WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #8725 from AlexLanzano/no-malloc-support 

Add support for no malloc with `wc_CheckCertSigPubKey`
pull/8762/head
JacobBarthelmeh 2025-05-09 14:23:47 -06:00 committed by GitHub
parent 3d92eb6d2e c2528d48d7
commit 8e0aefd321
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 1884 additions and 1702 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

231
wolfcrypt/src/asn.c
View File

@ -17501,14 +17501,20 @@ void FreeSignatureCtx(SignatureCtx* sigCtx)
if (sigCtx == NULL)
return;
#ifndef WOLFSSL_NO_MALLOC
XFREE(sigCtx->digest, sigCtx->heap, DYNAMIC_TYPE_DIGEST);
sigCtx->digest = NULL;
#if !(defined(NO_RSA) && defined(NO_DSA))
#if !defined(NO_RSA) || !defined(NO_DSA)
XFREE(sigCtx->sigCpy, sigCtx->heap, DYNAMIC_TYPE_SIGNATURE);
sigCtx->sigCpy = NULL;
#endif
#endif
#ifndef NO_ASN_CRYPT
if (sigCtx->key.ptr) {
#ifndef WOLFSSL_NO_MALLOC
if (sigCtx->key.ptr)
#endif
{
switch (sigCtx->keyOID) {
#ifndef NO_RSA
#ifdef WC_RSA_PSS
@ -17516,15 +17522,19 @@ void FreeSignatureCtx(SignatureCtx* sigCtx)
#endif
case RSAk:
wc_FreeRsaKey(sigCtx->key.rsa);
#ifndef WOLFSSL_NO_MALLOC
XFREE(sigCtx->key.rsa, sigCtx->heap, DYNAMIC_TYPE_RSA);
sigCtx->key.rsa = NULL;
#endif
break;
#endif /* !NO_RSA */
#ifndef NO_DSA
case DSAk:
wc_FreeDsaKey(sigCtx->key.dsa);
#ifndef WOLFSSL_NO_MALLOC
XFREE(sigCtx->key.dsa, sigCtx->heap, DYNAMIC_TYPE_DSA);
sigCtx->key.dsa = NULL;
#endif
break;
#endif
#ifdef HAVE_ECC
@ -17541,31 +17551,38 @@ void FreeSignatureCtx(SignatureCtx* sigCtx)
#endif /* WC_ECC_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW &&
WC_ASYNC_ENABLE_ECC */
wc_ecc_free(sigCtx->key.ecc);
#ifndef WOLFSSL_NO_MALLOC
XFREE(sigCtx->key.ecc, sigCtx->heap, DYNAMIC_TYPE_ECC);
sigCtx->key.ecc = NULL;
#endif
break;
#endif /* HAVE_ECC */
#ifdef HAVE_ED25519
case ED25519k:
wc_ed25519_free(sigCtx->key.ed25519);
#ifndef WOLFSSL_NO_MALLOC
XFREE(sigCtx->key.ed25519, sigCtx->heap, DYNAMIC_TYPE_ED25519);
sigCtx->key.ed25519 = NULL;
#endif
break;
#endif /* HAVE_ED25519 */
#ifdef HAVE_ED448
case ED448k:
wc_ed448_free(sigCtx->key.ed448);
#ifndef WOLFSSL_NO_MALLOC
XFREE(sigCtx->key.ed448, sigCtx->heap, DYNAMIC_TYPE_ED448);
sigCtx->key.ed448 = NULL;
#endif
break;
#endif /* HAVE_ED448 */
#if defined(HAVE_FALCON)
case FALCON_LEVEL1k:
case FALCON_LEVEL5k:
wc_falcon_free(sigCtx->key.falcon);
XFREE(sigCtx->key.falcon, sigCtx->heap,
DYNAMIC_TYPE_FALCON);
#ifndef WOLFSSL_NO_MALLOC
XFREE(sigCtx->key.falcon, sigCtx->heap, DYNAMIC_TYPE_FALCON);
sigCtx->key.falcon = NULL;
#endif
break;
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
@ -17578,9 +17595,11 @@ void FreeSignatureCtx(SignatureCtx* sigCtx)
case ML_DSA_LEVEL3k:
case ML_DSA_LEVEL5k:
