t2d[42 + 1];
+ sp_digit t1[3 * 42 + 1];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 42 + 1), NULL,
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 42 + 1), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = td;
- t2 = td + 2 * 42;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 42;
dv = d[40];
XMEMCPY(t1, a, sizeof(*t1) * 2U * 42U);
@@ -28177,6 +27955,7 @@ static int sp_1024_div_42(const sp_digit* a, const sp_digit* d,
sp_1024_mul_d_42(t2, d, r1);
(void)sp_1024_sub_42(&t1[i], &t1[i], t2);
+ sp_1024_norm_42(&t1[i]);
t1[42 + i] -= t2[42];
t1[41 + i] += t1[41 + i - 1] >> 25;
t1[41 + i - 1] &= 0x1ffffff;
@@ -28203,10 +27982,9 @@ static int sp_1024_div_42(const sp_digit* a, const sp_digit* d,
r[41] = 0;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
- XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return err;
@@ -28238,6 +28016,8 @@ static int sp_1024_mod_mul_norm_42(sp_digit* r, const sp_digit* a,
return sp_1024_mod_42(r, r, m);
}
+
+#ifdef WOLFCRYPT_HAVE_SAKKE
/* Create a new point.
*
* heap [in] Buffer to allocate dynamic memory from.
@@ -28269,8 +28049,8 @@ static int sp_1024_point_new_ex_42(void* heap, sp_point_1024* sp,
/* Set pointer to data and return no error. */
#define sp_1024_point_new_42(heap, sp, p) sp_1024_point_new_ex_42((heap), &(sp), &(p))
#endif
-
-
+#endif /* WOLFCRYPT_HAVE_SAKKE */
+#ifdef WOLFCRYPT_HAVE_SAKKE
/* Free the point.
*
* p [in,out] Point to free.
@@ -28295,6 +28075,7 @@ static void sp_1024_point_free_42(sp_point_1024* p, int clear, void* heap)
#endif
(void)heap;
}
+#endif /* WOLFCRYPT_HAVE_SAKKE */
/* Convert an mp_int to an array of sp_digit.
*
@@ -29650,12 +29431,12 @@ static int sp_1024_ecc_mulmod_42_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
static int sp_1024_ecc_mulmod_42(sp_point_1024* r, const sp_point_1024* g,
const sp_digit* k, int map, int ct, void* heap)
{
-#ifdef WOLFSSL_SP_NO_MALLOC
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* t = NULL;
+ sp_digit* tmp = NULL;
+#else
sp_point_1024 t[3];
sp_digit tmp[2 * 42 * 5];
-#else
- sp_point_1024* t;
- sp_digit* tmp;
#endif
sp_digit n;
int i;
@@ -29663,18 +29444,21 @@ static int sp_1024_ecc_mulmod_42(sp_point_1024* r, const sp_point_1024* g,
int y;
int err = MP_OKAY;
- /* Implementatio is constant time. */
+ /* Implementation is constant time. */
(void)ct;
(void)heap;
-#ifndef WOLFSSL_SP_NO_MALLOC
- t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap,
+ DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 42 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 42 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
if (err == MP_OKAY) {
@@ -29725,19 +29509,24 @@ static int sp_1024_ecc_mulmod_42(sp_point_1024* r, const sp_point_1024* g,
}
}
-#ifndef WOLFSSL_SP_NO_MALLOC
- if (tmp != NULL) {
- XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 42 * 5);
- XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_point_1024) * 3);
- XFREE(t, NULL, DYNAMIC_TYPE_ECC);
- }
-#else
- ForceZero(tmp, sizeof(tmp));
- ForceZero(t, sizeof(t));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
#endif
+ {
+ ForceZero(tmp, sizeof(sp_digit) * 2 * 42 * 5);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+#endif
+ {
+ ForceZero(t, sizeof(sp_point_1024) * 3);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -30197,43 +29986,41 @@ static void sp_1024_ecc_recode_7_42(const sp_digit* k, ecc_recode_1024* v)
static int sp_1024_ecc_mulmod_win_add_sub_42(sp_point_1024* r, const sp_point_1024* g,
const sp_digit* k, int map, int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 td[65];
- sp_point_1024 rtd;
- sp_point_1024 pd;
- sp_digit tmpd[2 * 42 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* t = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_1024 t[65+2];
+ sp_digit tmp[2 * 42 * 6];
#endif
- sp_point_1024* t;
- sp_point_1024* rt;
+ sp_point_1024* rt = NULL;
sp_point_1024* p = NULL;
- sp_digit* tmp;
sp_digit* negy;
int i;
ecc_recode_1024 v[147];
- int err;
+ int err = MP_OKAY;
/* Constant time used for cache attack resistance implementation. */
(void)ct;
(void)heap;
- err = sp_1024_point_new_42(heap, rtd, rt);
- if (err == MP_OKAY)
- err = sp_1024_point_new_42(heap, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 65, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) *
+ (65+2), heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 42 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
-#else
- t = td;
- tmp = tmpd;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 42 * 6,
+ heap, DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
-
if (err == MP_OKAY) {
+ rt = t + 65;
+ p = t + 65+1;
+
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
@@ -30317,14 +30104,12 @@ static int sp_1024_ecc_mulmod_win_add_sub_42(sp_point_1024* r, const sp_point_10
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
if (tmp != NULL)
XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_42(p, 0, heap);
- sp_1024_point_free_42(rt, 0, heap);
return err;
}
@@ -30450,29 +30235,30 @@ static void sp_1024_proj_to_affine_42(sp_point_1024* a, sp_digit* t)
static int sp_1024_gen_stripe_table_42(const sp_point_1024* a,
sp_table_entry_1024* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 td;
- sp_point_1024 s1d;
- sp_point_1024 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* t = NULL;
+#else
+ sp_point_1024 t[3];
#endif
- sp_point_1024* t;
sp_point_1024* s1 = NULL;
sp_point_1024* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_1024_point_new_42(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_42(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_1024_point_new_42(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_1024_mod_mul_norm_42(t->x, a->x, p1024_mod);
}
if (err == MP_OKAY) {
@@ -30517,9 +30303,10 @@ static int sp_1024_gen_stripe_table_42(const sp_point_1024* a,
}
}
- sp_1024_point_free_42(s2, 0, heap);
- sp_1024_point_free_42(s1, 0, heap);
- sp_1024_point_free_42( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -30545,19 +30332,19 @@ static int sp_1024_ecc_mulmod_stripe_42(sp_point_1024* r, const sp_point_1024* g
const sp_table_entry_1024* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 rtd;
- sp_point_1024 pd;
- sp_digit td[2 * 42 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_1024 rt[2];
+ sp_digit t[2 * 42 * 5];
#endif
- sp_point_1024* rt;
sp_point_1024* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -30565,21 +30352,22 @@ static int sp_1024_ecc_mulmod_stripe_42(sp_point_1024* r, const sp_point_1024* g
(void)heap;
- err = sp_1024_point_new_42(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_42(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 42 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 42 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p1024_norm_mod, sizeof(p1024_norm_mod));
XMEMCPY(rt->z, p1024_norm_mod, sizeof(p1024_norm_mod));
@@ -30615,13 +30403,12 @@ static int sp_1024_ecc_mulmod_stripe_42(sp_point_1024* r, const sp_point_1024* g
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_42(p, 0, heap);
- sp_1024_point_free_42(rt, 0, heap);
return err;
}
@@ -30785,25 +30572,28 @@ static int sp_1024_ecc_mulmod_42(sp_point_1024* r, const sp_point_1024* g, const
int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_digit kd[42];
-#endif
- sp_point_1024* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_1024 point[1];
+ sp_digit k[42];
+#endif
int err = MP_OKAY;
- err = sp_1024_point_new_42(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 42, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_1024_from_mp(k, 42, km);
sp_1024_point_from_ecc_point_42(point, gm);
@@ -30814,12 +30604,12 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
err = sp_1024_point_to_ecc_point_42(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_42(point, 0, heap);
return err;
}
@@ -34712,26 +34502,28 @@ static int sp_1024_ecc_mulmod_base_42(sp_point_1024* r, const sp_digit* k,
*/
int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_digit kd[42];
-#endif
- sp_point_1024* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_1024 point[1];
+ sp_digit k[42];
+#endif
int err = MP_OKAY;
- err = sp_1024_point_new_42(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 42, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_1024_from_mp(k, 42, km);
@@ -34741,12 +34533,12 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
err = sp_1024_point_to_ecc_point_42(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_42(point, 0, heap);
return err;
}
@@ -34765,37 +34557,35 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_point_1024 a;
- sp_digit kd[42];
- sp_digit t[42 * 2 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
+ sp_digit* k = NULL;
+#else
+ sp_point_1024 point[2];
+ sp_digit k[42 + 42 * 2 * 5];
#endif
- sp_point_1024* point;
sp_point_1024* addP = NULL;
sp_digit* tmp = NULL;
- sp_digit* k = NULL;
int err = MP_OKAY;
- err = sp_1024_point_new_42(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_1024_point_new_42(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (42 + 42 * 2 * 5), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (42 + 42 * 2 * 5),
+ heap, DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 42;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 42;
+
sp_1024_from_mp(k, 42, km);
sp_1024_point_from_ecc_point_42(addP, am);
}
@@ -34821,13 +34611,12 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
err = sp_1024_point_to_ecc_point_42(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_42(addP, 0, heap);
- sp_1024_point_free_42(point, 0, heap);
return err;
}
@@ -34845,29 +34634,43 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
void* heap)
{
- int err = 0;
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_point_1024* point = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_1024 point[1];
sp_digit t[5 * 2 * 42];
+#endif
+ int err = MP_OKAY;
if ((gm == NULL) || (len == NULL)) {
err = BAD_FUNC_ARG;
}
- if ((err == 0) && (table == NULL)) {
+ if ((err == MP_OKAY) && (table == NULL)) {
*len = sizeof(sp_table_entry_1024) * 256;
err = LENGTH_ONLY_E;
}
- if ((err == 0) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
+ if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
err = BUFFER_E;
}
- if (err == 0) {
- err = sp_1024_point_new_42(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
}
- if (err == 0) {
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 42, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+ }
+#endif
+
+ if (err == MP_OKAY) {
sp_1024_point_from_ecc_point_42(point, gm);
err = sp_1024_gen_stripe_table_42(point,
(sp_table_entry_1024*)table, t, heap);
@@ -34876,7 +34679,12 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
*len = sizeof(sp_table_entry_1024) * 256;
}
- sp_1024_point_free_42(point, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -34929,24 +34737,28 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_digit kd[42];
-#endif
- sp_point_1024* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_1024 point[1];
+ sp_digit k[42];
+#endif
int err = MP_OKAY;
- err = sp_1024_point_new_42(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 42, heap, DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_1024_from_mp(k, 42, km);
sp_1024_point_from_ecc_point_42(point, gm);
@@ -34963,12 +34775,12 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
err = sp_1024_point_to_ecc_point_42(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_42(point, 0, heap);
return err;
}
@@ -38421,33 +38233,24 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n)
static int sp_1024_ecc_is_point_42(const sp_point_1024* point,
void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2*42];
- sp_digit t2d[2*42];
+ sp_digit t1[42 * 4];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int32_t n;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 42 * 4, heap, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 42 * 4, heap, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)heap;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 42;
- t2 = d + 2 * 42;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 42;
sp_1024_sqr_42(t1, point->y);
(void)sp_1024_mod_42(t1, t1, p1024_mod);
@@ -38471,10 +38274,9 @@ static int sp_1024_ecc_is_point_42(const sp_point_1024* point,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, heap, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -38489,14 +38291,21 @@ static int sp_1024_ecc_is_point_42(const sp_point_1024* point,
*/
int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 pubd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* pub = NULL;
+#else
+ sp_point_1024 pub[1];
+#endif
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
#endif
- sp_point_1024* pub;
- byte one[1] = { 1 };
- int err;
- err = sp_1024_point_new_42(NULL, pubd, pub);
if (err == MP_OKAY) {
sp_1024_from_mp(pub->x, 42, pX);
sp_1024_from_mp(pub->y, 42, pY);
@@ -38505,7 +38314,10 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
err = sp_1024_ecc_is_point_42(pub, NULL);
}
- sp_1024_point_free_42(pub, 0, NULL);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -38524,45 +38336,45 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
const mp_int* privm, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit privd[42];
- sp_point_1024 pubd;
- sp_point_1024 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* priv = NULL;
- sp_point_1024* pub;
- sp_point_1024* p = NULL;
- byte one[1] = { 1 };
- int err;
-
- err = sp_1024_point_new_42(heap, pubd, pub);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_42(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY && privm) {
- priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 42, heap,
- DYNAMIC_TYPE_ECC);
- if (priv == NULL) {
- err = MEMORY_E;
- }
- }
+ sp_point_1024* pub = NULL;
+#else
+ sp_digit priv[42];
+ sp_point_1024 pub[2];
#endif
+ sp_point_1024* p = NULL;
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
/* Quick check the lengs of public key ordinates and private key are in
* range. Proper check later.
*/
- if ((err == MP_OKAY) && ((mp_count_bits(pX) > 1024) ||
+ if (((mp_count_bits(pX) > 1024) ||
(mp_count_bits(pY) > 1024) ||
((privm != NULL) && (mp_count_bits(privm) > 1024)))) {
err = ECC_OUT_OF_RANGE_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- priv = privd;
+ pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY && privm) {
+ priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 42, heap,
+ DYNAMIC_TYPE_ECC);
+ if (priv == NULL)
+ err = MEMORY_E;
+ }
#endif
+ if (err == MP_OKAY) {
+ p = pub + 1;
+
sp_1024_from_mp(pub->x, 42, pX);
sp_1024_from_mp(pub->y, 42, pY);
sp_1024_from_bin(pub->z, 42, one, (int)sizeof(one));
@@ -38611,13 +38423,12 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (priv != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+ if (priv != NULL)
XFREE(priv, heap, DYNAMIC_TYPE_ECC);
- }
#endif
- sp_1024_point_free_42(p, 0, heap);
- sp_1024_point_free_42(pub, 0, heap);
return err;
}
diff --git a/wolfcrypt/src/sp_c64.c b/wolfcrypt/src/sp_c64.c
index 253bc648b..bbad01ca1 100644
--- a/wolfcrypt/src/sp_c64.c
+++ b/wolfcrypt/src/sp_c64.c
@@ -1435,34 +1435,25 @@ static int sp_2048_div_18(const sp_digit* a, const sp_digit* d,
#endif
sp_digit dv;
sp_digit r1;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[36];
- sp_digit t2d[18 + 1];
+ sp_digit t1[3 * 18 + 1];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 18 + 1), NULL,
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 18 + 1), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = td;
- t2 = td + 2 * 18;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 18;
dv = d[17];
XMEMCPY(t1, a, sizeof(*t1) * 2U * 18U);
@@ -1480,6 +1471,7 @@ static int sp_2048_div_18(const sp_digit* a, const sp_digit* d,
sp_2048_mul_d_18(t2, d, r1);
(void)sp_2048_sub_18(&t1[i], &t1[i], t2);
+ sp_2048_norm_18(&t1[i]);
t1[18 + i] -= t2[18];
t1[18 + i] += t1[18 + i - 1] >> 57;
t1[18 + i - 1] &= 0x1ffffffffffffffL;
@@ -1505,10 +1497,9 @@ static int sp_2048_div_18(const sp_digit* a, const sp_digit* d,
(sp_digit)1 : (sp_digit)0));
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
- XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return err;
@@ -1539,13 +1530,13 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e,
const sp_digit* m, int reduceA)
{
#ifdef WOLFSSL_SP_SMALL
-#if !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* td = NULL;
#else
sp_digit td[3 * 36];
#endif
- sp_digit* t[3];
- sp_digit* norm;
+ sp_digit* t[3] = {0, 0, 0};
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -1553,22 +1544,17 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
-#if !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 18 * 2, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<3; i++) {
-#if !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + (i * 18 * 2);
-#else
- t[i] = &td[i * 18 * 2];
-#endif
XMEMSET(t[i], 0, sizeof(sp_digit) * 18U * 2U);
}
@@ -1623,21 +1609,20 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
-#if !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
#elif !defined(WC_NO_CACHE_RESISTANT)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[3 * 36];
#endif
- sp_digit* t[3];
- sp_digit* norm;
+ sp_digit* t[3] = {0, 0, 0};
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -1645,22 +1630,17 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 18 * 2, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<3; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + (i * 18 * 2);
-#else
- t[i] = &td[i * 18 * 2];
-#endif
}
sp_2048_mont_setup(m, &mp);
@@ -1714,22 +1694,21 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e,
XMEMCPY(r, t[0], sizeof(*r) * 18 * 2);
}
-#ifdef WOLFSSL_SMALL_STACK
- if (td != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
#else
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[(32 * 36) + 36];
#endif
sp_digit* t[32];
sp_digit* rt = NULL;
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -1740,22 +1719,15 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 36) + 36), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
for (i=0; i<32; i++)
t[i] = td + i * 36;
rt = td + 1152;
-#else
- for (i=0; i<32; i++)
- t[i] = &td[i * 36];
- rt = &td[1152];
-#endif
sp_2048_mont_setup(m, &mp);
sp_2048_mont_norm_18(norm, m);
@@ -1852,9 +1824,8 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -2345,34 +2316,25 @@ static int sp_2048_div_36(const sp_digit* a, const sp_digit* d,
#endif
sp_digit dv;
sp_digit r1;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[72];
- sp_digit t2d[36 + 1];
+ sp_digit t1[3 * 36 + 1];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 36 + 1), NULL,
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 36 + 1), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = td;
- t2 = td + 2 * 36;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 36;
dv = d[35];
XMEMCPY(t1, a, sizeof(*t1) * 2U * 36U);
@@ -2390,6 +2352,7 @@ static int sp_2048_div_36(const sp_digit* a, const sp_digit* d,
sp_2048_mul_d_36(t2, d, r1);
(void)sp_2048_sub_36(&t1[i], &t1[i], t2);
+ sp_2048_norm_36(&t1[i]);
t1[36 + i] -= t2[36];
t1[36 + i] += t1[36 + i - 1] >> 57;
t1[36 + i - 1] &= 0x1ffffffffffffffL;
@@ -2415,10 +2378,9 @@ static int sp_2048_div_36(const sp_digit* a, const sp_digit* d,
(sp_digit)1 : (sp_digit)0));
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
- XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return err;
@@ -2451,13 +2413,13 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
const sp_digit* m, int reduceA)
{
#ifdef WOLFSSL_SP_SMALL
-#if !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* td = NULL;
#else
sp_digit td[3 * 72];
#endif
- sp_digit* t[3];
- sp_digit* norm;
+ sp_digit* t[3] = {0, 0, 0};
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -2465,22 +2427,17 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
-#if !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 36 * 2, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<3; i++) {
-#if !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + (i * 36 * 2);
-#else
- t[i] = &td[i * 36 * 2];
-#endif
XMEMSET(t[i], 0, sizeof(sp_digit) * 36U * 2U);
}
@@ -2535,21 +2492,20 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
-#if !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
#elif !defined(WC_NO_CACHE_RESISTANT)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[3 * 72];
#endif
- sp_digit* t[3];
- sp_digit* norm;
+ sp_digit* t[3] = {0, 0, 0};
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -2557,22 +2513,17 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 36 * 2, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<3; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + (i * 36 * 2);
-#else
- t[i] = &td[i * 36 * 2];
-#endif
}
sp_2048_mont_setup(m, &mp);
@@ -2626,22 +2577,21 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
XMEMCPY(r, t[0], sizeof(*r) * 36 * 2);
}
-#ifdef WOLFSSL_SMALL_STACK
- if (td != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
#else
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[(32 * 72) + 72];
#endif
sp_digit* t[32];
sp_digit* rt = NULL;
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -2652,22 +2602,15 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 72) + 72), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
for (i=0; i<32; i++)
t[i] = td + i * 72;
rt = td + 2304;
-#else
- for (i=0; i<32; i++)
- t[i] = &td[i * 72];
- rt = &td[2304];
-#endif
sp_2048_mont_setup(m, &mp);
sp_2048_mont_norm_36(norm, m);
@@ -2764,9 +2707,8 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -2792,8 +2734,11 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
const mp_int* mm, byte* out, word32* outLen)
{
#ifdef WOLFSSL_SP_SMALL
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[36 * 5];
+#endif
sp_digit* m = NULL;
sp_digit* r = NULL;
sp_digit* norm = NULL;
@@ -2821,15 +2766,16 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 36 * 5, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 36 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
+#endif
if (err == MP_OKAY) {
- a = d;
r = a + 36 * 2;
m = r + 36 * 2;
norm = r;
@@ -2882,18 +2828,17 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
*outLen = 256;
}
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+#endif
return err;
#else
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit ad[72];
- sp_digit md[36];
- sp_digit rd[72];
-#else
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[36 * 5];
#endif
sp_digit* a = NULL;
sp_digit* m = NULL;
@@ -2919,27 +2864,20 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 36 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL) {
+ if (d == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
a = d;
r = a + 36 * 2;
m = r + 36 * 2;
- }
-#else
- a = ad;
- m = md;
- r = rd;
-#endif
- if (err == MP_OKAY) {
sp_2048_from_bin(a, 36, in, inLen);
#if DIGIT_BIT >= 57
e[0] = (sp_digit)em->dp[0];
@@ -3003,10 +2941,9 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
*outLen = 256;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
#endif
return err;
@@ -3038,9 +2975,13 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
#if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM)
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* a = NULL;
+#if defined(WOLFSSL_SP_SMALL)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[36 * 4];
+#endif
+ sp_digit* a = NULL;
sp_digit* m = NULL;
sp_digit* r = NULL;
int err = MP_OKAY;
@@ -3069,13 +3010,15 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 36 * 4, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL) {
+ if (d == NULL)
err = MEMORY_E;
- }
}
+#endif
+
if (err == MP_OKAY) {
a = d + 36;
m = a + 72;
@@ -3086,22 +3029,34 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
sp_2048_from_mp(m, 36, mm);
err = sp_2048_mod_exp_36(r, a, d, 2048, m, 0);
}
+
if (err == MP_OKAY) {
sp_2048_to_bin(r, out);
*outLen = 256;
}
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 36);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
+#endif
+ {
+ /* only "a" and "r" are sensitive and need zeroized (same pointer) */
+ if (a != NULL)
+ ForceZero(a, sizeof(sp_digit) * 36);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#endif
}
return err;
#else
- sp_digit a[72];
- sp_digit d[36];
- sp_digit m[36];
- sp_digit* r = a;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* d = NULL;
+#else
+ sp_digit d[36 * 4];
+#endif
+ sp_digit* a = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
int err = MP_OKAY;
(void)pm;
@@ -3128,7 +3083,20 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
+ d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 36 * 4, NULL,
+ DYNAMIC_TYPE_RSA);
+ if (d == NULL)
+ err = MEMORY_E;
+ }
+#endif
+
+ if (err == MP_OKAY) {
+ a = d + 36;
+ m = a + 72;
+ r = a;
+
sp_2048_from_bin(a, 36, in, inLen);
sp_2048_from_mp(d, 36, dm);
sp_2048_from_mp(m, 36, mm);
@@ -3140,14 +3108,27 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 256;
}
- XMEMSET(d, 0, sizeof(sp_digit) * 36);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
+#endif
+ {
+ /* only "a" and "r" are sensitive and need zeroized (same pointer) */
+ if (a != NULL)
+ ForceZero(a, sizeof(sp_digit) * 36);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#endif
+ }
return err;
-#endif /* WOLFSSL_SP_SMALL | defined(WOLFSSL_SMALL_STACK) */
+#endif /* WOLFSSL_SP_SMALL */
#else
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* t = NULL;
+#if defined(WOLFSSL_SP_SMALL)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[18 * 11];
+#endif
sp_digit* p = NULL;
sp_digit* q = NULL;
sp_digit* dp = NULL;
@@ -3176,22 +3157,21 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18 * 11, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18 * 11, NULL,
DYNAMIC_TYPE_RSA);
- if (t == NULL) {
+ if (a == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
- a = t;
p = a + 36 * 2;
q = p + 18;
qi = dq = dp = q + 18;
tmpa = qi + 18;
tmpb = tmpa + 36;
-
- r = t + 36;
+ r = a + 36;
sp_2048_from_bin(a, 36, in, inLen);
sp_2048_from_mp(p, 18, pm);
@@ -3205,6 +3185,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
}
if (err == MP_OKAY) {
(void)sp_2048_sub_18(tmpa, tmpa, tmpb);
+ sp_2048_norm_18(tmpa);
sp_2048_cond_add_18(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[17] >> 63));
sp_2048_cond_add_18(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[17] >> 63));
@@ -3222,22 +3203,31 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 256;
}
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_digit) * 18 * 11);
- XFREE(t, NULL, DYNAMIC_TYPE_RSA);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+#endif
+ {
+ ForceZero(a, sizeof(sp_digit) * 18 * 11);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+#endif
}
return err;
#else
- sp_digit a[36 * 2];
- sp_digit p[18];
- sp_digit q[18];
- sp_digit dp[18];
- sp_digit dq[18];
- sp_digit qi[18];
- sp_digit tmpa[36];
- sp_digit tmpb[36];
- sp_digit* r = a;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* a = NULL;
+#else
+ sp_digit a[18 * 13];
+#endif
+ sp_digit* p = NULL;
+ sp_digit* q = NULL;
+ sp_digit* dp = NULL;
+ sp_digit* dq = NULL;
+ sp_digit* qi = NULL;
+ sp_digit* tmpa = NULL;
+ sp_digit* tmpb = NULL;
+ sp_digit* r = NULL;
int err = MP_OKAY;
(void)dm;
@@ -3258,7 +3248,25 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18 * 13, NULL,
+ DYNAMIC_TYPE_RSA);
+ if (a == NULL)
+ err = MEMORY_E;
+ }
+#endif
+
+ if (err == MP_OKAY) {
+ p = a + 36 * 2;
+ q = p + 18;
+ dp = q + 18;
+ dq = dp + 18;
+ qi = dq + 18;
+ tmpa = qi + 18;
+ tmpb = tmpa + 36;
+ r = a;
+
sp_2048_from_bin(a, 36, in, inLen);
sp_2048_from_mp(p, 18, pm);
sp_2048_from_mp(q, 18, qm);
@@ -3274,6 +3282,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
if (err == MP_OKAY) {
(void)sp_2048_sub_18(tmpa, tmpa, tmpb);
+ sp_2048_norm_18(tmpa);
sp_2048_cond_add_18(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[17] >> 63));
sp_2048_cond_add_18(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[17] >> 63));
sp_2048_mul_18(tmpa, tmpa, qi);
@@ -3289,17 +3298,19 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 256;
}
- XMEMSET(tmpa, 0, sizeof(tmpa));
- XMEMSET(tmpb, 0, sizeof(tmpb));
- XMEMSET(p, 0, sizeof(p));
- XMEMSET(q, 0, sizeof(q));
- XMEMSET(dp, 0, sizeof(dp));
- XMEMSET(dq, 0, sizeof(dq));
- XMEMSET(qi, 0, sizeof(qi));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+if (a != NULL)
+#endif
+ {
+ ForceZero(a, sizeof(sp_digit) * 18 * 13);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+ #endif
+ }
return err;
-#endif /* WOLFSSL_SP_SMALL | defined(WOLFSSL_SMALL_STACK) */
-#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */
+#endif /* WOLFSSL_SP_SMALL */
+#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */
}
#endif /* !WOLFSSL_RSA_PUBLIC_ONLY */
@@ -3388,11 +3399,14 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod,
{
#ifdef WOLFSSL_SP_SMALL
int err = MP_OKAY;
- sp_digit* d = NULL;
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
+#else
+ sp_digit b[36 * 4];
+#endif
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
int expBits = mp_count_bits(exp);
if (mp_count_bits(base) > 2048) {
@@ -3408,16 +3422,16 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = MP_VAL;
}
-
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 36 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL) {
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 36 * 4, NULL,
+ DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
- b = d;
e = b + 36 * 2;
m = e + 36;
r = b;
@@ -3433,23 +3447,27 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = sp_2048_to_mp(r, res);
}
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 36U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
+#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 36U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
}
return err;
#else
-#ifndef WOLFSSL_SMALL_STACK
- sp_digit bd[72];
- sp_digit ed[36];
- sp_digit md[36];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
#else
- sp_digit* d = NULL;
+ sp_digit b[36 * 4];
#endif
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
int err = MP_OKAY;
int expBits = mp_count_bits(exp);
@@ -3466,26 +3484,19 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = MP_VAL;
}
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 36 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL)
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 36 * 4, NULL, DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- b = d;
- e = b + 36 * 2;
- m = e + 36;
- r = b;
- }
-#else
- r = b = bd;
- e = ed;
- m = md;
#endif
if (err == MP_OKAY) {
+ e = b + 36 * 2;
+ m = e + 36;
+ r = b;
+
sp_2048_from_mp(b, 36, base);
sp_2048_from_mp(e, 36, exp);
sp_2048_from_mp(m, 36, mod);
@@ -3498,14 +3509,17 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod,
}
-#ifdef WOLFSSL_SMALL_STACK
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 36U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 36U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 36U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
+ }
return err;
#endif
@@ -3615,12 +3629,12 @@ SP_NOINLINE static void sp_2048_lshift_36(sp_digit* r, const sp_digit* a,
static int sp_2048_mod_exp_2_36(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[109];
#endif
- sp_digit* norm;
- sp_digit* tmp;
+ sp_digit* norm = NULL;
+ sp_digit* tmp = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit o;
@@ -3632,20 +3646,14 @@ static int sp_2048_mod_exp_2_36(sp_digit* r, const sp_digit* e, int bits, const
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 109, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
tmp = td + 72;
XMEMSET(td, 0, sizeof(sp_digit) * 109);
-#else
- tmp = &td[72];
- XMEMSET(td, 0, sizeof(td));
-#endif
sp_2048_mont_setup(m, &mp);
sp_2048_mont_norm_36(norm, m);
@@ -3704,9 +3712,8 @@ static int sp_2048_mod_exp_2_36(sp_digit* r, const sp_digit* e, int bits, const
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -3731,11 +3738,14 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen,
{
#ifdef WOLFSSL_SP_SMALL
int err = MP_OKAY;
- sp_digit* d = NULL;
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
+#else
+ sp_digit b[36 * 4];
+#endif
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
word32 i;
if (mp_count_bits(base) > 2048) {
@@ -3751,15 +3761,15 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen,
err = MP_VAL;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 36 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL) {
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 36 * 4, NULL, DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
- b = d;
e = b + 36 * 2;
m = e + 36;
r = b;
@@ -3787,23 +3797,27 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen,
XMEMMOVE(out, out + i, *outLen);
}
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 36U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
+#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 36U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
}
return err;
#else
-#ifndef WOLFSSL_SMALL_STACK
- sp_digit bd[72];
- sp_digit ed[36];
- sp_digit md[36];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
#else
- sp_digit* d = NULL;
+ sp_digit b[36 * 4];
#endif
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
word32 i;
int err = MP_OKAY;
@@ -3820,26 +3834,20 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen,
err = MP_VAL;
}
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 36 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL)
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 36 * 4, NULL,
+ DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- b = d;
- e = b + 36 * 2;
- m = e + 36;
- r = b;
- }
-#else
- r = b = bd;
- e = ed;
- m = md;
#endif
if (err == MP_OKAY) {
+ e = b + 36 * 2;
+ m = e + 36;
+ r = b;
+
sp_2048_from_mp(b, 36, base);
sp_2048_from_bin(e, 36, exp, expLen);
sp_2048_from_mp(m, 36, mod);
@@ -3867,14 +3875,17 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen,
XMEMMOVE(out, out + i, *outLen);
}
-#ifdef WOLFSSL_SMALL_STACK
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 36U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 36U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 36U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
+ }
return err;
#endif
@@ -3895,11 +3906,14 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod,
{
#ifdef WOLFSSL_SP_SMALL
int err = MP_OKAY;
- sp_digit* d = NULL;
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
+#else
+ sp_digit b[18 * 4];
+#endif
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
int expBits = mp_count_bits(exp);
if (mp_count_bits(base) > 1024) {
@@ -3915,16 +3929,16 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = MP_VAL;
}
-
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 18 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL) {
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18 * 4, NULL,
+ DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
- b = d;
e = b + 18 * 2;
m = e + 18;
r = b;
@@ -3941,23 +3955,27 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = sp_2048_to_mp(r, res);
}
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 18U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
+#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 36U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
}
return err;
#else
-#ifndef WOLFSSL_SMALL_STACK
- sp_digit bd[36];
- sp_digit ed[18];
- sp_digit md[18];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
#else
- sp_digit* d = NULL;
+ sp_digit b[18 * 4];
#endif
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
int err = MP_OKAY;
int expBits = mp_count_bits(exp);
@@ -3974,26 +3992,19 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = MP_VAL;
}
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 18 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL)
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18 * 4, NULL, DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- b = d;
- e = b + 18 * 2;
- m = e + 18;
- r = b;
- }
-#else
- r = b = bd;
- e = ed;
- m = md;
#endif
if (err == MP_OKAY) {
+ e = b + 18 * 2;
+ m = e + 18;
+ r = b;
+
sp_2048_from_mp(b, 18, base);
sp_2048_from_mp(e, 18, exp);
sp_2048_from_mp(m, 18, mod);
@@ -4007,14 +4018,17 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod,
}
-#ifdef WOLFSSL_SMALL_STACK
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 18U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 18U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 36U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
+ }
return err;
#endif
@@ -5648,34 +5662,25 @@ static int sp_3072_div_27(const sp_digit* a, const sp_digit* d,
#endif
sp_digit dv;
sp_digit r1;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[54];
- sp_digit t2d[27 + 1];
+ sp_digit t1[3 * 27 + 1];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 27 + 1), NULL,
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 27 + 1), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = td;
- t2 = td + 2 * 27;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 27;
dv = d[26];
XMEMCPY(t1, a, sizeof(*t1) * 2U * 27U);
@@ -5693,6 +5698,7 @@ static int sp_3072_div_27(const sp_digit* a, const sp_digit* d,
sp_3072_mul_d_27(t2, d, r1);
(void)sp_3072_sub_27(&t1[i], &t1[i], t2);
+ sp_3072_norm_27(&t1[i]);
t1[27 + i] -= t2[27];
t1[27 + i] += t1[27 + i - 1] >> 57;
t1[27 + i - 1] &= 0x1ffffffffffffffL;
@@ -5718,10 +5724,9 @@ static int sp_3072_div_27(const sp_digit* a, const sp_digit* d,
(sp_digit)1 : (sp_digit)0));
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
- XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return err;
@@ -5752,13 +5757,13 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e,
const sp_digit* m, int reduceA)
{
#ifdef WOLFSSL_SP_SMALL
-#if !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* td = NULL;
#else
sp_digit td[3 * 54];
#endif
- sp_digit* t[3];
- sp_digit* norm;
+ sp_digit* t[3] = {0, 0, 0};
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -5766,22 +5771,17 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
-#if !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 27 * 2, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<3; i++) {
-#if !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + (i * 27 * 2);
-#else
- t[i] = &td[i * 27 * 2];
-#endif
XMEMSET(t[i], 0, sizeof(sp_digit) * 27U * 2U);
}
@@ -5836,21 +5836,20 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
-#if !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
#elif !defined(WC_NO_CACHE_RESISTANT)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[3 * 54];
#endif
- sp_digit* t[3];
- sp_digit* norm;
+ sp_digit* t[3] = {0, 0, 0};
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -5858,22 +5857,17 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 27 * 2, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<3; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + (i * 27 * 2);
-#else
- t[i] = &td[i * 27 * 2];
-#endif
}
sp_3072_mont_setup(m, &mp);
@@ -5927,22 +5921,21 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e,
XMEMCPY(r, t[0], sizeof(*r) * 27 * 2);
}
-#ifdef WOLFSSL_SMALL_STACK
- if (td != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
#else
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[(32 * 54) + 54];
#endif
sp_digit* t[32];
sp_digit* rt = NULL;
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -5953,22 +5946,15 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 54) + 54), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
for (i=0; i<32; i++)
t[i] = td + i * 54;
rt = td + 1728;
-#else
- for (i=0; i<32; i++)
- t[i] = &td[i * 54];
- rt = &td[1728];
-#endif
sp_3072_mont_setup(m, &mp);
sp_3072_mont_norm_27(norm, m);
@@ -6065,9 +6051,8 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -6563,34 +6548,25 @@ static int sp_3072_div_54(const sp_digit* a, const sp_digit* d,
#endif
sp_digit dv;
sp_digit r1;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[108];
- sp_digit t2d[54 + 1];
+ sp_digit t1[3 * 54 + 1];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 54 + 1), NULL,
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 54 + 1), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = td;
- t2 = td + 2 * 54;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 54;
dv = d[53];
XMEMCPY(t1, a, sizeof(*t1) * 2U * 54U);
@@ -6608,6 +6584,7 @@ static int sp_3072_div_54(const sp_digit* a, const sp_digit* d,
sp_3072_mul_d_54(t2, d, r1);
(void)sp_3072_sub_54(&t1[i], &t1[i], t2);
+ sp_3072_norm_54(&t1[i]);
t1[54 + i] -= t2[54];
t1[54 + i] += t1[54 + i - 1] >> 57;
t1[54 + i - 1] &= 0x1ffffffffffffffL;
@@ -6633,10 +6610,9 @@ static int sp_3072_div_54(const sp_digit* a, const sp_digit* d,
(sp_digit)1 : (sp_digit)0));
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
- XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return err;
@@ -6669,13 +6645,13 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e,
const sp_digit* m, int reduceA)
{
#ifdef WOLFSSL_SP_SMALL
-#if !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* td = NULL;
#else
sp_digit td[3 * 108];
#endif
- sp_digit* t[3];
- sp_digit* norm;
+ sp_digit* t[3] = {0, 0, 0};
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -6683,22 +6659,17 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
-#if !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 54 * 2, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<3; i++) {
-#if !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + (i * 54 * 2);
-#else
- t[i] = &td[i * 54 * 2];
-#endif
XMEMSET(t[i], 0, sizeof(sp_digit) * 54U * 2U);
}
@@ -6753,21 +6724,20 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
-#if !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
#elif !defined(WC_NO_CACHE_RESISTANT)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[3 * 108];
#endif
- sp_digit* t[3];
- sp_digit* norm;
+ sp_digit* t[3] = {0, 0, 0};
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -6775,22 +6745,17 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 54 * 2, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<3; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + (i * 54 * 2);
-#else
- t[i] = &td[i * 54 * 2];
-#endif
}
sp_3072_mont_setup(m, &mp);
@@ -6844,22 +6809,21 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e,
XMEMCPY(r, t[0], sizeof(*r) * 54 * 2);
}
-#ifdef WOLFSSL_SMALL_STACK
- if (td != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
#else
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[(32 * 108) + 108];
#endif
sp_digit* t[32];
sp_digit* rt = NULL;
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -6870,22 +6834,15 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 108) + 108), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
for (i=0; i<32; i++)
t[i] = td + i * 108;
rt = td + 3456;
-#else
- for (i=0; i<32; i++)
- t[i] = &td[i * 108];
- rt = &td[3456];
-#endif
sp_3072_mont_setup(m, &mp);
sp_3072_mont_norm_54(norm, m);
@@ -6982,9 +6939,8 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -7010,8 +6966,11 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
const mp_int* mm, byte* out, word32* outLen)
{
#ifdef WOLFSSL_SP_SMALL
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[54 * 5];
+#endif
sp_digit* m = NULL;
sp_digit* r = NULL;
sp_digit* norm = NULL;
@@ -7039,15 +6998,16 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 54 * 5, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 54 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
+#endif
if (err == MP_OKAY) {
- a = d;
r = a + 54 * 2;
m = r + 54 * 2;
norm = r;
@@ -7100,18 +7060,17 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
*outLen = 384;
}
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+#endif
return err;
#else
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit ad[108];
- sp_digit md[54];
- sp_digit rd[108];
-#else
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[54 * 5];
#endif
sp_digit* a = NULL;
sp_digit* m = NULL;
@@ -7137,27 +7096,20 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 54 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL) {
+ if (d == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
a = d;
r = a + 54 * 2;
m = r + 54 * 2;
- }
-#else
- a = ad;
- m = md;
- r = rd;
-#endif
- if (err == MP_OKAY) {
sp_3072_from_bin(a, 54, in, inLen);
#if DIGIT_BIT >= 57
e[0] = (sp_digit)em->dp[0];
@@ -7221,10 +7173,9 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
*outLen = 384;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
#endif
return err;
@@ -7256,9 +7207,13 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
#if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM)
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* a = NULL;
+#if defined(WOLFSSL_SP_SMALL)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[54 * 4];
+#endif
+ sp_digit* a = NULL;
sp_digit* m = NULL;
sp_digit* r = NULL;
int err = MP_OKAY;
@@ -7287,13 +7242,15 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 54 * 4, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL) {
+ if (d == NULL)
err = MEMORY_E;
- }
}
+#endif
+
if (err == MP_OKAY) {
a = d + 54;
m = a + 108;
@@ -7304,22 +7261,34 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
sp_3072_from_mp(m, 54, mm);
err = sp_3072_mod_exp_54(r, a, d, 3072, m, 0);
}
+
if (err == MP_OKAY) {
sp_3072_to_bin(r, out);
*outLen = 384;
}
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 54);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
+#endif
+ {
+ /* only "a" and "r" are sensitive and need zeroized (same pointer) */
+ if (a != NULL)
+ ForceZero(a, sizeof(sp_digit) * 54);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#endif
}
return err;
#else
- sp_digit a[108];
- sp_digit d[54];
- sp_digit m[54];
- sp_digit* r = a;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* d = NULL;
+#else
+ sp_digit d[54 * 4];
+#endif
+ sp_digit* a = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
int err = MP_OKAY;
(void)pm;
@@ -7346,7 +7315,20 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
+ d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 54 * 4, NULL,
+ DYNAMIC_TYPE_RSA);
+ if (d == NULL)
+ err = MEMORY_E;
+ }
+#endif
+
+ if (err == MP_OKAY) {
+ a = d + 54;
+ m = a + 108;
+ r = a;
+
sp_3072_from_bin(a, 54, in, inLen);
sp_3072_from_mp(d, 54, dm);
sp_3072_from_mp(m, 54, mm);
@@ -7358,14 +7340,27 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 384;
}
- XMEMSET(d, 0, sizeof(sp_digit) * 54);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
+#endif
+ {
+ /* only "a" and "r" are sensitive and need zeroized (same pointer) */
+ if (a != NULL)
+ ForceZero(a, sizeof(sp_digit) * 54);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#endif
+ }
return err;
-#endif /* WOLFSSL_SP_SMALL | defined(WOLFSSL_SMALL_STACK) */
+#endif /* WOLFSSL_SP_SMALL */
#else
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* t = NULL;
+#if defined(WOLFSSL_SP_SMALL)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[27 * 11];
+#endif
sp_digit* p = NULL;
sp_digit* q = NULL;
sp_digit* dp = NULL;
@@ -7394,22 +7389,21 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 27 * 11, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 27 * 11, NULL,
DYNAMIC_TYPE_RSA);
- if (t == NULL) {
+ if (a == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
- a = t;
p = a + 54 * 2;
q = p + 27;
qi = dq = dp = q + 27;
tmpa = qi + 27;
tmpb = tmpa + 54;
-
- r = t + 54;
+ r = a + 54;
sp_3072_from_bin(a, 54, in, inLen);
sp_3072_from_mp(p, 27, pm);
@@ -7423,6 +7417,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
}
if (err == MP_OKAY) {
(void)sp_3072_sub_27(tmpa, tmpa, tmpb);
+ sp_3072_norm_27(tmpa);
sp_3072_cond_add_27(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[26] >> 63));
sp_3072_cond_add_27(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[26] >> 63));
@@ -7440,22 +7435,31 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 384;
}
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_digit) * 27 * 11);
- XFREE(t, NULL, DYNAMIC_TYPE_RSA);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+#endif
+ {
+ ForceZero(a, sizeof(sp_digit) * 27 * 11);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+#endif
}
return err;
#else
- sp_digit a[54 * 2];
- sp_digit p[27];
- sp_digit q[27];
- sp_digit dp[27];
- sp_digit dq[27];
- sp_digit qi[27];
- sp_digit tmpa[54];
- sp_digit tmpb[54];
- sp_digit* r = a;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* a = NULL;
+#else
+ sp_digit a[27 * 13];
+#endif
+ sp_digit* p = NULL;
+ sp_digit* q = NULL;
+ sp_digit* dp = NULL;
+ sp_digit* dq = NULL;
+ sp_digit* qi = NULL;
+ sp_digit* tmpa = NULL;
+ sp_digit* tmpb = NULL;
+ sp_digit* r = NULL;
int err = MP_OKAY;
(void)dm;
@@ -7476,7 +7480,25 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 27 * 13, NULL,
+ DYNAMIC_TYPE_RSA);
+ if (a == NULL)
+ err = MEMORY_E;
+ }
+#endif
+
+ if (err == MP_OKAY) {
+ p = a + 54 * 2;
+ q = p + 27;
+ dp = q + 27;
+ dq = dp + 27;
+ qi = dq + 27;
+ tmpa = qi + 27;
+ tmpb = tmpa + 54;
+ r = a;
+
sp_3072_from_bin(a, 54, in, inLen);
sp_3072_from_mp(p, 27, pm);
sp_3072_from_mp(q, 27, qm);
@@ -7492,6 +7514,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
if (err == MP_OKAY) {
(void)sp_3072_sub_27(tmpa, tmpa, tmpb);
+ sp_3072_norm_27(tmpa);
sp_3072_cond_add_27(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[26] >> 63));
sp_3072_cond_add_27(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[26] >> 63));
sp_3072_mul_27(tmpa, tmpa, qi);
@@ -7507,17 +7530,19 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 384;
}
- XMEMSET(tmpa, 0, sizeof(tmpa));
- XMEMSET(tmpb, 0, sizeof(tmpb));
- XMEMSET(p, 0, sizeof(p));
- XMEMSET(q, 0, sizeof(q));
- XMEMSET(dp, 0, sizeof(dp));
- XMEMSET(dq, 0, sizeof(dq));
- XMEMSET(qi, 0, sizeof(qi));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+if (a != NULL)
+#endif
+ {
+ ForceZero(a, sizeof(sp_digit) * 27 * 13);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+ #endif
+ }
return err;
-#endif /* WOLFSSL_SP_SMALL | defined(WOLFSSL_SMALL_STACK) */
-#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */
+#endif /* WOLFSSL_SP_SMALL */
+#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */
}
#endif /* !WOLFSSL_RSA_PUBLIC_ONLY */
@@ -7606,11 +7631,14 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod,
{
#ifdef WOLFSSL_SP_SMALL
int err = MP_OKAY;
- sp_digit* d = NULL;
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
+#else
+ sp_digit b[54 * 4];
+#endif
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
int expBits = mp_count_bits(exp);
if (mp_count_bits(base) > 3072) {
@@ -7626,16 +7654,16 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = MP_VAL;
}
-
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 54 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL) {
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 54 * 4, NULL,
+ DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
- b = d;
e = b + 54 * 2;
m = e + 54;
r = b;
@@ -7651,23 +7679,27 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = sp_3072_to_mp(r, res);
}
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 54U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
+#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 54U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
}
return err;
#else
-#ifndef WOLFSSL_SMALL_STACK
- sp_digit bd[108];
- sp_digit ed[54];
- sp_digit md[54];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
#else
- sp_digit* d = NULL;
+ sp_digit b[54 * 4];
#endif
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
int err = MP_OKAY;
int expBits = mp_count_bits(exp);
@@ -7684,26 +7716,19 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = MP_VAL;
}
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 54 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL)
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 54 * 4, NULL, DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- b = d;
- e = b + 54 * 2;
- m = e + 54;
- r = b;
- }
-#else
- r = b = bd;
- e = ed;
- m = md;
#endif
if (err == MP_OKAY) {
+ e = b + 54 * 2;
+ m = e + 54;
+ r = b;
+
sp_3072_from_mp(b, 54, base);
sp_3072_from_mp(e, 54, exp);
sp_3072_from_mp(m, 54, mod);
@@ -7716,14 +7741,17 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod,
}
-#ifdef WOLFSSL_SMALL_STACK
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 54U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 54U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 54U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
+ }
return err;
#endif
@@ -7869,12 +7897,12 @@ SP_NOINLINE static void sp_3072_lshift_54(sp_digit* r, const sp_digit* a,
static int sp_3072_mod_exp_2_54(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[163];
#endif
- sp_digit* norm;
- sp_digit* tmp;
+ sp_digit* norm = NULL;
+ sp_digit* tmp = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit o;
