From fd51eecb4f41e3bc4886c5a334f44492720edfaa Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 28 May 2020 15:09:27 -0700 Subject: [PATCH] Fix for using signature wrapper with `WOLFSSL_NO_MALLOC`. Improve `wc_SignatureVerifyHash` to use RSA verify inline. --- wolfcrypt/src/signature.c | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/wolfcrypt/src/signature.c b/wolfcrypt/src/signature.c index 5d503338a..d731b5daf 100644 --- a/wolfcrypt/src/signature.c +++ b/wolfcrypt/src/signature.c @@ -195,14 +195,27 @@ int wc_SignatureVerifyHash( #else /* WOLFSSL_CRYPTOCELL */ word32 plain_len = hash_len; + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) byte *plain_data; + #else + byte plain_data[MAX_ENCODED_SIG_SZ]; + #endif + /* Make sure the plain text output is at least key size */ if (plain_len < sig_len) { plain_len = sig_len; } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) plain_data = (byte*)XMALLOC(plain_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (plain_data) { + if (plain_data) + #else + if (plain_len <= sizeof(plain_data)) + #endif + { + byte* plain_ptr = NULL; + XMEMSET(plain_data, 0, plain_len); + XMEMCPY(plain_data, sig, sig_len); /* Perform verification of signature using provided RSA key */ do { #ifdef WOLFSSL_ASYNC_CRYPT @@ -210,12 +223,11 @@ int wc_SignatureVerifyHash( WC_ASYNC_FLAG_CALL_AGAIN); #endif if (ret >= 0) - ret = wc_RsaSSL_Verify(sig, sig_len, plain_data, - plain_len, (RsaKey*)key); + ret = wc_RsaSSL_VerifyInline(plain_data, sig_len, &plain_ptr, (RsaKey*)key); } while (ret == WC_PENDING_E); - if (ret >= 0) { + if (ret >= 0 && plain_ptr) { if ((word32)ret == hash_len && - XMEMCMP(plain_data, hash_data, hash_len) == 0) { + XMEMCMP(plain_ptr, hash_data, hash_len) == 0) { ret = 0; /* Success */ } else { @@ -223,7 +235,9 @@ int wc_SignatureVerifyHash( ret = SIG_VERIFY_E; } } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) XFREE(plain_data, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif } else { ret = MEMORY_E;