Commit 21ee1904 authored by Niels Möller's avatar Niels Möller
Browse files

(TMP_DECL, TMP_ALLOC): New macros. When alloca is unavailable, they

work by allocating a fix amount of stack and imposing a hard limit on
what can be allocated. Updated all users of alloca.

Rev: src/nettle/bignum-random.c:1.4
Rev: src/nettle/cbc.c:1.8
Rev: src/nettle/dsa-keygen.c:1.7
Rev: src/nettle/hmac.c:1.6
Rev: src/nettle/pkcs1-rsa-md5.c:1.3
Rev: src/nettle/pkcs1-rsa-sha1.c:1.3
Rev: src/nettle/rsa-decrypt.c:1.5
Rev: src/nettle/rsa-encrypt.c:1.8
Rev: src/nettle/sexp.c:1.15
parent dcd5b982
...@@ -32,6 +32,7 @@ ...@@ -32,6 +32,7 @@
#include <stdlib.h> #include <stdlib.h>
#include "bignum.h" #include "bignum.h"
#include "nettle-internal.h"
void void
nettle_mpz_random_size(mpz_t x, nettle_mpz_random_size(mpz_t x,
...@@ -39,7 +40,8 @@ nettle_mpz_random_size(mpz_t x, ...@@ -39,7 +40,8 @@ nettle_mpz_random_size(mpz_t x,
unsigned bits) unsigned bits)
{ {
unsigned length = (bits + 7) / 8; unsigned length = (bits + 7) / 8;
uint8_t *data = alloca(length); TMP_DECL(data, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
TMP_ALLOC(data, length);
random(ctx, length, data); random(ctx, length, data);
...@@ -49,6 +51,7 @@ nettle_mpz_random_size(mpz_t x, ...@@ -49,6 +51,7 @@ nettle_mpz_random_size(mpz_t x,
mpz_fdiv_r_2exp(x, x, bits); mpz_fdiv_r_2exp(x, x, bits);
} }
/* Returns a random number x, 0 <= x < n */
void void
nettle_mpz_random(mpz_t x, nettle_mpz_random(mpz_t x,
void *ctx, nettle_random_func random, void *ctx, nettle_random_func random,
......
...@@ -34,6 +34,7 @@ ...@@ -34,6 +34,7 @@
#include "cbc.h" #include "cbc.h"
#include "memxor.h" #include "memxor.h"
#include "nettle-internal.h"
void void
cbc_encrypt(void *ctx, void (*f)(void *ctx, cbc_encrypt(void *ctx, void (*f)(void *ctx,
...@@ -106,34 +107,32 @@ cbc_decrypt(void *ctx, void (*f)(void *ctx, ...@@ -106,34 +107,32 @@ cbc_decrypt(void *ctx, void (*f)(void *ctx,
* *
* NOTE: We assume that block_size <= CBC_BUFFER_LIMIT. */ * NOTE: We assume that block_size <= CBC_BUFFER_LIMIT. */
uint8_t *buffer; unsigned buffer_size;
if (length <= CBC_BUFFER_LIMIT) if (length <= CBC_BUFFER_LIMIT)
buffer = alloca(length); buffer_size = length;
else else
{ buffer_size
/* The buffer size must be an integral number of blocks. */
unsigned buffer_size
= CBC_BUFFER_LIMIT - (CBC_BUFFER_LIMIT % block_size); = CBC_BUFFER_LIMIT - (CBC_BUFFER_LIMIT % block_size);
buffer = alloca(buffer_size); {
TMP_DECL(buffer, uint8_t, CBC_BUFFER_LIMIT);
TMP_ALLOC(buffer, buffer_size);
for ( ; length >= buffer_size; for ( ; length > buffer_size;
length -= buffer_size, dst += buffer_size, src += buffer_size) length -= buffer_size, dst += buffer_size, src += buffer_size)
{ {
memcpy(buffer, src, buffer_size); memcpy(buffer, src, buffer_size);
cbc_decrypt_internal(ctx, f, block_size, iv, cbc_decrypt_internal(ctx, f, block_size, iv,
buffer_size, dst, buffer); buffer_size, dst, buffer);
} }
if (!length)
return;
}
/* Now, we have at most CBC_BUFFER_LIMIT octets left */ /* Now, we have at most CBC_BUFFER_LIMIT octets left */
memcpy(buffer, src, length); memcpy(buffer, src, length);
cbc_decrypt_internal(ctx, f, block_size, iv, cbc_decrypt_internal(ctx, f, block_size, iv,
length, dst, buffer); length, dst, buffer);
} }
}
} }
#if 0 #if 0
......
