From 4e8c362152bbf54fe315b1e7fc184f993c003032 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Mon, 23 May 2022 12:48:24 +0200 Subject: [PATCH] Allocate ssl->async seperately to the SSL object --- src/internal.c | 219 +++++++++++++++++++++++++++++++++++---------- src/sniffer.c | 19 +++- src/ssl.c | 16 ++++ src/tls13.c | 139 +++++++++++++++++++++++----- wolfssl/internal.h | 17 ++-- 5 files changed, 336 insertions(+), 74 deletions(-) diff --git a/src/internal.c b/src/internal.c index 065a47138..3fc02a445 100644 --- a/src/internal.c +++ b/src/internal.c @@ -6964,6 +6964,28 @@ static int ReuseKey(WOLFSSL* ssl, int type, void* pKey) } #endif +#ifdef WOLFSSL_ASYNC_IO +void FreeAsyncCtx(WOLFSSL* ssl, byte freeAsync) +{ + if (ssl->async != NULL) { + if (ssl->async->freeArgs != NULL) { + ssl->async->freeArgs(ssl, ssl->async->args); + ssl->async->freeArgs = NULL; + } +#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WOLFSSL_NO_TLS12) + if (ssl->options.buildArgsSet) { + FreeBuildMsgArgs(ssl, &ssl->async->buildArgs); + ssl->options.buildArgsSet = 0; + } +#endif + if (freeAsync) { + XFREE(ssl->async, ssl->heap, DYNAMIC_TYPE_ASYNC); + ssl->async = NULL; + } + } +} +#endif + void FreeKeyExchange(WOLFSSL* ssl) { /* Cleanup signature buffer */ @@ -6986,17 +7008,6 @@ void FreeKeyExchange(WOLFSSL* ssl) #ifndef NO_DH /* Free temp DH key */ FreeKey(ssl, DYNAMIC_TYPE_DH, (void**)&ssl->buffers.serverDH_Key); -#endif - - /* Cleanup async */ -#ifdef WOLFSSL_ASYNC_IO - if (ssl->async.freeArgs) { - ssl->async.freeArgs(ssl, ssl->async.args); - ssl->async.freeArgs = NULL; - } -#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WOLFSSL_NO_TLS12) - FreeBuildMsgArgs(ssl, &ssl->async.buildArgs); -#endif #endif } @@ -7044,6 +7055,10 @@ void SSL_ResourceFree(WOLFSSL* ssl) FreeCiphers(ssl); FreeArrays(ssl, 0); FreeKeyExchange(ssl); +#ifdef WOLFSSL_ASYNC_IO + /* Cleanup async */ + FreeAsyncCtx(ssl, 1); +#endif if (ssl->options.weOwnRng) { wc_FreeRng(ssl->rng); XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG); @@ -11984,8 +11999,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, { int ret = 0; #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP) - ProcPeerCertArgs* args = (ProcPeerCertArgs*)ssl->async.args; - WOLFSSL_ASSERT_SIZEOF_GE(ssl->async.args, *args); + ProcPeerCertArgs* args = NULL; + WOLFSSL_ASSERT_SIZEOF_GE(ssl->async->args, *args); #elif defined(WOLFSSL_SMALL_STACK) ProcPeerCertArgs* args = NULL; #else @@ -11996,7 +12011,15 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, WOLFSSL_ENTER("ProcessPeerCerts"); -#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_ASYNC_CRYPT) +#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP) + if (ssl->async == NULL) { + ssl->async = (struct WOLFSSL_ASYNC*) + XMALLOC(sizeof(struct WOLFSSL_ASYNC), ssl->heap, + DYNAMIC_TYPE_ASYNC); + if (ssl->async == NULL) + ERROR_OUT(MEMORY_E, exit_ppc); + } + args = (ProcPeerCertArgs*)ssl->async->args; #ifdef WOLFSSL_ASYNC_CRYPT ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState); if (ret != WC_NOT_PENDING_E) { @@ -12027,7 +12050,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, args->idx = *inOutIdx; args->begin = *inOutIdx; #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP) - ssl->async.freeArgs = FreeProcPeerCertArgs; + ssl->async->freeArgs = FreeProcPeerCertArgs; #endif } @@ -13344,8 +13367,10 @@ exit_ppc: } #endif /* WOLFSSL_ASYNC_CRYPT || WOLFSSL_NONBLOCK_OCSP */ -#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP) || \ - defined(WOLFSSL_SMALL_STACK) +#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP) + /* Cleanup async */ + FreeAsyncCtx(ssl, 0); +#elif defined(WOLFSSL_SMALL_STACK) if (args) { FreeProcPeerCertArgs(ssl, args); @@ -18508,13 +18533,19 @@ int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes) #ifndef WOLFSSL_NO_TLS12 void FreeBuildMsgArgs(WOLFSSL* ssl, BuildMsgArgs* args) { - if (args) { + if (args +#ifdef WOLFSSL_ASYNC_CRYPT + && ssl->options.buildArgsSet +#endif + ) { /* only free the IV if it was dynamically allocated */ if (ssl && args->iv && (args->iv != args->staticIvBuffer)) { XFREE(args->iv, ssl->heap, DYNAMIC_TYPE_SALT); } - XMEMSET(args, 0, sizeof(BuildMsgArgs)); } +#ifdef WOLFSSL_ASYNC_CRYPT + ssl->options.buildArgsSet = 0; +#endif } #endif @@ -18527,9 +18558,6 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, int ret; BuildMsgArgs* args; BuildMsgArgs lcl_args; -#ifdef WOLFSSL_ASYNC_CRYPT - args = &ssl->async.buildArgs; -#endif #endif WOLFSSL_ENTER("BuildMessage"); @@ -18561,6 +18589,11 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, #ifdef WOLFSSL_ASYNC_CRYPT ret = WC_NOT_PENDING_E; if (asyncOkay) { + if (ssl->async == NULL) { + return BAD_FUNC_ARG; + } + args = &ssl->async->buildArgs; + ret = wolfSSL_AsyncPop(ssl, &ssl->options.buildMsgState); if (ret != WC_NOT_PENDING_E) { /* Check for error */ @@ -18580,6 +18613,9 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, #endif { ret = 0; +#ifdef WOLFSSL_ASYNC_CRYPT + ssl->options.buildArgsSet = 1; +#endif ssl->options.buildMsgState = BUILD_MSG_BEGIN; XMEMSET(args, 0, sizeof(BuildMsgArgs)); @@ -20271,6 +20307,16 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) } #endif if (!ssl->options.tls1_3) { +#ifdef WOLFSSL_ASYNC_CRYPT + if (ssl->async == NULL) { + ssl->async = (struct WOLFSSL_ASYNC*) + XMALLOC(sizeof(struct WOLFSSL_ASYNC), ssl->heap, + DYNAMIC_TYPE_ASYNC); + if (ssl->async == NULL) + return MEMORY_E; + ssl->async->freeArgs = NULL; + } +#endif sendSz = BuildMessage(ssl, out, outputSz, sendBuffer, buffSz, application_data, 0, 0, 1, CUR_ORDER); } @@ -20290,6 +20336,9 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) return BUILD_MSG_ERROR; } +#ifdef WOLFSSL_ASYNC_CRYPT + FreeAsyncCtx(ssl, 0); +#endif ssl->buffers.outputBuffer.length += sendSz; if ( (ssl->error = SendBuffered(ssl)) < 0) { @@ -24524,8 +24573,8 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, { int ret = 0; #ifdef WOLFSSL_ASYNC_CRYPT - DskeArgs* args = (DskeArgs*)ssl->async.args; - WOLFSSL_ASSERT_SIZEOF_GE(ssl->async.args, *args); + DskeArgs* args = NULL; + WOLFSSL_ASSERT_SIZEOF_GE(ssl->async->args, *args); #else DskeArgs args[1]; #endif @@ -24537,6 +24586,15 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, WOLFSSL_ENTER("DoServerKeyExchange"); #ifdef WOLFSSL_ASYNC_CRYPT + if (ssl->async == NULL) { + ssl->async = (struct WOLFSSL_ASYNC*) + XMALLOC(sizeof(struct WOLFSSL_ASYNC), ssl->heap, + DYNAMIC_TYPE_ASYNC); + if (ssl->async == NULL) + ERROR_OUT(MEMORY_E, exit_dske); + } + args = (DskeArgs*)ssl->async->args; + ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState); if (ret != WC_NOT_PENDING_E) { /* Check for error */ @@ -24555,7 +24613,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, args->sigAlgo = ssl->specs.sig_algo; args->hashAlgo = sha_mac; #ifdef WOLFSSL_ASYNC_CRYPT - ssl->async.freeArgs = FreeDskeArgs; + ssl->async->freeArgs = FreeDskeArgs; #endif } @@ -25531,10 +25589,13 @@ exit_dske: return ret; } + /* Cleanup async */ + FreeAsyncCtx(ssl, 0); +#else + FreeDskeArgs(ssl, args); #endif /* WOLFSSL_ASYNC_CRYPT */ /* Final cleanup */ - FreeDskeArgs(ssl, args); FreeKeyExchange(ssl); return ret; @@ -25571,8 +25632,8 @@ int SendClientKeyExchange(WOLFSSL* ssl) { int ret = 0; #ifdef WOLFSSL_ASYNC_CRYPT - SckeArgs* args = (SckeArgs*)ssl->async.args; - WOLFSSL_ASSERT_SIZEOF_GE(ssl->async.args, *args); + SckeArgs* args = NULL; + WOLFSSL_ASSERT_SIZEOF_GE(ssl->async->args, *args); #else SckeArgs args[1]; #endif @@ -25588,6 +25649,15 @@ int SendClientKeyExchange(WOLFSSL* ssl) #endif #ifdef WOLFSSL_ASYNC_CRYPT + if (ssl->async == NULL) { + ssl->async = (struct WOLFSSL_ASYNC*) + XMALLOC(sizeof(struct WOLFSSL_ASYNC), ssl->heap, + DYNAMIC_TYPE_ASYNC); + if (ssl->async == NULL) + ERROR_OUT(MEMORY_E, exit_scke); + } + args = (SckeArgs*)ssl->async->args; + ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState); if (ret != WC_NOT_PENDING_E) { /* Check for error */ @@ -25602,7 +25672,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) ssl->options.asyncState = TLS_ASYNC_BEGIN; XMEMSET(args, 0, sizeof(SckeArgs)); #ifdef WOLFSSL_ASYNC_CRYPT - ssl->async.freeArgs = FreeSckeArgs; + ssl->async->freeArgs = FreeSckeArgs; #endif } @@ -26737,7 +26807,12 @@ exit_scke: ssl->arrays->preMasterSz = 0; /* Final cleanup */ +#ifdef WOLFSSL_ASYNC_CRYPT + /* Cleanup async */ + FreeAsyncCtx(ssl, 0); +#else FreeSckeArgs(ssl, args); +#endif FreeKeyExchange(ssl); return ret; @@ -26789,8 +26864,8 @@ int SendCertificateVerify(WOLFSSL* ssl) { int ret = 0; #ifdef WOLFSSL_ASYNC_IO - ScvArgs* args = (ScvArgs*)ssl->async.args; - WOLFSSL_ASSERT_SIZEOF_GE(ssl->async.args, *args); + ScvArgs* args = NULL; + WOLFSSL_ASSERT_SIZEOF_GE(ssl->async->args, *args); #else ScvArgs args[1]; #endif @@ -26799,6 +26874,14 @@ int SendCertificateVerify(WOLFSSL* ssl) WOLFSSL_ENTER("SendCertificateVerify"); #ifdef WOLFSSL_ASYNC_IO + if (ssl->async == NULL) { + ssl->async = (struct WOLFSSL_ASYNC*) + XMALLOC(sizeof(struct WOLFSSL_ASYNC), ssl->heap, + DYNAMIC_TYPE_ASYNC); + if (ssl->async == NULL) + ERROR_OUT(MEMORY_E, exit_scv); + } + args = (ScvArgs*)ssl->async->args; #ifdef WOLFSSL_ASYNC_CRYPT /* BuildMessage does its own Pop */ if (ssl->error != WC_PENDING_E || @@ -26826,7 +26909,7 @@ int SendCertificateVerify(WOLFSSL* ssl) ssl->options.asyncState = TLS_ASYNC_BEGIN; XMEMSET(args, 0, sizeof(ScvArgs)); #ifdef WOLFSSL_ASYNC_IO - ssl->async.freeArgs = FreeScvArgs; + ssl->async->freeArgs = FreeScvArgs; #endif } @@ -27190,7 +27273,12 @@ exit_scv: ssl->buffers.digest.length = 0; /* Final cleanup */ +#ifdef WOLFSSL_ASYNC_IO + /* Cleanup async */ + FreeAsyncCtx(ssl, 0); +#else FreeScvArgs(ssl, args); +#endif FreeKeyExchange(ssl); return ret; @@ -27770,8 +27858,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, { int ret = 0; #ifdef WOLFSSL_ASYNC_IO - SskeArgs* args = (SskeArgs*)ssl->async.args; - WOLFSSL_ASSERT_SIZEOF_GE(ssl->async.args, *args); + SskeArgs* args = NULL; + WOLFSSL_ASSERT_SIZEOF_GE(ssl->async->args, *args); #else SskeArgs args[1]; #endif @@ -27780,6 +27868,14 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, WOLFSSL_ENTER("SendServerKeyExchange"); #ifdef WOLFSSL_ASYNC_IO + if (ssl->async == NULL) { + ssl->async = (struct WOLFSSL_ASYNC*) + XMALLOC(sizeof(struct WOLFSSL_ASYNC), ssl->heap, + DYNAMIC_TYPE_ASYNC); + if (ssl->async == NULL) + ERROR_OUT(MEMORY_E, exit_sske); + } + args = (SskeArgs*)ssl->async->args; #ifdef WOLFSSL_ASYNC_CRYPT ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState); if (ret != WC_NOT_PENDING_E) { @@ -27804,7 +27900,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->options.asyncState = TLS_ASYNC_BEGIN; XMEMSET(args, 0, sizeof(SskeArgs)); #ifdef WOLFSSL_ASYNC_IO - ssl->async.freeArgs = FreeSskeArgs; + ssl->async->freeArgs = FreeSskeArgs; #endif } @@ -29307,7 +29403,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); args->input = NULL; } + #ifdef WOLFSSL_ASYNC_IO + /* Cleanup async */ + FreeAsyncCtx(ssl, 0); + #else FreeSskeArgs(ssl, args); + #endif FreeKeyExchange(ssl); return ret; @@ -30531,8 +30632,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, { int ret = 0; #ifdef WOLFSSL_ASYNC_CRYPT - DcvArgs* args = (DcvArgs*)ssl->async.args; - WOLFSSL_ASSERT_SIZEOF_GE(ssl->async.args, *args); + DcvArgs* args = NULL; + WOLFSSL_ASSERT_SIZEOF_GE(ssl->async->args, *args); #else DcvArgs args[1]; #endif @@ -30541,6 +30642,15 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, WOLFSSL_ENTER("DoCertificateVerify"); #ifdef WOLFSSL_ASYNC_CRYPT + if (ssl->async == NULL) { + ssl->async = (struct WOLFSSL_ASYNC*) + XMALLOC(sizeof(struct WOLFSSL_ASYNC), ssl->heap, + DYNAMIC_TYPE_ASYNC); + if (ssl->async == NULL) + ERROR_OUT(MEMORY_E, exit_dcv); + } + args = (DcvArgs*)ssl->async->args; + ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState); if (ret != WC_NOT_PENDING_E) { /* Check for error */ @@ -30559,7 +30669,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, args->idx = *inOutIdx; args->begin = *inOutIdx; #ifdef WOLFSSL_ASYNC_CRYPT - ssl->async.freeArgs = FreeDcvArgs; + ssl->async->freeArgs = FreeDcvArgs; #endif } @@ -30918,8 +31028,13 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->buffers.digest.buffer = NULL; ssl->buffers.digest.length = 0; - /* Final cleanup */ + #ifdef WOLFSSL_ASYNC_CRYPT + /* Cleanup async */ + FreeAsyncCtx(ssl, 0); + #else FreeDcvArgs(ssl, args); + #endif + /* Final cleanup */ FreeKeyExchange(ssl); return ret; @@ -32120,8 +32235,8 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], { int ret; #ifdef WOLFSSL_ASYNC_CRYPT - DckeArgs* args = (DckeArgs*)ssl->async.args; - WOLFSSL_ASSERT_SIZEOF_GE(ssl->async.args, *args); + DckeArgs* args = NULL; + WOLFSSL_ASSERT_SIZEOF_GE(ssl->async->args, *args); #else DckeArgs args[1]; #endif @@ -32133,6 +32248,15 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], WOLFSSL_ENTER("DoClientKeyExchange"); #ifdef WOLFSSL_ASYNC_CRYPT + if (ssl->async == NULL) { + ssl->async = (struct WOLFSSL_ASYNC*) + XMALLOC(sizeof(struct WOLFSSL_ASYNC), ssl->heap, + DYNAMIC_TYPE_ASYNC); + if (ssl->async == NULL) + ERROR_OUT(MEMORY_E, exit_dcke); + } + args = (DckeArgs*)ssl->async->args; + ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState); if (ret != WC_NOT_PENDING_E) { /* Check for error */ @@ -32149,7 +32273,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], args->idx = *inOutIdx; args->begin = *inOutIdx; #ifdef WOLFSSL_ASYNC_CRYPT - ssl->async.freeArgs = FreeDckeArgs; + ssl->async->freeArgs = FreeDckeArgs; #endif } @@ -33319,6 +33443,10 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], return ret; } + /* Cleanup async */ + FreeAsyncCtx(ssl, 0); + #else + FreeDckeArgs(ssl, args); #endif /* WOLFSSL_ASYNC_CRYPT */ #ifdef OPENSSL_ALL /* add error ret value to error queue */ @@ -33335,7 +33463,6 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], ssl->arrays->preMasterSz = 0; /* Final cleanup */ - FreeDckeArgs(ssl, args); FreeKeyExchange(ssl); return ret; @@ -33388,7 +33515,7 @@ int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state) } /* check for pending async */ - asyncDev = ssl->async.dev; + asyncDev = ssl->asyncDev; if (asyncDev) { /* grab event pointer */ event = &asyncDev->event; @@ -33405,7 +33532,7 @@ int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state) XMEMSET(&asyncDev->event, 0, sizeof(WOLF_EVENT)); /* clear async dev */ - ssl->async.dev = NULL; + ssl->asyncDev = NULL; } } else { @@ -33450,7 +33577,7 @@ int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev) event = &asyncDev->event; /* store reference to active async operation */ - ssl->async.dev = asyncDev; + ssl->asyncDev = asyncDev; /* place event into queue */ ret = wolfAsync_EventQueuePush(&ssl->ctx->event_queue, event); diff --git a/src/sniffer.c b/src/sniffer.c index a8d8ad39d..d4c0e5d13 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -2332,8 +2332,8 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, WOLFSSL* ssl = session->sslServer; #ifdef WOLFSSL_ASYNC_CRYPT - SetupKeysArgs* args = (SetupKeysArgs*)ssl->async.args; - WOLFSSL_ASSERT_SIZEOF_GE(ssl->async.args, *args); + SetupKeysArgs* args = NULL; + WOLFSSL_ASSERT_SIZEOF_GE(ssl->async->args, *args); #else SetupKeysArgs args[1]; #endif @@ -2348,6 +2348,15 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, } #ifdef WOLFSSL_ASYNC_CRYPT + if (ssl->async == NULL) { + ssl->async = (struct WOLFSSL_ASYNC*) + XMALLOC(sizeof(struct WOLFSSL_ASYNC), ssl->heap, + DYNAMIC_TYPE_ASYNC); + if (ssl->async == NULL) + ERROR_OUT(MEMORY_E, exit_sk); + } + args = (SetupKeysArgs*)ssl->async->args; + ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState); if (ret != WC_NOT_PENDING_E) { /* Check for error */ @@ -2362,7 +2371,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, ssl->options.asyncState = TLS_ASYNC_BEGIN; XMEMSET(args, 0, sizeof(SetupKeysArgs)); #ifdef WOLFSSL_ASYNC_CRYPT - ssl->async.freeArgs = FreeSetupKeysArgs; + ssl->async->freeArgs = FreeSetupKeysArgs; #endif #ifdef WOLFSSL_ASYNC_CRYPT args->key = (SnifferKey*)XMALLOC(sizeof(SnifferKey), NULL, @@ -3089,7 +3098,11 @@ exit_sk: #endif /* Final cleanup */ +#ifdef WOLFSSL_ASYNC_CRYPT + FreeAsyncCtx(ssl, 1); +#else FreeSetupKeysArgs(ssl, args); +#endif return ret; } diff --git a/src/ssl.c b/src/ssl.c index 31b102d8f..cee46e180 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -11859,6 +11859,10 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, WOLFSSL_MSG("connect state: " "Advanced from last buffered fragment send"); } + #ifdef WOLFSSL_ASYNC_IO + /* Cleanup async */ + FreeAsyncCtx(ssl, 0); + #endif } else { WOLFSSL_MSG("connect state: " @@ -12108,6 +12112,10 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, ssl->secure_renegotiation->startScr = 0; } #endif /* WOLFSSL_ASYNC_CRYPT && HAVE_SECURE_RENEGOTIATION */ + #if defined(WOLFSSL_ASYNC_IO) && !defined(WOLFSSL_ASYNC_CRYPT) + /* Free the remaining async context if not using it for crypto */ + FreeAsyncCtx(ssl, 1); + #endif WOLFSSL_LEAVE("SSL_connect()", WOLFSSL_SUCCESS); return WOLFSSL_SUCCESS; @@ -12336,6 +12344,10 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, WOLFSSL_MSG("accept state: " "Advanced from last buffered fragment send"); } + #ifdef WOLFSSL_ASYNC_IO + /* Cleanup async */ + FreeAsyncCtx(ssl, 0); + #endif } else { WOLFSSL_MSG("accept state: " @@ -12563,6 +12575,10 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, ssl->secure_renegotiation->startScr = 0; } #endif /* WOLFSSL_ASYNC_CRYPT && HAVE_SECURE_RENEGOTIATION */ +#if defined(WOLFSSL_ASYNC_IO) && !defined(WOLFSSL_ASYNC_CRYPT) + /* Free the remaining async context if not using it for crypto */ + FreeAsyncCtx(ssl, 1); +#endif #if defined(WOLFSSL_SESSION_EXPORT) && defined(WOLFSSL_DTLS) if (ssl->dtls_export) { diff --git a/src/tls13.c b/src/tls13.c index bb21dc7b3..a4a74d896 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -2330,16 +2330,23 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, int ret; BuildMsg13Args* args; BuildMsg13Args lcl_args; -#ifdef