mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-09 08:20:51 +02:00
Merge pull request #967 from dgarske/fix_qat
Fixes and Improvements for Intel QuickAssist
This commit is contained in:
@@ -128,11 +128,12 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
|
||||
static void FreeCRL_Entry(CRL_Entry* crle, void* heap)
|
||||
{
|
||||
RevokedCert* tmp = crle->certs;
|
||||
RevokedCert* next;
|
||||
|
||||
WOLFSSL_ENTER("FreeCRL_Entry");
|
||||
|
||||
while(tmp) {
|
||||
RevokedCert* next = tmp->next;
|
||||
while (tmp) {
|
||||
next = tmp->next;
|
||||
XFREE(tmp, heap, DYNAMIC_TYPE_REVOKED);
|
||||
tmp = next;
|
||||
}
|
||||
|
||||
+138
-138
@@ -216,14 +216,14 @@ static int QSH_FreeAll(WOLFSSL* ssl)
|
||||
preKey = key;
|
||||
if (key->pri.buffer) {
|
||||
ForceZero(key->pri.buffer, key->pri.length);
|
||||
XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
|
||||
}
|
||||
if (key->pub.buffer)
|
||||
XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
key = (QSHKey*)key->next;
|
||||
|
||||
/* free struct */
|
||||
XFREE(preKey, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(preKey, ssl->heap, DYNAMIC_TYPE_QSH);
|
||||
}
|
||||
key = NULL;
|
||||
|
||||
@@ -234,14 +234,14 @@ static int QSH_FreeAll(WOLFSSL* ssl)
|
||||
preKey = key;
|
||||
if (key->pri.buffer) {
|
||||
ForceZero(key->pri.buffer, key->pri.length);
|
||||
XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
|
||||
}
|
||||
if (key->pub.buffer)
|
||||
XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
key = (QSHKey*)key->next;
|
||||
|
||||
/* free struct */
|
||||
XFREE(preKey, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(preKey, ssl->heap, DYNAMIC_TYPE_QSH);
|
||||
}
|
||||
key = NULL;
|
||||
|
||||
@@ -253,9 +253,9 @@ static int QSH_FreeAll(WOLFSSL* ssl)
|
||||
while (list) {
|
||||
preList = list;
|
||||
if (list->PK)
|
||||
XFREE(list->PK, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(list->PK, ssl->heap, DYNAMIC_TYPE_SECRET);
|
||||
list = (QSHScheme*)list->next;
|
||||
XFREE(preList, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(preList, ssl->heap, DYNAMIC_TYPE_QSH);
|
||||
}
|
||||
|
||||
/* free secret buffers */
|
||||
@@ -263,20 +263,20 @@ static int QSH_FreeAll(WOLFSSL* ssl)
|
||||
if (secret->SerSi->buffer) {
|
||||
/* clear extra secret material that supplemented Master Secret*/
|
||||
ForceZero(secret->SerSi->buffer, secret->SerSi->length);
|
||||
XFREE(secret->SerSi->buffer, ssl->heap,DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(secret->SerSi->buffer, ssl->heap, DYNAMIC_TYPE_SECRET);
|
||||
}
|
||||
XFREE(secret->SerSi, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(secret->SerSi, ssl->heap, DYNAMIC_TYPE_SECRET);
|
||||
}
|
||||
if (secret->CliSi) {
|
||||
if (secret->CliSi->buffer) {
|
||||
/* clear extra secret material that supplemented Master Secret*/
|
||||
ForceZero(secret->CliSi->buffer, secret->CliSi->length);
|
||||
XFREE(secret->CliSi->buffer, ssl->heap,DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(secret->CliSi->buffer, ssl->heap, DYNAMIC_TYPE_SECRET);
|
||||
}
|
||||
XFREE(secret->CliSi, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(secret->CliSi, ssl->heap, DYNAMIC_TYPE_SECRET);
|
||||
}
|
||||
}
|
||||
XFREE(secret, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(secret, ssl->heap, DYNAMIC_TYPE_QSH);
|
||||
secret = NULL;
|
||||
|
||||
return 0;
|
||||
@@ -294,14 +294,14 @@ static word32 GetEntropy(unsigned char* out, word32 num_bytes)
|
||||
|
||||
if (rng == NULL) {
|
||||
if ((rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), 0,
|
||||
DYNAMIC_TYPE_TLSX)) == NULL)
|
||||
DYNAMIC_TYPE_RNG)) == NULL)
|
||||
return DRBG_OUT_OF_MEMORY;
|
||||
wc_InitRng(rng);
|
||||
}
|
||||
|
||||
if (rngMutex == NULL) {
|
||||
if ((rngMutex = (wolfSSL_Mutex*)XMALLOC(sizeof(wolfSSL_Mutex), 0,
|
||||
DYNAMIC_TYPE_TLSX)) == NULL)
|
||||
DYNAMIC_TYPE_MUTEX)) == NULL)
|
||||
return DRBG_OUT_OF_MEMORY;
|
||||
wc_InitMutex(rngMutex);
|
||||
}
|
||||
@@ -1455,8 +1455,8 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
|
||||
XFREE(ctx->suites, ctx->heap, DYNAMIC_TYPE_SUITES);
|
||||
|
||||
#ifndef NO_DH
|
||||
XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH_BUFFER);
|
||||
XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH_BUFFER);
|
||||
XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
#endif /* !NO_DH */
|
||||
|
||||
#ifdef SINGLE_THREADED
|
||||
@@ -1634,10 +1634,10 @@ void FreeCiphers(WOLFSSL* ssl)
|
||||
wc_AesFree(ssl->encrypt.aes);
|
||||
wc_AesFree(ssl->decrypt.aes);
|
||||
#if defined(BUILD_AESGCM) || defined(HAVE_AESCCM)
|
||||
XFREE(ssl->decrypt.additional, ssl->heap, DYNAMIC_TYPE_AES);
|
||||
XFREE(ssl->decrypt.nonce, ssl->heap, DYNAMIC_TYPE_AES);
|
||||
XFREE(ssl->encrypt.additional, ssl->heap, DYNAMIC_TYPE_AES);
|
||||
XFREE(ssl->encrypt.nonce, ssl->heap, DYNAMIC_TYPE_AES);
|
||||
XFREE(ssl->decrypt.additional, ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
|
||||
XFREE(ssl->decrypt.nonce, ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
|
||||
XFREE(ssl->encrypt.additional, ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
|
||||
XFREE(ssl->encrypt.nonce, ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
|
||||
#endif
|
||||
XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
|
||||
XFREE(ssl->decrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
|
||||
@@ -4177,7 +4177,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
|
||||
}
|
||||
XMEMSET(ssl->arrays, 0, sizeof(Arrays));
|
||||
ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_SECRET);
|
||||
if (ssl->arrays->preMasterSecret == NULL) {
|
||||
return MEMORY_E;
|
||||
}
|
||||
@@ -4269,7 +4269,7 @@ void FreeArrays(WOLFSSL* ssl, int keep)
|
||||
ssl->session.sessionIDSz = ssl->arrays->sessionIDSz;
|
||||
}
|
||||
if (ssl->arrays->preMasterSecret) {
|
||||
XFREE(ssl->arrays->preMasterSecret, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(ssl->arrays->preMasterSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
|
||||
ssl->arrays->preMasterSecret = NULL;
|
||||
}
|
||||
XFREE(ssl->arrays->pendingMsg, ssl->heap, DYNAMIC_TYPE_ARRAYS);
|
||||
@@ -4464,14 +4464,14 @@ void FreeKeyExchange(WOLFSSL* ssl)
|
||||
{
|
||||
/* Cleanup signature buffer */
|
||||
if (ssl->buffers.sig.buffer) {
|
||||
XFREE(ssl->buffers.sig.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(ssl->buffers.sig.buffer, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
ssl->buffers.sig.buffer = NULL;
|
||||
ssl->buffers.sig.length = 0;
|
||||
}
|
||||
|
||||
/* Cleanup digest buffer */
|
||||
if (ssl->buffers.digest.buffer) {
|
||||
XFREE(ssl->buffers.digest.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(ssl->buffers.digest.buffer, ssl->heap, DYNAMIC_TYPE_DIGEST);
|
||||
ssl->buffers.digest.buffer = NULL;
|
||||
ssl->buffers.digest.length = 0;
|
||||
}
|
||||
@@ -4521,12 +4521,12 @@ void SSL_ResourceFree(WOLFSSL* ssl)
|
||||
ForceZero(ssl->buffers.serverDH_Priv.buffer,
|
||||
ssl->buffers.serverDH_Priv.length);
|
||||
}
|
||||
XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
|
||||
XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
|
||||
XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
|
||||
XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
/* parameters (p,g) may be owned by ctx */
|
||||
if (ssl->buffers.weOwnDH || ssl->options.side == WOLFSSL_CLIENT_END) {
|
||||
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
|
||||
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
|
||||
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
}
|
||||
#endif /* !NO_DH */
|
||||
#ifndef NO_CERTS
|
||||
@@ -4601,7 +4601,7 @@ void SSL_ResourceFree(WOLFSSL* ssl)
|
||||
|
||||
#ifdef HAVE_ALPN
|
||||
if (ssl->alpn_client_list != NULL) {
|
||||
XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_ALPN);
|
||||
ssl->alpn_client_list = NULL;
|
||||
}
|
||||
#endif
|
||||
@@ -4755,15 +4755,15 @@ void FreeHandshakeResources(WOLFSSL* ssl)
|
||||
ForceZero(ssl->buffers.serverDH_Priv.buffer,
|
||||
ssl->buffers.serverDH_Priv.length);
|
||||
}
|
||||
XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
|
||||
XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
|
||||
ssl->buffers.serverDH_Priv.buffer = NULL;
|
||||
XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
|
||||
XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
ssl->buffers.serverDH_Pub.buffer = NULL;
|
||||
/* parameters (p,g) may be owned by ctx */
|
||||
if (ssl->buffers.weOwnDH || ssl->options.side == WOLFSSL_CLIENT_END) {
|
||||
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
|
||||
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
ssl->buffers.serverDH_G.buffer = NULL;
|
||||
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
|
||||
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
ssl->buffers.serverDH_P.buffer = NULL;
|
||||
}
|
||||
#endif /* !NO_DH */
|
||||
@@ -6357,7 +6357,7 @@ static int BuildMD5(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
|
||||
int ret;
|
||||
byte md5_result[MD5_DIGEST_SIZE];
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), ssl->heap, DYNAMIC_TYPE_HASHCTX);
|
||||
if (md5 == NULL)
|
||||
return MEMORY_E;
|
||||
#else
|
||||
@@ -6391,7 +6391,7 @@ static int BuildMD5(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(md5, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(md5, ssl->heap, DYNAMIC_TYPE_HASHCTX);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
@@ -6404,7 +6404,7 @@ static int BuildSHA(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
|
||||
int ret;
|
||||
byte sha_result[SHA_DIGEST_SIZE];
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
Sha* sha = (Sha*)XMALLOC(sizeof(Sha), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
Sha* sha = (Sha*)XMALLOC(sizeof(Sha), ssl->heap, DYNAMIC_TYPE_HASHCTX);
|
||||
if (sha == NULL)
|
||||
return MEMORY_E;
|
||||
#else
|
||||
@@ -6437,7 +6437,7 @@ static int BuildSHA(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(sha, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(sha, ssl->heap, DYNAMIC_TYPE_HASHCTX);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
@@ -6461,8 +6461,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
|
||||
|
||||
#ifdef WOLFSSL_SHA384
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
sha384 = (Sha384*)XMALLOC(sizeof(Sha384), ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
sha384 = (Sha384*)XMALLOC(sizeof(Sha384), ssl->heap, DYNAMIC_TYPE_HASHCTX);
|
||||
if (sha384 == NULL)
|
||||
return MEMORY_E;
|
||||
#endif /* WOLFSSL_SMALL_STACK */
|
||||
@@ -6496,7 +6495,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
|
||||
|
||||
#ifdef WOLFSSL_SHA384
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(sha384, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(sha384, ssl->heap, DYNAMIC_TYPE_HASHCTX);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
@@ -7450,16 +7449,16 @@ static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs)
|
||||
(void)ssl;
|
||||
|
||||
if (args->domain) {
|
||||
XFREE(args->domain, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(args->domain, ssl->heap, DYNAMIC_TYPE_STRING);
|
||||
args->domain = NULL;
|
||||
}
|
||||
if (args->certs) {
|
||||
XFREE(args->certs, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(args->certs, ssl->heap, DYNAMIC_TYPE_DER);
|
||||
args->certs = NULL;
|
||||
}
|
||||
#ifdef WOLFSSL_TLS13
|
||||
if (args->exts) {
|
||||
XFREE(args->exts, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(args->exts, ssl->heap, DYNAMIC_TYPE_CERT_EXT);
|
||||
args->exts = NULL;
|
||||
}
|
||||
#endif
|
||||
@@ -7468,7 +7467,7 @@ static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs)
|
||||
FreeDecodedCert(args->dCert);
|
||||
args->dCertInit = 0;
|
||||
}
|
||||
XFREE(args->dCert, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(args->dCert, ssl->heap, DYNAMIC_TYPE_DCERT);
|
||||
args->dCert = NULL;
|
||||
}
|
||||
}
|
||||
@@ -7579,7 +7578,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz
|
||||
|
||||
/* allocate buffer for cert extensions */
|
||||
args->exts = (buffer*)XMALLOC(sizeof(buffer) * MAX_CHAIN_DEPTH,
|
||||
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
ssl->heap, DYNAMIC_TYPE_CERT_EXT);
|
||||
if (args->exts == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_ppc);
|
||||
}
|
||||
@@ -7588,7 +7587,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz
|
||||
|
||||
/* allocate buffer for certs */
|
||||
args->certs = (buffer*)XMALLOC(sizeof(buffer) * MAX_CHAIN_DEPTH,
|
||||
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
ssl->heap, DYNAMIC_TYPE_DER);
|
||||
if (args->certs == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_ppc);
|
||||
}
|
||||
@@ -7680,7 +7679,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz
|
||||
|
||||
args->dCertInit = 0;
|
||||
args->dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_DCERT);
|
||||
if (args->dCert == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_ppc);
|
||||
}
|
||||
@@ -8159,7 +8158,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz
|
||||
{
|
||||
if (args->count > 0) {
|
||||
args->domain = (char*)XMALLOC(ASN_NAME_MAX, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_STRING);
|
||||
if (args->domain == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_ppc);
|
||||
}
|
||||
@@ -8369,7 +8368,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz
|
||||
|
||||
/* release since we don't need it anymore */
|
||||
if (args->dCert) {
|
||||
XFREE(args->dCert, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(args->dCert, ssl->heap, DYNAMIC_TYPE_DCERT);
|
||||
args->dCert = NULL;
|
||||
}
|
||||
} /* if (count > 0) */
|
||||
@@ -8389,7 +8388,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
WOLFSSL_X509_STORE_CTX* store = (WOLFSSL_X509_STORE_CTX*)XMALLOC(
|
||||
sizeof(WOLFSSL_X509_STORE_CTX), ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_X509_STORE);
|
||||
if (store == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_ppc);
|
||||
}
|
||||
@@ -8507,7 +8506,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(store, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(store, ssl->heap, DYNAMIC_TYPE_X509_STORE);
|
||||
#endif
|
||||
/* Advance state and proceed */
|
||||
ssl->options.asyncState = TLS_ASYNC_END;
|
||||
@@ -8613,15 +8612,15 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
status = (CertStatus*)XMALLOC(sizeof(CertStatus), ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_OCSP_STATUS);
|
||||
response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
|
||||
if (status == NULL || response == NULL) {
|
||||
if (status)
|
||||
XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(status, NULL, DYNAMIC_TYPE_OCSP_STATUS);
|
||||
if (response)
|
||||
XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(response, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
|
||||
return MEMORY_ERROR;
|
||||
}
|
||||
@@ -8643,8 +8642,8 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
*inOutIdx += status_length;
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(status, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(response, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
|
||||
XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
#endif
|
||||
|
||||
}
|
||||
@@ -8678,15 +8677,15 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
status = (CertStatus*)XMALLOC(sizeof(CertStatus), ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_OCSP_STATUS);
|
||||
response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
|
||||
if (status == NULL || response == NULL) {
|
||||
if (status)
|
||||
XFREE(status, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
|
||||
if (response)
|
||||
XFREE(response, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
|
||||
return MEMORY_ERROR;
|
||||
}
|
||||
@@ -8739,8 +8738,8 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(status, NULL, DYNAMIC_TYPE_OCSP_STATUS);
|
||||
XFREE(response, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
#endif
|
||||
|
||||
}
|
||||
@@ -10283,10 +10282,10 @@ static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz,
|
||||
/* make sure auth iv and auth are allocated */
|
||||
if (ssl->encrypt.additional == NULL)
|
||||
ssl->encrypt.additional = (byte*)XMALLOC(AEAD_AUTH_DATA_SZ,
|
||||
ssl->heap, DYNAMIC_TYPE_AES);
|
||||
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
|
||||
if (ssl->encrypt.nonce == NULL)
|
||||
ssl->encrypt.nonce = (byte*)XMALLOC(AESGCM_NONCE_SZ,
|
||||
ssl->heap, DYNAMIC_TYPE_AES);
|
||||
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
|
||||
if (ssl->encrypt.additional == NULL ||
|
||||
ssl->encrypt.nonce == NULL) {
|
||||
return MEMORY_E;
|
||||
@@ -10519,10 +10518,10 @@ static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input,
|
||||
/* make sure auth iv and auth are allocated */
|
||||
if (ssl->decrypt.additional == NULL)
|
||||
ssl->decrypt.additional = (byte*)XMALLOC(AEAD_AUTH_DATA_SZ,
|
||||
ssl->heap, DYNAMIC_TYPE_AES);
|
||||
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
|
||||
if (ssl->decrypt.nonce == NULL)