...@@ -35,6 +35,7 @@ ...@@ -35,6 +35,7 @@
#include "bignum.h" #include "bignum.h"
#include "memxor.h" #include "memxor.h"
#include "nettle-internal.h"
/* The (slow) NIST method of generating DSA primes. Algorithm 4.56 of /* The (slow) NIST method of generating DSA primes. Algorithm 4.56 of
* Handbook of Applied Cryptography. */ * Handbook of Applied Cryptography. */
...@@ -118,8 +119,10 @@ dsa_nist_gen(mpz_t p, mpz_t q, ...@@ -118,8 +119,10 @@ dsa_nist_gen(mpz_t p, mpz_t q,
progress(progress_ctx, '\n'); progress(progress_ctx, '\n');
{ {
/* Official maximum key size: L = 1024 => n = 6 */
TMP_DECL(buffer, uint8_t, (6 + 1) * SHA1_DIGEST_SIZE);
unsigned size = (n+1) * SHA1_DIGEST_SIZE; unsigned size = (n+1) * SHA1_DIGEST_SIZE;
uint8_t *buffer = alloca(size); TMP_ALLOC(buffer, size);
unsigned i, j; unsigned i, j;
for (i = 0, j = 2; i<4096; i++, j+= n+1) for (i = 0, j = 2; i<4096; i++, j+= n+1)
......
...@@ -33,6 +33,7 @@ ...@@ -33,6 +33,7 @@
#include "hmac.h" #include "hmac.h"
#include "memxor.h" #include "memxor.h"
#include "nettle-internal.h"
#define IPAD 0x36 #define IPAD 0x36
#define OPAD 0x5c #define OPAD 0x5c
...@@ -42,7 +43,8 @@ hmac_set_key(void *outer, void *inner, void *state, ...@@ -42,7 +43,8 @@ hmac_set_key(void *outer, void *inner, void *state,
const struct nettle_hash *hash, const struct nettle_hash *hash,
unsigned key_length, const uint8_t *key) unsigned key_length, const uint8_t *key)
{ {
uint8_t *pad = alloca(hash->block_size); TMP_DECL(pad, uint8_t, NETTLE_MAX_HASH_BLOCK_SIZE);
TMP_ALLOC(pad, hash->block_size);
hash->init(outer); hash->init(outer);
hash->init(inner); hash->init(inner);
...@@ -52,7 +54,8 @@ hmac_set_key(void *outer, void *inner, void *state, ...@@ -52,7 +54,8 @@ hmac_set_key(void *outer, void *inner, void *state,
/* Reduce key to the algorithm's hash size. Use the area pointed /* Reduce key to the algorithm's hash size. Use the area pointed
* to by state for the temporary state. */ * to by state for the temporary state. */
uint8_t *digest = alloca(hash->digest_size); TMP_DECL(digest, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
TMP_ALLOC(digest, hash->digest_size);
hash->init(state); hash->init(state);
hash->update(state, key_length, key); hash->update(state, key_length, key);
...@@ -90,7 +93,8 @@ hmac_digest(const void *outer, const void *inner, void *state, ...@@ -90,7 +93,8 @@ hmac_digest(const void *outer, const void *inner, void *state,
const struct nettle_hash *hash, const struct nettle_hash *hash,
unsigned length, uint8_t *dst) unsigned length, uint8_t *dst)
{ {
uint8_t *digest = alloca(hash->digest_size); TMP_DECL(digest, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
TMP_ALLOC(digest, hash->digest_size);
hash->digest(state, hash->digest_size, digest); hash->digest(state, hash->digest_size, digest);
......
