Peer review improvements

This commit is contained in:
David Garske
2026-02-10 14:51:51 -08:00
parent 2a18b7ee44
commit bc12b7563f
8 changed files with 101 additions and 56 deletions
+1 -1
View File
@@ -2093,7 +2093,7 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
\return 0 Returned upon successfully setting the callback context the input message
\param key pointer to the ecc_key object
\param ctx pointer to ecc_nb_ctx_t structure with stack data cache for SP
\param ctx pointer to ecc nb_ctx_t structure with stack data cache for SP
_Example_
\code
+2 -2
View File
@@ -8191,8 +8191,8 @@ void FreeKey(WOLFSSL* ssl, int type, void** pKey)
case DYNAMIC_TYPE_CURVE25519:
#if defined(WC_X25519_NONBLOCK) && \
defined(WOLFSSL_ASYNC_CRYPT_SW)
if (((curve25519_key*)*pKey)->nbCtx != NULL) {
XFREE(((curve25519_key*)*pKey)->nbCtx, ssl->heap,
if (((curve25519_key*)*pKey)->nb_ctx != NULL) {
XFREE(((curve25519_key*)*pKey)->nb_ctx, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
+49 -10
View File
@@ -8014,16 +8014,16 @@ static int TLSX_KeyShare_GenX25519Key(WOLFSSL *ssl, KeyShareEntry* kse)
* INVALID_DEVID there is no async loop to retry on FP_WOULDBLOCK, so
* skip non-blocking setup and use blocking mode instead. */
if (ret == 0 && ssl->devId != INVALID_DEVID) {
x25519_nb_ctx_t* nbCtx = (x25519_nb_ctx_t*)XMALLOC(
x25519_nb_ctx_t* nb_ctx = (x25519_nb_ctx_t*)XMALLOC(
sizeof(x25519_nb_ctx_t), ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (nbCtx == NULL) {
if (nb_ctx == NULL) {
ret = MEMORY_E;
}
else {
ret = wc_curve25519_set_nonblock(key, nbCtx);
ret = wc_curve25519_set_nonblock(key, nb_ctx);
if (ret != 0) {
XFREE(nbCtx, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(nb_ctx, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
}
}
@@ -8088,8 +8088,8 @@ static int TLSX_KeyShare_GenX25519Key(WOLFSSL *ssl, KeyShareEntry* kse)
kse->pubKey = NULL;
if (key != NULL) {
#if defined(WC_X25519_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW)
if (key->nbCtx != NULL) {
XFREE(key->nbCtx, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (key->nb_ctx != NULL) {
XFREE(key->nb_ctx, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
wc_curve25519_free(key);
@@ -8279,6 +8279,28 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
/* Initialize an ECC key struct for the ephemeral key */
ret = wc_ecc_init_ex((ecc_key*)kse->key, ssl->heap, ssl->devId);
#if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) && \
defined(WC_ASYNC_ENABLE_ECC)
/* Only set non-blocking context when async device is active. With
* INVALID_DEVID there is no async loop to retry on FP_WOULDBLOCK, so
* skip non-blocking setup and use blocking mode instead. */
if (ret == 0 && ssl->devId != INVALID_DEVID) {
ecc_nb_ctx_t* eccNbCtx = (ecc_nb_ctx_t*)XMALLOC(
sizeof(ecc_nb_ctx_t), ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (eccNbCtx == NULL) {
ret = MEMORY_E;
}
else {
ret = wc_ecc_set_nonblock((ecc_key*)kse->key, eccNbCtx);
if (ret != 0) {
XFREE(eccNbCtx, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
}
}
#endif /* WC_ECC_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW &&
WC_ASYNC_ENABLE_ECC */
if (ret == 0) {
kse->keyLen = keySize;
kse->pubKeyLen = keySize * 2 + 1;
@@ -8852,8 +8874,8 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap)
#ifdef HAVE_CURVE25519
#if defined(WC_X25519_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW)
if (current->key != NULL &&
