Skip to content

Commit a1cfb55

Browse files
night1ridernight1rider
committed
Address feedback from Fenrir
1 parent 1207849 commit a1cfb55

3 files changed

Lines changed: 609 additions & 413 deletions

File tree

wolfcrypt/src/asn.c

Lines changed: 60 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -8336,6 +8336,8 @@ int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
83368336
wc_RsaEncryptSize(tmpKey), NULL, 0, 0);
83378337
}
83388338

8339+
/* wc_FreeRsaKey calls mp_forcezero on all private key components,
8340+
* so no separate ForceZero of the struct is needed here. */
83398341
wc_FreeRsaKey(tmpKey);
83408342
WC_FREE_VAR(tmpKey, key->heap);
83418343

@@ -36418,6 +36420,59 @@ int wc_Asn1_PrintAll(Asn1* asn1, Asn1PrintOptions* opts, unsigned char* data,
3641836420

3641936421
/* Functions that parse, but are not using ASN.1 */
3642036422
#if !defined(NO_RSA) && (!defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH))
36423+
/* Software-only import of RSA public key elements (n, e) into RsaKey.
36424+
* This internal helper avoids recursion when called from the SETKEY path. */
36425+
static int _RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
36426+
word32 eSz, RsaKey* key)
36427+
{
36428+
if (n == NULL || e == NULL || key == NULL) {
36429+
return BAD_FUNC_ARG;
36430+
}
36431+
36432+
key->type = RSA_PUBLIC;
36433+
36434+
if (mp_init(&key->n) != MP_OKAY) {
36435+
return MP_INIT_E;
36436+
}
36437+
36438+
if (mp_read_unsigned_bin(&key->n, n, nSz) != 0) {
36439+
mp_clear(&key->n);
36440+
return ASN_GETINT_E;
36441+
}
36442+
#ifdef HAVE_WOLF_BIGINT
36443+
if ((int)nSz > 0 && wc_bigint_from_unsigned_bin(&key->n.raw, n, nSz) != 0) {
36444+
mp_clear(&key->n);
36445+
return ASN_GETINT_E;
36446+
}
36447+
#endif /* HAVE_WOLF_BIGINT */
36448+
36449+
if (mp_init(&key->e) != MP_OKAY) {
36450+
mp_clear(&key->n);
36451+
return MP_INIT_E;
36452+
}
36453+
36454+
if (mp_read_unsigned_bin(&key->e, e, eSz) != 0) {
36455+
mp_clear(&key->n);
36456+
mp_clear(&key->e);
36457+
return ASN_GETINT_E;
36458+
}
36459+
#ifdef HAVE_WOLF_BIGINT
36460+
if ((int)eSz > 0 && wc_bigint_from_unsigned_bin(&key->e.raw, e, eSz) != 0) {
36461+
mp_clear(&key->n);
36462+
mp_clear(&key->e);
36463+
return ASN_GETINT_E;
36464+
}
36465+
#endif /* HAVE_WOLF_BIGINT */
36466+
36467+
#ifdef WOLFSSL_XILINX_CRYPT
36468+
if (wc_InitRsaHw(key) != 0) {
36469+
return BAD_STATE_E;
36470+
}
36471+
#endif
36472+
36473+
return 0;
36474+
}
36475+
3642136476
/* import RSA public key elements (n, e) into RsaKey structure (key) */
3642236477
/* this function does not use any ASN.1 parsing */
3642336478
int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
@@ -36429,8 +36484,9 @@ int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
3642936484
WC_DECLARE_VAR(tmpKey, RsaKey, 1, NULL);
3643036485
#endif
3643136486

36432-
if (n == NULL || e == NULL || key == NULL)
36487+
if (n == NULL || e == NULL || key == NULL) {
3643336488
return BAD_FUNC_ARG;
36489+
}
3643436490

3643536491
#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_SETKEY)
3643636492
#ifndef WOLF_CRYPTO_CB_FIND
@@ -36450,8 +36506,8 @@ int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
3645036506
return tmpErr;
3645136507
}
3645236508

36453-
/* Recursive call imports n, e into temp via software */
36454-
tmpErr = wc_RsaPublicKeyDecodeRaw(n, nSz, e, eSz, tmpKey);
36509+
/* Import into temp via software helper (no callback recursion) */
36510+
tmpErr = _RsaPublicKeyDecodeRaw(n, nSz, e, eSz, tmpKey);
3645536511
if (tmpErr == 0) {
3645636512
cbRet = wc_CryptoCb_SetKey(key->devId,
3645736513
WC_SETKEY_RSA_PUB, key, tmpKey,
@@ -36471,47 +36527,7 @@ int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
3647136527
}
3647236528
#endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_SETKEY */
3647336529

36474-
key->type = RSA_PUBLIC;
36475-
36476-
if (mp_init(&key->n) != MP_OKAY)
36477-
return MP_INIT_E;
36478-
36479-
if (mp_read_unsigned_bin(&key->n, n, nSz) != 0) {
36480-
mp_clear(&key->n);
36481-
return ASN_GETINT_E;
36482-
}
36483-
#ifdef HAVE_WOLF_BIGINT
36484-
if ((int)nSz > 0 && wc_bigint_from_unsigned_bin(&key->n.raw, n, nSz) != 0) {
36485-
mp_clear(&key->n);
36486-
return ASN_GETINT_E;
36487-
}
36488-
#endif /* HAVE_WOLF_BIGINT */
36489-
36490-
if (mp_init(&key->e) != MP_OKAY) {
36491-
mp_clear(&key->n);
36492-
return MP_INIT_E;
36493-
}
36494-
36495-
if (mp_read_unsigned_bin(&key->e, e, eSz) != 0) {
36496-
mp_clear(&key->n);
36497-
mp_clear(&key->e);
36498-
return ASN_GETINT_E;
36499-
}
36500-
#ifdef HAVE_WOLF_BIGINT
36501-
if ((int)eSz > 0 && wc_bigint_from_unsigned_bin(&key->e.raw, e, eSz) != 0) {
36502-
mp_clear(&key->n);
36503-
mp_clear(&key->e);
36504-
return ASN_GETINT_E;
36505-
}
36506-
#endif /* HAVE_WOLF_BIGINT */
36507-
36508-
#ifdef WOLFSSL_XILINX_CRYPT
36509-
if (wc_InitRsaHw(key) != 0) {
36510-
return BAD_STATE_E;
36511-
}
36512-
#endif
36513-
36514-
return 0;
36530+
return _RsaPublicKeyDecodeRaw(n, nSz, e, eSz, key);
3651536531
}
3651636532
#endif /* !NO_RSA && (!NO_BIG_INT || WOLFSSL_SP_MATH) */
3651736533

0 commit comments

Comments
 (0)