Code review changes

2025-07-29 18:27:29 +02:00 · 2020-12-14 14:04:22 +01:00
parent 23a4d64caf
commit a745947498
5 changed files with 27 additions and 53 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@ -36869,6 +36869,7 @@ int wolfSSL_ECDH_compute_key(void *out, size_t outlen,
 {
    word32 len;
    ecc_key* key;
+    int ret;
 #if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) \
    && !defined(HAVE_FIPS)
    int setGlobalRNG = 0;
@ -36908,19 +36909,17 @@ int wolfSSL_ECDH_compute_key(void *out, size_t outlen,
        setGlobalRNG = 1;
    }
 #endif
-
-    if (wc_ecc_shared_secret_ssh(key,
-                                 (ecc_point*)pub_key->internal,
-                                 (byte *)out, &len) != MP_OKAY) {
-        WOLFSSL_MSG("wc_ecc_shared_secret failed");
-        return WOLFSSL_FATAL_ERROR;
-    }
-
+    ret = wc_ecc_shared_secret_ssh(key, (ecc_point*)pub_key->internal,
+            (byte *)out, &len);
 #if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) \
    && !defined(HAVE_FIPS)
    if (setGlobalRNG)
        key->rng = NULL;
 #endif
+    if (ret != MP_OKAY) {
+        WOLFSSL_MSG("wc_ecc_shared_secret failed");
+        return WOLFSSL_FATAL_ERROR;
+    }

    return len;
 }
--- a/tests/api.c
+++ b/tests/api.c
@ -33801,6 +33801,9 @@ static void test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY (void)
    /* Test wolfSSL_EVP_PKEY_set1_EC_KEY */
    AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, NULL), WOLFSSL_FAILURE);
+    /* Should fail since ecKey is empty */
+    AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_FAILURE);
+    AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
    AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS);

    /* Test wolfSSL_EVP_PKEY_get1_EC_KEY */
@ -34133,6 +34136,8 @@ static void test_wolfSSL_EVP_PKEY_assign(void)
    AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,ecKey), WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL),  WOLFSSL_FAILURE);
    AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,ecKey),   WOLFSSL_FAILURE);
+    AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,ecKey),   WOLFSSL_FAILURE);
+    AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
    AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,ecKey), WOLFSSL_SUCCESS);
    wolfSSL_EVP_PKEY_free(pkey);
 #endif /* HAVE_ECC */
@ -36545,6 +36550,9 @@ static void test_EVP_PKEY_ec(void)
    AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
    AssertIntEQ(EVP_PKEY_assign_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE);
    AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, NULL), WOLFSSL_FAILURE);
+    /* Should fail since ecKey is empty */
+    AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_FAILURE);
+    AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
    AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS);
    wolfSSL_EVP_PKEY_free(pkey);

--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -16695,6 +16695,9 @@ int wc_EccPrivateKeyToPKCS8(ecc_key* key, byte* output, word32* outLen)
    return eccToPKCS8(key, output, outLen, 0);
 }

+/* Write both private and public ecc keys to unencrypted PKCS#8 format.
+ *
+ * return length on success else < 0 */
 int wc_EccKeyToPKCS8(ecc_key* key, byte* output,
                     word32* outLen)
 {
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@ -4035,14 +4035,6 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
                            byte* out, word32 *outlen)
 {
    int err;
-#ifdef ECC_TIMING_RESISTANT
-    int initTmpRng = 0;
-#ifdef WOLFSSL_SMALL_STACK
-    WC_RNG *tmpRNG = NULL;
-#else
-    WC_RNG tmpRNG[1];
-#endif
-#endif

    if (private_key == NULL || point == NULL || out == NULL ||
                                                            outlen == NULL) {
@ -4067,35 +4059,8 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
        case ECC_STATE_SHARED_SEC_GEN:
            private_key->state = ECC_STATE_SHARED_SEC_GEN;

-            #ifdef ECC_TIMING_RESISTANT
-            if (private_key->rng == NULL) {
-                #ifdef WOLFSSL_SMALL_STACK
-                tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
-                if (tmpRNG == NULL)
-                    return MEMORY_E;
-                #endif
-                if ((err = wc_InitRng(tmpRNG)) != MP_OKAY) {
-                    #ifdef WOLFSSL_SMALL_STACK
-                    XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
-                    #endif
-                    break;
-                }
-                private_key->rng = tmpRNG;
-                initTmpRng = 1;
-            }
-            #endif
            err = wc_ecc_shared_secret_gen(private_key, point, out, outlen);
-            #ifdef ECC_TIMING_RESISTANT
-            if (initTmpRng) {
-                wc_FreeRng(tmpRNG);
-                #ifdef WOLFSSL_SMALL_STACK
-                XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
-                #endif
-                private_key->rng = NULL;
-            }
-            #endif
            if (err < 0) {
-                WOLFSSL_MSG("wc_ecc_shared_secret_gen failed");
                break;
            }
            FALL_THROUGH;
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@ -6176,13 +6176,13 @@ int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key)

 #if defined(HAVE_ECC)
 /* try and populate public pkey_sz and pkey.ptr */
-static void ECC_populate_EVP_PKEY(EVP_PKEY* pkey, ecc_key* ecc)
+static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, ecc_key* ecc)
 {
    word32 derSz = 0;
    if (!pkey || !ecc)
-        return;
+        return WOLFSSL_FAILURE;
    if (wc_EccKeyToPKCS8(ecc, NULL, &derSz) == LENGTH_ONLY_E) {
-        byte* derBuf = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        byte* derBuf = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_OPENSSL);
        if (derBuf) {
            if (wc_EccKeyToPKCS8(ecc, derBuf, &derSz) >= 0) {
                if (pkey->pkey.ptr) {
@ -6190,13 +6190,15 @@ static void ECC_populate_EVP_PKEY(EVP_PKEY* pkey, ecc_key* ecc)
                }
                pkey->pkey_sz = (int)derSz;
                pkey->pkey.ptr = (char*)derBuf;
+                return WOLFSSL_SUCCESS;
            }
-            else { /* failure - okay to ignore */
-                XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            else {
+                XFREE(derBuf, NULL, DYNAMIC_TYPE_OPENSSL);
                derBuf = NULL;
            }
        }
    }
+    return WOLFSSL_FAILURE;
 }

 WOLFSSL_API int wolfSSL_EVP_PKEY_set1_EC_KEY(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_EC_KEY *key)
@ -6228,8 +6230,7 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_set1_EC_KEY(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_EC_
    pkey->ecc    = key;
    pkey->ownEcc = 0; /* pkey does not own EC key */
    pkey->type   = EVP_PKEY_EC;
-    ECC_populate_EVP_PKEY(pkey, (ecc_key*)key->internal);
-    return WOLFSSL_SUCCESS;
+    return ECC_populate_EVP_PKEY(pkey, (ecc_key*)key->internal);
 #else
    (void)pkey;
    (void)key;
@ -6265,9 +6266,7 @@ int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key)
    pkey->ownEcc = 1;

    /* try and populate public pkey_sz and pkey.ptr */
-    ECC_populate_EVP_PKEY(pkey, (ecc_key*)key->internal);
-
-    return WOLFSSL_SUCCESS;
+    return ECC_populate_EVP_PKEY(pkey, (ecc_key*)key->internal);
 }
 #endif /* HAVE_ECC */