wc_dilithium_free(sigCtx->key.dilithium);
#ifndef WOLFSSL_NO_MALLOC
XFREE(sigCtx->key.dilithium, sigCtx->heap,
DYNAMIC_TYPE_DILITHIUM);
DYNAMIC_TYPE_DILITHIUM);
sigCtx->key.dilithium = NULL;
#endif
break;
#endif /* HAVE_DILITHIUM */
#if defined(HAVE_SPHINCS)
@ -17591,17 +17610,20 @@ void FreeSignatureCtx(SignatureCtx* sigCtx)
case SPHINCS_SMALL_LEVEL3k:
case SPHINCS_SMALL_LEVEL5k:
wc_sphincs_free(sigCtx->key.sphincs);
XFREE(sigCtx->key.sphincs, sigCtx->heap,
DYNAMIC_TYPE_SPHINCS);
#ifndef WOLFSSL_NO_MALLOC
XFREE(sigCtx->key.sphincs, sigCtx->heap, DYNAMIC_TYPE_SPHINCS);
sigCtx->key.sphincs = NULL;
#endif
break;
#endif /* HAVE_SPHINCS */
default:
break;
} /* switch (keyOID) */
#ifndef WOLFSSL_NO_MALLOC
sigCtx->key.ptr = NULL;
#endif
}
#endif
#endif /* !NO_ASN_CRYPT */
/* reset state, we are done */
sigCtx->state = SIG_STATE_BEGIN;
@ -17787,6 +17809,68 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID,
}
#endif /* !NO_ASN_CRYPT && !NO_HASH_WRAPPER */
#if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
/* Try to parse as ASN.1 bitstring */
static int DecodeDsaAsn1Sig(const byte* sig, word32 sigSz, byte* sigCpy,
void* heap)
{
int ret = 0;
int rSz = 0, sSz = 0, mpinit = 0;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
mp_int* r = NULL;
mp_int* s = NULL;
#else
mp_int r[1];
mp_int s[1];
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
r = (mp_int*)XMALLOC(sizeof(*r), heap, DYNAMIC_TYPE_TMP_BUFFER);
s = (mp_int*)XMALLOC(sizeof(*s), heap, DYNAMIC_TYPE_TMP_BUFFER);
if (r == NULL || s == NULL) {
ret = MEMORY_E;
}
#endif
if (ret == 0) {
ret = mp_init_multi(r, s, NULL, NULL, NULL, NULL);
}
if (ret == 0) {
mpinit = 1;
if (DecodeECC_DSA_Sig(sig, sigSz, r, s) != 0) {
WOLFSSL_MSG("DSA sig decode ASN.1 failed!");
ret = ASN_SIG_CONFIRM_E;
}
}
if (ret == 0) {
rSz = mp_unsigned_bin_size(r);
sSz = mp_unsigned_bin_size(s);
if (rSz + sSz > (int)sigSz) {
WOLFSSL_MSG("DSA sig size invalid");
ret = ASN_SIG_CONFIRM_E;
}
}
if (ret == 0) {
if (mp_to_unsigned_bin(r, sigCpy) != MP_OKAY ||
mp_to_unsigned_bin(s, sigCpy + rSz) != MP_OKAY) {
WOLFSSL_MSG("DSA sig to unsigned bin failed!");
ret = ASN_SIG_CONFIRM_E;
}
}
if (mpinit) {
mp_free(r);
mp_free(s);
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(r, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(s, heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
(void)heap;
return ret;
}
#endif
/* Return codes: 0=Success, Negative (see error-crypt.h), ASN_SIG_CONFIRM_E */
int ConfirmSignature(SignatureCtx* sigCtx,
const byte* buf, word32 bufSz,
@ -17796,6 +17880,7 @@ int ConfirmSignature(SignatureCtx* sigCtx,
byte* rsaKeyIdx)
{
int ret = WC_NO_ERR_TRACE(ASN_SIG_CONFIRM_E); /* default to failure */
