revise static memory and update heap hint

This commit is contained in:
Jacob Barthelmeh
2016-06-04 19:03:48 -06:00
parent 104ff12e76
commit 2feee8856e
43 changed files with 2241 additions and 1269 deletions
+1 -26
View File
@@ -2554,32 +2554,7 @@ AC_ARG_ENABLE([staticmemory],
if test "x$ENABLED_STATICMEMORY" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY -DWOLFSSL_STATIC_MEMORY_MEDIUM"
fi
if test "x$ENABLED_STATICMEMORY" = "xnone"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY"
fi
if test "x$ENABLED_STATICMEMORY" = "xsmall"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY -DWOLFSSL_STATIC_MEMORY_SMALL"
fi
if test "x$ENABLED_STATICMEMORY" = "xmedium"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY -DWOLFSSL_STATIC_MEMORY_MEDIUM"
fi
if test "x$ENABLED_STATICMEMORY" = "xlarge"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY -DWOLFSSL_STATIC_MEMORY_LARGE"
fi
if test "x$ENABLED_STATICMEMORY" = "xhuge"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY -DWOLFSSL_STATIC_MEMORY_HUGE"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY -DTFM_TIMING_RESISTANT"
fi
+2 -2
View File
@@ -980,7 +980,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
}
}
#ifdef USE_WOLFSSL_MEMORY
#if defined(USE_WOLFSSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY)
if (trackMemory)
InitMemoryTracker();
#endif
@@ -1615,7 +1615,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
((func_args*)args)->return_code = 0;
#ifdef USE_WOLFSSL_MEMORY
#if defined(USE_WOLFSSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY)
if (trackMemory)
ShowMemoryTracker();
#endif /* USE_WOLFSSL_MEMORY */
+88 -2
View File
@@ -252,7 +252,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID;
SOCKET_T clientfd = WOLFSSL_SOCKET_INVALID;
#ifdef WOLFSSL_STATIC_MEMORY
wolfSSLStaticMethod method = NULL;
#else
SSL_METHOD* method = 0;
#endif
SSL_CTX* ctx = 0;
SSL* ssl = 0;
@@ -319,6 +323,16 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
const char* wnrConfigFile = wnrConfig;
#endif
#ifdef WOLFSSL_STATIC_MEMORY
#if defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)
byte memory[200000];
#else
byte memory[80000];
#endif
byte memoryIO[34500]; /* max of 17k for IO buffer (TLS packet can be 16k) */
WOLFSSL_MEM_CONN_STATS ssl_stats;
#endif
((func_args*)args)->return_code = -1; /* error state */
#ifdef NO_RSA
@@ -560,7 +574,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
}
}
#ifdef USE_CYASSL_MEMORY
#if defined(USE_CYASSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY)
if (trackMemory)
InitMemoryTracker();
#endif
@@ -574,18 +588,30 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#ifndef NO_OLD_TLS
#ifdef WOLFSSL_ALLOW_SSLV3
case 0:
#ifdef WOLFSSL_STATIC_MEMORY
method = wolfSSLv3_server_static;
#else
method = SSLv3_server_method();
#endif
break;
#endif
#ifndef NO_TLS
case 1:
#ifdef WOLFSSL_STATIC_MEMORY
method = wolfTLSv1_server_static;
#else
method = TLSv1_server_method();
#endif
break;
case 2:
#ifdef WOLFSSL_STATIC_MEMORY
method = wolfTLSv1_1_server_static;
#else
method = TLSv1_1_server_method();
#endif
break;
#endif
@@ -593,19 +619,31 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#ifndef NO_TLS
case 3:
#ifdef WOLFSSL_STATIC_MEMORY
method = wolfTLSv1_2_server_static;
#else
method = TLSv1_2_server_method();
#endif
break;
#endif
#ifdef CYASSL_DTLS
#ifndef NO_OLD_TLS
case -1:
#ifdef WOLFSSL_STATIC_MEMORY
method = wolfDTLSv1_server_static;
#else
method = DTLSv1_server_method();
#endif
break;
#endif
case -2:
#ifdef WOLFSSL_STATIC_MEMORY
method = wolfDTLSv1_2_server_static;
#else
method = DTLSv1_2_server_method();
#endif
break;
#endif
@@ -616,7 +654,19 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
if (method == NULL)
err_sys("unable to get method");
#ifdef WOLFSSL_STATIC_MEMORY
if (wolfSSL_CTX_load_static_memory(&ctx, method, memory, sizeof(memory),0,1)
!= SSL_SUCCESS)
err_sys("unable to load static memory and create ctx");
/* load in a buffer for IO */
if (wolfSSL_CTX_load_static_memory(&ctx, NULL, memoryIO, sizeof(memoryIO),
WOLFMEM_IO_POOL_FIXED | WOLFMEM_TRACK_STATS, 1)
!= SSL_SUCCESS)
err_sys("unable to load static memory and create ctx");
#else
ctx = SSL_CTX_new(method);
#endif
if (ctx == NULL)
err_sys("unable to get ctx");
@@ -783,11 +833,32 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
err_sys("tcp accept failed");
}
}
#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
{
WOLFSSL_MEM_STATS mem_stats;
fprintf(stderr, "Before creating SSL\n");
if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
err_sys("ctx not using static memory");
if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
err_sys("error printing out memory stats");
}
#endif
ssl = SSL_new(ctx);
if (ssl == NULL)
err_sys("unable to get SSL");
#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
{
WOLFSSL_MEM_STATS mem_stats;
fprintf(stderr, "After creating SSL\n");
if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
err_sys("ctx not using static memory");
if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
err_sys("error printing out memory stats");
}
#endif
#ifndef NO_HANDSHAKE_DONE_CB
wolfSSL_SetHsDoneCb(ssl, myHsDoneCb, NULL);
#endif
@@ -972,6 +1043,20 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
SSL_shutdown(ssl); /* bidirectional shutdown */
}
/* display collected statistics */
#ifdef WOLFSSL_STATIC_MEMORY
if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1)
err_sys("static memory was not used with ssl");
fprintf(stderr, "\nprint off SSL memory stats\n");
fprintf(stderr, "peak connection memory = %d\n", ssl_stats.peakMem);
fprintf(stderr, "current memory in use = %d\n", ssl_stats.curMem);
fprintf(stderr, "peak connection allocs = %d\n", ssl_stats.peakAlloc);
fprintf(stderr, "current connection allocs = %d\n",ssl_stats.curAlloc);
fprintf(stderr, "total connection allocs = %d\n",ssl_stats.totalAlloc);
fprintf(stderr, "total connection frees = %d\n\n", ssl_stats.totalFr);
#endif
SSL_free(ssl);
CloseSocket(clientfd);
@@ -987,6 +1072,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
}
} /* while(1) */
CloseSocket(sockfd);
SSL_CTX_free(ctx);
@@ -998,7 +1084,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
ecc_fp_free(); /* free per thread cache */
#endif
#ifdef USE_WOLFSSL_MEMORY
#if defined(USE_WOLFSSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY)
if (trackMemory)
ShowMemoryTracker();
#endif
+10 -4
View File
@@ -51,6 +51,12 @@ int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm)
{
WOLFSSL_ENTER("InitCRL");
/* default heap hint to null or test value */
#ifdef WOLFSSL_HEAP_TEST
crl->heap = (void*)WOLFSSL_HEAP_TEST;
#else
crl->heap = NULL;
#endif
crl->cm = cm;
crl->crlList = NULL;
crl->monitors[0].path = NULL;
@@ -233,7 +239,7 @@ static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl)
WOLFSSL_ENTER("AddCRL");
crle = (CRL_Entry*)XMALLOC(sizeof(CRL_Entry), NULL, DYNAMIC_TYPE_CRL_ENTRY);
crle = (CRL_Entry*)XMALLOC(sizeof(CRL_Entry), crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
if (crle == NULL) {
WOLFSSL_MSG("alloc CRL Entry failed");
return -1;
@@ -241,14 +247,14 @@ static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl)
if (InitCRL_Entry(crle, dcrl) < 0) {
WOLFSSL_MSG("Init CRL Entry failed");
XFREE(crle, NULL, DYNAMIC_TYPE_CRL_ENTRY);
XFREE(crle, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
return -1;
}
if (LockMutex(&crl->crlLock) != 0) {
WOLFSSL_MSG("LockMutex failed");
FreeCRL_Entry(crle);
XFREE(crle, NULL, DYNAMIC_TYPE_CRL_ENTRY);
XFREE(crle, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
return BAD_MUTEX_E;
}
crle->next = crl->crlList;
@@ -865,7 +871,7 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
WOLFSSL_MSG("monitor path requested");
pathLen = (word32)XSTRLEN(path);
pathBuf = (char*)XMALLOC(pathLen+1, NULL, DYNAMIC_TYPE_CRL_MONITOR);
pathBuf = (char*)XMALLOC(pathLen+1, crl->heap,DYNAMIC_TYPE_CRL_MONITOR);
if (pathBuf) {
XSTRNCPY(pathBuf, path, pathLen);
pathBuf[pathLen] = '\0'; /* Null Terminate */
+262 -91
View File
@@ -1285,7 +1285,7 @@ void InitSSL_Method(WOLFSSL_METHOD* method, ProtocolVersion pv)
/* Initialize SSL context, return 0 on success */
int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method)
int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
{
XMEMSET(ctx, 0, sizeof(WOLFSSL_CTX));
@@ -1345,7 +1345,7 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method)
#endif
#ifndef NO_CERTS
ctx->cm = wolfSSL_CertManagerNew();
ctx->cm = wolfSSL_CertManagerNew_ex(heap);
if (ctx->cm == NULL) {
WOLFSSL_MSG("Bad Cert Manager New");
return BAD_CERT_MANAGER_ERROR;
@@ -1366,6 +1366,17 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method)
#endif
#endif /* HAVE_WOLF_EVENT */
#ifdef WOLFSSL_STATIC_MEMORY
#ifdef WOLFSSL_HEAP_TEST
if (heap == NULL) {
ctx->heap = (void*)WOLFSSL_HEAP_TEST;
}
else
#endif
ctx->heap = heap; /* wolfSSL_CTX_load_static_memory sets */
#endif /* WOLFSSL_STATIC_MEMORY */
(void)heap;
return 0;
}
@@ -1414,7 +1425,7 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
if (ctx->certOcspRequest) {
FreeOcspRequest(ctx->certOcspRequest);
XFREE(ctx->certOcspRequest, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
XFREE(ctx->certOcspRequest, ctx->heap, DYNAMIC_TYPE_OCSP_REQUEST);
}
#endif
@@ -1422,7 +1433,7 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
for (i = 0; i < MAX_CHAIN_DEPTH; i++) {
if (ctx->chainOcspRequest[i]) {
FreeOcspRequest(ctx->chainOcspRequest[i]);
XFREE(ctx->chainOcspRequest[i], NULL, DYNAMIC_TYPE_OCSP_REQUEST);
XFREE(ctx->chainOcspRequest[i], ctx->heap, DYNAMIC_TYPE_OCSP_REQUEST);
}
}
#endif
@@ -1430,6 +1441,18 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
#endif /* NO_WOLFSSL_SERVER */
#endif /* HAVE_TLS_EXTENSIONS */
#ifdef WOLFSSL_STATIC_MEMORY
if (ctx->heap != NULL) {
#ifdef WOLFSSL_HEAP_TEST
if (ctx->heap != (void*)WOLFSSL_HEAP_TEST) {
#endif
WOLFSSL_HEAP_HINT* hint = (WOLFSSL_HEAP_HINT*)(ctx->heap);
FreeMutex(&((WOLFSSL_HEAP*)(hint->memory))->memory_mutex);
#ifdef WOLFSSL_HEAP_TEST
}
#endif
}
#endif
}
@@ -2465,22 +2488,24 @@ void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag)
}
void FreeX509Name(WOLFSSL_X509_NAME* name)
void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap)
{
if (name != NULL) {
if (name->dynamicName)
XFREE(name->name, NULL, DYNAMIC_TYPE_SUBJECT_CN);
XFREE(name->name, heap, DYNAMIC_TYPE_SUBJECT_CN);
#ifdef OPENSSL_EXTRA
if (name->fullName.fullName != NULL)
XFREE(name->fullName.fullName, NULL, DYNAMIC_TYPE_X509);
XFREE(name->fullName.fullName, heap, DYNAMIC_TYPE_X509);
#endif /* OPENSSL_EXTRA */
}
(void)heap;
}
/* Initialize wolfSSL X509 type */
void InitX509(WOLFSSL_X509* x509, int dynamicFlag)
void InitX509(WOLFSSL_X509* x509, int dynamicFlag, void* heap)
{
x509->heap = heap;
InitX509Name(&x509->issuer, 0);
InitX509Name(&x509->subject, 0);
x509->version = 0;
@@ -2526,15 +2551,15 @@ void FreeX509(WOLFSSL_X509* x509)
if (x509 == NULL)
return;
FreeX509Name(&x509->issuer);
FreeX509Name(&x509->subject);
FreeX509Name(&x509->issuer, x509->heap);
FreeX509Name(&x509->subject, x509->heap);
if (x509->pubKey.buffer)
XFREE(x509->pubKey.buffer, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
XFREE(x509->pubKey.buffer, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY);
FreeDer(&x509->derCert);
XFREE(x509->sig.buffer, NULL, DYNAMIC_TYPE_SIGNATURE);
XFREE(x509->sig.buffer, x509->heap, DYNAMIC_TYPE_SIGNATURE);
#ifdef OPENSSL_EXTRA
XFREE(x509->authKeyId, NULL, DYNAMIC_TYPE_X509_EXT);
XFREE(x509->subjKeyId, NULL, DYNAMIC_TYPE_X509_EXT);
XFREE(x509->authKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT);
XFREE(x509->subjKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT);
#endif /* OPENSSL_EXTRA */
if (x509->altNames)
FreeAltNames(x509->altNames, NULL);
@@ -3021,7 +3046,6 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
ssl->options.failNoCertxPSK = ctx->failNoCertxPSK;
ssl->options.sendVerify = ctx->sendVerify;
ssl->heap = ctx->heap; /* defaults to self */
ssl->options.partialWrite = ctx->partialWrite;
ssl->options.quietShutdown = ctx->quietShutdown;
ssl->options.groupMessages = ctx->groupMessages;
@@ -3098,6 +3122,85 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
XMEMSET(ssl, 0, sizeof(WOLFSSL));
#if defined(WOLFSSL_STATIC_MEMORY)
if (ctx->heap != NULL) {
WOLFSSL_HEAP_HINT* ssl_hint;
WOLFSSL_HEAP_HINT* ctx_hint;
/* avoid derefrencing a test value */
#ifdef WOLFSSL_HEAP_TEST
if (ctx->heap == (void*)WOLFSSL_HEAP_TEST) {
ssl->heap = ctx->heap;
}
else {
#endif
ctx_hint = ((WOLFSSL_HEAP_HINT*)(ctx->heap));
/* lock and check IO count / handshake count */
if (LockMutex(&(ctx_hint->memory->memory_mutex)) != 0) {
WOLFSSL_MSG("Bad memory_mutex lock");
return BAD_MUTEX_E;
}
if (ctx_hint->memory->maxHa <= ctx_hint->memory->curHa) {
WOLFSSL_MSG("At max number of handshakes for static memory");
return MEMORY_E;
}
ctx_hint->memory->curHa++;
if (ctx_hint->memory->maxIO <= ctx_hint->memory->curIO) {
WOLFSSL_MSG("At max number of IO allowed for static memory");
return MEMORY_E;
}
ctx_hint->memory->curIO++;
UnLockMutex(&(ctx_hint->memory->memory_mutex));
ssl->heap = (WOLFSSL_HEAP_HINT*)XMALLOC(sizeof(WOLFSSL_HEAP_HINT),
ctx->heap, DYNAMIC_TYPE_SSL);
if (ssl->heap == NULL) {
return MEMORY_E;
}
XMEMSET(ssl->heap, 0, sizeof(WOLFSSL_HEAP_HINT));
ssl_hint = ((WOLFSSL_HEAP_HINT*)(ssl->heap));
ssl_hint->memory = ctx_hint->memory;
/* check if tracking stats */
if (ctx_hint->memory->flag & WOLFMEM_TRACK_STATS) {
ssl_hint->stats = (WOLFSSL_MEM_CONN_STATS*)XMALLOC(
sizeof(WOLFSSL_MEM_CONN_STATS), ctx->heap, DYNAMIC_TYPE_SSL);
if (ssl_hint->stats == NULL) {
return MEMORY_E;
}
XMEMSET(ssl_hint->stats, 0, sizeof(WOLFSSL_MEM_CONN_STATS));
}
/* check if using fixed IO buffers */
if (ctx_hint->memory->flag & WOLFMEM_IO_POOL_FIXED) {
if (LockMutex(&(ctx_hint->memory->memory_mutex)) != 0) {
WOLFSSL_MSG("Bad memory_mutex lock");
return BAD_MUTEX_E;
}
if (SetFixedIO(ctx_hint->memory, &(ssl_hint->inBuf)) != 1) {
return MEMORY_E;
}
if (SetFixedIO(ctx_hint->memory, &(ssl_hint->outBuf)) != 1) {
return MEMORY_E;
}
if (ssl_hint->outBuf == NULL || ssl_hint->inBuf == NULL) {
WOLFSSL_MSG("Not enough memory to create fixed IO buffers");
return MEMORY_E;
}
UnLockMutex(&(ctx_hint->memory->memory_mutex));
}
#ifdef WOLFSSL_HEAP_TEST
}
#endif
}
else {
ssl->heap = ctx->heap;
}
#else
ssl->heap = ctx->heap; /* carry over user heap without static memory */
#endif
ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN;
@@ -3105,7 +3208,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN;
#if defined(KEEP_PEER_CERT) || defined(GOAHEAD_WS)
InitX509(&ssl->peerCert, 0);
InitX509(&ssl->peerCert, 0, ssl->heap);
#endif
ssl->rfd = -1; /* set to invalid descriptor */
@@ -3237,7 +3340,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
return MEMORY_E;
}
if ( (ret = wc_InitRng(ssl->rng)) != 0) {
if ( (ret = wc_InitRng_ex(ssl->rng, ssl->heap)) != 0) {
WOLFSSL_MSG("RNG Init error");
return ret;
}
@@ -3285,7 +3388,7 @@ static void FreeKeyExchange(WOLFSSL* ssl)
{
/* Cleanup signature buffer */
if (ssl->buffers.sig.buffer) {
XFREE(ssl->buffers.sig.buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(ssl->buffers.sig.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
ssl->buffers.sig.buffer = NULL;
ssl->buffers.sig.length = 0;
}
@@ -3298,7 +3401,7 @@ static void FreeKeyExchange(WOLFSSL* ssl)
case DYNAMIC_TYPE_RSA:
{
wc_FreeRsaKey((RsaKey*)ssl->sigKey);
XFREE(ssl->sigKey, NULL, DYNAMIC_TYPE_RSA);
XFREE(ssl->sigKey, ssl->heap, DYNAMIC_TYPE_RSA);
break;
}
#endif /* ! NO_RSA */
@@ -3306,7 +3409,7 @@ static void FreeKeyExchange(WOLFSSL* ssl)
case DYNAMIC_TYPE_ECC:
{
wc_ecc_free((ecc_key*)ssl->sigKey);
XFREE(ssl->sigKey, NULL, DYNAMIC_TYPE_ECC);
XFREE(ssl->sigKey, ssl->heap, DYNAMIC_TYPE_ECC);
break;
}
#endif /* HAVE_ECC */
@@ -3418,7 +3521,7 @@ void SSL_ResourceFree(WOLFSSL* ssl)
#ifdef HAVE_ALPN
if (ssl->alpn_client_list != NULL) {
XFREE(ssl->alpn_client_list, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
ssl->alpn_client_list = NULL;
}
#endif
@@ -3439,6 +3542,35 @@ void SSL_ResourceFree(WOLFSSL* ssl)
ssl->session.ticketLen = 0;
}
#endif
#ifdef WOLFSSL_STATIC_MEMORY
/* check if using fixed io buffers and free them */
if (ssl->heap != NULL) {
#ifdef WOLFSSL_HEAP_TEST
if (ssl->heap != (void*)WOLFSSL_HEAP_TEST) {
#endif
WOLFSSL_HEAP_HINT* ssl_hint = (WOLFSSL_HEAP_HINT*)ssl->heap;
WOLFSSL_HEAP* ctx_heap;
ctx_heap = ssl_hint->memory;
ctx_heap->curIO--;
if (FreeFixedIO(ctx_heap, &(ssl_hint->outBuf)) != 1) {
WOLFSSL_MSG("Error freeing fixed output buffer");
}
if (FreeFixedIO(ctx_heap, &(ssl_hint->inBuf)) != 1) {
WOLFSSL_MSG("Error freeing fixed output buffer");
}
/* check if tracking stats */
if (ctx_heap->flag & WOLFMEM_TRACK_STATS) {
XFREE(ssl_hint->stats, ssl->ctx->heap, DYNAMIC_TYPE_SSL);
}
XFREE(ssl->heap, ssl_hint, DYNAMIC_TYPE_SSL);
#ifdef WOLFSSL_HEAP_TEST
}
#endif
}
#endif /* WOLFSSL_STATIC_MEMORY */
}
#ifdef WOLFSSL_TI_HASH
@@ -3586,16 +3718,38 @@ void FreeHandshakeResources(WOLFSSL* ssl)
}
#endif
#ifdef WOLFSSL_STATIC_MEMORY
/* when done with handshake decrement current handshake count */
if (ssl->heap != NULL) {
#ifdef WOLFSSL_HEAP_TEST
if (ssl->heap != (void*)WOLFSSL_HEAP_TEST) {
#endif
WOLFSSL_HEAP_HINT* ssl_hint = (WOLFSSL_HEAP_HINT*)ssl->heap;
WOLFSSL_HEAP* ctx_heap;
ctx_heap = ssl_hint->memory;
if (LockMutex(&(ctx_heap->memory_mutex)) != 0) {
WOLFSSL_MSG("Bad memory_mutex lock");
}
ctx_heap->curHa--;
UnLockMutex(&(ctx_heap->memory_mutex));
#ifdef WOLFSSL_HEAP_TEST
}
#endif
}
#endif /* WOLFSSL_STATIC_MEMORY */
}
void FreeSSL(WOLFSSL* ssl)
/* heap argument is the heap hint used when creating SSL */
void FreeSSL(WOLFSSL* ssl, void* heap)
{
if (ssl->ctx) {
FreeSSL_Ctx(ssl->ctx); /* will decrement and free underyling CTX if 0 */
}
SSL_ResourceFree(ssl);
