espressif/mbedtls
1
0
Fork 0
mirror of https://github.com/espressif/mbedtls.git synced 2025-05-10 03:39:03 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7991 from sarveshb14/fix/psa_rsa_signature_using_large_stack

Browse Source 
rsa_signature: Use heap memory to allocate DER encoded RSA private key
This commit is contained in:
Gilles Peskine 2023-08-16 09:23:29 +00:00 committed by GitHub
commit a4c01dd6e9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog.d/use_heap_rsa_signature.txt Normal file
View File

@ -0,0 +1,4 @@
Changes
* Use heap memory to allocate DER encoded RSA private key.
This reduces stack usage significantly for RSA signature
operations when MBEDTLS_PSA_CRYPTO_C is defined.

13
library/pk_wrap.c
View File

@ -302,11 +302,16 @@ int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t alg,
psa_status_t status; psa_status_t status;
mbedtls_pk_context key; mbedtls_pk_context key;
int key_len; int key_len;
unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES]; unsigned char *buf = NULL;
buf = mbedtls_calloc(1, MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES);
if (buf == NULL) {
return MBEDTLS_ERR_PK_ALLOC_FAILED;
}
mbedtls_pk_info_t pk_info = mbedtls_rsa_info; mbedtls_pk_info_t pk_info = mbedtls_rsa_info;
*sig_len = mbedtls_rsa_get_len(rsa_ctx); *sig_len = mbedtls_rsa_get_len(rsa_ctx);
if (sig_size < *sig_len) { if (sig_size < *sig_len) {
mbedtls_free(buf);
return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL; return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL;
} }
@ -314,8 +319,9 @@ int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t alg,
* re-construct one to make it happy */ * re-construct one to make it happy */
key.pk_info = &pk_info; key.pk_info = &pk_info;
key.pk_ctx = rsa_ctx; key.pk_ctx = rsa_ctx;
key_len = mbedtls_pk_write_key_der(&key, buf, sizeof(buf)); key_len = mbedtls_pk_write_key_der(&key, buf, MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES);
if (key_len <= 0) { if (key_len <= 0) {
mbedtls_free(buf);
return MBEDTLS_ERR_PK_BAD_INPUT_DATA; return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
} }
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
@ -323,7 +329,7 @@ int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t alg,
psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR); psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
status = psa_import_key(&attributes, status = psa_import_key(&attributes,
buf + sizeof(buf) - key_len, key_len, buf + MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES - key_len, key_len,
&key_id); &key_id);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
ret = PSA_PK_TO_MBEDTLS_ERR(status); ret = PSA_PK_TO_MBEDTLS_ERR(status);
@ -339,6 +345,7 @@ int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t alg,
ret = 0; ret = 0;
cleanup: cleanup:
mbedtls_free(buf);
status = psa_destroy_key(key_id); status = psa_destroy_key(key_id);
if (ret == 0 && status != PSA_SUCCESS) { if (ret == 0 && status != PSA_SUCCESS) {
ret = PSA_PK_TO_MBEDTLS_ERR(status); ret = PSA_PK_TO_MBEDTLS_ERR(status);