Merge pull request #967 from dgarske/fix_qat

Fixes and Improvements for Intel QuickAssist
This commit is contained in:
toddouska
2017-06-20 14:49:56 -07:00
committed by GitHub
16 changed files with 877 additions and 865 deletions
+3 -2
View File
@@ -128,11 +128,12 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
static void FreeCRL_Entry(CRL_Entry* crle, void* heap)
{
RevokedCert* tmp = crle->certs;
RevokedCert* next;
WOLFSSL_ENTER("FreeCRL_Entry");
while(tmp) {
RevokedCert* next = tmp->next;
while (tmp) {
next = tmp->next;
XFREE(tmp, heap, DYNAMIC_TYPE_REVOKED);
tmp = next;
}
+138 -138
View File
@@ -216,14 +216,14 @@ static int QSH_FreeAll(WOLFSSL* ssl)
preKey = key;
if (key->pri.buffer) {
ForceZero(key->pri.buffer, key->pri.length);
XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
}
if (key->pub.buffer)
XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
key = (QSHKey*)key->next;
/* free struct */
XFREE(preKey, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(preKey, ssl->heap, DYNAMIC_TYPE_QSH);
}
key = NULL;
@@ -234,14 +234,14 @@ static int QSH_FreeAll(WOLFSSL* ssl)
preKey = key;
if (key->pri.buffer) {
ForceZero(key->pri.buffer, key->pri.length);
XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
}
if (key->pub.buffer)
XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
key = (QSHKey*)key->next;
/* free struct */
XFREE(preKey, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(preKey, ssl->heap, DYNAMIC_TYPE_QSH);
}
key = NULL;
@@ -253,9 +253,9 @@ static int QSH_FreeAll(WOLFSSL* ssl)
while (list) {
preList = list;
if (list->PK)
XFREE(list->PK, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(list->PK, ssl->heap, DYNAMIC_TYPE_SECRET);
list = (QSHScheme*)list->next;
XFREE(preList, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(preList, ssl->heap, DYNAMIC_TYPE_QSH);
}
/* free secret buffers */
@@ -263,20 +263,20 @@ static int QSH_FreeAll(WOLFSSL* ssl)
if (secret->SerSi->buffer) {
/* clear extra secret material that supplemented Master Secret*/
ForceZero(secret->SerSi->buffer, secret->SerSi->length);
XFREE(secret->SerSi->buffer, ssl->heap,DYNAMIC_TYPE_TMP_BUFFER);
XFREE(secret->SerSi->buffer, ssl->heap, DYNAMIC_TYPE_SECRET);
}
XFREE(secret->SerSi, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(secret->SerSi, ssl->heap, DYNAMIC_TYPE_SECRET);
}
if (secret->CliSi) {
if (secret->CliSi->buffer) {
/* clear extra secret material that supplemented Master Secret*/
ForceZero(secret->CliSi->buffer, secret->CliSi->length);
XFREE(secret->CliSi->buffer, ssl->heap,DYNAMIC_TYPE_TMP_BUFFER);
XFREE(secret->CliSi->buffer, ssl->heap, DYNAMIC_TYPE_SECRET);
}
XFREE(secret->CliSi, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(secret->CliSi, ssl->heap, DYNAMIC_TYPE_SECRET);
}
}
XFREE(secret, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(secret, ssl->heap, DYNAMIC_TYPE_QSH);
secret = NULL;
return 0;
@@ -294,14 +294,14 @@ static word32 GetEntropy(unsigned char* out, word32 num_bytes)
if (rng == NULL) {
if ((rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), 0,
DYNAMIC_TYPE_TLSX)) == NULL)
DYNAMIC_TYPE_RNG)) == NULL)
return DRBG_OUT_OF_MEMORY;
wc_InitRng(rng);
}
if (rngMutex == NULL) {
if ((rngMutex = (wolfSSL_Mutex*)XMALLOC(sizeof(wolfSSL_Mutex), 0,
DYNAMIC_TYPE_TLSX)) == NULL)
DYNAMIC_TYPE_MUTEX)) == NULL)
return DRBG_OUT_OF_MEMORY;
wc_InitMutex(rngMutex);
}
@@ -1455,8 +1455,8 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
XFREE(ctx->suites, ctx->heap, DYNAMIC_TYPE_SUITES);
#ifndef NO_DH
XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH_BUFFER);
XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH_BUFFER);
XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
#endif /* !NO_DH */
#ifdef SINGLE_THREADED
@@ -1634,10 +1634,10 @@ void FreeCiphers(WOLFSSL* ssl)
wc_AesFree(ssl->encrypt.aes);
wc_AesFree(ssl->decrypt.aes);
#if defined(BUILD_AESGCM) || defined(HAVE_AESCCM)
XFREE(ssl->decrypt.additional, ssl->heap, DYNAMIC_TYPE_AES);
XFREE(ssl->decrypt.nonce, ssl->heap, DYNAMIC_TYPE_AES);
XFREE(ssl->encrypt.additional, ssl->heap, DYNAMIC_TYPE_AES);
XFREE(ssl->encrypt.nonce, ssl->heap, DYNAMIC_TYPE_AES);
XFREE(ssl->decrypt.additional, ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
XFREE(ssl->decrypt.nonce, ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
XFREE(ssl->encrypt.additional, ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
XFREE(ssl->encrypt.nonce, ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
#endif
XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
XFREE(ssl->decrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
@@ -4177,7 +4177,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
