diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index e1f7b789e..1eab34183 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -87,7 +87,6 @@ CONFIG_ESP_TLS_USING_WOLFSSL CONFIG_ESP_WIFI_PASSWORD CONFIG_ESP_WIFI_SSID CONFIG_ESP_WOLFSSL_ENABLE_KYBER -CONFIG_ESP_WOLFSSL_ENABLE_MLKEM CONFIG_ESP_WOLFSSL_ENABLE_WOLFSSH CONFIG_ESP_WOLFSSL_NO_ESP32_CRYPT CONFIG_ESP_WOLFSSL_NO_HW_AES @@ -287,7 +286,6 @@ IOTSAFE_NO_GETDATA IOTSAFE_SIG_8BIT_LENGTH KCAPI_USE_XMALLOC K_SERIES -LIBWOLFSSL_CMAKE_OUTPUT LIBWOLFSSL_VERSION_GIT_BRANCH LIBWOLFSSL_VERSION_GIT_HASH LIBWOLFSSL_VERSION_GIT_HASH_DATE @@ -460,7 +458,6 @@ SHOW_CERTS SHOW_GEN SHOW_SIZES SHOW_SSID_AND_PASSWORD -SHOW_WOLFSSL_BUNDLE_ERROR SIM_SCGC3_RNGA_MASK SIM_SCGC5_PORTC_MASK SIM_SCGC5_PORTD_MASK @@ -682,7 +679,6 @@ WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN WOLFSSL_EMNET WOLFSSL_ESPWROOM32 WOLFSSL_EVP_PRINT -WOLFSSL_EXPERIMENTAL_SETTINGS WOLFSSL_EXPORT_INT WOLFSSL_EXPORT_SPC_SZ WOLFSSL_EXTRA @@ -699,7 +695,6 @@ WOLFSSL_HARDEN_TLS_ALLOW_OLD_TLS WOLFSSL_HARDEN_TLS_ALLOW_TRUNCATED_HMAC WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK WOLFSSL_HARDEN_TLS_NO_SCR_CHECK -WOLFSSL_HAVE_MLKEM WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY WOLFSSL_I2D_ECDSA_SIG_ALLOC WOLFSSL_IAR_ARM_TIME @@ -712,9 +707,6 @@ WOLFSSL_IMXRT_DCP WOLFSSL_ISOTP WOLFSSL_KEIL WOLFSSL_KEIL_NET -WOLFSSL_KYBER1024 -WOLFSSL_KYBER512 -WOLFSSL_KYBER768 WOLFSSL_KYBER_NO_DECAPSULATE WOLFSSL_KYBER_NO_ENCAPSULATE WOLFSSL_KYBER_NO_MAKE_KEY @@ -737,7 +729,6 @@ WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM WOLFSSL_MLKEM_NO_LARGE_CODE WOLFSSL_MLKEM_NO_MALLOC WOLFSSL_MLKEM_NTT_UNROLL -WOLFSSL_ML_KEM_USE_OLD_IDS WOLFSSL_MONT_RED_CT WOLFSSL_MP_COND_COPY WOLFSSL_MP_INVMOD_CONSTANT_TIME @@ -768,9 +759,6 @@ WOLFSSL_NO_KCAPI_HMAC_SHA256 WOLFSSL_NO_KCAPI_HMAC_SHA384 WOLFSSL_NO_KCAPI_HMAC_SHA512 WOLFSSL_NO_KCAPI_SHA224 -WOLFSSL_NO_ML_KEM_1024 -WOLFSSL_NO_ML_KEM_512 -WOLFSSL_NO_ML_KEM_768 WOLFSSL_NO_OCSP_DATE_CHECK WOLFSSL_NO_OCSP_ISSUER_CHAIN_CHECK WOLFSSL_NO_OCSP_OPTIONAL_CERTS @@ -833,8 +821,6 @@ WOLFSSL_SERVER_EXAMPLE WOLFSSL_SETTINGS_FILE WOLFSSL_SH224 WOLFSSL_SHA256_ALT_CH_MAJ -WOLFSSL_SHAKE128 -WOLFSSL_SHAKE256 WOLFSSL_SHUTDOWNONCE WOLFSSL_SILABS_TRNG WOLFSSL_SM4_EBC @@ -876,7 +862,6 @@ WOLFSSL_USE_FLASHMEM WOLFSSL_USE_OPTIONS_H WOLFSSL_USE_POPEN_HOST WOLFSSL_VALIDATE_DH_KEYGEN -WOLFSSL_WC_MLKEM WOLFSSL_WC_XMSS_NO_SHA256 WOLFSSL_WC_XMSS_NO_SHAKE256 WOLFSSL_WICED_PSEUDO_UNIX_EPOCH_TIME diff --git a/linuxkm/lkcapi_sha_glue.c b/linuxkm/lkcapi_sha_glue.c index ca6b722e6..c0df70fa8 100644 --- a/linuxkm/lkcapi_sha_glue.c +++ b/linuxkm/lkcapi_sha_glue.c @@ -414,7 +414,7 @@ WC_MAYBE_UNUSED static int sha3_test_once(void) { #define WC_LINUXKM_SHA_IMPLEMENT(name, digest_size, block_size, \ this_cra_name, this_cra_driver_name, \ init_f, update_f, final_f, \ - test_routine) \ + free_f, test_routine) \ \ \ static int km_ ## name ## _init(struct shash_desc *desc) { \ @@ -436,8 +436,10 @@ static int km_ ## name ## _update(struct shash_desc *desc, const u8 *data, \ \ if (ret == 0) \ return 0; \ - else \ + else { \ + free_f(&ctx-> name ## _state); \ return -EINVAL; \ + } \ } \ \ static int km_ ## name ## _final(struct shash_desc *desc, u8 *out) { \ @@ -445,6 +447,8 @@ static int km_ ## name ## _final(struct shash_desc *desc, u8 *out) { \ \ int ret = final_f(&ctx-> name ## _state, out); \ \ + free_f(&ctx-> name ## _state); \ + \ if (ret == 0) \ return 0; \ else \ @@ -458,8 +462,10 @@ static int km_ ## name ## _finup(struct shash_desc *desc, const u8 *data, \ \ int ret = update_f(&ctx-> name ## _state, data, len); \ \ - if (ret != 0) \ + if (ret != 0) { \ + free_f(&ctx-> name ## _state); \ return -EINVAL; \ + } \ \ return km_ ## name ## _final(desc, out); \ } \ @@ -510,7 +516,7 @@ struct wc_swallow_the_semicolon #define WC_LINUXKM_SHA3_IMPLEMENT(name, digest_size, block_size, \ this_cra_name, this_cra_driver_name, \ init_f, update_f, final_f, \ - test_routine) \ + free_f, test_routine) \ \ \ static int km_ ## name ## _init(struct shash_desc *desc) { \ @@ -537,6 +543,7 @@ static int km_ ## name ## _update(struct shash_desc *desc, const u8 *data, \ if (ret == 0) \ return 0; \ else { \ + free_f(ctx-> name ## _state); \ km_sha3_free_tstate(ctx); \ return -EINVAL; \ } \ @@ -547,6 +554,7 @@ static int km_ ## name ## _final(struct shash_desc *desc, u8 *out) { \ \ int ret = final_f(ctx-> name ## _state, out); \ \ + free_f(ctx-> name ## _state); \ km_sha3_free_tstate(ctx); \ if (ret == 0) \ return 0; \ @@ -561,8 +569,10 @@ static int km_ ## name ## _finup(struct shash_desc *desc, const u8 *data, \ \ int ret = update_f(ctx-> name ## _state, data, len); \ \ - if (ret != 0) \ + if (ret != 0) { \ + free_f(ctx-> name ## _state); \ return -EINVAL; \ + } \ \ return km_ ## name ## _final(desc, out); \ } \ @@ -613,63 +623,63 @@ struct wc_swallow_the_semicolon WC_LINUXKM_SHA_IMPLEMENT(sha1, WC_SHA_DIGEST_SIZE, WC_SHA_BLOCK_SIZE, WOLFKM_SHA1_NAME, WOLFKM_SHA1_DRIVER, wc_InitSha, wc_ShaUpdate, wc_ShaFinal, - sha_test); + wc_ShaFree, sha_test); #endif #ifdef LINUXKM_LKCAPI_REGISTER_SHA2_224 WC_LINUXKM_SHA_IMPLEMENT(sha2_224, WC_SHA224_DIGEST_SIZE, WC_SHA224_BLOCK_SIZE, WOLFKM_SHA2_224_NAME, WOLFKM_SHA2_224_DRIVER, wc_InitSha224, wc_Sha224Update, wc_Sha224Final, - sha224_test); + wc_Sha224Free, sha224_test); #endif #ifdef LINUXKM_LKCAPI_REGISTER_SHA2_256 WC_LINUXKM_SHA_IMPLEMENT(sha2_256, WC_SHA256_DIGEST_SIZE, WC_SHA256_BLOCK_SIZE, WOLFKM_SHA2_256_NAME, WOLFKM_SHA2_256_DRIVER, wc_InitSha256, wc_Sha256Update, wc_Sha256Final, - sha256_test); + wc_Sha256Free, sha256_test); #endif #ifdef LINUXKM_LKCAPI_REGISTER_SHA2_384 WC_LINUXKM_SHA_IMPLEMENT(sha2_384, WC_SHA384_DIGEST_SIZE, WC_SHA384_BLOCK_SIZE, WOLFKM_SHA2_384_NAME, WOLFKM_SHA2_384_DRIVER, wc_InitSha384, wc_Sha384Update, wc_Sha384Final, - sha384_test); + wc_Sha384Free, sha384_test); #endif #ifdef LINUXKM_LKCAPI_REGISTER_SHA2_512 