@@ -7886,20 +7914,14 @@ static int sp_3072_mod_exp_2_54(sp_digit* r, const sp_digit* e, int bits, const
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 163, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
tmp = td + 108;
XMEMSET(td, 0, sizeof(sp_digit) * 163);
-#else
- tmp = &td[108];
- XMEMSET(td, 0, sizeof(td));
-#endif
sp_3072_mont_setup(m, &mp);
sp_3072_mont_norm_54(norm, m);
@@ -7958,9 +7980,8 @@ static int sp_3072_mod_exp_2_54(sp_digit* r, const sp_digit* e, int bits, const
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -7985,11 +8006,14 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen,
{
#ifdef WOLFSSL_SP_SMALL
int err = MP_OKAY;
- sp_digit* d = NULL;
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
+#else
+ sp_digit b[54 * 4];
+#endif
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
word32 i;
if (mp_count_bits(base) > 3072) {
@@ -8005,15 +8029,15 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen,
err = MP_VAL;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 54 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL) {
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 54 * 4, NULL, DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
- b = d;
e = b + 54 * 2;
m = e + 54;
r = b;
@@ -8041,23 +8065,27 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen,
XMEMMOVE(out, out + i, *outLen);
}
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 54U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
+#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 54U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
}
return err;
#else
-#ifndef WOLFSSL_SMALL_STACK
- sp_digit bd[108];
- sp_digit ed[54];
- sp_digit md[54];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
#else
- sp_digit* d = NULL;
+ sp_digit b[54 * 4];
#endif
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
word32 i;
int err = MP_OKAY;
@@ -8074,26 +8102,20 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen,
err = MP_VAL;
}
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 54 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL)
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 54 * 4, NULL,
+ DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- b = d;
- e = b + 54 * 2;
- m = e + 54;
- r = b;
- }
-#else
- r = b = bd;
- e = ed;
- m = md;
#endif
if (err == MP_OKAY) {
+ e = b + 54 * 2;
+ m = e + 54;
+ r = b;
+
sp_3072_from_mp(b, 54, base);
sp_3072_from_bin(e, 54, exp, expLen);
sp_3072_from_mp(m, 54, mod);
@@ -8121,14 +8143,17 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen,
XMEMMOVE(out, out + i, *outLen);
}
-#ifdef WOLFSSL_SMALL_STACK
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 54U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 54U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 54U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
+ }
return err;
#endif
@@ -8149,11 +8174,14 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod,
{
#ifdef WOLFSSL_SP_SMALL
int err = MP_OKAY;
- sp_digit* d = NULL;
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
+#else
+ sp_digit b[27 * 4];
+#endif
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
int expBits = mp_count_bits(exp);
if (mp_count_bits(base) > 1536) {
@@ -8169,16 +8197,16 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = MP_VAL;
}
-
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 27 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL) {
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 27 * 4, NULL,
+ DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
- b = d;
e = b + 27 * 2;
m = e + 27;
r = b;
@@ -8195,23 +8223,27 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = sp_3072_to_mp(r, res);
}
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 27U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
+#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 54U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
}
return err;
#else
-#ifndef WOLFSSL_SMALL_STACK
- sp_digit bd[54];
- sp_digit ed[27];
- sp_digit md[27];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
#else
- sp_digit* d = NULL;
+ sp_digit b[27 * 4];
#endif
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
int err = MP_OKAY;
int expBits = mp_count_bits(exp);
@@ -8228,26 +8260,19 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = MP_VAL;
}
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 27 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL)
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 27 * 4, NULL, DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- b = d;
- e = b + 27 * 2;
- m = e + 27;
- r = b;
- }
-#else
- r = b = bd;
- e = ed;
- m = md;
#endif
if (err == MP_OKAY) {
+ e = b + 27 * 2;
+ m = e + 27;
+ r = b;
+
sp_3072_from_mp(b, 27, base);
sp_3072_from_mp(e, 27, exp);
sp_3072_from_mp(m, 27, mod);
@@ -8261,14 +8286,17 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod,
}
-#ifdef WOLFSSL_SMALL_STACK
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 27U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 27U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 54U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
+ }
return err;
#endif
@@ -9969,40 +9997,29 @@ static int sp_4096_div_39(const sp_digit* a, const sp_digit* d,
#endif
sp_digit dv;
sp_digit r1;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[78 + 1];
- sp_digit t2d[39 + 1];
- sp_digit sdd[39 + 1];
+ sp_digit t1[4 * 39 + 3];
#endif
- sp_digit* t1;
- sp_digit* t2;
- sp_digit* sd;
+ sp_digit* t2 = NULL;
+ sp_digit* sd = NULL;
int err = MP_OKAY;
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 39 + 3), NULL,
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 39 + 3), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)m;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = td;
- t2 = td + 78 + 1;
+ t2 = t1 + 78 + 1;
sd = t2 + 39 + 1;
-#else
- t1 = t1d;
- t2 = t2d;
- sd = sdd;
-#endif
sp_4096_mul_d_39(sd, d, 1L << 19);
sp_4096_mul_d_78(t1, a, 1L << 19);
@@ -10021,6 +10038,7 @@ static int sp_4096_div_39(const sp_digit* a, const sp_digit* d,
sp_4096_mul_d_39(t2, sd, r1);
(void)sp_4096_sub_39(&t1[i], &t1[i], t2);
+ sp_4096_norm_39(&t1[i]);
t1[39 + i] -= t2[39];
t1[39 + i] += t1[39 + i - 1] >> 53;
t1[39 + i - 1] &= 0x1fffffffffffffL;
@@ -10049,10 +10067,9 @@ static int sp_4096_div_39(const sp_digit* a, const sp_digit* d,
sp_4096_rshift_39(r, r, 19);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
- XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return err;
@@ -10083,13 +10100,13 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e,
const sp_digit* m, int reduceA)
{
#ifdef WOLFSSL_SP_SMALL
-#if !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* td = NULL;
#else
sp_digit td[3 * 78];
#endif
- sp_digit* t[3];
- sp_digit* norm;
+ sp_digit* t[3] = {0, 0, 0};
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -10097,22 +10114,17 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
-#if !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 39 * 2, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<3; i++) {
-#if !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + (i * 39 * 2);
-#else
- t[i] = &td[i * 39 * 2];
-#endif
XMEMSET(t[i], 0, sizeof(sp_digit) * 39U * 2U);
}
@@ -10167,21 +10179,20 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
-#if !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
#elif !defined(WC_NO_CACHE_RESISTANT)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[3 * 78];
#endif
- sp_digit* t[3];
- sp_digit* norm;
+ sp_digit* t[3] = {0, 0, 0};
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -10189,22 +10200,17 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 39 * 2, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<3; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + (i * 39 * 2);
-#else
- t[i] = &td[i * 39 * 2];
-#endif
}
sp_4096_mont_setup(m, &mp);
@@ -10258,22 +10264,21 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e,
XMEMCPY(r, t[0], sizeof(*r) * 39 * 2);
}
-#ifdef WOLFSSL_SMALL_STACK
- if (td != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
#else
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[(32 * 78) + 78];
#endif
sp_digit* t[32];
sp_digit* rt = NULL;
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -10284,22 +10289,15 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 78) + 78), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
for (i=0; i<32; i++)
t[i] = td + i * 78;
rt = td + 2496;
-#else
- for (i=0; i<32; i++)
- t[i] = &td[i * 78];
- rt = &td[2496];
-#endif
sp_4096_mont_setup(m, &mp);
sp_4096_mont_norm_39(norm, m);
@@ -10396,9 +10394,8 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -10945,40 +10942,29 @@ static int sp_4096_div_78(const sp_digit* a, const sp_digit* d,
#endif
sp_digit dv;
sp_digit r1;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[156 + 1];
- sp_digit t2d[78 + 1];
- sp_digit sdd[78 + 1];
+ sp_digit t1[4 * 78 + 3];
#endif
- sp_digit* t1;
- sp_digit* t2;
- sp_digit* sd;
+ sp_digit* t2 = NULL;
+ sp_digit* sd = NULL;
int err = MP_OKAY;
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 78 + 3), NULL,
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 78 + 3), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)m;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = td;
- t2 = td + 156 + 1;
+ t2 = t1 + 156 + 1;
sd = t2 + 78 + 1;
-#else
- t1 = t1d;
- t2 = t2d;
- sd = sdd;
-#endif
sp_4096_mul_d_78(sd, d, 1L << 38);
sp_4096_mul_d_156(t1, a, 1L << 38);
@@ -10997,6 +10983,7 @@ static int sp_4096_div_78(const sp_digit* a, const sp_digit* d,
sp_4096_mul_d_78(t2, sd, r1);
(void)sp_4096_sub_78(&t1[i], &t1[i], t2);
+ sp_4096_norm_78(&t1[i]);
t1[78 + i] -= t2[78];
t1[78 + i] += t1[78 + i - 1] >> 53;
t1[78 + i - 1] &= 0x1fffffffffffffL;
@@ -11025,10 +11012,9 @@ static int sp_4096_div_78(const sp_digit* a, const sp_digit* d,
sp_4096_rshift_78(r, r, 38);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
- XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return err;
@@ -11061,13 +11047,13 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e,
const sp_digit* m, int reduceA)
{
#ifdef WOLFSSL_SP_SMALL
-#if !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* td = NULL;
#else
sp_digit td[3 * 156];
#endif
- sp_digit* t[3];
- sp_digit* norm;
+ sp_digit* t[3] = {0, 0, 0};
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -11075,22 +11061,17 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
-#if !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 78 * 2, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<3; i++) {
-#if !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + (i * 78 * 2);
-#else
- t[i] = &td[i * 78 * 2];
-#endif
XMEMSET(t[i], 0, sizeof(sp_digit) * 78U * 2U);
}
@@ -11145,21 +11126,20 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
-#if !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
#elif !defined(WC_NO_CACHE_RESISTANT)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[3 * 156];
#endif
- sp_digit* t[3];
- sp_digit* norm;
+ sp_digit* t[3] = {0, 0, 0};
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -11167,22 +11147,17 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e,
byte y;
int err = MP_OKAY;
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 78 * 2, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<3; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + (i * 78 * 2);
-#else
- t[i] = &td[i * 78 * 2];
-#endif
}
sp_4096_mont_setup(m, &mp);
@@ -11236,22 +11211,21 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e,
XMEMCPY(r, t[0], sizeof(*r) * 78 * 2);
}
-#ifdef WOLFSSL_SMALL_STACK
- if (td != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
#else
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[(32 * 156) + 156];
#endif
sp_digit* t[32];
sp_digit* rt = NULL;
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
int i;
@@ -11262,22 +11236,15 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 156) + 156), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
for (i=0; i<32; i++)
t[i] = td + i * 156;
rt = td + 4992;
-#else
- for (i=0; i<32; i++)
- t[i] = &td[i * 156];
- rt = &td[4992];
-#endif
sp_4096_mont_setup(m, &mp);
sp_4096_mont_norm_78(norm, m);
@@ -11374,9 +11341,8 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -11402,8 +11368,11 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
const mp_int* mm, byte* out, word32* outLen)
{
#ifdef WOLFSSL_SP_SMALL
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[78 * 5];
+#endif
sp_digit* m = NULL;
sp_digit* r = NULL;
sp_digit* norm = NULL;
@@ -11431,15 +11400,16 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 78 * 5, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 78 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
+#endif
if (err == MP_OKAY) {
- a = d;
r = a + 78 * 2;
m = r + 78 * 2;
norm = r;
@@ -11492,18 +11462,17 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
*outLen = 512;
}
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+#endif
return err;
#else
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit ad[156];
- sp_digit md[78];
- sp_digit rd[156];
-#else
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[78 * 5];
#endif
sp_digit* a = NULL;
sp_digit* m = NULL;
@@ -11529,27 +11498,20 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 78 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL) {
+ if (d == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
a = d;
r = a + 78 * 2;
m = r + 78 * 2;
- }
-#else
- a = ad;
- m = md;
- r = rd;
-#endif
- if (err == MP_OKAY) {
sp_4096_from_bin(a, 78, in, inLen);
#if DIGIT_BIT >= 53
e[0] = (sp_digit)em->dp[0];
@@ -11613,10 +11575,9 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
*outLen = 512;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
#endif
return err;
@@ -11648,9 +11609,13 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
#if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM)
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* a = NULL;
+#if defined(WOLFSSL_SP_SMALL)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[78 * 4];
+#endif
+ sp_digit* a = NULL;
sp_digit* m = NULL;
sp_digit* r = NULL;
int err = MP_OKAY;
@@ -11679,13 +11644,15 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 78 * 4, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL) {
+ if (d == NULL)
err = MEMORY_E;
- }
}
+#endif
+
if (err == MP_OKAY) {
a = d + 78;
m = a + 156;
@@ -11696,22 +11663,34 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
sp_4096_from_mp(m, 78, mm);
err = sp_4096_mod_exp_78(r, a, d, 4096, m, 0);
}
+
if (err == MP_OKAY) {
sp_4096_to_bin(r, out);
*outLen = 512;
}
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 78);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
+#endif
+ {
+ /* only "a" and "r" are sensitive and need zeroized (same pointer) */
+ if (a != NULL)
+ ForceZero(a, sizeof(sp_digit) * 78);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#endif
}
return err;
#else
- sp_digit a[156];
- sp_digit d[78];
- sp_digit m[78];
- sp_digit* r = a;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* d = NULL;
+#else
+ sp_digit d[78 * 4];
+#endif
+ sp_digit* a = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
int err = MP_OKAY;
(void)pm;
@@ -11738,7 +11717,20 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
+ d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 78 * 4, NULL,
+ DYNAMIC_TYPE_RSA);
+ if (d == NULL)
+ err = MEMORY_E;
+ }
+#endif
+
+ if (err == MP_OKAY) {
+ a = d + 78;
+ m = a + 156;
+ r = a;
+
sp_4096_from_bin(a, 78, in, inLen);
sp_4096_from_mp(d, 78, dm);
sp_4096_from_mp(m, 78, mm);
@@ -11750,14 +11742,27 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 512;
}
- XMEMSET(d, 0, sizeof(sp_digit) * 78);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
+#endif
+ {
+ /* only "a" and "r" are sensitive and need zeroized (same pointer) */
+ if (a != NULL)
+ ForceZero(a, sizeof(sp_digit) * 78);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#endif
+ }
return err;
-#endif /* WOLFSSL_SP_SMALL | defined(WOLFSSL_SMALL_STACK) */
+#endif /* WOLFSSL_SP_SMALL */
#else
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* t = NULL;
+#if defined(WOLFSSL_SP_SMALL)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[39 * 11];
+#endif
sp_digit* p = NULL;
sp_digit* q = NULL;
sp_digit* dp = NULL;
@@ -11786,22 +11791,21 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 39 * 11, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 39 * 11, NULL,
DYNAMIC_TYPE_RSA);
- if (t == NULL) {
+ if (a == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
- a = t;
p = a + 78 * 2;
q = p + 39;
qi = dq = dp = q + 39;
tmpa = qi + 39;
tmpb = tmpa + 78;
-
- r = t + 78;
+ r = a + 78;
sp_4096_from_bin(a, 78, in, inLen);
sp_4096_from_mp(p, 39, pm);
@@ -11815,6 +11819,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
}
if (err == MP_OKAY) {
(void)sp_4096_sub_39(tmpa, tmpa, tmpb);
+ sp_4096_norm_39(tmpa);
sp_4096_cond_add_39(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[38] >> 63));
sp_4096_cond_add_39(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[38] >> 63));
@@ -11832,22 +11837,31 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 512;
}
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_digit) * 39 * 11);
- XFREE(t, NULL, DYNAMIC_TYPE_RSA);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+#endif
+ {
+ ForceZero(a, sizeof(sp_digit) * 39 * 11);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+#endif
}
return err;
#else
- sp_digit a[78 * 2];
- sp_digit p[39];
- sp_digit q[39];
- sp_digit dp[39];
- sp_digit dq[39];
- sp_digit qi[39];
- sp_digit tmpa[78];
- sp_digit tmpb[78];
- sp_digit* r = a;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* a = NULL;
+#else
+ sp_digit a[39 * 13];
+#endif
+ sp_digit* p = NULL;
+ sp_digit* q = NULL;
+ sp_digit* dp = NULL;
+ sp_digit* dq = NULL;
+ sp_digit* qi = NULL;
+ sp_digit* tmpa = NULL;
+ sp_digit* tmpb = NULL;
+ sp_digit* r = NULL;
int err = MP_OKAY;
(void)dm;
@@ -11868,7 +11882,25 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 39 * 13, NULL,
+ DYNAMIC_TYPE_RSA);
+ if (a == NULL)
+ err = MEMORY_E;
+ }
+#endif
+
+ if (err == MP_OKAY) {
+ p = a + 78 * 2;
+ q = p + 39;
+ dp = q + 39;
+ dq = dp + 39;
+ qi = dq + 39;
+ tmpa = qi + 39;
+ tmpb = tmpa + 78;
+ r = a;
+
sp_4096_from_bin(a, 78, in, inLen);
sp_4096_from_mp(p, 39, pm);
sp_4096_from_mp(q, 39, qm);
@@ -11884,6 +11916,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
if (err == MP_OKAY) {
(void)sp_4096_sub_39(tmpa, tmpa, tmpb);
+ sp_4096_norm_39(tmpa);
sp_4096_cond_add_39(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[38] >> 63));
sp_4096_cond_add_39(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[38] >> 63));
sp_4096_mul_39(tmpa, tmpa, qi);
@@ -11899,17 +11932,19 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 512;
}
- XMEMSET(tmpa, 0, sizeof(tmpa));
- XMEMSET(tmpb, 0, sizeof(tmpb));
- XMEMSET(p, 0, sizeof(p));
- XMEMSET(q, 0, sizeof(q));
- XMEMSET(dp, 0, sizeof(dp));
- XMEMSET(dq, 0, sizeof(dq));
- XMEMSET(qi, 0, sizeof(qi));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+if (a != NULL)
+#endif
+ {
+ ForceZero(a, sizeof(sp_digit) * 39 * 13);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+ #endif
+ }
return err;
-#endif /* WOLFSSL_SP_SMALL | defined(WOLFSSL_SMALL_STACK) */
-#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */
+#endif /* WOLFSSL_SP_SMALL */
+#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */
}
#endif /* !WOLFSSL_RSA_PUBLIC_ONLY */
@@ -11998,11 +12033,14 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod,
{
#ifdef WOLFSSL_SP_SMALL
int err = MP_OKAY;
- sp_digit* d = NULL;
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
+#else
+ sp_digit b[78 * 4];
+#endif
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
int expBits = mp_count_bits(exp);
if (mp_count_bits(base) > 4096) {
@@ -12018,16 +12056,16 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = MP_VAL;
}
-
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 78 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL) {
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 78 * 4, NULL,
+ DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
- b = d;
e = b + 78 * 2;
m = e + 78;
r = b;
@@ -12043,23 +12081,27 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = sp_4096_to_mp(r, res);
}
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 78U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
+#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 78U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
}
return err;
#else
-#ifndef WOLFSSL_SMALL_STACK
- sp_digit bd[156];
- sp_digit ed[78];
- sp_digit md[78];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
#else
- sp_digit* d = NULL;
+ sp_digit b[78 * 4];
#endif
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
int err = MP_OKAY;
int expBits = mp_count_bits(exp);
@@ -12076,26 +12118,19 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod,
err = MP_VAL;
}
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 78 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL)
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 78 * 4, NULL, DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- b = d;
- e = b + 78 * 2;
- m = e + 78;
- r = b;
- }
-#else
- r = b = bd;
- e = ed;
- m = md;
#endif
if (err == MP_OKAY) {
+ e = b + 78 * 2;
+ m = e + 78;
+ r = b;
+
sp_4096_from_mp(b, 78, base);
sp_4096_from_mp(e, 78, exp);
sp_4096_from_mp(m, 78, mod);
@@ -12108,14 +12143,17 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod,
}
-#ifdef WOLFSSL_SMALL_STACK
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 78U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 78U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 78U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
+ }
return err;
#endif
@@ -12309,12 +12347,12 @@ SP_NOINLINE static void sp_4096_lshift_78(sp_digit* r, const sp_digit* a,
static int sp_4096_mod_exp_2_78(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[235];
#endif
- sp_digit* norm;
- sp_digit* tmp;
+ sp_digit* norm = NULL;
+ sp_digit* tmp = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit o;
@@ -12326,20 +12364,14 @@ static int sp_4096_mod_exp_2_78(sp_digit* r, const sp_digit* e, int bits, const
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 235, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
tmp = td + 156;
XMEMSET(td, 0, sizeof(sp_digit) * 235);
-#else
- tmp = &td[156];
- XMEMSET(td, 0, sizeof(td));
-#endif
sp_4096_mont_setup(m, &mp);
sp_4096_mont_norm_78(norm, m);
@@ -12398,9 +12430,8 @@ static int sp_4096_mod_exp_2_78(sp_digit* r, const sp_digit* e, int bits, const
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -12425,11 +12456,14 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen,
{
#ifdef WOLFSSL_SP_SMALL
int err = MP_OKAY;
- sp_digit* d = NULL;
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
+#else
+ sp_digit b[78 * 4];
+#endif
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
word32 i;
if (mp_count_bits(base) > 4096) {
@@ -12445,15 +12479,15 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen,
err = MP_VAL;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 78 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL) {
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 78 * 4, NULL, DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
- }
}
+#endif
if (err == MP_OKAY) {
- b = d;
e = b + 78 * 2;
m = e + 78;
r = b;
@@ -12481,23 +12515,27 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen,
XMEMMOVE(out, out + i, *outLen);
}
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 78U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
+#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 78U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
}
return err;
#else
-#ifndef WOLFSSL_SMALL_STACK
- sp_digit bd[156];
- sp_digit ed[78];
- sp_digit md[78];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* b = NULL;
#else
- sp_digit* d = NULL;
+ sp_digit b[78 * 4];
#endif
- sp_digit* b;
- sp_digit* e;
- sp_digit* m;
- sp_digit* r;
+ sp_digit* e = NULL;
+ sp_digit* m = NULL;
+ sp_digit* r = NULL;
word32 i;
int err = MP_OKAY;
@@ -12514,26 +12552,20 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen,
err = MP_VAL;
}
-#ifdef WOLFSSL_SMALL_STACK
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(*d) * 78 * 4, NULL, DYNAMIC_TYPE_DH);
- if (d == NULL)
+ b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 78 * 4, NULL,
+ DYNAMIC_TYPE_DH);
+ if (b == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- b = d;
- e = b + 78 * 2;
- m = e + 78;
- r = b;
- }
-#else
- r = b = bd;
- e = ed;
- m = md;
#endif
if (err == MP_OKAY) {
+ e = b + 78 * 2;
+ m = e + 78;
+ r = b;
+
sp_4096_from_mp(b, 78, base);
sp_4096_from_bin(e, 78, exp, expLen);
sp_4096_from_mp(m, 78, mod);
@@ -12561,14 +12593,17 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen,
XMEMMOVE(out, out + i, *outLen);
}
-#ifdef WOLFSSL_SMALL_STACK
- if (d != NULL) {
- XMEMSET(e, 0, sizeof(sp_digit) * 78U);
- XFREE(d, NULL, DYNAMIC_TYPE_DH);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 78U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (b != NULL)
#endif
+ {
+ /* only "e" is sensitive and needs zeroized */
+ if (e != NULL)
+ ForceZero(e, sizeof(sp_digit) * 78U);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(b, NULL, DYNAMIC_TYPE_DH);
+ #endif
+ }
return err;
#endif
@@ -12900,64 +12935,6 @@ SP_NOINLINE static int sp_256_sub_5(sp_digit* r, const sp_digit* a,
}
#endif /* WOLFSSL_SP_SMALL */
-/* Create a new point.
- *
- * heap [in] Buffer to allocate dynamic memory from.
- * sp [in] Data for point - only if not allocating.
- * p [out] New point.
- * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise.
- */
-static int sp_256_point_new_ex_5(void* heap, sp_point_256* sp,
- sp_point_256** p)
-{
- int ret = MP_OKAY;
- (void)heap;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- (void)sp;
- *p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC);
-#else
- *p = sp;
-#endif
- if (*p == NULL) {
- ret = MEMORY_E;
- }
- return ret;
-}
-
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* Allocate memory for point and return error. */
-#define sp_256_point_new_5(heap, sp, p) sp_256_point_new_ex_5((heap), NULL, &(p))
-#else
-/* Set pointer to data and return no error. */
-#define sp_256_point_new_5(heap, sp, p) sp_256_point_new_ex_5((heap), &(sp), &(p))
-#endif
-
-
-/* Free the point.
- *
- * p [in,out] Point to free.
- * clear [in] Indicates whether to zeroize point.
- * heap [in] Buffer from which dynamic memory was allocate from.
- */
-static void sp_256_point_free_5(sp_point_256* p, int clear, void* heap)
-{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* If valid pointer then clear point data if requested and free data. */
- if (p != NULL) {
- if (clear != 0) {
- XMEMSET(p, 0, sizeof(*p));
- }
- XFREE(p, heap, DYNAMIC_TYPE_ECC);
- }
-#else
-/* Clear point data if requested. */
- if ((p != NULL) && (clear != 0)) {
- XMEMSET(p, 0, sizeof(*p));
- }
-#endif
- (void)heap;
-}
-
/* Convert an mp_int to an array of sp_digit.
*
* r A single precision integer.
@@ -14147,34 +14124,25 @@ static void sp_256_proj_point_add_5(sp_point_256* r,
*/
static int sp_256_mod_mul_norm_5(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- int64_t* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ int64_t* t = NULL;
#else
- int64_t td[8];
- int64_t a32d[8];
+ int64_t t[2 * 8];
#endif
- int64_t* t;
- int64_t* a32;
+ int64_t* a32 = NULL;
int64_t o;
int err = MP_OKAY;
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- td = (int64_t*)XMALLOC(sizeof(int64_t) * 2 * 8, NULL, DYNAMIC_TYPE_ECC);
- if (td == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (int64_t*)XMALLOC(sizeof(int64_t) * 2 * 8, NULL, DYNAMIC_TYPE_ECC);
+ if (t == NULL)
return MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = td;
- a32 = td + 8;
-#else
- t = td;
- a32 = a32d;
-#endif
+ a32 = t + 8;
a32[0] = (sp_digit)(a[0]) & 0xffffffffL;
a32[1] = (sp_digit)(a[0] >> 32U);
@@ -14248,10 +14216,9 @@ static int sp_256_mod_mul_norm_5(sp_digit* r, const sp_digit* a, const sp_digit*
r[4] |= t[7] << 16U;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
- XFREE(td, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -14391,12 +14358,12 @@ static int sp_256_ecc_mulmod_5_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r,
static int sp_256_ecc_mulmod_5(sp_point_256* r, const sp_point_256* g,
const sp_digit* k, int map, int ct, void* heap)
{
-#ifdef WOLFSSL_SP_NO_MALLOC
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* t = NULL;
+ sp_digit* tmp = NULL;
+#else
sp_point_256 t[3];
sp_digit tmp[2 * 5 * 5];
-#else
- sp_point_256* t;
- sp_digit* tmp;
#endif
sp_digit n;
int i;
@@ -14404,18 +14371,21 @@ static int sp_256_ecc_mulmod_5(sp_point_256* r, const sp_point_256* g,
int y;
int err = MP_OKAY;
- /* Implementatio is constant time. */
+ /* Implementation is constant time. */
(void)ct;
(void)heap;
-#ifndef WOLFSSL_SP_NO_MALLOC
- t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap,
+ DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 5 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 5 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
if (err == MP_OKAY) {
@@ -14466,19 +14436,24 @@ static int sp_256_ecc_mulmod_5(sp_point_256* r, const sp_point_256* g,
}
}
-#ifndef WOLFSSL_SP_NO_MALLOC
- if (tmp != NULL) {
- XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 5 * 5);
- XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_point_256) * 3);
- XFREE(t, NULL, DYNAMIC_TYPE_ECC);
- }
-#else
- ForceZero(tmp, sizeof(tmp));
- ForceZero(t, sizeof(t));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
#endif
+ {
+ ForceZero(tmp, sizeof(sp_digit) * 2 * 5 * 5);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+#endif
+ {
+ ForceZero(t, sizeof(sp_point_256) * 3);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -14904,43 +14879,41 @@ static void sp_256_get_point_33_5(sp_point_256* r, const sp_point_256* table,
static int sp_256_ecc_mulmod_win_add_sub_5(sp_point_256* r, const sp_point_256* g,
const sp_digit* k, int map, int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 td[33];
- sp_point_256 rtd;
- sp_point_256 pd;
- sp_digit tmpd[2 * 5 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* t = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_256 t[33+2];
+ sp_digit tmp[2 * 5 * 6];
#endif
- sp_point_256* t;
- sp_point_256* rt;
+ sp_point_256* rt = NULL;
sp_point_256* p = NULL;
- sp_digit* tmp;
sp_digit* negy;
int i;
ecc_recode_256 v[43];
- int err;
+ int err = MP_OKAY;
/* Constant time used for cache attack resistance implementation. */
(void)ct;
(void)heap;
- err = sp_256_point_new_5(heap, rtd, rt);
- if (err == MP_OKAY)
- err = sp_256_point_new_5(heap, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 33, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) *
+ (33+2), heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 5 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
-#else
- t = td;
- tmp = tmpd;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 5 * 6,
+ heap, DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
-
if (err == MP_OKAY) {
+ rt = t + 33;
+ p = t + 33+1;
+
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
@@ -15020,14 +14993,12 @@ static int sp_256_ecc_mulmod_win_add_sub_5(sp_point_256* r, const sp_point_256*
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
if (tmp != NULL)
XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_5(p, 0, heap);
- sp_256_point_free_5(rt, 0, heap);
return err;
}
@@ -15153,29 +15124,30 @@ static void sp_256_proj_to_affine_5(sp_point_256* a, sp_digit* t)
static int sp_256_gen_stripe_table_5(const sp_point_256* a,
sp_table_entry_256* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 td;
- sp_point_256 s1d;
- sp_point_256 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* t = NULL;
+#else
+ sp_point_256 t[3];
#endif
- sp_point_256* t;
sp_point_256* s1 = NULL;
sp_point_256* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_256_point_new_5(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_256_point_new_5(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_256_point_new_5(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_256_mod_mul_norm_5(t->x, a->x, p256_mod);
}
if (err == MP_OKAY) {
@@ -15220,9 +15192,10 @@ static int sp_256_gen_stripe_table_5(const sp_point_256* a,
}
}
- sp_256_point_free_5(s2, 0, heap);
- sp_256_point_free_5(s1, 0, heap);
- sp_256_point_free_5( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -15286,19 +15259,19 @@ static int sp_256_ecc_mulmod_stripe_5(sp_point_256* r, const sp_point_256* g,
const sp_table_entry_256* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 rtd;
- sp_point_256 pd;
- sp_digit td[2 * 5 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_256 rt[2];
+ sp_digit t[2 * 5 * 5];
#endif
- sp_point_256* rt;
sp_point_256* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -15306,21 +15279,22 @@ static int sp_256_ecc_mulmod_stripe_5(sp_point_256* r, const sp_point_256* g,
(void)heap;
- err = sp_256_point_new_5(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_256_point_new_5(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 5 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 5 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod));
XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod));
@@ -15371,13 +15345,12 @@ static int sp_256_ecc_mulmod_stripe_5(sp_point_256* r, const sp_point_256* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_5(p, 0, heap);
- sp_256_point_free_5(rt, 0, heap);
return err;
}
@@ -15541,25 +15514,28 @@ static int sp_256_ecc_mulmod_5(sp_point_256* r, const sp_point_256* g, const sp_
int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[5];
-#endif
- sp_point_256* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[1];
+ sp_digit k[5];
+#endif
int err = MP_OKAY;
- err = sp_256_point_new_5(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_256_from_mp(k, 5, km);
sp_256_point_from_ecc_point_5(point, gm);
@@ -15570,12 +15546,12 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
err = sp_256_point_to_ecc_point_5(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_5(point, 0, heap);
return err;
}
@@ -15595,37 +15571,35 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
const ecc_point* am, int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_point_256 a;
- sp_digit kd[5];
- sp_digit t[5 * 2 * 5];
-#endif
- sp_point_256* point;
- sp_point_256* addP = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[2];
+ sp_digit k[5 + 5 * 2 * 5];
+#endif
+ sp_point_256* addP = NULL;
sp_digit* tmp = NULL;
int err = MP_OKAY;
- err = sp_256_point_new_5(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_256_point_new_5(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (5 + 5 * 2 * 5), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (5 + 5 * 2 * 5), heap,
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 5;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 5;
+
sp_256_from_mp(k, 5, km);
sp_256_point_from_ecc_point_5(point, gm);
sp_256_point_from_ecc_point_5(addP, am);
@@ -15652,13 +15626,12 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
err = sp_256_point_to_ecc_point_5(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_5(addP, 0, heap);
- sp_256_point_free_5(point, 0, heap);
return err;
}
@@ -17001,26 +16974,28 @@ static int sp_256_ecc_mulmod_base_5(sp_point_256* r, const sp_digit* k,
*/
int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[5];
-#endif
- sp_point_256* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[1];
+ sp_digit k[5];
+#endif
int err = MP_OKAY;
- err = sp_256_point_new_5(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_256_from_mp(k, 5, km);
@@ -17030,12 +17005,12 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
err = sp_256_point_to_ecc_point_5(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_5(point, 0, heap);
return err;
}
@@ -17054,37 +17029,35 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_point_256 a;
- sp_digit kd[5];
- sp_digit t[5 * 2 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
+ sp_digit* k = NULL;
+#else
+ sp_point_256 point[2];
+ sp_digit k[5 + 5 * 2 * 5];
#endif
- sp_point_256* point;
sp_point_256* addP = NULL;
sp_digit* tmp = NULL;
- sp_digit* k = NULL;
int err = MP_OKAY;
- err = sp_256_point_new_5(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_256_point_new_5(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (5 + 5 * 2 * 5), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (5 + 5 * 2 * 5),
+ heap, DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 5;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 5;
+
sp_256_from_mp(k, 5, km);
sp_256_point_from_ecc_point_5(addP, am);
}
@@ -17110,13 +17083,12 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
err = sp_256_point_to_ecc_point_5(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_5(addP, 0, heap);
- sp_256_point_free_5(point, 0, heap);
return err;
}
@@ -17219,41 +17191,46 @@ static int sp_256_ecc_gen_k_5(WC_RNG* rng, sp_digit* k)
*/
int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[5];
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_point_256 inf;
-#endif
-#endif
- sp_point_256* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ sp_point_256 point[2];
+ #else
+ sp_point_256 point[1];
+ #endif
+ sp_digit k[5];
+#endif
#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
sp_point_256* infinity = NULL;
#endif
- int err;
+ int err = MP_OKAY;
+
(void)heap;
- err = sp_256_point_new_5(heap, p, point);
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- if (err == MP_OKAY) {
- err = sp_256_point_new_5(heap, inf, infinity);
- }
-#endif
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, DYNAMIC_TYPE_ECC);
+ #else
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC);
+ #endif
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ infinity = point + 1;
+ #endif
+
err = sp_256_ecc_gen_k_5(rng, k);
}
if (err == MP_OKAY) {
@@ -17278,15 +17255,14 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
err = sp_256_point_to_ecc_point_5(point, pub);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
+ if (point != NULL) {
+ /* point is not sensitive, so no need to zeroize */
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
}
#endif
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_256_point_free_5(infinity, 1, heap);
-#endif
- sp_256_point_free_5(point, 1, heap);
return err;
}
@@ -17351,30 +17327,32 @@ static void sp_256_to_bin(sp_digit* r, byte* a)
int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
word32* outLen, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[5];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[1];
+ sp_digit k[5];
+#endif
int err = MP_OKAY;
if (*outLen < 32U) {
err = BUFFER_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_256_point_new_5(heap, p, point);
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
@@ -17387,12 +17365,12 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
*outLen = 32;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_5(point, 0, heap);
return err;
}
@@ -17507,34 +17485,25 @@ static int sp_256_div_5(const sp_digit* a, const sp_digit* d,
#endif
sp_digit dv;
sp_digit r1;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[10];
- sp_digit t2d[5 + 1];
+ sp_digit t1[3 * 5 + 1];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 5 + 1), NULL,
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 5 + 1), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = td;
- t2 = td + 2 * 5;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 5;
dv = d[4];
XMEMCPY(t1, a, sizeof(*t1) * 2U * 5U);
@@ -17552,6 +17521,7 @@ static int sp_256_div_5(const sp_digit* a, const sp_digit* d,
sp_256_mul_d_5(t2, d, r1);
(void)sp_256_sub_5(&t1[i], &t1[i], t2);
+ sp_256_norm_5(&t1[i]);
t1[5 + i] -= t2[5];
t1[5 + i] += t1[5 + i - 1] >> 52;
t1[5 + i - 1] &= 0xfffffffffffffL;
@@ -17577,10 +17547,9 @@ static int sp_256_div_5(const sp_digit* a, const sp_digit* d,
(sp_digit)1 : (sp_digit)0));
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
- XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return err;
@@ -17905,13 +17874,10 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
hashLen = 32U;
}
- sp_256_from_bin(ctx->e, 5, hash, (int)hashLen);
-
ctx->i = SP_ECC_MAX_SIG_GEN;
ctx->state = 1;
break;
case 1: /* GEN */
- sp_256_from_mp(ctx->x, 5, priv);
/* New random point. */
if (km == NULL || mp_iszero(km)) {
err = sp_256_ecc_gen_k_5(rng, ctx->k);
@@ -17939,6 +17905,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
c = sp_256_cmp_5(ctx->r, p256_order);
sp_256_cond_sub_5(ctx->r, ctx->r, p256_order, 0L - (sp_digit)(c >= 0));
sp_256_norm_5(ctx->r);
+
+ sp_256_from_mp(ctx->x, 5, priv);
+ sp_256_from_bin(ctx->e, 5, hash, (int)hashLen);
ctx->state = 4;
break;
}
@@ -17995,6 +17964,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
ctx->state = 10;
break;
}
+ #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP
+ ctx->i = 1;
+ #endif
/* not usable gen, try again */
ctx->i--;
@@ -18030,22 +18002,17 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng,
const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit ed[2*5];
- sp_digit xd[2*5];
- sp_digit kd[2*5];
- sp_digit rd[2*5];
- sp_digit td[3 * 2*5];
- sp_point_256 p;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* e = NULL;
+ sp_point_256* point = NULL;
+#else
+ sp_digit e[7 * 2 * 5];
+ sp_point_256 point[1];
+#endif
sp_digit* x = NULL;
sp_digit* k = NULL;
sp_digit* r = NULL;
sp_digit* tmp = NULL;
- sp_point_256* point = NULL;
sp_digit* s = NULL;
int64_t c;
int err = MP_OKAY;
@@ -18053,31 +18020,26 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng,
(void)heap;
- err = sp_256_point_new_5(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (e == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- e = d + 0 * 5;
- x = d + 2 * 5;
- k = d + 4 * 5;
- r = d + 6 * 5;
- tmp = d + 8 * 5;
-#else
- e = ed;
- x = xd;
- k = kd;
- r = rd;
- tmp = td;
-#endif
+ x = e + 2 * 5;
+ k = e + 4 * 5;
+ r = e + 6 * 5;
+ tmp = e + 8 * 5;
s = e;
if (hashLen > 32U) {
@@ -18132,19 +18094,24 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng,
err = sp_256_to_mp(s, sm);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 8 * 5);
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 2U * 5U);
- XMEMSET(x, 0, sizeof(sp_digit) * 2U * 5U);
- XMEMSET(k, 0, sizeof(sp_digit) * 2U * 5U);
- XMEMSET(r, 0, sizeof(sp_digit) * 2U * 5U);
- XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 5U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (e != NULL)
#endif
- sp_256_point_free_5(point, 1, heap);
+ {
+ ForceZero(e, sizeof(sp_digit) * 7 * 2 * 5);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(e, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (point != NULL)
+#endif
+ {
+ ForceZero(point, sizeof(sp_point_256));
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -18199,20 +18166,18 @@ static int sp_256_num_bits_5(const sp_digit* a)
static int sp_256_mod_inv_5(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
int err = MP_OKAY;
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
- sp_digit* u;
- sp_digit* v;
- sp_digit* b;
- sp_digit* d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* u = NULL;
#else
- sp_digit u[5];
- sp_digit v[5];
- sp_digit b[5];
- sp_digit d[5];
+ sp_digit u[5 * 4];
#endif
- int ut, vt;
+ sp_digit* v = NULL;
+ sp_digit* b = NULL;
+ sp_digit* d = NULL;
+ int ut;
+ int vt;
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
u = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 4, NULL,
DYNAMIC_TYPE_ECC);
if (u == NULL)
@@ -18220,11 +18185,9 @@ static int sp_256_mod_inv_5(sp_digit* r, const sp_digit* a, const sp_digit* m)
#endif
if (err == MP_OKAY) {
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
v = u + 5;
b = u + 2 * 5;
d = u + 3 * 5;
-#endif
XMEMCPY(u, m, sizeof(sp_digit) * 5);
XMEMCPY(v, a, sizeof(sp_digit) * 5);
@@ -18302,7 +18265,7 @@ static int sp_256_mod_inv_5(sp_digit* r, const sp_digit* a, const sp_digit* m)
else
XMEMCPY(r, d, sizeof(sp_digit) * 5);
}
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (u != NULL)
XFREE(u, NULL, DYNAMIC_TYPE_ECC);
#endif
@@ -18437,7 +18400,7 @@ typedef struct sp_ecc_verify_256_ctx {
int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ,
- const mp_int* r, const mp_int* sm, int* res, void* heap)
+ const mp_int* rm, const mp_int* sm, int* res, void* heap)
{
int err = FP_WOULDBLOCK;
sp_ecc_verify_256_ctx* ctx = (sp_ecc_verify_256_ctx*)sp_ctx->data;
@@ -18452,7 +18415,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
}
sp_256_from_bin(ctx->u1, 5, hash, (int)hashLen);
- sp_256_from_mp(ctx->u2, 5, r);
+ sp_256_from_mp(ctx->u2, 5, rm);
sp_256_from_mp(ctx->s, 5, sm);
sp_256_from_mp(ctx->p2.x, 5, pX);
sp_256_from_mp(ctx->p2.y, 5, pY);
@@ -18510,57 +18473,33 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
if (err == MP_OKAY)
ctx->state = 9;
break;
- case 9: /* DBLPREP */
- if (sp_256_iszero_5(ctx->p1.z)) {
- if (sp_256_iszero_5(ctx->p1.x) && sp_256_iszero_5(ctx->p1.y)) {
- XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
- ctx->state = 10;
- break;
- }
- else {
- /* Y ordinate is not used from here - don't set. */
- int i;
- for (i=0; i<5; i++) {
- ctx->p1.x[i] = 0;
- }
- XMEMCPY(ctx->p1.z, p256_norm_mod, sizeof(p256_norm_mod));
- }
- }
- ctx->state = 11;
- break;
- case 10: /* DBL */
- err = sp_256_proj_point_dbl_5_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1,
- &ctx->p2, ctx->tmp);
- if (err == MP_OKAY) {
- ctx->state = 11;
- }
- break;
- case 11: /* MONT */
+ case 9: /* MONT */
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_256_from_mp(ctx->u2, 5, r);
+ sp_256_from_mp(ctx->u2, 5, rm);
err = sp_256_mod_mul_norm_5(ctx->u2, ctx->u2, p256_mod);
if (err == MP_OKAY)
- ctx->state = 12;
+ ctx->state = 10;
break;
- case 12: /* SQR */
+ case 10: /* SQR */
/* u1 = r.z'.z' mod prime */
sp_256_mont_sqr_5(ctx->p1.z, ctx->p1.z, p256_mod, p256_mp_mod);
- ctx->state = 13;
+ ctx->state = 11;
break;
- case 13: /* MUL */
+ case 11: /* MUL */
sp_256_mont_mul_5(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, p256_mp_mod);
- ctx->state = 14;
+ ctx->state = 12;
break;
- case 14: /* RES */
+ case 12: /* RES */
+ {
+ int64_t c = 0;
err = MP_OKAY; /* math okay, now check result */
*res = (int)(sp_256_cmp_5(ctx->p1.x, ctx->u1) == 0);
if (*res == 0) {
sp_digit carry;
- int64_t c;
/* Reload r and add order. */
- sp_256_from_mp(ctx->u2, 5, r);
+ sp_256_from_mp(ctx->u2, 5, rm);
carry = sp_256_add_5(ctx->u2, ctx->u2, p256_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -18568,22 +18507,23 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
/* Compare with mod and if greater or equal then not valid. */
c = sp_256_cmp_5(ctx->u2, p256_mod);
- if (c < 0) {
- /* Convert to Montogomery form */
- err = sp_256_mod_mul_norm_5(ctx->u2, ctx->u2, p256_mod);
- if (err == MP_OKAY) {
- /* u1 = (r + 1*order).z'.z' mod prime */
- sp_256_mont_mul_5(ctx->u1, ctx->u2, ctx->p1.z, p256_mod,
- p256_mp_mod);
- *res = (int)(sp_256_cmp_5(ctx->p1.x, ctx->u1) == 0);
- }
- }
+ }
+ }
+ if ((*res == 0) && (c < 0)) {
+ /* Convert to Montogomery form */
+ err = sp_256_mod_mul_norm_5(ctx->u2, ctx->u2, p256_mod);
+ if (err == MP_OKAY) {
+ /* u1 = (r + 1*order).z'.z' mod prime */
+ sp_256_mont_mul_5(ctx->u1, ctx->u2, ctx->p1.z, p256_mod,
+ p256_mp_mod);
+ *res = (int)(sp_256_cmp_5(ctx->p1.x, ctx->u1) == 0);
}
}
break;
}
+ } /* switch */
- if (err == MP_OKAY && ctx->state != 14) {
+ if (err == MP_OKAY && ctx->state != 12) {
err = FP_WOULDBLOCK;
}
@@ -18592,62 +18532,51 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
#endif /* WOLFSSL_SP_NONBLOCK */
int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
- const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm,
+ const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm,
int* res, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit u1d[2*5];
- sp_digit u2d[2*5];
- sp_digit sd[2*5];
- sp_digit tmpd[2*5 * 5];
- sp_point_256 p1d;
- sp_point_256 p2d;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* u1 = NULL;
+ sp_point_256* p1 = NULL;
+#else
+ sp_digit u1[16 * 5];
+ sp_point_256 p1[2];
+#endif
sp_digit* u2 = NULL;
sp_digit* s = NULL;
sp_digit* tmp = NULL;
- sp_point_256* p1;
sp_point_256* p2 = NULL;
sp_digit carry;
int64_t c = 0;
- int err;
+ int err = MP_OKAY;
- err = sp_256_point_new_5(heap, p1d, p1);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_256_point_new_5(heap, p2d, p2);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ p1 = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (p1 == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (u1 == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- u1 = d + 0 * 5;
- u2 = d + 2 * 5;
- s = d + 4 * 5;
- tmp = d + 6 * 5;
-#else
- u1 = u1d;
- u2 = u2d;
- s = sd;
- tmp = tmpd;
-#endif
+ u2 = u1 + 2 * 5;
+ s = u1 + 4 * 5;
+ tmp = u1 + 6 * 5;
+ p2 = p1 + 1;
if (hashLen > 32U) {
hashLen = 32U;
}
sp_256_from_bin(u1, 5, hash, (int)hashLen);
- sp_256_from_mp(u2, 5, r);
+ sp_256_from_mp(u2, 5, rm);
sp_256_from_mp(s, 5, sm);
sp_256_from_mp(p2->x, 5, pX);
sp_256_from_mp(p2->y, 5, pY);
@@ -18658,7 +18587,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
if (err == MP_OKAY) {
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_256_from_mp(u2, 5, r);
+ sp_256_from_mp(u2, 5, rm);
err = sp_256_mod_mul_norm_5(u2, u2, p256_mod);
}
@@ -18669,7 +18598,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
*res = (int)(sp_256_cmp_5(p1->x, u1) == 0);
if (*res == 0) {
/* Reload r and add order. */
- sp_256_from_mp(u2, 5, r);
+ sp_256_from_mp(u2, 5, rm);
carry = sp_256_add_5(u2, u2, p256_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -18678,8 +18607,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
/* Compare with mod and if greater or equal then not valid. */
c = sp_256_cmp_5(u2, p256_mod);
}
- }
- if ((*res == 0) && (c < 0)) {
+ }
+ if ((*res == 0) && (c < 0)) {
/* Convert to Montogomery form */
err = sp_256_mod_mul_norm_5(u2, u2, p256_mod);
if (err == MP_OKAY) {
@@ -18691,12 +18620,12 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL)
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (u1 != NULL)
+ XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+ if (p1 != NULL)
+ XFREE(p1, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_5(p1, 0, heap);
- sp_256_point_free_5(p2, 0, heap);
return err;
}
@@ -18713,32 +18642,23 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
static int sp_256_ecc_is_point_5(const sp_point_256* point,
void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2*5];
- sp_digit t2d[2*5];
+ sp_digit t1[5 * 4];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 4, heap, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 4, heap, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)heap;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 5;
- t2 = d + 2 * 5;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 5;
sp_256_sqr_5(t1, point->y);
(void)sp_256_mod_5(t1, t1, p256_mod);
@@ -18758,10 +18678,9 @@ static int sp_256_ecc_is_point_5(const sp_point_256* point,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, heap, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -18776,14 +18695,21 @@ static int sp_256_ecc_is_point_5(const sp_point_256* point,
*/
int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 pubd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* pub = NULL;
+#else
+ sp_point_256 pub[1];
+#endif
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
#endif
- sp_point_256* pub;
- byte one[1] = { 1 };
- int err;
- err = sp_256_point_new_5(NULL, pubd, pub);
if (err == MP_OKAY) {
sp_256_from_mp(pub->x, 5, pX);
sp_256_from_mp(pub->y, 5, pY);
@@ -18792,7 +18718,10 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
err = sp_256_ecc_is_point_5(pub, NULL);
}
- sp_256_point_free_5(pub, 0, NULL);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -18811,45 +18740,45 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
const mp_int* privm, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit privd[5];
- sp_point_256 pubd;
- sp_point_256 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* priv = NULL;
- sp_point_256* pub;
- sp_point_256* p = NULL;
- byte one[1] = { 1 };
- int err;
-
- err = sp_256_point_new_5(heap, pubd, pub);
- if (err == MP_OKAY) {
- err = sp_256_point_new_5(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY && privm) {
- priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (priv == NULL) {
- err = MEMORY_E;
- }
- }
+ sp_point_256* pub = NULL;
+#else
+ sp_digit priv[5];
+ sp_point_256 pub[2];
#endif
+ sp_point_256* p = NULL;
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
/* Quick check the lengs of public key ordinates and private key are in
* range. Proper check later.