XFREE(ssl, ssl->heap, DYNAMIC_TYPE_SSL);
XFREE(ssl, heap, DYNAMIC_TYPE_SSL);
(void)heap;
}
@@ -5653,7 +5807,8 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
XMEMCPY(&x509->issuer.fullName,
&dCert->issuerName, sizeof(DecodedName));
x509->issuer.fullName.fullName = (char*)XMALLOC(
dCert->issuerName.fullNameLen, NULL, DYNAMIC_TYPE_X509);
dCert->issuerName.fullNameLen, x509->heap,
DYNAMIC_TYPE_X509);
if (x509->issuer.fullName.fullName != NULL)
XMEMCPY(x509->issuer.fullName.fullName,
dCert->issuerName.fullName, dCert->issuerName.fullNameLen);
@@ -5669,7 +5824,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
XMEMCPY(&x509->subject.fullName,
&dCert->subjectName, sizeof(DecodedName));
x509->subject.fullName.fullName = (char*)XMALLOC(
dCert->subjectName.fullNameLen, NULL, DYNAMIC_TYPE_X509);
dCert->subjectName.fullNameLen, x509->heap, DYNAMIC_TYPE_X509);
if (x509->subject.fullName.fullName != NULL)
XMEMCPY(x509->subject.fullName.fullName,
dCert->subjectName.fullName, dCert->subjectName.fullNameLen);
@@ -5730,7 +5885,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
if (dCert->publicKey != NULL && dCert->pubKeySize != 0) {
x509->pubKey.buffer = (byte*)XMALLOC(
dCert->pubKeySize, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
dCert->pubKeySize, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY);
if (x509->pubKey.buffer != NULL) {
x509->pubKeyOID = dCert->keyOID;
x509->pubKey.length = dCert->pubKeySize;
@@ -5742,7 +5897,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
if (dCert->signature != NULL && dCert->sigLength != 0) {
x509->sig.buffer = (byte*)XMALLOC(
dCert->sigLength, NULL, DYNAMIC_TYPE_SIGNATURE);
dCert->sigLength, x509->heap, DYNAMIC_TYPE_SIGNATURE);
if (x509->sig.buffer == NULL) {
ret = MEMORY_E;
}
@@ -5754,7 +5909,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
}
/* store cert for potential retrieval */
if (AllocDer(&x509->derCert, dCert->maxIdx, CERT_TYPE, NULL) == 0) {
if (AllocDer(&x509->derCert, dCert->maxIdx, CERT_TYPE, x509->heap) == 0) {
XMEMCPY(x509->derCert->buffer, dCert->source, dCert->maxIdx);
}
else {
@@ -5778,7 +5933,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
x509->authKeyIdSet = dCert->extAuthKeyIdSet;
x509->authKeyIdCrit = dCert->extAuthKeyIdCrit;
if (dCert->extAuthKeyIdSrc != NULL && dCert->extAuthKeyIdSz != 0) {
x509->authKeyId = (byte*)XMALLOC(dCert->extAuthKeyIdSz, NULL,
x509->authKeyId = (byte*)XMALLOC(dCert->extAuthKeyIdSz, x509->heap,
DYNAMIC_TYPE_X509_EXT);
if (x509->authKeyId != NULL) {
XMEMCPY(x509->authKeyId,
@@ -5791,7 +5946,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
x509->subjKeyIdSet = dCert->extSubjKeyIdSet;
x509->subjKeyIdCrit = dCert->extSubjKeyIdCrit;
if (dCert->extSubjKeyIdSrc != NULL && dCert->extSubjKeyIdSz != 0) {
x509->subjKeyId = (byte*)XMALLOC(dCert->extSubjKeyIdSz, NULL,
x509->subjKeyId = (byte*)XMALLOC(dCert->extSubjKeyIdSz, x509->heap,
DYNAMIC_TYPE_X509_EXT);
if (x509->subjKeyId != NULL) {
XMEMCPY(x509->subjKeyId,
@@ -6339,12 +6494,12 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
WOLFSSL_MSG("PeerEccDsaKey Memory error");
return MEMORY_E;
}
wc_ecc_init(ssl->peerEccDsaKey);
wc_ecc_init_h(ssl->peerEccDsaKey, ssl->ctx->heap);
} else if (ssl->peerEccDsaKeyPresent) {
/* don't leak on reuse */
wc_ecc_free(ssl->peerEccDsaKey);
ssl->peerEccDsaKeyPresent = 0;
wc_ecc_init(ssl->peerEccDsaKey);
wc_ecc_init_h(ssl->peerEccDsaKey, ssl->ctx->heap);
}
if (wc_ecc_import_x963(dCert->publicKey, dCert->pubKeySize,
ssl->peerEccDsaKey) != 0) {
@@ -10139,15 +10294,15 @@ int SendCertificateStatus(WOLFSSL* ssl)
return MEMORY_E;
#endif
InitDecodedCert(cert, der->buffer, der->length, NULL);
InitDecodedCert(cert, der->buffer, der->length, ssl->heap);
if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY,
ssl->ctx->cm)) != 0) {
WOLFSSL_MSG("ParseCert failed");
}
else {
request = (OcspRequest*)XMALLOC(sizeof(OcspRequest), NULL,
DYNAMIC_TYPE_OCSP_REQUEST);
request = (OcspRequest*)XMALLOC(sizeof(OcspRequest),
ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
if (request == NULL) {
FreeDecodedCert(cert);
@@ -10160,7 +10315,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
ret = InitOcspRequest(request, cert, 0);
if (ret != 0) {
XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
}
else if (!ssl->buffers.weOwnCert && 0 == LockMutex(
&ssl->ctx->cm->ocsp_stapling->ocspLock)) {
@@ -10192,13 +10347,13 @@ int SendCertificateStatus(WOLFSSL* ssl)
ret = BuildCertificateStatus(ssl, status_type,
&response, 1);
XFREE(response.buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(response.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
}
if (request != ssl->ctx->certOcspRequest)
XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
}
break;
@@ -10236,15 +10391,15 @@ int SendCertificateStatus(WOLFSSL* ssl)
return MEMORY_E;
#endif
InitDecodedCert(cert, der->buffer, der->length, NULL);
InitDecodedCert(cert, der->buffer, der->length, ssl->heap);
if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY,
ssl->ctx->cm)) != 0) {
WOLFSSL_MSG("ParseCert failed");
}
else {
request = (OcspRequest*)XMALLOC(sizeof(OcspRequest), NULL,
DYNAMIC_TYPE_OCSP_REQUEST);
request = (OcspRequest*)XMALLOC(sizeof(OcspRequest),
ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
if (request == NULL) {
FreeDecodedCert(cert);
@@ -10257,7 +10412,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
ret = InitOcspRequest(request, cert, 0);
if (ret != 0) {
XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
}
else if (!ssl->buffers.weOwnCert && 0 == LockMutex(
&ssl->ctx->cm->ocsp_stapling->ocspLock)) {
@@ -10287,7 +10442,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
}
if (request != ssl->ctx->certOcspRequest)
XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
if (ret == 0 && (!ssl->ctx->chainOcspRequest[0]
|| ssl->buffers.weOwnCertChain)) {
@@ -10318,7 +10473,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
if (idx > ssl->buffers.certChain->length)
break;
InitDecodedCert(cert, der.buffer, der.length, NULL);
InitDecodedCert(cert, der.buffer, der.length, ssl->heap);
if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY,
ssl->ctx->cm)) != 0) {
@@ -10327,7 +10482,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
}
else {
request = (OcspRequest*)XMALLOC(sizeof(OcspRequest),
NULL, DYNAMIC_TYPE_OCSP_REQUEST);
ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
if (request == NULL) {
ret = MEMORY_E;
break;
@@ -10335,7 +10490,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
ret = InitOcspRequest(request, cert, 0);
if (ret != 0) {
XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
XFREE(request, ssl->heap,DYNAMIC_TYPE_OCSP_REQUEST);
break;
}
else if (!ssl->buffers.weOwnCertChain && 0 ==
@@ -10358,7 +10513,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
ret = 0;
if (request != ssl->ctx->chainOcspRequest[i])
XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
XFREE(request, ssl->heap,DYNAMIC_TYPE_OCSP_REQUEST);
i++;
}
@@ -10391,7 +10546,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
for (i = 0; i < 1 + MAX_CHAIN_DEPTH; i++)
if (responses[i].buffer)
XFREE(responses[i].buffer, NULL,
XFREE(responses[i].buffer, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
}
}
@@ -13075,11 +13230,11 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
WOLFSSL_MSG("PeerEccKey Memory error");
return MEMORY_E;
}
wc_ecc_init(ssl->peerEccKey);
wc_ecc_init_h(ssl->peerEccKey, ssl->ctx->heap);
} else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */
wc_ecc_free(ssl->peerEccKey);
ssl->peerEccKeyPresent = 0;
wc_ecc_init(ssl->peerEccKey);
wc_ecc_init_h(ssl->peerEccKey, ssl->ctx->heap);
}
if (wc_ecc_import_x963(input + *inOutIdx, length,
@@ -13256,11 +13411,11 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
WOLFSSL_MSG("PeerEccKey Memory error");
return MEMORY_E;
}
wc_ecc_init(ssl->peerEccKey);
wc_ecc_init_h(ssl->peerEccKey, ssl->ctx->heap);
} else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */
wc_ecc_free(ssl->peerEccKey);
ssl->peerEccKeyPresent = 0;
wc_ecc_init(ssl->peerEccKey);
wc_ecc_init_h(ssl->peerEccKey, ssl->ctx->heap);
}
if (wc_ecc_import_x963(input + *inOutIdx, length,
@@ -14057,7 +14212,7 @@ static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer)
buf = ssl->QSH_secret->CliSi;
}
buf->length = sz;
buf->buffer = (byte*)XMALLOC(sz, buf->buffer, DYNAMIC_TYPE_TMP_BUFFER);
buf->buffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (buf->buffer == NULL) {
WOLFSSL_ERROR(MEMORY_E);
}
@@ -14490,7 +14645,7 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer)
return NO_PEER_KEY;
}
wc_ecc_init(&myKey);
wc_ecc_init_h(&myKey, ssl->heap);
ret = wc_ecc_make_key(ssl->rng, peerKey->dp->size, &myKey);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
@@ -14639,7 +14794,7 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer)
return NO_PEER_KEY;
}
wc_ecc_init(&myKey);
wc_ecc_init_h(&myKey, ssl->heap);
ret = wc_ecc_make_key(ssl->rng, peerKey->dp->size, &myKey);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
@@ -14870,7 +15025,7 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer)
return ret;
#ifdef HAVE_ECC
wc_ecc_init(&eccKey);
wc_ecc_init_h(&eccKey, ssl->heap);
#endif
#ifndef NO_RSA
ret = wc_InitRsaKey(&key, ssl->heap);
@@ -15602,7 +15757,7 @@ int DoSessionTicket(WOLFSSL* ssl,
WOLFSSL_MSG("EccTempKey Memory error");
ERROR_OUT(MEMORY_E, exit_sske);
}
wc_ecc_init(ssl->eccTempKey);
wc_ecc_init_h(ssl->eccTempKey, ssl->heap);
}
ret = EccMakeTempKey(ssl);
break;
@@ -15763,7 +15918,7 @@ int DoSessionTicket(WOLFSSL* ssl,
length = ENUM_LEN + CURVE_LEN + ENUM_LEN;
exportSz = MAX_EXPORT_ECC_SZ;
exportBuf = (byte*)XMALLOC(exportSz, NULL,
exportBuf = (byte*)XMALLOC(exportSz, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (exportBuf == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
@@ -15826,7 +15981,8 @@ int DoSessionTicket(WOLFSSL* ssl,
/* Export temp ECC key and add to length */
exportSz = MAX_EXPORT_ECC_SZ;
exportBuf = (byte*)XMALLOC(exportSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
exportBuf = (byte*)XMALLOC(exportSz, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (exportBuf == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
@@ -15846,19 +16002,22 @@ int DoSessionTicket(WOLFSSL* ssl,
word32 i = 0;
int keySz;
ssl->sigKey = XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA);
ssl->sigKey = XMALLOC(sizeof(RsaKey), ssl->heap,
DYNAMIC_TYPE_RSA);
if (ssl->sigKey == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
ssl->sigType = DYNAMIC_TYPE_RSA;
ret = wc_InitRsaKey((RsaKey*)ssl->sigKey, ssl->heap);
ret = wc_InitRsaKey((RsaKey*)ssl->sigKey,
ssl->heap);
if (ret != 0) {
goto exit_sske;
}
ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &i,
(RsaKey*)ssl->sigKey, ssl->buffers.key->length);
ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer,
&i, (RsaKey*)ssl->sigKey,
ssl->buffers.key->length);
if (ret != 0) {
goto exit_sske;
}
@@ -15878,16 +16037,18 @@ int DoSessionTicket(WOLFSSL* ssl,
case ecc_dsa_sa_algo:
{
word32 i = 0;
ssl->sigKey = XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_ECC);
ssl->sigKey = XMALLOC(sizeof(ecc_key),
ssl->heap, DYNAMIC_TYPE_ECC);
if (ssl->sigKey == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
ssl->sigType = DYNAMIC_TYPE_ECC;
wc_ecc_init((ecc_key*)ssl->sigKey);
wc_ecc_init_h((ecc_key*)ssl->sigKey, ssl->heap);
ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &i,
(ecc_key*)ssl->sigKey, ssl->buffers.key->length);
ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer,
&i, (ecc_key*)ssl->sigKey,
ssl->buffers.key->length);
if (ret != 0) {
goto exit_sske;
}
@@ -16005,7 +16166,8 @@ int DoSessionTicket(WOLFSSL* ssl,
/* Assemble buffer to hash for signature */
sigDataSz = RAN_LEN + RAN_LEN + preSigSz;
sigDataBuf = (byte*)XMALLOC(sigDataSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
sigDataBuf = (byte*)XMALLOC(sigDataSz, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (sigDataBuf == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
@@ -16015,7 +16177,7 @@ int DoSessionTicket(WOLFSSL* ssl,
ssl->buffers.sig.length = wc_HashGetDigestSize(hashType);
ssl->buffers.sig.buffer = (byte*)XMALLOC(ssl->buffers.sig.length,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (ssl->buffers.sig.buffer == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
@@ -16038,12 +16200,13 @@ int DoSessionTicket(WOLFSSL* ssl,
/* For TLS 1.2 re-encode signature */
if (IsAtLeastTLSv1_2(ssl)) {
int typeH = 0;
byte* encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
byte* encodedSig = (byte*)XMALLOC(
MAX_ENCODED_SIG_SZ, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (encodedSig == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
switch (ssl->suites->hashAlgo) {
case sha512_mac:
#ifdef WOLFSSL_SHA512
@@ -16073,7 +16236,8 @@ int DoSessionTicket(WOLFSSL* ssl,
ssl->buffers.sig.buffer, ssl->buffers.sig.length, typeH);
/* Replace sig buffer with new one */
XFREE(ssl->buffers.sig.buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(ssl->buffers.sig.buffer, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
ssl->buffers.sig.buffer = encodedSig;
}
@@ -16138,13 +16302,14 @@ int DoSessionTicket(WOLFSSL* ssl,
word32 i = 0;
int keySz;
ssl->sigKey = XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA);
ssl->sigKey = XMALLOC(sizeof(RsaKey), ssl->heap,
DYNAMIC_TYPE_RSA);
if (ssl->sigKey == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
ssl->sigType = DYNAMIC_TYPE_RSA;
ret = wc_InitRsaKey((RsaKey*)ssl->sigKey, ssl->heap);
ret = wc_InitRsaKey((RsaKey*)ssl->sigKey,ssl->heap);
if (ret != 0) {
goto exit_sske;
}
@@ -16283,7 +16448,8 @@ int DoSessionTicket(WOLFSSL* ssl,
/* Assemble buffer to hash for signature */
sigDataSz = RAN_LEN + RAN_LEN + preSigSz;
sigDataBuf = (byte*)XMALLOC(sigDataSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
sigDataBuf = (byte*)XMALLOC(sigDataSz, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (sigDataBuf == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
@@ -16292,8 +16458,9 @@ int DoSessionTicket(WOLFSSL* ssl,
XMEMCPY(sigDataBuf+RAN_LEN+RAN_LEN, output + preSigIdx, preSigSz);
ssl->buffers.sig.length = wc_HashGetDigestSize(hashType);
ssl->buffers.sig.buffer = (byte*)XMALLOC(ssl->buffers.sig.length,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
ssl->buffers.sig.buffer = (byte*)XMALLOC(
ssl->buffers.sig.length, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (ssl->buffers.sig.buffer == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
@@ -16316,12 +16483,13 @@ int DoSessionTicket(WOLFSSL* ssl,
/* For TLS 1.2 re-encode signature */
if (IsAtLeastTLSv1_2(ssl)) {
int typeH = 0;
byte* encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
byte* encodedSig = (byte*)XMALLOC(
MAX_ENCODED_SIG_SZ, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (encodedSig == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
switch (ssl->suites->hashAlgo) {
case sha512_mac:
#ifdef WOLFSSL_SHA512
@@ -16351,7 +16519,8 @@ int DoSessionTicket(WOLFSSL* ssl,
ssl->buffers.sig.buffer, ssl->buffers.sig.length, typeH);
/* Replace sig buffer with new one */
XFREE(ssl->buffers.sig.buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(ssl->buffers.sig.buffer, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
ssl->buffers.sig.buffer = encodedSig;
}
@@ -16567,13 +16736,13 @@ int DoSessionTicket(WOLFSSL* ssl,
/* Handle cleanup for stack variables here */
#if defined(HAVE_ECC)
if (exportBuf) {
XFREE(exportBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(exportBuf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
exportBuf = NULL;
}
#endif
#if defined(HAVE_ECC) || (!defined(NO_DH) && !defined(NO_RSA))
if (sigDataBuf) {
XFREE(sigDataBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sigDataBuf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
sigDataBuf = NULL;
}
#endif
@@ -17972,7 +18141,8 @@ int DoSessionTicket(WOLFSSL* ssl,
word32 i = 0;
int keySz;
ssl->sigKey = XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA);
ssl->sigKey = XMALLOC(sizeof(RsaKey), ssl->heap,
DYNAMIC_TYPE_RSA);
if (ssl->sigKey == NULL) {
ERROR_OUT(MEMORY_E, exit_dcke);
}
@@ -18152,11 +18322,11 @@ int DoSessionTicket(WOLFSSL* ssl,
WOLFSSL_MSG("PeerEccKey Memory error");
ERROR_OUT(MEMORY_E, exit_dcke);
}
wc_ecc_init(ssl->peerEccKey);
wc_ecc_init_h(ssl->peerEccKey, ssl->heap);
} else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */
wc_ecc_free(ssl->peerEccKey);
ssl->peerEccKeyPresent = 0;
wc_ecc_init(ssl->peerEccKey);
wc_ecc_init_h(ssl->peerEccKey, ssl->heap);
}
if (wc_ecc_import_x963(input + idx, length, ssl->peerEccKey)) {
@@ -18171,13 +18341,14 @@ int DoSessionTicket(WOLFSSL* ssl,
if (ssl->specs.static_ecdh) {
word32 i = 0;
ssl->sigKey = XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_ECC);
ssl->sigKey = XMALLOC(sizeof(ecc_key), ssl->heap,
DYNAMIC_TYPE_ECC);
if (ssl->sigKey == NULL) {
ERROR_OUT(MEMORY_E, exit_dcke);
}
ssl->sigType = DYNAMIC_TYPE_ECC;
wc_ecc_init((ecc_key*)ssl->sigKey);
wc_ecc_init_h((ecc_key*)ssl->sigKey, ssl->heap);
ret = wc_EccPrivateKeyDecode(
ssl->buffers.key->buffer,
@@ -18361,11 +18532,11 @@ int DoSessionTicket(WOLFSSL* ssl,
WOLFSSL_MSG("PeerEccKey Memory error");
ERROR_OUT(MEMORY_E, exit_dcke);
}
wc_ecc_init(ssl->peerEccKey);
wc_ecc_init_h(ssl->peerEccKey, ssl->heap);
} else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */
wc_ecc_free(ssl->peerEccKey);
ssl->peerEccKeyPresent = 0;
wc_ecc_init(ssl->peerEccKey);
wc_ecc_init_h(ssl->peerEccKey, ssl->heap);
}
if (wc_ecc_import_x963(input + idx, length,
ssl->peerEccKey)) {
+290 -33
View File
@@ -294,11 +294,11 @@ static wolfSSL_Mutex count_mutex; /* init ref count mutex */
This function frees the passed in WOLFSSL_METHOD struct on failure and on
success is freed when ctx is freed.
