From 5dbc6db295ba271400267625feb078fb95c00aa5 Mon Sep 17 00:00:00 2001 From: David Kubasek Date: Wed, 3 Mar 2021 10:25:54 +0100 Subject: [PATCH 001/137] Fixed CID 576149 --- src/ssl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index 14a160dc2..d7d99c484 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -49965,6 +49965,9 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* str, int len, return NULL; } } else { + /* This may be overly defensive */ + if (weOwn) + wolfSSL_BN_free(ret); return NULL; } From 38cfe7173243d2ad0cd558f94a28ffdf947c910c Mon Sep 17 00:00:00 2001 From: Radim Smat Date: Wed, 3 Mar 2021 15:41:28 +0100 Subject: [PATCH 002/137] Fixed CID 576552. --- src/crl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/crl.c b/src/crl.c index 1663b347a..750ac65fc 100644 --- a/src/crl.c +++ b/src/crl.c @@ -633,6 +633,7 @@ static CRL_Entry* DupCRL_list(CRL_Entry* crl, void* heap) current = head; head = head->next; FreeCRL_Entry(current, heap); + XFREE(current, heap, DYNAMIC_TYPE_CRL_ENTRY); } return NULL; From ef34e613e8e23f96957d5709a69efe6867b4245b Mon Sep 17 00:00:00 2001 From: Radim Smat Date: Wed, 3 Mar 2021 15:46:37 +0100 Subject: [PATCH 003/137] Fixed CID 582947. --- src/ocsp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ocsp.c b/src/ocsp.c index 4862cf939..53f44bbbf 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -799,8 +799,8 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response, DYNAMIC_TYPE_OCSP_STATUS); if (resp->single->status == NULL) { XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST); XFREE(resp->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY); + XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST); return NULL; } XMEMSET(resp->single->status, 0, sizeof(CertStatus)); From 26578be1a792a600091d936139252767d2c25e8a Mon Sep 17 00:00:00 2001 From: Radim Smat Date: Wed, 3 Mar 2021 15:51:22 +0100 Subject: [PATCH 004/137] Fixed CID 583215. --- src/ocsp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ocsp.c b/src/ocsp.c index 53f44bbbf..1b7395895 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -621,6 +621,7 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id( if (certStatus) XFREE(certStatus, NULL, DYNAMIC_TYPE_OPENSSL); + wolfSSL_CertManagerFree(cm); return NULL; } From 0bdb2bf40c07cbac8be2a9e20991bfca5f0d0108 Mon Sep 17 00:00:00 2001 From: Radim Smat Date: Wed, 3 Mar 2021 15:55:02 +0100 Subject: [PATCH 005/137] Fixed CID 583972. --- src/ssl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ssl.c b/src/ssl.c index d7d99c484..df1310cf5 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -23674,6 +23674,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("wolfSSL_BIO_set_fp error"); + wolfSSL_BIO_free(bio); return WOLFSSL_FAILURE; } From 27c5714f117e422445161a792308ce48c7a0a805 Mon Sep 17 00:00:00 2001 From: Radim Smat Date: Wed, 3 Mar 2021 15:58:55 +0100 Subject: [PATCH 006/137] Fixed CID 586826. --- src/ssl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ssl.c b/src/ssl.c index df1310cf5..ba2886615 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -44536,6 +44536,7 @@ WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out) const byte* bioMemPt = bioMem; /* leave bioMem pointer unaltered */ if ((key = wolfSSL_d2i_RSAPrivateKey(NULL, &bioMemPt, bioMemSz)) == NULL) { XFREE((unsigned char*)bioMem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE((unsigned char*)maxKeyBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); return NULL; } From d5c3d9ca4fc4ac404197a72ce08518b1b7c78835 Mon Sep 17 00:00:00 2001 From: Radim Smat Date: Wed, 3 Mar 2021 16:03:32 +0100 Subject: [PATCH 007/137] Fixed CID 587064. --- src/ssl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ssl.c b/src/ssl.c index ba2886615..9a25b0bfa 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -9475,6 +9475,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext) WOLFSSL_MSG("ASN1_STRING_set() failed"); wolfSSL_ASN1_OBJECT_free(ad->method); XFREE(aia, NULL, DYNAMIC_TYPE_X509_EXT); + XFREE(ad->location, NULL, DYNAMIC_TYPE_OPENSSL); XFREE(ad, NULL, DYNAMIC_TYPE_X509_EXT); return NULL; } From 18163c9a2ab6b559f860e873f56790baaef33bcf Mon Sep 17 00:00:00 2001 From: Radim Smat Date: Wed, 3 Mar 2021 16:38:28 +0100 Subject: [PATCH 008/137] Fixed CID 587269. --- src/ssl.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 9a25b0bfa..8d40bbf79 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -41501,7 +41501,7 @@ err: * * returns WOLFSSL_SUCCESS on success */ - static int wolfSSL_X509_INFO_set(WOLFSSL_X509_INFO* info, + static int wolfSSL_X509_INFO_set(WOLFSSL_X509_INFO** info, WOLFSSL_X509* x509) { if (info == NULL || x509 == NULL) { @@ -41509,7 +41509,7 @@ err: } /* check is fresh "info" passed in, if not free it */ - if (info->x509 != NULL || info->x_pkey != NULL) { + if ((*info)->x509 != NULL || (*info)->x_pkey != NULL) { WOLFSSL_X509_INFO* tmp; tmp = wolfSSL_X509_INFO_new(); @@ -41517,11 +41517,11 @@ err: WOLFSSL_MSG("Unable to create new structure"); return MEMORY_E; } - wolfSSL_X509_INFO_free(info); - info = tmp; + wolfSSL_X509_INFO_free(*info); + (*info) = tmp; } - info->x509 = x509; + (*info)->x509 = x509; //@TODO info->num //@TODO info->enc_cipher @@ -41529,8 +41529,8 @@ err: //@TODO info->enc_data //@TODO info->crl - info->x_pkey = wolfSSL_X509_PKEY_new(x509->heap); - return wolfSSL_X509_PKEY_set(info->x_pkey, x509); + (*info)->x_pkey = wolfSSL_X509_PKEY_new(x509->heap); + return wolfSSL_X509_PKEY_set((*info)->x_pkey, x509); } /** @@ -41725,7 +41725,7 @@ err: return NULL; } if (x509) { - ret = wolfSSL_X509_INFO_set(current, x509); + ret = wolfSSL_X509_INFO_set(¤t, x509); } else if (crl) { current->crl = crl; From 061120dda6e24a5a728f1d25cae6b68ca56474af Mon Sep 17 00:00:00 2001 From: Radim Smat Date: Wed, 3 Mar 2021 17:18:24 +0100 Subject: [PATCH 009/137] Fixed CID 587340. --- src/ssl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ssl.c b/src/ssl.c index 8d40bbf79..66a3de121 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -8171,6 +8171,7 @@ int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert) CA_TYPE, NO_VERIFY, NULL) < 0) { WOLFSSL_MSG("\tCertificate parsing failed"); + FreeDecodedCert(&cert); return WOLFSSL_FAILURE; } From 1aa718a438ac2ffb0a78168671bf9a0094688b17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Kin=C4=8Dl?= Date: Wed, 3 Mar 2021 18:49:00 +0100 Subject: [PATCH 010/137] Fixed CID 143658, 463100, 529732. --- src/ssl.c | 45 +++++++++++++++++++++++++++++++-------------- 1 file changed, 31 insertions(+), 14 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 14a160dc2..9488205e6 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -29623,21 +29623,36 @@ int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO* bio, } p = (const char *)(asnTime->data); /* GetTimeString not always available. */ - wolfSSL_BIO_write(bio, MonthStr(p + 4), 3); - wolfSSL_BIO_write(bio, " ", 1); + if (wolfSSL_BIO_write(bio, MonthStr(p + 4), 3) <= 0) + return WOLFSSL_FAILURE; + if (wolfSSL_BIO_write(bio, " ", 1) <= 0) + return WOLFSSL_FAILURE; + /* Day */ - wolfSSL_BIO_write(bio, p + 6, 2); - wolfSSL_BIO_write(bio, " ", 1); + if (wolfSSL_BIO_write(bio, p + 6, 2) <= 0) + return WOLFSSL_FAILURE; + if (wolfSSL_BIO_write(bio, " ", 1) <= 0) + return WOLFSSL_FAILURE; + /* Hour */ - wolfSSL_BIO_write(bio, p + 8, 2); - wolfSSL_BIO_write(bio, ":", 1); + if (wolfSSL_BIO_write(bio, p + 8, 2) <= 0) + return WOLFSSL_FAILURE; + if (wolfSSL_BIO_write(bio, ":", 1) <= 0) + return WOLFSSL_FAILURE; + /* Min */ - wolfSSL_BIO_write(bio, p + 10, 2); - wolfSSL_BIO_write(bio, ":", 1); + if (wolfSSL_BIO_write(bio, p + 10, 2) <= 0) + return WOLFSSL_FAILURE; + if (wolfSSL_BIO_write(bio, ":", 1) <= 0) + return WOLFSSL_FAILURE; + /* Secs */ - wolfSSL_BIO_write(bio, p + 12, 2); - wolfSSL_BIO_write(bio, " ", 1); - wolfSSL_BIO_write(bio, p, 4); + if (wolfSSL_BIO_write(bio, p + 12, 2) <= 0) + return WOLFSSL_FAILURE; + if (wolfSSL_BIO_write(bio, " ", 1) <= 0) + return WOLFSSL_FAILURE; + if (wolfSSL_BIO_write(bio, p, 4) <= 0) + return WOLFSSL_FAILURE; return 0; } @@ -38545,7 +38560,10 @@ int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset) WOLFSSL_MSG("Memory error"); return WOLFSSL_FAILURE; } - mp_to_unsigned_bin(rsaElem, rawKey); + if (mp_to_unsigned_bin(rsaElem, rawKey) < 0) { + XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } for (idx = 0; idx < (word32)rawLen; idx++) { char val[5]; int valSz = 5; @@ -47533,8 +47551,7 @@ int wolfSSL_i2a_ASN1_INTEGER(BIO *bp, const WOLFSSL_ASN1_INTEGER *a) /* Zero length integer is the value zero. */ if (len == 0) { - wolfSSL_BIO_write(bp, "00", 2); - return 2; + return wolfSSL_BIO_write(bp, "00", 2); } if (Base16_Encode(a->data + idx, len, buf, &bufLen) != 0 || From af42e2a7999845ad5d23a5b9537f26b6b2cc0d12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Kin=C4=8Dl?= Date: Wed, 3 Mar 2021 19:21:51 +0100 Subject: [PATCH 011/137] Fixed CID 576329. --- src/ssl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index c78ab7c78..1f3353d67 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -50203,7 +50203,7 @@ int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM* bn, int n) if (bn == NULL || bn->internal == NULL) { WOLFSSL_MSG("bn NULL error"); - goto cleanup; + goto end; } if (mp_is_bit_set((mp_int*)bn->internal, n)) { #ifdef WOLFSSL_SMALL_STACK @@ -50230,6 +50230,7 @@ cleanup: if (tmp) XFREE(tmp, NULL, DYNAMIC_TYPE_BIGINT); #endif +end: return ret; } From 806313ff1a8427b21ef799600d93dc0f52cf9ff4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Kin=C4=8Dl?= Date: Wed, 3 Mar 2021 19:43:19 +0100 Subject: [PATCH 012/137] Fixed CID 576473. --- src/ssl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 1f3353d67..213dde472 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -36547,11 +36547,12 @@ int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group, mp_clear(&modulus); return WOLFSSL_FAILURE; } + + mp_clear(&modulus); } BN_copy(x, point->X); BN_copy(y, point->Y); - mp_clear(&modulus); return WOLFSSL_SUCCESS; } From d941cb445645f973fab76c57ede4f8d4ab74bd2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Kin=C4=8Dl?= Date: Wed, 3 Mar 2021 19:48:54 +0100 Subject: [PATCH 013/137] Fixed CID 587279. --- src/ssl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index 213dde472..f6644de99 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -9330,6 +9330,8 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext) WOLFSSL_MSG("Failed to malloc authority key id"); return NULL; } + + XMEMSET(akey, 0, sizeof(WOLFSSL_AUTHORITY_KEYID)); akey->keyid = wolfSSL_ASN1_STRING_new(); if (akey->keyid == NULL) { From c27c78f9e4a165bc5f674bead7a2268563035c81 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Kin=C4=8Dl?= Date: Wed, 3 Mar 2021 20:12:59 +0100 Subject: [PATCH 014/137] Fixed CID 529748. --- src/ssl.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index f6644de99..d54a771a1 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -41907,8 +41907,10 @@ err: ne->object = wolfSSL_OBJ_nid2obj_ex(nid, ne->object); ne->value = wolfSSL_ASN1_STRING_type_new(type); if (ne->value != NULL) { - wolfSSL_ASN1_STRING_set(ne->value, (const void*)data, dataSz); - ne->set = 1; + if (wolfSSL_ASN1_STRING_set(ne->value, (const void*)data, dataSz) + == WOLFSSL_SUCCESS) { + ne->set = 1; + } } return ne; From 05156083ece4ba994b5f42944c130da773d6ecd7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Kin=C4=8Dl?= Date: Wed, 3 Mar 2021 20:29:21 +0100 Subject: [PATCH 015/137] Fixed CID 529770. --- wolfcrypt/src/integer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index 81987f96d..25d3fa4b9 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -2409,7 +2409,7 @@ int mp_exptmod_base_2(mp_int * X, mp_int * P, mp_int * Y) } /* swap res with Y */ - mp_copy(res, Y); + err = mp_copy(res, Y); LBL_RES:mp_clear (res); LBL_M: From 9ea66868d8d7cb326f13a9ba215bb605b5661bea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Kin=C4=8Dl?= Date: Wed, 3 Mar 2021 20:37:29 +0100 Subject: [PATCH 016/137] Fixed CID 536133. --- wolfcrypt/src/integer.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index 25d3fa4b9..2f75291a6 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -868,16 +868,13 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y) return MP_VAL; } if (mp_isone(P)) { - mp_set(Y, 0); - return MP_OKAY; + return mp_set(Y, 0); } if (mp_iszero(X)) { - mp_set(Y, 1); - return MP_OKAY; + return mp_set(Y, 1); } if (mp_iszero(G)) { - mp_set(Y, 0); - return MP_OKAY; + return mp_set(Y, 0); } /* if exponent X is negative we have to recurse */ From f2b832415e295464bd490bcd18e893483784606e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Kin=C4=8Dl?= Date: Wed, 3 Mar 2021 20:57:40 +0100 Subject: [PATCH 017/137] Fixed CID 576799. --- wolfcrypt/src/pkcs12.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c index 10bb8b3cc..eb38a2a3f 100644 --- a/wolfcrypt/src/pkcs12.c +++ b/wolfcrypt/src/pkcs12.c @@ -751,7 +751,14 @@ int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz) outerSz += mac->saltSz; /* MAC iterations */ - outerSz += SetShortInt(ASNSHORT, &tmpIdx, mac->itt, MAX_SHORT_SZ); + ret = SetShortInt(ASNSHORT, &tmpIdx, mac->itt, MAX_SHORT_SZ); + if (ret >= 0) { + outerSz += ret; + ret = 0; + } + else { + return ret; + } /* sequence of inner data */ outerSz += SetSequence(innerSz, seq); From d3314f142a8dbe5f855a1054159926d1e5d992cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Kin=C4=8Dl?= Date: Wed, 3 Mar 2021 21:04:51 +0100 Subject: [PATCH 018/137] Fixed CID 576946. --- wolfcrypt/src/asn.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index fe2799478..f3c282907 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -4173,7 +4173,13 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, seqSz += sz; tmpIdx = 0; - seqSz += SetShortInt(shr, &tmpIdx, itt, maxShr); + ret = SetShortInt(shr, &tmpIdx, itt, maxShr); + if (ret >= 0) { + seqSz += ret; + } + else { + return ret; + } innerSz += seqSz + SetSequence(seqSz, seq); totalSz += innerSz + SetSequence(innerSz, seq); From c634c6c8503e1aeb440e35253693be499877cc18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Kin=C4=8Dl?= Date: Wed, 3 Mar 2021 21:09:24 +0100 Subject: [PATCH 019/137] Fixed CID 577188. --- src/ssl.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index d54a771a1..2d68a0d4f 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -41862,8 +41862,10 @@ err: ne->object = wolfSSL_OBJ_nid2obj_ex(nid, ne->object); ne->value = wolfSSL_ASN1_STRING_type_new(type); if (ne->value != NULL) { - wolfSSL_ASN1_STRING_set(ne->value, (const void*)data, dataSz); - ne->set = 1; + if (wolfSSL_ASN1_STRING_set(ne->value, (const void*)data, + dataSz) == WOLFSSL_SUCCESS) { + ne->set = 1; + } } } From 3770d4c5811b4dea356fe6dcf9694dadaa93c6f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Kin=C4=8Dl?= Date: Wed, 3 Mar 2021 21:20:33 +0100 Subject: [PATCH 020/137] Fixed CID 577295. --- wolfcrypt/src/wc_port.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index cc7022e14..99b3a4782 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -386,7 +386,10 @@ int wc_FileLoad(const char* fname, unsigned char** buf, size_t* bufLen, return BAD_PATH_ERROR; } - XFSEEK(f, 0, XSEEK_END); + if (XFSEEK(f, 0, XSEEK_END) != 0) { + WOLFSSL_MSG("wc_LoadFile file seek error"); + return BAD_PATH_ERROR; + } fileSz = XFTELL(f); XREWIND(f); if (fileSz > 0) { From b383d9327418f8b65f8e178dd963190a35e0f190 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Kin=C4=8Dl?= Date: Wed, 3 Mar 2021 21:32:34 +0100 Subject: [PATCH 021/137] Fixed CID 582952. --- src/ocsp.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/ocsp.c b/src/ocsp.c index 1b7395895..efb86f37c 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -607,7 +607,9 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id( /* AddCA() frees the buffer. */ XMEMCPY(derCert->buffer, issuer->derCert->buffer, issuer->derCert->length); - AddCA(cm, &derCert, WOLFSSL_USER_CA, 1); + ret = AddCA(cm, &derCert, WOLFSSL_USER_CA, 1); + if (ret != WOLFSSL_SUCCESS) + return NULL; } certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(WOLFSSL_OCSP_CERTID), NULL, From d5cd9c4a7fb90a1c5d0bb479bc665f3dafb5746e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Kin=C4=8Dl?= Date: Thu, 4 Mar 2021 01:02:11 +0100 Subject: [PATCH 022/137] Fixed CID 591810. --- wolfcrypt/src/wc_port.c | 1 + 1 file changed, 1 insertion(+) diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 99b3a4782..87d4d09ec 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -388,6 +388,7 @@ int wc_FileLoad(const char* fname, unsigned char** buf, size_t* bufLen, if (XFSEEK(f, 0, XSEEK_END) != 0) { WOLFSSL_MSG("wc_LoadFile file seek error"); + XFCLOSE(f); return BAD_PATH_ERROR; } fileSz = XFTELL(f); From 86b5434dccca514cd4e7f91296b6bb080e7b6e70 Mon Sep 17 00:00:00 2001 From: Radim Smat Date: Thu, 4 Mar 2021 10:45:49 +0100 Subject: [PATCH 023/137] Fixed CID 587342. --- src/ssl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ssl.c b/src/ssl.c index 2d68a0d4f..d5971c734 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -8531,6 +8531,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) NO_VERIFY, NULL) < 0) { WOLFSSL_MSG("\tCertificate parsing failed"); wolfSSL_X509_EXTENSION_free(ext); + FreeDecodedCert(&cert); return NULL; } From dbaf5456949c361833e41091cc564340206c80d2 Mon Sep 17 00:00:00 2001 From: Radim Smat Date: Thu, 4 Mar 2021 11:08:25 +0100 Subject: [PATCH 024/137] Fixed CID 587348 and CID 587349. --- src/ssl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ssl.c b/src/ssl.c index d5971c734..af3cb613c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -9552,6 +9552,7 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos) CA_TYPE, NO_VERIFY, NULL) < 0) { WOLFSSL_MSG("\tCertificate parsing failed"); + FreeDecodedCert(&cert); return WOLFSSL_FATAL_ERROR; } From f056601d2643b1e23b57c9423cfc43536d75209e Mon Sep 17 00:00:00 2001 From: Radim Smat Date: Thu, 4 Mar 2021 11:16:40 +0100 Subject: [PATCH 025/137] Fixed CID 587549. --- src/ssl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ssl.c b/src/ssl.c index af3cb613c..0593a3218 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -18298,6 +18298,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl) x509 = wolfSSL_X509_new(); if (x509 == NULL) { WOLFSSL_MSG("Error Creating X509"); + wolfSSL_sk_X509_free(sk); return NULL; } ret = DecodeToX509(x509, ssl->session.chain.certs[i].buffer, From 027f05e34946602f6c07834701026f6f5632ed10 Mon Sep 17 00:00:00 2001 From: Radim Smat Date: Thu, 4 Mar 2021 13:40:45 +0100 Subject: [PATCH 026/137] Fixed CID 583215. --- src/ocsp.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/ocsp.c b/src/ocsp.c index efb86f37c..427c1a34c 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -608,8 +608,10 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id( XMEMCPY(derCert->buffer, issuer->derCert->buffer, issuer->derCert->length); ret = AddCA(cm, &derCert, WOLFSSL_USER_CA, 1); - if (ret != WOLFSSL_SUCCESS) + if (ret != WOLFSSL_SUCCESS) { + wolfSSL_CertManagerFree(cm); return NULL; + } } certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(WOLFSSL_OCSP_CERTID), NULL, From d510c270cd1606236b563701eb2c03ebb3c958f8 Mon Sep 17 00:00:00 2001 From: Radim Smat Date: Fri, 5 Mar 2021 09:44:47 +0100 Subject: [PATCH 027/137] Fixed CID 212170. --- wolfcrypt/src/pkcs12.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c index eb38a2a3f..8e61aa4cc 100644 --- a/wolfcrypt/src/pkcs12.c +++ b/wolfcrypt/src/pkcs12.c @@ -1820,6 +1820,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng, idx += SetObjectId(sizeof(WC_PKCS12_DATA_OID), out + idx); if (idx + sizeof(WC_PKCS12_DATA_OID) > *outSz){ WOLFSSL_MSG("Buffer not large enough for DATA OID"); + XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER); return BUFFER_E; } XMEMCPY(out + idx, WC_PKCS12_DATA_OID, sizeof(WC_PKCS12_DATA_OID)); @@ -1827,6 +1828,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng, /* copy over encrypted data */ if (idx + encSz > *outSz){ + XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER); return BUFFER_E; } XMEMCPY(out + idx, tmp, encSz); From ad70112fd82f9e78ec50d8c218d832773471dc34 Mon Sep 17 00:00:00 2001 From: David Kubasek Date: Fri, 5 Mar 2021 10:35:14 +0100 Subject: [PATCH 028/137] Fixed CID 576268 --- src/ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 0593a3218..95fc7e37b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -48284,7 +48284,7 @@ int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names) #endif } - if (curve > (sizeof(word32) * WOLFSSL_BIT_SIZE)) { + if (curve >= (sizeof(word32) * WOLFSSL_BIT_SIZE)) { /* shift left more than size of ctx->disabledCurves causes static * analysis report */ WOLFSSL_MSG("curve value is too large for upcoming shift"); From d2b26f66d543a34334cc75350b38592d8a4ebbec Mon Sep 17 00:00:00 2001 From: David Kubasek Date: Fri, 5 Mar 2021 10:59:08 +0100 Subject: [PATCH 029/137] Fixed CID 578018 --- src/ssl.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index 95fc7e37b..36acaaac2 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -40280,6 +40280,10 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) WOLFSSL_MSG("Serial size error"); return WOLFSSL_FAILURE; } + if (sizeof(cert->serial) < serialSz) { + WOLFSSL_MSG("Serial buffer too small"); + return BUFFER_E; + } XMEMCPY(cert->serial, serial, serialSz); cert->serialSz = serialSz; #else From 0caed02db765a0d3e30dc4c6a2274835971f5d4b Mon Sep 17 00:00:00 2001 From: Radim Smat Date: Fri, 5 Mar 2021 12:04:30 +0100 Subject: [PATCH 030/137] Fixed CID 576609. --- src/ssl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 36acaaac2..dc97170c1 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -16113,7 +16113,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } if (len < 0) { - len = (int)XSTRLEN((const char*)buf); + /* The length of the string including terminating null. */ + len = (int)XSTRLEN((const char*)buf) + 1; } bio->num = bio->wrSz = len; bio->ptr = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL); From 8539e8c1706782725676d17c3994ce203620f1c8 Mon Sep 17 00:00:00 2001 From: Radim Smat Date: Fri, 5 Mar 2021 12:10:40 +0100 Subject: [PATCH 031/137] Fixed CID 584000. --- src/ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index dc97170c1..a4ef05752 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -47482,7 +47482,7 @@ int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1, XFREE(asn1->data, NULL, DYNAMIC_TYPE_OPENSSL); asn1->isDynamic = 0; } - XMEMSET(asn1->intData, 0, sizeof(WOLFSSL_ASN1_INTEGER)); + XMEMSET(asn1->intData, 0, sizeof(WOLFSSL_ASN1_INTEGER_MAX)); asn1->data = asn1->intData; asn1->length = 0; asn1->negative = 0; From 8588998234d9da01a718d96a9994d2efc904db80 Mon Sep 17 00:00:00 2001 From: Radim Smat Date: Fri, 5 Mar 2021 12:22:59 +0100 Subject: [PATCH 032/137] Fixed CID 586797. --- src/ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index a4ef05752..3b6ad2cba 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -23792,7 +23792,7 @@ int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER* cipher) strLen = (int)XSTRLEN(name); for (i = 0, j = 0, k = 0; i <= strLen; i++) { - if (k > MAX_SEGMENTS || j > MAX_SEGMENT_SZ) + if (k >= MAX_SEGMENTS || j >= MAX_SEGMENT_SZ) break; if (name[i] != '-' && name[i] != '\0') { From f7fbd0fceb0ebcd6f340627f6eb5c5362369f8c9 Mon Sep 17 00:00:00 2001 From: Radim Smat Date: Fri, 5 Mar 2021 13:35:27 +0100 Subject: [PATCH 033/137] Fixed CID 587287. --- src/ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 3b6ad2cba..dcc89357d 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -9096,7 +9096,7 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext, return rc; } if (sk->next) - XSNPRINTF(val, len, "%*s%s, ", indent, "", str->strData); + XSNPRINTF(val, len, "%*s%s,", indent, "", str->strData); else XSNPRINTF(val, len, "%*s%s", indent, "", str->strData); From 9732f6e74b21e760845d03192943a407659bafd4 Mon Sep 17 00:00:00 2001 From: Radim Smat Date: Fri, 5 Mar 2021 14:27:47 +0100 Subject: [PATCH 034/137] Fixed CID 587328. --- src/ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index dcc89357d..2d8804905 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -45580,7 +45580,7 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name, #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) int count = 0, len = 0, totalSz = 0, tmpSz = 0; char tmp[ASN_NAME_MAX+1]; - char fullName[ASN_NAME_MAX]; + char fullName[ASN_NAME_MAX+1]; const char *buf = NULL; WOLFSSL_X509_NAME_ENTRY* ne; WOLFSSL_ASN1_STRING* str; From 97a9938f94878452213cea6da5d9403a27ea80ac Mon Sep 17 00:00:00 2001 From: David Kubasek Date: Fri, 5 Mar 2021 14:43:52 +0100 Subject: [PATCH 035/137] Fixed CID 584275 --- src/ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 36acaaac2..28b39ffcf 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -24696,7 +24696,7 @@ static WOLFSSL_X509* d2i_X509orX509REQ_bio(WOLFSSL_BIO* bio, } size = wolfSSL_BIO_get_len(bio); - if (size == 0) { + if (size <= 0) { WOLFSSL_MSG("wolfSSL_BIO_get_len error. Possibly no pending data."); return NULL; } From d01d32b6ed0cbc52c5436070d27eaa50a025a504 Mon Sep 17 00:00:00 2001 From: David Kubasek Date: Fri, 5 Mar 2021 14:59:18 +0100 Subject: [PATCH 036/137] Fixed the fix of CID 578018 --- src/ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index d1e878e16..33092daf2 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -40281,7 +40281,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) WOLFSSL_MSG("Serial size error"); return WOLFSSL_FAILURE; } - if (sizeof(cert->serial) < serialSz) { + if ((int)sizeof(cert->serial) < serialSz) { WOLFSSL_MSG("Serial buffer too small"); return BUFFER_E; } From e76da394b7d98540519330fe63c14c5e94d142f5 Mon Sep 17 00:00:00 2001 From: Radim Smat Date: Fri, 5 Mar 2021 15:44:00 +0100 Subject: [PATCH 037/137] Fixed CID 587287. --- src/ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 33092daf2..097e71c74 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -9040,7 +9040,7 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext, int nid; const int sz = CTC_NAME_SIZE*2; int rc = WOLFSSL_FAILURE; - char tmp[CTC_NAME_SIZE*2] = {0}; + char tmp[CTC_NAME_SIZE*2 + 1] = {0}; WOLFSSL_ENTER("wolfSSL_X509V3_EXT_print"); if ((out == NULL) || (ext == NULL)) { From af7b1bd25e1a2e3f6642e267c06a21c1f7ed0c83 Mon Sep 17 00:00:00 2001 From: Radim Smat Date: Fri, 5 Mar 2021 17:18:34 +0100 Subject: [PATCH 038/137] Fixed CID 587328. --- src/ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 097e71c74..963bec6e6 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -45580,7 +45580,7 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name, #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) int count = 0, len = 0, totalSz = 0, tmpSz = 0; char tmp[ASN_NAME_MAX+1]; - char fullName[ASN_NAME_MAX+1]; + char fullName[ASN_NAME_MAX+2]; const char *buf = NULL; WOLFSSL_X509_NAME_ENTRY* ne; WOLFSSL_ASN1_STRING* str; From 876cc9239dba6f91a46702a5383e6c30e5dbebc9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Kin=C4=8Dl?= Date: Fri, 5 Mar 2021 23:16:50 +0100 Subject: [PATCH 039/137] Fixed CID 576574. --- wolfcrypt/src/evp.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 8f4471e80..930be71c3 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -2608,7 +2608,11 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) case EVP_PKEY_RSA: { unsigned int sigSz; - int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); + int nid; + const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx); + if (md == NULL) + break; + nid = wolfSSL_EVP_MD_type(md); if (nid < 0) break; ret = wolfSSL_RSA_sign_generic_padding(nid, digest, hashLen, From 7d9661d75ce9446ebd826a615432dde40c7fa724 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Kin=C4=8Dl?= Date: Fri, 5 Mar 2021 23:24:34 +0100 Subject: [PATCH 040/137] Fixed CID 576884. --- wolfcrypt/src/evp.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 930be71c3..dff9bfea8 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -2705,7 +2705,11 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, switch (ctx->pctx->pkey->type) { #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) case EVP_PKEY_RSA: { - int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); + int nid; + const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx); + if (md == NULL) + return WOLFSSL_FAILURE; + nid = wolfSSL_EVP_MD_type(md); if (nid < 0) return WOLFSSL_FAILURE; return wolfSSL_RSA_verify_ex(nid, digest, hashLen, sig, From 5841ee8efb76fba64a32091f63493138b3331c1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Kin=C4=8Dl?= Date: Fri, 5 Mar 2021 23:40:49 +0100 Subject: [PATCH 041/137] Fixed CID 576945. --- src/crl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/crl.c b/src/crl.c index 750ac65fc..506c3b586 100644 --- a/src/crl.c +++ b/src/crl.c @@ -702,7 +702,8 @@ int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newc if (store->cm->crl == NULL) { crl = wolfSSL_X509_crl_new(store->cm); if (DupX509_CRL(crl, newcrl) != 0) { - FreeCRL(crl, 1); + if (crl != NULL) + FreeCRL(crl, 1); return WOLFSSL_FAILURE; } store->crl = store->cm->crl = crl; From c2629d34b5f71bccd34cbefb3c57a3be65ff44ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Kin=C4=8Dl?= Date: Sat, 6 Mar 2021 00:07:37 +0100 Subject: [PATCH 042/137] Fixed CID 577166, 577196. --- wolfcrypt/src/evp.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index dff9bfea8..48d429def 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -2156,7 +2156,10 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret, switch (pkey->type) { #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) case EVP_PKEY_RSA: { - int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); + int nid; + const WOLFSSL_EVP_MD *ctxmd = wolfSSL_EVP_MD_CTX_md(ctx); + if (ctxmd == NULL) break; + nid = wolfSSL_EVP_MD_type(ctxmd); if (nid < 0) break; return wolfSSL_RSA_sign(nid, md, mdsize, sigret, siglen, pkey->rsa); @@ -2232,7 +2235,10 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, switch (pkey->type) { #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) case EVP_PKEY_RSA: { - int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); + int nid; + const WOLFSSL_EVP_MD *ctxmd = wolfSSL_EVP_MD_CTX_md(ctx); + if (ctxmd == NULL) break; + nid = wolfSSL_EVP_MD_type(ctxmd); if (nid < 0) break; return wolfSSL_RSA_verify(nid, md, mdsize, sig, (unsigned int)siglen, pkey->rsa); From db275268a16d1a9d8a4918b4f184cfa46d6a23f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Kin=C4=8Dl?= Date: Sat, 6 Mar 2021 00:40:08 +0100 Subject: [PATCH 043/137] Fixed CID 581667. --- src/ssl.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index 963bec6e6..dd17faa44 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -42335,6 +42335,10 @@ err: const char* name = wolfSSL_OBJ_nid2ln(wolfSSL_OBJ_obj2nid(a)); #endif + if (name == NULL) { + WOLFSSL_MSG("Name not found"); + return WOLFSSL_FAILURE; + } if (XSTRLEN(name) + 1 < (word32)bufLen - 1) { bufSz = (int)XSTRLEN(name); } From 5efd0bf2a437a04f61975aba71925781ba0f7175 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Kin=C4=8Dl?= Date: Sat, 6 Mar 2021 00:58:39 +0100 Subject: [PATCH 044/137] Fixed CID 587445. --- src/ssl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ssl.c b/src/ssl.c index dd17faa44..36ae2502b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -31897,6 +31897,7 @@ int SetDhExternal(WOLFSSL_DH *dh) if (dh == NULL || dh->internal == NULL) { WOLFSSL_MSG("dh key NULL error"); + return WOLFSSL_FATAL_ERROR; } key = (DhKey*)dh->internal; From b271da2954c045a42e36db8677343e1f64e96729 Mon Sep 17 00:00:00 2001 From: Hayden Roche Date: Wed, 3 Mar 2021 13:01:30 -0600 Subject: [PATCH 045/137] Fix for ZD 11808. --- src/internal.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index 79ec90351..3ad22b9d9 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8568,6 +8568,11 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return LENGTH_ERROR; #endif + if (*size == 0 && rh->type != application_data) { + WOLFSSL_MSG("0 length, non-app data record."); + return LENGTH_ERROR; + } + /* verify record type here as well */ switch (rh->type) { case handshake: @@ -15349,7 +15354,7 @@ int ProcessReply(WOLFSSL* ssl) used = ssl->buffers.inputBuffer.length - ssl->buffers.inputBuffer.idx; if (used < ssl->curSize) - if ((ret = GetInputData(ssl, ssl->curSize)) < 0) + if ((ret = GetInputData(ssl, ssl->curSize - used)) < 0) return ret; #endif /* WOLFSSL_DTLS */ } @@ -15377,6 +15382,7 @@ int ProcessReply(WOLFSSL* ssl) ret = GetRecordHeader(ssl, ssl->buffers.inputBuffer.buffer, &ssl->buffers.inputBuffer.idx, &ssl->curRL, &ssl->curSize); + #ifdef WOLFSSL_DTLS if (ssl->options.dtls && ret == SEQUENCE_ERROR) { WOLFSSL_MSG("Silently dropping out of order DTLS message"); @@ -15864,6 +15870,12 @@ int ProcessReply(WOLFSSL* ssl) #endif #ifndef WOLFSSL_NO_TLS12 + if (ssl->buffers.inputBuffer.idx >= + ssl->buffers.inputBuffer.length || + ssl->curSize < 1) { + WOLFSSL_MSG("ChangeCipher msg too short"); + return LENGTH_ERROR; + } if (ssl->buffers.inputBuffer.buffer[ ssl->buffers.inputBuffer.idx] != 1) { WOLFSSL_MSG("ChangeCipher msg wrong value"); From 9e68d0d1a8900215a004ee6ef4ee650ce3047b6b Mon Sep 17 00:00:00 2001 From: Stanislav Klima Date: Tue, 9 Mar 2021 12:30:39 +0100 Subject: [PATCH 046/137] Fixed CID 586938 --- src/internal.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/internal.c b/src/internal.c index e48085de1..639cd1c1a 100644 --- a/src/internal.c +++ b/src/internal.c @@ -9798,9 +9798,13 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) } else { wolfSSL_ASN1_OBJECT_free(x509->key.algor->algorithm); } - if (!(x509->key.algor->algorithm = - wolfSSL_OBJ_nid2obj(dCert->keyOID))) { - ret = PUBLIC_KEY_E; + if (!x509->key.algor) { + ret = MEMORY_E; + } else { + if (!(x509->key.algor->algorithm = + wolfSSL_OBJ_nid2obj(dCert->keyOID))) { + ret = PUBLIC_KEY_E; + } } wolfSSL_EVP_PKEY_free(x509->key.pkey); From dc1f11666d4d7f7c821623649d8c23f85a8ace54 Mon Sep 17 00:00:00 2001 From: Stanislav Klima Date: Tue, 9 Mar 2021 14:49:30 +0100 Subject: [PATCH 047/137] Fixed CID 588443 --- src/ssl.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 36ae2502b..7a33e4977 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -20276,8 +20276,11 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline) } sectionName[sectionNameLen] = '\0'; - if (!(section = wolfSSL_CONF_get_section(conf, sectionName))) + if (!(section = wolfSSL_CONF_get_section(conf, sectionName))) { section = wolfSSL_CONF_new_section(conf, sectionName); + if (!section) + goto cleanup; + } } else { char* name; From 9f9bf7345ba374b9fa559d8c0c4e3b7104f7ef52 Mon Sep 17 00:00:00 2001 From: Stanislav Klima Date: Tue, 9 Mar 2021 15:12:31 +0100 Subject: [PATCH 048/137] Fixed CID 13482 --- src/internal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index 639cd1c1a..88100e4a0 100644 --- a/src/internal.c +++ b/src/internal.c @@ -21495,7 +21495,7 @@ exit_dpk: ato16(input + *inOutIdx, &len); *inOutIdx += OPAQUE16_LEN; - if ((*inOutIdx - begin) + len > size) + if ((len > size) || ((*inOutIdx - begin) + len > size)) return BUFFER_ERROR; if (PickHashSigAlgo(ssl, input + *inOutIdx, len) != 0 && From 16d55b0b862544dc0e03bab780707cf2c470d089 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Wed, 10 Mar 2021 16:33:17 -0700 Subject: [PATCH 049/137] _WIN32_WCE port of wolfCrypt - OE12 Add user_settings.h for OE12 Restrict LPCWSTR typecast to be WINCE specific --- IDE/WINCE/include.am | 5 + IDE/WINCE/user_settings.h | 340 ++++++++++++++++++++++++++++++++ IDE/include.am | 1 + wolfcrypt/benchmark/benchmark.c | 11 +- wolfcrypt/src/wc_port.c | 4 + wolfcrypt/test/test.c | 7 +- wolfssl/wolfcrypt/sp.h | 12 +- wolfssl/wolfcrypt/types.h | 4 + wolfssl/wolfcrypt/visibility.h | 6 +- wolfssl/wolfcrypt/wc_port.h | 37 ++++ 10 files changed, 415 insertions(+), 12 deletions(-) create mode 100644 IDE/WINCE/include.am create mode 100644 IDE/WINCE/user_settings.h diff --git a/IDE/WINCE/include.am b/IDE/WINCE/include.am new file mode 100644 index 000000000..052fdce8a --- /dev/null +++ b/IDE/WINCE/include.am @@ -0,0 +1,5 @@ +# vim:ft=automake +# included from Top Level Makefile.am +# All paths should be given relative to the root + +EXTRA_DIST+= IDE/WINCE/user_settings.h diff --git a/IDE/WINCE/user_settings.h b/IDE/WINCE/user_settings.h new file mode 100644 index 000000000..00bca2fc2 --- /dev/null +++ b/IDE/WINCE/user_settings.h @@ -0,0 +1,340 @@ +#ifndef _WIN_USER_SETTINGS_H_ +#define _WIN_USER_SETTINGS_H_ + +/* For FIPS Ready, uncomment the following: */ +/* #define WOLFSSL_FIPS_READY */ +#ifdef WOLFSSL_FIPS_READY + #undef HAVE_FIPS_VERSION + #define HAVE_FIPS_VERSION 3 +#endif + + +/* Verify this is Windows */ +#ifndef _WIN32 +#error This user_settings.h header is only designed for Windows +#endif + +/* Configurations */ +#define WOLFCRYPT_ONLY + +#undef USE_FAST_MATH +#if 1 + #define USE_FAST_MATH + + #undef TFM_TIMING_RESISTANT + #define TFM_TIMING_RESISTANT + + /* Optimizations */ + //#define TFM_ARM +#endif + +/* Wolf Single Precision Math */ +#undef WOLFSSL_SP +#if 0 + #define WOLFSSL_SP + //#define WOLFSSL_SP_SMALL /* use smaller version of code */ + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_HAVE_SP_DH + #define WOLFSSL_HAVE_SP_ECC + //#define WOLFSSL_SP_CACHE_RESISTANT + //#define WOLFSSL_SP_MATH /* only SP math - eliminates fast math code */ + + /* SP Assembly Speedups */ + //#define WOLFSSL_SP_ASM /* required if using the ASM versions */ + //#define WOLFSSL_SP_ARM32_ASM + //#define WOLFSSL_SP_ARM64_ASM + //#define WOLFSSL_SP_ARM_THUMB_ASM + //#define WOLFSSL_SP_ARM_CORTEX_M_ASM +#endif + +/* ------------------------------------------------------------------------- */ +/* FIPS - Requires eval or license from wolfSSL */ +/* ------------------------------------------------------------------------- */ +#undef HAVE_FIPS +#if 1 + #define HAVE_FIPS + + #undef HAVE_FIPS_VERSION + #define HAVE_FIPS_VERSION 2 + + #ifdef SINGLE_THREADED + #undef NO_THREAD_LS + #define NO_THREAD_LS + #else + #ifndef USE_WINDOWS_API + #define USE_WINDOWS_API + #endif + #endif + + #undef NO_ATTRIBUTE_CONSTRUCTOR + //#define NO_ATTRIBUTE_CONSTRUCTOR + +#endif + + +/* FIPS */ +//#define OPENSSL_EXTRA +//#define HAVE_THREAD_LS +#define WOLFSSL_KEY_GEN +#define HAVE_AESGCM +#define HAVE_HASHDRBG +#define WOLFSSL_SHA384 +#define WOLFSSL_SHA512 +#define NO_PSK +#define NO_HC128 +#define NO_RC4 +#define NO_RABBIT +//#define NO_DSA +#define NO_MD4 + +#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) + #define WOLFSSL_SHA224 + #define WOLFSSL_SHA3 + /* ------------------------------------------------------------------------- */ + /* Crypto */ + /* ------------------------------------------------------------------------- */ + #define USE_CERT_BUFFERS_2048 + #define USE_CERT_BUFFERS_256 + /* RSA */ + #undef NO_RSA + #if 1 + #ifdef USE_FAST_MATH + /* Maximum math bits (Max RSA key bits * 2) */ + #undef FP_MAX_BITS + #define FP_MAX_BITS 8192 + #endif + + /* half as much memory but twice as slow */ + #undef RSA_LOW_MEM + //#define RSA_LOW_MEM + + /* Enables blinding mode, to prevent timing attacks */ + #if 0 + #undef WC_RSA_BLINDING + #define WC_RSA_BLINDING + #else + #undef WC_NO_HARDEN + #define WC_NO_HARDEN + #endif + + /* RSA PSS Support */ + #if 1 + #define WC_RSA_PSS + #endif + + #if 1 + #define WC_RSA_NO_PADDING + #endif + #else + #define NO_RSA + #endif + /* ECC */ + #undef HAVE_ECC + #if 1 + #define HAVE_ECC + + /* Manually define enabled curves */ + #undef ECC_USER_CURVES + //#define ECC_USER_CURVES + + #ifdef ECC_USER_CURVES + /* Manual Curve Selection */ + //#define HAVE_ECC192 + //#define HAVE_ECC224 + #undef NO_ECC256 + //#define HAVE_ECC384 + //#define HAVE_ECC521 + #endif + + /* Fixed point cache (speeds repeated operations against same private key) */ + #undef FP_ECC + //#define FP_ECC + #ifdef FP_ECC + /* Bits / Entries */ + #undef FP_ENTRIES + #define FP_ENTRIES 2 + #undef FP_LUT + #define FP_LUT 4 + #endif + + /* Optional ECC calculation method */ + /* Note: doubles heap usage, but slightly faster */ + #undef ECC_SHAMIR + #define ECC_SHAMIR + + /* Reduces heap usage, but slower */ + #undef ECC_TIMING_RESISTANT + #define ECC_TIMING_RESISTANT + + #ifdef HAVE_FIPS + #undef HAVE_ECC_CDH + #define HAVE_ECC_CDH /* Enable cofactor support */ + + #undef NO_STRICT_ECDSA_LEN + #define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */ + + #undef WOLFSSL_VALIDATE_ECC_IMPORT + #define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */ + #endif + + /* Compressed Key Support */ + #undef HAVE_COMP_KEY + //#define HAVE_COMP_KEY + + /* Use alternate ECC size for ECC math */ + #ifdef USE_FAST_MATH + /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */ + #ifdef NO_RSA + /* Custom fastmath size if not using RSA */ + #undef FP_MAX_BITS + #define FP_MAX_BITS (256 * 2) + #else + #undef ALT_ECC_SIZE + #define ALT_ECC_SIZE + /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */ + //#undef FP_MAX_BITS_ECC + //#define FP_MAX_BITS_ECC (256 * 2) + #endif + + /* Speedups specific to curve */ + #ifndef NO_ECC256 + #undef TFM_ECC256 + #define TFM_ECC256 + #endif + #endif + #endif + + /* AES */ + #undef NO_AES + #if 1 + #undef HAVE_AES_CBC + #define HAVE_AES_CBC + + #undef HAVE_AESGCM + #define HAVE_AESGCM + + /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */ + //#define GCM_SMALL + //#define GCM_WORD32 + #define GCM_TABLE + + #undef WOLFSSL_AES_DIRECT + #define WOLFSSL_AES_DIRECT + + #undef HAVE_AES_ECB + #define HAVE_AES_ECB + + #undef WOLFSSL_AES_COUNTER + #define WOLFSSL_AES_COUNTER + + #undef HAVE_AESCCM + #define HAVE_AESCCM + + #else + #define NO_AES + #endif + + + /* DES3 */ + #undef NO_DES3 + #if 1 + #else + #define NO_DES3 + #endif + + /* ------------------------------------------------------------------------- */ + /* Hashing */ + /* ------------------------------------------------------------------------- */ + /* Sha */ + #undef NO_SHA + #if 1 + /* 1k smaller, but 25% slower */ + //#define USE_SLOW_SHA + #else + #define NO_SHA + #endif + + /* Sha256 */ + #undef NO_SHA256 + #if 1 + /* not unrolled - ~2k smaller and ~25% slower */ + //#define USE_SLOW_SHA256 + + /* Sha224 */ + #if 1 + #define WOLFSSL_SHA224 + #endif + #else + #define NO_SHA256 + #endif + + /* Sha512 */ + #undef WOLFSSL_SHA512 + #if 1 + #define WOLFSSL_SHA512 + + /* Sha384 */ + #undef WOLFSSL_SHA384 + #if 1 + #define WOLFSSL_SHA384 + #endif + + /* over twice as small, but 50% slower */ + //#define USE_SLOW_SHA512 + #endif + + /* Sha3 */ + #undef WOLFSSL_SHA3 + #if 1 + #define WOLFSSL_SHA3 + #endif + + /* MD5 */ + #undef NO_MD5 + #if 1 + + #else + #define NO_MD5 + #endif + + /* HKDF */ + #undef HAVE_HKDF + #if 1 + #define HAVE_HKDF + #endif + + /* CMAC */ + #undef WOLFSSL_CMAC + #if 1 + #define WOLFSSL_CMAC + #endif + + /* DH */ + #undef NO_DH + #if 1 + /* Use table for DH instead of -lm (math) lib dependency */ + #if 0 + #define WOLFSSL_DH_CONST + #define HAVE_FFDHE_2048 + #define HAVE_FFDHE_4096 + //#define HAVE_FFDHE_6144 + //#define HAVE_FFDHE_8192 + #endif + + #ifdef HAVE_FIPS + #define WOLFSSL_VALIDATE_FFC_IMPORT + #define HAVE_FFDHE_Q + #endif + #else + #define NO_DH + #endif + //#define WOLFSSL_AESNI + //#define HAVE_INTEL_RDSEED + //#define FORCE_FAILURE_RDSEED + //#define HAVE_FORCE_FIPS_FAILURE +#endif /* FIPS v2 */ + +//#define DEBUG_WOLFSSL +#define NO_MAIN_DRIVER +//#define CAVP_VECTOR_TESTING +#endif /* _WIN_USER_SETTINGS_H_ */ diff --git a/IDE/include.am b/IDE/include.am index e45a90820..c11e6e3a8 100644 --- a/IDE/include.am +++ b/IDE/include.am @@ -37,6 +37,7 @@ include IDE/RISCV/include.am include IDE/XilinxSDK/include.am include IDE/VisualDSP/include.am include IDE/QNX/include.am +include IDE/WINCE/include.am EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR IDE/Espressif IDE/zephyr EXTRA_DIST+= IDE/OPENSTM32/README.md diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 3689e7726..e6cd032d0 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -4573,18 +4573,21 @@ static void bench_rsa_helper(int doAsync, RsaKey rsaKey[BENCH_MAX_PENDING], #ifndef WOLFSSL_RSA_VERIFY_ONLY DECLARE_VAR(message, byte, TEST_STRING_SZ, HEAP_HINT); #endif - #if !defined(WOLFSSL_MDK5_COMPLv5) + #if !defined(WOLFSSL_MDK5_COMPLv5) && !defined(_WIN32_WCE) /* MDK5 compiler regard this as a executable statement, and does not allow declarations after the line. */ DECLARE_ARRAY_DYNAMIC_DEC(enc, byte, BENCH_MAX_PENDING, rsaKeySz, HEAP_HINT); #else + int idxenc; + int inner_idx_enc; byte* enc[BENCH_MAX_PENDING]; #endif #if !defined(WOLFSSL_RSA_VERIFY_INLINE) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) - #if !defined(WOLFSSL_MDK5_COMPLv5) + #if !defined(WOLFSSL_MDK5_COMPLv5) && !defined(_WIN32_WCE) /* MDK5 compiler regard this as a executable statement, and does not allow declarations after the line. */ DECLARE_ARRAY_DYNAMIC_DEC(out, byte, BENCH_MAX_PENDING, rsaKeySz, HEAP_HINT); #else - int idxout; + int idxout; + int inner_idx_out; byte* out[BENCH_MAX_PENDING]; #endif #else @@ -6383,7 +6386,7 @@ static int string_matches(const char* arg, const char* str) } #endif /* MAIN_NO_ARGS */ -#ifdef WOLFSSL_ESPIDF +#if defined(WOLFSSL_ESPIDF) || defined(_WIN32_WCE) int wolf_benchmark_task( ) #elif defined(MAIN_NO_ARGS) int main() diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index bf02950ca..0d2c85736 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -441,7 +441,11 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name) XSTRNCPY(ctx->name, path, MAX_FILENAME_SZ - 3); XSTRNCPY(ctx->name + pathLen, "\\*", MAX_FILENAME_SZ - pathLen); + #ifdef _WIN32_WCE + ctx->hFind = FindFirstFileA((LPCWSTR) ctx->name, &ctx->FindFileData); + #else ctx->hFind = FindFirstFileA(ctx->name, &ctx->FindFileData); + #endif if (ctx->hFind == INVALID_HANDLE_VALUE) { WOLFSSL_MSG("FindFirstFile for path verify locations failed"); return BAD_PATH_ERROR; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 44359cbc3..3e9e90050 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -19,7 +19,6 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - #ifdef HAVE_CONFIG_H #include #endif @@ -11725,6 +11724,9 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out) #elif defined(WOLFSSL_uTKERNEL2) #define CERT_PREFIX "/uda/" #define CERT_PATH_SEP "/" +#elif defined(_WIN32_WCE) + #define CERT_PREFIX "\\windows\\" + #define CERT_PATH_SEP "\\" #endif #ifndef CERT_PREFIX @@ -13566,8 +13568,7 @@ WOLFSSL_TEST_SUBROUTINE int rsa_no_pad_test(void) #elif !defined(NO_FILESYSTEM) file = XFOPEN(clientKey, "rb"); if (!file) { - err_sys("can't open ./certs/client-key.der, " - "Please run from wolfSSL home dir", -40); + err_sys("can't open clientKey, Please run from wolfSSL home dir", -40); ERROR_OUT(-7801, exit_rsa_nopadding); } diff --git a/wolfssl/wolfcrypt/sp.h b/wolfssl/wolfcrypt/sp.h index f26486b47..2fda7e796 100644 --- a/wolfssl/wolfcrypt/sp.h +++ b/wolfssl/wolfcrypt/sp.h @@ -27,9 +27,15 @@ #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \ defined(WOLFSSL_HAVE_SP_ECC) - -#ifndef WOLFSSL_LINUXKM -#include +#ifdef _WIN32_WCE + typedef __int8 int8_t; + typedef __int32 int32_t; + typedef __int64 int64_t; + typedef unsigned __int8 uint8_t; + typedef unsigned __int32 uint32_t; + typedef unsigned __int64 uint64_t; +#elif !defined(WOLFSSL_LINUXKM) + #include #endif #include diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 7062e79cf..78646281c 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -597,7 +597,11 @@ decouple library dependencies with standard string, memory and so on. if ((int)bufsize <= 0) return -1; va_start(ap, format); + #ifndef _WIN32_WCE ret = vsnprintf(buffer, bufsize, format, ap); + #else + ret = _vsnprintf(buffer, bufsize, format, ap); + #endif if (ret >= (int)bufsize) ret = -1; va_end(ap); diff --git a/wolfssl/wolfcrypt/visibility.h b/wolfssl/wolfcrypt/visibility.h index 8ed57fb95..8d6bc804a 100644 --- a/wolfssl/wolfcrypt/visibility.h +++ b/wolfssl/wolfcrypt/visibility.h @@ -43,7 +43,8 @@ */ #if defined(BUILDING_WOLFSSL) - #if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) + #if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \ + defined(_WIN32_WCE) #if defined(WOLFSSL_DLL) #define WOLFSSL_API __declspec(dllexport) #else @@ -61,7 +62,8 @@ #define WOLFSSL_LOCAL #endif /* HAVE_VISIBILITY */ #else /* BUILDING_WOLFSSL */ - #if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) + #if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \ + defined(_WIN32_WCE) #if defined(WOLFSSL_DLL) #define WOLFSSL_API __declspec(dllimport) #else diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 7e09ae386..18d4ce85a 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -616,6 +616,21 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define XSEEK_END 0 #define XBADFILE NULL #define XFGETS(b,s,f) f_gets((b), (s), (f)) +#elif defined (_WIN32_WCE) + /* stdio, WINCE case */ + #include + #define XFILE FILE* + #define XFOPEN fopen + #define XFDOPEN fdopen + #define XFSEEK fseek + #define XFTELL ftell + #define XREWIND(F) XFSEEK(F, 0, SEEK_SET) + #define XFREAD fread + #define XFWRITE fwrite + #define XFCLOSE fclose + #define XSEEK_END SEEK_END + #define XBADFILE NULL + #define XFGETS fgets #elif defined(FUSION_RTOS) #include @@ -863,9 +878,31 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #elif defined(_WIN32_WCE) #include + #include /* For file system */ + + time_t windows_time(time_t* timer); + + #define FindNextFileA(h, d) FindNextFile(h, (LPWIN32_FIND_DATAW) d) + #define FindFirstFileA(fn, d) FindFirstFile(fn, (LPWIN32_FIND_DATAW) d) #define XTIME(t1) windows_time((t1)) #define WOLFSSL_GMTIME + /* if struct tm is not defined in WINCE SDK */ + #ifndef _TM_DEFINED + struct tm { + int tm_sec; /* seconds */ + int tm_min; /* minutes */ + int tm_hour; /* hours */ + int tm_mday; /* day of month (month specific) */ + int tm_mon; /* month */ + int tm_year; /* year */ + int tm_wday; /* day of week (out of 1-7)*/ + int tm_yday; /* day of year (out of 365) */ + int tm_isdst; /* is it daylight savings */ + }; + #define _TM_DEFINED + #endif + #elif defined(WOLFSSL_APACHE_MYNEWT) #include "os/os_time.h" #define XTIME(t1) mynewt_time((t1)) From 1d5d946273067c3cc3b015dd4df823e2b11bdd59 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Thu, 11 Mar 2021 06:39:39 -0700 Subject: [PATCH 050/137] Cleanup user_settings.h --- IDE/WINCE/user_settings.h | 405 +++++++++++++++++++------------------- 1 file changed, 199 insertions(+), 206 deletions(-) diff --git a/IDE/WINCE/user_settings.h b/IDE/WINCE/user_settings.h index 00bca2fc2..604aba93e 100644 --- a/IDE/WINCE/user_settings.h +++ b/IDE/WINCE/user_settings.h @@ -61,9 +61,9 @@ #undef NO_THREAD_LS #define NO_THREAD_LS #else - #ifndef USE_WINDOWS_API - #define USE_WINDOWS_API - #endif + #ifndef USE_WINDOWS_API + #define USE_WINDOWS_API + #endif #endif #undef NO_ATTRIBUTE_CONSTRUCTOR @@ -88,253 +88,246 @@ #define NO_MD4 #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) - #define WOLFSSL_SHA224 - #define WOLFSSL_SHA3 - /* ------------------------------------------------------------------------- */ - /* Crypto */ - /* ------------------------------------------------------------------------- */ + /* ------------------------------------------------------------------------- */ + /* Crypto */ + /* ------------------------------------------------------------------------- */ #define USE_CERT_BUFFERS_2048 #define USE_CERT_BUFFERS_256 - /* RSA */ - #undef NO_RSA - #if 1 - #ifdef USE_FAST_MATH - /* Maximum math bits (Max RSA key bits * 2) */ - #undef FP_MAX_BITS - #define FP_MAX_BITS 8192 - #endif + /* RSA */ + #undef NO_RSA + #if 1 + #ifdef USE_FAST_MATH + /* Maximum math bits (Max RSA key bits * 2) */ + #undef FP_MAX_BITS + #define FP_MAX_BITS 8192 + #endif - /* half as much memory but twice as slow */ - #undef RSA_LOW_MEM - //#define RSA_LOW_MEM + /* half as much memory but twice as slow */ + #undef RSA_LOW_MEM + //#define RSA_LOW_MEM - /* Enables blinding mode, to prevent timing attacks */ - #if 0 - #undef WC_RSA_BLINDING - #define WC_RSA_BLINDING - #else - #undef WC_NO_HARDEN - #define WC_NO_HARDEN - #endif + /* Enables blinding mode, to prevent timing attacks */ + #if 0 + #undef WC_RSA_BLINDING + #define WC_RSA_BLINDING + #else + #undef WC_NO_HARDEN + #define WC_NO_HARDEN + #endif - /* RSA PSS Support */ - #if 1 - #define WC_RSA_PSS - #endif + /* RSA PSS Support */ + #if 1 + #define WC_RSA_PSS + #endif - #if 1 - #define WC_RSA_NO_PADDING - #endif - #else - #define NO_RSA - #endif - /* ECC */ - #undef HAVE_ECC - #if 1 - #define HAVE_ECC + #if 1 + #define WC_RSA_NO_PADDING + #endif + #else + #define NO_RSA + #endif + /* ECC */ + #undef HAVE_ECC + #if 1 + #define HAVE_ECC - /* Manually define enabled curves */ - #undef ECC_USER_CURVES - //#define ECC_USER_CURVES + /* Manually define enabled curves */ + #undef ECC_USER_CURVES + //#define ECC_USER_CURVES - #ifdef ECC_USER_CURVES - /* Manual Curve Selection */ - //#define HAVE_ECC192 - //#define HAVE_ECC224 - #undef NO_ECC256 - //#define HAVE_ECC384 - //#define HAVE_ECC521 - #endif + #ifdef ECC_USER_CURVES + /* Manual Curve Selection */ + //#define HAVE_ECC192 + //#define HAVE_ECC224 + #undef NO_ECC256 + //#define HAVE_ECC384 + //#define HAVE_ECC521 + #endif - /* Fixed point cache (speeds repeated operations against same private key) */ - #undef FP_ECC - //#define FP_ECC - #ifdef FP_ECC - /* Bits / Entries */ - #undef FP_ENTRIES - #define FP_ENTRIES 2 - #undef FP_LUT - #define FP_LUT 4 - #endif + /* Fixed point cache (speeds repeated operations against same private key) */ + #undef FP_ECC + //#define FP_ECC + #ifdef FP_ECC + /* Bits / Entries */ + #undef FP_ENTRIES + #define FP_ENTRIES 2 + #undef FP_LUT + #define FP_LUT 4 + #endif - /* Optional ECC calculation method */ - /* Note: doubles heap usage, but slightly faster */ - #undef ECC_SHAMIR - #define ECC_SHAMIR + /* Optional ECC calculation method */ + /* Note: doubles heap usage, but slightly faster */ + #undef ECC_SHAMIR + #define ECC_SHAMIR - /* Reduces heap usage, but slower */ - #undef ECC_TIMING_RESISTANT - #define ECC_TIMING_RESISTANT + /* Reduces heap usage, but slower */ + #undef ECC_TIMING_RESISTANT + #define ECC_TIMING_RESISTANT - #ifdef HAVE_FIPS - #undef HAVE_ECC_CDH - #define HAVE_ECC_CDH /* Enable cofactor support */ + #ifdef HAVE_FIPS + #undef HAVE_ECC_CDH + #define HAVE_ECC_CDH /* Enable cofactor support */ - #undef NO_STRICT_ECDSA_LEN - #define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */ + #undef NO_STRICT_ECDSA_LEN + #define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */ - #undef WOLFSSL_VALIDATE_ECC_IMPORT - #define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */ - #endif + #undef WOLFSSL_VALIDATE_ECC_IMPORT + #define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */ + #endif - /* Compressed Key Support */ - #undef HAVE_COMP_KEY - //#define HAVE_COMP_KEY + /* Compressed Key Support */ + #undef HAVE_COMP_KEY + //#define HAVE_COMP_KEY - /* Use alternate ECC size for ECC math */ - #ifdef USE_FAST_MATH - /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */ - #ifdef NO_RSA - /* Custom fastmath size if not using RSA */ - #undef FP_MAX_BITS - #define FP_MAX_BITS (256 * 2) - #else - #undef ALT_ECC_SIZE - #define ALT_ECC_SIZE - /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */ - //#undef FP_MAX_BITS_ECC - //#define FP_MAX_BITS_ECC (256 * 2) - #endif + /* Use alternate ECC size for ECC math */ + #ifdef USE_FAST_MATH + /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */ + #ifdef NO_RSA + /* Custom fastmath size if not using RSA */ + #undef FP_MAX_BITS + #define FP_MAX_BITS (256 * 2) + #else + #undef ALT_ECC_SIZE + #define ALT_ECC_SIZE + /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */ + //#undef FP_MAX_BITS_ECC + //#define FP_MAX_BITS_ECC (256 * 2) + #endif - /* Speedups specific to curve */ - #ifndef NO_ECC256 - #undef TFM_ECC256 - #define TFM_ECC256 - #endif - #endif - #endif + /* Speedups specific to curve */ + #ifndef NO_ECC256 + #undef TFM_ECC256 + #define TFM_ECC256 + #endif + #endif + #endif - /* AES */ - #undef NO_AES - #if 1 - #undef HAVE_AES_CBC - #define HAVE_AES_CBC + /* AES */ + #undef NO_AES + #if 1 + #undef HAVE_AES_CBC + #define HAVE_AES_CBC - #undef HAVE_AESGCM - #define HAVE_AESGCM + #undef HAVE_AESGCM + #define HAVE_AESGCM - /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */ - //#define GCM_SMALL + /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */ + //#define GCM_SMALL //#define GCM_WORD32 #define GCM_TABLE - #undef WOLFSSL_AES_DIRECT - #define WOLFSSL_AES_DIRECT + #undef WOLFSSL_AES_DIRECT + #define WOLFSSL_AES_DIRECT - #undef HAVE_AES_ECB - #define HAVE_AES_ECB + #undef HAVE_AES_ECB + #define HAVE_AES_ECB - #undef WOLFSSL_AES_COUNTER - #define WOLFSSL_AES_COUNTER + #undef WOLFSSL_AES_COUNTER + #define WOLFSSL_AES_COUNTER - #undef HAVE_AESCCM - #define HAVE_AESCCM + #undef HAVE_AESCCM + #define HAVE_AESCCM - #else - #define NO_AES - #endif + #else + #define NO_AES + #endif - /* DES3 */ - #undef NO_DES3 - #if 1 - #else - #define NO_DES3 - #endif + /* DES3 */ + #undef NO_DES3 + #if 1 + #else + #define NO_DES3 + #endif - /* ------------------------------------------------------------------------- */ - /* Hashing */ - /* ------------------------------------------------------------------------- */ - /* Sha */ - #undef NO_SHA - #if 1 - /* 1k smaller, but 25% slower */ - //#define USE_SLOW_SHA - #else - #define NO_SHA - #endif + /* ------------------------------------------------------------------------- */ + /* Hashing */ + /* ------------------------------------------------------------------------- */ + /* Sha */ + #undef NO_SHA + #if 1 + /* 1k smaller, but 25% slower */ + //#define USE_SLOW_SHA + #else + #define NO_SHA + #endif - /* Sha256 */ - #undef NO_SHA256 - #if 1 - /* not unrolled - ~2k smaller and ~25% slower */ - //#define USE_SLOW_SHA256 + /* Sha256 */ + #undef NO_SHA256 + #if 1 + /* not unrolled - ~2k smaller and ~25% slower */ + //#define USE_SLOW_SHA256 - /* Sha224 */ - #if 1 - #define WOLFSSL_SHA224 - #endif - #else - #define NO_SHA256 - #endif + /* Sha224 */ + #if 1 + #define WOLFSSL_SHA224 + #endif + #else + #define NO_SHA256 + #endif - /* Sha512 */ - #undef WOLFSSL_SHA512 - #if 1 - #define WOLFSSL_SHA512 + /* Sha512 */ + #undef WOLFSSL_SHA512 + #if 1 + #define WOLFSSL_SHA512 - /* Sha384 */ - #undef WOLFSSL_SHA384 - #if 1 - #define WOLFSSL_SHA384 - #endif + /* Sha384 */ + #undef WOLFSSL_SHA384 + #if 1 + #define WOLFSSL_SHA384 + #endif - /* over twice as small, but 50% slower */ - //#define USE_SLOW_SHA512 - #endif + /* over twice as small, but 50% slower */ + //#define USE_SLOW_SHA512 + #endif - /* Sha3 */ - #undef WOLFSSL_SHA3 - #if 1 - #define WOLFSSL_SHA3 - #endif + /* Sha3 */ + #undef WOLFSSL_SHA3 + #if 1 + #define WOLFSSL_SHA3 + #endif - /* MD5 */ - #undef NO_MD5 - #if 1 + /* MD5 */ + #undef NO_MD5 + #if 1 - #else - #define NO_MD5 - #endif + #else + #define NO_MD5 + #endif - /* HKDF */ - #undef HAVE_HKDF - #if 1 - #define HAVE_HKDF - #endif + /* HKDF */ + #undef HAVE_HKDF + #if 1 + #define HAVE_HKDF + #endif - /* CMAC */ - #undef WOLFSSL_CMAC - #if 1 - #define WOLFSSL_CMAC - #endif + /* CMAC */ + #undef WOLFSSL_CMAC + #if 1 + #define WOLFSSL_CMAC + #endif - /* DH */ - #undef NO_DH - #if 1 - /* Use table for DH instead of -lm (math) lib dependency */ - #if 0 - #define WOLFSSL_DH_CONST - #define HAVE_FFDHE_2048 - #define HAVE_FFDHE_4096 - //#define HAVE_FFDHE_6144 - //#define HAVE_FFDHE_8192 - #endif + /* DH */ + #undef NO_DH + #if 1 + /* Use table for DH instead of -lm (math) lib dependency */ + #if 0 + #define WOLFSSL_DH_CONST + #define HAVE_FFDHE_2048 + #define HAVE_FFDHE_4096 + //#define HAVE_FFDHE_6144 + //#define HAVE_FFDHE_8192 + #endif - #ifdef HAVE_FIPS - #define WOLFSSL_VALIDATE_FFC_IMPORT - #define HAVE_FFDHE_Q - #endif - #else - #define NO_DH - #endif - //#define WOLFSSL_AESNI - //#define HAVE_INTEL_RDSEED - //#define FORCE_FAILURE_RDSEED - //#define HAVE_FORCE_FIPS_FAILURE + #ifdef HAVE_FIPS + #define WOLFSSL_VALIDATE_FFC_IMPORT + #define HAVE_FFDHE_Q + #endif + #else + #define NO_DH + #endif #endif /* FIPS v2 */ //#define DEBUG_WOLFSSL #define NO_MAIN_DRIVER -//#define CAVP_VECTOR_TESTING #endif /* _WIN_USER_SETTINGS_H_ */ From 697d34c80d6ade42d1fef71b67b18c46a3ef0e88 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 12 Mar 2021 11:49:25 -0800 Subject: [PATCH 051/137] Fix for for crypto callback `devCtx` on symmetric algorithms (missing for SHA1 and CMAC). Fix for HMAC to use devId for hashing. Fixes for CMAC crypto callbacks and testing. --- wolfcrypt/src/cmac.c | 6 ++++-- wolfcrypt/src/hmac.c | 26 +++++++++++++++----------- wolfcrypt/src/sha.c | 1 + wolfcrypt/src/sha256.c | 1 + wolfcrypt/test/test.c | 7 ++++++- wolfssl/wolfcrypt/cmac.h | 5 ++++- 6 files changed, 31 insertions(+), 15 deletions(-) diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c index 20b4e61bb..822a4fdb5 100644 --- a/wolfcrypt/src/cmac.c +++ b/wolfcrypt/src/cmac.c @@ -95,16 +95,18 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz, XMEMSET(cmac, 0, sizeof(Cmac)); - #ifdef WOLF_CRYPTO_CB +#ifdef WOLF_CRYPTO_CB if (devId != INVALID_DEVID) { cmac->devId = devId; + cmac->devCtx = NULL; + ret = wc_CryptoCb_Cmac(cmac, key, keySz, NULL, 0, NULL, NULL, type, unused); if (ret != CRYPTOCB_UNAVAILABLE) return ret; /* fall-through when unavailable */ } - #endif +#endif if (key == NULL) return BAD_FUNC_ARG; diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index f0e62c76e..d5f3d52a7 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -200,62 +200,66 @@ int wc_HmacSizeByType(int type) int _InitHmac(Hmac* hmac, int type, void* heap) { int ret = 0; - +#ifdef WOLF_CRYPTO_CB + int devId = hmac->devId; +#else + int devId = INVALID_DEVID; +#endif switch (type) { #ifndef NO_MD5 case WC_MD5: - ret = wc_InitMd5(&hmac->hash.md5); + ret = wc_InitMd5_ex(&hmac->hash.md5, heap, devId); break; #endif /* !NO_MD5 */ #ifndef NO_SHA case WC_SHA: - ret = wc_InitSha(&hmac->hash.sha); + ret = wc_InitSha_ex(&hmac->hash.sha, heap, devId); break; #endif /* !NO_SHA */ #ifdef WOLFSSL_SHA224 case WC_SHA224: - ret = wc_InitSha224(&hmac->hash.sha224); + ret = wc_InitSha224_ex(&hmac->hash.sha224, heap, devId); break; #endif /* WOLFSSL_SHA224 */ #ifndef NO_SHA256 case WC_SHA256: - ret = wc_InitSha256(&hmac->hash.sha256); + ret = wc_InitSha256_ex(&hmac->hash.sha256, heap, devId); break; #endif /* !NO_SHA256 */ #ifdef WOLFSSL_SHA384 case WC_SHA384: - ret = wc_InitSha384(&hmac->hash.sha384); + ret = wc_InitSha384_ex(&hmac->hash.sha384, heap, devId); break; #endif /* WOLFSSL_SHA384 */ #ifdef WOLFSSL_SHA512 case WC_SHA512: - ret = wc_InitSha512(&hmac->hash.sha512); + ret = wc_InitSha512_ex(&hmac->hash.sha512, heap, devId); break; #endif /* WOLFSSL_SHA512 */ #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 case WC_SHA3_224: - ret = wc_InitSha3_224(&hmac->hash.sha3, heap, INVALID_DEVID); + ret = wc_InitSha3_224(&hmac->hash.sha3, heap, devId); break; #endif #ifndef WOLFSSL_NOSHA3_256 case WC_SHA3_256: - ret = wc_InitSha3_256(&hmac->hash.sha3, heap, INVALID_DEVID); + ret = wc_InitSha3_256(&hmac->hash.sha3, heap, devId); break; #endif #ifndef WOLFSSL_NOSHA3_384 case WC_SHA3_384: - ret = wc_InitSha3_384(&hmac->hash.sha3, heap, INVALID_DEVID); + ret = wc_InitSha3_384(&hmac->hash.sha3, heap, devId); break; #endif #ifndef WOLFSSL_NOSHA3_512 case WC_SHA3_512: - ret = wc_InitSha3_512(&hmac->hash.sha3, heap, INVALID_DEVID); + ret = wc_InitSha3_512(&hmac->hash.sha3, heap, devId); break; #endif #endif diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index 6b97752bf..8cc2a81cd 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -495,6 +495,7 @@ int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId) sha->heap = heap; #ifdef WOLF_CRYPTO_CB sha->devId = devId; + sha->devCtx = NULL; #endif #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 3ee43f4ab..ab20075d8 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -396,6 +396,7 @@ static int InitSha256(wc_Sha256* sha256) sha256->heap = heap; #ifdef WOLF_CRYPTO_CB sha256->devId = devId; + sha256->devCtx = NULL; #endif #ifdef WOLFSSL_SMALL_STACK_CACHE sha256->W = NULL; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 44359cbc3..a4e2eac95 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -26766,7 +26766,8 @@ WOLFSSL_TEST_SUBROUTINE int cmac_test(void) XMEMSET(tag, 0, sizeof(tag)); tagSz = AES_BLOCK_SIZE; - if (wc_InitCmac(cmac, tc->k, tc->kSz, tc->type, NULL) != 0) + + if (wc_InitCmac_ex(cmac, tc->k, tc->kSz, tc->type, NULL, HEAP_HINT, devId) != 0) ERROR_OUT(-12000, out); if (tc->partial) { if (wc_CmacUpdate(cmac, tc->m, @@ -34569,6 +34570,10 @@ WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void) ret = pbkdf2_test(); #endif #endif +#if defined(WOLFSSL_CMAC) && !defined(NO_AES) + if (ret == 0) + ret = cmac_test(); +#endif /* reset devId */ devId = INVALID_DEVID; diff --git a/wolfssl/wolfcrypt/cmac.h b/wolfssl/wolfcrypt/cmac.h index 69a14de32..06172d9b3 100644 --- a/wolfssl/wolfcrypt/cmac.h +++ b/wolfssl/wolfcrypt/cmac.h @@ -53,12 +53,15 @@ struct Cmac { byte k2[AES_BLOCK_SIZE]; word32 bufferSz; word32 totalSz; -#if defined(WOLF_CRYPTO_CB) +#ifdef WOLF_CRYPTO_CB int devId; + void* devCtx; + #ifdef WOLFSSL_QNX_CAAM byte ctx[32]; /* hold state for save and return */ word32 blackKey; word32 keylen; byte initialized; + #endif #endif }; From 36f80d53aa37a7929be7941bb77c2166d0badd32 Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Wed, 17 Feb 2021 10:10:22 -0600 Subject: [PATCH 052/137] Fix resource leak --- src/ocsp.c | 40 +++++++++++++++++++++------------------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/src/ocsp.c b/src/ocsp.c index 07eefb731..dfe55eb06 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -624,28 +624,30 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id( if (certStatus) XFREE(certStatus, NULL, DYNAMIC_TYPE_OPENSSL); - return NULL; - } - - XMEMSET(certId, 0, sizeof(WOLFSSL_OCSP_CERTID)); - XMEMSET(certStatus, 0, sizeof(CertStatus)); - - certId->status = certStatus; - certId->ownStatus = 1; - - InitDecodedCert(&cert, subject->derCert->buffer, - subject->derCert->length, NULL); - if (ParseCertRelative(&cert, CERT_TYPE, VERIFY_OCSP, cm) != 0) { - XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL); certId = NULL; } - else { - XMEMCPY(certId->issuerHash, cert.issuerHash, OCSP_DIGEST_SIZE); - XMEMCPY(certId->issuerKeyHash, cert.issuerKeyHash, OCSP_DIGEST_SIZE); - XMEMCPY(certId->status->serial, cert.serial, cert.serialSz); - certId->status->serialSz = cert.serialSz; + + if (certId != NULL) { + XMEMSET(certId, 0, sizeof(WOLFSSL_OCSP_CERTID)); + XMEMSET(certStatus, 0, sizeof(CertStatus)); + + certId->status = certStatus; + certId->ownStatus = 1; + + InitDecodedCert(&cert, subject->derCert->buffer, + subject->derCert->length, NULL); + if (ParseCertRelative(&cert, CERT_TYPE, VERIFY_OCSP, cm) != 0) { + XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL); + certId = NULL; + } + else { + XMEMCPY(certId->issuerHash, cert.issuerHash, OCSP_DIGEST_SIZE); + XMEMCPY(certId->issuerKeyHash, cert.issuerKeyHash, OCSP_DIGEST_SIZE); + XMEMCPY(certId->status->serial, cert.serial, cert.serialSz); + certId->status->serialSz = cert.serialSz; + } + FreeDecodedCert(&cert); } - FreeDecodedCert(&cert); wolfSSL_CertManagerFree(cm); From 7a020e4bb637db2a20624acac9bca3e31dc30868 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 12 Mar 2021 12:01:11 -0800 Subject: [PATCH 053/137] Fix for FIPS and CMAC init. --- wolfcrypt/test/test.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index a4e2eac95..00a0172f2 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -26767,8 +26767,15 @@ WOLFSSL_TEST_SUBROUTINE int cmac_test(void) XMEMSET(tag, 0, sizeof(tag)); tagSz = AES_BLOCK_SIZE; +#if !defined(HAVE_FIPS) || \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3) if (wc_InitCmac_ex(cmac, tc->k, tc->kSz, tc->type, NULL, HEAP_HINT, devId) != 0) +#else + if (wc_InitCmac(cmac, tc->k, tc->kSz, tc->type, NULL) != 0) +#endif + { ERROR_OUT(-12000, out); + } if (tc->partial) { if (wc_CmacUpdate(cmac, tc->m, tc->mSz/2 - tc->partial) != 0) From 0fa39a04dc61834af981abf1ce3a128ee55bbbb2 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Mon, 15 Mar 2021 19:00:11 +0100 Subject: [PATCH 054/137] Let user inspect error in wolfSSL_dtls_got_timeout --- src/ssl.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index e1c9e66fd..9a3131a07 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -12235,10 +12235,21 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl) if (ssl == NULL) return WOLFSSL_FATAL_ERROR; - if ((IsSCR(ssl) || !ssl->options.handShakeDone) && - (DtlsMsgPoolTimeout(ssl) < 0 || DtlsMsgPoolSend(ssl, 0) < 0)) { - - result = WOLFSSL_FATAL_ERROR; + if ((IsSCR(ssl) || !ssl->options.handShakeDone)) { + if (DtlsMsgPoolTimeout(ssl) < 0){ + ssl->error = SOCKET_ERROR_E; + WOLFSSL_ERROR(ssl->error); + result = WOLFSSL_FATAL_ERROR; + } + else if ((result = DtlsMsgPoolSend(ssl, 0)) < 0) { + ssl->error = result; + WOLFSSL_ERROR(result); + result = WOLFSSL_FATAL_ERROR; + } + else { + /* Reset return value to success */ + result = WOLFSSL_SUCCESS; + } } WOLFSSL_LEAVE("wolfSSL_dtls_got_timeout()", result); From 46b3beeccd3c9c3093ae90896563fbef4ff33807 Mon Sep 17 00:00:00 2001 From: Kareem Abuobeid Date: Mon, 15 Mar 2021 16:15:21 -0700 Subject: [PATCH 055/137] Fix missing NULL check in FreeSuites(), with OPENSSL_ALL enabled, this was causing a segfault in when freeing a WOLFSSL object created with wolfSSL_write_dup(). --- src/internal.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index 0b07103af..beed2693d 100644 --- a/src/internal.c +++ b/src/internal.c @@ -6361,7 +6361,9 @@ void FreeSuites(WOLFSSL* ssl) #endif { #ifdef OPENSSL_ALL - wolfSSL_sk_SSL_CIPHER_free(ssl->suites->stack); + if (ssl->suites != NULL) { + wolfSSL_sk_SSL_CIPHER_free(ssl->suites->stack); + } #endif XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES); } From 6fc0440904cc0327e42416175d2d0817a9e31927 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 8 Mar 2021 16:16:18 +1000 Subject: [PATCH 056/137] SP int neg add_d/sub_d: handle small values properly --- wolfcrypt/src/sp_int.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index cc6d89915..eecdd8c88 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -77,6 +77,7 @@ This library provides single precision (SP) integer math functions. * called again until complete. * WOLFSSL_SP_FAST_NCT_EXPTMOD Enables the faster non-constant time modular * exponentation implementation. + * WOLFSSL_SP_INT_NEGATIVE Enables negative values to be used. * WOLFSSL_SP_INT_DIGIT_ALIGN Enable when unaligned access of sp_int_digit * pointer is not allowed. */ @@ -3107,25 +3108,33 @@ int sp_add_d(sp_int* a, sp_int_digit d, sp_int* r) { int err = MP_OKAY; + /* Check validity of parameters. */ if ((a == NULL) || (r == NULL)) { err = MP_VAL; } else { #ifndef WOLFSSL_SP_INT_NEGATIVE + /* Positive only so just use internal function. */ err = _sp_add_d(a, d, r); #else if (a->sign == MP_ZPOS) { + /* Positive so use interal function. */ r->sign = MP_ZPOS; err = _sp_add_d(a, d, r); } else if ((a->used > 1) || (a->dp[0] > d)) { + /* Negative value bigger than digit so subtract digit. */ r->sign = MP_NEG; _sp_sub_d(a, d, r); } else { + /* Negative value smaller or equal to digit. */ r->sign = MP_ZPOS; + /* Subtract negative value from digit. */ r->dp[0] = d - a->dp[0]; + /* Result is a digit equal to or greater than zero. */ + r->used = ((r->dp[0] == 0) ? 0 : 1); } #endif } @@ -3149,25 +3158,32 @@ int sp_sub_d(sp_int* a, sp_int_digit d, sp_int* r) { int err = MP_OKAY; + /* Check validity of parameters. */ if ((a == NULL) || (r == NULL)) { err = MP_VAL; } else { #ifndef WOLFSSL_SP_INT_NEGATIVE + /* Positive only so just use internal function. */ _sp_sub_d(a, d, r); #else if (a->sign == MP_NEG) { + /* Subtracting from negative use interal add. */ r->sign = MP_NEG; err = _sp_add_d(a, d, r); } else if ((a->used > 1) || (a->dp[0] >= d)) { + /* Positive number greater than digit so add digit. */ r->sign = MP_ZPOS; _sp_sub_d(a, d, r); } else { + /* Negative value smaller than digit. */ r->sign = MP_NEG; + /* Subtract positive value from digit. */ r->dp[0] = d - a->dp[0]; - r->used = r->dp[0] > 0; + /* Result is a digit equal to or greater than zero. */ + r->used = 1; } #endif } From 35659be06f0ede0c98544747b5e49368ac96e6d9 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Thu, 4 Mar 2021 16:01:45 +1000 Subject: [PATCH 057/137] AES GCM: implement streaming Updated EVP layer to use streaming API when enabled. Assembly for x64 updated to include streaming. --- configure.ac | 10 + tests/api.c | 295 +- wolfcrypt/benchmark/benchmark.c | 26 + wolfcrypt/src/aes.c | 1472 ++++++- wolfcrypt/src/aes_gcm_asm.S | 7160 ++++++++++++++++++++++++++++++- wolfcrypt/src/error.c | 6 + wolfcrypt/src/evp.c | 179 +- wolfcrypt/test/test.c | 97 + wolfssl/wolfcrypt/aes.h | 33 + wolfssl/wolfcrypt/error-crypt.h | 4 +- 10 files changed, 9197 insertions(+), 85 deletions(-) diff --git a/configure.ac b/configure.ac index 1ec1f11a5..63d34ab78 100644 --- a/configure.ac +++ b/configure.ac @@ -1295,6 +1295,11 @@ AC_ARG_ENABLE([aesgcm], [ ENABLED_AESGCM=$enableval ], [ ENABLED_AESGCM=yes ] ) +AC_ARG_ENABLE([aesgcm-stream], + [AS_HELP_STRING([--enable-aesgcm-stream],[Enable wolfSSL AES-GCM support with streaming APIs (default: enabled)])], + [ ENABLED_AESGCM_STREAM=$enableval ], + [ ENABLED_AESGCM_STREAM=no ] + ) # leanpsk and leantls don't need gcm if test "$ENABLED_LEANPSK" = "yes" || ( test "$ENABLED_LEANTLS" = "yes" && @@ -5975,6 +5980,11 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM" fi +if test "$ENABLED_AESGCM_STREAM" != "no" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESGCM_STREAM" + AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AESGCM_STREAM" +fi AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes"], diff --git a/tests/api.c b/tests/api.c index 37cdc2bd4..dde3d5406 100644 --- a/tests/api.c +++ b/tests/api.c @@ -11614,6 +11614,208 @@ static int test_wc_AesCmacGenerate (void) } /* END test_wc_AesCmacGenerate */ +/* + * Testing streaming AES-GCM API. + */ +static int test_wc_AesGcmStream (void) +{ + int ret = 0; +#if !defined(NO_AES) && defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM) && \ + defined(WOLFSSL_AESGCM_STREAM) + + int i; + WC_RNG rng[1]; + Aes aesEnc[1]; + Aes aesDec[1]; + byte tag[AES_BLOCK_SIZE]; + byte in[AES_BLOCK_SIZE * 3 + 2] = { 0, }; + byte out[AES_BLOCK_SIZE * 3 + 2]; + byte plain[AES_BLOCK_SIZE * 3 + 2]; + byte aad[AES_BLOCK_SIZE * 3 + 2] = { 0, }; + byte key[AES_128_KEY_SIZE] = { 0, }; + byte iv[AES_IV_SIZE] = { 1, }; + byte ivOut[AES_IV_SIZE]; + static const byte expTagAAD1[AES_BLOCK_SIZE] = { + 0x6c, 0x35, 0xe6, 0x7f, 0x59, 0x9e, 0xa9, 0x2f, + 0x27, 0x2d, 0x5f, 0x8e, 0x7e, 0x42, 0xd3, 0x05 + }; + static const byte expTagPlain1[AES_BLOCK_SIZE] = { + 0x24, 0xba, 0x57, 0x95, 0xd0, 0x27, 0x9e, 0x78, + 0x3a, 0x88, 0x4c, 0x0a, 0x5d, 0x50, 0x23, 0xd1 + }; + static const byte expTag[AES_BLOCK_SIZE] = { + 0x22, 0x91, 0x70, 0xad, 0x42, 0xc3, 0xad, 0x96, + 0xe0, 0x31, 0x57, 0x60, 0xb7, 0x92, 0xa3, 0x6d + }; + + /* Create a random for generating IV/nonce. */ + AssertIntEQ(wc_InitRng(rng), 0); + + /* Initialize data structures. */ + AssertIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0); + AssertIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); + + /* BadParameters to streaming init. */ + AssertIntEQ(wc_AesGcmEncryptInit(NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG); + AssertIntEQ(wc_AesGcmDecryptInit(NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG); + AssertIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, AES_128_KEY_SIZE, NULL, 0), + BAD_FUNC_ARG); + AssertIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, 0, NULL, GCM_NONCE_MID_SZ), + BAD_FUNC_ARG); + + /* Bad parameters to encrypt update. */ + AssertIntEQ(wc_AesGcmEncryptUpdate(NULL, NULL, NULL, 0, NULL, 0), + BAD_FUNC_ARG); + AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 1, NULL, 0), + BAD_FUNC_ARG); + AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, in, 1, NULL, 0), + BAD_FUNC_ARG); + AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, NULL, 1, NULL, 0), + BAD_FUNC_ARG); + AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, NULL, 1), + BAD_FUNC_ARG); + /* Bad parameters to decrypt update. */ + AssertIntEQ(wc_AesGcmDecryptUpdate(NULL, NULL, NULL, 0, NULL, 0), + BAD_FUNC_ARG); + AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 1, NULL, 0), + BAD_FUNC_ARG); + AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, in, 1, NULL, 0), + BAD_FUNC_ARG); + AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, out, NULL, 1, NULL, 0), + BAD_FUNC_ARG); + AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, NULL, 1), + BAD_FUNC_ARG); + + /* Bad parameters to encrypt final. */ + AssertIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, 0), BAD_FUNC_ARG); + AssertIntEQ(wc_AesGcmEncryptFinal(NULL, tag, 0), BAD_FUNC_ARG); + AssertIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, AES_BLOCK_SIZE), + BAD_FUNC_ARG); + AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, 0), BAD_FUNC_ARG); + AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, NULL, AES_BLOCK_SIZE), + BAD_FUNC_ARG); + AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE + 1), + BAD_FUNC_ARG); + /* Bad parameters to decrypt final. */ + AssertIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, 0), BAD_FUNC_ARG); + AssertIntEQ(wc_AesGcmDecryptFinal(NULL, tag, 0), BAD_FUNC_ARG); + AssertIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, AES_BLOCK_SIZE), + BAD_FUNC_ARG); + AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, 0), BAD_FUNC_ARG); + AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, NULL, AES_BLOCK_SIZE), + BAD_FUNC_ARG); + AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE + 1), + BAD_FUNC_ARG); + + /* Check calling final before setting key fails. */ + AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), MISSING_KEY); + AssertIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), MISSING_KEY); + /* Check calling update before setting key else fails. */ + AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), + MISSING_KEY); + AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), + MISSING_KEY); + + /* Set key but not IV. */ + AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), NULL, 0), 0); + AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), NULL, 0), 0); + /* Check calling final before setting IV fails. */ + AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), MISSING_IV); + AssertIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), MISSING_IV); + /* Check calling update before setting IV else fails. */ + AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), + MISSING_IV); + AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), + MISSING_IV); + + /* Set IV using fixed part IV and external IV APIs. */ + AssertIntEQ(wc_AesGcmSetIV(aesEnc, GCM_NONCE_MID_SZ, iv, AES_IV_FIXED_SZ, + rng), 0); + AssertIntEQ(wc_AesGcmEncryptInit_ex(aesEnc, NULL, 0, ivOut, + GCM_NONCE_MID_SZ), 0); + AssertIntEQ(wc_AesGcmSetExtIV(aesDec, ivOut, GCM_NONCE_MID_SZ), 0); + AssertIntEQ(wc_AesGcmInit(aesDec, NULL, 0, NULL, 0), 0); + /* Encrypt and decrypt data. */ + AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, aad, 1), 0); + AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, aad, 1), 0); + AssertIntEQ(XMEMCMP(plain, in, 1), 0); + /* Finalize and check tag matches. */ + AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0); + AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0); + + /* Set key and IV through streaming init API. */ + AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); + AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); + /* Encrypt/decrypt one block and AAD of one block. */ + AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, AES_BLOCK_SIZE, aad, + AES_BLOCK_SIZE), 0); + AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, AES_BLOCK_SIZE, aad, + AES_BLOCK_SIZE), 0); + AssertIntEQ(XMEMCMP(plain, in, AES_BLOCK_SIZE), 0); + /* Finalize and check tag matches. */ + AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0); + AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0); + + /* Set key and IV through streaming init API. */ + AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); + AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); + /* No data to encrypt/decrypt one byte of AAD. */ + AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), 0); + AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), 0); + /* Finalize and check tag matches. */ + AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0); + AssertIntEQ(XMEMCMP(tag, expTagAAD1, AES_BLOCK_SIZE), 0); + AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0); + + /* Set key and IV through streaming init API. */ + AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); + AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); + /* Encrypt/decrypt one byte and no AAD. */ + AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, NULL, 0), 0); + AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, NULL, 0), 0); + AssertIntEQ(XMEMCMP(plain, in, 1), 0); + /* Finalize and check tag matches. */ + AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0); + AssertIntEQ(XMEMCMP(tag, expTagPlain1, AES_BLOCK_SIZE), 0); + AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0); + + /* Set key and IV through streaming init API. */ + AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); + AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); + /* Encryption AES is one byte at a time */ + for (i = 0; i < (int)sizeof(aad); i++) { + AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad + i, 1), + 0); + } + for (i = 0; i < (int)sizeof(in); i++) { + AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out + i, in + i, 1, NULL, 0), + 0); + } + /* Decryption AES is two bytes at a time */ + for (i = 0; i < (int)sizeof(aad); i += 2) { + AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad + i, 2), + 0); + } + for (i = 0; i < (int)sizeof(aad); i += 2) { + AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain + i, out + i, 2, NULL, + 0), 0); + } + AssertIntEQ(XMEMCMP(plain, in, sizeof(in)), 0); + /* Finalize and check tag matches. */ + AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0); + AssertIntEQ(XMEMCMP(tag, expTag, AES_BLOCK_SIZE), 0); + AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0); + + /* Check streaming encryption can be decrypted with one shot. */ + AssertIntEQ(wc_AesGcmSetKey(aesDec, key, sizeof(key)), 0); + AssertIntEQ(wc_AesGcmDecrypt(aesDec, plain, out, sizeof(in), iv, + AES_IV_SIZE, tag, AES_BLOCK_SIZE, aad, sizeof(aad)), 0); + AssertIntEQ(XMEMCMP(plain, in, sizeof(in)), 0); + +#endif + return ret; + +} /* END test_wc_AesGcmStream */ /* @@ -39748,15 +39950,19 @@ static void test_wolfssl_EVP_aes_gcm_AAD_2_parts(void) const byte iv[12] = { 0 }; const byte key[16] = { 0 }; const byte cleartext[16] = { 0 }; - const byte aad[] = {0x01, 0x10, 0x00, 0x2a, 0x08, 0x00, 0x04, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0xdc, 0x4d, - 0xad, 0x6b, 0x06, 0x93, 0x4f}; + const byte aad[] = { + 0x01, 0x10, 0x00, 0x2a, 0x08, 0x00, 0x04, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, + 0x00, 0x00, 0xdc, 0x4d, 0xad, 0x6b, 0x06, 0x93, + 0x4f + }; byte out1Part[16]; byte outTag1Part[16]; byte out2Part[16]; byte outTag2Part[16]; byte decryptBuf[16]; int len; + int tlen; EVP_CIPHER_CTX* ctx = NULL; printf(testingFmt, "wolfssl_EVP_aes_gcm_AAD_2_parts"); @@ -39764,25 +39970,37 @@ static void test_wolfssl_EVP_aes_gcm_AAD_2_parts(void) /* ENCRYPT */ /* Send AAD and data in 1 part */ AssertNotNull(ctx = EVP_CIPHER_CTX_new()); - AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), 1); + tlen = 0; + AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), + 1); AssertIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1); AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1); - AssertIntEQ(EVP_EncryptUpdate(ctx, out1Part, &len, cleartext, sizeof(cleartext)), 1); + AssertIntEQ(EVP_EncryptUpdate(ctx, out1Part, &len, cleartext, + sizeof(cleartext)), 1); + tlen += len; AssertIntEQ(EVP_EncryptFinal_ex(ctx, out1Part, &len), 1); - AssertIntEQ(len, sizeof(cleartext)); - AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, outTag1Part), 1); + tlen += len; + AssertIntEQ(tlen, sizeof(cleartext)); + AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, + outTag1Part), 1); EVP_CIPHER_CTX_free(ctx); /* DECRYPT */ /* Send AAD and data in 1 part */ AssertNotNull(ctx = EVP_CIPHER_CTX_new()); - AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), 1); + tlen = 0; + AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), + 1); AssertIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1); AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1); - AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part, sizeof(cleartext)), 1); - AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, outTag1Part), 1); + AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part, + sizeof(cleartext)), 1); + tlen += len; + AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, + outTag1Part), 1); AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf, &len), 1); - AssertIntEQ(len, sizeof(cleartext)); + tlen += len; + AssertIntEQ(tlen, sizeof(cleartext)); EVP_CIPHER_CTX_free(ctx); AssertIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0); @@ -39790,16 +40008,23 @@ static void test_wolfssl_EVP_aes_gcm_AAD_2_parts(void) /* ENCRYPT */ /* Send AAD and data in 2 parts */ AssertNotNull(ctx = EVP_CIPHER_CTX_new()); - AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), 1); + tlen = 0; + AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), + 1); AssertIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1); AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, 1), 1); - AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1), 1); + AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1), + 1); AssertIntEQ(EVP_EncryptUpdate(ctx, out2Part, &len, cleartext, 1), 1); - AssertIntEQ(EVP_EncryptUpdate(ctx, out2Part, &len, cleartext + 1, + tlen += len; + AssertIntEQ(EVP_EncryptUpdate(ctx, out2Part + tlen, &len, cleartext + 1, sizeof(cleartext) - 1), 1); - AssertIntEQ(EVP_EncryptFinal_ex(ctx, out2Part, &len), 1); - AssertIntEQ(len, sizeof(cleartext)); - AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, outTag2Part), 1); + tlen += len; + AssertIntEQ(EVP_EncryptFinal_ex(ctx, out2Part + tlen, &len), 1); + tlen += len; + AssertIntEQ(tlen, sizeof(cleartext)); + AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, + outTag2Part), 1); AssertIntEQ(XMEMCMP(out1Part, out2Part, sizeof(out1Part)), 0); AssertIntEQ(XMEMCMP(outTag1Part, outTag2Part, sizeof(outTag1Part)), 0); @@ -39808,16 +40033,23 @@ static void test_wolfssl_EVP_aes_gcm_AAD_2_parts(void) /* DECRYPT */ /* Send AAD and data in 2 parts */ AssertNotNull(ctx = EVP_CIPHER_CTX_new()); - AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), 1); + tlen = 0; + AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), + 1); AssertIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1); AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, 1), 1); - AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1), 1); + AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1), + 1); AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part, 1), 1); - AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part + 1, + tlen += len; + AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf + tlen, &len, out1Part + 1, sizeof(cleartext) - 1), 1); - AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, outTag1Part), 1); - AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf, &len), 1); - AssertIntEQ(len, sizeof(cleartext)); + tlen += len; + AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, + outTag1Part), 1); + AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf + tlen, &len), 1); + tlen += len; + AssertIntEQ(tlen, sizeof(cleartext)); AssertIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0); @@ -39834,14 +40066,15 @@ static void test_wolfssl_EVP_aes_gcm_zeroLen(void) { /* Zero length plain text */ - byte key[] = - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + byte key[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; /* align */ - byte iv[] = - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; - /* align */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; /* align */ + byte iv[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; /* align */ byte plaintxt[0]; int ivSz = 12; int plaintxtSz = 0; @@ -39861,7 +40094,8 @@ static void test_wolfssl_EVP_aes_gcm_zeroLen(void) AssertIntEQ(1, EVP_EncryptInit_ex(en, EVP_aes_256_gcm(), NULL, key, iv)); AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); - AssertIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt, plaintxtSz)); + AssertIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt, + plaintxtSz)); AssertIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len)); ciphertxtSz += len; AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_GET_TAG, 16, tag)); @@ -41833,6 +42067,7 @@ void ApiTest(void) AssertIntEQ(test_wc_CmacUpdate(), 0); AssertIntEQ(test_wc_CmacFinal(), 0); AssertIntEQ(test_wc_AesCmacGenerate(), 0); + AssertIntEQ(test_wc_AesGcmStream(), 0); AssertIntEQ(test_wc_Des3_SetIV(), 0); AssertIntEQ(test_wc_Des3_SetKey(), 0); diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index adea5980f..cee0a90c4 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -2394,10 +2394,23 @@ static void bench_aesgcm_internal(int doAsync, const byte* key, word32 keySz, /* while free pending slots in queue, submit ops */ for (i = 0; i < BENCH_MAX_PENDING; i++) { if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0, ×, numBlocks, &pending)) { +#ifndef BENCHMARK_AESGCM_STREAM ret = wc_AesGcmEncrypt(&enc[i], bench_cipher, bench_plain, BENCH_SIZE, iv, ivSz, bench_tag, AES_AUTH_TAG_SZ, bench_additional, aesAuthAddSz); +#else + ret = wc_AesGcmEncryptInit(&enc[i], NULL, 0, iv, ivSz); + if (ret == 0) { + ret = wc_AesGcmEncryptUpdate(&enc[i], bench_cipher, + bench_plain, BENCH_SIZE, bench_additional, + aesAuthAddSz); + } + if (ret == 0) { + ret = wc_AesGcmEncryptFinal(&enc[i], bench_tag, + AES_AUTH_TAG_SZ); + } +#endif if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&enc[i]), 0, ×, &pending)) { goto exit_aes_gcm; } @@ -2433,10 +2446,23 @@ exit_aes_gcm: /* while free pending slots in queue, submit ops */ for (i = 0; i < BENCH_MAX_PENDING; i++) { if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(&dec[i]), 0, ×, numBlocks, &pending)) { +#ifndef BENCHMARK_AESGCM_STREAM ret = wc_AesGcmDecrypt(&dec[i], bench_plain, bench_cipher, BENCH_SIZE, iv, ivSz, bench_tag, AES_AUTH_TAG_SZ, bench_additional, aesAuthAddSz); +#else + ret = wc_AesGcmDecryptInit(&enc[i], NULL, 0, iv, ivSz); + if (ret == 0) { + ret = wc_AesGcmDecryptUpdate(&enc[i], bench_plain, + bench_cipher, BENCH_SIZE, bench_additional, + aesAuthAddSz); + } + if (ret == 0) { + ret = wc_AesGcmDecryptFinal(&enc[i], bench_tag, + AES_AUTH_TAG_SZ); + } +#endif if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&dec[i]), 0, ×, &pending)) { goto exit_aes_gcm_dec; } diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index b1c0d6a1f..89a1baafc 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -4364,6 +4364,9 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len) #endif XMEMSET(iv, 0, AES_BLOCK_SIZE); ret = wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION); +#ifdef WOLFSSL_AESGCM_STREAM + aes->gcmKeySet = 1; +#endif #ifdef WOLFSSL_AESNI /* AES-NI code generates its own H value. */ @@ -5569,7 +5572,6 @@ static void AES_GCM_decrypt(const unsigned char *in, unsigned char *out, #endif /* _MSC_VER */ #endif /* WOLFSSL_AESNI */ - #if defined(GCM_SMALL) static void GMULT(byte* X, byte* Y) { @@ -5650,6 +5652,27 @@ void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c, XMEMCPY(s, x, sSz); } +#ifdef WOLFSSL_AESGCM_STREAM +/* No extra initialization for small implementation. + * + * @param [in] aes AES GCM object. + */ +#define GHASH_INIT_EXTRA(aes) + +/* GHASH one block of data.. + * + * XOR block into tag and GMULT with H. + * + * @param [in, out] aes AES GCM object. + * @param [in] block Block of AAD or cipher text. + */ +#define GHASH_ONE_BLOCK(aes, block) \ + do { \ + xorbuf(aes->tag, block, AES_BLOCK_SIZE); \ + GMULT(aes->tag, aes->H); \ + } \ + while (0) +#endif /* WOLFSSL_AESGCM_STREAM */ /* end GCM_SMALL */ #elif defined(GCM_TABLE) @@ -5826,6 +5849,27 @@ void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c, XMEMCPY(s, x, sSz); } +#ifdef WOLFSSL_AESGCM_STREAM +/* No extra initialization for table implementation. + * + * @param [in] aes AES GCM object. + */ +#define GHASH_INIT_EXTRA(aes) + +/* GHASH one block of data.. + * + * XOR block into tag and GMULT with H using pre-computed table. + * + * @param [in, out] aes AES GCM object. + * @param [in] block Block of AAD or cipher text. + */ +#define GHASH_ONE_BLOCK(aes, block) \ + do { \ + xorbuf(aes->tag, block, AES_BLOCK_SIZE); \ + GMULT(aes->tag, aes->M0); \ + } \ + while (0) +#endif /* WOLFSSL_AESGCM_STREAM */ /* end GCM_TABLE */ #elif defined(GCM_TABLE_4BIT) @@ -6101,6 +6145,27 @@ void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c, XMEMCPY(s, x, sSz); } +#ifdef WOLFSSL_AESGCM_STREAM +/* No extra initialization for 4-bit table implementation. + * + * @param [in] aes AES GCM object. + */ +#define GHASH_INIT_EXTRA(aes) + +/* GHASH one block of data.. + * + * XOR block into tag and GMULT with H using pre-computed table. + * + * @param [in, out] aes AES GCM object. + * @param [in] block Block of AAD or cipher text. + */ +#define GHASH_ONE_BLOCK(aes, block) \ + do { \ + xorbuf(aes->tag, block, AES_BLOCK_SIZE); \ + GMULT(aes->tag, aes->M0); \ + } \ + while (0) +#endif /* WOLFSSL_AESGCM_STREAM */ #elif defined(WORD64_AVAILABLE) && !defined(GCM_WORD32) #if !defined(FREESCALE_LTC_AES_GCM) @@ -6409,10 +6474,282 @@ void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c, XMEMCPY(s, x, sSz); } +#ifdef WOLFSSL_AESGCM_STREAM +#ifdef LITTLE_ENDIAN_ORDER +/* Little-endian 32-bit word implementation requires byte reversal of H. + * + * H is all-zeros block encrypted with key. + * + * @param [in, out] aes AES GCM object. + */ +#define GHASH_INIT_EXTRA(aes) \ + ByteReverseWords((word32*)aes->H, (word32*)aes->H, AES_BLOCK_SIZE) + +/* GHASH one block of data.. + * + * XOR block, in big-endian form, into tag and GMULT with H. + * + * @param [in, out] aes AES GCM object. + * @param [in] block Block of AAD or cipher text. + */ +#define GHASH_ONE_BLOCK(aes, block) \ + do { \ + word32* x = (word32*)aes->tag; \ + word32* h = (word32*)aes->H; \ + word32 bigEnd[4]; \ + XMEMCPY(bigEnd, block, AES_BLOCK_SIZE); \ + ByteReverseWords(bigEnd, bigEnd, AES_BLOCK_SIZE); \ + x[0] ^= bigEnd[0]; \ + x[1] ^= bigEnd[1]; \ + x[2] ^= bigEnd[2]; \ + x[3] ^= bigEnd[3]; \ + GMULT(x, h); \ + } \ + while (0) + +/* GHASH in AAD and cipher text lengths in bits. + * + * Convert tag back to little-endian. + * + * @param [in, out] aes AES GCM object. + */ +#define GHASH_LEN_BLOCK(aes) \ + do { \ + word32 len[4]; \ + word32* x = (word32*)aes->tag; \ + word32* h = (word32*)aes->H; \ + len[0] = (aes->aSz >> (8*sizeof(aes->aSz) - 3)); \ + len[1] = aes->aSz << 3; \ + len[2] = (aes->cSz >> (8*sizeof(aes->cSz) - 3)); \ + len[3] = aes->cSz << 3; \ + x[0] ^= len[0]; \ + x[1] ^= len[1]; \ + x[2] ^= len[2]; \ + x[3] ^= len[3]; \ + GMULT(x, h); \ + ByteReverseWords(x, x, AES_BLOCK_SIZE); \ + } \ + while (0) +#else +/* No extra initialization for 32-bit word implementation. + * + * @param [in] aes AES GCM object. + */ +#define GHASH_INIT_EXTRA(aes) + +/* GHASH one block of data.. + * + * XOR block into tag and GMULT with H. + * + * @param [in, out] aes AES GCM object. + * @param [in] block Block of AAD or cipher text. + */ +#define GHASH_ONE_BLOCK(aes, block) \ + do { \ + word32* x = (word32*)aes->tag; \ + word32* h = (word32*)aes->H; \ + word32 block32[4]; \ + XMEMCPY(block32, block, AES_BLOCK_SIZE); \ + x[0] ^= block32[0]; \ + x[1] ^= block32[1]; \ + x[2] ^= block32[2]; \ + x[3] ^= block32[3]; \ + GMULT(x, h); \ + } \ + while (0) + +/* GHASH in AAD and cipher text lengths in bits. + * + * @param [in, out] aes AES GCM object. + */ +#define GHASH_LEN_BLOCK(aes) \ + do { \ + word32 len[4]; \ + word32* x = (word32*)aes->tag; \ + word32* h = (word32*)aes->H; \ + len[0] = (aes->aSz >> (8*sizeof(aes->aSz) - 3)); \ + len[1] = aes->aSz << 3; \ + len[2] = (aes->cSz >> (8*sizeof(aes->cSz) - 3)); \ + len[3] = aes->cSz << 3; \ + x[0] ^= len[0]; \ + x[1] ^= len[1]; \ + x[2] ^= len[2]; \ + x[3] ^= len[3]; \ + GMULT(x, h); \ + } \ + while (0) +#endif /* LITTLE_ENDIAN_ORDER */ +#endif /* WOLFSSL_AESGCM_STREAM */ #endif /* end GCM_WORD32 */ - #if !defined(WOLFSSL_XILINX_CRYPT) && !defined(WOLFSSL_AFALG_XILINX_AES) +#ifdef WOLFSSL_AESGCM_STREAM +#ifndef GHASH_LEN_BLOCK +/* Hash in the lengths of the AAD and cipher text in bits. + * + * Default implementation. + * + * @param [in, out] aes AES GCM object. + */ +#define GHASH_LEN_BLOCK(aes) \ + do { \ + byte scratch[AES_BLOCK_SIZE]; \ + FlattenSzInBits(&scratch[0], aes->aSz); \ + FlattenSzInBits(&scratch[8], aes->cSz); \ + GHASH_ONE_BLOCK(aes, scratch); \ + } \ + while (0) +#endif + +/* Initialize a GHASH for streaming operations. + * + * @param [in, out] aes AES GCM object. + */ +static void GHASH_INIT(Aes* aes) { + /* Set tag to all zeros as initial value. */ + XMEMSET(aes->tag, 0, sizeof(aes->tag)); + /* Reset counts of AAD and cipher text. */ + aes->aOver = 0; + aes->cOver = 0; + /* Extra initialization baed on implementation. */ + GHASH_INIT_EXTRA(aes); +} + +/* Update the GHASH with AAD and/or cipher text. + * + * @param [in,out] aes AES GCM object. + * @param [in] a Additional authentication data buffer. + * @param [in] aSz Size of data in AAD buffer. + * @param [in] c Cipher text buffer. + * @param [in] cSz Size of data in cipher text buffer. + */ +static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c, + word32 cSz) +{ + word32 blocks; + word32 partial; + + /* Hash in A, the Additional Authentication Data */ + if (aSz != 0 && a != NULL) { + /* Update count of AAD we have hashed. */ + aes->aSz += aSz; + /* Check if we have unprocessed data. */ + if (aes->aOver > 0) { + /* Calculate amount we can use - fill up the block. */ + byte sz = AES_BLOCK_SIZE - aes->aOver; + if (sz > aSz) { + sz = aSz; + } + /* Copy extra into last GHASH block array and update count. */ + XMEMCPY(aes->lastGBlock + aes->aOver, a, sz); + aes->aOver += sz; + if (aes->aOver == AES_BLOCK_SIZE) { + /* We have filled up the block and can process. */ + GHASH_ONE_BLOCK(aes, aes->lastGBlock); + /* Reset count. */ + aes->aOver = 0; + } + /* Used up some data. */ + aSz -= sz; + a += sz; + } + + /* Calculate number of blocks of AAD and the leftover. */ + blocks = aSz / AES_BLOCK_SIZE; + partial = aSz % AES_BLOCK_SIZE; + /* GHASH full blocks now. */ + while (blocks--) { + GHASH_ONE_BLOCK(aes, a); + a += AES_BLOCK_SIZE; + } + if (partial != 0) { + /* Cache the partial block. */ + XMEMCPY(aes->lastGBlock, a, partial); + aes->aOver = (byte)partial; + } + } + if (aes->aOver > 0 && cSz > 0 && c != NULL) { + /* No more AAD coming and we have a partial block. */ + /* Fill the rest of the block with zeros. */ + byte sz = AES_BLOCK_SIZE - aes->aOver; + XMEMSET(aes->lastGBlock + aes->aOver, 0, sz); + /* GHASH last AAD block. */ + GHASH_ONE_BLOCK(aes, aes->lastGBlock); + /* Clear partial count for next time through. */ + aes->aOver = 0; + } + + /* Hash in C, the Ciphertext */ + if (cSz != 0 && c != NULL) { + /* Update count of cipher text we have hashed. */ + aes->cSz += cSz; + if (aes->cOver > 0) { + /* Calculate amount we can use - fill up the block. */ + byte sz = AES_BLOCK_SIZE - aes->cOver; + if (sz > cSz) { + sz = cSz; + } + XMEMCPY(aes->lastGBlock + aes->cOver, c, sz); + /* Update count of unsed encrypted counter. */ + aes->cOver += sz; + if (aes->cOver == AES_BLOCK_SIZE) { + /* We have filled up the block and can process. */ + GHASH_ONE_BLOCK(aes, aes->lastGBlock); + /* Reset count. */ + aes->cOver = 0; + } + /* Used up some data. */ + cSz -= sz; + c += sz; + } + + /* Calculate number of blocks of cipher text and the leftover. */ + blocks = cSz / AES_BLOCK_SIZE; + partial = cSz % AES_BLOCK_SIZE; + /* GHASH full blocks now. */ + while (blocks--) { + GHASH_ONE_BLOCK(aes, c); + c += AES_BLOCK_SIZE; + } + if (partial != 0) { + /* Cache the partial block. */ + XMEMCPY(aes->lastGBlock, c, partial); + aes->cOver = (byte)partial; + } + } +} + +/* Finalize the GHASH calculation. + * + * Complete hashing cipher text and hash the AAD and cipher text lengths. + * + * @param [in, out] aes AES GCM object. + * @param [out] s Authentication tag. + * @param [in] sSz Size of authentication tag required. + */ +static void GHASH_FINAL(Aes* aes, byte* s, word32 sSz) +{ + /* AAD block incomplete when > 0 */ + byte over = aes->aOver; + + if (aes->cOver > 0) { + /* Cipher text block incomplete. */ + over = aes->cOver; + } + if (over > 0) { + /* Zeroize the unused part of the block. */ + XMEMSET(aes->lastGBlock + over, 0, AES_BLOCK_SIZE - over); + /* Hash the last block of cipher text. */ + GHASH_ONE_BLOCK(aes, aes->lastGBlock); + } + /* Hash in the lengths of AAD and cipher text in bits */ + GHASH_LEN_BLOCK(aes); + /* Copy the result into s. */ + XMEMCPY(s, aes->tag, sSz); +} +#endif /* WOLFSSL_AESGCM_STREAM */ + + #ifdef FREESCALE_LTC_AES_GCM int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, @@ -6452,8 +6789,8 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, #ifdef STM32_CRYPTO_AES_GCM /* this function supports inline encrypt */ -/* define STM32_AESGCM_PARTIAL for newer STM Cube HAL's with workaround - for handling partial packets to improve auth tag calculation performance by +/* define STM32_AESGCM_PARTIAL for newer STM Cube HAL's with workaround + for handling partial packets to improve auth tag calculation performance by using hardware */ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, @@ -6668,6 +7005,7 @@ static int wc_AesGcmEncrypt_STM32(Aes* aes, byte* out, const byte* in, word32 sz #endif /* STM32_CRYPTO_AES_GCM */ #ifdef WOLFSSL_AESNI +/* For performance reasons, this code needs to be not inlined. */ int AES_GCM_encrypt_C(Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz, @@ -6885,7 +7223,6 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, #endif - /* AES GCM Decrypt */ #if defined(HAVE_AES_DECRYPT) || defined(HAVE_AESGCM_DECRYPT) #ifdef FREESCALE_LTC_AES_GCM @@ -6973,7 +7310,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, GHASH(aes, NULL, 0, iv, ivSz, (byte*)ctr, AES_BLOCK_SIZE); } - /* Make copy of expected authTag, which could get corrupted in some + /* Make copy of expected authTag, which could get corrupted in some * Cube HAL versions without proper partial block support. * For TLS blocks the authTag is after the output buffer, so save it */ XMEMCPY(tagExpected, authTag, authTagSz); @@ -7150,6 +7487,7 @@ static int wc_AesGcmDecrypt_STM32(Aes* aes, byte* out, #endif /* STM32_CRYPTO_AES_GCM */ #ifdef WOLFSSL_AESNI +/* For performance reasons, this code needs to be not inlined. */ int AES_GCM_decrypt_C(Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, const byte* authTag, word32 authTagSz, @@ -7384,6 +7722,1111 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, } #endif #endif /* HAVE_AES_DECRYPT || HAVE_AESGCM_DECRYPT */ + +#ifdef WOLFSSL_AESGCM_STREAM +/* Initialize the AES GCM cipher with an IV. C implementation. + * + * @param [in, out] aes AES object. + * @param [in] iv IV/nonce buffer. + * @param [in] ivSz Length of IV/nonce data. + */ +static void AesGcmInit_C(Aes* aes, const byte* iv, word32 ivSz) +{ + ALIGN32 byte counter[AES_BLOCK_SIZE]; + + if (ivSz == GCM_NONCE_MID_SZ) { + /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */ + XMEMCPY(counter, iv, ivSz); + XMEMSET(counter + GCM_NONCE_MID_SZ, 0, + AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1); + counter[AES_BLOCK_SIZE - 1] = 1; + } + else { + /* Counter is GHASH of IV. */ + #ifdef OPENSSL_EXTRA + word32 aadTemp = aes->aadLen; + aes->aadLen = 0; + #endif + GHASH(aes, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE); + #ifdef OPENSSL_EXTRA + aes->aadLen = aadTemp; + #endif + } + + /* Copy in the counter for use with cipher. */ + XMEMCPY(aes->counter, counter, AES_BLOCK_SIZE); + /* Encrypt initial counter into a buffer for GCM. */ + wc_AesEncrypt(aes, counter, aes->initCtr); + /* Reset state fields. */ + aes->over = 0; + aes->aSz = 0; + aes->cSz = 0; + /* Initialization for GHASH. */ + GHASH_INIT(aes); +} + +/* Update the AES GCM cipher with data. C implementation. + * + * Only enciphers data. + * + * @param [in, out] aes AES object. + * @param [in] out Cipher text or plaintext buffer. + * @param [in] in Plaintext or cipher text buffer. + * @param [in] sz Length of data. + */ +static void AesGcmCryptUpdate_C(Aes* aes, byte* out, const byte* in, word32 sz) +{ + word32 blocks; + word32 partial; + + /* Check if previous encrypted block was not used up. */ + if (aes->over > 0) { + byte pSz = AES_BLOCK_SIZE - aes->over; + if (pSz > sz) pSz = sz; + + /* Use some/all of last encrypted block. */ + xorbufout(out, aes->lastBlock + aes->over, in, pSz); + aes->over = (aes->over + pSz) & (AES_BLOCK_SIZE - 1); + + /* Some data used. */ + sz -= pSz; + in += pSz; + out += pSz; + } + + /* Calculate the number of blocks needing to be encrypted and any leftover. + */ + blocks = sz / AES_BLOCK_SIZE; + partial = sz & (AES_BLOCK_SIZE - 1); + +#if defined(HAVE_AES_ECB) + /* Some hardware acceleration can gain performance from doing AES encryption + * of the whole buffer at once. + * Overwrites the cipher text before using plaintext - no inline encryption. + */ + if ((out != in) && blocks > 0) { + word32 b; + /* Place incrementing counter blocks into cipher text. */ + for (b = 0; b < blocks; b++) { + IncrementGcmCounter(aes->counter); + XMEMCPY(out + b * AES_BLOCK_SIZE, aes->counter, AES_BLOCK_SIZE); + } + + /* Encrypt counter blocks. */ + wc_AesEcbEncrypt(aes, out, out, AES_BLOCK_SIZE * blocks); + /* XOR in plaintext. */ + xorbuf(out, in, AES_BLOCK_SIZE * blocks); + /* Skip over processed data. */ + in += AES_BLOCK_SIZE * blocks; + out += AES_BLOCK_SIZE * blocks; + } + else +#endif /* HAVE_AES_ECB */ + { + /* Encrypt block by block. */ + while (blocks--) { + ALIGN32 byte scratch[AES_BLOCK_SIZE]; + IncrementGcmCounter(aes->counter); + /* Encrypt counter into a buffer. */ + wc_AesEncrypt(aes, aes->counter, scratch); + /* XOR plain text into encrypted counter into cipher text buffer. */ + xorbufout(out, scratch, in, AES_BLOCK_SIZE); + /* Data complete. */ + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + } + + if (partial != 0) { + /* Generate an extra block and use up as much as needed. */ + IncrementGcmCounter(aes->counter); + /* Encrypt counter into cache. */ + wc_AesEncrypt(aes, aes->counter, aes->lastBlock); + /* XOR plain text into encrypted counter into cipher text buffer. */ + xorbufout(out, aes->lastBlock, in, partial); + /* Keep amount of encrypted block used. */ + aes->over = partial; + } +} + +/* Calculates authentication tag for AES GCM. C implementation. + * + * @param [in, out] aes AES object. + * @param [out] authTag Buffer to store authentication tag in. + * @param [in] authTagSz Length of tag to create. + */ +static void AesGcmFinal_C(Aes* aes, byte* authTag, word32 authTagSz) +{ + /* Calculate authentication tag. */ + GHASH_FINAL(aes, authTag, authTagSz); + /* XOR in as much of encrypted counter as is required. */ + xorbuf(authTag, aes->initCtr, authTagSz); +#ifdef OPENSSL_EXTRA + /* store AAD size for next call */ + aes->aadLen = aes->aSz; +#endif + /* Zeroize last block to protect sensitive data. */ + ForceZero(aes->lastBlock, sizeof(aes->lastBlock)); +} + +#ifdef WOLFSSL_AESNI +/* Assembly code implementations in: aes_gcm_asm.S */ +#ifdef HAVE_INTEL_AVX2 +extern void AES_GCM_init_avx2(const unsigned char* key, int nr, + const unsigned char* ivec, unsigned int ibytes, unsigned char* h, + unsigned char* counter, unsigned char* initCtr); +extern void AES_GCM_aad_update_avx2(const unsigned char* addt, + unsigned int abytes, unsigned char* tag, unsigned char* h); +extern void AES_GCM_encrypt_block_avx2(const unsigned char* key, int nr, + unsigned char* out, const unsigned char* in, unsigned char* counter); +extern void AES_GCM_ghash_block_avx2(const unsigned char* data, + unsigned char* tag, unsigned char* h); + +extern void AES_GCM_encrypt_update_avx2(const unsigned char* key, int nr, + unsigned char* out, const unsigned char* in, unsigned int nbytes, + unsigned char* tag, unsigned char* h, unsigned char* counter); +extern void AES_GCM_encrypt_final_avx2(unsigned char* tag, + unsigned char* authTag, unsigned int tbytes, unsigned int nbytes, + unsigned int abytes, unsigned char* h, unsigned char* initCtr); +#endif +#ifdef HAVE_INTEL_AVX1 +extern void AES_GCM_init_avx1(const unsigned char* key, int nr, + const unsigned char* ivec, unsigned int ibytes, unsigned char* h, + unsigned char* counter, unsigned char* initCtr); +extern void AES_GCM_aad_update_avx1(const unsigned char* addt, + unsigned int abytes, unsigned char* tag, unsigned char* h); +extern void AES_GCM_encrypt_block_avx1(const unsigned char* key, int nr, + unsigned char* out, const unsigned char* in, unsigned char* counter); +extern void AES_GCM_ghash_block_avx1(const unsigned char* data, + unsigned char* tag, unsigned char* h); + +extern void AES_GCM_encrypt_update_avx1(const unsigned char* key, int nr, + unsigned char* out, const unsigned char* in, unsigned int nbytes, + unsigned char* tag, unsigned char* h, unsigned char* counter); +extern void AES_GCM_encrypt_final_avx1(unsigned char* tag, + unsigned char* authTag, unsigned int tbytes, unsigned int nbytes, + unsigned int abytes, unsigned char* h, unsigned char* initCtr); +#endif +extern void AES_GCM_init_aesni(const unsigned char* key, int nr, + const unsigned char* ivec, unsigned int ibytes, unsigned char* h, + unsigned char* counter, unsigned char* initCtr); +extern void AES_GCM_aad_update_aesni(const unsigned char* addt, + unsigned int abytes, unsigned char* tag, unsigned char* h); +extern void AES_GCM_encrypt_block_aesni(const unsigned char* key, int nr, + unsigned char* out, const unsigned char* in, unsigned char* counter); +extern void AES_GCM_ghash_block_aesni(const unsigned char* data, + unsigned char* tag, unsigned char* h); + +extern void AES_GCM_encrypt_update_aesni(const unsigned char* key, int nr, + unsigned char* out, const unsigned char* in, unsigned int nbytes, + unsigned char* tag, unsigned char* h, unsigned char* counter); +extern void AES_GCM_encrypt_final_aesni(unsigned char* tag, + unsigned char* authTag, unsigned int tbytes, unsigned int nbytes, + unsigned int abytes, unsigned char* h, unsigned char* initCtr); + +/* Initialize the AES GCM cipher with an IV. AES-NI implementations. + * + * @param [in, out] aes AES object. + * @param [in] iv IV/nonce buffer. + * @param [in] ivSz Length of IV/nonce data. + */ +static void AesGcmInit_aesni(Aes* aes, const byte* iv, word32 ivSz) +{ + /* Reset state fields. */ + aes->aSz = 0; + aes->cSz = 0; + /* Set tag to all zeros as initial value. */ + XMEMSET(aes->tag, 0, sizeof(aes->tag)); + /* Reset counts of AAD and cipher text. */ + aes->aOver = 0; + aes->cOver = 0; + +#ifdef HAVE_INTEL_AVX2 + if (IS_INTEL_AVX2(intel_flags)) { + SAVE_VECTOR_REGISTERS(); + AES_GCM_init_avx2((byte*)aes->key, aes->rounds, iv, ivSz, aes->H, + aes->counter, aes->initCtr); + RESTORE_VECTOR_REGISTERS(); + } + else +#endif +#ifdef HAVE_INTEL_AVX1 + if (IS_INTEL_AVX1(intel_flags)) { + SAVE_VECTOR_REGISTERS(); + AES_GCM_init_avx1((byte*)aes->key, aes->rounds, iv, ivSz, aes->H, + aes->counter, aes->initCtr); + RESTORE_VECTOR_REGISTERS(); + } + else +#endif + { + SAVE_VECTOR_REGISTERS(); + AES_GCM_init_aesni((byte*)aes->key, aes->rounds, iv, ivSz, aes->H, + aes->counter, aes->initCtr); + RESTORE_VECTOR_REGISTERS(); + } +} + +/* Update the AES GCM for encryption with authentication data. + * + * Implementation uses AVX2, AVX1 or straight AES-NI optimized assembly code. + * + * @param [in, out] aes AES object. + * @param [in] a Buffer holding authentication data. + * @param [in] aSz Length of authentication data in bytes. + * @param [in] endA Whether no more authentication data is expected. + */ +static void AesGcmAadUpdate_aesni(Aes* aes, const byte* a, word32 aSz, int endA) +{ + word32 blocks; + int partial; + + if (aSz != 0 && a != NULL) { + /* Total count of AAD updated. */ + aes->aSz += aSz; + /* Check if we have unprocessed data. */ + if (aes->aOver > 0) { + /* Calculate amount we can use - fill up the block. */ + byte sz = AES_BLOCK_SIZE - aes->aOver; + if (sz > aSz) { + sz = aSz; + } + /* Copy extra into last GHASH block array and update count. */ + XMEMCPY(aes->lastGBlock + aes->aOver, a, sz); + aes->aOver += sz; + if (aes->aOver == AES_BLOCK_SIZE) { + /* We have filled up the block and can process. */ + #ifdef HAVE_INTEL_AVX2 + if (IS_INTEL_AVX2(intel_flags)) { + AES_GCM_ghash_block_avx2(aes->lastGBlock, aes->tag, aes->H); + } + else + #endif + #ifdef HAVE_INTEL_AVX1 + if (IS_INTEL_AVX1(intel_flags)) { + AES_GCM_ghash_block_avx1(aes->lastGBlock, aes->tag, aes->H); + } + else + #endif + { + AES_GCM_ghash_block_aesni(aes->lastGBlock, aes->tag, + aes->H); + } + /* Reset count. */ + aes->aOver = 0; + } + /* Used up some data. */ + aSz -= sz; + a += sz; + } + + /* Calculate number of blocks of AAD and the leftover. */ + blocks = aSz / AES_BLOCK_SIZE; + partial = aSz % AES_BLOCK_SIZE; + if (blocks > 0) { + /* GHASH full blocks now. */ + #ifdef HAVE_INTEL_AVX2 + if (IS_INTEL_AVX2(intel_flags)) { + AES_GCM_aad_update_avx2(a, blocks * AES_BLOCK_SIZE, aes->tag, + aes->H); + } + else + #endif + #ifdef HAVE_INTEL_AVX1 + if (IS_INTEL_AVX1(intel_flags)) { + AES_GCM_aad_update_avx1(a, blocks * AES_BLOCK_SIZE, aes->tag, + aes->H); + } + else + #endif + { + AES_GCM_aad_update_aesni(a, blocks * AES_BLOCK_SIZE, aes->tag, + aes->H); + } + /* Skip over to end of AAD blocks. */ + a += blocks * AES_BLOCK_SIZE; + } + if (partial != 0) { + /* Cache the partial block. */ + XMEMCPY(aes->lastGBlock, a, partial); + aes->aOver = (byte)partial; + } + } + if (endA && (aes->aOver > 0)) { + /* No more AAD coming and we have a partial block. */ + /* Fill the rest of the block with zeros. */ + XMEMSET(aes->lastGBlock + aes->aOver, 0, AES_BLOCK_SIZE - aes->aOver); + /* GHASH last AAD block. */ + #ifdef HAVE_INTEL_AVX2 + if (IS_INTEL_AVX2(intel_flags)) { + AES_GCM_ghash_block_avx2(aes->lastGBlock, aes->tag, aes->H); + } + else + #endif + #ifdef HAVE_INTEL_AVX1 + if (IS_INTEL_AVX1(intel_flags)) { + AES_GCM_ghash_block_avx1(aes->lastGBlock, aes->tag, aes->H); + } + else + #endif + { + AES_GCM_ghash_block_aesni(aes->lastGBlock, aes->tag, aes->H); + } + /* Clear partial count for next time through. */ + aes->aOver = 0; + } +} + +/* Update the AES GCM for encryption with data and/or authentication data. + * + * Implementation uses AVX2, AVX1 or straight AES-NI optimized assembly code. + * + * @param [in, out] aes AES object. + * @param [out] c Buffer to hold cipher text. + * @param [in] p Buffer holding plaintext. + * @param [in] cSz Length of cipher text/plaintext in bytes. + * @param [in] a Buffer holding authentication data. + * @param [in] aSz Length of authentication data in bytes. + */ +static void AesGcmEncryptUpdate_aesni(Aes* aes, byte* c, const byte* p, + word32 cSz, const byte* a, word32 aSz) +{ + word32 blocks; + int partial; + + SAVE_VECTOR_REGISTERS(); + /* Hash in A, the Authentication Data */ + AesGcmAadUpdate_aesni(aes, a, aSz, (cSz > 0) && (c != NULL)); + + /* Encrypt plaintext and Hash in C, the Cipher text */ + if (cSz != 0 && c != NULL) { + /* Update count of cipher text we have hashed. */ + aes->cSz += cSz; + if (aes->cOver > 0) { + /* Calculate amount we can use - fill up the block. */ + byte sz = AES_BLOCK_SIZE - aes->cOver; + if (sz > cSz) { + sz = cSz; + } + /* Encrypt some of the plaintext. */ + xorbuf(aes->lastGBlock + aes->cOver, p, sz); + XMEMCPY(c, aes->lastGBlock + aes->cOver, sz); + /* Update count of unsed encrypted counter. */ + aes->cOver += sz; + if (aes->cOver == AES_BLOCK_SIZE) { + /* We have filled up the block and can process. */ + #ifdef HAVE_INTEL_AVX2 + if (IS_INTEL_AVX2(intel_flags)) { + AES_GCM_ghash_block_avx2(aes->lastGBlock, aes->tag, aes->H); + } + else + #endif + #ifdef HAVE_INTEL_AVX1 + if (IS_INTEL_AVX1(intel_flags)) { + AES_GCM_ghash_block_avx1(aes->lastGBlock, aes->tag, aes->H); + } + else + #endif + { + AES_GCM_ghash_block_aesni(aes->lastGBlock, aes->tag, + aes->H); + } + /* Reset count. */ + aes->cOver = 0; + } + /* Used up some data. */ + cSz -= sz; + p += sz; + c += sz; + } + + /* Calculate number of blocks of plaintext and the leftover. */ + blocks = cSz / AES_BLOCK_SIZE; + partial = cSz % AES_BLOCK_SIZE; + if (blocks > 0) { + /* Encrypt and GHASH full blocks now. */ + #ifdef HAVE_INTEL_AVX2 + if (IS_INTEL_AVX2(intel_flags)) { + AES_GCM_encrypt_update_avx2((byte*)aes->key, aes->rounds, c, p, + blocks * AES_BLOCK_SIZE, aes->tag, aes->H, aes->counter); + } + else + #endif + #ifdef HAVE_INTEL_AVX1 + if (IS_INTEL_AVX1(intel_flags)) { + AES_GCM_encrypt_update_avx1((byte*)aes->key, aes->rounds, c, p, + blocks * AES_BLOCK_SIZE, aes->tag, aes->H, aes->counter); + } + else + #endif + { + AES_GCM_encrypt_update_aesni((byte*)aes->key, aes->rounds, c, p, + blocks * AES_BLOCK_SIZE, aes->tag, aes->H, aes->counter); + } + /* Skip over to end of blocks. */ + p += blocks * AES_BLOCK_SIZE; + c += blocks * AES_BLOCK_SIZE; + } + if (partial != 0) { + /* Encrypt the counter - XOR in zeros as proxy for plaintext. */ + XMEMSET(aes->lastGBlock, 0, AES_BLOCK_SIZE); + #ifdef HAVE_INTEL_AVX2 + if (IS_INTEL_AVX2(intel_flags)) { + AES_GCM_encrypt_block_avx2((byte*)aes->key, aes->rounds, + aes->lastGBlock, aes->lastGBlock, aes->counter); + } + else + #endif + #ifdef HAVE_INTEL_AVX1 + if (IS_INTEL_AVX1(intel_flags)) { + AES_GCM_encrypt_block_avx1((byte*)aes->key, aes->rounds, + aes->lastGBlock, aes->lastGBlock, aes->counter); + } + else + #endif + { + AES_GCM_encrypt_block_aesni((byte*)aes->key, aes->rounds, + aes->lastGBlock, aes->lastGBlock, aes->counter); + } + /* XOR the remaining plaintext to calculate cipher text. + * Keep cipher text for GHASH of last partial block. + */ + xorbuf(aes->lastGBlock, p, partial); + XMEMCPY(c, aes->lastGBlock, partial); + /* Update count of the block used. */ + aes->cOver = (byte)partial; + } + } + RESTORE_VECTOR_REGISTERS(); +} + +/* Finalize the AES GCM for encryption and calculate the authentication tag. + * + * Calls AVX2, AVX1 or straight AES-NI optimized assembly code. + * + * @param [in, out] aes AES object. + * @param [in] authTag Buffer to hold authentication tag. + * @param [in] authTagSz Length of authentication tag in bytes. + * @return 0 on success. + */ +static void AesGcmEncryptFinal_aesni(Aes* aes, byte* authTag, word32 authTagSz) +{ + /* AAD block incomplete when > 0 */ + byte over = aes->aOver; + + SAVE_VECTOR_REGISTERS(); + if (aes->cOver > 0) { + /* Cipher text block incomplete. */ + over = aes->cOver; + } + if (over > 0) { + /* Fill the rest of the block with zeros. */ + XMEMSET(aes->lastGBlock + over, 0, AES_BLOCK_SIZE - over); + /* GHASH last cipher block. */ + #ifdef HAVE_INTEL_AVX2 + if (IS_INTEL_AVX2(intel_flags)) { + AES_GCM_ghash_block_avx2(aes->lastGBlock, aes->tag, aes->H); + } + else + #endif + #ifdef HAVE_INTEL_AVX1 + if (IS_INTEL_AVX1(intel_flags)) { + AES_GCM_ghash_block_avx1(aes->lastGBlock, aes->tag, aes->H); + } + else + #endif + { + AES_GCM_ghash_block_aesni(aes->lastGBlock, aes->tag, aes->H); + } + } + /* Calculate the authentication tag. */ +#ifdef HAVE_INTEL_AVX2 + if (IS_INTEL_AVX2(intel_flags)) { + AES_GCM_encrypt_final_avx2(aes->tag, authTag, authTagSz, aes->cSz, + aes->aSz, aes->H, aes->initCtr); + } + else +#endif +#ifdef HAVE_INTEL_AVX1 + if (IS_INTEL_AVX1(intel_flags)) { + AES_GCM_encrypt_final_avx1(aes->tag, authTag, authTagSz, aes->cSz, + aes->aSz, aes->H, aes->initCtr); + } + else +#endif + { + AES_GCM_encrypt_final_aesni(aes->tag, authTag, authTagSz, aes->cSz, + aes->aSz, aes->H, aes->initCtr); + } + RESTORE_VECTOR_REGISTERS(); +} + +#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AESGCM_DECRYPT) +/* Assembly code implementations in: aes_gcm_asm.S */ +#ifdef HAVE_INTEL_AVX2 +extern void AES_GCM_decrypt_update_avx2(const unsigned char* key, int nr, + unsigned char* out, const unsigned char* in, unsigned int nbytes, + unsigned char* tag, unsigned char* h, unsigned char* counter); +extern void AES_GCM_decrypt_final_avx2(unsigned char* tag, + const unsigned char* authTag, unsigned int tbytes, unsigned int nbytes, + unsigned int abytes, unsigned char* h, unsigned char* initCtr, int* res); +#endif +#ifdef HAVE_INTEL_AVX1 +extern void AES_GCM_decrypt_update_avx1(const unsigned char* key, int nr, + unsigned char* out, const unsigned char* in, unsigned int nbytes, + unsigned char* tag, unsigned char* h, unsigned char* counter); +extern void AES_GCM_decrypt_final_avx1(unsigned char* tag, + const unsigned char* authTag, unsigned int tbytes, unsigned int nbytes, + unsigned int abytes, unsigned char* h, unsigned char* initCtr, int* res); +#endif +extern void AES_GCM_decrypt_update_aesni(const unsigned char* key, int nr, + unsigned char* out, const unsigned char* in, unsigned int nbytes, + unsigned char* tag, unsigned char* h, unsigned char* counter); +extern void AES_GCM_decrypt_final_aesni(unsigned char* tag, + const unsigned char* authTag, unsigned int tbytes, unsigned int nbytes, + unsigned int abytes, unsigned char* h, unsigned char* initCtr, int* res); + +/* Update the AES GCM for decryption with data and/or authentication data. + * + * @param [in, out] aes AES object. + * @param [out] p Buffer to hold plaintext. + * @param [in] c Buffer holding ciper text. + * @param [in] cSz Length of cipher text/plaintext in bytes. + * @param [in] a Buffer holding authentication data. + * @param [in] aSz Length of authentication data in bytes. + */ +static void AesGcmDecryptUpdate_aesni(Aes* aes, byte* p, const byte* c, + word32 cSz, const byte* a, word32 aSz) +{ + word32 blocks; + int partial; + + SAVE_VECTOR_REGISTERS(); + /* Hash in A, the Authentication Data */ + AesGcmAadUpdate_aesni(aes, a, aSz, (cSz > 0) && (c != NULL)); + + /* Hash in C, the Cipher text, and decrypt. */ + if (cSz != 0 && p != NULL) { + /* Update count of cipher text we have hashed. */ + aes->cSz += cSz; + if (aes->cOver > 0) { + /* Calculate amount we can use - fill up the block. */ + byte sz = AES_BLOCK_SIZE - aes->cOver; + if (sz > cSz) { + sz = cSz; + } + /* Keep a copy of the cipher text for GHASH. */ + XMEMCPY(aes->lastBlock + aes->cOver, c, sz); + /* Decrypt some of the cipher text. */ + xorbuf(aes->lastGBlock + aes->cOver, c, sz); + XMEMCPY(p, aes->lastGBlock + aes->cOver, sz); + /* Update count of unsed encrypted counter. */ + aes->cOver += sz; + if (aes->cOver == AES_BLOCK_SIZE) { + /* We have filled up the block and can process. */ + #ifdef HAVE_INTEL_AVX2 + if (IS_INTEL_AVX2(intel_flags)) { + AES_GCM_ghash_block_avx2(aes->lastBlock, aes->tag, aes->H); + } + else + #endif + #ifdef HAVE_INTEL_AVX1 + if (IS_INTEL_AVX1(intel_flags)) { + AES_GCM_ghash_block_avx1(aes->lastBlock, aes->tag, aes->H); + } + else + #endif + { + AES_GCM_ghash_block_aesni(aes->lastBlock, aes->tag, aes->H); + } + /* Reset count. */ + aes->cOver = 0; + } + /* Used up some data. */ + cSz -= sz; + c += sz; + p += sz; + } + + /* Calculate number of blocks of plaintext and the leftover. */ + blocks = cSz / AES_BLOCK_SIZE; + partial = cSz % AES_BLOCK_SIZE; + if (blocks > 0) { + /* Decrypt and GHASH full blocks now. */ + #ifdef HAVE_INTEL_AVX2 + if (IS_INTEL_AVX2(intel_flags)) { + AES_GCM_decrypt_update_avx2((byte*)aes->key, aes->rounds, p, c, + blocks * AES_BLOCK_SIZE, aes->tag, aes->H, aes->counter); + } + else + #endif + #ifdef HAVE_INTEL_AVX1 + if (IS_INTEL_AVX1(intel_flags)) { + AES_GCM_decrypt_update_avx1((byte*)aes->key, aes->rounds, p, c, + blocks * AES_BLOCK_SIZE, aes->tag, aes->H, aes->counter); + } + else + #endif + { + AES_GCM_decrypt_update_aesni((byte*)aes->key, aes->rounds, p, c, + blocks * AES_BLOCK_SIZE, aes->tag, aes->H, aes->counter); + } + /* Skip over to end of blocks. */ + c += blocks * AES_BLOCK_SIZE; + p += blocks * AES_BLOCK_SIZE; + } + if (partial != 0) { + /* Encrypt the counter - XOR in zeros as proxy for cipher text. */ + XMEMSET(aes->lastGBlock, 0, AES_BLOCK_SIZE); + #ifdef HAVE_INTEL_AVX2 + if (IS_INTEL_AVX2(intel_flags)) { + AES_GCM_encrypt_block_avx2((byte*)aes->key, aes->rounds, + aes->lastGBlock, aes->lastGBlock, aes->counter); + } + else + #endif + #ifdef HAVE_INTEL_AVX1 + if (IS_INTEL_AVX1(intel_flags)) { + AES_GCM_encrypt_block_avx1((byte*)aes->key, aes->rounds, + aes->lastGBlock, aes->lastGBlock, aes->counter); + } + else + #endif + { + AES_GCM_encrypt_block_aesni((byte*)aes->key, aes->rounds, + aes->lastGBlock, aes->lastGBlock, aes->counter); + } + /* Keep cipher text for GHASH of last partial block. */ + XMEMCPY(aes->lastBlock, c, partial); + /* XOR the remaining cipher text to calculate plaintext. */ + xorbuf(aes->lastGBlock, c, partial); + XMEMCPY(p, aes->lastGBlock, partial); + /* Update count of the block used. */ + aes->cOver = (byte)partial; + } + } + RESTORE_VECTOR_REGISTERS(); +} + +/* Finalize the AES GCM for decryption and check the authentication tag. + * + * Calls AVX2, AVX1 or straight AES-NI optimized assembly code. + * + * @param [in, out] aes AES object. + * @param [in] authTag Buffer holding authentication tag. + * @param [in] authTagSz Length of authentication tag in bytes. + * @return 0 on success. + * @return AES_GCM_AUTH_E when authentication tag doesn't match calculated + * value. + */ +static int AesGcmDecryptFinal_aesni(Aes* aes, const byte* authTag, + word32 authTagSz) +{ + int ret = 0; + int res; + /* AAD block incomplete when > 0 */ + byte over = aes->aOver; + byte *lastBlock = aes->lastGBlock; + + SAVE_VECTOR_REGISTERS(); + if (aes->cOver > 0) { + /* Cipher text block incomplete. */ + over = aes->cOver; + lastBlock = aes->lastBlock; + } + if (over > 0) { + /* Zeroize the unused part of the block. */ + XMEMSET(lastBlock + over, 0, AES_BLOCK_SIZE - over); + /* Hash the last block of cipher text. */ + #ifdef HAVE_INTEL_AVX2 + if (IS_INTEL_AVX2(intel_flags)) { + AES_GCM_ghash_block_avx2(lastBlock, aes->tag, aes->H); + } + else + #endif + #ifdef HAVE_INTEL_AVX1 + if (IS_INTEL_AVX1(intel_flags)) { + AES_GCM_ghash_block_avx1(lastBlock, aes->tag, aes->H); + } + else + #endif + { + AES_GCM_ghash_block_aesni(lastBlock, aes->tag, aes->H); + } + } + /* Calculate and compare the authentication tag. */ +#ifdef HAVE_INTEL_AVX2 + if (IS_INTEL_AVX2(intel_flags)) { + AES_GCM_decrypt_final_avx2(aes->tag, authTag, authTagSz, aes->cSz, + aes->aSz, aes->H, aes->initCtr, &res); + } + else +#endif +#ifdef HAVE_INTEL_AVX1 + if (IS_INTEL_AVX1(intel_flags)) { + AES_GCM_decrypt_final_avx1(aes->tag, authTag, authTagSz, aes->cSz, + aes->aSz, aes->H, aes->initCtr, &res); + } + else +#endif + { + AES_GCM_decrypt_final_aesni(aes->tag, authTag, authTagSz, aes->cSz, + aes->aSz, aes->H, aes->initCtr, &res); + } + RESTORE_VECTOR_REGISTERS(); + /* Return error code when calculated doesn't match input. */ + if (res == 0) { + ret = AES_GCM_AUTH_E; + } + return ret; +} +#endif /* HAVE_AES_DECRYPT || HAVE_AESGCM_DECRYPT */ +#endif /* WOLFSSL_AESNI */ + +/* Initialize an AES GCM cipher for encryption or decryption. + * + * Must call wc_AesInit() before calling this function. + * + * @param [in, out] aes AES object. + * @param [in] key Buffer holding key. + * @param [in] len Length of key in bytes. + * @param [in] iv Buffer holding IV/nonce. + * @param [in] ivSz Length of IV/nonce in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes is NULL, or a length is non-zero but buffer + * is NULL, or the IV is NULL and no previous IV has been set. + */ +int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv, + word32 ivSz) +{ + int ret = 0; + + /* Check validity of parameters. */ + if ((aes == NULL) || ((len > 0) && (key == NULL)) || + ((ivSz == 0) && (iv != NULL)) || (ivSz > AES_BLOCK_SIZE) || + ((ivSz > 0) && (iv == NULL))) { + ret = BAD_FUNC_ARG; + } + + /* Set the key if passed in. */ + if ((ret == 0) && (key != NULL)) { + ret = wc_AesGcmSetKey(aes, key, len); + } + + if (ret == 0) { + /* Setup with IV if needed. */ + if (iv != NULL) { + /* Cache the IV in AES GCM object. */ + XMEMCPY((byte*)aes->reg, iv, ivSz); + aes->nonceSz = ivSz; + } + else if (aes->nonceSz != 0) { + /* Copy out the cached copy. */ + iv = (byte*)aes->reg; + ivSz = aes->nonceSz; + } + + if (iv != NULL) { + /* Initialize with the IV. */ + #ifdef WOLFSSL_AESNI + if (haveAESNI + #ifdef HAVE_INTEL_AVX2 + || IS_INTEL_AVX2(intel_flags) + #endif + #ifdef HAVE_INTEL_AVX1 + || IS_INTEL_AVX1(intel_flags) + #endif + ) { + AesGcmInit_aesni(aes, iv, ivSz); + } + else + #endif + { + AesGcmInit_C(aes, iv, ivSz); + } + + aes->nonceSet = 1; + } + } + + return ret; +} + +/* Initialize an AES GCM cipher for encryption or decryption. Get IV. + * + * Must call wc_AesInit() before calling this function. + * + * @param [in, out] aes AES object. + * @param [in] key Buffer holding key. + * @param [in] len Length of key in bytes. + * @param [in] iv Buffer holding IV/nonce. + * @param [in] ivSz Length of IV/nonce in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes is NULL, or a length is non-zero but buffer + * is NULL, or the IV is NULL and no previous IV has been set. + */ +int wc_AesGcmEncryptInit_ex(Aes* aes, const byte* key, word32 len, byte* ivOut, + word32 ivOutSz) +{ + XMEMCPY(ivOut, aes->reg, ivOutSz); + return wc_AesGcmInit(aes, key, len, NULL, 0); +} + +/* Update the AES GCM for encryption with data and/or authentication data. + * + * All the AAD must be passed to update before the plaintext. + * Last part of AAD can be passed with first part of plaintext. + * + * Must set key and IV before calling this function. + * Must call wc_AesGcmInit() before calling this function. + * + * @param [in, out] aes AES object. + * @param [out] out Buffer to hold cipher text. + * @param [in] in Buffer holding plaintext. + * @param [in] sz Length of plaintext in bytes. + * @param [in] authIn Buffer holding authentication data. + * @param [in] authInSz Length of authentication data in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes is NULL, or a length is non-zero but buffer + * is NULL. + */ +int wc_AesGcmEncryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz, + const byte* authIn, word32 authInSz) +{ + int ret = 0; + + /* Check validity of parameters. */ + if ((aes == NULL) || ((authInSz > 0) && (authIn == NULL)) || ((sz > 0) && + ((out == NULL) || (in == NULL)))) { + ret = BAD_FUNC_ARG; + } + + /* Check key has been set. */ + if ((ret == 0) && (!aes->gcmKeySet)) { + ret = MISSING_KEY; + } + /* Check IV has been set. */ + if ((ret == 0) && (!aes->nonceSet)) { + ret = MISSING_IV; + } + + if ((ret == 0) && aes->ctrSet && (aes->aSz == 0) && (aes->cSz == 0)) { + aes->invokeCtr[0]++; + if (aes->invokeCtr[0] == 0) { + aes->invokeCtr[1]++; + if (aes->invokeCtr[1] == 0) + ret = AES_GCM_OVERFLOW_E; + } + } + + if (ret == 0) { + /* Encrypt with AAD and/or plaintext. */ + #if defined(WOLFSSL_AESNI) + if (haveAESNI + #ifdef HAVE_INTEL_AVX2 + || IS_INTEL_AVX2(intel_flags) + #endif + #ifdef HAVE_INTEL_AVX1 + || IS_INTEL_AVX1(intel_flags) + #endif + ) { + AesGcmEncryptUpdate_aesni(aes, out, in, sz, authIn, authInSz); + } + else + #endif + { + /* Encrypt the plaintext. */ + AesGcmCryptUpdate_C(aes, out, in, sz); + /* Update the authenication tag with any authentication data and the + * new cipher text. */ + GHASH_UPDATE(aes, authIn, authInSz, out, sz); + } + } + + return ret; +} + +/* Finalize the AES GCM for encryption and return the authentication tag. + * + * Must set key and IV before calling this function. + * Must call wc_AesGcmInit() before calling this function. + * + * @param [in, out] aes AES object. + * @param [out] authTag Buffer to hold authentication tag. + * @param [in] authTagSz Length of authentication tag in bytes. + * @return 0 on success. + */ +int wc_AesGcmEncryptFinal(Aes* aes, byte* authTag, word32 authTagSz) +{ + int ret = 0; + + /* Check validity of parameters. */ + if ((aes == NULL) || (authTag == NULL) || (authTagSz > AES_BLOCK_SIZE) || + (authTagSz == 0)) { + ret = BAD_FUNC_ARG; + } + + /* Check key has been set. */ + if ((ret == 0) && (!aes->gcmKeySet)) { + ret = MISSING_KEY; + } + /* Check IV has been set. */ + if ((ret == 0) && (!aes->nonceSet)) { + ret = MISSING_IV; + } + + if (ret == 0) { + /* Calculate authentication tag. */ + #ifdef WOLFSSL_AESNI + if (haveAESNI + #ifdef HAVE_INTEL_AVX2 + || IS_INTEL_AVX2(intel_flags) + #endif + #ifdef HAVE_INTEL_AVX1 + || IS_INTEL_AVX1(intel_flags) + #endif + ) { + AesGcmEncryptFinal_aesni(aes, authTag, authTagSz); + } + else + #endif + { + AesGcmFinal_C(aes, authTag, authTagSz); + } + } + + if ((ret == 0) && aes->ctrSet) { + IncCtr((byte*)aes->reg, aes->nonceSz); + } + + return ret; +} + +#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AESGCM_DECRYPT) +/* Update the AES GCM for decryption with data and/or authentication data. + * + * All the AAD must be passed to update before the cipher text. + * Last part of AAD can be passed with first part of cipher text. + * + * Must set key and IV before calling this function. + * Must call wc_AesGcmInit() before calling this function. + * + * @param [in, out] aes AES object. + * @param [out] out Buffer to hold plaintext. + * @param [in] in Buffer holding cipher text. + * @param [in] sz Length of cipher text in bytes. + * @param [in] authIn Buffer holding authentication data. + * @param [in] authInSz Length of authentication data in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes is NULL, or a length is non-zero but buffer + * is NULL. + */ +int wc_AesGcmDecryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz, + const byte* authIn, word32 authInSz) +{ + int ret = 0; + + /* Check validity of parameters. */ + if ((aes == NULL) || ((authInSz > 0) && (authIn == NULL)) || ((sz > 0) && + ((out == NULL) || (in == NULL)))) { + ret = BAD_FUNC_ARG; + } + + /* Check key has been set. */ + if ((ret == 0) && (!aes->gcmKeySet)) { + ret = MISSING_KEY; + } + /* Check IV has been set. */ + if ((ret == 0) && (!aes->nonceSet)) { + ret = MISSING_IV; + } + + if (ret == 0) { + /* Decrypt with AAD and/or cipher text. */ + #if defined(WOLFSSL_AESNI) + if (haveAESNI + #ifdef HAVE_INTEL_AVX2 + || IS_INTEL_AVX2(intel_flags) + #endif + #ifdef HAVE_INTEL_AVX1 + || IS_INTEL_AVX1(intel_flags) + #endif + ) { + AesGcmDecryptUpdate_aesni(aes, out, in, sz, authIn, authInSz); + } + else + #endif + { + /* Update the authenication tag with any authentication data and + * cipher text. */ + GHASH_UPDATE(aes, authIn, authInSz, in, sz); + /* Decrypt the cipher text. */ + AesGcmCryptUpdate_C(aes, out, in, sz); + } + } + + return ret; +} + +/* Finalize the AES GCM for decryption and check the authentication tag. + * + * Must set key and IV before calling this function. + * Must call wc_AesGcmInit() before calling this function. + * + * @param [in, out] aes AES object. + * @param [in] authTag Buffer holding authentication tag. + * @param [in] authTagSz Length of authentication tag in bytes. + * @return 0 on success. + */ +int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz) +{ + int ret = 0; + + /* Check validity of parameters. */ + if ((aes == NULL) || (authTag == NULL) || (authTagSz > AES_BLOCK_SIZE) || + (authTagSz == 0)) { + ret = BAD_FUNC_ARG; + } + + /* Check key has been set. */ + if ((ret == 0) && (!aes->gcmKeySet)) { + ret = MISSING_KEY; + } + /* Check IV has been set. */ + if ((ret == 0) && (!aes->nonceSet)) { + ret = MISSING_IV; + } + + if (ret == 0) { + /* Calculate authentication tag and compare with one passed in.. */ + #ifdef WOLFSSL_AESNI + if (haveAESNI + #ifdef HAVE_INTEL_AVX2 + || IS_INTEL_AVX2(intel_flags) + #endif + #ifdef HAVE_INTEL_AVX1 + || IS_INTEL_AVX1(intel_flags) + #endif + ) { + ret = AesGcmDecryptFinal_aesni(aes, authTag, authTagSz); + } + else + #endif + { + ALIGN32 byte calcTag[AES_BLOCK_SIZE]; + /* Calculate authentication tag. */ + AesGcmFinal_C(aes, calcTag, authTagSz); + /* Check calculated tag matches the one passed in. */ + if (ConstantCompare(authTag, calcTag, authTagSz) != 0) { + ret = AES_GCM_AUTH_E; + } + } + } + + return ret; +} +#endif /* HAVE_AES_DECRYPT || HAVE_AESGCM_DECRYPT */ +#endif /* WOLFSSL_AESGCM_STREAM */ #endif /* WOLFSSL_XILINX_CRYPT */ #endif /* end of block for AESGCM implementation selection */ @@ -7411,6 +8854,9 @@ int wc_AesGcmSetExtIV(Aes* aes, const byte* iv, word32 ivSz) * counter to 32-bits. (SP 800-38D 8.3) */ aes->invokeCtr[0] = 0; aes->invokeCtr[1] = (ivSz == GCM_NONCE_MID_SZ) ? 0 : 0xFFFFFFFF; + #ifdef WOLFSSL_AESGCM_STREAM + aes->ctrSet = 1; + #endif aes->nonceSz = ivSz; } @@ -7448,6 +8894,9 @@ int wc_AesGcmSetIV(Aes* aes, word32 ivSz, * counter to 32-bits. (SP 800-38D 8.3) */ aes->invokeCtr[0] = 0; aes->invokeCtr[1] = (ivSz == GCM_NONCE_MID_SZ) ? 0 : 0xFFFFFFFF; + #ifdef WOLFSSL_AESGCM_STREAM + aes->ctrSet = 1; + #endif aes->nonceSz = ivSz; } @@ -7734,7 +9183,7 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, if (status != 0) { return status; } - + status = wolfSSL_CryptHwMutexLock(); if (status != 0) return status; @@ -8210,6 +9659,15 @@ int wc_AesInit(Aes* aes, void* heap, int devId) aes->aadLen = 0; #endif #endif + +#ifdef WOLFSSL_AESGCM_STREAM + aes->keylen = 0; + aes->nonceSz = 0; + aes->gcmKeySet = 0; + aes->nonceSet = 0; + aes->ctrSet = 0; +#endif + return ret; } diff --git a/wolfcrypt/src/aes_gcm_asm.S b/wolfcrypt/src/aes_gcm_asm.S index 53546af66..1a1641056 100644 --- a/wolfcrypt/src/aes_gcm_asm.S +++ b/wolfcrypt/src/aes_gcm_asm.S @@ -3418,6 +3418,2778 @@ L_AES_GCM_decrypt_cmp_tag_done: #ifndef __APPLE__ .size AES_GCM_decrypt,.-AES_GCM_decrypt #endif /* __APPLE__ */ +#ifdef WOLFSSL_AESGCM_STREAM +#ifndef __APPLE__ +.text +.globl AES_GCM_init_aesni +.type AES_GCM_init_aesni,@function +.align 16 +AES_GCM_init_aesni: +#else +.section __TEXT,__text +.globl _AES_GCM_init_aesni +.p2align 4 +_AES_GCM_init_aesni: +#endif /* __APPLE__ */ + pushq %r12 + pushq %r13 + pushq %r14 + movq %rdx, %r10 + movl %ecx, %r11d + movq 32(%rsp), %rax + subq $16, %rsp + pxor %xmm4, %xmm4 + movl %r11d, %edx + cmpl $12, %edx + jne L_AES_GCM_init_aesni_iv_not_12 + # # Calculate values when IV is 12 bytes + # Set counter based on IV + movl $0x1000000, %ecx + pinsrq $0x00, (%r10), %xmm4 + pinsrd $2, 8(%r10), %xmm4 + pinsrd $3, %ecx, %xmm4 + # H = Encrypt X(=0) and T = Encrypt counter + movdqa %xmm4, %xmm1 + movdqa (%rdi), %xmm5 + pxor %xmm5, %xmm1 + movdqa 16(%rdi), %xmm7 + aesenc %xmm7, %xmm5 + aesenc %xmm7, %xmm1 + movdqa 32(%rdi), %xmm7 + aesenc %xmm7, %xmm5 + aesenc %xmm7, %xmm1 + movdqa 48(%rdi), %xmm7 + aesenc %xmm7, %xmm5 + aesenc %xmm7, %xmm1 + movdqa 64(%rdi), %xmm7 + aesenc %xmm7, %xmm5 + aesenc %xmm7, %xmm1 + movdqa 80(%rdi), %xmm7 + aesenc %xmm7, %xmm5 + aesenc %xmm7, %xmm1 + movdqa 96(%rdi), %xmm7 + aesenc %xmm7, %xmm5 + aesenc %xmm7, %xmm1 + movdqa 112(%rdi), %xmm7 + aesenc %xmm7, %xmm5 + aesenc %xmm7, %xmm1 + movdqa 128(%rdi), %xmm7 + aesenc %xmm7, %xmm5 + aesenc %xmm7, %xmm1 + movdqa 144(%rdi), %xmm7 + aesenc %xmm7, %xmm5 + aesenc %xmm7, %xmm1 + cmpl $11, %esi + movdqa 160(%rdi), %xmm7 + jl L_AES_GCM_init_aesni_calc_iv_12_last + aesenc %xmm7, %xmm5 + aesenc %xmm7, %xmm1 + movdqa 176(%rdi), %xmm7 + aesenc %xmm7, %xmm5 + aesenc %xmm7, %xmm1 + cmpl $13, %esi + movdqa 192(%rdi), %xmm7 + jl L_AES_GCM_init_aesni_calc_iv_12_last + aesenc %xmm7, %xmm5 + aesenc %xmm7, %xmm1 + movdqa 208(%rdi), %xmm7 + aesenc %xmm7, %xmm5 + aesenc %xmm7, %xmm1 + movdqa 224(%rdi), %xmm7 +L_AES_GCM_init_aesni_calc_iv_12_last: + aesenclast %xmm7, %xmm5 + aesenclast %xmm7, %xmm1 + pshufb L_aes_gcm_bswap_mask(%rip), %xmm5 + movdqa %xmm1, %xmm15 + jmp L_AES_GCM_init_aesni_iv_done +L_AES_GCM_init_aesni_iv_not_12: + # Calculate values when IV is not 12 bytes + # H = Encrypt X(=0) + movdqa (%rdi), %xmm5 + aesenc 16(%rdi), %xmm5 + aesenc 32(%rdi), %xmm5 + aesenc 48(%rdi), %xmm5 + aesenc 64(%rdi), %xmm5 + aesenc 80(%rdi), %xmm5 + aesenc 96(%rdi), %xmm5 + aesenc 112(%rdi), %xmm5 + aesenc 128(%rdi), %xmm5 + aesenc 144(%rdi), %xmm5 + cmpl $11, %esi + movdqa 160(%rdi), %xmm9 + jl L_AES_GCM_init_aesni_calc_iv_1_aesenc_avx_last + aesenc %xmm9, %xmm5 + aesenc 176(%rdi), %xmm5 + cmpl $13, %esi + movdqa 192(%rdi), %xmm9 + jl L_AES_GCM_init_aesni_calc_iv_1_aesenc_avx_last + aesenc %xmm9, %xmm5 + aesenc 208(%rdi), %xmm5 + movdqa 224(%rdi), %xmm9 +L_AES_GCM_init_aesni_calc_iv_1_aesenc_avx_last: + aesenclast %xmm9, %xmm5 + pshufb L_aes_gcm_bswap_mask(%rip), %xmm5 + # Calc counter + # Initialization vector + cmpl $0x00, %edx + movq $0x00, %rcx + je L_AES_GCM_init_aesni_calc_iv_done + cmpl $16, %edx + jl L_AES_GCM_init_aesni_calc_iv_lt16 + andl $0xfffffff0, %edx +L_AES_GCM_init_aesni_calc_iv_16_loop: + movdqu (%r10,%rcx,1), %xmm8 + pshufb L_aes_gcm_bswap_mask(%rip), %xmm8 + pxor %xmm8, %xmm4 + pshufd $0x4e, %xmm4, %xmm1 + pshufd $0x4e, %xmm5, %xmm2 + movdqa %xmm5, %xmm3 + movdqa %xmm5, %xmm0 + pclmulqdq $0x11, %xmm4, %xmm3 + pclmulqdq $0x00, %xmm4, %xmm0 + pxor %xmm4, %xmm1 + pxor %xmm5, %xmm2 + pclmulqdq $0x00, %xmm2, %xmm1 + pxor %xmm0, %xmm1 + pxor %xmm3, %xmm1 + movdqa %xmm1, %xmm2 + movdqa %xmm0, %xmm7 + movdqa %xmm3, %xmm4 + pslldq $8, %xmm2 + psrldq $8, %xmm1 + pxor %xmm2, %xmm7 + pxor %xmm1, %xmm4 + movdqa %xmm7, %xmm0 + movdqa %xmm4, %xmm1 + psrld $31, %xmm0 + psrld $31, %xmm1 + pslld $0x01, %xmm7 + pslld $0x01, %xmm4 + movdqa %xmm0, %xmm2 + pslldq $4, %xmm0 + psrldq $12, %xmm2 + pslldq $4, %xmm1 + por %xmm2, %xmm4 + por %xmm0, %xmm7 + por %xmm1, %xmm4 + movdqa %xmm7, %xmm0 + movdqa %xmm7, %xmm1 + movdqa %xmm7, %xmm2 + pslld $31, %xmm0 + pslld $30, %xmm1 + pslld $25, %xmm2 + pxor %xmm1, %xmm0 + pxor %xmm2, %xmm0 + movdqa %xmm0, %xmm1 + psrldq $4, %xmm1 + pslldq $12, %xmm0 + pxor %xmm0, %xmm7 + movdqa %xmm7, %xmm2 + movdqa %xmm7, %xmm3 + movdqa %xmm7, %xmm0 + psrld $0x01, %xmm2 + psrld $2, %xmm3 + psrld $7, %xmm0 + pxor %xmm3, %xmm2 + pxor %xmm0, %xmm2 + pxor %xmm1, %xmm2 + pxor %xmm7, %xmm2 + pxor %xmm2, %xmm4 + addl $16, %ecx + cmpl %edx, %ecx + jl L_AES_GCM_init_aesni_calc_iv_16_loop + movl %r11d, %edx + cmpl %edx, %ecx + je L_AES_GCM_init_aesni_calc_iv_done +L_AES_GCM_init_aesni_calc_iv_lt16: + subq $16, %rsp + pxor %xmm8, %xmm8 + xorl %r13d, %r13d + movdqa %xmm8, (%rsp) +L_AES_GCM_init_aesni_calc_iv_loop: + movzbl (%r10,%rcx,1), %r12d + movb %r12b, (%rsp,%r13,1) + incl %ecx + incl %r13d + cmpl %edx, %ecx + jl L_AES_GCM_init_aesni_calc_iv_loop + movdqa (%rsp), %xmm8 + addq $16, %rsp + pshufb L_aes_gcm_bswap_mask(%rip), %xmm8 + pxor %xmm8, %xmm4 + pshufd $0x4e, %xmm4, %xmm1 + pshufd $0x4e, %xmm5, %xmm2 + movdqa %xmm5, %xmm3 + movdqa %xmm5, %xmm0 + pclmulqdq $0x11, %xmm4, %xmm3 + pclmulqdq $0x00, %xmm4, %xmm0 + pxor %xmm4, %xmm1 + pxor %xmm5, %xmm2 + pclmulqdq $0x00, %xmm2, %xmm1 + pxor %xmm0, %xmm1 + pxor %xmm3, %xmm1 + movdqa %xmm1, %xmm2 + movdqa %xmm0, %xmm7 + movdqa %xmm3, %xmm4 + pslldq $8, %xmm2 + psrldq $8, %xmm1 + pxor %xmm2, %xmm7 + pxor %xmm1, %xmm4 + movdqa %xmm7, %xmm0 + movdqa %xmm4, %xmm1 + psrld $31, %xmm0 + psrld $31, %xmm1 + pslld $0x01, %xmm7 + pslld $0x01, %xmm4 + movdqa %xmm0, %xmm2 + pslldq $4, %xmm0 + psrldq $12, %xmm2 + pslldq $4, %xmm1 + por %xmm2, %xmm4 + por %xmm0, %xmm7 + por %xmm1, %xmm4 + movdqa %xmm7, %xmm0 + movdqa %xmm7, %xmm1 + movdqa %xmm7, %xmm2 + pslld $31, %xmm0 + pslld $30, %xmm1 + pslld $25, %xmm2 + pxor %xmm1, %xmm0 + pxor %xmm2, %xmm0 + movdqa %xmm0, %xmm1 + psrldq $4, %xmm1 + pslldq $12, %xmm0 + pxor %xmm0, %xmm7 + movdqa %xmm7, %xmm2 + movdqa %xmm7, %xmm3 + movdqa %xmm7, %xmm0 + psrld $0x01, %xmm2 + psrld $2, %xmm3 + psrld $7, %xmm0 + pxor %xmm3, %xmm2 + pxor %xmm0, %xmm2 + pxor %xmm1, %xmm2 + pxor %xmm7, %xmm2 + pxor %xmm2, %xmm4 +L_AES_GCM_init_aesni_calc_iv_done: + # T = Encrypt counter + pxor %xmm0, %xmm0 + shll $3, %edx + pinsrq $0x00, %rdx, %xmm0 + pxor %xmm0, %xmm4 + pshufd $0x4e, %xmm4, %xmm1 + pshufd $0x4e, %xmm5, %xmm2 + movdqa %xmm5, %xmm3 + movdqa %xmm5, %xmm0 + pclmulqdq $0x11, %xmm4, %xmm3 + pclmulqdq $0x00, %xmm4, %xmm0 + pxor %xmm4, %xmm1 + pxor %xmm5, %xmm2 + pclmulqdq $0x00, %xmm2, %xmm1 + pxor %xmm0, %xmm1 + pxor %xmm3, %xmm1 + movdqa %xmm1, %xmm2 + movdqa %xmm0, %xmm7 + movdqa %xmm3, %xmm4 + pslldq $8, %xmm2 + psrldq $8, %xmm1 + pxor %xmm2, %xmm7 + pxor %xmm1, %xmm4 + movdqa %xmm7, %xmm0 + movdqa %xmm4, %xmm1 + psrld $31, %xmm0 + psrld $31, %xmm1 + pslld $0x01, %xmm7 + pslld $0x01, %xmm4 + movdqa %xmm0, %xmm2 + pslldq $4, %xmm0 + psrldq $12, %xmm2 + pslldq $4, %xmm1 + por %xmm2, %xmm4 + por %xmm0, %xmm7 + por %xmm1, %xmm4 + movdqa %xmm7, %xmm0 + movdqa %xmm7, %xmm1 + movdqa %xmm7, %xmm2 + pslld $31, %xmm0 + pslld $30, %xmm1 + pslld $25, %xmm2 + pxor %xmm1, %xmm0 + pxor %xmm2, %xmm0 + movdqa %xmm0, %xmm1 + psrldq $4, %xmm1 + pslldq $12, %xmm0 + pxor %xmm0, %xmm7 + movdqa %xmm7, %xmm2 + movdqa %xmm7, %xmm3 + movdqa %xmm7, %xmm0 + psrld $0x01, %xmm2 + psrld $2, %xmm3 + psrld $7, %xmm0 + pxor %xmm3, %xmm2 + pxor %xmm0, %xmm2 + pxor %xmm1, %xmm2 + pxor %xmm7, %xmm2 + pxor %xmm2, %xmm4 + pshufb L_aes_gcm_bswap_mask(%rip), %xmm4 + # Encrypt counter + movdqa (%rdi), %xmm8 + pxor %xmm4, %xmm8 + aesenc 16(%rdi), %xmm8 + aesenc 32(%rdi), %xmm8 + aesenc 48(%rdi), %xmm8 + aesenc 64(%rdi), %xmm8 + aesenc 80(%rdi), %xmm8 + aesenc 96(%rdi), %xmm8 + aesenc 112(%rdi), %xmm8 + aesenc 128(%rdi), %xmm8 + aesenc 144(%rdi), %xmm8 + cmpl $11, %esi + movdqa 160(%rdi), %xmm9 + jl L_AES_GCM_init_aesni_calc_iv_2_aesenc_avx_last + aesenc %xmm9, %xmm8 + aesenc 176(%rdi), %xmm8 + cmpl $13, %esi + movdqa 192(%rdi), %xmm9 + jl L_AES_GCM_init_aesni_calc_iv_2_aesenc_avx_last + aesenc %xmm9, %xmm8 + aesenc 208(%rdi), %xmm8 + movdqa 224(%rdi), %xmm9 +L_AES_GCM_init_aesni_calc_iv_2_aesenc_avx_last: + aesenclast %xmm9, %xmm8 + movdqa %xmm8, %xmm15 +L_AES_GCM_init_aesni_iv_done: + movdqa %xmm15, (%rax) + pshufb L_aes_gcm_bswap_epi64(%rip), %xmm4 + paddd L_aes_gcm_one(%rip), %xmm4 + movdqa %xmm5, (%r8) + movdqa %xmm4, (%r9) + addq $16, %rsp + popq %r14 + popq %r13 + popq %r12 + repz retq +#ifndef __APPLE__ +.size AES_GCM_init_aesni,.-AES_GCM_init_aesni +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_GCM_aad_update_aesni +.type AES_GCM_aad_update_aesni,@function +.align 16 +AES_GCM_aad_update_aesni: +#else +.section __TEXT,__text +.globl _AES_GCM_aad_update_aesni +.p2align 4 +_AES_GCM_aad_update_aesni: +#endif /* __APPLE__ */ + movq %rcx, %rax + movdqa (%rdx), %xmm5 + movdqa (%rax), %xmm6 + xorl %ecx, %ecx +L_AES_GCM_aad_update_aesni_16_loop: + movdqu (%rdi,%rcx,1), %xmm8 + pshufb L_aes_gcm_bswap_mask(%rip), %xmm8 + pxor %xmm8, %xmm5 + pshufd $0x4e, %xmm5, %xmm1 + pshufd $0x4e, %xmm6, %xmm2 + movdqa %xmm6, %xmm3 + movdqa %xmm6, %xmm0 + pclmulqdq $0x11, %xmm5, %xmm3 + pclmulqdq $0x00, %xmm5, %xmm0 + pxor %xmm5, %xmm1 + pxor %xmm6, %xmm2 + pclmulqdq $0x00, %xmm2, %xmm1 + pxor %xmm0, %xmm1 + pxor %xmm3, %xmm1 + movdqa %xmm1, %xmm2 + movdqa %xmm0, %xmm4 + movdqa %xmm3, %xmm5 + pslldq $8, %xmm2 + psrldq $8, %xmm1 + pxor %xmm2, %xmm4 + pxor %xmm1, %xmm5 + movdqa %xmm4, %xmm0 + movdqa %xmm5, %xmm1 + psrld $31, %xmm0 + psrld $31, %xmm1 + pslld $0x01, %xmm4 + pslld $0x01, %xmm5 + movdqa %xmm0, %xmm2 + pslldq $4, %xmm0 + psrldq $12, %xmm2 + pslldq $4, %xmm1 + por %xmm2, %xmm5 + por %xmm0, %xmm4 + por %xmm1, %xmm5 + movdqa %xmm4, %xmm0 + movdqa %xmm4, %xmm1 + movdqa %xmm4, %xmm2 + pslld $31, %xmm0 + pslld $30, %xmm1 + pslld $25, %xmm2 + pxor %xmm1, %xmm0 + pxor %xmm2, %xmm0 + movdqa %xmm0, %xmm1 + psrldq $4, %xmm1 + pslldq $12, %xmm0 + pxor %xmm0, %xmm4 + movdqa %xmm4, %xmm2 + movdqa %xmm4, %xmm3 + movdqa %xmm4, %xmm0 + psrld $0x01, %xmm2 + psrld $2, %xmm3 + psrld $7, %xmm0 + pxor %xmm3, %xmm2 + pxor %xmm0, %xmm2 + pxor %xmm1, %xmm2 + pxor %xmm4, %xmm2 + pxor %xmm2, %xmm5 + addl $16, %ecx + cmpl %esi, %ecx + jl L_AES_GCM_aad_update_aesni_16_loop + movdqa %xmm5, (%rdx) + repz retq +#ifndef __APPLE__ +.size AES_GCM_aad_update_aesni,.-AES_GCM_aad_update_aesni +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_GCM_encrypt_block_aesni +.type AES_GCM_encrypt_block_aesni,@function +.align 16 +AES_GCM_encrypt_block_aesni: +#else +.section __TEXT,__text +.globl _AES_GCM_encrypt_block_aesni +.p2align 4 +_AES_GCM_encrypt_block_aesni: +#endif /* __APPLE__ */ + movq %rdx, %r10 + movq %rcx, %r11 + movdqa (%r8), %xmm8 + movdqa %xmm8, %xmm9 + pshufb L_aes_gcm_bswap_epi64(%rip), %xmm8 + paddd L_aes_gcm_one(%rip), %xmm9 + pxor (%rdi), %xmm8 + movdqa %xmm9, (%r8) + aesenc 16(%rdi), %xmm8 + aesenc 32(%rdi), %xmm8 + aesenc 48(%rdi), %xmm8 + aesenc 64(%rdi), %xmm8 + aesenc 80(%rdi), %xmm8 + aesenc 96(%rdi), %xmm8 + aesenc 112(%rdi), %xmm8 + aesenc 128(%rdi), %xmm8 + aesenc 144(%rdi), %xmm8 + cmpl $11, %esi + movdqa 160(%rdi), %xmm9 + jl L_AES_GCM_encrypt_block_aesni_aesenc_block_aesenc_avx_last + aesenc %xmm9, %xmm8 + aesenc 176(%rdi), %xmm8 + cmpl $13, %esi + movdqa 192(%rdi), %xmm9 + jl L_AES_GCM_encrypt_block_aesni_aesenc_block_aesenc_avx_last + aesenc %xmm9, %xmm8 + aesenc 208(%rdi), %xmm8 + movdqa 224(%rdi), %xmm9 +L_AES_GCM_encrypt_block_aesni_aesenc_block_aesenc_avx_last: + aesenclast %xmm9, %xmm8 + movdqu (%r11), %xmm9 + pxor %xmm9, %xmm8 + movdqu %xmm8, (%r10) + pshufb L_aes_gcm_bswap_mask(%rip), %xmm8 + repz retq +#ifndef __APPLE__ +.size AES_GCM_encrypt_block_aesni,.-AES_GCM_encrypt_block_aesni +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_GCM_ghash_block_aesni +.type AES_GCM_ghash_block_aesni,@function +.align 16 +AES_GCM_ghash_block_aesni: +#else +.section __TEXT,__text +.globl _AES_GCM_ghash_block_aesni +.p2align 4 +_AES_GCM_ghash_block_aesni: +#endif /* __APPLE__ */ + movdqa (%rsi), %xmm4 + movdqa (%rdx), %xmm5 + movdqu (%rdi), %xmm8 + pshufb L_aes_gcm_bswap_mask(%rip), %xmm8 + pxor %xmm8, %xmm4 + pshufd $0x4e, %xmm4, %xmm1 + pshufd $0x4e, %xmm5, %xmm2 + movdqa %xmm5, %xmm3 + movdqa %xmm5, %xmm0 + pclmulqdq $0x11, %xmm4, %xmm3 + pclmulqdq $0x00, %xmm4, %xmm0 + pxor %xmm4, %xmm1 + pxor %xmm5, %xmm2 + pclmulqdq $0x00, %xmm2, %xmm1 + pxor %xmm0, %xmm1 + pxor %xmm3, %xmm1 + movdqa %xmm1, %xmm2 + movdqa %xmm0, %xmm6 + movdqa %xmm3, %xmm4 + pslldq $8, %xmm2 + psrldq $8, %xmm1 + pxor %xmm2, %xmm6 + pxor %xmm1, %xmm4 + movdqa %xmm6, %xmm0 + movdqa %xmm4, %xmm1 + psrld $31, %xmm0 + psrld $31, %xmm1 + pslld $0x01, %xmm6 + pslld $0x01, %xmm4 + movdqa %xmm0, %xmm2 + pslldq $4, %xmm0 + psrldq $12, %xmm2 + pslldq $4, %xmm1 + por %xmm2, %xmm4 + por %xmm0, %xmm6 + por %xmm1, %xmm4 + movdqa %xmm6, %xmm0 + movdqa %xmm6, %xmm1 + movdqa %xmm6, %xmm2 + pslld $31, %xmm0 + pslld $30, %xmm1 + pslld $25, %xmm2 + pxor %xmm1, %xmm0 + pxor %xmm2, %xmm0 + movdqa %xmm0, %xmm1 + psrldq $4, %xmm1 + pslldq $12, %xmm0 + pxor %xmm0, %xmm6 + movdqa %xmm6, %xmm2 + movdqa %xmm6, %xmm3 + movdqa %xmm6, %xmm0 + psrld $0x01, %xmm2 + psrld $2, %xmm3 + psrld $7, %xmm0 + pxor %xmm3, %xmm2 + pxor %xmm0, %xmm2 + pxor %xmm1, %xmm2 + pxor %xmm6, %xmm2 + pxor %xmm2, %xmm4 + movdqa %xmm4, (%rsi) + repz retq +#ifndef __APPLE__ +.size AES_GCM_ghash_block_aesni,.-AES_GCM_ghash_block_aesni +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_GCM_encrypt_update_aesni +.type AES_GCM_encrypt_update_aesni,@function +.align 16 +AES_GCM_encrypt_update_aesni: +#else +.section __TEXT,__text +.globl _AES_GCM_encrypt_update_aesni +.p2align 4 +_AES_GCM_encrypt_update_aesni: +#endif /* __APPLE__ */ + pushq %r13 + pushq %r12 + pushq %r14 + movq %rdx, %r10 + movq %rcx, %r11 + movq 32(%rsp), %rax + movq 40(%rsp), %r12 + subq $0xa0, %rsp + movdqa (%r9), %xmm6 + movdqa (%rax), %xmm5 + movdqa %xmm5, %xmm9 + movdqa %xmm5, %xmm8 + psrlq $63, %xmm9 + psllq $0x01, %xmm8 + pslldq $8, %xmm9 + por %xmm9, %xmm8 + pshufd $0xff, %xmm5, %xmm5 + psrad $31, %xmm5 + pand L_aes_gcm_mod2_128(%rip), %xmm5 + pxor %xmm8, %xmm5 + xorq %r14, %r14 + cmpl $0x80, %r8d + movl %r8d, %r13d + jl L_AES_GCM_encrypt_update_aesni_done_128 + andl $0xffffff80, %r13d + movdqa %xmm6, %xmm2 + # H ^ 1 + movdqa %xmm5, (%rsp) + # H ^ 2 + pshufd $0x4e, %xmm5, %xmm9 + pshufd $0x4e, %xmm5, %xmm10 + movdqa %xmm5, %xmm11 + movdqa %xmm5, %xmm8 + pclmulqdq $0x11, %xmm5, %xmm11 + pclmulqdq $0x00, %xmm5, %xmm8 + pxor %xmm5, %xmm9 + pxor %xmm5, %xmm10 + pclmulqdq $0x00, %xmm10, %xmm9 + pxor %xmm8, %xmm9 + pxor %xmm11, %xmm9 + movdqa %xmm9, %xmm10 + movdqa %xmm11, %xmm0 + pslldq $8, %xmm10 + psrldq $8, %xmm9 + pxor %xmm10, %xmm8 + pxor %xmm9, %xmm0 + movdqa %xmm8, %xmm12 + movdqa %xmm8, %xmm13 + movdqa %xmm8, %xmm14 + pslld $31, %xmm12 + pslld $30, %xmm13 + pslld $25, %xmm14 + pxor %xmm13, %xmm12 + pxor %xmm14, %xmm12 + movdqa %xmm12, %xmm13 + psrldq $4, %xmm13 + pslldq $12, %xmm12 + pxor %xmm12, %xmm8 + movdqa %xmm8, %xmm14 + movdqa %xmm8, %xmm10 + movdqa %xmm8, %xmm9 + psrld $0x01, %xmm14 + psrld $2, %xmm10 + psrld $7, %xmm9 + pxor %xmm10, %xmm14 + pxor %xmm9, %xmm14 + pxor %xmm13, %xmm14 + pxor %xmm8, %xmm14 + pxor %xmm14, %xmm0 + movdqa %xmm0, 16(%rsp) + # H ^ 3 + pshufd $0x4e, %xmm5, %xmm9 + pshufd $0x4e, %xmm0, %xmm10 + movdqa %xmm0, %xmm11 + movdqa %xmm0, %xmm8 + pclmulqdq $0x11, %xmm5, %xmm11 + pclmulqdq $0x00, %xmm5, %xmm8 + pxor %xmm5, %xmm9 + pxor %xmm0, %xmm10 + pclmulqdq $0x00, %xmm10, %xmm9 + pxor %xmm8, %xmm9 + pxor %xmm11, %xmm9 + movdqa %xmm9, %xmm10 + movdqa %xmm11, %xmm1 + pslldq $8, %xmm10 + psrldq $8, %xmm9 + pxor %xmm10, %xmm8 + pxor %xmm9, %xmm1 + movdqa %xmm8, %xmm12 + movdqa %xmm8, %xmm13 + movdqa %xmm8, %xmm14 + pslld $31, %xmm12 + pslld $30, %xmm13 + pslld $25, %xmm14 + pxor %xmm13, %xmm12 + pxor %xmm14, %xmm12 + movdqa %xmm12, %xmm13 + psrldq $4, %xmm13 + pslldq $12, %xmm12 + pxor %xmm12, %xmm8 + movdqa %xmm8, %xmm14 + movdqa %xmm8, %xmm10 + movdqa %xmm8, %xmm9 + psrld $0x01, %xmm14 + psrld $2, %xmm10 + psrld $7, %xmm9 + pxor %xmm10, %xmm14 + pxor %xmm9, %xmm14 + pxor %xmm13, %xmm14 + pxor %xmm8, %xmm14 + pxor %xmm14, %xmm1 + movdqa %xmm1, 32(%rsp) + # H ^ 4 + pshufd $0x4e, %xmm0, %xmm9 + pshufd $0x4e, %xmm0, %xmm10 + movdqa %xmm0, %xmm11 + movdqa %xmm0, %xmm8 + pclmulqdq $0x11, %xmm0, %xmm11 + pclmulqdq $0x00, %xmm0, %xmm8 + pxor %xmm0, %xmm9 + pxor %xmm0, %xmm10 + pclmulqdq $0x00, %xmm10, %xmm9 + pxor %xmm8, %xmm9 + pxor %xmm11, %xmm9 + movdqa %xmm9, %xmm10 + movdqa %xmm11, %xmm3 + pslldq $8, %xmm10 + psrldq $8, %xmm9 + pxor %xmm10, %xmm8 + pxor %xmm9, %xmm3 + movdqa %xmm8, %xmm12 + movdqa %xmm8, %xmm13 + movdqa %xmm8, %xmm14 + pslld $31, %xmm12 + pslld $30, %xmm13 + pslld $25, %xmm14 + pxor %xmm13, %xmm12 + pxor %xmm14, %xmm12 + movdqa %xmm12, %xmm13 + psrldq $4, %xmm13 + pslldq $12, %xmm12 + pxor %xmm12, %xmm8 + movdqa %xmm8, %xmm14 + movdqa %xmm8, %xmm10 + movdqa %xmm8, %xmm9 + psrld $0x01, %xmm14 + psrld $2, %xmm10 + psrld $7, %xmm9 + pxor %xmm10, %xmm14 + pxor %xmm9, %xmm14 + pxor %xmm13, %xmm14 + pxor %xmm8, %xmm14 + pxor %xmm14, %xmm3 + movdqa %xmm3, 48(%rsp) + # H ^ 5 + pshufd $0x4e, %xmm0, %xmm9 + pshufd $0x4e, %xmm1, %xmm10 + movdqa %xmm1, %xmm11 + movdqa %xmm1, %xmm8 + pclmulqdq $0x11, %xmm0, %xmm11 + pclmulqdq $0x00, %xmm0, %xmm8 + pxor %xmm0, %xmm9 + pxor %xmm1, %xmm10 + pclmulqdq $0x00, %xmm10, %xmm9 + pxor %xmm8, %xmm9 + pxor %xmm11, %xmm9 + movdqa %xmm9, %xmm10 + movdqa %xmm11, %xmm7 + pslldq $8, %xmm10 + psrldq $8, %xmm9 + pxor %xmm10, %xmm8 + pxor %xmm9, %xmm7 + movdqa %xmm8, %xmm12 + movdqa %xmm8, %xmm13 + movdqa %xmm8, %xmm14 + pslld $31, %xmm12 + pslld $30, %xmm13 + pslld $25, %xmm14 + pxor %xmm13, %xmm12 + pxor %xmm14, %xmm12 + movdqa %xmm12, %xmm13 + psrldq $4, %xmm13 + pslldq $12, %xmm12 + pxor %xmm12, %xmm8 + movdqa %xmm8, %xmm14 + movdqa %xmm8, %xmm10 + movdqa %xmm8, %xmm9 + psrld $0x01, %xmm14 + psrld $2, %xmm10 + psrld $7, %xmm9 + pxor %xmm10, %xmm14 + pxor %xmm9, %xmm14 + pxor %xmm13, %xmm14 + pxor %xmm8, %xmm14 + pxor %xmm14, %xmm7 + movdqa %xmm7, 64(%rsp) + # H ^ 6 + pshufd $0x4e, %xmm1, %xmm9 + pshufd $0x4e, %xmm1, %xmm10 + movdqa %xmm1, %xmm11 + movdqa %xmm1, %xmm8 + pclmulqdq $0x11, %xmm1, %xmm11 + pclmulqdq $0x00, %xmm1, %xmm8 + pxor %xmm1, %xmm9 + pxor %xmm1, %xmm10 + pclmulqdq $0x00, %xmm10, %xmm9 + pxor %xmm8, %xmm9 + pxor %xmm11, %xmm9 + movdqa %xmm9, %xmm10 + movdqa %xmm11, %xmm7 + pslldq $8, %xmm10 + psrldq $8, %xmm9 + pxor %xmm10, %xmm8 + pxor %xmm9, %xmm7 + movdqa %xmm8, %xmm12 + movdqa %xmm8, %xmm13 + movdqa %xmm8, %xmm14 + pslld $31, %xmm12 + pslld $30, %xmm13 + pslld $25, %xmm14 + pxor %xmm13, %xmm12 + pxor %xmm14, %xmm12 + movdqa %xmm12, %xmm13 + psrldq $4, %xmm13 + pslldq $12, %xmm12 + pxor %xmm12, %xmm8 + movdqa %xmm8, %xmm14 + movdqa %xmm8, %xmm10 + movdqa %xmm8, %xmm9 + psrld $0x01, %xmm14 + psrld $2, %xmm10 + psrld $7, %xmm9 + pxor %xmm10, %xmm14 + pxor %xmm9, %xmm14 + pxor %xmm13, %xmm14 + pxor %xmm8, %xmm14 + pxor %xmm14, %xmm7 + movdqa %xmm7, 80(%rsp) + # H ^ 7 + pshufd $0x4e, %xmm1, %xmm9 + pshufd $0x4e, %xmm3, %xmm10 + movdqa %xmm3, %xmm11 + movdqa %xmm3, %xmm8 + pclmulqdq $0x11, %xmm1, %xmm11 + pclmulqdq $0x00, %xmm1, %xmm8 + pxor %xmm1, %xmm9 + pxor %xmm3, %xmm10 + pclmulqdq $0x00, %xmm10, %xmm9 + pxor %xmm8, %xmm9 + pxor %xmm11, %xmm9 + movdqa %xmm9, %xmm10 + movdqa %xmm11, %xmm7 + pslldq $8, %xmm10 + psrldq $8, %xmm9 + pxor %xmm10, %xmm8 + pxor %xmm9, %xmm7 + movdqa %xmm8, %xmm12 + movdqa %xmm8, %xmm13 + movdqa %xmm8, %xmm14 + pslld $31, %xmm12 + pslld $30, %xmm13 + pslld $25, %xmm14 + pxor %xmm13, %xmm12 + pxor %xmm14, %xmm12 + movdqa %xmm12, %xmm13 + psrldq $4, %xmm13 + pslldq $12, %xmm12 + pxor %xmm12, %xmm8 + movdqa %xmm8, %xmm14 + movdqa %xmm8, %xmm10 + movdqa %xmm8, %xmm9 + psrld $0x01, %xmm14 + psrld $2, %xmm10 + psrld $7, %xmm9 + pxor %xmm10, %xmm14 + pxor %xmm9, %xmm14 + pxor %xmm13, %xmm14 + pxor %xmm8, %xmm14 + pxor %xmm14, %xmm7 + movdqa %xmm7, 96(%rsp) + # H ^ 8 + pshufd $0x4e, %xmm3, %xmm9 + pshufd $0x4e, %xmm3, %xmm10 + movdqa %xmm3, %xmm11 + movdqa %xmm3, %xmm8 + pclmulqdq $0x11, %xmm3, %xmm11 + pclmulqdq $0x00, %xmm3, %xmm8 + pxor %xmm3, %xmm9 + pxor %xmm3, %xmm10 + pclmulqdq $0x00, %xmm10, %xmm9 + pxor %xmm8, %xmm9 + pxor %xmm11, %xmm9 + movdqa %xmm9, %xmm10 + movdqa %xmm11, %xmm7 + pslldq $8, %xmm10 + psrldq $8, %xmm9 + pxor %xmm10, %xmm8 + pxor %xmm9, %xmm7 + movdqa %xmm8, %xmm12 + movdqa %xmm8, %xmm13 + movdqa %xmm8, %xmm14 + pslld $31, %xmm12 + pslld $30, %xmm13 + pslld $25, %xmm14 + pxor %xmm13, %xmm12 + pxor %xmm14, %xmm12 + movdqa %xmm12, %xmm13 + psrldq $4, %xmm13 + pslldq $12, %xmm12 + pxor %xmm12, %xmm8 + movdqa %xmm8, %xmm14 + movdqa %xmm8, %xmm10 + movdqa %xmm8, %xmm9 + psrld $0x01, %xmm14 + psrld $2, %xmm10 + psrld $7, %xmm9 + pxor %xmm10, %xmm14 + pxor %xmm9, %xmm14 + pxor %xmm13, %xmm14 + pxor %xmm8, %xmm14 + pxor %xmm14, %xmm7 + movdqa %xmm7, 112(%rsp) + # First 128 bytes of input + movdqa (%r12), %xmm8 + movdqa L_aes_gcm_bswap_epi64(%rip), %xmm1 + movdqa %xmm8, %xmm0 + pshufb %xmm1, %xmm8 + movdqa %xmm0, %xmm9 + paddd L_aes_gcm_one(%rip), %xmm9 + pshufb %xmm1, %xmm9 + movdqa %xmm0, %xmm10 + paddd L_aes_gcm_two(%rip), %xmm10 + pshufb %xmm1, %xmm10 + movdqa %xmm0, %xmm11 + paddd L_aes_gcm_three(%rip), %xmm11 + pshufb %xmm1, %xmm11 + movdqa %xmm0, %xmm12 + paddd L_aes_gcm_four(%rip), %xmm12 + pshufb %xmm1, %xmm12 + movdqa %xmm0, %xmm13 + paddd L_aes_gcm_five(%rip), %xmm13 + pshufb %xmm1, %xmm13 + movdqa %xmm0, %xmm14 + paddd L_aes_gcm_six(%rip), %xmm14 + pshufb %xmm1, %xmm14 + movdqa %xmm0, %xmm15 + paddd L_aes_gcm_seven(%rip), %xmm15 + pshufb %xmm1, %xmm15 + paddd L_aes_gcm_eight(%rip), %xmm0 + movdqa (%rdi), %xmm7 + movdqa %xmm0, (%r12) + pxor %xmm7, %xmm8 + pxor %xmm7, %xmm9 + pxor %xmm7, %xmm10 + pxor %xmm7, %xmm11 + pxor %xmm7, %xmm12 + pxor %xmm7, %xmm13 + pxor %xmm7, %xmm14 + pxor %xmm7, %xmm15 + movdqa 16(%rdi), %xmm7 + aesenc %xmm7, %xmm8 + aesenc %xmm7, %xmm9 + aesenc %xmm7, %xmm10 + aesenc %xmm7, %xmm11 + aesenc %xmm7, %xmm12 + aesenc %xmm7, %xmm13 + aesenc %xmm7, %xmm14 + aesenc %xmm7, %xmm15 + movdqa 32(%rdi), %xmm7 + aesenc %xmm7, %xmm8 + aesenc %xmm7, %xmm9 + aesenc %xmm7, %xmm10 + aesenc %xmm7, %xmm11 + aesenc %xmm7, %xmm12 + aesenc %xmm7, %xmm13 + aesenc %xmm7, %xmm14 + aesenc %xmm7, %xmm15 + movdqa 48(%rdi), %xmm7 + aesenc %xmm7, %xmm8 + aesenc %xmm7, %xmm9 + aesenc %xmm7, %xmm10 + aesenc %xmm7, %xmm11 + aesenc %xmm7, %xmm12 + aesenc %xmm7, %xmm13 + aesenc %xmm7, %xmm14 + aesenc %xmm7, %xmm15 + movdqa 64(%rdi), %xmm7 + aesenc %xmm7, %xmm8 + aesenc %xmm7, %xmm9 + aesenc %xmm7, %xmm10 + aesenc %xmm7, %xmm11 + aesenc %xmm7, %xmm12 + aesenc %xmm7, %xmm13 + aesenc %xmm7, %xmm14 + aesenc %xmm7, %xmm15 + movdqa 80(%rdi), %xmm7 + aesenc %xmm7, %xmm8 + aesenc %xmm7, %xmm9 + aesenc %xmm7, %xmm10 + aesenc %xmm7, %xmm11 + aesenc %xmm7, %xmm12 + aesenc %xmm7, %xmm13 + aesenc %xmm7, %xmm14 + aesenc %xmm7, %xmm15 + movdqa 96(%rdi), %xmm7 + aesenc %xmm7, %xmm8 + aesenc %xmm7, %xmm9 + aesenc %xmm7, %xmm10 + aesenc %xmm7, %xmm11 + aesenc %xmm7, %xmm12 + aesenc %xmm7, %xmm13 + aesenc %xmm7, %xmm14 + aesenc %xmm7, %xmm15 + movdqa 112(%rdi), %xmm7 + aesenc %xmm7, %xmm8 + aesenc %xmm7, %xmm9 + aesenc %xmm7, %xmm10 + aesenc %xmm7, %xmm11 + aesenc %xmm7, %xmm12 + aesenc %xmm7, %xmm13 + aesenc %xmm7, %xmm14 + aesenc %xmm7, %xmm15 + movdqa 128(%rdi), %xmm7 + aesenc %xmm7, %xmm8 + aesenc %xmm7, %xmm9 + aesenc %xmm7, %xmm10 + aesenc %xmm7, %xmm11 + aesenc %xmm7, %xmm12 + aesenc %xmm7, %xmm13 + aesenc %xmm7, %xmm14 + aesenc %xmm7, %xmm15 + movdqa 144(%rdi), %xmm7 + aesenc %xmm7, %xmm8 + aesenc %xmm7, %xmm9 + aesenc %xmm7, %xmm10 + aesenc %xmm7, %xmm11 + aesenc %xmm7, %xmm12 + aesenc %xmm7, %xmm13 + aesenc %xmm7, %xmm14 + aesenc %xmm7, %xmm15 + cmpl $11, %esi + movdqa 160(%rdi), %xmm7 + jl L_AES_GCM_encrypt_update_aesni_enc_done + aesenc %xmm7, %xmm8 + aesenc %xmm7, %xmm9 + aesenc %xmm7, %xmm10 + aesenc %xmm7, %xmm11 + aesenc %xmm7, %xmm12 + aesenc %xmm7, %xmm13 + aesenc %xmm7, %xmm14 + aesenc %xmm7, %xmm15 + movdqa 176(%rdi), %xmm7 + aesenc %xmm7, %xmm8 + aesenc %xmm7, %xmm9 + aesenc %xmm7, %xmm10 + aesenc %xmm7, %xmm11 + aesenc %xmm7, %xmm12 + aesenc %xmm7, %xmm13 + aesenc %xmm7, %xmm14 + aesenc %xmm7, %xmm15 + cmpl $13, %esi + movdqa 192(%rdi), %xmm7 + jl L_AES_GCM_encrypt_update_aesni_enc_done + aesenc %xmm7, %xmm8 + aesenc %xmm7, %xmm9 + aesenc %xmm7, %xmm10 + aesenc %xmm7, %xmm11 + aesenc %xmm7, %xmm12 + aesenc %xmm7, %xmm13 + aesenc %xmm7, %xmm14 + aesenc %xmm7, %xmm15 + movdqa 208(%rdi), %xmm7 + aesenc %xmm7, %xmm8 + aesenc %xmm7, %xmm9 + aesenc %xmm7, %xmm10 + aesenc %xmm7, %xmm11 + aesenc %xmm7, %xmm12 + aesenc %xmm7, %xmm13 + aesenc %xmm7, %xmm14 + aesenc %xmm7, %xmm15 + movdqa 224(%rdi), %xmm7 +L_AES_GCM_encrypt_update_aesni_enc_done: + aesenclast %xmm7, %xmm8 + aesenclast %xmm7, %xmm9 + movdqu (%r11), %xmm0 + movdqu 16(%r11), %xmm1 + pxor %xmm0, %xmm8 + pxor %xmm1, %xmm9 + movdqu %xmm8, (%r10) + movdqu %xmm9, 16(%r10) + aesenclast %xmm7, %xmm10 + aesenclast %xmm7, %xmm11 + movdqu 32(%r11), %xmm0 + movdqu 48(%r11), %xmm1 + pxor %xmm0, %xmm10 + pxor %xmm1, %xmm11 + movdqu %xmm10, 32(%r10) + movdqu %xmm11, 48(%r10) + aesenclast %xmm7, %xmm12 + aesenclast %xmm7, %xmm13 + movdqu 64(%r11), %xmm0 + movdqu 80(%r11), %xmm1 + pxor %xmm0, %xmm12 + pxor %xmm1, %xmm13 + movdqu %xmm12, 64(%r10) + movdqu %xmm13, 80(%r10) + aesenclast %xmm7, %xmm14 + aesenclast %xmm7, %xmm15 + movdqu 96(%r11), %xmm0 + movdqu 112(%r11), %xmm1 + pxor %xmm0, %xmm14 + pxor %xmm1, %xmm15 + movdqu %xmm14, 96(%r10) + movdqu %xmm15, 112(%r10) + cmpl $0x80, %r13d + movl $0x80, %r14d + jle L_AES_GCM_encrypt_update_aesni_end_128 + # More 128 bytes of input +L_AES_GCM_encrypt_update_aesni_ghash_128: + leaq (%r11,%r14,1), %rcx + leaq (%r10,%r14,1), %rdx + movdqa (%r12), %xmm8 + movdqa L_aes_gcm_bswap_epi64(%rip), %xmm1 + movdqa %xmm8, %xmm0 + pshufb %xmm1, %xmm8 + movdqa %xmm0, %xmm9 + paddd L_aes_gcm_one(%rip), %xmm9 + pshufb %xmm1, %xmm9 + movdqa %xmm0, %xmm10 + paddd L_aes_gcm_two(%rip), %xmm10 + pshufb %xmm1, %xmm10 + movdqa %xmm0, %xmm11 + paddd L_aes_gcm_three(%rip), %xmm11 + pshufb %xmm1, %xmm11 + movdqa %xmm0, %xmm12 + paddd L_aes_gcm_four(%rip), %xmm12 + pshufb %xmm1, %xmm12 + movdqa %xmm0, %xmm13 + paddd L_aes_gcm_five(%rip), %xmm13 + pshufb %xmm1, %xmm13 + movdqa %xmm0, %xmm14 + paddd L_aes_gcm_six(%rip), %xmm14 + pshufb %xmm1, %xmm14 + movdqa %xmm0, %xmm15 + paddd L_aes_gcm_seven(%rip), %xmm15 + pshufb %xmm1, %xmm15 + paddd L_aes_gcm_eight(%rip), %xmm0 + movdqa (%rdi), %xmm7 + movdqa %xmm0, (%r12) + pxor %xmm7, %xmm8 + pxor %xmm7, %xmm9 + pxor %xmm7, %xmm10 + pxor %xmm7, %xmm11 + pxor %xmm7, %xmm12 + pxor %xmm7, %xmm13 + pxor %xmm7, %xmm14 + pxor %xmm7, %xmm15 + movdqa 112(%rsp), %xmm7 + movdqu -128(%rdx), %xmm0 + aesenc 16(%rdi), %xmm8 + pshufb L_aes_gcm_bswap_mask(%rip), %xmm0 + pxor %xmm2, %xmm0 + pshufd $0x4e, %xmm7, %xmm1 + pshufd $0x4e, %xmm0, %xmm5 + pxor %xmm7, %xmm1 + pxor %xmm0, %xmm5 + movdqa %xmm0, %xmm3 + pclmulqdq $0x11, %xmm7, %xmm3 + aesenc 16(%rdi), %xmm9 + aesenc 16(%rdi), %xmm10 + movdqa %xmm0, %xmm2 + pclmulqdq $0x00, %xmm7, %xmm2 + aesenc 16(%rdi), %xmm11 + aesenc 16(%rdi), %xmm12 + pclmulqdq $0x00, %xmm5, %xmm1 + aesenc 16(%rdi), %xmm13 + aesenc 16(%rdi), %xmm14 + aesenc 16(%rdi), %xmm15 + pxor %xmm2, %xmm1 + pxor %xmm3, %xmm1 + movdqa 96(%rsp), %xmm7 + movdqu -112(%rdx), %xmm0 + pshufd $0x4e, %xmm7, %xmm4 + pshufb L_aes_gcm_bswap_mask(%rip), %xmm0 + aesenc 32(%rdi), %xmm8 + pxor %xmm7, %xmm4 + pshufd $0x4e, %xmm0, %xmm5 + pxor %xmm0, %xmm5 + movdqa %xmm0, %xmm6 + pclmulqdq $0x11, %xmm7, %xmm6 + aesenc 32(%rdi), %xmm9 + aesenc 32(%rdi), %xmm10 + pclmulqdq $0x00, %xmm0, %xmm7 + aesenc 32(%rdi), %xmm11 + aesenc 32(%rdi), %xmm12 + pclmulqdq $0x00, %xmm5, %xmm4 + aesenc 32(%rdi), %xmm13 + aesenc 32(%rdi), %xmm14 + aesenc 32(%rdi), %xmm15 + pxor %xmm7, %xmm1 + pxor %xmm7, %xmm2 + pxor %xmm6, %xmm1 + pxor %xmm6, %xmm3 + pxor %xmm4, %xmm1 + movdqa 80(%rsp), %xmm7 + movdqu -96(%rdx), %xmm0 + pshufd $0x4e, %xmm7, %xmm4 + pshufb L_aes_gcm_bswap_mask(%rip), %xmm0 + aesenc 48(%rdi), %xmm8 + pxor %xmm7, %xmm4 + pshufd $0x4e, %xmm0, %xmm5 + pxor %xmm0, %xmm5 + movdqa %xmm0, %xmm6 + pclmulqdq $0x11, %xmm7, %xmm6 + aesenc 48(%rdi), %xmm9 + aesenc 48(%rdi), %xmm10 + pclmulqdq $0x00, %xmm0, %xmm7 + aesenc 48(%rdi), %xmm11 + aesenc 48(%rdi), %xmm12 + pclmulqdq $0x00, %xmm5, %xmm4 + aesenc 48(%rdi), %xmm13 + aesenc 48(%rdi), %xmm14 + aesenc 48(%rdi), %xmm15 + pxor %xmm7, %xmm1 + pxor %xmm7, %xmm2 + pxor %xmm6, %xmm1 + pxor %xmm6, %xmm3 + pxor %xmm4, %xmm1 + movdqa 64(%rsp), %xmm7 + movdqu -80(%rdx), %xmm0 + pshufd $0x4e, %xmm7, %xmm4 + pshufb L_aes_gcm_bswap_mask(%rip), %xmm0 + aesenc 64(%rdi), %xmm8 + pxor %xmm7, %xmm4 + pshufd $0x4e, %xmm0, %xmm5 + pxor %xmm0, %xmm5 + movdqa %xmm0, %xmm6 + pclmulqdq $0x11, %xmm7, %xmm6 + aesenc 64(%rdi), %xmm9 + aesenc 64(%rdi), %xmm10 + pclmulqdq $0x00, %xmm0, %xmm7 + aesenc 64(%rdi), %xmm11 + aesenc 64(%rdi), %xmm12 + pclmulqdq $0x00, %xmm5, %xmm4 + aesenc 64(%rdi), %xmm13 + aesenc 64(%rdi), %xmm14 + aesenc 64(%rdi), %xmm15 + pxor %xmm7, %xmm1 + pxor %xmm7, %xmm2 + pxor %xmm6, %xmm1 + pxor %xmm6, %xmm3 + pxor %xmm4, %xmm1 + movdqa 48(%rsp), %xmm7 + movdqu -64(%rdx), %xmm0 + pshufd $0x4e, %xmm7, %xmm4 + pshufb L_aes_gcm_bswap_mask(%rip), %xmm0 + aesenc 80(%rdi), %xmm8 + pxor %xmm7, %xmm4 + pshufd $0x4e, %xmm0, %xmm5 + pxor %xmm0, %xmm5 + movdqa %xmm0, %xmm6 + pclmulqdq $0x11, %xmm7, %xmm6 + aesenc 80(%rdi), %xmm9 + aesenc 80(%rdi), %xmm10 + pclmulqdq $0x00, %xmm0, %xmm7 + aesenc 80(%rdi), %xmm11 + aesenc 80(%rdi), %xmm12 + pclmulqdq $0x00, %xmm5, %xmm4 + aesenc 80(%rdi), %xmm13 + aesenc 80(%rdi), %xmm14 + aesenc 80(%rdi), %xmm15 + pxor %xmm7, %xmm1 + pxor %xmm7, %xmm2 + pxor %xmm6, %xmm1 + pxor %xmm6, %xmm3 + pxor %xmm4, %xmm1 + movdqa 32(%rsp), %xmm7 + movdqu -48(%rdx), %xmm0 + pshufd $0x4e, %xmm7, %xmm4 + pshufb L_aes_gcm_bswap_mask(%rip), %xmm0 + aesenc 96(%rdi), %xmm8 + pxor %xmm7, %xmm4 + pshufd $0x4e, %xmm0, %xmm5 + pxor %xmm0, %xmm5 + movdqa %xmm0, %xmm6 + pclmulqdq $0x11, %xmm7, %xmm6 + aesenc 96(%rdi), %xmm9 + aesenc 96(%rdi), %xmm10 + pclmulqdq $0x00, %xmm0, %xmm7 + aesenc 96(%rdi), %xmm11 + aesenc 96(%rdi), %xmm12 + pclmulqdq $0x00, %xmm5, %xmm4 + aesenc 96(%rdi), %xmm13 + aesenc 96(%rdi), %xmm14 + aesenc 96(%rdi), %xmm15 + pxor %xmm7, %xmm1 + pxor %xmm7, %xmm2 + pxor %xmm6, %xmm1 + pxor %xmm6, %xmm3 + pxor %xmm4, %xmm1 + movdqa 16(%rsp), %xmm7 + movdqu -32(%rdx), %xmm0 + pshufd $0x4e, %xmm7, %xmm4 + pshufb L_aes_gcm_bswap_mask(%rip), %xmm0 + aesenc 112(%rdi), %xmm8 + pxor %xmm7, %xmm4 + pshufd $0x4e, %xmm0, %xmm5 + pxor %xmm0, %xmm5 + movdqa %xmm0, %xmm6 + pclmulqdq $0x11, %xmm7, %xmm6 + aesenc 112(%rdi), %xmm9 + aesenc 112(%rdi), %xmm10 + pclmulqdq $0x00, %xmm0, %xmm7 + aesenc 112(%rdi), %xmm11 + aesenc 112(%rdi), %xmm12 + pclmulqdq $0x00, %xmm5, %xmm4 + aesenc 112(%rdi), %xmm13 + aesenc 112(%rdi), %xmm14 + aesenc 112(%rdi), %xmm15 + pxor %xmm7, %xmm1 + pxor %xmm7, %xmm2 + pxor %xmm6, %xmm1 + pxor %xmm6, %xmm3 + pxor %xmm4, %xmm1 + movdqa (%rsp), %xmm7 + movdqu -16(%rdx), %xmm0 + pshufd $0x4e, %xmm7, %xmm4 + pshufb L_aes_gcm_bswap_mask(%rip), %xmm0 + aesenc 128(%rdi), %xmm8 + pxor %xmm7, %xmm4 + pshufd $0x4e, %xmm0, %xmm5 + pxor %xmm0, %xmm5 + movdqa %xmm0, %xmm6 + pclmulqdq $0x11, %xmm7, %xmm6 + aesenc 128(%rdi), %xmm9 + aesenc 128(%rdi), %xmm10 + pclmulqdq $0x00, %xmm0, %xmm7 + aesenc 128(%rdi), %xmm11 + aesenc 128(%rdi), %xmm12 + pclmulqdq $0x00, %xmm5, %xmm4 + aesenc 128(%rdi), %xmm13 + aesenc 128(%rdi), %xmm14 + aesenc 128(%rdi), %xmm15 + pxor %xmm7, %xmm1 + pxor %xmm7, %xmm2 + pxor %xmm6, %xmm1 + pxor %xmm6, %xmm3 + pxor %xmm4, %xmm1 + movdqa %xmm1, %xmm5 + psrldq $8, %xmm1 + pslldq $8, %xmm5 + aesenc 144(%rdi), %xmm8 + pxor %xmm5, %xmm2 + pxor %xmm1, %xmm3 + movdqa %xmm2, %xmm7 + movdqa %xmm2, %xmm4 + movdqa %xmm2, %xmm5 + aesenc 144(%rdi), %xmm9 + pslld $31, %xmm7 + pslld $30, %xmm4 + pslld $25, %xmm5 + aesenc 144(%rdi), %xmm10 + pxor %xmm4, %xmm7 + pxor %xmm5, %xmm7 + aesenc 144(%rdi), %xmm11 + movdqa %xmm7, %xmm4 + pslldq $12, %xmm7 + psrldq $4, %xmm4 + aesenc 144(%rdi), %xmm12 + pxor %xmm7, %xmm2 + movdqa %xmm2, %xmm5 + movdqa %xmm2, %xmm1 + movdqa %xmm2, %xmm0 + aesenc 144(%rdi), %xmm13 + psrld $0x01, %xmm5 + psrld $2, %xmm1 + psrld $7, %xmm0 + aesenc 144(%rdi), %xmm14 + pxor %xmm1, %xmm5 + pxor %xmm0, %xmm5 + aesenc 144(%rdi), %xmm15 + pxor %xmm4, %xmm5 + pxor %xmm5, %xmm2 + pxor %xmm3, %xmm2 + cmpl $11, %esi + movdqa 160(%rdi), %xmm7 + jl L_AES_GCM_encrypt_update_aesni_aesenc_128_ghash_avx_done + aesenc %xmm7, %xmm8 + aesenc %xmm7, %xmm9 + aesenc %xmm7, %xmm10 + aesenc %xmm7, %xmm11 + aesenc %xmm7, %xmm12 + aesenc %xmm7, %xmm13 + aesenc %xmm7, %xmm14 + aesenc %xmm7, %xmm15 + movdqa 176(%rdi), %xmm7 + aesenc %xmm7, %xmm8 + aesenc %xmm7, %xmm9 + aesenc %xmm7, %xmm10 + aesenc %xmm7, %xmm11 + aesenc %xmm7, %xmm12 + aesenc %xmm7, %xmm13 + aesenc %xmm7, %xmm14 + aesenc %xmm7, %xmm15 + cmpl $13, %esi + movdqa 192(%rdi), %xmm7 + jl L_AES_GCM_encrypt_update_aesni_aesenc_128_ghash_avx_done + aesenc %xmm7, %xmm8 + aesenc %xmm7, %xmm9 + aesenc %xmm7, %xmm10 + aesenc %xmm7, %xmm11 + aesenc %xmm7, %xmm12 + aesenc %xmm7, %xmm13 + aesenc %xmm7, %xmm14 + aesenc %xmm7, %xmm15 + movdqa 208(%rdi), %xmm7 + aesenc %xmm7, %xmm8 + aesenc %xmm7, %xmm9 + aesenc %xmm7, %xmm10 + aesenc %xmm7, %xmm11 + aesenc %xmm7, %xmm12 + aesenc %xmm7, %xmm13 + aesenc %xmm7, %xmm14 + aesenc %xmm7, %xmm15 + movdqa 224(%rdi), %xmm7 +L_AES_GCM_encrypt_update_aesni_aesenc_128_ghash_avx_done: + aesenclast %xmm7, %xmm8 + aesenclast %xmm7, %xmm9 + movdqu (%rcx), %xmm0 + movdqu 16(%rcx), %xmm1 + pxor %xmm0, %xmm8 + pxor %xmm1, %xmm9 + movdqu %xmm8, (%rdx) + movdqu %xmm9, 16(%rdx) + aesenclast %xmm7, %xmm10 + aesenclast %xmm7, %xmm11 + movdqu 32(%rcx), %xmm0 + movdqu 48(%rcx), %xmm1 + pxor %xmm0, %xmm10 + pxor %xmm1, %xmm11 + movdqu %xmm10, 32(%rdx) + movdqu %xmm11, 48(%rdx) + aesenclast %xmm7, %xmm12 + aesenclast %xmm7, %xmm13 + movdqu 64(%rcx), %xmm0 + movdqu 80(%rcx), %xmm1 + pxor %xmm0, %xmm12 + pxor %xmm1, %xmm13 + movdqu %xmm12, 64(%rdx) + movdqu %xmm13, 80(%rdx) + aesenclast %xmm7, %xmm14 + aesenclast %xmm7, %xmm15 + movdqu 96(%rcx), %xmm0 + movdqu 112(%rcx), %xmm1 + pxor %xmm0, %xmm14 + pxor %xmm1, %xmm15 + movdqu %xmm14, 96(%rdx) + movdqu %xmm15, 112(%rdx) + addl $0x80, %r14d + cmpl %r13d, %r14d + jl L_AES_GCM_encrypt_update_aesni_ghash_128 +L_AES_GCM_encrypt_update_aesni_end_128: + movdqa L_aes_gcm_bswap_mask(%rip), %xmm4 + pshufb %xmm4, %xmm8 + pshufb %xmm4, %xmm9 + pshufb %xmm4, %xmm10 + pshufb %xmm4, %xmm11 + pxor %xmm2, %xmm8 + pshufb %xmm4, %xmm12 + pshufb %xmm4, %xmm13 + pshufb %xmm4, %xmm14 + pshufb %xmm4, %xmm15 + movdqa 112(%rsp), %xmm7 + pshufd $0x4e, %xmm8, %xmm1 + pshufd $0x4e, %xmm7, %xmm2 + movdqa %xmm7, %xmm3 + movdqa %xmm7, %xmm0 + pclmulqdq $0x11, %xmm8, %xmm3 + pclmulqdq $0x00, %xmm8, %xmm0 + pxor %xmm8, %xmm1 + pxor %xmm7, %xmm2 + pclmulqdq $0x00, %xmm2, %xmm1 + pxor %xmm0, %xmm1 + pxor %xmm3, %xmm1 + movdqa %xmm1, %xmm2 + movdqa %xmm0, %xmm4 + movdqa %xmm3, %xmm6 + pslldq $8, %xmm2 + psrldq $8, %xmm1 + pxor %xmm2, %xmm4 + pxor %xmm1, %xmm6 + movdqa 96(%rsp), %xmm7 + pshufd $0x4e, %xmm9, %xmm1 + pshufd $0x4e, %xmm7, %xmm2 + movdqa %xmm7, %xmm3 + movdqa %xmm7, %xmm0 + pclmulqdq $0x11, %xmm9, %xmm3 + pclmulqdq $0x00, %xmm9, %xmm0 + pxor %xmm9, %xmm1 + pxor %xmm7, %xmm2 + pclmulqdq $0x00, %xmm2, %xmm1 + pxor %xmm0, %xmm1 + pxor %xmm3, %xmm1 + movdqa %xmm1, %xmm2 + pxor %xmm0, %xmm4 + pxor %xmm3, %xmm6 + pslldq $8, %xmm2 + psrldq $8, %xmm1 + pxor %xmm2, %xmm4 + pxor %xmm1, %xmm6 + movdqa 80(%rsp), %xmm7 + pshufd $0x4e, %xmm10, %xmm1 + pshufd $0x4e, %xmm7, %xmm2 + movdqa %xmm7, %xmm3 + movdqa %xmm7, %xmm0 + pclmulqdq $0x11, %xmm10, %xmm3 + pclmulqdq $0x00, %xmm10, %xmm0 + pxor %xmm10, %xmm1 + pxor %xmm7, %xmm2 + pclmulqdq $0x00, %xmm2, %xmm1 + pxor %xmm0, %xmm1 + pxor %xmm3, %xmm1 + movdqa %xmm1, %xmm2 + pxor %xmm0, %xmm4 + pxor %xmm3, %xmm6 + pslldq $8, %xmm2 + psrldq $8, %xmm1 + pxor %xmm2, %xmm4 + pxor %xmm1, %xmm6 + movdqa 64(%rsp), %xmm7 + pshufd $0x4e, %xmm11, %xmm1 + pshufd $0x4e, %xmm7, %xmm2 + movdqa %xmm7, %xmm3 + movdqa %xmm7, %xmm0 + pclmulqdq $0x11, %xmm11, %xmm3 + pclmulqdq $0x00, %xmm11, %xmm0 + pxor %xmm11, %xmm1 + pxor %xmm7, %xmm2 + pclmulqdq $0x00, %xmm2, %xmm1 + pxor %xmm0, %xmm1 + pxor %xmm3, %xmm1 + movdqa %xmm1, %xmm2 + pxor %xmm0, %xmm4 + pxor %xmm3, %xmm6 + pslldq $8, %xmm2 + psrldq $8, %xmm1 + pxor %xmm2, %xmm4 + pxor %xmm1, %xmm6 + movdqa 48(%rsp), %xmm7 + pshufd $0x4e, %xmm12, %xmm1 + pshufd $0x4e, %xmm7, %xmm2 + movdqa %xmm7, %xmm3 + movdqa %xmm7, %xmm0 + pclmulqdq $0x11, %xmm12, %xmm3 + pclmulqdq $0x00, %xmm12, %xmm0 + pxor %xmm12, %xmm1 + pxor %xmm7, %xmm2 + pclmulqdq $0x00, %xmm2, %xmm1 + pxor %xmm0, %xmm1 + pxor %xmm3, %xmm1 + movdqa %xmm1, %xmm2 + pxor %xmm0, %xmm4 + pxor %xmm3, %xmm6 + pslldq $8, %xmm2 + psrldq $8, %xmm1 + pxor %xmm2, %xmm4 + pxor %xmm1, %xmm6 + movdqa 32(%rsp), %xmm7 + pshufd $0x4e, %xmm13, %xmm1 + pshufd $0x4e, %xmm7, %xmm2 + movdqa %xmm7, %xmm3 + movdqa %xmm7, %xmm0 + pclmulqdq $0x11, %xmm13, %xmm3 + pclmulqdq $0x00, %xmm13, %xmm0 + pxor %xmm13, %xmm1 + pxor %xmm7, %xmm2 + pclmulqdq $0x00, %xmm2, %xmm1 + pxor %xmm0, %xmm1 + pxor %xmm3, %xmm1 + movdqa %xmm1, %xmm2 + pxor %xmm0, %xmm4 + pxor %xmm3, %xmm6 + pslldq $8, %xmm2 + psrldq $8, %xmm1 + pxor %xmm2, %xmm4 + pxor %xmm1, %xmm6 + movdqa 16(%rsp), %xmm7 + pshufd $0x4e, %xmm14, %xmm1 + pshufd $0x4e, %xmm7, %xmm2 + movdqa %xmm7, %xmm3 + movdqa %xmm7, %xmm0 + pclmulqdq $0x11, %xmm14, %xmm3 + pclmulqdq $0x00, %xmm14, %xmm0 + pxor %xmm14, %xmm1 + pxor %xmm7, %xmm2 + pclmulqdq $0x00, %xmm2, %xmm1 + pxor %xmm0, %xmm1 + pxor %xmm3, %xmm1 + movdqa %xmm1, %xmm2 + pxor %xmm0, %xmm4 + pxor %xmm3, %xmm6 + pslldq $8, %xmm2 + psrldq $8, %xmm1 + pxor %xmm2, %xmm4 + pxor %xmm1, %xmm6 + movdqa (%rsp), %xmm7 + pshufd $0x4e, %xmm15, %xmm1 + pshufd $0x4e, %xmm7, %xmm2 + movdqa %xmm7, %xmm3 + movdqa %xmm7, %xmm0 + pclmulqdq $0x11, %xmm15, %xmm3 + pclmulqdq $0x00, %xmm15, %xmm0 + pxor %xmm15, %xmm1 + pxor %xmm7, %xmm2 + pclmulqdq $0x00, %xmm2, %xmm1 + pxor %xmm0, %xmm1 + pxor %xmm3, %xmm1 + movdqa %xmm1, %xmm2 + pxor %xmm0, %xmm4 + pxor %xmm3, %xmm6 + pslldq $8, %xmm2 + psrldq $8, %xmm1 + pxor %xmm2, %xmm4 + pxor %xmm1, %xmm6 + movdqa %xmm4, %xmm0 + movdqa %xmm4, %xmm1 + movdqa %xmm4, %xmm2 + pslld $31, %xmm0 + pslld $30, %xmm1 + pslld $25, %xmm2 + pxor %xmm1, %xmm0 + pxor %xmm2, %xmm0 + movdqa %xmm0, %xmm1 + psrldq $4, %xmm1 + pslldq $12, %xmm0 + pxor %xmm0, %xmm4 + movdqa %xmm4, %xmm2 + movdqa %xmm4, %xmm3 + movdqa %xmm4, %xmm0 + psrld $0x01, %xmm2 + psrld $2, %xmm3 + psrld $7, %xmm0 + pxor %xmm3, %xmm2 + pxor %xmm0, %xmm2 + pxor %xmm1, %xmm2 + pxor %xmm4, %xmm2 + pxor %xmm2, %xmm6 + movdqa (%rsp), %xmm5 +L_AES_GCM_encrypt_update_aesni_done_128: + movl %r8d, %edx + cmpl %edx, %r14d + jge L_AES_GCM_encrypt_update_aesni_done_enc + movl %r8d, %r13d + andl $0xfffffff0, %r13d + cmpl %r13d, %r14d + jge L_AES_GCM_encrypt_update_aesni_last_block_done + leaq (%r11,%r14,1), %rcx + leaq (%r10,%r14,1), %rdx + movdqa (%r12), %xmm8 + movdqa %xmm8, %xmm9 + pshufb L_aes_gcm_bswap_epi64(%rip), %xmm8 + paddd L_aes_gcm_one(%rip), %xmm9 + pxor (%rdi), %xmm8 + movdqa %xmm9, (%r12) + aesenc 16(%rdi), %xmm8 + aesenc 32(%rdi), %xmm8 + aesenc 48(%rdi), %xmm8 + aesenc 64(%rdi), %xmm8 + aesenc 80(%rdi), %xmm8 + aesenc 96(%rdi), %xmm8 + aesenc 112(%rdi), %xmm8 + aesenc 128(%rdi), %xmm8 + aesenc 144(%rdi), %xmm8 + cmpl $11, %esi + movdqa 160(%rdi), %xmm9 + jl L_AES_GCM_encrypt_update_aesni_aesenc_block_aesenc_avx_last + aesenc %xmm9, %xmm8 + aesenc 176(%rdi), %xmm8 + cmpl $13, %esi + movdqa 192(%rdi), %xmm9 + jl L_AES_GCM_encrypt_update_aesni_aesenc_block_aesenc_avx_last + aesenc %xmm9, %xmm8 + aesenc 208(%rdi), %xmm8 + movdqa 224(%rdi), %xmm9 +L_AES_GCM_encrypt_update_aesni_aesenc_block_aesenc_avx_last: + aesenclast %xmm9, %xmm8 + movdqu (%rcx), %xmm9 + pxor %xmm9, %xmm8 + movdqu %xmm8, (%rdx) + pshufb L_aes_gcm_bswap_mask(%rip), %xmm8 + pxor %xmm8, %xmm6 + addl $16, %r14d + cmpl %r13d, %r14d + jge L_AES_GCM_encrypt_update_aesni_last_block_ghash +L_AES_GCM_encrypt_update_aesni_last_block_start: + leaq (%r11,%r14,1), %rcx + leaq (%r10,%r14,1), %rdx + movdqa (%r12), %xmm8 + movdqa %xmm8, %xmm9 + pshufb L_aes_gcm_bswap_epi64(%rip), %xmm8 + paddd L_aes_gcm_one(%rip), %xmm9 + pxor (%rdi), %xmm8 + movdqa %xmm9, (%r12) + movdqa %xmm6, %xmm10 + pclmulqdq $16, %xmm5, %xmm10 + aesenc 16(%rdi), %xmm8 + aesenc 32(%rdi), %xmm8 + movdqa %xmm6, %xmm11 + pclmulqdq $0x01, %xmm5, %xmm11 + aesenc 48(%rdi), %xmm8 + aesenc 64(%rdi), %xmm8 + movdqa %xmm6, %xmm12 + pclmulqdq $0x00, %xmm5, %xmm12 + aesenc 80(%rdi), %xmm8 + movdqa %xmm6, %xmm1 + pclmulqdq $0x11, %xmm5, %xmm1 + aesenc 96(%rdi), %xmm8 + pxor %xmm11, %xmm10 + movdqa %xmm10, %xmm2 + psrldq $8, %xmm10 + pslldq $8, %xmm2 + aesenc 112(%rdi), %xmm8 + movdqa %xmm1, %xmm3 + pxor %xmm12, %xmm2 + pxor %xmm10, %xmm3 + movdqa L_aes_gcm_mod2_128(%rip), %xmm0 + movdqa %xmm2, %xmm11 + pclmulqdq $16, %xmm0, %xmm11 + aesenc 128(%rdi), %xmm8 + pshufd $0x4e, %xmm2, %xmm10 + pxor %xmm11, %xmm10 + movdqa %xmm10, %xmm11 + pclmulqdq $16, %xmm0, %xmm11 + aesenc 144(%rdi), %xmm8 + pshufd $0x4e, %xmm10, %xmm6 + pxor %xmm11, %xmm6 + pxor %xmm3, %xmm6 + cmpl $11, %esi + movdqa 160(%rdi), %xmm9 + jl L_AES_GCM_encrypt_update_aesni_aesenc_gfmul_last + aesenc %xmm9, %xmm8 + aesenc 176(%rdi), %xmm8 + cmpl $13, %esi + movdqa 192(%rdi), %xmm9 + jl L_AES_GCM_encrypt_update_aesni_aesenc_gfmul_last + aesenc %xmm9, %xmm8 + aesenc 208(%rdi), %xmm8 + movdqa 224(%rdi), %xmm9 +L_AES_GCM_encrypt_update_aesni_aesenc_gfmul_last: + aesenclast %xmm9, %xmm8 + movdqu (%rcx), %xmm9 + pxor %xmm9, %xmm8 + movdqu %xmm8, (%rdx) + pshufb L_aes_gcm_bswap_mask(%rip), %xmm8 + pxor %xmm8, %xmm6 + addl $16, %r14d + cmpl %r13d, %r14d + jl L_AES_GCM_encrypt_update_aesni_last_block_start +L_AES_GCM_encrypt_update_aesni_last_block_ghash: + pshufd $0x4e, %xmm5, %xmm9 + pshufd $0x4e, %xmm6, %xmm10 + movdqa %xmm6, %xmm11 + movdqa %xmm6, %xmm8 + pclmulqdq $0x11, %xmm5, %xmm11 + pclmulqdq $0x00, %xmm5, %xmm8 + pxor %xmm5, %xmm9 + pxor %xmm6, %xmm10 + pclmulqdq $0x00, %xmm10, %xmm9 + pxor %xmm8, %xmm9 + pxor %xmm11, %xmm9 + movdqa %xmm9, %xmm10 + movdqa %xmm11, %xmm6 + pslldq $8, %xmm10 + psrldq $8, %xmm9 + pxor %xmm10, %xmm8 + pxor %xmm9, %xmm6 + movdqa %xmm8, %xmm12 + movdqa %xmm8, %xmm13 + movdqa %xmm8, %xmm14 + pslld $31, %xmm12 + pslld $30, %xmm13 + pslld $25, %xmm14 + pxor %xmm13, %xmm12 + pxor %xmm14, %xmm12 + movdqa %xmm12, %xmm13 + psrldq $4, %xmm13 + pslldq $12, %xmm12 + pxor %xmm12, %xmm8 + movdqa %xmm8, %xmm14 + movdqa %xmm8, %xmm10 + movdqa %xmm8, %xmm9 + psrld $0x01, %xmm14 + psrld $2, %xmm10 + psrld $7, %xmm9 + pxor %xmm10, %xmm14 + pxor %xmm9, %xmm14 + pxor %xmm13, %xmm14 + pxor %xmm8, %xmm14 + pxor %xmm14, %xmm6 +L_AES_GCM_encrypt_update_aesni_last_block_done: +L_AES_GCM_encrypt_update_aesni_done_enc: + movdqa %xmm6, (%r9) + addq $0xa0, %rsp + popq %r14 + popq %r12 + popq %r13 + repz retq +#ifndef __APPLE__ +.size AES_GCM_encrypt_update_aesni,.-AES_GCM_encrypt_update_aesni +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_GCM_encrypt_final_aesni +.type AES_GCM_encrypt_final_aesni,@function +.align 16 +AES_GCM_encrypt_final_aesni: +#else +.section __TEXT,__text +.globl _AES_GCM_encrypt_final_aesni +.p2align 4 +_AES_GCM_encrypt_final_aesni: +#endif /* __APPLE__ */ + pushq %r13 + movq %rdx, %rax + movl %ecx, %r10d + movl %r8d, %r11d + movq 16(%rsp), %r8 + subq $16, %rsp + movdqa (%rdi), %xmm4 + movdqa (%r9), %xmm5 + movdqa (%r8), %xmm6 + movdqa %xmm5, %xmm9 + movdqa %xmm5, %xmm8 + psrlq $63, %xmm9 + psllq $0x01, %xmm8 + pslldq $8, %xmm9 + por %xmm9, %xmm8 + pshufd $0xff, %xmm5, %xmm5 + psrad $31, %xmm5 + pand L_aes_gcm_mod2_128(%rip), %xmm5 + pxor %xmm8, %xmm5 + movl %r10d, %edx + movl %r11d, %ecx + shlq $3, %rdx + shlq $3, %rcx + pinsrq $0x00, %rdx, %xmm0 + pinsrq $0x01, %rcx, %xmm0 + pxor %xmm0, %xmm4 + pshufd $0x4e, %xmm5, %xmm9 + pshufd $0x4e, %xmm4, %xmm10 + movdqa %xmm4, %xmm11 + movdqa %xmm4, %xmm8 + pclmulqdq $0x11, %xmm5, %xmm11 + pclmulqdq $0x00, %xmm5, %xmm8 + pxor %xmm5, %xmm9 + pxor %xmm4, %xmm10 + pclmulqdq $0x00, %xmm10, %xmm9 + pxor %xmm8, %xmm9 + pxor %xmm11, %xmm9 + movdqa %xmm9, %xmm10 + movdqa %xmm11, %xmm4 + pslldq $8, %xmm10 + psrldq $8, %xmm9 + pxor %xmm10, %xmm8 + pxor %xmm9, %xmm4 + movdqa %xmm8, %xmm12 + movdqa %xmm8, %xmm13 + movdqa %xmm8, %xmm14 + pslld $31, %xmm12 + pslld $30, %xmm13 + pslld $25, %xmm14 + pxor %xmm13, %xmm12 + pxor %xmm14, %xmm12 + movdqa %xmm12, %xmm13 + psrldq $4, %xmm13 + pslldq $12, %xmm12 + pxor %xmm12, %xmm8 + movdqa %xmm8, %xmm14 + movdqa %xmm8, %xmm10 + movdqa %xmm8, %xmm9 + psrld $0x01, %xmm14 + psrld $2, %xmm10 + psrld $7, %xmm9 + pxor %xmm10, %xmm14 + pxor %xmm9, %xmm14 + pxor %xmm13, %xmm14 + pxor %xmm8, %xmm14 + pxor %xmm14, %xmm4 + pshufb L_aes_gcm_bswap_mask(%rip), %xmm4 + movdqa %xmm6, %xmm0 + pxor %xmm4, %xmm0 + cmpl $16, %eax + je L_AES_GCM_encrypt_final_aesni_store_tag_16 + xorq %rcx, %rcx + movdqa %xmm0, (%rsp) +L_AES_GCM_encrypt_final_aesni_store_tag_loop: + movzbl (%rsp,%rcx,1), %r13d + movb %r13b, (%rsi,%rcx,1) + incl %ecx + cmpl %eax, %ecx + jne L_AES_GCM_encrypt_final_aesni_store_tag_loop + jmp L_AES_GCM_encrypt_final_aesni_store_tag_done +L_AES_GCM_encrypt_final_aesni_store_tag_16: + movdqu %xmm0, (%rsi) +L_AES_GCM_encrypt_final_aesni_store_tag_done: + addq $16, %rsp + popq %r13 + repz retq +#ifndef __APPLE__ +.size AES_GCM_encrypt_final_aesni,.