mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-31 19:24:42 +02:00
Merge pull request #7005 from SparkiDev/memusage_fix_5
Memory usage fixes: nonce type and TLSX extension free
This commit is contained in:
JacobBarthelmeh
GitHub
@@ -8458,12 +8458,22 @@ void FreeHandshakeResources(WOLFSSL* ssl)
|
|||||||
}
|
}
|
||||||
#endif /* HAVE_PK_CALLBACKS */
|
#endif /* HAVE_PK_CALLBACKS */
|
||||||
|
|
||||||
#if defined(HAVE_TLS_EXTENSIONS) && !defined(HAVE_SNI) && \
|
#if defined(HAVE_TLS_EXTENSIONS) && !defined(HAVE_SNI) && !defined(NO_TLS) && \
|
||||||
!defined(NO_TLS) && !defined(HAVE_ALPN) && !defined(WOLFSSL_POST_HANDSHAKE_AUTH) && \
|
!defined(HAVE_ALPN) && !defined(WOLFSSL_POST_HANDSHAKE_AUTH) && \
|
||||||
!defined(WOLFSSL_DTLS_CID)
|
!defined(WOLFSSL_DTLS_CID)
|
||||||
/* Some extensions need to be kept for post-handshake querying. */
|
/* Some extensions need to be kept for post-handshake querying. */
|
||||||
TLSX_FreeAll(ssl->extensions, ssl->heap);
|
TLSX_FreeAll(ssl->extensions, ssl->heap);
|
||||||
ssl->extensions = NULL;
|
ssl->extensions = NULL;
|
||||||
|
#else
|
||||||
|
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
|
||||||
|
TLSX_Remove(&ssl->extensions, TLSX_SIGNATURE_ALGORITHMS, ssl->heap);
|
||||||
|
#endif
|
||||||
|
TLSX_Remove(&ssl->extensions, TLSX_EC_POINT_FORMATS, ssl->heap);
|
||||||
|
TLSX_Remove(&ssl->extensions, TLSX_SUPPORTED_GROUPS, ssl->heap);
|
||||||
|
#ifdef WOLFSSL_TLS13
|
||||||
|
TLSX_Remove(&ssl->extensions, TLSX_SUPPORTED_VERSIONS, ssl->heap);
|
||||||
|
TLSX_Remove(&ssl->extensions, TLSX_KEY_SHARE, ssl->heap);
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef WOLFSSL_STATIC_MEMORY
|
#ifdef WOLFSSL_STATIC_MEMORY
|
||||||
|
|||||||
53
src/tls.c
53
src/tls.c
@@ -12003,111 +12003,141 @@ void TLSX_FreeAll(TLSX* list, void* heap)
|
|||||||
|
|
||||||
#if defined(HAVE_RPK)
|
#if defined(HAVE_RPK)
|
||||||
case TLSX_CLIENT_CERTIFICATE_TYPE:
|
case TLSX_CLIENT_CERTIFICATE_TYPE:
|
||||||
|
WOLFSSL_MSG("Client Certificate Type extension free");
|
||||||
|
/* nothing to do */
|
||||||
|
break;
|
||||||
case TLSX_SERVER_CERTIFICATE_TYPE:
|
case TLSX_SERVER_CERTIFICATE_TYPE:
|
||||||
|
WOLFSSL_MSG("Server Certificate Type extension free");
|
||||||
/* nothing to do */
|
/* nothing to do */
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_SNI
|
#ifdef HAVE_SNI
|
||||||
case TLSX_SERVER_NAME:
|
case TLSX_SERVER_NAME:
|
||||||
|
WOLFSSL_MSG("SNI extension free");
|
||||||
SNI_FREE_ALL((SNI*)extension->data, heap);
|
SNI_FREE_ALL((SNI*)extension->data, heap);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
case TLSX_TRUSTED_CA_KEYS:
|
case TLSX_TRUSTED_CA_KEYS:
|
||||||
|
WOLFSSL_MSG("Trusted CA Indication extension free");
|
||||||
TCA_FREE_ALL((TCA*)extension->data, heap);
|
TCA_FREE_ALL((TCA*)extension->data, heap);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TLSX_MAX_FRAGMENT_LENGTH:
|
case TLSX_MAX_FRAGMENT_LENGTH:
|
||||||
|
WOLFSSL_MSG("Max Fragment Length extension free");
|
||||||
MFL_FREE_ALL(extension->data, heap);
|
MFL_FREE_ALL(extension->data, heap);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TLSX_EXTENDED_MASTER_SECRET:
|
case TLSX_EXTENDED_MASTER_SECRET:
|
||||||
|
WOLFSSL_MSG("Extended Master Secret free");
|
||||||
|
/* Nothing to do. */
|
||||||
|
break;
|
||||||
case TLSX_TRUNCATED_HMAC:
|
