diff --git a/examples/client/client.c b/examples/client/client.c index 5fa85924c..f50f67fbb 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1124,7 +1124,7 @@ static int ClientWriteRead(WOLFSSL* ssl, const char* msg, int msgSz, /* 4. add the same message into Japanese section */ /* (will be translated later) */ /* 5. add printf() into suitable position of Usage() */ -static const char* client_usage_msg[][78] = { +static const char* client_usage_msg[][77] = { /* English */ { " NOTE: All files relative to wolfSSL home dir\n", /* 0 */ @@ -1244,11 +1244,11 @@ static const char* client_usage_msg[][78] = { " With 'm' at end indicates MUST staple\n", /* 42 */ #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS_OCSP_MULTI) " -W 1 -v 4, Perform multi OCSP stapling for TLS13\n", - /* 43 */ + /* 43 */ #endif #endif #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY) - "-U Atomic User Record Layer Callbacks\n", /* 45 */ + "-U Atomic User Record Layer Callbacks\n", /* 44 */ #endif #ifdef HAVE_PK_CALLBACKS "-P Public Key Callbacks\n", /* 45 */ @@ -1266,44 +1266,44 @@ static const char* client_usage_msg[][78] = { "-q Whitewood config file, defaults\n", /* 49 */ #endif "-H Internal tests" - " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 50 */ - " loadSSL, disallowETM]\n", /* 51 */ + " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n" + " loadSSL, disallowETM]\n", /* 50 */ #ifdef WOLFSSL_TLS13 - "-J Use HelloRetryRequest to choose group for KE\n", /* 52 */ - "-K Key Exchange for PSK not using (EC)DHE\n", /* 53 */ - "-I Update keys and IVs before sending data\n", /* 54 */ + "-J Use HelloRetryRequest to choose group for KE\n", /* 51 */ + "-K Key Exchange for PSK not using (EC)DHE\n", /* 52 */ + "-I Update keys and IVs before sending data\n", /* 53 */ #ifndef NO_DH - "-y Key Share with FFDHE named groups only\n", /* 55 */ + "-y Key Share with FFDHE named groups only\n", /* 54 */ #endif #ifdef HAVE_ECC - "-Y Key Share with ECC named groups only\n", /* 56 */ + "-Y Key Share with ECC named groups only\n", /* 55 */ #endif #endif /* WOLFSSL_TLS13 */ #ifdef HAVE_CURVE25519 - "-t Use X25519 for key exchange\n", /* 57 */ + "-t Use X25519 for key exchange\n", /* 56 */ #endif #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - "-Q Support requesting certificate post-handshake\n", /* 58 */ + "-Q Support requesting certificate post-handshake\n", /* 57 */ #endif #ifdef WOLFSSL_EARLY_DATA - "-0 Early data sent to server (0-RTT handshake)\n", /* 59 */ + "-0 Early data sent to server (0-RTT handshake)\n", /* 58 */ #endif #ifdef WOLFSSL_MULTICAST - "-3 Multicast, grpid < 256\n", /* 60 */ + "-3 Multicast, grpid < 256\n", /* 59 */ #endif "-1 Display a result by specified language.\n" - " 0: English, 1: Japanese\n", /* 61 */ + " 0: English, 1: Japanese\n", /* 60 */ #if !defined(NO_DH) && !defined(HAVE_FIPS) && \ !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK) - "-2 Disable DH Prime check\n", /* 62 */ + "-2 Disable DH Prime check\n", /* 61 */ #endif #ifdef HAVE_SECURE_RENEGOTIATION - "-4 Use resumption for renegotiation\n", /* 63 */ + "-4 Use resumption for renegotiation\n", /* 62 */ #endif #ifdef HAVE_TRUSTED_CA - "-5 Use Trusted CA Key Indication\n", /* 64 */ + "-5 Use Trusted CA Key Indication\n", /* 63 */ #endif - "-6 Simulate WANT_WRITE errors on every other IO send\n", + "-6 Simulate WANT_WRITE errors on every other IO send\n", /* 64 */ #ifdef HAVE_CURVE448 "-8 Use X448 for key exchange\n", /* 65 */ #endif @@ -1311,47 +1311,47 @@ static const