-AES_GCM_encrypt_final_aesni +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_GCM_decrypt_update_aesni +.type AES_GCM_decrypt_update_aesni,@function +.align 16 +AES_GCM_decrypt_update_aesni: +#else +.section __TEXT,__text +.globl _AES_GCM_decrypt_update_aesni +.p2align 4 +_AES_GCM_decrypt_update_aesni: +#endif /* __APPLE__ */ + pushq %r13 + pushq %r12 + pushq %r14 + pushq %r15 + movq %rdx, %r10 + movq %rcx, %r11 + movq 40(%rsp), %rax + movq 48(%rsp), %r12 + subq $0xa8, %rsp + movdqa (%r9), %xmm6 + movdqa (%rax), %xmm5 + movdqa %xmm5, %xmm9 + movdqa %xmm5, %xmm8 + psrlq $63, %xmm9 + psllq $0x01, %xmm8 + pslldq $8, %xmm9 + por %xmm9, %xmm8 + pshufd $0xff, %xmm5, %xmm5 + psrad $31, %xmm5 + pand L_aes_gcm_mod2_128(%rip), %xmm5 + pxor %xmm8, %xmm5 + xorl %r14d, %r14d + cmpl $0x80, %r8d + movl %r8d, %r13d + jl L_AES_GCM_decrypt_update_aesni_done_128 + andl $0xffffff80, %r13d + movdqa %xmm6, %xmm2 + # H ^ 1 + movdqa %xmm5, (%rsp) + # H ^ 2 + pshufd $0x4e, %xmm5, %xmm9 + pshufd $0x4e, %xmm5, %xmm10 + movdqa %xmm5, %xmm11 + movdqa %xmm5, %xmm8 + pclmulqdq $0x11, %xmm5, %xmm11 + pclmulqdq $0x00, %xmm5, %xmm8 + pxor %xmm5, %xmm9 + pxor %xmm5, %xmm10 + pclmulqdq $0x00, %xmm10, %xmm9 + pxor %xmm8, %xmm9 + pxor %xmm11, %xmm9 + movdqa %xmm9, %xmm10 + movdqa %xmm11, %xmm0 + pslldq $8, %xmm10 + psrldq $8, %xmm9 + pxor %xmm10, %xmm8 + pxor %xmm9, %xmm0 + movdqa %xmm8, %xmm12 + movdqa %xmm8, %xmm13 + movdqa %xmm8, %xmm14 + pslld $31, %xmm12 + pslld $30, %xmm13 + pslld $25, %xmm14 + pxor %xmm13, %xmm12 + pxor %xmm14, %xmm12 + movdqa %xmm12, %xmm13 + psrldq $4, %xmm13 + pslldq $12, %xmm12 + pxor %xmm12, %xmm8 + movdqa %xmm8, %xmm14 + movdqa %xmm8, %xmm10 + movdqa %xmm8, %xmm9 + psrld $0x01, %xmm14 + psrld $2, %xmm10 + psrld $7, %xmm9 + pxor %xmm10, %xmm14 + pxor %xmm9, %xmm14 + pxor %xmm13, %xmm14 + pxor %xmm8, %xmm14 + pxor %xmm14, %xmm0 + movdqa %xmm0, 16(%rsp) + # H ^ 3 + pshufd $0x4e, %xmm5, %xmm9 + pshufd $0x4e, %xmm0, %xmm10 + movdqa %xmm0, %xmm11 + movdqa %xmm0, %xmm8 + pclmulqdq $0x11, %xmm5, %xmm11 + pclmulqdq $0x00, %xmm5, %xmm8 + pxor %xmm5, %xmm9 + pxor %xmm0, %xmm10 + pclmulqdq $0x00, %xmm10, %xmm9 + pxor %xmm8, %xmm9 + pxor %xmm11, %xmm9 + movdqa %xmm9, %xmm10 + movdqa %xmm11, %xmm1 + pslldq $8, %xmm10 + psrldq $8, %xmm9 + pxor %xmm10, %xmm8 + pxor %xmm9, %xmm1 + movdqa %xmm8, %xmm12 + movdqa %xmm8, %xmm13 + movdqa %xmm8, %xmm14 + pslld $31, %xmm12 + pslld $30, %xmm13 + pslld $25, %xmm14 + pxor %xmm13, %xmm12 + pxor %xmm14, %xmm12 + movdqa %xmm12, %xmm13 + psrldq $4, %xmm13 + pslldq $12, %xmm12 + pxor %xmm12, %xmm8 + movdqa %xmm8, %xmm14 + movdqa %xmm8, %xmm10 + movdqa %xmm8, %xmm9 + psrld $0x01, %xmm14 + psrld $2, %xmm10 + psrld $7, %xmm9 + pxor %xmm10, %xmm14 + pxor %xmm9, %xmm14 + pxor %xmm13, %xmm14 + pxor %xmm8, %xmm14 + pxor %xmm14, %xmm1 + movdqa %xmm1, 32(%rsp) + # H ^ 4 + pshufd $0x4e, %xmm0, %xmm9 + pshufd $0x4e, %xmm0, %xmm10 + movdqa %xmm0, %xmm11 + movdqa %xmm0, %xmm8 + pclmulqdq $0x11, %xmm0, %xmm11 + pclmulqdq $0x00, %xmm0, %xmm8 + pxor %xmm0, %xmm9 + pxor %xmm0, %xmm10 + pclmulqdq $0x00, %xmm10, %xmm9 + pxor %xmm8, %xmm9 + pxor %xmm11, %xmm9 + movdqa %xmm9, %xmm10 + movdqa %xmm11, %xmm3 + pslldq $8, %xmm10 + psrldq $8, %xmm9 + pxor %xmm10, %xmm8 + pxor %xmm9, %xmm3 + movdqa %xmm8, %xmm12 + movdqa %xmm8, %xmm13 + movdqa %xmm8, %xmm14 + pslld $31, %xmm12 + pslld $30, %xmm13 + pslld $25, %xmm14 + pxor %xmm13, %xmm12 + pxor %xmm14, %xmm12 + movdqa %xmm12, %xmm13 + psrldq $4, %xmm13 + pslldq $12, %xmm12 + pxor %xmm12, %xmm8 + movdqa %xmm8, %xmm14 + movdqa %xmm8, %xmm10 + movdqa %xmm8, %xmm9 + psrld $0x01, %xmm14 + psrld $2, %xmm10 + psrld $7, %xmm9 + pxor %xmm10, %xmm14 + pxor %xmm9, %xmm14 + pxor %xmm13, %xmm14 + pxor %xmm8, %xmm14 + pxor %xmm14, %xmm3 + movdqa %xmm3, 48(%rsp) + # H ^ 5 + pshufd $0x4e, %xmm0, %xmm9 + pshufd $0x4e, %xmm1, %xmm10 + movdqa %xmm1, %xmm11 + movdqa %xmm1, %xmm8 + pclmulqdq $0x11, %xmm0, %xmm11 + pclmulqdq $0x00, %xmm0, %xmm8 + pxor %xmm0, %xmm9 + pxor %xmm1, %xmm10 + pclmulqdq $0x00, %xmm10, %xmm9 + pxor %xmm8, %xmm9 + pxor %xmm11, %xmm9 + movdqa %xmm9, %xmm10 + movdqa %xmm11, %xmm7 + pslldq $8, %xmm10 + psrldq $8, %xmm9 + pxor %xmm10, %xmm8 + pxor %xmm9, %xmm7 + movdqa %xmm8, %xmm12 + movdqa %xmm8, %xmm13 + movdqa %xmm8, %xmm14 + pslld $31, %xmm12 + pslld $30, %xmm13 + pslld $25, %xmm14 + pxor %xmm13, %xmm12 + pxor %xmm14, %xmm12 + movdqa %xmm12, %xmm13 + psrldq $4, %xmm13 + pslldq $12, %xmm12 + pxor %xmm12, %xmm8 + movdqa %xmm8, %xmm14 + movdqa %xmm8, %xmm10 + movdqa %xmm8, %xmm9 + psrld $0x01, %xmm14 + psrld $2, %xmm10 + psrld $7, %xmm9 + pxor %xmm10, %xmm14 + pxor %xmm9, %xmm14 + pxor %xmm13, %xmm14 + pxor %xmm8, %xmm14 + pxor %xmm14, %xmm7 + movdqa %xmm7, 64(%rsp) + # H ^ 6 + pshufd $0x4e, %xmm1, %xmm9 + pshufd $0x4e, %xmm1, %xmm10 + movdqa %xmm1, %xmm11 + movdqa %xmm1, %xmm8 + pclmulqdq $0x11, %xmm1, %xmm11 + pclmulqdq $0x00, %xmm1, %xmm8 + pxor %xmm1, %xmm9 + pxor %xmm1, %xmm10 + pclmulqdq $0x00, %xmm10, %xmm9 + pxor %xmm8, %xmm9 + pxor %xmm11, %xmm9 + movdqa %xmm9, %xmm10 + movdqa %xmm11, %xmm7 + pslldq $8, %xmm10 + psrldq $8, %xmm9 + pxor %xmm10, %xmm8 + pxor %xmm9, %xmm7 + movdqa %xmm8, %xmm12 + movdqa %xmm8, %xmm13 + movdqa %xmm8, %xmm14 + pslld $31, %xmm12 + pslld $30, %xmm13 + pslld $25, %xmm14 + pxor %xmm13, %xmm12 + pxor %xmm14, %xmm12 + movdqa %xmm12, %xmm13 + psrldq $4, %xmm13 + pslldq $12, %xmm12 + pxor %xmm12, %xmm8 + movdqa %xmm8, %xmm14 + movdqa %xmm8, %xmm10 + movdqa %xmm8, %xmm9 + psrld $0x01, %xmm14 + psrld $2, %xmm10 + psrld $7, %xmm9 + pxor %xmm10, %xmm14 + pxor %xmm9, %xmm14 + pxor %xmm13, %xmm14 + pxor %xmm8, %xmm14 + pxor %xmm14, %xmm7 + movdqa %xmm7, 80(%rsp) + # H ^ 7 + pshufd $0x4e, %xmm1, %xmm9 + pshufd $0x4e, %xmm3, %xmm10 + movdqa %xmm3, %xmm11 + movdqa %xmm3, %xmm8 + pclmulqdq $0x11, %xmm1, %xmm11 + pclmulqdq $0x00, %xmm1, %xmm8 + pxor %xmm1, %xmm9 + pxor %xmm3, %xmm10 + pclmulqdq $0x00, %xmm10, %xmm9 + pxor %xmm8, %xmm9 + pxor %xmm11, %xmm9 + movdqa %xmm9, %xmm10 + movdqa %xmm11, %xmm7 + pslldq $8, %xmm10 + psrldq $8, %xmm9 + pxor %xmm10, %xmm8 + pxor %xmm9, %xmm7 + movdqa %xmm8, %xmm12 + movdqa %xmm8, %xmm13 + movdqa %xmm8, %xmm14 + pslld $31, %xmm12 + pslld $30, %xmm13 + pslld $25, %xmm14 + pxor %xmm13, %xmm12 + pxor %xmm14, %xmm12 + movdqa %xmm12, %xmm13 + psrldq $4, %xmm13 + pslldq $12, %xmm12 + pxor %xmm12, %xmm8 + movdqa %xmm8, %xmm14 + movdqa %xmm8, %xmm10 + movdqa %xmm8, %xmm9 + psrld $0x01, %xmm14 + psrld $2, %xmm10 + psrld $7, %xmm9 + pxor %xmm10, %xmm14 + pxor %xmm9, %xmm14 + pxor %xmm13, %xmm14 + pxor %xmm8, %xmm14 + pxor %xmm14, %xmm7 + movdqa %xmm7, 96(%rsp) + # H ^ 8 + pshufd $0x4e, %xmm3, %xmm9 + pshufd $0x4e, %xmm3, %xmm10 + movdqa %xmm3, %xmm11 + movdqa %xmm3, %xmm8 + pclmulqdq $0x11, %xmm3, %xmm11 + pclmulqdq $0x00, %xmm3, %xmm8 + pxor %xmm3, %xmm9 + pxor %xmm3, %xmm10 + pclmulqdq $0x00, %xmm10, %xmm9 + pxor %xmm8, %xmm9 + pxor %xmm11, %xmm9 + movdqa %xmm9, %xmm10 + movdqa %xmm11, %xmm7 + pslldq $8, %xmm10 + psrldq $8, %xmm9 + pxor %xmm10, %xmm8 + pxor %xmm9, %xmm7 + movdqa %xmm8, %xmm12 + movdqa %xmm8, %xmm13 + movdqa %xmm8, %xmm14 + pslld $31, %xmm12 + pslld $30, %xmm13 + pslld $25, %xmm14 + pxor %xmm13, %xmm12 + pxor %xmm14, %xmm12 + movdqa %xmm12, %xmm13 + psrldq $4, %xmm13 + pslldq $12, %xmm12 + pxor %xmm12, %xmm8 + movdqa %xmm8, %xmm14 + movdqa %xmm8, %xmm10 + movdqa %xmm8, %xmm9 + psrld $0x01, %xmm14 + psrld $2, %xmm10 + psrld $7, %xmm9 + pxor %xmm10, %xmm14 + pxor %xmm9, %xmm14 + pxor %xmm13, %xmm14 + pxor %xmm8, %xmm14 + pxor %xmm14, %xmm7 + movdqa %xmm7, 112(%rsp) +L_AES_GCM_decrypt_update_aesni_ghash_128: + leaq (%r11,%r14,1), %rcx + leaq (%r10,%r14,1), %rdx + movdqa (%r12), %xmm8 + movdqa L_aes_gcm_bswap_epi64(%rip), %xmm1 + movdqa %xmm8, %xmm0 + pshufb %xmm1, %xmm8 + movdqa %xmm0, %xmm9 + paddd L_aes_gcm_one(%rip), %xmm9 + pshufb %xmm1, %xmm9 + movdqa %xmm0, %xmm10 + paddd L_aes_gcm_two(%rip), %xmm10 + pshufb %xmm1, %xmm10 + movdqa %xmm0, %xmm11 + paddd L_aes_gcm_three(%rip), %xmm11 + pshufb %xmm1, %xmm11 + movdqa %xmm0, %xmm12 + paddd L_aes_gcm_four(%rip), %xmm12 + pshufb %xmm1, %xmm12 + movdqa %xmm0, %xmm13 + paddd L_aes_gcm_five(%rip), %xmm13 + pshufb %xmm1, %xmm13 + movdqa %xmm0, %xmm14 + paddd L_aes_gcm_six(%rip), %xmm14 + pshufb %xmm1, %xmm14 + movdqa %xmm0, %xmm15 + paddd L_aes_gcm_seven(%rip), %xmm15 + pshufb %xmm1, %xmm15 + paddd L_aes_gcm_eight(%rip), %xmm0 + movdqa (%rdi), %xmm7 + movdqa %xmm0, (%r12) + pxor %xmm7, %xmm8 + pxor %xmm7, %xmm9 + pxor %xmm7, %xmm10 + pxor %xmm7, %xmm11 + pxor %xmm7, %xmm12 + pxor %xmm7, %xmm13 + pxor %xmm7, %xmm14 + pxor %xmm7, %xmm15 + movdqa 112(%rsp), %xmm7 + movdqu (%rcx), %xmm0 + aesenc 16(%rdi), %xmm8 + pshufb L_aes_gcm_bswap_mask(%rip), %xmm0 + pxor %xmm2, %xmm0 + pshufd $0x4e, %xmm7, %xmm1 + pshufd $0x4e, %xmm0, %xmm5 + pxor %xmm7, %xmm1 + pxor %xmm0, %xmm5 + movdqa %xmm0, %xmm3 + pclmulqdq $0x11, %xmm7, %xmm3 + aesenc 16(%rdi), %xmm9 + aesenc 16(%rdi), %xmm10 + movdqa %xmm0, %xmm2 + pclmulqdq $0x00, %xmm7, %xmm2 + aesenc 16(%rdi), %xmm11 + aesenc 16(%rdi), %xmm12 + pclmulqdq $0x00, %xmm5, %xmm1 + aesenc 16(%rdi), %xmm13 + aesenc 16(%rdi), %xmm14 + aesenc 16(%rdi), %xmm15 + pxor %xmm2, %xmm1 + pxor %xmm3, %xmm1 + movdqa 96(%rsp), %xmm7 + movdqu 16(%rcx), %xmm0 + pshufd $0x4e, %xmm7, %xmm4 + pshufb L_aes_gcm_bswap_mask(%rip), %xmm0 + aesenc 32(%rdi), %xmm8 + pxor %xmm7, %xmm4 + pshufd $0x4e, %xmm0, %xmm5 + pxor %xmm0, %xmm5 + movdqa %xmm0, %xmm6 + pclmulqdq $0x11, %xmm7, %xmm6 + aesenc 32(%rdi), %xmm9 + aesenc 32(%rdi), %xmm10 + pclmulqdq $0x00, %xmm0, %xmm7 + aesenc 32(%rdi), %xmm11 + aesenc 32(%rdi), %xmm12 + pclmulqdq $0x00, %xmm5, %xmm4 + aesenc 32(%rdi), %xmm13 + aesenc 32(%rdi), %xmm14 + aesenc 32(%rdi), %xmm15 + pxor %xmm7, %xmm1 + pxor %xmm7, %xmm2 + pxor %xmm6, %xmm1 + pxor %xmm6, %xmm3 + pxor %xmm4, %xmm1 + movdqa 80(%rsp), %xmm7 + movdqu 32(%rcx), %xmm0 + pshufd $0x4e, %xmm7, %xmm4 + pshufb L_aes_gcm_bswap_mask(%rip), %xmm0 + aesenc 48(%rdi), %xmm8 + pxor %xmm7, %xmm4 + pshufd $0x4e, %xmm0, %xmm5 + pxor %xmm0, %xmm5 + movdqa %xmm0, %xmm6 + pclmulqdq $0x11, %xmm7, %xmm6 + aesenc 48(%rdi), %xmm9 + aesenc 48(%rdi), %xmm10 + pclmulqdq $0x00, %xmm0, %xmm7 + aesenc 48(%rdi), %xmm11 + aesenc 48(%rdi), %xmm12 + pclmulqdq $0x00, %xmm5, %xmm4 + aesenc 48(%rdi), %xmm13 + aesenc 48(%rdi), %xmm14 + aesenc 48(%rdi), %xmm15 + pxor %xmm7, %xmm1 + pxor %xmm7, %xmm2 + pxor %xmm6, %xmm1 + pxor %xmm6, %xmm3 + pxor %xmm4, %xmm1 + movdqa 64(%rsp), %xmm7 + movdqu 48(%rcx), %xmm0 + pshufd $0x4e, %xmm7, %xmm4 + pshufb L_aes_gcm_bswap_mask(%rip), %xmm0 + aesenc 64(%rdi), %xmm8 + pxor %xmm7, %xmm4 + pshufd $0x4e, %xmm0, %xmm5 + pxor %xmm0, %xmm5 + movdqa %xmm0, %xmm6 + pclmulqdq $0x11, %xmm7, %xmm6 + aesenc 64(%rdi), %xmm9 + aesenc 64(%rdi), %xmm10 + pclmulqdq $0x00, %xmm0, %xmm7 + aesenc 64(%rdi), %xmm11 + aesenc 64(%rdi), %xmm12 + pclmulqdq $0x00, %xmm5, %xmm4 + aesenc 64(%rdi), %xmm13 + aesenc 64(%rdi), %xmm14 + aesenc 64(%rdi), %xmm15 + pxor %xmm7, %xmm1 + pxor %xmm7, %xmm2 + pxor %xmm6, %xmm1 + pxor %xmm6, %xmm3 + pxor %xmm4, %xmm1 + movdqa 48(%rsp), %xmm7 + movdqu 64(%rcx), %xmm0 + pshufd $0x4e, %xmm7, %xmm4 + pshufb L_aes_gcm_bswap_mask(%rip), %xmm0 + aesenc 80(%rdi), %xmm8 + pxor %xmm7, %xmm4 + pshufd $0x4e, %xmm0, %xmm5 + pxor %xmm0, %xmm5 + movdqa %xmm0, %xmm6 + pclmulqdq $0x11, %xmm7, %xmm6 + aesenc 80(%rdi), %xmm9 + aesenc 80(%rdi), %xmm10 + pclmulqdq $0x00, %xmm0, %xmm7 + aesenc 80(%rdi), %xmm11 + aesenc 80(%rdi), %xmm12 + pclmulqdq $0x00, %xmm5, %xmm4 + aesenc 80(%rdi), %xmm13 + aesenc 80(%rdi), %xmm14 + aesenc 80(%rdi), %xmm15 + pxor %xmm7, %xmm1 + pxor %xmm7, %xmm2 + pxor %xmm6, %xmm1 + pxor %xmm6, %xmm3 + pxor %xmm4, %xmm1 + movdqa 32(%rsp), %xmm7 + movdqu 80(%rcx), %xmm0 + pshufd $0x4e, %xmm7, %xmm4 + pshufb L_aes_gcm_bswap_mask(%rip), %xmm0 + aesenc 96(%rdi), %xmm8 + pxor %xmm7, %xmm4 + pshufd $0x4e, %xmm0, %xmm5 + pxor %xmm0, %xmm5 + movdqa %xmm0, %xmm6 + pclmulqdq $0x11, %xmm7, %xmm6 + aesenc 96(%rdi), %xmm9 + aesenc 96(%rdi), %xmm10 + pclmulqdq $0x00, %xmm0, %xmm7 + aesenc 96(%rdi), %xmm11 + aesenc 96(%rdi), %xmm12 + pclmulqdq $0x00, %xmm5, %xmm4 + aesenc 96(%rdi), %xmm13 + aesenc 96(%rdi), %xmm14 + aesenc 96(%rdi), %xmm15 + pxor %xmm7, %xmm1 + pxor %xmm7, %xmm2 + pxor %xmm6, %xmm1 + pxor %xmm6, %xmm3 + pxor %xmm4, %xmm1 + movdqa 16(%rsp), %xmm7 + movdqu 96(%rcx), %xmm0 + pshufd $0x4e, %xmm7, %xmm4 + pshufb L_aes_gcm_bswap_mask(%rip), %xmm0 + aesenc 112(%rdi), %xmm8 + pxor %xmm7, %xmm4 + pshufd $0x4e, %xmm0, %xmm5 + pxor %xmm0, %xmm5 + movdqa %xmm0, %xmm6 + pclmulqdq $0x11, %xmm7, %xmm6 + aesenc 112(%rdi), %xmm9 + aesenc 112(%rdi), %xmm10 + pclmulqdq $0x00, %xmm0, %xmm7 + aesenc 112(%rdi), %xmm11 + aesenc 112(%rdi), %xmm12 + pclmulqdq $0x00, %xmm5, %xmm4 + aesenc 112(%rdi), %xmm13 + aesenc 112(%rdi), %xmm14 + aesenc 112(%rdi), %xmm15 + pxor %xmm7, %xmm1 + pxor %xmm7, %xmm2 + pxor %xmm6, %xmm1 + pxor %xmm6, %xmm3 + pxor %xmm4, %xmm1 + movdqa (%rsp), %xmm7 + movdqu 112(%rcx), %xmm0 + pshufd $0x4e, %xmm7, %xmm4 + pshufb L_aes_gcm_bswap_mask(%rip), %xmm0 + aesenc 128(%rdi), %xmm8 + pxor %xmm7, %xmm4 + pshufd $0x4e, %xmm0, %xmm5 + pxor %xmm0, %xmm5 + movdqa %xmm0, %xmm6 + pclmulqdq $0x11, %xmm7, %xmm6 + aesenc 128(%rdi), %xmm9 + aesenc 128(%rdi), %xmm10 + pclmulqdq $0x00, %xmm0, %xmm7 + aesenc 128(%rdi), %xmm11 + aesenc 128(%rdi), %xmm12 + pclmulqdq $0x00, %xmm5, %xmm4 + aesenc 128(%rdi), %xmm13 + aesenc 128(%rdi), %xmm14 + aesenc 128(%rdi), %xmm15 + pxor %xmm7, %xmm1 + pxor %xmm7, %xmm2 + pxor %xmm6, %xmm1 + pxor %xmm6, %xmm3 + pxor %xmm4, %xmm1 + movdqa %xmm1, %xmm5 + psrldq $8, %xmm1 + pslldq $8, %xmm5 + aesenc 144(%rdi), %xmm8 + pxor %xmm5, %xmm2 + pxor %xmm1, %xmm3 + movdqa %xmm2, %xmm7 + movdqa %xmm2, %xmm4 + movdqa %xmm2, %xmm5 + aesenc 144(%rdi), %xmm9 + pslld $31, %xmm7 + pslld $30, %xmm4 + pslld $25, %xmm5 + aesenc 144(%rdi), %xmm10 + pxor %xmm4, %xmm7 + pxor %xmm5, %xmm7 + aesenc 144(%rdi), %xmm11 + movdqa %xmm7, %xmm4 + pslldq $12, %xmm7 + psrldq $4, %xmm4 + aesenc 144(%rdi), %xmm12 + pxor %xmm7, %xmm2 + movdqa %xmm2, %xmm5 + movdqa %xmm2, %xmm1 + movdqa %xmm2, %xmm0 + aesenc 144(%rdi), %xmm13 + psrld $0x01, %xmm5 + psrld $2, %xmm1 + psrld $7, %xmm0 + aesenc 144(%rdi), %xmm14 + pxor %xmm1, %xmm5 + pxor %xmm0, %xmm5 + aesenc 144(%rdi), %xmm15 + pxor %xmm4, %xmm5 + pxor %xmm5, %xmm2 + pxor %xmm3, %xmm2 + cmpl $11, %esi + movdqa 160(%rdi), %xmm7 + jl L_AES_GCM_decrypt_update_aesni_aesenc_128_ghash_avx_done + aesenc %xmm7, %xmm8 + aesenc %xmm7, %xmm9 + aesenc %xmm7, %xmm10 + aesenc %xmm7, %xmm11 + aesenc %xmm7, %xmm12 + aesenc %xmm7, %xmm13 + aesenc %xmm7, %xmm14 + aesenc %xmm7, %xmm15 + movdqa 176(%rdi), %xmm7 + aesenc %xmm7, %xmm8 + aesenc %xmm7, %xmm9 + aesenc %xmm7, %xmm10 + aesenc %xmm7, %xmm11 + aesenc %xmm7, %xmm12 + aesenc %xmm7, %xmm13 + aesenc %xmm7, %xmm14 + aesenc %xmm7, %xmm15 + cmpl $13, %esi + movdqa 192(%rdi), %xmm7 + jl L_AES_GCM_decrypt_update_aesni_aesenc_128_ghash_avx_done + aesenc %xmm7, %xmm8 + aesenc %xmm7, %xmm9 + aesenc %xmm7, %xmm10 + aesenc %xmm7, %xmm11 + aesenc %xmm7, %xmm12 + aesenc %xmm7, %xmm13 + aesenc %xmm7, %xmm14 + aesenc %xmm7, %xmm15 + movdqa 208(%rdi), %xmm7 + aesenc %xmm7, %xmm8 + aesenc %xmm7, %xmm9 + aesenc %xmm7, %xmm10 + aesenc %xmm7, %xmm11 + aesenc %xmm7, %xmm12 + aesenc %xmm7, %xmm13 + aesenc %xmm7, %xmm14 + aesenc %xmm7, %xmm15 + movdqa 224(%rdi), %xmm7 +L_AES_GCM_decrypt_update_aesni_aesenc_128_ghash_avx_done: + aesenclast %xmm7, %xmm8 + aesenclast %xmm7, %xmm9 + movdqu (%rcx), %xmm0 + movdqu 16(%rcx), %xmm1 + pxor %xmm0, %xmm8 + pxor %xmm1, %xmm9 + movdqu %xmm8, (%rdx) + movdqu %xmm9, 16(%rdx) + aesenclast %xmm7, %xmm10 + aesenclast %xmm7, %xmm11 + movdqu 32(%rcx), %xmm0 + movdqu 48(%rcx), %xmm1 + pxor %xmm0, %xmm10 + pxor %xmm1, %xmm11 + movdqu %xmm10, 32(%rdx) + movdqu %xmm11, 48(%rdx) + aesenclast %xmm7, %xmm12 + aesenclast %xmm7, %xmm13 + movdqu 64(%rcx), %xmm0 + movdqu 80(%rcx), %xmm1 + pxor %xmm0, %xmm12 + pxor %xmm1, %xmm13 + movdqu %xmm12, 64(%rdx) + movdqu %xmm13, 80(%rdx) + aesenclast %xmm7, %xmm14 + aesenclast %xmm7, %xmm15 + movdqu 96(%rcx), %xmm0 + movdqu 112(%rcx), %xmm1 + pxor %xmm0, %xmm14 + pxor %xmm1, %xmm15 + movdqu %xmm14, 96(%rdx) + movdqu %xmm15, 112(%rdx) + addl $0x80, %r14d + cmpl %r13d, %r14d + jl L_AES_GCM_decrypt_update_aesni_ghash_128 + movdqa %xmm2, %xmm6 + movdqa (%rsp), %xmm5 +L_AES_GCM_decrypt_update_aesni_done_128: + movl %r8d, %edx + cmpl %edx, %r14d + jge L_AES_GCM_decrypt_update_aesni_done_dec + movl %r8d, %r13d + andl $0xfffffff0, %r13d + cmpl %r13d, %r14d + jge L_AES_GCM_decrypt_update_aesni_last_block_done +L_AES_GCM_decrypt_update_aesni_last_block_start: + leaq (%r11,%r14,1), %rcx + leaq (%r10,%r14,1), %rdx + movdqu (%rcx), %xmm1 + movdqa %xmm5, %xmm0 + pshufb L_aes_gcm_bswap_mask(%rip), %xmm1 + pxor %xmm6, %xmm1 + movdqa (%r12), %xmm8 + movdqa %xmm8, %xmm9 + pshufb L_aes_gcm_bswap_epi64(%rip), %xmm8 + paddd L_aes_gcm_one(%rip), %xmm9 + pxor (%rdi), %xmm8 + movdqa %xmm9, (%r12) + movdqa %xmm1, %xmm10 + pclmulqdq $16, %xmm0, %xmm10 + aesenc 16(%rdi), %xmm8 + aesenc 32(%rdi), %xmm8 + movdqa %xmm1, %xmm11 + pclmulqdq $0x01, %xmm0, %xmm11 + aesenc 48(%rdi), %xmm8 + aesenc 64(%rdi), %xmm8 + movdqa %xmm1, %xmm12 + pclmulqdq $0x00, %xmm0, %xmm12 + aesenc 80(%rdi), %xmm8 + movdqa %xmm1, %xmm1 + pclmulqdq $0x11, %xmm0, %xmm1 + aesenc 96(%rdi), %xmm8 + pxor %xmm11, %xmm10 + movdqa %xmm10, %xmm2 + psrldq $8, %xmm10 + pslldq $8, %xmm2 + aesenc 112(%rdi), %xmm8 + movdqa %xmm1, %xmm3 + pxor %xmm12, %xmm2 + pxor %xmm10, %xmm3 + movdqa L_aes_gcm_mod2_128(%rip), %xmm0 + movdqa %xmm2, %xmm11 + pclmulqdq $16, %xmm0, %xmm11 + aesenc 128(%rdi), %xmm8 + pshufd $0x4e, %xmm2, %xmm10 + pxor %xmm11, %xmm10 + movdqa %xmm10, %xmm11 + pclmulqdq $16, %xmm0, %xmm11 + aesenc 144(%rdi), %xmm8 + pshufd $0x4e, %xmm10, %xmm6 + pxor %xmm11, %xmm6 + pxor %xmm3, %xmm6 + cmpl $11, %esi + movdqa 160(%rdi), %xmm9 + jl L_AES_GCM_decrypt_update_aesni_aesenc_gfmul_last + aesenc %xmm9, %xmm8 + aesenc 176(%rdi), %xmm8 + cmpl $13, %esi + movdqa 192(%rdi), %xmm9 + jl L_AES_GCM_decrypt_update_aesni_aesenc_gfmul_last + aesenc %xmm9, %xmm8 + aesenc 208(%rdi), %xmm8 + movdqa 224(%rdi), %xmm9 +L_AES_GCM_decrypt_update_aesni_aesenc_gfmul_last: + aesenclast %xmm9, %xmm8 + movdqu (%rcx), %xmm9 + pxor %xmm9, %xmm8 + movdqu %xmm8, (%rdx) + addl $16, %r14d + cmpl %r13d, %r14d + jl L_AES_GCM_decrypt_update_aesni_last_block_start +L_AES_GCM_decrypt_update_aesni_last_block_done: +L_AES_GCM_decrypt_update_aesni_done_dec: + movdqa %xmm6, (%r9) + addq $0xa8, %rsp + popq %r15 + popq %r14 + popq %r12 + popq %r13 + repz retq +#ifndef __APPLE__ +.size AES_GCM_decrypt_update_aesni,.-AES_GCM_decrypt_update_aesni +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_GCM_decrypt_final_aesni +.type AES_GCM_decrypt_final_aesni,@function +.align 16 +AES_GCM_decrypt_final_aesni: +#else +.section __TEXT,__text +.globl _AES_GCM_decrypt_final_aesni +.p2align 4 +_AES_GCM_decrypt_final_aesni: +#endif /* __APPLE__ */ + pushq %r13 + pushq %rbp + pushq %r12 + movq %rdx, %rax + movl %ecx, %r10d + movl %r8d, %r11d + movq 32(%rsp), %r8 + movq 40(%rsp), %rbp + subq $16, %rsp + movdqa (%rdi), %xmm6 + movdqa (%r9), %xmm5 + movdqa (%r8), %xmm15 + movdqa %xmm5, %xmm9 + movdqa %xmm5, %xmm8 + psrlq $63, %xmm9 + psllq $0x01, %xmm8 + pslldq $8, %xmm9 + por %xmm9, %xmm8 + pshufd $0xff, %xmm5, %xmm5 + psrad $31, %xmm5 + pand L_aes_gcm_mod2_128(%rip), %xmm5 + pxor %xmm8, %xmm5 + movl %r10d, %edx + movl %r11d, %ecx + shlq $3, %rdx + shlq $3, %rcx + pinsrq $0x00, %rdx, %xmm0 + pinsrq $0x01, %rcx, %xmm0 + pxor %xmm0, %xmm6 + pshufd $0x4e, %xmm5, %xmm9 + pshufd $0x4e, %xmm6, %xmm10 + movdqa %xmm6, %xmm11 + movdqa %xmm6, %xmm8 + pclmulqdq $0x11, %xmm5, %xmm11 + pclmulqdq $0x00, %xmm5, %xmm8 + pxor %xmm5, %xmm9 + pxor %xmm6, %xmm10 + pclmulqdq $0x00, %xmm10, %xmm9 + pxor %xmm8, %xmm9 + pxor %xmm11, %xmm9 + movdqa %xmm9, %xmm10 + movdqa %xmm11, %xmm6 + pslldq $8, %xmm10 + psrldq $8, %xmm9 + pxor %xmm10, %xmm8 + pxor %xmm9, %xmm6 + movdqa %xmm8, %xmm12 + movdqa %xmm8, %xmm13 + movdqa %xmm8, %xmm14 + pslld $31, %xmm12 + pslld $30, %xmm13 + pslld $25, %xmm14 + pxor %xmm13, %xmm12 + pxor %xmm14, %xmm12 + movdqa %xmm12, %xmm13 + psrldq $4, %xmm13 + pslldq $12, %xmm12 + pxor %xmm12, %xmm8 + movdqa %xmm8, %xmm14 + movdqa %xmm8, %xmm10 + movdqa %xmm8, %xmm9 + psrld $0x01, %xmm14 + psrld $2, %xmm10 + psrld $7, %xmm9 + pxor %xmm10, %xmm14 + pxor %xmm9, %xmm14 + pxor %xmm13, %xmm14 + pxor %xmm8, %xmm14 + pxor %xmm14, %xmm6 + pshufb L_aes_gcm_bswap_mask(%rip), %xmm6 + movdqa %xmm15, %xmm0 + pxor %xmm6, %xmm0 + cmpl $16, %eax + je L_AES_GCM_decrypt_final_aesni_cmp_tag_16 + subq $16, %rsp + xorq %rcx, %rcx + xorq %r12, %r12 + movdqa %xmm0, (%rsp) +L_AES_GCM_decrypt_final_aesni_cmp_tag_loop: + movzbl (%rsp,%rcx,1), %r13d + xorb (%rsi,%rcx,1), %r13b + orb %r13b, %r12b + incl %ecx + cmpl %eax, %ecx + jne L_AES_GCM_decrypt_final_aesni_cmp_tag_loop + cmpb $0x00, %r12b + sete %r12b + addq $16, %rsp + xorq %rcx, %rcx + jmp L_AES_GCM_decrypt_final_aesni_cmp_tag_done +L_AES_GCM_decrypt_final_aesni_cmp_tag_16: + movdqu (%rsi), %xmm1 + pcmpeqb %xmm1, %xmm0 + pmovmskb %xmm0, %rdx + # %%edx == 0xFFFF then return 1 else => return 0 + xorl %r12d, %r12d + cmpl $0xffff, %edx + sete %r12b +L_AES_GCM_decrypt_final_aesni_cmp_tag_done: + movl %r12d, (%rbp) + addq $16, %rsp + popq %r12 + popq %rbp + popq %r13 + repz retq +#ifndef __APPLE__ +.size AES_GCM_decrypt_final_aesni,.-AES_GCM_decrypt_final_aesni +#endif /* __APPLE__ */ +#endif /* WOLFSSL_AESGCM_STREAM */ #ifdef HAVE_INTEL_AVX1 #ifndef __APPLE__ .data @@ -3732,7 +6504,7 @@ L_AES_GCM_encrypt_avx1_calc_iv_lt16: subq $16, %rsp vpxor %xmm8, %xmm8, %xmm8 xorl %ebx, %ebx - vmovdqa %xmm8, (%rsp) + vmovdqu %xmm8, (%rsp) L_AES_GCM_encrypt_avx1_calc_iv_loop: movzbl (%rax,%rcx,1), %r13d movb %r13b, (%rsp,%rbx,1) @@ -3740,7 +6512,7 @@ L_AES_GCM_encrypt_avx1_calc_iv_loop: incl %ebx cmpl %edx, %ecx jl L_AES_GCM_encrypt_avx1_calc_iv_loop - vmovdqa (%rsp), %xmm8 + vmovdqu (%rsp), %xmm8 addq $16, %rsp vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm8, %xmm8 vpxor %xmm8, %xmm4, %xmm4 @@ -3929,7 +6701,7 @@ L_AES_GCM_encrypt_avx1_calc_aad_lt16: subq $16, %rsp vpxor %xmm8, %xmm8, %xmm8 xorl %ebx, %ebx - vmovdqa %xmm8, (%rsp) + vmovdqu %xmm8, (%rsp) L_AES_GCM_encrypt_avx1_calc_aad_loop: movzbl (%r12,%rcx,1), %r13d movb %r13b, (%rsp,%rbx,1) @@ -3937,7 +6709,7 @@ L_AES_GCM_encrypt_avx1_calc_aad_loop: incl %ebx cmpl %edx, %ecx jl L_AES_GCM_encrypt_avx1_calc_aad_loop - vmovdqa (%rsp), %xmm8 + vmovdqu (%rsp), %xmm8 addq $16, %rsp vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm8, %xmm8 vpxor %xmm8, %xmm6, %xmm6 @@ -5012,7 +7784,7 @@ L_AES_GCM_encrypt_avx1_aesenc_last15_enc_avx_aesenc_avx_last: vaesenclast %xmm9, %xmm4, %xmm4 subq $16, %rsp xorl %ecx, %ecx - vmovdqa %xmm4, (%rsp) + vmovdqu %xmm4, (%rsp) L_AES_GCM_encrypt_avx1_aesenc_last15_enc_avx_loop: movzbl (%rdi,%rbx,1), %r13d xorb (%rsp,%rcx,1), %r13b @@ -5031,7 +7803,7 @@ L_AES_GCM_encrypt_avx1_aesenc_last15_enc_avx_byte_loop: cmpl $16, %ecx jl L_AES_GCM_encrypt_avx1_aesenc_last15_enc_avx_byte_loop L_AES_GCM_encrypt_avx1_aesenc_last15_enc_avx_finish_enc: - vmovdqa (%rsp), %xmm4 + vmovdqu (%rsp), %xmm4 addq $16, %rsp vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm4, %xmm4 vpxor %xmm4, %xmm6, %xmm6 @@ -5109,7 +7881,7 @@ L_AES_GCM_encrypt_avx1_done_enc: cmpl $16, %r14d je L_AES_GCM_encrypt_avx1_store_tag_16 xorq %rcx, %rcx - vmovdqa %xmm0, (%rsp) + vmovdqu %xmm0, (%rsp) L_AES_GCM_encrypt_avx1_store_tag_loop: movzbl (%rsp,%rcx,1), %r13d movb %r13b, (%r8,%rcx,1) @@ -5314,7 +8086,7 @@ L_AES_GCM_decrypt_avx1_calc_iv_lt16: subq $16, %rsp vpxor %xmm8, %xmm8, %xmm8 xorl %ebx, %ebx - vmovdqa %xmm8, (%rsp) + vmovdqu %xmm8, (%rsp) L_AES_GCM_decrypt_avx1_calc_iv_loop: movzbl (%rax,%rcx,1), %r13d movb %r13b, (%rsp,%rbx,1) @@ -5322,7 +8094,7 @@ L_AES_GCM_decrypt_avx1_calc_iv_loop: incl %ebx cmpl %edx, %ecx jl L_AES_GCM_decrypt_avx1_calc_iv_loop - vmovdqa (%rsp), %xmm8 + vmovdqu (%rsp), %xmm8 addq $16, %rsp vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm8, %xmm8 vpxor %xmm8, %xmm4, %xmm4 @@ -5511,7 +8283,7 @@ L_AES_GCM_decrypt_avx1_calc_aad_lt16: subq $16, %rsp vpxor %xmm8, %xmm8, %xmm8 xorl %ebx, %ebx - vmovdqa %xmm8, (%rsp) + vmovdqu %xmm8, (%rsp) L_AES_GCM_decrypt_avx1_calc_aad_loop: movzbl (%r12,%rcx,1), %r13d movb %r13b, (%rsp,%rbx,1) @@ -5519,7 +8291,7 @@ L_AES_GCM_decrypt_avx1_calc_aad_loop: incl %ebx cmpl %edx, %ecx jl L_AES_GCM_decrypt_avx1_calc_aad_loop - vmovdqa (%rsp), %xmm8 + vmovdqu (%rsp), %xmm8 addq $16, %rsp vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm8, %xmm8 vpxor %xmm8, %xmm6, %xmm6 @@ -6178,9 +8950,9 @@ L_AES_GCM_decrypt_avx1_aesenc_last15_dec_avx_aesenc_avx_last: vaesenclast %xmm9, %xmm4, %xmm4 subq $32, %rsp xorl %ecx, %ecx - vmovdqa %xmm4, (%rsp) + vmovdqu %xmm4, (%rsp) vpxor %xmm0, %xmm0, %xmm0 - vmovdqa %xmm0, 16(%rsp) + vmovdqu %xmm0, 16(%rsp) L_AES_GCM_decrypt_avx1_aesenc_last15_dec_avx_loop: movzbl (%rdi,%rbx,1), %r13d movb %r13b, 16(%rsp,%rcx,1) @@ -6190,7 +8962,7 @@ L_AES_GCM_decrypt_avx1_aesenc_last15_dec_avx_loop: incl %ecx cmpl %edx, %ebx jl L_AES_GCM_decrypt_avx1_aesenc_last15_dec_avx_loop - vmovdqa 16(%rsp), %xmm4 + vmovdqu 16(%rsp), %xmm4 addq $32, %rsp vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm4, %xmm4 vpxor %xmm4, %xmm6, %xmm6 @@ -6270,7 +9042,7 @@ L_AES_GCM_decrypt_avx1_done_dec: subq $16, %rsp xorq %rcx, %rcx xorq %rbx, %rbx - vmovdqa %xmm0, (%rsp) + vmovdqu %xmm0, (%rsp) L_AES_GCM_decrypt_avx1_cmp_tag_loop: movzbl (%rsp,%rcx,1), %r13d xorb (%r8,%rcx,1), %r13b @@ -6305,6 +9077,2345 @@ L_AES_GCM_decrypt_avx1_cmp_tag_done: #ifndef __APPLE__ .size AES_GCM_decrypt_avx1,.-AES_GCM_decrypt_avx1 #endif /* __APPLE__ */ +#ifdef WOLFSSL_AESGCM_STREAM +#ifndef __APPLE__ +.text +.globl AES_GCM_init_avx1 +.type AES_GCM_init_avx1,@function +.align 16 +AES_GCM_init_avx1: +#else +.section __TEXT,__text +.globl _AES_GCM_init_avx1 +.p2align 4 +_AES_GCM_init_avx1: +#endif /* __APPLE__ */ + pushq %r12 + pushq %r13 + movq %rdx, %r10 + movl %ecx, %r11d + movq 24(%rsp), %rax + subq $16, %rsp + vpxor %xmm4, %xmm4, %xmm4 + movl %r11d, %edx + cmpl $12, %edx + jne L_AES_GCM_init_avx1_iv_not_12 + # # Calculate values when IV is 12 bytes + # Set counter based on IV + movl $0x1000000, %ecx + vpinsrq $0x00, (%r10), %xmm4, %xmm4 + vpinsrd $2, 8(%r10), %xmm4, %xmm4 + vpinsrd $3, %ecx, %xmm4, %xmm4 + # H = Encrypt X(=0) and T = Encrypt counter + vmovdqa (%rdi), %xmm5 + vpxor %xmm5, %xmm4, %xmm1 + vmovdqa 16(%rdi), %xmm7 + vaesenc %xmm7, %xmm5, %xmm5 + vaesenc %xmm7, %xmm1, %xmm1 + vmovdqa 32(%rdi), %xmm7 + vaesenc %xmm7, %xmm5, %xmm5 + vaesenc %xmm7, %xmm1, %xmm1 + vmovdqa 48(%rdi), %xmm7 + vaesenc %xmm7, %xmm5, %xmm5 + vaesenc %xmm7, %xmm1, %xmm1 + vmovdqa 64(%rdi), %xmm7 + vaesenc %xmm7, %xmm5, %xmm5 + vaesenc %xmm7, %xmm1, %xmm1 + vmovdqa 80(%rdi), %xmm7 + vaesenc %xmm7, %xmm5, %xmm5 + vaesenc %xmm7, %xmm1, %xmm1 + vmovdqa 96(%rdi), %xmm7 + vaesenc %xmm7, %xmm5, %xmm5 + vaesenc %xmm7, %xmm1, %xmm1 + vmovdqa 112(%rdi), %xmm7 + vaesenc %xmm7, %xmm5, %xmm5 + vaesenc %xmm7, %xmm1, %xmm1 + vmovdqa 128(%rdi), %xmm7 + vaesenc %xmm7, %xmm5, %xmm5 + vaesenc %xmm7, %xmm1, %xmm1 + vmovdqa 144(%rdi), %xmm7 + vaesenc %xmm7, %xmm5, %xmm5 + vaesenc %xmm7, %xmm1, %xmm1 + cmpl $11, %esi + vmovdqa 160(%rdi), %xmm7 + jl L_AES_GCM_init_avx1_calc_iv_12_last + vaesenc %xmm7, %xmm5, %xmm5 + vaesenc %xmm7, %xmm1, %xmm1 + vmovdqa 176(%rdi), %xmm7 + vaesenc %xmm7, %xmm5, %xmm5 + vaesenc %xmm7, %xmm1, %xmm1 + cmpl $13, %esi + vmovdqa 192(%rdi), %xmm7 + jl L_AES_GCM_init_avx1_calc_iv_12_last + vaesenc %xmm7, %xmm5, %xmm5 + vaesenc %xmm7, %xmm1, %xmm1 + vmovdqa 208(%rdi), %xmm7 + vaesenc %xmm7, %xmm5, %xmm5 + vaesenc %xmm7, %xmm1, %xmm1 + vmovdqa 224(%rdi), %xmm7 +L_AES_GCM_init_avx1_calc_iv_12_last: + vaesenclast %xmm7, %xmm5, %xmm5 + vaesenclast %xmm7, %xmm1, %xmm1 + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm5, %xmm5 + vmovdqa %xmm1, %xmm15 + jmp L_AES_GCM_init_avx1_iv_done +L_AES_GCM_init_avx1_iv_not_12: + # Calculate values when IV is not 12 bytes + # H = Encrypt X(=0) + vmovdqa (%rdi), %xmm5 + vaesenc 16(%rdi), %xmm5, %xmm5 + vaesenc 32(%rdi), %xmm5, %xmm5 + vaesenc 48(%rdi), %xmm5, %xmm5 + vaesenc 64(%rdi), %xmm5, %xmm5 + vaesenc 80(%rdi), %xmm5, %xmm5 + vaesenc 96(%rdi), %xmm5, %xmm5 + vaesenc 112(%rdi), %xmm5, %xmm5 + vaesenc 128(%rdi), %xmm5, %xmm5 + vaesenc 144(%rdi), %xmm5, %xmm5 + cmpl $11, %esi + vmovdqa 160(%rdi), %xmm9 + jl L_AES_GCM_init_avx1_calc_iv_1_aesenc_avx_last + vaesenc %xmm9, %xmm5, %xmm5 + vaesenc 176(%rdi), %xmm5, %xmm5 + cmpl $13, %esi + vmovdqa 192(%rdi), %xmm9 + jl L_AES_GCM_init_avx1_calc_iv_1_aesenc_avx_last + vaesenc %xmm9, %xmm5, %xmm5 + vaesenc 208(%rdi), %xmm5, %xmm5 + vmovdqa 224(%rdi), %xmm9 +L_AES_GCM_init_avx1_calc_iv_1_aesenc_avx_last: + vaesenclast %xmm9, %xmm5, %xmm5 + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm5, %xmm5 + # Calc counter + # Initialization vector + cmpl $0x00, %edx + movq $0x00, %rcx + je L_AES_GCM_init_avx1_calc_iv_done + cmpl $16, %edx + jl L_AES_GCM_init_avx1_calc_iv_lt16 + andl $0xfffffff0, %edx +L_AES_GCM_init_avx1_calc_iv_16_loop: + vmovdqu (%r10,%rcx,1), %xmm8 + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm8, %xmm8 + vpxor %xmm8, %xmm4, %xmm4 + # ghash_gfmul_avx + vpshufd $0x4e, %xmm4, %xmm1 + vpshufd $0x4e, %xmm5, %xmm2 + vpclmulqdq $0x11, %xmm4, %xmm5, %xmm3 + vpclmulqdq $0x00, %xmm4, %xmm5, %xmm0 + vpxor %xmm4, %xmm1, %xmm1 + vpxor %xmm5, %xmm2, %xmm2 + vpclmulqdq $0x00, %xmm2, %xmm1, %xmm1 + vpxor %xmm0, %xmm1, %xmm1 + vpxor %xmm3, %xmm1, %xmm1 + vmovdqa %xmm0, %xmm7 + vmovdqa %xmm3, %xmm4 + vpslldq $8, %xmm1, %xmm2 + vpsrldq $8, %xmm1, %xmm1 + vpxor %xmm2, %xmm7, %xmm7 + vpxor %xmm1, %xmm4, %xmm4 + vpsrld $31, %xmm7, %xmm0 + vpsrld $31, %xmm4, %xmm1 + vpslld $0x01, %xmm7, %xmm7 + vpslld $0x01, %xmm4, %xmm4 + vpsrldq $12, %xmm0, %xmm2 + vpslldq $4, %xmm0, %xmm0 + vpslldq $4, %xmm1, %xmm1 + vpor %xmm2, %xmm4, %xmm4 + vpor %xmm0, %xmm7, %xmm7 + vpor %xmm1, %xmm4, %xmm4 + vpslld $31, %xmm7, %xmm0 + vpslld $30, %xmm7, %xmm1 + vpslld $25, %xmm7, %xmm2 + vpxor %xmm1, %xmm0, %xmm0 + vpxor %xmm2, %xmm0, %xmm0 + vmovdqa %xmm0, %xmm1 + vpsrldq $4, %xmm1, %xmm1 + vpslldq $12, %xmm0, %xmm0 + vpxor %xmm0, %xmm7, %xmm7 + vpsrld $0x01, %xmm7, %xmm2 + vpsrld $2, %xmm7, %xmm3 + vpsrld $7, %xmm7, %xmm0 + vpxor %xmm3, %xmm2, %xmm2 + vpxor %xmm0, %xmm2, %xmm2 + vpxor %xmm1, %xmm2, %xmm2 + vpxor %xmm7, %xmm2, %xmm2 + vpxor %xmm2, %xmm4, %xmm4 + addl $16, %ecx + cmpl %edx, %ecx + jl L_AES_GCM_init_avx1_calc_iv_16_loop + movl %r11d, %edx + cmpl %edx, %ecx + je L_AES_GCM_init_avx1_calc_iv_done +L_AES_GCM_init_avx1_calc_iv_lt16: + subq $16, %rsp + vpxor %xmm8, %xmm8, %xmm8 + xorl %r13d, %r13d + vmovdqu %xmm8, (%rsp) +L_AES_GCM_init_avx1_calc_iv_loop: + movzbl (%r10,%rcx,1), %r12d + movb %r12b, (%rsp,%r13,1) + incl %ecx + incl %r13d + cmpl %edx, %ecx + jl L_AES_GCM_init_avx1_calc_iv_loop + vmovdqu (%rsp), %xmm8 + addq $16, %rsp + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm8, %xmm8 + vpxor %xmm8, %xmm4, %xmm4 + # ghash_gfmul_avx + vpshufd $0x4e, %xmm4, %xmm1 + vpshufd $0x4e, %xmm5, %xmm2 + vpclmulqdq $0x11, %xmm4, %xmm5, %xmm3 + vpclmulqdq $0x00, %xmm4, %xmm5, %xmm0 + vpxor %xmm4, %xmm1, %xmm1 + vpxor %xmm5, %xmm2, %xmm2 + vpclmulqdq $0x00, %xmm2, %xmm1, %xmm1 + vpxor %xmm0, %xmm1, %xmm1 + vpxor %xmm3, %xmm1, %xmm1 + vmovdqa %xmm0, %xmm7 + vmovdqa %xmm3, %xmm4 + vpslldq $8, %xmm1, %xmm2 + vpsrldq $8, %xmm1, %xmm1 + vpxor %xmm2, %xmm7, %xmm7 + vpxor %xmm1, %xmm4, %xmm4 + vpsrld $31, %xmm7, %xmm0 + vpsrld $31, %xmm4, %xmm1 + vpslld $0x01, %xmm7, %xmm7 + vpslld $0x01, %xmm4, %xmm4 + vpsrldq $12, %xmm0, %xmm2 + vpslldq $4, %xmm0, %xmm0 + vpslldq $4, %xmm1, %xmm1 + vpor %xmm2, %xmm4, %xmm4 + vpor %xmm0, %xmm7, %xmm7 + vpor %xmm1, %xmm4, %xmm4 + vpslld $31, %xmm7, %xmm0 + vpslld $30, %xmm7, %xmm1 + vpslld $25, %xmm7, %xmm2 + vpxor %xmm1, %xmm0, %xmm0 + vpxor %xmm2, %xmm0, %xmm0 + vmovdqa %xmm0, %xmm1 + vpsrldq $4, %xmm1, %xmm1 + vpslldq $12, %xmm0, %xmm0 + vpxor %xmm0, %xmm7, %xmm7 + vpsrld $0x01, %xmm7, %xmm2 + vpsrld $2, %xmm7, %xmm3 + vpsrld $7, %xmm7, %xmm0 + vpxor %xmm3, %xmm2, %xmm2 + vpxor %xmm0, %xmm2, %xmm2 + vpxor %xmm1, %xmm2, %xmm2 + vpxor %xmm7, %xmm2, %xmm2 + vpxor %xmm2, %xmm4, %xmm4 +L_AES_GCM_init_avx1_calc_iv_done: + # T = Encrypt counter + vpxor %xmm0, %xmm0, %xmm0 + shll $3, %edx + vpinsrq $0x00, %rdx, %xmm0, %xmm0 + vpxor %xmm0, %xmm4, %xmm4 + # ghash_gfmul_avx + vpshufd $0x4e, %xmm4, %xmm1 + vpshufd $0x4e, %xmm5, %xmm2 + vpclmulqdq $0x11, %xmm4, %xmm5, %xmm3 + vpclmulqdq $0x00, %xmm4, %xmm5, %xmm0 + vpxor %xmm4, %xmm1, %xmm1 + vpxor %xmm5, %xmm2, %xmm2 + vpclmulqdq $0x00, %xmm2, %xmm1, %xmm1 + vpxor %xmm0, %xmm1, %xmm1 + vpxor %xmm3, %xmm1, %xmm1 + vmovdqa %xmm0, %xmm7 + vmovdqa %xmm3, %xmm4 + vpslldq $8, %xmm1, %xmm2 + vpsrldq $8, %xmm1, %xmm1 + vpxor %xmm2, %xmm7, %xmm7 + vpxor %xmm1, %xmm4, %xmm4 + vpsrld $31, %xmm7, %xmm0 + vpsrld $31, %xmm4, %xmm1 + vpslld $0x01, %xmm7, %xmm7 + vpslld $0x01, %xmm4, %xmm4 + vpsrldq $12, %xmm0, %xmm2 + vpslldq $4, %xmm0, %xmm0 + vpslldq $4, %xmm1, %xmm1 + vpor %xmm2, %xmm4, %xmm4 + vpor %xmm0, %xmm7, %xmm7 + vpor %xmm1, %xmm4, %xmm4 + vpslld $31, %xmm7, %xmm0 + vpslld $30, %xmm7, %xmm1 + vpslld $25, %xmm7, %xmm2 + vpxor %xmm1, %xmm0, %xmm0 + vpxor %xmm2, %xmm0, %xmm0 + vmovdqa %xmm0, %xmm1 + vpsrldq $4, %xmm1, %xmm1 + vpslldq $12, %xmm0, %xmm0 + vpxor %xmm0, %xmm7, %xmm7 + vpsrld $0x01, %xmm7, %xmm2 + vpsrld $2, %xmm7, %xmm3 + vpsrld $7, %xmm7, %xmm0 + vpxor %xmm3, %xmm2, %xmm2 + vpxor %xmm0, %xmm2, %xmm2 + vpxor %xmm1, %xmm2, %xmm2 + vpxor %xmm7, %xmm2, %xmm2 + vpxor %xmm2, %xmm4, %xmm4 + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm4, %xmm4 + # Encrypt counter + vmovdqa (%rdi), %xmm8 + vpxor %xmm4, %xmm8, %xmm8 + vaesenc 16(%rdi), %xmm8, %xmm8 + vaesenc 32(%rdi), %xmm8, %xmm8 + vaesenc 48(%rdi), %xmm8, %xmm8 + vaesenc 64(%rdi), %xmm8, %xmm8 + vaesenc 80(%rdi), %xmm8, %xmm8 + vaesenc 96(%rdi), %xmm8, %xmm8 + vaesenc 112(%rdi), %xmm8, %xmm8 + vaesenc 128(%rdi), %xmm8, %xmm8 + vaesenc 144(%rdi), %xmm8, %xmm8 + cmpl $11, %esi + vmovdqa 160(%rdi), %xmm9 + jl L_AES_GCM_init_avx1_calc_iv_2_aesenc_avx_last + vaesenc %xmm9, %xmm8, %xmm8 + vaesenc 176(%rdi), %xmm8, %xmm8 + cmpl $13, %esi + vmovdqa 192(%rdi), %xmm9 + jl L_AES_GCM_init_avx1_calc_iv_2_aesenc_avx_last + vaesenc %xmm9, %xmm8, %xmm8 + vaesenc 208(%rdi), %xmm8, %xmm8 + vmovdqa 224(%rdi), %xmm9 +L_AES_GCM_init_avx1_calc_iv_2_aesenc_avx_last: + vaesenclast %xmm9, %xmm8, %xmm8 + vmovdqa %xmm8, %xmm15 +L_AES_GCM_init_avx1_iv_done: + vmovdqa %xmm15, (%rax) + vpshufb L_avx1_aes_gcm_bswap_epi64(%rip), %xmm4, %xmm4 + vpaddd L_avx1_aes_gcm_one(%rip), %xmm4, %xmm4 + vmovdqa %xmm5, (%r8) + vmovdqa %xmm4, (%r9) + vzeroupper + addq $16, %rsp + popq %r13 + popq %r12 + repz retq +#ifndef __APPLE__ +.size AES_GCM_init_avx1,.-AES_GCM_init_avx1 +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_GCM_aad_update_avx1 +.type AES_GCM_aad_update_avx1,@function +.align 16 +AES_GCM_aad_update_avx1: +#else +.section __TEXT,__text +.globl _AES_GCM_aad_update_avx1 +.p2align 4 +_AES_GCM_aad_update_avx1: +#endif /* __APPLE__ */ + movq %rcx, %rax + vmovdqa (%rdx), %xmm5 + vmovdqa (%rax), %xmm6 + xorl %ecx, %ecx +L_AES_GCM_aad_update_avx1_16_loop: + vmovdqu (%rdi,%rcx,1), %xmm8 + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm8, %xmm8 + vpxor %xmm8, %xmm5, %xmm5 + # ghash_gfmul_avx + vpshufd $0x4e, %xmm5, %xmm1 + vpshufd $0x4e, %xmm6, %xmm2 + vpclmulqdq $0x11, %xmm5, %xmm6, %xmm3 + vpclmulqdq $0x00, %xmm5, %xmm6, %xmm0 + vpxor %xmm5, %xmm1, %xmm1 + vpxor %xmm6, %xmm2, %xmm2 + vpclmulqdq $0x00, %xmm2, %xmm1, %xmm1 + vpxor %xmm0, %xmm1, %xmm1 + vpxor %xmm3, %xmm1, %xmm1 + vmovdqa %xmm0, %xmm4 + vmovdqa %xmm3, %xmm5 + vpslldq $8, %xmm1, %xmm2 + vpsrldq $8, %xmm1, %xmm1 + vpxor %xmm2, %xmm4, %xmm4 + vpxor %xmm1, %xmm5, %xmm5 + vpsrld $31, %xmm4, %xmm0 + vpsrld $31, %xmm5, %xmm1 + vpslld $0x01, %xmm4, %xmm4 + vpslld $0x01, %xmm5, %xmm5 + vpsrldq $12, %xmm0, %xmm2 + vpslldq $4, %xmm0, %xmm0 + vpslldq $4, %xmm1, %xmm1 + vpor %xmm2, %xmm5, %xmm5 + vpor %xmm0, %xmm4, %xmm4 + vpor %xmm1, %xmm5, %xmm5 + vpslld $31, %xmm4, %xmm0 + vpslld $30, %xmm4, %xmm1 + vpslld $25, %xmm4, %xmm2 + vpxor %xmm1, %xmm0, %xmm0 + vpxor %xmm2, %xmm0, %xmm0 + vmovdqa %xmm0, %xmm1 + vpsrldq $4, %xmm1, %xmm1 + vpslldq $12, %xmm0, %xmm0 + vpxor %xmm0, %xmm4, %xmm4 + vpsrld $0x01, %xmm4, %xmm2 + vpsrld $2, %xmm4, %xmm3 + vpsrld $7, %xmm4, %xmm0 + vpxor %xmm3, %xmm2, %xmm2 + vpxor %xmm0, %xmm2, %xmm2 + vpxor %xmm1, %xmm2, %xmm2 + vpxor %xmm4, %xmm2, %xmm2 + vpxor %xmm2, %xmm5, %xmm5 + addl $16, %ecx + cmpl %esi, %ecx + jl L_AES_GCM_aad_update_avx1_16_loop + vmovdqa %xmm5, (%rdx) + vzeroupper + repz retq +#ifndef __APPLE__ +.size AES_GCM_aad_update_avx1,.-AES_GCM_aad_update_avx1 +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_GCM_encrypt_block_avx1 +.type AES_GCM_encrypt_block_avx1,@function +.align 16 +AES_GCM_encrypt_block_avx1: +#else +.section __TEXT,__text +.globl _AES_GCM_encrypt_block_avx1 +.p2align 4 +_AES_GCM_encrypt_block_avx1: +#endif /* __APPLE__ */ + movq %rdx, %r10 + movq %rcx, %r11 + vmovdqa (%r8), %xmm9 + vpshufb L_avx1_aes_gcm_bswap_epi64(%rip), %xmm9, %xmm8 + vpaddd L_avx1_aes_gcm_one(%rip), %xmm9, %xmm9 + vmovdqa %xmm9, (%r8) + vpxor (%rdi), %xmm8, %xmm8 + vaesenc 16(%rdi), %xmm8, %xmm8 + vaesenc 32(%rdi), %xmm8, %xmm8 + vaesenc 48(%rdi), %xmm8, %xmm8 + vaesenc 64(%rdi), %xmm8, %xmm8 + vaesenc 80(%rdi), %xmm8, %xmm8 + vaesenc 96(%rdi), %xmm8, %xmm8 + vaesenc 112(%rdi), %xmm8, %xmm8 + vaesenc 128(%rdi), %xmm8, %xmm8 + vaesenc 144(%rdi), %xmm8, %xmm8 + cmpl $11, %esi + vmovdqa 160(%rdi), %xmm9 + jl L_AES_GCM_encrypt_block_avx1_aesenc_block_last + vaesenc %xmm9, %xmm8, %xmm8 + vaesenc 176(%rdi), %xmm8, %xmm8 + cmpl $13, %esi + vmovdqa 192(%rdi), %xmm9 + jl L_AES_GCM_encrypt_block_avx1_aesenc_block_last + vaesenc %xmm9, %xmm8, %xmm8 + vaesenc 208(%rdi), %xmm8, %xmm8 + vmovdqa 224(%rdi), %xmm9 +L_AES_GCM_encrypt_block_avx1_aesenc_block_last: + vaesenclast %xmm9, %xmm8, %xmm8 + vmovdqu (%r11), %xmm9 + vpxor %xmm9, %xmm8, %xmm8 + vmovdqu %xmm8, (%r10) + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm8, %xmm8 + vzeroupper + repz retq +#ifndef __APPLE__ +.size AES_GCM_encrypt_block_avx1,.-AES_GCM_encrypt_block_avx1 +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_GCM_ghash_block_avx1 +.type AES_GCM_ghash_block_avx1,@function +.align 16 +AES_GCM_ghash_block_avx1: +#else +.section __TEXT,__text +.globl _AES_GCM_ghash_block_avx1 +.p2align 4 +_AES_GCM_ghash_block_avx1: +#endif /* __APPLE__ */ + vmovdqa (%rsi), %xmm4 + vmovdqa (%rdx), %xmm5 + vmovdqu (%rdi), %xmm8 + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm8, %xmm8 + vpxor %xmm8, %xmm4, %xmm4 + # ghash_gfmul_avx + vpshufd $0x4e, %xmm4, %xmm1 + vpshufd $0x4e, %xmm5, %xmm2 + vpclmulqdq $0x11, %xmm4, %xmm5, %xmm3 + vpclmulqdq $0x00, %xmm4, %xmm5, %xmm0 + vpxor %xmm4, %xmm1, %xmm1 + vpxor %xmm5, %xmm2, %xmm2 + vpclmulqdq $0x00, %xmm2, %xmm1, %xmm1 + vpxor %xmm0, %xmm1, %xmm1 + vpxor %xmm3, %xmm1, %xmm1 + vmovdqa %xmm0, %xmm6 + vmovdqa %xmm3, %xmm4 + vpslldq $8, %xmm1, %xmm2 + vpsrldq $8, %xmm1, %xmm1 + vpxor %xmm2, %xmm6, %xmm6 + vpxor %xmm1, %xmm4, %xmm4 + vpsrld $31, %xmm6, %xmm0 + vpsrld $31, %xmm4, %xmm1 + vpslld $0x01, %xmm6, %xmm6 + vpslld $0x01, %xmm4, %xmm4 + vpsrldq $12, %xmm0, %xmm2 + vpslldq $4, %xmm0, %xmm0 + vpslldq $4, %xmm1, %xmm1 + vpor %xmm2, %xmm4, %xmm4 + vpor %xmm0, %xmm6, %xmm6 + vpor %xmm1, %xmm4, %xmm4 + vpslld $31, %xmm6, %xmm0 + vpslld $30, %xmm6, %xmm1 + vpslld $25, %xmm6, %xmm2 + vpxor %xmm1, %xmm0, %xmm0 + vpxor %xmm2, %xmm0, %xmm0 + vmovdqa %xmm0, %xmm1 + vpsrldq $4, %xmm1, %xmm1 + vpslldq $12, %xmm0, %xmm0 + vpxor %xmm0, %xmm6, %xmm6 + vpsrld $0x01, %xmm6, %xmm2 + vpsrld $2, %xmm6, %xmm3 + vpsrld $7, %xmm6, %xmm0 + vpxor %xmm3, %xmm2, %xmm2 + vpxor %xmm0, %xmm2, %xmm2 + vpxor %xmm1, %xmm2, %xmm2 + vpxor %xmm6, %xmm2, %xmm2 + vpxor %xmm2, %xmm4, %xmm4 + vmovdqa %xmm4, (%rsi) + vzeroupper + repz retq +#ifndef __APPLE__ +.size AES_GCM_ghash_block_avx1,.-AES_GCM_ghash_block_avx1 +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_GCM_encrypt_update_avx1 +.type AES_GCM_encrypt_update_avx1,@function +.align 16 +AES_GCM_encrypt_update_avx1: +#else +.section __TEXT,__text +.globl _AES_GCM_encrypt_update_avx1 +.p2align 4 +_AES_GCM_encrypt_update_avx1: +#endif /* __APPLE__ */ + pushq %r13 + pushq %r12 + pushq %r14 + movq %rdx, %r10 + movq %rcx, %r11 + movq 32(%rsp), %rax + movq 40(%rsp), %r12 + subq $0xa0, %rsp + vmovdqa (%r9), %xmm6 + vmovdqa (%rax), %xmm5 + vpsrlq $63, %xmm5, %xmm9 + vpsllq $0x01, %xmm5, %xmm8 + vpslldq $8, %xmm9, %xmm9 + vpor %xmm9, %xmm8, %xmm8 + vpshufd $0xff, %xmm5, %xmm5 + vpsrad $31, %xmm5, %xmm5 + vpand L_avx1_aes_gcm_mod2_128(%rip), %xmm5, %xmm5 + vpxor %xmm8, %xmm5, %xmm5 + xorl %r14d, %r14d + cmpl $0x80, %r8d + movl %r8d, %r13d + jl L_AES_GCM_encrypt_update_avx1_done_128 + andl $0xffffff80, %r13d + vmovdqa %xmm6, %xmm2 + # H ^ 1 + vmovdqa %xmm5, (%rsp) + # H ^ 2 + vpclmulqdq $0x00, %xmm5, %xmm5, %xmm8 + vpclmulqdq $0x11, %xmm5, %xmm5, %xmm0 + vpslld $31, %xmm8, %xmm12 + vpslld $30, %xmm8, %xmm13 + vpslld $25, %xmm8, %xmm14 + vpxor %xmm13, %xmm12, %xmm12 + vpxor %xmm14, %xmm12, %xmm12 + vpsrldq $4, %xmm12, %xmm13 + vpslldq $12, %xmm12, %xmm12 + vpxor %xmm12, %xmm8, %xmm8 + vpsrld $0x01, %xmm8, %xmm14 + vpsrld $2, %xmm8, %xmm10 + vpsrld $7, %xmm8, %xmm9 + vpxor %xmm10, %xmm14, %xmm14 + vpxor %xmm9, %xmm14, %xmm14 + vpxor %xmm13, %xmm14, %xmm14 + vpxor %xmm8, %xmm14, %xmm14 + vpxor %xmm14, %xmm0, %xmm0 + vmovdqa %xmm0, 16(%rsp) + # H ^ 3 + # ghash_gfmul_red_avx + vpshufd $0x4e, %xmm5, %xmm9 + vpshufd $0x4e, %xmm0, %xmm10 + vpclmulqdq $0x11, %xmm5, %xmm0, %xmm11 + vpclmulqdq $0x00, %xmm5, %xmm0, %xmm8 + vpxor %xmm5, %xmm9, %xmm9 + vpxor %xmm0, %xmm10, %xmm10 + vpclmulqdq $0x00, %xmm10, %xmm9, %xmm9 + vpxor %xmm8, %xmm9, %xmm9 + vpxor %xmm11, %xmm9, %xmm9 + vpslldq $8, %xmm9, %xmm10 + vpsrldq $8, %xmm9, %xmm9 + vpxor %xmm10, %xmm8, %xmm8 + vpxor %xmm9, %xmm11, %xmm1 + vpslld $31, %xmm8, %xmm12 + vpslld $30, %xmm8, %xmm13 + vpslld $25, %xmm8, %xmm14 + vpxor %xmm13, %xmm12, %xmm12 + vpxor %xmm14, %xmm12, %xmm12 + vpsrldq $4, %xmm12, %xmm13 + vpslldq $12, %xmm12, %xmm12 + vpxor %xmm12, %xmm8, %xmm8 + vpsrld $0x01, %xmm8, %xmm14 + vpsrld $2, %xmm8, %xmm10 + vpsrld $7, %xmm8, %xmm9 + vpxor %xmm10, %xmm14, %xmm14 + vpxor %xmm9, %xmm14, %xmm14 + vpxor %xmm13, %xmm14, %xmm14 + vpxor %xmm8, %xmm14, %xmm14 + vpxor %xmm14, %xmm1, %xmm1 + vmovdqa %xmm1, 32(%rsp) + # H ^ 4 + vpclmulqdq $0x00, %xmm0, %xmm0, %xmm8 + vpclmulqdq $0x11, %xmm0, %xmm0, %xmm3 + vpslld $31, %xmm8, %xmm12 + vpslld $30, %xmm8, %xmm13 + vpslld $25, %xmm8, %xmm14 + vpxor %xmm13, %xmm12, %xmm12 + vpxor %xmm14, %xmm12, %xmm12 + vpsrldq $4, %xmm12, %xmm13 + vpslldq $12, %xmm12, %xmm12 + vpxor %xmm12, %xmm8, %xmm8 + vpsrld $0x01, %xmm8, %xmm14 + vpsrld $2, %xmm8, %xmm10 + vpsrld $7, %xmm8, %xmm9 + vpxor %xmm10, %xmm14, %xmm14 + vpxor %xmm9, %xmm14, %xmm14 + vpxor %xmm13, %xmm14, %xmm14 + vpxor %xmm8, %xmm14, %xmm14 + vpxor %xmm14, %xmm3, %xmm3 + vmovdqa %xmm3, 48(%rsp) + # H ^ 5 + # ghash_gfmul_red_avx + vpshufd $0x4e, %xmm0, %xmm9 + vpshufd $0x4e, %xmm1, %xmm10 + vpclmulqdq $0x11, %xmm0, %xmm1, %xmm11 + vpclmulqdq $0x00, %xmm0, %xmm1, %xmm8 + vpxor %xmm0, %xmm9, %xmm9 + vpxor %xmm1, %xmm10, %xmm10 + vpclmulqdq $0x00, %xmm10, %xmm9, %xmm9 + vpxor %xmm8, %xmm9, %xmm9 + vpxor %xmm11, %xmm9, %xmm9 + vpslldq $8, %xmm9, %xmm10 + vpsrldq $8, %xmm9, %xmm9 + vpxor %xmm10, %xmm8, %xmm8 + vpxor %xmm9, %xmm11, %xmm7 + vpslld $31, %xmm8, %xmm12 + vpslld $30, %xmm8, %xmm13 + vpslld $25, %xmm8, %xmm14 + vpxor %xmm13, %xmm12, %xmm12 + vpxor %xmm14, %xmm12, %xmm12 + vpsrldq $4, %xmm12, %xmm13 + vpslldq $12, %xmm12, %xmm12 + vpxor %xmm12, %xmm8, %xmm8 + vpsrld $0x01, %xmm8, %xmm14 + vpsrld $2, %xmm8, %xmm10 + vpsrld $7, %xmm8, %xmm9 + vpxor %xmm10, %xmm14, %xmm14 + vpxor %xmm9, %xmm14, %xmm14 + vpxor %xmm13, %xmm14, %xmm14 + vpxor %xmm8, %xmm14, %xmm14 + vpxor %xmm14, %xmm7, %xmm7 + vmovdqa %xmm7, 64(%rsp) + # H ^ 6 + vpclmulqdq $0x00, %xmm1, %xmm1, %xmm8 + vpclmulqdq $0x11, %xmm1, %xmm1, %xmm7 + vpslld $31, %xmm8, %xmm12 + vpslld $30, %xmm8, %xmm13 + vpslld $25, %xmm8, %xmm14 + vpxor %xmm13, %xmm12, %xmm12 + vpxor %xmm14, %xmm12, %xmm12 + vpsrldq $4, %xmm12, %xmm13 + vpslldq $12, %xmm12, %xmm12 + vpxor %xmm12, %xmm8, %xmm8 + vpsrld $0x01, %xmm8, %xmm14 + vpsrld $2, %xmm8, %xmm10 + vpsrld $7, %xmm8, %xmm9 + vpxor %xmm10, %xmm14, %xmm14 + vpxor %xmm9, %xmm14, %xmm14 + vpxor %xmm13, %xmm14, %xmm14 + vpxor %xmm8, %xmm14, %xmm14 + vpxor %xmm14, %xmm7, %xmm7 + vmovdqa %xmm7, 80(%rsp) + # H ^ 7 + # ghash_gfmul_red_avx + vpshufd $0x4e, %xmm1, %xmm9 + vpshufd $0x4e, %xmm3, %xmm10 + vpclmulqdq $0x11, %xmm1, %xmm3, %xmm11 + vpclmulqdq $0x00, %xmm1, %xmm3, %xmm8 + vpxor %xmm1, %xmm9, %xmm9 + vpxor %xmm3, %xmm10, %xmm10 + vpclmulqdq $0x00, %xmm10, %xmm9, %xmm9 + vpxor %xmm8, %xmm9, %xmm9 + vpxor %xmm11, %xmm9, %xmm9 + vpslldq $8, %xmm9, %xmm10 + vpsrldq $8, %xmm9, %xmm9 + vpxor %xmm10, %xmm8, %xmm8 + vpxor %xmm9, %xmm11, %xmm7 + vpslld $31, %xmm8, %xmm12 + vpslld $30, %xmm8, %xmm13 + vpslld $25, %xmm8, %xmm14 + vpxor %xmm13, %xmm12, %xmm12 + vpxor %xmm14, %xmm12, %xmm12 + vpsrldq $4, %xmm12, %xmm13 + vpslldq $12, %xmm12, %xmm12 + vpxor %xmm12, %xmm8, %xmm8 + vpsrld $0x01, %xmm8, %xmm14 + vpsrld $2, %xmm8, %xmm10 + vpsrld $7, %xmm8, %xmm9 + vpxor %xmm10, %xmm14, %xmm14 + vpxor %xmm9, %xmm14, %xmm14 + vpxor %xmm13, %xmm14, %xmm14 + vpxor %xmm8, %xmm14, %xmm14 + vpxor %xmm14, %xmm7, %xmm7 + vmovdqa %xmm7, 96(%rsp) + # H ^ 8 + vpclmulqdq $0x00, %xmm3, %xmm3, %xmm8 + vpclmulqdq $0x11, %xmm3, %xmm3, %xmm7 + vpslld $31, %xmm8, %xmm12 + vpslld $30, %xmm8, %xmm13 + vpslld $25, %xmm8, %xmm14 + vpxor %xmm13, %xmm12, %xmm12 + vpxor %xmm14, %xmm12, %xmm12 + vpsrldq $4, %xmm12, %xmm13 + vpslldq $12, %xmm12, %xmm12 + vpxor %xmm12, %xmm8, %xmm8 + vpsrld $0x01, %xmm8, %xmm14 + vpsrld $2, %xmm8, %xmm10 + vpsrld $7, %xmm8, %xmm9 + vpxor %xmm10, %xmm14, %xmm14 + vpxor %xmm9, %xmm14, %xmm14 + vpxor %xmm13, %xmm14, %xmm14 + vpxor %xmm8, %xmm14, %xmm14 + vpxor %xmm14, %xmm7, %xmm7 + vmovdqa %xmm7, 112(%rsp) + # First 128 bytes of input + vmovdqa (%r12), %xmm0 + vmovdqa L_avx1_aes_gcm_bswap_epi64(%rip), %xmm1 + vpshufb %xmm1, %xmm0, %xmm8 + vpaddd L_avx1_aes_gcm_one(%rip), %xmm0, %xmm9 + vpshufb %xmm1, %xmm9, %xmm9 + vpaddd L_avx1_aes_gcm_two(%rip), %xmm0, %xmm10 + vpshufb %xmm1, %xmm10, %xmm10 + vpaddd L_avx1_aes_gcm_three(%rip), %xmm0, %xmm11 + vpshufb %xmm1, %xmm11, %xmm11 + vpaddd L_avx1_aes_gcm_four(%rip), %xmm0, %xmm12 + vpshufb %xmm1, %xmm12, %xmm12 + vpaddd L_avx1_aes_gcm_five(%rip), %xmm0, %xmm13 + vpshufb %xmm1, %xmm13, %xmm13 + vpaddd L_avx1_aes_gcm_six(%rip), %xmm0, %xmm14 + vpshufb %xmm1, %xmm14, %xmm14 + vpaddd L_avx1_aes_gcm_seven(%rip), %xmm0, %xmm15 + vpshufb %xmm1, %xmm15, %xmm15 + vpaddd L_avx1_aes_gcm_eight(%rip), %xmm0, %xmm0 + vmovdqa (%rdi), %xmm7 + vmovdqa %xmm0, (%r12) + vpxor %xmm7, %xmm8, %xmm8 + vpxor %xmm7, %xmm9, %xmm9 + vpxor %xmm7, %xmm10, %xmm10 + vpxor %xmm7, %xmm11, %xmm11 + vpxor %xmm7, %xmm12, %xmm12 + vpxor %xmm7, %xmm13, %xmm13 + vpxor %xmm7, %xmm14, %xmm14 + vpxor %xmm7, %xmm15, %xmm15 + vmovdqa 16(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 32(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 48(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 64(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 80(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 96(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 112(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 128(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 144(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + cmpl $11, %esi + vmovdqa 160(%rdi), %xmm7 + jl L_AES_GCM_encrypt_update_avx1_aesenc_128_enc_done + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 176(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + cmpl $13, %esi + vmovdqa 192(%rdi), %xmm7 + jl L_AES_GCM_encrypt_update_avx1_aesenc_128_enc_done + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 208(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 224(%rdi), %xmm7 +L_AES_GCM_encrypt_update_avx1_aesenc_128_enc_done: + vaesenclast %xmm7, %xmm8, %xmm8 + vaesenclast %xmm7, %xmm9, %xmm9 + vmovdqu (%r11), %xmm0 + vmovdqu 16(%r11), %xmm1 + vpxor %xmm0, %xmm8, %xmm8 + vpxor %xmm1, %xmm9, %xmm9 + vmovdqu %xmm8, (%r10) + vmovdqu %xmm9, 16(%r10) + vaesenclast %xmm7, %xmm10, %xmm10 + vaesenclast %xmm7, %xmm11, %xmm11 + vmovdqu 32(%r11), %xmm0 + vmovdqu 48(%r11), %xmm1 + vpxor %xmm0, %xmm10, %xmm10 + vpxor %xmm1, %xmm11, %xmm11 + vmovdqu %xmm10, 32(%r10) + vmovdqu %xmm11, 48(%r10) + vaesenclast %xmm7, %xmm12, %xmm12 + vaesenclast %xmm7, %xmm13, %xmm13 + vmovdqu 64(%r11), %xmm0 + vmovdqu 80(%r11), %xmm1 + vpxor %xmm0, %xmm12, %xmm12 + vpxor %xmm1, %xmm13, %xmm13 + vmovdqu %xmm12, 64(%r10) + vmovdqu %xmm13, 80(%r10) + vaesenclast %xmm7, %xmm14, %xmm14 + vaesenclast %xmm7, %xmm15, %xmm15 + vmovdqu 96(%r11), %xmm0 + vmovdqu 112(%r11), %xmm1 + vpxor %xmm0, %xmm14, %xmm14 + vpxor %xmm1, %xmm15, %xmm15 + vmovdqu %xmm14, 96(%r10) + vmovdqu %xmm15, 112(%r10) + cmpl $0x80, %r13d + movl $0x80, %r14d + jle L_AES_GCM_encrypt_update_avx1_end_128 + # More 128 bytes of input +L_AES_GCM_encrypt_update_avx1_ghash_128: + leaq (%r11,%r14,1), %rcx + leaq (%r10,%r14,1), %rdx + vmovdqa (%r12), %xmm0 + vmovdqa L_avx1_aes_gcm_bswap_epi64(%rip), %xmm1 + vpshufb %xmm1, %xmm0, %xmm8 + vpaddd L_avx1_aes_gcm_one(%rip), %xmm0, %xmm9 + vpshufb %xmm1, %xmm9, %xmm9 + vpaddd L_avx1_aes_gcm_two(%rip), %xmm0, %xmm10 + vpshufb %xmm1, %xmm10, %xmm10 + vpaddd L_avx1_aes_gcm_three(%rip), %xmm0, %xmm11 + vpshufb %xmm1, %xmm11, %xmm11 + vpaddd L_avx1_aes_gcm_four(%rip), %xmm0, %xmm12 + vpshufb %xmm1, %xmm12, %xmm12 + vpaddd L_avx1_aes_gcm_five(%rip), %xmm0, %xmm13 + vpshufb %xmm1, %xmm13, %xmm13 + vpaddd L_avx1_aes_gcm_six(%rip), %xmm0, %xmm14 + vpshufb %xmm1, %xmm14, %xmm14 + vpaddd L_avx1_aes_gcm_seven(%rip), %xmm0, %xmm15 + vpshufb %xmm1, %xmm15, %xmm15 + vpaddd L_avx1_aes_gcm_eight(%rip), %xmm0, %xmm0 + vmovdqa (%rdi), %xmm7 + vmovdqa %xmm0, (%r12) + vpxor %xmm7, %xmm8, %xmm8 + vpxor %xmm7, %xmm9, %xmm9 + vpxor %xmm7, %xmm10, %xmm10 + vpxor %xmm7, %xmm11, %xmm11 + vpxor %xmm7, %xmm12, %xmm12 + vpxor %xmm7, %xmm13, %xmm13 + vpxor %xmm7, %xmm14, %xmm14 + vpxor %xmm7, %xmm15, %xmm15 + vmovdqa 112(%rsp), %xmm7 + vmovdqu -128(%rdx), %xmm0 + vaesenc 16(%rdi), %xmm8, %xmm8 + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 + vpxor %xmm2, %xmm0, %xmm0 + vpshufd $0x4e, %xmm7, %xmm1 + vpshufd $0x4e, %xmm0, %xmm5 + vpxor %xmm7, %xmm1, %xmm1 + vpxor %xmm0, %xmm5, %xmm5 + vpclmulqdq $0x11, %xmm7, %xmm0, %xmm3 + vaesenc 16(%rdi), %xmm9, %xmm9 + vaesenc 16(%rdi), %xmm10, %xmm10 + vpclmulqdq $0x00, %xmm7, %xmm0, %xmm2 + vaesenc 16(%rdi), %xmm11, %xmm11 + vaesenc 16(%rdi), %xmm12, %xmm12 + vpclmulqdq $0x00, %xmm5, %xmm1, %xmm1 + vaesenc 16(%rdi), %xmm13, %xmm13 + vaesenc 16(%rdi), %xmm14, %xmm14 + vaesenc 16(%rdi), %xmm15, %xmm15 + vpxor %xmm2, %xmm1, %xmm1 + vpxor %xmm3, %xmm1, %xmm1 + vmovdqa 96(%rsp), %xmm7 + vmovdqu -112(%rdx), %xmm0 + vpshufd $0x4e, %xmm7, %xmm4 + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 + vaesenc 32(%rdi), %xmm8, %xmm8 + vpxor %xmm7, %xmm4, %xmm4 + vpshufd $0x4e, %xmm0, %xmm5 + vpxor %xmm0, %xmm5, %xmm5 + vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6 + vaesenc 32(%rdi), %xmm9, %xmm9 + vaesenc 32(%rdi), %xmm10, %xmm10 + vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7 + vaesenc 32(%rdi), %xmm11, %xmm11 + vaesenc 32(%rdi), %xmm12, %xmm12 + vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4 + vaesenc 32(%rdi), %xmm13, %xmm13 + vaesenc 32(%rdi), %xmm14, %xmm14 + vaesenc 32(%rdi), %xmm15, %xmm15 + vpxor %xmm7, %xmm1, %xmm1 + vpxor %xmm7, %xmm2, %xmm2 + vpxor %xmm6, %xmm1, %xmm1 + vpxor %xmm6, %xmm3, %xmm3 + vpxor %xmm4, %xmm1, %xmm1 + vmovdqa 80(%rsp), %xmm7 + vmovdqu -96(%rdx), %xmm0 + vpshufd $0x4e, %xmm7, %xmm4 + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 + vaesenc 48(%rdi), %xmm8, %xmm8 + vpxor %xmm7, %xmm4, %xmm4 + vpshufd $0x4e, %xmm0, %xmm5 + vpxor %xmm0, %xmm5, %xmm5 + vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6 + vaesenc 48(%rdi), %xmm9, %xmm9 + vaesenc 48(%rdi), %xmm10, %xmm10 + vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7 + vaesenc 48(%rdi), %xmm11, %xmm11 + vaesenc 48(%rdi), %xmm12, %xmm12 + vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4 + vaesenc 48(%rdi), %xmm13, %xmm13 + vaesenc 48(%rdi), %xmm14, %xmm14 + vaesenc 48(%rdi), %xmm15, %xmm15 + vpxor %xmm7, %xmm1, %xmm1 + vpxor %xmm7, %xmm2, %xmm2 + vpxor %xmm6, %xmm1, %xmm1 + vpxor %xmm6, %xmm3, %xmm3 + vpxor %xmm4, %xmm1, %xmm1 + vmovdqa 64(%rsp), %xmm7 + vmovdqu -80(%rdx), %xmm0 + vpshufd $0x4e, %xmm7, %xmm4 + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 + vaesenc 64(%rdi), %xmm8, %xmm8 + vpxor %xmm7, %xmm4, %xmm4 + vpshufd $0x4e, %xmm0, %xmm5 + vpxor %xmm0, %xmm5, %xmm5 + vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6 + vaesenc 64(%rdi), %xmm9, %xmm9 + vaesenc 64(%rdi), %xmm10, %xmm10 + vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7 + vaesenc 64(%rdi), %xmm11, %xmm11 + vaesenc 64(%rdi), %xmm12, %xmm12 + vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4 + vaesenc 64(%rdi), %xmm13, %xmm13 + vaesenc 64(%rdi), %xmm14, %xmm14 + vaesenc 64(%rdi), %xmm15, %xmm15 + vpxor %xmm7, %xmm1, %xmm1 + vpxor %xmm7, %xmm2, %xmm2 + vpxor %xmm6, %xmm1, %xmm1 + vpxor %xmm6, %xmm3, %xmm3 + vpxor %xmm4, %xmm1, %xmm1 + vmovdqa 48(%rsp), %xmm7 + vmovdqu -64(%rdx), %xmm0 + vpshufd $0x4e, %xmm7, %xmm4 + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 + vaesenc 80(%rdi), %xmm8, %xmm8 + vpxor %xmm7, %xmm4, %xmm4 + vpshufd $0x4e, %xmm0, %xmm5 + vpxor %xmm0, %xmm5, %xmm5 + vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6 + vaesenc 80(%rdi), %xmm9, %xmm9 + vaesenc 80(%rdi), %xmm10, %xmm10 + vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7 + vaesenc 80(%rdi), %xmm11, %xmm11 + vaesenc 80(%rdi), %xmm12, %xmm12 + vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4 + vaesenc 80(%rdi), %xmm13, %xmm13 + vaesenc 80(%rdi), %xmm14, %xmm14 + vaesenc 80(%rdi), %xmm15, %xmm15 + vpxor %xmm7, %xmm1, %xmm1 + vpxor %xmm7, %xmm2, %xmm2 + vpxor %xmm6, %xmm1, %xmm1 + vpxor %xmm6, %xmm3, %xmm3 + vpxor %xmm4, %xmm1, %xmm1 + vmovdqa 32(%rsp), %xmm7 + vmovdqu -48(%rdx), %xmm0 + vpshufd $0x4e, %xmm7, %xmm4 + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 + vaesenc 96(%rdi), %xmm8, %xmm8 + vpxor %xmm7, %xmm4, %xmm4 + vpshufd $0x4e, %xmm0, %xmm5 + vpxor %xmm0, %xmm5, %xmm5 + vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6 + vaesenc 96(%rdi), %xmm9, %xmm9 + vaesenc 96(%rdi), %xmm10, %xmm10 + vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7 + vaesenc 96(%rdi), %xmm11, %xmm11 + vaesenc 96(%rdi), %xmm12, %xmm12 + vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4 + vaesenc 96(%rdi), %xmm13, %xmm13 + vaesenc 96(%rdi), %xmm14, %xmm14 + vaesenc 96(%rdi), %xmm15, %xmm15 + vpxor %xmm7, %xmm1, %xmm1 + vpxor %xmm7, %xmm2, %xmm2 + vpxor %xmm6, %xmm1, %xmm1 + vpxor %xmm6, %xmm3, %xmm3 + vpxor %xmm4, %xmm1, %xmm1 + vmovdqa 16(%rsp), %xmm7 + vmovdqu -32(%rdx), %xmm0 + vpshufd $0x4e, %xmm7, %xmm4 + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 + vaesenc 112(%rdi), %xmm8, %xmm8 + vpxor %xmm7, %xmm4, %xmm4 + vpshufd $0x4e, %xmm0, %xmm5 + vpxor %xmm0, %xmm5, %xmm5 + vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6 + vaesenc 112(%rdi), %xmm9, %xmm9 + vaesenc 112(%rdi), %xmm10, %xmm10 + vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7 + vaesenc 112(%rdi), %xmm11, %xmm11 + vaesenc 112(%rdi), %xmm12, %xmm12 + vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4 + vaesenc 112(%rdi), %xmm13, %xmm13 + vaesenc 112(%rdi), %xmm14, %xmm14 + vaesenc 112(%rdi), %xmm15, %xmm15 + vpxor %xmm7, %xmm1, %xmm1 + vpxor %xmm7, %xmm2, %xmm2 + vpxor %xmm6, %xmm1, %xmm1 + vpxor %xmm6, %xmm3, %xmm3 + vpxor %xmm4, %xmm1, %xmm1 + vmovdqa (%rsp), %xmm7 + vmovdqu -16(%rdx), %xmm0 + vpshufd $0x4e, %xmm7, %xmm4 + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 + vaesenc 128(%rdi), %xmm8, %xmm8 + vpxor %xmm7, %xmm4, %xmm4 + vpshufd $0x4e, %xmm0, %xmm5 + vpxor %xmm0, %xmm5, %xmm5 + vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6 + vaesenc 128(%rdi), %xmm9, %xmm9 + vaesenc 128(%rdi), %xmm10, %xmm10 + vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7 + vaesenc 128(%rdi), %xmm11, %xmm11 + vaesenc 128(%rdi), %xmm12, %xmm12 + vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4 + vaesenc 128(%rdi), %xmm13, %xmm13 + vaesenc 128(%rdi), %xmm14, %xmm14 + vaesenc 128(%rdi), %xmm15, %xmm15 + vpxor %xmm7, %xmm1, %xmm1 + vpxor %xmm7, %xmm2, %xmm2 + vpxor %xmm6, %xmm1, %xmm1 + vpxor %xmm6, %xmm3, %xmm3 + vpxor %xmm4, %xmm1, %xmm1 + vpslldq $8, %xmm1, %xmm5 + vpsrldq $8, %xmm1, %xmm1 + vaesenc 144(%rdi), %xmm8, %xmm8 + vpxor %xmm5, %xmm2, %xmm2 + vpxor %xmm1, %xmm3, %xmm3 + vaesenc 144(%rdi), %xmm9, %xmm9 + vpslld $31, %xmm2, %xmm7 + vpslld $30, %xmm2, %xmm4 + vpslld $25, %xmm2, %xmm5 + vaesenc 144(%rdi), %xmm10, %xmm10 + vpxor %xmm4, %xmm7, %xmm7 + vpxor %xmm5, %xmm7, %xmm7 + vaesenc 144(%rdi), %xmm11, %xmm11 + vpsrldq $4, %xmm7, %xmm4 + vpslldq $12, %xmm7, %xmm7 + vaesenc 144(%rdi), %xmm12, %xmm12 + vpxor %xmm7, %xmm2, %xmm2 + vpsrld $0x01, %xmm2, %xmm5 + vaesenc 144(%rdi), %xmm13, %xmm13 + vpsrld $2, %xmm2, %xmm1 + vpsrld $7, %xmm2, %xmm0 + vaesenc 144(%rdi), %xmm14, %xmm14 + vpxor %xmm1, %xmm5, %xmm5 + vpxor %xmm0, %xmm5, %xmm5 + vaesenc 144(%rdi), %xmm15, %xmm15 + vpxor %xmm4, %xmm5, %xmm5 + vpxor %xmm5, %xmm2, %xmm2 + vpxor %xmm3, %xmm2, %xmm2 + cmpl $11, %esi + vmovdqa 160(%rdi), %xmm7 + jl L_AES_GCM_encrypt_update_avx1_aesenc_128_ghash_avx_done + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 176(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + cmpl $13, %esi + vmovdqa 192(%rdi), %xmm7 + jl L_AES_GCM_encrypt_update_avx1_aesenc_128_ghash_avx_done + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 208(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 224(%rdi), %xmm7 +L_AES_GCM_encrypt_update_avx1_aesenc_128_ghash_avx_done: + vaesenclast %xmm7, %xmm8, %xmm8 + vaesenclast %xmm7, %xmm9, %xmm9 + vmovdqu (%rcx), %xmm0 + vmovdqu 16(%rcx), %xmm1 + vpxor %xmm0, %xmm8, %xmm8 + vpxor %xmm1, %xmm9, %xmm9 + vmovdqu %xmm8, (%rdx) + vmovdqu %xmm9, 16(%rdx) + vaesenclast %xmm7, %xmm10, %xmm10 + vaesenclast %xmm7, %xmm11, %xmm11 + vmovdqu 32(%rcx), %xmm0 + vmovdqu 48(%rcx), %xmm1 + vpxor %xmm0, %xmm10, %xmm10 + vpxor %xmm1, %xmm11, %xmm11 + vmovdqu %xmm10, 32(%rdx) + vmovdqu %xmm11, 48(%rdx) + vaesenclast %xmm7, %xmm12, %xmm12 + vaesenclast %xmm7, %xmm13, %xmm13 + vmovdqu 64(%rcx), %xmm0 + vmovdqu 80(%rcx), %xmm1 + vpxor %xmm0, %xmm12, %xmm12 + vpxor %xmm1, %xmm13, %xmm13 + vmovdqu %xmm12, 64(%rdx) + vmovdqu %xmm13, 80(%rdx) + vaesenclast %xmm7, %xmm14, %xmm14 + vaesenclast %xmm7, %xmm15, %xmm15 + vmovdqu 96(%rcx), %xmm0 + vmovdqu 112(%rcx), %xmm1 + vpxor %xmm0, %xmm14, %xmm14 + vpxor %xmm1, %xmm15, %xmm15 + vmovdqu %xmm14, 96(%rdx) + vmovdqu %xmm15, 112(%rdx) + addl $0x80, %r14d + cmpl %r13d, %r14d + jl L_AES_GCM_encrypt_update_avx1_ghash_128 +L_AES_GCM_encrypt_update_avx1_end_128: + vmovdqa L_avx1_aes_gcm_bswap_mask(%rip), %xmm4 + vpshufb %xmm4, %xmm8, %xmm8 + vpshufb %xmm4, %xmm9, %xmm9 + vpshufb %xmm4, %xmm10, %xmm10 + vpshufb %xmm4, %xmm11, %xmm11 + vpxor %xmm2, %xmm8, %xmm8 + vpshufb %xmm4, %xmm12, %xmm12 + vpshufb %xmm4, %xmm13, %xmm13 + vpshufb %xmm4, %xmm14, %xmm14 + vpshufb %xmm4, %xmm15, %xmm15 + vmovdqa (%rsp), %xmm7 + vmovdqa 16(%rsp), %xmm5 + # ghash_gfmul_avx + vpshufd $0x4e, %xmm15, %xmm1 + vpshufd $0x4e, %xmm7, %xmm2 + vpclmulqdq $0x11, %xmm15, %xmm7, %xmm3 + vpclmulqdq $0x00, %xmm15, %xmm7, %xmm0 + vpxor %xmm15, %xmm1, %xmm1 + vpxor %xmm7, %xmm2, %xmm2 + vpclmulqdq $0x00, %xmm2, %xmm1, %xmm1 + vpxor %xmm0, %xmm1, %xmm1 + vpxor %xmm3, %xmm1, %xmm1 + vmovdqa %xmm0, %xmm4 + vmovdqa %xmm3, %xmm6 + vpslldq $8, %xmm1, %xmm2 + vpsrldq $8, %xmm1, %xmm1 + vpxor %xmm2, %xmm4, %xmm4 + vpxor %xmm1, %xmm6, %xmm6 + # ghash_gfmul_xor_avx + vpshufd $0x4e, %xmm14, %xmm1 + vpshufd $0x4e, %xmm5, %xmm2 + vpclmulqdq $0x11, %xmm14, %xmm5, %xmm3 + vpclmulqdq $0x00, %xmm14, %xmm5, %xmm0 + vpxor %xmm14, %xmm1, %xmm1 + vpxor %xmm5, %xmm2, %xmm2 + vpclmulqdq $0x00, %xmm2, %xmm1, %xmm1 + vpxor %xmm0, %xmm1, %xmm1 + vpxor %xmm3, %xmm1, %xmm1 + vpxor %xmm0, %xmm4, %xmm4 + vpxor %xmm3, %xmm6, %xmm6 + vpslldq $8, %xmm1, %xmm2 + vpsrldq $8, %xmm1, %xmm1 + vpxor %xmm2, %xmm4, %xmm4 + vpxor %xmm1, %xmm6, %xmm6 + vmovdqa 32(%rsp), %xmm7 + vmovdqa 48(%rsp), %xmm5 + # ghash_gfmul_xor_avx + vpshufd $0x4e, %xmm13, %xmm1 + vpshufd $0x4e, %xmm7, %xmm2 + vpclmulqdq $0x11, %xmm13, %xmm7, %xmm3 + vpclmulqdq $0x00, %xmm13, %xmm7, %xmm0 + vpxor %xmm13, %xmm1, %xmm1 + vpxor %xmm7, %xmm2, %xmm2 + vpclmulqdq $0x00, %xmm2, %xmm1, %xmm1 + vpxor %xmm0, %xmm1, %xmm1 + vpxor %xmm3, %xmm1, %xmm1 + vpxor %xmm0, %xmm4, %xmm4 + vpxor %xmm3, %xmm6, %xmm6 + vpslldq $8, %xmm1, %xmm2 + vpsrldq $8, %xmm1, %xmm1 + vpxor %xmm2, %xmm4, %xmm4 + vpxor %xmm1, %xmm6, %xmm6 + # ghash_gfmul_xor_avx + vpshufd $0x4e, %xmm12, %xmm1 + vpshufd $0x4e, %xmm5, %xmm2 + vpclmulqdq $0x11, %xmm12, %xmm5, %xmm3 + vpclmulqdq $0x00, %xmm12, %xmm5, %xmm0 + vpxor %xmm12, %xmm1, %xmm1 + vpxor %xmm5, %xmm2, %xmm2 + vpclmulqdq $0x00, %xmm2, %xmm1, %xmm1 + vpxor %xmm0, %xmm1, %xmm1 + vpxor %xmm3, %xmm1, %xmm1 + vpxor %xmm0, %xmm4, %xmm4 + vpxor %xmm3, %xmm6, %xmm6 + vpslldq $8, %xmm1, %xmm2 + vpsrldq $8, %xmm1, %xmm1 + vpxor %xmm2, %xmm4, %xmm4 + vpxor %xmm1, %xmm6, %xmm6 + vmovdqa 64(%rsp), %xmm7 + vmovdqa 80(%rsp), %xmm5 + # ghash_gfmul_xor_avx + vpshufd $0x4e, %xmm11, %xmm1 + vpshufd $0x4e, %xmm7, %xmm2 + vpclmulqdq $0x11, %xmm11, %xmm7, %xmm3 + vpclmulqdq $0x00, %xmm11, %xmm7, %xmm0 + vpxor %xmm11, %xmm1, %xmm1 + vpxor %xmm7, %xmm2, %xmm2 + vpclmulqdq $0x00, %xmm2, %xmm1, %xmm1 + vpxor %xmm0, %xmm1, %xmm1 + vpxor %xmm3, %xmm1, %xmm1 + vpxor %xmm0, %xmm4, %xmm4 + vpxor %xmm3, %xmm6, %xmm6 + vpslldq $8, %xmm1, %xmm2 + vpsrldq $8, %xmm1, %xmm1 + vpxor %xmm2, %xmm4, %xmm4 + vpxor %xmm1, %xmm6, %xmm6 + # ghash_gfmul_xor_avx + vpshufd $0x4e, %xmm10, %xmm1 + vpshufd $0x4e, %xmm5, %xmm2 + vpclmulqdq $0x11, %xmm10, %xmm5, %xmm3 + vpclmulqdq $0x00, %xmm10, %xmm5, %xmm0 + vpxor %xmm10, %xmm1, %xmm1 + vpxor %xmm5, %xmm2, %xmm2 + vpclmulqdq $0x00, %xmm2, %xmm1, %xmm1 + vpxor %xmm0, %xmm1, %xmm1 + vpxor %xmm3, %xmm1, %xmm1 + vpxor %xmm0, %xmm4, %xmm4 + vpxor %xmm3, %xmm6, %xmm6 + vpslldq $8, %xmm1, %xmm2 + vpsrldq $8, %xmm1, %xmm1 + vpxor %xmm2, %xmm4, %xmm4 + vpxor %xmm1, %xmm6, %xmm6 + vmovdqa 96(%rsp), %xmm7 + vmovdqa 112(%rsp), %xmm5 + # ghash_gfmul_xor_avx + vpshufd $0x4e, %xmm9, %xmm1 + vpshufd $0x4e, %xmm7, %xmm2 + vpclmulqdq $0x11, %xmm9, %xmm7, %xmm3 + vpclmulqdq $0x00, %xmm9, %xmm7, %xmm0 + vpxor %xmm9, %xmm1, %xmm1 + vpxor %xmm7, %xmm2, %xmm2 + vpclmulqdq $0x00, %xmm2, %xmm1, %xmm1 + vpxor %xmm0, %xmm1, %xmm1 + vpxor %xmm3, %xmm1, %xmm1 + vpxor %xmm0, %xmm4, %xmm4 + vpxor %xmm3, %xmm6, %xmm6 + vpslldq $8, %xmm1, %xmm2 + vpsrldq $8, %xmm1, %xmm1 + vpxor %xmm2, %xmm4, %xmm4 + vpxor %xmm1, %xmm6, %xmm6 + # ghash_gfmul_xor_avx + vpshufd $0x4e, %xmm8, %xmm1 + vpshufd $0x4e, %xmm5, %xmm2 + vpclmulqdq $0x11, %xmm8, %xmm5, %xmm3 + vpclmulqdq $0x00, %xmm8, %xmm5, %xmm0 + vpxor %xmm8, %xmm1, %xmm1 + vpxor %xmm5, %xmm2, %xmm2 + vpclmulqdq $0x00, %xmm2, %xmm1, %xmm1 + vpxor %xmm0, %xmm1, %xmm1 + vpxor %xmm3, %xmm1, %xmm1 + vpxor %xmm0, %xmm4, %xmm4 + vpxor %xmm3, %xmm6, %xmm6 + vpslldq $8, %xmm1, %xmm2 + vpsrldq $8, %xmm1, %xmm1 + vpxor %xmm2, %xmm4, %xmm4 + vpxor %xmm1, %xmm6, %xmm6 + vpslld $31, %xmm4, %xmm0 + vpslld $30, %xmm4, %xmm1 + vpslld $25, %xmm4, %xmm2 + vpxor %xmm1, %xmm0, %xmm0 + vpxor %xmm2, %xmm0, %xmm0 + vmovdqa %xmm0, %xmm1 + vpsrldq $4, %xmm1, %xmm1 + vpslldq $12, %xmm0, %xmm0 + vpxor %xmm0, %xmm4, %xmm4 + vpsrld $0x01, %xmm4, %xmm2 + vpsrld $2, %xmm4, %xmm3 + vpsrld $7, %xmm4, %xmm0 + vpxor %xmm3, %xmm2, %xmm2 + vpxor %xmm0, %xmm2, %xmm2 + vpxor %xmm1, %xmm2, %xmm2 + vpxor %xmm4, %xmm2, %xmm2 + vpxor %xmm2, %xmm6, %xmm6 + vmovdqa (%rsp), %xmm5 +L_AES_GCM_encrypt_update_avx1_done_128: + movl %r8d, %edx + cmpl %edx, %r14d + jge L_AES_GCM_encrypt_update_avx1_done_enc + movl %r8d, %r13d + andl $0xfffffff0, %r13d + cmpl %r13d, %r14d + jge L_AES_GCM_encrypt_update_avx1_last_block_done + vmovdqa (%r12), %xmm9 + vpshufb L_avx1_aes_gcm_bswap_epi64(%rip), %xmm9, %xmm8 + vpaddd L_avx1_aes_gcm_one(%rip), %xmm9, %xmm9 + vmovdqa %xmm9, (%r12) + vpxor (%rdi), %xmm8, %xmm8 + vaesenc 16(%rdi), %xmm8, %xmm8 + vaesenc 32(%rdi), %xmm8, %xmm8 + vaesenc 48(%rdi), %xmm8, %xmm8 + vaesenc 64(%rdi), %xmm8, %xmm8 + vaesenc 80(%rdi), %xmm8, %xmm8 + vaesenc 96(%rdi), %xmm8, %xmm8 + vaesenc 112(%rdi), %xmm8, %xmm8 + vaesenc 128(%rdi), %xmm8, %xmm8 + vaesenc 144(%rdi), %xmm8, %xmm8 + cmpl $11, %esi + vmovdqa 160(%rdi), %xmm9 + jl L_AES_GCM_encrypt_update_avx1_aesenc_block_last + vaesenc %xmm9, %xmm8, %xmm8 + vaesenc 176(%rdi), %xmm8, %xmm8 + cmpl $13, %esi + vmovdqa 192(%rdi), %xmm9 + jl L_AES_GCM_encrypt_update_avx1_aesenc_block_last + vaesenc %xmm9, %xmm8, %xmm8 + vaesenc 208(%rdi), %xmm8, %xmm8 + vmovdqa 224(%rdi), %xmm9 +L_AES_GCM_encrypt_update_avx1_aesenc_block_last: + vaesenclast %xmm9, %xmm8, %xmm8 + vmovdqu (%r11,%r14,1), %xmm9 + vpxor %xmm9, %xmm8, %xmm8 + vmovdqu %xmm8, (%r10,%r14,1) + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm8, %xmm8 + vpxor %xmm8, %xmm6, %xmm6 + addl $16, %r14d + cmpl %r13d, %r14d + jge L_AES_GCM_encrypt_update_avx1_last_block_ghash +L_AES_GCM_encrypt_update_avx1_last_block_start: + vmovdqu (%r11,%r14,1), %xmm13 + vmovdqa (%r12), %xmm9 + vpshufb L_avx1_aes_gcm_bswap_epi64(%rip), %xmm9, %xmm8 + vpaddd L_avx1_aes_gcm_one(%rip), %xmm9, %xmm9 + vmovdqa %xmm9, (%r12) + vpxor (%rdi), %xmm8, %xmm8 + vpclmulqdq $16, %xmm5, %xmm6, %xmm10 + vaesenc 16(%rdi), %xmm8, %xmm8 + vaesenc 32(%rdi), %xmm8, %xmm8 + vpclmulqdq $0x01, %xmm5, %xmm6, %xmm11 + vaesenc 48(%rdi), %xmm8, %xmm8 + vaesenc 64(%rdi), %xmm8, %xmm8 + vpclmulqdq $0x00, %xmm5, %xmm6, %xmm12 + vaesenc 80(%rdi), %xmm8, %xmm8 + vpclmulqdq $0x11, %xmm5, %xmm6, %xmm1 + vaesenc 96(%rdi), %xmm8, %xmm8 + vpxor %xmm11, %xmm10, %xmm10 + vpslldq $8, %xmm10, %xmm2 + vpsrldq $8, %xmm10, %xmm10 + vaesenc 112(%rdi), %xmm8, %xmm8 + vpxor %xmm12, %xmm2, %xmm2 + vpxor %xmm10, %xmm1, %xmm3 + vmovdqa L_avx1_aes_gcm_mod2_128(%rip), %xmm0 + vpclmulqdq $16, %xmm0, %xmm2, %xmm11 + vaesenc 128(%rdi), %xmm8, %xmm8 + vpshufd $0x4e, %xmm2, %xmm10 + vpxor %xmm11, %xmm10, %xmm10 + vpclmulqdq $16, %xmm0, %xmm10, %xmm11 + vaesenc 144(%rdi), %xmm8, %xmm8 + vpshufd $0x4e, %xmm10, %xmm10 + vpxor %xmm11, %xmm10, %xmm10 + vpxor %xmm3, %xmm10, %xmm6 + cmpl $11, %esi + vmovdqa 160(%rdi), %xmm9 + jl L_AES_GCM_encrypt_update_avx1_aesenc_gfmul_last + vaesenc %xmm9, %xmm8, %xmm8 + vaesenc 176(%rdi), %xmm8, %xmm8 + cmpl $13, %esi + vmovdqa 192(%rdi), %xmm9 + jl L_AES_GCM_encrypt_update_avx1_aesenc_gfmul_last + vaesenc %xmm9, %xmm8, %xmm8 + vaesenc 208(%rdi), %xmm8, %xmm8 + vmovdqa 224(%rdi), %xmm9 +L_AES_GCM_encrypt_update_avx1_aesenc_gfmul_last: + vaesenclast %xmm9, %xmm8, %xmm8 + vmovdqa %xmm13, %xmm0 + vpxor %xmm0, %xmm8, %xmm8 + vmovdqu %xmm8, (%r10,%r14,1) + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm8, %xmm8 + addl $16, %r14d + vpxor %xmm8, %xmm6, %xmm6 + cmpl %r13d, %r14d + jl L_AES_GCM_encrypt_update_avx1_last_block_start +L_AES_GCM_encrypt_update_avx1_last_block_ghash: + # ghash_gfmul_red_avx + vpshufd $0x4e, %xmm5, %xmm9 + vpshufd $0x4e, %xmm6, %xmm10 + vpclmulqdq $0x11, %xmm5, %xmm6, %xmm11 + vpclmulqdq $0x00, %xmm5, %xmm6, %xmm8 + vpxor %xmm5, %xmm9, %xmm9 + vpxor %xmm6, %xmm10, %xmm10 + vpclmulqdq $0x00, %xmm10, %xmm9, %xmm9 + vpxor %xmm8, %xmm9, %xmm9 + vpxor %xmm11, %xmm9, %xmm9 + vpslldq $8, %xmm9, %xmm10 + vpsrldq $8, %xmm9, %xmm9 + vpxor %xmm10, %xmm8, %xmm8 + vpxor %xmm9, %xmm11, %xmm6 + vpslld $31, %xmm8, %xmm12 + vpslld $30, %xmm8, %xmm13 + vpslld $25, %xmm8, %xmm14 + vpxor %xmm13, %xmm12, %xmm12 + vpxor %xmm14, %xmm12, %xmm12 + vpsrldq $4, %xmm12, %xmm13 + vpslldq $12, %xmm12, %xmm12 + vpxor %xmm12, %xmm8, %xmm8 + vpsrld $0x01, %xmm8, %xmm14 + vpsrld $2, %xmm8, %xmm10 + vpsrld $7, %xmm8, %xmm9 + vpxor %xmm10, %xmm14, %xmm14 + vpxor %xmm9, %xmm14, %xmm14 + vpxor %xmm13, %xmm14, %xmm14 + vpxor %xmm8, %xmm14, %xmm14 + vpxor %xmm14, %xmm6, %xmm6 +L_AES_GCM_encrypt_update_avx1_last_block_done: +L_AES_GCM_encrypt_update_avx1_done_enc: + vmovdqa %xmm6, (%r9) + vzeroupper + addq $0xa0, %rsp + popq %r14 + popq %r12 + popq %r13 + repz retq +#ifndef __APPLE__ +.size AES_GCM_encrypt_update_avx1,.-AES_GCM_encrypt_update_avx1 +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_GCM_encrypt_final_avx1 +.type AES_GCM_encrypt_final_avx1,@function +.align 16 +AES_GCM_encrypt_final_avx1: +#else +.section __TEXT,__text +.globl _AES_GCM_encrypt_final_avx1 +.p2align 4 +_AES_GCM_encrypt_final_avx1: +#endif /* __APPLE__ */ + pushq %r13 + movq %rdx, %rax + movl %ecx, %r10d + movl %r8d, %r11d + movq 16(%rsp), %r8 + subq $16, %rsp + vmovdqa (%rdi), %xmm4 + vmovdqa (%r9), %xmm5 + vmovdqa (%r8), %xmm6 + vpsrlq $63, %xmm5, %xmm9 + vpsllq $0x01, %xmm5, %xmm8 + vpslldq $8, %xmm9, %xmm9 + vpor %xmm9, %xmm8, %xmm8 + vpshufd $0xff, %xmm5, %xmm5 + vpsrad $31, %xmm5, %xmm5 + vpand L_avx1_aes_gcm_mod2_128(%rip), %xmm5, %xmm5 + vpxor %xmm8, %xmm5, %xmm5 + movl %r10d, %edx + movl %r11d, %ecx + shlq $3, %rdx + shlq $3, %rcx + vpinsrq $0x00, %rdx, %xmm0, %xmm0 + vpinsrq $0x01, %rcx, %xmm0, %xmm0 + vpxor %xmm0, %xmm4, %xmm4 + # ghash_gfmul_red_avx + vpshufd $0x4e, %xmm5, %xmm9 + vpshufd $0x4e, %xmm4, %xmm10 + vpclmulqdq $0x11, %xmm5, %xmm4, %xmm11 + vpclmulqdq $0x00, %xmm5, %xmm4, %xmm8 + vpxor %xmm5, %xmm9, %xmm9 + vpxor %xmm4, %xmm10, %xmm10 + vpclmulqdq $0x00, %xmm10, %xmm9, %xmm9 + vpxor %xmm8, %xmm9, %xmm9 + vpxor %xmm11, %xmm9, %xmm9 + vpslldq $8, %xmm9, %xmm10 + vpsrldq $8, %xmm9, %xmm9 + vpxor %xmm10, %xmm8, %xmm8 + vpxor %xmm9, %xmm11, %xmm4 + vpslld $31, %xmm8, %xmm12 + vpslld $30, %xmm8, %xmm13 + vpslld $25, %xmm8, %xmm14 + vpxor %xmm13, %xmm12, %xmm12 + vpxor %xmm14, %xmm12, %xmm12 + vpsrldq $4, %xmm12, %xmm13 + vpslldq $12, %xmm12, %xmm12 + vpxor %xmm12, %xmm8, %xmm8 + vpsrld $0x01, %xmm8, %xmm14 + vpsrld $2, %xmm8, %xmm10 + vpsrld $7, %xmm8, %xmm9 + vpxor %xmm10, %xmm14, %xmm14 + vpxor %xmm9, %xmm14, %xmm14 + vpxor %xmm13, %xmm14, %xmm14 + vpxor %xmm8, %xmm14, %xmm14 + vpxor %xmm14, %xmm4, %xmm4 + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm4, %xmm4 + vpxor %xmm6, %xmm4, %xmm0 + cmpl $16, %eax + je L_AES_GCM_encrypt_final_avx1_store_tag_16 + xorq %rcx, %rcx + vmovdqu %xmm0, (%rsp) +L_AES_GCM_encrypt_final_avx1_store_tag_loop: + movzbl (%rsp,%rcx,1), %r13d + movb %r13b, (%rsi,%rcx,1) + incl %ecx + cmpl %eax, %ecx + jne L_AES_GCM_encrypt_final_avx1_store_tag_loop + jmp L_AES_GCM_encrypt_final_avx1_store_tag_done +L_AES_GCM_encrypt_final_avx1_store_tag_16: + vmovdqu %xmm0, (%rsi) +L_AES_GCM_encrypt_final_avx1_store_tag_done: + vzeroupper + addq $16, %rsp + popq %r13 + repz retq +#ifndef __APPLE__ +.size AES_GCM_encrypt_final_avx1,.-AES_GCM_encrypt_final_avx1 +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_GCM_decrypt_update_avx1 +.type AES_GCM_decrypt_update_avx1,@function +.align 16 +AES_GCM_decrypt_update_avx1: +#else +.section __TEXT,__text +.globl _AES_GCM_decrypt_update_avx1 +.p2align 4 +_AES_GCM_decrypt_update_avx1: +#endif /* __APPLE__ */ + pushq %r13 + pushq %r12 + pushq %r14 + movq %rdx, %r10 + movq %rcx, %r11 + movq 32(%rsp), %rax + movq 40(%rsp), %r12 + subq $0xa8, %rsp + vmovdqa (%r9), %xmm6 + vmovdqa (%rax), %xmm5 + vpsrlq $63, %xmm5, %xmm9 + vpsllq $0x01, %xmm5, %xmm8 + vpslldq $8, %xmm9, %xmm9 + vpor %xmm9, %xmm8, %xmm8 + vpshufd $0xff, %xmm5, %xmm5 + vpsrad $31, %xmm5, %xmm5 + vpand L_avx1_aes_gcm_mod2_128(%rip), %xmm5, %xmm5 + vpxor %xmm8, %xmm5, %xmm5 + xorl %r14d, %r14d + cmpl $0x80, %r8d + movl %r8d, %r13d + jl L_AES_GCM_decrypt_update_avx1_done_128 + andl $0xffffff80, %r13d + vmovdqa %xmm6, %xmm2 + # H ^ 1 + vmovdqa %xmm5, (%rsp) + # H ^ 2 + vpclmulqdq $0x00, %xmm5, %xmm5, %xmm8 + vpclmulqdq $0x11, %xmm5, %xmm5, %xmm0 + vpslld $31, %xmm8, %xmm12 + vpslld $30, %xmm8, %xmm13 + vpslld $25, %xmm8, %xmm14 + vpxor %xmm13, %xmm12, %xmm12 + vpxor %xmm14, %xmm12, %xmm12 + vpsrldq $4, %xmm12, %xmm13 + vpslldq $12, %xmm12, %xmm12 + vpxor %xmm12, %xmm8, %xmm8 + vpsrld $0x01, %xmm8, %xmm14 + vpsrld $2, %xmm8, %xmm10 + vpsrld $7, %xmm8, %xmm9 + vpxor %xmm10, %xmm14, %xmm14 + vpxor %xmm9, %xmm14, %xmm14 + vpxor %xmm13, %xmm14, %xmm14 + vpxor %xmm8, %xmm14, %xmm14 + vpxor %xmm14, %xmm0, %xmm0 + vmovdqa %xmm0, 16(%rsp) + # H ^ 3 + # ghash_gfmul_red_avx + vpshufd $0x4e, %xmm5, %xmm9 + vpshufd $0x4e, %xmm0, %xmm10 + vpclmulqdq $0x11, %xmm5, %xmm0, %xmm11 + vpclmulqdq $0x00, %xmm5, %xmm0, %xmm8 + vpxor %xmm5, %xmm9, %xmm9 + vpxor %xmm0, %xmm10, %xmm10 + vpclmulqdq $0x00, %xmm10, %xmm9, %xmm9 + vpxor %xmm8, %xmm9, %xmm9 + vpxor %xmm11, %xmm9, %xmm9 + vpslldq $8, %xmm9, %xmm10 + vpsrldq $8, %xmm9, %xmm9 + vpxor %xmm10, %xmm8, %xmm8 + vpxor %xmm9, %xmm11, %xmm1 + vpslld $31, %xmm8, %xmm12 + vpslld $30, %xmm8, %xmm13 + vpslld $25, %xmm8, %xmm14 + vpxor %xmm13, %xmm12, %xmm12 + vpxor %xmm14, %xmm12, %xmm12 + vpsrldq $4, %xmm12, %xmm13 + vpslldq $12, %xmm12, %xmm12 + vpxor %xmm12, %xmm8, %xmm8 + vpsrld $0x01, %xmm8, %xmm14 + vpsrld $2, %xmm8, %xmm10 + vpsrld $7, %xmm8, %xmm9 + vpxor %xmm10, %xmm14, %xmm14 + vpxor %xmm9, %xmm14, %xmm14 + vpxor %xmm13, %xmm14, %xmm14 + vpxor %xmm8, %xmm14, %xmm14 + vpxor %xmm14, %xmm1, %xmm1 + vmovdqa %xmm1, 32(%rsp) + # H ^ 4 + vpclmulqdq $0x00, %xmm0, %xmm0, %xmm8 + vpclmulqdq $0x11, %xmm0, %xmm0, %xmm3 + vpslld $31, %xmm8, %xmm12 + vpslld $30, %xmm8, %xmm13 + vpslld $25, %xmm8, %xmm14 + vpxor %xmm13, %xmm12, %xmm12 + vpxor %xmm14, %xmm12, %xmm12 + vpsrldq $4, %xmm12, %xmm13 + vpslldq $12, %xmm12, %xmm12 + vpxor %xmm12, %xmm8, %xmm8 + vpsrld $0x01, %xmm8, %xmm14 + vpsrld $2, %xmm8, %xmm10 + vpsrld $7, %xmm8, %xmm9 + vpxor %xmm10, %xmm14, %xmm14 + vpxor %xmm9, %xmm14, %xmm14 + vpxor %xmm13, %xmm14, %xmm14 + vpxor %xmm8, %xmm14, %xmm14 + vpxor %xmm14, %xmm3, %xmm3 + vmovdqa %xmm3, 48(%rsp) + # H ^ 5 + # ghash_gfmul_red_avx + vpshufd $0x4e, %xmm0, %xmm9 + vpshufd $0x4e, %xmm1, %xmm10 + vpclmulqdq $0x11, %xmm0, %xmm1, %xmm11 + vpclmulqdq $0x00, %xmm0, %xmm1, %xmm8 + vpxor %xmm0, %xmm9, %xmm9 + vpxor %xmm1, %xmm10, %xmm10 + vpclmulqdq $0x00, %xmm10, %xmm9, %xmm9 + vpxor %xmm8, %xmm9, %xmm9 + vpxor %xmm11, %xmm9, %xmm9 + vpslldq $8, %xmm9, %xmm10 + vpsrldq $8, %xmm9, %xmm9 + vpxor %xmm10, %xmm8, %xmm8 + vpxor %xmm9, %xmm11, %xmm7 + vpslld $31, %xmm8, %xmm12 + vpslld $30, %xmm8, %xmm13 + vpslld $25, %xmm8, %xmm14 + vpxor %xmm13, %xmm12, %xmm12 + vpxor %xmm14, %xmm12, %xmm12 + vpsrldq $4, %xmm12, %xmm13 + vpslldq $12, %xmm12, %xmm12 + vpxor %xmm12, %xmm8, %xmm8 + vpsrld $0x01, %xmm8, %xmm14 + vpsrld $2, %xmm8, %xmm10 + vpsrld $7, %xmm8, %xmm9 + vpxor %xmm10, %xmm14, %xmm14 + vpxor %xmm9, %xmm14, %xmm14 + vpxor %xmm13, %xmm14, %xmm14 + vpxor %xmm8, %xmm14, %xmm14 + vpxor %xmm14, %xmm7, %xmm7 + vmovdqa %xmm7, 64(%rsp) + # H ^ 6 + vpclmulqdq $0x00, %xmm1, %xmm1, %xmm8 + vpclmulqdq $0x11, %xmm1, %xmm1, %xmm7 + vpslld $31, %xmm8, %xmm12 + vpslld $30, %xmm8, %xmm13 + vpslld $25, %xmm8, %xmm14 + vpxor %xmm13, %xmm12, %xmm12 + vpxor %xmm14, %xmm12, %xmm12 + vpsrldq $4, %xmm12, %xmm13 + vpslldq $12, %xmm12, %xmm12 + vpxor %xmm12, %xmm8, %xmm8 + vpsrld $0x01, %xmm8, %xmm14 + vpsrld $2, %xmm8, %xmm10 + vpsrld $7, %xmm8, %xmm9 + vpxor %xmm10, %xmm14, %xmm14 + vpxor %xmm9, %xmm14, %xmm14 + vpxor %xmm13, %xmm14, %xmm14 + vpxor %xmm8, %xmm14, %xmm14 + vpxor %xmm14, %xmm7, %xmm7 + vmovdqa %xmm7, 80(%rsp) + # H ^ 7 + # ghash_gfmul_red_avx + vpshufd $0x4e, %xmm1, %xmm9 + vpshufd $0x4e, %xmm3, %xmm10 + vpclmulqdq $0x11, %xmm1, %xmm3, %xmm11 + vpclmulqdq $0x00, %xmm1, %xmm3, %xmm8 + vpxor %xmm1, %xmm9, %xmm9 + vpxor %xmm3, %xmm10, %xmm10 + vpclmulqdq $0x00, %xmm10, %xmm9, %xmm9 + vpxor %xmm8, %xmm9, %xmm9 + vpxor %xmm11, %xmm9, %xmm9 + vpslldq $8, %xmm9, %xmm10 + vpsrldq $8, %xmm9, %xmm9 + vpxor %xmm10, %xmm8, %xmm8 + vpxor %xmm9, %xmm11, %xmm7 + vpslld $31, %xmm8, %xmm12 + vpslld $30, %xmm8, %xmm13 + vpslld $25, %xmm8, %xmm14 + vpxor %xmm13, %xmm12, %xmm12 + vpxor %xmm14, %xmm12, %xmm12 + vpsrldq $4, %xmm12, %xmm13 + vpslldq $12, %xmm12, %xmm12 + vpxor %xmm12, %xmm8, %xmm8 + vpsrld $0x01, %xmm8, %xmm14 + vpsrld $2, %xmm8, %xmm10 + vpsrld $7, %xmm8, %xmm9 + vpxor %xmm10, %xmm14, %xmm14 + vpxor %xmm9, %xmm14, %xmm14 + vpxor %xmm13, %xmm14, %xmm14 + vpxor %xmm8, %xmm14, %xmm14 + vpxor %xmm14, %xmm7, %xmm7 + vmovdqa %xmm7, 96(%rsp) + # H ^ 8 + vpclmulqdq $0x00, %xmm3, %xmm3, %xmm8 + vpclmulqdq $0x11, %xmm3, %xmm3, %xmm7 + vpslld $31, %xmm8, %xmm12 + vpslld $30, %xmm8, %xmm13 + vpslld $25, %xmm8, %xmm14 + vpxor %xmm13, %xmm12, %xmm12 + vpxor %xmm14, %xmm12, %xmm12 + vpsrldq $4, %xmm12, %xmm13 + vpslldq $12, %xmm12, %xmm12 + vpxor %xmm12, %xmm8, %xmm8 + vpsrld $0x01, %xmm8, %xmm14 + vpsrld $2, %xmm8, %xmm10 + vpsrld $7, %xmm8, %xmm9 + vpxor %xmm10, %xmm14, %xmm14 + vpxor %xmm9, %xmm14, %xmm14 + vpxor %xmm13, %xmm14, %xmm14 + vpxor %xmm8, %xmm14, %xmm14 + vpxor %xmm14, %xmm7, %xmm7 + vmovdqa %xmm7, 112(%rsp) +L_AES_GCM_decrypt_update_avx1_ghash_128: + leaq (%r11,%r14,1), %rcx + leaq (%r10,%r14,1), %rdx + vmovdqa (%r12), %xmm0 + vmovdqa L_avx1_aes_gcm_bswap_epi64(%rip), %xmm1 + vpshufb %xmm1, %xmm0, %xmm8 + vpaddd L_avx1_aes_gcm_one(%rip), %xmm0, %xmm9 + vpshufb %xmm1, %xmm9, %xmm9 + vpaddd L_avx1_aes_gcm_two(%rip), %xmm0, %xmm10 + vpshufb %xmm1, %xmm10, %xmm10 + vpaddd L_avx1_aes_gcm_three(%rip), %xmm0, %xmm11 + vpshufb %xmm1, %xmm11, %xmm11 + vpaddd L_avx1_aes_gcm_four(%rip), %xmm0, %xmm12 + vpshufb %xmm1, %xmm12, %xmm12 + vpaddd L_avx1_aes_gcm_five(%rip), %xmm0, %xmm13 + vpshufb %xmm1, %xmm13, %xmm13 + vpaddd L_avx1_aes_gcm_six(%rip), %xmm0, %xmm14 + vpshufb %xmm1, %xmm14, %xmm14 + vpaddd L_avx1_aes_gcm_seven(%rip), %xmm0, %xmm15 + vpshufb %xmm1, %xmm15, %xmm15 + vpaddd L_avx1_aes_gcm_eight(%rip), %xmm0, %xmm0 + vmovdqa (%rdi), %xmm7 + vmovdqa %xmm0, (%r12) + vpxor %xmm7, %xmm8, %xmm8 + vpxor %xmm7, %xmm9, %xmm9 + vpxor %xmm7, %xmm10, %xmm10 + vpxor %xmm7, %xmm11, %xmm11 + vpxor %xmm7, %xmm12, %xmm12 + vpxor %xmm7, %xmm13, %xmm13 + vpxor %xmm7, %xmm14, %xmm14 + vpxor %xmm7, %xmm15, %xmm15 + vmovdqa 112(%rsp), %xmm7 + vmovdqu (%rcx), %xmm0 + vaesenc 16(%rdi), %xmm8, %xmm8 + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 + vpxor %xmm2, %xmm0, %xmm0 + vpshufd $0x4e, %xmm7, %xmm1 + vpshufd $0x4e, %xmm0, %xmm5 + vpxor %xmm7, %xmm1, %xmm1 + vpxor %xmm0, %xmm5, %xmm5 + vpclmulqdq $0x11, %xmm7, %xmm0, %xmm3 + vaesenc 16(%rdi), %xmm9, %xmm9 + vaesenc 16(%rdi), %xmm10, %xmm10 + vpclmulqdq $0x00, %xmm7, %xmm0, %xmm2 + vaesenc 16(%rdi), %xmm11, %xmm11 + vaesenc 16(%rdi), %xmm12, %xmm12 + vpclmulqdq $0x00, %xmm5, %xmm1, %xmm1 + vaesenc 16(%rdi), %xmm13, %xmm13 + vaesenc 16(%rdi), %xmm14, %xmm14 + vaesenc 16(%rdi), %xmm15, %xmm15 + vpxor %xmm2, %xmm1, %xmm1 + vpxor %xmm3, %xmm1, %xmm1 + vmovdqa 96(%rsp), %xmm7 + vmovdqu 16(%rcx), %xmm0 + vpshufd $0x4e, %xmm7, %xmm4 + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 + vaesenc 32(%rdi), %xmm8, %xmm8 + vpxor %xmm7, %xmm4, %xmm4 + vpshufd $0x4e, %xmm0, %xmm5 + vpxor %xmm0, %xmm5, %xmm5 + vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6 + vaesenc 32(%rdi), %xmm9, %xmm9 + vaesenc 32(%rdi), %xmm10, %xmm10 + vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7 + vaesenc 32(%rdi), %xmm11, %xmm11 + vaesenc 32(%rdi), %xmm12, %xmm12 + vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4 + vaesenc 32(%rdi), %xmm13, %xmm13 + vaesenc 32(%rdi), %xmm14, %xmm14 + vaesenc 32(%rdi), %xmm15, %xmm15 + vpxor %xmm7, %xmm1, %xmm1 + vpxor %xmm7, %xmm2, %xmm2 + vpxor %xmm6, %xmm1, %xmm1 + vpxor %xmm6, %xmm3, %xmm3 + vpxor %xmm4, %xmm1, %xmm1 + vmovdqa 80(%rsp), %xmm7 + vmovdqu 32(%rcx), %xmm0 + vpshufd $0x4e, %xmm7, %xmm4 + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 + vaesenc 48(%rdi), %xmm8, %xmm8 + vpxor %xmm7, %xmm4, %xmm4 + vpshufd $0x4e, %xmm0, %xmm5 + vpxor %xmm0, %xmm5, %xmm5 + vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6 + vaesenc 48(%rdi), %xmm9, %xmm9 + vaesenc 48(%rdi), %xmm10, %xmm10 + vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7 + vaesenc 48(%rdi), %xmm11, %xmm11 + vaesenc 48(%rdi), %xmm12, %xmm12 + vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4 + vaesenc 48(%rdi), %xmm13, %xmm13 + vaesenc 48(%rdi), %xmm14, %xmm14 + vaesenc 48(%rdi), %xmm15, %xmm15 + vpxor %xmm7, %xmm1, %xmm1 + vpxor %xmm7, %xmm2, %xmm2 + vpxor %xmm6, %xmm1, %xmm1 + vpxor %xmm6, %xmm3, %xmm3 + vpxor %xmm4, %xmm1, %xmm1 + vmovdqa 64(%rsp), %xmm7 + vmovdqu 48(%rcx), %xmm0 + vpshufd $0x4e, %xmm7, %xmm4 + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 + vaesenc 64(%rdi), %xmm8, %xmm8 + vpxor %xmm7, %xmm4, %xmm4 + vpshufd $0x4e, %xmm0, %xmm5 + vpxor %xmm0, %xmm5, %xmm5 + vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6 + vaesenc 64(%rdi), %xmm9, %xmm9 + vaesenc 64(%rdi), %xmm10, %xmm10 + vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7 + vaesenc 64(%rdi), %xmm11, %xmm11 + vaesenc 64(%rdi), %xmm12, %xmm12 + vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4 + vaesenc 64(%rdi), %xmm13, %xmm13 + vaesenc 64(%rdi), %xmm14, %xmm14 + vaesenc 64(%rdi), %xmm15, %xmm15 + vpxor %xmm7, %xmm1, %xmm1 + vpxor %xmm7, %xmm2, %xmm2 + vpxor %xmm6, %xmm1, %xmm1 + vpxor %xmm6, %xmm3, %xmm3 + vpxor %xmm4, %xmm1, %xmm1 + vmovdqa 48(%rsp), %xmm7 + vmovdqu 64(%rcx), %xmm0 + vpshufd $0x4e, %xmm7, %xmm4 + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 + vaesenc 80(%rdi), %xmm8, %xmm8 + vpxor %xmm7, %xmm4, %xmm4 + vpshufd $0x4e, %xmm0, %xmm5 + vpxor %xmm0, %xmm5, %xmm5 + vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6 + vaesenc 80(%rdi), %xmm9, %xmm9 + vaesenc 80(%rdi), %xmm10, %xmm10 + vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7 + vaesenc 80(%rdi), %xmm11, %xmm11 + vaesenc 80(%rdi), %xmm12, %xmm12 + vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4 + vaesenc 80(%rdi), %xmm13, %xmm13 + vaesenc 80(%rdi), %xmm14, %xmm14 + vaesenc 80(%rdi), %xmm15, %xmm15 + vpxor %xmm7, %xmm1, %xmm1 + vpxor %xmm7, %xmm2, %xmm2 + vpxor %xmm6, %xmm1, %xmm1 + vpxor %xmm6, %xmm3, %xmm3 + vpxor %xmm4, %xmm1, %xmm1 + vmovdqa 32(%rsp), %xmm7 + vmovdqu 80(%rcx), %xmm0 + vpshufd $0x4e, %xmm7, %xmm4 + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 + vaesenc 96(%rdi), %xmm8, %xmm8 + vpxor %xmm7, %xmm4, %xmm4 + vpshufd $0x4e, %xmm0, %xmm5 + vpxor %xmm0, %xmm5, %xmm5 + vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6 + vaesenc 96(%rdi), %xmm9, %xmm9 + vaesenc 96(%rdi), %xmm10, %xmm10 + vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7 + vaesenc 96(%rdi), %xmm11, %xmm11 + vaesenc 96(%rdi), %xmm12, %xmm12 + vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4 + vaesenc 96(%rdi), %xmm13, %xmm13 + vaesenc 96(%rdi), %xmm14, %xmm14 + vaesenc 96(%rdi), %xmm15, %xmm15 + vpxor %xmm7, %xmm1, %xmm1 + vpxor %xmm7, %xmm2, %xmm2 + vpxor %xmm6, %xmm1, %xmm1 + vpxor %xmm6, %xmm3, %xmm3 + vpxor %xmm4, %xmm1, %xmm1 + vmovdqa 16(%rsp), %xmm7 + vmovdqu 96(%rcx), %xmm0 + vpshufd $0x4e, %xmm7, %xmm4 + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 + vaesenc 112(%rdi), %xmm8, %xmm8 + vpxor %xmm7, %xmm4, %xmm4 + vpshufd $0x4e, %xmm0, %xmm5 + vpxor %xmm0, %xmm5, %xmm5 + vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6 + vaesenc 112(%rdi), %xmm9, %xmm9 + vaesenc 112(%rdi), %xmm10, %xmm10 + vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7 + vaesenc 112(%rdi), %xmm11, %xmm11 + vaesenc 112(%rdi), %xmm12, %xmm12 + vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4 + vaesenc 112(%rdi), %xmm13, %xmm13 + vaesenc 112(%rdi), %xmm14, %xmm14 + vaesenc 112(%rdi), %xmm15, %xmm15 + vpxor %xmm7, %xmm1, %xmm1 + vpxor %xmm7, %xmm2, %xmm2 + vpxor %xmm6, %xmm1, %xmm1 + vpxor %xmm6, %xmm3, %xmm3 + vpxor %xmm4, %xmm1, %xmm1 + vmovdqa (%rsp), %xmm7 + vmovdqu 112(%rcx), %xmm0 + vpshufd $0x4e, %xmm7, %xmm4 + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 + vaesenc 128(%rdi), %xmm8, %xmm8 + vpxor %xmm7, %xmm4, %xmm4 + vpshufd $0x4e, %xmm0, %xmm5 + vpxor %xmm0, %xmm5, %xmm5 + vpclmulqdq $0x11, %xmm7, %xmm0, %xmm6 + vaesenc 128(%rdi), %xmm9, %xmm9 + vaesenc 128(%rdi), %xmm10, %xmm10 + vpclmulqdq $0x00, %xmm7, %xmm0, %xmm7 + vaesenc 128(%rdi), %xmm11, %xmm11 + vaesenc 128(%rdi), %xmm12, %xmm12 + vpclmulqdq $0x00, %xmm5, %xmm4, %xmm4 + vaesenc 128(%rdi), %xmm13, %xmm13 + vaesenc 128(%rdi), %xmm14, %xmm14 + vaesenc 128(%rdi), %xmm15, %xmm15 + vpxor %xmm7, %xmm1, %xmm1 + vpxor %xmm7, %xmm2, %xmm2 + vpxor %xmm6, %xmm1, %xmm1 + vpxor %xmm6, %xmm3, %xmm3 + vpxor %xmm4, %xmm1, %xmm1 + vpslldq $8, %xmm1, %xmm5 + vpsrldq $8, %xmm1, %xmm1 + vaesenc 144(%rdi), %xmm8, %xmm8 + vpxor %xmm5, %xmm2, %xmm2 + vpxor %xmm1, %xmm3, %xmm3 + vaesenc 144(%rdi), %xmm9, %xmm9 + vpslld $31, %xmm2, %xmm7 + vpslld $30, %xmm2, %xmm4 + vpslld $25, %xmm2, %xmm5 + vaesenc 144(%rdi), %xmm10, %xmm10 + vpxor %xmm4, %xmm7, %xmm7 + vpxor %xmm5, %xmm7, %xmm7 + vaesenc 144(%rdi), %xmm11, %xmm11 + vpsrldq $4, %xmm7, %xmm4 + vpslldq $12, %xmm7, %xmm7 + vaesenc 144(%rdi), %xmm12, %xmm12 + vpxor %xmm7, %xmm2, %xmm2 + vpsrld $0x01, %xmm2, %xmm5 + vaesenc 144(%rdi), %xmm13, %xmm13 + vpsrld $2, %xmm2, %xmm1 + vpsrld $7, %xmm2, %xmm0 + vaesenc 144(%rdi), %xmm14, %xmm14 + vpxor %xmm1, %xmm5, %xmm5 + vpxor %xmm0, %xmm5, %xmm5 + vaesenc 144(%rdi), %xmm15, %xmm15 + vpxor %xmm4, %xmm5, %xmm5 + vpxor %xmm5, %xmm2, %xmm2 + vpxor %xmm3, %xmm2, %xmm2 + cmpl $11, %esi + vmovdqa 160(%rdi), %xmm7 + jl L_AES_GCM_decrypt_update_avx1_aesenc_128_ghash_avx_done + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 176(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + cmpl $13, %esi + vmovdqa 192(%rdi), %xmm7 + jl L_AES_GCM_decrypt_update_avx1_aesenc_128_ghash_avx_done + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 208(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 224(%rdi), %xmm7 +L_AES_GCM_decrypt_update_avx1_aesenc_128_ghash_avx_done: + vaesenclast %xmm7, %xmm8, %xmm8 + vaesenclast %xmm7, %xmm9, %xmm9 + vmovdqu (%rcx), %xmm0 + vmovdqu 16(%rcx), %xmm1 + vpxor %xmm0, %xmm8, %xmm8 + vpxor %xmm1, %xmm9, %xmm9 + vmovdqu %xmm8, (%rdx) + vmovdqu %xmm9, 16(%rdx) + vaesenclast %xmm7, %xmm10, %xmm10 + vaesenclast %xmm7, %xmm11, %xmm11 + vmovdqu 32(%rcx), %xmm0 + vmovdqu 48(%rcx), %xmm1 + vpxor %xmm0, %xmm10, %xmm10 + vpxor %xmm1, %xmm11, %xmm11 + vmovdqu %xmm10, 32(%rdx) + vmovdqu %xmm11, 48(%rdx) + vaesenclast %xmm7, %xmm12, %xmm12 + vaesenclast %xmm7, %xmm13, %xmm13 + vmovdqu 64(%rcx), %xmm0 + vmovdqu 80(%rcx), %xmm1 + vpxor %xmm0, %xmm12, %xmm12 + vpxor %xmm1, %xmm13, %xmm13 + vmovdqu %xmm12, 64(%rdx) + vmovdqu %xmm13, 80(%rdx) + vaesenclast %xmm7, %xmm14, %xmm14 + vaesenclast %xmm7, %xmm15, %xmm15 + vmovdqu 96(%rcx), %xmm0 + vmovdqu 112(%rcx), %xmm1 + vpxor %xmm0, %xmm14, %xmm14 + vpxor %xmm1, %xmm15, %xmm15 + vmovdqu %xmm14, 96(%rdx) + vmovdqu %xmm15, 112(%rdx) + addl $0x80, %r14d + cmpl %r13d, %r14d + jl L_AES_GCM_decrypt_update_avx1_ghash_128 + vmovdqa %xmm2, %xmm6 + vmovdqa (%rsp), %xmm5 +L_AES_GCM_decrypt_update_avx1_done_128: + movl %r8d, %edx + cmpl %edx, %r14d + jge L_AES_GCM_decrypt_update_avx1_done_dec + movl %r8d, %r13d + andl $0xfffffff0, %r13d + cmpl %r13d, %r14d + jge L_AES_GCM_decrypt_update_avx1_last_block_done +L_AES_GCM_decrypt_update_avx1_last_block_start: + vmovdqu (%r11,%r14,1), %xmm13 + vmovdqa %xmm5, %xmm0 + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm13, %xmm1 + vpxor %xmm6, %xmm1, %xmm1 + vmovdqa (%r12), %xmm9 + vpshufb L_avx1_aes_gcm_bswap_epi64(%rip), %xmm9, %xmm8 + vpaddd L_avx1_aes_gcm_one(%rip), %xmm9, %xmm9 + vmovdqa %xmm9, (%r12) + vpxor (%rdi), %xmm8, %xmm8 + vpclmulqdq $16, %xmm0, %xmm1, %xmm10 + vaesenc 16(%rdi), %xmm8, %xmm8 + vaesenc 32(%rdi), %xmm8, %xmm8 + vpclmulqdq $0x01, %xmm0, %xmm1, %xmm11 + vaesenc 48(%rdi), %xmm8, %xmm8 + vaesenc 64(%rdi), %xmm8, %xmm8 + vpclmulqdq $0x00, %xmm0, %xmm1, %xmm12 + vaesenc 80(%rdi), %xmm8, %xmm8 + vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1 + vaesenc 96(%rdi), %xmm8, %xmm8 + vpxor %xmm11, %xmm10, %xmm10 + vpslldq $8, %xmm10, %xmm2 + vpsrldq $8, %xmm10, %xmm10 + vaesenc 112(%rdi), %xmm8, %xmm8 + vpxor %xmm12, %xmm2, %xmm2 + vpxor %xmm10, %xmm1, %xmm3 + vmovdqa L_avx1_aes_gcm_mod2_128(%rip), %xmm0 + vpclmulqdq $16, %xmm0, %xmm2, %xmm11 + vaesenc 128(%rdi), %xmm8, %xmm8 + vpshufd $0x4e, %xmm2, %xmm10 + vpxor %xmm11, %xmm10, %xmm10 + vpclmulqdq $16, %xmm0, %xmm10, %xmm11 + vaesenc 144(%rdi), %xmm8, %xmm8 + vpshufd $0x4e, %xmm10, %xmm10 + vpxor %xmm11, %xmm10, %xmm10 + vpxor %xmm3, %xmm10, %xmm6 + cmpl $11, %esi + vmovdqa 160(%rdi), %xmm9 + jl L_AES_GCM_decrypt_update_avx1_aesenc_gfmul_last + vaesenc %xmm9, %xmm8, %xmm8 + vaesenc 176(%rdi), %xmm8, %xmm8 + cmpl $13, %esi + vmovdqa 192(%rdi), %xmm9 + jl L_AES_GCM_decrypt_update_avx1_aesenc_gfmul_last + vaesenc %xmm9, %xmm8, %xmm8 + vaesenc 208(%rdi), %xmm8, %xmm8 + vmovdqa 224(%rdi), %xmm9 +L_AES_GCM_decrypt_update_avx1_aesenc_gfmul_last: + vaesenclast %xmm9, %xmm8, %xmm8 + vmovdqa %xmm13, %xmm0 + vpxor %xmm0, %xmm8, %xmm8 + vmovdqu %xmm8, (%r10,%r14,1) + addl $16, %r14d + cmpl %r13d, %r14d + jl L_AES_GCM_decrypt_update_avx1_last_block_start +L_AES_GCM_decrypt_update_avx1_last_block_done: +L_AES_GCM_decrypt_update_avx1_done_dec: + vmovdqa %xmm6, (%r9) + vzeroupper + addq $0xa8, %rsp + popq %r14 + popq %r12 + popq %r13 + repz retq +#ifndef __APPLE__ +.size AES_GCM_decrypt_update_avx1,.-AES_GCM_decrypt_update_avx1 +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_GCM_decrypt_final_avx1 +.type AES_GCM_decrypt_final_avx1,@function +.align 16 +AES_GCM_decrypt_final_avx1: +#else +.section __TEXT,__text +.globl _AES_GCM_decrypt_final_avx1 +.p2align 4 +_AES_GCM_decrypt_final_avx1: +#endif /* __APPLE__ */ + pushq %r13 + pushq %rbp + pushq %r12 + movq %rdx, %rax + movl %ecx, %r10d + movl %r8d, %r11d + movq 32(%rsp), %r8 + movq 40(%rsp), %rbp + subq $16, %rsp + vmovdqa (%rdi), %xmm6 + vmovdqa (%r9), %xmm5 + vmovdqa (%r8), %xmm15 + vpsrlq $63, %xmm5, %xmm9 + vpsllq $0x01, %xmm5, %xmm8 + vpslldq $8, %xmm9, %xmm9 + vpor %xmm9, %xmm8, %xmm8 + vpshufd $0xff, %xmm5, %xmm5 + vpsrad $31, %xmm5, %xmm5 + vpand L_avx1_aes_gcm_mod2_128(%rip), %xmm5, %xmm5 + vpxor %xmm8, %xmm5, %xmm5 + movl %r10d, %edx + movl %r11d, %ecx + shlq $3, %rdx + shlq $3, %rcx + vpinsrq $0x00, %rdx, %xmm0, %xmm0 + vpinsrq $0x01, %rcx, %xmm0, %xmm0 + vpxor %xmm0, %xmm6, %xmm6 + # ghash_gfmul_red_avx + vpshufd $0x4e, %xmm5, %xmm9 + vpshufd $0x4e, %xmm6, %xmm10 + vpclmulqdq $0x11, %xmm5, %xmm6, %xmm11 + vpclmulqdq $0x00, %xmm5, %xmm6, %xmm8 + vpxor %xmm5, %xmm9, %xmm9 + vpxor %xmm6, %xmm10, %xmm10 + vpclmulqdq $0x00, %xmm10, %xmm9, %xmm9 + vpxor %xmm8, %xmm9, %xmm9 + vpxor %xmm11, %xmm9, %xmm9 + vpslldq $8, %xmm9, %xmm10 + vpsrldq $8, %xmm9, %xmm9 + vpxor %xmm10, %xmm8, %xmm8 + vpxor %xmm9, %xmm11, %xmm6 + vpslld $31, %xmm8, %xmm12 + vpslld $30, %xmm8, %xmm13 + vpslld $25, %xmm8, %xmm14 + vpxor %xmm13, %xmm12, %xmm12 + vpxor %xmm14, %xmm12, %xmm12 + vpsrldq $4, %xmm12, %xmm13 + vpslldq $12, %xmm12, %xmm12 + vpxor %xmm12, %xmm8, %xmm8 + vpsrld $0x01, %xmm8, %xmm14 + vpsrld $2, %xmm8, %xmm10 + vpsrld $7, %xmm8, %xmm9 + vpxor %xmm10, %xmm14, %xmm14 + vpxor %xmm9, %xmm14, %xmm14 + vpxor %xmm13, %xmm14, %xmm14 + vpxor %xmm8, %xmm14, %xmm14 + vpxor %xmm14, %xmm6, %xmm6 + vpshufb L_avx1_aes_gcm_bswap_mask(%rip), %xmm6, %xmm6 + vpxor %xmm15, %xmm6, %xmm0 + cmpl $16, %eax + je L_AES_GCM_decrypt_final_avx1_cmp_tag_16 + subq $16, %rsp + xorq %rcx, %rcx + xorq %r12, %r12 + vmovdqu %xmm0, (%rsp) +L_AES_GCM_decrypt_final_avx1_cmp_tag_loop: + movzbl (%rsp,%rcx,1), %r13d + xorb (%rsi,%rcx,1), %r13b + orb %r13b, %r12b + incl %ecx + cmpl %eax, %ecx + jne L_AES_GCM_decrypt_final_avx1_cmp_tag_loop + cmpb $0x00, %r12b + sete %r12b + addq $16, %rsp + xorq %rcx, %rcx + jmp L_AES_GCM_decrypt_final_avx1_cmp_tag_done +L_AES_GCM_decrypt_final_avx1_cmp_tag_16: + vmovdqu (%rsi), %xmm1 + vpcmpeqb %xmm1, %xmm0, %xmm0 + vpmovmskb %xmm0, %rdx + # %%edx == 0xFFFF then return 1 else => return 0 + xorl %r12d, %r12d + cmpl $0xffff, %edx + sete %r12b +L_AES_GCM_decrypt_final_avx1_cmp_tag_done: + movl %r12d, (%rbp) + vzeroupper + addq $16, %rsp + popq %r12 + popq %rbp + popq %r13 + repz retq +#ifndef __APPLE__ +.size AES_GCM_decrypt_final_avx1,.-AES_GCM_decrypt_final_avx1 +#endif /* __APPLE__ */ +#endif /* WOLFSSL_AESGCM_STREAM */ #endif /* HAVE_INTEL_AVX1 */ #ifdef HAVE_INTEL_AVX2 #ifndef __APPLE__ @@ -6561,7 +11672,7 @@ L_AES_GCM_encrypt_avx2_calc_iv_16_loop: L_AES_GCM_encrypt_avx2_calc_iv_lt16: vpxor %xmm0, %xmm0, %xmm0 xorl %ebx, %ebx - vmovdqa %xmm0, (%rsp) + vmovdqu %xmm0, (%rsp) L_AES_GCM_encrypt_avx2_calc_iv_loop: movzbl (%rax,%rcx,1), %r13d movb %r13b, (%rsp,%rbx,1) @@ -6569,7 +11680,7 @@ L_AES_GCM_encrypt_avx2_calc_iv_loop: incl %ebx cmpl %edx, %ecx jl L_AES_GCM_encrypt_avx2_calc_iv_loop - vmovdqa (%rsp), %xmm0 + vmovdqu (%rsp), %xmm0 vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 vpxor %xmm0, %xmm4, %xmm4 # ghash_gfmul_avx @@ -6773,7 +11884,7 @@ L_AES_GCM_encrypt_avx2_calc_aad_16_loop: L_AES_GCM_encrypt_avx2_calc_aad_lt16: vpxor %xmm0, %xmm0, %xmm0 xorl %ebx, %ebx - vmovdqa %xmm0, (%rsp) + vmovdqu %xmm0, (%rsp) L_AES_GCM_encrypt_avx2_calc_aad_loop: movzbl (%r12,%rcx,1), %r13d movb %r13b, (%rsp,%rbx,1) @@ -6781,7 +11892,7 @@ L_AES_GCM_encrypt_avx2_calc_aad_loop: incl %ebx cmpl %edx, %ecx jl L_AES_GCM_encrypt_avx2_calc_aad_loop - vmovdqa (%rsp), %xmm0 + vmovdqu (%rsp), %xmm0 vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 vpxor %xmm0, %xmm6, %xmm6 # ghash_gfmul_avx @@ -7674,8 +12785,8 @@ L_AES_GCM_encrypt_avx2_aesenc_last15_enc_avx_aesenc_avx_last: vaesenclast %xmm0, %xmm4, %xmm4 xorl %ecx, %ecx vpxor %xmm0, %xmm0, %xmm0 - vmovdqa %xmm4, (%rsp) - vmovdqa %xmm0, 16(%rsp) + vmovdqu %xmm4, (%rsp) + vmovdqu %xmm0, 16(%rsp) L_AES_GCM_encrypt_avx2_aesenc_last15_enc_avx_loop: movzbl (%rdi,%rbx,1), %r13d xorb (%rsp,%rcx,1), %r13b @@ -7686,7 +12797,7 @@ L_AES_GCM_encrypt_avx2_aesenc_last15_enc_avx_loop: cmpl %edx, %ebx jl L_AES_GCM_encrypt_avx2_aesenc_last15_enc_avx_loop L_AES_GCM_encrypt_avx2_aesenc_last15_enc_avx_finish_enc: - vmovdqa 16(%rsp), %xmm4 + vmovdqu 16(%rsp), %xmm4 vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm4, %xmm4 vpxor %xmm4, %xmm6, %xmm6 # ghash_gfmul_red @@ -7737,7 +12848,7 @@ L_AES_GCM_encrypt_avx2_done_enc: cmpl $16, %r14d je L_AES_GCM_encrypt_avx2_store_tag_16 xorq %rcx, %rcx - vmovdqa %xmm0, (%rsp) + vmovdqu %xmm0, (%rsp) L_AES_GCM_encrypt_avx2_store_tag_loop: movzbl (%rsp,%rcx,1), %r13d movb %r13b, (%r15,%rcx,1) @@ -7871,7 +12982,7 @@ L_AES_GCM_decrypt_avx2_calc_iv_16_loop: L_AES_GCM_decrypt_avx2_calc_iv_lt16: vpxor %xmm0, %xmm0, %xmm0 xorl %ebx, %ebx - vmovdqa %xmm0, (%rsp) + vmovdqu %xmm0, (%rsp) L_AES_GCM_decrypt_avx2_calc_iv_loop: movzbl (%rax,%rcx,1), %r13d movb %r13b, (%rsp,%rbx,1) @@ -7879,7 +12990,7 @@ L_AES_GCM_decrypt_avx2_calc_iv_loop: incl %ebx cmpl %edx, %ecx jl L_AES_GCM_decrypt_avx2_calc_iv_loop - vmovdqa (%rsp), %xmm0 + vmovdqu (%rsp), %xmm0 vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 vpxor %xmm0, %xmm4, %xmm4 # ghash_gfmul_avx @@ -8083,7 +13194,7 @@ L_AES_GCM_decrypt_avx2_calc_aad_16_loop: L_AES_GCM_decrypt_avx2_calc_aad_lt16: vpxor %xmm0, %xmm0, %xmm0 xorl %ebx, %ebx - vmovdqa %xmm0, (%rsp) + vmovdqu %xmm0, (%rsp) L_AES_GCM_decrypt_avx2_calc_aad_loop: movzbl (%r12,%rcx,1), %r13d movb %r13b, (%rsp,%rbx,1) @@ -8091,7 +13202,7 @@ L_AES_GCM_decrypt_avx2_calc_aad_loop: incl %ebx cmpl %edx, %ecx jl L_AES_GCM_decrypt_avx2_calc_aad_loop - vmovdqa (%rsp), %xmm0 + vmovdqu (%rsp), %xmm0 vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 vpxor %xmm0, %xmm6, %xmm6 # ghash_gfmul_avx @@ -8634,8 +13745,8 @@ L_AES_GCM_decrypt_avx2_aesenc_last15_dec_avx_aesenc_avx_last: vaesenclast %xmm1, %xmm4, %xmm4 xorl %ecx, %ecx vpxor %xmm0, %xmm0, %xmm0 - vmovdqa %xmm4, (%rsp) - vmovdqa %xmm0, 16(%rsp) + vmovdqu %xmm4, (%rsp) + vmovdqu %xmm0, 16(%rsp) L_AES_GCM_decrypt_avx2_aesenc_last15_dec_avx_loop: movzbl (%rdi,%rbx,1), %r13d movb %r13b, 16(%rsp,%rcx,1) @@ -8645,7 +13756,7 @@ L_AES_GCM_decrypt_avx2_aesenc_last15_dec_avx_loop: incl %ecx cmpl %edx, %ebx jl L_AES_GCM_decrypt_avx2_aesenc_last15_dec_avx_loop - vmovdqa 16(%rsp), %xmm4 + vmovdqu 16(%rsp), %xmm4 vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm4, %xmm4 vpxor %xmm4, %xmm6, %xmm6 # ghash_gfmul_red @@ -8697,7 +13808,7 @@ L_AES_GCM_decrypt_avx2_done_dec: je L_AES_GCM_decrypt_avx2_cmp_tag_16 xorq %rdx, %rdx xorq %rax, %rax - vmovdqa %xmm0, (%rsp) + vmovdqu %xmm0, (%rsp) L_AES_GCM_decrypt_avx2_cmp_tag_loop: movzbl (%rsp,%rdx,1), %r13d xorb (%r14,%rdx,1), %r13b @@ -8730,6 +13841,1993 @@ L_AES_GCM_decrypt_avx2_cmp_tag_done: #ifndef __APPLE__ .size AES_GCM_decrypt_avx2,.-AES_GCM_decrypt_avx2 #endif /* __APPLE__ */ +#ifdef WOLFSSL_AESGCM_STREAM +#ifndef __APPLE__ +.text +.globl AES_GCM_init_avx2 +.type AES_GCM_init_avx2,@function +.align 16 +AES_GCM_init_avx2: +#else +.section __TEXT,__text +.globl _AES_GCM_init_avx2 +.p2align 4 +_AES_GCM_init_avx2: +#endif /* __APPLE__ */ + pushq %rbx + pushq %r12 + movq %rdx, %r10 + movl %ecx, %r11d + movq 24(%rsp), %rax + subq $16, %rsp + vpxor %xmm4, %xmm4, %xmm4 + movl %r11d, %edx + cmpl $12, %edx + je L_AES_GCM_init_avx2_iv_12 + # Calculate values when IV is not 12 bytes + # H = Encrypt X(=0) + vmovdqa (%rdi), %xmm5 + vaesenc 16(%rdi), %xmm5, %xmm5 + vaesenc 32(%rdi), %xmm5, %xmm5 + vaesenc 48(%rdi), %xmm5, %xmm5 + vaesenc 64(%rdi), %xmm5, %xmm5 + vaesenc 80(%rdi), %xmm5, %xmm5 + vaesenc 96(%rdi), %xmm5, %xmm5 + vaesenc 112(%rdi), %xmm5, %xmm5 + vaesenc 128(%rdi), %xmm5, %xmm5 + vaesenc 144(%rdi), %xmm5, %xmm5 + cmpl $11, %esi + vmovdqa 160(%rdi), %xmm0 + jl L_AES_GCM_init_avx2_calc_iv_1_aesenc_avx_last + vaesenc %xmm0, %xmm5, %xmm5 + vaesenc 176(%rdi), %xmm5, %xmm5 + cmpl $13, %esi + vmovdqa 192(%rdi), %xmm0 + jl L_AES_GCM_init_avx2_calc_iv_1_aesenc_avx_last + vaesenc %xmm0, %xmm5, %xmm5 + vaesenc 208(%rdi), %xmm5, %xmm5 + vmovdqa 224(%rdi), %xmm0 +L_AES_GCM_init_avx2_calc_iv_1_aesenc_avx_last: + vaesenclast %xmm0, %xmm5, %xmm5 + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm5, %xmm5 + # Calc counter + # Initialization vector + cmpl $0x00, %edx + movq $0x00, %rcx + je L_AES_GCM_init_avx2_calc_iv_done + cmpl $16, %edx + jl L_AES_GCM_init_avx2_calc_iv_lt16 + andl $0xfffffff0, %edx +L_AES_GCM_init_avx2_calc_iv_16_loop: + vmovdqu (%r10,%rcx,1), %xmm0 + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 + vpxor %xmm0, %xmm4, %xmm4 + # ghash_gfmul_avx + vpclmulqdq $16, %xmm4, %xmm5, %xmm2 + vpclmulqdq $0x01, %xmm4, %xmm5, %xmm1 + vpclmulqdq $0x00, %xmm4, %xmm5, %xmm0 + vpclmulqdq $0x11, %xmm4, %xmm5, %xmm3 + vpxor %xmm1, %xmm2, %xmm2 + vpslldq $8, %xmm2, %xmm1 + vpsrldq $8, %xmm2, %xmm2 + vpxor %xmm1, %xmm0, %xmm6 + vpxor %xmm2, %xmm3, %xmm4 + # ghash_mid + vpsrld $31, %xmm6, %xmm0 + vpsrld $31, %xmm4, %xmm1 + vpslld $0x01, %xmm6, %xmm6 + vpslld $0x01, %xmm4, %xmm4 + vpsrldq $12, %xmm0, %xmm2 + vpslldq $4, %xmm0, %xmm0 + vpslldq $4, %xmm1, %xmm1 + vpor %xmm2, %xmm4, %xmm4 + vpor %xmm0, %xmm6, %xmm6 + vpor %xmm1, %xmm4, %xmm4 + # ghash_red + vmovdqa L_avx2_aes_gcm_mod2_128(%rip), %xmm2 + vpclmulqdq $16, %xmm2, %xmm6, %xmm0 + vpshufd $0x4e, %xmm6, %xmm1 + vpxor %xmm0, %xmm1, %xmm1 + vpclmulqdq $16, %xmm2, %xmm1, %xmm0 + vpshufd $0x4e, %xmm1, %xmm1 + vpxor %xmm0, %xmm1, %xmm1 + vpxor %xmm1, %xmm4, %xmm4 + addl $16, %ecx + cmpl %edx, %ecx + jl L_AES_GCM_init_avx2_calc_iv_16_loop + movl %r11d, %edx + cmpl %edx, %ecx + je L_AES_GCM_init_avx2_calc_iv_done +L_AES_GCM_init_avx2_calc_iv_lt16: + vpxor %xmm0, %xmm0, %xmm0 + xorl %ebx, %ebx + vmovdqu %xmm0, (%rsp) +L_AES_GCM_init_avx2_calc_iv_loop: + movzbl (%r10,%rcx,1), %r12d + movb %r12b, (%rsp,%rbx,1) + incl %ecx + incl %ebx + cmpl %edx, %ecx + jl L_AES_GCM_init_avx2_calc_iv_loop + vmovdqu (%rsp), %xmm0 + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 + vpxor %xmm0, %xmm4, %xmm4 + # ghash_gfmul_avx + vpclmulqdq $16, %xmm4, %xmm5, %xmm2 + vpclmulqdq $0x01, %xmm4, %xmm5, %xmm1 + vpclmulqdq $0x00, %xmm4, %xmm5, %xmm0 + vpclmulqdq $0x11, %xmm4, %xmm5, %xmm3 + vpxor %xmm1, %xmm2, %xmm2 + vpslldq $8, %xmm2, %xmm1 + vpsrldq $8, %xmm2, %xmm2 + vpxor %xmm1, %xmm0, %xmm6 + vpxor %xmm2, %xmm3, %xmm4 + # ghash_mid + vpsrld $31, %xmm6, %xmm0 + vpsrld $31, %xmm4, %xmm1 + vpslld $0x01, %xmm6, %xmm6 + vpslld $0x01, %xmm4, %xmm4 + vpsrldq $12, %xmm0, %xmm2 + vpslldq $4, %xmm0, %xmm0 + vpslldq $4, %xmm1, %xmm1 + vpor %xmm2, %xmm4, %xmm4 + vpor %xmm0, %xmm6, %xmm6 + vpor %xmm1, %xmm4, %xmm4 + # ghash_red + vmovdqa L_avx2_aes_gcm_mod2_128(%rip), %xmm2 + vpclmulqdq $16, %xmm2, %xmm6, %xmm0 + vpshufd $0x4e, %xmm6, %xmm1 + vpxor %xmm0, %xmm1, %xmm1 + vpclmulqdq $16, %xmm2, %xmm1, %xmm0 + vpshufd $0x4e, %xmm1, %xmm1 + vpxor %xmm0, %xmm1, %xmm1 + vpxor %xmm1, %xmm4, %xmm4 +L_AES_GCM_init_avx2_calc_iv_done: + # T = Encrypt counter + vpxor %xmm0, %xmm0, %xmm0 + shll $3, %edx + vpinsrq $0x00, %rdx, %xmm0, %xmm0 + vpxor %xmm0, %xmm4, %xmm4 + # ghash_gfmul_avx + vpclmulqdq $16, %xmm4, %xmm5, %xmm2 + vpclmulqdq $0x01, %xmm4, %xmm5, %xmm1 + vpclmulqdq $0x00, %xmm4, %xmm5, %xmm0 + vpclmulqdq $0x11, %xmm4, %xmm5, %xmm3 + vpxor %xmm1, %xmm2, %xmm2 + vpslldq $8, %xmm2, %xmm1 + vpsrldq $8, %xmm2, %xmm2 + vpxor %xmm1, %xmm0, %xmm6 + vpxor %xmm2, %xmm3, %xmm4 + # ghash_mid + vpsrld $31, %xmm6, %xmm0 + vpsrld $31, %xmm4, %xmm1 + vpslld $0x01, %xmm6, %xmm6 + vpslld $0x01, %xmm4, %xmm4 + vpsrldq $12, %xmm0, %xmm2 + vpslldq $4, %xmm0, %xmm0 + vpslldq $4, %xmm1, %xmm1 + vpor %xmm2, %xmm4, %xmm4 + vpor %xmm0, %xmm6, %xmm6 + vpor %xmm1, %xmm4, %xmm4 + # ghash_red + vmovdqa L_avx2_aes_gcm_mod2_128(%rip), %xmm2 + vpclmulqdq $16, %xmm2, %xmm6, %xmm0 + vpshufd $0x4e, %xmm6, %xmm1 + vpxor %xmm0, %xmm1, %xmm1 + vpclmulqdq $16, %xmm2, %xmm1, %xmm0 + vpshufd $0x4e, %xmm1, %xmm1 + vpxor %xmm0, %xmm1, %xmm1 + vpxor %xmm1, %xmm4, %xmm4 + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm4, %xmm4 + # Encrypt counter + vmovdqa (%rdi), %xmm7 + vpxor %xmm4, %xmm7, %xmm7 + vaesenc 16(%rdi), %xmm7, %xmm7 + vaesenc 32(%rdi), %xmm7, %xmm7 + vaesenc 48(%rdi), %xmm7, %xmm7 + vaesenc 64(%rdi), %xmm7, %xmm7 + vaesenc 80(%rdi), %xmm7, %xmm7 + vaesenc 96(%rdi), %xmm7, %xmm7 + vaesenc 112(%rdi), %xmm7, %xmm7 + vaesenc 128(%rdi), %xmm7, %xmm7 + vaesenc 144(%rdi), %xmm7, %xmm7 + cmpl $11, %esi + vmovdqa 160(%rdi), %xmm0 + jl L_AES_GCM_init_avx2_calc_iv_2_aesenc_avx_last + vaesenc %xmm0, %xmm7, %xmm7 + vaesenc 176(%rdi), %xmm7, %xmm7 + cmpl $13, %esi + vmovdqa 192(%rdi), %xmm0 + jl L_AES_GCM_init_avx2_calc_iv_2_aesenc_avx_last + vaesenc %xmm0, %xmm7, %xmm7 + vaesenc 208(%rdi), %xmm7, %xmm7 + vmovdqa 224(%rdi), %xmm0 +L_AES_GCM_init_avx2_calc_iv_2_aesenc_avx_last: + vaesenclast %xmm0, %xmm7, %xmm7 + jmp L_AES_GCM_init_avx2_iv_done +L_AES_GCM_init_avx2_iv_12: + # # Calculate values when IV is 12 bytes + # Set counter based on IV + vmovdqa L_avx2_aes_gcm_bswap_one(%rip), %xmm4 + vmovdqa (%rdi), %xmm5 + vpblendd $7, (%r10), %xmm4, %xmm4 + # H = Encrypt X(=0) and T = Encrypt counter + vmovdqa 16(%rdi), %xmm6 + vpxor %xmm5, %xmm4, %xmm7 + vaesenc %xmm6, %xmm5, %xmm5 + vaesenc %xmm6, %xmm7, %xmm7 + vmovdqa 32(%rdi), %xmm0 + vaesenc %xmm0, %xmm5, %xmm5 + vaesenc %xmm0, %xmm7, %xmm7 + vmovdqa 48(%rdi), %xmm0 + vaesenc %xmm0, %xmm5, %xmm5 + vaesenc %xmm0, %xmm7, %xmm7 + vmovdqa 64(%rdi), %xmm0 + vaesenc %xmm0, %xmm5, %xmm5 + vaesenc %xmm0, %xmm7, %xmm7 + vmovdqa 80(%rdi), %xmm0 + vaesenc %xmm0, %xmm5, %xmm5 + vaesenc %xmm0, %xmm7, %xmm7 + vmovdqa 96(%rdi), %xmm0 + vaesenc %xmm0, %xmm5, %xmm5 + vaesenc %xmm0, %xmm7, %xmm7 + vmovdqa 112(%rdi), %xmm0 + vaesenc %xmm0, %xmm5, %xmm5 + vaesenc %xmm0, %xmm7, %xmm7 + vmovdqa 128(%rdi), %xmm0 + vaesenc %xmm0, %xmm5, %xmm5 + vaesenc %xmm0, %xmm7, %xmm7 + vmovdqa 144(%rdi), %xmm0 + vaesenc %xmm0, %xmm5, %xmm5 + vaesenc %xmm0, %xmm7, %xmm7 + cmpl $11, %esi + vmovdqa 160(%rdi), %xmm0 + jl L_AES_GCM_init_avx2_calc_iv_12_last + vaesenc %xmm0, %xmm5, %xmm5 + vaesenc %xmm0, %xmm7, %xmm7 + vmovdqa 176(%rdi), %xmm0 + vaesenc %xmm0, %xmm5, %xmm5 + vaesenc %xmm0, %xmm7, %xmm7 + cmpl $13, %esi + vmovdqa 192(%rdi), %xmm0 + jl L_AES_GCM_init_avx2_calc_iv_12_last + vaesenc %xmm0, %xmm5, %xmm5 + vaesenc %xmm0, %xmm7, %xmm7 + vmovdqa 208(%rdi), %xmm0 + vaesenc %xmm0, %xmm5, %xmm5 + vaesenc %xmm0, %xmm7, %xmm7 + vmovdqa 224(%rdi), %xmm0 +L_AES_GCM_init_avx2_calc_iv_12_last: + vaesenclast %xmm0, %xmm5, %xmm5 + vaesenclast %xmm0, %xmm7, %xmm7 + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm5, %xmm5 +L_AES_GCM_init_avx2_iv_done: + vmovdqa %xmm7, (%rax) + vpshufb L_avx2_aes_gcm_bswap_epi64(%rip), %xmm4, %xmm4 + vpaddd L_avx2_aes_gcm_one(%rip), %xmm4, %xmm4 + vmovdqa %xmm5, (%r8) + vmovdqa %xmm4, (%r9) + vzeroupper + addq $16, %rsp + popq %r12 + popq %rbx + repz retq +#ifndef __APPLE__ +.size AES_GCM_init_avx2,.-AES_GCM_init_avx2 +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_GCM_aad_update_avx2 +.type AES_GCM_aad_update_avx2,@function +.align 16 +AES_GCM_aad_update_avx2: +#else +.section __TEXT,__text +.globl _AES_GCM_aad_update_avx2 +.p2align 4 +_AES_GCM_aad_update_avx2: +#endif /* __APPLE__ */ + movq %rcx, %rax + vmovdqa (%rdx), %xmm4 + vmovdqa (%rax), %xmm5 + xorl %ecx, %ecx +L_AES_GCM_aad_update_avx2_16_loop: + vmovdqu (%rdi,%rcx,1), %xmm0 + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 + vpxor %xmm0, %xmm4, %xmm4 + # ghash_gfmul_avx + vpclmulqdq $16, %xmm4, %xmm5, %xmm2 + vpclmulqdq $0x01, %xmm4, %xmm5, %xmm1 + vpclmulqdq $0x00, %xmm4, %xmm5, %xmm0 + vpclmulqdq $0x11, %xmm4, %xmm5, %xmm3 + vpxor %xmm1, %xmm2, %xmm2 + vpslldq $8, %xmm2, %xmm1 + vpsrldq $8, %xmm2, %xmm2 + vpxor %xmm1, %xmm0, %xmm6 + vpxor %xmm2, %xmm3, %xmm4 + # ghash_mid + vpsrld $31, %xmm6, %xmm0 + vpsrld $31, %xmm4, %xmm1 + vpslld $0x01, %xmm6, %xmm6 + vpslld $0x01, %xmm4, %xmm4 + vpsrldq $12, %xmm0, %xmm2 + vpslldq $4, %xmm0, %xmm0 + vpslldq $4, %xmm1, %xmm1 + vpor %xmm2, %xmm4, %xmm4 + vpor %xmm0, %xmm6, %xmm6 + vpor %xmm1, %xmm4, %xmm4 + # ghash_red + vmovdqa L_avx2_aes_gcm_mod2_128(%rip), %xmm2 + vpclmulqdq $16, %xmm2, %xmm6, %xmm0 + vpshufd $0x4e, %xmm6, %xmm1 + vpxor %xmm0, %xmm1, %xmm1 + vpclmulqdq $16, %xmm2, %xmm1, %xmm0 + vpshufd $0x4e, %xmm1, %xmm1 + vpxor %xmm0, %xmm1, %xmm1 + vpxor %xmm1, %xmm4, %xmm4 + addl $16, %ecx + cmpl %esi, %ecx + jl L_AES_GCM_aad_update_avx2_16_loop + vmovdqa %xmm4, (%rdx) + vzeroupper + repz retq +#ifndef __APPLE__ +.size AES_GCM_aad_update_avx2,.-AES_GCM_aad_update_avx2 +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_GCM_encrypt_block_avx2 +.type AES_GCM_encrypt_block_avx2,@function +.align 16 +AES_GCM_encrypt_block_avx2: +#else +.section __TEXT,__text +.globl _AES_GCM_encrypt_block_avx2 +.p2align 4 +_AES_GCM_encrypt_block_avx2: +#endif /* __APPLE__ */ + movq %rdx, %r10 + movq %rcx, %r11 + subq $0x98, %rsp + vmovdqa (%r8), %xmm3 + # aesenc_block + vmovdqa %xmm3, %xmm1 + vpshufb L_avx2_aes_gcm_bswap_epi64(%rip), %xmm1, %xmm0 + vpaddd L_avx2_aes_gcm_one(%rip), %xmm1, %xmm1 + vpxor (%rdi), %xmm0, %xmm0 + vmovdqa 16(%rdi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqa 32(%rdi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqa 48(%rdi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqa 64(%rdi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqa 80(%rdi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqa 96(%rdi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqa 112(%rdi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqa 128(%rdi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqa 144(%rdi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqa %xmm1, %xmm3 + cmpl $11, %esi + vmovdqa 160(%rdi), %xmm1 + jl L_AES_GCM_encrypt_block_avx2_aesenc_block_last + vaesenc %xmm1, %xmm0, %xmm0 + vmovdqa 176(%rdi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + cmpl $13, %esi + vmovdqa 192(%rdi), %xmm1 + jl L_AES_GCM_encrypt_block_avx2_aesenc_block_last + vaesenc %xmm1, %xmm0, %xmm0 + vmovdqa 208(%rdi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqa 224(%rdi), %xmm1 +L_AES_GCM_encrypt_block_avx2_aesenc_block_last: + vaesenclast %xmm1, %xmm0, %xmm0 + vmovdqu (%r11), %xmm1 + vpxor %xmm1, %xmm0, %xmm0 + vmovdqu %xmm0, (%r10) + vmovdqa %xmm3, (%r8) + vzeroupper + addq $0x98, %rsp + repz retq +#ifndef __APPLE__ +.size AES_GCM_encrypt_block_avx2,.-AES_GCM_encrypt_block_avx2 +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_GCM_ghash_block_avx2 +.type AES_GCM_ghash_block_avx2,@function +.align 16 +AES_GCM_ghash_block_avx2: +#else +.section __TEXT,__text +.globl _AES_GCM_ghash_block_avx2 +.p2align 4 +_AES_GCM_ghash_block_avx2: +#endif /* __APPLE__ */ + vmovdqa (%rsi), %xmm4 + vmovdqa (%rdx), %xmm5 + vmovdqu (%rdi), %xmm0 + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 + vpxor %xmm0, %xmm4, %xmm4 + # ghash_gfmul_avx + vpclmulqdq $16, %xmm4, %xmm5, %xmm2 + vpclmulqdq $0x01, %xmm4, %xmm5, %xmm1 + vpclmulqdq $0x00, %xmm4, %xmm5, %xmm0 + vpclmulqdq $0x11, %xmm4, %xmm5, %xmm3 + vpxor %xmm1, %xmm2, %xmm2 + vpslldq $8, %xmm2, %xmm1 + vpsrldq $8, %xmm2, %xmm2 + vpxor %xmm1, %xmm0, %xmm6 + vpxor %xmm2, %xmm3, %xmm4 + # ghash_mid + vpsrld $31, %xmm6, %xmm0 + vpsrld $31, %xmm4, %xmm1 + vpslld $0x01, %xmm6, %xmm6 + vpslld $0x01, %xmm4, %xmm4 + vpsrldq $12, %xmm0, %xmm2 + vpslldq $4, %xmm0, %xmm0 + vpslldq $4, %xmm1, %xmm1 + vpor %xmm2, %xmm4, %xmm4 + vpor %xmm0, %xmm6, %xmm6 + vpor %xmm1, %xmm4, %xmm4 + # ghash_red + vmovdqa L_avx2_aes_gcm_mod2_128(%rip), %xmm2 + vpclmulqdq $16, %xmm2, %xmm6, %xmm0 + vpshufd $0x4e, %xmm6, %xmm1 + vpxor %xmm0, %xmm1, %xmm1 + vpclmulqdq $16, %xmm2, %xmm1, %xmm0 + vpshufd $0x4e, %xmm1, %xmm1 + vpxor %xmm0, %xmm1, %xmm1 + vpxor %xmm1, %xmm4, %xmm4 + vmovdqa %xmm4, (%rsi) + vzeroupper + repz retq +#ifndef __APPLE__ +.size AES_GCM_ghash_block_avx2,.-AES_GCM_ghash_block_avx2 +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_GCM_encrypt_update_avx2 +.type AES_GCM_encrypt_update_avx2,@function +.align 16 +AES_GCM_encrypt_update_avx2: +#else +.section __TEXT,__text +.globl _AES_GCM_encrypt_update_avx2 +.p2align 4 +_AES_GCM_encrypt_update_avx2: +#endif /* __APPLE__ */ + pushq %r12 + pushq %r13 + pushq %r14 + movq %rdx, %r10 + movq %rcx, %r11 + movq 32(%rsp), %rax + movq 40(%rsp), %r12 + subq $0x98, %rsp + vmovdqa (%r9), %xmm6 + vmovdqa (%rax), %xmm5 + vmovdqa (%r12), %xmm4 + vpsrlq $63, %xmm5, %xmm1 + vpsllq $0x01, %xmm5, %xmm0 + vpslldq $8, %xmm1, %xmm1 + vpor %xmm1, %xmm0, %xmm0 + vpshufd $0xff, %xmm5, %xmm5 + vpsrad $31, %xmm5, %xmm5 + vpand L_avx2_aes_gcm_mod2_128(%rip), %xmm5, %xmm5 + vpxor %xmm0, %xmm5, %xmm5 + xorl %r14d, %r14d + cmpl $0x80, %r8d + movl %r8d, %r13d + jl L_AES_GCM_encrypt_update_avx2_done_128 + andl $0xffffff80, %r13d + vmovdqa %xmm4, 128(%rsp) + vmovdqa L_avx2_aes_gcm_mod2_128(%rip), %xmm3 + # H ^ 1 and H ^ 2 + vpclmulqdq $0x00, %xmm5, %xmm5, %xmm9 + vpclmulqdq $0x11, %xmm5, %xmm5, %xmm10 + vpclmulqdq $16, %xmm3, %xmm9, %xmm8 + vpshufd $0x4e, %xmm9, %xmm9 + vpxor %xmm8, %xmm9, %xmm9 + vpclmulqdq $16, %xmm3, %xmm9, %xmm8 + vpshufd $0x4e, %xmm9, %xmm9 + vpxor %xmm8, %xmm9, %xmm9 + vpxor %xmm9, %xmm10, %xmm0 + vmovdqa %xmm5, (%rsp) + vmovdqa %xmm0, 16(%rsp) + # H ^ 3 and H ^ 4 + vpclmulqdq $16, %xmm5, %xmm0, %xmm11 + vpclmulqdq $0x01, %xmm5, %xmm0, %xmm10 + vpclmulqdq $0x00, %xmm5, %xmm0, %xmm9 + vpclmulqdq $0x11, %xmm5, %xmm0, %xmm12 + vpclmulqdq $0x00, %xmm0, %xmm0, %xmm13 + vpclmulqdq $0x11, %xmm0, %xmm0, %xmm14 + vpxor %xmm10, %xmm11, %xmm11 + vpslldq $8, %xmm11, %xmm10 + vpsrldq $8, %xmm11, %xmm11 + vpxor %xmm9, %xmm10, %xmm10 + vpclmulqdq $16, %xmm3, %xmm13, %xmm8 + vpclmulqdq $16, %xmm3, %xmm10, %xmm9 + vpshufd $0x4e, %xmm10, %xmm10 + vpshufd $0x4e, %xmm13, %xmm13 + vpxor %xmm9, %xmm10, %xmm10 + vpxor %xmm8, %xmm13, %xmm13 + vpclmulqdq $16, %xmm3, %xmm10, %xmm9 + vpclmulqdq $16, %xmm3, %xmm13, %xmm8 + vpshufd $0x4e, %xmm10, %xmm10 + vpshufd $0x4e, %xmm13, %xmm13 + vpxor %xmm11, %xmm12, %xmm12 + vpxor %xmm8, %xmm13, %xmm13 + vpxor %xmm12, %xmm10, %xmm10 + vpxor %xmm14, %xmm13, %xmm2 + vpxor %xmm9, %xmm10, %xmm1 + vmovdqa %xmm1, 32(%rsp) + vmovdqa %xmm2, 48(%rsp) + # H ^ 5 and H ^ 6 + vpclmulqdq $16, %xmm0, %xmm1, %xmm11 + vpclmulqdq $0x01, %xmm0, %xmm1, %xmm10 + vpclmulqdq $0x00, %xmm0, %xmm1, %xmm9 + vpclmulqdq $0x11, %xmm0, %xmm1, %xmm12 + vpclmulqdq $0x00, %xmm1, %xmm1, %xmm13 + vpclmulqdq $0x11, %xmm1, %xmm1, %xmm14 + vpxor %xmm10, %xmm11, %xmm11 + vpslldq $8, %xmm11, %xmm10 + vpsrldq $8, %xmm11, %xmm11 + vpxor %xmm9, %xmm10, %xmm10 + vpclmulqdq $16, %xmm3, %xmm13, %xmm8 + vpclmulqdq $16, %xmm3, %xmm10, %xmm9 + vpshufd $0x4e, %xmm10, %xmm10 + vpshufd $0x4e, %xmm13, %xmm13 + vpxor %xmm9, %xmm10, %xmm10 + vpxor %xmm8, %xmm13, %xmm13 + vpclmulqdq $16, %xmm3, %xmm10, %xmm9 + vpclmulqdq $16, %xmm3, %xmm13, %xmm8 + vpshufd $0x4e, %xmm10, %xmm10 + vpshufd $0x4e, %xmm13, %xmm13 + vpxor %xmm11, %xmm12, %xmm12 + vpxor %xmm8, %xmm13, %xmm13 + vpxor %xmm12, %xmm10, %xmm10 + vpxor %xmm14, %xmm13, %xmm0 + vpxor %xmm9, %xmm10, %xmm7 + vmovdqa %xmm7, 64(%rsp) + vmovdqa %xmm0, 80(%rsp) + # H ^ 7 and H ^ 8 + vpclmulqdq $16, %xmm1, %xmm2, %xmm11 + vpclmulqdq $0x01, %xmm1, %xmm2, %xmm10 + vpclmulqdq $0x00, %xmm1, %xmm2, %xmm9 + vpclmulqdq $0x11, %xmm1, %xmm2, %xmm12 + vpclmulqdq $0x00, %xmm2, %xmm2, %xmm13 + vpclmulqdq $0x11, %xmm2, %xmm2, %xmm14 + vpxor %xmm10, %xmm11, %xmm11 + vpslldq $8, %xmm11, %xmm10 + vpsrldq $8, %xmm11, %xmm11 + vpxor %xmm9, %xmm10, %xmm10 + vpclmulqdq $16, %xmm3, %xmm13, %xmm8 + vpclmulqdq $16, %xmm3, %xmm10, %xmm9 + vpshufd $0x4e, %xmm10, %xmm10 + vpshufd $0x4e, %xmm13, %xmm13 + vpxor %xmm9, %xmm10, %xmm10 + vpxor %xmm8, %xmm13, %xmm13 + vpclmulqdq $16, %xmm3, %xmm10, %xmm9 + vpclmulqdq $16, %xmm3, %xmm13, %xmm8 + vpshufd $0x4e, %xmm10, %xmm10 + vpshufd $0x4e, %xmm13, %xmm13 + vpxor %xmm11, %xmm12, %xmm12 + vpxor %xmm8, %xmm13, %xmm13 + vpxor %xmm12, %xmm10, %xmm10 + vpxor %xmm14, %xmm13, %xmm0 + vpxor %xmm9, %xmm10, %xmm7 + vmovdqa %xmm7, 96(%rsp) + vmovdqa %xmm0, 112(%rsp) + # First 128 bytes of input + # aesenc_128 + # aesenc_ctr + vmovdqa 128(%rsp), %xmm0 + vmovdqa L_avx2_aes_gcm_bswap_epi64(%rip), %xmm1 + vpaddd L_avx2_aes_gcm_one(%rip), %xmm0, %xmm9 + vpshufb %xmm1, %xmm0, %xmm8 + vpaddd L_avx2_aes_gcm_two(%rip), %xmm0, %xmm10 + vpshufb %xmm1, %xmm9, %xmm9 + vpaddd L_avx2_aes_gcm_three(%rip), %xmm0, %xmm11 + vpshufb %xmm1, %xmm10, %xmm10 + vpaddd L_avx2_aes_gcm_four(%rip), %xmm0, %xmm12 + vpshufb %xmm1, %xmm11, %xmm11 + vpaddd L_avx2_aes_gcm_five(%rip), %xmm0, %xmm13 + vpshufb %xmm1, %xmm12, %xmm12 + vpaddd L_avx2_aes_gcm_six(%rip), %xmm0, %xmm14 + vpshufb %xmm1, %xmm13, %xmm13 + vpaddd L_avx2_aes_gcm_seven(%rip), %xmm0, %xmm15 + vpshufb %xmm1, %xmm14, %xmm14 + vpaddd L_avx2_aes_gcm_eight(%rip), %xmm0, %xmm0 + vpshufb %xmm1, %xmm15, %xmm15 + # aesenc_xor + vmovdqa (%rdi), %xmm7 + vmovdqa %xmm0, 128(%rsp) + vpxor %xmm7, %xmm8, %xmm8 + vpxor %xmm7, %xmm9, %xmm9 + vpxor %xmm7, %xmm10, %xmm10 + vpxor %xmm7, %xmm11, %xmm11 + vpxor %xmm7, %xmm12, %xmm12 + vpxor %xmm7, %xmm13, %xmm13 + vpxor %xmm7, %xmm14, %xmm14 + vpxor %xmm7, %xmm15, %xmm15 + vmovdqa 16(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 32(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 48(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 64(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 80(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 96(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 112(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 128(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 144(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + cmpl $11, %esi + vmovdqa 160(%rdi), %xmm7 + jl L_AES_GCM_encrypt_update_avx2_aesenc_128_enc_done + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 176(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + cmpl $13, %esi + vmovdqa 192(%rdi), %xmm7 + jl L_AES_GCM_encrypt_update_avx2_aesenc_128_enc_done + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 208(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 224(%rdi), %xmm7 +L_AES_GCM_encrypt_update_avx2_aesenc_128_enc_done: + # aesenc_last + vaesenclast %xmm7, %xmm8, %xmm8 + vaesenclast %xmm7, %xmm9, %xmm9 + vaesenclast %xmm7, %xmm10, %xmm10 + vaesenclast %xmm7, %xmm11, %xmm11 + vmovdqu (%r11), %xmm0 + vmovdqu 16(%r11), %xmm1 + vmovdqu 32(%r11), %xmm2 + vmovdqu 48(%r11), %xmm3 + vpxor %xmm0, %xmm8, %xmm8 + vpxor %xmm1, %xmm9, %xmm9 + vpxor %xmm2, %xmm10, %xmm10 + vpxor %xmm3, %xmm11, %xmm11 + vmovdqu %xmm8, (%r10) + vmovdqu %xmm9, 16(%r10) + vmovdqu %xmm10, 32(%r10) + vmovdqu %xmm11, 48(%r10) + vaesenclast %xmm7, %xmm12, %xmm12 + vaesenclast %xmm7, %xmm13, %xmm13 + vaesenclast %xmm7, %xmm14, %xmm14 + vaesenclast %xmm7, %xmm15, %xmm15 + vmovdqu 64(%r11), %xmm0 + vmovdqu 80(%r11), %xmm1 + vmovdqu 96(%r11), %xmm2 + vmovdqu 112(%r11), %xmm3 + vpxor %xmm0, %xmm12, %xmm12 + vpxor %xmm1, %xmm13, %xmm13 + vpxor %xmm2, %xmm14, %xmm14 + vpxor %xmm3, %xmm15, %xmm15 + vmovdqu %xmm12, 64(%r10) + vmovdqu %xmm13, 80(%r10) + vmovdqu %xmm14, 96(%r10) + vmovdqu %xmm15, 112(%r10) + cmpl $0x80, %r13d + movl $0x80, %r14d + jle L_AES_GCM_encrypt_update_avx2_end_128 + # More 128 bytes of input +L_AES_GCM_encrypt_update_avx2_ghash_128: + # aesenc_128_ghash + leaq (%r11,%r14,1), %rcx + leaq (%r10,%r14,1), %rdx + # aesenc_ctr + vmovdqa 128(%rsp), %xmm0 + vmovdqa L_avx2_aes_gcm_bswap_epi64(%rip), %xmm1 + vpaddd L_avx2_aes_gcm_one(%rip), %xmm0, %xmm9 + vpshufb %xmm1, %xmm0, %xmm8 + vpaddd L_avx2_aes_gcm_two(%rip), %xmm0, %xmm10 + vpshufb %xmm1, %xmm9, %xmm9 + vpaddd L_avx2_aes_gcm_three(%rip), %xmm0, %xmm11 + vpshufb %xmm1, %xmm10, %xmm10 + vpaddd L_avx2_aes_gcm_four(%rip), %xmm0, %xmm12 + vpshufb %xmm1, %xmm11, %xmm11 + vpaddd L_avx2_aes_gcm_five(%rip), %xmm0, %xmm13 + vpshufb %xmm1, %xmm12, %xmm12 + vpaddd L_avx2_aes_gcm_six(%rip), %xmm0, %xmm14 + vpshufb %xmm1, %xmm13, %xmm13 + vpaddd L_avx2_aes_gcm_seven(%rip), %xmm0, %xmm15 + vpshufb %xmm1, %xmm14, %xmm14 + vpaddd L_avx2_aes_gcm_eight(%rip), %xmm0, %xmm0 + vpshufb %xmm1, %xmm15, %xmm15 + # aesenc_xor + vmovdqa (%rdi), %xmm7 + vmovdqa %xmm0, 128(%rsp) + vpxor %xmm7, %xmm8, %xmm8 + vpxor %xmm7, %xmm9, %xmm9 + vpxor %xmm7, %xmm10, %xmm10 + vpxor %xmm7, %xmm11, %xmm11 + vpxor %xmm7, %xmm12, %xmm12 + vpxor %xmm7, %xmm13, %xmm13 + vpxor %xmm7, %xmm14, %xmm14 + vpxor %xmm7, %xmm15, %xmm15 + # aesenc_pclmul_1 + vmovdqu -128(%rdx), %xmm1 + vmovdqu 16(%rdi), %xmm0 + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1 + vmovdqa 112(%rsp), %xmm2 + vpxor %xmm6, %xmm1, %xmm1 + vpclmulqdq $16, %xmm2, %xmm1, %xmm5 + vpclmulqdq $0x01, %xmm2, %xmm1, %xmm3 + vpclmulqdq $0x00, %xmm2, %xmm1, %xmm6 + vpclmulqdq $0x11, %xmm2, %xmm1, %xmm7 + vaesenc %xmm0, %xmm8, %xmm8 + vaesenc %xmm0, %xmm9, %xmm9 + vaesenc %xmm0, %xmm10, %xmm10 + vaesenc %xmm0, %xmm11, %xmm11 + vaesenc %xmm0, %xmm12, %xmm12 + vaesenc %xmm0, %xmm13, %xmm13 + vaesenc %xmm0, %xmm14, %xmm14 + vaesenc %xmm0, %xmm15, %xmm15 + # aesenc_pclmul_2 + vmovdqu -112(%rdx), %xmm1 + vmovdqa 96(%rsp), %xmm0 + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1 + vpxor %xmm3, %xmm5, %xmm5 + vpclmulqdq $16, %xmm0, %xmm1, %xmm2 + vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3 + vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4 + vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1 + vmovdqu 32(%rdi), %xmm0 + vpxor %xmm1, %xmm7, %xmm7 + vaesenc %xmm0, %xmm8, %xmm8 + vaesenc %xmm0, %xmm9, %xmm9 + vaesenc %xmm0, %xmm10, %xmm10 + vaesenc %xmm0, %xmm11, %xmm11 + vaesenc %xmm0, %xmm12, %xmm12 + vaesenc %xmm0, %xmm13, %xmm13 + vaesenc %xmm0, %xmm14, %xmm14 + vaesenc %xmm0, %xmm15, %xmm15 + # aesenc_pclmul_n + vmovdqu -96(%rdx), %xmm1 + vmovdqa 80(%rsp), %xmm0 + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1 + vpxor %xmm2, %xmm5, %xmm5 + vpclmulqdq $16, %xmm0, %xmm1, %xmm2 + vpxor %xmm3, %xmm5, %xmm5 + vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3 + vpxor %xmm4, %xmm6, %xmm6 + vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4 + vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1 + vmovdqu 48(%rdi), %xmm0 + vpxor %xmm1, %xmm7, %xmm7 + vaesenc %xmm0, %xmm8, %xmm8 + vaesenc %xmm0, %xmm9, %xmm9 + vaesenc %xmm0, %xmm10, %xmm10 + vaesenc %xmm0, %xmm11, %xmm11 + vaesenc %xmm0, %xmm12, %xmm12 + vaesenc %xmm0, %xmm13, %xmm13 + vaesenc %xmm0, %xmm14, %xmm14 + vaesenc %xmm0, %xmm15, %xmm15 + # aesenc_pclmul_n + vmovdqu -80(%rdx), %xmm1 + vmovdqa 64(%rsp), %xmm0 + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1 + vpxor %xmm2, %xmm5, %xmm5 + vpclmulqdq $16, %xmm0, %xmm1, %xmm2 + vpxor %xmm3, %xmm5, %xmm5 + vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3 + vpxor %xmm4, %xmm6, %xmm6 + vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4 + vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1 + vmovdqu 64(%rdi), %xmm0 + vpxor %xmm1, %xmm7, %xmm7 + vaesenc %xmm0, %xmm8, %xmm8 + vaesenc %xmm0, %xmm9, %xmm9 + vaesenc %xmm0, %xmm10, %xmm10 + vaesenc %xmm0, %xmm11, %xmm11 + vaesenc %xmm0, %xmm12, %xmm12 + vaesenc %xmm0, %xmm13, %xmm13 + vaesenc %xmm0, %xmm14, %xmm14 + vaesenc %xmm0, %xmm15, %xmm15 + # aesenc_pclmul_n + vmovdqu -64(%rdx), %xmm1 + vmovdqa 48(%rsp), %xmm0 + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1 + vpxor %xmm2, %xmm5, %xmm5 + vpclmulqdq $16, %xmm0, %xmm1, %xmm2 + vpxor %xmm3, %xmm5, %xmm5 + vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3 + vpxor %xmm4, %xmm6, %xmm6 + vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4 + vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1 + vmovdqu 80(%rdi), %xmm0 + vpxor %xmm1, %xmm7, %xmm7 + vaesenc %xmm0, %xmm8, %xmm8 + vaesenc %xmm0, %xmm9, %xmm9 + vaesenc %xmm0, %xmm10, %xmm10 + vaesenc %xmm0, %xmm11, %xmm11 + vaesenc %xmm0, %xmm12, %xmm12 + vaesenc %xmm0, %xmm13, %xmm13 + vaesenc %xmm0, %xmm14, %xmm14 + vaesenc %xmm0, %xmm15, %xmm15 + # aesenc_pclmul_n + vmovdqu -48(%rdx), %xmm1 + vmovdqa 32(%rsp), %xmm0 + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1 + vpxor %xmm2, %xmm5, %xmm5 + vpclmulqdq $16, %xmm0, %xmm1, %xmm2 + vpxor %xmm3, %xmm5, %xmm5 + vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3 + vpxor %xmm4, %xmm6, %xmm6 + vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4 + vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1 + vmovdqu 96(%rdi), %xmm0 + vpxor %xmm1, %xmm7, %xmm7 + vaesenc %xmm0, %xmm8, %xmm8 + vaesenc %xmm0, %xmm9, %xmm9 + vaesenc %xmm0, %xmm10, %xmm10 + vaesenc %xmm0, %xmm11, %xmm11 + vaesenc %xmm0, %xmm12, %xmm12 + vaesenc %xmm0, %xmm13, %xmm13 + vaesenc %xmm0, %xmm14, %xmm14 + vaesenc %xmm0, %xmm15, %xmm15 + # aesenc_pclmul_n + vmovdqu -32(%rdx), %xmm1 + vmovdqa 16(%rsp), %xmm0 + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1 + vpxor %xmm2, %xmm5, %xmm5 + vpclmulqdq $16, %xmm0, %xmm1, %xmm2 + vpxor %xmm3, %xmm5, %xmm5 + vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3 + vpxor %xmm4, %xmm6, %xmm6 + vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4 + vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1 + vmovdqu 112(%rdi), %xmm0 + vpxor %xmm1, %xmm7, %xmm7 + vaesenc %xmm0, %xmm8, %xmm8 + vaesenc %xmm0, %xmm9, %xmm9 + vaesenc %xmm0, %xmm10, %xmm10 + vaesenc %xmm0, %xmm11, %xmm11 + vaesenc %xmm0, %xmm12, %xmm12 + vaesenc %xmm0, %xmm13, %xmm13 + vaesenc %xmm0, %xmm14, %xmm14 + vaesenc %xmm0, %xmm15, %xmm15 + # aesenc_pclmul_n + vmovdqu -16(%rdx), %xmm1 + vmovdqa (%rsp), %xmm0 + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1 + vpxor %xmm2, %xmm5, %xmm5 + vpclmulqdq $16, %xmm0, %xmm1, %xmm2 + vpxor %xmm3, %xmm5, %xmm5 + vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3 + vpxor %xmm4, %xmm6, %xmm6 + vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4 + vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1 + vmovdqu 128(%rdi), %xmm0 + vpxor %xmm1, %xmm7, %xmm7 + vaesenc %xmm0, %xmm8, %xmm8 + vaesenc %xmm0, %xmm9, %xmm9 + vaesenc %xmm0, %xmm10, %xmm10 + vaesenc %xmm0, %xmm11, %xmm11 + vaesenc %xmm0, %xmm12, %xmm12 + vaesenc %xmm0, %xmm13, %xmm13 + vaesenc %xmm0, %xmm14, %xmm14 + vaesenc %xmm0, %xmm15, %xmm15 + # aesenc_pclmul_l + vpxor %xmm2, %xmm5, %xmm5 + vpxor %xmm4, %xmm6, %xmm6 + vpxor %xmm3, %xmm5, %xmm5 + vpslldq $8, %xmm5, %xmm1 + vpsrldq $8, %xmm5, %xmm5 + vmovdqa 144(%rdi), %xmm4 + vmovdqa L_avx2_aes_gcm_mod2_128(%rip), %xmm0 + vaesenc %xmm4, %xmm8, %xmm8 + vpxor %xmm1, %xmm6, %xmm6 + vpxor %xmm5, %xmm7, %xmm7 + vpclmulqdq $16, %xmm0, %xmm6, %xmm3 + vaesenc %xmm4, %xmm9, %xmm9 + vaesenc %xmm4, %xmm10, %xmm10 + vaesenc %xmm4, %xmm11, %xmm11 + vpshufd $0x4e, %xmm6, %xmm6 + vpxor %xmm3, %xmm6, %xmm6 + vpclmulqdq $16, %xmm0, %xmm6, %xmm3 + vaesenc %xmm4, %xmm12, %xmm12 + vaesenc %xmm4, %xmm13, %xmm13 + vaesenc %xmm4, %xmm14, %xmm14 + vpshufd $0x4e, %xmm6, %xmm6 + vpxor %xmm3, %xmm6, %xmm6 + vpxor %xmm7, %xmm6, %xmm6 + vaesenc %xmm4, %xmm15, %xmm15 + cmpl $11, %esi + vmovdqa 160(%rdi), %xmm7 + jl L_AES_GCM_encrypt_update_avx2_aesenc_128_ghash_avx_done + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 176(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + cmpl $13, %esi + vmovdqa 192(%rdi), %xmm7 + jl L_AES_GCM_encrypt_update_avx2_aesenc_128_ghash_avx_done + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 208(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 224(%rdi), %xmm7 +L_AES_GCM_encrypt_update_avx2_aesenc_128_ghash_avx_done: + # aesenc_last + vaesenclast %xmm7, %xmm8, %xmm8 + vaesenclast %xmm7, %xmm9, %xmm9 + vaesenclast %xmm7, %xmm10, %xmm10 + vaesenclast %xmm7, %xmm11, %xmm11 + vmovdqu (%rcx), %xmm0 + vmovdqu 16(%rcx), %xmm1 + vmovdqu 32(%rcx), %xmm2 + vmovdqu 48(%rcx), %xmm3 + vpxor %xmm0, %xmm8, %xmm8 + vpxor %xmm1, %xmm9, %xmm9 + vpxor %xmm2, %xmm10, %xmm10 + vpxor %xmm3, %xmm11, %xmm11 + vmovdqu %xmm8, (%rdx) + vmovdqu %xmm9, 16(%rdx) + vmovdqu %xmm10, 32(%rdx) + vmovdqu %xmm11, 48(%rdx) + vaesenclast %xmm7, %xmm12, %xmm12 + vaesenclast %xmm7, %xmm13, %xmm13 + vaesenclast %xmm7, %xmm14, %xmm14 + vaesenclast %xmm7, %xmm15, %xmm15 + vmovdqu 64(%rcx), %xmm0 + vmovdqu 80(%rcx), %xmm1 + vmovdqu 96(%rcx), %xmm2 + vmovdqu 112(%rcx), %xmm3 + vpxor %xmm0, %xmm12, %xmm12 + vpxor %xmm1, %xmm13, %xmm13 + vpxor %xmm2, %xmm14, %xmm14 + vpxor %xmm3, %xmm15, %xmm15 + vmovdqu %xmm12, 64(%rdx) + vmovdqu %xmm13, 80(%rdx) + vmovdqu %xmm14, 96(%rdx) + vmovdqu %xmm15, 112(%rdx) + # aesenc_128_ghash - end + addl $0x80, %r14d + cmpl %r13d, %r14d + jl L_AES_GCM_encrypt_update_avx2_ghash_128 +L_AES_GCM_encrypt_update_avx2_end_128: + vmovdqa L_avx2_aes_gcm_bswap_mask(%rip), %xmm4 + vpshufb %xmm4, %xmm8, %xmm8 + vpshufb %xmm4, %xmm9, %xmm9 + vpshufb %xmm4, %xmm10, %xmm10 + vpshufb %xmm4, %xmm11, %xmm11 + vpshufb %xmm4, %xmm12, %xmm12 + vpshufb %xmm4, %xmm13, %xmm13 + vpshufb %xmm4, %xmm14, %xmm14 + vpshufb %xmm4, %xmm15, %xmm15 + vpxor %xmm6, %xmm8, %xmm8 + vmovdqu (%rsp), %xmm7 + vpclmulqdq $16, %xmm15, %xmm7, %xmm5 + vpclmulqdq $0x01, %xmm15, %xmm7, %xmm1 + vpclmulqdq $0x00, %xmm15, %xmm7, %xmm4 + vpclmulqdq $0x11, %xmm15, %xmm7, %xmm6 + vpxor %xmm1, %xmm5, %xmm5 + vmovdqu 16(%rsp), %xmm7 + vpclmulqdq $16, %xmm14, %xmm7, %xmm2 + vpclmulqdq $0x01, %xmm14, %xmm7, %xmm1 + vpclmulqdq $0x00, %xmm14, %xmm7, %xmm0 + vpclmulqdq $0x11, %xmm14, %xmm7, %xmm3 + vpxor %xmm1, %xmm2, %xmm2 + vpxor %xmm3, %xmm6, %xmm6 + vpxor %xmm2, %xmm5, %xmm5 + vpxor %xmm0, %xmm4, %xmm4 + vmovdqu 32(%rsp), %xmm15 + vmovdqu 48(%rsp), %xmm7 + vpclmulqdq $16, %xmm13, %xmm15, %xmm2 + vpclmulqdq $0x01, %xmm13, %xmm15, %xmm1 + vpclmulqdq $0x00, %xmm13, %xmm15, %xmm0 + vpclmulqdq $0x11, %xmm13, %xmm15, %xmm3 + vpxor %xmm1, %xmm2, %xmm2 + vpxor %xmm3, %xmm6, %xmm6 + vpxor %xmm2, %xmm5, %xmm5 + vpxor %xmm0, %xmm4, %xmm4 + vpclmulqdq $16, %xmm12, %xmm7, %xmm2 + vpclmulqdq $0x01, %xmm12, %xmm7, %xmm1 + vpclmulqdq $0x00, %xmm12, %xmm7, %xmm0 + vpclmulqdq $0x11, %xmm12, %xmm7, %xmm3 + vpxor %xmm1, %xmm2, %xmm2 + vpxor %xmm3, %xmm6, %xmm6 + vpxor %xmm2, %xmm5, %xmm5 + vpxor %xmm0, %xmm4, %xmm4 + vmovdqu 64(%rsp), %xmm15 + vmovdqu 80(%rsp), %xmm7 + vpclmulqdq $16, %xmm11, %xmm15, %xmm2 + vpclmulqdq $0x01, %xmm11, %xmm15, %xmm1 + vpclmulqdq $0x00, %xmm11, %xmm15, %xmm0 + vpclmulqdq $0x11, %xmm11, %xmm15, %xmm3 + vpxor %xmm1, %xmm2, %xmm2 + vpxor %xmm3, %xmm6, %xmm6 + vpxor %xmm2, %xmm5, %xmm5 + vpxor %xmm0, %xmm4, %xmm4 + vpclmulqdq $16, %xmm10, %xmm7, %xmm2 + vpclmulqdq $0x01, %xmm10, %xmm7, %xmm1 + vpclmulqdq $0x00, %xmm10, %xmm7, %xmm0 + vpclmulqdq $0x11, %xmm10, %xmm7, %xmm3 + vpxor %xmm1, %xmm2, %xmm2 + vpxor %xmm3, %xmm6, %xmm6 + vpxor %xmm2, %xmm5, %xmm5 + vpxor %xmm0, %xmm4, %xmm4 + vmovdqu 96(%rsp), %xmm15 + vmovdqu 112(%rsp), %xmm7 + vpclmulqdq $16, %xmm9, %xmm15, %xmm2 + vpclmulqdq $0x01, %xmm9, %xmm15, %xmm1 + vpclmulqdq $0x00, %xmm9, %xmm15, %xmm0 + vpclmulqdq $0x11, %xmm9, %xmm15, %xmm3 + vpxor %xmm1, %xmm2, %xmm2 + vpxor %xmm3, %xmm6, %xmm6 + vpxor %xmm2, %xmm5, %xmm5 + vpxor %xmm0, %xmm4, %xmm4 + vpclmulqdq $16, %xmm8, %xmm7, %xmm2 + vpclmulqdq $0x01, %xmm8, %xmm7, %xmm1 + vpclmulqdq $0x00, %xmm8, %xmm7, %xmm0 + vpclmulqdq $0x11, %xmm8, %xmm7, %xmm3 + vpxor %xmm1, %xmm2, %xmm2 + vpxor %xmm3, %xmm6, %xmm6 + vpxor %xmm2, %xmm5, %xmm5 + vpxor %xmm0, %xmm4, %xmm4 + vpslldq $8, %xmm5, %xmm7 + vpsrldq $8, %xmm5, %xmm5 + vpxor %xmm7, %xmm4, %xmm4 + vpxor %xmm5, %xmm6, %xmm6 + # ghash_red + vmovdqa L_avx2_aes_gcm_mod2_128(%rip), %xmm2 + vpclmulqdq $16, %xmm2, %xmm4, %xmm0 + vpshufd $0x4e, %xmm4, %xmm1 + vpxor %xmm0, %xmm1, %xmm1 + vpclmulqdq $16, %xmm2, %xmm1, %xmm0 + vpshufd $0x4e, %xmm1, %xmm1 + vpxor %xmm0, %xmm1, %xmm1 + vpxor %xmm1, %xmm6, %xmm6 + vmovdqa (%rsp), %xmm5 + vmovdqu 128(%rsp), %xmm4 +L_AES_GCM_encrypt_update_avx2_done_128: + cmpl %r8d, %r14d + je L_AES_GCM_encrypt_update_avx2_done_enc + movl %r8d, %r13d + andl $0xfffffff0, %r13d + cmpl %r13d, %r14d + jge L_AES_GCM_encrypt_update_avx2_last_block_done + # aesenc_block + vmovdqa %xmm4, %xmm1 + vpshufb L_avx2_aes_gcm_bswap_epi64(%rip), %xmm1, %xmm0 + vpaddd L_avx2_aes_gcm_one(%rip), %xmm1, %xmm1 + vpxor (%rdi), %xmm0, %xmm0 + vmovdqa 16(%rdi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqa 32(%rdi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqa 48(%rdi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqa 64(%rdi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqa 80(%rdi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqa 96(%rdi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqa 112(%rdi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqa 128(%rdi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqa 144(%rdi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqa %xmm1, %xmm4 + cmpl $11, %esi + vmovdqa 160(%rdi), %xmm1 + jl L_AES_GCM_encrypt_update_avx2_aesenc_block_last + vaesenc %xmm1, %xmm0, %xmm0 + vmovdqa 176(%rdi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + cmpl $13, %esi + vmovdqa 192(%rdi), %xmm1 + jl L_AES_GCM_encrypt_update_avx2_aesenc_block_last + vaesenc %xmm1, %xmm0, %xmm0 + vmovdqa 208(%rdi), %xmm2 + vaesenc %xmm2, %xmm0, %xmm0 + vmovdqa 224(%rdi), %xmm1 +L_AES_GCM_encrypt_update_avx2_aesenc_block_last: + vaesenclast %xmm1, %xmm0, %xmm0 + vmovdqu (%r11,%r14,1), %xmm1 + vpxor %xmm1, %xmm0, %xmm0 + vmovdqu %xmm0, (%r10,%r14,1) + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 + vpxor %xmm0, %xmm6, %xmm6 + addl $16, %r14d + cmpl %r13d, %r14d + jge L_AES_GCM_encrypt_update_avx2_last_block_ghash +L_AES_GCM_encrypt_update_avx2_last_block_start: + vmovdqu (%r11,%r14,1), %xmm12 + vpshufb L_avx2_aes_gcm_bswap_epi64(%rip), %xmm4, %xmm11 + vpaddd L_avx2_aes_gcm_one(%rip), %xmm4, %xmm4 + # aesenc_gfmul_sb + vpclmulqdq $0x01, %xmm5, %xmm6, %xmm2 + vpclmulqdq $16, %xmm5, %xmm6, %xmm3 + vpclmulqdq $0x00, %xmm5, %xmm6, %xmm1 + vpclmulqdq $0x11, %xmm5, %xmm6, %xmm8 + vpxor (%rdi), %xmm11, %xmm11 + vaesenc 16(%rdi), %xmm11, %xmm11 + vpxor %xmm2, %xmm3, %xmm3 + vpslldq $8, %xmm3, %xmm2 + vpsrldq $8, %xmm3, %xmm3 + vaesenc 32(%rdi), %xmm11, %xmm11 + vpxor %xmm1, %xmm2, %xmm2 + vpclmulqdq $16, L_avx2_aes_gcm_mod2_128(%rip), %xmm2, %xmm1 + vaesenc 48(%rdi), %xmm11, %xmm11 + vaesenc 64(%rdi), %xmm11, %xmm11 + vaesenc 80(%rdi), %xmm11, %xmm11 + vpshufd $0x4e, %xmm2, %xmm2 + vpxor %xmm1, %xmm2, %xmm2 + vpclmulqdq $16, L_avx2_aes_gcm_mod2_128(%rip), %xmm2, %xmm1 + vaesenc 96(%rdi), %xmm11, %xmm11 + vaesenc 112(%rdi), %xmm11, %xmm11 + vaesenc 128(%rdi), %xmm11, %xmm11 + vpshufd $0x4e, %xmm2, %xmm2 + vaesenc 144(%rdi), %xmm11, %xmm11 + vpxor %xmm3, %xmm8, %xmm8 + vpxor %xmm8, %xmm2, %xmm2 + vmovdqa 160(%rdi), %xmm0 + cmpl $11, %esi + jl L_AES_GCM_encrypt_update_avx2_aesenc_gfmul_sb_last + vaesenc %xmm0, %xmm11, %xmm11 + vaesenc 176(%rdi), %xmm11, %xmm11 + vmovdqa 192(%rdi), %xmm0 + cmpl $13, %esi + jl L_AES_GCM_encrypt_update_avx2_aesenc_gfmul_sb_last + vaesenc %xmm0, %xmm11, %xmm11 + vaesenc 208(%rdi), %xmm11, %xmm11 + vmovdqa 224(%rdi), %xmm0 +L_AES_GCM_encrypt_update_avx2_aesenc_gfmul_sb_last: + vaesenclast %xmm0, %xmm11, %xmm11 + vpxor %xmm1, %xmm2, %xmm6 + vpxor %xmm12, %xmm11, %xmm11 + vmovdqu %xmm11, (%r10,%r14,1) + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm11, %xmm11 + vpxor %xmm11, %xmm6, %xmm6 + addl $16, %r14d + cmpl %r13d, %r14d + jl L_AES_GCM_encrypt_update_avx2_last_block_start +L_AES_GCM_encrypt_update_avx2_last_block_ghash: + # ghash_gfmul_red + vpclmulqdq $16, %xmm5, %xmm6, %xmm10 + vpclmulqdq $0x01, %xmm5, %xmm6, %xmm9 + vpclmulqdq $0x00, %xmm5, %xmm6, %xmm8 + vpxor %xmm9, %xmm10, %xmm10 + vpslldq $8, %xmm10, %xmm9 + vpsrldq $8, %xmm10, %xmm10 + vpxor %xmm8, %xmm9, %xmm9 + vpclmulqdq $0x11, %xmm5, %xmm6, %xmm6 + vpclmulqdq $16, L_avx2_aes_gcm_mod2_128(%rip), %xmm9, %xmm8 + vpshufd $0x4e, %xmm9, %xmm9 + vpxor %xmm8, %xmm9, %xmm9 + vpclmulqdq $16, L_avx2_aes_gcm_mod2_128(%rip), %xmm9, %xmm8 + vpshufd $0x4e, %xmm9, %xmm9 + vpxor %xmm10, %xmm6, %xmm6 + vpxor %xmm9, %xmm6, %xmm6 + vpxor %xmm8, %xmm6, %xmm6 +L_AES_GCM_encrypt_update_avx2_last_block_done: +L_AES_GCM_encrypt_update_avx2_done_enc: + vmovdqa %xmm6, (%r9) + vmovdqa %xmm4, (%r12) + vzeroupper + addq $0x98, %rsp + popq %r14 + popq %r13 + popq %r12 + repz retq +#ifndef __APPLE__ +.size AES_GCM_encrypt_update_avx2,.-AES_GCM_encrypt_update_avx2 +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_GCM_encrypt_final_avx2 +.type AES_GCM_encrypt_final_avx2,@function +.align 16 +AES_GCM_encrypt_final_avx2: +#else +.section __TEXT,__text +.globl _AES_GCM_encrypt_final_avx2 +.p2align 4 +_AES_GCM_encrypt_final_avx2: +#endif /* __APPLE__ */ + pushq %r13 + movl %ecx, %r10d + movl %r8d, %r11d + movq 16(%rsp), %rax + subq $16, %rsp + vmovdqa (%rdi), %xmm4 + vmovdqa (%r9), %xmm5 + vmovdqa (%rax), %xmm6 + vpsrlq $63, %xmm5, %xmm1 + vpsllq $0x01, %xmm5, %xmm0 + vpslldq $8, %xmm1, %xmm1 + vpor %xmm1, %xmm0, %xmm0 + vpshufd $0xff, %xmm5, %xmm5 + vpsrad $31, %xmm5, %xmm5 + vpand L_avx2_aes_gcm_mod2_128(%rip), %xmm5, %xmm5 + vpxor %xmm0, %xmm5, %xmm5 + # calc_tag + shlq $3, %r10 + vpinsrq $0x00, %r10, %xmm0, %xmm0 + shlq $3, %r11 + vpinsrq $0x01, %r11, %xmm1, %xmm1 + vpblendd $12, %xmm1, %xmm0, %xmm0 + vpxor %xmm4, %xmm0, %xmm0 + # ghash_gfmul_red + vpclmulqdq $16, %xmm5, %xmm0, %xmm7 + vpclmulqdq $0x01, %xmm5, %xmm0, %xmm3 + vpclmulqdq $0x00, %xmm5, %xmm0, %xmm2 + vpxor %xmm3, %xmm7, %xmm7 + vpslldq $8, %xmm7, %xmm3 + vpsrldq $8, %xmm7, %xmm7 + vpxor %xmm2, %xmm3, %xmm3 + vpclmulqdq $0x11, %xmm5, %xmm0, %xmm0 + vpclmulqdq $16, L_avx2_aes_gcm_mod2_128(%rip), %xmm3, %xmm2 + vpshufd $0x4e, %xmm3, %xmm3 + vpxor %xmm2, %xmm3, %xmm3 + vpclmulqdq $16, L_avx2_aes_gcm_mod2_128(%rip), %xmm3, %xmm2 + vpshufd $0x4e, %xmm3, %xmm3 + vpxor %xmm7, %xmm0, %xmm0 + vpxor %xmm3, %xmm0, %xmm0 + vpxor %xmm2, %xmm0, %xmm0 + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 + vpxor %xmm6, %xmm0, %xmm0 + # store_tag + cmpl $16, %edx + je L_AES_GCM_encrypt_final_avx2_store_tag_16 + xorq %rcx, %rcx + vmovdqu %xmm0, (%rsp) +L_AES_GCM_encrypt_final_avx2_store_tag_loop: + movzbl (%rsp,%rcx,1), %r13d + movb %r13b, (%rsi,%rcx,1) + incl %ecx + cmpl %edx, %ecx + jne L_AES_GCM_encrypt_final_avx2_store_tag_loop + jmp L_AES_GCM_encrypt_final_avx2_store_tag_done +L_AES_GCM_encrypt_final_avx2_store_tag_16: + vmovdqu %xmm0, (%rsi) +L_AES_GCM_encrypt_final_avx2_store_tag_done: + vzeroupper + addq $16, %rsp + popq %r13 + repz retq +#ifndef __APPLE__ +.size AES_GCM_encrypt_final_avx2,.-AES_GCM_encrypt_final_avx2 +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_GCM_decrypt_update_avx2 +.type AES_GCM_decrypt_update_avx2,@function +.align 16 +AES_GCM_decrypt_update_avx2: +#else +.section __TEXT,__text +.globl _AES_GCM_decrypt_update_avx2 +.p2align 4 +_AES_GCM_decrypt_update_avx2: +#endif /* __APPLE__ */ + pushq %r13 + pushq %r12 + pushq %r14 + movq %rdx, %r10 + movq %rcx, %r11 + movq 32(%rsp), %rax + movq 40(%rsp), %r12 + subq $0xa8, %rsp + vmovdqa (%r9), %xmm6 + vmovdqa (%rax), %xmm5 + vmovdqa (%r12), %xmm4 + # Calculate H + vpsrlq $63, %xmm5, %xmm1 + vpsllq $0x01, %xmm5, %xmm0 + vpslldq $8, %xmm1, %xmm1 + vpor %xmm1, %xmm0, %xmm0 + vpshufd $0xff, %xmm5, %xmm5 + vpsrad $31, %xmm5, %xmm5 + vpand L_avx2_aes_gcm_mod2_128(%rip), %xmm5, %xmm5 + vpxor %xmm0, %xmm5, %xmm5 + xorl %r14d, %r14d + cmpl $0x80, %r8d + movl %r8d, %r13d + jl L_AES_GCM_decrypt_update_avx2_done_128 + andl $0xffffff80, %r13d + vmovdqa %xmm4, 128(%rsp) + vmovdqa %xmm15, 144(%rsp) + vmovdqa L_avx2_aes_gcm_mod2_128(%rip), %xmm3 + # H ^ 1 and H ^ 2 + vpclmulqdq $0x00, %xmm5, %xmm5, %xmm9 + vpclmulqdq $0x11, %xmm5, %xmm5, %xmm10 + vpclmulqdq $16, %xmm3, %xmm9, %xmm8 + vpshufd $0x4e, %xmm9, %xmm9 + vpxor %xmm8, %xmm9, %xmm9 + vpclmulqdq $16, %xmm3, %xmm9, %xmm8 + vpshufd $0x4e, %xmm9, %xmm9 + vpxor %xmm8, %xmm9, %xmm9 + vpxor %xmm9, %xmm10, %xmm0 + vmovdqa %xmm5, (%rsp) + vmovdqa %xmm0, 16(%rsp) + # H ^ 3 and H ^ 4 + vpclmulqdq $16, %xmm5, %xmm0, %xmm11 + vpclmulqdq $0x01, %xmm5, %xmm0, %xmm10 + vpclmulqdq $0x00, %xmm5, %xmm0, %xmm9 + vpclmulqdq $0x11, %xmm5, %xmm0, %xmm12 + vpclmulqdq $0x00, %xmm0, %xmm0, %xmm13 + vpclmulqdq $0x11, %xmm0, %xmm0, %xmm14 + vpxor %xmm10, %xmm11, %xmm11 + vpslldq $8, %xmm11, %xmm10 + vpsrldq $8, %xmm11, %xmm11 + vpxor %xmm9, %xmm10, %xmm10 + vpclmulqdq $16, %xmm3, %xmm13, %xmm8 + vpclmulqdq $16, %xmm3, %xmm10, %xmm9 + vpshufd $0x4e, %xmm10, %xmm10 + vpshufd $0x4e, %xmm13, %xmm13 + vpxor %xmm9, %xmm10, %xmm10 + vpxor %xmm8, %xmm13, %xmm13 + vpclmulqdq $16, %xmm3, %xmm10, %xmm9 + vpclmulqdq $16, %xmm3, %xmm13, %xmm8 + vpshufd $0x4e, %xmm10, %xmm10 + vpshufd $0x4e, %xmm13, %xmm13 + vpxor %xmm11, %xmm12, %xmm12 + vpxor %xmm8, %xmm13, %xmm13 + vpxor %xmm12, %xmm10, %xmm10 + vpxor %xmm14, %xmm13, %xmm2 + vpxor %xmm9, %xmm10, %xmm1 + vmovdqa %xmm1, 32(%rsp) + vmovdqa %xmm2, 48(%rsp) + # H ^ 5 and H ^ 6 + vpclmulqdq $16, %xmm0, %xmm1, %xmm11 + vpclmulqdq $0x01, %xmm0, %xmm1, %xmm10 + vpclmulqdq $0x00, %xmm0, %xmm1, %xmm9 + vpclmulqdq $0x11, %xmm0, %xmm1, %xmm12 + vpclmulqdq $0x00, %xmm1, %xmm1, %xmm13 + vpclmulqdq $0x11, %xmm1, %xmm1, %xmm14 + vpxor %xmm10, %xmm11, %xmm11 + vpslldq $8, %xmm11, %xmm10 + vpsrldq $8, %xmm11, %xmm11 + vpxor %xmm9, %xmm10, %xmm10 + vpclmulqdq $16, %xmm3, %xmm13, %xmm8 + vpclmulqdq $16, %xmm3, %xmm10, %xmm9 + vpshufd $0x4e, %xmm10, %xmm10 + vpshufd $0x4e, %xmm13, %xmm13 + vpxor %xmm9, %xmm10, %xmm10 + vpxor %xmm8, %xmm13, %xmm13 + vpclmulqdq $16, %xmm3, %xmm10, %xmm9 + vpclmulqdq $16, %xmm3, %xmm13, %xmm8 + vpshufd $0x4e, %xmm10, %xmm10 + vpshufd $0x4e, %xmm13, %xmm13 + vpxor %xmm11, %xmm12, %xmm12 + vpxor %xmm8, %xmm13, %xmm13 + vpxor %xmm12, %xmm10, %xmm10 + vpxor %xmm14, %xmm13, %xmm0 + vpxor %xmm9, %xmm10, %xmm7 + vmovdqa %xmm7, 64(%rsp) + vmovdqa %xmm0, 80(%rsp) + # H ^ 7 and H ^ 8 + vpclmulqdq $16, %xmm1, %xmm2, %xmm11 + vpclmulqdq $0x01, %xmm1, %xmm2, %xmm10 + vpclmulqdq $0x00, %xmm1, %xmm2, %xmm9 + vpclmulqdq $0x11, %xmm1, %xmm2, %xmm12 + vpclmulqdq $0x00, %xmm2, %xmm2, %xmm13 + vpclmulqdq $0x11, %xmm2, %xmm2, %xmm14 + vpxor %xmm10, %xmm11, %xmm11 + vpslldq $8, %xmm11, %xmm10 + vpsrldq $8, %xmm11, %xmm11 + vpxor %xmm9, %xmm10, %xmm10 + vpclmulqdq $16, %xmm3, %xmm13, %xmm8 + vpclmulqdq $16, %xmm3, %xmm10, %xmm9 + vpshufd $0x4e, %xmm10, %xmm10 + vpshufd $0x4e, %xmm13, %xmm13 + vpxor %xmm9, %xmm10, %xmm10 + vpxor %xmm8, %xmm13, %xmm13 + vpclmulqdq $16, %xmm3, %xmm10, %xmm9 + vpclmulqdq $16, %xmm3, %xmm13, %xmm8 + vpshufd $0x4e, %xmm10, %xmm10 + vpshufd $0x4e, %xmm13, %xmm13 + vpxor %xmm11, %xmm12, %xmm12 + vpxor %xmm8, %xmm13, %xmm13 + vpxor %xmm12, %xmm10, %xmm10 + vpxor %xmm14, %xmm13, %xmm0 + vpxor %xmm9, %xmm10, %xmm7 + vmovdqa %xmm7, 96(%rsp) + vmovdqa %xmm0, 112(%rsp) +L_AES_GCM_decrypt_update_avx2_ghash_128: + # aesenc_128_ghash + leaq (%r11,%r14,1), %rcx + leaq (%r10,%r14,1), %rdx + # aesenc_ctr + vmovdqa 128(%rsp), %xmm0 + vmovdqa L_avx2_aes_gcm_bswap_epi64(%rip), %xmm1 + vpaddd L_avx2_aes_gcm_one(%rip), %xmm0, %xmm9 + vpshufb %xmm1, %xmm0, %xmm8 + vpaddd L_avx2_aes_gcm_two(%rip), %xmm0, %xmm10 + vpshufb %xmm1, %xmm9, %xmm9 + vpaddd L_avx2_aes_gcm_three(%rip), %xmm0, %xmm11 + vpshufb %xmm1, %xmm10, %xmm10 + vpaddd L_avx2_aes_gcm_four(%rip), %xmm0, %xmm12 + vpshufb %xmm1, %xmm11, %xmm11 + vpaddd L_avx2_aes_gcm_five(%rip), %xmm0, %xmm13 + vpshufb %xmm1, %xmm12, %xmm12 + vpaddd L_avx2_aes_gcm_six(%rip), %xmm0, %xmm14 + vpshufb %xmm1, %xmm13, %xmm13 + vpaddd L_avx2_aes_gcm_seven(%rip), %xmm0, %xmm15 + vpshufb %xmm1, %xmm14, %xmm14 + vpaddd L_avx2_aes_gcm_eight(%rip), %xmm0, %xmm0 + vpshufb %xmm1, %xmm15, %xmm15 + # aesenc_xor + vmovdqa (%rdi), %xmm7 + vmovdqa %xmm0, 128(%rsp) + vpxor %xmm7, %xmm8, %xmm8 + vpxor %xmm7, %xmm9, %xmm9 + vpxor %xmm7, %xmm10, %xmm10 + vpxor %xmm7, %xmm11, %xmm11 + vpxor %xmm7, %xmm12, %xmm12 + vpxor %xmm7, %xmm13, %xmm13 + vpxor %xmm7, %xmm14, %xmm14 + vpxor %xmm7, %xmm15, %xmm15 + # aesenc_pclmul_1 + vmovdqu (%rcx), %xmm1 + vmovdqu 16(%rdi), %xmm0 + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1 + vmovdqa 112(%rsp), %xmm2 + vpxor %xmm6, %xmm1, %xmm1 + vpclmulqdq $16, %xmm2, %xmm1, %xmm5 + vpclmulqdq $0x01, %xmm2, %xmm1, %xmm3 + vpclmulqdq $0x00, %xmm2, %xmm1, %xmm6 + vpclmulqdq $0x11, %xmm2, %xmm1, %xmm7 + vaesenc %xmm0, %xmm8, %xmm8 + vaesenc %xmm0, %xmm9, %xmm9 + vaesenc %xmm0, %xmm10, %xmm10 + vaesenc %xmm0, %xmm11, %xmm11 + vaesenc %xmm0, %xmm12, %xmm12 + vaesenc %xmm0, %xmm13, %xmm13 + vaesenc %xmm0, %xmm14, %xmm14 + vaesenc %xmm0, %xmm15, %xmm15 + # aesenc_pclmul_2 + vmovdqu 16(%rcx), %xmm1 + vmovdqa 96(%rsp), %xmm0 + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1 + vpxor %xmm3, %xmm5, %xmm5 + vpclmulqdq $16, %xmm0, %xmm1, %xmm2 + vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3 + vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4 + vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1 + vmovdqu 32(%rdi), %xmm0 + vpxor %xmm1, %xmm7, %xmm7 + vaesenc %xmm0, %xmm8, %xmm8 + vaesenc %xmm0, %xmm9, %xmm9 + vaesenc %xmm0, %xmm10, %xmm10 + vaesenc %xmm0, %xmm11, %xmm11 + vaesenc %xmm0, %xmm12, %xmm12 + vaesenc %xmm0, %xmm13, %xmm13 + vaesenc %xmm0, %xmm14, %xmm14 + vaesenc %xmm0, %xmm15, %xmm15 + # aesenc_pclmul_n + vmovdqu 32(%rcx), %xmm1 + vmovdqa 80(%rsp), %xmm0 + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1 + vpxor %xmm2, %xmm5, %xmm5 + vpclmulqdq $16, %xmm0, %xmm1, %xmm2 + vpxor %xmm3, %xmm5, %xmm5 + vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3 + vpxor %xmm4, %xmm6, %xmm6 + vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4 + vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1 + vmovdqu 48(%rdi), %xmm0 + vpxor %xmm1, %xmm7, %xmm7 + vaesenc %xmm0, %xmm8, %xmm8 + vaesenc %xmm0, %xmm9, %xmm9 + vaesenc %xmm0, %xmm10, %xmm10 + vaesenc %xmm0, %xmm11, %xmm11 + vaesenc %xmm0, %xmm12, %xmm12 + vaesenc %xmm0, %xmm13, %xmm13 + vaesenc %xmm0, %xmm14, %xmm14 + vaesenc %xmm0, %xmm15, %xmm15 + # aesenc_pclmul_n + vmovdqu 48(%rcx), %xmm1 + vmovdqa 64(%rsp), %xmm0 + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1 + vpxor %xmm2, %xmm5, %xmm5 + vpclmulqdq $16, %xmm0, %xmm1, %xmm2 + vpxor %xmm3, %xmm5, %xmm5 + vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3 + vpxor %xmm4, %xmm6, %xmm6 + vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4 + vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1 + vmovdqu 64(%rdi), %xmm0 + vpxor %xmm1, %xmm7, %xmm7 + vaesenc %xmm0, %xmm8, %xmm8 + vaesenc %xmm0, %xmm9, %xmm9 + vaesenc %xmm0, %xmm10, %xmm10 + vaesenc %xmm0, %xmm11, %xmm11 + vaesenc %xmm0, %xmm12, %xmm12 + vaesenc %xmm0, %xmm13, %xmm13 + vaesenc %xmm0, %xmm14, %xmm14 + vaesenc %xmm0, %xmm15, %xmm15 + # aesenc_pclmul_n + vmovdqu 64(%rcx), %xmm1 + vmovdqa 48(%rsp), %xmm0 + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1 + vpxor %xmm2, %xmm5, %xmm5 + vpclmulqdq $16, %xmm0, %xmm1, %xmm2 + vpxor %xmm3, %xmm5, %xmm5 + vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3 + vpxor %xmm4, %xmm6, %xmm6 + vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4 + vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1 + vmovdqu 80(%rdi), %xmm0 + vpxor %xmm1, %xmm7, %xmm7 + vaesenc %xmm0, %xmm8, %xmm8 + vaesenc %xmm0, %xmm9, %xmm9 + vaesenc %xmm0, %xmm10, %xmm10 + vaesenc %xmm0, %xmm11, %xmm11 + vaesenc %xmm0, %xmm12, %xmm12 + vaesenc %xmm0, %xmm13, %xmm13 + vaesenc %xmm0, %xmm14, %xmm14 + vaesenc %xmm0, %xmm15, %xmm15 + # aesenc_pclmul_n + vmovdqu 80(%rcx), %xmm1 + vmovdqa 32(%rsp), %xmm0 + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1 + vpxor %xmm2, %xmm5, %xmm5 + vpclmulqdq $16, %xmm0, %xmm1, %xmm2 + vpxor %xmm3, %xmm5, %xmm5 + vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3 + vpxor %xmm4, %xmm6, %xmm6 + vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4 + vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1 + vmovdqu 96(%rdi), %xmm0 + vpxor %xmm1, %xmm7, %xmm7 + vaesenc %xmm0, %xmm8, %xmm8 + vaesenc %xmm0, %xmm9, %xmm9 + vaesenc %xmm0, %xmm10, %xmm10 + vaesenc %xmm0, %xmm11, %xmm11 + vaesenc %xmm0, %xmm12, %xmm12 + vaesenc %xmm0, %xmm13, %xmm13 + vaesenc %xmm0, %xmm14, %xmm14 + vaesenc %xmm0, %xmm15, %xmm15 + # aesenc_pclmul_n + vmovdqu 96(%rcx), %xmm1 + vmovdqa 16(%rsp), %xmm0 + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1 + vpxor %xmm2, %xmm5, %xmm5 + vpclmulqdq $16, %xmm0, %xmm1, %xmm2 + vpxor %xmm3, %xmm5, %xmm5 + vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3 + vpxor %xmm4, %xmm6, %xmm6 + vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4 + vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1 + vmovdqu 112(%rdi), %xmm0 + vpxor %xmm1, %xmm7, %xmm7 + vaesenc %xmm0, %xmm8, %xmm8 + vaesenc %xmm0, %xmm9, %xmm9 + vaesenc %xmm0, %xmm10, %xmm10 + vaesenc %xmm0, %xmm11, %xmm11 + vaesenc %xmm0, %xmm12, %xmm12 + vaesenc %xmm0, %xmm13, %xmm13 + vaesenc %xmm0, %xmm14, %xmm14 + vaesenc %xmm0, %xmm15, %xmm15 + # aesenc_pclmul_n + vmovdqu 112(%rcx), %xmm1 + vmovdqa (%rsp), %xmm0 + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm1, %xmm1 + vpxor %xmm2, %xmm5, %xmm5 + vpclmulqdq $16, %xmm0, %xmm1, %xmm2 + vpxor %xmm3, %xmm5, %xmm5 + vpclmulqdq $0x01, %xmm0, %xmm1, %xmm3 + vpxor %xmm4, %xmm6, %xmm6 + vpclmulqdq $0x00, %xmm0, %xmm1, %xmm4 + vpclmulqdq $0x11, %xmm0, %xmm1, %xmm1 + vmovdqu 128(%rdi), %xmm0 + vpxor %xmm1, %xmm7, %xmm7 + vaesenc %xmm0, %xmm8, %xmm8 + vaesenc %xmm0, %xmm9, %xmm9 + vaesenc %xmm0, %xmm10, %xmm10 + vaesenc %xmm0, %xmm11, %xmm11 + vaesenc %xmm0, %xmm12, %xmm12 + vaesenc %xmm0, %xmm13, %xmm13 + vaesenc %xmm0, %xmm14, %xmm14 + vaesenc %xmm0, %xmm15, %xmm15 + # aesenc_pclmul_l + vpxor %xmm2, %xmm5, %xmm5 + vpxor %xmm4, %xmm6, %xmm6 + vpxor %xmm3, %xmm5, %xmm5 + vpslldq $8, %xmm5, %xmm1 + vpsrldq $8, %xmm5, %xmm5 + vmovdqa 144(%rdi), %xmm4 + vmovdqa L_avx2_aes_gcm_mod2_128(%rip), %xmm0 + vaesenc %xmm4, %xmm8, %xmm8 + vpxor %xmm1, %xmm6, %xmm6 + vpxor %xmm5, %xmm7, %xmm7 + vpclmulqdq $16, %xmm0, %xmm6, %xmm3 + vaesenc %xmm4, %xmm9, %xmm9 + vaesenc %xmm4, %xmm10, %xmm10 + vaesenc %xmm4, %xmm11, %xmm11 + vpshufd $0x4e, %xmm6, %xmm6 + vpxor %xmm3, %xmm6, %xmm6 + vpclmulqdq $16, %xmm0, %xmm6, %xmm3 + vaesenc %xmm4, %xmm12, %xmm12 + vaesenc %xmm4, %xmm13, %xmm13 + vaesenc %xmm4, %xmm14, %xmm14 + vpshufd $0x4e, %xmm6, %xmm6 + vpxor %xmm3, %xmm6, %xmm6 + vpxor %xmm7, %xmm6, %xmm6 + vaesenc %xmm4, %xmm15, %xmm15 + cmpl $11, %esi + vmovdqa 160(%rdi), %xmm7 + jl L_AES_GCM_decrypt_update_avx2_aesenc_128_ghash_avx_done + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 176(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + cmpl $13, %esi + vmovdqa 192(%rdi), %xmm7 + jl L_AES_GCM_decrypt_update_avx2_aesenc_128_ghash_avx_done + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 208(%rdi), %xmm7 + vaesenc %xmm7, %xmm8, %xmm8 + vaesenc %xmm7, %xmm9, %xmm9 + vaesenc %xmm7, %xmm10, %xmm10 + vaesenc %xmm7, %xmm11, %xmm11 + vaesenc %xmm7, %xmm12, %xmm12 + vaesenc %xmm7, %xmm13, %xmm13 + vaesenc %xmm7, %xmm14, %xmm14 + vaesenc %xmm7, %xmm15, %xmm15 + vmovdqa 224(%rdi), %xmm7 +L_AES_GCM_decrypt_update_avx2_aesenc_128_ghash_avx_done: + # aesenc_last + vaesenclast %xmm7, %xmm8, %xmm8 + vaesenclast %xmm7, %xmm9, %xmm9 + vaesenclast %xmm7, %xmm10, %xmm10 + vaesenclast %xmm7, %xmm11, %xmm11 + vmovdqu (%rcx), %xmm0 + vmovdqu 16(%rcx), %xmm1 + vmovdqu 32(%rcx), %xmm2 + vmovdqu 48(%rcx), %xmm3 + vpxor %xmm0, %xmm8, %xmm8 + vpxor %xmm1, %xmm9, %xmm9 + vpxor %xmm2, %xmm10, %xmm10 + vpxor %xmm3, %xmm11, %xmm11 + vmovdqu %xmm8, (%rdx) + vmovdqu %xmm9, 16(%rdx) + vmovdqu %xmm10, 32(%rdx) + vmovdqu %xmm11, 48(%rdx) + vaesenclast %xmm7, %xmm12, %xmm12 + vaesenclast %xmm7, %xmm13, %xmm13 + vaesenclast %xmm7, %xmm14, %xmm14 + vaesenclast %xmm7, %xmm15, %xmm15 + vmovdqu 64(%rcx), %xmm0 + vmovdqu 80(%rcx), %xmm1 + vmovdqu 96(%rcx), %xmm2 + vmovdqu 112(%rcx), %xmm3 + vpxor %xmm0, %xmm12, %xmm12 + vpxor %xmm1, %xmm13, %xmm13 + vpxor %xmm2, %xmm14, %xmm14 + vpxor %xmm3, %xmm15, %xmm15 + vmovdqu %xmm12, 64(%rdx) + vmovdqu %xmm13, 80(%rdx) + vmovdqu %xmm14, 96(%rdx) + vmovdqu %xmm15, 112(%rdx) + # aesenc_128_ghash - end + addl $0x80, %r14d + cmpl %r13d, %r14d + jl L_AES_GCM_decrypt_update_avx2_ghash_128 + vmovdqa (%rsp), %xmm5 + vmovdqa 128(%rsp), %xmm4 + vmovdqa 144(%rsp), %xmm15 +L_AES_GCM_decrypt_update_avx2_done_128: + cmpl %r8d, %r14d + jge L_AES_GCM_decrypt_update_avx2_done_dec + movl %r8d, %r13d + andl $0xfffffff0, %r13d + cmpl %r13d, %r14d + jge L_AES_GCM_decrypt_update_avx2_last_block_done +L_AES_GCM_decrypt_update_avx2_last_block_start: + vmovdqu (%r11,%r14,1), %xmm11 + vpshufb L_avx2_aes_gcm_bswap_epi64(%rip), %xmm4, %xmm10 + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm11, %xmm12 + vpaddd L_avx2_aes_gcm_one(%rip), %xmm4, %xmm4 + vpxor %xmm6, %xmm12, %xmm12 + # aesenc_gfmul_sb + vpclmulqdq $0x01, %xmm5, %xmm12, %xmm2 + vpclmulqdq $16, %xmm5, %xmm12, %xmm3 + vpclmulqdq $0x00, %xmm5, %xmm12, %xmm1 + vpclmulqdq $0x11, %xmm5, %xmm12, %xmm8 + vpxor (%rdi), %xmm10, %xmm10 + vaesenc 16(%rdi), %xmm10, %xmm10 + vpxor %xmm2, %xmm3, %xmm3 + vpslldq $8, %xmm3, %xmm2 + vpsrldq $8, %xmm3, %xmm3 + vaesenc 32(%rdi), %xmm10, %xmm10 + vpxor %xmm1, %xmm2, %xmm2 + vpclmulqdq $16, L_avx2_aes_gcm_mod2_128(%rip), %xmm2, %xmm1 + vaesenc 48(%rdi), %xmm10, %xmm10 + vaesenc 64(%rdi), %xmm10, %xmm10 + vaesenc 80(%rdi), %xmm10, %xmm10 + vpshufd $0x4e, %xmm2, %xmm2 + vpxor %xmm1, %xmm2, %xmm2 + vpclmulqdq $16, L_avx2_aes_gcm_mod2_128(%rip), %xmm2, %xmm1 + vaesenc 96(%rdi), %xmm10, %xmm10 + vaesenc 112(%rdi), %xmm10, %xmm10 + vaesenc 128(%rdi), %xmm10, %xmm10 + vpshufd $0x4e, %xmm2, %xmm2 + vaesenc 144(%rdi), %xmm10, %xmm10 + vpxor %xmm3, %xmm8, %xmm8 + vpxor %xmm8, %xmm2, %xmm2 + vmovdqa 160(%rdi), %xmm0 + cmpl $11, %esi + jl L_AES_GCM_decrypt_update_avx2_aesenc_gfmul_sb_last + vaesenc %xmm0, %xmm10, %xmm10 + vaesenc 176(%rdi), %xmm10, %xmm10 + vmovdqa 192(%rdi), %xmm0 + cmpl $13, %esi + jl L_AES_GCM_decrypt_update_avx2_aesenc_gfmul_sb_last + vaesenc %xmm0, %xmm10, %xmm10 + vaesenc 208(%rdi), %xmm10, %xmm10 + vmovdqa 224(%rdi), %xmm0 +L_AES_GCM_decrypt_update_avx2_aesenc_gfmul_sb_last: + vaesenclast %xmm0, %xmm10, %xmm10 + vpxor %xmm1, %xmm2, %xmm6 + vpxor %xmm11, %xmm10, %xmm10 + vmovdqu %xmm10, (%r10,%r14,1) + addl $16, %r14d + cmpl %r13d, %r14d + jl L_AES_GCM_decrypt_update_avx2_last_block_start +L_AES_GCM_decrypt_update_avx2_last_block_done: +L_AES_GCM_decrypt_update_avx2_done_dec: + vmovdqa %xmm6, (%r9) + vmovdqa %xmm4, (%r12) + vzeroupper + addq $0xa8, %rsp + popq %r14 + popq %r12 + popq %r13 + repz retq +#ifndef __APPLE__ +.size AES_GCM_decrypt_update_avx2,.-AES_GCM_decrypt_update_avx2 +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_GCM_decrypt_final_avx2 +.type AES_GCM_decrypt_final_avx2,@function +.align 16 +AES_GCM_decrypt_final_avx2: +#else +.section __TEXT,__text +.globl _AES_GCM_decrypt_final_avx2 +.p2align 4 +_AES_GCM_decrypt_final_avx2: +#endif /* __APPLE__ */ + pushq %r13 + pushq %rbp + movl %ecx, %r10d + movl %r8d, %r11d + movq 24(%rsp), %rax + movq 32(%rsp), %rbp + subq $16, %rsp + vmovdqa (%rdi), %xmm4 + vmovdqa (%r9), %xmm5 + vmovdqa (%rax), %xmm6 + vpsrlq $63, %xmm5, %xmm1 + vpsllq $0x01, %xmm5, %xmm0 + vpslldq $8, %xmm1, %xmm1 + vpor %xmm1, %xmm0, %xmm0 + vpshufd $0xff, %xmm5, %xmm5 + vpsrad $31, %xmm5, %xmm5 + vpand L_avx2_aes_gcm_mod2_128(%rip), %xmm5, %xmm5 + vpxor %xmm0, %xmm5, %xmm5 + # calc_tag + shlq $3, %r10 + vpinsrq $0x00, %r10, %xmm0, %xmm0 + shlq $3, %r11 + vpinsrq $0x01, %r11, %xmm1, %xmm1 + vpblendd $12, %xmm1, %xmm0, %xmm0 + vpxor %xmm4, %xmm0, %xmm0 + # ghash_gfmul_red + vpclmulqdq $16, %xmm5, %xmm0, %xmm7 + vpclmulqdq $0x01, %xmm5, %xmm0, %xmm3 + vpclmulqdq $0x00, %xmm5, %xmm0, %xmm2 + vpxor %xmm3, %xmm7, %xmm7 + vpslldq $8, %xmm7, %xmm3 + vpsrldq $8, %xmm7, %xmm7 + vpxor %xmm2, %xmm3, %xmm3 + vpclmulqdq $0x11, %xmm5, %xmm0, %xmm0 + vpclmulqdq $16, L_avx2_aes_gcm_mod2_128(%rip), %xmm3, %xmm2 + vpshufd $0x4e, %xmm3, %xmm3 + vpxor %xmm2, %xmm3, %xmm3 + vpclmulqdq $16, L_avx2_aes_gcm_mod2_128(%rip), %xmm3, %xmm2 + vpshufd $0x4e, %xmm3, %xmm3 + vpxor %xmm7, %xmm0, %xmm0 + vpxor %xmm3, %xmm0, %xmm0 + vpxor %xmm2, %xmm0, %xmm0 + vpshufb L_avx2_aes_gcm_bswap_mask(%rip), %xmm0, %xmm0 + vpxor %xmm6, %xmm0, %xmm0 + # cmp_tag + cmpl $16, %edx + je L_AES_GCM_decrypt_final_avx2_cmp_tag_16 + xorq %rcx, %rcx + xorq %r9, %r9 + vmovdqu %xmm0, (%rsp) +L_AES_GCM_decrypt_final_avx2_cmp_tag_loop: + movzbl (%rsp,%rcx,1), %r13d + xorb (%rsi,%rcx,1), %r13b + orb %r13b, %r9b + incl %ecx + cmpl %edx, %ecx + jne L_AES_GCM_decrypt_final_avx2_cmp_tag_loop + cmpb $0x00, %r9b + sete %r9b + jmp L_AES_GCM_decrypt_final_avx2_cmp_tag_done +L_AES_GCM_decrypt_final_avx2_cmp_tag_16: + vmovdqu (%rsi), %xmm1 + vpcmpeqb %xmm1, %xmm0, %xmm0 + vpmovmskb %xmm0, %rcx + # %%edx == 0xFFFF then return 1 else => return 0 + xorl %r9d, %r9d + cmpl $0xffff, %ecx + sete %r9b +L_AES_GCM_decrypt_final_avx2_cmp_tag_done: + movl %r9d, (%rbp) + vzeroupper + addq $16, %rsp + popq %rbp + popq %r13 + repz retq +#ifndef __APPLE__ +.size AES_GCM_decrypt_final_avx2,.-AES_GCM_decrypt_final_avx2 +#endif /* __APPLE__ */ +#endif /* WOLFSSL_AESGCM_STREAM */ #endif /* HAVE_INTEL_AVX2 */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c index 24eb04449..3680eac86 100644 --- a/wolfcrypt/src/error.c +++ b/wolfcrypt/src/error.c @@ -521,6 +521,12 @@ const char* wc_GetErrorString(int error) case SAKKE_VERIFY_FAIL_E: return "SAKKE derivation verification error"; + case MISSING_IV: + return "Required IV not set"; + + case MISSING_KEY: + return "Required key not set"; + default: return "unknown error number"; diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 75c165c42..3df4de29c 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -553,6 +553,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, } #if defined(HAVE_AESGCM) +#ifndef WOLFSSL_AESGCM_STREAM static int wolfSSL_EVP_CipherUpdate_GCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx, const unsigned char *in, int inl) { if (in && inl > 0) { @@ -570,11 +571,13 @@ static int wolfSSL_EVP_CipherUpdate_GCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx, } return 0; } +#endif /* WOLFSSL_AESGCM_STREAM */ static int wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { +#ifndef WOLFSSL_AESGCM_STREAM int ret = 0; *outl = inl; @@ -606,8 +609,42 @@ static int wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX *ctx, } return WOLFSSL_SUCCESS; +#else + int ret; + + /* When out is NULL then this is AAD. */ + if (out == NULL) { + if (ctx->enc) { + ret = wc_AesGcmEncryptUpdate(&ctx->cipher.aes, NULL, NULL, 0, in, + inl); + } + else { + ret = wc_AesGcmDecryptUpdate(&ctx->cipher.aes, NULL, NULL, 0, in, + inl); + } + } + /* When out is not NULL then this is plaintext/cipher text. */ + else { + if (ctx->enc) { + ret = wc_AesGcmEncryptUpdate(&ctx->cipher.aes, out, in, inl, NULL, + 0); + } + else { + ret = wc_AesGcmDecryptUpdate(&ctx->cipher.aes, out, in, inl, NULL, + 0); + } + } + *outl = inl; + if (ret == 0) { + ret = WOLFSSL_SUCCESS; + } + else { + ret = WOLFSSL_FAILURE; + } + return ret; +#endif /* WOLFSSL_AESGCM_STREAM */ } -#endif +#endif /* HAVE_AESGCM */ /* returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure */ WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx, @@ -626,16 +663,16 @@ WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx, *outl = 0; #if !defined(NO_AES) && defined(HAVE_AESGCM) - switch (ctx->cipherType) { - case AES_128_GCM_TYPE: - case AES_192_GCM_TYPE: - case AES_256_GCM_TYPE: -/* if out == NULL, in/inl contains the additional authenticated data for GCM */ - return wolfSSL_EVP_CipherUpdate_GCM(ctx, out, outl, in, inl); - default: - /* fall-through */ - break; - } + switch (ctx->cipherType) { + case AES_128_GCM_TYPE: + case AES_192_GCM_TYPE: + case AES_256_GCM_TYPE: + /* if out == NULL, in/inl contains the additional authenticated data * for GCM */ + return wolfSSL_EVP_CipherUpdate_GCM(ctx, out, outl, in, inl); + default: + /* fall-through */ + break; + } #endif /* !defined(NO_AES) && defined(HAVE_AESGCM) */ if (out == NULL) { @@ -770,6 +807,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, case AES_128_GCM_TYPE: case AES_192_GCM_TYPE: case AES_256_GCM_TYPE: +#ifndef WOLFSSL_AESGCM_STREAM if ((ctx->gcmBuffer && ctx->gcmBufferLen > 0) || (ctx->gcmBufferLen == 0)) { if (ctx->enc) @@ -799,6 +837,24 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, else { *outl = 0; } +#else + /* No data to return - all handled in Update. */ + *outl = 0; + if (ctx->enc) { + ret = wc_AesGcmEncryptFinal(&ctx->cipher.aes, ctx->authTag, + ctx->authTagSz); + } + else { + ret = wc_AesGcmDecryptFinal(&ctx->cipher.aes, ctx->authTag, + ctx->authTagSz); + } + if (ret == 0) { + ret = WOLFSSL_SUCCESS; + } + else { + ret = WOLFSSL_FAILURE; + } +#endif /* WOLFSSL_AESGCM_STREAM */ /* Clear IV, since IV reuse is not recommended for AES GCM. */ XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); break; @@ -4073,10 +4129,18 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) WOLFSSL_MSG("Key or IV not set"); break; } - if ((ret = wc_AesGcmSetExtIV(&ctx->cipher.aes, ctx->iv, ctx->ivSz)) != 0) { + if ((ret = wc_AesGcmSetExtIV(&ctx->cipher.aes, ctx->iv, + ctx->ivSz)) != 0) { WOLFSSL_MSG("wc_AesGcmSetIV failed"); ret = WOLFSSL_FAILURE; } +#ifdef WOLFSSL_AESGCM_STREAM + /* Initialize using IV cached in Aes object. */ + if (wc_AesGcmInit(&ctx->cipher.aes, NULL, 0, NULL, 0) != 0) { + WOLFSSL_MSG("wc_AesGcmInit failed"); + ret = WOLFSSL_FAILURE; + } +#endif /* WOLFSSL_AESGCM_STREAM */ /* OpenSSL increments the IV. Not sure why */ IncCtr(ctx->iv, ctx->ivSz); break; @@ -4373,14 +4437,25 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->authTagSz = AES_BLOCK_SIZE; ctx->ivSz = GCM_NONCE_MID_SZ; +#ifndef WOLFSSL_AESGCM_STREAM if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) { WOLFSSL_MSG("wc_AesGcmSetKey() failed"); return WOLFSSL_FAILURE; } +#endif /* !WOLFSSL_AESGCM_STREAM */ if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) { WOLFSSL_MSG("wc_AesGcmSetExtIV() failed"); return WOLFSSL_FAILURE; } +#ifdef WOLFSSL_AESGCM_STREAM + /* Initialize with key and IV if available. */ + if (wc_AesGcmInit(&ctx->cipher.aes, key, + (key == NULL) ? 0 : ctx->keyLen, iv, + (iv == NULL) ? 0 : GCM_NONCE_MID_SZ) != 0) { + WOLFSSL_MSG("wc_AesGcmInit() failed"); + return WOLFSSL_FAILURE; + } +#endif /* WOLFSSL_AESGCM_STREAM */ if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; } @@ -4398,14 +4473,25 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->authTagSz = AES_BLOCK_SIZE; ctx->ivSz = GCM_NONCE_MID_SZ; +#ifndef WOLFSSL_AESGCM_STREAM if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) { WOLFSSL_MSG("wc_AesGcmSetKey() failed"); return WOLFSSL_FAILURE; } +#endif /* !WOLFSSL_AESGCM_STREAM */ if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) { WOLFSSL_MSG("wc_AesGcmSetExtIV() failed"); return WOLFSSL_FAILURE; } +#ifdef WOLFSSL_AESGCM_STREAM + /* Initialize with key and IV if available. */ + if (wc_AesGcmInit(&ctx->cipher.aes, key, + (key == NULL) ? 0 : ctx->keyLen, iv, + (iv == NULL) ? 0 : GCM_NONCE_MID_SZ) != 0) { + WOLFSSL_MSG("wc_AesGcmInit() failed"); + return WOLFSSL_FAILURE; + } +#endif /* WOLFSSL_AESGCM_STREAM */ if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; } @@ -4423,14 +4509,25 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->authTagSz = AES_BLOCK_SIZE; ctx->ivSz = GCM_NONCE_MID_SZ; +#ifndef WOLFSSL_AESGCM_STREAM if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) { WOLFSSL_MSG("wc_AesGcmSetKey() failed"); return WOLFSSL_FAILURE; } +#endif /* !WOLFSSL_AESGCM_STREAM */ if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) { WOLFSSL_MSG("wc_AesGcmSetExtIV() failed"); return WOLFSSL_FAILURE; } +#ifdef WOLFSSL_AESGCM_STREAM + /* Initialize with key and IV if available. */ + if (wc_AesGcmInit(&ctx->cipher.aes, key, + (key == NULL) ? 0 : ctx->keyLen, iv, + (iv == NULL) ? 0 : GCM_NONCE_MID_SZ) != 0) { + WOLFSSL_MSG("wc_AesGcmInit() failed"); + return WOLFSSL_FAILURE; + } +#endif /* WOLFSSL_AESGCM_STREAM */ if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; } @@ -4482,7 +4579,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, AES_ENCRYPTION, 1); if (ret != 0) return WOLFSSL_FAILURE; @@ -4510,7 +4607,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, AES_ENCRYPTION, 1); if (ret != 0) return WOLFSSL_FAILURE; @@ -4536,7 +4633,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, NULL, + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, NULL, ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 1); } if (ret != 0) @@ -5124,8 +5221,13 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) int ivLen) { WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_iv_length"); - if (ctx) + if (ctx) { ctx->ivSz= ivLen; + #ifdef WOLFSSL_AESGCM_STREAM + /* Store IV len in AES object for init. */ + ctx->cipher.aes.nonceSz = ivLen; + #endif /* WOLFSSL_AESGCM_STREAM */ + } else return WOLFSSL_FAILURE; @@ -5262,6 +5364,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) case AES_192_GCM_TYPE : case AES_256_GCM_TYPE : WOLFSSL_MSG("AES GCM"); +#ifndef WOLFSSL_AESGCM_STREAM if (!dst) { ret = wolfSSL_EVP_CipherUpdate_GCM_AAD(ctx, src, len); } @@ -5275,6 +5378,50 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) len, ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, ctx->gcmAuthIn, ctx->gcmAuthInSz); } +#else + /* Do one shot operation with streaming API as other + * initialization set up for streaming. */ + ret = wc_AesGcmInit(&ctx->cipher.aes, NULL, 0, ctx->iv, + ctx->ivSz); + /* No destination means only AAD. */ + if ((ret == 0) && (dst == NULL)) { + if (ctx->enc) { + ret = wc_AesGcmEncryptUpdate(&ctx->cipher.aes, NULL, + NULL, 0, src, len); + } + else { + ret = wc_AesGcmDecryptUpdate(&ctx->cipher.aes, NULL, + NULL, 0, src, len); + } + } + /* Only plaintext/cipher text. */ + else if (ret == 0) { + if (ctx->enc) { + ret = wc_AesGcmEncryptUpdate(&ctx->cipher.aes, dst, src, + len, NULL, 0); + } + else { + ret = wc_AesGcmDecryptUpdate(&ctx->cipher.aes, dst, src, + len, NULL, 0); + if (ret == 0) { + ret = wc_AesGcmDecryptFinal(&ctx->cipher.aes, + ctx->authTag, ctx->authTagSz); + } + } + } + if (ret == 0) { + if (ctx->enc) { + /* Calcuate authentication tag. */ + ret = wc_AesGcmEncryptFinal(&ctx->cipher.aes, + ctx->authTag, ctx->authTagSz); + } + else { + /* Calcuate authentication tag and compare. */ + ret = wc_AesGcmDecryptFinal(&ctx->cipher.aes, + ctx->authTag, ctx->authTagSz); + } + } +#endif /* WOLFSSL_AESGCM_STREAM */ if (ret == 0) ret = len; break; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index a3e9ee2d5..521fb1b1d 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -10045,6 +10045,103 @@ WOLFSSL_TEST_SUBROUTINE int aesgcm_test(void) #endif /* WOLFSSL_AES_256 && !(WC_NO_RNG || HAVE_SELFTEST) */ #endif /* HAVE_FIPS_VERSION >= 2 */ +#if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) +#ifdef WOLFSSL_AES_256 +#ifdef WOLFSSL_AESGCM_STREAM + result = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1)); + if (result != 0) + ERROR_OUT(-6360, out); + result = wc_AesGcmEncryptUpdate(enc, resultC, p, sizeof(p), a, sizeof(a)); + if (result != 0) + ERROR_OUT(-6361, out); + result = wc_AesGcmEncryptFinal(enc, resultT, sizeof(resultT)); + if (result != 0) + ERROR_OUT(-6362, out); + if (XMEMCMP(resultC, c1, sizeof(c1)) != 0) + ERROR_OUT(-6363, out); + if (XMEMCMP(resultT, t1, sizeof(t1)) != 0) + ERROR_OUT(-6364, out); + +#ifdef HAVE_AES_DECRYPT + result = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1)); + if (result != 0) + ERROR_OUT(-6370, out); + result = wc_AesGcmDecryptUpdate(enc, resultP, c1, sizeof(c1), a, sizeof(a)); + if (result != 0) + ERROR_OUT(-6371, out); + result = wc_AesGcmDecryptFinal(enc, t1, sizeof(t1)); + if (result != 0) + ERROR_OUT(-6372, out); + if (XMEMCMP(resultP, p, sizeof(p)) != 0) + ERROR_OUT(-6373, out); +#endif + + /* alen is the size to pass in with each update. */ + for (alen = 1; alen < AES_BLOCK_SIZE + 1; alen++) { + result = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1)); + if (result != 0) + ERROR_OUT(-6380, out); + + /* plen is the offset into AAD to update with. */ + for (plen = 0; plen < (int)sizeof(a); plen += alen) { + int len = sizeof(a) - plen; + if (len > alen) len = alen; + result = wc_AesGcmEncryptUpdate(enc, NULL, NULL, 0, a + plen, len); + if (result != 0) + ERROR_OUT(-6381, out); + } + /* plen is the offset into plaintext to update with. */ + for (plen = 0; plen < (int)sizeof(p); plen += alen) { + int len = sizeof(p) - plen; + if (len > alen) len = alen; + result = wc_AesGcmEncryptUpdate(enc, resultC + plen, p + plen, len, + NULL, 0); + if (result != 0) + ERROR_OUT(-6382, out); + } + result = wc_AesGcmEncryptFinal(enc, resultT, sizeof(resultT)); + if (result != 0) + ERROR_OUT(-6383, out); + if (XMEMCMP(resultC, c1, sizeof(c1)) != 0) + ERROR_OUT(-6384, out); + if (XMEMCMP(resultT, t1, sizeof(t1)) != 0) + ERROR_OUT(-6385, out); + } + +#ifdef HAVE_AES_DECRYPT + for (alen = 1; alen < AES_BLOCK_SIZE + 1; alen++) { + result = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1)); + if (result != 0) + ERROR_OUT(-6390, out); + + /* plen is the offset into AAD to update with. */ + for (plen = 0; plen < (int)sizeof(a); plen += alen) { + int len = sizeof(a) - plen; + if (len > alen) len = alen; + result = wc_AesGcmDecryptUpdate(enc, NULL, NULL, 0, a + plen, len); + if (result != 0) + ERROR_OUT(-6391, out); + } + /* plen is the offset into cipher text to update with. */ + for (plen = 0; plen < (int)sizeof(c1); plen += alen) { + int len = sizeof(c1) - plen; + if (len > alen) len = alen; + result = wc_AesGcmDecryptUpdate(enc, resultP + plen, c1 + plen, len, + NULL, 0); + if (result != 0) + ERROR_OUT(-6392, out); + } + result = wc_AesGcmDecryptFinal(enc, t1, sizeof(t1)); + if (result != 0) + ERROR_OUT(-6393, out); + if (XMEMCMP(resultP, p, sizeof(p)) != 0) + ERROR_OUT(-6394, out); + } +#endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AESGCM_STREAM */ +#endif /* WOLFSSL_AES_256 */ +#endif /* !WOLFSSL_AFALG_XILINX_AES && !WOLFSSL_XILINX_CRYPT */ + wc_AesFree(enc); wc_AesFree(dec); diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index 6ef8352c6..80dd12768 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -250,6 +250,21 @@ struct Aes { silabs_aes_t ctx; #endif void* heap; /* memory hint to use */ +#ifdef WOLFSSL_AESGCM_STREAM + ALIGN32 byte initCtr[AES_BLOCK_SIZE]; + ALIGN32 byte counter[AES_BLOCK_SIZE]; + ALIGN32 byte tag[AES_BLOCK_SIZE]; + ALIGN32 byte lastGBlock[AES_BLOCK_SIZE]; + ALIGN32 byte lastBlock[AES_BLOCK_SIZE]; + word32 aSz; + word32 cSz; + byte over; + byte aOver; + byte cOver; + byte gcmKeySet:1; + byte nonceSet:1; + byte ctrSet:1; +#endif }; #ifndef WC_AES_TYPE_DEFINED @@ -361,6 +376,24 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* iv, word32 ivSz, const byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz); +#ifdef WOLFSSL_AESGCM_STREAM +WOLFSSL_API int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, + const byte* iv, word32 ivSz); + +#define wc_AesGcmEncryptInit wc_AesGcmInit +WOLFSSL_API int wc_AesGcmEncryptInit_ex(Aes* aes, const byte* key, word32 len, + byte* ivOut, word32 ivOutSz); +WOLFSSL_API int wc_AesGcmEncryptUpdate(Aes* aes, byte* out, const byte* in, + word32 sz, const byte* authIn, word32 authInSz); +WOLFSSL_API int wc_AesGcmEncryptFinal(Aes* aes, byte* authTag, + word32 authTagSz); + +#define wc_AesGcmDecryptInit wc_AesGcmInit +WOLFSSL_API int wc_AesGcmDecryptUpdate(Aes* aes, byte* out, const byte* in, + word32 sz, const byte* authIn, word32 authInSz); +WOLFSSL_API int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, + word32 authTagSz); +#endif #ifndef WC_NO_RNG WOLFSSL_API int wc_AesGcmSetExtIV(Aes* aes, const byte* iv, word32 ivSz); diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index 138e3cbe4..73da12f6e 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -235,8 +235,10 @@ enum { CHACHA_POLY_OVERFLOW =-274, /* ChaCha20Poly1305 limit overflow */ ASN_SELF_SIGNED_E = -275, /* ASN self-signed certificate error */ SAKKE_VERIFY_FAIL_E = -276, /* SAKKE derivation verification error */ + MISSING_IV = -277, /* IV was not set */ + MISSING_KEY = -278, /* Key was not set */ - WC_LAST_E = -276, /* Update this to indicate last error */ + WC_LAST_E = -278, /* Update this to indicate last error */ MIN_CODE_E = -300 /* errors -101 - -299 */ /* add new companion error id strings for any new error codes From 3f8444e7ea8dbc368a7e24edce3bfc6f1402540a Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Tue, 16 Mar 2021 11:57:49 -0500 Subject: [PATCH 058/137] Fix der struct mem leak in AddTrustedPeer --- src/ssl.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index e1c9e66fd..b6c12fa02 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -4520,13 +4520,16 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify) cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), cm->heap, DYNAMIC_TYPE_DCERT); - if (cert == NULL) + if (cert == NULL) { + FreeDer(&der); return MEMORY_E; + } InitDecodedCert(cert, der->buffer, der->length, cm->heap); if ((ret = ParseCert(cert, TRUSTED_PEER_TYPE, verify, cm)) != 0) { FreeDecodedCert(cert); XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + FreeDer(&der); return ret; } WOLFSSL_MSG("\tParsed new trusted peer cert"); @@ -4536,6 +4539,7 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify) if (peerCert == NULL) { FreeDecodedCert(cert); XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT); + FreeDer(&der); return MEMORY_E; } XMEMSET(peerCert, 0, sizeof(TrustedPeerCert)); @@ -4572,6 +4576,7 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify) FreeDecodedCert(cert); XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT); FreeTrustedPeer(peerCert, cm->heap); + FreeDer(&der); return MEMORY_E; } XMEMCPY(peerCert->sig, cert->signature, cert->sigLength); @@ -4619,6 +4624,7 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify) FreeDecodedCert(cert); XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT); FreeTrustedPeer(peerCert, cm->heap); + FreeDer(&der); return BAD_MUTEX_E; } } @@ -5537,8 +5543,11 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, FreeDer(&der); return BAD_FUNC_ARG; } - /* add trusted peer cert */ + /* add trusted peer cert. der is freed within */ ret = AddTrustedPeer(ctx->cm, &der, !ctx->verifyNone); + if (ret != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Error adding trusted peer"); + } done = 1; } #endif /* WOLFSSL_TRUST_PEER_CERT */ From 7f1e63e7f59bc4c307b81c1f0be11edb66f6bace Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Wed, 17 Mar 2021 11:24:55 +1000 Subject: [PATCH 059/137] SP config: allow asm to be an SP options (--enable-sp=asm.yes) --- configure.ac | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index 1ec1f11a5..22aa8b22c 100644 --- a/configure.ac +++ b/configure.ac @@ -324,6 +324,11 @@ then AC_MSG_ERROR([cannot enable sp-math and sp-math-all simultaneously.]) fi +AC_ARG_ENABLE([sp-asm], + [AS_HELP_STRING([--enable-sp-asm],[Enable Single Precision assembly implementation (default: disabled)])], + [ ENABLED_SP_ASM=$enableval ], + [ ENABLED_SP_ASM=no ], + ) # ALL FEATURES AC_ARG_ENABLE([all], @@ -5134,6 +5139,10 @@ do ENABLED_SP_SMALL=yes ;; + asm) + ENABLED_SP_ASM=yes + ;; + *) AC_MSG_ERROR([Invalid choice of Single Precision length in bits [256, 2048, 3072]: $ENABLED_SP.]) break;; @@ -5313,11 +5322,6 @@ if test "$ENABLED_SP_MATH_ALL" = "yes"; then fi -AC_ARG_ENABLE([sp-asm], - [AS_HELP_STRING([--enable-sp-asm],[Enable Single Precision assembly implementation (default: disabled)])], - [ ENABLED_SP_ASM=$enableval ], - [ ENABLED_SP_ASM=no ], - ) if test "$ENABLED_SP_ASM" = "yes"; then if test "$ENABLED_SP" = "no"; then AC_MSG_ERROR([Must have SP enabled: --enable-sp]) From 38d268dbbbaba63debb9a17ab18f9d6b8128f612 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Wed, 17 Mar 2021 11:31:03 +1000 Subject: [PATCH 060/137] fixup --- configure.ac | 9 +- wolfcrypt/src/aes.c | 296 ++++++++++++++++++++++++++-------------- wolfcrypt/src/evp.c | 17 +-- wolfssl/wolfcrypt/aes.h | 16 ++- 4 files changed, 214 insertions(+), 124 deletions(-) diff --git a/configure.ac b/configure.ac index 63d34ab78..9b847853c 100644 --- a/configure.ac +++ b/configure.ac @@ -5982,8 +5982,13 @@ then fi if test "$ENABLED_AESGCM_STREAM" != "no" then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESGCM_STREAM" - AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AESGCM_STREAM" + if test "$ENABLED_AESGCM" = "no" + then + AC_MSG_ERROR([AES-GCM streaming enabled but AES-GCM is disabled]) + else + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESGCM_STREAM" + AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AESGCM_STREAM" + fi fi diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 89a1baafc..4cb300b1b 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -4171,6 +4171,19 @@ static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz) #ifdef HAVE_AESGCM +#ifdef WOLFSSL_AESGCM_STREAM + /* Access initialization counter data. */ + #define AES_INITCTR(aes) ((aes)->streamData + 0 * AES_BLOCK_SIZE) + /* Access counter data. */ + #define AES_COUNTER(aes) ((aes)->streamData + 1 * AES_BLOCK_SIZE) + /* Access tag data. */ + #define AES_TAG(aes) ((aes)->streamData + 2 * AES_BLOCK_SIZE) + /* Access last GHASH block. */ + #define AES_LASTGBLOCK(aes) ((aes)->streamData + 3 * AES_BLOCK_SIZE) + /* Access last encrypted block. */ + #define AES_LASTBLOCK(aes) ((aes)->streamData + 4 * AES_BLOCK_SIZE) +#endif + #if defined(HAVE_COLDFIRE_SEC) #error "Coldfire SEC doesn't currently support AES-GCM mode" @@ -5668,8 +5681,8 @@ void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c, */ #define GHASH_ONE_BLOCK(aes, block) \ do { \ - xorbuf(aes->tag, block, AES_BLOCK_SIZE); \ - GMULT(aes->tag, aes->H); \ + xorbuf(AES_TAG(aes), block, AES_BLOCK_SIZE); \ + GMULT(AES_TAG(aes), aes->H); \ } \ while (0) #endif /* WOLFSSL_AESGCM_STREAM */ @@ -5865,8 +5878,8 @@ void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c, */ #define GHASH_ONE_BLOCK(aes, block) \ do { \ - xorbuf(aes->tag, block, AES_BLOCK_SIZE); \ - GMULT(aes->tag, aes->M0); \ + xorbuf(AES_TAG(aes), block, AES_BLOCK_SIZE); \ + GMULT(AES_TAG(aes), aes->M0); \ } \ while (0) #endif /* WOLFSSL_AESGCM_STREAM */ @@ -6161,8 +6174,8 @@ void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c, */ #define GHASH_ONE_BLOCK(aes, block) \ do { \ - xorbuf(aes->tag, block, AES_BLOCK_SIZE); \ - GMULT(aes->tag, aes->M0); \ + xorbuf(AES_TAG(aes), block, AES_BLOCK_SIZE); \ + GMULT(AES_TAG(aes), aes->M0); \ } \ while (0) #endif /* WOLFSSL_AESGCM_STREAM */ @@ -6494,7 +6507,7 @@ void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c, */ #define GHASH_ONE_BLOCK(aes, block) \ do { \ - word32* x = (word32*)aes->tag; \ + word32* x = (word32*)AES_TAG(aes); \ word32* h = (word32*)aes->H; \ word32 bigEnd[4]; \ XMEMCPY(bigEnd, block, AES_BLOCK_SIZE); \ @@ -6516,7 +6529,7 @@ void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c, #define GHASH_LEN_BLOCK(aes) \ do { \ word32 len[4]; \ - word32* x = (word32*)aes->tag; \ + word32* x = (word32*)AES_TAG(aes); \ word32* h = (word32*)aes->H; \ len[0] = (aes->aSz >> (8*sizeof(aes->aSz) - 3)); \ len[1] = aes->aSz << 3; \ @@ -6546,7 +6559,7 @@ void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c, */ #define GHASH_ONE_BLOCK(aes, block) \ do { \ - word32* x = (word32*)aes->tag; \ + word32* x = (word32*)AES_TAG(aes); \ word32* h = (word32*)aes->H; \ word32 block32[4]; \ XMEMCPY(block32, block, AES_BLOCK_SIZE); \ @@ -6565,7 +6578,7 @@ void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c, #define GHASH_LEN_BLOCK(aes) \ do { \ word32 len[4]; \ - word32* x = (word32*)aes->tag; \ + word32* x = (word32*)AES_TAG(aes); \ word32* h = (word32*)aes->H; \ len[0] = (aes->aSz >> (8*sizeof(aes->aSz) - 3)); \ len[1] = aes->aSz << 3; \ @@ -6607,7 +6620,7 @@ void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c, */ static void GHASH_INIT(Aes* aes) { /* Set tag to all zeros as initial value. */ - XMEMSET(aes->tag, 0, sizeof(aes->tag)); + XMEMSET(AES_TAG(aes), 0, AES_BLOCK_SIZE); /* Reset counts of AAD and cipher text. */ aes->aOver = 0; aes->cOver = 0; @@ -6641,11 +6654,11 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c, sz = aSz; } /* Copy extra into last GHASH block array and update count. */ - XMEMCPY(aes->lastGBlock + aes->aOver, a, sz); + XMEMCPY(AES_LASTGBLOCK(aes) + aes->aOver, a, sz); aes->aOver += sz; if (aes->aOver == AES_BLOCK_SIZE) { /* We have filled up the block and can process. */ - GHASH_ONE_BLOCK(aes, aes->lastGBlock); + GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes)); /* Reset count. */ aes->aOver = 0; } @@ -6664,7 +6677,7 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c, } if (partial != 0) { /* Cache the partial block. */ - XMEMCPY(aes->lastGBlock, a, partial); + XMEMCPY(AES_LASTGBLOCK(aes), a, partial); aes->aOver = (byte)partial; } } @@ -6672,9 +6685,9 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c, /* No more AAD coming and we have a partial block. */ /* Fill the rest of the block with zeros. */ byte sz = AES_BLOCK_SIZE - aes->aOver; - XMEMSET(aes->lastGBlock + aes->aOver, 0, sz); + XMEMSET(AES_LASTGBLOCK(aes) + aes->aOver, 0, sz); /* GHASH last AAD block. */ - GHASH_ONE_BLOCK(aes, aes->lastGBlock); + GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes)); /* Clear partial count for next time through. */ aes->aOver = 0; } @@ -6689,12 +6702,12 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c, if (sz > cSz) { sz = cSz; } - XMEMCPY(aes->lastGBlock + aes->cOver, c, sz); + XMEMCPY(AES_LASTGBLOCK(aes) + aes->cOver, c, sz); /* Update count of unsed encrypted counter. */ aes->cOver += sz; if (aes->cOver == AES_BLOCK_SIZE) { /* We have filled up the block and can process. */ - GHASH_ONE_BLOCK(aes, aes->lastGBlock); + GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes)); /* Reset count. */ aes->cOver = 0; } @@ -6713,7 +6726,7 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c, } if (partial != 0) { /* Cache the partial block. */ - XMEMCPY(aes->lastGBlock, c, partial); + XMEMCPY(AES_LASTGBLOCK(aes), c, partial); aes->cOver = (byte)partial; } } @@ -6738,14 +6751,14 @@ static void GHASH_FINAL(Aes* aes, byte* s, word32 sSz) } if (over > 0) { /* Zeroize the unused part of the block. */ - XMEMSET(aes->lastGBlock + over, 0, AES_BLOCK_SIZE - over); + XMEMSET(AES_LASTGBLOCK(aes) + over, 0, AES_BLOCK_SIZE - over); /* Hash the last block of cipher text. */ - GHASH_ONE_BLOCK(aes, aes->lastGBlock); + GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes)); } /* Hash in the lengths of AAD and cipher text in bits */ GHASH_LEN_BLOCK(aes); /* Copy the result into s. */ - XMEMCPY(s, aes->tag, sSz); + XMEMCPY(s, AES_TAG(aes), sSz); } #endif /* WOLFSSL_AESGCM_STREAM */ @@ -7754,9 +7767,9 @@ static void AesGcmInit_C(Aes* aes, const byte* iv, word32 ivSz) } /* Copy in the counter for use with cipher. */ - XMEMCPY(aes->counter, counter, AES_BLOCK_SIZE); + XMEMCPY(AES_COUNTER(aes), counter, AES_BLOCK_SIZE); /* Encrypt initial counter into a buffer for GCM. */ - wc_AesEncrypt(aes, counter, aes->initCtr); + wc_AesEncrypt(aes, counter, AES_INITCTR(aes)); /* Reset state fields. */ aes->over = 0; aes->aSz = 0; @@ -7785,7 +7798,7 @@ static void AesGcmCryptUpdate_C(Aes* aes, byte* out, const byte* in, word32 sz) if (pSz > sz) pSz = sz; /* Use some/all of last encrypted block. */ - xorbufout(out, aes->lastBlock + aes->over, in, pSz); + xorbufout(out, AES_LASTBLOCK(aes) + aes->over, in, pSz); aes->over = (aes->over + pSz) & (AES_BLOCK_SIZE - 1); /* Some data used. */ @@ -7808,8 +7821,8 @@ static void AesGcmCryptUpdate_C(Aes* aes, byte* out, const byte* in, word32 sz) word32 b; /* Place incrementing counter blocks into cipher text. */ for (b = 0; b < blocks; b++) { - IncrementGcmCounter(aes->counter); - XMEMCPY(out + b * AES_BLOCK_SIZE, aes->counter, AES_BLOCK_SIZE); + IncrementGcmCounter(AES_COUNTER(aes)); + XMEMCPY(out + b * AES_BLOCK_SIZE, AES_COUNTER(aes), AES_BLOCK_SIZE); } /* Encrypt counter blocks. */ @@ -7826,9 +7839,9 @@ static void AesGcmCryptUpdate_C(Aes* aes, byte* out, const byte* in, word32 sz) /* Encrypt block by block. */ while (blocks--) { ALIGN32 byte scratch[AES_BLOCK_SIZE]; - IncrementGcmCounter(aes->counter); + IncrementGcmCounter(AES_COUNTER(aes)); /* Encrypt counter into a buffer. */ - wc_AesEncrypt(aes, aes->counter, scratch); + wc_AesEncrypt(aes, AES_COUNTER(aes), scratch); /* XOR plain text into encrypted counter into cipher text buffer. */ xorbufout(out, scratch, in, AES_BLOCK_SIZE); /* Data complete. */ @@ -7839,11 +7852,11 @@ static void AesGcmCryptUpdate_C(Aes* aes, byte* out, const byte* in, word32 sz) if (partial != 0) { /* Generate an extra block and use up as much as needed. */ - IncrementGcmCounter(aes->counter); + IncrementGcmCounter(AES_COUNTER(aes)); /* Encrypt counter into cache. */ - wc_AesEncrypt(aes, aes->counter, aes->lastBlock); + wc_AesEncrypt(aes, AES_COUNTER(aes), AES_LASTBLOCK(aes)); /* XOR plain text into encrypted counter into cipher text buffer. */ - xorbufout(out, aes->lastBlock, in, partial); + xorbufout(out, AES_LASTBLOCK(aes), in, partial); /* Keep amount of encrypted block used. */ aes->over = partial; } @@ -7860,13 +7873,13 @@ static void AesGcmFinal_C(Aes* aes, byte* authTag, word32 authTagSz) /* Calculate authentication tag. */ GHASH_FINAL(aes, authTag, authTagSz); /* XOR in as much of encrypted counter as is required. */ - xorbuf(authTag, aes->initCtr, authTagSz); + xorbuf(authTag, AES_INITCTR(aes), authTagSz); #ifdef OPENSSL_EXTRA /* store AAD size for next call */ aes->aadLen = aes->aSz; #endif /* Zeroize last block to protect sensitive data. */ - ForceZero(aes->lastBlock, sizeof(aes->lastBlock)); + ForceZero(AES_LASTBLOCK(aes), sizeof(AES_LASTBLOCK(aes))); } #ifdef WOLFSSL_AESNI @@ -7936,7 +7949,7 @@ static void AesGcmInit_aesni(Aes* aes, const byte* iv, word32 ivSz) aes->aSz = 0; aes->cSz = 0; /* Set tag to all zeros as initial value. */ - XMEMSET(aes->tag, 0, sizeof(aes->tag)); + XMEMSET(AES_TAG(aes), 0, AES_BLOCK_SIZE); /* Reset counts of AAD and cipher text. */ aes->aOver = 0; aes->cOver = 0; @@ -7945,7 +7958,7 @@ static void AesGcmInit_aesni(Aes* aes, const byte* iv, word32 ivSz) if (IS_INTEL_AVX2(intel_flags)) { SAVE_VECTOR_REGISTERS(); AES_GCM_init_avx2((byte*)aes->key, aes->rounds, iv, ivSz, aes->H, - aes->counter, aes->initCtr); + AES_COUNTER(aes), AES_INITCTR(aes)); RESTORE_VECTOR_REGISTERS(); } else @@ -7954,7 +7967,7 @@ static void AesGcmInit_aesni(Aes* aes, const byte* iv, word32 ivSz) if (IS_INTEL_AVX1(intel_flags)) { SAVE_VECTOR_REGISTERS(); AES_GCM_init_avx1((byte*)aes->key, aes->rounds, iv, ivSz, aes->H, - aes->counter, aes->initCtr); + AES_COUNTER(aes), AES_INITCTR(aes)); RESTORE_VECTOR_REGISTERS(); } else @@ -7962,7 +7975,7 @@ static void AesGcmInit_aesni(Aes* aes, const byte* iv, word32 ivSz) { SAVE_VECTOR_REGISTERS(); AES_GCM_init_aesni((byte*)aes->key, aes->rounds, iv, ivSz, aes->H, - aes->counter, aes->initCtr); + AES_COUNTER(aes), AES_INITCTR(aes)); RESTORE_VECTOR_REGISTERS(); } } @@ -7992,24 +8005,26 @@ static void AesGcmAadUpdate_aesni(Aes* aes, const byte* a, word32 aSz, int endA) sz = aSz; } /* Copy extra into last GHASH block array and update count. */ - XMEMCPY(aes->lastGBlock + aes->aOver, a, sz); + XMEMCPY(AES_LASTGBLOCK(aes) + aes->aOver, a, sz); aes->aOver += sz; if (aes->aOver == AES_BLOCK_SIZE) { /* We have filled up the block and can process. */ #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { - AES_GCM_ghash_block_avx2(aes->lastGBlock, aes->tag, aes->H); + AES_GCM_ghash_block_avx2(AES_LASTGBLOCK(aes), AES_TAG(aes), + aes->H); } else #endif #ifdef HAVE_INTEL_AVX1 if (IS_INTEL_AVX1(intel_flags)) { - AES_GCM_ghash_block_avx1(aes->lastGBlock, aes->tag, aes->H); + AES_GCM_ghash_block_avx1(AES_LASTGBLOCK(aes), AES_TAG(aes), + aes->H); } else #endif { - AES_GCM_ghash_block_aesni(aes->lastGBlock, aes->tag, + AES_GCM_ghash_block_aesni(AES_LASTGBLOCK(aes), AES_TAG(aes), aes->H); } /* Reset count. */ @@ -8027,50 +8042,52 @@ static void AesGcmAadUpdate_aesni(Aes* aes, const byte* a, word32 aSz, int endA) /* GHASH full blocks now. */ #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { - AES_GCM_aad_update_avx2(a, blocks * AES_BLOCK_SIZE, aes->tag, - aes->H); + AES_GCM_aad_update_avx2(a, blocks * AES_BLOCK_SIZE, + AES_TAG(aes), aes->H); } else #endif #ifdef HAVE_INTEL_AVX1 if (IS_INTEL_AVX1(intel_flags)) { - AES_GCM_aad_update_avx1(a, blocks * AES_BLOCK_SIZE, aes->tag, - aes->H); + AES_GCM_aad_update_avx1(a, blocks * AES_BLOCK_SIZE, + AES_TAG(aes), aes->H); } else #endif { - AES_GCM_aad_update_aesni(a, blocks * AES_BLOCK_SIZE, aes->tag, - aes->H); + AES_GCM_aad_update_aesni(a, blocks * AES_BLOCK_SIZE, + AES_TAG(aes), aes->H); } /* Skip over to end of AAD blocks. */ a += blocks * AES_BLOCK_SIZE; } if (partial != 0) { /* Cache the partial block. */ - XMEMCPY(aes->lastGBlock, a, partial); + XMEMCPY(AES_LASTGBLOCK(aes), a, partial); aes->aOver = (byte)partial; } } if (endA && (aes->aOver > 0)) { /* No more AAD coming and we have a partial block. */ /* Fill the rest of the block with zeros. */ - XMEMSET(aes->lastGBlock + aes->aOver, 0, AES_BLOCK_SIZE - aes->aOver); + XMEMSET(AES_LASTGBLOCK(aes) + aes->aOver, 0, + AES_BLOCK_SIZE - aes->aOver); /* GHASH last AAD block. */ #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { - AES_GCM_ghash_block_avx2(aes->lastGBlock, aes->tag, aes->H); + AES_GCM_ghash_block_avx2(AES_LASTGBLOCK(aes), AES_TAG(aes), aes->H); } else #endif #ifdef HAVE_INTEL_AVX1 if (IS_INTEL_AVX1(intel_flags)) { - AES_GCM_ghash_block_avx1(aes->lastGBlock, aes->tag, aes->H); + AES_GCM_ghash_block_avx1(AES_LASTGBLOCK(aes), AES_TAG(aes), aes->H); } else #endif { - AES_GCM_ghash_block_aesni(aes->lastGBlock, aes->tag, aes->H); + AES_GCM_ghash_block_aesni(AES_LASTGBLOCK(aes), AES_TAG(aes), + aes->H); } /* Clear partial count for next time through. */ aes->aOver = 0; @@ -8109,26 +8126,28 @@ static void AesGcmEncryptUpdate_aesni(Aes* aes, byte* c, const byte* p, sz = cSz; } /* Encrypt some of the plaintext. */ - xorbuf(aes->lastGBlock + aes->cOver, p, sz); - XMEMCPY(c, aes->lastGBlock + aes->cOver, sz); + xorbuf(AES_LASTGBLOCK(aes) + aes->cOver, p, sz); + XMEMCPY(c, AES_LASTGBLOCK(aes) + aes->cOver, sz); /* Update count of unsed encrypted counter. */ aes->cOver += sz; if (aes->cOver == AES_BLOCK_SIZE) { /* We have filled up the block and can process. */ #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { - AES_GCM_ghash_block_avx2(aes->lastGBlock, aes->tag, aes->H); + AES_GCM_ghash_block_avx2(AES_LASTGBLOCK(aes), AES_TAG(aes), + aes->H); } else #endif #ifdef HAVE_INTEL_AVX1 if (IS_INTEL_AVX1(intel_flags)) { - AES_GCM_ghash_block_avx1(aes->lastGBlock, aes->tag, aes->H); + AES_GCM_ghash_block_avx1(AES_LASTGBLOCK(aes), AES_TAG(aes), + aes->H); } else #endif { - AES_GCM_ghash_block_aesni(aes->lastGBlock, aes->tag, + AES_GCM_ghash_block_aesni(AES_LASTGBLOCK(aes), AES_TAG(aes), aes->H); } /* Reset count. */ @@ -8148,20 +8167,23 @@ static void AesGcmEncryptUpdate_aesni(Aes* aes, byte* c, const byte* p, #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { AES_GCM_encrypt_update_avx2((byte*)aes->key, aes->rounds, c, p, - blocks * AES_BLOCK_SIZE, aes->tag, aes->H, aes->counter); + blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->H, + AES_COUNTER(aes)); } else #endif #ifdef HAVE_INTEL_AVX1 if (IS_INTEL_AVX1(intel_flags)) { AES_GCM_encrypt_update_avx1((byte*)aes->key, aes->rounds, c, p, - blocks * AES_BLOCK_SIZE, aes->tag, aes->H, aes->counter); + blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->H, + AES_COUNTER(aes)); } else #endif { AES_GCM_encrypt_update_aesni((byte*)aes->key, aes->rounds, c, p, - blocks * AES_BLOCK_SIZE, aes->tag, aes->H, aes->counter); + blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->H, + AES_COUNTER(aes)); } /* Skip over to end of blocks. */ p += blocks * AES_BLOCK_SIZE; @@ -8169,30 +8191,30 @@ static void AesGcmEncryptUpdate_aesni(Aes* aes, byte* c, const byte* p, } if (partial != 0) { /* Encrypt the counter - XOR in zeros as proxy for plaintext. */ - XMEMSET(aes->lastGBlock, 0, AES_BLOCK_SIZE); + XMEMSET(AES_LASTGBLOCK(aes), 0, AES_BLOCK_SIZE); #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { AES_GCM_encrypt_block_avx2((byte*)aes->key, aes->rounds, - aes->lastGBlock, aes->lastGBlock, aes->counter); + AES_LASTGBLOCK(aes), AES_LASTGBLOCK(aes), AES_COUNTER(aes)); } else #endif #ifdef HAVE_INTEL_AVX1 if (IS_INTEL_AVX1(intel_flags)) { AES_GCM_encrypt_block_avx1((byte*)aes->key, aes->rounds, - aes->lastGBlock, aes->lastGBlock, aes->counter); + AES_LASTGBLOCK(aes), AES_LASTGBLOCK(aes), AES_COUNTER(aes)); } else #endif { AES_GCM_encrypt_block_aesni((byte*)aes->key, aes->rounds, - aes->lastGBlock, aes->lastGBlock, aes->counter); + AES_LASTGBLOCK(aes), AES_LASTGBLOCK(aes), AES_COUNTER(aes)); } /* XOR the remaining plaintext to calculate cipher text. * Keep cipher text for GHASH of last partial block. */ - xorbuf(aes->lastGBlock, p, partial); - XMEMCPY(c, aes->lastGBlock, partial); + xorbuf(AES_LASTGBLOCK(aes), p, partial); + XMEMCPY(c, AES_LASTGBLOCK(aes), partial); /* Update count of the block used. */ aes->cOver = (byte)partial; } @@ -8221,42 +8243,43 @@ static void AesGcmEncryptFinal_aesni(Aes* aes, byte* authTag, word32 authTagSz) } if (over > 0) { /* Fill the rest of the block with zeros. */ - XMEMSET(aes->lastGBlock + over, 0, AES_BLOCK_SIZE - over); + XMEMSET(AES_LASTGBLOCK(aes) + over, 0, AES_BLOCK_SIZE - over); /* GHASH last cipher block. */ #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { - AES_GCM_ghash_block_avx2(aes->lastGBlock, aes->tag, aes->H); + AES_GCM_ghash_block_avx2(AES_LASTGBLOCK(aes), AES_TAG(aes), aes->H); } else #endif #ifdef HAVE_INTEL_AVX1 if (IS_INTEL_AVX1(intel_flags)) { - AES_GCM_ghash_block_avx1(aes->lastGBlock, aes->tag, aes->H); + AES_GCM_ghash_block_avx1(AES_LASTGBLOCK(aes), AES_TAG(aes), aes->H); } else #endif { - AES_GCM_ghash_block_aesni(aes->lastGBlock, aes->tag, aes->H); + AES_GCM_ghash_block_aesni(AES_LASTGBLOCK(aes), AES_TAG(aes), + aes->H); } } /* Calculate the authentication tag. */ #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { - AES_GCM_encrypt_final_avx2(aes->tag, authTag, authTagSz, aes->cSz, - aes->aSz, aes->H, aes->initCtr); + AES_GCM_encrypt_final_avx2(AES_TAG(aes), authTag, authTagSz, aes->cSz, + aes->aSz, aes->H, AES_INITCTR(aes)); } else #endif #ifdef HAVE_INTEL_AVX1 if (IS_INTEL_AVX1(intel_flags)) { - AES_GCM_encrypt_final_avx1(aes->tag, authTag, authTagSz, aes->cSz, - aes->aSz, aes->H, aes->initCtr); + AES_GCM_encrypt_final_avx1(AES_TAG(aes), authTag, authTagSz, aes->cSz, + aes->aSz, aes->H, AES_INITCTR(aes)); } else #endif { - AES_GCM_encrypt_final_aesni(aes->tag, authTag, authTagSz, aes->cSz, - aes->aSz, aes->H, aes->initCtr); + AES_GCM_encrypt_final_aesni(AES_TAG(aes), authTag, authTagSz, aes->cSz, + aes->aSz, aes->H, AES_INITCTR(aes)); } RESTORE_VECTOR_REGISTERS(); } @@ -8316,28 +8339,31 @@ static void AesGcmDecryptUpdate_aesni(Aes* aes, byte* p, const byte* c, sz = cSz; } /* Keep a copy of the cipher text for GHASH. */ - XMEMCPY(aes->lastBlock + aes->cOver, c, sz); + XMEMCPY(AES_LASTBLOCK(aes) + aes->cOver, c, sz); /* Decrypt some of the cipher text. */ - xorbuf(aes->lastGBlock + aes->cOver, c, sz); - XMEMCPY(p, aes->lastGBlock + aes->cOver, sz); + xorbuf(AES_LASTGBLOCK(aes) + aes->cOver, c, sz); + XMEMCPY(p, AES_LASTGBLOCK(aes) + aes->cOver, sz); /* Update count of unsed encrypted counter. */ aes->cOver += sz; if (aes->cOver == AES_BLOCK_SIZE) { /* We have filled up the block and can process. */ #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { - AES_GCM_ghash_block_avx2(aes->lastBlock, aes->tag, aes->H); + AES_GCM_ghash_block_avx2(AES_LASTBLOCK(aes), AES_TAG(aes), + aes->H); } else #endif #ifdef HAVE_INTEL_AVX1 if (IS_INTEL_AVX1(intel_flags)) { - AES_GCM_ghash_block_avx1(aes->lastBlock, aes->tag, aes->H); + AES_GCM_ghash_block_avx1(AES_LASTBLOCK(aes), AES_TAG(aes), + aes->H); } else #endif { - AES_GCM_ghash_block_aesni(aes->lastBlock, aes->tag, aes->H); + AES_GCM_ghash_block_aesni(AES_LASTBLOCK(aes), AES_TAG(aes), + aes->H); } /* Reset count. */ aes->cOver = 0; @@ -8356,20 +8382,23 @@ static void AesGcmDecryptUpdate_aesni(Aes* aes, byte* p, const byte* c, #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { AES_GCM_decrypt_update_avx2((byte*)aes->key, aes->rounds, p, c, - blocks * AES_BLOCK_SIZE, aes->tag, aes->H, aes->counter); + blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->H, + AES_COUNTER(aes)); } else #endif #ifdef HAVE_INTEL_AVX1 if (IS_INTEL_AVX1(intel_flags)) { AES_GCM_decrypt_update_avx1((byte*)aes->key, aes->rounds, p, c, - blocks * AES_BLOCK_SIZE, aes->tag, aes->H, aes->counter); + blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->H, + AES_COUNTER(aes)); } else #endif { AES_GCM_decrypt_update_aesni((byte*)aes->key, aes->rounds, p, c, - blocks * AES_BLOCK_SIZE, aes->tag, aes->H, aes->counter); + blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->H, + AES_COUNTER(aes)); } /* Skip over to end of blocks. */ c += blocks * AES_BLOCK_SIZE; @@ -8377,30 +8406,30 @@ static void AesGcmDecryptUpdate_aesni(Aes* aes, byte* p, const byte* c, } if (partial != 0) { /* Encrypt the counter - XOR in zeros as proxy for cipher text. */ - XMEMSET(aes->lastGBlock, 0, AES_BLOCK_SIZE); + XMEMSET(AES_LASTGBLOCK(aes), 0, AES_BLOCK_SIZE); #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { AES_GCM_encrypt_block_avx2((byte*)aes->key, aes->rounds, - aes->lastGBlock, aes->lastGBlock, aes->counter); + AES_LASTGBLOCK(aes), AES_LASTGBLOCK(aes), AES_COUNTER(aes)); } else #endif #ifdef HAVE_INTEL_AVX1 if (IS_INTEL_AVX1(intel_flags)) { AES_GCM_encrypt_block_avx1((byte*)aes->key, aes->rounds, - aes->lastGBlock, aes->lastGBlock, aes->counter); + AES_LASTGBLOCK(aes), AES_LASTGBLOCK(aes), AES_COUNTER(aes)); } else #endif { AES_GCM_encrypt_block_aesni((byte*)aes->key, aes->rounds, - aes->lastGBlock, aes->lastGBlock, aes->counter); + AES_LASTGBLOCK(aes), AES_LASTGBLOCK(aes), AES_COUNTER(aes)); } /* Keep cipher text for GHASH of last partial block. */ - XMEMCPY(aes->lastBlock, c, partial); + XMEMCPY(AES_LASTBLOCK(aes), c, partial); /* XOR the remaining cipher text to calculate plaintext. */ - xorbuf(aes->lastGBlock, c, partial); - XMEMCPY(p, aes->lastGBlock, partial); + xorbuf(AES_LASTGBLOCK(aes), c, partial); + XMEMCPY(p, AES_LASTGBLOCK(aes), partial); /* Update count of the block used. */ aes->cOver = (byte)partial; } @@ -8426,13 +8455,13 @@ static int AesGcmDecryptFinal_aesni(Aes* aes, const byte* authTag, int res; /* AAD block incomplete when > 0 */ byte over = aes->aOver; - byte *lastBlock = aes->lastGBlock; + byte *lastBlock = AES_LASTGBLOCK(aes); SAVE_VECTOR_REGISTERS(); if (aes->cOver > 0) { /* Cipher text block incomplete. */ over = aes->cOver; - lastBlock = aes->lastBlock; + lastBlock = AES_LASTBLOCK(aes); } if (over > 0) { /* Zeroize the unused part of the block. */ @@ -8440,38 +8469,38 @@ static int AesGcmDecryptFinal_aesni(Aes* aes, const byte* authTag, /* Hash the last block of cipher text. */ #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { - AES_GCM_ghash_block_avx2(lastBlock, aes->tag, aes->H); + AES_GCM_ghash_block_avx2(lastBlock, AES_TAG(aes), aes->H); } else #endif #ifdef HAVE_INTEL_AVX1 if (IS_INTEL_AVX1(intel_flags)) { - AES_GCM_ghash_block_avx1(lastBlock, aes->tag, aes->H); + AES_GCM_ghash_block_avx1(lastBlock, AES_TAG(aes), aes->H); } else #endif { - AES_GCM_ghash_block_aesni(lastBlock, aes->tag, aes->H); + AES_GCM_ghash_block_aesni(lastBlock, AES_TAG(aes), aes->H); } } /* Calculate and compare the authentication tag. */ #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { - AES_GCM_decrypt_final_avx2(aes->tag, authTag, authTagSz, aes->cSz, - aes->aSz, aes->H, aes->initCtr, &res); + AES_GCM_decrypt_final_avx2(AES_TAG(aes), authTag, authTagSz, aes->cSz, + aes->aSz, aes->H, AES_INITCTR(aes), &res); } else #endif #ifdef HAVE_INTEL_AVX1 if (IS_INTEL_AVX1(intel_flags)) { - AES_GCM_decrypt_final_avx1(aes->tag, authTag, authTagSz, aes->cSz, - aes->aSz, aes->H, aes->initCtr, &res); + AES_GCM_decrypt_final_avx1(AES_TAG(aes), authTag, authTagSz, aes->cSz, + aes->aSz, aes->H, AES_INITCTR(aes), &res); } else #endif { - AES_GCM_decrypt_final_aesni(aes->tag, authTag, authTagSz, aes->cSz, - aes->aSz, aes->H, aes->initCtr, &res); + AES_GCM_decrypt_final_aesni(AES_TAG(aes), authTag, authTagSz, aes->cSz, + aes->aSz, aes->H, AES_INITCTR(aes), &res); } RESTORE_VECTOR_REGISTERS(); /* Return error code when calculated doesn't match input. */ @@ -8495,6 +8524,7 @@ static int AesGcmDecryptFinal_aesni(Aes* aes, const byte* authTag, * @return 0 on success. * @return BAD_FUNC_ARG when aes is NULL, or a length is non-zero but buffer * is NULL, or the IV is NULL and no previous IV has been set. + * @return MEMORY_E when dynamic memory allocation fails. (WOLFSSL_SMALL_STACK) */ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv, word32 ivSz) @@ -8508,6 +8538,17 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv, ret = BAD_FUNC_ARG; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI) + if ((ret == 0) && (aes->streamData == NULL)) { + /* Allocate buffers for streaming. */ + aes->streamData = (byte*)XMALLOC(5 * AES_BLOCK_SIZE, aes->heap, + DYNAMIC_TYPE_AES); + if (aes->streamData == NULL) { + ret = MEMORY_E; + } + } +#endif + /* Set the key if passed in. */ if ((ret == 0) && (key != NULL)) { ret = wc_AesGcmSetKey(aes, key, len); @@ -8552,6 +8593,25 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv, return ret; } +/* Initialize an AES GCM cipher for encryption. + * + * Must call wc_AesInit() before calling this function. + * + * @param [in, out] aes AES object. + * @param [in] key Buffer holding key. + * @param [in] len Length of key in bytes. + * @param [in] iv Buffer holding IV/nonce. + * @param [in] ivSz Length of IV/nonce in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes is NULL, or a length is non-zero but buffer + * is NULL, or the IV is NULL and no previous IV has been set. + */ +int wc_AesGcmEncryptInit(Aes* aes, const byte* key, word32 len, const byte* iv, + word32 ivSz) +{ + return wc_AesGcmInit(aes, key, len, iv, ivSz); +} + /* Initialize an AES GCM cipher for encryption or decryption. Get IV. * * Must call wc_AesInit() before calling this function. @@ -8703,6 +8763,25 @@ int wc_AesGcmEncryptFinal(Aes* aes, byte* authTag, word32 authTagSz) } #if defined(HAVE_AES_DECRYPT) || defined(HAVE_AESGCM_DECRYPT) +/* Initialize an AES GCM cipher for decryption. + * + * Must call wc_AesInit() before calling this function. + * + * @param [in, out] aes AES object. + * @param [in] key Buffer holding key. + * @param [in] len Length of key in bytes. + * @param [in] iv Buffer holding IV/nonce. + * @param [in] ivSz Length of IV/nonce in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when aes is NULL, or a length is non-zero but buffer + * is NULL, or the IV is NULL and no previous IV has been set. + */ +int wc_AesGcmDecryptInit(Aes* aes, const byte* key, word32 len, const byte* iv, + word32 ivSz) +{ + return wc_AesGcmInit(aes, key, len, iv, ivSz); +} + /* Update the AES GCM for decryption with data and/or authentication data. * * All the AAD must be passed to update before the cipher text. @@ -9661,6 +9740,9 @@ int wc_AesInit(Aes* aes, void* heap, int devId) #endif #ifdef WOLFSSL_AESGCM_STREAM +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI) + aes->streamData = NULL; +#endif aes->keylen = 0; aes->nonceSz = 0; aes->gcmKeySet = 0; @@ -9746,6 +9828,12 @@ void wc_AesFree(Aes* aes) #if defined(WOLFSSL_IMXRT_DCP) DCPAesFree(aes); #endif +#if defined(WOLFSSL_AESGCM_STREAM) && defined(WOLFSSL_SMALL_STACK) && \ + !defined(WOLFSSL_AESNI) + if (aes->streamData != NULL) { + XFREE(aes->streamData, aes->heap, DYNAMIC_TYPE_AES); + } +#endif } diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 3df4de29c..ff0569854 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -4521,9 +4521,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) } #ifdef WOLFSSL_AESGCM_STREAM /* Initialize with key and IV if available. */ - if (wc_AesGcmInit(&ctx->cipher.aes, key, - (key == NULL) ? 