Fixes for static memory testing. Fix clang memory sanitizer warnings.

2021-10-21 13:40:30 -07:00
parent 911d95e5e4
commit f17187aad9
7 changed files with 66 additions and 26 deletions
--- a/examples/server/server.c
+++ b/examples/server/server.c
@ -1411,10 +1411,20 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
 #endif

 #ifdef WOLFSSL_STATIC_MEMORY
+    /* Note: Actual memory used is much less, this is the entire buffer buckets, 
+     * which is partitioned into pools of common sizes. To adjust the buckets 
+     * sizes see WOLFMEM_BUCKETS in memory.h */
    #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) \
        || defined(SESSION_CERTS)
        /* big enough to handle most cases including session certs */
+        #if !defined(WOLFSSL_NO_CLIENT_AUTH) && \
+               ((defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) || \
+                (defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH)))
+        /* increase is due to EdDSA_Update */
+        byte memory[440000];
+        #else
        byte memory[320000];
+        #endif
    #else
        byte memory[80000];
    #endif
--- a/src/internal.c
+++ b/src/internal.c
@ -2171,13 +2171,16 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
                            heap, DYNAMIC_TYPE_OPENSSL)) == NULL) {
        WOLFSSL_MSG("ctx-x509_store.lookup.dir memory allocation error");
        XFREE(ctx->param, heap, DYNAMIC_TYPE_OPENSSL);
+        ctx->param = NULL;
        return MEMORY_E;
    }
    XMEMSET(ctx->x509_store.lookup.dirs, 0, sizeof(WOLFSSL_BY_DIR));
    if (wc_InitMutex(&ctx->x509_store.lookup.dirs->lock) != 0) {
        WOLFSSL_MSG("Bad mutex init");
        XFREE(ctx->param, heap, DYNAMIC_TYPE_OPENSSL);
+        ctx->param = NULL;
        XFREE(ctx->x509_store.lookup.dirs, heap, DYNAMIC_TYPE_OPENSSL);
+        ctx->x509_store.lookup.dirs = NULL;
        return BAD_MUTEX_E;
    }
    #endif
@ -2358,12 +2361,13 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)

 #endif /* HAVE_TLS_EXTENSIONS */
 #ifdef OPENSSL_EXTRA
-    if(ctx->alpn_cli_protos) {
-        XFREE((void *)ctx->alpn_cli_protos, NULL, DYNAMIC_TYPE_OPENSSL);
+    if (ctx->alpn_cli_protos) {
+        XFREE((void*)ctx->alpn_cli_protos, ctx->heap, DYNAMIC_TYPE_OPENSSL);
        ctx->alpn_cli_protos = NULL;
    }
    if (ctx->param) {
        XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL);
+        ctx->param = NULL;
    }

    if (ctx->x509_store.lookup.dirs) {
--- a/src/ssl.c
+++ b/src/ssl.c
@ -26602,8 +26602,8 @@ int wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* pParam,

    sz = (unsigned int)XSTRLEN(name);

-    /* If name is NUL-terminated, namelen can be set to zero. */
-    if(nameSz == 0 || nameSz > sz)
+    /* If name is NULL-terminated, namelen can be set to zero. */
+    if (nameSz == 0 || nameSz > sz)
        nameSz = sz;

    if (nameSz > 0 && name[nameSz - 1] == '\0')
@ -50273,12 +50273,14 @@ int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx, const unsigned char *p,
                            unsigned int p_len)
 {
    WOLFSSL_ENTER("wolfSSL_CTX_set_alpn_protos");
-    if(ctx == NULL)
+    if (ctx == NULL)
        return BAD_FUNC_ARG;
-    if((void *)ctx->alpn_cli_protos != NULL)
-        wolfSSL_OPENSSL_free((void *)ctx->alpn_cli_protos);
-    ctx->alpn_cli_protos =
-        (const unsigned char *)wolfSSL_OPENSSL_memdup(p, p_len, NULL, 0);
+    if (ctx->alpn_cli_protos != NULL) {
+        XFREE((void*)ctx->alpn_cli_protos, ctx->heap, DYNAMIC_TYPE_OPENSSL);
+    }
+
+    ctx->alpn_cli_protos = (const unsigned char*)XMALLOC(p_len,
+        ctx->heap, DYNAMIC_TYPE_OPENSSL);
    if (ctx->alpn_cli_protos == NULL) {
 #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
        /* 0 on success in OpenSSL, non-0 on failure in OpenSSL
@ -50286,9 +50288,10 @@ int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx, const unsigned char *p,
         */
        return 1;
 #else
-        return SSL_FAILURE;
+        return WOLFSSL_FAILURE;
 #endif
    }
+    XMEMCPY((void*)ctx->alpn_cli_protos, p, p_len);
    ctx->alpn_cli_protos_len = p_len;