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
CertAttribute* certatt = NULL;
#endif
@ -17833,11 +17918,13 @@ int ConfirmSignature(SignatureCtx* sigCtx,
{
sigCtx->keyOID = keyOID; /* must set early for cleanup */
#ifndef WOLFSSL_NO_MALLOC
sigCtx->digest = (byte*)XMALLOC(WC_MAX_DIGEST_SIZE, sigCtx->heap,
DYNAMIC_TYPE_DIGEST);
if (sigCtx->digest == NULL) {
ERROR_OUT(MEMORY_E, exit_cs);
}
#endif
#if !defined(NO_RSA) && defined(WC_RSA_PSS)
/* RSA PSS Defaults */
@ -17902,20 +17989,24 @@ int ConfirmSignature(SignatureCtx* sigCtx,
{
word32 idx = 0;
#ifndef WOLFSSL_NO_MALLOC
sigCtx->key.rsa = (RsaKey*)XMALLOC(sizeof(RsaKey),
sigCtx->heap, DYNAMIC_TYPE_RSA);
if (sigCtx->key.rsa == NULL) {
ERROR_OUT(MEMORY_E, exit_cs);
}
#endif
if ((ret = wc_InitRsaKey_ex(sigCtx->key.rsa, sigCtx->heap,
sigCtx->devId)) != 0) {
goto exit_cs;
}
#ifndef WOLFSSL_NO_MALLOC
sigCtx->sigCpy = (byte*)XMALLOC(sigSz, sigCtx->heap,
DYNAMIC_TYPE_SIGNATURE);
if (sigCtx->sigCpy == NULL) {
ERROR_OUT(MEMORY_E, exit_cs);
}
#endif
if (sigSz > MAX_ENCODED_SIG_SZ) {
WOLFSSL_MSG("Verify Signature is too big");
ERROR_OUT(BUFFER_E, exit_cs);
@ -17944,20 +18035,24 @@ int ConfirmSignature(SignatureCtx* sigCtx,
WOLFSSL_MSG("Verify Signature is too small");
ERROR_OUT(BUFFER_E, exit_cs);
}
#ifndef WOLFSSL_NO_MALLOC
sigCtx->key.dsa = (DsaKey*)XMALLOC(sizeof(DsaKey),
sigCtx->heap, DYNAMIC_TYPE_DSA);
if (sigCtx->key.dsa == NULL) {
ERROR_OUT(MEMORY_E, exit_cs);
}
#endif
if ((ret = wc_InitDsaKey_h(sigCtx->key.dsa, sigCtx->heap)) != 0) {
WOLFSSL_MSG("wc_InitDsaKey_h error");
goto exit_cs;
}
#ifndef WOLFSSL_NO_MALLOC
sigCtx->sigCpy = (byte*)XMALLOC(sigSz,
sigCtx->heap, DYNAMIC_TYPE_SIGNATURE);
if (sigCtx->sigCpy == NULL) {
ERROR_OUT(MEMORY_E, exit_cs);
}
#endif
if ((ret = wc_DsaPublicKeyDecode(key, &idx, sigCtx->key.dsa,
keySz)) != 0) {
WOLFSSL_MSG("ASN Key decode error DSA");
@ -17965,80 +18060,9 @@ int ConfirmSignature(SignatureCtx* sigCtx,
goto exit_cs;
}
if (sigSz != DSA_160_SIG_SIZE &&
sigSz != DSA_256_SIG_SIZE) {
/* Try to parse it as the contents of a bitstring */
#ifdef WOLFSSL_SMALL_STACK
mp_int* r;
mp_int* s;
#else
mp_int r[1];
mp_int s[1];
#endif
int rSz;
int sSz;
#ifdef WOLFSSL_SMALL_STACK
r = (mp_int*)XMALLOC(sizeof(*r), sigCtx->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (r == NULL) {
ERROR_OUT(MEMORY_E, exit_cs);
}
s = (mp_int*)XMALLOC(sizeof(*s), sigCtx->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (s == NULL) {
XFREE(r, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
ERROR_OUT(MEMORY_E, exit_cs);
}
#endif
if ((ret = mp_init_multi(r, s, NULL, NULL, NULL, NULL)) != MP_OKAY) {
goto exit_cs;
}
idx = 0;
if (DecodeECC_DSA_Sig(sig + idx, sigSz - idx, r, s)
!= 0) {