*/
WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method)
WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap)
{
WOLFSSL_CTX* ctx = NULL;
WOLFSSL_ENTER("WOLFSSL_CTX_new");
WOLFSSL_ENTER("WOLFSSL_CTX_new_ex");
if (initRefCount == 0) {
/* user no longer forced to call Init themselves */
@@ -307,7 +307,7 @@ WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method)
WOLFSSL_MSG("wolfSSL_Init failed");
WOLFSSL_LEAVE("WOLFSSL_CTX_new", 0);
if (method != NULL) {
XFREE(method, NULL, DYNAMIC_TYPE_METHOD);
XFREE(method, heap, DYNAMIC_TYPE_METHOD);
}
return NULL;
}
@@ -316,9 +316,9 @@ WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method)
if (method == NULL)
return ctx;
ctx = (WOLFSSL_CTX*) XMALLOC(sizeof(WOLFSSL_CTX), 0, DYNAMIC_TYPE_CTX);
ctx = (WOLFSSL_CTX*) XMALLOC(sizeof(WOLFSSL_CTX), heap, DYNAMIC_TYPE_CTX);
if (ctx) {
if (InitSSL_Ctx(ctx, method) < 0) {
if (InitSSL_Ctx(ctx, method, heap) < 0) {
WOLFSSL_MSG("Init CTX failed");
wolfSSL_CTX_free(ctx);
ctx = NULL;
@@ -326,7 +326,7 @@ WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method)
}
else {
WOLFSSL_MSG("Alloc CTX failed, method freed");
XFREE(method, NULL, DYNAMIC_TYPE_METHOD);
XFREE(method, heap, DYNAMIC_TYPE_METHOD);
}
WOLFSSL_LEAVE("WOLFSSL_CTX_new", 0);
@@ -334,6 +334,12 @@ WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method)
}
WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method)
{
return wolfSSL_CTX_new_ex(method, NULL);
}
void wolfSSL_CTX_free(WOLFSSL_CTX* ctx)
{
WOLFSSL_ENTER("SSL_CTX_free");
@@ -354,10 +360,10 @@ WOLFSSL* wolfSSL_new(WOLFSSL_CTX* ctx)
if (ctx == NULL)
return ssl;
ssl = (WOLFSSL*) XMALLOC(sizeof(WOLFSSL), ctx->heap,DYNAMIC_TYPE_SSL);
ssl = (WOLFSSL*) XMALLOC(sizeof(WOLFSSL), ctx->heap, DYNAMIC_TYPE_SSL);
if (ssl)
if ( (ret = InitSSL(ssl, ctx)) < 0) {
FreeSSL(ssl);
FreeSSL(ssl, ctx->heap);
ssl = 0;
}
@@ -370,7 +376,7 @@ void wolfSSL_free(WOLFSSL* ssl)
{
WOLFSSL_ENTER("SSL_free");
if (ssl)
FreeSSL(ssl);
FreeSSL(ssl, ssl->ctx->heap);
WOLFSSL_LEAVE("SSL_free", 0);
}
@@ -617,6 +623,154 @@ int wolfSSL_GetObjectSize(void)
return sizeof(WOLFSSL);
}
#endif
#ifdef WOLFSSL_STATIC_MEMORY
int wolfSSL_init_memory_heap(WOLFSSL_HEAP* heap)
{
/* default size of chunks of memory to seperate into */
word32 wc_defaultMemSz[WOLFMEM_DEF_BUCKETS] =
{ 64, 128, 256, 512, 1024, 2400, 3408, 4544, 16000 };
word32 wc_defaultDist[WOLFMEM_DEF_BUCKETS] = { 8, 4, 4, 12, 4, 5, 2, 1, 1 };
if (heap == NULL) {
return BAD_FUNC_ARG;
}
XMEMSET(heap, 0, sizeof(WOLFSSL_HEAP));
/* default pool sizes and distribution, else leave a 0's for now */
if (WOLFMEM_DEF_BUCKETS == WOLFMEM_MAX_BUCKETS) {
XMEMCPY(heap->sizeList, wc_defaultMemSz, sizeof(wc_defaultMemSz));
XMEMCPY(heap->distList, wc_defaultDist, sizeof(wc_defaultMemSz));
}
if (InitMutex(&(heap->memory_mutex)) != 0) {
WOLFSSL_MSG("Error creating heap memory mutex");
}
return SSL_SUCCESS;
}
int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx, wolfSSLStaticMethod method,
unsigned char* buf, unsigned int sz,
int flag, int max)
{
WOLFSSL_HEAP* heap;
WOLFSSL_HEAP_HINT* hint;
word32 idx = 0;
if (ctx == NULL || buf == NULL) {
return BAD_FUNC_ARG;
}
if (*ctx == NULL && method == NULL) {
return BAD_FUNC_ARG;
}
if (*ctx == NULL) {
heap = (WOLFSSL_HEAP*)buf;
idx += sizeof(WOLFSSL_HEAP);
if (wolfSSL_init_memory_heap(heap) != SSL_SUCCESS) {
return SSL_FAILURE;
}
hint = (WOLFSSL_HEAP_HINT*)(buf + idx);
idx += sizeof(WOLFSSL_HEAP_HINT);
XMEMSET(hint, 0, sizeof(WOLFSSL_HEAP_HINT));
hint->memory = heap;
}
else if ((*ctx)->heap == NULL) {
heap = (WOLFSSL_HEAP*)buf;
idx += sizeof(WOLFSSL_HEAP);
if (wolfSSL_init_memory_heap(heap) != SSL_SUCCESS) {
return SSL_FAILURE;
}
hint = (WOLFSSL_HEAP_HINT*)(buf + idx);
idx += sizeof(WOLFSSL_HEAP_HINT);
XMEMSET(hint, 0, sizeof(WOLFSSL_HEAP_HINT));
hint->memory = heap;
}
else {
#ifdef WOLFSSL_HEAP_TEST
/* do not load in memory if test has been set */
if ((*ctx)->heap == (void*)WOLFSSL_HEAP_TEST) {
return SSL_SUCCESS;
}
#endif
hint = (WOLFSSL_HEAP_HINT*)((*ctx)->heap);
heap = hint->memory;
}
if (wolfSSL_load_static_memory(buf + idx, sz - idx, flag, heap) != 1) {
WOLFSSL_MSG("Error partitioning memory");
return SSL_FAILURE;
}
/* create ctx if needed */
if (*ctx == NULL) {
*ctx = wolfSSL_CTX_new_ex(method(hint), hint);
if (*ctx == NULL) {
WOLFSSL_MSG("Error creating ctx");
return SSL_FAILURE;
}
}
/* determine what max applies too */
if (flag & WOLFMEM_IO_POOL || flag & WOLFMEM_IO_POOL_FIXED) {
heap->maxIO = max;
}
else { /* general memory used in handshakes */
heap->maxHa = max;
}
heap->flag |= flag;
(void)max;
(void)method;
return SSL_SUCCESS;
}
int wolfSSL_is_static_memory(WOLFSSL* ssl, WOLFSSL_MEM_CONN_STATS* mem_stats)
{
if (ssl == NULL) {
return BAD_FUNC_ARG;
}
WOLFSSL_ENTER("wolfSSL_is_static_memory");
/* fill out statistics if wanted and WOLFMEM_TRACK_STATS flag */
if (mem_stats != NULL && ssl->heap != NULL) {
WOLFSSL_HEAP_HINT* hint = ((WOLFSSL_HEAP_HINT*)(ssl->heap));
WOLFSSL_HEAP* heap = hint->memory;
if (heap->flag & WOLFMEM_TRACK_STATS && hint->stats != NULL) {
XMEMCPY(mem_stats, hint->stats, sizeof(WOLFSSL_MEM_CONN_STATS));
}
}
return (ssl->heap)? 1 : 0;
}
int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx, WOLFSSL_MEM_STATS* mem_stats)
{
if (ctx == NULL) {
return BAD_FUNC_ARG;
}
WOLFSSL_ENTER("wolfSSL_CTX_is_static_memory");
/* fill out statistics if wanted */
if (mem_stats != NULL && ctx->heap != NULL) {
WOLFSSL_HEAP* heap = ((WOLFSSL_HEAP_HINT*)(ctx->heap))->memory;
if (wolfSSL_GetMemStats(heap, mem_stats) != 1) {
return MEMORY_E;
}
}
return (ctx->heap)? 1 : 0;
}
#endif /* WOLFSSL_STATIC_MEMORY */
#ifdef HAVE_ECC
int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ctx, short keySz)
@@ -693,15 +847,15 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
XFREE(ssl->buffers.serverDH_G.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH);
ssl->buffers.weOwnDH = 1; /* SSL owns now */
ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(pSz, ssl->ctx->heap,
ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(pSz, ssl->heap,
DYNAMIC_TYPE_DH);
if (ssl->buffers.serverDH_P.buffer == NULL)
return MEMORY_E;
ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(gSz, ssl->ctx->heap,
ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(gSz, ssl->heap,
DYNAMIC_TYPE_DH);
if (ssl->buffers.serverDH_G.buffer == NULL) {
XFREE(ssl->buffers.serverDH_P.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH);
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH);
return MEMORY_E;
}
@@ -740,11 +894,11 @@ int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz,
XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap,DYNAMIC_TYPE_DH);
ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_DH);
if (ctx->serverDH_P.buffer == NULL)
return MEMORY_E;
ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap,DYNAMIC_TYPE_DH);
ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_DH);
if (ctx->serverDH_G.buffer == NULL) {
XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
return MEMORY_E;
@@ -1190,7 +1344,7 @@ int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list,
}
list = (char *)XMALLOC(protocol_name_listSz+1, NULL,
list = (char *)XMALLOC(protocol_name_listSz+1, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (list == NULL) {
WOLFSSL_MSG("Memory failure");
@@ -1239,7 +1393,7 @@ int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list, word16 *listSz)
if (*listSz == 0)
return BUFFER_ERROR;
*list = (char *)XMALLOC((*listSz)+1, NULL, DYNAMIC_TYPE_TLSX);
*list = (char *)XMALLOC((*listSz)+1, ssl->heap, DYNAMIC_TYPE_TLSX);
if (*list == NULL)
return MEMORY_ERROR;
@@ -1916,13 +2070,14 @@ void FreeDer(DerBuffer** pDer)
}
}
WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void)
WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap)
{
WOLFSSL_CERT_MANAGER* cm = NULL;
WOLFSSL_ENTER("wolfSSL_CertManagerNew");
cm = (WOLFSSL_CERT_MANAGER*) XMALLOC(sizeof(WOLFSSL_CERT_MANAGER), 0,
cm = (WOLFSSL_CERT_MANAGER*) XMALLOC(sizeof(WOLFSSL_CERT_MANAGER), heap,
DYNAMIC_TYPE_CERT_MANAGER);
if (cm) {
XMEMSET(cm, 0, sizeof(WOLFSSL_CERT_MANAGER));
@@ -1948,12 +2103,25 @@ WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void)
#ifdef HAVE_ECC
cm->minEccKeySz = MIN_ECCKEY_SZ;
#endif
#ifdef WOLFSSL_HEAP_TEST
if (heap == NULL) {
cm->heap = (void*)WOLFSSL_HEAP_TEST;
}
else
#endif
cm->heap = heap;
}
return cm;
}
WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void)
{
return wolfSSL_CertManagerNew_ex(NULL);
}
void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm)
{
WOLFSSL_ENTER("wolfSSL_CertManagerFree");
@@ -1972,15 +2140,15 @@ void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm)
FreeOCSP(cm->ocsp_stapling, 1);
#endif
#endif
FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL);
FreeSignerTable(cm->caTable, CA_TABLE_SIZE, cm->heap);
FreeMutex(&cm->caLock);
#ifdef WOLFSSL_TRUST_PEER_CERT
FreeTrustedPeerTable(cm->tpTable, TP_TABLE_SIZE, NULL);
FreeTrustedPeerTable(cm->tpTable, TP_TABLE_SIZE, cm->heap);
FreeMutex(&cm->tpLock);
#endif
XFREE(cm, NULL, DYNAMIC_TYPE_CERT_MANAGER);
XFREE(cm, cm->heap, DYNAMIC_TYPE_CERT_MANAGER);
}
}
@@ -2631,7 +2799,7 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify)
WOLFSSL_MSG("Adding a Trusted Peer Cert");
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), cm->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (cert == NULL)
return MEMORY_E;
@@ -2643,11 +2811,11 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify)
}
WOLFSSL_MSG(" Parsed new trusted peer cert");
peerCert = (TrustedPeerCert*)XMALLOC(sizeof(TrustedPeerCert), NULL,
peerCert = (TrustedPeerCert*)XMALLOC(sizeof(TrustedPeerCert), cm->heap,
DYNAMIC_TYPE_CERT);
if (peerCert == NULL) {
FreeDecodedCert(cert);
XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
return MEMORY_E;
}
XMEMSET(peerCert, 0, sizeof(TrustedPeerCert));
@@ -2681,7 +2849,7 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify)
DYNAMIC_TYPE_SIGNATURE);
if (peerCert->sig == NULL) {
FreeDecodedCert(cert);
XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
FreeTrustedPeer(peerCert, cm->heap);
return MEMORY_E;
}
@@ -2728,7 +2896,7 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify)
else {
WOLFSSL_MSG(" Trusted Peer Cert Mutex Lock failed");
FreeDecodedCert(cert);
XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
FreeTrustedPeer(peerCert, cm->heap);
return BAD_MUTEX_E;
}
@@ -2736,7 +2904,7 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify)
WOLFSSL_MSG(" Freeing parsed trusted peer cert");
FreeDecodedCert(cert);
XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
WOLFSSL_MSG(" Freeing der trusted peer cert");
FreeDer(&der);
WOLFSSL_MSG(" OK Freeing der trusted peer cert");
@@ -3391,7 +3559,7 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
int ret;
int eccKey = 0;
int rsaKey = 0;
void* heap = ctx ? ctx->heap : NULL;
void* heap = ctx ? ctx->heap : ((ssl) ? ssl->heap : NULL);
#ifdef WOLFSSL_SMALL_STACK
EncryptedInfo* info = NULL;
#else
@@ -4415,7 +4583,7 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
int ret;
long sz = 0;
XFILE file;
void* heapHint = ctx ? ctx->heap : NULL;
void* heapHint = ctx ? ctx->heap : ((ssl) ? ssl->heap : NULL);
(void)crl;
(void)heapHint;
@@ -6453,6 +6621,47 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
}
#endif
#ifdef WOLFSSL_STATIC_MEMORY
#if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
WOLFSSL_METHOD* wolfSSLv3_client_static(void* heap)
{
WOLFSSL_METHOD* method =
(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
heap, DYNAMIC_TYPE_METHOD);
WOLFSSL_ENTER("SSLv3_client_static");
if (method)
InitSSL_Method(method, MakeSSLv3());
return method;
}
#endif
#ifdef WOLFSSL_DTLS
#ifndef NO_OLD_TLS
WOLFSSL_METHOD* wolfDTLSv1_client_static(void* heap)
{
WOLFSSL_METHOD* method =
(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
heap, DYNAMIC_TYPE_METHOD);
WOLFSSL_ENTER("DTLSv1_client_static");
if (method)
InitSSL_Method(method, MakeDTLSv1());
return method;
}
#endif /* NO_OLD_TLS */
WOLFSSL_METHOD* wolfDTLSv1_2_client_static(void* heap)
{
WOLFSSL_METHOD* method =
(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
heap, DYNAMIC_TYPE_METHOD);
WOLFSSL_ENTER("DTLSv1_2_client_static");
if (method)
InitSSL_Method(method, MakeDTLSv1_2());
return method;
}
#endif
#endif /* WOLFSSL_STATIC_MEMORY */
/* please see note at top of README if you get an error from connect */
int wolfSSL_connect(WOLFSSL* ssl)
@@ -6767,6 +6976,54 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
}
#endif
#ifdef WOLFSSL_STATIC_MEMORY
#if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
WOLFSSL_METHOD* wolfSSLv3_server_static(void* heap)
{
WOLFSSL_METHOD* method =
(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
heap, DYNAMIC_TYPE_METHOD);
WOLFSSL_ENTER("SSLv3_server_static");
if (method) {
InitSSL_Method(method, MakeSSLv3());
method->side = WOLFSSL_SERVER_END;
}
return method;
}
#endif
#ifdef WOLFSSL_DTLS
#ifndef NO_OLD_TLS
WOLFSSL_METHOD* wolfDTLSv1_server_static(void* heap)
{
WOLFSSL_METHOD* method =
(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
heap, DYNAMIC_TYPE_METHOD);
WOLFSSL_ENTER("DTLSv1_server_static");
if (method) {
InitSSL_Method(method, MakeDTLSv1());
method->side = WOLFSSL_SERVER_END;
}
return method;
}
#endif /* NO_OLD_TLS */
WOLFSSL_METHOD* wolfDTLSv1_2_server_static(void* heap)
{
WOLFSSL_METHOD* method =
(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
heap, DYNAMIC_TYPE_METHOD);
WOLFSSL_ENTER("DTLSv1_2_server_static");
if (method) {
InitSSL_Method(method, MakeDTLSv1_2());
method->side = WOLFSSL_SERVER_END;
}
return method;
}
#endif
#endif /* WOLFSSL_STATIC_MEMORY */
int wolfSSL_accept(WOLFSSL* ssl)
{
@@ -10314,7 +10571,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
if (x509) {
if (x509->dynamicMemory) {
FreeX509(x509);
XFREE(x509, NULL, DYNAMIC_TYPE_X509);
XFREE(x509, x509->heap, DYNAMIC_TYPE_X509);
} else {
WOLFSSL_MSG("free called on non dynamic object, not freeing");
}
@@ -10684,7 +10941,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
if (!name->sz) return in;
if (!in) {
in = (char*)XMALLOC(name->sz, 0, DYNAMIC_TYPE_OPENSSL);
in = (char*)XMALLOC(name->sz, NULL, DYNAMIC_TYPE_OPENSSL);
if (!in ) return in;
copySz = name->sz;
}
@@ -10892,7 +11149,7 @@ WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len)
newX509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
DYNAMIC_TYPE_X509);
if (newX509 != NULL) {
InitX509(newX509, 1);
InitX509(newX509, 1, NULL);
if (CopyDecodedToX509(newX509, cert) != 0) {
XFREE(newX509, NULL, DYNAMIC_TYPE_X509);
newX509 = NULL;
@@ -11068,7 +11325,7 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
DYNAMIC_TYPE_X509);
if (x509 != NULL) {
InitX509(x509, 1);
InitX509(x509, 1, NULL);
if (CopyDecodedToX509(x509, cert) != 0) {
XFREE(x509, NULL, DYNAMIC_TYPE_X509);
x509 = NULL;
+114
View File
@@ -4611,6 +4611,29 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
return method;
}
#ifdef WOLFSSL_STATIC_MEMORY
WOLFSSL_METHOD* wolfTLSv1_client_static(void* heap)
{
WOLFSSL_METHOD* method =
(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
heap, DYNAMIC_TYPE_METHOD);
if (method)
InitSSL_Method(method, MakeTLSv1());
return method;
}
WOLFSSL_METHOD* wolfTLSv1_1_client_static(void* heap)
{
WOLFSSL_METHOD* method =
(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
heap, DYNAMIC_TYPE_METHOD);
if (method)
InitSSL_Method(method, MakeTLSv1_1());
return method;
}
#endif /* WOLFSSL_STATIC_MEMORY */
#endif /* !NO_OLD_TLS */
#ifndef NO_SHA256 /* can't use without SHA256 */
@@ -4625,6 +4648,17 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
return method;
}
#ifdef WOLFSSL_STATIC_MEMORY
WOLFSSL_METHOD* wolfTLSv1_2_client_static(void* heap)
{
WOLFSSL_METHOD* method =
(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
heap, DYNAMIC_TYPE_METHOD);
if (method)
InitSSL_Method(method, MakeTLSv1_2());
return method;
}
#endif /* WOLFSSL_STATIC_MEMORY */
#endif
@@ -4647,6 +4681,26 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
}
#ifdef WOLFSSL_STATIC_MEMORY
WOLFSSL_METHOD* wolfSSLv23_client_static(void* heap)
{
WOLFSSL_METHOD* method =
(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
heap, DYNAMIC_TYPE_METHOD);
if (method) {
#ifndef NO_SHA256 /* 1.2 requires SHA256 */
InitSSL_Method(method, MakeTLSv1_2());
#else
InitSSL_Method(method, MakeTLSv1_1());
#endif
#ifndef NO_OLD_TLS
method->downgrade = 1;
#endif
}
return method;
}
#endif /* WOLFSSL_STATIC_MEMORY */
#endif /* NO_WOLFSSL_CLIENT */
@@ -4680,6 +4734,32 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
return method;
}
#ifdef WOLFSSL_STATIC_MEMORY
WOLFSSL_METHOD* wolfTLSv1_server_static(void* heap)
{
WOLFSSL_METHOD* method =
(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
heap, DYNAMIC_TYPE_METHOD);
if (method) {
InitSSL_Method(method, MakeTLSv1());
method->side = WOLFSSL_SERVER_END;
}
return method;
}
WOLFSSL_METHOD* wolfTLSv1_1_server_static(void* heap)
{
WOLFSSL_METHOD* method =
(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
heap, DYNAMIC_TYPE_METHOD);
if (method) {
InitSSL_Method(method, MakeTLSv1_1());
method->side = WOLFSSL_SERVER_END;
}
return method;
}
#endif /* WOLFSSL_STATIC_MEMORY */
#endif /* !NO_OLD_TLS */
#ifndef NO_SHA256 /* can't use without SHA256 */
@@ -4696,6 +4776,20 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
return method;
}
#ifdef WOLFSSL_STATIC_MEMORY
WOLFSSL_METHOD* wolfTLSv1_2_server_static(void* heap)
{
WOLFSSL_METHOD* method =
(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
heap, DYNAMIC_TYPE_METHOD);
if (method) {
InitSSL_Method(method, MakeTLSv1_2());
method->side = WOLFSSL_SERVER_END;
}
return method;
}
#endif /* WOLFSSL_STATIC_MEMORY */
#endif
@@ -4718,6 +4812,26 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
return method;
}
#ifdef WOLFSSL_STATIC_MEMORY
WOLFSSL_METHOD* wolfSSLv23_server_static(void* heap)
{
WOLFSSL_METHOD* method =
(WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
heap, DYNAMIC_TYPE_METHOD);
if (method) {
#ifndef NO_SHA256 /* 1.2 requires SHA256 */
InitSSL_Method(method, MakeTLSv1_2());
#else
InitSSL_Method(method, MakeTLSv1_1());
#endif
method->side = WOLFSSL_SERVER_END;
#ifndef NO_OLD_TLS
method->downgrade = 1;
#endif /* !NO_OLD_TLS */
}
return method;
}
#endif /* WOLFSSL_STATIC_MEMORY */
#endif /* NO_WOLFSSL_SERVER */
+3
View File
@@ -29,6 +29,9 @@
#endif
#include <wolfssl/wolfcrypt/settings.h>
#if defined(WOLFSSL_STATIC_MEMORY)
#include <wolfssl/wolfcrypt/memory.h>
#endif /* WOLFSSL_STATIC_MEMORY */
#ifdef HAVE_ECC
#include <wolfssl/wolfcrypt/ecc.h> /* wc_ecc_fp_free */
#endif
+14
View File
@@ -469,6 +469,10 @@ int SuiteTest(void)
args.argv = myArgv;
strcpy(argv0[0], "SuiteTest");
#ifdef WOLFSSL_STATIC_MEMORY
byte memory[200000];
#endif
(void)test_harness;
cipherSuiteCtx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
@@ -477,6 +481,16 @@ int SuiteTest(void)
exit(EXIT_FAILURE);
}
/* load in static memory buffer if enabled */
#ifdef WOLFSSL_STATIC_MEMORY
if (wolfSSL_CTX_load_static_memory(&cipherSuiteCtx, NULL,
memory, sizeof(memory), 0, 1)
!= SSL_SUCCESS) {
printf("unable to load static memory and create ctx");
exit(EXIT_FAILURE);
}
#endif
/* default case */
args.argc = 1;
printf("starting default cipher suite tests\n");
+16 -4
View File
@@ -1231,7 +1231,7 @@ static void wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
/* check alignment, decrypt doesn't need alignment */
if ((wolfssl_word)inBlock % 16) {
#ifndef NO_WOLFSSL_ALLOC_ALIGN
byte* tmp = (byte*)XMALLOC(AES_BLOCK_SIZE, NULL,
byte* tmp = (byte*)XMALLOC(AES_BLOCK_SIZE, aes->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL) return;
@@ -1239,7 +1239,7 @@ static void wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
AES_ECB_encrypt(tmp, tmp, AES_BLOCK_SIZE, (byte*)aes->key,
aes->rounds);
XMEMCPY(outBlock, tmp, AES_BLOCK_SIZE);
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
return;
#else
WOLFSSL_MSG("AES-ECB encrypt with bad alignment");
