diff --git a/configure.ac b/configure.ac index b673c346ac..37751539e9 100644 --- a/configure.ac +++ b/configure.ac @@ -2554,32 +2554,7 @@ AC_ARG_ENABLE([staticmemory], if test "x$ENABLED_STATICMEMORY" = "xyes" then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY -DWOLFSSL_STATIC_MEMORY_MEDIUM" -fi - -if test "x$ENABLED_STATICMEMORY" = "xnone" -then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY" -fi - -if test "x$ENABLED_STATICMEMORY" = "xsmall" -then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY -DWOLFSSL_STATIC_MEMORY_SMALL" -fi - -if test "x$ENABLED_STATICMEMORY" = "xmedium" -then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY -DWOLFSSL_STATIC_MEMORY_MEDIUM" -fi - -if test "x$ENABLED_STATICMEMORY" = "xlarge" -then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY -DWOLFSSL_STATIC_MEMORY_LARGE" -fi - -if test "x$ENABLED_STATICMEMORY" = "xhuge" -then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY -DWOLFSSL_STATIC_MEMORY_HUGE" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY -DTFM_TIMING_RESISTANT" fi diff --git a/examples/client/client.c b/examples/client/client.c index 1f61a26a68..dc7948c6b0 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -980,7 +980,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } } -#ifdef USE_WOLFSSL_MEMORY +#if defined(USE_WOLFSSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY) if (trackMemory) InitMemoryTracker(); #endif @@ -1615,7 +1615,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) ((func_args*)args)->return_code = 0; -#ifdef USE_WOLFSSL_MEMORY +#if defined(USE_WOLFSSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY) if (trackMemory) ShowMemoryTracker(); #endif /* USE_WOLFSSL_MEMORY */ diff --git a/examples/server/server.c b/examples/server/server.c index f435e68576..1e65a7ba37 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -252,7 +252,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID; SOCKET_T clientfd = WOLFSSL_SOCKET_INVALID; +#ifdef WOLFSSL_STATIC_MEMORY + wolfSSLStaticMethod method = NULL; +#else SSL_METHOD* method = 0; +#endif SSL_CTX* ctx = 0; SSL* ssl = 0; @@ -319,6 +323,16 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) const char* wnrConfigFile = wnrConfig; #endif +#ifdef WOLFSSL_STATIC_MEMORY + #if defined(HAVE_ECC) && !defined(ALT_ECC_SIZE) + byte memory[200000]; + #else + byte memory[80000]; + #endif + byte memoryIO[34500]; /* max of 17k for IO buffer (TLS packet can be 16k) */ + WOLFSSL_MEM_CONN_STATS ssl_stats; +#endif + ((func_args*)args)->return_code = -1; /* error state */ #ifdef NO_RSA @@ -560,7 +574,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) } } -#ifdef USE_CYASSL_MEMORY +#if defined(USE_CYASSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY) if (trackMemory) InitMemoryTracker(); #endif @@ -574,18 +588,30 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #ifndef NO_OLD_TLS #ifdef WOLFSSL_ALLOW_SSLV3 case 0: +#ifdef WOLFSSL_STATIC_MEMORY + method = wolfSSLv3_server_static; +#else method = SSLv3_server_method(); +#endif break; #endif #ifndef NO_TLS case 1: +#ifdef WOLFSSL_STATIC_MEMORY + method = wolfTLSv1_server_static; +#else method = TLSv1_server_method(); +#endif break; case 2: +#ifdef WOLFSSL_STATIC_MEMORY + method = wolfTLSv1_1_server_static; +#else method = TLSv1_1_server_method(); +#endif break; #endif @@ -593,19 +619,31 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #ifndef NO_TLS case 3: +#ifdef WOLFSSL_STATIC_MEMORY + method = wolfTLSv1_2_server_static; +#else method = TLSv1_2_server_method(); +#endif break; #endif #ifdef CYASSL_DTLS #ifndef NO_OLD_TLS case -1: +#ifdef WOLFSSL_STATIC_MEMORY + method = wolfDTLSv1_server_static; +#else method = DTLSv1_server_method(); +#endif break; #endif case -2: +#ifdef WOLFSSL_STATIC_MEMORY + method = wolfDTLSv1_2_server_static; +#else method = DTLSv1_2_server_method(); +#endif break; #endif @@ -616,7 +654,19 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) if (method == NULL) err_sys("unable to get method"); +#ifdef WOLFSSL_STATIC_MEMORY + if (wolfSSL_CTX_load_static_memory(&ctx, method, memory, sizeof(memory),0,1) + != SSL_SUCCESS) + err_sys("unable to load static memory and create ctx"); + + /* load in a buffer for IO */ + if (wolfSSL_CTX_load_static_memory(&ctx, NULL, memoryIO, sizeof(memoryIO), + WOLFMEM_IO_POOL_FIXED | WOLFMEM_TRACK_STATS, 1) + != SSL_SUCCESS) + err_sys("unable to load static memory and create ctx"); +#else ctx = SSL_CTX_new(method); +#endif if (ctx == NULL) err_sys("unable to get ctx"); @@ -783,11 +833,32 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) err_sys("tcp accept failed"); } } +#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) + { + WOLFSSL_MEM_STATS mem_stats; + fprintf(stderr, "Before creating SSL\n"); + if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1) + err_sys("ctx not using static memory"); + if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */ + err_sys("error printing out memory stats"); + } +#endif ssl = SSL_new(ctx); if (ssl == NULL) err_sys("unable to get SSL"); +#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) + { + WOLFSSL_MEM_STATS mem_stats; + fprintf(stderr, "After creating SSL\n"); + if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1) + err_sys("ctx not using static memory"); + if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */ + err_sys("error printing out memory stats"); + } +#endif + #ifndef NO_HANDSHAKE_DONE_CB wolfSSL_SetHsDoneCb(ssl, myHsDoneCb, NULL); #endif @@ -972,6 +1043,20 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE) SSL_shutdown(ssl); /* bidirectional shutdown */ } + /* display collected statistics */ +#ifdef WOLFSSL_STATIC_MEMORY + if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1) + err_sys("static memory was not used with ssl"); + + fprintf(stderr, "\nprint off SSL memory stats\n"); + fprintf(stderr, "peak connection memory = %d\n", ssl_stats.peakMem); + fprintf(stderr, "current memory in use = %d\n", ssl_stats.curMem); + fprintf(stderr, "peak connection allocs = %d\n", ssl_stats.peakAlloc); + fprintf(stderr, "current connection allocs = %d\n",ssl_stats.curAlloc); + fprintf(stderr, "total connection allocs = %d\n",ssl_stats.totalAlloc); + fprintf(stderr, "total connection frees = %d\n\n", ssl_stats.totalFr); + +#endif SSL_free(ssl); CloseSocket(clientfd); @@ -987,6 +1072,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) } } /* while(1) */ + CloseSocket(sockfd); SSL_CTX_free(ctx); @@ -998,7 +1084,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) ecc_fp_free(); /* free per thread cache */ #endif -#ifdef USE_WOLFSSL_MEMORY +#if defined(USE_WOLFSSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY) if (trackMemory) ShowMemoryTracker(); #endif diff --git a/src/crl.c b/src/crl.c index 6653110dc9..a52234187e 100644 --- a/src/crl.c +++ b/src/crl.c @@ -51,6 +51,12 @@ int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm) { WOLFSSL_ENTER("InitCRL"); + /* default heap hint to null or test value */ +#ifdef WOLFSSL_HEAP_TEST + crl->heap = (void*)WOLFSSL_HEAP_TEST; +#else + crl->heap = NULL; +#endif crl->cm = cm; crl->crlList = NULL; crl->monitors[0].path = NULL; @@ -233,7 +239,7 @@ static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl) WOLFSSL_ENTER("AddCRL"); - crle = (CRL_Entry*)XMALLOC(sizeof(CRL_Entry), NULL, DYNAMIC_TYPE_CRL_ENTRY); + crle = (CRL_Entry*)XMALLOC(sizeof(CRL_Entry), crl->heap, DYNAMIC_TYPE_CRL_ENTRY); if (crle == NULL) { WOLFSSL_MSG("alloc CRL Entry failed"); return -1; @@ -241,14 +247,14 @@ static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl) if (InitCRL_Entry(crle, dcrl) < 0) { WOLFSSL_MSG("Init CRL Entry failed"); - XFREE(crle, NULL, DYNAMIC_TYPE_CRL_ENTRY); + XFREE(crle, crl->heap, DYNAMIC_TYPE_CRL_ENTRY); return -1; } if (LockMutex(&crl->crlLock) != 0) { WOLFSSL_MSG("LockMutex failed"); FreeCRL_Entry(crle); - XFREE(crle, NULL, DYNAMIC_TYPE_CRL_ENTRY); + XFREE(crle, crl->heap, DYNAMIC_TYPE_CRL_ENTRY); return BAD_MUTEX_E; } crle->next = crl->crlList; @@ -865,7 +871,7 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor) WOLFSSL_MSG("monitor path requested"); pathLen = (word32)XSTRLEN(path); - pathBuf = (char*)XMALLOC(pathLen+1, NULL, DYNAMIC_TYPE_CRL_MONITOR); + pathBuf = (char*)XMALLOC(pathLen+1, crl->heap,DYNAMIC_TYPE_CRL_MONITOR); if (pathBuf) { XSTRNCPY(pathBuf, path, pathLen); pathBuf[pathLen] = '\0'; /* Null Terminate */ diff --git a/src/internal.c b/src/internal.c index 9ee2ca0f65..df5c660ccd 100755 --- a/src/internal.c +++ b/src/internal.c @@ -1285,7 +1285,7 @@ void InitSSL_Method(WOLFSSL_METHOD* method, ProtocolVersion pv) /* Initialize SSL context, return 0 on success */ -int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method) +int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) { XMEMSET(ctx, 0, sizeof(WOLFSSL_CTX)); @@ -1345,7 +1345,7 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method) #endif #ifndef NO_CERTS - ctx->cm = wolfSSL_CertManagerNew(); + ctx->cm = wolfSSL_CertManagerNew_ex(heap); if (ctx->cm == NULL) { WOLFSSL_MSG("Bad Cert Manager New"); return BAD_CERT_MANAGER_ERROR; @@ -1366,6 +1366,17 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method) #endif #endif /* HAVE_WOLF_EVENT */ +#ifdef WOLFSSL_STATIC_MEMORY +#ifdef WOLFSSL_HEAP_TEST + if (heap == NULL) { + ctx->heap = (void*)WOLFSSL_HEAP_TEST; + } + else +#endif + ctx->heap = heap; /* wolfSSL_CTX_load_static_memory sets */ +#endif /* WOLFSSL_STATIC_MEMORY */ + (void)heap; + return 0; } @@ -1414,7 +1425,7 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) if (ctx->certOcspRequest) { FreeOcspRequest(ctx->certOcspRequest); - XFREE(ctx->certOcspRequest, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + XFREE(ctx->certOcspRequest, ctx->heap, DYNAMIC_TYPE_OCSP_REQUEST); } #endif @@ -1422,7 +1433,7 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) for (i = 0; i < MAX_CHAIN_DEPTH; i++) { if (ctx->chainOcspRequest[i]) { FreeOcspRequest(ctx->chainOcspRequest[i]); - XFREE(ctx->chainOcspRequest[i], NULL, DYNAMIC_TYPE_OCSP_REQUEST); + XFREE(ctx->chainOcspRequest[i], ctx->heap, DYNAMIC_TYPE_OCSP_REQUEST); } } #endif @@ -1430,6 +1441,18 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) #endif /* NO_WOLFSSL_SERVER */ #endif /* HAVE_TLS_EXTENSIONS */ +#ifdef WOLFSSL_STATIC_MEMORY + if (ctx->heap != NULL) { +#ifdef WOLFSSL_HEAP_TEST + if (ctx->heap != (void*)WOLFSSL_HEAP_TEST) { +#endif + WOLFSSL_HEAP_HINT* hint = (WOLFSSL_HEAP_HINT*)(ctx->heap); + FreeMutex(&((WOLFSSL_HEAP*)(hint->memory))->memory_mutex); +#ifdef WOLFSSL_HEAP_TEST + } +#endif + } +#endif } @@ -2465,22 +2488,24 @@ void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag) } -void FreeX509Name(WOLFSSL_X509_NAME* name) +void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap) { if (name != NULL) { if (name->dynamicName) - XFREE(name->name, NULL, DYNAMIC_TYPE_SUBJECT_CN); + XFREE(name->name, heap, DYNAMIC_TYPE_SUBJECT_CN); #ifdef OPENSSL_EXTRA if (name->fullName.fullName != NULL) - XFREE(name->fullName.fullName, NULL, DYNAMIC_TYPE_X509); + XFREE(name->fullName.fullName, heap, DYNAMIC_TYPE_X509); #endif /* OPENSSL_EXTRA */ } + (void)heap; } /* Initialize wolfSSL X509 type */ -void InitX509(WOLFSSL_X509* x509, int dynamicFlag) +void InitX509(WOLFSSL_X509* x509, int dynamicFlag, void* heap) { + x509->heap = heap; InitX509Name(&x509->issuer, 0); InitX509Name(&x509->subject, 0); x509->version = 0; @@ -2526,15 +2551,15 @@ void FreeX509(WOLFSSL_X509* x509) if (x509 == NULL) return; - FreeX509Name(&x509->issuer); - FreeX509Name(&x509->subject); + FreeX509Name(&x509->issuer, x509->heap); + FreeX509Name(&x509->subject, x509->heap); if (x509->pubKey.buffer) - XFREE(x509->pubKey.buffer, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(x509->pubKey.buffer, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); FreeDer(&x509->derCert); - XFREE(x509->sig.buffer, NULL, DYNAMIC_TYPE_SIGNATURE); + XFREE(x509->sig.buffer, x509->heap, DYNAMIC_TYPE_SIGNATURE); #ifdef OPENSSL_EXTRA - XFREE(x509->authKeyId, NULL, DYNAMIC_TYPE_X509_EXT); - XFREE(x509->subjKeyId, NULL, DYNAMIC_TYPE_X509_EXT); + XFREE(x509->authKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT); + XFREE(x509->subjKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT); #endif /* OPENSSL_EXTRA */ if (x509->altNames) FreeAltNames(x509->altNames, NULL); @@ -3021,7 +3046,6 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) ssl->options.failNoCertxPSK = ctx->failNoCertxPSK; ssl->options.sendVerify = ctx->sendVerify; - ssl->heap = ctx->heap; /* defaults to self */ ssl->options.partialWrite = ctx->partialWrite; ssl->options.quietShutdown = ctx->quietShutdown; ssl->options.groupMessages = ctx->groupMessages; @@ -3098,6 +3122,85 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx) XMEMSET(ssl, 0, sizeof(WOLFSSL)); +#if defined(WOLFSSL_STATIC_MEMORY) + if (ctx->heap != NULL) { + WOLFSSL_HEAP_HINT* ssl_hint; + WOLFSSL_HEAP_HINT* ctx_hint; + + /* avoid derefrencing a test value */ + #ifdef WOLFSSL_HEAP_TEST + if (ctx->heap == (void*)WOLFSSL_HEAP_TEST) { + ssl->heap = ctx->heap; + } + else { + #endif + ctx_hint = ((WOLFSSL_HEAP_HINT*)(ctx->heap)); + /* lock and check IO count / handshake count */ + if (LockMutex(&(ctx_hint->memory->memory_mutex)) != 0) { + WOLFSSL_MSG("Bad memory_mutex lock"); + return BAD_MUTEX_E; + } + if (ctx_hint->memory->maxHa <= ctx_hint->memory->curHa) { + WOLFSSL_MSG("At max number of handshakes for static memory"); + return MEMORY_E; + } + ctx_hint->memory->curHa++; + + if (ctx_hint->memory->maxIO <= ctx_hint->memory->curIO) { + WOLFSSL_MSG("At max number of IO allowed for static memory"); + return MEMORY_E; + } + ctx_hint->memory->curIO++; + UnLockMutex(&(ctx_hint->memory->memory_mutex)); + + ssl->heap = (WOLFSSL_HEAP_HINT*)XMALLOC(sizeof(WOLFSSL_HEAP_HINT), + ctx->heap, DYNAMIC_TYPE_SSL); + if (ssl->heap == NULL) { + return MEMORY_E; + } + XMEMSET(ssl->heap, 0, sizeof(WOLFSSL_HEAP_HINT)); + ssl_hint = ((WOLFSSL_HEAP_HINT*)(ssl->heap)); + ssl_hint->memory = ctx_hint->memory; + + /* check if tracking stats */ + if (ctx_hint->memory->flag & WOLFMEM_TRACK_STATS) { + ssl_hint->stats = (WOLFSSL_MEM_CONN_STATS*)XMALLOC( + sizeof(WOLFSSL_MEM_CONN_STATS), ctx->heap, DYNAMIC_TYPE_SSL); + if (ssl_hint->stats == NULL) { + return MEMORY_E; + } + XMEMSET(ssl_hint->stats, 0, sizeof(WOLFSSL_MEM_CONN_STATS)); + } + + /* check if using fixed IO buffers */ + if (ctx_hint->memory->flag & WOLFMEM_IO_POOL_FIXED) { + if (LockMutex(&(ctx_hint->memory->memory_mutex)) != 0) { + WOLFSSL_MSG("Bad memory_mutex lock"); + return BAD_MUTEX_E; + } + if (SetFixedIO(ctx_hint->memory, &(ssl_hint->inBuf)) != 1) { + return MEMORY_E; + } + if (SetFixedIO(ctx_hint->memory, &(ssl_hint->outBuf)) != 1) { + return MEMORY_E; + } + if (ssl_hint->outBuf == NULL || ssl_hint->inBuf == NULL) { + WOLFSSL_MSG("Not enough memory to create fixed IO buffers"); + return MEMORY_E; + } + UnLockMutex(&(ctx_hint->memory->memory_mutex)); + } + #ifdef WOLFSSL_HEAP_TEST + } + #endif + } + else { + ssl->heap = ctx->heap; + } +#else + ssl->heap = ctx->heap; /* carry over user heap without static memory */ +#endif + ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer; ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN; @@ -3105,7 +3208,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx) ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN; #if defined(KEEP_PEER_CERT) || defined(GOAHEAD_WS) - InitX509(&ssl->peerCert, 0); + InitX509(&ssl->peerCert, 0, ssl->heap); #endif ssl->rfd = -1; /* set to invalid descriptor */ @@ -3237,7 +3340,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx) return MEMORY_E; } - if ( (ret = wc_InitRng(ssl->rng)) != 0) { + if ( (ret = wc_InitRng_ex(ssl->rng, ssl->heap)) != 0) { WOLFSSL_MSG("RNG Init error"); return ret; } @@ -3285,7 +3388,7 @@ static void FreeKeyExchange(WOLFSSL* ssl) { /* Cleanup signature buffer */ if (ssl->buffers.sig.buffer) { - XFREE(ssl->buffers.sig.buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ssl->buffers.sig.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); ssl->buffers.sig.buffer = NULL; ssl->buffers.sig.length = 0; } @@ -3298,7 +3401,7 @@ static void FreeKeyExchange(WOLFSSL* ssl) case DYNAMIC_TYPE_RSA: { wc_FreeRsaKey((RsaKey*)ssl->sigKey); - XFREE(ssl->sigKey, NULL, DYNAMIC_TYPE_RSA); + XFREE(ssl->sigKey, ssl->heap, DYNAMIC_TYPE_RSA); break; } #endif /* ! NO_RSA */ @@ -3306,7 +3409,7 @@ static void FreeKeyExchange(WOLFSSL* ssl) case DYNAMIC_TYPE_ECC: { wc_ecc_free((ecc_key*)ssl->sigKey); - XFREE(ssl->sigKey, NULL, DYNAMIC_TYPE_ECC); + XFREE(ssl->sigKey, ssl->heap, DYNAMIC_TYPE_ECC); break; } #endif /* HAVE_ECC */ @@ -3418,7 +3521,7 @@ void SSL_ResourceFree(WOLFSSL* ssl) #ifdef HAVE_ALPN if (ssl->alpn_client_list != NULL) { - XFREE(ssl->alpn_client_list, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); ssl->alpn_client_list = NULL; } #endif @@ -3439,6 +3542,35 @@ void SSL_ResourceFree(WOLFSSL* ssl) ssl->session.ticketLen = 0; } #endif + +#ifdef WOLFSSL_STATIC_MEMORY + /* check if using fixed io buffers and free them */ + if (ssl->heap != NULL) { + #ifdef WOLFSSL_HEAP_TEST + if (ssl->heap != (void*)WOLFSSL_HEAP_TEST) { + #endif + WOLFSSL_HEAP_HINT* ssl_hint = (WOLFSSL_HEAP_HINT*)ssl->heap; + WOLFSSL_HEAP* ctx_heap; + + ctx_heap = ssl_hint->memory; + ctx_heap->curIO--; + if (FreeFixedIO(ctx_heap, &(ssl_hint->outBuf)) != 1) { + WOLFSSL_MSG("Error freeing fixed output buffer"); + } + if (FreeFixedIO(ctx_heap, &(ssl_hint->inBuf)) != 1) { + WOLFSSL_MSG("Error freeing fixed output buffer"); + } + + /* check if tracking stats */ + if (ctx_heap->flag & WOLFMEM_TRACK_STATS) { + XFREE(ssl_hint->stats, ssl->ctx->heap, DYNAMIC_TYPE_SSL); + } + XFREE(ssl->heap, ssl_hint, DYNAMIC_TYPE_SSL); + #ifdef WOLFSSL_HEAP_TEST + } + #endif + } +#endif /* WOLFSSL_STATIC_MEMORY */ } #ifdef WOLFSSL_TI_HASH @@ -3586,16 +3718,38 @@ void FreeHandshakeResources(WOLFSSL* ssl) } #endif +#ifdef WOLFSSL_STATIC_MEMORY + /* when done with handshake decrement current handshake count */ + if (ssl->heap != NULL) { + #ifdef WOLFSSL_HEAP_TEST + if (ssl->heap != (void*)WOLFSSL_HEAP_TEST) { + #endif + WOLFSSL_HEAP_HINT* ssl_hint = (WOLFSSL_HEAP_HINT*)ssl->heap; + WOLFSSL_HEAP* ctx_heap; + + ctx_heap = ssl_hint->memory; + if (LockMutex(&(ctx_heap->memory_mutex)) != 0) { + WOLFSSL_MSG("Bad memory_mutex lock"); + } + ctx_heap->curHa--; + UnLockMutex(&(ctx_heap->memory_mutex)); + #ifdef WOLFSSL_HEAP_TEST + } + #endif + } +#endif /* WOLFSSL_STATIC_MEMORY */ } -void FreeSSL(WOLFSSL* ssl) +/* heap argument is the heap hint used when creating SSL */ +void FreeSSL(WOLFSSL* ssl, void* heap) { if (ssl->ctx) { FreeSSL_Ctx(ssl->ctx); /* will decrement and free underyling CTX if 0 */ } SSL_ResourceFree(ssl); - XFREE(ssl, ssl->heap, DYNAMIC_TYPE_SSL); + XFREE(ssl, heap, DYNAMIC_TYPE_SSL); + (void)heap; } @@ -5653,7 +5807,8 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) XMEMCPY(&x509->issuer.fullName, &dCert->issuerName, sizeof(DecodedName)); x509->issuer.fullName.fullName = (char*)XMALLOC( - dCert->issuerName.fullNameLen, NULL, DYNAMIC_TYPE_X509); + dCert->issuerName.fullNameLen, x509->heap, + DYNAMIC_TYPE_X509); if (x509->issuer.fullName.fullName != NULL) XMEMCPY(x509->issuer.fullName.fullName, dCert->issuerName.fullName, dCert->issuerName.fullNameLen); @@ -5669,7 +5824,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) XMEMCPY(&x509->subject.fullName, &dCert->subjectName, sizeof(DecodedName)); x509->subject.fullName.fullName = (char*)XMALLOC( - dCert->subjectName.fullNameLen, NULL, DYNAMIC_TYPE_X509); + dCert->subjectName.fullNameLen, x509->heap, DYNAMIC_TYPE_X509); if (x509->subject.fullName.fullName != NULL) XMEMCPY(x509->subject.fullName.fullName, dCert->subjectName.fullName, dCert->subjectName.fullNameLen); @@ -5730,7 +5885,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) if (dCert->publicKey != NULL && dCert->pubKeySize != 0) { x509->pubKey.buffer = (byte*)XMALLOC( - dCert->pubKeySize, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + dCert->pubKeySize, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (x509->pubKey.buffer != NULL) { x509->pubKeyOID = dCert->keyOID; x509->pubKey.length = dCert->pubKeySize; @@ -5742,7 +5897,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) if (dCert->signature != NULL && dCert->sigLength != 0) { x509->sig.buffer = (byte*)XMALLOC( - dCert->sigLength, NULL, DYNAMIC_TYPE_SIGNATURE); + dCert->sigLength, x509->heap, DYNAMIC_TYPE_SIGNATURE); if (x509->sig.buffer == NULL) { ret = MEMORY_E; } @@ -5754,7 +5909,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) } /* store cert for potential retrieval */ - if (AllocDer(&x509->derCert, dCert->maxIdx, CERT_TYPE, NULL) == 0) { + if (AllocDer(&x509->derCert, dCert->maxIdx, CERT_TYPE, x509->heap) == 0) { XMEMCPY(x509->derCert->buffer, dCert->source, dCert->maxIdx); } else { @@ -5778,7 +5933,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) x509->authKeyIdSet = dCert->extAuthKeyIdSet; x509->authKeyIdCrit = dCert->extAuthKeyIdCrit; if (dCert->extAuthKeyIdSrc != NULL && dCert->extAuthKeyIdSz != 0) { - x509->authKeyId = (byte*)XMALLOC(dCert->extAuthKeyIdSz, NULL, + x509->authKeyId = (byte*)XMALLOC(dCert->extAuthKeyIdSz, x509->heap, DYNAMIC_TYPE_X509_EXT); if (x509->authKeyId != NULL) { XMEMCPY(x509->authKeyId, @@ -5791,7 +5946,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) x509->subjKeyIdSet = dCert->extSubjKeyIdSet; x509->subjKeyIdCrit = dCert->extSubjKeyIdCrit; if (dCert->extSubjKeyIdSrc != NULL && dCert->extSubjKeyIdSz != 0) { - x509->subjKeyId = (byte*)XMALLOC(dCert->extSubjKeyIdSz, NULL, + x509->subjKeyId = (byte*)XMALLOC(dCert->extSubjKeyIdSz, x509->heap, DYNAMIC_TYPE_X509_EXT); if (x509->subjKeyId != NULL) { XMEMCPY(x509->subjKeyId, @@ -6339,12 +6494,12 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, WOLFSSL_MSG("PeerEccDsaKey Memory error"); return MEMORY_E; } - wc_ecc_init(ssl->peerEccDsaKey); + wc_ecc_init_h(ssl->peerEccDsaKey, ssl->ctx->heap); } else if (ssl->peerEccDsaKeyPresent) { /* don't leak on reuse */ wc_ecc_free(ssl->peerEccDsaKey); ssl->peerEccDsaKeyPresent = 0; - wc_ecc_init(ssl->peerEccDsaKey); + wc_ecc_init_h(ssl->peerEccDsaKey, ssl->ctx->heap); } if (wc_ecc_import_x963(dCert->publicKey, dCert->pubKeySize, ssl->peerEccDsaKey) != 0) { @@ -10139,15 +10294,15 @@ int SendCertificateStatus(WOLFSSL* ssl) return MEMORY_E; #endif - InitDecodedCert(cert, der->buffer, der->length, NULL); + InitDecodedCert(cert, der->buffer, der->length, ssl->heap); if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, ssl->ctx->cm)) != 0) { WOLFSSL_MSG("ParseCert failed"); } else { - request = (OcspRequest*)XMALLOC(sizeof(OcspRequest), NULL, - DYNAMIC_TYPE_OCSP_REQUEST); + request = (OcspRequest*)XMALLOC(sizeof(OcspRequest), + ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); if (request == NULL) { FreeDecodedCert(cert); @@ -10160,7 +10315,7 @@ int SendCertificateStatus(WOLFSSL* ssl) ret = InitOcspRequest(request, cert, 0); if (ret != 0) { - XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); } else if (!ssl->buffers.weOwnCert && 0 == LockMutex( &ssl->ctx->cm->ocsp_stapling->ocspLock)) { @@ -10192,13 +10347,13 @@ int SendCertificateStatus(WOLFSSL* ssl) ret = BuildCertificateStatus(ssl, status_type, &response, 1); - XFREE(response.buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(response.