WOLFSSL_MSG("DSA Sig is in unrecognized or "
"incorrect format");
mp_free(r);
mp_free(s);
#ifdef WOLFSSL_SMALL_STACK
XFREE(r, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(s, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
ERROR_OUT(ASN_SIG_CONFIRM_E, exit_cs);
}
rSz = mp_unsigned_bin_size(r);
sSz = mp_unsigned_bin_size(s);
if (rSz + sSz > (int)sigSz) {
WOLFSSL_MSG("DSA Sig is in unrecognized or "
"incorrect format");
mp_free(r);
mp_free(s);
#ifdef WOLFSSL_SMALL_STACK
XFREE(r, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(s, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
ERROR_OUT(ASN_SIG_CONFIRM_E, exit_cs);
}
if (mp_to_unsigned_bin(r, sigCtx->sigCpy) != MP_OKAY ||
mp_to_unsigned_bin(s,
sigCtx->sigCpy + rSz) != MP_OKAY) {
WOLFSSL_MSG("DSA Sig is in unrecognized or "
"incorrect format");
mp_free(r);
mp_free(s);
#ifdef WOLFSSL_SMALL_STACK
XFREE(r, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(s, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
ERROR_OUT(ASN_SIG_CONFIRM_E, exit_cs);
}
mp_free(r);
mp_free(s);
#ifdef WOLFSSL_SMALL_STACK
XFREE(r, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(s, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
sigSz != DSA_256_SIG_SIZE) {
ret = DecodeDsaAsn1Sig(sig, sigSz, sigCtx->sigCpy,
sigCtx->heap);
}
else {
XMEMCPY(sigCtx->sigCpy, sig, sigSz);
@ -18060,11 +18084,13 @@ int ConfirmSignature(SignatureCtx* sigCtx,
WC_ASYNC_ENABLE_ECC */
sigCtx->verify = 0;
#ifndef WOLFSSL_NO_MALLOC
sigCtx->key.ecc = (ecc_key*)XMALLOC(sizeof(ecc_key),
sigCtx->heap, DYNAMIC_TYPE_ECC);
if (sigCtx->key.ecc == NULL) {
ERROR_OUT(MEMORY_E, exit_cs);
}
#endif
if ((ret = wc_ecc_init_ex(sigCtx->key.ecc, sigCtx->heap,
sigCtx->devId)) < 0) {
goto exit_cs;
@ -18076,12 +18102,12 @@ int ConfirmSignature(SignatureCtx* sigCtx,
if (nbCtx == NULL) {
ERROR_OUT(MEMORY_E, exit_cs);
}
else {
ret = wc_ecc_set_nonblock(sigCtx->key.ecc, nbCtx);
if (ret != 0) {
goto exit_cs;
}
ret = wc_ecc_set_nonblock(sigCtx->key.ecc, nbCtx);
if (ret != 0) {
goto exit_cs;
}
#endif /* WC_ECC_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW &&
WC_ASYNC_ENABLE_ECC */
ret = wc_EccPublicKeyDecode(key, &idx, sigCtx->key.ecc,
@ -18101,12 +18127,14 @@ int ConfirmSignature(SignatureCtx* sigCtx,
case ED25519k:
{
sigCtx->verify = 0;
#ifndef WOLFSSL_NO_MALLOC
sigCtx->key.ed25519 = (ed25519_key*)XMALLOC(
sizeof(ed25519_key), sigCtx->heap,
DYNAMIC_TYPE_ED25519);
if (sigCtx->key.ed25519 == NULL) {
ERROR_OUT(MEMORY_E, exit_cs);
}
#endif
if ((ret = wc_ed25519_init_ex(sigCtx->key.ed25519,
sigCtx->heap, sigCtx->devId)) < 0) {
goto exit_cs;
@ -18127,12 +18155,14 @@ int ConfirmSignature(SignatureCtx* sigCtx,
case ED448k:
{
sigCtx->verify = 0;