WC_LINUXKM_SHA_IMPLEMENT(sha2_512, WC_SHA512_DIGEST_SIZE, WC_SHA512_BLOCK_SIZE, WOLFKM_SHA2_512_NAME, WOLFKM_SHA2_512_DRIVER, wc_InitSha512, wc_Sha512Update, wc_Sha512Final, - sha512_test); + wc_Sha512Free, sha512_test); #endif #ifdef LINUXKM_LKCAPI_REGISTER_SHA3_224 WC_LINUXKM_SHA3_IMPLEMENT(sha3_224, WC_SHA3_224_DIGEST_SIZE, WC_SHA3_224_BLOCK_SIZE, WOLFKM_SHA3_224_NAME, WOLFKM_SHA3_224_DRIVER, wc_InitSha3_224, wc_Sha3_224_Update, wc_Sha3_224_Final, - sha3_test_once); + wc_Sha3_224_Free, sha3_test_once); #endif #ifdef LINUXKM_LKCAPI_REGISTER_SHA3_256 WC_LINUXKM_SHA3_IMPLEMENT(sha3_256, WC_SHA3_256_DIGEST_SIZE, WC_SHA3_256_BLOCK_SIZE, WOLFKM_SHA3_256_NAME, WOLFKM_SHA3_256_DRIVER, wc_InitSha3_256, wc_Sha3_256_Update, wc_Sha3_256_Final, - sha3_test_once); + wc_Sha3_256_Free, sha3_test_once); #endif #ifdef LINUXKM_LKCAPI_REGISTER_SHA3_384 WC_LINUXKM_SHA3_IMPLEMENT(sha3_384, WC_SHA3_384_DIGEST_SIZE, WC_SHA3_384_BLOCK_SIZE, WOLFKM_SHA3_384_NAME, WOLFKM_SHA3_384_DRIVER, wc_InitSha3_384, wc_Sha3_384_Update, wc_Sha3_384_Final, - sha3_test_once); + wc_Sha3_384_Free, sha3_test_once); #endif #ifdef LINUXKM_LKCAPI_REGISTER_SHA3_512 WC_LINUXKM_SHA3_IMPLEMENT(sha3_512, WC_SHA3_512_DIGEST_SIZE, WC_SHA3_512_BLOCK_SIZE, WOLFKM_SHA3_512_NAME, WOLFKM_SHA3_512_DRIVER, wc_InitSha3_512, wc_Sha3_512_Update, wc_Sha3_512_Final, - sha3_test_once); + wc_Sha3_512_Free, sha3_test_once); #endif struct km_sha_hmac_pstate { @@ -700,6 +710,7 @@ WC_MAYBE_UNUSED static int linuxkm_hmac_setkey_common(struct crypto_shash *tfm, } WC_MAYBE_UNUSED static void km_hmac_free_tstate(struct km_sha_hmac_state *t_ctx) { + wc_HmacFree(t_ctx->wc_hmac); free(t_ctx->wc_hmac); t_ctx->wc_hmac = NULL; } @@ -731,6 +742,33 @@ WC_MAYBE_UNUSED static int km_hmac_init(struct shash_desc *desc) { XMEMCPY(t_ctx->wc_hmac, &p_ctx->wc_hmac, sizeof *t_ctx->wc_hmac); +#ifdef WOLFSSL_SMALL_STACK_CACHE + /* The cached W buffer from the persistent ctx can't be used because it + * would be double-freed, first by km_hmac_free_tstate(), then by + * km_hmac_exit_tfm(). + */ + switch (t_ctx->wc_hmac->macType) { + + #ifndef NO_SHA256 + case WC_SHA256: + #ifdef WOLFSSL_SHA224 + case WC_SHA224: + #endif + t_ctx->wc_hmac->hash.sha256.W = NULL; + break; + #endif /* WOLFSSL_SHA256 */ + + #ifdef WOLFSSL_SHA512 + case WC_SHA512: + #ifdef WOLFSSL_SHA384 + case WC_SHA384: + #endif + t_ctx->wc_hmac->hash.sha512.W = NULL; + break; + #endif /* WOLFSSL_SHA512 */ + } +#endif /* WOLFSSL_SMALL_STACK_CACHE */ + return 0; } diff --git a/wolfssl/wolfcrypt/integer.h b/wolfssl/wolfcrypt/integer.h index 68bda1fcd..09cec4434 100644 --- a/wolfssl/wolfcrypt/integer.h +++ b/wolfssl/wolfcrypt/integer.h @@ -205,7 +205,12 @@ typedef int mp_err; #define NEW_MP_INT_SIZE(name, bits, heap, type) \ XMEMSET(name, 0, sizeof(mp_int)) /* Dispose of static mp_int. */ -#define FREE_MP_INT_SIZE(name, heap, type) WC_DO_NOTHING +#define FREE_MP_INT_SIZE(name, heap, type) \ + do { \ + if ((name) != NULL) { \ + mp_free(name); \ + } \ + } while (0) /* Initialize an mp_int. */ #define INIT_MP_INT_SIZE(name, bits) \ mp_init(name)