char* client_usage_msg[][78] = { (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) "-9 Use hash dir look up for certificate loading\n" - " loading from /certs folder\n" - " files in the folder would have the form \"hash.N\" file name\n" - " e.g symbolic link to the file at certs folder\n" - " ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n", - /* 67 */ + " loading from /certs folder\n" + " files in the folder would have the form \"hash.N\" file name\n" + " e.g symbolic link to the file at certs folder\n" + " ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n", + /* 66 */ #endif #if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \ !defined(WOLFSENTRY_NO_JSON) "--wolfsentry-config Path for JSON wolfSentry config\n", - /* 68 */ + /* 67 */ #endif #ifndef WOLFSSL_TLS13 "-7 Set minimum downgrade protocol version [0-3] " " SSLv3(0) - TLS1.2(3)\n", #else "-7 Set minimum downgrade protocol version [0-4] " - " SSLv3(0) - TLS1.3(4)\n", /* 69 */ + " SSLv3(0) - TLS1.3(4)\n", /* 68 */ #endif #ifdef HAVE_PQC "--pqc Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n" - " KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 70 */ + " KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 69 */ #endif #ifdef WOLFSSL_SRTP - "--srtp (default is SRTP_AES128_CM_SHA1_80)\n", /* 71 */ + "--srtp (default is SRTP_AES128_CM_SHA1_80)\n", /* 70 */ #endif #ifdef WOLFSSL_SYS_CA_CERTS - "--sys-ca-certs Load system CA certs for server cert verification\n", /* 72 */ + "--sys-ca-certs Load system CA certs for server cert verification\n", /* 71 */ #endif #ifdef HAVE_SUPPORTED_CURVES - "--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 73 */ + "--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 72 */ #endif #ifndef NO_PSK - "--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 74 */ + "--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 73 */ #endif #ifdef HAVE_RPK - "--rpk Use RPK for the defined certificates\n", /* 75 */ + "--rpk Use RPK for the defined certificates\n", /* 74 */ #endif - "--files-are-der Specified files are in DER, not PEM format\n", /* 76 */ + "--files-are-der Specified files are in DER, not PEM format\n", /* 75 */ "\n" "For simpler wolfSSL TLS client examples, visit\n" - "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 77 */ + "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 76 */ NULL, }, #ifndef NO_MULTIBYTE_PRINT @@ -1499,45 +1499,45 @@ static const char* client_usage_msg[][78] = { "-q Whitewood コンフィグファイル, 既定値\n", /* 49 */ #endif "-H 内部テスト" - " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 50 */ - " loadSSL, disallowETM]\n", /* 51 */ + " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n" + " loadSSL, disallowETM]\n", /* 50 */ #ifdef WOLFSSL_TLS13 - "-J HelloRetryRequestをKEのグループ選択に使用する\n", /* 52 */ - "-K 鍵交換にPSKを使用、(EC)DHEは使用しない\n", /* 53 */ - "-I データ送信前に、鍵とIVを更新する\n", /* 54 */ + "-J HelloRetryRequestをKEのグループ選択に使用する\n", /* 51 */ + "-K 鍵交換にPSKを使用、(EC)DHEは使用しない\n", /* 52 */ + "-I データ送信前に、鍵とIVを更新する\n", /* 53 */ #ifndef NO_DH - "-y FFDHE名前付きグループとの鍵共有のみ\n", /* 55 */ + "-y FFDHE名前付きグループとの鍵共有のみ\n", /* 54 */ #endif #ifdef HAVE_ECC - "-Y ECC名前付きグループとの鍵共有のみ\n", /* 56 */ + "-Y ECC名前付きグループとの鍵共有のみ\n", /* 55 */ #endif #endif /* WOLFSSL_TLS13 */ #ifdef HAVE_CURVE25519 - "-t X25519を鍵交換に使用する\n", /* 57 */ + "-t X25519を鍵交換に使用する\n", /* 56 */ #endif #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - "-Q ポストハンドシェークの証明要求をサポートする\n", /* 58 */ + "-Q ポストハンドシェークの証明要求をサポートする\n", /* 57 */ #endif #ifdef WOLFSSL_EARLY_DATA "-0 Early data をサーバーへ送信する" - "(0-RTTハンドシェイク)\n", /* 59 */ + "(0-RTTハンドシェイク)\n", /* 58 */ #endif #ifdef WOLFSSL_MULTICAST - "-3 マルチキャスト, grpid < 256\n", /* 60 */ + "-3 マルチキャスト, grpid < 256\n", /* 59 */ #endif "-1 指定された言語で結果を表示します。