#ifndef WOLFSSL_NO_MALLOC
sigCtx->key.ed448 = (ed448_key*)XMALLOC(
sizeof(ed448_key), sigCtx->heap,
DYNAMIC_TYPE_ED448);
if (sigCtx->key.ed448 == NULL) {
ERROR_OUT(MEMORY_E, exit_cs);
}
#endif
if ((ret = wc_ed448_init(sigCtx->key.ed448)) < 0) {
goto exit_cs;
}
@ -18153,6 +18183,7 @@ int ConfirmSignature(SignatureCtx* sigCtx,
{
word32 idx = 0;
sigCtx->verify = 0;
#ifndef WOLFSSL_NO_MALLOC
sigCtx->key.falcon =
(falcon_key*)XMALLOC(sizeof(falcon_key),
sigCtx->heap,
@ -18160,6 +18191,7 @@ int ConfirmSignature(SignatureCtx* sigCtx,
if (sigCtx->key.falcon == NULL) {
ERROR_OUT(MEMORY_E, exit_cs);
}
#endif
if ((ret = wc_falcon_init_ex(sigCtx->key.falcon,
sigCtx->heap, sigCtx->devId)) < 0) {
goto exit_cs;
@ -18180,6 +18212,7 @@ int ConfirmSignature(SignatureCtx* sigCtx,
{
word32 idx = 0;
sigCtx->verify = 0;
#ifndef WOLFSSL_NO_MALLOC
sigCtx->key.falcon =
(falcon_key*)XMALLOC(sizeof(falcon_key),
sigCtx->heap,
@ -18187,6 +18220,7 @@ int ConfirmSignature(SignatureCtx* sigCtx,
if (sigCtx->key.falcon == NULL) {
ERROR_OUT(MEMORY_E, exit_cs);
}
#endif
if ((ret = wc_falcon_init_ex(sigCtx->key.falcon,
sigCtx->heap, sigCtx->devId)) < 0) {
goto exit_cs;
@ -18243,12 +18277,14 @@ int ConfirmSignature(SignatureCtx* sigCtx,
goto exit_cs;
}
sigCtx->verify = 0;
#ifndef WOLFSSL_NO_MALLOC
sigCtx->key.dilithium = (dilithium_key*)XMALLOC(
sizeof(dilithium_key), sigCtx->heap,
DYNAMIC_TYPE_DILITHIUM);
if (sigCtx->key.dilithium == NULL) {
ERROR_OUT(MEMORY_E, exit_cs);
}
#endif
if ((ret = wc_dilithium_init_ex(sigCtx->key.dilithium,
sigCtx->heap, sigCtx->devId)) < 0) {
goto exit_cs;
@ -18270,6 +18306,7 @@ int ConfirmSignature(SignatureCtx* sigCtx,
{
word32 idx = 0;
sigCtx->verify = 0;
#ifndef WOLFSSL_NO_MALLOC
sigCtx->key.sphincs =
(sphincs_key*)XMALLOC(sizeof(sphincs_key),
sigCtx->heap,
@ -18277,6 +18314,8 @@ int ConfirmSignature(SignatureCtx* sigCtx,
if (sigCtx->key.sphincs == NULL) {
ERROR_OUT(MEMORY_E, exit_cs);
}
#endif
if ((ret = wc_sphincs_init(sigCtx->key.sphincs)) < 0) {
goto exit_cs;
}
@ -18296,6 +18335,7 @@ int ConfirmSignature(SignatureCtx* sigCtx,
{
word32 idx = 0;
sigCtx->verify = 0;
#ifndef WOLFSSL_NO_MALLOC
sigCtx->key.sphincs =
(sphincs_key*)XMALLOC(sizeof(sphincs_key),
sigCtx->heap,
@ -18303,6 +18343,7 @@ int ConfirmSignature(SignatureCtx* sigCtx,
if (sigCtx->key.sphincs == NULL) {
ERROR_OUT(MEMORY_E, exit_cs);
}
#endif
if ((ret = wc_sphincs_init(sigCtx->key.sphincs)) < 0) {
goto exit_cs;
}
@ -18322,6 +18363,7 @@ int ConfirmSignature(SignatureCtx* sigCtx,
{
word32 idx = 0;
sigCtx->verify = 0;
#ifndef WOLFSSL_NO_MALLOC
sigCtx->key.sphincs =
(sphincs_key*)XMALLOC(sizeof(sphincs_key),
sigCtx->heap,
@ -18329,6 +18371,7 @@ int ConfirmSignature(SignatureCtx* sigCtx,