*/
- if ((err == MP_OKAY) && ((mp_count_bits(pX) > 256) ||
+ if (((mp_count_bits(pX) > 256) ||
(mp_count_bits(pY) > 256) ||
((privm != NULL) && (mp_count_bits(privm) > 256)))) {
err = ECC_OUT_OF_RANGE_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- priv = privd;
+ pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY && privm) {
+ priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (priv == NULL)
+ err = MEMORY_E;
+ }
#endif
+ if (err == MP_OKAY) {
+ p = pub + 1;
+
sp_256_from_mp(pub->x, 5, pX);
sp_256_from_mp(pub->y, 5, pY);
sp_256_from_bin(pub->z, 5, one, (int)sizeof(one));
@@ -18898,13 +18827,12 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (priv != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+ if (priv != NULL)
XFREE(priv, heap, DYNAMIC_TYPE_ECC);
- }
#endif
- sp_256_point_free_5(p, 0, heap);
- sp_256_point_free_5(pub, 0, heap);
return err;
}
@@ -18928,33 +18856,35 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* qX, mp_int* qY, mp_int* qZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 5 * 5];
- sp_point_256 pd;
- sp_point_256 qd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_256* p;
+ sp_point_256* p = NULL;
+#else
+ sp_digit tmp[2 * 5 * 5];
+ sp_point_256 p[2];
+#endif
sp_point_256* q = NULL;
int err;
- err = sp_256_point_new_5(NULL, pd, p);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_256_point_new_5(NULL, qd, q);
+ p = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 5 * 5, NULL,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (tmp == NULL) {
err = MEMORY_E;
}
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
+ q = p + 1;
+
sp_256_from_mp(p->x, 5, pX);
sp_256_from_mp(p->y, 5, pY);
sp_256_from_mp(p->z, 5, pZ);
@@ -18975,13 +18905,12 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_256_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_5(q, 0, NULL);
- sp_256_point_free_5(p, 0, NULL);
return err;
}
@@ -19000,25 +18929,28 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 5 * 2];
- sp_point_256 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_256* p;
- int err;
+ sp_point_256* p = NULL;
+#else
+ sp_digit tmp[2 * 5 * 2];
+ sp_point_256 p[1];
+#endif
+ int err = MP_OKAY;
- err = sp_256_point_new_5(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 5 * 2, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
@@ -19039,12 +18971,12 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_256_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_5(p, 0, NULL);
return err;
}
@@ -19059,25 +18991,29 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
*/
int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 5 * 4];
- sp_point_256 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_256* p;
- int err;
+ sp_point_256* p = NULL;
+#else
+ sp_digit tmp[2 * 5 * 4];
+ sp_point_256 p[1];
+#endif
+ int err = MP_OKAY;
- err = sp_256_point_new_5(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 5 * 4, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
sp_256_from_mp(p->x, 5, pX);
@@ -19097,12 +19033,12 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
err = sp_256_to_mp(p->z, pZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_5(p, 0, NULL);
return err;
}
@@ -19115,31 +19051,23 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
*/
static int sp_256_mont_sqrt_5(sp_digit* y)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2 * 5];
- sp_digit t2d[2 * 5];
+ sp_digit t1[4 * 5];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 5, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 5, NULL, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL) {
err = MEMORY_E;
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 5;
- t2 = d + 2 * 5;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 5;
{
/* t2 = y ^ 0x2 */
@@ -19174,10 +19102,9 @@ static int sp_256_mont_sqrt_5(sp_digit* y)
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -19193,31 +19120,22 @@ static int sp_256_mont_sqrt_5(sp_digit* y)
*/
int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
-#else
- sp_digit xd[2 * 5];
- sp_digit yd[2 * 5];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* x = NULL;
+#else
+ sp_digit x[4 * 5];
+#endif
sp_digit* y = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 5, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 5, NULL, DYNAMIC_TYPE_ECC);
+ if (x == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- x = d + 0 * 5;
- y = d + 2 * 5;
-#else
- x = xd;
- y = yd;
-#endif
+ y = x + 2 * 5;
sp_256_from_mp(x, 5, xm);
err = sp_256_mod_mul_norm_5(x, x, p256_mod);
@@ -19250,10 +19168,9 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
err = sp_256_to_mp(y, ym);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (x != NULL)
+ XFREE(x, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -19628,64 +19545,6 @@ SP_NOINLINE static int sp_384_sub_7(sp_digit* r, const sp_digit* a,
}
#endif /* WOLFSSL_SP_SMALL */
-/* Create a new point.
- *
- * heap [in] Buffer to allocate dynamic memory from.
- * sp [in] Data for point - only if not allocating.
- * p [out] New point.
- * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise.
- */
-static int sp_384_point_new_ex_7(void* heap, sp_point_384* sp,
- sp_point_384** p)
-{
- int ret = MP_OKAY;
- (void)heap;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- (void)sp;
- *p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC);
-#else
- *p = sp;
-#endif
- if (*p == NULL) {
- ret = MEMORY_E;
- }
- return ret;
-}
-
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* Allocate memory for point and return error. */
-#define sp_384_point_new_7(heap, sp, p) sp_384_point_new_ex_7((heap), NULL, &(p))
-#else
-/* Set pointer to data and return no error. */
-#define sp_384_point_new_7(heap, sp, p) sp_384_point_new_ex_7((heap), &(sp), &(p))
-#endif
-
-
-/* Free the point.
- *
- * p [in,out] Point to free.
- * clear [in] Indicates whether to zeroize point.
- * heap [in] Buffer from which dynamic memory was allocate from.
- */
-static void sp_384_point_free_7(sp_point_384* p, int clear, void* heap)
-{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* If valid pointer then clear point data if requested and free data. */
- if (p != NULL) {
- if (clear != 0) {
- XMEMSET(p, 0, sizeof(*p));
- }
- XFREE(p, heap, DYNAMIC_TYPE_ECC);
- }
-#else
-/* Clear point data if requested. */
- if ((p != NULL) && (clear != 0)) {
- XMEMSET(p, 0, sizeof(*p));
- }
-#endif
- (void)heap;
-}
-
/* Convert an mp_int to an array of sp_digit.
*
* r A single precision integer.
@@ -20895,34 +20754,25 @@ static void sp_384_proj_point_add_7(sp_point_384* r,
*/
static int sp_384_mod_mul_norm_7(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- int64_t* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ int64_t* t = NULL;
#else
- int64_t td[12];
- int64_t a32d[12];
+ int64_t t[2 * 12];
#endif
- int64_t* t;
- int64_t* a32;
+ int64_t* a32 = NULL;
int64_t o;
int err = MP_OKAY;
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- td = (int64_t*)XMALLOC(sizeof(int64_t) * 2 * 12, NULL, DYNAMIC_TYPE_ECC);
- if (td == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (int64_t*)XMALLOC(sizeof(int64_t) * 2 * 12, NULL, DYNAMIC_TYPE_ECC);
+ if (t == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = td;
- a32 = td + 12;
-#else
- t = td;
- a32 = a32d;
-#endif
+ a32 = t + 12;
a32[0] = (sp_digit)(a[0]) & 0xffffffffL;
a32[1] = (sp_digit)(a[0] >> 32U);
@@ -21028,9 +20878,9 @@ static int sp_384_mod_mul_norm_7(sp_digit* r, const sp_digit* a, const sp_digit*
r[6] |= t[11] << 22U;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL)
- XFREE(td, NULL, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -21170,12 +21020,12 @@ static int sp_384_ecc_mulmod_7_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r,
static int sp_384_ecc_mulmod_7(sp_point_384* r, const sp_point_384* g,
const sp_digit* k, int map, int ct, void* heap)
{
-#ifdef WOLFSSL_SP_NO_MALLOC
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* t = NULL;
+ sp_digit* tmp = NULL;
+#else
sp_point_384 t[3];
sp_digit tmp[2 * 7 * 6];
-#else
- sp_point_384* t;
- sp_digit* tmp;
#endif
sp_digit n;
int i;
@@ -21183,18 +21033,21 @@ static int sp_384_ecc_mulmod_7(sp_point_384* r, const sp_point_384* g,
int y;
int err = MP_OKAY;
- /* Implementatio is constant time. */
+ /* Implementation is constant time. */
(void)ct;
(void)heap;
-#ifndef WOLFSSL_SP_NO_MALLOC
- t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap,
+ DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 7 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 7 * 6, heap,
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
if (err == MP_OKAY) {
@@ -21245,19 +21098,24 @@ static int sp_384_ecc_mulmod_7(sp_point_384* r, const sp_point_384* g,
}
}
-#ifndef WOLFSSL_SP_NO_MALLOC
- if (tmp != NULL) {
- XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 7 * 6);
- XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_point_384) * 3);
- XFREE(t, NULL, DYNAMIC_TYPE_ECC);
- }
-#else
- ForceZero(tmp, sizeof(tmp));
- ForceZero(t, sizeof(t));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
#endif
+ {
+ ForceZero(tmp, sizeof(sp_digit) * 2 * 7 * 6);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+#endif
+ {
+ ForceZero(t, sizeof(sp_point_384) * 3);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -21699,43 +21557,41 @@ static void sp_384_get_point_33_7(sp_point_384* r, const sp_point_384* table,
static int sp_384_ecc_mulmod_win_add_sub_7(sp_point_384* r, const sp_point_384* g,
const sp_digit* k, int map, int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 td[33];
- sp_point_384 rtd;
- sp_point_384 pd;
- sp_digit tmpd[2 * 7 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* t = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_384 t[33+2];
+ sp_digit tmp[2 * 7 * 6];
#endif
- sp_point_384* t;
- sp_point_384* rt;
+ sp_point_384* rt = NULL;
sp_point_384* p = NULL;
- sp_digit* tmp;
sp_digit* negy;
int i;
ecc_recode_384 v[65];
- int err;
+ int err = MP_OKAY;
/* Constant time used for cache attack resistance implementation. */
(void)ct;
(void)heap;
- err = sp_384_point_new_7(heap, rtd, rt);
- if (err == MP_OKAY)
- err = sp_384_point_new_7(heap, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 33, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) *
+ (33+2), heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 7 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
-#else
- t = td;
- tmp = tmpd;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 7 * 6,
+ heap, DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
-
if (err == MP_OKAY) {
+ rt = t + 33;
+ p = t + 33+1;
+
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
@@ -21815,14 +21671,12 @@ static int sp_384_ecc_mulmod_win_add_sub_7(sp_point_384* r, const sp_point_384*
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
if (tmp != NULL)
XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_7(p, 0, heap);
- sp_384_point_free_7(rt, 0, heap);
return err;
}
@@ -21948,29 +21802,30 @@ static void sp_384_proj_to_affine_7(sp_point_384* a, sp_digit* t)
static int sp_384_gen_stripe_table_7(const sp_point_384* a,
sp_table_entry_384* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 td;
- sp_point_384 s1d;
- sp_point_384 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* t = NULL;
+#else
+ sp_point_384 t[3];
#endif
- sp_point_384* t;
sp_point_384* s1 = NULL;
sp_point_384* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_384_point_new_7(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_384_point_new_7(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_384_point_new_7(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_384_mod_mul_norm_7(t->x, a->x, p384_mod);
}
if (err == MP_OKAY) {
@@ -22015,9 +21870,10 @@ static int sp_384_gen_stripe_table_7(const sp_point_384* a,
}
}
- sp_384_point_free_7(s2, 0, heap);
- sp_384_point_free_7(s1, 0, heap);
- sp_384_point_free_7( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -22089,19 +21945,19 @@ static int sp_384_ecc_mulmod_stripe_7(sp_point_384* r, const sp_point_384* g,
const sp_table_entry_384* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 rtd;
- sp_point_384 pd;
- sp_digit td[2 * 7 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_384 rt[2];
+ sp_digit t[2 * 7 * 6];
#endif
- sp_point_384* rt;
sp_point_384* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -22109,21 +21965,22 @@ static int sp_384_ecc_mulmod_stripe_7(sp_point_384* r, const sp_point_384* g,
(void)heap;
- err = sp_384_point_new_7(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_384_point_new_7(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 7 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 7 * 6, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p384_norm_mod, sizeof(p384_norm_mod));
XMEMCPY(rt->z, p384_norm_mod, sizeof(p384_norm_mod));
@@ -22174,13 +22031,12 @@ static int sp_384_ecc_mulmod_stripe_7(sp_point_384* r, const sp_point_384* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_7(p, 0, heap);
- sp_384_point_free_7(rt, 0, heap);
return err;
}
@@ -22344,25 +22200,28 @@ static int sp_384_ecc_mulmod_7(sp_point_384* r, const sp_point_384* g, const sp_
int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[7];
-#endif
- sp_point_384* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[1];
+ sp_digit k[7];
+#endif
int err = MP_OKAY;
- err = sp_384_point_new_7(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_384_from_mp(k, 7, km);
sp_384_point_from_ecc_point_7(point, gm);
@@ -22373,12 +22232,12 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
err = sp_384_point_to_ecc_point_7(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_7(point, 0, heap);
return err;
}
@@ -22398,37 +22257,35 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
const ecc_point* am, int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_point_384 a;
- sp_digit kd[7];
- sp_digit t[7 * 2 * 6];
-#endif
- sp_point_384* point;
- sp_point_384* addP = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[2];
+ sp_digit k[7 + 7 * 2 * 6];
+#endif
+ sp_point_384* addP = NULL;
sp_digit* tmp = NULL;
int err = MP_OKAY;
- err = sp_384_point_new_7(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_384_point_new_7(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (7 + 7 * 2 * 6), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (7 + 7 * 2 * 6), heap,
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 7;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 7;
+
sp_384_from_mp(k, 7, km);
sp_384_point_from_ecc_point_7(point, gm);
sp_384_point_from_ecc_point_7(addP, am);
@@ -22455,13 +22312,12 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
err = sp_384_point_to_ecc_point_7(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_7(addP, 0, heap);
- sp_384_point_free_7(point, 0, heap);
return err;
}
@@ -24314,26 +24170,28 @@ static int sp_384_ecc_mulmod_base_7(sp_point_384* r, const sp_digit* k,
*/
int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[7];
-#endif
- sp_point_384* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[1];
+ sp_digit k[7];
+#endif
int err = MP_OKAY;
- err = sp_384_point_new_7(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_384_from_mp(k, 7, km);
@@ -24343,12 +24201,12 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
err = sp_384_point_to_ecc_point_7(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_7(point, 0, heap);
return err;
}
@@ -24367,37 +24225,35 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_point_384 a;
- sp_digit kd[7];
- sp_digit t[7 * 2 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
+ sp_digit* k = NULL;
+#else
+ sp_point_384 point[2];
+ sp_digit k[7 + 7 * 2 * 6];
#endif
- sp_point_384* point;
sp_point_384* addP = NULL;
sp_digit* tmp = NULL;
- sp_digit* k = NULL;
int err = MP_OKAY;
- err = sp_384_point_new_7(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_384_point_new_7(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (7 + 7 * 2 * 6), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (7 + 7 * 2 * 6),
+ heap, DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 7;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 7;
+
sp_384_from_mp(k, 7, km);
sp_384_point_from_ecc_point_7(addP, am);
}
@@ -24423,13 +24279,12 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
err = sp_384_point_to_ecc_point_7(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_7(addP, 0, heap);
- sp_384_point_free_7(point, 0, heap);
return err;
}
@@ -24532,41 +24387,46 @@ static int sp_384_ecc_gen_k_7(WC_RNG* rng, sp_digit* k)
*/
int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[7];
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_point_384 inf;
-#endif
-#endif
- sp_point_384* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ sp_point_384 point[2];
+ #else
+ sp_point_384 point[1];
+ #endif
+ sp_digit k[7];
+#endif
#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
sp_point_384* infinity = NULL;
#endif
- int err;
+ int err = MP_OKAY;
+
(void)heap;
- err = sp_384_point_new_7(heap, p, point);
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- if (err == MP_OKAY) {
- err = sp_384_point_new_7(heap, inf, infinity);
- }
-#endif
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, DYNAMIC_TYPE_ECC);
+ #else
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC);
+ #endif
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ infinity = point + 1;
+ #endif
+
err = sp_384_ecc_gen_k_7(rng, k);
}
if (err == MP_OKAY) {
@@ -24591,15 +24451,14 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
err = sp_384_point_to_ecc_point_7(point, pub);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
+ if (point != NULL) {
+ /* point is not sensitive, so no need to zeroize */
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
}
#endif
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_384_point_free_7(infinity, 1, heap);
-#endif
- sp_384_point_free_7(point, 1, heap);
return err;
}
@@ -24664,30 +24523,32 @@ static void sp_384_to_bin(sp_digit* r, byte* a)
int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
word32* outLen, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[7];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[1];
+ sp_digit k[7];
+#endif
int err = MP_OKAY;
if (*outLen < 48U) {
err = BUFFER_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_384_point_new_7(heap, p, point);
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
@@ -24700,12 +24561,12 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
*outLen = 48;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_7(point, 0, heap);
return err;
}
@@ -24840,34 +24701,25 @@ static int sp_384_div_7(const sp_digit* a, const sp_digit* d,
#endif
sp_digit dv;
sp_digit r1;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[14];
- sp_digit t2d[7 + 1];
+ sp_digit t1[3 * 7 + 1];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 7 + 1), NULL,
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 7 + 1), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = td;
- t2 = td + 2 * 7;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 7;
dv = d[6];
XMEMCPY(t1, a, sizeof(*t1) * 2U * 7U);
@@ -24885,6 +24737,7 @@ static int sp_384_div_7(const sp_digit* a, const sp_digit* d,
sp_384_mul_d_7(t2, d, r1);
(void)sp_384_sub_7(&t1[i], &t1[i], t2);
+ sp_384_norm_7(&t1[i]);
t1[7 + i] -= t2[7];
t1[7 + i] += t1[7 + i - 1] >> 55;
t1[7 + i - 1] &= 0x7fffffffffffffL;
@@ -24910,10 +24763,9 @@ static int sp_384_div_7(const sp_digit* a, const sp_digit* d,
(sp_digit)1 : (sp_digit)0));
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
- XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return err;
@@ -25209,13 +25061,10 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
hashLen = 48U;
}
- sp_384_from_bin(ctx->e, 7, hash, (int)hashLen);
-
ctx->i = SP_ECC_MAX_SIG_GEN;
ctx->state = 1;
break;
case 1: /* GEN */
- sp_384_from_mp(ctx->x, 7, priv);
/* New random point. */
if (km == NULL || mp_iszero(km)) {
err = sp_384_ecc_gen_k_7(rng, ctx->k);
@@ -25243,6 +25092,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
c = sp_384_cmp_7(ctx->r, p384_order);
sp_384_cond_sub_7(ctx->r, ctx->r, p384_order, 0L - (sp_digit)(c >= 0));
sp_384_norm_7(ctx->r);
+
+ sp_384_from_mp(ctx->x, 7, priv);
+ sp_384_from_bin(ctx->e, 7, hash, (int)hashLen);
ctx->state = 4;
break;
}
@@ -25299,6 +25151,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
ctx->state = 10;
break;
}
+ #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP
+ ctx->i = 1;
+ #endif
/* not usable gen, try again */
ctx->i--;
@@ -25334,22 +25189,17 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng,
const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit ed[2*7];
- sp_digit xd[2*7];
- sp_digit kd[2*7];
- sp_digit rd[2*7];
- sp_digit td[3 * 2*7];
- sp_point_384 p;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* e = NULL;
+ sp_point_384* point = NULL;
+#else
+ sp_digit e[7 * 2 * 7];
+ sp_point_384 point[1];
+#endif
sp_digit* x = NULL;
sp_digit* k = NULL;
sp_digit* r = NULL;
sp_digit* tmp = NULL;
- sp_point_384* point = NULL;
sp_digit* s = NULL;
int64_t c;
int err = MP_OKAY;
@@ -25357,31 +25207,26 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng,
(void)heap;
- err = sp_384_point_new_7(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 7, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 7, heap,
+ DYNAMIC_TYPE_ECC);
+ if (e == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- e = d + 0 * 7;
- x = d + 2 * 7;
- k = d + 4 * 7;
- r = d + 6 * 7;
- tmp = d + 8 * 7;
-#else
- e = ed;
- x = xd;
- k = kd;
- r = rd;
- tmp = td;
-#endif
+ x = e + 2 * 7;
+ k = e + 4 * 7;
+ r = e + 6 * 7;
+ tmp = e + 8 * 7;
s = e;
if (hashLen > 48U) {
@@ -25436,19 +25281,24 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng,
err = sp_384_to_mp(s, sm);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 8 * 7);
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 2U * 7U);
- XMEMSET(x, 0, sizeof(sp_digit) * 2U * 7U);
- XMEMSET(k, 0, sizeof(sp_digit) * 2U * 7U);
- XMEMSET(r, 0, sizeof(sp_digit) * 2U * 7U);
- XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 7U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (e != NULL)
#endif
- sp_384_point_free_7(point, 1, heap);
+ {
+ ForceZero(e, sizeof(sp_digit) * 7 * 2 * 7);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(e, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (point != NULL)
+#endif
+ {
+ ForceZero(point, sizeof(sp_point_384));
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -25503,20 +25353,18 @@ static int sp_384_num_bits_7(const sp_digit* a)
static int sp_384_mod_inv_7(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
int err = MP_OKAY;
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
- sp_digit* u;
- sp_digit* v;
- sp_digit* b;
- sp_digit* d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* u = NULL;
#else
- sp_digit u[7];
- sp_digit v[7];
- sp_digit b[7];
- sp_digit d[7];
+ sp_digit u[7 * 4];
#endif
- int ut, vt;
+ sp_digit* v = NULL;
+ sp_digit* b = NULL;
+ sp_digit* d = NULL;
+ int ut;
+ int vt;
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
u = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 4, NULL,
DYNAMIC_TYPE_ECC);
if (u == NULL)
@@ -25524,11 +25372,9 @@ static int sp_384_mod_inv_7(sp_digit* r, const sp_digit* a, const sp_digit* m)
#endif
if (err == MP_OKAY) {
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
v = u + 7;
b = u + 2 * 7;
d = u + 3 * 7;
-#endif
XMEMCPY(u, m, sizeof(sp_digit) * 7);
XMEMCPY(v, a, sizeof(sp_digit) * 7);
@@ -25606,7 +25452,7 @@ static int sp_384_mod_inv_7(sp_digit* r, const sp_digit* a, const sp_digit* m)
else
XMEMCPY(r, d, sizeof(sp_digit) * 7);
}
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (u != NULL)
XFREE(u, NULL, DYNAMIC_TYPE_ECC);
#endif
@@ -25743,7 +25589,7 @@ typedef struct sp_ecc_verify_384_ctx {
int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ,
- const mp_int* r, const mp_int* sm, int* res, void* heap)
+ const mp_int* rm, const mp_int* sm, int* res, void* heap)
{
int err = FP_WOULDBLOCK;
sp_ecc_verify_384_ctx* ctx = (sp_ecc_verify_384_ctx*)sp_ctx->data;
@@ -25758,7 +25604,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
}
sp_384_from_bin(ctx->u1, 7, hash, (int)hashLen);
- sp_384_from_mp(ctx->u2, 7, r);
+ sp_384_from_mp(ctx->u2, 7, rm);
sp_384_from_mp(ctx->s, 7, sm);
sp_384_from_mp(ctx->p2.x, 7, pX);
sp_384_from_mp(ctx->p2.y, 7, pY);
@@ -25816,57 +25662,33 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
if (err == MP_OKAY)
ctx->state = 9;
break;
- case 9: /* DBLPREP */
- if (sp_384_iszero_7(ctx->p1.z)) {
- if (sp_384_iszero_7(ctx->p1.x) && sp_384_iszero_7(ctx->p1.y)) {
- XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
- ctx->state = 10;
- break;
- }
- else {
- /* Y ordinate is not used from here - don't set. */
- int i;
- for (i=0; i<7; i++) {
- ctx->p1.x[i] = 0;
- }
- XMEMCPY(ctx->p1.z, p384_norm_mod, sizeof(p384_norm_mod));
- }
- }
- ctx->state = 11;
- break;
- case 10: /* DBL */
- err = sp_384_proj_point_dbl_7_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1,
- &ctx->p2, ctx->tmp);
- if (err == MP_OKAY) {
- ctx->state = 11;
- }
- break;
- case 11: /* MONT */
+ case 9: /* MONT */
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_384_from_mp(ctx->u2, 7, r);
+ sp_384_from_mp(ctx->u2, 7, rm);
err = sp_384_mod_mul_norm_7(ctx->u2, ctx->u2, p384_mod);
if (err == MP_OKAY)
- ctx->state = 12;
+ ctx->state = 10;
break;
- case 12: /* SQR */
+ case 10: /* SQR */
/* u1 = r.z'.z' mod prime */
sp_384_mont_sqr_7(ctx->p1.z, ctx->p1.z, p384_mod, p384_mp_mod);
- ctx->state = 13;
+ ctx->state = 11;
break;
- case 13: /* MUL */
+ case 11: /* MUL */
sp_384_mont_mul_7(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, p384_mp_mod);
- ctx->state = 14;
+ ctx->state = 12;
break;
- case 14: /* RES */
+ case 12: /* RES */
+ {
+ int64_t c = 0;
err = MP_OKAY; /* math okay, now check result */
*res = (int)(sp_384_cmp_7(ctx->p1.x, ctx->u1) == 0);
if (*res == 0) {
sp_digit carry;
- int64_t c;
/* Reload r and add order. */
- sp_384_from_mp(ctx->u2, 7, r);
+ sp_384_from_mp(ctx->u2, 7, rm);
carry = sp_384_add_7(ctx->u2, ctx->u2, p384_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -25874,22 +25696,23 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
/* Compare with mod and if greater or equal then not valid. */
c = sp_384_cmp_7(ctx->u2, p384_mod);
- if (c < 0) {
- /* Convert to Montogomery form */
- err = sp_384_mod_mul_norm_7(ctx->u2, ctx->u2, p384_mod);
- if (err == MP_OKAY) {
- /* u1 = (r + 1*order).z'.z' mod prime */
- sp_384_mont_mul_7(ctx->u1, ctx->u2, ctx->p1.z, p384_mod,
- p384_mp_mod);
- *res = (int)(sp_384_cmp_7(ctx->p1.x, ctx->u1) == 0);
- }
- }
+ }
+ }
+ if ((*res == 0) && (c < 0)) {
+ /* Convert to Montogomery form */
+ err = sp_384_mod_mul_norm_7(ctx->u2, ctx->u2, p384_mod);
+ if (err == MP_OKAY) {
+ /* u1 = (r + 1*order).z'.z' mod prime */
+ sp_384_mont_mul_7(ctx->u1, ctx->u2, ctx->p1.z, p384_mod,
+ p384_mp_mod);
+ *res = (int)(sp_384_cmp_7(ctx->p1.x, ctx->u1) == 0);
}
}
break;
}
+ } /* switch */
- if (err == MP_OKAY && ctx->state != 14) {
+ if (err == MP_OKAY && ctx->state != 12) {
err = FP_WOULDBLOCK;
}
@@ -25898,62 +25721,51 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
#endif /* WOLFSSL_SP_NONBLOCK */
int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
- const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm,
+ const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm,
int* res, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit u1d[2*7];
- sp_digit u2d[2*7];
- sp_digit sd[2*7];
- sp_digit tmpd[2*7 * 5];
- sp_point_384 p1d;
- sp_point_384 p2d;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* u1 = NULL;
+ sp_point_384* p1 = NULL;
+#else
+ sp_digit u1[16 * 7];
+ sp_point_384 p1[2];
+#endif
sp_digit* u2 = NULL;
sp_digit* s = NULL;
sp_digit* tmp = NULL;
- sp_point_384* p1;
sp_point_384* p2 = NULL;
sp_digit carry;
int64_t c = 0;
- int err;
+ int err = MP_OKAY;
- err = sp_384_point_new_7(heap, p1d, p1);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_384_point_new_7(heap, p2d, p2);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 7, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ p1 = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (p1 == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 7, heap,
+ DYNAMIC_TYPE_ECC);
+ if (u1 == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- u1 = d + 0 * 7;
- u2 = d + 2 * 7;
- s = d + 4 * 7;
- tmp = d + 6 * 7;
-#else
- u1 = u1d;
- u2 = u2d;
- s = sd;
- tmp = tmpd;
-#endif
+ u2 = u1 + 2 * 7;
+ s = u1 + 4 * 7;
+ tmp = u1 + 6 * 7;
+ p2 = p1 + 1;
if (hashLen > 48U) {
hashLen = 48U;
}
sp_384_from_bin(u1, 7, hash, (int)hashLen);
- sp_384_from_mp(u2, 7, r);
+ sp_384_from_mp(u2, 7, rm);
sp_384_from_mp(s, 7, sm);
sp_384_from_mp(p2->x, 7, pX);
sp_384_from_mp(p2->y, 7, pY);
@@ -25964,7 +25776,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
if (err == MP_OKAY) {
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_384_from_mp(u2, 7, r);
+ sp_384_from_mp(u2, 7, rm);
err = sp_384_mod_mul_norm_7(u2, u2, p384_mod);
}
@@ -25975,7 +25787,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
*res = (int)(sp_384_cmp_7(p1->x, u1) == 0);
if (*res == 0) {
/* Reload r and add order. */
- sp_384_from_mp(u2, 7, r);
+ sp_384_from_mp(u2, 7, rm);
carry = sp_384_add_7(u2, u2, p384_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -25984,8 +25796,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
/* Compare with mod and if greater or equal then not valid. */
c = sp_384_cmp_7(u2, p384_mod);
}
- }
- if ((*res == 0) && (c < 0)) {
+ }
+ if ((*res == 0) && (c < 0)) {
/* Convert to Montogomery form */
err = sp_384_mod_mul_norm_7(u2, u2, p384_mod);
if (err == MP_OKAY) {
@@ -25997,12 +25809,12 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL)
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (u1 != NULL)
+ XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+ if (p1 != NULL)
+ XFREE(p1, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_7(p1, 0, heap);
- sp_384_point_free_7(p2, 0, heap);
return err;
}
@@ -26019,32 +25831,23 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
static int sp_384_ecc_is_point_7(const sp_point_384* point,
void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2*7];
- sp_digit t2d[2*7];
+ sp_digit t1[7 * 4];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 4, heap, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 4, heap, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)heap;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 7;
- t2 = d + 2 * 7;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 7;
sp_384_sqr_7(t1, point->y);
(void)sp_384_mod_7(t1, t1, p384_mod);
@@ -26064,10 +25867,9 @@ static int sp_384_ecc_is_point_7(const sp_point_384* point,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, heap, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -26082,14 +25884,21 @@ static int sp_384_ecc_is_point_7(const sp_point_384* point,
*/
int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 pubd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* pub = NULL;
+#else
+ sp_point_384 pub[1];
+#endif
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
#endif
- sp_point_384* pub;
- byte one[1] = { 1 };
- int err;
- err = sp_384_point_new_7(NULL, pubd, pub);
if (err == MP_OKAY) {
sp_384_from_mp(pub->x, 7, pX);
sp_384_from_mp(pub->y, 7, pY);
@@ -26098,7 +25907,10 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
err = sp_384_ecc_is_point_7(pub, NULL);
}
- sp_384_point_free_7(pub, 0, NULL);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -26117,45 +25929,45 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
const mp_int* privm, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit privd[7];
- sp_point_384 pubd;
- sp_point_384 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* priv = NULL;
- sp_point_384* pub;
- sp_point_384* p = NULL;
- byte one[1] = { 1 };
- int err;
-
- err = sp_384_point_new_7(heap, pubd, pub);
- if (err == MP_OKAY) {
- err = sp_384_point_new_7(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY && privm) {
- priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7, heap,
- DYNAMIC_TYPE_ECC);
- if (priv == NULL) {
- err = MEMORY_E;
- }
- }
+ sp_point_384* pub = NULL;
+#else
+ sp_digit priv[7];
+ sp_point_384 pub[2];
#endif
+ sp_point_384* p = NULL;
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
/* Quick check the lengs of public key ordinates and private key are in
* range. Proper check later.
*/
- if ((err == MP_OKAY) && ((mp_count_bits(pX) > 384) ||
+ if (((mp_count_bits(pX) > 384) ||
(mp_count_bits(pY) > 384) ||
((privm != NULL) && (mp_count_bits(privm) > 384)))) {
err = ECC_OUT_OF_RANGE_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- priv = privd;
+ pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY && privm) {
+ priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7, heap,
+ DYNAMIC_TYPE_ECC);
+ if (priv == NULL)
+ err = MEMORY_E;
+ }
#endif
+ if (err == MP_OKAY) {
+ p = pub + 1;
+
sp_384_from_mp(pub->x, 7, pX);
sp_384_from_mp(pub->y, 7, pY);
sp_384_from_bin(pub->z, 7, one, (int)sizeof(one));
@@ -26204,13 +26016,12 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (priv != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+ if (priv != NULL)
XFREE(priv, heap, DYNAMIC_TYPE_ECC);
- }
#endif
- sp_384_point_free_7(p, 0, heap);
- sp_384_point_free_7(pub, 0, heap);
return err;
}
@@ -26234,33 +26045,35 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* qX, mp_int* qY, mp_int* qZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 7 * 5];
- sp_point_384 pd;
- sp_point_384 qd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_384* p;
+ sp_point_384* p = NULL;
+#else
+ sp_digit tmp[2 * 7 * 5];
+ sp_point_384 p[2];
+#endif
sp_point_384* q = NULL;
int err;
- err = sp_384_point_new_7(NULL, pd, p);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_384_point_new_7(NULL, qd, q);
+ p = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 7 * 5, NULL,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (tmp == NULL) {
err = MEMORY_E;
}
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
+ q = p + 1;
+
sp_384_from_mp(p->x, 7, pX);
sp_384_from_mp(p->y, 7, pY);
sp_384_from_mp(p->z, 7, pZ);
@@ -26281,13 +26094,12 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_384_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_7(q, 0, NULL);
- sp_384_point_free_7(p, 0, NULL);
return err;
}
@@ -26306,25 +26118,28 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 7 * 2];
- sp_point_384 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_384* p;
- int err;
+ sp_point_384* p = NULL;
+#else
+ sp_digit tmp[2 * 7 * 2];
+ sp_point_384 p[1];
+#endif
+ int err = MP_OKAY;
- err = sp_384_point_new_7(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 7 * 2, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
@@ -26345,12 +26160,12 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_384_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_7(p, 0, NULL);
return err;
}
@@ -26365,25 +26180,29 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
*/
int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 7 * 6];
- sp_point_384 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_384* p;
- int err;
+ sp_point_384* p = NULL;
+#else
+ sp_digit tmp[2 * 7 * 6];
+ sp_point_384 p[1];
+#endif
+ int err = MP_OKAY;
- err = sp_384_point_new_7(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 7 * 6, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
sp_384_from_mp(p->x, 7, pX);
@@ -26403,12 +26222,12 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
err = sp_384_to_mp(p->z, pZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_7(p, 0, NULL);
return err;
}
@@ -26421,43 +26240,28 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
*/
static int sp_384_mont_sqrt_7(sp_digit* y)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2 * 7];
- sp_digit t2d[2 * 7];
- sp_digit t3d[2 * 7];
- sp_digit t4d[2 * 7];
- sp_digit t5d[2 * 7];
+ sp_digit t1[5 * 2 * 7];
#endif
- sp_digit* t1;
- sp_digit* t2;
- sp_digit* t3;
- sp_digit* t4;
- sp_digit* t5;
+ sp_digit* t2 = NULL;
+ sp_digit* t3 = NULL;
+ sp_digit* t4 = NULL;
+ sp_digit* t5 = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 7, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 7, NULL, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 7;
- t2 = d + 2 * 7;
- t3 = d + 4 * 7;
- t4 = d + 6 * 7;
- t5 = d + 8 * 7;
-#else
- t1 = t1d;
- t2 = t2d;
- t3 = t3d;
- t4 = t4d;
- t5 = t5d;
-#endif
+ t2 = t1 + 2 * 7;
+ t3 = t1 + 4 * 7;
+ t4 = t1 + 6 * 7;
+ t5 = t1 + 8 * 7;
{
/* t2 = y ^ 0x2 */
@@ -26517,10 +26321,9 @@ static int sp_384_mont_sqrt_7(sp_digit* y)
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -26536,31 +26339,22 @@ static int sp_384_mont_sqrt_7(sp_digit* y)
*/
int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
-#else
- sp_digit xd[2 * 7];
- sp_digit yd[2 * 7];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* x = NULL;
+#else
+ sp_digit x[4 * 7];
+#endif
sp_digit* y = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 7, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 7, NULL, DYNAMIC_TYPE_ECC);
+ if (x == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- x = d + 0 * 7;
- y = d + 2 * 7;
-#else
- x = xd;
- y = yd;
-#endif
+ y = x + 2 * 7;
sp_384_from_mp(x, 7, xm);
err = sp_384_mod_mul_norm_7(x, x, p384_mod);
@@ -26593,10 +26387,9 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
err = sp_384_to_mp(y, ym);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (x != NULL)
+ XFREE(x, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -27303,34 +27096,25 @@ static int sp_1024_div_18(const sp_digit* a, const sp_digit* d,
#endif
sp_digit dv;
sp_digit r1;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[36];
- sp_digit t2d[18 + 1];
+ sp_digit t1[3 * 18 + 1];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 18 + 1), NULL,
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 18 + 1), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = td;
- t2 = td + 2 * 18;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 18;
dv = d[17];
XMEMCPY(t1, a, sizeof(*t1) * 2U * 18U);
@@ -27348,6 +27132,7 @@ static int sp_1024_div_18(const sp_digit* a, const sp_digit* d,
sp_1024_mul_d_18(t2, d, r1);
(void)sp_1024_sub_18(&t1[i], &t1[i], t2);
+ sp_1024_norm_18(&t1[i]);
t1[18 + i] -= t2[18];
t1[18 + i] += t1[18 + i - 1] >> 57;
t1[18 + i - 1] &= 0x1ffffffffffffffL;
@@ -27373,10 +27158,9 @@ static int sp_1024_div_18(const sp_digit* a, const sp_digit* d,
(sp_digit)1 : (sp_digit)0));
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
- XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return err;
@@ -27408,6 +27192,8 @@ static int sp_1024_mod_mul_norm_18(sp_digit* r, const sp_digit* a,
return sp_1024_mod_18(r, r, m);
}
+
+#ifdef WOLFCRYPT_HAVE_SAKKE
/* Create a new point.
*
* heap [in] Buffer to allocate dynamic memory from.
@@ -27439,8 +27225,8 @@ static int sp_1024_point_new_ex_18(void* heap, sp_point_1024* sp,
/* Set pointer to data and return no error. */
#define sp_1024_point_new_18(heap, sp, p) sp_1024_point_new_ex_18((heap), &(sp), &(p))
#endif
-
-
+#endif /* WOLFCRYPT_HAVE_SAKKE */
+#ifdef WOLFCRYPT_HAVE_SAKKE
/* Free the point.
*
* p [in,out] Point to free.
@@ -27465,6 +27251,7 @@ static void sp_1024_point_free_18(sp_point_1024* p, int clear, void* heap)
#endif
(void)heap;
}
+#endif /* WOLFCRYPT_HAVE_SAKKE */
/* Convert an mp_int to an array of sp_digit.
*
@@ -28789,12 +28576,12 @@ static int sp_1024_ecc_mulmod_18_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r,
static int sp_1024_ecc_mulmod_18(sp_point_1024* r, const sp_point_1024* g,
const sp_digit* k, int map, int ct, void* heap)
{
-#ifdef WOLFSSL_SP_NO_MALLOC
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* t = NULL;
+ sp_digit* tmp = NULL;
+#else
sp_point_1024 t[3];
sp_digit tmp[2 * 18 * 5];
-#else
- sp_point_1024* t;
- sp_digit* tmp;
#endif
sp_digit n;
int i;
@@ -28802,18 +28589,21 @@ static int sp_1024_ecc_mulmod_18(sp_point_1024* r, const sp_point_1024* g,
int y;
int err = MP_OKAY;
- /* Implementatio is constant time. */
+ /* Implementation is constant time. */
(void)ct;
(void)heap;
-#ifndef WOLFSSL_SP_NO_MALLOC
- t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap,
+ DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 18 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 18 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
if (err == MP_OKAY) {
@@ -28864,19 +28654,24 @@ static int sp_1024_ecc_mulmod_18(sp_point_1024* r, const sp_point_1024* g,
}
}
-#ifndef WOLFSSL_SP_NO_MALLOC
- if (tmp != NULL) {
- XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 18 * 5);
- XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_point_1024) * 3);
- XFREE(t, NULL, DYNAMIC_TYPE_ECC);
- }
-#else
- ForceZero(tmp, sizeof(tmp));
- ForceZero(t, sizeof(t));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
#endif
+ {
+ ForceZero(tmp, sizeof(sp_digit) * 2 * 18 * 5);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+#endif
+ {
+ ForceZero(t, sizeof(sp_point_1024) * 3);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -29288,43 +29083,41 @@ static void sp_1024_ecc_recode_7_18(const sp_digit* k, ecc_recode_1024* v)
static int sp_1024_ecc_mulmod_win_add_sub_18(sp_point_1024* r, const sp_point_1024* g,
const sp_digit* k, int map, int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 td[65];
- sp_point_1024 rtd;
- sp_point_1024 pd;
- sp_digit tmpd[2 * 18 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* t = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_1024 t[65+2];
+ sp_digit tmp[2 * 18 * 6];
#endif
- sp_point_1024* t;
- sp_point_1024* rt;
+ sp_point_1024* rt = NULL;
sp_point_1024* p = NULL;
- sp_digit* tmp;
sp_digit* negy;
int i;
ecc_recode_1024 v[147];
- int err;
+ int err = MP_OKAY;
/* Constant time used for cache attack resistance implementation. */
(void)ct;
(void)heap;
- err = sp_1024_point_new_18(heap, rtd, rt);
- if (err == MP_OKAY)
- err = sp_1024_point_new_18(heap, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 65, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) *
+ (65+2), heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 18 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
-#else
- t = td;
- tmp = tmpd;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 18 * 6,
+ heap, DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
-
if (err == MP_OKAY) {
+ rt = t + 65;
+ p = t + 65+1;
+
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
@@ -29408,14 +29201,12 @@ static int sp_1024_ecc_mulmod_win_add_sub_18(sp_point_1024* r, const sp_point_10
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
if (tmp != NULL)
XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_18(p, 0, heap);
- sp_1024_point_free_18(rt, 0, heap);
return err;
}
@@ -29541,29 +29332,30 @@ static void sp_1024_proj_to_affine_18(sp_point_1024* a, sp_digit* t)
static int sp_1024_gen_stripe_table_18(const sp_point_1024* a,
sp_table_entry_1024* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 td;
- sp_point_1024 s1d;
- sp_point_1024 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* t = NULL;
+#else
+ sp_point_1024 t[3];
#endif
- sp_point_1024* t;
sp_point_1024* s1 = NULL;
sp_point_1024* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_1024_point_new_18(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_18(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_1024_point_new_18(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_1024_mod_mul_norm_18(t->x, a->x, p1024_mod);
}
if (err == MP_OKAY) {
@@ -29608,9 +29400,10 @@ static int sp_1024_gen_stripe_table_18(const sp_point_1024* a,
}
}
- sp_1024_point_free_18(s2, 0, heap);
- sp_1024_point_free_18(s1, 0, heap);
- sp_1024_point_free_18( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -29636,19 +29429,19 @@ static int sp_1024_ecc_mulmod_stripe_18(sp_point_1024* r, const sp_point_1024* g
const sp_table_entry_1024* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 rtd;
- sp_point_1024 pd;
- sp_digit td[2 * 18 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_1024 rt[2];
+ sp_digit t[2 * 18 * 5];
#endif
- sp_point_1024* rt;
sp_point_1024* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -29656,21 +29449,22 @@ static int sp_1024_ecc_mulmod_stripe_18(sp_point_1024* r, const sp_point_1024* g
(void)heap;
- err = sp_1024_point_new_18(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_18(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 18 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 18 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p1024_norm_mod, sizeof(p1024_norm_mod));
XMEMCPY(rt->z, p1024_norm_mod, sizeof(p1024_norm_mod));
@@ -29706,13 +29500,12 @@ static int sp_1024_ecc_mulmod_stripe_18(sp_point_1024* r, const sp_point_1024* g
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_18(p, 0, heap);
- sp_1024_point_free_18(rt, 0, heap);
return err;
}
@@ -29876,25 +29669,28 @@ static int sp_1024_ecc_mulmod_18(sp_point_1024* r, const sp_point_1024* g, const
int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_digit kd[18];
-#endif
- sp_point_1024* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_1024 point[1];
+ sp_digit k[18];
+#endif
int err = MP_OKAY;
- err = sp_1024_point_new_18(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_1024_from_mp(k, 18, km);
sp_1024_point_from_ecc_point_18(point, gm);
@@ -29905,12 +29701,12 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
err = sp_1024_point_to_ecc_point_18(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_18(point, 0, heap);
return err;
}
@@ -33293,26 +33089,28 @@ static int sp_1024_ecc_mulmod_base_18(sp_point_1024* r, const sp_digit* k,
*/
int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_digit kd[18];
-#endif
- sp_point_1024* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_1024 point[1];
+ sp_digit k[18];
+#endif
int err = MP_OKAY;
- err = sp_1024_point_new_18(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_1024_from_mp(k, 18, km);
@@ -33322,12 +33120,12 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
err = sp_1024_point_to_ecc_point_18(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_18(point, 0, heap);
return err;
}
@@ -33346,37 +33144,35 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_point_1024 a;
- sp_digit kd[18];
- sp_digit t[18 * 2 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
+ sp_digit* k = NULL;
+#else
+ sp_point_1024 point[2];
+ sp_digit k[18 + 18 * 2 * 5];
#endif
- sp_point_1024* point;
sp_point_1024* addP = NULL;
sp_digit* tmp = NULL;
- sp_digit* k = NULL;
int err = MP_OKAY;
- err = sp_1024_point_new_18(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_1024_point_new_18(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (18 + 18 * 2 * 5), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (18 + 18 * 2 * 5),
+ heap, DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 18;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 18;
+
sp_1024_from_mp(k, 18, km);
sp_1024_point_from_ecc_point_18(addP, am);
}
@@ -33402,13 +33198,12 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
err = sp_1024_point_to_ecc_point_18(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_18(addP, 0, heap);
- sp_1024_point_free_18(point, 0, heap);
return err;
}
@@ -33426,29 +33221,43 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
void* heap)
{
- int err = 0;
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_point_1024* point = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_1024 point[1];
sp_digit t[5 * 2 * 18];
+#endif
+ int err = MP_OKAY;
if ((gm == NULL) || (len == NULL)) {
err = BAD_FUNC_ARG;
}
- if ((err == 0) && (table == NULL)) {
+ if ((err == MP_OKAY) && (table == NULL)) {
*len = sizeof(sp_table_entry_1024) * 256;
err = LENGTH_ONLY_E;
}
- if ((err == 0) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
+ if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
err = BUFFER_E;
}
- if (err == 0) {
- err = sp_1024_point_new_18(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
}
- if (err == 0) {
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 18, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+ }
+#endif
+
+ if (err == MP_OKAY) {
sp_1024_point_from_ecc_point_18(point, gm);
err = sp_1024_gen_stripe_table_18(point,
(sp_table_entry_1024*)table, t, heap);
@@ -33457,7 +33266,12 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
*len = sizeof(sp_table_entry_1024) * 256;
}
- sp_1024_point_free_18(point, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -33510,24 +33324,28 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_digit kd[18];
-#endif
- sp_point_1024* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_1024 point[1];
+ sp_digit k[18];
+#endif
int err = MP_OKAY;
- err = sp_1024_point_new_18(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18, heap, DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_1024_from_mp(k, 18, km);
sp_1024_point_from_ecc_point_18(point, gm);
@@ -33544,12 +33362,12 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
err = sp_1024_point_to_ecc_point_18(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_18(point, 0, heap);
return err;
}
@@ -36743,33 +36561,24 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n)
static int sp_1024_ecc_is_point_18(const sp_point_1024* point,
void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2*18];
- sp_digit t2d[2*18];
+ sp_digit t1[18 * 4];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int64_t n;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18 * 4, heap, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18 * 4, heap, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)heap;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 18;
- t2 = d + 2 * 18;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 18;
sp_1024_sqr_18(t1, point->y);
(void)sp_1024_mod_18(t1, t1, p1024_mod);
@@ -36793,10 +36602,9 @@ static int sp_1024_ecc_is_point_18(const sp_point_1024* point,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, heap, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -36811,14 +36619,21 @@ static int sp_1024_ecc_is_point_18(const sp_point_1024* point,
*/
int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 pubd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* pub = NULL;
+#else
+ sp_point_1024 pub[1];
+#endif
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
#endif
- sp_point_1024* pub;
- byte one[1] = { 1 };
- int err;
- err = sp_1024_point_new_18(NULL, pubd, pub);
if (err == MP_OKAY) {
sp_1024_from_mp(pub->x, 18, pX);
sp_1024_from_mp(pub->y, 18, pY);
@@ -36827,7 +36642,10 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
err = sp_1024_ecc_is_point_18(pub, NULL);
}
- sp_1024_point_free_18(pub, 0, NULL);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -36846,45 +36664,45 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
const mp_int* privm, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit privd[18];
- sp_point_1024 pubd;
- sp_point_1024 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* priv = NULL;
- sp_point_1024* pub;
- sp_point_1024* p = NULL;
- byte one[1] = { 1 };
- int err;
-
- err = sp_1024_point_new_18(heap, pubd, pub);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_18(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY && privm) {
- priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18, heap,
- DYNAMIC_TYPE_ECC);
- if (priv == NULL) {
- err = MEMORY_E;
- }
- }
+ sp_point_1024* pub = NULL;
+#else
+ sp_digit priv[18];
+ sp_point_1024 pub[2];
#endif
+ sp_point_1024* p = NULL;
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
/* Quick check the lengs of public key ordinates and private key are in
* range. Proper check later.