...@@ -38,6 +38,8 @@ ...@@ -38,6 +38,8 @@
#include "bignum.h" #include "bignum.h"
#include "pkcs1.h" #include "pkcs1.h"
#include "nettle-internal.h"
/* From pkcs-1v2 /* From pkcs-1v2
* *
* md5 OBJECT IDENTIFIER ::= * md5 OBJECT IDENTIFIER ::=
...@@ -64,7 +66,8 @@ md5_prefix[] = ...@@ -64,7 +66,8 @@ md5_prefix[] =
void void
pkcs1_rsa_md5_encode(mpz_t m, unsigned length, struct md5_ctx *hash) pkcs1_rsa_md5_encode(mpz_t m, unsigned length, struct md5_ctx *hash)
{ {
uint8_t *em = alloca(length); TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
TMP_ALLOC(em, length);
assert(length >= MD5_DIGEST_SIZE); assert(length >= MD5_DIGEST_SIZE);
pkcs1_signature_prefix(length - MD5_DIGEST_SIZE, em, pkcs1_signature_prefix(length - MD5_DIGEST_SIZE, em,
...@@ -78,7 +81,8 @@ pkcs1_rsa_md5_encode(mpz_t m, unsigned length, struct md5_ctx *hash) ...@@ -78,7 +81,8 @@ pkcs1_rsa_md5_encode(mpz_t m, unsigned length, struct md5_ctx *hash)
void void
pkcs1_rsa_md5_encode_digest(mpz_t m, unsigned length, const uint8_t *digest) pkcs1_rsa_md5_encode_digest(mpz_t m, unsigned length, const uint8_t *digest)
{ {
uint8_t *em = alloca(length); TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
TMP_ALLOC(em, length);
assert(length >= MD5_DIGEST_SIZE); assert(length >= MD5_DIGEST_SIZE);
pkcs1_signature_prefix(length - MD5_DIGEST_SIZE, em, pkcs1_signature_prefix(length - MD5_DIGEST_SIZE, em,
......
...@@ -38,6 +38,8 @@ ...@@ -38,6 +38,8 @@
#include "bignum.h" #include "bignum.h"
#include "pkcs1.h" #include "pkcs1.h"
#include "nettle-internal.h"
/* From pkcs-1v2 /* From pkcs-1v2
* *
* id-sha1 OBJECT IDENTIFIER ::= * id-sha1 OBJECT IDENTIFIER ::=
...@@ -64,7 +66,8 @@ sha1_prefix[] = ...@@ -64,7 +66,8 @@ sha1_prefix[] =
void void
pkcs1_rsa_sha1_encode(mpz_t m, unsigned length, struct sha1_ctx *hash) pkcs1_rsa_sha1_encode(mpz_t m, unsigned length, struct sha1_ctx *hash)
{ {
uint8_t *em = alloca(length); TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
TMP_ALLOC(em, length);
assert(length >= SHA1_DIGEST_SIZE); assert(length >= SHA1_DIGEST_SIZE);
pkcs1_signature_prefix(length - SHA1_DIGEST_SIZE, em, pkcs1_signature_prefix(length - SHA1_DIGEST_SIZE, em,
...@@ -78,7 +81,8 @@ pkcs1_rsa_sha1_encode(mpz_t m, unsigned length, struct sha1_ctx *hash) ...@@ -78,7 +81,8 @@ pkcs1_rsa_sha1_encode(mpz_t m, unsigned length, struct sha1_ctx *hash)
void void
pkcs1_rsa_sha1_encode_digest(mpz_t m, unsigned length, const uint8_t *digest) pkcs1_rsa_sha1_encode_digest(mpz_t m, unsigned length, const uint8_t *digest)
{ {
uint8_t *em = alloca(length); TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
TMP_ALLOC(em, length);
assert(length >= SHA1_DIGEST_SIZE); assert(length >= SHA1_DIGEST_SIZE);
pkcs1_signature_prefix(length - SHA1_DIGEST_SIZE, em, pkcs1_signature_prefix(length - SHA1_DIGEST_SIZE, em,
......