if (sigCtx->key.sphincs == NULL) {
ERROR_OUT(MEMORY_E, exit_cs);
}
#endif
if ((ret = wc_sphincs_init(sigCtx->key.sphincs)) < 0) {
goto exit_cs;
}
@ -18348,6 +18391,7 @@ int ConfirmSignature(SignatureCtx* sigCtx,
{
word32 idx = 0;
sigCtx->verify = 0;
#ifndef WOLFSSL_NO_MALLOC
sigCtx->key.sphincs =
(sphincs_key*)XMALLOC(sizeof(sphincs_key),
sigCtx->heap,
@ -18355,6 +18399,7 @@ int ConfirmSignature(SignatureCtx* sigCtx,
if (sigCtx->key.sphincs == NULL) {
ERROR_OUT(MEMORY_E, exit_cs);
}
#endif
if ((ret = wc_sphincs_init(sigCtx->key.sphincs)) < 0) {
goto exit_cs;
}
@ -18374,6 +18419,7 @@ int ConfirmSignature(SignatureCtx* sigCtx,
{
word32 idx = 0;
sigCtx->verify = 0;
#ifndef WOLFSSL_NO_MALLOC
sigCtx->key.sphincs =
(sphincs_key*)XMALLOC(sizeof(sphincs_key),
sigCtx->heap,
@ -18381,6 +18427,7 @@ int ConfirmSignature(SignatureCtx* sigCtx,
if (sigCtx->key.sphincs == NULL) {
ERROR_OUT(MEMORY_E, exit_cs);
}
#endif
if ((ret = wc_sphincs_init(sigCtx->key.sphincs)) < 0) {
goto exit_cs;
}
@ -18400,6 +18447,7 @@ int ConfirmSignature(SignatureCtx* sigCtx,
{
word32 idx = 0;
sigCtx->verify = 0;
#ifndef WOLFSSL_NO_MALLOC
sigCtx->key.sphincs =
(sphincs_key*)XMALLOC(sizeof(sphincs_key),
sigCtx->heap,
@ -18407,6 +18455,7 @@ int ConfirmSignature(SignatureCtx* sigCtx,
if (sigCtx->key.sphincs == NULL) {
ERROR_OUT(MEMORY_E, exit_cs);
}
#endif
if ((ret = wc_sphincs_init(sigCtx->key.sphincs)) < 0) {
goto exit_cs;
}
@ -18683,7 +18732,7 @@ int ConfirmSignature(SignatureCtx* sigCtx,
defined(WOLFSSL_RENESAS_FSPSM_TLS)
if (sigCtx->CertAtt.verifyByTSIP_SCE == 1) break;
#endif
#ifdef WOLFSSL_SMALL_STACK
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
byte* encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ,
sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (encodedSig == NULL) {
@ -18710,7 +18759,7 @@ int ConfirmSignature(SignatureCtx* sigCtx,
WOLFSSL_ERROR_VERBOSE(ret);
}
#ifdef WOLFSSL_SMALL_STACK
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(encodedSig, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
break;
@ -23915,7 +23964,7 @@ static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap,
void* cm, const byte* pubKey, word32 pubKeySz, int pubKeyOID, int req)
{
#ifndef WOLFSSL_ASN_TEMPLATE
#ifndef WOLFSSL_SMALL_STACK
#if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC)
SignatureCtx sigCtx[1];
#else
SignatureCtx* sigCtx;
@ -23947,7 +23996,7 @@ static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap,
return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_SMALL_STACK
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
sigCtx = (SignatureCtx*)XMALLOC(sizeof(*sigCtx), heap, DYNAMIC_TYPE_SIGNATURE);
if (sigCtx == NULL)
return MEMORY_E;

