diff --git a/src/internal.c b/src/internal.c index 265617379..63a5aa074 100755 --- a/src/internal.c +++ b/src/internal.c @@ -3242,27 +3242,6 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx) } else { #endif - ctx_hint = ((WOLFSSL_HEAP_HINT*)(ctx->heap)); - /* lock and check IO count / handshake count */ - if (LockMutex(&(ctx_hint->memory->memory_mutex)) != 0) { - WOLFSSL_MSG("Bad memory_mutex lock"); - return BAD_MUTEX_E; - } - if (ctx_hint->memory->maxHa > 0 && - ctx_hint->memory->maxHa <= ctx_hint->memory->curHa) { - WOLFSSL_MSG("At max number of handshakes for static memory"); - UnLockMutex(&(ctx_hint->memory->memory_mutex)); - return MEMORY_E; - } - - if (ctx_hint->memory->maxIO > 0 && - ctx_hint->memory->maxIO <= ctx_hint->memory->curIO) { - WOLFSSL_MSG("At max number of IO allowed for static memory"); - UnLockMutex(&(ctx_hint->memory->memory_mutex)); - return MEMORY_E; - } - UnLockMutex(&(ctx_hint->memory->memory_mutex)); - ssl->heap = (WOLFSSL_HEAP_HINT*)XMALLOC(sizeof(WOLFSSL_HEAP_HINT), ctx->heap, DYNAMIC_TYPE_SSL); if (ssl->heap == NULL) { @@ -3270,7 +3249,37 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx) } XMEMSET(ssl->heap, 0, sizeof(WOLFSSL_HEAP_HINT)); ssl_hint = ((WOLFSSL_HEAP_HINT*)(ssl->heap)); + ctx_hint = ((WOLFSSL_HEAP_HINT*)(ctx->heap)); + + /* lock and check IO count / handshake count */ + if (LockMutex(&(ctx_hint->memory->memory_mutex)) != 0) { + WOLFSSL_MSG("Bad memory_mutex lock"); + XFREE(ssl->heap, ctx->heap, DYNAMIC_TYPE_SSL); + ssl->heap = NULL; /* free and set to NULL for IO counter */ + return BAD_MUTEX_E; + } + if (ctx_hint->memory->maxHa > 0 && + ctx_hint->memory->maxHa <= ctx_hint->memory->curHa) { + WOLFSSL_MSG("At max number of handshakes for static memory"); + UnLockMutex(&(ctx_hint->memory->memory_mutex)); + XFREE(ssl->heap, ctx->heap, DYNAMIC_TYPE_SSL); + ssl->heap = NULL; /* free and set to NULL for IO counter */ + return MEMORY_E; + } + + if (ctx_hint->memory->maxIO > 0 && + ctx_hint->memory->maxIO <= ctx_hint->memory->curIO) { + WOLFSSL_MSG("At max number of IO allowed for static memory"); + UnLockMutex(&(ctx_hint->memory->memory_mutex)); + XFREE(ssl->heap, ctx->heap, DYNAMIC_TYPE_SSL); + ssl->heap = NULL; /* free and set to NULL for IO counter */ + return MEMORY_E; + } + ctx_hint->memory->curIO++; + ctx_hint->memory->curHa++; ssl_hint->memory = ctx_hint->memory; + ssl_hint->haFlag = 1; + UnLockMutex(&(ctx_hint->memory->memory_mutex)); /* check if tracking stats */ if (ctx_hint->memory->flag & WOLFMEM_TRACK_STATS) { @@ -3303,15 +3312,6 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx) } UnLockMutex(&(ctx_hint->memory->memory_mutex)); } - - /* increment counters at end of setting up memory */ - if (LockMutex(&(ctx_hint->memory->memory_mutex)) != 0) { - WOLFSSL_MSG("Bad memory_mutex lock"); - return BAD_MUTEX_E; - } - ctx_hint->memory->curHa++; - ctx_hint->memory->curIO++; - UnLockMutex(&(ctx_hint->memory->memory_mutex)); #ifdef WOLFSSL_HEAP_TEST } #endif @@ -3684,6 +3684,9 @@ void SSL_ResourceFree(WOLFSSL* ssl) WOLFSSL_HEAP* ctx_heap; ctx_heap = ssl_hint->memory; + if (LockMutex(&(ctx_heap->memory_mutex)) != 0) { + WOLFSSL_MSG("Bad memory_mutex lock"); + } ctx_heap->curIO--; if (FreeFixedIO(ctx_heap, &(ssl_hint->outBuf)) != 1) { WOLFSSL_MSG("Error freeing fixed output buffer"); @@ -3691,6 +3694,10 @@ void SSL_ResourceFree(WOLFSSL* ssl) if (FreeFixedIO(ctx_heap, &(ssl_hint->inBuf)) != 1) { WOLFSSL_MSG("Error freeing fixed output buffer"); } + if (ssl_hint->haFlag) { /* check if handshake count has been decreased*/ + ctx_heap->curHa--; + } + UnLockMutex(&(ctx_heap->memory_mutex)); /* check if tracking stats */ if (ctx_heap->flag & WOLFMEM_TRACK_STATS) { @@ -3864,6 +3871,7 @@ void FreeHandshakeResources(WOLFSSL* ssl) WOLFSSL_MSG("Bad memory_mutex lock"); } ctx_heap->curHa--; + ssl_hint->haFlag = 0; /* set to zero since handshake has been dec */ UnLockMutex(&(ctx_heap->memory_mutex)); #ifdef WOLFSSL_HEAP_TEST } diff --git a/src/ssl.c b/src/ssl.c index 3caf34969..fab0feed3 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -692,6 +692,9 @@ int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx, wolfSSL_method_func method } if (*ctx == NULL) { + if (sizeof(WOLFSSL_HEAP) + sizeof(WOLFSSL_HEAP_HINT) > sz - idx) { + return BUFFER_E; /* not enough memory for structures */ + } heap = (WOLFSSL_HEAP*)buf; idx += sizeof(WOLFSSL_HEAP); if (wolfSSL_init_memory_heap(heap) != SSL_SUCCESS) { @@ -703,6 +706,9 @@ int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx, wolfSSL_method_func method hint->memory = heap; } else if ((*ctx)->heap == NULL) { + if (sizeof(WOLFSSL_HEAP) + sizeof(WOLFSSL_HEAP_HINT) > sz - idx) { + return BUFFER_E; /* not enough memory for structures */ + } heap = (WOLFSSL_HEAP*)buf; idx += sizeof(WOLFSSL_HEAP); if (wolfSSL_init_memory_heap(heap) != SSL_SUCCESS) { diff --git a/wolfssl/wolfcrypt/memory.h b/wolfssl/wolfcrypt/memory.h index b243fed51..274787939 100644 --- a/wolfssl/wolfcrypt/memory.h +++ b/wolfssl/wolfcrypt/memory.h @@ -137,6 +137,7 @@ WOLFSSL_API int wolfSSL_SetAllocators(wolfSSL_Malloc_cb malloc_function, WOLFSSL_MEM_CONN_STATS* stats; /* hold individual connection stats */ wc_Memory* outBuf; /* set if using fixed io buffers */ wc_Memory* inBuf; + byte haFlag; /* flag used for checking handshake count */ } WOLFSSL_HEAP_HINT;