@@ -1924,6 +1924,18 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
}
/* set the heap hint for aes struct */
int wc_InitAes_h(Aes* aes, void* h)
{
if (aes == NULL)
return BAD_FUNC_ARG;
aes->heap = h;
return 0;
}
/* AES-DIRECT */
@@ -2498,7 +2510,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
/* check alignment, decrypt doesn't need alignment */
if ((wolfssl_word)in % 16) {
#ifndef NO_WOLFSSL_ALLOC_ALIGN
byte* tmp = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
byte* tmp = (byte*)XMALLOC(sz, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
WOLFSSL_MSG("AES-CBC encrypt with bad alignment");
if (tmp == NULL) return MEMORY_E;
@@ -2509,7 +2521,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
XMEMCPY(aes->reg, tmp + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
XMEMCPY(out, tmp, sz);
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
return 0;
#else
return BAD_ALIGN_E;
+81 -71
View File
@@ -1949,12 +1949,12 @@ static mp_int* GetDsaInt(DsaKey* key, int idx)
}
/* Release Tmp DSA resources */
static INLINE void FreeTmpDsas(byte** tmps)
static INLINE void FreeTmpDsas(byte** tmps, void* heap)
{
int i;
for (i = 0; i < DSA_INTS; i++)
XFREE(tmps[i], NULL, DYNAMIC_TYPE_DSA);
XFREE(tmps[i], heap, DYNAMIC_TYPE_DSA);
}
/* Convert DsaKey key to DER format, write to output (inLen), return bytes
@@ -1986,7 +1986,8 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen)
lbit = mp_leading_bit(keyInt);
rawLen = mp_unsigned_bin_size(keyInt) + lbit;
tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, NULL, DYNAMIC_TYPE_DSA);
tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap,
DYNAMIC_TYPE_DSA);
if (tmps[i] == NULL) {
ret = MEMORY_E;
break;
@@ -2019,7 +2020,7 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen)
}
if (ret != 0) {
FreeTmpDsas(tmps);
FreeTmpDsas(tmps, key->heap);
return ret;
}
@@ -2041,7 +2042,7 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen)
XMEMCPY(output + j, tmps[i], sizes[i]);
j += sizes[i];
}
FreeTmpDsas(tmps);
FreeTmpDsas(tmps, key->heap);
return outLen;
}
@@ -2220,9 +2221,9 @@ void FreeDecodedCert(DecodedCert* cert)
#endif /* WOLFSSL_SEP */
#ifdef OPENSSL_EXTRA
if (cert->issuerName.fullName != NULL)
XFREE(cert->issuerName.fullName, NULL, DYNAMIC_TYPE_X509);
XFREE(cert->issuerName.fullName, cert->heap, DYNAMIC_TYPE_X509);
if (cert->subjectName.fullName != NULL)
XFREE(cert->subjectName.fullName, NULL, DYNAMIC_TYPE_X509);
XFREE(cert->subjectName.fullName, cert->heap, DYNAMIC_TYPE_X509);
#endif /* OPENSSL_EXTRA */
}
@@ -2858,7 +2859,8 @@ static int GetName(DecodedCert* cert, int nameType)
if (dName->serialLen != 0)
totalLen += dName->serialLen + 14;
dName->fullName = (char*)XMALLOC(totalLen + 1, NULL, DYNAMIC_TYPE_X509);
dName->fullName = (char*)XMALLOC(totalLen + 1, cert->heap,
DYNAMIC_TYPE_X509);
if (dName->fullName != NULL) {
idx = 0;
@@ -6447,7 +6449,8 @@ static int SetSKID(byte* output, word32 outSz, byte *input, word32 length)
/* encode Authority Key Identifier, return total bytes written
* RFC5280 : non-critical */
static int SetAKID(byte* output, word32 outSz, byte *input, word32 length)
static int SetAKID(byte* output, word32 outSz,
byte *input, word32 length, void* heap)
{
byte *enc_val;
int ret, enc_valSz;
@@ -6457,7 +6460,7 @@ static int SetAKID(byte* output, word32 outSz, byte *input, word32 length)
if (output == NULL || input == NULL)
return BAD_FUNC_ARG;
enc_val = (byte *)XMALLOC(length+3+sizeof(akid_cs), NULL,
enc_val = (byte *)XMALLOC(length+3+sizeof(akid_cs), heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (enc_val == NULL)
return MEMORY_E;
@@ -6466,14 +6469,14 @@ static int SetAKID(byte* output, word32 outSz, byte *input, word32 length)
enc_valSz = SetOidValue(enc_val, length+3+sizeof(akid_cs),
akid_cs, sizeof(akid_cs), input, length);
if (enc_valSz == 0) {
XFREE(enc_val, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(enc_val, heap, DYNAMIC_TYPE_TMP_BUFFER);
return 0;
}
ret = SetOidValue(output, outSz, akid_oid,
sizeof(akid_oid), enc_val, enc_valSz);
XFREE(enc_val, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(enc_val, heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
@@ -6521,7 +6524,7 @@ static int SetKeyUsage(byte* output, word32 outSz, word16 input)
}
/* Encode OID string representation to ITU-T X.690 format */
static int EncodePolicyOID(byte *out, word32 *outSz, const char *in)
static int EncodePolicyOID(byte *out, word32 *outSz, const char *in, void* heap)
{
word32 val, idx = 0, nb_val;
char *token, *str, *ptr;
@@ -6532,7 +6535,7 @@ static int EncodePolicyOID(byte *out, word32 *outSz, const char *in)
len = (word32)XSTRLEN(in);
str = (char *)XMALLOC(len+1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
str = (char *)XMALLOC(len+1, heap, DYNAMIC_TYPE_TMP_BUFFER);
if (str == NULL)
return MEMORY_E;
@@ -6549,7 +6552,7 @@ static int EncodePolicyOID(byte *out, word32 *outSz, const char *in)
if (nb_val == 0) {
if (val > 2) {
XFREE(str, NUL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(str, heap, DYNAMIC_TYPE_TMP_BUFFER);
return ASN_OBJECT_ID_E;
}
@@ -6557,12 +6560,12 @@ static int EncodePolicyOID(byte *out, word32 *outSz, const char *in)
}
else if (nb_val == 1) {
if (val > 127) {
XFREE(str, NUL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(str, heap, DYNAMIC_TYPE_TMP_BUFFER);
return ASN_OBJECT_ID_E;
}
if (idx > *outSz) {
XFREE(str, NUL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(str, heap, DYNAMIC_TYPE_TMP_BUFFER);
return BUFFER_E;
}
@@ -6580,7 +6583,7 @@ static int EncodePolicyOID(byte *out, word32 *outSz, const char *in)
}
if ((idx+(word32)i) > *outSz) {
XFREE(str, NUL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(str, heap, DYNAMIC_TYPE_TMP_BUFFER);
return BUFFER_E;
}
@@ -6597,7 +6600,7 @@ static int EncodePolicyOID(byte *out, word32 *outSz, const char *in)
*outSz = idx;
XFREE(str, NUL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(str, heap, DYNAMIC_TYPE_TMP_BUFFER);
return 0;
}
@@ -6608,7 +6611,8 @@ static int EncodePolicyOID(byte *out, word32 *outSz, const char *in)
static int SetCertificatePolicies(byte *output,
word32 outputSz,
char input[MAX_CERTPOL_NB][MAX_CERTPOL_SZ],
word16 nb_certpol)
word16 nb_certpol,
void* heap)
{
byte oid[MAX_OID_SZ],
der_oid[MAX_CERTPOL_NB][MAX_OID_SZ],
@@ -6627,7 +6631,7 @@ static int SetCertificatePolicies(byte *output,
oidSz = sizeof(oid);
XMEMSET(oid, 0, oidSz);
ret = EncodePolicyOID(oid, &oidSz, input[i]);
ret = EncodePolicyOID(oid, &oidSz, input[i], heap);
if (ret != 0)
return ret;
@@ -6982,7 +6986,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
return AKID_E;
der->akidSz = SetAKID(der->akid, sizeof(der->akid),
cert->akid, cert->akidSz);
cert->akid, cert->akidSz, cert->heap);
if (der->akidSz <= 0)
return AKID_E;
@@ -7008,7 +7012,8 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
der->certPoliciesSz = SetCertificatePolicies(der->certPolicies,
sizeof(der->certPolicies),
cert->certPolicies,
cert->certPoliciesNb);
cert->certPoliciesNb,
cert->heap);
if (der->certPoliciesSz <= 0)
return CERTPOLICIES_E;
@@ -7679,7 +7684,8 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey,
(kid_type != SKID_TYPE && kid_type != AKID_TYPE))
return BAD_FUNC_ARG;
buffer = (byte *)XMALLOC(MAX_PUBLIC_KEY_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
buffer = (byte *)XMALLOC(MAX_PUBLIC_KEY_SZ, cert->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (buffer == NULL)
return MEMORY_E;
@@ -7705,7 +7711,7 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey,
bufferSz = -1;
if (bufferSz <= 0) {
XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(buffer, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
return PUBLIC_KEY_E;
}
@@ -7734,7 +7740,7 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey,
ret = BAD_FUNC_ARG;
#endif /* NO_SHA */
XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(buffer, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
@@ -7774,7 +7780,7 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file)
if (cert == NULL || file == NULL)
return BAD_FUNC_ARG;
der = (byte*)XMALLOC(MAX_PUBLIC_KEY_SZ, NULL, DYNAMIC_TYPE_CERT);
der = (byte*)XMALLOC(MAX_PUBLIC_KEY_SZ, cert->heap, DYNAMIC_TYPE_CERT);
if (der == NULL) {
WOLFSSL_MSG("wc_SetSubjectKeyId memory Problem");
return MEMORY_E;
@@ -7783,21 +7789,21 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file)
derSz = wolfSSL_PemPubKeyToDer(file, der, MAX_PUBLIC_KEY_SZ);
if (derSz <= 0)
{
XFREE(der, NULL, DYNAMIC_TYPE_CERT);
XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
return derSz;
}
/* Load PubKey in internal structure */
rsakey = (RsaKey*) XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA);
rsakey = (RsaKey*) XMALLOC(sizeof(RsaKey), cert->heap, DYNAMIC_TYPE_RSA);
if (rsakey == NULL) {
XFREE(der, NULL, DYNAMIC_TYPE_CERT);
XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
return MEMORY_E;
}
if (wc_InitRsaKey(rsakey, NULL) != 0) {
if (wc_InitRsaKey(rsakey, cert->heap) != 0) {
WOLFSSL_MSG("wc_InitRsaKey failure");
XFREE(rsakey, NULL, DYNAMIC_TYPE_RSA);
XFREE(der, NULL, DYNAMIC_TYPE_CERT);
XFREE(rsakey, cert->heap, DYNAMIC_TYPE_RSA);
XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
return MEMORY_E;
}
@@ -7806,21 +7812,22 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file)
if (ret != 0) {
WOLFSSL_MSG("wc_RsaPublicKeyDecode failed");
wc_FreeRsaKey(rsakey);
XFREE(rsakey, NULL, DYNAMIC_TYPE_RSA);
XFREE(rsakey, cert->heap, DYNAMIC_TYPE_RSA);
rsakey = NULL;
#ifdef HAVE_ECC
/* Check to load ecc public key */
eckey = (ecc_key*) XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_ECC);
eckey = (ecc_key*) XMALLOC(sizeof(ecc_key), cert->heap,
DYNAMIC_TYPE_ECC);
if (eckey == NULL) {
XFREE(der, NULL, DYNAMIC_TYPE_CERT);
XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
return MEMORY_E;
}
if (wc_ecc_init(eckey) != 0) {
WOLFSSL_MSG("wc_ecc_init failure");
wc_ecc_free(eckey);
XFREE(eckey, NULL, DYNAMIC_TYPE_ECC);
XFREE(der, NULL, DYNAMIC_TYPE_CERT);
XFREE(eckey, cert->heap, DYNAMIC_TYPE_ECC);
XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
return MEMORY_E;
}
@@ -7828,25 +7835,25 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file)
ret = wc_EccPublicKeyDecode(der, &idx, eckey, derSz);
if (ret != 0) {
WOLFSSL_MSG("wc_EccPublicKeyDecode failed");
XFREE(der, NULL, DYNAMIC_TYPE_CERT);
XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
wc_ecc_free(eckey);
return PUBLIC_KEY_E;
}
#else
XFREE(der, NULL, DYNAMIC_TYPE_CERT);
XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
return PUBLIC_KEY_E;
#endif /* HAVE_ECC */
}
XFREE(der, NULL, DYNAMIC_TYPE_CERT);
XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
ret = wc_SetSubjectKeyIdFromPublicKey(cert, rsakey, eckey);
wc_FreeRsaKey(rsakey);
XFREE(rsakey, NULL, DYNAMIC_TYPE_RSA);
XFREE(rsakey, cert->heap, DYNAMIC_TYPE_RSA);
#ifdef HAVE_ECC
wc_ecc_free(eckey);
XFREE(eckey, NULL, DYNAMIC_TYPE_ECC);
XFREE(eckey, cert->heap, DYNAMIC_TYPE_ECC);
#endif
return ret;
}
@@ -7915,7 +7922,7 @@ int wc_SetAuthKeyId(Cert *cert, const char* file)
if (cert == NULL || file == NULL)
return BAD_FUNC_ARG;
der = (byte*)XMALLOC(EIGHTK_BUF, NULL, DYNAMIC_TYPE_CERT);
der = (byte*)XMALLOC(EIGHTK_BUF, cert->heap, DYNAMIC_TYPE_CERT);
if (der == NULL) {
WOLFSSL_MSG("wc_SetAuthKeyId OOF Problem");
return MEMORY_E;
@@ -7924,12 +7931,12 @@ int wc_SetAuthKeyId(Cert *cert, const char* file)
derSz = wolfSSL_PemCertToDer(file, der, EIGHTK_BUF);
if (derSz <= 0)
{
XFREE(der, NULL, DYNAMIC_TYPE_CERT);
XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
return derSz;
}
ret = wc_SetAuthKeyIdFromCert(cert, der, derSz);
XFREE(der, NULL, DYNAMIC_TYPE_CERT);
XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
return ret;
}
@@ -7947,7 +7954,8 @@ int wc_SetKeyUsage(Cert *cert, const char *value)
cert->keyUsage = 0;
str = (char *)XMALLOC(XSTRLEN(value)+1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
str = (char *)XMALLOC(XSTRLEN(value)+1, cert->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (str == NULL)
return MEMORY_E;
@@ -7985,7 +7993,7 @@ int wc_SetKeyUsage(Cert *cert, const char *value)
token = XSTRTOK(NULL, ",", &ptr);
}
XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(str, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
return 0;
}
#endif /* WOLFSSL_CERT_EXT */
@@ -8246,7 +8254,7 @@ int wc_SetIssuer(Cert* cert, const char* issuerFile)
{
int ret;
int derSz;
byte* der = (byte*)XMALLOC(EIGHTK_BUF, NULL, DYNAMIC_TYPE_CERT);
byte* der = (byte*)XMALLOC(EIGHTK_BUF, cert->heap, DYNAMIC_TYPE_CERT);
if (der == NULL) {
WOLFSSL_MSG("wc_SetIssuer OOF Problem");
@@ -8255,7 +8263,7 @@ int wc_SetIssuer(Cert* cert, const char* issuerFile)
derSz = wolfSSL_PemCertToDer(issuerFile, der, EIGHTK_BUF);
cert->selfSigned = 0;
ret = SetNameFromCert(&cert->issuer, der, derSz);
XFREE(der, NULL, DYNAMIC_TYPE_CERT);
XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
return ret;
}
@@ -8266,7 +8274,7 @@ int wc_SetSubject(Cert* cert, const char* subjectFile)
{
int ret;
int derSz;
byte* der = (byte*)XMALLOC(EIGHTK_BUF, NULL, DYNAMIC_TYPE_CERT);
byte* der = (byte*)XMALLOC(EIGHTK_BUF, cert->heap, DYNAMIC_TYPE_CERT);
if (der == NULL) {
WOLFSSL_MSG("wc_SetSubject OOF Problem");
@@ -8274,7 +8282,7 @@ int wc_SetSubject(Cert* cert, const char* subjectFile)
}
derSz = wolfSSL_PemCertToDer(subjectFile, der, EIGHTK_BUF);
ret = SetNameFromCert(&cert->subject, der, derSz);
XFREE(der, NULL, DYNAMIC_TYPE_CERT);
XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
return ret;
}
@@ -8287,7 +8295,7 @@ int wc_SetAltNames(Cert* cert, const char* file)
{
int ret;
int derSz;
byte* der = (byte*)XMALLOC(EIGHTK_BUF, NULL, DYNAMIC_TYPE_CERT);
byte* der = (byte*)XMALLOC(EIGHTK_BUF, cert->heap, DYNAMIC_TYPE_CERT);
if (der == NULL) {
WOLFSSL_MSG("wc_SetAltNames OOF Problem");
@@ -8295,7 +8303,7 @@ int wc_SetAltNames(Cert* cert, const char* file)
}
derSz = wolfSSL_PemCertToDer(file, der, EIGHTK_BUF);
ret = SetAltNamesFromCert(cert, der, derSz);
XFREE(der, NULL, DYNAMIC_TYPE_CERT);
XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
return ret;
}
@@ -8646,7 +8654,7 @@ int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen)
/* private */
privSz = key->dp->size;
prv = (byte*)XMALLOC(privSz + privHdrSz + MAX_SEQ_SZ,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
key->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (prv == NULL) {
return MEMORY_E;
}
@@ -8654,7 +8662,7 @@ int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen)
prv[prvidx++] = (byte)key->dp->size;
ret = wc_ecc_export_private_only(key, prv + prvidx, &privSz);
if (ret < 0) {
XFREE(prv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
prvidx += privSz;
@@ -8662,14 +8670,14 @@ int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen)
/* public */
ret = wc_ecc_export_x963(key, NULL, &pubSz);
if (ret != LENGTH_ONLY_E) {
XFREE(prv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
pub = (byte*)XMALLOC(pubSz + pubHdrSz + MAX_SEQ_SZ,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
key->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (pub == NULL) {
XFREE(prv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
return MEMORY_E;
}
@@ -8683,8 +8691,8 @@ int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen)
pub[pubidx++] = (byte)0; /* leading zero */
ret = wc_ecc_export_x963(key, pub + pubidx, &pubSz);
if (ret != 0) {
XFREE(prv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
pubidx += pubSz;
@@ -8695,8 +8703,8 @@ int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen)
totalSz = prvidx + pubidx + curveidx + verSz + seqSz;
if (totalSz > (int)inLen) {
XFREE(prv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
return BAD_FUNC_ARG;
}
@@ -8712,7 +8720,7 @@ int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen)
/* private */
XMEMCPY(output + idx, prv, prvidx);
idx += prvidx;
XFREE(prv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
/* curve */
XMEMCPY(output + idx, curve, curveidx);
@@ -8721,7 +8729,7 @@ int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen)
/* public */
XMEMCPY(output + idx, pub, pubidx);
/* idx += pubidx; not used after write, if more data remove comment */
XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
return totalSz;
}
@@ -9344,8 +9352,9 @@ int InitOcspRequest(OcspRequest* req, DecodedCert* cert, byte useNonce)
if (cert) {
XMEMCPY(req->issuerHash, cert->issuerHash, KEYID_SIZE);
XMEMCPY(req->issuerKeyHash, cert->issuerKeyHash, KEYID_SIZE);
req->heap = cert->heap;
req->serial = (byte*)XMALLOC(cert->serialSz, NULL,
req->serial = (byte*)XMALLOC(cert->serialSz, req->heap,
DYNAMIC_TYPE_OCSP_REQUEST);
if (req->serial == NULL)
return MEMORY_E;
@@ -9354,10 +9363,10 @@ int InitOcspRequest(OcspRequest* req, DecodedCert* cert, byte useNonce)
req->serialSz = cert->serialSz;
if (cert->extAuthInfoSz != 0 && cert->extAuthInfo != NULL) {
req->url = (byte*)XMALLOC(cert->extAuthInfoSz, NULL,
req->url = (byte*)XMALLOC(cert->extAuthInfoSz, req->heap,
DYNAMIC_TYPE_OCSP_REQUEST);
if (req->url == NULL) {
XFREE(req->serial, NULL, DYNAMIC_TYPE_OCSP);
XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP);
return MEMORY_E;
}
@@ -9391,10 +9400,10 @@ void FreeOcspRequest(OcspRequest* req)
if (req) {
if (req->serial)
XFREE(req->serial, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP_REQUEST);
if (req->url)
XFREE(req->url, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
XFREE(req->url, req->heap, DYNAMIC_TYPE_OCSP_REQUEST);
}
}
@@ -9572,7 +9581,8 @@ static int GetRevoked(const byte* buff, word32* idx, DecodedCRL* dcrl,
return ASN_PARSE_E;
}
rc = (RevokedCert*)XMALLOC(sizeof(RevokedCert), NULL, DYNAMIC_TYPE_CRL);
rc = (RevokedCert*)XMALLOC(sizeof(RevokedCert), dcrl->heap,
DYNAMIC_TYPE_CRL);
if (rc == NULL) {
WOLFSSL_MSG("Alloc Revoked Cert failed");
return MEMORY_E;
+20 -10
View File
@@ -56,6 +56,7 @@ enum {
void wc_InitDsaKey(DsaKey* key)
{
key->type = -1; /* haven't decided yet */
key->heap = NULL;
/* TomsFastMath doesn't use memory allocation */
#ifndef USE_FAST_MATH
@@ -69,6 +70,15 @@ void wc_InitDsaKey(DsaKey* key)
}
int wc_InitDsaKey_h(DsaKey* key, void* h)
{
wc_InitDsaKey(key);
key->heap = h;
return 0;
}
void wc_FreeDsaKey(DsaKey* key)
{
(void)key;
@@ -98,13 +108,13 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa)
return BAD_FUNC_ARG;
/* allocate ram */
buf = (unsigned char *)XMALLOC(qsize, NULL,
buf = (unsigned char *)XMALLOC(qsize, dsa->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (buf == NULL)
return MEMORY_E;
if (mp_init(&dsa->x) != MP_OKAY) {
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
return MP_INIT_E;
}
@@ -113,19 +123,19 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa)
err = wc_RNG_GenerateBlock(rng, buf, qsize);
if (err != MP_OKAY) {
mp_clear(&dsa->x);
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
return err;
}
err = mp_read_unsigned_bin(&dsa->x, buf, qsize);
if (err != MP_OKAY) {
mp_clear(&dsa->x);
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
return err;
}
} while (mp_cmp_d(&dsa->x, 1) != MP_GT);
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (mp_init(&dsa->y) != MP_OKAY) {
mp_clear(&dsa->x);
@@ -178,7 +188,7 @@ int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa)
/* allocate ram */
buf = (unsigned char *)XMALLOC(msize - qsize,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
dsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (buf == NULL) {
return MEMORY_E;
}
@@ -186,7 +196,7 @@ int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa)
/* make a random string that will be multplied against q */
err = wc_RNG_GenerateBlock(rng, buf, msize - qsize);
if (err != MP_OKAY) {
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
return err;
}
@@ -198,7 +208,7 @@ int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa)
if (mp_init_multi(&tmp2, &dsa->p, &dsa->q, 0, 0, 0) != MP_OKAY) {
mp_clear(&dsa->q);
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
return MP_INIT_E;
}