6
wolfcrypt/src/hash.c
View File

@ -1477,13 +1477,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
void* heap, int devId)
{
int ret = 0;
#ifdef WOLFSSL_SMALL_STACK
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_Sha256* sha256;
#else
wc_Sha256 sha256[1];
#endif
#ifdef WOLFSSL_SMALL_STACK
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
sha256 = (wc_Sha256*)XMALLOC(sizeof(wc_Sha256), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (sha256 == NULL)
@ -1504,7 +1504,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
}
#ifdef WOLFSSL_SMALL_STACK
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif

7
wolfcrypt/src/sha256.c
View File

@ -1171,7 +1171,7 @@ static int InitSha256(wc_Sha256* sha256)
word32 S[8], t0, t1;
int i;
#ifdef WOLFSSL_SMALL_STACK_CACHE
#if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_NO_MALLOC)
word32* W = sha256->W;
if (W == NULL) {
W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE, NULL,
@ -1180,7 +1180,7 @@ static int InitSha256(wc_Sha256* sha256)
return MEMORY_E;
sha256->W = W;
}
#elif defined(WOLFSSL_SMALL_STACK)
#elif defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
word32* W;
W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
@ -1221,7 +1221,8 @@ static int InitSha256(wc_Sha256* sha256)
sha256->digest[i] += S[i];
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE) &&\
!defined(WOLFSSL_NO_MALLOC)
ForceZero(W, sizeof(word32) * WC_SHA256_BLOCK_SIZE);
XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif

1
wolfcrypt/test/test.c
View File

@ -33965,6 +33965,7 @@ static wc_test_ret_t ecc_test_nonblock_dhe(int curveId, word32 curveSz,
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
fprintf(stderr, "ECC non-block key gen: %d times\n", count);
#endif
(void)count;
if (ret == 0) {
ret = wc_ecc_check_key(&keyA);
if (ret < 0)

93
wolfssl/wolfcrypt/asn.h
View File

@ -44,12 +44,37 @@ that can be serialized and deserialized in a cross-platform way.
#include <wolfssl/wolfcrypt/wolfmath.h>
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
#ifndef NO_DH
#include <wolfssl/wolfcrypt/dh.h>
#endif
#ifndef NO_DSA
#include <wolfssl/wolfcrypt/dsa.h>
#endif
#ifndef NO_RSA
#include <wolfssl/wolfcrypt/rsa.h>
#endif
#ifdef HAVE_ECC
#include <wolfssl/wolfcrypt/ecc.h>
#endif
#ifdef HAVE_ED25519
#include <wolfssl/wolfcrypt/ed25519.h>
#endif
#ifdef HAVE_ED448
#include <wolfssl/wolfcrypt/ed448.h>
#endif
#ifdef HAVE_SPHINCS
#include <wolfssl/wolfcrypt/sphincs.h>
#endif
#ifdef HAVE_FALCON
#include <wolfssl/wolfcrypt/falcon.h>
#endif
#ifdef HAVE_DILITHIUM
#include <wolfssl/wolfcrypt/dilithium.h>
#endif
#ifndef NO_SHA
#include <wolfssl/wolfcrypt/sha.h>
#endif
@ -1407,12 +1432,20 @@ typedef struct tagCertAttribute {
struct SignatureCtx {
void* heap;
#ifdef WOLFSSL_NO_MALLOC
byte digest[WC_MAX_DIGEST_SIZE];
#else
byte* digest;
#endif
#ifndef NO_RSA
byte* out;
#endif
#if !(defined(NO_RSA) && defined(NO_DSA))
#if !defined(NO_RSA) || !defined(NO_DSA)
#ifdef WOLFSSL_NO_MALLOC
byte sigCpy[MAX_SIG_SZ];
#else
byte* sigCpy;
#endif
#endif
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
!defined(NO_DSA) || defined(HAVE_DILITHIUM) || defined(HAVE_FALCON) || \
@ -1421,30 +1454,64 @@ struct SignatureCtx {
#endif
union {
#ifndef NO_RSA
#ifdef WOLFSSL_NO_MALLOC
struct RsaKey rsa[1];
#else
struct RsaKey* rsa;
#endif
#endif
#ifndef NO_DSA
#ifdef WOLFSSL_NO_MALLOC
struct DsaKey dsa[1];
#else
struct DsaKey* dsa;
#endif
#endif
#ifdef HAVE_ECC
#ifdef WOLFSSL_NO_MALLOC
struct ecc_key ecc[1];
#else
struct ecc_key* ecc;
#endif
#endif
#ifdef HAVE_ED25519
#ifdef WOLFSSL_NO_MALLOC
struct ed25519_key ed25519[1];
#else
struct ed25519_key* ed25519;
#endif
#endif
#ifdef HAVE_ED448
#ifdef WOLFSSL_NO_MALLOC
struct ed448_key ed448[1];
#else
struct ed448_key* ed448;
#endif
#endif
#if defined(HAVE_FALCON)
#ifdef HAVE_FALCON
#ifdef WOLFSSL_NO_MALLOC
struct falcon_key falcon[1];
#else
struct falcon_key* falcon;
#endif
#endif
#if defined(HAVE_DILITHIUM)
#ifdef HAVE_DILITHIUM
#ifdef WOLFSSL_NO_MALLOC
struct dilithium_key dilithium[1];
#else
struct dilithium_key* dilithium;
#endif
#endif
#if defined(HAVE_SPHINCS)
#ifdef HAVE_SPHINCS
#ifdef WOLFSSL_NO_MALLOC
struct sphincs_key sphincs[1];
#else
struct sphincs_key* sphincs;
#endif
#endif
#ifndef WOLFSSL_NO_MALLOC
void* ptr;
#endif
} key;
int devId;
int state;
@ -1479,23 +1546,6 @@ struct SignatureCtx {
#endif
};
enum CertSignState {
CERTSIGN_STATE_BEGIN,
CERTSIGN_STATE_DIGEST,
CERTSIGN_STATE_ENCODE,
CERTSIGN_STATE_DO
};
struct CertSignCtx {
byte* sig;
byte* digest;
#ifndef NO_RSA
byte* encSig;
int encSigSz;
#endif
int state; /* enum CertSignState */
};
#define DOMAIN_COMPONENT_MAX 10
struct DecodedName {
@ -1577,7 +1627,6 @@ typedef struct Signer Signer;
typedef struct TrustedPeerCert TrustedPeerCert;
#endif /* WOLFSSL_TRUST_PEER_CERT */
typedef struct SignatureCtx SignatureCtx;
typedef struct CertSignCtx CertSignCtx;
#ifdef WC_ASN_UNKNOWN_EXT_CB
typedef int (*wc_UnknownExtCallback)(const word16* oid, word32 oidSz, int crit,

