Improve the build message to not always allocate the IV (16 byte) (use fixed buffer if <= 16 bytes).

2022-03-17 14:01:57 -07:00 · 2022-03-17 14:01:57 -07:00 · ae25a48509
commit ae25a48509
parent 3fba5d17c3
2 changed files with 14 additions and 4 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -18116,8 +18116,10 @@ int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes)
 void FreeBuildMsgArgs(WOLFSSL* ssl, BuildMsgArgs* args)
 {
    if (args) {
-        if (ssl && args->iv)
+        /* only free the IV if it was dynamically allocated */
+        if (ssl && args->iv && (args->iv != args->staticIvBuffer)) {
            XFREE(args->iv, ssl->heap, DYNAMIC_TYPE_SALT);
+        }
        XMEMSET(args, 0, sizeof(BuildMsgArgs));
    }
 }
@ -18312,9 +18314,16 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
            }

            if (args->ivSz > 0) {
-                args->iv = (byte*)XMALLOC(args->ivSz, ssl->heap, DYNAMIC_TYPE_SALT);
-                if (args->iv == NULL)
-                    ERROR_OUT(MEMORY_E, exit_buildmsg);
+                if (args->ivSz > sizeof(args->staticIvBuffer)) {
+                    args->iv = (byte*)XMALLOC(args->ivSz, ssl->heap,
+                                              DYNAMIC_TYPE_SALT);
+                    if (args->iv == NULL) {
+                        ERROR_OUT(MEMORY_E, exit_buildmsg);
+                    }
+                }
+                else {
+                    args->iv = args->staticIvBuffer;
+                }

                ret = wc_RNG_GenerateBlock(ssl->rng, args->iv, args->ivSz);
                if (ret != 0)
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -4183,6 +4183,7 @@ typedef struct BuildMsgArgs {
    word16 size;
    word32 ivSz;      /* TLSv1.1  IV */
    byte*  iv;
+    ALIGN16 byte staticIvBuffer[MAX_IV_SZ];
 } BuildMsgArgs;
 #endif