case TLSX_TRUNCATED_HMAC:
|
||||||
|
WOLFSSL_MSG("Truncated HMAC extension free");
|
||||||
/* Nothing to do. */
|
/* Nothing to do. */
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TLSX_SUPPORTED_GROUPS:
|
case TLSX_SUPPORTED_GROUPS:
|
||||||
|
WOLFSSL_MSG("Supported Groups extension free");
|
||||||
EC_FREE_ALL((SupportedCurve*)extension->data, heap);
|
EC_FREE_ALL((SupportedCurve*)extension->data, heap);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TLSX_EC_POINT_FORMATS:
|
case TLSX_EC_POINT_FORMATS:
|
||||||
|
WOLFSSL_MSG("Point Formats extension free");
|
||||||
PF_FREE_ALL((PointFormat*)extension->data, heap);
|
PF_FREE_ALL((PointFormat*)extension->data, heap);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TLSX_STATUS_REQUEST:
|
case TLSX_STATUS_REQUEST:
|
||||||
|
WOLFSSL_MSG("Certificate Status Request extension free");
|
||||||
CSR_FREE_ALL((CertificateStatusRequest*)extension->data, heap);
|
CSR_FREE_ALL((CertificateStatusRequest*)extension->data, heap);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TLSX_STATUS_REQUEST_V2:
|
case TLSX_STATUS_REQUEST_V2:
|
||||||
|
WOLFSSL_MSG("Certificate Status Request v2 extension free");
|
||||||
CSR2_FREE_ALL((CertificateStatusRequestItemV2*)extension->data,
|
CSR2_FREE_ALL((CertificateStatusRequestItemV2*)extension->data,
|
||||||
heap);
|
heap);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TLSX_RENEGOTIATION_INFO:
|
case TLSX_RENEGOTIATION_INFO:
|
||||||
|
WOLFSSL_MSG("Secure Renegotiation extension free");
|
||||||
SCR_FREE_ALL(extension->data, heap);
|
SCR_FREE_ALL(extension->data, heap);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TLSX_SESSION_TICKET:
|
case TLSX_SESSION_TICKET:
|
||||||
|
WOLFSSL_MSG("Session Ticket extension free");
|
||||||
WOLF_STK_FREE(extension->data, heap);
|
WOLF_STK_FREE(extension->data, heap);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TLSX_APPLICATION_LAYER_PROTOCOL:
|
case TLSX_APPLICATION_LAYER_PROTOCOL:
|
||||||
|
WOLFSSL_MSG("ALPN extension free");
|
||||||
ALPN_FREE_ALL((ALPN*)extension->data, heap);
|
ALPN_FREE_ALL((ALPN*)extension->data, heap);
|
||||||
break;
|
break;
|
||||||
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
|
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
|
||||||
case TLSX_SIGNATURE_ALGORITHMS:
|
case TLSX_SIGNATURE_ALGORITHMS:
|
||||||
|
WOLFSSL_MSG("Signature Algorithms extension to free");
|
||||||
SA_FREE_ALL((SignatureAlgorithms*)extension->data, heap);
|
SA_FREE_ALL((SignatureAlgorithms*)extension->data, heap);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
|
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
|
||||||
case TLSX_ENCRYPT_THEN_MAC:
|
case TLSX_ENCRYPT_THEN_MAC:
|
||||||
|
WOLFSSL_MSG("Encrypt-Then-Mac extension free");
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
case TLSX_SUPPORTED_VERSIONS:
|
case TLSX_SUPPORTED_VERSIONS:
|
||||||
|
WOLFSSL_MSG("Supported Versions extension free");
|
||||||
break;
|
break;
|
||||||
|
|
||||||
#ifdef WOLFSSL_SEND_HRR_COOKIE
|
#ifdef WOLFSSL_SEND_HRR_COOKIE
|
||||||
case TLSX_COOKIE:
|
case TLSX_COOKIE:
|
||||||
|
WOLFSSL_MSG("Cookie extension freee");
|
||||||
CKE_FREE_ALL((Cookie*)extension->data, heap);
|
CKE_FREE_ALL((Cookie*)extension->data, heap);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||||
case TLSX_PRE_SHARED_KEY:
|
case TLSX_PRE_SHARED_KEY:
