From 1ab17ac827b70c05b4e68d5d9495336235f9807c Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Tue, 21 Aug 2018 09:03:11 +1000 Subject: [PATCH] More changes to minimize dynamic memory usage. Change define to WOLFSSL_MEMORY_LOG. Fix for ED25519 server certificate - single cert to allow comparison with ECC dynamic memory usage. Free memory earlier to reduce maximum memory usage in a connection. Make MAX_ENCODED_SIG_SZ only as big as necessary. Change memory allocation type in sha256 from RNG to DIGEST. If we know the key type use it in decoding private key --- certs/ed25519/include.am | 1 + certs/ed25519/server-ed25519-cert.pem | 15 + configure.ac | 15 +- src/internal.c | 240 ++++++++------ src/keys.c | 3 + src/ssl.c | 41 +++ src/tls.c | 4 +- src/tls13.c | 18 +- wolfcrypt/src/memory.c | 33 +- wolfcrypt/src/sha256.c | 6 +- wolfcrypt/src/sp_c32.c | 6 +- wolfcrypt/src/sp_c64.c | 6 +- wolfssl/test.h | 2 +- wolfssl/wolfcrypt/asn.h | 6 + wolfssl/wolfcrypt/types.h | 440 +++++++++++++------------- 15 files changed, 495 insertions(+), 341 deletions(-) create mode 100644 certs/ed25519/server-ed25519-cert.pem diff --git a/certs/ed25519/include.am b/certs/ed25519/include.am index 3bd79c6d1..ad2897684 100644 --- a/certs/ed25519/include.am +++ b/certs/ed25519/include.am @@ -23,6 +23,7 @@ EXTRA_DIST += \ certs/ed25519/root-ed25519-priv.pem \ certs/ed25519/server-ed25519.der \ certs/ed25519/server-ed25519.pem \ + certs/ed25519/server-ed25519-cert.pem \ certs/ed25519/server-ed25519-key.der \ certs/ed25519/server-ed25519-key.pem \ certs/ed25519/server-ed25519-priv.der \ diff --git a/certs/ed25519/server-ed25519-cert.pem b/certs/ed25519/server-ed25519-cert.pem new file mode 100644 index 000000000..555f30e83 --- /dev/null +++ b/certs/ed25519/server-ed25519-cert.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICUjCCAgSgAwIBAgIQAM3yL77cB/q7ZQPi/+pqmTAFBgMrZXAwgZ0xCzAJBgNV +BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQswCQYD +VQQEDAJDQTEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYG +A1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz +c2wuY29tMCIYDzIwMTgwNDEyMTYyMjE3WhgPMjAyMTAxMDcxNTIyMTdaMIGfMQsw +CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEN +MAsGA1UEBAwETGVhZjEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUx +OTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv +QHdvbGZzc2wuY29tMCowBQYDK2VwAyEAYV3st0WTyYR7aCFKTfQEi73NbF09t2Is +LSXDIknIhvKjUjBQMB0GA1UdDgQWBBQzyChjjPRX7h6wxxISdoqAMDrLEDAfBgNV +HSMEGDAWgBSSP5ZyAvphHCFtiN3r3TybF8SftzAOBgNVHQ8BAf8EBAMCBsAwBQYD +K2VwA0EAFYiG/GbR4PbPyQlG0FDiAV33z1e4upCEy/EkS++llX1pkoioiWPMkEDC +QTpAdrEtqKiXyXPHgjAkYbCqyqpoAA== +-----END CERTIFICATE----- diff --git a/configure.ac b/configure.ac index 28cc3917a..3ceb2df2e 100644 --- a/configure.ac +++ b/configure.ac @@ -657,7 +657,7 @@ AC_ARG_ENABLE([lowresource], if test "$ENABLED_LOWRESOURCE" = "yes" then # low memory / flash flags - AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE -DRSA_LOW_MEM -DGCM_SMALL -DCURVE25519_SMALL -DED25519_SMALL" + AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE -DRSA_LOW_MEM -DALT_ECC_SIZE -DGCM_SMALL -DCURVE25519_SMALL -DED25519_SMALL" # low flash flags AM_CFLAGS="$AM_CFLAGS -DUSE_SLOW_SHA -DUSE_SLOW_SHA256 -DUSE_SLOW_SHA512" @@ -1620,6 +1620,19 @@ then fi fi +# MEMORY usage logging +AC_ARG_ENABLE([memorylog], + [AS_HELP_STRING([--enable-memorylog],[Enable dynamic memory logging (default: disabled)])], + [ ENABLED_MEMORYLOG=$enableval ], + [ ENABLED_MEMORYLOG=no ] + ) + +if test "$ENABLED_MEMORYLOG" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MEMORY_LOG" +fi + + # RSA AC_ARG_ENABLE([rsa], diff --git a/src/internal.c b/src/internal.c index 9844cb626..ff46899e8 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4688,12 +4688,14 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) return MEMORY_E; } XMEMSET(ssl->arrays, 0, sizeof(Arrays)); +#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_SNIFFER) ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN, ssl->heap, DYNAMIC_TYPE_SECRET); if (ssl->arrays->preMasterSecret == NULL) { return MEMORY_E; } XMEMSET(ssl->arrays->preMasterSecret, 0, ENCRYPT_LEN); +#endif #ifdef SINGLE_THREADED if (ctx->suites == NULL) @@ -5357,9 +5359,8 @@ void FreeHandshakeResources(WOLFSSL* ssl) #ifdef HAVE_ECC FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccKey); ssl->peerEccKeyPresent = 0; -#ifdef HAVE_CURVE25519 - if (ssl->ecdhCurveOID != ECC_X25519_OID) -#endif /* HAVE_CURVE25519 */ +#endif +#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) { int dtype; #ifdef HAVE_ECC @@ -5381,8 +5382,7 @@ void FreeHandshakeResources(WOLFSSL* ssl) #ifdef HAVE_CURVE25519 FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, (void**)&ssl->peerX25519Key); ssl->peerX25519KeyPresent = 0; -#endif /* HAVE_CURVE25519 */ -#endif /* HAVE_ECC */ +#endif #ifndef NO_DH if (ssl->buffers.serverDH_Priv.buffer) { @@ -10531,6 +10531,10 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (ssl->options.resuming || !IsAtLeastTLSv1_2(ssl) || IsAtLeastTLSv1_3(ssl->version)) { ssl->options.cacheMessages = 0; + if (ssl->hsHashes->messages != NULL) { + XFREE(ssl->hsHashes->messages, ssl->heap, DYNAMIC_TYPE_HASHES); + ssl->hsHashes->messages = NULL; + } } #endif break; @@ -10599,6 +10603,10 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (ssl->options.resuming || !ssl->options.verifyPeer || \ !IsAtLeastTLSv1_2(ssl) || IsAtLeastTLSv1_3(ssl->version)) { ssl->options.cacheMessages = 0; + if (ssl->hsHashes->messages != NULL) { + XFREE(ssl->hsHashes->messages, ssl->heap, DYNAMIC_TYPE_HASHES); + ssl->hsHashes->messages = NULL; + } } #endif break; @@ -10629,6 +10637,9 