@@ -207,10 +217,10 @@ int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa)
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp2);
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
return err;
}
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
/* make our prime q */
err = mp_rand_prime(&dsa->q, qsize, rng, NULL);
+153 -67
View File
@@ -238,7 +238,7 @@ int ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* modulus,
static int ecc_check_pubkey_order(ecc_key* key, mp_int* prime, mp_int* order);
#ifdef ECC_SHAMIR
static int ecc_mul2add(ecc_point* A, mp_int* kA, ecc_point* B, mp_int* kB,
ecc_point* C, mp_int* modulus);
ecc_point* C, mp_int* modulus, void* heap);
#endif
int mp_jacobi(mp_int* a, mp_int* p, int* c);
@@ -833,8 +833,8 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit* mp)
static int normal_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
mp_int* modulus, int map)
#else
int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
int map)
static int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R,
mp_int* modulus, int map, void* heap)
#endif
{
ecc_point *tG, *M[8];
@@ -862,10 +862,10 @@ int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
/* alloc ram for window temps */
for (i = 0; i < 8; i++) {
M[i] = wc_ecc_new_point();
M[i] = wc_ecc_new_point_h(heap);
if (M[i] == NULL) {
for (j = 0; j < i; j++) {
wc_ecc_del_point(M[j]);
wc_ecc_del_point_h(M[j], heap);
}
mp_clear(&mu);
return MEMORY_E;
@@ -873,7 +873,7 @@ int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
}
/* make a copy of G in case R==G */
tG = wc_ecc_new_point();
tG = wc_ecc_new_point_h(heap);
if (tG == NULL)
err = MEMORY_E;
@@ -1023,13 +1023,20 @@ int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
err = ecc_map(R, modulus, &mp);
mp_clear(&mu);
wc_ecc_del_point(tG);
wc_ecc_del_point_h(tG, heap);
for (i = 0; i < 8; i++) {
wc_ecc_del_point(M[i]);
wc_ecc_del_point_h(M[i], heap);
}
return err;
}
#ifndef FP_ECC
int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
mp_int* modulus, int map)
{
return wc_ecc_mulmod_ex(k, G, R, modulus, map, NULL);
}
#endif /* ! FP_ECC */
#undef WINSIZE
#else /* ECC_TIMING_RESISTANT */
@@ -1046,10 +1053,10 @@ int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
*/
#ifdef FP_ECC
static int normal_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
mp_int* modulus, int map)
mp_int* modulus, int map, void* heap)
#else
int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
int map)
static int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R,
mp_int* modulus, int map, void* heap)
#endif
{
ecc_point *tG, *M[3];
@@ -1076,7 +1083,7 @@ int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
/* alloc ram for window temps */
for (i = 0; i < 3; i++) {
M[i] = wc_ecc_new_point();
M[i] = wc_ecc_new_point_h(heap);
if (M[i] == NULL) {
for (j = 0; j < i; j++) {
wc_ecc_del_point(M[j]);
@@ -1087,7 +1094,7 @@ int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
}
/* make a copy of G in case R==G */
tG = wc_ecc_new_point();
tG = wc_ecc_new_point_h(heap);
if (tG == NULL)
err = MEMORY_E;
@@ -1183,13 +1190,21 @@ int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
/* done */
mp_clear(&mu);
wc_ecc_del_point(tG);
wc_ecc_del_point_h(tG, heap);
for (i = 0; i < 3; i++) {
wc_ecc_del_point(M[i]);
wc_ecc_del_point_h(M[i], heap);
}
return err;
}
#ifndef FP_ECC
int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
mp_int* modulus, int map)
{
return wc_ecc_mulmod_ex(k, G, R, modulus, map, NULL);
}
#endif /* ! FP_ECC */
#endif /* ECC_TIMING_RESISTANT */
@@ -1205,14 +1220,14 @@ static void alt_fp_init(fp_int* a)
/**
Allocate a new ECC point
return A newly allocated point or NULL on error
*/
ecc_point* wc_ecc_new_point(void)
* use a heap hint when creating new ecc_point
* return an allocated point on success or NULL on failure
*/
ecc_point* wc_ecc_new_point_h(void* heap)
{
ecc_point* p;
p = (ecc_point*)XMALLOC(sizeof(ecc_point), 0, DYNAMIC_TYPE_ECC);
p = (ecc_point*)XMALLOC(sizeof(ecc_point), heap, DYNAMIC_TYPE_ECC);
if (p == NULL) {
return NULL;
}
@@ -1241,20 +1256,39 @@ ecc_point* wc_ecc_new_point(void)
return p;
}
/** Free an ECC point from memory
p The point to free
/**
Allocate a new ECC point
return A newly allocated point or NULL on error
*/
void wc_ecc_del_point(ecc_point* p)
ecc_point* wc_ecc_new_point(void)
{
return wc_ecc_new_point_h(NULL);
}
void wc_ecc_del_point_h(ecc_point* p, void* heap)
{
/* prevents free'ing null arguments */
if (p != NULL) {
mp_clear(p->x);
mp_clear(p->y);
mp_clear(p->z);
XFREE(p, 0, DYNAMIC_TYPE_ECC);
XFREE(p, heap, DYNAMIC_TYPE_ECC);
}
(void)heap;
}
/** Free an ECC point from memory
p The point to free
*/
void wc_ecc_del_point(ecc_point* p)
{
wc_ecc_del_point_h(p, NULL);
}
/** Copy the value of a point to an other one
p The point to copy
r The created point
@@ -1328,7 +1362,7 @@ int wc_ecc_is_valid_idx(int n)
#ifdef HAVE_ECC_DHE
/**
Create an ECC shared secret between two keys
private_key The private ECC key
private_key The private ECC key (heap hint based off of private key)
public_key The public key
out [out] Destination of the shared secret
Conforms to EC-DH from ANSI X9.63
@@ -1362,7 +1396,7 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
return ECC_BAD_ARG_E;
/* make new point */
result = wc_ecc_new_point();
result = wc_ecc_new_point_h(private_key->heap);
if (result == NULL) {
return MEMORY_E;
}
@@ -1375,7 +1409,8 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
err = mp_read_radix(&prime, (char *)private_key->dp->prime, 16);
if (err == MP_OKAY)
err = wc_ecc_mulmod(&private_key->k, &public_key->pubkey, result, &prime,1);
err = wc_ecc_mulmod_ex(&private_key->k, &public_key->pubkey, result,
&prime, 1, private_key->heap);
if (err == MP_OKAY) {
x = mp_unsigned_bin_size(&prime);
@@ -1391,14 +1426,14 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
}
mp_clear(&prime);
wc_ecc_del_point(result);
wc_ecc_del_point_h(result, private_key->heap);
return err;
}
/**
Create an ECC shared secret between private key and public point
private_key The private ECC key
private_key The private ECC key (heap hint based on private key)
point The point to use (public key)
out [out] Destination of the shared secret
Conforms to EC-DH from ANSI X9.63
@@ -1426,13 +1461,13 @@ int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point,
return ECC_BAD_ARG_E;
/* make new point */
result = wc_ecc_new_point();
result = wc_ecc_new_point_h(private_key->heap);
if (result == NULL) {
return MEMORY_E;
}
if ((err = mp_init(&prime)) != MP_OKAY) {
wc_ecc_del_point(result);
wc_ecc_del_point_h(result, private_key->heap);
return err;
}
@@ -1455,7 +1490,7 @@ int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point,
}
mp_clear(&prime);
wc_ecc_del_point(result);
wc_ecc_del_point_h(result, private_key->heap);
return err;
}
@@ -1531,7 +1566,7 @@ static int wc_ecc_make_key_ex(WC_RNG* rng, ecc_key* key, const ecc_set_type* dp)
}
if (err == MP_OKAY) {
base = wc_ecc_new_point();
base = wc_ecc_new_point_h(key->heap);
if (base == NULL)
err = MEMORY_E;
}
@@ -1564,7 +1599,8 @@ static int wc_ecc_make_key_ex(WC_RNG* rng, ecc_key* key, const ecc_set_type* dp)
}
/* make the public key */
if (err == MP_OKAY)
err = wc_ecc_mulmod(&key->k, base, &key->pubkey, &prime, 1);
err = wc_ecc_mulmod_ex(&key->k, base, &key->pubkey, &prime, 1,
key->heap);
#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
/* validate the public key, order * pubkey = point at infinity */
@@ -1582,7 +1618,7 @@ static int wc_ecc_make_key_ex(WC_RNG* rng, ecc_key* key, const ecc_set_type* dp)
mp_clear(key->pubkey.z);
mp_forcezero(&key->k);
}
wc_ecc_del_point(base);
wc_ecc_del_point_h(base, key->heap);
if (po_init) {
mp_clear(&prime);
mp_clear(&order);
@@ -1650,10 +1686,33 @@ int wc_ecc_init(ecc_key* key)
alt_fp_init(key->pubkey.z);
#endif
#ifdef WOLFSSL_HEAP_TEST
key->heap = (void*)WOLFSSL_HEAP_TEST;
#else
key->heap = NULL;
#endif
return MP_OKAY;
}
int wc_ecc_init_h(ecc_key* key, void* heap)
{
int ret;
if (key == NULL) {
return BAD_FUNC_ARG;
}
if ((ret = wc_ecc_init(key)) != MP_OKAY) {
return ret;
}
key->heap = heap;
return MP_OKAY;
}
#ifdef HAVE_ECC_SIGN
#ifndef NO_ASN
@@ -1835,11 +1894,11 @@ void wc_ecc_free(ecc_key* key)
#ifdef FP_ECC
static int normal_ecc_mul2add(ecc_point* A, mp_int* kA,
ecc_point* B, mp_int* kB,
ecc_point* C, mp_int* modulus)
ecc_point* C, mp_int* modulus, void* heap)
#else
static int ecc_mul2add(ecc_point* A, mp_int* kA,
ecc_point* B, mp_int* kB,
ecc_point* C, mp_int* modulus)
ecc_point* C, mp_int* modulus, void* heap)
#endif
{
ecc_point* precomp[16];
@@ -1859,11 +1918,11 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
/* allocate memory */
tA = (unsigned char*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
tA = (unsigned char*)XMALLOC(ECC_BUFSIZE, heap, DYNAMIC_TYPE_TMP_BUFFER);
if (tA == NULL) {
return GEN_MEM_ERR;
}
tB = (unsigned char*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
tB = (unsigned char*)XMALLOC(ECC_BUFSIZE, heap, DYNAMIC_TYPE_TMP_BUFFER);
if (tB == NULL) {
XFREE(tA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return GEN_MEM_ERR;
@@ -1892,10 +1951,10 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
/* allocate the table */
if (err == MP_OKAY) {
for (x = 0; x < 16; x++) {
precomp[x] = wc_ecc_new_point();
precomp[x] = wc_ecc_new_point_h(heap);
if (precomp[x] == NULL) {
for (y = 0; y < x; ++y) {
wc_ecc_del_point(precomp[y]);
wc_ecc_del_point_h(precomp[y], heap);
}
err = GEN_MEM_ERR;
break;
@@ -2036,13 +2095,13 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
if (tableInit) {
for (x = 0; x < 16; x++) {
wc_ecc_del_point(precomp[x]);
wc_ecc_del_point_h(precomp[x], heap);
}
}
ForceZero(tA, ECC_BUFSIZE);
ForceZero(tB, ECC_BUFSIZE);
XFREE(tA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tA, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tB, heap, DYNAMIC_TYPE_TMP_BUFFER);
return err;
}
@@ -2155,8 +2214,8 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
}
/* allocate points */
mG = wc_ecc_new_point();
mQ = wc_ecc_new_point();
mG = wc_ecc_new_point_h(key->heap);
mQ = wc_ecc_new_point_h(key->heap);
if (mQ == NULL || mG == NULL)
err = MEMORY_E;
@@ -2223,9 +2282,9 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
/* compute u1*mG + u2*mQ = mG */
if (err == MP_OKAY)
err = wc_ecc_mulmod(&u1, mG, mG, &m, 0);
err = wc_ecc_mulmod_ex(&u1, mG, mG, &m, 0, key->heap);
if (err == MP_OKAY)
err = wc_ecc_mulmod(&u2, mQ, mQ, &m, 0);
err = wc_ecc_mulmod_ex(&u2, mQ, mQ, &m, 0, key->heap);
/* find the montgomery mp */
if (err == MP_OKAY)
@@ -2242,7 +2301,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
#else
/* use Shamir's trick to compute u1*mG + u2*mQ using half the doubles */
if (err == MP_OKAY)
err = ecc_mul2add(mG, &u1, mQ, &u2, mG, &m);
err = ecc_mul2add(mG, &u1, mQ, &u2, mG, &m, key->heap);
#endif /* ECC_SHAMIR */
/* v = X_x1 mod n */
@@ -2255,8 +2314,8 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
*stat = 1;
}
wc_ecc_del_point(mG);
wc_ecc_del_point(mQ);
wc_ecc_del_point_h(mG, key->heap);
wc_ecc_del_point_h(mQ, key->heap);
mp_clear(&v);
mp_clear(&w);
@@ -2619,7 +2678,7 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* prime)
if (key == NULL)
return BAD_FUNC_ARG;
base = wc_ecc_new_point();
base = wc_ecc_new_point_h(key->heap);
if (base == NULL)
return MEMORY_E;
@@ -2631,11 +2690,11 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* prime)
mp_set(base->z, 1);
if (err == MP_OKAY) {
res = wc_ecc_new_point();
res = wc_ecc_new_point_h(key->heap);
if (res == NULL)
err = MEMORY_E;
else {
err = wc_ecc_mulmod(&key->k, base, res, prime, 1);
err = wc_ecc_mulmod_ex(&key->k, base, res, prime, 1, key->heap);
if (err == MP_OKAY) {
/* compare result to public key */
if (mp_cmp(res->x, key->pubkey.x) != MP_EQ ||
@@ -2648,8 +2707,8 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* prime)
}
}
wc_ecc_del_point(res);
wc_ecc_del_point(base);
wc_ecc_del_point_h(res, key->heap);
wc_ecc_del_point_h(base, key->heap);
return err;
}
@@ -2692,16 +2751,16 @@ static int ecc_check_pubkey_order(ecc_key* key, mp_int* prime, mp_int* order)
if (key == NULL)
return BAD_FUNC_ARG;
inf = wc_ecc_new_point();
inf = wc_ecc_new_point_h(key->heap);
if (inf == NULL)
err = MEMORY_E;
else {
err = wc_ecc_mulmod(order, &key->pubkey, inf, prime, 1);
err = wc_ecc_mulmod_ex(order, &key->pubkey, inf, prime, 1, key->heap);
if (err == MP_OKAY && !wc_ecc_point_is_at_infinity(inf))
err = ECC_INF_E;
}
wc_ecc_del_point(inf);
wc_ecc_del_point_h(inf, key->heap);
return err;
}
@@ -4306,7 +4365,8 @@ static int accel_fp_mul2add(int idx1, int idx2,
return ecc_map(R, modulus, mp);
}
/** ECC Fixed Point mulmod global
/** ECC Fixed Point mulmod global with heap hint used
Computes kA*A + kB*B = C using Shamir's Trick
A First point to multiply
kA What to multiple A by
@@ -4318,7 +4378,7 @@ static int accel_fp_mul2add(int idx1, int idx2,
*/
int ecc_mul2add(ecc_point* A, mp_int* kA,
ecc_point* B, mp_int* kB,
ecc_point* C, mp_int* modulus)
ecc_point* C, mp_int* modulus, void* heap)
{
int idx1 = -1, idx2 = -1, err = MP_OKAY, mpInit = 0;
mp_digit mp;
@@ -4416,7 +4476,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
if (err == MP_OKAY)
err = accel_fp_mul2add(idx1, idx2, kA, kB, C, modulus, &mp);
} else {
err = normal_ecc_mul2add(A, kA, B, kB, C, modulus);
err = normal_ecc_mul2add(A, kA, B, kB, C, modulus, heap);
}
}
@@ -4440,6 +4500,22 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
*/
int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
int map)
{
return wc_ecc_mulmod_h(k, G, R, modulus, map, NULL);
}
/** ECC Fixed Point mulmod global
k The multiplicand
G Base point to multiply
R [out] Destination of product
modulus The modulus for the curve
map [boolean] If non-zero maps the point back to affine co-ordinates,
otherwise it's left in jacobian-montgomery form
return MP_OKAY if successful
*/
int wc_ecc_mulmod_h(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
int map, void* heap)
{
int idx, err = MP_OKAY;
mp_digit mp;
@@ -4503,7 +4579,7 @@ int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
if (err == MP_OKAY)
err = accel_fp_mul(idx, k, R, modulus, &mp, map);
} else {
err = normal_ecc_mulmod(k, G, R, modulus, map);
err = normal_ecc_mulmod(k, G, R, modulus, map, heap);
}
}
@@ -4589,6 +4665,7 @@ struct ecEncCtx {
word32 kdfSaltSz; /* size of kdfSalt */
word32 kdfInfoSz; /* size of kdfInfo */
word32 macSaltSz; /* size of macSalt */
void* heap; /* heap hint for memory used */
byte clientSalt[EXCHANGE_SALT_SZ]; /* for msg exchange */
byte serverSalt[EXCHANGE_SALT_SZ]; /* for msg exchange */
byte encAlgo; /* which encryption type */
@@ -4736,14 +4813,16 @@ int wc_ecc_ctx_reset(ecEncCtx* ctx, WC_RNG* rng)
}
/* alloc/init and set defaults, return new Context */
ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng)
ecEncCtx* wc_ecc_ctx_new_h(int flags, WC_RNG* rng, void* heap)
{
int ret = 0;
ecEncCtx* ctx = (ecEncCtx*)XMALLOC(sizeof(ecEncCtx), 0, DYNAMIC_TYPE_ECC);
ecEncCtx* ctx = (ecEncCtx*)XMALLOC(sizeof(ecEncCtx), heap,
DYNAMIC_TYPE_ECC);
if (ctx)
if (ctx) {
ctx->protocol = (byte)flags;
ctx->heap = heap;
}
ret = wc_ecc_ctx_reset(ctx, rng);
if (ret != 0) {
@@ -4755,6 +4834,13 @@ ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng)
}
/* alloc/init and set defaults, return new Context */
ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng)
{
return wc_ecc_ctx_new_h(flags, rng, NULL);
}
/* free any resources, clear any keys */
void wc_ecc_ctx_free(ecEncCtx* ctx)
{
+23 -2
View File
@@ -288,10 +288,31 @@ static INLINE int DoKey(HC128* ctx, const byte* key, const byte* iv)
}
int wc_Hc128_SetHeap(HC128* ctx, void* heap)
{
if (ctx == NULL) {
return BAD_FUNC_ARG;
}
#ifdef XSTREAM_ALIGN
ctx->heap = heap;
#endif
(void)heap;
return 0;
}
/* Key setup */
int wc_Hc128_SetKey(HC128* ctx, const byte* key, const byte* iv)
{
#ifdef XSTREAM_ALIGN
/* default heap to NULL or heap test value */
#ifdef WOLFSSL_HEAP_TEST
ctx->heap = (void*)WOLFSSL_HEAP_TEST;
#else
ctx->heap = NULL;
#endif /* WOLFSSL_HEAP_TEST */
if ((wolfssl_word)key % 4) {
int alignKey[4];
@@ -369,14 +390,14 @@ int wc_Hc128_Process(HC128* ctx, byte* output, const byte* input, word32 msglen)
byte* tmp;
WOLFSSL_MSG("Hc128Process unaligned");
tmp = (byte*)XMALLOC(msglen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
tmp = (byte*)XMALLOC(msglen, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL) return MEMORY_E;
XMEMCPY(tmp, input, msglen);
DoProcess(ctx, tmp, tmp, msglen);
XMEMCPY(output, tmp, msglen);
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
return 0;
#else
+9 -2
View File
@@ -626,6 +626,13 @@ int wc_HmacInitCavium(Hmac* hmac, int devId)
hmac->innerHashKeyed = 0;
/* default to NULL heap hint or test value */
#ifdef WOLFSSL_HEAP_TEST
hmac->heap = (void)WOLFSSL_HEAP_TEST;
#else
hmac->heap = NULL;
#endif
return 0;
}
@@ -681,7 +688,7 @@ static int HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length)
return -1;
}
tmp = XMALLOC(hmac->dataLen + add, NULL,DYNAMIC_TYPE_CAVIUM_TMP);
tmp = XMALLOC(hmac->dataLen + add, hmac->heap ,DYNAMIC_TYPE_CAVIUM_TMP);
if (tmp == NULL) {
WOLFSSL_MSG("Out of memory for cavium update");
return -1;
@@ -691,7 +698,7 @@ static int HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length)
XMEMCPY(tmp + hmac->dataLen, msg, add);
hmac->dataLen += add;
XFREE(hmac->data, NULL, DYNAMIC_TYPE_CAVIUM_TMP);
XFREE(hmac->data, hmac->heap, DYNAMIC_TYPE_CAVIUM_TMP);
hmac->data = tmp;
return 0;
+315 -357
View File
@@ -74,6 +74,7 @@ int wolfSSL_SetAllocators(wolfSSL_Malloc_cb mf,
return res;
}
#ifndef WOLFSSL_STATIC_MEMORY
#ifdef WOLFSSL_DEBUG_MEMORY
void* wolfSSL_Malloc(size_t size, const char* func, unsigned int line)
#else
@@ -140,29 +141,19 @@ void* wolfSSL_Realloc(void *ptr, size_t size)
return res;
}
#endif /* WOLFSSL_STATIC_MEMORY */
#ifdef WOLFSSL_STATIC_MEMORY
typedef struct wc_Memory {
word32 sz;
byte* buffer;
byte kill;
struct wc_Memory* next;
} wc_Memory;
#if WC_STATIC_ALIGN < 10
#if WOLFSSL_STATIC_ALIGN < 10
#error Alignment is less than wc_Memory struct
#endif
/* size of chunks of memory to seperate into */
#define WC_MAX_BUCKETS 9
static word32 bucket[] = { 64, 128, 256, 512, 1024, 2400, 3408, 4544, 16000 };
static word32 bucketDist[] = { 8, 4, 4, 12, 4, 5, 2, 1, 1 };
static wc_Memory* available[WC_MAX_BUCKETS];
static word32 inUse = 0; /* amount of static memory in use by wolfSSL */
static byte useStaticMemory = 1;
static volatile byte createMutex = 1;
static wolfSSL_Mutex memory_mutex;
/* returns amount of memory used on success. On error returns negative value
wc_Memory** list is the list that new buckets are prepended to
@@ -174,21 +165,16 @@ static int create_memory_buckets(byte* buffer, word32 bufSz,
int ret = 0;
/* if not enough space available for bucket size then do not try */
if (buckSz + WC_STATIC_ALIGN > bufSz) {
if (buckSz + WOLFSSL_STATIC_ALIGN > bufSz) {
return ret;
}
if (LockMutex(&memory_mutex) != 0) {
return BAD_MUTEX_E;
}
for (i = 0; i < buckNum; i++) {
if ((buckSz + WC_STATIC_ALIGN) <= (bufSz - ret)) {
if ((buckSz + WOLFSSL_STATIC_ALIGN) <= (bufSz - ret)) {
/* create a new struct and set its values */
wc_Memory* mem = (struct wc_Memory*)pt;
mem->sz = buckSz;
mem->buffer = (byte*)pt + WC_STATIC_ALIGN;
mem->kill = 0;
mem->buffer = (byte*)pt + WOLFSSL_STATIC_ALIGN;
mem->next = NULL;
/* add the newly created struct to front of list */
@@ -200,109 +186,27 @@ static int create_memory_buckets(byte* buffer, word32 bufSz,
}
/* advance pointer and keep track of memory used */
ret += buckSz + WC_STATIC_ALIGN;
pt += WC_STATIC_ALIGN + buckSz;
ret += buckSz + WOLFSSL_STATIC_ALIGN;
pt += WOLFSSL_STATIC_ALIGN + buckSz;
}
else {
break; /* not enough space left for more buckets of this size */
}
}
UnLockMutex(&memory_mutex);
return ret;
}
/* Starts at left most address and free until either used memory is encounterd
or end of buffer is.
Returns amount of buffer freed on success and a negative value on fail.