((curve25519_key*)current->key)->nbCtx != NULL) {
XFREE(((curve25519_key*)current->key)->nbCtx, heap,
((curve25519_key*)current->key)->nb_ctx != NULL) {
XFREE(((curve25519_key*)current->key)->nb_ctx, heap,
DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
@@ -8900,6 +8922,15 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap)
}
else {
#ifdef HAVE_ECC
#if defined(WC_ECC_NONBLOCK) && \
defined(WOLFSSL_ASYNC_CRYPT_SW) && \
defined(WC_ASYNC_ENABLE_ECC)
if (current->key != NULL &&
((ecc_key*)current->key)->nb_ctx != NULL) {
XFREE(((ecc_key*)current->key)->nb_ctx, heap,
DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
wc_ecc_free((ecc_key*)current->key);
#endif
}
@@ -8907,6 +8938,14 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap)
#endif
else {
#ifdef HAVE_ECC
#if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) && \
defined(WC_ASYNC_ENABLE_ECC)
if (current->key != NULL &&
((ecc_key*)current->key)->nb_ctx != NULL) {
XFREE(((ecc_key*)current->key)->nb_ctx, heap,
DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
wc_ecc_free((ecc_key*)current->key);
#endif
}
@@ -9248,8 +9287,8 @@ static int TLSX_KeyShare_ProcessX25519_ex(WOLFSSL* ssl,
}
if (keyShareEntry->key != NULL) {
#if defined(WC_X25519_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW)
if (((curve25519_key*)keyShareEntry->key)->nbCtx != NULL) {
XFREE(((curve25519_key*)keyShareEntry->key)->nbCtx, ssl->heap,
if (((curve25519_key*)keyShareEntry->key)->nb_ctx != NULL) {
XFREE(((curve25519_key*)keyShareEntry->key)->nb_ctx, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
+5 -5
View File
@@ -18456,7 +18456,7 @@ int ConfirmSignature(SignatureCtx* sigCtx,
word32 idx = 0;
#if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) && \
defined(WC_ASYNC_ENABLE_ECC)
ecc_nb_ctx_t* nbCtx;
ecc_nb_ctx_t* nb_ctx;
#endif /* WC_ECC_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW &&
WC_ASYNC_ENABLE_ECC */
@@ -18479,15 +18479,15 @@ int ConfirmSignature(SignatureCtx* sigCtx,
* retry on FP_WOULDBLOCK, so let the WC_ECC_NONBLOCK_ONLY
* blocking fallback handle it instead. */
if (sigCtx->devId != INVALID_DEVID) {
nbCtx = (ecc_nb_ctx_t*)XMALLOC(sizeof(ecc_nb_ctx_t),
nb_ctx = (ecc_nb_ctx_t*)XMALLOC(sizeof(ecc_nb_ctx_t),
sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (nbCtx == NULL) {
if (nb_ctx == NULL) {
ERROR_OUT(MEMORY_E, exit_cs);
}
ret = wc_ecc_set_nonblock(sigCtx->key.ecc, nbCtx);
ret = wc_ecc_set_nonblock(sigCtx->key.ecc, nb_ctx);
if (ret != 0) {
XFREE(nbCtx, sigCtx->heap,
XFREE(nb_ctx, sigCtx->heap,
DYNAMIC_TYPE_TMP_BUFFER);
goto exit_cs;
}
+27 -27
View File
@@ -459,13 +459,13 @@ static int wc_curve25519_make_pub_nb(curve25519_key* key)
if (key == NULL) {
ret = BAD_FUNC_ARG;
}
else if (key->nbCtx == NULL) {
else if (key->nb_ctx == NULL) {
WOLFSSL_MSG("wc_curve25519_make_pub_nb called with NULL non-blocking "
"context.");
ret = BAD_FUNC_ARG;
}
if (ret == 0 && key->nbCtx->state == 0) {
if (ret == 0 && key->nb_ctx->state == 0) {
/* check clamping */
ret = curve25519_priv_clamp_check(key->k);
if (ret == 0) {
@@ -474,7 +474,7 @@ static int wc_curve25519_make_pub_nb(curve25519_key* key)
}
if (ret == 0) {
ret = curve25519_nb(key->p.point, key->k, (byte*)kCurve25519BasePoint,
key->nbCtx);
key->nb_ctx);
}
return ret;
@@ -488,13 +488,13 @@ static int wc_curve25519_make_key_nb(WC_RNG* rng, int keysize,
if (key == NULL || rng == NULL) {
ret = BAD_FUNC_ARG;
}