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); } } if (request != ssl->ctx->certOcspRequest) - XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); } break; @@ -10236,15 +10391,15 @@ int SendCertificateStatus(WOLFSSL* ssl) return MEMORY_E; #endif - InitDecodedCert(cert, der->buffer, der->length, NULL); + InitDecodedCert(cert, der->buffer, der->length, ssl->heap); if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, ssl->ctx->cm)) != 0) { WOLFSSL_MSG("ParseCert failed"); } else { - request = (OcspRequest*)XMALLOC(sizeof(OcspRequest), NULL, - DYNAMIC_TYPE_OCSP_REQUEST); + request = (OcspRequest*)XMALLOC(sizeof(OcspRequest), + ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); if (request == NULL) { FreeDecodedCert(cert); @@ -10257,7 +10412,7 @@ int SendCertificateStatus(WOLFSSL* ssl) ret = InitOcspRequest(request, cert, 0); if (ret != 0) { - XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); } else if (!ssl->buffers.weOwnCert && 0 == LockMutex( &ssl->ctx->cm->ocsp_stapling->ocspLock)) { @@ -10287,7 +10442,7 @@ int SendCertificateStatus(WOLFSSL* ssl) } if (request != ssl->ctx->certOcspRequest) - XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); if (ret == 0 && (!ssl->ctx->chainOcspRequest[0] || ssl->buffers.weOwnCertChain)) { @@ -10318,7 +10473,7 @@ int SendCertificateStatus(WOLFSSL* ssl) if (idx > ssl->buffers.certChain->length) break; - InitDecodedCert(cert, der.buffer, der.length, NULL); + InitDecodedCert(cert, der.buffer, der.length, ssl->heap); if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, ssl->ctx->cm)) != 0) { @@ -10327,7 +10482,7 @@ int SendCertificateStatus(WOLFSSL* ssl) } else { request = (OcspRequest*)XMALLOC(sizeof(OcspRequest), - NULL, DYNAMIC_TYPE_OCSP_REQUEST); + ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); if (request == NULL) { ret = MEMORY_E; break; @@ -10335,7 +10490,7 @@ int SendCertificateStatus(WOLFSSL* ssl) ret = InitOcspRequest(request, cert, 0); if (ret != 0) { - XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + XFREE(request, ssl->heap,DYNAMIC_TYPE_OCSP_REQUEST); break; } else if (!ssl->buffers.weOwnCertChain && 0 == @@ -10358,7 +10513,7 @@ int SendCertificateStatus(WOLFSSL* ssl) ret = 0; if (request != ssl->ctx->chainOcspRequest[i]) - XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + XFREE(request, ssl->heap,DYNAMIC_TYPE_OCSP_REQUEST); i++; } @@ -10391,7 +10546,7 @@ int SendCertificateStatus(WOLFSSL* ssl) for (i = 0; i < 1 + MAX_CHAIN_DEPTH; i++) if (responses[i].buffer) - XFREE(responses[i].buffer, NULL, + XFREE(responses[i].buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); } } @@ -13075,11 +13230,11 @@ static void PickHashSigAlgo(WOLFSSL* ssl, WOLFSSL_MSG("PeerEccKey Memory error"); return MEMORY_E; } - wc_ecc_init(ssl->peerEccKey); + wc_ecc_init_h(ssl->peerEccKey, ssl->ctx->heap); } else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */ wc_ecc_free(ssl->peerEccKey); ssl->peerEccKeyPresent = 0; - wc_ecc_init(ssl->peerEccKey); + wc_ecc_init_h(ssl->peerEccKey, ssl->ctx->heap); } if (wc_ecc_import_x963(input + *inOutIdx, length, @@ -13256,11 +13411,11 @@ static void PickHashSigAlgo(WOLFSSL* ssl, WOLFSSL_MSG("PeerEccKey Memory error"); return MEMORY_E; } - wc_ecc_init(ssl->peerEccKey); + wc_ecc_init_h(ssl->peerEccKey, ssl->ctx->heap); } else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */ wc_ecc_free(ssl->peerEccKey); ssl->peerEccKeyPresent = 0; - wc_ecc_init(ssl->peerEccKey); + wc_ecc_init_h(ssl->peerEccKey, ssl->ctx->heap); } if (wc_ecc_import_x963(input + *inOutIdx, length, @@ -14057,7 +14212,7 @@ static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer) buf = ssl->QSH_secret->CliSi; } buf->length = sz; - buf->buffer = (byte*)XMALLOC(sz, buf->buffer, DYNAMIC_TYPE_TMP_BUFFER); + buf->buffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (buf->buffer == NULL) { WOLFSSL_ERROR(MEMORY_E); } @@ -14490,7 +14645,7 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer) return NO_PEER_KEY; } - wc_ecc_init(&myKey); + wc_ecc_init_h(&myKey, ssl->heap); ret = wc_ecc_make_key(ssl->rng, peerKey->dp->size, &myKey); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK @@ -14639,7 +14794,7 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer) return NO_PEER_KEY; } - wc_ecc_init(&myKey); + wc_ecc_init_h(&myKey, ssl->heap); ret = wc_ecc_make_key(ssl->rng, peerKey->dp->size, &myKey); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK @@ -14870,7 +15025,7 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer) return ret; #ifdef HAVE_ECC - wc_ecc_init(&eccKey); + wc_ecc_init_h(&eccKey, ssl->heap); #endif #ifndef NO_RSA ret = wc_InitRsaKey(&key, ssl->heap); @@ -15602,7 +15757,7 @@ int DoSessionTicket(WOLFSSL* ssl, WOLFSSL_MSG("EccTempKey Memory error"); ERROR_OUT(MEMORY_E, exit_sske); } - wc_ecc_init(ssl->eccTempKey); + wc_ecc_init_h(ssl->eccTempKey, ssl->heap); } ret = EccMakeTempKey(ssl); break; @@ -15763,7 +15918,7 @@ int DoSessionTicket(WOLFSSL* ssl, length = ENUM_LEN + CURVE_LEN + ENUM_LEN; exportSz = MAX_EXPORT_ECC_SZ; - exportBuf = (byte*)XMALLOC(exportSz, NULL, + exportBuf = (byte*)XMALLOC(exportSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); if (exportBuf == NULL) { ERROR_OUT(MEMORY_E, exit_sske); @@ -15826,7 +15981,8 @@ int DoSessionTicket(WOLFSSL* ssl, /* Export temp ECC key and add to length */ exportSz = MAX_EXPORT_ECC_SZ; - exportBuf = (byte*)XMALLOC(exportSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + exportBuf = (byte*)XMALLOC(exportSz, ssl->heap, + DYNAMIC_TYPE_TMP_BUFFER); if (exportBuf == NULL) { ERROR_OUT(MEMORY_E, exit_sske); } @@ -15846,19 +16002,22 @@ int DoSessionTicket(WOLFSSL* ssl, word32 i = 0; int keySz; - ssl->sigKey = XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA); + ssl->sigKey = XMALLOC(sizeof(RsaKey), ssl->heap, + DYNAMIC_TYPE_RSA); if (ssl->sigKey == NULL) { ERROR_OUT(MEMORY_E, exit_sske); } ssl->sigType = DYNAMIC_TYPE_RSA; - ret = wc_InitRsaKey((RsaKey*)ssl->sigKey, ssl->heap); + ret = wc_InitRsaKey((RsaKey*)ssl->sigKey, + ssl->heap); if (ret != 0) { goto exit_sske; } - ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &i, - (RsaKey*)ssl->sigKey, ssl->buffers.key->length); + ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, + &i, (RsaKey*)ssl->sigKey, + ssl->buffers.key->length); if (ret != 0) { goto exit_sske; } @@ -15878,16 +16037,18 @@ int DoSessionTicket(WOLFSSL* ssl, case ecc_dsa_sa_algo: { word32 i = 0; - ssl->sigKey = XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_ECC); + ssl->sigKey = XMALLOC(sizeof(ecc_key), + ssl->heap, DYNAMIC_TYPE_ECC); if (ssl->sigKey == NULL) { ERROR_OUT(MEMORY_E, exit_sske); } ssl->sigType = DYNAMIC_TYPE_ECC; - wc_ecc_init((ecc_key*)ssl->sigKey); + wc_ecc_init_h((ecc_key*)ssl->sigKey, ssl->heap); - ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &i, - (ecc_key*)ssl->sigKey, ssl->buffers.key->length); + ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, + &i, (ecc_key*)ssl->sigKey, + ssl->buffers.key->length); if (ret != 0) { goto exit_sske; } @@ -16005,7 +16166,8 @@ int DoSessionTicket(WOLFSSL* ssl, /* Assemble buffer to hash for signature */ sigDataSz = RAN_LEN + RAN_LEN + preSigSz; - sigDataBuf = (byte*)XMALLOC(sigDataSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + sigDataBuf = (byte*)XMALLOC(sigDataSz, ssl->heap, + DYNAMIC_TYPE_TMP_BUFFER); if (sigDataBuf == NULL) { ERROR_OUT(MEMORY_E, exit_sske); } @@ -16015,7 +16177,7 @@ int DoSessionTicket(WOLFSSL* ssl, ssl->buffers.sig.length = wc_HashGetDigestSize(hashType); ssl->buffers.sig.buffer = (byte*)XMALLOC(ssl->buffers.sig.length, - NULL, DYNAMIC_TYPE_TMP_BUFFER); + ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); if (ssl->buffers.sig.buffer == NULL) { ERROR_OUT(MEMORY_E, exit_sske); } @@ -16038,12 +16200,13 @@ int DoSessionTicket(WOLFSSL* ssl, /* For TLS 1.2 re-encode signature */ if (IsAtLeastTLSv1_2(ssl)) { int typeH = 0; - byte* encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, - DYNAMIC_TYPE_TMP_BUFFER); + byte* encodedSig = (byte*)XMALLOC( + MAX_ENCODED_SIG_SZ, ssl->heap, + DYNAMIC_TYPE_TMP_BUFFER); if (encodedSig == NULL) { ERROR_OUT(MEMORY_E, exit_sske); } - + switch (ssl->suites->hashAlgo) { case sha512_mac: #ifdef WOLFSSL_SHA512 @@ -16073,7 +16236,8 @@ int DoSessionTicket(WOLFSSL* ssl, ssl->buffers.sig.buffer, ssl->buffers.sig.length, typeH); /* Replace sig buffer with new one */ - XFREE(ssl->buffers.sig.buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ssl->buffers.sig.buffer, ssl->heap, + DYNAMIC_TYPE_TMP_BUFFER); ssl->buffers.sig.buffer = encodedSig; } @@ -16138,13 +16302,14 @@ int DoSessionTicket(WOLFSSL* ssl, word32 i = 0; int keySz; - ssl->sigKey = XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA); + ssl->sigKey = XMALLOC(sizeof(RsaKey), ssl->heap, + DYNAMIC_TYPE_RSA); if (ssl->sigKey == NULL) { ERROR_OUT(MEMORY_E, exit_sske); } ssl->sigType = DYNAMIC_TYPE_RSA; - ret = wc_InitRsaKey((RsaKey*)ssl->sigKey, ssl->heap); + ret = wc_InitRsaKey((RsaKey*)ssl->sigKey,ssl->heap); if (ret != 0) { goto exit_sske; } @@ -16283,7 +16448,8 @@ int DoSessionTicket(WOLFSSL* ssl, /* Assemble buffer to hash for signature */ sigDataSz = RAN_LEN + RAN_LEN + preSigSz; - sigDataBuf = (byte*)XMALLOC(sigDataSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + sigDataBuf = (byte*)XMALLOC(sigDataSz, ssl->heap, + DYNAMIC_TYPE_TMP_BUFFER); if (sigDataBuf == NULL) { ERROR_OUT(MEMORY_E, exit_sske); } @@ -16292,8 +16458,9 @@ int DoSessionTicket(WOLFSSL* ssl, XMEMCPY(sigDataBuf+RAN_LEN+RAN_LEN, output + preSigIdx, preSigSz); ssl->buffers.sig.length = wc_HashGetDigestSize(hashType); - ssl->buffers.sig.buffer = (byte*)XMALLOC(ssl->buffers.sig.length, - NULL, DYNAMIC_TYPE_TMP_BUFFER); + ssl->buffers.sig.buffer = (byte*)XMALLOC( + ssl->buffers.sig.length, ssl->heap, + DYNAMIC_TYPE_TMP_BUFFER); if (ssl->buffers.sig.buffer == NULL) { ERROR_OUT(MEMORY_E, exit_sske); } @@ -16316,12 +16483,13 @@ int DoSessionTicket(WOLFSSL* ssl, /* For TLS 1.2 re-encode signature */ if (IsAtLeastTLSv1_2(ssl)) { int typeH = 0; - byte* encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, - DYNAMIC_TYPE_TMP_BUFFER); + byte* encodedSig = (byte*)XMALLOC( + MAX_ENCODED_SIG_SZ, ssl->heap, + DYNAMIC_TYPE_TMP_BUFFER); if (encodedSig == NULL) { ERROR_OUT(MEMORY_E, exit_sske); } - + switch (ssl->suites->hashAlgo) { case sha512_mac: #ifdef WOLFSSL_SHA512 @@ -16351,7 +16519,8 @@ int DoSessionTicket(WOLFSSL* ssl, ssl->buffers.sig.buffer, ssl->buffers.sig.length, typeH); /* Replace sig buffer with new one */ - XFREE(ssl->buffers.sig.buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ssl->buffers.sig.buffer, ssl->heap, + DYNAMIC_TYPE_TMP_BUFFER); ssl->buffers.sig.buffer = encodedSig; } @@ -16567,13 +16736,13 @@ int DoSessionTicket(WOLFSSL* ssl, /* Handle cleanup for stack variables here */ #if defined(HAVE_ECC) if (exportBuf) { - XFREE(exportBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(exportBuf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); exportBuf = NULL; } #endif #if defined(HAVE_ECC) || (!defined(NO_DH) && !defined(NO_RSA)) if (sigDataBuf) { - XFREE(sigDataBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(sigDataBuf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); sigDataBuf = NULL; } #endif @@ -17972,7 +18141,8 @@ int DoSessionTicket(WOLFSSL* ssl, word32 i = 0; int keySz; - ssl->sigKey = XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA); + ssl->sigKey = XMALLOC(sizeof(RsaKey), ssl->heap, + DYNAMIC_TYPE_RSA); if (ssl->sigKey == NULL) { ERROR_OUT(MEMORY_E, exit_dcke); } @@ -18152,11 +18322,11 @@ int DoSessionTicket(WOLFSSL* ssl, WOLFSSL_MSG("PeerEccKey Memory error"); ERROR_OUT(MEMORY_E, exit_dcke); } - wc_ecc_init(ssl->peerEccKey); + wc_ecc_init_h(ssl->peerEccKey, ssl->heap); } else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */ wc_ecc_free(ssl->peerEccKey); ssl->peerEccKeyPresent = 0; - wc_ecc_init(ssl->peerEccKey); + wc_ecc_init_h(ssl->peerEccKey, ssl->heap); } if (wc_ecc_import_x963(input + idx, length, ssl->peerEccKey)) { @@ -18171,13 +18341,14 @@ int DoSessionTicket(WOLFSSL* ssl, if (ssl->specs.static_ecdh) { word32 i = 0; - ssl->sigKey = XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_ECC); + ssl->sigKey = XMALLOC(sizeof(ecc_key), ssl->heap, + DYNAMIC_TYPE_ECC); if (ssl->sigKey == NULL) { ERROR_OUT(MEMORY_E, exit_dcke); } ssl->sigType = DYNAMIC_TYPE_ECC; - wc_ecc_init((ecc_key*)ssl->sigKey); + wc_ecc_init_h((ecc_key*)ssl->sigKey, ssl->heap); ret = wc_EccPrivateKeyDecode( ssl->buffers.key->buffer, @@ -18361,11 +18532,11 @@ int DoSessionTicket(WOLFSSL* ssl, WOLFSSL_MSG("PeerEccKey Memory error"); ERROR_OUT(MEMORY_E, exit_dcke); } - wc_ecc_init(ssl->peerEccKey); + wc_ecc_init_h(ssl->peerEccKey, ssl->heap); } else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */ wc_ecc_free(ssl->peerEccKey); ssl->peerEccKeyPresent = 0; - wc_ecc_init(ssl->peerEccKey); + wc_ecc_init_h(ssl->peerEccKey, ssl->heap); } if (wc_ecc_import_x963(input + idx, length, ssl->peerEccKey)) { diff --git a/src/ssl.c b/src/ssl.c index 8f0e6d9288..f557405f9e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -294,11 +294,11 @@ static wolfSSL_Mutex count_mutex; /* init ref count mutex */ This function frees the passed in WOLFSSL_METHOD struct on failure and on success is freed when ctx is freed. */ -WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method) +WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap) { WOLFSSL_CTX* ctx = NULL; - WOLFSSL_ENTER("WOLFSSL_CTX_new"); + WOLFSSL_ENTER("WOLFSSL_CTX_new_ex"); if (initRefCount == 0) { /* user no longer forced to call Init themselves */ @@ -307,7 +307,7 @@ WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method) WOLFSSL_MSG("wolfSSL_Init failed"); WOLFSSL_LEAVE("WOLFSSL_CTX_new", 0); if (method != NULL) { - XFREE(method, NULL, DYNAMIC_TYPE_METHOD); + XFREE(method, heap, DYNAMIC_TYPE_METHOD); } return NULL; } @@ -316,9 +316,9 @@ WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method) if (method == NULL) return ctx; - ctx = (WOLFSSL_CTX*) XMALLOC(sizeof(WOLFSSL_CTX), 0, DYNAMIC_TYPE_CTX); + ctx = (WOLFSSL_CTX*) XMALLOC(sizeof(WOLFSSL_CTX), heap, DYNAMIC_TYPE_CTX); if (ctx) { - if (InitSSL_Ctx(ctx, method) < 0) { + if (InitSSL_Ctx(ctx, method, heap) < 0) { WOLFSSL_MSG("Init CTX failed"); wolfSSL_CTX_free(ctx); ctx = NULL; @@ -326,7 +326,7 @@ WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method) } else { WOLFSSL_MSG("Alloc CTX failed, method freed"); - XFREE(method, NULL, DYNAMIC_TYPE_METHOD); + XFREE(method, heap, DYNAMIC_TYPE_METHOD); } WOLFSSL_LEAVE("WOLFSSL_CTX_new", 0); @@ -334,6 +334,12 @@ WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method) } +WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method) +{ + return wolfSSL_CTX_new_ex(method, NULL); +} + + void wolfSSL_CTX_free(WOLFSSL_CTX* ctx) { WOLFSSL_ENTER("SSL_CTX_free"); @@ -354,10 +360,10 @@ WOLFSSL* wolfSSL_new(WOLFSSL_CTX* ctx) if (ctx == NULL) return ssl; - ssl = (WOLFSSL*) XMALLOC(sizeof(WOLFSSL), ctx->heap,DYNAMIC_TYPE_SSL); + ssl = (WOLFSSL*) XMALLOC(sizeof(WOLFSSL), ctx->heap, DYNAMIC_TYPE_SSL); if (ssl) if ( (ret = InitSSL(ssl, ctx)) < 0) { - FreeSSL(ssl); + FreeSSL(ssl, ctx->heap); ssl = 0; } @@ -370,7 +376,7 @@ void wolfSSL_free(WOLFSSL* ssl) { WOLFSSL_ENTER("SSL_free"); if (ssl) - FreeSSL(ssl); + FreeSSL(ssl, ssl->ctx->heap); WOLFSSL_LEAVE("SSL_free", 0); } @@ -617,6 +623,154 @@ int wolfSSL_GetObjectSize(void) return sizeof(WOLFSSL); } #endif +#ifdef WOLFSSL_STATIC_MEMORY + + +int wolfSSL_init_memory_heap(WOLFSSL_HEAP* heap) +{ + /* default size of chunks of memory to seperate into */ + word32 wc_defaultMemSz[WOLFMEM_DEF_BUCKETS] = + { 64, 128, 256, 512, 1024, 2400, 3408, 4544, 16000 }; + word32 wc_defaultDist[WOLFMEM_DEF_BUCKETS] = { 8, 4, 4, 12, 4, 5, 2, 1, 1 }; + + if (heap == NULL) { + return BAD_FUNC_ARG; + } + + XMEMSET(heap, 0, sizeof(WOLFSSL_HEAP)); + + /* default pool sizes and distribution, else leave a 0's for now */ + if (WOLFMEM_DEF_BUCKETS == WOLFMEM_MAX_BUCKETS) { + XMEMCPY(heap->sizeList, wc_defaultMemSz, sizeof(wc_defaultMemSz)); + XMEMCPY(heap->distList, wc_defaultDist, sizeof(wc_defaultMemSz)); + } + + if (InitMutex(&(heap->memory_mutex)) != 0) { + WOLFSSL_MSG("Error creating heap memory mutex"); + } + + return SSL_SUCCESS; +} + +int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx, wolfSSLStaticMethod method, + unsigned char* buf, unsigned int sz, + int flag, int max) +{ + WOLFSSL_HEAP* heap; + WOLFSSL_HEAP_HINT* hint; + word32 idx = 0; + + if (ctx == NULL || buf == NULL) { + return BAD_FUNC_ARG; + } + + if (*ctx == NULL && method == NULL) { + return BAD_FUNC_ARG; + } + + if (*ctx == NULL) { + heap = (WOLFSSL_HEAP*)buf; + idx += sizeof(WOLFSSL_HEAP); + if (wolfSSL_init_memory_heap(heap) != SSL_SUCCESS) { + return SSL_FAILURE; + } + hint = (WOLFSSL_HEAP_HINT*)(buf + idx); + idx += sizeof(WOLFSSL_HEAP_HINT); + XMEMSET(hint, 0, sizeof(WOLFSSL_HEAP_HINT)); + hint->memory = heap; + } + else if ((*ctx)->heap == NULL) { + heap = (WOLFSSL_HEAP*)buf; + idx += sizeof(WOLFSSL_HEAP); + if (wolfSSL_init_memory_heap(heap) != SSL_SUCCESS) { + return SSL_FAILURE; + } + hint = (WOLFSSL_HEAP_HINT*)(buf + idx); + idx += sizeof(WOLFSSL_HEAP_HINT); + XMEMSET(hint, 0, sizeof(WOLFSSL_HEAP_HINT)); + hint->memory = heap; + } + else { +#ifdef WOLFSSL_HEAP_TEST + /* do not load in memory if test has been set */ + if ((*ctx)->heap == (void*)WOLFSSL_HEAP_TEST) { + return SSL_SUCCESS; + } +#endif + hint = (WOLFSSL_HEAP_HINT*)((*ctx)->heap); + heap = hint->memory; + } + + if (wolfSSL_load_static_memory(buf + idx, sz - idx, flag, heap) != 1) { + WOLFSSL_MSG("Error partitioning memory"); + return SSL_FAILURE; + } + + /* create ctx if needed */ + if (*ctx == NULL) { + *ctx = wolfSSL_CTX_new_ex(method(hint), hint); + if (*ctx == NULL) { + WOLFSSL_MSG("Error creating ctx"); + return SSL_FAILURE; + } + } + + /* determine what max applies too */ + if (flag & WOLFMEM_IO_POOL || flag & WOLFMEM_IO_POOL_FIXED) { + heap->maxIO = max; + } + else { /* general memory used in handshakes */ + heap->maxHa = max; + } + + heap->flag |= flag; + + (void)max; + (void)method; + + return SSL_SUCCESS; +} + + +int wolfSSL_is_static_memory(WOLFSSL* ssl, WOLFSSL_MEM_CONN_STATS* mem_stats) +{ + if (ssl == NULL) { + return BAD_FUNC_ARG; + } + WOLFSSL_ENTER("wolfSSL_is_static_memory"); + + /* fill out statistics if wanted and WOLFMEM_TRACK_STATS flag */ + if (mem_stats != NULL && ssl->heap != NULL) { + WOLFSSL_HEAP_HINT* hint = ((WOLFSSL_HEAP_HINT*)(ssl->heap)); + WOLFSSL_HEAP* heap = hint->memory; + if (heap->flag & WOLFMEM_TRACK_STATS && hint->stats != NULL) { + XMEMCPY(mem_stats, hint->stats, sizeof(WOLFSSL_MEM_CONN_STATS)); + } + } + + return (ssl->heap)? 1 : 0; +} + + +int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx, WOLFSSL_MEM_STATS* mem_stats) +{ + if (ctx == NULL) { + return BAD_FUNC_ARG; + } + WOLFSSL_ENTER("wolfSSL_CTX_is_static_memory"); + + /* fill out statistics if wanted */ + if (mem_stats != NULL && ctx->heap != NULL) { + WOLFSSL_HEAP* heap = ((WOLFSSL_HEAP_HINT*)(ctx->heap))->memory; + if (wolfSSL_GetMemStats(heap, mem_stats) != 1) { + return MEMORY_E; + } + } + + return (ctx->heap)? 1 : 0; +} + +#endif /* WOLFSSL_STATIC_MEMORY */ #ifdef HAVE_ECC int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ctx, short keySz) @@ -693,15 +847,15 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz, XFREE(ssl->buffers.serverDH_G.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH); ssl->buffers.weOwnDH = 1; /* SSL owns now */ - ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(pSz, ssl->ctx->heap, + ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(pSz, ssl->heap, DYNAMIC_TYPE_DH); if (ssl->buffers.serverDH_P.buffer == NULL) return MEMORY_E; - ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(gSz, ssl->ctx->heap, + ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_DH); if (ssl->buffers.serverDH_G.buffer == NULL) { - XFREE(ssl->buffers.serverDH_P.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH); + XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH); return MEMORY_E; } @@ -740,11 +894,11 @@ int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz, XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH); XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH); - ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap,DYNAMIC_TYPE_DH); + ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_DH); if (ctx->serverDH_P.buffer == NULL) return MEMORY_E; - ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap,DYNAMIC_TYPE_DH); + ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_DH); if (ctx->serverDH_G.buffer == NULL) { XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH); return MEMORY_E; @@ -1190,7 +1344,7 @@ int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list, } - list = (char *)XMALLOC(protocol_name_listSz+1, NULL, + list = (char *)XMALLOC(protocol_name_listSz+1, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); if (list == NULL) { WOLFSSL_MSG("Memory failure"); @@ -1239,7 +1393,7 @@ int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list, word16 *listSz) if (*listSz == 0) return BUFFER_ERROR; - *list = (char *)XMALLOC((*listSz)+1, NULL, DYNAMIC_TYPE_TLSX); + *list = (char *)XMALLOC((*listSz)+1, ssl->heap, DYNAMIC_TYPE_TLSX); if (*list == NULL) return MEMORY_ERROR; @@ -1916,13 +2070,14 @@ void FreeDer(DerBuffer** pDer) } } -WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void) + +WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap) { WOLFSSL_CERT_MANAGER* cm = NULL; WOLFSSL_ENTER("wolfSSL_CertManagerNew"); - cm = (WOLFSSL_CERT_MANAGER*) XMALLOC(sizeof(WOLFSSL_CERT_MANAGER), 0, + cm = (WOLFSSL_CERT_MANAGER*) XMALLOC(sizeof(WOLFSSL_CERT_MANAGER), heap, DYNAMIC_TYPE_CERT_MANAGER); if (cm) { XMEMSET(cm, 0, sizeof(WOLFSSL_CERT_MANAGER)); @@ -1948,12 +2103,25 @@ WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void) #ifdef HAVE_ECC cm->minEccKeySz = MIN_ECCKEY_SZ; #endif + #ifdef WOLFSSL_HEAP_TEST + if (heap == NULL) { + cm->heap = (void*)WOLFSSL_HEAP_TEST; + } + else + #endif + cm->heap = heap; } return cm; } +WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void) +{ + return wolfSSL_CertManagerNew_ex(NULL); +} + + void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm) { WOLFSSL_ENTER("wolfSSL_CertManagerFree"); @@ -1972,15 +2140,15 @@ void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm) FreeOCSP(cm->ocsp_stapling, 1); #endif #endif - FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL); + FreeSignerTable(cm->caTable, CA_TABLE_SIZE, cm->heap); FreeMutex(&cm->caLock); #ifdef WOLFSSL_TRUST_PEER_CERT - FreeTrustedPeerTable(cm->tpTable, TP_TABLE_SIZE, NULL); + FreeTrustedPeerTable(cm->tpTable, TP_TABLE_SIZE, cm->heap); FreeMutex(&cm->tpLock); #endif - XFREE(cm, NULL, DYNAMIC_TYPE_CERT_MANAGER); + XFREE(cm, cm->heap, DYNAMIC_TYPE_CERT_MANAGER); } } @@ -2631,7 +2799,7 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify) WOLFSSL_MSG("Adding a Trusted Peer Cert"); - cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), cm->heap, DYNAMIC_TYPE_TMP_BUFFER); if (cert == NULL) return MEMORY_E; @@ -2643,11 +2811,11 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify) } WOLFSSL_MSG(" Parsed new trusted peer cert"); - peerCert = (TrustedPeerCert*)XMALLOC(sizeof(TrustedPeerCert), NULL, + peerCert = (TrustedPeerCert*)XMALLOC(sizeof(TrustedPeerCert), cm->heap, DYNAMIC_TYPE_CERT); if (peerCert == NULL) { FreeDecodedCert(cert); - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E; } XMEMSET(peerCert, 0, sizeof(TrustedPeerCert)); @@ -2681,7 +2849,7 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify) DYNAMIC_TYPE_SIGNATURE); if (peerCert->sig == NULL) { FreeDecodedCert(cert); - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER); FreeTrustedPeer(peerCert, cm->heap); return MEMORY_E; } @@ -2728,7 +2896,7 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify) else { WOLFSSL_MSG(" Trusted Peer Cert Mutex Lock failed"); FreeDecodedCert(cert); - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER); FreeTrustedPeer(peerCert, cm->heap); return BAD_MUTEX_E; } @@ -2736,7 +2904,7 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify) WOLFSSL_MSG(" Freeing parsed trusted peer cert"); FreeDecodedCert(cert); - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER); WOLFSSL_MSG(" Freeing der trusted peer cert"); FreeDer(&der); WOLFSSL_MSG(" OK Freeing der trusted peer cert"); @@ -3391,7 +3559,7 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, int ret; int eccKey = 0; int rsaKey = 0; - void* heap = ctx ? ctx->heap : NULL; + void* heap = ctx ? ctx->heap : ((ssl) ? ssl->heap : NULL); #ifdef WOLFSSL_SMALL_STACK EncryptedInfo* info = NULL; #else @@ -4415,7 +4583,7 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type, int ret; long sz = 0; XFILE file; - void* heapHint = ctx ? ctx->heap : NULL; + void* heapHint = ctx ? ctx->heap : ((ssl) ? ssl->heap : NULL); (void)crl; (void)heapHint; @@ -6453,6 +6621,47 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, } #endif + #ifdef WOLFSSL_STATIC_MEMORY + #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) + WOLFSSL_METHOD* wolfSSLv3_client_static(void* heap) + { + WOLFSSL_METHOD* method = + (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), + heap, DYNAMIC_TYPE_METHOD); + WOLFSSL_ENTER("SSLv3_client_static"); + if (method) + InitSSL_Method(method, MakeSSLv3()); + return method; + } + #endif + + #ifdef WOLFSSL_DTLS + + #ifndef NO_OLD_TLS + WOLFSSL_METHOD* wolfDTLSv1_client_static(void* heap) + { + WOLFSSL_METHOD* method = + (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), + heap, DYNAMIC_TYPE_METHOD); + WOLFSSL_ENTER("DTLSv1_client_static"); + if (method) + InitSSL_Method(method, MakeDTLSv1()); + return method; + } + #endif /* NO_OLD_TLS */ + + WOLFSSL_METHOD* wolfDTLSv1_2_client_static(void* heap) + { + WOLFSSL_METHOD* method = + (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), + heap, DYNAMIC_TYPE_METHOD); + WOLFSSL_ENTER("DTLSv1_2_client_static"); + if (method) + InitSSL_Method(method, MakeDTLSv1_2()); + return method; + } + #endif + #endif /* WOLFSSL_STATIC_MEMORY */ /* please see note at top of README if you get an error from connect */ int wolfSSL_connect(WOLFSSL* ssl) @@ -6767,6 +6976,54 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, } #endif + #ifdef WOLFSSL_STATIC_MEMORY + #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) + WOLFSSL_METHOD* wolfSSLv3_server_static(void* heap) + { + WOLFSSL_METHOD* method = + (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), + heap, DYNAMIC_TYPE_METHOD); + WOLFSSL_ENTER("SSLv3_server_static"); + if (method) { + InitSSL_Method(method, MakeSSLv3()); + method->side = WOLFSSL_SERVER_END; + } + return method; + } + #endif + + + #ifdef WOLFSSL_DTLS + + #ifndef NO_OLD_TLS + WOLFSSL_METHOD* wolfDTLSv1_server_static(void* heap) + { + WOLFSSL_METHOD* method = + (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), + heap, DYNAMIC_TYPE_METHOD); + WOLFSSL_ENTER("DTLSv1_server_static"); + if (method) { + InitSSL_Method(method, MakeDTLSv1()); + method->side = WOLFSSL_SERVER_END; + } + return method; + } + #endif /* NO_OLD_TLS */ + + WOLFSSL_METHOD* wolfDTLSv1_2_server_static(void* heap) + { + WOLFSSL_METHOD* method = + (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), + heap, DYNAMIC_TYPE_METHOD); + WOLFSSL_ENTER("DTLSv1_2_server_static"); + if (method) { + InitSSL_Method(method, MakeDTLSv1_2()); + method->side = WOLFSSL_SERVER_END; + } + return method; + } + #endif + #endif /* WOLFSSL_STATIC_MEMORY */ int wolfSSL_accept(WOLFSSL* ssl) { @@ -10314,7 +10571,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) if (x509) { if (x509->dynamicMemory) { FreeX509(x509); - XFREE(x509, NULL, DYNAMIC_TYPE_X509); + XFREE(x509, x509->heap, DYNAMIC_TYPE_X509); } else { WOLFSSL_MSG("free called on non dynamic object, not freeing"); } @@ -10684,7 +10941,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) if (!name->sz) return in; if (!in) { - in = (char*)XMALLOC(name->sz, 0, DYNAMIC_TYPE_OPENSSL); + in = (char*)XMALLOC(name->sz, NULL, DYNAMIC_TYPE_OPENSSL); if (!in ) return in; copySz = name->sz; } @@ -10892,7 +11149,7 @@ WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len) newX509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL, DYNAMIC_TYPE_X509); if (newX509 != NULL) { - InitX509(newX509, 1); + InitX509(newX509, 1, NULL); if (CopyDecodedToX509(newX509, cert) != 0) { XFREE(newX509, NULL, DYNAMIC_TYPE_X509); newX509 = NULL; @@ -11068,7 +11325,7 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL, DYNAMIC_TYPE_X509); if (x509 != NULL) { - InitX509(x509, 1); + InitX509(x509, 1, NULL); if (CopyDecodedToX509(x509, cert) != 0) { XFREE(x509, NULL, DYNAMIC_TYPE_X509); x509 = NULL; diff --git a/src/tls.c b/src/tls.c index b274e09327..4b45b3d624 100644 --- a/src/tls.c +++ b/src/tls.c @@ -4611,6 +4611,29 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest, return method; } +#ifdef WOLFSSL_STATIC_MEMORY + WOLFSSL_METHOD* wolfTLSv1_client_static(void* heap) + { + WOLFSSL_METHOD* method = + (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), + heap, DYNAMIC_TYPE_METHOD); + if (method) + InitSSL_Method(method, MakeTLSv1()); + return method; + } + + + WOLFSSL_METHOD* wolfTLSv1_1_client_static(void* heap) + { + WOLFSSL_METHOD* method = + (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), + heap, DYNAMIC_TYPE_METHOD); + if (method) + InitSSL_Method(method, MakeTLSv1_1()); + return method; + } +#endif /* WOLFSSL_STATIC_MEMORY */ + #endif /* !NO_OLD_TLS */ #ifndef NO_SHA256 /* can't use without SHA256 */ @@ -4625,6 +4648,17 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest, return method; } +#ifdef WOLFSSL_STATIC_MEMORY + WOLFSSL_METHOD* wolfTLSv1_2_client_static(void* heap) + { + WOLFSSL_METHOD* method = + (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), + heap, DYNAMIC_TYPE_METHOD); + if (method) + InitSSL_Method(method, MakeTLSv1_2()); + return method; + } +#endif /* WOLFSSL_STATIC_MEMORY */ #endif @@ -4647,6 +4681,26 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest, } +#ifdef WOLFSSL_STATIC_MEMORY + WOLFSSL_METHOD* wolfSSLv23_client_static(void* heap) + { + WOLFSSL_METHOD* method = + (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), + heap, DYNAMIC_TYPE_METHOD); + if (method) { +#ifndef NO_SHA256 /* 1.2 requires SHA256 */ + InitSSL_Method(method, MakeTLSv1_2()); +#else + InitSSL_Method(method, MakeTLSv1_1()); +#endif +#ifndef NO_OLD_TLS + method->downgrade = 1; +#endif + } + return method; + } +#endif /* WOLFSSL_STATIC_MEMORY */ + #endif /* NO_WOLFSSL_CLIENT */ @@ -4680,6 +4734,32 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest, return method; } +#ifdef WOLFSSL_STATIC_MEMORY + WOLFSSL_METHOD* wolfTLSv1_server_static(void* heap) + { + WOLFSSL_METHOD* method = + (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), + heap, DYNAMIC_TYPE_METHOD); + if (method) { + InitSSL_Method(method, MakeTLSv1()); + method->side = WOLFSSL_SERVER_END; + } + return method; + } + + + WOLFSSL_METHOD* wolfTLSv1_1_server_static(void* heap) + { + WOLFSSL_METHOD* method = + (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), + heap, DYNAMIC_TYPE_METHOD); + if (method) { + InitSSL_Method(method, MakeTLSv1_1()); + method->side = WOLFSSL_SERVER_END; + } + return method; + } +#endif /* WOLFSSL_STATIC_MEMORY */ #endif /* !NO_OLD_TLS */ #ifndef NO_SHA256 /* can't use without SHA256 */ @@ -4696,6 +4776,20 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest, return method; } +#ifdef WOLFSSL_STATIC_MEMORY + WOLFSSL_METHOD* wolfTLSv1_2_server_static(void* heap) + { + WOLFSSL_METHOD* method = + (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), + heap, DYNAMIC_TYPE_METHOD); + if (method) { + InitSSL_Method(method, MakeTLSv1_2()); + method->side = WOLFSSL_SERVER_END; + } + return method; + } +#endif /* WOLFSSL_STATIC_MEMORY */ + #endif @@ -4718,6 +4812,26 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest, return method; } +#ifdef WOLFSSL_STATIC_MEMORY + WOLFSSL_METHOD* wolfSSLv23_server_static(void* heap) + { + WOLFSSL_METHOD* method = + (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), + heap, DYNAMIC_TYPE_METHOD); + if (method) { +#ifndef NO_SHA256 /* 1.2 requires SHA256 */ + InitSSL_Method(method, MakeTLSv1_2()); +#else + InitSSL_Method(method, MakeTLSv1_1()); +#endif + method->side = WOLFSSL_SERVER_END; +#ifndef NO_OLD_TLS + method->downgrade = 1; +#endif /* !NO_OLD_TLS */ + } + return method; + } +#endif /* WOLFSSL_STATIC_MEMORY */ #endif /* NO_WOLFSSL_SERVER */ diff --git a/tests/api.c b/tests/api.c index eb5da20fbc..c77630b0a0 100644 --- a/tests/api.c +++ b/tests/api.c @@ -29,6 +29,9 @@ #endif #include +#if defined(WOLFSSL_STATIC_MEMORY) + #include +#endif /* WOLFSSL_STATIC_MEMORY */ #ifdef HAVE_ECC #include /* wc_ecc_fp_free */ #endif diff --git a/tests/suites.c b/tests/suites.c index a330c608d1..13b89503d5 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -469,6 +469,10 @@ int SuiteTest(void) args.argv = myArgv; strcpy(argv0[0], "SuiteTest"); +#ifdef WOLFSSL_STATIC_MEMORY + byte memory[200000]; +#endif + (void)test_harness; cipherSuiteCtx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); @@ -477,6 +481,16 @@ int SuiteTest(void) exit(EXIT_FAILURE); } + /* load in static memory buffer if enabled */ +#ifdef WOLFSSL_STATIC_MEMORY + if (wolfSSL_CTX_load_static_memory(&cipherSuiteCtx, NULL, + memory, sizeof(memory), 0, 1) + != SSL_SUCCESS) { + printf("unable to load static memory and create ctx"); + exit(EXIT_FAILURE); + } +#endif + /* default case */ args.argc = 1; printf("starting default cipher suite tests\n"); diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 6d5d9fa967..c12cd328b8 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -1231,7 +1231,7 @@ static void wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) /* check alignment, decrypt doesn't need alignment */ if ((wolfssl_word)inBlock % 16) { #ifndef NO_WOLFSSL_ALLOC_ALIGN - byte* tmp = (byte*)XMALLOC(AES_BLOCK_SIZE, NULL, + byte* tmp = (byte*)XMALLOC(AES_BLOCK_SIZE, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) return; @@ -1239,7 +1239,7 @@ static void wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) AES_ECB_encrypt(tmp, tmp, AES_BLOCK_SIZE, (byte*)aes->key, aes->rounds); XMEMCPY(outBlock, tmp, AES_BLOCK_SIZE); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); return; #else WOLFSSL_MSG("AES-ECB encrypt with bad alignment"); @@ -1924,6 +1924,18 @@ int wc_AesSetIV(Aes* aes, const byte* iv) } +/* set the heap hint for aes struct */ +int wc_InitAes_h(Aes* aes, void* h) +{ + if (aes == NULL) + return BAD_FUNC_ARG; + + aes->heap = h; + + return 0; +} + + /* AES-DIRECT */ @@ -2498,7 +2510,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) /* check alignment, decrypt doesn't need alignment */ if ((wolfssl_word)in % 16) { #ifndef NO_WOLFSSL_ALLOC_ALIGN - byte* tmp = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + byte* tmp = (byte*)XMALLOC(sz, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); WOLFSSL_MSG("AES-CBC encrypt with bad alignment"); if (tmp == NULL) return MEMORY_E; @@ -2509,7 +2521,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) XMEMCPY(aes->reg, tmp + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); XMEMCPY(out, tmp, sz); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); return 0; #else return BAD_ALIGN_E; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index e64f56f861..8523cab525 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -1949,12 +1949,12 @@ static mp_int* GetDsaInt(DsaKey* key, int idx) } /* Release Tmp DSA resources */ -static INLINE void FreeTmpDsas(byte** tmps) +static INLINE void FreeTmpDsas(byte** tmps, void* heap) { int i; for (i = 0; i < DSA_INTS; i++) - XFREE(tmps[i], NULL, DYNAMIC_TYPE_DSA); + XFREE(tmps[i], heap, DYNAMIC_TYPE_DSA); } /* Convert DsaKey key to DER format, write to output (inLen), return bytes @@ -1986,7 +1986,8 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen) lbit = mp_leading_bit(keyInt); rawLen = mp_unsigned_bin_size(keyInt) + lbit; - tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, NULL, DYNAMIC_TYPE_DSA); + tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap, + DYNAMIC_TYPE_DSA); if (tmps[i] == NULL) { ret = MEMORY_E; break; @@ -2019,7 +2020,7 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen) } if (ret != 0) { - FreeTmpDsas(tmps); + FreeTmpDsas(tmps, key->heap); return ret; } @@ -2041,7 +2042,7 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen) XMEMCPY(output + j, tmps[i], sizes[i]); j += sizes[i]; } - FreeTmpDsas(tmps); + FreeTmpDsas(tmps, key->heap); return outLen; } @@ -2220,9 +2221,9 @@ void FreeDecodedCert(DecodedCert* cert) #endif /* WOLFSSL_SEP */ #ifdef OPENSSL_EXTRA if (cert->issuerName.fullName != NULL) - XFREE(cert->issuerName.fullName, NULL, DYNAMIC_TYPE_X509); + XFREE(cert->issuerName.fullName, cert->heap, DYNAMIC_TYPE_X509); if (cert->subjectName.fullName != NULL) - XFREE(cert->subjectName.fullName, NULL, DYNAMIC_TYPE_X509); + XFREE(cert->subjectName.fullName, cert->heap, DYNAMIC_TYPE_X509); #endif /* OPENSSL_EXTRA */ } @@ -2858,7 +2859,8 @@ static int GetName(DecodedCert* cert, int nameType) if (dName->serialLen != 0) totalLen += dName->serialLen + 14; - dName->fullName = (char*)XMALLOC(totalLen + 1, NULL, DYNAMIC_TYPE_X509); + dName->fullName = (char*)XMALLOC(totalLen + 1, cert->heap, + DYNAMIC_TYPE_X509); if (dName->fullName != NULL) { idx = 0; @@ -6447,7 +6449,8 @@ static int SetSKID(byte* output, word32 outSz, byte *input, word32 length) /* encode Authority Key Identifier, return total bytes written * RFC5280 : non-critical */ -static int SetAKID(byte* output, word32 outSz, byte *input, word32 length) +static int SetAKID(byte* output, word32 outSz, + byte *input, word32 length, void* heap) { byte *enc_val; int ret, enc_valSz; @@ -6457,7 +6460,7 @@ static int SetAKID(byte* output, word32 outSz, byte *input, word32 length) if (output == NULL || input == NULL) return BAD_FUNC_ARG; - enc_val = (byte *)XMALLOC(length+3+sizeof(akid_cs), NULL, + enc_val = (byte *)XMALLOC(length+3+sizeof(akid_cs), heap, DYNAMIC_TYPE_TMP_BUFFER); if (enc_val == NULL) return MEMORY_E; @@ -6466,14 +6469,14 @@ static int SetAKID(byte* output, word32 outSz, byte *input, word32 length) enc_valSz = SetOidValue(enc_val, length+3+sizeof(akid_cs), akid_cs, sizeof(akid_cs), input, length); if (enc_valSz == 0) { - XFREE(enc_val, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(enc_val, heap, DYNAMIC_TYPE_TMP_BUFFER); return 0; } ret = SetOidValue(output, outSz, akid_oid, sizeof(akid_oid), enc_val, enc_valSz); - XFREE(enc_val, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(enc_val, heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -6521,7 +6524,7 @@ static int SetKeyUsage(byte* output, word32 outSz, word16 input) } /* Encode OID string representation to ITU-T X.690 format */ -static int EncodePolicyOID(byte *out, word32 *outSz, const char *in) +static int EncodePolicyOID(byte *out, word32 *outSz, const char *in, void* heap) { word32 val, idx = 0, nb_val; char *token, *str, *ptr; @@ -6532,7 +6535,7 @@ static int EncodePolicyOID(byte *out, word32 *outSz, const char *in) len = (word32)XSTRLEN(in); - str = (char *)XMALLOC(len+1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + str = (char *)XMALLOC(len+1, heap, DYNAMIC_TYPE_TMP_BUFFER); if (str == NULL) return MEMORY_E; @@ -6549,7 +6552,7 @@ static int EncodePolicyOID(byte *out, word32 *outSz, const char *in) if (nb_val == 0) { if (val > 2) { - XFREE(str, NUL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(str, heap, DYNAMIC_TYPE_TMP_BUFFER); return ASN_OBJECT_ID_E; } @@ -6557,12 +6560,12 @@ static int EncodePolicyOID(byte *out, word32 *outSz, const char *in) } else if (nb_val == 1) { if (val > 127) { - XFREE(str, NUL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(str, heap, DYNAMIC_TYPE_TMP_BUFFER); return ASN_OBJECT_ID_E; } if (idx > *outSz) { - XFREE(str, NUL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(str, heap, DYNAMIC_TYPE_TMP_BUFFER); return BUFFER_E; } @@ -6580,7 +6583,7 @@ static int EncodePolicyOID(byte *out, word32 *outSz, const char *in) } if ((idx+(word32)i) > *outSz) { - XFREE(str, NUL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(str, heap, DYNAMIC_TYPE_TMP_BUFFER); return BUFFER_E; } @@ -6597,7 +6600,7 @@ static int EncodePolicyOID(byte *out, word32 *outSz, const char *in) *outSz = idx; - XFREE(str, NUL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(str, heap, DYNAMIC_TYPE_TMP_BUFFER); return 0; } @@ -6608,7 +6611,8 @@ static int EncodePolicyOID(byte *out, word32 *outSz, const char *in) static int SetCertificatePolicies(byte *output, word32 outputSz, char input[MAX_CERTPOL_NB][MAX_CERTPOL_SZ], - word16 nb_certpol) + word16 nb_certpol, + void* heap) { byte oid[MAX_OID_SZ], der_oid[MAX_CERTPOL_NB][MAX_OID_SZ], @@ -6627,7 +6631,7 @@ static int SetCertificatePolicies(byte *output, oidSz = sizeof(oid); XMEMSET(oid, 0, oidSz); - ret = EncodePolicyOID(oid, &oidSz, input[i]); + ret = EncodePolicyOID(oid, &oidSz, input[i], heap); if (ret != 0) return ret; @@ -6982,7 +6986,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, return AKID_E; der->akidSz = SetAKID(der->akid, sizeof(der->akid), - cert->akid, cert->akidSz); + cert->akid, cert->akidSz, cert->heap); if (der->akidSz <= 0) return AKID_E; @@ -7008,7 +7012,8 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, der->certPoliciesSz = SetCertificatePolicies(der->certPolicies, sizeof(der->certPolicies), cert->certPolicies, - cert->certPoliciesNb); + cert->certPoliciesNb, + cert->heap); if (der->certPoliciesSz <= 0) return CERTPOLICIES_E; @@ -7679,7 +7684,8 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey, (kid_type != SKID_TYPE && kid_type != AKID_TYPE)) return BAD_FUNC_ARG; - buffer = (byte *)XMALLOC(MAX_PUBLIC_KEY_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); + buffer = (byte *)XMALLOC(MAX_PUBLIC_KEY_SZ, cert->heap, + DYNAMIC_TYPE_TMP_BUFFER); if (buffer == NULL) return MEMORY_E; @@ -7705,7 +7711,7 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey, bufferSz = -1; if (bufferSz <= 0) { - XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(buffer, cert->heap, DYNAMIC_TYPE_TMP_BUFFER); return PUBLIC_KEY_E; } @@ -7734,7 +7740,7 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey, ret = BAD_FUNC_ARG; #endif /* NO_SHA */ - XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(buffer, cert->heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -7774,7 +7780,7 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file) if (cert == NULL || file == NULL) return BAD_FUNC_ARG; - der = (byte*)XMALLOC(MAX_PUBLIC_KEY_SZ, NULL, DYNAMIC_TYPE_CERT); + der = (byte*)XMALLOC(MAX_PUBLIC_KEY_SZ, cert->heap, DYNAMIC_TYPE_CERT); if (der == NULL) { WOLFSSL_MSG("wc_SetSubjectKeyId memory Problem"); return MEMORY_E; @@ -7783,21 +7789,21 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file) derSz = wolfSSL_PemPubKeyToDer(file, der, MAX_PUBLIC_KEY_SZ); if (derSz <= 0) { - XFREE(der, NULL, DYNAMIC_TYPE_CERT); + XFREE(der, cert->heap, DYNAMIC_TYPE_CERT); return derSz; } /* Load PubKey in internal structure */ - rsakey = (RsaKey*) XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA); + rsakey = (RsaKey*) XMALLOC(sizeof(RsaKey), cert->heap, DYNAMIC_TYPE_RSA); if (rsakey == NULL) { - XFREE(der, NULL, DYNAMIC_TYPE_CERT); + XFREE(der, cert->heap, DYNAMIC_TYPE_CERT); return MEMORY_E; } - if (wc_InitRsaKey(rsakey, NULL) != 0) { + if (wc_InitRsaKey(rsakey, cert->heap) != 0) { WOLFSSL_MSG("wc_InitRsaKey failure"); - XFREE(rsakey, NULL, DYNAMIC_TYPE_RSA); - XFREE(der, NULL, DYNAMIC_TYPE_CERT); + XFREE(rsakey, cert->heap, DYNAMIC_TYPE_RSA); + XFREE(der, cert->heap, DYNAMIC_TYPE_CERT); return MEMORY_E; } @@ -7806,21 +7812,22 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file) if (ret != 0) { WOLFSSL_MSG("wc_RsaPublicKeyDecode failed"); wc_FreeRsaKey(rsakey); - XFREE(rsakey, NULL, DYNAMIC_TYPE_RSA); + XFREE(rsakey, cert->heap, DYNAMIC_TYPE_RSA); rsakey = NULL; #ifdef HAVE_ECC /* Check to load ecc public key */ - eckey = (ecc_key*) XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_ECC); + eckey = (ecc_key*) XMALLOC(sizeof(ecc_key), cert->heap, + DYNAMIC_TYPE_ECC); if (eckey == NULL) { - XFREE(der, NULL, DYNAMIC_TYPE_CERT); + XFREE(der, cert->heap, DYNAMIC_TYPE_CERT); return MEMORY_E; } if (wc_ecc_init(eckey) != 0) { WOLFSSL_MSG("wc_ecc_init failure"); wc_ecc_free(eckey); - XFREE(eckey, NULL, DYNAMIC_TYPE_ECC); - XFREE(der, NULL, DYNAMIC_TYPE_CERT); + XFREE(eckey, cert->heap, DYNAMIC_TYPE_ECC); + XFREE(der, cert->heap, DYNAMIC_TYPE_CERT); return MEMORY_E; } @@ -7828,25 +7835,25 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file) ret = wc_EccPublicKeyDecode(der, &idx, eckey, derSz); if (ret != 0) { WOLFSSL_MSG("wc_EccPublicKeyDecode failed"); - XFREE(der, NULL, DYNAMIC_TYPE_CERT); + XFREE(der, cert->heap, DYNAMIC_TYPE_CERT); wc_ecc_free(eckey); return PUBLIC_KEY_E; } #else - XFREE(der, NULL, DYNAMIC_TYPE_CERT); + XFREE(der, cert->heap, DYNAMIC_TYPE_CERT); return PUBLIC_KEY_E; #endif /* HAVE_ECC */ } - XFREE(der, NULL, DYNAMIC_TYPE_CERT); + XFREE(der, cert->heap, DYNAMIC_TYPE_CERT); ret = wc_SetSubjectKeyIdFromPublicKey(cert, rsakey, eckey); wc_FreeRsaKey(rsakey); - XFREE(rsakey, NULL, DYNAMIC_TYPE_RSA); + XFREE(rsakey, cert->heap, DYNAMIC_TYPE_RSA); #ifdef HAVE_ECC wc_ecc_free(eckey); - XFREE(eckey, NULL, DYNAMIC_TYPE_ECC); + XFREE(eckey, cert->heap, DYNAMIC_TYPE_ECC); #endif return ret; } @@ -7915,7 +7922,7 @@ int wc_SetAuthKeyId(Cert *cert, const char* file) if (cert == NULL || file == NULL) return BAD_FUNC_ARG; - der = (byte*)XMALLOC(EIGHTK_BUF, NULL, DYNAMIC_TYPE_CERT); + der = (byte*)XMALLOC(EIGHTK_BUF, cert->heap, DYNAMIC_TYPE_CERT); if (der == NULL) { WOLFSSL_MSG("wc_SetAuthKeyId OOF Problem"); return MEMORY_E; @@ -7924,12 +7931,12 @@ int wc_SetAuthKeyId(Cert *cert, const char* file) derSz = wolfSSL_PemCertToDer(file, der, EIGHTK_BUF); if (derSz <= 0) { - XFREE(der, NULL, DYNAMIC_TYPE_CERT); + XFREE(der, cert->heap, DYNAMIC_TYPE_CERT); return derSz; } ret = wc_SetAuthKeyIdFromCert(cert, der, derSz); - XFREE(der, NULL, DYNAMIC_TYPE_CERT); + XFREE(der, cert->heap, DYNAMIC_TYPE_CERT); return ret; } @@ -7947,7 +7954,8 @@ int wc_SetKeyUsage(Cert *cert, const char *value) cert->keyUsage = 0; - str = (char *)XMALLOC(XSTRLEN(value)+1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + str = (char *)XMALLOC(XSTRLEN(value)+1, cert->heap, + DYNAMIC_TYPE_TMP_BUFFER); if (str == NULL) return MEMORY_E; @@ -7985,7 +7993,7 @@ int wc_SetKeyUsage(Cert *cert, const char *value) token = XSTRTOK(NULL, ",", &ptr); } - XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(str, cert->heap, DYNAMIC_TYPE_TMP_BUFFER); return 0; } #endif /* WOLFSSL_CERT_EXT */ @@ -8246,7 +8254,7 @@ int wc_SetIssuer(Cert* cert, const char* issuerFile) { int ret; int derSz; - byte* der = (byte*)XMALLOC(EIGHTK_BUF, NULL, DYNAMIC_TYPE_CERT); + byte* der = (byte*)XMALLOC(EIGHTK_BUF, cert->heap, DYNAMIC_TYPE_CERT); if (der == NULL) { WOLFSSL_MSG("wc_SetIssuer OOF Problem"); @@ -8255,7 +8263,7 @@ int wc_SetIssuer(Cert* cert, const char* issuerFile) derSz = wolfSSL_PemCertToDer(issuerFile, der, EIGHTK_BUF); cert->selfSigned = 0; ret = SetNameFromCert(&cert->issuer, der, derSz); - XFREE(der, NULL, DYNAMIC_TYPE_CERT); + XFREE(der, cert->heap, DYNAMIC_TYPE_CERT); return ret; } @@ -8266,7 +8274,7 @@ int wc_SetSubject(Cert* cert, const char* subjectFile) { int ret; int derSz; - byte* der = (byte*)XMALLOC(EIGHTK_BUF, NULL, DYNAMIC_TYPE_CERT); + byte* der = (byte*)XMALLOC(EIGHTK_BUF, cert->heap, DYNAMIC_TYPE_CERT); if (der == NULL) { WOLFSSL_MSG("wc_SetSubject OOF Problem"); @@ -8274,7 +8282,7 @@ int wc_SetSubject(Cert* cert, const char* subjectFile) } derSz = wolfSSL_PemCertToDer(subjectFile, der, EIGHTK_BUF); ret = SetNameFromCert(&cert->subject, der, derSz); - XFREE(der, NULL, DYNAMIC_TYPE_CERT); + XFREE(der, cert->heap, DYNAMIC_TYPE_CERT); return ret; } @@ -8287,7 +8295,7 @@ int wc_SetAltNames(Cert* cert, const char* file) { int ret; int derSz; - byte* der = (byte*)XMALLOC(EIGHTK_BUF, NULL, DYNAMIC_TYPE_CERT); + byte* der = (byte*)XMALLOC(EIGHTK_BUF, cert->heap, DYNAMIC_TYPE_CERT); if (der == NULL) { WOLFSSL_MSG("wc_SetAltNames OOF Problem"); @@ -8295,7 +8303,7 @@ int wc_SetAltNames(Cert* cert, const char* file) } derSz = wolfSSL_PemCertToDer(file, der, EIGHTK_BUF); ret = SetAltNamesFromCert(cert, der, derSz); - XFREE(der, NULL, DYNAMIC_TYPE_CERT); + XFREE(der, cert->heap, DYNAMIC_TYPE_CERT); return ret; } @@ -8646,7 +8654,7 @@ int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen) /* private */ privSz = key->dp->size; prv = (byte*)XMALLOC(privSz + privHdrSz + MAX_SEQ_SZ, - NULL, DYNAMIC_TYPE_TMP_BUFFER); + key->heap, DYNAMIC_TYPE_TMP_BUFFER); if (prv == NULL) { return MEMORY_E; } @@ -8654,7 +8662,7 @@ int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen) prv[prvidx++] = (byte)key->dp->size; ret = wc_ecc_export_private_only(key, prv + prvidx, &privSz); if (ret < 0) { - XFREE(prv, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; } prvidx += privSz; @@ -8662,14 +8670,14 @@ int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen) /* public */ ret = wc_ecc_export_x963(key, NULL, &pubSz); if (ret != LENGTH_ONLY_E) { - XFREE(prv, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; } pub = (byte*)XMALLOC(pubSz + pubHdrSz + MAX_SEQ_SZ, - NULL, DYNAMIC_TYPE_TMP_BUFFER); + key->heap, DYNAMIC_TYPE_TMP_BUFFER); if (pub == NULL) { - XFREE(prv, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E; } @@ -8683,8 +8691,8 @@ int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen) pub[pubidx++] = (byte)0; /* leading zero */ ret = wc_ecc_export_x963(key, pub + pubidx, &pubSz); if (ret != 0) { - XFREE(prv, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; } pubidx += pubSz; @@ -8695,8 +8703,8 @@ int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen) totalSz = prvidx + pubidx + curveidx + verSz + seqSz; if (totalSz > (int)inLen) { - XFREE(prv, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); return BAD_FUNC_ARG; } @@ -8712,7 +8720,7 @@ int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen) /* private */ XMEMCPY(output + idx, prv, prvidx); idx += prvidx; - XFREE(prv, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); /* curve */ XMEMCPY(output + idx, curve, curveidx); @@ -8721,7 +8729,7 @@ int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen) /* public */ XMEMCPY(output + idx, pub, pubidx); /* idx += pubidx; not used after write, if more data remove comment */ - XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); return totalSz; } @@ -9344,8 +9352,9 @@ int InitOcspRequest(OcspRequest* req, DecodedCert* cert, byte useNonce) if (cert) { XMEMCPY(req->issuerHash, cert->issuerHash, KEYID_SIZE); XMEMCPY(req->issuerKeyHash, cert->issuerKeyHash, KEYID_SIZE); + req->heap = cert->heap; - req->serial = (byte*)XMALLOC(cert->serialSz, NULL, + req->serial = (byte*)XMALLOC(cert->serialSz, req->heap, DYNAMIC_TYPE_OCSP_REQUEST); if (req->serial == NULL) return MEMORY_E; @@ -9354,10 +9363,10 @@ int InitOcspRequest(OcspRequest* req, DecodedCert* cert, byte useNonce) req->serialSz = cert->serialSz; if (cert->extAuthInfoSz != 0 && cert->extAuthInfo != NULL) { - req->url = (byte*)XMALLOC(cert->extAuthInfoSz, NULL, + req->url = (byte*)XMALLOC(cert->extAuthInfoSz, req->heap, DYNAMIC_TYPE_OCSP_REQUEST); if (req->url == NULL) { - XFREE(req->serial, NULL, DYNAMIC_TYPE_OCSP); + XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP); return MEMORY_E; } @@ -9391,10 +9400,10 @@ void FreeOcspRequest(OcspRequest* req) if (req) { if (req->serial) - XFREE(req->serial, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP_REQUEST); if (req->url) - XFREE(req->url, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + XFREE(req->url, req->heap, DYNAMIC_TYPE_OCSP_REQUEST); } } @@ -9572,7 +9581,8 @@ static int GetRevoked(const byte* buff, word32* idx, DecodedCRL* dcrl, return ASN_PARSE_E; } - rc = (RevokedCert*)XMALLOC(sizeof(RevokedCert), NULL, DYNAMIC_TYPE_CRL); + rc = (RevokedCert*)XMALLOC(sizeof(RevokedCert), dcrl->heap, + DYNAMIC_TYPE_CRL); if (rc == NULL) { WOLFSSL_MSG("Alloc Revoked Cert failed"); return MEMORY_E; diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c index 8eeb4efcf1..7907f8fa0c 100644 --- a/wolfcrypt/src/dsa.c +++ b/wolfcrypt/src/dsa.c @@ -56,6 +56,7 @@ enum { void wc_InitDsaKey(DsaKey* key) { key->type = -1; /* haven't decided yet */ + key->heap = NULL; /* TomsFastMath doesn't use memory allocation */ #ifndef USE_FAST_MATH @@ -69,6 +70,15 @@ void