|
||||
ssl->decrypt.nonce = (byte*)XMALLOC(AESGCM_NONCE_SZ,
|
||||
ssl->heap, DYNAMIC_TYPE_AES);
|
||||
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
|
||||
if (ssl->decrypt.additional == NULL ||
|
||||
ssl->decrypt.nonce == NULL) {
|
||||
return MEMORY_E;
|
||||
@@ -11839,7 +11838,7 @@ static int BuildMD5_CertVerify(WOLFSSL* ssl, byte* digest)
|
||||
int ret;
|
||||
byte md5_result[MD5_DIGEST_SIZE];
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), ssl->heap, DYNAMIC_TYPE_HASHCTX);
|
||||
#else
|
||||
Md5 md5[1];
|
||||
#endif
|
||||
@@ -11869,7 +11868,7 @@ static int BuildMD5_CertVerify(WOLFSSL* ssl, byte* digest)
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(md5, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(md5, ssl->heap, DYNAMIC_TYPE_HASHCTX);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
@@ -11883,7 +11882,7 @@ static int BuildSHA_CertVerify(WOLFSSL* ssl, byte* digest)
|
||||
int ret;
|
||||
byte sha_result[SHA_DIGEST_SIZE];
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
Sha* sha = (Sha*)XMALLOC(sizeof(Sha), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
Sha* sha = (Sha*)XMALLOC(sizeof(Sha), ssl->heap, DYNAMIC_TYPE_HASHCTX);
|
||||
#else
|
||||
Sha sha[1];
|
||||
#endif
|
||||
@@ -11913,7 +11912,7 @@ static int BuildSHA_CertVerify(WOLFSSL* ssl, byte* digest)
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(sha, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(sha, ssl->heap, DYNAMIC_TYPE_HASHCTX);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
@@ -12192,7 +12191,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
hmac = (byte*)XMALLOC(MAX_DIGEST_SIZE, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_DIGEST);
|
||||
if (hmac == NULL)
|
||||
ERROR_OUT(MEMORY_E, exit_buildmsg);
|
||||
#endif
|
||||
@@ -12202,7 +12201,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
|
||||
XMEMCPY(output + args->idx, hmac, args->digestSz);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(hmac, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(hmac, ssl->heap, DYNAMIC_TYPE_DIGEST);
|
||||
#endif
|
||||
}
|
||||
else
|
||||
@@ -12540,7 +12539,7 @@ int SendCertificate(WOLFSSL* ssl)
|
||||
|
||||
if (inputSz > 0) { /* clang thinks could be zero, let's help */
|
||||
input = (byte*)XMALLOC(inputSz, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_IN_BUFFER);
|
||||
if (input == NULL)
|
||||
return MEMORY_E;
|
||||
XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
|
||||
@@ -12550,7 +12549,7 @@ int SendCertificate(WOLFSSL* ssl)
|
||||
handshake, 1, 0, 0);
|
||||
|
||||
if (inputSz > 0)
|
||||
XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
|
||||
|
||||
if (sendSz < 0)
|
||||
return sendSz;
|
||||
@@ -12744,14 +12743,14 @@ static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status,
|
||||
byte* input;
|
||||
int inputSz = idx - RECORD_HEADER_SZ;
|
||||
|
||||
input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
|
||||
if (input == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
|
||||
sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
|
||||
handshake, 1, 0, 0);
|
||||
XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
|
||||
|
||||
if (sendSz < 0)
|
||||
ret = sendSz;
|
||||
@@ -12839,7 +12838,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_DCERT);
|
||||
if (cert == NULL)
|
||||
return MEMORY_E;
|
||||
#endif
|
||||
@@ -12880,7 +12879,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
|
||||
FreeDecodedCert(cert);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(cert, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT);
|
||||
#endif
|
||||
}
|
||||
|
||||
@@ -12903,7 +12902,8 @@ int SendCertificateStatus(WOLFSSL* ssl)
|
||||
ret = BuildCertificateStatus(ssl, status_type,
|
||||
&response, 1);
|
||||
|
||||
XFREE(response.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(response.buffer, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
response.buffer = NULL;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -12944,7 +12944,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_DCERT);
|
||||
if (cert == NULL)
|
||||
return MEMORY_E;
|
||||
#endif
|
||||
@@ -12985,7 +12985,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
|
||||
FreeDecodedCert(cert);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(cert, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT);
|
||||
#endif
|
||||
}
|
||||
|
||||
@@ -13021,7 +13021,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_TMP_DCERT);
|
||||
if (cert == NULL)
|
||||
return MEMORY_E;
|
||||
#endif
|
||||
@@ -13096,7 +13096,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(cert, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT);
|
||||
#endif
|
||||
}
|
||||
else {
|
||||
@@ -13125,7 +13125,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
|
||||
for (i = 0; i < 1 + MAX_CHAIN_DEPTH; i++)
|
||||
if (responses[i].buffer)
|
||||
XFREE(responses[i].buffer, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
}
|
||||
|
||||
break;
|
||||
@@ -15814,14 +15814,14 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
|
||||
byte* input;
|
||||
int inputSz = idx - RECORD_HEADER_SZ; /* build msg adds rec hdr */
|
||||
|
||||
input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
|
||||
if (input == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
|
||||
sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
|
||||
handshake, 1, 0, 0);
|
||||
XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
|
||||
|
||||
if (sendSz < 0)
|
||||
return sendSz;
|
||||
@@ -16475,7 +16475,7 @@ static void FreeDskeArgs(WOLFSSL* ssl, void* pArgs)
|
||||
|
||||
#if !defined(NO_DH) || defined(HAVE_ECC)
|
||||
if (args->verifySig) {
|
||||
XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
args->verifySig = NULL;
|
||||
}
|
||||
#endif
|
||||
@@ -16581,7 +16581,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
|
||||
}
|
||||
|
||||
ssl->buffers.serverDH_P.buffer =
|
||||
(byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
|
||||
(byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
if (ssl->buffers.serverDH_P.buffer) {
|
||||
ssl->buffers.serverDH_P.length = length;
|
||||
}
|
||||
@@ -16608,7 +16608,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
|
||||
}
|
||||
|
||||
ssl->buffers.serverDH_G.buffer =
|
||||
(byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
|
||||
(byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
if (ssl->buffers.serverDH_G.buffer) {
|
||||
ssl->buffers.serverDH_G.length = length;
|
||||
}
|
||||
@@ -16633,7 +16633,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
|
||||
}
|
||||
|
||||
ssl->buffers.serverDH_Pub.buffer =
|
||||
(byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
|
||||
(byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
if (ssl->buffers.serverDH_Pub.buffer) {
|
||||
ssl->buffers.serverDH_Pub.length = length;
|
||||
}
|
||||
@@ -16772,7 +16772,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
|
||||
}
|
||||
|
||||
ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(length,
|
||||
ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
|
||||
ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
if (ssl->buffers.serverDH_P.buffer) {
|
||||
ssl->buffers.serverDH_P.length = length;
|
||||
}
|
||||
@@ -16799,7 +16799,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
|
||||
}
|
||||
|
||||
ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(length,
|
||||
ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
|
||||
ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
if (ssl->buffers.serverDH_G.buffer) {
|
||||
ssl->buffers.serverDH_G.length = length;
|
||||
}
|
||||
@@ -16824,7 +16824,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
|
||||
}
|
||||
|
||||
ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC(length,
|
||||
ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
|
||||
ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
if (ssl->buffers.serverDH_Pub.buffer) {
|
||||
ssl->buffers.serverDH_Pub.length = length;
|
||||
}
|
||||
@@ -17024,7 +17024,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
|
||||
|
||||
/* buffer for signature */
|
||||
ssl->buffers.sig.buffer = (byte*)XMALLOC(SEED_LEN + verifySz,
|
||||
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
ssl->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
if (ssl->buffers.sig.buffer == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_dske);
|
||||
}
|
||||
@@ -17044,7 +17044,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
|
||||
wc_HashGetDigestSize(hashType);
|
||||
ssl->buffers.digest.buffer = (byte*)XMALLOC(
|
||||
ssl->buffers.digest.length, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_DIGEST);
|
||||
if (ssl->buffers.digest.buffer == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_dske);
|
||||
}
|
||||
@@ -17138,7 +17138,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
|
||||
|
||||
if (args->verifySig == NULL) {
|
||||
args->verifySig = (byte*)XMALLOC(args->verifySigSz,
|
||||
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
ssl->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
if (args->verifySig == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_dske);
|
||||
}
|
||||
@@ -17287,7 +17287,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ,
|
||||
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
ssl->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
if (encodedSig == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_dske);
|
||||
}
|
||||
@@ -17303,7 +17303,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
|
||||
ret = VERIFY_SIGN_ERROR;
|
||||
}
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(encodedSig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(encodedSig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
#endif
|
||||
if (ret != 0) {
|
||||
goto exit_dske;
|
||||
@@ -17524,16 +17524,16 @@ int QSH_Init(WOLFSSL* ssl)
|
||||
|
||||
/* malloc memory for holding generated secret information */
|
||||
if ((ssl->QSH_secret = (QSHSecret*)XMALLOC(sizeof(QSHSecret), ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
|
||||
DYNAMIC_TYPE_QSH)) == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
ssl->QSH_secret->CliSi = (buffer*)XMALLOC(sizeof(buffer), ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_SECRET);
|
||||
if (ssl->QSH_secret->CliSi == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
ssl->QSH_secret->SerSi = (buffer*)XMALLOC(sizeof(buffer), ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_SECRET);
|
||||
if (ssl->QSH_secret->SerSi == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
@@ -17699,7 +17699,7 @@ static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer)
|
||||
buf = ssl->QSH_secret->CliSi;
|
||||
}
|
||||
buf->length = sz;
|
||||
buf->buffer = (byte*)XMALLOC(sz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
buf->buffer = (byte*)XMALLOC(sz, ssl->heap, DYNAMIC_TYPE_SECRET);
|
||||
if (buf->buffer == NULL) {
|
||||
WOLFSSL_ERROR(MEMORY_E);
|
||||
}
|
||||
@@ -17709,7 +17709,7 @@ static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer)
|
||||
current = ssl->peerQSHKey;
|
||||
while (current) {
|
||||
schm = (QSHScheme*)XMALLOC(sizeof(QSHScheme), ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_QSH);
|
||||
if (schm == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
@@ -17729,7 +17729,7 @@ static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer)
|
||||
tmpSz = QSH_MaxSecret(current);
|
||||
|
||||
if ((schm->PK = (byte*)XMALLOC(tmpSz, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
|
||||
DYNAMIC_TYPE_SECRET)) == NULL)
|
||||
return -1;
|
||||
|
||||
/* store info for writing extension */
|
||||
@@ -17819,11 +17819,11 @@ static void FreeSckeArgs(WOLFSSL* ssl, void* pArgs)
|
||||
(void)ssl;
|
||||
|
||||
if (args->encSecret) {
|
||||
XFREE(args->encSecret, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(args->encSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
|
||||
args->encSecret = NULL;
|
||||
}
|
||||
if (args->input) {
|
||||
XFREE(args->input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
|
||||
args->input = NULL;
|
||||
}
|
||||
}
|
||||
@@ -18060,7 +18060,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
|
||||
{
|
||||
args->encSz = MAX_ENCRYPT_SZ;
|
||||
args->encSecret = (byte*)XMALLOC(args->encSz, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_SECRET);
|
||||
if (args->encSecret == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_scke);
|
||||
}
|
||||
@@ -18087,7 +18087,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
|
||||
{
|
||||
ssl->buffers.sig.length = ENCRYPT_LEN;
|
||||
ssl->buffers.sig.buffer = (byte*)XMALLOC(ENCRYPT_LEN,
|
||||
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
ssl->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
if (ssl->buffers.sig.buffer == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_scke);
|
||||
}
|
||||
@@ -18171,7 +18171,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
|
||||
|
||||
ssl->buffers.sig.length = ENCRYPT_LEN;
|
||||
ssl->buffers.sig.buffer = (byte*)XMALLOC(ENCRYPT_LEN,
|
||||
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
ssl->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
if (ssl->buffers.sig.buffer == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_scke);
|
||||
}
|
||||
@@ -18716,7 +18716,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
|
||||
if (IsEncryptionOn(ssl, 1)) {
|
||||
args->inputSz = idx - RECORD_HEADER_SZ; /* buildmsg adds rechdr */
|
||||
args->input = (byte*)XMALLOC(args->inputSz, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_IN_BUFFER);
|
||||
if (args->input == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_scke);
|
||||
}
|
||||
@@ -18735,7 +18735,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
|
||||
if (IsEncryptionOn(ssl, 1)) {
|
||||
ret = BuildMessage(ssl, args->output, args->sendSz,
|
||||
args->input, args->inputSz, handshake, 1, 0, 0);
|
||||
XFREE(args->input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
|
||||
args->input = NULL; /* make sure its not double free'd on cleanup */
|
||||
|
||||
if (ret >= 0) {
|
||||
@@ -18976,12 +18976,12 @@ static void FreeScvArgs(WOLFSSL* ssl, void* pArgs)
|
||||
|
||||
#ifndef NO_RSA
|
||||
if (args->verifySig) {
|
||||
XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
args->verifySig = NULL;
|
||||
}
|
||||
#endif
|
||||
if (args->input) {
|
||||
XFREE(args->input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
|
||||
args->input = NULL;
|
||||
}
|
||||
}
|
||||
@@ -19066,7 +19066,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
|
||||
/* build encoded signature buffer */
|
||||
ssl->buffers.sig.length = MAX_ENCODED_SIG_SZ;
|
||||
ssl->buffers.sig.buffer = (byte*)XMALLOC(ssl->buffers.sig.length,
|
||||
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
ssl->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
if (ssl->buffers.sig.buffer == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_scv);
|
||||
}
|
||||
@@ -19250,7 +19250,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
|
||||
|
||||
if (args->verifySig == NULL) {
|
||||
args->verifySig = (byte*)XMALLOC(args->sigSz, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_SIGNATURE);
|
||||
if (args->verifySig == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_scv);
|
||||
}
|
||||
@@ -19298,7 +19298,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
|
||||
args->inputSz = args->sendSz - RECORD_HEADER_SZ;
|
||||
/* build msg adds rec hdr */
|
||||
args->input = (byte*)XMALLOC(args->inputSz, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_IN_BUFFER);
|
||||
if (args->input == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_scv);
|
||||
}
|
||||
@@ -19324,7 +19324,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
|
||||
goto exit_scv;
|
||||
#endif
|
||||
|
||||
XFREE(args->input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
|
||||
args->input = NULL; /* make sure its not double free'd on cleanup */
|
||||
|
||||
if (ret >= 0) {
|
||||
@@ -19803,19 +19803,19 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
|
||||
#if defined(HAVE_ECC)
|
||||
if (args->exportBuf) {
|
||||
XFREE(args->exportBuf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(args->exportBuf, ssl->heap, DYNAMIC_TYPE_DER);
|
||||
args->exportBuf = NULL;
|
||||
}
|
||||
#endif
|
||||
#if defined(HAVE_ECC) || (!defined(NO_DH) && !defined(NO_RSA))
|
||||
if (args->sigDataBuf) {
|
||||
XFREE(args->sigDataBuf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(args->sigDataBuf, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
args->sigDataBuf = NULL;
|
||||
}
|
||||
#endif
|
||||
#ifndef NO_RSA
|
||||
if (args->verifySig) {
|
||||
XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
args->verifySig = NULL;
|
||||
}
|
||||
#endif
|
||||
@@ -19922,7 +19922,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
/* Free'd in SSL_ResourceFree and FreeHandshakeResources */
|
||||
ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC(
|
||||
