mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ssl: refactoring CyaSSL_RSA_sign to reduce stack usage:

Browse Source 
--- variable tmpRNG moved to the heap (sizeof(RNG) saved)
--- variable encodedSig moved to the heap (512 bytes saved)
This commit is contained in:
Moisés Guimarães 2014-09-12 13:13:40 -03:00
parent 961bf710bc
commit 3f459591c6
1 changed files with 75 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

134
src/ssl.c
View File

@ -1182,7 +1182,7 @@ int CyaSSL_CertPemToDer(const unsigned char* pem, int pemSz,
int ret; int ret;
buffer der; buffer der;
#ifdef CYASSL_SMALL_STACK #ifdef CYASSL_SMALL_STACK
EncryptedInfo* info; EncryptedInfo* info = NULL;
#else #else
EncryptedInfo info[1]; EncryptedInfo info[1];
#endif #endif
@ -1262,7 +1262,7 @@ int CyaSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff,
int ret; int ret;
buffer der; buffer der;
#ifdef CYASSL_SMALL_STACK #ifdef CYASSL_SMALL_STACK
EncryptedInfo* info; EncryptedInfo* info = NULL;
#else #else
EncryptedInfo info[1]; EncryptedInfo info[1];
#endif #endif
@ -1582,7 +1582,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
word32 row; word32 row;
byte* subjectHash; byte* subjectHash;
#ifdef CYASSL_SMALL_STACK #ifdef CYASSL_SMALL_STACK
DecodedCert* cert; DecodedCert* cert = NULL;
#else #else
DecodedCert cert[1]; DecodedCert cert[1];
#endif #endif
@ -2006,7 +2006,7 @@ static int ProcessBuffer(CYASSL_CTX* ctx, const unsigned char* buff,
int rsaKey = 0; int rsaKey = 0;
void* heap = ctx ? ctx->heap : NULL; void* heap = ctx ? ctx->heap : NULL;
#ifdef CYASSL_SMALL_STACK #ifdef CYASSL_SMALL_STACK
EncryptedInfo* info; EncryptedInfo* info = NULL;
#else #else
EncryptedInfo info[1]; EncryptedInfo info[1];
#endif #endif
@ -2351,7 +2351,7 @@ static int ProcessBuffer(CYASSL_CTX* ctx, const unsigned char* buff,
} }
else if (type == CERT_TYPE) { else if (type == CERT_TYPE) {
#ifdef CYASSL_SMALL_STACK #ifdef CYASSL_SMALL_STACK
DecodedCert* cert; DecodedCert* cert = NULL;
#else #else
DecodedCert cert[1]; DecodedCert cert[1];
#endif #endif
@ -2446,7 +2446,7 @@ int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff,
int ret = 0; int ret = 0;
buffer der; buffer der;
#ifdef CYASSL_SMALL_STACK #ifdef CYASSL_SMALL_STACK
DecodedCert* cert; DecodedCert* cert = NULL;
#else #else
DecodedCert cert[1]; DecodedCert cert[1];
#endif #endif
@ -2466,7 +2466,7 @@ int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff,
if (format == SSL_FILETYPE_PEM) { if (format == SSL_FILETYPE_PEM) {
int eccKey = 0; /* not used */ int eccKey = 0; /* not used */
#ifdef CYASSL_SMALL_STACK #ifdef CYASSL_SMALL_STACK
EncryptedInfo* info; EncryptedInfo* info = NULL;
#else #else
EncryptedInfo info[1]; EncryptedInfo info[1];
#endif #endif
@ -2579,7 +2579,7 @@ int CyaSSL_CertManagerCheckOCSP(CYASSL_CERT_MANAGER* cm, byte* der, int sz)
{ {
int ret; int ret;
#ifdef CYASSL_SMALL_STACK #ifdef CYASSL_SMALL_STACK
DecodedCert* cert; DecodedCert* cert = NULL;
#else #else
DecodedCert cert[1]; DecodedCert cert[1];
