Skip to content

Commit 22a2290

Browse files
FrauschiFrauschi
committed
Fix TOCTOU issues in SP math code
1 parent 8b2c0f7 commit 22a2290

8 files changed

Lines changed: 144 additions & 192 deletions

File tree

wolfcrypt/src/sp_arm32.c

Lines changed: 24 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -75874,17 +75874,16 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g,
7587475874
if (cache->cnt == 2)
7587575875
sp_256_gen_stripe_table_8(g, cache->table, tmp, heap);
7587675876

75877-
#ifndef HAVE_THREAD_LS
75878-
wc_UnLockMutex(&sp_cache_256_lock);
75879-
#endif /* HAVE_THREAD_LS */
75880-
7588175877
if (cache->cnt < 2) {
7588275878
err = sp_256_ecc_mulmod_fast_8(r, g, k, map, ct, heap);
7588375879
}
7588475880
else {
7588575881
err = sp_256_ecc_mulmod_stripe_8(r, g, cache->table, k,
7588675882
map, ct, heap);
7588775883
}
75884+
#ifndef HAVE_THREAD_LS
75885+
wc_UnLockMutex(&sp_cache_256_lock);
75886+
#endif /* HAVE_THREAD_LS */
7588875887
}
7588975888

7589075889
SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC);
@@ -76256,17 +76255,16 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g,
7625676255
if (cache->cnt == 2)
7625776256
sp_256_gen_stripe_table_8(g, cache->table, tmp, heap);
7625876257

76259-
#ifndef HAVE_THREAD_LS
76260-
wc_UnLockMutex(&sp_cache_256_lock);
76261-
#endif /* HAVE_THREAD_LS */
76262-
7626376258
if (cache->cnt < 2) {
7626476259
err = sp_256_ecc_mulmod_fast_8(r, g, k, map, ct, heap);
7626576260
}
7626676261
else {
7626776262
err = sp_256_ecc_mulmod_stripe_8(r, g, cache->table, k,
7626876263
map, ct, heap);
7626976264
}
76265+
#ifndef HAVE_THREAD_LS
76266+
wc_UnLockMutex(&sp_cache_256_lock);
76267+
#endif /* HAVE_THREAD_LS */
7627076268
}
7627176269

7627276270
SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC);
@@ -93909,17 +93907,16 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g,
9390993907
if (cache->cnt == 2)
9391093908
sp_384_gen_stripe_table_12(g, cache->table, tmp, heap);
9391193909

93912-
#ifndef HAVE_THREAD_LS
93913-
wc_UnLockMutex(&sp_cache_384_lock);
93914-
#endif /* HAVE_THREAD_LS */
93915-
9391693910
if (cache->cnt < 2) {
9391793911
err = sp_384_ecc_mulmod_fast_12(r, g, k, map, ct, heap);
9391893912
}
9391993913
else {
9392093914
err = sp_384_ecc_mulmod_stripe_12(r, g, cache->table, k,
9392193915
map, ct, heap);
9392293916
}
93917+
#ifndef HAVE_THREAD_LS
93918+
wc_UnLockMutex(&sp_cache_384_lock);
93919+
#endif /* HAVE_THREAD_LS */
9392393920
}
9392493921

9392593922
SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC);
@@ -94307,17 +94304,16 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g,
9430794304
if (cache->cnt == 2)
9430894305
sp_384_gen_stripe_table_12(g, cache->table, tmp, heap);
9430994306

94310-
#ifndef HAVE_THREAD_LS
94311-
wc_UnLockMutex(&sp_cache_384_lock);
94312-
#endif /* HAVE_THREAD_LS */
94313-
9431494307
if (cache->cnt < 2) {
9431594308
err = sp_384_ecc_mulmod_fast_12(r, g, k, map, ct, heap);
9431694309
}
9431794310
else {
9431894311
err = sp_384_ecc_mulmod_stripe_12(r, g, cache->table, k,
9431994312
map, ct, heap);
9432094313
}
94314+
#ifndef HAVE_THREAD_LS
94315+
wc_UnLockMutex(&sp_cache_384_lock);
94316+
#endif /* HAVE_THREAD_LS */
9432194317
}
9432294318