wc_InitDsaKey(DsaKey* key) } +int wc_InitDsaKey_h(DsaKey* key, void* h) +{ + wc_InitDsaKey(key); + key->heap = h; + + return 0; +} + + void wc_FreeDsaKey(DsaKey* key) { (void)key; @@ -98,13 +108,13 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa) return BAD_FUNC_ARG; /* allocate ram */ - buf = (unsigned char *)XMALLOC(qsize, NULL, + buf = (unsigned char *)XMALLOC(qsize, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); if (buf == NULL) return MEMORY_E; if (mp_init(&dsa->x) != MP_OKAY) { - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); return MP_INIT_E; } @@ -113,19 +123,19 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa) err = wc_RNG_GenerateBlock(rng, buf, qsize); if (err != MP_OKAY) { mp_clear(&dsa->x); - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); return err; } err = mp_read_unsigned_bin(&dsa->x, buf, qsize); if (err != MP_OKAY) { mp_clear(&dsa->x); - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); return err; } } while (mp_cmp_d(&dsa->x, 1) != MP_GT); - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); if (mp_init(&dsa->y) != MP_OKAY) { mp_clear(&dsa->x); @@ -178,7 +188,7 @@ int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa) /* allocate ram */ buf = (unsigned char *)XMALLOC(msize - qsize, - NULL, DYNAMIC_TYPE_TMP_BUFFER); + dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); if (buf == NULL) { return MEMORY_E; } @@ -186,7 +196,7 @@ int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa) /* make a random string that will be multplied against q */ err = wc_RNG_GenerateBlock(rng, buf, msize - qsize); if (err != MP_OKAY) { - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); return err; } @@ -198,7 +208,7 @@ int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa) if (mp_init_multi(&tmp2, &dsa->p, &dsa->q, 0, 0, 0) != MP_OKAY) { mp_clear(&dsa->q); - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); return MP_INIT_E; } @@ -207,10 +217,10 @@ int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa) mp_clear(&dsa->q); mp_clear(&dsa->p); mp_clear(&tmp2); - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); return err; } - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); /* make our prime q */ err = mp_rand_prime(&dsa->q, qsize, rng, NULL); diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 035447f1e2..ff21356722 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -238,7 +238,7 @@ int ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* modulus, static int ecc_check_pubkey_order(ecc_key* key, mp_int* prime, mp_int* order); #ifdef ECC_SHAMIR static int ecc_mul2add(ecc_point* A, mp_int* kA, ecc_point* B, mp_int* kB, - ecc_point* C, mp_int* modulus); + ecc_point* C, mp_int* modulus, void* heap); #endif int mp_jacobi(mp_int* a, mp_int* p, int* c); @@ -833,8 +833,8 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit* mp) static int normal_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus, int map) #else -int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus, - int map) +static int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R, + mp_int* modulus, int map, void* heap) #endif { ecc_point *tG, *M[8]; @@ -862,10 +862,10 @@ int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus, /* alloc ram for window temps */ for (i = 0; i < 8; i++) { - M[i] = wc_ecc_new_point(); + M[i] = wc_ecc_new_point_h(heap); if (M[i] == NULL) { for (j = 0; j < i; j++) { - wc_ecc_del_point(M[j]); + wc_ecc_del_point_h(M[j], heap); } mp_clear(&mu); return MEMORY_E; @@ -873,7 +873,7 @@ int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus, } /* make a copy of G in case R==G */ - tG = wc_ecc_new_point(); + tG = wc_ecc_new_point_h(heap); if (tG == NULL) err = MEMORY_E; @@ -1023,13 +1023,20 @@ int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus, err = ecc_map(R, modulus, &mp); mp_clear(&mu); - wc_ecc_del_point(tG); + wc_ecc_del_point_h(tG, heap); for (i = 0; i < 8; i++) { - wc_ecc_del_point(M[i]); + wc_ecc_del_point_h(M[i], heap); } return err; } +#ifndef FP_ECC +int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, + mp_int* modulus, int map) +{ + return wc_ecc_mulmod_ex(k, G, R, modulus, map, NULL); +} +#endif /* ! FP_ECC */ #undef WINSIZE #else /* ECC_TIMING_RESISTANT */ @@ -1046,10 +1053,10 @@ int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus, */ #ifdef FP_ECC static int normal_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, - mp_int* modulus, int map) + mp_int* modulus, int map, void* heap) #else -int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus, - int map) +static int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R, + mp_int* modulus, int map, void* heap) #endif { ecc_point *tG, *M[3]; @@ -1076,7 +1083,7 @@ int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus, /* alloc ram for window temps */ for (i = 0; i < 3; i++) { - M[i] = wc_ecc_new_point(); + M[i] = wc_ecc_new_point_h(heap); if (M[i] == NULL) { for (j = 0; j < i; j++) { wc_ecc_del_point(M[j]); @@ -1087,7 +1094,7 @@ int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus, } /* make a copy of G in case R==G */ - tG = wc_ecc_new_point(); + tG = wc_ecc_new_point_h(heap); if (tG == NULL) err = MEMORY_E; @@ -1183,13 +1190,21 @@ int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus, /* done */ mp_clear(&mu); - wc_ecc_del_point(tG); + wc_ecc_del_point_h(tG, heap); for (i = 0; i < 3; i++) { - wc_ecc_del_point(M[i]); + wc_ecc_del_point_h(M[i], heap); } return err; } + +#ifndef FP_ECC +int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, + mp_int* modulus, int map) +{ + return wc_ecc_mulmod_ex(k, G, R, modulus, map, NULL); +} +#endif /* ! FP_ECC */ #endif /* ECC_TIMING_RESISTANT */ @@ -1205,14 +1220,14 @@ static void alt_fp_init(fp_int* a) /** - Allocate a new ECC point - return A newly allocated point or NULL on error -*/ -ecc_point* wc_ecc_new_point(void) + * use a heap hint when creating new ecc_point + * return an allocated point on success or NULL on failure + */ +ecc_point* wc_ecc_new_point_h(void* heap) { ecc_point* p; - p = (ecc_point*)XMALLOC(sizeof(ecc_point), 0, DYNAMIC_TYPE_ECC); + p = (ecc_point*)XMALLOC(sizeof(ecc_point), heap, DYNAMIC_TYPE_ECC); if (p == NULL) { return NULL; } @@ -1241,20 +1256,39 @@ ecc_point* wc_ecc_new_point(void) return p; } -/** Free an ECC point from memory - p The point to free + +/** + Allocate a new ECC point + return A newly allocated point or NULL on error */ -void wc_ecc_del_point(ecc_point* p) +ecc_point* wc_ecc_new_point(void) +{ + return wc_ecc_new_point_h(NULL); +} + + +void wc_ecc_del_point_h(ecc_point* p, void* heap) { /* prevents free'ing null arguments */ if (p != NULL) { mp_clear(p->x); mp_clear(p->y); mp_clear(p->z); - XFREE(p, 0, DYNAMIC_TYPE_ECC); + XFREE(p, heap, DYNAMIC_TYPE_ECC); } + (void)heap; } + +/** Free an ECC point from memory + p The point to free +*/ +void wc_ecc_del_point(ecc_point* p) +{ + wc_ecc_del_point_h(p, NULL); +} + + /** Copy the value of a point to an other one p The point to copy r The created point @@ -1328,7 +1362,7 @@ int wc_ecc_is_valid_idx(int n) #ifdef HAVE_ECC_DHE /** Create an ECC shared secret between two keys - private_key The private ECC key + private_key The private ECC key (heap hint based off of private key) public_key The public key out [out] Destination of the shared secret Conforms to EC-DH from ANSI X9.63 @@ -1362,7 +1396,7 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, return ECC_BAD_ARG_E; /* make new point */ - result = wc_ecc_new_point(); + result = wc_ecc_new_point_h(private_key->heap); if (result == NULL) { return MEMORY_E; } @@ -1375,7 +1409,8 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, err = mp_read_radix(&prime, (char *)private_key->dp->prime, 16); if (err == MP_OKAY) - err = wc_ecc_mulmod(&private_key->k, &public_key->pubkey, result, &prime,1); + err = wc_ecc_mulmod_ex(&private_key->k, &public_key->pubkey, result, + &prime, 1, private_key->heap); if (err == MP_OKAY) { x = mp_unsigned_bin_size(&prime); @@ -1391,14 +1426,14 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, } mp_clear(&prime); - wc_ecc_del_point(result); + wc_ecc_del_point_h(result, private_key->heap); return err; } /** Create an ECC shared secret between private key and public point - private_key The private ECC key + private_key The private ECC key (heap hint based on private key) point The point to use (public key) out [out] Destination of the shared secret Conforms to EC-DH from ANSI X9.63 @@ -1426,13 +1461,13 @@ int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point, return ECC_BAD_ARG_E; /* make new point */ - result = wc_ecc_new_point(); + result = wc_ecc_new_point_h(private_key->heap); if (result == NULL) { return MEMORY_E; } if ((err = mp_init(&prime)) != MP_OKAY) { - wc_ecc_del_point(result); + wc_ecc_del_point_h(result, private_key->heap); return err; } @@ -1455,7 +1490,7 @@ int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point, } mp_clear(&prime); - wc_ecc_del_point(result); + wc_ecc_del_point_h(result, private_key->heap); return err; } @@ -1531,7 +1566,7 @@ static int wc_ecc_make_key_ex(WC_RNG* rng, ecc_key* key, const ecc_set_type* dp) } if (err == MP_OKAY) { - base = wc_ecc_new_point(); + base = wc_ecc_new_point_h(key->heap); if (base == NULL) err = MEMORY_E; } @@ -1564,7 +1599,8 @@ static int wc_ecc_make_key_ex(WC_RNG* rng, ecc_key* key, const ecc_set_type* dp) } /* make the public key */ if (err == MP_OKAY) - err = wc_ecc_mulmod(&key->k, base, &key->pubkey, &prime, 1); + err = wc_ecc_mulmod_ex(&key->k, base, &key->pubkey, &prime, 1, + key->heap); #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN /* validate the public key, order * pubkey = point at infinity */ @@ -1582,7 +1618,7 @@ static int wc_ecc_make_key_ex(WC_RNG* rng, ecc_key* key, const ecc_set_type* dp) mp_clear(key->pubkey.z); mp_forcezero(&key->k); } - wc_ecc_del_point(base); + wc_ecc_del_point_h(base, key->heap); if (po_init) { mp_clear(&prime); mp_clear(&order); @@ -1650,10 +1686,33 @@ int wc_ecc_init(ecc_key* key) alt_fp_init(key->pubkey.z); #endif +#ifdef WOLFSSL_HEAP_TEST + key->heap = (void*)WOLFSSL_HEAP_TEST; +#else + key->heap = NULL; +#endif + return MP_OKAY; } +int wc_ecc_init_h(ecc_key* key, void* heap) +{ + int ret; + + if (key == NULL) { + return BAD_FUNC_ARG; + } + + if ((ret = wc_ecc_init(key)) != MP_OKAY) { + return ret; + } + + key->heap = heap; + + return MP_OKAY; +} + #ifdef HAVE_ECC_SIGN #ifndef NO_ASN @@ -1835,11 +1894,11 @@ void wc_ecc_free(ecc_key* key) #ifdef FP_ECC static int normal_ecc_mul2add(ecc_point* A, mp_int* kA, ecc_point* B, mp_int* kB, - ecc_point* C, mp_int* modulus) + ecc_point* C, mp_int* modulus, void* heap) #else static int ecc_mul2add(ecc_point* A, mp_int* kA, ecc_point* B, mp_int* kB, - ecc_point* C, mp_int* modulus) + ecc_point* C, mp_int* modulus, void* heap) #endif { ecc_point* precomp[16]; @@ -1859,11 +1918,11 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA, /* allocate memory */ - tA = (unsigned char*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tA = (unsigned char*)XMALLOC(ECC_BUFSIZE, heap, DYNAMIC_TYPE_TMP_BUFFER); if (tA == NULL) { return GEN_MEM_ERR; } - tB = (unsigned char*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tB = (unsigned char*)XMALLOC(ECC_BUFSIZE, heap, DYNAMIC_TYPE_TMP_BUFFER); if (tB == NULL) { XFREE(tA, NULL, DYNAMIC_TYPE_TMP_BUFFER); return GEN_MEM_ERR; @@ -1892,10 +1951,10 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA, /* allocate the table */ if (err == MP_OKAY) { for (x = 0; x < 16; x++) { - precomp[x] = wc_ecc_new_point(); + precomp[x] = wc_ecc_new_point_h(heap); if (precomp[x] == NULL) { for (y = 0; y < x; ++y) { - wc_ecc_del_point(precomp[y]); + wc_ecc_del_point_h(precomp[y], heap); } err = GEN_MEM_ERR; break; @@ -2036,13 +2095,13 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA, if (tableInit) { for (x = 0; x < 16; x++) { - wc_ecc_del_point(precomp[x]); + wc_ecc_del_point_h(precomp[x], heap); } } ForceZero(tA, ECC_BUFSIZE); ForceZero(tB, ECC_BUFSIZE); - XFREE(tA, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tB, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tA, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tB, heap, DYNAMIC_TYPE_TMP_BUFFER); return err; } @@ -2155,8 +2214,8 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, } /* allocate points */ - mG = wc_ecc_new_point(); - mQ = wc_ecc_new_point(); + mG = wc_ecc_new_point_h(key->heap); + mQ = wc_ecc_new_point_h(key->heap); if (mQ == NULL || mG == NULL) err = MEMORY_E; @@ -2223,9 +2282,9 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, /* compute u1*mG + u2*mQ = mG */ if (err == MP_OKAY) - err = wc_ecc_mulmod(&u1, mG, mG, &m, 0); + err = wc_ecc_mulmod_ex(&u1, mG, mG, &m, 0, key->heap); if (err == MP_OKAY) - err = wc_ecc_mulmod(&u2, mQ, mQ, &m, 0); + err = wc_ecc_mulmod_ex(&u2, mQ, mQ, &m, 0, key->heap); /* find the montgomery mp */ if (err == MP_OKAY) @@ -2242,7 +2301,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, #else /* use Shamir's trick to compute u1*mG + u2*mQ using half the doubles */ if (err == MP_OKAY) - err = ecc_mul2add(mG, &u1, mQ, &u2, mG, &m); + err = ecc_mul2add(mG, &u1, mQ, &u2, mG, &m, key->heap); #endif /* ECC_SHAMIR */ /* v = X_x1 mod n */ @@ -2255,8 +2314,8 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, *stat = 1; } - wc_ecc_del_point(mG); - wc_ecc_del_point(mQ); + wc_ecc_del_point_h(mG, key->heap); + wc_ecc_del_point_h(mQ, key->heap); mp_clear(&v); mp_clear(&w); @@ -2619,7 +2678,7 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* prime) if (key == NULL) return BAD_FUNC_ARG; - base = wc_ecc_new_point(); + base = wc_ecc_new_point_h(key->heap); if (base == NULL) return MEMORY_E; @@ -2631,11 +2690,11 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* prime) mp_set(base->z, 1); if (err == MP_OKAY) { - res = wc_ecc_new_point(); + res = wc_ecc_new_point_h(key->heap); if (res == NULL) err = MEMORY_E; else { - err = wc_ecc_mulmod(&key->k, base, res, prime, 1); + err = wc_ecc_mulmod_ex(&key->k, base, res, prime, 1, key->heap); if (err == MP_OKAY) { /* compare result to public key */ if (mp_cmp(res->x, key->pubkey.x) != MP_EQ || @@ -2648,8 +2707,8 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* prime) } } - wc_ecc_del_point(res); - wc_ecc_del_point(base); + wc_ecc_del_point_h(res, key->heap); + wc_ecc_del_point_h(base, key->heap); return err; } @@ -2692,16 +2751,16 @@ static int ecc_check_pubkey_order(ecc_key* key, mp_int* prime, mp_int* order) if (key == NULL) return BAD_FUNC_ARG; - inf = wc_ecc_new_point(); + inf = wc_ecc_new_point_h(key->heap); if (inf == NULL) err = MEMORY_E; else { - err = wc_ecc_mulmod(order, &key->pubkey, inf, prime, 1); + err = wc_ecc_mulmod_ex(order, &key->pubkey, inf, prime, 1, key->heap); if (err == MP_OKAY && !wc_ecc_point_is_at_infinity(inf)) err = ECC_INF_E; } - wc_ecc_del_point(inf); + wc_ecc_del_point_h(inf, key->heap); return err; } @@ -4306,7 +4365,8 @@ static int accel_fp_mul2add(int idx1, int idx2, return ecc_map(R, modulus, mp); } -/** ECC Fixed Point mulmod global + +/** ECC Fixed Point mulmod global with heap hint used Computes kA*A + kB*B = C using Shamir's Trick A First point to multiply kA What to multiple A by @@ -4318,7 +4378,7 @@ static int accel_fp_mul2add(int idx1, int idx2, */ int ecc_mul2add(ecc_point* A, mp_int* kA, ecc_point* B, mp_int* kB, - ecc_point* C, mp_int* modulus) + ecc_point* C, mp_int* modulus, void* heap) { int idx1 = -1, idx2 = -1, err = MP_OKAY, mpInit = 0; mp_digit mp; @@ -4416,7 +4476,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA, if (err == MP_OKAY) err = accel_fp_mul2add(idx1, idx2, kA, kB, C, modulus, &mp); } else { - err = normal_ecc_mul2add(A, kA, B, kB, C, modulus); + err = normal_ecc_mul2add(A, kA, B, kB, C, modulus, heap); } } @@ -4440,6 +4500,22 @@ int ecc_mul2add(ecc_point* A, mp_int* kA, */ int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus, int map) +{ + return wc_ecc_mulmod_h(k, G, R, modulus, map, NULL); +} + + +/** ECC Fixed Point mulmod global + k The multiplicand + G Base point to multiply + R [out] Destination of product + modulus The modulus for the curve + map [boolean] If non-zero maps the point back to affine co-ordinates, + otherwise it's left in jacobian-montgomery form + return MP_OKAY if successful +*/ +int wc_ecc_mulmod_h(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus, + int map, void* heap) { int idx, err = MP_OKAY; mp_digit mp; @@ -4503,7 +4579,7 @@ int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus, if (err == MP_OKAY) err = accel_fp_mul(idx, k, R, modulus, &mp, map); } else { - err = normal_ecc_mulmod(k, G, R, modulus, map); + err = normal_ecc_mulmod(k, G, R, modulus, map, heap); } } @@ -4589,6 +4665,7 @@ struct ecEncCtx { word32 kdfSaltSz; /* size of kdfSalt */ word32 kdfInfoSz; /* size of kdfInfo */ word32 macSaltSz; /* size of macSalt */ + void* heap; /* heap hint for memory used */ byte clientSalt[EXCHANGE_SALT_SZ]; /* for msg exchange */ byte serverSalt[EXCHANGE_SALT_SZ]; /* for msg exchange */ byte encAlgo; /* which encryption type */ @@ -4736,14 +4813,16 @@ int wc_ecc_ctx_reset(ecEncCtx* ctx, WC_RNG* rng) } -/* alloc/init and set defaults, return new Context */ -ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng) +ecEncCtx* wc_ecc_ctx_new_h(int flags, WC_RNG* rng, void* heap) { int ret = 0; - ecEncCtx* ctx = (ecEncCtx*)XMALLOC(sizeof(ecEncCtx), 0, DYNAMIC_TYPE_ECC); + ecEncCtx* ctx = (ecEncCtx*)XMALLOC(sizeof(ecEncCtx), heap, + DYNAMIC_TYPE_ECC); - if (ctx) + if (ctx) { ctx->protocol = (byte)flags; + ctx->heap = heap; + } ret = wc_ecc_ctx_reset(ctx, rng); if (ret != 0) { @@ -4755,6 +4834,13 @@ ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng) } +/* alloc/init and set defaults, return new Context */ +ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng) +{ + return wc_ecc_ctx_new_h(flags, rng, NULL); +} + + /* free any resources, clear any keys */ void wc_ecc_ctx_free(ecEncCtx* ctx) { diff --git a/wolfcrypt/src/hc128.c b/wolfcrypt/src/hc128.c index e6344ae103..286327c114 100644 --- a/wolfcrypt/src/hc128.c +++ b/wolfcrypt/src/hc128.c @@ -288,10 +288,31 @@ static INLINE int DoKey(HC128* ctx, const byte* key, const byte* iv) } +int wc_Hc128_SetHeap(HC128* ctx, void* heap) +{ + if (ctx == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef XSTREAM_ALIGN + ctx->heap = heap; +#endif + + (void)heap; + return 0; +} + /* Key setup */ int wc_Hc128_SetKey(HC128* ctx, const byte* key, const byte* iv) { #ifdef XSTREAM_ALIGN + /* default heap to NULL or heap test value */ + #ifdef WOLFSSL_HEAP_TEST + ctx->heap = (void*)WOLFSSL_HEAP_TEST; + #else + ctx->heap = NULL; + #endif /* WOLFSSL_HEAP_TEST */ + if ((wolfssl_word)key % 4) { int alignKey[4]; @@ -369,14 +390,14 @@ int wc_Hc128_Process(HC128* ctx, byte* output, const byte* input, word32 msglen) byte* tmp; WOLFSSL_MSG("Hc128Process unaligned"); - tmp = (byte*)XMALLOC(msglen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmp = (byte*)XMALLOC(msglen, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) return MEMORY_E; XMEMCPY(tmp, input, msglen); DoProcess(ctx, tmp, tmp, msglen); XMEMCPY(output, tmp, msglen); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); return 0; #else diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index b1e696ce25..23b53b3057 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -626,6 +626,13 @@ int wc_HmacInitCavium(Hmac* hmac, int devId) hmac->innerHashKeyed = 0; + /* default to NULL heap hint or test value */ +#ifdef WOLFSSL_HEAP_TEST + hmac->heap = (void)WOLFSSL_HEAP_TEST; +#else + hmac->heap = NULL; +#endif + return 0; } @@ -681,7 +688,7 @@ static int HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length) return -1; } - tmp = XMALLOC(hmac->dataLen + add, NULL,DYNAMIC_TYPE_CAVIUM_TMP); + tmp = XMALLOC(hmac->dataLen + add, hmac->heap ,DYNAMIC_TYPE_CAVIUM_TMP); if (tmp == NULL) { WOLFSSL_MSG("Out of memory for cavium update"); return -1; @@ -691,7 +698,7 @@ static int HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length) XMEMCPY(tmp + hmac->dataLen, msg, add); hmac->dataLen += add; - XFREE(hmac->data, NULL, DYNAMIC_TYPE_CAVIUM_TMP); + XFREE(hmac->data, hmac->heap, DYNAMIC_TYPE_CAVIUM_TMP); hmac->data = tmp; return 0; diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index 3cd9fcb0ee..b5bc701f9d 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -74,6 +74,7 @@ int wolfSSL_SetAllocators(wolfSSL_Malloc_cb mf, return res; } +#ifndef WOLFSSL_STATIC_MEMORY #ifdef WOLFSSL_DEBUG_MEMORY void* wolfSSL_Malloc(size_t size, const char* func, unsigned int line) #else @@ -140,29 +141,19 @@ void* wolfSSL_Realloc(void *ptr, size_t size) return res; } +#endif /* WOLFSSL_STATIC_MEMORY */ #ifdef WOLFSSL_STATIC_MEMORY typedef struct wc_Memory { word32 sz; byte* buffer; - byte kill; struct wc_Memory* next; } wc_Memory; -#if WC_STATIC_ALIGN < 10 +#if WOLFSSL_STATIC_ALIGN < 10 #error Alignment is less than wc_Memory struct #endif -/* size of chunks of memory to seperate into */ -#define WC_MAX_BUCKETS 9 -static word32 bucket[] = { 64, 128, 256, 512, 1024, 2400, 3408, 4544, 16000 }; -static word32 bucketDist[] = { 8, 4, 4, 12, 4, 5, 2, 1, 1 }; -static wc_Memory* available[WC_MAX_BUCKETS]; -static word32 inUse = 0; /* amount of static memory in use by wolfSSL */ -static byte useStaticMemory = 1; -static volatile byte createMutex = 1; -static wolfSSL_Mutex memory_mutex; - /* returns amount of memory used on success. On error returns negative value wc_Memory** list is the list that new buckets are prepended to @@ -174,21 +165,16 @@ static int create_memory_buckets(byte* buffer, word32 bufSz, int ret = 0; /* if not enough space available for bucket size then do not try */ - if (buckSz + WC_STATIC_ALIGN > bufSz) { + if (buckSz + WOLFSSL_STATIC_ALIGN > bufSz) { return ret; } - if (LockMutex(&memory_mutex) != 0) { - return BAD_MUTEX_E; - } - for (i = 0; i < buckNum; i++) { - if ((buckSz + WC_STATIC_ALIGN) <= (bufSz - ret)) { + if ((buckSz + WOLFSSL_STATIC_ALIGN) <= (bufSz - ret)) { /* create a new struct and set its values */ wc_Memory* mem = (struct wc_Memory*)pt; mem->sz = buckSz; - mem->buffer = (byte*)pt + WC_STATIC_ALIGN; - mem->kill = 0; + mem->buffer = (byte*)pt + WOLFSSL_STATIC_ALIGN; mem->next = NULL; /* add the newly created struct to front of list */ @@ -200,109 +186,27 @@ static int create_memory_buckets(byte* buffer, word32 bufSz, } /* advance pointer and keep track of memory used */ - ret += buckSz + WC_STATIC_ALIGN; - pt += WC_STATIC_ALIGN + buckSz; + ret += buckSz + WOLFSSL_STATIC_ALIGN; + pt += WOLFSSL_STATIC_ALIGN + buckSz; } else { break; /* not enough space left for more buckets of this size */ } } - UnLockMutex(&memory_mutex); - return ret; } - -/* Starts at left most address and free until either used memory is encounterd - or end of buffer is. - Returns amount of buffer freed on success and a negative value on fail. - */ -int wolfSSL_unload_static_memory(byte* buffer, word32 sz, word32* amt) -{ - wc_Memory* cur = NULL; - wc_Memory* fre = NULL; - wc_Memory* prv = NULL; - int i; - word32 idx = 0; - - WOLFSSL_ENTER("wolfSSL_unload_static_memory"); - - if (buffer == NULL || sz == 0 || amt == NULL) { - return BAD_FUNC_ARG; - } - - if (LockMutex(&memory_mutex) != 0) { - return BAD_MUTEX_E; - } - - /* too small of memory to be placed as a bucket */ - if (sz < bucket[0] + WC_STATIC_ALIGN) { - *amt = sz; - return 1; - } - - /* advance past alignment padding */ - while ((word64)(buffer + idx) % WC_STATIC_ALIGN && idx < sz) { idx++; } - - /* buffer should be already divided up into wc_Memory structs */ - while (idx < (sz - bucket[0] - WC_STATIC_ALIGN)) { - cur = (struct wc_Memory*)(buffer + idx); - prv = NULL; - - for (i = 0; i < WC_MAX_BUCKETS; i++) { - if (bucket[i] >= cur->sz) break; - } - fre = available[i]; - - /* find the matching address of the memory in available stack */ - while (fre != NULL && (cur != fre)) { - prv = fre; - fre = fre->next; - } - - if (fre == NULL) { - WOLFSSL_MSG("Could not find static memory address to free"); - break; - } - - /* fix linked list to jump over the link to free */ - if (prv) { - prv->next = fre->next; - } - - /* case if memory is head of stack */ - if (available[i] == fre) { - available[i] = fre->next; - } - - idx += WC_STATIC_ALIGN + fre->sz; - fre = NULL; - } - - UnLockMutex(&memory_mutex); - - /* account for some left over memory that could not be used for a bucket */ - if (idx > (sz - (bucket[0] + WC_STATIC_ALIGN))) { - *amt = sz; /* all posssible was freed */ - return 1; - } - else { - *amt = idx; - return 0; - } -} - - -int wolfSSL_load_static_memory(byte* buffer, word32 sz) +int wolfSSL_load_static_memory(byte* buffer, word32 sz, int flag, + WOLFSSL_HEAP* heap) { word32 ava = sz; byte* pt = buffer; int ret = 0; #ifdef WOLFSSL_TRACK_MEMORY_FULL - word32 created_buckets[WC_MAX_BUCKETS]; + word32 created_buckets[WOLFMEM_MAX_BUCKETS]; int j; XMEMSET(created_buckets, 0, sizeof(created_buckets)); #endif @@ -313,185 +217,239 @@ int wolfSSL_load_static_memory(byte* buffer, word32 sz) return BAD_FUNC_ARG; } - #ifdef WOLFSSL_TRACK_MEMORY_FULL - printf("\t%u bytes passed in\n", sz); - printf("\tAddress %p - %p\n", buffer, buffer + sz); - #endif - /* align pt */ - while ((word64)pt % WC_STATIC_ALIGN && pt < (buffer + sz)) { + while ((word64)pt % WOLFSSL_STATIC_ALIGN && pt < (buffer + sz)) { *pt = 0x00; pt++; } - if (createMutex) { - if (InitMutex(&memory_mutex) != 0) { - WOLFSSL_MSG("Bad mutex init"); - return BAD_MUTEX_E; - } - createMutex = 0; + if (InitMutex(&(heap->memory_mutex)) != 0) { + WOLFSSL_MSG("Bad mutex init"); + return BAD_MUTEX_E; } /* devide into chunks of memory and add them to available list */ - while (ava >= (bucket[0] + WC_STATIC_ALIGN)) { + while (ava >= (heap->sizeList[0] + WOLFSSL_STATIC_ALIGN)) { int i; - /* start at largest and move to smaller buckets */ - for (i = (WC_MAX_BUCKETS - 1); i >= 0; i--) { - if ((bucket[i] + WC_STATIC_ALIGN) <= ava) { - if ((ret = create_memory_buckets(pt, ava, - bucket[i], bucketDist[i], &available[i])) < 0) { - WOLFSSL_LEAVE("wolfSSL_load_static_memory", ret); - return ret; - } - #ifdef WOLFSSL_TRACK_MEMORY_FULL - /* if defined keep track of buckets created for printing stats*/ - for (j = 0; (j + bucket[i] + WC_STATIC_ALIGN) <=(word32)ret; - j += bucket[i] + WC_STATIC_ALIGN) { - created_buckets[i]++; - } - #endif + /* creating only IO buffers from memory passed in, max TLS is 16k */ + if (flag & WOLFMEM_IO_POOL || flag & WOLFMEM_IO_POOL_FIXED) { + if ((ret = create_memory_buckets(pt, ava, + WOLFMEM_IO_SZ, 1, &(heap->io))) < 0) { + WOLFSSL_LEAVE("wolfSSL_load_static_memory", ret); + return ret; + } - /* advance pointer in buffer for next buckets and keep track - of how much memory is left available */ - pt += ret; - ava -= ret; + /* check if no more room left for creating IO buffers */ + if (ret == 0) { + break; + } + + /* advance pointer in buffer for next buckets and keep track + of how much memory is left available */ + pt += ret; + ava -= ret; + } + else { + /* start at largest and move to smaller buckets */ + for (i = (WOLFMEM_MAX_BUCKETS - 1); i >= 0; i--) { + if ((heap->sizeList[i] + WOLFSSL_STATIC_ALIGN) <= ava) { + if ((ret = create_memory_buckets(pt, ava, heap->sizeList[i], + heap->distList[i], &(heap->ava[i]))) < 0) { + WOLFSSL_LEAVE("wolfSSL_load_static_memory", ret); + return ret; + } + #ifdef WOLFSSL_TRACK_MEMORY_FULL + /* if defined keep track of buckets created for stats*/ + for (j = 0; (j + heap->sizeList[i] + + WOLFSSL_STATIC_ALIGN) <= (word32)ret; j += + heap->sizeList[i] + WOLFSSL_STATIC_ALIGN) { + created_buckets[i]++; + } + #endif + + /* advance pointer in buffer for next buckets and keep track + of how much memory is left available */ + pt += ret; + ava -= ret; + } } } } - #ifdef WOLFSSL_TRACK_MEMORY_FULL - /* if defined print out stats of number of buckets created */ - printf("Created Memory Buckets :\n"); - for (j = 0; j < WC_MAX_BUCKETS; j++) { - printf("Created %d\tof bucket size %d\n", created_buckets[j], - bucket[j]); - } - #endif - return 1; } -int wolfSSL_use_static_memory(byte flag) +int FreeFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io) { + WOLFSSL_MSG("Freeing fixed IO buffer"); - WOLFSSL_ENTER("wolfSSL_use_static_memory"); + /* check if fixed buffer was set */ + if (*io == NULL) { + return 1; + } - useStaticMemory = flag; + if (heap == NULL) { + WOLFSSL_MSG("No heap to return fixed IO too"); + } - return 0; + /* put IO buffer back into IO pool */ + (*io)->next = heap->io; + heap->io = *io; + *io = NULL; + + return 1; } -word32 wolfSSL_static_memory_inUse() +int SetFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io) { + WOLFSSL_MSG("Setting fixed IO for SSL"); + if (heap == NULL) { + return MEMORY_E; + } - WOLFSSL_ENTER("wolfSSL_static_memory_inUse"); + *io = heap->io; - return inUse; + if (*io != NULL) { + heap->io = (*io)->next; + (*io)->next = NULL; + } + else { /* failed to grab an IO buffer */ + return 0; + } + + return 1; } -void* wolfSSL_Malloc_Static(size_t size) +int wolfSSL_GetMemStats(WOLFSSL_HEAP* heap, WOLFSSL_MEM_STATS* stats) +{ + word32 i; + wc_Memory* pt; + + XMEMSET(stats, 0, sizeof(WOLFSSL_MEM_STATS)); + + stats->totalAlloc = heap->alloc; + stats->totalFr = heap->frAlc; + stats->curAlloc = stats->totalAlloc - stats->totalFr; + stats->maxHa = heap->maxHa; + stats->maxIO = heap->maxIO; + for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) { + stats->blockSz[i] = heap->sizeList[i]; + for (pt = heap->ava[i]; pt != NULL; pt = pt->next) { + stats->avaBlock[i] += 1; + } + } + + for (pt = heap->io; pt != NULL; pt = pt->next) { + stats->avaIO++; + } + + stats->flag = heap->flag; /* flag used */ + + return 1; +} + + +void* wolfSSL_Malloc(size_t size, void* heap, int type) { void* res = 0; wc_Memory* pt = NULL; int i; - if (useStaticMemory == 0) { - pt = malloc(size + WC_STATIC_ALIGN); - pt->buffer = (byte*)pt + WC_STATIC_ALIGN; - pt->sz = (word32)size; - pt->kill = 1; - pt->next = NULL; - res = pt->buffer; + /* check for testing heap hint was set */ +#ifdef WOLFSSL_HEAP_TEST + if (heap == (void*)WOLFSSL_HEAP_TEST) { + return malloc(size); + } +#endif + + /* if no heap hint then use dynamic memory*/ + if (heap == NULL) { + #ifdef WOLFSSL_HEAP_TEST + /* allow using malloc for creating ctx and method */ + if (type == DYNAMIC_TYPE_CTX || type == DYNAMIC_TYPE_METHOD || + type == DYNAMIC_TYPE_CERT_MANAGER) { + WOLFSSL_MSG("ERROR allowing null heap hint for ctx/method\n"); + res = malloc(size); + } + else { + WOLFSSL_MSG("ERROR null heap hint passed into XMALLOC\n"); + res = NULL; + } + #else + res = malloc(size); + #endif } else { + WOLFSSL_HEAP_HINT* hint = (WOLFSSL_HEAP_HINT*)heap; + WOLFSSL_HEAP* mem = hint->memory; - if (LockMutex(&memory_mutex) != 0) { + if (LockMutex(&(mem->memory_mutex)) != 0) { WOLFSSL_MSG("Bad memory_mutex lock"); return NULL; } - for (i = 0; i < WC_MAX_BUCKETS; i++) { - if ((word32)size < bucket[i]) { - if (available[i] != NULL) { - pt = available[i]; - available[i] = pt->next; - res = pt->buffer; - inUse += pt->sz + WC_STATIC_ALIGN; - #ifdef WOLFSSL_TRACK_MEMORY_FULL - printf("used bucket at address %p size of %d for size" - " req %d\n", res, bucket[i], (word32)size); - #endif - break; - } + /* case of using fixed IO buffers */ + if (mem->flag & WOLFMEM_IO_POOL_FIXED) { + if (type == DYNAMIC_TYPE_OUT_BUFFER) { + pt = hint->outBuf; + } + if (type == DYNAMIC_TYPE_IN_BUFFER) { + pt = hint->inBuf; } } - UnLockMutex(&memory_mutex); + /* check if using IO pool flag */ + if (mem->flag & WOLFMEM_IO_POOL && pt == NULL && + (type == DYNAMIC_TYPE_OUT_BUFFER || + type == DYNAMIC_TYPE_IN_BUFFER)) { + if (mem->io != NULL) { + pt = mem->io; + mem->io = pt->next; + } + } - /* case when no memory size is available */ + /* general static memory */ if (pt == NULL) { - - #ifdef WOLFSSL_TRACK_MEMORY_FULL - { - int k, j; - printf("\tRequested size %lu\n\tAvailable memory " - "buckets\n", size); - for (k = 0; k < WC_MAX_BUCKETS; k++) { - pt = available[k]; - j = 0; - while (pt) { - j++; - pt = pt->next; - } - printf("\t%d of bucket %d\n", j, bucket[k]); + for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) { + if ((word32)size < mem->sizeList[i]) { + if (mem->ava[i] != NULL) { + pt = mem->ava[i]; + mem->ava[i] = pt->next; + break; } } - #endif - - /* check if too large and never going to get memory needed */ - if ((word32)size > bucket[WC_MAX_BUCKETS-1]) { - WOLFSSL_MSG("Size of malloc is too large"); - return NULL; - } - - /* wait then try again if set to */ - if (WOLFSSL_STATIC_TIMEOUT > 0) { - WOLFSSL_MSG("Waiting for available memory bucket"); - XSLEEP(WOLFSSL_STATIC_TIMEOUT); - - - if (LockMutex(&memory_mutex) != 0) { - WOLFSSL_MSG("Bad memory_mutex lock"); - return NULL; - } - - for (i = 0; i < WC_MAX_BUCKETS; i++) { - if ((word32)size < bucket[i]) { - if (available[i] != NULL) { - pt = available[i]; - available[i] = pt->next; - res = pt->buffer; - inUse += pt->sz + WC_STATIC_ALIGN; - #ifdef WOLFSSL_TRACK_MEMORY_FULL - printf("used bucket at address %p size of %d" - " for size req %d\n", res, bucket[i], - (word32)size); - #endif - break; - } - } - } - - UnLockMutex(&memory_mutex); - } - - if (pt == NULL) { - WOLFSSL_MSG("No available memory bucket"); } } + + if (pt != NULL) { + mem->inUse += pt->sz + WOLFSSL_STATIC_ALIGN; + mem->alloc += 1; + res = pt->buffer; + + /* keep track of connection statistics if flag is set */ + if (mem->flag & WOLFMEM_TRACK_STATS) { + WOLFSSL_MEM_CONN_STATS* stats = hint->stats; + if (stats != NULL) { + stats->curMem += pt->sz + WOLFSSL_STATIC_ALIGN; + if (stats->peakMem < stats->curMem) { + stats->peakMem = stats->curMem; + } + stats->curAlloc++; + if (stats->peakAlloc < stats->curAlloc) { + stats->peakAlloc = stats->curAlloc; + } + stats->totalAlloc++; + } + } + } + else { + WOLFSSL_MSG("ERROR ran out of static memory"); + } + + UnLockMutex(&(mem->memory_mutex)); } #ifdef WOLFSSL_MALLOC_CHECK @@ -501,179 +459,179 @@ void* wolfSSL_Malloc_Static(size_t size) (void)i; (void)pt; + (void)type; return res; } -void wolfSSL_Free_Static(void *ptr) + +void wolfSSL_Free(void *ptr, void* heap, int type) { int i; wc_Memory* pt; if (ptr) { - /* get memory struct and add it to available list */ - pt = (wc_Memory*)((byte*)ptr - WC_STATIC_ALIGN); + /* check for testing heap hint was set */ + #ifdef WOLFSSL_HEAP_TEST + if (heap == (void*)WOLFSSL_HEAP_TEST) { + return free(ptr); + } + #endif - if (pt->kill) { - free(pt); + if (heap == NULL) { + #ifdef WOLFSSL_HEAP_TEST + /* allow using malloc for creating ctx and method */ + if (type == DYNAMIC_TYPE_CTX || type == DYNAMIC_TYPE_METHOD || + type == DYNAMIC_TYPE_CERT_MANAGER) { + WOLFSSL_MSG("ERROR allowing null heap hint for ctx/method\n"); + } + else { + WOLFSSL_MSG("ERROR null heap hint passed into XFREE\n"); + } + #endif + free(ptr); } else { - LockMutex(&memory_mutex); + WOLFSSL_HEAP_HINT* hint = (WOLFSSL_HEAP_HINT*)heap; + WOLFSSL_HEAP* mem = hint->memory; - for (i = 0; i < WC_MAX_BUCKETS; i++) { - if (pt->sz == bucket[i]) { - inUse -= WC_STATIC_ALIGN + pt->sz; - pt->next = available[i]; - available[i] = pt; - #ifdef WOLFSSL_TRACK_MEMORY_FULL - printf("\tfreed %p bucket size of %d\n" - ,pt, bucket[i]); - #endif - break; + /* get memory struct and add it to available list */ + pt = (wc_Memory*)((byte*)ptr - WOLFSSL_STATIC_ALIGN); + LockMutex(&(mem->memory_mutex)); + + + /* case of using fixed IO buffers */ + if (mem->flag & WOLFMEM_IO_POOL_FIXED && + (type == DYNAMIC_TYPE_OUT_BUFFER || + type == DYNAMIC_TYPE_IN_BUFFER)) { + /* fixed IO pools are free'd at the end of SSL lifetime + using FreeFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io) */ + } + else if (mem->flag & WOLFMEM_IO_POOL && + (type == DYNAMIC_TYPE_OUT_BUFFER || + type == DYNAMIC_TYPE_IN_BUFFER)) { + pt->next = mem->io; + mem->io = pt; + } + else { /* general memory free */ + for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) { + if (pt->sz == mem->sizeList[i]) { + pt->next = mem->ava[i]; + mem->ava[i] = pt; + break; + } } } - UnLockMutex(&memory_mutex); + mem->inUse -= WOLFSSL_STATIC_ALIGN + pt->sz; + mem->frAlc += 1; + + /* keep track of connection statistics if flag is set */ + if (mem->flag & WOLFMEM_TRACK_STATS) { + WOLFSSL_MEM_CONN_STATS* stats = hint->stats; + if (stats != NULL) { + /* avoid under flow */ + if (stats->curMem > pt->sz + WOLFSSL_STATIC_ALIGN) { + stats->curMem -= pt->sz + WOLFSSL_STATIC_ALIGN; + } + else { + stats->curMem = 0; + } + + if (stats->curAlloc > 0) { + stats->curAlloc--; + } + stats->totalFr++; + } + } + UnLockMutex(&(mem->memory_mutex)); } } (void)i; (void)pt; + (void)type; } -void* wolfSSL_Realloc_Static(void *ptr, size_t size) +void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type) { void* res = 0; wc_Memory* pt = NULL; - int i; + word32 prvSz; + int i; - if (useStaticMemory == 0) { - pt = realloc(ptr, size + WC_STATIC_ALIGN); - pt->buffer = (byte*)pt + WC_STATIC_ALIGN; - pt->sz = (word32)size; - pt->kill = 1; - pt->next = NULL; - res = pt->buffer; + /* check for testing heap hint was set */ +#ifdef WOLFSSL_HEAP_TEST + if (heap == (void*)WOLFSSL_HEAP_TEST) { + return realloc(ptr, size); + } +#endif + + if (heap == NULL) { + #ifdef WOLFSSL_HEAP_TEST + WOLFSSL_MSG("ERROR null heap hint passed in to XREALLOC\n"); + #endif + res = realloc(ptr, size); } else { + WOLFSSL_HEAP_HINT* hint = (WOLFSSL_HEAP_HINT*)heap; + WOLFSSL_HEAP* mem = hint->memory; - if (LockMutex(&memory_mutex) != 0) { + if (LockMutex(&(mem->memory_mutex)) != 0) { WOLFSSL_MSG("Bad memory_mutex lock"); return NULL; } - for (i = 0; i < WC_MAX_BUCKETS; i++) { - if ((word32)size < bucket[i]) { - if (available[i] != NULL) { - word32 prvSz; - - pt = available[i]; - available[i] = pt->next; - res = pt->buffer; - - /* copy over original information and free ptr */ - prvSz = ((wc_Memory*)((byte*)ptr -WC_STATIC_ALIGN))->sz; - prvSz = (prvSz > bucket[i])? bucket[i]: prvSz; - XMEMCPY(pt->buffer, ptr, prvSz); - - /* free memory that was previously being used */ - UnLockMutex(&memory_mutex); - wolfSSL_Free_Static(ptr); - if (LockMutex(&memory_mutex) != 0) { - WOLFSSL_MSG("Bad memory_mutex lock"); - return NULL; - } - - inUse += pt->sz + WC_STATIC_ALIGN; - #ifdef WOLFSSL_TRACK_MEMORY_FULL - printf("realloc used a bucket of %d for size req %d\n", - bucket[i], (word32)size); - #endif - break; - } + /* case of using fixed IO buffers or IO pool */ + if (((mem->flag & WOLFMEM_IO_POOL)||(mem->flag & WOLFMEM_IO_POOL_FIXED)) + && (type == DYNAMIC_TYPE_OUT_BUFFER || + type == DYNAMIC_TYPE_IN_BUFFER)) { + /* no realloc, is fixed size */ + pt = (wc_Memory*)ptr; + if (pt->sz < size) { + WOLFSSL_MSG("Error IO memory was not large enough"); + res = NULL; /* return NULL in error case */ } + res = pt->buffer; } - - UnLockMutex(&memory_mutex); - - /* case when no memory size is available */ - if (pt == NULL) { - - #ifdef WOLFSSL_TRACK_MEMORY_FULL - { - int k, j; - printf("\tRequested size %lu\n\tAvailable memory " - "buckets\n", size); - for (k = 0; k < WC_MAX_BUCKETS; k++) { - pt = available[k]; - j = 0; - while (pt) { - j++; - pt = pt->next; - } - printf("\t%d of bucket %d\n", j, bucket[k]); + else { + /* general memory */ + for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) { + if ((word32)size < mem->sizeList[i]) { + if (mem->ava[i] != NULL) { + pt = mem->ava[i]; + mem->ava[i] = pt->next; + break; } } - #endif - - /* check if too large and never going to get memory needed */ - if ((word32)size > bucket[WC_MAX_BUCKETS-1]) { - WOLFSSL_MSG("Size of malloc is too large"); - return NULL; } - if (WOLFSSL_STATIC_TIMEOUT > 0) { - WOLFSSL_MSG("Waiting for available memory bucket"); - XSLEEP(WOLFSSL_STATIC_TIMEOUT); + if (pt != NULL && res == NULL) { + res = pt->buffer; - if (LockMutex(&memory_mutex) != 0) { + /* copy over original information and free ptr */ + prvSz = ((wc_Memory*)((byte*)ptr - + WOLFSSL_STATIC_ALIGN))->sz; + prvSz = (prvSz > pt->sz)? pt->sz: prvSz; + XMEMCPY(pt->buffer, ptr, prvSz); + mem->inUse += pt->sz + WOLFSSL_STATIC_ALIGN; + mem->alloc += 1; + + /* free memory that was previously being used */ + UnLockMutex(&(mem->memory_mutex)); + wolfSSL_Free(ptr, heap, type); + if (LockMutex(&(mem->memory_mutex)) != 0) { WOLFSSL_MSG("Bad memory_mutex lock"); return NULL; } - - for (i = 0; i < WC_MAX_BUCKETS; i++) { - if ((word32)size < bucket[i]) { - if (available[i] != NULL) { - word32 prvSz; - - pt = available[i]; - available[i] = pt->next; - res = pt->buffer; - - /* copy over original information and free ptr*/ - prvSz = ((wc_Memory*)((byte*)ptr - - WC_STATIC_ALIGN))->sz; - prvSz = (prvSz > bucket[i])? bucket[i]: prvSz; - XMEMCPY(pt->buffer, ptr, prvSz); - - /* free memory that was previously being used */ - UnLockMutex(&memory_mutex); - wolfSSL_Free_Static(ptr); - if (LockMutex(&memory_mutex) != 0) { - WOLFSSL_MSG("Bad memory_mutex lock"); - return NULL; - } - - inUse += pt->sz + WC_STATIC_ALIGN; - #ifdef WOLFSSL_TRACK_MEMORY_FULL - printf("realloc used a bucket of %d for size" - " req %d\n", bucket[i], (word32)size); - #endif - break; - } - } - } - UnLockMutex(&memory_mutex); - } - - if (pt == NULL) { - WOLFSSL_MSG("No available memory bucket"); } } + UnLockMutex(&(mem->memory_mutex)); } (void)i; (void)pt; + (void)type; return res; } diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 0b78d23e43..ce83ea2e0f 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -139,13 +139,32 @@ int wc_GetContentType(const byte* input, word32* inOutIdx, word32* oid, } +int wc_PKCS7_SetHeap(PKCS7* pkcs7, void* heap) +{ + if (pkcs7 == NULL) { + return BAD_FUNC_ARG; + } + pkcs7->heap = heap; + + return 0; +} + + /* init PKCS7 struct with recipient cert, decode into DecodedCert */ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz) { int ret = 0; XMEMSET(pkcs7, 0, sizeof(PKCS7)); - if (cert != NULL && certSz > 0) { + + /* default heap hint is null or test value */ +#ifdef WOLFSSL_HEAP_TEST + pkcs7->heap = (void*)WOLFSSL_HEAP_TEST; +#else + pkcs7->heap = NULL; +#endif + + if (cert != NULL && certSz > 0) { #ifdef WOLFSSL_SMALL_STACK DecodedCert* dCert; @@ -160,7 +179,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz) pkcs7->singleCert = cert; pkcs7->singleCertSz = certSz; - InitDecodedCert(dCert, cert, certSz, 0); + InitDecodedCert(dCert, cert, certSz, pkcs7->heap); ret = ParseCert(dCert, CA_TYPE, NO_VERIFY, 0); if (ret < 0) { @@ -435,12 +454,13 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) esd->signedAttribsSz += EncodeAttributes(&esd->signedAttribs[2], 4, pkcs7->signedAttribs, pkcs7->signedAttribsSz); - flatSignedAttribs = (byte*)XMALLOC(esd->signedAttribsSz, 0, NULL); + flatSignedAttribs = (byte*)XMALLOC(esd->signedAttribsSz, pkcs7->heap, + DYNAMIC_TYPE_PKCS); flatSignedAttribsSz = esd->signedAttribsSz; if (flatSignedAttribs == NULL) { #ifdef WOLFSSL_SMALL_STACK XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif +#endif return MEMORY_E; } FlattenAttributes(flatSignedAttribs, @@ -475,7 +495,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) ret = wc_InitSha(&esd->sha); if (ret < 0) { - XFREE(flatSignedAttribs, 0, NULL); + XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS); #ifdef WOLFSSL_SMALL_STACK XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -526,13 +546,13 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) } #endif - result = wc_InitRsaKey(privKey, NULL); + result = wc_InitRsaKey(privKey, pkcs7->heap); if (result == 0) result = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &scratch, privKey, pkcs7->privateKeySz); if (result < 0) { if (pkcs7->signedAttribsSz != 0) - XFREE(flatSignedAttribs, 0, NULL); + XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS); #ifdef WOLFSSL_SMALL_STACK XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -555,7 +575,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) if (result < 0) { if (pkcs7->signedAttribsSz != 0) - XFREE(flatSignedAttribs, 0, NULL); + XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS); #ifdef WOLFSSL_SMALL_STACK XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -598,7 +618,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) if (outputSz < totalSz) { if (pkcs7->signedAttribsSz != 0) - XFREE(flatSignedAttribs, 0, NULL); + XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS); #ifdef WOLFSSL_SMALL_STACK XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -657,7 +677,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) idx += esd->signedAttribSetSz; XMEMCPY(output + idx, flatSignedAttribs, flatSignedAttribsSz); idx += flatSignedAttribsSz; - XFREE(flatSignedAttribs, 0, NULL); + XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS); } XMEMCPY(output + idx, esd->digEncAlgoId, esd->digEncAlgoIdSz); @@ -896,7 +916,7 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz) XMEMSET(digest, 0, MAX_PKCS7_DIGEST_SZ); - ret = wc_InitRsaKey(key, NULL); + ret = wc_InitRsaKey(key, pkcs7->heap); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -936,8 +956,8 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz) WOLFSSL_LOCAL int wc_CreateRecipientInfo(const byte* cert, word32 certSz, int keyEncAlgo, int blockKeySz, WC_RNG* rng, byte* contentKeyPlain, - byte* contentKeyEnc, - int* keyEncSz, byte* out, word32 outSz) + byte* contentKeyEnc, int* keyEncSz, + byte* out, word32 outSz, void* heap) { word32 idx = 0; int ret = 0, totalSz = 0; @@ -980,7 +1000,7 @@ WOLFSSL_LOCAL int wc_CreateRecipientInfo(const byte* cert, word32 certSz, DecodedCert* decoded = &stack_decoded; #endif - InitDecodedCert(decoded, (byte*)cert, certSz, 0); + InitDecodedCert(decoded, (byte*)cert, certSz, heap); ret = ParseCert(decoded, CA_TYPE, NO_VERIFY, 0); if (ret < 0) { FreeDecodedCert(decoded); @@ -1252,7 +1272,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) recipSz = wc_CreateRecipientInfo(pkcs7->singleCert, pkcs7->singleCertSz, RSAk, blockKeySz, &rng, contentKeyPlain, contentKeyEnc, &contentKeyEncSz, recip, - MAX_RECIP_SZ); + MAX_RECIP_SZ, pkcs7->heap); ForceZero(contentKeyEnc, MAX_ENCRYPTED_KEY_SZ); @@ -1293,7 +1313,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) padSz = DES_BLOCK_SIZE - (pkcs7->contentSz % DES_BLOCK_SIZE); desOutSz = pkcs7->contentSz + padSz; - plain = (byte*)XMALLOC(desOutSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + plain = (byte*)XMALLOC(desOutSz, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); if (plain == NULL) { #ifdef WOLFSSL_SMALL_STACK XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER); @@ -1306,9 +1326,10 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) plain[pkcs7->contentSz + i] = (byte)padSz; } - encryptedContent = (byte*)XMALLOC(desOutSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + encryptedContent = (byte*)XMALLOC(desOutSz, pkcs7->heap, + DYNAMIC_TYPE_TMP_BUFFER); if (encryptedContent == NULL) { - XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #ifdef WOLFSSL_SMALL_STACK XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER); #endif @@ -1324,8 +1345,8 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) oidBlkType, ivOctetStringSz + DES_BLOCK_SIZE); if (contentEncAlgoSz == 0) { - XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #ifdef WOLFSSL_SMALL_STACK XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER); #endif @@ -1342,8 +1363,8 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) wc_Des_CbcEncrypt(&des, encryptedContent, plain, desOutSz); if (ret != 0) { - XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #ifdef WOLFSSL_SMALL_STACK XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER); #endif @@ -1359,8 +1380,8 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) ret = wc_Des3_CbcEncrypt(&des3, encryptedContent, plain, desOutSz); if (ret != 0) { - XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #ifdef WOLFSSL_SMALL_STACK XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER); #endif @@ -1395,8 +1416,8 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) if (totalSz > (int)outputSz) { WOLFSSL_MSG("Pkcs7_encrypt output buffer too small"); - XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #ifdef WOLFSSL_SMALL_STACK XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER); #endif @@ -1434,9 +1455,9 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) ForceZero(contentKeyPlain, MAX_CONTENT_KEY_LEN); - XFREE(plain, NULL, DYNAMMIC_TYPE_TMP_BUFFER); - XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); - + XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + #ifdef WOLFSSL_SMALL_STACK XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER); #endif @@ -1702,8 +1723,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, #endif return ASN_PARSE_E; } - - encryptedContent = (byte*)XMALLOC(encryptedContentSz, NULL, + + encryptedContent = (byte*)XMALLOC(encryptedContentSz, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); if (encryptedContent == NULL) { #ifdef WOLFSSL_SMALL_STACK @@ -1725,7 +1746,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, ret = wc_InitRsaKey(privKey, 0); if (ret != 0) { - XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #ifdef WOLFSSL_SMALL_STACK XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1739,7 +1760,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, pkcs7->privateKeySz); if (ret != 0) { WOLFSSL_MSG("Failed to decode RSA private key"); - XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #ifdef WOLFSSL_SMALL_STACK XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1757,7 +1778,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, #endif if (keySz <= 0) { - XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #ifdef WOLFSSL_SMALL_STACK XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -1774,7 +1795,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, encryptedContentSz); if (ret != 0) { - XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #ifdef WOLFSSL_SMALL_STACK XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -1789,7 +1810,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, encryptedContentSz); if (ret != 0) { - XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #ifdef WOLFSSL_SMALL_STACK XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -1797,7 +1818,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, } } else { WOLFSSL_MSG("Unsupported content encryption OID type"); - XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #ifdef WOLFSSL_SMALL_STACK XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -1812,11 +1833,11 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, /* free memory, zero out keys */ ForceZero(encryptedKey, MAX_ENCRYPTED_KEY_SZ); ForceZero(encryptedContent, encryptedContentSz); - XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #ifdef WOLFSSL_SMALL_STACK XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - + return encryptedContentSz - padLen; } diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c index c20ea1f182..d0bf3a2068 100644 --- a/wolfcrypt/src/pwdbased.c +++ b/wolfcrypt/src/pwdbased.c @@ -403,8 +403,19 @@ int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen, return ret; } + int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt, int saltLen, int iterations, int kLen, int hashType, int id) +{ + return wc_PKCS12_PBKDF_ex(output, passwd, passLen, salt, saltLen, + iterations, kLen, hashType, id, NULL); +} + + +/* extended API that allows a heap hint to be used */ +int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen, + const byte* salt, int saltLen, int iterations, int kLen, + int hashType, int id, void* heap) { /* all in bytes instead of bits */ word32 u, v, dLen, pLen, iLen, sLen, totalLen; @@ -460,7 +471,7 @@ int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* sa totalLen = dLen + sLen + pLen; if (totalLen > sizeof(staticBuffer)) { - buffer = (byte*)XMALLOC(totalLen, 0, DYNAMIC_TYPE_KEY); + buffer = (byte*)XMALLOC(totalLen, heap, DYNAMIC_TYPE_KEY); if (buffer == NULL) { #ifdef WOLFSSL_SMALL_STACK XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -548,7 +559,7 @@ int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* sa mp_clear(&B1); } - if (dynamic) XFREE(buffer, 0, DYNAMIC_TYPE_KEY); + if (dynamic) XFREE(buffer, heap, DYNAMIC_TYPE_KEY); #ifdef WOLFSSL_SMALL_STACK XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER); diff --git a/wolfcrypt/src/rabbit.c b/wolfcrypt/src/rabbit.c index 4e51d30957..81258f66a6 100644 --- a/wolfcrypt/src/rabbit.c +++ b/wolfcrypt/src/rabbit.c @@ -200,10 +200,32 @@ static INLINE int DoKey(Rabbit* ctx, const byte* key, const byte* iv) } +int wc_Rabbit_SetHeap(Rabbit* ctx, void* heap) +{ + if (ctx == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef XSTREAM_ALIGN + ctx->heap = heap; +#endif + + (void)heap; + return 0; +} + + /* Key setup */ int wc_RabbitSetKey(Rabbit* ctx, const byte* key, const byte* iv) { #ifdef XSTREAM_ALIGN + /* default heap to NULL or heap test value */ + #ifdef WOLFSSL_HEAP_TEST + ctx->heap = (void*)WOLFSSL_HEAP_TEST; + #else + ctx->heap = NULL; + #endif /* WOLFSSL_HEAP_TEST */ + if ((wolfssl_word)key % 4) { int alignKey[4]; @@ -289,14 +311,14 @@ int wc_RabbitProcess(Rabbit* ctx, byte* output, const byte* input, word32 msglen byte* tmp; WOLFSSL_MSG("wc_RabbitProcess unaligned"); - tmp = (byte*)XMALLOC(msglen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmp = (byte*)XMALLOC(msglen, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) return MEMORY_E; XMEMCPY(tmp, input, msglen); DoProcess(ctx, tmp, tmp, msglen); XMEMCPY(output, tmp, msglen); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); return 0; #else diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 86ce4357ef..6c0a0a667f 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -492,16 +492,23 @@ static int Hash_DRBG_Uninstantiate(DRBG* drbg) /* Get seed and key cipher */ -int wc_InitRng(WC_RNG* rng) +int wc_InitRng_ex(WC_RNG* rng, void* heap) { int ret = BAD_FUNC_ARG; if (rng != NULL) { +#ifdef WOLFSSL_HEAP_TEST + rng->heap = (void*)WOLFSSL_HEAP_TEST; + (void)heap; +#else + rng->heap = heap; +#endif if (wc_RNG_HealthTestLocal(0) == 0) { byte entropy[ENTROPY_NONCE_SZ]; rng->drbg = - (struct DRBG*)XMALLOC(sizeof(DRBG), NULL, DYNAMIC_TYPE_RNG); + (struct DRBG*)XMALLOC(sizeof(DRBG), rng->heap, + DYNAMIC_TYPE_RNG); if (rng->drbg == NULL) { ret = MEMORY_E; } @@ -543,6 +550,11 @@ int wc_InitRng(WC_RNG* rng) return ret; } +int wc_InitRng(WC_RNG* rng) +{ + return wc_InitRng_ex(rng, NULL); +} + /* place a generated block in output */ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) @@ -611,7 +623,7 @@ int wc_FreeRng(WC_RNG* rng) else ret = RNG_FAILURE_E; - XFREE(rng->drbg, NULL, DYNAMIC_TYPE_RNG); + XFREE(rng->drbg, rng->heap, DYNAMIC_TYPE_RNG); rng->drbg = NULL; } diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 085cc4302f..d1ef51593a 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -230,7 +230,7 @@ int wc_FreeRsaKey(RsaKey* key) outSz: size of output buffer */ static int wc_MGF1(enum wc_HashType hType, byte* seed, word32 seedSz, - byte* out, word32 outSz) + byte* out, word32 outSz, void* heap) { byte* tmp; /* needs to be large enough for seed size plus counter(4) */ @@ -255,7 +255,7 @@ static int wc_MGF1(enum wc_HashType hType, byte* seed, word32 seedSz, /* find largest amount of memory needed which will be the max of * hLen and (seedSz + 4) since tmp is used to store the hash digest */ tmpSz = ((seedSz + 4) > (word32)hLen)? seedSz + 4: (word32)hLen; - tmp = (byte*)XMALLOC(tmpSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmp = (byte*)XMALLOC(tmpSz, heap, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) { return MEMORY_E; } @@ -282,7 +282,7 @@ static int wc_MGF1(enum wc_HashType hType, byte* seed, word32 seedSz, if ((ret = wc_Hash(hType, tmp, (seedSz + 4), tmp, tmpSz)) != 0) { /* check for if dynamic memory was needed, then free */ if (tmpF) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER); } return ret; } @@ -296,7 +296,7 @@ static int wc_MGF1(enum wc_HashType hType, byte* seed, word32 seedSz, /* check for if dynamic memory was needed, then free */ if (tmpF) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER); } return 0; @@ -307,29 +307,32 @@ static int wc_MGF1(enum wc_HashType hType, byte* seed, word32 seedSz, switeched on type input */ static int wc_MGF(int type, byte* seed, word32 seedSz, - byte* out, word32 outSz) + byte* out, word32 outSz, void* heap) { int ret; switch(type) { #ifndef NO_SHA case WC_MGF1SHA1: - ret = wc_MGF1(WC_HASH_TYPE_SHA, seed, seedSz, out, outSz); + ret = wc_MGF1(WC_HASH_TYPE_SHA, seed, seedSz, out, outSz, heap); break; #endif #ifndef NO_SHA256 case WC_MGF1SHA256: - ret = wc_MGF1(WC_HASH_TYPE_SHA256, seed, seedSz, out, outSz); + ret = wc_MGF1(WC_HASH_TYPE_SHA256, seed, seedSz, + out, outSz, heap); break; #endif #ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_SHA384 case WC_MGF1SHA384: - ret = wc_MGF1(WC_HASH_TYPE_SHA384, seed, seedSz, out, outSz); + ret = wc_MGF1(WC_HASH_TYPE_SHA384, seed, seedSz, + out, outSz, heap); break; #endif case WC_MGF1SHA512: - ret = wc_MGF1(WC_HASH_TYPE_SHA512, seed, seedSz, out, outSz); + ret = wc_MGF1(WC_HASH_TYPE_SHA512, seed, seedSz, + out, outSz, heap); break; #endif default: @@ -342,14 +345,16 @@ static int wc_MGF(int type, byte* seed, word32 seedSz, (void)seedSz; (void)out; (void)outSz; + (void)heap; return ret; } static int wc_RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, - word32 pkcsBlockLen, byte padValue, WC_RNG* rng, - enum wc_HashType hType, int mgf, byte* optLabel, word32 labelLen) + word32 pkcsBlockLen, byte padValue, WC_RNG* rng, + enum wc_HashType hType, int mgf, byte* optLabel, + word32 labelLen, void* heap) { int ret; int hLen; @@ -464,7 +469,7 @@ static int wc_RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, } /* create maskedDB from dbMask */ - dbMask = (byte*)XMALLOC(pkcsBlockLen - hLen - 1, NULL, DYNAMIC_TYPE_RSA); + dbMask = (byte*)XMALLOC(pkcsBlockLen - hLen - 1, heap, DYNAMIC_TYPE_RSA); if (dbMask == NULL) { #ifdef WOLFSSL_SMALL_STACK XFREE(lHash, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -474,9 +479,9 @@ static int wc_RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, } XMEMSET(dbMask, 0, pkcsBlockLen - hLen - 1); /* help static analyzer */ - ret = wc_MGF(mgf, seed, hLen, dbMask, pkcsBlockLen - hLen - 1); + ret = wc_MGF(mgf, seed, hLen, dbMask, pkcsBlockLen - hLen - 1, heap); if (ret != 0) { - XFREE(dbMask, NULL, DYNAMIC_TYPE_RSA); + XFREE(dbMask, heap, DYNAMIC_TYPE_RSA); #ifdef WOLFSSL_SMALL_STACK XFREE(lHash, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -490,7 +495,7 @@ static int wc_RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, pkcsBlock[idx] = dbMask[i++] ^ pkcsBlock[idx]; idx++; } - XFREE(dbMask, NULL, DYNAMIC_TYPE_RSA); + XFREE(dbMask, heap, DYNAMIC_TYPE_RSA); /* create maskedSeed from seedMask */ @@ -498,7 +503,7 @@ static int wc_RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, pkcsBlock[idx++] = 0x00; /* create seedMask inline */ if ((ret = wc_MGF(mgf, pkcsBlock + hLen + 1, pkcsBlockLen - hLen - 1, - pkcsBlock + 1, hLen)) != 0) { + pkcsBlock + 1, hLen, heap)) != 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(lHash, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -572,8 +577,9 @@ static int wc_RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, #ifndef WC_NO_RSA_OAEP /* helper function to direct which padding is used */ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock, - word32 pkcsBlockLen, byte padValue, WC_RNG* rng, int padType, - enum wc_HashType hType, int mgf, byte* optLabel, word32 labelLen) + word32 pkcsBlockLen, byte padValue, WC_RNG* rng, + int padType, enum wc_HashType hType, int mgf, + byte* optLabel, word32 labelLen, void* heap) { int ret; @@ -588,7 +594,7 @@ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock, case WC_RSA_OAEP_PAD: WOLFSSL_MSG("wolfSSL Using RSA OAEP padding"); ret = wc_RsaPad_OAEP(input, inputLen, pkcsBlock, pkcsBlockLen, - padValue, rng, hType, mgf, optLabel, labelLen); + padValue, rng, hType, mgf, optLabel, labelLen, heap); break; default: @@ -602,6 +608,7 @@ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock, (void)mgf; (void)optLabel; (void)labelLen; + (void)heap; return ret; } @@ -611,7 +618,7 @@ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock, * < 0 on error */ static int wc_RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen, byte **output, enum wc_HashType hType, int mgf, - byte* optLabel, word32 labelLen) + byte* optLabel, word32 labelLen, void* heap) { int hLen; int ret; @@ -624,7 +631,7 @@ static int wc_RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen, return BAD_FUNC_ARG; } - tmp = (byte*)XMALLOC(pkcsBlockLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmp = (byte*)XMALLOC(pkcsBlockLen, heap, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) { return MEMORY_E; } @@ -632,8 +639,8 @@ static int wc_RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen, /* find seedMask value */ if ((ret = wc_MGF(mgf, (byte*)(pkcsBlock + (hLen + 1)), - pkcsBlockLen - hLen - 1, tmp, hLen)) != 0) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pkcsBlockLen - hLen - 1, tmp, hLen, heap)) != 0) { + XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -644,8 +651,8 @@ static int wc_RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen, /* get dbMask value */ if ((ret = wc_MGF(mgf, tmp, hLen, tmp + hLen, - pkcsBlockLen - hLen - 1)) != 0) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pkcsBlockLen - hLen - 1, heap)) != 0) { + XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -655,7 +662,7 @@ static int wc_RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen, } /* done with use of tmp buffer */ - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER); /* advance idx to index of PS and msg separator */ idx = hLen + 2 + hLen; @@ -739,7 +746,7 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, /* helper function to direct unpadding */ static int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out, byte padValue, int padType, enum wc_HashType hType, - int mgf, byte* optLabel, word32 labelLen) + int mgf, byte* optLabel, word32 labelLen, void* heap) { int ret; @@ -753,7 +760,7 @@ static int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out, case WC_RSA_OAEP_PAD: WOLFSSL_MSG("wolfSSL Using RSA OAEP padding"); ret = wc_RsaUnPad_OAEP((byte*)pkcsBlock, pkcsBlockLen, out, - hType, mgf, optLabel, labelLen); + hType, mgf, optLabel, labelLen, heap); break; default: @@ -767,6 +774,7 @@ static int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out, (void)mgf; (void)optLabel; (void)labelLen; + (void)heap; return ret; } @@ -940,7 +948,7 @@ int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out, return RSA_BUFFER_E; ret = wc_RsaPad_ex(in, inLen, out, sz, RSA_BLOCK_TYPE_2, rng, - type, hash, mgf, label, labelSz); + type, hash, mgf, label, labelSz, key->heap); if (ret != 0) return ret; @@ -1017,7 +1025,7 @@ int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen, byte** out, } return wc_RsaUnPad_ex(in, inLen, out, RSA_BLOCK_TYPE_2, type, hash, mgf, - label, labelSz); + label, labelSz, key->heap); } #endif /* WC_NO_RSA_OAEP */ diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index e00af4bb7b..389540dc42 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -254,6 +254,13 @@ int wc_SrpInit(Srp* srp, SrpType type, SrpSide side) srp->keyGenFunc_cb = wc_SrpSetKey; + /* default heap hint to NULL or test value */ +#ifdef WOLFSSL_HEAP_TEST + srp->heap = (void*)WOLFSSL_HEAP_TEST; +#else + srp->heap = NULL; +#endif + return 0; } @@ -263,12 +270,18 @@ void wc_SrpTerm(Srp* srp) mp_clear(&srp->N); mp_clear(&srp->g); mp_clear(&srp->auth); mp_clear(&srp->priv); - ForceZero(srp->salt, srp->saltSz); - XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP); - ForceZero(srp->user, srp->userSz); - XFREE(srp->user, NULL, DYNAMIC_TYPE_SRP); - ForceZero(srp->key, srp->keySz); - XFREE(srp->key, NULL, DYNAMIC_TYPE_SRP); + if (srp->salt) { + ForceZero(srp->salt, srp->saltSz); + XFREE(srp->salt, srp->heap, DYNAMIC_TYPE_SRP); + } + if (srp->user) { + ForceZero(srp->user, srp->userSz); + XFREE(srp->user, srp->heap, DYNAMIC_TYPE_SRP); + } + if (srp->key) { + ForceZero(srp->key, srp->keySz); + XFREE(srp->key, srp->heap, DYNAMIC_TYPE_SRP); + } ForceZero(srp, sizeof(Srp)); } @@ -279,7 +292,7 @@ int wc_SrpSetUsername(Srp* srp, const byte* username, word32 size) if (!srp || !username) return BAD_FUNC_ARG; - srp->user = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_SRP); + srp->user = (byte*)XMALLOC(size, srp->heap, DYNAMIC_TYPE_SRP); if (srp->user == NULL) return MEMORY_E; @@ -322,10 +335,10 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, /* Set salt */ if (srp->salt) { ForceZero(srp->salt, srp->saltSz); - XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP); + XFREE(srp->salt, srp->heap, DYNAMIC_TYPE_SRP); } - srp->salt = (byte*)XMALLOC(saltSz, NULL, DYNAMIC_TYPE_SRP); + srp->salt = (byte*)XMALLOC(saltSz, srp->heap, DYNAMIC_TYPE_SRP); if (srp->salt == NULL) return MEMORY_E; @@ -538,7 +551,7 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size) byte counter[4]; int r = BAD_FUNC_ARG; - srp->key = (byte*)XMALLOC(2 * digestSz, NULL, DYNAMIC_TYPE_SRP); + srp->key = (byte*)XMALLOC(2 * digestSz, srp->heap, DYNAMIC_TYPE_SRP); if (srp->key == NULL) return MEMORY_E; @@ -599,11 +612,11 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, digestSz = SrpHashSize(srp->type); secretSz = mp_unsigned_bin_size(&srp->N); - if ((secret = (byte*)XMALLOC(secretSz, NULL, DYNAMIC_TYPE_SRP)) == NULL) + if ((secret = (byte*)XMALLOC(secretSz, srp->heap, DYNAMIC_TYPE_SRP)) ==NULL) return MEMORY_E; if ((r = mp_init_multi(&u, &s, &temp1, &temp2, 0, 0)) != MP_OKAY) { - XFREE(secret, NULL, DYNAMIC_TYPE_SRP); + XFREE(secret, srp->heap, DYNAMIC_TYPE_SRP); return r; } @@ -679,7 +692,7 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, if (!r) r = SrpHashUpdate(&srp->server_proof, clientPubKey, clientPubKeySz); - XFREE(secret, NULL, DYNAMIC_TYPE_SRP); + XFREE(secret, srp->heap, DYNAMIC_TYPE_SRP); mp_clear(&u); mp_clear(&s); mp_clear(&temp1); mp_clear(&temp2); return r; diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index ec5ec41496..402a8bfb31 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -40,28 +40,6 @@ #pragma warning(disable: 4996) #endif -#ifdef WOLFSSL_STATIC_MEMORY -#if defined(WOLFSSL_STATIC_MEMORY_SMALL) -static byte wc_staticMemory[54833]; -/* peak of one connection (10 concurent connections) plus 41 chunks of 64 byte - for structs */ -#elif defined(WOLFSSL_STATIC_MEMORY_MEDIUM) -static byte wc_staticMemory[941888]; -/* peak of one connection (520 concurent connections) plus 41 chunks of 64 byte - for structs */ -#elif defined(WOLFSSL_STATIC_MEMORY_LARGE) -static byte wc_staticMemory[1860992]; -/* peak of one connection (1040 concurent connections) plus 41 chunks of 64 byte - for structs */ -#elif defined(WOLFSSL_STATIC_MEMORY_HUGE) -static byte wc_staticMemory[3699200]; -/* peak of one connection (1040 concurent connections) plus 41 chunks of 64 byte - for structs */ -#else -static byte wc_staticMemory[0]; -#endif -#endif /* WOLFSSL_STATIC_MEMORY */ - /* prevent multiple mutex initializations */ static volatile int initRefCount = 0; @@ -93,13 +71,7 @@ int wolfCrypt_Init() #ifdef WOLFSSL_STATIC_MEMORY /* set static memory functions and load initial memory */ - wolfSSL_SetAllocators(wolfSSL_Malloc_Static, wolfSSL_Free_Static, - wolfSSL_Realloc_Static); - if (wolfSSL_load_static_memory(wc_staticMemory, - sizeof(wc_staticMemory)) != 1) { - WOLFSSL_MSG("Error setting up static memory"); - ret = WC_INIT_E; - } + wolfSSL_SetAllocators(wolfSSL_Malloc, wolfSSL_Free, wolfSSL_Realloc); #endif initRefCount = 1; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 3f13d7be4f..8af170df0a 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -32,6 +32,28 @@ #ifndef NO_CRYPT_TEST +#if defined(WOLFSSL_STATIC_MEMORY) + #ifndef HAVE_PKCS7 + #define USE_CERT_BUFFERS_1024 /* avoid dynamic memory from fopen */ + #endif + #include + #ifndef XMALLOC_USER + #define TEST_XMALLOC(s, h, t) XMALLOC((s),(h),(t)) + #define TEST_XFREE(p, h, t) XFREE((p),(h),(t)) + #endif + #ifdef WOLFSSL_HEAP_TEST + #define HEAP_HINT (void*)WOLFSSL_HEAP_TEST + #else + #define HEAP_HINT NULL + #endif +#else + /* only use XMALLOC and XFREE when testing static memory feature */ + #define TEST_XMALLOC(s, h, t) ((void)h, (void)t, malloc((s))) + #define TEST_XFREE(p, h, t) {void* xp = (p); if((xp)) free((xp));} + #define HEAP_HINT NULL +#endif /* WOLFSSL_STATIC_MEMORY */ + + #ifdef WOLFSSL_TEST_CERT #include #else @@ -84,10 +106,6 @@ #ifdef HAVE_FIPS #include #endif -#if defined(WOLFSSL_STATIC_MEMORY) - #define USE_CERT_BUFFERS_1024 /* avoid dynamic memory from fopen */ - #include -#endif #ifdef _MSC_VER /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ @@ -697,47 +715,6 @@ static int OpenNitroxDevice(int dma_mode,int dev_id) #ifdef WOLFSSL_STATIC_MEMORY int memory_test() { - byte buf[320]; - byte *pt; - const char msg[] = "Hello wolfSSL"; - const char msg2[] = "Hello wolfSSL in Bozeman, Montana"; - int ret; - word32 amt; - - XMEMSET(buf, 0, sizeof(buf)); - - ret = wolfSSL_load_static_memory(buf, sizeof(buf)); - if (ret != 1) { - return -511; - } - - pt = (byte*)XMALLOC(sizeof(msg), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (pt == NULL) { - return -512; - } - - if (wolfSSL_static_memory_inUse() <= sizeof(msg)) { - return -513; - } - - XMEMCPY(pt, msg, sizeof(msg)); - - pt = (byte*)XREALLOC(pt, sizeof(msg2), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (pt == NULL) { - return -514; - } - - if (XMEMCMP(pt, msg, sizeof(msg))) { - return -515; - } - - XMEMCPY(pt, msg2, sizeof(msg2)); - XFREE(pt, NULL, DYNAMIC_TYPE_TMP_BUFFER); - ret = wolfSSL_unload_static_memory(buf, sizeof(buf), &amt); - if (ret != 1 || amt < sizeof(buf)) { - return -516; - } - return 0; } #endif /* WOLFSSL_STATIC_MEMORY */ @@ -1929,8 +1906,14 @@ int hc128_test(void) /* align input */ memcpy(plain, test_hc128[i].input, test_hc128[i].outLen); - wc_Hc128_Process(&enc, cipher, plain, (word32)test_hc128[i].outLen); - wc_Hc128_Process(&dec, plain, cipher, (word32)test_hc128[i].outLen); + if (wc_Hc128_Process(&enc, cipher, plain, + (word32)test_hc128[i].outLen) != 0) { + return -110; + } + if (wc_Hc128_Process(&dec, plain, cipher, + (word32)test_hc128[i].outLen) != 0) { + return -115; + } if (memcmp(plain, test_hc128[i].input, test_hc128[i].outLen)) return -120 - i; @@ -4009,7 +3992,7 @@ int certext_test(void) byte kid_ca[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54" "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0"; - tmp = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmp = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) return -200; @@ -4020,7 +4003,7 @@ int certext_test(void) file = fopen("./othercert.der", "rb"); #endif if (!file) { - XFREE(tmp, NULL ,DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); return -200; } @@ -4071,7 +4054,7 @@ int certext_test(void) file = fopen("./certecc.der", "rb"); #endif if (!file) { - XFREE(tmp, NULL ,DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); return -210; } @@ -4125,7 +4108,7 @@ int certext_test(void) file = fopen("./cert.der", "rb"); #endif if (!file) { - XFREE(tmp, NULL ,DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); return -220; } @@ -4170,7 +4153,7 @@ int certext_test(void) #endif FreeDecodedCert(&cert); - XFREE(tmp, NULL ,DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); return 0; } @@ -4198,7 +4181,7 @@ int rsa_test(void) DecodedCert cert; #endif - tmp = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmp = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) return -40; @@ -4214,7 +4197,7 @@ int rsa_test(void) if (!file) { err_sys("can't open ./certs/client-key.der, " "Please run from wolfSSL home dir", -40); - XFREE(tmp, NULL ,DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); return -40; } @@ -4226,48 +4209,48 @@ int rsa_test(void) wc_RsaInitCavium(&key, CAVIUM_DEV_ID); #endif - ret = wc_InitRsaKey(&key, 0); + ret = wc_InitRsaKey(&key, HEAP_HINT); if (ret != 0) { - XFREE(tmp, NULL ,DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); return -39; } ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes); if (ret != 0) { - XFREE(tmp, NULL ,DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); return -41; } ret = wc_InitRng(&rng); if (ret != 0) { - XFREE(tmp, NULL ,DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); return -42; } ret = wc_RsaPublicEncrypt(in, inLen, out, sizeof(out), &key, &rng); if (ret < 0) { - XFREE(tmp, NULL ,DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); return -43; } ret = wc_RsaPrivateDecrypt(out, ret, plain, sizeof(plain), &key); if (ret < 0) { - XFREE(tmp, NULL ,DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); return -44; } if (memcmp(plain, in, inLen)) { - XFREE(tmp, NULL ,DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); return -45; } ret = wc_RsaSSL_Sign(in, inLen, out, sizeof(out), &key, &rng); if (ret < 0) { - XFREE(tmp, NULL ,DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); return -46; } memset(plain, 0, sizeof(plain)); ret = wc_RsaSSL_Verify(out, ret, plain, sizeof(plain), &key); if (ret < 0) { - XFREE(tmp, NULL ,DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); return -47; } if (memcmp(plain, in, ret)) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -48; } @@ -4280,17 +4263,17 @@ int rsa_test(void) ret = wc_RsaPublicEncrypt_ex(in, inLen, out, sizeof(out), &key, &rng, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0); if (ret < 0) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -143; } ret = wc_RsaPrivateDecrypt_ex(out, ret, plain, sizeof(plain), &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0); if (ret < 0) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -144; } if (XMEMCMP(plain, in, inLen)) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -145; } #endif /* NO_SHA */ @@ -4300,17 +4283,17 @@ int rsa_test(void) ret = wc_RsaPublicEncrypt_ex(in, inLen, out, sizeof(out), &key, &rng, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0); if (ret < 0) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -243; } ret = wc_RsaPrivateDecrypt_ex(out, ret, plain, sizeof(plain), &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0); if (ret < 0) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -244; } if (XMEMCMP(plain, in, inLen)) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -245; } @@ -4319,13 +4302,13 @@ int rsa_test(void) ret = wc_RsaPublicEncrypt_ex(in, inLen, out, sizeof(out), &key, &rng, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0); if (ret < 0) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -246; } ret = wc_RsaPrivateDecrypt_ex(out, ret, plain, sizeof(plain), &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, sizeof(in)); if (ret > 0) { /* in this case decrypt should fail */ - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -247; } @@ -4334,17 +4317,17 @@ int rsa_test(void) ret = wc_RsaPublicEncrypt_ex(in, inLen, out, sizeof(out), &key, &rng, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, sizeof(in)); if (ret < 0) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -248; } ret = wc_RsaPrivateDecrypt_ex(out, ret, plain, sizeof(plain), &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, sizeof(in)); if (ret < 0) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -249; } if (XMEMCMP(plain, in, inLen)) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -250; } @@ -4354,13 +4337,13 @@ int rsa_test(void) ret = wc_RsaPublicEncrypt_ex(in, inLen, out, sizeof(out), &key, &rng, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, in, sizeof(in)); if (ret < 0) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -251; } ret = wc_RsaPrivateDecrypt_ex(out, ret, plain, sizeof(plain), &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, sizeof(in)); if (ret > 0) { /* should fail */ - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); return -252; } #endif /* NO_SHA*/ @@ -4376,17 +4359,17 @@ int