\n" - " 0: 英語、 1: 日本語\n", /* 61 */ + " 0: 英語、 1: 日本語\n", /* 60 */ #if !defined(NO_DH) && !defined(HAVE_FIPS) && \ !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK) - "-2 DHプライム番号チェックを無効にする\n", /* 62 */ + "-2 DHプライム番号チェックを無効にする\n", /* 61 */ #endif #ifdef HAVE_SECURE_RENEGOTIATION - "-4 再交渉に再開を使用\n", /* 63 */ + "-4 再交渉に再開を使用\n", /* 62 */ #endif #ifdef HAVE_TRUSTED_CA - "-5 信頼できる認証局の鍵表示を使用する\n", /* 64 */ + "-5 信頼できる認証局の鍵表示を使用する\n", /* 63 */ #endif - "-6 WANT_WRITE エラーを全てのIO 送信でシミュレートします\n", + "-6 WANT_WRITE エラーを全てのIO 送信でシミュレートします\n", /* 64 */ #ifdef HAVE_CURVE448 "-8 鍵交換に X448 を使用する\n", /* 65 */ #endif @@ -1549,44 +1549,44 @@ static const char* client_usage_msg[][78] = { " フォルダー中のファイルは、\"hash.N\"[N:0-9]名である必要があります\n" " 以下の例ではca-cert.pemにシンボリックリンクを設定します\n" " ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n", - /* 67 */ + /* 66 */ #endif #if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \ !defined(WOLFSENTRY_NO_JSON) "--wolfsentry-config wolfSentry コンフィグファイル\n", - /* 68 */ + /* 67 */ #endif #ifndef WOLFSSL_TLS13 "-7 最小ダウングレード可能なプロトコルバージョンを設定します [0-3] " " SSLv3(0) - TLS1.2(3)\n", #else "-7 最小ダウングレード可能なプロトコルバージョンを設定します [0-4] " - " SSLv3(0) - TLS1.3(4)\n", /* 69 */ + " SSLv3(0) - TLS1.3(4)\n", /* 68 */ #endif #ifdef HAVE_PQC "--pqc post-quantum 名前付きグループとの鍵共有のみ [KYBER_LEVEL1, KYBER_LEVEL3,\n" - " KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 70 */ + " KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 69 */ #endif #ifdef WOLFSSL_SRTP - "--srtp (デフォルトは SRTP_AES128_CM_SHA1_80)\n", /* 71 */ + "--srtp (デフォルトは SRTP_AES128_CM_SHA1_80)\n", /* 70 */ #endif #ifdef WOLFSSL_SYS_CA_CERTS - "--sys-ca-certs Load system CA certs for server cert verification\n", /* 72 */ + "--sys-ca-certs Load system CA certs for server cert verification\n", /* 71 */ #endif #ifdef HAVE_SUPPORTED_CURVES - "--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 73 */ + "--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 72 */ #endif #ifndef NO_PSK - "--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 74 */ + "--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 73 */ #endif #ifdef HAVE_RPK - "--rpk Use RPK for the defined certificates\n", /* 75 */ + "--rpk Use RPK for the defined certificates\n", /* 74 */ #endif - "--files-are-der Specified files are in DER, not PEM format\n", /* 76 */ + "--files-are-der Specified files are in DER, not PEM format\n", /* 75 */ "\n" "より簡単なwolfSSL TLS クライアントの例については" "下記にアクセスしてください\n" - "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 77 */ + "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 76 */ NULL, }, #endif diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 2762f8571..193b216dc 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -11299,7 +11299,6 @@ int wc_AesCcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz, #endif /* HAVE_AESCCM */ -#ifndef WOLFSSL_NO_MALLOC Aes* wc_AesNew(void* heap, int devId) { Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES); @@ -11314,7 +11313,6 @@ Aes* wc_AesNew(void* heap, int devId) } return aes; } -#endif /* Initialize Aes for use with async hardware */ int wc_AesInit(Aes* aes, void* heap, int devId) @@ -11451,18 +11449,14 @@ int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId) void wc_AesFree(Aes* aes) { void* heap; -#ifndef WOLFSSL_NO_MALLOC byte isAllocated; -#endif if (aes == NULL) { return; } -#ifndef WOLFSSL_NO_MALLOC heap = aes->heap; isAllocated = aes->isAllocated; -#endif #ifdef WC_DEBUG_CIPHER_LIFECYCLE (void)wc_debug_CipherLifecycleFree(&aes->CipherLifecycleTag, heap, 1); @@ -11531,12 +11525,9 @@ void wc_AesFree(Aes* aes) wc_MemZero_Check(aes, sizeof(Aes)); #endif -#ifndef WOLFSSL_NO_MALLOC if (isAllocated) { XFREE(aes, heap, DYNAMIC_TYPE_AES); } -#endif - (void)heap; } diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index c830d7a91..610b4b69d 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -2979,7 +2979,11 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) primeCheckCount = 0; int primeCheck = MP_NO, ret = 0; +#ifdef WOLFSSL_NO_MALLOC + unsigned char buf[DH_MAX_SIZE / WOLFSSL_BIT_SIZE]; +#else unsigned char *buf = NULL; +#endif #if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC) XMEMSET(tmp, 0, sizeof(tmp)); @@ -3029,11 +3033,16 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) if (ret == 0) { bufSz = (word32)modSz - groupSz; +#ifdef WOLFSSL_NO_MALLOC + if (bufSz > sizeof(buf)) + ret = MEMORY_E; +#else /* allocate ram */ buf = (unsigned char *)XMALLOC(bufSz, dh->heap, DYNAMIC_TYPE_TMP_BUFFER); if (buf == NULL) ret = MEMORY_E; +#endif } /* make a random string that will be multiplied against q */ @@ -3167,11 +3176,16 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) RESTORE_VECTOR_REGISTERS(); - if (buf != NULL) { +#ifndef WOLFSSL_NO_MALLOC + if (buf != NULL) +#endif + { ForceZero(buf, bufSz); +#ifndef WOLFSSL_NO_MALLOC if (dh != NULL) { XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER); } +#endif } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index ee4ea34af..9da876df9 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -4092,23 +4092,23 @@ static int wc_ecc_new_point_ex(ecc_point** point, void* heap) } p = *point; -#ifndef WOLFSSL_NO_MALLOC if (p == NULL) { p = (ecc_point*)XMALLOC(sizeof(ecc_point), heap, DYNAMIC_TYPE_ECC); } -#endif if (p == NULL) { return MEMORY_E; } XMEMSET(p, 0, sizeof(ecc_point)); + if (*point == NULL) + p->isAllocated = 1; + #ifndef ALT_ECC_SIZE err = mp_init_multi(p->x, p->y, p->z, NULL, NULL, NULL); if (err != MP_OKAY) { WOLFSSL_MSG("mp_init_multi failed."); - #ifndef WOLFSSL_NO_MALLOC - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif + if (p->isAllocated) + XFREE(p, heap, DYNAMIC_TYPE_ECC); p = NULL; } #else @@ -4148,9 +4148,8 @@ static void wc_ecc_del_point_ex(ecc_point* p, void* heap) mp_clear(p->x); mp_clear(p->y); mp_clear(p->z); - #ifndef WOLFSSL_NO_MALLOC - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif + if (p->isAllocated) + XFREE(p, heap, DYNAMIC_TYPE_ECC); } (void)heap; } @@ -12441,6 +12440,9 @@ static const struct { /* find a hole and free as required, return -1 if no hole found */ static int find_hole(void) { +#ifdef WOLFSSL_NO_MALLOC + return -1; +#else int x, y, z; for (z = -1, y = INT_MAX, x = 0; x < FP_ENTRIES; x++) { if (fp_cache[x].lru_count < y && fp_cache[x].lock == 0) { @@ -12469,6 +12471,7 @@ static int find_hole(void) fp_cache[z].lru_count = 0; } return z; +#endif /* !WOLFSSL_NO_MALLOC */ } /* determine if a base is already in the cache and if so, where */ diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index c9386f17f..a00045388 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -1026,16 +1026,13 @@ int wc_ed25519_init(ed25519_key* key) void wc_ed25519_free(ed25519_key* key) { void* heap; -#ifndef WOLFSSL_NO_MALLOC byte isAllocated = 0; -#endif + if (key == NULL) return; -#ifndef WOLFSSL_NO_MALLOC heap = key->heap; isAllocated = key->isAllocated; -#endif #ifdef WOLFSSL_ED25519_PERSISTENT_SHA