#endif #endif
@ -3063,7 +3063,7 @@ int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER* cm, byte* der, int sz)
{ {
int ret = 0; int ret = 0;
#ifdef CYASSL_SMALL_STACK #ifdef CYASSL_SMALL_STACK
DecodedCert* cert; DecodedCert* cert = NULL;
#else #else
DecodedCert cert[1]; DecodedCert cert[1];
#endif #endif
@ -3237,7 +3237,7 @@ int CyaSSL_CTX_der_load_verify_locations(CYASSL_CTX* ctx, const char* file,
int CyaSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) int CyaSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
{ {
#ifdef CYASSL_SMALL_STACK #ifdef CYASSL_SMALL_STACK
EncryptedInfo* info; EncryptedInfo* info = NULL;
byte staticBuffer[1]; /* force XMALLOC */ byte staticBuffer[1]; /* force XMALLOC */
#else #else
EncryptedInfo info[1]; EncryptedInfo info[1];
@ -6634,7 +6634,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
int keyOutput = 0; int keyOutput = 0;
byte digest[MD5_DIGEST_SIZE]; byte digest[MD5_DIGEST_SIZE];
#ifdef CYASSL_SMALL_STACK #ifdef CYASSL_SMALL_STACK
Md5* md5; Md5* md5 = NULL;
#else #else
Md5 md5[1]; Md5 md5[1];
#endif #endif
@ -7594,7 +7594,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
int type; int type;
unsigned char* ret = NULL; unsigned char* ret = NULL;
#ifdef CYASSL_SMALL_STACK #ifdef CYASSL_SMALL_STACK
Hmac* hmac; Hmac* hmac = NULL;
#else #else
Hmac hmac[1]; Hmac hmac[1];
#endif #endif
@ -8288,7 +8288,7 @@ CYASSL_X509* CyaSSL_X509_d2i(CYASSL_X509** x509, const byte* in, int len)
if (in != NULL && len != 0) { if (in != NULL && len != 0) {
#ifdef CYASSL_SMALL_STACK #ifdef CYASSL_SMALL_STACK
DecodedCert* cert; DecodedCert* cert = NULL;
#else #else
DecodedCert cert[1]; DecodedCert cert[1];
#endif #endif
@ -8414,7 +8414,7 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
if (format == SSL_FILETYPE_PEM) { if (format == SSL_FILETYPE_PEM) {
int ecc = 0; int ecc = 0;
#ifdef CYASSL_SMALL_STACK #ifdef CYASSL_SMALL_STACK
EncryptedInfo* info; EncryptedInfo* info = NULL;
#else #else
EncryptedInfo info[1]; EncryptedInfo info[1];
#endif #endif
@ -8464,7 +8464,7 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
/* ready to be decoded. */ /* ready to be decoded. */
if (der.buffer != NULL) { if (der.buffer != NULL) {
#ifdef CYASSL_SMALL_STACK #ifdef CYASSL_SMALL_STACK
DecodedCert* cert; DecodedCert* cert = NULL;
#else #else
DecodedCert cert[1]; DecodedCert cert[1];
#endif #endif
@ -9831,7 +9831,7 @@ int CyaSSL_cmp_peer_cert_to_file(CYASSL* ssl, const char *fname)
if (ssl != NULL && fname != NULL) if (ssl != NULL && fname != NULL)
{ {
#ifdef CYASSL_SMALL_STACK #ifdef CYASSL_SMALL_STACK
EncryptedInfo* info; EncryptedInfo* info = NULL;
byte staticBuffer[1]; /* force heap usage */ byte staticBuffer[1]; /* force heap usage */
#else #else
EncryptedInfo info[1]; EncryptedInfo info[1];
@ -11065,68 +11065,82 @@ int CyaSSL_RSA_sign(int type, const unsigned char* m,
unsigned int mLen, unsigned char* sigRet, unsigned int mLen, unsigned char* sigRet,