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, SendAlert(ssl, alert_fatal, decode_error); ret = DECODE_E; } + if (ret == 0 && ssl->buffers.inputBuffer.dynamicFlag) { + ShrinkInputBuffer(ssl, NO_FORCED_FREE); + } #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP) /* if async, offset index so this msg will be processed again */ @@ -16488,37 +16499,39 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length) } #ifndef NO_RSA - ssl->hsType = DYNAMIC_TYPE_RSA; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); - if (ret != 0) { - goto exit_dpk; - } - - WOLFSSL_MSG("Trying RSA private key"); - - /* Set start of data to beginning of buffer. */ - idx = 0; - /* Decode the key assuming it is an RSA private key. */ - ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &idx, - (RsaKey*)ssl->hsKey, ssl->buffers.key->length); - if (ret == 0) { - WOLFSSL_MSG("Using RSA private key"); - - /* It worked so check it meets minimum key size requirements. */ - keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey); - if (keySz < 0) { /* check if keySz has error case */ - ERROR_OUT(keySz, exit_dpk); + if (ssl->buffers.keyType == rsa_sa_algo || ssl->buffers.keyType == 0) { + ssl->hsType = DYNAMIC_TYPE_RSA; + ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + if (ret != 0) { + goto exit_dpk; } - if (keySz < ssl->options.minRsaKeySz) { - WOLFSSL_MSG("RSA key size too small"); - ERROR_OUT(RSA_KEY_SIZE_E, exit_dpk); + WOLFSSL_MSG("Trying RSA private key"); + + /* Set start of data to beginning of buffer. */ + idx = 0; + /* Decode the key assuming it is an RSA private key. */ + ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &idx, + (RsaKey*)ssl->hsKey, ssl->buffers.key->length); + if (ret == 0) { + WOLFSSL_MSG("Using RSA private key"); + + /* It worked so check it meets minimum key size requirements. */ + keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey); + if (keySz < 0) { /* check if keySz has error case */ + ERROR_OUT(keySz, exit_dpk); + } + + if (keySz < ssl->options.minRsaKeySz) { + WOLFSSL_MSG("RSA key size too small"); + ERROR_OUT(RSA_KEY_SIZE_E, exit_dpk); + } + + /* Return the maximum signature length. */ + *length = (word16)keySz; + + goto exit_dpk; } - - /* Return the maximum signature length. */ - *length = (word16)keySz; - - goto exit_dpk; } #endif /* !NO_RSA */ @@ -16527,38 +16540,40 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length) FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); #endif /* !NO_RSA */ - ssl->hsType = DYNAMIC_TYPE_ECC; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); - if (ret != 0) { - goto exit_dpk; - } - -#ifndef NO_RSA - WOLFSSL_MSG("Trying ECC private key, RSA didn't work"); -#else - WOLFSSL_MSG("Trying ECC private key"); -#endif - - /* Set start of data to beginning of buffer. */ - idx = 0; - /* Decode the key assuming it is an ECC private key. */ - ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx, - (ecc_key*)ssl->hsKey, - ssl->buffers.key->length); - if (ret == 0) { - WOLFSSL_MSG("Using ECC private key"); - - /* Check it meets the minimum ECC key size requirements. */ - keySz = wc_ecc_size((ecc_key*)ssl->hsKey); - if (keySz < ssl->options.minEccKeySz) { - WOLFSSL_MSG("ECC key size too small"); - ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk); + if (ssl->buffers.keyType == ecc_dsa_sa_algo || ssl->buffers.keyType == 0) { + ssl->hsType = DYNAMIC_TYPE_ECC; + ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + if (ret != 0) { + goto exit_dpk; } - /* Return the maximum signature length. */ - *length = (word16)wc_ecc_sig_size((ecc_key*)ssl->hsKey); + #ifndef NO_RSA + WOLFSSL_MSG("Trying ECC private key, RSA didn't work"); + #else + WOLFSSL_MSG("Trying ECC private key"); + #endif - goto exit_dpk; + /* Set start of data to beginning of buffer. */ + idx = 0; + /* Decode the key assuming it is an ECC private key. */ + ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx, + (ecc_key*)ssl->hsKey, + ssl->buffers.key->length); + if (ret == 0) { + WOLFSSL_MSG("Using ECC private key"); + + /* Check it meets the minimum ECC key size requirements. */ + keySz = wc_ecc_size((ecc_key*)ssl->hsKey); + if (keySz < ssl->options.minEccKeySz) { + WOLFSSL_MSG("ECC key size too small"); + ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk); + } + + /* Return the maximum signature length. */ + *length = (word16)wc_ecc_sig_size((ecc_key*)ssl->hsKey); + + goto exit_dpk; + } } #endif #ifdef HAVE_ED25519 @@ -16566,39 +16581,41 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length) FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); #endif - ssl->hsType = DYNAMIC_TYPE_ED25519; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); - if (ret != 0) { - goto exit_dpk; - } - - #ifdef HAVE_ECC - WOLFSSL_MSG("Trying ED25519 private key, ECC didn't work"); - #elif !defined(NO_RSA) - WOLFSSL_MSG("Trying ED25519 private key, RSA didn't work"); - #else - WOLFSSL_MSG("Trying ED25519 private key"); - #endif - - /* Set start of data to beginning of buffer. */ - idx = 0; - /* Decode the key assuming it is an ED25519 private key. */ - ret = wc_Ed25519PrivateKeyDecode(ssl->buffers.key->buffer, &idx, - (ed25519_key*)ssl->hsKey, - ssl->buffers.key->length); - if (ret == 0) { - WOLFSSL_MSG("Using ED25519 private key"); - - /* Check it meets the minimum ECC key size requirements. */ - if (ED25519_KEY_SIZE < ssl->options.minEccKeySz) { - WOLFSSL_MSG("ED25519 key size too small"); - ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk); + if (ssl->buffers.keyType == ed25519_sa_algo || ssl->buffers.keyType == 0) { + ssl->hsType = DYNAMIC_TYPE_ED25519; + ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + if (ret != 0) { + goto exit_dpk; } - /* Return the maximum signature length. */ - *length = ED25519_SIG_SIZE; + #ifdef HAVE_ECC + WOLFSSL_MSG("Trying ED25519 private key, ECC didn't work"); + #elif !defined(NO_RSA) + WOLFSSL_MSG("Trying ED25519 private key, RSA didn't work"); + #else + WOLFSSL_MSG("Trying ED25519 private key"); + #endif - goto exit_dpk; + /* Set start of data to beginning of buffer. */ + idx = 0; + /* Decode the key assuming it is an ED25519 private key. */ + ret = wc_Ed25519PrivateKeyDecode(ssl->buffers.key->buffer, &idx, + (ed25519_key*)ssl->hsKey, + ssl->buffers.key->length); + if (ret == 0) { + WOLFSSL_MSG("Using ED25519 private key"); + + /* Check it meets the minimum ECC key size requirements. */ + if (ED25519_KEY_SIZE < ssl->options.minEccKeySz) { + WOLFSSL_MSG("ED25519 key size too small"); + ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk); + } + + /* Return the maximum signature length. */ + *length = ED25519_SIG_SIZE; + + goto exit_dpk; + } } #endif /* HAVE_ED25519 */ @@ -19204,6 +19221,14 @@ int SendClientKeyExchange(WOLFSSL* ssl) if (args->encSecret == NULL) { ERROR_OUT(MEMORY_E, exit_scke); } + if (ssl->arrays->preMasterSecret == NULL) { + ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN, + ssl->heap, DYNAMIC_TYPE_SECRET); + if (ssl->arrays->preMasterSecret == NULL) { + ERROR_OUT(MEMORY_E, exit_scke); + } + XMEMSET(ssl->arrays->preMasterSecret, 0, ENCRYPT_LEN); + } switch(ssl->specs.kea) { @@ -19594,6 +19619,11 @@ int SendClientKeyExchange(WOLFSSL* ssl) &ssl->arrays->preMasterSz, WOLFSSL_CLIENT_END ); + if (ret == 0) { + FreeKey(ssl, DYNAMIC_TYPE_ECC, + (void**)&ssl->peerEccKey); + ssl->peerEccKeyPresent = 0; + } break; } #endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */ @@ -19639,7 +19669,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) &ssl->arrays->preMasterSz, WOLFSSL_CLIENT_END ); - if (ret == 0) { + if (ret == 0 && !ssl->specs.static_ecdh) { FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, (void**)&ssl->peerX25519Key); ssl->peerX25519KeyPresent = 0; @@ -19658,6 +19688,11 @@ int SendClientKeyExchange(WOLFSSL* ssl) &ssl->arrays->preMasterSz, WOLFSSL_CLIENT_END ); + if (ret == 0 && !ssl->specs.static_ecdh) { + FreeKey(ssl, DYNAMIC_TYPE_ECC, + (void**)&ssl->peerEccKey); + ssl->peerEccKeyPresent = 0; + } #endif break; @@ -24201,6 +24236,15 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #endif + if (ssl->arrays->preMasterSecret == NULL) { + ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN, + ssl->heap, DYNAMIC_TYPE_SECRET); + if (ssl->arrays->preMasterSecret == NULL) { + ERROR_OUT(MEMORY_E, exit_dcke); + } + XMEMSET(ssl->arrays->preMasterSecret, 0, ENCRYPT_LEN); + } + switch (ssl->specs.kea) { #ifndef NO_RSA case rsa_kea: @@ -24886,6 +24930,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, &ssl->arrays->preMasterSz, WOLFSSL_SERVER_END ); + if (ret == 0) { + FreeKey(ssl, DYNAMIC_TYPE_ECC, + (void**)&ssl->peerEccKey); + ssl->peerEccKeyPresent = 0; + } #endif break; } @@ -24946,6 +24995,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, &args->sigSz, WOLFSSL_SERVER_END ); + if (ret == 0 && !ssl->specs.static_ecdh) { + FreeKey(ssl, DYNAMIC_TYPE_ECC, + (void**)&ssl->peerEccKey); + ssl->peerEccKeyPresent = 0; + } break; } #endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */ diff --git a/src/keys.c b/src/keys.c index e93adb5eb..e885537a8 100644 --- a/src/keys.c +++ b/src/keys.c @@ -3291,6 +3291,9 @@ static int CleanPreMaster(WOLFSSL* ssl) for (i = 0; i < sz; i++) ssl->arrays->preMasterSecret[i] = 0; + XFREE(ssl->arrays->preMasterSecret, ssl->heap, DYNAMIC_TYPE_SECRET); + ssl->arrays->preMasterSecret = NULL; + return 0; } diff --git a/src/ssl.c b/src/ssl.c index 8a9616ab6..f1dc89c4e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -26132,6 +26132,30 @@ int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa, #ifdef HAVE_ECC +#ifdef ALT_ECC_SIZE +static int SetIndividualInternalEcc(WOLFSSL_BIGNUM* bn, mp_int* mpi) +{ + WOLFSSL_MSG("Entering SetIndividualInternal"); + + if (bn == NULL || bn->internal == NULL) { + WOLFSSL_MSG("bn NULL error"); + return WOLFSSL_FATAL_ERROR; + } + + if (mpi == NULL) { + WOLFSSL_MSG("mpi NULL error"); + return WOLFSSL_FATAL_ERROR; + } + + if (mp_copy((mp_int*)bn->internal, mpi) != MP_OKAY) { + WOLFSSL_MSG("mp_copy error"); + return WOLFSSL_FATAL_ERROR; + } + + return WOLFSSL_SUCCESS; +} +#endif /* ALT_ECC_SIZE */ + /* EC_POINT Openssl -> WolfSSL */ static int SetECPointInternal(WOLFSSL_EC_POINT *p) { @@ -26145,6 +26169,7 @@ static int SetECPointInternal(WOLFSSL_EC_POINT *p) point = (ecc_point*)p->internal; +#ifndef ALT_ECC_SIZE if (p->X != NULL && SetIndividualInternal(p->X, point->x) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("ecc point X error"); return WOLFSSL_FATAL_ERROR; @@ -26159,6 +26184,22 @@ static int SetECPointInternal(WOLFSSL_EC_POINT *p) WOLFSSL_MSG("ecc point Z error"); return WOLFSSL_FATAL_ERROR; } +#else + if (p->X != NULL && SetIndividualInternalEcc(p->X, point->x) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("ecc point X error"); + return WOLFSSL_FATAL_ERROR; + } + + if (p->Y != NULL && SetIndividualInternalEcc(p->Y, point->y) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("ecc point Y error"); + return WOLFSSL_FATAL_ERROR; + } + + if (p->Z != NULL && SetIndividualInternalEcc(p->Z, point->z) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("ecc point Z error"); + return WOLFSSL_FATAL_ERROR; + } +#endif p->inSet = 1; diff --git a/src/tls.c b/src/tls.c index 00c085ede..1d3f357ac 100644 --- a/src/tls.c +++ b/src/tls.c @@ -6383,7 +6383,7 @@ static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) #ifdef WOLFSSL_ASYNC_CRYPT /* TODO: Make this function non-blocking */ if (ret == WC_PENDING_E) { - ret = wc_AsyncWait(ret, dhKey.asyncDev, WC_ASYNC_FLAG_NONE); + ret = wc_AsyncWait(ret, dhKey->asyncDev, WC_ASYNC_FLAG_NONE); } #endif /* RFC 8446 Section 7.4.1: @@ -6397,7 +6397,7 @@ static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) ssl->arrays->preMasterSz = params->p_len; } - wc_FreeDhKey(&dhKey); + wc_FreeDhKey(dhKey); #ifdef WOLFSSL_SMALL_STACK XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH); #endif diff --git a/src/tls13.c b/src/tls13.c index bfc4117b9..eab07a241 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -5293,9 +5293,9 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) #ifndef NO_RSA if (ssl->hsType == DYNAMIC_TYPE_RSA) { /* build encoded signature buffer */ - sig->length = MAX_ENCODED_SIG_SZ; + sig->length = WC_MAX_DIGEST_SIZE; sig->buffer = (byte*)XMALLOC(sig->length, ssl->heap, - DYNAMIC_TYPE_SIGNATURE); + DYNAMIC_TYPE_SIGNATURE); if (sig->buffer == NULL) { ERROR_OUT(MEMORY_E, exit_scv); } @@ -7095,6 +7095,17 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, case server_hello: WOLFSSL_MSG("processing server hello"); ret = DoTls13ServerHello(ssl, input, inOutIdx, size, &type); + #if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ + !defined(NO_ED25519_CLIENT_AUTH) + if (ssl->options.resuming || !IsAtLeastTLSv1_2(ssl) || + IsAtLeastTLSv1_3(ssl->version)) { + ssl->options.cacheMessages = 0; + if (ssl->hsHashes->messages != NULL) { + XFREE(ssl->hsHashes->messages, ssl->heap, DYNAMIC_TYPE_HASHES); + ssl->hsHashes->messages = NULL; + } + } + #endif break; case encrypted_extensions: @@ -7169,6 +7180,9 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, type != key_update) { ret = HashInput(ssl, input + inIdx, size); } + if (ret == 0 && ssl->buffers.inputBuffer.dynamicFlag) { + ShrinkInputBuffer(ssl, NO_FORCED_FREE); + } if (ret == BUFFER_ERROR || ret == MISSING_HANDSHAKE_DATA) SendAlert(ssl, alert_fatal, decode_error); diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index d022efe9b..87ed921f3 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -71,6 +71,10 @@ Possible memory options: } } #endif +#if defined(WOLFSSL_MALLOC_CHECK) || defined(WOLFSSL_TRACK_MEMORY_FULL) || \ + defined(WOLFSSL_MEMORY_LOG) + #include +#endif /* Set these to default values initially. */ @@ -992,9 +996,9 @@ void XFREE(void *p, void* heap, int type) #endif /* HAVE_IO_POOL */ -#ifdef WOLFSSL_MEMORY_TRACKING +#ifdef WOLFSSL_MEMORY_LOG void *xmalloc(size_t n, void* heap, int type, const char* func, - unsigned int line) + const char* file, unsigned int line) { void* p; word32* p32; @@ -1007,23 +1011,25 @@ void *xmalloc(size_t n, void* heap, int type, const char* func, p32[0] = n; p = (void*)(p32 + 4); - fprintf(stderr, "Alloc: %p -> %u (%d) at %s:%d\n", p, (word32)n, type, func, - line); + fprintf(stderr, "Alloc: %p -> %u (%d) at %s:%s:%d\n", p, (word32)n, type, + func, file, line); (void)heap; return p; } void *xrealloc(void *p, size_t n, void* heap, int type, const char* func, - unsigned int line) + const char* file, unsigned int line) { void* newp = NULL; word32* p32; word32* oldp32 = NULL; + word32 oldLen; if (p != NULL) { oldp32 = (word32*)p; oldp32 -= 4; + oldLen = oldp32[0]; } if (realloc_function) @@ -1035,11 +1041,11 @@ void *xrealloc(void *p, size_t n, void* heap, int type, const char* func, p32[0] = n; newp = (void*)(p32 + 4); - fprintf(stderr, "Alloc: %p -> %u (%d) at %s:%d\n", newp, (word32)n, - type, func, line); + fprintf(stderr, "Alloc: %p -> %u (%d) at %s:%s:%d\n", newp, (word32)n, + type, func, file, line); if (p != NULL) { - fprintf(stderr, "Free: %p -> %u (%d) at %s:%d\n", p, oldp32[0], - type, func, line); + fprintf(stderr, "Free: %p -> %u (%d) at %s:%s:%d\n", p, oldLen, + type, func, file, line); } } @@ -1047,15 +1053,16 @@ void *xrealloc(void *p, size_t n, void* heap, int type, const char* func, return newp; } -void xfree(void *p, void* heap, int type, const char* func, unsigned int line) +void xfree(void *p, void* heap, int type, const char* func, const char* file, + unsigned int line) { word32* p32 = (word32*)p; if (p != NULL) { p32 -= 4; - fprintf(stderr, "Free: %p -> %u (%d) at %s:%d\n", p, p32[0], type, func, - line); + fprintf(stderr, "Free: %p -> %u (%d) at %s:%s:%d\n", p, p32[0], type, + func, file, line); if (free_function) free_function(p32); @@ -1065,5 +1072,5 @@ void xfree(void *p, void* heap, int type, const char* func, unsigned int line) (void)heap; } -#endif /* WOLFSSL_MEMORY_TRACKING */ +#endif /* WOLFSSL_MEMORY_LOG */ diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 7e4ae2314..05bff8329 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -531,7 +531,7 @@ static int InitSha256(wc_Sha256* sha256) word32* W = sha256->W; if (W == NULL) { W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE, NULL, - DYNAMIC_TYPE_RNG); + DYNAMIC_TYPE_DIGEST); if (W == NULL) return MEMORY_E; sha256->W = W; @@ -2708,7 +2708,7 @@ SHA256_NOINLINE static int Transform_Sha256_AVX2_RORX_Len(wc_Sha256* sha256, #ifdef WOLFSSL_SMALL_STACK_CACHE if (sha224->W != NULL) { - XFREE(sha224->W, NULL, DYNAMIC_TYPE_RNG); + XFREE(sha224->W, NULL, DYNAMIC_TYPE_DIGEST); sha224->W = NULL; } #endif @@ -2736,7 +2736,7 @@ void wc_Sha256Free(wc_Sha256* sha256) #ifdef WOLFSSL_SMALL_STACK_CACHE if (sha256->W != NULL) { - XFREE(sha256->W, NULL, DYNAMIC_TYPE_RNG); + XFREE(sha256->W, NULL, DYNAMIC_TYPE_DIGEST); sha256->W = NULL; } #endif diff --git a/wolfcrypt/src/sp_c32.c b/wolfcrypt/src/sp_c32.c index 9bc2df609..07af0b500 100644 --- a/wolfcrypt/src/sp_c32.c +++ b/wolfcrypt/src/sp_c32.c @@ -8704,7 +8704,7 @@ static int sp_256_ecc_mulmod_10(sp_point* r, sp_point* g, sp_digit* k, (void)heap; - td = (sp_point*)XMALLOC(sizeof(sp_point) * 3, heap, DYNAMIC_TYPE_TMP_ECC); + td = (sp_point*)XMALLOC(sizeof(sp_point) * 3, heap, DYNAMIC_TYPE_ECC); if (td == NULL) err = MEMORY_E; tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 5, heap, @@ -8764,11 +8764,11 @@ static int sp_256_ecc_mulmod_10(sp_point* r, sp_point* g, sp_digit* k, if (tmp != NULL) { XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 10 * 5); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); } if (td != NULL) { XMEMSET(td, 0, sizeof(sp_point) * 3); - XFREE(td, NULL, DYNAMIC_TYPE_TMP_ECC); + XFREE(td, NULL, DYNAMIC_TYPE_ECC); } return err; diff --git a/wolfcrypt/src/sp_c64.c b/wolfcrypt/src/sp_c64.c index 26bcb0d8a..07d2905cb 100644 --- a/wolfcrypt/src/sp_c64.c +++ b/wolfcrypt/src/sp_c64.c @@ -7926,7 +7926,7 @@ static int sp_256_ecc_mulmod_5(sp_point* r, sp_point* g, sp_digit* k, (void)heap; - td = (sp_point*)XMALLOC(sizeof(sp_point) * 3, heap, DYNAMIC_TYPE_TMP_ECC); + td = (sp_point*)XMALLOC(sizeof(sp_point) * 3, heap, DYNAMIC_TYPE_ECC); if (td == NULL) err = MEMORY_E; tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 5 * 5, heap, @@ -7986,11 +7986,11 @@ static int sp_256_ecc_mulmod_5(sp_point* r, sp_point* g, sp_digit* k, if (tmp != NULL) { XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 5 * 5); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); } if (td != NULL) { XMEMSET(td, 0, sizeof(sp_point) * 3); - XFREE(td, NULL, DYNAMIC_TYPE_TMP_ECC); + XFREE(td, NULL, DYNAMIC_TYPE_ECC); } return err; diff --git a/wolfssl/test.h b/wolfssl/test.h index eb307c6aa..dc24fb2a6 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -272,7 +272,7 @@ #define cliEccCertFile "certs/client-ecc-cert.pem" #define caEccCertFile "certs/ca-ecc-cert/pem" #define crlPemDir "certs/crl" -#define edCertFile "certs/ed25519/server-ed25519.pem" +#define edCertFile "certs/ed25519/server-ed25519-cert.pem" #define edKeyFile "certs/ed25519/server-ed25519-priv.pem" #define cliEdCertFile "certs/ed25519/client-ed25519.pem" #define cliEdKeyFile "certs/ed25519/client-ed25519-priv.pem" diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index eda5cf49f..c8add0227 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -167,7 +167,13 @@ enum Misc_ASN { MIN_DATE_SIZE = 13, MAX_DATE_SIZE = 32, ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */ +#ifndef NO_RSA MAX_ENCODED_SIG_SZ = 512, +#elif defined(HAVE_ECC) + MAX_ENCODED_SIG_SZ = 140, +#else + MAX_ENCODED_SIG_SZ = 64, +#endif MAX_SIG_SZ = 256, MAX_ALGO_SZ = 20, MAX_SHORT_SZ = 6, /* asn int + byte len + 4 byte length */ diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 9c9c9f316..cecd5b0e5 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -26,92 +26,92 @@ #ifndef WOLF_CRYPT_TYPES_H #define WOLF_CRYPT_TYPES_H - #include - #include + #include + #include - #ifdef __cplusplus - extern "C" { - #endif + #ifdef __cplusplus + extern "C" { + #endif - #if defined(WORDS_BIGENDIAN) - #define BIG_ENDIAN_ORDER - #endif + #if defined(WORDS_BIGENDIAN) + #define BIG_ENDIAN_ORDER + #endif - #ifndef BIG_ENDIAN_ORDER - #define LITTLE_ENDIAN_ORDER - #endif + #ifndef BIG_ENDIAN_ORDER + #define LITTLE_ENDIAN_ORDER + #endif - #ifndef WOLFSSL_TYPES - #ifndef byte - typedef unsigned char byte; - #endif - typedef unsigned short word16; - typedef unsigned int word32; - typedef byte word24[3]; - #endif + #ifndef WOLFSSL_TYPES + #ifndef byte + typedef unsigned char byte; + #endif + typedef unsigned short word16; + typedef unsigned int word32; + typedef byte word24[3]; + #endif - /* try to set SIZEOF_LONG or LONG_LONG if user didn't */ - #if !defined(_MSC_VER) && !defined(__BCPLUSPLUS__) && !defined(__EMSCRIPTEN__) - #if !defined(SIZEOF_LONG_LONG) && !defined(SIZEOF_LONG) - #if (defined(__alpha__) || defined(__ia64__) || \ - defined(_ARCH_PPC64) || defined(__mips64) || \ - defined(__x86_64__) || \ - ((defined(sun) || defined(__sun)) && \ - (defined(LP64) || defined(_LP64)))) - /* long should be 64bit */ - #define SIZEOF_LONG 8 - #elif defined(__i386__) || defined(__CORTEX_M3__) - /* long long should be 64bit */ - #define SIZEOF_LONG_LONG 8 - #endif - #endif - #endif + /* try to set SIZEOF_LONG or LONG_LONG if user didn't */ + #if !defined(_MSC_VER) && !defined(__BCPLUSPLUS__) && !defined(__EMSCRIPTEN__) + #if !defined(SIZEOF_LONG_LONG) && !defined(SIZEOF_LONG) + #if (defined(__alpha__) || defined(__ia64__) || \ + defined(_ARCH_PPC64) || defined(__mips64) || \ + defined(__x86_64__) || \ + ((defined(sun) || defined(__sun)) && \ + (defined(LP64) || defined(_LP64)))) + /* long should be 64bit */ + #define SIZEOF_LONG 8 + #elif defined(__i386__) || defined(__CORTEX_M3__) + /* long long should be 64bit */ + #define SIZEOF_LONG_LONG 8 + #endif + #endif + #endif - #if defined(_MSC_VER) || defined(__BCPLUSPLUS__) - #define WORD64_AVAILABLE - #define W64LIT(x) x##ui64 - typedef unsigned __int64 word64; - #elif defined(__EMSCRIPTEN__) - #define WORD64_AVAILABLE - #define W64LIT(x) x##ull - typedef unsigned long long word64; - #elif defined(SIZEOF_LONG) && SIZEOF_LONG == 8 - #define WORD64_AVAILABLE - #define W64LIT(x) x##LL - typedef unsigned long word64; - #elif defined(SIZEOF_LONG_LONG) && SIZEOF_LONG_LONG == 8 - #define WORD64_AVAILABLE - #define W64LIT(x) x##LL - typedef unsigned long long word64; - #elif defined(__SIZEOF_LONG_LONG__) && __SIZEOF_LONG_LONG__ == 8 - #define WORD64_AVAILABLE - #define W64LIT(x) x##LL - typedef unsigned long long word64; - #endif + #if defined(_MSC_VER) || defined(__BCPLUSPLUS__) + #define WORD64_AVAILABLE + #define