diff --git a/src/internal.c b/src/internal.c index 73a66cce9..37dc505cd 100644 --- a/src/internal.c +++ b/src/internal.c @@ -25908,7 +25908,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, * parse DN name */ #ifdef WOLFSSL_SMALL_STACK DecodedCert *cert = (DecodedCert *)XMALLOC( - sizeof(*cert), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + sizeof(*cert), ssl->heap, DYNAMIC_TYPE_DCERT); if (cert == NULL) return MEMORY_ERROR; #else @@ -25917,28 +25917,29 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, InitDecodedCert(cert, input + *inOutIdx, dnSz, ssl->heap); - do { - if ((ret = GetName(cert, SUBJECT, dnSz)) != 0) { - break; - } + ret = GetName(cert, SUBJECT, dnSz); - if ((name = wolfSSL_X509_NAME_new()) == NULL) { + if (ret == 0) { + if ((name = wolfSSL_X509_NAME_new()) == NULL) ret = MEMORY_ERROR; - break; - } + } + if (ret == 0) { CopyDecodedName(name, cert, SUBJECT); + } + if (ret == 0) { if (wolfSSL_sk_X509_NAME_push(ssl->ca_names, name) == WOLFSSL_FAILURE) { ret = MEMORY_ERROR; - break; } - } while (0); + } + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT); #endif if (ret != 0) { if (name != NULL) diff --git a/src/ocsp.c b/src/ocsp.c index 8dcf3769c..e31ef23f7 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -599,10 +599,7 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id( int ret = -1; DerBuffer* derCert = NULL; #ifdef WOLFSSL_SMALL_STACK - DecodedCert *cert = (DecodedCert *)XMALLOC(sizeof(*cert), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (cert == NULL) - return NULL; + DecodedCert *cert = NULL; #else DecodedCert cert[1]; #endif @@ -615,6 +612,12 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id( || issuer == NULL || issuer->derCert == NULL) goto out; +#ifdef WOLFSSL_SMALL_STACK + cert = (DecodedCert *)XMALLOC(sizeof(*cert), cm->heap, DYNAMIC_TYPE_DCERT); + if (cert == NULL) + goto out; +#endif + ret = AllocDer(&derCert, issuer->derCert->length, issuer->derCert->type, NULL); if (ret == 0) { @@ -625,16 +628,17 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id( if (ret != WOLFSSL_SUCCESS) { goto out; } + derCert = NULL; } ret = -1; - certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(WOLFSSL_OCSP_CERTID), NULL, - DYNAMIC_TYPE_OPENSSL); + certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(WOLFSSL_OCSP_CERTID), + cm->heap, DYNAMIC_TYPE_OPENSSL); if (certId == NULL) goto out; - certStatus = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL, + certStatus = (CertStatus*)XMALLOC(sizeof(CertStatus), cm->heap, DYNAMIC_TYPE_OPENSSL); if (certStatus == NULL) goto out; @@ -662,21 +666,25 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id( out: + if (ret != 0) { + if (derCert != NULL) + FreeDer(&derCert); + if (certId != NULL) + XFREE(certId, cm->heap, DYNAMIC_TYPE_OPENSSL); + if (certStatus) + XFREE(certStatus, cm->heap, DYNAMIC_TYPE_OPENSSL); + return NULL; + } + +#ifdef WOLFSSL_SMALL_STACK + if (cert != NULL) + XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT); +#endif + if (cm != NULL) wolfSSL_CertManagerFree(cm); -#ifdef WOLFSSL_SMALL_STACK - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - if (ret != 0) { - if (certId != NULL) - XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL); - if (certStatus) - XFREE(certStatus, NULL, DYNAMIC_TYPE_OPENSSL); - return NULL; - } else - return certId; + return certId; } void wolfSSL_OCSP_BASICRESP_free(WOLFSSL_OCSP_BASICRESP* basicResponse) @@ -691,8 +699,9 @@ int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs, { int ret; #ifdef WOLFSSL_SMALL_STACK - DecodedCert *cert = (DecodedCert *)XMALLOC(sizeof(*cert), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DecodedCert *cert = (DecodedCert *) + XMALLOC(sizeof(*cert), (st && st->cm) ? st->cm->heap : NULL, + DYNAMIC_TYPE_DCERT); if (cert == NULL) return WOLFSSL_FAILURE; #else @@ -722,7 +731,7 @@ int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs, out: #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, (st && st->cm) ? st->cm->heap : NULL, DYNAMIC_TYPE_DCERT); #endif return ret; diff --git a/src/pk.c b/src/pk.c index 18c79b65e..aff129669 100644 --- a/src/pk.c +++ b/src/pk.c @@ -6501,7 +6501,7 @@ int wolfSSL_DH_size(WOLFSSL_DH* dh) */ WOLFSSL_BIGNUM* wolfSSL_DH_768_prime(WOLFSSL_BIGNUM* bn) { - const char prm[] = { + static const char prm[] = { "FFFFFFFFFFFFFFFFC90FDAA22168C234" "C4C6628B80DC1CD129024E088A67CC74" "020BBEA63B139B22514A08798E3404DD" @@ -6529,7 +6529,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_768_prime(WOLFSSL_BIGNUM* bn) */ WOLFSSL_BIGNUM* wolfSSL_DH_1024_prime(WOLFSSL_BIGNUM* bn) { - const char prm[] = { + static const char prm[] = { "FFFFFFFFFFFFFFFFC90FDAA22168C234" "C4C6628B80DC1CD129024E088A67CC74" "020BBEA63B139B22514A08798E3404DD" @@ -6559,7 +6559,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_1024_prime(WOLFSSL_BIGNUM* bn) */ WOLFSSL_BIGNUM* wolfSSL_DH_1536_prime(WOLFSSL_BIGNUM* bn) { - const char prm[] = { + static const char prm[] = { "FFFFFFFFFFFFFFFFC90FDAA22168C234" "C4C6628B80DC1CD129024E088A67CC74" "020BBEA63B139B22514A08798E3404DD" @@ -6593,7 +6593,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_1536_prime(WOLFSSL_BIGNUM* bn) */ WOLFSSL_BIGNUM* wolfSSL_DH_2048_prime(WOLFSSL_BIGNUM* bn) { - const char prm[] = { + static const char prm[] = { "FFFFFFFFFFFFFFFFC90FDAA22168C234" "C4C6628B80DC1CD129024E088A67CC74" "020BBEA63B139B22514A08798E3404DD" @@ -6631,7 +6631,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_2048_prime(WOLFSSL_BIGNUM* bn) */ WOLFSSL_BIGNUM* wolfSSL_DH_3072_prime(WOLFSSL_BIGNUM* bn) { - const char prm[] = { + static const char prm[] = { "FFFFFFFFFFFFFFFFC90FDAA22168C234" "C4C6628B80DC1CD129024E088A67CC74" "020BBEA63B139B22514A08798E3404DD" @@ -6677,7 +6677,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_3072_prime(WOLFSSL_BIGNUM* bn) */ WOLFSSL_BIGNUM* wolfSSL_DH_4096_prime(WOLFSSL_BIGNUM* bn) { - const char prm[] = { + static const char prm[] = { "FFFFFFFFFFFFFFFFC90FDAA22168C234" "C4C6628B80DC1CD129024E088A67CC74" "020BBEA63B139B22514A08798E3404DD" @@ -6731,7 +6731,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_4096_prime(WOLFSSL_BIGNUM* bn) */ WOLFSSL_BIGNUM* wolfSSL_DH_6144_prime(WOLFSSL_BIGNUM* bn) { - const char prm[] = { + static const char prm[] = { "FFFFFFFFFFFFFFFFC90FDAA22168C234" "C4C6628B80DC1CD129024E088A67CC74" "020BBEA63B139B22514A08798E3404DD" diff --git a/src/ssl.c b/src/ssl.c index 6319a4a3c..e10afc6de 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -40527,7 +40527,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, #ifdef WOLFSSL_SMALL_STACK DeCert = (DecodedCert *)XMALLOC(sizeof(*DeCert), heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_DCERT); if (DeCert == NULL) { WOLFSSL_MSG("out of memory"); return WOLFSSL_FAILURE; @@ -40726,7 +40726,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, out: #ifdef WOLFSSL_SMALL_STACK - XFREE(DeCert, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(DeCert, heap, DYNAMIC_TYPE_DCERT); #endif return ret; diff --git a/src/x509.c b/src/x509.c index ce8a56aa2..bfa5af079 100644 --- a/src/x509.c +++ b/src/x509.c @@ -115,7 +115,7 @@ unsigned int