ed25519_hash_free(key, &key->sha); @@ -1050,12 +1047,10 @@ void wc_ed25519_free(ed25519_key* key) wc_MemZero_Check(key, sizeof(ed25519_key)); #endif -#ifndef WOLFSSL_NO_MALLOC if (isAllocated) { XFREE(key, heap, DYNAMIC_TYPE_ED25519); + (void)heap; } -#endif - (void)heap; } diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index d727171d8..4249c39ea 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -712,9 +712,7 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, if (hash == NULL) return BAD_FUNC_ARG; -#ifndef WOLFSSL_NO_MALLOC hash->isAllocated = 0; -#endif hash->type = type; switch (type) { @@ -1046,13 +1044,11 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) { int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */ void* heap = NULL; -#ifndef WOLFSSL_NO_MALLOC byte isAllocated = 0; -#endif + if (hash == NULL) return BAD_FUNC_ARG; - #ifdef DEBUG_WOLFSSL if (hash->type != type) { WOLFSSL_MSG("Hash free type mismatch!"); @@ -1060,9 +1056,7 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) } #endif -#ifndef WOLFSSL_NO_MALLOC isAllocated = hash->isAllocated; -#endif switch (type) { case WC_HASH_TYPE_MD5: @@ -1178,12 +1172,10 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) ret = BAD_FUNC_ARG; }; -#ifndef WOLFSSL_NO_MALLOC if (isAllocated) { XFREE(hash, heap, DYNAMIC_TYPE_HASHES); + (void)heap; } -#endif - (void)heap; return ret; } diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index 164dc9571..75d03895e 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -32,6 +32,7 @@ #endif #include +#include /* Possible memory options: diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index b77e9de17..ae9429cb2 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -4040,8 +4040,14 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, byte* digest; RsaKey* key; DecodedCert* dCert; +#else +#ifdef WOLFSSL_NO_MALLOC + byte digest[RSA_MAX_SIZE / WOLFSSL_BIT_SIZE]; /* accessed in-place with size + * key->dataLen + */ #else byte digest[MAX_PKCS7_DIGEST_SZ]; +#endif RsaKey key[1]; DecodedCert stack_dCert; DecodedCert* dCert = &stack_dCert; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index df7b53af9..d94611f7b 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -2652,7 +2652,7 @@ static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz, #ifndef WOLFSSL_NO_MALLOC byte* pem; #else - byte pem[1024]; + byte pem[2048]; #endif int pemSz; @@ -2668,28 +2668,36 @@ static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz, } #else if (pemSz > (int)sizeof(pem)) - return BAD_FUNC_ARG; + return WC_TEST_RET_ENC_EC(BAD_FUNC_ARG); #endif /* Convert to PEM */ pemSz = wc_DerToPem(der, (word32)derSz, pem, (word32)pemSz, pemType); if (pemSz < 0) { + #ifndef WOLFSSL_NO_MALLOC XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif return WC_TEST_RET_ENC(calling_line, 4, WC_TEST_RET_TAG_I); } #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) pemFile = XFOPEN(filePem, "wb"); if (!pemFile) { + #ifndef WOLFSSL_NO_MALLOC XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif return WC_TEST_RET_ENC(calling_line, 5, WC_TEST_RET_TAG_I); } ret = (int)XFWRITE(pem, 1, (size_t)pemSz, pemFile); XFCLOSE(pemFile); if (ret != pemSz) { + #ifndef WOLFSSL_NO_MALLOC XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif return WC_TEST_RET_ENC(calling_line, 6, WC_TEST_RET_TAG_I); } #endif + #ifndef WOLFSSL_NO_MALLOC XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif } #endif /* WOLFSSL_DER_TO_PEM */ @@ -18163,7 +18171,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #ifdef WOLFSSL_CERT_GEN