*/
- if ((err == MP_OKAY) && ((mp_count_bits(pX) > 1024) ||
+ if (((mp_count_bits(pX) > 1024) ||
(mp_count_bits(pY) > 1024) ||
((privm != NULL) && (mp_count_bits(privm) > 1024)))) {
err = ECC_OUT_OF_RANGE_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- priv = privd;
+ pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY && privm) {
+ priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18, heap,
+ DYNAMIC_TYPE_ECC);
+ if (priv == NULL)
+ err = MEMORY_E;
+ }
#endif
+ if (err == MP_OKAY) {
+ p = pub + 1;
+
sp_1024_from_mp(pub->x, 18, pX);
sp_1024_from_mp(pub->y, 18, pY);
sp_1024_from_bin(pub->z, 18, one, (int)sizeof(one));
@@ -36933,13 +36751,12 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (priv != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+ if (priv != NULL)
XFREE(priv, heap, DYNAMIC_TYPE_ECC);
- }
#endif
- sp_1024_point_free_18(p, 0, heap);
- sp_1024_point_free_18(pub, 0, heap);
return err;
}
diff --git a/wolfcrypt/src/sp_cortexm.c b/wolfcrypt/src/sp_cortexm.c
index ff357fdb5..c19f856ef 100644
--- a/wolfcrypt/src/sp_cortexm.c
+++ b/wolfcrypt/src/sp_cortexm.c
@@ -3163,12 +3163,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[16 * 64];
#endif
sp_digit* t[16];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -3180,19 +3180,14 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 64), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<16; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 64;
-#else
- t[i] = &td[i * 64];
-#endif
}
sp_2048_mont_setup(m, &mp);
@@ -3288,9 +3283,8 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -3309,12 +3303,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[32 * 64];
#endif
sp_digit* t[32];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -3326,19 +3320,14 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 64), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<32; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 64;
-#else
- t[i] = &td[i * 64];
-#endif
}
sp_2048_mont_setup(m, &mp);
@@ -3451,9 +3440,8 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -3900,12 +3888,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[16 * 128];
#endif
sp_digit* t[16];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -3917,19 +3905,14 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 128), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<16; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 128;
-#else
- t[i] = &td[i * 128];
-#endif
}
sp_2048_mont_setup(m, &mp);
@@ -4025,9 +4008,8 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -4046,12 +4028,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[32 * 128];
#endif
sp_digit* t[32];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -4063,19 +4045,14 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 128), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<32; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 128;
-#else
- t[i] = &td[i * 128];
-#endif
}
sp_2048_mont_setup(m, &mp);
@@ -4188,9 +4165,8 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -4214,18 +4190,15 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e,
int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
const mp_int* mm, byte* out, word32* outLen)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit a[128];
- sp_digit m[64];
- sp_digit r[128];
-#else
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[64 * 5];
+#endif
sp_digit* m = NULL;
sp_digit* r = NULL;
-#endif
sp_digit *ah = NULL;
- sp_digit e[1];
+ sp_digit e[1] = {0};
int err = MP_OKAY;
if (*outLen < 256) {
@@ -4239,22 +4212,18 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 5, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- a = d;
- r = a + 64 * 2;
- m = r + 64 * 2;
- }
#endif
if (err == MP_OKAY) {
+ r = a + 64 * 2;
+ m = r + 64 * 2;
ah = a + 64;
sp_2048_from_bin(ah, 64, in, inLen);
@@ -4327,10 +4296,9 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
*outLen = 256;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
#endif
return err;
@@ -4400,8 +4368,12 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
#if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM)
- sp_digit* a = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[64 * 4];
+#endif
+ sp_digit* a = NULL;
sp_digit* m = NULL;
sp_digit* r = NULL;
int err = MP_OKAY;
@@ -4430,13 +4402,15 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 4, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL) {
+ if (d == NULL)
err = MEMORY_E;
- }
}
+#endif
+
if (err == MP_OKAY) {
a = d + 64;
m = a + 128;
@@ -4447,34 +4421,36 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
sp_2048_from_mp(m, 64, mm);
err = sp_2048_mod_exp_64(r, a, d, 2048, m, 0);
}
+
if (err == MP_OKAY) {
sp_2048_to_bin(r, out);
*outLen = 256;
}
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 64);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
+#endif
+ {
+ /* only "a" and "r" are sensitive and need zeroized (same pointer) */
+ if (a != NULL)
+ ForceZero(a, sizeof(sp_digit) * 64);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#endif
}
return err;
#else
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit a[64 * 2];
- sp_digit p[32];
- sp_digit q[32];
- sp_digit dp[32];
- sp_digit tmpa[64];
- sp_digit tmpb[64];
-#else
- sp_digit* t = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[32 * 11];
+#endif
sp_digit* p = NULL;
sp_digit* q = NULL;
sp_digit* dp = NULL;
sp_digit* tmpa = NULL;
sp_digit* tmpb = NULL;
-#endif
sp_digit* r = NULL;
sp_digit* qi = NULL;
sp_digit* dq = NULL;
@@ -4494,31 +4470,23 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 11, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 11, NULL,
DYNAMIC_TYPE_RSA);
- if (t == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
+#endif
+
if (err == MP_OKAY) {
- a = t;
p = a + 64 * 2;
q = p + 32;
qi = dq = dp = q + 32;
tmpa = qi + 32;
tmpb = tmpa + 64;
-
- r = t + 64;
- }
-#else
-#endif
-
- if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
r = a;
- qi = dq = dp;
-#endif
+
sp_2048_from_bin(a, 64, in, inLen);
sp_2048_from_mp(p, 32, pm);
sp_2048_from_mp(q, 32, qm);
@@ -4550,19 +4518,16 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 256;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_digit) * 32 * 11);
- XFREE(t, NULL, DYNAMIC_TYPE_RSA);
- }
-#else
- XMEMSET(tmpa, 0, sizeof(tmpa));
- XMEMSET(tmpb, 0, sizeof(tmpb));
- XMEMSET(p, 0, sizeof(p));
- XMEMSET(q, 0, sizeof(q));
- XMEMSET(dp, 0, sizeof(dp));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
#endif
-#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */
+ {
+ ForceZero(a, sizeof(sp_digit) * 32 * 11);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+ #endif
+ }
+#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */
return err;
}
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
@@ -5104,12 +5069,12 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
const sp_digit* m)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[193];
#endif
- sp_digit* norm;
- sp_digit* tmp;
+ sp_digit* norm = NULL;
+ sp_digit* tmp = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit o;
@@ -5122,18 +5087,13 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 193, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
tmp = td + 128;
-#else
- tmp = &td[128];
-#endif
sp_2048_mont_setup(m, &mp);
sp_2048_mont_norm_64(norm, m);
@@ -5204,9 +5164,8 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -8098,12 +8057,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[16 * 96];
#endif
sp_digit* t[16];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -8115,19 +8074,14 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 96), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<16; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 96;
-#else
- t[i] = &td[i * 96];
-#endif
}
sp_3072_mont_setup(m, &mp);
@@ -8223,9 +8177,8 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -8244,12 +8197,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[32 * 96];
#endif
sp_digit* t[32];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -8261,19 +8214,14 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 96), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<32; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 96;
-#else
- t[i] = &td[i * 96];
-#endif
}
sp_3072_mont_setup(m, &mp);
@@ -8386,9 +8334,8 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -8838,12 +8785,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[16 * 192];
#endif
sp_digit* t[16];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -8855,19 +8802,14 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 192), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<16; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 192;
-#else
- t[i] = &td[i * 192];
-#endif
}
sp_3072_mont_setup(m, &mp);
@@ -8963,9 +8905,8 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -8984,12 +8925,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[32 * 192];
#endif
sp_digit* t[32];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -9001,19 +8942,14 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 192), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<32; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 192;
-#else
- t[i] = &td[i * 192];
-#endif
}
sp_3072_mont_setup(m, &mp);
@@ -9126,9 +9062,8 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -9152,18 +9087,15 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e,
int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
const mp_int* mm, byte* out, word32* outLen)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit a[192];
- sp_digit m[96];
- sp_digit r[192];
-#else
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[96 * 5];
+#endif
sp_digit* m = NULL;
sp_digit* r = NULL;
-#endif
sp_digit *ah = NULL;
- sp_digit e[1];
+ sp_digit e[1] = {0};
int err = MP_OKAY;
if (*outLen < 384) {
@@ -9177,22 +9109,18 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 96 * 5, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 96 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- a = d;
- r = a + 96 * 2;
- m = r + 96 * 2;
- }
#endif
if (err == MP_OKAY) {
+ r = a + 96 * 2;
+ m = r + 96 * 2;
ah = a + 96;
sp_3072_from_bin(ah, 96, in, inLen);
@@ -9265,10 +9193,9 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
*outLen = 384;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
#endif
return err;
@@ -9338,8 +9265,12 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
#if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM)
- sp_digit* a = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[96 * 4];
+#endif
+ sp_digit* a = NULL;
sp_digit* m = NULL;
sp_digit* r = NULL;
int err = MP_OKAY;
@@ -9368,13 +9299,15 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 96 * 4, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL) {
+ if (d == NULL)
err = MEMORY_E;
- }
}
+#endif
+
if (err == MP_OKAY) {
a = d + 96;
m = a + 192;
@@ -9385,34 +9318,36 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
sp_3072_from_mp(m, 96, mm);
err = sp_3072_mod_exp_96(r, a, d, 3072, m, 0);
}
+
if (err == MP_OKAY) {
sp_3072_to_bin(r, out);
*outLen = 384;
}
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 96);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
+#endif
+ {
+ /* only "a" and "r" are sensitive and need zeroized (same pointer) */
+ if (a != NULL)
+ ForceZero(a, sizeof(sp_digit) * 96);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#endif
}
return err;
#else
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit a[96 * 2];
- sp_digit p[48];
- sp_digit q[48];
- sp_digit dp[48];
- sp_digit tmpa[96];
- sp_digit tmpb[96];
-#else
- sp_digit* t = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[48 * 11];
+#endif
sp_digit* p = NULL;
sp_digit* q = NULL;
sp_digit* dp = NULL;
sp_digit* tmpa = NULL;
sp_digit* tmpb = NULL;
-#endif
sp_digit* r = NULL;
sp_digit* qi = NULL;
sp_digit* dq = NULL;
@@ -9432,31 +9367,23 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 48 * 11, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 48 * 11, NULL,
DYNAMIC_TYPE_RSA);
- if (t == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
+#endif
+
if (err == MP_OKAY) {
- a = t;
p = a + 96 * 2;
q = p + 48;
qi = dq = dp = q + 48;
tmpa = qi + 48;
tmpb = tmpa + 96;
-
- r = t + 96;
- }
-#else
-#endif
-
- if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
r = a;
- qi = dq = dp;
-#endif
+
sp_3072_from_bin(a, 96, in, inLen);
sp_3072_from_mp(p, 48, pm);
sp_3072_from_mp(q, 48, qm);
@@ -9488,19 +9415,16 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 384;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_digit) * 48 * 11);
- XFREE(t, NULL, DYNAMIC_TYPE_RSA);
- }
-#else
- XMEMSET(tmpa, 0, sizeof(tmpa));
- XMEMSET(tmpb, 0, sizeof(tmpb));
- XMEMSET(p, 0, sizeof(p));
- XMEMSET(q, 0, sizeof(q));
- XMEMSET(dp, 0, sizeof(dp));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
#endif
-#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */
+ {
+ ForceZero(a, sizeof(sp_digit) * 48 * 11);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+ #endif
+ }
+#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */
return err;
}
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
@@ -10238,12 +10162,12 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits,
const sp_digit* m)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[289];
#endif
- sp_digit* norm;
- sp_digit* tmp;
+ sp_digit* norm = NULL;
+ sp_digit* tmp = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit o;
@@ -10256,18 +10180,13 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 289, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
tmp = td + 192;
-#else
- tmp = &td[192];
-#endif
sp_3072_mont_setup(m, &mp);
sp_3072_mont_norm_96(norm, m);
@@ -10338,9 +10257,8 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -12189,12 +12107,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[16 * 256];
#endif
sp_digit* t[16];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -12206,19 +12124,14 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 256), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<16; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 256;
-#else
- t[i] = &td[i * 256];
-#endif
}
sp_4096_mont_setup(m, &mp);
@@ -12314,9 +12227,8 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -12335,12 +12247,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
int bits, const sp_digit* m, int reduceA)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[32 * 256];
#endif
sp_digit* t[32];
- sp_digit* norm;
+ sp_digit* norm = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit mask;
@@ -12352,19 +12264,14 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 256), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
for (i=0; i<32; i++) {
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t[i] = td + i * 256;
-#else
- t[i] = &td[i * 256];
-#endif
}
sp_4096_mont_setup(m, &mp);
@@ -12477,9 +12384,8 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -12503,18 +12409,15 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e
int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
const mp_int* mm, byte* out, word32* outLen)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit a[256];
- sp_digit m[128];
- sp_digit r[256];
-#else
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[128 * 5];
+#endif
sp_digit* m = NULL;
sp_digit* r = NULL;
-#endif
sp_digit *ah = NULL;
- sp_digit e[1];
+ sp_digit e[1] = {0};
int err = MP_OKAY;
if (*outLen < 512) {
@@ -12528,22 +12431,18 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 128 * 5, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 128 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- a = d;
- r = a + 128 * 2;
- m = r + 128 * 2;
- }
#endif
if (err == MP_OKAY) {
+ r = a + 128 * 2;
+ m = r + 128 * 2;
ah = a + 128;
sp_4096_from_bin(ah, 128, in, inLen);
@@ -12616,10 +12515,9 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
*outLen = 512;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
#endif
return err;
@@ -12690,8 +12588,12 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
#if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM)
- sp_digit* a = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[128 * 4];
+#endif
+ sp_digit* a = NULL;
sp_digit* m = NULL;
sp_digit* r = NULL;
int err = MP_OKAY;
@@ -12720,13 +12622,15 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
}
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 128 * 4, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL) {
+ if (d == NULL)
err = MEMORY_E;
- }
}
+#endif
+
if (err == MP_OKAY) {
a = d + 128;
m = a + 256;
@@ -12737,34 +12641,36 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
sp_4096_from_mp(m, 128, mm);
err = sp_4096_mod_exp_128(r, a, d, 4096, m, 0);
}
+
if (err == MP_OKAY) {
sp_4096_to_bin(r, out);
*outLen = 512;
}
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 128);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
+#endif
+ {
+ /* only "a" and "r" are sensitive and need zeroized (same pointer) */
+ if (a != NULL)
+ ForceZero(a, sizeof(sp_digit) * 128);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#endif
}
return err;
#else
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit a[128 * 2];
- sp_digit p[64];
- sp_digit q[64];
- sp_digit dp[64];
- sp_digit tmpa[128];
- sp_digit tmpb[128];
-#else
- sp_digit* t = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* a = NULL;
+#else
+ sp_digit a[64 * 11];
+#endif
sp_digit* p = NULL;
sp_digit* q = NULL;
sp_digit* dp = NULL;
sp_digit* tmpa = NULL;
sp_digit* tmpb = NULL;
-#endif
sp_digit* r = NULL;
sp_digit* qi = NULL;
sp_digit* dq = NULL;
@@ -12784,31 +12690,23 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 11, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 11, NULL,
DYNAMIC_TYPE_RSA);
- if (t == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
+#endif
+
if (err == MP_OKAY) {
- a = t;
p = a + 128 * 2;
q = p + 64;
qi = dq = dp = q + 64;
tmpa = qi + 64;
tmpb = tmpa + 128;
-
- r = t + 128;
- }
-#else
-#endif
-
- if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
r = a;
- qi = dq = dp;
-#endif
+
sp_4096_from_bin(a, 128, in, inLen);
sp_4096_from_mp(p, 64, pm);
sp_4096_from_mp(q, 64, qm);
@@ -12840,19 +12738,16 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 512;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_digit) * 64 * 11);
- XFREE(t, NULL, DYNAMIC_TYPE_RSA);
- }
-#else
- XMEMSET(tmpa, 0, sizeof(tmpa));
- XMEMSET(tmpb, 0, sizeof(tmpb));
- XMEMSET(p, 0, sizeof(p));
- XMEMSET(q, 0, sizeof(q));
- XMEMSET(dp, 0, sizeof(dp));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
#endif
-#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */
+ {
+ ForceZero(a, sizeof(sp_digit) * 64 * 11);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+ #endif
+ }
+#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */
return err;
}
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
@@ -13786,12 +13681,12 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits,
const sp_digit* m)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* td;
+ sp_digit* td = NULL;
#else
sp_digit td[385];
#endif
- sp_digit* norm;
- sp_digit* tmp;
+ sp_digit* norm = NULL;
+ sp_digit* tmp = NULL;
sp_digit mp = 1;
sp_digit n;
sp_digit o;
@@ -13804,18 +13699,13 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits,
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 385, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
- if (td == NULL) {
+ if (td == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
norm = td;
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
tmp = td + 256;
-#else
- tmp = &td[256];
-#endif
sp_4096_mont_setup(m, &mp);
sp_4096_mont_norm_128(norm, m);
@@ -13886,9 +13776,8 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits,
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL) {
+ if (td != NULL)
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
#endif
return err;
@@ -15088,64 +14977,6 @@ SP_NOINLINE static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a,
}
#endif /* WOLFSSL_SP_SMALL */
-/* Create a new point.
- *
- * heap [in] Buffer to allocate dynamic memory from.
- * sp [in] Data for point - only if not allocating.
- * p [out] New point.
- * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise.
- */
-static int sp_256_point_new_ex_8(void* heap, sp_point_256* sp,
- sp_point_256** p)
-{
- int ret = MP_OKAY;
- (void)heap;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- (void)sp;
- *p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC);
-#else
- *p = sp;
-#endif
- if (*p == NULL) {
- ret = MEMORY_E;
- }
- return ret;
-}
-
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* Allocate memory for point and return error. */
-#define sp_256_point_new_8(heap, sp, p) sp_256_point_new_ex_8((heap), NULL, &(p))
-#else
-/* Set pointer to data and return no error. */
-#define sp_256_point_new_8(heap, sp, p) sp_256_point_new_ex_8((heap), &(sp), &(p))
-#endif
-
-
-/* Free the point.
- *
- * p [in,out] Point to free.
- * clear [in] Indicates whether to zeroize point.
- * heap [in] Buffer from which dynamic memory was allocate from.
- */
-static void sp_256_point_free_8(sp_point_256* p, int clear, void* heap)
-{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* If valid pointer then clear point data if requested and free data. */
- if (p != NULL) {
- if (clear != 0) {
- XMEMSET(p, 0, sizeof(*p));
- }
- XFREE(p, heap, DYNAMIC_TYPE_ECC);
- }
-#else
-/* Clear point data if requested. */
- if ((p != NULL) && (clear != 0)) {
- XMEMSET(p, 0, sizeof(*p));
- }
-#endif
- (void)heap;
-}
-
/* Multiply a number by Montogmery normalizer mod modulus (prime).
*
* r The resulting Montgomery form number.
@@ -18164,56 +17995,55 @@ static void sp_256_get_point_16_8(sp_point_256* r, const sp_point_256* table,
static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, const sp_digit* k,
int map, int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 td[16];
- sp_point_256 rtd;
- sp_digit tmpd[2 * 8 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* t = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_256 t[16 + 1];
+ sp_digit tmp[2 * 8 * 5];
+#endif
+ sp_point_256* rt = NULL;
#ifndef WC_NO_CACHE_RESISTANT
- sp_point_256 pd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* p = NULL;
+#else
+ sp_point_256 p[1];
#endif
-#endif
- sp_point_256* t;
- sp_point_256* rt;
-#ifndef WC_NO_CACHE_RESISTANT
- sp_point_256* p;
-#endif
- sp_digit* tmp;
+#endif /* !WC_NO_CACHE_RESISTANT */
sp_digit n;
int i;
int c;
int y;
- int err;
+ int err = MP_OKAY;
/* Constant time used for cache attack resistance implementation. */
(void)ct;
(void)heap;
- err = sp_256_point_new_8(heap, rtd, rt);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-#ifndef WC_NO_CACHE_RESISTANT
- t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 17, heap, DYNAMIC_TYPE_ECC);
-#else
- t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 16, heap, DYNAMIC_TYPE_ECC);
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 16 + 1,
+ heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
-#else
- t = td;
- tmp = tmpd;
+ #ifndef WC_NO_CACHE_RESISTANT
+ if (err == MP_OKAY) {
+ p = (sp_point_256*)XMALLOC(sizeof(sp_point_256),
+ heap, DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
+ #endif
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
if (err == MP_OKAY) {
-#ifndef WC_NO_CACHE_RESISTANT
- #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- p = t + 16;
- #else
- p = &pd;
- #endif
-#endif
+ rt = t + 16;
+
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
@@ -18301,20 +18131,35 @@ static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, cons
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
- XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 8 * 5);
- XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
- }
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_point_256) * 16);
- XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- ForceZero(tmpd, sizeof(tmpd));
- ForceZero(td, sizeof(td));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
#endif
- sp_256_point_free_8(rt, 1, heap);
+ {
+ ForceZero(tmp, sizeof(sp_digit) * 2 * 8 * 5);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#ifndef WC_NO_CACHE_RESISTANT
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (p != NULL)
+ #endif
+ {
+ ForceZero(p, sizeof(sp_point_256));
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(p, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#endif /* !WC_NO_CACHE_RESISTANT */
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+#endif
+ {
+ ForceZero(t, sizeof(sp_point_256) * 17);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -18538,29 +18383,30 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r, const sp_point_256* p,
static int sp_256_gen_stripe_table_8(const sp_point_256* a,
sp_table_entry_256* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 td;
- sp_point_256 s1d;
- sp_point_256 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* t = NULL;
+#else
+ sp_point_256 t[3];
#endif
- sp_point_256* t;
sp_point_256* s1 = NULL;
sp_point_256* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_256_point_new_8(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_256_mod_mul_norm_8(t->x, a->x, p256_mod);
}
if (err == MP_OKAY) {
@@ -18605,9 +18451,10 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a,
}
}
- sp_256_point_free_8(s2, 0, heap);
- sp_256_point_free_8(s1, 0, heap);
- sp_256_point_free_8( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -18683,19 +18530,19 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
const sp_table_entry_256* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 rtd;
- sp_point_256 pd;
- sp_digit td[2 * 8 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_256 rt[2];
+ sp_digit t[2 * 8 * 5];
#endif
- sp_point_256* rt;
sp_point_256* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -18703,21 +18550,22 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
(void)heap;
- err = sp_256_point_new_8(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod));
XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod));
@@ -18768,13 +18616,12 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(p, 0, heap);
- sp_256_point_free_8(rt, 0, heap);
return err;
}
@@ -18940,29 +18787,30 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g, const sp_
static int sp_256_gen_stripe_table_8(const sp_point_256* a,
sp_table_entry_256* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 td;
- sp_point_256 s1d;
- sp_point_256 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* t = NULL;
+#else
+ sp_point_256 t[3];
#endif
- sp_point_256* t;
sp_point_256* s1 = NULL;
sp_point_256* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_256_point_new_8(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_256_mod_mul_norm_8(t->x, a->x, p256_mod);
}
if (err == MP_OKAY) {
@@ -19007,9 +18855,10 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a,
}
}
- sp_256_point_free_8(s2, 0, heap);
- sp_256_point_free_8(s1, 0, heap);
- sp_256_point_free_8( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -19085,19 +18934,19 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
const sp_table_entry_256* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 rtd;
- sp_point_256 pd;
- sp_digit td[2 * 8 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_256 rt[2];
+ sp_digit t[2 * 8 * 5];
#endif
- sp_point_256* rt;
sp_point_256* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -19105,21 +18954,22 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
(void)heap;
- err = sp_256_point_new_8(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod));
XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod));
@@ -19170,13 +19020,12 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(p, 0, heap);
- sp_256_point_free_8(rt, 0, heap);
return err;
}
@@ -19340,25 +19189,28 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g, const sp_
int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[8];
-#endif
- sp_point_256* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[1];
+ sp_digit k[8];
+#endif
int err = MP_OKAY;
- err = sp_256_point_new_8(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_256_from_mp(k, 8, km);
sp_256_point_from_ecc_point_8(point, gm);
@@ -19369,12 +19221,12 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
err = sp_256_point_to_ecc_point_8(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(point, 0, heap);
return err;
}
@@ -19394,37 +19246,35 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
const ecc_point* am, int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_point_256 a;
- sp_digit kd[8];
- sp_digit t[8 * 2 * 5];
-#endif
- sp_point_256* point;
- sp_point_256* addP = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[2];
+ sp_digit k[8 + 8 * 2 * 5];
+#endif
+ sp_point_256* addP = NULL;
sp_digit* tmp = NULL;
int err = MP_OKAY;
- err = sp_256_point_new_8(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 + 8 * 2 * 5), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (8 + 8 * 2 * 5), heap,
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 8;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 8;
+
sp_256_from_mp(k, 8, km);
sp_256_point_from_ecc_point_8(point, gm);
sp_256_point_from_ecc_point_8(addP, am);
@@ -19451,13 +19301,12 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
err = sp_256_point_to_ecc_point_8(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(addP, 0, heap);
- sp_256_point_free_8(point, 0, heap);
return err;
}
@@ -20891,26 +20740,28 @@ static int sp_256_ecc_mulmod_base_8(sp_point_256* r, const sp_digit* k,
*/
int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[8];
-#endif
- sp_point_256* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[1];
+ sp_digit k[8];
+#endif
int err = MP_OKAY;
- err = sp_256_point_new_8(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_256_from_mp(k, 8, km);
@@ -20920,12 +20771,12 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
err = sp_256_point_to_ecc_point_8(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(point, 0, heap);
return err;
}
@@ -20944,37 +20795,35 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_point_256 a;
- sp_digit kd[8];
- sp_digit t[8 * 2 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
+ sp_digit* k = NULL;
+#else
+ sp_point_256 point[2];
+ sp_digit k[8 + 8 * 2 * 5];
#endif
- sp_point_256* point;
sp_point_256* addP = NULL;
sp_digit* tmp = NULL;
- sp_digit* k = NULL;
int err = MP_OKAY;
- err = sp_256_point_new_8(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 + 8 * 2 * 5), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (8 + 8 * 2 * 5),
+ heap, DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 8;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 8;
+
sp_256_from_mp(k, 8, km);
sp_256_point_from_ecc_point_8(addP, am);
}
@@ -21000,13 +20849,12 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
err = sp_256_point_to_ecc_point_8(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(addP, 0, heap);
- sp_256_point_free_8(point, 0, heap);
return err;
}
@@ -21137,41 +20985,46 @@ static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k)
*/
int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[8];
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_point_256 inf;
-#endif
-#endif
- sp_point_256* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ sp_point_256 point[2];
+ #else
+ sp_point_256 point[1];
+ #endif
+ sp_digit k[8];
+#endif
#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
sp_point_256* infinity = NULL;
#endif
- int err;
+ int err = MP_OKAY;
+
(void)heap;
- err = sp_256_point_new_8(heap, p, point);
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, inf, infinity);
- }
-#endif
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, DYNAMIC_TYPE_ECC);
+ #else
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC);
+ #endif
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ infinity = point + 1;
+ #endif
+
err = sp_256_ecc_gen_k_8(rng, k);
}
if (err == MP_OKAY) {
@@ -21196,15 +21049,14 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
err = sp_256_point_to_ecc_point_8(point, pub);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
+ if (point != NULL) {
+ /* point is not sensitive, so no need to zeroize */
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
}
#endif
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_256_point_free_8(infinity, 1, heap);
-#endif
- sp_256_point_free_8(point, 1, heap);
return err;
}
@@ -21265,30 +21117,32 @@ static void sp_256_to_bin(sp_digit* r, byte* a)
int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
word32* outLen, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[8];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[1];
+ sp_digit k[8];
+#endif
int err = MP_OKAY;
if (*outLen < 32U) {
err = BUFFER_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, p, point);
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
@@ -21301,12 +21155,12 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
*outLen = 32;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(point, 0, heap);
return err;
}
@@ -21877,13 +21731,10 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
hashLen = 32U;
}
- sp_256_from_bin(ctx->e, 8, hash, (int)hashLen);
-
ctx->i = SP_ECC_MAX_SIG_GEN;
ctx->state = 1;
break;
case 1: /* GEN */
- sp_256_from_mp(ctx->x, 8, priv);
/* New random point. */
if (km == NULL || mp_iszero(km)) {
err = sp_256_ecc_gen_k_8(rng, ctx->k);
@@ -21911,6 +21762,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
c = sp_256_cmp_8(ctx->r, p256_order);
sp_256_cond_sub_8(ctx->r, ctx->r, p256_order, 0L - (sp_digit)(c >= 0));
sp_256_norm_8(ctx->r);
+
+ sp_256_from_mp(ctx->x, 8, priv);
+ sp_256_from_bin(ctx->e, 8, hash, (int)hashLen);
ctx->state = 4;
break;
}
@@ -21967,6 +21821,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
ctx->state = 10;
break;
}
+ #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP
+ ctx->i = 1;
+ #endif
/* not usable gen, try again */
ctx->i--;
@@ -22002,22 +21859,17 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng,
const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit ed[2*8];
- sp_digit xd[2*8];
- sp_digit kd[2*8];
- sp_digit rd[2*8];
- sp_digit td[3 * 2*8];
- sp_point_256 p;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* e = NULL;
+ sp_point_256* point = NULL;
+#else
+ sp_digit e[7 * 2 * 8];
+ sp_point_256 point[1];
+#endif
sp_digit* x = NULL;
sp_digit* k = NULL;
sp_digit* r = NULL;
sp_digit* tmp = NULL;
- sp_point_256* point = NULL;
sp_digit* s = NULL;
int32_t c;
int err = MP_OKAY;
@@ -22025,31 +21877,26 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng,
(void)heap;
- err = sp_256_point_new_8(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 8, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 8, heap,
+ DYNAMIC_TYPE_ECC);
+ if (e == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- e = d + 0 * 8;
- x = d + 2 * 8;
- k = d + 4 * 8;
- r = d + 6 * 8;
- tmp = d + 8 * 8;
-#else
- e = ed;
- x = xd;
- k = kd;
- r = rd;
- tmp = td;
-#endif
+ x = e + 2 * 8;
+ k = e + 4 * 8;
+ r = e + 6 * 8;
+ tmp = e + 8 * 8;
s = e;
if (hashLen > 32U) {
@@ -22104,19 +21951,24 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng,
err = sp_256_to_mp(s, sm);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 8 * 8);
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 2U * 8U);
- XMEMSET(x, 0, sizeof(sp_digit) * 2U * 8U);
- XMEMSET(k, 0, sizeof(sp_digit) * 2U * 8U);
- XMEMSET(r, 0, sizeof(sp_digit) * 2U * 8U);
- XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 8U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (e != NULL)
#endif
- sp_256_point_free_8(point, 1, heap);
+ {
+ ForceZero(e, sizeof(sp_digit) * 7 * 2 * 8);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(e, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (point != NULL)
+#endif
+ {
+ ForceZero(point, sizeof(sp_point_256));
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -22536,7 +22388,7 @@ typedef struct sp_ecc_verify_256_ctx {
int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ,
- const mp_int* r, const mp_int* sm, int* res, void* heap)
+ const mp_int* rm, const mp_int* sm, int* res, void* heap)
{
int err = FP_WOULDBLOCK;
sp_ecc_verify_256_ctx* ctx = (sp_ecc_verify_256_ctx*)sp_ctx->data;
@@ -22551,7 +22403,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
}
sp_256_from_bin(ctx->u1, 8, hash, (int)hashLen);
- sp_256_from_mp(ctx->u2, 8, r);
+ sp_256_from_mp(ctx->u2, 8, rm);
sp_256_from_mp(ctx->s, 8, sm);
sp_256_from_mp(ctx->p2.x, 8, pX);
sp_256_from_mp(ctx->p2.y, 8, pY);
@@ -22609,57 +22461,33 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
if (err == MP_OKAY)
ctx->state = 9;
break;
- case 9: /* DBLPREP */
- if (sp_256_iszero_8(ctx->p1.z)) {
- if (sp_256_iszero_8(ctx->p1.x) && sp_256_iszero_8(ctx->p1.y)) {
- XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
- ctx->state = 10;
- break;
- }
- else {
- /* Y ordinate is not used from here - don't set. */
- int i;
- for (i=0; i<8; i++) {
- ctx->p1.x[i] = 0;
- }
- XMEMCPY(ctx->p1.z, p256_norm_mod, sizeof(p256_norm_mod));
- }
- }
- ctx->state = 11;
- break;
- case 10: /* DBL */
- err = sp_256_proj_point_dbl_8_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1,
- &ctx->p2, ctx->tmp);
- if (err == MP_OKAY) {
- ctx->state = 11;
- }
- break;
- case 11: /* MONT */
+ case 9: /* MONT */
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_256_from_mp(ctx->u2, 8, r);
+ sp_256_from_mp(ctx->u2, 8, rm);
err = sp_256_mod_mul_norm_8(ctx->u2, ctx->u2, p256_mod);
if (err == MP_OKAY)
- ctx->state = 12;
+ ctx->state = 10;
break;
- case 12: /* SQR */
+ case 10: /* SQR */
/* u1 = r.z'.z' mod prime */
sp_256_mont_sqr_8(ctx->p1.z, ctx->p1.z, p256_mod, p256_mp_mod);
- ctx->state = 13;
+ ctx->state = 11;
break;
- case 13: /* MUL */
+ case 11: /* MUL */
sp_256_mont_mul_8(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, p256_mp_mod);
- ctx->state = 14;
+ ctx->state = 12;
break;
- case 14: /* RES */
+ case 12: /* RES */
+ {
+ int32_t c = 0;
err = MP_OKAY; /* math okay, now check result */
*res = (int)(sp_256_cmp_8(ctx->p1.x, ctx->u1) == 0);
if (*res == 0) {
sp_digit carry;
- int32_t c;
/* Reload r and add order. */
- sp_256_from_mp(ctx->u2, 8, r);
+ sp_256_from_mp(ctx->u2, 8, rm);
carry = sp_256_add_8(ctx->u2, ctx->u2, p256_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -22667,22 +22495,23 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
/* Compare with mod and if greater or equal then not valid. */
c = sp_256_cmp_8(ctx->u2, p256_mod);
- if (c < 0) {
- /* Convert to Montogomery form */
- err = sp_256_mod_mul_norm_8(ctx->u2, ctx->u2, p256_mod);
- if (err == MP_OKAY) {
- /* u1 = (r + 1*order).z'.z' mod prime */
- sp_256_mont_mul_8(ctx->u1, ctx->u2, ctx->p1.z, p256_mod,
- p256_mp_mod);
- *res = (int)(sp_256_cmp_8(ctx->p1.x, ctx->u1) == 0);
- }
- }
+ }
+ }
+ if ((*res == 0) && (c < 0)) {
+ /* Convert to Montogomery form */
+ err = sp_256_mod_mul_norm_8(ctx->u2, ctx->u2, p256_mod);
+ if (err == MP_OKAY) {
+ /* u1 = (r + 1*order).z'.z' mod prime */
+ sp_256_mont_mul_8(ctx->u1, ctx->u2, ctx->p1.z, p256_mod,
+ p256_mp_mod);
+ *res = (int)(sp_256_cmp_8(ctx->p1.x, ctx->u1) == 0);
}
}
break;
}
+ } /* switch */
- if (err == MP_OKAY && ctx->state != 14) {
+ if (err == MP_OKAY && ctx->state != 12) {
err = FP_WOULDBLOCK;
}
@@ -22691,62 +22520,51 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
#endif /* WOLFSSL_SP_NONBLOCK */
int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
- const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm,
+ const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm,
int* res, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit u1d[2*8];
- sp_digit u2d[2*8];
- sp_digit sd[2*8];
- sp_digit tmpd[2*8 * 5];
- sp_point_256 p1d;
- sp_point_256 p2d;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* u1 = NULL;
+ sp_point_256* p1 = NULL;
+#else
+ sp_digit u1[16 * 8];
+ sp_point_256 p1[2];
+#endif
sp_digit* u2 = NULL;
sp_digit* s = NULL;
sp_digit* tmp = NULL;
- sp_point_256* p1;
sp_point_256* p2 = NULL;
sp_digit carry;
int32_t c = 0;
- int err;
+ int err = MP_OKAY;
- err = sp_256_point_new_8(heap, p1d, p1);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, p2d, p2);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 8, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ p1 = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (p1 == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 8, heap,
+ DYNAMIC_TYPE_ECC);
+ if (u1 == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- u1 = d + 0 * 8;
- u2 = d + 2 * 8;
- s = d + 4 * 8;
- tmp = d + 6 * 8;
-#else
- u1 = u1d;
- u2 = u2d;
- s = sd;
- tmp = tmpd;
-#endif
+ u2 = u1 + 2 * 8;
+ s = u1 + 4 * 8;
+ tmp = u1 + 6 * 8;
+ p2 = p1 + 1;
if (hashLen > 32U) {
hashLen = 32U;
}
sp_256_from_bin(u1, 8, hash, (int)hashLen);
- sp_256_from_mp(u2, 8, r);
+ sp_256_from_mp(u2, 8, rm);
sp_256_from_mp(s, 8, sm);
sp_256_from_mp(p2->x, 8, pX);
sp_256_from_mp(p2->y, 8, pY);
@@ -22757,7 +22575,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
if (err == MP_OKAY) {
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_256_from_mp(u2, 8, r);
+ sp_256_from_mp(u2, 8, rm);
err = sp_256_mod_mul_norm_8(u2, u2, p256_mod);
}
@@ -22768,7 +22586,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
*res = (int)(sp_256_cmp_8(p1->x, u1) == 0);
if (*res == 0) {
/* Reload r and add order. */
- sp_256_from_mp(u2, 8, r);
+ sp_256_from_mp(u2, 8, rm);
carry = sp_256_add_8(u2, u2, p256_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -22777,8 +22595,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
/* Compare with mod and if greater or equal then not valid. */
c = sp_256_cmp_8(u2, p256_mod);
}
- }
- if ((*res == 0) && (c < 0)) {
+ }
+ if ((*res == 0) && (c < 0)) {
/* Convert to Montogomery form */
err = sp_256_mod_mul_norm_8(u2, u2, p256_mod);
if (err == MP_OKAY) {
@@ -22790,12 +22608,12 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL)
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (u1 != NULL)
+ XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+ if (p1 != NULL)
+ XFREE(p1, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(p1, 0, heap);
- sp_256_point_free_8(p2, 0, heap);
return err;
}
@@ -22812,32 +22630,23 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
static int sp_256_ecc_is_point_8(const sp_point_256* point,
void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2*8];
- sp_digit t2d[2*8];
+ sp_digit t1[8 * 4];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8 * 4, heap, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8 * 4, heap, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)heap;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 8;
- t2 = d + 2 * 8;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 8;
sp_256_sqr_8(t1, point->y);
(void)sp_256_mod_8(t1, t1, p256_mod);
@@ -22857,10 +22666,9 @@ static int sp_256_ecc_is_point_8(const sp_point_256* point,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, heap, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -22875,14 +22683,21 @@ static int sp_256_ecc_is_point_8(const sp_point_256* point,
*/
int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 pubd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* pub = NULL;
+#else
+ sp_point_256 pub[1];
+#endif
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
#endif
- sp_point_256* pub;
- byte one[1] = { 1 };
- int err;
- err = sp_256_point_new_8(NULL, pubd, pub);
if (err == MP_OKAY) {
sp_256_from_mp(pub->x, 8, pX);
sp_256_from_mp(pub->y, 8, pY);
@@ -22891,7 +22706,10 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
err = sp_256_ecc_is_point_8(pub, NULL);
}
- sp_256_point_free_8(pub, 0, NULL);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -22910,45 +22728,45 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
const mp_int* privm, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit privd[8];
- sp_point_256 pubd;
- sp_point_256 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* priv = NULL;
- sp_point_256* pub;
- sp_point_256* p = NULL;
- byte one[1] = { 1 };
- int err;
-
- err = sp_256_point_new_8(heap, pubd, pub);
- if (err == MP_OKAY) {
- err = sp_256_point_new_8(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY && privm) {
- priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
- DYNAMIC_TYPE_ECC);
- if (priv == NULL) {
- err = MEMORY_E;
- }
- }
+ sp_point_256* pub = NULL;
+#else
+ sp_digit priv[8];
+ sp_point_256 pub[2];
#endif
+ sp_point_256* p = NULL;
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
/* Quick check the lengs of public key ordinates and private key are in
* range. Proper check later.
*/
- if ((err == MP_OKAY) && ((mp_count_bits(pX) > 256) ||
+ if (((mp_count_bits(pX) > 256) ||
(mp_count_bits(pY) > 256) ||
((privm != NULL) && (mp_count_bits(privm) > 256)))) {
err = ECC_OUT_OF_RANGE_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- priv = privd;
+ pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY && privm) {
+ priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap,
+ DYNAMIC_TYPE_ECC);
+ if (priv == NULL)
+ err = MEMORY_E;
+ }
#endif
+ if (err == MP_OKAY) {
+ p = pub + 1;
+
sp_256_from_mp(pub->x, 8, pX);
sp_256_from_mp(pub->y, 8, pY);
sp_256_from_bin(pub->z, 8, one, (int)sizeof(one));
@@ -22997,13 +22815,12 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (priv != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+ if (priv != NULL)
XFREE(priv, heap, DYNAMIC_TYPE_ECC);
- }
#endif
- sp_256_point_free_8(p, 0, heap);
- sp_256_point_free_8(pub, 0, heap);
return err;
}
@@ -23027,33 +22844,35 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* qX, mp_int* qY, mp_int* qZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 8 * 5];
- sp_point_256 pd;
- sp_point_256 qd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_256* p;
+ sp_point_256* p = NULL;
+#else
+ sp_digit tmp[2 * 8 * 5];
+ sp_point_256 p[2];
+#endif
sp_point_256* q = NULL;
int err;
- err = sp_256_point_new_8(NULL, pd, p);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_256_point_new_8(NULL, qd, q);
+ p = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, NULL,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (tmp == NULL) {
err = MEMORY_E;
}
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
+ q = p + 1;
+
sp_256_from_mp(p->x, 8, pX);
sp_256_from_mp(p->y, 8, pY);
sp_256_from_mp(p->z, 8, pZ);
@@ -23074,13 +22893,12 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_256_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(q, 0, NULL);
- sp_256_point_free_8(p, 0, NULL);
return err;
}
@@ -23099,25 +22917,28 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 8 * 2];
- sp_point_256 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_256* p;
- int err;
+ sp_point_256* p = NULL;
+#else
+ sp_digit tmp[2 * 8 * 2];
+ sp_point_256 p[1];
+#endif
+ int err = MP_OKAY;
- err = sp_256_point_new_8(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 2, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
@@ -23138,12 +22959,12 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_256_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(p, 0, NULL);
return err;
}
@@ -23158,25 +22979,29 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
*/
int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 8 * 4];
- sp_point_256 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_256* p;
- int err;
+ sp_point_256* p = NULL;
+#else
+ sp_digit tmp[2 * 8 * 4];
+ sp_point_256 p[1];
+#endif
+ int err = MP_OKAY;
- err = sp_256_point_new_8(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 4, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
sp_256_from_mp(p->x, 8, pX);
@@ -23196,12 +23021,12 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
err = sp_256_to_mp(p->z, pZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_8(p, 0, NULL);
return err;
}
@@ -23214,31 +23039,23 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
*/
static int sp_256_mont_sqrt_8(sp_digit* y)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2 * 8];
- sp_digit t2d[2 * 8];
+ sp_digit t1[4 * 8];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL) {
err = MEMORY_E;
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 8;
- t2 = d + 2 * 8;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 8;
{
/* t2 = y ^ 0x2 */
@@ -23273,10 +23090,9 @@ static int sp_256_mont_sqrt_8(sp_digit* y)
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -23292,31 +23108,22 @@ static int sp_256_mont_sqrt_8(sp_digit* y)
*/
int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
-#else
- sp_digit xd[2 * 8];
- sp_digit yd[2 * 8];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* x = NULL;
+#else
+ sp_digit x[4 * 8];
+#endif
sp_digit* y = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC);
+ if (x == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- x = d + 0 * 8;
- y = d + 2 * 8;
-#else
- x = xd;
- y = yd;
-#endif
+ y = x + 2 * 8;
sp_256_from_mp(x, 8, xm);
err = sp_256_mod_mul_norm_8(x, x, p256_mod);
@@ -23349,10 +23156,9 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
err = sp_256_to_mp(y, ym);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (x != NULL)
+ XFREE(x, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -23855,64 +23661,6 @@ SP_NOINLINE static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a,
}
#endif /* WOLFSSL_SP_SMALL */
-/* Create a new point.
- *
- * heap [in] Buffer to allocate dynamic memory from.
- * sp [in] Data for point - only if not allocating.
- * p [out] New point.
- * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise.
- */
-static int sp_384_point_new_ex_12(void* heap, sp_point_384* sp,
- sp_point_384** p)
-{
- int ret = MP_OKAY;
- (void)heap;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- (void)sp;
- *p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC);
-#else
- *p = sp;
-#endif
- if (*p == NULL) {
- ret = MEMORY_E;
- }
- return ret;
-}
-
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* Allocate memory for point and return error. */
-#define sp_384_point_new_12(heap, sp, p) sp_384_point_new_ex_12((heap), NULL, &(p))
-#else
-/* Set pointer to data and return no error. */
-#define sp_384_point_new_12(heap, sp, p) sp_384_point_new_ex_12((heap), &(sp), &(p))
-#endif
-
-
-/* Free the point.
- *
- * p [in,out] Point to free.
- * clear [in] Indicates whether to zeroize point.
- * heap [in] Buffer from which dynamic memory was allocate from.
- */
-static void sp_384_point_free_12(sp_point_384* p, int clear, void* heap)
-{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* If valid pointer then clear point data if requested and free data. */
- if (p != NULL) {
- if (clear != 0) {
- XMEMSET(p, 0, sizeof(*p));
- }
- XFREE(p, heap, DYNAMIC_TYPE_ECC);
- }
-#else
-/* Clear point data if requested. */
- if ((p != NULL) && (clear != 0)) {
- XMEMSET(p, 0, sizeof(*p));
- }
-#endif
- (void)heap;
-}
-
/* Multiply a number by Montogmery normalizer mod modulus (prime).
*
* r The resulting Montgomery form number.