ssl->buffers.serverDH_P.length + OPAQUE16_LEN,
|
||||
ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
|
||||
ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
if (ssl->buffers.serverDH_Pub.buffer == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_sske);
|
||||
}
|
||||
@@ -19932,7 +19932,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
/* Free'd in SSL_ResourceFree and FreeHandshakeResources */
|
||||
ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC(
|
||||
ssl->buffers.serverDH_P.length + OPAQUE16_LEN,
|
||||
ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
|
||||
ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
|
||||
if (ssl->buffers.serverDH_Priv.buffer == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_sske);
|
||||
}
|
||||
@@ -20186,7 +20186,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
|
||||
args->exportSz = MAX_EXPORT_ECC_SZ;
|
||||
args->exportBuf = (byte*)XMALLOC(args->exportSz,
|
||||
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
ssl->heap, DYNAMIC_TYPE_DER);
|
||||
if (args->exportBuf == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_sske);
|
||||
}
|
||||
@@ -20273,7 +20273,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
/* Export temp ECC key and add to length */
|
||||
args->exportSz = MAX_EXPORT_ECC_SZ;
|
||||
args->exportBuf = (byte*)XMALLOC(args->exportSz,
|
||||
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
ssl->heap, DYNAMIC_TYPE_DER);
|
||||
if (args->exportBuf == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_sske);
|
||||
}
|
||||
@@ -20489,7 +20489,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
/* Assemble buffer to hash for signature */
|
||||
args->sigDataSz = RAN_LEN + RAN_LEN + preSigSz;
|
||||
args->sigDataBuf = (byte*)XMALLOC(args->sigDataSz,
|
||||
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
ssl->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
if (args->sigDataBuf == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_sske);
|
||||
}
|
||||
@@ -20505,7 +20505,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
wc_HashGetDigestSize(hashType);
|
||||
ssl->buffers.sig.buffer = (byte*)XMALLOC(
|
||||
ssl->buffers.sig.length,
|
||||
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
ssl->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
if (ssl->buffers.sig.buffer == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_sske);
|
||||
}
|
||||
@@ -20532,7 +20532,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
if (IsAtLeastTLSv1_2(ssl)) {
|
||||
byte* encodedSig = (byte*)XMALLOC(
|
||||
MAX_ENCODED_SIG_SZ, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_SIGNATURE);
|
||||
if (encodedSig == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_sske);
|
||||
}
|
||||
@@ -20545,7 +20545,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
|
||||
/* Replace sig buffer with new one */
|
||||
XFREE(ssl->buffers.sig.buffer, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_SIGNATURE);
|
||||
ssl->buffers.sig.buffer = encodedSig;
|
||||
}
|
||||
|
||||
@@ -20726,7 +20726,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
/* Assemble buffer to hash for signature */
|
||||
args->sigDataSz = RAN_LEN + RAN_LEN + preSigSz;
|
||||
args->sigDataBuf = (byte*)XMALLOC(args->sigDataSz,
|
||||
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
ssl->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
if (args->sigDataBuf == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_sske);
|
||||
}
|
||||
@@ -20742,7 +20742,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
wc_HashGetDigestSize(hashType);
|
||||
ssl->buffers.sig.buffer = (byte*)XMALLOC(
|
||||
ssl->buffers.sig.length, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_SIGNATURE);
|
||||
if (ssl->buffers.sig.buffer == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_sske);
|
||||
}
|
||||
@@ -20769,7 +20769,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
if (IsAtLeastTLSv1_2(ssl)) {
|
||||
byte* encodedSig = (byte*)XMALLOC(
|
||||
MAX_ENCODED_SIG_SZ, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_SIGNATURE);
|
||||
if (encodedSig == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_sske);
|
||||
}
|
||||
@@ -20782,7 +20782,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
|
||||
/* Replace sig buffer with new one */
|
||||
XFREE(ssl->buffers.sig.buffer, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_SIGNATURE);
|
||||
ssl->buffers.sig.buffer = encodedSig;
|
||||
}
|
||||
break;
|
||||
@@ -21000,7 +21000,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
}
|
||||
args->verifySig = (byte*)XMALLOC(
|
||||
args->sigSz, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_SIGNATURE);
|
||||
if (!args->verifySig) {
|
||||
ERROR_OUT(MEMORY_E, exit_sske);
|
||||
}
|
||||
@@ -21072,7 +21072,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
}
|
||||
args->verifySig = (byte*)XMALLOC(
|
||||
args->sigSz, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_SIGNATURE);
|
||||
if (!args->verifySig) {
|
||||
ERROR_OUT(MEMORY_E, exit_sske);
|
||||
}
|
||||
@@ -22316,7 +22316,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ,
|
||||
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
ssl->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
if (encodedSig == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_dcv);
|
||||
}
|
||||
@@ -22340,7 +22340,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(encodedSig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(encodedSig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
@@ -81,7 +81,8 @@
|
||||
|
||||
/* compute p_hash for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1 PRF */
|
||||
static int p_hash(byte* result, word32 resLen, const byte* secret,
|
||||
word32 secLen, const byte* seed, word32 seedLen, int hash)
|
||||
word32 secLen, const byte* seed, word32 seedLen, int hash,
|
||||
void* heap, int devId)
|
||||
{
|
||||
word32 len = P_HASH_MAX_SIZE;
|
||||
word32 times;
|
||||
@@ -101,14 +102,14 @@ static int p_hash(byte* result, word32 resLen, const byte* secret,
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
previous = (byte*)XMALLOC(P_HASH_MAX_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
current = (byte*)XMALLOC(P_HASH_MAX_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
hmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
previous = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST);
|
||||
current = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST);
|
||||
hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, DYNAMIC_TYPE_HMAC);
|
||||
|
||||
if (previous == NULL || current == NULL || hmac == NULL) {
|
||||
if (previous) XFREE(previous, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (current) XFREE(current, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (hmac) XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (previous) XFREE(previous, heap, DYNAMIC_TYPE_DIGEST);
|
||||
if (current) XFREE(current, heap, DYNAMIC_TYPE_DIGEST);
|
||||
if (hmac) XFREE(hmac, heap, DYNAMIC_TYPE_HMAC);
|
||||
|
||||
return MEMORY_E;
|
||||
}
|
||||
@@ -153,7 +154,7 @@ static int p_hash(byte* result, word32 resLen, const byte* secret,
|
||||
|
||||
lastTime = times - 1;
|
||||
|
||||
ret = wc_HmacInit(hmac, NULL, INVALID_DEVID);
|
||||
ret = wc_HmacInit(hmac, heap, devId);
|
||||
if (ret == 0) {
|
||||
ret = wc_HmacSetKey(hmac, hash, secret, secLen);
|
||||
if (ret == 0)
|
||||
@@ -195,9 +196,9 @@ static int p_hash(byte* result, word32 resLen, const byte* secret,
|
||||
ForceZero(hmac, sizeof(Hmac));
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(previous, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(current, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(previous, heap, DYNAMIC_TYPE_DIGEST);
|
||||
XFREE(current, heap, DYNAMIC_TYPE_DIGEST);
|
||||
XFREE(hmac, heap, DYNAMIC_TYPE_HMAC);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
@@ -221,7 +222,7 @@ static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha)
|
||||
/* compute TLSv1 PRF (pseudo random function using HMAC) */
|
||||
static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
|
||||
const byte* label, word32 labLen, const byte* seed,
|
||||
word32 seedLen)
|
||||
word32 seedLen, void* heap, int devId)
|
||||
{
|
||||
int ret = 0;
|
||||
word32 half = (secLen + 1) / 2;
|
||||
@@ -248,19 +249,19 @@ static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
|
||||
return BUFFER_E;
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
md5_half = (byte*)XMALLOC(MAX_PRF_HALF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
sha_half = (byte*)XMALLOC(MAX_PRF_HALF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
md5_result = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
sha_result = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
md5_half = (byte*)XMALLOC(MAX_PRF_HALF, heap, DYNAMIC_TYPE_DIGEST);
|
||||
sha_half = (byte*)XMALLOC(MAX_PRF_HALF, heap, DYNAMIC_TYPE_DIGEST);
|
||||
labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, heap, DYNAMIC_TYPE_SEED);
|
||||
md5_result = (byte*)XMALLOC(MAX_PRF_DIG, heap, DYNAMIC_TYPE_DIGEST);
|
||||
sha_result = (byte*)XMALLOC(MAX_PRF_DIG, heap, DYNAMIC_TYPE_DIGEST);
|
||||
|
||||
if (md5_half == NULL || sha_half == NULL || labelSeed == NULL ||
|
||||
md5_result == NULL || sha_result == NULL) {
|
||||
if (md5_half) XFREE(md5_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (sha_half) XFREE(sha_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (labelSeed) XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (md5_result) XFREE(md5_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (sha_result) XFREE(sha_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (md5_half) XFREE(md5_half, heap, DYNAMIC_TYPE_DIGEST);
|
||||
if (sha_half) XFREE(sha_half, heap, DYNAMIC_TYPE_DIGEST);
|
||||
if (labelSeed) XFREE(labelSeed, heap, DYNAMIC_TYPE_SEED);
|
||||
if (md5_result) XFREE(md5_result, heap, DYNAMIC_TYPE_DIGEST);
|
||||
if (sha_result) XFREE(sha_result, heap, DYNAMIC_TYPE_DIGEST);
|
||||
|
||||
return MEMORY_E;
|
||||
}
|
||||
@@ -276,19 +277,19 @@ static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
|
||||
XMEMCPY(labelSeed + labLen, seed, seedLen);
|
||||
|
||||
if ((ret = p_hash(md5_result, digLen, md5_half, half, labelSeed,
|
||||
labLen + seedLen, md5_mac)) == 0) {
|
||||
labLen + seedLen, md5_mac, heap, devId)) == 0) {
|
||||
if ((ret = p_hash(sha_result, digLen, sha_half, half, labelSeed,
|
||||
labLen + seedLen, sha_mac)) == 0) {
|
||||
labLen + seedLen, sha_mac, heap, devId)) == 0) {
|
||||
get_xor(digest, digLen, md5_result, sha_result);
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(md5_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(sha_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(md5_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(sha_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(md5_half, heap, DYNAMIC_TYPE_DIGEST);
|
||||
XFREE(sha_half, heap, DYNAMIC_TYPE_DIGEST);
|
||||
XFREE(labelSeed, heap, DYNAMIC_TYPE_SEED);
|
||||
XFREE(md5_result, heap, DYNAMIC_TYPE_DIGEST);
|
||||
XFREE(sha_result, heap, DYNAMIC_TYPE_DIGEST);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
@@ -301,7 +302,7 @@ static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
|
||||
use */
|
||||
static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
|
||||
const byte* label, word32 labLen, const byte* seed, word32 seedLen,
|
||||
int useAtLeastSha256, int hash_type)
|
||||
int useAtLeastSha256, int hash_type, void* heap, int devId)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
@@ -316,8 +317,7 @@ static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
|
||||
return BUFFER_E;
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, NULL,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, heap, DYNAMIC_TYPE_SEED);
|
||||
if (labelSeed == NULL)
|
||||
return MEMORY_E;
|
||||
#endif
|
||||
@@ -330,16 +330,16 @@ static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
|
||||
if (hash_type < sha256_mac || hash_type == blake2b_mac)
|
||||
hash_type = sha256_mac;
|
||||
ret = p_hash(digest, digLen, secret, secLen, labelSeed,
|
||||
labLen + seedLen, hash_type);
|
||||
labLen + seedLen, hash_type, heap, devId);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(labelSeed, heap, DYNAMIC_TYPE_SEED);
|
||||
#endif
|
||||
}
|
||||
#ifndef NO_OLD_TLS
|
||||
else {
|
||||
ret = doPRF(digest, digLen, secret, secLen, label, labLen, seed,
|
||||
seedLen);
|
||||
seedLen, heap, devId);
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -403,7 +403,7 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
|
||||
word32 hashSz = HSHASH_SZ;
|
||||
|
||||
/* using allocate here to allow async hardware to use buffer directly */
|
||||
handshake_hash = (byte*)XMALLOC(hashSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
handshake_hash = (byte*)XMALLOC(hashSz, ssl->heap, DYNAMIC_TYPE_DIGEST);
|
||||
if (handshake_hash == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
@@ -416,10 +416,11 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
|
||||
|
||||
ret = PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret,
|
||||
SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz,
|
||||
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
|
||||
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
|
||||
ssl->heap, ssl->devId);
|
||||
}
|
||||
|
||||
XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_DIGEST);
|
||||
|
||||
return ret;
|
||||
}
|
||||
@@ -481,62 +482,71 @@ static const byte ext_master_label[EXT_MASTER_LABEL_SZ + 1] =
|
||||
static const byte master_label[MASTER_LABEL_SZ + 1] = "master secret";
|
||||
static const byte key_label [KEY_LABEL_SZ + 1] = "key expansion";
|
||||
|
||||
|
||||
/* External facing wrapper so user can call as well, 0 on success */
|
||||
int wolfSSL_DeriveTlsKeys(byte* key_data, word32 keyLen,
|
||||
static int _DeriveTlsKeys(byte* key_dig, word32 key_dig_len,
|
||||
const byte* ms, word32 msLen,
|
||||
const byte* sr, const byte* cr,
|
||||
int tls1_2, int hash_type)
|
||||
int tls1_2, int hash_type,
|
||||
void* heap, int devId)
|
||||
{
|
||||
byte seed[SEED_LEN];
|
||||
|
||||
XMEMCPY(seed, sr, RAN_LEN);
|
||||
XMEMCPY(seed + RAN_LEN, cr, RAN_LEN);
|
||||
|
||||
return PRF(key_data, keyLen, ms, msLen, key_label, KEY_LABEL_SZ,
|
||||
seed, SEED_LEN, tls1_2, hash_type);
|
||||
return PRF(key_dig, key_dig_len, ms, msLen, key_label, KEY_LABEL_SZ,
|
||||
seed, SEED_LEN, tls1_2, hash_type, heap, devId);
|
||||
}
|
||||
|
||||
/* External facing wrapper so user can call as well, 0 on success */
|
||||
int wolfSSL_DeriveTlsKeys(byte* key_dig, word32 key_dig_len,
|
||||
const byte* ms, word32 msLen,
|
||||
const byte* sr, const byte* cr,
|
||||
int tls1_2, int hash_type)
|
||||
{
|
||||
return _DeriveTlsKeys(key_dig, key_dig_len, ms, msLen, sr, cr, tls1_2,
|
||||
hash_type, NULL, INVALID_DEVID);
|
||||
}
|
||||
|
||||
|
||||
int DeriveTlsKeys(WOLFSSL* ssl)
|
||||
{
|
||||
int ret;
|
||||
int length = 2 * ssl->specs.hash_size +
|
||||
2 * ssl->specs.key_size +
|
||||
2 * ssl->specs.iv_size;
|
||||
int key_dig_len = 2 * ssl->specs.hash_size +
|
||||
2 * ssl->specs.key_size +
|
||||
2 * ssl->specs.iv_size;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
byte* key_data;
|
||||
byte* key_dig;
|
||||
#else
|
||||
byte key_data[MAX_PRF_DIG];
|
||||
byte key_dig[MAX_PRF_DIG];
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
key_data = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (key_data == NULL) {
|
||||
key_dig = (byte*)XMALLOC(MAX_PRF_DIG, ssl->heap, DYNAMIC_TYPE_DIGEST);
|
||||
if (key_dig == NULL) {
|
||||
return MEMORY_E;
|
||||
}
|
||||
#endif
|
||||
|
||||
ret = wolfSSL_DeriveTlsKeys(key_data, length,
|
||||
ssl->arrays->masterSecret, SECRET_LEN,
|
||||
ssl->arrays->serverRandom, ssl->arrays->clientRandom,
|
||||
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
|
||||
ret = _DeriveTlsKeys(key_dig, key_dig_len,
|
||||
ssl->arrays->masterSecret, SECRET_LEN,
|
||||
ssl->arrays->serverRandom, ssl->arrays->clientRandom,
|
||||
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
|
||||
ssl->heap, ssl->devId);
|
||||
if (ret == 0)
|
||||
ret = StoreKeys(ssl, key_data);
|
||||
ret = StoreKeys(ssl, key_dig);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(key_data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(key_dig, ssl->heap, DYNAMIC_TYPE_DIGEST);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
/* External facing wrapper so user can call as well, 0 on success */
|
||||
int wolfSSL_MakeTlsMasterSecret(byte* ms, word32 msLen,
|
||||
static int _MakeTlsMasterSecret(byte* ms, word32 msLen,
|
||||
const byte* pms, word32 pmsLen,
|
||||
const byte* cr, const byte* sr,
|
||||
int tls1_2, int hash_type)
|
||||
int tls1_2, int hash_type,
|
||||
void* heap, int devId)
|
||||
{
|
||||
byte seed[SEED_LEN];
|
||||
|
||||
@@ -544,20 +554,40 @@ int wolfSSL_MakeTlsMasterSecret(byte* ms, word32 msLen,
|
||||
XMEMCPY(seed + RAN_LEN, sr, RAN_LEN);
|
||||
|
||||
return PRF(ms, msLen, pms, pmsLen, master_label, MASTER_LABEL_SZ,
|