0 : ctx->keyLen, iv, - (iv == NULL) ? 0 : GCM_NONCE_MID_SZ) != 0) { + if (wc_AesGcmInit(&ctx->cipher.aes, + key, (key == NULL) ? 0 : ctx->keyLen, + iv, (iv == NULL) ? 0 : GCM_NONCE_MID_SZ) != 0) { WOLFSSL_MSG("wc_AesGcmInit() failed"); return WOLFSSL_FAILURE; } @@ -5221,13 +5221,8 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) int ivLen) { WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_iv_length"); - if (ctx) { + if (ctx) ctx->ivSz= ivLen; - #ifdef WOLFSSL_AESGCM_STREAM - /* Store IV len in AES object for init. */ - ctx->cipher.aes.nonceSz = ivLen; - #endif /* WOLFSSL_AESGCM_STREAM */ - } else return WOLFSSL_FAILURE; @@ -5411,12 +5406,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) } if (ret == 0) { if (ctx->enc) { - /* Calcuate authentication tag. */ + /* Calculate authentication tag. */ ret = wc_AesGcmEncryptFinal(&ctx->cipher.aes, ctx->authTag, ctx->authTagSz); } else { - /* Calcuate authentication tag and compare. */ + /* Calculate authentication tag and compare. */ ret = wc_AesGcmDecryptFinal(&ctx->cipher.aes, ctx->authTag, ctx->authTagSz); } diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index 80dd12768..21908ac3c 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -251,11 +251,11 @@ struct Aes { #endif void* heap; /* memory hint to use */ #ifdef WOLFSSL_AESGCM_STREAM - ALIGN32 byte initCtr[AES_BLOCK_SIZE]; - ALIGN32 byte counter[AES_BLOCK_SIZE]; - ALIGN32 byte tag[AES_BLOCK_SIZE]; - ALIGN32 byte lastGBlock[AES_BLOCK_SIZE]; - ALIGN32 byte lastBlock[AES_BLOCK_SIZE]; +#if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_AESNI) + ALIGN16 byte streamData[5 * AES_BLOCK_SIZE]; +#else + byte* streamData; +#endif word32 aSz; word32 cSz; byte over; @@ -380,7 +380,8 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out, WOLFSSL_API int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv, word32 ivSz); -#define wc_AesGcmEncryptInit wc_AesGcmInit +WOLFSSL_API int wc_AesGcmEncryptInit(Aes* aes, const byte* key, word32 len, + const byte* iv, word32 ivSz); WOLFSSL_API int wc_AesGcmEncryptInit_ex(Aes* aes, const byte* key, word32 len, byte* ivOut, word32 ivOutSz); WOLFSSL_API int wc_AesGcmEncryptUpdate(Aes* aes, byte* out, const byte* in, @@ -388,7 +389,8 @@ WOLFSSL_API int wc_AesGcmEncryptUpdate(Aes* aes, byte* out, const byte* in, WOLFSSL_API int wc_AesGcmEncryptFinal(Aes* aes, byte* authTag, word32 authTagSz); -#define wc_AesGcmDecryptInit wc_AesGcmInit +WOLFSSL_API int wc_AesGcmDecryptInit(Aes* aes, const byte* key, word32 len, + const byte* iv, word32 ivSz); WOLFSSL_API int wc_AesGcmDecryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz, const byte* authIn, word32 authInSz); WOLFSSL_API int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, From 2dafb3ed96bfaa1d34266e1e4a180cea923254e4 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Wed, 17 Mar 2021 12:10:06 +1000 Subject: [PATCH 061/137] TFM read_unsigned_bin: endian may not be defined --- wolfcrypt/src/tfm.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c index f7fd26ed0..155695936 100644 --- a/wolfcrypt/src/tfm.c +++ b/wolfcrypt/src/tfm.c @@ -3581,7 +3581,8 @@ int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c) #error Both LITTLE_ENDIAN_ORDER and BIG_ENDIAN_ORDER defined. #endif -#if (defined(LITTLE_ENDIAN_ORDER) || defined(BIG_ENDIAN_ORDER)) +#if (defined(LITTLE_ENDIAN_ORDER) || defined(BIG_ENDIAN_ORDER)) && \ + (defined(FP_32BIT) || defined(FP_64BIT)) #ifdef FP_32BIT /* If we know the endianness of this architecture, and we're using 32-bit fp_digits, we can optimize this */ @@ -3589,7 +3590,6 @@ int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c) unsigned char *pd = (unsigned char *)a->dp; a->used = (c + sizeof(fp_digit) - 1)/sizeof(fp_digit); - /* read the bytes in */ #ifdef BIG_ENDIAN_ORDER { /* Use Duff's device to unroll the loop. */ @@ -3604,6 +3604,7 @@ int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c) } } #else + /* read the bytes in one at a time. */ for (c -= 1; c >= 0; c -= 1) { pd[c] = *b++; } @@ -3616,7 +3617,6 @@ int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c) unsigned char *pd = (unsigned char *)a->dp; a->used = (c + sizeof(fp_digit) - 1)/sizeof(fp_digit); - /* read the bytes in */ #ifdef BIG_ENDIAN_ORDER { /* Use Duff's device to unroll the loop. */ @@ -3635,6 +3635,7 @@ int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c) } } #else + /* read the bytes in one at a time. */ for (c -= 1; c >= 0; c -= 1) { pd[c] = *b++; } @@ -3642,7 +3643,7 @@ int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c) } #endif #else - /* read the bytes in */ + /* read the bytes in one at a time - unknown number of bits in digit */ for (; c > 0; c--) { int err = fp_mul_2d (a, 8, a); if (err != FP_OKAY) { From 48d13bbfa590ef745930e4606312cfcdb1be060a Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 17 Mar 2021 12:24:18 +0700 Subject: [PATCH 062/137] fix for leak with wolfSSL_a2i_ASN1_INTEGER --- src/ssl.c | 9 +++++++-- tests/api.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+), 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 4fb9ebdb0..f2320d0ce 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -48230,7 +48230,7 @@ int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1, XFREE(asn1->data, NULL, DYNAMIC_TYPE_OPENSSL); asn1->isDynamic = 0; } - XMEMSET(asn1->intData, 0, sizeof(WOLFSSL_ASN1_INTEGER)); + XMEMSET(asn1->intData, 0, WOLFSSL_ASN1_INTEGER_MAX); asn1->data = asn1->intData; asn1->length = 0; asn1->negative = 0; @@ -48259,7 +48259,7 @@ int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1, len = asn1->length + (lineLen/2); /* Check if it will fit in static memory and * save space for the ASN tag in front */ - if (len > (int)(sizeof(asn1->intData) - extraTagSz)) { + if (len > (int)(WOLFSSL_ASN1_INTEGER_MAX - extraTagSz)) { /* Allocate mem for data */ if (asn1->isDynamic) { byte* tmp = (byte*)XREALLOC(asn1->data, len + extraTagSz, NULL, @@ -48271,12 +48271,17 @@ int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1, asn1->data = tmp; } else { + /* Up to this point asn1->data pointed to asn1->intData. + * Now that the size has grown larger than intData can handle + * the asn1 structure moves to a dynamic type with isDynamic + * flag being set and asn1->data being malloc'd. */ asn1->data = (byte*)XMALLOC(len + extraTagSz, NULL, DYNAMIC_TYPE_OPENSSL); if (!asn1->data) { WOLFSSL_MSG("malloc error"); return WOLFSSL_FAILURE; } + asn1->isDynamic = 1; XMEMCPY(asn1->data, asn1->intData, asn1->length); } } diff --git a/tests/api.c b/tests/api.c index 37cdc2bd4..56e5efd7a 100644 --- a/tests/api.c +++ b/tests/api.c @@ -29447,6 +29447,54 @@ static void test_wolfSSL_ASN1_BIT_STRING(void) #endif } +static void test_wolfSSL_a2i_ASN1_INTEGER(void) +{ +#ifdef OPENSSL_EXTRA + BIO *bio, *out; + ASN1_INTEGER* ai; + char buf[] = "123456\n12345\n112345678912345678901234567890\n"; + char tmp[1024]; + int bufSz, tmpSz; + char* pt; + + const char expected1[] = "123456"; + const char expected2[] = "112345678912345678901234567890"; + + printf(testingFmt, "test_wolfSSL_a2i_ASN1_INTEGER()"); + pt = (char*)buf; + bufSz = sizeof(buf); + + AssertNotNull(bio = BIO_new_mem_buf(buf, -1)); + AssertNotNull(out = BIO_new(BIO_s_mem())); + AssertNotNull(ai = ASN1_INTEGER_new()); + + /* read first line */ + AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS); + AssertIntEQ(i2a_ASN1_INTEGER(out, ai), 6); + XMEMSET(tmp, 0, 1024); + tmpSz = BIO_read(out, tmp, 1024); + AssertIntEQ(tmpSz, 6); + AssertIntEQ(XMEMCMP(tmp, expected1, tmpSz), 0); + + /* fail on second line (not % 2) */ + AssertIntNE(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS); + + /* read 3rd long line */ + AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS); + AssertIntEQ(i2a_ASN1_INTEGER(out, ai), 30); + XMEMSET(tmp, 0, 1024); + tmpSz = BIO_read(out, tmp, 1024); + AssertIntEQ(tmpSz, 30); + AssertIntEQ(XMEMCMP(tmp, expected2, tmpSz), 0); + + BIO_free(out); + BIO_free(bio); + ASN1_INTEGER_free(ai); + + printf(resultFmt, passed); + +#endif +} static void test_wolfSSL_DES_ecb_encrypt(void) { @@ -41480,6 +41528,7 @@ void ApiTest(void) #endif test_wolfSSL_ASN1_STRING(); test_wolfSSL_ASN1_BIT_STRING(); + test_wolfSSL_a2i_ASN1_INTEGER(); test_wolfSSL_X509(); test_wolfSSL_X509_VERIFY_PARAM(); test_wolfSSL_X509_sign(); From 6995f6dedc93c928d944a8f096b48ce2c858fb52 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 17 Mar 2021 12:34:12 +0700 Subject: [PATCH 063/137] help out static analyizer and memset buffer created --- src/ssl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ssl.c b/src/ssl.c index f2320d0ce..3d26a38b1 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -41554,6 +41554,7 @@ cleanup: pem = (unsigned char*)XMALLOC(l, 0, DYNAMIC_TYPE_PEM); if (pem == NULL) return NULL; + XMEMSET(pem, 0, l); i = 0; if (wc_PemGetHeaderFooter(type, NULL, &footer) != 0) { From d439694eb6f826aa1147c85e1a5fc0e7c31c6e5b Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 17 Mar 2021 13:41:27 +0700 Subject: [PATCH 064/137] sanity check on length in wolfSSL_BN_rand --- src/ssl.c | 28 +++++++++++++++++++++++++--- tests/api.c | 24 ++++++++++++++++++++++++ 2 files changed, 49 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 3d26a38b1..c081086c2 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -50833,7 +50833,7 @@ int wolfSSL_mask_bits(WOLFSSL_BIGNUM* bn, int n) int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom) { int ret = 0; - int len = bits / 8; + int len; int initTmpRng = 0; WC_RNG* rng = NULL; #ifdef WOLFSSL_SMALL_STACK @@ -50848,9 +50848,19 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom) (void)bottom; WOLFSSL_MSG("wolfSSL_BN_rand"); + if (bits <= 0) { + return WOLFSSL_FAILURE; + } + + len = bits / 8; if (bits % 8) len++; + /* has to be a length of at least 1 since we set buf[0] and buf[len-1] */ + if (len < 1) { + return WOLFSSL_FAILURE; + } + #ifdef WOLFSSL_SMALL_STACK buff = (byte*)XMALLOC(1024, NULL, DYNAMIC_TYPE_TMP_BUFFER); tmpRNG = (WC_RNG*) XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); @@ -50906,7 +50916,7 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom) int wolfSSL_BN_pseudo_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom) { int ret = 0; - int len = bits / 8; + int len; int initTmpRng = 0; WC_RNG* rng = NULL; #ifdef WOLFSSL_SMALL_STACK @@ -50917,11 +50927,23 @@ int wolfSSL_BN_pseudo_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom) byte buff[1024]; #endif - WOLFSSL_MSG("wolfSSL_BN_rand"); + WOLFSSL_MSG("wolfSSL_BN_pseudo_rand"); + if (bits <= 0) { + return WOLFSSL_FAILURE; + } + + len = bits / 8; if (bits % 8) len++; + /* has to be a length of at least 1 since we set buf[0] and buf[len-1] */ + if (top == 1 || top == 0 || bottom == 1) { + if (len < 1) { + return WOLFSSL_FAILURE; + } + } + #ifdef WOLFSSL_SMALL_STACK buff = (byte*)XMALLOC(1024, NULL, DYNAMIC_TYPE_TMP_BUFFER); tmpRNG = (WC_RNG*) XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); diff --git a/tests/api.c b/tests/api.c index 56e5efd7a..a0a015387 100644 --- a/tests/api.c +++ b/tests/api.c @@ -30458,6 +30458,29 @@ static void test_wolfSSL_RAND_bytes(void) #endif } +static void test_wolfSSL_BN_rand(void) +{ + #if defined(OPENSSL_EXTRA) + BIGNUM* bn; + + printf(testingFmt, "wolfSSL_BN_rand()"); + + AssertNotNull(bn = BN_new()); + AssertIntNE(BN_rand(bn, 0, 0, 0), SSL_SUCCESS); + BN_free(bn); + + AssertNotNull(bn = BN_new()); + AssertIntEQ(BN_rand(bn, 8, 0, 0), SSL_SUCCESS); + BN_free(bn); + + AssertNotNull(bn = BN_new()); + AssertIntEQ(BN_rand(bn, 64, 0, 0), SSL_SUCCESS); + BN_free(bn); + + printf(resultFmt, passed); + #endif +} + static void test_wolfSSL_pseudo_rand(void) { #if defined(OPENSSL_EXTRA) @@ -41550,6 +41573,7 @@ void ApiTest(void) test_wolfSSL_CTX_set_ecdh_auto(); test_wolfSSL_THREADID_hash(); test_wolfSSL_RAND_bytes(); + test_wolfSSL_BN_rand(); test_wolfSSL_pseudo_rand(); test_wolfSSL_PKCS8_Compat(); test_wolfSSL_PKCS8_d2i(); From da56c33f4862a9837e0504a638b239170ef35597 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 17 Mar 2021 16:33:37 +0700 Subject: [PATCH 065/137] add debug message on BIO write return value when printing out error nodes --- src/ssl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index c081086c2..6fcfba1c4 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -16459,7 +16459,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl) wc_RemoveErrorNode(0); } } while (ret >= 0); - wolfSSL_BIO_write(bio, "", 1); + if (wolfSSL_BIO_write(bio, "", 1) != 1) { + WOLFSSL_MSG("Issue writing final string terminator"); + } } #endif /* !NO_BIO */ #endif /* OPENSSL_EXTRA || DEBUG_WOLFSSL_VERBOSE */ From 1ca36042121b1a9b2970e70b3f96bd41ef291b97 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 17 Mar 2021 16:42:16 +0700 Subject: [PATCH 066/137] add check on init mutex return value --- wolfcrypt/src/evp.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 75c165c42..96e3382ea 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -6710,17 +6710,24 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_ex(void* heap) XMEMSET(pkey, 0, sizeof(WOLFSSL_EVP_PKEY)); pkey->heap = heap; pkey->type = WOLFSSL_EVP_PKEY_DEFAULT; + + /* init of mutex needs to come before wolfSSL_EVP_PKEY_free */ + ret = wc_InitMutex(&pkey->refMutex); + if (ret != 0){ + XFREE(pkey, heap, DYNAMIC_TYPE_PUBLIC_KEY); + WOLFSSL_MSG("Issue initializing mutex"); + return NULL; + } + #ifndef HAVE_FIPS ret = wc_InitRng_ex(&pkey->rng, heap, INVALID_DEVID); #else ret = wc_InitRng(&pkey->rng); #endif pkey->references = 1; - wc_InitMutex(&pkey->refMutex); /* init of mutex needs to come before - * wolfSSL_EVP_PKEY_free */ if (ret != 0){ wolfSSL_EVP_PKEY_free(pkey); - WOLFSSL_MSG("memory failure"); + WOLFSSL_MSG("Issue initializing RNG"); return NULL; } } From 2732ba2bbaf3642c64dbcf5f7dad4fdaf1f0cef3 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 17 Mar 2021 16:50:53 +0700 Subject: [PATCH 067/137] check return value is not negative --- src/ssl.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index 6fcfba1c4..394bfdc1b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -31994,6 +31994,10 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_BN_to_ASN1_INTEGER(const WOLFSSL_BIGNUM *bn, WOLFS } else { len = wolfSSL_BN_bn2bin(bn, a->data); + if (len < 0) { + wolfSSL_ASN1_INTEGER_free(a); + return NULL; + } } a->length = len; From 6ef905c9e38979eefcfb4a80c62875579212142f Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 17 Mar 2021 17:06:03 +0700 Subject: [PATCH 068/137] use err goto for error out --- src/ssl.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 394bfdc1b..96c0f2e5f 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -9790,8 +9790,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, gn = wolfSSL_GENERAL_NAME_new(); if (gn == NULL) { WOLFSSL_MSG("Error creating GENERAL_NAME"); - wolfSSL_sk_free(sk); - return NULL; + goto err; } gn->type = dns->type; @@ -9799,18 +9798,14 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, if (wolfSSL_ASN1_STRING_set(gn->d.ia5, dns->name, gn->d.ia5->length) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("ASN1_STRING_set failed"); - wolfSSL_GENERAL_NAME_free(gn); - wolfSSL_sk_free(sk); - return NULL; + goto err; } dns = dns->next; if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error pushing ASN1 object onto stack"); - wolfSSL_GENERAL_NAME_free(gn); - wolfSSL_sk_free(sk); - sk = NULL; + goto err; } /* null so that it doesn't get pushed again after switch */ gn = NULL; From 12b290cbaf4fe984b9ed26a519d51358f28d98e7 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 17 Mar 2021 17:34:54 +0700 Subject: [PATCH 069/137] remove duplicate (deadcode) for clearing mp_int's --- wolfcrypt/src/dh.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index c7803c33b..0ddd2603d 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -2177,11 +2177,6 @@ int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz, WOLFSSL_MSG("DH Public Key Set"); } } - /* Free Memory if error occurred */ - if (havePriv == 0 && keyPriv != NULL) - mp_clear(keyPriv); - if (havePub == 0 && keyPub != NULL) - mp_clear(keyPub); if (havePriv == 0 && havePub == 0) { return MEMORY_E; From 1477af9a22de4bff9408c09f8795c367a211b39a Mon Sep 17 00:00:00 2001 From: Kareem Abuobeid Date: Wed, 17 Mar 2021 14:29:24 -0700 Subject: [PATCH 070/137] Add wolfSSL_RAND_set_rand_method() and support for RAND_ callbacks. --- src/ssl.c | 205 +++++++++++++++++++++++++++++++++------ tests/api.c | 121 +++++++++++++++++++++++ wolfssl/openssl/engine.h | 4 +- wolfssl/openssl/rand.h | 2 + wolfssl/ssl.h | 37 ++++++- 5 files changed, 340 insertions(+), 29 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 4fb9ebdb0..b37ad8e0b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -153,6 +153,10 @@ #ifdef OPENSSL_EXTRA /* Global pointer to constant BN on */ static WOLFSSL_BIGNUM* bn_one = NULL; + +static const WOLFSSL_RAND_METHOD* rand_methods = NULL; +static int initRandMethMutex = 0; +static wolfSSL_Mutex rand_methods_mutex; #endif #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) @@ -4953,6 +4957,14 @@ int wolfSSL_Init(void) #endif #ifdef OPENSSL_EXTRA + if (wc_InitMutex(&rand_methods_mutex) != 0) { + WOLFSSL_MSG("Bad Init Mutex rand methods"); + return BAD_MUTEX_E; + } + else { + initRandMethMutex = 1; + } + if (wolfSSL_RAND_seed(NULL, 0) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("wolfSSL_RAND_Seed failed"); return WC_INIT_E; @@ -13219,6 +13231,18 @@ int wolfSSL_Cleanup(void) #ifdef OPENSSL_EXTRA wolfSSL_RAND_Cleanup(); + + if (wc_LockMutex(&rand_methods_mutex) != 0) { + WOLFSSL_MSG("Bad Lock Mutex rand methods"); + return BAD_MUTEX_E; + } + rand_methods = NULL; + wc_UnLockMutex(&rand_methods_mutex); + + if (wc_FreeMutex(&rand_methods_mutex) != 0) + ret = BAD_MUTEX_E; + else + initRandMethMutex = 0; #endif if (wolfCrypt_Cleanup() != 0) { @@ -17807,24 +17831,131 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, #endif } + /* If a valid struct is provided with function pointers, will override + RAND_seed, bytes, cleanup, add, pseudo_bytes and status. If a NULL + pointer is passed in, it will cancel any previous function overrides. + + Returns WOLFSSL_SUCCESS on success, WOLFSSL_FAILURE on failure. */ + int wolfSSL_RAND_set_rand_method(const WOLFSSL_RAND_METHOD *methods) + { + int ret = WOLFSSL_FAILURE; + + if (initRandMethMutex == 0) { + if (wc_InitMutex(&rand_methods_mutex) != 0) { + WOLFSSL_MSG("Bad Init Mutex rand methods"); + ret = BAD_MUTEX_E; + } + else { + initRandMethMutex = 1; + } + } + + if (initRandMethMutex != 0) { + if (wc_LockMutex(&rand_methods_mutex) != 0) { + WOLFSSL_MSG("Lock rand methods mutex failed"); + ret = BAD_MUTEX_E; + } + else { + rand_methods = methods; + wc_UnLockMutex(&rand_methods_mutex); + ret = WOLFSSL_SUCCESS; + } + } + + return ret; + } + + /* Sets func_ptr to a pointer to the given function func if it was set + by RAND_set_rand_method, or NULL if either it was not set, + or there was an error retreiving it. + + Returns WOLFSSL_SUCCESS on success, otherwise returns an error code. */ + static int GetRandFunction(RandFunction func, void** func_ptr) + { + int ret = WOLFSSL_FAILURE; + + if (func_ptr == NULL) { + return WOLFSSL_FAILURE; + } + + *func_ptr = NULL; + + if (initRandMethMutex == 0) { + if (wc_InitMutex(&rand_methods_mutex) != 0) { + WOLFSSL_MSG("Bad Init Mutex rand methods"); + ret = BAD_MUTEX_E; + } + else { + initRandMethMutex = 1; + } + } + + if (initRandMethMutex != 0) { + if (wc_LockMutex(&rand_methods_mutex) != 0) { + WOLFSSL_MSG("Lock rand methods mutex failed"); + ret = BAD_MUTEX_E; + } + else { + if (rand_methods != NULL && rand_methods->status != NULL) { + if (func == RAND_SEED) { + *func_ptr = rand_methods->seed; + } + else if (func == RAND_BYTES) { + *func_ptr = rand_methods->bytes; + } + else if (func == RAND_CLEANUP) { + *func_ptr = rand_methods->cleanup; + } + else if (func == RAND_ADD) { + *func_ptr = rand_methods->add; + } + else if (func == RAND_PSEUDORAND) { + *func_ptr = rand_methods->pseudorand; + } + else if (func == RAND_STATUS) { + *func_ptr = rand_methods->status; + } + } + wc_UnLockMutex(&rand_methods_mutex); + ret = WOLFSSL_SUCCESS; + } + } + + return ret; + } int wolfSSL_RAND_status(void) { - return WOLFSSL_SUCCESS; /* wolfCrypt provides enough seed internally */ + RandStatusMethod* randFunc = NULL; + + if (GetRandFunction(RAND_STATUS, (void**)&randFunc) + != WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; + } + else if (randFunc != NULL) { + return randFunc(); + } + + return WOLFSSL_SUCCESS; /* wolfCrypt provides enough seed internally */ } - #ifndef NO_WOLFSSL_STUB void wolfSSL_RAND_add(const void* add, int len, double entropy) { - (void)add; - (void)len; - (void)entropy; - WOLFSSL_STUB("RAND_add"); + RandAddMethod* randFunc = NULL; + + if (GetRandFunction(RAND_ADD, (void**)&randFunc) + != WOLFSSL_SUCCESS) { + return; + } + else if (randFunc != NULL) { + randFunc(add, len, entropy); + } + /* wolfSSL seeds/adds internally, use explicit RNG if you want to take control */ + return; } - #endif #ifndef NO_DES3 /* 0 on ok */ @@ -31512,11 +31643,17 @@ static int wolfSSL_RAND_Init(void) /* WOLFSSL_SUCCESS on ok */ int wolfSSL_RAND_seed(const void* seed, int len) { + RandSeedMethod* randFunc = NULL; WOLFSSL_MSG("wolfSSL_RAND_seed"); - (void)seed; - (void)len; + if (GetRandFunction(RAND_SEED, (void**)&randFunc) + != WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; + } + else if (randFunc != NULL) { + return randFunc(seed, len); + } return wolfSSL_RAND_Init(); } @@ -31821,22 +31958,40 @@ int wolfSSL_RAND_egd(const char* nm) void wolfSSL_RAND_Cleanup(void) { + RandCleanupMethod* randFunc = NULL; + WOLFSSL_ENTER("wolfSSL_RAND_Cleanup()"); + if (GetRandFunction(RAND_CLEANUP, (void**)&randFunc) + == WOLFSSL_SUCCESS && randFunc != NULL) { + randFunc(); + } + if (wc_LockMutex(&globalRNGMutex) != 0) { WOLFSSL_MSG("Bad Lock Mutex rng"); - return; } - if (initGlobalRNG != 0) { + else if (initGlobalRNG != 0) { wc_FreeRng(&globalRNG); initGlobalRNG = 0; } wc_UnLockMutex(&globalRNGMutex); + + return; } int wolfSSL_RAND_pseudo_bytes(unsigned char* buf, int num) { + RandPseudorandMethod* randFunc = NULL; + + if (GetRandFunction(RAND_PSEUDORAND, (void**)&randFunc) + != WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; + } + else if (randFunc != NULL) { + return randFunc(buf, num); + } + return wolfSSL_RAND_bytes(buf, num); } @@ -31854,9 +32009,18 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) #endif int used_global = 0; int blockCount = 0; + RandBytesMethod* randFunc = NULL; WOLFSSL_ENTER("wolfSSL_RAND_bytes"); + if (GetRandFunction(RAND_BYTES, (void**)&randFunc) + != WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; + } + else if (randFunc != NULL) { + return randFunc(buf, num); + } + #ifdef WOLFSSL_SMALL_STACK tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); if (tmpRNG == NULL) @@ -31879,7 +32043,7 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) if (rng) { /* handles size grater than RNG_MAX_BLOCK_LEN */ blockCount = num / RNG_MAX_BLOCK_LEN; - + while(blockCount--) { if((ret = wc_RNG_GenerateBlock(rng, buf, RNG_MAX_BLOCK_LEN) != 0)){ WOLFSSL_MSG("Bad wc_RNG_GenerateBlock"); @@ -31888,10 +32052,10 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) num -= RNG_MAX_BLOCK_LEN; buf += RNG_MAX_BLOCK_LEN; } - + if (ret == 0 && num) ret = wc_RNG_GenerateBlock(rng, buf, num); - + if (ret != 0) WOLFSSL_MSG("Bad wc_RNG_GenerateBlock"); else @@ -45760,19 +45924,6 @@ int wolfSSL_FIPS_mode_set(int r) } #endif -#ifndef NO_WOLFSSL_STUB -int wolfSSL_RAND_set_rand_method(const void *meth) -{ - (void) meth; - WOLFSSL_ENTER("wolfSSL_RAND_set_rand_method"); - WOLFSSL_STUB("RAND_set_rand_method"); - - /* if implemented RAND_bytes and RAND_pseudo_bytes need updated - * those two functions will call the respective functions from meth */ - return SSL_FAILURE; -} -#endif - int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits) { int ret = WOLFSSL_FAILURE; diff --git a/tests/api.c b/tests/api.c index 37cdc2bd4..83273c911 100644 --- a/tests/api.c +++ b/tests/api.c @@ -307,6 +307,7 @@ #include #include #include + #include #ifdef OPENSSL_ALL #include #include @@ -30380,6 +30381,125 @@ static void test_wolfSSL_BUF(void) #endif /* OPENSSL_EXTRA */ } +#if defined(OPENSSL_EXTRA) +static int stub_rand_seed(const void *buf, int num) +{ + (void)buf; + (void)num; + + return 123; +} + +static int stub_rand_bytes(unsigned char *buf, int num) +{ + (void)buf; + (void)num; + + return 456; +} + +static byte* was_stub_rand_cleanup_called(void) +{ + static byte was_called = 0; + + return &was_called; +} + +static void stub_rand_cleanup(void) +{ + byte* was_called = was_stub_rand_cleanup_called(); + + *was_called = 1; + + return; +} + +static byte* was_stub_rand_add_called(void) +{ + static byte was_called = 0; + + return &was_called; +} + +static int stub_rand_add(const void *buf, int num, double entropy) +{ + byte* was_called = was_stub_rand_add_called(); + + (void)buf; + (void)num; + (void)entropy; + + *was_called = 1; + + return 0; +} + +static int stub_rand_pseudo_bytes(unsigned char *buf, int num) +{ + (void)buf; + (void)num; + + return 9876; +} + +static int stub_rand_status(void) +{ + return 5432; +} +#endif + +static void test_wolfSSL_RAND_set_rand_method(void) +{ + #if defined(OPENSSL_EXTRA) + WOLFSSL_RAND_METHOD rand_methods = {NULL, NULL, NULL, NULL, NULL, NULL}; + unsigned char* buf = NULL; + int num = 0; + double entropy = 0; + byte* was_cleanup_called = was_stub_rand_cleanup_called(); + byte* was_add_called = was_stub_rand_add_called(); + + printf(testingFmt, "wolfSSL_RAND_set_rand_method()"); + + AssertIntNE(wolfSSL_RAND_status(), 5432); + AssertIntEQ(*was_cleanup_called, 0); + wolfSSL_RAND_Cleanup(); + AssertIntEQ(*was_cleanup_called, 0); + + + rand_methods.seed = &stub_rand_seed; + rand_methods.bytes = &stub_rand_bytes; + rand_methods.cleanup = &stub_rand_cleanup; + rand_methods.add = &stub_rand_add; + rand_methods.pseudorand = &stub_rand_pseudo_bytes; + rand_methods.status = &stub_rand_status; + + AssertIntEQ(wolfSSL_RAND_set_rand_method(&rand_methods), SSL_SUCCESS); + AssertIntEQ(wolfSSL_RAND_seed(buf, num), 123); + AssertIntEQ(wolfSSL_RAND_bytes(buf, num), 456); + AssertIntEQ(wolfSSL_RAND_pseudo_bytes(buf, num), 9876); + AssertIntEQ(wolfSSL_RAND_status(), 5432); + + AssertIntEQ(*was_add_called, 0); + /* The function pointer for RAND_add returns int, but RAND_add itself returns void. */ + wolfSSL_RAND_add(buf, num, entropy); + AssertIntEQ(*was_add_called, 1); + was_add_called = 0; + AssertIntEQ(*was_cleanup_called, 0); + wolfSSL_RAND_Cleanup(); + AssertIntEQ(*was_cleanup_called, 1); + *was_cleanup_called = 0; + + + AssertIntEQ(wolfSSL_RAND_set_rand_method(NULL), SSL_SUCCESS); + AssertIntNE(wolfSSL_RAND_status(), 5432); + AssertIntEQ(*was_cleanup_called, 0); + wolfSSL_RAND_Cleanup(); + AssertIntEQ(*was_cleanup_called, 0); + + printf(resultFmt, passed); + #endif +} + static void test_wolfSSL_RAND_bytes(void) { #if defined(OPENSSL_EXTRA) @@ -41500,6 +41620,7 @@ void ApiTest(void) test_wolfSSL_CTX_set_srp_password(); test_wolfSSL_CTX_set_ecdh_auto(); test_wolfSSL_THREADID_hash(); + test_wolfSSL_RAND_set_rand_method(); test_wolfSSL_RAND_bytes(); test_wolfSSL_pseudo_rand(); test_wolfSSL_PKCS8_Compat(); diff --git a/wolfssl/openssl/engine.h b/wolfssl/openssl/engine.h index e4a1ff193..ba147ff74 100644 --- a/wolfssl/openssl/engine.h +++ b/wolfssl/openssl/engine.h @@ -4,5 +4,7 @@ #undef HAVE_OPENSSL_ENGINE_H -#define ENGINE_load_builtin_engines() /*ENGINE_load_builtin_engines not needed*/ +/* ENGINE_load_builtin_engines not needed, as all builtin engines are already + loaded into memory and used on startup. */ +#define ENGINE_load_builtin_engines() diff --git a/wolfssl/openssl/rand.h b/wolfssl/openssl/rand.h index 25d1419e2..11af818f6 100644 --- a/wolfssl/openssl/rand.h +++ b/wolfssl/openssl/rand.h @@ -24,4 +24,6 @@ #include #include +typedef WOLFSSL_RAND_METHOD RAND_METHOD; + #define RAND_set_rand_method wolfSSL_RAND_set_rand_method diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index a6697e8bc..4f813a279 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -639,6 +639,41 @@ struct WOLFSSL_X509_STORE_CTX { typedef char* WOLFSSL_STRING; +/* seed = Data to mix into the random generator. + len = Number of bytes to mix from seed. */ +typedef int RandSeedMethod(const void* seed, int len); +/* buf = Buffer to store random bytes in. + len = Number of bytes to store in buf. */ +typedef int RandBytesMethod(unsigned char* buf, int len); +typedef void RandCleanupMethod(void); +/* add = Data to mix into the random generator. + len = Number of bytes to mix from add. + entropy = Estimate of randomness contained in seed. + Should be between 0 and len. */ +typedef int RandAddMethod(const void* add, int len, double entropy); +/* buf = Buffer to store pseudorandom bytes in. + len = Number of bytes to store in buf. */ +typedef int RandPseudorandMethod(unsigned char *buf, int len); +typedef int RandStatusMethod(void); + +typedef struct WOLFSSL_RAND_METHOD { + RandSeedMethod* seed; + RandBytesMethod* bytes; + RandCleanupMethod* cleanup; + RandAddMethod* add; + RandPseudorandMethod* pseudorand; + RandStatusMethod* status; +} WOLFSSL_RAND_METHOD; + +typedef enum RandFunction { + RAND_SEED, + RAND_BYTES, + RAND_CLEANUP, + RAND_ADD, + RAND_PSEUDORAND, + RAND_STATUS +} RandFunction; + /* Valid Alert types from page 16/17 * Add alert string to the function wolfSSL_alert_type_string_long in src/ssl.c */ @@ -3769,7 +3804,7 @@ WOLFSSL_API int wolfSSL_FIPS_mode(void); WOLFSSL_API int wolfSSL_FIPS_mode_set(int r); -WOLFSSL_API int wolfSSL_RAND_set_rand_method(const void *meth); +WOLFSSL_API int wolfSSL_RAND_set_rand_method(const WOLFSSL_RAND_METHOD *methods); WOLFSSL_API int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits); From 7760dcb43b3acb979d202e3bae47237f0ce369b5 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 17 Mar 2021 15:51:52 -0700 Subject: [PATCH 071/137] Fixes and cleanups for the openssl compatibility layer `RAND_` functions. For `opensslextra=x509small` don't include the RAND method code. Removed abandonded "ENABLED_SMALL" option in configure.ac. --- configure.ac | 11 +- src/ssl.c | 370 +++++++++++++++++++++----------------------------- tests/api.c | 14 +- wolfssl/ssl.h | 50 +++---- 4 files changed, 178 insertions(+), 267 deletions(-) diff --git a/configure.ac b/configure.ac index 1ec1f11a5..e73b608d3 100644 --- a/configure.ac +++ b/configure.ac @@ -949,16 +949,12 @@ then AM_CFLAGS="-DHAVE_EXT_CACHE $AM_CFLAGS" fi -if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_SMALL" = "yes" -then - AC_MSG_ERROR([cannot enable small and opensslextra, only one or the other.]) -fi - if test "$ENABLED_OPENSSLEXTRA" = "x509small" then AC_MSG_NOTICE([Enabling only a subset of X509 opensslextra]) AM_CFLAGS="-DOPENSSL_EXTRA_X509_SMALL $AM_CFLAGS" AM_CFLAGS="-DWOLFSSL_EKU_OID -DWOLFSSL_MULTI_ATTRIB $AM_CFLAGS" + AM_CFLAGS="-DWOLFSSL_NO_OPENSSL_RAND_CB $AM_CFLAGS" fi # One Error Queue per Thread @@ -5194,11 +5190,6 @@ if test "$ENABLED_SP_NONBLOCK" = "yes"; then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NONBLOCK" AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NONBLOCK" fi -if test "$ENABLED_SMALL" = "yes"; then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL" - AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SMALL" -fi - if test "$ENABLED_SP_MATH" = "yes"; then if test "$ENABLED_SP" = "no"; then diff --git a/src/ssl.c b/src/ssl.c index b37ad8e0b..245c195cd 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -151,13 +151,17 @@ #ifndef WOLFCRYPT_ONLY #ifdef OPENSSL_EXTRA -/* Global pointer to constant BN on */ -static WOLFSSL_BIGNUM* bn_one = NULL; + /* Global pointer to constant BN on */ + static WOLFSSL_BIGNUM* bn_one = NULL; -static const WOLFSSL_RAND_METHOD* rand_methods = NULL; -static int initRandMethMutex = 0; -static wolfSSL_Mutex rand_methods_mutex; -#endif + /* WOLFSSL_NO_OPENSSL_RAND_CB: Allows way to reduce code size for + * OPENSSL_EXTRA where RAND callbacks are not used */ + #ifndef WOLFSSL_NO_OPENSSL_RAND_CB + static const WOLFSSL_RAND_METHOD* gRandMethods = NULL; + static int gRandMethodsInit = 0; + static wolfSSL_Mutex gRandMethodMutex; + #endif /* !WOLFSSL_NO_OPENSSL_RAND_CB */ +#endif /* OPENSSL_EXTRA */ #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) const WOLF_EC_NIST_NAME kNistCurves[] = { @@ -4931,9 +4935,25 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) #if defined(OPENSSL_EXTRA) || \ (defined(OPENSSL_EXTRA_X509_SMALL) && !defined(NO_RSA)) -static WC_RNG globalRNG; -static int initGlobalRNG = 0; -static wolfSSL_Mutex globalRNGMutex; + + #define HAVE_GLOBAL_RNG /* consolidate flags for using globalRNG */ + static WC_RNG globalRNG; + static int initGlobalRNG = 0; + static wolfSSL_Mutex globalRNGMutex; +#endif + +#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB) +static int wolfSSL_RAND_InitMutex(void) +{ + if (gRandMethodsInit == 0) { + if (wc_InitMutex(&gRandMethodMutex) != 0) { + WOLFSSL_MSG("Bad Init Mutex rand methods"); + return BAD_MUTEX_E; + } + gRandMethodsInit = 1; + } + return 0; +} #endif WOLFSSL_ABI @@ -4948,8 +4968,7 @@ int wolfSSL_Init(void) return WC_INIT_E; } -#if defined(OPENSSL_EXTRA) || \ - (defined(OPENSSL_EXTRA_X509_SMALL) && !defined(NO_RSA)) +#ifdef HAVE_GLOBAL_RNG if (wc_InitMutex(&globalRNGMutex) != 0) { WOLFSSL_MSG("Bad Init Mutex rng"); return BAD_MUTEX_E; @@ -4957,18 +4976,12 @@ int wolfSSL_Init(void) #endif #ifdef OPENSSL_EXTRA - if (wc_InitMutex(&rand_methods_mutex) != 0) { - WOLFSSL_MSG("Bad Init Mutex rand methods"); + #ifndef WOLFSSL_NO_OPENSSL_RAND_CB + if (wolfSSL_RAND_InitMutex() != 0) { return BAD_MUTEX_E; } - else { - initRandMethMutex = 1; - } - - if (wolfSSL_RAND_seed(NULL, 0) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("wolfSSL_RAND_Seed failed"); - return WC_INIT_E; - } + #endif + wolfSSL_RAND_seed(NULL, 0); #endif #ifndef NO_SESSION_CACHE @@ -13231,18 +13244,6 @@ int wolfSSL_Cleanup(void) #ifdef OPENSSL_EXTRA wolfSSL_RAND_Cleanup(); - - if (wc_LockMutex(&rand_methods_mutex) != 0) { - WOLFSSL_MSG("Bad Lock Mutex rand methods"); - return BAD_MUTEX_E; - } - rand_methods = NULL; - wc_UnLockMutex(&rand_methods_mutex); - - if (wc_FreeMutex(&rand_methods_mutex) != 0) - ret = BAD_MUTEX_E; - else - initRandMethMutex = 0; #endif if (wolfCrypt_Cleanup() != 0) { @@ -17838,123 +17839,50 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, Returns WOLFSSL_SUCCESS on success, WOLFSSL_FAILURE on failure. */ int wolfSSL_RAND_set_rand_method(const WOLFSSL_RAND_METHOD *methods) { - int ret = WOLFSSL_FAILURE; - - if (initRandMethMutex == 0) { - if (wc_InitMutex(&rand_methods_mutex) != 0) { - WOLFSSL_MSG("Bad Init Mutex rand methods"); - ret = BAD_MUTEX_E; - } - else { - initRandMethMutex = 1; - } + #ifndef WOLFSSL_NO_OPENSSL_RAND_CB + if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { + gRandMethods = methods; + wc_UnLockMutex(&gRandMethodMutex); } - - if (initRandMethMutex != 0) { - if (wc_LockMutex(&rand_methods_mutex) != 0) { - WOLFSSL_MSG("Lock rand methods mutex failed"); - ret = BAD_MUTEX_E; - } - else { - rand_methods = methods; - wc_UnLockMutex(&rand_methods_mutex); - ret = WOLFSSL_SUCCESS; - } - } - - return ret; - } - - /* Sets func_ptr to a pointer to the given function func if it was set - by RAND_set_rand_method, or NULL if either it was not set, - or there was an error retreiving it. - - Returns WOLFSSL_SUCCESS on success, otherwise returns an error code. */ - static int GetRandFunction(RandFunction func, void** func_ptr) - { - int ret = WOLFSSL_FAILURE; - - if (func_ptr == NULL) { - return WOLFSSL_FAILURE; - } - - *func_ptr = NULL; - - if (initRandMethMutex == 0) { - if (wc_InitMutex(&rand_methods_mutex) != 0) { - WOLFSSL_MSG("Bad Init Mutex rand methods"); - ret = BAD_MUTEX_E; - } - else { - initRandMethMutex = 1; - } - } - - if (initRandMethMutex != 0) { - if (wc_LockMutex(&rand_methods_mutex) != 0) { - WOLFSSL_MSG("Lock rand methods mutex failed"); - ret = BAD_MUTEX_E; - } - else { - if (rand_methods != NULL && rand_methods->status != NULL) { - if (func == RAND_SEED) { - *func_ptr = rand_methods->seed; - } - else if (func == RAND_BYTES) { - *func_ptr = rand_methods->bytes; - } - else if (func == RAND_CLEANUP) { - *func_ptr = rand_methods->cleanup; - } - else if (func == RAND_ADD) { - *func_ptr = rand_methods->add; - } - else if (func == RAND_PSEUDORAND) { - *func_ptr = rand_methods->pseudorand; - } - else if (func == RAND_STATUS) { - *func_ptr = rand_methods->status; - } - } - wc_UnLockMutex(&rand_methods_mutex); - ret = WOLFSSL_SUCCESS; - } - } - - return ret; + #else + (void)methods; + #endif + return WOLFSSL_SUCCESS; } + /* Returns WOLFSSL_SUCCESS if the RNG has been seeded with enough data */ int wolfSSL_RAND_status(void) { - RandStatusMethod* randFunc = NULL; - - if (GetRandFunction(RAND_STATUS, (void**)&randFunc) - != WOLFSSL_SUCCESS) { - return WOLFSSL_FAILURE; + int ret = WOLFSSL_SUCCESS; + #ifndef WOLFSSL_NO_OPENSSL_RAND_CB + if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { + if (gRandMethods && gRandMethods->status) + ret = gRandMethods->status(); + wc_UnLockMutex(&gRandMethodMutex); } - else if (randFunc != NULL) { - return randFunc(); - } - - return WOLFSSL_SUCCESS; /* wolfCrypt provides enough seed internally */ + #else + /* wolfCrypt provides enough seed internally, so return success */ + #endif + return ret; } - void wolfSSL_RAND_add(const void* add, int len, double entropy) { - RandAddMethod* randFunc = NULL; - - if (GetRandFunction(RAND_ADD, (void**)&randFunc) - != WOLFSSL_SUCCESS) { - return; + #ifndef WOLFSSL_NO_OPENSSL_RAND_CB + if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { + if (gRandMethods && gRandMethods->add) { + /* callback has return code, but RAND_add does not */ + (void)gRandMethods->add(add, len, entropy); + } + wc_UnLockMutex(&gRandMethodMutex); } - else if (randFunc != NULL) { - randFunc(add, len, entropy); - } - + #else /* wolfSSL seeds/adds internally, use explicit RNG if you want to take control */ - return; + (void)add; + (void)len; + (void)entropy; + #endif } #ifndef NO_DES3 @@ -31622,40 +31550,41 @@ WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG, int *initTmpRng) */ static int wolfSSL_RAND_Init(void) { - if (wc_LockMutex(&globalRNGMutex) != 0) { - WOLFSSL_MSG("Bad Lock Mutex rng"); - return 0; - } - if (initGlobalRNG == 0) { - if (wc_InitRng(&globalRNG) < 0) { - WOLFSSL_MSG("wolfSSL Init Global RNG failed"); - wc_UnLockMutex(&globalRNGMutex); - return 0; + int ret = WOLFSSL_FAILURE; +#ifdef HAVE_GLOBAL_RNG + if (wc_LockMutex(&globalRNGMutex) == 0) { + if (initGlobalRNG == 0) { + ret = wc_InitRng(&globalRNG); + if (ret == 0) { + initGlobalRNG = 1; + ret = WOLFSSL_SUCCESS; + } } - initGlobalRNG = 1; + wc_UnLockMutex(&globalRNGMutex); } - - wc_UnLockMutex(&globalRNGMutex); - return WOLFSSL_SUCCESS; +#endif + return ret; } /* WOLFSSL_SUCCESS on ok */ -int wolfSSL_RAND_seed(const void* seed, int len) +void wolfSSL_RAND_seed(const void* seed, int len) { - RandSeedMethod* randFunc = NULL; - - WOLFSSL_MSG("wolfSSL_RAND_seed"); - - if (GetRandFunction(RAND_SEED, (void**)&randFunc) - != WOLFSSL_SUCCESS) { - return WOLFSSL_FAILURE; - } - else if (randFunc != NULL) { - return randFunc(seed, len); +#ifndef WOLFSSL_NO_OPENSSL_RAND_CB + if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { + if (gRandMethods && gRandMethods->seed) { + /* seed callback has return code, but function RAND_seed does not */ + (void)gRandMethods->seed(seed, len); + } + wc_UnLockMutex(&gRandMethodMutex); } +#else + (void)seed; + (void)len; +#endif - return wolfSSL_RAND_Init(); + /* Make sure global shared RNG (globalRNG) is initialized */ + (void)wolfSSL_RAND_Init(); } @@ -31958,75 +31887,72 @@ int wolfSSL_RAND_egd(const char* nm) void wolfSSL_RAND_Cleanup(void) { - RandCleanupMethod* randFunc = NULL; - - WOLFSSL_ENTER("wolfSSL_RAND_Cleanup()"); - - if (GetRandFunction(RAND_CLEANUP, (void**)&randFunc) - == WOLFSSL_SUCCESS && randFunc != NULL) { - randFunc(); +#ifndef WOLFSSL_NO_OPENSSL_RAND_CB + if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { + if (gRandMethods && gRandMethods->cleanup) + gRandMethods->cleanup(); + wc_UnLockMutex(&gRandMethodMutex); } - - if (wc_LockMutex(&globalRNGMutex) != 0) { - WOLFSSL_MSG("Bad Lock Mutex rng"); +#endif +#ifdef HAVE_GLOBAL_RNG + if (wc_LockMutex(&globalRNGMutex) == 0) { + if (initGlobalRNG) { + wc_FreeRng(&globalRNG); + initGlobalRNG = 0; + } + wc_UnLockMutex(&globalRNGMutex); } - else if (initGlobalRNG != 0) { - wc_FreeRng(&globalRNG); - initGlobalRNG = 0; - } - wc_UnLockMutex(&globalRNGMutex); - - return; +#endif } - +/* returns WOLFSSL_SUCCESS if the bytes generated are valid otherwise WOLFSSL_FAILURE */ int wolfSSL_RAND_pseudo_bytes(unsigned char* buf, int num) { - RandPseudorandMethod* randFunc = NULL; - - if (GetRandFunction(RAND_PSEUDORAND, (void**)&randFunc) - != WOLFSSL_SUCCESS) { - return WOLFSSL_FAILURE; - } - else if (randFunc != NULL) { - return randFunc(buf, num); +#ifndef WOLFSSL_NO_OPENSSL_RAND_CB + if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { + if (gRandMethods && gRandMethods->pseudorand) { + int ret = gRandMethods->pseudorand(buf, num); + wc_UnLockMutex(&gRandMethodMutex); + return ret; + } + wc_UnLockMutex(&gRandMethodMutex); } +#endif + /* fallback to using the global shared RNG */ return wolfSSL_RAND_bytes(buf, num); } - -/* WOLFSSL_SUCCESS on ok */ +/* returns WOLFSSL_SUCCESS if the bytes generated are valid otherwise WOLFSSL_FAILURE */ int wolfSSL_RAND_bytes(unsigned char* buf, int num) { int ret = 0; - int initTmpRng = 0; WC_RNG* rng = NULL; #ifdef WOLFSSL_SMALL_STACK - WC_RNG* tmpRNG; + WC_RNG* tmpRNG = NULL; #else WC_RNG tmpRNG[1]; #endif - int used_global = 0; + int initTmpRng = 0; int blockCount = 0; - RandBytesMethod* randFunc = NULL; +#ifdef HAVE_GLOBAL_RNG + int used_global = 0; +#endif WOLFSSL_ENTER("wolfSSL_RAND_bytes"); - if (GetRandFunction(RAND_BYTES, (void**)&randFunc) - != WOLFSSL_SUCCESS) { - return WOLFSSL_FAILURE; + /* if a RAND callback has been set try and use it */ +#ifndef WOLFSSL_NO_OPENSSL_RAND_CB + if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { + if (gRandMethods && gRandMethods->bytes) { + ret = gRandMethods->bytes(buf, num); + wc_UnLockMutex(&gRandMethodMutex); + return ret; + } + wc_UnLockMutex(&gRandMethodMutex); } - else if (randFunc != NULL) { - return randFunc(buf, num); - } - -#ifdef WOLFSSL_SMALL_STACK - tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); - if (tmpRNG == NULL) - return ret; #endif - +#ifdef HAVE_GLOBAL_RNG if (initGlobalRNG) { if (wc_LockMutex(&globalRNGMutex) != 0) { WOLFSSL_MSG("Bad Lock Mutex rng"); @@ -32036,16 +31962,26 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) rng = &globalRNG; used_global = 1; } - else if(wc_InitRng(tmpRNG) == 0) { - rng = tmpRNG; - initTmpRng = 1; + else +#endif + { + #ifdef WOLFSSL_SMALL_STACK + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); + if (tmpRNG == NULL) + return ret; + #endif + if (wc_InitRng(tmpRNG) == 0) { + rng = tmpRNG; + initTmpRng = 1; + } } if (rng) { - /* handles size grater than RNG_MAX_BLOCK_LEN */ + /* handles size greater than RNG_MAX_BLOCK_LEN */ blockCount = num / RNG_MAX_BLOCK_LEN; - while(blockCount--) { - if((ret = wc_RNG_GenerateBlock(rng, buf, RNG_MAX_BLOCK_LEN) != 0)){ + while (blockCount--) { + ret = wc_RNG_GenerateBlock(rng, buf, RNG_MAX_BLOCK_LEN); + if (ret != 0) { WOLFSSL_MSG("Bad wc_RNG_GenerateBlock"); break; } @@ -32062,15 +31998,15 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) ret = WOLFSSL_SUCCESS; } - if (used_global == 1) { +#ifdef HAVE_GLOBAL_RNG + if (used_global == 1) wc_UnLockMutex(&globalRNGMutex); - } - +#endif if (initTmpRng) wc_FreeRng(tmpRNG); - #ifdef WOLFSSL_SMALL_STACK - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); + if (tmpRNG) + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); #endif return ret; diff --git a/tests/api.c b/tests/api.c index 83273c911..0180cfb55 100644 --- a/tests/api.c +++ b/tests/api.c @@ -30381,7 +30381,7 @@ static void test_wolfSSL_BUF(void) #endif /* OPENSSL_EXTRA */ } -#if defined(OPENSSL_EXTRA) +#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB) static int stub_rand_seed(const void *buf, int num) { (void)buf; @@ -30446,11 +30446,11 @@ static int stub_rand_status(void) { return 5432; } -#endif +#endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */ static void test_wolfSSL_RAND_set_rand_method(void) { - #if defined(OPENSSL_EXTRA) +#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB) WOLFSSL_RAND_METHOD rand_methods = {NULL, NULL, NULL, NULL, NULL, NULL}; unsigned char* buf = NULL; int num = 0; @@ -30473,8 +30473,8 @@ static void test_wolfSSL_RAND_set_rand_method(void) rand_methods.pseudorand = &stub_rand_pseudo_bytes; rand_methods.status = &stub_rand_status; - AssertIntEQ(wolfSSL_RAND_set_rand_method(&rand_methods), SSL_SUCCESS); - AssertIntEQ(wolfSSL_RAND_seed(buf, num), 123); + AssertIntEQ(wolfSSL_RAND_set_rand_method(&rand_methods), WOLFSSL_SUCCESS); + wolfSSL_RAND_seed(buf, num); AssertIntEQ(wolfSSL_RAND_bytes(buf, num), 456); AssertIntEQ(wolfSSL_RAND_pseudo_bytes(buf, num), 9876); AssertIntEQ(wolfSSL_RAND_status(), 5432); @@ -30490,14 +30490,14 @@ static void test_wolfSSL_RAND_set_rand_method(void) *was_cleanup_called = 0; - AssertIntEQ(wolfSSL_RAND_set_rand_method(NULL), SSL_SUCCESS); + AssertIntEQ(wolfSSL_RAND_set_rand_method(NULL), WOLFSSL_SUCCESS); AssertIntNE(wolfSSL_RAND_status(), 5432); AssertIntEQ(*was_cleanup_called, 0); wolfSSL_RAND_Cleanup(); AssertIntEQ(*was_cleanup_called, 0); printf(resultFmt, passed); - #endif +#endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */ } static void test_wolfSSL_RAND_bytes(void) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 4f813a279..b715caeb5 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -639,41 +639,25 @@ struct WOLFSSL_X509_STORE_CTX { typedef char* WOLFSSL_STRING; -/* seed = Data to mix into the random generator. - len = Number of bytes to mix from seed. */ -typedef int RandSeedMethod(const void* seed, int len); -/* buf = Buffer to store random bytes in. - len = Number of bytes to store in buf. */ -typedef int RandBytesMethod(unsigned char* buf, int len); -typedef void RandCleanupMethod(void); -/* add = Data to mix into the random generator. - len = Number of bytes to mix from add. - entropy = Estimate of randomness contained in seed. - Should be between 0 and len. */ -typedef int RandAddMethod(const void* add, int len, double entropy); -/* buf = Buffer to store pseudorandom bytes in. - len = Number of bytes to store in buf. */ -typedef int RandPseudorandMethod(unsigned char *buf, int len); -typedef int RandStatusMethod(void); - typedef struct WOLFSSL_RAND_METHOD { - RandSeedMethod* seed; - RandBytesMethod* bytes; - RandCleanupMethod* cleanup; - RandAddMethod* add; - RandPseudorandMethod* pseudorand; - RandStatusMethod* status; + /* seed = Data to mix into the random generator. + * len = Number of bytes to mix from seed. */ + int (*seed)(const void* seed, int len); + /* buf = Buffer to store random bytes in. + * len = Number of bytes to store in buf. */ + int (*bytes)(unsigned char* buf, int len); + void (*cleanup)(void); + /* add = Data to mix into the random generator. + * len = Number of bytes to mix from add. + * entropy = Estimate of randomness contained in seed. + * Should be between 0 and len. */ + int (*add)(const void* add, int len, double entropy); + /* buf = Buffer to store pseudorandom bytes in. + * len = Number of bytes to store in buf. */ + int (*pseudorand)(unsigned char *buf, int len); + int (*status)(void); } WOLFSSL_RAND_METHOD; -typedef enum RandFunction { - RAND_SEED, - RAND_BYTES, - RAND_CLEANUP, - RAND_ADD, - RAND_PSEUDORAND, - RAND_STATUS -} RandFunction; - /* Valid Alert types from page 16/17 * Add alert string to the function wolfSSL_alert_type_string_long in src/ssl.c */ @@ -1424,7 +1408,7 @@ WOLFSSL_API const char* wolfSSL_RAND_file_name(char*, unsigned long); WOLFSSL_API int wolfSSL_RAND_write_file(const char*); WOLFSSL_API int wolfSSL_RAND_load_file(const char*, long); WOLFSSL_API int wolfSSL_RAND_egd(const char*); -WOLFSSL_API int wolfSSL_RAND_seed(const void*, int); +WOLFSSL_API void wolfSSL_RAND_seed(const void*, int); WOLFSSL_API void wolfSSL_RAND_Cleanup(void); WOLFSSL_API void wolfSSL_RAND_add(const void*, int, double); WOLFSSL_API int wolfSSL_RAND_poll(void); From 832c99597c4d26c211864e8874b9c2863f2a7599 Mon Sep 17 00:00:00 2001 From: Kareem Abuobeid Date: Wed, 17 Mar 2021 17:02:20 -0700 Subject: [PATCH 072/137] wolfSSL_RAND_set_rand_method: Code review feedback --- src/ssl.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 245c195cd..e9d15a6a0 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -13244,6 +13244,11 @@ int wolfSSL_Cleanup(void) #ifdef OPENSSL_EXTRA wolfSSL_RAND_Cleanup(); + + if (wc_FreeMutex(&gRandMethodMutex) != 0) + ret = BAD_MUTEX_E; + else + gRandMethodsInit = 0; #endif if (wolfCrypt_Cleanup() != 0) { @@ -17843,11 +17848,12 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { gRandMethods = methods; wc_UnLockMutex(&gRandMethodMutex); + return WOLFSSL_SUCCESS; } #else (void)methods; #endif - return WOLFSSL_SUCCESS; + return WOLFSSL_FAILURE; } /* Returns WOLFSSL_SUCCESS if the RNG has been seeded with enough data */ @@ -17860,6 +17866,9 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, ret = gRandMethods->status(); wc_UnLockMutex(&gRandMethodMutex); } + else { + ret = WOLFSSL_FAILURE; + } #else /* wolfCrypt provides enough seed internally, so return success */ #endif From 717c0089c02ea6b3774fcaa73516ad8dade7c255 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 18 Mar 2021 00:04:53 -0500 Subject: [PATCH 073/137] src/tls13.c: fix typo introduced in commit 697d34c80d6ad. --- src/tls13.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/tls13.c b/src/tls13.c index 25de3907d..9230ccbbe 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -1485,6 +1485,7 @@ end: #else return (word32)(ktime_get_real_ns() / (ktime_t)1000000); #endif + } #elif defined(WOLFSSL_QNX_CAAM) word32 TimeNowInMilliseconds(void) { From a64bb8aef7a2d9739e91b48b5b23ec919a023740 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 18 Mar 2021 15:17:08 +0700 Subject: [PATCH 074/137] fix unused variable in test case from Jenkins test --- tests/api.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/tests/api.c b/tests/api.c index a0a015387..90a3f7d3d 100644 --- a/tests/api.c +++ b/tests/api.c @@ -29454,15 +29454,12 @@ static void test_wolfSSL_a2i_ASN1_INTEGER(void) ASN1_INTEGER* ai; char buf[] = "123456\n12345\n112345678912345678901234567890\n"; char tmp[1024]; - int bufSz, tmpSz; - char* pt; + int tmpSz; const char expected1[] = "123456"; const char expected2[] = "112345678912345678901234567890"; printf(testingFmt, "test_wolfSSL_a2i_ASN1_INTEGER()"); - pt = (char*)buf; - bufSz = sizeof(buf); AssertNotNull(bio = BIO_new_mem_buf(buf, -1)); AssertNotNull(out = BIO_new(BIO_s_mem())); From 360c961b48daa7227519202b810db49c4d08ee30 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 18 Mar 2021 20:34:38 +0700 Subject: [PATCH 075/137] fix for unused variable in dh.c from Jenkins test --- wolfcrypt/src/dh.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index 0ddd2603d..79895267d 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -2126,7 +2126,6 @@ int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz, const byte* pub, word32 pubSz) { byte havePriv, havePub; - mp_int *keyPriv = NULL, *keyPub = NULL; if (key == NULL) { return BAD_FUNC_ARG; @@ -2154,7 +2153,6 @@ int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz, mp_clear(&key->priv); havePriv = 0; } else { - keyPriv = &key->priv; WOLFSSL_MSG("DH Private Key Set"); } } @@ -2172,8 +2170,11 @@ int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz, if (mp_read_unsigned_bin(&key->pub, pub, pubSz) != MP_OKAY) { mp_clear(&key->pub); havePub = 0; + if (havePriv) { + mp_clear(&key->priv); + havePriv = 0; /* set to 0 to error out with failed read pub */ + } } else { - keyPub = &key->pub; WOLFSSL_MSG("DH Public Key Set"); } } From de50209cdf6b909978628c535d00c69b555ec7e1 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 18 Mar 2021 22:52:36 +0700 Subject: [PATCH 076/137] adjust size when streaming with PKCS7 verify --- wolfcrypt/src/pkcs7.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 460e00575..0073e895e 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -5077,6 +5077,11 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length); if (pkcs7->stream->flagOne) { pkiMsg2 = pkiMsg; + + /* check if using internal stream buffer and should adjust sz */ + if (pkiMsg != in && pkcs7->stream->length > 0) { + pkiMsg2Sz = pkcs7->stream->length; + } } /* restore content type */ @@ -5136,7 +5141,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, } } else { - /* last state expect the reset of the buffer */ + /* last state expect the rest of the buffer */ pkcs7->stream->expected = (pkcs7->stream->maxLen - pkcs7->stream->totalRd) + pkcs7->stream->length; } @@ -5155,6 +5160,11 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, 0, &length); if (pkcs7->stream->flagOne) { pkiMsg2 = pkiMsg; + + /* check if using internal stream buffer and should adjust sz */ + if (pkiMsg != in && pkcs7->stream->length > 0) { + pkiMsg2Sz = pkcs7->stream->length; + } } /* restore content */ From 5aa23424a4eadae4b56ed6168a7550d97a799b9a Mon Sep 17 00:00:00 2001 From: Kareem Abuobeid Date: Thu, 18 Mar 2021 10:27:31 -0700 Subject: [PATCH 077/137] wolfSSL_RAND_set_rand_method: Cleanup --- src/ssl.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index e9d15a6a0..db1532d16 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -13244,11 +13244,6 @@ int wolfSSL_Cleanup(void) #ifdef OPENSSL_EXTRA wolfSSL_RAND_Cleanup(); - - if (wc_FreeMutex(&gRandMethodMutex) != 0) - ret = BAD_MUTEX_E; - else - gRandMethodsInit = 0; #endif if (wolfCrypt_Cleanup() != 0) { @@ -31902,6 +31897,9 @@ void wolfSSL_RAND_Cleanup(void) gRandMethods->cleanup(); wc_UnLockMutex(&gRandMethodMutex); } + + if (wc_FreeMutex(&gRandMethodMutex) == 0) + gRandMethodsInit = 0; #endif #ifdef HAVE_GLOBAL_RNG if (wc_LockMutex(&globalRNGMutex) == 0) { From a85e348c0e605be8c60f4b02eb594a87c7096f5b Mon Sep 17 00:00:00 2001 From: Kareem Abuobeid Date: Thu, 18 Mar 2021 11:19:04 -0700 Subject: [PATCH 078/137] Change void return from RAND_seed back to int. --- src/ssl.c | 14 +++++++++----- tests/api.c | 2 +- wolfssl/ssl.h | 2 +- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index db1532d16..d225b6f36 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -4981,7 +4981,10 @@ int wolfSSL_Init(void) return BAD_MUTEX_E; } #endif - wolfSSL_RAND_seed(NULL, 0); + if (wolfSSL_RAND_seed(NULL, 0) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_RAND_Seed failed"); + return WC_INIT_E; + } #endif #ifndef NO_SESSION_CACHE @@ -31572,13 +31575,14 @@ static int wolfSSL_RAND_Init(void) /* WOLFSSL_SUCCESS on ok */ -void wolfSSL_RAND_seed(const void* seed, int len) +int wolfSSL_RAND_seed(const void* seed, int len) { #ifndef WOLFSSL_NO_OPENSSL_RAND_CB if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) { if (gRandMethods && gRandMethods->seed) { - /* seed callback has return code, but function RAND_seed does not */ - (void)gRandMethods->seed(seed, len); + int ret = gRandMethods->seed(seed, len); + wc_UnLockMutex(&gRandMethodMutex); + return ret; } wc_UnLockMutex(&gRandMethodMutex); } @@ -31588,7 +31592,7 @@ void wolfSSL_RAND_seed(const void* seed, int len) #endif /* Make sure global shared RNG (globalRNG) is initialized */ - (void)wolfSSL_RAND_Init(); + return wolfSSL_RAND_Init(); } diff --git a/tests/api.c b/tests/api.c index 0180cfb55..18a03110c 100644 --- a/tests/api.c +++ b/tests/api.c @@ -30474,7 +30474,7 @@ static void test_wolfSSL_RAND_set_rand_method(void) rand_methods.status = &stub_rand_status; AssertIntEQ(wolfSSL_RAND_set_rand_method(&rand_methods), WOLFSSL_SUCCESS); - wolfSSL_RAND_seed(buf, num); + AssertIntEQ(wolfSSL_RAND_seed(buf, num), 123); AssertIntEQ(wolfSSL_RAND_bytes(buf, num), 456); AssertIntEQ(wolfSSL_RAND_pseudo_bytes(buf, num), 9876); AssertIntEQ(wolfSSL_RAND_status(), 5432); diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index b715caeb5..de93537ed 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1408,7 +1408,7 @@ WOLFSSL_API const char* wolfSSL_RAND_file_name(char*, unsigned long); WOLFSSL_API int wolfSSL_RAND_write_file(const char*); WOLFSSL_API int wolfSSL_RAND_load_file(const char*, long); WOLFSSL_API int wolfSSL_RAND_egd(const char*); -WOLFSSL_API void wolfSSL_RAND_seed(const void*, int); +WOLFSSL_API int wolfSSL_RAND_seed(const void*, int); WOLFSSL_API void wolfSSL_RAND_Cleanup(void); WOLFSSL_API void wolfSSL_RAND_add(const void*, int, double); WOLFSSL_API int wolfSSL_RAND_poll(void); From a27a61c9373175507ccd5513485f7e3b99be6458 Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 18 Mar 2021 11:25:48 -0700 Subject: [PATCH 079/137] Adds support for STM32G0. --- IDE/STM32Cube/default_conf.ftl | 5 +++++ IDE/STM32Cube/wolfSSL_conf.h | 5 +++++ wolfssl/wolfcrypt/settings.h | 8 ++++++-- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/IDE/STM32Cube/default_conf.ftl b/IDE/STM32Cube/default_conf.ftl index 3f67578e5..f7f21e6be 100644 --- a/IDE/STM32Cube/default_conf.ftl +++ b/IDE/STM32Cube/default_conf.ftl @@ -122,6 +122,11 @@ extern ${variable.value} ${variable.name}; #define HAL_CONSOLE_UART huart2 #define NO_STM32_RNG #define WOLFSSL_GENSEED_FORTEST +#elif defined(STM32G071xx) + #define WOLFSSL_STM32G0 + #define HAL_CONSOLE_UART huart2 + #define NO_STM32_RNG + #define WOLFSSL_GENSEED_FORTEST #else #warning Please define a hardware platform! /* This means there is not a pre-defined platform for your board/CPU */ diff --git a/IDE/STM32Cube/wolfSSL_conf.h b/IDE/STM32Cube/wolfSSL_conf.h index 793e12858..0cc1c1261 100644 --- a/IDE/STM32Cube/wolfSSL_conf.h +++ b/IDE/STM32Cube/wolfSSL_conf.h @@ -177,6 +177,11 @@ #define HAL_CONSOLE_UART huart2 #define NO_STM32_RNG #define WOLFSSL_GENSEED_FORTEST +#elif defined(STM32G071xx) + #define WOLFSSL_STM32G0 + #define HAL_CONSOLE_UART huart2 + #define NO_STM32_RNG + #define WOLFSSL_GENSEED_FORTEST #else #warning Please define a hardware platform! /* This means there is not a pre-defined platform for your board/CPU */ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 253264a9f..ee7caec50 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1240,7 +1240,8 @@ extern void uITRON4_free(void *p) ; #if defined(WOLFSSL_STM32F2) || defined(WOLFSSL_STM32F4) || \ defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32F1) || \ defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \ - defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32H7) + defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32H7) || \ + defined(WOLFSSL_STM32G0) #define SIZEOF_LONG_LONG 8 #ifndef CHAR_BIT @@ -1293,6 +1294,8 @@ extern void uITRON4_free(void *p) ; #include "stm32h7xx_hal.h" #elif defined(WOLFSSL_STM32WB) #include "stm32wbxx_hal.h" + #elif defined(WOLFSSL_STM32G0) + #include "stm32g0xx_hal.h" #endif #if defined(WOLFSSL_CUBEMX_USE_LL) && defined(WOLFSSL_STM32L4) #include "stm32l4xx_ll_rng.h" @@ -1343,7 +1346,8 @@ extern void uITRON4_free(void *p) ; #endif #endif /* WOLFSSL_STM32_CUBEMX */ #endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 || - WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB || WOLFSSL_STM32H7 */ + WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB || + WOLFSSL_STM32H7 || WOLFSSL_STM32G0 */ #ifdef WOLFSSL_DEOS #include #include From 6bf3c0863483547534aba2e06331302a6de0f1a4 Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 11 Mar 2021 14:51:47 -0800 Subject: [PATCH 080/137] Fixes for SP RSA/DH with `WOLFSSL_SP_NO_MALLOC`. Cleanup of the SP no malloc code for ECC, RSA and DH. --- wolfcrypt/src/sp_arm32.c | 3092 +++++++++++------------- wolfcrypt/src/sp_arm64.c | 3014 +++++++++++------------- wolfcrypt/src/sp_armthumb.c | 3092 +++++++++++------------- wolfcrypt/src/sp_c32.c | 4454 +++++++++++++++++------------------ wolfcrypt/src/sp_c64.c | 4442 +++++++++++++++++----------------- wolfcrypt/src/sp_cortexm.c | 3092 +++++++++++------------- wolfcrypt/src/sp_x86_64.c | 3192 ++++++++++++------------- 7 files changed, 11477 insertions(+), 12901 deletions(-) diff --git a/wolfcrypt/src/sp_arm32.c b/wolfcrypt/src/sp_arm32.c index 2af49347f..18e31014b 100644 --- a/wolfcrypt/src/sp_arm32.c +++ b/wolfcrypt/src/sp_arm32.c @@ -4701,12 +4701,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[16 * 64]; #endif sp_digit* t[16]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -4718,19 +4718,14 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 64), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<16; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 64; -#else - t[i] = &td[i * 64]; -#endif } sp_2048_mont_setup(m, &mp); @@ -4826,9 +4821,8 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -4847,12 +4841,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[32 * 64]; #endif sp_digit* t[32]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -4864,19 +4858,14 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 64), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<32; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 64; -#else - t[i] = &td[i * 64]; -#endif } sp_2048_mont_setup(m, &mp); @@ -4989,9 +4978,8 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -6992,12 +6980,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[16 * 128]; #endif sp_digit* t[16]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -7009,19 +6997,14 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 128), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<16; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 128; -#else - t[i] = &td[i * 128]; -#endif } sp_2048_mont_setup(m, &mp); @@ -7117,9 +7100,8 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -7138,12 +7120,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[32 * 128]; #endif sp_digit* t[32]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -7155,19 +7137,14 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 128), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<32; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 128; -#else - t[i] = &td[i * 128]; -#endif } sp_2048_mont_setup(m, &mp); @@ -7280,9 +7257,8 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -7306,18 +7282,15 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, const mp_int* mm, byte* out, word32* outLen) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit a[128]; - sp_digit m[64]; - sp_digit r[128]; -#else - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[64 * 5]; +#endif sp_digit* m = NULL; sp_digit* r = NULL; -#endif sp_digit *ah = NULL; - sp_digit e[1]; + sp_digit e[1] = {0}; int err = MP_OKAY; if (*outLen < 256) { @@ -7331,22 +7304,18 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 5, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) + if (a == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - a = d; - r = a + 64 * 2; - m = r + 64 * 2; - } #endif if (err == MP_OKAY) { + r = a + 64 * 2; + m = r + 64 * 2; ah = a + 64; sp_2048_from_bin(ah, 64, in, inLen); @@ -7419,10 +7388,9 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, *outLen = 256; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -7657,8 +7625,12 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, const mp_int* qim, const mp_int* mm, byte* out, word32* outLen) { #if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM) - sp_digit* a = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[64 * 4]; +#endif + sp_digit* a = NULL; sp_digit* m = NULL; sp_digit* r = NULL; int err = MP_OKAY; @@ -7687,13 +7659,15 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 4, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) { + if (d == NULL) err = MEMORY_E; - } } +#endif + if (err == MP_OKAY) { a = d + 64; m = a + 128; @@ -7704,34 +7678,36 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, sp_2048_from_mp(m, 64, mm); err = sp_2048_mod_exp_64(r, a, d, 2048, m, 0); } + if (err == MP_OKAY) { sp_2048_to_bin(r, out); *outLen = 256; } - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 64); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) +#endif + { + /* only "a" and "r" are sensitive and need zeroized (same pointer) */ + if (a != NULL) + ForceZero(a, sizeof(sp_digit) * 64); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#endif } return err; #else -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit a[64 * 2]; - sp_digit p[32]; - sp_digit q[32]; - sp_digit dp[32]; - sp_digit tmpa[64]; - sp_digit tmpb[64]; -#else - sp_digit* t = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[32 * 11]; +#endif sp_digit* p = NULL; sp_digit* q = NULL; sp_digit* dp = NULL; sp_digit* tmpa = NULL; sp_digit* tmpb = NULL; -#endif sp_digit* r = NULL; sp_digit* qi = NULL; sp_digit* dq = NULL; @@ -7751,31 +7727,23 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 11, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 11, NULL, DYNAMIC_TYPE_RSA); - if (t == NULL) + if (a == NULL) err = MEMORY_E; } +#endif + if (err == MP_OKAY) { - a = t; p = a + 64 * 2; q = p + 32; qi = dq = dp = q + 32; tmpa = qi + 32; tmpb = tmpa + 64; - - r = t + 64; - } -#else -#endif - - if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) r = a; - qi = dq = dp; -#endif + sp_2048_from_bin(a, 64, in, inLen); sp_2048_from_mp(p, 32, pm); sp_2048_from_mp(q, 32, qm); @@ -7807,19 +7775,16 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, *outLen = 256; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_digit) * 32 * 11); - XFREE(t, NULL, DYNAMIC_TYPE_RSA); - } -#else - XMEMSET(tmpa, 0, sizeof(tmpa)); - XMEMSET(tmpb, 0, sizeof(tmpb)); - XMEMSET(p, 0, sizeof(p)); - XMEMSET(q, 0, sizeof(q)); - XMEMSET(dp, 0, sizeof(dp)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) #endif -#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */ + { + ForceZero(a, sizeof(sp_digit) * 32 * 11); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); + #endif + } +#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */ return err; } #endif /* WOLFSSL_RSA_PUBLIC_ONLY */ @@ -8353,12 +8318,12 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[193]; #endif - sp_digit* norm; - sp_digit* tmp; + sp_digit* norm = NULL; + sp_digit* tmp = NULL; sp_digit mp = 1; sp_digit n; sp_digit o; @@ -8371,18 +8336,13 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 193, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) tmp = td + 128; -#else - tmp = &td[128]; -#endif sp_2048_mont_setup(m, &mp); sp_2048_mont_norm_64(norm, m); @@ -8453,9 +8413,8 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -15331,12 +15290,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[16 * 96]; #endif sp_digit* t[16]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -15348,19 +15307,14 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 96), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<16; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 96; -#else - t[i] = &td[i * 96]; -#endif } sp_3072_mont_setup(m, &mp); @@ -15456,9 +15410,8 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -15477,12 +15430,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[32 * 96]; #endif sp_digit* t[32]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -15494,19 +15447,14 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 96), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<32; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 96; -#else - t[i] = &td[i * 96]; -#endif } sp_3072_mont_setup(m, &mp); @@ -15619,9 +15567,8 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -18422,12 +18369,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[16 * 192]; #endif sp_digit* t[16]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -18439,19 +18386,14 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 192), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<16; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 192; -#else - t[i] = &td[i * 192]; -#endif } sp_3072_mont_setup(m, &mp); @@ -18547,9 +18489,8 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -18568,12 +18509,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[32 * 192]; #endif sp_digit* t[32]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -18585,19 +18526,14 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 192), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<32; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 192; -#else - t[i] = &td[i * 192]; -#endif } sp_3072_mont_setup(m, &mp); @@ -18710,9 +18646,8 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -18736,18 +18671,15 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, const mp_int* mm, byte* out, word32* outLen) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit a[192]; - sp_digit m[96]; - sp_digit r[192]; -#else - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[96 * 5]; +#endif sp_digit* m = NULL; sp_digit* r = NULL; -#endif sp_digit *ah = NULL; - sp_digit e[1]; + sp_digit e[1] = {0}; int err = MP_OKAY; if (*outLen < 384) { @@ -18761,22 +18693,18 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 96 * 5, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 96 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) + if (a == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - a = d; - r = a + 96 * 2; - m = r + 96 * 2; - } #endif if (err == MP_OKAY) { + r = a + 96 * 2; + m = r + 96 * 2; ah = a + 96; sp_3072_from_bin(ah, 96, in, inLen); @@ -18849,10 +18777,9 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, *outLen = 384; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -19167,8 +19094,12 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, const mp_int* qim, const mp_int* mm, byte* out, word32* outLen) { #if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM) - sp_digit* a = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[96 * 4]; +#endif + sp_digit* a = NULL; sp_digit* m = NULL; sp_digit* r = NULL; int err = MP_OKAY; @@ -19197,13 +19128,15 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 96 * 4, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) { + if (d == NULL) err = MEMORY_E; - } } +#endif + if (err == MP_OKAY) { a = d + 96; m = a + 192; @@ -19214,34 +19147,36 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, sp_3072_from_mp(m, 96, mm); err = sp_3072_mod_exp_96(r, a, d, 3072, m, 0); } + if (err == MP_OKAY) { sp_3072_to_bin(r, out); *outLen = 384; } - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 96); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) +#endif + { + /* only "a" and "r" are sensitive and need zeroized (same pointer) */ + if (a != NULL) + ForceZero(a, sizeof(sp_digit) * 96); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#endif } return err; #else -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit a[96 * 2]; - sp_digit p[48]; - sp_digit q[48]; - sp_digit dp[48]; - sp_digit tmpa[96]; - sp_digit tmpb[96]; -#else - sp_digit* t = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[48 * 11]; +#endif sp_digit* p = NULL; sp_digit* q = NULL; sp_digit* dp = NULL; sp_digit* tmpa = NULL; sp_digit* tmpb = NULL; -#endif sp_digit* r = NULL; sp_digit* qi = NULL; sp_digit* dq = NULL; @@ -19261,31 +19196,23 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 48 * 11, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 48 * 11, NULL, DYNAMIC_TYPE_RSA); - if (t == NULL) + if (a == NULL) err = MEMORY_E; } +#endif + if (err == MP_OKAY) { - a = t; p = a + 96 * 2; q = p + 48; qi = dq = dp = q + 48; tmpa = qi + 48; tmpb = tmpa + 96; - - r = t + 96; - } -#else -#endif - - if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) r = a; - qi = dq = dp; -#endif + sp_3072_from_bin(a, 96, in, inLen); sp_3072_from_mp(p, 48, pm); sp_3072_from_mp(q, 48, qm); @@ -19317,19 +19244,16 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, *outLen = 384; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_digit) * 48 * 11); - XFREE(t, NULL, DYNAMIC_TYPE_RSA); - } -#else - XMEMSET(tmpa, 0, sizeof(tmpa)); - XMEMSET(tmpb, 0, sizeof(tmpb)); - XMEMSET(p, 0, sizeof(p)); - XMEMSET(q, 0, sizeof(q)); - XMEMSET(dp, 0, sizeof(dp)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) #endif -#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */ + { + ForceZero(a, sizeof(sp_digit) * 48 * 11); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); + #endif + } +#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */ return err; } #endif /* WOLFSSL_RSA_PUBLIC_ONLY */ @@ -20055,12 +19979,12 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[289]; #endif - sp_digit* norm; - sp_digit* tmp; + sp_digit* norm = NULL; + sp_digit* tmp = NULL; sp_digit mp = 1; sp_digit n; sp_digit o; @@ -20073,18 +19997,13 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 289, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) tmp = td + 192; -#else - tmp = &td[192]; -#endif sp_3072_mont_setup(m, &mp); sp_3072_mont_norm_96(norm, m); @@ -20155,9 +20074,8 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -26354,12 +26272,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[16 * 256]; #endif sp_digit* t[16]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -26371,19 +26289,14 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 256), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<16; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 256; -#else - t[i] = &td[i * 256]; -#endif } sp_4096_mont_setup(m, &mp); @@ -26479,9 +26392,8 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -26500,12 +26412,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[32 * 256]; #endif sp_digit* t[32]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -26517,19 +26429,14 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 256), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<32; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 256; -#else - t[i] = &td[i * 256]; -#endif } sp_4096_mont_setup(m, &mp); @@ -26642,9 +26549,8 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -26668,18 +26574,15 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, const mp_int* mm, byte* out, word32* outLen) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit a[256]; - sp_digit m[128]; - sp_digit r[256]; -#else - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[128 * 5]; +#endif sp_digit* m = NULL; sp_digit* r = NULL; -#endif sp_digit *ah = NULL; - sp_digit e[1]; + sp_digit e[1] = {0}; int err = MP_OKAY; if (*outLen < 512) { @@ -26693,22 +26596,18 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 128 * 5, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 128 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) + if (a == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - a = d; - r = a + 128 * 2; - m = r + 128 * 2; - } #endif if (err == MP_OKAY) { + r = a + 128 * 2; + m = r + 128 * 2; ah = a + 128; sp_4096_from_bin(ah, 128, in, inLen); @@ -26781,10 +26680,9 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, *outLen = 512; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -27179,8 +27077,12 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, const mp_int* qim, const mp_int* mm, byte* out, word32* outLen) { #if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM) - sp_digit* a = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[128 * 4]; +#endif + sp_digit* a = NULL; sp_digit* m = NULL; sp_digit* r = NULL; int err = MP_OKAY; @@ -27209,13 +27111,15 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 128 * 4, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) { + if (d == NULL) err = MEMORY_E; - } } +#endif + if (err == MP_OKAY) { a = d + 128; m = a + 256; @@ -27226,34 +27130,36 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, sp_4096_from_mp(m, 128, mm); err = sp_4096_mod_exp_128(r, a, d, 4096, m, 0); } + if (err == MP_OKAY) { sp_4096_to_bin(r, out); *outLen = 512; } - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 128); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) +#endif + { + /* only "a" and "r" are sensitive and need zeroized (same pointer) */ + if (a != NULL) + ForceZero(a, sizeof(sp_digit) * 128); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#endif } return err; #else -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit a[128 * 2]; - sp_digit p[64]; - sp_digit q[64]; - sp_digit dp[64]; - sp_digit tmpa[128]; - sp_digit tmpb[128]; -#else - sp_digit* t = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[64 * 11]; +#endif sp_digit* p = NULL; sp_digit* q = NULL; sp_digit* dp = NULL; sp_digit* tmpa = NULL; sp_digit* tmpb = NULL; -#endif sp_digit* r = NULL; sp_digit* qi = NULL; sp_digit* dq = NULL; @@ -27273,31 +27179,23 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 11, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 11, NULL, DYNAMIC_TYPE_RSA); - if (t == NULL) + if (a == NULL) err = MEMORY_E; } +#endif + if (err == MP_OKAY) { - a = t; p = a + 128 * 2; q = p + 64; qi = dq = dp = q + 64; tmpa = qi + 64; tmpb = tmpa + 128; - - r = t + 128; - } -#else -#endif - - if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) r = a; - qi = dq = dp; -#endif + sp_4096_from_bin(a, 128, in, inLen); sp_4096_from_mp(p, 64, pm); sp_4096_from_mp(q, 64, qm); @@ -27329,19 +27227,16 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, *outLen = 512; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_digit) * 64 * 11); - XFREE(t, NULL, DYNAMIC_TYPE_RSA); - } -#else - XMEMSET(tmpa, 0, sizeof(tmpa)); - XMEMSET(tmpb, 0, sizeof(tmpb)); - XMEMSET(p, 0, sizeof(p)); - XMEMSET(q, 0, sizeof(q)); - XMEMSET(dp, 0, sizeof(dp)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) #endif -#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */ + { + ForceZero(a, sizeof(sp_digit) * 64 * 11); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); + #endif + } +#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */ return err; } #endif /* WOLFSSL_RSA_PUBLIC_ONLY */ @@ -28259,12 +28154,12 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[385]; #endif - sp_digit* norm; - sp_digit* tmp; + sp_digit* norm = NULL; + sp_digit* tmp = NULL; sp_digit mp = 1; sp_digit n; sp_digit o; @@ -28277,18 +28172,13 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 385, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) tmp = td + 256; -#else - tmp = &td[256]; -#endif sp_4096_mont_setup(m, &mp); sp_4096_mont_norm_128(norm, m); @@ -28359,9 +28249,8 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -29648,64 +29537,6 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, } #endif /* WOLFSSL_SP_SMALL */ -/* Create a new point. - * - * heap [in] Buffer to allocate dynamic memory from. - * sp [in] Data for point - only if not allocating. - * p [out] New point. - * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise. - */ -static int sp_256_point_new_ex_8(void* heap, sp_point_256* sp, - sp_point_256** p) -{ - int ret = MP_OKAY; - (void)heap; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - (void)sp; - *p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC); -#else - *p = sp; -#endif - if (*p == NULL) { - ret = MEMORY_E; - } - return ret; -} - -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* Allocate memory for point and return error. */ -#define sp_256_point_new_8(heap, sp, p) sp_256_point_new_ex_8((heap), NULL, &(p)) -#else -/* Set pointer to data and return no error. */ -#define sp_256_point_new_8(heap, sp, p) sp_256_point_new_ex_8((heap), &(sp), &(p)) -#endif - - -/* Free the point. - * - * p [in,out] Point to free. - * clear [in] Indicates whether to zeroize point. - * heap [in] Buffer from which dynamic memory was allocate from. - */ -static void sp_256_point_free_8(sp_point_256* p, int clear, void* heap) -{ -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* If valid pointer then clear point data if requested and free data. */ - if (p != NULL) { - if (clear != 0) { - XMEMSET(p, 0, sizeof(*p)); - } - XFREE(p, heap, DYNAMIC_TYPE_ECC); - } -#else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { - XMEMSET(p, 0, sizeof(*p)); - } -#endif - (void)heap; -} - /* Multiply a number by Montogmery normalizer mod modulus (prime). * * r The resulting Montgomery form number. @@ -32739,56 +32570,55 @@ static void sp_256_get_point_16_8(sp_point_256* r, const sp_point_256* table, static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 td[16]; - sp_point_256 rtd; - sp_digit tmpd[2 * 8 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* t = NULL; + sp_digit* tmp = NULL; +#else + sp_point_256 t[16]; + sp_digit tmp[2 * 8 * 5]; +#endif + sp_point_256* rt = NULL; #ifndef WC_NO_CACHE_RESISTANT - sp_point_256 pd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* p = NULL; +#else + sp_point_256 p[1]; #endif -#endif - sp_point_256* t; - sp_point_256* rt; -#ifndef WC_NO_CACHE_RESISTANT - sp_point_256* p; -#endif - sp_digit* tmp; +#endif /* !WC_NO_CACHE_RESISTANT */ sp_digit n; int i; int c; int y; - int err; + int err = MP_OKAY; /* Constant time used for cache attack resistance implementation. */ (void)ct; (void)heap; - err = sp_256_point_new_8(heap, rtd, rt); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -#ifndef WC_NO_CACHE_RESISTANT - t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 17, heap, DYNAMIC_TYPE_ECC); -#else - t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 16, heap, DYNAMIC_TYPE_ECC); -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 16, + heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; -#else - t = td; - tmp = tmpd; + #ifndef WC_NO_CACHE_RESISTANT + if (err == MP_OKAY) { + p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), + heap, DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } + #endif + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap, + DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { -#ifndef WC_NO_CACHE_RESISTANT - #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - p = t + 16; - #else - p = &pd; - #endif -#endif + rt = t + 16; + /* t[0] = {0, 0, 1} * norm */ XMEMSET(&t[0], 0, sizeof(t[0])); t[0].infinity = 1; @@ -32876,20 +32706,35 @@ static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, cons } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { - XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 8 * 5); - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); - } - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_point_256) * 16); - XFREE(t, heap, DYNAMIC_TYPE_ECC); - } -#else - ForceZero(tmpd, sizeof(tmpd)); - ForceZero(td, sizeof(td)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) #endif - sp_256_point_free_8(rt, 1, heap); + { + ForceZero(tmp, sizeof(sp_digit) * 2 * 8 * 5); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + #endif + } +#ifndef WC_NO_CACHE_RESISTANT + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (p != NULL) + #endif + { + ForceZero(p, sizeof(sp_point_256)); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(p, heap, DYNAMIC_TYPE_ECC); + #endif + } +#endif /* !WC_NO_CACHE_RESISTANT */ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) +#endif + { + ForceZero(t, sizeof(sp_point_256) * 17); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(t, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -33113,29 +32958,30 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r, const sp_point_256* p, static int sp_256_gen_stripe_table_8(const sp_point_256* a, sp_table_entry_256* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 td; - sp_point_256 s1d; - sp_point_256 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* t = NULL; +#else + sp_point_256 t[3]; #endif - sp_point_256* t; sp_point_256* s1 = NULL; sp_point_256* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_256_point_new_8(heap, td, t); - if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_256_mod_mul_norm_8(t->x, a->x, p256_mod); } if (err == MP_OKAY) { @@ -33180,9 +33026,10 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a, } } - sp_256_point_free_8(s2, 0, heap); - sp_256_point_free_8(s1, 0, heap); - sp_256_point_free_8( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -33258,19 +33105,19 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, const sp_table_entry_256* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 rtd; - sp_point_256 pd; - sp_digit td[2 * 8 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_256 rt[2]; + sp_digit t[2 * 8 * 5]; #endif - sp_point_256* rt; sp_point_256* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -33278,21 +33125,22 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, (void)heap; - err = sp_256_point_new_8(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod)); XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod)); @@ -33343,13 +33191,12 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(p, 0, heap); - sp_256_point_free_8(rt, 0, heap); return err; } @@ -33515,29 +33362,30 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g, const sp_ static int sp_256_gen_stripe_table_8(const sp_point_256* a, sp_table_entry_256* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 td; - sp_point_256 s1d; - sp_point_256 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* t = NULL; +#else + sp_point_256 t[3]; #endif - sp_point_256* t; sp_point_256* s1 = NULL; sp_point_256* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_256_point_new_8(heap, td, t); - if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_256_mod_mul_norm_8(t->x, a->x, p256_mod); } if (err == MP_OKAY) { @@ -33582,9 +33430,10 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a, } } - sp_256_point_free_8(s2, 0, heap); - sp_256_point_free_8(s1, 0, heap); - sp_256_point_free_8( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -33660,19 +33509,19 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, const sp_table_entry_256* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 rtd; - sp_point_256 pd; - sp_digit td[2 * 8 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_256 rt[2]; + sp_digit t[2 * 8 * 5]; #endif - sp_point_256* rt; sp_point_256* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -33680,21 +33529,22 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, (void)heap; - err = sp_256_point_new_8(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod)); XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod)); @@ -33745,13 +33595,12 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(p, 0, heap); - sp_256_point_free_8(rt, 0, heap); return err; } @@ -33915,25 +33764,28 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g, const sp_ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[8]; -#endif - sp_point_256* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[1]; + sp_digit k[8]; +#endif int err = MP_OKAY; - err = sp_256_point_new_8(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_256_from_mp(k, 8, km); sp_256_point_from_ecc_point_8(point, gm); @@ -33944,12 +33796,12 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, err = sp_256_point_to_ecc_point_8(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(point, 0, heap); return err; } @@ -33969,37 +33821,35 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_point_256 a; - sp_digit kd[8]; - sp_digit t[8 * 2 * 5]; -#endif - sp_point_256* point; - sp_point_256* addP = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[2]; + sp_digit k[8 + 8 * 2 * 5]; +#endif + sp_point_256* addP = NULL; sp_digit* tmp = NULL; int err = MP_OKAY; - err = sp_256_point_new_8(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 + 8 * 2 * 5), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (8 + 8 * 2 * 5), heap, + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 8; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 8; + sp_256_from_mp(k, 8, km); sp_256_point_from_ecc_point_8(point, gm); sp_256_point_from_ecc_point_8(addP, am); @@ -34026,13 +33876,12 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, err = sp_256_point_to_ecc_point_8(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(addP, 0, heap); - sp_256_point_free_8(point, 0, heap); return err; } @@ -35466,26 +35315,28 @@ static int sp_256_ecc_mulmod_base_8(sp_point_256* r, const sp_digit* k, */ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[8]; -#endif - sp_point_256* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[1]; + sp_digit k[8]; +#endif int err = MP_OKAY; - err = sp_256_point_new_8(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_256_from_mp(k, 8, km); @@ -35495,12 +35346,12 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) err = sp_256_point_to_ecc_point_8(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(point, 0, heap); return err; } @@ -35519,37 +35370,35 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_point_256 a; - sp_digit kd[8]; - sp_digit t[8 * 2 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; + sp_digit* k = NULL; +#else + sp_point_256 point[2]; + sp_digit k[8 + 8 * 2 * 5]; #endif - sp_point_256* point; sp_point_256* addP = NULL; sp_digit* tmp = NULL; - sp_digit* k = NULL; int err = MP_OKAY; - err = sp_256_point_new_8(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 + 8 * 2 * 5), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (8 + 8 * 2 * 5), + heap, DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 8; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 8; + sp_256_from_mp(k, 8, km); sp_256_point_from_ecc_point_8(addP, am); } @@ -35575,13 +35424,12 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, err = sp_256_point_to_ecc_point_8(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(addP, 0, heap); - sp_256_point_free_8(point, 0, heap); return err; } @@ -35710,41 +35558,46 @@ static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k) */ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[8]; -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_point_256 inf; -#endif -#endif - sp_point_256* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + sp_point_256 point[2]; + #else + sp_point_256 point[1]; + #endif + sp_digit k[8]; +#endif #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN sp_point_256* infinity = NULL; #endif - int err; + int err = MP_OKAY; + (void)heap; - err = sp_256_point_new_8(heap, p, point); -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, inf, infinity); - } -#endif -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, DYNAMIC_TYPE_ECC); + #else + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC); + #endif + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif if (err == MP_OKAY) { + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + infinity = point + 1; + #endif + err = sp_256_ecc_gen_k_8(rng, k); } if (err == MP_OKAY) { @@ -35769,15 +35622,14 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_256_point_to_ecc_point_8(point, pub); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); + if (point != NULL) { + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); } #endif -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_256_point_free_8(infinity, 1, heap); -#endif - sp_256_point_free_8(point, 1, heap); return err; } @@ -35838,30 +35690,32 @@ static void sp_256_to_bin(sp_digit* r, byte* a) int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, word32* outLen, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[8]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[1]; + sp_digit k[8]; +#endif int err = MP_OKAY; if (*outLen < 32U) { err = BUFFER_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, p, point); + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif if (err == MP_OKAY) { @@ -35874,12 +35728,12 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, *outLen = 32; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(point, 0, heap); return err; } @@ -36656,22 +36510,17 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit ed[2*8]; - sp_digit xd[2*8]; - sp_digit kd[2*8]; - sp_digit rd[2*8]; - sp_digit td[3 * 2*8]; - sp_point_256 p; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* e = NULL; + sp_point_256* point = NULL; +#else + sp_digit e[7 * 2 * 8]; + sp_point_256 point[1]; +#endif sp_digit* x = NULL; sp_digit* k = NULL; sp_digit* r = NULL; sp_digit* tmp = NULL; - sp_point_256* point = NULL; sp_digit* s = NULL; int32_t c; int err = MP_OKAY; @@ -36679,31 +36528,26 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, (void)heap; - err = sp_256_point_new_8(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 8, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 8, heap, + DYNAMIC_TYPE_ECC); + if (e == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - e = d + 0 * 8; - x = d + 2 * 8; - k = d + 4 * 8; - r = d + 6 * 8; - tmp = d + 8 * 8; -#else - e = ed; - x = xd; - k = kd; - r = rd; - tmp = td; -#endif + x = e + 2 * 8; + k = e + 4 * 8; + r = e + 6 * 8; + tmp = e + 8 * 8; s = e; if (hashLen > 32U) { @@ -36758,19 +36602,24 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, err = sp_256_to_mp(s, sm); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 8 * 8); - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 2U * 8U); - XMEMSET(x, 0, sizeof(sp_digit) * 2U * 8U); - XMEMSET(k, 0, sizeof(sp_digit) * 2U * 8U); - XMEMSET(r, 0, sizeof(sp_digit) * 2U * 8U); - XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 8U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (e != NULL) #endif - sp_256_point_free_8(point, 1, heap); + { + ForceZero(e, sizeof(sp_digit) * 7 * 2 * 8); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(e, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (point != NULL) +#endif + { + ForceZero(point, sizeof(sp_point_256)); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(point, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -37350,52 +37199,41 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, int* res, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit u1d[2*8]; - sp_digit u2d[2*8]; - sp_digit sd[2*8]; - sp_digit tmpd[2*8 * 5]; - sp_point_256 p1d; - sp_point_256 p2d; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* u1 = NULL; + sp_point_256* p1 = NULL; +#else + sp_digit u1[16 * 8]; + sp_point_256 p1[2]; +#endif sp_digit* u2 = NULL; sp_digit* s = NULL; sp_digit* tmp = NULL; - sp_point_256* p1; sp_point_256* p2 = NULL; sp_digit carry; int32_t c = 0; - int err; + int err = MP_OKAY; - err = sp_256_point_new_8(heap, p1d, p1); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, p2d, p2); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 8, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + p1 = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (p1 == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 8, heap, + DYNAMIC_TYPE_ECC); + if (u1 == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - u1 = d + 0 * 8; - u2 = d + 2 * 8; - s = d + 4 * 8; - tmp = d + 6 * 8; -#else - u1 = u1d; - u2 = u2d; - s = sd; - tmp = tmpd; -#endif + u2 = u1 + 2 * 8; + s = u1 + 4 * 8; + tmp = u1 + 6 * 8; + p2 = p1 + 1; if (hashLen > 32U) { hashLen = 32U; @@ -37446,12 +37284,12 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) - XFREE(d, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (u1 != NULL) + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + if (p1 != NULL) + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(p1, 0, heap); - sp_256_point_free_8(p2, 0, heap); return err; } @@ -37468,32 +37306,23 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, static int sp_256_ecc_is_point_8(const sp_point_256* point, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2*8]; - sp_digit t2d[2*8]; + sp_digit t1[8 * 4]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8 * 4, heap, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8 * 4, heap, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif (void)heap; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 8; - t2 = d + 2 * 8; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 8; sp_256_sqr_8(t1, point->y); (void)sp_256_mod_8(t1, t1, p256_mod); @@ -37513,10 +37342,9 @@ static int sp_256_ecc_is_point_8(const sp_point_256* point, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -37531,14 +37359,21 @@ static int sp_256_ecc_is_point_8(const sp_point_256* point, */ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 pubd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* pub = NULL; +#else + sp_point_256 pub[1]; +#endif + const byte one[1] = { 1 }; + int err = MP_OKAY; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; #endif - sp_point_256* pub; - byte one[1] = { 1 }; - int err; - err = sp_256_point_new_8(NULL, pubd, pub); if (err == MP_OKAY) { sp_256_from_mp(pub->x, 8, pX); sp_256_from_mp(pub->y, 8, pY); @@ -37547,7 +37382,10 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) err = sp_256_ecc_is_point_8(pub, NULL); } - sp_256_point_free_8(pub, 0, NULL); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -37566,45 +37404,45 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, const mp_int* privm, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit privd[8]; - sp_point_256 pubd; - sp_point_256 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* priv = NULL; - sp_point_256* pub; - sp_point_256* p = NULL; - byte one[1] = { 1 }; - int err; - - err = sp_256_point_new_8(heap, pubd, pub); - if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY && privm) { - priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap, - DYNAMIC_TYPE_ECC); - if (priv == NULL) { - err = MEMORY_E; - } - } + sp_point_256* pub = NULL; +#else + sp_digit priv[8]; + sp_point_256 pub[2]; #endif + sp_point_256* p = NULL; + const byte one[1] = { 1 }; + int err = MP_OKAY; + /* Quick check the lengs of public key ordinates and private key are in * range. Proper check later. */ - if ((err == MP_OKAY) && ((mp_count_bits(pX) > 256) || + if (((mp_count_bits(pX) > 256) || (mp_count_bits(pY) > 256) || ((privm != NULL) && (mp_count_bits(privm) > 256)))) { err = ECC_OUT_OF_RANGE_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - priv = privd; + pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY && privm) { + priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap, + DYNAMIC_TYPE_ECC); + if (priv == NULL) + err = MEMORY_E; + } #endif + if (err == MP_OKAY) { + p = pub + 1; + sp_256_from_mp(pub->x, 8, pX); sp_256_from_mp(pub->y, 8, pY); sp_256_from_bin(pub->z, 8, one, (int)sizeof(one)); @@ -37653,13 +37491,12 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (priv != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + if (priv != NULL) XFREE(priv, heap, DYNAMIC_TYPE_ECC); - } #endif - sp_256_point_free_8(p, 0, heap); - sp_256_point_free_8(pub, 0, heap); return err; } @@ -37683,33 +37520,35 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* qX, mp_int* qY, mp_int* qZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 8 * 5]; - sp_point_256 pd; - sp_point_256 qd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_256* p; + sp_point_256* p = NULL; +#else + sp_digit tmp[2 * 8 * 5]; + sp_point_256 p[2]; +#endif sp_point_256* q = NULL; int err; - err = sp_256_point_new_8(NULL, pd, p); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_256_point_new_8(NULL, qd, q); + p = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, NULL, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (tmp == NULL) { err = MEMORY_E; } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { + q = p + 1; + sp_256_from_mp(p->x, 8, pX); sp_256_from_mp(p->y, 8, pY); sp_256_from_mp(p->z, 8, pZ); @@ -37730,13 +37569,12 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_256_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(q, 0, NULL); - sp_256_point_free_8(p, 0, NULL); return err; } @@ -37755,25 +37593,28 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 8 * 2]; - sp_point_256 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_256* p; - int err; + sp_point_256* p = NULL; +#else + sp_digit tmp[2 * 8 * 2]; + sp_point_256 p[1]; +#endif + int err = MP_OKAY; - err = sp_256_point_new_8(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 2, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { @@ -37794,12 +37635,12 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_256_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(p, 0, NULL); return err; } @@ -37814,25 +37655,29 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, */ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 8 * 4]; - sp_point_256 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_256* p; - int err; + sp_point_256* p = NULL; +#else + sp_digit tmp[2 * 8 * 4]; + sp_point_256 p[1]; +#endif + int err = MP_OKAY; - err = sp_256_point_new_8(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 4, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { sp_256_from_mp(p->x, 8, pX); @@ -37852,12 +37697,12 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) err = sp_256_to_mp(p->z, pZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(p, 0, NULL); return err; } @@ -37870,31 +37715,23 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) */ static int sp_256_mont_sqrt_8(sp_digit* y) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2 * 8]; - sp_digit t2d[2 * 8]; + sp_digit t1[4 * 8]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC); + if (t1 == NULL) { err = MEMORY_E; } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 8; - t2 = d + 2 * 8; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 8; { /* t2 = y ^ 0x2 */ @@ -37929,10 +37766,9 @@ static int sp_256_mont_sqrt_8(sp_digit* y) } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -37948,31 +37784,22 @@ static int sp_256_mont_sqrt_8(sp_digit* y) */ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; -#else - sp_digit xd[2 * 8]; - sp_digit yd[2 * 8]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* x = NULL; +#else + sp_digit x[4 * 8]; +#endif sp_digit* y = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC); + if (x == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - x = d + 0 * 8; - y = d + 2 * 8; -#else - x = xd; - y = yd; -#endif + y = x + 2 * 8; sp_256_from_mp(x, 8, xm); err = sp_256_mod_mul_norm_8(x, x, p256_mod); @@ -38005,10 +37832,9 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) err = sp_256_to_mp(y, ym); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (x != NULL) + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -40145,64 +39971,6 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, } #endif /* WOLFSSL_SP_SMALL */ -/* Create a new point. - * - * heap [in] Buffer to allocate dynamic memory from. - * sp [in] Data for point - only if not allocating. - * p [out] New point. - * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise. - */ -static int sp_384_point_new_ex_12(void* heap, sp_point_384* sp, - sp_point_384** p) -{ - int ret = MP_OKAY; - (void)heap; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - (void)sp; - *p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC); -#else - *p = sp; -#endif - if (*p == NULL) { - ret = MEMORY_E; - } - return ret; -} - -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* Allocate memory for point and return error. */ -#define sp_384_point_new_12(heap, sp, p) sp_384_point_new_ex_12((heap), NULL, &(p)) -#else -/* Set pointer to data and return no error. */ -#define sp_384_point_new_12(heap, sp, p) sp_384_point_new_ex_12((heap), &(sp), &(p)) -#endif - - -/* Free the point. - * - * p [in,out] Point to free. - * clear [in] Indicates whether to zeroize point. - * heap [in] Buffer from which dynamic memory was allocate from. - */ -static void sp_384_point_free_12(sp_point_384* p, int clear, void* heap) -{ -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* If valid pointer then clear point data if requested and free data. */ - if (p != NULL) { - if (clear != 0) { - XMEMSET(p, 0, sizeof(*p)); - } - XFREE(p, heap, DYNAMIC_TYPE_ECC); - } -#else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { - XMEMSET(p, 0, sizeof(*p)); - } -#endif - (void)heap; -} - /* Multiply a number by Montogmery normalizer mod modulus (prime). * * r The resulting Montgomery form number. @@ -40212,8 +39980,8 @@ static void sp_384_point_free_12(sp_point_384* p, int clear, void* heap) */ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit* m) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - int64_t* t; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + int64_t* t = NULL; #else int64_t t[12]; #endif @@ -40222,7 +39990,7 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t = (int64_t*)XMALLOC(sizeof(int64_t) * 12, NULL, DYNAMIC_TYPE_ECC); if (t == NULL) { err = MEMORY_E; @@ -40297,7 +40065,7 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit r[11] = t[11]; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (t != NULL) XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif @@ -41976,56 +41744,55 @@ static void sp_384_get_point_16_12(sp_point_384* r, const sp_point_384* table, static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 td[16]; - sp_point_384 rtd; - sp_digit tmpd[2 * 12 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* t = NULL; + sp_digit* tmp = NULL; +#else + sp_point_384 t[16]; + sp_digit tmp[2 * 12 * 6]; +#endif + sp_point_384* rt = NULL; #ifndef WC_NO_CACHE_RESISTANT - sp_point_384 pd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* p = NULL; +#else + sp_point_384 p[1]; #endif -#endif - sp_point_384* t; - sp_point_384* rt; -#ifndef WC_NO_CACHE_RESISTANT - sp_point_384* p; -#endif - sp_digit* tmp; +#endif /* !WC_NO_CACHE_RESISTANT */ sp_digit n; int i; int c; int y; - int err; + int err = MP_OKAY; /* Constant time used for cache attack resistance implementation. */ (void)ct; (void)heap; - err = sp_384_point_new_12(heap, rtd, rt); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -#ifndef WC_NO_CACHE_RESISTANT - t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 17, heap, DYNAMIC_TYPE_ECC); -#else - t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 16, heap, DYNAMIC_TYPE_ECC); -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 16, + heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; -#else - t = td; - tmp = tmpd; + #ifndef WC_NO_CACHE_RESISTANT + if (err == MP_OKAY) { + p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), + heap, DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } + #endif + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap, + DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { -#ifndef WC_NO_CACHE_RESISTANT - #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - p = t + 16; - #else - p = &pd; - #endif -#endif + rt = t + 16; + /* t[0] = {0, 0, 1} * norm */ XMEMSET(&t[0], 0, sizeof(t[0])); t[0].infinity = 1; @@ -42113,20 +41880,35 @@ static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, con } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { - XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 12 * 6); - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); - } - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_point_384) * 16); - XFREE(t, heap, DYNAMIC_TYPE_ECC); - } -#else - ForceZero(tmpd, sizeof(tmpd)); - ForceZero(td, sizeof(td)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) #endif - sp_384_point_free_12(rt, 1, heap); + { + ForceZero(tmp, sizeof(sp_digit) * 2 * 12 * 6); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + #endif + } +#ifndef WC_NO_CACHE_RESISTANT + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (p != NULL) + #endif + { + ForceZero(p, sizeof(sp_point_384)); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(p, heap, DYNAMIC_TYPE_ECC); + #endif + } +#endif /* !WC_NO_CACHE_RESISTANT */ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) +#endif + { + ForceZero(t, sizeof(sp_point_384) * 17); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(t, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -42350,29 +42132,30 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r, const sp_point_384* p, static int sp_384_gen_stripe_table_12(const sp_point_384* a, sp_table_entry_384* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 td; - sp_point_384 s1d; - sp_point_384 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* t = NULL; +#else + sp_point_384 t[3]; #endif - sp_point_384* t; sp_point_384* s1 = NULL; sp_point_384* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_384_point_new_12(heap, td, t); - if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_384_mod_mul_norm_12(t->x, a->x, p384_mod); } if (err == MP_OKAY) { @@ -42417,9 +42200,10 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a, } } - sp_384_point_free_12(s2, 0, heap); - sp_384_point_free_12(s1, 0, heap); - sp_384_point_free_12( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -42511,19 +42295,19 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, const sp_table_entry_384* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 rtd; - sp_point_384 pd; - sp_digit td[2 * 12 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_384 rt[2]; + sp_digit t[2 * 12 * 6]; #endif - sp_point_384* rt; sp_point_384* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -42531,21 +42315,22 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, (void)heap; - err = sp_384_point_new_12(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p384_norm_mod, sizeof(p384_norm_mod)); XMEMCPY(rt->z, p384_norm_mod, sizeof(p384_norm_mod)); @@ -42596,13 +42381,12 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(p, 0, heap); - sp_384_point_free_12(rt, 0, heap); return err; } @@ -42768,29 +42552,30 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g, const sp static int sp_384_gen_stripe_table_12(const sp_point_384* a, sp_table_entry_384* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 td; - sp_point_384 s1d; - sp_point_384 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* t = NULL; +#else + sp_point_384 t[3]; #endif - sp_point_384* t; sp_point_384* s1 = NULL; sp_point_384* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_384_point_new_12(heap, td, t); - if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_384_mod_mul_norm_12(t->x, a->x, p384_mod); } if (err == MP_OKAY) { @@ -42835,9 +42620,10 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a, } } - sp_384_point_free_12(s2, 0, heap); - sp_384_point_free_12(s1, 0, heap); - sp_384_point_free_12( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -42929,19 +42715,19 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, const sp_table_entry_384* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 rtd; - sp_point_384 pd; - sp_digit td[2 * 12 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_384 rt[2]; + sp_digit t[2 * 12 * 6]; #endif - sp_point_384* rt; sp_point_384* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -42949,21 +42735,22 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, (void)heap; - err = sp_384_point_new_12(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p384_norm_mod, sizeof(p384_norm_mod)); XMEMCPY(rt->z, p384_norm_mod, sizeof(p384_norm_mod)); @@ -43014,13 +42801,12 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(p, 0, heap); - sp_384_point_free_12(rt, 0, heap); return err; } @@ -43184,25 +42970,28 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g, const sp int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[12]; -#endif - sp_point_384* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[1]; + sp_digit k[12]; +#endif int err = MP_OKAY; - err = sp_384_point_new_12(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_384_from_mp(k, 12, km); sp_384_point_from_ecc_point_12(point, gm); @@ -43213,12 +43002,12 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, err = sp_384_point_to_ecc_point_12(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(point, 0, heap); return err; } @@ -43238,37 +43027,35 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_point_384 a; - sp_digit kd[12]; - sp_digit t[12 * 2 * 6]; -#endif - sp_point_384* point; - sp_point_384* addP = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[2]; + sp_digit k[12 + 12 * 2 * 6]; +#endif + sp_point_384* addP = NULL; sp_digit* tmp = NULL; int err = MP_OKAY; - err = sp_384_point_new_12(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (12 + 12 * 2 * 6), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (12 + 12 * 2 * 6), heap, + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 12; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 12; + sp_384_from_mp(k, 12, km); sp_384_point_from_ecc_point_12(point, gm); sp_384_point_from_ecc_point_12(addP, am); @@ -43295,13 +43082,12 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, err = sp_384_point_to_ecc_point_12(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(addP, 0, heap); - sp_384_point_free_12(point, 0, heap); return err; } @@ -44735,26 +44521,28 @@ static int sp_384_ecc_mulmod_base_12(sp_point_384* r, const sp_digit* k, */ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[12]; -#endif - sp_point_384* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[1]; + sp_digit k[12]; +#endif int err = MP_OKAY; - err = sp_384_point_new_12(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_384_from_mp(k, 12, km); @@ -44764,12 +44552,12 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) err = sp_384_point_to_ecc_point_12(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(point, 0, heap); return err; } @@ -44788,37 +44576,35 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_point_384 a; - sp_digit kd[12]; - sp_digit t[12 * 2 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; + sp_digit* k = NULL; +#else + sp_point_384 point[2]; + sp_digit k[12 + 12 * 2 * 6]; #endif - sp_point_384* point; sp_point_384* addP = NULL; sp_digit* tmp = NULL; - sp_digit* k = NULL; int err = MP_OKAY; - err = sp_384_point_new_12(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (12 + 12 * 2 * 6), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (12 + 12 * 2 * 6), + heap, DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 12; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 12; + sp_384_from_mp(k, 12, km); sp_384_point_from_ecc_point_12(addP, am); } @@ -44844,13 +44630,12 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, err = sp_384_point_to_ecc_point_12(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(addP, 0, heap); - sp_384_point_free_12(point, 0, heap); return err; } @@ -44992,41 +44777,46 @@ static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k) */ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[12]; -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_point_384 inf; -#endif -#endif - sp_point_384* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + sp_point_384 point[2]; + #else + sp_point_384 point[1]; + #endif + sp_digit k[12]; +#endif #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN sp_point_384* infinity = NULL; #endif - int err; + int err = MP_OKAY; + (void)heap; - err = sp_384_point_new_12(heap, p, point); -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, inf, infinity); - } -#endif -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, DYNAMIC_TYPE_ECC); + #else + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC); + #endif + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif if (err == MP_OKAY) { + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + infinity = point + 1; + #endif + err = sp_384_ecc_gen_k_12(rng, k); } if (err == MP_OKAY) { @@ -45051,15 +44841,14 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_384_point_to_ecc_point_12(point, pub); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); + if (point != NULL) { + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); } #endif -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_384_point_free_12(infinity, 1, heap); -#endif - sp_384_point_free_12(point, 1, heap); return err; } @@ -45120,30 +44909,32 @@ static void sp_384_to_bin(sp_digit* r, byte* a) int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, word32* outLen, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[12]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[1]; + sp_digit k[12]; +#endif int err = MP_OKAY; if (*outLen < 48U) { err = BUFFER_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, p, point); + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif if (err == MP_OKAY) { @@ -45156,12 +44947,12 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, *outLen = 48; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(point, 0, heap); return err; } @@ -45957,22 +45748,17 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit ed[2*12]; - sp_digit xd[2*12]; - sp_digit kd[2*12]; - sp_digit rd[2*12]; - sp_digit td[3 * 2*12]; - sp_point_384 p; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* e = NULL; + sp_point_384* point = NULL; +#else + sp_digit e[7 * 2 * 12]; + sp_point_384 point[1]; +#endif sp_digit* x = NULL; sp_digit* k = NULL; sp_digit* r = NULL; sp_digit* tmp = NULL; - sp_point_384* point = NULL; sp_digit* s = NULL; int32_t c; int err = MP_OKAY; @@ -45980,31 +45766,26 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, (void)heap; - err = sp_384_point_new_12(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 12, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 12, heap, + DYNAMIC_TYPE_ECC); + if (e == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - e = d + 0 * 12; - x = d + 2 * 12; - k = d + 4 * 12; - r = d + 6 * 12; - tmp = d + 8 * 12; -#else - e = ed; - x = xd; - k = kd; - r = rd; - tmp = td; -#endif + x = e + 2 * 12; + k = e + 4 * 12; + r = e + 6 * 12; + tmp = e + 8 * 12; s = e; if (hashLen > 48U) { @@ -46059,19 +45840,24 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, err = sp_384_to_mp(s, sm); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 8 * 12); - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 2U * 12U); - XMEMSET(x, 0, sizeof(sp_digit) * 2U * 12U); - XMEMSET(k, 0, sizeof(sp_digit) * 2U * 12U); - XMEMSET(r, 0, sizeof(sp_digit) * 2U * 12U); - XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 12U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (e != NULL) #endif - sp_384_point_free_12(point, 1, heap); + { + ForceZero(e, sizeof(sp_digit) * 7 * 2 * 12); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(e, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (point != NULL) +#endif + { + ForceZero(point, sizeof(sp_point_384)); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(point, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -46698,52 +46484,41 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, int* res, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit u1d[2*12]; - sp_digit u2d[2*12]; - sp_digit sd[2*12]; - sp_digit tmpd[2*12 * 5]; - sp_point_384 p1d; - sp_point_384 p2d; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* u1 = NULL; + sp_point_384* p1 = NULL; +#else + sp_digit u1[16 * 12]; + sp_point_384 p1[2]; +#endif sp_digit* u2 = NULL; sp_digit* s = NULL; sp_digit* tmp = NULL; - sp_point_384* p1; sp_point_384* p2 = NULL; sp_digit carry; int32_t c = 0; - int err; + int err = MP_OKAY; - err = sp_384_point_new_12(heap, p1d, p1); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, p2d, p2); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 12, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + p1 = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (p1 == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 12, heap, + DYNAMIC_TYPE_ECC); + if (u1 == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - u1 = d + 0 * 12; - u2 = d + 2 * 12; - s = d + 4 * 12; - tmp = d + 6 * 12; -#else - u1 = u1d; - u2 = u2d; - s = sd; - tmp = tmpd; -#endif + u2 = u1 + 2 * 12; + s = u1 + 4 * 12; + tmp = u1 + 6 * 12; + p2 = p1 + 1; if (hashLen > 48U) { hashLen = 48U; @@ -46794,12 +46569,12 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) - XFREE(d, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (u1 != NULL) + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + if (p1 != NULL) + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(p1, 0, heap); - sp_384_point_free_12(p2, 0, heap); return err; } @@ -46816,32 +46591,23 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, static int sp_384_ecc_is_point_12(const sp_point_384* point, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2*12]; - sp_digit t2d[2*12]; + sp_digit t1[12 * 4]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12 * 4, heap, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12 * 4, heap, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif (void)heap; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 12; - t2 = d + 2 * 12; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 12; sp_384_sqr_12(t1, point->y); (void)sp_384_mod_12(t1, t1, p384_mod); @@ -46861,10 +46627,9 @@ static int sp_384_ecc_is_point_12(const sp_point_384* point, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46879,14 +46644,21 @@ static int sp_384_ecc_is_point_12(const sp_point_384* point, */ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 pubd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* pub = NULL; +#else + sp_point_384 pub[1]; +#endif + const byte one[1] = { 1 }; + int err = MP_OKAY; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; #endif - sp_point_384* pub; - byte one[1] = { 1 }; - int err; - err = sp_384_point_new_12(NULL, pubd, pub); if (err == MP_OKAY) { sp_384_from_mp(pub->x, 12, pX); sp_384_from_mp(pub->y, 12, pY); @@ -46895,7 +46667,10 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) err = sp_384_ecc_is_point_12(pub, NULL); } - sp_384_point_free_12(pub, 0, NULL); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -46914,45 +46689,45 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, const mp_int* privm, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit privd[12]; - sp_point_384 pubd; - sp_point_384 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* priv = NULL; - sp_point_384* pub; - sp_point_384* p = NULL; - byte one[1] = { 1 }; - int err; - - err = sp_384_point_new_12(heap, pubd, pub); - if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY && privm) { - priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap, - DYNAMIC_TYPE_ECC); - if (priv == NULL) { - err = MEMORY_E; - } - } + sp_point_384* pub = NULL; +#else + sp_digit priv[12]; + sp_point_384 pub[2]; #endif + sp_point_384* p = NULL; + const byte one[1] = { 1 }; + int err = MP_OKAY; + /* Quick check the lengs of public key ordinates and private key are in * range. Proper check later. */ - if ((err == MP_OKAY) && ((mp_count_bits(pX) > 384) || + if (((mp_count_bits(pX) > 384) || (mp_count_bits(pY) > 384) || ((privm != NULL) && (mp_count_bits(privm) > 384)))) { err = ECC_OUT_OF_RANGE_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - priv = privd; + pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY && privm) { + priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap, + DYNAMIC_TYPE_ECC); + if (priv == NULL) + err = MEMORY_E; + } #endif + if (err == MP_OKAY) { + p = pub + 1; + sp_384_from_mp(pub->x, 12, pX); sp_384_from_mp(pub->y, 12, pY); sp_384_from_bin(pub->z, 12, one, (int)sizeof(one)); @@ -47001,13 +46776,12 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (priv != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + if (priv != NULL) XFREE(priv, heap, DYNAMIC_TYPE_ECC); - } #endif - sp_384_point_free_12(p, 0, heap); - sp_384_point_free_12(pub, 0, heap); return err; } @@ -47031,33 +46805,35 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* qX, mp_int* qY, mp_int* qZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 12 * 5]; - sp_point_384 pd; - sp_point_384 qd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_384* p; + sp_point_384* p = NULL; +#else + sp_digit tmp[2 * 12 * 5]; + sp_point_384 p[2]; +#endif sp_point_384* q = NULL; int err; - err = sp_384_point_new_12(NULL, pd, p); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_384_point_new_12(NULL, qd, q); + p = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 5, NULL, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (tmp == NULL) { err = MEMORY_E; } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { + q = p + 1; + sp_384_from_mp(p->x, 12, pX); sp_384_from_mp(p->y, 12, pY); sp_384_from_mp(p->z, 12, pZ); @@ -47078,13 +46854,12 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_384_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(q, 0, NULL); - sp_384_point_free_12(p, 0, NULL); return err; } @@ -47103,25 +46878,28 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 12 * 2]; - sp_point_384 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_384* p; - int err; + sp_point_384* p = NULL; +#else + sp_digit tmp[2 * 12 * 2]; + sp_point_384 p[1]; +#endif + int err = MP_OKAY; - err = sp_384_point_new_12(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 2, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { @@ -47142,12 +46920,12 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_384_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(p, 0, NULL); return err; } @@ -47162,25 +46940,29 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, */ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 12 * 6]; - sp_point_384 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_384* p; - int err; + sp_point_384* p = NULL; +#else + sp_digit tmp[2 * 12 * 6]; + sp_point_384 p[1]; +#endif + int err = MP_OKAY; - err = sp_384_point_new_12(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { sp_384_from_mp(p->x, 12, pX); @@ -47200,12 +46982,12 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) err = sp_384_to_mp(p->z, pZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(p, 0, NULL); return err; } @@ -47218,43 +47000,28 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) */ static int sp_384_mont_sqrt_12(sp_digit* y) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2 * 12]; - sp_digit t2d[2 * 12]; - sp_digit t3d[2 * 12]; - sp_digit t4d[2 * 12]; - sp_digit t5d[2 * 12]; + sp_digit t1[5 * 2 * 12]; #endif - sp_digit* t1; - sp_digit* t2; - sp_digit* t3; - sp_digit* t4; - sp_digit* t5; + sp_digit* t2 = NULL; + sp_digit* t3 = NULL; + sp_digit* t4 = NULL; + sp_digit* t5 = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 12, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 12, NULL, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 12; - t2 = d + 2 * 12; - t3 = d + 4 * 12; - t4 = d + 6 * 12; - t5 = d + 8 * 12; -#else - t1 = t1d; - t2 = t2d; - t3 = t3d; - t4 = t4d; - t5 = t5d; -#endif + t2 = t1 + 2 * 12; + t3 = t1 + 4 * 12; + t4 = t1 + 6 * 12; + t5 = t1 + 8 * 12; { /* t2 = y ^ 0x2 */ @@ -47314,10 +47081,9 @@ static int sp_384_mont_sqrt_12(sp_digit* y) } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -47333,31 +47099,22 @@ static int sp_384_mont_sqrt_12(sp_digit* y) */ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; -#else - sp_digit xd[2 * 12]; - sp_digit yd[2 * 12]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* x = NULL; +#else + sp_digit x[4 * 12]; +#endif sp_digit* y = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 12, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 12, NULL, DYNAMIC_TYPE_ECC); + if (x == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - x = d + 0 * 12; - y = d + 2 * 12; -#else - x = xd; - y = yd; -#endif + y = x + 2 * 12; sp_384_from_mp(x, 12, xm); err = sp_384_mod_mul_norm_12(x, x, p384_mod); @@ -47390,10 +47147,9 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) err = sp_384_to_mp(y, ym); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (x != NULL) + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -52123,6 +51879,8 @@ static int sp_1024_mod_mul_norm_32(sp_digit* r, const sp_digit* a, return sp_1024_mod_32(r, r, m); } + +#ifdef WOLFCRYPT_HAVE_SAKKE /* Create a new point. * * heap [in] Buffer to allocate dynamic memory from. @@ -52154,8 +51912,8 @@ static int sp_1024_point_new_ex_32(void* heap, sp_point_1024* sp, /* Set pointer to data and return no error. */ #define sp_1024_point_new_32(heap, sp, p) sp_1024_point_new_ex_32((heap), &(sp), &(p)) #endif - - +#endif /* WOLFCRYPT_HAVE_SAKKE */ +#ifdef WOLFCRYPT_HAVE_SAKKE /* Free the point. * * p [in,out] Point to free. @@ -52180,6 +51938,7 @@ static void sp_1024_point_free_32(sp_point_1024* p, int clear, void* heap) #endif (void)heap; } +#endif /* WOLFCRYPT_HAVE_SAKKE */ /* Convert an mp_int to an array of sp_digit. * @@ -54713,43 +54472,40 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r, static int sp_1024_ecc_mulmod_fast_32(sp_point_1024* r, const sp_point_1024* g, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 td[16]; - sp_point_1024 rtd; - sp_digit tmpd[2 * 32 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* t = NULL; + sp_digit* tmp = NULL; +#else + sp_point_1024 t[16]; + sp_digit tmp[2 * 32 * 5]; #endif - sp_point_1024* t; - sp_point_1024* rt; - sp_digit* tmp; + sp_point_1024* rt = NULL; sp_digit n; int i; int c; int y; - int err; + int err = MP_OKAY; /* Constant time used for cache attack resistance implementation. */ (void)ct; (void)heap; - err = sp_1024_point_new_32(heap, rtd, rt); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -#ifndef WC_NO_CACHE_RESISTANT - t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 17, heap, DYNAMIC_TYPE_ECC); -#else - t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 16, heap, DYNAMIC_TYPE_ECC); -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 16, + heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; -#else - t = td; - tmp = tmpd; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap, + DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { + rt = t + 16; + /* t[0] = {0, 0, 1} * norm */ XMEMSET(&t[0], 0, sizeof(t[0])); t[0].infinity = 1; @@ -54817,20 +54573,24 @@ static int sp_1024_ecc_mulmod_fast_32(sp_point_1024* r, const sp_point_1024* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { - XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 32 * 5); - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); - } - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_point_1024) * 16); - XFREE(t, heap, DYNAMIC_TYPE_ECC); - } -#else - ForceZero(tmpd, sizeof(tmpd)); - ForceZero(td, sizeof(td)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) #endif - sp_1024_point_free_32(rt, 1, heap); + { + ForceZero(tmp, sizeof(sp_digit) * 2 * 32 * 5); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) +#endif + { + ForceZero(t, sizeof(sp_point_1024) * 17); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(t, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -55054,29 +54814,30 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r, const sp_point_1024* static int sp_1024_gen_stripe_table_32(const sp_point_1024* a, sp_table_entry_1024* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 td; - sp_point_1024 s1d; - sp_point_1024 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* t = NULL; +#else + sp_point_1024 t[3]; #endif - sp_point_1024* t; sp_point_1024* s1 = NULL; sp_point_1024* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_1024_point_new_32(heap, td, t); - if (err == MP_OKAY) { - err = sp_1024_point_new_32(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_1024_point_new_32(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_1024_mod_mul_norm_32(t->x, a->x, p1024_mod); } if (err == MP_OKAY) { @@ -55121,9 +54882,10 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a, } } - sp_1024_point_free_32(s2, 0, heap); - sp_1024_point_free_32(s1, 0, heap); - sp_1024_point_free_32( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -55149,19 +54911,19 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g const sp_table_entry_1024* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 rtd; - sp_point_1024 pd; - sp_digit td[2 * 32 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_1024 rt[2]; + sp_digit t[2 * 32 * 5]; #endif - sp_point_1024* rt; sp_point_1024* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -55169,21 +54931,22 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g (void)heap; - err = sp_1024_point_new_32(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_1024_point_new_32(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p1024_norm_mod, sizeof(p1024_norm_mod)); XMEMCPY(rt->z, p1024_norm_mod, sizeof(p1024_norm_mod)); @@ -55219,13 +54982,12 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_32(p, 0, heap); - sp_1024_point_free_32(rt, 0, heap); return err; } @@ -55391,29 +55153,30 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g, const static int sp_1024_gen_stripe_table_32(const sp_point_1024* a, sp_table_entry_1024* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 td; - sp_point_1024 s1d; - sp_point_1024 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* t = NULL; +#else + sp_point_1024 t[3]; #endif - sp_point_1024* t; sp_point_1024* s1 = NULL; sp_point_1024* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_1024_point_new_32(heap, td, t); - if (err == MP_OKAY) { - err = sp_1024_point_new_32(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_1024_point_new_32(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_1024_mod_mul_norm_32(t->x, a->x, p1024_mod); } if (err == MP_OKAY) { @@ -55458,9 +55221,10 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a, } } - sp_1024_point_free_32(s2, 0, heap); - sp_1024_point_free_32(s1, 0, heap); - sp_1024_point_free_32( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -55486,19 +55250,19 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g const sp_table_entry_1024* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 rtd; - sp_point_1024 pd; - sp_digit td[2 * 32 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_1024 rt[2]; + sp_digit t[2 * 32 * 5]; #endif - sp_point_1024* rt; sp_point_1024* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -55506,21 +55270,22 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g (void)heap; - err = sp_1024_point_new_32(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_1024_point_new_32(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p1024_norm_mod, sizeof(p1024_norm_mod)); XMEMCPY(rt->z, p1024_norm_mod, sizeof(p1024_norm_mod)); @@ -55556,13 +55321,12 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_32(p, 0, heap); - sp_1024_point_free_32(rt, 0, heap); return err; } @@ -55726,25 +55490,28 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g, const int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_digit kd[32]; -#endif - sp_point_1024* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; sp_digit* k = NULL; +#else + sp_point_1024 point[1]; + sp_digit k[32]; +#endif int err = MP_OKAY; - err = sp_1024_point_new_32(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_1024_from_mp(k, 32, km); sp_1024_point_from_ecc_point_32(point, gm); @@ -55755,12 +55522,12 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, err = sp_1024_point_to_ecc_point_32(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_32(point, 0, heap); return err; } @@ -59354,26 +59121,28 @@ static int sp_1024_ecc_mulmod_base_32(sp_point_1024* r, const sp_digit* k, */ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_digit kd[32]; -#endif - sp_point_1024* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; sp_digit* k = NULL; +#else + sp_point_1024 point[1]; + sp_digit k[32]; +#endif int err = MP_OKAY; - err = sp_1024_point_new_32(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_1024_from_mp(k, 32, km); @@ -59383,12 +59152,12 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) err = sp_1024_point_to_ecc_point_32(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_32(point, 0, heap); return err; } @@ -59407,37 +59176,35 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_point_1024 a; - sp_digit kd[32]; - sp_digit t[32 * 2 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; + sp_digit* k = NULL; +#else + sp_point_1024 point[2]; + sp_digit k[32 + 32 * 2 * 5]; #endif - sp_point_1024* point; sp_point_1024* addP = NULL; sp_digit* tmp = NULL; - sp_digit* k = NULL; int err = MP_OKAY; - err = sp_1024_point_new_32(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_1024_point_new_32(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 + 32 * 2 * 5), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (32 + 32 * 2 * 5), + heap, DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 32; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 32; + sp_1024_from_mp(k, 32, km); sp_1024_point_from_ecc_point_32(addP, am); } @@ -59463,13 +59230,12 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, err = sp_1024_point_to_ecc_point_32(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_32(addP, 0, heap); - sp_1024_point_free_32(point, 0, heap); return err; } @@ -59487,29 +59253,43 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, void* heap) { - int err = 0; -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_point_1024* point = NULL; + sp_digit* t = NULL; +#else + sp_point_1024 point[1]; sp_digit t[5 * 2 * 32]; +#endif + int err = MP_OKAY; if ((gm == NULL) || (len == NULL)) { err = BAD_FUNC_ARG; } - if ((err == 0) && (table == NULL)) { + if ((err == MP_OKAY) && (table == NULL)) { *len = sizeof(sp_table_entry_1024) * 256; err = LENGTH_ONLY_E; } - if ((err == 0) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { + if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { err = BUFFER_E; } - if (err == 0) { - err = sp_1024_point_new_32(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; } - if (err == 0) { + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 32, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; + } +#endif + + if (err == MP_OKAY) { sp_1024_point_from_ecc_point_32(point, gm); err = sp_1024_gen_stripe_table_32(point, (sp_table_entry_1024*)table, t, heap); @@ -59518,7 +59298,12 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, *len = sizeof(sp_table_entry_1024) * 256; } - sp_1024_point_free_32(point, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -59571,24 +59356,28 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_digit kd[32]; -#endif - sp_point_1024* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; sp_digit* k = NULL; +#else + sp_point_1024 point[1]; + sp_digit k[32]; +#endif int err = MP_OKAY; - err = sp_1024_point_new_32(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap, DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_1024_from_mp(k, 32, km); sp_1024_point_from_ecc_point_32(point, gm); @@ -59605,12 +59394,12 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, err = sp_1024_point_to_ecc_point_32(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_32(point, 0, heap); return err; } @@ -63061,33 +62850,24 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n) static int sp_1024_ecc_is_point_32(const sp_point_1024* point, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2*32]; - sp_digit t2d[2*32]; + sp_digit t1[32 * 4]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int32_t n; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 4, heap, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 4, heap, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif (void)heap; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 32; - t2 = d + 2 * 32; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 32; sp_1024_sqr_32(t1, point->y); (void)sp_1024_mod_32(t1, t1, p1024_mod); @@ -63111,10 +62891,9 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -63129,14 +62908,21 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point, */ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 pubd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* pub = NULL; +#else + sp_point_1024 pub[1]; +#endif + const byte one[1] = { 1 }; + int err = MP_OKAY; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), NULL, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; #endif - sp_point_1024* pub; - byte one[1] = { 1 }; - int err; - err = sp_1024_point_new_32(NULL, pubd, pub); if (err == MP_OKAY) { sp_1024_from_mp(pub->x, 32, pX); sp_1024_from_mp(pub->y, 32, pY); @@ -63145,7 +62931,10 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) err = sp_1024_ecc_is_point_32(pub, NULL); } - sp_1024_point_free_32(pub, 0, NULL); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -63164,45 +62953,45 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, const mp_int* privm, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit privd[32]; - sp_point_1024 pubd; - sp_point_1024 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* priv = NULL; - sp_point_1024* pub; - sp_point_1024* p = NULL; - byte one[1] = { 1 }; - int err; - - err = sp_1024_point_new_32(heap, pubd, pub); - if (err == MP_OKAY) { - err = sp_1024_point_new_32(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY && privm) { - priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap, - DYNAMIC_TYPE_ECC); - if (priv == NULL) { - err = MEMORY_E; - } - } + sp_point_1024* pub = NULL; +#else + sp_digit priv[32]; + sp_point_1024 pub[2]; #endif + sp_point_1024* p = NULL; + const byte one[1] = { 1 }; + int err = MP_OKAY; + /* Quick check the lengs of public key ordinates and private key are in * range. Proper check later. */ - if ((err == MP_OKAY) && ((mp_count_bits(pX) > 1024) || + if (((mp_count_bits(pX) > 1024) || (mp_count_bits(pY) > 1024) || ((privm != NULL) && (mp_count_bits(privm) > 1024)))) { err = ECC_OUT_OF_RANGE_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - priv = privd; + pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY && privm) { + priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap, + DYNAMIC_TYPE_ECC); + if (priv == NULL) + err = MEMORY_E; + } #endif + if (err == MP_OKAY) { + p = pub + 1; + sp_1024_from_mp(pub->x, 32, pX); sp_1024_from_mp(pub->y, 32, pY); sp_1024_from_bin(pub->z, 32, one, (int)sizeof(one)); @@ -63251,13 +63040,12 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (priv != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + if (priv != NULL) XFREE(priv, heap, DYNAMIC_TYPE_ECC); - } #endif - sp_1024_point_free_32(p, 0, heap); - sp_1024_point_free_32(pub, 0, heap); return err; } diff --git a/wolfcrypt/src/sp_arm64.c b/wolfcrypt/src/sp_arm64.c index 546ea4ac5..6c0522317 100644 --- a/wolfcrypt/src/sp_arm64.c +++ b/wolfcrypt/src/sp_arm64.c @@ -3203,12 +3203,12 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[16 * 32]; #endif sp_digit* t[16]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -3220,19 +3220,14 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 32), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<16; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 32; -#else - t[i] = &td[i * 32]; -#endif } sp_2048_mont_setup(m, &mp); @@ -3328,9 +3323,8 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -3349,12 +3343,12 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[32 * 32]; #endif sp_digit* t[32]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -3366,19 +3360,14 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 32), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<32; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 32; -#else - t[i] = &td[i * 32]; -#endif } sp_2048_mont_setup(m, &mp); @@ -3491,9 +3480,8 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -4779,12 +4767,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[16 * 64]; #endif sp_digit* t[16]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -4796,19 +4784,14 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 64), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<16; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 64; -#else - t[i] = &td[i * 64]; -#endif } sp_2048_mont_setup(m, &mp); @@ -4904,9 +4887,8 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -4925,12 +4907,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[32 * 64]; #endif sp_digit* t[32]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -4942,19 +4924,14 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 64), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<32; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 64; -#else - t[i] = &td[i * 64]; -#endif } sp_2048_mont_setup(m, &mp); @@ -5067,9 +5044,8 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -5093,18 +5069,15 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, const mp_int* mm, byte* out, word32* outLen) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit a[64]; - sp_digit m[32]; - sp_digit r[64]; -#else - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[32 * 5]; +#endif sp_digit* m = NULL; sp_digit* r = NULL; -#endif sp_digit *ah = NULL; - sp_digit e[1]; + sp_digit e[1] = {0}; int err = MP_OKAY; if (*outLen < 256) { @@ -5118,22 +5091,18 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 5, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) + if (a == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - a = d; - r = a + 32 * 2; - m = r + 32 * 2; - } #endif if (err == MP_OKAY) { + r = a + 32 * 2; + m = r + 32 * 2; ah = a + 32; sp_2048_from_bin(ah, 32, in, inLen); @@ -5206,10 +5175,9 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, *outLen = 256; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -5340,8 +5308,12 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, const mp_int* qim, const mp_int* mm, byte* out, word32* outLen) { #if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM) - sp_digit* a = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[32 * 4]; +#endif + sp_digit* a = NULL; sp_digit* m = NULL; sp_digit* r = NULL; int err = MP_OKAY; @@ -5370,13 +5342,15 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 4, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) { + if (d == NULL) err = MEMORY_E; - } } +#endif + if (err == MP_OKAY) { a = d + 32; m = a + 64; @@ -5387,34 +5361,36 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, sp_2048_from_mp(m, 32, mm); err = sp_2048_mod_exp_32(r, a, d, 2048, m, 0); } + if (err == MP_OKAY) { sp_2048_to_bin(r, out); *outLen = 256; } - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 32); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) +#endif + { + /* only "a" and "r" are sensitive and need zeroized (same pointer) */ + if (a != NULL) + ForceZero(a, sizeof(sp_digit) * 32); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#endif } return err; #else -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit a[32 * 2]; - sp_digit p[16]; - sp_digit q[16]; - sp_digit dp[16]; - sp_digit tmpa[32]; - sp_digit tmpb[32]; -#else - sp_digit* t = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[16 * 11]; +#endif sp_digit* p = NULL; sp_digit* q = NULL; sp_digit* dp = NULL; sp_digit* tmpa = NULL; sp_digit* tmpb = NULL; -#endif sp_digit* r = NULL; sp_digit* qi = NULL; sp_digit* dq = NULL; @@ -5434,31 +5410,23 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 11, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 11, NULL, DYNAMIC_TYPE_RSA); - if (t == NULL) + if (a == NULL) err = MEMORY_E; } +#endif + if (err == MP_OKAY) { - a = t; p = a + 32 * 2; q = p + 16; qi = dq = dp = q + 16; tmpa = qi + 16; tmpb = tmpa + 32; - - r = t + 32; - } -#else -#endif - - if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) r = a; - qi = dq = dp; -#endif + sp_2048_from_bin(a, 32, in, inLen); sp_2048_from_mp(p, 16, pm); sp_2048_from_mp(q, 16, qm); @@ -5490,19 +5458,16 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, *outLen = 256; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_digit) * 16 * 11); - XFREE(t, NULL, DYNAMIC_TYPE_RSA); - } -#else - XMEMSET(tmpa, 0, sizeof(tmpa)); - XMEMSET(tmpb, 0, sizeof(tmpb)); - XMEMSET(p, 0, sizeof(p)); - XMEMSET(q, 0, sizeof(q)); - XMEMSET(dp, 0, sizeof(dp)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) #endif -#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */ + { + ForceZero(a, sizeof(sp_digit) * 16 * 11); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); + #endif + } +#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */ return err; } #endif /* WOLFSSL_RSA_PUBLIC_ONLY */ @@ -5845,12 +5810,12 @@ static int sp_2048_mod_exp_2_32(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[97]; #endif - sp_digit* norm; - sp_digit* tmp; + sp_digit* norm = NULL; + sp_digit* tmp = NULL; sp_digit mp = 1; sp_digit n; sp_digit o; @@ -5863,18 +5828,13 @@ static int sp_2048_mod_exp_2_32(sp_digit* r, const sp_digit* e, int bits, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 97, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) tmp = td + 64; -#else - tmp = &td[64]; -#endif sp_2048_mont_setup(m, &mp); sp_2048_mont_norm_32(norm, m); @@ -5946,9 +5906,8 @@ static int sp_2048_mod_exp_2_32(sp_digit* r, const sp_digit* e, int bits, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -10825,12 +10784,12 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[16 * 48]; #endif sp_digit* t[16]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -10842,19 +10801,14 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 48), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<16; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 48; -#else - t[i] = &td[i * 48]; -#endif } sp_3072_mont_setup(m, &mp); @@ -10950,9 +10904,8 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -10971,12 +10924,12 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[32 * 48]; #endif sp_digit* t[32]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -10988,19 +10941,14 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 48), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<32; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 48; -#else - t[i] = &td[i * 48]; -#endif } sp_3072_mont_setup(m, &mp); @@ -11113,9 +11061,8 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -12825,12 +12772,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[16 * 96]; #endif sp_digit* t[16]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -12842,19 +12789,14 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 96), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<16; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 96; -#else - t[i] = &td[i * 96]; -#endif } sp_3072_mont_setup(m, &mp); @@ -12950,9 +12892,8 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -12971,12 +12912,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[32 * 96]; #endif sp_digit* t[32]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -12988,19 +12929,14 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 96), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<32; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 96; -#else - t[i] = &td[i * 96]; -#endif } sp_3072_mont_setup(m, &mp); @@ -13113,9 +13049,8 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -13139,18 +13074,15 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, const mp_int* mm, byte* out, word32* outLen) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit a[96]; - sp_digit m[48]; - sp_digit r[96]; -#else - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[48 * 5]; +#endif sp_digit* m = NULL; sp_digit* r = NULL; -#endif sp_digit *ah = NULL; - sp_digit e[1]; + sp_digit e[1] = {0}; int err = MP_OKAY; if (*outLen < 384) { @@ -13164,22 +13096,18 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 48 * 5, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 48 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) + if (a == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - a = d; - r = a + 48 * 2; - m = r + 48 * 2; - } #endif if (err == MP_OKAY) { + r = a + 48 * 2; + m = r + 48 * 2; ah = a + 48; sp_3072_from_bin(ah, 48, in, inLen); @@ -13252,10 +13180,9 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, *outLen = 384; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -13414,8 +13341,12 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, const mp_int* qim, const mp_int* mm, byte* out, word32* outLen) { #if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM) - sp_digit* a = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[48 * 4]; +#endif + sp_digit* a = NULL; sp_digit* m = NULL; sp_digit* r = NULL; int err = MP_OKAY; @@ -13444,13 +13375,15 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 48 * 4, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) { + if (d == NULL) err = MEMORY_E; - } } +#endif + if (err == MP_OKAY) { a = d + 48; m = a + 96; @@ -13461,34 +13394,36 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, sp_3072_from_mp(m, 48, mm); err = sp_3072_mod_exp_48(r, a, d, 3072, m, 0); } + if (err == MP_OKAY) { sp_3072_to_bin(r, out); *outLen = 384; } - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 48); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) +#endif + { + /* only "a" and "r" are sensitive and need zeroized (same pointer) */ + if (a != NULL) + ForceZero(a, sizeof(sp_digit) * 48); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#endif } return err; #else -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit a[48 * 2]; - sp_digit p[24]; - sp_digit q[24]; - sp_digit dp[24]; - sp_digit tmpa[48]; - sp_digit tmpb[48]; -#else - sp_digit* t = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[24 * 11]; +#endif sp_digit* p = NULL; sp_digit* q = NULL; sp_digit* dp = NULL; sp_digit* tmpa = NULL; sp_digit* tmpb = NULL; -#endif sp_digit* r = NULL; sp_digit* qi = NULL; sp_digit* dq = NULL; @@ -13508,31 +13443,23 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 24 * 11, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 24 * 11, NULL, DYNAMIC_TYPE_RSA); - if (t == NULL) + if (a == NULL) err = MEMORY_E; } +#endif + if (err == MP_OKAY) { - a = t; p = a + 48 * 2; q = p + 24; qi = dq = dp = q + 24; tmpa = qi + 24; tmpb = tmpa + 48; - - r = t + 48; - } -#else -#endif - - if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) r = a; - qi = dq = dp; -#endif + sp_3072_from_bin(a, 48, in, inLen); sp_3072_from_mp(p, 24, pm); sp_3072_from_mp(q, 24, qm); @@ -13564,19 +13491,16 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, *outLen = 384; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_digit) * 24 * 11); - XFREE(t, NULL, DYNAMIC_TYPE_RSA); - } -#else - XMEMSET(tmpa, 0, sizeof(tmpa)); - XMEMSET(tmpb, 0, sizeof(tmpb)); - XMEMSET(p, 0, sizeof(p)); - XMEMSET(q, 0, sizeof(q)); - XMEMSET(dp, 0, sizeof(dp)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) #endif -#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */ + { + ForceZero(a, sizeof(sp_digit) * 24 * 11); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); + #endif + } +#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */ return err; } #endif /* WOLFSSL_RSA_PUBLIC_ONLY */ @@ -14015,12 +13939,12 @@ static int sp_3072_mod_exp_2_48(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[145]; #endif - sp_digit* norm; - sp_digit* tmp; + sp_digit* norm = NULL; + sp_digit* tmp = NULL; sp_digit mp = 1; sp_digit n; sp_digit o; @@ -14033,18 +13957,13 @@ static int sp_3072_mod_exp_2_48(sp_digit* r, const sp_digit* e, int bits, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 145, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) tmp = td + 96; -#else - tmp = &td[96]; -#endif sp_3072_mont_setup(m, &mp); sp_3072_mont_norm_48(norm, m); @@ -14116,9 +14035,8 @@ static int sp_3072_mod_exp_2_48(sp_digit* r, const sp_digit* e, int bits, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -18044,12 +17962,12 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[16 * 128]; #endif sp_digit* t[16]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -18061,19 +17979,14 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 128), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<16; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 128; -#else - t[i] = &td[i * 128]; -#endif } sp_4096_mont_setup(m, &mp); @@ -18169,9 +18082,8 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -18190,12 +18102,12 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[32 * 128]; #endif sp_digit* t[32]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -18207,19 +18119,14 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 128), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<32; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 128; -#else - t[i] = &td[i * 128]; -#endif } sp_4096_mont_setup(m, &mp); @@ -18332,9 +18239,8 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -18358,18 +18264,15 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, const mp_int* mm, byte* out, word32* outLen) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit a[128]; - sp_digit m[64]; - sp_digit r[128]; -#else - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[64 * 5]; +#endif sp_digit* m = NULL; sp_digit* r = NULL; -#endif sp_digit *ah = NULL; - sp_digit e[1]; + sp_digit e[1] = {0}; int err = MP_OKAY; if (*outLen < 512) { @@ -18383,22 +18286,18 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 5, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) + if (a == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - a = d; - r = a + 64 * 2; - m = r + 64 * 2; - } #endif if (err == MP_OKAY) { + r = a + 64 * 2; + m = r + 64 * 2; ah = a + 64; sp_4096_from_bin(ah, 64, in, inLen); @@ -18471,10 +18370,9 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, *outLen = 512; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -18661,8 +18559,12 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, const mp_int* qim, const mp_int* mm, byte* out, word32* outLen) { #if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM) - sp_digit* a = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[64 * 4]; +#endif + sp_digit* a = NULL; sp_digit* m = NULL; sp_digit* r = NULL; int err = MP_OKAY; @@ -18691,13 +18593,15 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 4, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) { + if (d == NULL) err = MEMORY_E; - } } +#endif + if (err == MP_OKAY) { a = d + 64; m = a + 128; @@ -18708,34 +18612,36 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, sp_4096_from_mp(m, 64, mm); err = sp_4096_mod_exp_64(r, a, d, 4096, m, 0); } + if (err == MP_OKAY) { sp_4096_to_bin(r, out); *outLen = 512; } - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 64); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) +#endif + { + /* only "a" and "r" are sensitive and need zeroized (same pointer) */ + if (a != NULL) + ForceZero(a, sizeof(sp_digit) * 64); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#endif } return err; #else -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit a[64 * 2]; - sp_digit p[32]; - sp_digit q[32]; - sp_digit dp[32]; - sp_digit tmpa[64]; - sp_digit tmpb[64]; -#else - sp_digit* t = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[32 * 11]; +#endif sp_digit* p = NULL; sp_digit* q = NULL; sp_digit* dp = NULL; sp_digit* tmpa = NULL; sp_digit* tmpb = NULL; -#endif sp_digit* r = NULL; sp_digit* qi = NULL; sp_digit* dq = NULL; @@ -18755,31 +18661,23 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 11, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 11, NULL, DYNAMIC_TYPE_RSA); - if (t == NULL) + if (a == NULL) err = MEMORY_E; } +#endif + if (err == MP_OKAY) { - a = t; p = a + 64 * 2; q = p + 32; qi = dq = dp = q + 32; tmpa = qi + 32; tmpb = tmpa + 64; - - r = t + 64; - } -#else -#endif - - if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) r = a; - qi = dq = dp; -#endif + sp_4096_from_bin(a, 64, in, inLen); sp_4096_from_mp(p, 32, pm); sp_4096_from_mp(q, 32, qm); @@ -18811,19 +18709,16 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, *outLen = 512; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_digit) * 32 * 11); - XFREE(t, NULL, DYNAMIC_TYPE_RSA); - } -#else - XMEMSET(tmpa, 0, sizeof(tmpa)); - XMEMSET(tmpb, 0, sizeof(tmpb)); - XMEMSET(p, 0, sizeof(p)); - XMEMSET(q, 0, sizeof(q)); - XMEMSET(dp, 0, sizeof(dp)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) #endif -#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */ + { + ForceZero(a, sizeof(sp_digit) * 32 * 11); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); + #endif + } +#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */ return err; } #endif /* WOLFSSL_RSA_PUBLIC_ONLY */ @@ -19358,12 +19253,12 @@ static int sp_4096_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[193]; #endif - sp_digit* norm; - sp_digit* tmp; + sp_digit* norm = NULL; + sp_digit* tmp = NULL; sp_digit mp = 1; sp_digit n; sp_digit o; @@ -19376,18 +19271,13 @@ static int sp_4096_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 193, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) tmp = td + 128; -#else - tmp = &td[128]; -#endif sp_4096_mont_setup(m, &mp); sp_4096_mont_norm_64(norm, m); @@ -19459,9 +19349,8 @@ static int sp_4096_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -19927,64 +19816,6 @@ static sp_digit sp_256_sub_4(sp_digit* r, const sp_digit* a, return (sp_digit)r; } -/* Create a new point. - * - * heap [in] Buffer to allocate dynamic memory from. - * sp [in] Data for point - only if not allocating. - * p [out] New point. - * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise. - */ -static int sp_256_point_new_ex_4(void* heap, sp_point_256* sp, - sp_point_256** p) -{ - int ret = MP_OKAY; - (void)heap; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - (void)sp; - *p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC); -#else - *p = sp; -#endif - if (*p == NULL) { - ret = MEMORY_E; - } - return ret; -} - -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* Allocate memory for point and return error. */ -#define sp_256_point_new_4(heap, sp, p) sp_256_point_new_ex_4((heap), NULL, &(p)) -#else -/* Set pointer to data and return no error. */ -#define sp_256_point_new_4(heap, sp, p) sp_256_point_new_ex_4((heap), &(sp), &(p)) -#endif - - -/* Free the point. - * - * p [in,out] Point to free. - * clear [in] Indicates whether to zeroize point. - * heap [in] Buffer from which dynamic memory was allocate from. - */ -static void sp_256_point_free_4(sp_point_256* p, int clear, void* heap) -{ -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* If valid pointer then clear point data if requested and free data. */ - if (p != NULL) { - if (clear != 0) { - XMEMSET(p, 0, sizeof(*p)); - } - XFREE(p, heap, DYNAMIC_TYPE_ECC); - } -#else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { - XMEMSET(p, 0, sizeof(*p)); - } -#endif - (void)heap; -} - /* Multiply a number by Montogmery normalizer mod modulus (prime). * * r The resulting Montgomery form number. @@ -22188,43 +22019,41 @@ static void sp_256_get_point_33_4(sp_point_256* r, const sp_point_256* table, static int sp_256_ecc_mulmod_win_add_sub_4(sp_point_256* r, const sp_point_256* g, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 td[33]; - sp_point_256 rtd; - sp_point_256 pd; - sp_digit tmpd[2 * 4 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* t = NULL; + sp_digit* tmp = NULL; +#else + sp_point_256 t[33+2]; + sp_digit tmp[2 * 4 * 6]; #endif - sp_point_256* t; - sp_point_256* rt; + sp_point_256* rt = NULL; sp_point_256* p = NULL; - sp_digit* tmp; sp_digit* negy; int i; ecc_recode_256 v[43]; - int err; + int err = MP_OKAY; /* Constant time used for cache attack resistance implementation. */ (void)ct; (void)heap; - err = sp_256_point_new_4(heap, rtd, rt); - if (err == MP_OKAY) - err = sp_256_point_new_4(heap, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 33, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * + (33+2), heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 6, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; -#else - t = td; - tmp = tmpd; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 6, + heap, DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif - if (err == MP_OKAY) { + rt = t + 33; + p = t + 33+1; + /* t[0] = {0, 0, 1} * norm */ XMEMSET(&t[0], 0, sizeof(t[0])); t[0].infinity = 1; @@ -22304,14 +22133,12 @@ static int sp_256_ecc_mulmod_win_add_sub_4(sp_point_256* r, const sp_point_256* } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); if (tmp != NULL) XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(p, 0, heap); - sp_256_point_free_4(rt, 0, heap); return err; } @@ -22444,29 +22271,30 @@ static void sp_256_proj_to_affine_4(sp_point_256* a, sp_digit* t) static int sp_256_gen_stripe_table_4(const sp_point_256* a, sp_table_entry_256* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 td; - sp_point_256 s1d; - sp_point_256 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* t = NULL; +#else + sp_point_256 t[3]; #endif - sp_point_256* t; sp_point_256* s1 = NULL; sp_point_256* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_256_point_new_4(heap, td, t); - if (err == MP_OKAY) { - err = sp_256_point_new_4(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_256_point_new_4(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_256_mod_mul_norm_4(t->x, a->x, p256_mod); } if (err == MP_OKAY) { @@ -22511,9 +22339,10 @@ static int sp_256_gen_stripe_table_4(const sp_point_256* a, } } - sp_256_point_free_4(s2, 0, heap); - sp_256_point_free_4(s1, 0, heap); - sp_256_point_free_4( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -22574,19 +22403,19 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g, const sp_table_entry_256* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 rtd; - sp_point_256 pd; - sp_digit td[2 * 4 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_256 rt[2]; + sp_digit t[2 * 4 * 5]; #endif - sp_point_256* rt; sp_point_256* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -22594,21 +22423,22 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g, (void)heap; - err = sp_256_point_new_4(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_256_point_new_4(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod)); XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod)); @@ -22659,13 +22489,12 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(p, 0, heap); - sp_256_point_free_4(rt, 0, heap); return err; } @@ -22834,29 +22663,30 @@ static int sp_256_ecc_mulmod_4(sp_point_256* r, const sp_point_256* g, const sp_ static int sp_256_gen_stripe_table_4(const sp_point_256* a, sp_table_entry_256* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 td; - sp_point_256 s1d; - sp_point_256 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* t = NULL; +#else + sp_point_256 t[3]; #endif - sp_point_256* t; sp_point_256* s1 = NULL; sp_point_256* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_256_point_new_4(heap, td, t); - if (err == MP_OKAY) { - err = sp_256_point_new_4(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_256_point_new_4(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_256_mod_mul_norm_4(t->x, a->x, p256_mod); } if (err == MP_OKAY) { @@ -22901,9 +22731,10 @@ static int sp_256_gen_stripe_table_4(const sp_point_256* a, } } - sp_256_point_free_4(s2, 0, heap); - sp_256_point_free_4(s1, 0, heap); - sp_256_point_free_4( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -22964,19 +22795,19 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g, const sp_table_entry_256* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 rtd; - sp_point_256 pd; - sp_digit td[2 * 4 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_256 rt[2]; + sp_digit t[2 * 4 * 5]; #endif - sp_point_256* rt; sp_point_256* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -22984,21 +22815,22 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g, (void)heap; - err = sp_256_point_new_4(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_256_point_new_4(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod)); XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod)); @@ -23049,13 +22881,12 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(p, 0, heap); - sp_256_point_free_4(rt, 0, heap); return err; } @@ -23220,25 +23051,28 @@ static int sp_256_ecc_mulmod_4(sp_point_256* r, const sp_point_256* g, const sp_ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[4]; -#endif - sp_point_256* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[1]; + sp_digit k[4]; +#endif int err = MP_OKAY; - err = sp_256_point_new_4(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_256_from_mp(k, 4, km); sp_256_point_from_ecc_point_4(point, gm); @@ -23249,12 +23083,12 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, err = sp_256_point_to_ecc_point_4(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(point, 0, heap); return err; } @@ -23274,37 +23108,35 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_point_256 a; - sp_digit kd[4]; - sp_digit t[4 * 2 * 5]; -#endif - sp_point_256* point; - sp_point_256* addP = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[2]; + sp_digit k[4 + 4 * 2 * 5]; +#endif + sp_point_256* addP = NULL; sp_digit* tmp = NULL; int err = MP_OKAY; - err = sp_256_point_new_4(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_256_point_new_4(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 + 4 * 2 * 5), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (4 + 4 * 2 * 5), heap, + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 4; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 4; + sp_256_from_mp(k, 4, km); sp_256_point_from_ecc_point_4(point, gm); sp_256_point_from_ecc_point_4(addP, am); @@ -23331,13 +23163,12 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, err = sp_256_point_to_ecc_point_4(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(addP, 0, heap); - sp_256_point_free_4(point, 0, heap); return err; } @@ -37080,35 +36911,41 @@ static int sp_256_ecc_mulmod_add_only_4(sp_point_256* r, const sp_point_256* g, const sp_table_entry_256* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 rtd; - sp_point_256 pd; - sp_digit tmpd[2 * 4 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* rt = NULL; + sp_digit* tmp = NULL; +#else + sp_point_256 rt[2]; + sp_digit tmp[2 * 4 * 5]; #endif - sp_point_256* rt; sp_point_256* p = NULL; - sp_digit* tmp; - sp_digit* negy; + sp_digit* negy = NULL; int i; ecc_recode_256 v[37]; - int err; + int err = MP_OKAY; (void)g; (void)ct; (void)heap; - err = sp_256_point_new_4(heap, rtd, rt); - if (err == MP_OKAY) - err = sp_256_point_new_4(heap, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; -#else - tmp = tmpd; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap, + DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif - negy = tmp; + + if (err == MP_OKAY) { + negy = tmp; + p = rt + 1; + } if (err == MP_OKAY) { sp_256_ecc_recode_7_4(k, v); @@ -37153,16 +36990,19 @@ static int sp_256_ecc_mulmod_add_only_4(sp_point_256* r, const sp_point_256* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { - XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 4 * 5); - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); - } -#else - ForceZero(tmp, sizeof(sp_digit) * 2 * 4 * 5); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) +#endif + { + ForceZero(tmp, sizeof(sp_digit) * 2 * 4 * 5); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(p, 0, heap); - sp_256_point_free_4(rt, 0, heap); return MP_OKAY; } @@ -37196,26 +37036,28 @@ static int sp_256_ecc_mulmod_base_4(sp_point_256* r, const sp_digit* k, */ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[4]; -#endif - sp_point_256* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[1]; + sp_digit k[4]; +#endif int err = MP_OKAY; - err = sp_256_point_new_4(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_256_from_mp(k, 4, km); @@ -37225,12 +37067,12 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) err = sp_256_point_to_ecc_point_4(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(point, 0, heap); return err; } @@ -37249,37 +37091,35 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_point_256 a; - sp_digit kd[4]; - sp_digit t[4 * 2 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; + sp_digit* k = NULL; +#else + sp_point_256 point[2]; + sp_digit k[4 + 4 * 2 * 5]; #endif - sp_point_256* point; sp_point_256* addP = NULL; sp_digit* tmp = NULL; - sp_digit* k = NULL; int err = MP_OKAY; - err = sp_256_point_new_4(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_256_point_new_4(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 + 4 * 2 * 5), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (4 + 4 * 2 * 5), + heap, DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 4; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 4; + sp_256_from_mp(k, 4, km); sp_256_point_from_ecc_point_4(addP, am); } @@ -37305,13 +37145,12 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, err = sp_256_point_to_ecc_point_4(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(addP, 0, heap); - sp_256_point_free_4(point, 0, heap); return err; } @@ -37436,41 +37275,46 @@ static int sp_256_ecc_gen_k_4(WC_RNG* rng, sp_digit* k) */ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[4]; -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_point_256 inf; -#endif -#endif - sp_point_256* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + sp_point_256 point[2]; + #else + sp_point_256 point[1]; + #endif + sp_digit k[4]; +#endif #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN sp_point_256* infinity = NULL; #endif - int err; + int err = MP_OKAY; + (void)heap; - err = sp_256_point_new_4(heap, p, point); -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - if (err == MP_OKAY) { - err = sp_256_point_new_4(heap, inf, infinity); - } -#endif -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, DYNAMIC_TYPE_ECC); + #else + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC); + #endif + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif if (err == MP_OKAY) { + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + infinity = point + 1; + #endif + err = sp_256_ecc_gen_k_4(rng, k); } if (err == MP_OKAY) { @@ -37495,15 +37339,14 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_256_point_to_ecc_point_4(point, pub); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); + if (point != NULL) { + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); } #endif -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_256_point_free_4(infinity, 1, heap); -#endif - sp_256_point_free_4(point, 1, heap); return err; } @@ -37547,30 +37390,32 @@ static void sp_256_to_bin(sp_digit* r, byte* a) int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, word32* outLen, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[4]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[1]; + sp_digit k[4]; +#endif int err = MP_OKAY; if (*outLen < 32U) { err = BUFFER_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_256_point_new_4(heap, p, point); + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif if (err == MP_OKAY) { @@ -37583,12 +37428,12 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, *outLen = 32; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(point, 0, heap); return err; } @@ -38227,22 +38072,17 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit ed[2*4]; - sp_digit xd[2*4]; - sp_digit kd[2*4]; - sp_digit rd[2*4]; - sp_digit td[3 * 2*4]; - sp_point_256 p; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* e = NULL; + sp_point_256* point = NULL; +#else + sp_digit e[7 * 2 * 4]; + sp_point_256 point[1]; +#endif sp_digit* x = NULL; sp_digit* k = NULL; sp_digit* r = NULL; sp_digit* tmp = NULL; - sp_point_256* point = NULL; sp_digit* s = NULL; int64_t c; int err = MP_OKAY; @@ -38250,31 +38090,26 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, (void)heap; - err = sp_256_point_new_4(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 4, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 4, heap, + DYNAMIC_TYPE_ECC); + if (e == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - e = d + 0 * 4; - x = d + 2 * 4; - k = d + 4 * 4; - r = d + 6 * 4; - tmp = d + 8 * 4; -#else - e = ed; - x = xd; - k = kd; - r = rd; - tmp = td; -#endif + x = e + 2 * 4; + k = e + 4 * 4; + r = e + 6 * 4; + tmp = e + 8 * 4; s = e; if (hashLen > 32U) { @@ -38329,19 +38164,24 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, err = sp_256_to_mp(s, sm); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 8 * 4); - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 2U * 4U); - XMEMSET(x, 0, sizeof(sp_digit) * 2U * 4U); - XMEMSET(k, 0, sizeof(sp_digit) * 2U * 4U); - XMEMSET(r, 0, sizeof(sp_digit) * 2U * 4U); - XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 4U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (e != NULL) #endif - sp_256_point_free_4(point, 1, heap); + { + ForceZero(e, sizeof(sp_digit) * 7 * 2 * 4); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(e, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (point != NULL) +#endif + { + ForceZero(point, sizeof(sp_point_256)); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(point, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -38917,52 +38757,41 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, int* res, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit u1d[2*4]; - sp_digit u2d[2*4]; - sp_digit sd[2*4]; - sp_digit tmpd[2*4 * 5]; - sp_point_256 p1d; - sp_point_256 p2d; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* u1 = NULL; + sp_point_256* p1 = NULL; +#else + sp_digit u1[16 * 4]; + sp_point_256 p1[2]; +#endif sp_digit* u2 = NULL; sp_digit* s = NULL; sp_digit* tmp = NULL; - sp_point_256* p1; sp_point_256* p2 = NULL; sp_digit carry; int64_t c = 0; - int err; + int err = MP_OKAY; - err = sp_256_point_new_4(heap, p1d, p1); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_256_point_new_4(heap, p2d, p2); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 4, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + p1 = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (p1 == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 4, heap, + DYNAMIC_TYPE_ECC); + if (u1 == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - u1 = d + 0 * 4; - u2 = d + 2 * 4; - s = d + 4 * 4; - tmp = d + 6 * 4; -#else - u1 = u1d; - u2 = u2d; - s = sd; - tmp = tmpd; -#endif + u2 = u1 + 2 * 4; + s = u1 + 4 * 4; + tmp = u1 + 6 * 4; + p2 = p1 + 1; if (hashLen > 32U) { hashLen = 32U; @@ -39013,12 +38842,12 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) - XFREE(d, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (u1 != NULL) + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + if (p1 != NULL) + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(p1, 0, heap); - sp_256_point_free_4(p2, 0, heap); return err; } @@ -39035,32 +38864,23 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, static int sp_256_ecc_is_point_4(const sp_point_256* point, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2*4]; - sp_digit t2d[2*4]; + sp_digit t1[4 * 4]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 4, heap, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 4, heap, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif (void)heap; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 4; - t2 = d + 2 * 4; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 4; sp_256_sqr_4(t1, point->y); (void)sp_256_mod_4(t1, t1, p256_mod); @@ -39080,10 +38900,9 @@ static int sp_256_ecc_is_point_4(const sp_point_256* point, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -39098,14 +38917,21 @@ static int sp_256_ecc_is_point_4(const sp_point_256* point, */ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 pubd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* pub = NULL; +#else + sp_point_256 pub[1]; +#endif + const byte one[1] = { 1 }; + int err = MP_OKAY; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; #endif - sp_point_256* pub; - byte one[1] = { 1 }; - int err; - err = sp_256_point_new_4(NULL, pubd, pub); if (err == MP_OKAY) { sp_256_from_mp(pub->x, 4, pX); sp_256_from_mp(pub->y, 4, pY); @@ -39114,7 +38940,10 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) err = sp_256_ecc_is_point_4(pub, NULL); } - sp_256_point_free_4(pub, 0, NULL); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -39133,45 +38962,45 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, const mp_int* privm, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit privd[4]; - sp_point_256 pubd; - sp_point_256 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* priv = NULL; - sp_point_256* pub; - sp_point_256* p = NULL; - byte one[1] = { 1 }; - int err; - - err = sp_256_point_new_4(heap, pubd, pub); - if (err == MP_OKAY) { - err = sp_256_point_new_4(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY && privm) { - priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4, heap, - DYNAMIC_TYPE_ECC); - if (priv == NULL) { - err = MEMORY_E; - } - } + sp_point_256* pub = NULL; +#else + sp_digit priv[4]; + sp_point_256 pub[2]; #endif + sp_point_256* p = NULL; + const byte one[1] = { 1 }; + int err = MP_OKAY; + /* Quick check the lengs of public key ordinates and private key are in * range. Proper check later. */ - if ((err == MP_OKAY) && ((mp_count_bits(pX) > 256) || + if (((mp_count_bits(pX) > 256) || (mp_count_bits(pY) > 256) || ((privm != NULL) && (mp_count_bits(privm) > 256)))) { err = ECC_OUT_OF_RANGE_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - priv = privd; + pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY && privm) { + priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4, heap, + DYNAMIC_TYPE_ECC); + if (priv == NULL) + err = MEMORY_E; + } #endif + if (err == MP_OKAY) { + p = pub + 1; + sp_256_from_mp(pub->x, 4, pX); sp_256_from_mp(pub->y, 4, pY); sp_256_from_bin(pub->z, 4, one, (int)sizeof(one)); @@ -39220,13 +39049,12 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (priv != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + if (priv != NULL) XFREE(priv, heap, DYNAMIC_TYPE_ECC); - } #endif - sp_256_point_free_4(p, 0, heap); - sp_256_point_free_4(pub, 0, heap); return err; } @@ -39250,33 +39078,35 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* qX, mp_int* qY, mp_int* qZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 4 * 5]; - sp_point_256 pd; - sp_point_256 qd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_256* p; + sp_point_256* p = NULL; +#else + sp_digit tmp[2 * 4 * 5]; + sp_point_256 p[2]; +#endif sp_point_256* q = NULL; int err; - err = sp_256_point_new_4(NULL, pd, p); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_256_point_new_4(NULL, qd, q); + p = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, NULL, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (tmp == NULL) { err = MEMORY_E; } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { + q = p + 1; + sp_256_from_mp(p->x, 4, pX); sp_256_from_mp(p->y, 4, pY); sp_256_from_mp(p->z, 4, pZ); @@ -39297,13 +39127,12 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_256_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(q, 0, NULL); - sp_256_point_free_4(p, 0, NULL); return err; } @@ -39322,25 +39151,28 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 4 * 2]; - sp_point_256 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_256* p; - int err; + sp_point_256* p = NULL; +#else + sp_digit tmp[2 * 4 * 2]; + sp_point_256 p[1]; +#endif + int err = MP_OKAY; - err = sp_256_point_new_4(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 2, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { @@ -39361,12 +39193,12 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_256_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(p, 0, NULL); return err; } @@ -39381,25 +39213,29 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, */ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 4 * 4]; - sp_point_256 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_256* p; - int err; + sp_point_256* p = NULL; +#else + sp_digit tmp[2 * 4 * 4]; + sp_point_256 p[1]; +#endif + int err = MP_OKAY; - err = sp_256_point_new_4(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 4, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { sp_256_from_mp(p->x, 4, pX); @@ -39419,12 +39255,12 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) err = sp_256_to_mp(p->z, pZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(p, 0, NULL); return err; } @@ -39437,31 +39273,23 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) */ static int sp_256_mont_sqrt_4(sp_digit* y) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2 * 4]; - sp_digit t2d[2 * 4]; + sp_digit t1[4 * 4]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 4, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 4, NULL, DYNAMIC_TYPE_ECC); + if (t1 == NULL) { err = MEMORY_E; } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 4; - t2 = d + 2 * 4; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 4; { /* t2 = y ^ 0x2 */ @@ -39496,10 +39324,9 @@ static int sp_256_mont_sqrt_4(sp_digit* y) } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -39515,31 +39342,22 @@ static int sp_256_mont_sqrt_4(sp_digit* y) */ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; -#else - sp_digit xd[2 * 4]; - sp_digit yd[2 * 4]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* x = NULL; +#else + sp_digit x[4 * 4]; +#endif sp_digit* y = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 4, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 4, NULL, DYNAMIC_TYPE_ECC); + if (x == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - x = d + 0 * 4; - y = d + 2 * 4; -#else - x = xd; - y = yd; -#endif + y = x + 2 * 4; sp_256_from_mp(x, 4, xm); err = sp_256_mod_mul_norm_4(x, x, p256_mod); @@ -39572,10 +39390,9 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) err = sp_256_to_mp(y, ym); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (x != NULL) + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -40250,64 +40067,6 @@ static sp_digit sp_384_sub_6(sp_digit* r, const sp_digit* a, return (sp_digit)r; } -/* Create a new point. - * - * heap [in] Buffer to allocate dynamic memory from. - * sp [in] Data for point - only if not allocating. - * p [out] New point. - * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise. - */ -static int sp_384_point_new_ex_6(void* heap, sp_point_384* sp, - sp_point_384** p) -{ - int ret = MP_OKAY; - (void)heap; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - (void)sp; - *p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC); -#else - *p = sp; -#endif - if (*p == NULL) { - ret = MEMORY_E; - } - return ret; -} - -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* Allocate memory for point and return error. */ -#define sp_384_point_new_6(heap, sp, p) sp_384_point_new_ex_6((heap), NULL, &(p)) -#else -/* Set pointer to data and return no error. */ -#define sp_384_point_new_6(heap, sp, p) sp_384_point_new_ex_6((heap), &(sp), &(p)) -#endif - - -/* Free the point. - * - * p [in,out] Point to free. - * clear [in] Indicates whether to zeroize point. - * heap [in] Buffer from which dynamic memory was allocate from. - */ -static void sp_384_point_free_6(sp_point_384* p, int clear, void* heap) -{ -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* If valid pointer then clear point data if requested and free data. */ - if (p != NULL) { - if (clear != 0) { - XMEMSET(p, 0, sizeof(*p)); - } - XFREE(p, heap, DYNAMIC_TYPE_ECC); - } -#else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { - XMEMSET(p, 0, sizeof(*p)); - } -#endif - (void)heap; -} - /* Multiply a number by Montogmery normalizer mod modulus (prime). * * r The resulting Montgomery form number. @@ -40317,34 +40076,25 @@ static void sp_384_point_free_6(sp_point_384* p, int clear, void* heap) */ static int sp_384_mod_mul_norm_6(sp_digit* r, const sp_digit* a, const sp_digit* m) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - int64_t* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + int64_t* t = NULL; #else - int64_t td[12]; - int64_t a32d[12]; + int64_t t[2 * 12]; #endif - int64_t* t; - int64_t* a32; + int64_t* a32 = NULL; int64_t o; int err = MP_OKAY; (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (int64_t*)XMALLOC(sizeof(int64_t) * 2 * 12, NULL, DYNAMIC_TYPE_ECC); - if (td == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (int64_t*)XMALLOC(sizeof(int64_t) * 2 * 12, NULL, DYNAMIC_TYPE_ECC); + if (t == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = td; - a32 = td + 12; -#else - t = td; - a32 = a32d; -#endif + a32 = t + 12; a32[0] = a[0] & 0xffffffff; a32[1] = a[0] >> 32; @@ -40420,9 +40170,9 @@ static int sp_384_mod_mul_norm_6(sp_digit* r, const sp_digit* a, const sp_digit* r[5] = (t[11] << 32) | t[10]; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -42155,43 +41905,41 @@ static void sp_384_get_point_33_6(sp_point_384* r, const sp_point_384* table, static int sp_384_ecc_mulmod_win_add_sub_6(sp_point_384* r, const sp_point_384* g, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 td[33]; - sp_point_384 rtd; - sp_point_384 pd; - sp_digit tmpd[2 * 6 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* t = NULL; + sp_digit* tmp = NULL; +#else + sp_point_384 t[33+2]; + sp_digit tmp[2 * 6 * 6]; #endif - sp_point_384* t; - sp_point_384* rt; + sp_point_384* rt = NULL; sp_point_384* p = NULL; - sp_digit* tmp; sp_digit* negy; int i; ecc_recode_384 v[65]; - int err; + int err = MP_OKAY; /* Constant time used for cache attack resistance implementation. */ (void)ct; (void)heap; - err = sp_384_point_new_6(heap, rtd, rt); - if (err == MP_OKAY) - err = sp_384_point_new_6(heap, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 33, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * + (33+2), heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; -#else - t = td; - tmp = tmpd; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, + heap, DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif - if (err == MP_OKAY) { + rt = t + 33; + p = t + 33+1; + /* t[0] = {0, 0, 1} * norm */ XMEMSET(&t[0], 0, sizeof(t[0])); t[0].infinity = 1; @@ -42271,14 +42019,12 @@ static int sp_384_ecc_mulmod_win_add_sub_6(sp_point_384* r, const sp_point_384* } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); if (tmp != NULL) XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(p, 0, heap); - sp_384_point_free_6(rt, 0, heap); return err; } @@ -42411,29 +42157,30 @@ static void sp_384_proj_to_affine_6(sp_point_384* a, sp_digit* t) static int sp_384_gen_stripe_table_6(const sp_point_384* a, sp_table_entry_384* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 td; - sp_point_384 s1d; - sp_point_384 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* t = NULL; +#else + sp_point_384 t[3]; #endif - sp_point_384* t; sp_point_384* s1 = NULL; sp_point_384* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_384_point_new_6(heap, td, t); - if (err == MP_OKAY) { - err = sp_384_point_new_6(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_384_point_new_6(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_384_mod_mul_norm_6(t->x, a->x, p384_mod); } if (err == MP_OKAY) { @@ -42478,9 +42225,10 @@ static int sp_384_gen_stripe_table_6(const sp_point_384* a, } } - sp_384_point_free_6(s2, 0, heap); - sp_384_point_free_6(s1, 0, heap); - sp_384_point_free_6( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -42549,19 +42297,19 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g, const sp_table_entry_384* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 rtd; - sp_point_384 pd; - sp_digit td[2 * 6 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_384 rt[2]; + sp_digit t[2 * 6 * 6]; #endif - sp_point_384* rt; sp_point_384* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -42569,21 +42317,22 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g, (void)heap; - err = sp_384_point_new_6(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_384_point_new_6(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p384_norm_mod, sizeof(p384_norm_mod)); XMEMCPY(rt->z, p384_norm_mod, sizeof(p384_norm_mod)); @@ -42634,13 +42383,12 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(p, 0, heap); - sp_384_point_free_6(rt, 0, heap); return err; } @@ -42809,29 +42557,30 @@ static int sp_384_ecc_mulmod_6(sp_point_384* r, const sp_point_384* g, const sp_ static int sp_384_gen_stripe_table_6(const sp_point_384* a, sp_table_entry_384* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 td; - sp_point_384 s1d; - sp_point_384 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* t = NULL; +#else + sp_point_384 t[3]; #endif - sp_point_384* t; sp_point_384* s1 = NULL; sp_point_384* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_384_point_new_6(heap, td, t); - if (err == MP_OKAY) { - err = sp_384_point_new_6(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_384_point_new_6(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_384_mod_mul_norm_6(t->x, a->x, p384_mod); } if (err == MP_OKAY) { @@ -42876,9 +42625,10 @@ static int sp_384_gen_stripe_table_6(const sp_point_384* a, } } - sp_384_point_free_6(s2, 0, heap); - sp_384_point_free_6(s1, 0, heap); - sp_384_point_free_6( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -42947,19 +42697,19 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g, const sp_table_entry_384* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 rtd; - sp_point_384 pd; - sp_digit td[2 * 6 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_384 rt[2]; + sp_digit t[2 * 6 * 6]; #endif - sp_point_384* rt; sp_point_384* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -42967,21 +42717,22 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g, (void)heap; - err = sp_384_point_new_6(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_384_point_new_6(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p384_norm_mod, sizeof(p384_norm_mod)); XMEMCPY(rt->z, p384_norm_mod, sizeof(p384_norm_mod)); @@ -43032,13 +42783,12 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(p, 0, heap); - sp_384_point_free_6(rt, 0, heap); return err; } @@ -43203,25 +42953,28 @@ static int sp_384_ecc_mulmod_6(sp_point_384* r, const sp_point_384* g, const sp_ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[6]; -#endif - sp_point_384* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[1]; + sp_digit k[6]; +#endif int err = MP_OKAY; - err = sp_384_point_new_6(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_384_from_mp(k, 6, km); sp_384_point_from_ecc_point_6(point, gm); @@ -43232,12 +42985,12 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, err = sp_384_point_to_ecc_point_6(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(point, 0, heap); return err; } @@ -43257,37 +43010,35 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_point_384 a; - sp_digit kd[6]; - sp_digit t[6 * 2 * 6]; -#endif - sp_point_384* point; - sp_point_384* addP = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[2]; + sp_digit k[6 + 6 * 2 * 6]; +#endif + sp_point_384* addP = NULL; sp_digit* tmp = NULL; int err = MP_OKAY; - err = sp_384_point_new_6(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_384_point_new_6(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (6 + 6 * 2 * 6), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (6 + 6 * 2 * 6), heap, + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 6; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 6; + sp_384_from_mp(k, 6, km); sp_384_point_from_ecc_point_6(point, gm); sp_384_point_from_ecc_point_6(addP, am); @@ -43314,13 +43065,12 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, err = sp_384_point_to_ecc_point_6(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(addP, 0, heap); - sp_384_point_free_6(point, 0, heap); return err; } @@ -62885,35 +62635,41 @@ static int sp_384_ecc_mulmod_add_only_6(sp_point_384* r, const sp_point_384* g, const sp_table_entry_384* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 rtd; - sp_point_384 pd; - sp_digit tmpd[2 * 6 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* rt = NULL; + sp_digit* tmp = NULL; +#else + sp_point_384 rt[2]; + sp_digit tmp[2 * 6 * 6]; #endif - sp_point_384* rt; sp_point_384* p = NULL; - sp_digit* tmp; - sp_digit* negy; + sp_digit* negy = NULL; int i; ecc_recode_384 v[55]; - int err; + int err = MP_OKAY; (void)g; (void)ct; (void)heap; - err = sp_384_point_new_6(heap, rtd, rt); - if (err == MP_OKAY) - err = sp_384_point_new_6(heap, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; -#else - tmp = tmpd; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap, + DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif - negy = tmp; + + if (err == MP_OKAY) { + negy = tmp; + p = rt + 1; + } if (err == MP_OKAY) { sp_384_ecc_recode_7_6(k, v); @@ -62958,16 +62714,19 @@ static int sp_384_ecc_mulmod_add_only_6(sp_point_384* r, const sp_point_384* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { - XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 6 * 6); - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); - } -#else - ForceZero(tmp, sizeof(sp_digit) * 2 * 6 * 6); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) +#endif + { + ForceZero(tmp, sizeof(sp_digit) * 2 * 6 * 6); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(p, 0, heap); - sp_384_point_free_6(rt, 0, heap); return MP_OKAY; } @@ -63001,26 +62760,28 @@ static int sp_384_ecc_mulmod_base_6(sp_point_384* r, const sp_digit* k, */ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[6]; -#endif - sp_point_384* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[1]; + sp_digit k[6]; +#endif int err = MP_OKAY; - err = sp_384_point_new_6(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_384_from_mp(k, 6, km); @@ -63030,12 +62791,12 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) err = sp_384_point_to_ecc_point_6(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(point, 0, heap); return err; } @@ -63054,37 +62815,35 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_point_384 a; - sp_digit kd[6]; - sp_digit t[6 * 2 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; + sp_digit* k = NULL; +#else + sp_point_384 point[2]; + sp_digit k[6 + 6 * 2 * 6]; #endif - sp_point_384* point; sp_point_384* addP = NULL; sp_digit* tmp = NULL; - sp_digit* k = NULL; int err = MP_OKAY; - err = sp_384_point_new_6(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_384_point_new_6(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (6 + 6 * 2 * 6), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (6 + 6 * 2 * 6), + heap, DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 6; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 6; + sp_384_from_mp(k, 6, km); sp_384_point_from_ecc_point_6(addP, am); } @@ -63110,13 +62869,12 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, err = sp_384_point_to_ecc_point_6(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(addP, 0, heap); - sp_384_point_free_6(point, 0, heap); return err; } @@ -63245,41 +63003,46 @@ static int sp_384_ecc_gen_k_6(WC_RNG* rng, sp_digit* k) */ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[6]; -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_point_384 inf; -#endif -#endif - sp_point_384* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + sp_point_384 point[2]; + #else + sp_point_384 point[1]; + #endif + sp_digit k[6]; +#endif #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN sp_point_384* infinity = NULL; #endif - int err; + int err = MP_OKAY; + (void)heap; - err = sp_384_point_new_6(heap, p, point); -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - if (err == MP_OKAY) { - err = sp_384_point_new_6(heap, inf, infinity); - } -#endif -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, DYNAMIC_TYPE_ECC); + #else + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC); + #endif + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif if (err == MP_OKAY) { + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + infinity = point + 1; + #endif + err = sp_384_ecc_gen_k_6(rng, k); } if (err == MP_OKAY) { @@ -63304,15 +63067,14 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_384_point_to_ecc_point_6(point, pub); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); + if (point != NULL) { + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); } #endif -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_384_point_free_6(infinity, 1, heap); -#endif - sp_384_point_free_6(point, 1, heap); return err; } @@ -63356,30 +63118,32 @@ static void sp_384_to_bin(sp_digit* r, byte* a) int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, word32* outLen, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[6]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[1]; + sp_digit k[6]; +#endif int err = MP_OKAY; if (*outLen < 48U) { err = BUFFER_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_384_point_new_6(heap, p, point); + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif if (err == MP_OKAY) { @@ -63392,12 +63156,12 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, *outLen = 48; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(point, 0, heap); return err; } @@ -64071,22 +63835,17 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit ed[2*6]; - sp_digit xd[2*6]; - sp_digit kd[2*6]; - sp_digit rd[2*6]; - sp_digit td[3 * 2*6]; - sp_point_384 p; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* e = NULL; + sp_point_384* point = NULL; +#else + sp_digit e[7 * 2 * 6]; + sp_point_384 point[1]; +#endif sp_digit* x = NULL; sp_digit* k = NULL; sp_digit* r = NULL; sp_digit* tmp = NULL; - sp_point_384* point = NULL; sp_digit* s = NULL; int64_t c; int err = MP_OKAY; @@ -64094,31 +63853,26 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, (void)heap; - err = sp_384_point_new_6(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 6, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 6, heap, + DYNAMIC_TYPE_ECC); + if (e == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - e = d + 0 * 6; - x = d + 2 * 6; - k = d + 4 * 6; - r = d + 6 * 6; - tmp = d + 8 * 6; -#else - e = ed; - x = xd; - k = kd; - r = rd; - tmp = td; -#endif + x = e + 2 * 6; + k = e + 4 * 6; + r = e + 6 * 6; + tmp = e + 8 * 6; s = e; if (hashLen > 48U) { @@ -64173,19 +63927,24 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, err = sp_384_to_mp(s, sm); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 8 * 6); - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 2U * 6U); - XMEMSET(x, 0, sizeof(sp_digit) * 2U * 6U); - XMEMSET(k, 0, sizeof(sp_digit) * 2U * 6U); - XMEMSET(r, 0, sizeof(sp_digit) * 2U * 6U); - XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 6U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (e != NULL) #endif - sp_384_point_free_6(point, 1, heap); + { + ForceZero(e, sizeof(sp_digit) * 7 * 2 * 6); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(e, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (point != NULL) +#endif + { + ForceZero(point, sizeof(sp_point_384)); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(point, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -64646,52 +64405,41 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, int* res, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit u1d[2*6]; - sp_digit u2d[2*6]; - sp_digit sd[2*6]; - sp_digit tmpd[2*6 * 5]; - sp_point_384 p1d; - sp_point_384 p2d; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* u1 = NULL; + sp_point_384* p1 = NULL; +#else + sp_digit u1[16 * 6]; + sp_point_384 p1[2]; +#endif sp_digit* u2 = NULL; sp_digit* s = NULL; sp_digit* tmp = NULL; - sp_point_384* p1; sp_point_384* p2 = NULL; sp_digit carry; int64_t c = 0; - int err; + int err = MP_OKAY; - err = sp_384_point_new_6(heap, p1d, p1); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_384_point_new_6(heap, p2d, p2); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 6, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + p1 = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (p1 == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 6, heap, + DYNAMIC_TYPE_ECC); + if (u1 == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - u1 = d + 0 * 6; - u2 = d + 2 * 6; - s = d + 4 * 6; - tmp = d + 6 * 6; -#else - u1 = u1d; - u2 = u2d; - s = sd; - tmp = tmpd; -#endif + u2 = u1 + 2 * 6; + s = u1 + 4 * 6; + tmp = u1 + 6 * 6; + p2 = p1 + 1; if (hashLen > 48U) { hashLen = 48U; @@ -64742,12 +64490,12 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) - XFREE(d, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (u1 != NULL) + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + if (p1 != NULL) + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(p1, 0, heap); - sp_384_point_free_6(p2, 0, heap); return err; } @@ -64764,32 +64512,23 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, static int sp_384_ecc_is_point_6(const sp_point_384* point, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2*6]; - sp_digit t2d[2*6]; + sp_digit t1[6 * 4]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6 * 4, heap, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6 * 4, heap, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif (void)heap; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 6; - t2 = d + 2 * 6; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 6; sp_384_sqr_6(t1, point->y); (void)sp_384_mod_6(t1, t1, p384_mod); @@ -64809,10 +64548,9 @@ static int sp_384_ecc_is_point_6(const sp_point_384* point, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -64827,14 +64565,21 @@ static int sp_384_ecc_is_point_6(const sp_point_384* point, */ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 pubd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* pub = NULL; +#else + sp_point_384 pub[1]; +#endif + const byte one[1] = { 1 }; + int err = MP_OKAY; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; #endif - sp_point_384* pub; - byte one[1] = { 1 }; - int err; - err = sp_384_point_new_6(NULL, pubd, pub); if (err == MP_OKAY) { sp_384_from_mp(pub->x, 6, pX); sp_384_from_mp(pub->y, 6, pY); @@ -64843,7 +64588,10 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) err = sp_384_ecc_is_point_6(pub, NULL); } - sp_384_point_free_6(pub, 0, NULL); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -64862,45 +64610,45 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, const mp_int* privm, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit privd[6]; - sp_point_384 pubd; - sp_point_384 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* priv = NULL; - sp_point_384* pub; - sp_point_384* p = NULL; - byte one[1] = { 1 }; - int err; - - err = sp_384_point_new_6(heap, pubd, pub); - if (err == MP_OKAY) { - err = sp_384_point_new_6(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY && privm) { - priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6, heap, - DYNAMIC_TYPE_ECC); - if (priv == NULL) { - err = MEMORY_E; - } - } + sp_point_384* pub = NULL; +#else + sp_digit priv[6]; + sp_point_384 pub[2]; #endif + sp_point_384* p = NULL; + const byte one[1] = { 1 }; + int err = MP_OKAY; + /* Quick check the lengs of public key ordinates and private key are in * range. Proper check later. */ - if ((err == MP_OKAY) && ((mp_count_bits(pX) > 384) || + if (((mp_count_bits(pX) > 384) || (mp_count_bits(pY) > 384) || ((privm != NULL) && (mp_count_bits(privm) > 384)))) { err = ECC_OUT_OF_RANGE_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - priv = privd; + pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY && privm) { + priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6, heap, + DYNAMIC_TYPE_ECC); + if (priv == NULL) + err = MEMORY_E; + } #endif + if (err == MP_OKAY) { + p = pub + 1; + sp_384_from_mp(pub->x, 6, pX); sp_384_from_mp(pub->y, 6, pY); sp_384_from_bin(pub->z, 6, one, (int)sizeof(one)); @@ -64949,13 +64697,12 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (priv != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + if (priv != NULL) XFREE(priv, heap, DYNAMIC_TYPE_ECC); - } #endif - sp_384_point_free_6(p, 0, heap); - sp_384_point_free_6(pub, 0, heap); return err; } @@ -64979,33 +64726,35 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* qX, mp_int* qY, mp_int* qZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 6 * 5]; - sp_point_384 pd; - sp_point_384 qd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_384* p; + sp_point_384* p = NULL; +#else + sp_digit tmp[2 * 6 * 5]; + sp_point_384 p[2]; +#endif sp_point_384* q = NULL; int err; - err = sp_384_point_new_6(NULL, pd, p); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_384_point_new_6(NULL, qd, q); + p = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 5, NULL, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (tmp == NULL) { err = MEMORY_E; } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { + q = p + 1; + sp_384_from_mp(p->x, 6, pX); sp_384_from_mp(p->y, 6, pY); sp_384_from_mp(p->z, 6, pZ); @@ -65026,13 +64775,12 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_384_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(q, 0, NULL); - sp_384_point_free_6(p, 0, NULL); return err; } @@ -65051,25 +64799,28 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 6 * 2]; - sp_point_384 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_384* p; - int err; + sp_point_384* p = NULL; +#else + sp_digit tmp[2 * 6 * 2]; + sp_point_384 p[1]; +#endif + int err = MP_OKAY; - err = sp_384_point_new_6(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 2, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { @@ -65090,12 +64841,12 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_384_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(p, 0, NULL); return err; } @@ -65110,25 +64861,29 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, */ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 6 * 6]; - sp_point_384 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_384* p; - int err; + sp_point_384* p = NULL; +#else + sp_digit tmp[2 * 6 * 6]; + sp_point_384 p[1]; +#endif + int err = MP_OKAY; - err = sp_384_point_new_6(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { sp_384_from_mp(p->x, 6, pX); @@ -65148,12 +64903,12 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) err = sp_384_to_mp(p->z, pZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(p, 0, NULL); return err; } @@ -65166,43 +64921,28 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) */ static int sp_384_mont_sqrt_6(sp_digit* y) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2 * 6]; - sp_digit t2d[2 * 6]; - sp_digit t3d[2 * 6]; - sp_digit t4d[2 * 6]; - sp_digit t5d[2 * 6]; + sp_digit t1[5 * 2 * 6]; #endif - sp_digit* t1; - sp_digit* t2; - sp_digit* t3; - sp_digit* t4; - sp_digit* t5; + sp_digit* t2 = NULL; + sp_digit* t3 = NULL; + sp_digit* t4 = NULL; + sp_digit* t5 = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 6, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 6, NULL, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 6; - t2 = d + 2 * 6; - t3 = d + 4 * 6; - t4 = d + 6 * 6; - t5 = d + 8 * 6; -#else - t1 = t1d; - t2 = t2d; - t3 = t3d; - t4 = t4d; - t5 = t5d; -#endif + t2 = t1 + 2 * 6; + t3 = t1 + 4 * 6; + t4 = t1 + 6 * 6; + t5 = t1 + 8 * 6; { /* t2 = y ^ 0x2 */ @@ -65262,10 +65002,9 @@ static int sp_384_mont_sqrt_6(sp_digit* y) } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -65281,31 +65020,22 @@ static int sp_384_mont_sqrt_6(sp_digit* y) */ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; -#else - sp_digit xd[2 * 6]; - sp_digit yd[2 * 6]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* x = NULL; +#else + sp_digit x[4 * 6]; +#endif sp_digit* y = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 6, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 6, NULL, DYNAMIC_TYPE_ECC); + if (x == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - x = d + 0 * 6; - y = d + 2 * 6; -#else - x = xd; - y = yd; -#endif + y = x + 2 * 6; sp_384_from_mp(x, 6, xm); err = sp_384_mod_mul_norm_6(x, x, p384_mod); @@ -65338,10 +65068,9 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) err = sp_384_to_mp(y, ym); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (x != NULL) + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -67214,6 +66943,8 @@ static int sp_1024_mod_mul_norm_16(sp_digit* r, const sp_digit* a, return sp_1024_mod_16(r, r, m); } + +#ifdef WOLFCRYPT_HAVE_SAKKE /* Create a new point. * * heap [in] Buffer to allocate dynamic memory from. @@ -67245,8 +66976,8 @@ static int sp_1024_point_new_ex_16(void* heap, sp_point_1024* sp, /* Set pointer to data and return no error. */ #define sp_1024_point_new_16(heap, sp, p) sp_1024_point_new_ex_16((heap), &(sp), &(p)) #endif - - +#endif /* WOLFCRYPT_HAVE_SAKKE */ +#ifdef WOLFCRYPT_HAVE_SAKKE /* Free the point. * * p [in,out] Point to free. @@ -67271,6 +67002,7 @@ static void sp_1024_point_free_16(sp_point_1024* p, int clear, void* heap) #endif (void)heap; } +#endif /* WOLFCRYPT_HAVE_SAKKE */ /* Convert an mp_int to an array of sp_digit. * @@ -69514,43 +69246,41 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v) static int sp_1024_ecc_mulmod_win_add_sub_16(sp_point_1024* r, const sp_point_1024* g, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 td[65]; - sp_point_1024 rtd; - sp_point_1024 pd; - sp_digit tmpd[2 * 16 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* t = NULL; + sp_digit* tmp = NULL; +#else + sp_point_1024 t[65+2]; + sp_digit tmp[2 * 16 * 6]; #endif - sp_point_1024* t; - sp_point_1024* rt; + sp_point_1024* rt = NULL; sp_point_1024* p = NULL; - sp_digit* tmp; sp_digit* negy; int i; ecc_recode_1024 v[147]; - int err; + int err = MP_OKAY; /* Constant time used for cache attack resistance implementation. */ (void)ct; (void)heap; - err = sp_1024_point_new_16(heap, rtd, rt); - if (err == MP_OKAY) - err = sp_1024_point_new_16(heap, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 65, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * + (65+2), heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 16 * 6, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; -#else - t = td; - tmp = tmpd; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 16 * 6, + heap, DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif - if (err == MP_OKAY) { + rt = t + 65; + p = t + 65+1; + /* t[0] = {0, 0, 1} * norm */ XMEMSET(&t[0], 0, sizeof(t[0])); t[0].infinity = 1; @@ -69634,14 +69364,12 @@ static int sp_1024_ecc_mulmod_win_add_sub_16(sp_point_1024* r, const sp_point_10 } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); if (tmp != NULL) XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_16(p, 0, heap); - sp_1024_point_free_16(rt, 0, heap); return err; } @@ -69773,29 +69501,30 @@ static void sp_1024_proj_to_affine_16(sp_point_1024* a, sp_digit* t) static int sp_1024_gen_stripe_table_16(const sp_point_1024* a, sp_table_entry_1024* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 td; - sp_point_1024 s1d; - sp_point_1024 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* t = NULL; +#else + sp_point_1024 t[3]; #endif - sp_point_1024* t; sp_point_1024* s1 = NULL; sp_point_1024* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_1024_point_new_16(heap, td, t); - if (err == MP_OKAY) { - err = sp_1024_point_new_16(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_1024_point_new_16(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_1024_mod_mul_norm_16(t->x, a->x, p1024_mod); } if (err == MP_OKAY) { @@ -69840,9 +69569,10 @@ static int sp_1024_gen_stripe_table_16(const sp_point_1024* a, } } - sp_1024_point_free_16(s2, 0, heap); - sp_1024_point_free_16(s1, 0, heap); - sp_1024_point_free_16( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -69868,19 +69598,19 @@ static int sp_1024_ecc_mulmod_stripe_16(sp_point_1024* r, const sp_point_1024* g const sp_table_entry_1024* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 rtd; - sp_point_1024 pd; - sp_digit td[2 * 16 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_1024 rt[2]; + sp_digit t[2 * 16 * 5]; #endif - sp_point_1024* rt; sp_point_1024* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -69888,21 +69618,22 @@ static int sp_1024_ecc_mulmod_stripe_16(sp_point_1024* r, const sp_point_1024* g (void)heap; - err = sp_1024_point_new_16(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_1024_point_new_16(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 16 * 5, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 16 * 5, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p1024_norm_mod, sizeof(p1024_norm_mod)); XMEMCPY(rt->z, p1024_norm_mod, sizeof(p1024_norm_mod)); @@ -69938,13 +69669,12 @@ static int sp_1024_ecc_mulmod_stripe_16(sp_point_1024* r, const sp_point_1024* g } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_16(p, 0, heap); - sp_1024_point_free_16(rt, 0, heap); return err; } @@ -70107,25 +69837,28 @@ static int sp_1024_ecc_mulmod_16(sp_point_1024* r, const sp_point_1024* g, const int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_digit kd[16]; -#endif - sp_point_1024* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; sp_digit* k = NULL; +#else + sp_point_1024 point[1]; + sp_digit k[16]; +#endif int err = MP_OKAY; - err = sp_1024_point_new_16(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_1024_from_mp(k, 16, km); sp_1024_point_from_ecc_point_16(point, gm); @@ -70136,12 +69869,12 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, err = sp_1024_point_to_ecc_point_16(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_16(point, 0, heap); return err; } @@ -73504,26 +73237,28 @@ static int sp_1024_ecc_mulmod_base_16(sp_point_1024* r, const sp_digit* k, */ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_digit kd[16]; -#endif - sp_point_1024* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; sp_digit* k = NULL; +#else + sp_point_1024 point[1]; + sp_digit k[16]; +#endif int err = MP_OKAY; - err = sp_1024_point_new_16(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_1024_from_mp(k, 16, km); @@ -73533,12 +73268,12 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) err = sp_1024_point_to_ecc_point_16(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_16(point, 0, heap); return err; } @@ -73557,37 +73292,35 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_point_1024 a; - sp_digit kd[16]; - sp_digit t[16 * 2 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; + sp_digit* k = NULL; +#else + sp_point_1024 point[2]; + sp_digit k[16 + 16 * 2 * 5]; #endif - sp_point_1024* point; sp_point_1024* addP = NULL; sp_digit* tmp = NULL; - sp_digit* k = NULL; int err = MP_OKAY; - err = sp_1024_point_new_16(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_1024_point_new_16(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 + 16 * 2 * 5), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (16 + 16 * 2 * 5), + heap, DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 16; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 16; + sp_1024_from_mp(k, 16, km); sp_1024_point_from_ecc_point_16(addP, am); } @@ -73613,13 +73346,12 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, err = sp_1024_point_to_ecc_point_16(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_16(addP, 0, heap); - sp_1024_point_free_16(point, 0, heap); return err; } @@ -73637,29 +73369,43 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, void* heap) { - int err = 0; -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_point_1024* point = NULL; + sp_digit* t = NULL; +#else + sp_point_1024 point[1]; sp_digit t[5 * 2 * 16]; +#endif + int err = MP_OKAY; if ((gm == NULL) || (len == NULL)) { err = BAD_FUNC_ARG; } - if ((err == 0) && (table == NULL)) { + if ((err == MP_OKAY) && (table == NULL)) { *len = sizeof(sp_table_entry_1024) * 256; err = LENGTH_ONLY_E; } - if ((err == 0) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { + if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { err = BUFFER_E; } - if (err == 0) { - err = sp_1024_point_new_16(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; } - if (err == 0) { + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 16, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; + } +#endif + + if (err == MP_OKAY) { sp_1024_point_from_ecc_point_16(point, gm); err = sp_1024_gen_stripe_table_16(point, (sp_table_entry_1024*)table, t, heap); @@ -73668,7 +73414,12 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, *len = sizeof(sp_table_entry_1024) * 256; } - sp_1024_point_free_16(point, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -73721,24 +73472,28 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_digit kd[16]; -#endif - sp_point_1024* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; sp_digit* k = NULL; +#else + sp_point_1024 point[1]; + sp_digit k[16]; +#endif int err = MP_OKAY; - err = sp_1024_point_new_16(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16, heap, DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_1024_from_mp(k, 16, km); sp_1024_point_from_ecc_point_16(point, gm); @@ -73755,12 +73510,12 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, err = sp_1024_point_to_ecc_point_16(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_16(point, 0, heap); return err; } @@ -76964,33 +76719,24 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n) static int sp_1024_ecc_is_point_16(const sp_point_1024* point, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2*16]; - sp_digit t2d[2*16]; + sp_digit t1[16 * 4]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int64_t n; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 4, heap, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 4, heap, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif (void)heap; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 16; - t2 = d + 2 * 16; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 16; sp_1024_sqr_16(t1, point->y); (void)sp_1024_mod_16(t1, t1, p1024_mod); @@ -77014,10 +76760,9 @@ static int sp_1024_ecc_is_point_16(const sp_point_1024* point, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -77032,14 +76777,21 @@ static int sp_1024_ecc_is_point_16(const sp_point_1024* point, */ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 pubd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* pub = NULL; +#else + sp_point_1024 pub[1]; +#endif + const byte one[1] = { 1 }; + int err = MP_OKAY; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), NULL, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; #endif - sp_point_1024* pub; - byte one[1] = { 1 }; - int err; - err = sp_1024_point_new_16(NULL, pubd, pub); if (err == MP_OKAY) { sp_1024_from_mp(pub->x, 16, pX); sp_1024_from_mp(pub->y, 16, pY); @@ -77048,7 +76800,10 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) err = sp_1024_ecc_is_point_16(pub, NULL); } - sp_1024_point_free_16(pub, 0, NULL); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -77067,45 +76822,45 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, const mp_int* privm, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit privd[16]; - sp_point_1024 pubd; - sp_point_1024 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* priv = NULL; - sp_point_1024* pub; - sp_point_1024* p = NULL; - byte one[1] = { 1 }; - int err; - - err = sp_1024_point_new_16(heap, pubd, pub); - if (err == MP_OKAY) { - err = sp_1024_point_new_16(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY && privm) { - priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16, heap, - DYNAMIC_TYPE_ECC); - if (priv == NULL) { - err = MEMORY_E; - } - } + sp_point_1024* pub = NULL; +#else + sp_digit priv[16]; + sp_point_1024 pub[2]; #endif + sp_point_1024* p = NULL; + const byte one[1] = { 1 }; + int err = MP_OKAY; + /* Quick check the lengs of public key ordinates and private key are in * range. Proper check later. */ - if ((err == MP_OKAY) && ((mp_count_bits(pX) > 1024) || + if (((mp_count_bits(pX) > 1024) || (mp_count_bits(pY) > 1024) || ((privm != NULL) && (mp_count_bits(privm) > 1024)))) { err = ECC_OUT_OF_RANGE_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - priv = privd; + pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY && privm) { + priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16, heap, + DYNAMIC_TYPE_ECC); + if (priv == NULL) + err = MEMORY_E; + } #endif + if (err == MP_OKAY) { + p = pub + 1; + sp_1024_from_mp(pub->x, 16, pX); sp_1024_from_mp(pub->y, 16, pY); sp_1024_from_bin(pub->z, 16, one, (int)sizeof(one)); @@ -77154,13 +76909,12 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (priv != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + if (priv != NULL) XFREE(priv, heap, DYNAMIC_TYPE_ECC); - } #endif - sp_1024_point_free_16(p, 0, heap); - sp_1024_point_free_16(pub, 0, heap); return err; } diff --git a/wolfcrypt/src/sp_armthumb.c b/wolfcrypt/src/sp_armthumb.c index a7e2ddd70..22ec6841c 100644 --- a/wolfcrypt/src/sp_armthumb.c +++ b/wolfcrypt/src/sp_armthumb.c @@ -3144,12 +3144,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[16 * 64]; #endif sp_digit* t[16]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -3161,19 +3161,14 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 64), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<16; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 64; -#else - t[i] = &td[i * 64]; -#endif } sp_2048_mont_setup(m, &mp); @@ -3269,9 +3264,8 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -3290,12 +3284,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[32 * 64]; #endif sp_digit* t[32]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -3307,19 +3301,14 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 64), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<32; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 64; -#else - t[i] = &td[i * 64]; -#endif } sp_2048_mont_setup(m, &mp); @@ -3432,9 +3421,8 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -4006,12 +3994,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[16 * 128]; #endif sp_digit* t[16]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -4023,19 +4011,14 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 128), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<16; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 128; -#else - t[i] = &td[i * 128]; -#endif } sp_2048_mont_setup(m, &mp); @@ -4131,9 +4114,8 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -4152,12 +4134,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[32 * 128]; #endif sp_digit* t[32]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -4169,19 +4151,14 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 128), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<32; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 128; -#else - t[i] = &td[i * 128]; -#endif } sp_2048_mont_setup(m, &mp); @@ -4294,9 +4271,8 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -4320,18 +4296,15 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, const mp_int* mm, byte* out, word32* outLen) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit a[128]; - sp_digit m[64]; - sp_digit r[128]; -#else - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[64 * 5]; +#endif sp_digit* m = NULL; sp_digit* r = NULL; -#endif sp_digit *ah = NULL; - sp_digit e[1]; + sp_digit e[1] = {0}; int err = MP_OKAY; if (*outLen < 256) { @@ -4345,22 +4318,18 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 5, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) + if (a == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - a = d; - r = a + 64 * 2; - m = r + 64 * 2; - } #endif if (err == MP_OKAY) { + r = a + 64 * 2; + m = r + 64 * 2; ah = a + 64; sp_2048_from_bin(ah, 64, in, inLen); @@ -4433,10 +4402,9 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, *outLen = 256; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -4504,8 +4472,12 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, const mp_int* qim, const mp_int* mm, byte* out, word32* outLen) { #if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM) - sp_digit* a = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[64 * 4]; +#endif + sp_digit* a = NULL; sp_digit* m = NULL; sp_digit* r = NULL; int err = MP_OKAY; @@ -4534,13 +4506,15 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 4, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) { + if (d == NULL) err = MEMORY_E; - } } +#endif + if (err == MP_OKAY) { a = d + 64; m = a + 128; @@ -4551,34 +4525,36 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, sp_2048_from_mp(m, 64, mm); err = sp_2048_mod_exp_64(r, a, d, 2048, m, 0); } + if (err == MP_OKAY) { sp_2048_to_bin(r, out); *outLen = 256; } - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 64); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) +#endif + { + /* only "a" and "r" are sensitive and need zeroized (same pointer) */ + if (a != NULL) + ForceZero(a, sizeof(sp_digit) * 64); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#endif } return err; #else -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit a[64 * 2]; - sp_digit p[32]; - sp_digit q[32]; - sp_digit dp[32]; - sp_digit tmpa[64]; - sp_digit tmpb[64]; -#else - sp_digit* t = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[32 * 11]; +#endif sp_digit* p = NULL; sp_digit* q = NULL; sp_digit* dp = NULL; sp_digit* tmpa = NULL; sp_digit* tmpb = NULL; -#endif sp_digit* r = NULL; sp_digit* qi = NULL; sp_digit* dq = NULL; @@ -4598,31 +4574,23 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 11, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 11, NULL, DYNAMIC_TYPE_RSA); - if (t == NULL) + if (a == NULL) err = MEMORY_E; } +#endif + if (err == MP_OKAY) { - a = t; p = a + 64 * 2; q = p + 32; qi = dq = dp = q + 32; tmpa = qi + 32; tmpb = tmpa + 64; - - r = t + 64; - } -#else -#endif - - if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) r = a; - qi = dq = dp; -#endif + sp_2048_from_bin(a, 64, in, inLen); sp_2048_from_mp(p, 32, pm); sp_2048_from_mp(q, 32, qm); @@ -4654,19 +4622,16 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, *outLen = 256; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_digit) * 32 * 11); - XFREE(t, NULL, DYNAMIC_TYPE_RSA); - } -#else - XMEMSET(tmpa, 0, sizeof(tmpa)); - XMEMSET(tmpb, 0, sizeof(tmpb)); - XMEMSET(p, 0, sizeof(p)); - XMEMSET(q, 0, sizeof(q)); - XMEMSET(dp, 0, sizeof(dp)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) #endif -#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */ + { + ForceZero(a, sizeof(sp_digit) * 32 * 11); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); + #endif + } +#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */ return err; } #endif /* WOLFSSL_RSA_PUBLIC_ONLY */ @@ -5208,12 +5173,12 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[193]; #endif - sp_digit* norm; - sp_digit* tmp; + sp_digit* norm = NULL; + sp_digit* tmp = NULL; sp_digit mp = 1; sp_digit n; sp_digit o; @@ -5226,18 +5191,13 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 193, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) tmp = td + 128; -#else - tmp = &td[128]; -#endif sp_2048_mont_setup(m, &mp); sp_2048_mont_norm_64(norm, m); @@ -5308,9 +5268,8 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -9044,12 +9003,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[16 * 96]; #endif sp_digit* t[16]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -9061,19 +9020,14 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 96), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<16; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 96; -#else - t[i] = &td[i * 96]; -#endif } sp_3072_mont_setup(m, &mp); @@ -9169,9 +9123,8 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -9190,12 +9143,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[32 * 96]; #endif sp_digit* t[32]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -9207,19 +9160,14 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 96), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<32; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 96; -#else - t[i] = &td[i * 96]; -#endif } sp_3072_mont_setup(m, &mp); @@ -9332,9 +9280,8 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -9912,12 +9859,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[16 * 192]; #endif sp_digit* t[16]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -9929,19 +9876,14 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 192), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<16; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 192; -#else - t[i] = &td[i * 192]; -#endif } sp_3072_mont_setup(m, &mp); @@ -10037,9 +9979,8 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -10058,12 +9999,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[32 * 192]; #endif sp_digit* t[32]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -10075,19 +10016,14 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 192), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<32; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 192; -#else - t[i] = &td[i * 192]; -#endif } sp_3072_mont_setup(m, &mp); @@ -10200,9 +10136,8 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -10226,18 +10161,15 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, const mp_int* mm, byte* out, word32* outLen) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit a[192]; - sp_digit m[96]; - sp_digit r[192]; -#else - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[96 * 5]; +#endif sp_digit* m = NULL; sp_digit* r = NULL; -#endif sp_digit *ah = NULL; - sp_digit e[1]; + sp_digit e[1] = {0}; int err = MP_OKAY; if (*outLen < 384) { @@ -10251,22 +10183,18 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 96 * 5, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 96 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) + if (a == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - a = d; - r = a + 96 * 2; - m = r + 96 * 2; - } #endif if (err == MP_OKAY) { + r = a + 96 * 2; + m = r + 96 * 2; ah = a + 96; sp_3072_from_bin(ah, 96, in, inLen); @@ -10339,10 +10267,9 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, *outLen = 384; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -10410,8 +10337,12 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, const mp_int* qim, const mp_int* mm, byte* out, word32* outLen) { #if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM) - sp_digit* a = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[96 * 4]; +#endif + sp_digit* a = NULL; sp_digit* m = NULL; sp_digit* r = NULL; int err = MP_OKAY; @@ -10440,13 +10371,15 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 96 * 4, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) { + if (d == NULL) err = MEMORY_E; - } } +#endif + if (err == MP_OKAY) { a = d + 96; m = a + 192; @@ -10457,34 +10390,36 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, sp_3072_from_mp(m, 96, mm); err = sp_3072_mod_exp_96(r, a, d, 3072, m, 0); } + if (err == MP_OKAY) { sp_3072_to_bin(r, out); *outLen = 384; } - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 96); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) +#endif + { + /* only "a" and "r" are sensitive and need zeroized (same pointer) */ + if (a != NULL) + ForceZero(a, sizeof(sp_digit) * 96); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#endif } return err; #else -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit a[96 * 2]; - sp_digit p[48]; - sp_digit q[48]; - sp_digit dp[48]; - sp_digit tmpa[96]; - sp_digit tmpb[96]; -#else - sp_digit* t = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[48 * 11]; +#endif sp_digit* p = NULL; sp_digit* q = NULL; sp_digit* dp = NULL; sp_digit* tmpa = NULL; sp_digit* tmpb = NULL; -#endif sp_digit* r = NULL; sp_digit* qi = NULL; sp_digit* dq = NULL; @@ -10504,31 +10439,23 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 48 * 11, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 48 * 11, NULL, DYNAMIC_TYPE_RSA); - if (t == NULL) + if (a == NULL) err = MEMORY_E; } +#endif + if (err == MP_OKAY) { - a = t; p = a + 96 * 2; q = p + 48; qi = dq = dp = q + 48; tmpa = qi + 48; tmpb = tmpa + 96; - - r = t + 96; - } -#else -#endif - - if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) r = a; - qi = dq = dp; -#endif + sp_3072_from_bin(a, 96, in, inLen); sp_3072_from_mp(p, 48, pm); sp_3072_from_mp(q, 48, qm); @@ -10560,19 +10487,16 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, *outLen = 384; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_digit) * 48 * 11); - XFREE(t, NULL, DYNAMIC_TYPE_RSA); - } -#else - XMEMSET(tmpa, 0, sizeof(tmpa)); - XMEMSET(tmpb, 0, sizeof(tmpb)); - XMEMSET(p, 0, sizeof(p)); - XMEMSET(q, 0, sizeof(q)); - XMEMSET(dp, 0, sizeof(dp)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) #endif -#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */ + { + ForceZero(a, sizeof(sp_digit) * 48 * 11); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); + #endif + } +#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */ return err; } #endif /* WOLFSSL_RSA_PUBLIC_ONLY */ @@ -11312,12 +11236,12 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[289]; #endif - sp_digit* norm; - sp_digit* tmp; + sp_digit* norm = NULL; + sp_digit* tmp = NULL; sp_digit mp = 1; sp_digit n; sp_digit o; @@ -11330,18 +11254,13 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 289, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) tmp = td + 192; -#else - tmp = &td[192]; -#endif sp_3072_mont_setup(m, &mp); sp_3072_mont_norm_96(norm, m); @@ -11412,9 +11331,8 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -13870,12 +13788,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[16 * 256]; #endif sp_digit* t[16]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -13887,19 +13805,14 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 256), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<16; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 256; -#else - t[i] = &td[i * 256]; -#endif } sp_4096_mont_setup(m, &mp); @@ -13995,9 +13908,8 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -14016,12 +13928,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[32 * 256]; #endif sp_digit* t[32]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -14033,19 +13945,14 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 256), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<32; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 256; -#else - t[i] = &td[i * 256]; -#endif } sp_4096_mont_setup(m, &mp); @@ -14158,9 +14065,8 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -14184,18 +14090,15 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, const mp_int* mm, byte* out, word32* outLen) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit a[256]; - sp_digit m[128]; - sp_digit r[256]; -#else - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[128 * 5]; +#endif sp_digit* m = NULL; sp_digit* r = NULL; -#endif sp_digit *ah = NULL; - sp_digit e[1]; + sp_digit e[1] = {0}; int err = MP_OKAY; if (*outLen < 512) { @@ -14209,22 +14112,18 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 128 * 5, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 128 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) + if (a == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - a = d; - r = a + 128 * 2; - m = r + 128 * 2; - } #endif if (err == MP_OKAY) { + r = a + 128 * 2; + m = r + 128 * 2; ah = a + 128; sp_4096_from_bin(ah, 128, in, inLen); @@ -14297,10 +14196,9 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, *outLen = 512; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -14369,8 +14267,12 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, const mp_int* qim, const mp_int* mm, byte* out, word32* outLen) { #if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM) - sp_digit* a = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[128 * 4]; +#endif + sp_digit* a = NULL; sp_digit* m = NULL; sp_digit* r = NULL; int err = MP_OKAY; @@ -14399,13 +14301,15 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 128 * 4, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) { + if (d == NULL) err = MEMORY_E; - } } +#endif + if (err == MP_OKAY) { a = d + 128; m = a + 256; @@ -14416,34 +14320,36 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, sp_4096_from_mp(m, 128, mm); err = sp_4096_mod_exp_128(r, a, d, 4096, m, 0); } + if (err == MP_OKAY) { sp_4096_to_bin(r, out); *outLen = 512; } - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 128); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) +#endif + { + /* only "a" and "r" are sensitive and need zeroized (same pointer) */ + if (a != NULL) + ForceZero(a, sizeof(sp_digit) * 128); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#endif } return err; #else -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit a[128 * 2]; - sp_digit p[64]; - sp_digit q[64]; - sp_digit dp[64]; - sp_digit tmpa[128]; - sp_digit tmpb[128]; -#else - sp_digit* t = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[64 * 11]; +#endif sp_digit* p = NULL; sp_digit* q = NULL; sp_digit* dp = NULL; sp_digit* tmpa = NULL; sp_digit* tmpb = NULL; -#endif sp_digit* r = NULL; sp_digit* qi = NULL; sp_digit* dq = NULL; @@ -14463,31 +14369,23 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 11, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 11, NULL, DYNAMIC_TYPE_RSA); - if (t == NULL) + if (a == NULL) err = MEMORY_E; } +#endif + if (err == MP_OKAY) { - a = t; p = a + 128 * 2; q = p + 64; qi = dq = dp = q + 64; tmpa = qi + 64; tmpb = tmpa + 128; - - r = t + 128; - } -#else -#endif - - if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) r = a; - qi = dq = dp; -#endif + sp_4096_from_bin(a, 128, in, inLen); sp_4096_from_mp(p, 64, pm); sp_4096_from_mp(q, 64, qm); @@ -14519,19 +14417,16 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, *outLen = 512; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_digit) * 64 * 11); - XFREE(t, NULL, DYNAMIC_TYPE_RSA); - } -#else - XMEMSET(tmpa, 0, sizeof(tmpa)); - XMEMSET(tmpb, 0, sizeof(tmpb)); - XMEMSET(p, 0, sizeof(p)); - XMEMSET(q, 0, sizeof(q)); - XMEMSET(dp, 0, sizeof(dp)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) #endif -#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */ + { + ForceZero(a, sizeof(sp_digit) * 64 * 11); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); + #endif + } +#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */ return err; } #endif /* WOLFSSL_RSA_PUBLIC_ONLY */ @@ -15467,12 +15362,12 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[385]; #endif - sp_digit* norm; - sp_digit* tmp; + sp_digit* norm = NULL; + sp_digit* tmp = NULL; sp_digit mp = 1; sp_digit n; sp_digit o; @@ -15485,18 +15380,13 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 385, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) tmp = td + 256; -#else - tmp = &td[256]; -#endif sp_4096_mont_setup(m, &mp); sp_4096_mont_norm_128(norm, m); @@ -15567,9 +15457,8 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -16161,64 +16050,6 @@ SP_NOINLINE static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, } #endif /* WOLFSSL_SP_SMALL */ -/* Create a new point. - * - * heap [in] Buffer to allocate dynamic memory from. - * sp [in] Data for point - only if not allocating. - * p [out] New point. - * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise. - */ -static int sp_256_point_new_ex_8(void* heap, sp_point_256* sp, - sp_point_256** p) -{ - int ret = MP_OKAY; - (void)heap; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - (void)sp; - *p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC); -#else - *p = sp; -#endif - if (*p == NULL) { - ret = MEMORY_E; - } - return ret; -} - -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* Allocate memory for point and return error. */ -#define sp_256_point_new_8(heap, sp, p) sp_256_point_new_ex_8((heap), NULL, &(p)) -#else -/* Set pointer to data and return no error. */ -#define sp_256_point_new_8(heap, sp, p) sp_256_point_new_ex_8((heap), &(sp), &(p)) -#endif - - -/* Free the point. - * - * p [in,out] Point to free. - * clear [in] Indicates whether to zeroize point. - * heap [in] Buffer from which dynamic memory was allocate from. - */ -static void sp_256_point_free_8(sp_point_256* p, int clear, void* heap) -{ -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* If valid pointer then clear point data if requested and free data. */ - if (p != NULL) { - if (clear != 0) { - XMEMSET(p, 0, sizeof(*p)); - } - XFREE(p, heap, DYNAMIC_TYPE_ECC); - } -#else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { - XMEMSET(p, 0, sizeof(*p)); - } -#endif - (void)heap; -} - /* Multiply a number by Montogmery normalizer mod modulus (prime). * * r The resulting Montgomery form number. @@ -18034,56 +17865,55 @@ static void sp_256_get_point_16_8(sp_point_256* r, const sp_point_256* table, static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 td[16]; - sp_point_256 rtd; - sp_digit tmpd[2 * 8 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* t = NULL; + sp_digit* tmp = NULL; +#else + sp_point_256 t[16]; + sp_digit tmp[2 * 8 * 5]; +#endif + sp_point_256* rt = NULL; #ifndef WC_NO_CACHE_RESISTANT - sp_point_256 pd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* p = NULL; +#else + sp_point_256 p[1]; #endif -#endif - sp_point_256* t; - sp_point_256* rt; -#ifndef WC_NO_CACHE_RESISTANT - sp_point_256* p; -#endif - sp_digit* tmp; +#endif /* !WC_NO_CACHE_RESISTANT */ sp_digit n; int i; int c; int y; - int err; + int err = MP_OKAY; /* Constant time used for cache attack resistance implementation. */ (void)ct; (void)heap; - err = sp_256_point_new_8(heap, rtd, rt); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -#ifndef WC_NO_CACHE_RESISTANT - t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 17, heap, DYNAMIC_TYPE_ECC); -#else - t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 16, heap, DYNAMIC_TYPE_ECC); -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 16, + heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; -#else - t = td; - tmp = tmpd; + #ifndef WC_NO_CACHE_RESISTANT + if (err == MP_OKAY) { + p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), + heap, DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } + #endif + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap, + DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { -#ifndef WC_NO_CACHE_RESISTANT - #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - p = t + 16; - #else - p = &pd; - #endif -#endif + rt = t + 16; + /* t[0] = {0, 0, 1} * norm */ XMEMSET(&t[0], 0, sizeof(t[0])); t[0].infinity = 1; @@ -18171,20 +18001,35 @@ static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, cons } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { - XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 8 * 5); - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); - } - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_point_256) * 16); - XFREE(t, heap, DYNAMIC_TYPE_ECC); - } -#else - ForceZero(tmpd, sizeof(tmpd)); - ForceZero(td, sizeof(td)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) #endif - sp_256_point_free_8(rt, 1, heap); + { + ForceZero(tmp, sizeof(sp_digit) * 2 * 8 * 5); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + #endif + } +#ifndef WC_NO_CACHE_RESISTANT + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (p != NULL) + #endif + { + ForceZero(p, sizeof(sp_point_256)); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(p, heap, DYNAMIC_TYPE_ECC); + #endif + } +#endif /* !WC_NO_CACHE_RESISTANT */ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) +#endif + { + ForceZero(t, sizeof(sp_point_256) * 17); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(t, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -18408,29 +18253,30 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r, const sp_point_256* p, static int sp_256_gen_stripe_table_8(const sp_point_256* a, sp_table_entry_256* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 td; - sp_point_256 s1d; - sp_point_256 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* t = NULL; +#else + sp_point_256 t[3]; #endif - sp_point_256* t; sp_point_256* s1 = NULL; sp_point_256* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_256_point_new_8(heap, td, t); - if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_256_mod_mul_norm_8(t->x, a->x, p256_mod); } if (err == MP_OKAY) { @@ -18475,9 +18321,10 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a, } } - sp_256_point_free_8(s2, 0, heap); - sp_256_point_free_8(s1, 0, heap); - sp_256_point_free_8( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -18553,19 +18400,19 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, const sp_table_entry_256* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 rtd; - sp_point_256 pd; - sp_digit td[2 * 8 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_256 rt[2]; + sp_digit t[2 * 8 * 5]; #endif - sp_point_256* rt; sp_point_256* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -18573,21 +18420,22 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, (void)heap; - err = sp_256_point_new_8(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod)); XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod)); @@ -18638,13 +18486,12 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(p, 0, heap); - sp_256_point_free_8(rt, 0, heap); return err; } @@ -18810,29 +18657,30 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g, const sp_ static int sp_256_gen_stripe_table_8(const sp_point_256* a, sp_table_entry_256* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 td; - sp_point_256 s1d; - sp_point_256 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* t = NULL; +#else + sp_point_256 t[3]; #endif - sp_point_256* t; sp_point_256* s1 = NULL; sp_point_256* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_256_point_new_8(heap, td, t); - if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_256_mod_mul_norm_8(t->x, a->x, p256_mod); } if (err == MP_OKAY) { @@ -18877,9 +18725,10 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a, } } - sp_256_point_free_8(s2, 0, heap); - sp_256_point_free_8(s1, 0, heap); - sp_256_point_free_8( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -18955,19 +18804,19 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, const sp_table_entry_256* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 rtd; - sp_point_256 pd; - sp_digit td[2 * 8 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_256 rt[2]; + sp_digit t[2 * 8 * 5]; #endif - sp_point_256* rt; sp_point_256* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -18975,21 +18824,22 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, (void)heap; - err = sp_256_point_new_8(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod)); XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod)); @@ -19040,13 +18890,12 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(p, 0, heap); - sp_256_point_free_8(rt, 0, heap); return err; } @@ -19210,25 +19059,28 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g, const sp_ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[8]; -#endif - sp_point_256* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[1]; + sp_digit k[8]; +#endif int err = MP_OKAY; - err = sp_256_point_new_8(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_256_from_mp(k, 8, km); sp_256_point_from_ecc_point_8(point, gm); @@ -19239,12 +19091,12 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, err = sp_256_point_to_ecc_point_8(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(point, 0, heap); return err; } @@ -19264,37 +19116,35 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_point_256 a; - sp_digit kd[8]; - sp_digit t[8 * 2 * 5]; -#endif - sp_point_256* point; - sp_point_256* addP = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[2]; + sp_digit k[8 + 8 * 2 * 5]; +#endif + sp_point_256* addP = NULL; sp_digit* tmp = NULL; int err = MP_OKAY; - err = sp_256_point_new_8(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 + 8 * 2 * 5), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (8 + 8 * 2 * 5), heap, + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 8; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 8; + sp_256_from_mp(k, 8, km); sp_256_point_from_ecc_point_8(point, gm); sp_256_point_from_ecc_point_8(addP, am); @@ -19321,13 +19171,12 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, err = sp_256_point_to_ecc_point_8(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(addP, 0, heap); - sp_256_point_free_8(point, 0, heap); return err; } @@ -20761,26 +20610,28 @@ static int sp_256_ecc_mulmod_base_8(sp_point_256* r, const sp_digit* k, */ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[8]; -#endif - sp_point_256* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[1]; + sp_digit k[8]; +#endif int err = MP_OKAY; - err = sp_256_point_new_8(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_256_from_mp(k, 8, km); @@ -20790,12 +20641,12 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) err = sp_256_point_to_ecc_point_8(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(point, 0, heap); return err; } @@ -20814,37 +20665,35 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_point_256 a; - sp_digit kd[8]; - sp_digit t[8 * 2 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; + sp_digit* k = NULL; +#else + sp_point_256 point[2]; + sp_digit k[8 + 8 * 2 * 5]; #endif - sp_point_256* point; sp_point_256* addP = NULL; sp_digit* tmp = NULL; - sp_digit* k = NULL; int err = MP_OKAY; - err = sp_256_point_new_8(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 + 8 * 2 * 5), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (8 + 8 * 2 * 5), + heap, DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 8; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 8; + sp_256_from_mp(k, 8, km); sp_256_point_from_ecc_point_8(addP, am); } @@ -20870,13 +20719,12 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, err = sp_256_point_to_ecc_point_8(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(addP, 0, heap); - sp_256_point_free_8(point, 0, heap); return err; } @@ -21007,41 +20855,46 @@ static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k) */ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[8]; -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_point_256 inf; -#endif -#endif - sp_point_256* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + sp_point_256 point[2]; + #else + sp_point_256 point[1]; + #endif + sp_digit k[8]; +#endif #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN sp_point_256* infinity = NULL; #endif - int err; + int err = MP_OKAY; + (void)heap; - err = sp_256_point_new_8(heap, p, point); -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, inf, infinity); - } -#endif -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, DYNAMIC_TYPE_ECC); + #else + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC); + #endif + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif if (err == MP_OKAY) { + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + infinity = point + 1; + #endif + err = sp_256_ecc_gen_k_8(rng, k); } if (err == MP_OKAY) { @@ -21066,15 +20919,14 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_256_point_to_ecc_point_8(point, pub); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); + if (point != NULL) { + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); } #endif -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_256_point_free_8(infinity, 1, heap); -#endif - sp_256_point_free_8(point, 1, heap); return err; } @@ -21135,30 +20987,32 @@ static void sp_256_to_bin(sp_digit* r, byte* a) int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, word32* outLen, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[8]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[1]; + sp_digit k[8]; +#endif int err = MP_OKAY; if (*outLen < 32U) { err = BUFFER_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, p, point); + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif if (err == MP_OKAY) { @@ -21171,12 +21025,12 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, *outLen = 32; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(point, 0, heap); return err; } @@ -21996,22 +21850,17 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit ed[2*8]; - sp_digit xd[2*8]; - sp_digit kd[2*8]; - sp_digit rd[2*8]; - sp_digit td[3 * 2*8]; - sp_point_256 p; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* e = NULL; + sp_point_256* point = NULL; +#else + sp_digit e[7 * 2 * 8]; + sp_point_256 point[1]; +#endif sp_digit* x = NULL; sp_digit* k = NULL; sp_digit* r = NULL; sp_digit* tmp = NULL; - sp_point_256* point = NULL; sp_digit* s = NULL; int32_t c; int err = MP_OKAY; @@ -22019,31 +21868,26 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, (void)heap; - err = sp_256_point_new_8(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 8, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 8, heap, + DYNAMIC_TYPE_ECC); + if (e == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - e = d + 0 * 8; - x = d + 2 * 8; - k = d + 4 * 8; - r = d + 6 * 8; - tmp = d + 8 * 8; -#else - e = ed; - x = xd; - k = kd; - r = rd; - tmp = td; -#endif + x = e + 2 * 8; + k = e + 4 * 8; + r = e + 6 * 8; + tmp = e + 8 * 8; s = e; if (hashLen > 32U) { @@ -22098,19 +21942,24 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, err = sp_256_to_mp(s, sm); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 8 * 8); - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 2U * 8U); - XMEMSET(x, 0, sizeof(sp_digit) * 2U * 8U); - XMEMSET(k, 0, sizeof(sp_digit) * 2U * 8U); - XMEMSET(r, 0, sizeof(sp_digit) * 2U * 8U); - XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 8U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (e != NULL) #endif - sp_256_point_free_8(point, 1, heap); + { + ForceZero(e, sizeof(sp_digit) * 7 * 2 * 8); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(e, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (point != NULL) +#endif + { + ForceZero(point, sizeof(sp_point_256)); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(point, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -22979,52 +22828,41 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, int* res, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit u1d[2*8]; - sp_digit u2d[2*8]; - sp_digit sd[2*8]; - sp_digit tmpd[2*8 * 5]; - sp_point_256 p1d; - sp_point_256 p2d; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* u1 = NULL; + sp_point_256* p1 = NULL; +#else + sp_digit u1[16 * 8]; + sp_point_256 p1[2]; +#endif sp_digit* u2 = NULL; sp_digit* s = NULL; sp_digit* tmp = NULL; - sp_point_256* p1; sp_point_256* p2 = NULL; sp_digit carry; int32_t c = 0; - int err; + int err = MP_OKAY; - err = sp_256_point_new_8(heap, p1d, p1); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, p2d, p2); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 8, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + p1 = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (p1 == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 8, heap, + DYNAMIC_TYPE_ECC); + if (u1 == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - u1 = d + 0 * 8; - u2 = d + 2 * 8; - s = d + 4 * 8; - tmp = d + 6 * 8; -#else - u1 = u1d; - u2 = u2d; - s = sd; - tmp = tmpd; -#endif + u2 = u1 + 2 * 8; + s = u1 + 4 * 8; + tmp = u1 + 6 * 8; + p2 = p1 + 1; if (hashLen > 32U) { hashLen = 32U; @@ -23075,12 +22913,12 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) - XFREE(d, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (u1 != NULL) + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + if (p1 != NULL) + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(p1, 0, heap); - sp_256_point_free_8(p2, 0, heap); return err; } @@ -23097,32 +22935,23 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, static int sp_256_ecc_is_point_8(const sp_point_256* point, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2*8]; - sp_digit t2d[2*8]; + sp_digit t1[8 * 4]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8 * 4, heap, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8 * 4, heap, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif (void)heap; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 8; - t2 = d + 2 * 8; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 8; sp_256_sqr_8(t1, point->y); (void)sp_256_mod_8(t1, t1, p256_mod); @@ -23142,10 +22971,9 @@ static int sp_256_ecc_is_point_8(const sp_point_256* point, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -23160,14 +22988,21 @@ static int sp_256_ecc_is_point_8(const sp_point_256* point, */ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 pubd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* pub = NULL; +#else + sp_point_256 pub[1]; +#endif + const byte one[1] = { 1 }; + int err = MP_OKAY; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; #endif - sp_point_256* pub; - byte one[1] = { 1 }; - int err; - err = sp_256_point_new_8(NULL, pubd, pub); if (err == MP_OKAY) { sp_256_from_mp(pub->x, 8, pX); sp_256_from_mp(pub->y, 8, pY); @@ -23176,7 +23011,10 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) err = sp_256_ecc_is_point_8(pub, NULL); } - sp_256_point_free_8(pub, 0, NULL); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -23195,45 +23033,45 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, const mp_int* privm, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit privd[8]; - sp_point_256 pubd; - sp_point_256 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* priv = NULL; - sp_point_256* pub; - sp_point_256* p = NULL; - byte one[1] = { 1 }; - int err; - - err = sp_256_point_new_8(heap, pubd, pub); - if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY && privm) { - priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap, - DYNAMIC_TYPE_ECC); - if (priv == NULL) { - err = MEMORY_E; - } - } + sp_point_256* pub = NULL; +#else + sp_digit priv[8]; + sp_point_256 pub[2]; #endif + sp_point_256* p = NULL; + const byte one[1] = { 1 }; + int err = MP_OKAY; + /* Quick check the lengs of public key ordinates and private key are in * range. Proper check later. */ - if ((err == MP_OKAY) && ((mp_count_bits(pX) > 256) || + if (((mp_count_bits(pX) > 256) || (mp_count_bits(pY) > 256) || ((privm != NULL) && (mp_count_bits(privm) > 256)))) { err = ECC_OUT_OF_RANGE_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - priv = privd; + pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY && privm) { + priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap, + DYNAMIC_TYPE_ECC); + if (priv == NULL) + err = MEMORY_E; + } #endif + if (err == MP_OKAY) { + p = pub + 1; + sp_256_from_mp(pub->x, 8, pX); sp_256_from_mp(pub->y, 8, pY); sp_256_from_bin(pub->z, 8, one, (int)sizeof(one)); @@ -23282,13 +23120,12 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (priv != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + if (priv != NULL) XFREE(priv, heap, DYNAMIC_TYPE_ECC); - } #endif - sp_256_point_free_8(p, 0, heap); - sp_256_point_free_8(pub, 0, heap); return err; } @@ -23312,33 +23149,35 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* qX, mp_int* qY, mp_int* qZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 8 * 5]; - sp_point_256 pd; - sp_point_256 qd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_256* p; + sp_point_256* p = NULL; +#else + sp_digit tmp[2 * 8 * 5]; + sp_point_256 p[2]; +#endif sp_point_256* q = NULL; int err; - err = sp_256_point_new_8(NULL, pd, p); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_256_point_new_8(NULL, qd, q); + p = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, NULL, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (tmp == NULL) { err = MEMORY_E; } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { + q = p + 1; + sp_256_from_mp(p->x, 8, pX); sp_256_from_mp(p->y, 8, pY); sp_256_from_mp(p->z, 8, pZ); @@ -23359,13 +23198,12 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_256_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(q, 0, NULL); - sp_256_point_free_8(p, 0, NULL); return err; } @@ -23384,25 +23222,28 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 8 * 2]; - sp_point_256 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_256* p; - int err; + sp_point_256* p = NULL; +#else + sp_digit tmp[2 * 8 * 2]; + sp_point_256 p[1]; +#endif + int err = MP_OKAY; - err = sp_256_point_new_8(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 2, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { @@ -23423,12 +23264,12 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_256_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(p, 0, NULL); return err; } @@ -23443,25 +23284,29 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, */ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 8 * 4]; - sp_point_256 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_256* p; - int err; + sp_point_256* p = NULL; +#else + sp_digit tmp[2 * 8 * 4]; + sp_point_256 p[1]; +#endif + int err = MP_OKAY; - err = sp_256_point_new_8(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 4, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { sp_256_from_mp(p->x, 8, pX); @@ -23481,12 +23326,12 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) err = sp_256_to_mp(p->z, pZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(p, 0, NULL); return err; } @@ -23499,31 +23344,23 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) */ static int sp_256_mont_sqrt_8(sp_digit* y) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2 * 8]; - sp_digit t2d[2 * 8]; + sp_digit t1[4 * 8]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC); + if (t1 == NULL) { err = MEMORY_E; } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 8; - t2 = d + 2 * 8; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 8; { /* t2 = y ^ 0x2 */ @@ -23558,10 +23395,9 @@ static int sp_256_mont_sqrt_8(sp_digit* y) } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -23577,31 +23413,22 @@ static int sp_256_mont_sqrt_8(sp_digit* y) */ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; -#else - sp_digit xd[2 * 8]; - sp_digit yd[2 * 8]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* x = NULL; +#else + sp_digit x[4 * 8]; +#endif sp_digit* y = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC); + if (x == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - x = d + 0 * 8; - y = d + 2 * 8; -#else - x = xd; - y = yd; -#endif + y = x + 2 * 8; sp_256_from_mp(x, 8, xm); err = sp_256_mod_mul_norm_8(x, x, p256_mod); @@ -23634,10 +23461,9 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) err = sp_256_to_mp(y, ym); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (x != NULL) + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -24189,64 +24015,6 @@ SP_NOINLINE static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, } #endif /* WOLFSSL_SP_SMALL */ -/* Create a new point. - * - * heap [in] Buffer to allocate dynamic memory from. - * sp [in] Data for point - only if not allocating. - * p [out] New point. - * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise. - */ -static int sp_384_point_new_ex_12(void* heap, sp_point_384* sp, - sp_point_384** p) -{ - int ret = MP_OKAY; - (void)heap; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - (void)sp; - *p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC); -#else - *p = sp; -#endif - if (*p == NULL) { - ret = MEMORY_E; - } - return ret; -} - -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* Allocate memory for point and return error. */ -#define sp_384_point_new_12(heap, sp, p) sp_384_point_new_ex_12((heap), NULL, &(p)) -#else -/* Set pointer to data and return no error. */ -#define sp_384_point_new_12(heap, sp, p) sp_384_point_new_ex_12((heap), &(sp), &(p)) -#endif - - -/* Free the point. - * - * p [in,out] Point to free. - * clear [in] Indicates whether to zeroize point. - * heap [in] Buffer from which dynamic memory was allocate from. - */ -static void sp_384_point_free_12(sp_point_384* p, int clear, void* heap) -{ -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* If valid pointer then clear point data if requested and free data. */ - if (p != NULL) { - if (clear != 0) { - XMEMSET(p, 0, sizeof(*p)); - } - XFREE(p, heap, DYNAMIC_TYPE_ECC); - } -#else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { - XMEMSET(p, 0, sizeof(*p)); - } -#endif - (void)heap; -} - /* Multiply a number by Montogmery normalizer mod modulus (prime). * * r The resulting Montgomery form number. @@ -24256,8 +24024,8 @@ static void sp_384_point_free_12(sp_point_384* p, int clear, void* heap) */ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit* m) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - int64_t* t; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + int64_t* t = NULL; #else int64_t t[12]; #endif @@ -24266,7 +24034,7 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t = (int64_t*)XMALLOC(sizeof(int64_t) * 12, NULL, DYNAMIC_TYPE_ECC); if (t == NULL) { err = MEMORY_E; @@ -24341,7 +24109,7 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit r[11] = t[11]; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (t != NULL) XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif @@ -25756,56 +25524,55 @@ static void sp_384_get_point_16_12(sp_point_384* r, const sp_point_384* table, static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 td[16]; - sp_point_384 rtd; - sp_digit tmpd[2 * 12 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* t = NULL; + sp_digit* tmp = NULL; +#else + sp_point_384 t[16]; + sp_digit tmp[2 * 12 * 6]; +#endif + sp_point_384* rt = NULL; #ifndef WC_NO_CACHE_RESISTANT - sp_point_384 pd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* p = NULL; +#else + sp_point_384 p[1]; #endif -#endif - sp_point_384* t; - sp_point_384* rt; -#ifndef WC_NO_CACHE_RESISTANT - sp_point_384* p; -#endif - sp_digit* tmp; +#endif /* !WC_NO_CACHE_RESISTANT */ sp_digit n; int i; int c; int y; - int err; + int err = MP_OKAY; /* Constant time used for cache attack resistance implementation. */ (void)ct; (void)heap; - err = sp_384_point_new_12(heap, rtd, rt); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -#ifndef WC_NO_CACHE_RESISTANT - t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 17, heap, DYNAMIC_TYPE_ECC); -#else - t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 16, heap, DYNAMIC_TYPE_ECC); -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 16, + heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; -#else - t = td; - tmp = tmpd; + #ifndef WC_NO_CACHE_RESISTANT + if (err == MP_OKAY) { + p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), + heap, DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } + #endif + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap, + DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { -#ifndef WC_NO_CACHE_RESISTANT - #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - p = t + 16; - #else - p = &pd; - #endif -#endif + rt = t + 16; + /* t[0] = {0, 0, 1} * norm */ XMEMSET(&t[0], 0, sizeof(t[0])); t[0].infinity = 1; @@ -25893,20 +25660,35 @@ static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, con } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { - XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 12 * 6); - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); - } - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_point_384) * 16); - XFREE(t, heap, DYNAMIC_TYPE_ECC); - } -#else - ForceZero(tmpd, sizeof(tmpd)); - ForceZero(td, sizeof(td)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) #endif - sp_384_point_free_12(rt, 1, heap); + { + ForceZero(tmp, sizeof(sp_digit) * 2 * 12 * 6); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + #endif + } +#ifndef WC_NO_CACHE_RESISTANT + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (p != NULL) + #endif + { + ForceZero(p, sizeof(sp_point_384)); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(p, heap, DYNAMIC_TYPE_ECC); + #endif + } +#endif /* !WC_NO_CACHE_RESISTANT */ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) +#endif + { + ForceZero(t, sizeof(sp_point_384) * 17); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(t, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -26130,29 +25912,30 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r, const sp_point_384* p, static int sp_384_gen_stripe_table_12(const sp_point_384* a, sp_table_entry_384* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 td; - sp_point_384 s1d; - sp_point_384 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* t = NULL; +#else + sp_point_384 t[3]; #endif - sp_point_384* t; sp_point_384* s1 = NULL; sp_point_384* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_384_point_new_12(heap, td, t); - if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_384_mod_mul_norm_12(t->x, a->x, p384_mod); } if (err == MP_OKAY) { @@ -26197,9 +25980,10 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a, } } - sp_384_point_free_12(s2, 0, heap); - sp_384_point_free_12(s1, 0, heap); - sp_384_point_free_12( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -26291,19 +26075,19 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, const sp_table_entry_384* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 rtd; - sp_point_384 pd; - sp_digit td[2 * 12 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_384 rt[2]; + sp_digit t[2 * 12 * 6]; #endif - sp_point_384* rt; sp_point_384* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -26311,21 +26095,22 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, (void)heap; - err = sp_384_point_new_12(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p384_norm_mod, sizeof(p384_norm_mod)); XMEMCPY(rt->z, p384_norm_mod, sizeof(p384_norm_mod)); @@ -26376,13 +26161,12 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(p, 0, heap); - sp_384_point_free_12(rt, 0, heap); return err; } @@ -26548,29 +26332,30 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g, const sp static int sp_384_gen_stripe_table_12(const sp_point_384* a, sp_table_entry_384* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 td; - sp_point_384 s1d; - sp_point_384 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* t = NULL; +#else + sp_point_384 t[3]; #endif - sp_point_384* t; sp_point_384* s1 = NULL; sp_point_384* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_384_point_new_12(heap, td, t); - if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_384_mod_mul_norm_12(t->x, a->x, p384_mod); } if (err == MP_OKAY) { @@ -26615,9 +26400,10 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a, } } - sp_384_point_free_12(s2, 0, heap); - sp_384_point_free_12(s1, 0, heap); - sp_384_point_free_12( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -26709,19 +26495,19 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, const sp_table_entry_384* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 rtd; - sp_point_384 pd; - sp_digit td[2 * 12 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_384 rt[2]; + sp_digit t[2 * 12 * 6]; #endif - sp_point_384* rt; sp_point_384* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -26729,21 +26515,22 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, (void)heap; - err = sp_384_point_new_12(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p384_norm_mod, sizeof(p384_norm_mod)); XMEMCPY(rt->z, p384_norm_mod, sizeof(p384_norm_mod)); @@ -26794,13 +26581,12 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(p, 0, heap); - sp_384_point_free_12(rt, 0, heap); return err; } @@ -26964,25 +26750,28 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g, const sp int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[12]; -#endif - sp_point_384* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[1]; + sp_digit k[12]; +#endif int err = MP_OKAY; - err = sp_384_point_new_12(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_384_from_mp(k, 12, km); sp_384_point_from_ecc_point_12(point, gm); @@ -26993,12 +26782,12 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, err = sp_384_point_to_ecc_point_12(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(point, 0, heap); return err; } @@ -27018,37 +26807,35 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_point_384 a; - sp_digit kd[12]; - sp_digit t[12 * 2 * 6]; -#endif - sp_point_384* point; - sp_point_384* addP = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[2]; + sp_digit k[12 + 12 * 2 * 6]; +#endif + sp_point_384* addP = NULL; sp_digit* tmp = NULL; int err = MP_OKAY; - err = sp_384_point_new_12(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (12 + 12 * 2 * 6), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (12 + 12 * 2 * 6), heap, + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 12; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 12; + sp_384_from_mp(k, 12, km); sp_384_point_from_ecc_point_12(point, gm); sp_384_point_from_ecc_point_12(addP, am); @@ -27075,13 +26862,12 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, err = sp_384_point_to_ecc_point_12(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(addP, 0, heap); - sp_384_point_free_12(point, 0, heap); return err; } @@ -28515,26 +28301,28 @@ static int sp_384_ecc_mulmod_base_12(sp_point_384* r, const sp_digit* k, */ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[12]; -#endif - sp_point_384* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[1]; + sp_digit k[12]; +#endif int err = MP_OKAY; - err = sp_384_point_new_12(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_384_from_mp(k, 12, km); @@ -28544,12 +28332,12 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) err = sp_384_point_to_ecc_point_12(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(point, 0, heap); return err; } @@ -28568,37 +28356,35 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_point_384 a; - sp_digit kd[12]; - sp_digit t[12 * 2 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; + sp_digit* k = NULL; +#else + sp_point_384 point[2]; + sp_digit k[12 + 12 * 2 * 6]; #endif - sp_point_384* point; sp_point_384* addP = NULL; sp_digit* tmp = NULL; - sp_digit* k = NULL; int err = MP_OKAY; - err = sp_384_point_new_12(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (12 + 12 * 2 * 6), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (12 + 12 * 2 * 6), + heap, DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 12; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 12; + sp_384_from_mp(k, 12, km); sp_384_point_from_ecc_point_12(addP, am); } @@ -28624,13 +28410,12 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, err = sp_384_point_to_ecc_point_12(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(addP, 0, heap); - sp_384_point_free_12(point, 0, heap); return err; } @@ -28774,41 +28559,46 @@ static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k) */ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[12]; -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_point_384 inf; -#endif -#endif - sp_point_384* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + sp_point_384 point[2]; + #else + sp_point_384 point[1]; + #endif + sp_digit k[12]; +#endif #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN sp_point_384* infinity = NULL; #endif - int err; + int err = MP_OKAY; + (void)heap; - err = sp_384_point_new_12(heap, p, point); -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, inf, infinity); - } -#endif -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, DYNAMIC_TYPE_ECC); + #else + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC); + #endif + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif if (err == MP_OKAY) { + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + infinity = point + 1; + #endif + err = sp_384_ecc_gen_k_12(rng, k); } if (err == MP_OKAY) { @@ -28833,15 +28623,14 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_384_point_to_ecc_point_12(point, pub); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); + if (point != NULL) { + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); } #endif -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_384_point_free_12(infinity, 1, heap); -#endif - sp_384_point_free_12(point, 1, heap); return err; } @@ -28902,30 +28691,32 @@ static void sp_384_to_bin(sp_digit* r, byte* a) int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, word32* outLen, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[12]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[1]; + sp_digit k[12]; +#endif int err = MP_OKAY; if (*outLen < 48U) { err = BUFFER_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, p, point); + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif if (err == MP_OKAY) { @@ -28938,12 +28729,12 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, *outLen = 48; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(point, 0, heap); return err; } @@ -29754,22 +29545,17 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit ed[2*12]; - sp_digit xd[2*12]; - sp_digit kd[2*12]; - sp_digit rd[2*12]; - sp_digit td[3 * 2*12]; - sp_point_384 p; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* e = NULL; + sp_point_384* point = NULL; +#else + sp_digit e[7 * 2 * 12]; + sp_point_384 point[1]; +#endif sp_digit* x = NULL; sp_digit* k = NULL; sp_digit* r = NULL; sp_digit* tmp = NULL; - sp_point_384* point = NULL; sp_digit* s = NULL; int32_t c; int err = MP_OKAY; @@ -29777,31 +29563,26 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, (void)heap; - err = sp_384_point_new_12(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 12, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 12, heap, + DYNAMIC_TYPE_ECC); + if (e == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - e = d + 0 * 12; - x = d + 2 * 12; - k = d + 4 * 12; - r = d + 6 * 12; - tmp = d + 8 * 12; -#else - e = ed; - x = xd; - k = kd; - r = rd; - tmp = td; -#endif + x = e + 2 * 12; + k = e + 4 * 12; + r = e + 6 * 12; + tmp = e + 8 * 12; s = e; if (hashLen > 48U) { @@ -29856,19 +29637,24 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, err = sp_384_to_mp(s, sm); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 8 * 12); - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 2U * 12U); - XMEMSET(x, 0, sizeof(sp_digit) * 2U * 12U); - XMEMSET(k, 0, sizeof(sp_digit) * 2U * 12U); - XMEMSET(r, 0, sizeof(sp_digit) * 2U * 12U); - XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 12U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (e != NULL) #endif - sp_384_point_free_12(point, 1, heap); + { + ForceZero(e, sizeof(sp_digit) * 7 * 2 * 12); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(e, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (point != NULL) +#endif + { + ForceZero(point, sizeof(sp_point_384)); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(point, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -30948,52 +30734,41 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, int* res, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit u1d[2*12]; - sp_digit u2d[2*12]; - sp_digit sd[2*12]; - sp_digit tmpd[2*12 * 5]; - sp_point_384 p1d; - sp_point_384 p2d; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* u1 = NULL; + sp_point_384* p1 = NULL; +#else + sp_digit u1[16 * 12]; + sp_point_384 p1[2]; +#endif sp_digit* u2 = NULL; sp_digit* s = NULL; sp_digit* tmp = NULL; - sp_point_384* p1; sp_point_384* p2 = NULL; sp_digit carry; int32_t c = 0; - int err; + int err = MP_OKAY; - err = sp_384_point_new_12(heap, p1d, p1); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, p2d, p2); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 12, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + p1 = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (p1 == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 12, heap, + DYNAMIC_TYPE_ECC); + if (u1 == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - u1 = d + 0 * 12; - u2 = d + 2 * 12; - s = d + 4 * 12; - tmp = d + 6 * 12; -#else - u1 = u1d; - u2 = u2d; - s = sd; - tmp = tmpd; -#endif + u2 = u1 + 2 * 12; + s = u1 + 4 * 12; + tmp = u1 + 6 * 12; + p2 = p1 + 1; if (hashLen > 48U) { hashLen = 48U; @@ -31044,12 +30819,12 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) - XFREE(d, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (u1 != NULL) + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + if (p1 != NULL) + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(p1, 0, heap); - sp_384_point_free_12(p2, 0, heap); return err; } @@ -31066,32 +30841,23 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, static int sp_384_ecc_is_point_12(const sp_point_384* point, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2*12]; - sp_digit t2d[2*12]; + sp_digit t1[12 * 4]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12 * 4, heap, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12 * 4, heap, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif (void)heap; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 12; - t2 = d + 2 * 12; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 12; sp_384_sqr_12(t1, point->y); (void)sp_384_mod_12(t1, t1, p384_mod); @@ -31111,10 +30877,9 @@ static int sp_384_ecc_is_point_12(const sp_point_384* point, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -31129,14 +30894,21 @@ static int sp_384_ecc_is_point_12(const sp_point_384* point, */ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 pubd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* pub = NULL; +#else + sp_point_384 pub[1]; +#endif + const byte one[1] = { 1 }; + int err = MP_OKAY; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; #endif - sp_point_384* pub; - byte one[1] = { 1 }; - int err; - err = sp_384_point_new_12(NULL, pubd, pub); if (err == MP_OKAY) { sp_384_from_mp(pub->x, 12, pX); sp_384_from_mp(pub->y, 12, pY); @@ -31145,7 +30917,10 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) err = sp_384_ecc_is_point_12(pub, NULL); } - sp_384_point_free_12(pub, 0, NULL); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -31164,45 +30939,45 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, const mp_int* privm, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit privd[12]; - sp_point_384 pubd; - sp_point_384 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* priv = NULL; - sp_point_384* pub; - sp_point_384* p = NULL; - byte one[1] = { 1 }; - int err; - - err = sp_384_point_new_12(heap, pubd, pub); - if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY && privm) { - priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap, - DYNAMIC_TYPE_ECC); - if (priv == NULL) { - err = MEMORY_E; - } - } + sp_point_384* pub = NULL; +#else + sp_digit priv[12]; + sp_point_384 pub[2]; #endif + sp_point_384* p = NULL; + const byte one[1] = { 1 }; + int err = MP_OKAY; + /* Quick check the lengs of public key ordinates and private key are in * range. Proper check later. */ - if ((err == MP_OKAY) && ((mp_count_bits(pX) > 384) || + if (((mp_count_bits(pX) > 384) || (mp_count_bits(pY) > 384) || ((privm != NULL) && (mp_count_bits(privm) > 384)))) { err = ECC_OUT_OF_RANGE_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - priv = privd; + pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY && privm) { + priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap, + DYNAMIC_TYPE_ECC); + if (priv == NULL) + err = MEMORY_E; + } #endif + if (err == MP_OKAY) { + p = pub + 1; + sp_384_from_mp(pub->x, 12, pX); sp_384_from_mp(pub->y, 12, pY); sp_384_from_bin(pub->z, 12, one, (int)sizeof(one)); @@ -31251,13 +31026,12 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (priv != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + if (priv != NULL) XFREE(priv, heap, DYNAMIC_TYPE_ECC); - } #endif - sp_384_point_free_12(p, 0, heap); - sp_384_point_free_12(pub, 0, heap); return err; } @@ -31281,33 +31055,35 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* qX, mp_int* qY, mp_int* qZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 12 * 5]; - sp_point_384 pd; - sp_point_384 qd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_384* p; + sp_point_384* p = NULL; +#else + sp_digit tmp[2 * 12 * 5]; + sp_point_384 p[2]; +#endif sp_point_384* q = NULL; int err; - err = sp_384_point_new_12(NULL, pd, p); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_384_point_new_12(NULL, qd, q); + p = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 5, NULL, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (tmp == NULL) { err = MEMORY_E; } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { + q = p + 1; + sp_384_from_mp(p->x, 12, pX); sp_384_from_mp(p->y, 12, pY); sp_384_from_mp(p->z, 12, pZ); @@ -31328,13 +31104,12 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_384_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(q, 0, NULL); - sp_384_point_free_12(p, 0, NULL); return err; } @@ -31353,25 +31128,28 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 12 * 2]; - sp_point_384 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_384* p; - int err; + sp_point_384* p = NULL; +#else + sp_digit tmp[2 * 12 * 2]; + sp_point_384 p[1]; +#endif + int err = MP_OKAY; - err = sp_384_point_new_12(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 2, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { @@ -31392,12 +31170,12 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_384_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(p, 0, NULL); return err; } @@ -31412,25 +31190,29 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, */ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 12 * 6]; - sp_point_384 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_384* p; - int err; + sp_point_384* p = NULL; +#else + sp_digit tmp[2 * 12 * 6]; + sp_point_384 p[1]; +#endif + int err = MP_OKAY; - err = sp_384_point_new_12(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { sp_384_from_mp(p->x, 12, pX); @@ -31450,12 +31232,12 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) err = sp_384_to_mp(p->z, pZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(p, 0, NULL); return err; } @@ -31468,43 +31250,28 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) */ static int sp_384_mont_sqrt_12(sp_digit* y) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2 * 12]; - sp_digit t2d[2 * 12]; - sp_digit t3d[2 * 12]; - sp_digit t4d[2 * 12]; - sp_digit t5d[2 * 12]; + sp_digit t1[5 * 2 * 12]; #endif - sp_digit* t1; - sp_digit* t2; - sp_digit* t3; - sp_digit* t4; - sp_digit* t5; + sp_digit* t2 = NULL; + sp_digit* t3 = NULL; + sp_digit* t4 = NULL; + sp_digit* t5 = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 12, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 12, NULL, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 12; - t2 = d + 2 * 12; - t3 = d + 4 * 12; - t4 = d + 6 * 12; - t5 = d + 8 * 12; -#else - t1 = t1d; - t2 = t2d; - t3 = t3d; - t4 = t4d; - t5 = t5d; -#endif + t2 = t1 + 2 * 12; + t3 = t1 + 4 * 12; + t4 = t1 + 6 * 12; + t5 = t1 + 8 * 12; { /* t2 = y ^ 0x2 */ @@ -31564,10 +31331,9 @@ static int sp_384_mont_sqrt_12(sp_digit* y) } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -31583,31 +31349,22 @@ static int sp_384_mont_sqrt_12(sp_digit* y) */ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; -#else - sp_digit xd[2 * 12]; - sp_digit yd[2 * 12]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* x = NULL; +#else + sp_digit x[4 * 12]; +#endif sp_digit* y = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 12, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 12, NULL, DYNAMIC_TYPE_ECC); + if (x == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - x = d + 0 * 12; - y = d + 2 * 12; -#else - x = xd; - y = yd; -#endif + y = x + 2 * 12; sp_384_from_mp(x, 12, xm); err = sp_384_mod_mul_norm_12(x, x, p384_mod); @@ -31640,10 +31397,9 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) err = sp_384_to_mp(y, ym); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (x != NULL) + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -33171,6 +32927,8 @@ static int sp_1024_mod_mul_norm_32(sp_digit* r, const sp_digit* a, return sp_1024_mod_32(r, r, m); } + +#ifdef WOLFCRYPT_HAVE_SAKKE /* Create a new point. * * heap [in] Buffer to allocate dynamic memory from. @@ -33202,8 +32960,8 @@ static int sp_1024_point_new_ex_32(void* heap, sp_point_1024* sp, /* Set pointer to data and return no error. */ #define sp_1024_point_new_32(heap, sp, p) sp_1024_point_new_ex_32((heap), &(sp), &(p)) #endif - - +#endif /* WOLFCRYPT_HAVE_SAKKE */ +#ifdef WOLFCRYPT_HAVE_SAKKE /* Free the point. * * p [in,out] Point to free. @@ -33228,6 +32986,7 @@ static void sp_1024_point_free_32(sp_point_1024* p, int clear, void* heap) #endif (void)heap; } +#endif /* WOLFCRYPT_HAVE_SAKKE */ /* Convert an mp_int to an array of sp_digit. * @@ -36276,43 +36035,40 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r, static int sp_1024_ecc_mulmod_fast_32(sp_point_1024* r, const sp_point_1024* g, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 td[16]; - sp_point_1024 rtd; - sp_digit tmpd[2 * 32 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* t = NULL; + sp_digit* tmp = NULL; +#else + sp_point_1024 t[16]; + sp_digit tmp[2 * 32 * 5]; #endif - sp_point_1024* t; - sp_point_1024* rt; - sp_digit* tmp; + sp_point_1024* rt = NULL; sp_digit n; int i; int c; int y; - int err; + int err = MP_OKAY; /* Constant time used for cache attack resistance implementation. */ (void)ct; (void)heap; - err = sp_1024_point_new_32(heap, rtd, rt); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -#ifndef WC_NO_CACHE_RESISTANT - t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 17, heap, DYNAMIC_TYPE_ECC); -#else - t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 16, heap, DYNAMIC_TYPE_ECC); -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 16, + heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; -#else - t = td; - tmp = tmpd; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap, + DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { + rt = t + 16; + /* t[0] = {0, 0, 1} * norm */ XMEMSET(&t[0], 0, sizeof(t[0])); t[0].infinity = 1; @@ -36380,20 +36136,24 @@ static int sp_1024_ecc_mulmod_fast_32(sp_point_1024* r, const sp_point_1024* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { - XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 32 * 5); - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); - } - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_point_1024) * 16); - XFREE(t, heap, DYNAMIC_TYPE_ECC); - } -#else - ForceZero(tmpd, sizeof(tmpd)); - ForceZero(td, sizeof(td)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) #endif - sp_1024_point_free_32(rt, 1, heap); + { + ForceZero(tmp, sizeof(sp_digit) * 2 * 32 * 5); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) +#endif + { + ForceZero(t, sizeof(sp_point_1024) * 17); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(t, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -36617,29 +36377,30 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r, const sp_point_1024* static int sp_1024_gen_stripe_table_32(const sp_point_1024* a, sp_table_entry_1024* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 td; - sp_point_1024 s1d; - sp_point_1024 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* t = NULL; +#else + sp_point_1024 t[3]; #endif - sp_point_1024* t; sp_point_1024* s1 = NULL; sp_point_1024* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_1024_point_new_32(heap, td, t); - if (err == MP_OKAY) { - err = sp_1024_point_new_32(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_1024_point_new_32(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_1024_mod_mul_norm_32(t->x, a->x, p1024_mod); } if (err == MP_OKAY) { @@ -36684,9 +36445,10 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a, } } - sp_1024_point_free_32(s2, 0, heap); - sp_1024_point_free_32(s1, 0, heap); - sp_1024_point_free_32( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -36712,19 +36474,19 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g const sp_table_entry_1024* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 rtd; - sp_point_1024 pd; - sp_digit td[2 * 32 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_1024 rt[2]; + sp_digit t[2 * 32 * 5]; #endif - sp_point_1024* rt; sp_point_1024* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -36732,21 +36494,22 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g (void)heap; - err = sp_1024_point_new_32(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_1024_point_new_32(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p1024_norm_mod, sizeof(p1024_norm_mod)); XMEMCPY(rt->z, p1024_norm_mod, sizeof(p1024_norm_mod)); @@ -36782,13 +36545,12 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_32(p, 0, heap); - sp_1024_point_free_32(rt, 0, heap); return err; } @@ -36954,29 +36716,30 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g, const static int sp_1024_gen_stripe_table_32(const sp_point_1024* a, sp_table_entry_1024* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 td; - sp_point_1024 s1d; - sp_point_1024 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* t = NULL; +#else + sp_point_1024 t[3]; #endif - sp_point_1024* t; sp_point_1024* s1 = NULL; sp_point_1024* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_1024_point_new_32(heap, td, t); - if (err == MP_OKAY) { - err = sp_1024_point_new_32(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_1024_point_new_32(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_1024_mod_mul_norm_32(t->x, a->x, p1024_mod); } if (err == MP_OKAY) { @@ -37021,9 +36784,10 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a, } } - sp_1024_point_free_32(s2, 0, heap); - sp_1024_point_free_32(s1, 0, heap); - sp_1024_point_free_32( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -37049,19 +36813,19 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g const sp_table_entry_1024* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 rtd; - sp_point_1024 pd; - sp_digit td[2 * 32 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_1024 rt[2]; + sp_digit t[2 * 32 * 5]; #endif - sp_point_1024* rt; sp_point_1024* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -37069,21 +36833,22 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g (void)heap; - err = sp_1024_point_new_32(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_1024_point_new_32(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p1024_norm_mod, sizeof(p1024_norm_mod)); XMEMCPY(rt->z, p1024_norm_mod, sizeof(p1024_norm_mod)); @@ -37119,13 +36884,12 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_32(p, 0, heap); - sp_1024_point_free_32(rt, 0, heap); return err; } @@ -37289,25 +37053,28 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g, const int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_digit kd[32]; -#endif - sp_point_1024* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; sp_digit* k = NULL; +#else + sp_point_1024 point[1]; + sp_digit k[32]; +#endif int err = MP_OKAY; - err = sp_1024_point_new_32(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_1024_from_mp(k, 32, km); sp_1024_point_from_ecc_point_32(point, gm); @@ -37318,12 +37085,12 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, err = sp_1024_point_to_ecc_point_32(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_32(point, 0, heap); return err; } @@ -40917,26 +40684,28 @@ static int sp_1024_ecc_mulmod_base_32(sp_point_1024* r, const sp_digit* k, */ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_digit kd[32]; -#endif - sp_point_1024* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; sp_digit* k = NULL; +#else + sp_point_1024 point[1]; + sp_digit k[32]; +#endif int err = MP_OKAY; - err = sp_1024_point_new_32(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_1024_from_mp(k, 32, km); @@ -40946,12 +40715,12 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) err = sp_1024_point_to_ecc_point_32(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_32(point, 0, heap); return err; } @@ -40970,37 +40739,35 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_point_1024 a; - sp_digit kd[32]; - sp_digit t[32 * 2 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; + sp_digit* k = NULL; +#else + sp_point_1024 point[2]; + sp_digit k[32 + 32 * 2 * 5]; #endif - sp_point_1024* point; sp_point_1024* addP = NULL; sp_digit* tmp = NULL; - sp_digit* k = NULL; int err = MP_OKAY; - err = sp_1024_point_new_32(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_1024_point_new_32(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 + 32 * 2 * 5), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (32 + 32 * 2 * 5), + heap, DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 32; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 32; + sp_1024_from_mp(k, 32, km); sp_1024_point_from_ecc_point_32(addP, am); } @@ -41026,13 +40793,12 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, err = sp_1024_point_to_ecc_point_32(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_32(addP, 0, heap); - sp_1024_point_free_32(point, 0, heap); return err; } @@ -41050,29 +40816,43 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, void* heap) { - int err = 0; -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_point_1024* point = NULL; + sp_digit* t = NULL; +#else + sp_point_1024 point[1]; sp_digit t[5 * 2 * 32]; +#endif + int err = MP_OKAY; if ((gm == NULL) || (len == NULL)) { err = BAD_FUNC_ARG; } - if ((err == 0) && (table == NULL)) { + if ((err == MP_OKAY) && (table == NULL)) { *len = sizeof(sp_table_entry_1024) * 256; err = LENGTH_ONLY_E; } - if ((err == 0) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { + if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { err = BUFFER_E; } - if (err == 0) { - err = sp_1024_point_new_32(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; } - if (err == 0) { + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 32, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; + } +#endif + + if (err == MP_OKAY) { sp_1024_point_from_ecc_point_32(point, gm); err = sp_1024_gen_stripe_table_32(point, (sp_table_entry_1024*)table, t, heap); @@ -41081,7 +40861,12 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, *len = sizeof(sp_table_entry_1024) * 256; } - sp_1024_point_free_32(point, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -41134,24 +40919,28 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_digit kd[32]; -#endif - sp_point_1024* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; sp_digit* k = NULL; +#else + sp_point_1024 point[1]; + sp_digit k[32]; +#endif int err = MP_OKAY; - err = sp_1024_point_new_32(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap, DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_1024_from_mp(k, 32, km); sp_1024_point_from_ecc_point_32(point, gm); @@ -41168,12 +40957,12 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, err = sp_1024_point_to_ecc_point_32(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_32(point, 0, heap); return err; } @@ -44624,33 +44413,24 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n) static int sp_1024_ecc_is_point_32(const sp_point_1024* point, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2*32]; - sp_digit t2d[2*32]; + sp_digit t1[32 * 4]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int32_t n; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 4, heap, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 4, heap, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif (void)heap; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 32; - t2 = d + 2 * 32; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 32; sp_1024_sqr_32(t1, point->y); (void)sp_1024_mod_32(t1, t1, p1024_mod); @@ -44674,10 +44454,9 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -44692,14 +44471,21 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point, */ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 pubd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* pub = NULL; +#else + sp_point_1024 pub[1]; +#endif + const byte one[1] = { 1 }; + int err = MP_OKAY; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), NULL, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; #endif - sp_point_1024* pub; - byte one[1] = { 1 }; - int err; - err = sp_1024_point_new_32(NULL, pubd, pub); if (err == MP_OKAY) { sp_1024_from_mp(pub->x, 32, pX); sp_1024_from_mp(pub->y, 32, pY); @@ -44708,7 +44494,10 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) err = sp_1024_ecc_is_point_32(pub, NULL); } - sp_1024_point_free_32(pub, 0, NULL); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -44727,45 +44516,45 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, const mp_int* privm, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit privd[32]; - sp_point_1024 pubd; - sp_point_1024 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* priv = NULL; - sp_point_1024* pub; - sp_point_1024* p = NULL; - byte one[1] = { 1 }; - int err; - - err = sp_1024_point_new_32(heap, pubd, pub); - if (err == MP_OKAY) { - err = sp_1024_point_new_32(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY && privm) { - priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap, - DYNAMIC_TYPE_ECC); - if (priv == NULL) { - err = MEMORY_E; - } - } + sp_point_1024* pub = NULL; +#else + sp_digit priv[32]; + sp_point_1024 pub[2]; #endif + sp_point_1024* p = NULL; + const byte one[1] = { 1 }; + int err = MP_OKAY; + /* Quick check the lengs of public key ordinates and private key are in * range. Proper check later. */ - if ((err == MP_OKAY) && ((mp_count_bits(pX) > 1024) || + if (((mp_count_bits(pX) > 1024) || (mp_count_bits(pY) > 1024) || ((privm != NULL) && (mp_count_bits(privm) > 1024)))) { err = ECC_OUT_OF_RANGE_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - priv = privd; + pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY && privm) { + priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap, + DYNAMIC_TYPE_ECC); + if (priv == NULL) + err = MEMORY_E; + } #endif + if (err == MP_OKAY) { + p = pub + 1; + sp_1024_from_mp(pub->x, 32, pX); sp_1024_from_mp(pub->y, 32, pY); sp_1024_from_bin(pub->z, 32, one, (int)sizeof(one)); @@ -44814,13 +44603,12 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (priv != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + if (priv != NULL) XFREE(priv, heap, DYNAMIC_TYPE_ECC); - } #endif - sp_1024_point_free_32(p, 0, heap); - sp_1024_point_free_32(pub, 0, heap); return err; } diff --git a/wolfcrypt/src/sp_c32.c b/wolfcrypt/src/sp_c32.c index 890e1006f..089b7f1d2 100644 --- a/wolfcrypt/src/sp_c32.c +++ b/wolfcrypt/src/sp_c32.c @@ -1797,40 +1797,29 @@ static int sp_2048_div_45(const sp_digit* a, const sp_digit* d, #endif sp_digit dv; sp_digit r1; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[90 + 1]; - sp_digit t2d[45 + 1]; - sp_digit sdd[45 + 1]; + sp_digit t1[4 * 45 + 3]; #endif - sp_digit* t1; - sp_digit* t2; - sp_digit* sd; + sp_digit* t2 = NULL; + sp_digit* sd = NULL; int err = MP_OKAY; (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 45 + 3), NULL, +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 45 + 3), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (t1 == NULL) err = MEMORY_E; - } #endif (void)m; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = td; - t2 = td + 90 + 1; + t2 = t1 + 90 + 1; sd = t2 + 45 + 1; -#else - t1 = t1d; - t2 = t2d; - sd = sdd; -#endif sp_2048_mul_d_45(sd, d, 1L << 11); sp_2048_mul_d_90(t1, a, 1L << 11); @@ -1877,10 +1866,9 @@ static int sp_2048_div_45(const sp_digit* a, const sp_digit* d, sp_2048_rshift_45(r, r, 11); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -1911,13 +1899,13 @@ static int sp_2048_mod_exp_45(sp_digit* r, const sp_digit* a, const sp_digit* e, const sp_digit* m, int reduceA) { #ifdef WOLFSSL_SP_SMALL -#if !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* td = NULL; #else sp_digit td[3 * 90]; #endif - sp_digit* t[3]; - sp_digit* norm; + sp_digit* t[3] = {0, 0, 0}; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -1925,22 +1913,17 @@ static int sp_2048_mod_exp_45(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; -#if !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 45 * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<3; i++) { -#if !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + (i * 45 * 2); -#else - t[i] = &td[i * 45 * 2]; -#endif XMEMSET(t[i], 0, sizeof(sp_digit) * 45U * 2U); } @@ -1995,21 +1978,20 @@ static int sp_2048_mod_exp_45(sp_digit* r, const sp_digit* a, const sp_digit* e, } -#if !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; #elif !defined(WC_NO_CACHE_RESISTANT) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[3 * 90]; #endif - sp_digit* t[3]; - sp_digit* norm; + sp_digit* t[3] = {0, 0, 0}; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -2017,22 +1999,17 @@ static int sp_2048_mod_exp_45(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 45 * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<3; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + (i * 45 * 2); -#else - t[i] = &td[i * 45 * 2]; -#endif } sp_2048_mont_setup(m, &mp); @@ -2086,22 +2063,21 @@ static int sp_2048_mod_exp_45(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMCPY(r, t[0], sizeof(*r) * 45 * 2); } -#ifdef WOLFSSL_SMALL_STACK - if (td != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; #else #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[(32 * 90) + 90]; #endif sp_digit* t[32]; sp_digit* rt = NULL; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -2112,22 +2088,15 @@ static int sp_2048_mod_exp_45(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 90) + 90), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) for (i=0; i<32; i++) t[i] = td + i * 90; rt = td + 2880; -#else - for (i=0; i<32; i++) - t[i] = &td[i * 90]; - rt = &td[2880]; -#endif sp_2048_mont_setup(m, &mp); sp_2048_mont_norm_45(norm, m); @@ -2224,9 +2193,8 @@ static int sp_2048_mod_exp_45(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -2716,40 +2684,29 @@ static int sp_2048_div_90(const sp_digit* a, const sp_digit* d, #endif sp_digit dv; sp_digit r1; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[180 + 1]; - sp_digit t2d[90 + 1]; - sp_digit sdd[90 + 1]; + sp_digit t1[4 * 90 + 3]; #endif - sp_digit* t1; - sp_digit* t2; - sp_digit* sd; + sp_digit* t2 = NULL; + sp_digit* sd = NULL; int err = MP_OKAY; (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 90 + 3), NULL, +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 90 + 3), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (t1 == NULL) err = MEMORY_E; - } #endif (void)m; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = td; - t2 = td + 180 + 1; + t2 = t1 + 180 + 1; sd = t2 + 90 + 1; -#else - t1 = t1d; - t2 = t2d; - sd = sdd; -#endif sp_2048_mul_d_90(sd, d, 1L << 22); sp_2048_mul_d_180(t1, a, 1L << 22); @@ -2796,10 +2753,9 @@ static int sp_2048_div_90(const sp_digit* a, const sp_digit* d, sp_2048_rshift_90(r, r, 22); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -2832,13 +2788,13 @@ static int sp_2048_mod_exp_90(sp_digit* r, const sp_digit* a, const sp_digit* e, const sp_digit* m, int reduceA) { #ifdef WOLFSSL_SP_SMALL -#if !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* td = NULL; #else sp_digit td[3 * 180]; #endif - sp_digit* t[3]; - sp_digit* norm; + sp_digit* t[3] = {0, 0, 0}; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -2846,22 +2802,17 @@ static int sp_2048_mod_exp_90(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; -#if !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 90 * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<3; i++) { -#if !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + (i * 90 * 2); -#else - t[i] = &td[i * 90 * 2]; -#endif XMEMSET(t[i], 0, sizeof(sp_digit) * 90U * 2U); } @@ -2916,21 +2867,20 @@ static int sp_2048_mod_exp_90(sp_digit* r, const sp_digit* a, const sp_digit* e, } -#if !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; #elif !defined(WC_NO_CACHE_RESISTANT) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[3 * 180]; #endif - sp_digit* t[3]; - sp_digit* norm; + sp_digit* t[3] = {0, 0, 0}; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -2938,22 +2888,17 @@ static int sp_2048_mod_exp_90(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 90 * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<3; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + (i * 90 * 2); -#else - t[i] = &td[i * 90 * 2]; -#endif } sp_2048_mont_setup(m, &mp); @@ -3007,22 +2952,21 @@ static int sp_2048_mod_exp_90(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMCPY(r, t[0], sizeof(*r) * 90 * 2); } -#ifdef WOLFSSL_SMALL_STACK - if (td != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; #else #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[(32 * 180) + 180]; #endif sp_digit* t[32]; sp_digit* rt = NULL; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -3033,22 +2977,15 @@ static int sp_2048_mod_exp_90(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 180) + 180), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) for (i=0; i<32; i++) t[i] = td + i * 180; rt = td + 5760; -#else - for (i=0; i<32; i++) - t[i] = &td[i * 180]; - rt = &td[5760]; -#endif sp_2048_mont_setup(m, &mp); sp_2048_mont_norm_90(norm, m); @@ -3145,9 +3082,8 @@ static int sp_2048_mod_exp_90(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -3173,8 +3109,11 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, const mp_int* mm, byte* out, word32* outLen) { #ifdef WOLFSSL_SP_SMALL - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[90 * 5]; +#endif sp_digit* m = NULL; sp_digit* r = NULL; sp_digit* norm = NULL; @@ -3202,15 +3141,16 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 90 * 5, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 90 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) + if (a == NULL) err = MEMORY_E; } +#endif if (err == MP_OKAY) { - a = d; r = a + 90 * 2; m = r + 90 * 2; norm = r; @@ -3263,18 +3203,17 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, *outLen = 256; } - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); +#endif return err; #else -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit ad[180]; - sp_digit md[90]; - sp_digit rd[180]; -#else +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[90 * 5]; #endif sp_digit* a = NULL; sp_digit* m = NULL; @@ -3300,27 +3239,20 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 90 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) { + if (d == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { a = d; r = a + 90 * 2; m = r + 90 * 2; - } -#else - a = ad; - m = md; - r = rd; -#endif - if (err == MP_OKAY) { sp_2048_from_bin(a, 90, in, inLen); #if DIGIT_BIT >= 23 e[0] = (sp_digit)em->dp[0]; @@ -3384,10 +3316,9 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, *outLen = 256; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } #endif return err; @@ -3419,9 +3350,13 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, const mp_int* qim, const mp_int* mm, byte* out, word32* outLen) { #if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM) -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* a = NULL; +#if defined(WOLFSSL_SP_SMALL) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[90 * 4]; +#endif + sp_digit* a = NULL; sp_digit* m = NULL; sp_digit* r = NULL; int err = MP_OKAY; @@ -3450,13 +3385,15 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 90 * 4, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) { + if (d == NULL) err = MEMORY_E; - } } +#endif + if (err == MP_OKAY) { a = d + 90; m = a + 180; @@ -3467,22 +3404,34 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, sp_2048_from_mp(m, 90, mm); err = sp_2048_mod_exp_90(r, a, d, 2048, m, 0); } + if (err == MP_OKAY) { sp_2048_to_bin(r, out); *outLen = 256; } - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 90); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) +#endif + { + /* only "a" and "r" are sensitive and need zeroized (same pointer) */ + if (a != NULL) + ForceZero(a, sizeof(sp_digit) * 90); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#endif } return err; #else - sp_digit a[180]; - sp_digit d[90]; - sp_digit m[90]; - sp_digit* r = a; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* d = NULL; +#else + sp_digit d[90 * 4]; +#endif + sp_digit* a = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; int err = MP_OKAY; (void)pm; @@ -3509,7 +3458,20 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { + d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 90 * 4, NULL, + DYNAMIC_TYPE_RSA); + if (d == NULL) + err = MEMORY_E; + } +#endif + + if (err == MP_OKAY) { + a = d + 90; + m = a + 180; + r = a; + sp_2048_from_bin(a, 90, in, inLen); sp_2048_from_mp(d, 90, dm); sp_2048_from_mp(m, 90, mm); @@ -3521,14 +3483,27 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, *outLen = 256; } - XMEMSET(d, 0, sizeof(sp_digit) * 90); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) +#endif + { + /* only "a" and "r" are sensitive and need zeroized (same pointer) */ + if (a != NULL) + ForceZero(a, sizeof(sp_digit) * 90); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#endif + } return err; -#endif /* WOLFSSL_SP_SMALL | defined(WOLFSSL_SMALL_STACK) */ +#endif /* WOLFSSL_SP_SMALL */ #else -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* t = NULL; +#if defined(WOLFSSL_SP_SMALL) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[45 * 11]; +#endif sp_digit* p = NULL; sp_digit* q = NULL; sp_digit* dp = NULL; @@ -3557,22 +3532,21 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 45 * 11, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 45 * 11, NULL, DYNAMIC_TYPE_RSA); - if (t == NULL) { + if (a == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { - a = t; p = a + 90 * 2; q = p + 45; qi = dq = dp = q + 45; tmpa = qi + 45; tmpb = tmpa + 90; - - r = t + 90; + r = a + 90; sp_2048_from_bin(a, 90, in, inLen); sp_2048_from_mp(p, 45, pm); @@ -3603,22 +3577,31 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, *outLen = 256; } - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_digit) * 45 * 11); - XFREE(t, NULL, DYNAMIC_TYPE_RSA); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) +#endif + { + ForceZero(a, sizeof(sp_digit) * 45 * 11); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); +#endif } return err; #else - sp_digit a[90 * 2]; - sp_digit p[45]; - sp_digit q[45]; - sp_digit dp[45]; - sp_digit dq[45]; - sp_digit qi[45]; - sp_digit tmpa[90]; - sp_digit tmpb[90]; - sp_digit* r = a; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* a = NULL; +#else + sp_digit a[45 * 13]; +#endif + sp_digit* p = NULL; + sp_digit* q = NULL; + sp_digit* dp = NULL; + sp_digit* dq = NULL; + sp_digit* qi = NULL; + sp_digit* tmpa = NULL; + sp_digit* tmpb = NULL; + sp_digit* r = NULL; int err = MP_OKAY; (void)dm; @@ -3639,7 +3622,25 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 45 * 13, NULL, + DYNAMIC_TYPE_RSA); + if (a == NULL) + err = MEMORY_E; + } +#endif + + if (err == MP_OKAY) { + p = a + 90 * 2; + q = p + 45; + dp = q + 45; + dq = dp + 45; + qi = dq + 45; + tmpa = qi + 45; + tmpb = tmpa + 90; + r = a; + sp_2048_from_bin(a, 90, in, inLen); sp_2048_from_mp(p, 45, pm); sp_2048_from_mp(q, 45, qm); @@ -3670,17 +3671,19 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, *outLen = 256; } - XMEMSET(tmpa, 0, sizeof(tmpa)); - XMEMSET(tmpb, 0, sizeof(tmpb)); - XMEMSET(p, 0, sizeof(p)); - XMEMSET(q, 0, sizeof(q)); - XMEMSET(dp, 0, sizeof(dp)); - XMEMSET(dq, 0, sizeof(dq)); - XMEMSET(qi, 0, sizeof(qi)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) +if (a != NULL) +#endif + { + ForceZero(a, sizeof(sp_digit) * 45 * 13); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); + #endif + } return err; -#endif /* WOLFSSL_SP_SMALL | defined(WOLFSSL_SMALL_STACK) */ -#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */ +#endif /* WOLFSSL_SP_SMALL */ +#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */ } #endif /* !WOLFSSL_RSA_PUBLIC_ONLY */ @@ -3769,11 +3772,14 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod, { #ifdef WOLFSSL_SP_SMALL int err = MP_OKAY; - sp_digit* d = NULL; - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; +#else + sp_digit b[90 * 4]; +#endif + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; int expBits = mp_count_bits(exp); if (mp_count_bits(base) > 2048) { @@ -3789,16 +3795,16 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod, err = MP_VAL; } - +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 90 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) { + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 90 * 4, NULL, + DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { - b = d; e = b + 90 * 2; m = e + 90; r = b; @@ -3814,23 +3820,27 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod, err = sp_2048_to_mp(r, res); } - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 90U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) +#endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 90U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif } return err; #else -#ifndef WOLFSSL_SMALL_STACK - sp_digit bd[180]; - sp_digit ed[90]; - sp_digit md[90]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; #else - sp_digit* d = NULL; + sp_digit b[90 * 4]; #endif - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; int err = MP_OKAY; int expBits = mp_count_bits(exp); @@ -3847,26 +3857,19 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod, err = MP_VAL; } -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 90 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 90 * 4, NULL, DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - b = d; - e = b + 90 * 2; - m = e + 90; - r = b; - } -#else - r = b = bd; - e = ed; - m = md; #endif if (err == MP_OKAY) { + e = b + 90 * 2; + m = e + 90; + r = b; + sp_2048_from_mp(b, 90, base); sp_2048_from_mp(e, 90, exp); sp_2048_from_mp(m, 90, mod); @@ -3879,14 +3882,17 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod, } -#ifdef WOLFSSL_SMALL_STACK - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 90U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 90U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) #endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 90U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif + } return err; #endif @@ -4104,12 +4110,12 @@ SP_NOINLINE static void sp_2048_lshift_90(sp_digit* r, const sp_digit* a, static int sp_2048_mod_exp_2_90(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[271]; #endif - sp_digit* norm; - sp_digit* tmp; + sp_digit* norm = NULL; + sp_digit* tmp = NULL; sp_digit mp = 1; sp_digit n; sp_digit o; @@ -4121,20 +4127,14 @@ static int sp_2048_mod_exp_2_90(sp_digit* r, const sp_digit* e, int bits, const #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 271, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) tmp = td + 180; XMEMSET(td, 0, sizeof(sp_digit) * 271); -#else - tmp = &td[180]; - XMEMSET(td, 0, sizeof(td)); -#endif sp_2048_mont_setup(m, &mp); sp_2048_mont_norm_90(norm, m); @@ -4192,9 +4192,8 @@ static int sp_2048_mod_exp_2_90(sp_digit* r, const sp_digit* e, int bits, const } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -4219,11 +4218,14 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen, { #ifdef WOLFSSL_SP_SMALL int err = MP_OKAY; - sp_digit* d = NULL; - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; +#else + sp_digit b[90 * 4]; +#endif + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; word32 i; if (mp_count_bits(base) > 2048) { @@ -4239,15 +4241,15 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen, err = MP_VAL; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 90 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) { + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 90 * 4, NULL, DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { - b = d; e = b + 90 * 2; m = e + 90; r = b; @@ -4275,23 +4277,27 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen, XMEMMOVE(out, out + i, *outLen); } - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 90U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) +#endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 90U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif } return err; #else -#ifndef WOLFSSL_SMALL_STACK - sp_digit bd[180]; - sp_digit ed[90]; - sp_digit md[90]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; #else - sp_digit* d = NULL; + sp_digit b[90 * 4]; #endif - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; word32 i; int err = MP_OKAY; @@ -4308,26 +4314,20 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen, err = MP_VAL; } -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 90 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 90 * 4, NULL, + DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - b = d; - e = b + 90 * 2; - m = e + 90; - r = b; - } -#else - r = b = bd; - e = ed; - m = md; #endif if (err == MP_OKAY) { + e = b + 90 * 2; + m = e + 90; + r = b; + sp_2048_from_mp(b, 90, base); sp_2048_from_bin(e, 90, exp, expLen); sp_2048_from_mp(m, 90, mod); @@ -4355,14 +4355,17 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen, XMEMMOVE(out, out + i, *outLen); } -#ifdef WOLFSSL_SMALL_STACK - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 90U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 90U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) #endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 90U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif + } return err; #endif @@ -4383,11 +4386,14 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod, { #ifdef WOLFSSL_SP_SMALL int err = MP_OKAY; - sp_digit* d = NULL; - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; +#else + sp_digit b[45 * 4]; +#endif + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; int expBits = mp_count_bits(exp); if (mp_count_bits(base) > 1024) { @@ -4403,16 +4409,16 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod, err = MP_VAL; } - +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 45 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) { + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 45 * 4, NULL, + DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { - b = d; e = b + 45 * 2; m = e + 45; r = b; @@ -4429,23 +4435,27 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod, err = sp_2048_to_mp(r, res); } - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 45U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) +#endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 90U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif } return err; #else -#ifndef WOLFSSL_SMALL_STACK - sp_digit bd[90]; - sp_digit ed[45]; - sp_digit md[45]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; #else - sp_digit* d = NULL; + sp_digit b[45 * 4]; #endif - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; int err = MP_OKAY; int expBits = mp_count_bits(exp); @@ -4462,26 +4472,19 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod, err = MP_VAL; } -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 45 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 45 * 4, NULL, DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - b = d; - e = b + 45 * 2; - m = e + 45; - r = b; - } -#else - r = b = bd; - e = ed; - m = md; #endif if (err == MP_OKAY) { + e = b + 45 * 2; + m = e + 45; + r = b; + sp_2048_from_mp(b, 45, base); sp_2048_from_mp(e, 45, exp); sp_2048_from_mp(m, 45, mod); @@ -4495,14 +4498,17 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod, } -#ifdef WOLFSSL_SMALL_STACK - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 45U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 45U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) #endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 90U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif + } return err; #endif @@ -5662,34 +5668,25 @@ static int sp_3072_div_67(const sp_digit* a, const sp_digit* d, #endif sp_digit dv; sp_digit r1; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[134]; - sp_digit t2d[67 + 1]; + sp_digit t1[3 * 67 + 1]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 67 + 1), NULL, +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 67 + 1), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (t1 == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = td; - t2 = td + 2 * 67; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 67; dv = d[66]; XMEMCPY(t1, a, sizeof(*t1) * 2U * 67U); @@ -5732,10 +5729,9 @@ static int sp_3072_div_67(const sp_digit* a, const sp_digit* d, (sp_digit)1 : (sp_digit)0)); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5766,13 +5762,13 @@ static int sp_3072_mod_exp_67(sp_digit* r, const sp_digit* a, const sp_digit* e, const sp_digit* m, int reduceA) { #ifdef WOLFSSL_SP_SMALL -#if !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* td = NULL; #else sp_digit td[3 * 134]; #endif - sp_digit* t[3]; - sp_digit* norm; + sp_digit* t[3] = {0, 0, 0}; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -5780,22 +5776,17 @@ static int sp_3072_mod_exp_67(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; -#if !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 67 * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<3; i++) { -#if !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + (i * 67 * 2); -#else - t[i] = &td[i * 67 * 2]; -#endif XMEMSET(t[i], 0, sizeof(sp_digit) * 67U * 2U); } @@ -5850,21 +5841,20 @@ static int sp_3072_mod_exp_67(sp_digit* r, const sp_digit* a, const sp_digit* e, } -#if !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; #elif !defined(WC_NO_CACHE_RESISTANT) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[3 * 134]; #endif - sp_digit* t[3]; - sp_digit* norm; + sp_digit* t[3] = {0, 0, 0}; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -5872,22 +5862,17 @@ static int sp_3072_mod_exp_67(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 67 * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<3; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + (i * 67 * 2); -#else - t[i] = &td[i * 67 * 2]; -#endif } sp_3072_mont_setup(m, &mp); @@ -5941,22 +5926,21 @@ static int sp_3072_mod_exp_67(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMCPY(r, t[0], sizeof(*r) * 67 * 2); } -#ifdef WOLFSSL_SMALL_STACK - if (td != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; #else #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[(32 * 134) + 134]; #endif sp_digit* t[32]; sp_digit* rt = NULL; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -5967,22 +5951,15 @@ static int sp_3072_mod_exp_67(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 134) + 134), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) for (i=0; i<32; i++) t[i] = td + i * 134; rt = td + 4288; -#else - for (i=0; i<32; i++) - t[i] = &td[i * 134]; - rt = &td[4288]; -#endif sp_3072_mont_setup(m, &mp); sp_3072_mont_norm_67(norm, m); @@ -6079,9 +6056,8 @@ static int sp_3072_mod_exp_67(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -6603,40 +6579,29 @@ static int sp_3072_div_134(const sp_digit* a, const sp_digit* d, #endif sp_digit dv; sp_digit r1; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[268 + 1]; - sp_digit t2d[134 + 1]; - sp_digit sdd[134 + 1]; + sp_digit t1[4 * 134 + 3]; #endif - sp_digit* t1; - sp_digit* t2; - sp_digit* sd; + sp_digit* t2 = NULL; + sp_digit* sd = NULL; int err = MP_OKAY; (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 134 + 3), NULL, +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 134 + 3), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (t1 == NULL) err = MEMORY_E; - } #endif (void)m; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = td; - t2 = td + 268 + 1; + t2 = t1 + 268 + 1; sd = t2 + 134 + 1; -#else - t1 = t1d; - t2 = t2d; - sd = sdd; -#endif sp_3072_mul_d_134(sd, d, 1L << 10); sp_3072_mul_d_268(t1, a, 1L << 10); @@ -6683,10 +6648,9 @@ static int sp_3072_div_134(const sp_digit* a, const sp_digit* d, sp_3072_rshift_134(r, r, 10); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -6719,13 +6683,13 @@ static int sp_3072_mod_exp_134(sp_digit* r, const sp_digit* a, const sp_digit* e const sp_digit* m, int reduceA) { #ifdef WOLFSSL_SP_SMALL -#if !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* td = NULL; #else sp_digit td[3 * 268]; #endif - sp_digit* t[3]; - sp_digit* norm; + sp_digit* t[3] = {0, 0, 0}; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -6733,22 +6697,17 @@ static int sp_3072_mod_exp_134(sp_digit* r, const sp_digit* a, const sp_digit* e byte y; int err = MP_OKAY; -#if !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 134 * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<3; i++) { -#if !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + (i * 134 * 2); -#else - t[i] = &td[i * 134 * 2]; -#endif XMEMSET(t[i], 0, sizeof(sp_digit) * 134U * 2U); } @@ -6803,21 +6762,20 @@ static int sp_3072_mod_exp_134(sp_digit* r, const sp_digit* a, const sp_digit* e } -#if !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; #elif !defined(WC_NO_CACHE_RESISTANT) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[3 * 268]; #endif - sp_digit* t[3]; - sp_digit* norm; + sp_digit* t[3] = {0, 0, 0}; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -6825,22 +6783,17 @@ static int sp_3072_mod_exp_134(sp_digit* r, const sp_digit* a, const sp_digit* e byte y; int err = MP_OKAY; -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 134 * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<3; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + (i * 134 * 2); -#else - t[i] = &td[i * 134 * 2]; -#endif } sp_3072_mont_setup(m, &mp); @@ -6894,22 +6847,21 @@ static int sp_3072_mod_exp_134(sp_digit* r, const sp_digit* a, const sp_digit* e XMEMCPY(r, t[0], sizeof(*r) * 134 * 2); } -#ifdef WOLFSSL_SMALL_STACK - if (td != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; #else #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[(32 * 268) + 268]; #endif sp_digit* t[32]; sp_digit* rt = NULL; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -6920,22 +6872,15 @@ static int sp_3072_mod_exp_134(sp_digit* r, const sp_digit* a, const sp_digit* e #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 268) + 268), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) for (i=0; i<32; i++) t[i] = td + i * 268; rt = td + 8576; -#else - for (i=0; i<32; i++) - t[i] = &td[i * 268]; - rt = &td[8576]; -#endif sp_3072_mont_setup(m, &mp); sp_3072_mont_norm_134(norm, m); @@ -7032,9 +6977,8 @@ static int sp_3072_mod_exp_134(sp_digit* r, const sp_digit* a, const sp_digit* e } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -7060,8 +7004,11 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, const mp_int* mm, byte* out, word32* outLen) { #ifdef WOLFSSL_SP_SMALL - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[134 * 5]; +#endif sp_digit* m = NULL; sp_digit* r = NULL; sp_digit* norm = NULL; @@ -7089,15 +7036,16 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 134 * 5, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 134 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) + if (a == NULL) err = MEMORY_E; } +#endif if (err == MP_OKAY) { - a = d; r = a + 134 * 2; m = r + 134 * 2; norm = r; @@ -7150,18 +7098,17 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, *outLen = 384; } - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); +#endif return err; #else -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit ad[268]; - sp_digit md[134]; - sp_digit rd[268]; -#else +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[134 * 5]; #endif sp_digit* a = NULL; sp_digit* m = NULL; @@ -7187,27 +7134,20 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 134 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) { + if (d == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { a = d; r = a + 134 * 2; m = r + 134 * 2; - } -#else - a = ad; - m = md; - r = rd; -#endif - if (err == MP_OKAY) { sp_3072_from_bin(a, 134, in, inLen); #if DIGIT_BIT >= 23 e[0] = (sp_digit)em->dp[0]; @@ -7271,10 +7211,9 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, *outLen = 384; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } #endif return err; @@ -7306,9 +7245,13 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, const mp_int* qim, const mp_int* mm, byte* out, word32* outLen) { #if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM) -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* a = NULL; +#if defined(WOLFSSL_SP_SMALL) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[134 * 4]; +#endif + sp_digit* a = NULL; sp_digit* m = NULL; sp_digit* r = NULL; int err = MP_OKAY; @@ -7337,13 +7280,15 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 134 * 4, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) { + if (d == NULL) err = MEMORY_E; - } } +#endif + if (err == MP_OKAY) { a = d + 134; m = a + 268; @@ -7354,22 +7299,34 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, sp_3072_from_mp(m, 134, mm); err = sp_3072_mod_exp_134(r, a, d, 3072, m, 0); } + if (err == MP_OKAY) { sp_3072_to_bin(r, out); *outLen = 384; } - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 134); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) +#endif + { + /* only "a" and "r" are sensitive and need zeroized (same pointer) */ + if (a != NULL) + ForceZero(a, sizeof(sp_digit) * 134); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#endif } return err; #else - sp_digit a[268]; - sp_digit d[134]; - sp_digit m[134]; - sp_digit* r = a; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* d = NULL; +#else + sp_digit d[134 * 4]; +#endif + sp_digit* a = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; int err = MP_OKAY; (void)pm; @@ -7396,7 +7353,20 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { + d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 134 * 4, NULL, + DYNAMIC_TYPE_RSA); + if (d == NULL) + err = MEMORY_E; + } +#endif + + if (err == MP_OKAY) { + a = d + 134; + m = a + 268; + r = a; + sp_3072_from_bin(a, 134, in, inLen); sp_3072_from_mp(d, 134, dm); sp_3072_from_mp(m, 134, mm); @@ -7408,14 +7378,27 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, *outLen = 384; } - XMEMSET(d, 0, sizeof(sp_digit) * 134); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) +#endif + { + /* only "a" and "r" are sensitive and need zeroized (same pointer) */ + if (a != NULL) + ForceZero(a, sizeof(sp_digit) * 134); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#endif + } return err; -#endif /* WOLFSSL_SP_SMALL | defined(WOLFSSL_SMALL_STACK) */ +#endif /* WOLFSSL_SP_SMALL */ #else -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* t = NULL; +#if defined(WOLFSSL_SP_SMALL) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[67 * 11]; +#endif sp_digit* p = NULL; sp_digit* q = NULL; sp_digit* dp = NULL; @@ -7444,22 +7427,21 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 67 * 11, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 67 * 11, NULL, DYNAMIC_TYPE_RSA); - if (t == NULL) { + if (a == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { - a = t; p = a + 134 * 2; q = p + 67; qi = dq = dp = q + 67; tmpa = qi + 67; tmpb = tmpa + 134; - - r = t + 134; + r = a + 134; sp_3072_from_bin(a, 134, in, inLen); sp_3072_from_mp(p, 67, pm); @@ -7490,22 +7472,31 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, *outLen = 384; } - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_digit) * 67 * 11); - XFREE(t, NULL, DYNAMIC_TYPE_RSA); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) +#endif + { + ForceZero(a, sizeof(sp_digit) * 67 * 11); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); +#endif } return err; #else - sp_digit a[134 * 2]; - sp_digit p[67]; - sp_digit q[67]; - sp_digit dp[67]; - sp_digit dq[67]; - sp_digit qi[67]; - sp_digit tmpa[134]; - sp_digit tmpb[134]; - sp_digit* r = a; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* a = NULL; +#else + sp_digit a[67 * 13]; +#endif + sp_digit* p = NULL; + sp_digit* q = NULL; + sp_digit* dp = NULL; + sp_digit* dq = NULL; + sp_digit* qi = NULL; + sp_digit* tmpa = NULL; + sp_digit* tmpb = NULL; + sp_digit* r = NULL; int err = MP_OKAY; (void)dm; @@ -7526,7 +7517,25 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 67 * 13, NULL, + DYNAMIC_TYPE_RSA); + if (a == NULL) + err = MEMORY_E; + } +#endif + + if (err == MP_OKAY) { + p = a + 134 * 2; + q = p + 67; + dp = q + 67; + dq = dp + 67; + qi = dq + 67; + tmpa = qi + 67; + tmpb = tmpa + 134; + r = a; + sp_3072_from_bin(a, 134, in, inLen); sp_3072_from_mp(p, 67, pm); sp_3072_from_mp(q, 67, qm); @@ -7557,17 +7566,19 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, *outLen = 384; } - XMEMSET(tmpa, 0, sizeof(tmpa)); - XMEMSET(tmpb, 0, sizeof(tmpb)); - XMEMSET(p, 0, sizeof(p)); - XMEMSET(q, 0, sizeof(q)); - XMEMSET(dp, 0, sizeof(dp)); - XMEMSET(dq, 0, sizeof(dq)); - XMEMSET(qi, 0, sizeof(qi)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) +if (a != NULL) +#endif + { + ForceZero(a, sizeof(sp_digit) * 67 * 13); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); + #endif + } return err; -#endif /* WOLFSSL_SP_SMALL | defined(WOLFSSL_SMALL_STACK) */ -#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */ +#endif /* WOLFSSL_SP_SMALL */ +#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */ } #endif /* !WOLFSSL_RSA_PUBLIC_ONLY */ @@ -7656,11 +7667,14 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod, { #ifdef WOLFSSL_SP_SMALL int err = MP_OKAY; - sp_digit* d = NULL; - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; +#else + sp_digit b[134 * 4]; +#endif + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; int expBits = mp_count_bits(exp); if (mp_count_bits(base) > 3072) { @@ -7676,16 +7690,16 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod, err = MP_VAL; } - +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 134 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) { + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 134 * 4, NULL, + DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { - b = d; e = b + 134 * 2; m = e + 134; r = b; @@ -7701,23 +7715,27 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod, err = sp_3072_to_mp(r, res); } - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 134U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) +#endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 134U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif } return err; #else -#ifndef WOLFSSL_SMALL_STACK - sp_digit bd[268]; - sp_digit ed[134]; - sp_digit md[134]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; #else - sp_digit* d = NULL; + sp_digit b[134 * 4]; #endif - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; int err = MP_OKAY; int expBits = mp_count_bits(exp); @@ -7734,26 +7752,19 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod, err = MP_VAL; } -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 134 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 134 * 4, NULL, DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - b = d; - e = b + 134 * 2; - m = e + 134; - r = b; - } -#else - r = b = bd; - e = ed; - m = md; #endif if (err == MP_OKAY) { + e = b + 134 * 2; + m = e + 134; + r = b; + sp_3072_from_mp(b, 134, base); sp_3072_from_mp(e, 134, exp); sp_3072_from_mp(m, 134, mod); @@ -7766,14 +7777,17 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod, } -#ifdef WOLFSSL_SMALL_STACK - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 134U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 134U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) #endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 134U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif + } return err; #endif @@ -8079,12 +8093,12 @@ SP_NOINLINE static void sp_3072_lshift_134(sp_digit* r, const sp_digit* a, static int sp_3072_mod_exp_2_134(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[403]; #endif - sp_digit* norm; - sp_digit* tmp; + sp_digit* norm = NULL; + sp_digit* tmp = NULL; sp_digit mp = 1; sp_digit n; sp_digit o; @@ -8096,20 +8110,14 @@ static int sp_3072_mod_exp_2_134(sp_digit* r, const sp_digit* e, int bits, const #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 403, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) tmp = td + 268; XMEMSET(td, 0, sizeof(sp_digit) * 403); -#else - tmp = &td[268]; - XMEMSET(td, 0, sizeof(td)); -#endif sp_3072_mont_setup(m, &mp); sp_3072_mont_norm_134(norm, m); @@ -8167,9 +8175,8 @@ static int sp_3072_mod_exp_2_134(sp_digit* r, const sp_digit* e, int bits, const } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -8194,11 +8201,14 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen, { #ifdef WOLFSSL_SP_SMALL int err = MP_OKAY; - sp_digit* d = NULL; - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; +#else + sp_digit b[134 * 4]; +#endif + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; word32 i; if (mp_count_bits(base) > 3072) { @@ -8214,15 +8224,15 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen, err = MP_VAL; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 134 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) { + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 134 * 4, NULL, DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { - b = d; e = b + 134 * 2; m = e + 134; r = b; @@ -8250,23 +8260,27 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen, XMEMMOVE(out, out + i, *outLen); } - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 134U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) +#endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 134U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif } return err; #else -#ifndef WOLFSSL_SMALL_STACK - sp_digit bd[268]; - sp_digit ed[134]; - sp_digit md[134]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; #else - sp_digit* d = NULL; + sp_digit b[134 * 4]; #endif - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; word32 i; int err = MP_OKAY; @@ -8283,26 +8297,20 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen, err = MP_VAL; } -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 134 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 134 * 4, NULL, + DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - b = d; - e = b + 134 * 2; - m = e + 134; - r = b; - } -#else - r = b = bd; - e = ed; - m = md; #endif if (err == MP_OKAY) { + e = b + 134 * 2; + m = e + 134; + r = b; + sp_3072_from_mp(b, 134, base); sp_3072_from_bin(e, 134, exp, expLen); sp_3072_from_mp(m, 134, mod); @@ -8330,14 +8338,17 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen, XMEMMOVE(out, out + i, *outLen); } -#ifdef WOLFSSL_SMALL_STACK - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 134U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 134U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) #endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 134U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif + } return err; #endif @@ -8358,11 +8369,14 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod, { #ifdef WOLFSSL_SP_SMALL int err = MP_OKAY; - sp_digit* d = NULL; - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; +#else + sp_digit b[67 * 4]; +#endif + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; int expBits = mp_count_bits(exp); if (mp_count_bits(base) > 1536) { @@ -8378,16 +8392,16 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod, err = MP_VAL; } - +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 67 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) { + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 67 * 4, NULL, + DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { - b = d; e = b + 67 * 2; m = e + 67; r = b; @@ -8404,23 +8418,27 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod, err = sp_3072_to_mp(r, res); } - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 67U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) +#endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 134U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif } return err; #else -#ifndef WOLFSSL_SMALL_STACK - sp_digit bd[134]; - sp_digit ed[67]; - sp_digit md[67]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; #else - sp_digit* d = NULL; + sp_digit b[67 * 4]; #endif - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; int err = MP_OKAY; int expBits = mp_count_bits(exp); @@ -8437,26 +8455,19 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod, err = MP_VAL; } -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 67 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 67 * 4, NULL, DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - b = d; - e = b + 67 * 2; - m = e + 67; - r = b; - } -#else - r = b = bd; - e = ed; - m = md; #endif if (err == MP_OKAY) { + e = b + 67 * 2; + m = e + 67; + r = b; + sp_3072_from_mp(b, 67, base); sp_3072_from_mp(e, 67, exp); sp_3072_from_mp(m, 67, mod); @@ -8470,14 +8481,17 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod, } -#ifdef WOLFSSL_SMALL_STACK - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 67U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 67U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) #endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 134U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif + } return err; #endif @@ -9704,40 +9718,29 @@ static int sp_4096_div_98(const sp_digit* a, const sp_digit* d, #endif sp_digit dv; sp_digit r1; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[196 + 1]; - sp_digit t2d[98 + 1]; - sp_digit sdd[98 + 1]; + sp_digit t1[4 * 98 + 3]; #endif - sp_digit* t1; - sp_digit* t2; - sp_digit* sd; + sp_digit* t2 = NULL; + sp_digit* sd = NULL; int err = MP_OKAY; (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 98 + 3), NULL, +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 98 + 3), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (t1 == NULL) err = MEMORY_E; - } #endif (void)m; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = td; - t2 = td + 196 + 1; + t2 = t1 + 196 + 1; sd = t2 + 98 + 1; -#else - t1 = t1d; - t2 = t2d; - sd = sdd; -#endif sp_4096_mul_d_98(sd, d, 1L << 10); sp_4096_mul_d_196(t1, a, 1L << 10); @@ -9784,10 +9787,9 @@ static int sp_4096_div_98(const sp_digit* a, const sp_digit* d, sp_4096_rshift_98(r, r, 10); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -9818,13 +9820,13 @@ static int sp_4096_mod_exp_98(sp_digit* r, const sp_digit* a, const sp_digit* e, const sp_digit* m, int reduceA) { #ifdef WOLFSSL_SP_SMALL -#if !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* td = NULL; #else sp_digit td[3 * 196]; #endif - sp_digit* t[3]; - sp_digit* norm; + sp_digit* t[3] = {0, 0, 0}; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -9832,22 +9834,17 @@ static int sp_4096_mod_exp_98(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; -#if !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 98 * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<3; i++) { -#if !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + (i * 98 * 2); -#else - t[i] = &td[i * 98 * 2]; -#endif XMEMSET(t[i], 0, sizeof(sp_digit) * 98U * 2U); } @@ -9902,21 +9899,20 @@ static int sp_4096_mod_exp_98(sp_digit* r, const sp_digit* a, const sp_digit* e, } -#if !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; #elif !defined(WC_NO_CACHE_RESISTANT) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[3 * 196]; #endif - sp_digit* t[3]; - sp_digit* norm; + sp_digit* t[3] = {0, 0, 0}; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -9924,22 +9920,17 @@ static int sp_4096_mod_exp_98(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 98 * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<3; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + (i * 98 * 2); -#else - t[i] = &td[i * 98 * 2]; -#endif } sp_4096_mont_setup(m, &mp); @@ -9993,22 +9984,21 @@ static int sp_4096_mod_exp_98(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMCPY(r, t[0], sizeof(*r) * 98 * 2); } -#ifdef WOLFSSL_SMALL_STACK - if (td != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; #else #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[(32 * 196) + 196]; #endif sp_digit* t[32]; sp_digit* rt = NULL; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -10019,22 +10009,15 @@ static int sp_4096_mod_exp_98(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 196) + 196), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) for (i=0; i<32; i++) t[i] = td + i * 196; rt = td + 6272; -#else - for (i=0; i<32; i++) - t[i] = &td[i * 196]; - rt = &td[6272]; -#endif sp_4096_mont_setup(m, &mp); sp_4096_mont_norm_98(norm, m); @@ -10131,9 +10114,8 @@ static int sp_4096_mod_exp_98(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -10640,40 +10622,29 @@ static int sp_4096_div_196(const sp_digit* a, const sp_digit* d, #endif sp_digit dv; sp_digit r1; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[392 + 1]; - sp_digit t2d[196 + 1]; - sp_digit sdd[196 + 1]; + sp_digit t1[4 * 196 + 3]; #endif - sp_digit* t1; - sp_digit* t2; - sp_digit* sd; + sp_digit* t2 = NULL; + sp_digit* sd = NULL; int err = MP_OKAY; (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 196 + 3), NULL, +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 196 + 3), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (t1 == NULL) err = MEMORY_E; - } #endif (void)m; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = td; - t2 = td + 392 + 1; + t2 = t1 + 392 + 1; sd = t2 + 196 + 1; -#else - t1 = t1d; - t2 = t2d; - sd = sdd; -#endif sp_4096_mul_d_196(sd, d, 1L << 20); sp_4096_mul_d_392(t1, a, 1L << 20); @@ -10720,10 +10691,9 @@ static int sp_4096_div_196(const sp_digit* a, const sp_digit* d, sp_4096_rshift_196(r, r, 20); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -10756,13 +10726,13 @@ static int sp_4096_mod_exp_196(sp_digit* r, const sp_digit* a, const sp_digit* e const sp_digit* m, int reduceA) { #ifdef WOLFSSL_SP_SMALL -#if !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* td = NULL; #else sp_digit td[3 * 392]; #endif - sp_digit* t[3]; - sp_digit* norm; + sp_digit* t[3] = {0, 0, 0}; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -10770,22 +10740,17 @@ static int sp_4096_mod_exp_196(sp_digit* r, const sp_digit* a, const sp_digit* e byte y; int err = MP_OKAY; -#if !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 196 * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<3; i++) { -#if !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + (i * 196 * 2); -#else - t[i] = &td[i * 196 * 2]; -#endif XMEMSET(t[i], 0, sizeof(sp_digit) * 196U * 2U); } @@ -10840,21 +10805,20 @@ static int sp_4096_mod_exp_196(sp_digit* r, const sp_digit* a, const sp_digit* e } -#if !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; #elif !defined(WC_NO_CACHE_RESISTANT) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[3 * 392]; #endif - sp_digit* t[3]; - sp_digit* norm; + sp_digit* t[3] = {0, 0, 0}; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -10862,22 +10826,17 @@ static int sp_4096_mod_exp_196(sp_digit* r, const sp_digit* a, const sp_digit* e byte y; int err = MP_OKAY; -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 196 * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<3; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + (i * 196 * 2); -#else - t[i] = &td[i * 196 * 2]; -#endif } sp_4096_mont_setup(m, &mp); @@ -10931,22 +10890,21 @@ static int sp_4096_mod_exp_196(sp_digit* r, const sp_digit* a, const sp_digit* e XMEMCPY(r, t[0], sizeof(*r) * 196 * 2); } -#ifdef WOLFSSL_SMALL_STACK - if (td != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; #else #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[(32 * 392) + 392]; #endif sp_digit* t[32]; sp_digit* rt = NULL; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -10957,22 +10915,15 @@ static int sp_4096_mod_exp_196(sp_digit* r, const sp_digit* a, const sp_digit* e #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 392) + 392), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) for (i=0; i<32; i++) t[i] = td + i * 392; rt = td + 12544; -#else - for (i=0; i<32; i++) - t[i] = &td[i * 392]; - rt = &td[12544]; -#endif sp_4096_mont_setup(m, &mp); sp_4096_mont_norm_196(norm, m); @@ -11069,9 +11020,8 @@ static int sp_4096_mod_exp_196(sp_digit* r, const sp_digit* a, const sp_digit* e } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -11097,8 +11047,11 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, const mp_int* mm, byte* out, word32* outLen) { #ifdef WOLFSSL_SP_SMALL - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[196 * 5]; +#endif sp_digit* m = NULL; sp_digit* r = NULL; sp_digit* norm = NULL; @@ -11126,15 +11079,16 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 196 * 5, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 196 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) + if (a == NULL) err = MEMORY_E; } +#endif if (err == MP_OKAY) { - a = d; r = a + 196 * 2; m = r + 196 * 2; norm = r; @@ -11187,18 +11141,17 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, *outLen = 512; } - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); +#endif return err; #else -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit ad[392]; - sp_digit md[196]; - sp_digit rd[392]; -#else +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[196 * 5]; #endif sp_digit* a = NULL; sp_digit* m = NULL; @@ -11224,27 +11177,20 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 196 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) { + if (d == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { a = d; r = a + 196 * 2; m = r + 196 * 2; - } -#else - a = ad; - m = md; - r = rd; -#endif - if (err == MP_OKAY) { sp_4096_from_bin(a, 196, in, inLen); #if DIGIT_BIT >= 21 e[0] = (sp_digit)em->dp[0]; @@ -11308,10 +11254,9 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, *outLen = 512; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } #endif return err; @@ -11343,9 +11288,13 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, const mp_int* qim, const mp_int* mm, byte* out, word32* outLen) { #if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM) -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* a = NULL; +#if defined(WOLFSSL_SP_SMALL) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[196 * 4]; +#endif + sp_digit* a = NULL; sp_digit* m = NULL; sp_digit* r = NULL; int err = MP_OKAY; @@ -11374,13 +11323,15 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 196 * 4, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) { + if (d == NULL) err = MEMORY_E; - } } +#endif + if (err == MP_OKAY) { a = d + 196; m = a + 392; @@ -11391,22 +11342,34 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, sp_4096_from_mp(m, 196, mm); err = sp_4096_mod_exp_196(r, a, d, 4096, m, 0); } + if (err == MP_OKAY) { sp_4096_to_bin(r, out); *outLen = 512; } - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 196); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) +#endif + { + /* only "a" and "r" are sensitive and need zeroized (same pointer) */ + if (a != NULL) + ForceZero(a, sizeof(sp_digit) * 196); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#endif } return err; #else - sp_digit a[392]; - sp_digit d[196]; - sp_digit m[196]; - sp_digit* r = a; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* d = NULL; +#else + sp_digit d[196 * 4]; +#endif + sp_digit* a = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; int err = MP_OKAY; (void)pm; @@ -11433,7 +11396,20 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { + d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 196 * 4, NULL, + DYNAMIC_TYPE_RSA); + if (d == NULL) + err = MEMORY_E; + } +#endif + + if (err == MP_OKAY) { + a = d + 196; + m = a + 392; + r = a; + sp_4096_from_bin(a, 196, in, inLen); sp_4096_from_mp(d, 196, dm); sp_4096_from_mp(m, 196, mm); @@ -11445,14 +11421,27 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, *outLen = 512; } - XMEMSET(d, 0, sizeof(sp_digit) * 196); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) +#endif + { + /* only "a" and "r" are sensitive and need zeroized (same pointer) */ + if (a != NULL) + ForceZero(a, sizeof(sp_digit) * 196); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#endif + } return err; -#endif /* WOLFSSL_SP_SMALL | defined(WOLFSSL_SMALL_STACK) */ +#endif /* WOLFSSL_SP_SMALL */ #else -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* t = NULL; +#if defined(WOLFSSL_SP_SMALL) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[98 * 11]; +#endif sp_digit* p = NULL; sp_digit* q = NULL; sp_digit* dp = NULL; @@ -11481,22 +11470,21 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 98 * 11, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 98 * 11, NULL, DYNAMIC_TYPE_RSA); - if (t == NULL) { + if (a == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { - a = t; p = a + 196 * 2; q = p + 98; qi = dq = dp = q + 98; tmpa = qi + 98; tmpb = tmpa + 196; - - r = t + 196; + r = a + 196; sp_4096_from_bin(a, 196, in, inLen); sp_4096_from_mp(p, 98, pm); @@ -11527,22 +11515,31 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, *outLen = 512; } - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_digit) * 98 * 11); - XFREE(t, NULL, DYNAMIC_TYPE_RSA); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) +#endif + { + ForceZero(a, sizeof(sp_digit) * 98 * 11); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); +#endif } return err; #else - sp_digit a[196 * 2]; - sp_digit p[98]; - sp_digit q[98]; - sp_digit dp[98]; - sp_digit dq[98]; - sp_digit qi[98]; - sp_digit tmpa[196]; - sp_digit tmpb[196]; - sp_digit* r = a; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* a = NULL; +#else + sp_digit a[98 * 13]; +#endif + sp_digit* p = NULL; + sp_digit* q = NULL; + sp_digit* dp = NULL; + sp_digit* dq = NULL; + sp_digit* qi = NULL; + sp_digit* tmpa = NULL; + sp_digit* tmpb = NULL; + sp_digit* r = NULL; int err = MP_OKAY; (void)dm; @@ -11563,7 +11560,25 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 98 * 13, NULL, + DYNAMIC_TYPE_RSA); + if (a == NULL) + err = MEMORY_E; + } +#endif + + if (err == MP_OKAY) { + p = a + 196 * 2; + q = p + 98; + dp = q + 98; + dq = dp + 98; + qi = dq + 98; + tmpa = qi + 98; + tmpb = tmpa + 196; + r = a; + sp_4096_from_bin(a, 196, in, inLen); sp_4096_from_mp(p, 98, pm); sp_4096_from_mp(q, 98, qm); @@ -11594,17 +11609,19 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, *outLen = 512; } - XMEMSET(tmpa, 0, sizeof(tmpa)); - XMEMSET(tmpb, 0, sizeof(tmpb)); - XMEMSET(p, 0, sizeof(p)); - XMEMSET(q, 0, sizeof(q)); - XMEMSET(dp, 0, sizeof(dp)); - XMEMSET(dq, 0, sizeof(dq)); - XMEMSET(qi, 0, sizeof(qi)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) +if (a != NULL) +#endif + { + ForceZero(a, sizeof(sp_digit) * 98 * 13); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); + #endif + } return err; -#endif /* WOLFSSL_SP_SMALL | defined(WOLFSSL_SMALL_STACK) */ -#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */ +#endif /* WOLFSSL_SP_SMALL */ +#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */ } #endif /* !WOLFSSL_RSA_PUBLIC_ONLY */ @@ -11693,11 +11710,14 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod, { #ifdef WOLFSSL_SP_SMALL int err = MP_OKAY; - sp_digit* d = NULL; - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; +#else + sp_digit b[196 * 4]; +#endif + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; int expBits = mp_count_bits(exp); if (mp_count_bits(base) > 4096) { @@ -11713,16 +11733,16 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod, err = MP_VAL; } - +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 196 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) { + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 196 * 4, NULL, + DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { - b = d; e = b + 196 * 2; m = e + 196; r = b; @@ -11738,23 +11758,27 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod, err = sp_4096_to_mp(r, res); } - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 196U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) +#endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 196U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif } return err; #else -#ifndef WOLFSSL_SMALL_STACK - sp_digit bd[392]; - sp_digit ed[196]; - sp_digit md[196]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; #else - sp_digit* d = NULL; + sp_digit b[196 * 4]; #endif - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; int err = MP_OKAY; int expBits = mp_count_bits(exp); @@ -11771,26 +11795,19 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod, err = MP_VAL; } -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 196 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 196 * 4, NULL, DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - b = d; - e = b + 196 * 2; - m = e + 196; - r = b; - } -#else - r = b = bd; - e = ed; - m = md; #endif if (err == MP_OKAY) { + e = b + 196 * 2; + m = e + 196; + r = b; + sp_4096_from_mp(b, 196, base); sp_4096_from_mp(e, 196, exp); sp_4096_from_mp(m, 196, mod); @@ -11803,14 +11820,17 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod, } -#ifdef WOLFSSL_SMALL_STACK - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 196U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 196U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) #endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 196U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif + } return err; #endif @@ -12240,12 +12260,12 @@ SP_NOINLINE static void sp_4096_lshift_196(sp_digit* r, const sp_digit* a, static int sp_4096_mod_exp_2_196(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[589]; #endif - sp_digit* norm; - sp_digit* tmp; + sp_digit* norm = NULL; + sp_digit* tmp = NULL; sp_digit mp = 1; sp_digit n; sp_digit o; @@ -12257,20 +12277,14 @@ static int sp_4096_mod_exp_2_196(sp_digit* r, const sp_digit* e, int bits, const #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 589, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) tmp = td + 392; XMEMSET(td, 0, sizeof(sp_digit) * 589); -#else - tmp = &td[392]; - XMEMSET(td, 0, sizeof(td)); -#endif sp_4096_mont_setup(m, &mp); sp_4096_mont_norm_196(norm, m); @@ -12328,9 +12342,8 @@ static int sp_4096_mod_exp_2_196(sp_digit* r, const sp_digit* e, int bits, const } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -12355,11 +12368,14 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen, { #ifdef WOLFSSL_SP_SMALL int err = MP_OKAY; - sp_digit* d = NULL; - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; +#else + sp_digit b[196 * 4]; +#endif + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; word32 i; if (mp_count_bits(base) > 4096) { @@ -12375,15 +12391,15 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen, err = MP_VAL; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 196 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) { + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 196 * 4, NULL, DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { - b = d; e = b + 196 * 2; m = e + 196; r = b; @@ -12411,23 +12427,27 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen, XMEMMOVE(out, out + i, *outLen); } - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 196U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) +#endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 196U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif } return err; #else -#ifndef WOLFSSL_SMALL_STACK - sp_digit bd[392]; - sp_digit ed[196]; - sp_digit md[196]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; #else - sp_digit* d = NULL; + sp_digit b[196 * 4]; #endif - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; word32 i; int err = MP_OKAY; @@ -12444,26 +12464,20 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen, err = MP_VAL; } -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 196 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 196 * 4, NULL, + DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - b = d; - e = b + 196 * 2; - m = e + 196; - r = b; - } -#else - r = b = bd; - e = ed; - m = md; #endif if (err == MP_OKAY) { + e = b + 196 * 2; + m = e + 196; + r = b; + sp_4096_from_mp(b, 196, base); sp_4096_from_bin(e, 196, exp, expLen); sp_4096_from_mp(m, 196, mod); @@ -12491,14 +12505,17 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen, XMEMMOVE(out, out + i, *outLen); } -#ifdef WOLFSSL_SMALL_STACK - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 196U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 196U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) #endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 196U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif + } return err; #endif @@ -12975,64 +12992,6 @@ SP_NOINLINE static int sp_256_sub_10(sp_digit* r, const sp_digit* a, } #endif /* WOLFSSL_SP_SMALL */ -/* Create a new point. - * - * heap [in] Buffer to allocate dynamic memory from. - * sp [in] Data for point - only if not allocating. - * p [out] New point. - * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise. - */ -static int sp_256_point_new_ex_10(void* heap, sp_point_256* sp, - sp_point_256** p) -{ - int ret = MP_OKAY; - (void)heap; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - (void)sp; - *p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC); -#else - *p = sp; -#endif - if (*p == NULL) { - ret = MEMORY_E; - } - return ret; -} - -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* Allocate memory for point and return error. */ -#define sp_256_point_new_10(heap, sp, p) sp_256_point_new_ex_10((heap), NULL, &(p)) -#else -/* Set pointer to data and return no error. */ -#define sp_256_point_new_10(heap, sp, p) sp_256_point_new_ex_10((heap), &(sp), &(p)) -#endif - - -/* Free the point. - * - * p [in,out] Point to free. - * clear [in] Indicates whether to zeroize point. - * heap [in] Buffer from which dynamic memory was allocate from. - */ -static void sp_256_point_free_10(sp_point_256* p, int clear, void* heap) -{ -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* If valid pointer then clear point data if requested and free data. */ - if (p != NULL) { - if (clear != 0) { - XMEMSET(p, 0, sizeof(*p)); - } - XFREE(p, heap, DYNAMIC_TYPE_ECC); - } -#else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { - XMEMSET(p, 0, sizeof(*p)); - } -#endif - (void)heap; -} - /* Convert an mp_int to an array of sp_digit. * * r A single precision integer. @@ -14276,34 +14235,25 @@ static void sp_256_proj_point_add_10(sp_point_256* r, */ static int sp_256_mod_mul_norm_10(sp_digit* r, const sp_digit* a, const sp_digit* m) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - int64_t* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + int64_t* t = NULL; #else - int64_t td[8]; - int64_t a32d[8]; + int64_t t[2 * 8]; #endif - int64_t* t; - int64_t* a32; + int64_t* a32 = NULL; int64_t o; int err = MP_OKAY; (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (int64_t*)XMALLOC(sizeof(int64_t) * 2 * 8, NULL, DYNAMIC_TYPE_ECC); - if (td == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (int64_t*)XMALLOC(sizeof(int64_t) * 2 * 8, NULL, DYNAMIC_TYPE_ECC); + if (t == NULL) return MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = td; - a32 = td + 8; -#else - t = td; - a32 = a32d; -#endif + a32 = t + 8; a32[0] = a[0]; a32[0] |= a[1] << 26U; @@ -14394,10 +14344,9 @@ static int sp_256_mod_mul_norm_10(sp_digit* r, const sp_digit* a, const sp_digit r[9] = (sp_digit)(t[7] >> 10U); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -14537,12 +14486,12 @@ static int sp_256_ecc_mulmod_10_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r, static int sp_256_ecc_mulmod_10(sp_point_256* r, const sp_point_256* g, const sp_digit* k, int map, int ct, void* heap) { -#ifdef WOLFSSL_SP_NO_MALLOC +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* t = NULL; + sp_digit* tmp = NULL; +#else sp_point_256 t[3]; sp_digit tmp[2 * 10 * 5]; -#else - sp_point_256* t; - sp_digit* tmp; #endif sp_digit n; int i; @@ -14554,14 +14503,17 @@ static int sp_256_ecc_mulmod_10(sp_point_256* r, const sp_point_256* g, (void)ct; (void)heap; -#ifndef WOLFSSL_SP_NO_MALLOC - t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap, + DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 5, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 5, heap, + DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -14612,19 +14564,24 @@ static int sp_256_ecc_mulmod_10(sp_point_256* r, const sp_point_256* g, } } -#ifndef WOLFSSL_SP_NO_MALLOC - if (tmp != NULL) { - XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 10 * 5); - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_point_256) * 3); - XFREE(t, NULL, DYNAMIC_TYPE_ECC); - } -#else - ForceZero(tmp, sizeof(tmp)); - ForceZero(t, sizeof(t)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) #endif + { + ForceZero(tmp, sizeof(sp_digit) * 2 * 10 * 5); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) +#endif + { + ForceZero(t, sizeof(sp_point_256) * 3); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(t, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -15090,43 +15047,41 @@ static void sp_256_get_point_33_10(sp_point_256* r, const sp_point_256* table, static int sp_256_ecc_mulmod_win_add_sub_10(sp_point_256* r, const sp_point_256* g, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 td[33]; - sp_point_256 rtd; - sp_point_256 pd; - sp_digit tmpd[2 * 10 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* t = NULL; + sp_digit* tmp = NULL; +#else + sp_point_256 t[33+2]; + sp_digit tmp[2 * 10 * 6]; #endif - sp_point_256* t; - sp_point_256* rt; + sp_point_256* rt = NULL; sp_point_256* p = NULL; - sp_digit* tmp; sp_digit* negy; int i; ecc_recode_256 v[43]; - int err; + int err = MP_OKAY; /* Constant time used for cache attack resistance implementation. */ (void)ct; (void)heap; - err = sp_256_point_new_10(heap, rtd, rt); - if (err == MP_OKAY) - err = sp_256_point_new_10(heap, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 33, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * + (33+2), heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 6, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; -#else - t = td; - tmp = tmpd; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 6, + heap, DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif - if (err == MP_OKAY) { + rt = t + 33; + p = t + 33+1; + /* t[0] = {0, 0, 1} * norm */ XMEMSET(&t[0], 0, sizeof(t[0])); t[0].infinity = 1; @@ -15206,14 +15161,12 @@ static int sp_256_ecc_mulmod_win_add_sub_10(sp_point_256* r, const sp_point_256* } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); if (tmp != NULL) XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_10(p, 0, heap); - sp_256_point_free_10(rt, 0, heap); return err; } @@ -15339,29 +15292,30 @@ static void sp_256_proj_to_affine_10(sp_point_256* a, sp_digit* t) static int sp_256_gen_stripe_table_10(const sp_point_256* a, sp_table_entry_256* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 td; - sp_point_256 s1d; - sp_point_256 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* t = NULL; +#else + sp_point_256 t[3]; #endif - sp_point_256* t; sp_point_256* s1 = NULL; sp_point_256* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_256_point_new_10(heap, td, t); - if (err == MP_OKAY) { - err = sp_256_point_new_10(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_256_point_new_10(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_256_mod_mul_norm_10(t->x, a->x, p256_mod); } if (err == MP_OKAY) { @@ -15406,9 +15360,10 @@ static int sp_256_gen_stripe_table_10(const sp_point_256* a, } } - sp_256_point_free_10(s2, 0, heap); - sp_256_point_free_10(s1, 0, heap); - sp_256_point_free_10( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -15492,19 +15447,19 @@ static int sp_256_ecc_mulmod_stripe_10(sp_point_256* r, const sp_point_256* g, const sp_table_entry_256* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 rtd; - sp_point_256 pd; - sp_digit td[2 * 10 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_256 rt[2]; + sp_digit t[2 * 10 * 5]; #endif - sp_point_256* rt; sp_point_256* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -15512,21 +15467,22 @@ static int sp_256_ecc_mulmod_stripe_10(sp_point_256* r, const sp_point_256* g, (void)heap; - err = sp_256_point_new_10(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_256_point_new_10(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 5, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 5, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod)); XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod)); @@ -15577,13 +15533,12 @@ static int sp_256_ecc_mulmod_stripe_10(sp_point_256* r, const sp_point_256* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_10(p, 0, heap); - sp_256_point_free_10(rt, 0, heap); return err; } @@ -15747,25 +15702,28 @@ static int sp_256_ecc_mulmod_10(sp_point_256* r, const sp_point_256* g, const sp int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[10]; -#endif - sp_point_256* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[1]; + sp_digit k[10]; +#endif int err = MP_OKAY; - err = sp_256_point_new_10(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 10, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_256_from_mp(k, 10, km); sp_256_point_from_ecc_point_10(point, gm); @@ -15776,12 +15734,12 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, err = sp_256_point_to_ecc_point_10(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_10(point, 0, heap); return err; } @@ -15801,37 +15759,35 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_point_256 a; - sp_digit kd[10]; - sp_digit t[10 * 2 * 5]; -#endif - sp_point_256* point; - sp_point_256* addP = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[2]; + sp_digit k[10 + 10 * 2 * 5]; +#endif + sp_point_256* addP = NULL; sp_digit* tmp = NULL; int err = MP_OKAY; - err = sp_256_point_new_10(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_256_point_new_10(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (10 + 10 * 2 * 5), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (10 + 10 * 2 * 5), heap, + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 10; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 10; + sp_256_from_mp(k, 10, km); sp_256_point_from_ecc_point_10(point, gm); sp_256_point_from_ecc_point_10(addP, am); @@ -15858,13 +15814,12 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, err = sp_256_point_to_ecc_point_10(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_10(addP, 0, heap); - sp_256_point_free_10(point, 0, heap); return err; } @@ -17207,26 +17162,28 @@ static int sp_256_ecc_mulmod_base_10(sp_point_256* r, const sp_digit* k, */ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[10]; -#endif - sp_point_256* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[1]; + sp_digit k[10]; +#endif int err = MP_OKAY; - err = sp_256_point_new_10(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 10, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_256_from_mp(k, 10, km); @@ -17236,12 +17193,12 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) err = sp_256_point_to_ecc_point_10(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_10(point, 0, heap); return err; } @@ -17260,37 +17217,35 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_point_256 a; - sp_digit kd[10]; - sp_digit t[10 * 2 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; + sp_digit* k = NULL; +#else + sp_point_256 point[2]; + sp_digit k[10 + 10 * 2 * 5]; #endif - sp_point_256* point; sp_point_256* addP = NULL; sp_digit* tmp = NULL; - sp_digit* k = NULL; int err = MP_OKAY; - err = sp_256_point_new_10(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_256_point_new_10(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (10 + 10 * 2 * 5), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (10 + 10 * 2 * 5), + heap, DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 10; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 10; + sp_256_from_mp(k, 10, km); sp_256_point_from_ecc_point_10(addP, am); } @@ -17316,13 +17271,12 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, err = sp_256_point_to_ecc_point_10(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_10(addP, 0, heap); - sp_256_point_free_10(point, 0, heap); return err; } @@ -17426,41 +17380,46 @@ static int sp_256_ecc_gen_k_10(WC_RNG* rng, sp_digit* k) */ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[10]; -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_point_256 inf; -#endif -#endif - sp_point_256* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + sp_point_256 point[2]; + #else + sp_point_256 point[1]; + #endif + sp_digit k[10]; +#endif #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN sp_point_256* infinity = NULL; #endif - int err; + int err = MP_OKAY; + (void)heap; - err = sp_256_point_new_10(heap, p, point); -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - if (err == MP_OKAY) { - err = sp_256_point_new_10(heap, inf, infinity); - } -#endif -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, DYNAMIC_TYPE_ECC); + #else + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC); + #endif + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 10, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif if (err == MP_OKAY) { + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + infinity = point + 1; + #endif + err = sp_256_ecc_gen_k_10(rng, k); } if (err == MP_OKAY) { @@ -17485,15 +17444,14 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_256_point_to_ecc_point_10(point, pub); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); + if (point != NULL) { + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); } #endif -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_256_point_free_10(infinity, 1, heap); -#endif - sp_256_point_free_10(point, 1, heap); return err; } @@ -17558,30 +17516,32 @@ static void sp_256_to_bin(sp_digit* r, byte* a) int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, word32* outLen, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[10]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[1]; + sp_digit k[10]; +#endif int err = MP_OKAY; if (*outLen < 32U) { err = BUFFER_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_256_point_new_10(heap, p, point); + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 10, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif if (err == MP_OKAY) { @@ -17594,12 +17554,12 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, *outLen = 32; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_10(point, 0, heap); return err; } @@ -17732,34 +17692,25 @@ static int sp_256_div_10(const sp_digit* a, const sp_digit* d, #endif sp_digit dv; sp_digit r1; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[20]; - sp_digit t2d[10 + 1]; + sp_digit t1[3 * 10 + 1]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 10 + 1), NULL, +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 10 + 1), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (t1 == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = td; - t2 = td + 2 * 10; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 10; dv = d[9]; XMEMCPY(t1, a, sizeof(*t1) * 2U * 10U); @@ -17802,10 +17753,9 @@ static int sp_256_div_10(const sp_digit* a, const sp_digit* d, (sp_digit)1 : (sp_digit)0)); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -18255,22 +18205,17 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit ed[2*10]; - sp_digit xd[2*10]; - sp_digit kd[2*10]; - sp_digit rd[2*10]; - sp_digit td[3 * 2*10]; - sp_point_256 p; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* e = NULL; + sp_point_256* point = NULL; +#else + sp_digit e[7 * 2 * 10]; + sp_point_256 point[1]; +#endif sp_digit* x = NULL; sp_digit* k = NULL; sp_digit* r = NULL; sp_digit* tmp = NULL; - sp_point_256* point = NULL; sp_digit* s = NULL; int32_t c; int err = MP_OKAY; @@ -18278,31 +18223,26 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, (void)heap; - err = sp_256_point_new_10(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 10, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 10, heap, + DYNAMIC_TYPE_ECC); + if (e == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - e = d + 0 * 10; - x = d + 2 * 10; - k = d + 4 * 10; - r = d + 6 * 10; - tmp = d + 8 * 10; -#else - e = ed; - x = xd; - k = kd; - r = rd; - tmp = td; -#endif + x = e + 2 * 10; + k = e + 4 * 10; + r = e + 6 * 10; + tmp = e + 8 * 10; s = e; if (hashLen > 32U) { @@ -18357,19 +18297,24 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, err = sp_256_to_mp(s, sm); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 8 * 10); - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 2U * 10U); - XMEMSET(x, 0, sizeof(sp_digit) * 2U * 10U); - XMEMSET(k, 0, sizeof(sp_digit) * 2U * 10U); - XMEMSET(r, 0, sizeof(sp_digit) * 2U * 10U); - XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 10U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (e != NULL) #endif - sp_256_point_free_10(point, 1, heap); + { + ForceZero(e, sizeof(sp_digit) * 7 * 2 * 10); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(e, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (point != NULL) +#endif + { + ForceZero(point, sizeof(sp_point_256)); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(point, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -18419,20 +18364,18 @@ static int sp_256_num_bits_10(const sp_digit* a) static int sp_256_mod_inv_10(sp_digit* r, const sp_digit* a, const sp_digit* m) { int err = MP_OKAY; -#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) - sp_digit* u; - sp_digit* v; - sp_digit* b; - sp_digit* d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* u = NULL; #else - sp_digit u[10]; - sp_digit v[10]; - sp_digit b[10]; - sp_digit d[10]; + sp_digit u[10 * 4]; #endif - int ut, vt; + sp_digit* v = NULL; + sp_digit* b = NULL; + sp_digit* d = NULL; + int ut; + int vt; -#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) u = (sp_digit*)XMALLOC(sizeof(sp_digit) * 10 * 4, NULL, DYNAMIC_TYPE_ECC); if (u == NULL) @@ -18440,11 +18383,9 @@ static int sp_256_mod_inv_10(sp_digit* r, const sp_digit* a, const sp_digit* m) #endif if (err == MP_OKAY) { -#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) v = u + 10; b = u + 2 * 10; d = u + 3 * 10; -#endif XMEMCPY(u, m, sizeof(sp_digit) * 10); XMEMCPY(v, a, sizeof(sp_digit) * 10); @@ -18522,7 +18463,7 @@ static int sp_256_mod_inv_10(sp_digit* r, const sp_digit* a, const sp_digit* m) else XMEMCPY(r, d, sizeof(sp_digit) * 10); } -#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (u != NULL) XFREE(u, NULL, DYNAMIC_TYPE_ECC); #endif @@ -18820,52 +18761,41 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, int* res, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit u1d[2*10]; - sp_digit u2d[2*10]; - sp_digit sd[2*10]; - sp_digit tmpd[2*10 * 5]; - sp_point_256 p1d; - sp_point_256 p2d; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* u1 = NULL; + sp_point_256* p1 = NULL; +#else + sp_digit u1[16 * 10]; + sp_point_256 p1[2]; +#endif sp_digit* u2 = NULL; sp_digit* s = NULL; sp_digit* tmp = NULL; - sp_point_256* p1; sp_point_256* p2 = NULL; sp_digit carry; int32_t c = 0; - int err; + int err = MP_OKAY; - err = sp_256_point_new_10(heap, p1d, p1); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_256_point_new_10(heap, p2d, p2); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 10, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + p1 = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (p1 == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 10, heap, + DYNAMIC_TYPE_ECC); + if (u1 == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - u1 = d + 0 * 10; - u2 = d + 2 * 10; - s = d + 4 * 10; - tmp = d + 6 * 10; -#else - u1 = u1d; - u2 = u2d; - s = sd; - tmp = tmpd; -#endif + u2 = u1 + 2 * 10; + s = u1 + 4 * 10; + tmp = u1 + 6 * 10; + p2 = p1 + 1; if (hashLen > 32U) { hashLen = 32U; @@ -18916,12 +18846,12 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) - XFREE(d, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (u1 != NULL) + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + if (p1 != NULL) + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_10(p1, 0, heap); - sp_256_point_free_10(p2, 0, heap); return err; } @@ -18938,32 +18868,23 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, static int sp_256_ecc_is_point_10(const sp_point_256* point, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2*10]; - sp_digit t2d[2*10]; + sp_digit t1[10 * 4]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 10 * 4, heap, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 10 * 4, heap, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif (void)heap; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 10; - t2 = d + 2 * 10; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 10; sp_256_sqr_10(t1, point->y); (void)sp_256_mod_10(t1, t1, p256_mod); @@ -18983,10 +18904,9 @@ static int sp_256_ecc_is_point_10(const sp_point_256* point, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -19001,14 +18921,21 @@ static int sp_256_ecc_is_point_10(const sp_point_256* point, */ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 pubd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* pub = NULL; +#else + sp_point_256 pub[1]; +#endif + const byte one[1] = { 1 }; + int err = MP_OKAY; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; #endif - sp_point_256* pub; - byte one[1] = { 1 }; - int err; - err = sp_256_point_new_10(NULL, pubd, pub); if (err == MP_OKAY) { sp_256_from_mp(pub->x, 10, pX); sp_256_from_mp(pub->y, 10, pY); @@ -19017,7 +18944,10 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) err = sp_256_ecc_is_point_10(pub, NULL); } - sp_256_point_free_10(pub, 0, NULL); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -19036,45 +18966,45 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, const mp_int* privm, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit privd[10]; - sp_point_256 pubd; - sp_point_256 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* priv = NULL; - sp_point_256* pub; - sp_point_256* p = NULL; - byte one[1] = { 1 }; - int err; - - err = sp_256_point_new_10(heap, pubd, pub); - if (err == MP_OKAY) { - err = sp_256_point_new_10(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY && privm) { - priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 10, heap, - DYNAMIC_TYPE_ECC); - if (priv == NULL) { - err = MEMORY_E; - } - } + sp_point_256* pub = NULL; +#else + sp_digit priv[10]; + sp_point_256 pub[2]; #endif + sp_point_256* p = NULL; + const byte one[1] = { 1 }; + int err = MP_OKAY; + /* Quick check the lengs of public key ordinates and private key are in * range. Proper check later. */ - if ((err == MP_OKAY) && ((mp_count_bits(pX) > 256) || + if (((mp_count_bits(pX) > 256) || (mp_count_bits(pY) > 256) || ((privm != NULL) && (mp_count_bits(privm) > 256)))) { err = ECC_OUT_OF_RANGE_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - priv = privd; + pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY && privm) { + priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 10, heap, + DYNAMIC_TYPE_ECC); + if (priv == NULL) + err = MEMORY_E; + } #endif + if (err == MP_OKAY) { + p = pub + 1; + sp_256_from_mp(pub->x, 10, pX); sp_256_from_mp(pub->y, 10, pY); sp_256_from_bin(pub->z, 10, one, (int)sizeof(one)); @@ -19123,13 +19053,12 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (priv != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + if (priv != NULL) XFREE(priv, heap, DYNAMIC_TYPE_ECC); - } #endif - sp_256_point_free_10(p, 0, heap); - sp_256_point_free_10(pub, 0, heap); return err; } @@ -19153,33 +19082,35 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* qX, mp_int* qY, mp_int* qZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 10 * 5]; - sp_point_256 pd; - sp_point_256 qd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_256* p; + sp_point_256* p = NULL; +#else + sp_digit tmp[2 * 10 * 5]; + sp_point_256 p[2]; +#endif sp_point_256* q = NULL; int err; - err = sp_256_point_new_10(NULL, pd, p); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_256_point_new_10(NULL, qd, q); + p = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 5, NULL, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (tmp == NULL) { err = MEMORY_E; } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { + q = p + 1; + sp_256_from_mp(p->x, 10, pX); sp_256_from_mp(p->y, 10, pY); sp_256_from_mp(p->z, 10, pZ); @@ -19200,13 +19131,12 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_256_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_10(q, 0, NULL); - sp_256_point_free_10(p, 0, NULL); return err; } @@ -19225,25 +19155,28 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 10 * 2]; - sp_point_256 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_256* p; - int err; + sp_point_256* p = NULL; +#else + sp_digit tmp[2 * 10 * 2]; + sp_point_256 p[1]; +#endif + int err = MP_OKAY; - err = sp_256_point_new_10(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 2, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { @@ -19264,12 +19197,12 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_256_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_10(p, 0, NULL); return err; } @@ -19284,25 +19217,29 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, */ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 10 * 4]; - sp_point_256 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_256* p; - int err; + sp_point_256* p = NULL; +#else + sp_digit tmp[2 * 10 * 4]; + sp_point_256 p[1]; +#endif + int err = MP_OKAY; - err = sp_256_point_new_10(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 4, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { sp_256_from_mp(p->x, 10, pX); @@ -19322,12 +19259,12 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) err = sp_256_to_mp(p->z, pZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_10(p, 0, NULL); return err; } @@ -19340,31 +19277,23 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) */ static int sp_256_mont_sqrt_10(sp_digit* y) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2 * 10]; - sp_digit t2d[2 * 10]; + sp_digit t1[4 * 10]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 10, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 10, NULL, DYNAMIC_TYPE_ECC); + if (t1 == NULL) { err = MEMORY_E; } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 10; - t2 = d + 2 * 10; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 10; { /* t2 = y ^ 0x2 */ @@ -19399,10 +19328,9 @@ static int sp_256_mont_sqrt_10(sp_digit* y) } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -19418,31 +19346,22 @@ static int sp_256_mont_sqrt_10(sp_digit* y) */ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; -#else - sp_digit xd[2 * 10]; - sp_digit yd[2 * 10]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* x = NULL; +#else + sp_digit x[4 * 10]; +#endif sp_digit* y = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 10, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 10, NULL, DYNAMIC_TYPE_ECC); + if (x == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - x = d + 0 * 10; - y = d + 2 * 10; -#else - x = xd; - y = yd; -#endif + y = x + 2 * 10; sp_256_from_mp(x, 10, xm); err = sp_256_mod_mul_norm_10(x, x, p256_mod); @@ -19475,10 +19394,9 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) err = sp_256_to_mp(y, ym); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (x != NULL) + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -20178,64 +20096,6 @@ SP_NOINLINE static int sp_384_sub_15(sp_digit* r, const sp_digit* a, } #endif /* WOLFSSL_SP_SMALL */ -/* Create a new point. - * - * heap [in] Buffer to allocate dynamic memory from. - * sp [in] Data for point - only if not allocating. - * p [out] New point. - * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise. - */ -static int sp_384_point_new_ex_15(void* heap, sp_point_384* sp, - sp_point_384** p) -{ - int ret = MP_OKAY; - (void)heap; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - (void)sp; - *p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC); -#else - *p = sp; -#endif - if (*p == NULL) { - ret = MEMORY_E; - } - return ret; -} - -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* Allocate memory for point and return error. */ -#define sp_384_point_new_15(heap, sp, p) sp_384_point_new_ex_15((heap), NULL, &(p)) -#else -/* Set pointer to data and return no error. */ -#define sp_384_point_new_15(heap, sp, p) sp_384_point_new_ex_15((heap), &(sp), &(p)) -#endif - - -/* Free the point. - * - * p [in,out] Point to free. - * clear [in] Indicates whether to zeroize point. - * heap [in] Buffer from which dynamic memory was allocate from. - */ -static void sp_384_point_free_15(sp_point_384* p, int clear, void* heap) -{ -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* If valid pointer then clear point data if requested and free data. */ - if (p != NULL) { - if (clear != 0) { - XMEMSET(p, 0, sizeof(*p)); - } - XFREE(p, heap, DYNAMIC_TYPE_ECC); - } -#else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { - XMEMSET(p, 0, sizeof(*p)); - } -#endif - (void)heap; -} - /* Convert an mp_int to an array of sp_digit. * * r A single precision integer. @@ -21509,34 +21369,25 @@ static void sp_384_proj_point_add_15(sp_point_384* r, */ static int sp_384_mod_mul_norm_15(sp_digit* r, const sp_digit* a, const sp_digit* m) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - int64_t* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + int64_t* t = NULL; #else - int64_t td[12]; - int64_t a32d[12]; + int64_t t[2 * 12]; #endif - int64_t* t; - int64_t* a32; + int64_t* a32 = NULL; int64_t o; int err = MP_OKAY; (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (int64_t*)XMALLOC(sizeof(int64_t) * 2 * 12, NULL, DYNAMIC_TYPE_ECC); - if (td == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (int64_t*)XMALLOC(sizeof(int64_t) * 2 * 12, NULL, DYNAMIC_TYPE_ECC); + if (t == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = td; - a32 = td + 12; -#else - t = td; - a32 = a32d; -#endif + a32 = t + 12; a32[0] = a[0]; a32[0] |= a[1] << 26U; @@ -21669,9 +21520,9 @@ static int sp_384_mod_mul_norm_15(sp_digit* r, const sp_digit* a, const sp_digit r[14] = (sp_digit)(t[11] >> 12U); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -21811,12 +21662,12 @@ static int sp_384_ecc_mulmod_15_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r, static int sp_384_ecc_mulmod_15(sp_point_384* r, const sp_point_384* g, const sp_digit* k, int map, int ct, void* heap) { -#ifdef WOLFSSL_SP_NO_MALLOC +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* t = NULL; + sp_digit* tmp = NULL; +#else sp_point_384 t[3]; sp_digit tmp[2 * 15 * 6]; -#else - sp_point_384* t; - sp_digit* tmp; #endif sp_digit n; int i; @@ -21828,14 +21679,17 @@ static int sp_384_ecc_mulmod_15(sp_point_384* r, const sp_point_384* g, (void)ct; (void)heap; -#ifndef WOLFSSL_SP_NO_MALLOC - t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap, + DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 15 * 6, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 15 * 6, heap, + DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -21886,19 +21740,24 @@ static int sp_384_ecc_mulmod_15(sp_point_384* r, const sp_point_384* g, } } -#ifndef WOLFSSL_SP_NO_MALLOC - if (tmp != NULL) { - XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 15 * 6); - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_point_384) * 3); - XFREE(t, NULL, DYNAMIC_TYPE_ECC); - } -#else - ForceZero(tmp, sizeof(tmp)); - ForceZero(t, sizeof(t)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) #endif + { + ForceZero(tmp, sizeof(sp_digit) * 2 * 15 * 6); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) +#endif + { + ForceZero(t, sizeof(sp_point_384) * 3); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(t, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -22404,43 +22263,41 @@ static void sp_384_get_point_33_15(sp_point_384* r, const sp_point_384* table, static int sp_384_ecc_mulmod_win_add_sub_15(sp_point_384* r, const sp_point_384* g, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 td[33]; - sp_point_384 rtd; - sp_point_384 pd; - sp_digit tmpd[2 * 15 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* t = NULL; + sp_digit* tmp = NULL; +#else + sp_point_384 t[33+2]; + sp_digit tmp[2 * 15 * 6]; #endif - sp_point_384* t; - sp_point_384* rt; + sp_point_384* rt = NULL; sp_point_384* p = NULL; - sp_digit* tmp; sp_digit* negy; int i; ecc_recode_384 v[65]; - int err; + int err = MP_OKAY; /* Constant time used for cache attack resistance implementation. */ (void)ct; (void)heap; - err = sp_384_point_new_15(heap, rtd, rt); - if (err == MP_OKAY) - err = sp_384_point_new_15(heap, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 33, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * + (33+2), heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 15 * 6, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; -#else - t = td; - tmp = tmpd; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 15 * 6, + heap, DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif - if (err == MP_OKAY) { + rt = t + 33; + p = t + 33+1; + /* t[0] = {0, 0, 1} * norm */ XMEMSET(&t[0], 0, sizeof(t[0])); t[0].infinity = 1; @@ -22520,14 +22377,12 @@ static int sp_384_ecc_mulmod_win_add_sub_15(sp_point_384* r, const sp_point_384* } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); if (tmp != NULL) XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_15(p, 0, heap); - sp_384_point_free_15(rt, 0, heap); return err; } @@ -22653,29 +22508,30 @@ static void sp_384_proj_to_affine_15(sp_point_384* a, sp_digit* t) static int sp_384_gen_stripe_table_15(const sp_point_384* a, sp_table_entry_384* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 td; - sp_point_384 s1d; - sp_point_384 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* t = NULL; +#else + sp_point_384 t[3]; #endif - sp_point_384* t; sp_point_384* s1 = NULL; sp_point_384* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_384_point_new_15(heap, td, t); - if (err == MP_OKAY) { - err = sp_384_point_new_15(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_384_point_new_15(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_384_mod_mul_norm_15(t->x, a->x, p384_mod); } if (err == MP_OKAY) { @@ -22720,9 +22576,10 @@ static int sp_384_gen_stripe_table_15(const sp_point_384* a, } } - sp_384_point_free_15(s2, 0, heap); - sp_384_point_free_15(s1, 0, heap); - sp_384_point_free_15( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -22826,19 +22683,19 @@ static int sp_384_ecc_mulmod_stripe_15(sp_point_384* r, const sp_point_384* g, const sp_table_entry_384* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 rtd; - sp_point_384 pd; - sp_digit td[2 * 15 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_384 rt[2]; + sp_digit t[2 * 15 * 6]; #endif - sp_point_384* rt; sp_point_384* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -22846,21 +22703,22 @@ static int sp_384_ecc_mulmod_stripe_15(sp_point_384* r, const sp_point_384* g, (void)heap; - err = sp_384_point_new_15(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_384_point_new_15(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 15 * 6, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 15 * 6, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p384_norm_mod, sizeof(p384_norm_mod)); XMEMCPY(rt->z, p384_norm_mod, sizeof(p384_norm_mod)); @@ -22911,13 +22769,12 @@ static int sp_384_ecc_mulmod_stripe_15(sp_point_384* r, const sp_point_384* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_15(p, 0, heap); - sp_384_point_free_15(rt, 0, heap); return err; } @@ -23081,25 +22938,28 @@ static int sp_384_ecc_mulmod_15(sp_point_384* r, const sp_point_384* g, const sp int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[15]; -#endif - sp_point_384* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[1]; + sp_digit k[15]; +#endif int err = MP_OKAY; - err = sp_384_point_new_15(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 15, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_384_from_mp(k, 15, km); sp_384_point_from_ecc_point_15(point, gm); @@ -23110,12 +22970,12 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, err = sp_384_point_to_ecc_point_15(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_15(point, 0, heap); return err; } @@ -23135,37 +22995,35 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_point_384 a; - sp_digit kd[15]; - sp_digit t[15 * 2 * 6]; -#endif - sp_point_384* point; - sp_point_384* addP = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[2]; + sp_digit k[15 + 15 * 2 * 6]; +#endif + sp_point_384* addP = NULL; sp_digit* tmp = NULL; int err = MP_OKAY; - err = sp_384_point_new_15(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_384_point_new_15(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (15 + 15 * 2 * 6), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (15 + 15 * 2 * 6), heap, + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 15; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 15; + sp_384_from_mp(k, 15, km); sp_384_point_from_ecc_point_15(point, gm); sp_384_point_from_ecc_point_15(addP, am); @@ -23192,13 +23050,12 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, err = sp_384_point_to_ecc_point_15(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_15(addP, 0, heap); - sp_384_point_free_15(point, 0, heap); return err; } @@ -25051,26 +24908,28 @@ static int sp_384_ecc_mulmod_base_15(sp_point_384* r, const sp_digit* k, */ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[15]; -#endif - sp_point_384* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[1]; + sp_digit k[15]; +#endif int err = MP_OKAY; - err = sp_384_point_new_15(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 15, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_384_from_mp(k, 15, km); @@ -25080,12 +24939,12 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) err = sp_384_point_to_ecc_point_15(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_15(point, 0, heap); return err; } @@ -25104,37 +24963,35 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_point_384 a; - sp_digit kd[15]; - sp_digit t[15 * 2 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; + sp_digit* k = NULL; +#else + sp_point_384 point[2]; + sp_digit k[15 + 15 * 2 * 6]; #endif - sp_point_384* point; sp_point_384* addP = NULL; sp_digit* tmp = NULL; - sp_digit* k = NULL; int err = MP_OKAY; - err = sp_384_point_new_15(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_384_point_new_15(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (15 + 15 * 2 * 6), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (15 + 15 * 2 * 6), + heap, DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 15; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 15; + sp_384_from_mp(k, 15, km); sp_384_point_from_ecc_point_15(addP, am); } @@ -25160,13 +25017,12 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, err = sp_384_point_to_ecc_point_15(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_15(addP, 0, heap); - sp_384_point_free_15(point, 0, heap); return err; } @@ -25270,41 +25126,46 @@ static int sp_384_ecc_gen_k_15(WC_RNG* rng, sp_digit* k) */ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[15]; -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_point_384 inf; -#endif -#endif - sp_point_384* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + sp_point_384 point[2]; + #else + sp_point_384 point[1]; + #endif + sp_digit k[15]; +#endif #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN sp_point_384* infinity = NULL; #endif - int err; + int err = MP_OKAY; + (void)heap; - err = sp_384_point_new_15(heap, p, point); -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - if (err == MP_OKAY) { - err = sp_384_point_new_15(heap, inf, infinity); - } -#endif -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, DYNAMIC_TYPE_ECC); + #else + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC); + #endif + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 15, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif if (err == MP_OKAY) { + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + infinity = point + 1; + #endif + err = sp_384_ecc_gen_k_15(rng, k); } if (err == MP_OKAY) { @@ -25329,15 +25190,14 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_384_point_to_ecc_point_15(point, pub); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); + if (point != NULL) { + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); } #endif -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_384_point_free_15(infinity, 1, heap); -#endif - sp_384_point_free_15(point, 1, heap); return err; } @@ -25402,30 +25262,32 @@ static void sp_384_to_bin(sp_digit* r, byte* a) int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, word32* outLen, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[15]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[1]; + sp_digit k[15]; +#endif int err = MP_OKAY; if (*outLen < 48U) { err = BUFFER_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_384_point_new_15(heap, p, point); + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 15, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif if (err == MP_OKAY) { @@ -25438,12 +25300,12 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, *outLen = 48; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_15(point, 0, heap); return err; } @@ -25586,34 +25448,25 @@ static int sp_384_div_15(const sp_digit* a, const sp_digit* d, #endif sp_digit dv; sp_digit r1; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[30]; - sp_digit t2d[15 + 1]; + sp_digit t1[3 * 15 + 1]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 15 + 1), NULL, +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 15 + 1), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (t1 == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = td; - t2 = td + 2 * 15; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 15; dv = d[14]; XMEMCPY(t1, a, sizeof(*t1) * 2U * 15U); @@ -25656,10 +25509,9 @@ static int sp_384_div_15(const sp_digit* a, const sp_digit* d, (sp_digit)1 : (sp_digit)0)); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -26080,22 +25932,17 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit ed[2*15]; - sp_digit xd[2*15]; - sp_digit kd[2*15]; - sp_digit rd[2*15]; - sp_digit td[3 * 2*15]; - sp_point_384 p; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* e = NULL; + sp_point_384* point = NULL; +#else + sp_digit e[7 * 2 * 15]; + sp_point_384 point[1]; +#endif sp_digit* x = NULL; sp_digit* k = NULL; sp_digit* r = NULL; sp_digit* tmp = NULL; - sp_point_384* point = NULL; sp_digit* s = NULL; int32_t c; int err = MP_OKAY; @@ -26103,31 +25950,26 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, (void)heap; - err = sp_384_point_new_15(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 15, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 15, heap, + DYNAMIC_TYPE_ECC); + if (e == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - e = d + 0 * 15; - x = d + 2 * 15; - k = d + 4 * 15; - r = d + 6 * 15; - tmp = d + 8 * 15; -#else - e = ed; - x = xd; - k = kd; - r = rd; - tmp = td; -#endif + x = e + 2 * 15; + k = e + 4 * 15; + r = e + 6 * 15; + tmp = e + 8 * 15; s = e; if (hashLen > 48U) { @@ -26182,19 +26024,24 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, err = sp_384_to_mp(s, sm); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 8 * 15); - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 2U * 15U); - XMEMSET(x, 0, sizeof(sp_digit) * 2U * 15U); - XMEMSET(k, 0, sizeof(sp_digit) * 2U * 15U); - XMEMSET(r, 0, sizeof(sp_digit) * 2U * 15U); - XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 15U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (e != NULL) #endif - sp_384_point_free_15(point, 1, heap); + { + ForceZero(e, sizeof(sp_digit) * 7 * 2 * 15); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(e, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (point != NULL) +#endif + { + ForceZero(point, sizeof(sp_point_384)); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(point, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -26244,20 +26091,18 @@ static int sp_384_num_bits_15(const sp_digit* a) static int sp_384_mod_inv_15(sp_digit* r, const sp_digit* a, const sp_digit* m) { int err = MP_OKAY; -#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) - sp_digit* u; - sp_digit* v; - sp_digit* b; - sp_digit* d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* u = NULL; #else - sp_digit u[15]; - sp_digit v[15]; - sp_digit b[15]; - sp_digit d[15]; + sp_digit u[15 * 4]; #endif - int ut, vt; + sp_digit* v = NULL; + sp_digit* b = NULL; + sp_digit* d = NULL; + int ut; + int vt; -#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) u = (sp_digit*)XMALLOC(sizeof(sp_digit) * 15 * 4, NULL, DYNAMIC_TYPE_ECC); if (u == NULL) @@ -26265,11 +26110,9 @@ static int sp_384_mod_inv_15(sp_digit* r, const sp_digit* a, const sp_digit* m) #endif if (err == MP_OKAY) { -#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) v = u + 15; b = u + 2 * 15; d = u + 3 * 15; -#endif XMEMCPY(u, m, sizeof(sp_digit) * 15); XMEMCPY(v, a, sizeof(sp_digit) * 15); @@ -26347,7 +26190,7 @@ static int sp_384_mod_inv_15(sp_digit* r, const sp_digit* a, const sp_digit* m) else XMEMCPY(r, d, sizeof(sp_digit) * 15); } -#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (u != NULL) XFREE(u, NULL, DYNAMIC_TYPE_ECC); #endif @@ -26650,52 +26493,41 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, int* res, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit u1d[2*15]; - sp_digit u2d[2*15]; - sp_digit sd[2*15]; - sp_digit tmpd[2*15 * 5]; - sp_point_384 p1d; - sp_point_384 p2d; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* u1 = NULL; + sp_point_384* p1 = NULL; +#else + sp_digit u1[16 * 15]; + sp_point_384 p1[2]; +#endif sp_digit* u2 = NULL; sp_digit* s = NULL; sp_digit* tmp = NULL; - sp_point_384* p1; sp_point_384* p2 = NULL; sp_digit carry; int32_t c = 0; - int err; + int err = MP_OKAY; - err = sp_384_point_new_15(heap, p1d, p1); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_384_point_new_15(heap, p2d, p2); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 15, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + p1 = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (p1 == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 15, heap, + DYNAMIC_TYPE_ECC); + if (u1 == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - u1 = d + 0 * 15; - u2 = d + 2 * 15; - s = d + 4 * 15; - tmp = d + 6 * 15; -#else - u1 = u1d; - u2 = u2d; - s = sd; - tmp = tmpd; -#endif + u2 = u1 + 2 * 15; + s = u1 + 4 * 15; + tmp = u1 + 6 * 15; + p2 = p1 + 1; if (hashLen > 48U) { hashLen = 48U; @@ -26746,12 +26578,12 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) - XFREE(d, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (u1 != NULL) + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + if (p1 != NULL) + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_15(p1, 0, heap); - sp_384_point_free_15(p2, 0, heap); return err; } @@ -26768,32 +26600,23 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, static int sp_384_ecc_is_point_15(const sp_point_384* point, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2*15]; - sp_digit t2d[2*15]; + sp_digit t1[15 * 4]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 15 * 4, heap, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 15 * 4, heap, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif (void)heap; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 15; - t2 = d + 2 * 15; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 15; sp_384_sqr_15(t1, point->y); (void)sp_384_mod_15(t1, t1, p384_mod); @@ -26813,10 +26636,9 @@ static int sp_384_ecc_is_point_15(const sp_point_384* point, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -26831,14 +26653,21 @@ static int sp_384_ecc_is_point_15(const sp_point_384* point, */ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 pubd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* pub = NULL; +#else + sp_point_384 pub[1]; +#endif + const byte one[1] = { 1 }; + int err = MP_OKAY; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; #endif - sp_point_384* pub; - byte one[1] = { 1 }; - int err; - err = sp_384_point_new_15(NULL, pubd, pub); if (err == MP_OKAY) { sp_384_from_mp(pub->x, 15, pX); sp_384_from_mp(pub->y, 15, pY); @@ -26847,7 +26676,10 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) err = sp_384_ecc_is_point_15(pub, NULL); } - sp_384_point_free_15(pub, 0, NULL); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -26866,45 +26698,45 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, const mp_int* privm, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit privd[15]; - sp_point_384 pubd; - sp_point_384 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* priv = NULL; - sp_point_384* pub; - sp_point_384* p = NULL; - byte one[1] = { 1 }; - int err; - - err = sp_384_point_new_15(heap, pubd, pub); - if (err == MP_OKAY) { - err = sp_384_point_new_15(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY && privm) { - priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 15, heap, - DYNAMIC_TYPE_ECC); - if (priv == NULL) { - err = MEMORY_E; - } - } + sp_point_384* pub = NULL; +#else + sp_digit priv[15]; + sp_point_384 pub[2]; #endif + sp_point_384* p = NULL; + const byte one[1] = { 1 }; + int err = MP_OKAY; + /* Quick check the lengs of public key ordinates and private key are in * range. Proper check later. */ - if ((err == MP_OKAY) && ((mp_count_bits(pX) > 384) || + if (((mp_count_bits(pX) > 384) || (mp_count_bits(pY) > 384) || ((privm != NULL) && (mp_count_bits(privm) > 384)))) { err = ECC_OUT_OF_RANGE_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - priv = privd; + pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY && privm) { + priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 15, heap, + DYNAMIC_TYPE_ECC); + if (priv == NULL) + err = MEMORY_E; + } #endif + if (err == MP_OKAY) { + p = pub + 1; + sp_384_from_mp(pub->x, 15, pX); sp_384_from_mp(pub->y, 15, pY); sp_384_from_bin(pub->z, 15, one, (int)sizeof(one)); @@ -26953,13 +26785,12 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (priv != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + if (priv != NULL) XFREE(priv, heap, DYNAMIC_TYPE_ECC); - } #endif - sp_384_point_free_15(p, 0, heap); - sp_384_point_free_15(pub, 0, heap); return err; } @@ -26983,33 +26814,35 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* qX, mp_int* qY, mp_int* qZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 15 * 5]; - sp_point_384 pd; - sp_point_384 qd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_384* p; + sp_point_384* p = NULL; +#else + sp_digit tmp[2 * 15 * 5]; + sp_point_384 p[2]; +#endif sp_point_384* q = NULL; int err; - err = sp_384_point_new_15(NULL, pd, p); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_384_point_new_15(NULL, qd, q); + p = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 15 * 5, NULL, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (tmp == NULL) { err = MEMORY_E; } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { + q = p + 1; + sp_384_from_mp(p->x, 15, pX); sp_384_from_mp(p->y, 15, pY); sp_384_from_mp(p->z, 15, pZ); @@ -27030,13 +26863,12 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_384_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_15(q, 0, NULL); - sp_384_point_free_15(p, 0, NULL); return err; } @@ -27055,25 +26887,28 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 15 * 2]; - sp_point_384 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_384* p; - int err; + sp_point_384* p = NULL; +#else + sp_digit tmp[2 * 15 * 2]; + sp_point_384 p[1]; +#endif + int err = MP_OKAY; - err = sp_384_point_new_15(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 15 * 2, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { @@ -27094,12 +26929,12 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_384_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_15(p, 0, NULL); return err; } @@ -27114,25 +26949,29 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, */ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 15 * 6]; - sp_point_384 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_384* p; - int err; + sp_point_384* p = NULL; +#else + sp_digit tmp[2 * 15 * 6]; + sp_point_384 p[1]; +#endif + int err = MP_OKAY; - err = sp_384_point_new_15(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 15 * 6, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { sp_384_from_mp(p->x, 15, pX); @@ -27152,12 +26991,12 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) err = sp_384_to_mp(p->z, pZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_15(p, 0, NULL); return err; } @@ -27170,43 +27009,28 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) */ static int sp_384_mont_sqrt_15(sp_digit* y) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2 * 15]; - sp_digit t2d[2 * 15]; - sp_digit t3d[2 * 15]; - sp_digit t4d[2 * 15]; - sp_digit t5d[2 * 15]; + sp_digit t1[5 * 2 * 15]; #endif - sp_digit* t1; - sp_digit* t2; - sp_digit* t3; - sp_digit* t4; - sp_digit* t5; + sp_digit* t2 = NULL; + sp_digit* t3 = NULL; + sp_digit* t4 = NULL; + sp_digit* t5 = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 15, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 15, NULL, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 15; - t2 = d + 2 * 15; - t3 = d + 4 * 15; - t4 = d + 6 * 15; - t5 = d + 8 * 15; -#else - t1 = t1d; - t2 = t2d; - t3 = t3d; - t4 = t4d; - t5 = t5d; -#endif + t2 = t1 + 2 * 15; + t3 = t1 + 4 * 15; + t4 = t1 + 6 * 15; + t5 = t1 + 8 * 15; { /* t2 = y ^ 0x2 */ @@ -27266,10 +27090,9 @@ static int sp_384_mont_sqrt_15(sp_digit* y) } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -27285,31 +27108,22 @@ static int sp_384_mont_sqrt_15(sp_digit* y) */ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; -#else - sp_digit xd[2 * 15]; - sp_digit yd[2 * 15]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* x = NULL; +#else + sp_digit x[4 * 15]; +#endif sp_digit* y = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 15, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 15, NULL, DYNAMIC_TYPE_ECC); + if (x == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - x = d + 0 * 15; - y = d + 2 * 15; -#else - x = xd; - y = yd; -#endif + y = x + 2 * 15; sp_384_from_mp(x, 15, xm); err = sp_384_mod_mul_norm_15(x, x, p384_mod); @@ -27342,10 +27156,9 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) err = sp_384_to_mp(y, ym); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (x != NULL) + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -28132,34 +27945,25 @@ static int sp_1024_div_42(const sp_digit* a, const sp_digit* d, #endif sp_digit dv; sp_digit r1; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[84]; - sp_digit t2d[42 + 1]; + sp_digit t1[3 * 42 + 1]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 42 + 1), NULL, +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 42 + 1), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (t1 == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = td; - t2 = td + 2 * 42; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 42; dv = d[40]; XMEMCPY(t1, a, sizeof(*t1) * 2U * 42U); @@ -28203,10 +28007,9 @@ static int sp_1024_div_42(const sp_digit* a, const sp_digit* d, r[41] = 0; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -28238,6 +28041,8 @@ static int sp_1024_mod_mul_norm_42(sp_digit* r, const sp_digit* a, return sp_1024_mod_42(r, r, m); } + +#ifdef WOLFCRYPT_HAVE_SAKKE /* Create a new point. * * heap [in] Buffer to allocate dynamic memory from. @@ -28269,8 +28074,8 @@ static int sp_1024_point_new_ex_42(void* heap, sp_point_1024* sp, /* Set pointer to data and return no error. */ #define sp_1024_point_new_42(heap, sp, p) sp_1024_point_new_ex_42((heap), &(sp), &(p)) #endif - - +#endif /* WOLFCRYPT_HAVE_SAKKE */ +#ifdef WOLFCRYPT_HAVE_SAKKE /* Free the point. * * p [in,out] Point to free. @@ -28295,6 +28100,7 @@ static void sp_1024_point_free_42(sp_point_1024* p, int clear, void* heap) #endif (void)heap; } +#endif /* WOLFCRYPT_HAVE_SAKKE */ /* Convert an mp_int to an array of sp_digit. * @@ -29650,12 +29456,12 @@ static int sp_1024_ecc_mulmod_42_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r, static int sp_1024_ecc_mulmod_42(sp_point_1024* r, const sp_point_1024* g, const sp_digit* k, int map, int ct, void* heap) { -#ifdef WOLFSSL_SP_NO_MALLOC +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* t = NULL; + sp_digit* tmp = NULL; +#else sp_point_1024 t[3]; sp_digit tmp[2 * 42 * 5]; -#else - sp_point_1024* t; - sp_digit* tmp; #endif sp_digit n; int i; @@ -29667,14 +29473,17 @@ static int sp_1024_ecc_mulmod_42(sp_point_1024* r, const sp_point_1024* g, (void)ct; (void)heap; -#ifndef WOLFSSL_SP_NO_MALLOC - t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap, + DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 42 * 5, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 42 * 5, heap, + DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -29725,19 +29534,24 @@ static int sp_1024_ecc_mulmod_42(sp_point_1024* r, const sp_point_1024* g, } } -#ifndef WOLFSSL_SP_NO_MALLOC - if (tmp != NULL) { - XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 42 * 5); - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_point_1024) * 3); - XFREE(t, NULL, DYNAMIC_TYPE_ECC); - } -#else - ForceZero(tmp, sizeof(tmp)); - ForceZero(t, sizeof(t)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) #endif + { + ForceZero(tmp, sizeof(sp_digit) * 2 * 42 * 5); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) +#endif + { + ForceZero(t, sizeof(sp_point_1024) * 3); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(t, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -30197,43 +30011,41 @@ static void sp_1024_ecc_recode_7_42(const sp_digit* k, ecc_recode_1024* v) static int sp_1024_ecc_mulmod_win_add_sub_42(sp_point_1024* r, const sp_point_1024* g, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 td[65]; - sp_point_1024 rtd; - sp_point_1024 pd; - sp_digit tmpd[2 * 42 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* t = NULL; + sp_digit* tmp = NULL; +#else + sp_point_1024 t[65+2]; + sp_digit tmp[2 * 42 * 6]; #endif - sp_point_1024* t; - sp_point_1024* rt; + sp_point_1024* rt = NULL; sp_point_1024* p = NULL; - sp_digit* tmp; sp_digit* negy; int i; ecc_recode_1024 v[147]; - int err; + int err = MP_OKAY; /* Constant time used for cache attack resistance implementation. */ (void)ct; (void)heap; - err = sp_1024_point_new_42(heap, rtd, rt); - if (err == MP_OKAY) - err = sp_1024_point_new_42(heap, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 65, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * + (65+2), heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 42 * 6, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; -#else - t = td; - tmp = tmpd; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 42 * 6, + heap, DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif - if (err == MP_OKAY) { + rt = t + 65; + p = t + 65+1; + /* t[0] = {0, 0, 1} * norm */ XMEMSET(&t[0], 0, sizeof(t[0])); t[0].infinity = 1; @@ -30317,14 +30129,12 @@ static int sp_1024_ecc_mulmod_win_add_sub_42(sp_point_1024* r, const sp_point_10 } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); if (tmp != NULL) XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_42(p, 0, heap); - sp_1024_point_free_42(rt, 0, heap); return err; } @@ -30450,29 +30260,30 @@ static void sp_1024_proj_to_affine_42(sp_point_1024* a, sp_digit* t) static int sp_1024_gen_stripe_table_42(const sp_point_1024* a, sp_table_entry_1024* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 td; - sp_point_1024 s1d; - sp_point_1024 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* t = NULL; +#else + sp_point_1024 t[3]; #endif - sp_point_1024* t; sp_point_1024* s1 = NULL; sp_point_1024* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_1024_point_new_42(heap, td, t); - if (err == MP_OKAY) { - err = sp_1024_point_new_42(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_1024_point_new_42(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_1024_mod_mul_norm_42(t->x, a->x, p1024_mod); } if (err == MP_OKAY) { @@ -30517,9 +30328,10 @@ static int sp_1024_gen_stripe_table_42(const sp_point_1024* a, } } - sp_1024_point_free_42(s2, 0, heap); - sp_1024_point_free_42(s1, 0, heap); - sp_1024_point_free_42( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -30545,19 +30357,19 @@ static int sp_1024_ecc_mulmod_stripe_42(sp_point_1024* r, const sp_point_1024* g const sp_table_entry_1024* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 rtd; - sp_point_1024 pd; - sp_digit td[2 * 42 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_1024 rt[2]; + sp_digit t[2 * 42 * 5]; #endif - sp_point_1024* rt; sp_point_1024* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -30565,21 +30377,22 @@ static int sp_1024_ecc_mulmod_stripe_42(sp_point_1024* r, const sp_point_1024* g (void)heap; - err = sp_1024_point_new_42(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_1024_point_new_42(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 42 * 5, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 42 * 5, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p1024_norm_mod, sizeof(p1024_norm_mod)); XMEMCPY(rt->z, p1024_norm_mod, sizeof(p1024_norm_mod)); @@ -30615,13 +30428,12 @@ static int sp_1024_ecc_mulmod_stripe_42(sp_point_1024* r, const sp_point_1024* g } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_42(p, 0, heap); - sp_1024_point_free_42(rt, 0, heap); return err; } @@ -30785,25 +30597,28 @@ static int sp_1024_ecc_mulmod_42(sp_point_1024* r, const sp_point_1024* g, const int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_digit kd[42]; -#endif - sp_point_1024* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; sp_digit* k = NULL; +#else + sp_point_1024 point[1]; + sp_digit k[42]; +#endif int err = MP_OKAY; - err = sp_1024_point_new_42(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 42, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_1024_from_mp(k, 42, km); sp_1024_point_from_ecc_point_42(point, gm); @@ -30814,12 +30629,12 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, err = sp_1024_point_to_ecc_point_42(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_42(point, 0, heap); return err; } @@ -34712,26 +34527,28 @@ static int sp_1024_ecc_mulmod_base_42(sp_point_1024* r, const sp_digit* k, */ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_digit kd[42]; -#endif - sp_point_1024* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; sp_digit* k = NULL; +#else + sp_point_1024 point[1]; + sp_digit k[42]; +#endif int err = MP_OKAY; - err = sp_1024_point_new_42(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 42, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_1024_from_mp(k, 42, km); @@ -34741,12 +34558,12 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) err = sp_1024_point_to_ecc_point_42(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_42(point, 0, heap); return err; } @@ -34765,37 +34582,35 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_point_1024 a; - sp_digit kd[42]; - sp_digit t[42 * 2 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; + sp_digit* k = NULL; +#else + sp_point_1024 point[2]; + sp_digit k[42 + 42 * 2 * 5]; #endif - sp_point_1024* point; sp_point_1024* addP = NULL; sp_digit* tmp = NULL; - sp_digit* k = NULL; int err = MP_OKAY; - err = sp_1024_point_new_42(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_1024_point_new_42(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (42 + 42 * 2 * 5), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (42 + 42 * 2 * 5), + heap, DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 42; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 42; + sp_1024_from_mp(k, 42, km); sp_1024_point_from_ecc_point_42(addP, am); } @@ -34821,13 +34636,12 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, err = sp_1024_point_to_ecc_point_42(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_42(addP, 0, heap); - sp_1024_point_free_42(point, 0, heap); return err; } @@ -34845,29 +34659,43 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, void* heap) { - int err = 0; -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_point_1024* point = NULL; + sp_digit* t = NULL; +#else + sp_point_1024 point[1]; sp_digit t[5 * 2 * 42]; +#endif + int err = MP_OKAY; if ((gm == NULL) || (len == NULL)) { err = BAD_FUNC_ARG; } - if ((err == 0) && (table == NULL)) { + if ((err == MP_OKAY) && (table == NULL)) { *len = sizeof(sp_table_entry_1024) * 256; err = LENGTH_ONLY_E; } - if ((err == 0) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { + if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { err = BUFFER_E; } - if (err == 0) { - err = sp_1024_point_new_42(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; } - if (err == 0) { + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 42, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; + } +#endif + + if (err == MP_OKAY) { sp_1024_point_from_ecc_point_42(point, gm); err = sp_1024_gen_stripe_table_42(point, (sp_table_entry_1024*)table, t, heap); @@ -34876,7 +34704,12 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, *len = sizeof(sp_table_entry_1024) * 256; } - sp_1024_point_free_42(point, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -34929,24 +34762,28 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_digit kd[42]; -#endif - sp_point_1024* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; sp_digit* k = NULL; +#else + sp_point_1024 point[1]; + sp_digit k[42]; +#endif int err = MP_OKAY; - err = sp_1024_point_new_42(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 42, heap, DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_1024_from_mp(k, 42, km); sp_1024_point_from_ecc_point_42(point, gm); @@ -34963,12 +34800,12 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, err = sp_1024_point_to_ecc_point_42(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_42(point, 0, heap); return err; } @@ -38421,33 +38258,24 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n) static int sp_1024_ecc_is_point_42(const sp_point_1024* point, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2*42]; - sp_digit t2d[2*42]; + sp_digit t1[42 * 4]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int32_t n; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 42 * 4, heap, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 42 * 4, heap, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif (void)heap; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 42; - t2 = d + 2 * 42; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 42; sp_1024_sqr_42(t1, point->y); (void)sp_1024_mod_42(t1, t1, p1024_mod); @@ -38471,10 +38299,9 @@ static int sp_1024_ecc_is_point_42(const sp_point_1024* point, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -38489,14 +38316,21 @@ static int sp_1024_ecc_is_point_42(const sp_point_1024* point, */ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 pubd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* pub = NULL; +#else + sp_point_1024 pub[1]; +#endif + const byte one[1] = { 1 }; + int err = MP_OKAY; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), NULL, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; #endif - sp_point_1024* pub; - byte one[1] = { 1 }; - int err; - err = sp_1024_point_new_42(NULL, pubd, pub); if (err == MP_OKAY) { sp_1024_from_mp(pub->x, 42, pX); sp_1024_from_mp(pub->y, 42, pY); @@ -38505,7 +38339,10 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) err = sp_1024_ecc_is_point_42(pub, NULL); } - sp_1024_point_free_42(pub, 0, NULL); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -38524,45 +38361,45 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, const mp_int* privm, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit privd[42]; - sp_point_1024 pubd; - sp_point_1024 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* priv = NULL; - sp_point_1024* pub; - sp_point_1024* p = NULL; - byte one[1] = { 1 }; - int err; - - err = sp_1024_point_new_42(heap, pubd, pub); - if (err == MP_OKAY) { - err = sp_1024_point_new_42(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY && privm) { - priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 42, heap, - DYNAMIC_TYPE_ECC); - if (priv == NULL) { - err = MEMORY_E; - } - } + sp_point_1024* pub = NULL; +#else + sp_digit priv[42]; + sp_point_1024 pub[2]; #endif + sp_point_1024* p = NULL; + const byte one[1] = { 1 }; + int err = MP_OKAY; + /* Quick check the lengs of public key ordinates and private key are in * range. Proper check later. */ - if ((err == MP_OKAY) && ((mp_count_bits(pX) > 1024) || + if (((mp_count_bits(pX) > 1024) || (mp_count_bits(pY) > 1024) || ((privm != NULL) && (mp_count_bits(privm) > 1024)))) { err = ECC_OUT_OF_RANGE_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - priv = privd; + pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY && privm) { + priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 42, heap, + DYNAMIC_TYPE_ECC); + if (priv == NULL) + err = MEMORY_E; + } #endif + if (err == MP_OKAY) { + p = pub + 1; + sp_1024_from_mp(pub->x, 42, pX); sp_1024_from_mp(pub->y, 42, pY); sp_1024_from_bin(pub->z, 42, one, (int)sizeof(one)); @@ -38611,13 +38448,12 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (priv != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + if (priv != NULL) XFREE(priv, heap, DYNAMIC_TYPE_ECC); - } #endif - sp_1024_point_free_42(p, 0, heap); - sp_1024_point_free_42(pub, 0, heap); return err; } diff --git a/wolfcrypt/src/sp_c64.c b/wolfcrypt/src/sp_c64.c index 253bc648b..297311504 100644 --- a/wolfcrypt/src/sp_c64.c +++ b/wolfcrypt/src/sp_c64.c @@ -1435,34 +1435,25 @@ static int sp_2048_div_18(const sp_digit* a, const sp_digit* d, #endif sp_digit dv; sp_digit r1; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[36]; - sp_digit t2d[18 + 1]; + sp_digit t1[3 * 18 + 1]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 18 + 1), NULL, +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 18 + 1), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (t1 == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = td; - t2 = td + 2 * 18; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 18; dv = d[17]; XMEMCPY(t1, a, sizeof(*t1) * 2U * 18U); @@ -1505,10 +1496,9 @@ static int sp_2048_div_18(const sp_digit* a, const sp_digit* d, (sp_digit)1 : (sp_digit)0)); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -1539,13 +1529,13 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e, const sp_digit* m, int reduceA) { #ifdef WOLFSSL_SP_SMALL -#if !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* td = NULL; #else sp_digit td[3 * 36]; #endif - sp_digit* t[3]; - sp_digit* norm; + sp_digit* t[3] = {0, 0, 0}; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -1553,22 +1543,17 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; -#if !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 18 * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<3; i++) { -#if !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + (i * 18 * 2); -#else - t[i] = &td[i * 18 * 2]; -#endif XMEMSET(t[i], 0, sizeof(sp_digit) * 18U * 2U); } @@ -1623,21 +1608,20 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e, } -#if !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; #elif !defined(WC_NO_CACHE_RESISTANT) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[3 * 36]; #endif - sp_digit* t[3]; - sp_digit* norm; + sp_digit* t[3] = {0, 0, 0}; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -1645,22 +1629,17 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 18 * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<3; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + (i * 18 * 2); -#else - t[i] = &td[i * 18 * 2]; -#endif } sp_2048_mont_setup(m, &mp); @@ -1714,22 +1693,21 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMCPY(r, t[0], sizeof(*r) * 18 * 2); } -#ifdef WOLFSSL_SMALL_STACK - if (td != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; #else #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[(32 * 36) + 36]; #endif sp_digit* t[32]; sp_digit* rt = NULL; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -1740,22 +1718,15 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 36) + 36), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) for (i=0; i<32; i++) t[i] = td + i * 36; rt = td + 1152; -#else - for (i=0; i<32; i++) - t[i] = &td[i * 36]; - rt = &td[1152]; -#endif sp_2048_mont_setup(m, &mp); sp_2048_mont_norm_18(norm, m); @@ -1852,9 +1823,8 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -2345,34 +2315,25 @@ static int sp_2048_div_36(const sp_digit* a, const sp_digit* d, #endif sp_digit dv; sp_digit r1; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[72]; - sp_digit t2d[36 + 1]; + sp_digit t1[3 * 36 + 1]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 36 + 1), NULL, +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 36 + 1), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (t1 == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = td; - t2 = td + 2 * 36; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 36; dv = d[35]; XMEMCPY(t1, a, sizeof(*t1) * 2U * 36U); @@ -2415,10 +2376,9 @@ static int sp_2048_div_36(const sp_digit* a, const sp_digit* d, (sp_digit)1 : (sp_digit)0)); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -2451,13 +2411,13 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, const sp_digit* m, int reduceA) { #ifdef WOLFSSL_SP_SMALL -#if !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* td = NULL; #else sp_digit td[3 * 72]; #endif - sp_digit* t[3]; - sp_digit* norm; + sp_digit* t[3] = {0, 0, 0}; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -2465,22 +2425,17 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; -#if !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 36 * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<3; i++) { -#if !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + (i * 36 * 2); -#else - t[i] = &td[i * 36 * 2]; -#endif XMEMSET(t[i], 0, sizeof(sp_digit) * 36U * 2U); } @@ -2535,21 +2490,20 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, } -#if !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; #elif !defined(WC_NO_CACHE_RESISTANT) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[3 * 72]; #endif - sp_digit* t[3]; - sp_digit* norm; + sp_digit* t[3] = {0, 0, 0}; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -2557,22 +2511,17 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 36 * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<3; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + (i * 36 * 2); -#else - t[i] = &td[i * 36 * 2]; -#endif } sp_2048_mont_setup(m, &mp); @@ -2626,22 +2575,21 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMCPY(r, t[0], sizeof(*r) * 36 * 2); } -#ifdef WOLFSSL_SMALL_STACK - if (td != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; #else #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[(32 * 72) + 72]; #endif sp_digit* t[32]; sp_digit* rt = NULL; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -2652,22 +2600,15 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 72) + 72), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) for (i=0; i<32; i++) t[i] = td + i * 72; rt = td + 2304; -#else - for (i=0; i<32; i++) - t[i] = &td[i * 72]; - rt = &td[2304]; -#endif sp_2048_mont_setup(m, &mp); sp_2048_mont_norm_36(norm, m); @@ -2764,9 +2705,8 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -2792,8 +2732,11 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, const mp_int* mm, byte* out, word32* outLen) { #ifdef WOLFSSL_SP_SMALL - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[36 * 5]; +#endif sp_digit* m = NULL; sp_digit* r = NULL; sp_digit* norm = NULL; @@ -2821,15 +2764,16 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 36 * 5, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 36 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) + if (a == NULL) err = MEMORY_E; } +#endif if (err == MP_OKAY) { - a = d; r = a + 36 * 2; m = r + 36 * 2; norm = r; @@ -2882,18 +2826,17 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, *outLen = 256; } - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); +#endif return err; #else -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit ad[72]; - sp_digit md[36]; - sp_digit rd[72]; -#else +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[36 * 5]; #endif sp_digit* a = NULL; sp_digit* m = NULL; @@ -2919,27 +2862,20 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 36 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) { + if (d == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { a = d; r = a + 36 * 2; m = r + 36 * 2; - } -#else - a = ad; - m = md; - r = rd; -#endif - if (err == MP_OKAY) { sp_2048_from_bin(a, 36, in, inLen); #if DIGIT_BIT >= 57 e[0] = (sp_digit)em->dp[0]; @@ -3003,10 +2939,9 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, *outLen = 256; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } #endif return err; @@ -3038,9 +2973,13 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, const mp_int* qim, const mp_int* mm, byte* out, word32* outLen) { #if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM) -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* a = NULL; +#if defined(WOLFSSL_SP_SMALL) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[36 * 4]; +#endif + sp_digit* a = NULL; sp_digit* m = NULL; sp_digit* r = NULL; int err = MP_OKAY; @@ -3069,13 +3008,15 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 36 * 4, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) { + if (d == NULL) err = MEMORY_E; - } } +#endif + if (err == MP_OKAY) { a = d + 36; m = a + 72; @@ -3086,22 +3027,34 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, sp_2048_from_mp(m, 36, mm); err = sp_2048_mod_exp_36(r, a, d, 2048, m, 0); } + if (err == MP_OKAY) { sp_2048_to_bin(r, out); *outLen = 256; } - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 36); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) +#endif + { + /* only "a" and "r" are sensitive and need zeroized (same pointer) */ + if (a != NULL) + ForceZero(a, sizeof(sp_digit) * 36); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#endif } return err; #else - sp_digit a[72]; - sp_digit d[36]; - sp_digit m[36]; - sp_digit* r = a; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* d = NULL; +#else + sp_digit d[36 * 4]; +#endif + sp_digit* a = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; int err = MP_OKAY; (void)pm; @@ -3128,7 +3081,20 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { + d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 36 * 4, NULL, + DYNAMIC_TYPE_RSA); + if (d == NULL) + err = MEMORY_E; + } +#endif + + if (err == MP_OKAY) { + a = d + 36; + m = a + 72; + r = a; + sp_2048_from_bin(a, 36, in, inLen); sp_2048_from_mp(d, 36, dm); sp_2048_from_mp(m, 36, mm); @@ -3140,14 +3106,27 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, *outLen = 256; } - XMEMSET(d, 0, sizeof(sp_digit) * 36); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) +#endif + { + /* only "a" and "r" are sensitive and need zeroized (same pointer) */ + if (a != NULL) + ForceZero(a, sizeof(sp_digit) * 36); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#endif + } return err; -#endif /* WOLFSSL_SP_SMALL | defined(WOLFSSL_SMALL_STACK) */ +#endif /* WOLFSSL_SP_SMALL */ #else -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* t = NULL; +#if defined(WOLFSSL_SP_SMALL) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[18 * 11]; +#endif sp_digit* p = NULL; sp_digit* q = NULL; sp_digit* dp = NULL; @@ -3176,22 +3155,21 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18 * 11, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18 * 11, NULL, DYNAMIC_TYPE_RSA); - if (t == NULL) { + if (a == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { - a = t; p = a + 36 * 2; q = p + 18; qi = dq = dp = q + 18; tmpa = qi + 18; tmpb = tmpa + 36; - - r = t + 36; + r = a + 36; sp_2048_from_bin(a, 36, in, inLen); sp_2048_from_mp(p, 18, pm); @@ -3222,22 +3200,31 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, *outLen = 256; } - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_digit) * 18 * 11); - XFREE(t, NULL, DYNAMIC_TYPE_RSA); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) +#endif + { + ForceZero(a, sizeof(sp_digit) * 18 * 11); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); +#endif } return err; #else - sp_digit a[36 * 2]; - sp_digit p[18]; - sp_digit q[18]; - sp_digit dp[18]; - sp_digit dq[18]; - sp_digit qi[18]; - sp_digit tmpa[36]; - sp_digit tmpb[36]; - sp_digit* r = a; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* a = NULL; +#else + sp_digit a[18 * 13]; +#endif + sp_digit* p = NULL; + sp_digit* q = NULL; + sp_digit* dp = NULL; + sp_digit* dq = NULL; + sp_digit* qi = NULL; + sp_digit* tmpa = NULL; + sp_digit* tmpb = NULL; + sp_digit* r = NULL; int err = MP_OKAY; (void)dm; @@ -3258,7 +3245,25 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18 * 13, NULL, + DYNAMIC_TYPE_RSA); + if (a == NULL) + err = MEMORY_E; + } +#endif + + if (err == MP_OKAY) { + p = a + 36 * 2; + q = p + 18; + dp = q + 18; + dq = dp + 18; + qi = dq + 18; + tmpa = qi + 18; + tmpb = tmpa + 36; + r = a; + sp_2048_from_bin(a, 36, in, inLen); sp_2048_from_mp(p, 18, pm); sp_2048_from_mp(q, 18, qm); @@ -3289,17 +3294,19 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, *outLen = 256; } - XMEMSET(tmpa, 0, sizeof(tmpa)); - XMEMSET(tmpb, 0, sizeof(tmpb)); - XMEMSET(p, 0, sizeof(p)); - XMEMSET(q, 0, sizeof(q)); - XMEMSET(dp, 0, sizeof(dp)); - XMEMSET(dq, 0, sizeof(dq)); - XMEMSET(qi, 0, sizeof(qi)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) +if (a != NULL) +#endif + { + ForceZero(a, sizeof(sp_digit) * 18 * 13); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); + #endif + } return err; -#endif /* WOLFSSL_SP_SMALL | defined(WOLFSSL_SMALL_STACK) */ -#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */ +#endif /* WOLFSSL_SP_SMALL */ +#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */ } #endif /* !WOLFSSL_RSA_PUBLIC_ONLY */ @@ -3388,11 +3395,14 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod, { #ifdef WOLFSSL_SP_SMALL int err = MP_OKAY; - sp_digit* d = NULL; - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; +#else + sp_digit b[36 * 4]; +#endif + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; int expBits = mp_count_bits(exp); if (mp_count_bits(base) > 2048) { @@ -3408,16 +3418,16 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod, err = MP_VAL; } - +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 36 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) { + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 36 * 4, NULL, + DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { - b = d; e = b + 36 * 2; m = e + 36; r = b; @@ -3433,23 +3443,27 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod, err = sp_2048_to_mp(r, res); } - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 36U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) +#endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 36U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif } return err; #else -#ifndef WOLFSSL_SMALL_STACK - sp_digit bd[72]; - sp_digit ed[36]; - sp_digit md[36]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; #else - sp_digit* d = NULL; + sp_digit b[36 * 4]; #endif - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; int err = MP_OKAY; int expBits = mp_count_bits(exp); @@ -3466,26 +3480,19 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod, err = MP_VAL; } -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 36 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 36 * 4, NULL, DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - b = d; - e = b + 36 * 2; - m = e + 36; - r = b; - } -#else - r = b = bd; - e = ed; - m = md; #endif if (err == MP_OKAY) { + e = b + 36 * 2; + m = e + 36; + r = b; + sp_2048_from_mp(b, 36, base); sp_2048_from_mp(e, 36, exp); sp_2048_from_mp(m, 36, mod); @@ -3498,14 +3505,17 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod, } -#ifdef WOLFSSL_SMALL_STACK - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 36U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 36U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) #endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 36U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif + } return err; #endif @@ -3615,12 +3625,12 @@ SP_NOINLINE static void sp_2048_lshift_36(sp_digit* r, const sp_digit* a, static int sp_2048_mod_exp_2_36(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[109]; #endif - sp_digit* norm; - sp_digit* tmp; + sp_digit* norm = NULL; + sp_digit* tmp = NULL; sp_digit mp = 1; sp_digit n; sp_digit o; @@ -3632,20 +3642,14 @@ static int sp_2048_mod_exp_2_36(sp_digit* r, const sp_digit* e, int bits, const #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 109, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) tmp = td + 72; XMEMSET(td, 0, sizeof(sp_digit) * 109); -#else - tmp = &td[72]; - XMEMSET(td, 0, sizeof(td)); -#endif sp_2048_mont_setup(m, &mp); sp_2048_mont_norm_36(norm, m); @@ -3704,9 +3708,8 @@ static int sp_2048_mod_exp_2_36(sp_digit* r, const sp_digit* e, int bits, const } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -3731,11 +3734,14 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen, { #ifdef WOLFSSL_SP_SMALL int err = MP_OKAY; - sp_digit* d = NULL; - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; +#else + sp_digit b[36 * 4]; +#endif + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; word32 i; if (mp_count_bits(base) > 2048) { @@ -3751,15 +3757,15 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen, err = MP_VAL; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 36 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) { + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 36 * 4, NULL, DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { - b = d; e = b + 36 * 2; m = e + 36; r = b; @@ -3787,23 +3793,27 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen, XMEMMOVE(out, out + i, *outLen); } - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 36U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) +#endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 36U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif } return err; #else -#ifndef WOLFSSL_SMALL_STACK - sp_digit bd[72]; - sp_digit ed[36]; - sp_digit md[36]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; #else - sp_digit* d = NULL; + sp_digit b[36 * 4]; #endif - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; word32 i; int err = MP_OKAY; @@ -3820,26 +3830,20 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen, err = MP_VAL; } -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 36 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 36 * 4, NULL, + DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - b = d; - e = b + 36 * 2; - m = e + 36; - r = b; - } -#else - r = b = bd; - e = ed; - m = md; #endif if (err == MP_OKAY) { + e = b + 36 * 2; + m = e + 36; + r = b; + sp_2048_from_mp(b, 36, base); sp_2048_from_bin(e, 36, exp, expLen); sp_2048_from_mp(m, 36, mod); @@ -3867,14 +3871,17 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen, XMEMMOVE(out, out + i, *outLen); } -#ifdef WOLFSSL_SMALL_STACK - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 36U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 36U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) #endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 36U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif + } return err; #endif @@ -3895,11 +3902,14 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod, { #ifdef WOLFSSL_SP_SMALL int err = MP_OKAY; - sp_digit* d = NULL; - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; +#else + sp_digit b[18 * 4]; +#endif + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; int expBits = mp_count_bits(exp); if (mp_count_bits(base) > 1024) { @@ -3915,16 +3925,16 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod, err = MP_VAL; } - +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 18 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) { + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18 * 4, NULL, + DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { - b = d; e = b + 18 * 2; m = e + 18; r = b; @@ -3941,23 +3951,27 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod, err = sp_2048_to_mp(r, res); } - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 18U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) +#endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 36U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif } return err; #else -#ifndef WOLFSSL_SMALL_STACK - sp_digit bd[36]; - sp_digit ed[18]; - sp_digit md[18]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; #else - sp_digit* d = NULL; + sp_digit b[18 * 4]; #endif - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; int err = MP_OKAY; int expBits = mp_count_bits(exp); @@ -3974,26 +3988,19 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod, err = MP_VAL; } -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 18 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18 * 4, NULL, DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - b = d; - e = b + 18 * 2; - m = e + 18; - r = b; - } -#else - r = b = bd; - e = ed; - m = md; #endif if (err == MP_OKAY) { + e = b + 18 * 2; + m = e + 18; + r = b; + sp_2048_from_mp(b, 18, base); sp_2048_from_mp(e, 18, exp); sp_2048_from_mp(m, 18, mod); @@ -4007,14 +4014,17 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod, } -#ifdef WOLFSSL_SMALL_STACK - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 18U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 18U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) #endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 36U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif + } return err; #endif @@ -5648,34 +5658,25 @@ static int sp_3072_div_27(const sp_digit* a, const sp_digit* d, #endif sp_digit dv; sp_digit r1; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[54]; - sp_digit t2d[27 + 1]; + sp_digit t1[3 * 27 + 1]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 27 + 1), NULL, +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 27 + 1), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (t1 == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = td; - t2 = td + 2 * 27; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 27; dv = d[26]; XMEMCPY(t1, a, sizeof(*t1) * 2U * 27U); @@ -5718,10 +5719,9 @@ static int sp_3072_div_27(const sp_digit* a, const sp_digit* d, (sp_digit)1 : (sp_digit)0)); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5752,13 +5752,13 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e, const sp_digit* m, int reduceA) { #ifdef WOLFSSL_SP_SMALL -#if !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* td = NULL; #else sp_digit td[3 * 54]; #endif - sp_digit* t[3]; - sp_digit* norm; + sp_digit* t[3] = {0, 0, 0}; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -5766,22 +5766,17 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; -#if !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 27 * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<3; i++) { -#if !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + (i * 27 * 2); -#else - t[i] = &td[i * 27 * 2]; -#endif XMEMSET(t[i], 0, sizeof(sp_digit) * 27U * 2U); } @@ -5836,21 +5831,20 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e, } -#if !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; #elif !defined(WC_NO_CACHE_RESISTANT) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[3 * 54]; #endif - sp_digit* t[3]; - sp_digit* norm; + sp_digit* t[3] = {0, 0, 0}; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -5858,22 +5852,17 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 27 * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<3; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + (i * 27 * 2); -#else - t[i] = &td[i * 27 * 2]; -#endif } sp_3072_mont_setup(m, &mp); @@ -5927,22 +5916,21 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMCPY(r, t[0], sizeof(*r) * 27 * 2); } -#ifdef WOLFSSL_SMALL_STACK - if (td != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; #else #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[(32 * 54) + 54]; #endif sp_digit* t[32]; sp_digit* rt = NULL; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -5953,22 +5941,15 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 54) + 54), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) for (i=0; i<32; i++) t[i] = td + i * 54; rt = td + 1728; -#else - for (i=0; i<32; i++) - t[i] = &td[i * 54]; - rt = &td[1728]; -#endif sp_3072_mont_setup(m, &mp); sp_3072_mont_norm_27(norm, m); @@ -6065,9 +6046,8 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -6563,34 +6543,25 @@ static int sp_3072_div_54(const sp_digit* a, const sp_digit* d, #endif sp_digit dv; sp_digit r1; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[108]; - sp_digit t2d[54 + 1]; + sp_digit t1[3 * 54 + 1]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 54 + 1), NULL, +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 54 + 1), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (t1 == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = td; - t2 = td + 2 * 54; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 54; dv = d[53]; XMEMCPY(t1, a, sizeof(*t1) * 2U * 54U); @@ -6633,10 +6604,9 @@ static int sp_3072_div_54(const sp_digit* a, const sp_digit* d, (sp_digit)1 : (sp_digit)0)); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -6669,13 +6639,13 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e, const sp_digit* m, int reduceA) { #ifdef WOLFSSL_SP_SMALL -#if !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* td = NULL; #else sp_digit td[3 * 108]; #endif - sp_digit* t[3]; - sp_digit* norm; + sp_digit* t[3] = {0, 0, 0}; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -6683,22 +6653,17 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; -#if !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 54 * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<3; i++) { -#if !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + (i * 54 * 2); -#else - t[i] = &td[i * 54 * 2]; -#endif XMEMSET(t[i], 0, sizeof(sp_digit) * 54U * 2U); } @@ -6753,21 +6718,20 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e, } -#if !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; #elif !defined(WC_NO_CACHE_RESISTANT) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[3 * 108]; #endif - sp_digit* t[3]; - sp_digit* norm; + sp_digit* t[3] = {0, 0, 0}; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -6775,22 +6739,17 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 54 * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<3; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + (i * 54 * 2); -#else - t[i] = &td[i * 54 * 2]; -#endif } sp_3072_mont_setup(m, &mp); @@ -6844,22 +6803,21 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMCPY(r, t[0], sizeof(*r) * 54 * 2); } -#ifdef WOLFSSL_SMALL_STACK - if (td != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; #else #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[(32 * 108) + 108]; #endif sp_digit* t[32]; sp_digit* rt = NULL; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -6870,22 +6828,15 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 108) + 108), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) for (i=0; i<32; i++) t[i] = td + i * 108; rt = td + 3456; -#else - for (i=0; i<32; i++) - t[i] = &td[i * 108]; - rt = &td[3456]; -#endif sp_3072_mont_setup(m, &mp); sp_3072_mont_norm_54(norm, m); @@ -6982,9 +6933,8 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -7010,8 +6960,11 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, const mp_int* mm, byte* out, word32* outLen) { #ifdef WOLFSSL_SP_SMALL - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[54 * 5]; +#endif sp_digit* m = NULL; sp_digit* r = NULL; sp_digit* norm = NULL; @@ -7039,15 +6992,16 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 54 * 5, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 54 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) + if (a == NULL) err = MEMORY_E; } +#endif if (err == MP_OKAY) { - a = d; r = a + 54 * 2; m = r + 54 * 2; norm = r; @@ -7100,18 +7054,17 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, *outLen = 384; } - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); +#endif return err; #else -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit ad[108]; - sp_digit md[54]; - sp_digit rd[108]; -#else +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[54 * 5]; #endif sp_digit* a = NULL; sp_digit* m = NULL; @@ -7137,27 +7090,20 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 54 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) { + if (d == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { a = d; r = a + 54 * 2; m = r + 54 * 2; - } -#else - a = ad; - m = md; - r = rd; -#endif - if (err == MP_OKAY) { sp_3072_from_bin(a, 54, in, inLen); #if DIGIT_BIT >= 57 e[0] = (sp_digit)em->dp[0]; @@ -7221,10 +7167,9 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, *outLen = 384; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } #endif return err; @@ -7256,9 +7201,13 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, const mp_int* qim, const mp_int* mm, byte* out, word32* outLen) { #if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM) -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* a = NULL; +#if defined(WOLFSSL_SP_SMALL) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[54 * 4]; +#endif + sp_digit* a = NULL; sp_digit* m = NULL; sp_digit* r = NULL; int err = MP_OKAY; @@ -7287,13 +7236,15 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 54 * 4, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) { + if (d == NULL) err = MEMORY_E; - } } +#endif + if (err == MP_OKAY) { a = d + 54; m = a + 108; @@ -7304,22 +7255,34 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, sp_3072_from_mp(m, 54, mm); err = sp_3072_mod_exp_54(r, a, d, 3072, m, 0); } + if (err == MP_OKAY) { sp_3072_to_bin(r, out); *outLen = 384; } - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 54); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) +#endif + { + /* only "a" and "r" are sensitive and need zeroized (same pointer) */ + if (a != NULL) + ForceZero(a, sizeof(sp_digit) * 54); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#endif } return err; #else - sp_digit a[108]; - sp_digit d[54]; - sp_digit m[54]; - sp_digit* r = a; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* d = NULL; +#else + sp_digit d[54 * 4]; +#endif + sp_digit* a = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; int err = MP_OKAY; (void)pm; @@ -7346,7 +7309,20 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { + d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 54 * 4, NULL, + DYNAMIC_TYPE_RSA); + if (d == NULL) + err = MEMORY_E; + } +#endif + + if (err == MP_OKAY) { + a = d + 54; + m = a + 108; + r = a; + sp_3072_from_bin(a, 54, in, inLen); sp_3072_from_mp(d, 54, dm); sp_3072_from_mp(m, 54, mm); @@ -7358,14 +7334,27 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, *outLen = 384; } - XMEMSET(d, 0, sizeof(sp_digit) * 54); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) +#endif + { + /* only "a" and "r" are sensitive and need zeroized (same pointer) */ + if (a != NULL) + ForceZero(a, sizeof(sp_digit) * 54); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#endif + } return err; -#endif /* WOLFSSL_SP_SMALL | defined(WOLFSSL_SMALL_STACK) */ +#endif /* WOLFSSL_SP_SMALL */ #else -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* t = NULL; +#if defined(WOLFSSL_SP_SMALL) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[27 * 11]; +#endif sp_digit* p = NULL; sp_digit* q = NULL; sp_digit* dp = NULL; @@ -7394,22 +7383,21 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 27 * 11, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 27 * 11, NULL, DYNAMIC_TYPE_RSA); - if (t == NULL) { + if (a == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { - a = t; p = a + 54 * 2; q = p + 27; qi = dq = dp = q + 27; tmpa = qi + 27; tmpb = tmpa + 54; - - r = t + 54; + r = a + 54; sp_3072_from_bin(a, 54, in, inLen); sp_3072_from_mp(p, 27, pm); @@ -7440,22 +7428,31 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, *outLen = 384; } - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_digit) * 27 * 11); - XFREE(t, NULL, DYNAMIC_TYPE_RSA); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) +#endif + { + ForceZero(a, sizeof(sp_digit) * 27 * 11); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); +#endif } return err; #else - sp_digit a[54 * 2]; - sp_digit p[27]; - sp_digit q[27]; - sp_digit dp[27]; - sp_digit dq[27]; - sp_digit qi[27]; - sp_digit tmpa[54]; - sp_digit tmpb[54]; - sp_digit* r = a; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* a = NULL; +#else + sp_digit a[27 * 13]; +#endif + sp_digit* p = NULL; + sp_digit* q = NULL; + sp_digit* dp = NULL; + sp_digit* dq = NULL; + sp_digit* qi = NULL; + sp_digit* tmpa = NULL; + sp_digit* tmpb = NULL; + sp_digit* r = NULL; int err = MP_OKAY; (void)dm; @@ -7476,7 +7473,25 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 27 * 13, NULL, + DYNAMIC_TYPE_RSA); + if (a == NULL) + err = MEMORY_E; + } +#endif + + if (err == MP_OKAY) { + p = a + 54 * 2; + q = p + 27; + dp = q + 27; + dq = dp + 27; + qi = dq + 27; + tmpa = qi + 27; + tmpb = tmpa + 54; + r = a; + sp_3072_from_bin(a, 54, in, inLen); sp_3072_from_mp(p, 27, pm); sp_3072_from_mp(q, 27, qm); @@ -7507,17 +7522,19 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, *outLen = 384; } - XMEMSET(tmpa, 0, sizeof(tmpa)); - XMEMSET(tmpb, 0, sizeof(tmpb)); - XMEMSET(p, 0, sizeof(p)); - XMEMSET(q, 0, sizeof(q)); - XMEMSET(dp, 0, sizeof(dp)); - XMEMSET(dq, 0, sizeof(dq)); - XMEMSET(qi, 0, sizeof(qi)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) +if (a != NULL) +#endif + { + ForceZero(a, sizeof(sp_digit) * 27 * 13); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); + #endif + } return err; -#endif /* WOLFSSL_SP_SMALL | defined(WOLFSSL_SMALL_STACK) */ -#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */ +#endif /* WOLFSSL_SP_SMALL */ +#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */ } #endif /* !WOLFSSL_RSA_PUBLIC_ONLY */ @@ -7606,11 +7623,14 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod, { #ifdef WOLFSSL_SP_SMALL int err = MP_OKAY; - sp_digit* d = NULL; - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; +#else + sp_digit b[54 * 4]; +#endif + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; int expBits = mp_count_bits(exp); if (mp_count_bits(base) > 3072) { @@ -7626,16 +7646,16 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod, err = MP_VAL; } - +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 54 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) { + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 54 * 4, NULL, + DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { - b = d; e = b + 54 * 2; m = e + 54; r = b; @@ -7651,23 +7671,27 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod, err = sp_3072_to_mp(r, res); } - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 54U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) +#endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 54U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif } return err; #else -#ifndef WOLFSSL_SMALL_STACK - sp_digit bd[108]; - sp_digit ed[54]; - sp_digit md[54]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; #else - sp_digit* d = NULL; + sp_digit b[54 * 4]; #endif - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; int err = MP_OKAY; int expBits = mp_count_bits(exp); @@ -7684,26 +7708,19 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod, err = MP_VAL; } -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 54 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 54 * 4, NULL, DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - b = d; - e = b + 54 * 2; - m = e + 54; - r = b; - } -#else - r = b = bd; - e = ed; - m = md; #endif if (err == MP_OKAY) { + e = b + 54 * 2; + m = e + 54; + r = b; + sp_3072_from_mp(b, 54, base); sp_3072_from_mp(e, 54, exp); sp_3072_from_mp(m, 54, mod); @@ -7716,14 +7733,17 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod, } -#ifdef WOLFSSL_SMALL_STACK - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 54U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 54U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) #endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 54U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif + } return err; #endif @@ -7869,12 +7889,12 @@ SP_NOINLINE static void sp_3072_lshift_54(sp_digit* r, const sp_digit* a, static int sp_3072_mod_exp_2_54(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[163]; #endif - sp_digit* norm; - sp_digit* tmp; + sp_digit* norm = NULL; + sp_digit* tmp = NULL; sp_digit mp = 1; sp_digit n; sp_digit o; @@ -7886,20 +7906,14 @@ static int sp_3072_mod_exp_2_54(sp_digit* r, const sp_digit* e, int bits, const #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 163, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) tmp = td + 108; XMEMSET(td, 0, sizeof(sp_digit) * 163); -#else - tmp = &td[108]; - XMEMSET(td, 0, sizeof(td)); -#endif sp_3072_mont_setup(m, &mp); sp_3072_mont_norm_54(norm, m); @@ -7958,9 +7972,8 @@ static int sp_3072_mod_exp_2_54(sp_digit* r, const sp_digit* e, int bits, const } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -7985,11 +7998,14 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen, { #ifdef WOLFSSL_SP_SMALL int err = MP_OKAY; - sp_digit* d = NULL; - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; +#else + sp_digit b[54 * 4]; +#endif + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; word32 i; if (mp_count_bits(base) > 3072) { @@ -8005,15 +8021,15 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen, err = MP_VAL; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 54 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) { + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 54 * 4, NULL, DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { - b = d; e = b + 54 * 2; m = e + 54; r = b; @@ -8041,23 +8057,27 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen, XMEMMOVE(out, out + i, *outLen); } - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 54U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) +#endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 54U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif } return err; #else -#ifndef WOLFSSL_SMALL_STACK - sp_digit bd[108]; - sp_digit ed[54]; - sp_digit md[54]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; #else - sp_digit* d = NULL; + sp_digit b[54 * 4]; #endif - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; word32 i; int err = MP_OKAY; @@ -8074,26 +8094,20 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen, err = MP_VAL; } -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 54 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 54 * 4, NULL, + DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - b = d; - e = b + 54 * 2; - m = e + 54; - r = b; - } -#else - r = b = bd; - e = ed; - m = md; #endif if (err == MP_OKAY) { + e = b + 54 * 2; + m = e + 54; + r = b; + sp_3072_from_mp(b, 54, base); sp_3072_from_bin(e, 54, exp, expLen); sp_3072_from_mp(m, 54, mod); @@ -8121,14 +8135,17 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen, XMEMMOVE(out, out + i, *outLen); } -#ifdef WOLFSSL_SMALL_STACK - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 54U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 54U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) #endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 54U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif + } return err; #endif @@ -8149,11 +8166,14 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod, { #ifdef WOLFSSL_SP_SMALL int err = MP_OKAY; - sp_digit* d = NULL; - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; +#else + sp_digit b[27 * 4]; +#endif + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; int expBits = mp_count_bits(exp); if (mp_count_bits(base) > 1536) { @@ -8169,16 +8189,16 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod, err = MP_VAL; } - +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 27 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) { + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 27 * 4, NULL, + DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { - b = d; e = b + 27 * 2; m = e + 27; r = b; @@ -8195,23 +8215,27 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod, err = sp_3072_to_mp(r, res); } - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 27U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) +#endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 54U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif } return err; #else -#ifndef WOLFSSL_SMALL_STACK - sp_digit bd[54]; - sp_digit ed[27]; - sp_digit md[27]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; #else - sp_digit* d = NULL; + sp_digit b[27 * 4]; #endif - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; int err = MP_OKAY; int expBits = mp_count_bits(exp); @@ -8228,26 +8252,19 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod, err = MP_VAL; } -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 27 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 27 * 4, NULL, DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - b = d; - e = b + 27 * 2; - m = e + 27; - r = b; - } -#else - r = b = bd; - e = ed; - m = md; #endif if (err == MP_OKAY) { + e = b + 27 * 2; + m = e + 27; + r = b; + sp_3072_from_mp(b, 27, base); sp_3072_from_mp(e, 27, exp); sp_3072_from_mp(m, 27, mod); @@ -8261,14 +8278,17 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod, } -#ifdef WOLFSSL_SMALL_STACK - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 27U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 27U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) #endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 54U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif + } return err; #endif @@ -9969,40 +9989,29 @@ static int sp_4096_div_39(const sp_digit* a, const sp_digit* d, #endif sp_digit dv; sp_digit r1; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[78 + 1]; - sp_digit t2d[39 + 1]; - sp_digit sdd[39 + 1]; + sp_digit t1[4 * 39 + 3]; #endif - sp_digit* t1; - sp_digit* t2; - sp_digit* sd; + sp_digit* t2 = NULL; + sp_digit* sd = NULL; int err = MP_OKAY; (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 39 + 3), NULL, +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 39 + 3), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (t1 == NULL) err = MEMORY_E; - } #endif (void)m; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = td; - t2 = td + 78 + 1; + t2 = t1 + 78 + 1; sd = t2 + 39 + 1; -#else - t1 = t1d; - t2 = t2d; - sd = sdd; -#endif sp_4096_mul_d_39(sd, d, 1L << 19); sp_4096_mul_d_78(t1, a, 1L << 19); @@ -10049,10 +10058,9 @@ static int sp_4096_div_39(const sp_digit* a, const sp_digit* d, sp_4096_rshift_39(r, r, 19); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -10083,13 +10091,13 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e, const sp_digit* m, int reduceA) { #ifdef WOLFSSL_SP_SMALL -#if !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* td = NULL; #else sp_digit td[3 * 78]; #endif - sp_digit* t[3]; - sp_digit* norm; + sp_digit* t[3] = {0, 0, 0}; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -10097,22 +10105,17 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; -#if !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 39 * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<3; i++) { -#if !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + (i * 39 * 2); -#else - t[i] = &td[i * 39 * 2]; -#endif XMEMSET(t[i], 0, sizeof(sp_digit) * 39U * 2U); } @@ -10167,21 +10170,20 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e, } -#if !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; #elif !defined(WC_NO_CACHE_RESISTANT) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[3 * 78]; #endif - sp_digit* t[3]; - sp_digit* norm; + sp_digit* t[3] = {0, 0, 0}; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -10189,22 +10191,17 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 39 * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<3; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + (i * 39 * 2); -#else - t[i] = &td[i * 39 * 2]; -#endif } sp_4096_mont_setup(m, &mp); @@ -10258,22 +10255,21 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMCPY(r, t[0], sizeof(*r) * 39 * 2); } -#ifdef WOLFSSL_SMALL_STACK - if (td != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; #else #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[(32 * 78) + 78]; #endif sp_digit* t[32]; sp_digit* rt = NULL; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -10284,22 +10280,15 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 78) + 78), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) for (i=0; i<32; i++) t[i] = td + i * 78; rt = td + 2496; -#else - for (i=0; i<32; i++) - t[i] = &td[i * 78]; - rt = &td[2496]; -#endif sp_4096_mont_setup(m, &mp); sp_4096_mont_norm_39(norm, m); @@ -10396,9 +10385,8 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -10945,40 +10933,29 @@ static int sp_4096_div_78(const sp_digit* a, const sp_digit* d, #endif sp_digit dv; sp_digit r1; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[156 + 1]; - sp_digit t2d[78 + 1]; - sp_digit sdd[78 + 1]; + sp_digit t1[4 * 78 + 3]; #endif - sp_digit* t1; - sp_digit* t2; - sp_digit* sd; + sp_digit* t2 = NULL; + sp_digit* sd = NULL; int err = MP_OKAY; (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 78 + 3), NULL, +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 * 78 + 3), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (t1 == NULL) err = MEMORY_E; - } #endif (void)m; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = td; - t2 = td + 156 + 1; + t2 = t1 + 156 + 1; sd = t2 + 78 + 1; -#else - t1 = t1d; - t2 = t2d; - sd = sdd; -#endif sp_4096_mul_d_78(sd, d, 1L << 38); sp_4096_mul_d_156(t1, a, 1L << 38); @@ -11025,10 +11002,9 @@ static int sp_4096_div_78(const sp_digit* a, const sp_digit* d, sp_4096_rshift_78(r, r, 38); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -11061,13 +11037,13 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e, const sp_digit* m, int reduceA) { #ifdef WOLFSSL_SP_SMALL -#if !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* td = NULL; #else sp_digit td[3 * 156]; #endif - sp_digit* t[3]; - sp_digit* norm; + sp_digit* t[3] = {0, 0, 0}; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -11075,22 +11051,17 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; -#if !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 78 * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<3; i++) { -#if !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + (i * 78 * 2); -#else - t[i] = &td[i * 78 * 2]; -#endif XMEMSET(t[i], 0, sizeof(sp_digit) * 78U * 2U); } @@ -11145,21 +11116,20 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e, } -#if !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; #elif !defined(WC_NO_CACHE_RESISTANT) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[3 * 156]; #endif - sp_digit* t[3]; - sp_digit* norm; + sp_digit* t[3] = {0, 0, 0}; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -11167,22 +11137,17 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e, byte y; int err = MP_OKAY; -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 3 * 78 * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<3; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + (i * 78 * 2); -#else - t[i] = &td[i * 78 * 2]; -#endif } sp_4096_mont_setup(m, &mp); @@ -11236,22 +11201,21 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMCPY(r, t[0], sizeof(*r) * 78 * 2); } -#ifdef WOLFSSL_SMALL_STACK - if (td != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; #else #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[(32 * 156) + 156]; #endif sp_digit* t[32]; sp_digit* rt = NULL; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; int i; @@ -11262,22 +11226,15 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * ((32 * 156) + 156), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) for (i=0; i<32; i++) t[i] = td + i * 156; rt = td + 4992; -#else - for (i=0; i<32; i++) - t[i] = &td[i * 156]; - rt = &td[4992]; -#endif sp_4096_mont_setup(m, &mp); sp_4096_mont_norm_78(norm, m); @@ -11374,9 +11331,8 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -11402,8 +11358,11 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, const mp_int* mm, byte* out, word32* outLen) { #ifdef WOLFSSL_SP_SMALL - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[78 * 5]; +#endif sp_digit* m = NULL; sp_digit* r = NULL; sp_digit* norm = NULL; @@ -11431,15 +11390,16 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 78 * 5, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 78 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) + if (a == NULL) err = MEMORY_E; } +#endif if (err == MP_OKAY) { - a = d; r = a + 78 * 2; m = r + 78 * 2; norm = r; @@ -11492,18 +11452,17 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, *outLen = 512; } - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); +#endif return err; #else -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit ad[156]; - sp_digit md[78]; - sp_digit rd[156]; -#else +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[78 * 5]; #endif sp_digit* a = NULL; sp_digit* m = NULL; @@ -11529,27 +11488,20 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 78 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) { + if (d == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { a = d; r = a + 78 * 2; m = r + 78 * 2; - } -#else - a = ad; - m = md; - r = rd; -#endif - if (err == MP_OKAY) { sp_4096_from_bin(a, 78, in, inLen); #if DIGIT_BIT >= 53 e[0] = (sp_digit)em->dp[0]; @@ -11613,10 +11565,9 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, *outLen = 512; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } #endif return err; @@ -11648,9 +11599,13 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, const mp_int* qim, const mp_int* mm, byte* out, word32* outLen) { #if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM) -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* a = NULL; +#if defined(WOLFSSL_SP_SMALL) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[78 * 4]; +#endif + sp_digit* a = NULL; sp_digit* m = NULL; sp_digit* r = NULL; int err = MP_OKAY; @@ -11679,13 +11634,15 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 78 * 4, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) { + if (d == NULL) err = MEMORY_E; - } } +#endif + if (err == MP_OKAY) { a = d + 78; m = a + 156; @@ -11696,22 +11653,34 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, sp_4096_from_mp(m, 78, mm); err = sp_4096_mod_exp_78(r, a, d, 4096, m, 0); } + if (err == MP_OKAY) { sp_4096_to_bin(r, out); *outLen = 512; } - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 78); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) +#endif + { + /* only "a" and "r" are sensitive and need zeroized (same pointer) */ + if (a != NULL) + ForceZero(a, sizeof(sp_digit) * 78); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#endif } return err; #else - sp_digit a[156]; - sp_digit d[78]; - sp_digit m[78]; - sp_digit* r = a; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* d = NULL; +#else + sp_digit d[78 * 4]; +#endif + sp_digit* a = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; int err = MP_OKAY; (void)pm; @@ -11738,7 +11707,20 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { + d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 78 * 4, NULL, + DYNAMIC_TYPE_RSA); + if (d == NULL) + err = MEMORY_E; + } +#endif + + if (err == MP_OKAY) { + a = d + 78; + m = a + 156; + r = a; + sp_4096_from_bin(a, 78, in, inLen); sp_4096_from_mp(d, 78, dm); sp_4096_from_mp(m, 78, mm); @@ -11750,14 +11732,27 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, *outLen = 512; } - XMEMSET(d, 0, sizeof(sp_digit) * 78); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) +#endif + { + /* only "a" and "r" are sensitive and need zeroized (same pointer) */ + if (a != NULL) + ForceZero(a, sizeof(sp_digit) * 78); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#endif + } return err; -#endif /* WOLFSSL_SP_SMALL | defined(WOLFSSL_SMALL_STACK) */ +#endif /* WOLFSSL_SP_SMALL */ #else -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* t = NULL; +#if defined(WOLFSSL_SP_SMALL) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[39 * 11]; +#endif sp_digit* p = NULL; sp_digit* q = NULL; sp_digit* dp = NULL; @@ -11786,22 +11781,21 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 39 * 11, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 39 * 11, NULL, DYNAMIC_TYPE_RSA); - if (t == NULL) { + if (a == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { - a = t; p = a + 78 * 2; q = p + 39; qi = dq = dp = q + 39; tmpa = qi + 39; tmpb = tmpa + 78; - - r = t + 78; + r = a + 78; sp_4096_from_bin(a, 78, in, inLen); sp_4096_from_mp(p, 39, pm); @@ -11832,22 +11826,31 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, *outLen = 512; } - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_digit) * 39 * 11); - XFREE(t, NULL, DYNAMIC_TYPE_RSA); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) +#endif + { + ForceZero(a, sizeof(sp_digit) * 39 * 11); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); +#endif } return err; #else - sp_digit a[78 * 2]; - sp_digit p[39]; - sp_digit q[39]; - sp_digit dp[39]; - sp_digit dq[39]; - sp_digit qi[39]; - sp_digit tmpa[78]; - sp_digit tmpb[78]; - sp_digit* r = a; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* a = NULL; +#else + sp_digit a[39 * 13]; +#endif + sp_digit* p = NULL; + sp_digit* q = NULL; + sp_digit* dp = NULL; + sp_digit* dq = NULL; + sp_digit* qi = NULL; + sp_digit* tmpa = NULL; + sp_digit* tmpb = NULL; + sp_digit* r = NULL; int err = MP_OKAY; (void)dm; @@ -11868,7 +11871,25 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 39 * 13, NULL, + DYNAMIC_TYPE_RSA); + if (a == NULL) + err = MEMORY_E; + } +#endif + + if (err == MP_OKAY) { + p = a + 78 * 2; + q = p + 39; + dp = q + 39; + dq = dp + 39; + qi = dq + 39; + tmpa = qi + 39; + tmpb = tmpa + 78; + r = a; + sp_4096_from_bin(a, 78, in, inLen); sp_4096_from_mp(p, 39, pm); sp_4096_from_mp(q, 39, qm); @@ -11899,17 +11920,19 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, *outLen = 512; } - XMEMSET(tmpa, 0, sizeof(tmpa)); - XMEMSET(tmpb, 0, sizeof(tmpb)); - XMEMSET(p, 0, sizeof(p)); - XMEMSET(q, 0, sizeof(q)); - XMEMSET(dp, 0, sizeof(dp)); - XMEMSET(dq, 0, sizeof(dq)); - XMEMSET(qi, 0, sizeof(qi)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) +if (a != NULL) +#endif + { + ForceZero(a, sizeof(sp_digit) * 39 * 13); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); + #endif + } return err; -#endif /* WOLFSSL_SP_SMALL | defined(WOLFSSL_SMALL_STACK) */ -#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */ +#endif /* WOLFSSL_SP_SMALL */ +#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */ } #endif /* !WOLFSSL_RSA_PUBLIC_ONLY */ @@ -11998,11 +12021,14 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod, { #ifdef WOLFSSL_SP_SMALL int err = MP_OKAY; - sp_digit* d = NULL; - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; +#else + sp_digit b[78 * 4]; +#endif + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; int expBits = mp_count_bits(exp); if (mp_count_bits(base) > 4096) { @@ -12018,16 +12044,16 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod, err = MP_VAL; } - +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 78 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) { + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 78 * 4, NULL, + DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { - b = d; e = b + 78 * 2; m = e + 78; r = b; @@ -12043,23 +12069,27 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod, err = sp_4096_to_mp(r, res); } - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 78U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) +#endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 78U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif } return err; #else -#ifndef WOLFSSL_SMALL_STACK - sp_digit bd[156]; - sp_digit ed[78]; - sp_digit md[78]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; #else - sp_digit* d = NULL; + sp_digit b[78 * 4]; #endif - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; int err = MP_OKAY; int expBits = mp_count_bits(exp); @@ -12076,26 +12106,19 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod, err = MP_VAL; } -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 78 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 78 * 4, NULL, DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - b = d; - e = b + 78 * 2; - m = e + 78; - r = b; - } -#else - r = b = bd; - e = ed; - m = md; #endif if (err == MP_OKAY) { + e = b + 78 * 2; + m = e + 78; + r = b; + sp_4096_from_mp(b, 78, base); sp_4096_from_mp(e, 78, exp); sp_4096_from_mp(m, 78, mod); @@ -12108,14 +12131,17 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod, } -#ifdef WOLFSSL_SMALL_STACK - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 78U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 78U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) #endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 78U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif + } return err; #endif @@ -12309,12 +12335,12 @@ SP_NOINLINE static void sp_4096_lshift_78(sp_digit* r, const sp_digit* a, static int sp_4096_mod_exp_2_78(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[235]; #endif - sp_digit* norm; - sp_digit* tmp; + sp_digit* norm = NULL; + sp_digit* tmp = NULL; sp_digit mp = 1; sp_digit n; sp_digit o; @@ -12326,20 +12352,14 @@ static int sp_4096_mod_exp_2_78(sp_digit* r, const sp_digit* e, int bits, const #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 235, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) tmp = td + 156; XMEMSET(td, 0, sizeof(sp_digit) * 235); -#else - tmp = &td[156]; - XMEMSET(td, 0, sizeof(td)); -#endif sp_4096_mont_setup(m, &mp); sp_4096_mont_norm_78(norm, m); @@ -12398,9 +12418,8 @@ static int sp_4096_mod_exp_2_78(sp_digit* r, const sp_digit* e, int bits, const } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -12425,11 +12444,14 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen, { #ifdef WOLFSSL_SP_SMALL int err = MP_OKAY; - sp_digit* d = NULL; - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; +#else + sp_digit b[78 * 4]; +#endif + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; word32 i; if (mp_count_bits(base) > 4096) { @@ -12445,15 +12467,15 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen, err = MP_VAL; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 78 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) { + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 78 * 4, NULL, DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; - } } +#endif if (err == MP_OKAY) { - b = d; e = b + 78 * 2; m = e + 78; r = b; @@ -12481,23 +12503,27 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen, XMEMMOVE(out, out + i, *outLen); } - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 78U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) +#endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 78U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif } return err; #else -#ifndef WOLFSSL_SMALL_STACK - sp_digit bd[156]; - sp_digit ed[78]; - sp_digit md[78]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* b = NULL; #else - sp_digit* d = NULL; + sp_digit b[78 * 4]; #endif - sp_digit* b; - sp_digit* e; - sp_digit* m; - sp_digit* r; + sp_digit* e = NULL; + sp_digit* m = NULL; + sp_digit* r = NULL; word32 i; int err = MP_OKAY; @@ -12514,26 +12540,20 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen, err = MP_VAL; } -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(*d) * 78 * 4, NULL, DYNAMIC_TYPE_DH); - if (d == NULL) + b = (sp_digit*)XMALLOC(sizeof(sp_digit) * 78 * 4, NULL, + DYNAMIC_TYPE_DH); + if (b == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - b = d; - e = b + 78 * 2; - m = e + 78; - r = b; - } -#else - r = b = bd; - e = ed; - m = md; #endif if (err == MP_OKAY) { + e = b + 78 * 2; + m = e + 78; + r = b; + sp_4096_from_mp(b, 78, base); sp_4096_from_bin(e, 78, exp, expLen); sp_4096_from_mp(m, 78, mod); @@ -12561,14 +12581,17 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen, XMEMMOVE(out, out + i, *outLen); } -#ifdef WOLFSSL_SMALL_STACK - if (d != NULL) { - XMEMSET(e, 0, sizeof(sp_digit) * 78U); - XFREE(d, NULL, DYNAMIC_TYPE_DH); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 78U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (b != NULL) #endif + { + /* only "e" is sensitive and needs zeroized */ + if (e != NULL) + ForceZero(e, sizeof(sp_digit) * 78U); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(b, NULL, DYNAMIC_TYPE_DH); + #endif + } return err; #endif @@ -12900,64 +12923,6 @@ SP_NOINLINE static int sp_256_sub_5(sp_digit* r, const sp_digit* a, } #endif /* WOLFSSL_SP_SMALL */ -/* Create a new point. - * - * heap [in] Buffer to allocate dynamic memory from. - * sp [in] Data for point - only if not allocating. - * p [out] New point. - * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise. - */ -static int sp_256_point_new_ex_5(void* heap, sp_point_256* sp, - sp_point_256** p) -{ - int ret = MP_OKAY; - (void)heap; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - (void)sp; - *p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC); -#else - *p = sp; -#endif - if (*p == NULL) { - ret = MEMORY_E; - } - return ret; -} - -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* Allocate memory for point and return error. */ -#define sp_256_point_new_5(heap, sp, p) sp_256_point_new_ex_5((heap), NULL, &(p)) -#else -/* Set pointer to data and return no error. */ -#define sp_256_point_new_5(heap, sp, p) sp_256_point_new_ex_5((heap), &(sp), &(p)) -#endif - - -/* Free the point. - * - * p [in,out] Point to free. - * clear [in] Indicates whether to zeroize point. - * heap [in] Buffer from which dynamic memory was allocate from. - */ -static void sp_256_point_free_5(sp_point_256* p, int clear, void* heap) -{ -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* If valid pointer then clear point data if requested and free data. */ - if (p != NULL) { - if (clear != 0) { - XMEMSET(p, 0, sizeof(*p)); - } - XFREE(p, heap, DYNAMIC_TYPE_ECC); - } -#else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { - XMEMSET(p, 0, sizeof(*p)); - } -#endif - (void)heap; -} - /* Convert an mp_int to an array of sp_digit. * * r A single precision integer. @@ -14147,34 +14112,25 @@ static void sp_256_proj_point_add_5(sp_point_256* r, */ static int sp_256_mod_mul_norm_5(sp_digit* r, const sp_digit* a, const sp_digit* m) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - int64_t* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + int64_t* t = NULL; #else - int64_t td[8]; - int64_t a32d[8]; + int64_t t[2 * 8]; #endif - int64_t* t; - int64_t* a32; + int64_t* a32 = NULL; int64_t o; int err = MP_OKAY; (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (int64_t*)XMALLOC(sizeof(int64_t) * 2 * 8, NULL, DYNAMIC_TYPE_ECC); - if (td == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (int64_t*)XMALLOC(sizeof(int64_t) * 2 * 8, NULL, DYNAMIC_TYPE_ECC); + if (t == NULL) return MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = td; - a32 = td + 8; -#else - t = td; - a32 = a32d; -#endif + a32 = t + 8; a32[0] = (sp_digit)(a[0]) & 0xffffffffL; a32[1] = (sp_digit)(a[0] >> 32U); @@ -14248,10 +14204,9 @@ static int sp_256_mod_mul_norm_5(sp_digit* r, const sp_digit* a, const sp_digit* r[4] |= t[7] << 16U; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -14391,12 +14346,12 @@ static int sp_256_ecc_mulmod_5_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r, static int sp_256_ecc_mulmod_5(sp_point_256* r, const sp_point_256* g, const sp_digit* k, int map, int ct, void* heap) { -#ifdef WOLFSSL_SP_NO_MALLOC +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* t = NULL; + sp_digit* tmp = NULL; +#else sp_point_256 t[3]; sp_digit tmp[2 * 5 * 5]; -#else - sp_point_256* t; - sp_digit* tmp; #endif sp_digit n; int i; @@ -14408,14 +14363,17 @@ static int sp_256_ecc_mulmod_5(sp_point_256* r, const sp_point_256* g, (void)ct; (void)heap; -#ifndef WOLFSSL_SP_NO_MALLOC - t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap, + DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 5 * 5, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 5 * 5, heap, + DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -14466,19 +14424,24 @@ static int sp_256_ecc_mulmod_5(sp_point_256* r, const sp_point_256* g, } } -#ifndef WOLFSSL_SP_NO_MALLOC - if (tmp != NULL) { - XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 5 * 5); - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_point_256) * 3); - XFREE(t, NULL, DYNAMIC_TYPE_ECC); - } -#else - ForceZero(tmp, sizeof(tmp)); - ForceZero(t, sizeof(t)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) #endif + { + ForceZero(tmp, sizeof(sp_digit) * 2 * 5 * 5); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) +#endif + { + ForceZero(t, sizeof(sp_point_256) * 3); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(t, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -14904,43 +14867,41 @@ static void sp_256_get_point_33_5(sp_point_256* r, const sp_point_256* table, static int sp_256_ecc_mulmod_win_add_sub_5(sp_point_256* r, const sp_point_256* g, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 td[33]; - sp_point_256 rtd; - sp_point_256 pd; - sp_digit tmpd[2 * 5 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* t = NULL; + sp_digit* tmp = NULL; +#else + sp_point_256 t[33+2]; + sp_digit tmp[2 * 5 * 6]; #endif - sp_point_256* t; - sp_point_256* rt; + sp_point_256* rt = NULL; sp_point_256* p = NULL; - sp_digit* tmp; sp_digit* negy; int i; ecc_recode_256 v[43]; - int err; + int err = MP_OKAY; /* Constant time used for cache attack resistance implementation. */ (void)ct; (void)heap; - err = sp_256_point_new_5(heap, rtd, rt); - if (err == MP_OKAY) - err = sp_256_point_new_5(heap, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 33, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * + (33+2), heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 5 * 6, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; -#else - t = td; - tmp = tmpd; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 5 * 6, + heap, DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif - if (err == MP_OKAY) { + rt = t + 33; + p = t + 33+1; + /* t[0] = {0, 0, 1} * norm */ XMEMSET(&t[0], 0, sizeof(t[0])); t[0].infinity = 1; @@ -15020,14 +14981,12 @@ static int sp_256_ecc_mulmod_win_add_sub_5(sp_point_256* r, const sp_point_256* } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); if (tmp != NULL) XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_5(p, 0, heap); - sp_256_point_free_5(rt, 0, heap); return err; } @@ -15153,29 +15112,30 @@ static void sp_256_proj_to_affine_5(sp_point_256* a, sp_digit* t) static int sp_256_gen_stripe_table_5(const sp_point_256* a, sp_table_entry_256* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 td; - sp_point_256 s1d; - sp_point_256 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* t = NULL; +#else + sp_point_256 t[3]; #endif - sp_point_256* t; sp_point_256* s1 = NULL; sp_point_256* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_256_point_new_5(heap, td, t); - if (err == MP_OKAY) { - err = sp_256_point_new_5(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_256_point_new_5(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_256_mod_mul_norm_5(t->x, a->x, p256_mod); } if (err == MP_OKAY) { @@ -15220,9 +15180,10 @@ static int sp_256_gen_stripe_table_5(const sp_point_256* a, } } - sp_256_point_free_5(s2, 0, heap); - sp_256_point_free_5(s1, 0, heap); - sp_256_point_free_5( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -15286,19 +15247,19 @@ static int sp_256_ecc_mulmod_stripe_5(sp_point_256* r, const sp_point_256* g, const sp_table_entry_256* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 rtd; - sp_point_256 pd; - sp_digit td[2 * 5 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_256 rt[2]; + sp_digit t[2 * 5 * 5]; #endif - sp_point_256* rt; sp_point_256* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -15306,21 +15267,22 @@ static int sp_256_ecc_mulmod_stripe_5(sp_point_256* r, const sp_point_256* g, (void)heap; - err = sp_256_point_new_5(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_256_point_new_5(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 5 * 5, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 5 * 5, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod)); XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod)); @@ -15371,13 +15333,12 @@ static int sp_256_ecc_mulmod_stripe_5(sp_point_256* r, const sp_point_256* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_5(p, 0, heap); - sp_256_point_free_5(rt, 0, heap); return err; } @@ -15541,25 +15502,28 @@ static int sp_256_ecc_mulmod_5(sp_point_256* r, const sp_point_256* g, const sp_ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[5]; -#endif - sp_point_256* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[1]; + sp_digit k[5]; +#endif int err = MP_OKAY; - err = sp_256_point_new_5(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_256_from_mp(k, 5, km); sp_256_point_from_ecc_point_5(point, gm); @@ -15570,12 +15534,12 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, err = sp_256_point_to_ecc_point_5(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_5(point, 0, heap); return err; } @@ -15595,37 +15559,35 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_point_256 a; - sp_digit kd[5]; - sp_digit t[5 * 2 * 5]; -#endif - sp_point_256* point; - sp_point_256* addP = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[2]; + sp_digit k[5 + 5 * 2 * 5]; +#endif + sp_point_256* addP = NULL; sp_digit* tmp = NULL; int err = MP_OKAY; - err = sp_256_point_new_5(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_256_point_new_5(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (5 + 5 * 2 * 5), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (5 + 5 * 2 * 5), heap, + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 5; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 5; + sp_256_from_mp(k, 5, km); sp_256_point_from_ecc_point_5(point, gm); sp_256_point_from_ecc_point_5(addP, am); @@ -15652,13 +15614,12 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, err = sp_256_point_to_ecc_point_5(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_5(addP, 0, heap); - sp_256_point_free_5(point, 0, heap); return err; } @@ -17001,26 +16962,28 @@ static int sp_256_ecc_mulmod_base_5(sp_point_256* r, const sp_digit* k, */ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[5]; -#endif - sp_point_256* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[1]; + sp_digit k[5]; +#endif int err = MP_OKAY; - err = sp_256_point_new_5(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_256_from_mp(k, 5, km); @@ -17030,12 +16993,12 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) err = sp_256_point_to_ecc_point_5(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_5(point, 0, heap); return err; } @@ -17054,37 +17017,35 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_point_256 a; - sp_digit kd[5]; - sp_digit t[5 * 2 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; + sp_digit* k = NULL; +#else + sp_point_256 point[2]; + sp_digit k[5 + 5 * 2 * 5]; #endif - sp_point_256* point; sp_point_256* addP = NULL; sp_digit* tmp = NULL; - sp_digit* k = NULL; int err = MP_OKAY; - err = sp_256_point_new_5(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_256_point_new_5(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (5 + 5 * 2 * 5), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (5 + 5 * 2 * 5), + heap, DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 5; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 5; + sp_256_from_mp(k, 5, km); sp_256_point_from_ecc_point_5(addP, am); } @@ -17110,13 +17071,12 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, err = sp_256_point_to_ecc_point_5(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_5(addP, 0, heap); - sp_256_point_free_5(point, 0, heap); return err; } @@ -17219,41 +17179,46 @@ static int sp_256_ecc_gen_k_5(WC_RNG* rng, sp_digit* k) */ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[5]; -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_point_256 inf; -#endif -#endif - sp_point_256* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + sp_point_256 point[2]; + #else + sp_point_256 point[1]; + #endif + sp_digit k[5]; +#endif #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN sp_point_256* infinity = NULL; #endif - int err; + int err = MP_OKAY; + (void)heap; - err = sp_256_point_new_5(heap, p, point); -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - if (err == MP_OKAY) { - err = sp_256_point_new_5(heap, inf, infinity); - } -#endif -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, DYNAMIC_TYPE_ECC); + #else + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC); + #endif + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif if (err == MP_OKAY) { + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + infinity = point + 1; + #endif + err = sp_256_ecc_gen_k_5(rng, k); } if (err == MP_OKAY) { @@ -17278,15 +17243,14 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_256_point_to_ecc_point_5(point, pub); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); + if (point != NULL) { + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); } #endif -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_256_point_free_5(infinity, 1, heap); -#endif - sp_256_point_free_5(point, 1, heap); return err; } @@ -17351,30 +17315,32 @@ static void sp_256_to_bin(sp_digit* r, byte* a) int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, word32* outLen, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[5]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[1]; + sp_digit k[5]; +#endif int err = MP_OKAY; if (*outLen < 32U) { err = BUFFER_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_256_point_new_5(heap, p, point); + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif if (err == MP_OKAY) { @@ -17387,12 +17353,12 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, *outLen = 32; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_5(point, 0, heap); return err; } @@ -17507,34 +17473,25 @@ static int sp_256_div_5(const sp_digit* a, const sp_digit* d, #endif sp_digit dv; sp_digit r1; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[10]; - sp_digit t2d[5 + 1]; + sp_digit t1[3 * 5 + 1]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 5 + 1), NULL, +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 5 + 1), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (t1 == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = td; - t2 = td + 2 * 5; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 5; dv = d[4]; XMEMCPY(t1, a, sizeof(*t1) * 2U * 5U); @@ -17577,10 +17534,9 @@ static int sp_256_div_5(const sp_digit* a, const sp_digit* d, (sp_digit)1 : (sp_digit)0)); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -18030,22 +17986,17 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit ed[2*5]; - sp_digit xd[2*5]; - sp_digit kd[2*5]; - sp_digit rd[2*5]; - sp_digit td[3 * 2*5]; - sp_point_256 p; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* e = NULL; + sp_point_256* point = NULL; +#else + sp_digit e[7 * 2 * 5]; + sp_point_256 point[1]; +#endif sp_digit* x = NULL; sp_digit* k = NULL; sp_digit* r = NULL; sp_digit* tmp = NULL; - sp_point_256* point = NULL; sp_digit* s = NULL; int64_t c; int err = MP_OKAY; @@ -18053,31 +18004,26 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, (void)heap; - err = sp_256_point_new_5(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 5, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 5, heap, + DYNAMIC_TYPE_ECC); + if (e == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - e = d + 0 * 5; - x = d + 2 * 5; - k = d + 4 * 5; - r = d + 6 * 5; - tmp = d + 8 * 5; -#else - e = ed; - x = xd; - k = kd; - r = rd; - tmp = td; -#endif + x = e + 2 * 5; + k = e + 4 * 5; + r = e + 6 * 5; + tmp = e + 8 * 5; s = e; if (hashLen > 32U) { @@ -18132,19 +18078,24 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, err = sp_256_to_mp(s, sm); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 8 * 5); - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 2U * 5U); - XMEMSET(x, 0, sizeof(sp_digit) * 2U * 5U); - XMEMSET(k, 0, sizeof(sp_digit) * 2U * 5U); - XMEMSET(r, 0, sizeof(sp_digit) * 2U * 5U); - XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 5U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (e != NULL) #endif - sp_256_point_free_5(point, 1, heap); + { + ForceZero(e, sizeof(sp_digit) * 7 * 2 * 5); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(e, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (point != NULL) +#endif + { + ForceZero(point, sizeof(sp_point_256)); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(point, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -18199,20 +18150,18 @@ static int sp_256_num_bits_5(const sp_digit* a) static int sp_256_mod_inv_5(sp_digit* r, const sp_digit* a, const sp_digit* m) { int err = MP_OKAY; -#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) - sp_digit* u; - sp_digit* v; - sp_digit* b; - sp_digit* d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* u = NULL; #else - sp_digit u[5]; - sp_digit v[5]; - sp_digit b[5]; - sp_digit d[5]; + sp_digit u[5 * 4]; #endif - int ut, vt; + sp_digit* v = NULL; + sp_digit* b = NULL; + sp_digit* d = NULL; + int ut; + int vt; -#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) u = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 4, NULL, DYNAMIC_TYPE_ECC); if (u == NULL) @@ -18220,11 +18169,9 @@ static int sp_256_mod_inv_5(sp_digit* r, const sp_digit* a, const sp_digit* m) #endif if (err == MP_OKAY) { -#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) v = u + 5; b = u + 2 * 5; d = u + 3 * 5; -#endif XMEMCPY(u, m, sizeof(sp_digit) * 5); XMEMCPY(v, a, sizeof(sp_digit) * 5); @@ -18302,7 +18249,7 @@ static int sp_256_mod_inv_5(sp_digit* r, const sp_digit* a, const sp_digit* m) else XMEMCPY(r, d, sizeof(sp_digit) * 5); } -#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (u != NULL) XFREE(u, NULL, DYNAMIC_TYPE_ECC); #endif @@ -18595,52 +18542,41 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, int* res, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit u1d[2*5]; - sp_digit u2d[2*5]; - sp_digit sd[2*5]; - sp_digit tmpd[2*5 * 5]; - sp_point_256 p1d; - sp_point_256 p2d; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* u1 = NULL; + sp_point_256* p1 = NULL; +#else + sp_digit u1[16 * 5]; + sp_point_256 p1[2]; +#endif sp_digit* u2 = NULL; sp_digit* s = NULL; sp_digit* tmp = NULL; - sp_point_256* p1; sp_point_256* p2 = NULL; sp_digit carry; int64_t c = 0; - int err; + int err = MP_OKAY; - err = sp_256_point_new_5(heap, p1d, p1); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_256_point_new_5(heap, p2d, p2); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 5, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + p1 = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (p1 == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 5, heap, + DYNAMIC_TYPE_ECC); + if (u1 == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - u1 = d + 0 * 5; - u2 = d + 2 * 5; - s = d + 4 * 5; - tmp = d + 6 * 5; -#else - u1 = u1d; - u2 = u2d; - s = sd; - tmp = tmpd; -#endif + u2 = u1 + 2 * 5; + s = u1 + 4 * 5; + tmp = u1 + 6 * 5; + p2 = p1 + 1; if (hashLen > 32U) { hashLen = 32U; @@ -18691,12 +18627,12 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) - XFREE(d, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (u1 != NULL) + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + if (p1 != NULL) + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_5(p1, 0, heap); - sp_256_point_free_5(p2, 0, heap); return err; } @@ -18713,32 +18649,23 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, static int sp_256_ecc_is_point_5(const sp_point_256* point, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2*5]; - sp_digit t2d[2*5]; + sp_digit t1[5 * 4]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 4, heap, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 4, heap, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif (void)heap; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 5; - t2 = d + 2 * 5; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 5; sp_256_sqr_5(t1, point->y); (void)sp_256_mod_5(t1, t1, p256_mod); @@ -18758,10 +18685,9 @@ static int sp_256_ecc_is_point_5(const sp_point_256* point, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -18776,14 +18702,21 @@ static int sp_256_ecc_is_point_5(const sp_point_256* point, */ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 pubd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* pub = NULL; +#else + sp_point_256 pub[1]; +#endif + const byte one[1] = { 1 }; + int err = MP_OKAY; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; #endif - sp_point_256* pub; - byte one[1] = { 1 }; - int err; - err = sp_256_point_new_5(NULL, pubd, pub); if (err == MP_OKAY) { sp_256_from_mp(pub->x, 5, pX); sp_256_from_mp(pub->y, 5, pY); @@ -18792,7 +18725,10 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) err = sp_256_ecc_is_point_5(pub, NULL); } - sp_256_point_free_5(pub, 0, NULL); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -18811,45 +18747,45 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, const mp_int* privm, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit privd[5]; - sp_point_256 pubd; - sp_point_256 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* priv = NULL; - sp_point_256* pub; - sp_point_256* p = NULL; - byte one[1] = { 1 }; - int err; - - err = sp_256_point_new_5(heap, pubd, pub); - if (err == MP_OKAY) { - err = sp_256_point_new_5(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY && privm) { - priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5, heap, - DYNAMIC_TYPE_ECC); - if (priv == NULL) { - err = MEMORY_E; - } - } + sp_point_256* pub = NULL; +#else + sp_digit priv[5]; + sp_point_256 pub[2]; #endif + sp_point_256* p = NULL; + const byte one[1] = { 1 }; + int err = MP_OKAY; + /* Quick check the lengs of public key ordinates and private key are in * range. Proper check later. */ - if ((err == MP_OKAY) && ((mp_count_bits(pX) > 256) || + if (((mp_count_bits(pX) > 256) || (mp_count_bits(pY) > 256) || ((privm != NULL) && (mp_count_bits(privm) > 256)))) { err = ECC_OUT_OF_RANGE_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - priv = privd; + pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY && privm) { + priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5, heap, + DYNAMIC_TYPE_ECC); + if (priv == NULL) + err = MEMORY_E; + } #endif + if (err == MP_OKAY) { + p = pub + 1; + sp_256_from_mp(pub->x, 5, pX); sp_256_from_mp(pub->y, 5, pY); sp_256_from_bin(pub->z, 5, one, (int)sizeof(one)); @@ -18898,13 +18834,12 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (priv != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + if (priv != NULL) XFREE(priv, heap, DYNAMIC_TYPE_ECC); - } #endif - sp_256_point_free_5(p, 0, heap); - sp_256_point_free_5(pub, 0, heap); return err; } @@ -18928,33 +18863,35 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* qX, mp_int* qY, mp_int* qZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 5 * 5]; - sp_point_256 pd; - sp_point_256 qd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_256* p; + sp_point_256* p = NULL; +#else + sp_digit tmp[2 * 5 * 5]; + sp_point_256 p[2]; +#endif sp_point_256* q = NULL; int err; - err = sp_256_point_new_5(NULL, pd, p); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_256_point_new_5(NULL, qd, q); + p = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 5 * 5, NULL, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (tmp == NULL) { err = MEMORY_E; } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { + q = p + 1; + sp_256_from_mp(p->x, 5, pX); sp_256_from_mp(p->y, 5, pY); sp_256_from_mp(p->z, 5, pZ); @@ -18975,13 +18912,12 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_256_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_5(q, 0, NULL); - sp_256_point_free_5(p, 0, NULL); return err; } @@ -19000,25 +18936,28 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 5 * 2]; - sp_point_256 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_256* p; - int err; + sp_point_256* p = NULL; +#else + sp_digit tmp[2 * 5 * 2]; + sp_point_256 p[1]; +#endif + int err = MP_OKAY; - err = sp_256_point_new_5(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 5 * 2, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { @@ -19039,12 +18978,12 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_256_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_5(p, 0, NULL); return err; } @@ -19059,25 +18998,29 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, */ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 5 * 4]; - sp_point_256 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_256* p; - int err; + sp_point_256* p = NULL; +#else + sp_digit tmp[2 * 5 * 4]; + sp_point_256 p[1]; +#endif + int err = MP_OKAY; - err = sp_256_point_new_5(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 5 * 4, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { sp_256_from_mp(p->x, 5, pX); @@ -19097,12 +19040,12 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) err = sp_256_to_mp(p->z, pZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_5(p, 0, NULL); return err; } @@ -19115,31 +19058,23 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) */ static int sp_256_mont_sqrt_5(sp_digit* y) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2 * 5]; - sp_digit t2d[2 * 5]; + sp_digit t1[4 * 5]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 5, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 5, NULL, DYNAMIC_TYPE_ECC); + if (t1 == NULL) { err = MEMORY_E; } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 5; - t2 = d + 2 * 5; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 5; { /* t2 = y ^ 0x2 */ @@ -19174,10 +19109,9 @@ static int sp_256_mont_sqrt_5(sp_digit* y) } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -19193,31 +19127,22 @@ static int sp_256_mont_sqrt_5(sp_digit* y) */ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; -#else - sp_digit xd[2 * 5]; - sp_digit yd[2 * 5]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* x = NULL; +#else + sp_digit x[4 * 5]; +#endif sp_digit* y = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 5, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 5, NULL, DYNAMIC_TYPE_ECC); + if (x == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - x = d + 0 * 5; - y = d + 2 * 5; -#else - x = xd; - y = yd; -#endif + y = x + 2 * 5; sp_256_from_mp(x, 5, xm); err = sp_256_mod_mul_norm_5(x, x, p256_mod); @@ -19250,10 +19175,9 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) err = sp_256_to_mp(y, ym); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (x != NULL) + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -19628,64 +19552,6 @@ SP_NOINLINE static int sp_384_sub_7(sp_digit* r, const sp_digit* a, } #endif /* WOLFSSL_SP_SMALL */ -/* Create a new point. - * - * heap [in] Buffer to allocate dynamic memory from. - * sp [in] Data for point - only if not allocating. - * p [out] New point. - * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise. - */ -static int sp_384_point_new_ex_7(void* heap, sp_point_384* sp, - sp_point_384** p) -{ - int ret = MP_OKAY; - (void)heap; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - (void)sp; - *p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC); -#else - *p = sp; -#endif - if (*p == NULL) { - ret = MEMORY_E; - } - return ret; -} - -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* Allocate memory for point and return error. */ -#define sp_384_point_new_7(heap, sp, p) sp_384_point_new_ex_7((heap), NULL, &(p)) -#else -/* Set pointer to data and return no error. */ -#define sp_384_point_new_7(heap, sp, p) sp_384_point_new_ex_7((heap), &(sp), &(p)) -#endif - - -/* Free the point. - * - * p [in,out] Point to free. - * clear [in] Indicates whether to zeroize point. - * heap [in] Buffer from which dynamic memory was allocate from. - */ -static void sp_384_point_free_7(sp_point_384* p, int clear, void* heap) -{ -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* If valid pointer then clear point data if requested and free data. */ - if (p != NULL) { - if (clear != 0) { - XMEMSET(p, 0, sizeof(*p)); - } - XFREE(p, heap, DYNAMIC_TYPE_ECC); - } -#else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { - XMEMSET(p, 0, sizeof(*p)); - } -#endif - (void)heap; -} - /* Convert an mp_int to an array of sp_digit. * * r A single precision integer. @@ -20895,34 +20761,25 @@ static void sp_384_proj_point_add_7(sp_point_384* r, */ static int sp_384_mod_mul_norm_7(sp_digit* r, const sp_digit* a, const sp_digit* m) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - int64_t* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + int64_t* t = NULL; #else - int64_t td[12]; - int64_t a32d[12]; + int64_t t[2 * 12]; #endif - int64_t* t; - int64_t* a32; + int64_t* a32 = NULL; int64_t o; int err = MP_OKAY; (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (int64_t*)XMALLOC(sizeof(int64_t) * 2 * 12, NULL, DYNAMIC_TYPE_ECC); - if (td == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (int64_t*)XMALLOC(sizeof(int64_t) * 2 * 12, NULL, DYNAMIC_TYPE_ECC); + if (t == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = td; - a32 = td + 12; -#else - t = td; - a32 = a32d; -#endif + a32 = t + 12; a32[0] = (sp_digit)(a[0]) & 0xffffffffL; a32[1] = (sp_digit)(a[0] >> 32U); @@ -21028,9 +20885,9 @@ static int sp_384_mod_mul_norm_7(sp_digit* r, const sp_digit* a, const sp_digit* r[6] |= t[11] << 22U; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -21170,12 +21027,12 @@ static int sp_384_ecc_mulmod_7_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r, static int sp_384_ecc_mulmod_7(sp_point_384* r, const sp_point_384* g, const sp_digit* k, int map, int ct, void* heap) { -#ifdef WOLFSSL_SP_NO_MALLOC +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* t = NULL; + sp_digit* tmp = NULL; +#else sp_point_384 t[3]; sp_digit tmp[2 * 7 * 6]; -#else - sp_point_384* t; - sp_digit* tmp; #endif sp_digit n; int i; @@ -21187,14 +21044,17 @@ static int sp_384_ecc_mulmod_7(sp_point_384* r, const sp_point_384* g, (void)ct; (void)heap; -#ifndef WOLFSSL_SP_NO_MALLOC - t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap, + DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 7 * 6, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 7 * 6, heap, + DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -21245,19 +21105,24 @@ static int sp_384_ecc_mulmod_7(sp_point_384* r, const sp_point_384* g, } } -#ifndef WOLFSSL_SP_NO_MALLOC - if (tmp != NULL) { - XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 7 * 6); - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_point_384) * 3); - XFREE(t, NULL, DYNAMIC_TYPE_ECC); - } -#else - ForceZero(tmp, sizeof(tmp)); - ForceZero(t, sizeof(t)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) #endif + { + ForceZero(tmp, sizeof(sp_digit) * 2 * 7 * 6); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) +#endif + { + ForceZero(t, sizeof(sp_point_384) * 3); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(t, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -21699,43 +21564,41 @@ static void sp_384_get_point_33_7(sp_point_384* r, const sp_point_384* table, static int sp_384_ecc_mulmod_win_add_sub_7(sp_point_384* r, const sp_point_384* g, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 td[33]; - sp_point_384 rtd; - sp_point_384 pd; - sp_digit tmpd[2 * 7 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* t = NULL; + sp_digit* tmp = NULL; +#else + sp_point_384 t[33+2]; + sp_digit tmp[2 * 7 * 6]; #endif - sp_point_384* t; - sp_point_384* rt; + sp_point_384* rt = NULL; sp_point_384* p = NULL; - sp_digit* tmp; sp_digit* negy; int i; ecc_recode_384 v[65]; - int err; + int err = MP_OKAY; /* Constant time used for cache attack resistance implementation. */ (void)ct; (void)heap; - err = sp_384_point_new_7(heap, rtd, rt); - if (err == MP_OKAY) - err = sp_384_point_new_7(heap, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 33, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * + (33+2), heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 7 * 6, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; -#else - t = td; - tmp = tmpd; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 7 * 6, + heap, DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif - if (err == MP_OKAY) { + rt = t + 33; + p = t + 33+1; + /* t[0] = {0, 0, 1} * norm */ XMEMSET(&t[0], 0, sizeof(t[0])); t[0].infinity = 1; @@ -21815,14 +21678,12 @@ static int sp_384_ecc_mulmod_win_add_sub_7(sp_point_384* r, const sp_point_384* } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); if (tmp != NULL) XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_7(p, 0, heap); - sp_384_point_free_7(rt, 0, heap); return err; } @@ -21948,29 +21809,30 @@ static void sp_384_proj_to_affine_7(sp_point_384* a, sp_digit* t) static int sp_384_gen_stripe_table_7(const sp_point_384* a, sp_table_entry_384* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 td; - sp_point_384 s1d; - sp_point_384 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* t = NULL; +#else + sp_point_384 t[3]; #endif - sp_point_384* t; sp_point_384* s1 = NULL; sp_point_384* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_384_point_new_7(heap, td, t); - if (err == MP_OKAY) { - err = sp_384_point_new_7(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_384_point_new_7(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_384_mod_mul_norm_7(t->x, a->x, p384_mod); } if (err == MP_OKAY) { @@ -22015,9 +21877,10 @@ static int sp_384_gen_stripe_table_7(const sp_point_384* a, } } - sp_384_point_free_7(s2, 0, heap); - sp_384_point_free_7(s1, 0, heap); - sp_384_point_free_7( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -22089,19 +21952,19 @@ static int sp_384_ecc_mulmod_stripe_7(sp_point_384* r, const sp_point_384* g, const sp_table_entry_384* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 rtd; - sp_point_384 pd; - sp_digit td[2 * 7 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_384 rt[2]; + sp_digit t[2 * 7 * 6]; #endif - sp_point_384* rt; sp_point_384* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -22109,21 +21972,22 @@ static int sp_384_ecc_mulmod_stripe_7(sp_point_384* r, const sp_point_384* g, (void)heap; - err = sp_384_point_new_7(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_384_point_new_7(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 7 * 6, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 7 * 6, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p384_norm_mod, sizeof(p384_norm_mod)); XMEMCPY(rt->z, p384_norm_mod, sizeof(p384_norm_mod)); @@ -22174,13 +22038,12 @@ static int sp_384_ecc_mulmod_stripe_7(sp_point_384* r, const sp_point_384* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_7(p, 0, heap); - sp_384_point_free_7(rt, 0, heap); return err; } @@ -22344,25 +22207,28 @@ static int sp_384_ecc_mulmod_7(sp_point_384* r, const sp_point_384* g, const sp_ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[7]; -#endif - sp_point_384* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[1]; + sp_digit k[7]; +#endif int err = MP_OKAY; - err = sp_384_point_new_7(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_384_from_mp(k, 7, km); sp_384_point_from_ecc_point_7(point, gm); @@ -22373,12 +22239,12 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, err = sp_384_point_to_ecc_point_7(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_7(point, 0, heap); return err; } @@ -22398,37 +22264,35 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_point_384 a; - sp_digit kd[7]; - sp_digit t[7 * 2 * 6]; -#endif - sp_point_384* point; - sp_point_384* addP = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[2]; + sp_digit k[7 + 7 * 2 * 6]; +#endif + sp_point_384* addP = NULL; sp_digit* tmp = NULL; int err = MP_OKAY; - err = sp_384_point_new_7(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_384_point_new_7(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (7 + 7 * 2 * 6), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (7 + 7 * 2 * 6), heap, + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 7; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 7; + sp_384_from_mp(k, 7, km); sp_384_point_from_ecc_point_7(point, gm); sp_384_point_from_ecc_point_7(addP, am); @@ -22455,13 +22319,12 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, err = sp_384_point_to_ecc_point_7(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_7(addP, 0, heap); - sp_384_point_free_7(point, 0, heap); return err; } @@ -24314,26 +24177,28 @@ static int sp_384_ecc_mulmod_base_7(sp_point_384* r, const sp_digit* k, */ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[7]; -#endif - sp_point_384* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[1]; + sp_digit k[7]; +#endif int err = MP_OKAY; - err = sp_384_point_new_7(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_384_from_mp(k, 7, km); @@ -24343,12 +24208,12 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) err = sp_384_point_to_ecc_point_7(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_7(point, 0, heap); return err; } @@ -24367,37 +24232,35 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_point_384 a; - sp_digit kd[7]; - sp_digit t[7 * 2 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; + sp_digit* k = NULL; +#else + sp_point_384 point[2]; + sp_digit k[7 + 7 * 2 * 6]; #endif - sp_point_384* point; sp_point_384* addP = NULL; sp_digit* tmp = NULL; - sp_digit* k = NULL; int err = MP_OKAY; - err = sp_384_point_new_7(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_384_point_new_7(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (7 + 7 * 2 * 6), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (7 + 7 * 2 * 6), + heap, DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 7; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 7; + sp_384_from_mp(k, 7, km); sp_384_point_from_ecc_point_7(addP, am); } @@ -24423,13 +24286,12 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, err = sp_384_point_to_ecc_point_7(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_7(addP, 0, heap); - sp_384_point_free_7(point, 0, heap); return err; } @@ -24532,41 +24394,46 @@ static int sp_384_ecc_gen_k_7(WC_RNG* rng, sp_digit* k) */ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[7]; -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_point_384 inf; -#endif -#endif - sp_point_384* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + sp_point_384 point[2]; + #else + sp_point_384 point[1]; + #endif + sp_digit k[7]; +#endif #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN sp_point_384* infinity = NULL; #endif - int err; + int err = MP_OKAY; + (void)heap; - err = sp_384_point_new_7(heap, p, point); -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - if (err == MP_OKAY) { - err = sp_384_point_new_7(heap, inf, infinity); - } -#endif -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, DYNAMIC_TYPE_ECC); + #else + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC); + #endif + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif if (err == MP_OKAY) { + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + infinity = point + 1; + #endif + err = sp_384_ecc_gen_k_7(rng, k); } if (err == MP_OKAY) { @@ -24591,15 +24458,14 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_384_point_to_ecc_point_7(point, pub); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); + if (point != NULL) { + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); } #endif -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_384_point_free_7(infinity, 1, heap); -#endif - sp_384_point_free_7(point, 1, heap); return err; } @@ -24664,30 +24530,32 @@ static void sp_384_to_bin(sp_digit* r, byte* a) int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, word32* outLen, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[7]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[1]; + sp_digit k[7]; +#endif int err = MP_OKAY; if (*outLen < 48U) { err = BUFFER_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_384_point_new_7(heap, p, point); + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif if (err == MP_OKAY) { @@ -24700,12 +24568,12 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, *outLen = 48; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_7(point, 0, heap); return err; } @@ -24840,34 +24708,25 @@ static int sp_384_div_7(const sp_digit* a, const sp_digit* d, #endif sp_digit dv; sp_digit r1; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[14]; - sp_digit t2d[7 + 1]; + sp_digit t1[3 * 7 + 1]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 7 + 1), NULL, +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 7 + 1), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (t1 == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = td; - t2 = td + 2 * 7; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 7; dv = d[6]; XMEMCPY(t1, a, sizeof(*t1) * 2U * 7U); @@ -24910,10 +24769,9 @@ static int sp_384_div_7(const sp_digit* a, const sp_digit* d, (sp_digit)1 : (sp_digit)0)); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -25334,22 +25192,17 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit ed[2*7]; - sp_digit xd[2*7]; - sp_digit kd[2*7]; - sp_digit rd[2*7]; - sp_digit td[3 * 2*7]; - sp_point_384 p; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* e = NULL; + sp_point_384* point = NULL; +#else + sp_digit e[7 * 2 * 7]; + sp_point_384 point[1]; +#endif sp_digit* x = NULL; sp_digit* k = NULL; sp_digit* r = NULL; sp_digit* tmp = NULL; - sp_point_384* point = NULL; sp_digit* s = NULL; int64_t c; int err = MP_OKAY; @@ -25357,31 +25210,26 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, (void)heap; - err = sp_384_point_new_7(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 7, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 7, heap, + DYNAMIC_TYPE_ECC); + if (e == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - e = d + 0 * 7; - x = d + 2 * 7; - k = d + 4 * 7; - r = d + 6 * 7; - tmp = d + 8 * 7; -#else - e = ed; - x = xd; - k = kd; - r = rd; - tmp = td; -#endif + x = e + 2 * 7; + k = e + 4 * 7; + r = e + 6 * 7; + tmp = e + 8 * 7; s = e; if (hashLen > 48U) { @@ -25436,19 +25284,24 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, err = sp_384_to_mp(s, sm); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 8 * 7); - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 2U * 7U); - XMEMSET(x, 0, sizeof(sp_digit) * 2U * 7U); - XMEMSET(k, 0, sizeof(sp_digit) * 2U * 7U); - XMEMSET(r, 0, sizeof(sp_digit) * 2U * 7U); - XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 7U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (e != NULL) #endif - sp_384_point_free_7(point, 1, heap); + { + ForceZero(e, sizeof(sp_digit) * 7 * 2 * 7); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(e, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (point != NULL) +#endif + { + ForceZero(point, sizeof(sp_point_384)); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(point, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -25503,20 +25356,18 @@ static int sp_384_num_bits_7(const sp_digit* a) static int sp_384_mod_inv_7(sp_digit* r, const sp_digit* a, const sp_digit* m) { int err = MP_OKAY; -#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) - sp_digit* u; - sp_digit* v; - sp_digit* b; - sp_digit* d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* u = NULL; #else - sp_digit u[7]; - sp_digit v[7]; - sp_digit b[7]; - sp_digit d[7]; + sp_digit u[7 * 4]; #endif - int ut, vt; + sp_digit* v = NULL; + sp_digit* b = NULL; + sp_digit* d = NULL; + int ut; + int vt; -#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) u = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 4, NULL, DYNAMIC_TYPE_ECC); if (u == NULL) @@ -25524,11 +25375,9 @@ static int sp_384_mod_inv_7(sp_digit* r, const sp_digit* a, const sp_digit* m) #endif if (err == MP_OKAY) { -#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) v = u + 7; b = u + 2 * 7; d = u + 3 * 7; -#endif XMEMCPY(u, m, sizeof(sp_digit) * 7); XMEMCPY(v, a, sizeof(sp_digit) * 7); @@ -25606,7 +25455,7 @@ static int sp_384_mod_inv_7(sp_digit* r, const sp_digit* a, const sp_digit* m) else XMEMCPY(r, d, sizeof(sp_digit) * 7); } -#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (u != NULL) XFREE(u, NULL, DYNAMIC_TYPE_ECC); #endif @@ -25901,52 +25750,41 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, int* res, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit u1d[2*7]; - sp_digit u2d[2*7]; - sp_digit sd[2*7]; - sp_digit tmpd[2*7 * 5]; - sp_point_384 p1d; - sp_point_384 p2d; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* u1 = NULL; + sp_point_384* p1 = NULL; +#else + sp_digit u1[16 * 7]; + sp_point_384 p1[2]; +#endif sp_digit* u2 = NULL; sp_digit* s = NULL; sp_digit* tmp = NULL; - sp_point_384* p1; sp_point_384* p2 = NULL; sp_digit carry; int64_t c = 0; - int err; + int err = MP_OKAY; - err = sp_384_point_new_7(heap, p1d, p1); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_384_point_new_7(heap, p2d, p2); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 7, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + p1 = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (p1 == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 7, heap, + DYNAMIC_TYPE_ECC); + if (u1 == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - u1 = d + 0 * 7; - u2 = d + 2 * 7; - s = d + 4 * 7; - tmp = d + 6 * 7; -#else - u1 = u1d; - u2 = u2d; - s = sd; - tmp = tmpd; -#endif + u2 = u1 + 2 * 7; + s = u1 + 4 * 7; + tmp = u1 + 6 * 7; + p2 = p1 + 1; if (hashLen > 48U) { hashLen = 48U; @@ -25997,12 +25835,12 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) - XFREE(d, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (u1 != NULL) + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + if (p1 != NULL) + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_7(p1, 0, heap); - sp_384_point_free_7(p2, 0, heap); return err; } @@ -26019,32 +25857,23 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, static int sp_384_ecc_is_point_7(const sp_point_384* point, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2*7]; - sp_digit t2d[2*7]; + sp_digit t1[7 * 4]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 4, heap, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 4, heap, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif (void)heap; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 7; - t2 = d + 2 * 7; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 7; sp_384_sqr_7(t1, point->y); (void)sp_384_mod_7(t1, t1, p384_mod); @@ -26064,10 +25893,9 @@ static int sp_384_ecc_is_point_7(const sp_point_384* point, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -26082,14 +25910,21 @@ static int sp_384_ecc_is_point_7(const sp_point_384* point, */ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 pubd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* pub = NULL; +#else + sp_point_384 pub[1]; +#endif + const byte one[1] = { 1 }; + int err = MP_OKAY; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; #endif - sp_point_384* pub; - byte one[1] = { 1 }; - int err; - err = sp_384_point_new_7(NULL, pubd, pub); if (err == MP_OKAY) { sp_384_from_mp(pub->x, 7, pX); sp_384_from_mp(pub->y, 7, pY); @@ -26098,7 +25933,10 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) err = sp_384_ecc_is_point_7(pub, NULL); } - sp_384_point_free_7(pub, 0, NULL); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -26117,45 +25955,45 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, const mp_int* privm, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit privd[7]; - sp_point_384 pubd; - sp_point_384 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* priv = NULL; - sp_point_384* pub; - sp_point_384* p = NULL; - byte one[1] = { 1 }; - int err; - - err = sp_384_point_new_7(heap, pubd, pub); - if (err == MP_OKAY) { - err = sp_384_point_new_7(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY && privm) { - priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7, heap, - DYNAMIC_TYPE_ECC); - if (priv == NULL) { - err = MEMORY_E; - } - } + sp_point_384* pub = NULL; +#else + sp_digit priv[7]; + sp_point_384 pub[2]; #endif + sp_point_384* p = NULL; + const byte one[1] = { 1 }; + int err = MP_OKAY; + /* Quick check the lengs of public key ordinates and private key are in * range. Proper check later. */ - if ((err == MP_OKAY) && ((mp_count_bits(pX) > 384) || + if (((mp_count_bits(pX) > 384) || (mp_count_bits(pY) > 384) || ((privm != NULL) && (mp_count_bits(privm) > 384)))) { err = ECC_OUT_OF_RANGE_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - priv = privd; + pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY && privm) { + priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7, heap, + DYNAMIC_TYPE_ECC); + if (priv == NULL) + err = MEMORY_E; + } #endif + if (err == MP_OKAY) { + p = pub + 1; + sp_384_from_mp(pub->x, 7, pX); sp_384_from_mp(pub->y, 7, pY); sp_384_from_bin(pub->z, 7, one, (int)sizeof(one)); @@ -26204,13 +26042,12 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (priv != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + if (priv != NULL) XFREE(priv, heap, DYNAMIC_TYPE_ECC); - } #endif - sp_384_point_free_7(p, 0, heap); - sp_384_point_free_7(pub, 0, heap); return err; } @@ -26234,33 +26071,35 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* qX, mp_int* qY, mp_int* qZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 7 * 5]; - sp_point_384 pd; - sp_point_384 qd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_384* p; + sp_point_384* p = NULL; +#else + sp_digit tmp[2 * 7 * 5]; + sp_point_384 p[2]; +#endif sp_point_384* q = NULL; int err; - err = sp_384_point_new_7(NULL, pd, p); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_384_point_new_7(NULL, qd, q); + p = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 7 * 5, NULL, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (tmp == NULL) { err = MEMORY_E; } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { + q = p + 1; + sp_384_from_mp(p->x, 7, pX); sp_384_from_mp(p->y, 7, pY); sp_384_from_mp(p->z, 7, pZ); @@ -26281,13 +26120,12 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_384_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_7(q, 0, NULL); - sp_384_point_free_7(p, 0, NULL); return err; } @@ -26306,25 +26144,28 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 7 * 2]; - sp_point_384 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_384* p; - int err; + sp_point_384* p = NULL; +#else + sp_digit tmp[2 * 7 * 2]; + sp_point_384 p[1]; +#endif + int err = MP_OKAY; - err = sp_384_point_new_7(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 7 * 2, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { @@ -26345,12 +26186,12 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_384_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_7(p, 0, NULL); return err; } @@ -26365,25 +26206,29 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, */ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 7 * 6]; - sp_point_384 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_384* p; - int err; + sp_point_384* p = NULL; +#else + sp_digit tmp[2 * 7 * 6]; + sp_point_384 p[1]; +#endif + int err = MP_OKAY; - err = sp_384_point_new_7(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 7 * 6, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { sp_384_from_mp(p->x, 7, pX); @@ -26403,12 +26248,12 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) err = sp_384_to_mp(p->z, pZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_7(p, 0, NULL); return err; } @@ -26421,43 +26266,28 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) */ static int sp_384_mont_sqrt_7(sp_digit* y) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2 * 7]; - sp_digit t2d[2 * 7]; - sp_digit t3d[2 * 7]; - sp_digit t4d[2 * 7]; - sp_digit t5d[2 * 7]; + sp_digit t1[5 * 2 * 7]; #endif - sp_digit* t1; - sp_digit* t2; - sp_digit* t3; - sp_digit* t4; - sp_digit* t5; + sp_digit* t2 = NULL; + sp_digit* t3 = NULL; + sp_digit* t4 = NULL; + sp_digit* t5 = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 7, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 7, NULL, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 7; - t2 = d + 2 * 7; - t3 = d + 4 * 7; - t4 = d + 6 * 7; - t5 = d + 8 * 7; -#else - t1 = t1d; - t2 = t2d; - t3 = t3d; - t4 = t4d; - t5 = t5d; -#endif + t2 = t1 + 2 * 7; + t3 = t1 + 4 * 7; + t4 = t1 + 6 * 7; + t5 = t1 + 8 * 7; { /* t2 = y ^ 0x2 */ @@ -26517,10 +26347,9 @@ static int sp_384_mont_sqrt_7(sp_digit* y) } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -26536,31 +26365,22 @@ static int sp_384_mont_sqrt_7(sp_digit* y) */ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; -#else - sp_digit xd[2 * 7]; - sp_digit yd[2 * 7]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* x = NULL; +#else + sp_digit x[4 * 7]; +#endif sp_digit* y = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 7, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 7, NULL, DYNAMIC_TYPE_ECC); + if (x == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - x = d + 0 * 7; - y = d + 2 * 7; -#else - x = xd; - y = yd; -#endif + y = x + 2 * 7; sp_384_from_mp(x, 7, xm); err = sp_384_mod_mul_norm_7(x, x, p384_mod); @@ -26593,10 +26413,9 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) err = sp_384_to_mp(y, ym); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (x != NULL) + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -27303,34 +27122,25 @@ static int sp_1024_div_18(const sp_digit* a, const sp_digit* d, #endif sp_digit dv; sp_digit r1; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[36]; - sp_digit t2d[18 + 1]; + sp_digit t1[3 * 18 + 1]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 18 + 1), NULL, +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * (3 * 18 + 1), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (t1 == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = td; - t2 = td + 2 * 18; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 18; dv = d[17]; XMEMCPY(t1, a, sizeof(*t1) * 2U * 18U); @@ -27373,10 +27183,9 @@ static int sp_1024_div_18(const sp_digit* a, const sp_digit* d, (sp_digit)1 : (sp_digit)0)); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -27408,6 +27217,8 @@ static int sp_1024_mod_mul_norm_18(sp_digit* r, const sp_digit* a, return sp_1024_mod_18(r, r, m); } + +#ifdef WOLFCRYPT_HAVE_SAKKE /* Create a new point. * * heap [in] Buffer to allocate dynamic memory from. @@ -27439,8 +27250,8 @@ static int sp_1024_point_new_ex_18(void* heap, sp_point_1024* sp, /* Set pointer to data and return no error. */ #define sp_1024_point_new_18(heap, sp, p) sp_1024_point_new_ex_18((heap), &(sp), &(p)) #endif - - +#endif /* WOLFCRYPT_HAVE_SAKKE */ +#ifdef WOLFCRYPT_HAVE_SAKKE /* Free the point. * * p [in,out] Point to free. @@ -27465,6 +27276,7 @@ static void sp_1024_point_free_18(sp_point_1024* p, int clear, void* heap) #endif (void)heap; } +#endif /* WOLFCRYPT_HAVE_SAKKE */ /* Convert an mp_int to an array of sp_digit. * @@ -28789,12 +28601,12 @@ static int sp_1024_ecc_mulmod_18_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r, static int sp_1024_ecc_mulmod_18(sp_point_1024* r, const sp_point_1024* g, const sp_digit* k, int map, int ct, void* heap) { -#ifdef WOLFSSL_SP_NO_MALLOC +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* t = NULL; + sp_digit* tmp = NULL; +#else sp_point_1024 t[3]; sp_digit tmp[2 * 18 * 5]; -#else - sp_point_1024* t; - sp_digit* tmp; #endif sp_digit n; int i; @@ -28806,14 +28618,17 @@ static int sp_1024_ecc_mulmod_18(sp_point_1024* r, const sp_point_1024* g, (void)ct; (void)heap; -#ifndef WOLFSSL_SP_NO_MALLOC - t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap, + DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 18 * 5, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 18 * 5, heap, + DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { @@ -28864,19 +28679,24 @@ static int sp_1024_ecc_mulmod_18(sp_point_1024* r, const sp_point_1024* g, } } -#ifndef WOLFSSL_SP_NO_MALLOC - if (tmp != NULL) { - XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 18 * 5); - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_point_1024) * 3); - XFREE(t, NULL, DYNAMIC_TYPE_ECC); - } -#else - ForceZero(tmp, sizeof(tmp)); - ForceZero(t, sizeof(t)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) #endif + { + ForceZero(tmp, sizeof(sp_digit) * 2 * 18 * 5); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) +#endif + { + ForceZero(t, sizeof(sp_point_1024) * 3); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(t, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -29288,43 +29108,41 @@ static void sp_1024_ecc_recode_7_18(const sp_digit* k, ecc_recode_1024* v) static int sp_1024_ecc_mulmod_win_add_sub_18(sp_point_1024* r, const sp_point_1024* g, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 td[65]; - sp_point_1024 rtd; - sp_point_1024 pd; - sp_digit tmpd[2 * 18 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* t = NULL; + sp_digit* tmp = NULL; +#else + sp_point_1024 t[65+2]; + sp_digit tmp[2 * 18 * 6]; #endif - sp_point_1024* t; - sp_point_1024* rt; + sp_point_1024* rt = NULL; sp_point_1024* p = NULL; - sp_digit* tmp; sp_digit* negy; int i; ecc_recode_1024 v[147]; - int err; + int err = MP_OKAY; /* Constant time used for cache attack resistance implementation. */ (void)ct; (void)heap; - err = sp_1024_point_new_18(heap, rtd, rt); - if (err == MP_OKAY) - err = sp_1024_point_new_18(heap, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 65, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * + (65+2), heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 18 * 6, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; -#else - t = td; - tmp = tmpd; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 18 * 6, + heap, DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif - if (err == MP_OKAY) { + rt = t + 65; + p = t + 65+1; + /* t[0] = {0, 0, 1} * norm */ XMEMSET(&t[0], 0, sizeof(t[0])); t[0].infinity = 1; @@ -29408,14 +29226,12 @@ static int sp_1024_ecc_mulmod_win_add_sub_18(sp_point_1024* r, const sp_point_10 } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); if (tmp != NULL) XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_18(p, 0, heap); - sp_1024_point_free_18(rt, 0, heap); return err; } @@ -29541,29 +29357,30 @@ static void sp_1024_proj_to_affine_18(sp_point_1024* a, sp_digit* t) static int sp_1024_gen_stripe_table_18(const sp_point_1024* a, sp_table_entry_1024* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 td; - sp_point_1024 s1d; - sp_point_1024 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* t = NULL; +#else + sp_point_1024 t[3]; #endif - sp_point_1024* t; sp_point_1024* s1 = NULL; sp_point_1024* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_1024_point_new_18(heap, td, t); - if (err == MP_OKAY) { - err = sp_1024_point_new_18(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_1024_point_new_18(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_1024_mod_mul_norm_18(t->x, a->x, p1024_mod); } if (err == MP_OKAY) { @@ -29608,9 +29425,10 @@ static int sp_1024_gen_stripe_table_18(const sp_point_1024* a, } } - sp_1024_point_free_18(s2, 0, heap); - sp_1024_point_free_18(s1, 0, heap); - sp_1024_point_free_18( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -29636,19 +29454,19 @@ static int sp_1024_ecc_mulmod_stripe_18(sp_point_1024* r, const sp_point_1024* g const sp_table_entry_1024* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 rtd; - sp_point_1024 pd; - sp_digit td[2 * 18 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_1024 rt[2]; + sp_digit t[2 * 18 * 5]; #endif - sp_point_1024* rt; sp_point_1024* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -29656,21 +29474,22 @@ static int sp_1024_ecc_mulmod_stripe_18(sp_point_1024* r, const sp_point_1024* g (void)heap; - err = sp_1024_point_new_18(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_1024_point_new_18(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 18 * 5, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 18 * 5, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p1024_norm_mod, sizeof(p1024_norm_mod)); XMEMCPY(rt->z, p1024_norm_mod, sizeof(p1024_norm_mod)); @@ -29706,13 +29525,12 @@ static int sp_1024_ecc_mulmod_stripe_18(sp_point_1024* r, const sp_point_1024* g } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_18(p, 0, heap); - sp_1024_point_free_18(rt, 0, heap); return err; } @@ -29876,25 +29694,28 @@ static int sp_1024_ecc_mulmod_18(sp_point_1024* r, const sp_point_1024* g, const int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_digit kd[18]; -#endif - sp_point_1024* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; sp_digit* k = NULL; +#else + sp_point_1024 point[1]; + sp_digit k[18]; +#endif int err = MP_OKAY; - err = sp_1024_point_new_18(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_1024_from_mp(k, 18, km); sp_1024_point_from_ecc_point_18(point, gm); @@ -29905,12 +29726,12 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, err = sp_1024_point_to_ecc_point_18(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_18(point, 0, heap); return err; } @@ -33293,26 +33114,28 @@ static int sp_1024_ecc_mulmod_base_18(sp_point_1024* r, const sp_digit* k, */ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_digit kd[18]; -#endif - sp_point_1024* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; sp_digit* k = NULL; +#else + sp_point_1024 point[1]; + sp_digit k[18]; +#endif int err = MP_OKAY; - err = sp_1024_point_new_18(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_1024_from_mp(k, 18, km); @@ -33322,12 +33145,12 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) err = sp_1024_point_to_ecc_point_18(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_18(point, 0, heap); return err; } @@ -33346,37 +33169,35 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_point_1024 a; - sp_digit kd[18]; - sp_digit t[18 * 2 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; + sp_digit* k = NULL; +#else + sp_point_1024 point[2]; + sp_digit k[18 + 18 * 2 * 5]; #endif - sp_point_1024* point; sp_point_1024* addP = NULL; sp_digit* tmp = NULL; - sp_digit* k = NULL; int err = MP_OKAY; - err = sp_1024_point_new_18(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_1024_point_new_18(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (18 + 18 * 2 * 5), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (18 + 18 * 2 * 5), + heap, DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 18; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 18; + sp_1024_from_mp(k, 18, km); sp_1024_point_from_ecc_point_18(addP, am); } @@ -33402,13 +33223,12 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, err = sp_1024_point_to_ecc_point_18(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_18(addP, 0, heap); - sp_1024_point_free_18(point, 0, heap); return err; } @@ -33426,29 +33246,43 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, void* heap) { - int err = 0; -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_point_1024* point = NULL; + sp_digit* t = NULL; +#else + sp_point_1024 point[1]; sp_digit t[5 * 2 * 18]; +#endif + int err = MP_OKAY; if ((gm == NULL) || (len == NULL)) { err = BAD_FUNC_ARG; } - if ((err == 0) && (table == NULL)) { + if ((err == MP_OKAY) && (table == NULL)) { *len = sizeof(sp_table_entry_1024) * 256; err = LENGTH_ONLY_E; } - if ((err == 0) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { + if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { err = BUFFER_E; } - if (err == 0) { - err = sp_1024_point_new_18(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; } - if (err == 0) { + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 18, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; + } +#endif + + if (err == MP_OKAY) { sp_1024_point_from_ecc_point_18(point, gm); err = sp_1024_gen_stripe_table_18(point, (sp_table_entry_1024*)table, t, heap); @@ -33457,7 +33291,12 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, *len = sizeof(sp_table_entry_1024) * 256; } - sp_1024_point_free_18(point, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -33510,24 +33349,28 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_digit kd[18]; -#endif - sp_point_1024* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; sp_digit* k = NULL; +#else + sp_point_1024 point[1]; + sp_digit k[18]; +#endif int err = MP_OKAY; - err = sp_1024_point_new_18(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18, heap, DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_1024_from_mp(k, 18, km); sp_1024_point_from_ecc_point_18(point, gm); @@ -33544,12 +33387,12 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, err = sp_1024_point_to_ecc_point_18(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_18(point, 0, heap); return err; } @@ -36743,33 +36586,24 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n) static int sp_1024_ecc_is_point_18(const sp_point_1024* point, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2*18]; - sp_digit t2d[2*18]; + sp_digit t1[18 * 4]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int64_t n; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18 * 4, heap, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18 * 4, heap, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif (void)heap; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 18; - t2 = d + 2 * 18; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 18; sp_1024_sqr_18(t1, point->y); (void)sp_1024_mod_18(t1, t1, p1024_mod); @@ -36793,10 +36627,9 @@ static int sp_1024_ecc_is_point_18(const sp_point_1024* point, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -36811,14 +36644,21 @@ static int sp_1024_ecc_is_point_18(const sp_point_1024* point, */ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 pubd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* pub = NULL; +#else + sp_point_1024 pub[1]; +#endif + const byte one[1] = { 1 }; + int err = MP_OKAY; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), NULL, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; #endif - sp_point_1024* pub; - byte one[1] = { 1 }; - int err; - err = sp_1024_point_new_18(NULL, pubd, pub); if (err == MP_OKAY) { sp_1024_from_mp(pub->x, 18, pX); sp_1024_from_mp(pub->y, 18, pY); @@ -36827,7 +36667,10 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) err = sp_1024_ecc_is_point_18(pub, NULL); } - sp_1024_point_free_18(pub, 0, NULL); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -36846,45 +36689,45 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, const mp_int* privm, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit privd[18]; - sp_point_1024 pubd; - sp_point_1024 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* priv = NULL; - sp_point_1024* pub; - sp_point_1024* p = NULL; - byte one[1] = { 1 }; - int err; - - err = sp_1024_point_new_18(heap, pubd, pub); - if (err == MP_OKAY) { - err = sp_1024_point_new_18(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY && privm) { - priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18, heap, - DYNAMIC_TYPE_ECC); - if (priv == NULL) { - err = MEMORY_E; - } - } + sp_point_1024* pub = NULL; +#else + sp_digit priv[18]; + sp_point_1024 pub[2]; #endif + sp_point_1024* p = NULL; + const byte one[1] = { 1 }; + int err = MP_OKAY; + /* Quick check the lengs of public key ordinates and private key are in * range. Proper check later. */ - if ((err == MP_OKAY) && ((mp_count_bits(pX) > 1024) || + if (((mp_count_bits(pX) > 1024) || (mp_count_bits(pY) > 1024) || ((privm != NULL) && (mp_count_bits(privm) > 1024)))) { err = ECC_OUT_OF_RANGE_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - priv = privd; + pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY && privm) { + priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 18, heap, + DYNAMIC_TYPE_ECC); + if (priv == NULL) + err = MEMORY_E; + } #endif + if (err == MP_OKAY) { + p = pub + 1; + sp_1024_from_mp(pub->x, 18, pX); sp_1024_from_mp(pub->y, 18, pY); sp_1024_from_bin(pub->z, 18, one, (int)sizeof(one)); @@ -36933,13 +36776,12 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (priv != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + if (priv != NULL) XFREE(priv, heap, DYNAMIC_TYPE_ECC); - } #endif - sp_1024_point_free_18(p, 0, heap); - sp_1024_point_free_18(pub, 0, heap); return err; } diff --git a/wolfcrypt/src/sp_cortexm.c b/wolfcrypt/src/sp_cortexm.c index ff357fdb5..5e840627d 100644 --- a/wolfcrypt/src/sp_cortexm.c +++ b/wolfcrypt/src/sp_cortexm.c @@ -3163,12 +3163,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[16 * 64]; #endif sp_digit* t[16]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -3180,19 +3180,14 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 64), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<16; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 64; -#else - t[i] = &td[i * 64]; -#endif } sp_2048_mont_setup(m, &mp); @@ -3288,9 +3283,8 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -3309,12 +3303,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[32 * 64]; #endif sp_digit* t[32]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -3326,19 +3320,14 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 64), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<32; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 64; -#else - t[i] = &td[i * 64]; -#endif } sp_2048_mont_setup(m, &mp); @@ -3451,9 +3440,8 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -3900,12 +3888,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[16 * 128]; #endif sp_digit* t[16]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -3917,19 +3905,14 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 128), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<16; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 128; -#else - t[i] = &td[i * 128]; -#endif } sp_2048_mont_setup(m, &mp); @@ -4025,9 +4008,8 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -4046,12 +4028,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[32 * 128]; #endif sp_digit* t[32]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -4063,19 +4045,14 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 128), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<32; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 128; -#else - t[i] = &td[i * 128]; -#endif } sp_2048_mont_setup(m, &mp); @@ -4188,9 +4165,8 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -4214,18 +4190,15 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, const mp_int* mm, byte* out, word32* outLen) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit a[128]; - sp_digit m[64]; - sp_digit r[128]; -#else - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[64 * 5]; +#endif sp_digit* m = NULL; sp_digit* r = NULL; -#endif sp_digit *ah = NULL; - sp_digit e[1]; + sp_digit e[1] = {0}; int err = MP_OKAY; if (*outLen < 256) { @@ -4239,22 +4212,18 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 5, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) + if (a == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - a = d; - r = a + 64 * 2; - m = r + 64 * 2; - } #endif if (err == MP_OKAY) { + r = a + 64 * 2; + m = r + 64 * 2; ah = a + 64; sp_2048_from_bin(ah, 64, in, inLen); @@ -4327,10 +4296,9 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, *outLen = 256; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -4400,8 +4368,12 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, const mp_int* qim, const mp_int* mm, byte* out, word32* outLen) { #if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM) - sp_digit* a = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[64 * 4]; +#endif + sp_digit* a = NULL; sp_digit* m = NULL; sp_digit* r = NULL; int err = MP_OKAY; @@ -4430,13 +4402,15 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 4, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) { + if (d == NULL) err = MEMORY_E; - } } +#endif + if (err == MP_OKAY) { a = d + 64; m = a + 128; @@ -4447,34 +4421,36 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, sp_2048_from_mp(m, 64, mm); err = sp_2048_mod_exp_64(r, a, d, 2048, m, 0); } + if (err == MP_OKAY) { sp_2048_to_bin(r, out); *outLen = 256; } - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 64); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) +#endif + { + /* only "a" and "r" are sensitive and need zeroized (same pointer) */ + if (a != NULL) + ForceZero(a, sizeof(sp_digit) * 64); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#endif } return err; #else -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit a[64 * 2]; - sp_digit p[32]; - sp_digit q[32]; - sp_digit dp[32]; - sp_digit tmpa[64]; - sp_digit tmpb[64]; -#else - sp_digit* t = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[32 * 11]; +#endif sp_digit* p = NULL; sp_digit* q = NULL; sp_digit* dp = NULL; sp_digit* tmpa = NULL; sp_digit* tmpb = NULL; -#endif sp_digit* r = NULL; sp_digit* qi = NULL; sp_digit* dq = NULL; @@ -4494,31 +4470,23 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 11, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 11, NULL, DYNAMIC_TYPE_RSA); - if (t == NULL) + if (a == NULL) err = MEMORY_E; } +#endif + if (err == MP_OKAY) { - a = t; p = a + 64 * 2; q = p + 32; qi = dq = dp = q + 32; tmpa = qi + 32; tmpb = tmpa + 64; - - r = t + 64; - } -#else -#endif - - if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) r = a; - qi = dq = dp; -#endif + sp_2048_from_bin(a, 64, in, inLen); sp_2048_from_mp(p, 32, pm); sp_2048_from_mp(q, 32, qm); @@ -4550,19 +4518,16 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, *outLen = 256; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_digit) * 32 * 11); - XFREE(t, NULL, DYNAMIC_TYPE_RSA); - } -#else - XMEMSET(tmpa, 0, sizeof(tmpa)); - XMEMSET(tmpb, 0, sizeof(tmpb)); - XMEMSET(p, 0, sizeof(p)); - XMEMSET(q, 0, sizeof(q)); - XMEMSET(dp, 0, sizeof(dp)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) #endif -#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */ + { + ForceZero(a, sizeof(sp_digit) * 32 * 11); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); + #endif + } +#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */ return err; } #endif /* WOLFSSL_RSA_PUBLIC_ONLY */ @@ -5104,12 +5069,12 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[193]; #endif - sp_digit* norm; - sp_digit* tmp; + sp_digit* norm = NULL; + sp_digit* tmp = NULL; sp_digit mp = 1; sp_digit n; sp_digit o; @@ -5122,18 +5087,13 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 193, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) tmp = td + 128; -#else - tmp = &td[128]; -#endif sp_2048_mont_setup(m, &mp); sp_2048_mont_norm_64(norm, m); @@ -5204,9 +5164,8 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -8098,12 +8057,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[16 * 96]; #endif sp_digit* t[16]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -8115,19 +8074,14 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 96), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<16; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 96; -#else - t[i] = &td[i * 96]; -#endif } sp_3072_mont_setup(m, &mp); @@ -8223,9 +8177,8 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -8244,12 +8197,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[32 * 96]; #endif sp_digit* t[32]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -8261,19 +8214,14 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 96), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<32; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 96; -#else - t[i] = &td[i * 96]; -#endif } sp_3072_mont_setup(m, &mp); @@ -8386,9 +8334,8 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -8838,12 +8785,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[16 * 192]; #endif sp_digit* t[16]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -8855,19 +8802,14 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 192), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<16; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 192; -#else - t[i] = &td[i * 192]; -#endif } sp_3072_mont_setup(m, &mp); @@ -8963,9 +8905,8 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -8984,12 +8925,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[32 * 192]; #endif sp_digit* t[32]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -9001,19 +8942,14 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 192), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<32; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 192; -#else - t[i] = &td[i * 192]; -#endif } sp_3072_mont_setup(m, &mp); @@ -9126,9 +9062,8 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -9152,18 +9087,15 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, const mp_int* mm, byte* out, word32* outLen) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit a[192]; - sp_digit m[96]; - sp_digit r[192]; -#else - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[96 * 5]; +#endif sp_digit* m = NULL; sp_digit* r = NULL; -#endif sp_digit *ah = NULL; - sp_digit e[1]; + sp_digit e[1] = {0}; int err = MP_OKAY; if (*outLen < 384) { @@ -9177,22 +9109,18 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 96 * 5, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 96 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) + if (a == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - a = d; - r = a + 96 * 2; - m = r + 96 * 2; - } #endif if (err == MP_OKAY) { + r = a + 96 * 2; + m = r + 96 * 2; ah = a + 96; sp_3072_from_bin(ah, 96, in, inLen); @@ -9265,10 +9193,9 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, *outLen = 384; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -9338,8 +9265,12 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, const mp_int* qim, const mp_int* mm, byte* out, word32* outLen) { #if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM) - sp_digit* a = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[96 * 4]; +#endif + sp_digit* a = NULL; sp_digit* m = NULL; sp_digit* r = NULL; int err = MP_OKAY; @@ -9368,13 +9299,15 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 96 * 4, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) { + if (d == NULL) err = MEMORY_E; - } } +#endif + if (err == MP_OKAY) { a = d + 96; m = a + 192; @@ -9385,34 +9318,36 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, sp_3072_from_mp(m, 96, mm); err = sp_3072_mod_exp_96(r, a, d, 3072, m, 0); } + if (err == MP_OKAY) { sp_3072_to_bin(r, out); *outLen = 384; } - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 96); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) +#endif + { + /* only "a" and "r" are sensitive and need zeroized (same pointer) */ + if (a != NULL) + ForceZero(a, sizeof(sp_digit) * 96); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#endif } return err; #else -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit a[96 * 2]; - sp_digit p[48]; - sp_digit q[48]; - sp_digit dp[48]; - sp_digit tmpa[96]; - sp_digit tmpb[96]; -#else - sp_digit* t = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[48 * 11]; +#endif sp_digit* p = NULL; sp_digit* q = NULL; sp_digit* dp = NULL; sp_digit* tmpa = NULL; sp_digit* tmpb = NULL; -#endif sp_digit* r = NULL; sp_digit* qi = NULL; sp_digit* dq = NULL; @@ -9432,31 +9367,23 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 48 * 11, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 48 * 11, NULL, DYNAMIC_TYPE_RSA); - if (t == NULL) + if (a == NULL) err = MEMORY_E; } +#endif + if (err == MP_OKAY) { - a = t; p = a + 96 * 2; q = p + 48; qi = dq = dp = q + 48; tmpa = qi + 48; tmpb = tmpa + 96; - - r = t + 96; - } -#else -#endif - - if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) r = a; - qi = dq = dp; -#endif + sp_3072_from_bin(a, 96, in, inLen); sp_3072_from_mp(p, 48, pm); sp_3072_from_mp(q, 48, qm); @@ -9488,19 +9415,16 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, *outLen = 384; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_digit) * 48 * 11); - XFREE(t, NULL, DYNAMIC_TYPE_RSA); - } -#else - XMEMSET(tmpa, 0, sizeof(tmpa)); - XMEMSET(tmpb, 0, sizeof(tmpb)); - XMEMSET(p, 0, sizeof(p)); - XMEMSET(q, 0, sizeof(q)); - XMEMSET(dp, 0, sizeof(dp)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) #endif -#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */ + { + ForceZero(a, sizeof(sp_digit) * 48 * 11); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); + #endif + } +#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */ return err; } #endif /* WOLFSSL_RSA_PUBLIC_ONLY */ @@ -10238,12 +10162,12 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[289]; #endif - sp_digit* norm; - sp_digit* tmp; + sp_digit* norm = NULL; + sp_digit* tmp = NULL; sp_digit mp = 1; sp_digit n; sp_digit o; @@ -10256,18 +10180,13 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 289, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) tmp = td + 192; -#else - tmp = &td[192]; -#endif sp_3072_mont_setup(m, &mp); sp_3072_mont_norm_96(norm, m); @@ -10338,9 +10257,8 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -12189,12 +12107,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[16 * 256]; #endif sp_digit* t[16]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -12206,19 +12124,14 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 * 256), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<16; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 256; -#else - t[i] = &td[i * 256]; -#endif } sp_4096_mont_setup(m, &mp); @@ -12314,9 +12227,8 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -12335,12 +12247,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e int bits, const sp_digit* m, int reduceA) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[32 * 256]; #endif sp_digit* t[32]; - sp_digit* norm; + sp_digit* norm = NULL; sp_digit mp = 1; sp_digit n; sp_digit mask; @@ -12352,19 +12264,14 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 * 256), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; for (i=0; i<32; i++) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t[i] = td + i * 256; -#else - t[i] = &td[i * 256]; -#endif } sp_4096_mont_setup(m, &mp); @@ -12477,9 +12384,8 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -12503,18 +12409,15 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, const mp_int* mm, byte* out, word32* outLen) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit a[256]; - sp_digit m[128]; - sp_digit r[256]; -#else - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[128 * 5]; +#endif sp_digit* m = NULL; sp_digit* r = NULL; -#endif sp_digit *ah = NULL; - sp_digit e[1]; + sp_digit e[1] = {0}; int err = MP_OKAY; if (*outLen < 512) { @@ -12528,22 +12431,18 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 128 * 5, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 128 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) + if (a == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - a = d; - r = a + 128 * 2; - m = r + 128 * 2; - } #endif if (err == MP_OKAY) { + r = a + 128 * 2; + m = r + 128 * 2; ah = a + 128; sp_4096_from_bin(ah, 128, in, inLen); @@ -12616,10 +12515,9 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, *outLen = 512; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -12690,8 +12588,12 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, const mp_int* qim, const mp_int* mm, byte* out, word32* outLen) { #if defined(SP_RSA_PRIVATE_EXP_D) || defined(RSA_LOW_MEM) - sp_digit* a = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[128 * 4]; +#endif + sp_digit* a = NULL; sp_digit* m = NULL; sp_digit* r = NULL; int err = MP_OKAY; @@ -12720,13 +12622,15 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 128 * 4, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) { + if (d == NULL) err = MEMORY_E; - } } +#endif + if (err == MP_OKAY) { a = d + 128; m = a + 256; @@ -12737,34 +12641,36 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, sp_4096_from_mp(m, 128, mm); err = sp_4096_mod_exp_128(r, a, d, 4096, m, 0); } + if (err == MP_OKAY) { sp_4096_to_bin(r, out); *outLen = 512; } - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 128); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) +#endif + { + /* only "a" and "r" are sensitive and need zeroized (same pointer) */ + if (a != NULL) + ForceZero(a, sizeof(sp_digit) * 128); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#endif } return err; #else -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit a[128 * 2]; - sp_digit p[64]; - sp_digit q[64]; - sp_digit dp[64]; - sp_digit tmpa[128]; - sp_digit tmpb[128]; -#else - sp_digit* t = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* a = NULL; +#else + sp_digit a[64 * 11]; +#endif sp_digit* p = NULL; sp_digit* q = NULL; sp_digit* dp = NULL; sp_digit* tmpa = NULL; sp_digit* tmpb = NULL; -#endif sp_digit* r = NULL; sp_digit* qi = NULL; sp_digit* dq = NULL; @@ -12784,31 +12690,23 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 11, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 11, NULL, DYNAMIC_TYPE_RSA); - if (t == NULL) + if (a == NULL) err = MEMORY_E; } +#endif + if (err == MP_OKAY) { - a = t; p = a + 128 * 2; q = p + 64; qi = dq = dp = q + 64; tmpa = qi + 64; tmpb = tmpa + 128; - - r = t + 128; - } -#else -#endif - - if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) r = a; - qi = dq = dp; -#endif + sp_4096_from_bin(a, 128, in, inLen); sp_4096_from_mp(p, 64, pm); sp_4096_from_mp(q, 64, qm); @@ -12840,19 +12738,16 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, *outLen = 512; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_digit) * 64 * 11); - XFREE(t, NULL, DYNAMIC_TYPE_RSA); - } -#else - XMEMSET(tmpa, 0, sizeof(tmpa)); - XMEMSET(tmpb, 0, sizeof(tmpb)); - XMEMSET(p, 0, sizeof(p)); - XMEMSET(q, 0, sizeof(q)); - XMEMSET(dp, 0, sizeof(dp)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) #endif -#endif /* SP_RSA_PRIVATE_EXP_D | RSA_LOW_MEM */ + { + ForceZero(a, sizeof(sp_digit) * 64 * 11); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); + #endif + } +#endif /* SP_RSA_PRIVATE_EXP_D || RSA_LOW_MEM */ return err; } #endif /* WOLFSSL_RSA_PUBLIC_ONLY */ @@ -13786,12 +13681,12 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* td; + sp_digit* td = NULL; #else sp_digit td[385]; #endif - sp_digit* norm; - sp_digit* tmp; + sp_digit* norm = NULL; + sp_digit* tmp = NULL; sp_digit mp = 1; sp_digit n; sp_digit o; @@ -13804,18 +13699,13 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) td = (sp_digit*)XMALLOC(sizeof(sp_digit) * 385, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (td == NULL) { + if (td == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { norm = td; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) tmp = td + 256; -#else - tmp = &td[256]; -#endif sp_4096_mont_setup(m, &mp); sp_4096_mont_norm_128(norm, m); @@ -13886,9 +13776,8 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits, } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) { + if (td != NULL) XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } #endif return err; @@ -15088,64 +14977,6 @@ SP_NOINLINE static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, } #endif /* WOLFSSL_SP_SMALL */ -/* Create a new point. - * - * heap [in] Buffer to allocate dynamic memory from. - * sp [in] Data for point - only if not allocating. - * p [out] New point. - * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise. - */ -static int sp_256_point_new_ex_8(void* heap, sp_point_256* sp, - sp_point_256** p) -{ - int ret = MP_OKAY; - (void)heap; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - (void)sp; - *p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC); -#else - *p = sp; -#endif - if (*p == NULL) { - ret = MEMORY_E; - } - return ret; -} - -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* Allocate memory for point and return error. */ -#define sp_256_point_new_8(heap, sp, p) sp_256_point_new_ex_8((heap), NULL, &(p)) -#else -/* Set pointer to data and return no error. */ -#define sp_256_point_new_8(heap, sp, p) sp_256_point_new_ex_8((heap), &(sp), &(p)) -#endif - - -/* Free the point. - * - * p [in,out] Point to free. - * clear [in] Indicates whether to zeroize point. - * heap [in] Buffer from which dynamic memory was allocate from. - */ -static void sp_256_point_free_8(sp_point_256* p, int clear, void* heap) -{ -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* If valid pointer then clear point data if requested and free data. */ - if (p != NULL) { - if (clear != 0) { - XMEMSET(p, 0, sizeof(*p)); - } - XFREE(p, heap, DYNAMIC_TYPE_ECC); - } -#else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { - XMEMSET(p, 0, sizeof(*p)); - } -#endif - (void)heap; -} - /* Multiply a number by Montogmery normalizer mod modulus (prime). * * r The resulting Montgomery form number. @@ -18164,56 +17995,55 @@ static void sp_256_get_point_16_8(sp_point_256* r, const sp_point_256* table, static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 td[16]; - sp_point_256 rtd; - sp_digit tmpd[2 * 8 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* t = NULL; + sp_digit* tmp = NULL; +#else + sp_point_256 t[16]; + sp_digit tmp[2 * 8 * 5]; +#endif + sp_point_256* rt = NULL; #ifndef WC_NO_CACHE_RESISTANT - sp_point_256 pd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* p = NULL; +#else + sp_point_256 p[1]; #endif -#endif - sp_point_256* t; - sp_point_256* rt; -#ifndef WC_NO_CACHE_RESISTANT - sp_point_256* p; -#endif - sp_digit* tmp; +#endif /* !WC_NO_CACHE_RESISTANT */ sp_digit n; int i; int c; int y; - int err; + int err = MP_OKAY; /* Constant time used for cache attack resistance implementation. */ (void)ct; (void)heap; - err = sp_256_point_new_8(heap, rtd, rt); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -#ifndef WC_NO_CACHE_RESISTANT - t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 17, heap, DYNAMIC_TYPE_ECC); -#else - t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 16, heap, DYNAMIC_TYPE_ECC); -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 16, + heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; -#else - t = td; - tmp = tmpd; + #ifndef WC_NO_CACHE_RESISTANT + if (err == MP_OKAY) { + p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), + heap, DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } + #endif + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap, + DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { -#ifndef WC_NO_CACHE_RESISTANT - #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - p = t + 16; - #else - p = &pd; - #endif -#endif + rt = t + 16; + /* t[0] = {0, 0, 1} * norm */ XMEMSET(&t[0], 0, sizeof(t[0])); t[0].infinity = 1; @@ -18301,20 +18131,35 @@ static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, cons } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { - XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 8 * 5); - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); - } - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_point_256) * 16); - XFREE(t, heap, DYNAMIC_TYPE_ECC); - } -#else - ForceZero(tmpd, sizeof(tmpd)); - ForceZero(td, sizeof(td)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) #endif - sp_256_point_free_8(rt, 1, heap); + { + ForceZero(tmp, sizeof(sp_digit) * 2 * 8 * 5); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + #endif + } +#ifndef WC_NO_CACHE_RESISTANT + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (p != NULL) + #endif + { + ForceZero(p, sizeof(sp_point_256)); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(p, heap, DYNAMIC_TYPE_ECC); + #endif + } +#endif /* !WC_NO_CACHE_RESISTANT */ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) +#endif + { + ForceZero(t, sizeof(sp_point_256) * 17); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(t, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -18538,29 +18383,30 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r, const sp_point_256* p, static int sp_256_gen_stripe_table_8(const sp_point_256* a, sp_table_entry_256* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 td; - sp_point_256 s1d; - sp_point_256 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* t = NULL; +#else + sp_point_256 t[3]; #endif - sp_point_256* t; sp_point_256* s1 = NULL; sp_point_256* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_256_point_new_8(heap, td, t); - if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_256_mod_mul_norm_8(t->x, a->x, p256_mod); } if (err == MP_OKAY) { @@ -18605,9 +18451,10 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a, } } - sp_256_point_free_8(s2, 0, heap); - sp_256_point_free_8(s1, 0, heap); - sp_256_point_free_8( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -18683,19 +18530,19 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, const sp_table_entry_256* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 rtd; - sp_point_256 pd; - sp_digit td[2 * 8 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_256 rt[2]; + sp_digit t[2 * 8 * 5]; #endif - sp_point_256* rt; sp_point_256* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -18703,21 +18550,22 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, (void)heap; - err = sp_256_point_new_8(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod)); XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod)); @@ -18768,13 +18616,12 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(p, 0, heap); - sp_256_point_free_8(rt, 0, heap); return err; } @@ -18940,29 +18787,30 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g, const sp_ static int sp_256_gen_stripe_table_8(const sp_point_256* a, sp_table_entry_256* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 td; - sp_point_256 s1d; - sp_point_256 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* t = NULL; +#else + sp_point_256 t[3]; #endif - sp_point_256* t; sp_point_256* s1 = NULL; sp_point_256* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_256_point_new_8(heap, td, t); - if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_256_mod_mul_norm_8(t->x, a->x, p256_mod); } if (err == MP_OKAY) { @@ -19007,9 +18855,10 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a, } } - sp_256_point_free_8(s2, 0, heap); - sp_256_point_free_8(s1, 0, heap); - sp_256_point_free_8( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -19085,19 +18934,19 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, const sp_table_entry_256* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 rtd; - sp_point_256 pd; - sp_digit td[2 * 8 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_256 rt[2]; + sp_digit t[2 * 8 * 5]; #endif - sp_point_256* rt; sp_point_256* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -19105,21 +18954,22 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, (void)heap; - err = sp_256_point_new_8(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod)); XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod)); @@ -19170,13 +19020,12 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(p, 0, heap); - sp_256_point_free_8(rt, 0, heap); return err; } @@ -19340,25 +19189,28 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g, const sp_ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[8]; -#endif - sp_point_256* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[1]; + sp_digit k[8]; +#endif int err = MP_OKAY; - err = sp_256_point_new_8(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_256_from_mp(k, 8, km); sp_256_point_from_ecc_point_8(point, gm); @@ -19369,12 +19221,12 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, err = sp_256_point_to_ecc_point_8(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(point, 0, heap); return err; } @@ -19394,37 +19246,35 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_point_256 a; - sp_digit kd[8]; - sp_digit t[8 * 2 * 5]; -#endif - sp_point_256* point; - sp_point_256* addP = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[2]; + sp_digit k[8 + 8 * 2 * 5]; +#endif + sp_point_256* addP = NULL; sp_digit* tmp = NULL; int err = MP_OKAY; - err = sp_256_point_new_8(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 + 8 * 2 * 5), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (8 + 8 * 2 * 5), heap, + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 8; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 8; + sp_256_from_mp(k, 8, km); sp_256_point_from_ecc_point_8(point, gm); sp_256_point_from_ecc_point_8(addP, am); @@ -19451,13 +19301,12 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, err = sp_256_point_to_ecc_point_8(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(addP, 0, heap); - sp_256_point_free_8(point, 0, heap); return err; } @@ -20891,26 +20740,28 @@ static int sp_256_ecc_mulmod_base_8(sp_point_256* r, const sp_digit* k, */ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[8]; -#endif - sp_point_256* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[1]; + sp_digit k[8]; +#endif int err = MP_OKAY; - err = sp_256_point_new_8(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_256_from_mp(k, 8, km); @@ -20920,12 +20771,12 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) err = sp_256_point_to_ecc_point_8(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(point, 0, heap); return err; } @@ -20944,37 +20795,35 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_point_256 a; - sp_digit kd[8]; - sp_digit t[8 * 2 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; + sp_digit* k = NULL; +#else + sp_point_256 point[2]; + sp_digit k[8 + 8 * 2 * 5]; #endif - sp_point_256* point; sp_point_256* addP = NULL; sp_digit* tmp = NULL; - sp_digit* k = NULL; int err = MP_OKAY; - err = sp_256_point_new_8(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (8 + 8 * 2 * 5), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (8 + 8 * 2 * 5), + heap, DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 8; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 8; + sp_256_from_mp(k, 8, km); sp_256_point_from_ecc_point_8(addP, am); } @@ -21000,13 +20849,12 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, err = sp_256_point_to_ecc_point_8(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(addP, 0, heap); - sp_256_point_free_8(point, 0, heap); return err; } @@ -21137,41 +20985,46 @@ static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k) */ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[8]; -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_point_256 inf; -#endif -#endif - sp_point_256* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + sp_point_256 point[2]; + #else + sp_point_256 point[1]; + #endif + sp_digit k[8]; +#endif #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN sp_point_256* infinity = NULL; #endif - int err; + int err = MP_OKAY; + (void)heap; - err = sp_256_point_new_8(heap, p, point); -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, inf, infinity); - } -#endif -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, DYNAMIC_TYPE_ECC); + #else + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC); + #endif + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif if (err == MP_OKAY) { + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + infinity = point + 1; + #endif + err = sp_256_ecc_gen_k_8(rng, k); } if (err == MP_OKAY) { @@ -21196,15 +21049,14 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_256_point_to_ecc_point_8(point, pub); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); + if (point != NULL) { + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); } #endif -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_256_point_free_8(infinity, 1, heap); -#endif - sp_256_point_free_8(point, 1, heap); return err; } @@ -21265,30 +21117,32 @@ static void sp_256_to_bin(sp_digit* r, byte* a) int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, word32* outLen, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[8]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[1]; + sp_digit k[8]; +#endif int err = MP_OKAY; if (*outLen < 32U) { err = BUFFER_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, p, point); + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif if (err == MP_OKAY) { @@ -21301,12 +21155,12 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, *outLen = 32; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(point, 0, heap); return err; } @@ -22002,22 +21856,17 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit ed[2*8]; - sp_digit xd[2*8]; - sp_digit kd[2*8]; - sp_digit rd[2*8]; - sp_digit td[3 * 2*8]; - sp_point_256 p; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* e = NULL; + sp_point_256* point = NULL; +#else + sp_digit e[7 * 2 * 8]; + sp_point_256 point[1]; +#endif sp_digit* x = NULL; sp_digit* k = NULL; sp_digit* r = NULL; sp_digit* tmp = NULL; - sp_point_256* point = NULL; sp_digit* s = NULL; int32_t c; int err = MP_OKAY; @@ -22025,31 +21874,26 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, (void)heap; - err = sp_256_point_new_8(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 8, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 8, heap, + DYNAMIC_TYPE_ECC); + if (e == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - e = d + 0 * 8; - x = d + 2 * 8; - k = d + 4 * 8; - r = d + 6 * 8; - tmp = d + 8 * 8; -#else - e = ed; - x = xd; - k = kd; - r = rd; - tmp = td; -#endif + x = e + 2 * 8; + k = e + 4 * 8; + r = e + 6 * 8; + tmp = e + 8 * 8; s = e; if (hashLen > 32U) { @@ -22104,19 +21948,24 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, err = sp_256_to_mp(s, sm); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 8 * 8); - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 2U * 8U); - XMEMSET(x, 0, sizeof(sp_digit) * 2U * 8U); - XMEMSET(k, 0, sizeof(sp_digit) * 2U * 8U); - XMEMSET(r, 0, sizeof(sp_digit) * 2U * 8U); - XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 8U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (e != NULL) #endif - sp_256_point_free_8(point, 1, heap); + { + ForceZero(e, sizeof(sp_digit) * 7 * 2 * 8); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(e, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (point != NULL) +#endif + { + ForceZero(point, sizeof(sp_point_256)); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(point, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -22694,52 +22543,41 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, int* res, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit u1d[2*8]; - sp_digit u2d[2*8]; - sp_digit sd[2*8]; - sp_digit tmpd[2*8 * 5]; - sp_point_256 p1d; - sp_point_256 p2d; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* u1 = NULL; + sp_point_256* p1 = NULL; +#else + sp_digit u1[16 * 8]; + sp_point_256 p1[2]; +#endif sp_digit* u2 = NULL; sp_digit* s = NULL; sp_digit* tmp = NULL; - sp_point_256* p1; sp_point_256* p2 = NULL; sp_digit carry; int32_t c = 0; - int err; + int err = MP_OKAY; - err = sp_256_point_new_8(heap, p1d, p1); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, p2d, p2); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 8, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + p1 = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (p1 == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 8, heap, + DYNAMIC_TYPE_ECC); + if (u1 == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - u1 = d + 0 * 8; - u2 = d + 2 * 8; - s = d + 4 * 8; - tmp = d + 6 * 8; -#else - u1 = u1d; - u2 = u2d; - s = sd; - tmp = tmpd; -#endif + u2 = u1 + 2 * 8; + s = u1 + 4 * 8; + tmp = u1 + 6 * 8; + p2 = p1 + 1; if (hashLen > 32U) { hashLen = 32U; @@ -22790,12 +22628,12 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) - XFREE(d, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (u1 != NULL) + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + if (p1 != NULL) + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(p1, 0, heap); - sp_256_point_free_8(p2, 0, heap); return err; } @@ -22812,32 +22650,23 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, static int sp_256_ecc_is_point_8(const sp_point_256* point, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2*8]; - sp_digit t2d[2*8]; + sp_digit t1[8 * 4]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8 * 4, heap, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8 * 4, heap, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif (void)heap; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 8; - t2 = d + 2 * 8; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 8; sp_256_sqr_8(t1, point->y); (void)sp_256_mod_8(t1, t1, p256_mod); @@ -22857,10 +22686,9 @@ static int sp_256_ecc_is_point_8(const sp_point_256* point, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -22875,14 +22703,21 @@ static int sp_256_ecc_is_point_8(const sp_point_256* point, */ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 pubd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* pub = NULL; +#else + sp_point_256 pub[1]; +#endif + const byte one[1] = { 1 }; + int err = MP_OKAY; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; #endif - sp_point_256* pub; - byte one[1] = { 1 }; - int err; - err = sp_256_point_new_8(NULL, pubd, pub); if (err == MP_OKAY) { sp_256_from_mp(pub->x, 8, pX); sp_256_from_mp(pub->y, 8, pY); @@ -22891,7 +22726,10 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) err = sp_256_ecc_is_point_8(pub, NULL); } - sp_256_point_free_8(pub, 0, NULL); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -22910,45 +22748,45 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, const mp_int* privm, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit privd[8]; - sp_point_256 pubd; - sp_point_256 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* priv = NULL; - sp_point_256* pub; - sp_point_256* p = NULL; - byte one[1] = { 1 }; - int err; - - err = sp_256_point_new_8(heap, pubd, pub); - if (err == MP_OKAY) { - err = sp_256_point_new_8(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY && privm) { - priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap, - DYNAMIC_TYPE_ECC); - if (priv == NULL) { - err = MEMORY_E; - } - } + sp_point_256* pub = NULL; +#else + sp_digit priv[8]; + sp_point_256 pub[2]; #endif + sp_point_256* p = NULL; + const byte one[1] = { 1 }; + int err = MP_OKAY; + /* Quick check the lengs of public key ordinates and private key are in * range. Proper check later. */ - if ((err == MP_OKAY) && ((mp_count_bits(pX) > 256) || + if (((mp_count_bits(pX) > 256) || (mp_count_bits(pY) > 256) || ((privm != NULL) && (mp_count_bits(privm) > 256)))) { err = ECC_OUT_OF_RANGE_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - priv = privd; + pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY && privm) { + priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 8, heap, + DYNAMIC_TYPE_ECC); + if (priv == NULL) + err = MEMORY_E; + } #endif + if (err == MP_OKAY) { + p = pub + 1; + sp_256_from_mp(pub->x, 8, pX); sp_256_from_mp(pub->y, 8, pY); sp_256_from_bin(pub->z, 8, one, (int)sizeof(one)); @@ -22997,13 +22835,12 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (priv != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + if (priv != NULL) XFREE(priv, heap, DYNAMIC_TYPE_ECC); - } #endif - sp_256_point_free_8(p, 0, heap); - sp_256_point_free_8(pub, 0, heap); return err; } @@ -23027,33 +22864,35 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* qX, mp_int* qY, mp_int* qZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 8 * 5]; - sp_point_256 pd; - sp_point_256 qd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_256* p; + sp_point_256* p = NULL; +#else + sp_digit tmp[2 * 8 * 5]; + sp_point_256 p[2]; +#endif sp_point_256* q = NULL; int err; - err = sp_256_point_new_8(NULL, pd, p); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_256_point_new_8(NULL, qd, q); + p = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 5, NULL, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (tmp == NULL) { err = MEMORY_E; } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { + q = p + 1; + sp_256_from_mp(p->x, 8, pX); sp_256_from_mp(p->y, 8, pY); sp_256_from_mp(p->z, 8, pZ); @@ -23074,13 +22913,12 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_256_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(q, 0, NULL); - sp_256_point_free_8(p, 0, NULL); return err; } @@ -23099,25 +22937,28 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 8 * 2]; - sp_point_256 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_256* p; - int err; + sp_point_256* p = NULL; +#else + sp_digit tmp[2 * 8 * 2]; + sp_point_256 p[1]; +#endif + int err = MP_OKAY; - err = sp_256_point_new_8(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 2, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { @@ -23138,12 +22979,12 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_256_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(p, 0, NULL); return err; } @@ -23158,25 +22999,29 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, */ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 8 * 4]; - sp_point_256 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_256* p; - int err; + sp_point_256* p = NULL; +#else + sp_digit tmp[2 * 8 * 4]; + sp_point_256 p[1]; +#endif + int err = MP_OKAY; - err = sp_256_point_new_8(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 8 * 4, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { sp_256_from_mp(p->x, 8, pX); @@ -23196,12 +23041,12 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) err = sp_256_to_mp(p->z, pZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_8(p, 0, NULL); return err; } @@ -23214,31 +23059,23 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) */ static int sp_256_mont_sqrt_8(sp_digit* y) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2 * 8]; - sp_digit t2d[2 * 8]; + sp_digit t1[4 * 8]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC); + if (t1 == NULL) { err = MEMORY_E; } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 8; - t2 = d + 2 * 8; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 8; { /* t2 = y ^ 0x2 */ @@ -23273,10 +23110,9 @@ static int sp_256_mont_sqrt_8(sp_digit* y) } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -23292,31 +23128,22 @@ static int sp_256_mont_sqrt_8(sp_digit* y) */ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; -#else - sp_digit xd[2 * 8]; - sp_digit yd[2 * 8]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* x = NULL; +#else + sp_digit x[4 * 8]; +#endif sp_digit* y = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 8, NULL, DYNAMIC_TYPE_ECC); + if (x == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - x = d + 0 * 8; - y = d + 2 * 8; -#else - x = xd; - y = yd; -#endif + y = x + 2 * 8; sp_256_from_mp(x, 8, xm); err = sp_256_mod_mul_norm_8(x, x, p256_mod); @@ -23349,10 +23176,9 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) err = sp_256_to_mp(y, ym); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (x != NULL) + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -23855,64 +23681,6 @@ SP_NOINLINE static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, } #endif /* WOLFSSL_SP_SMALL */ -/* Create a new point. - * - * heap [in] Buffer to allocate dynamic memory from. - * sp [in] Data for point - only if not allocating. - * p [out] New point. - * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise. - */ -static int sp_384_point_new_ex_12(void* heap, sp_point_384* sp, - sp_point_384** p) -{ - int ret = MP_OKAY; - (void)heap; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - (void)sp; - *p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC); -#else - *p = sp; -#endif - if (*p == NULL) { - ret = MEMORY_E; - } - return ret; -} - -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* Allocate memory for point and return error. */ -#define sp_384_point_new_12(heap, sp, p) sp_384_point_new_ex_12((heap), NULL, &(p)) -#else -/* Set pointer to data and return no error. */ -#define sp_384_point_new_12(heap, sp, p) sp_384_point_new_ex_12((heap), &(sp), &(p)) -#endif - - -/* Free the point. - * - * p [in,out] Point to free. - * clear [in] Indicates whether to zeroize point. - * heap [in] Buffer from which dynamic memory was allocate from. - */ -static void sp_384_point_free_12(sp_point_384* p, int clear, void* heap) -{ -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* If valid pointer then clear point data if requested and free data. */ - if (p != NULL) { - if (clear != 0) { - XMEMSET(p, 0, sizeof(*p)); - } - XFREE(p, heap, DYNAMIC_TYPE_ECC); - } -#else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { - XMEMSET(p, 0, sizeof(*p)); - } -#endif - (void)heap; -} - /* Multiply a number by Montogmery normalizer mod modulus (prime). * * r The resulting Montgomery form number. @@ -23922,8 +23690,8 @@ static void sp_384_point_free_12(sp_point_384* p, int clear, void* heap) */ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit* m) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - int64_t* t; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + int64_t* t = NULL; #else int64_t t[12]; #endif @@ -23932,7 +23700,7 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t = (int64_t*)XMALLOC(sizeof(int64_t) * 12, NULL, DYNAMIC_TYPE_ECC); if (t == NULL) { err = MEMORY_E; @@ -24007,7 +23775,7 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit r[11] = t[11]; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (t != NULL) XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif @@ -25380,56 +25148,55 @@ static void sp_384_get_point_16_12(sp_point_384* r, const sp_point_384* table, static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 td[16]; - sp_point_384 rtd; - sp_digit tmpd[2 * 12 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* t = NULL; + sp_digit* tmp = NULL; +#else + sp_point_384 t[16]; + sp_digit tmp[2 * 12 * 6]; +#endif + sp_point_384* rt = NULL; #ifndef WC_NO_CACHE_RESISTANT - sp_point_384 pd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* p = NULL; +#else + sp_point_384 p[1]; #endif -#endif - sp_point_384* t; - sp_point_384* rt; -#ifndef WC_NO_CACHE_RESISTANT - sp_point_384* p; -#endif - sp_digit* tmp; +#endif /* !WC_NO_CACHE_RESISTANT */ sp_digit n; int i; int c; int y; - int err; + int err = MP_OKAY; /* Constant time used for cache attack resistance implementation. */ (void)ct; (void)heap; - err = sp_384_point_new_12(heap, rtd, rt); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -#ifndef WC_NO_CACHE_RESISTANT - t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 17, heap, DYNAMIC_TYPE_ECC); -#else - t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 16, heap, DYNAMIC_TYPE_ECC); -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 16, + heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; -#else - t = td; - tmp = tmpd; + #ifndef WC_NO_CACHE_RESISTANT + if (err == MP_OKAY) { + p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), + heap, DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } + #endif + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap, + DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { -#ifndef WC_NO_CACHE_RESISTANT - #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - p = t + 16; - #else - p = &pd; - #endif -#endif + rt = t + 16; + /* t[0] = {0, 0, 1} * norm */ XMEMSET(&t[0], 0, sizeof(t[0])); t[0].infinity = 1; @@ -25517,20 +25284,35 @@ static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, con } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { - XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 12 * 6); - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); - } - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_point_384) * 16); - XFREE(t, heap, DYNAMIC_TYPE_ECC); - } -#else - ForceZero(tmpd, sizeof(tmpd)); - ForceZero(td, sizeof(td)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) #endif - sp_384_point_free_12(rt, 1, heap); + { + ForceZero(tmp, sizeof(sp_digit) * 2 * 12 * 6); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + #endif + } +#ifndef WC_NO_CACHE_RESISTANT + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (p != NULL) + #endif + { + ForceZero(p, sizeof(sp_point_384)); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(p, heap, DYNAMIC_TYPE_ECC); + #endif + } +#endif /* !WC_NO_CACHE_RESISTANT */ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) +#endif + { + ForceZero(t, sizeof(sp_point_384) * 17); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(t, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -25754,29 +25536,30 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r, const sp_point_384* p, static int sp_384_gen_stripe_table_12(const sp_point_384* a, sp_table_entry_384* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 td; - sp_point_384 s1d; - sp_point_384 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* t = NULL; +#else + sp_point_384 t[3]; #endif - sp_point_384* t; sp_point_384* s1 = NULL; sp_point_384* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_384_point_new_12(heap, td, t); - if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_384_mod_mul_norm_12(t->x, a->x, p384_mod); } if (err == MP_OKAY) { @@ -25821,9 +25604,10 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a, } } - sp_384_point_free_12(s2, 0, heap); - sp_384_point_free_12(s1, 0, heap); - sp_384_point_free_12( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -25915,19 +25699,19 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, const sp_table_entry_384* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 rtd; - sp_point_384 pd; - sp_digit td[2 * 12 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_384 rt[2]; + sp_digit t[2 * 12 * 6]; #endif - sp_point_384* rt; sp_point_384* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -25935,21 +25719,22 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, (void)heap; - err = sp_384_point_new_12(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p384_norm_mod, sizeof(p384_norm_mod)); XMEMCPY(rt->z, p384_norm_mod, sizeof(p384_norm_mod)); @@ -26000,13 +25785,12 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(p, 0, heap); - sp_384_point_free_12(rt, 0, heap); return err; } @@ -26172,29 +25956,30 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g, const sp static int sp_384_gen_stripe_table_12(const sp_point_384* a, sp_table_entry_384* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 td; - sp_point_384 s1d; - sp_point_384 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* t = NULL; +#else + sp_point_384 t[3]; #endif - sp_point_384* t; sp_point_384* s1 = NULL; sp_point_384* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_384_point_new_12(heap, td, t); - if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_384_mod_mul_norm_12(t->x, a->x, p384_mod); } if (err == MP_OKAY) { @@ -26239,9 +26024,10 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a, } } - sp_384_point_free_12(s2, 0, heap); - sp_384_point_free_12(s1, 0, heap); - sp_384_point_free_12( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -26333,19 +26119,19 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, const sp_table_entry_384* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 rtd; - sp_point_384 pd; - sp_digit td[2 * 12 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_384 rt[2]; + sp_digit t[2 * 12 * 6]; #endif - sp_point_384* rt; sp_point_384* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -26353,21 +26139,22 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, (void)heap; - err = sp_384_point_new_12(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p384_norm_mod, sizeof(p384_norm_mod)); XMEMCPY(rt->z, p384_norm_mod, sizeof(p384_norm_mod)); @@ -26418,13 +26205,12 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(p, 0, heap); - sp_384_point_free_12(rt, 0, heap); return err; } @@ -26588,25 +26374,28 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g, const sp int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[12]; -#endif - sp_point_384* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[1]; + sp_digit k[12]; +#endif int err = MP_OKAY; - err = sp_384_point_new_12(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_384_from_mp(k, 12, km); sp_384_point_from_ecc_point_12(point, gm); @@ -26617,12 +26406,12 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, err = sp_384_point_to_ecc_point_12(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(point, 0, heap); return err; } @@ -26642,37 +26431,35 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_point_384 a; - sp_digit kd[12]; - sp_digit t[12 * 2 * 6]; -#endif - sp_point_384* point; - sp_point_384* addP = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[2]; + sp_digit k[12 + 12 * 2 * 6]; +#endif + sp_point_384* addP = NULL; sp_digit* tmp = NULL; int err = MP_OKAY; - err = sp_384_point_new_12(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (12 + 12 * 2 * 6), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (12 + 12 * 2 * 6), heap, + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 12; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 12; + sp_384_from_mp(k, 12, km); sp_384_point_from_ecc_point_12(point, gm); sp_384_point_from_ecc_point_12(addP, am); @@ -26699,13 +26486,12 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, err = sp_384_point_to_ecc_point_12(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(addP, 0, heap); - sp_384_point_free_12(point, 0, heap); return err; } @@ -28139,26 +27925,28 @@ static int sp_384_ecc_mulmod_base_12(sp_point_384* r, const sp_digit* k, */ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[12]; -#endif - sp_point_384* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[1]; + sp_digit k[12]; +#endif int err = MP_OKAY; - err = sp_384_point_new_12(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_384_from_mp(k, 12, km); @@ -28168,12 +27956,12 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) err = sp_384_point_to_ecc_point_12(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(point, 0, heap); return err; } @@ -28192,37 +27980,35 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_point_384 a; - sp_digit kd[12]; - sp_digit t[12 * 2 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; + sp_digit* k = NULL; +#else + sp_point_384 point[2]; + sp_digit k[12 + 12 * 2 * 6]; #endif - sp_point_384* point; sp_point_384* addP = NULL; sp_digit* tmp = NULL; - sp_digit* k = NULL; int err = MP_OKAY; - err = sp_384_point_new_12(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (12 + 12 * 2 * 6), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (12 + 12 * 2 * 6), + heap, DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 12; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 12; + sp_384_from_mp(k, 12, km); sp_384_point_from_ecc_point_12(addP, am); } @@ -28248,13 +28034,12 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, err = sp_384_point_to_ecc_point_12(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(addP, 0, heap); - sp_384_point_free_12(point, 0, heap); return err; } @@ -28398,41 +28183,46 @@ static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k) */ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[12]; -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_point_384 inf; -#endif -#endif - sp_point_384* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + sp_point_384 point[2]; + #else + sp_point_384 point[1]; + #endif + sp_digit k[12]; +#endif #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN sp_point_384* infinity = NULL; #endif - int err; + int err = MP_OKAY; + (void)heap; - err = sp_384_point_new_12(heap, p, point); -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, inf, infinity); - } -#endif -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, DYNAMIC_TYPE_ECC); + #else + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC); + #endif + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif if (err == MP_OKAY) { + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + infinity = point + 1; + #endif + err = sp_384_ecc_gen_k_12(rng, k); } if (err == MP_OKAY) { @@ -28457,15 +28247,14 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_384_point_to_ecc_point_12(point, pub); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); + if (point != NULL) { + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); } #endif -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_384_point_free_12(infinity, 1, heap); -#endif - sp_384_point_free_12(point, 1, heap); return err; } @@ -28526,30 +28315,32 @@ static void sp_384_to_bin(sp_digit* r, byte* a) int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, word32* outLen, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[12]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[1]; + sp_digit k[12]; +#endif int err = MP_OKAY; if (*outLen < 48U) { err = BUFFER_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, p, point); + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif if (err == MP_OKAY) { @@ -28562,12 +28353,12 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, *outLen = 48; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(point, 0, heap); return err; } @@ -29248,22 +29039,17 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit ed[2*12]; - sp_digit xd[2*12]; - sp_digit kd[2*12]; - sp_digit rd[2*12]; - sp_digit td[3 * 2*12]; - sp_point_384 p; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* e = NULL; + sp_point_384* point = NULL; +#else + sp_digit e[7 * 2 * 12]; + sp_point_384 point[1]; +#endif sp_digit* x = NULL; sp_digit* k = NULL; sp_digit* r = NULL; sp_digit* tmp = NULL; - sp_point_384* point = NULL; sp_digit* s = NULL; int32_t c; int err = MP_OKAY; @@ -29271,31 +29057,26 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, (void)heap; - err = sp_384_point_new_12(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 12, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 12, heap, + DYNAMIC_TYPE_ECC); + if (e == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - e = d + 0 * 12; - x = d + 2 * 12; - k = d + 4 * 12; - r = d + 6 * 12; - tmp = d + 8 * 12; -#else - e = ed; - x = xd; - k = kd; - r = rd; - tmp = td; -#endif + x = e + 2 * 12; + k = e + 4 * 12; + r = e + 6 * 12; + tmp = e + 8 * 12; s = e; if (hashLen > 48U) { @@ -29350,19 +29131,24 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, err = sp_384_to_mp(s, sm); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 8 * 12); - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 2U * 12U); - XMEMSET(x, 0, sizeof(sp_digit) * 2U * 12U); - XMEMSET(k, 0, sizeof(sp_digit) * 2U * 12U); - XMEMSET(r, 0, sizeof(sp_digit) * 2U * 12U); - XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 12U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (e != NULL) #endif - sp_384_point_free_12(point, 1, heap); + { + ForceZero(e, sizeof(sp_digit) * 7 * 2 * 12); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(e, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (point != NULL) +#endif + { + ForceZero(point, sizeof(sp_point_384)); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(point, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -29988,52 +29774,41 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, int* res, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit u1d[2*12]; - sp_digit u2d[2*12]; - sp_digit sd[2*12]; - sp_digit tmpd[2*12 * 5]; - sp_point_384 p1d; - sp_point_384 p2d; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* u1 = NULL; + sp_point_384* p1 = NULL; +#else + sp_digit u1[16 * 12]; + sp_point_384 p1[2]; +#endif sp_digit* u2 = NULL; sp_digit* s = NULL; sp_digit* tmp = NULL; - sp_point_384* p1; sp_point_384* p2 = NULL; sp_digit carry; int32_t c = 0; - int err; + int err = MP_OKAY; - err = sp_384_point_new_12(heap, p1d, p1); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, p2d, p2); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 12, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + p1 = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (p1 == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 12, heap, + DYNAMIC_TYPE_ECC); + if (u1 == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - u1 = d + 0 * 12; - u2 = d + 2 * 12; - s = d + 4 * 12; - tmp = d + 6 * 12; -#else - u1 = u1d; - u2 = u2d; - s = sd; - tmp = tmpd; -#endif + u2 = u1 + 2 * 12; + s = u1 + 4 * 12; + tmp = u1 + 6 * 12; + p2 = p1 + 1; if (hashLen > 48U) { hashLen = 48U; @@ -30084,12 +29859,12 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) - XFREE(d, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (u1 != NULL) + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + if (p1 != NULL) + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(p1, 0, heap); - sp_384_point_free_12(p2, 0, heap); return err; } @@ -30106,32 +29881,23 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, static int sp_384_ecc_is_point_12(const sp_point_384* point, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2*12]; - sp_digit t2d[2*12]; + sp_digit t1[12 * 4]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12 * 4, heap, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12 * 4, heap, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif (void)heap; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 12; - t2 = d + 2 * 12; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 12; sp_384_sqr_12(t1, point->y); (void)sp_384_mod_12(t1, t1, p384_mod); @@ -30151,10 +29917,9 @@ static int sp_384_ecc_is_point_12(const sp_point_384* point, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -30169,14 +29934,21 @@ static int sp_384_ecc_is_point_12(const sp_point_384* point, */ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 pubd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* pub = NULL; +#else + sp_point_384 pub[1]; +#endif + const byte one[1] = { 1 }; + int err = MP_OKAY; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; #endif - sp_point_384* pub; - byte one[1] = { 1 }; - int err; - err = sp_384_point_new_12(NULL, pubd, pub); if (err == MP_OKAY) { sp_384_from_mp(pub->x, 12, pX); sp_384_from_mp(pub->y, 12, pY); @@ -30185,7 +29957,10 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) err = sp_384_ecc_is_point_12(pub, NULL); } - sp_384_point_free_12(pub, 0, NULL); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -30204,45 +29979,45 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, const mp_int* privm, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit privd[12]; - sp_point_384 pubd; - sp_point_384 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* priv = NULL; - sp_point_384* pub; - sp_point_384* p = NULL; - byte one[1] = { 1 }; - int err; - - err = sp_384_point_new_12(heap, pubd, pub); - if (err == MP_OKAY) { - err = sp_384_point_new_12(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY && privm) { - priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap, - DYNAMIC_TYPE_ECC); - if (priv == NULL) { - err = MEMORY_E; - } - } + sp_point_384* pub = NULL; +#else + sp_digit priv[12]; + sp_point_384 pub[2]; #endif + sp_point_384* p = NULL; + const byte one[1] = { 1 }; + int err = MP_OKAY; + /* Quick check the lengs of public key ordinates and private key are in * range. Proper check later. */ - if ((err == MP_OKAY) && ((mp_count_bits(pX) > 384) || + if (((mp_count_bits(pX) > 384) || (mp_count_bits(pY) > 384) || ((privm != NULL) && (mp_count_bits(privm) > 384)))) { err = ECC_OUT_OF_RANGE_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - priv = privd; + pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY && privm) { + priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 12, heap, + DYNAMIC_TYPE_ECC); + if (priv == NULL) + err = MEMORY_E; + } #endif + if (err == MP_OKAY) { + p = pub + 1; + sp_384_from_mp(pub->x, 12, pX); sp_384_from_mp(pub->y, 12, pY); sp_384_from_bin(pub->z, 12, one, (int)sizeof(one)); @@ -30291,13 +30066,12 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (priv != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + if (priv != NULL) XFREE(priv, heap, DYNAMIC_TYPE_ECC); - } #endif - sp_384_point_free_12(p, 0, heap); - sp_384_point_free_12(pub, 0, heap); return err; } @@ -30321,33 +30095,35 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* qX, mp_int* qY, mp_int* qZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 12 * 5]; - sp_point_384 pd; - sp_point_384 qd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_384* p; + sp_point_384* p = NULL; +#else + sp_digit tmp[2 * 12 * 5]; + sp_point_384 p[2]; +#endif sp_point_384* q = NULL; int err; - err = sp_384_point_new_12(NULL, pd, p); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_384_point_new_12(NULL, qd, q); + p = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 5, NULL, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (tmp == NULL) { err = MEMORY_E; } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { + q = p + 1; + sp_384_from_mp(p->x, 12, pX); sp_384_from_mp(p->y, 12, pY); sp_384_from_mp(p->z, 12, pZ); @@ -30368,13 +30144,12 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_384_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(q, 0, NULL); - sp_384_point_free_12(p, 0, NULL); return err; } @@ -30393,25 +30168,28 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 12 * 2]; - sp_point_384 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_384* p; - int err; + sp_point_384* p = NULL; +#else + sp_digit tmp[2 * 12 * 2]; + sp_point_384 p[1]; +#endif + int err = MP_OKAY; - err = sp_384_point_new_12(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 2, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { @@ -30432,12 +30210,12 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_384_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(p, 0, NULL); return err; } @@ -30452,25 +30230,29 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, */ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 12 * 6]; - sp_point_384 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_384* p; - int err; + sp_point_384* p = NULL; +#else + sp_digit tmp[2 * 12 * 6]; + sp_point_384 p[1]; +#endif + int err = MP_OKAY; - err = sp_384_point_new_12(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 12 * 6, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { sp_384_from_mp(p->x, 12, pX); @@ -30490,12 +30272,12 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) err = sp_384_to_mp(p->z, pZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_12(p, 0, NULL); return err; } @@ -30508,43 +30290,28 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) */ static int sp_384_mont_sqrt_12(sp_digit* y) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2 * 12]; - sp_digit t2d[2 * 12]; - sp_digit t3d[2 * 12]; - sp_digit t4d[2 * 12]; - sp_digit t5d[2 * 12]; + sp_digit t1[5 * 2 * 12]; #endif - sp_digit* t1; - sp_digit* t2; - sp_digit* t3; - sp_digit* t4; - sp_digit* t5; + sp_digit* t2 = NULL; + sp_digit* t3 = NULL; + sp_digit* t4 = NULL; + sp_digit* t5 = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 12, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 12, NULL, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 12; - t2 = d + 2 * 12; - t3 = d + 4 * 12; - t4 = d + 6 * 12; - t5 = d + 8 * 12; -#else - t1 = t1d; - t2 = t2d; - t3 = t3d; - t4 = t4d; - t5 = t5d; -#endif + t2 = t1 + 2 * 12; + t3 = t1 + 4 * 12; + t4 = t1 + 6 * 12; + t5 = t1 + 8 * 12; { /* t2 = y ^ 0x2 */ @@ -30604,10 +30371,9 @@ static int sp_384_mont_sqrt_12(sp_digit* y) } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -30623,31 +30389,22 @@ static int sp_384_mont_sqrt_12(sp_digit* y) */ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; -#else - sp_digit xd[2 * 12]; - sp_digit yd[2 * 12]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* x = NULL; +#else + sp_digit x[4 * 12]; +#endif sp_digit* y = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 12, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 12, NULL, DYNAMIC_TYPE_ECC); + if (x == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - x = d + 0 * 12; - y = d + 2 * 12; -#else - x = xd; - y = yd; -#endif + y = x + 2 * 12; sp_384_from_mp(x, 12, xm); err = sp_384_mod_mul_norm_12(x, x, p384_mod); @@ -30680,10 +30437,9 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) err = sp_384_to_mp(y, ym); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (x != NULL) + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -31913,6 +31669,8 @@ static int sp_1024_mod_mul_norm_32(sp_digit* r, const sp_digit* a, return sp_1024_mod_32(r, r, m); } + +#ifdef WOLFCRYPT_HAVE_SAKKE /* Create a new point. * * heap [in] Buffer to allocate dynamic memory from. @@ -31944,8 +31702,8 @@ static int sp_1024_point_new_ex_32(void* heap, sp_point_1024* sp, /* Set pointer to data and return no error. */ #define sp_1024_point_new_32(heap, sp, p) sp_1024_point_new_ex_32((heap), &(sp), &(p)) #endif - - +#endif /* WOLFCRYPT_HAVE_SAKKE */ +#ifdef WOLFCRYPT_HAVE_SAKKE /* Free the point. * * p [in,out] Point to free. @@ -31970,6 +31728,7 @@ static void sp_1024_point_free_32(sp_point_1024* p, int clear, void* heap) #endif (void)heap; } +#endif /* WOLFCRYPT_HAVE_SAKKE */ /* Convert an mp_int to an array of sp_digit. * @@ -34115,43 +33874,40 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r, static int sp_1024_ecc_mulmod_fast_32(sp_point_1024* r, const sp_point_1024* g, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 td[16]; - sp_point_1024 rtd; - sp_digit tmpd[2 * 32 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* t = NULL; + sp_digit* tmp = NULL; +#else + sp_point_1024 t[16]; + sp_digit tmp[2 * 32 * 5]; #endif - sp_point_1024* t; - sp_point_1024* rt; - sp_digit* tmp; + sp_point_1024* rt = NULL; sp_digit n; int i; int c; int y; - int err; + int err = MP_OKAY; /* Constant time used for cache attack resistance implementation. */ (void)ct; (void)heap; - err = sp_1024_point_new_32(heap, rtd, rt); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -#ifndef WC_NO_CACHE_RESISTANT - t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 17, heap, DYNAMIC_TYPE_ECC); -#else - t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 16, heap, DYNAMIC_TYPE_ECC); -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 16, + heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; -#else - t = td; - tmp = tmpd; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap, + DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif if (err == MP_OKAY) { + rt = t + 16; + /* t[0] = {0, 0, 1} * norm */ XMEMSET(&t[0], 0, sizeof(t[0])); t[0].infinity = 1; @@ -34219,20 +33975,24 @@ static int sp_1024_ecc_mulmod_fast_32(sp_point_1024* r, const sp_point_1024* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { - XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 32 * 5); - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); - } - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_point_1024) * 16); - XFREE(t, heap, DYNAMIC_TYPE_ECC); - } -#else - ForceZero(tmpd, sizeof(tmpd)); - ForceZero(td, sizeof(td)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) #endif - sp_1024_point_free_32(rt, 1, heap); + { + ForceZero(tmp, sizeof(sp_digit) * 2 * 32 * 5); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) +#endif + { + ForceZero(t, sizeof(sp_point_1024) * 17); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(t, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -34456,29 +34216,30 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r, const sp_point_1024* static int sp_1024_gen_stripe_table_32(const sp_point_1024* a, sp_table_entry_1024* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 td; - sp_point_1024 s1d; - sp_point_1024 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* t = NULL; +#else + sp_point_1024 t[3]; #endif - sp_point_1024* t; sp_point_1024* s1 = NULL; sp_point_1024* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_1024_point_new_32(heap, td, t); - if (err == MP_OKAY) { - err = sp_1024_point_new_32(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_1024_point_new_32(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_1024_mod_mul_norm_32(t->x, a->x, p1024_mod); } if (err == MP_OKAY) { @@ -34523,9 +34284,10 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a, } } - sp_1024_point_free_32(s2, 0, heap); - sp_1024_point_free_32(s1, 0, heap); - sp_1024_point_free_32( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -34551,19 +34313,19 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g const sp_table_entry_1024* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 rtd; - sp_point_1024 pd; - sp_digit td[2 * 32 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_1024 rt[2]; + sp_digit t[2 * 32 * 5]; #endif - sp_point_1024* rt; sp_point_1024* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -34571,21 +34333,22 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g (void)heap; - err = sp_1024_point_new_32(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_1024_point_new_32(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p1024_norm_mod, sizeof(p1024_norm_mod)); XMEMCPY(rt->z, p1024_norm_mod, sizeof(p1024_norm_mod)); @@ -34621,13 +34384,12 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_32(p, 0, heap); - sp_1024_point_free_32(rt, 0, heap); return err; } @@ -34793,29 +34555,30 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g, const static int sp_1024_gen_stripe_table_32(const sp_point_1024* a, sp_table_entry_1024* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 td; - sp_point_1024 s1d; - sp_point_1024 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* t = NULL; +#else + sp_point_1024 t[3]; #endif - sp_point_1024* t; sp_point_1024* s1 = NULL; sp_point_1024* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_1024_point_new_32(heap, td, t); - if (err == MP_OKAY) { - err = sp_1024_point_new_32(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_1024_point_new_32(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_1024_mod_mul_norm_32(t->x, a->x, p1024_mod); } if (err == MP_OKAY) { @@ -34860,9 +34623,10 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a, } } - sp_1024_point_free_32(s2, 0, heap); - sp_1024_point_free_32(s1, 0, heap); - sp_1024_point_free_32( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -34888,19 +34652,19 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g const sp_table_entry_1024* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 rtd; - sp_point_1024 pd; - sp_digit td[2 * 32 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_1024 rt[2]; + sp_digit t[2 * 32 * 5]; #endif - sp_point_1024* rt; sp_point_1024* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -34908,21 +34672,22 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g (void)heap; - err = sp_1024_point_new_32(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_1024_point_new_32(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 32 * 5, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p1024_norm_mod, sizeof(p1024_norm_mod)); XMEMCPY(rt->z, p1024_norm_mod, sizeof(p1024_norm_mod)); @@ -34958,13 +34723,12 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_32(p, 0, heap); - sp_1024_point_free_32(rt, 0, heap); return err; } @@ -35128,25 +34892,28 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g, const int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_digit kd[32]; -#endif - sp_point_1024* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; sp_digit* k = NULL; +#else + sp_point_1024 point[1]; + sp_digit k[32]; +#endif int err = MP_OKAY; - err = sp_1024_point_new_32(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_1024_from_mp(k, 32, km); sp_1024_point_from_ecc_point_32(point, gm); @@ -35157,12 +34924,12 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, err = sp_1024_point_to_ecc_point_32(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_32(point, 0, heap); return err; } @@ -38756,26 +38523,28 @@ static int sp_1024_ecc_mulmod_base_32(sp_point_1024* r, const sp_digit* k, */ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_digit kd[32]; -#endif - sp_point_1024* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; sp_digit* k = NULL; +#else + sp_point_1024 point[1]; + sp_digit k[32]; +#endif int err = MP_OKAY; - err = sp_1024_point_new_32(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_1024_from_mp(k, 32, km); @@ -38785,12 +38554,12 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) err = sp_1024_point_to_ecc_point_32(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_32(point, 0, heap); return err; } @@ -38809,37 +38578,35 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_point_1024 a; - sp_digit kd[32]; - sp_digit t[32 * 2 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; + sp_digit* k = NULL; +#else + sp_point_1024 point[2]; + sp_digit k[32 + 32 * 2 * 5]; #endif - sp_point_1024* point; sp_point_1024* addP = NULL; sp_digit* tmp = NULL; - sp_digit* k = NULL; int err = MP_OKAY; - err = sp_1024_point_new_32(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_1024_point_new_32(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (32 + 32 * 2 * 5), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (32 + 32 * 2 * 5), + heap, DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 32; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 32; + sp_1024_from_mp(k, 32, km); sp_1024_point_from_ecc_point_32(addP, am); } @@ -38865,13 +38632,12 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, err = sp_1024_point_to_ecc_point_32(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_32(addP, 0, heap); - sp_1024_point_free_32(point, 0, heap); return err; } @@ -38889,29 +38655,43 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, void* heap) { - int err = 0; -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_point_1024* point = NULL; + sp_digit* t = NULL; +#else + sp_point_1024 point[1]; sp_digit t[5 * 2 * 32]; +#endif + int err = MP_OKAY; if ((gm == NULL) || (len == NULL)) { err = BAD_FUNC_ARG; } - if ((err == 0) && (table == NULL)) { + if ((err == MP_OKAY) && (table == NULL)) { *len = sizeof(sp_table_entry_1024) * 256; err = LENGTH_ONLY_E; } - if ((err == 0) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { + if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { err = BUFFER_E; } - if (err == 0) { - err = sp_1024_point_new_32(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; } - if (err == 0) { + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 32, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; + } +#endif + + if (err == MP_OKAY) { sp_1024_point_from_ecc_point_32(point, gm); err = sp_1024_gen_stripe_table_32(point, (sp_table_entry_1024*)table, t, heap); @@ -38920,7 +38700,12 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, *len = sizeof(sp_table_entry_1024) * 256; } - sp_1024_point_free_32(point, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -38973,24 +38758,28 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_digit kd[32]; -#endif - sp_point_1024* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; sp_digit* k = NULL; +#else + sp_point_1024 point[1]; + sp_digit k[32]; +#endif int err = MP_OKAY; - err = sp_1024_point_new_32(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap, DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_1024_from_mp(k, 32, km); sp_1024_point_from_ecc_point_32(point, gm); @@ -39007,12 +38796,12 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, err = sp_1024_point_to_ecc_point_32(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_32(point, 0, heap); return err; } @@ -42463,33 +42252,24 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n) static int sp_1024_ecc_is_point_32(const sp_point_1024* point, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2*32]; - sp_digit t2d[2*32]; + sp_digit t1[32 * 4]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int32_t n; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 4, heap, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 4, heap, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif (void)heap; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 32; - t2 = d + 2 * 32; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 32; sp_1024_sqr_32(t1, point->y); (void)sp_1024_mod_32(t1, t1, p1024_mod); @@ -42513,10 +42293,9 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -42531,14 +42310,21 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point, */ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 pubd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* pub = NULL; +#else + sp_point_1024 pub[1]; +#endif + const byte one[1] = { 1 }; + int err = MP_OKAY; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), NULL, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; #endif - sp_point_1024* pub; - byte one[1] = { 1 }; - int err; - err = sp_1024_point_new_32(NULL, pubd, pub); if (err == MP_OKAY) { sp_1024_from_mp(pub->x, 32, pX); sp_1024_from_mp(pub->y, 32, pY); @@ -42547,7 +42333,10 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) err = sp_1024_ecc_is_point_32(pub, NULL); } - sp_1024_point_free_32(pub, 0, NULL); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -42566,45 +42355,45 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, const mp_int* privm, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit privd[32]; - sp_point_1024 pubd; - sp_point_1024 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* priv = NULL; - sp_point_1024* pub; - sp_point_1024* p = NULL; - byte one[1] = { 1 }; - int err; - - err = sp_1024_point_new_32(heap, pubd, pub); - if (err == MP_OKAY) { - err = sp_1024_point_new_32(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY && privm) { - priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap, - DYNAMIC_TYPE_ECC); - if (priv == NULL) { - err = MEMORY_E; - } - } + sp_point_1024* pub = NULL; +#else + sp_digit priv[32]; + sp_point_1024 pub[2]; #endif + sp_point_1024* p = NULL; + const byte one[1] = { 1 }; + int err = MP_OKAY; + /* Quick check the lengs of public key ordinates and private key are in * range. Proper check later. */ - if ((err == MP_OKAY) && ((mp_count_bits(pX) > 1024) || + if (((mp_count_bits(pX) > 1024) || (mp_count_bits(pY) > 1024) || ((privm != NULL) && (mp_count_bits(privm) > 1024)))) { err = ECC_OUT_OF_RANGE_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - priv = privd; + pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY && privm) { + priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32, heap, + DYNAMIC_TYPE_ECC); + if (priv == NULL) + err = MEMORY_E; + } #endif + if (err == MP_OKAY) { + p = pub + 1; + sp_1024_from_mp(pub->x, 32, pX); sp_1024_from_mp(pub->y, 32, pY); sp_1024_from_bin(pub->z, 32, one, (int)sizeof(one)); @@ -42653,13 +42442,12 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (priv != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + if (priv != NULL) XFREE(priv, heap, DYNAMIC_TYPE_ECC); - } #endif - sp_1024_point_free_32(p, 0, heap); - sp_1024_point_free_32(pub, 0, heap); return err; } diff --git a/wolfcrypt/src/sp_x86_64.c b/wolfcrypt/src/sp_x86_64.c index 060114fb5..90bccc7fd 100644 --- a/wolfcrypt/src/sp_x86_64.c +++ b/wolfcrypt/src/sp_x86_64.c @@ -1488,15 +1488,12 @@ static int sp_2048_mod_exp_avx2_32(sp_digit* r, const sp_digit* a, const sp_digi int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, const mp_int* mm, byte* out, word32* outLen) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit ad[64]; - sp_digit md[32]; - sp_digit rd[64]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* a = NULL; #else - sp_digit* d = NULL; + sp_digit a[32 * 5]; #endif - sp_digit* a; - sp_digit *ah; + sp_digit* ah; sp_digit* m; sp_digit* r; sp_digit e = 0; @@ -1516,28 +1513,20 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 5, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) + if (a == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - a = d; - r = a + 32 * 2; - m = r + 32 * 2; - ah = a + 32; - } -#else - a = ad; - m = md; - r = rd; - ah = a + 32; #endif if (err == MP_OKAY) { + r = a + 32 * 2; + m = r + 32 * 2; + ah = a + 32; + sp_2048_from_bin(ah, 32, in, inLen); #if DIGIT_BIT >= 64 e = em->dp[0]; @@ -1634,9 +1623,9 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, *outLen = 256; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) - XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -1664,15 +1653,13 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, const mp_int* pm, const mp_int* qm,const mp_int* dpm, const mp_int* dqm, const mp_int* qim, const mp_int* mm, byte* out, word32* outLen) { -#if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK) - sp_digit a[64]; - sp_digit d[32]; - sp_digit m[32]; -#else +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[32 * 4]; +#endif sp_digit* a; sp_digit* m; -#endif sp_digit* r; int err = MP_OKAY; @@ -1700,7 +1687,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, } } -#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 4, NULL, DYNAMIC_TYPE_RSA); @@ -1711,10 +1698,9 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, #endif if (err == MP_OKAY) { -#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) a = d + 32; m = a + 64; -#endif + r = a; sp_2048_from_bin(a, 32, in, inLen); @@ -1728,14 +1714,16 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, *outLen = 256; } -#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 32); - XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } -#else - XMEMSET(d, 0, sizeof(sp_digit) * 32); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) #endif + { + /* only zeroing private "d" */ + ForceZero(d, sizeof(sp_digit) * 32); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(d, NULL, DYNAMIC_TYPE_RSA); + #endif + } return err; } @@ -1764,17 +1752,11 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, const mp_int* pm, const mp_int* qm, const mp_int* dpm, const mp_int* dqm, const mp_int* qim, const mp_int* mm, byte* out, word32* outLen) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit ad[32 * 2]; - sp_digit pd[16]; - sp_digit qd[16]; - sp_digit dpd[16]; - sp_digit tmpad[32]; - sp_digit tmpbd[32]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* a = NULL; #else - sp_digit* t = NULL; + sp_digit a[16 * 11]; #endif - sp_digit* a; sp_digit* p; sp_digit* q; sp_digit* dp; @@ -1802,33 +1784,23 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 11, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 11, NULL, DYNAMIC_TYPE_RSA); - if (t == NULL) + if (a == NULL) err = MEMORY_E; } +#endif + if (err == MP_OKAY) { - a = t; p = a + 32 * 2; q = p + 16; qi = dq = dp = q + 16; tmpa = qi + 16; tmpb = tmpa + 32; + r = a + 32; - r = t + 32; - } -#else - r = a = ad; - p = pd; - q = qd; - qi = dq = dp = dpd; - tmpa = tmpad; - tmpb = tmpbd; -#endif - - if (err == MP_OKAY) { sp_2048_from_bin(a, 32, in, inLen); sp_2048_from_mp(p, 16, pm); sp_2048_from_mp(q, 16, qm); @@ -1895,18 +1867,15 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, *outLen = 256; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_digit) * 16 * 11); - XFREE(t, NULL, DYNAMIC_TYPE_RSA); - } -#else - XMEMSET(tmpad, 0, sizeof(tmpad)); - XMEMSET(tmpbd, 0, sizeof(tmpbd)); - XMEMSET(pd, 0, sizeof(pd)); - XMEMSET(qd, 0, sizeof(qd)); - XMEMSET(dpd, 0, sizeof(dpd)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) #endif + { + ForceZero(a, sizeof(sp_digit) * 16 * 11); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); + #endif + } return err; } @@ -3870,15 +3839,12 @@ static int sp_3072_mod_exp_avx2_48(sp_digit* r, const sp_digit* a, const sp_digi int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, const mp_int* mm, byte* out, word32* outLen) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit ad[96]; - sp_digit md[48]; - sp_digit rd[96]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* a = NULL; #else - sp_digit* d = NULL; + sp_digit a[48 * 5]; #endif - sp_digit* a; - sp_digit *ah; + sp_digit* ah; sp_digit* m; sp_digit* r; sp_digit e = 0; @@ -3898,28 +3864,20 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 48 * 5, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 48 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) + if (a == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - a = d; - r = a + 48 * 2; - m = r + 48 * 2; - ah = a + 48; - } -#else - a = ad; - m = md; - r = rd; - ah = a + 48; #endif if (err == MP_OKAY) { + r = a + 48 * 2; + m = r + 48 * 2; + ah = a + 48; + sp_3072_from_bin(ah, 48, in, inLen); #if DIGIT_BIT >= 64 e = em->dp[0]; @@ -4016,9 +3974,9 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, *outLen = 384; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) - XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -4046,15 +4004,13 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, const mp_int* pm, const mp_int* qm,const mp_int* dpm, const mp_int* dqm, const mp_int* qim, const mp_int* mm, byte* out, word32* outLen) { -#if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK) - sp_digit a[96]; - sp_digit d[48]; - sp_digit m[48]; -#else +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[48 * 4]; +#endif sp_digit* a; sp_digit* m; -#endif sp_digit* r; int err = MP_OKAY; @@ -4082,7 +4038,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, } } -#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 48 * 4, NULL, DYNAMIC_TYPE_RSA); @@ -4093,10 +4049,9 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, #endif if (err == MP_OKAY) { -#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) a = d + 48; m = a + 96; -#endif + r = a; sp_3072_from_bin(a, 48, in, inLen); @@ -4110,14 +4065,16 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, *outLen = 384; } -#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 48); - XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } -#else - XMEMSET(d, 0, sizeof(sp_digit) * 48); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) #endif + { + /* only zeroing private "d" */ + ForceZero(d, sizeof(sp_digit) * 48); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(d, NULL, DYNAMIC_TYPE_RSA); + #endif + } return err; } @@ -4146,17 +4103,11 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, const mp_int* pm, const mp_int* qm, const mp_int* dpm, const mp_int* dqm, const mp_int* qim, const mp_int* mm, byte* out, word32* outLen) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit ad[48 * 2]; - sp_digit pd[24]; - sp_digit qd[24]; - sp_digit dpd[24]; - sp_digit tmpad[48]; - sp_digit tmpbd[48]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* a = NULL; #else - sp_digit* t = NULL; + sp_digit a[24 * 11]; #endif - sp_digit* a; sp_digit* p; sp_digit* q; sp_digit* dp; @@ -4184,33 +4135,23 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 24 * 11, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 24 * 11, NULL, DYNAMIC_TYPE_RSA); - if (t == NULL) + if (a == NULL) err = MEMORY_E; } +#endif + if (err == MP_OKAY) { - a = t; p = a + 48 * 2; q = p + 24; qi = dq = dp = q + 24; tmpa = qi + 24; tmpb = tmpa + 48; + r = a + 48; - r = t + 48; - } -#else - r = a = ad; - p = pd; - q = qd; - qi = dq = dp = dpd; - tmpa = tmpad; - tmpb = tmpbd; -#endif - - if (err == MP_OKAY) { sp_3072_from_bin(a, 48, in, inLen); sp_3072_from_mp(p, 24, pm); sp_3072_from_mp(q, 24, qm); @@ -4277,18 +4218,15 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, *outLen = 384; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_digit) * 24 * 11); - XFREE(t, NULL, DYNAMIC_TYPE_RSA); - } -#else - XMEMSET(tmpad, 0, sizeof(tmpad)); - XMEMSET(tmpbd, 0, sizeof(tmpbd)); - XMEMSET(pd, 0, sizeof(pd)); - XMEMSET(qd, 0, sizeof(qd)); - XMEMSET(dpd, 0, sizeof(dpd)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) #endif + { + ForceZero(a, sizeof(sp_digit) * 24 * 11); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); + #endif + } return err; } @@ -5650,15 +5588,12 @@ static int sp_4096_mod_exp_avx2_64(sp_digit* r, const sp_digit* a, const sp_digi int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, const mp_int* mm, byte* out, word32* outLen) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit ad[128]; - sp_digit md[64]; - sp_digit rd[128]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* a = NULL; #else - sp_digit* d = NULL; + sp_digit a[64 * 5]; #endif - sp_digit* a; - sp_digit *ah; + sp_digit* ah; sp_digit* m; sp_digit* r; sp_digit e = 0; @@ -5678,28 +5613,20 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 5, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 5, NULL, DYNAMIC_TYPE_RSA); - if (d == NULL) + if (a == NULL) err = MEMORY_E; } - - if (err == MP_OKAY) { - a = d; - r = a + 64 * 2; - m = r + 64 * 2; - ah = a + 64; - } -#else - a = ad; - m = md; - r = rd; - ah = a + 64; #endif if (err == MP_OKAY) { + r = a + 64 * 2; + m = r + 64 * 2; + ah = a + 64; + sp_4096_from_bin(ah, 64, in, inLen); #if DIGIT_BIT >= 64 e = em->dp[0]; @@ -5796,9 +5723,9 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, *outLen = 512; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) - XFREE(d, NULL, DYNAMIC_TYPE_RSA); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -5826,15 +5753,13 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, const mp_int* pm, const mp_int* qm,const mp_int* dpm, const mp_int* dqm, const mp_int* qim, const mp_int* mm, byte* out, word32* outLen) { -#if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK) - sp_digit a[128]; - sp_digit d[64]; - sp_digit m[64]; -#else +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* d = NULL; +#else + sp_digit d[64 * 4]; +#endif sp_digit* a; sp_digit* m; -#endif sp_digit* r; int err = MP_OKAY; @@ -5862,7 +5787,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, } } -#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 64 * 4, NULL, DYNAMIC_TYPE_RSA); @@ -5873,10 +5798,9 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, #endif if (err == MP_OKAY) { -#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) a = d + 64; m = a + 128; -#endif + r = a; sp_4096_from_bin(a, 64, in, inLen); @@ -5890,14 +5814,16 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, *outLen = 512; } -#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 64); - XFREE(d, NULL, DYNAMIC_TYPE_RSA); - } -#else - XMEMSET(d, 0, sizeof(sp_digit) * 64); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (d != NULL) #endif + { + /* only zeroing private "d" */ + ForceZero(d, sizeof(sp_digit) * 64); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(d, NULL, DYNAMIC_TYPE_RSA); + #endif + } return err; } @@ -5926,17 +5852,11 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, const mp_int* pm, const mp_int* qm, const mp_int* dpm, const mp_int* dqm, const mp_int* qim, const mp_int* mm, byte* out, word32* outLen) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit ad[64 * 2]; - sp_digit pd[32]; - sp_digit qd[32]; - sp_digit dpd[32]; - sp_digit tmpad[64]; - sp_digit tmpbd[64]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* a = NULL; #else - sp_digit* t = NULL; + sp_digit a[32 * 11]; #endif - sp_digit* a; sp_digit* p; sp_digit* q; sp_digit* dp; @@ -5964,33 +5884,23 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, err = MP_VAL; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 11, NULL, + a = (sp_digit*)XMALLOC(sizeof(sp_digit) * 32 * 11, NULL, DYNAMIC_TYPE_RSA); - if (t == NULL) + if (a == NULL) err = MEMORY_E; } +#endif + if (err == MP_OKAY) { - a = t; p = a + 64 * 2; q = p + 32; qi = dq = dp = q + 32; tmpa = qi + 32; tmpb = tmpa + 64; + r = a + 64; - r = t + 64; - } -#else - r = a = ad; - p = pd; - q = qd; - qi = dq = dp = dpd; - tmpa = tmpad; - tmpb = tmpbd; -#endif - - if (err == MP_OKAY) { sp_4096_from_bin(a, 64, in, inLen); sp_4096_from_mp(p, 32, pm); sp_4096_from_mp(q, 32, qm); @@ -6057,18 +5967,15 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, *outLen = 512; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XMEMSET(t, 0, sizeof(sp_digit) * 32 * 11); - XFREE(t, NULL, DYNAMIC_TYPE_RSA); - } -#else - XMEMSET(tmpad, 0, sizeof(tmpad)); - XMEMSET(tmpbd, 0, sizeof(tmpbd)); - XMEMSET(pd, 0, sizeof(pd)); - XMEMSET(qd, 0, sizeof(qd)); - XMEMSET(dpd, 0, sizeof(dpd)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (a != NULL) #endif + { + ForceZero(a, sizeof(sp_digit) * 32 * 11); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(a, NULL, DYNAMIC_TYPE_RSA); + #endif + } return err; } @@ -6617,64 +6524,6 @@ extern void sp_256_mul_4(sp_digit* r, const sp_digit* a, const sp_digit* b); extern void sp_256_sqr_4(sp_digit* r, const sp_digit* a); extern sp_digit sp_256_add_4(sp_digit* r, const sp_digit* a, const sp_digit* b); extern sp_digit sp_256_sub_4(sp_digit* r, const sp_digit* a, const sp_digit* b); -/* Create a new point. - * - * heap [in] Buffer to allocate dynamic memory from. - * sp [in] Data for point - only if not allocating. - * p [out] New point. - * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise. - */ -static int sp_256_point_new_ex_4(void* heap, sp_point_256* sp, - sp_point_256** p) -{ - int ret = MP_OKAY; - (void)heap; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - (void)sp; - *p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC); -#else - *p = sp; -#endif - if (*p == NULL) { - ret = MEMORY_E; - } - return ret; -} - -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* Allocate memory for point and return error. */ -#define sp_256_point_new_4(heap, sp, p) sp_256_point_new_ex_4((heap), NULL, &(p)) -#else -/* Set pointer to data and return no error. */ -#define sp_256_point_new_4(heap, sp, p) sp_256_point_new_ex_4((heap), &(sp), &(p)) -#endif - - -/* Free the point. - * - * p [in,out] Point to free. - * clear [in] Indicates whether to zeroize point. - * heap [in] Buffer from which dynamic memory was allocate from. - */ -static void sp_256_point_free_4(sp_point_256* p, int clear, void* heap) -{ -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* If valid pointer then clear point data if requested and free data. */ - if (p != NULL) { - if (clear != 0) { - XMEMSET(p, 0, sizeof(*p)); - } - XFREE(p, heap, DYNAMIC_TYPE_ECC); - } -#else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { - XMEMSET(p, 0, sizeof(*p)); - } -#endif - (void)heap; -} - /* Multiply a number by Montogmery normalizer mod modulus (prime). * * r The resulting Montgomery form number. @@ -7931,43 +7780,41 @@ extern void sp_256_get_point_33_avx2_4(sp_point_256* r, const sp_point_256* tabl static int sp_256_ecc_mulmod_win_add_sub_4(sp_point_256* r, const sp_point_256* g, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 td[33]; - sp_point_256 rtd; - sp_point_256 pd; - sp_digit tmpd[2 * 4 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* t = NULL; + sp_digit* tmp = NULL; +#else + sp_point_256 t[33+2]; + sp_digit tmp[2 * 4 * 6]; #endif - sp_point_256* t; - sp_point_256* rt; + sp_point_256* rt = NULL; sp_point_256* p = NULL; - sp_digit* tmp; sp_digit* negy; int i; ecc_recode_256 v[43]; - int err; + int err = MP_OKAY; /* Constant time used for cache attack resistance implementation. */ (void)ct; (void)heap; - err = sp_256_point_new_4(heap, rtd, rt); - if (err == MP_OKAY) - err = sp_256_point_new_4(heap, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 33, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * + (33+2), heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 6, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; -#else - t = td; - tmp = tmpd; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 6, + heap, DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif - if (err == MP_OKAY) { + rt = t + 33; + p = t + 33+1; + /* t[0] = {0, 0, 1} * norm */ XMEMSET(&t[0], 0, sizeof(t[0])); t[0].infinity = 1; @@ -8047,14 +7894,12 @@ static int sp_256_ecc_mulmod_win_add_sub_4(sp_point_256* r, const sp_point_256* } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); if (tmp != NULL) XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(p, 0, heap); - sp_256_point_free_4(rt, 0, heap); return err; } @@ -8958,43 +8803,41 @@ static void sp_256_proj_point_add_sub_avx2_4(sp_point_256* ra, static int sp_256_ecc_mulmod_win_add_sub_avx2_4(sp_point_256* r, const sp_point_256* g, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 td[33]; - sp_point_256 rtd; - sp_point_256 pd; - sp_digit tmpd[2 * 4 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* t = NULL; + sp_digit* tmp = NULL; +#else + sp_point_256 t[33+2]; + sp_digit tmp[2 * 4 * 6]; #endif - sp_point_256* t; - sp_point_256* rt; + sp_point_256* rt = NULL; sp_point_256* p = NULL; - sp_digit* tmp; sp_digit* negy; int i; ecc_recode_256 v[43]; - int err; + int err = MP_OKAY; /* Constant time used for cache attack resistance implementation. */ (void)ct; (void)heap; - err = sp_256_point_new_4(heap, rtd, rt); - if (err == MP_OKAY) - err = sp_256_point_new_4(heap, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 33, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * + (33+2), heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 6, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; -#else - t = td; - tmp = tmpd; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 6, + heap, DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif - if (err == MP_OKAY) { + rt = t + 33; + p = t + 33+1; + /* t[0] = {0, 0, 1} * norm */ XMEMSET(&t[0], 0, sizeof(t[0])); t[0].infinity = 1; @@ -9074,14 +8917,12 @@ static int sp_256_ecc_mulmod_win_add_sub_avx2_4(sp_point_256* r, const sp_point_ } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); if (tmp != NULL) XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(p, 0, heap); - sp_256_point_free_4(rt, 0, heap); return err; } @@ -9214,29 +9055,30 @@ static void sp_256_proj_to_affine_4(sp_point_256* a, sp_digit* t) static int sp_256_gen_stripe_table_4(const sp_point_256* a, sp_table_entry_256* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 td; - sp_point_256 s1d; - sp_point_256 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* t = NULL; +#else + sp_point_256 t[3]; #endif - sp_point_256* t; sp_point_256* s1 = NULL; sp_point_256* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_256_point_new_4(heap, td, t); - if (err == MP_OKAY) { - err = sp_256_point_new_4(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_256_point_new_4(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_256_mod_mul_norm_4(t->x, a->x, p256_mod); } if (err == MP_OKAY) { @@ -9281,9 +9123,10 @@ static int sp_256_gen_stripe_table_4(const sp_point_256* a, } } - sp_256_point_free_4(s2, 0, heap); - sp_256_point_free_4(s1, 0, heap); - sp_256_point_free_4( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -9312,19 +9155,19 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g, const sp_table_entry_256* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 rtd; - sp_point_256 pd; - sp_digit td[2 * 4 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_256 rt[2]; + sp_digit t[2 * 4 * 5]; #endif - sp_point_256* rt; sp_point_256* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -9332,21 +9175,22 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g, (void)heap; - err = sp_256_point_new_4(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_256_point_new_4(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod)); XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod)); @@ -9397,13 +9241,12 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(p, 0, heap); - sp_256_point_free_4(rt, 0, heap); return err; } @@ -9676,29 +9519,30 @@ static void sp_256_proj_to_affine_avx2_4(sp_point_256* a, sp_digit* t) static int sp_256_gen_stripe_table_avx2_4(const sp_point_256* a, sp_table_entry_256* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 td; - sp_point_256 s1d; - sp_point_256 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* t = NULL; +#else + sp_point_256 t[3]; #endif - sp_point_256* t; sp_point_256* s1 = NULL; sp_point_256* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_256_point_new_4(heap, td, t); - if (err == MP_OKAY) { - err = sp_256_point_new_4(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_256_point_new_4(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_256_mod_mul_norm_avx2_4(t->x, a->x, p256_mod); } if (err == MP_OKAY) { @@ -9743,9 +9587,10 @@ static int sp_256_gen_stripe_table_avx2_4(const sp_point_256* a, } } - sp_256_point_free_4(s2, 0, heap); - sp_256_point_free_4(s1, 0, heap); - sp_256_point_free_4( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -9772,19 +9617,19 @@ static int sp_256_ecc_mulmod_stripe_avx2_4(sp_point_256* r, const sp_point_256* const sp_table_entry_256* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 rtd; - sp_point_256 pd; - sp_digit td[2 * 4 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_256 rt[2]; + sp_digit t[2 * 4 * 5]; #endif - sp_point_256* rt; sp_point_256* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -9792,21 +9637,22 @@ static int sp_256_ecc_mulmod_stripe_avx2_4(sp_point_256* r, const sp_point_256* (void)heap; - err = sp_256_point_new_4(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_256_point_new_4(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p256_norm_mod, sizeof(p256_norm_mod)); XMEMCPY(rt->z, p256_norm_mod, sizeof(p256_norm_mod)); @@ -9857,13 +9703,12 @@ static int sp_256_ecc_mulmod_stripe_avx2_4(sp_point_256* r, const sp_point_256* } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(p, 0, heap); - sp_256_point_free_4(rt, 0, heap); return err; } @@ -9935,28 +9780,31 @@ static int sp_256_ecc_mulmod_avx2_4(sp_point_256* r, const sp_point_256* g, cons int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[4]; -#endif - sp_point_256* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[1]; + sp_digit k[4]; +#endif int err = MP_OKAY; #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif - err = sp_256_point_new_4(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_256_from_mp(k, 4, km); sp_256_point_from_ecc_point_4(point, gm); @@ -9972,12 +9820,12 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, err = sp_256_point_to_ecc_point_4(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(point, 0, heap); return err; } @@ -9997,40 +9845,38 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_point_256 a; - sp_digit kd[4]; - sp_digit t[4 * 2 * 5]; -#endif - sp_point_256* point; - sp_point_256* addP = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[2]; + sp_digit k[4 + 4 * 2 * 5]; +#endif + sp_point_256* addP = NULL; sp_digit* tmp = NULL; int err = MP_OKAY; #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif - err = sp_256_point_new_4(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_256_point_new_4(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 + 4 * 2 * 5), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (4 + 4 * 2 * 5), heap, + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 4; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 4; + sp_256_from_mp(k, 4, km); sp_256_point_from_ecc_point_4(point, gm); sp_256_point_from_ecc_point_4(addP, am); @@ -10072,13 +9918,12 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, err = sp_256_point_to_ecc_point_4(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(addP, 0, heap); - sp_256_point_free_4(point, 0, heap); return err; } @@ -22503,35 +22348,41 @@ static int sp_256_ecc_mulmod_add_only_4(sp_point_256* r, const sp_point_256* g, const sp_table_entry_256* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 rtd; - sp_point_256 pd; - sp_digit tmpd[2 * 4 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* rt = NULL; + sp_digit* tmp = NULL; +#else + sp_point_256 rt[2]; + sp_digit tmp[2 * 4 * 5]; #endif - sp_point_256* rt; sp_point_256* p = NULL; - sp_digit* tmp; - sp_digit* negy; + sp_digit* negy = NULL; int i; ecc_recode_256 v[37]; - int err; + int err = MP_OKAY; (void)g; (void)ct; (void)heap; - err = sp_256_point_new_4(heap, rtd, rt); - if (err == MP_OKAY) - err = sp_256_point_new_4(heap, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; -#else - tmp = tmpd; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap, + DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif - negy = tmp; + + if (err == MP_OKAY) { + negy = tmp; + p = rt + 1; + } if (err == MP_OKAY) { sp_256_ecc_recode_7_4(k, v); @@ -22576,16 +22427,19 @@ static int sp_256_ecc_mulmod_add_only_4(sp_point_256* r, const sp_point_256* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { - XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 4 * 5); - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); - } -#else - ForceZero(tmp, sizeof(sp_digit) * 2 * 4 * 5); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) +#endif + { + ForceZero(tmp, sizeof(sp_digit) * 2 * 4 * 5); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(p, 0, heap); - sp_256_point_free_4(rt, 0, heap); return MP_OKAY; } @@ -22628,35 +22482,41 @@ static int sp_256_ecc_mulmod_add_only_avx2_4(sp_point_256* r, const sp_point_256 const sp_table_entry_256* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 rtd; - sp_point_256 pd; - sp_digit tmpd[2 * 4 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* rt = NULL; + sp_digit* tmp = NULL; +#else + sp_point_256 rt[2]; + sp_digit tmp[2 * 4 * 5]; #endif - sp_point_256* rt; sp_point_256* p = NULL; - sp_digit* tmp; - sp_digit* negy; + sp_digit* negy = NULL; int i; ecc_recode_256 v[37]; - int err; + int err = MP_OKAY; (void)g; (void)ct; (void)heap; - err = sp_256_point_new_4(heap, rtd, rt); - if (err == MP_OKAY) - err = sp_256_point_new_4(heap, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; -#else - tmp = tmpd; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, heap, + DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif - negy = tmp; + + if (err == MP_OKAY) { + negy = tmp; + p = rt + 1; + } if (err == MP_OKAY) { sp_256_ecc_recode_7_4(k, v); @@ -22701,16 +22561,19 @@ static int sp_256_ecc_mulmod_add_only_avx2_4(sp_point_256* r, const sp_point_256 } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { - XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 4 * 5); - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); - } -#else - ForceZero(tmp, sizeof(sp_digit) * 2 * 4 * 5); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) +#endif + { + ForceZero(tmp, sizeof(sp_digit) * 2 * 4 * 5); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(p, 0, heap); - sp_256_point_free_4(rt, 0, heap); return MP_OKAY; } @@ -22745,29 +22608,31 @@ static int sp_256_ecc_mulmod_base_avx2_4(sp_point_256* r, const sp_digit* k, */ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[4]; -#endif - sp_point_256* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[1]; + sp_digit k[4]; +#endif int err = MP_OKAY; #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif - err = sp_256_point_new_4(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_256_from_mp(k, 4, km); @@ -22782,12 +22647,12 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) err = sp_256_point_to_ecc_point_4(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(point, 0, heap); return err; } @@ -22806,40 +22671,38 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_point_256 a; - sp_digit kd[4]; - sp_digit t[4 * 2 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; + sp_digit* k = NULL; +#else + sp_point_256 point[2]; + sp_digit k[4 + 4 * 2 * 5]; #endif - sp_point_256* point; sp_point_256* addP = NULL; sp_digit* tmp = NULL; - sp_digit* k = NULL; int err = MP_OKAY; #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif - err = sp_256_point_new_4(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_256_point_new_4(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (4 + 4 * 2 * 5), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (4 + 4 * 2 * 5), + heap, DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 4; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 4; + sp_256_from_mp(k, 4, km); sp_256_point_from_ecc_point_4(addP, am); } @@ -22880,13 +22743,12 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, err = sp_256_point_to_ecc_point_4(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(addP, 0, heap); - sp_256_point_free_4(point, 0, heap); return err; } @@ -22968,44 +22830,49 @@ static int sp_256_ecc_gen_k_4(WC_RNG* rng, sp_digit* k) */ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[4]; -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_point_256 inf; -#endif -#endif - sp_point_256* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* point = NULL; sp_digit* k = NULL; +#else + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + sp_point_256 point[2]; + #else + sp_point_256 point[1]; + #endif + sp_digit k[4]; +#endif #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN sp_point_256* infinity = NULL; #endif - int err; + int err = MP_OKAY; + #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif (void)heap; - err = sp_256_point_new_4(heap, p, point); -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - if (err == MP_OKAY) { - err = sp_256_point_new_4(heap, inf, infinity); - } -#endif -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, DYNAMIC_TYPE_ECC); + #else + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, DYNAMIC_TYPE_ECC); + #endif + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif if (err == MP_OKAY) { + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + infinity = point + 1; + #endif + err = sp_256_ecc_gen_k_4(rng, k); } if (err == MP_OKAY) { @@ -23042,15 +22909,14 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_256_point_to_ecc_point_4(point, pub); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); + if (point != NULL) { + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); } #endif -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_256_point_free_4(infinity, 1, heap); -#endif - sp_256_point_free_4(point, 1, heap); return err; } @@ -23094,12 +22960,13 @@ static void sp_256_to_bin(sp_digit* r, byte* a) int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, word32* outLen, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 p; - sp_digit kd[4]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_point_256* point = NULL; sp_digit* k = NULL; +#else + sp_point_256 point[1]; + sp_digit k[4]; +#endif int err = MP_OKAY; #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); @@ -23109,18 +22976,19 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, err = BUFFER_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_256_point_new_4(heap, p, point); + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif if (err == MP_OKAY) { @@ -23138,12 +23006,12 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, *outLen = 32; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(point, 0, heap); return err; } @@ -23930,22 +23798,17 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit ed[2*4]; - sp_digit xd[2*4]; - sp_digit kd[2*4]; - sp_digit rd[2*4]; - sp_digit td[3 * 2*4]; - sp_point_256 p; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* e = NULL; + sp_point_256* point = NULL; +#else + sp_digit e[7 * 2 * 4]; + sp_point_256 point[1]; +#endif sp_digit* x = NULL; sp_digit* k = NULL; sp_digit* r = NULL; sp_digit* tmp = NULL; - sp_point_256* point = NULL; sp_digit* s = NULL; int64_t c; int err = MP_OKAY; @@ -23956,31 +23819,26 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, (void)heap; - err = sp_256_point_new_4(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 4, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + point = (sp_point_256*)XMALLOC(sizeof(sp_point_256), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 4, heap, + DYNAMIC_TYPE_ECC); + if (e == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - e = d + 0 * 4; - x = d + 2 * 4; - k = d + 4 * 4; - r = d + 6 * 4; - tmp = d + 8 * 4; -#else - e = ed; - x = xd; - k = kd; - r = rd; - tmp = td; -#endif + x = e + 2 * 4; + k = e + 4 * 4; + r = e + 6 * 4; + tmp = e + 8 * 4; s = e; if (hashLen > 32U) { @@ -24040,19 +23898,24 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, err = sp_256_to_mp(s, sm); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 8 * 4); - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 2U * 4U); - XMEMSET(x, 0, sizeof(sp_digit) * 2U * 4U); - XMEMSET(k, 0, sizeof(sp_digit) * 2U * 4U); - XMEMSET(r, 0, sizeof(sp_digit) * 2U * 4U); - XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 4U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (e != NULL) #endif - sp_256_point_free_4(point, 1, heap); + { + ForceZero(e, sizeof(sp_digit) * 7 * 2 * 4); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(e, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (point != NULL) +#endif + { + ForceZero(point, sizeof(sp_point_256)); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(point, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -24400,52 +24263,41 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, int* res, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit u1d[2*4]; - sp_digit u2d[2*4]; - sp_digit sd[2*4]; - sp_digit tmpd[2*4 * 5]; - sp_point_256 p1d; - sp_point_256 p2d; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* u1 = NULL; + sp_point_256* p1 = NULL; +#else + sp_digit u1[16 * 4]; + sp_point_256 p1[2]; +#endif sp_digit* u2 = NULL; sp_digit* s = NULL; sp_digit* tmp = NULL; - sp_point_256* p1; sp_point_256* p2 = NULL; sp_digit carry; int64_t c = 0; - int err; + int err = MP_OKAY; - err = sp_256_point_new_4(heap, p1d, p1); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_256_point_new_4(heap, p2d, p2); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 4, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + p1 = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (p1 == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 4, heap, + DYNAMIC_TYPE_ECC); + if (u1 == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - u1 = d + 0 * 4; - u2 = d + 2 * 4; - s = d + 4 * 4; - tmp = d + 6 * 4; -#else - u1 = u1d; - u2 = u2d; - s = sd; - tmp = tmpd; -#endif + u2 = u1 + 2 * 4; + s = u1 + 4 * 4; + tmp = u1 + 6 * 4; + p2 = p1 + 1; if (hashLen > 32U) { hashLen = 32U; @@ -24496,12 +24348,12 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) - XFREE(d, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (u1 != NULL) + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + if (p1 != NULL) + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(p1, 0, heap); - sp_256_point_free_4(p2, 0, heap); return err; } @@ -24518,32 +24370,23 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, static int sp_256_ecc_is_point_4(const sp_point_256* point, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2*4]; - sp_digit t2d[2*4]; + sp_digit t1[4 * 4]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 4, heap, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 4, heap, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif (void)heap; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 4; - t2 = d + 2 * 4; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 4; sp_256_sqr_4(t1, point->y); (void)sp_256_mod_4(t1, t1, p256_mod); @@ -24563,10 +24406,9 @@ static int sp_256_ecc_is_point_4(const sp_point_256* point, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24581,14 +24423,21 @@ static int sp_256_ecc_is_point_4(const sp_point_256* point, */ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_256 pubd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_256* pub = NULL; +#else + sp_point_256 pub[1]; +#endif + const byte one[1] = { 1 }; + int err = MP_OKAY; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; #endif - sp_point_256* pub; - byte one[1] = { 1 }; - int err; - err = sp_256_point_new_4(NULL, pubd, pub); if (err == MP_OKAY) { sp_256_from_mp(pub->x, 4, pX); sp_256_from_mp(pub->y, 4, pY); @@ -24597,7 +24446,10 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) err = sp_256_ecc_is_point_4(pub, NULL); } - sp_256_point_free_4(pub, 0, NULL); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -24616,48 +24468,48 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, const mp_int* privm, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit privd[4]; - sp_point_256 pubd; - sp_point_256 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* priv = NULL; - sp_point_256* pub; + sp_point_256* pub = NULL; +#else + sp_digit priv[4]; + sp_point_256 pub[2]; +#endif sp_point_256* p = NULL; - byte one[1] = { 1 }; - int err; + const byte one[1] = { 1 }; + int err = MP_OKAY; #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif - err = sp_256_point_new_4(heap, pubd, pub); - if (err == MP_OKAY) { - err = sp_256_point_new_4(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY && privm) { - priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4, heap, - DYNAMIC_TYPE_ECC); - if (priv == NULL) { - err = MEMORY_E; - } - } -#endif /* Quick check the lengs of public key ordinates and private key are in * range. Proper check later. */ - if ((err == MP_OKAY) && ((mp_count_bits(pX) > 256) || + if (((mp_count_bits(pX) > 256) || (mp_count_bits(pY) > 256) || ((privm != NULL) && (mp_count_bits(privm) > 256)))) { err = ECC_OUT_OF_RANGE_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - priv = privd; + pub = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, heap, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY && privm) { + priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4, heap, + DYNAMIC_TYPE_ECC); + if (priv == NULL) + err = MEMORY_E; + } #endif + if (err == MP_OKAY) { + p = pub + 1; + sp_256_from_mp(pub->x, 4, pX); sp_256_from_mp(pub->y, 4, pY); sp_256_from_bin(pub->z, 4, one, (int)sizeof(one)); @@ -24716,13 +24568,12 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (priv != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + if (priv != NULL) XFREE(priv, heap, DYNAMIC_TYPE_ECC); - } #endif - sp_256_point_free_4(p, 0, heap); - sp_256_point_free_4(pub, 0, heap); return err; } @@ -24746,36 +24597,38 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* qX, mp_int* qY, mp_int* qZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 4 * 5]; - sp_point_256 pd; - sp_point_256 qd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_256* p; + sp_point_256* p = NULL; +#else + sp_digit tmp[2 * 4 * 5]; + sp_point_256 p[2]; +#endif sp_point_256* q = NULL; int err; #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif - err = sp_256_point_new_4(NULL, pd, p); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_256_point_new_4(NULL, qd, q); + p = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 2, NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 5, NULL, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (tmp == NULL) { err = MEMORY_E; } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { + q = p + 1; + sp_256_from_mp(p->x, 4, pX); sp_256_from_mp(p->y, 4, pY); sp_256_from_mp(p->z, 4, pZ); @@ -24801,13 +24654,12 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_256_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(q, 0, NULL); - sp_256_point_free_4(p, 0, NULL); return err; } @@ -24826,28 +24678,31 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 4 * 2]; - sp_point_256 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_256* p; - int err; + sp_point_256* p = NULL; +#else + sp_digit tmp[2 * 4 * 2]; + sp_point_256 p[1]; +#endif + int err = MP_OKAY; #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif - err = sp_256_point_new_4(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 2, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { @@ -24873,12 +24728,12 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_256_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(p, 0, NULL); return err; } @@ -24893,28 +24748,32 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, */ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 4 * 4]; - sp_point_256 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_256* p; - int err; + sp_point_256* p = NULL; +#else + sp_digit tmp[2 * 4 * 4]; + sp_point_256 p[1]; +#endif + int err = MP_OKAY; + #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif - err = sp_256_point_new_4(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_256*)XMALLOC(sizeof(sp_point_256), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 4 * 4, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { sp_256_from_mp(p->x, 4, pX); @@ -24939,12 +24798,12 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) err = sp_256_to_mp(p->z, pZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_256_point_free_4(p, 0, NULL); return err; } @@ -24957,34 +24816,26 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) */ static int sp_256_mont_sqrt_4(sp_digit* y) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2 * 4]; - sp_digit t2d[2 * 4]; + sp_digit t1[4 * 4]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 4, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 4, NULL, DYNAMIC_TYPE_ECC); + if (t1 == NULL) { err = MEMORY_E; } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 4; - t2 = d + 2 * 4; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 4; #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { @@ -25053,10 +24904,9 @@ static int sp_256_mont_sqrt_4(sp_digit* y) } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -25072,34 +24922,25 @@ static int sp_256_mont_sqrt_4(sp_digit* y) */ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; -#else - sp_digit xd[2 * 4]; - sp_digit yd[2 * 4]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* x = NULL; +#else + sp_digit x[4 * 4]; +#endif sp_digit* y = NULL; int err = MP_OKAY; #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 4, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 4, NULL, DYNAMIC_TYPE_ECC); + if (x == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - x = d + 0 * 4; - y = d + 2 * 4; -#else - x = xd; - y = yd; -#endif + y = x + 2 * 4; sp_256_from_mp(x, 4, xm); err = sp_256_mod_mul_norm_4(x, x, p256_mod); @@ -25139,10 +24980,9 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) err = sp_256_to_mp(y, ym); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (x != NULL) + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -25235,64 +25075,6 @@ extern void sp_384_mul_6(sp_digit* r, const sp_digit* a, const sp_digit* b); extern void sp_384_sqr_6(sp_digit* r, const sp_digit* a); extern sp_digit sp_384_add_6(sp_digit* r, const sp_digit* a, const sp_digit* b); extern sp_digit sp_384_sub_6(sp_digit* r, const sp_digit* a, const sp_digit* b); -/* Create a new point. - * - * heap [in] Buffer to allocate dynamic memory from. - * sp [in] Data for point - only if not allocating. - * p [out] New point. - * returns MEMORY_E when dynamic memory allocation fails and 0 otherwise. - */ -static int sp_384_point_new_ex_6(void* heap, sp_point_384* sp, - sp_point_384** p) -{ - int ret = MP_OKAY; - (void)heap; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - (void)sp; - *p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC); -#else - *p = sp; -#endif - if (*p == NULL) { - ret = MEMORY_E; - } - return ret; -} - -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* Allocate memory for point and return error. */ -#define sp_384_point_new_6(heap, sp, p) sp_384_point_new_ex_6((heap), NULL, &(p)) -#else -/* Set pointer to data and return no error. */ -#define sp_384_point_new_6(heap, sp, p) sp_384_point_new_ex_6((heap), &(sp), &(p)) -#endif - - -/* Free the point. - * - * p [in,out] Point to free. - * clear [in] Indicates whether to zeroize point. - * heap [in] Buffer from which dynamic memory was allocate from. - */ -static void sp_384_point_free_6(sp_point_384* p, int clear, void* heap) -{ -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) -/* If valid pointer then clear point data if requested and free data. */ - if (p != NULL) { - if (clear != 0) { - XMEMSET(p, 0, sizeof(*p)); - } - XFREE(p, heap, DYNAMIC_TYPE_ECC); - } -#else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { - XMEMSET(p, 0, sizeof(*p)); - } -#endif - (void)heap; -} - /* Multiply a number by Montogmery normalizer mod modulus (prime). * * r The resulting Montgomery form number. @@ -25302,34 +25084,25 @@ static void sp_384_point_free_6(sp_point_384* p, int clear, void* heap) */ static int sp_384_mod_mul_norm_6(sp_digit* r, const sp_digit* a, const sp_digit* m) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - int64_t* td; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + int64_t* t = NULL; #else - int64_t td[12]; - int64_t a32d[12]; + int64_t t[2 * 12]; #endif - int64_t* t; - int64_t* a32; + int64_t* a32 = NULL; int64_t o; int err = MP_OKAY; (void)m; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - td = (int64_t*)XMALLOC(sizeof(int64_t) * 2 * 12, NULL, DYNAMIC_TYPE_ECC); - if (td == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (int64_t*)XMALLOC(sizeof(int64_t) * 2 * 12, NULL, DYNAMIC_TYPE_ECC); + if (t == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = td; - a32 = td + 12; -#else - t = td; - a32 = a32d; -#endif + a32 = t + 12; a32[0] = a[0] & 0xffffffff; a32[1] = a[0] >> 32; @@ -25405,9 +25178,9 @@ static int sp_384_mod_mul_norm_6(sp_digit* r, const sp_digit* a, const sp_digit* r[5] = (t[11] << 32) | t[10]; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -26706,43 +26479,41 @@ extern void sp_384_get_point_33_avx2_6(sp_point_384* r, const sp_point_384* tabl static int sp_384_ecc_mulmod_win_add_sub_6(sp_point_384* r, const sp_point_384* g, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 td[33]; - sp_point_384 rtd; - sp_point_384 pd; - sp_digit tmpd[2 * 6 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* t = NULL; + sp_digit* tmp = NULL; +#else + sp_point_384 t[33+2]; + sp_digit tmp[2 * 6 * 6]; #endif - sp_point_384* t; - sp_point_384* rt; + sp_point_384* rt = NULL; sp_point_384* p = NULL; - sp_digit* tmp; sp_digit* negy; int i; ecc_recode_384 v[65]; - int err; + int err = MP_OKAY; /* Constant time used for cache attack resistance implementation. */ (void)ct; (void)heap; - err = sp_384_point_new_6(heap, rtd, rt); - if (err == MP_OKAY) - err = sp_384_point_new_6(heap, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 33, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * + (33+2), heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; -#else - t = td; - tmp = tmpd; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, + heap, DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif - if (err == MP_OKAY) { + rt = t + 33; + p = t + 33+1; + /* t[0] = {0, 0, 1} * norm */ XMEMSET(&t[0], 0, sizeof(t[0])); t[0].infinity = 1; @@ -26822,14 +26593,12 @@ static int sp_384_ecc_mulmod_win_add_sub_6(sp_point_384* r, const sp_point_384* } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); if (tmp != NULL) XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(p, 0, heap); - sp_384_point_free_6(rt, 0, heap); return err; } @@ -27782,43 +27551,41 @@ static void sp_384_proj_point_add_sub_avx2_6(sp_point_384* ra, static int sp_384_ecc_mulmod_win_add_sub_avx2_6(sp_point_384* r, const sp_point_384* g, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 td[33]; - sp_point_384 rtd; - sp_point_384 pd; - sp_digit tmpd[2 * 6 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* t = NULL; + sp_digit* tmp = NULL; +#else + sp_point_384 t[33+2]; + sp_digit tmp[2 * 6 * 6]; #endif - sp_point_384* t; - sp_point_384* rt; + sp_point_384* rt = NULL; sp_point_384* p = NULL; - sp_digit* tmp; sp_digit* negy; int i; ecc_recode_384 v[65]; - int err; + int err = MP_OKAY; /* Constant time used for cache attack resistance implementation. */ (void)ct; (void)heap; - err = sp_384_point_new_6(heap, rtd, rt); - if (err == MP_OKAY) - err = sp_384_point_new_6(heap, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 33, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * + (33+2), heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; -#else - t = td; - tmp = tmpd; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, + heap, DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif - if (err == MP_OKAY) { + rt = t + 33; + p = t + 33+1; + /* t[0] = {0, 0, 1} * norm */ XMEMSET(&t[0], 0, sizeof(t[0])); t[0].infinity = 1; @@ -27898,14 +27665,12 @@ static int sp_384_ecc_mulmod_win_add_sub_avx2_6(sp_point_384* r, const sp_point_ } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); if (tmp != NULL) XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(p, 0, heap); - sp_384_point_free_6(rt, 0, heap); return err; } @@ -28038,29 +27803,30 @@ static void sp_384_proj_to_affine_6(sp_point_384* a, sp_digit* t) static int sp_384_gen_stripe_table_6(const sp_point_384* a, sp_table_entry_384* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 td; - sp_point_384 s1d; - sp_point_384 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* t = NULL; +#else + sp_point_384 t[3]; #endif - sp_point_384* t; sp_point_384* s1 = NULL; sp_point_384* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_384_point_new_6(heap, td, t); - if (err == MP_OKAY) { - err = sp_384_point_new_6(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_384_point_new_6(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_384_mod_mul_norm_6(t->x, a->x, p384_mod); } if (err == MP_OKAY) { @@ -28105,9 +27871,10 @@ static int sp_384_gen_stripe_table_6(const sp_point_384* a, } } - sp_384_point_free_6(s2, 0, heap); - sp_384_point_free_6(s1, 0, heap); - sp_384_point_free_6( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -28136,19 +27903,19 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g, const sp_table_entry_384* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 rtd; - sp_point_384 pd; - sp_digit td[2 * 6 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_384 rt[2]; + sp_digit t[2 * 6 * 6]; #endif - sp_point_384* rt; sp_point_384* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -28156,21 +27923,22 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g, (void)heap; - err = sp_384_point_new_6(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_384_point_new_6(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p384_norm_mod, sizeof(p384_norm_mod)); XMEMCPY(rt->z, p384_norm_mod, sizeof(p384_norm_mod)); @@ -28221,13 +27989,12 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(p, 0, heap); - sp_384_point_free_6(rt, 0, heap); return err; } @@ -28500,29 +28267,30 @@ static void sp_384_proj_to_affine_avx2_6(sp_point_384* a, sp_digit* t) static int sp_384_gen_stripe_table_avx2_6(const sp_point_384* a, sp_table_entry_384* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 td; - sp_point_384 s1d; - sp_point_384 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* t = NULL; +#else + sp_point_384 t[3]; #endif - sp_point_384* t; sp_point_384* s1 = NULL; sp_point_384* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_384_point_new_6(heap, td, t); - if (err == MP_OKAY) { - err = sp_384_point_new_6(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_384_point_new_6(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_384_mod_mul_norm_avx2_6(t->x, a->x, p384_mod); } if (err == MP_OKAY) { @@ -28567,9 +28335,10 @@ static int sp_384_gen_stripe_table_avx2_6(const sp_point_384* a, } } - sp_384_point_free_6(s2, 0, heap); - sp_384_point_free_6(s1, 0, heap); - sp_384_point_free_6( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -28596,19 +28365,19 @@ static int sp_384_ecc_mulmod_stripe_avx2_6(sp_point_384* r, const sp_point_384* const sp_table_entry_384* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 rtd; - sp_point_384 pd; - sp_digit td[2 * 6 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_384 rt[2]; + sp_digit t[2 * 6 * 6]; #endif - sp_point_384* rt; sp_point_384* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -28616,21 +28385,22 @@ static int sp_384_ecc_mulmod_stripe_avx2_6(sp_point_384* r, const sp_point_384* (void)heap; - err = sp_384_point_new_6(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_384_point_new_6(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p384_norm_mod, sizeof(p384_norm_mod)); XMEMCPY(rt->z, p384_norm_mod, sizeof(p384_norm_mod)); @@ -28681,13 +28451,12 @@ static int sp_384_ecc_mulmod_stripe_avx2_6(sp_point_384* r, const sp_point_384* } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(p, 0, heap); - sp_384_point_free_6(rt, 0, heap); return err; } @@ -28759,28 +28528,31 @@ static int sp_384_ecc_mulmod_avx2_6(sp_point_384* r, const sp_point_384* g, cons int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[6]; -#endif - sp_point_384* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[1]; + sp_digit k[6]; +#endif int err = MP_OKAY; #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif - err = sp_384_point_new_6(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_384_from_mp(k, 6, km); sp_384_point_from_ecc_point_6(point, gm); @@ -28796,12 +28568,12 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, err = sp_384_point_to_ecc_point_6(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(point, 0, heap); return err; } @@ -28821,40 +28593,38 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_point_384 a; - sp_digit kd[6]; - sp_digit t[6 * 2 * 6]; -#endif - sp_point_384* point; - sp_point_384* addP = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[2]; + sp_digit k[6 + 6 * 2 * 6]; +#endif + sp_point_384* addP = NULL; sp_digit* tmp = NULL; int err = MP_OKAY; #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif - err = sp_384_point_new_6(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_384_point_new_6(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (6 + 6 * 2 * 6), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (6 + 6 * 2 * 6), heap, + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 6; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 6; + sp_384_from_mp(k, 6, km); sp_384_point_from_ecc_point_6(point, gm); sp_384_point_from_ecc_point_6(addP, am); @@ -28896,13 +28666,12 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, err = sp_384_point_to_ecc_point_6(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(addP, 0, heap); - sp_384_point_free_6(point, 0, heap); return err; } @@ -47141,35 +46910,41 @@ static int sp_384_ecc_mulmod_add_only_6(sp_point_384* r, const sp_point_384* g, const sp_table_entry_384* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 rtd; - sp_point_384 pd; - sp_digit tmpd[2 * 6 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* rt = NULL; + sp_digit* tmp = NULL; +#else + sp_point_384 rt[2]; + sp_digit tmp[2 * 6 * 6]; #endif - sp_point_384* rt; sp_point_384* p = NULL; - sp_digit* tmp; - sp_digit* negy; + sp_digit* negy = NULL; int i; ecc_recode_384 v[55]; - int err; + int err = MP_OKAY; (void)g; (void)ct; (void)heap; - err = sp_384_point_new_6(heap, rtd, rt); - if (err == MP_OKAY) - err = sp_384_point_new_6(heap, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; -#else - tmp = tmpd; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap, + DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif - negy = tmp; + + if (err == MP_OKAY) { + negy = tmp; + p = rt + 1; + } if (err == MP_OKAY) { sp_384_ecc_recode_7_6(k, v); @@ -47214,16 +46989,19 @@ static int sp_384_ecc_mulmod_add_only_6(sp_point_384* r, const sp_point_384* g, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { - XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 6 * 6); - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); - } -#else - ForceZero(tmp, sizeof(sp_digit) * 2 * 6 * 6); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) +#endif + { + ForceZero(tmp, sizeof(sp_digit) * 2 * 6 * 6); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(p, 0, heap); - sp_384_point_free_6(rt, 0, heap); return MP_OKAY; } @@ -47266,35 +47044,41 @@ static int sp_384_ecc_mulmod_add_only_avx2_6(sp_point_384* r, const sp_point_384 const sp_table_entry_384* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 rtd; - sp_point_384 pd; - sp_digit tmpd[2 * 6 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* rt = NULL; + sp_digit* tmp = NULL; +#else + sp_point_384 rt[2]; + sp_digit tmp[2 * 6 * 6]; #endif - sp_point_384* rt; sp_point_384* p = NULL; - sp_digit* tmp; - sp_digit* negy; + sp_digit* negy = NULL; int i; ecc_recode_384 v[55]; - int err; + int err = MP_OKAY; (void)g; (void)ct; (void)heap; - err = sp_384_point_new_6(heap, rtd, rt); - if (err == MP_OKAY) - err = sp_384_point_new_6(heap, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; -#else - tmp = tmpd; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, heap, + DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif - negy = tmp; + + if (err == MP_OKAY) { + negy = tmp; + p = rt + 1; + } if (err == MP_OKAY) { sp_384_ecc_recode_7_6(k, v); @@ -47339,16 +47123,19 @@ static int sp_384_ecc_mulmod_add_only_avx2_6(sp_point_384* r, const sp_point_384 } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { - XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 6 * 6); - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); - } -#else - ForceZero(tmp, sizeof(sp_digit) * 2 * 6 * 6); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) +#endif + { + ForceZero(tmp, sizeof(sp_digit) * 2 * 6 * 6); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(p, 0, heap); - sp_384_point_free_6(rt, 0, heap); return MP_OKAY; } @@ -47383,29 +47170,31 @@ static int sp_384_ecc_mulmod_base_avx2_6(sp_point_384* r, const sp_digit* k, */ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[6]; -#endif - sp_point_384* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[1]; + sp_digit k[6]; +#endif int err = MP_OKAY; #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif - err = sp_384_point_new_6(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_384_from_mp(k, 6, km); @@ -47420,12 +47209,12 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) err = sp_384_point_to_ecc_point_6(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(point, 0, heap); return err; } @@ -47444,40 +47233,38 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_point_384 a; - sp_digit kd[6]; - sp_digit t[6 * 2 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; + sp_digit* k = NULL; +#else + sp_point_384 point[2]; + sp_digit k[6 + 6 * 2 * 6]; #endif - sp_point_384* point; sp_point_384* addP = NULL; sp_digit* tmp = NULL; - sp_digit* k = NULL; int err = MP_OKAY; #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif - err = sp_384_point_new_6(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_384_point_new_6(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (6 + 6 * 2 * 6), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (6 + 6 * 2 * 6), + heap, DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 6; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 6; + sp_384_from_mp(k, 6, km); sp_384_point_from_ecc_point_6(addP, am); } @@ -47518,13 +47305,12 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, err = sp_384_point_to_ecc_point_6(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(addP, 0, heap); - sp_384_point_free_6(point, 0, heap); return err; } @@ -47606,44 +47392,49 @@ static int sp_384_ecc_gen_k_6(WC_RNG* rng, sp_digit* k) */ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[6]; -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_point_384 inf; -#endif -#endif - sp_point_384* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* point = NULL; sp_digit* k = NULL; +#else + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + sp_point_384 point[2]; + #else + sp_point_384 point[1]; + #endif + sp_digit k[6]; +#endif #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN sp_point_384* infinity = NULL; #endif - int err; + int err = MP_OKAY; + #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif (void)heap; - err = sp_384_point_new_6(heap, p, point); -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - if (err == MP_OKAY) { - err = sp_384_point_new_6(heap, inf, infinity); - } -#endif -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, DYNAMIC_TYPE_ECC); + #else + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, DYNAMIC_TYPE_ECC); + #endif + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif if (err == MP_OKAY) { + #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + infinity = point + 1; + #endif + err = sp_384_ecc_gen_k_6(rng, k); } if (err == MP_OKAY) { @@ -47680,15 +47471,14 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_384_point_to_ecc_point_6(point, pub); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); + if (point != NULL) { + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); } #endif -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN - sp_384_point_free_6(infinity, 1, heap); -#endif - sp_384_point_free_6(point, 1, heap); return err; } @@ -47732,12 +47522,13 @@ static void sp_384_to_bin(sp_digit* r, byte* a) int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, word32* outLen, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 p; - sp_digit kd[6]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_point_384* point = NULL; sp_digit* k = NULL; +#else + sp_point_384 point[1]; + sp_digit k[6]; +#endif int err = MP_OKAY; #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); @@ -47747,18 +47538,19 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, err = BUFFER_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_384_point_new_6(heap, p, point); + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif if (err == MP_OKAY) { @@ -47776,12 +47568,12 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, *outLen = 48; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(point, 0, heap); return err; } @@ -48515,22 +48307,17 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, const mp_int* priv, mp_int* rm, mp_int* sm, mp_int* km, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit ed[2*6]; - sp_digit xd[2*6]; - sp_digit kd[2*6]; - sp_digit rd[2*6]; - sp_digit td[3 * 2*6]; - sp_point_384 p; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* e = NULL; + sp_point_384* point = NULL; +#else + sp_digit e[7 * 2 * 6]; + sp_point_384 point[1]; +#endif sp_digit* x = NULL; sp_digit* k = NULL; sp_digit* r = NULL; sp_digit* tmp = NULL; - sp_point_384* point = NULL; sp_digit* s = NULL; int64_t c; int err = MP_OKAY; @@ -48541,31 +48328,26 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, (void)heap; - err = sp_384_point_new_6(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 6, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + point = (sp_point_384*)XMALLOC(sizeof(sp_point_384), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + e = (sp_digit*)XMALLOC(sizeof(sp_digit) * 7 * 2 * 6, heap, + DYNAMIC_TYPE_ECC); + if (e == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - e = d + 0 * 6; - x = d + 2 * 6; - k = d + 4 * 6; - r = d + 6 * 6; - tmp = d + 8 * 6; -#else - e = ed; - x = xd; - k = kd; - r = rd; - tmp = td; -#endif + x = e + 2 * 6; + k = e + 4 * 6; + r = e + 6 * 6; + tmp = e + 8 * 6; s = e; if (hashLen > 48U) { @@ -48625,19 +48407,24 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, err = sp_384_to_mp(s, sm); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XMEMSET(d, 0, sizeof(sp_digit) * 8 * 6); - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } -#else - XMEMSET(e, 0, sizeof(sp_digit) * 2U * 6U); - XMEMSET(x, 0, sizeof(sp_digit) * 2U * 6U); - XMEMSET(k, 0, sizeof(sp_digit) * 2U * 6U); - XMEMSET(r, 0, sizeof(sp_digit) * 2U * 6U); - XMEMSET(tmp, 0, sizeof(sp_digit) * 3U * 2U * 6U); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (e != NULL) #endif - sp_384_point_free_6(point, 1, heap); + { + ForceZero(e, sizeof(sp_digit) * 7 * 2 * 6); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(e, heap, DYNAMIC_TYPE_ECC); + #endif + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (point != NULL) +#endif + { + ForceZero(point, sizeof(sp_point_384)); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + XFREE(point, heap, DYNAMIC_TYPE_ECC); + #endif + } return err; } @@ -49062,52 +48849,41 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, int* res, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; -#else - sp_digit u1d[2*6]; - sp_digit u2d[2*6]; - sp_digit sd[2*6]; - sp_digit tmpd[2*6 * 5]; - sp_point_384 p1d; - sp_point_384 p2d; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* u1 = NULL; + sp_point_384* p1 = NULL; +#else + sp_digit u1[16 * 6]; + sp_point_384 p1[2]; +#endif sp_digit* u2 = NULL; sp_digit* s = NULL; sp_digit* tmp = NULL; - sp_point_384* p1; sp_point_384* p2 = NULL; sp_digit carry; int64_t c = 0; - int err; + int err = MP_OKAY; - err = sp_384_point_new_6(heap, p1d, p1); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_384_point_new_6(heap, p2d, p2); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 6, heap, - DYNAMIC_TYPE_ECC); - if (d == NULL) { + p1 = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (p1 == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY) { + u1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 6, heap, + DYNAMIC_TYPE_ECC); + if (u1 == NULL) err = MEMORY_E; - } } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - u1 = d + 0 * 6; - u2 = d + 2 * 6; - s = d + 4 * 6; - tmp = d + 6 * 6; -#else - u1 = u1d; - u2 = u2d; - s = sd; - tmp = tmpd; -#endif + u2 = u1 + 2 * 6; + s = u1 + 4 * 6; + tmp = u1 + 6 * 6; + p2 = p1 + 1; if (hashLen > 48U) { hashLen = 48U; @@ -49158,12 +48934,12 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) - XFREE(d, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (u1 != NULL) + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + if (p1 != NULL) + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(p1, 0, heap); - sp_384_point_free_6(p2, 0, heap); return err; } @@ -49180,32 +48956,23 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, static int sp_384_ecc_is_point_6(const sp_point_384* point, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2*6]; - sp_digit t2d[2*6]; + sp_digit t1[6 * 4]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6 * 4, heap, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6 * 4, heap, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif (void)heap; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 6; - t2 = d + 2 * 6; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 6; sp_384_sqr_6(t1, point->y); (void)sp_384_mod_6(t1, t1, p384_mod); @@ -49225,10 +48992,9 @@ static int sp_384_ecc_is_point_6(const sp_point_384* point, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -49243,14 +49009,21 @@ static int sp_384_ecc_is_point_6(const sp_point_384* point, */ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_384 pubd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_384* pub = NULL; +#else + sp_point_384 pub[1]; +#endif + const byte one[1] = { 1 }; + int err = MP_OKAY; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; #endif - sp_point_384* pub; - byte one[1] = { 1 }; - int err; - err = sp_384_point_new_6(NULL, pubd, pub); if (err == MP_OKAY) { sp_384_from_mp(pub->x, 6, pX); sp_384_from_mp(pub->y, 6, pY); @@ -49259,7 +49032,10 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) err = sp_384_ecc_is_point_6(pub, NULL); } - sp_384_point_free_6(pub, 0, NULL); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -49278,48 +49054,48 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, const mp_int* privm, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit privd[6]; - sp_point_384 pubd; - sp_point_384 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* priv = NULL; - sp_point_384* pub; + sp_point_384* pub = NULL; +#else + sp_digit priv[6]; + sp_point_384 pub[2]; +#endif sp_point_384* p = NULL; - byte one[1] = { 1 }; - int err; + const byte one[1] = { 1 }; + int err = MP_OKAY; #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif - err = sp_384_point_new_6(heap, pubd, pub); - if (err == MP_OKAY) { - err = sp_384_point_new_6(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY && privm) { - priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6, heap, - DYNAMIC_TYPE_ECC); - if (priv == NULL) { - err = MEMORY_E; - } - } -#endif /* Quick check the lengs of public key ordinates and private key are in * range. Proper check later. */ - if ((err == MP_OKAY) && ((mp_count_bits(pX) > 384) || + if (((mp_count_bits(pX) > 384) || (mp_count_bits(pY) > 384) || ((privm != NULL) && (mp_count_bits(privm) > 384)))) { err = ECC_OUT_OF_RANGE_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - priv = privd; + pub = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, heap, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY && privm) { + priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 6, heap, + DYNAMIC_TYPE_ECC); + if (priv == NULL) + err = MEMORY_E; + } #endif + if (err == MP_OKAY) { + p = pub + 1; + sp_384_from_mp(pub->x, 6, pX); sp_384_from_mp(pub->y, 6, pY); sp_384_from_bin(pub->z, 6, one, (int)sizeof(one)); @@ -49378,13 +49154,12 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (priv != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + if (priv != NULL) XFREE(priv, heap, DYNAMIC_TYPE_ECC); - } #endif - sp_384_point_free_6(p, 0, heap); - sp_384_point_free_6(pub, 0, heap); return err; } @@ -49408,36 +49183,38 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* qX, mp_int* qY, mp_int* qZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 6 * 5]; - sp_point_384 pd; - sp_point_384 qd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_384* p; + sp_point_384* p = NULL; +#else + sp_digit tmp[2 * 6 * 5]; + sp_point_384 p[2]; +#endif sp_point_384* q = NULL; int err; #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif - err = sp_384_point_new_6(NULL, pd, p); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { - err = sp_384_point_new_6(NULL, qd, q); + p = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 2, NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 5, NULL, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (tmp == NULL) { err = MEMORY_E; } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { + q = p + 1; + sp_384_from_mp(p->x, 6, pX); sp_384_from_mp(p->y, 6, pY); sp_384_from_mp(p->z, 6, pZ); @@ -49463,13 +49240,12 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_384_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(q, 0, NULL); - sp_384_point_free_6(p, 0, NULL); return err; } @@ -49488,28 +49264,31 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, mp_int* rX, mp_int* rY, mp_int* rZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 6 * 2]; - sp_point_384 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_384* p; - int err; + sp_point_384* p = NULL; +#else + sp_digit tmp[2 * 6 * 2]; + sp_point_384 p[1]; +#endif + int err = MP_OKAY; #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif - err = sp_384_point_new_6(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 2, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { @@ -49535,12 +49314,12 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, err = sp_384_to_mp(p->z, rZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(p, 0, NULL); return err; } @@ -49555,28 +49334,32 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, */ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit tmpd[2 * 6 * 6]; - sp_point_384 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* tmp = NULL; - sp_point_384* p; - int err; + sp_point_384* p = NULL; +#else + sp_digit tmp[2 * 6 * 6]; + sp_point_384 p[1]; +#endif + int err = MP_OKAY; + #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif - err = sp_384_point_new_6(NULL, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + p = (sp_point_384*)XMALLOC(sizeof(sp_point_384), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 6 * 6, NULL, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) { + DYNAMIC_TYPE_ECC); + if (tmp == NULL) err = MEMORY_E; - } } -#else - tmp = tmpd; #endif if (err == MP_OKAY) { sp_384_from_mp(p->x, 6, pX); @@ -49601,12 +49384,12 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) err = sp_384_to_mp(p->z, pZ); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (tmp != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (tmp != NULL) XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + if (p != NULL) + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif - sp_384_point_free_6(p, 0, NULL); return err; } @@ -49619,46 +49402,31 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) */ static int sp_384_mont_sqrt_6(sp_digit* y) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2 * 6]; - sp_digit t2d[2 * 6]; - sp_digit t3d[2 * 6]; - sp_digit t4d[2 * 6]; - sp_digit t5d[2 * 6]; + sp_digit t1[5 * 2 * 6]; #endif - sp_digit* t1; - sp_digit* t2; - sp_digit* t3; - sp_digit* t4; - sp_digit* t5; + sp_digit* t2 = NULL; + sp_digit* t3 = NULL; + sp_digit* t4 = NULL; + sp_digit* t5 = NULL; int err = MP_OKAY; #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 6, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 6, NULL, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 6; - t2 = d + 2 * 6; - t3 = d + 4 * 6; - t4 = d + 6 * 6; - t5 = d + 8 * 6; -#else - t1 = t1d; - t2 = t2d; - t3 = t3d; - t4 = t4d; - t5 = t5d; -#endif + t2 = t1 + 2 * 6; + t3 = t1 + 4 * 6; + t4 = t1 + 6 * 6; + t5 = t1 + 8 * 6; #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { @@ -49777,10 +49545,9 @@ static int sp_384_mont_sqrt_6(sp_digit* y) } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -49796,34 +49563,25 @@ static int sp_384_mont_sqrt_6(sp_digit* y) */ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d; -#else - sp_digit xd[2 * 6]; - sp_digit yd[2 * 6]; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* x = NULL; +#else + sp_digit x[4 * 6]; +#endif sp_digit* y = NULL; int err = MP_OKAY; #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 6, NULL, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + x = (sp_digit*)XMALLOC(sizeof(sp_digit) * 4 * 6, NULL, DYNAMIC_TYPE_ECC); + if (x == NULL) err = MEMORY_E; - } #endif if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - x = d + 0 * 6; - y = d + 2 * 6; -#else - x = xd; - y = yd; -#endif + y = x + 2 * 6; sp_384_from_mp(x, 6, xm); err = sp_384_mod_mul_norm_6(x, x, p384_mod); @@ -49863,10 +49621,9 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) err = sp_384_to_mp(y, ym); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (x != NULL) + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -50138,6 +49895,8 @@ static int sp_1024_mod_mul_norm_avx2_16(sp_digit* r, const sp_digit* a, const sp } #endif /* HAVE_INTEL_AVX2 */ + +#ifdef WOLFCRYPT_HAVE_SAKKE /* Create a new point. * * heap [in] Buffer to allocate dynamic memory from. @@ -50169,8 +49928,8 @@ static int sp_1024_point_new_ex_16(void* heap, sp_point_1024* sp, /* Set pointer to data and return no error. */ #define sp_1024_point_new_16(heap, sp, p) sp_1024_point_new_ex_16((heap), &(sp), &(p)) #endif - - +#endif /* WOLFCRYPT_HAVE_SAKKE */ +#ifdef WOLFCRYPT_HAVE_SAKKE /* Free the point. * * p [in,out] Point to free. @@ -50195,6 +49954,7 @@ static void sp_1024_point_free_16(sp_point_1024* p, int clear, void* heap) #endif (void)heap; } +#endif /* WOLFCRYPT_HAVE_SAKKE */ /* Convert an mp_int to an array of sp_digit. * @@ -51381,43 +51141,41 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v) static int sp_1024_ecc_mulmod_win_add_sub_16(sp_point_1024* r, const sp_point_1024* g, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 td[65]; - sp_point_1024 rtd; - sp_point_1024 pd; - sp_digit tmpd[2 * 16 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* t = NULL; + sp_digit* tmp = NULL; +#else + sp_point_1024 t[65+2]; + sp_digit tmp[2 * 16 * 6]; #endif - sp_point_1024* t; - sp_point_1024* rt; + sp_point_1024* rt = NULL; sp_point_1024* p = NULL; - sp_digit* tmp; sp_digit* negy; int i; ecc_recode_1024 v[147]; - int err; + int err = MP_OKAY; /* Constant time used for cache attack resistance implementation. */ (void)ct; (void)heap; - err = sp_1024_point_new_16(heap, rtd, rt); - if (err == MP_OKAY) - err = sp_1024_point_new_16(heap, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 65, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * + (65+2), heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 16 * 6, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; -#else - t = td; - tmp = tmpd; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 16 * 6, + heap, DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif - if (err == MP_OKAY) { + rt = t + 65; + p = t + 65+1; + /* t[0] = {0, 0, 1} * norm */ XMEMSET(&t[0], 0, sizeof(t[0])); t[0].infinity = 1; @@ -51501,14 +51259,12 @@ static int sp_1024_ecc_mulmod_win_add_sub_16(sp_point_1024* r, const sp_point_10 } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); if (tmp != NULL) XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_16(p, 0, heap); - sp_1024_point_free_16(rt, 0, heap); return err; } @@ -52387,43 +52143,41 @@ static void sp_1024_proj_point_add_sub_avx2_16(sp_point_1024* ra, static int sp_1024_ecc_mulmod_win_add_sub_avx2_16(sp_point_1024* r, const sp_point_1024* g, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 td[65]; - sp_point_1024 rtd; - sp_point_1024 pd; - sp_digit tmpd[2 * 16 * 6]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* t = NULL; + sp_digit* tmp = NULL; +#else + sp_point_1024 t[65+2]; + sp_digit tmp[2 * 16 * 6]; #endif - sp_point_1024* t; - sp_point_1024* rt; + sp_point_1024* rt = NULL; sp_point_1024* p = NULL; - sp_digit* tmp; sp_digit* negy; int i; ecc_recode_1024 v[147]; - int err; + int err = MP_OKAY; /* Constant time used for cache attack resistance implementation. */ (void)ct; (void)heap; - err = sp_1024_point_new_16(heap, rtd, rt); - if (err == MP_OKAY) - err = sp_1024_point_new_16(heap, pd, p); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 65, heap, DYNAMIC_TYPE_ECC); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * + (65+2), heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; - tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 16 * 6, heap, - DYNAMIC_TYPE_ECC); - if (tmp == NULL) - err = MEMORY_E; -#else - t = td; - tmp = tmpd; + if (err == MP_OKAY) { + tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 16 * 6, + heap, DYNAMIC_TYPE_ECC); + if (tmp == NULL) + err = MEMORY_E; + } #endif - if (err == MP_OKAY) { + rt = t + 65; + p = t + 65+1; + /* t[0] = {0, 0, 1} * norm */ XMEMSET(&t[0], 0, sizeof(t[0])); t[0].infinity = 1; @@ -52507,14 +52261,12 @@ static int sp_1024_ecc_mulmod_win_add_sub_avx2_16(sp_point_1024* r, const sp_poi } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); if (tmp != NULL) XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_16(p, 0, heap); - sp_1024_point_free_16(rt, 0, heap); return err; } @@ -52647,29 +52399,30 @@ static void sp_1024_proj_to_affine_16(sp_point_1024* a, sp_digit* t) static int sp_1024_gen_stripe_table_16(const sp_point_1024* a, sp_table_entry_1024* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 td; - sp_point_1024 s1d; - sp_point_1024 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* t = NULL; +#else + sp_point_1024 t[3]; #endif - sp_point_1024* t; sp_point_1024* s1 = NULL; sp_point_1024* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_1024_point_new_16(heap, td, t); - if (err == MP_OKAY) { - err = sp_1024_point_new_16(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_1024_point_new_16(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_1024_mod_mul_norm_16(t->x, a->x, p1024_mod); } if (err == MP_OKAY) { @@ -52714,9 +52467,10 @@ static int sp_1024_gen_stripe_table_16(const sp_point_1024* a, } } - sp_1024_point_free_16(s2, 0, heap); - sp_1024_point_free_16(s1, 0, heap); - sp_1024_point_free_16( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -52742,19 +52496,19 @@ static int sp_1024_ecc_mulmod_stripe_16(sp_point_1024* r, const sp_point_1024* g const sp_table_entry_1024* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 rtd; - sp_point_1024 pd; - sp_digit td[2 * 16 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_1024 rt[2]; + sp_digit t[2 * 16 * 5]; #endif - sp_point_1024* rt; sp_point_1024* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -52762,21 +52516,22 @@ static int sp_1024_ecc_mulmod_stripe_16(sp_point_1024* r, const sp_point_1024* g (void)heap; - err = sp_1024_point_new_16(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_1024_point_new_16(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 16 * 5, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 16 * 5, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p1024_norm_mod, sizeof(p1024_norm_mod)); XMEMCPY(rt->z, p1024_norm_mod, sizeof(p1024_norm_mod)); @@ -52812,13 +52567,12 @@ static int sp_1024_ecc_mulmod_stripe_16(sp_point_1024* r, const sp_point_1024* g } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_16(p, 0, heap); - sp_1024_point_free_16(rt, 0, heap); return err; } @@ -53090,29 +52844,30 @@ static void sp_1024_proj_to_affine_avx2_16(sp_point_1024* a, sp_digit* t) static int sp_1024_gen_stripe_table_avx2_16(const sp_point_1024* a, sp_table_entry_1024* table, sp_digit* tmp, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 td; - sp_point_1024 s1d; - sp_point_1024 s2d; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* t = NULL; +#else + sp_point_1024 t[3]; #endif - sp_point_1024* t; sp_point_1024* s1 = NULL; sp_point_1024* s2 = NULL; int i; int j; - int err; + int err = MP_OKAY; (void)heap; - err = sp_1024_point_new_16(heap, td, t); - if (err == MP_OKAY) { - err = sp_1024_point_new_16(heap, s1d, s1); - } - if (err == MP_OKAY) { - err = sp_1024_point_new_16(heap, s2d, s2); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 3, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; +#endif if (err == MP_OKAY) { + s1 = t + 1; + s2 = t + 2; + err = sp_1024_mod_mul_norm_avx2_16(t->x, a->x, p1024_mod); } if (err == MP_OKAY) { @@ -53157,9 +52912,10 @@ static int sp_1024_gen_stripe_table_avx2_16(const sp_point_1024* a, } } - sp_1024_point_free_16(s2, 0, heap); - sp_1024_point_free_16(s1, 0, heap); - sp_1024_point_free_16( t, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -53185,19 +52941,19 @@ static int sp_1024_ecc_mulmod_stripe_avx2_16(sp_point_1024* r, const sp_point_10 const sp_table_entry_1024* table, const sp_digit* k, int map, int ct, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 rtd; - sp_point_1024 pd; - sp_digit td[2 * 16 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* rt = NULL; + sp_digit* t = NULL; +#else + sp_point_1024 rt[2]; + sp_digit t[2 * 16 * 5]; #endif - sp_point_1024* rt; sp_point_1024* p = NULL; - sp_digit* t; int i; int j; int y; int x; - int err; + int err = MP_OKAY; (void)g; /* Constant time used for cache attack resistance implementation. */ @@ -53205,21 +52961,22 @@ static int sp_1024_ecc_mulmod_stripe_avx2_16(sp_point_1024* r, const sp_point_10 (void)heap; - err = sp_1024_point_new_16(heap, rtd, rt); - if (err == MP_OKAY) { - err = sp_1024_point_new_16(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 16 * 5, heap, - DYNAMIC_TYPE_ECC); - if (t == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + rt = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap, + DYNAMIC_TYPE_ECC); + if (rt == NULL) err = MEMORY_E; + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 16 * 5, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; } -#else - t = td; #endif if (err == MP_OKAY) { + p = rt + 1; + XMEMCPY(p->z, p1024_norm_mod, sizeof(p1024_norm_mod)); XMEMCPY(rt->z, p1024_norm_mod, sizeof(p1024_norm_mod)); @@ -53255,13 +53012,12 @@ static int sp_1024_ecc_mulmod_stripe_avx2_16(sp_point_1024* r, const sp_point_10 } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + if (rt != NULL) + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_16(p, 0, heap); - sp_1024_point_free_16(rt, 0, heap); return err; } @@ -53332,28 +53088,31 @@ static int sp_1024_ecc_mulmod_avx2_16(sp_point_1024* r, const sp_point_1024* g, int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_digit kd[16]; -#endif - sp_point_1024* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; sp_digit* k = NULL; +#else + sp_point_1024 point[1]; + sp_digit k[16]; +#endif int err = MP_OKAY; #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif - err = sp_1024_point_new_16(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16, heap, - DYNAMIC_TYPE_ECC); + DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_1024_from_mp(k, 16, km); sp_1024_point_from_ecc_point_16(point, gm); @@ -53369,12 +53128,12 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, err = sp_1024_point_to_ecc_point_16(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_16(point, 0, heap); return err; } @@ -56761,29 +56520,31 @@ static int sp_1024_ecc_mulmod_base_avx2_16(sp_point_1024* r, const sp_digit* k, */ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_digit kd[16]; -#endif - sp_point_1024* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; sp_digit* k = NULL; +#else + sp_point_1024 point[1]; + sp_digit k[16]; +#endif int err = MP_OKAY; #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif - err = sp_1024_point_new_16(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16, heap, - DYNAMIC_TYPE_ECC); - if (k == NULL) { + DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_1024_from_mp(k, 16, km); @@ -56798,12 +56559,12 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) err = sp_1024_point_to_ecc_point_16(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_16(point, 0, heap); return err; } @@ -56822,40 +56583,38 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, int inMont, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_point_1024 a; - sp_digit kd[16]; - sp_digit t[16 * 2 * 5]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; + sp_digit* k = NULL; +#else + sp_point_1024 point[2]; + sp_digit k[16 + 16 * 2 * 5]; #endif - sp_point_1024* point; sp_point_1024* addP = NULL; sp_digit* tmp = NULL; - sp_digit* k = NULL; int err = MP_OKAY; #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif - err = sp_1024_point_new_16(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; if (err == MP_OKAY) { - err = sp_1024_point_new_16(heap, a, addP); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY) { - k = (sp_digit*)XMALLOC(sizeof(sp_digit) * (16 + 16 * 2 * 5), heap, DYNAMIC_TYPE_ECC); - if (k == NULL) { + k = (sp_digit*)XMALLOC( + sizeof(sp_digit) * (16 + 16 * 2 * 5), + heap, DYNAMIC_TYPE_ECC); + if (k == NULL) err = MEMORY_E; - } - else { - tmp = k + 16; - } } -#else - k = kd; - tmp = t; #endif + if (err == MP_OKAY) { + addP = point + 1; + tmp = k + 16; + sp_1024_from_mp(k, 16, km); sp_1024_point_from_ecc_point_16(addP, am); } @@ -56896,13 +56655,12 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, err = sp_1024_point_to_ecc_point_16(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_16(addP, 0, heap); - sp_1024_point_free_16(point, 0, heap); return err; } @@ -56920,12 +56678,14 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, void* heap) { - int err = 0; -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_point_1024* point = NULL; + sp_digit* t = NULL; +#else + sp_point_1024 point[1]; sp_digit t[5 * 2 * 16]; +#endif + int err = MP_OKAY; #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif @@ -56934,18 +56694,30 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, err = BAD_FUNC_ARG; } - if ((err == 0) && (table == NULL)) { + if ((err == MP_OKAY) && (table == NULL)) { *len = sizeof(sp_table_entry_1024) * 256; err = LENGTH_ONLY_E; } - if ((err == 0) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { + if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { err = BUFFER_E; } - if (err == 0) { - err = sp_1024_point_new_16(heap, p, point); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (err == MP_OKAY) { + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; } - if (err == 0) { + if (err == MP_OKAY) { + t = (sp_digit*)XMALLOC(sizeof(sp_digit) * 5 * 2 * 16, heap, + DYNAMIC_TYPE_ECC); + if (t == NULL) + err = MEMORY_E; + } +#endif + + if (err == MP_OKAY) { sp_1024_point_from_ecc_point_16(point, gm); #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) @@ -56960,7 +56732,12 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, *len = sizeof(sp_table_entry_1024) * 256; } - sp_1024_point_free_16(point, 0, heap); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t != NULL) + XFREE(t, heap, DYNAMIC_TYPE_ECC); + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -57013,27 +56790,31 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, ecc_point* r, int map, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 p; - sp_digit kd[16]; -#endif - sp_point_1024* point; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* point = NULL; sp_digit* k = NULL; +#else + sp_point_1024 point[1]; + sp_digit k[16]; +#endif int err = MP_OKAY; #if defined(HAVE_INTEL_AVX2) && !defined(WOLFSSL_SP_SMALL) word32 cpuid_flags = cpuid_get_flags(); #endif - err = sp_1024_point_new_16(heap, p, point); -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + point = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), heap, + DYNAMIC_TYPE_ECC); + if (point == NULL) + err = MEMORY_E; + } if (err == MP_OKAY) { k = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16, heap, DYNAMIC_TYPE_ECC); if (k == NULL) err = MEMORY_E; } -#else - k = kd; #endif + if (err == MP_OKAY) { sp_1024_from_mp(k, 16, km); sp_1024_point_from_ecc_point_16(point, gm); @@ -57056,12 +56837,12 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, err = sp_1024_point_to_ecc_point_16(point, r); } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (k != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (k != NULL) XFREE(k, heap, DYNAMIC_TYPE_ECC); - } + if (point != NULL) + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif - sp_1024_point_free_16(point, 0, heap); return err; } @@ -61907,33 +61688,24 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n) static int sp_1024_ecc_is_point_16(const sp_point_1024* point, void* heap) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - sp_digit* d = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_digit* t1 = NULL; #else - sp_digit t1d[2*16]; - sp_digit t2d[2*16]; + sp_digit t1[16 * 4]; #endif - sp_digit* t1; - sp_digit* t2; + sp_digit* t2 = NULL; int64_t n; int err = MP_OKAY; -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - d = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 4, heap, DYNAMIC_TYPE_ECC); - if (d == NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + t1 = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16 * 4, heap, DYNAMIC_TYPE_ECC); + if (t1 == NULL) err = MEMORY_E; - } #endif (void)heap; if (err == MP_OKAY) { -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - t1 = d + 0 * 16; - t2 = d + 2 * 16; -#else - t1 = t1d; - t2 = t2d; -#endif + t2 = t1 + 2 * 16; sp_1024_sqr_16(t1, point->y); (void)sp_1024_mod_16(t1, t1, p1024_mod); @@ -61957,10 +61729,9 @@ static int sp_1024_ecc_is_point_16(const sp_point_1024* point, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (d != NULL) { - XFREE(d, heap, DYNAMIC_TYPE_ECC); - } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (t1 != NULL) + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -61975,14 +61746,21 @@ static int sp_1024_ecc_is_point_16(const sp_point_1024* point, */ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_point_1024 pubd; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + sp_point_1024* pub = NULL; +#else + sp_point_1024 pub[1]; +#endif + const byte one[1] = { 1 }; + int err = MP_OKAY; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024), NULL, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; #endif - sp_point_1024* pub; - byte one[1] = { 1 }; - int err; - err = sp_1024_point_new_16(NULL, pubd, pub); if (err == MP_OKAY) { sp_1024_from_mp(pub->x, 16, pX); sp_1024_from_mp(pub->y, 16, pY); @@ -61991,7 +61769,10 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) err = sp_1024_ecc_is_point_16(pub, NULL); } - sp_1024_point_free_16(pub, 0, NULL); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); +#endif return err; } @@ -62010,48 +61791,48 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, const mp_int* privm, void* heap) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - sp_digit privd[16]; - sp_point_1024 pubd; - sp_point_1024 pd; -#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* priv = NULL; - sp_point_1024* pub; + sp_point_1024* pub = NULL; +#else + sp_digit priv[16]; + sp_point_1024 pub[2]; +#endif sp_point_1024* p = NULL; - byte one[1] = { 1 }; - int err; + const byte one[1] = { 1 }; + int err = MP_OKAY; #ifdef HAVE_INTEL_AVX2 word32 cpuid_flags = cpuid_get_flags(); #endif - err = sp_1024_point_new_16(heap, pubd, pub); - if (err == MP_OKAY) { - err = sp_1024_point_new_16(heap, pd, p); - } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (err == MP_OKAY && privm) { - priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16, heap, - DYNAMIC_TYPE_ECC); - if (priv == NULL) { - err = MEMORY_E; - } - } -#endif /* Quick check the lengs of public key ordinates and private key are in * range. Proper check later. */ - if ((err == MP_OKAY) && ((mp_count_bits(pX) > 1024) || + if (((mp_count_bits(pX) > 1024) || (mp_count_bits(pY) > 1024) || ((privm != NULL) && (mp_count_bits(privm) > 1024)))) { err = ECC_OUT_OF_RANGE_E; } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) if (err == MP_OKAY) { -#if (!defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)) || defined(WOLFSSL_SP_NO_MALLOC) - priv = privd; + pub = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 2, heap, + DYNAMIC_TYPE_ECC); + if (pub == NULL) + err = MEMORY_E; + } + if (err == MP_OKAY && privm) { + priv = (sp_digit*)XMALLOC(sizeof(sp_digit) * 16, heap, + DYNAMIC_TYPE_ECC); + if (priv == NULL) + err = MEMORY_E; + } #endif + if (err == MP_OKAY) { + p = pub + 1; + sp_1024_from_mp(pub->x, 16, pX); sp_1024_from_mp(pub->y, 16, pY); sp_1024_from_bin(pub->z, 16, one, (int)sizeof(one)); @@ -62110,13 +61891,12 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, } } -#if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) - if (priv != NULL) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) + if (pub != NULL) + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + if (priv != NULL) XFREE(priv, heap, DYNAMIC_TYPE_ECC); - } #endif - sp_1024_point_free_16(p, 0, heap); - sp_1024_point_free_16(pub, 0, heap); return err; } From f6840ca90721fc7ce3c17adf562222c52992a963 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 19 Mar 2021 09:56:56 +1000 Subject: [PATCH 081/137] SP dyanmic stack: WOLFSSL_SP_NO_DYN_STACK disable use For small code and not small stack, arrays are being defined with a size dependent on the input parameters, where compiler supports it. Disable this with: WOLFSSL_SP_NO_DYN_STACK --- wolfcrypt/src/sp_int.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index eecdd8c88..d22dd82bc 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -80,6 +80,8 @@ This library provides single precision (SP) integer math functions. * WOLFSSL_SP_INT_NEGATIVE Enables negative values to be used. * WOLFSSL_SP_INT_DIGIT_ALIGN Enable when unaligned access of sp_int_digit * pointer is not allowed. + * WOLFSSL_SP_NO_DYN_STACK Disable use of dynamic stack items. + * Used with small code size and not small stack. */ #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) @@ -94,7 +96,7 @@ This library provides single precision (SP) integer math functions. sp_int* n = NULL #else #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ - defined(WOLFSSL_SP_SMALL) + defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK) /* Declare a variable on the stack with the required data size. */ #define DECL_SP_INT(n, s) \ byte n##d[MP_INT_SIZEOF(s)]; \ @@ -164,7 +166,7 @@ This library provides single precision (SP) integer math functions. sp_int* n[c] = { NULL, } #else #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ - defined(WOLFSSL_SP_SMALL) + defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK) /* Declare a variable on the stack with the required data size. */ #define DECL_SP_INT_ARRAY(n, s, c) \ byte n##d[MP_INT_SIZEOF(s) * (c)]; \ @@ -205,7 +207,7 @@ This library provides single precision (SP) integer math functions. while (0) #else #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ - defined(WOLFSSL_SP_SMALL) + defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK) /* Data declared on stack that supports multiple sp_ints of the * required size. Use pointers into data to make up array and set sizes. */ @@ -4768,7 +4770,8 @@ int sp_mod(sp_int* a, sp_int* m, sp_int* r) int k; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_int_digit* t = NULL; - #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && defined(WOLFSSL_SP_SMALL) + #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ + defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK) sp_int_digit t[a->used * 2]; #else sp_int_digit t[SP_INT_DIGITS]; @@ -4844,7 +4847,8 @@ int sp_mod(sp_int* a, sp_int* m, sp_int* r) int k; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_int_digit* t = NULL; - #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && defined(WOLFSSL_SP_SMALL) + #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ + defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK) sp_int_digit t[a->used + b->used]; #else sp_int_digit t[SP_INT_DIGITS]; @@ -4921,7 +4925,8 @@ int sp_mod(sp_int* a, sp_int* m, sp_int* r) int k; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_int_digit* t = NULL; - #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && defined(WOLFSSL_SP_SMALL) + #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ + defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK) sp_int_digit t[a->used + b->used]; #else sp_int_digit t[SP_INT_DIGITS]; @@ -9300,7 +9305,7 @@ int sp_mul_2d(sp_int* a, int e, sp_int* r) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_int_digit* t = NULL; #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ - defined(WOLFSSL_SP_SMALL) + defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK) sp_int_digit t[a->used * 2]; #else sp_int_digit t[SP_INT_DIGITS]; @@ -9409,7 +9414,7 @@ int sp_mul_2d(sp_int* a, int e, sp_int* r) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_int_digit* t = NULL; #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ - defined(WOLFSSL_SP_SMALL) + defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK) sp_int_digit t[a->used * 2]; #else sp_int_digit t[SP_INT_DIGITS]; From 7cacfc53e6c54042da3c749ce807d83947f57b42 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 19 Mar 2021 10:49:34 +1000 Subject: [PATCH 082/137] ECCSI/SAKKE: fix for g++ Cast XMALLOC return. --- wolfcrypt/test/test.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 40cc061f3..ef9f3da08 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -27609,16 +27609,18 @@ int eccsi_test(void) mp_int* ssk; ecc_point* pvt; - priv = XMALLOC(sizeof(EccsiKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + priv = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); if (priv == NULL) { return -10205; } - pub = XMALLOC(sizeof(EccsiKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + pub = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); if (pub == NULL) { XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -10206; } - ssk = XMALLOC(sizeof(mp_int), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ssk = (mp_int*)XMALLOC(sizeof(mp_int), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (ssk == NULL) { XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -28733,16 +28735,19 @@ int sakke_test(void) SakkeKey* key; ecc_point* rsk = NULL; - priv = XMALLOC(sizeof(SakkeKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + priv = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); if (priv == NULL) { return -10404; } - pub = XMALLOC(sizeof(SakkeKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + pub = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); if (pub == NULL) { XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -10405; } - key = XMALLOC(sizeof(SakkeKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + key = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); if (key == NULL) { XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); From e7472384c2d4580be672d6b2efb7bee23ea90ead Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 19 Mar 2021 12:11:30 +1000 Subject: [PATCH 083/137] TLS 1.3 PSK no DHE: When not doing PSK don't allow noPskDheKe to be set --- src/tls13.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/tls13.c b/src/tls13.c index 9230ccbbe..2fd6e18ba 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -4212,6 +4212,9 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } if (!usingPSK) { + /* Not using PSK so don't require no KE. */ + ssl->options.noPskDheKe = 0; + #ifndef NO_CERTS if (TLSX_Find(ssl->extensions, TLSX_KEY_SHARE) == NULL) { WOLFSSL_MSG("Client did not send a KeyShare extension"); From ce485d99b3e9a581854a43296bbfce063240dfaf Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Thu, 11 Feb 2021 11:37:50 +0900 Subject: [PATCH 084/137] implemented L_FILE_LOAD case --- src/ssl.c | 88 ++++++++++++++++++++++++++++++++++++++++++++++++--- wolfssl/ssl.h | 2 ++ 2 files changed, 85 insertions(+), 5 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 5bcbe43ee..64dc9b623 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -24818,16 +24818,33 @@ int wolfSSL_X509_LOOKUP_ctrl(WOLFSSL_X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret) { /* control commands: - * X509_L_FILE_LOAD, X509_L_ADD_DIR, X509_L_ADD_STORE, X509_L_LOAD_STORE + * X509_L_FILE_LOAD, X509_L_ADD_DIR + * X509_L_ADD_STORE, X509_L_LOAD_STORE */ + int lret = WOLFSSL_FAILURE; - /* returns -1 if the X509_LOOKUP doesn't have an associated X509_LOOKUP_METHOD */ - - + /* returns FAILURE + *if the X509_LOOKUP doesn't have an associated X509_LOOKUP_METHOD */ if (ctx != NULL) { switch (cmd) { case WOLFSSL_X509_L_FILE_LOAD: + if (argl == WOLFSSL_FILETYPE_PEM) { +#ifdef HAVE_CRL + lret = wolfSSL_X509_load_cert_crl_file(ctx, argc, + X509_FILETYPE_PEM); +#else + lret = 0; +#endif + } else { + lret = wolfSSL_X509_LOOKUP_load_file(ctx, argc, (int)argl); + } + /* expects to return a number of processed cert or crl file */ + if (lret != 0) + lret = WOLFSSL_SUCCESS; + else + lret = WOLFSSL_FAILURE; + break; case WOLFSSL_X509_L_ADD_DIR: case WOLFSSL_X509_L_ADD_STORE: case WOLFSSL_X509_L_LOAD_STORE: @@ -24841,7 +24858,7 @@ int wolfSSL_X509_LOOKUP_ctrl(WOLFSSL_X509_LOOKUP *ctx, int cmd, (void)argc; (void)argl; (void)ret; - return WOLFSSL_FAILURE; + return lret; } @@ -26253,6 +26270,67 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, WOLFSSL_LEAVE("wolfSSL_X509_load_crl_file", ret); return ret; } + +WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx, + const char *file, int type) +{ + STACK_OF(WOLFSSL_X509_INFO) *info; + WOLFSSL_X509_INFO *info_tmp; + WOLFSSL_BIO *bio; + + int i; + int cnt = 0; + int num = 0; + + WOLFSSL_ENTER("wolfSSL_X509_load_ceretificate_crl_file"); + + if (type != WOLFSSL_FILETYPE_PEM) { + cnt = wolfSSL_X509_LOOKUP_load_file(ctx, file, type); + } else { +#ifdef OPENSSL_ALL + bio = wolfSSL_BIO_new_file(file, "rb"); + if(!bio) { + WOLFSSL_MSG("wolfSSL_BIO_new error"); + return cnt; + } + + info = wolfSSL_PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL); + + wolfSSL_BIO_free(bio); + + if (!info) { + WOLFSSL_MSG("wolfSSL_PEM_X509_INFO_read_bio error"); + return cnt; + } + + for (i=0; i < num; i++) { + info_tmp = wolfSSL_sk_X509_INFO_value(info, i); + + if (info_tmp->x509) { + wolfSSL_X509_STORE_add_cert(ctx->store, info_tmp->x509); + cnt ++; + } + + if (info_tmp->crl) { + wolfSSL_X509_STORE_add_cert(ctx->store, info_tmp->x509); + cnt ++; + } + } + wolfSSL_sk_X509_INFO_pop_free(info, X509_INFO_free); +#else + (void)i; + (void)cnt; + (void)num; + (void)info_tmp; + (void)info; + (void)bio; +#endif + } + + WOLFSSL_LEAVE("wolfSSL_X509_load_ceretificate_crl_file", count); + return cnt; +} + #endif /* !NO_FILESYSTEM */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index a6697e8bc..1e593213e 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1590,6 +1590,8 @@ WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1(WOLFSSL_X509_VERIFY_PARAM* to, const WOLFSSL_X509_VERIFY_PARAM* from); WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, const char *file, int type); +WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx, + const char *file, int type); #endif WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL*); WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value( From b4a573ca98b446ec8c5b05f57c467e641e4acb11 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Mon, 15 Feb 2021 15:47:03 +0900 Subject: [PATCH 085/137] Initial implemented X509_LOOKUP_ctrl L_ADD_DIR --- examples/client/client.c | 73 ++- examples/server/server.c | 74 ++- scripts/crl-revoked.test | 89 +++- src/crl.c | 14 + src/internal.c | 229 +++++++++- src/ssl.c | 869 ++++++++++++++++++++++++++++++++---- tests/api.c | 417 ++++++++++++++++- wolfcrypt/src/asn.c | 80 ++++ wolfcrypt/src/wc_port.c | 71 +-- wolfssl/internal.h | 13 + wolfssl/ssl.h | 55 +++ wolfssl/test.h | 2 + wolfssl/wolfcrypt/asn.h | 2 + wolfssl/wolfcrypt/types.h | 2 + wolfssl/wolfcrypt/wc_port.h | 18 +- 15 files changed, 1879 insertions(+), 129 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index e47cf054f..11f2c92b6 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -949,7 +949,7 @@ static int ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead, /* 4. add the same message into Japanese section */ /* (will be translated later) */ /* 5. add printf() into suitable position of Usage() */ -static const char* client_usage_msg[][66] = { +static const char* client_usage_msg[][67] = { /* English */ { " NOTE: All files relative to wolfSSL home dir\n", /* 0 */ @@ -1120,8 +1120,15 @@ static const char* client_usage_msg[][66] = { #ifdef HAVE_CURVE448 "-8 Use X448 for key exchange\n", /* 66 */ #endif -#ifdef HAVE_CRL - "-C Disable CRL\n", +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + "-9 Use hash dir look up for certificate loading\n" + " loading from /certs folder\n" + " files in the folder would have the form \"hash.N\" file name\n" + " e.g symbolic link to the file at certs folder\n" + " ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n", + /* 67 */ #endif NULL, }, @@ -1294,8 +1301,19 @@ static const char* client_usage_msg[][66] = { #ifdef HAVE_TRUSTED_CA "-5 信頼できる認証局の鍵表示を使用する\n", /* 63 */ #endif + "-6 WANT_WRITE エラーを全てのIO 送信でシュミレートします\n", #ifdef HAVE_CURVE448 "-8 Use X448 for key exchange\n", /* 66 */ +#endif +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + "-9 証明書の読み込みに hash dir 機能を使用する\n" + " /certs フォルダーからロードします\n" + " フォルダー中のファイルは、\"hash.N\"[N:0-9]名である必要があります\n" + " 以下の例ではca-cert.pemにシンボリックリンクを設定します\n" + " ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n", + /* 67 */ #endif NULL, }, @@ -1465,9 +1483,15 @@ static void Usage(void) #ifdef HAVE_TRUSTED_CA printf("%s", msg[++msgid]); /* -5 */ #endif + printf("%s", msg[++msgid]); /* -6 */ #ifdef HAVE_CURVE448 printf("%s", msg[++msgid]); /* -8 */ #endif +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + printf("%s", msg[++msgid]); /* -9 */ +#endif } THREAD_RETURN WOLFSSL_THREAD client_test(void* args) @@ -1601,6 +1625,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifdef HAVE_WNR const char* wnrConfigFile = wnrConfig; +#endif +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + int useCertFolder = 0; #endif char buffer[WOLFSSL_MAX_ERROR_SZ]; @@ -1686,7 +1715,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) while ((ch = mygetopt(argc, argv, "?:" "ab:c:defgh:i;jk:l:mnop:q:rstuv:wxyz" "A:B:CDE:F:GH:IJKL:M:NO:PQRS:TUVW:XYZ:" - "01:23:4568" + "01:23:45689" "@#")) != -1) { switch (ch) { case '?' : @@ -2162,7 +2191,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #endif #endif break; - + case '9' : +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + useCertFolder = 1; + break; +#endif case '@' : { #ifdef HAVE_WC_INTROSPECTION @@ -2622,6 +2657,29 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } if (!usePsk && !useAnon && !useVerifyCb && myVerifyAction != VERIFY_FORCE_FAIL) { + #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + if (useCertFolder) { + WOLFSSL_X509_STORE *store; + WOLFSSL_X509_LOOKUP *lookup; + + store = wolfSSL_CTX_get_cert_store(ctx); + if (store == NULL) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't get WOLFSSL_X509_STORE"); + } + lookup = wolfSSL_X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); + if (lookup == NULL) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't add lookup"); + } + if (wolfSSL_X509_LOOKUP_ctrl(lookup, WOLFSSL_X509_L_ADD_DIR, caCertFolder, + X509_FILETYPE_PEM, NULL) != WOLFSSL_SUCCESS) { + err_sys("X509_LOOKUP_ctrl w/ L_ADD_DIR failed"); + } + } else { + #endif #ifdef NO_FILESYSTEM if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048, sizeof_ca_cert_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { @@ -2669,6 +2727,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } } #endif /* WOLFSSL_TRUST_PEER_CERT && !NO_FILESYSTEM */ + #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + } + #endif } if (useVerifyCb || myVerifyAction == VERIFY_FORCE_FAIL || myVerifyAction == VERIFY_USE_PREVERFIY) { diff --git a/examples/server/server.c b/examples/server/server.c index d69b276c7..092f86345 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -582,7 +582,7 @@ static void ServerWrite(WOLFSSL* ssl, const char* output, int outputLen) /* 4. add the same message into Japanese section */ /* (will be translated later) */ /* 5. add printf() into suitable position of Usage() */ -static const char* server_usage_msg[][56] = { +static const char* server_usage_msg[][57] = { /* English */ { " NOTE: All files relative to wolfSSL home dir\n", /* 0 */ @@ -705,6 +705,16 @@ static const char* server_usage_msg[][56] = { /* 55 */ #ifdef HAVE_CURVE448 "-8 Pre-generate Key share using Curve448 only\n", /* 56 */ +#endif +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + "-9 Use hash dir look up for certificate loading\n" + " loading from /certs folder\n" + " files in the folder would have the form \"hash.N\" file name\n" + " e.g symbolic link to the file at certs folder\n" + " ln -s client-ca.pem `openssl x509 -in client-ca.pem -hash -noout`.0\n", + /* 57 */ #endif NULL, }, @@ -838,6 +848,16 @@ static const char* server_usage_msg[][56] = { /* 55 */ #ifdef HAVE_CURVE448 "-8 Pre-generate Key share using Curve448 only\n", /* 56 */ +#endif +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + "-9 証明書の読み込みに hash dir 機能を使用する\n" + " /certs フォルダーからロードします\n" + " フォルダー中のファイルは、\"hash.N\"[N:0-9]名である必要があります\n" + " 以下の例ではca-cert.pemにシンボリックリンクを設定します\n" + " ln -s client-ca.pem `openssl x509 -in client-ca.pem -hash -noout`.0\n", + /* 57 */ #endif NULL, }, @@ -966,9 +986,15 @@ static void Usage(void) #ifdef HAVE_TRUSTED_CA printf("%s", msg[++msgId]); /* -5 */ #endif /* HAVE_TRUSTED_CA */ + printf("%s", msg[++msgId]); /* -6 */ #ifdef HAVE_CURVE448 printf("%s", msg[++msgId]); /* -8 */ #endif +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + printf("%s", msg[++msgId]); /* -9 */ +#endif } THREAD_RETURN WOLFSSL_THREAD server_test(void* args) @@ -1126,6 +1152,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #ifdef HAVE_ENCRYPT_THEN_MAC int disallowETM = 0; #endif +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + int useCertFolder = 0; +#endif ((func_args*)args)->return_code = -1; /* error state */ @@ -1191,8 +1222,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) while ((ch = mygetopt(argc, argv, "?:" "abc:defgijk:l:mnop:q:rstuv:wxy" "A:B:C:D:E:FGH:IJKL:MNO:PQR:S:T;UVYZ:" - "01:23:4:568" - "@#")) != -1) { + "01:23:4:5689" + "@#")) != -1) { switch (ch) { case '?' : if(myoptarg!=NULL) { @@ -1620,7 +1651,13 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #endif #endif break; - + case '9' : +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + useCertFolder = 1; + break; +#endif case '@' : { #ifdef HAVE_WC_INTROSPECTION @@ -2011,7 +2048,29 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #ifdef TEST_BEFORE_DATE verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY; #endif - + #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + if (useCertFolder) { + WOLFSSL_X509_STORE *store; + WOLFSSL_X509_LOOKUP *lookup; + + store = wolfSSL_CTX_get_cert_store(ctx); + if (store == NULL) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't get WOLFSSL_X509_STORE"); + } + lookup = wolfSSL_X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); + if (lookup == NULL) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't add lookup"); + } + if (wolfSSL_X509_LOOKUP_ctrl(lookup, WOLFSSL_X509_L_ADD_DIR, caCertFolder, + X509_FILETYPE_PEM, NULL) != WOLFSSL_SUCCESS) { + err_sys("X509_LOOKUP_ctrl w/ L_ADD_DIR failed"); + } + } else { + #endif if (wolfSSL_CTX_load_verify_locations_ex(ctx, verifyCert, 0, verify_flags) != WOLFSSL_SUCCESS) { err_sys_ex(catastrophic, @@ -2026,6 +2085,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) } } #endif /* WOLFSSL_TRUST_PEER_CERT */ + #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + } + #endif } #endif diff --git a/scripts/crl-revoked.test b/scripts/crl-revoked.test index 9d7f7eba0..46d511a1c 100755 --- a/scripts/crl-revoked.test +++ b/scripts/crl-revoked.test @@ -107,9 +107,13 @@ run_test() { echo "" echo "Successful Revocation!!!!" echo "" - exit_code=0 - echo "exiting with $exit_code" - exit $exit_code + if [ $exit_hash_dir_code -ne 0 ]; then + exit_code=1 + else + exit_code=0 + echo "exiting with $exit_code" + exit $exit_code + fi ;; *) echo "" @@ -120,9 +124,88 @@ run_test() { esac } +run_hashdir_test() { + echo -e "\n\nHash dir with CRL and Certificate loading" + remove_ready_file + # create hashed cert and crl + pushd ${CERT_DIR} + # ca file + ca_hash_name=`openssl x509 -in ca-cert.pem -hash -noout` + if [ -f "$ca_hash_name".0 ]; then + rm "$ca_hash_name".0 + fi + ln -s ca-cert.pem "$ca_hash_name".0 + # crl file + crl_hash_name=`openssl crl -in ./crl/crl.pem -hash -noout` + if [ -f "$crl_hash_name".r0 ]; then + rm "$crl_hash_name".r0 + fi + ln -s ./crl/crl.pem "$crl_hash_name".r0 + popd + + # starts the server on crl_port, -R generates ready file to be used as a + # mutex lock, -c loads the revoked certificate. We capture the processid + # into the variable server_pid + ./examples/server/server -R $ready_file -p $crl_port \ + -c ${CERT_DIR}/server-revoked-cert.pem \ + -k ${CERT_DIR}/server-revoked-key.pem & + server_pid=$! + while [ ! -s $ready_file -a "$counter" -lt 20 ]; do + echo -e "waiting for ready file..." + sleep 0.1 + counter=$((counter+ 1)) + done + + # get created port 0 ephemeral port + crl_port="$(cat $ready_file)" + + # starts client on crl_port and captures the output from client + capture_out=$(./examples/client/client -p $crl_port -9 2>&1) + client_result=$? + + wait $server_pid + server_result=$? + + case "$capture_out" in + *$revocation_code*) + # only exit with zero on detection of the expected error code + echo "" + echo "Successful Revocation!!!! with hash dir" + echo "" + exit_hash_dir_code=0 + ;; + *) + echo "" + echo "Certificate was not revoked saw this instead: $capture_out" + echo "" + echo "configure with --enable-crl and run this script again" + echo "" + exit_hash_dir_code=1 + esac + + # clean up hashed cert and crl + pushd ${CERT_DIR} + rm "$ca_hash_name".0 + rm "$crl_hash_name".r0 + popd + +} ######### begin program ######### +# Check for enabling hash dir feature +./examples/client/client -? 