@@ -23922,8 +23670,8 @@ static void sp_384_point_free_12(sp_point_384* p, int clear, void* heap)
*/
static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- int64_t* t;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ int64_t* t = NULL;
#else
int64_t t[12];
#endif
@@ -23932,7 +23680,7 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
t = (int64_t*)XMALLOC(sizeof(int64_t) * 12, NULL, DYNAMIC_TYPE_ECC);
if (t == NULL) {
err = MEMORY_E;
@@ -24007,7 +23755,7 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit
r[11] = t[11];
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (t != NULL)
XFREE(t, NULL, DYNAMIC_TYPE_ECC);
#endif
@@ -25380,56 +25128,55 @@ static void sp_384_get_point_16_12(sp_point_384* r, const sp_point_384* table,
static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, const sp_digit* k,
int map, int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 td[16];
- sp_point_384 rtd;
- sp_digit tmpd[2 * 12 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* t = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_384 t[16 + 1];
+ sp_digit tmp[2 * 12 * 6];
+#endif
+ sp_point_384* rt = NULL;
#ifndef WC_NO_CACHE_RESISTANT
- sp_point_384 pd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* p = NULL;
+#else
+ sp_point_384 p[1];
#endif
-#endif
- sp_point_384* t;
- sp_point_384* rt;
-#ifndef WC_NO_CACHE_RESISTANT
- sp_point_384* p;
-#endif
- sp_digit* tmp;
+#endif /* !WC_NO_CACHE_RESISTANT */
sp_digit n;
int i;
int c;
int y;
- int err;
+ int err = MP_OKAY;
/* Constant time used for cache attack resistance implementation. */
(void)ct;
(void)heap;
- err = sp_384_point_new_12(heap, rtd, rt);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-#ifndef WC_NO_CACHE_RESISTANT
- t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 17, heap, DYNAMIC_TYPE_ECC);
-#else
- t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 16, heap, DYNAMIC_TYPE_ECC);
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 16 + 1,
+ heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
-#else
- t = td;
- tmp = tmpd;
+ #ifndef WC_NO_CACHE_RESISTANT
+ if (err == MP_OKAY) {
+ p = (sp_point_384*)XMALLOC(sizeof(sp_point_384),
+ heap, DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
+ #endif
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap,
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
if (err == MP_OKAY) {
-#ifndef WC_NO_CACHE_RESISTANT
- #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- p = t + 16;
- #else
- p = &pd;
- #endif
-#endif
+ rt = t + 16;
+
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
@@ -25517,20 +25264,35 @@ static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, con
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
- XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 12 * 6);
- XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
- }
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_point_384) * 16);
- XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- ForceZero(tmpd, sizeof(tmpd));
- ForceZero(td, sizeof(td));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
#endif
- sp_384_point_free_12(rt, 1, heap);
+ {
+ ForceZero(tmp, sizeof(sp_digit) * 2 * 12 * 6);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#ifndef WC_NO_CACHE_RESISTANT
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (p != NULL)
+ #endif
+ {
+ ForceZero(p, sizeof(sp_point_384));
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(p, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#endif /* !WC_NO_CACHE_RESISTANT */
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+#endif
+ {
+ ForceZero(t, sizeof(sp_point_384) * 17);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -25754,29 +25516,30 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r, const sp_point_384* p,
static int sp_384_gen_stripe_table_12(const sp_point_384* a,
sp_table_entry_384* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 td;
- sp_point_384 s1d;
- sp_point_384 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* t = NULL;
+#else
+ sp_point_384 t[3];
#endif
- sp_point_384* t;
sp_point_384* s1 = NULL;
sp_point_384* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_384_point_new_12(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_384_mod_mul_norm_12(t->x, a->x, p384_mod);
}
if (err == MP_OKAY) {
@@ -25821,9 +25584,10 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a,
}
}
- sp_384_point_free_12(s2, 0, heap);
- sp_384_point_free_12(s1, 0, heap);
- sp_384_point_free_12( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -25915,19 +25679,19 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
const sp_table_entry_384* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 rtd;
- sp_point_384 pd;
- sp_digit td[2 * 12 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_384 rt[2];
+ sp_digit t[2 * 12 * 6];
#endif
- sp_point_384* rt;
sp_point_384* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -25935,21 +25699,22 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
(void)heap;
- err = sp_384_point_new_12(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p384_norm_mod, sizeof(p384_norm_mod));
XMEMCPY(rt->z, p384_norm_mod, sizeof(p384_norm_mod));
@@ -26000,13 +25765,12 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(p, 0, heap);
- sp_384_point_free_12(rt, 0, heap);
return err;
}
@@ -26172,29 +25936,30 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g, const sp
static int sp_384_gen_stripe_table_12(const sp_point_384* a,
sp_table_entry_384* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 td;
- sp_point_384 s1d;
- sp_point_384 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* t = NULL;
+#else
+ sp_point_384 t[3];
#endif
- sp_point_384* t;
sp_point_384* s1 = NULL;
sp_point_384* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_384_point_new_12(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_384_mod_mul_norm_12(t->x, a->x, p384_mod);
}
if (err == MP_OKAY) {
@@ -26239,9 +26004,10 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a,
}
}
- sp_384_point_free_12(s2, 0, heap);
- sp_384_point_free_12(s1, 0, heap);
- sp_384_point_free_12( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -26333,19 +26099,19 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
const sp_table_entry_384* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 rtd;
- sp_point_384 pd;
- sp_digit td[2 * 12 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_384 rt[2];
+ sp_digit t[2 * 12 * 6];
#endif
- sp_point_384* rt;
sp_point_384* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -26353,21 +26119,22 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
(void)heap;
- err = sp_384_point_new_12(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p384_norm_mod, sizeof(p384_norm_mod));
XMEMCPY(rt->z, p384_norm_mod, sizeof(p384_norm_mod));
@@ -26418,13 +26185,12 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(p, 0, heap);
- sp_384_point_free_12(rt, 0, heap);
return err;
}
@@ -26588,25 +26354,28 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g, const sp
int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[12];
-#endif
- sp_point_384* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[1];
+ sp_digit k[12];
+#endif
int err = MP_OKAY;
- err = sp_384_point_new_12(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_384_from_mp(k, 12, km);
sp_384_point_from_ecc_point_12(point, gm);
@@ -26617,12 +26386,12 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
err = sp_384_point_to_ecc_point_12(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(point, 0, heap);
return err;
}
@@ -26642,37 +26411,35 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
const ecc_point* am, int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_point_384 a;
- sp_digit kd[12];
- sp_digit t[12 * 2 * 6];
-#endif
- sp_point_384* point;
- sp_point_384* addP = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[2];
+ sp_digit k[12 + 12 * 2 * 6];
+#endif
+ sp_point_384* addP = NULL;
sp_digit* tmp = NULL;
int err = MP_OKAY;
- err = sp_384_point_new_12(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (12 + 12 * 2 * 6), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (12 + 12 * 2 * 6), heap,
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 12;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 12;
+
sp_384_from_mp(k, 12, km);
sp_384_point_from_ecc_point_12(point, gm);
sp_384_point_from_ecc_point_12(addP, am);
@@ -26699,13 +26466,12 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
err = sp_384_point_to_ecc_point_12(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(addP, 0, heap);
- sp_384_point_free_12(point, 0, heap);
return err;
}
@@ -28139,26 +27905,28 @@ static int sp_384_ecc_mulmod_base_12(sp_point_384* r, const sp_digit* k,
*/
int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[12];
-#endif
- sp_point_384* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[1];
+ sp_digit k[12];
+#endif
int err = MP_OKAY;
- err = sp_384_point_new_12(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_384_from_mp(k, 12, km);
@@ -28168,12 +27936,12 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
err = sp_384_point_to_ecc_point_12(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(point, 0, heap);
return err;
}
@@ -28192,37 +27960,35 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_point_384 a;
- sp_digit kd[12];
- sp_digit t[12 * 2 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
+ sp_digit* k = NULL;
+#else
+ sp_point_384 point[2];
+ sp_digit k[12 + 12 * 2 * 6];
#endif
- sp_point_384* point;
sp_point_384* addP = NULL;
sp_digit* tmp = NULL;
- sp_digit* k = NULL;
int err = MP_OKAY;
- err = sp_384_point_new_12(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (12 + 12 * 2 * 6), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (12 + 12 * 2 * 6),
+ heap, DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 12;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 12;
+
sp_384_from_mp(k, 12, km);
sp_384_point_from_ecc_point_12(addP, am);
}
@@ -28248,13 +28014,12 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
err = sp_384_point_to_ecc_point_12(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(addP, 0, heap);
- sp_384_point_free_12(point, 0, heap);
return err;
}
@@ -28398,41 +28163,46 @@ static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k)
*/
int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[12];
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_point_384 inf;
-#endif
-#endif
- sp_point_384* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ sp_point_384 point[2];
+ #else
+ sp_point_384 point[1];
+ #endif
+ sp_digit k[12];
+#endif
#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
sp_point_384* infinity = NULL;
#endif
- int err;
+ int err = MP_OKAY;
+
(void)heap;
- err = sp_384_point_new_12(heap, p, point);
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, inf, infinity);
- }
-#endif
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, DYNAMIC_TYPE_ECC);
+ #else
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC);
+ #endif
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ infinity = point + 1;
+ #endif
+
err = sp_384_ecc_gen_k_12(rng, k);
}
if (err == MP_OKAY) {
@@ -28457,15 +28227,14 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
err = sp_384_point_to_ecc_point_12(point, pub);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
+ if (point != NULL) {
+ /* point is not sensitive, so no need to zeroize */
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
}
#endif
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_384_point_free_12(infinity, 1, heap);
-#endif
- sp_384_point_free_12(point, 1, heap);
return err;
}
@@ -28526,30 +28295,32 @@ static void sp_384_to_bin(sp_digit* r, byte* a)
int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
word32* outLen, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[12];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[1];
+ sp_digit k[12];
+#endif
int err = MP_OKAY;
if (*outLen < 48U) {
err = BUFFER_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, p, point);
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
@@ -28562,12 +28333,12 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
*outLen = 48;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(point, 0, heap);
return err;
}
@@ -29123,13 +28894,10 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
hashLen = 48U;
}
- sp_384_from_bin(ctx->e, 12, hash, (int)hashLen);
-
ctx->i = SP_ECC_MAX_SIG_GEN;
ctx->state = 1;
break;
case 1: /* GEN */
- sp_384_from_mp(ctx->x, 12, priv);
/* New random point. */
if (km == NULL || mp_iszero(km)) {
err = sp_384_ecc_gen_k_12(rng, ctx->k);
@@ -29157,6 +28925,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
c = sp_384_cmp_12(ctx->r, p384_order);
sp_384_cond_sub_12(ctx->r, ctx->r, p384_order, 0L - (sp_digit)(c >= 0));
sp_384_norm_12(ctx->r);
+
+ sp_384_from_mp(ctx->x, 12, priv);
+ sp_384_from_bin(ctx->e, 12, hash, (int)hashLen);
ctx->state = 4;
break;
}
@@ -29213,6 +28984,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
ctx->state = 10;
break;
}
+ #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP
+ ctx->i = 1;
+ #endif
/* not usable gen, try again */
ctx->i--;
@@ -29248,22 +29022,17 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng,
const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit ed[2*12];
- sp_digit xd[2*12];
- sp_digit kd[2*12];
- sp_digit rd[2*12];
- sp_digit td[3 * 2*12];
- sp_point_384 p;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* e = NULL;
+ sp_point_384* point = NULL;
+#else
+ sp_digit e[7 * 2 * 12];
+ sp_point_384 point[1];
+#endif
sp_digit* x = NULL;
sp_digit* k = NULL;
sp_digit* r = NULL;
sp_digit* tmp = NULL;
- sp_point_384* point = NULL;
sp_digit* s = NULL;
int32_t c;
int err = MP_OKAY;
@@ -29271,31 +29040,26 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng,
(void)heap;
- err = sp_384_point_new_12(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 12, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 12, heap,
+ DYNAMIC_TYPE_ECC);
+ if (e == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- e = d + 0 * 12;
- x = d + 2 * 12;
- k = d + 4 * 12;
- r = d + 6 * 12;
- tmp = d + 8 * 12;
-#else
- e = ed;
- x = xd;
- k = kd;
- r = rd;
- tmp = td;
-#endif
+ x = e + 2 * 12;
+ k = e + 4 * 12;
+ r = e + 6 * 12;
+ tmp = e + 8 * 12;
s = e;
if (hashLen > 48U) {
@@ -29350,19 +29114,24 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng,
err = sp_384_to_mp(s, sm);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 8 * 12);
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 2U * 12U);
- XMEMSET(x, 0, sizeof(sp_digit) * 2U * 12U);
- XMEMSET(k, 0, sizeof(sp_digit) * 2U * 12U);
- XMEMSET(r, 0, sizeof(sp_digit) * 2U * 12U);
- XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 12U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (e != NULL)
#endif
- sp_384_point_free_12(point, 1, heap);
+ {
+ ForceZero(e, sizeof(sp_digit) * 7 * 2 * 12);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(e, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (point != NULL)
+#endif
+ {
+ ForceZero(point, sizeof(sp_point_384));
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -29830,7 +29599,7 @@ typedef struct sp_ecc_verify_384_ctx {
int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ,
- const mp_int* r, const mp_int* sm, int* res, void* heap)
+ const mp_int* rm, const mp_int* sm, int* res, void* heap)
{
int err = FP_WOULDBLOCK;
sp_ecc_verify_384_ctx* ctx = (sp_ecc_verify_384_ctx*)sp_ctx->data;
@@ -29845,7 +29614,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
}
sp_384_from_bin(ctx->u1, 12, hash, (int)hashLen);
- sp_384_from_mp(ctx->u2, 12, r);
+ sp_384_from_mp(ctx->u2, 12, rm);
sp_384_from_mp(ctx->s, 12, sm);
sp_384_from_mp(ctx->p2.x, 12, pX);
sp_384_from_mp(ctx->p2.y, 12, pY);
@@ -29903,57 +29672,33 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
if (err == MP_OKAY)
ctx->state = 9;
break;
- case 9: /* DBLPREP */
- if (sp_384_iszero_12(ctx->p1.z)) {
- if (sp_384_iszero_12(ctx->p1.x) && sp_384_iszero_12(ctx->p1.y)) {
- XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
- ctx->state = 10;
- break;
- }
- else {
- /* Y ordinate is not used from here - don't set. */
- int i;
- for (i=0; i<12; i++) {
- ctx->p1.x[i] = 0;
- }
- XMEMCPY(ctx->p1.z, p384_norm_mod, sizeof(p384_norm_mod));
- }
- }
- ctx->state = 11;
- break;
- case 10: /* DBL */
- err = sp_384_proj_point_dbl_12_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1,
- &ctx->p2, ctx->tmp);
- if (err == MP_OKAY) {
- ctx->state = 11;
- }
- break;
- case 11: /* MONT */
+ case 9: /* MONT */
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_384_from_mp(ctx->u2, 12, r);
+ sp_384_from_mp(ctx->u2, 12, rm);
err = sp_384_mod_mul_norm_12(ctx->u2, ctx->u2, p384_mod);
if (err == MP_OKAY)
- ctx->state = 12;
+ ctx->state = 10;
break;
- case 12: /* SQR */
+ case 10: /* SQR */
/* u1 = r.z'.z' mod prime */
sp_384_mont_sqr_12(ctx->p1.z, ctx->p1.z, p384_mod, p384_mp_mod);
- ctx->state = 13;
+ ctx->state = 11;
break;
- case 13: /* MUL */
+ case 11: /* MUL */
sp_384_mont_mul_12(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, p384_mp_mod);
- ctx->state = 14;
+ ctx->state = 12;
break;
- case 14: /* RES */
+ case 12: /* RES */
+ {
+ int32_t c = 0;
err = MP_OKAY; /* math okay, now check result */
*res = (int)(sp_384_cmp_12(ctx->p1.x, ctx->u1) == 0);
if (*res == 0) {
sp_digit carry;
- int32_t c;
/* Reload r and add order. */
- sp_384_from_mp(ctx->u2, 12, r);
+ sp_384_from_mp(ctx->u2, 12, rm);
carry = sp_384_add_12(ctx->u2, ctx->u2, p384_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -29961,22 +29706,23 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
/* Compare with mod and if greater or equal then not valid. */
c = sp_384_cmp_12(ctx->u2, p384_mod);
- if (c < 0) {
- /* Convert to Montogomery form */
- err = sp_384_mod_mul_norm_12(ctx->u2, ctx->u2, p384_mod);
- if (err == MP_OKAY) {
- /* u1 = (r + 1*order).z'.z' mod prime */
- sp_384_mont_mul_12(ctx->u1, ctx->u2, ctx->p1.z, p384_mod,
- p384_mp_mod);
- *res = (int)(sp_384_cmp_12(ctx->p1.x, ctx->u1) == 0);
- }
- }
+ }
+ }
+ if ((*res == 0) && (c < 0)) {
+ /* Convert to Montogomery form */
+ err = sp_384_mod_mul_norm_12(ctx->u2, ctx->u2, p384_mod);
+ if (err == MP_OKAY) {
+ /* u1 = (r + 1*order).z'.z' mod prime */
+ sp_384_mont_mul_12(ctx->u1, ctx->u2, ctx->p1.z, p384_mod,
+ p384_mp_mod);
+ *res = (int)(sp_384_cmp_12(ctx->p1.x, ctx->u1) == 0);
}
}
break;
}
+ } /* switch */
- if (err == MP_OKAY && ctx->state != 14) {
+ if (err == MP_OKAY && ctx->state != 12) {
err = FP_WOULDBLOCK;
}
@@ -29985,62 +29731,51 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
#endif /* WOLFSSL_SP_NONBLOCK */
int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
- const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm,
+ const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm,
int* res, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit u1d[2*12];
- sp_digit u2d[2*12];
- sp_digit sd[2*12];
- sp_digit tmpd[2*12 * 5];
- sp_point_384 p1d;
- sp_point_384 p2d;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* u1 = NULL;
+ sp_point_384* p1 = NULL;
+#else
+ sp_digit u1[16 * 12];
+ sp_point_384 p1[2];
+#endif
sp_digit* u2 = NULL;
sp_digit* s = NULL;
sp_digit* tmp = NULL;
- sp_point_384* p1;
sp_point_384* p2 = NULL;
sp_digit carry;
int32_t c = 0;
- int err;
+ int err = MP_OKAY;
- err = sp_384_point_new_12(heap, p1d, p1);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, p2d, p2);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 12, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ p1 = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (p1 == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 12, heap,
+ DYNAMIC_TYPE_ECC);
+ if (u1 == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- u1 = d + 0 * 12;
- u2 = d + 2 * 12;
- s = d + 4 * 12;
- tmp = d + 6 * 12;
-#else
- u1 = u1d;
- u2 = u2d;
- s = sd;
- tmp = tmpd;
-#endif
+ u2 = u1 + 2 * 12;
+ s = u1 + 4 * 12;
+ tmp = u1 + 6 * 12;
+ p2 = p1 + 1;
if (hashLen > 48U) {
hashLen = 48U;
}
sp_384_from_bin(u1, 12, hash, (int)hashLen);
- sp_384_from_mp(u2, 12, r);
+ sp_384_from_mp(u2, 12, rm);
sp_384_from_mp(s, 12, sm);
sp_384_from_mp(p2->x, 12, pX);
sp_384_from_mp(p2->y, 12, pY);
@@ -30051,7 +29786,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
if (err == MP_OKAY) {
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_384_from_mp(u2, 12, r);
+ sp_384_from_mp(u2, 12, rm);
err = sp_384_mod_mul_norm_12(u2, u2, p384_mod);
}
@@ -30062,7 +29797,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
*res = (int)(sp_384_cmp_12(p1->x, u1) == 0);
if (*res == 0) {
/* Reload r and add order. */
- sp_384_from_mp(u2, 12, r);
+ sp_384_from_mp(u2, 12, rm);
carry = sp_384_add_12(u2, u2, p384_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -30071,8 +29806,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
/* Compare with mod and if greater or equal then not valid. */
c = sp_384_cmp_12(u2, p384_mod);
}
- }
- if ((*res == 0) && (c < 0)) {
+ }
+ if ((*res == 0) && (c < 0)) {
/* Convert to Montogomery form */
err = sp_384_mod_mul_norm_12(u2, u2, p384_mod);
if (err == MP_OKAY) {
@@ -30084,12 +29819,12 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL)
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (u1 != NULL)
+ XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+ if (p1 != NULL)
+ XFREE(p1, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(p1, 0, heap);
- sp_384_point_free_12(p2, 0, heap);
return err;
}
@@ -30106,32 +29841,23 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
static int sp_384_ecc_is_point_12(const sp_point_384* point,
void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2*12];
- sp_digit t2d[2*12];
+ sp_digit t1[12 * 4];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12 * 4, heap, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12 * 4, heap, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)heap;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 12;
- t2 = d + 2 * 12;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 12;
sp_384_sqr_12(t1, point->y);
(void)sp_384_mod_12(t1, t1, p384_mod);
@@ -30151,10 +29877,9 @@ static int sp_384_ecc_is_point_12(const sp_point_384* point,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, heap, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -30169,14 +29894,21 @@ static int sp_384_ecc_is_point_12(const sp_point_384* point,
*/
int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 pubd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* pub = NULL;
+#else
+ sp_point_384 pub[1];
+#endif
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
#endif
- sp_point_384* pub;
- byte one[1] = { 1 };
- int err;
- err = sp_384_point_new_12(NULL, pubd, pub);
if (err == MP_OKAY) {
sp_384_from_mp(pub->x, 12, pX);
sp_384_from_mp(pub->y, 12, pY);
@@ -30185,7 +29917,10 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
err = sp_384_ecc_is_point_12(pub, NULL);
}
- sp_384_point_free_12(pub, 0, NULL);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -30204,45 +29939,45 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
const mp_int* privm, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit privd[12];
- sp_point_384 pubd;
- sp_point_384 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* priv = NULL;
- sp_point_384* pub;
- sp_point_384* p = NULL;
- byte one[1] = { 1 };
- int err;
-
- err = sp_384_point_new_12(heap, pubd, pub);
- if (err == MP_OKAY) {
- err = sp_384_point_new_12(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY && privm) {
- priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap,
- DYNAMIC_TYPE_ECC);
- if (priv == NULL) {
- err = MEMORY_E;
- }
- }
+ sp_point_384* pub = NULL;
+#else
+ sp_digit priv[12];
+ sp_point_384 pub[2];
#endif
+ sp_point_384* p = NULL;
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
/* Quick check the lengs of public key ordinates and private key are in
* range. Proper check later.
*/
- if ((err == MP_OKAY) && ((mp_count_bits(pX) > 384) ||
+ if (((mp_count_bits(pX) > 384) ||
(mp_count_bits(pY) > 384) ||
((privm != NULL) && (mp_count_bits(privm) > 384)))) {
err = ECC_OUT_OF_RANGE_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- priv = privd;
+ pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY && privm) {
+ priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap,
+ DYNAMIC_TYPE_ECC);
+ if (priv == NULL)
+ err = MEMORY_E;
+ }
#endif
+ if (err == MP_OKAY) {
+ p = pub + 1;
+
sp_384_from_mp(pub->x, 12, pX);
sp_384_from_mp(pub->y, 12, pY);
sp_384_from_bin(pub->z, 12, one, (int)sizeof(one));
@@ -30291,13 +30026,12 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (priv != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+ if (priv != NULL)
XFREE(priv, heap, DYNAMIC_TYPE_ECC);
- }
#endif
- sp_384_point_free_12(p, 0, heap);
- sp_384_point_free_12(pub, 0, heap);
return err;
}
@@ -30321,33 +30055,35 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* qX, mp_int* qY, mp_int* qZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 12 * 5];
- sp_point_384 pd;
- sp_point_384 qd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_384* p;
+ sp_point_384* p = NULL;
+#else
+ sp_digit tmp[2 * 12 * 5];
+ sp_point_384 p[2];
+#endif
sp_point_384* q = NULL;
int err;
- err = sp_384_point_new_12(NULL, pd, p);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_384_point_new_12(NULL, qd, q);
+ p = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 5, NULL,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (tmp == NULL) {
err = MEMORY_E;
}
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
+ q = p + 1;
+
sp_384_from_mp(p->x, 12, pX);
sp_384_from_mp(p->y, 12, pY);
sp_384_from_mp(p->z, 12, pZ);
@@ -30368,13 +30104,12 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_384_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(q, 0, NULL);
- sp_384_point_free_12(p, 0, NULL);
return err;
}
@@ -30393,25 +30128,28 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 12 * 2];
- sp_point_384 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_384* p;
- int err;
+ sp_point_384* p = NULL;
+#else
+ sp_digit tmp[2 * 12 * 2];
+ sp_point_384 p[1];
+#endif
+ int err = MP_OKAY;
- err = sp_384_point_new_12(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 2, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
@@ -30432,12 +30170,12 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_384_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(p, 0, NULL);
return err;
}
@@ -30452,25 +30190,29 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
*/
int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 12 * 6];
- sp_point_384 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_384* p;
- int err;
+ sp_point_384* p = NULL;
+#else
+ sp_digit tmp[2 * 12 * 6];
+ sp_point_384 p[1];
+#endif
+ int err = MP_OKAY;
- err = sp_384_point_new_12(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
sp_384_from_mp(p->x, 12, pX);
@@ -30490,12 +30232,12 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
err = sp_384_to_mp(p->z, pZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_12(p, 0, NULL);
return err;
}
@@ -30508,43 +30250,28 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
*/
static int sp_384_mont_sqrt_12(sp_digit* y)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2 * 12];
- sp_digit t2d[2 * 12];
- sp_digit t3d[2 * 12];
- sp_digit t4d[2 * 12];
- sp_digit t5d[2 * 12];
+ sp_digit t1[5 * 2 * 12];
#endif
- sp_digit* t1;
- sp_digit* t2;
- sp_digit* t3;
- sp_digit* t4;
- sp_digit* t5;
+ sp_digit* t2 = NULL;
+ sp_digit* t3 = NULL;
+ sp_digit* t4 = NULL;
+ sp_digit* t5 = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 12, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 12, NULL, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 12;
- t2 = d + 2 * 12;
- t3 = d + 4 * 12;
- t4 = d + 6 * 12;
- t5 = d + 8 * 12;
-#else
- t1 = t1d;
- t2 = t2d;
- t3 = t3d;
- t4 = t4d;
- t5 = t5d;
-#endif
+ t2 = t1 + 2 * 12;
+ t3 = t1 + 4 * 12;
+ t4 = t1 + 6 * 12;
+ t5 = t1 + 8 * 12;
{
/* t2 = y ^ 0x2 */
@@ -30604,10 +30331,9 @@ static int sp_384_mont_sqrt_12(sp_digit* y)
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -30623,31 +30349,22 @@ static int sp_384_mont_sqrt_12(sp_digit* y)
*/
int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
-#else
- sp_digit xd[2 * 12];
- sp_digit yd[2 * 12];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* x = NULL;
+#else
+ sp_digit x[4 * 12];
+#endif
sp_digit* y = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 12, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 12, NULL, DYNAMIC_TYPE_ECC);
+ if (x == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- x = d + 0 * 12;
- y = d + 2 * 12;
-#else
- x = xd;
- y = yd;
-#endif
+ y = x + 2 * 12;
sp_384_from_mp(x, 12, xm);
err = sp_384_mod_mul_norm_12(x, x, p384_mod);
@@ -30680,10 +30397,9 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
err = sp_384_to_mp(y, ym);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (x != NULL)
+ XFREE(x, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -31913,6 +31629,8 @@ static int sp_1024_mod_mul_norm_32(sp_digit* r, const sp_digit* a,
return sp_1024_mod_32(r, r, m);
}
+
+#ifdef WOLFCRYPT_HAVE_SAKKE
/* Create a new point.
*
* heap [in] Buffer to allocate dynamic memory from.
@@ -31944,8 +31662,8 @@ static int sp_1024_point_new_ex_32(void* heap, sp_point_1024* sp,
/* Set pointer to data and return no error. */
#define sp_1024_point_new_32(heap, sp, p) sp_1024_point_new_ex_32((heap), &(sp), &(p))
#endif
-
-
+#endif /* WOLFCRYPT_HAVE_SAKKE */
+#ifdef WOLFCRYPT_HAVE_SAKKE
/* Free the point.
*
* p [in,out] Point to free.
@@ -31970,6 +31688,7 @@ static void sp_1024_point_free_32(sp_point_1024* p, int clear, void* heap)
#endif
(void)heap;
}
+#endif /* WOLFCRYPT_HAVE_SAKKE */
/* Convert an mp_int to an array of sp_digit.
*
@@ -34115,43 +33834,40 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r,
static int sp_1024_ecc_mulmod_fast_32(sp_point_1024* r, const sp_point_1024* g, const sp_digit* k,
int map, int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 td[16];
- sp_point_1024 rtd;
- sp_digit tmpd[2 * 32 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* t = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_1024 t[16 + 1];
+ sp_digit tmp[2 * 32 * 5];
#endif
- sp_point_1024* t;
- sp_point_1024* rt;
- sp_digit* tmp;
+ sp_point_1024* rt = NULL;
sp_digit n;
int i;
int c;
int y;
- int err;
+ int err = MP_OKAY;
/* Constant time used for cache attack resistance implementation. */
(void)ct;
(void)heap;
- err = sp_1024_point_new_32(heap, rtd, rt);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-#ifndef WC_NO_CACHE_RESISTANT
- t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 17, heap, DYNAMIC_TYPE_ECC);
-#else
- t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 16, heap, DYNAMIC_TYPE_ECC);
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 16 + 1,
+ heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
-#else
- t = td;
- tmp = tmpd;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
if (err == MP_OKAY) {
+ rt = t + 16;
+
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
@@ -34219,20 +33935,24 @@ static int sp_1024_ecc_mulmod_fast_32(sp_point_1024* r, const sp_point_1024* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
- XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 32 * 5);
- XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
- }
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_point_1024) * 16);
- XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- ForceZero(tmpd, sizeof(tmpd));
- ForceZero(td, sizeof(td));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
#endif
- sp_1024_point_free_32(rt, 1, heap);
+ {
+ ForceZero(tmp, sizeof(sp_digit) * 2 * 32 * 5);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+#endif
+ {
+ ForceZero(t, sizeof(sp_point_1024) * 17);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -34456,29 +34176,30 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r, const sp_point_1024*
static int sp_1024_gen_stripe_table_32(const sp_point_1024* a,
sp_table_entry_1024* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 td;
- sp_point_1024 s1d;
- sp_point_1024 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* t = NULL;
+#else
+ sp_point_1024 t[3];
#endif
- sp_point_1024* t;
sp_point_1024* s1 = NULL;
sp_point_1024* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_1024_point_new_32(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_32(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_1024_point_new_32(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_1024_mod_mul_norm_32(t->x, a->x, p1024_mod);
}
if (err == MP_OKAY) {
@@ -34523,9 +34244,10 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a,
}
}
- sp_1024_point_free_32(s2, 0, heap);
- sp_1024_point_free_32(s1, 0, heap);
- sp_1024_point_free_32( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -34551,19 +34273,19 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
const sp_table_entry_1024* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 rtd;
- sp_point_1024 pd;
- sp_digit td[2 * 32 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_1024 rt[2];
+ sp_digit t[2 * 32 * 5];
#endif
- sp_point_1024* rt;
sp_point_1024* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -34571,21 +34293,22 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
(void)heap;
- err = sp_1024_point_new_32(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_32(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p1024_norm_mod, sizeof(p1024_norm_mod));
XMEMCPY(rt->z, p1024_norm_mod, sizeof(p1024_norm_mod));
@@ -34621,13 +34344,12 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_32(p, 0, heap);
- sp_1024_point_free_32(rt, 0, heap);
return err;
}
@@ -34793,29 +34515,30 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g, const
static int sp_1024_gen_stripe_table_32(const sp_point_1024* a,
sp_table_entry_1024* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 td;
- sp_point_1024 s1d;
- sp_point_1024 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* t = NULL;
+#else
+ sp_point_1024 t[3];
#endif
- sp_point_1024* t;
sp_point_1024* s1 = NULL;
sp_point_1024* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_1024_point_new_32(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_32(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_1024_point_new_32(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_1024_mod_mul_norm_32(t->x, a->x, p1024_mod);
}
if (err == MP_OKAY) {
@@ -34860,9 +34583,10 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a,
}
}
- sp_1024_point_free_32(s2, 0, heap);
- sp_1024_point_free_32(s1, 0, heap);
- sp_1024_point_free_32( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -34888,19 +34612,19 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
const sp_table_entry_1024* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 rtd;
- sp_point_1024 pd;
- sp_digit td[2 * 32 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_1024 rt[2];
+ sp_digit t[2 * 32 * 5];
#endif
- sp_point_1024* rt;
sp_point_1024* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -34908,21 +34632,22 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
(void)heap;
- err = sp_1024_point_new_32(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_32(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p1024_norm_mod, sizeof(p1024_norm_mod));
XMEMCPY(rt->z, p1024_norm_mod, sizeof(p1024_norm_mod));
@@ -34958,13 +34683,12 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_32(p, 0, heap);
- sp_1024_point_free_32(rt, 0, heap);
return err;
}
@@ -35128,25 +34852,28 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g, const
int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_digit kd[32];
-#endif
- sp_point_1024* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_1024 point[1];
+ sp_digit k[32];
+#endif
int err = MP_OKAY;
- err = sp_1024_point_new_32(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_1024_from_mp(k, 32, km);
sp_1024_point_from_ecc_point_32(point, gm);
@@ -35157,12 +34884,12 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
err = sp_1024_point_to_ecc_point_32(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_32(point, 0, heap);
return err;
}
@@ -38756,26 +38483,28 @@ static int sp_1024_ecc_mulmod_base_32(sp_point_1024* r, const sp_digit* k,
*/
int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_digit kd[32];
-#endif
- sp_point_1024* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_1024 point[1];
+ sp_digit k[32];
+#endif
int err = MP_OKAY;
- err = sp_1024_point_new_32(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_1024_from_mp(k, 32, km);
@@ -38785,12 +38514,12 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
err = sp_1024_point_to_ecc_point_32(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_32(point, 0, heap);
return err;
}
@@ -38809,37 +38538,35 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_point_1024 a;
- sp_digit kd[32];
- sp_digit t[32 * 2 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
+ sp_digit* k = NULL;
+#else
+ sp_point_1024 point[2];
+ sp_digit k[32 + 32 * 2 * 5];
#endif
- sp_point_1024* point;
sp_point_1024* addP = NULL;
sp_digit* tmp = NULL;
- sp_digit* k = NULL;
int err = MP_OKAY;
- err = sp_1024_point_new_32(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_1024_point_new_32(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 + 32 * 2 * 5), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (32 + 32 * 2 * 5),
+ heap, DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 32;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 32;
+
sp_1024_from_mp(k, 32, km);
sp_1024_point_from_ecc_point_32(addP, am);
}
@@ -38865,13 +38592,12 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
err = sp_1024_point_to_ecc_point_32(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_32(addP, 0, heap);
- sp_1024_point_free_32(point, 0, heap);
return err;
}
@@ -38889,29 +38615,43 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
void* heap)
{
- int err = 0;
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_point_1024* point = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_1024 point[1];
sp_digit t[5 * 2 * 32];
+#endif
+ int err = MP_OKAY;
if ((gm == NULL) || (len == NULL)) {
err = BAD_FUNC_ARG;
}
- if ((err == 0) && (table == NULL)) {
+ if ((err == MP_OKAY) && (table == NULL)) {
*len = sizeof(sp_table_entry_1024) * 256;
err = LENGTH_ONLY_E;
}
- if ((err == 0) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
+ if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
err = BUFFER_E;
}
- if (err == 0) {
- err = sp_1024_point_new_32(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
}
- if (err == 0) {
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 32, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+ }
+#endif
+
+ if (err == MP_OKAY) {
sp_1024_point_from_ecc_point_32(point, gm);
err = sp_1024_gen_stripe_table_32(point,
(sp_table_entry_1024*)table, t, heap);
@@ -38920,7 +38660,12 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
*len = sizeof(sp_table_entry_1024) * 256;
}
- sp_1024_point_free_32(point, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -38973,24 +38718,28 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_digit kd[32];
-#endif
- sp_point_1024* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_1024 point[1];
+ sp_digit k[32];
+#endif
int err = MP_OKAY;
- err = sp_1024_point_new_32(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap, DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_1024_from_mp(k, 32, km);
sp_1024_point_from_ecc_point_32(point, gm);
@@ -39007,12 +38756,12 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
err = sp_1024_point_to_ecc_point_32(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_32(point, 0, heap);
return err;
}
@@ -42463,33 +42212,24 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n)
static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2*32];
- sp_digit t2d[2*32];
+ sp_digit t1[32 * 4];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int32_t n;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 4, heap, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 4, heap, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)heap;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 32;
- t2 = d + 2 * 32;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 32;
sp_1024_sqr_32(t1, point->y);
(void)sp_1024_mod_32(t1, t1, p1024_mod);
@@ -42513,10 +42253,9 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, heap, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -42531,14 +42270,21 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point,
*/
int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 pubd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* pub = NULL;
+#else
+ sp_point_1024 pub[1];
+#endif
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
#endif
- sp_point_1024* pub;
- byte one[1] = { 1 };
- int err;
- err = sp_1024_point_new_32(NULL, pubd, pub);
if (err == MP_OKAY) {
sp_1024_from_mp(pub->x, 32, pX);
sp_1024_from_mp(pub->y, 32, pY);
@@ -42547,7 +42293,10 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
err = sp_1024_ecc_is_point_32(pub, NULL);
}
- sp_1024_point_free_32(pub, 0, NULL);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -42566,45 +42315,45 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
const mp_int* privm, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit privd[32];
- sp_point_1024 pubd;
- sp_point_1024 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* priv = NULL;
- sp_point_1024* pub;
- sp_point_1024* p = NULL;
- byte one[1] = { 1 };
- int err;
-
- err = sp_1024_point_new_32(heap, pubd, pub);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_32(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY && privm) {
- priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap,
- DYNAMIC_TYPE_ECC);
- if (priv == NULL) {
- err = MEMORY_E;
- }
- }
+ sp_point_1024* pub = NULL;
+#else
+ sp_digit priv[32];
+ sp_point_1024 pub[2];
#endif
+ sp_point_1024* p = NULL;
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
/* Quick check the lengs of public key ordinates and private key are in
* range. Proper check later.
*/
- if ((err == MP_OKAY) && ((mp_count_bits(pX) > 1024) ||
+ if (((mp_count_bits(pX) > 1024) ||
(mp_count_bits(pY) > 1024) ||
((privm != NULL) && (mp_count_bits(privm) > 1024)))) {
err = ECC_OUT_OF_RANGE_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- priv = privd;
+ pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY && privm) {
+ priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap,
+ DYNAMIC_TYPE_ECC);
+ if (priv == NULL)
+ err = MEMORY_E;
+ }
#endif
+ if (err == MP_OKAY) {
+ p = pub + 1;
+
sp_1024_from_mp(pub->x, 32, pX);
sp_1024_from_mp(pub->y, 32, pY);
sp_1024_from_bin(pub->z, 32, one, (int)sizeof(one));
@@ -42653,13 +42402,12 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (priv != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+ if (priv != NULL)
XFREE(priv, heap, DYNAMIC_TYPE_ECC);
- }
#endif
- sp_1024_point_free_32(p, 0, heap);
- sp_1024_point_free_32(pub, 0, heap);
return err;
}
diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c
index cc6d89915..d22dd82bc 100644
--- a/wolfcrypt/src/sp_int.c
+++ b/wolfcrypt/src/sp_int.c
@@ -77,8 +77,11 @@ This library provides single precision (SP) integer math functions.
* called again until complete.
* WOLFSSL_SP_FAST_NCT_EXPTMOD Enables the faster non-constant time modular
* exponentation implementation.
+ * WOLFSSL_SP_INT_NEGATIVE Enables negative values to be used.
* WOLFSSL_SP_INT_DIGIT_ALIGN Enable when unaligned access of sp_int_digit
* pointer is not allowed.
+ * WOLFSSL_SP_NO_DYN_STACK Disable use of dynamic stack items.
+ * Used with small code size and not small stack.
*/
#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
@@ -93,7 +96,7 @@ This library provides single precision (SP) integer math functions.
sp_int* n = NULL
#else
#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
- defined(WOLFSSL_SP_SMALL)
+ defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
/* Declare a variable on the stack with the required data size. */
#define DECL_SP_INT(n, s) \
byte n##d[MP_INT_SIZEOF(s)]; \
@@ -163,7 +166,7 @@ This library provides single precision (SP) integer math functions.
sp_int* n[c] = { NULL, }
#else
#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
- defined(WOLFSSL_SP_SMALL)
+ defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
/* Declare a variable on the stack with the required data size. */
#define DECL_SP_INT_ARRAY(n, s, c) \
byte n##d[MP_INT_SIZEOF(s) * (c)]; \
@@ -204,7 +207,7 @@ This library provides single precision (SP) integer math functions.
while (0)
#else
#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
- defined(WOLFSSL_SP_SMALL)
+ defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
/* Data declared on stack that supports multiple sp_ints of the
* required size. Use pointers into data to make up array and set sizes.
*/
@@ -3107,25 +3110,33 @@ int sp_add_d(sp_int* a, sp_int_digit d, sp_int* r)
{
int err = MP_OKAY;
+ /* Check validity of parameters. */
if ((a == NULL) || (r == NULL)) {
err = MP_VAL;
}
else
{
#ifndef WOLFSSL_SP_INT_NEGATIVE
+ /* Positive only so just use internal function. */
err = _sp_add_d(a, d, r);
#else
if (a->sign == MP_ZPOS) {
+ /* Positive so use interal function. */
r->sign = MP_ZPOS;
err = _sp_add_d(a, d, r);
}
else if ((a->used > 1) || (a->dp[0] > d)) {
+ /* Negative value bigger than digit so subtract digit. */
r->sign = MP_NEG;
_sp_sub_d(a, d, r);
}
else {
+ /* Negative value smaller or equal to digit. */
r->sign = MP_ZPOS;
+ /* Subtract negative value from digit. */
r->dp[0] = d - a->dp[0];
+ /* Result is a digit equal to or greater than zero. */
+ r->used = ((r->dp[0] == 0) ? 0 : 1);
}
#endif
}
@@ -3149,25 +3160,32 @@ int sp_sub_d(sp_int* a, sp_int_digit d, sp_int* r)
{
int err = MP_OKAY;
+ /* Check validity of parameters. */
if ((a == NULL) || (r == NULL)) {
err = MP_VAL;
}
else {
#ifndef WOLFSSL_SP_INT_NEGATIVE
+ /* Positive only so just use internal function. */
_sp_sub_d(a, d, r);
#else
if (a->sign == MP_NEG) {
+ /* Subtracting from negative use interal add. */
r->sign = MP_NEG;
err = _sp_add_d(a, d, r);
}
else if ((a->used > 1) || (a->dp[0] >= d)) {
+ /* Positive number greater than digit so add digit. */
r->sign = MP_ZPOS;
_sp_sub_d(a, d, r);
}
else {
+ /* Negative value smaller than digit. */
r->sign = MP_NEG;
+ /* Subtract positive value from digit. */
r->dp[0] = d - a->dp[0];
- r->used = r->dp[0] > 0;
+ /* Result is a digit equal to or greater than zero. */
+ r->used = 1;
}
#endif
}
@@ -4752,7 +4770,8 @@ int sp_mod(sp_int* a, sp_int* m, sp_int* r)
int k;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_int_digit* t = NULL;
- #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && defined(WOLFSSL_SP_SMALL)
+ #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
+ defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
sp_int_digit t[a->used * 2];
#else
sp_int_digit t[SP_INT_DIGITS];
@@ -4828,7 +4847,8 @@ int sp_mod(sp_int* a, sp_int* m, sp_int* r)
int k;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_int_digit* t = NULL;
- #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && defined(WOLFSSL_SP_SMALL)
+ #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
+ defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
sp_int_digit t[a->used + b->used];
#else
sp_int_digit t[SP_INT_DIGITS];
@@ -4905,7 +4925,8 @@ int sp_mod(sp_int* a, sp_int* m, sp_int* r)
int k;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_int_digit* t = NULL;
- #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && defined(WOLFSSL_SP_SMALL)
+ #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
+ defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
sp_int_digit t[a->used + b->used];
#else
sp_int_digit t[SP_INT_DIGITS];
@@ -9284,7 +9305,7 @@ int sp_mul_2d(sp_int* a, int e, sp_int* r)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_int_digit* t = NULL;
#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
- defined(WOLFSSL_SP_SMALL)
+ defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
sp_int_digit t[a->used * 2];
#else
sp_int_digit t[SP_INT_DIGITS];
@@ -9393,7 +9414,7 @@ int sp_mul_2d(sp_int* a, int e, sp_int* r)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_int_digit* t = NULL;
#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
- defined(WOLFSSL_SP_SMALL)
+ defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
sp_int_digit t[a->used * 2];
#else
sp_int_digit t[SP_INT_DIGITS];
diff --git a/wolfcrypt/src/sp_x86_64.c b/wolfcrypt/src/sp_x86_64.c
index 060114fb5..c51d73769 100644
--- a/wolfcrypt/src/sp_x86_64.c
+++ b/wolfcrypt/src/sp_x86_64.c
@@ -1488,15 +1488,12 @@ static int sp_2048_mod_exp_avx2_32(sp_digit* r, const sp_digit* a, const sp_digi
int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
const mp_int* mm, byte* out, word32* outLen)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit ad[64];
- sp_digit md[32];
- sp_digit rd[64];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* a = NULL;
#else
- sp_digit* d = NULL;
+ sp_digit a[32 * 5];
#endif
- sp_digit* a;
- sp_digit *ah;
+ sp_digit* ah;
sp_digit* m;
sp_digit* r;
sp_digit e = 0;
@@ -1516,28 +1513,20 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 5, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- a = d;
- r = a + 32 * 2;
- m = r + 32 * 2;
- ah = a + 32;
- }
-#else
- a = ad;
- m = md;
- r = rd;
- ah = a + 32;
#endif
if (err == MP_OKAY) {
+ r = a + 32 * 2;
+ m = r + 32 * 2;
+ ah = a + 32;
+
sp_2048_from_bin(ah, 32, in, inLen);
#if DIGIT_BIT >= 64
e = em->dp[0];
@@ -1634,9 +1623,9 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em,
*outLen = 256;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL)
- XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
#endif
return err;
@@ -1664,15 +1653,13 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
const mp_int* pm, const mp_int* qm,const mp_int* dpm, const mp_int* dqm,
const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
-#if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
- sp_digit a[64];
- sp_digit d[32];
- sp_digit m[32];
-#else
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[32 * 4];
+#endif
sp_digit* a;
sp_digit* m;
-#endif
sp_digit* r;
int err = MP_OKAY;
@@ -1700,7 +1687,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
}
}
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 4, NULL,
DYNAMIC_TYPE_RSA);
@@ -1711,10 +1698,9 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
#endif
if (err == MP_OKAY) {
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
a = d + 32;
m = a + 64;
-#endif
+
r = a;
sp_2048_from_bin(a, 32, in, inLen);
@@ -1728,14 +1714,16 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 256;
}
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 32);
- XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
-#else
- XMEMSET(d, 0, sizeof(sp_digit) * 32);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
#endif
+ {
+ /* only zeroing private "d" */
+ ForceZero(d, sizeof(sp_digit) * 32);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+ #endif
+ }
return err;
}
@@ -1764,17 +1752,11 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
const mp_int* pm, const mp_int* qm, const mp_int* dpm, const mp_int* dqm,
const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit ad[32 * 2];
- sp_digit pd[16];
- sp_digit qd[16];
- sp_digit dpd[16];
- sp_digit tmpad[32];
- sp_digit tmpbd[32];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* a = NULL;
#else
- sp_digit* t = NULL;
+ sp_digit a[16 * 11];
#endif
- sp_digit* a;
sp_digit* p;
sp_digit* q;
sp_digit* dp;
@@ -1802,33 +1784,23 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 11, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 11, NULL,
DYNAMIC_TYPE_RSA);
- if (t == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
+#endif
+
if (err == MP_OKAY) {
- a = t;
p = a + 32 * 2;
q = p + 16;
qi = dq = dp = q + 16;
tmpa = qi + 16;
tmpb = tmpa + 32;
+ r = a + 32;
- r = t + 32;
- }
-#else
- r = a = ad;
- p = pd;
- q = qd;
- qi = dq = dp = dpd;
- tmpa = tmpad;
- tmpb = tmpbd;
-#endif
-
- if (err == MP_OKAY) {
sp_2048_from_bin(a, 32, in, inLen);
sp_2048_from_mp(p, 16, pm);
sp_2048_from_mp(q, 16, qm);
@@ -1895,18 +1867,15 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 256;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_digit) * 16 * 11);
- XFREE(t, NULL, DYNAMIC_TYPE_RSA);
- }
-#else
- XMEMSET(tmpad, 0, sizeof(tmpad));
- XMEMSET(tmpbd, 0, sizeof(tmpbd));
- XMEMSET(pd, 0, sizeof(pd));
- XMEMSET(qd, 0, sizeof(qd));
- XMEMSET(dpd, 0, sizeof(dpd));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
#endif
+ {
+ ForceZero(a, sizeof(sp_digit) * 16 * 11);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+ #endif
+ }
return err;
}
@@ -3870,15 +3839,12 @@ static int sp_3072_mod_exp_avx2_48(sp_digit* r, const sp_digit* a, const sp_digi
int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
const mp_int* mm, byte* out, word32* outLen)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit ad[96];
- sp_digit md[48];
- sp_digit rd[96];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* a = NULL;
#else
- sp_digit* d = NULL;
+ sp_digit a[48 * 5];
#endif
- sp_digit* a;
- sp_digit *ah;
+ sp_digit* ah;
sp_digit* m;
sp_digit* r;
sp_digit e = 0;
@@ -3898,28 +3864,20 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 48 * 5, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 48 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- a = d;
- r = a + 48 * 2;
- m = r + 48 * 2;
- ah = a + 48;
- }
-#else
- a = ad;
- m = md;
- r = rd;
- ah = a + 48;
#endif
if (err == MP_OKAY) {
+ r = a + 48 * 2;
+ m = r + 48 * 2;
+ ah = a + 48;
+
sp_3072_from_bin(ah, 48, in, inLen);
#if DIGIT_BIT >= 64
e = em->dp[0];
@@ -4016,9 +3974,9 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em,
*outLen = 384;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL)
- XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
#endif
return err;
@@ -4046,15 +4004,13 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
const mp_int* pm, const mp_int* qm,const mp_int* dpm, const mp_int* dqm,
const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
-#if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
- sp_digit a[96];
- sp_digit d[48];
- sp_digit m[48];
-#else
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[48 * 4];
+#endif
sp_digit* a;
sp_digit* m;
-#endif
sp_digit* r;
int err = MP_OKAY;
@@ -4082,7 +4038,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
}
}
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 48 * 4, NULL,
DYNAMIC_TYPE_RSA);
@@ -4093,10 +4049,9 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
#endif
if (err == MP_OKAY) {
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
a = d + 48;
m = a + 96;
-#endif
+
r = a;
sp_3072_from_bin(a, 48, in, inLen);
@@ -4110,14 +4065,16 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 384;
}
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 48);
- XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
-#else
- XMEMSET(d, 0, sizeof(sp_digit) * 48);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
#endif
+ {
+ /* only zeroing private "d" */
+ ForceZero(d, sizeof(sp_digit) * 48);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+ #endif
+ }
return err;
}
@@ -4146,17 +4103,11 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
const mp_int* pm, const mp_int* qm, const mp_int* dpm, const mp_int* dqm,
const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit ad[48 * 2];
- sp_digit pd[24];
- sp_digit qd[24];
- sp_digit dpd[24];
- sp_digit tmpad[48];
- sp_digit tmpbd[48];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* a = NULL;
#else
- sp_digit* t = NULL;
+ sp_digit a[24 * 11];
#endif
- sp_digit* a;
sp_digit* p;
sp_digit* q;
sp_digit* dp;
@@ -4184,33 +4135,23 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 24 * 11, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 24 * 11, NULL,
DYNAMIC_TYPE_RSA);
- if (t == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
+#endif
+
if (err == MP_OKAY) {
- a = t;
p = a + 48 * 2;
q = p + 24;
qi = dq = dp = q + 24;
tmpa = qi + 24;
tmpb = tmpa + 48;
+ r = a + 48;
- r = t + 48;
- }
-#else
- r = a = ad;
- p = pd;
- q = qd;
- qi = dq = dp = dpd;
- tmpa = tmpad;
- tmpb = tmpbd;
-#endif
-
- if (err == MP_OKAY) {
sp_3072_from_bin(a, 48, in, inLen);
sp_3072_from_mp(p, 24, pm);
sp_3072_from_mp(q, 24, qm);
@@ -4277,18 +4218,15 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 384;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_digit) * 24 * 11);
- XFREE(t, NULL, DYNAMIC_TYPE_RSA);
- }
-#else
- XMEMSET(tmpad, 0, sizeof(tmpad));
- XMEMSET(tmpbd, 0, sizeof(tmpbd));
- XMEMSET(pd, 0, sizeof(pd));
- XMEMSET(qd, 0, sizeof(qd));
- XMEMSET(dpd, 0, sizeof(dpd));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
#endif
+ {
+ ForceZero(a, sizeof(sp_digit) * 24 * 11);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+ #endif
+ }
return err;
}
@@ -5650,15 +5588,12 @@ static int sp_4096_mod_exp_avx2_64(sp_digit* r, const sp_digit* a, const sp_digi
int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
const mp_int* mm, byte* out, word32* outLen)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit ad[128];
- sp_digit md[64];
- sp_digit rd[128];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* a = NULL;
#else
- sp_digit* d = NULL;
+ sp_digit a[64 * 5];
#endif
- sp_digit* a;
- sp_digit *ah;
+ sp_digit* ah;
sp_digit* m;
sp_digit* r;
sp_digit e = 0;
@@ -5678,28 +5613,20 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 5, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 5, NULL,
DYNAMIC_TYPE_RSA);
- if (d == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
-
- if (err == MP_OKAY) {
- a = d;
- r = a + 64 * 2;
- m = r + 64 * 2;
- ah = a + 64;
- }
-#else
- a = ad;
- m = md;
- r = rd;
- ah = a + 64;
#endif
if (err == MP_OKAY) {
+ r = a + 64 * 2;
+ m = r + 64 * 2;
+ ah = a + 64;
+
sp_4096_from_bin(ah, 64, in, inLen);
#if DIGIT_BIT >= 64
e = em->dp[0];
@@ -5796,9 +5723,9 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em,
*outLen = 512;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL)
- XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
#endif
return err;
@@ -5826,15 +5753,13 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
const mp_int* pm, const mp_int* qm,const mp_int* dpm, const mp_int* dqm,
const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
-#if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
- sp_digit a[128];
- sp_digit d[64];
- sp_digit m[64];
-#else
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* d = NULL;
+#else
+ sp_digit d[64 * 4];
+#endif
sp_digit* a;
sp_digit* m;
-#endif
sp_digit* r;
int err = MP_OKAY;
@@ -5862,7 +5787,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
}
}
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 4, NULL,
DYNAMIC_TYPE_RSA);
@@ -5873,10 +5798,9 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
#endif
if (err == MP_OKAY) {
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
a = d + 64;
m = a + 128;
-#endif
+
r = a;
sp_4096_from_bin(a, 64, in, inLen);
@@ -5890,14 +5814,16 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 512;
}
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 64);
- XFREE(d, NULL, DYNAMIC_TYPE_RSA);
- }
-#else
- XMEMSET(d, 0, sizeof(sp_digit) * 64);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (d != NULL)
#endif
+ {
+ /* only zeroing private "d" */
+ ForceZero(d, sizeof(sp_digit) * 64);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(d, NULL, DYNAMIC_TYPE_RSA);
+ #endif
+ }
return err;
}
@@ -5926,17 +5852,11 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
const mp_int* pm, const mp_int* qm, const mp_int* dpm, const mp_int* dqm,
const mp_int* qim, const mp_int* mm, byte* out, word32* outLen)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit ad[64 * 2];
- sp_digit pd[32];
- sp_digit qd[32];
- sp_digit dpd[32];
- sp_digit tmpad[64];
- sp_digit tmpbd[64];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* a = NULL;
#else
- sp_digit* t = NULL;
+ sp_digit a[32 * 11];
#endif
- sp_digit* a;
sp_digit* p;
sp_digit* q;
sp_digit* dp;
@@ -5964,33 +5884,23 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
err = MP_VAL;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 11, NULL,
+ a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 11, NULL,
DYNAMIC_TYPE_RSA);
- if (t == NULL)
+ if (a == NULL)
err = MEMORY_E;
}
+#endif
+
if (err == MP_OKAY) {
- a = t;
p = a + 64 * 2;
q = p + 32;
qi = dq = dp = q + 32;
tmpa = qi + 32;
tmpb = tmpa + 64;
+ r = a + 64;
- r = t + 64;
- }
-#else
- r = a = ad;
- p = pd;
- q = qd;
- qi = dq = dp = dpd;
- tmpa = tmpad;
- tmpb = tmpbd;
-#endif
-
- if (err == MP_OKAY) {
sp_4096_from_bin(a, 64, in, inLen);
sp_4096_from_mp(p, 32, pm);
sp_4096_from_mp(q, 32, qm);
@@ -6057,18 +5967,15 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm,
*outLen = 512;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XMEMSET(t, 0, sizeof(sp_digit) * 32 * 11);
- XFREE(t, NULL, DYNAMIC_TYPE_RSA);
- }
-#else
- XMEMSET(tmpad, 0, sizeof(tmpad));
- XMEMSET(tmpbd, 0, sizeof(tmpbd));
- XMEMSET(pd, 0, sizeof(pd));
- XMEMSET(qd, 0, sizeof(qd));
- XMEMSET(dpd, 0, sizeof(dpd));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (a != NULL)
#endif
+ {
+ ForceZero(a, sizeof(sp_digit) * 32 * 11);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(a, NULL, DYNAMIC_TYPE_RSA);
+ #endif
+ }
return err;
}
@@ -6617,64 +6524,6 @@ extern void sp_256_mul_4(sp_digit* r, const sp_digit* a, const sp_digit* b);
extern void sp_256_sqr_4(sp_digit* r, const sp_digit* a);
extern sp_digit sp_256_add_4(sp_digit* r, const sp_digit* a, const sp_digit* b);
extern sp_digit sp_256_sub_4(sp_digit* r, const sp_digit* a, const sp_digit* b);
-/* Create a new point.