|
||||||
|
WOLFSSL_MSG("Pre-Shared Key extension free");
|
||||||
PSK_FREE_ALL((PreSharedKey*)extension->data, heap);
|
PSK_FREE_ALL((PreSharedKey*)extension->data, heap);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TLSX_PSK_KEY_EXCHANGE_MODES:
|
case TLSX_PSK_KEY_EXCHANGE_MODES:
|
||||||
|
WOLFSSL_MSG("PSK Key Exchange Modes extension free");
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef WOLFSSL_EARLY_DATA
|
#ifdef WOLFSSL_EARLY_DATA
|
||||||
case TLSX_EARLY_DATA:
|
case TLSX_EARLY_DATA:
|
||||||
|
WOLFSSL_MSG("Early Data extension free");
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
|
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
|
||||||
case TLSX_POST_HANDSHAKE_AUTH:
|
case TLSX_POST_HANDSHAKE_AUTH:
|
||||||
|
WOLFSSL_MSG("Post-Handshake Authentication extension free");
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
|
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG)
|
||||||
case TLSX_SIGNATURE_ALGORITHMS_CERT:
|
case TLSX_SIGNATURE_ALGORITHMS_CERT:
|
||||||
|
WOLFSSL_MSG("Signature Algorithms extension free");
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
case TLSX_KEY_SHARE:
|
case TLSX_KEY_SHARE:
|
||||||
|
WOLFSSL_MSG("Key Share extension free");
|
||||||
KS_FREE_ALL((KeyShareEntry*)extension->data, heap);
|
KS_FREE_ALL((KeyShareEntry*)extension->data, heap);
|
||||||
break;
|
break;
|
||||||
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES)
|
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES)
|
||||||
case TLSX_CERTIFICATE_AUTHORITIES:
|
case TLSX_CERTIFICATE_AUTHORITIES:
|
||||||
|
WOLFSSL_MSG("Certificate Authorities extension free");
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_SRTP
|
#ifdef WOLFSSL_SRTP
|
||||||
case TLSX_USE_SRTP:
|
case TLSX_USE_SRTP:
|
||||||
|
WOLFSSL_MSG("SRTP extension free");
|
||||||
SRTP_FREE((TlsxSrtp*)extension->data, heap);
|
SRTP_FREE((TlsxSrtp*)extension->data, heap);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
@@ -12116,22 +12146,25 @@ void TLSX_FreeAll(TLSX* list, void* heap)
|
|||||||
case TLSX_KEY_QUIC_TP_PARAMS:
|
case TLSX_KEY_QUIC_TP_PARAMS:
|
||||||
FALL_THROUGH;
|
FALL_THROUGH;
|
||||||
case TLSX_KEY_QUIC_TP_PARAMS_DRAFT:
|
case TLSX_KEY_QUIC_TP_PARAMS_DRAFT:
|
||||||
|
WOLFSSL_MSG("QUIC transport parameter free");
|
||||||
QTP_FREE((QuicTransportParam*)extension->data, heap);
|
QTP_FREE((QuicTransportParam*)extension->data, heap);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef WOLFSSL_DTLS_CID
|
#ifdef WOLFSSL_DTLS_CID
|
||||||
case TLSX_CONNECTION_ID:
|
case TLSX_CONNECTION_ID:
|
||||||
CID_FREE((byte*)extension->data, heap);
|
WOLFSSL_MSG("Connection ID extension free");
|
||||||
break;
|
CID_FREE((byte*)extension->data, heap);
|
||||||
|
break;
|
||||||
#endif /* WOLFSSL_DTLS_CID */
|
#endif /* WOLFSSL_DTLS_CID */
|
||||||
#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
|
#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
|
||||||
case TLSX_ECH:
|
case TLSX_ECH:
|
||||||
ECH_FREE((WOLFSSL_ECH*)extension->data, heap);
|
WOLFSSL_MSG("ECH extension free");
|
||||||
break;
|
ECH_FREE((WOLFSSL_ECH*)extension->data, heap);
|
||||||
|
break;
|
||||||
#endif
|
#endif
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
XFREE(extension, heap, DYNAMIC_TYPE_TLSX);
|
XFREE(extension, heap, DYNAMIC_TYPE_TLSX);
|
||||||