rsa_test(void) ret = wc_RsaPublicEncrypt_ex(in, inLen, out, sizeof(out), &key, &rng, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0); if (ret < 0) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -343; } ret = wc_RsaPrivateDecrypt_ex(out, ret, plain, sizeof(plain), &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0); if (ret < 0) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -344; } if (XMEMCMP(plain, in, inLen)) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -345; } } @@ -4397,17 +4380,17 @@ int rsa_test(void) ret = wc_RsaPublicEncrypt_ex(in, inLen, out, sizeof(out), &key, &rng, WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0); if (ret < 0) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -443; } ret = wc_RsaPrivateDecrypt_ex(out, ret, plain, sizeof(plain), &key, WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0); if (ret < 0) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -444; } if (XMEMCMP(plain, in, inLen)) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -445; } #endif /* !HAVE_FAST_RSA && !HAVE_FIPS */ @@ -4426,7 +4409,7 @@ int rsa_test(void) #else file2 = fopen(clientCert, "rb"); if (!file2) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -49; } @@ -4462,7 +4445,7 @@ int rsa_test(void) if (!file) { err_sys("can't open ./certs/client-keyPub.der, " "Please run from wolfSSL home dir", -40); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -50; } @@ -4472,14 +4455,14 @@ int rsa_test(void) ret = wc_InitRsaKey(&keypub, 0); if (ret != 0) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -51; } idx = 0; ret = wc_RsaPublicKeyDecode(tmp, &idx, &keypub, (word32)bytes); if (ret != 0) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRsaKey(&keypub); return -52; } @@ -4498,34 +4481,34 @@ int rsa_test(void) ret = wc_InitRsaKey(&genKey, 0); if (ret != 0) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -300; } ret = wc_MakeRsaKey(&genKey, 1024, 65537, &rng); if (ret != 0) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -301; } - der = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + der = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRsaKey(&genKey); return -307; } - pem = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pem = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRsaKey(&genKey); return -308; } derSz = wc_RsaKeyToDer(&genKey, der, FOURK_BUF); if (derSz < 0) { - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -302; } @@ -4535,27 +4518,27 @@ int rsa_test(void) keyFile = fopen("./key.der", "wb"); #endif if (!keyFile) { - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRsaKey(&genKey); return -303; } ret = (int)fwrite(der, 1, derSz, keyFile); fclose(keyFile); if (ret != derSz) { - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRsaKey(&genKey); return -313; } pemSz = wc_DerToPem(der, derSz, pem, FOURK_BUF, PRIVATEKEY_TYPE); if (pemSz < 0) { - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRsaKey(&genKey); return -304; } @@ -4566,36 +4549,36 @@ int rsa_test(void) pemFile = fopen("./key.pem", "wb"); #endif if (!pemFile) { - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRsaKey(&genKey); return -305; } ret = (int)fwrite(pem, 1, pemSz, pemFile); fclose(pemFile); if (ret != pemSz) { - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRsaKey(&genKey); return -314; } ret = wc_InitRsaKey(&derIn, 0); if (ret != 0) { - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRsaKey(&genKey); return -3060; } idx = 0; ret = wc_RsaPrivateKeyDecode(der, &idx, &derIn, derSz); if (ret != 0) { - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRsaKey(&derIn); wc_FreeRsaKey(&genKey); return -306; @@ -4603,8 +4586,8 @@ int rsa_test(void) wc_FreeRsaKey(&derIn); wc_FreeRsaKey(&genKey); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } #endif /* WOLFSSL_KEY_GEN */ @@ -4622,15 +4605,15 @@ int rsa_test(void) DecodedCert decode; #endif - derCert = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + derCert = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (derCert == NULL) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -309; } - pem = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pem = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -310; } @@ -4656,34 +4639,34 @@ int rsa_test(void) /* add SKID from the Public Key */ if (wc_SetSubjectKeyIdFromPublicKey(&myCert, &keypub, NULL) != 0) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -398; } /* add AKID from the Public Key */ if (wc_SetAuthKeyIdFromPublicKey(&myCert, &keypub, NULL) != 0) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -399; } /* add Key Usage */ if (wc_SetKeyUsage(&myCert,"cRLSign,keyCertSign") != 0) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -400; } #endif /* WOLFSSL_CERT_EXT */ certSz = wc_MakeSelfCert(&myCert, derCert, FOURK_BUF, &key, &rng); if (certSz < 0) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -401; } @@ -4691,9 +4674,9 @@ int rsa_test(void) InitDecodedCert(&decode, derCert, certSz, 0); ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -402; } FreeDecodedCert(&decode); @@ -4705,25 +4688,25 @@ int rsa_test(void) derFile = fopen("./cert.der", "wb"); #endif if (!derFile) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -403; } ret = (int)fwrite(derCert, 1, certSz, derFile); fclose(derFile); if (ret != certSz) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -414; } pemSz = wc_DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE); if (pemSz < 0) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -404; } @@ -4733,21 +4716,21 @@ int rsa_test(void) pemFile = fopen("./cert.pem", "wb"); #endif if (!pemFile) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -405; } ret = (int)fwrite(pem, 1, pemSz, pemFile); fclose(pemFile); if (ret != pemSz) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -406; } - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } /* CA style */ { @@ -4766,24 +4749,24 @@ int rsa_test(void) DecodedCert decode; #endif - derCert = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + derCert = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (derCert == NULL) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -311; } - pem = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pem = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -312; } file3 = fopen(caKeyFile, "rb"); if (!file3) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -412; } @@ -4792,16 +4775,16 @@ int rsa_test(void) ret = wc_InitRsaKey(&caKey, 0); if (ret != 0) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -411; } ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3); if (ret != 0) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRsaKey(&caKey); return -413; } @@ -4828,43 +4811,43 @@ int rsa_test(void) /* add SKID from the Public Key */ if (wc_SetSubjectKeyIdFromPublicKey(&myCert, &key, NULL) != 0) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -398; } /* add AKID from the CA certificate */ if (wc_SetAuthKeyId(&myCert, caCertFile) != 0) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -399; } /* add Key Usage */ if (wc_SetKeyUsage(&myCert,"keyEncipherment,keyAgreement") != 0) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -400; } #endif /* WOLFSSL_CERT_EXT */ ret = wc_SetIssuer(&myCert, caCertFile); if (ret < 0) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRsaKey(&caKey); return -405; } certSz = wc_MakeCert(&myCert, derCert, FOURK_BUF, &key, NULL, &rng); if (certSz < 0) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRsaKey(&caKey); return -407; } @@ -4872,9 +4855,9 @@ int rsa_test(void) certSz = wc_SignCert(myCert.bodySz, myCert.sigType, derCert, FOURK_BUF, &caKey, NULL, &rng); if (certSz < 0) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRsaKey(&caKey); return -408; } @@ -4883,9 +4866,9 @@ int rsa_test(void) InitDecodedCert(&decode, derCert, certSz, 0); ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRsaKey(&caKey); return -409; } @@ -4898,27 +4881,27 @@ int rsa_test(void) derFile = fopen("./othercert.der", "wb"); #endif if (!derFile) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRsaKey(&caKey); return -410; } ret = (int)fwrite(derCert, 1, certSz, derFile); fclose(derFile); if (ret != certSz) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRsaKey(&caKey); return -416; } pemSz = wc_DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE); if (pemSz < 0) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRsaKey(&caKey); return -411; } @@ -4929,24 +4912,24 @@ int rsa_test(void) pemFile = fopen("./othercert.pem", "wb"); #endif if (!pemFile) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRsaKey(&caKey); return -412; } ret = (int)fwrite(pem, 1, pemSz, pemFile); if (ret != pemSz) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); fclose(pemFile); wc_FreeRsaKey(&caKey); return -415; } fclose(pemFile); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRsaKey(&caKey); } #ifdef HAVE_ECC @@ -4970,24 +4953,24 @@ int rsa_test(void) DecodedCert decode; #endif - derCert = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + derCert = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (derCert == NULL) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -5311; } - pem = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pem = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -5312; } file3 = fopen(eccCaKeyFile, "rb"); if (!file3) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -5412; } @@ -4997,9 +4980,9 @@ int rsa_test(void) wc_ecc_init(&caKey); ret = wc_EccPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3); if (ret != 0) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -5413; } @@ -5025,9 +5008,9 @@ int rsa_test(void) file3 = fopen(eccCaKeyPubFile, "rb"); if (!file3) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -5500; } @@ -5036,36 +5019,36 @@ int rsa_test(void) wc_ecc_init(&caKeyPub); if (ret != 0) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -5501; } idx3 = 0; ret = wc_EccPublicKeyDecode(tmp, &idx3, &caKeyPub, (word32)bytes3); if (ret != 0) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_ecc_free(&caKeyPub); return -5502; } /* add SKID from the Public Key */ if (wc_SetSubjectKeyIdFromPublicKey(&myCert, &key, NULL) != 0) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_ecc_free(&caKeyPub); return -5503; } /* add AKID from the Public Key */ if (wc_SetAuthKeyIdFromPublicKey(&myCert, NULL, &caKeyPub) != 0) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_ecc_free(&caKeyPub); return -5504; } @@ -5073,38 +5056,38 @@ int rsa_test(void) /* add Key Usage */ if (wc_SetKeyUsage(&myCert,"digitalSignature,nonRepudiation") != 0) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -5505; } #endif /* WOLFSSL_CERT_EXT */ ret = wc_SetIssuer(&myCert, eccCaCertFile); if (ret < 0) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_ecc_free(&caKey); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -5405; } certSz = wc_MakeCert(&myCert, derCert, FOURK_BUF, &key, NULL, &rng); if (certSz < 0) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_ecc_free(&caKey); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -5407; } certSz = wc_SignCert(myCert.bodySz, myCert.sigType, derCert, FOURK_BUF, NULL, &caKey, &rng); if (certSz < 0) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_ecc_free(&caKey); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -5408; } @@ -5112,9 +5095,9 @@ int rsa_test(void) InitDecodedCert(&decode, derCert, certSz, 0); ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_ecc_free(&caKey); return -5409; } @@ -5127,28 +5110,28 @@ int rsa_test(void) derFile = fopen("./certecc.der", "wb"); #endif if (!derFile) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_ecc_free(&caKey); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -5410; } ret = (int)fwrite(derCert, 1, certSz, derFile); fclose(derFile); if (ret != certSz) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_ecc_free(&caKey); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -5414; } pemSz = wc_DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE); if (pemSz < 0) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_ecc_free(&caKey); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -5411; } @@ -5158,18 +5141,18 @@ int rsa_test(void) pemFile = fopen("./certecc.pem", "wb"); #endif if (!pemFile) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_ecc_free(&caKey); XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); return -5412; } ret = (int)fwrite(pem, 1, pemSz, pemFile); if (ret != pemSz) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_ecc_free(&caKey); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -5415; } @@ -5195,15 +5178,15 @@ int rsa_test(void) #ifdef WOLFSSL_TEST_CERT DecodedCert decode; #endif - derCert = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + derCert = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (derCert == NULL) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -311; } - pem = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pem = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -312; } @@ -5218,9 +5201,9 @@ int rsa_test(void) word32 rc = ntru_crypto_drbg_instantiate(112, pers_str, sizeof(pers_str), GetEntropy, &drbg); if (rc != DRBG_OK) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -448; } @@ -5228,9 +5211,9 @@ int rsa_test(void) &public_key_len, NULL, &private_key_len, NULL); if (rc != NTRU_OK) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -449; } @@ -5238,27 +5221,27 @@ int rsa_test(void) &public_key_len, public_key, &private_key_len, private_key); if (rc != NTRU_OK) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -450; } rc = ntru_crypto_drbg_uninstantiate(drbg); if (rc != NTRU_OK) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -451; } caFile = fopen(caKeyFile, "rb"); if (!caFile) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -452; } @@ -5267,16 +5250,16 @@ int rsa_test(void) ret = wc_InitRsaKey(&caKey, 0); if (ret != 0) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -453; } ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes); if (ret != 0) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -454; } @@ -5295,46 +5278,46 @@ int rsa_test(void) /* add SKID from the Public Key */ if (wc_SetSubjectKeyIdFromNtruPublicKey(&myCert, public_key, public_key_len) != 0) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -496; } /* add AKID from the CA certificate */ if (wc_SetAuthKeyId(&myCert, caCertFile) != 0) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -495; } /* add Key Usage */ if (wc_SetKeyUsage(&myCert,"digitalSignature,nonRepudiation," "keyEncipherment,keyAgreement") != 0) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -494; } #endif /* WOLFSSL_CERT_EXT */ ret = wc_SetIssuer(&myCert, caCertFile); if (ret < 0) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRsaKey(&caKey); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -455; } certSz = wc_MakeNtruCert(&myCert, derCert, FOURK_BUF, public_key, public_key_len, &rng); if (certSz < 0) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRsaKey(&caKey); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -456; } @@ -5342,9 +5325,9 @@ int rsa_test(void) &caKey, NULL, &rng); wc_FreeRsaKey(&caKey); if (certSz < 0) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -457; } @@ -5353,70 +5336,70 @@ int rsa_test(void) InitDecodedCert(&decode, derCert, certSz, 0); ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -458; } FreeDecodedCert(&decode); #endif derFile = fopen("./ntru-cert.der", "wb"); if (!derFile) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -459; } ret = (int)fwrite(derCert, 1, certSz, derFile); fclose(derFile); if (ret != certSz) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -473; } pemSz = wc_DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE); if (pemSz < 0) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -460; } pemFile = fopen("./ntru-cert.pem", "wb"); if (!pemFile) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -461; } ret = (int)fwrite(pem, 1, pemSz, pemFile); fclose(pemFile); if (ret != pemSz) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -474; } ntruPrivFile = fopen("./ntru-key.raw", "wb"); if (!ntruPrivFile) { - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -462; } ret = (int)fwrite(private_key, 1, private_key_len, ntruPrivFile); fclose(ntruPrivFile); if (ret != private_key_len) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -475; } - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } #endif /* HAVE_NTRU */ #ifdef WOLFSSL_CERT_REQ @@ -5428,15 +5411,15 @@ int rsa_test(void) int pemSz; FILE* reqFile; - der = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + der = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -463; } - pem = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pem = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -464; } @@ -5457,44 +5440,44 @@ int rsa_test(void) #ifdef WOLFSSL_CERT_EXT /* add SKID from the Public Key */ if (wc_SetSubjectKeyIdFromPublicKey(&req, &keypub, NULL) != 0) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -496; } /* add Key Usage */ if (wc_SetKeyUsage(&req,"digitalSignature,nonRepudiation," "keyEncipherment,keyAgreement") != 0) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -494; } #endif /* WOLFSSL_CERT_EXT */ derSz = wc_MakeCertReq(&req, der, FOURK_BUF, &key, NULL); if (derSz < 0) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -465; } derSz = wc_SignCert(req.bodySz, req.sigType, der, FOURK_BUF, &key, NULL, &rng); if (derSz < 0) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -466; } pemSz = wc_DerToPem(der, derSz, pem, FOURK_BUF, CERTREQ_TYPE); if (pemSz < 0) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -467; } @@ -5504,18 +5487,18 @@ int rsa_test(void) reqFile = fopen("./certreq.der", "wb"); #endif if (!reqFile) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -468; } ret = (int)fwrite(der, 1, derSz, reqFile); fclose(reqFile); if (ret != derSz) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -471; } @@ -5525,22 +5508,22 @@ int rsa_test(void) reqFile = fopen("./certreq.pem", "wb"); #endif if (!reqFile) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -469; } ret = (int)fwrite(pem, 1, pemSz, reqFile); fclose(reqFile); if (ret != pemSz) { - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -470; } - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } #endif /* WOLFSSL_CERT_REQ */ #endif /* WOLFSSL_CERT_GEN */ @@ -5552,7 +5535,7 @@ int rsa_test(void) #ifdef HAVE_CAVIUM wc_RsaFreeCavium(&key); #endif - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRng(&rng); return 0; @@ -5738,22 +5721,22 @@ int dsa_test(void) ret = wc_MakeDsaKey(&rng, &genKey); if (ret != 0) return -363; - der = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + der = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { wc_FreeDsaKey(&genKey); return -364; } - pem = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pem = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeDsaKey(&genKey); return -365; } derSz = wc_DsaKeyToDer(&genKey, der, FOURK_BUF); if (derSz < 0) { - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -366; } @@ -5763,24 +5746,24 @@ int dsa_test(void) keyFile = fopen("./key.der", "wb"); #endif if (!keyFile) { - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeDsaKey(&genKey); return -367; } ret = (int)fwrite(der, 1, derSz, keyFile); fclose(keyFile); if (ret != derSz) { - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeDsaKey(&genKey); return -368; } pemSz = wc_DerToPem(der, derSz, pem, FOURK_BUF, DSA_PRIVATEKEY_TYPE); if (pemSz < 0) { - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeDsaKey(&genKey); return -369; } @@ -5791,16 +5774,16 @@ int dsa_test(void) pemFile = fopen("./key.pem", "wb"); #endif if (!pemFile) { - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeDsaKey(&genKey); return -370; } ret = (int)fwrite(pem, 1, pemSz, pemFile); fclose(pemFile); if (ret != pemSz) { - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeDsaKey(&genKey); return -371; } @@ -5809,8 +5792,8 @@ int dsa_test(void) idx = 0; ret = wc_DsaPrivateKeyDecode(der, &idx, &derIn, derSz); if (ret != 0) { - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeDsaKey(&derIn); wc_FreeDsaKey(&genKey); return -373; @@ -5818,8 +5801,8 @@ int dsa_test(void) wc_FreeDsaKey(&derIn); wc_FreeDsaKey(&genKey); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } #endif /* WOLFSSL_KEY_GEN */ @@ -5887,6 +5870,11 @@ int srp_test(void) byte verifier[80]; word32 v_size = sizeof(verifier); + /* set as 0's so if second init on srv not called SrpTerm is not on + * garbage values */ + XMEMSET(&srv, 0, sizeof(Srp)); + XMEMSET(&cli, 0, sizeof(Srp)); + /* generating random salt */ r = generate_random_salt(salt, sizeof(salt)); @@ -6228,9 +6216,14 @@ int pkcs12_test(void) if (ret < 0) return -105; - if ( (ret = memcmp(derived, verify2, 24)) != 0) + ret = wc_PKCS12_PBKDF_ex(derived, passwd2, sizeof(passwd2), salt2, 8, + iterations, kLen, SHA256, id, HEAP_HINT); + if (ret < 0) return -106; + if ( (ret = memcmp(derived, verify2, 24)) != 0) + return -107; + return 0; } @@ -6682,7 +6675,6 @@ static int ecc_test_key_gen(WC_RNG* rng, int keySize) return 0; } #endif /* WOLFSSL_KEY_GEN */ - static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, int testCompressedKey) { @@ -7766,8 +7758,8 @@ int compress_test(void) byte *c = NULL; byte *d = NULL; - c = XMALLOC(cSz * sizeof(byte), NULL, DYNAMIC_TYPE_TMP_BUFFER); - d = XMALLOC(dSz * sizeof(byte), NULL, DYNAMIC_TYPE_TMP_BUFFER); + c = TEST_XMALLOC(cSz * sizeof(byte), NULL, DYNAMIC_TYPE_TMP_BUFFER); + d = TEST_XMALLOC(dSz * sizeof(byte), NULL, DYNAMIC_TYPE_TMP_BUFFER); /* follow calloc and initialize to 0 */ XMEMSET(c, 0, cSz); @@ -7790,8 +7782,8 @@ int compress_test(void) if (ret == 0 && memcmp(d, sample_text, dSz)) ret = -303; - if (c) XFREE(c, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (d) XFREE(d, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (c) TEST_XFREE(c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (d) TEST_XFREE(d, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -7825,20 +7817,20 @@ int pkcs7enveloped_test(void) }; /* read client cert and key in DER format */ - cert = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + cert = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (cert == NULL) return -201; - privKey = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + privKey =(byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (privKey == NULL) { - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -202; } certFile = fopen(clientCert, "rb"); if (!certFile) { - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(privKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); err_sys("can't open ./certs/client-cert.der, " "Please run from wolfSSL home dir", -42); return -42; @@ -7849,8 +7841,8 @@ int pkcs7enveloped_test(void) keyFile = fopen(clientKey, "rb"); if (!keyFile) { - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(privKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); err_sys("can't open ./certs/client-key.der, " "Please run from wolfSSL home dir", -43); return -43; @@ -7871,8 +7863,8 @@ int pkcs7enveloped_test(void) envelopedSz = wc_PKCS7_EncodeEnvelopedData(&pkcs7, enveloped, sizeof(enveloped)); if (envelopedSz <= 0) { - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(privKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -203; } @@ -7880,31 +7872,31 @@ int pkcs7enveloped_test(void) decodedSz = wc_PKCS7_DecodeEnvelopedData(&pkcs7, enveloped, envelopedSz, decoded, sizeof(decoded)); if (decodedSz <= 0) { - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(privKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -204; } /* test decode result */ if (memcmp(decoded, data, sizeof(data)) != 0) { - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(privKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -205; } /* output pkcs7 envelopedData for external testing */ pkcs7File = fopen(pkcs7OutFile, "wb"); if (!pkcs7File) { - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(privKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -206; } ret = (int)fwrite(enveloped, envelopedSz, 1, pkcs7File); fclose(pkcs7File); - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(privKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&pkcs7); if (ret > 0) @@ -7952,27 +7944,27 @@ int pkcs7signed_test(void) dataSz = (word32) strlen(data); outSz = FOURK_BUF; - certDer = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + certDer =(byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (certDer == NULL) return -207; - keyDer = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + keyDer = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (keyDer == NULL) { - XFREE(certDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -208; } - out = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + out = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (out == NULL) { - XFREE(certDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(keyDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(keyDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -209; } /* read in DER cert of recipient, into cert of size certSz */ file = fopen(clientCert, "rb"); if (!file) { - XFREE(certDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(keyDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(keyDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); err_sys("can't open ./certs/client-cert.der, " "Please run from wolfSSL home dir", -44); return -44; @@ -7982,9 +7974,9 @@ int pkcs7signed_test(void) file = fopen(clientKey, "rb"); if (!file) { - XFREE(certDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(keyDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(keyDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); err_sys("can't open ./certs/client-key.der, " "Please run from wolfSSL home dir", -45); return -45; @@ -7994,9 +7986,9 @@ int pkcs7signed_test(void) ret = wc_InitRng(&rng); if (ret != 0) { - XFREE(certDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(keyDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(keyDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -210; } @@ -8005,9 +7997,9 @@ int pkcs7signed_test(void) ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ); if (ret != 0) { - XFREE(certDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(keyDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(keyDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -211; } @@ -8031,9 +8023,9 @@ int pkcs7signed_test(void) ret = wc_InitSha(&sha); if (ret != 0) { - XFREE(certDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(keyDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(keyDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -4003; } wc_ShaUpdate(&sha, msg.publicKey, msg.publicKeySz); @@ -8045,9 +8037,9 @@ int pkcs7signed_test(void) } ret = wc_PKCS7_EncodeSignedData(&msg, out, outSz); if (ret < 0) { - XFREE(certDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(keyDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(keyDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&msg); return -212; } @@ -8057,18 +8049,18 @@ int pkcs7signed_test(void) /* write PKCS#7 to output file for more testing */ file = fopen("./pkcs7signedData.der", "wb"); if (!file) { - XFREE(certDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(keyDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(keyDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&msg); return -213; } ret = (int)fwrite(out, 1, outSz, file); fclose(file); if (ret != (int)outSz) { - XFREE(certDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(keyDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(keyDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&msg); return -218; } @@ -8078,35 +8070,35 @@ int pkcs7signed_test(void) ret = wc_PKCS7_VerifySignedData(&msg, out, outSz); if (ret < 0) { - XFREE(certDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(keyDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(keyDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&msg); return -214; } if (msg.singleCert == NULL || msg.singleCertSz == 0) { - XFREE(certDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(keyDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(keyDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&msg); return -215; } file = fopen("./pkcs7cert.der", "wb"); if (!file) { - XFREE(certDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(keyDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(keyDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&msg); return -216; } ret = (int)fwrite(msg.singleCert, 1, msg.singleCertSz, file); fclose(file); - XFREE(certDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(keyDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(keyDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(&msg); wc_FreeRng(&rng); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index c30c2beab2..45758bb5c1 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1495,6 +1495,7 @@ struct WOLFSSL_CRL { int mfd; /* monitor fd, -1 if no init yet */ int setup; /* thread is setup predicate */ #endif + void* heap; /* heap hint for dynamic memory */ }; @@ -1906,6 +1907,9 @@ WOLFSSL_LOCAL int wolfSSL_EventInit(WOLFSSL* ssl, WOLF_EVENT_TYPE type); WOLFSSL_LOCAL int wolfSSL_CTX_EventPush(WOLFSSL_CTX* ctx, WOLF_EVENT* event); #endif /* HAVE_WOLF_EVENT */ +#ifdef WOLFSSL_STATIC_MEMORY +WOLFSSL_LOCAL int wolfSSL_init_memory_heap(WOLFSSL_HEAP* heap); +#endif /* wolfSSL context type */ struct WOLFSSL_CTX { @@ -2030,7 +2034,9 @@ struct WOLFSSL_CTX { WOLFSSL_LOCAL -int InitSSL_Ctx(WOLFSSL_CTX*, WOLFSSL_METHOD*); +WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap); +WOLFSSL_LOCAL +int InitSSL_Ctx(WOLFSSL_CTX*, WOLFSSL_METHOD*, void* heap); WOLFSSL_LOCAL void FreeSSL_Ctx(WOLFSSL_CTX*); WOLFSSL_LOCAL @@ -2518,6 +2524,7 @@ struct WOLFSSL_X509 { #endif DNS_entry* altNames; /* alt names list */ DNS_entry* altNamesNext; /* hint for retrieval */ + void* heap; /* heap hint */ byte dynamicMemory; /* dynamic memory flag */ byte isCa; #ifdef OPENSSL_EXTRA @@ -2656,6 +2663,9 @@ struct WOLFSSL { void* verifyCbCtx; /* cert verify callback user ctx*/ VerifyCallback verifyCallback; /* cert verification callback */ void* heap; /* for user overrides */ +#ifdef WOLFSSL_STATIC_MEMORY + WOLFSSL_HEAP_HINT heap_hint; +#endif #ifndef NO_HANDSHAKE_DONE_CB HandShakeDoneCb hsDoneCb; /* notify user handshake done */ void* hsDoneCtx; /* user handshake cb context */ @@ -2835,7 +2845,7 @@ int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*); WOLFSSL_LOCAL int InitSSL(WOLFSSL*, WOLFSSL_CTX*); WOLFSSL_LOCAL -void FreeSSL(WOLFSSL*); +void FreeSSL(WOLFSSL*, void* heap); WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */ @@ -3070,8 +3080,8 @@ WOLFSSL_LOCAL word32 LowResTimer(void); #ifndef NO_CERTS WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int); - WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name); - WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int); + WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap); + WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int, void* heap); WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*); WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*); #endif diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 2d03151675..671f040402 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -219,6 +219,27 @@ WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method(void); #endif +#ifdef WOLFSSL_STATIC_MEMORY +typedef WOLFSSL_METHOD* (*wolfSSLStaticMethod)(void*); +WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_static(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_static(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_static(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_static(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_static(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_static(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_static(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_static(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_static(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_client_static(void* heap); + +#ifdef WOLFSSL_DTLS + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_static(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_server_static(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_static(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_static(void* heap); +#endif +#endif /* WOLFSSL_STATIC_MEMORY */ + #ifdef HAVE_POLY1305 WOLFSSL_API int wolfSSL_use_old_poly(WOLFSSL*, int); #endif @@ -237,6 +258,19 @@ WOLFSSL_API int wolfSSL_dtls_export(WOLFSSL* ssl, unsigned char* buf, #endif /* WOLFSSL_DTLS */ #endif /* WOLFSSL_SESSION_EXPORT */ +#ifdef WOLFSSL_STATIC_MEMORY +typedef struct WOLFSSL_MEM_STATS WOLFSSL_MEM_STATS; +typedef struct WOLFSSL_MEM_CONN_STATS WOLFSSL_MEM_CONN_STATS; +WOLFSSL_API int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx, + wolfSSLStaticMethod method, + unsigned char* buf, unsigned int sz, + int flag, int max); +WOLFSSL_API int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx, + WOLFSSL_MEM_STATS* mem_stats); +WOLFSSL_API int wolfSSL_is_static_memory(WOLFSSL* ssl, + WOLFSSL_MEM_CONN_STATS* mem_stats); +#endif + #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) WOLFSSL_API int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX*, const char*, int); @@ -1284,6 +1318,7 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl); #ifndef NO_CERTS WOLFSSL_API void wolfSSL_CTX_SetCACb(WOLFSSL_CTX*, CallbackCACache); + WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap); WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void); WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER*); diff --git a/wolfssl/test.h b/wolfssl/test.h index 2382db453b..e8a5d3c9a4 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -1587,6 +1587,30 @@ static INLINE void FreeAtomicUser(WOLFSSL* ssl) #endif /* ATOMIC_USER */ +#ifdef WOLFSSL_STATIC_MEMORY +static INLINE int wolfSSL_PrintStats(WOLFSSL_MEM_STATS* stats) +{ + word16 i; + + if (stats == NULL) { + return 0; + } + + fprintf(stderr, "Total mallocs = %d\n", stats->totalAlloc); + fprintf(stderr, "Total frees = %d\n", stats->totalFr); + fprintf(stderr, "Current mallocs = %d\n", stats->curAlloc); + fprintf(stderr, "Available IO = %d\n", stats->avaIO); + fprintf(stderr, "Max con. handshakes = %d\n", stats->maxHa); + fprintf(stderr, "Max con. IO = %d\n", stats->maxIO); + fprintf(stderr, "State of memory blocks: size : available \n"); + for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) { + fprintf(stderr, " : %d\t : %d\n", stats->blockSz[i], + stats->avaBlock[i]); + } + + return 1; +} +#endif /* WOLFSSL_STATIC_MEMORY */ #ifdef HAVE_PK_CALLBACKS diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index 1e1a061c57..a80223b38f 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -119,6 +119,7 @@ typedef struct Aes { #ifdef WOLFSSL_TI_CRYPT int keylen ; #endif + void* heap; /* memory hint to use */ } Aes; @@ -129,6 +130,7 @@ typedef struct Gmac { #endif /* HAVE_AESGCM */ #endif /* HAVE_FIPS */ +WOLFSSL_API int wc_InitAes_h(Aes* aes, void* h); WOLFSSL_API int wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv, int dir); WOLFSSL_API int wc_AesSetIV(Aes* aes, const byte* iv); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index f581f27a90..2f358885fa 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -763,6 +763,7 @@ struct OcspRequest { byte nonce[MAX_OCSP_NONCE_SZ]; int nonceSz; + void* heap; }; @@ -808,6 +809,7 @@ struct DecodedCRL { byte nextDateFormat; /* format of next date */ RevokedCert* certs; /* revoked cert list */ int totalCerts; /* number on list */ + void* heap; }; WOLFSSL_LOCAL void InitDecodedCRL(DecodedCRL*); diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 83140e6740..fbdaf05d2b 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -153,6 +153,7 @@ typedef struct Cert { #ifdef WOLFSSL_CERT_REQ char challengePw[CTC_NAME_SIZE]; #endif + void* heap; /* heap hint */ } Cert; #endif /* WOLFSSL_CERT_GEN */ diff --git a/wolfssl/wolfcrypt/dsa.h b/wolfssl/wolfcrypt/dsa.h index 1b56367ce8..a8d14bbc7f 100644 --- a/wolfssl/wolfcrypt/dsa.h +++ b/wolfssl/wolfcrypt/dsa.h @@ -52,10 +52,12 @@ enum { /* DSA */ typedef struct DsaKey { mp_int p, q, g, y, x; - int type; /* public or private */ + int type; /* public or private */ + void* heap; /* memory hint */ } DsaKey; WOLFSSL_API void wc_InitDsaKey(DsaKey* key); +WOLFSSL_API int wc_InitDsaKey_h(DsaKey* key, void* h); WOLFSSL_API void wc_FreeDsaKey(DsaKey* key); WOLFSSL_API int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, WC_RNG* rng); diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index e67a497200..1b97eb3885 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -166,6 +166,7 @@ typedef struct { curves (idx >= 0) or user supplied */ ecc_point pubkey; /* public key */ mp_int k; /* private key */ + void* heap; /* heap hint */ } ecc_key; @@ -208,6 +209,8 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, WOLFSSL_API int wc_ecc_init(ecc_key* key); WOLFSSL_API +int wc_ecc_init_h(ecc_key* key, void* heap); +WOLFSSL_API void wc_ecc_free(ecc_key* key); WOLFSSL_API void wc_ecc_fp_free(void); @@ -215,8 +218,12 @@ void wc_ecc_fp_free(void); WOLFSSL_API ecc_point* wc_ecc_new_point(void); WOLFSSL_API +ecc_point* wc_ecc_new_point_h(void* h); +WOLFSSL_API void wc_ecc_del_point(ecc_point* p); WOLFSSL_API +void wc_ecc_del_point_h(ecc_point* p, void* h); +WOLFSSL_API int wc_ecc_copy_point(ecc_point* p, ecc_point *r); WOLFSSL_API int wc_ecc_cmp_point(ecc_point* a, ecc_point *b); @@ -228,6 +235,9 @@ WOLFSSL_API int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus, int map); +WOLFSSL_API +int wc_ecc_mulmod_h(mp_int* k, ecc_point *G, ecc_point *R, + mp_int* modulus, int map, void* heap); #ifdef HAVE_ECC_KEY_EXPORT /* ASN key helpers */ WOLFSSL_API diff --git a/wolfssl/wolfcrypt/hc128.h b/wolfssl/wolfcrypt/hc128.h index 609228ad0a..1b2578b40c 100644 --- a/wolfssl/wolfcrypt/hc128.h +++ b/wolfssl/wolfcrypt/hc128.h @@ -43,12 +43,16 @@ typedef struct HC128 { word32 counter1024; /* counter1024 = i mod 1024 at the ith step */ word32 key[8]; word32 iv[8]; +#ifdef XSTREAM_ALIGN + void* heap; /* heap hint, currently XMALLOC only used with aligning */ +#endif } HC128; WOLFSSL_API int wc_Hc128_Process(HC128*, byte*, const byte*, word32); WOLFSSL_API int wc_Hc128_SetKey(HC128*, const byte* key, const byte* iv); +WOLFSSL_LOCAL int wc_Hc128_SetHeap(HC128* ctx, void* heap); #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/wolfcrypt/hmac.h b/wolfssl/wolfcrypt/hmac.h index b80a487865..5311c92e04 100644 --- a/wolfssl/wolfcrypt/hmac.h +++ b/wolfssl/wolfcrypt/hmac.h @@ -144,17 +144,18 @@ typedef struct Hmac { word32 ipad[HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/ word32 opad[HMAC_BLOCK_SIZE / sizeof(word32)]; word32 innerHash[MAX_DIGEST_SIZE / sizeof(word32)]; - byte macType; /* md5 sha or sha256 */ - byte innerHashKeyed; /* keyed flag */ #ifdef HAVE_CAVIUM + word64 contextHandle; /* nitrox context memory handle */ + HashType type; /* hmac key type */ + word32 magic; /* using cavium magic */ + int devId; /* nitrox device id */ + void* heap /* heap hint , currently only used with cavium */ + byte* data; /* buffered input data for one call */ word16 keyLen; /* hmac key length */ word16 dataLen; - HashType type; /* hmac key type */ - int devId; /* nitrox device id */ - word32 magic; /* using cavium magic */ - word64 contextHandle; /* nitrox context memory handle */ - byte* data; /* buffered input data for one call */ #endif + byte macType; /* md5 sha or sha256 */ + byte innerHashKeyed; /* keyed flag */ } Hmac; #endif /* HAVE_FIPS */ diff --git a/wolfssl/wolfcrypt/mem_track.h b/wolfssl/wolfcrypt/mem_track.h index 4d69a565bf..f7972a2722 100644 --- a/wolfssl/wolfcrypt/mem_track.h +++ b/wolfssl/wolfcrypt/mem_track.h @@ -58,7 +58,7 @@ #ifndef WOLFSSL_MEM_TRACK_H #define WOLFSSL_MEM_TRACK_H -#ifdef USE_WOLFSSL_MEMORY +#if defined(USE_WOLFSSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY) #include "wolfssl/wolfcrypt/logging.h" diff --git a/wolfssl/wolfcrypt/memory.h b/wolfssl/wolfcrypt/memory.h index 6553449ea7..c5708603bb 100644 --- a/wolfssl/wolfcrypt/memory.h +++ b/wolfssl/wolfcrypt/memory.h @@ -42,15 +42,26 @@ WOLFSSL_API void* wolfSSL_Malloc(size_t size, const char* func, unsigned int line); WOLFSSL_API void wolfSSL_Free(void *ptr, const char* func, unsigned int line); WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size, const char* func, unsigned int line); + #else + #if defined(WOLFSSL_STATIC_MEMORY) + typedef void *(*wolfSSL_Malloc_cb)(size_t size, void* heap, int type); + typedef void (*wolfSSL_Free_cb)(void *ptr, void* heap, int type); + typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size, + void* heap, int type); + WOLFSSL_API void* wolfSSL_Malloc(size_t size, void* heap, int type); + WOLFSSL_API void wolfSSL_Free(void *ptr, void* heap, int type); + WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size, + void* heap, int type); + #else typedef void *(*wolfSSL_Malloc_cb)(size_t size); typedef void (*wolfSSL_Free_cb)(void *ptr); typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size); - /* Public in case user app wants to use XMALLOC/XFREE */ WOLFSSL_API void* wolfSSL_Malloc(size_t size); WOLFSSL_API void wolfSSL_Free(void *ptr); WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size); + #endif #endif /* Public set function */ @@ -60,16 +71,76 @@ WOLFSSL_API int wolfSSL_SetAllocators(wolfSSL_Malloc_cb malloc_function, #ifdef WOLFSSL_STATIC_MEMORY #define WOLFSSL_STATIC_TIMEOUT 1 - #define WC_STATIC_ALIGN 64 + #define WOLFSSL_STATIC_ALIGN 64 + #define WOLFMEM_MAX_BUCKETS 9 + #define WOLFMEM_DEF_BUCKETS 9 /* number of default memory blocks */ + #define WOLFMEM_IO_SZ 17000 - WOLFSSL_API int wolfSSL_load_static_memory(byte* buffer, word32 sz); - WOLFSSL_API int wolfSSL_unload_static_memory(byte* buffer, word32 sz, - word32* amt); - WOLFSSL_API int wolfSSL_use_static_memory(byte flag); - WOLFSSL_API word32 wolfSSL_static_memory_inUse(void); - WOLFSSL_LOCAL void* wolfSSL_Malloc_Static(size_t size); - WOLFSSL_LOCAL void wolfSSL_Free_Static(void *ptr); - WOLFSSL_LOCAL void* wolfSSL_Realloc_Static(void *ptr, size_t size); + /* flags for loading static memory (one hot bit) */ + #define WOLFMEM_GENERAL 0x01 + #define WOLFMEM_IO_POOL 0x02 + #define WOLFMEM_IO_POOL_FIXED 0x04 + #define WOLFMEM_TRACK_STATS 0x08 + + + typedef struct WOLFSSL_MEM_CONN_STATS { + word32 peakMem; /* peak memory usage */ + word32 curMem; /* current memory usage */ + word32 peakAlloc; /* peak memory allocations */ + word32 curAlloc; /* current memory allocations */ + word32 totalAlloc;/* total memory allocations for lifetime */ + word32 totalFr; /* total frees for lifetime */ + } WOLFSSL_MEM_CONN_STATS; + + typedef struct WOLFSSL_MEM_STATS { + word32 curAlloc; /* current memory allocations */ + word32 totalAlloc;/* total memory allocations for lifetime */ + word32 totalFr; /* total frees for lifetime */ + word32 totalUse; /* total amount of memory used in blocks */ + word32 avaIO; /* available IO specific pools */ + word32 maxHa; /* max number of concurent handshakes allowed */ + word32 maxIO; /* max number of concurent IO connections allowed */ + word32 blockSz[WOLFMEM_MAX_BUCKETS]; /* block sizes in stacks */ + word32 avaBlock[WOLFMEM_MAX_BUCKETS];/* ava block sizes */ + word32 usedBlock[WOLFMEM_MAX_BUCKETS]; + int flag; /* flag used */ + } WOLFSSL_MEM_STATS; + + typedef struct wc_Memory wc_Memory; /* internal structure for mem bucket */ + typedef struct WOLFSSL_HEAP { + wc_Memory* ava[WOLFMEM_MAX_BUCKETS]; + wc_Memory* io; /* list of buffers to use for IO */ + word32 maxHa; /* max concurent handshakes */ + word32 curHa; + word32 maxIO; /* max concurrent IO connections */ + word32 curIO; + word32 sizeList[WOLFMEM_MAX_BUCKETS];/* memory sizes in ava list */ + word32 distList[WOLFMEM_MAX_BUCKETS];/* general distribution */ + word32 inUse; /* amount of memory currently in use */ + word32 ioUse; + word32 alloc; /* total number of allocs */ + word32 frAlc; /* total number of frees */ + int flag; + wolfSSL_Mutex memory_mutex; + } WOLFSSL_HEAP; + + /* structure passed into XMALLOC as heap hint + * having this abstraction allows tracking statistics of individual ssl's + */ + typedef struct WOLFSSL_HEAP_HINT { + WOLFSSL_HEAP* memory; + WOLFSSL_MEM_CONN_STATS* stats; /* hold individual connection stats */ + wc_Memory* outBuf; /* set if using fixed io buffers */ + wc_Memory* inBuf; + } WOLFSSL_HEAP_HINT; + + + WOLFSSL_LOCAL int wolfSSL_load_static_memory(byte* buffer, word32 sz, + int flag, WOLFSSL_HEAP* heap); + WOLFSSL_LOCAL int wolfSSL_GetMemStats(WOLFSSL_HEAP* heap, + WOLFSSL_MEM_STATS* stats); + WOLFSSL_LOCAL int SetFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io); + WOLFSSL_LOCAL int FreeFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io); #endif /* WOLFSSL_STATIC_MEMORY */ #ifdef __cplusplus diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index e5634df12f..c5d9766fd6 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -79,6 +79,7 @@ typedef struct PKCS7 { int hashOID; int encryptOID; /* key encryption algorithm OID */ + void* heap; /* heap hint for dynamic memory */ byte* singleCert; /* recipient cert, DER, not owner */ word32 singleCertSz; /* size of recipient cert buffer, bytes */ byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */ @@ -96,14 +97,15 @@ typedef struct PKCS7 { } PKCS7; +WOLFSSL_LOCAL int wc_PKCS7_SetHeap(PKCS7* pkcs7, void* heap); WOLFSSL_LOCAL int wc_SetContentType(int pkcs7TypeOID, byte* output); WOLFSSL_LOCAL int wc_GetContentType(const byte* input, word32* inOutIdx, word32* oid, word32 maxIdx); WOLFSSL_LOCAL int wc_CreateRecipientInfo(const byte* cert, word32 certSz, int keyEncAlgo, int blockKeySz, WC_RNG* rng, byte* contentKeyPlain, - byte* contentKeyEnc, - int* keyEncSz, byte* out, word32 outSz); + byte* contentKeyEnc, int* keyEncSz, + byte* out, word32 outSz, void* heap); WOLFSSL_API int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz); WOLFSSL_API void wc_PKCS7_Free(PKCS7* pkcs7); diff --git a/wolfssl/wolfcrypt/pwdbased.h b/wolfssl/wolfcrypt/pwdbased.h index b9cfa01df9..9380e341f4 100644 --- a/wolfssl/wolfcrypt/pwdbased.h +++ b/wolfssl/wolfcrypt/pwdbased.h @@ -50,6 +50,9 @@ WOLFSSL_API int wc_PBKDF2(byte* output, const byte* passwd, int pLen, WOLFSSL_API int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int pLen, const byte* salt, int sLen, int iterations, int kLen, int typeH, int purpose); +WOLFSSL_API int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd,int passLen, + const byte* salt, int saltLen, int iterations, int kLen, + int hashType, int id, void* heap); /* helper functions */ WOLFSSL_LOCAL int GetDigestSize(int typeH); diff --git a/wolfssl/wolfcrypt/rabbit.h b/wolfssl/wolfcrypt/rabbit.h index 50ebeebf61..fea0ec1b8f 100644 --- a/wolfssl/wolfcrypt/rabbit.h +++ b/wolfssl/wolfcrypt/rabbit.h @@ -49,12 +49,16 @@ typedef struct RabbitCtx { typedef struct Rabbit { RabbitCtx masterCtx; RabbitCtx workCtx; +#ifdef XSTREAM_ALIGN + void* heap; /* heap hint, currently XMALLOC only used with aligning */ +#endif } Rabbit; WOLFSSL_API int wc_RabbitProcess(Rabbit*, byte*, const byte*, word32); WOLFSSL_API int wc_RabbitSetKey(Rabbit*, const byte* key, const byte* iv); +WOLFSSL_LOCAL int wc_Rabbit_SetHeap(Rabbit* ctx, void* heap); #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index f047b07f20..23d5020d0a 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -88,6 +88,7 @@ struct DRBG; /* Private DRBG state */ typedef struct WC_RNG { struct DRBG* drbg; OS_Seed seed; + void* heap; byte status; } WC_RNG; @@ -141,6 +142,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz); WOLFSSL_API int wc_InitRng(WC_RNG*); +WOLFSSL_API int wc_InitRng_ex(WC_RNG* rng, void* heap); WOLFSSL_API int wc_RNG_GenerateBlock(WC_RNG*, byte*, word32 sz); WOLFSSL_API int wc_RNG_GenerateByte(WC_RNG*, byte*); WOLFSSL_API int wc_FreeRng(WC_RNG*); diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index f3e981282a..9c431760b1 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1244,6 +1244,18 @@ static char *fgets(char *buff, int sz, FILE *fp) #endif #endif /* WOLFSSL_LEANTLS*/ +/* restriction with static memory */ +#ifdef WOLFSSL_STATIC_MEMORY + #ifndef USE_FAST_MATH + #error static memory requires fast math please define USE_FAST_MATH + #endif + #ifdef WOLFSSL_SMALL_STACK + #error static memory does not support small stack please undefine + #endif + #ifndef TFM_TIMING_RESISTANT + #error please define TFM_TIMING_RESISTANT with use of static memory + #endif +#endif /* WOLFSSL_STATIC_MEMORY */ /* Place any other flags or defines here */ diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h index e761e51f54..f09432c023 100644 --- a/wolfssl/wolfcrypt/srp.h +++ b/wolfssl/wolfcrypt/srp.h @@ -114,6 +114,7 @@ typedef struct Srp { /**< The default function used by this implementation is a modified */ /**< version of t_mgf1 that uses the proper hash function according */ /**< to srp->type. */ + void* heap; /**< heap hint pointer */ } Srp; /** diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 8825ddb538..839ec0ddef 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -195,10 +195,14 @@ && !defined(WOLFSSL_uITRON4) && !defined(WOLFSSL_uTKERNEL2) /* default C runtime, can install different routines at runtime via cbs */ #include - #ifdef WOLFSSL_DEBUG_MEMORY + #if defined(WOLFSSL_DEBUG_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY) #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s), __func__, __LINE__)) #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), __func__, __LINE__);} #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), __func__, __LINE__) + #elif defined(WOLFSSL_STATIC_MEMORY) + #define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t)) + #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t));} + #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t)) #else #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s))) #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp));} @@ -330,7 +334,8 @@ DYNAMIC_TYPE_URL = 54, DYNAMIC_TYPE_DTLS_FRAG = 55, DYNAMIC_TYPE_DTLS_BUFFER = 56, - DYNAMIC_TYPE_SESSION_TICK = 57 + DYNAMIC_TYPE_SESSION_TICK = 57, + DYNAMIC_TYPE_PKCS = 58 }; /* max error buffer string size */