unsigned int* sigLen, CYASSL_RSA* rsa) unsigned int* sigLen, CYASSL_RSA* rsa)
{ {
byte encodedSig[MAX_ENCODED_SIG_SZ];
word32 outLen; word32 outLen;
word32 signSz; word32 signSz;
RNG tmpRNG; RNG* rng = NULL;
RNG* rng = &tmpRNG; int ret = 0;
#ifdef CYASSL_SMALL_STACK
RNG* tmpRNG = NULL;
byte* encodedSig = NULL;
#else
RNG tmpRNG[1];
byte encodedSig[MAX_ENCODED_SIG_SZ];
#endif
CYASSL_MSG("CyaSSL_RSA_sign"); CYASSL_MSG("CyaSSL_RSA_sign");
if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL) { if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL)
CYASSL_MSG("Bad function arguments"); CYASSL_MSG("Bad function arguments");
return 0; else if (rsa->inSet == 0)
}
if (rsa->inSet == 0) {
CYASSL_MSG("No RSA internal set"); CYASSL_MSG("No RSA internal set");
return 0; else if (type != NID_md5 && type != NID_sha1)
} CYASSL_MSG("Bad md type");
else {
outLen = (word32)CyaSSL_BN_num_bytes(rsa->n);
outLen = (word32)CyaSSL_BN_num_bytes(rsa->n); #ifdef CYASSL_SMALL_STACK
if (outLen == 0) { tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
CYASSL_MSG("Bad RSA size"); if (tmpRNG == NULL)
return 0; return 0;
}
if (InitRng(&tmpRNG) != 0) { encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
CYASSL_MSG("Bad RNG Init, trying global"); DYNAMIC_TYPE_TMP_BUFFER);
if (initGlobalRNG == 0) { if (encodedSig == NULL) {
CYASSL_MSG("Global RNG no Init"); XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return 0; return 0;
} }
rng = &globalRNG; #endif
if (outLen == 0)
CYASSL_MSG("Bad RSA size");
else if (InitRng(tmpRNG) == 0) {
rng = tmpRNG;
}
else {
CYASSL_MSG("Bad RNG Init, trying global");
if (initGlobalRNG == 0)
CYASSL_MSG("Global RNG no Init");
else
rng = &globalRNG;
}
} }
switch (type) { if (rng) {
case NID_md5: type = (type == NID_md5) ? MD5h : SHAh;
type = MD5h;
break;
case NID_sha1: signSz = EncodeSignature(encodedSig, m, mLen, type);
type = SHAh; if (signSz == 0) {
break; CYASSL_MSG("Bad Encode Signature");
}
else {
*sigLen = RsaSSL_Sign(encodedSig, signSz, sigRet, outLen,
(RsaKey*)rsa->internal, rng);
if (*sigLen <= 0)
CYASSL_MSG("Bad Rsa Sign");
else
ret = SSL_SUCCESS;
}
default:
CYASSL_MSG("Bad md type");
return 0;
} }
signSz = EncodeSignature(encodedSig, m, mLen, type); #ifdef CYASSL_SMALL_STACK
if (signSz == 0) { XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
CYASSL_MSG("Bad Encode Signature"); XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return 0; #endif
}
*sigLen = RsaSSL_Sign(encodedSig, signSz, sigRet, outLen,
(RsaKey*)rsa->internal, rng);
if (*sigLen <= 0) {
CYASSL_MSG("Bad Rsa Sign");
return 0;
}
CYASSL_MSG("CyaSSL_RSA_sign success"); CYASSL_MSG("CyaSSL_RSA_sign success");
return SSL_SUCCESS; return ret;
} }
@ -11674,7 +11688,7 @@ CYASSL_X509* CyaSSL_get_chain_X509(CYASSL_X509_CHAIN* chain, int idx)
int ret; int ret;
CYASSL_X509* x509 = NULL; CYASSL_X509* x509 = NULL;
#ifdef CYASSL_SMALL_STACK #ifdef CYASSL_SMALL_STACK
DecodedCert* cert; DecodedCert* cert = NULL;
#else #else
DecodedCert cert[1]; DecodedCert cert[1];
#endif #endif