...@@ -36,13 +36,14 @@ ...@@ -36,13 +36,14 @@
#include "rsa.h" #include "rsa.h"
#include "bignum.h" #include "bignum.h"
#include "nettle-internal.h"
int int
rsa_decrypt(const struct rsa_private_key *key, rsa_decrypt(const struct rsa_private_key *key,
unsigned *length, uint8_t *message, unsigned *length, uint8_t *message,
const mpz_t gibberish) const mpz_t gibberish)
{ {
uint8_t *em; TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
uint8_t *terminator; uint8_t *terminator;
unsigned padding; unsigned padding;
unsigned message_length; unsigned message_length;
...@@ -52,7 +53,7 @@ rsa_decrypt(const struct rsa_private_key *key, ...@@ -52,7 +53,7 @@ rsa_decrypt(const struct rsa_private_key *key,
mpz_init(m); mpz_init(m);
rsa_compute_root(key, m, gibberish); rsa_compute_root(key, m, gibberish);
em = alloca(key->size); TMP_ALLOC(em, key->size);
nettle_mpz_get_str_256(key->size, em, m); nettle_mpz_get_str_256(key->size, em, m);
mpz_clear(m); mpz_clear(m);
......
...@@ -36,6 +36,7 @@ ...@@ -36,6 +36,7 @@
#include "rsa.h" #include "rsa.h"
#include "bignum.h" #include "bignum.h"
#include "nettle-internal.h"
int int
rsa_encrypt(const struct rsa_public_key *key, rsa_encrypt(const struct rsa_public_key *key,
...@@ -44,7 +45,7 @@ rsa_encrypt(const struct rsa_public_key *key, ...@@ -44,7 +45,7 @@ rsa_encrypt(const struct rsa_public_key *key,
unsigned length, const uint8_t *message, unsigned length, const uint8_t *message,
mpz_t gibbberish) mpz_t gibbberish)
{ {
uint8_t *em; TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
unsigned padding; unsigned padding;
unsigned i; unsigned i;
...@@ -64,7 +65,7 @@ rsa_encrypt(const struct rsa_public_key *key, ...@@ -64,7 +65,7 @@ rsa_encrypt(const struct rsa_public_key *key,
padding = key->size - length - 3; padding = key->size - length - 3;
assert(padding >= 8); assert(padding >= 8);
em = alloca(key->size - 1); TMP_ALLOC(em, key->size - 1);
em[0] = 2; em[0] = 2;
random(random_ctx, padding, em + 1); random(random_ctx, padding, em + 1);
......
...@@ -33,6 +33,7 @@ ...@@ -33,6 +33,7 @@
#include "sexp.h" #include "sexp.h"
#include "macros.h" #include "macros.h"
#include "nettle-internal.h"
/* Initializes the iterator, but one has to call next to get to the /* Initializes the iterator, but one has to call next to get to the
* first element. */ * first element. */
...@@ -324,11 +325,11 @@ sexp_iterator_assoc(struct sexp_iterator *iterator, ...@@ -324,11 +325,11 @@ sexp_iterator_assoc(struct sexp_iterator *iterator,
const uint8_t **keys, const uint8_t **keys,
struct sexp_iterator *values) struct sexp_iterator *values)
{ {
int *found; TMP_DECL(found, int, NETTLE_MAX_SEXP_ASSOC);
unsigned nfound; unsigned nfound;
unsigned i; unsigned i;
found = alloca(nkeys * sizeof(*found)); TMP_ALLOC(found, nkeys);
for (i = 0; i<nkeys; i++) for (i = 0; i<nkeys; i++)
found[i] = 0; found[i] = 0;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment