From 173b9833fc594a1a9747c15c21be074729f82ed1 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Tue, 14 Jul 2020 09:07:23 -0600 Subject: [PATCH] fixes for edge build cases and static memory --- examples/server/server.c | 2 +- src/internal.c | 17 +++--- src/ssl.c | 111 ++++++++++++++++++++----------------- wolfcrypt/src/asn.c | 3 +- wolfssl/internal.h | 5 +- wolfssl/ssl.h | 12 ++-- wolfssl/wolfcrypt/asn.h | 3 +- wolfssl/wolfcrypt/memory.h | 2 +- 8 files changed, 86 insertions(+), 69 deletions(-) diff --git a/examples/server/server.c b/examples/server/server.c index 2d253d80f..0d107a965 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -1018,7 +1018,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) \ || defined(SESSION_CERTS) /* big enough to handle most cases including session certs */ - byte memory[220000]; + byte memory[239936]; #else byte memory[80000]; #endif diff --git a/src/internal.c b/src/internal.c index 0561c443f..78c12e9a3 100644 --- a/src/internal.c +++ b/src/internal.c @@ -3322,14 +3322,16 @@ static enum wc_HashType HashAlgoToType(int hashAlgo) #ifndef NO_CERTS -void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag) +void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag, void* heap) { (void)dynamicFlag; + (void)heap; if (name != NULL) { name->name = name->staticName; name->dynamicName = 0; name->sz = 0; + name->heap = heap; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) XMEMSET(&name->entry, 0, sizeof(name->entry)); name->x509 = NULL; @@ -3339,11 +3341,11 @@ void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag) } -void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap) +void FreeX509Name(WOLFSSL_X509_NAME* name) { if (name != NULL) { if (name->dynamicName) { - XFREE(name->name, heap, DYNAMIC_TYPE_SUBJECT_CN); + XFREE(name->name, name->heap, DYNAMIC_TYPE_SUBJECT_CN); name->name = NULL; } #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) @@ -3358,7 +3360,6 @@ void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap) } #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ } - (void)heap; } @@ -3373,8 +3374,8 @@ void InitX509(WOLFSSL_X509* x509, int dynamicFlag, void* heap) XMEMSET(x509, 0, sizeof(WOLFSSL_X509)); x509->heap = heap; - InitX509Name(&x509->issuer, 0); - InitX509Name(&x509->subject, 0); + InitX509Name(&x509->issuer, 0, heap); + InitX509Name(&x509->subject, 0, heap); x509->dynamicMemory = (byte)dynamicFlag; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) x509->refCount = 1; @@ -3389,8 +3390,8 @@ void FreeX509(WOLFSSL_X509* x509) if (x509 == NULL) return; - FreeX509Name(&x509->issuer, x509->heap); - FreeX509Name(&x509->subject, x509->heap); + FreeX509Name(&x509->issuer); + FreeX509Name(&x509->subject); if (x509->pubKey.buffer) { XFREE(x509->pubKey.buffer, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); x509->pubKey.buffer = NULL; diff --git a/src/ssl.c b/src/ssl.c index db270b7ba..aac75253b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -95,7 +95,6 @@ #include #include #include - #include #include /* openssl headers end, wolfssl internal headers next */ #include @@ -125,7 +124,9 @@ #include #endif /* OPENSSL_ALL && HAVE_PKCS7 */ #endif + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #include int SetIndividualInternal(WOLFSSL_BIGNUM* bn, mp_int* mpi); int SetIndividualExternal(WOLFSSL_BIGNUM** bn, mp_int* mpi); int oid2nid(word32 oid, int grp); @@ -18984,8 +18985,9 @@ void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj) #endif /* NO_ASN */ #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) #ifndef NO_ASN +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ + defined(OPENSSL_EXTRA_X509_SMALL) WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void) { WOLFSSL_ASN1_OBJECT* obj; @@ -19004,7 +19006,9 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void) obj->dynamic |= WOLFSSL_ASN1_DYNAMIC; return obj; } +#endif +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) /* Creates and returns a new WOLFSSL_CIPHER stack. */ WOLFSSL_STACK* wolfSSL_sk_new_asn1_obj(void) { @@ -19143,8 +19147,8 @@ void wolfSSL_sk_ASN1_OBJECT_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk, XFREE(sk, NULL, DYNAMIC_TYPE_ASN1); } -#endif /* !NO_ASN */ #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ +#endif /* !NO_ASN */ #ifdef OPENSSL_EXTRA #ifndef NO_ASN @@ -20275,7 +20279,8 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) } #endif /* !NO_CERTS && OPENSSL_EXTRA */ -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ + defined(OPENSSL_EXTRA_X509_SMALL) /* Looks up the index of the first entry encountered with matching NID * The search starts from index 'pos' @@ -20350,7 +20355,8 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) } #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ -#if !defined(NO_CERTS) && defined(OPENSSL_EXTRA) +#if !defined(NO_CERTS) && (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) /* Creates a new WOLFSSL_ASN1_STRING structure given the input type. * @@ -20394,7 +20400,8 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) #endif /* !NO_CERTS && OPENSSL_EXTRA */ -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ + defined(OPENSSL_EXTRA_X509_SMALL) /* if dataSz is negative then use XSTRLEN to find length of data * return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure */ /* `data` can be NULL and only buffer will be allocated */ @@ -20449,8 +20456,8 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) } #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ -#ifdef OPENSSL_EXTRA #ifndef NO_CERTS +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn) { @@ -20476,7 +20483,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) return 0; } } +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#ifdef OPENSSL_EXTRA #ifndef NO_WOLFSSL_STUB WOLFSSL_ASN1_STRING* wolfSSL_d2i_DISPLAYTEXT(WOLFSSL_ASN1_STRING **asn, const unsigned char **in, long len) @@ -21179,8 +21188,10 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) #endif /* XSNPRINTF */ +#endif /* OPENSSL_EXTRA */ #endif /* !NO_CERTS */ +#ifdef OPENSSL_EXTRA #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) /* Creates cipher->description based on cipher->offset * cipher->offset is set in wolfSSL_get_ciphers_compat when it is added @@ -36354,7 +36365,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name) { WOLFSSL_ENTER("wolfSSL_X509_NAME_free"); - FreeX509Name(name, NULL); + FreeX509Name(name); XFREE(name, NULL, DYNAMIC_TYPE_X509); } @@ -36372,7 +36383,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) name = (WOLFSSL_X509_NAME*)XMALLOC(sizeof(WOLFSSL_X509_NAME), NULL, DYNAMIC_TYPE_X509); if (name != NULL) { - InitX509Name(name, 1); + InitX509Name(name, 1, NULL); } return name; } @@ -36395,30 +36406,13 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) } /* copy contents */ - XMEMCPY(copy, name, sizeof(WOLFSSL_X509_NAME)); - InitX509Name(copy, 1); - copy->sz = name->sz; - - /* handle dynamic portions */ - if (name->dynamicName) { - if (!(copy->name = (char*)XMALLOC(name->sz, 0, - DYNAMIC_TYPE_OPENSSL))) { - goto err; - } + InitX509Name(copy, 1, name->heap); + if (wolfSSL_X509_NAME_copy(name, copy) != WOLFSSL_SUCCESS) { + wolfSSL_X509_NAME_free(copy); + return NULL; } - XMEMCPY(copy->name, name->name, name->sz); return copy; - - err: - if (copy) { - if (copy->dynamicName && copy->name) { - XFREE(copy->name, 0, DYNAMIC_TYPE_OPENSSL); - copy->name = NULL; - } - wolfSSL_X509_NAME_free(copy); - } - return NULL; } #if defined(WOLFSSL_CERT_GEN) @@ -36979,7 +36973,6 @@ static int CopyX509NameToCertName(WOLFSSL_X509_NAME* n, CertName* cName) return ret; } - /* returns the size of signature on success */ int wolfSSL_X509_sign(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_MD* md) @@ -37058,7 +37051,7 @@ static int CopyX509NameToCertName(WOLFSSL_X509_NAME* n, CertName* cName) return sz; } #endif /* WOLFSSL_CERT_GEN */ - +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) /* Compares the two X509 names. If the size of x is larger then y then a * positive value is returned if x is smaller a negative value is returned. @@ -37710,6 +37703,7 @@ err: } +#endif /* OPENSSL_EXTRA || OPENSSL_ALL */ #ifdef OPENSSL_ALL /* create and return a new WOLFSSL_X509_PKEY structure or NULL on failure */ static WOLFSSL_X509_PKEY* wolfSSL_X509_PKEY_new(void* heap) @@ -38028,7 +38022,7 @@ err: entryCount += AddAllEntry(name, fullName, totalLen, &idx); if (name->dynamicName) { - XFREE(name->name, NULL, DYNAMIC_TYPE_X509); + XFREE(name->name, name->heap, DYNAMIC_TYPE_X509); } fullName[idx] = '\0'; name->name = fullName; @@ -38812,7 +38806,12 @@ err: return WOLFSSL_FATAL_ERROR; } - +#endif /* OPENSSL_EXTRA, HAVE_LIGHTY, WOLFSSL_MYSQL_COMPATIBLE, HAVE_STUNNEL, + WOLFSSL_NGINX, HAVE_POCO_LIB, WOLFSSL_HAPROXY */ +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ + defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ + defined(HAVE_POCO_LIB) || defined(WOLFSSL_HAPROXY) /* Gets the NID value that is related to the OID string passed in. Example * string would be "2.5.29.14" for subject key ID. * @@ -38872,6 +38871,11 @@ err: return NID_undef; } +#endif +#if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \ + defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \ + defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \ + defined(WOLFSSL_HAPROXY) /* Creates new ASN1_OBJECT from short name, long name, or text * representation of oid. If no_name is 0, then short name, long name, and @@ -38951,7 +38955,12 @@ err: #endif } - +#endif /* OPENSSL_ALL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || + HAVE_STUNNEL || WOLFSSL_NGINX || HAVE_POCO_LIB || WOLFSSL_HAPROXY */ +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ + defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ + defined(HAVE_POCO_LIB) || defined(WOLFSSL_HAPROXY) WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne) { WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_get_object"); if (ne == NULL) return NULL; @@ -38966,7 +38975,8 @@ err: #endif /* OPENSSL_ALL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_NGINX || HAVE_POCO_LIB || WOLFSSL_HAPROXY */ -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ + defined(OPENSSL_EXTRA_X509_SMALL) /* returns a pointer to the internal entry at location 'loc' on success, * a null pointer is returned in fail cases */ @@ -46341,7 +46351,9 @@ int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE* store) return cnt_ret; } #endif /* !NO_CERTS */ +#endif /* OPENSSL_EXTRA */ +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) long wolfSSL_X509_get_version(const WOLFSSL_X509 *x509) { int version = 0; @@ -46358,8 +46370,9 @@ long wolfSSL_X509_get_version(const WOLFSSL_X509 *x509) return 0L; } +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ - +#if defined(OPENSSL_EXTRA) int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509 *x) { if (x == NULL) @@ -47397,8 +47410,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey, /* unlike wolfSSL_X509_NAME_dup this does not malloc a duplicate, only deep * copy. "to" is expected to be a fresh blank name, if not pointers could be * lost */ -static int wolfSSL_X509_NAME_copy(WOLFSSL_X509_NAME* from, - WOLFSSL_X509_NAME* to, void* heap) +int wolfSSL_X509_NAME_copy(WOLFSSL_X509_NAME* from, WOLFSSL_X509_NAME* to) { int i; WOLFSSL_X509_NAME_ENTRY* ne; @@ -47411,7 +47423,7 @@ static int wolfSSL_X509_NAME_copy(WOLFSSL_X509_NAME* from, } if (from->dynamicName) { - to->name = (char*)XMALLOC(from->sz, heap, DYNAMIC_TYPE_SUBJECT_CN); + to->name = (char*)XMALLOC(from->sz, to->heap, DYNAMIC_TYPE_SUBJECT_CN); if (to->name == NULL) return WOLFSSL_FAILURE; to->dynamicName = 1; @@ -47425,7 +47437,6 @@ static int wolfSSL_X509_NAME_copy(WOLFSSL_X509_NAME* from, wolfSSL_X509_NAME_add_entry(to, ne, i, 1); } to->entrySz = from->entrySz; - (void)heap; return WOLFSSL_SUCCESS; } @@ -47438,12 +47449,11 @@ int wolfSSL_X509_set_subject_name(WOLFSSL_X509 *cert, WOLFSSL_X509_NAME *name) if (cert == NULL || name == NULL) return WOLFSSL_FAILURE; - FreeX509Name(&cert->subject, cert->heap); - InitX509Name(&cert->subject, 0); + FreeX509Name(&cert->subject); + InitX509Name(&cert->subject, 0, cert->heap); - if (wolfSSL_X509_NAME_copy(name, &cert->subject, cert->heap) != - WOLFSSL_SUCCESS) { - FreeX509Name(&cert->subject, cert->heap); + if (wolfSSL_X509_NAME_copy(name, &cert->subject) != WOLFSSL_SUCCESS) { + FreeX509Name(&cert->subject); return WOLFSSL_FAILURE; } @@ -47460,12 +47470,11 @@ int wolfSSL_X509_set_issuer_name(WOLFSSL_X509 *cert, WOLFSSL_X509_NAME *name) if (cert == NULL || name == NULL) return WOLFSSL_FAILURE; - FreeX509Name(&cert->issuer, cert->heap); - InitX509Name(&cert->issuer, 0); + FreeX509Name(&cert->issuer); + InitX509Name(&cert->issuer, 0, cert->heap); - if (wolfSSL_X509_NAME_copy(name, &cert->issuer, cert->heap) != - WOLFSSL_SUCCESS) { - FreeX509Name(&cert->subject, cert->heap); + if (wolfSSL_X509_NAME_copy(name, &cert->issuer) != WOLFSSL_SUCCESS) { + FreeX509Name(&cert->issuer); return WOLFSSL_FAILURE; } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 954713439..b9592a442 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -8356,7 +8356,8 @@ static int DecodeNameConstraints(const byte* input, int sz, DecodedCert* cert) } #endif /* IGNORE_NAME_CONSTRAINTS */ -#if (defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_SEP)) || defined(OPENSSL_EXTRA) +#if (defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_SEP)) || \ + defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* Decode ITU-T X.690 OID format to a string representation * return string length */ diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 651072ed4..d79b53b43 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -3601,6 +3601,7 @@ struct WOLFSSL_X509_NAME { byte raw[ASN_NAME_MAX]; int rawLen; #endif + void* heap; }; #ifndef EXTERNAL_SERIAL_SIZE @@ -4532,8 +4533,8 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength); WOLFSSL_LOCAL word32 LowResTimer(void); #ifndef NO_CERTS - WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int); - WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap); + WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int, void*); + WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name); WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int, void* heap); WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*); WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*); diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index f60d408af..098317d43 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3300,6 +3300,7 @@ WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x, WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void); WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509*); WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME*); +WOLFSSL_API int wolfSSL_X509_NAME_copy(WOLFSSL_X509_NAME*, WOLFSSL_X509_NAME*); WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl); #endif /* !NO_CERTS */ #endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ @@ -3409,7 +3410,8 @@ WOLFSSL_API int wolfSSL_PEM_do_header(EncryptedInfo* cipher, /*lighttp compatibility */ -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ + defined(OPENSSL_EXTRA_X509_SMALL) struct WOLFSSL_ASN1_BIT_STRING { int length; int type; @@ -3420,7 +3422,8 @@ struct WOLFSSL_ASN1_BIT_STRING { WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc); #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)|| \ + defined(OPENSSL_EXTRA_X509_SMALL) #if defined(OPENSSL_EXTRA) \ || defined(OPENSSL_ALL) \ @@ -3428,7 +3431,8 @@ WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NA || defined(WOLFSSL_MYSQL_COMPATIBLE) \ || defined(HAVE_STUNNEL) \ || defined(WOLFSSL_NGINX) \ - || defined(WOLFSSL_HAPROXY) + || defined(WOLFSSL_HAPROXY) \ + || defined(OPENSSL_EXTRA_X509_SMALL) WOLFSSL_API void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne); WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void); WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name); @@ -3823,7 +3827,7 @@ WOLFSSL_API void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsi unsigned *len); -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context( const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 4337feb87..b0a8698a8 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -342,7 +342,8 @@ enum Misc_ASN { #endif /* Max total extensions, id + len + others */ #endif -#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7) +#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \ + defined(HAVE_PKCS7) || defined(OPENSSL_EXTRA_X509_SMALL) MAX_OID_SZ = 32, /* Max DER length of OID*/ MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/ #endif diff --git a/wolfssl/wolfcrypt/memory.h b/wolfssl/wolfcrypt/memory.h index f54f73a39..688110b4e 100644 --- a/wolfssl/wolfcrypt/memory.h +++ b/wolfssl/wolfcrypt/memory.h @@ -111,7 +111,7 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb*, /* extra storage in structs for multiple attributes and order */ #ifndef LARGEST_MEM_BUCKET #ifdef WOLFSSL_TLS13 - #define LARGEST_MEM_BUCKET 25792 + #define LARGEST_MEM_BUCKET 30400 #else #define LARGEST_MEM_BUCKET 25600 #endif