static const char* rsaCaCertFile = CERT_ROOT "ca-cert.pem"; #endif - #if defined(WOLFSSL_ALT_NAMES) || defined(HAVE_PKCS7) + #if (defined(WOLFSSL_ALT_NAMES) && !defined(WOLFSSL_NO_MALLOC)) || \ + defined(HAVE_PKCS7) static const char* rsaCaCertDerFile = CERT_ROOT "ca-cert.der"; #endif #ifdef HAVE_PKCS7 @@ -18208,7 +18217,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #ifndef NO_RSA static const char* eccKeyPubFileDer = CERT_ROOT "ecc-keyPub.der"; #endif - #ifndef NO_ASN_TIME + #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC) static const char* eccCaKeyFile = CERT_ROOT "ca-ecc-key.der"; static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem"; #ifdef ENABLE_ECC384_CERT_GEN_TEST @@ -18264,7 +18273,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #ifndef NO_WRITE_TEMP_FILES #ifdef HAVE_ECC #ifndef NO_ECC_SECP - #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) + #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \ + !defined(WOLFSSL_NO_MALLOC) static const char* certEccPemFile = CERT_WRITE_TEMP_DIR "certecc.pem"; static const char* certEccDerFile = CERT_WRITE_TEMP_DIR "certecc.der"; #endif @@ -18286,7 +18296,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #endif /* HAVE_ECC */ #ifndef NO_RSA - #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) + #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \ + !defined(WOLFSSL_NO_MALLOC) static const char* otherCertDerFile = CERT_WRITE_TEMP_DIR "othercert.der"; static const char* certDerFile = CERT_WRITE_TEMP_DIR "cert.der"; static const char* otherCertPemFile = CERT_WRITE_TEMP_DIR "othercert.pem"; @@ -20482,7 +20493,7 @@ exit_rsa_even_mod: } #endif /* WOLFSSL_HAVE_SP_RSA */ -#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC) static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -21969,7 +21980,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) goto exit_rsa; #endif -#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \ + !defined(WOLFSSL_NO_MALLOC) /* Make Cert / Sign example for RSA cert and RSA CA */ ret = rsa_certgen_test(key, keypub, &rng, tmp); if (ret != 0) @@ -32579,7 +32591,8 @@ static int test_sm2_verify(void) #endif /* WOLFSSL_SM2 */ -#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && !defined(NO_ASN_TIME) +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && \ + !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC) /* Make Cert / Sign example for ECC cert and ECC CA */ static wc_test_ret_t ecc_test_cert_gen(WC_RNG* rng) @@ -33616,7 +33629,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void) #elif defined(HAVE_ECC_KEY_IMPORT) (void)ecc_test_make_pub; /* for compiler warning */ #endif -#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && !defined(NO_ASN_TIME) +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && \ + !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC) ret = ecc_test_cert_gen(&rng); if (ret != 0) { printf("ecc_test_cert_gen failed!\n"); @@ -33651,6 +33665,8 @@ done: #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \ (defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256)) +#if !defined(WOLFSSL_NO_MALLOC) + #if ((! defined(HAVE_FIPS)) || FIPS_VERSION_GE(5,3)) /* maximum encrypted message: * msgSz (14) + pad (2) + pubKeySz(1+66*2) + ivSz(16) + digestSz(32) = 197 */ @@ -33769,6 +33785,8 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b) } #endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */ +#endif /* !WOLFSSL_NO_MALLOC */ + /* ecc_encrypt_e2e_test() uses wc_ecc_ctx_set_algo(), which was added in * wolfFIPS 5.3. * ecc_encrypt_kat() is