From 21ee1904b5c46f314b862eea33d3b86fcf6c7c88 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Thu, 8 Jan 2004 13:37:13 +0100
Subject: [PATCH] (TMP_DECL, TMP_ALLOC): New macros. When alloca is
 unavailable, they work by allocating a fix amount of stack and imposing a
 hard limit on what can be allocated. Updated all users of alloca.

Rev: src/nettle/bignum-random.c:1.4
Rev: src/nettle/cbc.c:1.8
Rev: src/nettle/dsa-keygen.c:1.7
Rev: src/nettle/hmac.c:1.6
Rev: src/nettle/pkcs1-rsa-md5.c:1.3
Rev: src/nettle/pkcs1-rsa-sha1.c:1.3
Rev: src/nettle/rsa-decrypt.c:1.5
Rev: src/nettle/rsa-encrypt.c:1.8
Rev: src/nettle/sexp.c:1.15
---
 bignum-random.c  |  5 ++++-
 cbc.c            | 49 ++++++++++++++++++++++++------------------------
 dsa-keygen.c     |  5 ++++-
 hmac.c           | 10 +++++++---
 pkcs1-rsa-md5.c  |  8 ++++++--
 pkcs1-rsa-sha1.c |  8 ++++++--
 rsa-decrypt.c    |  5 +++--
 rsa-encrypt.c    |  5 +++--
 sexp.c           |  7 ++++---
 9 files changed, 61 insertions(+), 41 deletions(-)

diff --git a/bignum-random.c b/bignum-random.c
index 9b1a404b..16029216 100644
--- a/bignum-random.c
+++ b/bignum-random.c
@@ -32,6 +32,7 @@
 #include <stdlib.h>
 
 #include "bignum.h"
+#include "nettle-internal.h"
 
 void
 nettle_mpz_random_size(mpz_t x,
@@ -39,7 +40,8 @@ nettle_mpz_random_size(mpz_t x,
 		       unsigned bits)
 {
   unsigned length = (bits + 7) / 8;
-  uint8_t *data = alloca(length);
+  TMP_DECL(data, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
+  TMP_ALLOC(data, length);
 
   random(ctx, length, data);
 
@@ -49,6 +51,7 @@ nettle_mpz_random_size(mpz_t x,
     mpz_fdiv_r_2exp(x, x, bits);
 }
 
+/* Returns a random number x, 0 <= x < n */
 void
 nettle_mpz_random(mpz_t x,
 		  void *ctx, nettle_random_func random,
diff --git a/cbc.c b/cbc.c
index f28c9f21..72b71c71 100644
--- a/cbc.c
+++ b/cbc.c
@@ -34,6 +34,7 @@
 #include "cbc.h"
 
 #include "memxor.h"
+#include "nettle-internal.h"
 
 void
 cbc_encrypt(void *ctx, void (*f)(void *ctx,
@@ -106,33 +107,31 @@ cbc_decrypt(void *ctx, void (*f)(void *ctx,
        *
        * NOTE: We assume that block_size <= CBC_BUFFER_LIMIT. */
 
-      uint8_t *buffer;
-      
+      unsigned buffer_size;
+
       if (length <= CBC_BUFFER_LIMIT)
-	buffer = alloca(length);
+	buffer_size = length;
       else
-	{
-	  /* The buffer size must be an integral number of blocks. */
-	  unsigned buffer_size
-	    = CBC_BUFFER_LIMIT - (CBC_BUFFER_LIMIT % block_size);
-
-	  buffer = alloca(buffer_size);
-
-	  for ( ; length >= buffer_size;
-		length -= buffer_size, dst += buffer_size, src += buffer_size)
-	    {
-	      memcpy(buffer, src, buffer_size);
-	      cbc_decrypt_internal(ctx, f, block_size, iv,
-				   buffer_size, dst, buffer);
-	    }
-	  if (!length)
-	    return;
-	}
-      /* Now, we have at most CBC_BUFFER_LIMIT octets left */
-      memcpy(buffer, src, length);
-
-      cbc_decrypt_internal(ctx, f, block_size, iv,
-			   length, dst, buffer);
+	buffer_size
+	  = CBC_BUFFER_LIMIT - (CBC_BUFFER_LIMIT % block_size);
+
+      {
+	TMP_DECL(buffer, uint8_t, CBC_BUFFER_LIMIT);
+	TMP_ALLOC(buffer, buffer_size);
+
+	for ( ; length > buffer_size;
+	      length -= buffer_size, dst += buffer_size, src += buffer_size)
+	  {
+	    memcpy(buffer, src, buffer_size);
+	    cbc_decrypt_internal(ctx, f, block_size, iv,
+				 buffer_size, dst, buffer);
+	  }
+	/* Now, we have at most CBC_BUFFER_LIMIT octets left */
+	memcpy(buffer, src, length);
+	
+	cbc_decrypt_internal(ctx, f, block_size, iv,
+			     length, dst, buffer);
+      }
     }
 }
 
