Small stack and no malloc improvements

dgarske · dgarske · commit 7a8e71b2e478 · 2026-01-06T18:58:37.000Z
diff --git a/wolfcrypt/src/port/st/stsafe.c b/wolfcrypt/src/port/st/stsafe.c
@@ -379,6 +379,12 @@ static int stsafe_shared_secret(stsafe_slot_t slot, stsafe_curve_id_t curve_id,
  */
 static int stsafe_read_certificate(uint8_t** ppCert, uint32_t* pCertLen)
 {
+#ifdef WOLFSSL_NO_MALLOC
+    /* Certificate reading requires dynamic allocation */
+    (void)ppCert;
+    (void)pCertLen;
+    return NOT_COMPILED_IN;
+#else
     int rc = STSAFE_A_OK;
     stse_ReturnCode_t ret;
     uint16_t certLen = 0;
@@ -418,6 +424,7 @@ static int stsafe_read_certificate(uint8_t** ppCert, uint32_t* pCertLen)
     }
 
     return rc;
+#endif /* WOLFSSL_NO_MALLOC */
 }
 
 #if !defined(WC_NO_RNG) && defined(USE_STSAFE_RNG_SEED)
@@ -628,15 +635,30 @@ static int stsafe_verify(stsafe_curve_id_t curve_id, uint8_t* pHash,
     int rc = (int)(uint8_t)-1;
     uint8_t status_code;
     int key_sz = stsafe_get_key_size(curve_id);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     StSafeA_CoordinateBuffer* X = NULL;
     StSafeA_CoordinateBuffer* Y = NULL;
     StSafeA_SignatureBuffer* R = NULL;
     StSafeA_SignatureBuffer* S = NULL;
     StSafeA_SignatureBuffer* Hash = NULL;
+#else
+    /* Stack buffers: 2 bytes for Length + STSAFE_MAX_KEY_LEN for Data */
+    byte R_buf[2 + STSAFE_MAX_KEY_LEN];
+    byte S_buf[2 + STSAFE_MAX_KEY_LEN];
+    byte Hash_buf[2 + STSAFE_MAX_KEY_LEN];
+    byte X_buf[2 + STSAFE_MAX_KEY_LEN];
+    byte Y_buf[2 + STSAFE_MAX_KEY_LEN];
+    StSafeA_SignatureBuffer* R = (StSafeA_SignatureBuffer*)R_buf;
+    StSafeA_SignatureBuffer* S = (StSafeA_SignatureBuffer*)S_buf;
+    StSafeA_SignatureBuffer* Hash = (StSafeA_SignatureBuffer*)Hash_buf;
+    StSafeA_CoordinateBuffer* X = (StSafeA_CoordinateBuffer*)X_buf;
+    StSafeA_CoordinateBuffer* Y = (StSafeA_CoordinateBuffer*)Y_buf;
+#endif
     StSafeA_VerifySignatureBuffer* Verif = NULL;
 
     *pResult = 0;
 
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     /* Allocate buffers */
     R = (StSafeA_SignatureBuffer*)XMALLOC(key_sz + 2, NULL,
         DYNAMIC_TYPE_TMP_BUFFER);
@@ -649,37 +671,49 @@ static int stsafe_verify(stsafe_curve_id_t curve_id, uint8_t* pHash,
     Y = (StSafeA_CoordinateBuffer*)XMALLOC(key_sz + 2, NULL,
         DYNAMIC_TYPE_TMP_BUFFER);
 
-    if (X != NULL && Y != NULL && R != NULL && S != NULL && Hash != NULL) {
-        R->Length = key_sz;
-        S->Length = key_sz;
-        Hash->Length = key_sz;
-        X->Length = key_sz;
-        Y->Length = key_sz;
-
-        XMEMCPY(R->Data, pSigRS, key_sz);
-        XMEMCPY(S->Data, pSigRS + key_sz, key_sz);
-        XMEMCPY(Hash->Data, pHash, key_sz);
-        XMEMCPY(X->Data, pPubKeyX, key_sz);
-        XMEMCPY(Y->Data, pPubKeyY, key_sz);
-
-        status_code = StSafeA_VerifyMessageSignature(g_stsafe_handle,
-            curve_id, X, Y, R, S, Hash, &Verif, STSAFE_A_NO_MAC);
-
-        if (status_code == STSAFE_A_OK && Verif != NULL) {
-            *pResult = Verif->SignatureValidity ? 1 : 0;
-            if (Verif->SignatureValidity) {
-                rc = STSAFE_A_OK;
-            }
+    if (X == NULL || Y == NULL || R == NULL || S == NULL || Hash == NULL) {
+        XFREE(R, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(S, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(Hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(X, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(Y, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return MEMORY_E;
+    }
+#endif
+
+    R->Length = key_sz;
+    S->Length = key_sz;
+    Hash->Length = key_sz;
+    X->Length = key_sz;
+    Y->Length = key_sz;
+
+    XMEMCPY(R->Data, pSigRS, key_sz);
+    XMEMCPY(S->Data, pSigRS + key_sz, key_sz);
+    XMEMCPY(Hash->Data, pHash, key_sz);
+    XMEMCPY(X->Data, pPubKeyX, key_sz);
+    XMEMCPY(Y->Data, pPubKeyY, key_sz);
+
+    status_code = StSafeA_VerifyMessageSignature(g_stsafe_handle,
+        curve_id, X, Y, R, S, Hash, &Verif, STSAFE_A_NO_MAC);
+
+    if (status_code == STSAFE_A_OK && Verif != NULL) {
+        *pResult = Verif->SignatureValidity ? 1 : 0;
+        if (Verif->SignatureValidity) {
+            rc = STSAFE_A_OK;
         }
-        /* Free SDK-allocated buffer */
-        XFREE(Verif, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     }
+#ifndef WOLFSSL_NO_MALLOC
+    /* Free SDK-allocated buffer */
+    XFREE(Verif, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
 