9432394319
SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC);
@@ -121070,17 +121066,16 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g,
121070121066
if (cache->cnt == 2)
121071121067
sp_521_gen_stripe_table_17(g, cache->table, tmp, heap);
121072121068

121073-
#ifndef HAVE_THREAD_LS
121074-
wc_UnLockMutex(&sp_cache_521_lock);
121075-
#endif /* HAVE_THREAD_LS */
121076-
121077121069
if (cache->cnt < 2) {
121078121070
err = sp_521_ecc_mulmod_fast_17(r, g, k, map, ct, heap);
121079121071
}
121080121072
else {
121081121073
err = sp_521_ecc_mulmod_stripe_17(r, g, cache->table, k,
121082121074
map, ct, heap);
121083121075
}
121076+
#ifndef HAVE_THREAD_LS
121077+
wc_UnLockMutex(&sp_cache_521_lock);
121078+
#endif /* HAVE_THREAD_LS */
121084121079
}
121085121080

121086121081
SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC);
@@ -121488,17 +121483,16 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g,
121488121483
if (cache->cnt == 2)
121489121484
sp_521_gen_stripe_table_17(g, cache->table, tmp, heap);
121490121485

121491-
#ifndef HAVE_THREAD_LS
121492-
wc_UnLockMutex(&sp_cache_521_lock);
121493-
#endif /* HAVE_THREAD_LS */
121494-
121495121486
if (cache->cnt < 2) {
121496121487
err = sp_521_ecc_mulmod_fast_17(r, g, k, map, ct, heap);
121497121488
}
121498121489
else {
121499121490
err = sp_521_ecc_mulmod_stripe_17(r, g, cache->table, k,
121500121491
map, ct, heap);
121501121492
}
121493+
#ifndef HAVE_THREAD_LS
121494+
wc_UnLockMutex(&sp_cache_521_lock);
121495+
#endif /* HAVE_THREAD_LS */
121502121496
}
121503121497

121504121498
SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC);
@@ -150839,17 +150833,16 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g,
150839150833
if (cache->cnt == 2)
150840150834
sp_1024_gen_stripe_table_32(g, cache->table, tmp, heap);
150841150835

150842-
#ifndef HAVE_THREAD_LS
150843-
wc_UnLockMutex(&sp_cache_1024_lock);
150844-
#endif /* HAVE_THREAD_LS */
150845-
150846150836
if (cache->cnt < 2) {
150847150837
err = sp_1024_ecc_mulmod_fast_32(r, g, k, map, ct, heap);
150848150838
}
150849150839
else {
150850150840
err = sp_1024_ecc_mulmod_stripe_32(r, g, cache->table, k,
150851150841
map, ct, heap);
150852150842
}
150843+
#ifndef HAVE_THREAD_LS
150844+
wc_UnLockMutex(&sp_cache_1024_lock);
150845+
#endif /* HAVE_THREAD_LS */
150853150846
}
150854150847

150855150848
SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC);
@@ -151154,17 +151147,16 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g,
151154151147
if (cache->cnt == 2)
151155151148
sp_1024_gen_stripe_table_32(g, cache->table, tmp, heap);
151156151149

151157-
#ifndef HAVE_THREAD_LS
151158-
wc_UnLockMutex(&sp_cache_1024_lock);
151159-
#endif /* HAVE_THREAD_LS */
151160-
151161151150
if (cache->cnt < 2) {
151162151151
err = sp_1024_ecc_mulmod_fast_32(r, g, k, map, ct, heap);
151163151152
}
151164151153
else {
151165151154
err = sp_1024_ecc_mulmod_stripe_32(r, g, cache->table, k,
151166151155
map, ct, heap);
151167151156
}
151157+
#ifndef HAVE_THREAD_LS
151158+
wc_UnLockMutex(&sp_cache_1024_lock);
151159+
#endif /* HAVE_THREAD_LS */
151168151160
}
151169151161