||||
seed, SEED_LEN, tls1_2, hash_type);
|
||||
seed, SEED_LEN, tls1_2, hash_type, heap, devId);
|
||||
}
|
||||
|
||||
/* External facing wrapper so user can call as well, 0 on success */
|
||||
int wolfSSL_MakeTlsMasterSecret(byte* ms, word32 msLen,
|
||||
const byte* pms, word32 pmsLen,
|
||||
const byte* cr, const byte* sr,
|
||||
int tls1_2, int hash_type)
|
||||
{
|
||||
return _MakeTlsMasterSecret(ms, msLen, pms, pmsLen, cr, sr, tls1_2,
|
||||
hash_type, NULL, INVALID_DEVID);
|
||||
}
|
||||
|
||||
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
|
||||
static int _MakeTlsExtendedMasterSecret(byte* ms, word32 msLen,
|
||||
const byte* pms, word32 pmsLen,
|
||||
const byte* sHash, word32 sHashLen,
|
||||
int tls1_2, int hash_type,
|
||||
void* heap, int devId)
|
||||
{
|
||||
return PRF(ms, msLen, pms, pmsLen, ext_master_label, EXT_MASTER_LABEL_SZ,
|
||||
sHash, sHashLen, tls1_2, hash_type, heap, devId);
|
||||
}
|
||||
|
||||
/* External facing wrapper so user can call as well, 0 on success */
|
||||
int wolfSSL_MakeTlsExtendedMasterSecret(byte* ms, word32 msLen,
|
||||
const byte* pms, word32 pmsLen,
|
||||
const byte* sHash, word32 sHashLen,
|
||||
int tls1_2, int hash_type)
|
||||
{
|
||||
return PRF(ms, msLen, pms, pmsLen, ext_master_label, EXT_MASTER_LABEL_SZ,
|
||||
sHash, sHashLen, tls1_2, hash_type);
|
||||
return _MakeTlsExtendedMasterSecret(ms, msLen, pms, pmsLen, sHash, sHashLen,
|
||||
tls1_2, hash_type, NULL, INVALID_DEVID);
|
||||
}
|
||||
|
||||
#endif /* HAVE_EXTENDED_MASTER */
|
||||
@@ -571,29 +601,32 @@ int MakeTlsMasterSecret(WOLFSSL* ssl)
|
||||
byte* handshake_hash;
|
||||
word32 hashSz = HSHASH_SZ;
|
||||
|
||||
handshake_hash = (byte*)XMALLOC(HSHASH_SZ, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
handshake_hash = (byte*)XMALLOC(HSHASH_SZ, ssl->heap,
|
||||
DYNAMIC_TYPE_DIGEST);
|
||||
if (handshake_hash == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz);
|
||||
if (ret < 0) {
|
||||
XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_DIGEST);
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = wolfSSL_MakeTlsExtendedMasterSecret(
|
||||
ret = _MakeTlsExtendedMasterSecret(
|
||||
ssl->arrays->masterSecret, SECRET_LEN,
|
||||
ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
|
||||
handshake_hash, hashSz,
|
||||
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
|
||||
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
|
||||
ssl->heap, ssl->devId);
|
||||
|
||||
XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_DIGEST);
|
||||
} else
|
||||
#endif
|
||||
ret = wolfSSL_MakeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN,
|
||||
ret = _MakeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN,
|
||||
ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
|
||||
ssl->arrays->clientRandom, ssl->arrays->serverRandom,
|
||||
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
|
||||
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
|
||||
ssl->heap, ssl->devId);
|
||||
|
||||
if (ret == 0) {
|
||||
#ifdef SHOW_SECRETS
|
||||
@@ -625,7 +658,7 @@ int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* msk, unsigned int len,
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
seed = (byte*)XMALLOC(SEED_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
seed = (byte*)XMALLOC(SEED_LEN, ssl->heap, DYNAMIC_TYPE_SEED);
|
||||
if (seed == NULL)
|
||||
return MEMORY_E;
|
||||
#endif
|
||||
@@ -639,10 +672,11 @@ int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* msk, unsigned int len,
|
||||
|
||||
ret = PRF((byte*)msk, len, ssl->arrays->masterSecret, SECRET_LEN,
|
||||
(const byte *)label, (word32)XSTRLEN(label), seed, SEED_LEN,
|
||||
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
|
||||
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
|
||||
ssl->heap, ssl->devId);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(seed, ssl->heap, DYNAMIC_TYPE_SEED);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
@@ -843,7 +877,7 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
|
||||
|
||||
wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
|
||||
|
||||
ret = wc_HmacInit(&hmac, NULL, ssl->devId);
|
||||
ret = wc_HmacInit(&hmac, ssl->heap, ssl->devId);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
@@ -1198,10 +1232,10 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, byte *input, word16 length,
|
||||
/* keep the list sent by client */
|
||||
if (isRequest) {
|
||||
if (ssl->alpn_client_list != NULL)
|
||||
XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_ALPN);
|
||||
|
||||
ssl->alpn_client_list = (char *)XMALLOC(size, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_ALPN);
|
||||
if (ssl->alpn_client_list == NULL)
|
||||
return MEMORY_ERROR;
|
||||
}
|
||||
@@ -3669,9 +3703,9 @@ int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket, void* heap)
|
||||
/* Quantum-Safe-Hybrid */
|
||||
/******************************************************************************/
|
||||
|
||||
#if defined(HAVE_NTRU) && defined(HAVE_QSH)
|
||||
static WC_RNG* rng;
|
||||
static wolfSSL_Mutex* rngMutex;
|
||||
#if defined(HAVE_NTRU)
|
||||
static WC_RNG* gRng;
|
||||
static wolfSSL_Mutex* gRngMutex;
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_QSH
|
||||
@@ -4130,7 +4164,7 @@ int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input, word16 length,
|
||||
|
||||
/* allocate memory for buffer */
|
||||
buf->length = offset;
|
||||
buf->buffer = (byte*)XMALLOC(offset, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
buf->buffer = (byte*)XMALLOC(offset, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (buf->buffer == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
@@ -4599,13 +4633,13 @@ static int TLSX_KeyShare_GenDhKey(WOLFSSL *ssl, KeyShareEntry* kse)
|
||||
|
||||
/* Allocate space for the public key. */
|
||||
dataSz = params->p_len;
|
||||
keyData = (byte*)XMALLOC(dataSz, ssl->heap, DYNAMIC_TYPE_TLSX);
|
||||
keyData = (byte*)XMALLOC(dataSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
if (keyData == NULL) {
|
||||
ret = MEMORY_E;
|
||||
goto end;
|
||||
}
|
||||
/* Allocate space for the private key. */
|
||||
key = (byte*)XMALLOC(keySz, ssl->heap, DYNAMIC_TYPE_TLSX);
|
||||
key = (byte*)XMALLOC(keySz, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
|
||||
if (key == NULL) {
|
||||
ret = MEMORY_E;
|
||||
goto end;
|
||||
@@ -4653,9 +4687,9 @@ end:
|
||||
if (ret != 0) {
|
||||
/* Data owned by key share entry otherwise. */
|
||||
if (keyData != NULL)
|
||||
XFREE(keyData, ssl->heap, DYNAMIC_TYPE_TLSX);
|
||||
XFREE(keyData, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
if (key != NULL)
|
||||
XFREE(key, ssl->heap, DYNAMIC_TYPE_TLSX);
|
||||
XFREE(key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
|
||||
}
|
||||
|
||||
return ret;
|
||||
@@ -4715,7 +4749,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
|
||||
curve25519_key* key;
|
||||
/* Allocate an ECC key to hold private key. */
|
||||
key = (curve25519_key*)XMALLOC(sizeof(curve25519_key),
|
||||
ssl->heap, DYNAMIC_TYPE_TLSX);
|
||||
ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
|
||||
if (key == NULL) {
|
||||
WOLFSSL_MSG("EccTempKey Memory error");
|
||||
return MEMORY_E;
|
||||
@@ -4733,7 +4767,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
|
||||
|
||||
/* Allocate space for the public key. */
|
||||
keyData = (byte*)XMALLOC(dataSize, ssl->heap,
|
||||
DYNAMIC_TYPE_TLSX);
|
||||
DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
if (keyData == NULL) {
|
||||
WOLFSSL_MSG("Key data Memory error");
|
||||
ret = MEMORY_E;
|
||||
@@ -4770,7 +4804,8 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
|
||||
}
|
||||
|
||||
/* Allocate an ECC key to hold private key. */
|
||||
eccKey = (ecc_key*)XMALLOC(sizeof(ecc_key), ssl->heap, DYNAMIC_TYPE_TLSX);
|
||||
eccKey = (ecc_key*)XMALLOC(sizeof(ecc_key), ssl->heap,
|
||||
DYNAMIC_TYPE_PRIVATE_KEY);
|
||||
if (eccKey == NULL) {
|
||||
WOLFSSL_MSG("EccTempKey Memory error");
|
||||
return MEMORY_E;
|
||||
@@ -4791,7 +4826,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
|
||||
goto end;
|
||||
|
||||
/* Allocate space for the public key. */
|
||||
keyData = (byte*)XMALLOC(dataSize, ssl->heap, DYNAMIC_TYPE_TLSX);
|
||||
keyData = (byte*)XMALLOC(dataSize, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
if (keyData == NULL) {
|
||||
WOLFSSL_MSG("Key data Memory error");
|
||||
ret = MEMORY_E;
|
||||
@@ -4855,8 +4890,8 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap)
|
||||
|
||||
while ((current = list) != NULL) {
|
||||
list = current->next;
|
||||
XFREE(current->key, heap, DYNAMIC_TYPE_TLSX);
|
||||
XFREE(current->ke, heap, DYNAMIC_TYPE_TLSX);
|
||||
XFREE(current->key, heap, DYNAMIC_TYPE_PRIVATE_KEY);
|
||||
XFREE(current->ke, heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
XFREE(current, heap, DYNAMIC_TYPE_TLSX);
|
||||
}
|
||||
|
||||
@@ -5063,7 +5098,7 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
|
||||
wc_ecc_free(ssl->peerEccKey);
|
||||
|
||||
ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key), ssl->heap,
|
||||
DYNAMIC_TYPE_TLSX);
|
||||
DYNAMIC_TYPE_ECC);
|
||||
if (ssl->peerEccKey == NULL) {
|
||||
WOLFSSL_MSG("PeerEccKey Memory error");
|
||||
return MEMORY_ERROR;
|
||||
@@ -5249,7 +5284,7 @@ static int TLSX_KeyShareEntry_Parse(WOLFSSL* ssl, byte* input, word16 length,
|
||||
return BUFFER_ERROR;
|
||||
|
||||
/* Store a copy in the key share object. */
|
||||
ke = (byte*)XMALLOC(keLen, ssl->heap, DYNAMIC_TYPE_TLSX);
|
||||
ke = (byte*)XMALLOC(keLen, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
if (ke == NULL)
|
||||
return MEMORY_E;
|
||||
XMEMCPY(ke, &input[offset], keLen);
|
||||
@@ -5479,7 +5514,7 @@ int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len, byte* data,
|
||||
if (data != NULL) {
|
||||
/* Keep the public key data and free when finished. */
|
||||
if (keyShareEntry->ke != NULL)
|
||||
XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_TLSX);
|
||||
XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
keyShareEntry->ke = data;
|
||||
keyShareEntry->keLen = len;
|
||||
}
|
||||
@@ -5685,7 +5720,7 @@ int TLSX_KeyShare_Establish(WOLFSSL *ssl)
|
||||
|
||||
/* Move private key to client entry. */
|
||||
if (clientKSE->key != NULL)
|
||||
XFREE(clientKSE->key, ssl->heap, DYNAMIC_TYPE_TLSX);
|
||||
XFREE(clientKSE->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
|
||||
clientKSE->key = serverKSE->key;
|
||||
serverKSE->key = NULL;
|
||||
clientKSE->keyLen = serverKSE->keyLen;
|
||||
@@ -6789,23 +6824,23 @@ static word32 GetEntropy(unsigned char* out, word32 num_bytes)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
if (rng == NULL) {
|
||||
if ((rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL,
|
||||
if (gRng == NULL) {
|
||||
if ((gRng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL,
|
||||
DYNAMIC_TYPE_TLSX)) == NULL)
|
||||
return DRBG_OUT_OF_MEMORY;
|
||||
wc_InitRng(rng);
|
||||
wc_InitRng(gRng);
|
||||
}
|
||||
|
||||
if (rngMutex == NULL) {
|
||||
if ((rngMutex = (wolfSSL_Mutex*)XMALLOC(sizeof(wolfSSL_Mutex), NULL,
|
||||
if (gRngMutex == NULL) {
|
||||
if ((gRngMutex = (wolfSSL_Mutex*)XMALLOC(sizeof(wolfSSL_Mutex), NULL,
|
||||
DYNAMIC_TYPE_TLSX)) == NULL)
|
||||
return DRBG_OUT_OF_MEMORY;
|
||||
wc_InitMutex(rngMutex);
|
||||
wc_InitMutex(gRngMutex);
|
||||
}
|
||||
|
||||
ret |= wc_LockMutex(rngMutex);
|
||||
ret |= wc_RNG_GenerateBlock(rng, out, num_bytes);
|
||||
ret |= wc_UnLockMutex(rngMutex);
|
||||
ret |= wc_LockMutex(gRngMutex);
|
||||
ret |= wc_RNG_GenerateBlock(gRng, out, num_bytes);
|
||||
ret |= wc_UnLockMutex(gRngMutex);
|
||||
|
||||
if (ret != 0)
|
||||
return DRBG_ENTROPY_FAIL;
|
||||
|
||||
+24
-29
@@ -916,7 +916,7 @@ static int BuildTls13HandshakeHmac(WOLFSSL* ssl, byte* key, byte* hash,
|
||||
return ret;
|
||||
|
||||
/* Calculate the verify data. */
|
||||
ret = wc_HmacInit(&verifyHmac, ssl->heap, INVALID_DEVID);
|
||||
ret = wc_HmacInit(&verifyHmac, ssl->heap, ssl->devId);
|
||||
if (ret == 0) {
|
||||
ret = wc_HmacSetKey(&verifyHmac, hashType, key, ssl->specs.hash_size);
|
||||
if (ret == 0)
|
||||
@@ -960,16 +960,16 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side)
|
||||
int ret;
|
||||
int i = 0;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
byte* key_data;
|
||||
byte* key_dig;
|
||||
#else
|
||||
byte key_data[MAX_PRF_DIG];
|
||||
byte key_dig[MAX_PRF_DIG];
|
||||
#endif
|
||||
int deriveClient = 0;
|
||||
int deriveServer = 0;
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
key_data = (byte*)XMALLOC(MAX_PRF_DIG, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (key_data == NULL)
|
||||
key_dig = (byte*)XMALLOC(MAX_PRF_DIG, ssl->heap, DYNAMIC_TYPE_DIGEST);
|
||||
if (key_dig == NULL)
|
||||
return MEMORY_E;
|
||||
#endif
|
||||
|
||||
@@ -1031,7 +1031,7 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side)
|
||||
|
||||
/* Derive the client key. */
|
||||
WOLFSSL_MSG("Derive Client Key");
|
||||
ret = DeriveKey(ssl, &key_data[i], ssl->specs.key_size,
|
||||
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.key_size,
|
||||
ssl->arrays->clientSecret, writeKeyLabel,
|
||||
WRITE_KEY_LABEL_SZ, ssl->specs.mac_algorithm, 0);
|
||||
if (ret != 0)
|
||||
@@ -1040,7 +1040,7 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side)
|
||||
|
||||
/* Derive the server key. */
|
||||
WOLFSSL_MSG("Derive Server Key");
|
||||
ret = DeriveKey(ssl, &key_data[i], ssl->specs.key_size,
|
||||
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.key_size,
|
||||
ssl->arrays->serverSecret, writeKeyLabel,
|
||||
WRITE_KEY_LABEL_SZ, ssl->specs.mac_algorithm, 0);
|
||||
if (ret != 0)
|
||||
@@ -1049,7 +1049,7 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side)
|
||||
|
||||
/* Derive the client IV. */
|
||||
WOLFSSL_MSG("Derive Client IV");
|
||||
ret = DeriveKey(ssl, &key_data[i], ssl->specs.iv_size,
|
||||
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.iv_size,
|
||||
ssl->arrays->clientSecret, writeIVLabel, WRITE_IV_LABEL_SZ,
|
||||
ssl->specs.mac_algorithm, 0);
|
||||
if (ret != 0)
|
||||
@@ -1058,18 +1058,18 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side)
|
||||
|
||||
/* Derive the server IV. */
|
||||
WOLFSSL_MSG("Derive Server IV");
|
||||
ret = DeriveKey(ssl, &key_data[i], ssl->specs.iv_size,
|
||||
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.iv_size,
|
||||
ssl->arrays->serverSecret, writeIVLabel, WRITE_IV_LABEL_SZ,
|
||||
ssl->specs.mac_algorithm, 0);
|
||||
if (ret != 0)
|
||||
goto end;
|
||||
|
||||
/* Store keys and IVs but don't activate them. */
|
||||
ret = StoreKeys(ssl, key_data);
|
||||
ret = StoreKeys(ssl, key_dig);
|
||||
|
||||
end:
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(key_data, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(key_dig, ssl->heap, DYNAMIC_TYPE_DIGEST);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
@@ -1635,7 +1635,7 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
|
||||
|
||||
if (ssl->encrypt.nonce == NULL)
|
||||
ssl->encrypt.nonce = (byte*)XMALLOC(AEAD_NONCE_SZ,
|
||||
ssl->heap, DYNAMIC_TYPE_AES);
|
||||
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
|
||||
if (ssl->encrypt.nonce == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
@@ -1841,7 +1841,7 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz)
|
||||
|
||||
if (ssl->decrypt.nonce == NULL)
|
||||
ssl->decrypt.nonce = (byte*)XMALLOC(AEAD_NONCE_SZ,
|
||||
ssl->heap, DYNAMIC_TYPE_AES);
|
||||
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
|
||||
if (ssl->decrypt.nonce == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
@@ -3733,7 +3733,7 @@ static int CheckRSASignature(WOLFSSL* ssl, int sigAlgo, int hashAlgo,
|
||||
{
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_SIGNATURE);
|
||||
if (encodedSig == NULL) {
|
||||
return MEMORY_E;
|
||||
}
|
||||
@@ -3750,7 +3750,7 @@ static int CheckRSASignature(WOLFSSL* ssl, int sigAlgo, int hashAlgo,
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (encodedSig != NULL)
|
||||
XFREE(encodedSig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(encodedSig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
#endif
|
||||
}
|
||||
|
||||
@@ -4036,7 +4036,6 @@ typedef struct Scv13Args {
|
||||
byte* verifySig;
|
||||
#endif
|
||||
byte* verify; /* not allocated */
|
||||
byte* input;
|
||||
word32 idx;
|
||||
word32 sigLen;
|
||||
int sendSz;
|
||||
@@ -4055,18 +4054,14 @@ static void FreeScv13Args(WOLFSSL* ssl, void* pArgs)
|
||||
|
||||
#ifndef NO_RSA
|
||||
if (args->verifySig) {
|
||||
XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
args->verifySig = NULL;
|
||||
}
|
||||
#endif
|
||||
if (args->sigData) {
|
||||
XFREE(args->sigData, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(args->sigData, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
args->sigData = NULL;
|
||||
}
|
||||
if (args->input) {
|
||||
XFREE(args->input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
args->input = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
/* Send the TLS v1.3 CertificateVerify message.