W64LIT(x) x##ui64 + typedef unsigned __int64 word64; + #elif defined(__EMSCRIPTEN__) + #define WORD64_AVAILABLE + #define W64LIT(x) x##ull + typedef unsigned long long word64; + #elif defined(SIZEOF_LONG) && SIZEOF_LONG == 8 + #define WORD64_AVAILABLE + #define W64LIT(x) x##LL + typedef unsigned long word64; + #elif defined(SIZEOF_LONG_LONG) && SIZEOF_LONG_LONG == 8 + #define WORD64_AVAILABLE + #define W64LIT(x) x##LL + typedef unsigned long long word64; + #elif defined(__SIZEOF_LONG_LONG__) && __SIZEOF_LONG_LONG__ == 8 + #define WORD64_AVAILABLE + #define W64LIT(x) x##LL + typedef unsigned long long word64; + #endif #if !defined(NO_64BIT) && defined(WORD64_AVAILABLE) - /* These platforms have 64-bit CPU registers. */ - #if (defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) || \ - defined(__mips64) || defined(__x86_64__) || defined(_M_X64)) || \ + /* These platforms have 64-bit CPU registers. */ + #if (defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) || \ + defined(__mips64) || defined(__x86_64__) || defined(_M_X64)) || \ defined(__aarch64__) || defined(__sparc64__) - typedef word64 wolfssl_word; + typedef word64 wolfssl_word; #define WC_64BIT_CPU - #elif (defined(sun) || defined(__sun)) && \ + #elif (defined(sun) || defined(__sun)) && \ (defined(LP64) || defined(_LP64)) /* LP64 with GNU GCC compiler is reserved for when long int is 64 bits * and int uses 32 bits. When using Solaris Studio sparc and __sparc are * available for 32 bit detection but __sparc64__ could be missed. This * uses LP64 for checking 64 bit CPU arch. */ - typedef word64 wolfssl_word; + typedef word64 wolfssl_word; #define WC_64BIT_CPU #else - typedef word32 wolfssl_word; - #ifdef WORD64_AVAILABLE - #define WOLFCRYPT_SLOW_WORD64 - #endif - #endif + typedef word32 wolfssl_word; + #ifdef WORD64_AVAILABLE + #define WOLFCRYPT_SLOW_WORD64 + #endif + #endif #else #undef WORD64_AVAILABLE typedef word32 wolfssl_word; @@ -119,36 +119,36 @@ mp_digit, no 64 bit type so make mp_digit 16 bit */ #endif - enum { - WOLFSSL_WORD_SIZE = sizeof(wolfssl_word), - WOLFSSL_BIT_SIZE = 8, - WOLFSSL_WORD_BITS = WOLFSSL_WORD_SIZE * WOLFSSL_BIT_SIZE - }; + enum { + WOLFSSL_WORD_SIZE = sizeof(wolfssl_word), + WOLFSSL_BIT_SIZE = 8, + WOLFSSL_WORD_BITS = WOLFSSL_WORD_SIZE * WOLFSSL_BIT_SIZE + }; - #define WOLFSSL_MAX_16BIT 0xffffU + #define WOLFSSL_MAX_16BIT 0xffffU - /* use inlining if compiler allows */ - #ifndef WC_INLINE - #ifndef NO_INLINE - #ifdef _MSC_VER - #define WC_INLINE __inline - #elif defined(__GNUC__) + /* use inlining if compiler allows */ + #ifndef WC_INLINE + #ifndef NO_INLINE + #ifdef _MSC_VER + #define WC_INLINE __inline + #elif defined(__GNUC__) #ifdef WOLFSSL_VXWORKS #define WC_INLINE __inline__ #else #define WC_INLINE inline #endif - #elif defined(__IAR_SYSTEMS_ICC__) - #define WC_INLINE inline - #elif defined(THREADX) - #define WC_INLINE _Inline - #else - #define WC_INLINE - #endif - #else - #define WC_INLINE - #endif - #endif + #elif defined(__IAR_SYSTEMS_ICC__) + #define WC_INLINE inline + #elif defined(THREADX) + #define WC_INLINE _Inline + #else + #define WC_INLINE + #endif + #else + #define WC_INLINE + #endif + #endif #if defined(HAVE_FIPS) || defined(HAVE_SELFTEST) #define INLINE WC_INLINE @@ -170,19 +170,19 @@ #endif - /* set up thread local storage if available */ - #ifdef HAVE_THREAD_LS - #if defined(_MSC_VER) - #define THREAD_LS_T __declspec(thread) - /* Thread local storage only in FreeRTOS v8.2.1 and higher */ - #elif defined(FREERTOS) || defined(FREERTOS_TCP) - #define THREAD_LS_T - #else - #define THREAD_LS_T __thread - #endif - #else - #define THREAD_LS_T - #endif + /* set up thread local storage if available */ + #ifdef HAVE_THREAD_LS + #if defined(_MSC_VER) + #define THREAD_LS_T __declspec(thread) + /* Thread local storage only in FreeRTOS v8.2.1 and higher */ + #elif defined(FREERTOS) || defined(FREERTOS_TCP) + #define THREAD_LS_T + #else + #define THREAD_LS_T __thread + #endif + #else + #define THREAD_LS_T + #endif /* GCC 7 has new switch() fall-through detection */ #if defined(__GNUC__) @@ -194,23 +194,23 @@ #define FALL_THROUGH #endif - /* Micrium will use Visual Studio for compilation but not the Win32 API */ - #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \ - !defined(FREERTOS_TCP) && !defined(EBSNET) && \ + /* Micrium will use Visual Studio for compilation but not the Win32 API */ + #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \ + !defined(FREERTOS_TCP) && !defined(EBSNET) && \ !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS) - #define USE_WINDOWS_API - #endif + #define USE_WINDOWS_API + #endif - /* idea to add global alloc override by Moises Guimaraes */ - /* default to libc stuff */ - /* XREALLOC is used once in normal math lib, not in fast math lib */ - /* XFREE on some embedded systems doesn't like free(0) so test */ - #if defined(HAVE_IO_POOL) - WOLFSSL_API void* XMALLOC(size_t n, void* heap, int type); - WOLFSSL_API void* XREALLOC(void *p, size_t n, void* heap, int type); - WOLFSSL_API void XFREE(void *p, void* heap, int type); - #elif defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_INTEL_QA) + /* idea to add global alloc override by Moises Guimaraes */ + /* default to libc stuff */ + /* XREALLOC is used once in normal math lib, not in fast math lib */ + /* XFREE on some embedded systems doesn't like free(0) so test */ + #if defined(HAVE_IO_POOL) + WOLFSSL_API void* XMALLOC(size_t n, void* heap, int type); + WOLFSSL_API void* XREALLOC(void *p, size_t n, void* heap, int type); + WOLFSSL_API void XFREE(void *p, void* heap, int type); + #elif defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_INTEL_QA) #include #undef USE_WOLFSSL_MEMORY #ifdef WOLFSSL_DEBUG_MEMORY @@ -223,61 +223,61 @@ #define XREALLOC(p, n, h, t) IntelQaRealloc((p), (n), (h), (t)) #endif /* WOLFSSL_DEBUG_MEMORY */ #elif defined(XMALLOC_USER) - /* prototypes for user heap override functions */ - #include /* for size_t */ - extern void *XMALLOC(size_t n, void* heap, int type); - extern void *XREALLOC(void *p, size_t n, void* heap, int type); - extern void XFREE(void *p, void* heap, int type); - #elif defined(WOLFSSL_MEMORY_TRACKING) - #define XMALLOC(n, h, t) xmalloc(n, h, t, __FILE__, __LINE__) - #define XREALLOC(p, n, h, t) xrealloc(p, n, h, t, __FILE__, __LINE__) - #define XFREE(p, h, t) xfree(p, h, t, __FILE__, __LINE__) + /* prototypes for user heap override functions */ + #include /* for size_t */ + extern void *XMALLOC(size_t n, void* heap, int type); + extern void *XREALLOC(void *p, size_t n, void* heap, int type); + extern void XFREE(void *p, void* heap, int type); + #elif defined(WOLFSSL_MEMORY_LOG) + #define XMALLOC(n, h, t) xmalloc(n, h, t, __func__, __FILE__, __LINE__) + #define XREALLOC(p, n, h, t) xrealloc(p, n, h, t, __func__, __FILE__, __LINE__) + #define XFREE(p, h, t) xfree(p, h, t, __func__, __FILE__, __LINE__) /* prototypes for user heap override functions */ #include /* for size_t */ #include extern void *xmalloc(size_t n, void* heap, int type, const char* func, - unsigned int line); + const char* file, unsigned int line); extern void *xrealloc(void *p, size_t n, void* heap, int type, - const char* func, unsigned int line); + const char* func, const char* file, unsigned int line); extern void xfree(void *p, void* heap, int type, const char* func, - unsigned int line); + const char* file, unsigned int line); #elif defined(XMALLOC_OVERRIDE) /* override the XMALLOC, XFREE and XREALLOC macros */ - #elif defined(NO_WOLFSSL_MEMORY) - /* just use plain C stdlib stuff if desired */ - #include - #define XMALLOC(s, h, t) ((void)h, (void)t, malloc((s))) - #define XFREE(p, h, t) {void* xp = (p); if((xp)) free((xp));} - #define XREALLOC(p, n, h, t) realloc((p), (n)) - #elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \ - && !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \ - && !defined(FREESCALE_KSDK_MQX) && !defined(FREESCALE_FREE_RTOS) \ + #elif defined(NO_WOLFSSL_MEMORY) + /* just use plain C stdlib stuff if desired */ + #include + #define XMALLOC(s, h, t) ((void)h, (void)t, malloc((s))) + #define XFREE(p, h, t) {void* xp = (p); if((xp)) free((xp));} + #define XREALLOC(p, n, h, t) realloc((p), (n)) + #elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \ + && !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \ + && !defined(FREESCALE_KSDK_MQX) && !defined(FREESCALE_FREE_RTOS) \ && !defined(WOLFSSL_LEANPSK) && !defined(WOLFSSL_uITRON4) - /* default C runtime, can install different routines at runtime via cbs */ - #include + /* default C runtime, can install different routines at runtime via cbs */ + #include #ifdef WOLFSSL_STATIC_MEMORY #ifdef WOLFSSL_DEBUG_MEMORY - #define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t), __func__, __LINE__) - #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t), __func__, __LINE__);} - #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t), __func__, __LINE__) + #define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t), __func__, __LINE__) + #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t), __func__, __LINE__);} + #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t), __func__, __LINE__) #else - #define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t)) - #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t));} - #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t)) + #define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t)) + #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t));} + #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t)) #endif /* WOLFSSL_DEBUG_MEMORY */ #elif !defined(FREERTOS) && !defined(FREERTOS_TCP) #ifdef WOLFSSL_DEBUG_MEMORY - #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s), __func__, __LINE__)) - #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), __func__, __LINE__);} - #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), __func__, __LINE__) + #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s), __func__, __LINE__)) + #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), __func__, __LINE__);} + #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), __func__, __LINE__) #else - #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s))) - #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp));} - #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n)) + #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s))) + #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp));} + #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n)) #endif /* WOLFSSL_DEBUG_MEMORY */ #endif /* WOLFSSL_STATIC_MEMORY */ - #endif + #endif /* declare/free variable handling for async */ #ifdef WOLFSSL_ASYNC_CRYPT @@ -322,21 +322,21 @@ #define USE_WOLF_STRSEP #endif - #ifndef STRING_USER - #include - #define XMEMCPY(d,s,l) memcpy((d),(s),(l)) - #define XMEMSET(b,c,l) memset((b),(c),(l)) - #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n)) - #define XMEMMOVE(d,s,l) memmove((d),(s),(l)) + #ifndef STRING_USER + #include + #define XMEMCPY(d,s,l) memcpy((d),(s),(l)) + #define XMEMSET(b,c,l) memset((b),(c),(l)) + #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n)) + #define XMEMMOVE(d,s,l) memmove((d),(s),(l)) - #define XSTRLEN(s1) strlen((s1)) - #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n)) - /* strstr, strncmp, and