diff --git a/examples/server/server.c b/examples/server/server.c index 4cd6c123a..002222e6b 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -1411,10 +1411,20 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #endif #ifdef WOLFSSL_STATIC_MEMORY + /* Note: Actual memory used is much less, this is the entire buffer buckets, + * which is partitioned into pools of common sizes. To adjust the buckets + * sizes see WOLFMEM_BUCKETS in memory.h */ #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) \ || defined(SESSION_CERTS) /* big enough to handle most cases including session certs */ + #if !defined(WOLFSSL_NO_CLIENT_AUTH) && \ + ((defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) || \ + (defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH))) + /* increase is due to EdDSA_Update */ + byte memory[440000]; + #else byte memory[320000]; + #endif #else byte memory[80000]; #endif diff --git a/src/internal.c b/src/internal.c index e0f3c899b..f8432a153 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2171,13 +2171,16 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) heap, DYNAMIC_TYPE_OPENSSL)) == NULL) { WOLFSSL_MSG("ctx-x509_store.lookup.dir memory allocation error"); XFREE(ctx->param, heap, DYNAMIC_TYPE_OPENSSL); + ctx->param = NULL; return MEMORY_E; } XMEMSET(ctx->x509_store.lookup.dirs, 0, sizeof(WOLFSSL_BY_DIR)); if (wc_InitMutex(&ctx->x509_store.lookup.dirs->lock) != 0) { WOLFSSL_MSG("Bad mutex init"); XFREE(ctx->param, heap, DYNAMIC_TYPE_OPENSSL); + ctx->param = NULL; XFREE(ctx->x509_store.lookup.dirs, heap, DYNAMIC_TYPE_OPENSSL); + ctx->x509_store.lookup.dirs = NULL; return BAD_MUTEX_E; } #endif @@ -2358,12 +2361,13 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) #endif /* HAVE_TLS_EXTENSIONS */ #ifdef OPENSSL_EXTRA - if(ctx->alpn_cli_protos) { - XFREE((void *)ctx->alpn_cli_protos, NULL, DYNAMIC_TYPE_OPENSSL); + if (ctx->alpn_cli_protos) { + XFREE((void*)ctx->alpn_cli_protos, ctx->heap, DYNAMIC_TYPE_OPENSSL); ctx->alpn_cli_protos = NULL; } if (ctx->param) { XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL); + ctx->param = NULL; } if (ctx->x509_store.lookup.dirs) { diff --git a/src/ssl.c b/src/ssl.c index 164764dc0..a257f74b0 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -26602,8 +26602,8 @@ int wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* pParam, sz = (unsigned int)XSTRLEN(name); - /* If name is NUL-terminated, namelen can be set to zero. */ - if(nameSz == 0 || nameSz > sz) + /* If name is NULL-terminated, namelen can be set to zero. */ + if (nameSz == 0 || nameSz > sz) nameSz = sz; if (nameSz > 0 && name[nameSz - 1] == '\0') @@ -50273,12 +50273,14 @@ int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx, const unsigned char *p, unsigned int p_len) { WOLFSSL_ENTER("wolfSSL_CTX_set_alpn_protos"); - if(ctx == NULL) + if (ctx == NULL) return BAD_FUNC_ARG; - if((void *)ctx->alpn_cli_protos != NULL) - wolfSSL_OPENSSL_free((void *)ctx->alpn_cli_protos); - ctx->alpn_cli_protos = - (const unsigned char *)wolfSSL_OPENSSL_memdup(p, p_len, NULL, 0); + if (ctx->alpn_cli_protos != NULL) { + XFREE((void*)ctx->alpn_cli_protos, ctx->heap, DYNAMIC_TYPE_OPENSSL); + } + + ctx->alpn_cli_protos = (const unsigned char*)XMALLOC(p_len, + ctx->heap, DYNAMIC_TYPE_OPENSSL); if (ctx->alpn_cli_protos == NULL) { #if defined(WOLFSSL_ERROR_CODE_OPENSSL) /* 0 on success in OpenSSL, non-0 on failure in OpenSSL @@ -50286,9 +50288,10 @@ int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx, const unsigned char *p, */ return 1; #else - return SSL_FAILURE; + return WOLFSSL_FAILURE; #endif } + XMEMCPY((void*)ctx->alpn_cli_protos, p, p_len); ctx->alpn_cli_protos_len = p_len; #if defined(WOLFSSL_ERROR_CODE_OPENSSL) @@ -59459,7 +59462,7 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, if (ctx->param == NULL) { ctx->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC( sizeof(WOLFSSL_X509_VERIFY_PARAM), - NULL,DYNAMIC_TYPE_OPENSSL); + NULL, DYNAMIC_TYPE_OPENSSL); if (ctx->param == NULL){ WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_init failed"); return WOLFSSL_FAILURE; @@ -59481,8 +59484,8 @@ void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx) wolfSSL_CRYPTO_cleanup_ex_data(&ctx->ex_data); #endif #ifdef OPENSSL_EXTRA - if (ctx->param != NULL){ - XFREE(ctx->param,NULL,DYNAMIC_TYPE_OPENSSL); + if (ctx->param != NULL) { + XFREE(ctx->param, NULL, DYNAMIC_TYPE_OPENSSL); ctx->param = NULL; } #endif @@ -59495,8 +59498,8 @@ void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX* ctx) { if (ctx != NULL) { #ifdef OPENSSL_EXTRA - if (ctx->param != NULL){ - XFREE(ctx->param,NULL,DYNAMIC_TYPE_OPENSSL); + if (ctx->param != NULL) { + XFREE(ctx->param, NULL, DYNAMIC_TYPE_OPENSSL); ctx->param = NULL; } #endif diff --git a/tests/api.c b/tests/api.c index 6dbb31e10..1e8d7aa62 100644 --- a/tests/api.c +++ b/tests/api.c @@ -35246,7 +35246,7 @@ static void test_wolfSSL_X509_sign(void) #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) int ret; - char *caSubject; + char *cn; X509_NAME *name; X509 *x509, *ca; DecodedCert dCert; @@ -35368,11 +35368,13 @@ static void test_wolfSSL_X509_sign(void) InitDecodedCert(&dCert, certIssuer, (word32)certIssuerSz, 0); AssertIntEQ(ParseCert(&dCert, CERT_TYPE, NO_VERIFY, NULL), 0); - AssertNotNull(ca = wolfSSL_d2i_X509(NULL, &certIssuer, (int)certIssuerSz)); - AssertNotNull(caSubject = wolfSSL_X509_NAME_oneline( - X509_get_subject_name(ca), 0, 0)); - AssertIntEQ(0, XSTRNCMP(caSubject, dCert.subject, XSTRLEN(caSubject))); - XFREE(caSubject, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); + AssertNotNull(ca = d2i_X509(NULL, &certIssuer, (int)certIssuerSz)); + AssertNotNull(name = X509_get_subject_name(ca)); + cn = (char*)XMALLOC(name->sz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); + + AssertNotNull(cn = X509_NAME_oneline(name, cn, name->sz)); + AssertIntEQ(0, XSTRNCMP(cn, dCert.subject, XSTRLEN(cn))); + XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); #ifdef WOLFSSL_MULTI_ATTRIB /* test adding multiple OU's to the signer */ @@ -35388,9 +35390,12 @@ static void test_wolfSSL_X509_sign(void) AssertIntEQ(X509_set_issuer_name(x509, name), SSL_SUCCESS); AssertIntGT(X509_sign(x509, priv, EVP_sha256()), 0); - AssertNotNull(caSubject = wolfSSL_X509_NAME_oneline( - X509_get_issuer_name(x509), 0, 0)); - XFREE(caSubject, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); + AssertNotNull(name = X509_get_issuer_name(x509)); + cn = (char*)XMALLOC(name->sz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); + AssertNotNull(cn = X509_NAME_oneline(name, cn, name->sz)); + /* compare and don't include the multi-attrib "/OU=OU1/OU=OU2" above */ + AssertIntEQ(0, XSTRNCMP(cn, dCert.issuer, XSTRLEN(dCert.issuer))); + XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); FreeDecodedCert(&dCert); @@ -50413,7 +50418,11 @@ static void test_wolfSSL_CTX_StaticMemory_TLS(int tlsVer, #ifdef WOLFSSL_STATIC_MEMORY #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || \ defined(SESSION_CERTS) + #ifdef OPENSSL_EXTRA + #define TEST_TLS_STATIC_MEMSZ (400000) + #else #define TEST_TLS_STATIC_MEMSZ (320000) + #endif #else #define TEST_TLS_STATIC_MEMSZ (80000) #endif diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index a5ebeaf40..49b4fb78b 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -628,6 +628,10 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type) #else res = malloc(size); #endif + + #ifdef WOLFSSL_DEBUG_MEMORY + printf("Alloc: %p -> %u at %s:%d\n", res, (word32)size, func, line); + #endif #else WOLFSSL_MSG("No heap hint found to use and no malloc"); #ifdef WOLFSSL_DEBUG_MEMORY @@ -751,6 +755,9 @@ void wolfSSL_Free(void *ptr, void* heap, int type) /* check for testing heap hint was set */ #ifdef WOLFSSL_HEAP_TEST if (heap == (void*)WOLFSSL_HEAP_TEST) { + #ifdef WOLFSSL_DEBUG_MEMORY + printf("Free: %p at %s:%d\n", pt, func, line); + #endif return free(ptr); } #endif diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 01570b0ed..da235049f 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -446,6 +446,8 @@ int wc_FileExists(const char* fname) { struct ReadDirCtx ctx; + XMEMSET(&ctx, 0, sizeof(ctx)); + if (fname == NULL) return 0; diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 751711130..544e25464 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -1526,8 +1526,13 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #endif #ifndef FILE_BUFFER_SIZE - #define FILE_BUFFER_SIZE 1024 /* default static file buffer size for input, \ - will use dynamic buffer if not big enough */ + /* default static file buffer size for input, will use dynamic buffer if + * not big enough */ + #ifdef WOLFSSL_CERT_EXT + #define FILE_BUFFER_SIZE (3*1024) + #else + #define FILE_BUFFER_SIZE (1*1024) + #endif #endif #ifdef HAVE_CAVIUM_OCTEON_SYNC