From 0100b5a2e13899e719149e5e3a45867803fee14c Mon Sep 17 00:00:00 2001 From: Chen Gang G Date: Mon, 19 Nov 2018 10:02:28 +0800 Subject: [PATCH] HV: replace dynamic memory with static for crypto library Remove dynamic memory allocation in crypto lib, use array to replace them. Tracked-On: #1900 Reviewed-by: Bing Zhu Signed-off-by: Chen Gang G Acked-by: Eddie Dong --- hypervisor/lib/crypto/crypto_api.c | 2 +- hypervisor/lib/crypto/mbedtls/hkdf.c | 2 +- hypervisor/lib/crypto/mbedtls/md.c | 29 +++------------------ hypervisor/lib/crypto/mbedtls/md.h | 23 +++++++++------- hypervisor/lib/crypto/mbedtls/md_internal.h | 6 ----- hypervisor/lib/crypto/mbedtls/md_wrap.c | 18 ------------- 6 files changed, 19 insertions(+), 61 deletions(-) diff --git a/hypervisor/lib/crypto/crypto_api.c b/hypervisor/lib/crypto/crypto_api.c index b3f10cf76..03c0dd8e7 100644 --- a/hypervisor/lib/crypto/crypto_api.c +++ b/hypervisor/lib/crypto/crypto_api.c @@ -52,8 +52,8 @@ int hmac_sha256(uint8_t *out_key, } if (mbedtls_md_hmac(md, - salt, salt_len, secret, secret_len, + salt, salt_len, out_key) != 0) { return 0; } diff --git a/hypervisor/lib/crypto/mbedtls/hkdf.c b/hypervisor/lib/crypto/mbedtls/hkdf.c index 4f69527fd..ada40d02f 100644 --- a/hypervisor/lib/crypto/mbedtls/hkdf.c +++ b/hypervisor/lib/crypto/mbedtls/hkdf.c @@ -121,7 +121,7 @@ int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk, mbedtls_md_init( &ctx ); - if( (ret = mbedtls_md_setup( &ctx, md, 1) ) != 0 ) + if( (ret = mbedtls_md_setup( &ctx, md) ) != 0 ) { goto exit; } diff --git a/hypervisor/lib/crypto/mbedtls/md.c b/hypervisor/lib/crypto/mbedtls/md.c index 7b2cab979..4c6ed24fa 100644 --- a/hypervisor/lib/crypto/mbedtls/md.c +++ b/hypervisor/lib/crypto/mbedtls/md.c @@ -59,19 +59,9 @@ void mbedtls_md_init( mbedtls_md_context_t *ctx ) void mbedtls_md_free( mbedtls_md_context_t *ctx ) { - if( ctx == NULL || ctx->md_info == NULL ) + if( ctx == NULL ) return; - if( ctx->md_ctx != NULL ) - ctx->md_info->ctx_free_func( ctx->md_ctx ); - - if( ctx->hmac_ctx != NULL ) - { - mbedtls_platform_zeroize( ctx->hmac_ctx, - 2 * ctx->md_info->block_size ); - mbedtls_free( ctx->hmac_ctx ); - } - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md_context_t ) ); } @@ -90,24 +80,11 @@ int mbedtls_md_clone( mbedtls_md_context_t *dst, return( 0 ); } -int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac ) +int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) { if( md_info == NULL || ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - if( ( ctx->md_ctx = md_info->ctx_alloc_func() ) == NULL ) - return( MBEDTLS_ERR_MD_ALLOC_FAILED ); - - if( hmac != 0 ) - { - ctx->hmac_ctx = mbedtls_calloc( 2, md_info->block_size ); - if( ctx->hmac_ctx == NULL ) - { - md_info->ctx_free_func( ctx->md_ctx ); - return( MBEDTLS_ERR_MD_ALLOC_FAILED ); - } - } - ctx->md_info = md_info; return( 0 ); @@ -254,7 +231,7 @@ int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, mbedtls_md_init( &ctx ); - if( ( ret = mbedtls_md_setup( &ctx, md_info, 1 ) ) != 0 ) + if( ( ret = mbedtls_md_setup( &ctx, md_info ) ) != 0 ) goto cleanup; if( ( ret = mbedtls_md_hmac_starts( &ctx, key, keylen ) ) != 0 ) diff --git a/hypervisor/lib/crypto/mbedtls/md.h b/hypervisor/lib/crypto/mbedtls/md.h index d1068277a..099aace90 100644 --- a/hypervisor/lib/crypto/mbedtls/md.h +++ b/hypervisor/lib/crypto/mbedtls/md.h @@ -29,6 +29,7 @@ #define MBEDTLS_MD_H #include +#include "sha256.h" #define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080 /**< The selected feature is not available. */ #define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Bad input parameters to function. */ #define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 /**< Failed to allocate memory. */ @@ -36,8 +37,6 @@ #define MBEDTLS_ERR_MD_HW_ACCEL_FAILED -0x5280 /**< MD hardware accelerator failed. */ #define mbedtls_platform_zeroize(buf, len) memset(buf, 0, len) -#define mbedtls_calloc calloc -#define mbedtls_free free /** * \brief Supported message digests. @@ -62,11 +61,19 @@ typedef struct { /** Information about the associated message digest. */ const mbedtls_md_info_t *md_info; - /** The digest-specific context. */ - void *md_ctx; + /** The digest-specific context. Use array here to avoid dynamic memory + * allocation. The size of the array size is determined by this line + * in md_wrap.c + * void *ctx = mbedtls_calloc(1, sizeof( mbedtls_sha256_context )); + */ + unsigned char md_ctx[sizeof( mbedtls_sha256_context )]; - /** The HMAC part of the context. */ - void *hmac_ctx; + /** The HMAC part of the context. Use array here to avoid dynamic memory + * allocation. The hardcode value 128 is determined by 2 parts: + * 1. In md.c ctx->hmac_ctx=mbedtls_calloc(2, md_info->block_size); + * 2. block_size is 64 in md_wrap.c + */ + unsigned char hmac_ctx[128]; } mbedtls_md_context_t; /** @@ -127,15 +134,13 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx ); * \param ctx The context to set up. * \param md_info The information structure of the message-digest algorithm * to use. - * \param hmac Defines if HMAC is used. 0: HMAC is not used (saves some memory), - * or non-zero: HMAC is used with this context. * * \return \c 0 on success. * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. * \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure. */ -int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac ); +int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ); /** * \brief This function clones the state of an message-digest diff --git a/hypervisor/lib/crypto/mbedtls/md_internal.h b/hypervisor/lib/crypto/mbedtls/md_internal.h index 7b2a28206..03a15328e 100644 --- a/hypervisor/lib/crypto/mbedtls/md_internal.h +++ b/hypervisor/lib/crypto/mbedtls/md_internal.h @@ -62,12 +62,6 @@ struct mbedtls_md_info_t int (*digest_func)( const unsigned char *input, size_t ilen, unsigned char *output ); - /** Allocate a new context */ - void * (*ctx_alloc_func)( void ); - - /** Free the given context */ - void (*ctx_free_func)( void *ctx ); - /** Clone state from a context */ void (*clone_func)( void *dst, const void *src ); diff --git a/hypervisor/lib/crypto/mbedtls/md_wrap.c b/hypervisor/lib/crypto/mbedtls/md_wrap.c index 3dc8606ce..96c4d197e 100644 --- a/hypervisor/lib/crypto/mbedtls/md_wrap.c +++ b/hypervisor/lib/crypto/mbedtls/md_wrap.c @@ -45,22 +45,6 @@ static int sha256_finish_wrap( void *ctx, unsigned char *output ) output ) ); } -static void *sha256_ctx_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha256_context ) ); - - if( ctx != NULL ) - mbedtls_sha256_init( (mbedtls_sha256_context *) ctx ); - - return( ctx ); -} - -static void sha256_ctx_free( void *ctx ) -{ - mbedtls_sha256_free( (mbedtls_sha256_context *) ctx ); - mbedtls_free( ctx ); -} - static void sha256_clone_wrap( void *dst, const void *src ) { mbedtls_sha256_clone( (mbedtls_sha256_context *) dst, @@ -93,8 +77,6 @@ const mbedtls_md_info_t mbedtls_sha256_info = { sha256_update_wrap, sha256_finish_wrap, sha256_wrap, - sha256_ctx_alloc, - sha256_ctx_free, sha256_clone_wrap, sha256_process_wrap, };