WOLFSSL_ASYNC_CRYPT - args = (BuildMsg13Args*)ssl->async.args; - WOLFSSL_ASSERT_SIZEOF_GE(ssl->async.args, *args); -#endif WOLFSSL_ENTER("BuildTls13Message"); #ifdef WOLFSSL_ASYNC_CRYPT ret = WC_NOT_PENDING_E; if (asyncOkay) { + WOLFSSL_ASSERT_SIZEOF_GE(ssl->async->args, *args); + + if (ssl->async == NULL) { + ssl->async = (struct WOLFSSL_ASYNC*) + XMALLOC(sizeof(struct WOLFSSL_ASYNC), ssl->heap, + DYNAMIC_TYPE_ASYNC); + if (ssl->async == NULL) + return MEMORY_E; + } + args = (BuildMsg13Args*)ssl->async->args; + ret = wolfSSL_AsyncPop(ssl, &ssl->options.buildMsgState); if (ret != WC_NOT_PENDING_E) { /* Check for error */ @@ -2366,7 +2373,8 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, args->idx = RECORD_HEADER_SZ; args->headerSz = RECORD_HEADER_SZ; #ifdef WOLFSSL_ASYNC_CRYPT - ssl->async.freeArgs = FreeBuildMsg13Args; + if (asyncOkay) + ssl->async->freeArgs = FreeBuildMsg13Args; #endif } @@ -2474,10 +2482,12 @@ exit_buildmsg: ret = args->sz; /* Final cleanup */ - FreeBuildMsg13Args(ssl, args); #ifdef WOLFSSL_ASYNC_CRYPT - ssl->async.freeArgs = NULL; + if (asyncOkay) + FreeAsyncCtx(ssl, 0); + else #endif + FreeBuildMsg13Args(ssl, args); return ret; } @@ -3054,8 +3064,8 @@ int SendTls13ClientHello(WOLFSSL* ssl) { int ret; #ifdef WOLFSSL_ASYNC_CRYPT - Sch13Args* args = (Sch13Args*)ssl->async.args; - WOLFSSL_ASSERT_SIZEOF_GE(ssl->async.args, *args); + Sch13Args* args = NULL; + WOLFSSL_ASSERT_SIZEOF_GE(ssl->async->args, *args); #else Sch13Args args[1]; #endif @@ -3092,6 +3102,16 @@ int SendTls13ClientHello(WOLFSSL* ssl) } #ifdef WOLFSSL_ASYNC_CRYPT + if (ssl->async == NULL) { + ssl->async = (struct WOLFSSL_ASYNC*) + XMALLOC(sizeof(struct WOLFSSL_ASYNC), ssl->heap, + DYNAMIC_TYPE_ASYNC); + if (ssl->async == NULL) + return MEMORY_E; + ssl->async->freeArgs = NULL; + } + args = (Sch13Args*)ssl->async->args; + ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState); if (ret != WC_NOT_PENDING_E) { /* Check for error */ @@ -3270,6 +3290,12 @@ int SendTls13ClientHello(WOLFSSL* ssl) ssl->buffers.outputBuffer.length += args->sendSz; + /* Advance state and proceed */ + ssl->options.asyncState = TLS_ASYNC_END; + /* case TLS_ASYNC_BUILD */ + FALL_THROUGH; + + case TLS_ASYNC_END: #ifdef WOLFSSL_EARLY_DATA_GROUP if (ssl->earlyData == no_early_data) #endif @@ -3281,6 +3307,11 @@ int SendTls13ClientHello(WOLFSSL* ssl) ret = INPUT_CASE_ERROR; } /* switch (ssl->options.asyncState) */ +#ifdef WOLFSSL_ASYNC_CRYPT + if (ret == 0) + FreeAsyncCtx(ssl, 0); +#endif + WOLFSSL_LEAVE("SendTls13ClientHello", ret); WOLFSSL_END(WC_FUNC_CLIENT_HELLO_SEND); @@ -3315,8 +3346,8 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, int ret; byte suite[2]; #ifdef WOLFSSL_ASYNC_CRYPT - Dsh13Args* args = (Dsh13Args*)ssl->async.args; - WOLFSSL_ASSERT_SIZEOF_GE(ssl->async.args, *args); + Dsh13Args* args = NULL; + WOLFSSL_ASSERT_SIZEOF_GE(ssl->async->args, *args); #else Dsh13Args args[1]; #endif @@ -3328,6 +3359,16 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return BAD_FUNC_ARG; #ifdef WOLFSSL_ASYNC_CRYPT + if (ssl->async == NULL) { + ssl->async = (struct WOLFSSL_ASYNC*) + XMALLOC(sizeof(struct WOLFSSL_ASYNC), ssl->heap, + DYNAMIC_TYPE_ASYNC); + if (ssl->async == NULL) + return MEMORY_E; + ssl->async->freeArgs = NULL; + } + args = (Dsh13Args*)ssl->async->args; + ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState); if (ret != WC_NOT_PENDING_E) { /* Check for error */ @@ -3667,6 +3708,11 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ret = INPUT_CASE_ERROR; } /* switch (ssl->options.asyncState) */ +#ifdef WOLFSSL_ASYNC_CRYPT + if (ret == 0) + FreeAsyncCtx(ssl, 0); +#endif + WOLFSSL_LEAVE("DoTls13ServerHello", ret); WOLFSSL_END(WC_FUNC_SERVER_HELLO_DO); @@ -4611,8 +4657,8 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, { int ret; #ifdef WOLFSSL_ASYNC_CRYPT - Dch13Args* args = (Dch13Args*)ssl->async.args; - WOLFSSL_ASSERT_SIZEOF_GE(ssl->async.args, *args); + Dch13Args* args = NULL; + WOLFSSL_ASSERT_SIZEOF_GE(ssl->async->args, *args); #else Dch13Args args[1]; #endif @@ -4621,6 +4667,15 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, WOLFSSL_ENTER("DoTls13ClientHello"); #ifdef WOLFSSL_ASYNC_CRYPT + if (ssl->async == NULL) { + ssl->async = (struct WOLFSSL_ASYNC*) + XMALLOC(sizeof(struct WOLFSSL_ASYNC), ssl->heap, + DYNAMIC_TYPE_ASYNC); + if (ssl->async == NULL) + ERROR_OUT(MEMORY_E, exit_dch); + } + args = (Dch13Args*)ssl->async->args; + ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState); if (ret != WC_NOT_PENDING_E) { /* Check for error */ @@ -4636,7 +4691,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->options.asyncState = TLS_ASYNC_BEGIN; XMEMSET(args, 0, sizeof(Dch13Args)); #ifdef WOLFSSL_ASYNC_CRYPT - ssl->async.freeArgs = FreeDch13Args; + ssl->async->freeArgs = FreeDch13Args; #endif } @@ -4967,6 +5022,9 @@ exit_dch: #endif FreeDch13Args(ssl, args); +#ifdef WOLFSSL_ASYNC_CRYPT + FreeAsyncCtx(ssl, 0); +#endif WOLFSSL_END(WC_FUNC_CLIENT_HELLO_DO); return ret; @@ -6057,8 +6115,8 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) int ret = 0; buffer* sig = &ssl->buffers.sig; #ifdef WOLFSSL_ASYNC_CRYPT - Scv13Args* args = (Scv13Args*)ssl->async.args; - WOLFSSL_ASSERT_SIZEOF_GE(ssl->async.args, *args); + Scv13Args* args = NULL; + WOLFSSL_ASSERT_SIZEOF_GE(ssl->async->args, *args); #else Scv13Args args[1]; #endif @@ -6067,6 +6125,15 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) WOLFSSL_ENTER("SendTls13CertificateVerify"); #ifdef WOLFSSL_ASYNC_CRYPT + if (ssl->async == NULL) { + ssl->async = (struct WOLFSSL_ASYNC*) + XMALLOC(sizeof(struct WOLFSSL_ASYNC), ssl->heap, + DYNAMIC_TYPE_ASYNC); + if (ssl->async == NULL) + ERROR_OUT(MEMORY_E, exit_scv); + } + args = (Scv13Args*)ssl->async->args; + ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState); if (ret != WC_NOT_PENDING_E) { /* Check for error */ @@ -6081,7 +6148,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) ssl->options.asyncState = TLS_ASYNC_BEGIN; XMEMSET(args, 0, sizeof(Scv13Args)); #ifdef WOLFSSL_ASYNC_CRYPT - ssl->async.freeArgs = FreeScv13Args; + ssl->async->freeArgs = FreeScv13Args; #endif } @@ -6437,6 +6504,10 @@ exit_scv: /* Final cleanup */ FreeScv13Args(ssl, args); FreeKeyExchange(ssl); +#ifdef WOLFSSL_ASYNC_IO + /* Cleanup async */ + FreeAsyncCtx(ssl, 0); +#endif return ret; } @@ -6532,8 +6603,8 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, int ret = 0; buffer* sig = &ssl->buffers.sig; #ifdef WOLFSSL_ASYNC_CRYPT - Dcv13Args* args = (Dcv13Args*)ssl->async.args; - WOLFSSL_ASSERT_SIZEOF_GE(ssl->async.args, *args); + Dcv13Args* args = NULL; + WOLFSSL_ASSERT_SIZEOF_GE(ssl->async->args, *args); #else Dcv13Args args[1]; #endif @@ -6542,6 +6613,15 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, WOLFSSL_ENTER("DoTls13CertificateVerify"); #ifdef WOLFSSL_ASYNC_CRYPT + if (ssl->async == NULL) { + ssl->async = (struct WOLFSSL_ASYNC*) + XMALLOC(sizeof(struct WOLFSSL_ASYNC), ssl->heap, + DYNAMIC_TYPE_ASYNC); + if (ssl->async == NULL) + ERROR_OUT(MEMORY_E, exit_dcv); + } + args = (Dcv13Args*)ssl->async->args; + ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState); if (ret != WC_NOT_PENDING_E) { /* Check for error */ @@ -6560,7 +6640,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, args->idx = *inOutIdx; args->begin = *inOutIdx; #ifdef WOLFSSL_ASYNC_CRYPT - ssl->async.freeArgs = FreeDcv13Args; + ssl->async->freeArgs = FreeDcv13Args; #endif } @@ -6920,6 +7000,10 @@ exit_dcv: /* Final cleanup */ FreeDcv13Args(ssl, args); FreeKeyExchange(ssl); +#ifdef WOLFSSL_ASYNC_IO + /* Cleanup async */ + FreeAsyncCtx(ssl, 0); +#endif return ret; } @@ -8651,6 +8735,9 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) WOLFSSL_MSG("connect state: " "Not advanced, more fragments to send"); } + #ifdef WOLFSSL_ASYNC_IO + FreeAsyncCtx(ssl, 0); + #endif } else { WOLFSSL_ERROR(ssl->error); @@ -8851,6 +8938,10 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) if (!ssl->options.keepResources) { FreeHandshakeResources(ssl); } + #if defined(WOLFSSL_ASYNC_IO) && !defined(WOLFSSL_ASYNC_CRYPT) + /* Free the remaining async context if not using it for crypto */ + FreeAsyncCtx(ssl, 1); + #endif WOLFSSL_LEAVE("wolfSSL_connect_TLSv13()", WOLFSSL_SUCCESS); return WOLFSSL_SUCCESS; @@ -9614,6 +9705,9 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) WOLFSSL_MSG("accept state: " "Advanced from last buffered fragment send"); } + #ifdef WOLFSSL_ASYNC_IO + FreeAsyncCtx(ssl, 0); + #endif } else { WOLFSSL_MSG("accept state: " @@ -9881,6 +9975,11 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) FreeHandshakeResources(ssl); } +#if defined(WOLFSSL_ASYNC_IO) && !defined(WOLFSSL_ASYNC_CRYPT) + /* Free the remaining async context if not using it for crypto */ + FreeAsyncCtx(ssl, 1); +#endif + WOLFSSL_LEAVE("SSL_accept()", WOLFSSL_SUCCESS); return WOLFSSL_SUCCESS; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index fd4cf6450..da9a9fda2 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1744,6 +1744,9 @@ WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl); WOLFSSL_LOCAL int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx); #endif #endif +#ifdef WOLFSSL_ASYNC_IO +WOLFSSL_LOCAL void FreeAsyncCtx(WOLFSSL* ssl, byte freeAsync); +#endif WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl); WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl); WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz); @@ -3766,6 +3769,10 @@ typedef struct Options { word16 startedETMRead:1; /* Doing Encrypt-Then-MAC read */ word16 startedETMWrite:1; /* Doing Encrypt-Then-MAC write */ #endif +#ifdef WOLFSSL_ASYNC_CRYPT + word16 buildArgsSet:1; /* buildArgs are set and need to + * be free'd */ +#endif /* need full byte values for this section */ byte processReply; /* nonblocking resume */ @@ -4212,11 +4219,8 @@ typedef struct BuildMsgArgs { typedef void (*FreeArgsCb)(struct WOLFSSL* ssl, void* pArgs); struct WOLFSSL_ASYNC { -#ifdef WOLFSSL_ASYNC_CRYPT - WC_ASYNC_DEV* dev; -#ifndef WOLFSSL_NO_TLS12 +#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WOLFSSL_NO_TLS12) BuildMsgArgs buildArgs; /* holder for current BuildMessage args */ -#endif #endif FreeArgsCb freeArgs; /* function pointer to cleanup args */ word32 args[MAX_ASYNC_ARGS]; /* holder for current args */ @@ -4298,9 +4302,12 @@ struct WOLFSSL { void* hsDoneCtx; /* user handshake cb context */ #endif #ifdef WOLFSSL_ASYNC_IO +#ifdef WOLFSSL_ASYNC_CRYPT + WC_ASYNC_DEV* asyncDev; +#endif /* Message building context should be stored here for functions that expect * to encounter encryption blocking or fragment the message. */ - struct WOLFSSL_ASYNC async; + struct WOLFSSL_ASYNC* async; #endif void* hsKey; /* Handshake key (RsaKey or ecc_key) allocated from heap */ word32 hsType; /* Type of Handshake key (hsKey) */