else if (key->nbCtx == NULL) {
else if (key->nb_ctx == NULL) {
WOLFSSL_MSG("wc_curve25519_make_key_nb called with NULL non-blocking "
"context.");
ret = BAD_FUNC_ARG;
}
if (ret == 0 && key->nbCtx->state == 0) {
if (ret == 0 && key->nb_ctx->state == 0) {
ret = wc_curve25519_make_priv(rng, keysize, key->k);
if (ret == 0) {
key->privSet = 1;
@@ -512,19 +512,19 @@ static int wc_curve25519_make_key_nb(WC_RNG* rng, int keysize,
int wc_curve25519_set_nonblock(curve25519_key* key, x25519_nb_ctx_t* ctx)
{
int ret = 0;
if (key != NULL) {
if (ctx != NULL) {
XMEMSET(ctx, 0, sizeof(x25519_nb_ctx_t));
}
key->nbCtx = ctx;
if (key == NULL) {
return BAD_FUNC_ARG;
}
else {
ret = BAD_FUNC_ARG;
/* If a different context is already set, clear it before replacing.
* The caller is responsible for freeing any heap-allocated context. */
if (key->nb_ctx != NULL && key->nb_ctx != ctx) {
XMEMSET(key->nb_ctx, 0, sizeof(x25519_nb_ctx_t));
}
return ret;
if (ctx != NULL) {
XMEMSET(ctx, 0, sizeof(x25519_nb_ctx_t));
}
key->nb_ctx = ctx;
return 0;
}
#endif /* WC_X25519_NONBLOCK */
@@ -567,7 +567,7 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key)
#ifdef WOLFSSL_SE050
ret = se050_curve25519_create_key(key, keysize);
#elif defined(WC_X25519_NONBLOCK)
if (key->nbCtx != NULL) {
if (key->nb_ctx != NULL) {
ret = wc_curve25519_make_key_nb(rng, keysize, key);
}
else
@@ -612,17 +612,17 @@ static int wc_curve25519_shared_secret_nb(curve25519_key* privKey,
{
int ret = FP_WOULDBLOCK;
switch (privKey->nbCtx->ssState) {
switch (privKey->nb_ctx->ssState) {
case 0:
XMEMSET(&privKey->nbCtx->o, 0, sizeof(privKey->nbCtx->o));
privKey->nbCtx->ssState = 1;
XMEMSET(&privKey->nb_ctx->o, 0, sizeof(privKey->nb_ctx->o));
privKey->nb_ctx->ssState = 1;
break;
case 1:
ret = curve25519_nb(privKey->nbCtx->o.point, privKey->k,
pubKey->p.point, privKey->nbCtx);
ret = curve25519_nb(privKey->nb_ctx->o.point, privKey->k,
pubKey->p.point, privKey->nb_ctx);
if (ret == 0) {
ret = FP_WOULDBLOCK;
privKey->nbCtx->ssState = 2;
privKey->nb_ctx->ssState = 2;
}
break;
case 2:
@@ -632,7 +632,7 @@ static int wc_curve25519_shared_secret_nb(curve25519_key* privKey,
byte t = 0;
for (i = 0; i < CURVE25519_KEYSIZE; i++) {
t |= privKey->nbCtx->o.point[i];
t |= privKey->nb_ctx->o.point[i];
}
if (t == 0) {
ret = ECC_OUT_OF_RANGE_E;
@@ -640,7 +640,7 @@ static int wc_curve25519_shared_secret_nb(curve25519_key* privKey,
else
#endif /* WOLFSSL_ECDHX_SHARED_NOT_ZERO */
{
curve25519_copy_point(out, privKey->nbCtx->o.point, endian);
curve25519_copy_point(out, privKey->nb_ctx->o.point, endian);
*outlen = CURVE25519_KEYSIZE;
ret = 0;
}
@@ -651,7 +651,7 @@ static int wc_curve25519_shared_secret_nb(curve25519_key* privKey,
}
if (ret != FP_WOULDBLOCK) {
XMEMSET(privKey->nbCtx, 0, sizeof(x25519_nb_ctx_t));
XMEMSET(privKey->nb_ctx, 0, sizeof(x25519_nb_ctx_t));
}
return ret;
@@ -714,7 +714,7 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key,
#endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_X25519 &&
* WOLFSSL_ASYNC_CRYPT_SW */
if (private_key->nbCtx != NULL) {
if (private_key->nb_ctx != NULL) {
ret = wc_curve25519_shared_secret_nb(private_key, public_key, out,
outlen, endian);
}
+12 -6
View File
@@ -55,7 +55,7 @@ Possible ECC enable options:
* WOLFSSL_ECC_CURVE_STATIC: default off (on for windows)
* For the ECC curve parameters `ecc_set_type` use fixed
* array for hex string
* WC_ECC_NONBLOCK: Enable non-blocking support for sign/verify.
