From ac9bf1cc2a4c1d841c0fb7b618b680fe20603ef9 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <quic_jouni@quicinc.com>
Date: Fri, 25 Aug 2023 11:34:14 +0300
Subject: [PATCH] Decrement hmac_sha*_vector() maximum num_elem value to 11

This replaces the earlier commit 4c079dcc64da ("Increment
hmac_sha*_vector() maximum num_elem value to 25") with a smaller
increment of just one extra element since the updated FTE MIC
calculation design does not use separate elements. This reduces stack
memory need. In addition, this starts using a define value for the
maximum number of vector elements to make this easier to change and to
make the code more readable.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
---
 src/crypto/crypto.h | 2 ++
 src/crypto/sha256.c | 6 +++---
 src/crypto/sha384.c | 6 +++---
 src/crypto/sha512.c | 6 +++---
 4 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/src/crypto/crypto.h b/src/crypto/crypto.h
index ff0869c49..0ac8fc194 100644
--- a/src/crypto/crypto.h
+++ b/src/crypto/crypto.h
@@ -21,6 +21,8 @@
 #ifndef CRYPTO_H
 #define CRYPTO_H
 
+#define HMAC_VECTOR_MAX_ELEM 11
+
 /**
  * md4_vector - MD4 hash for data vector
  * @num_elem: Number of elements in the data vector
diff --git a/src/crypto/sha256.c b/src/crypto/sha256.c
index 8e57efc01..1e8a12217 100644
--- a/src/crypto/sha256.c
+++ b/src/crypto/sha256.c
@@ -28,11 +28,11 @@ int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
 {
 	unsigned char k_pad[64]; /* padding - key XORd with ipad/opad */
 	unsigned char tk[32];
-	const u8 *_addr[26];
-	size_t _len[26], i;
+	const u8 *_addr[HMAC_VECTOR_MAX_ELEM + 1];
+	size_t _len[HMAC_VECTOR_MAX_ELEM + 1], i;
 	int ret;
 
-	if (num_elem > 25) {
+	if (num_elem > HMAC_VECTOR_MAX_ELEM) {
 		/*
 		 * Fixed limit on the number of fragments to avoid having to
 		 * allocate memory (which could fail).
diff --git a/src/crypto/sha384.c b/src/crypto/sha384.c
index 8fd69e2d8..be07e9c84 100644
--- a/src/crypto/sha384.c
+++ b/src/crypto/sha384.c
@@ -28,10 +28,10 @@ int hmac_sha384_vector(const u8 *key, size_t key_len, size_t num_elem,
 {
 	unsigned char k_pad[128]; /* padding - key XORd with ipad/opad */
 	unsigned char tk[48];
-	const u8 *_addr[26];
-	size_t _len[26], i;
+	const u8 *_addr[HMAC_VECTOR_MAX_ELEM + 1];
+	size_t _len[HMAC_VECTOR_MAX_ELEM + 1], i;
 
-	if (num_elem > 25) {
+	if (num_elem > HMAC_VECTOR_MAX_ELEM) {
 		/*
 		 * Fixed limit on the number of fragments to avoid having to
 		 * allocate memory (which could fail).
diff --git a/src/crypto/sha512.c b/src/crypto/sha512.c
index d0b123fb6..73b54c73b 100644
--- a/src/crypto/sha512.c
+++ b/src/crypto/sha512.c
@@ -28,10 +28,10 @@ int hmac_sha512_vector(const u8 *key, size_t key_len, size_t num_elem,
 {
 	unsigned char k_pad[128]; /* padding - key XORd with ipad/opad */
 	unsigned char tk[64];
-	const u8 *_addr[26];
-	size_t _len[26], i;
+	const u8 *_addr[HMAC_VECTOR_MAX_ELEM + 1];
+	size_t _len[HMAC_VECTOR_MAX_ELEM + 1], i;
 
-	if (num_elem > 25) {
+	if (num_elem > HMAC_VECTOR_MAX_ELEM) {
 		/*
 		 * Fixed limit on the number of fragments to avoid having to
 		 * allocate memory (which could fail).