2>&1 | grep -- 'hash dir' +if [ $? -eq 0 ]; then + hash_dir=yes + exit_hash_dir_code=1 +fi + +if [ "$hash_dir" = "yes" ]; then + run_hashdir_test +else + exit_hash_dir_code=0 +fi + # run the test run_test diff --git a/src/crl.c b/src/crl.c index 34f6281a8..5d6c7da61 100644 --- a/src/crl.c +++ b/src/crl.c @@ -364,6 +364,20 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert) } #endif +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + if (foundEntry == 0) { + if (crl->cm->x509_store_p != NULL) { + ret = LoadCrlCertByIssuer(crl->cm->x509_store_p, + (WOLFSSL_X509_NAME*)cert->issuerName, X509_LU_CRL); + if (ret == WOLFSSL_SUCCESS) { + /* try again */ + ret = CheckCertCRLList(crl, cert, &foundEntry); + } + } + } +#endif if (foundEntry == 0) { WOLFSSL_MSG("Couldn't find CRL for status check"); ret = CRL_MISSING; diff --git a/src/internal.c b/src/internal.c index b020213b9..d8c45cbf7 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1809,7 +1809,9 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) #ifdef OPENSSL_EXTRA /* setup WOLFSSL_X509_STORE */ ctx->x509_store.cm = ctx->cm; - + /* set pointer back to x509 store */ + ctx->cm->x509_store_p = &ctx->x509_store; + /* WOLFSSL_X509_VERIFY_PARAM */ if ((ctx->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC( sizeof(WOLFSSL_X509_VERIFY_PARAM), @@ -1818,6 +1820,13 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) return MEMORY_E; } XMEMSET(ctx->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); + /* WOLFSS_X509_LOOKUP */ + if ((ctx->x509_store.lookup.dirs = (WOLFSSL_BY_DIR*)XMALLOC(sizeof(WOLFSSL_BY_DIR), + ctx->heap, DYNAMIC_TYPE_OPENSSL)) == NULL) { + WOLFSSL_MSG("ctx-x509_store.lookup.dir memory allocation error"); + return MEMORY_E; + } + XMEMSET(ctx->x509_store.lookup.dirs, 0, sizeof(WOLFSSL_BY_DIR)); #endif #endif @@ -1969,6 +1978,15 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) if (ctx->param) { XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL); } + + if (ctx->x509_store.lookup.dirs) { +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + if (!ctx->x509_store.lookup.dirs->dir_entry) { + wolfSSL_sk_BY_DIR_entry_free(ctx->x509_store.lookup.dirs->dir_entry); + } +#endif + XFREE(ctx->x509_store.lookup.dirs, ctx->heap, DYNAMIC_TYPE_OPENSSL); + } #endif #ifdef WOLFSSL_STATIC_EPHEMERAL #ifndef NO_DH @@ -10555,6 +10573,176 @@ static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs) args->dCert = NULL; } } +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) +/* load certificate file which has .(r)N[0..N] in the folder */ +/* (r), in the case of CRL file */ +int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) +{ + const int MAX_SUFFIX = 10; + int ret = WOLFSSL_SUCCESS; + WOLFSSL_X509_LOOKUP* lookup = &store->lookup; + WOLFSSL_BY_DIR_entry* entry; + WOLFSSL_BY_DIR_HASH hash_tmp; + WOLFSSL_BY_DIR_HASH* ph = NULL; + WOLFSSL_X509* x509; + unsigned long hash = 0; + char* filename = NULL; + const char* post = ""; + byte* pbuf = NULL; + int len, num, i, index; + byte suffix = 0; + int retHash = NOT_COMPILED_IN; + byte dgt[WC_MAX_DIGEST_SIZE]; + + WOLFSSL_ENTER("LoadCrlCertByIssuer"); + + /* sanity check */ + if (store == NULL || lookup->dirs == NULL || lookup->type != 1 + || (type != X509_LU_X509 && type != X509_LU_CRL)) { + return WOLFSSL_FAILURE; + } + + len = wolfSSL_i2d_X509_NAME_canon(issuer, &pbuf); + if (len > 0) { + #ifndef NO_SHA + retHash = wc_ShaHash((const byte*)pbuf, len, dgt); + #endif + if (retHash == 0) { + /* 4 bytes in small endian as unsigned long */ + hash = (((unsigned long)dgt[3] << 24) | + ((unsigned long)dgt[2] << 16) | + ((unsigned long)dgt[1] << 8) | + ((unsigned long)dgt[0])); + } else { + WOLFSSL_MSG("failed hash operation"); + return WOLFSSL_FAILURE; + } + } + + /* try to load each hashed name file in path */ +#if !defined(NO_FILESYSTE) && !defined(NO_WOLFSSL_DIR) + + if (type == X509_LU_CRL) { + post = "r"; + } + + num = wolfSSL_sk_BY_DIR_entry_num(lookup->dirs->dir_entry); + + for (i=0; idirs->dir_entry, i); + + len = XSTRLEN(entry->dir_name) + 13; + + if (filename != NULL) { + XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL); + } + + filename = (char*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL); + if (filename == NULL) { + WOLFSSL_MSG("memory allcation error"); + return MEMORY_E; + } + + if (type == X509_LU_CRL && entry->hashes != NULL) { + /* lock the list */ + if (wc_LockMutex(&lookup->dirs->lock) != 0) { + WOLFSSL_MSG("wc_LockMutex cdir Lock error"); + return BAD_MUTEX_E; + } + + hash_tmp.hash_value = hash; + index = wolfSSL_sk_BY_DIR_HASH_find(entry->hashes, &hash_tmp); + if (index >= 0) { + WOLFSSL_MSG("find hashed CRL in list"); + ph = wolfSSL_sk_BY_DIR_HASH_value(entry->hashes, index); + suffix = ph->last_suffix; + } else { + ph = NULL; + suffix = 0; + } + + wc_UnLockMutex(&lookup->dirs->lock); + } + + for (; suffix < MAX_SUFFIX;suffix++) { + /* /folder-path/.(r)N[0..9] */ + XSNPRINTF(filename, len, "%s/%08lx.%s%d", entry->dir_name, + hash, post, suffix); + if(wc_FileExists(filename) == 0/*0 file exists */) { + + if (type == X509_LU_X509) { + x509 = wolfSSL_X509_load_certificate_file(filename, + WOLFSSL_FILETYPE_PEM); + if (x509 != NULL) { + ret = wolfSSL_X509_STORE_add_cert(store, x509); + } else { + WOLFSSL_MSG("failed to load certificate\n"); + ret = WOLFSSL_FAILURE; + break; + } + } +#ifdef HAVE_CRL + else if (type == X509_LU_CRL) { + ret = wolfSSL_X509_load_crl_file(&store->lookup, filename, + WOLFSSL_FILETYPE_PEM); + printf("return load crl file %d\n", ret); + if (ret != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("failed to load CRL\n"); + break; + } + } +#else + else if (type == X509_LU_CRL) { + WOLFSSL_MSG("CRL is not supported"); + ret = WOLFSSL_FAILURE; + break; + } +#endif + } else + break; + } + + if (type == X509_LU_CRL) { + if (wc_LockMutex(&lookup->dirs->lock) != 0) { + WOLFSSL_MSG("wc_LockMutex cdir Lock error"); + return BAD_MUTEX_E; + } + if (ph == NULL) { + ph = wolfSSL_BY_DIR_HASH_new(); + if (ph == NULL) { + WOLFSSL_MSG("failed to allocate hash stack"); + ret = WOLFSSL_FAILURE; + } else { + ph->hash_value = hash; + ph->last_suffix = suffix; + + ret = wolfSSL_sk_BY_DIR_HASH_push(entry->hashes, ph); + } + } + wc_UnLockMutex(&lookup->dirs->lock); + } + + XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL); + } +#else + (void) type; + (void) ret; + (void) x509; + (void) filename; + (void) suffix; + (void) num; + (void) i; + ret = WOLFSSL_NOT_IMPLEMENTED; +#endif + WOLFSSL_LEAVE("LoadCrlCertByIssuer", ret); + + return ret; +} +#endif + static int ProcessPeerCertParse(WOLFSSL* ssl, ProcPeerCertArgs* args, int certType, int verify, byte** pSubjectHash, int* pAlreadySigner) @@ -10651,6 +10839,45 @@ static int ProcessPeerCertParse(WOLFSSL* ssl, ProcPeerCertArgs* args, /* Parse Certificate */ ret = ParseCertRelative(args->dCert, certType, verify, ssl->ctx->cm); +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + if (ret == ASN_NO_SIGNER_E) { + WOLFSSL_MSG("try to load certificate if hash dir is set"); + if (ssl->ctx->x509_store_pt != NULL) { + ret = LoadCrlCertByIssuer(ssl->ctx->x509_store_pt, + (WOLFSSL_X509_NAME*)args->dCert->issuerName, + X509_LU_X509); + } else { + ret = LoadCrlCertByIssuer(&ssl->ctx->x509_store, + (WOLFSSL_X509_NAME*)args->dCert->issuerName, + X509_LU_X509); + } + + if (ret == WOLFSSL_SUCCESS) { + /* re try Parse Certificate */ + InitDecodedCert(args->dCert, cert->buffer, cert->length, ssl->heap); + args->dCertInit = 1; + args->dCert->sigCtx.devId = ssl->devId; + #ifdef WOLFSSL_ASYNC_CRYPT + args->dCert->sigCtx.asyncCtx = ssl; + #endif + #ifdef HAVE_PK_CALLBACKS + /* setup the PK callback context */ + ret = InitSigPkCb(ssl, &args->dCert->sigCtx); + if (ret != 0) + return ret; + #endif + ret = ParseCertRelative(args->dCert, certType, verify, + ssl->ctx->cm); + } else { + WOLFSSL_MSG("failed to load certificate from hash folder"); + /* restore return code */ + ret = ASN_NO_SIGNER_E; + } + } +#endif + /* perform below checks for date failure cases */ if (ret == 0 || ret == ASN_BEFORE_DATE_E || ret == ASN_AFTER_DATE_E) { /* get subject and determine if already loaded */ diff --git a/src/ssl.c b/src/ssl.c index 64dc9b623..11f47938e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -15821,6 +15821,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ctx->x509_store.cache = str->cache; ctx->x509_store_pt = str; /* take ownership of store and free it with CTX free */ + ctx->cm->x509_store_p = ctx->x509_store_pt; } @@ -23132,6 +23133,21 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) #if !defined(NO_CERTS) && (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) + int wolfSSL_ASN1_STRING_copy(WOLFSSL_ASN1_STRING* dest, + const WOLFSSL_ASN1_STRING* src) + { + if (src == NULL || dest == NULL) { + return WOLFSSL_FAILURE; + } + dest->type = src->type; + if(wolfSSL_ASN1_STRING_set(dest, src->data, src->length) + != WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; + } + dest->flags = src->flags; + + return WOLFSSL_SUCCESS; + } /* Creates a new WOLFSSL_ASN1_STRING structure given the input type. * * type is the type of set when WOLFSSL_ASN1_STRING is created @@ -24813,6 +24829,111 @@ WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_file(void) return &meth; } +static int x509AddCertDir(void *p, const char *argc, long argl) +{ + WOLFSSL_ENTER("x509AddCertDir"); + + (void)argl; +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + WOLFSSL_BY_DIR *ctx = (WOLFSSL_BY_DIR*)p; + WOLFSSL_BY_DIR_entry *entry; + size_t pathLen; + int i, num; + const char* c; +#ifdef WOLFSSL_SMALL_STACK + char *buf; +#else + char buf[MAX_FILENAME_SZ]; +#endif + + pathLen = 0; + c = argc; + /* zero length */ + if (c == NULL || *c == '\0') return WOLFSSL_FAILURE; + +#ifdef WOLFSSL_SMALL_STACK + buf = (char*)XMALLOC(MAX_FILENAME_SZ, NULL, DYNAMIC_TYPE_OPENSSL); + if (buf == NULL) { + WOLFSSL_LEAVE("x509AddCertDir", MEMORY_E); + return MEMORY_E; + } +#endif + + XMEMSET(buf, 0, MAX_FILENAME_SZ); + + do { + if (*c == SEPARATOR_CHAR || *c == '\0') { + + num = wolfSSL_sk_BY_DIR_entry_num(ctx->dir_entry); + + for (i=0; idir_entry, i); + + if (XSTRLEN(entry->dir_name) == pathLen && + XSTRNCMP(entry->dir_name, buf, pathLen) == 0) { + WOLFSSL_MSG("dir entry found"); + break; + } + } + + if (num == -1 || i == num) { + WOLFSSL_MSG("no entry found"); + + if (ctx->dir_entry == NULL) { + ctx->dir_entry = wolfSSL_sk_BY_DIR_entry_new_null(); + + if (ctx->dir_entry == NULL) { + WOLFSSL_MSG("failed to allocate dir_entry"); + return 0; + } + } + + entry = wolfSSL_BY_DIR_entry_new(); + if (entry == NULL) { + WOLFSSL_MSG("failed to allocate dir entry"); + return 0; + } + entry->dir_type = argl; + entry->dir_name = (char*)XMALLOC(pathLen + 1/* \0 termination*/ + , NULL, DYNAMIC_TYPE_OPENSSL); + entry->hashes = wolfSSL_sk_BY_DIR_HASH_new_null(); + if (entry->dir_name == NULL || entry->hashes == NULL) { + WOLFSSL_MSG("failed to allocate dir name"); + wolfSSL_BY_DIR_entry_free(entry); + return 0; + } + + XSTRNCPY(entry->dir_name, buf, pathLen); + entry->dir_name[pathLen] = '\0'; + + if (wolfSSL_sk_BY_DIR_entry_push(ctx->dir_entry, entry) + != WOLFSSL_SUCCESS) { + wolfSSL_BY_DIR_entry_free(entry); + return 0; + } + } + /* skip separator */ + if (*c == SEPARATOR_CHAR) c++; + + pathLen = 0; + XMEMSET(buf, 0, MAX_FILENAME_SZ); + } + buf[pathLen++] = *c; + + } while(*c++ != '\0'); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL); +#endif + + return WOLFSSL_SUCCESS; +#else + (void)p; + (void)argc; + return WOLFSSL_NOT_IMPLEMENTED; +#endif +} int wolfSSL_X509_LOOKUP_ctrl(WOLFSSL_X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret) @@ -24823,41 +24944,43 @@ int wolfSSL_X509_LOOKUP_ctrl(WOLFSSL_X509_LOOKUP *ctx, int cmd, */ int lret = WOLFSSL_FAILURE; + WOLFSSL_ENTER("wolfSSL_X509_LOOKUP_ctrl"); +#if !defined(NO_FILESYSTEM) /* returns FAILURE *if the X509_LOOKUP doesn't have an associated X509_LOOKUP_METHOD */ if (ctx != NULL) { switch (cmd) { case WOLFSSL_X509_L_FILE_LOAD: - if (argl == WOLFSSL_FILETYPE_PEM) { -#ifdef HAVE_CRL - lret = wolfSSL_X509_load_cert_crl_file(ctx, argc, - X509_FILETYPE_PEM); -#else - lret = 0; -#endif - } else { - lret = wolfSSL_X509_LOOKUP_load_file(ctx, argc, (int)argl); - } /* expects to return a number of processed cert or crl file */ - if (lret != 0) - lret = WOLFSSL_SUCCESS; - else - lret = WOLFSSL_FAILURE; + lret = wolfSSL_X509_load_cert_crl_file(ctx, argc, argl) > 0 ? + WOLFSSL_SUCCESS : WOLFSSL_FAILURE; break; case WOLFSSL_X509_L_ADD_DIR: + /* store directory loaction to use it later */ +#if !defined(NO_WOLFSSL_DIR) + lret = x509AddCertDir(ctx->dirs, argc, argl); +#else + lret = WOLFSSL_NOT_IMPLEMENTED +#endif + break; case WOLFSSL_X509_L_ADD_STORE: case WOLFSSL_X509_L_LOAD_STORE: - return WOLFSSL_SUCCESS; + return WOLFSSL_NOT_IMPLEMENTED; default: break; } - } - - (void)argc; (void)argl; (void)ret; - + (void)ret; +#else + (void)ctx; + (void)argc; + (void)argl; + (void)ret; + (void)cmd; + lret = WOLFSSL_NOT_IMPLEMENTED; +#endif return lret; } @@ -24869,10 +24992,10 @@ WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store, if (store == NULL) return NULL; - /* Method is a dummy value and is not needed. */ - (void)m; /* Make sure the lookup has a back reference to the store. */ store->lookup.store = store; + /* store a type to know which method wants to be used for */ + store->lookup.type = m->type; return &store->lookup; } @@ -25727,7 +25850,13 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void) NULL, DYNAMIC_TYPE_OPENSSL)) == NULL) { goto err_exit; } - + XMEMSET(store->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); + if ((store->lookup.dirs = (WOLFSSL_BY_DIR*)XMALLOC(sizeof(WOLFSSL_BY_DIR), + NULL, DYNAMIC_TYPE_OPENSSL)) == NULL) { + WOLFSSL_MSG("store->lookup.dir memory allocation error"); + goto err_exit; + } + XMEMSET(store->lookup.dirs, 0, sizeof(WOLFSSL_BY_DIR)); #endif return store; @@ -25753,6 +25882,16 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) XFREE(store->param, NULL, DYNAMIC_TYPE_OPENSSL); store->param = NULL; } + + if (store->lookup.dirs != NULL) { +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + if (!store->lookup.dirs->dir_entry) { + wolfSSL_sk_BY_DIR_entry_free(store->lookup.dirs->dir_entry); + } +#endif + XFREE(store->lookup.dirs, NULL, DYNAMIC_TYPE_OPENSSL); + store->lookup.dirs = NULL; + } #endif XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE); } @@ -26166,6 +26305,87 @@ WOLFSSL_X509 *wolfSSL_d2i_X509_fp(XFILE fp, WOLFSSL_X509 **x509) WOLFSSL_ENTER("wolfSSL_d2i_X509_fp"); return (WOLFSSL_X509 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)x509, CERT_TYPE); } + +WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx, + const char *file, int type) +{ + STACK_OF(WOLFSSL_X509_INFO) *info; + WOLFSSL_X509_INFO *info_tmp; + WOLFSSL_BIO *bio; + WOLFSSL_X509 *x509 = NULL; + + int i; + int cnt = 0; + int num = 0; + + WOLFSSL_ENTER("wolfSSL_X509_load_ceretificate_crl_file"); + + if (type != WOLFSSL_FILETYPE_PEM) { + x509 = wolfSSL_X509_load_certificate_file(file, type); + if (x509 != NULL) { + if (wolfSSL_X509_STORE_add_cert(ctx->store, x509) + == WOLFSSL_SUCCESS) { + cnt++; + } else { + WOLFSSL_MSG("wolfSSL_X509_STORE_add_cert error"); + } + } else { + WOLFSSL_MSG("wolfSSL_X509_load_certificate_file error"); + } + + } else { +#ifdef OPENSSL_ALL + bio = wolfSSL_BIO_new_file(file, "rb"); + if(!bio) { + WOLFSSL_MSG("wolfSSL_BIO_new error"); + return cnt; + } + + info = wolfSSL_PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL); + + wolfSSL_BIO_free(bio); + + if (!info) { + WOLFSSL_MSG("wolfSSL_PEM_X509_INFO_read_bio error"); + return cnt; + } + num = wolfSSL_sk_X509_INFO_num(info); + for (i=0; i < num; i++) { + info_tmp = wolfSSL_sk_X509_INFO_value(info, i); + + if (info_tmp->x509) { + if(wolfSSL_X509_STORE_add_cert(ctx->store, info_tmp->x509) == + WOLFSSL_SUCCESS) { + cnt ++; + } else { + WOLFSSL_MSG("wolfSSL_X509_STORE_add_cert failed"); + } + } +#ifdef HAVE_CRL + if (info_tmp->crl) { + if(wolfSSL_X509_STORE_add_crl(ctx->store, info_tmp->crl) == + WOLFSSL_SUCCESS) { + cnt ++; + } else { + WOLFSSL_MSG("wolfSSL_X509_STORE_add_crl failed"); + } + } +#endif + } + wolfSSL_sk_X509_INFO_pop_free(info, X509_INFO_free); +#else + (void)i; + (void)cnt; + (void)num; + (void)info_tmp; + (void)info; + (void)bio; +#endif + } + + WOLFSSL_LEAVE("wolfSSL_X509_load_ceretificate_crl_file", cnt); + return cnt; +} #endif /* !NO_FILESYSTEM */ @@ -26271,65 +26491,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, return ret; } -WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx, - const char *file, int type) -{ - STACK_OF(WOLFSSL_X509_INFO) *info; - WOLFSSL_X509_INFO *info_tmp; - WOLFSSL_BIO *bio; - int i; - int cnt = 0; - int num = 0; - - WOLFSSL_ENTER("wolfSSL_X509_load_ceretificate_crl_file"); - - if (type != WOLFSSL_FILETYPE_PEM) { - cnt = wolfSSL_X509_LOOKUP_load_file(ctx, file, type); - } else { -#ifdef OPENSSL_ALL - bio = wolfSSL_BIO_new_file(file, "rb"); - if(!bio) { - WOLFSSL_MSG("wolfSSL_BIO_new error"); - return cnt; - } - - info = wolfSSL_PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL); - - wolfSSL_BIO_free(bio); - - if (!info) { - WOLFSSL_MSG("wolfSSL_PEM_X509_INFO_read_bio error"); - return cnt; - } - - for (i=0; i < num; i++) { - info_tmp = wolfSSL_sk_X509_INFO_value(info, i); - - if (info_tmp->x509) { - wolfSSL_X509_STORE_add_cert(ctx->store, info_tmp->x509); - cnt ++; - } - - if (info_tmp->crl) { - wolfSSL_X509_STORE_add_cert(ctx->store, info_tmp->x509); - cnt ++; - } - } - wolfSSL_sk_X509_INFO_pop_free(info, X509_INFO_free); -#else - (void)i; - (void)cnt; - (void)num; - (void)info_tmp; - (void)info; - (void)bio; -#endif - } - - WOLFSSL_LEAVE("wolfSSL_X509_load_ceretificate_crl_file", count); - return cnt; -} #endif /* !NO_FILESYSTEM */ @@ -41390,6 +41552,168 @@ static int ConvertNIDToWolfSSL(int nid) } } +#if defined(OPENSSL_ALL) +static int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out, + const WOLFSSL_ASN1_STRING* asn_in) +{ + char* dst; + char* src; + int i, len; + + switch (asn_in->type) { + case MBSTRING_UTF8: + case V_ASN1_PRINTABLESTRING: + break; + default: + WOLFSSL_MSG("just copy string"); + return wolfSSL_ASN1_STRING_copy(asn_out, asn_in); + } + /* type is set as UTF8 */ + asn_out->type = MBSTRING_UTF8; + asn_out->length = wolfSSL_ASN1_STRING_to_UTF8( + (unsigned char**)&asn_out->data + , (WOLFSSL_ASN1_STRING*)asn_in); + + if (asn_out->length < 0) { + return WOLFSSL_FAILURE; + } + /* point to the last */ + dst = asn_out->data + asn_out->length; + /* point to the start */ + src = asn_out->data; + + len = asn_out->length; + + /* trimming spaces at the head and tail */ + dst--; + for (; (len > 0 && XISSPACE(*dst));len--) { + dst--; + } + for (; (len > 0 && XISSPACE(*src));len--){ + src++; + } + + /* point to the start */ + dst = asn_out->data; + + for (i = 0; i < len;dst++, i++) { + if (!XISASCII(*src)) { + /* keep non-ascii code */ + *dst = *src++; + } else if (XISSPACE(*src)) { + *dst = 0x20; /* space */ + /* remove the rest of spaces */ + while (XISSPACE(*++src) && i++ < len); + } else { + *dst = XTOLOWER(*src++); + } + } + /* put actual length */ + asn_out->length = dst - asn_out->data; + return WOLFSSL_SUCCESS; +} +/* this is to converts the x509 name structure into canonical DER format +* , which has the following rules: +* convert to UTF8 +* convert to lower case +* multi-spaces collapsed +* leading SEQUENCE hader is skipped +*/ +int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, unsigned char** out) +{ + int totalBytes = 0, i, idx; + byte *output, *local = NULL; +#ifdef WOLFSSL_SMALL_STACK + EncodedName* names = NULL; +#else + EncodedName names[MAX_NAME_ENTRIES]; +#endif + + if (out == NULL || name == NULL) + return BAD_FUNC_ARG; + +#ifdef WOLFSSL_SMALL_STACK + names = (EncodedName*)XMALLOC(sizeof(EncodedName) * MAX_NAME_ENTRIES, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (names == NULL) + return MEMORY_E; +#endif + + XMEMSET(names, 0, sizeof(EncodedName) * MAX_NAME_ENTRIES); + + for (i = 0; i < MAX_NAME_ENTRIES; i++) { + WOLFSSL_X509_NAME_ENTRY* entry; + int ret; + + entry = wolfSSL_X509_NAME_get_entry(name, i); + if (entry != NULL && entry->set == 1) { + const char* nameStr; + WOLFSSL_ASN1_STRING* data; + WOLFSSL_ASN1_STRING* cano_data; + + cano_data = wolfSSL_ASN1_STRING_new(); + if (cano_data == NULL) + return MEMORY_E; + + data = wolfSSL_X509_NAME_ENTRY_get_data(entry); + if (data == NULL) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + wolfSSL_ASN1_STRING_free(cano_data); + WOLFSSL_MSG("Error getting entry data"); + return WOLFSSL_FATAL_ERROR; + } + if (wolfSSL_ASN1_STRING_canon(cano_data, data) != WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; + } + nameStr = (const char*)wolfSSL_ASN1_STRING_data(cano_data); + + ret = wc_EncodeName_cano(&names[i], nameStr, CTC_UTF8, + ConvertNIDToWolfSSL(entry->nid)); + if (ret < 0) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + wolfSSL_ASN1_STRING_free(cano_data); + WOLFSSL_MSG("EncodeName failed"); + return WOLFSSL_FATAL_ERROR; + } + totalBytes += ret; + } + } + + /* skip header */ + /* check if using buffer passed in */ + if (*out == NULL) { + *out = local = (unsigned char*)XMALLOC(totalBytes, NULL, + DYNAMIC_TYPE_OPENSSL); + if (*out == NULL) { + return MEMORY_E; + } + } + output = *out; + idx = 0; + + for (i = 0; i < MAX_NAME_ENTRIES; i++) { + if (names[i].used) { + XMEMCPY(output + idx, names[i].encoded, names[i].totalLen); + idx += names[i].totalLen; + } + } + +#ifdef WOLFSSL_SMALL_STACK + XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + /* used existing buffer passed in, so increment pointer */ + if (local == NULL) { + *out += totalBytes; + } + return totalBytes; +} +#endif + /* Converts the x509 name structure into DER format. * * out pointer to either a pre setup buffer or a pointer to null for @@ -45970,6 +46294,391 @@ void wolfSSL_sk_SSL_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk) } } +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) +/* WOLFSSL_BY_DIR_HASH stuff */ +WOLFSSL_BY_DIR_HASH* wolfSSL_BY_DIR_HASH_new(void) +{ + WOLFSSL_BY_DIR_HASH* dir_hash; + + WOLFSSL_ENTER("wolfSSL_BY_DIR_HASH_new"); + + dir_hash = (WOLFSSL_BY_DIR_HASH*)XMALLOC(sizeof(WOLFSSL_BY_DIR_HASH), NULL, + DYNAMIC_TYPE_OPENSSL); + if (dir_hash) { + XMEMSET(dir_hash, 0, sizeof(WOLFSSL_BY_DIR_HASH)); + } + return dir_hash; +} + +void wolfSSL_BY_DIR_HASH_free(WOLFSSL_BY_DIR_HASH* dir_hash) +{ + if (dir_hash == NULL) + return; + + XFREE(dir_hash, NULL, DYNAMIC_TYPE_OPENSSL); +} + +WOLFSSL_STACK* wolfSSL_sk_BY_DIR_HASH_new_null(void) +{ + WOLFSSL_STACK* sk = wolfSSL_sk_new_node(NULL); + + WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_new_null"); + + if (sk) { + sk->type = STACK_TYPE_BY_DIR_hash; + } + return sk; +} + +/* returns value less than 0 on fail to match + * On a successful match the priority level found is returned + */ +int wolfSSL_sk_BY_DIR_HASH_find( + WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, const WOLFSSL_BY_DIR_HASH* toFind) +{ + WOLFSSL_STACK* next; + int i, sz; + + WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_find"); + + if (sk == NULL || toFind == NULL) { + return WOLFSSL_FAILURE; + } + + sz = wolfSSL_sk_BY_DIR_HASH_num(sk); + next = sk; + for (i = 0; i < sz && next != NULL; i++) { + if (next->data.dir_hash->hash_value == toFind->hash_value) { + return sz - i; /* reverse because stack pushed highest on first */ + } + next = next->next; + } + return -1; +} + +int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk) +{ + WOLFSSL_ENTER("wolfSSL_sk_WOLFSSL_BY_DIR_HASH_num"); + + if (sk == NULL) + return -1; + return (int)sk->num; +} + +WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_value( + const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk, int i) +{ + WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_value"); + + for (; sk != NULL && i > 0; i--) + sk = sk->next; + + if (i != 0 || sk == NULL) + return NULL; + return sk->data.dir_hash; +} + +WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_pop( + WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk) +{ + WOLFSSL_STACK* node; + WOLFSSL_BY_DIR_HASH* hash; + + WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_pop"); + + if (sk == NULL) { + return NULL; + } + + node = sk->next; + hash = sk->data.dir_hash; + + if (node != NULL) { /* update sk and remove node from stack */ + sk->data.dir_hash = node->data.dir_hash; + sk->next = node->next; + wolfSSL_sk_free_node(node); + } + else { /* last x509 in stack */ + sk->data.dir_hash = NULL; + } + + if (sk->num > 0) { + sk->num -= 1; + } + + return hash; +} + +void wolfSSL_sk_BY_DIR_HASH_pop_free(WOLF_STACK_OF(BY_DIR_HASH)* sk, + void (*f) (WOLFSSL_BY_DIR_HASH*)) +{ + WOLFSSL_STACK* node; + + WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_pop_free"); + + if (sk == NULL) { + return; + } + + /* parse through stack freeing each node */ + node = sk->next; + while (node && sk->num > 1) { + WOLFSSL_STACK* tmp = node; + node = node->next; + + if (f) + f(tmp->data.dir_hash); + else + wolfSSL_BY_DIR_HASH_free(tmp->data.dir_hash); + tmp->data.dir_hash = NULL; + XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); + sk->num -= 1; + } + + /* free head of stack */ + if (sk->num == 1) { + if (f) + f(sk->data.dir_hash); + else + wolfSSL_BY_DIR_HASH_free(sk->data.dir_hash); + sk->data.dir_hash = NULL; + } + XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL); +} + +void wolfSSL_sk_BY_DIR_HASH_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk) +{ + wolfSSL_sk_BY_DIR_HASH_pop_free(sk, NULL); +} + + +/* Adds the WOLFSSL_BY_DIR_HASH to the stack "sk". "sk" takes control of "in" and + * tries to free it when the stack is free'd. + * + * return 1 on success 0 on fail + */ +int wolfSSL_sk_BY_DIR_HASH_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, + WOLFSSL_BY_DIR_HASH* in) +{ + WOLFSSL_STACK* node; + + WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_push"); + + if (sk == NULL || in == NULL) { + return WOLFSSL_FAILURE; + } + + /* no previous values in stack */ + if (sk->data.dir_hash == NULL) { + sk->data.dir_hash = in; + sk->num += 1; + return WOLFSSL_SUCCESS; + } + + /* stack already has value(s) create a new node and add more */ + node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL, + DYNAMIC_TYPE_OPENSSL); + if (node == NULL) { + WOLFSSL_MSG("Memory error"); + return WOLFSSL_FAILURE; + } + XMEMSET(node, 0, sizeof(WOLFSSL_STACK)); + + /* push new obj onto head of stack */ + node->data.dir_hash = sk->data.dir_hash; + node->next = sk->next; + node->type = sk->type; + sk->next = node; + sk->data.dir_hash = in; + sk->num += 1; + + return WOLFSSL_SUCCESS; +} + + +/* WOLFSSL_BY_DIR_entry stuff */ +WOLFSSL_BY_DIR_entry* wolfSSL_BY_DIR_entry_new(void) +{ + WOLFSSL_BY_DIR_entry* entry; + + WOLFSSL_ENTER("wolfSSL_BY_DIR_entry_new"); + + entry = (WOLFSSL_BY_DIR_entry*)XMALLOC(sizeof(WOLFSSL_BY_DIR_entry), NULL, + DYNAMIC_TYPE_OPENSSL); + + if (entry) { + XMEMSET(entry, 0, sizeof(WOLFSSL_BY_DIR_entry)); + } + return entry; +} + +void wolfSSL_BY_DIR_entry_free(WOLFSSL_BY_DIR_entry* entry) +{ + WOLFSSL_ENTER("wolfSSL_BY_DIR_entry_free"); + + if (entry == NULL) + return; + + if (entry->hashes) { + wolfSSL_sk_BY_DIR_HASH_free(entry->hashes); + } + + if (entry->dir_name != NULL) { + XFREE(entry->dir_name, NULL, DYNAMIC_TYPE_OPENSSL); + } + + XFREE(entry, NULL, DYNAMIC_TYPE_OPENSSL); +} + +WOLFSSL_STACK* wolfSSL_sk_BY_DIR_entry_new_null(void) +{ + WOLFSSL_STACK* sk = wolfSSL_sk_new_node(NULL); + + WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_new_null"); + + if (sk) { + sk->type = STACK_TYPE_BY_DIR_entry; + } + return sk; +} + +int wolfSSL_sk_BY_DIR_entry_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk) +{ + WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_num"); + + if (sk == NULL) + return -1; + return (int)sk->num; +} + +WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_value( + const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk, int i) +{ + WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_value"); + + for (; sk != NULL && i > 0; i--) + sk = sk->next; + + if (i != 0 || sk == NULL) + return NULL; + return sk->data.dir_entry; +} + +WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_pop( + WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk) +{ + WOLFSSL_STACK* node; + WOLFSSL_BY_DIR_entry* entry; + + WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_pop"); + + if (sk == NULL) { + return NULL; + } + + node = sk->next; + entry = sk->data.dir_entry; + + if (node != NULL) { /* update sk and remove node from stack */ + sk->data.dir_entry = node->data.dir_entry; + sk->next = node->next; + wolfSSL_sk_free_node(node); + } + else { /* last x509 in stack */ + sk->data.dir_entry = NULL; + } + + if (sk->num > 0) { + sk->num -= 1; + } + + return entry; +} + +void wolfSSL_sk_BY_DIR_entry_pop_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk, + void (*f) (WOLFSSL_BY_DIR_entry*)) +{ + WOLFSSL_STACK* node; + + WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_pop_free"); + + if (sk == NULL) { + return; + } + + /* parse through stack freeing each node */ + node = sk->next; + while (node && sk->num > 1) { + WOLFSSL_STACK* tmp = node; + node = node->next; + + if (f) + f(tmp->data.dir_entry); + else + wolfSSL_BY_DIR_entry_free(tmp->data.dir_entry); + tmp->data.dir_entry = NULL; + XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); + sk->num -= 1; + } + + /* free head of stack */ + if (sk->num == 1) { + if (f) + f(sk->data.dir_entry); + else + wolfSSL_BY_DIR_entry_free(sk->data.dir_entry); + sk->data.dir_entry = NULL; + } + XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL); +} + +void wolfSSL_sk_BY_DIR_entry_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry) *sk) +{ + wolfSSL_sk_BY_DIR_entry_pop_free(sk, NULL); +} + +/* Adds the wolfSSL_BY_DIR_entry to the stack "sk". "sk" takes control of "in" and + * tries to free it when the stack is free'd. + * + * return 1 on success 0 on fail + */ +int wolfSSL_sk_BY_DIR_entry_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk, + WOLFSSL_BY_DIR_entry* in) +{ + WOLFSSL_STACK* node; + + if (sk == NULL || in == NULL) { + return WOLFSSL_FAILURE; + } + + /* no previous values in stack */ + if (sk->data.dir_entry == NULL) { + sk->data.dir_entry = in; + sk->num += 1; + return WOLFSSL_SUCCESS; + } + + /* stack already has value(s) create a new node and add more */ + node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL, + DYNAMIC_TYPE_OPENSSL); + if (node == NULL) { + WOLFSSL_MSG("Memory error"); + return WOLFSSL_FAILURE; + } + XMEMSET(node, 0, sizeof(WOLFSSL_STACK)); + + /* push new obj onto head of stack */ + node->data.dir_entry = sk->data.dir_entry; + node->next = sk->next; + node->type = sk->type; + sk->next = node; + sk->data.dir_entry = in; + sk->num += 1; + + return WOLFSSL_SUCCESS; +} + +#endif /* OPENSSL_ALL */ int wolfSSL_sk_X509_INFO_num(const WOLF_STACK_OF(WOLFSSL_X509_INFO) *sk) { diff --git a/tests/api.c b/tests/api.c index dde3d5406..c0ee92ddb 100644 --- a/tests/api.c +++ b/tests/api.c @@ -25732,6 +25732,137 @@ static void test_wolfSSL_X509_NAME(void) #endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */ } +static void test_wolfSSL_sk_X509_BY_DIR_HASH(void) +{ +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + STACK_OF(WOLFSSL_BY_DIR_HASH) *hash_stack; + WOLFSSL_BY_DIR_HASH *hash1; + WOLFSSL_BY_DIR_HASH *hash2; + WOLFSSL_BY_DIR_HASH *h; + const unsigned long dummy_hash[2] = { + 0x12345678, + 0x9abcdef0 + }; + int i, num; + + printf(testingFmt, "test_wolfSSL_sk_X509_BY_DIR_HASH"); + + /* new */ + AssertNotNull(hash1 = wolfSSL_BY_DIR_HASH_new()); + hash1->hash_value = dummy_hash[0]; + + AssertNotNull(hash2 = wolfSSL_BY_DIR_HASH_new()); + hash2->hash_value = dummy_hash[1]; + + AssertNotNull(hash_stack = wolfSSL_sk_BY_DIR_HASH_new_null()); + + /* push */ + AssertIntEQ(wolfSSL_sk_BY_DIR_HASH_push(NULL, NULL), + WOLFSSL_FAILURE); + AssertIntEQ(wolfSSL_sk_BY_DIR_HASH_push(NULL, hash1), + WOLFSSL_FAILURE); + AssertIntEQ(wolfSSL_sk_BY_DIR_HASH_push(hash_stack, NULL), + WOLFSSL_FAILURE); + + AssertIntEQ(wolfSSL_sk_BY_DIR_HASH_push(hash_stack, hash1), + WOLFSSL_SUCCESS); + AssertIntEQ(wolfSSL_sk_BY_DIR_HASH_push(hash_stack, + hash2), WOLFSSL_SUCCESS); + /* num and value */ + AssertIntEQ((num = wolfSSL_sk_BY_DIR_HASH_num(hash_stack)), 2); + for (i = 0; i < num; i++) { + AssertNotNull(h = wolfSSL_sk_BY_DIR_HASH_value(hash_stack, i)); + AssertTrue(h->hash_value == dummy_hash[num - i - 1]); + } + + /* pop */ + AssertNotNull(h = wolfSSL_sk_BY_DIR_HASH_pop(hash_stack)); + AssertIntEQ((num = wolfSSL_sk_BY_DIR_HASH_num(hash_stack)), 1); + + /* find */ + AssertIntEQ(wolfSSL_sk_BY_DIR_HASH_find(NULL, NULL), + WOLFSSL_FAILURE); + AssertIntEQ(wolfSSL_sk_BY_DIR_HASH_find(NULL, hash1), + WOLFSSL_FAILURE); + AssertIntEQ(wolfSSL_sk_BY_DIR_HASH_find(hash_stack, NULL), + WOLFSSL_FAILURE); + + AssertIntEQ(wolfSSL_sk_BY_DIR_HASH_push(hash_stack, hash2), + 1); + + /* free */ + wolfSSL_sk_BY_DIR_HASH_free(hash_stack); + + printf(resultFmt, passed); +#endif +} + + +static void test_wolfSSL_sk_X509_BY_DIR(void) +{ +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + STACK_OF(WOLFSSL_BY_DIR_entry) *entry_stack; + WOLFSSL_BY_DIR_entry *entry1; + WOLFSSL_BY_DIR_entry *entry2; + WOLFSSL_BY_DIR_entry *ent; + const char* dummy_dir[2] = { + "/hoge/hoge/foo/foo", + "/foo1/hoge2/abc/defg" + }; + int i, num; + size_t len; + + printf(testingFmt, "test_wolfSSL_X509_sk_BY_DIR"); + + /* new */ + AssertNotNull(entry1 = wolfSSL_BY_DIR_entry_new()); + len = XSTRLEN(dummy_dir[0]); + entry1->dir_name = (char*)XMALLOC(len + 1, NULL, DYNAMIC_TYPE_OPENSSL); + AssertNotNull(entry1->dir_name); + XMEMSET(entry1->dir_name, 0, len + 1); + XSTRNCPY(entry1->dir_name, dummy_dir[0], len + 1); + + AssertNotNull(entry2 = wolfSSL_BY_DIR_entry_new()); + len = XSTRLEN(dummy_dir[1]); + entry2->dir_name = (char*)XMALLOC(len + 1, NULL, DYNAMIC_TYPE_OPENSSL); + AssertNotNull(entry2->dir_name); + XMEMSET(entry2->dir_name, 0, len + 1); + XSTRNCPY(entry2->dir_name, dummy_dir[1], len + 1); + + AssertNotNull(entry_stack = wolfSSL_sk_BY_DIR_entry_new_null()); + + /* push */ + AssertIntEQ(wolfSSL_sk_BY_DIR_entry_push(NULL, NULL), + WOLFSSL_FAILURE); + AssertIntEQ(wolfSSL_sk_BY_DIR_entry_push(NULL, entry1), + WOLFSSL_FAILURE); + AssertIntEQ(wolfSSL_sk_BY_DIR_entry_push(entry_stack, NULL), + WOLFSSL_FAILURE); + + AssertIntEQ(wolfSSL_sk_BY_DIR_entry_push(entry_stack, entry1), + WOLFSSL_SUCCESS); + AssertIntEQ(wolfSSL_sk_BY_DIR_entry_push(entry_stack, + entry2), WOLFSSL_SUCCESS); + /* num and value */ + AssertIntEQ((num = wolfSSL_sk_BY_DIR_entry_num(entry_stack)), 2); + for (i = 0; i < num; i++) { + AssertNotNull(ent = wolfSSL_sk_BY_DIR_entry_value(entry_stack, i)); + len = XSTRLEN(dummy_dir[num - i - 1]); + AssertTrue(XSTRLEN(ent->dir_name) == len); + AssertIntEQ(XSTRNCMP(ent->dir_name, dummy_dir[num - i - 1], len), 0); + } + + /* pop */ + AssertNotNull(ent = wolfSSL_sk_BY_DIR_entry_pop(entry_stack)); + AssertIntEQ((len = wolfSSL_sk_BY_DIR_entry_num(entry_stack)), 1); + + /* free */ + wolfSSL_sk_BY_DIR_entry_free(entry_stack); + + printf(resultFmt, passed); +#endif +} + #ifndef NO_BIO static void test_wolfSSL_X509_INFO(void) { @@ -27967,7 +28098,286 @@ static int verify_cb(int ok, X509_STORE_CTX *ctx) } #endif +static void test_wolfSSL_X509_Name_canon(void) +{ +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_SHA) && \ + defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) + + const long ex_hash1 = 0x0fdb2da4; + const long ex_hash2 = 0x9f3e8c9e; + X509_NAME *name = NULL; + X509 *x509 = NULL; + FILE* file = NULL; + unsigned long hash = 0; + byte digest[WC_MAX_DIGEST_SIZE] = {0}; + byte *pbuf = NULL; + word32 len = 0; + (void) ex_hash2; + printf(testingFmt, "test_wolfSSL_X509_Name_canon()"); + file = XFOPEN(caCertFile, "rb"); + AssertNotNull(file); + AssertNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL)); + AssertNotNull(name = X509_get_issuer_name(x509)); + + AssertIntGT((len = wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0); + AssertIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0); + + hash = (((unsigned long)digest[3] << 24) | + ((unsigned long)digest[2] << 16) | + ((unsigned long)digest[1] << 8) | + ((unsigned long)digest[0])); + AssertIntEQ(hash, ex_hash1); + + XFCLOSE(file); + X509_free(x509); + XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL); + pbuf = NULL; + + file = XFOPEN(cliCertFile, "rb"); + AssertNotNull(file); + AssertNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL)); + AssertNotNull(name = X509_get_issuer_name(x509)); + + AssertIntGT((len = wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0); + AssertIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0); + + hash = (((unsigned long)digest[3] << 24) | + ((unsigned long)digest[2] << 16) | + ((unsigned long)digest[1] << 8) | + ((unsigned long)digest[0])); + + AssertIntEQ(hash, ex_hash2); + + XFCLOSE(file); + X509_free(x509); + XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL); + + printf(resultFmt, passed); + +#endif + +} + +static void test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void) +{ +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + const int MAX_DIR = 4; + const char paths[][32] = { + "./certs/ed25519", + "./certs/ecc", + "./certs/crl", + "./certs/", + }; + + char CertCrl_path[MAX_FILENAME_SZ]; + char *p; + X509_STORE* str; + X509_LOOKUP* lookup; + WOLFSSL_BY_DIR_entry *dir; + WOLFSSL_STACK* sk = NULL; + int num = 0, len, total_len, i; + + (void) sk; + (void) num; + + printf(testingFmt, "test_wolfSSL_X509_LOOKUP_ctrl_hash_dir()"); + + XMEMSET(CertCrl_path, 0, MAX_FILENAME_SZ); + + /* illegal string */ + AssertNotNull((str = wolfSSL_X509_STORE_new())); + AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); + AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "", + SSL_FILETYPE_PEM,NULL), 0); + + /* free store */ + X509_STORE_free(str); + + /* short folder string */ + AssertNotNull((str = wolfSSL_X509_STORE_new())); + AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); + AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "./", + SSL_FILETYPE_PEM,NULL), 1); + AssertNotNull(sk = lookup->dirs->dir_entry); + AssertIntEQ((num = wolfSSL_sk_BY_DIR_entry_num(sk)), 1); + + dir = wolfSSL_sk_BY_DIR_entry_value(sk, 0); + printf("dir->dir_name %s\n", dir->dir_name); + AssertIntEQ(XSTRLEN((const char*)dir->dir_name), XSTRLEN("./")); + AssertIntEQ(XMEMCMP(dir->dir_name, "./", + XSTRLEN((const char*)dir->dir_name)), 0); + + /* free store */ + X509_STORE_free(str); + + /* typical function check */ + p = &CertCrl_path[0]; + total_len = 0; + + for(i = MAX_DIR - 1; i>=0 && total_len < MAX_FILENAME_SZ; i--) { + len = XSTRLEN((const char*)&paths[i]); + total_len += len; + XSTRNCPY(p, paths[i], MAX_FILENAME_SZ - total_len); + p += len; + if (i != 0) *(p++) = SEPARATOR_CHAR; + } + + AssertNotNull((str = wolfSSL_X509_STORE_new())); + AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); + AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, CertCrl_path, + SSL_FILETYPE_PEM,NULL), 1); + AssertNotNull(sk = lookup->dirs->dir_entry); + AssertIntEQ((num = wolfSSL_sk_BY_DIR_entry_num(sk)), MAX_DIR); + + for(i = 0; idir_name), XSTRLEN(paths[i])); + AssertIntEQ(XMEMCMP(dir->dir_name, paths[i], + XSTRLEN((const char*)dir->dir_name)), 0); + } + + X509_STORE_free(str); + + printf(resultFmt, passed); +#endif + +} + +static void test_wolfSSL_X509_LOOKUP_ctrl_file(void) +{ +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ + defined(WOLFSSL_SIGNER_DER_CERT) + + X509_STORE_CTX* ctx; + X509_STORE* str; + X509_LOOKUP* lookup; + + X509* cert1; + X509* x509Ca; + X509* x509Svr; + X509* issuer; + + WOLFSSL_STACK* sk = NULL; + X509_NAME* caName; + X509_NAME* issuerName; + + FILE* file1 = NULL; + int i, cert_count, cmp; + + char der[] = "certs/ca-cert.der"; + +#ifdef HAVE_CRL + char pem[][100] = { + "./certs/crl/crl.pem", + "./certs/crl/crl2.pem", + "./certs/crl/caEccCrl.pem", + "./certs/crl/eccCliCRL.pem", + "./certs/crl/eccSrvCRL.pem", + "" + }; +#endif + printf(testingFmt, "test_wolfSSL_X509_LOOKUP_ctrl_file()"); + AssertNotNull(file1=fopen("./certs/ca-cert.pem", "rb")); + + AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL)); + fclose(file1); + + AssertNotNull(ctx = X509_STORE_CTX_new()); + AssertNotNull((str = wolfSSL_X509_STORE_new())); + AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); + AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile, + SSL_FILETYPE_PEM,NULL), 1); + AssertNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm)); + AssertIntEQ((cert_count = sk_X509_num(sk)), 1); + + /* check if CA cert is loaded into the store */ + for (i = 0; i < cert_count; i++) { + x509Ca = sk_X509_value(sk, i); + AssertIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1)); + } + + AssertNotNull((x509Svr = + wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); + + AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS); + + AssertNull(X509_STORE_CTX_get0_current_issuer(NULL)); + issuer = X509_STORE_CTX_get0_current_issuer(ctx); + AssertNotNull(issuer); + + caName = X509_get_subject_name(x509Ca); + AssertNotNull(caName); + issuerName = X509_get_subject_name(issuer); + AssertNotNull(issuerName); + cmp = X509_NAME_cmp(caName, issuerName); + AssertIntEQ(cmp, 0); + + /* load der format */ + X509_STORE_free(str); + sk_X509_free(sk); + + AssertNotNull((str = wolfSSL_X509_STORE_new())); + AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); + AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, der, + SSL_FILETYPE_ASN1,NULL), 1); + AssertNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm)); + AssertIntEQ((cert_count = sk_X509_num(sk)), 1); + + /* check if CA cert is loaded into the store */ + for (i = 0; i < cert_count; i++) { + x509Ca = sk_X509_value(sk, i); + AssertIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1)); + } + +#ifdef HAVE_CRL + /* once feeing store */ + wolfSSL_X509_STORE_free(str); + str = NULL; + + AssertNotNull(str = wolfSSL_X509_STORE_new()); + AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); + AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile, + SSL_FILETYPE_PEM,NULL), 1); + AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, + "certs/server-revoked-cert.pem", + SSL_FILETYPE_PEM,NULL), 1); + if (str) { + AssertIntEQ(wolfSSL_CertManagerVerify(str->cm, svrCertFile, + WOLFSSL_FILETYPE_PEM), 1); + /* since store hasn't yet known the revoked cert*/ + AssertIntEQ(wolfSSL_CertManagerVerify(str->cm, + "certs/server-revoked-cert.pem", + WOLFSSL_FILETYPE_PEM), 1); + } + for (i = 0; pem[i][0] != '\0'; i++) + { + AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, pem[i], + SSL_FILETYPE_PEM, NULL), 1); + } + + if (str) { + /* since store knows crl list */ + AssertIntEQ(wolfSSL_CertManagerVerify(str->cm, + "certs/server-revoked-cert.pem", + WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED); + } + +#endif + X509_free(issuer); + X509_STORE_CTX_free(ctx); + X509_free(x509Svr); + X509_STORE_free(str); + sk_X509_free(sk); + X509_free(x509Ca); + X509_free(cert1); + + printf(resultFmt, passed); +#endif +} static void test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) @@ -39608,7 +40018,7 @@ static void test_wolfSSL_X509_load_crl_file(void) WOLFSSL_X509_STORE* store; WOLFSSL_X509_LOOKUP* lookup; - printf(testingFmt, "wolfSSL_X509_laod_crl_file"); + printf(testingFmt, "wolfSSL_X509_load_crl_file"); AssertNotNull(store = wolfSSL_X509_STORE_new()); AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); @@ -41649,6 +42059,8 @@ void ApiTest(void) #ifndef NO_BIO test_wolfSSL_X509_INFO(); #endif + test_wolfSSL_sk_X509_BY_DIR_HASH(); + test_wolfSSL_sk_X509_BY_DIR(); test_wolfSSL_X509_subject_name_hash(); test_wolfSSL_X509_issuer_name_hash(); test_wolfSSL_X509_check_host(); @@ -41698,6 +42110,9 @@ void ApiTest(void) test_generate_cookie(); test_wolfSSL_X509_STORE_set_flags(); test_wolfSSL_X509_LOOKUP_load_file(); + test_wolfSSL_X509_Name_canon(); + test_wolfSSL_X509_LOOKUP_ctrl_file(); + test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(); test_wolfSSL_X509_NID(); test_wolfSSL_X509_STORE_CTX_set_time(); test_wolfSSL_get0_param(); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index f70c69a86..dea8abaf8 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -13172,6 +13172,86 @@ int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType, return idx; } +/* +* this wrappes wc_EncodeName for EMAIL OID + */ +int wc_EncodeName_cano(EncodedName* name, const char* nameStr, char nameType, + byte type) +{ + word32 idx = 0; + + if (nameStr) { + /* bottom up */ + byte firstLen[1 + MAX_LENGTH_SZ]; + byte secondLen[MAX_LENGTH_SZ]; + byte sequence[MAX_SEQ_SZ]; + byte set[MAX_SET_SZ]; + + int strLen = (int)XSTRLEN(nameStr); + int thisLen = strLen; + int firstSz, secondSz, seqSz, setSz; + + const byte EMAIL_OID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x09, 0x01, 0x0c }; + + if (type != ASN_EMAIL_NAME) { + return wc_EncodeName(name, nameStr, nameType, type); + } + + if (strLen == 0) { /* no user data for this item */ + name->used = 0; + return 0; + } + secondSz = SetLength(strLen, secondLen); + thisLen += secondSz; + thisLen += EMAIL_JOINT_LEN; + firstSz = EMAIL_JOINT_LEN; + thisLen++; /* id type */ + firstSz = SetObjectId(firstSz, firstLen); + thisLen += firstSz; + + seqSz = SetSequence(thisLen, sequence); + thisLen += seqSz; + setSz = SetSet(thisLen, set); + thisLen += setSz; + + if (thisLen > (int)sizeof(name->encoded)) { + return BUFFER_E; + } + + /* store it */ + idx = 0; + /* set */ + XMEMCPY(name->encoded, set, setSz); + idx += setSz; + /* seq */ + XMEMCPY(name->encoded + idx, sequence, seqSz); + idx += seqSz; + /* asn object id */ + XMEMCPY(name->encoded + idx, firstLen, firstSz); + idx += firstSz; + /* email joint id */ + XMEMCPY(name->encoded + idx, EMAIL_OID, sizeof(EMAIL_OID)); + idx += (int)sizeof(EMAIL_OID); + /* second length */ + XMEMCPY(name->encoded + idx, secondLen, secondSz); + idx += secondSz; + /* str value */ + XMEMCPY(name->encoded + idx, nameStr, strLen); + idx += strLen; + + name->type = type; + name->totalLen = idx; + name->used = 1; + } + else + name->used = 0; + + return idx; +} + + + /* encode CertName into output, return total bytes written */ int SetName(byte* output, word32 outputSz, CertName* name) { diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 2e6dc17ac..aada029ae 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -415,6 +415,39 @@ int wc_FileLoad(const char* fname, unsigned char** buf, size_t* bufLen, #if !defined(NO_WOLFSSL_DIR) && \ !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) +/* File Handling Helper */ +/* returns 0 if file exists, WC_ISFILEEXIST_NOFILE if file doesn't exist */ +int wc_FileExists(const char* fname) +{ + struct ReadDirCtx ctx; + + if (fname == NULL) + return 0; + + if (XSTAT(fname, &ctx.s) != 0) { + WOLFSSL_MSG("stat on name failed"); + return BAD_PATH_ERROR; + }else +#if defined(USE_WINDOWS_API) + if (ctx.s.st_mode & _S_IFREG) { + return 0; + } +#elif defined(WOLFSSL_ZEPHYR) + if (ctx.s.type == FS_DIR_ENTRY_FILE) { + return 0; + } + +#elif defined(WOLFSSL_TELIT_M2MB) + if (ctx.s.st_mode & M2MB_S_IFREG) { + return 0; + } +#else + if (S_ISREG(ctx.s.st_mode)) { + return 0; + } +#endif + return WC_ISFILEEXIST_NOFILE; +} /* File Handling Helpers */ /* returns 0 if file found, WC_READDIR_NOFILE if no files or negative error */ @@ -485,11 +518,7 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name) * of earlier check it is known that dnameLen is less than * MAX_FILENAME_SZ - (pathLen + 2) so dnameLen +1 will fit */ XSTRNCPY(ctx->name + pathLen + 1, ctx->entry.name, dnameLen + 1); - if (fs_stat(ctx->name, &ctx->s) != 0) { - WOLFSSL_MSG("stat on name failed"); - ret = BAD_PATH_ERROR; - break; - } else if (ctx->s.type == FS_DIR_ENTRY_FILE) { + if ((ret = wc_FileExists(ctx->name)) == 0) { if (name) *name = ctx->name; return 0; @@ -517,12 +546,7 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name) * MAX_FILENAME_SZ - (pathLen + 2) so dnameLen +1 will fit */ XSTRNCPY(ctx->name + pathLen + 1, ctx->entry->d_name, dnameLen + 1); - if (m2mb_fs_stat(ctx->name, &ctx->s) != 0) { - WOLFSSL_MSG("stat on name failed"); - ret = BAD_PATH_ERROR; - break; - } - else if (ctx->s.st_mode & M2MB_S_IFREG) { + if ((ret = wc_FileExists(ctx->name)) == 0) { if (name) *name = ctx->name; return 0; @@ -549,11 +573,7 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name) * of earlier check it is known that dnameLen is less than * MAX_FILENAME_SZ - (pathLen + 2) so dnameLen +1 will fit */ XSTRNCPY(ctx->name + pathLen + 1, ctx->entry->d_name, dnameLen + 1); - if (stat(ctx->name, &ctx->s) != 0) { - WOLFSSL_MSG("stat on name failed"); - ret = BAD_PATH_ERROR; - break; - } else if (S_ISREG(ctx->s.st_mode)) { + if ((ret = wc_FileExists(ctx->name)) == 0) { if (name) *name = ctx->name; return 0; @@ -615,11 +635,7 @@ int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name) * MAX_FILENAME_SZ - (pathLen + 2) so that dnameLen +1 will fit */ XSTRNCPY(ctx->name + pathLen + 1, ctx->entry.name, dnameLen + 1); - if (fs_stat(ctx->name, &ctx->s) != 0) { - WOLFSSL_MSG("stat on name failed"); - ret = BAD_PATH_ERROR; - break; - } else if (ctx->s.type == FS_DIR_ENTRY_FILE) { + if ((ret = wc_FileExists(ctx->name)) == 0) { if (name) *name = ctx->name; return 0; @@ -641,12 +657,7 @@ int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name) * MAX_FILENAME_SZ - (pathLen + 2) so dnameLen +1 will fit */ XSTRNCPY(ctx->name + pathLen + 1, ctx->entry->d_name, dnameLen + 1); - if (m2mb_fs_stat(ctx->name, &ctx->s) != 0) { - WOLFSSL_MSG("stat on name failed"); - ret = BAD_PATH_ERROR; - break; - } - else if (ctx->s.st_mode & M2MB_S_IFREG) { + if ((ret = wc_FileExists(ctx->name)) == 0) { if (name) *name = ctx->name; return 0; @@ -667,11 +678,7 @@ int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name) * MAX_FILENAME_SZ - (pathLen + 2) so that dnameLen +1 will fit */ XSTRNCPY(ctx->name + pathLen + 1, ctx->entry->d_name, dnameLen + 1); - if (stat(ctx->name, &ctx->s) != 0) { - WOLFSSL_MSG("stat on name failed"); - ret = BAD_PATH_ERROR; - break; - } else if (S_ISREG(ctx->s.st_mode)) { + if ((ret = wc_FileExists(ctx->name)) == 0) { if (name) *name = ctx->name; return 0; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 9246f66e9..2b5a492b3 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2066,6 +2066,9 @@ struct WOLFSSL_CERT_MANAGER { #endif #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) short minEccKeySz; /* minimum allowed ECC key size */ +#endif +#if defined(OPENSSL_EXTRA) + WOLFSSL_X509_STORE *x509_store_p; /* pointer back to x509 store */ #endif wolfSSL_Mutex refMutex; /* reference count mutex */ int refCount; /* reference count */ @@ -3691,6 +3694,8 @@ typedef struct Arrays { #define STACK_TYPE_X509_NAME 9 #define STACK_TYPE_CONF_VALUE 10 #define STACK_TYPE_X509_INFO 11 +#define STACK_TYPE_BY_DIR_entry 12 +#define STACK_TYPE_BY_DIR_hash 13 struct WOLFSSL_STACK { unsigned long num; /* number of nodes in stack @@ -3716,6 +3721,8 @@ struct WOLFSSL_STACK { void* generic; char* string; WOLFSSL_GENERAL_NAME* gn; + WOLFSSL_BY_DIR_entry* dir_entry; + WOLFSSL_BY_DIR_HASH* dir_hash; } data; void* heap; /* memory heap hint */ WOLFSSL_STACK* next; @@ -4811,6 +4818,12 @@ WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey); WOLFSSL_LOCAL int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev); #endif +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) +WOLFSSL_LOCAL int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, + X509_NAME* issuer, int Type); +#endif #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 1e593213e..22ea2f5a4 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -192,6 +192,9 @@ typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT; typedef struct WOLFSSL_ASN1_OTHERNAME WOLFSSL_ASN1_OTHERNAME; typedef struct WOLFSSL_X509V3_CTX WOLFSSL_X509V3_CTX; typedef struct WOLFSSL_v3_ext_method WOLFSSL_v3_ext_method; +typedef struct WOLFSSL_BY_DIR WOLFSSL_BY_DIR; +typedef struct WOLFSSL_BY_DIR_entry WOLFSSL_BY_DIR_entry; +typedef struct WOLFSSL_BY_DIR_HASH WOLFSSL_BY_DIR_HASH; typedef struct WOLFSSL_ASN1_STRING WOLFSSL_ASN1_STRING; typedef struct WOLFSSL_dynlock_value WOLFSSL_dynlock_value; @@ -276,7 +279,21 @@ struct WOLFSSL_X509V3_CTX { WOLFSSL_X509* x509; }; +struct WOLFSSL_BY_DIR_HASH { + unsigned long hash_value; + int last_suffix; +}; +struct WOLFSSL_BY_DIR_entry { + char* dir_name; + int dir_type; + WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *hashes; +}; + +struct WOLFSSL_BY_DIR { + WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *dir_entry; + wolfSSL_Mutex lock; /* dir list lock */ +}; struct WOLFSSL_ASN1_OBJECT { void* heap; @@ -531,6 +548,8 @@ struct WOLFSSL_X509_LOOKUP_METHOD { struct WOLFSSL_X509_LOOKUP { WOLFSSL_X509_STORE *store; + int type; + WOLFSSL_BY_DIR* dirs; }; struct WOLFSSL_X509_STORE { @@ -1421,6 +1440,8 @@ WOLFSSL_API void wolfSSL_X509_STORE_set_verify_cb(WOLFSSL_X509_STORE *st, WOLFSSL_X509_STORE_CTX_verify_cb verify_cb); WOLFSSL_API int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* n, unsigned char** out); +WOLFSSL_API int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, + unsigned char** out); WOLFSSL_API WOLFSSL_X509_NAME *wolfSSL_d2i_X509_NAME(WOLFSSL_X509_NAME **name, unsigned char **in, long length); #ifndef NO_RSA @@ -1499,6 +1520,8 @@ WOLFSSL_API int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1, const void* data, int dataSz); WOLFSSL_API unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING*); WOLFSSL_API int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING*); +WOLFSSL_API int wolfSSL_ASN1_STRING_copy(WOLFSSL_ASN1_STRING* dst, + const WOLFSSL_ASN1_STRING* src); WOLFSSL_API int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX*); WOLFSSL_API const char* wolfSSL_X509_verify_cert_error_string(long); WOLFSSL_API int wolfSSL_X509_get_signature_type(WOLFSSL_X509*); @@ -3828,6 +3851,38 @@ WOLFSSL_API int wolfSSL_sk_CONF_VALUE_push(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk WOLFSSL_CONF_VALUE* val); #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY */ +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) +WOLFSSL_API WOLFSSL_BY_DIR_HASH* wolfSSL_BY_DIR_HASH_new(void); +WOLFSSL_API void wolfSSL_BY_DIR_HASH_free(WOLFSSL_BY_DIR_HASH* dir_hash); +WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_BY_DIR_HASH_new_null(void); +WOLFSSL_API int wolfSSL_sk_BY_DIR_HASH_find( + WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, const WOLFSSL_BY_DIR_HASH* toFind); +WOLFSSL_API int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk); +WOLFSSL_API WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_value( + const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk, int i); +WOLFSSL_API WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_pop( + WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk); +WOLFSSL_API void wolfSSL_sk_BY_DIR_HASH_pop_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, + void (*f) (WOLFSSL_BY_DIR_HASH*)); +WOLFSSL_API void wolfSSL_sk_BY_DIR_HASH_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk); +WOLFSSL_API int wolfSSL_sk_BY_DIR_HASH_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, + WOLFSSL_BY_DIR_HASH* in); +/* WOLFSSL_BY_DIR_entry stuff */ +WOLFSSL_API WOLFSSL_BY_DIR_entry* wolfSSL_BY_DIR_entry_new(void); +WOLFSSL_API void wolfSSL_BY_DIR_entry_free(WOLFSSL_BY_DIR_entry* entry); +WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_BY_DIR_entry_new_null(void); +WOLFSSL_API int wolfSSL_sk_BY_DIR_entry_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk); +WOLFSSL_API WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_value( + const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk, int i); +WOLFSSL_API WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_pop( + WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk); +WOLFSSL_API void wolfSSL_sk_BY_DIR_entry_pop_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry)* sk, + void (*f) (WOLFSSL_BY_DIR_entry*)); +WOLFSSL_API void wolfSSL_sk_BY_DIR_entry_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry) *sk); +WOLFSSL_API int wolfSSL_sk_BY_DIR_entry_push(WOLF_STACK_OF(wolfSSL_BY_DIR_entry)* sk, + WOLFSSL_BY_DIR_entry* in); +#endif /* OPENSSL_ALL && !NO_FILESYSTEM && !NO_WOLFSSL_DIR */ + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_ASN1_BIT_STRING_new(void); WOLFSSL_API void wolfSSL_ASN1_BIT_STRING_free(WOLFSSL_ASN1_BIT_STRING*); diff --git a/wolfssl/test.h b/wolfssl/test.h index 50a5c96a2..16fe232ce 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -349,6 +349,7 @@ #define cliEd448CertFile "certs/ed448/client-ed448.pem" #define cliEd448KeyFile "certs/ed448/client-ed448-priv.pem" #define caEd448CertFile "certs/ed448/ca-ed448.pem" +#define caCertFolder "certs/" #ifdef HAVE_WNR /* Whitewood netRandom default config file */ #define wnrConfig "wnr-example.conf" @@ -382,6 +383,7 @@ #define cliEd448CertFile "./certs/ed448/client-ed448.pem" #define cliEd448KeyFile "./certs/ed448/client-ed448-priv.pem" #define caEd448CertFile "./certs/ed448/ca-ed448.pem" +#define caCertFolder "./certs/" #ifdef HAVE_WNR /* Whitewood netRandom default config file */ #define wnrConfig "./wnr-example.conf" diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index ddac56b34..1ad8176b2 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1173,6 +1173,8 @@ WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn); WOLFSSL_LOCAL int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType, byte type); +WOLFSSL_LOCAL int wc_EncodeName_cano(EncodedName* name, const char* nameStr, + char nameType, byte type); /* ASN.1 helper functions */ #ifdef WOLFSSL_CERT_GEN WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name); diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index e1d4aa2da..494d20df2 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -659,6 +659,8 @@ decouple library dependencies with standard string, memory and so on. #endif #ifdef OPENSSL_ALL #define XISALNUM(c) isalnum((c)) + #define XISASCII(c) isascii((c)) + #define XISSPACE(c) isspace((c)) #endif /* needed by wolfSSL_check_domain_name() */ #define XTOLOWER(c) tolower((c)) diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 8a41f4b99..36c858f53 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -676,14 +676,25 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define XFGETS fgets #define XFPRINTF fprintf - #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR)\ + #if !defined(NO_WOLFSSL_DIR)\ && !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) + #if defined(USE_WINDOWS_API) + #define XSTAT _stat + #define SEPARATOR_CHAR ';' + #elif defined(WOLFSSL_ZEPHYR) + #define XSTAT fs_stat + #elif defined(WOLFSSL_TELIT_M2MB) + #define XSTAT m2mb_fs_stat + #else #include #include #include #define XWRITE write #define XREAD read #define XCLOSE close + #define XSTAT stat + #define SEPARATOR_CHAR ':' + #endif #endif #endif @@ -732,7 +743,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #else struct dirent* entry; DIR* dir; - struct stat s; + struct XSTAT s; #endif char name[MAX_FILENAME_SZ]; } ReadDirCtx; @@ -743,6 +754,9 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); WOLFSSL_API int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name); WOLFSSL_API void wc_ReadDirClose(ReadDirCtx* ctx); #endif /* !NO_WOLFSSL_DIR */ + #define WC_ISFILEEXIST_NOFILE -1 + + WOLFSSL_API int wc_FileExists(const char* fname); #endif /* !NO_FILESYSTEM */ From 39b0c4eaf8f966ad3f290b41635fe3a4dfc04d1b Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Fri, 5 Mar 2021 15:14:56 +0900 Subject: [PATCH 086/137] fixed sanitize errors --- src/internal.c | 98 ++++++++++++++++++++++++++------------------- src/ssl.c | 14 +++++-- tests/api.c | 30 +++++++------- wolfcrypt/src/asn.c | 2 - 4 files changed, 80 insertions(+), 64 deletions(-) diff --git a/src/internal.c b/src/internal.c index d8c45cbf7..feab76786 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1981,7 +1981,7 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) if (ctx->x509_store.lookup.dirs) { #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) - if (!ctx->x509_store.lookup.dirs->dir_entry) { + if (ctx->x509_store.lookup.dirs->dir_entry) { wolfSSL_sk_BY_DIR_entry_free(ctx->x509_store.lookup.dirs->dir_entry); } #endif @@ -10619,6 +10619,7 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) WOLFSSL_MSG("failed hash operation"); return WOLFSSL_FAILURE; } + wolfSSL_OPENSSL_free(pbuf); } /* try to load each hashed name file in path */ @@ -10633,8 +10634,9 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) for (i=0; idirs->dir_entry, i); - - len = XSTRLEN(entry->dir_name) + 13; + /*/.(r)N\0 */ + /*112345678 1 1 1 1 => 13 */ + len = (int)XSTRLEN(entry->dir_name) + 13; if (filename != NULL) { XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL); @@ -10678,6 +10680,7 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) WOLFSSL_FILETYPE_PEM); if (x509 != NULL) { ret = wolfSSL_X509_STORE_add_cert(store, x509); + wolfSSL_X509_free(x509); } else { WOLFSSL_MSG("failed to load certificate\n"); ret = WOLFSSL_FAILURE; @@ -10839,45 +10842,6 @@ static int ProcessPeerCertParse(WOLFSSL* ssl, ProcPeerCertArgs* args, /* Parse Certificate */ ret = ParseCertRelative(args->dCert, certType, verify, ssl->ctx->cm); -#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ - !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) - if (ret == ASN_NO_SIGNER_E) { - WOLFSSL_MSG("try to load certificate if hash dir is set"); - if (ssl->ctx->x509_store_pt != NULL) { - ret = LoadCrlCertByIssuer(ssl->ctx->x509_store_pt, - (WOLFSSL_X509_NAME*)args->dCert->issuerName, - X509_LU_X509); - } else { - ret = LoadCrlCertByIssuer(&ssl->ctx->x509_store, - (WOLFSSL_X509_NAME*)args->dCert->issuerName, - X509_LU_X509); - } - - if (ret == WOLFSSL_SUCCESS) { - /* re try Parse Certificate */ - InitDecodedCert(args->dCert, cert->buffer, cert->length, ssl->heap); - args->dCertInit = 1; - args->dCert->sigCtx.devId = ssl->devId; - #ifdef WOLFSSL_ASYNC_CRYPT - args->dCert->sigCtx.asyncCtx = ssl; - #endif - #ifdef HAVE_PK_CALLBACKS - /* setup the PK callback context */ - ret = InitSigPkCb(ssl, &args->dCert->sigCtx); - if (ret != 0) - return ret; - #endif - ret = ParseCertRelative(args->dCert, certType, verify, - ssl->ctx->cm); - } else { - WOLFSSL_MSG("failed to load certificate from hash folder"); - /* restore return code */ - ret = ASN_NO_SIGNER_E; - } - } -#endif - /* perform below checks for date failure cases */ if (ret == 0 || ret == ASN_BEFORE_DATE_E || ret == ASN_AFTER_DATE_E) { /* get subject and determine if already loaded */ @@ -11309,6 +11273,31 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, ret = ProcessPeerCertParse(ssl, args, CERT_TYPE, !ssl->options.verifyNone ? VERIFY : NO_VERIFY, &subjectHash, &alreadySigner); +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + if (ret == ASN_NO_SIGNER_E) { + WOLFSSL_MSG("try to load certificate if hash dir is set"); + if (ssl->ctx->x509_store_pt != NULL) { + ret = LoadCrlCertByIssuer(ssl->ctx->x509_store_pt, + (WOLFSSL_X509_NAME*)args->dCert->issuerName, + X509_LU_X509); + } else { + ret = LoadCrlCertByIssuer(&ssl->ctx->x509_store, + (WOLFSSL_X509_NAME*)args->dCert->issuerName, + X509_LU_X509); + } + if (ret == WOLFSSL_SUCCESS) { + FreeDecodedCert(args->dCert); + args->dCertInit = 0; + /* once again */ + ret = ProcessPeerCertParse(ssl, args, CERT_TYPE, + !ssl->options.verifyNone ? VERIFY : NO_VERIFY, + &subjectHash, &alreadySigner); + } else + ret = ASN_NO_SIGNER_E; + } +#endif #ifdef WOLFSSL_ASYNC_CRYPT if (ret == WC_PENDING_E) goto exit_ppc; @@ -11502,6 +11491,31 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, ret = ProcessPeerCertParse(ssl, args, CERT_TYPE, !ssl->options.verifyNone ? VERIFY : NO_VERIFY, &subjectHash, &alreadySigner); +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + if (ret == ASN_NO_SIGNER_E) { + WOLFSSL_MSG("try to load certificate if hash dir is set"); + if (ssl->ctx->x509_store_pt != NULL) { + ret = LoadCrlCertByIssuer(ssl->ctx->x509_store_pt, + (WOLFSSL_X509_NAME*)args->dCert->issuerName, + X509_LU_X509); + } else { + ret = LoadCrlCertByIssuer(&ssl->ctx->x509_store, + (WOLFSSL_X509_NAME*)args->dCert->issuerName, + X509_LU_X509); + } + if (ret == WOLFSSL_SUCCESS) { + FreeDecodedCert(args->dCert); + args->dCertInit = 0; + /* once again */ + ret = ProcessPeerCertParse(ssl, args, CERT_TYPE, + !ssl->options.verifyNone ? VERIFY : NO_VERIFY, + &subjectHash, &alreadySigner); + } else + ret = ASN_NO_SIGNER_E; + } +#endif #ifdef WOLFSSL_ASYNC_CRYPT if (ret == WC_PENDING_E) goto exit_ppc; diff --git a/src/ssl.c b/src/ssl.c index 11f47938e..9d86f16ba 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -24894,7 +24894,7 @@ static int x509AddCertDir(void *p, const char *argc, long argl) WOLFSSL_MSG("failed to allocate dir entry"); return 0; } - entry->dir_type = argl; + entry->dir_type = (int)argl; entry->dir_name = (char*)XMALLOC(pathLen + 1/* \0 termination*/ , NULL, DYNAMIC_TYPE_OPENSSL); entry->hashes = wolfSSL_sk_BY_DIR_HASH_new_null(); @@ -24953,7 +24953,7 @@ int wolfSSL_X509_LOOKUP_ctrl(WOLFSSL_X509_LOOKUP *ctx, int cmd, switch (cmd) { case WOLFSSL_X509_L_FILE_LOAD: /* expects to return a number of processed cert or crl file */ - lret = wolfSSL_X509_load_cert_crl_file(ctx, argc, argl) > 0 ? + lret = wolfSSL_X509_load_cert_crl_file(ctx, argc, (int)argl) > 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; break; case WOLFSSL_X509_L_ADD_DIR: @@ -25885,7 +25885,7 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) if (store->lookup.dirs != NULL) { #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) - if (!store->lookup.dirs->dir_entry) { + if (store->lookup.dirs->dir_entry) { wolfSSL_sk_BY_DIR_entry_free(store->lookup.dirs->dir_entry); } #endif @@ -26329,6 +26329,8 @@ WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx, } else { WOLFSSL_MSG("wolfSSL_X509_STORE_add_cert error"); } + wolfSSL_X509_free(x509); + x509 = NULL; } else { WOLFSSL_MSG("wolfSSL_X509_load_certificate_file error"); } @@ -41609,7 +41611,7 @@ static int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out, } } /* put actual length */ - asn_out->length = dst - asn_out->data; + asn_out->length = (int)(dst - asn_out->data); return WOLFSSL_SUCCESS; } /* this is to converts the x509 name structure into canonical DER format @@ -41680,6 +41682,8 @@ int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, unsigned char** out) return WOLFSSL_FATAL_ERROR; } totalBytes += ret; + wolfSSL_OPENSSL_free(cano_data->data); + wolfSSL_ASN1_STRING_free(cano_data); } } @@ -42820,6 +42824,8 @@ err: } XFREE(pem, 0, DYNAMIC_TYPE_PEM); + if (der) + FreeDer(&der); return WOLFSSL_SUCCESS; err: if (pem) diff --git a/tests/api.c b/tests/api.c index c0ee92ddb..823c4033b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -25855,6 +25855,7 @@ static void test_wolfSSL_sk_X509_BY_DIR(void) /* pop */ AssertNotNull(ent = wolfSSL_sk_BY_DIR_entry_pop(entry_stack)); AssertIntEQ((len = wolfSSL_sk_BY_DIR_entry_num(entry_stack)), 1); + wolfSSL_BY_DIR_entry_free(ent); /* free */ wolfSSL_sk_BY_DIR_entry_free(entry_stack); @@ -28205,7 +28206,6 @@ static void test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void) AssertIntEQ((num = wolfSSL_sk_BY_DIR_entry_num(sk)), 1); dir = wolfSSL_sk_BY_DIR_entry_value(sk, 0); - printf("dir->dir_name %s\n", dir->dir_name); AssertIntEQ(XSTRLEN((const char*)dir->dir_name), XSTRLEN("./")); AssertIntEQ(XMEMCMP(dir->dir_name, "./", XSTRLEN((const char*)dir->dir_name)), 0); @@ -28218,7 +28218,7 @@ static void test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void) total_len = 0; for(i = MAX_DIR - 1; i>=0 && total_len < MAX_FILENAME_SZ; i--) { - len = XSTRLEN((const char*)&paths[i]); + len = (int)XSTRLEN((const char*)&paths[i]); total_len += len; XSTRNCPY(p, paths[i], MAX_FILENAME_SZ - total_len); p += len; @@ -28315,10 +28315,13 @@ static void test_wolfSSL_X509_LOOKUP_ctrl_file(void) AssertNotNull(issuerName); cmp = X509_NAME_cmp(caName, issuerName); AssertIntEQ(cmp, 0); - + /* load der format */ + X509_free(issuer); + X509_STORE_CTX_free(ctx); X509_STORE_free(str); sk_X509_free(sk); + X509_free(x509Svr); AssertNotNull((str = wolfSSL_X509_STORE_new())); AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); @@ -28326,18 +28329,17 @@ static void test_wolfSSL_X509_LOOKUP_ctrl_file(void) SSL_FILETYPE_ASN1,NULL), 1); AssertNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm)); AssertIntEQ((cert_count = sk_X509_num(sk)), 1); - /* check if CA cert is loaded into the store */ for (i = 0; i < cert_count; i++) { x509Ca = sk_X509_value(sk, i); AssertIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1)); } + X509_STORE_free(str); + sk_X509_free(sk); + X509_free(cert1); + #ifdef HAVE_CRL - /* once feeing store */ - wolfSSL_X509_STORE_free(str); - str = NULL; - AssertNotNull(str = wolfSSL_X509_STORE_new()); AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile, @@ -28365,15 +28367,11 @@ static void test_wolfSSL_X509_LOOKUP_ctrl_file(void) "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED); } - -#endif - X509_free(issuer); - X509_STORE_CTX_free(ctx); - X509_free(x509Svr); + X509_STORE_free(str); - sk_X509_free(sk); - X509_free(x509Ca); - X509_free(cert1); + +#endif + printf(resultFmt, passed); #endif diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index dea8abaf8..dabc1e20a 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -9791,7 +9791,6 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) } } #endif - if (cert->srcIdx < cert->sigIndex) { #ifndef ALLOW_V1_EXTENSIONS if (cert->version < 2) { @@ -9820,7 +9819,6 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) /* advance past extensions */ cert->srcIdx = cert->sigIndex; } - if ((ret = GetAlgoId(cert->source, &cert->srcIdx, #ifdef WOLFSSL_CERT_REQ !cert->isCSR ? &confirmOID : &cert->signatureOID, From e73b06e797113c052e45bf07ad6e8159c131f769 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Sat, 6 Mar 2021 19:28:25 +0900 Subject: [PATCH 087/137] add comments and description to new function and API --- src/internal.c | 10 +++++++--- src/ssl.c | 43 +++++++++++++++++++++---------------------- wolfcrypt/src/asn.c | 7 +++---- 3 files changed, 31 insertions(+), 29 deletions(-) diff --git a/src/internal.c b/src/internal.c index feab76786..e131fe3a1 100644 --- a/src/internal.c +++ b/src/internal.c @@ -10576,8 +10576,12 @@ static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs) #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) -/* load certificate file which has .(r)N[0..N] in the folder */ +/* load certificate file which has the form .(r)N[0..N] */ +/* in the folder. */ /* (r), in the case of CRL file */ +/* @param store a pointer to X509_STORE structure */ +/* @param issuer a pointer to X509_NAME that presents issuer */ +/* @param type X509_LU_X509 or X509_LU_CRL */ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) { const int MAX_SUFFIX = 10; @@ -10599,8 +10603,8 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) WOLFSSL_ENTER("LoadCrlCertByIssuer"); /* sanity check */ - if (store == NULL || lookup->dirs == NULL || lookup->type != 1 - || (type != X509_LU_X509 && type != X509_LU_CRL)) { + if (store == NULL || issuer == NULL || lookup->dirs == NULL || + lookup->type != 1 || (type != X509_LU_X509 && type != X509_LU_CRL)) { return WOLFSSL_FAILURE; } diff --git a/src/ssl.c b/src/ssl.c index 9d86f16ba..c1d0811b3 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -26492,9 +26492,6 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, WOLFSSL_LEAVE("wolfSSL_X509_load_crl_file", ret); return ret; } - - - #endif /* !NO_FILESYSTEM */ @@ -41614,12 +41611,16 @@ static int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out, asn_out->length = (int)(dst - asn_out->data); return WOLFSSL_SUCCESS; } + /* this is to converts the x509 name structure into canonical DER format * , which has the following rules: * convert to UTF8 * convert to lower case * multi-spaces collapsed * leading SEQUENCE hader is skipped +* @param name a pointer to X509_NAME that is to be converted +* @param out a pointer to conveted data +* @return a number of converted bytes, otherwise <0 error code */ int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, unsigned char** out) { @@ -46301,7 +46302,7 @@ void wolfSSL_sk_SSL_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk) } #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) -/* WOLFSSL_BY_DIR_HASH stuff */ +/* create an instance of WOLFSSL_BY_DIR_HASH structure */ WOLFSSL_BY_DIR_HASH* wolfSSL_BY_DIR_HASH_new(void) { WOLFSSL_BY_DIR_HASH* dir_hash; @@ -46315,7 +46316,7 @@ WOLFSSL_BY_DIR_HASH* wolfSSL_BY_DIR_HASH_new(void) } return dir_hash; } - +/* release a WOLFSSL_BY_DIR_HASH resource */ void wolfSSL_BY_DIR_HASH_free(WOLFSSL_BY_DIR_HASH* dir_hash) { if (dir_hash == NULL) @@ -46323,7 +46324,7 @@ void wolfSSL_BY_DIR_HASH_free(WOLFSSL_BY_DIR_HASH* dir_hash) XFREE(dir_hash, NULL, DYNAMIC_TYPE_OPENSSL); } - +/* create an instance of WOLFSSL_STACK for STACK_TYPE_BY_DIR_hash */ WOLFSSL_STACK* wolfSSL_sk_BY_DIR_HASH_new_null(void) { WOLFSSL_STACK* sk = wolfSSL_sk_new_node(NULL); @@ -46361,7 +46362,7 @@ int wolfSSL_sk_BY_DIR_HASH_find( } return -1; } - +/* return a number of WOLFSSL_BY_DIR_HASH in stack */ int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk) { WOLFSSL_ENTER("wolfSSL_sk_WOLFSSL_BY_DIR_HASH_num"); @@ -46370,7 +46371,7 @@ int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk) return -1; return (int)sk->num; } - +/* return WOLFSSL_BY_DIR_HASH instance at i */ WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_value( const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk, int i) { @@ -46383,7 +46384,7 @@ WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_value( return NULL; return sk->data.dir_hash; } - +/* pop WOLFSSL_BY_DIR_HASH instance, and remove its node from stack */ WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_pop( WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk) { @@ -46414,7 +46415,8 @@ WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_pop( return hash; } - +/* release all contents in stack, and then release stack itself */ +/* it uses function when it is passed */ void wolfSSL_sk_BY_DIR_HASH_pop_free(WOLF_STACK_OF(BY_DIR_HASH)* sk, void (*f) (WOLFSSL_BY_DIR_HASH*)) { @@ -46451,13 +46453,11 @@ void wolfSSL_sk_BY_DIR_HASH_pop_free(WOLF_STACK_OF(BY_DIR_HASH)* sk, } XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL); } - +/* release all contents in stack, and then release stack itself */ void wolfSSL_sk_BY_DIR_HASH_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk) { wolfSSL_sk_BY_DIR_HASH_pop_free(sk, NULL); } - - /* Adds the WOLFSSL_BY_DIR_HASH to the stack "sk". "sk" takes control of "in" and * tries to free it when the stack is free'd. * @@ -46500,9 +46500,7 @@ int wolfSSL_sk_BY_DIR_HASH_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, return WOLFSSL_SUCCESS; } - - -/* WOLFSSL_BY_DIR_entry stuff */ +/* create an instance of WOLFSSL_BY_DIR_entry structure */ WOLFSSL_BY_DIR_entry* wolfSSL_BY_DIR_entry_new(void) { WOLFSSL_BY_DIR_entry* entry; @@ -46517,7 +46515,7 @@ WOLFSSL_BY_DIR_entry* wolfSSL_BY_DIR_entry_new(void) } return entry; } - +/* release a WOLFSSL_BY_DIR_entry resource */ void wolfSSL_BY_DIR_entry_free(WOLFSSL_BY_DIR_entry* entry) { WOLFSSL_ENTER("wolfSSL_BY_DIR_entry_free"); @@ -46547,7 +46545,7 @@ WOLFSSL_STACK* wolfSSL_sk_BY_DIR_entry_new_null(void) } return sk; } - +/* return a number of WOLFSSL_BY_DIR_entry in stack */ int wolfSSL_sk_BY_DIR_entry_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk) { WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_num"); @@ -46556,7 +46554,7 @@ int wolfSSL_sk_BY_DIR_entry_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk) return -1; return (int)sk->num; } - +/* return WOLFSSL_BY_DIR_entry instance at i */ WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_value( const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk, int i) { @@ -46569,7 +46567,7 @@ WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_value( return NULL; return sk->data.dir_entry; } - +/* pop WOLFSSL_BY_DIR_entry instance first, and remove its node from stack */ WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_pop( WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk) { @@ -46600,7 +46598,8 @@ WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_pop( return entry; } - +/* release all contents in stack, and then release stack itself */ +/* it uses function when it is passed */ void wolfSSL_sk_BY_DIR_entry_pop_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk, void (*f) (WOLFSSL_BY_DIR_entry*)) { @@ -46637,7 +46636,7 @@ void wolfSSL_sk_BY_DIR_entry_pop_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk, } XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL); } - +/* release all contents in stack, and then release stack itself */ void wolfSSL_sk_BY_DIR_entry_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry) *sk) { wolfSSL_sk_BY_DIR_entry_pop_free(sk, NULL); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index dabc1e20a..5c3f651df 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -9791,6 +9791,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) } } #endif + if (cert->srcIdx < cert->sigIndex) { #ifndef ALLOW_V1_EXTENSIONS if (cert->version < 2) { @@ -9819,6 +9820,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) /* advance past extensions */ cert->srcIdx = cert->sigIndex; } + if ((ret = GetAlgoId(cert->source, &cert->srcIdx, #ifdef WOLFSSL_CERT_REQ !cert->isCSR ? &confirmOID : &cert->signatureOID, @@ -13169,9 +13171,8 @@ int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType, return idx; } - /* -* this wrappes wc_EncodeName for EMAIL OID + * this wrappes wc_EncodeName for EMAIL OID */ int wc_EncodeName_cano(EncodedName* name, const char* nameStr, char nameType, byte type) @@ -13248,8 +13249,6 @@ int wc_EncodeName_cano(EncodedName* name, const char* nameStr, char nameType, return idx; } - - /* encode CertName into output, return total bytes written */ int SetName(byte* output, word32 outputSz, CertName* name) { From cb0f082e392b20bcc975032927135408204b8704 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Mon, 8 Mar 2021 09:31:42 +0900 Subject: [PATCH 088/137] simplified wc_EncodeName* --- wolfcrypt/src/asn.c | 106 +++++++++++++------------------------------- 1 file changed, 30 insertions(+), 76 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 5c3f651df..ed93c64f3 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -13048,11 +13048,11 @@ int FlattenAltNames(byte* output, word32 outputSz, const DNS_entry* names) * nameStr value to be encoded * nameType type of encoding i.e CTC_UTF8 * type id of attribute i.e ASN_COMMON_NAME - * + * emailType type of email i.e CTC_UTF8 * returns length on success */ -int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType, - byte type) +static int wc_EncodeName_ex(EncodedName* name, const char* nameStr, char nameType, + byte type, byte emailType) { word32 idx = 0; /* bottom up */ @@ -13127,11 +13127,12 @@ int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType, case ASN_EMAIL_NAME: { const byte EMAIL_OID[] = { - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16 + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01 }; /* email joint id */ XMEMCPY(name->encoded + idx, EMAIL_OID, sizeof(EMAIL_OID)); idx += (int)sizeof(EMAIL_OID); + name->encoded[idx++] = emailType; break; } @@ -13171,84 +13172,37 @@ int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType, return idx; } -/* - * this wrappes wc_EncodeName for EMAIL OID + +/* canonical encoding one attribute of the name (issuer/subject) + * call we_EncodeName_ex with CTC_UTF8 for email type + * + * name structure to hold result of encoding + * nameStr value to be encoded + * nameType type of encoding i.e CTC_UTF8 + * type id of attribute i.e ASN_COMMON_NAME + * + * returns length on success */ int wc_EncodeName_cano(EncodedName* name, const char* nameStr, char nameType, byte type) { - word32 idx = 0; - - if (nameStr) { - /* bottom up */ - byte firstLen[1 + MAX_LENGTH_SZ]; - byte secondLen[MAX_LENGTH_SZ]; - byte sequence[MAX_SEQ_SZ]; - byte set[MAX_SET_SZ]; - - int strLen = (int)XSTRLEN(nameStr); - int thisLen = strLen; - int firstSz, secondSz, seqSz, setSz; - - const byte EMAIL_OID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x09, 0x01, 0x0c }; - - if (type != ASN_EMAIL_NAME) { - return wc_EncodeName(name, nameStr, nameType, type); - } - - if (strLen == 0) { /* no user data for this item */ - name->used = 0; - return 0; - } - secondSz = SetLength(strLen, secondLen); - thisLen += secondSz; - thisLen += EMAIL_JOINT_LEN; - firstSz = EMAIL_JOINT_LEN; - thisLen++; /* id type */ - firstSz = SetObjectId(firstSz, firstLen); - thisLen += firstSz; - - seqSz = SetSequence(thisLen, sequence); - thisLen += seqSz; - setSz = SetSet(thisLen, set); - thisLen += setSz; - - if (thisLen > (int)sizeof(name->encoded)) { - return BUFFER_E; - } - - /* store it */ - idx = 0; - /* set */ - XMEMCPY(name->encoded, set, setSz); - idx += setSz; - /* seq */ - XMEMCPY(name->encoded + idx, sequence, seqSz); - idx += seqSz; - /* asn object id */ - XMEMCPY(name->encoded + idx, firstLen, firstSz); - idx += firstSz; - /* email joint id */ - XMEMCPY(name->encoded + idx, EMAIL_OID, sizeof(EMAIL_OID)); - idx += (int)sizeof(EMAIL_OID); - /* second length */ - XMEMCPY(name->encoded + idx, secondLen, secondSz); - idx += secondSz; - /* str value */ - XMEMCPY(name->encoded + idx, nameStr, strLen); - idx += strLen; - - name->type = type; - name->totalLen = idx; - name->used = 1; - } - else - name->used = 0; - - return idx; + return wc_EncodeName_ex(name, nameStr, nameType, type, 0x0c/* CTC_UTF8 */); } +/* Encodes one attribute of the name (issuer/subject) + * call we_EncodeName_ex with 0x16, IA5String for email type + * name structure to hold result of encoding + * nameStr value to be encoded + * nameType type of encoding i.e CTC_UTF8 + * type id of attribute i.e ASN_COMMON_NAME + * + * returns length on success + */ +int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType, + byte type) +{ + return wc_EncodeName_ex(name, nameStr, nameType, type, 0x16); +} /* encode CertName into output, return total bytes written */ int SetName(byte* output, word32 outputSz, CertName* name) { From a13784abe1e987405279b00fdd685e90f5748ca2 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Tue, 9 Mar 2021 08:08:43 +0900 Subject: [PATCH 089/137] fixed jenkins failure --- src/internal.c | 5 +++-- src/ssl.c | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/internal.c b/src/internal.c index e131fe3a1..6c006cd05 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1821,8 +1821,9 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) } XMEMSET(ctx->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); /* WOLFSS_X509_LOOKUP */ - if ((ctx->x509_store.lookup.dirs = (WOLFSSL_BY_DIR*)XMALLOC(sizeof(WOLFSSL_BY_DIR), - ctx->heap, DYNAMIC_TYPE_OPENSSL)) == NULL) { + if ((ctx->x509_store.lookup.dirs = + (WOLFSSL_BY_DIR*)XMALLOC(sizeof(WOLFSSL_BY_DIR), + heap, DYNAMIC_TYPE_OPENSSL)) == NULL) { WOLFSSL_MSG("ctx-x509_store.lookup.dir memory allocation error"); return MEMORY_E; } diff --git a/src/ssl.c b/src/ssl.c index c1d0811b3..33f36f7e6 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -24979,6 +24979,7 @@ int wolfSSL_X509_LOOKUP_ctrl(WOLFSSL_X509_LOOKUP *ctx, int cmd, (void)argl; (void)ret; (void)cmd; + (void)x509AddCertDir; lret = WOLFSSL_NOT_IMPLEMENTED; #endif return lret; From 2d79578eda702a4eb40a44a2ef4e82657cdefb01 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Tue, 9 Mar 2021 11:54:48 +0900 Subject: [PATCH 090/137] addressed jenkins failure fix missing mutex initialization --- src/internal.c | 46 ++++++++++++++++++++++--------------- src/ssl.c | 4 ++++ wolfssl/wolfcrypt/wc_port.h | 2 ++ 3 files changed, 34 insertions(+), 18 deletions(-) diff --git a/src/internal.c b/src/internal.c index 6c006cd05..806157809 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1828,6 +1828,11 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) return MEMORY_E; } XMEMSET(ctx->x509_store.lookup.dirs, 0, sizeof(WOLFSSL_BY_DIR)); + if (wc_InitMutex(&ctx->x509_store.lookup.dirs->lock) != 0) { + WOLFSSL_MSG("Bad mutex init"); + XFREE(ctx->x509_store.lookup.dirs, heap, DYNAMIC_TYPE_OPENSSL); + return BAD_MUTEX_E; + } #endif #endif @@ -10653,7 +10658,8 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) return MEMORY_E; } - if (type == X509_LU_CRL && entry->hashes != NULL) { + if (type == X509_LU_CRL && entry->hashes != NULL && + wolfSSL_sk_BY_DIR_HASH_num(entry->hashes) > 0) { /* lock the list */ if (wc_LockMutex(&lookup->dirs->lock) != 0) { WOLFSSL_MSG("wc_LockMutex cdir Lock error"); @@ -10696,7 +10702,6 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) else if (type == X509_LU_CRL) { ret = wolfSSL_X509_load_crl_file(&store->lookup, filename, WOLFSSL_FILETYPE_PEM); - printf("return load crl file %d\n", ret); if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("failed to load CRL\n"); break; @@ -10713,24 +10718,29 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) break; } - if (type == X509_LU_CRL) { - if (wc_LockMutex(&lookup->dirs->lock) != 0) { - WOLFSSL_MSG("wc_LockMutex cdir Lock error"); - return BAD_MUTEX_E; - } - if (ph == NULL) { - ph = wolfSSL_BY_DIR_HASH_new(); - if (ph == NULL) { - WOLFSSL_MSG("failed to allocate hash stack"); - ret = WOLFSSL_FAILURE; - } else { - ph->hash_value = hash; - ph->last_suffix = suffix; - - ret = wolfSSL_sk_BY_DIR_HASH_push(entry->hashes, ph); + if (suffix == MAX_SUFFIX) { + WOLFSSL_MSG("not found file"); + ret = WOLFSSL_FAILURE; + } else { + if (type == X509_LU_CRL) { + if (wc_LockMutex(&lookup->dirs->lock) != 0) { + WOLFSSL_MSG("wc_LockMutex cdir Lock error"); + return BAD_MUTEX_E; } + if (ph == NULL) { + ph = wolfSSL_BY_DIR_HASH_new(); + if (ph == NULL) { + WOLFSSL_MSG("failed to allocate hash stack"); + ret = WOLFSSL_FAILURE; + } else { + ph->hash_value = hash; + ph->last_suffix = suffix; + + ret = wolfSSL_sk_BY_DIR_HASH_push(entry->hashes, ph); + } + } + wc_UnLockMutex(&lookup->dirs->lock); } - wc_UnLockMutex(&lookup->dirs->lock); } XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL); diff --git a/src/ssl.c b/src/ssl.c index 33f36f7e6..e640cb7ae 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -25858,6 +25858,10 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void) goto err_exit; } XMEMSET(store->lookup.dirs, 0, sizeof(WOLFSSL_BY_DIR)); + if (wc_InitMutex(&store->lookup.dirs->lock) != 0) { + WOLFSSL_MSG("Bad mutex init"); + goto err_exit; + } #endif return store; diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 36c858f53..e91e64d25 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -679,6 +679,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #if !defined(NO_WOLFSSL_DIR)\ && !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) #if defined(USE_WINDOWS_API) + #include #define XSTAT _stat #define SEPARATOR_CHAR ';' #elif defined(WOLFSSL_ZEPHYR) @@ -730,6 +731,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #ifdef USE_WINDOWS_API WIN32_FIND_DATAA FindFileData; HANDLE hFind; + struct XSTAT s; #elif defined(WOLFSSL_ZEPHYR) struct fs_dirent entry; struct fs_dir_t dir; From f9c9de585570dc128ee29c86d8a27fc3be05e925 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Wed, 10 Mar 2021 23:33:18 +0900 Subject: [PATCH 091/137] free Mutex --- src/internal.c | 2 ++ src/ssl.c | 1 + 2 files changed, 3 insertions(+) diff --git a/src/internal.c b/src/internal.c index 806157809..3bb4c8eb7 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1990,7 +1990,9 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) if (ctx->x509_store.lookup.dirs->dir_entry) { wolfSSL_sk_BY_DIR_entry_free(ctx->x509_store.lookup.dirs->dir_entry); } + #endif + wc_FreeMutex(&ctx->x509_store.lookup.dirs->lock); XFREE(ctx->x509_store.lookup.dirs, ctx->heap, DYNAMIC_TYPE_OPENSSL); } #endif diff --git a/src/ssl.c b/src/ssl.c index e640cb7ae..9e3ddef3a 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -25894,6 +25894,7 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) wolfSSL_sk_BY_DIR_entry_free(store->lookup.dirs->dir_entry); } #endif + wc_FreeMutex(&store->lookup.dirs->lock); XFREE(store->lookup.dirs, NULL, DYNAMIC_TYPE_OPENSSL); store->lookup.dirs = NULL; } From 4650aaf4fbfbfb25bd3bd2d55dc16a53bbb9b94a Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Thu, 11 Mar 2021 15:43:54 +0900 Subject: [PATCH 092/137] addressed review comments part 1 --- examples/client/client.c | 14 ++--- examples/server/server.c | 14 ++--- src/crl.c | 2 +- src/internal.c | 66 ++++++++++++---------- src/ssl.c | 109 +++++++++++++++++++++++++++--------- tests/api.c | 2 +- wolfcrypt/src/asn.c | 4 +- wolfcrypt/src/wc_port.c | 2 +- wolfssl/internal.h | 2 +- wolfssl/wolfcrypt/asn.h | 2 +- wolfssl/wolfcrypt/wc_port.h | 2 + 11 files changed, 142 insertions(+), 77 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index 11f2c92b6..1944ea447 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1121,7 +1121,7 @@ static const char* client_usage_msg[][67] = { "-8 Use X448 for key exchange\n", /* 66 */ #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) "-9 Use hash dir look up for certificate loading\n" " loading from /certs folder\n" @@ -1306,7 +1306,7 @@ static const char* client_usage_msg[][67] = { "-8 Use X448 for key exchange\n", /* 66 */ #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) "-9 証明書の読み込みに hash dir 機能を使用する\n" " /certs フォルダーからロードします\n" @@ -1488,7 +1488,7 @@ static void Usage(void) printf("%s", msg[++msgid]); /* -8 */ #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) printf("%s", msg[++msgid]); /* -9 */ #endif @@ -1627,7 +1627,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) const char* wnrConfigFile = wnrConfig; #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) int useCertFolder = 0; #endif @@ -2193,7 +2193,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) break; case '9' : #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) useCertFolder = 1; break; @@ -2658,7 +2658,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (!usePsk && !useAnon && !useVerifyCb && myVerifyAction != VERIFY_FORCE_FAIL) { #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) if (useCertFolder) { WOLFSSL_X509_STORE *store; @@ -2728,7 +2728,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } #endif /* WOLFSSL_TRUST_PEER_CERT && !NO_FILESYSTEM */ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) } #endif diff --git a/examples/server/server.c b/examples/server/server.c index 092f86345..ae5fe4eab 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -707,7 +707,7 @@ static const char* server_usage_msg[][57] = { "-8 Pre-generate Key share using Curve448 only\n", /* 56 */ #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) "-9 Use hash dir look up for certificate loading\n" " loading from /certs folder\n" @@ -850,7 +850,7 @@ static const char* server_usage_msg[][57] = { "-8 Pre-generate Key share using Curve448 only\n", /* 56 */ #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) "-9 証明書の読み込みに hash dir 機能を使用する\n" " /certs フォルダーからロードします\n" @@ -991,7 +991,7 @@ static void Usage(void) printf("%s", msg[++msgId]); /* -8 */ #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) printf("%s", msg[++msgId]); /* -9 */ #endif @@ -1153,7 +1153,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) int disallowETM = 0; #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) int useCertFolder = 0; #endif @@ -1653,7 +1653,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) break; case '9' : #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) useCertFolder = 1; break; @@ -2049,7 +2049,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY; #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) if (useCertFolder) { WOLFSSL_X509_STORE *store; @@ -2086,7 +2086,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) } #endif /* WOLFSSL_TRUST_PEER_CERT */ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) } #endif diff --git a/src/crl.c b/src/crl.c index 5d6c7da61..fd96c4390 100644 --- a/src/crl.c +++ b/src/crl.c @@ -365,7 +365,7 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert) #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) if (foundEntry == 0) { if (crl->cm->x509_store_p != NULL) { diff --git a/src/internal.c b/src/internal.c index 3bb4c8eb7..01e905de7 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1820,16 +1820,18 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) return MEMORY_E; } XMEMSET(ctx->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); - /* WOLFSS_X509_LOOKUP */ + /* WOLFSSL_X509_LOOKUP */ if ((ctx->x509_store.lookup.dirs = (WOLFSSL_BY_DIR*)XMALLOC(sizeof(WOLFSSL_BY_DIR), heap, DYNAMIC_TYPE_OPENSSL)) == NULL) { WOLFSSL_MSG("ctx-x509_store.lookup.dir memory allocation error"); + XFREE(ctx->param, heap, DYNAMIC_TYPE_OPENSSL); return MEMORY_E; } XMEMSET(ctx->x509_store.lookup.dirs, 0, sizeof(WOLFSSL_BY_DIR)); if (wc_InitMutex(&ctx->x509_store.lookup.dirs->lock) != 0) { WOLFSSL_MSG("Bad mutex init"); + XFREE(ctx->param, heap, DYNAMIC_TYPE_OPENSSL); XFREE(ctx->x509_store.lookup.dirs, heap, DYNAMIC_TYPE_OPENSSL); return BAD_MUTEX_E; } @@ -10582,17 +10584,18 @@ static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs) } } #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) -/* load certificate file which has the form .(r)N[0..N] */ -/* in the folder. */ -/* (r), in the case of CRL file */ -/* @param store a pointer to X509_STORE structure */ -/* @param issuer a pointer to X509_NAME that presents issuer */ -/* @param type X509_LU_X509 or X509_LU_CRL */ +/* load certificate file which has the form .(r)N[0..N] */ +/* in the folder. */ +/* (r), in the case of CRL file */ +/* @param store a pointer to X509_STORE structure */ +/* @param issuer a pointer to X509_NAME that presents an issuer */ +/* @param type X509_LU_X509 or X509_LU_CRL */ +/* @return WOLFSSL_SUCCESS on successful, otherwise WOLFSSL_FAILURE */ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) { - const int MAX_SUFFIX = 10; + const int MAX_SUFFIX = 10;/* The number comes from CA_TABLE_SIZE=10 */ int ret = WOLFSSL_SUCCESS; WOLFSSL_X509_LOOKUP* lookup = &store->lookup; WOLFSSL_BY_DIR_entry* entry; @@ -10622,7 +10625,7 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) retHash = wc_ShaHash((const byte*)pbuf, len, dgt); #endif if (retHash == 0) { - /* 4 bytes in small endian as unsigned long */ + /* 4 bytes in little endian as unsigned long */ hash = (((unsigned long)dgt[3] << 24) | ((unsigned long)dgt[2] << 16) | ((unsigned long)dgt[1] << 8) | @@ -10635,7 +10638,7 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) } /* try to load each hashed name file in path */ -#if !defined(NO_FILESYSTE) && !defined(NO_WOLFSSL_DIR) +#if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) if (type == X509_LU_CRL) { post = "r"; @@ -10646,19 +10649,6 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) for (i=0; idirs->dir_entry, i); - /*/.(r)N\0 */ - /*112345678 1 1 1 1 => 13 */ - len = (int)XSTRLEN(entry->dir_name) + 13; - - if (filename != NULL) { - XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL); - } - - filename = (char*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL); - if (filename == NULL) { - WOLFSSL_MSG("memory allcation error"); - return MEMORY_E; - } if (type == X509_LU_CRL && entry->hashes != NULL && wolfSSL_sk_BY_DIR_HASH_num(entry->hashes) > 0) { @@ -10682,7 +10672,25 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) wc_UnLockMutex(&lookup->dirs->lock); } - for (; suffix < MAX_SUFFIX;suffix++) { + /* Additional buffer length for file name memory allocation : */ + /* / .(r)N\0 */ + /*|1| 8 |1|1|1|1| => 13 */ + len = (int)XSTRLEN(entry->dir_name) + 13; + if (filename != NULL) { + XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL); + } + + filename = (char*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL); + if (filename == NULL) { + WOLFSSL_MSG("memory allocation error"); + return MEMORY_E; + } + + /* set as FAILURE, if successfuly loading cert of CRL, this becomes */ + /* WOLFSSL_SUCCESS */ + ret = WOLFSSL_FAILURE; + + for (; suffix < MAX_SUFFIX; suffix++) { /* /folder-path/.(r)N[0..9] */ XSNPRINTF(filename, len, "%s/%08lx.%s%d", entry->dir_name, hash, post, suffix); @@ -10720,7 +10728,7 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) break; } - if (suffix == MAX_SUFFIX) { + if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("not found file"); ret = WOLFSSL_FAILURE; } else { @@ -11291,7 +11299,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, !ssl->options.verifyNone ? VERIFY : NO_VERIFY, &subjectHash, &alreadySigner); #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) if (ret == ASN_NO_SIGNER_E) { WOLFSSL_MSG("try to load certificate if hash dir is set"); @@ -11312,7 +11320,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, !ssl->options.verifyNone ? VERIFY : NO_VERIFY, &subjectHash, &alreadySigner); } else - ret = ASN_NO_SIGNER_E; + ret = ASN_NO_SIGNER_E; } #endif #ifdef WOLFSSL_ASYNC_CRYPT @@ -11509,7 +11517,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, !ssl->options.verifyNone ? VERIFY : NO_VERIFY, &subjectHash, &alreadySigner); #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) if (ret == ASN_NO_SIGNER_E) { WOLFSSL_MSG("try to load certificate if hash dir is set"); diff --git a/src/ssl.c b/src/ssl.c index 9e3ddef3a..ac8cef9fb 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -24829,6 +24829,13 @@ WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_file(void) return &meth; } +/* set directory path to load certificate or CRL which have the hash.N form */ +/* for late use */ +/* @param ctx a pointer to WOLFSSL_BY_DIR structure */ +/* @param argc directory path */ +/* @param argl file type, either WOLFSSL_FILETYPE_PEM or */ +/* WOLFSSL_FILETYPE_ASN1 */ +/* @return WOLFSSL_SUCCESS on successful, othewise negative or zero */ static int x509AddCertDir(void *p, const char *argc, long argl) { WOLFSSL_ENTER("x509AddCertDir"); @@ -24885,6 +24892,9 @@ static int x509AddCertDir(void *p, const char *argc, long argl) if (ctx->dir_entry == NULL) { WOLFSSL_MSG("failed to allocate dir_entry"); + #ifdef WOLFSSL_SMALL_STACK + XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL); + #endif return 0; } } @@ -24892,6 +24902,9 @@ static int x509AddCertDir(void *p, const char *argc, long argl) entry = wolfSSL_BY_DIR_entry_new(); if (entry == NULL) { WOLFSSL_MSG("failed to allocate dir entry"); + #ifdef WOLFSSL_SMALL_STACK + XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL); + #endif return 0; } entry->dir_type = (int)argl; @@ -24901,6 +24914,9 @@ static int x509AddCertDir(void *p, const char *argc, long argl) if (entry->dir_name == NULL || entry->hashes == NULL) { WOLFSSL_MSG("failed to allocate dir name"); wolfSSL_BY_DIR_entry_free(entry); + #ifdef WOLFSSL_SMALL_STACK + XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL); + #endif return 0; } @@ -24910,6 +24926,9 @@ static int x509AddCertDir(void *p, const char *argc, long argl) if (wolfSSL_sk_BY_DIR_entry_push(ctx->dir_entry, entry) != WOLFSSL_SUCCESS) { wolfSSL_BY_DIR_entry_free(entry); + #ifdef WOLFSSL_SMALL_STACK + XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL); + #endif return 0; } } @@ -24935,20 +24954,25 @@ static int x509AddCertDir(void *p, const char *argc, long argl) #endif } +/* set additional data to X509_LOOKUP */ +/* @param ctx a pointer to X509_LOOKUP structure */ +/* @param cmd control command : */ +/* X509_L_FILE_LOAD, X509_L_ADD_DIR X509_L_ADD_STORE or */ +/* X509_L_LOAD_STORE */ +/* @param argc arguments for the control command */ +/* @param argl arguments for the control command */ +/* @param **ret return value of the control command */ +/* @return WOLFSSL_SUCCESS on successful, othewise WOLFSSL_FAILURE */ +/* note: WOLFSSL_X509_L_ADD_STORE and WOLFSSL_X509_L_LOAD_STORE have not*/ +/* yet implemented. It retutns WOLFSSL_NOT_IMPLEMENTED */ +/* when those control commands are passed. */ int wolfSSL_X509_LOOKUP_ctrl(WOLFSSL_X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret) { - /* control commands: - * X509_L_FILE_LOAD, X509_L_ADD_DIR - * X509_L_ADD_STORE, X509_L_LOAD_STORE - */ int lret = WOLFSSL_FAILURE; WOLFSSL_ENTER("wolfSSL_X509_LOOKUP_ctrl"); #if !defined(NO_FILESYSTEM) - /* returns FAILURE - *if the X509_LOOKUP doesn't have an associated X509_LOOKUP_METHOD */ - if (ctx != NULL) { switch (cmd) { case WOLFSSL_X509_L_FILE_LOAD: @@ -24990,7 +25014,7 @@ WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store, WOLFSSL_X509_LOOKUP_METHOD* m) { WOLFSSL_ENTER("SSL_X509_STORE_add_lookup"); - if (store == NULL) + if (store == NULL || m == NULL) return NULL; /* Make sure the lookup has a back reference to the store. */ @@ -26311,7 +26335,11 @@ WOLFSSL_X509 *wolfSSL_d2i_X509_fp(XFILE fp, WOLFSSL_X509 **x509) WOLFSSL_ENTER("wolfSSL_d2i_X509_fp"); return (WOLFSSL_X509 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)x509, CERT_TYPE); } - +/* load certificate or CRL file, and add it to the STORE */ +/* @param ctx a pointer to X509_LOOKUP structure */ +/* @param file file name to load */ +/* @param type WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1 */ +/* @return a number of loading CRL or certificate, otherwise zero */ WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx, const char *file, int type) { @@ -26324,8 +26352,14 @@ WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx, int cnt = 0; int num = 0; - WOLFSSL_ENTER("wolfSSL_X509_load_ceretificate_crl_file"); - + WOLFSSL_ENTER("wolfSSL_X509_load_cert_crl_file"); + + /* stanity check */ + if (ctx == NULL || file == NULL) { + WOLFSSL_MSG("bad arguments"); + return 0; + } + if (type != WOLFSSL_FILETYPE_PEM) { x509 = wolfSSL_X509_load_certificate_file(file, type); if (x509 != NULL) { @@ -41558,6 +41592,14 @@ static int ConvertNIDToWolfSSL(int nid) } #if defined(OPENSSL_ALL) +/* Convert ASN1 input string into canonical ASN1 string */ +/* , which has the following rules: */ +/* convert to UTF8 */ +/* convert to lower case */ +/* multi-spaces collapsed */ +/* @param asn_out a pointer to ASN1_STRING to be converted */ +/* @param asn_in a pointer to input ASN1_STRING */ +/* @return WOLFSSL_SUCCESS on successful converted, otherwise <=0 error code*/ static int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out, const WOLFSSL_ASN1_STRING* asn_in) { @@ -41565,6 +41607,14 @@ static int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out, char* src; int i, len; + WOLFSSL_ENTER("wolfSSL_ASN1_STRING_canon"); + + /* sanity check */ + if (asn_out == NULL || asn_in == NULL) { + WOLFSSL_MSG("invalid function arguments"); + return BAD_FUNC_ARG; + } + switch (asn_in->type) { case MBSTRING_UTF8: case V_ASN1_PRINTABLESTRING: @@ -41594,7 +41644,7 @@ static int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out, for (; (len > 0 && XISSPACE(*dst));len--) { dst--; } - for (; (len > 0 && XISSPACE(*src));len--){ + for (; (len > 0 && XISSPACE(*src));len--) { src++; } @@ -41618,16 +41668,15 @@ static int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out, return WOLFSSL_SUCCESS; } -/* this is to converts the x509 name structure into canonical DER format -* , which has the following rules: -* convert to UTF8 -* convert to lower case -* multi-spaces collapsed -* leading SEQUENCE hader is skipped -* @param name a pointer to X509_NAME that is to be converted -* @param out a pointer to conveted data -* @return a number of converted bytes, otherwise <0 error code -*/ +/* This is to convert the x509 name structure into canonical DER format */ +/* , which has the following rules: */ +/* convert to UTF8 */ +/* convert to lower case */ +/* multi-spaces collapsed */ +/* leading SEQUENCE hader is skipped */ +/* @param name a pointer to X509_NAME that is to be converted */ +/* @param out a pointer to conveted data */ +/* @return a number of converted bytes, otherwise <=0 error code */ int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, unsigned char** out) { int totalBytes = 0, i, idx; @@ -41661,8 +41710,12 @@ int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, unsigned char** out) WOLFSSL_ASN1_STRING* cano_data; cano_data = wolfSSL_ASN1_STRING_new(); - if (cano_data == NULL) + if (cano_data == NULL) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif return MEMORY_E; + } data = wolfSSL_X509_NAME_ENTRY_get_data(entry); if (data == NULL) { @@ -41678,7 +41731,7 @@ int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, unsigned char** out) } nameStr = (const char*)wolfSSL_ASN1_STRING_data(cano_data); - ret = wc_EncodeName_cano(&names[i], nameStr, CTC_UTF8, + ret = wc_EncodeNameCanonical(&names[i], nameStr, CTC_UTF8, ConvertNIDToWolfSSL(entry->nid)); if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK @@ -46371,7 +46424,7 @@ int wolfSSL_sk_BY_DIR_HASH_find( /* return a number of WOLFSSL_BY_DIR_HASH in stack */ int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk) { - WOLFSSL_ENTER("wolfSSL_sk_WOLFSSL_BY_DIR_HASH_num"); + WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_num"); if (sk == NULL) return -1; @@ -46421,8 +46474,10 @@ WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_pop( return hash; } -/* release all contents in stack, and then release stack itself */ -/* it uses function when it is passed */ +/* release all contents in stack, and then release stack itself. */ +/* Second argument is a function pointer to release resouces. */ +/* It calls the function to release resouces when t is passed */ +/* instead of wolfSSL_BY_DIR_HASH_free(). */ void wolfSSL_sk_BY_DIR_HASH_pop_free(WOLF_STACK_OF(BY_DIR_HASH)* sk, void (*f) (WOLFSSL_BY_DIR_HASH*)) { diff --git a/tests/api.c b/tests/api.c index 823c4033b..8f7b7121b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -28104,7 +28104,7 @@ static void test_wolfSSL_X509_Name_canon(void) #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_SHA) && \ defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) const long ex_hash1 = 0x0fdb2da4; const long ex_hash2 = 0x9f3e8c9e; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index ed93c64f3..c2af80e85 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -13174,7 +13174,7 @@ static int wc_EncodeName_ex(EncodedName* name, const char* nameStr, char nameTyp } /* canonical encoding one attribute of the name (issuer/subject) - * call we_EncodeName_ex with CTC_UTF8 for email type + * call wc_EncodeName_ex with CTC_UTF8 for email type * * name structure to hold result of encoding * nameStr value to be encoded @@ -13183,7 +13183,7 @@ static int wc_EncodeName_ex(EncodedName* name, const char* nameStr, char nameTyp * * returns length on success */ -int wc_EncodeName_cano(EncodedName* name, const char* nameStr, char nameType, +int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr, char nameType, byte type) { return wc_EncodeName_ex(name, nameStr, nameType, type, 0x0c/* CTC_UTF8 */); diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index aada029ae..3a30d198a 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -427,7 +427,7 @@ int wc_FileExists(const char* fname) if (XSTAT(fname, &ctx.s) != 0) { WOLFSSL_MSG("stat on name failed"); return BAD_PATH_ERROR; - }else + } else #if defined(USE_WINDOWS_API) if (ctx.s.st_mode & _S_IFREG) { return 0; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 2b5a492b3..14a95d165 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -4819,7 +4819,7 @@ WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey); #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) WOLFSSL_LOCAL int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int Type); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 1ad8176b2..446148a7a 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1173,7 +1173,7 @@ WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn); WOLFSSL_LOCAL int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType, byte type); -WOLFSSL_LOCAL int wc_EncodeName_cano(EncodedName* name, const char* nameStr, +WOLFSSL_LOCAL int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr, char nameType, byte type); /* ASN.1 helper functions */ #ifdef WOLFSSL_CERT_GEN diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index e91e64d25..3da8f90c8 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -684,8 +684,10 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define SEPARATOR_CHAR ';' #elif defined(WOLFSSL_ZEPHYR) #define XSTAT fs_stat + #define SEPARATOR_CHAR ':' #elif defined(WOLFSSL_TELIT_M2MB) #define XSTAT m2mb_fs_stat + #define SEPARATOR_CHAR ':' #else #include #include From 84368eed3f19ea24054a6c59ce8bb9095c93e9e6 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Thu, 11 Mar 2021 16:51:36 +0900 Subject: [PATCH 093/137] addressed review comment part 2 moving BY_DIR_xxx functions to internal --- src/internal.c | 387 +++++++++++++++++++++++++++++++++++++++++++++ src/ssl.c | 386 -------------------------------------------- tests/api.c | 153 +----------------- wolfssl/internal.h | 31 ++++ wolfssl/ssl.h | 32 ---- 5 files changed, 419 insertions(+), 570 deletions(-) diff --git a/src/internal.c b/src/internal.c index 01e905de7..74e0dd2f2 100644 --- a/src/internal.c +++ b/src/internal.c @@ -31601,6 +31601,393 @@ int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment) return maxFragment; } +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) +/* create an instance of WOLFSSL_BY_DIR_HASH structure */ +WOLFSSL_BY_DIR_HASH* wolfSSL_BY_DIR_HASH_new(void) +{ + WOLFSSL_BY_DIR_HASH* dir_hash; + + WOLFSSL_ENTER("wolfSSL_BY_DIR_HASH_new"); + + dir_hash = (WOLFSSL_BY_DIR_HASH*)XMALLOC(sizeof(WOLFSSL_BY_DIR_HASH), NULL, + DYNAMIC_TYPE_OPENSSL); + if (dir_hash) { + XMEMSET(dir_hash, 0, sizeof(WOLFSSL_BY_DIR_HASH)); + } + return dir_hash; +} +/* release a WOLFSSL_BY_DIR_HASH resource */ +void wolfSSL_BY_DIR_HASH_free(WOLFSSL_BY_DIR_HASH* dir_hash) +{ + if (dir_hash == NULL) + return; + + XFREE(dir_hash, NULL, DYNAMIC_TYPE_OPENSSL); +} +/* create an instance of WOLFSSL_STACK for STACK_TYPE_BY_DIR_hash */ +WOLFSSL_STACK* wolfSSL_sk_BY_DIR_HASH_new_null(void) +{ + WOLFSSL_STACK* sk = wolfSSL_sk_new_node(NULL); + + WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_new_null"); + + if (sk) { + sk->type = STACK_TYPE_BY_DIR_hash; + } + return sk; +} + +/* returns value less than 0 on fail to match + * On a successful match the priority level found is returned + */ +int wolfSSL_sk_BY_DIR_HASH_find( + WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, const WOLFSSL_BY_DIR_HASH* toFind) +{ + WOLFSSL_STACK* next; + int i, sz; + + WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_find"); + + if (sk == NULL || toFind == NULL) { + return WOLFSSL_FAILURE; + } + + sz = wolfSSL_sk_BY_DIR_HASH_num(sk); + next = sk; + for (i = 0; i < sz && next != NULL; i++) { + if (next->data.dir_hash->hash_value == toFind->hash_value) { + return sz - i; /* reverse because stack pushed highest on first */ + } + next = next->next; + } + return -1; +} +/* return a number of WOLFSSL_BY_DIR_HASH in stack */ +int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk) +{ + WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_num"); + + if (sk == NULL) + return -1; + return (int)sk->num; +} +/* return WOLFSSL_BY_DIR_HASH instance at i */ +WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_value( + const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk, int i) +{ + WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_value"); + + for (; sk != NULL && i > 0; i--) + sk = sk->next; + + if (i != 0 || sk == NULL) + return NULL; + return sk->data.dir_hash; +} +/* pop WOLFSSL_BY_DIR_HASH instance, and remove its node from stack */ +WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_pop( + WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk) +{ + WOLFSSL_STACK* node; + WOLFSSL_BY_DIR_HASH* hash; + + WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_pop"); + + if (sk == NULL) { + return NULL; + } + + node = sk->next; + hash = sk->data.dir_hash; + + if (node != NULL) { /* update sk and remove node from stack */ + sk->data.dir_hash = node->data.dir_hash; + sk->next = node->next; + wolfSSL_sk_free_node(node); + } + else { /* last x509 in stack */ + sk->data.dir_hash = NULL; + } + + if (sk->num > 0) { + sk->num -= 1; + } + + return hash; +} +/* release all contents in stack, and then release stack itself. */ +/* Second argument is a function pointer to release resouces. */ +/* It calls the function to release resouces when t is passed */ +/* instead of wolfSSL_BY_DIR_HASH_free(). */ +void wolfSSL_sk_BY_DIR_HASH_pop_free(WOLF_STACK_OF(BY_DIR_HASH)* sk, + void (*f) (WOLFSSL_BY_DIR_HASH*)) +{ + WOLFSSL_STACK* node; + + WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_pop_free"); + + if (sk == NULL) { + return; + } + + /* parse through stack freeing each node */ + node = sk->next; + while (node && sk->num > 1) { + WOLFSSL_STACK* tmp = node; + node = node->next; + + if (f) + f(tmp->data.dir_hash); + else + wolfSSL_BY_DIR_HASH_free(tmp->data.dir_hash); + tmp->data.dir_hash = NULL; + XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); + sk->num -= 1; + } + + /* free head of stack */ + if (sk->num == 1) { + if (f) + f(sk->data.dir_hash); + else + wolfSSL_BY_DIR_HASH_free(sk->data.dir_hash); + sk->data.dir_hash = NULL; + } + XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL); +} +/* release all contents in stack, and then release stack itself */ +void wolfSSL_sk_BY_DIR_HASH_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk) +{ + wolfSSL_sk_BY_DIR_HASH_pop_free(sk, NULL); +} +/* Adds the WOLFSSL_BY_DIR_HASH to the stack "sk". "sk" takes control of "in" and + * tries to free it when the stack is free'd. + * + * return 1 on success 0 on fail + */ +int wolfSSL_sk_BY_DIR_HASH_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, + WOLFSSL_BY_DIR_HASH* in) +{ + WOLFSSL_STACK* node; + + WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_push"); + + if (sk == NULL || in == NULL) { + return WOLFSSL_FAILURE; + } + + /* no previous values in stack */ + if (sk->data.dir_hash == NULL) { + sk->data.dir_hash = in; + sk->num += 1; + return WOLFSSL_SUCCESS; + } + + /* stack already has value(s) create a new node and add more */ + node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL, + DYNAMIC_TYPE_OPENSSL); + if (node == NULL) { + WOLFSSL_MSG("Memory error"); + return WOLFSSL_FAILURE; + } + XMEMSET(node, 0, sizeof(WOLFSSL_STACK)); + + /* push new obj onto head of stack */ + node->data.dir_hash = sk->data.dir_hash; + node->next = sk->next; + node->type = sk->type; + sk->next = node; + sk->data.dir_hash = in; + sk->num += 1; + + return WOLFSSL_SUCCESS; +} +/* create an instance of WOLFSSL_BY_DIR_entry structure */ +WOLFSSL_BY_DIR_entry* wolfSSL_BY_DIR_entry_new(void) +{ + WOLFSSL_BY_DIR_entry* entry; + + WOLFSSL_ENTER("wolfSSL_BY_DIR_entry_new"); + + entry = (WOLFSSL_BY_DIR_entry*)XMALLOC(sizeof(WOLFSSL_BY_DIR_entry), NULL, + DYNAMIC_TYPE_OPENSSL); + + if (entry) { + XMEMSET(entry, 0, sizeof(WOLFSSL_BY_DIR_entry)); + } + return entry; +} +/* release a WOLFSSL_BY_DIR_entry resource */ +void wolfSSL_BY_DIR_entry_free(WOLFSSL_BY_DIR_entry* entry) +{ + WOLFSSL_ENTER("wolfSSL_BY_DIR_entry_free"); + + if (entry == NULL) + return; + + if (entry->hashes) { + wolfSSL_sk_BY_DIR_HASH_free(entry->hashes); + } + + if (entry->dir_name != NULL) { + XFREE(entry->dir_name, NULL, DYNAMIC_TYPE_OPENSSL); + } + + XFREE(entry, NULL, DYNAMIC_TYPE_OPENSSL); +} + +WOLFSSL_STACK* wolfSSL_sk_BY_DIR_entry_new_null(void) +{ + WOLFSSL_STACK* sk = wolfSSL_sk_new_node(NULL); + + WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_new_null"); + + if (sk) { + sk->type = STACK_TYPE_BY_DIR_entry; + } + return sk; +} +/* return a number of WOLFSSL_BY_DIR_entry in stack */ +int wolfSSL_sk_BY_DIR_entry_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk) +{ + WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_num"); + + if (sk == NULL) + return -1; + return (int)sk->num; +} +/* return WOLFSSL_BY_DIR_entry instance at i */ +WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_value( + const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk, int i) +{ + WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_value"); + + for (; sk != NULL && i > 0; i--) + sk = sk->next; + + if (i != 0 || sk == NULL) + return NULL; + return sk->data.dir_entry; +} +/* pop WOLFSSL_BY_DIR_entry instance first, and remove its node from stack */ +WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_pop( + WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk) +{ + WOLFSSL_STACK* node; + WOLFSSL_BY_DIR_entry* entry; + + WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_pop"); + + if (sk == NULL) { + return NULL; + } + + node = sk->next; + entry = sk->data.dir_entry; + + if (node != NULL) { /* update sk and remove node from stack */ + sk->data.dir_entry = node->data.dir_entry; + sk->next = node->next; + wolfSSL_sk_free_node(node); + } + else { /* last x509 in stack */ + sk->data.dir_entry = NULL; + } + + if (sk->num > 0) { + sk->num -= 1; + } + + return entry; +} +/* release all contents in stack, and then release stack itself. */ +/* Second argument is a function pointer to release resouces. */ +/* It calls the function to release resouces when t is passed */ +/* instead of wolfSSL_BY_DIR_entry_free(). */ +void wolfSSL_sk_BY_DIR_entry_pop_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk, + void (*f) (WOLFSSL_BY_DIR_entry*)) +{ + WOLFSSL_STACK* node; + + WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_pop_free"); + + if (sk == NULL) { + return; + } + + /* parse through stack freeing each node */ + node = sk->next; + while (node && sk->num > 1) { + WOLFSSL_STACK* tmp = node; + node = node->next; + + if (f) + f(tmp->data.dir_entry); + else + wolfSSL_BY_DIR_entry_free(tmp->data.dir_entry); + tmp->data.dir_entry = NULL; + XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); + sk->num -= 1; + } + + /* free head of stack */ + if (sk->num == 1) { + if (f) + f(sk->data.dir_entry); + else + wolfSSL_BY_DIR_entry_free(sk->data.dir_entry); + sk->data.dir_entry = NULL; + } + XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL); +} +/* release all contents in stack, and then release stack itself */ +void wolfSSL_sk_BY_DIR_entry_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry) *sk) +{ + wolfSSL_sk_BY_DIR_entry_pop_free(sk, NULL); +} + +/* Adds the wolfSSL_BY_DIR_entry to the stack "sk". "sk" takes control of "in" and + * tries to free it when the stack is free'd. + * + * return 1 on success 0 on fail + */ +int wolfSSL_sk_BY_DIR_entry_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk, + WOLFSSL_BY_DIR_entry* in) +{ + WOLFSSL_STACK* node; + + if (sk == NULL || in == NULL) { + return WOLFSSL_FAILURE; + } + + /* no previous values in stack */ + if (sk->data.dir_entry == NULL) { + sk->data.dir_entry = in; + sk->num += 1; + return WOLFSSL_SUCCESS; + } + + /* stack already has value(s) create a new node and add more */ + node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL, + DYNAMIC_TYPE_OPENSSL); + if (node == NULL) { + WOLFSSL_MSG("Memory error"); + return WOLFSSL_FAILURE; + } + XMEMSET(node, 0, sizeof(WOLFSSL_STACK)); + + /* push new obj onto head of stack */ + node->data.dir_entry = sk->data.dir_entry; + node->next = sk->next; + node->type = sk->type; + sk->next = node; + sk->data.dir_entry = in; + sk->num += 1; + + return WOLFSSL_SUCCESS; +} + +#endif /* OPENSSL_ALL */ #undef ERROR_OUT diff --git a/src/ssl.c b/src/ssl.c index ac8cef9fb..0b73fe825 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -46360,392 +46360,6 @@ void wolfSSL_sk_SSL_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk) } } -#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) -/* create an instance of WOLFSSL_BY_DIR_HASH structure */ -WOLFSSL_BY_DIR_HASH* wolfSSL_BY_DIR_HASH_new(void) -{ - WOLFSSL_BY_DIR_HASH* dir_hash; - - WOLFSSL_ENTER("wolfSSL_BY_DIR_HASH_new"); - - dir_hash = (WOLFSSL_BY_DIR_HASH*)XMALLOC(sizeof(WOLFSSL_BY_DIR_HASH), NULL, - DYNAMIC_TYPE_OPENSSL); - if (dir_hash) { - XMEMSET(dir_hash, 0, sizeof(WOLFSSL_BY_DIR_HASH)); - } - return dir_hash; -} -/* release a WOLFSSL_BY_DIR_HASH resource */ -void wolfSSL_BY_DIR_HASH_free(WOLFSSL_BY_DIR_HASH* dir_hash) -{ - if (dir_hash == NULL) - return; - - XFREE(dir_hash, NULL, DYNAMIC_TYPE_OPENSSL); -} -/* create an instance of WOLFSSL_STACK for STACK_TYPE_BY_DIR_hash */ -WOLFSSL_STACK* wolfSSL_sk_BY_DIR_HASH_new_null(void) -{ - WOLFSSL_STACK* sk = wolfSSL_sk_new_node(NULL); - - WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_new_null"); - - if (sk) { - sk->type = STACK_TYPE_BY_DIR_hash; - } - return sk; -} - -/* returns value less than 0 on fail to match - * On a successful match the priority level found is returned - */ -int wolfSSL_sk_BY_DIR_HASH_find( - WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, const WOLFSSL_BY_DIR_HASH* toFind) -{ - WOLFSSL_STACK* next; - int i, sz; - - WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_find"); - - if (sk == NULL || toFind == NULL) { - return WOLFSSL_FAILURE; - } - - sz = wolfSSL_sk_BY_DIR_HASH_num(sk); - next = sk; - for (i = 0; i < sz && next != NULL; i++) { - if (next->data.dir_hash->hash_value == toFind->hash_value) { - return sz - i; /* reverse because stack pushed highest on first */ - } - next = next->next; - } - return -1; -} -/* return a number of WOLFSSL_BY_DIR_HASH in stack */ -int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk) -{ - WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_num"); - - if (sk == NULL) - return -1; - return (int)sk->num; -} -/* return WOLFSSL_BY_DIR_HASH instance at i */ -WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_value( - const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk, int i) -{ - WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_value"); - - for (; sk != NULL && i > 0; i--) - sk = sk->next; - - if (i != 0 || sk == NULL) - return NULL; - return sk->data.dir_hash; -} -/* pop WOLFSSL_BY_DIR_HASH instance, and remove its node from stack */ -WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_pop( - WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk) -{ - WOLFSSL_STACK* node; - WOLFSSL_BY_DIR_HASH* hash; - - WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_pop"); - - if (sk == NULL) { - return NULL; - } - - node = sk->next; - hash = sk->data.dir_hash; - - if (node != NULL) { /* update sk and remove node from stack */ - sk->data.dir_hash = node->data.dir_hash; - sk->next = node->next; - wolfSSL_sk_free_node(node); - } - else { /* last x509 in stack */ - sk->data.dir_hash = NULL; - } - - if (sk->num > 0) { - sk->num -= 1; - } - - return hash; -} -/* release all contents in stack, and then release stack itself. */ -/* Second argument is a function pointer to release resouces. */ -/* It calls the function to release resouces when t is passed */ -/* instead of wolfSSL_BY_DIR_HASH_free(). */ -void wolfSSL_sk_BY_DIR_HASH_pop_free(WOLF_STACK_OF(BY_DIR_HASH)* sk, - void (*f) (WOLFSSL_BY_DIR_HASH*)) -{ - WOLFSSL_STACK* node; - - WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_pop_free"); - - if (sk == NULL) { - return; - } - - /* parse through stack freeing each node */ - node = sk->next; - while (node && sk->num > 1) { - WOLFSSL_STACK* tmp = node; - node = node->next; - - if (f) - f(tmp->data.dir_hash); - else - wolfSSL_BY_DIR_HASH_free(tmp->data.dir_hash); - tmp->data.dir_hash = NULL; - XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); - sk->num -= 1; - } - - /* free head of stack */ - if (sk->num == 1) { - if (f) - f(sk->data.dir_hash); - else - wolfSSL_BY_DIR_HASH_free(sk->data.dir_hash); - sk->data.dir_hash = NULL; - } - XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL); -} -/* release all contents in stack, and then release stack itself */ -void wolfSSL_sk_BY_DIR_HASH_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk) -{ - wolfSSL_sk_BY_DIR_HASH_pop_free(sk, NULL); -} -/* Adds the WOLFSSL_BY_DIR_HASH to the stack "sk". "sk" takes control of "in" and - * tries to free it when the stack is free'd. - * - * return 1 on success 0 on fail - */ -int wolfSSL_sk_BY_DIR_HASH_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, - WOLFSSL_BY_DIR_HASH* in) -{ - WOLFSSL_STACK* node; - - WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_push"); - - if (sk == NULL || in == NULL) { - return WOLFSSL_FAILURE; - } - - /* no previous values in stack */ - if (sk->data.dir_hash == NULL) { - sk->data.dir_hash = in; - sk->num += 1; - return WOLFSSL_SUCCESS; - } - - /* stack already has value(s) create a new node and add more */ - node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL, - DYNAMIC_TYPE_OPENSSL); - if (node == NULL) { - WOLFSSL_MSG("Memory error"); - return WOLFSSL_FAILURE; - } - XMEMSET(node, 0, sizeof(WOLFSSL_STACK)); - - /* push new obj onto head of stack */ - node->data.dir_hash = sk->data.dir_hash; - node->next = sk->next; - node->type = sk->type; - sk->next = node; - sk->data.dir_hash = in; - sk->num += 1; - - return WOLFSSL_SUCCESS; -} -/* create an instance of WOLFSSL_BY_DIR_entry structure */ -WOLFSSL_BY_DIR_entry* wolfSSL_BY_DIR_entry_new(void) -{ - WOLFSSL_BY_DIR_entry* entry; - - WOLFSSL_ENTER("wolfSSL_BY_DIR_entry_new"); - - entry = (WOLFSSL_BY_DIR_entry*)XMALLOC(sizeof(WOLFSSL_BY_DIR_entry), NULL, - DYNAMIC_TYPE_OPENSSL); - - if (entry) { - XMEMSET(entry, 0, sizeof(WOLFSSL_BY_DIR_entry)); - } - return entry; -} -/* release a WOLFSSL_BY_DIR_entry resource */ -void wolfSSL_BY_DIR_entry_free(WOLFSSL_BY_DIR_entry* entry) -{ - WOLFSSL_ENTER("wolfSSL_BY_DIR_entry_free"); - - if (entry == NULL) - return; - - if (entry->hashes) { - wolfSSL_sk_BY_DIR_HASH_free(entry->hashes); - } - - if (entry->dir_name != NULL) { - XFREE(entry->dir_name, NULL, DYNAMIC_TYPE_OPENSSL); - } - - XFREE(entry, NULL, DYNAMIC_TYPE_OPENSSL); -} - -WOLFSSL_STACK* wolfSSL_sk_BY_DIR_entry_new_null(void) -{ - WOLFSSL_STACK* sk = wolfSSL_sk_new_node(NULL); - - WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_new_null"); - - if (sk) { - sk->type = STACK_TYPE_BY_DIR_entry; - } - return sk; -} -/* return a number of WOLFSSL_BY_DIR_entry in stack */ -int wolfSSL_sk_BY_DIR_entry_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk) -{ - WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_num"); - - if (sk == NULL) - return -1; - return (int)sk->num; -} -/* return WOLFSSL_BY_DIR_entry instance at i */ -WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_value( - const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk, int i) -{ - WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_value"); - - for (; sk != NULL && i > 0; i--) - sk = sk->next; - - if (i != 0 || sk == NULL) - return NULL; - return sk->data.dir_entry; -} -/* pop WOLFSSL_BY_DIR_entry instance first, and remove its node from stack */ -WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_pop( - WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk) -{ - WOLFSSL_STACK* node; - WOLFSSL_BY_DIR_entry* entry; - - WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_pop"); - - if (sk == NULL) { - return NULL; - } - - node = sk->next; - entry = sk->data.dir_entry; - - if (node != NULL) { /* update sk and remove node from stack */ - sk->data.dir_entry = node->data.dir_entry; - sk->next = node->next; - wolfSSL_sk_free_node(node); - } - else { /* last x509 in stack */ - sk->data.dir_entry = NULL; - } - - if (sk->num > 0) { - sk->num -= 1; - } - - return entry; -} -/* release all contents in stack, and then release stack itself */ -/* it uses function when it is passed */ -void wolfSSL_sk_BY_DIR_entry_pop_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk, - void (*f) (WOLFSSL_BY_DIR_entry*)) -{ - WOLFSSL_STACK* node; - - WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_pop_free"); - - if (sk == NULL) { - return; - } - - /* parse through stack freeing each node */ - node = sk->next; - while (node && sk->num > 1) { - WOLFSSL_STACK* tmp = node; - node = node->next; - - if (f) - f(tmp->data.dir_entry); - else - wolfSSL_BY_DIR_entry_free(tmp->data.dir_entry); - tmp->data.dir_entry = NULL; - XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); - sk->num -= 1; - } - - /* free head of stack */ - if (sk->num == 1) { - if (f) - f(sk->data.dir_entry); - else - wolfSSL_BY_DIR_entry_free(sk->data.dir_entry); - sk->data.dir_entry = NULL; - } - XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL); -} -/* release all contents in stack, and then release stack itself */ -void wolfSSL_sk_BY_DIR_entry_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry) *sk) -{ - wolfSSL_sk_BY_DIR_entry_pop_free(sk, NULL); -} - -/* Adds the wolfSSL_BY_DIR_entry to the stack "sk". "sk" takes control of "in" and - * tries to free it when the stack is free'd. - * - * return 1 on success 0 on fail - */ -int wolfSSL_sk_BY_DIR_entry_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk, - WOLFSSL_BY_DIR_entry* in) -{ - WOLFSSL_STACK* node; - - if (sk == NULL || in == NULL) { - return WOLFSSL_FAILURE; - } - - /* no previous values in stack */ - if (sk->data.dir_entry == NULL) { - sk->data.dir_entry = in; - sk->num += 1; - return WOLFSSL_SUCCESS; - } - - /* stack already has value(s) create a new node and add more */ - node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL, - DYNAMIC_TYPE_OPENSSL); - if (node == NULL) { - WOLFSSL_MSG("Memory error"); - return WOLFSSL_FAILURE; - } - XMEMSET(node, 0, sizeof(WOLFSSL_STACK)); - - /* push new obj onto head of stack */ - node->data.dir_entry = sk->data.dir_entry; - node->next = sk->next; - node->type = sk->type; - sk->next = node; - sk->data.dir_entry = in; - sk->num += 1; - - return WOLFSSL_SUCCESS; -} - -#endif /* OPENSSL_ALL */ - int wolfSSL_sk_X509_INFO_num(const WOLF_STACK_OF(WOLFSSL_X509_INFO) *sk) { WOLFSSL_ENTER("wolfSSL_sk_X509_INFO_num"); diff --git a/tests/api.c b/tests/api.c index 8f7b7121b..5f38b6446 100644 --- a/tests/api.c +++ b/tests/api.c @@ -25732,138 +25732,6 @@ static void test_wolfSSL_X509_NAME(void) #endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */ } -static void test_wolfSSL_sk_X509_BY_DIR_HASH(void) -{ -#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) - STACK_OF(WOLFSSL_BY_DIR_HASH) *hash_stack; - WOLFSSL_BY_DIR_HASH *hash1; - WOLFSSL_BY_DIR_HASH *hash2; - WOLFSSL_BY_DIR_HASH *h; - const unsigned long dummy_hash[2] = { - 0x12345678, - 0x9abcdef0 - }; - int i, num; - - printf(testingFmt, "test_wolfSSL_sk_X509_BY_DIR_HASH"); - - /* new */ - AssertNotNull(hash1 = wolfSSL_BY_DIR_HASH_new()); - hash1->hash_value = dummy_hash[0]; - - AssertNotNull(hash2 = wolfSSL_BY_DIR_HASH_new()); - hash2->hash_value = dummy_hash[1]; - - AssertNotNull(hash_stack = wolfSSL_sk_BY_DIR_HASH_new_null()); - - /* push */ - AssertIntEQ(wolfSSL_sk_BY_DIR_HASH_push(NULL, NULL), - WOLFSSL_FAILURE); - AssertIntEQ(wolfSSL_sk_BY_DIR_HASH_push(NULL, hash1), - WOLFSSL_FAILURE); - AssertIntEQ(wolfSSL_sk_BY_DIR_HASH_push(hash_stack, NULL), - WOLFSSL_FAILURE); - - AssertIntEQ(wolfSSL_sk_BY_DIR_HASH_push(hash_stack, hash1), - WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_sk_BY_DIR_HASH_push(hash_stack, - hash2), WOLFSSL_SUCCESS); - /* num and value */ - AssertIntEQ((num = wolfSSL_sk_BY_DIR_HASH_num(hash_stack)), 2); - for (i = 0; i < num; i++) { - AssertNotNull(h = wolfSSL_sk_BY_DIR_HASH_value(hash_stack, i)); - AssertTrue(h->hash_value == dummy_hash[num - i - 1]); - } - - /* pop */ - AssertNotNull(h = wolfSSL_sk_BY_DIR_HASH_pop(hash_stack)); - AssertIntEQ((num = wolfSSL_sk_BY_DIR_HASH_num(hash_stack)), 1); - - /* find */ - AssertIntEQ(wolfSSL_sk_BY_DIR_HASH_find(NULL, NULL), - WOLFSSL_FAILURE); - AssertIntEQ(wolfSSL_sk_BY_DIR_HASH_find(NULL, hash1), - WOLFSSL_FAILURE); - AssertIntEQ(wolfSSL_sk_BY_DIR_HASH_find(hash_stack, NULL), - WOLFSSL_FAILURE); - - AssertIntEQ(wolfSSL_sk_BY_DIR_HASH_push(hash_stack, hash2), - 1); - - /* free */ - wolfSSL_sk_BY_DIR_HASH_free(hash_stack); - - printf(resultFmt, passed); -#endif -} - - -static void test_wolfSSL_sk_X509_BY_DIR(void) -{ -#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) - STACK_OF(WOLFSSL_BY_DIR_entry) *entry_stack; - WOLFSSL_BY_DIR_entry *entry1; - WOLFSSL_BY_DIR_entry *entry2; - WOLFSSL_BY_DIR_entry *ent; - const char* dummy_dir[2] = { - "/hoge/hoge/foo/foo", - "/foo1/hoge2/abc/defg" - }; - int i, num; - size_t len; - - printf(testingFmt, "test_wolfSSL_X509_sk_BY_DIR"); - - /* new */ - AssertNotNull(entry1 = wolfSSL_BY_DIR_entry_new()); - len = XSTRLEN(dummy_dir[0]); - entry1->dir_name = (char*)XMALLOC(len + 1, NULL, DYNAMIC_TYPE_OPENSSL); - AssertNotNull(entry1->dir_name); - XMEMSET(entry1->dir_name, 0, len + 1); - XSTRNCPY(entry1->dir_name, dummy_dir[0], len + 1); - - AssertNotNull(entry2 = wolfSSL_BY_DIR_entry_new()); - len = XSTRLEN(dummy_dir[1]); - entry2->dir_name = (char*)XMALLOC(len + 1, NULL, DYNAMIC_TYPE_OPENSSL); - AssertNotNull(entry2->dir_name); - XMEMSET(entry2->dir_name, 0, len + 1); - XSTRNCPY(entry2->dir_name, dummy_dir[1], len + 1); - - AssertNotNull(entry_stack = wolfSSL_sk_BY_DIR_entry_new_null()); - - /* push */ - AssertIntEQ(wolfSSL_sk_BY_DIR_entry_push(NULL, NULL), - WOLFSSL_FAILURE); - AssertIntEQ(wolfSSL_sk_BY_DIR_entry_push(NULL, entry1), - WOLFSSL_FAILURE); - AssertIntEQ(wolfSSL_sk_BY_DIR_entry_push(entry_stack, NULL), - WOLFSSL_FAILURE); - - AssertIntEQ(wolfSSL_sk_BY_DIR_entry_push(entry_stack, entry1), - WOLFSSL_SUCCESS); - AssertIntEQ(wolfSSL_sk_BY_DIR_entry_push(entry_stack, - entry2), WOLFSSL_SUCCESS); - /* num and value */ - AssertIntEQ((num = wolfSSL_sk_BY_DIR_entry_num(entry_stack)), 2); - for (i = 0; i < num; i++) { - AssertNotNull(ent = wolfSSL_sk_BY_DIR_entry_value(entry_stack, i)); - len = XSTRLEN(dummy_dir[num - i - 1]); - AssertTrue(XSTRLEN(ent->dir_name) == len); - AssertIntEQ(XSTRNCMP(ent->dir_name, dummy_dir[num - i - 1], len), 0); - } - - /* pop */ - AssertNotNull(ent = wolfSSL_sk_BY_DIR_entry_pop(entry_stack)); - AssertIntEQ((len = wolfSSL_sk_BY_DIR_entry_num(entry_stack)), 1); - wolfSSL_BY_DIR_entry_free(ent); - - /* free */ - wolfSSL_sk_BY_DIR_entry_free(entry_stack); - - printf(resultFmt, passed); -#endif -} - #ifndef NO_BIO static void test_wolfSSL_X509_INFO(void) { @@ -28177,12 +28045,10 @@ static void test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void) char *p; X509_STORE* str; X509_LOOKUP* lookup; - WOLFSSL_BY_DIR_entry *dir; WOLFSSL_STACK* sk = NULL; - int num = 0, len, total_len, i; + int len, total_len, i; (void) sk; - (void) num; printf(testingFmt, "test_wolfSSL_X509_LOOKUP_ctrl_hash_dir()"); @@ -28203,13 +28069,6 @@ static void test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void) AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "./", SSL_FILETYPE_PEM,NULL), 1); AssertNotNull(sk = lookup->dirs->dir_entry); - AssertIntEQ((num = wolfSSL_sk_BY_DIR_entry_num(sk)), 1); - - dir = wolfSSL_sk_BY_DIR_entry_value(sk, 0); - AssertIntEQ(XSTRLEN((const char*)dir->dir_name), XSTRLEN("./")); - AssertIntEQ(XMEMCMP(dir->dir_name, "./", - XSTRLEN((const char*)dir->dir_name)), 0); - /* free store */ X509_STORE_free(str); @@ -28230,14 +28089,6 @@ static void test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void) AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, CertCrl_path, SSL_FILETYPE_PEM,NULL), 1); AssertNotNull(sk = lookup->dirs->dir_entry); - AssertIntEQ((num = wolfSSL_sk_BY_DIR_entry_num(sk)), MAX_DIR); - - for(i = 0; idir_name), XSTRLEN(paths[i])); - AssertIntEQ(XMEMCMP(dir->dir_name, paths[i], - XSTRLEN((const char*)dir->dir_name)), 0); - } X509_STORE_free(str); @@ -42057,8 +41908,6 @@ void ApiTest(void) #ifndef NO_BIO test_wolfSSL_X509_INFO(); #endif - test_wolfSSL_sk_X509_BY_DIR_HASH(); - test_wolfSSL_sk_X509_BY_DIR(); test_wolfSSL_X509_subject_name_hash(); test_wolfSSL_X509_issuer_name_hash(); test_wolfSSL_X509_check_host(); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 14a95d165..2ac3904b6 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -4824,6 +4824,37 @@ WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey); WOLFSSL_LOCAL int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int Type); #endif +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) +WOLFSSL_LOCAL WOLFSSL_BY_DIR_HASH* wolfSSL_BY_DIR_HASH_new(void); +WOLFSSL_LOCAL void wolfSSL_BY_DIR_HASH_free(WOLFSSL_BY_DIR_HASH* dir_hash); +WOLFSSL_LOCAL WOLFSSL_STACK* wolfSSL_sk_BY_DIR_HASH_new_null(void); +WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_HASH_find( + WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, const WOLFSSL_BY_DIR_HASH* toFind); +WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk); +WOLFSSL_LOCAL WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_value( + const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk, int i); +WOLFSSL_LOCAL WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_pop( + WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk); +WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_HASH_pop_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, + void (*f) (WOLFSSL_BY_DIR_HASH*)); +WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_HASH_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk); +WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_HASH_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, + WOLFSSL_BY_DIR_HASH* in); +/* WOLFSSL_BY_DIR_entry stuff */ +WOLFSSL_LOCAL WOLFSSL_BY_DIR_entry* wolfSSL_BY_DIR_entry_new(void); +WOLFSSL_LOCAL void wolfSSL_BY_DIR_entry_free(WOLFSSL_BY_DIR_entry* entry); +WOLFSSL_LOCAL WOLFSSL_STACK* wolfSSL_sk_BY_DIR_entry_new_null(void); +WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_entry_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk); +WOLFSSL_LOCAL WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_value( + const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk, int i); +WOLFSSL_LOCAL WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_pop( + WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk); +WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_entry_pop_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry)* sk, + void (*f) (WOLFSSL_BY_DIR_entry*)); +WOLFSSL_LOCAL void wolfSSL_sk_BY_DIR_entry_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry) *sk); +WOLFSSL_LOCAL int wolfSSL_sk_BY_DIR_entry_push(WOLF_STACK_OF(wolfSSL_BY_DIR_entry)* sk, + WOLFSSL_BY_DIR_entry* in); +#endif /* OPENSSL_ALL && !NO_FILESYSTEM && !NO_WOLFSSL_DIR */ #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 22ea2f5a4..961b1fb1a 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3851,38 +3851,6 @@ WOLFSSL_API int wolfSSL_sk_CONF_VALUE_push(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk WOLFSSL_CONF_VALUE* val); #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY */ -#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) -WOLFSSL_API WOLFSSL_BY_DIR_HASH* wolfSSL_BY_DIR_HASH_new(void); -WOLFSSL_API void wolfSSL_BY_DIR_HASH_free(WOLFSSL_BY_DIR_HASH* dir_hash); -WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_BY_DIR_HASH_new_null(void); -WOLFSSL_API int wolfSSL_sk_BY_DIR_HASH_find( - WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, const WOLFSSL_BY_DIR_HASH* toFind); -WOLFSSL_API int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk); -WOLFSSL_API WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_value( - const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk, int i); -WOLFSSL_API WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_pop( - WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk); -WOLFSSL_API void wolfSSL_sk_BY_DIR_HASH_pop_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, - void (*f) (WOLFSSL_BY_DIR_HASH*)); -WOLFSSL_API void wolfSSL_sk_BY_DIR_HASH_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk); -WOLFSSL_API int wolfSSL_sk_BY_DIR_HASH_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, - WOLFSSL_BY_DIR_HASH* in); -/* WOLFSSL_BY_DIR_entry stuff */ -WOLFSSL_API WOLFSSL_BY_DIR_entry* wolfSSL_BY_DIR_entry_new(void); -WOLFSSL_API void wolfSSL_BY_DIR_entry_free(WOLFSSL_BY_DIR_entry* entry); -WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_BY_DIR_entry_new_null(void); -WOLFSSL_API int wolfSSL_sk_BY_DIR_entry_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk); -WOLFSSL_API WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_value( - const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk, int i); -WOLFSSL_API WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_pop( - WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk); -WOLFSSL_API void wolfSSL_sk_BY_DIR_entry_pop_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry)* sk, - void (*f) (WOLFSSL_BY_DIR_entry*)); -WOLFSSL_API void wolfSSL_sk_BY_DIR_entry_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry) *sk); -WOLFSSL_API int wolfSSL_sk_BY_DIR_entry_push(WOLF_STACK_OF(wolfSSL_BY_DIR_entry)* sk, - WOLFSSL_BY_DIR_entry* in); -#endif /* OPENSSL_ALL && !NO_FILESYSTEM && !NO_WOLFSSL_DIR */ - #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_ASN1_BIT_STRING_new(void); WOLFSSL_API void wolfSSL_ASN1_BIT_STRING_free(WOLFSSL_ASN1_BIT_STRING*); From c5327866a4800c580d72bf1724b84a89e9fcf035 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Fri, 12 Mar 2021 08:35:39 +0900 Subject: [PATCH 094/137] addressed review comments part 3 --- src/internal.c | 1 + src/ssl.c | 16 ++++++++-------- wolfssl/internal.h | 15 +++++++++++++++ wolfssl/ssl.h | 20 ++++---------------- 4 files changed, 28 insertions(+), 24 deletions(-) diff --git a/src/internal.c b/src/internal.c index 74e0dd2f2..adf29955a 100644 --- a/src/internal.c +++ b/src/internal.c @@ -10735,6 +10735,7 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) if (type == X509_LU_CRL) { if (wc_LockMutex(&lookup->dirs->lock) != 0) { WOLFSSL_MSG("wc_LockMutex cdir Lock error"); + XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL); return BAD_MUTEX_E; } if (ph == NULL) { diff --git a/src/ssl.c b/src/ssl.c index 0b73fe825..b08fe0967 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -24836,13 +24836,12 @@ WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_file(void) /* @param argl file type, either WOLFSSL_FILETYPE_PEM or */ /* WOLFSSL_FILETYPE_ASN1 */ /* @return WOLFSSL_SUCCESS on successful, othewise negative or zero */ -static int x509AddCertDir(void *p, const char *argc, long argl) +static int x509AddCertDir(WOLFSSL_BY_DIR *ctx, const char *argc, long argl) { WOLFSSL_ENTER("x509AddCertDir"); (void)argl; #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) - WOLFSSL_BY_DIR *ctx = (WOLFSSL_BY_DIR*)p; WOLFSSL_BY_DIR_entry *entry; size_t pathLen; int i, num; @@ -24855,8 +24854,9 @@ static int x509AddCertDir(void *p, const char *argc, long argl) pathLen = 0; c = argc; - /* zero length */ - if (c == NULL || *c == '\0') return WOLFSSL_FAILURE; + /* sanity check, zero length */ + if (ctx == NULL || c == NULL || *c == '\0') + return WOLFSSL_FAILURE; #ifdef WOLFSSL_SMALL_STACK buf = (char*)XMALLOC(MAX_FILENAME_SZ, NULL, DYNAMIC_TYPE_OPENSSL); @@ -24948,7 +24948,7 @@ static int x509AddCertDir(void *p, const char *argc, long argl) return WOLFSSL_SUCCESS; #else - (void)p; + (void)ctx; (void)argc; return WOLFSSL_NOT_IMPLEMENTED; #endif @@ -41641,17 +41641,17 @@ static int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out, /* trimming spaces at the head and tail */ dst--; - for (; (len > 0 && XISSPACE(*dst));len--) { + for (; (len > 0 && XISSPACE(*dst)); len--) { dst--; } - for (; (len > 0 && XISSPACE(*src));len--) { + for (; (len > 0 && XISSPACE(*src)); len--) { src++; } /* point to the start */ dst = asn_out->data; - for (i = 0; i < len;dst++, i++) { + for (i = 0; i < len; dst++, i++) { if (!XISASCII(*src)) { /* keep non-ascii code */ *dst = *src++; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 2ac3904b6..14fa0dc90 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1684,6 +1684,21 @@ WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_3(void); #endif #endif +struct WOLFSSL_BY_DIR_HASH { + unsigned long hash_value; + int last_suffix; +}; + +struct WOLFSSL_BY_DIR_entry { + char* dir_name; + int dir_type; + WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *hashes; +}; + +struct WOLFSSL_BY_DIR { + WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *dir_entry; + wolfSSL_Mutex lock; /* dir list lock */ +}; /* wolfSSL method type */ struct WOLFSSL_METHOD { diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 961b1fb1a..5b6c26687 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -143,6 +143,10 @@ typedef struct WOLFSSL_X509_STORE_CTX WOLFSSL_X509_STORE_CTX; typedef int (*WOLFSSL_X509_STORE_CTX_verify_cb)(int, WOLFSSL_X509_STORE_CTX *); +typedef struct WOLFSSL_BY_DIR_HASH WOLFSSL_BY_DIR_HASH; +typedef struct WOLFSSL_BY_DIR_entry WOLFSSL_BY_DIR_entry; +typedef struct WOLFSSL_BY_DIR WOLFSSL_BY_DIR; + /* redeclare guard */ #define WOLFSSL_TYPES_DEFINED @@ -279,22 +283,6 @@ struct WOLFSSL_X509V3_CTX { WOLFSSL_X509* x509; }; -struct WOLFSSL_BY_DIR_HASH { - unsigned long hash_value; - int last_suffix; -}; - -struct WOLFSSL_BY_DIR_entry { - char* dir_name; - int dir_type; - WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *hashes; -}; - -struct WOLFSSL_BY_DIR { - WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *dir_entry; - wolfSSL_Mutex lock; /* dir list lock */ -}; - struct WOLFSSL_ASN1_OBJECT { void* heap; const unsigned char* obj; From 7b81ff1bc6b90625276067d71ed25a48676ea047 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Fri, 12 Mar 2021 09:03:35 +0900 Subject: [PATCH 095/137] fixed api testing for hash dir --- tests/api.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/api.c b/tests/api.c index 5f38b6446..7cecf86e4 100644 --- a/tests/api.c +++ b/tests/api.c @@ -28068,7 +28068,10 @@ static void test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void) AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "./", SSL_FILETYPE_PEM,NULL), 1); + #if defined(WOLFSSL_INT_H) + /* only available when including internal.h */ AssertNotNull(sk = lookup->dirs->dir_entry); + #endif /* free store */ X509_STORE_free(str); @@ -28088,7 +28091,10 @@ static void test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void) AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, CertCrl_path, SSL_FILETYPE_PEM,NULL), 1); + #if defined(WOLFSSL_INT_H) + /* only available when including internal.h */ AssertNotNull(sk = lookup->dirs->dir_entry); + #endif X509_STORE_free(str); From ffa6a80725b174c03343edf495b266b6b498db85 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Thu, 18 Mar 2021 08:12:19 +0900 Subject: [PATCH 096/137] addressed review comments part 4 --- src/crl.c | 2 +- src/internal.c | 23 +++++++++++++---------- wolfcrypt/src/asn.c | 2 +- wolfcrypt/src/wc_port.c | 9 ++++----- wolfssl/internal.h | 2 +- wolfssl/ssl.h | 3 --- wolfssl/wolfcrypt/wc_port.h | 4 ++++ 7 files changed, 24 insertions(+), 21 deletions(-) diff --git a/src/crl.c b/src/crl.c index fd96c4390..cb99ec1c7 100644 --- a/src/crl.c +++ b/src/crl.c @@ -369,7 +369,7 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert) !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) if (foundEntry == 0) { if (crl->cm->x509_store_p != NULL) { - ret = LoadCrlCertByIssuer(crl->cm->x509_store_p, + ret = LoadCertByIssuer(crl->cm->x509_store_p, (WOLFSSL_X509_NAME*)cert->issuerName, X509_LU_CRL); if (ret == WOLFSSL_SUCCESS) { /* try again */ diff --git a/src/internal.c b/src/internal.c index adf29955a..58ce4c826 100644 --- a/src/internal.c +++ b/src/internal.c @@ -10593,11 +10593,11 @@ static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs) /* @param issuer a pointer to X509_NAME that presents an issuer */ /* @param type X509_LU_X509 or X509_LU_CRL */ /* @return WOLFSSL_SUCCESS on successful, otherwise WOLFSSL_FAILURE */ -int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) +int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) { const int MAX_SUFFIX = 10;/* The number comes from CA_TABLE_SIZE=10 */ int ret = WOLFSSL_SUCCESS; - WOLFSSL_X509_LOOKUP* lookup = &store->lookup; + WOLFSSL_X509_LOOKUP* lookup; WOLFSSL_BY_DIR_entry* entry; WOLFSSL_BY_DIR_HASH hash_tmp; WOLFSSL_BY_DIR_HASH* ph = NULL; @@ -10611,11 +10611,14 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) int retHash = NOT_COMPILED_IN; byte dgt[WC_MAX_DIGEST_SIZE]; - WOLFSSL_ENTER("LoadCrlCertByIssuer"); + WOLFSSL_ENTER("LoadCertByIssuer"); /* sanity check */ - if (store == NULL || issuer == NULL || lookup->dirs == NULL || - lookup->type != 1 || (type != X509_LU_X509 && type != X509_LU_CRL)) { + if (store == NULL || issuer == NULL || (type != X509_LU_X509 && type != X509_LU_CRL)) { + return WOLFSSL_FAILURE; + } + lookup = &store->lookup; + if (lookup->dirs == NULL || lookup->type != 1) { return WOLFSSL_FAILURE; } @@ -10766,7 +10769,7 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) (void) i; ret = WOLFSSL_NOT_IMPLEMENTED; #endif - WOLFSSL_LEAVE("LoadCrlCertByIssuer", ret); + WOLFSSL_LEAVE("LoadCertByIssuer", ret); return ret; } @@ -11305,11 +11308,11 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (ret == ASN_NO_SIGNER_E) { WOLFSSL_MSG("try to load certificate if hash dir is set"); if (ssl->ctx->x509_store_pt != NULL) { - ret = LoadCrlCertByIssuer(ssl->ctx->x509_store_pt, + ret = LoadCertByIssuer(ssl->ctx->x509_store_pt, (WOLFSSL_X509_NAME*)args->dCert->issuerName, X509_LU_X509); } else { - ret = LoadCrlCertByIssuer(&ssl->ctx->x509_store, + ret = LoadCertByIssuer(&ssl->ctx->x509_store, (WOLFSSL_X509_NAME*)args->dCert->issuerName, X509_LU_X509); } @@ -11523,11 +11526,11 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (ret == ASN_NO_SIGNER_E) { WOLFSSL_MSG("try to load certificate if hash dir is set"); if (ssl->ctx->x509_store_pt != NULL) { - ret = LoadCrlCertByIssuer(ssl->ctx->x509_store_pt, + ret = LoadCertByIssuer(ssl->ctx->x509_store_pt, (WOLFSSL_X509_NAME*)args->dCert->issuerName, X509_LU_X509); } else { - ret = LoadCrlCertByIssuer(&ssl->ctx->x509_store, + ret = LoadCertByIssuer(&ssl->ctx->x509_store, (WOLFSSL_X509_NAME*)args->dCert->issuerName, X509_LU_X509); } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index c2af80e85..a19529107 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -13201,7 +13201,7 @@ int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr, char nameType int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType, byte type) { - return wc_EncodeName_ex(name, nameStr, nameType, type, 0x16); + return wc_EncodeName_ex(name, nameStr, nameType, type, ASN_IA5_STRING); } /* encode CertName into output, return total bytes written */ int SetName(byte* output, word32 outputSz, CertName* name) diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 3a30d198a..9e119eb61 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -429,20 +429,19 @@ int wc_FileExists(const char* fname) return BAD_PATH_ERROR; } else #if defined(USE_WINDOWS_API) - if (ctx.s.st_mode & _S_IFREG) { + if (XS_ISREG(ctx.s.st_mode)) { return 0; } #elif defined(WOLFSSL_ZEPHYR) - if (ctx.s.type == FS_DIR_ENTRY_FILE) { + if (XS_ISREG(ctx.s.type)) { return 0; } - #elif defined(WOLFSSL_TELIT_M2MB) - if (ctx.s.st_mode & M2MB_S_IFREG) { + if (XS_ISREG(ctx.s.st_mode)) { return 0; } #else - if (S_ISREG(ctx.s.st_mode)) { + if (XS_ISREG(ctx.s.st_mode)) { return 0; } #endif diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 14fa0dc90..e24ebdb39 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -4836,7 +4836,7 @@ WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey); #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) -WOLFSSL_LOCAL int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, +WOLFSSL_LOCAL int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int Type); #endif #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 5b6c26687..6f7c384b3 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -196,9 +196,6 @@ typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT; typedef struct WOLFSSL_ASN1_OTHERNAME WOLFSSL_ASN1_OTHERNAME; typedef struct WOLFSSL_X509V3_CTX WOLFSSL_X509V3_CTX; typedef struct WOLFSSL_v3_ext_method WOLFSSL_v3_ext_method; -typedef struct WOLFSSL_BY_DIR WOLFSSL_BY_DIR; -typedef struct WOLFSSL_BY_DIR_entry WOLFSSL_BY_DIR_entry; -typedef struct WOLFSSL_BY_DIR_HASH WOLFSSL_BY_DIR_HASH; typedef struct WOLFSSL_ASN1_STRING WOLFSSL_ASN1_STRING; typedef struct WOLFSSL_dynlock_value WOLFSSL_dynlock_value; diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 3da8f90c8..c08ec6ca1 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -681,12 +681,15 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #if defined(USE_WINDOWS_API) #include #define XSTAT _stat + #define XS_ISREG(s) (s & _S_IFREG) #define SEPARATOR_CHAR ';' #elif defined(WOLFSSL_ZEPHYR) #define XSTAT fs_stat + #define XS_ISREG(s) (s == FS_DIR_ENTRY_FILE) #define SEPARATOR_CHAR ':' #elif defined(WOLFSSL_TELIT_M2MB) #define XSTAT m2mb_fs_stat + #define XS_ISREG(s) (s & M2MB_S_IFREG) #define SEPARATOR_CHAR ':' #else #include @@ -696,6 +699,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define XREAD read #define XCLOSE close #define XSTAT stat + #define XS_ISREG(s) S_ISREG(s) #define SEPARATOR_CHAR ':' #endif #endif From 300cbf7a5b6a3cf2fba7fe19786d4c1147d55405 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Thu, 18 Mar 2021 16:44:38 +0900 Subject: [PATCH 097/137] fixed NO_WOLFSSL_DIR configuration case --- src/ssl.c | 3 ++- tests/api.c | 9 ++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index b08fe0967..68adb8516 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -24985,7 +24985,8 @@ int wolfSSL_X509_LOOKUP_ctrl(WOLFSSL_X509_LOOKUP *ctx, int cmd, #if !defined(NO_WOLFSSL_DIR) lret = x509AddCertDir(ctx->dirs, argc, argl); #else - lret = WOLFSSL_NOT_IMPLEMENTED + (void)x509AddCertDir; + lret = WOLFSSL_NOT_IMPLEMENTED; #endif break; case WOLFSSL_X509_L_ADD_STORE: diff --git a/tests/api.c b/tests/api.c index 7cecf86e4..ca2444bf4 100644 --- a/tests/api.c +++ b/tests/api.c @@ -28925,7 +28925,8 @@ static void test_wolfSSL_X509_STORE(void) static void test_wolfSSL_X509_STORE_load_locations(void) { -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_FILESYSTEM) +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_FILESYSTEM)\ + && !defined(NO_WOLFSSL_DIR) SSL_CTX *ctx; X509_STORE *store; @@ -40867,7 +40868,7 @@ static void test_wolfSSL_X509_print(void) !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(XSNPRINTF) X509 *x509; BIO *bio; -#ifdef OPENSSL_ALL +#if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR) const X509_ALGOR *cert_sig_alg; #endif @@ -40888,14 +40889,16 @@ static void test_wolfSSL_X509_print(void) AssertNotNull(bio = BIO_new_fd(STDOUT_FILENO, BIO_NOCLOSE)); -#ifdef OPENSSL_ALL +#if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR) /* Print signature */ AssertNotNull(cert_sig_alg = X509_get0_tbs_sigalg(x509)); AssertIntEQ(X509_signature_print(bio, cert_sig_alg, NULL), SSL_SUCCESS); #endif /* print to stdout */ +#if !defined(NO_WOLFSSL_DIR) AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS); +#endif /* print again */ AssertIntEQ(X509_print_fp(stdout, x509), SSL_SUCCESS); From 6e383cf6cd0d2af1371f40a3892d7c2962a3c299 Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Fri, 19 Mar 2021 09:51:04 +0100 Subject: [PATCH 098/137] Full implementation of SHAKE256 The current SHAKE256 implementation squeezes output bytes only up to the rate limit of 136 bytes. This has been fixed to support the output of an unlimited amount of bytes complying with the NIST FIPS 202 standard. --- wolfcrypt/src/sha3.c | 37 +++++++++++++++++++++++++++---------- 1 file changed, 27 insertions(+), 10 deletions(-) diff --git a/wolfcrypt/src/sha3.c b/wolfcrypt/src/sha3.c index 74375640f..dacbc0df6 100644 --- a/wolfcrypt/src/sha3.c +++ b/wolfcrypt/src/sha3.c @@ -636,30 +636,47 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p) * len Number of bytes in output. * returns 0 on success. */ -static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, byte l) +static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l) { +#if defined(BIG_ENDIAN_ORDER) + word32 q = (l + 7) / 8; +#endif + word32 k, rate = p * 8; byte i; byte *state = (byte *)sha3->s; - sha3->t[p * 8 - 1] = 0x00; + sha3->t[rate - 1] = 0x00; #ifdef WOLFSSL_HASH_FLAGS if (p == WC_SHA3_256_COUNT && sha3->flags & WC_HASH_SHA3_KECCAK256) { padChar = 0x01; } #endif sha3->t[ sha3->i] = padChar; - sha3->t[p * 8 - 1] |= 0x80; - for (i=sha3->i + 1; i < p * 8 - 1; i++) + sha3->t[rate - 1] |= 0x80; + for (i=sha3->i + 1; i < rate - 1; i++) sha3->t[i] = 0; for (i = 0; i < p; i++) sha3->s[i] ^= Load64BitBigEndian(sha3->t + 8 * i); BlockSha3(sha3->s); #if defined(BIG_ENDIAN_ORDER) - ByteReverseWords64(sha3->s, sha3->s, ((l+7)/8)*8); + ByteReverseWords64(sha3->s, sha3->s, (q > p) ? rate : q * 8); #endif - for (i = 0; i < l; i++) - hash[i] = state[i]; - + i = 0; + for (k = 0; k < l; k++) + { + if (i == rate) + { + i = 0; +#if defined(BIG_ENDIAN_ORDER) + ByteReverseWords64(sha3->s, sha3->s, rate); + BlockSha3(sha3->s); + ByteReverseWords64(sha3->s, sha3->s, rate); +#else + BlockSha3(sha3->s); +#endif + } + hash[k] = state[i++]; + } return 0; } @@ -763,7 +780,7 @@ static int wc_Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte len) } #endif /* WOLFSSL_ASYNC_CRYPT */ - ret = Sha3Final(sha3, 0x06, hash, p, len); + ret = Sha3Final(sha3, 0x06, hash, p, (word32)len); if (ret != 0) return ret; @@ -1193,7 +1210,7 @@ int wc_Shake256_Final(wc_Shake* shake, byte* hash, word32 hashLen) return BAD_FUNC_ARG; } - ret = Sha3Final(shake, 0x1f, hash, WC_SHA3_256_COUNT, (byte)hashLen); + ret = Sha3Final(shake, 0x1f, hash, WC_SHA3_256_COUNT, hashLen); if (ret != 0) return ret; From fae36f108eef40fb99bcce894c22b08047b1ef37 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Sat, 20 Mar 2021 12:29:42 +0900 Subject: [PATCH 099/137] adressed review comments part 5 --- src/crl.c | 5 +++++ wolfssl/internal.h | 4 +++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/crl.c b/src/crl.c index cb99ec1c7..148ea5796 100644 --- a/src/crl.c +++ b/src/crl.c @@ -367,6 +367,11 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert) #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + /* if not find entry in the CRL list, it looks at the folder that sets */ + /* by LOOKUP_ctrl because user would want to use hash_dir. */ + /* Loading .rN form CRL file if find at the folder, */ + /* and try again checking Cert in the CRL list. */ + /* When not set the folder or not use hash_dir, do nothing. */ if (foundEntry == 0) { if (crl->cm->x509_store_p != NULL) { ret = LoadCertByIssuer(crl->cm->x509_store_p, diff --git a/wolfssl/internal.h b/wolfssl/internal.h index e24ebdb39..1d55b3afe 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2083,7 +2083,9 @@ struct WOLFSSL_CERT_MANAGER { short minEccKeySz; /* minimum allowed ECC key size */ #endif #if defined(OPENSSL_EXTRA) - WOLFSSL_X509_STORE *x509_store_p; /* pointer back to x509 store */ + WOLFSSL_X509_STORE *x509_store_p; /* a pointer back to CTX x509 store */ + /* CTX has ownership and free this */ + /* with CTX free. */ #endif wolfSSL_Mutex refMutex; /* reference count mutex */ int refCount; /* reference count */ From 526688a1a53f4e4dd34d692fd2ead027434d241b Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Sat, 20 Mar 2021 12:47:35 +0900 Subject: [PATCH 100/137] adressed review comments part 5-1 --- src/ssl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 68adb8516..dff8a4dc9 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -15821,7 +15821,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ctx->x509_store.cache = str->cache; ctx->x509_store_pt = str; /* take ownership of store and free it with CTX free */ - ctx->cm->x509_store_p = ctx->x509_store_pt; + ctx->cm->x509_store_p = ctx->x509_store_pt;/* CTX has onwership + and free it with CTX free*/ } From c3e6195da5ccb9c2c9e63eeaa35c7435210faccf Mon Sep 17 00:00:00 2001 From: Elms Date: Fri, 19 Mar 2021 16:25:08 -0700 Subject: [PATCH 101/137] INTIME: add support for directory file search Directory support allows CRL use with undefining `NO_WOLFSSL_DIR` Also increase stack size to avoid page fault and add `_USE_64BIT_TIME_T` to example project to pass ASN test --- IDE/INTIME-RTOS/user_settings.h | 4 +- IDE/INTIME-RTOS/wolfExamples.vcxproj | 2 +- wolfcrypt/src/wc_port.c | 55 ++++++++++++++++++++++++++++ wolfssl/wolfcrypt/wc_port.h | 2 + 4 files changed, 60 insertions(+), 3 deletions(-) diff --git a/IDE/INTIME-RTOS/user_settings.h b/IDE/INTIME-RTOS/user_settings.h index 8458f3814..529dad4d1 100644 --- a/IDE/INTIME-RTOS/user_settings.h +++ b/IDE/INTIME-RTOS/user_settings.h @@ -14,7 +14,7 @@ extern "C" { #define INTIME_RTOS #undef WOLF_EXAMPLES_STACK -#define WOLF_EXAMPLES_STACK 65536 +#define WOLF_EXAMPLES_STACK (1<<17) #undef WOLFSSL_GENERAL_ALIGNMENT #define WOLFSSL_GENERAL_ALIGNMENT 4 @@ -27,7 +27,7 @@ extern "C" { /* disable directory support */ #undef NO_WOLFSSL_DIR -#define NO_WOLFSSL_DIR +//#define NO_WOLFSSL_DIR /* disable writev */ #undef NO_WRITEV diff --git a/IDE/INTIME-RTOS/wolfExamples.vcxproj b/IDE/INTIME-RTOS/wolfExamples.vcxproj index 81b1e6d4f..f650244c0 100755 --- a/IDE/INTIME-RTOS/wolfExamples.vcxproj +++ b/IDE/INTIME-RTOS/wolfExamples.vcxproj @@ -66,7 +66,7 @@ Async - WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + WOLFSSL_USER_SETTINGS;_USE_64BIT_TIME_T;%(PreprocessorDefinitions) $(ProjectDir);$(ProjectDir)..\..\;%(AdditionalIncludeDirectories) diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 2e6dc17ac..08a567433 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -464,6 +464,37 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name) return 0; } } while (FindNextFileA(ctx->hFind, &ctx->FindFileData)); + +#elif defined(INTIME_RTOS) + if (pathLen > MAX_FILENAME_SZ - 3) + return BAD_PATH_ERROR; + + XSTRNCPY(ctx->name, path, MAX_FILENAME_SZ - 3); + XSTRNCPY(ctx->name + pathLen, "\\*", MAX_FILENAME_SZ - pathLen); + + if (!FindFirstRtFile(ctx->name, &ctx->FindFileData, 0)) { + WOLFSSL_MSG("FindFirstFile for path verify locations failed"); + return BAD_PATH_ERROR; + } + + do { + if (!(ctx->FindFileData.dwFileAttributes & FILE_ATTR_DIRECTORY)) { + dnameLen = (int)XSTRLEN(ctx->FindFileData.cFileName); + + if (pathLen + dnameLen + 2 > MAX_FILENAME_SZ) { + return BAD_PATH_ERROR; + } + XSTRNCPY(ctx->name, path, pathLen + 1); + ctx->name[pathLen] = '\\'; + XSTRNCPY(ctx->name + pathLen + 1, + ctx->FindFileData.cFileName, + MAX_FILENAME_SZ - pathLen - 1); + if (name) + *name = ctx->name; + return 0; + } + } while (FindNextRtFile(&ctx->FindFileData)); + #elif defined(WOLFSSL_ZEPHYR) if (fs_opendir(&ctx->dir, path) != 0) { WOLFSSL_MSG("opendir path verify locations failed"); @@ -600,6 +631,26 @@ int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name) return 0; } } + +#elif defined(INTIME_RTOS) +while (FindNextRtFile(&ctx->FindFileData)) { + if (!(ctx->FindFileData.dwFileAttributes & FILE_ATTR_DIRECTORY)) { + dnameLen = (int)XSTRLEN(ctx->FindFileData.cFileName); + + if (pathLen + dnameLen + 2 > MAX_FILENAME_SZ) { + return BAD_PATH_ERROR; + } + XSTRNCPY(ctx->name, path, pathLen + 1); + ctx->name[pathLen] = '\\'; + XSTRNCPY(ctx->name + pathLen + 1, + ctx->FindFileData.cFileName, + MAX_FILENAME_SZ - pathLen - 1); + if (name) + *name = ctx->name; + return 0; + } +} + #elif defined(WOLFSSL_ZEPHYR) while ((fs_readdir(&ctx->dir, &ctx->entry)) != 0) { dnameLen = (int)XSTRLEN(ctx->entry.name); @@ -695,6 +746,10 @@ void wc_ReadDirClose(ReadDirCtx* ctx) FindClose(ctx->hFind); ctx->hFind = INVALID_HANDLE_VALUE; } + +#elif defined(INTIME_RTOS) + FindRtFileClose(&ctx->FindFileData); + #elif defined(WOLFSSL_ZEPHYR) if (ctx->dirp) { fs_closedir(ctx->dirp); diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 8a41f4b99..3c1021534 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -729,6 +729,8 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); M2MB_DIR_T* dir; struct M2MB_DIRENT* entry; struct M2MB_STAT s; + #elif defined(INTIME_RTOS) + FIND_FILE_DATA FindFileData; #else struct dirent* entry; DIR* dir; From a8abeeb50e3e6af440dc70ef8275dd264d772b71 Mon Sep 17 00:00:00 2001 From: Stanislav Klima Date: Mon, 22 Mar 2021 09:47:52 +0100 Subject: [PATCH 102/137] Fixed CID 58787. --- src/internal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index 88100e4a0..eeddb1541 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7098,7 +7098,7 @@ int DtlsMsgSet(DtlsMsg* msg, word32 seq, word16 epoch, const byte* data, byte ty { WOLFSSL_ENTER("DtlsMsgSet()"); if (msg != NULL && data != NULL && msg->fragSz <= msg->sz && - (fragOffset + fragSz) <= msg->sz) { + fragOffset <= msg->sz && (fragOffset + fragSz) <= msg->sz) { DtlsFrag* cur = msg->fragList; DtlsFrag* prev = cur; DtlsFrag* newFrag; From 2e25c531117f91b9a2c9c023b2f51e67f007a62f Mon Sep 17 00:00:00 2001 From: Stanislav Klima Date: Mon, 22 Mar 2021 09:50:20 +0100 Subject: [PATCH 103/137] Revert "Fixed CID 583215." This reverts commit 26578be1a792a600091d936139252767d2c25e8a. --- src/ocsp.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/ocsp.c b/src/ocsp.c index 427c1a34c..a8713b8ae 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -625,7 +625,6 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id( if (certStatus) XFREE(certStatus, NULL, DYNAMIC_TYPE_OPENSSL); - wolfSSL_CertManagerFree(cm); return NULL; } From b7ac12edb68c5c62876bf381b768e97b601b0c33 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Mon, 22 Mar 2021 18:16:21 +0700 Subject: [PATCH 104/137] account for leading 0's with r and s during ECC verify --- wolfcrypt/src/port/caam/wolfcaam_ecdsa.c | 42 +++++++++++++----------- 1 file changed, 23 insertions(+), 19 deletions(-) diff --git a/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c b/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c index f80c33617..0f5f2f967 100644 --- a/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c +++ b/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c @@ -97,7 +97,6 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen, word32 ecdsel = 0; byte r[MAX_ECC_BYTES] = {0}; byte s[MAX_ECC_BYTES] = {0}; - word32 outSz; word32 idx = 0; byte pk[MAX_ECC_BYTES] = {0}; @@ -127,16 +126,16 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen, /* private key */ if (key->blackKey > 0) { buf[idx].TheAddress = (CAAM_ADDRESS)key->blackKey; - buf[idx].Length = keySz; args[0] = 1; /* is a black key */ } else { - outSz = mp_unsigned_bin_size(&key->k); - mp_to_unsigned_bin(&key->k, pk); + if (mp_to_unsigned_bin_len(&key->k, pk, keySz) != MP_OKAY) { + return MP_TO_E; + } buf[idx].TheAddress = (CAAM_ADDRESS)pk; - buf[idx].Length = outSz; args[0] = 0; /* non black key */ } + buf[idx].Length = keySz; idx++; /* hash to sign */ @@ -195,7 +194,7 @@ static int wc_CAAM_EccVerify_ex(mp_int* r, mp_int *s, const byte* hash, word32 args[4] = {0}; CAAM_BUFFER buf[9] = {0}; int ret; - int rSz, sSz; + int keySz; word32 idx = 0; word32 ecdsel = 0; @@ -230,9 +229,8 @@ static int wc_CAAM_EccVerify_ex(mp_int* r, mp_int *s, const byte* hash, } /* Wx,y public key */ + keySz = wc_ecc_size(key); if (key->securePubKey > 0) { - int keySz = wc_ecc_size(key); - buf[idx].TheAddress = (CAAM_ADDRESS)key->securePubKey; buf[idx].Length = keySz * 2; args[0] = 1; /* using public key in secure memory */ @@ -251,18 +249,20 @@ static int wc_CAAM_EccVerify_ex(mp_int* r, mp_int *s, const byte* hash, buf[idx].Length = hashlen; idx++; - rSz = mp_unsigned_bin_size(r); - mp_to_unsigned_bin(r, rbuf); + if (mp_to_unsigned_bin_len(r, rbuf, keySz) != MP_OKAY) { + return MP_TO_E; + } buf[idx].TheAddress = (CAAM_ADDRESS)rbuf; - buf[idx].Length = rSz; + buf[idx].Length = keySz; idx++; - sSz = mp_unsigned_bin_size(s); - mp_to_unsigned_bin(s, sbuf); + if (mp_to_unsigned_bin_len(s, sbuf, keySz) != MP_OKAY) { + return MP_TO_E; + } buf[idx].TheAddress = (CAAM_ADDRESS)sbuf; - buf[idx].Length = sSz; + buf[idx].Length = keySz; idx++; /* temporary scratch buffer, the manual calls for it and HW expects it */ @@ -313,7 +313,6 @@ int wc_CAAM_Ecdh(ecc_key* private_key, ecc_key* public_key, byte* out, CAAM_BUFFER buf[9] = {0}; int ret, keySz; word32 ecdsel = 0; /* ecc parameters in hardware */ - word32 outSz; word32 idx = 0; byte pk[MAX_ECC_BYTES] = {0}; @@ -365,16 +364,21 @@ int wc_CAAM_Ecdh(ecc_key* private_key, ecc_key* public_key, byte* out, /* private key */ if (private_key->blackKey > 0) { buf[idx].TheAddress = (CAAM_ADDRESS)private_key->blackKey; - buf[idx].Length = keySz; args[0] = 1; /* is a black key */ } else { - outSz = mp_unsigned_bin_size(&private_key->k); - mp_to_unsigned_bin(&private_key->k, pk); + if (keySz > MAX_ECC_BYTES) { + return BUFFER_E; + } + + if (mp_to_unsigned_bin_len(&private_key->k, pk, keySz) != MP_OKAY) { + return MP_TO_E; + } + buf[idx].TheAddress = (CAAM_ADDRESS)pk; - buf[idx].Length = outSz; args[0] = 0; /* non black key */ } + buf[idx].Length = keySz; idx++; /* output shared secret */ From b3eb2e3dddeb107e27e94a7a2f83acfa25091b4a Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Wed, 17 Mar 2021 09:37:22 -0600 Subject: [PATCH 105/137] Implement peer review feedback Fix items that were missed from peer review Remove dead code Add ret capture of return from XVSNPRINTF --- wolfcrypt/benchmark/benchmark.c | 4 ---- wolfcrypt/src/wc_port.c | 4 ---- wolfssl/wolfcrypt/types.h | 18 +++++++----------- wolfssl/wolfcrypt/wc_port.h | 4 +++- 4 files changed, 10 insertions(+), 20 deletions(-) diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index e6cd032d0..ac868e560 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -4577,8 +4577,6 @@ static void bench_rsa_helper(int doAsync, RsaKey rsaKey[BENCH_MAX_PENDING], /* MDK5 compiler regard this as a executable statement, and does not allow declarations after the line. */ DECLARE_ARRAY_DYNAMIC_DEC(enc, byte, BENCH_MAX_PENDING, rsaKeySz, HEAP_HINT); #else - int idxenc; - int inner_idx_enc; byte* enc[BENCH_MAX_PENDING]; #endif #if !defined(WOLFSSL_RSA_VERIFY_INLINE) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) @@ -4586,8 +4584,6 @@ static void bench_rsa_helper(int doAsync, RsaKey rsaKey[BENCH_MAX_PENDING], /* MDK5 compiler regard this as a executable statement, and does not allow declarations after the line. */ DECLARE_ARRAY_DYNAMIC_DEC(out, byte, BENCH_MAX_PENDING, rsaKeySz, HEAP_HINT); #else - int idxout; - int inner_idx_out; byte* out[BENCH_MAX_PENDING]; #endif #else diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 0d2c85736..bf02950ca 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -441,11 +441,7 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name) XSTRNCPY(ctx->name, path, MAX_FILENAME_SZ - 3); XSTRNCPY(ctx->name + pathLen, "\\*", MAX_FILENAME_SZ - pathLen); - #ifdef _WIN32_WCE - ctx->hFind = FindFirstFileA((LPCWSTR) ctx->name, &ctx->FindFileData); - #else ctx->hFind = FindFirstFileA(ctx->name, &ctx->FindFileData); - #endif if (ctx->hFind == INVALID_HANDLE_VALUE) { WOLFSSL_MSG("FindFirstFile for path verify locations failed"); return BAD_PATH_ERROR; diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 78646281c..8019a125e 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -556,17 +556,17 @@ decouple library dependencies with standard string, memory and so on. { va_list ap; int ret; - + if ((int)n <= 0) return -1; - + va_start(ap, format); - - ret = vsnprintf(s, n, format, ap); + + ret = XVSNPRINTF(s, n, format, ap); if (ret < 0) ret = -1; - + va_end(ap); - + return ret; } #define XSNPRINTF _xsnprintf_ @@ -597,11 +597,7 @@ decouple library dependencies with standard string, memory and so on. if ((int)bufsize <= 0) return -1; va_start(ap, format); - #ifndef _WIN32_WCE - ret = vsnprintf(buffer, bufsize, format, ap); - #else - ret = _vsnprintf(buffer, bufsize, format, ap); - #endif + ret = XVSNPRINTF(buffer, bufsize, format, ap); if (ret >= (int)bufsize) ret = -1; va_end(ap); diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 18d4ce85a..aff4acace 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -631,6 +631,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define XSEEK_END SEEK_END #define XBADFILE NULL #define XFGETS fgets + #define XVSNPRINTF _vsnprintf #elif defined(FUSION_RTOS) #include @@ -883,7 +884,8 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); time_t windows_time(time_t* timer); #define FindNextFileA(h, d) FindNextFile(h, (LPWIN32_FIND_DATAW) d) - #define FindFirstFileA(fn, d) FindFirstFile(fn, (LPWIN32_FIND_DATAW) d) + #define FindFirstFileA(fn, d) FindFirstFile((LPCWSTR) fn, \ + (LPWIN32_FIND_DATAW) d) #define XTIME(t1) windows_time((t1)) #define WOLFSSL_GMTIME From 9313d59479b404f8808a7da2c183e6fdfb66e19f Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 22 Mar 2021 10:45:31 -0700 Subject: [PATCH 106/137] Fix for SNI callback * Fix for SNI callback on server to make sure the SNI data is stored even without setting a hostname. This makes sure the SNI extension is set when there is a registered SNI recv callback. * Fix for Apache HTTPD to include `WOLFSSL_ALWAYS_KEEP_SNI` --- configure.ac | 1 + examples/client/client.c | 2 +- src/tls.c | 24 +++++++++++++++--------- 3 files changed, 17 insertions(+), 10 deletions(-) diff --git a/configure.ac b/configure.ac index 1800ba856..a6d7c1cb7 100644 --- a/configure.ac +++ b/configure.ac @@ -4279,6 +4279,7 @@ then AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_COMP" AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DWOLFSSL_SIGNER_DER_CERT" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI" # Requires OCSP make sure on if test "x$ENABLED_OCSP" = "xno" diff --git a/examples/client/client.c b/examples/client/client.c index e47cf054f..eeed222d4 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -2692,7 +2692,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifdef HAVE_SNI if (sniHostName) { - if (wolfSSL_CTX_UseSNI(ctx, 0, sniHostName, + if (wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, sniHostName, (word16) XSTRLEN(sniHostName)) != WOLFSSL_SUCCESS) { wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("UseSNI failed"); diff --git a/src/tls.c b/src/tls.c index 60fcc7a48..8859a94b4 100644 --- a/src/tls.c +++ b/src/tls.c @@ -2024,18 +2024,24 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, const byte* input, word16 length, #ifndef NO_WOLFSSL_SERVER if (!extension || !extension->data) { - #if defined(WOLFSSL_ALWAYS_KEEP_SNI) && !defined(NO_WOLFSSL_SERVER) - /* This will keep SNI even though TLSX_UseSNI has not been called. - * Enable it so that the received sni is available to functions - * that use a custom callback when SNI is received. - */ - + /* This will keep SNI even though TLSX_UseSNI has not been called. + * Enable it so that the received sni is available to functions + * that use a custom callback when SNI is received. + */ + #ifdef WOLFSSL_ALWAYS_KEEP_SNI + cacheOnly = 1; + #endif + if (ssl->ctx->sniRecvCb) { cacheOnly = 1; + } + + if (cacheOnly) { WOLFSSL_MSG("Forcing SSL object to store SNI parameter"); - #else + } + else { /* Skipping, SNI not enabled at server side. */ return 0; - #endif + } } if (OPAQUE16_LEN > length) @@ -2096,7 +2102,7 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, const byte* input, word16 length, TLSX_SNI_SetStatus(ssl->extensions, type, (byte)matchStat); - if(!cacheOnly) + if (!cacheOnly) TLSX_SetResponse(ssl, TLSX_SERVER_NAME); } else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) { From 089ebf277f826ac62082255950d12bdf6f3296d0 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Tue, 23 Mar 2021 12:53:06 +1000 Subject: [PATCH 107/137] ARMv8 SHA256, SHA512: Add wc_Sha256Transform, wc_Sha512Transform --- wolfcrypt/src/port/arm/armv8-sha256.c | 760 ++++++++++++++------------ wolfcrypt/src/port/arm/armv8-sha512.c | 11 + 2 files changed, 407 insertions(+), 364 deletions(-) diff --git a/wolfcrypt/src/port/arm/armv8-sha256.c b/wolfcrypt/src/port/arm/armv8-sha256.c index 8ae994fc8..de65ec2e6 100644 --- a/wolfcrypt/src/port/arm/armv8-sha256.c +++ b/wolfcrypt/src/port/arm/armv8-sha256.c @@ -96,6 +96,188 @@ static WC_INLINE void AddLength(wc_Sha256* sha256, word32 len) #ifdef __aarch64__ +/* First block is in sha256->buffer and rest in data. */ +static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data, + word32 numBlocks) +{ + word32* k = (word32*)K; + + __asm__ volatile ( + "#load leftover data\n" + "LD1 {v0.2d-v3.2d}, %[buffer] \n" + + "#load current digest\n" + "LD1 {v12.2d-v13.2d}, %[digest] \n" + "MOV w8, %w[blocks] \n" + "REV32 v0.16b, v0.16b \n" + "REV32 v1.16b, v1.16b \n" + "REV32 v2.16b, v2.16b \n" + "REV32 v3.16b, v3.16b \n" + + "#load K values in \n" + "LD1 {v16.4s-v19.4s}, [%[k]], #64 \n" + "LD1 {v20.4s-v23.4s}, [%[k]], #64 \n" + "MOV v14.16b, v12.16b \n" /* store digest for add at the end */ + "MOV v15.16b, v13.16b \n" + "LD1 {v24.4s-v27.4s}, [%[k]], #64 \n" + "LD1 {v28.4s-v31.4s}, [%[k]], #64 \n" + + /* beginning of SHA256 block operation */ + "1:\n" + /* Round 1 */ + "MOV v4.16b, v0.16b \n" + "ADD v0.4s, v0.4s, v16.4s \n" + "MOV v11.16b, v12.16b \n" + "SHA256H q12, q13, v0.4s \n" + "SHA256H2 q13, q11, v0.4s \n" + + /* Round 2 */ + "SHA256SU0 v4.4s, v1.4s \n" + "ADD v0.4s, v1.4s, v17.4s \n" + "MOV v11.16b, v12.16b \n" + "SHA256SU1 v4.4s, v2.4s, v3.4s \n" + "SHA256H q12, q13, v0.4s \n" + "SHA256H2 q13, q11, v0.4s \n" + + /* Round 3 */ + "SHA256SU0 v1.4s, v2.4s \n" + "ADD v0.4s, v2.4s, v18.4s \n" + "MOV v11.16b, v12.16b \n" + "SHA256SU1 v1.4s, v3.4s, v4.4s \n" + "SHA256H q12, q13, v0.4s \n" + "SHA256H2 q13, q11, v0.4s \n" + + /* Round 4 */ + "SHA256SU0 v2.4s, v3.4s \n" + "ADD v0.4s, v3.4s, v19.4s \n" + "MOV v11.16b, v12.16b \n" + "SHA256SU1 v2.4s, v4.4s, v1.4s \n" + "SHA256H q12, q13, v0.4s \n" + "SHA256H2 q13, q11, v0.4s \n" + + /* Round 5 */ + "SHA256SU0 v3.4s, v4.4s \n" + "ADD v0.4s, v4.4s, v20.4s \n" + "MOV v11.16b, v12.16b \n" + "SHA256SU1 v3.4s, v1.4s, v2.4s \n" + "SHA256H q12, q13, v0.4s \n" + "SHA256H2 q13, q11, v0.4s \n" + + /* Round 6 */ + "SHA256SU0 v4.4s, v1.4s \n" + "ADD v0.4s, v1.4s, v21.4s \n" + "MOV v11.16b, v12.16b \n" + "SHA256SU1 v4.4s, v2.4s, v3.4s \n" + "SHA256H q12, q13, v0.4s \n" + "SHA256H2 q13, q11, v0.4s \n" + + /* Round 7 */ + "SHA256SU0 v1.4s, v2.4s \n" + "ADD v0.4s, v2.4s, v22.4s \n" + "MOV v11.16b, v12.16b \n" + "SHA256SU1 v1.4s, v3.4s, v4.4s \n" + "SHA256H q12, q13, v0.4s \n" + "SHA256H2 q13, q11, v0.4s \n" + + /* Round 8 */ + "SHA256SU0 v2.4s, v3.4s \n" + "ADD v0.4s, v3.4s, v23.4s \n" + "MOV v11.16b, v12.16b \n" + "SHA256SU1 v2.4s, v4.4s, v1.4s \n" + "SHA256H q12, q13, v0.4s \n" + "SHA256H2 q13, q11, v0.4s \n" + + /* Round 9 */ + "SHA256SU0 v3.4s, v4.4s \n" + "ADD v0.4s, v4.4s, v24.4s \n" + "MOV v11.16b, v12.16b \n" + "SHA256SU1 v3.4s, v1.4s, v2.4s \n" + "SHA256H q12, q13, v0.4s \n" + "SHA256H2 q13, q11, v0.4s \n" + + /* Round 10 */ + "SHA256SU0 v4.4s, v1.4s \n" + "ADD v0.4s, v1.4s, v25.4s \n" + "MOV v11.16b, v12.16b \n" + "SHA256SU1 v4.4s, v2.4s, v3.4s \n" + "SHA256H q12, q13, v0.4s \n" + "SHA256H2 q13, q11, v0.4s \n" + + /* Round 11 */ + "SHA256SU0 v1.4s, v2.4s \n" + "ADD v0.4s, v2.4s, v26.4s \n" + "MOV v11.16b, v12.16b \n" + "SHA256SU1 v1.4s, v3.4s, v4.4s \n" + "SHA256H q12, q13, v0.4s \n" + "SHA256H2 q13, q11, v0.4s \n" + + /* Round 12 */ + "SHA256SU0 v2.4s, v3.4s \n" + "ADD v0.4s, v3.4s, v27.4s \n" + "MOV v11.16b, v12.16b \n" + "SHA256SU1 v2.4s, v4.4s, v1.4s \n" + "SHA256H q12, q13, v0.4s \n" + "SHA256H2 q13, q11, v0.4s \n" + + /* Round 13 */ + "SHA256SU0 v3.4s, v4.4s \n" + "ADD v0.4s, v4.4s, v28.4s \n" + "MOV v11.16b, v12.16b \n" + "SHA256SU1 v3.4s, v1.4s, v2.4s \n" + "SHA256H q12, q13, v0.4s \n" + "SHA256H2 q13, q11, v0.4s \n" + + /* Round 14 */ + "ADD v0.4s, v1.4s, v29.4s \n" + "MOV v11.16b, v12.16b \n" + "SHA256H q12, q13, v0.4s \n" + "SHA256H2 q13, q11, v0.4s \n" + + /* Round 15 */ + "ADD v0.4s, v2.4s, v30.4s \n" + "MOV v11.16b, v12.16b \n" + "SHA256H q12, q13, v0.4s \n" + "SHA256H2 q13, q11, v0.4s \n" + + /* Round 16 */ + "ADD v0.4s, v3.4s, v31.4s \n" + "MOV v11.16b, v12.16b \n" + "SHA256H q12, q13, v0.4s \n" + "SHA256H2 q13, q11, v0.4s \n" + + "#Add working vars back into digest state \n" + "SUB w8, w8, #1 \n" + "ADD v12.4s, v12.4s, v14.4s \n" + "ADD v13.4s, v13.4s, v15.4s \n" + + "#check if more blocks should be done\n" + "CBZ w8, 2f \n" + + "#load in message and schedule updates \n" + "LD1 {v0.2d-v3.2d}, [%[dataIn]], #64 \n" + "MOV v14.16b, v12.16b \n" + "MOV v15.16b, v13.16b \n" + "REV32 v0.16b, v0.16b \n" + "REV32 v1.16b, v1.16b \n" + "REV32 v2.16b, v2.16b \n" + "REV32 v3.16b, v3.16b \n" + "B 1b \n" /* do another block */ + + "2:\n" + "STP q12, q13, %[out] \n" + + : [out] "=m" (sha256->digest), "=m" (sha256->buffer), "=r" (numBlocks), + "=r" (data), "=r" (k) + : [k] "4" (k), [digest] "m" (sha256->digest), [buffer] "m" (sha256->buffer), + [blocks] "2" (numBlocks), [dataIn] "3" (data) + : "cc", "memory", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", + "v8", "v9", "v10", "v11", "v12", "v13", "v14", + "v15", "v16", "v17", "v18", "v19", "v20", "v21", + "v22", "v23", "v24", "v25", "v26", "v27", "v28", + "v29", "v30", "v31", "w8" + ); +} + /* ARMv8 hardware acceleration */ static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 len) { @@ -115,184 +297,10 @@ static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 le numBlocks = (len + sha256->buffLen)/WC_SHA256_BLOCK_SIZE; if (numBlocks > 0) { - word32* k = (word32*)K; - /* get leftover amount after blocks */ add = (len + sha256->buffLen) - numBlocks * WC_SHA256_BLOCK_SIZE; - __asm__ volatile ( - "#load leftover data\n" - "LD1 {v0.2d-v3.2d}, %[buffer] \n" - "#load current digest\n" - "LD1 {v12.2d-v13.2d}, %[digest] \n" - "MOV w8, %w[blocks] \n" - "REV32 v0.16b, v0.16b \n" - "REV32 v1.16b, v1.16b \n" - "REV32 v2.16b, v2.16b \n" - "REV32 v3.16b, v3.16b \n" - - "#load K values in \n" - "LD1 {v16.4s-v19.4s}, [%[k]], #64 \n" - "LD1 {v20.4s-v23.4s}, [%[k]], #64 \n" - "MOV v14.16b, v12.16b \n" /* store digest for add at the end */ - "MOV v15.16b, v13.16b \n" - "LD1 {v24.4s-v27.4s}, [%[k]], #64 \n" - "LD1 {v28.4s-v31.4s}, [%[k]], #64 \n" - - /* beginning of SHA256 block operation */ - "1:\n" - /* Round 1 */ - "MOV v4.16b, v0.16b \n" - "ADD v0.4s, v0.4s, v16.4s \n" - "MOV v11.16b, v12.16b \n" - "SHA256H q12, q13, v0.4s \n" - "SHA256H2 q13, q11, v0.4s \n" - - /* Round 2 */ - "SHA256SU0 v4.4s, v1.4s \n" - "ADD v0.4s, v1.4s, v17.4s \n" - "MOV v11.16b, v12.16b \n" - "SHA256SU1 v4.4s, v2.4s, v3.4s \n" - "SHA256H q12, q13, v0.4s \n" - "SHA256H2 q13, q11, v0.4s \n" - - /* Round 3 */ - "SHA256SU0 v1.4s, v2.4s \n" - "ADD v0.4s, v2.4s, v18.4s \n" - "MOV v11.16b, v12.16b \n" - "SHA256SU1 v1.4s, v3.4s, v4.4s \n" - "SHA256H q12, q13, v0.4s \n" - "SHA256H2 q13, q11, v0.4s \n" - - /* Round 4 */ - "SHA256SU0 v2.4s, v3.4s \n" - "ADD v0.4s, v3.4s, v19.4s \n" - "MOV v11.16b, v12.16b \n" - "SHA256SU1 v2.4s, v4.4s, v1.4s \n" - "SHA256H q12, q13, v0.4s \n" - "SHA256H2 q13, q11, v0.4s \n" - - /* Round 5 */ - "SHA256SU0 v3.4s, v4.4s \n" - "ADD v0.4s, v4.4s, v20.4s \n" - "MOV v11.16b, v12.16b \n" - "SHA256SU1 v3.4s, v1.4s, v2.4s \n" - "SHA256H q12, q13, v0.4s \n" - "SHA256H2 q13, q11, v0.4s \n" - - /* Round 6 */ - "SHA256SU0 v4.4s, v1.4s \n" - "ADD v0.4s, v1.4s, v21.4s \n" - "MOV v11.16b, v12.16b \n" - "SHA256SU1 v4.4s, v2.4s, v3.4s \n" - "SHA256H q12, q13, v0.4s \n" - "SHA256H2 q13, q11, v0.4s \n" - - /* Round 7 */ - "SHA256SU0 v1.4s, v2.4s \n" - "ADD v0.4s, v2.4s, v22.4s \n" - "MOV v11.16b, v12.16b \n" - "SHA256SU1 v1.4s, v3.4s, v4.4s \n" - "SHA256H q12, q13, v0.4s \n" - "SHA256H2 q13, q11, v0.4s \n" - - /* Round 8 */ - "SHA256SU0 v2.4s, v3.4s \n" - "ADD v0.4s, v3.4s, v23.4s \n" - "MOV v11.16b, v12.16b \n" - "SHA256SU1 v2.4s, v4.4s, v1.4s \n" - "SHA256H q12, q13, v0.4s \n" - "SHA256H2 q13, q11, v0.4s \n" - - /* Round 9 */ - "SHA256SU0 v3.4s, v4.4s \n" - "ADD v0.4s, v4.4s, v24.4s \n" - "MOV v11.16b, v12.16b \n" - "SHA256SU1 v3.4s, v1.4s, v2.4s \n" - "SHA256H q12, q13, v0.4s \n" - "SHA256H2 q13, q11, v0.4s \n" - - /* Round 10 */ - "SHA256SU0 v4.4s, v1.4s \n" - "ADD v0.4s, v1.4s, v25.4s \n" - "MOV v11.16b, v12.16b \n" - "SHA256SU1 v4.4s, v2.4s, v3.4s \n" - "SHA256H q12, q13, v0.4s \n" - "SHA256H2 q13, q11, v0.4s \n" - - /* Round 11 */ - "SHA256SU0 v1.4s, v2.4s \n" - "ADD v0.4s, v2.4s, v26.4s \n" - "MOV v11.16b, v12.16b \n" - "SHA256SU1 v1.4s, v3.4s, v4.4s \n" - "SHA256H q12, q13, v0.4s \n" - "SHA256H2 q13, q11, v0.4s \n" - - /* Round 12 */ - "SHA256SU0 v2.4s, v3.4s \n" - "ADD v0.4s, v3.4s, v27.4s \n" - "MOV v11.16b, v12.16b \n" - "SHA256SU1 v2.4s, v4.4s, v1.4s \n" - "SHA256H q12, q13, v0.4s \n" - "SHA256H2 q13, q11, v0.4s \n" - - /* Round 13 */ - "SHA256SU0 v3.4s, v4.4s \n" - "ADD v0.4s, v4.4s, v28.4s \n" - "MOV v11.16b, v12.16b \n" - "SHA256SU1 v3.4s, v1.4s, v2.4s \n" - "SHA256H q12, q13, v0.4s \n" - "SHA256H2 q13, q11, v0.4s \n" - - /* Round 14 */ - "ADD v0.4s, v1.4s, v29.4s \n" - "MOV v11.16b, v12.16b \n" - "SHA256H q12, q13, v0.4s \n" - "SHA256H2 q13, q11, v0.4s \n" - - /* Round 15 */ - "ADD v0.4s, v2.4s, v30.4s \n" - "MOV v11.16b, v12.16b \n" - "SHA256H q12, q13, v0.4s \n" - "SHA256H2 q13, q11, v0.4s \n" - - /* Round 16 */ - "ADD v0.4s, v3.4s, v31.4s \n" - "MOV v11.16b, v12.16b \n" - "SHA256H q12, q13, v0.4s \n" - "SHA256H2 q13, q11, v0.4s \n" - - "#Add working vars back into digest state \n" - "SUB w8, w8, #1 \n" - "ADD v12.4s, v12.4s, v14.4s \n" - "ADD v13.4s, v13.4s, v15.4s \n" - - "#check if more blocks should be done\n" - "CBZ w8, 2f \n" - - "#load in message and schedule updates \n" - "LD1 {v0.2d-v3.2d}, [%[dataIn]], #64 \n" - "MOV v14.16b, v12.16b \n" - "MOV v15.16b, v13.16b \n" - "REV32 v0.16b, v0.16b \n" - "REV32 v1.16b, v1.16b \n" - "REV32 v2.16b, v2.16b \n" - "REV32 v3.16b, v3.16b \n" - "B 1b \n" /* do another block */ - - "2:\n" - "STP q12, q13, %[out] \n" - - : [out] "=m" (sha256->digest), "=m" (sha256->buffer), "=r" (numBlocks), - "=r" (data), "=r" (k) - : [k] "4" (k), [digest] "m" (sha256->digest), [buffer] "m" (sha256->buffer), - [blocks] "2" (numBlocks), [dataIn] "3" (data) - : "cc", "memory", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", - "v8", "v9", "v10", "v11", "v12", "v13", "v14", - "v15", "v16", "v17", "v18", "v19", "v20", "v21", - "v22", "v23", "v24", "v25", "v26", "v27", "v28", - "v29", "v30", "v31", "w8" - ); + Sha256Transform(sha256, data, numBlocks); AddLength(sha256, WC_SHA256_BLOCK_SIZE * numBlocks); @@ -658,6 +666,202 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash) #else /* not using 64 bit */ +static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data, + word32 numBlocks) +{ + word32* bufPt = sha256->buffer; + word32* digPt = sha256->digest; + + __asm__ volatile ( + "#load leftover data\n" + "VLDM %[buffer]!, {q0-q3} \n" + + "#load current digest\n" + "VLDM %[digest], {q12-q13} \n" + "MOV r8, %[blocks] \n" + "VREV32.8 q0, q0 \n" + "VREV32.8 q1, q1 \n" + "VREV32.8 q2, q2 \n" + "VREV32.8 q3, q3 \n" + "VLDM %[k]! ,{q5-q8} \n" + "VLDM %[k]! ,{q9}\n" + + "VMOV.32 q14, q12 \n" /* store digest for add at the end */ + "VMOV.32 q15, q13 \n" + + /* beginning of SHA256 block operation */ + "1:\n" + + /* Round 1 */ + "VMOV.32 q4, q0 \n" + "VADD.i32 q0, q0, q5 \n" + "VMOV.32 q11, q12 \n" + "SHA256H.32 q12, q13, q0 \n" + "SHA256H2.32 q13, q11, q0 \n" + + /* Round 2 */ + "SHA256SU0.32 q4, q1 \n" + "VADD.i32 q0, q1, q6 \n" + "VMOV.32 q11, q12 \n" + "SHA256SU1.32 q4, q2, q3 \n" + "SHA256H.32 q12, q13, q0 \n" + "SHA256H2.32 q13, q11, q0 \n" + + /* Round 3 */ + "SHA256SU0.32 q1, q2 \n" + "VADD.i32 q0, q2, q7 \n" + "VMOV.32 q11, q12 \n" + "SHA256SU1.32 q1, q3, q4 \n" + "SHA256H.32 q12, q13, q0 \n" + "SHA256H2.32 q13, q11, q0 \n" + + /* Round 4 */ + "SHA256SU0.32 q2, q3 \n" + "VADD.i32 q0, q3, q8 \n" + "VMOV.32 q11, q12 \n" + "SHA256SU1.32 q2, q4, q1 \n" + "SHA256H.32 q12, q13, q0 \n" + "SHA256H2.32 q13, q11, q0 \n" + + /* Round 5 */ + "SHA256SU0.32 q3, q4 \n" + "VADD.i32 q0, q4, q9 \n" + "VMOV.32 q11, q12 \n" + "SHA256SU1.32 q3, q1, q2 \n" + "SHA256H.32 q12, q13, q0 \n" + "SHA256H2.32 q13, q11, q0 \n" + + /* Round 6 */ + "VLD1.32 {q10}, [%[k]]! \n" + "SHA256SU0.32 q4, q1 \n" + "VADD.i32 q0, q1, q10 \n" + "VMOV.32 q11, q12 \n" + "SHA256SU1.32 q4, q2, q3 \n" + "SHA256H.32 q12, q13, q0 \n" + "SHA256H2.32 q13, q11, q0 \n" + + /* Round 7 */ + "VLD1.32 {q10}, [%[k]]! \n" + "SHA256SU0.32 q1, q2 \n" + "VADD.i32 q0, q2, q10 \n" + "VMOV.32 q11, q12 \n" + "SHA256SU1.32 q1, q3, q4 \n" + "SHA256H.32 q12, q13, q0 \n" + "SHA256H2.32 q13, q11, q0 \n" + + /* Round 8 */ + "VLD1.32 {q10}, [%[k]]! \n" + "SHA256SU0.32 q2, q3 \n" + "VADD.i32 q0, q3, q10 \n" + "VMOV.32 q11, q12 \n" + "SHA256SU1.32 q2, q4, q1 \n" + "SHA256H.32 q12, q13, q0 \n" + "SHA256H2.32 q13, q11, q0 \n" + + /* Round 9 */ + "VLD1.32 {q10}, [%[k]]! \n" + "SHA256SU0.32 q3, q4 \n" + "VADD.i32 q0, q4, q10 \n" + "VMOV.32 q11, q12 \n" + "SHA256SU1.32 q3, q1, q2 \n" + "SHA256H.32 q12, q13, q0 \n" + "SHA256H2.32 q13, q11, q0 \n" + + /* Round 10 */ + "VLD1.32 {q10}, [%[k]]! \n" + "SHA256SU0.32 q4, q1 \n" + "VADD.i32 q0, q1, q10 \n" + "VMOV.32 q11, q12 \n" + "SHA256SU1.32 q4, q2, q3 \n" + "SHA256H.32 q12, q13, q0 \n" + "SHA256H2.32 q13, q11, q0 \n" + + /* Round 11 */ + "VLD1.32 {q10}, [%[k]]! \n" + "SHA256SU0.32 q1, q2 \n" + "VADD.i32 q0, q2, q10 \n" + "VMOV.32 q11, q12 \n" + "SHA256SU1.32 q1, q3, q4 \n" + "SHA256H.32 q12, q13, q0 \n" + "SHA256H2.32 q13, q11, q0 \n" + + /* Round 12 */ + "VLD1.32 {q10}, [%[k]]! \n" + "SHA256SU0.32 q2, q3 \n" + "VADD.i32 q0, q3, q10 \n" + "VMOV.32 q11, q12 \n" + "SHA256SU1.32 q2, q4, q1 \n" + "SHA256H.32 q12, q13, q0 \n" + "SHA256H2.32 q13, q11, q0 \n" + + /* Round 13 */ + "VLD1.32 {q10}, [%[k]]! \n" + "SHA256SU0.32 q3, q4 \n" + "VADD.i32 q0, q4, q10 \n" + "VMOV.32 q11, q12 \n" + "SHA256SU1.32 q3, q1, q2 \n" + "SHA256H.32 q12, q13, q0 \n" + "SHA256H2.32 q13, q11, q0 \n" + + /* Round 14 */ + "VLD1.32 {q10}, [%[k]]! \n" + "VADD.i32 q0, q1, q10 \n" + "VMOV.32 q11, q12 \n" + "SHA256H.32 q12, q13, q0 \n" + "SHA256H2.32 q13, q11, q0 \n" + + /* Round 15 */ + "VLD1.32 {q10}, [%[k]]! \n" + "VADD.i32 q0, q2, q10 \n" + "VMOV.32 q11, q12 \n" + "SHA256H.32 q12, q13, q0 \n" + "SHA256H2.32 q13, q11, q0 \n" + + /* Round 16 */ + "VLD1.32 {q10}, [%[k]] \n" + "SUB r8, r8, #1 \n" + "VADD.i32 q0, q3, q10 \n" + "VMOV.32 q11, q12 \n" + "SHA256H.32 q12, q13, q0 \n" + "SHA256H2.32 q13, q11, q0 \n" + + "#Add working vars back into digest state \n" + "VADD.i32 q12, q12, q14 \n" + "VADD.i32 q13, q13, q15 \n" + + "#check if more blocks should be done\n" + "CMP r8, #0 \n" + "BEQ 2f \n" + + "#load in message and schedule updates \n" + "VLD1.32 {q0}, [%[dataIn]]! \n" + "VLD1.32 {q1}, [%[dataIn]]! \n" + "VLD1.32 {q2}, [%[dataIn]]! \n" + "VLD1.32 {q3}, [%[dataIn]]! \n" + + /* reset K pointer */ + "SUB %[k], %[k], #160 \n" + "VREV32.8 q0, q0 \n" + "VREV32.8 q1, q1 \n" + "VREV32.8 q2, q2 \n" + "VREV32.8 q3, q3 \n" + "VMOV.32 q14, q12 \n" + "VMOV.32 q15, q13 \n" + "B 1b \n" /* do another block */ + + "2:\n" + "VST1.32 {q12, q13}, [%[out]] \n" + + : [out] "=r" (digPt), "=r" (bufPt), "=r" (numBlocks), + "=r" (data) + : [k] "r" (K), [digest] "0" (digPt), [buffer] "1" (bufPt), + [blocks] "2" (numBlocks), [dataIn] "3" (data) + : "cc", "memory", "q0", "q1", "q2", "q3", "q4", "q5", "q6", "q7", + "q8", "q9", "q10", "q11", "q12", "q13", "q14", + "q15", "r8" + ); +} + /* ARMv8 hardware acceleration Aarch32 */ static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 len) { @@ -677,198 +881,10 @@ static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 le numBlocks = (len + sha256->buffLen)/WC_SHA256_BLOCK_SIZE; if (numBlocks > 0) { - word32* bufPt = sha256->buffer; - word32* digPt = sha256->digest; /* get leftover amount after blocks */ add = (len + sha256->buffLen) - numBlocks * WC_SHA256_BLOCK_SIZE; - __asm__ volatile ( - "#load leftover data\n" - "VLDM %[buffer]!, {q0-q3} \n" - "#load current digest\n" - "VLDM %[digest], {q12-q13} \n" - "MOV r8, %[blocks] \n" - "VREV32.8 q0, q0 \n" - "VREV32.8 q1, q1 \n" - "VREV32.8 q2, q2 \n" - "VREV32.8 q3, q3 \n" - "VLDM %[k]! ,{q5-q8} \n" - "VLDM %[k]! ,{q9}\n" - - "VMOV.32 q14, q12 \n" /* store digest for add at the end */ - "VMOV.32 q15, q13 \n" - - /* beginning of SHA256 block operation */ - "1:\n" - - /* Round 1 */ - "VMOV.32 q4, q0 \n" - "VADD.i32 q0, q0, q5 \n" - "VMOV.32 q11, q12 \n" - "SHA256H.32 q12, q13, q0 \n" - "SHA256H2.32 q13, q11, q0 \n" - - /* Round 2 */ - "SHA256SU0.32 q4, q1 \n" - "VADD.i32 q0, q1, q6 \n" - "VMOV.32 q11, q12 \n" - "SHA256SU1.32 q4, q2, q3 \n" - "SHA256H.32 q12, q13, q0 \n" - "SHA256H2.32 q13, q11, q0 \n" - - /* Round 3 */ - "SHA256SU0.32 q1, q2 \n" - "VADD.i32 q0, q2, q7 \n" - "VMOV.32 q11, q12 \n" - "SHA256SU1.32 q1, q3, q4 \n" - "SHA256H.32 q12, q13, q0 \n" - "SHA256H2.32 q13, q11, q0 \n" - - /* Round 4 */ - "SHA256SU0.32 q2, q3 \n" - "VADD.i32 q0, q3, q8 \n" - "VMOV.32 q11, q12 \n" - "SHA256SU1.32 q2, q4, q1 \n" - "SHA256H.32 q12, q13, q0 \n" - "SHA256H2.32 q13, q11, q0 \n" - - /* Round 5 */ - "SHA256SU0.32 q3, q4 \n" - "VADD.i32 q0, q4, q9 \n" - "VMOV.32 q11, q12 \n" - "SHA256SU1.32 q3, q1, q2 \n" - "SHA256H.32 q12, q13, q0 \n" - "SHA256H2.32 q13, q11, q0 \n" - - /* Round 6 */ - "VLD1.32 {q10}, [%[k]]! \n" - "SHA256SU0.32 q4, q1 \n" - "VADD.i32 q0, q1, q10 \n" - "VMOV.32 q11, q12 \n" - "SHA256SU1.32 q4, q2, q3 \n" - "SHA256H.32 q12, q13, q0 \n" - "SHA256H2.32 q13, q11, q0 \n" - - /* Round 7 */ - "VLD1.32 {q10}, [%[k]]! \n" - "SHA256SU0.32 q1, q2 \n" - "VADD.i32 q0, q2, q10 \n" - "VMOV.32 q11, q12 \n" - "SHA256SU1.32 q1, q3, q4 \n" - "SHA256H.32 q12, q13, q0 \n" - "SHA256H2.32 q13, q11, q0 \n" - - /* Round 8 */ - "VLD1.32 {q10}, [%[k]]! \n" - "SHA256SU0.32 q2, q3 \n" - "VADD.i32 q0, q3, q10 \n" - "VMOV.32 q11, q12 \n" - "SHA256SU1.32 q2, q4, q1 \n" - "SHA256H.32 q12, q13, q0 \n" - "SHA256H2.32 q13, q11, q0 \n" - - /* Round 9 */ - "VLD1.32 {q10}, [%[k]]! \n" - "SHA256SU0.32 q3, q4 \n" - "VADD.i32 q0, q4, q10 \n" - "VMOV.32 q11, q12 \n" - "SHA256SU1.32 q3, q1, q2 \n" - "SHA256H.32 q12, q13, q0 \n" - "SHA256H2.32 q13, q11, q0 \n" - - /* Round 10 */ - "VLD1.32 {q10}, [%[k]]! \n" - "SHA256SU0.32 q4, q1 \n" - "VADD.i32 q0, q1, q10 \n" - "VMOV.32 q11, q12 \n" - "SHA256SU1.32 q4, q2, q3 \n" - "SHA256H.32 q12, q13, q0 \n" - "SHA256H2.32 q13, q11, q0 \n" - - /* Round 11 */ - "VLD1.32 {q10}, [%[k]]! \n" - "SHA256SU0.32 q1, q2 \n" - "VADD.i32 q0, q2, q10 \n" - "VMOV.32 q11, q12 \n" - "SHA256SU1.32 q1, q3, q4 \n" - "SHA256H.32 q12, q13, q0 \n" - "SHA256H2.32 q13, q11, q0 \n" - - /* Round 12 */ - "VLD1.32 {q10}, [%[k]]! \n" - "SHA256SU0.32 q2, q3 \n" - "VADD.i32 q0, q3, q10 \n" - "VMOV.32 q11, q12 \n" - "SHA256SU1.32 q2, q4, q1 \n" - "SHA256H.32 q12, q13, q0 \n" - "SHA256H2.32 q13, q11, q0 \n" - - /* Round 13 */ - "VLD1.32 {q10}, [%[k]]! \n" - "SHA256SU0.32 q3, q4 \n" - "VADD.i32 q0, q4, q10 \n" - "VMOV.32 q11, q12 \n" - "SHA256SU1.32 q3, q1, q2 \n" - "SHA256H.32 q12, q13, q0 \n" - "SHA256H2.32 q13, q11, q0 \n" - - /* Round 14 */ - "VLD1.32 {q10}, [%[k]]! \n" - "VADD.i32 q0, q1, q10 \n" - "VMOV.32 q11, q12 \n" - "SHA256H.32 q12, q13, q0 \n" - "SHA256H2.32 q13, q11, q0 \n" - - /* Round 15 */ - "VLD1.32 {q10}, [%[k]]! \n" - "VADD.i32 q0, q2, q10 \n" - "VMOV.32 q11, q12 \n" - "SHA256H.32 q12, q13, q0 \n" - "SHA256H2.32 q13, q11, q0 \n" - - /* Round 16 */ - "VLD1.32 {q10}, [%[k]] \n" - "SUB r8, r8, #1 \n" - "VADD.i32 q0, q3, q10 \n" - "VMOV.32 q11, q12 \n" - "SHA256H.32 q12, q13, q0 \n" - "SHA256H2.32 q13, q11, q0 \n" - - "#Add working vars back into digest state \n" - "VADD.i32 q12, q12, q14 \n" - "VADD.i32 q13, q13, q15 \n" - - "#check if more blocks should be done\n" - "CMP r8, #0 \n" - "BEQ 2f \n" - - "#load in message and schedule updates \n" - "VLD1.32 {q0}, [%[dataIn]]! \n" - "VLD1.32 {q1}, [%[dataIn]]! \n" - "VLD1.32 {q2}, [%[dataIn]]! \n" - "VLD1.32 {q3}, [%[dataIn]]! \n" - - /* reset K pointer */ - "SUB %[k], %[k], #160 \n" - "VREV32.8 q0, q0 \n" - "VREV32.8 q1, q1 \n" - "VREV32.8 q2, q2 \n" - "VREV32.8 q3, q3 \n" - "VMOV.32 q14, q12 \n" - "VMOV.32 q15, q13 \n" - "B 1b \n" /* do another block */ - - "2:\n" - "VST1.32 {q12, q13}, [%[out]] \n" - - : [out] "=r" (digPt), "=r" (bufPt), "=r" (numBlocks), - "=r" (data) - : [k] "r" (K), [digest] "0" (digPt), [buffer] "1" (bufPt), - [blocks] "2" (numBlocks), [dataIn] "3" (data) - : "cc", "memory", "q0", "q1", "q2", "q3", "q4", "q5", "q6", "q7", - "q8", "q9", "q10", "q11", "q12", "q13", "q14", - "q15", "r8" - ); + Sha256Transform(sha256, data, numBlocks); AddLength(sha256, WC_SHA256_BLOCK_SIZE * numBlocks); @@ -1401,6 +1417,22 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst) return ret; } +#ifdef OPENSSL_EXTRA +int wc_Sha256Transform(wc_Sha256* sha256, const unsigned char* data) +{ + if (sha256 == NULL || data == NULL) { + return BAD_FUNC_ARG; + } +#ifdef LITTLE_ENDIAN_ORDER + ByteReverseWords(sha256->buffer, (word32*)data, WC_SHA256_BLOCK_SIZE); +#else + XMEMCPY(sha256->buffer, data, WC_SHA256_BLOCK_SIZE); +#endif + Sha256Transform(sha256, data, 1); + return 0; +} +#endif + #endif /* !NO_SHA256 */ diff --git a/wolfcrypt/src/port/arm/armv8-sha512.c b/wolfcrypt/src/port/arm/armv8-sha512.c index 6258a6bdd..956ee3c3c 100644 --- a/wolfcrypt/src/port/arm/armv8-sha512.c +++ b/wolfcrypt/src/port/arm/armv8-sha512.c @@ -483,6 +483,17 @@ void wc_Sha512Free(wc_Sha512* sha512) #endif } +#ifdef OPENSSL_EXTRA +int wc_Sha512Transform(wc_Sha512* sha512, const unsigned char* data) +{ + if (sha512 == NULL || data == NULL) { + return BAD_FUNC_ARG; + } + Transform_Sha512_Len(sha512, data, WC_SHA512_BLOCK_SIZE); + return 0; +} +#endif + #endif /* WOLFSSL_SHA512 */ /* -------------------------------------------------------------------------- */ From 3abcdf059a12b14937f5b2c762aa61ed2228d96b Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Mon, 22 Mar 2021 22:42:49 +0100 Subject: [PATCH 108/137] Chacha-Poly AEAD fix for SCR Wrong cipher material was being used when using Chacha-Poly AEAD for DTLS 1.2 with secure renegotiation --- src/internal.c | 38 +++++++++++++++++++++++++++++++++++--- src/keys.c | 16 ++++++++-------- 2 files changed, 43 insertions(+), 11 deletions(-) diff --git a/src/internal.c b/src/internal.c index b020213b9..67d32a7e3 100644 --- a/src/internal.c +++ b/src/internal.c @@ -13786,14 +13786,34 @@ static int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input, #ifdef CHACHA_AEAD_TEST int i; #endif + Keys* keys = &ssl->keys; XMEMSET(tag, 0, sizeof(tag)); XMEMSET(nonce, 0, sizeof(nonce)); XMEMSET(poly, 0, sizeof(poly)); XMEMSET(add, 0, sizeof(add)); +#if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION) + /* + * For epochs 2+: + * * use ssl->secure_renegotiation when encrypting the current epoch as it + * has the current epoch cipher material + * * use PREV_ORDER if encrypting the epoch not in + * ssl->secure_renegotiation + */ /* opaque SEQ number stored for AD */ - WriteSEQ(ssl, CUR_ORDER, add); + if (ssl->options.dtls && DtlsSCRKeysSet(ssl)) { + if (ssl->keys.dtls_epoch == + ssl->secure_renegotiation->tmp_keys.dtls_epoch) { + keys = &ssl->secure_renegotiation->tmp_keys; + WriteSEQ(ssl, CUR_ORDER, add); + } + else + WriteSEQ(ssl, PREV_ORDER, add); + } + else +#endif + WriteSEQ(ssl, CUR_ORDER, add); if (ssl->options.oldPoly != 0) { /* get nonce. SEQ should not be incremented again here */ @@ -13832,7 +13852,7 @@ static int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input, if (ssl->options.oldPoly == 0) { /* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte * record sequence number XORed with client_write_IV/server_write_IV */ - XMEMCPY(nonce, ssl->keys.aead_enc_imp_IV, CHACHA20_IMP_IV_SZ); + XMEMCPY(nonce, keys->aead_enc_imp_IV, CHACHA20_IMP_IV_SZ); nonce[4] ^= add[0]; nonce[5] ^= add[1]; nonce[6] ^= add[2]; @@ -13940,6 +13960,7 @@ static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input, byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for mac */ int ret = 0; int msgLen = (sz - ssl->specs.aead_mac_size); + Keys* keys = &ssl->keys; #ifdef CHACHA_AEAD_TEST int i; @@ -13957,6 +13978,17 @@ static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input, XMEMSET(nonce, 0, sizeof(nonce)); XMEMSET(add, 0, sizeof(add)); +#if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION) + /* + * For epochs 2+: + * * use ssl->secure_renegotiation when decrypting the latest epoch as it + * has the latest epoch cipher material + */ + if (ssl->options.dtls && DtlsSCRKeysSet(ssl) && + ssl->keys.curEpoch == ssl->secure_renegotiation->tmp_keys.dtls_epoch) + keys = &ssl->secure_renegotiation->tmp_keys; +#endif + /* sequence number field is 64-bits */ WriteSEQ(ssl, PEER_ORDER, add); @@ -13986,7 +14018,7 @@ static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input, if (ssl->options.oldPoly == 0) { /* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte * record sequence number XORed with client_write_IV/server_write_IV */ - XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, CHACHA20_IMP_IV_SZ); + XMEMCPY(nonce, keys->aead_dec_imp_IV, CHACHA20_IMP_IV_SZ); nonce[4] ^= add[0]; nonce[5] ^= add[1]; nonce[6] ^= add[2]; diff --git a/src/keys.c b/src/keys.c index 71da4eb73..67e65feea 100644 --- a/src/keys.c +++ b/src/keys.c @@ -3086,10 +3086,10 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side) #ifdef WOLFSSL_DEBUG_TLS WOLFSSL_MSG("Provisioning ENCRYPT key"); if (ssl->options.side == WOLFSSL_CLIENT_END) { - WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size); + WOLFSSL_BUFFER(keys->client_write_key, ssl->specs.key_size); } else { - WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size); + WOLFSSL_BUFFER(keys->server_write_key, ssl->specs.key_size); } #endif wc_encrypt = &ssl->encrypt; @@ -3099,10 +3099,10 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side) #ifdef WOLFSSL_DEBUG_TLS WOLFSSL_MSG("Provisioning DECRYPT key"); if (ssl->options.side == WOLFSSL_CLIENT_END) { - WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size); + WOLFSSL_BUFFER(keys->server_write_key, ssl->specs.key_size); } else { - WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size); + WOLFSSL_BUFFER(keys->client_write_key, ssl->specs.key_size); } #endif wc_decrypt = &ssl->decrypt; @@ -3112,17 +3112,17 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side) #ifdef WOLFSSL_DEBUG_TLS WOLFSSL_MSG("Provisioning ENCRYPT key"); if (ssl->options.side == WOLFSSL_CLIENT_END) { - WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size); + WOLFSSL_BUFFER(keys->client_write_key, ssl->specs.key_size); } else { - WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size); + WOLFSSL_BUFFER(keys->server_write_key, ssl->specs.key_size); } WOLFSSL_MSG("Provisioning DECRYPT key"); if (ssl->options.side == WOLFSSL_CLIENT_END) { - WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size); + WOLFSSL_BUFFER(keys->server_write_key, ssl->specs.key_size); } else { - WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size); + WOLFSSL_BUFFER(keys->client_write_key, ssl->specs.key_size); } #endif wc_encrypt = &ssl->encrypt; From ee79e1082aa9d8cf1420518b23077063beca654a Mon Sep 17 00:00:00 2001 From: Stanislav Klima Date: Tue, 23 Mar 2021 13:19:32 +0100 Subject: [PATCH 109/137] Updated fix of 58787. --- src/internal.