|
||||
@@ -4164,7 +4159,7 @@ int SendTls13CertificateVerify(WOLFSSL* ssl)
|
||||
|
||||
/* Create the data to be signed. */
|
||||
args->sigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_SIGNATURE);
|
||||
if (args->sigData == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_scv);
|
||||
}
|
||||
@@ -4178,7 +4173,7 @@ int SendTls13CertificateVerify(WOLFSSL* ssl)
|
||||
/* build encoded signature buffer */
|
||||
sig->length = MAX_ENCODED_SIG_SZ;
|
||||
sig->buffer = (byte*)XMALLOC(sig->length, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_SIGNATURE);
|
||||
if (sig->buffer == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_scv);
|
||||
}
|
||||
@@ -4287,7 +4282,7 @@ int SendTls13CertificateVerify(WOLFSSL* ssl)
|
||||
if (ssl->hsType == DYNAMIC_TYPE_RSA) {
|
||||
if (args->verifySig == NULL) {
|
||||
args->verifySig = (byte*)XMALLOC(args->sigLen, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_SIGNATURE);
|
||||
if (args->verifySig == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_scv);
|
||||
}
|
||||
@@ -4433,7 +4428,7 @@ static void FreeDcv13Args(WOLFSSL* ssl, void* pArgs)
|
||||
Dcv13Args* args = (Dcv13Args*)pArgs;
|
||||
|
||||
if (args->sigData) {
|
||||
XFREE(args->sigData, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(args->sigData, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
args->sigData = NULL;
|
||||
}
|
||||
|
||||
@@ -4548,7 +4543,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
|
||||
#endif
|
||||
|
||||
sig->buffer = (byte*)XMALLOC(args->sz, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_SIGNATURE);
|
||||
if (sig->buffer == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_dcv);
|
||||
}
|
||||
@@ -4560,7 +4555,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
|
||||
WOLFSSL_MSG("Doing ECC peer cert verify");
|
||||
|
||||
args->sigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_SIGNATURE);
|
||||
if (args->sigData == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_dcv);
|
||||
}
|
||||
@@ -4581,7 +4576,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
|
||||
WOLFSSL_MSG("Doing ED25519 peer cert verify");
|
||||
|
||||
args->sigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_SIGNATURE);
|
||||
if (args->sigData == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_dcv);
|
||||
}
|
||||
|
||||
+6
-6
@@ -4491,12 +4491,12 @@ void FreeSignatureCtx(SignatureCtx* sigCtx)
|
||||
return;
|
||||
|
||||
if (sigCtx->digest) {
|
||||
XFREE(sigCtx->digest, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(sigCtx->digest, sigCtx->heap, DYNAMIC_TYPE_DIGEST);
|
||||
sigCtx->digest = NULL;
|
||||
}
|
||||
#ifndef NO_RSA
|
||||
if (sigCtx->plain) {
|
||||
XFREE(sigCtx->plain, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(sigCtx->plain, sigCtx->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
sigCtx->plain = NULL;
|
||||
}
|
||||
#endif
|
||||
@@ -4641,7 +4641,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
|
||||
case SIG_STATE_BEGIN:
|
||||
{
|
||||
sigCtx->digest = (byte*)XMALLOC(WC_MAX_DIGEST_SIZE, sigCtx->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_DIGEST);
|
||||
if (sigCtx->digest == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_cs);
|
||||
}
|
||||
@@ -4675,7 +4675,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
|
||||
sigCtx->key.rsa = (RsaKey*)XMALLOC(sizeof(RsaKey),
|
||||
sigCtx->heap, DYNAMIC_TYPE_RSA);
|
||||
sigCtx->plain = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ,
|
||||
sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
sigCtx->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
if (sigCtx->key.rsa == NULL || sigCtx->plain == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_cs);
|
||||
}
|
||||
@@ -11236,7 +11236,7 @@ static int GetRevoked(const byte* buff, word32* idx, DecodedCRL* dcrl,
|
||||
end = *idx + len;
|
||||
|
||||
rc = (RevokedCert*)XMALLOC(sizeof(RevokedCert), dcrl->heap,
|
||||
DYNAMIC_TYPE_CRL);
|
||||
DYNAMIC_TYPE_REVOKED);
|
||||
if (rc == NULL) {
|
||||
WOLFSSL_MSG("Alloc Revoked Cert failed");
|
||||
return MEMORY_E;
|
||||
@@ -11244,7 +11244,7 @@ static int GetRevoked(const byte* buff, word32* idx, DecodedCRL* dcrl,
|
||||
|
||||
if (GetSerialNumber(buff, idx, rc->serialNumber, &rc->serialSz,
|
||||
maxIdx) < 0) {
|
||||
XFREE(rc, dcrl->heap, DYNAMIC_TYPE_CRL);
|
||||
XFREE(rc, dcrl->heap, DYNAMIC_TYPE_REVOKED);
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
|
||||
|
||||
+42
-36
@@ -654,49 +654,55 @@ static int wc_DhGenerateKeyPair_Async(DhKey* key, WC_RNG* rng,
|
||||
int ret;
|
||||
|
||||
#if defined(HAVE_INTEL_QA)
|
||||
mp_int x;
|
||||
word32 sz;
|
||||
|
||||
/* verify prime is at least 768-bits */
|
||||
/* QAT HW must have prime at least 768-bits */
|
||||
sz = mp_unsigned_bin_size(&key->p);
|
||||
if (sz >= (768/8)) {
|
||||
mp_int x;
|
||||
|
||||
ret = mp_init(&x);
|
||||
if (ret != MP_OKAY)
|
||||
return ret;
|
||||
|
||||
ret = GeneratePrivateDh(key, rng, priv, privSz);
|
||||
if (ret == 0)
|
||||
ret = mp_read_unsigned_bin(&x, priv, *privSz);
|
||||
if (ret == MP_OKAY)
|
||||
ret = wc_mp_to_bigint(&x, &x.raw);
|
||||
if (ret == MP_OKAY)
|
||||
ret = wc_mp_to_bigint(&key->p, &key->p.raw);
|
||||
if (ret == MP_OKAY)
|
||||
ret = wc_mp_to_bigint(&key->g, &key->g.raw);
|
||||
if (ret == MP_OKAY)
|
||||
ret = IntelQaDhKeyGen(&key->asyncDev, &key->p.raw, &key->g.raw,
|
||||
&x.raw, pub, pubSz);
|
||||
mp_clear(&x);
|
||||
|
||||
ret = mp_init(&x);
|
||||
if (ret != MP_OKAY)
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = GeneratePrivateDh(key, rng, priv, privSz);
|
||||
if (ret == 0)
|
||||
ret = mp_read_unsigned_bin(&x, priv, *privSz);
|
||||
if (ret == MP_OKAY)
|
||||
ret = wc_mp_to_bigint(&x, &x.raw);
|
||||
if (ret == MP_OKAY)
|
||||
ret = wc_mp_to_bigint(&key->p, &key->p.raw);
|
||||
if (ret == MP_OKAY)
|
||||
ret = wc_mp_to_bigint(&key->g, &key->g.raw);
|
||||
if (ret == MP_OKAY)
|
||||
ret = IntelQaDhKeyGen(&key->asyncDev, &key->p.raw, &key->g.raw,
|
||||
&x.raw, pub, pubSz);
|
||||
mp_clear(&x);
|
||||
#elif defined(HAVE_CAVIUM)
|
||||
/* TODO: Not implemented - use software for now */
|
||||
|
||||
#else
|
||||
|
||||
#if defined(HAVE_CAVIUM)
|
||||
/* TODO: Not implemented - use software for now */
|
||||
|
||||
#else /* WOLFSSL_ASYNC_CRYPT_TEST */
|
||||
WC_ASYNC_TEST* testDev = &key->asyncDev.test;
|
||||
if (testDev->type == ASYNC_TEST_NONE) {
|
||||
testDev->type = ASYNC_TEST_DH_GEN;
|
||||
testDev->dhGen.key = key;
|
||||
testDev->dhGen.rng = rng;
|
||||
testDev->dhGen.priv = priv;
|
||||
testDev->dhGen.privSz = privSz;
|
||||
testDev->dhGen.pub = pub;
|
||||
testDev->dhGen.pubSz = pubSz;
|
||||
return WC_PENDING_E;
|
||||
}
|
||||
#endif
|
||||
#else /* WOLFSSL_ASYNC_CRYPT_TEST */
|
||||
WC_ASYNC_TEST* testDev = &key->asyncDev.test;
|
||||
if (testDev->type == ASYNC_TEST_NONE) {
|
||||
testDev->type = ASYNC_TEST_DH_GEN;
|
||||
testDev->dhGen.key = key;
|
||||
testDev->dhGen.rng = rng;
|
||||
testDev->dhGen.priv = priv;
|
||||
testDev->dhGen.privSz = privSz;
|
||||
testDev->dhGen.pub = pub;
|
||||
testDev->dhGen.pubSz = pubSz;
|
||||
return WC_PENDING_E;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* otherwise use software DH */
|
||||
ret = wc_DhGenerateKeyPair_Sync(key, rng, priv, privSz, pub, pubSz);
|
||||
|
||||
#endif /* HAVE_INTEL_QA */
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_DH */
|
||||
|
||||
@@ -90,13 +90,11 @@ void wc_FreeDsaKey(DsaKey* key)
|
||||
if (key->type == DSA_PRIVATE)
|
||||
mp_forcezero(&key->x);
|
||||
|
||||
#ifndef USE_FAST_MATH
|
||||
mp_clear(&key->x);
|
||||
mp_clear(&key->y);
|
||||
mp_clear(&key->g);
|
||||
mp_clear(&key->q);
|
||||
mp_clear(&key->p);
|
||||
#endif
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_KEY_GEN
|
||||
|
||||
+34
-36
@@ -2583,10 +2583,8 @@ static int wc_ecc_cmp_param(const char* curveParam,
|
||||
}
|
||||
}
|
||||
|
||||
#ifndef USE_FAST_MATH
|
||||
mp_clear(&a);
|
||||
mp_clear(&b);
|
||||
#endif
|
||||
|
||||
return err;
|
||||
}
|
||||
@@ -2933,7 +2931,7 @@ static int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order)
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
buf = (byte*)XMALLOC(ECC_MAXSIZE_GEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
buf = (byte*)XMALLOC(ECC_MAXSIZE_GEN, NULL, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
if (buf == NULL)
|
||||
return MEMORY_E;
|
||||
#endif
|
||||
@@ -2964,7 +2962,7 @@ static int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order)
|
||||
|
||||
ForceZero(buf, ECC_MAXSIZE);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(buf, NULL, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
#endif
|
||||
|
||||
return err;
|
||||
@@ -3655,13 +3653,13 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
|
||||
}
|
||||
|
||||
/* allocate memory */
|
||||
tA = (unsigned char*)XMALLOC(ECC_BUFSIZE, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
tA = (unsigned char*)XMALLOC(ECC_BUFSIZE, heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
if (tA == NULL) {
|
||||
return GEN_MEM_ERR;
|
||||
}
|
||||
tB = (unsigned char*)XMALLOC(ECC_BUFSIZE, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
tB = (unsigned char*)XMALLOC(ECC_BUFSIZE, heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
if (tB == NULL) {
|
||||
XFREE(tA, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(tA, heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
return GEN_MEM_ERR;
|
||||
}
|
||||
|
||||
@@ -3834,8 +3832,8 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
|
||||
|
||||
ForceZero(tA, ECC_BUFSIZE);
|
||||
ForceZero(tB, ECC_BUFSIZE);
|
||||
XFREE(tA, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(tB, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(tA, heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
XFREE(tB, heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
|
||||
return err;
|
||||
}
|
||||
@@ -4356,7 +4354,7 @@ int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out,
|
||||
out[0] = 0x04;
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
buf = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
buf = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
if (buf == NULL)
|
||||
return MEMORY_E;
|
||||
#endif
|
||||
@@ -4381,7 +4379,7 @@ int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out,
|
||||
|
||||
done:
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(buf, NULL, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
#endif
|
||||
#endif /* WOLFSSL_ATECC508A */
|
||||
|
||||
@@ -4442,7 +4440,7 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen)
|
||||
out[0] = 0x04;
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
buf = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
buf = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
if (buf == NULL)
|
||||
return MEMORY_E;
|
||||
#endif
|
||||
@@ -4465,7 +4463,7 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen)
|
||||
|
||||
done:
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(buf, NULL, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
#endif
|
||||
#endif /* WOLFSSL_ATECC508A */
|
||||
|
||||
@@ -6242,7 +6240,7 @@ static int accel_fp_mul(int idx, mp_int* k, ecc_point *R, mp_int* a,
|
||||
|
||||
/* store k */
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
kb = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
kb = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
if (kb == NULL) {
|
||||
err = MEMORY_E; goto done;
|
||||
}
|
||||
@@ -6318,7 +6316,7 @@ done:
|
||||
mp_clear(&tk);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(kb, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(kb, NULL, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
#endif
|
||||
|
||||
#undef KB_SIZE
|
||||
@@ -6425,7 +6423,7 @@ static int accel_fp_mul2add(int idx1, int idx2,
|
||||
|
||||
/* store k */
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
kb[0] = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
kb[0] = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
if (kb[0] == NULL) {
|
||||
err = MEMORY_E; goto done;
|
||||
}
|
||||
@@ -6450,7 +6448,7 @@ static int accel_fp_mul2add(int idx1, int idx2,
|
||||
|
||||
/* store b */
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
kb[1] = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
kb[1] = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
if (kb[1] == NULL) {
|
||||
err = MEMORY_E; goto done;
|
||||
}
|
||||
@@ -6550,8 +6548,8 @@ done:
|
||||
ForceZero(kb[1], KB_SIZE);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(kb[0], NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(kb[1], NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(kb[0], NULL, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
XFREE(kb[1], NULL, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
#endif
|
||||
|
||||
#undef KB_SIZE
|
||||
@@ -7131,13 +7129,13 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
|
||||
return BUFFER_E;
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
sharedSecret = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
sharedSecret = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
if (sharedSecret == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
keys = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
keys = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
if (keys == NULL) {
|
||||
XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(sharedSecret, NULL, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
return MEMORY_E;
|
||||
}
|
||||
#endif
|
||||
@@ -7220,8 +7218,8 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
|
||||
*outSz = msgSz + digestSz;
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(keys, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(sharedSecret, NULL, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
XFREE(keys, NULL, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
@@ -7294,13 +7292,13 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
|
||||
return BUFFER_E;
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
sharedSecret = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
sharedSecret = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
if (sharedSecret == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
keys = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
keys = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
if (keys == NULL) {
|
||||
XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(sharedSecret, NULL, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
return MEMORY_E;
|
||||
}
|
||||
#endif
|
||||
@@ -7391,8 +7389,8 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