23
wolfssl/wolfcrypt/asn_public.h
View File

@ -32,7 +32,9 @@ This library defines the interface APIs for X509 certificates.
#define WOLF_CRYPT_ASN_PUBLIC_H
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/dsa.h>
#ifndef NO_DSA
#include <wolfssl/wolfcrypt/dsa.h>
#endif
#include <wolfssl/wolfcrypt/random.h>
#ifdef __cplusplus
@ -718,25 +720,6 @@ WOLFSSL_API int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz);
WOLFSSL_API int wc_EccPublicKeyDerSize(ecc_key* key, int with_AlgCurve);
#endif
/* RFC 5958 (Asymmetric Key Packages) */
#if !defined(WC_ENABLE_ASYM_KEY_EXPORT) && \
((defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)) || \
(defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)) || \
(defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)) || \
(defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_EXPORT)) || \
(defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)))
#define WC_ENABLE_ASYM_KEY_EXPORT
#endif
#if !defined(WC_ENABLE_ASYM_KEY_IMPORT) && \
((defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)) || \
(defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) || \
(defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)) || \
(defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) || \
(defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)))
#define WC_ENABLE_ASYM_KEY_IMPORT
#endif
#ifdef HAVE_ED25519
#ifdef HAVE_ED25519_KEY_IMPORT
WOLFSSL_API int wc_Ed25519PrivateKeyDecode(const byte* input, word32* inOutIdx,

23
wolfssl/wolfcrypt/settings.h
View File

@ -3119,6 +3119,29 @@ extern void uITRON4_free(void *p) ;
#endif
#endif /* HAVE_ED448 */
/* RFC 5958 (Asymmetric Key Packages) */
#if !defined(WC_ENABLE_ASYM_KEY_EXPORT) && \
((defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)) || \
(defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)) || \
(defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)) || \
(defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_EXPORT)) || \
defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || \
defined(HAVE_SPHINCS) || defined(HAVE_LIBOQS))
#define WC_ENABLE_ASYM_KEY_EXPORT
#endif
#if !defined(WC_ENABLE_ASYM_KEY_IMPORT) && \
((defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)) || \
(defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) || \
(defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)) || \
(defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) || \
defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || \
defined(HAVE_SPHINCS) || defined(HAVE_LIBOQS))
#define WC_ENABLE_ASYM_KEY_IMPORT
#endif
/* FIPS does not support CFB1 or CFB8 */
#if !defined(WOLFSSL_NO_AES_CFB_1_8) && \
(defined(HAVE_SELFTEST) || \

3202
wolfssl/wolfcrypt/types.h
View File

File diff suppressed because it is too large Load Diff