From ad2119b2f8ed200faa0334d88b415398a2342391 Mon Sep 17 00:00:00 2001 From: Tesfa Mael Date: Fri, 6 May 2022 12:00:32 -0700 Subject: [PATCH] Review comments --- wolfcrypt/src/rsa.c | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index cc664884f..6011b363b 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -856,10 +856,10 @@ static int RsaMGF1(enum wc_HashType hType, byte* seed, word32 seedSz, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) byte* tmp = NULL; #else - byte tmp[RSA_MAX_SIZE/8] = {0}; + byte tmp[RSA_MAX_SIZE/8]; #endif /* needs to be large enough for seed size plus counter(4) */ - byte tmpA[WC_MAX_DIGEST_SIZE + 4]= {0}; + byte tmpA[WC_MAX_DIGEST_SIZE + 4]; byte tmpF = 0; /* 1 if dynamic memory needs freed */ word32 tmpSz = 0; int hLen; @@ -875,6 +875,7 @@ static int RsaMGF1(enum wc_HashType hType, byte* seed, word32 seedSz, (void)heap; + XMEMSET(tmpA, 0, sizeof(tmpA)); /* check error return of wc_HashGetDigestSize */ if (hLen < 0) { return hLen; @@ -885,6 +886,8 @@ static int RsaMGF1(enum wc_HashType hType, byte* seed, word32 seedSz, /* find largest amount of memory needed which will be the max of * hLen and (seedSz + 4) since tmp is used to store the hash digest */ tmpSz = ((seedSz + 4) > (word32)hLen)? seedSz + 4: (word32)hLen; + if (tmpSz > RSA_MAX_SIZE/8) + return BAD_FUNC_ARG; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) tmp = (byte*)XMALLOC(tmpSz, heap, DYNAMIC_TYPE_RSA_BUFFER); if (tmp == NULL) { @@ -900,7 +903,7 @@ static int RsaMGF1(enum wc_HashType hType, byte* seed, word32 seedSz, #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) tmp = tmpA; - #endif +#endif tmpF = 0; /* no need to free memory at end */ } @@ -1048,15 +1051,15 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, int i; word32 idx; - #ifdef WOLFSSL_SMALL_STACK + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) byte* dbMask = NULL; byte* lHash = NULL; byte* seed = NULL; #else + byte dbMask[RSA_MAX_SIZE/8 + RSA_PSS_PAD_SZ]; /* must be large enough to contain largest hash */ - byte lHash[WC_MAX_DIGEST_SIZE] = {0}; - byte seed[WC_MAX_DIGEST_SIZE]= {0}; - byte dbMask[RSA_MAX_SIZE/8 + RSA_PSS_PAD_SZ] = {0}; + byte lHash[WC_MAX_DIGEST_SIZE]; + byte seed[WC_MAX_DIGEST_SIZE]; #endif /* no label is allowed, but catch if no label provided and length > 0 */ @@ -1070,7 +1073,7 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, return hLen; } - #ifdef WOLFSSL_SMALL_STACK + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) lHash = (byte*)XMALLOC(hLen, heap, DYNAMIC_TYPE_RSA_BUFFER); if (lHash == NULL) { return MEMORY_E; @@ -1153,7 +1156,7 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, return ret; } -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) /* create maskedDB from dbMask */ dbMask = (byte*)XMALLOC(pkcsBlockLen - hLen - 1, heap, DYNAMIC_TYPE_RSA); if (dbMask == NULL) { @@ -1526,10 +1529,11 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen, byte h[WC_MAX_DIGEST_SIZE]; /* max digest size */ word32 idx; -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) byte* tmp = NULL; #else - byte tmp[RSA_MAX_SIZE/8 + RSA_PSS_PAD_SZ] = {0}; + byte tmp[RSA_MAX_SIZE/8 + RSA_PSS_PAD_SZ]; + XMEMSET(tmp, 0, RSA_MAX_SIZE/8 + RSA_PSS_PAD_SZ); #endif /* no label is allowed, but catch if no label provided and length > 0 */ if (optLabel == NULL && labelLen > 0) { @@ -1541,7 +1545,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen, return BAD_FUNC_ARG; } -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) tmp = (byte*)XMALLOC(pkcsBlockLen, heap, DYNAMIC_TYPE_RSA_BUFFER); if (tmp == NULL) { return MEMORY_E;