used only by ecc_encrypt_e2e_test(). @@ -34011,6 +34029,7 @@ static wc_test_ret_t ecc_encrypt_kat(WC_RNG *rng) } #endif +#ifndef WOLFSSL_NO_MALLOC static wc_test_ret_t ecc_encrypt_e2e_test(WC_RNG* rng, ecc_key* userA, ecc_key* userB, byte encAlgo, byte kdfAlgo, byte macAlgo) { @@ -34279,6 +34298,7 @@ done: return ret; } +#endif #endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */ @@ -34354,7 +34374,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void) #if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) -#if !defined(NO_AES) && defined(HAVE_AES_CBC) +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(WOLFSSL_NO_MALLOC) #ifdef WOLFSSL_AES_128 if (ret == 0) { ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CBC, @@ -34390,7 +34410,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void) } #endif #endif -#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) +#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && !defined(WOLFSSL_NO_MALLOC) #ifdef WOLFSSL_AES_128 if (ret == 0) { ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CTR, @@ -34410,7 +34430,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void) } #endif #endif /* !NO_AES && WOLFSSL_AES_COUNTER */ -#if !defined(NO_AES) && defined(HAVE_AES_CBC) +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(WOLFSSL_NO_MALLOC) if (ret == 0) { ret = ecc_ctx_kdf_salt_test(&rng, userA, userB); } @@ -37869,15 +37889,20 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void) /* test api for import/exporting keys */ { - byte *exportPKey = NULL; - byte *exportSKey = NULL; word32 exportPSz = ED448_KEY_SIZE; word32 exportSSz = ED448_KEY_SIZE; +#ifdef WOLFSSL_NO_MALLOC + byte exportPKey[exportPSz]; + byte exportSKey[exportSSz]; +#else + byte *exportPKey = NULL; + byte *exportSKey = NULL; exportPKey = (byte *)XMALLOC(exportPSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); exportSKey = (byte *)XMALLOC(exportSSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if ((exportPKey == NULL) || (exportSKey == NULL)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif ret = 0; @@ -37913,8 +37938,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void) } } while(0); + #ifndef WOLFSSL_NO_MALLOC XFREE(exportPKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(exportSKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif if (ret != 0) goto out; diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index 4a607aaa8..5975ab9b4 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -467,6 +467,7 @@ struct ecc_point { #if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_ECC_NO_SMALL_STACK) ecc_key* key; #endif + byte isAllocated:1; }; /* ECC Flags */ diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 6735d02a6..ee00f7f82 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -511,7 +511,7 @@ typedef struct w64wrapper { #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK #define XFREE(p, h, t) m2mb_os_free(xp) #else - #define XFREE(p, h, t) {void* xp = (p); if (xp) m2mb_os_free(xp);} + #define XFREE(p, h, t) do { void* xp = (p); if (xp) m2mb_os_free(xp); } while (0) #endif #define XREALLOC(p, n, h, t) m2mb_os_realloc((p), (n)) @@ -527,11 +527,11 @@ typedef struct w64wrapper { return NULL; }; #define XMALLOC(s, h, t) ((void)(h), (void)(t), malloc_check((s))) - #define XFREE(p, h, t) (void)(h); (void)(t) + #define XFREE(p, h, t) do { (void)(h); (void)(t); } while (0) #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), NULL) #else #define XMALLOC(s, h, t) ((void)(s), (void)(h), (void)(t), NULL) - #define