diff options
| -rw-r--r-- | bignum-random.c | 5 | ||||
| -rw-r--r-- | cbc.c | 49 | ||||
| -rw-r--r-- | dsa-keygen.c | 5 | ||||
| -rw-r--r-- | hmac.c | 10 | ||||
| -rw-r--r-- | pkcs1-rsa-md5.c | 8 | ||||
| -rw-r--r-- | pkcs1-rsa-sha1.c | 8 | ||||
| -rw-r--r-- | rsa-decrypt.c | 5 | ||||
| -rw-r--r-- | rsa-encrypt.c | 5 | ||||
| -rw-r--r-- | sexp.c | 7 |
9 files changed, 61 insertions, 41 deletions
diff --git a/bignum-random.c b/bignum-random.c index 9b1a404b..16029216 100644 --- a/bignum-random.c +++ b/bignum-random.c @@ -32,6 +32,7 @@ #include <stdlib.h> #include "bignum.h" +#include "nettle-internal.h" void nettle_mpz_random_size(mpz_t x, @@ -39,7 +40,8 @@ nettle_mpz_random_size(mpz_t x, unsigned bits) { unsigned length = (bits + 7) / 8; - uint8_t *data = alloca(length); + TMP_DECL(data, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8); + TMP_ALLOC(data, length); random(ctx, length, data); @@ -49,6 +51,7 @@ nettle_mpz_random_size(mpz_t x, mpz_fdiv_r_2exp(x, x, bits); } +/* Returns a random number x, 0 <= x < n */ void nettle_mpz_random(mpz_t x, void *ctx, nettle_random_func random, @@ -34,6 +34,7 @@ #include "cbc.h" #include "memxor.h" +#include "nettle-internal.h" void cbc_encrypt(void *ctx, void (*f)(void *ctx, @@ -106,33 +107,31 @@ cbc_decrypt(void *ctx, void (*f)(void *ctx, * * NOTE: We assume that block_size <= CBC_BUFFER_LIMIT. */ - uint8_t *buffer; - + unsigned buffer_size; + if (length <= CBC_BUFFER_LIMIT) - buffer = alloca(length); + buffer_size = length; else - { - /* The buffer size must be an integral number of blocks. */ - unsigned buffer_size - = CBC_BUFFER_LIMIT - (CBC_BUFFER_LIMIT % block_size); - - buffer = alloca(buffer_size); - - for ( ; length >= buffer_size; - length -= buffer_size, dst += buffer_size, src += buffer_size) - { - memcpy(buffer, src, buffer_size); - cbc_decrypt_internal(ctx, f, block_size, iv, - buffer_size, dst, buffer); - } - if (!length) - return; - } - /* Now, we have at most CBC_BUFFER_LIMIT octets left */ - memcpy(buffer, src, length); - - cbc_decrypt_internal(ctx, f, block_size, iv, - length, dst, buffer); + buffer_size + = CBC_BUFFER_LIMIT - (CBC_BUFFER_LIMIT % block_size); + + { + TMP_DECL(buffer, uint8_t, CBC_BUFFER_LIMIT); + TMP_ALLOC(buffer, buffer_size); + + for ( ; length > buffer_size; + length -= buffer_size, dst += buffer_size, src += buffer_size) + { + memcpy(buffer, src, buffer_size); + cbc_decrypt_internal(ctx, f, block_size, iv, + buffer_size, dst, buffer); + } + /* Now, we have at most CBC_BUFFER_LIMIT octets left */ + memcpy(buffer, src, length); + + cbc_decrypt_internal(ctx, f, block_size, iv, + length, dst, buffer); + } } } diff --git a/dsa-keygen.c b/dsa-keygen.c index 2bd9fd66..beb895ed 100644 --- a/dsa-keygen.c +++ b/dsa-keygen.c @@ -35,6 +35,7 @@ #include "bignum.h" #include "memxor.h" +#include "nettle-internal.h" /* The (slow) NIST method of generating DSA primes. Algorithm 4.56 of * Handbook of Applied Cryptography. */ @@ -118,8 +119,10 @@ dsa_nist_gen(mpz_t p, mpz_t q, progress(progress_ctx, '\n'); { + /* Official maximum key size: L = 1024 => n = 6 */ + TMP_DECL(buffer, uint8_t, (6 + 1) * SHA1_DIGEST_SIZE); unsigned size = (n+1) * SHA1_DIGEST_SIZE; - uint8_t *buffer = alloca(size); + TMP_ALLOC(buffer, size); unsigned i, j; for (i = 0, j = 2; i<4096; i++, j+= n+1) @@ -33,6 +33,7 @@ #include "hmac.h" #include "memxor.h" +#include "nettle-internal.h" #define IPAD 0x36 #define OPAD 0x5c @@ -42,7 +43,8 @@ hmac_set_key(void *outer, void *inner, void *state, const struct nettle_hash *hash, unsigned key_length, const uint8_t *key) { - uint8_t *pad = alloca(hash->block_size); + TMP_DECL(pad, uint8_t, NETTLE_MAX_HASH_BLOCK_SIZE); + TMP_ALLOC(pad, hash->block_size); hash->init(outer); hash->init(inner); @@ -52,7 +54,8 @@ hmac_set_key(void *outer, void *inner, void *state, /* Reduce key to the algorithm's hash size. Use the area pointed * to by state for the temporary state. */ - uint8_t *digest = alloca(hash->digest_size); + TMP_DECL(digest, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE); + TMP_ALLOC(digest, hash->digest_size); hash->init(state); hash->update(state, key_length, key); @@ -90,7 +93,8 @@ hmac_digest(const void *outer, const void *inner, void *state, const struct nettle_hash *hash, unsigned length, uint8_t *dst) { - uint8_t *digest = alloca(hash->digest_size); + TMP_DECL(digest, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE); + TMP_ALLOC(digest, hash->digest_size); hash->digest(state, hash->digest_size, digest); diff --git a/pkcs1-rsa-md5.c b/pkcs1-rsa-md5.c index c337232d..d3ccd8b0 100644 --- a/pkcs1-rsa-md5.c +++ b/pkcs1-rsa-md5.c @@ -38,6 +38,8 @@ #include "bignum.h" #include "pkcs1.h" +#include "nettle-internal.h" + /* From pkcs-1v2 * * md5 OBJECT IDENTIFIER ::= @@ -64,7 +66,8 @@ md5_prefix[] = void pkcs1_rsa_md5_encode(mpz_t m, unsigned length, struct md5_ctx *hash) { - uint8_t *em = alloca(length); + TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8); + TMP_ALLOC(em, length); assert(length >= MD5_DIGEST_SIZE); pkcs1_signature_prefix(length - MD5_DIGEST_SIZE, em, @@ -78,7 +81,8 @@ pkcs1_rsa_md5_encode(mpz_t m, unsigned length, struct md5_ctx *hash) void pkcs1_rsa_md5_encode_digest(mpz_t m, unsigned length, const uint8_t *digest) { - uint8_t *em = alloca(length); + TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8); + TMP_ALLOC(em, length); assert(length >= MD5_DIGEST_SIZE); pkcs1_signature_prefix(length - MD5_DIGEST_SIZE, em, diff --git a/pkcs1-rsa-sha1.c b/pkcs1-rsa-sha1.c index b2f94a89..62c51269 100644 --- a/pkcs1-rsa-sha1.c +++ b/pkcs1-rsa-sha1.c @@ -38,6 +38,8 @@ #include "bignum.h" #include "pkcs1.h" +#include "nettle-internal.h" + /* From pkcs-1v2 * * id-sha1 OBJECT IDENTIFIER ::= @@ -64,7 +66,8 @@ sha1_prefix[] = void pkcs1_rsa_sha1_encode(mpz_t m, unsigned length, struct sha1_ctx *hash) { - uint8_t *em = alloca(length); + TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8); + TMP_ALLOC(em, length); assert(length >= SHA1_DIGEST_SIZE); pkcs1_signature_prefix(length - SHA1_DIGEST_SIZE, em, @@ -78,7 +81,8 @@ pkcs1_rsa_sha1_encode(mpz_t m, unsigned length, struct sha1_ctx *hash) void pkcs1_rsa_sha1_encode_digest(mpz_t m, unsigned length, const uint8_t *digest) { - uint8_t *em = alloca(length); + TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8); + TMP_ALLOC(em, length); assert(length >= SHA1_DIGEST_SIZE); pkcs1_signature_prefix(length - SHA1_DIGEST_SIZE, em, diff --git a/rsa-decrypt.c b/rsa-decrypt.c index 6f53c3db..058a7580 100644 --- a/rsa-decrypt.c +++ b/rsa-decrypt.c @@ -36,13 +36,14 @@ #include "rsa.h" #include "bignum.h" +#include "nettle-internal.h" int rsa_decrypt(const struct rsa_private_key *key, unsigned *length, uint8_t *message, const mpz_t gibberish) { - uint8_t *em; + TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8); uint8_t *terminator; unsigned padding; unsigned message_length; @@ -52,7 +53,7 @@ rsa_decrypt(const struct rsa_private_key *key, mpz_init(m); rsa_compute_root(key, m, gibberish); - em = alloca(key->size); + TMP_ALLOC(em, key->size); nettle_mpz_get_str_256(key->size, em, m); mpz_clear(m); diff --git a/rsa-encrypt.c b/rsa-encrypt.c index ecc6760b..fab5f82b 100644 --- a/rsa-encrypt.c +++ b/rsa-encrypt.c @@ -36,6 +36,7 @@ #include "rsa.h" #include "bignum.h" +#include "nettle-internal.h" int rsa_encrypt(const struct rsa_public_key *key, @@ -44,7 +45,7 @@ rsa_encrypt(const struct rsa_public_key *key, unsigned length, const uint8_t *message, mpz_t gibbberish) { - uint8_t *em; + TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8); unsigned padding; unsigned i; @@ -64,7 +65,7 @@ rsa_encrypt(const struct rsa_public_key *key, padding = key->size - length - 3; assert(padding >= 8); - em = alloca(key->size - 1); + TMP_ALLOC(em, key->size - 1); em[0] = 2; random(random_ctx, padding, em + 1); @@ -33,6 +33,7 @@ #include "sexp.h" #include "macros.h" +#include "nettle-internal.h" /* Initializes the iterator, but one has to call next to get to the * first element. */ @@ -324,11 +325,11 @@ sexp_iterator_assoc(struct sexp_iterator *iterator, const uint8_t **keys, struct sexp_iterator *values) { - int *found; + TMP_DECL(found, int, NETTLE_MAX_SEXP_ASSOC); unsigned nfound; unsigned i; - - found = alloca(nkeys * sizeof(*found)); + + TMP_ALLOC(found, nkeys); for (i = 0; i<nkeys; i++) found[i] = 0; |