151170151162
SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC);

wolfcrypt/src/sp_arm64.c

Lines changed: 21 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -24685,17 +24685,16 @@ static int sp_256_ecc_mulmod_4(sp_point_256* r, const sp_point_256* g,
2468524685
if (cache->cnt == 2)
2468624686
sp_256_gen_stripe_table_4(g, cache->table, tmp, heap);
2468724687

24688-
#ifndef HAVE_THREAD_LS
24689-
wc_UnLockMutex(&sp_cache_256_lock);
24690-
#endif /* HAVE_THREAD_LS */
24691-
2469224688
if (cache->cnt < 2) {
2469324689
err = sp_256_ecc_mulmod_win_add_sub_4(r, g, k, map, ct, heap);
2469424690
}
2469524691
else {
2469624692
err = sp_256_ecc_mulmod_stripe_4(r, g, cache->table, k,
2469724693
map, ct, heap);
2469824694
}
24695+
#ifndef HAVE_THREAD_LS
24696+
wc_UnLockMutex(&sp_cache_256_lock);
24697+
#endif /* HAVE_THREAD_LS */
2469924698
}
2470024699

2470124700
SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC);
@@ -25074,17 +25073,16 @@ static int sp_256_ecc_mulmod_4(sp_point_256* r, const sp_point_256* g,
2507425073
if (cache->cnt == 2)
2507525074
sp_256_gen_stripe_table_4(g, cache->table, tmp, heap);
2507625075

25077-
#ifndef HAVE_THREAD_LS
25078-
wc_UnLockMutex(&sp_cache_256_lock);
25079-
#endif /* HAVE_THREAD_LS */
25080-
2508125076
if (cache->cnt < 2) {
2508225077
err = sp_256_ecc_mulmod_win_add_sub_4(r, g, k, map, ct, heap);
2508325078
}
2508425079
else {
2508525080
err = sp_256_ecc_mulmod_stripe_4(r, g, cache->table, k,
2508625081
map, ct, heap);
2508725082
}
25083+
#ifndef HAVE_THREAD_LS
25084+
wc_UnLockMutex(&sp_cache_256_lock);
25085+
#endif /* HAVE_THREAD_LS */
2508825086
}
2508925087

2509025088
SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC);
@@ -45189,17 +45187,16 @@ static int sp_384_ecc_mulmod_6(sp_point_384* r, const sp_point_384* g,
4518945187
if (cache->cnt == 2)
4519045188
sp_384_gen_stripe_table_6(g, cache->table, tmp, heap);
4519145189

45192-
#ifndef HAVE_THREAD_LS
45193-
wc_UnLockMutex(&sp_cache_384_lock);
45194-
#endif /* HAVE_THREAD_LS */
45195-
4519645190
if (cache->cnt < 2) {
4519745191
err = sp_384_ecc_mulmod_win_add_sub_6(r, g, k, map, ct, heap);
4519845192
}
4519945193
else {
4520045194
err = sp_384_ecc_mulmod_stripe_6(r, g, cache->table, k,
4520145195
map, ct, heap);
4520245196
}
45197+
#ifndef HAVE_THREAD_LS
45198+
wc_UnLockMutex(&sp_cache_384_lock);
45199+
#endif /* HAVE_THREAD_LS */
4520345200
}
4520445201

4520545202
SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC);
@@ -45578,17 +45575,16 @@ static int sp_384_ecc_mulmod_6(sp_point_384* r, const sp_point_384* g,
4557845575
if (cache->cnt == 2)
4557945576
sp_384_gen_stripe_table_6(g, cache->table, tmp, heap);
4558045577