XFREE(p, h, t) (void)(p); (void)(h); (void)(t) + #define XFREE(p, h, t) do { (void)(p); (void)(h); (void)(t); } while(0) #define XREALLOC(p, n, h, t) ((void)(p), (void)(n), (void)(h), (void)(t), NULL) #endif #else @@ -539,9 +539,9 @@ typedef struct w64wrapper { #include #define XMALLOC(s, h, t) ((void)(h), (void)(t), malloc((size_t)(s))) #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK - #define XFREE(p, h, t) ((void)(h), (void)(t), free(p)) + #define XFREE(p, h, t) do { (void)(h); (void)(t); free(p); } while (0) #else - #define XFREE(p, h, t) {void* xp = (p); (void)(h); if (xp) free(xp);} + #define XFREE(p, h, t) do { void* xp = (p); (void)(h); if (xp) free(xp); } while (0) #endif #define XREALLOC(p, n, h, t) \ ((void)(h), (void)(t), realloc((p), (size_t)(n))) @@ -565,7 +565,7 @@ typedef struct w64wrapper { #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK #define XFREE(p, h, t) wolfSSL_Free(xp, h, t, __func__, __LINE__) #else - #define XFREE(p, h, t) {void* xp = (p); if (xp) wolfSSL_Free(xp, h, t, __func__, __LINE__);} + #define XFREE(p, h, t) do { void* xp = (p); if (xp) wolfSSL_Free(xp, h, t, __func__, __LINE__); } while (0) #endif #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t), __func__, __LINE__) #else @@ -573,7 +573,7 @@ typedef struct w64wrapper { #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK #define XFREE(p, h, t) wolfSSL_Free(xp, h, t) #else - #define XFREE(p, h, t) {void* xp = (p); if (xp) wolfSSL_Free(xp, h, t);} + #define XFREE(p, h, t) do { void* xp = (p); if (xp) wolfSSL_Free(xp, h, t); } while (0) #endif #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t)) #endif /* WOLFSSL_DEBUG_MEMORY */ @@ -585,23 +585,25 @@ typedef struct w64wrapper { #ifdef WOLFSSL_DEBUG_MEMORY #define XMALLOC(s, h, t) ((void)(h), (void)(t), wolfSSL_Malloc((s), __func__, __LINE__)) #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK - #define XFREE(p, h, t) ((void)(h), (void)(t), wolfSSL_Free(xp, __func__, __LINE__)) + #define XFREE(p, h, t) do { (void)(h); (void)(t); wolfSSL_Free(xp, __func__, __LINE__); } while (0) #else - #define XFREE(p, h, t) {void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp, __func__, __LINE__);} + #define XFREE(p, h, t) do { void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp, __func__, __LINE__); } while (0) #endif #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), wolfSSL_Realloc((p), (n), __func__, __LINE__)) #else #define XMALLOC(s, h, t) ((void)(h), (void)(t), wolfSSL_Malloc((s))) #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK - #define XFREE(p, h, t) ((void)(h), (void)(t), wolfSSL_Free(p)) + #define XFREE(p, h, t) do { (void)(h); (void)(t); wolfSSL_Free(p); } while (0) #else - #define XFREE(p, h, t) {void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp);} + #define XFREE(p, h, t) do { void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp); } while (0) #endif #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), wolfSSL_Realloc((p), (n))) #endif /* WOLFSSL_DEBUG_MEMORY */ #endif /* WOLFSSL_STATIC_MEMORY */ #endif + #include + /* declare/free variable handling for async and smallstack */ #ifndef WC_ALLOC_DO_ON_FAILURE #define WC_ALLOC_DO_ON_FAILURE() WC_DO_NOTHING @@ -943,8 +945,7 @@ typedef struct w64wrapper { WOLFSSL_API int wc_strncasecmp(const char *s1, const char *s2, size_t n); #endif - #if !defined(XSTRDUP) && !defined(USE_WOLF_STRDUP) &&\ - !defined (WOLFSSL_NO_MALLOC) + #if !defined(XSTRDUP) && !defined(USE_WOLF_STRDUP) #define USE_WOLF_STRDUP #endif #ifdef USE_WOLF_STRDUP