@@ -12509,6 +12542,7 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
|
|||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_SRTP
|
#ifdef WOLFSSL_SRTP
|
||||||
case TLSX_USE_SRTP:
|
case TLSX_USE_SRTP:
|
||||||
|
WOLFSSL_MSG("SRTP extension to write");
|
||||||
offset += SRTP_WRITE((TlsxSrtp*)extension->data, output+offset);
|
offset += SRTP_WRITE((TlsxSrtp*)extension->data, output+offset);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
@@ -12536,12 +12570,14 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
|
|||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_DTLS_CID
|
#ifdef WOLFSSL_DTLS_CID
|
||||||
case TLSX_CONNECTION_ID:
|
case TLSX_CONNECTION_ID:
|
||||||
|
WOLFSSL_MSG("Connection ID extension to write");
|
||||||
offset += CID_WRITE((byte*)extension->data, output+offset);
|
offset += CID_WRITE((byte*)extension->data, output+offset);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
#endif /* WOLFSSL_DTLS_CID */
|
#endif /* WOLFSSL_DTLS_CID */
|
||||||
#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
|
#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
|
||||||
case TLSX_ECH:
|
case TLSX_ECH:
|
||||||
|
WOLFSSL_MSG("ECH extension to write");
|
||||||
ret = ECH_WRITE((WOLFSSL_ECH*)extension->data,
|
ret = ECH_WRITE((WOLFSSL_ECH*)extension->data,
|
||||||
output + offset, &offset);
|
output + offset, &offset);
|
||||||
break;
|
break;
|
||||||
@@ -14655,6 +14691,7 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
|
|||||||
#endif /* HAVE_RPK */
|
#endif /* HAVE_RPK */
|
||||||
#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
|
#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
|
||||||
case TLSX_ECH:
|
case TLSX_ECH:
|
||||||
|
WOLFSSL_MSG("ECH extension received");
|
||||||
ret = ECH_PARSE(ssl, input + offset, size, msgType);
|
ret = ECH_PARSE(ssl, input + offset, size, msgType);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@@ -2582,7 +2582,7 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
|
|||||||
#ifdef CIPHER_NONCE
|
#ifdef CIPHER_NONCE
|
||||||
if (ssl->encrypt.nonce == NULL) {
|
if (ssl->encrypt.nonce == NULL) {
|
||||||
ssl->encrypt.nonce = (byte*)XMALLOC(AEAD_NONCE_SZ,
|
ssl->encrypt.nonce = (byte*)XMALLOC(AEAD_NONCE_SZ,
|
||||||
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
|
ssl->heap, DYNAMIC_TYPE_CIPHER);
|
||||||
#ifdef WOLFSSL_CHECK_MEM_ZERO
|
#ifdef WOLFSSL_CHECK_MEM_ZERO
|
||||||
if (ssl->encrypt.nonce != NULL) {
|
if (ssl->encrypt.nonce != NULL) {
|
||||||
wc_MemZero_Add("EncryptTls13 nonce", ssl->encrypt.nonce,
|
wc_MemZero_Add("EncryptTls13 nonce", ssl->encrypt.nonce,
|
||||||
@@ -2984,7 +2984,7 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,
|
|||||||
#ifdef CIPHER_NONCE
|
#ifdef CIPHER_NONCE
|
||||||
if (ssl->decrypt.nonce == NULL) {
|
if (ssl->decrypt.nonce == NULL) {
|
||||||
ssl->decrypt.nonce = (byte*)XMALLOC(AEAD_NONCE_SZ,
|
ssl->decrypt.nonce = (byte*)XMALLOC(AEAD_NONCE_SZ,
|
||||||
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
|
ssl->heap, DYNAMIC_TYPE_CIPHER);
|
||||||
#ifdef WOLFSSL_CHECK_MEM_ZERO
|
#ifdef WOLFSSL_CHECK_MEM_ZERO
|
||||||
if (ssl->decrypt.nonce != NULL) {
|
if (ssl->decrypt.nonce != NULL) {
|
||||||
wc_MemZero_Add("DecryptTls13 nonce", ssl->decrypt.nonce,
|
wc_MemZero_Add("DecryptTls13 nonce", ssl->decrypt.nonce,
|
||||||
|
|||||||
Reference in New Issue
Block a user