wolfSSL_X509_get_extended_key_usage(WOLFSSL_X509* x509) /* Returns the number of X509V3 extensions in X509 object, or 0 on failure */ int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert) { - int extCount = WOLFSSL_FAILURE; + int extCount = 0; int length = 0; int outSz = 0; const byte* rawCert; @@ -141,7 +141,7 @@ int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert) } #ifdef WOLFSSL_SMALL_STACK - cert = (DecodedCert *)XMALLOC(sizeof(*cert), NULL, DYNAMIC_TYPE_TMP_BUFFER); + cert = (DecodedCert *)XMALLOC(sizeof(*cert), NULL, DYNAMIC_TYPE_DCERT); if (cert == NULL) { WOLFSSL_MSG("out of memory"); return WOLFSSL_FAILURE; @@ -188,7 +188,6 @@ int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert) goto out; } - extCount = 0; while (idx < (word32)sz) { if (GetSequence(input, &idx, &length, sz) < 0) { WOLFSSL_MSG("\tfail: should be a SEQUENCE"); @@ -203,7 +202,7 @@ out: FreeDecodedCert(cert); #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); #endif return extCount; } @@ -1752,7 +1751,7 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos) #ifdef WOLFSSL_SMALL_STACK cert = (DecodedCert *)XMALLOC(sizeof(*cert), x509->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_DCERT); if (cert == NULL) { WOLFSSL_MSG("\tout of memory"); return WOLFSSL_FATAL_ERROR; @@ -1834,7 +1833,7 @@ out: FreeDecodedCert(cert); #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, x509->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, x509->heap, DYNAMIC_TYPE_DCERT); #endif return found ? extCount : WOLFSSL_FATAL_ERROR; @@ -11861,7 +11860,7 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen, #ifdef WOLFSSL_SMALL_STACK dCert = (DecodedCert *)XMALLOC(sizeof(*dCert), x->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_DCERT); if (dCert == NULL) { WOLFSSL_MSG("\tout of memory"); return WOLFSSL_FATAL_ERROR; @@ -11880,7 +11879,7 @@ out: FreeDecodedCert(dCert); #ifdef WOLFSSL_SMALL_STACK - XFREE(dCert, x->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(dCert, x->heap, DYNAMIC_TYPE_DCERT); #endif if (ret != 0) @@ -11914,7 +11913,7 @@ int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc, #ifdef WOLFSSL_SMALL_STACK if (ret == WOLFSSL_SUCCESS) { dCert = (DecodedCert *)XMALLOC(sizeof(*dCert), x->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_DCERT); if (dCert == NULL) { WOLFSSL_MSG("\tout of memory"); ret = WOLFSSL_FAILURE; @@ -11942,7 +11941,7 @@ int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc, #ifdef WOLFSSL_SMALL_STACK if (dCert != NULL) - XFREE(dCert, x->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(dCert, x->heap, DYNAMIC_TYPE_DCERT); #endif return ret; diff --git a/tests/quic.c b/tests/quic.c index cb7825890..d47f1f63e 100644 --- a/tests/quic.c +++ b/tests/quic.c @@ -951,7 +951,7 @@ static int QuicConversation_step(QuicConversation *conv) conv->started = 1; } if (conv->server->output.len > 0) { - QuicTestContext_forward(conv->server, conv->client, conv->rec_log, sizeof conv->rec_log); + QuicTestContext_forward(conv->server, conv->client, conv->rec_log, sizeof(conv->rec_log)); n = wolfSSL_quic_read_write(conv->client->ssl); if (n != WOLFSSL_SUCCESS) { AssertIntEQ(wolfSSL_get_error(conv->client->ssl, 0), SSL_ERROR_WANT_READ); @@ -959,7 +959,7 @@ static int QuicConversation_step(QuicConversation *conv) return 1; } else if (conv->client->output.len > 0) { - QuicTestContext_forward(conv->client, conv->server, conv->rec_log, sizeof conv->rec_log); + QuicTestContext_forward(conv->client, conv->server, conv->rec_log, sizeof(conv->rec_log)); #ifdef WOLFSSL_EARLY_DATA if (conv->accept_early_data) { int written;