*/
int wolfSSL_unload_static_memory(byte* buffer, word32 sz, word32* amt)
{
wc_Memory* cur = NULL;
wc_Memory* fre = NULL;
wc_Memory* prv = NULL;
int i;
word32 idx = 0;
WOLFSSL_ENTER("wolfSSL_unload_static_memory");
if (buffer == NULL || sz == 0 || amt == NULL) {
return BAD_FUNC_ARG;
}
if (LockMutex(&memory_mutex) != 0) {
return BAD_MUTEX_E;
}
/* too small of memory to be placed as a bucket */
if (sz < bucket[0] + WC_STATIC_ALIGN) {
*amt = sz;
return 1;
}
/* advance past alignment padding */
while ((word64)(buffer + idx) % WC_STATIC_ALIGN && idx < sz) { idx++; }
/* buffer should be already divided up into wc_Memory structs */
while (idx < (sz - bucket[0] - WC_STATIC_ALIGN)) {
cur = (struct wc_Memory*)(buffer + idx);
prv = NULL;
for (i = 0; i < WC_MAX_BUCKETS; i++) {
if (bucket[i] >= cur->sz) break;
}
fre = available[i];
/* find the matching address of the memory in available stack */
while (fre != NULL && (cur != fre)) {
prv = fre;
fre = fre->next;
}
if (fre == NULL) {
WOLFSSL_MSG("Could not find static memory address to free");
break;
}
/* fix linked list to jump over the link to free */
if (prv) {
prv->next = fre->next;
}
/* case if memory is head of stack */
if (available[i] == fre) {
available[i] = fre->next;
}
idx += WC_STATIC_ALIGN + fre->sz;
fre = NULL;
}
UnLockMutex(&memory_mutex);
/* account for some left over memory that could not be used for a bucket */
if (idx > (sz - (bucket[0] + WC_STATIC_ALIGN))) {
*amt = sz; /* all posssible was freed */
return 1;
}
else {
*amt = idx;
return 0;
}
}
int wolfSSL_load_static_memory(byte* buffer, word32 sz)
int wolfSSL_load_static_memory(byte* buffer, word32 sz, int flag,
WOLFSSL_HEAP* heap)
{
word32 ava = sz;
byte* pt = buffer;
int ret = 0;
#ifdef WOLFSSL_TRACK_MEMORY_FULL
word32 created_buckets[WC_MAX_BUCKETS];
word32 created_buckets[WOLFMEM_MAX_BUCKETS];
int j;
XMEMSET(created_buckets, 0, sizeof(created_buckets));
#endif
@@ -313,185 +217,239 @@ int wolfSSL_load_static_memory(byte* buffer, word32 sz)
return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_TRACK_MEMORY_FULL
printf("\t%u bytes passed in\n", sz);
printf("\tAddress %p - %p\n", buffer, buffer + sz);
#endif
/* align pt */
while ((word64)pt % WC_STATIC_ALIGN && pt < (buffer + sz)) {
while ((word64)pt % WOLFSSL_STATIC_ALIGN && pt < (buffer + sz)) {
*pt = 0x00;
pt++;
}
if (createMutex) {
if (InitMutex(&memory_mutex) != 0) {
WOLFSSL_MSG("Bad mutex init");
return BAD_MUTEX_E;
}
createMutex = 0;
if (InitMutex(&(heap->memory_mutex)) != 0) {
WOLFSSL_MSG("Bad mutex init");
return BAD_MUTEX_E;
}
/* devide into chunks of memory and add them to available list */
while (ava >= (bucket[0] + WC_STATIC_ALIGN)) {
while (ava >= (heap->sizeList[0] + WOLFSSL_STATIC_ALIGN)) {
int i;
/* start at largest and move to smaller buckets */
for (i = (WC_MAX_BUCKETS - 1); i >= 0; i--) {
if ((bucket[i] + WC_STATIC_ALIGN) <= ava) {
if ((ret = create_memory_buckets(pt, ava,
bucket[i], bucketDist[i], &available[i])) < 0) {
WOLFSSL_LEAVE("wolfSSL_load_static_memory", ret);
return ret;
}
#ifdef WOLFSSL_TRACK_MEMORY_FULL
/* if defined keep track of buckets created for printing stats*/
for (j = 0; (j + bucket[i] + WC_STATIC_ALIGN) <=(word32)ret;
j += bucket[i] + WC_STATIC_ALIGN) {
created_buckets[i]++;
}
#endif
/* creating only IO buffers from memory passed in, max TLS is 16k */
if (flag & WOLFMEM_IO_POOL || flag & WOLFMEM_IO_POOL_FIXED) {
if ((ret = create_memory_buckets(pt, ava,
WOLFMEM_IO_SZ, 1, &(heap->io))) < 0) {
WOLFSSL_LEAVE("wolfSSL_load_static_memory", ret);
return ret;
}
/* advance pointer in buffer for next buckets and keep track
of how much memory is left available */
pt += ret;
ava -= ret;
/* check if no more room left for creating IO buffers */
if (ret == 0) {
break;
}
/* advance pointer in buffer for next buckets and keep track
of how much memory is left available */
pt += ret;
ava -= ret;
}
else {
/* start at largest and move to smaller buckets */
for (i = (WOLFMEM_MAX_BUCKETS - 1); i >= 0; i--) {
if ((heap->sizeList[i] + WOLFSSL_STATIC_ALIGN) <= ava) {
if ((ret = create_memory_buckets(pt, ava, heap->sizeList[i],
heap->distList[i], &(heap->ava[i]))) < 0) {
WOLFSSL_LEAVE("wolfSSL_load_static_memory", ret);
return ret;
}
#ifdef WOLFSSL_TRACK_MEMORY_FULL
/* if defined keep track of buckets created for stats*/
for (j = 0; (j + heap->sizeList[i] +
WOLFSSL_STATIC_ALIGN) <= (word32)ret; j +=
heap->sizeList[i] + WOLFSSL_STATIC_ALIGN) {
created_buckets[i]++;
}
#endif
/* advance pointer in buffer for next buckets and keep track
of how much memory is left available */
pt += ret;
ava -= ret;
}
}
}
}
#ifdef WOLFSSL_TRACK_MEMORY_FULL
/* if defined print out stats of number of buckets created */
printf("Created Memory Buckets :\n");
for (j = 0; j < WC_MAX_BUCKETS; j++) {
printf("Created %d\tof bucket size %d\n", created_buckets[j],
bucket[j]);
}
#endif
return 1;
}
int wolfSSL_use_static_memory(byte flag)
int FreeFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io)
{
WOLFSSL_MSG("Freeing fixed IO buffer");
WOLFSSL_ENTER("wolfSSL_use_static_memory");
/* check if fixed buffer was set */
if (*io == NULL) {
return 1;
}
useStaticMemory = flag;
if (heap == NULL) {
WOLFSSL_MSG("No heap to return fixed IO too");
}
return 0;
/* put IO buffer back into IO pool */
(*io)->next = heap->io;
heap->io = *io;
*io = NULL;
return 1;
}
word32 wolfSSL_static_memory_inUse()
int SetFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io)
{
WOLFSSL_MSG("Setting fixed IO for SSL");
if (heap == NULL) {
return MEMORY_E;
}
WOLFSSL_ENTER("wolfSSL_static_memory_inUse");
*io = heap->io;
return inUse;
if (*io != NULL) {
heap->io = (*io)->next;
(*io)->next = NULL;
}
else { /* failed to grab an IO buffer */
return 0;
}
return 1;
}
void* wolfSSL_Malloc_Static(size_t size)
int wolfSSL_GetMemStats(WOLFSSL_HEAP* heap, WOLFSSL_MEM_STATS* stats)
{
word32 i;
wc_Memory* pt;
XMEMSET(stats, 0, sizeof(WOLFSSL_MEM_STATS));
stats->totalAlloc = heap->alloc;
stats->totalFr = heap->frAlc;
stats->curAlloc = stats->totalAlloc - stats->totalFr;
stats->maxHa = heap->maxHa;
stats->maxIO = heap->maxIO;
for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) {
stats->blockSz[i] = heap->sizeList[i];
for (pt = heap->ava[i]; pt != NULL; pt = pt->next) {
stats->avaBlock[i] += 1;
}
}
for (pt = heap->io; pt != NULL; pt = pt->next) {
stats->avaIO++;
}
stats->flag = heap->flag; /* flag used */
return 1;
}
void* wolfSSL_Malloc(size_t size, void* heap, int type)
{
void* res = 0;
wc_Memory* pt = NULL;
int i;
if (useStaticMemory == 0) {
pt = malloc(size + WC_STATIC_ALIGN);
pt->buffer = (byte*)pt + WC_STATIC_ALIGN;
pt->sz = (word32)size;
pt->kill = 1;
pt->next = NULL;
res = pt->buffer;
/* check for testing heap hint was set */
#ifdef WOLFSSL_HEAP_TEST
if (heap == (void*)WOLFSSL_HEAP_TEST) {
return malloc(size);
}
#endif
/* if no heap hint then use dynamic memory*/
if (heap == NULL) {
#ifdef WOLFSSL_HEAP_TEST
/* allow using malloc for creating ctx and method */
if (type == DYNAMIC_TYPE_CTX || type == DYNAMIC_TYPE_METHOD ||
type == DYNAMIC_TYPE_CERT_MANAGER) {
WOLFSSL_MSG("ERROR allowing null heap hint for ctx/method\n");
res = malloc(size);
}
else {
WOLFSSL_MSG("ERROR null heap hint passed into XMALLOC\n");
res = NULL;
}
#else
res = malloc(size);
#endif
}
else {
WOLFSSL_HEAP_HINT* hint = (WOLFSSL_HEAP_HINT*)heap;
WOLFSSL_HEAP* mem = hint->memory;
if (LockMutex(&memory_mutex) != 0) {
if (LockMutex(&(mem->memory_mutex)) != 0) {
WOLFSSL_MSG("Bad memory_mutex lock");
return NULL;
}
for (i = 0; i < WC_MAX_BUCKETS; i++) {
if ((word32)size < bucket[i]) {
if (available[i] != NULL) {
pt = available[i];
available[i] = pt->next;
res = pt->buffer;
inUse += pt->sz + WC_STATIC_ALIGN;
#ifdef WOLFSSL_TRACK_MEMORY_FULL
printf("used bucket at address %p size of %d for size"
" req %d\n", res, bucket[i], (word32)size);
#endif
break;
}
/* case of using fixed IO buffers */
if (mem->flag & WOLFMEM_IO_POOL_FIXED) {
if (type == DYNAMIC_TYPE_OUT_BUFFER) {
pt = hint->outBuf;
}
if (type == DYNAMIC_TYPE_IN_BUFFER) {
pt = hint->inBuf;
}
}
UnLockMutex(&memory_mutex);
/* check if using IO pool flag */
if (mem->flag & WOLFMEM_IO_POOL && pt == NULL &&
(type == DYNAMIC_TYPE_OUT_BUFFER ||
type == DYNAMIC_TYPE_IN_BUFFER)) {
if (mem->io != NULL) {
pt = mem->io;
mem->io = pt->next;
}
}
/* case when no memory size is available */
/* general static memory */
if (pt == NULL) {
#ifdef WOLFSSL_TRACK_MEMORY_FULL
{
int k, j;
printf("\tRequested size %lu\n\tAvailable memory "
"buckets\n", size);
for (k = 0; k < WC_MAX_BUCKETS; k++) {
pt = available[k];
j = 0;
while (pt) {
j++;
pt = pt->next;
}
printf("\t%d of bucket %d\n", j, bucket[k]);
for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) {
if ((word32)size < mem->sizeList[i]) {
if (mem->ava[i] != NULL) {
pt = mem->ava[i];
mem->ava[i] = pt->next;
break;
}
}
#endif
/* check if too large and never going to get memory needed */
if ((word32)size > bucket[WC_MAX_BUCKETS-1]) {
WOLFSSL_MSG("Size of malloc is too large");
return NULL;
}
/* wait then try again if set to */
if (WOLFSSL_STATIC_TIMEOUT > 0) {
WOLFSSL_MSG("Waiting for available memory bucket");
XSLEEP(WOLFSSL_STATIC_TIMEOUT);
if (LockMutex(&memory_mutex) != 0) {
WOLFSSL_MSG("Bad memory_mutex lock");
return NULL;
}
for (i = 0; i < WC_MAX_BUCKETS; i++) {
if ((word32)size < bucket[i]) {
if (available[i] != NULL) {
pt = available[i];
available[i] = pt->next;
res = pt->buffer;
inUse += pt->sz + WC_STATIC_ALIGN;
#ifdef WOLFSSL_TRACK_MEMORY_FULL
printf("used bucket at address %p size of %d"
" for size req %d\n", res, bucket[i],
(word32)size);
#endif
break;
}
}
}
UnLockMutex(&memory_mutex);
}
if (pt == NULL) {
WOLFSSL_MSG("No available memory bucket");
}
}
if (pt != NULL) {
mem->inUse += pt->sz + WOLFSSL_STATIC_ALIGN;
mem->alloc += 1;
res = pt->buffer;
/* keep track of connection statistics if flag is set */
if (mem->flag & WOLFMEM_TRACK_STATS) {
WOLFSSL_MEM_CONN_STATS* stats = hint->stats;
if (stats != NULL) {
stats->curMem += pt->sz + WOLFSSL_STATIC_ALIGN;
if (stats->peakMem < stats->curMem) {
stats->peakMem = stats->curMem;
}
stats->curAlloc++;
if (stats->peakAlloc < stats->curAlloc) {
stats->peakAlloc = stats->curAlloc;
}
stats->totalAlloc++;
}
}
}
else {
WOLFSSL_MSG("ERROR ran out of static memory");
}
UnLockMutex(&(mem->memory_mutex));
}
#ifdef WOLFSSL_MALLOC_CHECK
@@ -501,179 +459,179 @@ void* wolfSSL_Malloc_Static(size_t size)
(void)i;
(void)pt;
(void)type;
return res;
}
void wolfSSL_Free_Static(void *ptr)
void wolfSSL_Free(void *ptr, void* heap, int type)
{
int i;
wc_Memory* pt;
if (ptr) {
/* get memory struct and add it to available list */
pt = (wc_Memory*)((byte*)ptr - WC_STATIC_ALIGN);
/* check for testing heap hint was set */
#ifdef WOLFSSL_HEAP_TEST
if (heap == (void*)WOLFSSL_HEAP_TEST) {
return free(ptr);
}
#endif
if (pt->kill) {
free(pt);
if (heap == NULL) {
#ifdef WOLFSSL_HEAP_TEST
/* allow using malloc for creating ctx and method */
if (type == DYNAMIC_TYPE_CTX || type == DYNAMIC_TYPE_METHOD ||
type == DYNAMIC_TYPE_CERT_MANAGER) {
WOLFSSL_MSG("ERROR allowing null heap hint for ctx/method\n");
}
else {
WOLFSSL_MSG("ERROR null heap hint passed into XFREE\n");
}
#endif
free(ptr);
}
else {
LockMutex(&memory_mutex);
WOLFSSL_HEAP_HINT* hint = (WOLFSSL_HEAP_HINT*)heap;
WOLFSSL_HEAP* mem = hint->memory;
for (i = 0; i < WC_MAX_BUCKETS; i++) {
if (pt->sz == bucket[i]) {
inUse -= WC_STATIC_ALIGN + pt->sz;
pt->next = available[i];
available[i] = pt;
#ifdef WOLFSSL_TRACK_MEMORY_FULL
printf("\tfreed %p bucket size of %d\n"
,pt, bucket[i]);
#endif
break;
/* get memory struct and add it to available list */
pt = (wc_Memory*)((byte*)ptr - WOLFSSL_STATIC_ALIGN);
LockMutex(&(mem->memory_mutex));
/* case of using fixed IO buffers */
if (mem->flag & WOLFMEM_IO_POOL_FIXED &&
(type == DYNAMIC_TYPE_OUT_BUFFER ||
type == DYNAMIC_TYPE_IN_BUFFER)) {
/* fixed IO pools are free'd at the end of SSL lifetime
using FreeFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io) */
}
else if (mem->flag & WOLFMEM_IO_POOL &&
(type == DYNAMIC_TYPE_OUT_BUFFER ||
type == DYNAMIC_TYPE_IN_BUFFER)) {
pt->next = mem->io;
mem->io = pt;
}
else { /* general memory free */
for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) {
if (pt->sz == mem->sizeList[i]) {
pt->next = mem->ava[i];
mem->ava[i] = pt;
break;
}
}
}
UnLockMutex(&memory_mutex);
mem->inUse -= WOLFSSL_STATIC_ALIGN + pt->sz;
mem->frAlc += 1;
/* keep track of connection statistics if flag is set */
if (mem->flag & WOLFMEM_TRACK_STATS) {
WOLFSSL_MEM_CONN_STATS* stats = hint->stats;
if (stats != NULL) {
/* avoid under flow */
if (stats->curMem > pt->sz + WOLFSSL_STATIC_ALIGN) {
stats->curMem -= pt->sz + WOLFSSL_STATIC_ALIGN;
}
else {
stats->curMem = 0;
}
if (stats->curAlloc > 0) {
stats->curAlloc--;
}
stats->totalFr++;
}
}
UnLockMutex(&(mem->memory_mutex));
}
}
(void)i;
(void)pt;
(void)type;
}
void* wolfSSL_Realloc_Static(void *ptr, size_t size)
void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type)
{
void* res = 0;
wc_Memory* pt = NULL;
int i;
word32 prvSz;
int i;
if (useStaticMemory == 0) {
pt = realloc(ptr, size + WC_STATIC_ALIGN);
pt->buffer = (byte*)pt + WC_STATIC_ALIGN;
pt->sz = (word32)size;
pt->kill = 1;
pt->next = NULL;
res = pt->buffer;
/* check for testing heap hint was set */
#ifdef WOLFSSL_HEAP_TEST
if (heap == (void*)WOLFSSL_HEAP_TEST) {
return realloc(ptr, size);
}
#endif
if (heap == NULL) {
#ifdef WOLFSSL_HEAP_TEST
WOLFSSL_MSG("ERROR null heap hint passed in to XREALLOC\n");
#endif
res = realloc(ptr, size);
}
else {
WOLFSSL_HEAP_HINT* hint = (WOLFSSL_HEAP_HINT*)heap;
WOLFSSL_HEAP* mem = hint->memory;
if (LockMutex(&memory_mutex) != 0) {
if (LockMutex(&(mem->memory_mutex)) != 0) {
WOLFSSL_MSG("Bad memory_mutex lock");
return NULL;
}
for (i = 0; i < WC_MAX_BUCKETS; i++) {
if ((word32)size < bucket[i]) {
if (available[i] != NULL) {
word32 prvSz;
pt = available[i];
available[i] = pt->next;
res = pt->buffer;
/* copy over original information and free ptr */
prvSz = ((wc_Memory*)((byte*)ptr -WC_STATIC_ALIGN))->sz;
prvSz = (prvSz > bucket[i])? bucket[i]: prvSz;
XMEMCPY(pt->buffer, ptr, prvSz);
/* free memory that was previously being used */
UnLockMutex(&memory_mutex);
wolfSSL_Free_Static(ptr);
if (LockMutex(&memory_mutex) != 0) {
WOLFSSL_MSG("Bad memory_mutex lock");
return NULL;
}
inUse += pt->sz + WC_STATIC_ALIGN;
#ifdef WOLFSSL_TRACK_MEMORY_FULL
printf("realloc used a bucket of %d for size req %d\n",
bucket[i], (word32)size);
#endif
break;
}
/* case of using fixed IO buffers or IO pool */
if (((mem->flag & WOLFMEM_IO_POOL)||(mem->flag & WOLFMEM_IO_POOL_FIXED))
&& (type == DYNAMIC_TYPE_OUT_BUFFER ||
type == DYNAMIC_TYPE_IN_BUFFER)) {
/* no realloc, is fixed size */
pt = (wc_Memory*)ptr;
if (pt->sz < size) {
WOLFSSL_MSG("Error IO memory was not large enough");
res = NULL; /* return NULL in error case */
}
res = pt->buffer;
}
UnLockMutex(&memory_mutex);
/* case when no memory size is available */
if (pt == NULL) {
#ifdef WOLFSSL_TRACK_MEMORY_FULL
{
int k, j;
printf("\tRequested size %lu\n\tAvailable memory "
"buckets\n", size);
for (k = 0; k < WC_MAX_BUCKETS; k++) {
pt = available[k];
j = 0;
while (pt) {
j++;
pt = pt->next;
}
printf("\t%d of bucket %d\n", j, bucket[k]);
else {
/* general memory */
for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) {
if ((word32)size < mem->sizeList[i]) {
if (mem->ava[i] != NULL) {
pt = mem->ava[i];
mem->ava[i] = pt->next;
break;
}
}
#endif
/* check if too large and never going to get memory needed */
if ((word32)size > bucket[WC_MAX_BUCKETS-1]) {
WOLFSSL_MSG("Size of malloc is too large");
return NULL;
}
if (WOLFSSL_STATIC_TIMEOUT > 0) {
WOLFSSL_MSG("Waiting for available memory bucket");
XSLEEP(WOLFSSL_STATIC_TIMEOUT);
if (pt != NULL && res == NULL) {
res = pt->buffer;
if (LockMutex(&memory_mutex) != 0) {
/* copy over original information and free ptr */
prvSz = ((wc_Memory*)((byte*)ptr -
WOLFSSL_STATIC_ALIGN))->sz;
prvSz = (prvSz > pt->sz)? pt->sz: prvSz;
XMEMCPY(pt->buffer, ptr, prvSz);
mem->inUse += pt->sz + WOLFSSL_STATIC_ALIGN;
mem->alloc += 1;
/* free memory that was previously being used */
UnLockMutex(&(mem->memory_mutex));
wolfSSL_Free(ptr, heap, type);
if (LockMutex(&(mem->memory_mutex)) != 0) {
WOLFSSL_MSG("Bad memory_mutex lock");
return NULL;
}
for (i = 0; i < WC_MAX_BUCKETS; i++) {
if ((word32)size < bucket[i]) {
if (available[i] != NULL) {
word32 prvSz;
pt = available[i];
available[i] = pt->next;
res = pt->buffer;
/* copy over original information and free ptr*/
prvSz = ((wc_Memory*)((byte*)ptr -
WC_STATIC_ALIGN))->sz;
prvSz = (prvSz > bucket[i])? bucket[i]: prvSz;
XMEMCPY(pt->buffer, ptr, prvSz);
/* free memory that was previously being used */
UnLockMutex(&memory_mutex);
wolfSSL_Free_Static(ptr);
if (LockMutex(&memory_mutex) != 0) {
WOLFSSL_MSG("Bad memory_mutex lock");
return NULL;
}
inUse += pt->sz + WC_STATIC_ALIGN;
#ifdef WOLFSSL_TRACK_MEMORY_FULL
printf("realloc used a bucket of %d for size"
" req %d\n", bucket[i], (word32)size);
#endif
break;
}
}
}
UnLockMutex(&memory_mutex);
}
if (pt == NULL) {
WOLFSSL_MSG("No available memory bucket");
}
}
UnLockMutex(&(mem->memory_mutex));
}
(void)i;
(void)pt;
(void)type;
return res;
}
+60 -39
View File
@@ -139,13 +139,32 @@ int wc_GetContentType(const byte* input, word32* inOutIdx, word32* oid,
}
int wc_PKCS7_SetHeap(PKCS7* pkcs7, void* heap)
{
if (pkcs7 == NULL) {
return BAD_FUNC_ARG;
}
pkcs7->heap = heap;
return 0;
}
/* init PKCS7 struct with recipient cert, decode into DecodedCert */
int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz)
{
int ret = 0;
XMEMSET(pkcs7, 0, sizeof(PKCS7));
if (cert != NULL && certSz > 0) {
/* default heap hint is null or test value */
#ifdef WOLFSSL_HEAP_TEST
pkcs7->heap = (void*)WOLFSSL_HEAP_TEST;
#else
pkcs7->heap = NULL;
#endif
if (cert != NULL && certSz > 0) {
#ifdef WOLFSSL_SMALL_STACK
DecodedCert* dCert;
@@ -160,7 +179,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz)
pkcs7->singleCert = cert;
pkcs7->singleCertSz = certSz;
InitDecodedCert(dCert, cert, certSz, 0);
InitDecodedCert(dCert, cert, certSz, pkcs7->heap);
ret = ParseCert(dCert, CA_TYPE, NO_VERIFY, 0);
if (ret < 0) {
@@ -435,12 +454,13 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
esd->signedAttribsSz += EncodeAttributes(&esd->signedAttribs[2], 4,
pkcs7->signedAttribs, pkcs7->signedAttribsSz);
flatSignedAttribs = (byte*)XMALLOC(esd->signedAttribsSz, 0, NULL);
flatSignedAttribs = (byte*)XMALLOC(esd->signedAttribsSz, pkcs7->heap,
DYNAMIC_TYPE_PKCS);
flatSignedAttribsSz = esd->signedAttribsSz;
if (flatSignedAttribs == NULL) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#endif
return MEMORY_E;
}
FlattenAttributes(flatSignedAttribs,
@@ -475,7 +495,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
ret = wc_InitSha(&esd->sha);
if (ret < 0) {
XFREE(flatSignedAttribs, 0, NULL);
XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
#ifdef WOLFSSL_SMALL_STACK
XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@@ -526,13 +546,13 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
}
#endif
result = wc_InitRsaKey(privKey, NULL);
result = wc_InitRsaKey(privKey, pkcs7->heap);
if (result == 0)
result = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &scratch, privKey,
pkcs7->privateKeySz);
if (result < 0) {
if (pkcs7->signedAttribsSz != 0)
XFREE(flatSignedAttribs, 0, NULL);
XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
#ifdef WOLFSSL_SMALL_STACK
XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -555,7 +575,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
if (result < 0) {
if (pkcs7->signedAttribsSz != 0)
XFREE(flatSignedAttribs, 0, NULL);
XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
#ifdef WOLFSSL_SMALL_STACK
XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@@ -598,7 +618,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
if (outputSz < totalSz) {
if (pkcs7->signedAttribsSz != 0)
XFREE(flatSignedAttribs, 0, NULL);
XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
#ifdef WOLFSSL_SMALL_STACK
XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@@ -657,7 +677,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
idx += esd->signedAttribSetSz;
XMEMCPY(output + idx, flatSignedAttribs, flatSignedAttribsSz);
idx += flatSignedAttribsSz;
XFREE(flatSignedAttribs, 0, NULL);
XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
}
XMEMCPY(output + idx, esd->digEncAlgoId, esd->digEncAlgoIdSz);
@@ -896,7 +916,7 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
XMEMSET(digest, 0, MAX_PKCS7_DIGEST_SZ);
ret = wc_InitRsaKey(key, NULL);
ret = wc_InitRsaKey(key, pkcs7->heap);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -936,8 +956,8 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
WOLFSSL_LOCAL int wc_CreateRecipientInfo(const byte* cert, word32 certSz,
int keyEncAlgo, int blockKeySz,
WC_RNG* rng, byte* contentKeyPlain,
byte* contentKeyEnc,
int* keyEncSz, byte* out, word32 outSz)
byte* contentKeyEnc, int* keyEncSz,
byte* out, word32 outSz, void* heap)
{
word32 idx = 0;
int ret = 0, totalSz = 0;
@@ -980,7 +1000,7 @@ WOLFSSL_LOCAL int wc_CreateRecipientInfo(const byte* cert, word32 certSz,
DecodedCert* decoded = &stack_decoded;
#endif
InitDecodedCert(decoded, (byte*)cert, certSz, 0);
InitDecodedCert(decoded, (byte*)cert, certSz, heap);
ret = ParseCert(decoded, CA_TYPE, NO_VERIFY, 0);
if (ret < 0) {
FreeDecodedCert(decoded);
@@ -1252,7 +1272,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
recipSz = wc_CreateRecipientInfo(pkcs7->singleCert, pkcs7->singleCertSz, RSAk,
blockKeySz, &rng, contentKeyPlain,
contentKeyEnc, &contentKeyEncSz, recip,
MAX_RECIP_SZ);
MAX_RECIP_SZ, pkcs7->heap);
ForceZero(contentKeyEnc, MAX_ENCRYPTED_KEY_SZ);
@@ -1293,7 +1313,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
padSz = DES_BLOCK_SIZE - (pkcs7->contentSz % DES_BLOCK_SIZE);
desOutSz = pkcs7->contentSz + padSz;
plain = (byte*)XMALLOC(desOutSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
plain = (byte*)XMALLOC(desOutSz, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
@@ -1306,9 +1326,10 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
plain[pkcs7->contentSz + i] = (byte)padSz;
}
encryptedContent = (byte*)XMALLOC(desOutSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
encryptedContent = (byte*)XMALLOC(desOutSz, pkcs7->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (encryptedContent == NULL) {
XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
#endif
@@ -1324,8 +1345,8 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
oidBlkType, ivOctetStringSz + DES_BLOCK_SIZE);
if (contentEncAlgoSz == 0) {
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
#endif
@@ -1342,8 +1363,8 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
wc_Des_CbcEncrypt(&des, encryptedContent, plain, desOutSz);
if (ret != 0) {
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
#endif
@@ -1359,8 +1380,8 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
ret = wc_Des3_CbcEncrypt(&des3, encryptedContent, plain, desOutSz);
if (ret != 0) {
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
#endif
@@ -1395,8 +1416,8 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
if (totalSz > (int)outputSz) {
WOLFSSL_MSG("Pkcs7_encrypt output buffer too small");
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
#endif
@@ -1434,9 +1455,9 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
ForceZero(contentKeyPlain, MAX_CONTENT_KEY_LEN);
XFREE(plain, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
#endif
@@ -1702,8 +1723,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
#endif
return ASN_PARSE_E;
}
encryptedContent = (byte*)XMALLOC(encryptedContentSz, NULL,
encryptedContent = (byte*)XMALLOC(encryptedContentSz, pkcs7->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (encryptedContent == NULL) {
#ifdef WOLFSSL_SMALL_STACK
@@ -1725,7 +1746,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
ret = wc_InitRsaKey(privKey, 0);
if (ret != 0) {
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1739,7 +1760,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
pkcs7->privateKeySz);
if (ret != 0) {
WOLFSSL_MSG("Failed to decode RSA private key");
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1757,7 +1778,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
#endif
if (keySz <= 0) {
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@@ -1774,7 +1795,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
encryptedContentSz);
if (ret != 0) {
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@@ -1789,7 +1810,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
encryptedContentSz);
if (ret != 0) {
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@@ -1797,7 +1818,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
}
} else {
WOLFSSL_MSG("Unsupported content encryption OID type");
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@@ -1812,11 +1833,11 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
/* free memory, zero out keys */
ForceZero(encryptedKey, MAX_ENCRYPTED_KEY_SZ);
ForceZero(encryptedContent, encryptedContentSz);
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return encryptedContentSz - padLen;
}
+13 -2
View File
@@ -403,8 +403,19 @@ int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen,
return ret;
}
int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt,
int saltLen, int iterations, int kLen, int hashType, int id)
{
return wc_PKCS12_PBKDF_ex(output, passwd, passLen, salt, saltLen,
iterations, kLen, hashType, id, NULL);
}
/* extended API that allows a heap hint to be used */
int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen,
const byte* salt, int saltLen, int iterations, int kLen,
int hashType, int id, void* heap)
{
/* all in bytes instead of bits */
word32 u, v, dLen, pLen, iLen, sLen, totalLen;
@@ -460,7 +471,7 @@ int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* sa
totalLen = dLen + sLen + pLen;
if (totalLen > sizeof(staticBuffer)) {
buffer = (byte*)XMALLOC(totalLen, 0, DYNAMIC_TYPE_KEY);
buffer = (byte*)XMALLOC(totalLen, heap, DYNAMIC_TYPE_KEY);
if (buffer == NULL) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -548,7 +559,7 @@ int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* sa
mp_clear(&B1);
}
if (dynamic) XFREE(buffer, 0, DYNAMIC_TYPE_KEY);
if (dynamic) XFREE(buffer, heap, DYNAMIC_TYPE_KEY);
#ifdef WOLFSSL_SMALL_STACK
XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+24 -2
View File
@@ -200,10 +200,32 @@ static INLINE int DoKey(Rabbit* ctx, const byte* key, const byte* iv)
}
int wc_Rabbit_SetHeap(Rabbit* ctx, void* heap)
{
if (ctx == NULL) {
return BAD_FUNC_ARG;
}
#ifdef XSTREAM_ALIGN
ctx->heap = heap;
#endif
(void)heap;
return 0;
}
/* Key setup */
int wc_RabbitSetKey(Rabbit* ctx, const byte* key, const byte* iv)
{
#ifdef XSTREAM_ALIGN
/* default heap to NULL or heap test value */
#ifdef WOLFSSL_HEAP_TEST
ctx->heap = (void*)WOLFSSL_HEAP_TEST;
#else
ctx->heap = NULL;
#endif /* WOLFSSL_HEAP_TEST */
if ((wolfssl_word)key % 4) {
int alignKey[4];
@@ -289,14 +311,14 @@ int wc_RabbitProcess(Rabbit* ctx, byte* output, const byte* input, word32 msglen
byte* tmp;
WOLFSSL_MSG("wc_RabbitProcess unaligned");
tmp = (byte*)XMALLOC(msglen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
tmp = (byte*)XMALLOC(msglen, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL) return MEMORY_E;
XMEMCPY(tmp, input, msglen);
DoProcess(ctx, tmp, tmp, msglen);
XMEMCPY(output, tmp, msglen);
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
return 0;
#else
+15 -3
View File
@@ -492,16 +492,23 @@ static int Hash_DRBG_Uninstantiate(DRBG* drbg)
/* Get seed and key cipher */
int wc_InitRng(WC_RNG* rng)
int wc_InitRng_ex(WC_RNG* rng, void* heap)
{
int ret = BAD_FUNC_ARG;
if (rng != NULL) {
#ifdef WOLFSSL_HEAP_TEST
rng->heap = (void*)WOLFSSL_HEAP_TEST;
(void)heap;
#else
rng->heap = heap;
#endif
if (wc_RNG_HealthTestLocal(0) == 0) {
byte entropy[ENTROPY_NONCE_SZ];
rng->drbg =
(struct DRBG*)XMALLOC(sizeof(DRBG), NULL, DYNAMIC_TYPE_RNG);
(struct DRBG*)XMALLOC(sizeof(DRBG), rng->heap,
DYNAMIC_TYPE_RNG);
if (rng->drbg == NULL) {
ret = MEMORY_E;
}
@@ -543,6 +550,11 @@ int wc_InitRng(WC_RNG* rng)
return ret;
}
int wc_InitRng(WC_RNG* rng)
{
return wc_InitRng_ex(rng, NULL);
}
/* place a generated block in output */
int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
@@ -611,7 +623,7 @@ int wc_FreeRng(WC_RNG* rng)
else
ret = RNG_FAILURE_E;
XFREE(rng->drbg, NULL, DYNAMIC_TYPE_RNG);
XFREE(rng->drbg, rng->heap, DYNAMIC_TYPE_RNG);
rng->drbg = NULL;
}
+38 -30
View File
@@ -230,7 +230,7 @@ int wc_FreeRsaKey(RsaKey* key)
outSz: size of output buffer
*/
static int wc_MGF1(enum wc_HashType hType, byte* seed, word32 seedSz,
byte* out, word32 outSz)
byte* out, word32 outSz, void* heap)
{
byte* tmp;
/* needs to be large enough for seed size plus counter(4) */
@@ -255,7 +255,7 @@ static int wc_MGF1(enum wc_HashType hType, byte* seed, word32 seedSz,
/* find largest amount of memory needed which will be the max of
* hLen and (seedSz + 4) since tmp is used to store the hash digest */
tmpSz = ((seedSz + 4) > (word32)hLen)? seedSz + 4: (word32)hLen;
tmp = (byte*)XMALLOC(tmpSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
tmp = (byte*)XMALLOC(tmpSz, heap, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL) {
return MEMORY_E;
}
@@ -282,7 +282,7 @@ static int wc_MGF1(enum wc_HashType hType, byte* seed, word32 seedSz,
if ((ret = wc_Hash(hType, tmp, (seedSz + 4), tmp, tmpSz)) != 0) {
/* check for if dynamic memory was needed, then free */
if (tmpF) {
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
}
return ret;
}
@@ -296,7 +296,7 @@ static int wc_MGF1(enum wc_HashType hType, byte* seed, word32 seedSz,
/* check for if dynamic memory was needed, then free */
if (tmpF) {
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
}
return 0;
@@ -307,29 +307,32 @@ static int wc_MGF1(enum wc_HashType hType, byte* seed, word32 seedSz,
switeched on type input
*/
static int wc_MGF(int type, byte* seed, word32 seedSz,
byte* out, word32 outSz)
byte* out, word32 outSz, void* heap)
{
int ret;
switch(type) {
#ifndef NO_SHA
case WC_MGF1SHA1:
ret = wc_MGF1(WC_HASH_TYPE_SHA, seed, seedSz, out, outSz);
ret = wc_MGF1(WC_HASH_TYPE_SHA, seed, seedSz, out, outSz, heap);
break;
#endif
#ifndef NO_SHA256
case WC_MGF1SHA256:
ret = wc_MGF1(WC_HASH_TYPE_SHA256, seed, seedSz, out, outSz);
ret = wc_MGF1(WC_HASH_TYPE_SHA256, seed, seedSz,
out, outSz, heap);
break;
#endif
#ifdef WOLFSSL_SHA512
#ifdef WOLFSSL_SHA384
case WC_MGF1SHA384:
ret = wc_MGF1(WC_HASH_TYPE_SHA384, seed, seedSz, out, outSz);
ret = wc_MGF1(WC_HASH_TYPE_SHA384, seed, seedSz,
out, outSz, heap);
break;
#endif
case WC_MGF1SHA512:
ret = wc_MGF1(WC_HASH_TYPE_SHA512, seed, seedSz, out, outSz);
ret = wc_MGF1(WC_HASH_TYPE_SHA512, seed, seedSz,
out, outSz, heap);
break;
#endif
default:
@@ -342,14 +345,16 @@ static int wc_MGF(int type, byte* seed, word32 seedSz,
(void)seedSz;
(void)out;
(void)outSz;
(void)heap;
return ret;
}
static int wc_RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
word32 pkcsBlockLen, byte padValue, WC_RNG* rng,
enum wc_HashType hType, int mgf, byte* optLabel, word32 labelLen)
word32 pkcsBlockLen, byte padValue, WC_RNG* rng,
enum wc_HashType hType, int mgf, byte* optLabel,
word32 labelLen, void* heap)
{
int ret;
int hLen;
@@ -464,7 +469,7 @@ static int wc_RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
}
/* create maskedDB from dbMask */
dbMask = (byte*)XMALLOC(pkcsBlockLen - hLen - 1, NULL, DYNAMIC_TYPE_RSA);
dbMask = (byte*)XMALLOC(pkcsBlockLen - hLen - 1, heap, DYNAMIC_TYPE_RSA);
if (dbMask == NULL) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(lHash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -474,9 +479,9 @@ static int wc_RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
}
XMEMSET(dbMask, 0, pkcsBlockLen - hLen - 1); /* help static analyzer */
ret = wc_MGF(mgf, seed, hLen, dbMask, pkcsBlockLen - hLen - 1);
ret = wc_MGF(mgf, seed, hLen, dbMask, pkcsBlockLen - hLen - 1, heap);
if (ret != 0) {
XFREE(dbMask, NULL, DYNAMIC_TYPE_RSA);
XFREE(dbMask, heap, DYNAMIC_TYPE_RSA);
#ifdef WOLFSSL_SMALL_STACK
XFREE(lHash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -490,7 +495,7 @@ static int wc_RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
pkcsBlock[idx] = dbMask[i++] ^ pkcsBlock[idx];
idx++;
}
XFREE(dbMask, NULL, DYNAMIC_TYPE_RSA);
XFREE(dbMask, heap, DYNAMIC_TYPE_RSA);
/* create maskedSeed from seedMask */
@@ -498,7 +503,7 @@ static int wc_RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
pkcsBlock[idx++] = 0x00;
/* create seedMask inline */
if ((ret = wc_MGF(mgf, pkcsBlock + hLen + 1, pkcsBlockLen - hLen - 1,
pkcsBlock + 1, hLen)) != 0) {
pkcsBlock + 1, hLen, heap)) != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(lHash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -572,8 +577,9 @@ static int wc_RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
#ifndef WC_NO_RSA_OAEP
/* helper function to direct which padding is used */
static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,
word32 pkcsBlockLen, byte padValue, WC_RNG* rng, int padType,
enum wc_HashType hType, int mgf, byte* optLabel, word32 labelLen)
word32 pkcsBlockLen, byte padValue, WC_RNG* rng,
int padType, enum wc_HashType hType, int mgf,
byte* optLabel, word32 labelLen, void* heap)
{
int ret;
@@ -588,7 +594,7 @@ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,
case WC_RSA_OAEP_PAD:
WOLFSSL_MSG("wolfSSL Using RSA OAEP padding");
ret = wc_RsaPad_OAEP(input, inputLen, pkcsBlock, pkcsBlockLen,
padValue, rng, hType, mgf, optLabel, labelLen);
padValue, rng, hType, mgf, optLabel, labelLen, heap);
break;
default:
@@ -602,6 +608,7 @@ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,
(void)mgf;
(void)optLabel;
(void)labelLen;
(void)heap;
return ret;
}
@@ -611,7 +618,7 @@ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,
* < 0 on error */
static int wc_RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
byte **output, enum wc_HashType hType, int mgf,
byte* optLabel, word32 labelLen)
byte* optLabel, word32 labelLen, void* heap)
{
int hLen;
int ret;
@@ -624,7 +631,7 @@ static int wc_RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
return BAD_FUNC_ARG;
}
tmp = (byte*)XMALLOC(pkcsBlockLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
tmp = (byte*)XMALLOC(pkcsBlockLen, heap, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL) {
return MEMORY_E;
}
@@ -632,8 +639,8 @@ static int wc_RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
/* find seedMask value */
if ((ret = wc_MGF(mgf, (byte*)(pkcsBlock + (hLen + 1)),
pkcsBlockLen - hLen - 1, tmp, hLen)) != 0) {
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
pkcsBlockLen - hLen - 1, tmp, hLen, heap)) != 0) {
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
@@ -644,8 +651,8 @@ static int wc_RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
/* get dbMask value */
if ((ret = wc_MGF(mgf, tmp, hLen, tmp + hLen,
pkcsBlockLen - hLen - 1)) != 0) {
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
pkcsBlockLen - hLen - 1, heap)) != 0) {
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
@@ -655,7 +662,7 @@ static int wc_RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
}
/* done with use of tmp buffer */
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
/* advance idx to index of PS and msg separator */
idx = hLen + 2 + hLen;
@@ -739,7 +746,7 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
/* helper function to direct unpadding */
static int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out,
byte padValue, int padType, enum wc_HashType hType,
int mgf, byte* optLabel, word32 labelLen)
int mgf, byte* optLabel, word32 labelLen, void* heap)
{
int ret;
@@ -753,7 +760,7 @@ static int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out,
case WC_RSA_OAEP_PAD:
WOLFSSL_MSG("wolfSSL Using RSA OAEP padding");
ret = wc_RsaUnPad_OAEP((byte*)pkcsBlock, pkcsBlockLen, out,
hType, mgf, optLabel, labelLen);
hType, mgf, optLabel, labelLen, heap);
break;
default:
@@ -767,6 +774,7 @@ static int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out,
(void)mgf;
(void)optLabel;
(void)labelLen;
(void)heap;
return ret;
}
@@ -940,7 +948,7 @@ int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out,
return RSA_BUFFER_E;
ret = wc_RsaPad_ex(in, inLen, out, sz, RSA_BLOCK_TYPE_2, rng,
type, hash, mgf, label, labelSz);
type, hash, mgf, label, labelSz, key->heap);
if (ret != 0)
return ret;
@@ -1017,7 +1025,7 @@ int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen, byte** out,
}
return wc_RsaUnPad_ex(in, inLen, out, RSA_BLOCK_TYPE_2, type, hash, mgf,
label, labelSz);
label, labelSz, key->heap);
}
#endif /* WC_NO_RSA_OAEP */
+26 -13
View File
@@ -254,6 +254,13 @@ int wc_SrpInit(Srp* srp, SrpType type, SrpSide side)
srp->keyGenFunc_cb = wc_SrpSetKey;
/* default heap hint to NULL or test value */
#ifdef WOLFSSL_HEAP_TEST
srp->heap = (void*)WOLFSSL_HEAP_TEST;
#else
srp->heap = NULL;
#endif
return 0;
}
@@ -263,12 +270,18 @@ void wc_SrpTerm(Srp* srp)
mp_clear(&srp->N); mp_clear(&srp->g);
mp_clear(&srp->auth); mp_clear(&srp->priv);
ForceZero(srp->salt, srp->saltSz);
XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP);
ForceZero(srp->user, srp->userSz);
XFREE(srp->user, NULL, DYNAMIC_TYPE_SRP);
ForceZero(srp->key, srp->keySz);
XFREE(srp->key, NULL, DYNAMIC_TYPE_SRP);
if (srp->salt) {
ForceZero(srp->salt, srp->saltSz);
XFREE(srp->salt, srp->heap, DYNAMIC_TYPE_SRP);
}
if (srp->user) {
ForceZero(srp->user, srp->userSz);
XFREE(srp->user, srp->heap, DYNAMIC_TYPE_SRP);
}
if (srp->key) {
ForceZero(srp->key, srp->keySz);
XFREE(srp->key, srp->heap, DYNAMIC_TYPE_SRP);
}
ForceZero(srp, sizeof(Srp));
}
@@ -279,7 +292,7 @@ int wc_SrpSetUsername(Srp* srp, const byte* username, word32 size)
if (!srp || !username)
return BAD_FUNC_ARG;
srp->user = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_SRP);
srp->user = (byte*)XMALLOC(size, srp->heap, DYNAMIC_TYPE_SRP);
if (srp->user == NULL)
return MEMORY_E;
@@ -322,10 +335,10 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz,
/* Set salt */
if (srp->salt) {
ForceZero(srp->salt, srp->saltSz);
XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP);
XFREE(srp->salt, srp->heap, DYNAMIC_TYPE_SRP);
}
srp->salt = (byte*)XMALLOC(saltSz, NULL, DYNAMIC_TYPE_SRP);
srp->salt = (byte*)XMALLOC(saltSz, srp->heap, DYNAMIC_TYPE_SRP);
if (srp->salt == NULL)
return MEMORY_E;
@@ -538,7 +551,7 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size)
byte counter[4];
int r = BAD_FUNC_ARG;
srp->key = (byte*)XMALLOC(2 * digestSz, NULL, DYNAMIC_TYPE_SRP);
srp->key = (byte*)XMALLOC(2 * digestSz, srp->heap, DYNAMIC_TYPE_SRP);
if (srp->key == NULL)
return MEMORY_E;
@@ -599,11 +612,11 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
digestSz = SrpHashSize(srp->type);
secretSz = mp_unsigned_bin_size(&srp->N);
if ((secret = (byte*)XMALLOC(secretSz, NULL, DYNAMIC_TYPE_SRP)) == NULL)
if ((secret = (byte*)XMALLOC(secretSz, srp->heap, DYNAMIC_TYPE_SRP)) ==NULL)
return MEMORY_E;
if ((r = mp_init_multi(&u, &s, &temp1, &temp2, 0, 0)) != MP_OKAY) {
XFREE(secret, NULL, DYNAMIC_TYPE_SRP);
XFREE(secret, srp->heap, DYNAMIC_TYPE_SRP);
return r;
}
@@ -679,7 +692,7 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
if (!r) r = SrpHashUpdate(&srp->server_proof, clientPubKey, clientPubKeySz);
XFREE(secret, NULL, DYNAMIC_TYPE_SRP);
XFREE(secret, srp->heap, DYNAMIC_TYPE_SRP);
mp_clear(&u); mp_clear(&s); mp_clear(&temp1); mp_clear(&temp2);
return r;
+1 -29
View File
@@ -40,28 +40,6 @@
#pragma warning(disable: 4996)
#endif
#ifdef WOLFSSL_STATIC_MEMORY
#if defined(WOLFSSL_STATIC_MEMORY_SMALL)
static byte wc_staticMemory[54833];
/* peak of one connection (10 concurent connections) plus 41 chunks of 64 byte
for structs */
#elif defined(WOLFSSL_STATIC_MEMORY_MEDIUM)
static byte wc_staticMemory[941888];
/* peak of one connection (520 concurent connections) plus 41 chunks of 64 byte
for structs */
#elif defined(WOLFSSL_STATIC_MEMORY_LARGE)
static byte wc_staticMemory[1860992];