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     XFREE(R, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(S, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(Hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(X, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(Y, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
 
     return rc;
 }
@@ -694,38 +728,56 @@ static int stsafe_shared_secret(stsafe_slot_t slot, stsafe_curve_id_t curve_id,
     int rc = (int)(uint8_t)-1;
     uint8_t status_code;
     int key_sz = stsafe_get_key_size(curve_id);
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     StSafeA_CoordinateBuffer* peerX = NULL;
     StSafeA_CoordinateBuffer* peerY = NULL;
+#else
+    /* Stack buffers: 2 bytes for Length + STSAFE_MAX_KEY_LEN for Data */
+    byte peerX_buf[2 + STSAFE_MAX_KEY_LEN];
+    byte peerY_buf[2 + STSAFE_MAX_KEY_LEN];
+    StSafeA_CoordinateBuffer* peerX = (StSafeA_CoordinateBuffer*)peerX_buf;
+    StSafeA_CoordinateBuffer* peerY = (StSafeA_CoordinateBuffer*)peerY_buf;
+#endif
     StSafeA_SharedSecretBuffer* sharedSecret = NULL;
 
     stsafe_set_host_keys(g_stsafe_handle);
 
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     peerX = (StSafeA_CoordinateBuffer*)XMALLOC(key_sz + 2, NULL,
         DYNAMIC_TYPE_TMP_BUFFER);
     peerY = (StSafeA_CoordinateBuffer*)XMALLOC(key_sz + 2, NULL,
         DYNAMIC_TYPE_TMP_BUFFER);
 
-    if (peerX != NULL && peerY != NULL) {
-        peerX->Length = key_sz;
-        peerY->Length = key_sz;
-        XMEMCPY(peerX->Data, pPubKeyX, key_sz);
-        XMEMCPY(peerY->Data, pPubKeyY, key_sz);
+    if (peerX == NULL || peerY == NULL) {
+        XFREE(peerX, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(peerY, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return MEMORY_E;
+    }
+#endif
 
-        status_code = StSafeA_EstablishKey(g_stsafe_handle, slot,
-            peerX, peerY, &sharedSecret, STSAFE_A_HOST_C_MAC);
+    peerX->Length = key_sz;
+    peerY->Length = key_sz;
+    XMEMCPY(peerX->Data, pPubKeyX, key_sz);
+    XMEMCPY(peerY->Data, pPubKeyY, key_sz);
 
-        if (status_code == STSAFE_A_OK && sharedSecret != NULL) {
-            *pSharedSecretLen = sharedSecret->SharedSecret.Length;
-            XMEMCPY(pSharedSecret, sharedSecret->SharedSecret.Data,
-                    sharedSecret->SharedSecret.Length);
-            rc = STSAFE_A_OK;
-        }
-        /* Free SDK-allocated buffer */
-        XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    status_code = StSafeA_EstablishKey(g_stsafe_handle, slot,
+        peerX, peerY, &sharedSecret, STSAFE_A_HOST_C_MAC);
+
+    if (status_code == STSAFE_A_OK && sharedSecret != NULL) {
+        *pSharedSecretLen = sharedSecret->SharedSecret.Length;
+        XMEMCPY(pSharedSecret, sharedSecret->SharedSecret.Data,
+                sharedSecret->SharedSecret.Length);
+        rc = STSAFE_A_OK;
     }
+#ifndef WOLFSSL_NO_MALLOC
+    /* Free SDK-allocated buffer */
+    XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
 
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     XFREE(peerX, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(peerY, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
 
     return rc;
 }
@@ -735,6 +787,12 @@ static int stsafe_shared_secret(stsafe_slot_t slot, stsafe_curve_id_t curve_id,
  */
 static int stsafe_read_certificate(uint8_t** ppCert, uint32_t* pCertLen)
 {
+#ifdef WOLFSSL_NO_MALLOC
+    /* Certificate reading requires dynamic allocation */
+    (void)ppCert;
+    (void)pCertLen;
+    return NOT_COMPILED_IN;
+#else
     int rc = STSAFE_A_OK;
     uint8_t status_code;
     StSafeA_ReadBuffer* readBuf = NULL;
@@ -812,6 +870,7 @@ static int stsafe_read_certificate(uint8_t** ppCert, uint32_t* pCertLen)
     }
 
     return rc;
+#endif /* WOLFSSL_NO_MALLOC */
 }
 
 #if !defined(WC_NO_RNG) && defined(USE_STSAFE_RNG_SEED)