* WC_ECC_NONBLOCK: Enable non-blocking support for sign/verify/keygen/secret.
* Requires SP with WOLFSSL_SP_NONBLOCK
* WC_ECC_NONBLOCK_ONLY Enable the non-blocking function only, no fall-back to
* normal blocking API's
@@ -15627,12 +15627,18 @@ int wc_ecc_get_key_id(ecc_key* key, word32* keyId)
/* Enable ECC support for non-blocking operations */
int wc_ecc_set_nonblock(ecc_key *key, ecc_nb_ctx_t* ctx)
{
if (key) {
if (ctx) {
XMEMSET(ctx, 0, sizeof(ecc_nb_ctx_t));
}
key->nb_ctx = ctx;
if (key == NULL) {
return BAD_FUNC_ARG;
}
/* If a different context is already set, clear it before replacing.
* The caller is responsible for freeing any heap-allocated context. */
if (key->nb_ctx != NULL && key->nb_ctx != ctx) {
XMEMSET(key->nb_ctx, 0, sizeof(ecc_nb_ctx_t));
}
if (ctx != NULL) {
XMEMSET(ctx, 0, sizeof(ecc_nb_ctx_t));
}
key->nb_ctx = ctx;
return 0;
}
#endif /* WC_ECC_NONBLOCK */
+4 -4
View File
@@ -38594,7 +38594,7 @@ static wc_test_ret_t curve255519_der_test(void)
static int x25519_nonblock_test(WC_RNG* rng)
{
int ret = 0;
x25519_nb_ctx_t nbCtx;
x25519_nb_ctx_t nb_ctx;
curve25519_key userA;
curve25519_key userB;
#ifdef HAVE_CURVE25519_SHARED_SECRET
@@ -38605,14 +38605,14 @@ static int x25519_nonblock_test(WC_RNG* rng)
#endif
int count;
XMEMSET(&nbCtx, 0, sizeof(nbCtx));
XMEMSET(&nb_ctx, 0, sizeof(nb_ctx));
ret = wc_curve25519_init(&userA);
if (ret != 0) {
printf("wc_curve25519_init 1 %d\n", ret);
return -10722;
}
ret = wc_curve25519_set_nonblock(&userA, &nbCtx);
ret = wc_curve25519_set_nonblock(&userA, &nb_ctx);
if (ret != 0) {
printf("wc_curve25519_set_nonblock 1 %d\n", ret);
wc_curve25519_free(&userA);
@@ -38639,7 +38639,7 @@ static int x25519_nonblock_test(WC_RNG* rng)
wc_curve25519_free(&userA);
return -10724;
}
ret = wc_curve25519_set_nonblock(&userB, &nbCtx);
ret = wc_curve25519_set_nonblock(&userB, &nb_ctx);
if (ret != 0) {
printf("wc_curve25519_set_nonblock 2 %d\n", ret);
wc_curve25519_free(&userA);
+1 -1
View File
@@ -141,7 +141,7 @@ struct curve25519_key {
#endif
#ifdef WC_X25519_NONBLOCK
x25519_nb_ctx_t* nbCtx;
x25519_nb_ctx_t* nb_ctx;
#endif /* WC_X25519_NONBLOCK */
/* bit fields */