/* peak of one connection (1040 concurent connections) plus 41 chunks of 64 byte
for structs */
#elif defined(WOLFSSL_STATIC_MEMORY_HUGE)
static byte wc_staticMemory[3699200];
/* peak of one connection (1040 concurent connections) plus 41 chunks of 64 byte
for structs */
#else
static byte wc_staticMemory[0];
#endif
#endif /* WOLFSSL_STATIC_MEMORY */
/* prevent multiple mutex initializations */
static volatile int initRefCount = 0;
@@ -93,13 +71,7 @@ int wolfCrypt_Init()
#ifdef WOLFSSL_STATIC_MEMORY
/* set static memory functions and load initial memory */
wolfSSL_SetAllocators(wolfSSL_Malloc_Static, wolfSSL_Free_Static,
wolfSSL_Realloc_Static);
if (wolfSSL_load_static_memory(wc_staticMemory,
sizeof(wc_staticMemory)) != 1) {
WOLFSSL_MSG("Error setting up static memory");
ret = WC_INIT_E;
}
wolfSSL_SetAllocators(wolfSSL_Malloc, wolfSSL_Free, wolfSSL_Realloc);
#endif
initRefCount = 1;
}
+445 -453
View File
File diff suppressed because it is too large Load Diff
+14 -4
View File
@@ -1495,6 +1495,7 @@ struct WOLFSSL_CRL {
int mfd; /* monitor fd, -1 if no init yet */
int setup; /* thread is setup predicate */
#endif
void* heap; /* heap hint for dynamic memory */
};
@@ -1906,6 +1907,9 @@ WOLFSSL_LOCAL int wolfSSL_EventInit(WOLFSSL* ssl, WOLF_EVENT_TYPE type);
WOLFSSL_LOCAL int wolfSSL_CTX_EventPush(WOLFSSL_CTX* ctx, WOLF_EVENT* event);
#endif /* HAVE_WOLF_EVENT */
#ifdef WOLFSSL_STATIC_MEMORY
WOLFSSL_LOCAL int wolfSSL_init_memory_heap(WOLFSSL_HEAP* heap);
#endif
/* wolfSSL context type */
struct WOLFSSL_CTX {
@@ -2030,7 +2034,9 @@ struct WOLFSSL_CTX {
WOLFSSL_LOCAL
int InitSSL_Ctx(WOLFSSL_CTX*, WOLFSSL_METHOD*);
WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap);
WOLFSSL_LOCAL
int InitSSL_Ctx(WOLFSSL_CTX*, WOLFSSL_METHOD*, void* heap);
WOLFSSL_LOCAL
void FreeSSL_Ctx(WOLFSSL_CTX*);
WOLFSSL_LOCAL
@@ -2518,6 +2524,7 @@ struct WOLFSSL_X509 {
#endif
DNS_entry* altNames; /* alt names list */
DNS_entry* altNamesNext; /* hint for retrieval */
void* heap; /* heap hint */
byte dynamicMemory; /* dynamic memory flag */
byte isCa;
#ifdef OPENSSL_EXTRA
@@ -2656,6 +2663,9 @@ struct WOLFSSL {
void* verifyCbCtx; /* cert verify callback user ctx*/
VerifyCallback verifyCallback; /* cert verification callback */
void* heap; /* for user overrides */
#ifdef WOLFSSL_STATIC_MEMORY
WOLFSSL_HEAP_HINT heap_hint;
#endif
#ifndef NO_HANDSHAKE_DONE_CB
HandShakeDoneCb hsDoneCb; /* notify user handshake done */
void* hsDoneCtx; /* user handshake cb context */
@@ -2835,7 +2845,7 @@ int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*);
WOLFSSL_LOCAL
int InitSSL(WOLFSSL*, WOLFSSL_CTX*);
WOLFSSL_LOCAL
void FreeSSL(WOLFSSL*);
void FreeSSL(WOLFSSL*, void* heap);
WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */
@@ -3070,8 +3080,8 @@ WOLFSSL_LOCAL word32 LowResTimer(void);
#ifndef NO_CERTS
WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int);
WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name);
WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int);
WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap);
WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int, void* heap);
WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*);
WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*);
#endif
+35
View File
@@ -219,6 +219,27 @@ WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void);
WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method(void);
#endif
#ifdef WOLFSSL_STATIC_MEMORY
typedef WOLFSSL_METHOD* (*wolfSSLStaticMethod)(void*);
WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_static(void* heap);
WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_static(void* heap);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_static(void* heap);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_static(void* heap);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_static(void* heap);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_static(void* heap);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_static(void* heap);
WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_static(void* heap);
WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_static(void* heap);
WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_client_static(void* heap);
#ifdef WOLFSSL_DTLS
WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_static(void* heap);
WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_server_static(void* heap);
WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_static(void* heap);
WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_static(void* heap);
#endif
#endif /* WOLFSSL_STATIC_MEMORY */
#ifdef HAVE_POLY1305
WOLFSSL_API int wolfSSL_use_old_poly(WOLFSSL*, int);
#endif
@@ -237,6 +258,19 @@ WOLFSSL_API int wolfSSL_dtls_export(WOLFSSL* ssl, unsigned char* buf,
#endif /* WOLFSSL_DTLS */
#endif /* WOLFSSL_SESSION_EXPORT */
#ifdef WOLFSSL_STATIC_MEMORY
typedef struct WOLFSSL_MEM_STATS WOLFSSL_MEM_STATS;
typedef struct WOLFSSL_MEM_CONN_STATS WOLFSSL_MEM_CONN_STATS;
WOLFSSL_API int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx,
wolfSSLStaticMethod method,
unsigned char* buf, unsigned int sz,
int flag, int max);
WOLFSSL_API int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx,
WOLFSSL_MEM_STATS* mem_stats);
WOLFSSL_API int wolfSSL_is_static_memory(WOLFSSL* ssl,
WOLFSSL_MEM_CONN_STATS* mem_stats);
#endif
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
WOLFSSL_API int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX*, const char*, int);
@@ -1284,6 +1318,7 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
#ifndef NO_CERTS
WOLFSSL_API void wolfSSL_CTX_SetCACb(WOLFSSL_CTX*, CallbackCACache);
WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap);
WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void);
WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER*);
+24
View File
@@ -1587,6 +1587,30 @@ static INLINE void FreeAtomicUser(WOLFSSL* ssl)
#endif /* ATOMIC_USER */
#ifdef WOLFSSL_STATIC_MEMORY
static INLINE int wolfSSL_PrintStats(WOLFSSL_MEM_STATS* stats)
{
word16 i;
if (stats == NULL) {
return 0;
}
fprintf(stderr, "Total mallocs = %d\n", stats->totalAlloc);
fprintf(stderr, "Total frees = %d\n", stats->totalFr);
fprintf(stderr, "Current mallocs = %d\n", stats->curAlloc);
fprintf(stderr, "Available IO = %d\n", stats->avaIO);
fprintf(stderr, "Max con. handshakes = %d\n", stats->maxHa);
fprintf(stderr, "Max con. IO = %d\n", stats->maxIO);
fprintf(stderr, "State of memory blocks: size : available \n");
for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) {
fprintf(stderr, " : %d\t : %d\n", stats->blockSz[i],
stats->avaBlock[i]);
}
return 1;
}
#endif /* WOLFSSL_STATIC_MEMORY */
#ifdef HAVE_PK_CALLBACKS
+2
View File
@@ -119,6 +119,7 @@ typedef struct Aes {
#ifdef WOLFSSL_TI_CRYPT
int keylen ;
#endif
void* heap; /* memory hint to use */
} Aes;
@@ -129,6 +130,7 @@ typedef struct Gmac {
#endif /* HAVE_AESGCM */
#endif /* HAVE_FIPS */
WOLFSSL_API int wc_InitAes_h(Aes* aes, void* h);
WOLFSSL_API int wc_AesSetKey(Aes* aes, const byte* key, word32 len,
const byte* iv, int dir);
WOLFSSL_API int wc_AesSetIV(Aes* aes, const byte* iv);
+2
View File
@@ -763,6 +763,7 @@ struct OcspRequest {
byte nonce[MAX_OCSP_NONCE_SZ];
int nonceSz;
void* heap;
};
@@ -808,6 +809,7 @@ struct DecodedCRL {
byte nextDateFormat; /* format of next date */
RevokedCert* certs; /* revoked cert list */
int totalCerts; /* number on list */
void* heap;
};
WOLFSSL_LOCAL void InitDecodedCRL(DecodedCRL*);
+1
View File
@@ -153,6 +153,7 @@ typedef struct Cert {
#ifdef WOLFSSL_CERT_REQ
char challengePw[CTC_NAME_SIZE];
#endif
void* heap; /* heap hint */
} Cert;
#endif /* WOLFSSL_CERT_GEN */
+3 -1
View File
@@ -52,10 +52,12 @@ enum {
/* DSA */
typedef struct DsaKey {
mp_int p, q, g, y, x;
int type; /* public or private */
int type; /* public or private */
void* heap; /* memory hint */
} DsaKey;
WOLFSSL_API void wc_InitDsaKey(DsaKey* key);
WOLFSSL_API int wc_InitDsaKey_h(DsaKey* key, void* h);
WOLFSSL_API void wc_FreeDsaKey(DsaKey* key);
WOLFSSL_API int wc_DsaSign(const byte* digest, byte* out,
DsaKey* key, WC_RNG* rng);
+10
View File
@@ -166,6 +166,7 @@ typedef struct {
curves (idx >= 0) or user supplied */
ecc_point pubkey; /* public key */
mp_int k; /* private key */
void* heap; /* heap hint */
} ecc_key;
@@ -208,6 +209,8 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
WOLFSSL_API
int wc_ecc_init(ecc_key* key);
WOLFSSL_API
int wc_ecc_init_h(ecc_key* key, void* heap);
WOLFSSL_API
void wc_ecc_free(ecc_key* key);
WOLFSSL_API
void wc_ecc_fp_free(void);
@@ -215,8 +218,12 @@ void wc_ecc_fp_free(void);
WOLFSSL_API
ecc_point* wc_ecc_new_point(void);
WOLFSSL_API
ecc_point* wc_ecc_new_point_h(void* h);
WOLFSSL_API
void wc_ecc_del_point(ecc_point* p);
WOLFSSL_API
void wc_ecc_del_point_h(ecc_point* p, void* h);
WOLFSSL_API
int wc_ecc_copy_point(ecc_point* p, ecc_point *r);
WOLFSSL_API
int wc_ecc_cmp_point(ecc_point* a, ecc_point *b);
@@ -228,6 +235,9 @@ WOLFSSL_API
int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
mp_int* modulus, int map);
WOLFSSL_API
int wc_ecc_mulmod_h(mp_int* k, ecc_point *G, ecc_point *R,
mp_int* modulus, int map, void* heap);
#ifdef HAVE_ECC_KEY_EXPORT
/* ASN key helpers */
WOLFSSL_API
+4
View File
@@ -43,12 +43,16 @@ typedef struct HC128 {
word32 counter1024; /* counter1024 = i mod 1024 at the ith step */
word32 key[8];
word32 iv[8];
#ifdef XSTREAM_ALIGN
void* heap; /* heap hint, currently XMALLOC only used with aligning */
#endif
} HC128;
WOLFSSL_API int wc_Hc128_Process(HC128*, byte*, const byte*, word32);
WOLFSSL_API int wc_Hc128_SetKey(HC128*, const byte* key, const byte* iv);
WOLFSSL_LOCAL int wc_Hc128_SetHeap(HC128* ctx, void* heap);
#ifdef __cplusplus
} /* extern "C" */
+8 -7
View File
@@ -144,17 +144,18 @@ typedef struct Hmac {
word32 ipad[HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/
word32 opad[HMAC_BLOCK_SIZE / sizeof(word32)];
word32 innerHash[MAX_DIGEST_SIZE / sizeof(word32)];
byte macType; /* md5 sha or sha256 */
byte innerHashKeyed; /* keyed flag */
#ifdef HAVE_CAVIUM
word64 contextHandle; /* nitrox context memory handle */
HashType type; /* hmac key type */
word32 magic; /* using cavium magic */
int devId; /* nitrox device id */
void* heap /* heap hint , currently only used with cavium */
byte* data; /* buffered input data for one call */
word16 keyLen; /* hmac key length */
word16 dataLen;
HashType type; /* hmac key type */
int devId; /* nitrox device id */
word32 magic; /* using cavium magic */
word64 contextHandle; /* nitrox context memory handle */
byte* data; /* buffered input data for one call */
#endif
byte macType; /* md5 sha or sha256 */
byte innerHashKeyed; /* keyed flag */
} Hmac;
#endif /* HAVE_FIPS */
+1 -1
View File
@@ -58,7 +58,7 @@
#ifndef WOLFSSL_MEM_TRACK_H
#define WOLFSSL_MEM_TRACK_H
#ifdef USE_WOLFSSL_MEMORY
#if defined(USE_WOLFSSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY)
#include "wolfssl/wolfcrypt/logging.h"
+81 -10
View File
@@ -42,15 +42,26 @@
WOLFSSL_API void* wolfSSL_Malloc(size_t size, const char* func, unsigned int line);
WOLFSSL_API void wolfSSL_Free(void *ptr, const char* func, unsigned int line);
WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size, const char* func, unsigned int line);
#else
#if defined(WOLFSSL_STATIC_MEMORY)
typedef void *(*wolfSSL_Malloc_cb)(size_t size, void* heap, int type);
typedef void (*wolfSSL_Free_cb)(void *ptr, void* heap, int type);
typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size,
void* heap, int type);
WOLFSSL_API void* wolfSSL_Malloc(size_t size, void* heap, int type);
WOLFSSL_API void wolfSSL_Free(void *ptr, void* heap, int type);
WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size,
void* heap, int type);
#else
typedef void *(*wolfSSL_Malloc_cb)(size_t size);
typedef void (*wolfSSL_Free_cb)(void *ptr);
typedef void *(*wolfSSL_Realloc_cb)(void *ptr, size_t size);
/* Public in case user app wants to use XMALLOC/XFREE */
WOLFSSL_API void* wolfSSL_Malloc(size_t size);
WOLFSSL_API void wolfSSL_Free(void *ptr);
WOLFSSL_API void* wolfSSL_Realloc(void *ptr, size_t size);
#endif
#endif
/* Public set function */
@@ -60,16 +71,76 @@ WOLFSSL_API int wolfSSL_SetAllocators(wolfSSL_Malloc_cb malloc_function,
#ifdef WOLFSSL_STATIC_MEMORY
#define WOLFSSL_STATIC_TIMEOUT 1
#define WC_STATIC_ALIGN 64
#define WOLFSSL_STATIC_ALIGN 64
#define WOLFMEM_MAX_BUCKETS 9
#define WOLFMEM_DEF_BUCKETS 9 /* number of default memory blocks */
#define WOLFMEM_IO_SZ 17000
WOLFSSL_API int wolfSSL_load_static_memory(byte* buffer, word32 sz);
WOLFSSL_API int wolfSSL_unload_static_memory(byte* buffer, word32 sz,
word32* amt);
WOLFSSL_API int wolfSSL_use_static_memory(byte flag);
WOLFSSL_API word32 wolfSSL_static_memory_inUse(void);
WOLFSSL_LOCAL void* wolfSSL_Malloc_Static(size_t size);
WOLFSSL_LOCAL void wolfSSL_Free_Static(void *ptr);
WOLFSSL_LOCAL void* wolfSSL_Realloc_Static(void *ptr, size_t size);
/* flags for loading static memory (one hot bit) */
#define WOLFMEM_GENERAL 0x01
#define WOLFMEM_IO_POOL 0x02
#define WOLFMEM_IO_POOL_FIXED 0x04
#define WOLFMEM_TRACK_STATS 0x08
typedef struct WOLFSSL_MEM_CONN_STATS {
word32 peakMem; /* peak memory usage */
word32 curMem; /* current memory usage */
word32 peakAlloc; /* peak memory allocations */
word32 curAlloc; /* current memory allocations */
word32 totalAlloc;/* total memory allocations for lifetime */
word32 totalFr; /* total frees for lifetime */
} WOLFSSL_MEM_CONN_STATS;
typedef struct WOLFSSL_MEM_STATS {
word32 curAlloc; /* current memory allocations */
word32 totalAlloc;/* total memory allocations for lifetime */
word32 totalFr; /* total frees for lifetime */
word32 totalUse; /* total amount of memory used in blocks */
word32 avaIO; /* available IO specific pools */
word32 maxHa; /* max number of concurent handshakes allowed */
word32 maxIO; /* max number of concurent IO connections allowed */
word32 blockSz[WOLFMEM_MAX_BUCKETS]; /* block sizes in stacks */
word32 avaBlock[WOLFMEM_MAX_BUCKETS];/* ava block sizes */
word32 usedBlock[WOLFMEM_MAX_BUCKETS];
int flag; /* flag used */
} WOLFSSL_MEM_STATS;
typedef struct wc_Memory wc_Memory; /* internal structure for mem bucket */
typedef struct WOLFSSL_HEAP {
wc_Memory* ava[WOLFMEM_MAX_BUCKETS];
wc_Memory* io; /* list of buffers to use for IO */
word32 maxHa; /* max concurent handshakes */
word32 curHa;
word32 maxIO; /* max concurrent IO connections */
word32 curIO;
word32 sizeList[WOLFMEM_MAX_BUCKETS];/* memory sizes in ava list */
word32 distList[WOLFMEM_MAX_BUCKETS];/* general distribution */
word32 inUse; /* amount of memory currently in use */
word32 ioUse;
word32 alloc; /* total number of allocs */
word32 frAlc; /* total number of frees */
int flag;
wolfSSL_Mutex memory_mutex;
} WOLFSSL_HEAP;
/* structure passed into XMALLOC as heap hint
* having this abstraction allows tracking statistics of individual ssl's
*/
typedef struct WOLFSSL_HEAP_HINT {
WOLFSSL_HEAP* memory;
WOLFSSL_MEM_CONN_STATS* stats; /* hold individual connection stats */
wc_Memory* outBuf; /* set if using fixed io buffers */
wc_Memory* inBuf;
} WOLFSSL_HEAP_HINT;
WOLFSSL_LOCAL int wolfSSL_load_static_memory(byte* buffer, word32 sz,
int flag, WOLFSSL_HEAP* heap);
WOLFSSL_LOCAL int wolfSSL_GetMemStats(WOLFSSL_HEAP* heap,
WOLFSSL_MEM_STATS* stats);
WOLFSSL_LOCAL int SetFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io);
WOLFSSL_LOCAL int FreeFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io);
#endif /* WOLFSSL_STATIC_MEMORY */
#ifdef __cplusplus
+4 -2
View File
@@ -79,6 +79,7 @@ typedef struct PKCS7 {
int hashOID;
int encryptOID; /* key encryption algorithm OID */
void* heap; /* heap hint for dynamic memory */
byte* singleCert; /* recipient cert, DER, not owner */
word32 singleCertSz; /* size of recipient cert buffer, bytes */
byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */
@@ -96,14 +97,15 @@ typedef struct PKCS7 {
} PKCS7;
WOLFSSL_LOCAL int wc_PKCS7_SetHeap(PKCS7* pkcs7, void* heap);
WOLFSSL_LOCAL int wc_SetContentType(int pkcs7TypeOID, byte* output);
WOLFSSL_LOCAL int wc_GetContentType(const byte* input, word32* inOutIdx,
word32* oid, word32 maxIdx);
WOLFSSL_LOCAL int wc_CreateRecipientInfo(const byte* cert, word32 certSz,
int keyEncAlgo, int blockKeySz,
WC_RNG* rng, byte* contentKeyPlain,
byte* contentKeyEnc,
int* keyEncSz, byte* out, word32 outSz);
byte* contentKeyEnc, int* keyEncSz,
byte* out, word32 outSz, void* heap);
WOLFSSL_API int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz);
WOLFSSL_API void wc_PKCS7_Free(PKCS7* pkcs7);
+3
View File
@@ -50,6 +50,9 @@ WOLFSSL_API int wc_PBKDF2(byte* output, const byte* passwd, int pLen,
WOLFSSL_API int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int pLen,
const byte* salt, int sLen, int iterations,
int kLen, int typeH, int purpose);
WOLFSSL_API int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd,int passLen,
const byte* salt, int saltLen, int iterations, int kLen,
int hashType, int id, void* heap);
/* helper functions */
WOLFSSL_LOCAL int GetDigestSize(int typeH);
+4
View File
@@ -49,12 +49,16 @@ typedef struct RabbitCtx {
typedef struct Rabbit {
RabbitCtx masterCtx;
RabbitCtx workCtx;
#ifdef XSTREAM_ALIGN
void* heap; /* heap hint, currently XMALLOC only used with aligning */
#endif
} Rabbit;
WOLFSSL_API int wc_RabbitProcess(Rabbit*, byte*, const byte*, word32);
WOLFSSL_API int wc_RabbitSetKey(Rabbit*, const byte* key, const byte* iv);
WOLFSSL_LOCAL int wc_Rabbit_SetHeap(Rabbit* ctx, void* heap);
#ifdef __cplusplus
} /* extern "C" */
+2
View File
@@ -88,6 +88,7 @@ struct DRBG; /* Private DRBG state */
typedef struct WC_RNG {
struct DRBG* drbg;
OS_Seed seed;
void* heap;
byte status;
} WC_RNG;
@@ -141,6 +142,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz);
WOLFSSL_API int wc_InitRng(WC_RNG*);
WOLFSSL_API int wc_InitRng_ex(WC_RNG* rng, void* heap);
WOLFSSL_API int wc_RNG_GenerateBlock(WC_RNG*, byte*, word32 sz);
WOLFSSL_API int wc_RNG_GenerateByte(WC_RNG*, byte*);
WOLFSSL_API int wc_FreeRng(WC_RNG*);
+12
View File
@@ -1244,6 +1244,18 @@ static char *fgets(char *buff, int sz, FILE *fp)
#endif
#endif /* WOLFSSL_LEANTLS*/
/* restriction with static memory */
#ifdef WOLFSSL_STATIC_MEMORY
#ifndef USE_FAST_MATH
#error static memory requires fast math please define USE_FAST_MATH
#endif
#ifdef WOLFSSL_SMALL_STACK
#error static memory does not support small stack please undefine
#endif
#ifndef TFM_TIMING_RESISTANT
#error please define TFM_TIMING_RESISTANT with use of static memory
#endif
#endif /* WOLFSSL_STATIC_MEMORY */
/* Place any other flags or defines here */
+1
View File
@@ -114,6 +114,7 @@ typedef struct Srp {
/**< The default function used by this implementation is a modified */
/**< version of t_mgf1 that uses the proper hash function according */
/**< to srp->type. */
void* heap; /**< heap hint pointer */
} Srp;
/**
+7 -2
View File
@@ -195,10 +195,14 @@
&& !defined(WOLFSSL_uITRON4) && !defined(WOLFSSL_uTKERNEL2)
/* default C runtime, can install different routines at runtime via cbs */
#include <wolfssl/wolfcrypt/memory.h>
#ifdef WOLFSSL_DEBUG_MEMORY
#if defined(WOLFSSL_DEBUG_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY)
#define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s), __func__, __LINE__))
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), __func__, __LINE__);}
#define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), __func__, __LINE__)
#elif defined(WOLFSSL_STATIC_MEMORY)
#define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t))
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t));}
#define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t))
#else
#define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s)))
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp));}
@@ -330,7 +334,8 @@
DYNAMIC_TYPE_URL = 54,
DYNAMIC_TYPE_DTLS_FRAG = 55,
DYNAMIC_TYPE_DTLS_BUFFER = 56,
DYNAMIC_TYPE_SESSION_TICK = 57
DYNAMIC_TYPE_SESSION_TICK = 57,
DYNAMIC_TYPE_PKCS = 58
};
/* max error buffer string size */