diff --git a/dsa-keygen.c b/dsa-keygen.c
index 2bd9fd66..beb895ed 100644
--- a/dsa-keygen.c
+++ b/dsa-keygen.c
@@ -35,6 +35,7 @@
 
 #include "bignum.h"
 #include "memxor.h"
+#include "nettle-internal.h"
 
 /* The (slow) NIST method of generating DSA primes. Algorithm 4.56 of
  * Handbook of Applied Cryptography. */
@@ -118,8 +119,10 @@ dsa_nist_gen(mpz_t p, mpz_t q,
 	progress(progress_ctx, '\n');
       
       {
+	/* Official maximum key size: L = 1024 => n = 6 */
+	TMP_DECL(buffer, uint8_t, (6 + 1) * SHA1_DIGEST_SIZE);
 	unsigned size = (n+1) * SHA1_DIGEST_SIZE;
-	uint8_t *buffer = alloca(size);
+	TMP_ALLOC(buffer, size);
 	unsigned i, j;
 	
 	for (i = 0, j = 2; i<4096; i++, j+= n+1)
diff --git a/hmac.c b/hmac.c
index 5ffae38b..2534fc14 100644
--- a/hmac.c
+++ b/hmac.c
@@ -33,6 +33,7 @@
 #include "hmac.h"
 
 #include "memxor.h"
+#include "nettle-internal.h"
 
 #define IPAD 0x36
 #define OPAD 0x5c
@@ -42,7 +43,8 @@ hmac_set_key(void *outer, void *inner, void *state,
 	     const struct nettle_hash *hash,
 	     unsigned key_length, const uint8_t *key)
 {
-  uint8_t *pad = alloca(hash->block_size);
+  TMP_DECL(pad, uint8_t, NETTLE_MAX_HASH_BLOCK_SIZE);
+  TMP_ALLOC(pad, hash->block_size);
   
   hash->init(outer);
   hash->init(inner);
@@ -52,7 +54,8 @@ hmac_set_key(void *outer, void *inner, void *state,
       /* Reduce key to the algorithm's hash size. Use the area pointed
        * to by state for the temporary state. */
 
-      uint8_t *digest = alloca(hash->digest_size);
+      TMP_DECL(digest, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
+      TMP_ALLOC(digest, hash->digest_size);
 
       hash->init(state);
       hash->update(state, key_length, key);
@@ -90,7 +93,8 @@ hmac_digest(const void *outer, const void *inner, void *state,
 	    const struct nettle_hash *hash, 	    
 	    unsigned length, uint8_t *dst)
 {
-  uint8_t *digest = alloca(hash->digest_size);
+  TMP_DECL(digest, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
+  TMP_ALLOC(digest, hash->digest_size);
 
   hash->digest(state, hash->digest_size, digest);
 
diff --git a/pkcs1-rsa-md5.c b/pkcs1-rsa-md5.c
index c337232d..d3ccd8b0 100644
--- a/pkcs1-rsa-md5.c
+++ b/pkcs1-rsa-md5.c
@@ -38,6 +38,8 @@
 #include "bignum.h"
 #include "pkcs1.h"
 
+#include "nettle-internal.h"
+
 /* From pkcs-1v2
  *
  *   md5 OBJECT IDENTIFIER ::=
@@ -64,7 +66,8 @@ md5_prefix[] =
 void
 pkcs1_rsa_md5_encode(mpz_t m, unsigned length, struct md5_ctx *hash)
 {
-  uint8_t *em = alloca(length);
+  TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
+  TMP_ALLOC(em, length);
 
   assert(length >= MD5_DIGEST_SIZE);
   pkcs1_signature_prefix(length - MD5_DIGEST_SIZE, em,
@@ -78,7 +81,8 @@ pkcs1_rsa_md5_encode(mpz_t m, unsigned length, struct md5_ctx *hash)
 void
 pkcs1_rsa_md5_encode_digest(mpz_t m, unsigned length, const uint8_t *digest)
 {
-  uint8_t *em = alloca(length);
+  TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
+  TMP_ALLOC(em, length);
 
   assert(length >= MD5_DIGEST_SIZE);
   pkcs1_signature_prefix(length - MD5_DIGEST_SIZE, em,
diff --git a/pkcs1-rsa-sha1.c b/pkcs1-rsa-sha1.c
index b2f94a89..62c51269 100644
--- a/pkcs1-rsa-sha1.c
+++ b/pkcs1-rsa-sha1.c
@@ -38,6 +38,8 @@
 #include "bignum.h"
 #include "pkcs1.h"
 