|
||||
*outSz = msgSz - digestSz;
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(keys, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(sharedSecret, NULL, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
XFREE(keys, NULL, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
@@ -7856,7 +7854,7 @@ int wc_X963_KDF(enum wc_HashType type, const byte* secret, word32 secretSz,
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
hash = (wc_HashAlg*)XMALLOC(sizeof(wc_HashAlg), NULL,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DYNAMIC_TYPE_HASHES);
|
||||
if (hash == NULL)
|
||||
return MEMORY_E;
|
||||
#endif
|
||||
@@ -7864,7 +7862,7 @@ int wc_X963_KDF(enum wc_HashType type, const byte* secret, word32 secretSz,
|
||||
ret = wc_HashInit(hash, type);
|
||||
if (ret != 0) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(hash, NULL, DYNAMIC_TYPE_HASHES);
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
@@ -7879,7 +7877,7 @@ int wc_X963_KDF(enum wc_HashType type, const byte* secret, word32 secretSz,
|
||||
ret = wc_HashUpdate(hash, type, secret, secretSz);
|
||||
if (ret != 0) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(hash, NULL, DYNAMIC_TYPE_HASHES);
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
@@ -7887,7 +7885,7 @@ int wc_X963_KDF(enum wc_HashType type, const byte* secret, word32 secretSz,
|
||||
ret = wc_HashUpdate(hash, type, counter, sizeof(counter));
|
||||
if (ret != 0) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(hash, NULL, DYNAMIC_TYPE_HASHES);
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
@@ -7896,7 +7894,7 @@ int wc_X963_KDF(enum wc_HashType type, const byte* secret, word32 secretSz,
|
||||
ret = wc_HashUpdate(hash, type, sinfo, sinfoSz);
|
||||
if (ret != 0) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(hash, NULL, DYNAMIC_TYPE_HASHES);
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
@@ -7905,7 +7903,7 @@ int wc_X963_KDF(enum wc_HashType type, const byte* secret, word32 secretSz,
|
||||
ret = wc_HashFinal(hash, type, tmp);
|
||||
if (ret != 0) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(hash, NULL, DYNAMIC_TYPE_HASHES);
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
@@ -7918,7 +7916,7 @@ int wc_X963_KDF(enum wc_HashType type, const byte* secret, word32 secretSz,
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(hash, NULL, DYNAMIC_TYPE_HASHES);
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
|
||||
+185
-231
@@ -43,6 +43,8 @@
|
||||
#include <wolfssl/wolfcrypt/pwdbased.h>
|
||||
|
||||
|
||||
#define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; }
|
||||
|
||||
enum {
|
||||
WC_PKCS12_KeyBag = 667,
|
||||
WC_PKCS12_ShroudedKeyBag = 668,
|
||||
@@ -149,24 +151,25 @@ void wc_PKCS12_free(WC_PKCS12* pkcs12)
|
||||
|
||||
heap = pkcs12->heap;
|
||||
if (pkcs12->safe != NULL) {
|
||||
freeSafe(pkcs12->safe, heap);
|
||||
freeSafe(pkcs12->safe, heap);
|
||||
}
|
||||
|
||||
/* free mac data */
|
||||
if (pkcs12->signData != NULL) {
|
||||
if (pkcs12->signData->digest != NULL) {
|
||||
XFREE(pkcs12->signData->digest, heap, DYNAMIC_TYPE_PKCS);
|
||||
XFREE(pkcs12->signData->digest, heap, DYNAMIC_TYPE_DIGEST);
|
||||
pkcs12->signData->digest = NULL;
|
||||
}
|
||||
if (pkcs12->signData->salt != NULL) {
|
||||
XFREE(pkcs12->signData->salt, heap, DYNAMIC_TYPE_PKCS);
|
||||
XFREE(pkcs12->signData->salt, heap, DYNAMIC_TYPE_SALT);
|
||||
pkcs12->signData->salt = NULL;
|
||||
}
|
||||
XFREE(pkcs12->signData, heap, DYNAMIC_TYPE_PKCS);
|
||||
pkcs12->signData = NULL;
|
||||
}
|
||||
|
||||
XFREE(pkcs12, NULL, DYNAMIC_TYPE_PKCS);
|
||||
pkcs12 = NULL;
|
||||
|
||||
(void)heap;
|
||||
}
|
||||
|
||||
|
||||
@@ -254,9 +257,9 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input,
|
||||
word32 curIdx;
|
||||
ContentInfo* ci = NULL;
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_PKCS12
|
||||
printf("\t\tlooking for Content Info.... ");
|
||||
#endif
|
||||
#ifdef WOLFSSL_DEBUG_PKCS12
|
||||
printf("\t\tlooking for Content Info.... ");
|
||||
#endif
|
||||
|
||||
if ((ret = GetSequence(input, &localIdx, &curSz, safe->dataSz))
|
||||
< 0) {
|
||||
@@ -291,19 +294,19 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input,
|
||||
ci->data = (byte*)input + localIdx;
|
||||
localIdx += ci->dataSz;
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_PKCS12
|
||||
#ifdef WOLFSSL_DEBUG_PKCS12
|
||||
switch (oid) {
|
||||
case WC_PKCS12_ENCRYPTED_DATA:
|
||||
printf("CONTENT INFO: ENCRYPTED DATA, size = %d\n", ci->dataSz);
|
||||
break;
|
||||
|
||||
case WC_PKCS12_DATA:
|
||||
case WC_PKCS12_DATA:
|
||||
printf("CONTENT INFO: DATA, size = %d\n", ci->dataSz);
|
||||
break;
|
||||
default:
|
||||
default:
|
||||
printf("CONTENT INFO: UNKNOWN, size = %d\n", ci->dataSz);
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* insert to head of list */
|
||||
ci->next = safe->CI;
|
||||
@@ -315,7 +318,7 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input,
|
||||
pkcs12->safe = safe;
|
||||
*idx += localIdx;
|
||||
|
||||
return 1;
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
@@ -328,7 +331,6 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx,
|
||||
word32 oid = 0;
|
||||
int size, ret;
|
||||
|
||||
|
||||
/* Digest Info : Sequence
|
||||
* DigestAlgorithmIdentifier
|
||||
* Digest
|
||||
@@ -356,9 +358,9 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx,
|
||||
}
|
||||
mac->oid = oid;
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_PKCS12
|
||||
#ifdef WOLFSSL_DEBUG_PKCS12
|
||||
printf("\t\tALGO ID = %d\n", oid);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* Digest: should be octet type holding digest */
|
||||
if (mem[curIdx++] != ASN_OCTET_STRING) {
|
||||
@@ -373,13 +375,13 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx,
|
||||
}
|
||||
mac->digestSz = size;
|
||||
mac->digest = (byte*)XMALLOC(mac->digestSz, pkcs12->heap,
|
||||
DYNAMIC_TYPE_PKCS);
|
||||
DYNAMIC_TYPE_DIGEST);
|
||||
if (mac->digest == NULL || mac->digestSz + curIdx > totalSz) {
|
||||
XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS);
|
||||
return MEMORY_E;
|
||||
ERROR_OUT(MEMORY_E, exit_gsd);
|
||||
}
|
||||
XMEMCPY(mac->digest, mem + curIdx, mac->digestSz);
|
||||
#ifdef WOLFSSL_DEBUG_PKCS12
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_PKCS12
|
||||
{
|
||||
byte* p;
|
||||
for (printf("\t\tDigest = "), p = (byte*)mem+curIdx;
|
||||
@@ -387,32 +389,27 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx,
|
||||
printf("%02X", *p), p++);
|
||||
printf(" : size = %d\n", mac->digestSz);
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
||||
curIdx += mac->digestSz;
|
||||
|
||||
/* get salt, should be octet string */
|
||||
if (mem[curIdx++] != ASN_OCTET_STRING) {
|
||||
WOLFSSL_MSG("Failed to get salt");
|
||||
XFREE(mac->digest, pkcs12->heap, DYNAMIC_TYPE_PKCS);
|
||||
XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS);
|
||||
return ASN_PARSE_E;
|
||||
ERROR_OUT(ASN_PARSE_E, exit_gsd);
|
||||
}
|
||||
|
||||
if ((ret = GetLength(mem, &curIdx, &size, totalSz)) <= 0) {
|
||||
XFREE(mac->digest, pkcs12->heap, DYNAMIC_TYPE_PKCS);
|
||||
XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS);
|
||||
return ret;
|
||||
goto exit_gsd;
|
||||
}
|
||||
mac->saltSz = size;
|
||||
mac->salt = (byte*)XMALLOC(mac->saltSz, pkcs12->heap,
|
||||
DYNAMIC_TYPE_PKCS);
|
||||
mac->salt = (byte*)XMALLOC(mac->saltSz, pkcs12->heap, DYNAMIC_TYPE_SALT);
|
||||
if (mac->salt == NULL || mac->saltSz + curIdx > totalSz) {
|
||||
XFREE(mac->digest, pkcs12->heap, DYNAMIC_TYPE_PKCS);
|
||||
XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS);
|
||||
return MEMORY_E;
|
||||
ERROR_OUT(MEMORY_E, exit_gsd);
|
||||
}
|
||||
XMEMCPY(mac->salt, mem + curIdx, mac->saltSz);
|
||||
#ifdef WOLFSSL_DEBUG_PKCS12
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_PKCS12
|
||||
{
|
||||
byte* p;
|
||||
for (printf("\t\tSalt = "), p = (byte*)mem + curIdx;
|
||||
@@ -420,7 +417,8 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx,
|
||||
printf("%02X", *p), p++);
|
||||
printf(" : size = %d\n", mac->saltSz);
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
||||
curIdx += mac->saltSz;
|
||||
|
||||
/* check for MAC itterations, default to 1 */
|
||||
@@ -439,8 +437,20 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx,
|
||||
|
||||
*idx = curIdx;
|
||||
pkcs12->signData = mac;
|
||||
ret = 0; /* success */
|
||||
|
||||
return 0;
|
||||
exit_gsd:
|
||||
|
||||
/* failure cleanup */
|
||||
if (ret != 0) {
|
||||
if (mac) {
|
||||
if (mac->digest)
|
||||
XFREE(mac->digest, pkcs12->heap, DYNAMIC_TYPE_DIGEST);
|
||||
XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS);
|
||||
}
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
@@ -472,7 +482,7 @@ static int wc_PKCS12_verify(WC_PKCS12* pkcs12, byte* data, word32 dataSz,
|
||||
}
|
||||
|
||||
/* unicode set up from asn.c */
|
||||
if ( (pswSz * 2 + 2) > (int)sizeof(unicodePasswd)) {
|
||||
if ((pswSz * 2 + 2) > (int)sizeof(unicodePasswd)) {
|
||||
WOLFSSL_MSG("PKCS12 max unicode size too small");
|
||||
return UNICODE_SIZE_E;
|
||||
}
|
||||
@@ -487,34 +497,30 @@ static int wc_PKCS12_verify(WC_PKCS12* pkcs12, byte* data, word32 dataSz,
|
||||
|
||||
/* get hash type used and resulting size of HMAC key */
|
||||
switch (mac->oid) {
|
||||
#ifndef NO_SHA
|
||||
#ifndef NO_SHA
|
||||
case SHAh: /* 88 */
|
||||
typeH = SHA;
|
||||
kLen = SHA_DIGEST_SIZE;
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifndef NO_SHA256
|
||||
#endif
|
||||
#ifndef NO_SHA256
|
||||
case SHA256h: /* 414 */
|
||||
typeH = SHA256;
|
||||
kLen = SHA256_DIGEST_SIZE;
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_SHA384
|
||||
#endif
|
||||
#ifdef WOLFSSL_SHA384
|
||||
case SHA384h: /* 415 */
|
||||
typeH = SHA384;
|
||||
kLen = SHA384_DIGEST_SIZE;
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_SHA512
|
||||
#endif
|
||||
#ifdef WOLFSSL_SHA512
|
||||
case SHA512h: /* 416 */
|
||||
typeH = SHA512;
|
||||
kLen = SHA512_DIGEST_SIZE;
|
||||
break;
|
||||
#endif
|
||||
|
||||
#endif
|
||||
default: /* May be SHA224 or was just not built in */
|
||||
WOLFSSL_MSG("Unsupported hash used");
|
||||
return BAD_FUNC_ARG;
|
||||
@@ -527,7 +533,7 @@ static int wc_PKCS12_verify(WC_PKCS12* pkcs12, byte* data, word32 dataSz,
|
||||
}
|
||||
|
||||
/* now that key has been created use it to get HMAC hash on data */
|
||||
if ((ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID)) != 0) {
|
||||
if ((ret = wc_HmacInit(&hmac, pkcs12->heap, INVALID_DEVID)) != 0) {
|
||||
return ret;
|
||||
}
|
||||
ret = wc_HmacSetKey(&hmac, typeH, key, kLen);
|
||||
@@ -560,6 +566,7 @@ static int wc_PKCS12_verify(WC_PKCS12* pkcs12, byte* data, word32 dataSz,
|
||||
* der : pointer to der buffer holding PKCS12
|
||||
* derSz : size of der buffer
|
||||
* pkcs12 : non-null pkcs12 pointer
|
||||
* return 0 on success and negative on failure.
|
||||
*/
|
||||
int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12)
|
||||
{
|
||||
@@ -586,10 +593,10 @@ int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12)
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_PKCS12
|
||||
#ifdef WOLFSSL_DEBUG_PKCS12
|
||||
printf("\nBEGIN: PKCS12 size = %d\n", totalSz);
|
||||
printf("version = %d\n", version);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
if (version != 3) {
|
||||
WOLFSSL_MSG("PKCS12 unsupported version!");
|
||||
@@ -600,9 +607,9 @@ int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12)
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_PKCS12
|
||||
#ifdef WOLFSSL_DEBUG_PKCS12
|
||||
printf("\tSEQUENCE: AuthenticatedSafe size = %d\n", size);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
if ((ret = GetSafeContent(pkcs12, der, &idx, size + idx)) < 0) {
|
||||
WOLFSSL_MSG("GetSafeContent error");
|
||||
@@ -615,9 +622,9 @@ int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12)
|
||||
WOLFSSL_MSG("Ignoring unknown data at end of PKCS12 DER buffer");
|
||||
}
|
||||
else {
|
||||
#ifdef WOLFSSL_DEBUG_PKCS12
|
||||
#ifdef WOLFSSL_DEBUG_PKCS12
|
||||
printf("\tSEQUENCE: Signature size = %d\n", size);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
if ((ret = GetSignData(pkcs12, der, &idx, totalSz)) < 0) {
|
||||
return ASN_PARSE_E;
|
||||
@@ -625,25 +632,26 @@ int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12)
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_PKCS12
|
||||
#ifdef WOLFSSL_DEBUG_PKCS12
|
||||
printf("END: PKCS12\n");
|
||||
#endif
|
||||
#endif
|
||||
|
||||
return 1;
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
/* helper function to free WC_DerCertList */
|
||||
static void freeCertList(WC_DerCertList* list, void* heap) {
|
||||
WC_DerCertList* current;
|
||||
static void freeCertList(WC_DerCertList* list, void* heap)
|
||||
{
|
||||
WC_DerCertList* current = list;
|
||||
WC_DerCertList* next;
|
||||
|
||||
if (list == NULL) {
|
||||
return;
|
||||
}
|
||||
|
||||
current = list;
|
||||
while(current != NULL) {
|
||||
WC_DerCertList* next = current->next;
|
||||
while (current != NULL) {
|
||||
next = current->next;
|
||||
if (current->buffer != NULL) {
|
||||
XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS);
|
||||
}
|
||||
@@ -654,20 +662,42 @@ static void freeCertList(WC_DerCertList* list, void* heap) {
|
||||
(void)heap;
|
||||
}
|
||||
|
||||
|
||||
static void freeBuffers(byte* a, byte* b, void* heap)
|
||||
static void freeDecCertList(WC_DerCertList** list, byte** pkey, word32* pkeySz,
|
||||
byte** cert, word32* certSz, void* heap)
|
||||
{
|
||||
if (a != NULL) {
|
||||
XFREE(a, heap, DYNAMIC_TYPE_PKCS);
|
||||
WC_DerCertList* current = *list;
|
||||
WC_DerCertList* previous = NULL;
|
||||
DecodedCert DeCert;
|
||||
|
||||
while (current != NULL) {
|
||||
|
||||
InitDecodedCert(&DeCert, current->buffer, current->bufferSz, heap);
|
||||
if (ParseCertRelative(&DeCert, CERT_TYPE, NO_VERIFY, NULL) == 0) {
|
||||
if (wc_CheckPrivateKey(*pkey, *pkeySz, &DeCert) == 1) {
|
||||
WOLFSSL_MSG("Key Pair found");
|
||||
*cert = current->buffer;
|
||||
*certSz = current->bufferSz;
|
||||
|
||||
if (previous == NULL) {
|
||||
*list = current->next;
|
||||
}
|
||||
else {
|
||||
previous->next = current->next;
|
||||
}
|
||||
FreeDecodedCert(&DeCert);
|
||||
XFREE(current, heap, DYNAMIC_TYPE_PKCS);
|
||||
break;
|
||||
}
|
||||
}
|
||||
FreeDecodedCert(&DeCert);
|
||||
|
||||
previous = current;
|
||||
current = current->next;
|
||||
}
|
||||
if (b != NULL) {
|
||||
XFREE(b, heap, DYNAMIC_TYPE_PKCS);
|
||||
}
|
||||
(void)heap;
|
||||
}
|
||||
|
||||
|
||||
/* return 1 on success and 0 on failure.