 #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
@ -59459,7 +59462,7 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
        if (ctx->param == NULL) {
            ctx->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
                           sizeof(WOLFSSL_X509_VERIFY_PARAM),
-                           NULL,DYNAMIC_TYPE_OPENSSL);
+                           NULL, DYNAMIC_TYPE_OPENSSL);
            if (ctx->param == NULL){
                WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_init failed");
                return WOLFSSL_FAILURE;
@ -59481,8 +59484,8 @@ void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx)
        wolfSSL_CRYPTO_cleanup_ex_data(&ctx->ex_data);
 #endif
    #ifdef OPENSSL_EXTRA
-        if (ctx->param != NULL){
-            XFREE(ctx->param,NULL,DYNAMIC_TYPE_OPENSSL);
+        if (ctx->param != NULL) {
+            XFREE(ctx->param, NULL, DYNAMIC_TYPE_OPENSSL);
            ctx->param = NULL;
        }
    #endif
@ -59495,8 +59498,8 @@ void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX* ctx)
 {
    if (ctx != NULL) {
 #ifdef OPENSSL_EXTRA
-        if (ctx->param != NULL){
-            XFREE(ctx->param,NULL,DYNAMIC_TYPE_OPENSSL);
+        if (ctx->param != NULL) {
+            XFREE(ctx->param, NULL, DYNAMIC_TYPE_OPENSSL);
            ctx->param = NULL;
        }
 #endif
--- a/tests/api.c
+++ b/tests/api.c
@ -35246,7 +35246,7 @@ static void test_wolfSSL_X509_sign(void)
 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
    defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA)
    int ret;
-    char *caSubject;
+    char *cn;
    X509_NAME *name;
    X509 *x509, *ca;
    DecodedCert dCert;
@ -35368,11 +35368,13 @@ static void test_wolfSSL_X509_sign(void)
    InitDecodedCert(&dCert, certIssuer, (word32)certIssuerSz, 0);
    AssertIntEQ(ParseCert(&dCert, CERT_TYPE, NO_VERIFY, NULL), 0);

-    AssertNotNull(ca = wolfSSL_d2i_X509(NULL, &certIssuer, (int)certIssuerSz));
-    AssertNotNull(caSubject  = wolfSSL_X509_NAME_oneline(
-                                              X509_get_subject_name(ca), 0, 0));
-    AssertIntEQ(0, XSTRNCMP(caSubject, dCert.subject, XSTRLEN(caSubject)));
-    XFREE(caSubject, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
+    AssertNotNull(ca = d2i_X509(NULL, &certIssuer, (int)certIssuerSz));
+    AssertNotNull(name = X509_get_subject_name(ca));
+    cn = (char*)XMALLOC(name->sz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
+    
+    AssertNotNull(cn = X509_NAME_oneline(name, cn, name->sz));
+    AssertIntEQ(0, XSTRNCMP(cn, dCert.subject, XSTRLEN(cn)));
+    XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);

 #ifdef WOLFSSL_MULTI_ATTRIB
    /* test adding multiple OU's to the signer */
@ -35388,9 +35390,12 @@ static void test_wolfSSL_X509_sign(void)
    AssertIntEQ(X509_set_issuer_name(x509, name), SSL_SUCCESS);

    AssertIntGT(X509_sign(x509, priv, EVP_sha256()), 0);
-    AssertNotNull(caSubject  = wolfSSL_X509_NAME_oneline(
-                                             X509_get_issuer_name(x509), 0, 0));
-    XFREE(caSubject, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
+    AssertNotNull(name = X509_get_issuer_name(x509));
+    cn = (char*)XMALLOC(name->sz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
+    AssertNotNull(cn  = X509_NAME_oneline(name, cn, name->sz));
+    /* compare and don't include the multi-attrib "/OU=OU1/OU=OU2" above */
+    AssertIntEQ(0, XSTRNCMP(cn, dCert.issuer, XSTRLEN(dCert.issuer)));
+    XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);

    FreeDecodedCert(&dCert);

@ -50413,7 +50418,11 @@ static void test_wolfSSL_CTX_StaticMemory_TLS(int tlsVer,
 #ifdef WOLFSSL_STATIC_MEMORY
    #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || \
         defined(SESSION_CERTS)
+        #ifdef OPENSSL_EXTRA
+        #define TEST_TLS_STATIC_MEMSZ (400000)
+        #else
        #define TEST_TLS_STATIC_MEMSZ (320000)
+        #endif
    #else
        #define TEST_TLS_STATIC_MEMSZ (80000)
    #endif
--- a/wolfcrypt/src/memory.c
+++ b/wolfcrypt/src/memory.c
@ -628,6 +628,10 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
            #else
                res = malloc(size);
            #endif
+
+            #ifdef WOLFSSL_DEBUG_MEMORY
+                printf("Alloc: %p -> %u at %s:%d\n", res, (word32)size, func, line);
+            #endif
        #else
            WOLFSSL_MSG("No heap hint found to use and no malloc");
            #ifdef WOLFSSL_DEBUG_MEMORY
@ -751,6 +755,9 @@ void wolfSSL_Free(void *ptr, void* heap, int type)
        /* check for testing heap hint was set */
    #ifdef WOLFSSL_HEAP_TEST
        if (heap == (void*)WOLFSSL_HEAP_TEST) {
+        #ifdef WOLFSSL_DEBUG_MEMORY
+            printf("Free: %p at %s:%d\n", pt, func, line);
+        #endif
            return free(ptr);
        }
    #endif
--- a/wolfcrypt/src/wc_port.c
+++ b/wolfcrypt/src/wc_port.c
@ -446,6 +446,8 @@ int wc_FileExists(const char* fname)
 {
    struct ReadDirCtx ctx;

+    XMEMSET(&ctx, 0, sizeof(ctx));
+
    if (fname == NULL)
        return 0;

--- a/wolfssl/wolfcrypt/wc_port.h
+++ b/wolfssl/wolfcrypt/wc_port.h
@ -1526,8 +1526,13 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
 #endif

 #ifndef FILE_BUFFER_SIZE
-    #define FILE_BUFFER_SIZE 1024     /* default static file buffer size for input, \
-                                    will use dynamic buffer if not big enough */
+    /* default static file buffer size for input, will use dynamic buffer if
+     * not big enough */
+    #ifdef WOLFSSL_CERT_EXT
+    #define FILE_BUFFER_SIZE (3*1024)
+    #else
+    #define FILE_BUFFER_SIZE (1*1024)
+    #endif
 #endif

 #ifdef HAVE_CAVIUM_OCTEON_SYNC