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index eeddb1541..42ac95fce 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7098,7 +7098,8 @@ int DtlsMsgSet(DtlsMsg* msg, word32 seq, word16 epoch, const byte* data, byte ty { WOLFSSL_ENTER("DtlsMsgSet()"); if (msg != NULL && data != NULL && msg->fragSz <= msg->sz && - fragOffset <= msg->sz && (fragOffset + fragSz) <= msg->sz) { + fragSz <= msg->sz && fragOffset <= msg->sz && + (fragOffset + fragSz) <= msg->sz) { DtlsFrag* cur = msg->fragList; DtlsFrag* prev = cur; DtlsFrag* newFrag; From a6e9e71fdece2478577ef98ba1b43770c5366145 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 23 Mar 2021 17:30:56 -0700 Subject: [PATCH 110/137] Synchronization of SP ECC non-blocking code. Adds `WOLFSSL_ECDSA_SET_K_ONE_LOOP` support to SP ECC non-block. Removes double code in verify steps. Fixes verify result logic. Spelling error. --- wolfcrypt/src/sp_arm32.c | 188 ++++++++++++++-------------------- wolfcrypt/src/sp_arm64.c | 188 ++++++++++++++-------------------- wolfcrypt/src/sp_armthumb.c | 188 ++++++++++++++-------------------- wolfcrypt/src/sp_c32.c | 194 ++++++++++++++---------------------- wolfcrypt/src/sp_c64.c | 194 ++++++++++++++---------------------- wolfcrypt/src/sp_cortexm.c | 188 ++++++++++++++-------------------- wolfcrypt/src/sp_x86_64.c | 188 ++++++++++++++-------------------- 7 files changed, 524 insertions(+), 804 deletions(-) diff --git a/wolfcrypt/src/sp_arm32.c b/wolfcrypt/src/sp_arm32.c index 18e31014b..ba22e3828 100644 --- a/wolfcrypt/src/sp_arm32.c +++ b/wolfcrypt/src/sp_arm32.c @@ -36385,13 +36385,10 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W hashLen = 32U; } - sp_256_from_bin(ctx->e, 8, hash, (int)hashLen); - ctx->i = SP_ECC_MAX_SIG_GEN; ctx->state = 1; break; case 1: /* GEN */ - sp_256_from_mp(ctx->x, 8, priv); /* New random point. */ if (km == NULL || mp_iszero(km)) { err = sp_256_ecc_gen_k_8(rng, ctx->k); @@ -36419,6 +36416,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W c = sp_256_cmp_8(ctx->r, p256_order); sp_256_cond_sub_8(ctx->r, ctx->r, p256_order, 0L - (sp_digit)(c >= 0)); sp_256_norm_8(ctx->r); + + sp_256_from_mp(ctx->x, 8, priv); + sp_256_from_bin(ctx->e, 8, hash, (int)hashLen); ctx->state = 4; break; } @@ -36475,6 +36475,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W ctx->state = 10; break; } + #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP + ctx->i = 1; + #endif /* not usable gen, try again */ ctx->i--; @@ -37041,7 +37044,7 @@ typedef struct sp_ecc_verify_256_ctx { int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, - const mp_int* r, const mp_int* sm, int* res, void* heap) + const mp_int* rm, const mp_int* sm, int* res, void* heap) { int err = FP_WOULDBLOCK; sp_ecc_verify_256_ctx* ctx = (sp_ecc_verify_256_ctx*)sp_ctx->data; @@ -37056,7 +37059,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, } sp_256_from_bin(ctx->u1, 8, hash, (int)hashLen); - sp_256_from_mp(ctx->u2, 8, r); + sp_256_from_mp(ctx->u2, 8, rm); sp_256_from_mp(ctx->s, 8, sm); sp_256_from_mp(ctx->p2.x, 8, pX); sp_256_from_mp(ctx->p2.y, 8, pY); @@ -37114,57 +37117,33 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, if (err == MP_OKAY) ctx->state = 9; break; - case 9: /* DBLPREP */ - if (sp_256_iszero_8(ctx->p1.z)) { - if (sp_256_iszero_8(ctx->p1.x) && sp_256_iszero_8(ctx->p1.y)) { - XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx)); - ctx->state = 10; - break; - } - else { - /* Y ordinate is not used from here - don't set. */ - int i; - for (i=0; i<8; i++) { - ctx->p1.x[i] = 0; - } - XMEMCPY(ctx->p1.z, p256_norm_mod, sizeof(p256_norm_mod)); - } - } - ctx->state = 11; - break; - case 10: /* DBL */ - err = sp_256_proj_point_dbl_8_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1, - &ctx->p2, ctx->tmp); - if (err == MP_OKAY) { - ctx->state = 11; - } - break; - case 11: /* MONT */ + case 9: /* MONT */ /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_256_from_mp(ctx->u2, 8, r); + sp_256_from_mp(ctx->u2, 8, rm); err = sp_256_mod_mul_norm_8(ctx->u2, ctx->u2, p256_mod); if (err == MP_OKAY) - ctx->state = 12; + ctx->state = 10; break; - case 12: /* SQR */ + case 10: /* SQR */ /* u1 = r.z'.z' mod prime */ sp_256_mont_sqr_8(ctx->p1.z, ctx->p1.z, p256_mod, p256_mp_mod); - ctx->state = 13; + ctx->state = 11; break; - case 13: /* MUL */ + case 11: /* MUL */ sp_256_mont_mul_8(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, p256_mp_mod); - ctx->state = 14; + ctx->state = 12; break; - case 14: /* RES */ + case 12: /* RES */ + { + int32_t c = 0; err = MP_OKAY; /* math okay, now check result */ *res = (int)(sp_256_cmp_8(ctx->p1.x, ctx->u1) == 0); if (*res == 0) { sp_digit carry; - int32_t c; /* Reload r and add order. */ - sp_256_from_mp(ctx->u2, 8, r); + sp_256_from_mp(ctx->u2, 8, rm); carry = sp_256_add_8(ctx->u2, ctx->u2, p256_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -37172,22 +37151,23 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, /* Compare with mod and if greater or equal then not valid. */ c = sp_256_cmp_8(ctx->u2, p256_mod); - if (c < 0) { - /* Convert to Montogomery form */ - err = sp_256_mod_mul_norm_8(ctx->u2, ctx->u2, p256_mod); - if (err == MP_OKAY) { - /* u1 = (r + 1*order).z'.z' mod prime */ - sp_256_mont_mul_8(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, - p256_mp_mod); - *res = (int)(sp_256_cmp_8(ctx->p1.x, ctx->u1) == 0); - } - } + } + } + if ((*res == 0) && (c < 0)) { + /* Convert to Montogomery form */ + err = sp_256_mod_mul_norm_8(ctx->u2, ctx->u2, p256_mod); + if (err == MP_OKAY) { + /* u1 = (r + 1*order).z'.z' mod prime */ + sp_256_mont_mul_8(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, + p256_mp_mod); + *res = (int)(sp_256_cmp_8(ctx->p1.x, ctx->u1) == 0); } } break; } + } /* switch */ - if (err == MP_OKAY && ctx->state != 14) { + if (err == MP_OKAY && ctx->state != 12) { err = FP_WOULDBLOCK; } @@ -37196,7 +37176,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, - const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, + const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm, int* res, void* heap) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) @@ -37240,7 +37220,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } sp_256_from_bin(u1, 8, hash, (int)hashLen); - sp_256_from_mp(u2, 8, r); + sp_256_from_mp(u2, 8, rm); sp_256_from_mp(s, 8, sm); sp_256_from_mp(p2->x, 8, pX); sp_256_from_mp(p2->y, 8, pY); @@ -37251,7 +37231,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, if (err == MP_OKAY) { /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_256_from_mp(u2, 8, r); + sp_256_from_mp(u2, 8, rm); err = sp_256_mod_mul_norm_8(u2, u2, p256_mod); } @@ -37262,7 +37242,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, *res = (int)(sp_256_cmp_8(p1->x, u1) == 0); if (*res == 0) { /* Reload r and add order. */ - sp_256_from_mp(u2, 8, r); + sp_256_from_mp(u2, 8, rm); carry = sp_256_add_8(u2, u2, p256_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -37271,8 +37251,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, /* Compare with mod and if greater or equal then not valid. */ c = sp_256_cmp_8(u2, p256_mod); } - } - if ((*res == 0) && (c < 0)) { + } + if ((*res == 0) && (c < 0)) { /* Convert to Montogomery form */ err = sp_256_mod_mul_norm_8(u2, u2, p256_mod); if (err == MP_OKAY) { @@ -45623,13 +45603,10 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W hashLen = 48U; } - sp_384_from_bin(ctx->e, 12, hash, (int)hashLen); - ctx->i = SP_ECC_MAX_SIG_GEN; ctx->state = 1; break; case 1: /* GEN */ - sp_384_from_mp(ctx->x, 12, priv); /* New random point. */ if (km == NULL || mp_iszero(km)) { err = sp_384_ecc_gen_k_12(rng, ctx->k); @@ -45657,6 +45634,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W c = sp_384_cmp_12(ctx->r, p384_order); sp_384_cond_sub_12(ctx->r, ctx->r, p384_order, 0L - (sp_digit)(c >= 0)); sp_384_norm_12(ctx->r); + + sp_384_from_mp(ctx->x, 12, priv); + sp_384_from_bin(ctx->e, 12, hash, (int)hashLen); ctx->state = 4; break; } @@ -45713,6 +45693,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W ctx->state = 10; break; } + #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP + ctx->i = 1; + #endif /* not usable gen, try again */ ctx->i--; @@ -46326,7 +46309,7 @@ typedef struct sp_ecc_verify_384_ctx { int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, - const mp_int* r, const mp_int* sm, int* res, void* heap) + const mp_int* rm, const mp_int* sm, int* res, void* heap) { int err = FP_WOULDBLOCK; sp_ecc_verify_384_ctx* ctx = (sp_ecc_verify_384_ctx*)sp_ctx->data; @@ -46341,7 +46324,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, } sp_384_from_bin(ctx->u1, 12, hash, (int)hashLen); - sp_384_from_mp(ctx->u2, 12, r); + sp_384_from_mp(ctx->u2, 12, rm); sp_384_from_mp(ctx->s, 12, sm); sp_384_from_mp(ctx->p2.x, 12, pX); sp_384_from_mp(ctx->p2.y, 12, pY); @@ -46399,57 +46382,33 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, if (err == MP_OKAY) ctx->state = 9; break; - case 9: /* DBLPREP */ - if (sp_384_iszero_12(ctx->p1.z)) { - if (sp_384_iszero_12(ctx->p1.x) && sp_384_iszero_12(ctx->p1.y)) { - XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx)); - ctx->state = 10; - break; - } - else { - /* Y ordinate is not used from here - don't set. */ - int i; - for (i=0; i<12; i++) { - ctx->p1.x[i] = 0; - } - XMEMCPY(ctx->p1.z, p384_norm_mod, sizeof(p384_norm_mod)); - } - } - ctx->state = 11; - break; - case 10: /* DBL */ - err = sp_384_proj_point_dbl_12_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1, - &ctx->p2, ctx->tmp); - if (err == MP_OKAY) { - ctx->state = 11; - } - break; - case 11: /* MONT */ + case 9: /* MONT */ /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_384_from_mp(ctx->u2, 12, r); + sp_384_from_mp(ctx->u2, 12, rm); err = sp_384_mod_mul_norm_12(ctx->u2, ctx->u2, p384_mod); if (err == MP_OKAY) - ctx->state = 12; + ctx->state = 10; break; - case 12: /* SQR */ + case 10: /* SQR */ /* u1 = r.z'.z' mod prime */ sp_384_mont_sqr_12(ctx->p1.z, ctx->p1.z, p384_mod, p384_mp_mod); - ctx->state = 13; + ctx->state = 11; break; - case 13: /* MUL */ + case 11: /* MUL */ sp_384_mont_mul_12(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, p384_mp_mod); - ctx->state = 14; + ctx->state = 12; break; - case 14: /* RES */ + case 12: /* RES */ + { + int32_t c = 0; err = MP_OKAY; /* math okay, now check result */ *res = (int)(sp_384_cmp_12(ctx->p1.x, ctx->u1) == 0); if (*res == 0) { sp_digit carry; - int32_t c; /* Reload r and add order. */ - sp_384_from_mp(ctx->u2, 12, r); + sp_384_from_mp(ctx->u2, 12, rm); carry = sp_384_add_12(ctx->u2, ctx->u2, p384_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -46457,22 +46416,23 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, /* Compare with mod and if greater or equal then not valid. */ c = sp_384_cmp_12(ctx->u2, p384_mod); - if (c < 0) { - /* Convert to Montogomery form */ - err = sp_384_mod_mul_norm_12(ctx->u2, ctx->u2, p384_mod); - if (err == MP_OKAY) { - /* u1 = (r + 1*order).z'.z' mod prime */ - sp_384_mont_mul_12(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, - p384_mp_mod); - *res = (int)(sp_384_cmp_12(ctx->p1.x, ctx->u1) == 0); - } - } + } + } + if ((*res == 0) && (c < 0)) { + /* Convert to Montogomery form */ + err = sp_384_mod_mul_norm_12(ctx->u2, ctx->u2, p384_mod); + if (err == MP_OKAY) { + /* u1 = (r + 1*order).z'.z' mod prime */ + sp_384_mont_mul_12(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, + p384_mp_mod); + *res = (int)(sp_384_cmp_12(ctx->p1.x, ctx->u1) == 0); } } break; } + } /* switch */ - if (err == MP_OKAY && ctx->state != 14) { + if (err == MP_OKAY && ctx->state != 12) { err = FP_WOULDBLOCK; } @@ -46481,7 +46441,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, - const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, + const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm, int* res, void* heap) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) @@ -46525,7 +46485,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } sp_384_from_bin(u1, 12, hash, (int)hashLen); - sp_384_from_mp(u2, 12, r); + sp_384_from_mp(u2, 12, rm); sp_384_from_mp(s, 12, sm); sp_384_from_mp(p2->x, 12, pX); sp_384_from_mp(p2->y, 12, pY); @@ -46536,7 +46496,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, if (err == MP_OKAY) { /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_384_from_mp(u2, 12, r); + sp_384_from_mp(u2, 12, rm); err = sp_384_mod_mul_norm_12(u2, u2, p384_mod); } @@ -46547,7 +46507,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, *res = (int)(sp_384_cmp_12(p1->x, u1) == 0); if (*res == 0) { /* Reload r and add order. */ - sp_384_from_mp(u2, 12, r); + sp_384_from_mp(u2, 12, rm); carry = sp_384_add_12(u2, u2, p384_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -46556,8 +46516,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, /* Compare with mod and if greater or equal then not valid. */ c = sp_384_cmp_12(u2, p384_mod); } - } - if ((*res == 0) && (c < 0)) { + } + if ((*res == 0) && (c < 0)) { /* Convert to Montogomery form */ err = sp_384_mod_mul_norm_12(u2, u2, p384_mod); if (err == MP_OKAY) { diff --git a/wolfcrypt/src/sp_arm64.c b/wolfcrypt/src/sp_arm64.c index 6c0522317..c5b80e9f2 100644 --- a/wolfcrypt/src/sp_arm64.c +++ b/wolfcrypt/src/sp_arm64.c @@ -37947,13 +37947,10 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W hashLen = 32U; } - sp_256_from_bin(ctx->e, 4, hash, (int)hashLen); - ctx->i = SP_ECC_MAX_SIG_GEN; ctx->state = 1; break; case 1: /* GEN */ - sp_256_from_mp(ctx->x, 4, priv); /* New random point. */ if (km == NULL || mp_iszero(km)) { err = sp_256_ecc_gen_k_4(rng, ctx->k); @@ -37981,6 +37978,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W c = sp_256_cmp_4(ctx->r, p256_order); sp_256_cond_sub_4(ctx->r, ctx->r, p256_order, 0L - (sp_digit)(c >= 0)); sp_256_norm_4(ctx->r); + + sp_256_from_mp(ctx->x, 4, priv); + sp_256_from_bin(ctx->e, 4, hash, (int)hashLen); ctx->state = 4; break; } @@ -38037,6 +38037,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W ctx->state = 10; break; } + #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP + ctx->i = 1; + #endif /* not usable gen, try again */ ctx->i--; @@ -38599,7 +38602,7 @@ typedef struct sp_ecc_verify_256_ctx { int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, - const mp_int* r, const mp_int* sm, int* res, void* heap) + const mp_int* rm, const mp_int* sm, int* res, void* heap) { int err = FP_WOULDBLOCK; sp_ecc_verify_256_ctx* ctx = (sp_ecc_verify_256_ctx*)sp_ctx->data; @@ -38614,7 +38617,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, } sp_256_from_bin(ctx->u1, 4, hash, (int)hashLen); - sp_256_from_mp(ctx->u2, 4, r); + sp_256_from_mp(ctx->u2, 4, rm); sp_256_from_mp(ctx->s, 4, sm); sp_256_from_mp(ctx->p2.x, 4, pX); sp_256_from_mp(ctx->p2.y, 4, pY); @@ -38672,57 +38675,33 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, if (err == MP_OKAY) ctx->state = 9; break; - case 9: /* DBLPREP */ - if (sp_256_iszero_4(ctx->p1.z)) { - if (sp_256_iszero_4(ctx->p1.x) && sp_256_iszero_4(ctx->p1.y)) { - XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx)); - ctx->state = 10; - break; - } - else { - /* Y ordinate is not used from here - don't set. */ - int i; - for (i=0; i<4; i++) { - ctx->p1.x[i] = 0; - } - XMEMCPY(ctx->p1.z, p256_norm_mod, sizeof(p256_norm_mod)); - } - } - ctx->state = 11; - break; - case 10: /* DBL */ - err = sp_256_proj_point_dbl_4_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1, - &ctx->p2, ctx->tmp); - if (err == MP_OKAY) { - ctx->state = 11; - } - break; - case 11: /* MONT */ + case 9: /* MONT */ /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_256_from_mp(ctx->u2, 4, r); + sp_256_from_mp(ctx->u2, 4, rm); err = sp_256_mod_mul_norm_4(ctx->u2, ctx->u2, p256_mod); if (err == MP_OKAY) - ctx->state = 12; + ctx->state = 10; break; - case 12: /* SQR */ + case 10: /* SQR */ /* u1 = r.z'.z' mod prime */ sp_256_mont_sqr_4(ctx->p1.z, ctx->p1.z, p256_mod, p256_mp_mod); - ctx->state = 13; + ctx->state = 11; break; - case 13: /* MUL */ + case 11: /* MUL */ sp_256_mont_mul_4(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, p256_mp_mod); - ctx->state = 14; + ctx->state = 12; break; - case 14: /* RES */ + case 12: /* RES */ + { + int64_t c = 0; err = MP_OKAY; /* math okay, now check result */ *res = (int)(sp_256_cmp_4(ctx->p1.x, ctx->u1) == 0); if (*res == 0) { sp_digit carry; - int64_t c; /* Reload r and add order. */ - sp_256_from_mp(ctx->u2, 4, r); + sp_256_from_mp(ctx->u2, 4, rm); carry = sp_256_add_4(ctx->u2, ctx->u2, p256_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -38730,22 +38709,23 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, /* Compare with mod and if greater or equal then not valid. */ c = sp_256_cmp_4(ctx->u2, p256_mod); - if (c < 0) { - /* Convert to Montogomery form */ - err = sp_256_mod_mul_norm_4(ctx->u2, ctx->u2, p256_mod); - if (err == MP_OKAY) { - /* u1 = (r + 1*order).z'.z' mod prime */ - sp_256_mont_mul_4(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, - p256_mp_mod); - *res = (int)(sp_256_cmp_4(ctx->p1.x, ctx->u1) == 0); - } - } + } + } + if ((*res == 0) && (c < 0)) { + /* Convert to Montogomery form */ + err = sp_256_mod_mul_norm_4(ctx->u2, ctx->u2, p256_mod); + if (err == MP_OKAY) { + /* u1 = (r + 1*order).z'.z' mod prime */ + sp_256_mont_mul_4(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, + p256_mp_mod); + *res = (int)(sp_256_cmp_4(ctx->p1.x, ctx->u1) == 0); } } break; } + } /* switch */ - if (err == MP_OKAY && ctx->state != 14) { + if (err == MP_OKAY && ctx->state != 12) { err = FP_WOULDBLOCK; } @@ -38754,7 +38734,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, - const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, + const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm, int* res, void* heap) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) @@ -38798,7 +38778,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } sp_256_from_bin(u1, 4, hash, (int)hashLen); - sp_256_from_mp(u2, 4, r); + sp_256_from_mp(u2, 4, rm); sp_256_from_mp(s, 4, sm); sp_256_from_mp(p2->x, 4, pX); sp_256_from_mp(p2->y, 4, pY); @@ -38809,7 +38789,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, if (err == MP_OKAY) { /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_256_from_mp(u2, 4, r); + sp_256_from_mp(u2, 4, rm); err = sp_256_mod_mul_norm_4(u2, u2, p256_mod); } @@ -38820,7 +38800,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, *res = (int)(sp_256_cmp_4(p1->x, u1) == 0); if (*res == 0) { /* Reload r and add order. */ - sp_256_from_mp(u2, 4, r); + sp_256_from_mp(u2, 4, rm); carry = sp_256_add_4(u2, u2, p256_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -38829,8 +38809,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, /* Compare with mod and if greater or equal then not valid. */ c = sp_256_cmp_4(u2, p256_mod); } - } - if ((*res == 0) && (c < 0)) { + } + if ((*res == 0) && (c < 0)) { /* Convert to Montogomery form */ err = sp_256_mod_mul_norm_4(u2, u2, p256_mod); if (err == MP_OKAY) { @@ -63710,13 +63690,10 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W hashLen = 48U; } - sp_384_from_bin(ctx->e, 6, hash, (int)hashLen); - ctx->i = SP_ECC_MAX_SIG_GEN; ctx->state = 1; break; case 1: /* GEN */ - sp_384_from_mp(ctx->x, 6, priv); /* New random point. */ if (km == NULL || mp_iszero(km)) { err = sp_384_ecc_gen_k_6(rng, ctx->k); @@ -63744,6 +63721,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W c = sp_384_cmp_6(ctx->r, p384_order); sp_384_cond_sub_6(ctx->r, ctx->r, p384_order, 0L - (sp_digit)(c >= 0)); sp_384_norm_6(ctx->r); + + sp_384_from_mp(ctx->x, 6, priv); + sp_384_from_bin(ctx->e, 6, hash, (int)hashLen); ctx->state = 4; break; } @@ -63800,6 +63780,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W ctx->state = 10; break; } + #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP + ctx->i = 1; + #endif /* not usable gen, try again */ ctx->i--; @@ -64247,7 +64230,7 @@ typedef struct sp_ecc_verify_384_ctx { int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, - const mp_int* r, const mp_int* sm, int* res, void* heap) + const mp_int* rm, const mp_int* sm, int* res, void* heap) { int err = FP_WOULDBLOCK; sp_ecc_verify_384_ctx* ctx = (sp_ecc_verify_384_ctx*)sp_ctx->data; @@ -64262,7 +64245,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, } sp_384_from_bin(ctx->u1, 6, hash, (int)hashLen); - sp_384_from_mp(ctx->u2, 6, r); + sp_384_from_mp(ctx->u2, 6, rm); sp_384_from_mp(ctx->s, 6, sm); sp_384_from_mp(ctx->p2.x, 6, pX); sp_384_from_mp(ctx->p2.y, 6, pY); @@ -64320,57 +64303,33 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, if (err == MP_OKAY) ctx->state = 9; break; - case 9: /* DBLPREP */ - if (sp_384_iszero_6(ctx->p1.z)) { - if (sp_384_iszero_6(ctx->p1.x) && sp_384_iszero_6(ctx->p1.y)) { - XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx)); - ctx->state = 10; - break; - } - else { - /* Y ordinate is not used from here - don't set. */ - int i; - for (i=0; i<6; i++) { - ctx->p1.x[i] = 0; - } - XMEMCPY(ctx->p1.z, p384_norm_mod, sizeof(p384_norm_mod)); - } - } - ctx->state = 11; - break; - case 10: /* DBL */ - err = sp_384_proj_point_dbl_6_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1, - &ctx->p2, ctx->tmp); - if (err == MP_OKAY) { - ctx->state = 11; - } - break; - case 11: /* MONT */ + case 9: /* MONT */ /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_384_from_mp(ctx->u2, 6, r); + sp_384_from_mp(ctx->u2, 6, rm); err = sp_384_mod_mul_norm_6(ctx->u2, ctx->u2, p384_mod); if (err == MP_OKAY) - ctx->state = 12; + ctx->state = 10; break; - case 12: /* SQR */ + case 10: /* SQR */ /* u1 = r.z'.z' mod prime */ sp_384_mont_sqr_6(ctx->p1.z, ctx->p1.z, p384_mod, p384_mp_mod); - ctx->state = 13; + ctx->state = 11; break; - case 13: /* MUL */ + case 11: /* MUL */ sp_384_mont_mul_6(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, p384_mp_mod); - ctx->state = 14; + ctx->state = 12; break; - case 14: /* RES */ + case 12: /* RES */ + { + int64_t c = 0; err = MP_OKAY; /* math okay, now check result */ *res = (int)(sp_384_cmp_6(ctx->p1.x, ctx->u1) == 0); if (*res == 0) { sp_digit carry; - int64_t c; /* Reload r and add order. */ - sp_384_from_mp(ctx->u2, 6, r); + sp_384_from_mp(ctx->u2, 6, rm); carry = sp_384_add_6(ctx->u2, ctx->u2, p384_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -64378,22 +64337,23 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, /* Compare with mod and if greater or equal then not valid. */ c = sp_384_cmp_6(ctx->u2, p384_mod); - if (c < 0) { - /* Convert to Montogomery form */ - err = sp_384_mod_mul_norm_6(ctx->u2, ctx->u2, p384_mod); - if (err == MP_OKAY) { - /* u1 = (r + 1*order).z'.z' mod prime */ - sp_384_mont_mul_6(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, - p384_mp_mod); - *res = (int)(sp_384_cmp_6(ctx->p1.x, ctx->u1) == 0); - } - } + } + } + if ((*res == 0) && (c < 0)) { + /* Convert to Montogomery form */ + err = sp_384_mod_mul_norm_6(ctx->u2, ctx->u2, p384_mod); + if (err == MP_OKAY) { + /* u1 = (r + 1*order).z'.z' mod prime */ + sp_384_mont_mul_6(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, + p384_mp_mod); + *res = (int)(sp_384_cmp_6(ctx->p1.x, ctx->u1) == 0); } } break; } + } /* switch */ - if (err == MP_OKAY && ctx->state != 14) { + if (err == MP_OKAY && ctx->state != 12) { err = FP_WOULDBLOCK; } @@ -64402,7 +64362,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, - const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, + const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm, int* res, void* heap) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) @@ -64446,7 +64406,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } sp_384_from_bin(u1, 6, hash, (int)hashLen); - sp_384_from_mp(u2, 6, r); + sp_384_from_mp(u2, 6, rm); sp_384_from_mp(s, 6, sm); sp_384_from_mp(p2->x, 6, pX); sp_384_from_mp(p2->y, 6, pY); @@ -64457,7 +64417,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, if (err == MP_OKAY) { /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_384_from_mp(u2, 6, r); + sp_384_from_mp(u2, 6, rm); err = sp_384_mod_mul_norm_6(u2, u2, p384_mod); } @@ -64468,7 +64428,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, *res = (int)(sp_384_cmp_6(p1->x, u1) == 0); if (*res == 0) { /* Reload r and add order. */ - sp_384_from_mp(u2, 6, r); + sp_384_from_mp(u2, 6, rm); carry = sp_384_add_6(u2, u2, p384_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -64477,8 +64437,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, /* Compare with mod and if greater or equal then not valid. */ c = sp_384_cmp_6(u2, p384_mod); } - } - if ((*res == 0) && (c < 0)) { + } + if ((*res == 0) && (c < 0)) { /* Convert to Montogomery form */ err = sp_384_mod_mul_norm_6(u2, u2, p384_mod); if (err == MP_OKAY) { diff --git a/wolfcrypt/src/sp_armthumb.c b/wolfcrypt/src/sp_armthumb.c index 22ec6841c..e35809c90 100644 --- a/wolfcrypt/src/sp_armthumb.c +++ b/wolfcrypt/src/sp_armthumb.c @@ -21725,13 +21725,10 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W hashLen = 32U; } - sp_256_from_bin(ctx->e, 8, hash, (int)hashLen); - ctx->i = SP_ECC_MAX_SIG_GEN; ctx->state = 1; break; case 1: /* GEN */ - sp_256_from_mp(ctx->x, 8, priv); /* New random point. */ if (km == NULL || mp_iszero(km)) { err = sp_256_ecc_gen_k_8(rng, ctx->k); @@ -21759,6 +21756,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W c = sp_256_cmp_8(ctx->r, p256_order); sp_256_cond_sub_8(ctx->r, ctx->r, p256_order, 0L - (sp_digit)(c >= 0)); sp_256_norm_8(ctx->r); + + sp_256_from_mp(ctx->x, 8, priv); + sp_256_from_bin(ctx->e, 8, hash, (int)hashLen); ctx->state = 4; break; } @@ -21815,6 +21815,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W ctx->state = 10; break; } + #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP + ctx->i = 1; + #endif /* not usable gen, try again */ ctx->i--; @@ -22670,7 +22673,7 @@ typedef struct sp_ecc_verify_256_ctx { int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, - const mp_int* r, const mp_int* sm, int* res, void* heap) + const mp_int* rm, const mp_int* sm, int* res, void* heap) { int err = FP_WOULDBLOCK; sp_ecc_verify_256_ctx* ctx = (sp_ecc_verify_256_ctx*)sp_ctx->data; @@ -22685,7 +22688,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, } sp_256_from_bin(ctx->u1, 8, hash, (int)hashLen); - sp_256_from_mp(ctx->u2, 8, r); + sp_256_from_mp(ctx->u2, 8, rm); sp_256_from_mp(ctx->s, 8, sm); sp_256_from_mp(ctx->p2.x, 8, pX); sp_256_from_mp(ctx->p2.y, 8, pY); @@ -22743,57 +22746,33 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, if (err == MP_OKAY) ctx->state = 9; break; - case 9: /* DBLPREP */ - if (sp_256_iszero_8(ctx->p1.z)) { - if (sp_256_iszero_8(ctx->p1.x) && sp_256_iszero_8(ctx->p1.y)) { - XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx)); - ctx->state = 10; - break; - } - else { - /* Y ordinate is not used from here - don't set. */ - int i; - for (i=0; i<8; i++) { - ctx->p1.x[i] = 0; - } - XMEMCPY(ctx->p1.z, p256_norm_mod, sizeof(p256_norm_mod)); - } - } - ctx->state = 11; - break; - case 10: /* DBL */ - err = sp_256_proj_point_dbl_8_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1, - &ctx->p2, ctx->tmp); - if (err == MP_OKAY) { - ctx->state = 11; - } - break; - case 11: /* MONT */ + case 9: /* MONT */ /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_256_from_mp(ctx->u2, 8, r); + sp_256_from_mp(ctx->u2, 8, rm); err = sp_256_mod_mul_norm_8(ctx->u2, ctx->u2, p256_mod); if (err == MP_OKAY) - ctx->state = 12; + ctx->state = 10; break; - case 12: /* SQR */ + case 10: /* SQR */ /* u1 = r.z'.z' mod prime */ sp_256_mont_sqr_8(ctx->p1.z, ctx->p1.z, p256_mod, p256_mp_mod); - ctx->state = 13; + ctx->state = 11; break; - case 13: /* MUL */ + case 11: /* MUL */ sp_256_mont_mul_8(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, p256_mp_mod); - ctx->state = 14; + ctx->state = 12; break; - case 14: /* RES */ + case 12: /* RES */ + { + int32_t c = 0; err = MP_OKAY; /* math okay, now check result */ *res = (int)(sp_256_cmp_8(ctx->p1.x, ctx->u1) == 0); if (*res == 0) { sp_digit carry; - int32_t c; /* Reload r and add order. */ - sp_256_from_mp(ctx->u2, 8, r); + sp_256_from_mp(ctx->u2, 8, rm); carry = sp_256_add_8(ctx->u2, ctx->u2, p256_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -22801,22 +22780,23 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, /* Compare with mod and if greater or equal then not valid. */ c = sp_256_cmp_8(ctx->u2, p256_mod); - if (c < 0) { - /* Convert to Montogomery form */ - err = sp_256_mod_mul_norm_8(ctx->u2, ctx->u2, p256_mod); - if (err == MP_OKAY) { - /* u1 = (r + 1*order).z'.z' mod prime */ - sp_256_mont_mul_8(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, - p256_mp_mod); - *res = (int)(sp_256_cmp_8(ctx->p1.x, ctx->u1) == 0); - } - } + } + } + if ((*res == 0) && (c < 0)) { + /* Convert to Montogomery form */ + err = sp_256_mod_mul_norm_8(ctx->u2, ctx->u2, p256_mod); + if (err == MP_OKAY) { + /* u1 = (r + 1*order).z'.z' mod prime */ + sp_256_mont_mul_8(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, + p256_mp_mod); + *res = (int)(sp_256_cmp_8(ctx->p1.x, ctx->u1) == 0); } } break; } + } /* switch */ - if (err == MP_OKAY && ctx->state != 14) { + if (err == MP_OKAY && ctx->state != 12) { err = FP_WOULDBLOCK; } @@ -22825,7 +22805,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, - const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, + const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm, int* res, void* heap) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) @@ -22869,7 +22849,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } sp_256_from_bin(u1, 8, hash, (int)hashLen); - sp_256_from_mp(u2, 8, r); + sp_256_from_mp(u2, 8, rm); sp_256_from_mp(s, 8, sm); sp_256_from_mp(p2->x, 8, pX); sp_256_from_mp(p2->y, 8, pY); @@ -22880,7 +22860,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, if (err == MP_OKAY) { /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_256_from_mp(u2, 8, r); + sp_256_from_mp(u2, 8, rm); err = sp_256_mod_mul_norm_8(u2, u2, p256_mod); } @@ -22891,7 +22871,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, *res = (int)(sp_256_cmp_8(p1->x, u1) == 0); if (*res == 0) { /* Reload r and add order. */ - sp_256_from_mp(u2, 8, r); + sp_256_from_mp(u2, 8, rm); carry = sp_256_add_8(u2, u2, p256_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -22900,8 +22880,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, /* Compare with mod and if greater or equal then not valid. */ c = sp_256_cmp_8(u2, p256_mod); } - } - if ((*res == 0) && (c < 0)) { + } + if ((*res == 0) && (c < 0)) { /* Convert to Montogomery form */ err = sp_256_mod_mul_norm_8(u2, u2, p256_mod); if (err == MP_OKAY) { @@ -29420,13 +29400,10 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W hashLen = 48U; } - sp_384_from_bin(ctx->e, 12, hash, (int)hashLen); - ctx->i = SP_ECC_MAX_SIG_GEN; ctx->state = 1; break; case 1: /* GEN */ - sp_384_from_mp(ctx->x, 12, priv); /* New random point. */ if (km == NULL || mp_iszero(km)) { err = sp_384_ecc_gen_k_12(rng, ctx->k); @@ -29454,6 +29431,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W c = sp_384_cmp_12(ctx->r, p384_order); sp_384_cond_sub_12(ctx->r, ctx->r, p384_order, 0L - (sp_digit)(c >= 0)); sp_384_norm_12(ctx->r); + + sp_384_from_mp(ctx->x, 12, priv); + sp_384_from_bin(ctx->e, 12, hash, (int)hashLen); ctx->state = 4; break; } @@ -29510,6 +29490,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W ctx->state = 10; break; } + #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP + ctx->i = 1; + #endif /* not usable gen, try again */ ctx->i--; @@ -30576,7 +30559,7 @@ typedef struct sp_ecc_verify_384_ctx { int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, - const mp_int* r, const mp_int* sm, int* res, void* heap) + const mp_int* rm, const mp_int* sm, int* res, void* heap) { int err = FP_WOULDBLOCK; sp_ecc_verify_384_ctx* ctx = (sp_ecc_verify_384_ctx*)sp_ctx->data; @@ -30591,7 +30574,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, } sp_384_from_bin(ctx->u1, 12, hash, (int)hashLen); - sp_384_from_mp(ctx->u2, 12, r); + sp_384_from_mp(ctx->u2, 12, rm); sp_384_from_mp(ctx->s, 12, sm); sp_384_from_mp(ctx->p2.x, 12, pX); sp_384_from_mp(ctx->p2.y, 12, pY); @@ -30649,57 +30632,33 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, if (err == MP_OKAY) ctx->state = 9; break; - case 9: /* DBLPREP */ - if (sp_384_iszero_12(ctx->p1.z)) { - if (sp_384_iszero_12(ctx->p1.x) && sp_384_iszero_12(ctx->p1.y)) { - XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx)); - ctx->state = 10; - break; - } - else { - /* Y ordinate is not used from here - don't set. */ - int i; - for (i=0; i<12; i++) { - ctx->p1.x[i] = 0; - } - XMEMCPY(ctx->p1.z, p384_norm_mod, sizeof(p384_norm_mod)); - } - } - ctx->state = 11; - break; - case 10: /* DBL */ - err = sp_384_proj_point_dbl_12_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1, - &ctx->p2, ctx->tmp); - if (err == MP_OKAY) { - ctx->state = 11; - } - break; - case 11: /* MONT */ + case 9: /* MONT */ /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_384_from_mp(ctx->u2, 12, r); + sp_384_from_mp(ctx->u2, 12, rm); err = sp_384_mod_mul_norm_12(ctx->u2, ctx->u2, p384_mod); if (err == MP_OKAY) - ctx->state = 12; + ctx->state = 10; break; - case 12: /* SQR */ + case 10: /* SQR */ /* u1 = r.z'.z' mod prime */ sp_384_mont_sqr_12(ctx->p1.z, ctx->p1.z, p384_mod, p384_mp_mod); - ctx->state = 13; + ctx->state = 11; break; - case 13: /* MUL */ + case 11: /* MUL */ sp_384_mont_mul_12(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, p384_mp_mod); - ctx->state = 14; + ctx->state = 12; break; - case 14: /* RES */ + case 12: /* RES */ + { + int32_t c = 0; err = MP_OKAY; /* math okay, now check result */ *res = (int)(sp_384_cmp_12(ctx->p1.x, ctx->u1) == 0); if (*res == 0) { sp_digit carry; - int32_t c; /* Reload r and add order. */ - sp_384_from_mp(ctx->u2, 12, r); + sp_384_from_mp(ctx->u2, 12, rm); carry = sp_384_add_12(ctx->u2, ctx->u2, p384_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -30707,22 +30666,23 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, /* Compare with mod and if greater or equal then not valid. */ c = sp_384_cmp_12(ctx->u2, p384_mod); - if (c < 0) { - /* Convert to Montogomery form */ - err = sp_384_mod_mul_norm_12(ctx->u2, ctx->u2, p384_mod); - if (err == MP_OKAY) { - /* u1 = (r + 1*order).z'.z' mod prime */ - sp_384_mont_mul_12(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, - p384_mp_mod); - *res = (int)(sp_384_cmp_12(ctx->p1.x, ctx->u1) == 0); - } - } + } + } + if ((*res == 0) && (c < 0)) { + /* Convert to Montogomery form */ + err = sp_384_mod_mul_norm_12(ctx->u2, ctx->u2, p384_mod); + if (err == MP_OKAY) { + /* u1 = (r + 1*order).z'.z' mod prime */ + sp_384_mont_mul_12(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, + p384_mp_mod); + *res = (int)(sp_384_cmp_12(ctx->p1.x, ctx->u1) == 0); } } break; } + } /* switch */ - if (err == MP_OKAY && ctx->state != 14) { + if (err == MP_OKAY && ctx->state != 12) { err = FP_WOULDBLOCK; } @@ -30731,7 +30691,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, - const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, + const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm, int* res, void* heap) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) @@ -30775,7 +30735,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } sp_384_from_bin(u1, 12, hash, (int)hashLen); - sp_384_from_mp(u2, 12, r); + sp_384_from_mp(u2, 12, rm); sp_384_from_mp(s, 12, sm); sp_384_from_mp(p2->x, 12, pX); sp_384_from_mp(p2->y, 12, pY); @@ -30786,7 +30746,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, if (err == MP_OKAY) { /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_384_from_mp(u2, 12, r); + sp_384_from_mp(u2, 12, rm); err = sp_384_mod_mul_norm_12(u2, u2, p384_mod); } @@ -30797,7 +30757,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, *res = (int)(sp_384_cmp_12(p1->x, u1) == 0); if (*res == 0) { /* Reload r and add order. */ - sp_384_from_mp(u2, 12, r); + sp_384_from_mp(u2, 12, rm); carry = sp_384_add_12(u2, u2, p384_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -30806,8 +30766,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, /* Compare with mod and if greater or equal then not valid. */ c = sp_384_cmp_12(u2, p384_mod); } - } - if ((*res == 0) && (c < 0)) { + } + if ((*res == 0) && (c < 0)) { /* Convert to Montogomery form */ err = sp_384_mod_mul_norm_12(u2, u2, p384_mod); if (err == MP_OKAY) { diff --git a/wolfcrypt/src/sp_c32.c b/wolfcrypt/src/sp_c32.c index 089b7f1d2..934b7d9c5 100644 --- a/wolfcrypt/src/sp_c32.c +++ b/wolfcrypt/src/sp_c32.c @@ -14499,7 +14499,7 @@ static int sp_256_ecc_mulmod_10(sp_point_256* r, const sp_point_256* g, int y; int err = MP_OKAY; - /* Implementatio is constant time. */ + /* Implementation is constant time. */ (void)ct; (void)heap; @@ -18080,13 +18080,10 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W hashLen = 32U; } - sp_256_from_bin(ctx->e, 10, hash, (int)hashLen); - ctx->i = SP_ECC_MAX_SIG_GEN; ctx->state = 1; break; case 1: /* GEN */ - sp_256_from_mp(ctx->x, 10, priv); /* New random point. */ if (km == NULL || mp_iszero(km)) { err = sp_256_ecc_gen_k_10(rng, ctx->k); @@ -18114,6 +18111,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W c = sp_256_cmp_10(ctx->r, p256_order); sp_256_cond_sub_10(ctx->r, ctx->r, p256_order, 0L - (sp_digit)(c >= 0)); sp_256_norm_10(ctx->r); + + sp_256_from_mp(ctx->x, 10, priv); + sp_256_from_bin(ctx->e, 10, hash, (int)hashLen); ctx->state = 4; break; } @@ -18170,6 +18170,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W ctx->state = 10; break; } + #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP + ctx->i = 1; + #endif /* not usable gen, try again */ ctx->i--; @@ -18603,7 +18606,7 @@ typedef struct sp_ecc_verify_256_ctx { int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, - const mp_int* r, const mp_int* sm, int* res, void* heap) + const mp_int* rm, const mp_int* sm, int* res, void* heap) { int err = FP_WOULDBLOCK; sp_ecc_verify_256_ctx* ctx = (sp_ecc_verify_256_ctx*)sp_ctx->data; @@ -18618,7 +18621,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, } sp_256_from_bin(ctx->u1, 10, hash, (int)hashLen); - sp_256_from_mp(ctx->u2, 10, r); + sp_256_from_mp(ctx->u2, 10, rm); sp_256_from_mp(ctx->s, 10, sm); sp_256_from_mp(ctx->p2.x, 10, pX); sp_256_from_mp(ctx->p2.y, 10, pY); @@ -18676,57 +18679,33 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, if (err == MP_OKAY) ctx->state = 9; break; - case 9: /* DBLPREP */ - if (sp_256_iszero_10(ctx->p1.z)) { - if (sp_256_iszero_10(ctx->p1.x) && sp_256_iszero_10(ctx->p1.y)) { - XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx)); - ctx->state = 10; - break; - } - else { - /* Y ordinate is not used from here - don't set. */ - int i; - for (i=0; i<10; i++) { - ctx->p1.x[i] = 0; - } - XMEMCPY(ctx->p1.z, p256_norm_mod, sizeof(p256_norm_mod)); - } - } - ctx->state = 11; - break; - case 10: /* DBL */ - err = sp_256_proj_point_dbl_10_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1, - &ctx->p2, ctx->tmp); - if (err == MP_OKAY) { - ctx->state = 11; - } - break; - case 11: /* MONT */ + case 9: /* MONT */ /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_256_from_mp(ctx->u2, 10, r); + sp_256_from_mp(ctx->u2, 10, rm); err = sp_256_mod_mul_norm_10(ctx->u2, ctx->u2, p256_mod); if (err == MP_OKAY) - ctx->state = 12; + ctx->state = 10; break; - case 12: /* SQR */ + case 10: /* SQR */ /* u1 = r.z'.z' mod prime */ sp_256_mont_sqr_10(ctx->p1.z, ctx->p1.z, p256_mod, p256_mp_mod); - ctx->state = 13; + ctx->state = 11; break; - case 13: /* MUL */ + case 11: /* MUL */ sp_256_mont_mul_10(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, p256_mp_mod); - ctx->state = 14; + ctx->state = 12; break; - case 14: /* RES */ + case 12: /* RES */ + { + int32_t c = 0; err = MP_OKAY; /* math okay, now check result */ *res = (int)(sp_256_cmp_10(ctx->p1.x, ctx->u1) == 0); if (*res == 0) { sp_digit carry; - int32_t c; /* Reload r and add order. */ - sp_256_from_mp(ctx->u2, 10, r); + sp_256_from_mp(ctx->u2, 10, rm); carry = sp_256_add_10(ctx->u2, ctx->u2, p256_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -18734,22 +18713,23 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, /* Compare with mod and if greater or equal then not valid. */ c = sp_256_cmp_10(ctx->u2, p256_mod); - if (c < 0) { - /* Convert to Montogomery form */ - err = sp_256_mod_mul_norm_10(ctx->u2, ctx->u2, p256_mod); - if (err == MP_OKAY) { - /* u1 = (r + 1*order).z'.z' mod prime */ - sp_256_mont_mul_10(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, - p256_mp_mod); - *res = (int)(sp_256_cmp_10(ctx->p1.x, ctx->u1) == 0); - } - } + } + } + if ((*res == 0) && (c < 0)) { + /* Convert to Montogomery form */ + err = sp_256_mod_mul_norm_10(ctx->u2, ctx->u2, p256_mod); + if (err == MP_OKAY) { + /* u1 = (r + 1*order).z'.z' mod prime */ + sp_256_mont_mul_10(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, + p256_mp_mod); + *res = (int)(sp_256_cmp_10(ctx->p1.x, ctx->u1) == 0); } } break; } + } /* switch */ - if (err == MP_OKAY && ctx->state != 14) { + if (err == MP_OKAY && ctx->state != 12) { err = FP_WOULDBLOCK; } @@ -18758,7 +18738,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, - const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, + const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm, int* res, void* heap) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) @@ -18802,7 +18782,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } sp_256_from_bin(u1, 10, hash, (int)hashLen); - sp_256_from_mp(u2, 10, r); + sp_256_from_mp(u2, 10, rm); sp_256_from_mp(s, 10, sm); sp_256_from_mp(p2->x, 10, pX); sp_256_from_mp(p2->y, 10, pY); @@ -18813,7 +18793,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, if (err == MP_OKAY) { /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_256_from_mp(u2, 10, r); + sp_256_from_mp(u2, 10, rm); err = sp_256_mod_mul_norm_10(u2, u2, p256_mod); } @@ -18824,7 +18804,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, *res = (int)(sp_256_cmp_10(p1->x, u1) == 0); if (*res == 0) { /* Reload r and add order. */ - sp_256_from_mp(u2, 10, r); + sp_256_from_mp(u2, 10, rm); carry = sp_256_add_10(u2, u2, p256_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -18833,8 +18813,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, /* Compare with mod and if greater or equal then not valid. */ c = sp_256_cmp_10(u2, p256_mod); } - } - if ((*res == 0) && (c < 0)) { + } + if ((*res == 0) && (c < 0)) { /* Convert to Montogomery form */ err = sp_256_mod_mul_norm_10(u2, u2, p256_mod); if (err == MP_OKAY) { @@ -21675,7 +21655,7 @@ static int sp_384_ecc_mulmod_15(sp_point_384* r, const sp_point_384* g, int y; int err = MP_OKAY; - /* Implementatio is constant time. */ + /* Implementation is constant time. */ (void)ct; (void)heap; @@ -25807,13 +25787,10 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W hashLen = 48U; } - sp_384_from_bin(ctx->e, 15, hash, (int)hashLen); - ctx->i = SP_ECC_MAX_SIG_GEN; ctx->state = 1; break; case 1: /* GEN */ - sp_384_from_mp(ctx->x, 15, priv); /* New random point. */ if (km == NULL || mp_iszero(km)) { err = sp_384_ecc_gen_k_15(rng, ctx->k); @@ -25841,6 +25818,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W c = sp_384_cmp_15(ctx->r, p384_order); sp_384_cond_sub_15(ctx->r, ctx->r, p384_order, 0L - (sp_digit)(c >= 0)); sp_384_norm_15(ctx->r); + + sp_384_from_mp(ctx->x, 15, priv); + sp_384_from_bin(ctx->e, 15, hash, (int)hashLen); ctx->state = 4; break; } @@ -25897,6 +25877,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W ctx->state = 10; break; } + #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP + ctx->i = 1; + #endif /* not usable gen, try again */ ctx->i--; @@ -26335,7 +26318,7 @@ typedef struct sp_ecc_verify_384_ctx { int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, - const mp_int* r, const mp_int* sm, int* res, void* heap) + const mp_int* rm, const mp_int* sm, int* res, void* heap) { int err = FP_WOULDBLOCK; sp_ecc_verify_384_ctx* ctx = (sp_ecc_verify_384_ctx*)sp_ctx->data; @@ -26350,7 +26333,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, } sp_384_from_bin(ctx->u1, 15, hash, (int)hashLen); - sp_384_from_mp(ctx->u2, 15, r); + sp_384_from_mp(ctx->u2, 15, rm); sp_384_from_mp(ctx->s, 15, sm); sp_384_from_mp(ctx->p2.x, 15, pX); sp_384_from_mp(ctx->p2.y, 15, pY); @@ -26408,57 +26391,33 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, if (err == MP_OKAY) ctx->state = 9; break; - case 9: /* DBLPREP */ - if (sp_384_iszero_15(ctx->p1.z)) { - if (sp_384_iszero_15(ctx->p1.x) && sp_384_iszero_15(ctx->p1.y)) { - XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx)); - ctx->state = 10; - break; - } - else { - /* Y ordinate is not used from here - don't set. */ - int i; - for (i=0; i<15; i++) { - ctx->p1.x[i] = 0; - } - XMEMCPY(ctx->p1.z, p384_norm_mod, sizeof(p384_norm_mod)); - } - } - ctx->state = 11; - break; - case 10: /* DBL */ - err = sp_384_proj_point_dbl_15_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1, - &ctx->p2, ctx->tmp); - if (err == MP_OKAY) { - ctx->state = 11; - } - break; - case 11: /* MONT */ + case 9: /* MONT */ /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_384_from_mp(ctx->u2, 15, r); + sp_384_from_mp(ctx->u2, 15, rm); err = sp_384_mod_mul_norm_15(ctx->u2, ctx->u2, p384_mod); if (err == MP_OKAY) - ctx->state = 12; + ctx->state = 10; break; - case 12: /* SQR */ + case 10: /* SQR */ /* u1 = r.z'.z' mod prime */ sp_384_mont_sqr_15(ctx->p1.z, ctx->p1.z, p384_mod, p384_mp_mod); - ctx->state = 13; + ctx->state = 11; break; - case 13: /* MUL */ + case 11: /* MUL */ sp_384_mont_mul_15(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, p384_mp_mod); - ctx->state = 14; + ctx->state = 12; break; - case 14: /* RES */ + case 12: /* RES */ + { + int32_t c = 0; err = MP_OKAY; /* math okay, now check result */ *res = (int)(sp_384_cmp_15(ctx->p1.x, ctx->u1) == 0); if (*res == 0) { sp_digit carry; - int32_t c; /* Reload r and add order. */ - sp_384_from_mp(ctx->u2, 15, r); + sp_384_from_mp(ctx->u2, 15, rm); carry = sp_384_add_15(ctx->u2, ctx->u2, p384_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -26466,22 +26425,23 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, /* Compare with mod and if greater or equal then not valid. */ c = sp_384_cmp_15(ctx->u2, p384_mod); - if (c < 0) { - /* Convert to Montogomery form */ - err = sp_384_mod_mul_norm_15(ctx->u2, ctx->u2, p384_mod); - if (err == MP_OKAY) { - /* u1 = (r + 1*order).z'.z' mod prime */ - sp_384_mont_mul_15(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, - p384_mp_mod); - *res = (int)(sp_384_cmp_15(ctx->p1.x, ctx->u1) == 0); - } - } + } + } + if ((*res == 0) && (c < 0)) { + /* Convert to Montogomery form */ + err = sp_384_mod_mul_norm_15(ctx->u2, ctx->u2, p384_mod); + if (err == MP_OKAY) { + /* u1 = (r + 1*order).z'.z' mod prime */ + sp_384_mont_mul_15(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, + p384_mp_mod); + *res = (int)(sp_384_cmp_15(ctx->p1.x, ctx->u1) == 0); } } break; } + } /* switch */ - if (err == MP_OKAY && ctx->state != 14) { + if (err == MP_OKAY && ctx->state != 12) { err = FP_WOULDBLOCK; } @@ -26490,7 +26450,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, - const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, + const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm, int* res, void* heap) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) @@ -26534,7 +26494,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } sp_384_from_bin(u1, 15, hash, (int)hashLen); - sp_384_from_mp(u2, 15, r); + sp_384_from_mp(u2, 15, rm); sp_384_from_mp(s, 15, sm); sp_384_from_mp(p2->x, 15, pX); sp_384_from_mp(p2->y, 15, pY); @@ -26545,7 +26505,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, if (err == MP_OKAY) { /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_384_from_mp(u2, 15, r); + sp_384_from_mp(u2, 15, rm); err = sp_384_mod_mul_norm_15(u2, u2, p384_mod); } @@ -26556,7 +26516,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, *res = (int)(sp_384_cmp_15(p1->x, u1) == 0); if (*res == 0) { /* Reload r and add order. */ - sp_384_from_mp(u2, 15, r); + sp_384_from_mp(u2, 15, rm); carry = sp_384_add_15(u2, u2, p384_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -26565,8 +26525,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, /* Compare with mod and if greater or equal then not valid. */ c = sp_384_cmp_15(u2, p384_mod); } - } - if ((*res == 0) && (c < 0)) { + } + if ((*res == 0) && (c < 0)) { /* Convert to Montogomery form */ err = sp_384_mod_mul_norm_15(u2, u2, p384_mod); if (err == MP_OKAY) { @@ -29469,7 +29429,7 @@ static int sp_1024_ecc_mulmod_42(sp_point_1024* r, const sp_point_1024* g, int y; int err = MP_OKAY; - /* Implementatio is constant time. */ + /* Implementation is constant time. */ (void)ct; (void)heap; diff --git a/wolfcrypt/src/sp_c64.c b/wolfcrypt/src/sp_c64.c index 297311504..d50d010dd 100644 --- a/wolfcrypt/src/sp_c64.c +++ b/wolfcrypt/src/sp_c64.c @@ -14359,7 +14359,7 @@ static int sp_256_ecc_mulmod_5(sp_point_256* r, const sp_point_256* g, int y; int err = MP_OKAY; - /* Implementatio is constant time. */ + /* Implementation is constant time. */ (void)ct; (void)heap; @@ -17861,13 +17861,10 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W hashLen = 32U; } - sp_256_from_bin(ctx->e, 5, hash, (int)hashLen); - ctx->i = SP_ECC_MAX_SIG_GEN; ctx->state = 1; break; case 1: /* GEN */ - sp_256_from_mp(ctx->x, 5, priv); /* New random point. */ if (km == NULL || mp_iszero(km)) { err = sp_256_ecc_gen_k_5(rng, ctx->k); @@ -17895,6 +17892,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W c = sp_256_cmp_5(ctx->r, p256_order); sp_256_cond_sub_5(ctx->r, ctx->r, p256_order, 0L - (sp_digit)(c >= 0)); sp_256_norm_5(ctx->r); + + sp_256_from_mp(ctx->x, 5, priv); + sp_256_from_bin(ctx->e, 5, hash, (int)hashLen); ctx->state = 4; break; } @@ -17951,6 +17951,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W ctx->state = 10; break; } + #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP + ctx->i = 1; + #endif /* not usable gen, try again */ ctx->i--; @@ -18384,7 +18387,7 @@ typedef struct sp_ecc_verify_256_ctx { int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, - const mp_int* r, const mp_int* sm, int* res, void* heap) + const mp_int* rm, const mp_int* sm, int* res, void* heap) { int err = FP_WOULDBLOCK; sp_ecc_verify_256_ctx* ctx = (sp_ecc_verify_256_ctx*)sp_ctx->data; @@ -18399,7 +18402,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, } sp_256_from_bin(ctx->u1, 5, hash, (int)hashLen); - sp_256_from_mp(ctx->u2, 5, r); + sp_256_from_mp(ctx->u2, 5, rm); sp_256_from_mp(ctx->s, 5, sm); sp_256_from_mp(ctx->p2.x, 5, pX); sp_256_from_mp(ctx->p2.y, 5, pY); @@ -18457,57 +18460,33 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, if (err == MP_OKAY) ctx->state = 9; break; - case 9: /* DBLPREP */ - if (sp_256_iszero_5(ctx->p1.z)) { - if (sp_256_iszero_5(ctx->p1.x) && sp_256_iszero_5(ctx->p1.y)) { - XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx)); - ctx->state = 10; - break; - } - else { - /* Y ordinate is not used from here - don't set. */ - int i; - for (i=0; i<5; i++) { - ctx->p1.x[i] = 0; - } - XMEMCPY(ctx->p1.z, p256_norm_mod, sizeof(p256_norm_mod)); - } - } - ctx->state = 11; - break; - case 10: /* DBL */ - err = sp_256_proj_point_dbl_5_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1, - &ctx->p2, ctx->tmp); - if (err == MP_OKAY) { - ctx->state = 11; - } - break; - case 11: /* MONT */ + case 9: /* MONT */ /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_256_from_mp(ctx->u2, 5, r); + sp_256_from_mp(ctx->u2, 5, rm); err = sp_256_mod_mul_norm_5(ctx->u2, ctx->u2, p256_mod); if (err == MP_OKAY) - ctx->state = 12; + ctx->state = 10; break; - case 12: /* SQR */ + case 10: /* SQR */ /* u1 = r.z'.z' mod prime */ sp_256_mont_sqr_5(ctx->p1.z, ctx->p1.z, p256_mod, p256_mp_mod); - ctx->state = 13; + ctx->state = 11; break; - case 13: /* MUL */ + case 11: /* MUL */ sp_256_mont_mul_5(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, p256_mp_mod); - ctx->state = 14; + ctx->state = 12; break; - case 14: /* RES */ + case 12: /* RES */ + { + int64_t c = 0; err = MP_OKAY; /* math okay, now check result */ *res = (int)(sp_256_cmp_5(ctx->p1.x, ctx->u1) == 0); if (*res == 0) { sp_digit carry; - int64_t c; /* Reload r and add order. */ - sp_256_from_mp(ctx->u2, 5, r); + sp_256_from_mp(ctx->u2, 5, rm); carry = sp_256_add_5(ctx->u2, ctx->u2, p256_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -18515,22 +18494,23 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, /* Compare with mod and if greater or equal then not valid. */ c = sp_256_cmp_5(ctx->u2, p256_mod); - if (c < 0) { - /* Convert to Montogomery form */ - err = sp_256_mod_mul_norm_5(ctx->u2, ctx->u2, p256_mod); - if (err == MP_OKAY) { - /* u1 = (r + 1*order).z'.z' mod prime */ - sp_256_mont_mul_5(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, - p256_mp_mod); - *res = (int)(sp_256_cmp_5(ctx->p1.x, ctx->u1) == 0); - } - } + } + } + if ((*res == 0) && (c < 0)) { + /* Convert to Montogomery form */ + err = sp_256_mod_mul_norm_5(ctx->u2, ctx->u2, p256_mod); + if (err == MP_OKAY) { + /* u1 = (r + 1*order).z'.z' mod prime */ + sp_256_mont_mul_5(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, + p256_mp_mod); + *res = (int)(sp_256_cmp_5(ctx->p1.x, ctx->u1) == 0); } } break; } + } /* switch */ - if (err == MP_OKAY && ctx->state != 14) { + if (err == MP_OKAY && ctx->state != 12) { err = FP_WOULDBLOCK; } @@ -18539,7 +18519,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, - const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, + const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm, int* res, void* heap) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) @@ -18583,7 +18563,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } sp_256_from_bin(u1, 5, hash, (int)hashLen); - sp_256_from_mp(u2, 5, r); + sp_256_from_mp(u2, 5, rm); sp_256_from_mp(s, 5, sm); sp_256_from_mp(p2->x, 5, pX); sp_256_from_mp(p2->y, 5, pY); @@ -18594,7 +18574,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, if (err == MP_OKAY) { /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_256_from_mp(u2, 5, r); + sp_256_from_mp(u2, 5, rm); err = sp_256_mod_mul_norm_5(u2, u2, p256_mod); } @@ -18605,7 +18585,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, *res = (int)(sp_256_cmp_5(p1->x, u1) == 0); if (*res == 0) { /* Reload r and add order. */ - sp_256_from_mp(u2, 5, r); + sp_256_from_mp(u2, 5, rm); carry = sp_256_add_5(u2, u2, p256_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -18614,8 +18594,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, /* Compare with mod and if greater or equal then not valid. */ c = sp_256_cmp_5(u2, p256_mod); } - } - if ((*res == 0) && (c < 0)) { + } + if ((*res == 0) && (c < 0)) { /* Convert to Montogomery form */ err = sp_256_mod_mul_norm_5(u2, u2, p256_mod); if (err == MP_OKAY) { @@ -21040,7 +21020,7 @@ static int sp_384_ecc_mulmod_7(sp_point_384* r, const sp_point_384* g, int y; int err = MP_OKAY; - /* Implementatio is constant time. */ + /* Implementation is constant time. */ (void)ct; (void)heap; @@ -25067,13 +25047,10 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W hashLen = 48U; } - sp_384_from_bin(ctx->e, 7, hash, (int)hashLen); - ctx->i = SP_ECC_MAX_SIG_GEN; ctx->state = 1; break; case 1: /* GEN */ - sp_384_from_mp(ctx->x, 7, priv); /* New random point. */ if (km == NULL || mp_iszero(km)) { err = sp_384_ecc_gen_k_7(rng, ctx->k); @@ -25101,6 +25078,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W c = sp_384_cmp_7(ctx->r, p384_order); sp_384_cond_sub_7(ctx->r, ctx->r, p384_order, 0L - (sp_digit)(c >= 0)); sp_384_norm_7(ctx->r); + + sp_384_from_mp(ctx->x, 7, priv); + sp_384_from_bin(ctx->e, 7, hash, (int)hashLen); ctx->state = 4; break; } @@ -25157,6 +25137,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W ctx->state = 10; break; } + #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP + ctx->i = 1; + #endif /* not usable gen, try again */ ctx->i--; @@ -25592,7 +25575,7 @@ typedef struct sp_ecc_verify_384_ctx { int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, - const mp_int* r, const mp_int* sm, int* res, void* heap) + const mp_int* rm, const mp_int* sm, int* res, void* heap) { int err = FP_WOULDBLOCK; sp_ecc_verify_384_ctx* ctx = (sp_ecc_verify_384_ctx*)sp_ctx->data; @@ -25607,7 +25590,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, } sp_384_from_bin(ctx->u1, 7, hash, (int)hashLen); - sp_384_from_mp(ctx->u2, 7, r); + sp_384_from_mp(ctx->u2, 7, rm); sp_384_from_mp(ctx->s, 7, sm); sp_384_from_mp(ctx->p2.x, 7, pX); sp_384_from_mp(ctx->p2.y, 7, pY); @@ -25665,57 +25648,33 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, if (err == MP_OKAY) ctx->state = 9; break; - case 9: /* DBLPREP */ - if (sp_384_iszero_7(ctx->p1.z)) { - if (sp_384_iszero_7(ctx->p1.x) && sp_384_iszero_7(ctx->p1.y)) { - XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx)); - ctx->state = 10; - break; - } - else { - /* Y ordinate is not used from here - don't set. */ - int i; - for (i=0; i<7; i++) { - ctx->p1.x[i] = 0; - } - XMEMCPY(ctx->p1.z, p384_norm_mod, sizeof(p384_norm_mod)); - } - } - ctx->state = 11; - break; - case 10: /* DBL */ - err = sp_384_proj_point_dbl_7_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1, - &ctx->p2, ctx->tmp); - if (err == MP_OKAY) { - ctx->state = 11; - } - break; - case 11: /* MONT */ + case 9: /* MONT */ /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_384_from_mp(ctx->u2, 7, r); + sp_384_from_mp(ctx->u2, 7, rm); err = sp_384_mod_mul_norm_7(ctx->u2, ctx->u2, p384_mod); if (err == MP_OKAY) - ctx->state = 12; + ctx->state = 10; break; - case 12: /* SQR */ + case 10: /* SQR */ /* u1 = r.z'.z' mod prime */ sp_384_mont_sqr_7(ctx->p1.z, ctx->p1.z, p384_mod, p384_mp_mod); - ctx->state = 13; + ctx->state = 11; break; - case 13: /* MUL */ + case 11: /* MUL */ sp_384_mont_mul_7(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, p384_mp_mod); - ctx->state = 14; + ctx->state = 12; break; - case 14: /* RES */ + case 12: /* RES */ + { + int64_t c = 0; err = MP_OKAY; /* math okay, now check result */ *res = (int)(sp_384_cmp_7(ctx->p1.x, ctx->u1) == 0); if (*res == 0) { sp_digit carry; - int64_t c; /* Reload r and add order. */ - sp_384_from_mp(ctx->u2, 7, r); + sp_384_from_mp(ctx->u2, 7, rm); carry = sp_384_add_7(ctx->u2, ctx->u2, p384_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -25723,22 +25682,23 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, /* Compare with mod and if greater or equal then not valid. */ c = sp_384_cmp_7(ctx->u2, p384_mod); - if (c < 0) { - /* Convert to Montogomery form */ - err = sp_384_mod_mul_norm_7(ctx->u2, ctx->u2, p384_mod); - if (err == MP_OKAY) { - /* u1 = (r + 1*order).z'.z' mod prime */ - sp_384_mont_mul_7(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, - p384_mp_mod); - *res = (int)(sp_384_cmp_7(ctx->p1.x, ctx->u1) == 0); - } - } + } + } + if ((*res == 0) && (c < 0)) { + /* Convert to Montogomery form */ + err = sp_384_mod_mul_norm_7(ctx->u2, ctx->u2, p384_mod); + if (err == MP_OKAY) { + /* u1 = (r + 1*order).z'.z' mod prime */ + sp_384_mont_mul_7(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, + p384_mp_mod); + *res = (int)(sp_384_cmp_7(ctx->p1.x, ctx->u1) == 0); } } break; } + } /* switch */ - if (err == MP_OKAY && ctx->state != 14) { + if (err == MP_OKAY && ctx->state != 12) { err = FP_WOULDBLOCK; } @@ -25747,7 +25707,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, - const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, + const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm, int* res, void* heap) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) @@ -25791,7 +25751,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } sp_384_from_bin(u1, 7, hash, (int)hashLen); - sp_384_from_mp(u2, 7, r); + sp_384_from_mp(u2, 7, rm); sp_384_from_mp(s, 7, sm); sp_384_from_mp(p2->x, 7, pX); sp_384_from_mp(p2->y, 7, pY); @@ -25802,7 +25762,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, if (err == MP_OKAY) { /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_384_from_mp(u2, 7, r); + sp_384_from_mp(u2, 7, rm); err = sp_384_mod_mul_norm_7(u2, u2, p384_mod); } @@ -25813,7 +25773,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, *res = (int)(sp_384_cmp_7(p1->x, u1) == 0); if (*res == 0) { /* Reload r and add order. */ - sp_384_from_mp(u2, 7, r); + sp_384_from_mp(u2, 7, rm); carry = sp_384_add_7(u2, u2, p384_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -25822,8 +25782,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, /* Compare with mod and if greater or equal then not valid. */ c = sp_384_cmp_7(u2, p384_mod); } - } - if ((*res == 0) && (c < 0)) { + } + if ((*res == 0) && (c < 0)) { /* Convert to Montogomery form */ err = sp_384_mod_mul_norm_7(u2, u2, p384_mod); if (err == MP_OKAY) { @@ -28614,7 +28574,7 @@ static int sp_1024_ecc_mulmod_18(sp_point_1024* r, const sp_point_1024* g, int y; int err = MP_OKAY; - /* Implementatio is constant time. */ + /* Implementation is constant time. */ (void)ct; (void)heap; diff --git a/wolfcrypt/src/sp_cortexm.c b/wolfcrypt/src/sp_cortexm.c index 5e840627d..b243b851f 100644 --- a/wolfcrypt/src/sp_cortexm.c +++ b/wolfcrypt/src/sp_cortexm.c @@ -21731,13 +21731,10 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W hashLen = 32U; } - sp_256_from_bin(ctx->e, 8, hash, (int)hashLen); - ctx->i = SP_ECC_MAX_SIG_GEN; ctx->state = 1; break; case 1: /* GEN */ - sp_256_from_mp(ctx->x, 8, priv); /* New random point. */ if (km == NULL || mp_iszero(km)) { err = sp_256_ecc_gen_k_8(rng, ctx->k); @@ -21765,6 +21762,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W c = sp_256_cmp_8(ctx->r, p256_order); sp_256_cond_sub_8(ctx->r, ctx->r, p256_order, 0L - (sp_digit)(c >= 0)); sp_256_norm_8(ctx->r); + + sp_256_from_mp(ctx->x, 8, priv); + sp_256_from_bin(ctx->e, 8, hash, (int)hashLen); ctx->state = 4; break; } @@ -21821,6 +21821,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W ctx->state = 10; break; } + #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP + ctx->i = 1; + #endif /* not usable gen, try again */ ctx->i--; @@ -22385,7 +22388,7 @@ typedef struct sp_ecc_verify_256_ctx { int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, - const mp_int* r, const mp_int* sm, int* res, void* heap) + const mp_int* rm, const mp_int* sm, int* res, void* heap) { int err = FP_WOULDBLOCK; sp_ecc_verify_256_ctx* ctx = (sp_ecc_verify_256_ctx*)sp_ctx->data; @@ -22400,7 +22403,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, } sp_256_from_bin(ctx->u1, 8, hash, (int)hashLen); - sp_256_from_mp(ctx->u2, 8, r); + sp_256_from_mp(ctx->u2, 8, rm); sp_256_from_mp(ctx->s, 8, sm); sp_256_from_mp(ctx->p2.x, 8, pX); sp_256_from_mp(ctx->p2.y, 8, pY); @@ -22458,57 +22461,33 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, if (err == MP_OKAY) ctx->state = 9; break; - case 9: /* DBLPREP */ - if (sp_256_iszero_8(ctx->p1.z)) { - if (sp_256_iszero_8(ctx->p1.x) && sp_256_iszero_8(ctx->p1.y)) { - XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx)); - ctx->state = 10; - break; - } - else { - /* Y ordinate is not used from here - don't set. */ - int i; - for (i=0; i<8; i++) { - ctx->p1.x[i] = 0; - } - XMEMCPY(ctx->p1.z, p256_norm_mod, sizeof(p256_norm_mod)); - } - } - ctx->state = 11; - break; - case 10: /* DBL */ - err = sp_256_proj_point_dbl_8_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1, - &ctx->p2, ctx->tmp); - if (err == MP_OKAY) { - ctx->state = 11; - } - break; - case 11: /* MONT */ + case 9: /* MONT */ /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_256_from_mp(ctx->u2, 8, r); + sp_256_from_mp(ctx->u2, 8, rm); err = sp_256_mod_mul_norm_8(ctx->u2, ctx->u2, p256_mod); if (err == MP_OKAY) - ctx->state = 12; + ctx->state = 10; break; - case 12: /* SQR */ + case 10: /* SQR */ /* u1 = r.z'.z' mod prime */ sp_256_mont_sqr_8(ctx->p1.z, ctx->p1.z, p256_mod, p256_mp_mod); - ctx->state = 13; + ctx->state = 11; break; - case 13: /* MUL */ + case 11: /* MUL */ sp_256_mont_mul_8(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, p256_mp_mod); - ctx->state = 14; + ctx->state = 12; break; - case 14: /* RES */ + case 12: /* RES */ + { + int32_t c = 0; err = MP_OKAY; /* math okay, now check result */ *res = (int)(sp_256_cmp_8(ctx->p1.x, ctx->u1) == 0); if (*res == 0) { sp_digit carry; - int32_t c; /* Reload r and add order. */ - sp_256_from_mp(ctx->u2, 8, r); + sp_256_from_mp(ctx->u2, 8, rm); carry = sp_256_add_8(ctx->u2, ctx->u2, p256_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -22516,22 +22495,23 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, /* Compare with mod and if greater or equal then not valid. */ c = sp_256_cmp_8(ctx->u2, p256_mod); - if (c < 0) { - /* Convert to Montogomery form */ - err = sp_256_mod_mul_norm_8(ctx->u2, ctx->u2, p256_mod); - if (err == MP_OKAY) { - /* u1 = (r + 1*order).z'.z' mod prime */ - sp_256_mont_mul_8(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, - p256_mp_mod); - *res = (int)(sp_256_cmp_8(ctx->p1.x, ctx->u1) == 0); - } - } + } + } + if ((*res == 0) && (c < 0)) { + /* Convert to Montogomery form */ + err = sp_256_mod_mul_norm_8(ctx->u2, ctx->u2, p256_mod); + if (err == MP_OKAY) { + /* u1 = (r + 1*order).z'.z' mod prime */ + sp_256_mont_mul_8(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, + p256_mp_mod); + *res = (int)(sp_256_cmp_8(ctx->p1.x, ctx->u1) == 0); } } break; } + } /* switch */ - if (err == MP_OKAY && ctx->state != 14) { + if (err == MP_OKAY && ctx->state != 12) { err = FP_WOULDBLOCK; } @@ -22540,7 +22520,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, - const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, + const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm, int* res, void* heap) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) @@ -22584,7 +22564,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } sp_256_from_bin(u1, 8, hash, (int)hashLen); - sp_256_from_mp(u2, 8, r); + sp_256_from_mp(u2, 8, rm); sp_256_from_mp(s, 8, sm); sp_256_from_mp(p2->x, 8, pX); sp_256_from_mp(p2->y, 8, pY); @@ -22595,7 +22575,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, if (err == MP_OKAY) { /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_256_from_mp(u2, 8, r); + sp_256_from_mp(u2, 8, rm); err = sp_256_mod_mul_norm_8(u2, u2, p256_mod); } @@ -22606,7 +22586,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, *res = (int)(sp_256_cmp_8(p1->x, u1) == 0); if (*res == 0) { /* Reload r and add order. */ - sp_256_from_mp(u2, 8, r); + sp_256_from_mp(u2, 8, rm); carry = sp_256_add_8(u2, u2, p256_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -22615,8 +22595,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, /* Compare with mod and if greater or equal then not valid. */ c = sp_256_cmp_8(u2, p256_mod); } - } - if ((*res == 0) && (c < 0)) { + } + if ((*res == 0) && (c < 0)) { /* Convert to Montogomery form */ err = sp_256_mod_mul_norm_8(u2, u2, p256_mod); if (err == MP_OKAY) { @@ -28914,13 +28894,10 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W hashLen = 48U; } - sp_384_from_bin(ctx->e, 12, hash, (int)hashLen); - ctx->i = SP_ECC_MAX_SIG_GEN; ctx->state = 1; break; case 1: /* GEN */ - sp_384_from_mp(ctx->x, 12, priv); /* New random point. */ if (km == NULL || mp_iszero(km)) { err = sp_384_ecc_gen_k_12(rng, ctx->k); @@ -28948,6 +28925,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W c = sp_384_cmp_12(ctx->r, p384_order); sp_384_cond_sub_12(ctx->r, ctx->r, p384_order, 0L - (sp_digit)(c >= 0)); sp_384_norm_12(ctx->r); + + sp_384_from_mp(ctx->x, 12, priv); + sp_384_from_bin(ctx->e, 12, hash, (int)hashLen); ctx->state = 4; break; } @@ -29004,6 +28984,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W ctx->state = 10; break; } + #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP + ctx->i = 1; + #endif /* not usable gen, try again */ ctx->i--; @@ -29616,7 +29599,7 @@ typedef struct sp_ecc_verify_384_ctx { int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, - const mp_int* r, const mp_int* sm, int* res, void* heap) + const mp_int* rm, const mp_int* sm, int* res, void* heap) { int err = FP_WOULDBLOCK; sp_ecc_verify_384_ctx* ctx = (sp_ecc_verify_384_ctx*)sp_ctx->data; @@ -29631,7 +29614,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, } sp_384_from_bin(ctx->u1, 12, hash, (int)hashLen); - sp_384_from_mp(ctx->u2, 12, r); + sp_384_from_mp(ctx->u2, 12, rm); sp_384_from_mp(ctx->s, 12, sm); sp_384_from_mp(ctx->p2.x, 12, pX); sp_384_from_mp(ctx->p2.y, 12, pY); @@ -29689,57 +29672,33 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, if (err == MP_OKAY) ctx->state = 9; break; - case 9: /* DBLPREP */ - if (sp_384_iszero_12(ctx->p1.z)) { - if (sp_384_iszero_12(ctx->p1.x) && sp_384_iszero_12(ctx->p1.y)) { - XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx)); - ctx->state = 10; - break; - } - else { - /* Y ordinate is not used from here - don't set. */ - int i; - for (i=0; i<12; i++) { - ctx->p1.x[i] = 0; - } - XMEMCPY(ctx->p1.z, p384_norm_mod, sizeof(p384_norm_mod)); - } - } - ctx->state = 11; - break; - case 10: /* DBL */ - err = sp_384_proj_point_dbl_12_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1, - &ctx->p2, ctx->tmp); - if (err == MP_OKAY) { - ctx->state = 11; - } - break; - case 11: /* MONT */ + case 9: /* MONT */ /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_384_from_mp(ctx->u2, 12, r); + sp_384_from_mp(ctx->u2, 12, rm); err = sp_384_mod_mul_norm_12(ctx->u2, ctx->u2, p384_mod); if (err == MP_OKAY) - ctx->state = 12; + ctx->state = 10; break; - case 12: /* SQR */ + case 10: /* SQR */ /* u1 = r.z'.z' mod prime */ sp_384_mont_sqr_12(ctx->p1.z, ctx->p1.z, p384_mod, p384_mp_mod); - ctx->state = 13; + ctx->state = 11; break; - case 13: /* MUL */ + case 11: /* MUL */ sp_384_mont_mul_12(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, p384_mp_mod); - ctx->state = 14; + ctx->state = 12; break; - case 14: /* RES */ + case 12: /* RES */ + { + int32_t c = 0; err = MP_OKAY; /* math okay, now check result */ *res = (int)(sp_384_cmp_12(ctx->p1.x, ctx->u1) == 0); if (*res == 0) { sp_digit carry; - int32_t c; /* Reload r and add order. */ - sp_384_from_mp(ctx->u2, 12, r); + sp_384_from_mp(ctx->u2, 12, rm); carry = sp_384_add_12(ctx->u2, ctx->u2, p384_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -29747,22 +29706,23 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, /* Compare with mod and if greater or equal then not valid. */ c = sp_384_cmp_12(ctx->u2, p384_mod); - if (c < 0) { - /* Convert to Montogomery form */ - err = sp_384_mod_mul_norm_12(ctx->u2, ctx->u2, p384_mod); - if (err == MP_OKAY) { - /* u1 = (r + 1*order).z'.z' mod prime */ - sp_384_mont_mul_12(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, - p384_mp_mod); - *res = (int)(sp_384_cmp_12(ctx->p1.x, ctx->u1) == 0); - } - } + } + } + if ((*res == 0) && (c < 0)) { + /* Convert to Montogomery form */ + err = sp_384_mod_mul_norm_12(ctx->u2, ctx->u2, p384_mod); + if (err == MP_OKAY) { + /* u1 = (r + 1*order).z'.z' mod prime */ + sp_384_mont_mul_12(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, + p384_mp_mod); + *res = (int)(sp_384_cmp_12(ctx->p1.x, ctx->u1) == 0); } } break; } + } /* switch */ - if (err == MP_OKAY && ctx->state != 14) { + if (err == MP_OKAY && ctx->state != 12) { err = FP_WOULDBLOCK; } @@ -29771,7 +29731,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, - const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, + const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm, int* res, void* heap) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) @@ -29815,7 +29775,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } sp_384_from_bin(u1, 12, hash, (int)hashLen); - sp_384_from_mp(u2, 12, r); + sp_384_from_mp(u2, 12, rm); sp_384_from_mp(s, 12, sm); sp_384_from_mp(p2->x, 12, pX); sp_384_from_mp(p2->y, 12, pY); @@ -29826,7 +29786,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, if (err == MP_OKAY) { /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_384_from_mp(u2, 12, r); + sp_384_from_mp(u2, 12, rm); err = sp_384_mod_mul_norm_12(u2, u2, p384_mod); } @@ -29837,7 +29797,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, *res = (int)(sp_384_cmp_12(p1->x, u1) == 0); if (*res == 0) { /* Reload r and add order. */ - sp_384_from_mp(u2, 12, r); + sp_384_from_mp(u2, 12, rm); carry = sp_384_add_12(u2, u2, p384_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -29846,8 +29806,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, /* Compare with mod and if greater or equal then not valid. */ c = sp_384_cmp_12(u2, p384_mod); } - } - if ((*res == 0) && (c < 0)) { + } + if ((*res == 0) && (c < 0)) { /* Convert to Montogomery form */ err = sp_384_mod_mul_norm_12(u2, u2, p384_mod); if (err == MP_OKAY) { diff --git a/wolfcrypt/src/sp_x86_64.c b/wolfcrypt/src/sp_x86_64.c index 90bccc7fd..c51d73769 100644 --- a/wolfcrypt/src/sp_x86_64.c +++ b/wolfcrypt/src/sp_x86_64.c @@ -23673,13 +23673,10 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W hashLen = 32U; } - sp_256_from_bin(ctx->e, 4, hash, (int)hashLen); - ctx->i = SP_ECC_MAX_SIG_GEN; ctx->state = 1; break; case 1: /* GEN */ - sp_256_from_mp(ctx->x, 4, priv); /* New random point. */ if (km == NULL || mp_iszero(km)) { err = sp_256_ecc_gen_k_4(rng, ctx->k); @@ -23707,6 +23704,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W c = sp_256_cmp_4(ctx->r, p256_order); sp_256_cond_sub_4(ctx->r, ctx->r, p256_order, 0L - (sp_digit)(c >= 0)); sp_256_norm_4(ctx->r); + + sp_256_from_mp(ctx->x, 4, priv); + sp_256_from_bin(ctx->e, 4, hash, (int)hashLen); ctx->state = 4; break; } @@ -23763,6 +23763,9 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W ctx->state = 10; break; } + #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP + ctx->i = 1; + #endif /* not usable gen, try again */ ctx->i--; @@ -24105,7 +24108,7 @@ typedef struct sp_ecc_verify_256_ctx { int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, - const mp_int* r, const mp_int* sm, int* res, void* heap) + const mp_int* rm, const mp_int* sm, int* res, void* heap) { int err = FP_WOULDBLOCK; sp_ecc_verify_256_ctx* ctx = (sp_ecc_verify_256_ctx*)sp_ctx->data; @@ -24120,7 +24123,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, } sp_256_from_bin(ctx->u1, 4, hash, (int)hashLen); - sp_256_from_mp(ctx->u2, 4, r); + sp_256_from_mp(ctx->u2, 4, rm); sp_256_from_mp(ctx->s, 4, sm); sp_256_from_mp(ctx->p2.x, 4, pX); sp_256_from_mp(ctx->p2.y, 4, pY); @@ -24178,57 +24181,33 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, if (err == MP_OKAY) ctx->state = 9; break; - case 9: /* DBLPREP */ - if (sp_256_iszero_4(ctx->p1.z)) { - if (sp_256_iszero_4(ctx->p1.x) && sp_256_iszero_4(ctx->p1.y)) { - XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx)); - ctx->state = 10; - break; - } - else { - /* Y ordinate is not used from here - don't set. */ - int i; - for (i=0; i<4; i++) { - ctx->p1.x[i] = 0; - } - XMEMCPY(ctx->p1.z, p256_norm_mod, sizeof(p256_norm_mod)); - } - } - ctx->state = 11; - break; - case 10: /* DBL */ - err = sp_256_proj_point_dbl_4_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1, - &ctx->p2, ctx->tmp); - if (err == MP_OKAY) { - ctx->state = 11; - } - break; - case 11: /* MONT */ + case 9: /* MONT */ /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_256_from_mp(ctx->u2, 4, r); + sp_256_from_mp(ctx->u2, 4, rm); err = sp_256_mod_mul_norm_4(ctx->u2, ctx->u2, p256_mod); if (err == MP_OKAY) - ctx->state = 12; + ctx->state = 10; break; - case 12: /* SQR */ + case 10: /* SQR */ /* u1 = r.z'.z' mod prime */ sp_256_mont_sqr_4(ctx->p1.z, ctx->p1.z, p256_mod, p256_mp_mod); - ctx->state = 13; + ctx->state = 11; break; - case 13: /* MUL */ + case 11: /* MUL */ sp_256_mont_mul_4(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, p256_mp_mod); - ctx->state = 14; + ctx->state = 12; break; - case 14: /* RES */ + case 12: /* RES */ + { + int64_t c = 0; err = MP_OKAY; /* math okay, now check result */ *res = (int)(sp_256_cmp_4(ctx->p1.x, ctx->u1) == 0); if (*res == 0) { sp_digit carry; - int64_t c; /* Reload r and add order. */ - sp_256_from_mp(ctx->u2, 4, r); + sp_256_from_mp(ctx->u2, 4, rm); carry = sp_256_add_4(ctx->u2, ctx->u2, p256_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -24236,22 +24215,23 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, /* Compare with mod and if greater or equal then not valid. */ c = sp_256_cmp_4(ctx->u2, p256_mod); - if (c < 0) { - /* Convert to Montogomery form */ - err = sp_256_mod_mul_norm_4(ctx->u2, ctx->u2, p256_mod); - if (err == MP_OKAY) { - /* u1 = (r + 1*order).z'.z' mod prime */ - sp_256_mont_mul_4(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, - p256_mp_mod); - *res = (int)(sp_256_cmp_4(ctx->p1.x, ctx->u1) == 0); - } - } + } + } + if ((*res == 0) && (c < 0)) { + /* Convert to Montogomery form */ + err = sp_256_mod_mul_norm_4(ctx->u2, ctx->u2, p256_mod); + if (err == MP_OKAY) { + /* u1 = (r + 1*order).z'.z' mod prime */ + sp_256_mont_mul_4(ctx->u1, ctx->u2, ctx->p1.z, p256_mod, + p256_mp_mod); + *res = (int)(sp_256_cmp_4(ctx->p1.x, ctx->u1) == 0); } } break; } + } /* switch */ - if (err == MP_OKAY && ctx->state != 14) { + if (err == MP_OKAY && ctx->state != 12) { err = FP_WOULDBLOCK; } @@ -24260,7 +24240,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, - const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, + const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm, int* res, void* heap) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) @@ -24304,7 +24284,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } sp_256_from_bin(u1, 4, hash, (int)hashLen); - sp_256_from_mp(u2, 4, r); + sp_256_from_mp(u2, 4, rm); sp_256_from_mp(s, 4, sm); sp_256_from_mp(p2->x, 4, pX); sp_256_from_mp(p2->y, 4, pY); @@ -24315,7 +24295,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, if (err == MP_OKAY) { /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_256_from_mp(u2, 4, r); + sp_256_from_mp(u2, 4, rm); err = sp_256_mod_mul_norm_4(u2, u2, p256_mod); } @@ -24326,7 +24306,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, *res = (int)(sp_256_cmp_4(p1->x, u1) == 0); if (*res == 0) { /* Reload r and add order. */ - sp_256_from_mp(u2, 4, r); + sp_256_from_mp(u2, 4, rm); carry = sp_256_add_4(u2, u2, p256_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -24335,8 +24315,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, /* Compare with mod and if greater or equal then not valid. */ c = sp_256_cmp_4(u2, p256_mod); } - } - if ((*res == 0) && (c < 0)) { + } + if ((*res == 0) && (c < 0)) { /* Convert to Montogomery form */ err = sp_256_mod_mul_norm_4(u2, u2, p256_mod); if (err == MP_OKAY) { @@ -48182,13 +48162,10 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W hashLen = 48U; } - sp_384_from_bin(ctx->e, 6, hash, (int)hashLen); - ctx->i = SP_ECC_MAX_SIG_GEN; ctx->state = 1; break; case 1: /* GEN */ - sp_384_from_mp(ctx->x, 6, priv); /* New random point. */ if (km == NULL || mp_iszero(km)) { err = sp_384_ecc_gen_k_6(rng, ctx->k); @@ -48216,6 +48193,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W c = sp_384_cmp_6(ctx->r, p384_order); sp_384_cond_sub_6(ctx->r, ctx->r, p384_order, 0L - (sp_digit)(c >= 0)); sp_384_norm_6(ctx->r); + + sp_384_from_mp(ctx->x, 6, priv); + sp_384_from_bin(ctx->e, 6, hash, (int)hashLen); ctx->state = 4; break; } @@ -48272,6 +48252,9 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W ctx->state = 10; break; } + #ifdef WOLFSSL_ECDSA_SET_K_ONE_LOOP + ctx->i = 1; + #endif /* not usable gen, try again */ ctx->i--; @@ -48691,7 +48674,7 @@ typedef struct sp_ecc_verify_384_ctx { int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, const mp_int* pX, const mp_int* pY, const mp_int* pZ, - const mp_int* r, const mp_int* sm, int* res, void* heap) + const mp_int* rm, const mp_int* sm, int* res, void* heap) { int err = FP_WOULDBLOCK; sp_ecc_verify_384_ctx* ctx = (sp_ecc_verify_384_ctx*)sp_ctx->data; @@ -48706,7 +48689,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, } sp_384_from_bin(ctx->u1, 6, hash, (int)hashLen); - sp_384_from_mp(ctx->u2, 6, r); + sp_384_from_mp(ctx->u2, 6, rm); sp_384_from_mp(ctx->s, 6, sm); sp_384_from_mp(ctx->p2.x, 6, pX); sp_384_from_mp(ctx->p2.y, 6, pY); @@ -48764,57 +48747,33 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, if (err == MP_OKAY) ctx->state = 9; break; - case 9: /* DBLPREP */ - if (sp_384_iszero_6(ctx->p1.z)) { - if (sp_384_iszero_6(ctx->p1.x) && sp_384_iszero_6(ctx->p1.y)) { - XMEMSET(&ctx->dbl_ctx, 0, sizeof(ctx->dbl_ctx)); - ctx->state = 10; - break; - } - else { - /* Y ordinate is not used from here - don't set. */ - int i; - for (i=0; i<6; i++) { - ctx->p1.x[i] = 0; - } - XMEMCPY(ctx->p1.z, p384_norm_mod, sizeof(p384_norm_mod)); - } - } - ctx->state = 11; - break; - case 10: /* DBL */ - err = sp_384_proj_point_dbl_6_nb((sp_ecc_ctx_t*)&ctx->dbl_ctx, &ctx->p1, - &ctx->p2, ctx->tmp); - if (err == MP_OKAY) { - ctx->state = 11; - } - break; - case 11: /* MONT */ + case 9: /* MONT */ /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_384_from_mp(ctx->u2, 6, r); + sp_384_from_mp(ctx->u2, 6, rm); err = sp_384_mod_mul_norm_6(ctx->u2, ctx->u2, p384_mod); if (err == MP_OKAY) - ctx->state = 12; + ctx->state = 10; break; - case 12: /* SQR */ + case 10: /* SQR */ /* u1 = r.z'.z' mod prime */ sp_384_mont_sqr_6(ctx->p1.z, ctx->p1.z, p384_mod, p384_mp_mod); - ctx->state = 13; + ctx->state = 11; break; - case 13: /* MUL */ + case 11: /* MUL */ sp_384_mont_mul_6(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, p384_mp_mod); - ctx->state = 14; + ctx->state = 12; break; - case 14: /* RES */ + case 12: /* RES */ + { + int64_t c = 0; err = MP_OKAY; /* math okay, now check result */ *res = (int)(sp_384_cmp_6(ctx->p1.x, ctx->u1) == 0); if (*res == 0) { sp_digit carry; - int64_t c; /* Reload r and add order. */ - sp_384_from_mp(ctx->u2, 6, r); + sp_384_from_mp(ctx->u2, 6, rm); carry = sp_384_add_6(ctx->u2, ctx->u2, p384_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -48822,22 +48781,23 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, /* Compare with mod and if greater or equal then not valid. */ c = sp_384_cmp_6(ctx->u2, p384_mod); - if (c < 0) { - /* Convert to Montogomery form */ - err = sp_384_mod_mul_norm_6(ctx->u2, ctx->u2, p384_mod); - if (err == MP_OKAY) { - /* u1 = (r + 1*order).z'.z' mod prime */ - sp_384_mont_mul_6(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, - p384_mp_mod); - *res = (int)(sp_384_cmp_6(ctx->p1.x, ctx->u1) == 0); - } - } + } + } + if ((*res == 0) && (c < 0)) { + /* Convert to Montogomery form */ + err = sp_384_mod_mul_norm_6(ctx->u2, ctx->u2, p384_mod); + if (err == MP_OKAY) { + /* u1 = (r + 1*order).z'.z' mod prime */ + sp_384_mont_mul_6(ctx->u1, ctx->u2, ctx->p1.z, p384_mod, + p384_mp_mod); + *res = (int)(sp_384_cmp_6(ctx->p1.x, ctx->u1) == 0); } } break; } + } /* switch */ - if (err == MP_OKAY && ctx->state != 14) { + if (err == MP_OKAY && ctx->state != 12) { err = FP_WOULDBLOCK; } @@ -48846,7 +48806,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, - const mp_int* pY, const mp_int* pZ, const mp_int* r, const mp_int* sm, + const mp_int* pY, const mp_int* pZ, const mp_int* rm, const mp_int* sm, int* res, void* heap) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) @@ -48890,7 +48850,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } sp_384_from_bin(u1, 6, hash, (int)hashLen); - sp_384_from_mp(u2, 6, r); + sp_384_from_mp(u2, 6, rm); sp_384_from_mp(s, 6, sm); sp_384_from_mp(p2->x, 6, pX); sp_384_from_mp(p2->y, 6, pY); @@ -48901,7 +48861,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, if (err == MP_OKAY) { /* (r + n*order).z'.z' mod prime == (u1.G + u2.Q)->x' */ /* Reload r and convert to Montgomery form. */ - sp_384_from_mp(u2, 6, r); + sp_384_from_mp(u2, 6, rm); err = sp_384_mod_mul_norm_6(u2, u2, p384_mod); } @@ -48912,7 +48872,7 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, *res = (int)(sp_384_cmp_6(p1->x, u1) == 0); if (*res == 0) { /* Reload r and add order. */ - sp_384_from_mp(u2, 6, r); + sp_384_from_mp(u2, 6, rm); carry = sp_384_add_6(u2, u2, p384_order); /* Carry means result is greater than mod and is not valid. */ if (carry == 0) { @@ -48921,8 +48881,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, /* Compare with mod and if greater or equal then not valid. */ c = sp_384_cmp_6(u2, p384_mod); } - } - if ((*res == 0) && (c < 0)) { + } + if ((*res == 0) && (c < 0)) { /* Convert to Montogomery form */ err = sp_384_mod_mul_norm_6(u2, u2, p384_mod); if (err == MP_OKAY) { From a6851a44af2e6cde31e90f84d236f25e5c944e9b Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 23 Mar 2021 17:32:36 -0700 Subject: [PATCH 111/137] Fix for ECC non-blocking test R/S values not zero padded causing occasstional wolfCrypt test failures with `./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP"`. --- wolfcrypt/test/test.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index ef9f3da08..b02d6fd0b 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -23248,7 +23248,7 @@ static int crypto_ecc_verify(const uint8_t *key, uint32_t keySz, ); count++; - /* TODO: Real-time work can be called here */ + /* This is where real-time work could be called */ } while (ret == FP_WOULDBLOCK); #ifdef DEBUG_WOLFSSL printf("ECC non-block verify: %d times\n", count); @@ -23332,7 +23332,7 @@ static int crypto_ecc_sign(const uint8_t *key, uint32_t keySz, ); count++; - /* TODO: Real-time work can be called here */ + /* This is where real-time work could be called */ } while (ret == FP_WOULDBLOCK); #ifdef DEBUG_WOLFSSL @@ -23342,8 +23342,8 @@ static int crypto_ecc_sign(const uint8_t *key, uint32_t keySz, if (ret == 0) { /* export r/s */ - mp_to_unsigned_bin(&r, sig); - mp_to_unsigned_bin(&s, sig + curveSz); + mp_to_unsigned_bin_len(&r, sig, curveSz); + mp_to_unsigned_bin_len(&s, sig + curveSz, curveSz); } mp_clear(&r); From bf1482a2d70b98211a82f1640d22fc49f82cdd61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Kin=C4=8Dl?= Date: Wed, 24 Mar 2021 17:05:02 +0100 Subject: [PATCH 112/137] Fixed another CID 529732. --- src/ssl.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 7a33e4977..1d32c392b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -38546,7 +38546,10 @@ int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset) return WOLFSSL_FAILURE; } XMEMSET(rawKey, 0, rawLen); - mp_to_unsigned_bin(rsaElem, rawKey); + if (mp_to_unsigned_bin(rsaElem, rawKey) < 0) { + XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } if ((word32)rawLen <= sizeof(word32)) { idx = *(word32*)rawKey; #ifdef BIG_ENDIAN_ORDER From 7f64950da4ac0720120e43571686c845663cebf4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Kin=C4=8Dl?= Date: Wed, 24 Mar 2021 17:23:49 +0100 Subject: [PATCH 113/137] Fixed fix of CID 576329. --- src/ssl.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 1d32c392b..b94917875 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -50235,11 +50235,11 @@ int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM* bn, int n) #ifdef WOLFSSL_SMALL_STACK tmp = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); if (tmp == NULL) { - goto cleanup; + goto end; } #endif if (mp_init(tmp) != MP_OKAY) { - goto cleanup; + goto end; } if (mp_set_bit(tmp, n) != MP_OKAY) { goto cleanup; @@ -50247,16 +50247,19 @@ int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM* bn, int n) if (mp_sub((mp_int*)bn->internal, tmp, (mp_int*)bn->internal) != MP_OKAY) { goto cleanup; } + } else { + goto end; } ret = WOLFSSL_SUCCESS; cleanup: mp_clear(tmp); + +end: #ifdef WOLFSSL_SMALL_STACK if (tmp) XFREE(tmp, NULL, DYNAMIC_TYPE_BIGINT); #endif -end: return ret; } From 183917f10287644791eaa6371c2ce4015aaea9fd Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 25 Mar 2021 01:16:20 +0700 Subject: [PATCH 114/137] change debug message type from review --- src/ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 96c0f2e5f..d87f44956 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -50928,7 +50928,7 @@ int wolfSSL_BN_pseudo_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom) byte buff[1024]; #endif - WOLFSSL_MSG("wolfSSL_BN_pseudo_rand"); + WOLFSSL_ENTER("wolfSSL_BN_pseudo_rand"); if (bits <= 0) { return WOLFSSL_FAILURE; From e074513d38d6aa6ac6a711798f6b53d523d16530 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Thu, 25 Mar 2021 01:32:37 +0700 Subject: [PATCH 115/137] fix for memory management with mmap function calls --- IDE/QNX/example-cmac/cmac-test.c | 3 ++ wolfcrypt/src/port/caam/caam_driver.c | 53 ++++++++++------------- wolfcrypt/src/port/caam/caam_qnx.c | 48 +++++++++++++++----- wolfssl/wolfcrypt/port/caam/caam_driver.h | 30 ++++++------- 4 files changed, 77 insertions(+), 57 deletions(-) diff --git a/IDE/QNX/example-cmac/cmac-test.c b/IDE/QNX/example-cmac/cmac-test.c index 0027031d4..f82155652 100644 --- a/IDE/QNX/example-cmac/cmac-test.c +++ b/IDE/QNX/example-cmac/cmac-test.c @@ -94,6 +94,9 @@ int main(int argc, char* argv[]) if (virtual_base == (uintptr_t)MAP_FAILED) { perror("mmap_device_io failed for base address "); } + else { + munmap_device_io(virtual_base, 0x00010000); + } wolfCrypt_Init(); diff --git a/wolfcrypt/src/port/caam/caam_driver.c b/wolfcrypt/src/port/caam/caam_driver.c index 8ef1ac3dd..105bc7d28 100644 --- a/wolfcrypt/src/port/caam/caam_driver.c +++ b/wolfcrypt/src/port/caam/caam_driver.c @@ -335,13 +335,10 @@ static Error caamCreatePartition(unsigned int page, unsigned int par, } -/* return a mapped address to the partition on success, returns 0 on fail */ -CAAM_ADDRESS caamGetPartition(unsigned int part, int partSz, unsigned int* phys, - unsigned int flag) +/* return a partitions physical address on success, returns 0 on fail */ +CAAM_ADDRESS caamGetPartition(unsigned int part, int partSz, unsigned int flag) { int err; - CAAM_ADDRESS vaddr; - unsigned int local; (void)flag; /* flag is for future changes to flag passed when creating */ @@ -353,13 +350,7 @@ CAAM_ADDRESS caamGetPartition(unsigned int part, int partSz, unsigned int* phys, return 0; } - /* map secure partition to virtual address */ - local = (CAAM_PAGE + (part << 12)); - vaddr = CAAM_ADR_TO_VIRTUAL(local, partSz); - if (phys != NULL) { - *phys = local; - } - return vaddr; + return (CAAM_ADDRESS)(CAAM_PAGE + (part << 12)); } @@ -839,11 +830,19 @@ int caamAesCmac(DESCSTRUCT* desc, int sz, unsigned int args[4]) } #endif - CAAM_ADR_UNMAP(vaddr[0], desc->buf[1].data, desc->buf[1].dataSz, 1); - CAAM_ADR_UNMAP(vaddr[1], desc->buf[0].data, desc->buf[0].dataSz + macSz, 0); - for (vidx = 2, i = 2; i < sz; i = i + 1) { /* unmap the input buffers */ - CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[i].data, desc->buf[i].dataSz, 0); + vidx = 0; + CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[1].data, desc->buf[1].dataSz, 1); + CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[0].data, desc->buf[0].dataSz + macSz, 0); + if (sz == 2) { + CAAM_ADR_UNMAP(vaddr[vidx], 0, 0, 0); } + else { + for (i = 2; i < sz; i = i + 1) { /* unmap the input buffers */ + CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[i].data, + desc->buf[i].dataSz, 0); + } + } + return err; } @@ -888,8 +887,7 @@ int caamECDSAMake(DESCSTRUCT* desc, CAAM_BUFFER* buf, unsigned int args[4]) /* map secure partition to virtual address */ phys = (CAAM_PAGE + (part << 12)); - buf[0].TheAddress = CAAM_ADR_TO_VIRTUAL(phys, - buf[0].Length + buf[1].Length + BLACK_KEY_MAC_SZ); + buf[0].TheAddress = phys; desc->desc[desc->idx++] = phys; /* public x,y out */ @@ -979,8 +977,7 @@ int caamECDSAVerify(DESCSTRUCT* desc, CAAM_BUFFER* buf, int sz, vidx = vidx + 1; } else { - desc->desc[desc->idx++] = CAAM_ADR_TO_PHYSICAL((void*)desc->buf[i].data, - desc->buf[i].dataSz); + desc->desc[desc->idx++] = desc->buf[i].data; } i = i + 1; @@ -1089,8 +1086,7 @@ int caamECDSASign(DESCSTRUCT* desc, int sz, unsigned int args[4]) vidx++; } else { - desc->desc[desc->idx++] = CAAM_ADR_TO_PHYSICAL((void*)desc->buf[i].data, - desc->buf[i].dataSz); + desc->desc[desc->idx++] = desc->buf[i].data; } i++; @@ -1162,9 +1158,9 @@ int caamECDSA_ECDH(DESCSTRUCT* desc, int sz, unsigned int args[4]) void* vaddr[sz]; if (args != NULL) { - isBlackKey = args[0]; + isBlackKey = args[0]; peerBlackKey = args[1]; - pdECDSEL = args[2]; + pdECDSEL = args[2]; } if (pdECDSEL == 0) { @@ -1193,8 +1189,7 @@ int caamECDSA_ECDH(DESCSTRUCT* desc, int sz, unsigned int args[4]) vidx++; } else { - desc->desc[desc->idx++] = CAAM_ADR_TO_PHYSICAL((void*)desc->buf[i].data, - desc->buf[i].dataSz); + desc->desc[desc->idx++] = desc->buf[i].data; } i++; @@ -1216,8 +1211,7 @@ int caamECDSA_ECDH(DESCSTRUCT* desc, int sz, unsigned int args[4]) vidx++; } else { - desc->desc[desc->idx++] = CAAM_ADR_TO_PHYSICAL((void*)desc->buf[i].data, - desc->buf[i].dataSz); + desc->desc[desc->idx++] = desc->buf[i].data; } i++; @@ -1507,9 +1501,10 @@ int InitCAAM(void) } -int caamJobRingFree() +int CleanupCAAM() { CAAM_FREE_MUTEX(&caam.ring.jr_lock); + CAAM_UNSET_BASEADDR(); caamFreeAllPart(); return 0; } diff --git a/wolfcrypt/src/port/caam/caam_qnx.c b/wolfcrypt/src/port/caam/caam_qnx.c index 336acfbb9..29f6d0f6f 100644 --- a/wolfcrypt/src/port/caam/caam_qnx.c +++ b/wolfcrypt/src/port/caam/caam_qnx.c @@ -85,6 +85,11 @@ int CAAM_SET_BASEADDR() } +/* cleans up having set the base address */ +void CAAM_UNSET_BASEADDR() +{ + munmap_device_io(virtual_base, 0x00010000); +} /* convert a virtual address to a physical address * returns the physical address on success @@ -105,7 +110,7 @@ CAAM_ADDRESS CAAM_ADR_TO_PHYSICAL(void* in, int inSz) if (ret != 0) { WOLFSSL_MSG("posix offset failed"); #if defined(WOLFSSL_CAAM_DEBUG) || defined(WOLFSSL_CAAM_PRINT) - perror(""); + perror("posix offset failed : "); #endif } msync(in, inSz, MS_INVALIDATE); @@ -146,7 +151,7 @@ void* CAAM_ADR_MAP(unsigned int in, int inSz, unsigned char copy) if (vaddr == MAP_FAILED) { WOLFSSL_MSG("Failed to map memory"); #if defined(WOLFSSL_CAAM_DEBUG) || defined(WOLFSSL_CAAM_PRINT) - perror(""); + perror("Failed to map memory : "); #endif } else { @@ -229,10 +234,8 @@ int CAAM_ADR_SYNC(void* vaddr, int sz) */ static int sanityCheckPartitionAddress(CAAM_ADDRESS partAddr, int partSz) { - unsigned int phys; - - phys = CAAM_ADR_TO_PHYSICAL((void*)partAddr, partSz); - if (phys < CAAM_PAGE || (phys + partSz) > CAAM_PAGE*7) { + if (partAddr < CAAM_PAGE || partAddr > CAAM_PAGE * MAX_PART || + partSz > 4096) { WOLFSSL_MSG("error in physical address range"); return -1; } @@ -924,7 +927,11 @@ static int doGET_PART(resmgr_context_t *ctp, io_devctl_t *msg, partNumber = args[0]; partSz = args[1]; - partAddr = caamGetPartition(partNumber, partSz, NULL, 0); + partAddr = caamGetPartition(partNumber, partSz, 0); + if (partAddr == 0) { + return EBADMSG; + } + SETIOV(&out_iov, &partAddr, sizeof(CAAM_ADDRESS)); resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o)); @@ -943,6 +950,7 @@ static int doWRITE_PART(resmgr_context_t *ctp, io_devctl_t *msg, { int partSz, ret; CAAM_ADDRESS partAddr; + CAAM_ADDRESS vaddr; unsigned char *buf; iov_t in_iov; @@ -968,7 +976,14 @@ static int doWRITE_PART(resmgr_context_t *ctp, io_devctl_t *msg, return EBADMSG; } - CAAM_ADR_UNMAP(buf, partAddr, partSz, 1); + vaddr = CAAM_ADR_TO_VIRTUAL(partAddr, partSz); + if (vaddr == 0) { + CAAM_ADR_UNMAP(buf, 0, partSz, 0); + return ECANCELED; + } + + CAAM_ADR_UNMAP(buf, vaddr, partSz, 1); + CAAM_ADR_UNMAP((void*)vaddr, 0, partSz, 0); return EOK; } @@ -981,6 +996,7 @@ static int doREAD_PART(resmgr_context_t *ctp, io_devctl_t *msg, { int partSz; CAAM_ADDRESS partAddr; + CAAM_ADDRESS vaddr; unsigned char *buf; iov_t out_iov; @@ -1002,10 +1018,18 @@ static int doREAD_PART(resmgr_context_t *ctp, io_devctl_t *msg, if (buf == NULL) { return ECANCELED; } - memcpy(buf, (unsigned int*)partAddr, partSz); + + vaddr = CAAM_ADR_TO_VIRTUAL(partAddr, partSz); + if (vaddr == 0) { + CAAM_ADR_UNMAP(buf, 0, partSz, 0); + return ECANCELED; + } + + memcpy(buf, (unsigned char*)vaddr, partSz); SETIOV(&out_iov, buf, partSz); resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o)); - CAAM_ADR_UNMAP(buf, 0, partSz, 0); + CAAM_ADR_UNMAP(buf, 0, partSz, 0); + CAAM_ADR_UNMAP((void*)vaddr, 0, partSz, 0); return EOK; } @@ -1249,14 +1273,14 @@ int main(int argc, char *argv[]) while (1) { ctp = dispatch_block(ctp); if (ctp == NULL) { - caamJobRingFree(); + CleanupCAAM(); exit (1); } dispatch_handler (ctp); } pthread_mutex_destroy(&sm_mutex); - caamJobRingFree(); + CleanupCAAM(); return 0; } diff --git a/wolfssl/wolfcrypt/port/caam/caam_driver.h b/wolfssl/wolfcrypt/port/caam/caam_driver.h index c3252ce43..701af3611 100644 --- a/wolfssl/wolfcrypt/port/caam/caam_driver.h +++ b/wolfssl/wolfcrypt/port/caam/caam_driver.h @@ -271,6 +271,7 @@ unsigned int CAAM_READ(unsigned int reg); void CAAM_WRITE(unsigned int reg, unsigned int in); int CAAM_SET_BASEADDR(void); +void CAAM_UNSET_BASEADDR(void); unsigned int CAAM_ADR_TO_PHYSICAL(void* in, int inSz); void* CAAM_ADR_MAP(unsigned int in, int inSz, unsigned char copy); void CAAM_ADR_UNMAP(void* vaddr, unsigned int out, int outSz, @@ -278,20 +279,18 @@ void CAAM_ADR_UNMAP(void* vaddr, unsigned int out, int outSz, int CAAM_ADR_SYNC(void* vaddr, int sz); CAAM_ADDRESS CAAM_ADR_TO_VIRTUAL(CAAM_ADDRESS in, int length); - - - #ifndef WOLFSSL_CAAM_BUFFER - #define WOLFSSL_CAAM_BUFFER - typedef struct CAAM_BUFFER { - int BufferType; - CAAM_ADDRESS TheAddress; - int Length; - } CAAM_BUFFER; - #endif - unsigned int caamReadRegister(unsigned int reg); - void caamWriteRegister(unsigned int reg, unsigned int in); - int SynchronousSendRequest(int type, unsigned int args[4], CAAM_BUFFER *buf, int sz); - int caamJobRingFree(void); +#ifndef WOLFSSL_CAAM_BUFFER +#define WOLFSSL_CAAM_BUFFER +typedef struct CAAM_BUFFER { + int BufferType; + CAAM_ADDRESS TheAddress; + int Length; +} CAAM_BUFFER; +#endif +unsigned int caamReadRegister(unsigned int reg); +void caamWriteRegister(unsigned int reg, unsigned int in); +int SynchronousSendRequest(int type, unsigned int args[4], CAAM_BUFFER *buf, int sz); +int CleanupCAAM(void); /* Driver API that can be called by caam_.c port layers */ @@ -309,8 +308,7 @@ int caamECDSAMake(DESCSTRUCT *desc, CAAM_BUFFER *buf, unsigned int args[4]); int caamAesCmac(DESCSTRUCT *desc, int sz, unsigned int args[4]); int caamBlob(DESCSTRUCT *desc); -CAAM_ADDRESS caamGetPartition(unsigned int part, int partSz, unsigned int* phys, - unsigned int flag); +CAAM_ADDRESS caamGetPartition(unsigned int part, int partSz, unsigned int flag); int caamFreePart(unsigned int part); int caamFindUnusuedPartition(void); From f7652d18a01f0689aecda75abf2968ab435cb292 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Thu, 25 Mar 2021 08:09:06 +0900 Subject: [PATCH 116/137] use compatibility layer API when they are enabled --- tests/api.c | 103 +++++++++++++++++++++++++----------------- wolfssl/openssl/sha.h | 4 +- wolfssl/test.h | 5 +- 3 files changed, 69 insertions(+), 43 deletions(-) diff --git a/tests/api.c b/tests/api.c index 30363c39f..4b7d4956a 100644 --- a/tests/api.c +++ b/tests/api.c @@ -33930,7 +33930,7 @@ static void test_wolfSSL_MD5_Transform(void) unsigned char output2[] = "\x8d\x79\xd3\xef\x90\x25\x17\x67\xc7\x79\x13\xa4\xbc\x7b\xa7\xe3"; - WOLFSSL_MD5_CTX md5; + MD5_CTX md5; printf(testingFmt, "wolfSSL_MD5_Transform()"); @@ -33938,9 +33938,9 @@ static void test_wolfSSL_MD5_Transform(void) XMEMSET(&local, 0, sizeof(local)); /* sanity check */ - AssertIntEQ(wolfSSL_MD5_Transform(NULL, NULL), 0); - AssertIntEQ(wolfSSL_MD5_Transform(NULL, (const byte*)&input1), 0); - AssertIntEQ(wolfSSL_MD5_Transform(&md5, NULL), 0); + AssertIntEQ(MD5_Transform(NULL, NULL), 0); + AssertIntEQ(MD5_Transform(NULL, (const byte*)&input1), 0); + AssertIntEQ(MD5_Transform(&md5, NULL), 0); AssertIntEQ(wc_Md5Transform(NULL, NULL), BAD_FUNC_ARG); AssertIntEQ(wc_Md5Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG); AssertIntEQ(wc_Md5Transform((wc_Md5*)&md5, NULL), BAD_FUNC_ARG); @@ -33950,17 +33950,17 @@ static void test_wolfSSL_MD5_Transform(void) /* Do Transform*/ sLen = (word32)XSTRLEN((char*)input1); XMEMCPY(local, input1, sLen); - AssertIntEQ(wolfSSL_MD5_Transform(&md5, (const byte*)&local[0]), 1); + AssertIntEQ(MD5_Transform(&md5, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(&((wc_Md5*)&md5)->digest[0], output1, WC_MD5_DIGEST_SIZE), 0); /* Init MD5 CTX */ - AssertIntEQ(wolfSSL_MD5_Init(&md5), 1); + AssertIntEQ(MD5_Init(&md5), 1); sLen = (word32)XSTRLEN((char*)input2); XMEMSET(local, 0, WC_MD5_BLOCK_SIZE); XMEMCPY(local, input2, sLen); - AssertIntEQ(wolfSSL_MD5_Transform(&md5, (const byte*)&local[0]), 1); + AssertIntEQ(MD5_Transform(&md5, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(&((wc_Md5*)&md5)->digest[0], output2, WC_MD5_DIGEST_SIZE), 0); @@ -34007,7 +34007,8 @@ static void test_wolfSSL_SHA_Transform(void) "\x8b\x74\xb2\x97\xca\xbc\x5b\x4f\xea\xe6\xc0\x5b\xa0\xb4\x40\x2d" "\xb8\x08\x6e\x7c"; - WOLFSSL_SHA_CTX sha; + SHA_CTX sha; + SHA_CTX sha1; printf(testingFmt, "wolfSSL_SHA_Transform()"); @@ -34015,31 +34016,51 @@ static void test_wolfSSL_SHA_Transform(void) XMEMSET(&local, 0, sizeof(local)); /* sanity check */ - AssertIntEQ(wolfSSL_SHA_Transform(NULL, NULL), 0); - AssertIntEQ(wolfSSL_SHA_Transform(NULL, (const byte*)&input1), 0); - AssertIntEQ(wolfSSL_SHA_Transform(&sha, NULL), 0); + AssertIntEQ(SHA_Transform(NULL, NULL), 0); + AssertIntEQ(SHA_Transform(NULL, (const byte*)&input1), 0); + AssertIntEQ(SHA_Transform(&sha, NULL), 0); + AssertIntEQ(SHA1_Transform(NULL, NULL), 0); + AssertIntEQ(SHA1_Transform(NULL, (const byte*)&input1), 0); + AssertIntEQ(SHA1_Transform(&sha, NULL), 0); AssertIntEQ(wc_ShaTransform(NULL, NULL), BAD_FUNC_ARG); AssertIntEQ(wc_ShaTransform(NULL, (const byte*)&input1), BAD_FUNC_ARG); AssertIntEQ(wc_ShaTransform((wc_Sha*)&sha, NULL), BAD_FUNC_ARG); /* Init SHA CTX */ - AssertIntEQ(wolfSSL_SHA_Init(&sha), 1); + AssertIntEQ(SHA_Init(&sha), 1); /* Do Transform*/ sLen = (word32)XSTRLEN((char*)input1); XMEMCPY(local, input1, sLen); - AssertIntEQ(wolfSSL_SHA_Transform(&sha, (const byte*)&local[0]), 1); + AssertIntEQ(SHA_Transform(&sha, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha)->digest[0], output1, WC_SHA_DIGEST_SIZE), 0); - - /* Init SHA256 CTX */ - AssertIntEQ(wolfSSL_SHA_Init(&sha), 1); + /* Init SHA CTX */ + AssertIntEQ(SHA_Init(&sha), 1); sLen = (word32)XSTRLEN((char*)input2); XMEMSET(local, 0, WC_SHA_BLOCK_SIZE); XMEMCPY(local, input2, sLen); - AssertIntEQ(wolfSSL_SHA_Transform(&sha, (const byte*)&local[0]), 1); + AssertIntEQ(SHA_Transform(&sha, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha)->digest[0], output2, WC_SHA_DIGEST_SIZE), 0); - + /* SHA1 */ + XMEMSET(local, 0, WC_SHA_BLOCK_SIZE); + /* Init SHA CTX */ + AssertIntEQ(SHA1_Init(&sha1), 1); + /* Do Transform*/ + sLen = (word32)XSTRLEN((char*)input1); + XMEMCPY(local, input1, sLen); + AssertIntEQ(SHA1_Transform(&sha1, (const byte*)&local[0]), 1); + AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha1)->digest[0], output1, + WC_SHA_DIGEST_SIZE), 0); + /* Init SHA CTX */ + AssertIntEQ(SHA1_Init(&sha1), 1); + sLen = (word32)XSTRLEN((char*)input2); + XMEMSET(local, 0, WC_SHA_BLOCK_SIZE); + XMEMCPY(local, input2, sLen); + AssertIntEQ(SHA1_Transform(&sha1, (const byte*)&local[0]), 1); + AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha1)->digest[0], output2, + WC_SHA_DIGEST_SIZE), 0); + printf(resultFmt, passed); #endif #endif @@ -34061,7 +34082,7 @@ static void test_wolfSSL_SHA256_Transform(void) "\x67\xd4\x4e\x1d\x67\x61\x7c\x67\x26\x76\x10\x44\xb8\xff\x10\x78" "\x39\x9a\xc8\x40\x8c\x60\x16\x73\x05\xd6\x61\xa6\x35\x8c\xf2\x91"; - WOLFSSL_SHA256_CTX sha256; + SHA256_CTX sha256; printf(testingFmt, "wolfSSL_SHA256_Transform()"); @@ -34069,28 +34090,28 @@ static void test_wolfSSL_SHA256_Transform(void) XMEMSET(&local, 0, sizeof(local)); /* sanity check */ - AssertIntEQ(wolfSSL_SHA256_Transform(NULL, NULL), 0); - AssertIntEQ(wolfSSL_SHA256_Transform(NULL, (const byte*)&input1), 0); - AssertIntEQ(wolfSSL_SHA256_Transform(&sha256, NULL), 0); + AssertIntEQ(SHA256_Transform(NULL, NULL), 0); + AssertIntEQ(SHA256_Transform(NULL, (const byte*)&input1), 0); + AssertIntEQ(SHA256_Transform(&sha256, NULL), 0); AssertIntEQ(wc_Sha256Transform(NULL, NULL), BAD_FUNC_ARG); AssertIntEQ(wc_Sha256Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG); AssertIntEQ(wc_Sha256Transform((wc_Sha256*)&sha256, NULL), BAD_FUNC_ARG); /* Init SHA256 CTX */ - AssertIntEQ(wolfSSL_SHA256_Init(&sha256), 1); + AssertIntEQ(SHA256_Init(&sha256), 1); /* Do Transform*/ sLen = (word32)XSTRLEN((char*)input1); XMEMCPY(local, input1, sLen); - AssertIntEQ(wolfSSL_SHA256_Transform(&sha256, (const byte*)&local[0]), 1); + AssertIntEQ(SHA256_Transform(&sha256, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(&((wc_Sha256*)&sha256)->digest[0], output1, WC_SHA256_DIGEST_SIZE), 0); /* Init SHA256 CTX */ - AssertIntEQ(wolfSSL_SHA256_Init(&sha256), 1); + AssertIntEQ(SHA256_Init(&sha256), 1); sLen = (word32)XSTRLEN((char*)input2); XMEMSET(local, 0, WC_SHA256_BLOCK_SIZE); XMEMCPY(local, input2, sLen); - AssertIntEQ(wolfSSL_SHA256_Transform(&sha256, (const byte*)&local[0]), 1); + AssertIntEQ(SHA256_Transform(&sha256, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(&((wc_Sha256*)&sha256)->digest[0], output2, WC_SHA256_DIGEST_SIZE), 0); @@ -34143,7 +34164,7 @@ static void test_wolfSSL_SHA512_Transform(void) "\x83\x4e\xba\x2c\x54\x2e\x8f\x31\x98\x38\x2b\x8f\x9d\xec\x88\xbe" "\x4d\x5e\x8b\x53\x9d\x4e\xd2\x14\xf0\x96\x20\xaf\x69\x6c\x68\xde"; - WOLFSSL_SHA512_CTX sha512; + SHA512_CTX sha512; printf(testingFmt, "wolfSSL_SHA512_Transform()"); @@ -34151,9 +34172,9 @@ static void test_wolfSSL_SHA512_Transform(void) XMEMSET(&local, 0, sizeof(local)); /* sanity check */ - AssertIntEQ(wolfSSL_SHA512_Transform(NULL, NULL), 0); - AssertIntEQ(wolfSSL_SHA512_Transform(NULL, (const byte*)&input1), 0); - AssertIntEQ(wolfSSL_SHA512_Transform(&sha512, NULL), 0); + AssertIntEQ(SHA512_Transform(NULL, NULL), 0); + AssertIntEQ(SHA512_Transform(NULL, (const byte*)&input1), 0); + AssertIntEQ(SHA512_Transform(&sha512, NULL), 0); AssertIntEQ(wc_Sha512Transform(NULL, NULL), BAD_FUNC_ARG); AssertIntEQ(wc_Sha512Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG); AssertIntEQ(wc_Sha512Transform((wc_Sha512*)&sha512, NULL), BAD_FUNC_ARG); @@ -34164,16 +34185,16 @@ static void test_wolfSSL_SHA512_Transform(void) /* Do Transform*/ sLen = (word32)XSTRLEN((char*)input1); XMEMCPY(local, input1, sLen); - AssertIntEQ(wolfSSL_SHA512_Transform(&sha512, (const byte*)&local[0]), 1); + AssertIntEQ(SHA512_Transform(&sha512, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(&((wc_Sha512*)&sha512)->digest[0], output1, WC_SHA512_DIGEST_SIZE), 0); /* Init SHA512 CTX */ - AssertIntEQ(wolfSSL_SHA512_Init(&sha512), 1); + AssertIntEQ(SHA512_Init(&sha512), 1); sLen = (word32)XSTRLEN((char*)input2); XMEMSET(local, 0, WC_SHA512_BLOCK_SIZE); XMEMCPY(local, input2, sLen); - AssertIntEQ(wolfSSL_SHA512_Transform(&sha512, (const byte*)&local[0]), 1); + AssertIntEQ(SHA512_Transform(&sha512, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(&((wc_Sha512*)&sha512)->digest[0], output2, WC_SHA512_DIGEST_SIZE), 0); (void)input1; @@ -39999,9 +40020,9 @@ static void test_wolfSSL_X509_load_crl_file(void) AssertNotNull(store = wolfSSL_X509_STORE_new()); AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); - AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", + AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", X509_FILETYPE_PEM), 1); - AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem", + AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem", X509_FILETYPE_PEM), 1); if (store) { AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, @@ -40013,7 +40034,7 @@ static void test_wolfSSL_X509_load_crl_file(void) for (i = 0; pem[i][0] != '\0'; i++) { - AssertIntEQ(wolfSSL_X509_load_crl_file(lookup, pem[i], WOLFSSL_FILETYPE_PEM), 1); + AssertIntEQ(X509_load_crl_file(lookup, pem[i], WOLFSSL_FILETYPE_PEM), 1); } if (store) { @@ -40022,15 +40043,15 @@ static void test_wolfSSL_X509_load_crl_file(void) WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED); } /* once feeing store */ - wolfSSL_X509_STORE_free(store); + X509_STORE_free(store); store = NULL; AssertNotNull(store = wolfSSL_X509_STORE_new()); AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); - AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", + AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", X509_FILETYPE_PEM), 1); - AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem", + AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem", X509_FILETYPE_PEM), 1); if (store) { AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, @@ -40042,7 +40063,7 @@ static void test_wolfSSL_X509_load_crl_file(void) for (i = 0; der[i][0] != '\0'; i++) { - AssertIntEQ(wolfSSL_X509_load_crl_file(lookup, der[i], WOLFSSL_FILETYPE_ASN1), 1); + AssertIntEQ(X509_load_crl_file(lookup, der[i], WOLFSSL_FILETYPE_ASN1), 1); } if (store) { @@ -40051,7 +40072,7 @@ static void test_wolfSSL_X509_load_crl_file(void) WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED); } - wolfSSL_X509_STORE_free(store); + X509_STORE_free(store); store = NULL; printf(resultFmt, passed); diff --git a/wolfssl/openssl/sha.h b/wolfssl/openssl/sha.h index 56d1a706f..7120ecb17 100644 --- a/wolfssl/openssl/sha.h +++ b/wolfssl/openssl/sha.h @@ -70,6 +70,8 @@ typedef WOLFSSL_SHA_CTX SHA_CTX; #define SHA_Init wolfSSL_SHA_Init #define SHA_Update wolfSSL_SHA_Update #define SHA_Final wolfSSL_SHA_Final +#define SHA_Transform wolfSSL_SHA_Transform + #if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_SELFTEST) && \ (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) @@ -81,7 +83,7 @@ typedef WOLFSSL_SHA_CTX SHA_CTX; #define SHA1_Init wolfSSL_SHA1_Init #define SHA1_Update wolfSSL_SHA1_Update #define SHA1_Final wolfSSL_SHA1_Final - +#define SHA1_Transform wolfSSL_SHA1_Transform #ifdef WOLFSSL_SHA224 diff --git a/wolfssl/test.h b/wolfssl/test.h index 16fe232ce..7fba781f1 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -4094,8 +4094,11 @@ static WC_INLINE word16 GetRandomPort(void) static WC_INLINE void EarlyDataStatus(WOLFSSL* ssl) { int earlyData_status; - +#ifdef OPENSSL_EXTRA + earlyData_status = SSL_get_early_data_status(ssl); +#else earlyData_status = wolfSSL_get_early_data_status(ssl); +#endif if (earlyData_status < 0) return; printf("Early Data was "); From c9be50c3a0eadc7925f9ff987fe3d361b1a6e602 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Thu, 25 Mar 2021 13:31:47 +0900 Subject: [PATCH 117/137] added RSA_bits --- src/ssl.c | 12 ++++++++++++ tests/api.c | 11 ++++++++++- wolfssl/openssl/rsa.h | 1 + wolfssl/openssl/ssl.h | 2 +- 4 files changed, 24 insertions(+), 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 112d286fe..289c17f45 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -52757,6 +52757,18 @@ int wolfSSL_RSA_size(const WOLFSSL_RSA* rsa) } return wc_RsaEncryptSize((RsaKey*)rsa->internal); } +/* return RSA modulus in bits */ +/* @param rsa a pointer to WOLFSSL_RSA structur */ +/* @return RSA modulus size in bits, 0 if error */ +int wolfSSL_RSA_bits(const WOLFSSL_RSA* rsa) +{ + WOLFSSL_ENTER("wolfSSL_RSA_bits"); + + if (rsa == NULL) + return WOLFSSL_FAILURE; + + return wolfSSL_BN_num_bits(rsa->n); +} #endif #if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) && \ diff --git a/tests/api.c b/tests/api.c index 30363c39f..b08788031 100644 --- a/tests/api.c +++ b/tests/api.c @@ -33117,6 +33117,11 @@ static void test_wolfSSL_RSA(void) AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); AssertIntEQ(RSA_size(rsa), 256); + + /* sanity check */ + AssertIntEQ(RSA_bits(NULL), 0); + + AssertIntEQ(RSA_bits(rsa), 2048); RSA_get0_key(rsa, &n, &e, &d); AssertPtrEq(rsa->n, n); AssertPtrEq(rsa->e, e); @@ -33128,11 +33133,15 @@ static void test_wolfSSL_RSA(void) AssertPtrEq(rsa->n, n); AssertPtrEq(rsa->e, e); AssertPtrEq(rsa->d, d); + + AssertIntEQ(BN_hex2bn(&rsa->n, "1FFFFF"), 1); + AssertIntEQ(RSA_bits(rsa), 21); RSA_free(rsa); - + #if !defined(USE_FAST_MATH) || (FP_MAX_BITS >= (3072*2)) AssertNotNull(rsa = RSA_generate_key(3072, 17, NULL, NULL)); AssertIntEQ(RSA_size(rsa), 384); + AssertIntEQ(RSA_bits(rsa), 3072); RSA_free(rsa); #endif diff --git a/wolfssl/openssl/rsa.h b/wolfssl/openssl/rsa.h index d62ee9337..dd07fd49e 100644 --- a/wolfssl/openssl/rsa.h +++ b/wolfssl/openssl/rsa.h @@ -111,6 +111,7 @@ WOLFSSL_API int wolfSSL_RSA_private_encrypt(int len, unsigned char* in, unsigned char* out, WOLFSSL_RSA* rsa, int padding); WOLFSSL_API int wolfSSL_RSA_size(const WOLFSSL_RSA*); +WOLFSSL_API int wolfSSL_RSA_bits(const WOLFSSL_RSA*); WOLFSSL_API int wolfSSL_RSA_sign(int type, const unsigned char* m, unsigned int mLen, unsigned char* sigRet, unsigned int* sigLen, WOLFSSL_RSA*); diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index e9b201720..70a79aaa0 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -806,7 +806,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define RSA_generate_key wolfSSL_RSA_generate_key #define SSL_CTX_set_tmp_rsa_callback wolfSSL_CTX_set_tmp_rsa_callback #define RSA_print wolfSSL_RSA_print -#define RSA_bits wolfSSL_RSA_size +#define RSA_bits wolfSSL_RSA_bits #define RSA_up_ref wolfSSL_RSA_up_ref #define RSA_padding_add_PKCS1_PSS wolfSSL_RSA_padding_add_PKCS1_PSS #define RSA_verify_PKCS1_PSS wolfSSL_RSA_verify_PKCS1_PSS From d8a81d0c0fc5bc9155cef30c7898d2d4b3f7f21f Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Thu, 25 Mar 2021 16:19:54 +1000 Subject: [PATCH 118/137] SP C 32/64: fix corner cases around subtraction Affected RSA PSS --- wolfcrypt/src/sp_c32.c | 15 +++++++++++++++ wolfcrypt/src/sp_c64.c | 15 +++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/wolfcrypt/src/sp_c32.c b/wolfcrypt/src/sp_c32.c index 934b7d9c5..7f66b8d35 100644 --- a/wolfcrypt/src/sp_c32.c +++ b/wolfcrypt/src/sp_c32.c @@ -1838,6 +1838,7 @@ static int sp_2048_div_45(const sp_digit* a, const sp_digit* d, sp_2048_mul_d_45(t2, sd, r1); (void)sp_2048_sub_45(&t1[i], &t1[i], t2); + sp_2048_norm_45(&t1[i]); t1[45 + i] -= t2[45]; t1[45 + i] += t1[45 + i - 1] >> 23; t1[45 + i - 1] &= 0x7fffff; @@ -2725,6 +2726,7 @@ static int sp_2048_div_90(const sp_digit* a, const sp_digit* d, sp_2048_mul_d_90(t2, sd, r1); (void)sp_2048_sub_90(&t1[i], &t1[i], t2); + sp_2048_norm_90(&t1[i]); t1[90 + i] -= t2[90]; t1[90 + i] += t1[90 + i - 1] >> 23; t1[90 + i - 1] &= 0x7fffff; @@ -3560,6 +3562,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, } if (err == MP_OKAY) { (void)sp_2048_sub_45(tmpa, tmpa, tmpb); + sp_2048_norm_45(tmpa); sp_2048_cond_add_45(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[44] >> 31)); sp_2048_cond_add_45(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[44] >> 31)); @@ -3656,6 +3659,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, if (err == MP_OKAY) { (void)sp_2048_sub_45(tmpa, tmpa, tmpb); + sp_2048_norm_45(tmpa); sp_2048_cond_add_45(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[44] >> 31)); sp_2048_cond_add_45(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[44] >> 31)); sp_2048_mul_45(tmpa, tmpa, qi); @@ -5704,6 +5708,7 @@ static int sp_3072_div_67(const sp_digit* a, const sp_digit* d, sp_3072_mul_d_67(t2, d, r1); (void)sp_3072_sub_67(&t1[i], &t1[i], t2); + sp_3072_norm_67(&t1[i]); t1[67 + i] -= t2[67]; t1[67 + i] += t1[67 + i - 1] >> 23; t1[67 + i - 1] &= 0x7fffff; @@ -6620,6 +6625,7 @@ static int sp_3072_div_134(const sp_digit* a, const sp_digit* d, sp_3072_mul_d_134(t2, sd, r1); (void)sp_3072_sub_134(&t1[i], &t1[i], t2); + sp_3072_norm_134(&t1[i]); t1[134 + i] -= t2[134]; t1[134 + i] += t1[134 + i - 1] >> 23; t1[134 + i - 1] &= 0x7fffff; @@ -7455,6 +7461,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, } if (err == MP_OKAY) { (void)sp_3072_sub_67(tmpa, tmpa, tmpb); + sp_3072_norm_67(tmpa); sp_3072_cond_add_67(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[66] >> 31)); sp_3072_cond_add_67(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[66] >> 31)); @@ -7551,6 +7558,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, if (err == MP_OKAY) { (void)sp_3072_sub_67(tmpa, tmpa, tmpb); + sp_3072_norm_67(tmpa); sp_3072_cond_add_67(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[66] >> 31)); sp_3072_cond_add_67(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[66] >> 31)); sp_3072_mul_67(tmpa, tmpa, qi); @@ -9759,6 +9767,7 @@ static int sp_4096_div_98(const sp_digit* a, const sp_digit* d, sp_4096_mul_d_98(t2, sd, r1); (void)sp_4096_sub_98(&t1[i], &t1[i], t2); + sp_4096_norm_98(&t1[i]); t1[98 + i] -= t2[98]; t1[98 + i] += t1[98 + i - 1] >> 21; t1[98 + i - 1] &= 0x1fffff; @@ -10663,6 +10672,7 @@ static int sp_4096_div_196(const sp_digit* a, const sp_digit* d, sp_4096_mul_d_196(t2, sd, r1); (void)sp_4096_sub_196(&t1[i], &t1[i], t2); + sp_4096_norm_196(&t1[i]); t1[196 + i] -= t2[196]; t1[196 + i] += t1[196 + i - 1] >> 21; t1[196 + i - 1] &= 0x1fffff; @@ -11498,6 +11508,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, } if (err == MP_OKAY) { (void)sp_4096_sub_98(tmpa, tmpa, tmpb); + sp_4096_norm_98(tmpa); sp_4096_cond_add_98(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[97] >> 31)); sp_4096_cond_add_98(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[97] >> 31)); @@ -11594,6 +11605,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, if (err == MP_OKAY) { (void)sp_4096_sub_98(tmpa, tmpa, tmpb); + sp_4096_norm_98(tmpa); sp_4096_cond_add_98(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[97] >> 31)); sp_4096_cond_add_98(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[97] >> 31)); sp_4096_mul_98(tmpa, tmpa, qi); @@ -17728,6 +17740,7 @@ static int sp_256_div_10(const sp_digit* a, const sp_digit* d, sp_256_mul_d_10(t2, d, r1); (void)sp_256_sub_10(&t1[i], &t1[i], t2); + sp_256_norm_10(&t1[i]); t1[10 + i] -= t2[10]; t1[10 + i] += t1[10 + i - 1] >> 26; t1[10 + i - 1] &= 0x3ffffff; @@ -25464,6 +25477,7 @@ static int sp_384_div_15(const sp_digit* a, const sp_digit* d, sp_384_mul_d_15(t2, d, r1); (void)sp_384_sub_15(&t1[i], &t1[i], t2); + sp_384_norm_15(&t1[i]); t1[15 + i] -= t2[15]; t1[15 + i] += t1[15 + i - 1] >> 26; t1[15 + i - 1] &= 0x3ffffff; @@ -27941,6 +27955,7 @@ static int sp_1024_div_42(const sp_digit* a, const sp_digit* d, sp_1024_mul_d_42(t2, d, r1); (void)sp_1024_sub_42(&t1[i], &t1[i], t2); + sp_1024_norm_42(&t1[i]); t1[42 + i] -= t2[42]; t1[41 + i] += t1[41 + i - 1] >> 25; t1[41 + i - 1] &= 0x1ffffff; diff --git a/wolfcrypt/src/sp_c64.c b/wolfcrypt/src/sp_c64.c index d50d010dd..bbad01ca1 100644 --- a/wolfcrypt/src/sp_c64.c +++ b/wolfcrypt/src/sp_c64.c @@ -1471,6 +1471,7 @@ static int sp_2048_div_18(const sp_digit* a, const sp_digit* d, sp_2048_mul_d_18(t2, d, r1); (void)sp_2048_sub_18(&t1[i], &t1[i], t2); + sp_2048_norm_18(&t1[i]); t1[18 + i] -= t2[18]; t1[18 + i] += t1[18 + i - 1] >> 57; t1[18 + i - 1] &= 0x1ffffffffffffffL; @@ -2351,6 +2352,7 @@ static int sp_2048_div_36(const sp_digit* a, const sp_digit* d, sp_2048_mul_d_36(t2, d, r1); (void)sp_2048_sub_36(&t1[i], &t1[i], t2); + sp_2048_norm_36(&t1[i]); t1[36 + i] -= t2[36]; t1[36 + i] += t1[36 + i - 1] >> 57; t1[36 + i - 1] &= 0x1ffffffffffffffL; @@ -3183,6 +3185,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, } if (err == MP_OKAY) { (void)sp_2048_sub_18(tmpa, tmpa, tmpb); + sp_2048_norm_18(tmpa); sp_2048_cond_add_18(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[17] >> 63)); sp_2048_cond_add_18(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[17] >> 63)); @@ -3279,6 +3282,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, if (err == MP_OKAY) { (void)sp_2048_sub_18(tmpa, tmpa, tmpb); + sp_2048_norm_18(tmpa); sp_2048_cond_add_18(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[17] >> 63)); sp_2048_cond_add_18(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[17] >> 63)); sp_2048_mul_18(tmpa, tmpa, qi); @@ -5694,6 +5698,7 @@ static int sp_3072_div_27(const sp_digit* a, const sp_digit* d, sp_3072_mul_d_27(t2, d, r1); (void)sp_3072_sub_27(&t1[i], &t1[i], t2); + sp_3072_norm_27(&t1[i]); t1[27 + i] -= t2[27]; t1[27 + i] += t1[27 + i - 1] >> 57; t1[27 + i - 1] &= 0x1ffffffffffffffL; @@ -6579,6 +6584,7 @@ static int sp_3072_div_54(const sp_digit* a, const sp_digit* d, sp_3072_mul_d_54(t2, d, r1); (void)sp_3072_sub_54(&t1[i], &t1[i], t2); + sp_3072_norm_54(&t1[i]); t1[54 + i] -= t2[54]; t1[54 + i] += t1[54 + i - 1] >> 57; t1[54 + i - 1] &= 0x1ffffffffffffffL; @@ -7411,6 +7417,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, } if (err == MP_OKAY) { (void)sp_3072_sub_27(tmpa, tmpa, tmpb); + sp_3072_norm_27(tmpa); sp_3072_cond_add_27(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[26] >> 63)); sp_3072_cond_add_27(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[26] >> 63)); @@ -7507,6 +7514,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, if (err == MP_OKAY) { (void)sp_3072_sub_27(tmpa, tmpa, tmpb); + sp_3072_norm_27(tmpa); sp_3072_cond_add_27(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[26] >> 63)); sp_3072_cond_add_27(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[26] >> 63)); sp_3072_mul_27(tmpa, tmpa, qi); @@ -10030,6 +10038,7 @@ static int sp_4096_div_39(const sp_digit* a, const sp_digit* d, sp_4096_mul_d_39(t2, sd, r1); (void)sp_4096_sub_39(&t1[i], &t1[i], t2); + sp_4096_norm_39(&t1[i]); t1[39 + i] -= t2[39]; t1[39 + i] += t1[39 + i - 1] >> 53; t1[39 + i - 1] &= 0x1fffffffffffffL; @@ -10974,6 +10983,7 @@ static int sp_4096_div_78(const sp_digit* a, const sp_digit* d, sp_4096_mul_d_78(t2, sd, r1); (void)sp_4096_sub_78(&t1[i], &t1[i], t2); + sp_4096_norm_78(&t1[i]); t1[78 + i] -= t2[78]; t1[78 + i] += t1[78 + i - 1] >> 53; t1[78 + i - 1] &= 0x1fffffffffffffL; @@ -11809,6 +11819,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, } if (err == MP_OKAY) { (void)sp_4096_sub_39(tmpa, tmpa, tmpb); + sp_4096_norm_39(tmpa); sp_4096_cond_add_39(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[38] >> 63)); sp_4096_cond_add_39(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[38] >> 63)); @@ -11905,6 +11916,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, if (err == MP_OKAY) { (void)sp_4096_sub_39(tmpa, tmpa, tmpb); + sp_4096_norm_39(tmpa); sp_4096_cond_add_39(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[38] >> 63)); sp_4096_cond_add_39(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[38] >> 63)); sp_4096_mul_39(tmpa, tmpa, qi); @@ -17509,6 +17521,7 @@ static int sp_256_div_5(const sp_digit* a, const sp_digit* d, sp_256_mul_d_5(t2, d, r1); (void)sp_256_sub_5(&t1[i], &t1[i], t2); + sp_256_norm_5(&t1[i]); t1[5 + i] -= t2[5]; t1[5 + i] += t1[5 + i - 1] >> 52; t1[5 + i - 1] &= 0xfffffffffffffL; @@ -24724,6 +24737,7 @@ static int sp_384_div_7(const sp_digit* a, const sp_digit* d, sp_384_mul_d_7(t2, d, r1); (void)sp_384_sub_7(&t1[i], &t1[i], t2); + sp_384_norm_7(&t1[i]); t1[7 + i] -= t2[7]; t1[7 + i] += t1[7 + i - 1] >> 55; t1[7 + i - 1] &= 0x7fffffffffffffL; @@ -27118,6 +27132,7 @@ static int sp_1024_div_18(const sp_digit* a, const sp_digit* d, sp_1024_mul_d_18(t2, d, r1); (void)sp_1024_sub_18(&t1[i], &t1[i], t2); + sp_1024_norm_18(&t1[i]); t1[18 + i] -= t2[18]; t1[18 + i] += t1[18 + i - 1] >> 57; t1[18 + i - 1] &= 0x1ffffffffffffffL; From 952a9b34978e2546068af2729e0843c0d648a2b3 Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Thu, 25 Mar 2021 19:02:13 +0900 Subject: [PATCH 119/137] Add unit tests for CONT_modules_xxx, CRYPTO_set_dynlock_xxx, CRYPTO_THREADID_xxx and ENGINE_cleanup. --- tests/api.c | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) diff --git a/tests/api.c b/tests/api.c index f869f27af..05f2214f1 100644 --- a/tests/api.c +++ b/tests/api.c @@ -40479,6 +40479,72 @@ static void test_stubs_are_stubs() #endif /* OPENSSL_EXTRA && !NO_WOLFSSL_STUB */ } + +static void test_CONF_modules_xxx(void) +{ +#if defined(OPENSSL_EXTRA) + CONF_modules_free(); + AssertTrue(1); /* to confirm previous call gives no harm */ + + CONF_modules_unload(0); + AssertTrue(1); + + CONF_modules_unload(1); + AssertTrue(1); + + CONF_modules_unload(-1); + AssertTrue(1); + +#endif /* OPENSSL_EXTRA */ +} +static void test_CRYPTO_set_dynlock_xxx(void) +{ +#if defined(OPENSSL_EXTRA) + printf(testingFmt, "CRYPTO_set_dynlock_xxx()"); + + CRYPTO_set_dynlock_create_callback( + (struct CRYPTO_dynlock_value *(*)(const char*, int))NULL); + + CRYPTO_set_dynlock_create_callback( + (struct CRYPTO_dynlock_value *(*)(const char*, int))1); + + CRYPTO_set_dynlock_destroy_callback( + (void (*)(struct CRYPTO_dynlock_value*, const char*, int))NULL); + + CRYPTO_set_dynlock_destroy_callback( + (void (*)(struct CRYPTO_dynlock_value*, const char*, int))1); + + CRYPTO_set_dynlock_lock_callback( + (void (*)(int, struct CRYPTO_dynlock_value *, const char*, int))NULL); + + CRYPTO_set_dynlock_lock_callback( + (void (*)(int, struct CRYPTO_dynlock_value *, const char*, int))1); + + AssertTrue(1); /* to confirm previous call gives no harm */ + printf(resultFmt, passed); +#endif /* OPENSSL_EXTRA */ +} +static void test_CRYPTO_THREADID_xxx(void) +{ +#if defined(OPENSSL_EXTRA) + printf(testingFmt, "CRYPTO_THREADID_xxx()"); + + CRYPTO_THREADID_current((CRYPTO_THREADID*)NULL); + CRYPTO_THREADID_current((CRYPTO_THREADID*)1); + AssertIntEQ(CRYPTO_THREADID_hash((const CRYPTO_THREADID*)NULL), 0); + printf(resultFmt, passed); +#endif /* OPENSSL_EXTRA */ +} +static void test_ENGINE_cleanup(void) +{ +#if defined(OPENSSL_EXTRA) + printf(testingFmt, "ENGINE_cleanup()"); + ENGINE_cleanup(); + AssertTrue(1); /* to confirm previous call gives no harm */ + printf(resultFmt, passed); +#endif /* OPENSSL_EXTRA */ +} + static void test_wolfSSL_CTX_LoadCRL() { #ifdef HAVE_CRL @@ -41285,6 +41351,11 @@ void ApiTest(void) test_wolfSSL_RSA_padding_add_PKCS1_PSS(); #endif + test_CONF_modules_xxx(); + test_CRYPTO_set_dynlock_xxx(); + test_CRYPTO_THREADID_xxx(); + test_ENGINE_cleanup(); + #if defined(OPENSSL_ALL) test_wolfSSL_X509_PUBKEY_get(); test_wolfSSL_sk_CIPHER_description(); From 67d4611fda6e9c0fe8314b7ef13dd0c3d6df8bd3 Mon Sep 17 00:00:00 2001 From: Stanislav Klima Date: Thu, 25 Mar 2021 11:26:34 +0100 Subject: [PATCH 120/137] Review fixes. --- src/ssl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index b94917875..540a13581 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -47493,7 +47493,7 @@ int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1, XFREE(asn1->data, NULL, DYNAMIC_TYPE_OPENSSL); asn1->isDynamic = 0; } - XMEMSET(asn1->intData, 0, sizeof(WOLFSSL_ASN1_INTEGER_MAX)); + XMEMSET(asn1->intData, 0, WOLFSSL_ASN1_INTEGER_MAX); asn1->data = asn1->intData; asn1->length = 0; asn1->negative = 0; @@ -50012,8 +50012,8 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* str, int len, return NULL; } } else { - /* This may be overly defensive */ - if (weOwn) + /* This may be overly defensive */ + if (weOwn) wolfSSL_BN_free(ret); return NULL; } From fd7131197f0efda98a4a2731a23070b04a2dbd42 Mon Sep 17 00:00:00 2001 From: Radim Smat Date: Thu, 25 Mar 2021 13:28:47 +0100 Subject: [PATCH 121/137] Updated fix of CID 587269. --- src/ssl.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index 540a13581..6ff820092 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -41545,6 +41545,10 @@ err: return BAD_FUNC_ARG; } + if (*info == NULL) { + return BAD_FUNC_ARG; + } + /* check is fresh "info" passed in, if not free it */ if ((*info)->x509 != NULL || (*info)->x_pkey != NULL) { WOLFSSL_X509_INFO* tmp; From 6c7b3d806affc01aec185761da75e24ee7c8b248 Mon Sep 17 00:00:00 2001 From: Stanislav Klima Date: Thu, 25 Mar 2021 15:36:30 +0100 Subject: [PATCH 122/137] Fixed modifying a const value. --- src/internal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index 42ac95fce..22da068fb 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1113,7 +1113,7 @@ static int dtls_export_load(WOLFSSL* ssl, const byte* exp, word32 len, byte ver) } #else if (ver > DTLS_EXPORT_VERSION_3) { - exp[idx++] = 0; + idx++; } #endif #else From c9b58065750f25bcdad8a6e0488f7b16ec5dd83f Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 25 Mar 2021 09:19:17 -0700 Subject: [PATCH 123/137] Fix for ecc_mulmod_fast broken in PR #3868. The "t" needs 1 extra point for "rt". --- wolfcrypt/src/sp_arm32.c | 12 ++++++------ wolfcrypt/src/sp_armthumb.c | 12 ++++++------ wolfcrypt/src/sp_cortexm.c | 12 ++++++------ 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/wolfcrypt/src/sp_arm32.c b/wolfcrypt/src/sp_arm32.c index ba22e3828..feed015d3 100644 --- a/wolfcrypt/src/sp_arm32.c +++ b/wolfcrypt/src/sp_arm32.c @@ -32574,7 +32574,7 @@ static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, cons sp_point_256* t = NULL; sp_digit* tmp = NULL; #else - sp_point_256 t[16]; + sp_point_256 t[16 + 1]; sp_digit tmp[2 * 8 * 5]; #endif sp_point_256* rt = NULL; @@ -32596,7 +32596,7 @@ static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, cons (void)heap; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 16, + t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 16 + 1, heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; @@ -41728,7 +41728,7 @@ static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, con sp_point_384* t = NULL; sp_digit* tmp = NULL; #else - sp_point_384 t[16]; + sp_point_384 t[16 + 1]; sp_digit tmp[2 * 12 * 6]; #endif sp_point_384* rt = NULL; @@ -41750,7 +41750,7 @@ static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, con (void)heap; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 16, + t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 16 + 1, heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; @@ -54436,7 +54436,7 @@ static int sp_1024_ecc_mulmod_fast_32(sp_point_1024* r, const sp_point_1024* g, sp_point_1024* t = NULL; sp_digit* tmp = NULL; #else - sp_point_1024 t[16]; + sp_point_1024 t[16 + 1]; sp_digit tmp[2 * 32 * 5]; #endif sp_point_1024* rt = NULL; @@ -54451,7 +54451,7 @@ static int sp_1024_ecc_mulmod_fast_32(sp_point_1024* r, const sp_point_1024* g, (void)heap; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 16, + t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 16 + 1, heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; diff --git a/wolfcrypt/src/sp_armthumb.c b/wolfcrypt/src/sp_armthumb.c index e35809c90..24276ebf1 100644 --- a/wolfcrypt/src/sp_armthumb.c +++ b/wolfcrypt/src/sp_armthumb.c @@ -17869,7 +17869,7 @@ static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, cons sp_point_256* t = NULL; sp_digit* tmp = NULL; #else - sp_point_256 t[16]; + sp_point_256 t[16 + 1]; sp_digit tmp[2 * 8 * 5]; #endif sp_point_256* rt = NULL; @@ -17891,7 +17891,7 @@ static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, cons (void)heap; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 16, + t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 16 + 1, heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; @@ -25508,7 +25508,7 @@ static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, con sp_point_384* t = NULL; sp_digit* tmp = NULL; #else - sp_point_384 t[16]; + sp_point_384 t[16 + 1]; sp_digit tmp[2 * 12 * 6]; #endif sp_point_384* rt = NULL; @@ -25530,7 +25530,7 @@ static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, con (void)heap; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 16, + t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 16 + 1, heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; @@ -35999,7 +35999,7 @@ static int sp_1024_ecc_mulmod_fast_32(sp_point_1024* r, const sp_point_1024* g, sp_point_1024* t = NULL; sp_digit* tmp = NULL; #else - sp_point_1024 t[16]; + sp_point_1024 t[16 + 1]; sp_digit tmp[2 * 32 * 5]; #endif sp_point_1024* rt = NULL; @@ -36014,7 +36014,7 @@ static int sp_1024_ecc_mulmod_fast_32(sp_point_1024* r, const sp_point_1024* g, (void)heap; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 16, + t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 16 + 1, heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; diff --git a/wolfcrypt/src/sp_cortexm.c b/wolfcrypt/src/sp_cortexm.c index b243b851f..c19f856ef 100644 --- a/wolfcrypt/src/sp_cortexm.c +++ b/wolfcrypt/src/sp_cortexm.c @@ -17999,7 +17999,7 @@ static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, cons sp_point_256* t = NULL; sp_digit* tmp = NULL; #else - sp_point_256 t[16]; + sp_point_256 t[16 + 1]; sp_digit tmp[2 * 8 * 5]; #endif sp_point_256* rt = NULL; @@ -18021,7 +18021,7 @@ static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, cons (void)heap; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 16, + t = (sp_point_256*)XMALLOC(sizeof(sp_point_256) * 16 + 1, heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; @@ -25132,7 +25132,7 @@ static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, con sp_point_384* t = NULL; sp_digit* tmp = NULL; #else - sp_point_384 t[16]; + sp_point_384 t[16 + 1]; sp_digit tmp[2 * 12 * 6]; #endif sp_point_384* rt = NULL; @@ -25154,7 +25154,7 @@ static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, con (void)heap; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 16, + t = (sp_point_384*)XMALLOC(sizeof(sp_point_384) * 16 + 1, heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; @@ -33838,7 +33838,7 @@ static int sp_1024_ecc_mulmod_fast_32(sp_point_1024* r, const sp_point_1024* g, sp_point_1024* t = NULL; sp_digit* tmp = NULL; #else - sp_point_1024 t[16]; + sp_point_1024 t[16 + 1]; sp_digit tmp[2 * 32 * 5]; #endif sp_point_1024* rt = NULL; @@ -33853,7 +33853,7 @@ static int sp_1024_ecc_mulmod_fast_32(sp_point_1024* r, const sp_point_1024* g, (void)heap; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 16, + t = (sp_point_1024*)XMALLOC(sizeof(sp_point_1024) * 16 + 1, heap, DYNAMIC_TYPE_ECC); if (t == NULL) err = MEMORY_E; From 4eb4cecff42452ffd9f16e4cf8f08e95e15ee224 Mon Sep 17 00:00:00 2001 From: Elms Date: Thu, 25 Mar 2021 10:50:04 -0700 Subject: [PATCH 124/137] INTIME: whitespace fixup and zero context in `wc_ReadDirFirst` --- wolfcrypt/src/wc_port.c | 84 ++++++++++++++++++------------------- wolfssl/wolfcrypt/wc_port.h | 2 +- 2 files changed, 43 insertions(+), 43 deletions(-) diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 08a567433..10c37ba01 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -431,7 +431,7 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name) return BAD_FUNC_ARG; } - XMEMSET(ctx->name, 0, MAX_FILENAME_SZ); + XMEMSET(ctx, 0, sizeof(ReadDirCtx)); pathLen = (int)XSTRLEN(path); #ifdef USE_WINDOWS_API @@ -466,34 +466,34 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name) } while (FindNextFileA(ctx->hFind, &ctx->FindFileData)); #elif defined(INTIME_RTOS) - if (pathLen > MAX_FILENAME_SZ - 3) - return BAD_PATH_ERROR; + if (pathLen > MAX_FILENAME_SZ - 3) + return BAD_PATH_ERROR; - XSTRNCPY(ctx->name, path, MAX_FILENAME_SZ - 3); - XSTRNCPY(ctx->name + pathLen, "\\*", MAX_FILENAME_SZ - pathLen); + XSTRNCPY(ctx->name, path, MAX_FILENAME_SZ - 3); + XSTRNCPY(ctx->name + pathLen, "\\*", MAX_FILENAME_SZ - pathLen); - if (!FindFirstRtFile(ctx->name, &ctx->FindFileData, 0)) { - WOLFSSL_MSG("FindFirstFile for path verify locations failed"); - return BAD_PATH_ERROR; - } + if (!FindFirstRtFile(ctx->name, &ctx->FindFileData, 0)) { + WOLFSSL_MSG("FindFirstFile for path verify locations failed"); + return BAD_PATH_ERROR; + } - do { - if (!(ctx->FindFileData.dwFileAttributes & FILE_ATTR_DIRECTORY)) { - dnameLen = (int)XSTRLEN(ctx->FindFileData.cFileName); + do { + if (!(ctx->FindFileData.dwFileAttributes & FILE_ATTR_DIRECTORY)) { + dnameLen = (int)XSTRLEN(ctx->FindFileData.cFileName); - if (pathLen + dnameLen + 2 > MAX_FILENAME_SZ) { - return BAD_PATH_ERROR; - } - XSTRNCPY(ctx->name, path, pathLen + 1); - ctx->name[pathLen] = '\\'; - XSTRNCPY(ctx->name + pathLen + 1, - ctx->FindFileData.cFileName, - MAX_FILENAME_SZ - pathLen - 1); - if (name) - *name = ctx->name; - return 0; - } - } while (FindNextRtFile(&ctx->FindFileData)); + if (pathLen + dnameLen + 2 > MAX_FILENAME_SZ) { + return BAD_PATH_ERROR; + } + XSTRNCPY(ctx->name, path, pathLen + 1); + ctx->name[pathLen] = '\\'; + XSTRNCPY(ctx->name + pathLen + 1, + ctx->FindFileData.cFileName, + MAX_FILENAME_SZ - pathLen - 1); + if (name) + *name = ctx->name; + return 0; + } + } while (FindNextRtFile(&ctx->FindFileData)); #elif defined(WOLFSSL_ZEPHYR) if (fs_opendir(&ctx->dir, path) != 0) { @@ -633,23 +633,23 @@ int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name) } #elif defined(INTIME_RTOS) -while (FindNextRtFile(&ctx->FindFileData)) { - if (!(ctx->FindFileData.dwFileAttributes & FILE_ATTR_DIRECTORY)) { - dnameLen = (int)XSTRLEN(ctx->FindFileData.cFileName); + while (FindNextRtFile(&ctx->FindFileData)) { + if (!(ctx->FindFileData.dwFileAttributes & FILE_ATTR_DIRECTORY)) { + dnameLen = (int)XSTRLEN(ctx->FindFileData.cFileName); - if (pathLen + dnameLen + 2 > MAX_FILENAME_SZ) { - return BAD_PATH_ERROR; - } - XSTRNCPY(ctx->name, path, pathLen + 1); - ctx->name[pathLen] = '\\'; - XSTRNCPY(ctx->name + pathLen + 1, - ctx->FindFileData.cFileName, - MAX_FILENAME_SZ - pathLen - 1); - if (name) - *name = ctx->name; - return 0; - } -} + if (pathLen + dnameLen + 2 > MAX_FILENAME_SZ) { + return BAD_PATH_ERROR; + } + XSTRNCPY(ctx->name, path, pathLen + 1); + ctx->name[pathLen] = '\\'; + XSTRNCPY(ctx->name + pathLen + 1, + ctx->FindFileData.cFileName, + MAX_FILENAME_SZ - pathLen - 1); + if (name) + *name = ctx->name; + return 0; + } + } #elif defined(WOLFSSL_ZEPHYR) while ((fs_readdir(&ctx->dir, &ctx->entry)) != 0) { @@ -748,7 +748,7 @@ void wc_ReadDirClose(ReadDirCtx* ctx) } #elif defined(INTIME_RTOS) - FindRtFileClose(&ctx->FindFileData); + FindRtFileClose(&ctx->FindFileData); #elif defined(WOLFSSL_ZEPHYR) if (ctx->dirp) { diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 3c1021534..20be06a3f 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -730,7 +730,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); struct M2MB_DIRENT* entry; struct M2MB_STAT s; #elif defined(INTIME_RTOS) - FIND_FILE_DATA FindFileData; + FIND_FILE_DATA FindFileData; #else struct dirent* entry; DIR* dir; From 79837eeb8e4c4d5656beae9d37e575859629fb64 Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Fri, 26 Mar 2021 04:30:36 +0900 Subject: [PATCH 125/137] Changed the function name to be called in the unit test to the OpeSSL function name. --- tests/api.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/api.c b/tests/api.c index 75a6a2c6e..0750a4a3d 100644 --- a/tests/api.c +++ b/tests/api.c @@ -41925,11 +41925,11 @@ static int test_wolfSSL_CTX_set_ecdh_auto(void) int ret = 0; WOLFSSL_CTX* ctx = NULL; #if defined(OPENSSL_EXTRA) - printf(testingFmt, "wolfSSL_CTX_set_ecdh_auto"); - AssertIntEQ( wolfSSL_CTX_set_ecdh_auto(NULL,0),1); - AssertIntEQ( wolfSSL_CTX_set_ecdh_auto(NULL,1),1); - AssertIntEQ( wolfSSL_CTX_set_ecdh_auto(ctx,0),1); - AssertIntEQ( wolfSSL_CTX_set_ecdh_auto(ctx,1),1); + printf(testingFmt, "SSL_CTX_set_ecdh_auto"); + AssertIntEQ( SSL_CTX_set_ecdh_auto(NULL,0),1); + AssertIntEQ( SSL_CTX_set_ecdh_auto(NULL,1),1); + AssertIntEQ( SSL_CTX_set_ecdh_auto(ctx,0),1); + AssertIntEQ( SSL_CTX_set_ecdh_auto(ctx,1),1); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA */ (void)ctx; From 23bd46bac652d9024230fe43d2da57821060a30e Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Thu, 25 Mar 2021 09:45:51 -0500 Subject: [PATCH 126/137] Sanity check sockfd --- src/wolfio.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/wolfio.c b/src/wolfio.c index cff63d3e2..3a5677fe2 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -800,6 +800,11 @@ int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags) nfds = (int)sockfd + 1; #endif + if ((sockfd < 0) || (sockfd >= FD_SETSIZE)) { + WOLFSSL_MSG("socket fd out of FDSET range"); + return -1; + } + FD_ZERO(&rfds); FD_SET(sockfd, &rfds); wfds = rfds; From 08be489bf5d1477681573f9ac7e26779127cacee Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 26 Mar 2021 09:03:39 +1000 Subject: [PATCH 127/137] SP int: Handle ULLONG_MAX not being defined --- wolfssl/wolfcrypt/sp_int.h | 40 +++++++++++++++++++++----------------- 1 file changed, 22 insertions(+), 18 deletions(-) diff --git a/wolfssl/wolfcrypt/sp_int.h b/wolfssl/wolfcrypt/sp_int.h index 8083e6404..9f247daf0 100644 --- a/wolfssl/wolfcrypt/sp_int.h +++ b/wolfssl/wolfcrypt/sp_int.h @@ -113,29 +113,33 @@ extern "C" { #error "Size of unsigned long not detected" #endif -#if ULLONG_MAX == 18446744073709551615ULL - #define SP_ULLONG_BITS 64 +#ifdef ULLONG_MAX + #if ULLONG_MAX == 18446744073709551615ULL + #define SP_ULLONG_BITS 64 - #if SP_ULLONG_BITS > SP_ULONG_BITS - typedef unsigned long long sp_uint64; - typedef long long sp_int64; - #endif -#elif ULLONG_MAX == 4294967295UL - #define SP_ULLONG_BITS 32 + #if SP_ULLONG_BITS > SP_ULONG_BITS + typedef unsigned long long sp_uint64; + typedef long long sp_int64; + #endif + #elif ULLONG_MAX == 4294967295UL + #define SP_ULLONG_BITS 32 - #if SP_ULLONG_BITS > SP_ULONG_BITS - typedef unsigned long long sp_uint32; - typedef long long sp_int32; - #endif -#elif ULLONG_MAX == 65535 - #define SP_ULLONG_BITS 16 + #if SP_ULLONG_BITS > SP_ULONG_BITS + typedef unsigned long long sp_uint32; + typedef long long sp_int32; + #endif + #elif ULLONG_MAX == 65535 + #define SP_ULLONG_BITS 16 - #if SP_ULLONG_BITS > SP_ULONG_BITS - typedef unsigned long long sp_uint16; - typedef long long sp_int16; + #if SP_ULLONG_BITS > SP_ULONG_BITS + typedef unsigned long long sp_uint16; + typedef long long sp_int16; + #endif + #else + #error "Size of unsigned long long not detected" #endif #else - #error "Size of unsigned long long not detected" + #define SP_ULLONG_BITS 0 #endif From a188ef251ce1194b975612f800d620eb973ca47c Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Tue, 23 Mar 2021 13:41:05 +1000 Subject: [PATCH 128/137] SP MSVC: movslq -> movsl --- wolfcrypt/src/sp_x86_64_asm.asm | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/wolfcrypt/src/sp_x86_64_asm.asm b/wolfcrypt/src/sp_x86_64_asm.asm index f4ed57470..76e85c902 100644 --- a/wolfcrypt/src/sp_x86_64_asm.asm +++ b/wolfcrypt/src/sp_x86_64_asm.asm @@ -40479,7 +40479,7 @@ L_256_mod_inv_4_uv_u: shrd r10, r11, 1 shrd r11, r12, 1 shr r12, 1 - test r8b, 1 + test r9b, 1 jnz L_256_mod_inv_4_usubv_even_end L_256_mod_inv_4_usubv_even_start: shrd r9, r10, 1 @@ -40488,7 +40488,7 @@ L_256_mod_inv_4_usubv_even_start: shr r12, 1 mov BYTE PTR [rsp+rsi], 0 inc rsi - test r8b, 1 + test r9b, 1 jz L_256_mod_inv_4_usubv_even_start L_256_mod_inv_4_usubv_even_end: cmp r9, 1 @@ -40561,7 +40561,7 @@ L_256_mod_inv_4_op_b_sub_d: adc r11, QWORD PTR [r8+16] adc r12, QWORD PTR [r8+24] L_256_mod_inv_4_op_div2_b: - test r8b, 1 + test r9b, 1 mov rdx, 0 jz L_256_mod_inv_4_op_div2_b_mod add r9, QWORD PTR [r8] @@ -40896,19 +40896,19 @@ L_256_mod_inv_avx2_4_vsubu_sub_shr1: vpextrd edi, xmm2, 0 vpextrd esi, xmm3, 0 L_256_mod_inv_avx2_4_store_done: - movslq rax, eax + movsxd rax, eax shl r9, 26 add rax, r9 - movslq r10, r10d + movsxd r10, r10d shl r11, 26 add r10, r11 - movslq r12, r12d + movsxd r12, r12d shl r13, 26 add r12, r13 - movslq r14, r14d + movsxd r14, r14d shl r15, 26 add r14, r15 - movslq rdi, edi + movsxd rdi, edi shl rsi, 26 add rdi, rsi mov r9, r10 From 1b832bf8fad55887beed781ad03c5855dbd0eb9e Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 22 Mar 2021 10:37:17 +1000 Subject: [PATCH 129/137] SHA-3: Improve SHAKE256 change to support longer output Added tests for 1 complete block output and longer from NIST's CAVP tests vectors. --- wolfcrypt/src/sha3.c | 45 ++++++++++++++-------------------- wolfcrypt/test/test.c | 56 +++++++++++++++++++++++++++++++++++++------ 2 files changed, 67 insertions(+), 34 deletions(-) diff --git a/wolfcrypt/src/sha3.c b/wolfcrypt/src/sha3.c index dacbc0df6..b58be411e 100644 --- a/wolfcrypt/src/sha3.c +++ b/wolfcrypt/src/sha3.c @@ -638,44 +638,35 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p) */ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l) { -#if defined(BIG_ENDIAN_ORDER) - word32 q = (l + 7) / 8; -#endif - word32 k, rate = p * 8; + word32 rate = p * 8; + word32 j; byte i; - byte *state = (byte *)sha3->s; sha3->t[rate - 1] = 0x00; #ifdef WOLFSSL_HASH_FLAGS - if (p == WC_SHA3_256_COUNT && sha3->flags & WC_HASH_SHA3_KECCAK256) { + if (p == WC_SHA3_256_COUNT && sha3->flags & WC_HASH_SHA3_KECCAK256) padChar = 0x01; - } #endif - sha3->t[ sha3->i] = padChar; + sha3->t[sha3->i ] = padChar; sha3->t[rate - 1] |= 0x80; for (i=sha3->i + 1; i < rate - 1; i++) sha3->t[i] = 0; for (i = 0; i < p; i++) sha3->s[i] ^= Load64BitBigEndian(sha3->t + 8 * i); - BlockSha3(sha3->s); -#if defined(BIG_ENDIAN_ORDER) - ByteReverseWords64(sha3->s, sha3->s, (q > p) ? rate : q * 8); -#endif - i = 0; - for (k = 0; k < l; k++) - { - if (i == rate) - { - i = 0; -#if defined(BIG_ENDIAN_ORDER) - ByteReverseWords64(sha3->s, sha3->s, rate); - BlockSha3(sha3->s); - ByteReverseWords64(sha3->s, sha3->s, rate); -#else - BlockSha3(sha3->s); -#endif - } - hash[k] = state[i++]; + for (j = 0; l - j >= rate; j += rate) { + BlockSha3(sha3->s); + #if defined(BIG_ENDIAN_ORDER) + ByteReverseWords64((word64*)(hash + j), sha3->s, rate); + #else + XMEMCPY(hash + j, sha3->s, rate); + #endif + } + if (j != l) { + BlockSha3(sha3->s); + #if defined(BIG_ENDIAN_ORDER) + ByteReverseWords64(sha3->s, sha3->s, rate); + #endif + XMEMCPY(hash + j, sha3->s, l - j); } return 0; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 34524fea0..5be88a07a 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -3327,10 +3327,10 @@ WOLFSSL_TEST_SUBROUTINE int shake256_test(void) { #ifndef WOLFSSL_NO_SHAKE256 wc_Shake sha; - byte hash[114]; + byte hash[250]; - testVector a, b, c; - testVector test_sha[3]; + testVector a, b, c, d, e; + testVector test_sha[5]; int ret = 0; int times = sizeof(test_sha) / sizeof(struct testVector), i; @@ -3355,7 +3355,7 @@ WOLFSSL_TEST_SUBROUTINE int shake256_test(void) "\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2" "\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46"; a.inLen = XSTRLEN(a.input); - a.outLen = sizeof(hash); + a.outLen = 114; b.input = "abc"; b.output = "\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11" @@ -3367,7 +3367,7 @@ WOLFSSL_TEST_SUBROUTINE int shake256_test(void) "\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13" "\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0"; b.inLen = XSTRLEN(b.input); - b.outLen = sizeof(hash); + b.outLen = 114; c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; c.output = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87" @@ -3379,11 +3379,53 @@ WOLFSSL_TEST_SUBROUTINE int shake256_test(void) "\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60" "\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4"; c.inLen = XSTRLEN(c.input); - c.outLen = sizeof(hash); + c.outLen = 114; + + /* Taken from NIST CAVP test vectors - full rate output. */ + d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb" + "\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8" + "\x85\xe0"; + d.output = "\x00\x64\x8a\xfb\xc5\xe6\x51\x64\x9d\xb1\xfd\x82\x93\x6b\x00" + "\xdb\xbc\x12\x2f\xb4\xc8\x77\x86\x0d\x38\x5c\x49\x50\xd5\x6d" + "\xe7\xe0\x96\xd6\x13\xd7\xa3\xf2\x7e\xd8\xf2\x63\x34\xb0\xcc" + "\xc1\x40\x7b\x41\xdc\xcb\x23\xdf\xaa\x52\x98\x18\xd1\x12\x5c" + "\xd5\x34\x80\x92\x52\x43\x66\xb8\x5f\xab\xb9\x7c\x6c\xd1\xe6" + "\x06\x6f\x45\x9b\xcc\x56\x6d\xa8\x7e\xc9\xb7\xba\x36\x79\x2d" + "\x11\x8a\xc3\x9a\x4c\xce\xf6\x19\x2b\xbf\x3a\x54\xaf\x18\xe5" + "\x7b\x0c\x14\x61\x01\xf6\xae\xaa\x82\x2b\xc4\xb4\xc9\x70\x8b" + "\x09\xf0\xb3\xba\xb4\x1b\xcc\xe9\x64\xd9\x99\xd1\x10\x7b\xd7" + "\xc2"; + d.inLen = 32; + d.outLen = 136; + /* Taken from NIST CAVP test vectors - more than one output block. */ + e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef" + "\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67" + "\x47\xe4"; + e.output = "\x2e\x97\x5f\x6a\x8a\x14\xf0\x70\x4d\x51\xb1\x36\x67\xd8\x19" + "\x5c\x21\x9f\x71\xe6\x34\x56\x96\xc4\x9f\xa4\xb9\xd0\x8e\x92" + "\x25\xd3\xd3\x93\x93\x42\x51\x52\xc9\x7e\x71\xdd\x24\x60\x1c" + "\x11\xab\xcf\xa0\xf1\x2f\x53\xc6\x80\xbd\x3a\xe7\x57\xb8\x13" + "\x4a\x9c\x10\xd4\x29\x61\x58\x69\x21\x7f\xdd\x58\x85\xc4\xdb" + "\x17\x49\x85\x70\x3a\x6d\x6d\xe9\x4a\x66\x7e\xac\x30\x23\x44" + "\x3a\x83\x37\xae\x1b\xc6\x01\xb7\x6d\x7d\x38\xec\x3c\x34\x46" + "\x31\x05\xf0\xd3\x94\x9d\x78\xe5\x62\xa0\x39\xe4\x46\x95\x48" + "\xb6\x09\x39\x5d\xe5\xa4\xfd\x43\xc4\x6c\xa9\xfd\x6e\xe2\x9a" + "\xda\x5e\xfc\x07\xd8\x4d\x55\x32\x49\x45\x0d\xab\x4a\x49\xc4" + "\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93\x7a\xe6\x6b\xb4\x36" + "\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43\x2f\x3b\xfc\x09" + "\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48\x3d\x0e\xda" + "\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08\xd9\xdc" + "\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a\xb7" + "\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11" + "\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c"; + e.inLen = 32; + e.outLen = 250; test_sha[0] = a; test_sha[1] = b; test_sha[2] = c; + test_sha[3] = d; + test_sha[4] = e; ret = wc_InitShake256(&sha, HEAP_HINT, devId); if (ret != 0) @@ -3416,7 +3458,7 @@ WOLFSSL_TEST_SUBROUTINE int shake256_test(void) ret = wc_Shake256_Final(&sha, hash, (word32)sizeof(hash)); if (ret != 0) ERROR_OUT(-3105, exit); - if (XMEMCMP(hash, large_digest, sizeof(hash)) != 0) + if (XMEMCMP(hash, large_digest, 114) != 0) ERROR_OUT(-3106, exit); } /* END LARGE HASH TEST */ From 5d9ee97530fa46e293224bb0ef6bfeb9be4ae8ee Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 25 Mar 2021 17:52:01 -0500 Subject: [PATCH 130/137] WOLFSSL_AES_CBC_LENGTH_CHECKS: add gated logic to aes.c wc_AesCbc{En,De}crypt() to return BAD_LENGTH_E when input length is not a multiple of AES_BLOCK_SIZE; add gated tests of new functionality in test_wc_AesCbcEncryptDecrypt(); fix first encrypt-decrypt-memcmp in test_wc_AesCbcEncryptDecrypt() to span all of test vector and extend test vector length to be block-multiple; add ungated logic in platform-specific wc_AesCbc{En,De}crypt() routines to return with early success when blocks == 0 (also mitigates buffer overrun on short (less-than-AES_BLOCK_SIZE) input); add BAD_LENGTH_E error code; update documentation. --- doc/dox_comments/header_files/aes.h | 28 ++++-- tests/api.c | 27 +++++- wolfcrypt/src/aes.c | 132 +++++++++++++++++++++++++--- wolfcrypt/src/error.c | 3 + wolfssl/wolfcrypt/error-crypt.h | 3 +- 5 files changed, 168 insertions(+), 25 deletions(-) diff --git a/doc/dox_comments/header_files/aes.h b/doc/dox_comments/header_files/aes.h index 862f7a778..72df22e65 100644 --- a/doc/dox_comments/header_files/aes.h +++ b/doc/dox_comments/header_files/aes.h @@ -66,16 +66,22 @@ WOLFSSL_API int wc_AesSetIV(Aes* aes, const byte* iv); the resulting cipher text in the output buffer out using cipher block chaining with AES. This function requires that the AES object has been initialized by calling AesSetKey before a message is able to be encrypted. - This function assumes that the input message is AES block length aligned. - PKCS#7 style padding should be added beforehand. This differs from the - OpenSSL AES-CBC methods which add the padding for you. To make the wolfSSL - function and equivalent OpenSSL functions interoperate, one should specify + This function assumes that the input message is AES block length aligned, + and expects the input length to be a multiple of the block length, which + will optionally be checked and enforced if WOLFSSL_AES_CBC_LENGTH_CHECKS + is defined in the build configuration. In order to assure block-multiple + input, PKCS#7 style padding should be added beforehand. This differs from + the OpenSSL AES-CBC methods which add the padding for you. To make the + wolfSSL and corresponding OpenSSL functions interoperate, one should specify the -nopad option in the OpenSSL command line function so that it behaves like the wolfSSL AesCbcEncrypt method and does not add extra padding during encryption. \return 0 On successfully encrypting message. - \return BAD_ALIGN_E: Returned on block align error + \return BAD_ALIGN_E: may be returned on block align error + \return BAD_LENGTH_E will be returned if the input length isn't a + multiple of the AES block length, when the library is built with + WOLFSSL_AES_CBC_LENGTH_CHECKS. \param aes pointer to the AES object used to encrypt data \param out pointer to the output buffer in which to store the ciphertext @@ -110,15 +116,21 @@ WOLFSSL_API int wc_AesCbcEncrypt(Aes* aes, byte* out, with AES. This function requires that the AES structure has been initialized by calling AesSetKey before a message is able to be decrypted. This function assumes that the original message was AES block length - aligned. This differs from the OpenSSL AES-CBC methods which do not - require alignment as it adds PKCS#7 padding automatically. To make the + aligned, and expects the input length to be a multiple of the block length, + which will optionally be checked and enforced if + WOLFSSL_AES_CBC_LENGTH_CHECKS is defined in the build configuration. + This differs from the OpenSSL AES-CBC methods, which add PKCS#7 padding + automatically, and so do not require block-multiple input. To make the wolfSSL function and equivalent OpenSSL functions interoperate, one should specify the -nopad option in the OpenSSL command line function so that it behaves like the wolfSSL AesCbcEncrypt method and does not create errors during decryption. \return 0 On successfully decrypting message. - \return BAD_ALIGN_E Returned on block align error. + \return BAD_ALIGN_E may be returned on block align error. + \return BAD_LENGTH_E will be returned if the input length isn't a + multiple of the AES block length, when the library is built with + WOLFSSL_AES_CBC_LENGTH_CHECKS. \param aes pointer to the AES object used to decrypt data. \param out pointer to the output buffer in which to store the plain text diff --git a/tests/api.c b/tests/api.c index 3a0364c70..735ce602c 100644 --- a/tests/api.c +++ b/tests/api.c @@ -13083,11 +13083,12 @@ static int test_wc_AesCbcEncryptDecrypt (void) 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; - byte vector[] = /* Now is the time for all w/o trailing 0 */ + byte vector[] = /* Now is the time for all good men w/o trailing 0 */ { 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20, + 0x67,0x6f,0x6f,0x64,0x20,0x6d,0x65,0x6e }; byte iv[] = "1234567890abcdef"; byte enc[sizeof(vector)]; @@ -13117,8 +13118,8 @@ static int test_wc_AesCbcEncryptDecrypt (void) iv, AES_DECRYPTION); } if (ret == 0) { - ret = wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE); - if (ret != 0 || XMEMCMP(vector, dec, AES_BLOCK_SIZE) != 0) { + ret = wc_AesCbcDecrypt(&aes, dec, enc, sizeof(vector)); + if (ret != 0 || XMEMCMP(vector, dec, sizeof(vector)) != 0) { ret = WOLFSSL_FATAL_ERROR; } else { /* Set flag. */ @@ -13150,6 +13151,16 @@ static int test_wc_AesCbcEncryptDecrypt (void) } else { cbcE = WOLFSSL_FATAL_ERROR; } +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + if (cbcE == 0) { + cbcE = wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector) - 1); + } + if (cbcE == BAD_ALIGN_E) { + cbcE = 0; + } else { + cbcE = WOLFSSL_FATAL_ERROR; + } +#endif } if (cbcE == 0) { /* Test passing in size of 0 */ @@ -13178,11 +13189,19 @@ static int test_wc_AesCbcEncryptDecrypt (void) if (cbcD == BAD_FUNC_ARG) { cbcD = wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE * 2 - 1); } +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + if (cbcD == BAD_ALIGN_E) { + cbcD = 0; + } else { + cbcD = WOLFSSL_FATAL_ERROR; + } +#else if (cbcD == BAD_FUNC_ARG) { cbcD = 0; } else { cbcD = WOLFSSL_FATAL_ERROR; } +#endif } if (cbcD == 0) { /* Test passing in size of 0 */ diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 4cb300b1b..5ced9b2f7 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -3085,8 +3085,16 @@ int wc_AesSetIV(Aes* aes, const byte* iv) int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { int ret = 0; - word32 blocks = (sz / AES_BLOCK_SIZE); CRYP_HandleTypeDef hcryp; + word32 blocks = (sz / AES_BLOCK_SIZE); + +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + if (sz % AES_BLOCK_SIZE) { + return BAD_LENGTH_E; + } +#endif + if (blocks == 0) + return 0; ret = wc_Stm32_Aes_Init(aes, &hcryp); if (ret != 0) @@ -3135,8 +3143,16 @@ int wc_AesSetIV(Aes* aes, const byte* iv) int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { int ret = 0; - word32 blocks = (sz / AES_BLOCK_SIZE); CRYP_HandleTypeDef hcryp; + word32 blocks = (sz / AES_BLOCK_SIZE); + +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + if (sz % AES_BLOCK_SIZE) { + return BAD_LENGTH_E; + } +#endif + if (blocks == 0) + return 0; ret = wc_Stm32_Aes_Init(aes, &hcryp); if (ret != 0) @@ -3191,10 +3207,18 @@ int wc_AesSetIV(Aes* aes, const byte* iv) { int ret; word32 *iv; - word32 blocks = (sz / AES_BLOCK_SIZE); CRYP_InitTypeDef cryptInit; CRYP_KeyInitTypeDef keyInit; CRYP_IVInitTypeDef ivInit; + word32 blocks = (sz / AES_BLOCK_SIZE); + +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + if (sz % AES_BLOCK_SIZE) { + return BAD_LENGTH_E; + } +#endif + if (blocks == 0) + return 0; ret = wc_Stm32_Aes_Init(aes, &cryptInit, &keyInit); if (ret != 0) @@ -3266,10 +3290,18 @@ int wc_AesSetIV(Aes* aes, const byte* iv) { int ret; word32 *iv; - word32 blocks = (sz / AES_BLOCK_SIZE); CRYP_InitTypeDef cryptInit; CRYP_KeyInitTypeDef keyInit; CRYP_IVInitTypeDef ivInit; + word32 blocks = (sz / AES_BLOCK_SIZE); + +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + if (sz % AES_BLOCK_SIZE) { + return BAD_LENGTH_E; + } +#endif + if (blocks == 0) + return 0; ret = wc_Stm32_Aes_Init(aes, &cryptInit, &keyInit); if (ret != 0) @@ -3363,6 +3395,12 @@ int wc_AesSetIV(Aes* aes, const byte* iv) if ((pi == NULL) || (po == NULL)) return BAD_FUNC_ARG; /*wrong pointer*/ +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + if (sz % AES_BLOCK_SIZE) { + return BAD_LENGTH_E; + } +#endif + wc_LockMutex(&Mutex_AesSEC); /* Set descriptor for SEC */ @@ -3388,16 +3426,24 @@ int wc_AesSetIV(Aes* aes, const byte* iv) secDesc->pointer7 = NULL; secDesc->nextDescriptorPtr = NULL; +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + size = AES_BUFFER_SIZE; +#endif while (sz) { secDesc->header = descHeader; XMEMCPY(secReg, aes->reg, AES_BLOCK_SIZE); - if ((sz % AES_BUFFER_SIZE) == sz) { +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + sz -= AES_BUFFER_SIZE; +#else + if (sz < AES_BUFFER_SIZE) { size = sz; sz = 0; } else { size = AES_BUFFER_SIZE; sz -= AES_BUFFER_SIZE; } +#endif + secDesc->length4 = size; secDesc->length5 = size; @@ -3463,6 +3509,14 @@ int wc_AesSetIV(Aes* aes, const byte* iv) byte *iv, *enc_key; word32 blocks = (sz / AES_BLOCK_SIZE); +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + if (sz % AES_BLOCK_SIZE) { + return BAD_LENGTH_E; + } +#endif + if (blocks == 0) + return 0; + iv = (byte*)aes->reg; enc_key = (byte*)aes->key; @@ -3492,8 +3546,16 @@ int wc_AesSetIV(Aes* aes, const byte* iv) word32 keySize; status_t status; byte* iv, *dec_key; - word32 blocks = (sz / AES_BLOCK_SIZE); byte temp_block[AES_BLOCK_SIZE]; + word32 blocks = (sz / AES_BLOCK_SIZE); + +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + if (sz % AES_BLOCK_SIZE) { + return BAD_LENGTH_E; + } +#endif + if (blocks == 0) + return 0; iv = (byte*)aes->reg; dec_key = (byte*)aes->key; @@ -3527,9 +3589,17 @@ int wc_AesSetIV(Aes* aes, const byte* iv) { int i; int offset = 0; - word32 blocks = (sz / AES_BLOCK_SIZE); byte *iv; byte temp_block[AES_BLOCK_SIZE]; + word32 blocks = (sz / AES_BLOCK_SIZE); + +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + if (sz % AES_BLOCK_SIZE) { + return BAD_LENGTH_E; + } +#endif + if (blocks == 0) + return 0; iv = (byte*)aes->reg; @@ -3555,9 +3625,17 @@ int wc_AesSetIV(Aes* aes, const byte* iv) { int i; int offset = 0; - word32 blocks = (sz / AES_BLOCK_SIZE); byte* iv; byte temp_block[AES_BLOCK_SIZE]; + word32 blocks = (sz / AES_BLOCK_SIZE); + +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + if (sz % AES_BLOCK_SIZE) { + return BAD_LENGTH_E; + } +#endif + if (blocks == 0) + return 0; iv = (byte*)aes->reg; @@ -3586,9 +3664,16 @@ int wc_AesSetIV(Aes* aes, const byte* iv) { int ret; + if (sz == 0) + return 0; + /* hardware fails on input that is not a multiple of AES block size */ if (sz % AES_BLOCK_SIZE != 0) { +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + return BAD_LENGTH_E; +#else return BAD_FUNC_ARG; +#endif } ret = wc_Pic32AesCrypt( @@ -3609,9 +3694,16 @@ int wc_AesSetIV(Aes* aes, const byte* iv) int ret; byte scratch[AES_BLOCK_SIZE]; + if (sz == 0) + return 0; + /* hardware fails on input that is not a multiple of AES block size */ if (sz % AES_BLOCK_SIZE != 0) { +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + return BAD_LENGTH_E; +#else return BAD_FUNC_ARG; +#endif } XMEMCPY(scratch, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); @@ -3666,7 +3758,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) /* Software AES - CBC Encrypt */ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { - word32 blocks = (sz / AES_BLOCK_SIZE); + word32 blocks; if (aes == NULL || out == NULL || in == NULL) { return BAD_FUNC_ARG; @@ -3675,6 +3767,14 @@ int wc_AesSetIV(Aes* aes, const byte* iv) if (sz == 0) { return 0; } + + blocks = sz / AES_BLOCK_SIZE; +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + if (sz % AES_BLOCK_SIZE) { + return BAD_LENGTH_E; + } +#endif + #ifdef WOLFSSL_IMXRT_DCP /* Implemented in wolfcrypt/src/port/nxp/dcp_port.c */ if (aes->keylen == 16) @@ -3779,14 +3879,23 @@ int wc_AesSetIV(Aes* aes, const byte* iv) { word32 blocks; - if (aes == NULL || out == NULL || in == NULL - || sz % AES_BLOCK_SIZE != 0) { + if (aes == NULL || out == NULL || in == NULL) { return BAD_FUNC_ARG; } if (sz == 0) { return 0; } + + blocks = sz / AES_BLOCK_SIZE; + if (sz % AES_BLOCK_SIZE) { +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + return BAD_LENGTH_E; +#else + return BAD_FUNC_ARG; +#endif + } + #ifdef WOLFSSL_IMXRT_DCP /* Implemented in wolfcrypt/src/port/nxp/dcp_port.c */ if (aes->keylen == 16) @@ -3856,7 +3965,6 @@ int wc_AesSetIV(Aes* aes, const byte* iv) } #endif - blocks = sz / AES_BLOCK_SIZE; while (blocks--) { XMEMCPY(aes->tmp, in, AES_BLOCK_SIZE); wc_AesDecrypt(aes, (byte*)aes->tmp, out); diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c index 3680eac86..7b1252bcf 100644 --- a/wolfcrypt/src/error.c +++ b/wolfcrypt/src/error.c @@ -527,6 +527,9 @@ const char* wc_GetErrorString(int error) case MISSING_KEY: return "Required key not set"; + case BAD_LENGTH_E: + return "Value of length parameter is invalid."; + default: return "unknown error number"; diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index 73da12f6e..dd6ac1726 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -237,8 +237,9 @@ enum { SAKKE_VERIFY_FAIL_E = -276, /* SAKKE derivation verification error */ MISSING_IV = -277, /* IV was not set */ MISSING_KEY = -278, /* Key was not set */ + BAD_LENGTH_E = -279, /* Value of length parameter is invalid. */ - WC_LAST_E = -278, /* Update this to indicate last error */ + WC_LAST_E = -279, /* Update this to indicate last error */ MIN_CODE_E = -300 /* errors -101 - -299 */ /* add new companion error id strings for any new error codes From 5f6b618e71735906828208da8150e0741d6bc197 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 26 Mar 2021 14:04:25 -0500 Subject: [PATCH 131/137] configure.ac: add --enable-aescbc-length-checks and add it to --enable-all; api.c: fix expected error code in WOLFSSL_AES_CBC_LENGTH_CHECKS path of test_wc_AesCbcEncryptDecrypt(); aes.c: add explanatory comment on WOLFSSL_AES_CBC_LENGTH_CHECKS to top of file. --- configure.ac | 14 ++++++++++++++ tests/api.c | 9 +++++++-- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 23deefd52..36fcc6d19 100644 --- a/configure.ac +++ b/configure.ac @@ -353,6 +353,7 @@ then test "$enable_aesctr" = "" && enable_aesctr=yes test "$enable_aesofb" = "" && enable_aesofb=yes test "$enable_aescfb" = "" && enable_aescfb=yes + test "$enable_aescbc_length_checks" = "" && enable_aescbc_length_checks=yes test "$enable_camellia" = "" && enable_camellia=yes test "$enable_ripemd" = "" && enable_ripemd=yes test "$enable_sha512" = "" && enable_sha512=yes @@ -1288,6 +1289,18 @@ then AM_CFLAGS="$AM_CFLAGS -DNO_AES_CBC" fi +# AES-CBC length checks (checks that input lengths are multiples of block size) +AC_ARG_ENABLE([aescbc_length_checks], + [AS_HELP_STRING([--enable-aescbc-length-checks],[Enable AES-CBC length validity checks (default: disabled)])], + [ ENABLED_AESCBC_LENGTH_CHECKS=$enableval ], + [ ENABLED_AESCBC_LENGTH_CHECKS=no ] + ) + +if test "$ENABLED_AESCBC_LENGTH_CHECKS" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CBC_LENGTH_CHECKS" +fi + # leanpsk and leantls don't need gcm # AES-GCM @@ -6505,6 +6518,7 @@ echo " * ARC4: $ENABLED_ARC4" echo " * AES: $ENABLED_AES" echo " * AES-NI: $ENABLED_AESNI" echo " * AES-CBC: $ENABLED_AESCBC" +echo " * AES-CBC length checks: $ENABLED_AESCBC_LENGTH_CHECKS" echo " * AES-GCM: $ENABLED_AESGCM" echo " * AES-CCM: $ENABLED_AESCCM" echo " * AES-CTR: $ENABLED_AESCTR" diff --git a/tests/api.c b/tests/api.c index 735ce602c..832146c9e 100644 --- a/tests/api.c +++ b/tests/api.c @@ -19,6 +19,11 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* For AES-CBC, input lengths can optionally be validated to be a + * multiple of the block size, by defining WOLFSSL_AES_CBC_LENGTH_CHECKS, + * also available via the configure option --enable-aescbc-length-checks. + */ + /*----------------------------------------------------------------------------* | Includes @@ -13155,7 +13160,7 @@ static int test_wc_AesCbcEncryptDecrypt (void) if (cbcE == 0) { cbcE = wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector) - 1); } - if (cbcE == BAD_ALIGN_E) { + if (cbcE == BAD_LENGTH_E) { cbcE = 0; } else { cbcE = WOLFSSL_FATAL_ERROR; @@ -13190,7 +13195,7 @@ static int test_wc_AesCbcEncryptDecrypt (void) cbcD = wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE * 2 - 1); } #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS - if (cbcD == BAD_ALIGN_E) { + if (cbcD == BAD_LENGTH_E) { cbcD = 0; } else { cbcD = WOLFSSL_FATAL_ERROR; From f65e1f1f09f05721162b299bfe6b3b6d1579adf3 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 26 Mar 2021 13:23:00 -0700 Subject: [PATCH 132/137] Expose functions to get client/server random when `HAVE_SECRET_CALLBACK` is defined. --- examples/client/client.c | 9 ++++----- examples/server/server.c | 2 +- src/ssl.c | 10 ++++++---- wolfssl/ssl.h | 5 ++++- 4 files changed, 15 insertions(+), 11 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index 2d71522e8..d48d39872 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -3293,7 +3293,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #endif #endif -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK) printf("Session timeout set to %ld seconds\n", wolfSSL_get_timeout(ssl)); { byte* rnd; @@ -3329,9 +3329,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER); } +#endif - #if defined(OPENSSL_ALL) && !defined(NO_SESSION_CACHE) - +#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) #ifndef NO_BIO /* print out session to stdout */ { @@ -3344,8 +3344,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } wolfSSL_BIO_free(bio); } - #endif - #endif + #endif /* !NO_BIO */ #endif if (doSTARTTLS && starttlsProt != NULL) { diff --git a/examples/server/server.c b/examples/server/server.c index ae5fe4eab..4f4a6b3af 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -2648,7 +2648,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) } } -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK) { byte* rnd = NULL; byte* pt; diff --git a/src/ssl.c b/src/ssl.c index 0b89b0d60..a1fa71f25 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -16516,7 +16516,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ + defined(HAVE_SECRET_CALLBACK) #if !defined(NO_WOLFSSL_SERVER) size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, size_t outSz) @@ -16548,7 +16549,7 @@ size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, return size; } #endif /* !NO_WOLFSSL_SERVER */ -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || HAVE_SECRET_CALLBACK */ #ifdef OPENSSL_EXTRA #if !defined(NO_WOLFSSL_SERVER) @@ -16810,7 +16811,8 @@ WOLFSSL_API int wolfSSL_CTX_get_min_proto_version(WOLFSSL_CTX* ctx) #endif /* OPENSSL_EXTRA */ -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ + defined(HAVE_SECRET_CALLBACK) #if !defined(NO_WOLFSSL_CLIENT) /* Return the amount of random bytes copied over or error case. * ssl : ssl struct after handshake @@ -16849,7 +16851,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, return size; } #endif /* !NO_WOLFSSL_CLIENT */ -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || HAVE_SECRET_CALLBACK */ #ifdef OPENSSL_EXTRA unsigned long wolfSSLeay(void) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index cee9baf51..dd42a0387 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3613,11 +3613,14 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_REQ_bio(WOLFSSL_BIO* bio, WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, WOLFSSL_X509_STORE* str); WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx); +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ + defined(HAVE_SECRET_CALLBACK) WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, size_t outlen); WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, size_t outSz); -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || HAVE_SECRET_CALLBACK */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) WOLFSSL_API size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio); From 724a415d51875a6e0bca44ee377628a60195851f Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 26 Mar 2021 13:28:15 -0700 Subject: [PATCH 133/137] Fix ARMv8 to not compile code if module is disabled --- wolfcrypt/src/port/arm/armv8-32-curve25519.S | 4 ++-- wolfcrypt/src/port/arm/armv8-32-curve25519.c | 4 ++-- wolfcrypt/src/port/arm/armv8-32-sha512-asm.S | 4 ++-- wolfcrypt/src/port/arm/armv8-32-sha512-asm.c | 4 ++-- wolfcrypt/src/port/arm/armv8-curve25519.S | 4 ++-- wolfcrypt/src/port/arm/armv8-curve25519.c | 4 ++-- wolfcrypt/src/port/arm/armv8-sha512-asm.S | 4 ++-- wolfcrypt/src/port/arm/armv8-sha512-asm.c | 4 ++-- 8 files changed, 16 insertions(+), 16 deletions(-) diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519.S b/wolfcrypt/src/port/arm/armv8-32-curve25519.S index f52fc07ac..26fe61855 100644 --- a/wolfcrypt/src/port/arm/armv8-32-curve25519.S +++ b/wolfcrypt/src/port/arm/armv8-32-curve25519.S @@ -23,7 +23,7 @@ * cd ../scripts * ruby ./x25519/x25519.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.S */ -#ifdef WOLFSSL_ARMASM +#if defined(WOLFSSL_ARMASM) && defined(HAVE_CURVE25519) #ifndef __aarch64__ .text .align 2 @@ -6008,7 +6008,7 @@ fe_ge_sub: pop {r4, r5, r6, r7, r8, r9, r10, r11, pc} .size fe_ge_sub,.-fe_ge_sub #endif /* !__aarch64__ */ -#endif /* WOLFSSL_ARMASM */ +#endif /* WOLFSSL_ARMASM && HAVE_CURVE25519 */ #if defined(__linux__) && defined(__ELF__) .section .note.GNU-stack,"",%progbits diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519.c b/wolfcrypt/src/port/arm/armv8-32-curve25519.c index 607ad913e..ddc08f644 100644 --- a/wolfcrypt/src/port/arm/armv8-32-curve25519.c +++ b/wolfcrypt/src/port/arm/armv8-32-curve25519.c @@ -23,7 +23,7 @@ * cd ../scripts * ruby ./x25519/x25519.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.c */ -#ifdef WOLFSSL_ARMASM +#if defined(WOLFSSL_ARMASM) && defined(HAVE_CURVE25519) #ifndef __aarch64__ #include #ifdef HAVE_CONFIG_H @@ -5573,4 +5573,4 @@ void fe_ge_sub(fe rx, fe ry, fe rz, fe rt, const fe px, const fe py, const fe pz } #endif /* !__aarch64__ */ -#endif /* WOLFSSL_ARMASM */ +#endif /* WOLFSSL_ARMASM && HAVE_CURVE25519 */ diff --git a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S index 23e67fa3d..c42cf63b1 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S @@ -23,7 +23,7 @@ * cd ../scripts * ruby ./sha2/sha512.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S */ -#ifdef WOLFSSL_ARMASM +#if defined(WOLFSSL_ARMASM) && defined(WOLFSSL_SHA512) #ifndef __aarch64__ #ifdef WOLFSSL_ARMASM_NO_NEON .text @@ -5331,7 +5331,7 @@ L_sha512_len_neon_start: .size Transform_Sha512_Len,.-Transform_Sha512_Len #endif /* !WOLFSSL_ARMASM_NO_NEON */ #endif /* !__aarch64__ */ -#endif /* WOLFSSL_ARMASM */ +#endif /* WOLFSSL_ARMASM && WOLFSSL_SHA512 */ #if defined(__linux__) && defined(__ELF__) .section .note.GNU-stack,"",%progbits diff --git a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.c b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.c index a52cd75c6..53e5b9743 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.c +++ b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.c @@ -23,7 +23,7 @@ * cd ../scripts * ruby ./sha2/sha512.rb arm32 ../wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.c */ -#ifdef WOLFSSL_ARMASM +#if defined(WOLFSSL_ARMASM) && defined(WOLFSSL_SHA512) #ifndef __aarch64__ #include #ifdef HAVE_CONFIG_H @@ -4776,4 +4776,4 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len) #endif /* !WOLFSSL_ARMASM_NO_NEON */ #endif /* !__aarch64__ */ -#endif /* WOLFSSL_ARMASM */ +#endif /* WOLFSSL_ARMASM && WOLFSSL_SHA512 */ diff --git a/wolfcrypt/src/port/arm/armv8-curve25519.S b/wolfcrypt/src/port/arm/armv8-curve25519.S index b05f0a23b..d07210a68 100644 --- a/wolfcrypt/src/port/arm/armv8-curve25519.S +++ b/wolfcrypt/src/port/arm/armv8-curve25519.S @@ -28,7 +28,7 @@ * cd ../scripts * ruby ./x25519/x25519.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-curve25519.S */ -#ifdef WOLFSSL_ARMASM +#if defined(WOLFSSL_ARMASM) && defined(HAVE_CURVE25519) #ifdef __aarch64__ #ifndef __APPLE__ .text @@ -7472,7 +7472,7 @@ _fe_ge_sub: .size fe_ge_sub,.-fe_ge_sub #endif /* __APPLE__ */ #endif /* __aarch64__ */ -#endif /* WOLFSSL_ARMASM */ +#endif /* WOLFSSL_ARMASM && HAVE_CURVE25519 */ #if defined(__linux__) && defined(__ELF__) .section .note.GNU-stack,"",%progbits diff --git a/wolfcrypt/src/port/arm/armv8-curve25519.c b/wolfcrypt/src/port/arm/armv8-curve25519.c index 213512297..81352c705 100644 --- a/wolfcrypt/src/port/arm/armv8-curve25519.c +++ b/wolfcrypt/src/port/arm/armv8-curve25519.c @@ -28,7 +28,7 @@ * cd ../scripts * ruby ./x25519/x25519.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-curve25519.c */ -#ifdef WOLFSSL_ARMASM +#if defined(WOLFSSL_ARMASM) && defined(HAVE_CURVE25519) #ifdef __aarch64__ #include @@ -7217,4 +7217,4 @@ void fe_ge_sub(fe rx, fe ry, fe rz, fe rt, const fe px, const fe py, const fe pz } #endif /* __aarch64__ */ -#endif /* WOLFSSL_ARMASM */ +#endif /* WOLFSSL_ARMASM && HAVE_CURVE25519 */ diff --git a/wolfcrypt/src/port/arm/armv8-sha512-asm.S b/wolfcrypt/src/port/arm/armv8-sha512-asm.S index 0236bb8a4..9b28a8231 100644 --- a/wolfcrypt/src/port/arm/armv8-sha512-asm.S +++ b/wolfcrypt/src/port/arm/armv8-sha512-asm.S @@ -28,7 +28,7 @@ * cd ../scripts * ruby ./sha2/sha512.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-sha512-asm.S */ -#ifdef WOLFSSL_ARMASM +#if defined(WOLFSSL_ARMASM) && defined(WOLFSSL_SHA512) #ifdef __aarch64__ #ifndef __APPLE__ .text @@ -1093,7 +1093,7 @@ L_sha512_len_neon_start: .size Transform_Sha512_Len,.-Transform_Sha512_Len #endif /* __APPLE__ */ #endif /* __aarch64__ */ -#endif /* WOLFSSL_ARMASM */ +#endif /* WOLFSSL_ARMASM && WOLFSSL_SHA512 */ #if defined(__linux__) && defined(__ELF__) .section .note.GNU-stack,"",%progbits diff --git a/wolfcrypt/src/port/arm/armv8-sha512-asm.c b/wolfcrypt/src/port/arm/armv8-sha512-asm.c index 21679d21e..87e7496f0 100644 --- a/wolfcrypt/src/port/arm/armv8-sha512-asm.c +++ b/wolfcrypt/src/port/arm/armv8-sha512-asm.c @@ -28,7 +28,7 @@ * cd ../scripts * ruby ./sha2/sha512.rb arm64 ../wolfssl/wolfcrypt/src/port/arm/armv8-sha512-asm.c */ -#ifdef WOLFSSL_ARMASM +#if defined(WOLFSSL_ARMASM) && defined(WOLFSSL_SHA512) #ifdef __aarch64__ #include @@ -1050,4 +1050,4 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len) } #endif /* __aarch64__ */ -#endif /* WOLFSSL_ARMASM */ +#endif /* WOLFSSL_ARMASM && WOLFSSL_SHA512 */ From 95ff75c43dea53ad95ea02aea89ca96c5f515dfb Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 26 Mar 2021 13:41:11 -0700 Subject: [PATCH 134/137] Fix for `wolfSSL_SESSION_print` --- examples/client/client.c | 6 +++++- src/ssl.c | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/examples/client/client.c b/examples/client/client.c index d48d39872..7c111daa4 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -3331,7 +3331,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } #endif -#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) +#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \ + defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \ + defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH))) +#if !defined(NO_SESSION_CACHE) #ifndef NO_BIO /* print out session to stdout */ { @@ -3345,6 +3348,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) wolfSSL_BIO_free(bio); } #endif /* !NO_BIO */ +#endif #endif if (doSTARTTLS && starttlsProt != NULL) { diff --git a/src/ssl.c b/src/ssl.c index a1fa71f25..f9f067e73 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -46262,6 +46262,7 @@ void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx) } #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || FORTRESS */ +/* Note: This is a huge section of API's - through wolfSSL_SESSION_print */ #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \ defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \ defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH))) From a22defec509d7edf223c03c34204d4ede5958167 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 26 Mar 2021 15:39:55 -0700 Subject: [PATCH 135/137] Fix for availability of `wolfSSL_SESSION_print`. --- examples/client/client.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/examples/client/client.c b/examples/client/client.c index 7c111daa4..ad760148c 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -3334,7 +3334,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \ defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \ defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH))) -#if !defined(NO_SESSION_CACHE) +#if !defined(NO_SESSION_CACHE) && \ + (defined(HAVE_SESSION_TICKET) || defined(SESSION_CERTS)) && \ + !defined(NO_FILESYSTEM) #ifndef NO_BIO /* print out session to stdout */ { From dfb7848320313bdca071703696ef1c0f0e1118ce Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 31 Mar 2021 01:34:14 +0700 Subject: [PATCH 136/137] add link to wolfssl-examples repository in README --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 6827ad5f0..075543457 100644 --- a/README.md +++ b/README.md @@ -155,3 +155,5 @@ More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html [TLS 1.3](https://www.wolfssl.com/docs/tls13/) [wolfSSL Vulnerabilities](https://www.wolfssl.com/docs/security-vulnerabilities/) + +[Additional wolfSSL Examples](https://github.com/wolfssl/wolfssl-examples) From 2ecaa3c4c6790116f9a7b78ad043f305b269614f Mon Sep 17 00:00:00 2001 From: Guido Vranken Date: Thu, 1 Apr 2021 00:57:06 +0200 Subject: [PATCH 137/137] Use unsigned integers in mp_is_bit_set ZD 12012 --- wolfcrypt/src/integer.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index 1751bd85b..5dd9e15fc 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -1446,10 +1446,10 @@ int mp_set (mp_int * a, mp_digit b) /* check if a bit is set */ int mp_is_bit_set (mp_int *a, mp_digit b) { - int i = (int)(b / DIGIT_BIT); /* word index */ - int s = b % DIGIT_BIT; /* bit index */ + mp_digit i = b / DIGIT_BIT; /* word index */ + mp_digit s = b % DIGIT_BIT; /* bit index */ - if (a->used <= i) { + if ((mp_digit)a->used <= i) { /* no words avaialable at that bit count */ return 0; }