|
||||
/* return 0 on success and negative on failure.
|
||||
* By side effect returns private key, cert, and optionally ca.
|
||||
* Parses and decodes the parts of PKCS12
|
||||
*
|
||||
@@ -693,15 +723,15 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
|
||||
WOLFSSL_ENTER("wc_PKCS12_parse");
|
||||
|
||||
if (pkcs12 == NULL || psw == NULL || cert == NULL || certSz == NULL ||
|
||||
pkey == NULL || pkeySz == NULL) {
|
||||
pkey == NULL || pkeySz == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
pswSz = (int)XSTRLEN(psw);
|
||||
*cert = NULL;
|
||||
*pkey = NULL;
|
||||
if (ca != NULL) {
|
||||
if (ca != NULL)
|
||||
*ca = NULL;
|
||||
}
|
||||
|
||||
/* if there is sign data then verify the MAC */
|
||||
if (pkcs12->signData != NULL ) {
|
||||
@@ -731,26 +761,18 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
|
||||
WOLFSSL_MSG("Decrypting PKCS12 Content Info Container");
|
||||
data = ci->data;
|
||||
if (data[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ASN_PARSE_E;
|
||||
ERROR_OUT(ASN_PARSE_E, exit_pk12par);
|
||||
}
|
||||
if ((ret = GetLength(data, &idx, &size, ci->dataSz)) < 0) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ret;
|
||||
goto exit_pk12par;
|
||||
}
|
||||
|
||||
if ((ret = GetSequence(data, &idx, &size, ci->dataSz)) < 0) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ret;
|
||||
goto exit_pk12par;
|
||||
}
|
||||
|
||||
if ((ret = GetShortInt(data, &idx, &number, ci->dataSz)) < 0) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ret;
|
||||
goto exit_pk12par;
|
||||
}
|
||||
|
||||
if (number != 0) {
|
||||
@@ -758,39 +780,32 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
|
||||
}
|
||||
|
||||
if ((ret = GetSequence(data, &idx, &size, ci->dataSz)) < 0) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ret;
|
||||
goto exit_pk12par;
|
||||
}
|
||||
|
||||
ret = GetObjectId(data, &idx, &oid, oidIgnoreType, ci->dataSz);
|
||||
if (ret < 0 || oid != WC_PKCS12_DATA) {
|
||||
WOLFSSL_MSG("Not PKCS12 DATA object or get object parse error");
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ASN_PARSE_E;
|
||||
ERROR_OUT(ASN_PARSE_E, exit_pk12par);
|
||||
}
|
||||
|
||||
/* decrypted content overwrites input buffer */
|
||||
size = ci->dataSz - idx;
|
||||
buf = (byte*)XMALLOC(size, pkcs12->heap, DYNAMIC_TYPE_PKCS);
|
||||
if (buf == NULL) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return MEMORY_E;
|
||||
ERROR_OUT(MEMORY_E, exit_pk12par);
|
||||
}
|
||||
XMEMCPY(buf, data + idx, size);
|
||||
|
||||
if ((ret = DecryptContent(buf, size, psw, pswSz)) < 0) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
WOLFSSL_MSG("Decryption failed, algorithm not compiled in?");
|
||||
return ret;
|
||||
goto exit_pk12par;
|
||||
}
|
||||
|
||||
data = buf;
|
||||
idx = 0;
|
||||
#ifdef WOLFSSL_DEBUG_PKCS12
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_PKCS12
|
||||
{
|
||||
byte* p;
|
||||
for (printf("\tData = "), p = (byte*)buf;
|
||||
@@ -798,56 +813,42 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
|
||||
printf("%02X", *p), p++);
|
||||
printf("\n");
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
else { /* type DATA */
|
||||
WOLFSSL_MSG("Parsing PKCS12 DATA Content Info Container");
|
||||
data = ci->data;
|
||||
if (data[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ASN_PARSE_E;
|
||||
ERROR_OUT(ASN_PARSE_E, exit_pk12par);
|
||||
}
|
||||
if ((ret = GetLength(data, &idx, &size, ci->dataSz)) <= 0) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ret;
|
||||
goto exit_pk12par;
|
||||
}
|
||||
if (data[idx++] != ASN_OCTET_STRING) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ASN_PARSE_E;
|
||||
ERROR_OUT(ASN_PARSE_E, exit_pk12par);
|
||||
}
|
||||
if ((ret = GetLength(data, &idx, &size, ci->dataSz)) < 0) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ret;
|
||||
goto exit_pk12par;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/* parse through bags in ContentInfo */
|
||||
if ((ret = GetSequence(data, &idx, &totalSz, ci->dataSz)) < 0) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ret;
|
||||
goto exit_pk12par;
|
||||
}
|
||||
totalSz += idx;
|
||||
|
||||
while ((int)idx < totalSz) {
|
||||
int bagSz;
|
||||
if ((ret = GetSequence(data, &idx, &bagSz, ci->dataSz)) < 0) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ret;
|
||||
goto exit_pk12par;
|
||||
}
|
||||
bagSz += idx;
|
||||
|
||||
if ((ret = GetObjectId(data, &idx, &oid, oidIgnoreType,
|
||||
ci->dataSz)) < 0) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ret;
|
||||
goto exit_pk12par;
|
||||
}
|
||||
|
||||
switch (oid) {
|
||||
@@ -855,35 +856,30 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
|
||||
WOLFSSL_MSG("PKCS12 Key Bag found");
|
||||
if (data[idx++] !=
|
||||
(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ASN_PARSE_E;
|
||||
ERROR_OUT(ASN_PARSE_E, exit_pk12par);
|
||||
}
|
||||
if ((ret = GetLength(data, &idx, &size, ci->dataSz)) <= 0) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ASN_PARSE_E;
|
||||
goto exit_pk12par;
|
||||
}
|
||||
if (*pkey == NULL) {
|
||||
*pkey = (byte*)XMALLOC(size, pkcs12->heap,
|
||||
DYNAMIC_TYPE_PKCS);
|
||||
DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
if (*pkey == NULL) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return MEMORY_E;
|
||||
ERROR_OUT(MEMORY_E, exit_pk12par);
|
||||
}
|
||||
XMEMCPY(*pkey, data + idx, size);
|
||||
*pkeySz = ToTraditional(*pkey, size);
|
||||
}
|
||||
#ifdef WOLFSSL_DEBUG_PKCS12
|
||||
{
|
||||
byte* p;
|
||||
for (printf("\tKey = "), p = (byte*)*pkey;
|
||||
p < (byte*)*pkey + size;
|
||||
printf("%02X", *p), p++);
|
||||
printf("\n");
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_PKCS12
|
||||
{
|
||||
byte* p;
|
||||
for (printf("\tKey = "), p = (byte*)*pkey;
|
||||
p < (byte*)*pkey + size;
|
||||
printf("%02X", *p), p++);
|
||||
printf("\n");
|
||||
}
|
||||
#endif
|
||||
idx += size;
|
||||
break;
|
||||
|
||||
@@ -893,42 +889,32 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
|
||||
WOLFSSL_MSG("PKCS12 Shrouded Key Bag found");
|
||||
if (data[idx++] !=
|
||||
(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ASN_PARSE_E;
|
||||
ERROR_OUT(ASN_PARSE_E, exit_pk12par);
|
||||
}
|
||||
if ((ret = GetLength(data, &idx, &size,
|
||||
ci->dataSz)) < 0) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ASN_PARSE_E;
|
||||
goto exit_pk12par;
|
||||
}
|
||||
|
||||
k = (byte*)XMALLOC(size, pkcs12->heap,
|
||||
DYNAMIC_TYPE_PKCS);
|
||||
DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
if (k == NULL) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return MEMORY_E;
|
||||
ERROR_OUT(MEMORY_E, exit_pk12par);
|
||||
}
|
||||
XMEMCPY(k, data + idx, size);
|
||||
|
||||
/* overwrites input, be warned */
|
||||
if ((ret = ToTraditionalEnc(k, size, psw, pswSz)) < 0) {
|
||||
freeBuffers(k, NULL, pkcs12->heap);
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ret;
|
||||
XFREE(k, pkcs12->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
goto exit_pk12par;
|
||||
}
|
||||
|
||||
if (ret < size) {
|
||||
/* shrink key buffer */
|
||||
k = (byte*)XREALLOC(k, ret, pkcs12->heap,
|
||||
DYNAMIC_TYPE_PKCS);
|
||||
DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
if (k == NULL) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return MEMORY_E;
|
||||
ERROR_OUT(MEMORY_E, exit_pk12par);
|
||||
}
|
||||
}
|
||||
size = ret;
|
||||
@@ -938,11 +924,11 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
|
||||
*pkeySz = size;
|
||||
}
|
||||
else { /* only expecting one key */
|
||||
freeBuffers(k, NULL, pkcs12->heap);
|
||||
XFREE(k, pkcs12->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
}
|
||||
idx += size;
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_PKCS12
|
||||
#ifdef WOLFSSL_DEBUG_PKCS12
|
||||
{
|
||||
byte* p;
|
||||
for (printf("\tKey = "), p = (byte*)k;
|
||||
@@ -950,7 +936,7 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
|
||||
printf("%02X", *p), p++);
|
||||
printf("\n");
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
break;
|
||||
|
||||
@@ -960,28 +946,20 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
|
||||
WOLFSSL_MSG("PKCS12 Cert Bag found");
|
||||
if (data[idx++] !=
|
||||
(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ASN_PARSE_E;
|
||||
ERROR_OUT(ASN_PARSE_E, exit_pk12par);
|
||||
}
|
||||
if ((ret = GetLength(data, &idx, &size, ci->dataSz)) < 0) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ret;
|
||||
goto exit_pk12par;
|
||||
}
|
||||
|
||||
/* get cert bag type */
|
||||
if ((ret = GetSequence(data, &idx, &size, ci->dataSz)) <0) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ret;
|
||||
goto exit_pk12par;
|
||||
}
|
||||
|
||||
if ((ret = GetObjectId(data, &idx, &oid, oidIgnoreType,
|
||||
ci->dataSz)) < 0) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ret;
|
||||
goto exit_pk12par;
|
||||
}
|
||||
|
||||
switch (oid) {
|
||||
@@ -990,26 +968,19 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
|
||||
WOLFSSL_MSG("PKCS12 cert bag type 1");
|
||||
if (data[idx++] !=
|
||||
(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ASN_PARSE_E;
|
||||
ERROR_OUT(ASN_PARSE_E, exit_pk12par);
|
||||
}
|
||||
if ((ret = GetLength(data, &idx, &size, ci->dataSz))
|
||||
<= 0) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ret;
|
||||
goto exit_pk12par;
|
||||
}
|
||||
if (data[idx++] != ASN_OCTET_STRING) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ASN_PARSE_E;
|
||||
ERROR_OUT(ASN_PARSE_E, exit_pk12par);
|
||||
|
||||
}
|
||||
if ((ret = GetLength(data, &idx, &size, ci->dataSz))
|
||||
< 0) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ret;
|
||||
goto exit_pk12par;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
@@ -1017,18 +988,14 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
|
||||
}
|
||||
|
||||
if (size + idx > (word32)bagSz) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return ASN_PARSE_E;
|
||||
ERROR_OUT(ASN_PARSE_E, exit_pk12par);
|
||||
}
|
||||
|
||||
/* list to hold all certs found */
|
||||
node = (WC_DerCertList*)XMALLOC(sizeof(WC_DerCertList),
|
||||
pkcs12->heap, DYNAMIC_TYPE_PKCS);
|
||||
if (node == NULL) {
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return MEMORY_E;
|
||||
ERROR_OUT(MEMORY_E, exit_pk12par);
|
||||
}
|
||||
XMEMSET(node, 0, sizeof(WC_DerCertList));
|
||||
|
||||
@@ -1036,9 +1003,7 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
|
||||
DYNAMIC_TYPE_PKCS);
|
||||
if (node->buffer == NULL) {
|
||||
XFREE(node, pkcs12->heap, DYNAMIC_TYPE_PKCS);
|
||||
freeBuffers(*pkey, buf, pkcs12->heap);
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
return MEMORY_E;
|
||||
ERROR_OUT(MEMORY_E, exit_pk12par);
|
||||
}
|
||||
XMEMCPY(node->buffer, data + idx, size);
|
||||
node->bufferSz = size;
|
||||
@@ -1085,47 +1050,17 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
|
||||
XFREE(buf, pkcs12->heap, DYNAMIC_TYPE_PKCS);
|
||||
buf = NULL;
|
||||
}
|
||||
|
||||
ci = ci->next;
|
||||
WOLFSSL_MSG("Done Parsing PKCS12 Content Info Container");
|
||||
}
|
||||
|
||||
/* check if key pair, remove from list */
|
||||
{
|
||||
WC_DerCertList* current = certList;
|
||||
WC_DerCertList* previous = NULL;
|
||||
|
||||
if (*pkey != NULL) {
|
||||
|
||||
while (current != NULL) {
|
||||
DecodedCert DeCert;
|
||||
InitDecodedCert(&DeCert, current->buffer, current->bufferSz,
|
||||
pkcs12->heap);
|
||||
if (ParseCertRelative(&DeCert, CERT_TYPE, NO_VERIFY, NULL) == 0) {
|
||||
if (wc_CheckPrivateKey(*pkey, *pkeySz, &DeCert) == 1) {
|
||||
WOLFSSL_MSG("Key Pair found");
|
||||
*cert = current->buffer;
|
||||
*certSz = current->bufferSz;
|
||||
|
||||
if (previous == NULL) {
|
||||
certList = current->next;
|
||||
}
|
||||
else {
|
||||
previous->next = current->next;
|
||||
}
|
||||
FreeDecodedCert(&DeCert);
|
||||
XFREE(current, pkcs12->heap, DYNAMIC_TYPE_PKCS);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
FreeDecodedCert(&DeCert);
|
||||
previous = current;
|
||||
current = current->next;
|
||||
}
|
||||
|
||||
}
|
||||
if (*pkey != NULL) {
|
||||
freeDecCertList(&certList, pkey, pkeySz, cert, certSz, pkcs12->heap);
|
||||
}
|
||||
|
||||
/* if ca arg provided return certList, otherwise free it */
|
||||
if (ca != NULL) {
|
||||
*ca = certList;
|
||||
}
|
||||
@@ -1134,7 +1069,25 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
}
|
||||
|
||||
return 1;
|
||||
ret = 0; /* success */
|
||||
|
||||
exit_pk12par:
|
||||
|
||||
if (ret != 0) {
|
||||
/* failure cleanup */
|
||||
if (*pkey) {
|
||||
XFREE(*pkey, pkcs12->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
*pkey = NULL;
|
||||
}
|
||||
if (buf) {
|
||||
XFREE(buf, pkcs12->heap, DYNAMIC_TYPE_PKCS);
|
||||
buf = NULL;
|
||||
}
|
||||
|
||||
freeCertList(certList, pkcs12->heap);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
@@ -1160,5 +1113,6 @@ void* wc_PKCS12_GetHeap(WC_PKCS12* pkcs12)
|
||||
return pkcs12->heap;
|
||||
}
|
||||
|
||||
#endif /* !defined(NO_ASN) && !defined(NO_PWDBASED) */
|
||||
#undef ERROR_OUT
|
||||
|
||||
#endif /* !NO_ASN && !NO_PWDBASED */
|
||||
|
||||
+22
-22
@@ -1033,7 +1033,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
|
||||
}
|
||||
|
||||
flatSignedAttribs = (byte*)XMALLOC(esd->signedAttribsSz, pkcs7->heap,
|
||||
DYNAMIC_TYPE_PKCS);
|
||||
DYNAMIC_TYPE_PKCS7);
|
||||
flatSignedAttribsSz = esd->signedAttribsSz;
|
||||
if (flatSignedAttribs == NULL) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
@@ -1053,7 +1053,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
|
||||
flatSignedAttribsSz, esd);
|
||||
if (ret < 0) {
|
||||
if (pkcs7->signedAttribsSz != 0)
|
||||
XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
|
||||
XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
@@ -1095,7 +1095,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
|
||||
|
||||
if (outputSz < totalSz) {
|
||||
if (pkcs7->signedAttribsSz != 0)
|
||||
XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
|
||||
XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
@@ -1154,7 +1154,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
|
||||
idx += esd->signedAttribSetSz;
|
||||
XMEMCPY(output + idx, flatSignedAttribs, flatSignedAttribsSz);
|
||||
idx += flatSignedAttribsSz;
|
||||
XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
|
||||
XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
}
|
||||
|
||||
XMEMCPY(output + idx, esd->digEncAlgoId, esd->digEncAlgoIdSz);
|
||||
@@ -4168,7 +4168,7 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
|
||||
|
||||
attribs = (EncodedAttrib*)XMALLOC(