strncat only used by wolfSSL proper, + #define XSTRLEN(s1) strlen((s1)) + #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n)) + /* strstr, strncmp, and strncat only used by wolfSSL proper, * not required for wolfCrypt only */ - #define XSTRSTR(s1,s2) strstr((s1),(s2)) - #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n)) - #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n)) - #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n)) + #define XSTRSTR(s1,s2) strstr((s1),(s2)) + #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n)) + #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n)) + #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n)) #ifdef USE_WOLF_STRSEP #define XSTRSEP(s1,d) wc_strsep((s1),(d)) @@ -348,14 +348,14 @@ /* XC32 does not support strncasecmp, so use case sensitive one */ #define XSTRNCASECMP(s1,s2,n) strncmp((s1),(s2),(n)) #elif defined(USE_WINDOWS_API) || defined(FREERTOS_TCP_WINSIM) - #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n)) + #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n)) #else #if defined(HAVE_STRINGS_H) && defined(WOLF_C99) && \ !defined(WOLFSSL_SGX) #include #endif - #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n)) - #endif + #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n)) + #endif /* snprintf is used in asn.c for GetTimeString, PKCS7 test, and when debugging is turned on */ @@ -381,7 +381,7 @@ #define XSTRTOK(s1,d,ptr) strtok_r((s1),(d),(ptr)) #endif #endif - #endif + #endif #ifdef USE_WOLF_STRTOK WOLFSSL_API char* wc_strtok(char *str, const char *delim, char **nextp); @@ -398,20 +398,20 @@ #endif #endif /* OPENSSL_EXTRA */ - #ifndef CTYPE_USER - #include - #if defined(HAVE_ECC) || defined(HAVE_OCSP) || \ + #ifndef CTYPE_USER + #include + #if defined(HAVE_ECC) || defined(HAVE_OCSP) || \ defined(WOLFSSL_KEY_GEN) || !defined(NO_DSA) - #define XTOUPPER(c) toupper((c)) - #define XISALPHA(c) isalpha((c)) - #endif - /* needed by wolfSSL_check_domain_name() */ - #define XTOLOWER(c) tolower((c)) - #endif + #define XTOUPPER(c) toupper((c)) + #define XISALPHA(c) isalpha((c)) + #endif + /* needed by wolfSSL_check_domain_name() */ + #define XTOLOWER(c) tolower((c)) + #endif - /* memory allocation types for user hints */ - enum { + /* memory allocation types for user hints */ + enum { DYNAMIC_TYPE_CA = 1, DYNAMIC_TYPE_CERT = 2, DYNAMIC_TYPE_KEY = 3, @@ -502,17 +502,17 @@ DYNAMIC_TYPE_HASH_TMP = 88, DYNAMIC_TYPE_BLOB = 89, DYNAMIC_TYPE_NAME_ENTRY = 90, - }; + }; - /* max error buffer string size */ + /* max error buffer string size */ #ifndef WOLFSSL_MAX_ERROR_SZ - #define WOLFSSL_MAX_ERROR_SZ 80 + #define WOLFSSL_MAX_ERROR_SZ 80 #endif - /* stack protection */ - enum { - MIN_STACK_BUFFER = 8 - }; + /* stack protection */ + enum { + MIN_STACK_BUFFER = 8 + }; /* Algorithm Types */ @@ -579,39 +579,39 @@ }; - /* settings detection for compile vs runtime math incompatibilities */ - enum { - #if !defined(USE_FAST_MATH) && !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG) - CTC_SETTINGS = 0x0 - #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG) && (SIZEOF_LONG == 8) - CTC_SETTINGS = 0x1 - #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 8) - CTC_SETTINGS = 0x2 - #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 4) - CTC_SETTINGS = 0x4 - #elif defined(USE_FAST_MATH) && !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG) - CTC_SETTINGS = 0x8 - #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG) && (SIZEOF_LONG == 8) - CTC_SETTINGS = 0x10 - #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 8) - CTC_SETTINGS = 0x20 - #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 4) - CTC_SETTINGS = 0x40 - #else - #error "bad math long / long long settings" - #endif - }; + /* settings detection for compile vs runtime math incompatibilities */ + enum { + #if !defined(USE_FAST_MATH) && !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG) + CTC_SETTINGS = 0x0 + #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG) && (SIZEOF_LONG == 8) + CTC_SETTINGS = 0x1 + #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 8) + CTC_SETTINGS = 0x2 + #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 4) + CTC_SETTINGS = 0x4 + #elif defined(USE_FAST_MATH) && !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG) + CTC_SETTINGS = 0x8 + #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG) && (SIZEOF_LONG == 8) + CTC_SETTINGS = 0x10 + #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 8) + CTC_SETTINGS = 0x20 + #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 4) + CTC_SETTINGS = 0x40 + #else + #error "bad math long / long long settings" + #endif + }; - WOLFSSL_API word32 CheckRunTimeSettings(void); + WOLFSSL_API word32 CheckRunTimeSettings(void); - /* If user uses RSA, DH, DSA, or ECC math lib directly then fast math and long - types need to match at compile time and run time, CheckCtcSettings will - return 1 if a match otherwise 0 */ - #define CheckCtcSettings() (CTC_SETTINGS == CheckRunTimeSettings()) + /* If user uses RSA, DH, DSA, or ECC math lib directly then fast math and long + types need to match at compile time and run time, CheckCtcSettings will + return 1 if a match otherwise 0 */ + #define CheckCtcSettings() (CTC_SETTINGS == CheckRunTimeSettings()) - /* invalid device id */ - #define INVALID_DEVID -2 + /* invalid device id */ + #define INVALID_DEVID -2 /* AESNI requires alignment and ARMASM gains some performance from it */ @@ -734,8 +734,8 @@ #define WC_MP_TO_RADIX #endif - #ifdef __cplusplus - } /* extern "C" */ - #endif + #ifdef __cplusplus + } /* extern "C" */ + #endif #endif /* WOLF_CRYPT_TYPES_H */