+#include "nettle-internal.h"
+
 /* From pkcs-1v2
  *
  *   id-sha1 OBJECT IDENTIFIER ::=
@@ -64,7 +66,8 @@ sha1_prefix[] =
 void
 pkcs1_rsa_sha1_encode(mpz_t m, unsigned length, struct sha1_ctx *hash)
 {
-  uint8_t *em = alloca(length);
+  TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
+  TMP_ALLOC(em, length);
 
   assert(length >= SHA1_DIGEST_SIZE);
   pkcs1_signature_prefix(length - SHA1_DIGEST_SIZE, em,
@@ -78,7 +81,8 @@ pkcs1_rsa_sha1_encode(mpz_t m, unsigned length, struct sha1_ctx *hash)
 void
 pkcs1_rsa_sha1_encode_digest(mpz_t m, unsigned length, const uint8_t *digest)
 {
-  uint8_t *em = alloca(length);
+  TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
+  TMP_ALLOC(em, length);
 
   assert(length >= SHA1_DIGEST_SIZE);
   pkcs1_signature_prefix(length - SHA1_DIGEST_SIZE, em,
diff --git a/rsa-decrypt.c b/rsa-decrypt.c
index 6f53c3db..058a7580 100644
--- a/rsa-decrypt.c
+++ b/rsa-decrypt.c
@@ -36,13 +36,14 @@
 #include "rsa.h"
 
 #include "bignum.h"
+#include "nettle-internal.h"
 
 int
 rsa_decrypt(const struct rsa_private_key *key,
 	    unsigned *length, uint8_t *message,
 	    const mpz_t gibberish)
 {
-  uint8_t *em;
+  TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
   uint8_t *terminator;
   unsigned padding;
   unsigned message_length;
@@ -52,7 +53,7 @@ rsa_decrypt(const struct rsa_private_key *key,
   mpz_init(m);
   rsa_compute_root(key, m, gibberish);
 
-  em = alloca(key->size);
+  TMP_ALLOC(em, key->size);
   nettle_mpz_get_str_256(key->size, em, m);
   mpz_clear(m);
 
diff --git a/rsa-encrypt.c b/rsa-encrypt.c
index ecc6760b..fab5f82b 100644
--- a/rsa-encrypt.c
+++ b/rsa-encrypt.c
@@ -36,6 +36,7 @@
 #include "rsa.h"
 
 #include "bignum.h"
+#include "nettle-internal.h"
 
 int
 rsa_encrypt(const struct rsa_public_key *key,
@@ -44,7 +45,7 @@ rsa_encrypt(const struct rsa_public_key *key,
 	    unsigned length, const uint8_t *message,
 	    mpz_t gibbberish)
 {
-  uint8_t *em;
+  TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
   unsigned padding;
   unsigned i;
   
@@ -64,7 +65,7 @@ rsa_encrypt(const struct rsa_public_key *key,
   padding = key->size - length - 3;
   assert(padding >= 8);
   
-  em = alloca(key->size - 1);
+  TMP_ALLOC(em, key->size - 1);
   em[0] = 2;
 
   random(random_ctx, padding, em + 1);
diff --git a/sexp.c b/sexp.c
index e6dce172..10992821 100644
--- a/sexp.c
+++ b/sexp.c
@@ -33,6 +33,7 @@
 #include "sexp.h"
 
 #include "macros.h"
+#include "nettle-internal.h"
 
 /* Initializes the iterator, but one has to call next to get to the
  * first element. */
@@ -324,11 +325,11 @@ sexp_iterator_assoc(struct sexp_iterator *iterator,
 		    const uint8_t **keys,
 		    struct sexp_iterator *values)
 {
-  int *found;
+  TMP_DECL(found, int, NETTLE_MAX_SEXP_ASSOC);
   unsigned nfound;
   unsigned i;
-  
-  found = alloca(nkeys * sizeof(*found));
+
+  TMP_ALLOC(found, nkeys);
   for (i = 0; i<nkeys; i++)
     found[i] = 0;
 
-- 
GitLab