- *
- * heap [in] Buffer to allocate dynamic memory from.
- * sp [in] Data for point - only if not allocating.
- * p [out] New point.
- * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise.
- */
-static int sp_256_point_new_ex_4(void* heap, sp_point_256* sp,
- sp_point_256** p)
-{
- int ret = MP_OKAY;
- (void)heap;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- (void)sp;
- *p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC);
-#else
- *p = sp;
-#endif
- if (*p == NULL) {
- ret = MEMORY_E;
- }
- return ret;
-}
-
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* Allocate memory for point and return error. */
-#define sp_256_point_new_4(heap, sp, p) sp_256_point_new_ex_4((heap), NULL, &(p))
-#else
-/* Set pointer to data and return no error. */
-#define sp_256_point_new_4(heap, sp, p) sp_256_point_new_ex_4((heap), &(sp), &(p))
-#endif
-
-
-/* Free the point.
- *
- * p [in,out] Point to free.
- * clear [in] Indicates whether to zeroize point.
- * heap [in] Buffer from which dynamic memory was allocate from.
- */
-static void sp_256_point_free_4(sp_point_256* p, int clear, void* heap)
-{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* If valid pointer then clear point data if requested and free data. */
- if (p != NULL) {
- if (clear != 0) {
- XMEMSET(p, 0, sizeof(*p));
- }
- XFREE(p, heap, DYNAMIC_TYPE_ECC);
- }
-#else
-/* Clear point data if requested. */
- if ((p != NULL) && (clear != 0)) {
- XMEMSET(p, 0, sizeof(*p));
- }
-#endif
- (void)heap;
-}
-
/* Multiply a number by Montogmery normalizer mod modulus (prime).
*
* r The resulting Montgomery form number.
@@ -7931,43 +7780,41 @@ extern void sp_256_get_point_33_avx2_4(sp_point_256* r, const sp_point_256* tabl
static int sp_256_ecc_mulmod_win_add_sub_4(sp_point_256* r, const sp_point_256* g,
const sp_digit* k, int map, int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 td[33];
- sp_point_256 rtd;
- sp_point_256 pd;
- sp_digit tmpd[2 * 4 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* t = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_256 t[33+2];
+ sp_digit tmp[2 * 4 * 6];
#endif
- sp_point_256* t;
- sp_point_256* rt;
+ sp_point_256* rt = NULL;
sp_point_256* p = NULL;
- sp_digit* tmp;
sp_digit* negy;
int i;
ecc_recode_256 v[43];
- int err;
+ int err = MP_OKAY;
/* Constant time used for cache attack resistance implementation. */
(void)ct;
(void)heap;
- err = sp_256_point_new_4(heap, rtd, rt);
- if (err == MP_OKAY)
- err = sp_256_point_new_4(heap, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 33, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) *
+ (33+2), heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
-#else
- t = td;
- tmp = tmpd;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 6,
+ heap, DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
-
if (err == MP_OKAY) {
+ rt = t + 33;
+ p = t + 33+1;
+
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
@@ -8047,14 +7894,12 @@ static int sp_256_ecc_mulmod_win_add_sub_4(sp_point_256* r, const sp_point_256*
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
if (tmp != NULL)
XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(p, 0, heap);
- sp_256_point_free_4(rt, 0, heap);
return err;
}
@@ -8958,43 +8803,41 @@ static void sp_256_proj_point_add_sub_avx2_4(sp_point_256* ra,
static int sp_256_ecc_mulmod_win_add_sub_avx2_4(sp_point_256* r, const sp_point_256* g,
const sp_digit* k, int map, int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 td[33];
- sp_point_256 rtd;
- sp_point_256 pd;
- sp_digit tmpd[2 * 4 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* t = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_256 t[33+2];
+ sp_digit tmp[2 * 4 * 6];
#endif
- sp_point_256* t;
- sp_point_256* rt;
+ sp_point_256* rt = NULL;
sp_point_256* p = NULL;
- sp_digit* tmp;
sp_digit* negy;
int i;
ecc_recode_256 v[43];
- int err;
+ int err = MP_OKAY;
/* Constant time used for cache attack resistance implementation. */
(void)ct;
(void)heap;
- err = sp_256_point_new_4(heap, rtd, rt);
- if (err == MP_OKAY)
- err = sp_256_point_new_4(heap, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 33, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) *
+ (33+2), heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
-#else
- t = td;
- tmp = tmpd;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 6,
+ heap, DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
-
if (err == MP_OKAY) {
+ rt = t + 33;
+ p = t + 33+1;
+
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
@@ -9074,14 +8917,12 @@ static int sp_256_ecc_mulmod_win_add_sub_avx2_4(sp_point_256* r, const sp_point_
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
if (tmp != NULL)
XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(p, 0, heap);
- sp_256_point_free_4(rt, 0, heap);
return err;
}
@@ -9214,29 +9055,30 @@ static void sp_256_proj_to_affine_4(sp_point_256* a, sp_digit* t)
static int sp_256_gen_stripe_table_4(const sp_point_256* a,
sp_table_entry_256* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 td;
- sp_point_256 s1d;
- sp_point_256 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* t = NULL;
+#else
+ sp_point_256 t[3];
#endif
- sp_point_256* t;
sp_point_256* s1 = NULL;
sp_point_256* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_256_point_new_4(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_256_point_new_4(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_256_point_new_4(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_256_mod_mul_norm_4(t->x, a->x, p256_mod);
}
if (err == MP_OKAY) {
@@ -9281,9 +9123,10 @@ static int sp_256_gen_stripe_table_4(const sp_point_256* a,
}
}
- sp_256_point_free_4(s2, 0, heap);
- sp_256_point_free_4(s1, 0, heap);
- sp_256_point_free_4( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -9312,19 +9155,19 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g,
const sp_table_entry_256* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 rtd;
- sp_point_256 pd;
- sp_digit td[2 * 4 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_256 rt[2];
+ sp_digit t[2 * 4 * 5];
#endif
- sp_point_256* rt;
sp_point_256* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -9332,21 +9175,22 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g,
(void)heap;
- err = sp_256_point_new_4(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_256_point_new_4(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod));
XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod));
@@ -9397,13 +9241,12 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(p, 0, heap);
- sp_256_point_free_4(rt, 0, heap);
return err;
}
@@ -9676,29 +9519,30 @@ static void sp_256_proj_to_affine_avx2_4(sp_point_256* a, sp_digit* t)
static int sp_256_gen_stripe_table_avx2_4(const sp_point_256* a,
sp_table_entry_256* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 td;
- sp_point_256 s1d;
- sp_point_256 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* t = NULL;
+#else
+ sp_point_256 t[3];
#endif
- sp_point_256* t;
sp_point_256* s1 = NULL;
sp_point_256* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_256_point_new_4(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_256_point_new_4(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_256_point_new_4(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_256_mod_mul_norm_avx2_4(t->x, a->x, p256_mod);
}
if (err == MP_OKAY) {
@@ -9743,9 +9587,10 @@ static int sp_256_gen_stripe_table_avx2_4(const sp_point_256* a,
}
}
- sp_256_point_free_4(s2, 0, heap);
- sp_256_point_free_4(s1, 0, heap);
- sp_256_point_free_4( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -9772,19 +9617,19 @@ static int sp_256_ecc_mulmod_stripe_avx2_4(sp_point_256* r, const sp_point_256*
const sp_table_entry_256* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 rtd;
- sp_point_256 pd;
- sp_digit td[2 * 4 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_256 rt[2];
+ sp_digit t[2 * 4 * 5];
#endif
- sp_point_256* rt;
sp_point_256* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -9792,21 +9637,22 @@ static int sp_256_ecc_mulmod_stripe_avx2_4(sp_point_256* r, const sp_point_256*
(void)heap;
- err = sp_256_point_new_4(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_256_point_new_4(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod));
XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod));
@@ -9857,13 +9703,12 @@ static int sp_256_ecc_mulmod_stripe_avx2_4(sp_point_256* r, const sp_point_256*
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(p, 0, heap);
- sp_256_point_free_4(rt, 0, heap);
return err;
}
@@ -9935,28 +9780,31 @@ static int sp_256_ecc_mulmod_avx2_4(sp_point_256* r, const sp_point_256* g, cons
int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[4];
-#endif
- sp_point_256* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[1];
+ sp_digit k[4];
+#endif
int err = MP_OKAY;
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
- err = sp_256_point_new_4(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_256_from_mp(k, 4, km);
sp_256_point_from_ecc_point_4(point, gm);
@@ -9972,12 +9820,12 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
err = sp_256_point_to_ecc_point_4(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(point, 0, heap);
return err;
}
@@ -9997,40 +9845,38 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r,
int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
const ecc_point* am, int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_point_256 a;
- sp_digit kd[4];
- sp_digit t[4 * 2 * 5];
-#endif
- sp_point_256* point;
- sp_point_256* addP = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[2];
+ sp_digit k[4 + 4 * 2 * 5];
+#endif
+ sp_point_256* addP = NULL;
sp_digit* tmp = NULL;
int err = MP_OKAY;
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
- err = sp_256_point_new_4(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_256_point_new_4(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 + 4 * 2 * 5), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (4 + 4 * 2 * 5), heap,
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 4;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 4;
+
sp_256_from_mp(k, 4, km);
sp_256_point_from_ecc_point_4(point, gm);
sp_256_point_from_ecc_point_4(addP, am);
@@ -10072,13 +9918,12 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm,
err = sp_256_point_to_ecc_point_4(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(addP, 0, heap);
- sp_256_point_free_4(point, 0, heap);
return err;
}
@@ -22503,35 +22348,41 @@ static int sp_256_ecc_mulmod_add_only_4(sp_point_256* r, const sp_point_256* g,
const sp_table_entry_256* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 rtd;
- sp_point_256 pd;
- sp_digit tmpd[2 * 4 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* rt = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_256 rt[2];
+ sp_digit tmp[2 * 4 * 5];
#endif
- sp_point_256* rt;
sp_point_256* p = NULL;
- sp_digit* tmp;
- sp_digit* negy;
+ sp_digit* negy = NULL;
int i;
ecc_recode_256 v[37];
- int err;
+ int err = MP_OKAY;
(void)g;
(void)ct;
(void)heap;
- err = sp_256_point_new_4(heap, rtd, rt);
- if (err == MP_OKAY)
- err = sp_256_point_new_4(heap, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
-#else
- tmp = tmpd;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
- negy = tmp;
+
+ if (err == MP_OKAY) {
+ negy = tmp;
+ p = rt + 1;
+ }
if (err == MP_OKAY) {
sp_256_ecc_recode_7_4(k, v);
@@ -22576,16 +22427,19 @@ static int sp_256_ecc_mulmod_add_only_4(sp_point_256* r, const sp_point_256* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
- XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 4 * 5);
- XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- ForceZero(tmp, sizeof(sp_digit) * 2 * 4 * 5);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
+#endif
+ {
+ ForceZero(tmp, sizeof(sp_digit) * 2 * 4 * 5);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(p, 0, heap);
- sp_256_point_free_4(rt, 0, heap);
return MP_OKAY;
}
@@ -22628,35 +22482,41 @@ static int sp_256_ecc_mulmod_add_only_avx2_4(sp_point_256* r, const sp_point_256
const sp_table_entry_256* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 rtd;
- sp_point_256 pd;
- sp_digit tmpd[2 * 4 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* rt = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_256 rt[2];
+ sp_digit tmp[2 * 4 * 5];
#endif
- sp_point_256* rt;
sp_point_256* p = NULL;
- sp_digit* tmp;
- sp_digit* negy;
+ sp_digit* negy = NULL;
int i;
ecc_recode_256 v[37];
- int err;
+ int err = MP_OKAY;
(void)g;
(void)ct;
(void)heap;
- err = sp_256_point_new_4(heap, rtd, rt);
- if (err == MP_OKAY)
- err = sp_256_point_new_4(heap, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
-#else
- tmp = tmpd;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
- negy = tmp;
+
+ if (err == MP_OKAY) {
+ negy = tmp;
+ p = rt + 1;
+ }
if (err == MP_OKAY) {
sp_256_ecc_recode_7_4(k, v);
@@ -22701,16 +22561,19 @@ static int sp_256_ecc_mulmod_add_only_avx2_4(sp_point_256* r, const sp_point_256
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
- XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 4 * 5);
- XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- ForceZero(tmp, sizeof(sp_digit) * 2 * 4 * 5);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
+#endif
+ {
+ ForceZero(tmp, sizeof(sp_digit) * 2 * 4 * 5);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(p, 0, heap);
- sp_256_point_free_4(rt, 0, heap);
return MP_OKAY;
}
@@ -22745,29 +22608,31 @@ static int sp_256_ecc_mulmod_base_avx2_4(sp_point_256* r, const sp_digit* k,
*/
int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[4];
-#endif
- sp_point_256* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[1];
+ sp_digit k[4];
+#endif
int err = MP_OKAY;
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
- err = sp_256_point_new_4(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_256_from_mp(k, 4, km);
@@ -22782,12 +22647,12 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
err = sp_256_point_to_ecc_point_4(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(point, 0, heap);
return err;
}
@@ -22806,40 +22671,38 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap)
int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_point_256 a;
- sp_digit kd[4];
- sp_digit t[4 * 2 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
+ sp_digit* k = NULL;
+#else
+ sp_point_256 point[2];
+ sp_digit k[4 + 4 * 2 * 5];
#endif
- sp_point_256* point;
sp_point_256* addP = NULL;
sp_digit* tmp = NULL;
- sp_digit* k = NULL;
int err = MP_OKAY;
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
- err = sp_256_point_new_4(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_256_point_new_4(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 + 4 * 2 * 5), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (4 + 4 * 2 * 5),
+ heap, DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 4;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 4;
+
sp_256_from_mp(k, 4, km);
sp_256_point_from_ecc_point_4(addP, am);
}
@@ -22880,13 +22743,12 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am,
err = sp_256_point_to_ecc_point_4(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(addP, 0, heap);
- sp_256_point_free_4(point, 0, heap);
return err;
}
@@ -22968,44 +22830,49 @@ static int sp_256_ecc_gen_k_4(WC_RNG* rng, sp_digit* k)
*/
int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[4];
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_point_256 inf;
-#endif
-#endif
- sp_point_256* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ sp_point_256 point[2];
+ #else
+ sp_point_256 point[1];
+ #endif
+ sp_digit k[4];
+#endif
#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
sp_point_256* infinity = NULL;
#endif
- int err;
+ int err = MP_OKAY;
+
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
(void)heap;
- err = sp_256_point_new_4(heap, p, point);
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- if (err == MP_OKAY) {
- err = sp_256_point_new_4(heap, inf, infinity);
- }
-#endif
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, DYNAMIC_TYPE_ECC);
+ #else
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC);
+ #endif
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ infinity = point + 1;
+ #endif
+
err = sp_256_ecc_gen_k_4(rng, k);
}
if (err == MP_OKAY) {
@@ -23042,15 +22909,14 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
err = sp_256_point_to_ecc_point_4(point, pub);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
+ if (point != NULL) {
+ /* point is not sensitive, so no need to zeroize */
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
}
#endif
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_256_point_free_4(infinity, 1, heap);
-#endif
- sp_256_point_free_4(point, 1, heap);
return err;
}
@@ -23094,12 +22960,13 @@ static void sp_256_to_bin(sp_digit* r, byte* a)
int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
word32* outLen, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 p;
- sp_digit kd[4];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_point_256* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_256 point[1];
+ sp_digit k[4];
+#endif
int err = MP_OKAY;
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
@@ -23109,18 +22976,19 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
err = BUFFER_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_256_point_new_4(heap, p, point);
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
@@ -23138,12 +23006,12 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
*outLen = 32;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(point, 0, heap);
return err;
}
@@ -23805,13 +23673,10 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
hashLen = 32U;
}
- sp_256_from_bin(ctx->e, 4, hash, (int)hashLen);
-
ctx->i = SP_ECC_MAX_SIG_GEN;
ctx->state = 1;
break;
case 1: /* GEN */
- sp_256_from_mp(ctx->x, 4, priv);
/* New random point. */
if (km == NULL || mp_iszero(km)) {
err = sp_256_ecc_gen_k_4(rng, ctx->k);
@@ -23839,6 +23704,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
c = sp_256_cmp_4(ctx->r, p256_order);
sp_256_cond_sub_4(ctx->r, ctx->r, p256_order, 0L - (sp_digit)(c >= 0));
sp_256_norm_4(ctx->r);
+
+ sp_256_from_mp(ctx->x, 4, priv);
+ sp_256_from_bin(ctx->e, 4, hash, (int)hashLen);
ctx->state = 4;
break;
}
@@ -23895,6 +23763,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
ctx->state = 10;
break;
}
+ #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP
+ ctx->i = 1;
+ #endif
/* not usable gen, try again */
ctx->i--;
@@ -23930,22 +23801,17 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng,
const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit ed[2*4];
- sp_digit xd[2*4];
- sp_digit kd[2*4];
- sp_digit rd[2*4];
- sp_digit td[3 * 2*4];
- sp_point_256 p;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* e = NULL;
+ sp_point_256* point = NULL;
+#else
+ sp_digit e[7 * 2 * 4];
+ sp_point_256 point[1];
+#endif
sp_digit* x = NULL;
sp_digit* k = NULL;
sp_digit* r = NULL;
sp_digit* tmp = NULL;
- sp_point_256* point = NULL;
sp_digit* s = NULL;
int64_t c;
int err = MP_OKAY;
@@ -23956,31 +23822,26 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng,
(void)heap;
- err = sp_256_point_new_4(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 4, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 4, heap,
+ DYNAMIC_TYPE_ECC);
+ if (e == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- e = d + 0 * 4;
- x = d + 2 * 4;
- k = d + 4 * 4;
- r = d + 6 * 4;
- tmp = d + 8 * 4;
-#else
- e = ed;
- x = xd;
- k = kd;
- r = rd;
- tmp = td;
-#endif
+ x = e + 2 * 4;
+ k = e + 4 * 4;
+ r = e + 6 * 4;
+ tmp = e + 8 * 4;
s = e;
if (hashLen > 32U) {
@@ -24040,19 +23901,24 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng,
err = sp_256_to_mp(s, sm);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 8 * 4);
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 2U * 4U);
- XMEMSET(x, 0, sizeof(sp_digit) * 2U * 4U);
- XMEMSET(k, 0, sizeof(sp_digit) * 2U * 4U);
- XMEMSET(r, 0, sizeof(sp_digit) * 2U * 4U);
- XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 4U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (e != NULL)
#endif
- sp_256_point_free_4(point, 1, heap);
+ {
+ ForceZero(e, sizeof(sp_digit) * 7 * 2 * 4);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(e, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (point != NULL)
+#endif
+ {
+ ForceZero(point, sizeof(sp_point_256));
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -24242,7 +24108,7 @@ typedef struct sp_ecc_verify_256_ctx {
int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ,
- const mp_int* r, const mp_int* sm, int* res, void* heap)
+ const mp_int* rm, const mp_int* sm, int* res, void* heap)
{
int err = FP_WOULDBLOCK;
sp_ecc_verify_256_ctx* ctx = (sp_ecc_verify_256_ctx*)sp_ctx->data;
@@ -24257,7 +24123,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
}
sp_256_from_bin(ctx->u1, 4, hash, (int)hashLen);
- sp_256_from_mp(ctx->u2, 4, r);
+ sp_256_from_mp(ctx->u2, 4, rm);
sp_256_from_mp(ctx->s, 4, sm);
sp_256_from_mp(ctx->p2.x, 4, pX);
sp_256_from_mp(ctx->p2.y, 4, pY);
@@ -24315,57 +24181,33 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
if (err == MP_OKAY)
ctx->state = 9;
break;
- case 9: /* DBLPREP */
- if (sp_256_iszero_4(ctx->p1.z)) {
- if (sp_256_iszero_4(ctx->p1.x) && sp_256_iszero_4(ctx->p1.y)) {
- XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
- ctx->state = 10;
- break;
- }
- else {
- /* Y ordinate is not used from here - don't set. */
- int i;
- for (i=0; i<4; i++) {
- ctx->p1.x[i] = 0;
- }
- XMEMCPY(ctx->p1.z, p256_norm_mod, sizeof(p256_norm_mod));
- }
- }
- ctx->state = 11;
- break;
- case 10: /* DBL */
- err = sp_256_proj_point_dbl_4_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1,
- &ctx->p2, ctx->tmp);
- if (err == MP_OKAY) {
- ctx->state = 11;
- }
- break;
- case 11: /* MONT */
+ case 9: /* MONT */
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_256_from_mp(ctx->u2, 4, r);
+ sp_256_from_mp(ctx->u2, 4, rm);
err = sp_256_mod_mul_norm_4(ctx->u2, ctx->u2, p256_mod);
if (err == MP_OKAY)
- ctx->state = 12;
+ ctx->state = 10;
break;
- case 12: /* SQR */
+ case 10: /* SQR */
/* u1 = r.z'.z' mod prime */
sp_256_mont_sqr_4(ctx->p1.z, ctx->p1.z, p256_mod, p256_mp_mod);
- ctx->state = 13;
+ ctx->state = 11;
break;
- case 13: /* MUL */
+ case 11: /* MUL */
sp_256_mont_mul_4(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, p256_mp_mod);
- ctx->state = 14;
+ ctx->state = 12;
break;
- case 14: /* RES */
+ case 12: /* RES */
+ {
+ int64_t c = 0;
err = MP_OKAY; /* math okay, now check result */
*res = (int)(sp_256_cmp_4(ctx->p1.x, ctx->u1) == 0);
if (*res == 0) {
sp_digit carry;
- int64_t c;
/* Reload r and add order. */
- sp_256_from_mp(ctx->u2, 4, r);
+ sp_256_from_mp(ctx->u2, 4, rm);
carry = sp_256_add_4(ctx->u2, ctx->u2, p256_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -24373,22 +24215,23 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
/* Compare with mod and if greater or equal then not valid. */
c = sp_256_cmp_4(ctx->u2, p256_mod);
- if (c < 0) {
- /* Convert to Montogomery form */
- err = sp_256_mod_mul_norm_4(ctx->u2, ctx->u2, p256_mod);
- if (err == MP_OKAY) {
- /* u1 = (r + 1*order).z'.z' mod prime */
- sp_256_mont_mul_4(ctx->u1, ctx->u2, ctx->p1.z, p256_mod,
- p256_mp_mod);
- *res = (int)(sp_256_cmp_4(ctx->p1.x, ctx->u1) == 0);
- }
- }
+ }
+ }
+ if ((*res == 0) && (c < 0)) {
+ /* Convert to Montogomery form */
+ err = sp_256_mod_mul_norm_4(ctx->u2, ctx->u2, p256_mod);
+ if (err == MP_OKAY) {
+ /* u1 = (r + 1*order).z'.z' mod prime */
+ sp_256_mont_mul_4(ctx->u1, ctx->u2, ctx->p1.z, p256_mod,
+ p256_mp_mod);
+ *res = (int)(sp_256_cmp_4(ctx->p1.x, ctx->u1) == 0);
}
}
break;
}
+ } /* switch */
- if (err == MP_OKAY && ctx->state != 14) {
+ if (err == MP_OKAY && ctx->state != 12) {
err = FP_WOULDBLOCK;
}
@@ -24397,62 +24240,51 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
#endif /* WOLFSSL_SP_NONBLOCK */
int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
- const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm,
+ const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm,
int* res, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit u1d[2*4];
- sp_digit u2d[2*4];
- sp_digit sd[2*4];
- sp_digit tmpd[2*4 * 5];
- sp_point_256 p1d;
- sp_point_256 p2d;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* u1 = NULL;
+ sp_point_256* p1 = NULL;
+#else
+ sp_digit u1[16 * 4];
+ sp_point_256 p1[2];
+#endif
sp_digit* u2 = NULL;
sp_digit* s = NULL;
sp_digit* tmp = NULL;
- sp_point_256* p1;
sp_point_256* p2 = NULL;
sp_digit carry;
int64_t c = 0;
- int err;
+ int err = MP_OKAY;
- err = sp_256_point_new_4(heap, p1d, p1);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_256_point_new_4(heap, p2d, p2);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 4, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ p1 = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (p1 == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 4, heap,
+ DYNAMIC_TYPE_ECC);
+ if (u1 == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- u1 = d + 0 * 4;
- u2 = d + 2 * 4;
- s = d + 4 * 4;
- tmp = d + 6 * 4;
-#else
- u1 = u1d;
- u2 = u2d;
- s = sd;
- tmp = tmpd;
-#endif
+ u2 = u1 + 2 * 4;
+ s = u1 + 4 * 4;
+ tmp = u1 + 6 * 4;
+ p2 = p1 + 1;
if (hashLen > 32U) {
hashLen = 32U;
}
sp_256_from_bin(u1, 4, hash, (int)hashLen);
- sp_256_from_mp(u2, 4, r);
+ sp_256_from_mp(u2, 4, rm);
sp_256_from_mp(s, 4, sm);
sp_256_from_mp(p2->x, 4, pX);
sp_256_from_mp(p2->y, 4, pY);
@@ -24463,7 +24295,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
if (err == MP_OKAY) {
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_256_from_mp(u2, 4, r);
+ sp_256_from_mp(u2, 4, rm);
err = sp_256_mod_mul_norm_4(u2, u2, p256_mod);
}
@@ -24474,7 +24306,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
*res = (int)(sp_256_cmp_4(p1->x, u1) == 0);
if (*res == 0) {
/* Reload r and add order. */
- sp_256_from_mp(u2, 4, r);
+ sp_256_from_mp(u2, 4, rm);
carry = sp_256_add_4(u2, u2, p256_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -24483,8 +24315,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
/* Compare with mod and if greater or equal then not valid. */
c = sp_256_cmp_4(u2, p256_mod);
}
- }
- if ((*res == 0) && (c < 0)) {
+ }
+ if ((*res == 0) && (c < 0)) {
/* Convert to Montogomery form */
err = sp_256_mod_mul_norm_4(u2, u2, p256_mod);
if (err == MP_OKAY) {
@@ -24496,12 +24328,12 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL)
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (u1 != NULL)
+ XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+ if (p1 != NULL)
+ XFREE(p1, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(p1, 0, heap);
- sp_256_point_free_4(p2, 0, heap);
return err;
}
@@ -24518,32 +24350,23 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX,
static int sp_256_ecc_is_point_4(const sp_point_256* point,
void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2*4];
- sp_digit t2d[2*4];
+ sp_digit t1[4 * 4];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 4, heap, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 4, heap, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)heap;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 4;
- t2 = d + 2 * 4;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 4;
sp_256_sqr_4(t1, point->y);
(void)sp_256_mod_4(t1, t1, p256_mod);
@@ -24563,10 +24386,9 @@ static int sp_256_ecc_is_point_4(const sp_point_256* point,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, heap, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -24581,14 +24403,21 @@ static int sp_256_ecc_is_point_4(const sp_point_256* point,
*/
int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_256 pubd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_256* pub = NULL;
+#else
+ sp_point_256 pub[1];
+#endif
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
#endif
- sp_point_256* pub;
- byte one[1] = { 1 };
- int err;
- err = sp_256_point_new_4(NULL, pubd, pub);
if (err == MP_OKAY) {
sp_256_from_mp(pub->x, 4, pX);
sp_256_from_mp(pub->y, 4, pY);
@@ -24597,7 +24426,10 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
err = sp_256_ecc_is_point_4(pub, NULL);
}
- sp_256_point_free_4(pub, 0, NULL);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -24616,48 +24448,48 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY)
int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
const mp_int* privm, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit privd[4];
- sp_point_256 pubd;
- sp_point_256 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* priv = NULL;
- sp_point_256* pub;
+ sp_point_256* pub = NULL;
+#else
+ sp_digit priv[4];
+ sp_point_256 pub[2];
+#endif
sp_point_256* p = NULL;
- byte one[1] = { 1 };
- int err;
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
- err = sp_256_point_new_4(heap, pubd, pub);
- if (err == MP_OKAY) {
- err = sp_256_point_new_4(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY && privm) {
- priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4, heap,
- DYNAMIC_TYPE_ECC);
- if (priv == NULL) {
- err = MEMORY_E;
- }
- }
-#endif
/* Quick check the lengs of public key ordinates and private key are in
* range. Proper check later.
*/
- if ((err == MP_OKAY) && ((mp_count_bits(pX) > 256) ||
+ if (((mp_count_bits(pX) > 256) ||
(mp_count_bits(pY) > 256) ||
((privm != NULL) && (mp_count_bits(privm) > 256)))) {
err = ECC_OUT_OF_RANGE_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- priv = privd;
+ pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY && privm) {
+ priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4, heap,
+ DYNAMIC_TYPE_ECC);
+ if (priv == NULL)
+ err = MEMORY_E;
+ }
#endif
+ if (err == MP_OKAY) {
+ p = pub + 1;
+
sp_256_from_mp(pub->x, 4, pX);
sp_256_from_mp(pub->y, 4, pY);
sp_256_from_bin(pub->z, 4, one, (int)sizeof(one));
@@ -24716,13 +24548,12 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (priv != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+ if (priv != NULL)
XFREE(priv, heap, DYNAMIC_TYPE_ECC);
- }
#endif
- sp_256_point_free_4(p, 0, heap);
- sp_256_point_free_4(pub, 0, heap);
return err;
}
@@ -24746,36 +24577,38 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* qX, mp_int* qY, mp_int* qZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 4 * 5];
- sp_point_256 pd;
- sp_point_256 qd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_256* p;
+ sp_point_256* p = NULL;
+#else
+ sp_digit tmp[2 * 4 * 5];
+ sp_point_256 p[2];
+#endif
sp_point_256* q = NULL;
int err;
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
- err = sp_256_point_new_4(NULL, pd, p);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_256_point_new_4(NULL, qd, q);
+ p = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, NULL,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (tmp == NULL) {
err = MEMORY_E;
}
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
+ q = p + 1;
+
sp_256_from_mp(p->x, 4, pX);
sp_256_from_mp(p->y, 4, pY);
sp_256_from_mp(p->z, 4, pZ);
@@ -24801,13 +24634,12 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_256_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(q, 0, NULL);
- sp_256_point_free_4(p, 0, NULL);
return err;
}
@@ -24826,28 +24658,31 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 4 * 2];
- sp_point_256 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_256* p;
- int err;
+ sp_point_256* p = NULL;
+#else
+ sp_digit tmp[2 * 4 * 2];
+ sp_point_256 p[1];
+#endif
+ int err = MP_OKAY;
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
- err = sp_256_point_new_4(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 2, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
@@ -24873,12 +24708,12 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_256_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(p, 0, NULL);
return err;
}
@@ -24893,28 +24728,32 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ,
*/
int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 4 * 4];
- sp_point_256 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_256* p;
- int err;
+ sp_point_256* p = NULL;
+#else
+ sp_digit tmp[2 * 4 * 4];
+ sp_point_256 p[1];
+#endif
+ int err = MP_OKAY;
+
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
- err = sp_256_point_new_4(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 4, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
sp_256_from_mp(p->x, 4, pX);
@@ -24939,12 +24778,12 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
err = sp_256_to_mp(p->z, pZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_256_point_free_4(p, 0, NULL);
return err;
}
@@ -24957,34 +24796,26 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ)
*/
static int sp_256_mont_sqrt_4(sp_digit* y)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2 * 4];
- sp_digit t2d[2 * 4];
+ sp_digit t1[4 * 4];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 4, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 4, NULL, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL) {
err = MEMORY_E;
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 4;
- t2 = d + 2 * 4;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 4;
#ifdef HAVE_INTEL_AVX2
if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
@@ -25053,10 +24884,9 @@ static int sp_256_mont_sqrt_4(sp_digit* y)
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -25072,34 +24902,25 @@ static int sp_256_mont_sqrt_4(sp_digit* y)
*/
int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
-#else
- sp_digit xd[2 * 4];
- sp_digit yd[2 * 4];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* x = NULL;
+#else
+ sp_digit x[4 * 4];
+#endif
sp_digit* y = NULL;
int err = MP_OKAY;
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 4, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 4, NULL, DYNAMIC_TYPE_ECC);
+ if (x == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- x = d + 0 * 4;
- y = d + 2 * 4;
-#else
- x = xd;
- y = yd;
-#endif
+ y = x + 2 * 4;
sp_256_from_mp(x, 4, xm);
err = sp_256_mod_mul_norm_4(x, x, p256_mod);
@@ -25139,10 +24960,9 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym)
err = sp_256_to_mp(y, ym);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (x != NULL)
+ XFREE(x, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -25235,64 +25055,6 @@ extern void sp_384_mul_6(sp_digit* r, const sp_digit* a, const sp_digit* b);
extern void sp_384_sqr_6(sp_digit* r, const sp_digit* a);
extern sp_digit sp_384_add_6(sp_digit* r, const sp_digit* a, const sp_digit* b);
extern sp_digit sp_384_sub_6(sp_digit* r, const sp_digit* a, const sp_digit* b);
-/* Create a new point.
- *
- * heap [in] Buffer to allocate dynamic memory from.
- * sp [in] Data for point - only if not allocating.
- * p [out] New point.
- * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise.
- */
-static int sp_384_point_new_ex_6(void* heap, sp_point_384* sp,
- sp_point_384** p)
-{
- int ret = MP_OKAY;
- (void)heap;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- (void)sp;
- *p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC);
-#else
- *p = sp;
-#endif
- if (*p == NULL) {
- ret = MEMORY_E;
- }
- return ret;
-}
-
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* Allocate memory for point and return error. */
-#define sp_384_point_new_6(heap, sp, p) sp_384_point_new_ex_6((heap), NULL, &(p))
-#else
-/* Set pointer to data and return no error. */
-#define sp_384_point_new_6(heap, sp, p) sp_384_point_new_ex_6((heap), &(sp), &(p))
-#endif
-
-
-/* Free the point.
- *
- * p [in,out] Point to free.
- * clear [in] Indicates whether to zeroize point.
- * heap [in] Buffer from which dynamic memory was allocate from.
- */
-static void sp_384_point_free_6(sp_point_384* p, int clear, void* heap)
-{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
-/* If valid pointer then clear point data if requested and free data. */
- if (p != NULL) {
- if (clear != 0) {
- XMEMSET(p, 0, sizeof(*p));
- }
- XFREE(p, heap, DYNAMIC_TYPE_ECC);
- }
-#else
-/* Clear point data if requested. */
- if ((p != NULL) && (clear != 0)) {
- XMEMSET(p, 0, sizeof(*p));
- }
-#endif
- (void)heap;
-}
-
/* Multiply a number by Montogmery normalizer mod modulus (prime).
*
* r The resulting Montgomery form number.