|
||||
sizeof(EncodedAttrib) * pkcs7->unprotectedAttribsSz,
|
||||
pkcs7->heap, DYNAMIC_TYPE_PKCS);
|
||||
pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
if (attribs == NULL) {
|
||||
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
@@ -4180,9 +4180,9 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
|
||||
pkcs7->unprotectedAttribs,
|
||||
pkcs7->unprotectedAttribsSz);
|
||||
|
||||
flatAttribs = (byte*)XMALLOC(attribsSz, pkcs7->heap, DYNAMIC_TYPE_PKCS);
|
||||
flatAttribs = (byte*)XMALLOC(attribsSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
if (flatAttribs == NULL) {
|
||||
XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
|
||||
XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
return MEMORY_E;
|
||||
@@ -4217,8 +4217,8 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
|
||||
if (totalSz > (int)outputSz) {
|
||||
WOLFSSL_MSG("PKCS#7 output buffer too small");
|
||||
if (pkcs7->unprotectedAttribsSz != 0) {
|
||||
XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
|
||||
XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
|
||||
XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
}
|
||||
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
@@ -4255,8 +4255,8 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
|
||||
idx += attribsSetSz;
|
||||
XMEMCPY(output + idx, flatAttribs, attribsSz);
|
||||
idx += attribsSz;
|
||||
XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
|
||||
XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
|
||||
XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
}
|
||||
|
||||
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
@@ -4298,7 +4298,7 @@ static int wc_PKCS7_DecodeUnprotectedAttributes(PKCS7* pkcs7, byte* pkiMsg,
|
||||
savedIdx = idx;
|
||||
|
||||
attrib = (PKCS7DecodedAttrib*)XMALLOC(sizeof(PKCS7DecodedAttrib),
|
||||
pkcs7->heap, DYNAMIC_TYPE_PKCS);
|
||||
pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
if (attrib == NULL) {
|
||||
return MEMORY_E;
|
||||
}
|
||||
@@ -4306,38 +4306,38 @@ static int wc_PKCS7_DecodeUnprotectedAttributes(PKCS7* pkcs7, byte* pkiMsg,
|
||||
|
||||
/* save attribute OID bytes and size */
|
||||
if (GetObjectId(pkiMsg, &idx, &oid, oidIgnoreType, pkiMsgSz) < 0) {
|
||||
XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS);
|
||||
XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
|
||||
attrib->oidSz = idx - savedIdx;
|
||||
attrib->oid = (byte*)XMALLOC(attrib->oidSz, pkcs7->heap,
|
||||
DYNAMIC_TYPE_PKCS);
|
||||
DYNAMIC_TYPE_PKCS7);
|
||||
if (attrib->oid == NULL) {
|
||||
XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS);
|
||||
XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
return MEMORY_E;
|
||||
}
|
||||
XMEMCPY(attrib->oid, pkiMsg + savedIdx, attrib->oidSz);
|
||||
|
||||
/* save attribute value bytes and size */
|
||||
if (GetSet(pkiMsg, &idx, &length, pkiMsgSz) < 0) {
|
||||
XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS);
|
||||
XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS);
|
||||
XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
|
||||
if ((pkiMsgSz - idx) < (word32)length) {
|
||||
XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS);
|
||||
XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS);
|
||||
XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
|
||||
attrib->valueSz = (word32)length;
|
||||
attrib->value = (byte*)XMALLOC(attrib->valueSz, pkcs7->heap,
|
||||
DYNAMIC_TYPE_PKCS);
|
||||
DYNAMIC_TYPE_PKCS7);
|
||||
if (attrib->value == NULL) {
|
||||
XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS);
|
||||
XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS);
|
||||
XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
return MEMORY_E;
|
||||
}
|
||||
XMEMCPY(attrib->value, pkiMsg + idx, attrib->valueSz);
|
||||
|
||||
+10
-4
@@ -530,14 +530,13 @@ int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId)
|
||||
#endif
|
||||
|
||||
/* configure async RNG source if available */
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
ret = wolfAsync_DevCtxInit(&rng->asyncDev, WOLFSSL_ASYNC_MARKER_RNG,
|
||||
rng->heap, rng->devId);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef HAVE_INTEL_RDRAND
|
||||
/* if CPU supports RDRAND, use it directly and by-pass DRBG init */
|
||||
if (IS_INTEL_RDRAND)
|
||||
@@ -610,9 +609,16 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
|
||||
return wc_GenerateRand_IntelRD(NULL, output, sz);
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT)
|
||||
if (rng->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RNG) {
|
||||
/* these are blocking */
|
||||
#ifdef HAVE_CAVIUM
|
||||
return NitroxRngGenerateBlock(rng, output, sz);
|
||||
#elif defined(HAVE_INTEL_QA)
|
||||
return IntelQaDrbg(&rng->asyncDev, output, sz);
|
||||
#else
|
||||
/* simulator not supported */
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -685,7 +691,7 @@ int wc_FreeRng(WC_RNG* rng)
|
||||
if (rng == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT)
|
||||
wolfAsync_DevCtxFree(&rng->asyncDev, WOLFSSL_ASYNC_MARKER_RNG);
|
||||
#endif
|
||||
|
||||
|
||||
+33
-33
@@ -304,7 +304,7 @@ static int RsaMGF1(enum wc_HashType hType, byte* seed, word32 seedSz,
|
||||
/* find largest amount of memory needed which will be the max of
|
||||
* hLen and (seedSz + 4) since tmp is used to store the hash digest */
|
||||
tmpSz = ((seedSz + 4) > (word32)hLen)? seedSz + 4: (word32)hLen;
|
||||
tmp = (byte*)XMALLOC(tmpSz, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
tmp = (byte*)XMALLOC(tmpSz, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
if (tmp == NULL) {
|
||||
return MEMORY_E;
|
||||
}
|
||||
@@ -331,7 +331,7 @@ static int RsaMGF1(enum wc_HashType hType, byte* seed, word32 seedSz,
|
||||
if ((ret = wc_Hash(hType, tmp, (seedSz + 4), tmp, tmpSz)) != 0) {
|
||||
/* check for if dynamic memory was needed, then free */
|
||||
if (tmpF) {
|
||||
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
@@ -344,7 +344,7 @@ static int RsaMGF1(enum wc_HashType hType, byte* seed, word32 seedSz,
|
||||
|
||||
/* check for if dynamic memory was needed, then free */
|
||||
if (tmpF) {
|
||||
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
}
|
||||
|
||||
return 0;
|
||||
@@ -437,13 +437,13 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
lHash = (byte*)XMALLOC(hLen, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
lHash = (byte*)XMALLOC(hLen, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
if (lHash == NULL) {
|
||||
return MEMORY_E;
|
||||
}
|
||||
seed = (byte*)XMALLOC(hLen, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
seed = (byte*)XMALLOC(hLen, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
if (seed == NULL) {
|
||||
XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
return MEMORY_E;
|
||||
}
|
||||
#else
|
||||
@@ -458,8 +458,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
if ((ret = wc_Hash(hType, optLabel, labelLen, lHash, hLen)) != 0) {
|
||||
WOLFSSL_MSG("OAEP hash type possibly not supported or lHash to small");
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
@@ -475,8 +475,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
if ((word32)(2 * hLen + 2) > pkcsBlockLen) {
|
||||
WOLFSSL_MSG("OAEP pad error hash to big for RSA key size");
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
#endif
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
@@ -484,8 +484,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
if (inputLen > (pkcsBlockLen - 2 * hLen - 2)) {
|
||||
WOLFSSL_MSG("OAEP pad error message too long");
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
#endif
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
@@ -495,8 +495,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
psLen = pkcsBlockLen - inputLen - 2 * hLen - 2;
|
||||
if (pkcsBlockLen < inputLen) { /*make sure not writing over end of buffer */
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
#endif
|
||||
return BUFFER_E;
|
||||
}
|
||||
@@ -513,8 +513,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
/* generate random seed */
|
||||
if ((ret = wc_RNG_GenerateBlock(rng, seed, hLen)) != 0) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
@@ -523,8 +523,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
dbMask = (byte*)XMALLOC(pkcsBlockLen - hLen - 1, heap, DYNAMIC_TYPE_RSA);
|
||||
if (dbMask == NULL) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
#endif
|
||||
return MEMORY_E;
|
||||
}
|
||||
@@ -534,8 +534,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
if (ret != 0) {
|
||||
XFREE(dbMask, heap, DYNAMIC_TYPE_RSA);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
@@ -556,8 +556,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
if ((ret = RsaMGF(mgf, pkcsBlock + hLen + 1, pkcsBlockLen - hLen - 1,
|
||||
pkcsBlock + 1, hLen, heap)) != 0) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
@@ -570,8 +570,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
#endif
|
||||
(void)padValue;
|
||||
|
||||
@@ -750,7 +750,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
tmp = (byte*)XMALLOC(pkcsBlockLen, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
tmp = (byte*)XMALLOC(pkcsBlockLen, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
if (tmp == NULL) {
|
||||
return MEMORY_E;
|
||||
}
|
||||
@@ -759,7 +759,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
|
||||
/* find seedMask value */
|
||||
if ((ret = RsaMGF(mgf, (byte*)(pkcsBlock + (hLen + 1)),
|
||||
pkcsBlockLen - hLen - 1, tmp, hLen, heap)) != 0) {
|
||||
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -771,7 +771,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
|
||||
/* get dbMask value */
|
||||
if ((ret = RsaMGF(mgf, tmp, hLen, tmp + hLen,
|
||||
pkcsBlockLen - hLen - 1, heap)) != 0) {
|
||||
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(tmp, NULL, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -781,7 +781,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
|
||||
}
|
||||
|
||||
/* done with use of tmp buffer */
|
||||
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
|
||||
/* advance idx to index of PS and msg separator, account for PS size of 0*/
|
||||
idx = hLen + 1 + hLen;
|
||||
@@ -829,32 +829,32 @@ static int RsaUnPad_PSS(byte *pkcsBlock, unsigned int pkcsBlockLen,
|
||||
if (pkcsBlock[pkcsBlockLen - 1] != 0xbc)
|
||||
return BAD_PADDING_E;
|
||||
|
||||
tmp = (byte*)XMALLOC(pkcsBlockLen, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
tmp = (byte*)XMALLOC(pkcsBlockLen, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
if (tmp == NULL) {
|
||||
return MEMORY_E;
|
||||
}
|
||||
|
||||
if ((ret = RsaMGF(mgf, pkcsBlock + pkcsBlockLen - 1 - hLen, hLen,
|
||||
tmp, pkcsBlockLen - 1 - hLen, heap)) != 0) {
|
||||
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
return ret;
|
||||
}
|
||||
|
||||
tmp[0] &= (1 << ((bits - 1) & 0x7)) - 1;
|
||||
for (i = 0; i < (int)(pkcsBlockLen - 1 - hLen - hLen - 1); i++) {
|
||||
if (tmp[i] != pkcsBlock[i]) {
|
||||
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
return BAD_PADDING_E;
|
||||
}
|
||||
}
|
||||
if (tmp[i] != (pkcsBlock[i] ^ 0x01)) {
|
||||
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
return BAD_PADDING_E;
|
||||
}
|
||||
for (i++; i < (int)(pkcsBlockLen - 1 - hLen); i++)
|
||||
pkcsBlock[i] ^= tmp[i];
|
||||
|
||||
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
|
||||
i = pkcsBlockLen - (RSA_PSS_PAD_SZ + 3 * hLen + 1);
|
||||
XMEMSET(pkcsBlock + i, 0, RSA_PSS_PAD_SZ);
|
||||
|
||||
@@ -9186,6 +9186,7 @@ int scrypt_test(void)
|
||||
0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
|
||||
0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
|
||||
};
|
||||
#if !defined(BENCH_EMBEDDED) && !defined(HAVE_INTEL_QA)
|
||||
const byte verify3[] = {
|
||||
0x70, 0x23, 0xbd, 0xcb, 0x3a, 0xfd, 0x73, 0x48,
|
||||
0x46, 0x1c, 0x06, 0xcd, 0x81, 0xfd, 0x38, 0xeb,
|
||||
@@ -9196,6 +9197,7 @@ int scrypt_test(void)
|
||||
0xe6, 0x1e, 0x85, 0xdc, 0x0d, 0x65, 0x1e, 0x40,
|
||||
0xdf, 0xcf, 0x01, 0x7b, 0x45, 0x57, 0x58, 0x87
|
||||
};
|
||||
#endif
|
||||
#ifdef SCRYPT_TEST_ALL
|
||||
/* Test case is very slow.
|
||||
* Use for confirmation after code change or new platform.
|
||||
@@ -9226,7 +9228,7 @@ int scrypt_test(void)
|
||||
return -6003;
|
||||
|
||||
/* Don't run these test on embedded, since they use large mallocs */
|
||||
#ifndef BENCH_EMBEDDED
|
||||
#if !defined(BENCH_EMBEDDED) && !defined(HAVE_INTEL_QA)
|
||||
ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13,
|
||||
(byte*)"SodiumChloride", 14, 14, 8, 1, sizeof(verify3));
|
||||
if (ret != 0)
|
||||
@@ -9242,7 +9244,7 @@ int scrypt_test(void)
|
||||
if (XMEMCMP(derived, verify4, sizeof(verify4)) != 0)
|
||||
return -6007;
|
||||
#endif
|
||||
#endif /* !BENCH_EMBEDDED */
|
||||
#endif /* !BENCH_EMBEDDED && !HAVE_INTEL_QA */
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -37,7 +37,11 @@
|
||||
|
||||
/* Maximum generate block length */
|
||||
#ifndef RNG_MAX_BLOCK_LEN
|
||||
#define RNG_MAX_BLOCK_LEN (0x10000)
|
||||
#ifdef HAVE_INTEL_QA
|
||||
#define RNG_MAX_BLOCK_LEN (0xFFFF)
|
||||
#else
|
||||
#define RNG_MAX_BLOCK_LEN (0x10000)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* Size of the BRBG seed */
|
||||
|
||||
@@ -406,18 +406,35 @@
|
||||
DYNAMIC_TYPE_PKCS = 56,
|
||||
DYNAMIC_TYPE_MUTEX = 57,
|
||||
DYNAMIC_TYPE_PKCS7 = 58,
|
||||
DYNAMIC_TYPE_AES = 59,
|
||||
DYNAMIC_TYPE_AES_BUFFER = 59,
|
||||
DYNAMIC_TYPE_WOLF_BIGINT = 60,
|
||||
DYNAMIC_TYPE_ASN1 = 61,
|
||||
DYNAMIC_TYPE_LOG = 62,
|
||||
DYNAMIC_TYPE_WRITEDUP = 63,
|
||||
DYNAMIC_TYPE_DH_BUFFER = 64,
|
||||
DYNAMIC_TYPE_PRIVATE_KEY = 64,
|
||||
DYNAMIC_TYPE_HMAC = 65,
|
||||
DYNAMIC_TYPE_ASYNC = 66,
|
||||
DYNAMIC_TYPE_ASYNC_NUMA = 67,
|
||||
DYNAMIC_TYPE_ASYNC_NUMA64 = 68,
|
||||
DYNAMIC_TYPE_CURVE25519 = 69,
|
||||
DYNAMIC_TYPE_ED25519 = 70,
|
||||
DYNAMIC_TYPE_SECRET = 71,
|
||||
DYNAMIC_TYPE_DIGEST = 72,
|
||||
DYNAMIC_TYPE_RSA_BUFFER = 73,
|
||||
DYNAMIC_TYPE_DCERT = 74,
|
||||
DYNAMIC_TYPE_STRING = 75,
|
||||
DYNAMIC_TYPE_PEM = 76,
|
||||
DYNAMIC_TYPE_DER = 77,
|
||||
DYNAMIC_TYPE_CERT_EXT = 78,
|
||||
DYNAMIC_TYPE_ALPN = 79,
|
||||
DYNAMIC_TYPE_ENCRYPTEDINFO= 80,
|
||||
DYNAMIC_TYPE_DIRCTX = 81,
|
||||
DYNAMIC_TYPE_HASHCTX = 82,
|
||||
DYNAMIC_TYPE_SEED = 83,
|
||||
DYNAMIC_TYPE_SYMETRIC_KEY = 84,
|
||||
DYNAMIC_TYPE_ECC_BUFFER = 85,
|
||||
DYNAMIC_TYPE_QSH = 86,
|
||||
DYNAMIC_TYPE_SALT = 87,
|
||||
};
|
||||
|
||||
/* max error buffer string size */
|
||||
|
||||
Reference in New Issue
Block a user