45581-
#ifndef HAVE_THREAD_LS
45582-
wc_UnLockMutex(&sp_cache_384_lock);
45583-
#endif /* HAVE_THREAD_LS */
45584-
4558545578
if (cache->cnt < 2) {
4558645579
err = sp_384_ecc_mulmod_win_add_sub_6(r, g, k, map, ct, heap);
4558745580
}
4558845581
else {
4558945582
err = sp_384_ecc_mulmod_stripe_6(r, g, cache->table, k,
4559045583
map, ct, heap);
4559145584
}
45585+
#ifndef HAVE_THREAD_LS
45586+
wc_UnLockMutex(&sp_cache_384_lock);
45587+
#endif /* HAVE_THREAD_LS */
4559245588
}
4559345589

4559445590
SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC);
@@ -73181,17 +73177,16 @@ static int sp_521_ecc_mulmod_9(sp_point_521* r, const sp_point_521* g,
7318173177
if (cache->cnt == 2)
7318273178
sp_521_gen_stripe_table_9(g, cache->table, tmp, heap);
7318373179

73184-
#ifndef HAVE_THREAD_LS
73185-
wc_UnLockMutex(&sp_cache_521_lock);
73186-
#endif /* HAVE_THREAD_LS */
73187-
7318873180
if (cache->cnt < 2) {
7318973181
err = sp_521_ecc_mulmod_win_add_sub_9(r, g, k, map, ct, heap);
7319073182
}
7319173183
else {
7319273184
err = sp_521_ecc_mulmod_stripe_9(r, g, cache->table, k,
7319373185
map, ct, heap);
7319473186
}
73187+
#ifndef HAVE_THREAD_LS
73188+
wc_UnLockMutex(&sp_cache_521_lock);
73189+
#endif /* HAVE_THREAD_LS */
7319573190
}
7319673191

7319773192
SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC);
@@ -73588,17 +73583,16 @@ static int sp_521_ecc_mulmod_9(sp_point_521* r, const sp_point_521* g,
7358873583
if (cache->cnt == 2)
7358973584
sp_521_gen_stripe_table_9(g, cache->table, tmp, heap);
7359073585

73591-
#ifndef HAVE_THREAD_LS
73592-
wc_UnLockMutex(&sp_cache_521_lock);
73593-
#endif /* HAVE_THREAD_LS */
73594-
7359573586
if (cache->cnt < 2) {
7359673587
err = sp_521_ecc_mulmod_win_add_sub_9(r, g, k, map, ct, heap);
7359773588
}
7359873589
else {
7359973590
err = sp_521_ecc_mulmod_stripe_9(r, g, cache->table, k,
7360073591
map, ct, heap);
7360173592
}
73593+
#ifndef HAVE_THREAD_LS
73594+
wc_UnLockMutex(&sp_cache_521_lock);
73595+
#endif /* HAVE_THREAD_LS */
7360273596
}
7360373597

7360473598
SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC);
@@ -116668,17 +116662,16 @@ static int sp_1024_ecc_mulmod_16(sp_point_1024* r, const sp_point_1024* g,
116668116662
if (cache->cnt == 2)
116669116663
sp_1024_gen_stripe_table_16(g, cache->table, tmp, heap);
116670116664

116671-
#ifndef HAVE_THREAD_LS
116672-
wc_UnLockMutex(&sp_cache_1024_lock);
116673-
#endif /* HAVE_THREAD_LS */
116674-
116675116665
if (cache->cnt < 2) {
116676116666
err = sp_1024_ecc_mulmod_win_add_sub_16(r, g, k, map, ct, heap);
116677116667
}
116678116668
else {
116679116669
err = sp_1024_ecc_mulmod_stripe_16(r, g, cache->table, k,
116680116670
map, ct, heap);
116681116671
}
116672+
#ifndef HAVE_THREAD_LS
116673+
wc_UnLockMutex(&sp_cache_1024_lock);
116674+
#endif /* HAVE_THREAD_LS */
116682116675
}
116683116676

116684116677
SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC);

0 commit comments

Comments
 (0)