@@ -25302,34 +25064,25 @@ static void sp_384_point_free_6(sp_point_384* p, int clear, void* heap)
*/
static int sp_384_mod_mul_norm_6(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- int64_t* td;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ int64_t* t = NULL;
#else
- int64_t td[12];
- int64_t a32d[12];
+ int64_t t[2 * 12];
#endif
- int64_t* t;
- int64_t* a32;
+ int64_t* a32 = NULL;
int64_t o;
int err = MP_OKAY;
(void)m;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- td = (int64_t*)XMALLOC(sizeof(int64_t) * 2 * 12, NULL, DYNAMIC_TYPE_ECC);
- if (td == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (int64_t*)XMALLOC(sizeof(int64_t) * 2 * 12, NULL, DYNAMIC_TYPE_ECC);
+ if (t == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = td;
- a32 = td + 12;
-#else
- t = td;
- a32 = a32d;
-#endif
+ a32 = t + 12;
a32[0] = a[0] & 0xffffffff;
a32[1] = a[0] >> 32;
@@ -25405,9 +25158,9 @@ static int sp_384_mod_mul_norm_6(sp_digit* r, const sp_digit* a, const sp_digit*
r[5] = (t[11] << 32) | t[10];
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (td != NULL)
- XFREE(td, NULL, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -26706,43 +26459,41 @@ extern void sp_384_get_point_33_avx2_6(sp_point_384* r, const sp_point_384* tabl
static int sp_384_ecc_mulmod_win_add_sub_6(sp_point_384* r, const sp_point_384* g,
const sp_digit* k, int map, int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 td[33];
- sp_point_384 rtd;
- sp_point_384 pd;
- sp_digit tmpd[2 * 6 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* t = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_384 t[33+2];
+ sp_digit tmp[2 * 6 * 6];
#endif
- sp_point_384* t;
- sp_point_384* rt;
+ sp_point_384* rt = NULL;
sp_point_384* p = NULL;
- sp_digit* tmp;
sp_digit* negy;
int i;
ecc_recode_384 v[65];
- int err;
+ int err = MP_OKAY;
/* Constant time used for cache attack resistance implementation. */
(void)ct;
(void)heap;
- err = sp_384_point_new_6(heap, rtd, rt);
- if (err == MP_OKAY)
- err = sp_384_point_new_6(heap, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 33, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) *
+ (33+2), heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
-#else
- t = td;
- tmp = tmpd;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6,
+ heap, DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
-
if (err == MP_OKAY) {
+ rt = t + 33;
+ p = t + 33+1;
+
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
@@ -26822,14 +26573,12 @@ static int sp_384_ecc_mulmod_win_add_sub_6(sp_point_384* r, const sp_point_384*
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
if (tmp != NULL)
XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(p, 0, heap);
- sp_384_point_free_6(rt, 0, heap);
return err;
}
@@ -27782,43 +27531,41 @@ static void sp_384_proj_point_add_sub_avx2_6(sp_point_384* ra,
static int sp_384_ecc_mulmod_win_add_sub_avx2_6(sp_point_384* r, const sp_point_384* g,
const sp_digit* k, int map, int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 td[33];
- sp_point_384 rtd;
- sp_point_384 pd;
- sp_digit tmpd[2 * 6 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* t = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_384 t[33+2];
+ sp_digit tmp[2 * 6 * 6];
#endif
- sp_point_384* t;
- sp_point_384* rt;
+ sp_point_384* rt = NULL;
sp_point_384* p = NULL;
- sp_digit* tmp;
sp_digit* negy;
int i;
ecc_recode_384 v[65];
- int err;
+ int err = MP_OKAY;
/* Constant time used for cache attack resistance implementation. */
(void)ct;
(void)heap;
- err = sp_384_point_new_6(heap, rtd, rt);
- if (err == MP_OKAY)
- err = sp_384_point_new_6(heap, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 33, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) *
+ (33+2), heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
-#else
- t = td;
- tmp = tmpd;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6,
+ heap, DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
-
if (err == MP_OKAY) {
+ rt = t + 33;
+ p = t + 33+1;
+
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
@@ -27898,14 +27645,12 @@ static int sp_384_ecc_mulmod_win_add_sub_avx2_6(sp_point_384* r, const sp_point_
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
if (tmp != NULL)
XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(p, 0, heap);
- sp_384_point_free_6(rt, 0, heap);
return err;
}
@@ -28038,29 +27783,30 @@ static void sp_384_proj_to_affine_6(sp_point_384* a, sp_digit* t)
static int sp_384_gen_stripe_table_6(const sp_point_384* a,
sp_table_entry_384* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 td;
- sp_point_384 s1d;
- sp_point_384 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* t = NULL;
+#else
+ sp_point_384 t[3];
#endif
- sp_point_384* t;
sp_point_384* s1 = NULL;
sp_point_384* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_384_point_new_6(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_384_point_new_6(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_384_point_new_6(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_384_mod_mul_norm_6(t->x, a->x, p384_mod);
}
if (err == MP_OKAY) {
@@ -28105,9 +27851,10 @@ static int sp_384_gen_stripe_table_6(const sp_point_384* a,
}
}
- sp_384_point_free_6(s2, 0, heap);
- sp_384_point_free_6(s1, 0, heap);
- sp_384_point_free_6( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -28136,19 +27883,19 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g,
const sp_table_entry_384* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 rtd;
- sp_point_384 pd;
- sp_digit td[2 * 6 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_384 rt[2];
+ sp_digit t[2 * 6 * 6];
#endif
- sp_point_384* rt;
sp_point_384* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -28156,21 +27903,22 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g,
(void)heap;
- err = sp_384_point_new_6(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_384_point_new_6(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p384_norm_mod, sizeof(p384_norm_mod));
XMEMCPY(rt->z, p384_norm_mod, sizeof(p384_norm_mod));
@@ -28221,13 +27969,12 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(p, 0, heap);
- sp_384_point_free_6(rt, 0, heap);
return err;
}
@@ -28500,29 +28247,30 @@ static void sp_384_proj_to_affine_avx2_6(sp_point_384* a, sp_digit* t)
static int sp_384_gen_stripe_table_avx2_6(const sp_point_384* a,
sp_table_entry_384* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 td;
- sp_point_384 s1d;
- sp_point_384 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* t = NULL;
+#else
+ sp_point_384 t[3];
#endif
- sp_point_384* t;
sp_point_384* s1 = NULL;
sp_point_384* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_384_point_new_6(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_384_point_new_6(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_384_point_new_6(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_384_mod_mul_norm_avx2_6(t->x, a->x, p384_mod);
}
if (err == MP_OKAY) {
@@ -28567,9 +28315,10 @@ static int sp_384_gen_stripe_table_avx2_6(const sp_point_384* a,
}
}
- sp_384_point_free_6(s2, 0, heap);
- sp_384_point_free_6(s1, 0, heap);
- sp_384_point_free_6( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -28596,19 +28345,19 @@ static int sp_384_ecc_mulmod_stripe_avx2_6(sp_point_384* r, const sp_point_384*
const sp_table_entry_384* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 rtd;
- sp_point_384 pd;
- sp_digit td[2 * 6 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_384 rt[2];
+ sp_digit t[2 * 6 * 6];
#endif
- sp_point_384* rt;
sp_point_384* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -28616,21 +28365,22 @@ static int sp_384_ecc_mulmod_stripe_avx2_6(sp_point_384* r, const sp_point_384*
(void)heap;
- err = sp_384_point_new_6(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_384_point_new_6(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p384_norm_mod, sizeof(p384_norm_mod));
XMEMCPY(rt->z, p384_norm_mod, sizeof(p384_norm_mod));
@@ -28681,13 +28431,12 @@ static int sp_384_ecc_mulmod_stripe_avx2_6(sp_point_384* r, const sp_point_384*
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(p, 0, heap);
- sp_384_point_free_6(rt, 0, heap);
return err;
}
@@ -28759,28 +28508,31 @@ static int sp_384_ecc_mulmod_avx2_6(sp_point_384* r, const sp_point_384* g, cons
int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[6];
-#endif
- sp_point_384* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[1];
+ sp_digit k[6];
+#endif
int err = MP_OKAY;
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
- err = sp_384_point_new_6(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_384_from_mp(k, 6, km);
sp_384_point_from_ecc_point_6(point, gm);
@@ -28796,12 +28548,12 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
err = sp_384_point_to_ecc_point_6(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(point, 0, heap);
return err;
}
@@ -28821,40 +28573,38 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r,
int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
const ecc_point* am, int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_point_384 a;
- sp_digit kd[6];
- sp_digit t[6 * 2 * 6];
-#endif
- sp_point_384* point;
- sp_point_384* addP = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[2];
+ sp_digit k[6 + 6 * 2 * 6];
+#endif
+ sp_point_384* addP = NULL;
sp_digit* tmp = NULL;
int err = MP_OKAY;
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
- err = sp_384_point_new_6(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_384_point_new_6(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (6 + 6 * 2 * 6), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (6 + 6 * 2 * 6), heap,
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 6;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 6;
+
sp_384_from_mp(k, 6, km);
sp_384_point_from_ecc_point_6(point, gm);
sp_384_point_from_ecc_point_6(addP, am);
@@ -28896,13 +28646,12 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm,
err = sp_384_point_to_ecc_point_6(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(addP, 0, heap);
- sp_384_point_free_6(point, 0, heap);
return err;
}
@@ -47141,35 +46890,41 @@ static int sp_384_ecc_mulmod_add_only_6(sp_point_384* r, const sp_point_384* g,
const sp_table_entry_384* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 rtd;
- sp_point_384 pd;
- sp_digit tmpd[2 * 6 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* rt = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_384 rt[2];
+ sp_digit tmp[2 * 6 * 6];
#endif
- sp_point_384* rt;
sp_point_384* p = NULL;
- sp_digit* tmp;
- sp_digit* negy;
+ sp_digit* negy = NULL;
int i;
ecc_recode_384 v[55];
- int err;
+ int err = MP_OKAY;
(void)g;
(void)ct;
(void)heap;
- err = sp_384_point_new_6(heap, rtd, rt);
- if (err == MP_OKAY)
- err = sp_384_point_new_6(heap, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
-#else
- tmp = tmpd;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap,
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
- negy = tmp;
+
+ if (err == MP_OKAY) {
+ negy = tmp;
+ p = rt + 1;
+ }
if (err == MP_OKAY) {
sp_384_ecc_recode_7_6(k, v);
@@ -47214,16 +46969,19 @@ static int sp_384_ecc_mulmod_add_only_6(sp_point_384* r, const sp_point_384* g,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
- XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 6 * 6);
- XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- ForceZero(tmp, sizeof(sp_digit) * 2 * 6 * 6);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
+#endif
+ {
+ ForceZero(tmp, sizeof(sp_digit) * 2 * 6 * 6);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(p, 0, heap);
- sp_384_point_free_6(rt, 0, heap);
return MP_OKAY;
}
@@ -47266,35 +47024,41 @@ static int sp_384_ecc_mulmod_add_only_avx2_6(sp_point_384* r, const sp_point_384
const sp_table_entry_384* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 rtd;
- sp_point_384 pd;
- sp_digit tmpd[2 * 6 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* rt = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_384 rt[2];
+ sp_digit tmp[2 * 6 * 6];
#endif
- sp_point_384* rt;
sp_point_384* p = NULL;
- sp_digit* tmp;
- sp_digit* negy;
+ sp_digit* negy = NULL;
int i;
ecc_recode_384 v[55];
- int err;
+ int err = MP_OKAY;
(void)g;
(void)ct;
(void)heap;
- err = sp_384_point_new_6(heap, rtd, rt);
- if (err == MP_OKAY)
- err = sp_384_point_new_6(heap, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
-#else
- tmp = tmpd;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap,
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
- negy = tmp;
+
+ if (err == MP_OKAY) {
+ negy = tmp;
+ p = rt + 1;
+ }
if (err == MP_OKAY) {
sp_384_ecc_recode_7_6(k, v);
@@ -47339,16 +47103,19 @@ static int sp_384_ecc_mulmod_add_only_avx2_6(sp_point_384* r, const sp_point_384
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
- XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 6 * 6);
- XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- ForceZero(tmp, sizeof(sp_digit) * 2 * 6 * 6);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
+#endif
+ {
+ ForceZero(tmp, sizeof(sp_digit) * 2 * 6 * 6);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(p, 0, heap);
- sp_384_point_free_6(rt, 0, heap);
return MP_OKAY;
}
@@ -47383,29 +47150,31 @@ static int sp_384_ecc_mulmod_base_avx2_6(sp_point_384* r, const sp_digit* k,
*/
int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[6];
-#endif
- sp_point_384* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[1];
+ sp_digit k[6];
+#endif
int err = MP_OKAY;
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
- err = sp_384_point_new_6(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_384_from_mp(k, 6, km);
@@ -47420,12 +47189,12 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
err = sp_384_point_to_ecc_point_6(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(point, 0, heap);
return err;
}
@@ -47444,40 +47213,38 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap)
int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_point_384 a;
- sp_digit kd[6];
- sp_digit t[6 * 2 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
+ sp_digit* k = NULL;
+#else
+ sp_point_384 point[2];
+ sp_digit k[6 + 6 * 2 * 6];
#endif
- sp_point_384* point;
sp_point_384* addP = NULL;
sp_digit* tmp = NULL;
- sp_digit* k = NULL;
int err = MP_OKAY;
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
- err = sp_384_point_new_6(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_384_point_new_6(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (6 + 6 * 2 * 6), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (6 + 6 * 2 * 6),
+ heap, DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 6;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 6;
+
sp_384_from_mp(k, 6, km);
sp_384_point_from_ecc_point_6(addP, am);
}
@@ -47518,13 +47285,12 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am,
err = sp_384_point_to_ecc_point_6(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(addP, 0, heap);
- sp_384_point_free_6(point, 0, heap);
return err;
}
@@ -47606,44 +47372,49 @@ static int sp_384_ecc_gen_k_6(WC_RNG* rng, sp_digit* k)
*/
int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[6];
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_point_384 inf;
-#endif
-#endif
- sp_point_384* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ sp_point_384 point[2];
+ #else
+ sp_point_384 point[1];
+ #endif
+ sp_digit k[6];
+#endif
#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
sp_point_384* infinity = NULL;
#endif
- int err;
+ int err = MP_OKAY;
+
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
(void)heap;
- err = sp_384_point_new_6(heap, p, point);
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- if (err == MP_OKAY) {
- err = sp_384_point_new_6(heap, inf, infinity);
- }
-#endif
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, DYNAMIC_TYPE_ECC);
+ #else
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC);
+ #endif
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
+ #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
+ infinity = point + 1;
+ #endif
+
err = sp_384_ecc_gen_k_6(rng, k);
}
if (err == MP_OKAY) {
@@ -47680,15 +47451,14 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
err = sp_384_point_to_ecc_point_6(point, pub);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
+ if (point != NULL) {
+ /* point is not sensitive, so no need to zeroize */
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
}
#endif
-#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
- sp_384_point_free_6(infinity, 1, heap);
-#endif
- sp_384_point_free_6(point, 1, heap);
return err;
}
@@ -47732,12 +47502,13 @@ static void sp_384_to_bin(sp_digit* r, byte* a)
int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
word32* outLen, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 p;
- sp_digit kd[6];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_point_384* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_384 point[1];
+ sp_digit k[6];
+#endif
int err = MP_OKAY;
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
@@ -47747,18 +47518,19 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
err = BUFFER_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_384_point_new_6(heap, p, point);
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
if (err == MP_OKAY) {
@@ -47776,12 +47548,12 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
*outLen = 48;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(point, 0, heap);
return err;
}
@@ -48390,13 +48162,10 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
hashLen = 48U;
}
- sp_384_from_bin(ctx->e, 6, hash, (int)hashLen);
-
ctx->i = SP_ECC_MAX_SIG_GEN;
ctx->state = 1;
break;
case 1: /* GEN */
- sp_384_from_mp(ctx->x, 6, priv);
/* New random point. */
if (km == NULL || mp_iszero(km)) {
err = sp_384_ecc_gen_k_6(rng, ctx->k);
@@ -48424,6 +48193,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
c = sp_384_cmp_6(ctx->r, p384_order);
sp_384_cond_sub_6(ctx->r, ctx->r, p384_order, 0L - (sp_digit)(c >= 0));
sp_384_norm_6(ctx->r);
+
+ sp_384_from_mp(ctx->x, 6, priv);
+ sp_384_from_bin(ctx->e, 6, hash, (int)hashLen);
ctx->state = 4;
break;
}
@@ -48480,6 +48252,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
ctx->state = 10;
break;
}
+ #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP
+ ctx->i = 1;
+ #endif
/* not usable gen, try again */
ctx->i--;
@@ -48515,22 +48290,17 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng,
const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit ed[2*6];
- sp_digit xd[2*6];
- sp_digit kd[2*6];
- sp_digit rd[2*6];
- sp_digit td[3 * 2*6];
- sp_point_384 p;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* e = NULL;
+ sp_point_384* point = NULL;
+#else
+ sp_digit e[7 * 2 * 6];
+ sp_point_384 point[1];
+#endif
sp_digit* x = NULL;
sp_digit* k = NULL;
sp_digit* r = NULL;
sp_digit* tmp = NULL;
- sp_point_384* point = NULL;
sp_digit* s = NULL;
int64_t c;
int err = MP_OKAY;
@@ -48541,31 +48311,26 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng,
(void)heap;
- err = sp_384_point_new_6(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 6, heap,
+ DYNAMIC_TYPE_ECC);
+ if (e == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- e = d + 0 * 6;
- x = d + 2 * 6;
- k = d + 4 * 6;
- r = d + 6 * 6;
- tmp = d + 8 * 6;
-#else
- e = ed;
- x = xd;
- k = kd;
- r = rd;
- tmp = td;
-#endif
+ x = e + 2 * 6;
+ k = e + 4 * 6;
+ r = e + 6 * 6;
+ tmp = e + 8 * 6;
s = e;
if (hashLen > 48U) {
@@ -48625,19 +48390,24 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng,
err = sp_384_to_mp(s, sm);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XMEMSET(d, 0, sizeof(sp_digit) * 8 * 6);
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
-#else
- XMEMSET(e, 0, sizeof(sp_digit) * 2U * 6U);
- XMEMSET(x, 0, sizeof(sp_digit) * 2U * 6U);
- XMEMSET(k, 0, sizeof(sp_digit) * 2U * 6U);
- XMEMSET(r, 0, sizeof(sp_digit) * 2U * 6U);
- XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 6U);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (e != NULL)
#endif
- sp_384_point_free_6(point, 1, heap);
+ {
+ ForceZero(e, sizeof(sp_digit) * 7 * 2 * 6);
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(e, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (point != NULL)
+#endif
+ {
+ ForceZero(point, sizeof(sp_point_384));
+ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
+ #endif
+ }
return err;
}
@@ -48904,7 +48674,7 @@ typedef struct sp_ecc_verify_384_ctx {
int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ,
- const mp_int* r, const mp_int* sm, int* res, void* heap)
+ const mp_int* rm, const mp_int* sm, int* res, void* heap)
{
int err = FP_WOULDBLOCK;
sp_ecc_verify_384_ctx* ctx = (sp_ecc_verify_384_ctx*)sp_ctx->data;
@@ -48919,7 +48689,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
}
sp_384_from_bin(ctx->u1, 6, hash, (int)hashLen);
- sp_384_from_mp(ctx->u2, 6, r);
+ sp_384_from_mp(ctx->u2, 6, rm);
sp_384_from_mp(ctx->s, 6, sm);
sp_384_from_mp(ctx->p2.x, 6, pX);
sp_384_from_mp(ctx->p2.y, 6, pY);
@@ -48977,57 +48747,33 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
if (err == MP_OKAY)
ctx->state = 9;
break;
- case 9: /* DBLPREP */
- if (sp_384_iszero_6(ctx->p1.z)) {
- if (sp_384_iszero_6(ctx->p1.x) && sp_384_iszero_6(ctx->p1.y)) {
- XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx));
- ctx->state = 10;
- break;
- }
- else {
- /* Y ordinate is not used from here - don't set. */
- int i;
- for (i=0; i<6; i++) {
- ctx->p1.x[i] = 0;
- }
- XMEMCPY(ctx->p1.z, p384_norm_mod, sizeof(p384_norm_mod));
- }
- }
- ctx->state = 11;
- break;
- case 10: /* DBL */
- err = sp_384_proj_point_dbl_6_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1,
- &ctx->p2, ctx->tmp);
- if (err == MP_OKAY) {
- ctx->state = 11;
- }
- break;
- case 11: /* MONT */
+ case 9: /* MONT */
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_384_from_mp(ctx->u2, 6, r);
+ sp_384_from_mp(ctx->u2, 6, rm);
err = sp_384_mod_mul_norm_6(ctx->u2, ctx->u2, p384_mod);
if (err == MP_OKAY)
- ctx->state = 12;
+ ctx->state = 10;
break;
- case 12: /* SQR */
+ case 10: /* SQR */
/* u1 = r.z'.z' mod prime */
sp_384_mont_sqr_6(ctx->p1.z, ctx->p1.z, p384_mod, p384_mp_mod);
- ctx->state = 13;
+ ctx->state = 11;
break;
- case 13: /* MUL */
+ case 11: /* MUL */
sp_384_mont_mul_6(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, p384_mp_mod);
- ctx->state = 14;
+ ctx->state = 12;
break;
- case 14: /* RES */
+ case 12: /* RES */
+ {
+ int64_t c = 0;
err = MP_OKAY; /* math okay, now check result */
*res = (int)(sp_384_cmp_6(ctx->p1.x, ctx->u1) == 0);
if (*res == 0) {
sp_digit carry;
- int64_t c;
/* Reload r and add order. */
- sp_384_from_mp(ctx->u2, 6, r);
+ sp_384_from_mp(ctx->u2, 6, rm);
carry = sp_384_add_6(ctx->u2, ctx->u2, p384_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -49035,22 +48781,23 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
/* Compare with mod and if greater or equal then not valid. */
c = sp_384_cmp_6(ctx->u2, p384_mod);
- if (c < 0) {
- /* Convert to Montogomery form */
- err = sp_384_mod_mul_norm_6(ctx->u2, ctx->u2, p384_mod);
- if (err == MP_OKAY) {
- /* u1 = (r + 1*order).z'.z' mod prime */
- sp_384_mont_mul_6(ctx->u1, ctx->u2, ctx->p1.z, p384_mod,
- p384_mp_mod);
- *res = (int)(sp_384_cmp_6(ctx->p1.x, ctx->u1) == 0);
- }
- }
+ }
+ }
+ if ((*res == 0) && (c < 0)) {
+ /* Convert to Montogomery form */
+ err = sp_384_mod_mul_norm_6(ctx->u2, ctx->u2, p384_mod);
+ if (err == MP_OKAY) {
+ /* u1 = (r + 1*order).z'.z' mod prime */
+ sp_384_mont_mul_6(ctx->u1, ctx->u2, ctx->p1.z, p384_mod,
+ p384_mp_mod);
+ *res = (int)(sp_384_cmp_6(ctx->p1.x, ctx->u1) == 0);
}
}
break;
}
+ } /* switch */
- if (err == MP_OKAY && ctx->state != 14) {
+ if (err == MP_OKAY && ctx->state != 12) {
err = FP_WOULDBLOCK;
}
@@ -49059,62 +48806,51 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
#endif /* WOLFSSL_SP_NONBLOCK */
int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
- const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm,
+ const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm,
int* res, void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
-#else
- sp_digit u1d[2*6];
- sp_digit u2d[2*6];
- sp_digit sd[2*6];
- sp_digit tmpd[2*6 * 5];
- sp_point_384 p1d;
- sp_point_384 p2d;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* u1 = NULL;
+ sp_point_384* p1 = NULL;
+#else
+ sp_digit u1[16 * 6];
+ sp_point_384 p1[2];
+#endif
sp_digit* u2 = NULL;
sp_digit* s = NULL;
sp_digit* tmp = NULL;
- sp_point_384* p1;
sp_point_384* p2 = NULL;
sp_digit carry;
int64_t c = 0;
- int err;
+ int err = MP_OKAY;
- err = sp_384_point_new_6(heap, p1d, p1);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_384_point_new_6(heap, p2d, p2);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+ p1 = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (p1 == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY) {
+ u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 6, heap,
+ DYNAMIC_TYPE_ECC);
+ if (u1 == NULL)
err = MEMORY_E;
- }
}
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- u1 = d + 0 * 6;
- u2 = d + 2 * 6;
- s = d + 4 * 6;
- tmp = d + 6 * 6;
-#else
- u1 = u1d;
- u2 = u2d;
- s = sd;
- tmp = tmpd;
-#endif
+ u2 = u1 + 2 * 6;
+ s = u1 + 4 * 6;
+ tmp = u1 + 6 * 6;
+ p2 = p1 + 1;
if (hashLen > 48U) {
hashLen = 48U;
}
sp_384_from_bin(u1, 6, hash, (int)hashLen);
- sp_384_from_mp(u2, 6, r);
+ sp_384_from_mp(u2, 6, rm);
sp_384_from_mp(s, 6, sm);
sp_384_from_mp(p2->x, 6, pX);
sp_384_from_mp(p2->y, 6, pY);
@@ -49125,7 +48861,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
if (err == MP_OKAY) {
/* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */
/* Reload r and convert to Montgomery form. */
- sp_384_from_mp(u2, 6, r);
+ sp_384_from_mp(u2, 6, rm);
err = sp_384_mod_mul_norm_6(u2, u2, p384_mod);
}
@@ -49136,7 +48872,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
*res = (int)(sp_384_cmp_6(p1->x, u1) == 0);
if (*res == 0) {
/* Reload r and add order. */
- sp_384_from_mp(u2, 6, r);
+ sp_384_from_mp(u2, 6, rm);
carry = sp_384_add_6(u2, u2, p384_order);
/* Carry means result is greater than mod and is not valid. */
if (carry == 0) {
@@ -49145,8 +48881,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
/* Compare with mod and if greater or equal then not valid. */
c = sp_384_cmp_6(u2, p384_mod);
}
- }
- if ((*res == 0) && (c < 0)) {
+ }
+ if ((*res == 0) && (c < 0)) {
/* Convert to Montogomery form */
err = sp_384_mod_mul_norm_6(u2, u2, p384_mod);
if (err == MP_OKAY) {
@@ -49158,12 +48894,12 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL)
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (u1 != NULL)
+ XFREE(u1, heap, DYNAMIC_TYPE_ECC);
+ if (p1 != NULL)
+ XFREE(p1, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(p1, 0, heap);
- sp_384_point_free_6(p2, 0, heap);
return err;
}
@@ -49180,32 +48916,23 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX,
static int sp_384_ecc_is_point_6(const sp_point_384* point,
void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2*6];
- sp_digit t2d[2*6];
+ sp_digit t1[6 * 4];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6 * 4, heap, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6 * 4, heap, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)heap;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 6;
- t2 = d + 2 * 6;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 6;
sp_384_sqr_6(t1, point->y);
(void)sp_384_mod_6(t1, t1, p384_mod);
@@ -49225,10 +48952,9 @@ static int sp_384_ecc_is_point_6(const sp_point_384* point,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, heap, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -49243,14 +48969,21 @@ static int sp_384_ecc_is_point_6(const sp_point_384* point,
*/
int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_384 pubd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_384* pub = NULL;
+#else
+ sp_point_384 pub[1];
+#endif
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
#endif
- sp_point_384* pub;
- byte one[1] = { 1 };
- int err;
- err = sp_384_point_new_6(NULL, pubd, pub);
if (err == MP_OKAY) {
sp_384_from_mp(pub->x, 6, pX);
sp_384_from_mp(pub->y, 6, pY);
@@ -49259,7 +48992,10 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
err = sp_384_ecc_is_point_6(pub, NULL);
}
- sp_384_point_free_6(pub, 0, NULL);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -49278,48 +49014,48 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY)
int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
const mp_int* privm, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit privd[6];
- sp_point_384 pubd;
- sp_point_384 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* priv = NULL;
- sp_point_384* pub;
+ sp_point_384* pub = NULL;
+#else
+ sp_digit priv[6];
+ sp_point_384 pub[2];
+#endif
sp_point_384* p = NULL;
- byte one[1] = { 1 };
- int err;
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
- err = sp_384_point_new_6(heap, pubd, pub);
- if (err == MP_OKAY) {
- err = sp_384_point_new_6(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY && privm) {
- priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (priv == NULL) {
- err = MEMORY_E;
- }
- }
-#endif
/* Quick check the lengs of public key ordinates and private key are in
* range. Proper check later.
*/
- if ((err == MP_OKAY) && ((mp_count_bits(pX) > 384) ||
+ if (((mp_count_bits(pX) > 384) ||
(mp_count_bits(pY) > 384) ||
((privm != NULL) && (mp_count_bits(privm) > 384)))) {
err = ECC_OUT_OF_RANGE_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- priv = privd;
+ pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY && privm) {
+ priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6, heap,
+ DYNAMIC_TYPE_ECC);
+ if (priv == NULL)
+ err = MEMORY_E;
+ }
#endif
+ if (err == MP_OKAY) {
+ p = pub + 1;
+
sp_384_from_mp(pub->x, 6, pX);
sp_384_from_mp(pub->y, 6, pY);
sp_384_from_bin(pub->z, 6, one, (int)sizeof(one));
@@ -49378,13 +49114,12 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (priv != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+ if (priv != NULL)
XFREE(priv, heap, DYNAMIC_TYPE_ECC);
- }
#endif
- sp_384_point_free_6(p, 0, heap);
- sp_384_point_free_6(pub, 0, heap);
return err;
}
@@ -49408,36 +49143,38 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* qX, mp_int* qY, mp_int* qZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 6 * 5];
- sp_point_384 pd;
- sp_point_384 qd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_384* p;
+ sp_point_384* p = NULL;
+#else
+ sp_digit tmp[2 * 6 * 5];
+ sp_point_384 p[2];
+#endif
sp_point_384* q = NULL;
int err;
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
- err = sp_384_point_new_6(NULL, pd, p);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
- err = sp_384_point_new_6(NULL, qd, q);
+ p = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 5, NULL,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (tmp == NULL) {
err = MEMORY_E;
}
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
+ q = p + 1;
+
sp_384_from_mp(p->x, 6, pX);
sp_384_from_mp(p->y, 6, pY);
sp_384_from_mp(p->z, 6, pZ);
@@ -49463,13 +49200,12 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_384_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(q, 0, NULL);
- sp_384_point_free_6(p, 0, NULL);
return err;
}
@@ -49488,28 +49224,31 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
mp_int* rX, mp_int* rY, mp_int* rZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 6 * 2];
- sp_point_384 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_384* p;
- int err;
+ sp_point_384* p = NULL;
+#else
+ sp_digit tmp[2 * 6 * 2];
+ sp_point_384 p[1];
+#endif
+ int err = MP_OKAY;
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
- err = sp_384_point_new_6(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 2, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
@@ -49535,12 +49274,12 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
err = sp_384_to_mp(p->z, rZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(p, 0, NULL);
return err;
}
@@ -49555,28 +49294,32 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ,
*/
int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit tmpd[2 * 6 * 6];
- sp_point_384 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* tmp = NULL;
- sp_point_384* p;
- int err;
+ sp_point_384* p = NULL;
+#else
+ sp_digit tmp[2 * 6 * 6];
+ sp_point_384 p[1];
+#endif
+ int err = MP_OKAY;
+
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
- err = sp_384_point_new_6(NULL, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (p == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, NULL,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
err = MEMORY_E;
- }
}
-#else
- tmp = tmpd;
#endif
if (err == MP_OKAY) {
sp_384_from_mp(p->x, 6, pX);
@@ -49601,12 +49344,12 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
err = sp_384_to_mp(p->z, pZ);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (tmp != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (tmp != NULL)
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
- }
+ if (p != NULL)
+ XFREE(p, NULL, DYNAMIC_TYPE_ECC);
#endif
- sp_384_point_free_6(p, 0, NULL);
return err;
}
@@ -49619,46 +49362,31 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ)
*/
static int sp_384_mont_sqrt_6(sp_digit* y)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2 * 6];
- sp_digit t2d[2 * 6];
- sp_digit t3d[2 * 6];
- sp_digit t4d[2 * 6];
- sp_digit t5d[2 * 6];
+ sp_digit t1[5 * 2 * 6];
#endif
- sp_digit* t1;
- sp_digit* t2;
- sp_digit* t3;
- sp_digit* t4;
- sp_digit* t5;
+ sp_digit* t2 = NULL;
+ sp_digit* t3 = NULL;
+ sp_digit* t4 = NULL;
+ sp_digit* t5 = NULL;
int err = MP_OKAY;
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 6, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 6, NULL, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 6;
- t2 = d + 2 * 6;
- t3 = d + 4 * 6;
- t4 = d + 6 * 6;
- t5 = d + 8 * 6;
-#else
- t1 = t1d;
- t2 = t2d;
- t3 = t3d;
- t4 = t4d;
- t5 = t5d;
-#endif
+ t2 = t1 + 2 * 6;
+ t3 = t1 + 4 * 6;
+ t4 = t1 + 6 * 6;
+ t5 = t1 + 8 * 6;
#ifdef HAVE_INTEL_AVX2
if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
@@ -49777,10 +49505,9 @@ static int sp_384_mont_sqrt_6(sp_digit* y)
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -49796,34 +49523,25 @@ static int sp_384_mont_sqrt_6(sp_digit* y)
*/
int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d;
-#else
- sp_digit xd[2 * 6];
- sp_digit yd[2 * 6];
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* x = NULL;
+#else
+ sp_digit x[4 * 6];
+#endif
sp_digit* y = NULL;
int err = MP_OKAY;
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 6, NULL, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 6, NULL, DYNAMIC_TYPE_ECC);
+ if (x == NULL)
err = MEMORY_E;
- }
#endif
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- x = d + 0 * 6;
- y = d + 2 * 6;
-#else
- x = xd;
- y = yd;
-#endif
+ y = x + 2 * 6;
sp_384_from_mp(x, 6, xm);
err = sp_384_mod_mul_norm_6(x, x, p384_mod);
@@ -49863,10 +49581,9 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym)
err = sp_384_to_mp(y, ym);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, NULL, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (x != NULL)
+ XFREE(x, NULL, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -50138,6 +49855,8 @@ static int sp_1024_mod_mul_norm_avx2_16(sp_digit* r, const sp_digit* a, const sp
}
#endif /* HAVE_INTEL_AVX2 */
+
+#ifdef WOLFCRYPT_HAVE_SAKKE
/* Create a new point.
*
* heap [in] Buffer to allocate dynamic memory from.
@@ -50169,8 +49888,8 @@ static int sp_1024_point_new_ex_16(void* heap, sp_point_1024* sp,
/* Set pointer to data and return no error. */
#define sp_1024_point_new_16(heap, sp, p) sp_1024_point_new_ex_16((heap), &(sp), &(p))
#endif
-
-
+#endif /* WOLFCRYPT_HAVE_SAKKE */
+#ifdef WOLFCRYPT_HAVE_SAKKE
/* Free the point.
*
* p [in,out] Point to free.
@@ -50195,6 +49914,7 @@ static void sp_1024_point_free_16(sp_point_1024* p, int clear, void* heap)
#endif
(void)heap;
}
+#endif /* WOLFCRYPT_HAVE_SAKKE */
/* Convert an mp_int to an array of sp_digit.
*
@@ -51381,43 +51101,41 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v)
static int sp_1024_ecc_mulmod_win_add_sub_16(sp_point_1024* r, const sp_point_1024* g,
const sp_digit* k, int map, int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 td[65];
- sp_point_1024 rtd;
- sp_point_1024 pd;
- sp_digit tmpd[2 * 16 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* t = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_1024 t[65+2];
+ sp_digit tmp[2 * 16 * 6];
#endif
- sp_point_1024* t;
- sp_point_1024* rt;
+ sp_point_1024* rt = NULL;
sp_point_1024* p = NULL;
- sp_digit* tmp;
sp_digit* negy;
int i;
ecc_recode_1024 v[147];
- int err;
+ int err = MP_OKAY;
/* Constant time used for cache attack resistance implementation. */
(void)ct;
(void)heap;
- err = sp_1024_point_new_16(heap, rtd, rt);
- if (err == MP_OKAY)
- err = sp_1024_point_new_16(heap, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 65, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) *
+ (65+2), heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 16 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
-#else
- t = td;
- tmp = tmpd;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 16 * 6,
+ heap, DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
-
if (err == MP_OKAY) {
+ rt = t + 65;
+ p = t + 65+1;
+
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
@@ -51501,14 +51219,12 @@ static int sp_1024_ecc_mulmod_win_add_sub_16(sp_point_1024* r, const sp_point_10
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
if (tmp != NULL)
XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_16(p, 0, heap);
- sp_1024_point_free_16(rt, 0, heap);
return err;
}
@@ -52387,43 +52103,41 @@ static void sp_1024_proj_point_add_sub_avx2_16(sp_point_1024* ra,
static int sp_1024_ecc_mulmod_win_add_sub_avx2_16(sp_point_1024* r, const sp_point_1024* g,
const sp_digit* k, int map, int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 td[65];
- sp_point_1024 rtd;
- sp_point_1024 pd;
- sp_digit tmpd[2 * 16 * 6];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* t = NULL;
+ sp_digit* tmp = NULL;
+#else
+ sp_point_1024 t[65+2];
+ sp_digit tmp[2 * 16 * 6];
#endif
- sp_point_1024* t;
- sp_point_1024* rt;
+ sp_point_1024* rt = NULL;
sp_point_1024* p = NULL;
- sp_digit* tmp;
sp_digit* negy;
int i;
ecc_recode_1024 v[147];
- int err;
+ int err = MP_OKAY;
/* Constant time used for cache attack resistance implementation. */
(void)ct;
(void)heap;
- err = sp_1024_point_new_16(heap, rtd, rt);
- if (err == MP_OKAY)
- err = sp_1024_point_new_16(heap, pd, p);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 65, heap, DYNAMIC_TYPE_ECC);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) *
+ (65+2), heap, DYNAMIC_TYPE_ECC);
if (t == NULL)
err = MEMORY_E;
- tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 16 * 6, heap,
- DYNAMIC_TYPE_ECC);
- if (tmp == NULL)
- err = MEMORY_E;
-#else
- t = td;
- tmp = tmpd;
+ if (err == MP_OKAY) {
+ tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 16 * 6,
+ heap, DYNAMIC_TYPE_ECC);
+ if (tmp == NULL)
+ err = MEMORY_E;
+ }
#endif
-
if (err == MP_OKAY) {
+ rt = t + 65;
+ p = t + 65+1;
+
/* t[0] = {0, 0, 1} * norm */
XMEMSET(&t[0], 0, sizeof(t[0]));
t[0].infinity = 1;
@@ -52507,14 +52221,12 @@ static int sp_1024_ecc_mulmod_win_add_sub_avx2_16(sp_point_1024* r, const sp_poi
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
if (tmp != NULL)
XFREE(tmp, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_16(p, 0, heap);
- sp_1024_point_free_16(rt, 0, heap);
return err;
}
@@ -52647,29 +52359,30 @@ static void sp_1024_proj_to_affine_16(sp_point_1024* a, sp_digit* t)
static int sp_1024_gen_stripe_table_16(const sp_point_1024* a,
sp_table_entry_1024* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 td;
- sp_point_1024 s1d;
- sp_point_1024 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* t = NULL;
+#else
+ sp_point_1024 t[3];
#endif
- sp_point_1024* t;
sp_point_1024* s1 = NULL;
sp_point_1024* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_1024_point_new_16(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_16(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_1024_point_new_16(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_1024_mod_mul_norm_16(t->x, a->x, p1024_mod);
}
if (err == MP_OKAY) {
@@ -52714,9 +52427,10 @@ static int sp_1024_gen_stripe_table_16(const sp_point_1024* a,
}
}
- sp_1024_point_free_16(s2, 0, heap);
- sp_1024_point_free_16(s1, 0, heap);
- sp_1024_point_free_16( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -52742,19 +52456,19 @@ static int sp_1024_ecc_mulmod_stripe_16(sp_point_1024* r, const sp_point_1024* g
const sp_table_entry_1024* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 rtd;
- sp_point_1024 pd;
- sp_digit td[2 * 16 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_1024 rt[2];
+ sp_digit t[2 * 16 * 5];
#endif
- sp_point_1024* rt;
sp_point_1024* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -52762,21 +52476,22 @@ static int sp_1024_ecc_mulmod_stripe_16(sp_point_1024* r, const sp_point_1024* g
(void)heap;
- err = sp_1024_point_new_16(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_16(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 16 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 16 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p1024_norm_mod, sizeof(p1024_norm_mod));
XMEMCPY(rt->z, p1024_norm_mod, sizeof(p1024_norm_mod));
@@ -52812,13 +52527,12 @@ static int sp_1024_ecc_mulmod_stripe_16(sp_point_1024* r, const sp_point_1024* g
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_16(p, 0, heap);
- sp_1024_point_free_16(rt, 0, heap);
return err;
}
@@ -53090,29 +52804,30 @@ static void sp_1024_proj_to_affine_avx2_16(sp_point_1024* a, sp_digit* t)
static int sp_1024_gen_stripe_table_avx2_16(const sp_point_1024* a,
sp_table_entry_1024* table, sp_digit* tmp, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 td;
- sp_point_1024 s1d;
- sp_point_1024 s2d;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* t = NULL;
+#else
+ sp_point_1024 t[3];
#endif
- sp_point_1024* t;
sp_point_1024* s1 = NULL;
sp_point_1024* s2 = NULL;
int i;
int j;
- int err;
+ int err = MP_OKAY;
(void)heap;
- err = sp_1024_point_new_16(heap, td, t);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_16(heap, s1d, s1);
- }
- if (err == MP_OKAY) {
- err = sp_1024_point_new_16(heap, s2d, s2);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+#endif
if (err == MP_OKAY) {
+ s1 = t + 1;
+ s2 = t + 2;
+
err = sp_1024_mod_mul_norm_avx2_16(t->x, a->x, p1024_mod);
}
if (err == MP_OKAY) {
@@ -53157,9 +52872,10 @@ static int sp_1024_gen_stripe_table_avx2_16(const sp_point_1024* a,
}
}
- sp_1024_point_free_16(s2, 0, heap);
- sp_1024_point_free_16(s1, 0, heap);
- sp_1024_point_free_16( t, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -53185,19 +52901,19 @@ static int sp_1024_ecc_mulmod_stripe_avx2_16(sp_point_1024* r, const sp_point_10
const sp_table_entry_1024* table, const sp_digit* k, int map,
int ct, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 rtd;
- sp_point_1024 pd;
- sp_digit td[2 * 16 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* rt = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_1024 rt[2];
+ sp_digit t[2 * 16 * 5];
#endif
- sp_point_1024* rt;
sp_point_1024* p = NULL;
- sp_digit* t;
int i;
int j;
int y;
int x;
- int err;
+ int err = MP_OKAY;
(void)g;
/* Constant time used for cache attack resistance implementation. */
@@ -53205,21 +52921,22 @@ static int sp_1024_ecc_mulmod_stripe_avx2_16(sp_point_1024* r, const sp_point_10
(void)heap;
- err = sp_1024_point_new_16(heap, rtd, rt);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_16(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 16 * 5, heap,
- DYNAMIC_TYPE_ECC);
- if (t == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ rt = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (rt == NULL)
err = MEMORY_E;
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 16 * 5, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
}
-#else
- t = td;
#endif
if (err == MP_OKAY) {
+ p = rt + 1;
+
XMEMCPY(p->z, p1024_norm_mod, sizeof(p1024_norm_mod));
XMEMCPY(rt->z, p1024_norm_mod, sizeof(p1024_norm_mod));
@@ -53255,13 +52972,12 @@ static int sp_1024_ecc_mulmod_stripe_avx2_16(sp_point_1024* r, const sp_point_10
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
XFREE(t, heap, DYNAMIC_TYPE_ECC);
- }
+ if (rt != NULL)
+ XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_16(p, 0, heap);
- sp_1024_point_free_16(rt, 0, heap);
return err;
}
@@ -53332,28 +53048,31 @@ static int sp_1024_ecc_mulmod_avx2_16(sp_point_1024* r, const sp_point_1024* g,
int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_digit kd[16];
-#endif
- sp_point_1024* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_1024 point[1];
+ sp_digit k[16];
+#endif
int err = MP_OKAY;
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
- err = sp_1024_point_new_16(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16, heap,
- DYNAMIC_TYPE_ECC);
+ DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_1024_from_mp(k, 16, km);
sp_1024_point_from_ecc_point_16(point, gm);
@@ -53369,12 +53088,12 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r,
err = sp_1024_point_to_ecc_point_16(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_16(point, 0, heap);
return err;
}
@@ -56761,29 +56480,31 @@ static int sp_1024_ecc_mulmod_base_avx2_16(sp_point_1024* r, const sp_digit* k,
*/
int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_digit kd[16];
-#endif
- sp_point_1024* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_1024 point[1];
+ sp_digit k[16];
+#endif
int err = MP_OKAY;
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
- err = sp_1024_point_new_16(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16, heap,
- DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_1024_from_mp(k, 16, km);
@@ -56798,12 +56519,12 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
err = sp_1024_point_to_ecc_point_16(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_16(point, 0, heap);
return err;
}
@@ -56822,40 +56543,38 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap)
int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
int inMont, ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_point_1024 a;
- sp_digit kd[16];
- sp_digit t[16 * 2 * 5];
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
+ sp_digit* k = NULL;
+#else
+ sp_point_1024 point[2];
+ sp_digit k[16 + 16 * 2 * 5];
#endif
- sp_point_1024* point;
sp_point_1024* addP = NULL;
sp_digit* tmp = NULL;
- sp_digit* k = NULL;
int err = MP_OKAY;
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
- err = sp_1024_point_new_16(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
if (err == MP_OKAY) {
- err = sp_1024_point_new_16(heap, a, addP);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY) {
- k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 + 16 * 2 * 5), heap, DYNAMIC_TYPE_ECC);
- if (k == NULL) {
+ k = (sp_digit*)XMALLOC(
+ sizeof(sp_digit) * (16 + 16 * 2 * 5),
+ heap, DYNAMIC_TYPE_ECC);
+ if (k == NULL)
err = MEMORY_E;
- }
- else {
- tmp = k + 16;
- }
}
-#else
- k = kd;
- tmp = t;
#endif
+
if (err == MP_OKAY) {
+ addP = point + 1;
+ tmp = k + 16;
+
sp_1024_from_mp(k, 16, km);
sp_1024_point_from_ecc_point_16(addP, am);
}
@@ -56896,13 +56615,12 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
err = sp_1024_point_to_ecc_point_16(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_16(addP, 0, heap);
- sp_1024_point_free_16(point, 0, heap);
return err;
}
@@ -56920,12 +56638,14 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am,
int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
void* heap)
{
- int err = 0;
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_point_1024* point = NULL;
+ sp_digit* t = NULL;
+#else
+ sp_point_1024 point[1];
sp_digit t[5 * 2 * 16];
+#endif
+ int err = MP_OKAY;
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
@@ -56934,18 +56654,30 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
err = BAD_FUNC_ARG;
}
- if ((err == 0) && (table == NULL)) {
+ if ((err == MP_OKAY) && (table == NULL)) {
*len = sizeof(sp_table_entry_1024) * 256;
err = LENGTH_ONLY_E;
}
- if ((err == 0) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
+ if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) {
err = BUFFER_E;
}
- if (err == 0) {
- err = sp_1024_point_new_16(heap, p, point);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (err == MP_OKAY) {
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
}
- if (err == 0) {
+ if (err == MP_OKAY) {
+ t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 16, heap,
+ DYNAMIC_TYPE_ECC);
+ if (t == NULL)
+ err = MEMORY_E;
+ }
+#endif
+
+ if (err == MP_OKAY) {
sp_1024_point_from_ecc_point_16(point, gm);
#ifdef HAVE_INTEL_AVX2
if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags))
@@ -56960,7 +56692,12 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
*len = sizeof(sp_table_entry_1024) * 256;
}
- sp_1024_point_free_16(point, 0, heap);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t != NULL)
+ XFREE(t, heap, DYNAMIC_TYPE_ECC);
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -57013,27 +56750,31 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len,
int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
ecc_point* r, int map, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 p;
- sp_digit kd[16];
-#endif
- sp_point_1024* point;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* point = NULL;
sp_digit* k = NULL;
+#else
+ sp_point_1024 point[1];
+ sp_digit k[16];
+#endif
int err = MP_OKAY;
#if defined(HAVE_INTEL_AVX2) && !defined(WOLFSSL_SP_SMALL)
word32 cpuid_flags = cpuid_get_flags();
#endif
- err = sp_1024_point_new_16(heap, p, point);
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap,
+ DYNAMIC_TYPE_ECC);
+ if (point == NULL)
+ err = MEMORY_E;
+ }
if (err == MP_OKAY) {
k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16, heap, DYNAMIC_TYPE_ECC);
if (k == NULL)
err = MEMORY_E;
}
-#else
- k = kd;
#endif
+
if (err == MP_OKAY) {
sp_1024_from_mp(k, 16, km);
sp_1024_point_from_ecc_point_16(point, gm);
@@ -57056,12 +56797,12 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table,
err = sp_1024_point_to_ecc_point_16(point, r);
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (k != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (k != NULL)
XFREE(k, heap, DYNAMIC_TYPE_ECC);
- }
+ if (point != NULL)
+ XFREE(point, heap, DYNAMIC_TYPE_ECC);
#endif
- sp_1024_point_free_16(point, 0, heap);
return err;
}
@@ -61907,33 +61648,24 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n)
static int sp_1024_ecc_is_point_16(const sp_point_1024* point,
void* heap)
{
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit* d = NULL;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_digit* t1 = NULL;
#else
- sp_digit t1d[2*16];
- sp_digit t2d[2*16];
+ sp_digit t1[16 * 4];
#endif
- sp_digit* t1;
- sp_digit* t2;
+ sp_digit* t2 = NULL;
int64_t n;
int err = MP_OKAY;
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 4, heap, DYNAMIC_TYPE_ECC);
- if (d == NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 4, heap, DYNAMIC_TYPE_ECC);
+ if (t1 == NULL)
err = MEMORY_E;
- }
#endif
(void)heap;
if (err == MP_OKAY) {
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- t1 = d + 0 * 16;
- t2 = d + 2 * 16;
-#else
- t1 = t1d;
- t2 = t2d;
-#endif
+ t2 = t1 + 2 * 16;
sp_1024_sqr_16(t1, point->y);
(void)sp_1024_mod_16(t1, t1, p1024_mod);
@@ -61957,10 +61689,9 @@ static int sp_1024_ecc_is_point_16(const sp_point_1024* point,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (d != NULL) {
- XFREE(d, heap, DYNAMIC_TYPE_ECC);
- }
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (t1 != NULL)
+ XFREE(t1, heap, DYNAMIC_TYPE_ECC);
#endif
return err;
@@ -61975,14 +61706,21 @@ static int sp_1024_ecc_is_point_16(const sp_point_1024* point,
*/
int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_point_1024 pubd;
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ sp_point_1024* pub = NULL;
+#else
+ sp_point_1024 pub[1];
+#endif
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
+
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), NULL,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
#endif
- sp_point_1024* pub;
- byte one[1] = { 1 };
- int err;
- err = sp_1024_point_new_16(NULL, pubd, pub);
if (err == MP_OKAY) {
sp_1024_from_mp(pub->x, 16, pX);
sp_1024_from_mp(pub->y, 16, pY);
@@ -61991,7 +61729,10 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
err = sp_1024_ecc_is_point_16(pub, NULL);
}
- sp_1024_point_free_16(pub, 0, NULL);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
+#endif
return err;
}
@@ -62010,48 +61751,48 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY)
int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
const mp_int* privm, void* heap)
{
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- sp_digit privd[16];
- sp_point_1024 pubd;
- sp_point_1024 pd;
-#endif
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
sp_digit* priv = NULL;
- sp_point_1024* pub;
+ sp_point_1024* pub = NULL;
+#else
+ sp_digit priv[16];
+ sp_point_1024 pub[2];
+#endif
sp_point_1024* p = NULL;
- byte one[1] = { 1 };
- int err;
+ const byte one[1] = { 1 };
+ int err = MP_OKAY;
#ifdef HAVE_INTEL_AVX2
word32 cpuid_flags = cpuid_get_flags();
#endif
- err = sp_1024_point_new_16(heap, pubd, pub);
- if (err == MP_OKAY) {
- err = sp_1024_point_new_16(heap, pd, p);
- }
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (err == MP_OKAY && privm) {
- priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16, heap,
- DYNAMIC_TYPE_ECC);
- if (priv == NULL) {
- err = MEMORY_E;
- }
- }
-#endif
/* Quick check the lengs of public key ordinates and private key are in
* range. Proper check later.
*/
- if ((err == MP_OKAY) && ((mp_count_bits(pX) > 1024) ||
+ if (((mp_count_bits(pX) > 1024) ||
(mp_count_bits(pY) > 1024) ||
((privm != NULL) && (mp_count_bits(privm) > 1024)))) {
err = ECC_OUT_OF_RANGE_E;
}
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
if (err == MP_OKAY) {
-#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC)
- priv = privd;
+ pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap,
+ DYNAMIC_TYPE_ECC);
+ if (pub == NULL)
+ err = MEMORY_E;
+ }
+ if (err == MP_OKAY && privm) {
+ priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16, heap,
+ DYNAMIC_TYPE_ECC);
+ if (priv == NULL)
+ err = MEMORY_E;
+ }
#endif
+ if (err == MP_OKAY) {
+ p = pub + 1;
+
sp_1024_from_mp(pub->x, 16, pX);
sp_1024_from_mp(pub->y, 16, pY);
sp_1024_from_bin(pub->z, 16, one, (int)sizeof(one));
@@ -62110,13 +61851,12 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY,
}
}
-#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (priv != NULL) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
+ if (pub != NULL)
+ XFREE(pub, heap, DYNAMIC_TYPE_ECC);
+ if (priv != NULL)
XFREE(priv, heap, DYNAMIC_TYPE_ECC);
- }
#endif
- sp_1024_point_free_16(p, 0, heap);
- sp_1024_point_free_16(pub, 0, heap);
return err;
}
diff --git a/wolfcrypt/src/sp_x86_64_asm.asm b/wolfcrypt/src/sp_x86_64_asm.asm
index f4ed57470..76e85c902 100644
--- a/wolfcrypt/src/sp_x86_64_asm.asm
+++ b/wolfcrypt/src/sp_x86_64_asm.asm
@@ -40479,7 +40479,7 @@ L_256_mod_inv_4_uv_u:
shrd r10, r11, 1
shrd r11, r12, 1
shr r12, 1
- test r8b, 1
+ test r9b, 1
jnz L_256_mod_inv_4_usubv_even_end
L_256_mod_inv_4_usubv_even_start:
shrd r9, r10, 1
@@ -40488,7 +40488,7 @@ L_256_mod_inv_4_usubv_even_start:
shr r12, 1
mov BYTE PTR [rsp+rsi], 0
inc rsi
- test r8b, 1
+ test r9b, 1
jz L_256_mod_inv_4_usubv_even_start
L_256_mod_inv_4_usubv_even_end:
cmp r9, 1
@@ -40561,7 +40561,7 @@ L_256_mod_inv_4_op_b_sub_d:
adc r11, QWORD PTR [r8+16]
adc r12, QWORD PTR [r8+24]
L_256_mod_inv_4_op_div2_b:
- test r8b, 1
+ test r9b, 1
mov rdx, 0
jz L_256_mod_inv_4_op_div2_b_mod
add r9, QWORD PTR [r8]
@@ -40896,19 +40896,19 @@ L_256_mod_inv_avx2_4_vsubu_sub_shr1:
vpextrd edi, xmm2, 0
vpextrd esi, xmm3, 0
L_256_mod_inv_avx2_4_store_done:
- movslq rax, eax
+ movsxd rax, eax
shl r9, 26
add rax, r9
- movslq r10, r10d
+ movsxd r10, r10d
shl r11, 26
add r10, r11
- movslq r12, r12d
+ movsxd r12, r12d
shl r13, 26
add r12, r13
- movslq r14, r14d
+ movsxd r14, r14d
shl r15, 26
add r14, r15
- movslq rdi, edi
+ movsxd rdi, edi
shl rsi, 26
add rdi, rsi
mov r9, r10
diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c
index f7fd26ed0..155695936 100644
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@@ -3581,7 +3581,8 @@ int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c)
#error Both LITTLE_ENDIAN_ORDER and BIG_ENDIAN_ORDER defined.
#endif
-#if (defined(LITTLE_ENDIAN_ORDER) || defined(BIG_ENDIAN_ORDER))
+#if (defined(LITTLE_ENDIAN_ORDER) || defined(BIG_ENDIAN_ORDER)) && \
+ (defined(FP_32BIT) || defined(FP_64BIT))
#ifdef FP_32BIT
/* If we know the endianness of this architecture, and we're using
32-bit fp_digits, we can optimize this */
@@ -3589,7 +3590,6 @@ int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c)
unsigned char *pd = (unsigned char *)a->dp;
a->used = (c + sizeof(fp_digit) - 1)/sizeof(fp_digit);
- /* read the bytes in */
#ifdef BIG_ENDIAN_ORDER
{
/* Use Duff's device to unroll the loop. */
@@ -3604,6 +3604,7 @@ int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c)
}
}
#else
+ /* read the bytes in one at a time. */
for (c -= 1; c >= 0; c -= 1) {
pd[c] = *b++;
}
@@ -3616,7 +3617,6 @@ int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c)
unsigned char *pd = (unsigned char *)a->dp;
a->used = (c + sizeof(fp_digit) - 1)/sizeof(fp_digit);
- /* read the bytes in */
#ifdef BIG_ENDIAN_ORDER
{
/* Use Duff's device to unroll the loop. */
@@ -3635,6 +3635,7 @@ int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c)
}
}
#else
+ /* read the bytes in one at a time. */
for (c -= 1; c >= 0; c -= 1) {
pd[c] = *b++;
}
@@ -3642,7 +3643,7 @@ int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c)
}
#endif
#else
- /* read the bytes in */
+ /* read the bytes in one at a time - unknown number of bits in digit */
for (; c > 0; c--) {
int err = fp_mul_2d (a, 8, a);
if (err != FP_OKAY) {
diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c
index 2e6dc17ac..02a98b767 100644
--- a/wolfcrypt/src/wc_port.c
+++ b/wolfcrypt/src/wc_port.c
@@ -386,7 +386,11 @@ int wc_FileLoad(const char* fname, unsigned char** buf, size_t* bufLen,
return BAD_PATH_ERROR;
}
- XFSEEK(f, 0, XSEEK_END);
+ if (XFSEEK(f, 0, XSEEK_END) != 0) {
+ WOLFSSL_MSG("wc_LoadFile file seek error");
+ XFCLOSE(f);
+ return BAD_PATH_ERROR;
+ }
fileSz = XFTELL(f);
XREWIND(f);
if (fileSz > 0) {
@@ -415,6 +419,38 @@ int wc_FileLoad(const char* fname, unsigned char** buf, size_t* bufLen,
#if !defined(NO_WOLFSSL_DIR) && \
!defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
+/* File Handling Helper */
+/* returns 0 if file exists, WC_ISFILEEXIST_NOFILE if file doesn't exist */
+int wc_FileExists(const char* fname)
+{
+ struct ReadDirCtx ctx;
+
+ if (fname == NULL)
+ return 0;
+
+ if (XSTAT(fname, &ctx.s) != 0) {
+ WOLFSSL_MSG("stat on name failed");
+ return BAD_PATH_ERROR;
+ } else
+#if defined(USE_WINDOWS_API)
+ if (XS_ISREG(ctx.s.st_mode)) {
+ return 0;
+ }
+#elif defined(WOLFSSL_ZEPHYR)
+ if (XS_ISREG(ctx.s.type)) {
+ return 0;
+ }
+#elif defined(WOLFSSL_TELIT_M2MB)
+ if (XS_ISREG(ctx.s.st_mode)) {
+ return 0;
+ }
+#else
+ if (XS_ISREG(ctx.s.st_mode)) {
+ return 0;
+ }
+#endif
+ return WC_ISFILEEXIST_NOFILE;
+}
/* File Handling Helpers */
/* returns 0 if file found, WC_READDIR_NOFILE if no files or negative error */
@@ -431,7 +467,7 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name)
return BAD_FUNC_ARG;
}
- XMEMSET(ctx->name, 0, MAX_FILENAME_SZ);
+ XMEMSET(ctx, 0, sizeof(ReadDirCtx));
pathLen = (int)XSTRLEN(path);
#ifdef USE_WINDOWS_API
@@ -464,6 +500,37 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name)
return 0;
}
} while (FindNextFileA(ctx->hFind, &ctx->FindFileData));
+
+#elif defined(INTIME_RTOS)
+ if (pathLen > MAX_FILENAME_SZ - 3)
+ return BAD_PATH_ERROR;
+
+ XSTRNCPY(ctx->name, path, MAX_FILENAME_SZ - 3);
+ XSTRNCPY(ctx->name + pathLen, "\\*", MAX_FILENAME_SZ - pathLen);
+
+ if (!FindFirstRtFile(ctx->name, &ctx->FindFileData, 0)) {
+ WOLFSSL_MSG("FindFirstFile for path verify locations failed");
+ return BAD_PATH_ERROR;
+ }
+
+ do {
+ if (!(ctx->FindFileData.dwFileAttributes & FILE_ATTR_DIRECTORY)) {
+ dnameLen = (int)XSTRLEN(ctx->FindFileData.cFileName);
+
+ if (pathLen + dnameLen + 2 > MAX_FILENAME_SZ) {
+ return BAD_PATH_ERROR;
+ }
+ XSTRNCPY(ctx->name, path, pathLen + 1);
+ ctx->name[pathLen] = '\\';
+ XSTRNCPY(ctx->name + pathLen + 1,
+ ctx->FindFileData.cFileName,
+ MAX_FILENAME_SZ - pathLen - 1);
+ if (name)
+ *name = ctx->name;
+ return 0;
+ }
+ } while (FindNextRtFile(&ctx->FindFileData));
+
#elif defined(WOLFSSL_ZEPHYR)
if (fs_opendir(&ctx->dir, path) != 0) {
WOLFSSL_MSG("opendir path verify locations failed");
@@ -485,11 +552,7 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name)
* of earlier check it is known that dnameLen is less than
* MAX_FILENAME_SZ - (pathLen + 2) so dnameLen +1 will fit */
XSTRNCPY(ctx->name + pathLen + 1, ctx->entry.name, dnameLen + 1);
- if (fs_stat(ctx->name, &ctx->s) != 0) {
- WOLFSSL_MSG("stat on name failed");
- ret = BAD_PATH_ERROR;
- break;
- } else if (ctx->s.type == FS_DIR_ENTRY_FILE) {
+ if ((ret = wc_FileExists(ctx->name)) == 0) {
if (name)
*name = ctx->name;
return 0;
@@ -517,12 +580,7 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name)
* MAX_FILENAME_SZ - (pathLen + 2) so dnameLen +1 will fit */
XSTRNCPY(ctx->name + pathLen + 1, ctx->entry->d_name, dnameLen + 1);
- if (m2mb_fs_stat(ctx->name, &ctx->s) != 0) {
- WOLFSSL_MSG("stat on name failed");
- ret = BAD_PATH_ERROR;
- break;
- }
- else if (ctx->s.st_mode & M2MB_S_IFREG) {
+ if ((ret = wc_FileExists(ctx->name)) == 0) {
if (name)
*name = ctx->name;
return 0;
@@ -549,11 +607,7 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name)
* of earlier check it is known that dnameLen is less than
* MAX_FILENAME_SZ - (pathLen + 2) so dnameLen +1 will fit */
XSTRNCPY(ctx->name + pathLen + 1, ctx->entry->d_name, dnameLen + 1);
- if (stat(ctx->name, &ctx->s) != 0) {
- WOLFSSL_MSG("stat on name failed");
- ret = BAD_PATH_ERROR;
- break;
- } else if (S_ISREG(ctx->s.st_mode)) {
+ if ((ret = wc_FileExists(ctx->name)) == 0) {
if (name)
*name = ctx->name;
return 0;
@@ -600,6 +654,26 @@ int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name)
return 0;
}
}
+
+#elif defined(INTIME_RTOS)
+ while (FindNextRtFile(&ctx->FindFileData)) {
+ if (!(ctx->FindFileData.dwFileAttributes & FILE_ATTR_DIRECTORY)) {
+ dnameLen = (int)XSTRLEN(ctx->FindFileData.cFileName);
+
+ if (pathLen + dnameLen + 2 > MAX_FILENAME_SZ) {
+ return BAD_PATH_ERROR;
+ }
+ XSTRNCPY(ctx->name, path, pathLen + 1);
+ ctx->name[pathLen] = '\\';
+ XSTRNCPY(ctx->name + pathLen + 1,
+ ctx->FindFileData.cFileName,
+ MAX_FILENAME_SZ - pathLen - 1);
+ if (name)
+ *name = ctx->name;
+ return 0;
+ }
+ }
+
#elif defined(WOLFSSL_ZEPHYR)
while ((fs_readdir(&ctx->dir, &ctx->entry)) != 0) {
dnameLen = (int)XSTRLEN(ctx->entry.name);
@@ -615,11 +689,7 @@ int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name)
* MAX_FILENAME_SZ - (pathLen + 2) so that dnameLen +1 will fit */
XSTRNCPY(ctx->name + pathLen + 1, ctx->entry.name, dnameLen + 1);
- if (fs_stat(ctx->name, &ctx->s) != 0) {
- WOLFSSL_MSG("stat on name failed");
- ret = BAD_PATH_ERROR;
- break;
- } else if (ctx->s.type == FS_DIR_ENTRY_FILE) {
+ if ((ret = wc_FileExists(ctx->name)) == 0) {
if (name)
*name = ctx->name;
return 0;
@@ -641,12 +711,7 @@ int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name)
* MAX_FILENAME_SZ - (pathLen + 2) so dnameLen +1 will fit */
XSTRNCPY(ctx->name + pathLen + 1, ctx->entry->d_name, dnameLen + 1);
- if (m2mb_fs_stat(ctx->name, &ctx->s) != 0) {
- WOLFSSL_MSG("stat on name failed");
- ret = BAD_PATH_ERROR;
- break;
- }
- else if (ctx->s.st_mode & M2MB_S_IFREG) {
+ if ((ret = wc_FileExists(ctx->name)) == 0) {
if (name)
*name = ctx->name;
return 0;
@@ -667,11 +732,7 @@ int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name)
* MAX_FILENAME_SZ - (pathLen + 2) so that dnameLen +1 will fit */
XSTRNCPY(ctx->name + pathLen + 1, ctx->entry->d_name, dnameLen + 1);
- if (stat(ctx->name, &ctx->s) != 0) {
- WOLFSSL_MSG("stat on name failed");
- ret = BAD_PATH_ERROR;
- break;
- } else if (S_ISREG(ctx->s.st_mode)) {
+ if ((ret = wc_FileExists(ctx->name)) == 0) {
if (name)
*name = ctx->name;
return 0;
@@ -695,6 +756,10 @@ void wc_ReadDirClose(ReadDirCtx* ctx)
FindClose(ctx->hFind);
ctx->hFind = INVALID_HANDLE_VALUE;
}
+
+#elif defined(INTIME_RTOS)
+ FindRtFileClose(&ctx->FindFileData);
+
#elif defined(WOLFSSL_ZEPHYR)
if (ctx->dirp) {
fs_closedir(ctx->dirp);
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index a3e9ee2d5..5be88a07a 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -19,7 +19,6 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
-
#ifdef HAVE_CONFIG_H
#include
#endif
@@ -3328,10 +3327,10 @@ WOLFSSL_TEST_SUBROUTINE int shake256_test(void)
{
#ifndef WOLFSSL_NO_SHAKE256
wc_Shake sha;
- byte hash[114];
+ byte hash[250];
- testVector a, b, c;
- testVector test_sha[3];
+ testVector a, b, c, d, e;
+ testVector test_sha[5];
int ret = 0;
int times = sizeof(test_sha) / sizeof(struct testVector), i;
@@ -3356,7 +3355,7 @@ WOLFSSL_TEST_SUBROUTINE int shake256_test(void)
"\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2"
"\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46";
a.inLen = XSTRLEN(a.input);
- a.outLen = sizeof(hash);
+ a.outLen = 114;
b.input = "abc";
b.output = "\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11"
@@ -3368,7 +3367,7 @@ WOLFSSL_TEST_SUBROUTINE int shake256_test(void)
"\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13"
"\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0";
b.inLen = XSTRLEN(b.input);
- b.outLen = sizeof(hash);
+ b.outLen = 114;
c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
c.output = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87"
@@ -3380,11 +3379,53 @@ WOLFSSL_TEST_SUBROUTINE int shake256_test(void)
"\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60"
"\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4";
c.inLen = XSTRLEN(c.input);
- c.outLen = sizeof(hash);
+ c.outLen = 114;
+
+ /* Taken from NIST CAVP test vectors - full rate output. */
+ d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb"
+ "\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8"
+ "\x85\xe0";
+ d.output = "\x00\x64\x8a\xfb\xc5\xe6\x51\x64\x9d\xb1\xfd\x82\x93\x6b\x00"
+ "\xdb\xbc\x12\x2f\xb4\xc8\x77\x86\x0d\x38\x5c\x49\x50\xd5\x6d"
+ "\xe7\xe0\x96\xd6\x13\xd7\xa3\xf2\x7e\xd8\xf2\x63\x34\xb0\xcc"
+ "\xc1\x40\x7b\x41\xdc\xcb\x23\xdf\xaa\x52\x98\x18\xd1\x12\x5c"
+ "\xd5\x34\x80\x92\x52\x43\x66\xb8\x5f\xab\xb9\x7c\x6c\xd1\xe6"
+ "\x06\x6f\x45\x9b\xcc\x56\x6d\xa8\x7e\xc9\xb7\xba\x36\x79\x2d"
+ "\x11\x8a\xc3\x9a\x4c\xce\xf6\x19\x2b\xbf\x3a\x54\xaf\x18\xe5"
+ "\x7b\x0c\x14\x61\x01\xf6\xae\xaa\x82\x2b\xc4\xb4\xc9\x70\x8b"
+ "\x09\xf0\xb3\xba\xb4\x1b\xcc\xe9\x64\xd9\x99\xd1\x10\x7b\xd7"
+ "\xc2";
+ d.inLen = 32;
+ d.outLen = 136;
+ /* Taken from NIST CAVP test vectors - more than one output block. */
+ e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef"
+ "\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67"
+ "\x47\xe4";
+ e.output = "\x2e\x97\x5f\x6a\x8a\x14\xf0\x70\x4d\x51\xb1\x36\x67\xd8\x19"
+ "\x5c\x21\x9f\x71\xe6\x34\x56\x96\xc4\x9f\xa4\xb9\xd0\x8e\x92"
+ "\x25\xd3\xd3\x93\x93\x42\x51\x52\xc9\x7e\x71\xdd\x24\x60\x1c"
+ "\x11\xab\xcf\xa0\xf1\x2f\x53\xc6\x80\xbd\x3a\xe7\x57\xb8\x13"
+ "\x4a\x9c\x10\xd4\x29\x61\x58\x69\x21\x7f\xdd\x58\x85\xc4\xdb"
+ "\x17\x49\x85\x70\x3a\x6d\x6d\xe9\x4a\x66\x7e\xac\x30\x23\x44"
+ "\x3a\x83\x37\xae\x1b\xc6\x01\xb7\x6d\x7d\x38\xec\x3c\x34\x46"
+ "\x31\x05\xf0\xd3\x94\x9d\x78\xe5\x62\xa0\x39\xe4\x46\x95\x48"
+ "\xb6\x09\x39\x5d\xe5\xa4\xfd\x43\xc4\x6c\xa9\xfd\x6e\xe2\x9a"
+ "\xda\x5e\xfc\x07\xd8\x4d\x55\x32\x49\x45\x0d\xab\x4a\x49\xc4"
+ "\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93\x7a\xe6\x6b\xb4\x36"
+ "\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43\x2f\x3b\xfc\x09"
+ "\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48\x3d\x0e\xda"
+ "\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08\xd9\xdc"
+ "\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a\xb7"
+ "\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11"
+ "\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c";
+ e.inLen = 32;
+ e.outLen = 250;
test_sha[0] = a;
test_sha[1] = b;
test_sha[2] = c;
+ test_sha[3] = d;
+ test_sha[4] = e;
ret = wc_InitShake256(&sha, HEAP_HINT, devId);
if (ret != 0)
@@ -3417,7 +3458,7 @@ WOLFSSL_TEST_SUBROUTINE int shake256_test(void)
ret = wc_Shake256_Final(&sha, hash, (word32)sizeof(hash));
if (ret != 0)
ERROR_OUT(-3105, exit);
- if (XMEMCMP(hash, large_digest, sizeof(hash)) != 0)
+ if (XMEMCMP(hash, large_digest, 114) != 0)
ERROR_OUT(-3106, exit);
} /* END LARGE HASH TEST */
@@ -10045,6 +10086,103 @@ WOLFSSL_TEST_SUBROUTINE int aesgcm_test(void)
#endif /* WOLFSSL_AES_256 && !(WC_NO_RNG || HAVE_SELFTEST) */
#endif /* HAVE_FIPS_VERSION >= 2 */
+#if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
+#ifdef WOLFSSL_AES_256
+#ifdef WOLFSSL_AESGCM_STREAM
+ result = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
+ if (result != 0)
+ ERROR_OUT(-6360, out);
+ result = wc_AesGcmEncryptUpdate(enc, resultC, p, sizeof(p), a, sizeof(a));
+ if (result != 0)
+ ERROR_OUT(-6361, out);
+ result = wc_AesGcmEncryptFinal(enc, resultT, sizeof(resultT));
+ if (result != 0)
+ ERROR_OUT(-6362, out);
+ if (XMEMCMP(resultC, c1, sizeof(c1)) != 0)
+ ERROR_OUT(-6363, out);
+ if (XMEMCMP(resultT, t1, sizeof(t1)) != 0)
+ ERROR_OUT(-6364, out);
+
+#ifdef HAVE_AES_DECRYPT
+ result = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
+ if (result != 0)
+ ERROR_OUT(-6370, out);
+ result = wc_AesGcmDecryptUpdate(enc, resultP, c1, sizeof(c1), a, sizeof(a));
+ if (result != 0)
+ ERROR_OUT(-6371, out);
+ result = wc_AesGcmDecryptFinal(enc, t1, sizeof(t1));
+ if (result != 0)
+ ERROR_OUT(-6372, out);
+ if (XMEMCMP(resultP, p, sizeof(p)) != 0)
+ ERROR_OUT(-6373, out);
+#endif
+
+ /* alen is the size to pass in with each update. */
+ for (alen = 1; alen < AES_BLOCK_SIZE + 1; alen++) {
+ result = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
+ if (result != 0)
+ ERROR_OUT(-6380, out);
+
+ /* plen is the offset into AAD to update with. */
+ for (plen = 0; plen < (int)sizeof(a); plen += alen) {
+ int len = sizeof(a) - plen;
+ if (len > alen) len = alen;
+ result = wc_AesGcmEncryptUpdate(enc, NULL, NULL, 0, a + plen, len);
+ if (result != 0)
+ ERROR_OUT(-6381, out);
+ }
+ /* plen is the offset into plaintext to update with. */
+ for (plen = 0; plen < (int)sizeof(p); plen += alen) {
+ int len = sizeof(p) - plen;
+ if (len > alen) len = alen;
+ result = wc_AesGcmEncryptUpdate(enc, resultC + plen, p + plen, len,
+ NULL, 0);
+ if (result != 0)
+ ERROR_OUT(-6382, out);
+ }
+ result = wc_AesGcmEncryptFinal(enc, resultT, sizeof(resultT));
+ if (result != 0)
+ ERROR_OUT(-6383, out);
+ if (XMEMCMP(resultC, c1, sizeof(c1)) != 0)
+ ERROR_OUT(-6384, out);
+ if (XMEMCMP(resultT, t1, sizeof(t1)) != 0)
+ ERROR_OUT(-6385, out);
+ }
+
+#ifdef HAVE_AES_DECRYPT
+ for (alen = 1; alen < AES_BLOCK_SIZE + 1; alen++) {
+ result = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
+ if (result != 0)
+ ERROR_OUT(-6390, out);
+
+ /* plen is the offset into AAD to update with. */
+ for (plen = 0; plen < (int)sizeof(a); plen += alen) {
+ int len = sizeof(a) - plen;
+ if (len > alen) len = alen;
+ result = wc_AesGcmDecryptUpdate(enc, NULL, NULL, 0, a + plen, len);
+ if (result != 0)
+ ERROR_OUT(-6391, out);
+ }
+ /* plen is the offset into cipher text to update with. */
+ for (plen = 0; plen < (int)sizeof(c1); plen += alen) {
+ int len = sizeof(c1) - plen;
+ if (len > alen) len = alen;
+ result = wc_AesGcmDecryptUpdate(enc, resultP + plen, c1 + plen, len,
+ NULL, 0);
+ if (result != 0)
+ ERROR_OUT(-6392, out);
+ }
+ result = wc_AesGcmDecryptFinal(enc, t1, sizeof(t1));
+ if (result != 0)
+ ERROR_OUT(-6393, out);
+ if (XMEMCMP(resultP, p, sizeof(p)) != 0)
+ ERROR_OUT(-6394, out);
+ }
+#endif /* HAVE_AES_DECRYPT */
+#endif /* WOLFSSL_AESGCM_STREAM */
+#endif /* WOLFSSL_AES_256 */
+#endif /* !WOLFSSL_AFALG_XILINX_AES && !WOLFSSL_XILINX_CRYPT */
+
wc_AesFree(enc);
wc_AesFree(dec);
@@ -11763,6 +11901,9 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out)
#elif defined(WOLFSSL_uTKERNEL2)
#define CERT_PREFIX "/uda/"
#define CERT_PATH_SEP "/"
+#elif defined(_WIN32_WCE)
+ #define CERT_PREFIX "\\windows\\"
+ #define CERT_PATH_SEP "\\"
#endif
#ifndef CERT_PREFIX
@@ -13604,8 +13745,7 @@ WOLFSSL_TEST_SUBROUTINE int rsa_no_pad_test(void)
#elif !defined(NO_FILESYSTEM)
file = XFOPEN(clientKey, "rb");
if (!file) {
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", -40);
+ err_sys("can't open clientKey, Please run from wolfSSL home dir", -40);
ERROR_OUT(-7801, exit_rsa_nopadding);
}
@@ -23151,7 +23291,7 @@ static int crypto_ecc_verify(const uint8_t *key, uint32_t keySz,
);
count++;
- /* TODO: Real-time work can be called here */
+ /* This is where real-time work could be called */
} while (ret == FP_WOULDBLOCK);
#ifdef DEBUG_WOLFSSL
printf("ECC non-block verify: %d times\n", count);
@@ -23235,7 +23375,7 @@ static int crypto_ecc_sign(const uint8_t *key, uint32_t keySz,
);
count++;
- /* TODO: Real-time work can be called here */
+ /* This is where real-time work could be called */
} while (ret == FP_WOULDBLOCK);
#ifdef DEBUG_WOLFSSL
@@ -23245,8 +23385,8 @@ static int crypto_ecc_sign(const uint8_t *key, uint32_t keySz,
if (ret == 0) {
/* export r/s */
- mp_to_unsigned_bin(&r, sig);
- mp_to_unsigned_bin(&s, sig + curveSz);
+ mp_to_unsigned_bin_len(&r, sig, curveSz);
+ mp_to_unsigned_bin_len(&s, sig + curveSz, curveSz);
}
mp_clear(&r);
@@ -27512,16 +27652,18 @@ int eccsi_test(void)
mp_int* ssk;
ecc_point* pvt;
- priv = XMALLOC(sizeof(EccsiKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+ priv = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
+ DYNAMIC_TYPE_TMP_BUFFER);
if (priv == NULL) {
return -10205;
}
- pub = XMALLOC(sizeof(EccsiKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+ pub = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
+ DYNAMIC_TYPE_TMP_BUFFER);
if (pub == NULL) {
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return -10206;
}
- ssk = XMALLOC(sizeof(mp_int), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+ ssk = (mp_int*)XMALLOC(sizeof(mp_int), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (ssk == NULL) {
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -28636,16 +28778,19 @@ int sakke_test(void)
SakkeKey* key;
ecc_point* rsk = NULL;
- priv = XMALLOC(sizeof(SakkeKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+ priv = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
+ DYNAMIC_TYPE_TMP_BUFFER);
if (priv == NULL) {
return -10404;
}
- pub = XMALLOC(sizeof(SakkeKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+ pub = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
+ DYNAMIC_TYPE_TMP_BUFFER);
if (pub == NULL) {
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return -10405;
}
- key = XMALLOC(sizeof(SakkeKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+ key = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
+ DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL) {
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -28884,8 +29029,16 @@ WOLFSSL_TEST_SUBROUTINE int cmac_test(void)
XMEMSET(tag, 0, sizeof(tag));
tagSz = AES_BLOCK_SIZE;
+
+#if !defined(HAVE_FIPS) || \
+ defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)
+ if (wc_InitCmac_ex(cmac, tc->k, tc->kSz, tc->type, NULL, HEAP_HINT, devId) != 0)
+#else
if (wc_InitCmac(cmac, tc->k, tc->kSz, tc->type, NULL) != 0)
+#endif
+ {
ERROR_OUT(-12000, out);
+ }
if (tc->partial) {
if (wc_CmacUpdate(cmac, tc->m,
tc->mSz/2 - tc->partial) != 0)
@@ -36687,6 +36840,10 @@ WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void)
ret = pbkdf2_test();
#endif
#endif
+#if defined(WOLFSSL_CMAC) && !defined(NO_AES)
+ if (ret == 0)
+ ret = cmac_test();
+#endif
/* reset devId */
devId = INVALID_DEVID;
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 9246f66e9..1d55b3afe 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -1684,6 +1684,21 @@ WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_3(void);
#endif
#endif
+struct WOLFSSL_BY_DIR_HASH {
+ unsigned long hash_value;
+ int last_suffix;
+};
+
+struct WOLFSSL_BY_DIR_entry {
+ char* dir_name;
+ int dir_type;
+ WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *hashes;
+};
+
+struct WOLFSSL_BY_DIR {
+ WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *dir_entry;
+ wolfSSL_Mutex lock; /* dir list lock */
+};
/* wolfSSL method type */
struct WOLFSSL_METHOD {
@@ -2066,6 +2081,11 @@ struct WOLFSSL_CERT_MANAGER {
#endif
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
short minEccKeySz; /* minimum allowed ECC key size */
+#endif
+#if defined(OPENSSL_EXTRA)
+ WOLFSSL_X509_STORE *x509_store_p; /* a pointer back to CTX x509 store */
+ /* CTX has ownership and free this */
+ /* with CTX free. */
#endif
wolfSSL_Mutex refMutex; /* reference count mutex */
int refCount; /* reference count */
@@ -3691,6 +3711,8 @@ typedef struct Arrays {
#define STACK_TYPE_X509_NAME 9
#define STACK_TYPE_CONF_VALUE 10
#define STACK_TYPE_X509_INFO 11
+#define STACK_TYPE_BY_DIR_entry 12
+#define STACK_TYPE_BY_DIR_hash 13
struct WOLFSSL_STACK {
unsigned long num; /* number of nodes in stack
@@ -3716,6 +3738,8 @@ struct WOLFSSL_STACK {
void* generic;
char* string;
WOLFSSL_GENERAL_NAME* gn;
+ WOLFSSL_BY_DIR_entry* dir_entry;
+ WOLFSSL_BY_DIR_HASH* dir_hash;
} data;
void* heap; /* memory heap hint */
WOLFSSL_STACK* next;
@@ -4811,6 +4835,43 @@ WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey);
WOLFSSL_LOCAL int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev);
#endif
+#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
+ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
+ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+WOLFSSL_LOCAL int LoadCertByIssuer(WOLFSSL_X509_STORE* store,
+ X509_NAME* issuer, int Type);
+#endif
+#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+WOLFSSL_LOCAL WOLFSSL_BY_DIR_HASH* wolfSSL_BY_DIR_HASH_new(void);
+WOLFSSL_LOCAL void wolfSSL_BY_DIR_HASH_free(WOLFSSL_BY_DIR_HASH* dir_hash);
+WOLFSSL_LOCAL WOLFSSL_STACK* wolfSSL_sk_BY_DIR_HASH_new_null(void);
+WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_HASH_find(
+ WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, const WOLFSSL_BY_DIR_HASH* toFind);
+WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk);
+WOLFSSL_LOCAL WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_value(
+ const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk, int i);
+WOLFSSL_LOCAL WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_pop(
+ WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk);
+WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_HASH_pop_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk,
+ void (*f) (WOLFSSL_BY_DIR_HASH*));
+WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_HASH_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk);
+WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_HASH_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk,
+ WOLFSSL_BY_DIR_HASH* in);
+/* WOLFSSL_BY_DIR_entry stuff */
+WOLFSSL_LOCAL WOLFSSL_BY_DIR_entry* wolfSSL_BY_DIR_entry_new(void);
+WOLFSSL_LOCAL void wolfSSL_BY_DIR_entry_free(WOLFSSL_BY_DIR_entry* entry);
+WOLFSSL_LOCAL WOLFSSL_STACK* wolfSSL_sk_BY_DIR_entry_new_null(void);
+WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_entry_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk);
+WOLFSSL_LOCAL WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_value(
+ const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk, int i);
+WOLFSSL_LOCAL WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_pop(
+ WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk);
+WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_entry_pop_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry)* sk,
+ void (*f) (WOLFSSL_BY_DIR_entry*));
+WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_entry_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry) *sk);
+WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_entry_push(WOLF_STACK_OF(wolfSSL_BY_DIR_entry)* sk,
+ WOLFSSL_BY_DIR_entry* in);
+#endif /* OPENSSL_ALL && !NO_FILESYSTEM && !NO_WOLFSSL_DIR */
#ifdef __cplusplus
} /* extern "C" */
diff --git a/wolfssl/openssl/engine.h b/wolfssl/openssl/engine.h
index e4a1ff193..ba147ff74 100644
--- a/wolfssl/openssl/engine.h
+++ b/wolfssl/openssl/engine.h
@@ -4,5 +4,7 @@
#undef HAVE_OPENSSL_ENGINE_H
-#define ENGINE_load_builtin_engines() /*ENGINE_load_builtin_engines not needed*/
+/* ENGINE_load_builtin_engines not needed, as all builtin engines are already
+ loaded into memory and used on startup. */
+#define ENGINE_load_builtin_engines()
diff --git a/wolfssl/openssl/rand.h b/wolfssl/openssl/rand.h
index 25d1419e2..11af818f6 100644
--- a/wolfssl/openssl/rand.h
+++ b/wolfssl/openssl/rand.h
@@ -24,4 +24,6 @@
#include
#include
+typedef WOLFSSL_RAND_METHOD RAND_METHOD;
+
#define RAND_set_rand_method wolfSSL_RAND_set_rand_method
diff --git a/wolfssl/openssl/rsa.h b/wolfssl/openssl/rsa.h
index d62ee9337..dd07fd49e 100644
--- a/wolfssl/openssl/rsa.h
+++ b/wolfssl/openssl/rsa.h
@@ -111,6 +111,7 @@ WOLFSSL_API int wolfSSL_RSA_private_encrypt(int len, unsigned char* in,
unsigned char* out, WOLFSSL_RSA* rsa, int padding);
WOLFSSL_API int wolfSSL_RSA_size(const WOLFSSL_RSA*);
+WOLFSSL_API int wolfSSL_RSA_bits(const WOLFSSL_RSA*);
WOLFSSL_API int wolfSSL_RSA_sign(int type, const unsigned char* m,
unsigned int mLen, unsigned char* sigRet,
unsigned int* sigLen, WOLFSSL_RSA*);
diff --git a/wolfssl/openssl/sha.h b/wolfssl/openssl/sha.h
index 56d1a706f..7120ecb17 100644
--- a/wolfssl/openssl/sha.h
+++ b/wolfssl/openssl/sha.h
@@ -70,6 +70,8 @@ typedef WOLFSSL_SHA_CTX SHA_CTX;
#define SHA_Init wolfSSL_SHA_Init
#define SHA_Update wolfSSL_SHA_Update
#define SHA_Final wolfSSL_SHA_Final
+#define SHA_Transform wolfSSL_SHA_Transform
+
#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
@@ -81,7 +83,7 @@ typedef WOLFSSL_SHA_CTX SHA_CTX;
#define SHA1_Init wolfSSL_SHA1_Init
#define SHA1_Update wolfSSL_SHA1_Update
#define SHA1_Final wolfSSL_SHA1_Final
-
+#define SHA1_Transform wolfSSL_SHA1_Transform
#ifdef WOLFSSL_SHA224
diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h
index e9b201720..70a79aaa0 100644
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -806,7 +806,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define RSA_generate_key wolfSSL_RSA_generate_key
#define SSL_CTX_set_tmp_rsa_callback wolfSSL_CTX_set_tmp_rsa_callback
#define RSA_print wolfSSL_RSA_print
-#define RSA_bits wolfSSL_RSA_size
+#define RSA_bits wolfSSL_RSA_bits
#define RSA_up_ref wolfSSL_RSA_up_ref
#define RSA_padding_add_PKCS1_PSS wolfSSL_RSA_padding_add_PKCS1_PSS
#define RSA_verify_PKCS1_PSS wolfSSL_RSA_verify_PKCS1_PSS
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 1397fb5f6..de42e4c78 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -143,6 +143,10 @@ typedef struct WOLFSSL_X509_STORE_CTX WOLFSSL_X509_STORE_CTX;
typedef int (*WOLFSSL_X509_STORE_CTX_verify_cb)(int, WOLFSSL_X509_STORE_CTX *);
+typedef struct WOLFSSL_BY_DIR_HASH WOLFSSL_BY_DIR_HASH;
+typedef struct WOLFSSL_BY_DIR_entry WOLFSSL_BY_DIR_entry;
+typedef struct WOLFSSL_BY_DIR WOLFSSL_BY_DIR;
+
/* redeclare guard */
#define WOLFSSL_TYPES_DEFINED
@@ -276,8 +280,6 @@ struct WOLFSSL_X509V3_CTX {
WOLFSSL_X509* x509;
};
-
-
struct WOLFSSL_ASN1_OBJECT {
void* heap;
const unsigned char* obj;
@@ -531,6 +533,8 @@ struct WOLFSSL_X509_LOOKUP_METHOD {
struct WOLFSSL_X509_LOOKUP {
WOLFSSL_X509_STORE *store;
+ int type;
+ WOLFSSL_BY_DIR* dirs;
};
struct WOLFSSL_X509_STORE {
@@ -639,6 +643,25 @@ struct WOLFSSL_X509_STORE_CTX {
typedef char* WOLFSSL_STRING;
+typedef struct WOLFSSL_RAND_METHOD {
+ /* seed = Data to mix into the random generator.
+ * len = Number of bytes to mix from seed. */
+ int (*seed)(const void* seed, int len);
+ /* buf = Buffer to store random bytes in.
+ * len = Number of bytes to store in buf. */
+ int (*bytes)(unsigned char* buf, int len);
+ void (*cleanup)(void);
+ /* add = Data to mix into the random generator.
+ * len = Number of bytes to mix from add.
+ * entropy = Estimate of randomness contained in seed.
+ * Should be between 0 and len. */
+ int (*add)(const void* add, int len, double entropy);
+ /* buf = Buffer to store pseudorandom bytes in.
+ * len = Number of bytes to store in buf. */
+ int (*pseudorand)(unsigned char *buf, int len);
+ int (*status)(void);
+} WOLFSSL_RAND_METHOD;
+
/* Valid Alert types from page 16/17
* Add alert string to the function wolfSSL_alert_type_string_long in src/ssl.c
*/
@@ -1422,6 +1445,8 @@ WOLFSSL_API void wolfSSL_X509_STORE_set_verify_cb(WOLFSSL_X509_STORE *st,
WOLFSSL_X509_STORE_CTX_verify_cb verify_cb);
WOLFSSL_API int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* n,
unsigned char** out);
+WOLFSSL_API int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name,
+ unsigned char** out);
WOLFSSL_API WOLFSSL_X509_NAME *wolfSSL_d2i_X509_NAME(WOLFSSL_X509_NAME **name,
unsigned char **in, long length);
#ifndef NO_RSA
@@ -1500,6 +1525,8 @@ WOLFSSL_API int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1,
const void* data, int dataSz);
WOLFSSL_API unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING*);
WOLFSSL_API int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING*);
+WOLFSSL_API int wolfSSL_ASN1_STRING_copy(WOLFSSL_ASN1_STRING* dst,
+ const WOLFSSL_ASN1_STRING* src);
WOLFSSL_API int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX*);
WOLFSSL_API const char* wolfSSL_X509_verify_cert_error_string(long);
WOLFSSL_API int wolfSSL_X509_get_signature_type(WOLFSSL_X509*);
@@ -1591,6 +1618,8 @@ WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1(WOLFSSL_X509_VERIFY_PARAM* to,
const WOLFSSL_X509_VERIFY_PARAM* from);
WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
const char *file, int type);
+WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,
+ const char *file, int type);
#endif
WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL*);
WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
@@ -3585,11 +3614,14 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_REQ_bio(WOLFSSL_BIO* bio,
WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx,
WOLFSSL_X509_STORE* str);
WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx);
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
+ defined(HAVE_SECRET_CALLBACK)
WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl,
unsigned char *out, size_t outlen);
WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl,
unsigned char* out, size_t outSz);
-#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || HAVE_SECRET_CALLBACK */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
WOLFSSL_API size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio);
@@ -3770,7 +3802,7 @@ WOLFSSL_API int wolfSSL_FIPS_mode(void);
WOLFSSL_API int wolfSSL_FIPS_mode_set(int r);
-WOLFSSL_API int wolfSSL_RAND_set_rand_method(const void *meth);
+WOLFSSL_API int wolfSSL_RAND_set_rand_method(const WOLFSSL_RAND_METHOD *methods);
WOLFSSL_API int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits);
diff --git a/wolfssl/test.h b/wolfssl/test.h
index 50a5c96a2..7fba781f1 100644
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -349,6 +349,7 @@
#define cliEd448CertFile "certs/ed448/client-ed448.pem"
#define cliEd448KeyFile "certs/ed448/client-ed448-priv.pem"
#define caEd448CertFile "certs/ed448/ca-ed448.pem"
+#define caCertFolder "certs/"
#ifdef HAVE_WNR
/* Whitewood netRandom default config file */
#define wnrConfig "wnr-example.conf"
@@ -382,6 +383,7 @@
#define cliEd448CertFile "./certs/ed448/client-ed448.pem"
#define cliEd448KeyFile "./certs/ed448/client-ed448-priv.pem"
#define caEd448CertFile "./certs/ed448/ca-ed448.pem"
+#define caCertFolder "./certs/"
#ifdef HAVE_WNR
/* Whitewood netRandom default config file */
#define wnrConfig "./wnr-example.conf"
@@ -4092,8 +4094,11 @@ static WC_INLINE word16 GetRandomPort(void)
static WC_INLINE void EarlyDataStatus(WOLFSSL* ssl)
{
int earlyData_status;
-
+#ifdef OPENSSL_EXTRA
+ earlyData_status = SSL_get_early_data_status(ssl);
+#else
earlyData_status = wolfSSL_get_early_data_status(ssl);
+#endif
if (earlyData_status < 0) return;
printf("Early Data was ");
diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h
index 6ef8352c6..21908ac3c 100644
--- a/wolfssl/wolfcrypt/aes.h
+++ b/wolfssl/wolfcrypt/aes.h
@@ -250,6 +250,21 @@ struct Aes {
silabs_aes_t ctx;
#endif
void* heap; /* memory hint to use */
+#ifdef WOLFSSL_AESGCM_STREAM
+#if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_AESNI)
+ ALIGN16 byte streamData[5 * AES_BLOCK_SIZE];
+#else
+ byte* streamData;
+#endif
+ word32 aSz;
+ word32 cSz;
+ byte over;
+ byte aOver;
+ byte cOver;
+ byte gcmKeySet:1;
+ byte nonceSet:1;
+ byte ctrSet:1;
+#endif
};
#ifndef WC_AES_TYPE_DEFINED
@@ -361,6 +376,26 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out,
const byte* iv, word32 ivSz,
const byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz);
+#ifdef WOLFSSL_AESGCM_STREAM
+WOLFSSL_API int wc_AesGcmInit(Aes* aes, const byte* key, word32 len,
+ const byte* iv, word32 ivSz);
+
+WOLFSSL_API int wc_AesGcmEncryptInit(Aes* aes, const byte* key, word32 len,
+ const byte* iv, word32 ivSz);
+WOLFSSL_API int wc_AesGcmEncryptInit_ex(Aes* aes, const byte* key, word32 len,
+ byte* ivOut, word32 ivOutSz);
+WOLFSSL_API int wc_AesGcmEncryptUpdate(Aes* aes, byte* out, const byte* in,
+ word32 sz, const byte* authIn, word32 authInSz);
+WOLFSSL_API int wc_AesGcmEncryptFinal(Aes* aes, byte* authTag,
+ word32 authTagSz);
+
+WOLFSSL_API int wc_AesGcmDecryptInit(Aes* aes, const byte* key, word32 len,
+ const byte* iv, word32 ivSz);
+WOLFSSL_API int wc_AesGcmDecryptUpdate(Aes* aes, byte* out, const byte* in,
+ word32 sz, const byte* authIn, word32 authInSz);
+WOLFSSL_API int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag,
+ word32 authTagSz);
+#endif
#ifndef WC_NO_RNG
WOLFSSL_API int wc_AesGcmSetExtIV(Aes* aes, const byte* iv, word32 ivSz);
diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h
index ddac56b34..446148a7a 100644
--- a/wolfssl/wolfcrypt/asn.h
+++ b/wolfssl/wolfcrypt/asn.h
@@ -1173,6 +1173,8 @@ WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn);
WOLFSSL_LOCAL int wc_EncodeName(EncodedName* name, const char* nameStr,
char nameType, byte type);
+WOLFSSL_LOCAL int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr,
+ char nameType, byte type);
/* ASN.1 helper functions */
#ifdef WOLFSSL_CERT_GEN
WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name);
diff --git a/wolfssl/wolfcrypt/cmac.h b/wolfssl/wolfcrypt/cmac.h
index 0ae475e41..9519af9f3 100644
--- a/wolfssl/wolfcrypt/cmac.h
+++ b/wolfssl/wolfcrypt/cmac.h
@@ -53,12 +53,15 @@ struct Cmac {
byte k2[AES_BLOCK_SIZE];
word32 bufferSz;
word32 totalSz;
-#if defined(WOLF_CRYPTO_CB)
+#ifdef WOLF_CRYPTO_CB
int devId;
+ void* devCtx;
+ #ifdef WOLFSSL_QNX_CAAM
byte ctx[32]; /* hold state for save and return */
word32 blackKey;
word32 keylen;
byte initialized;
+ #endif
#endif
};
diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h
index 138e3cbe4..dd6ac1726 100644
--- a/wolfssl/wolfcrypt/error-crypt.h
+++ b/wolfssl/wolfcrypt/error-crypt.h
@@ -235,8 +235,11 @@ enum {
CHACHA_POLY_OVERFLOW =-274, /* ChaCha20Poly1305 limit overflow */
ASN_SELF_SIGNED_E = -275, /* ASN self-signed certificate error */
SAKKE_VERIFY_FAIL_E = -276, /* SAKKE derivation verification error */
+ MISSING_IV = -277, /* IV was not set */
+ MISSING_KEY = -278, /* Key was not set */
+ BAD_LENGTH_E = -279, /* Value of length parameter is invalid. */
- WC_LAST_E = -276, /* Update this to indicate last error */
+ WC_LAST_E = -279, /* Update this to indicate last error */
MIN_CODE_E = -300 /* errors -101 - -299 */
/* add new companion error id strings for any new error codes
diff --git a/wolfssl/wolfcrypt/port/caam/caam_driver.h b/wolfssl/wolfcrypt/port/caam/caam_driver.h
index c3252ce43..701af3611 100644
--- a/wolfssl/wolfcrypt/port/caam/caam_driver.h
+++ b/wolfssl/wolfcrypt/port/caam/caam_driver.h
@@ -271,6 +271,7 @@
unsigned int CAAM_READ(unsigned int reg);
void CAAM_WRITE(unsigned int reg, unsigned int in);
int CAAM_SET_BASEADDR(void);
+void CAAM_UNSET_BASEADDR(void);
unsigned int CAAM_ADR_TO_PHYSICAL(void* in, int inSz);
void* CAAM_ADR_MAP(unsigned int in, int inSz, unsigned char copy);
void CAAM_ADR_UNMAP(void* vaddr, unsigned int out, int outSz,
@@ -278,20 +279,18 @@ void CAAM_ADR_UNMAP(void* vaddr, unsigned int out, int outSz,
int CAAM_ADR_SYNC(void* vaddr, int sz);
CAAM_ADDRESS CAAM_ADR_TO_VIRTUAL(CAAM_ADDRESS in, int length);
-
-
- #ifndef WOLFSSL_CAAM_BUFFER
- #define WOLFSSL_CAAM_BUFFER
- typedef struct CAAM_BUFFER {
- int BufferType;
- CAAM_ADDRESS TheAddress;
- int Length;
- } CAAM_BUFFER;
- #endif
- unsigned int caamReadRegister(unsigned int reg);
- void caamWriteRegister(unsigned int reg, unsigned int in);
- int SynchronousSendRequest(int type, unsigned int args[4], CAAM_BUFFER *buf, int sz);
- int caamJobRingFree(void);
+#ifndef WOLFSSL_CAAM_BUFFER
+#define WOLFSSL_CAAM_BUFFER
+typedef struct CAAM_BUFFER {
+ int BufferType;
+ CAAM_ADDRESS TheAddress;
+ int Length;
+} CAAM_BUFFER;
+#endif
+unsigned int caamReadRegister(unsigned int reg);
+void caamWriteRegister(unsigned int reg, unsigned int in);
+int SynchronousSendRequest(int type, unsigned int args[4], CAAM_BUFFER *buf, int sz);
+int CleanupCAAM(void);
/* Driver API that can be called by caam_.c port layers */
@@ -309,8 +308,7 @@ int caamECDSAMake(DESCSTRUCT *desc, CAAM_BUFFER *buf, unsigned int args[4]);
int caamAesCmac(DESCSTRUCT *desc, int sz, unsigned int args[4]);
int caamBlob(DESCSTRUCT *desc);
-CAAM_ADDRESS caamGetPartition(unsigned int part, int partSz, unsigned int* phys,
- unsigned int flag);
+CAAM_ADDRESS caamGetPartition(unsigned int part, int partSz, unsigned int flag);
int caamFreePart(unsigned int part);
int caamFindUnusuedPartition(void);
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 253264a9f..ee7caec50 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -1240,7 +1240,8 @@ extern void uITRON4_free(void *p) ;
#if defined(WOLFSSL_STM32F2) || defined(WOLFSSL_STM32F4) || \
defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32F1) || \
defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \
- defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32H7)
+ defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32H7) || \
+ defined(WOLFSSL_STM32G0)
#define SIZEOF_LONG_LONG 8
#ifndef CHAR_BIT
@@ -1293,6 +1294,8 @@ extern void uITRON4_free(void *p) ;
#include "stm32h7xx_hal.h"
#elif defined(WOLFSSL_STM32WB)
#include "stm32wbxx_hal.h"
+ #elif defined(WOLFSSL_STM32G0)
+ #include "stm32g0xx_hal.h"
#endif
#if defined(WOLFSSL_CUBEMX_USE_LL) && defined(WOLFSSL_STM32L4)
#include "stm32l4xx_ll_rng.h"
@@ -1343,7 +1346,8 @@ extern void uITRON4_free(void *p) ;
#endif
#endif /* WOLFSSL_STM32_CUBEMX */
#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 ||
- WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB || WOLFSSL_STM32H7 */
+ WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB ||
+ WOLFSSL_STM32H7 || WOLFSSL_STM32G0 */
#ifdef WOLFSSL_DEOS
#include
#include
diff --git a/wolfssl/wolfcrypt/sp.h b/wolfssl/wolfcrypt/sp.h
index 22870d4a8..dc9307a40 100644
--- a/wolfssl/wolfcrypt/sp.h
+++ b/wolfssl/wolfcrypt/sp.h
@@ -27,9 +27,15 @@
#if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \
defined(WOLFSSL_HAVE_SP_ECC)
-
-#ifndef WOLFSSL_LINUXKM
-#include
+#ifdef _WIN32_WCE
+ typedef __int8 int8_t;
+ typedef __int32 int32_t;
+ typedef __int64 int64_t;
+ typedef unsigned __int8 uint8_t;
+ typedef unsigned __int32 uint32_t;
+ typedef unsigned __int64 uint64_t;
+#elif !defined(WOLFSSL_LINUXKM)
+ #include
#endif
#include
diff --git a/wolfssl/wolfcrypt/sp_int.h b/wolfssl/wolfcrypt/sp_int.h
index 8083e6404..9f247daf0 100644
--- a/wolfssl/wolfcrypt/sp_int.h
+++ b/wolfssl/wolfcrypt/sp_int.h
@@ -113,29 +113,33 @@ extern "C" {
#error "Size of unsigned long not detected"
#endif
-#if ULLONG_MAX == 18446744073709551615ULL
- #define SP_ULLONG_BITS 64
+#ifdef ULLONG_MAX
+ #if ULLONG_MAX == 18446744073709551615ULL
+ #define SP_ULLONG_BITS 64
- #if SP_ULLONG_BITS > SP_ULONG_BITS
- typedef unsigned long long sp_uint64;
- typedef long long sp_int64;
- #endif
-#elif ULLONG_MAX == 4294967295UL
- #define SP_ULLONG_BITS 32
+ #if SP_ULLONG_BITS > SP_ULONG_BITS
+ typedef unsigned long long sp_uint64;
+ typedef long long sp_int64;
+ #endif
+ #elif ULLONG_MAX == 4294967295UL
+ #define SP_ULLONG_BITS 32
- #if SP_ULLONG_BITS > SP_ULONG_BITS
- typedef unsigned long long sp_uint32;
- typedef long long sp_int32;
- #endif
-#elif ULLONG_MAX == 65535
- #define SP_ULLONG_BITS 16
+ #if SP_ULLONG_BITS > SP_ULONG_BITS
+ typedef unsigned long long sp_uint32;
+ typedef long long sp_int32;
+ #endif
+ #elif ULLONG_MAX == 65535
+ #define SP_ULLONG_BITS 16
- #if SP_ULLONG_BITS > SP_ULONG_BITS
- typedef unsigned long long sp_uint16;
- typedef long long sp_int16;
+ #if SP_ULLONG_BITS > SP_ULONG_BITS
+ typedef unsigned long long sp_uint16;
+ typedef long long sp_int16;
+ #endif
+ #else
+ #error "Size of unsigned long long not detected"
#endif
#else
- #error "Size of unsigned long long not detected"
+ #define SP_ULLONG_BITS 0
#endif
diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
index e1d4aa2da..0032884a0 100644
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@@ -556,17 +556,17 @@ decouple library dependencies with standard string, memory and so on.
{
va_list ap;
int ret;
-
+
if ((int)n <= 0) return -1;
-
+
va_start(ap, format);
-
- ret = vsnprintf(s, n, format, ap);
+
+ ret = XVSNPRINTF(s, n, format, ap);
if (ret < 0)
ret = -1;
-
+
va_end(ap);
-
+
return ret;
}
#define XSNPRINTF _xsnprintf_
@@ -597,7 +597,7 @@ decouple library dependencies with standard string, memory and so on.
if ((int)bufsize <= 0) return -1;
va_start(ap, format);
- ret = vsnprintf(buffer, bufsize, format, ap);
+ ret = XVSNPRINTF(buffer, bufsize, format, ap);
if (ret >= (int)bufsize)
ret = -1;
va_end(ap);
@@ -659,6 +659,8 @@ decouple library dependencies with standard string, memory and so on.
#endif
#ifdef OPENSSL_ALL
#define XISALNUM(c) isalnum((c))
+ #define XISASCII(c) isascii((c))
+ #define XISSPACE(c) isspace((c))
#endif
/* needed by wolfSSL_check_domain_name() */
#define XTOLOWER(c) tolower((c))
diff --git a/wolfssl/wolfcrypt/visibility.h b/wolfssl/wolfcrypt/visibility.h
index 25c429464..46a31a444 100644
--- a/wolfssl/wolfcrypt/visibility.h
+++ b/wolfssl/wolfcrypt/visibility.h
@@ -43,7 +43,8 @@
*/
#if defined(BUILDING_WOLFSSL)
- #if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__)
+ #if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \
+ defined(_WIN32_WCE)
#if defined(WOLFSSL_DLL)
#define WOLFSSL_API __declspec(dllexport)
#else
@@ -61,7 +62,8 @@
#define WOLFSSL_LOCAL
#endif /* HAVE_VISIBILITY */
#else /* BUILDING_WOLFSSL */
- #if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__)
+ #if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \
+ defined(_WIN32_WCE)
#if defined(WOLFSSL_DLL)
#define WOLFSSL_API __declspec(dllimport)
#else
diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h
index 8a41f4b99..291ff4d40 100644
--- a/wolfssl/wolfcrypt/wc_port.h
+++ b/wolfssl/wolfcrypt/wc_port.h
@@ -616,6 +616,22 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#define XSEEK_END 0
#define XBADFILE NULL
#define XFGETS(b,s,f) f_gets((b), (s), (f))
+#elif defined (_WIN32_WCE)
+ /* stdio, WINCE case */
+ #include
+ #define XFILE FILE*
+ #define XFOPEN fopen
+ #define XFDOPEN fdopen
+ #define XFSEEK fseek
+ #define XFTELL ftell
+ #define XREWIND(F) XFSEEK(F, 0, SEEK_SET)
+ #define XFREAD fread
+ #define XFWRITE fwrite
+ #define XFCLOSE fclose
+ #define XSEEK_END SEEK_END
+ #define XBADFILE NULL
+ #define XFGETS fgets
+ #define XVSNPRINTF _vsnprintf
#elif defined(FUSION_RTOS)
#include
@@ -676,14 +692,32 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#define XFGETS fgets
#define XFPRINTF fprintf
- #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR)\
+ #if !defined(NO_WOLFSSL_DIR)\
&& !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
+ #if defined(USE_WINDOWS_API)
+ #include
+ #define XSTAT _stat
+ #define XS_ISREG(s) (s & _S_IFREG)
+ #define SEPARATOR_CHAR ';'
+ #elif defined(WOLFSSL_ZEPHYR)
+ #define XSTAT fs_stat
+ #define XS_ISREG(s) (s == FS_DIR_ENTRY_FILE)
+ #define SEPARATOR_CHAR ':'
+ #elif defined(WOLFSSL_TELIT_M2MB)
+ #define XSTAT m2mb_fs_stat
+ #define XS_ISREG(s) (s & M2MB_S_IFREG)
+ #define SEPARATOR_CHAR ':'
+ #else
#include
#include
#include
#define XWRITE write
#define XREAD read
#define XCLOSE close
+ #define XSTAT stat
+ #define XS_ISREG(s) S_ISREG(s)
+ #define SEPARATOR_CHAR ':'
+ #endif
#endif
#endif
@@ -719,6 +753,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#ifdef USE_WINDOWS_API
WIN32_FIND_DATAA FindFileData;
HANDLE hFind;
+ struct XSTAT s;
#elif defined(WOLFSSL_ZEPHYR)
struct fs_dirent entry;
struct fs_dir_t dir;
@@ -729,10 +764,12 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
M2MB_DIR_T* dir;
struct M2MB_DIRENT* entry;
struct M2MB_STAT s;
+ #elif defined(INTIME_RTOS)
+ FIND_FILE_DATA FindFileData;
#else
struct dirent* entry;
DIR* dir;
- struct stat s;
+ struct XSTAT s;
#endif
char name[MAX_FILENAME_SZ];
} ReadDirCtx;
@@ -743,6 +780,9 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
WOLFSSL_API int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name);
WOLFSSL_API void wc_ReadDirClose(ReadDirCtx* ctx);
#endif /* !NO_WOLFSSL_DIR */
+ #define WC_ISFILEEXIST_NOFILE -1
+
+ WOLFSSL_API int wc_FileExists(const char* fname);
#endif /* !NO_FILESYSTEM */
@@ -863,9 +903,32 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#elif defined(_WIN32_WCE)
#include
+ #include /* For file system */
+
+ time_t windows_time(time_t* timer);
+
+ #define FindNextFileA(h, d) FindNextFile(h, (LPWIN32_FIND_DATAW) d)
+ #define FindFirstFileA(fn, d) FindFirstFile((LPCWSTR) fn, \
+ (LPWIN32_FIND_DATAW) d)
#define XTIME(t1) windows_time((t1))
#define WOLFSSL_GMTIME
+ /* if struct tm is not defined in WINCE SDK */
+ #ifndef _TM_DEFINED
+ struct tm {
+ int tm_sec; /* seconds */
+ int tm_min; /* minutes */
+ int tm_hour; /* hours */
+ int tm_mday; /* day of month (month specific) */
+ int tm_mon; /* month */
+ int tm_year; /* year */
+ int tm_wday; /* day of week (out of 1-7)*/
+ int tm_yday; /* day of year (out of 365) */
+ int tm_isdst; /* is it daylight savings */
+ };
+ #define _TM_DEFINED
+ #endif
+
#elif defined(WOLFSSL_APACHE_MYNEWT)
#include "os/os_time.h"
#define XTIME(t1) mynewt_time((t1))