}
XMEMSET(ssl->arrays, 0, sizeof(Arrays));
ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_SECRET);
if (ssl->arrays->preMasterSecret == NULL) {
return MEMORY_E;
}
@@ -4269,7 +4269,7 @@ void FreeArrays(WOLFSSL* ssl, int keep)
ssl->session.sessionIDSz = ssl->arrays->sessionIDSz;
}
if (ssl->arrays->preMasterSecret) {
XFREE(ssl->arrays->preMasterSecret, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(ssl->arrays->preMasterSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
ssl->arrays->preMasterSecret = NULL;
}
XFREE(ssl->arrays->pendingMsg, ssl->heap, DYNAMIC_TYPE_ARRAYS);
@@ -4464,14 +4464,14 @@ void FreeKeyExchange(WOLFSSL* ssl)
{
/* Cleanup signature buffer */
if (ssl->buffers.sig.buffer) {
XFREE(ssl->buffers.sig.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(ssl->buffers.sig.buffer, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
ssl->buffers.sig.buffer = NULL;
ssl->buffers.sig.length = 0;
}
/* Cleanup digest buffer */
if (ssl->buffers.digest.buffer) {
XFREE(ssl->buffers.digest.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(ssl->buffers.digest.buffer, ssl->heap, DYNAMIC_TYPE_DIGEST);
ssl->buffers.digest.buffer = NULL;
ssl->buffers.digest.length = 0;
}
@@ -4521,12 +4521,12 @@ void SSL_ResourceFree(WOLFSSL* ssl)
ForceZero(ssl->buffers.serverDH_Priv.buffer,
ssl->buffers.serverDH_Priv.length);
}
XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
/* parameters (p,g) may be owned by ctx */
if (ssl->buffers.weOwnDH || ssl->options.side == WOLFSSL_CLIENT_END) {
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
}
#endif /* !NO_DH */
#ifndef NO_CERTS
@@ -4601,7 +4601,7 @@ void SSL_ResourceFree(WOLFSSL* ssl)
#ifdef HAVE_ALPN
if (ssl->alpn_client_list != NULL) {
XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_ALPN);
ssl->alpn_client_list = NULL;
}
#endif
@@ -4755,15 +4755,15 @@ void FreeHandshakeResources(WOLFSSL* ssl)
ForceZero(ssl->buffers.serverDH_Priv.buffer,
ssl->buffers.serverDH_Priv.length);
}
XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
ssl->buffers.serverDH_Priv.buffer = NULL;
XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_Pub.buffer = NULL;
/* parameters (p,g) may be owned by ctx */
if (ssl->buffers.weOwnDH || ssl->options.side == WOLFSSL_CLIENT_END) {
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_G.buffer = NULL;
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_P.buffer = NULL;
}
#endif /* !NO_DH */
@@ -6357,7 +6357,7 @@ static int BuildMD5(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
int ret;
byte md5_result[MD5_DIGEST_SIZE];
#ifdef WOLFSSL_SMALL_STACK
Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), ssl->heap, DYNAMIC_TYPE_HASHCTX);
if (md5 == NULL)
return MEMORY_E;
#else
@@ -6391,7 +6391,7 @@ static int BuildMD5(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5, ssl->heap, DYNAMIC_TYPE_HASHCTX);
#endif
return ret;
@@ -6404,7 +6404,7 @@ static int BuildSHA(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
int ret;
byte sha_result[SHA_DIGEST_SIZE];
#ifdef WOLFSSL_SMALL_STACK
Sha* sha = (Sha*)XMALLOC(sizeof(Sha), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
Sha* sha = (Sha*)XMALLOC(sizeof(Sha), ssl->heap, DYNAMIC_TYPE_HASHCTX);
if (sha == NULL)
return MEMORY_E;
#else
@@ -6437,7 +6437,7 @@ static int BuildSHA(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(sha, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sha, ssl->heap, DYNAMIC_TYPE_HASHCTX);
#endif
return ret;
@@ -6461,8 +6461,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
#ifdef WOLFSSL_SHA384
#ifdef WOLFSSL_SMALL_STACK
sha384 = (Sha384*)XMALLOC(sizeof(Sha384), ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
sha384 = (Sha384*)XMALLOC(sizeof(Sha384), ssl->heap, DYNAMIC_TYPE_HASHCTX);
if (sha384 == NULL)
return MEMORY_E;
#endif /* WOLFSSL_SMALL_STACK */
@@ -6496,7 +6495,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
#ifdef WOLFSSL_SHA384
#ifdef WOLFSSL_SMALL_STACK
XFREE(sha384, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sha384, ssl->heap, DYNAMIC_TYPE_HASHCTX);
#endif
#endif
@@ -7450,16 +7449,16 @@ static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs)
(void)ssl;
if (args->domain) {
XFREE(args->domain, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(args->domain, ssl->heap, DYNAMIC_TYPE_STRING);
args->domain = NULL;
}
if (args->certs) {
XFREE(args->certs, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(args->certs, ssl->heap, DYNAMIC_TYPE_DER);
args->certs = NULL;
}
#ifdef WOLFSSL_TLS13
if (args->exts) {
XFREE(args->exts, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(args->exts, ssl->heap, DYNAMIC_TYPE_CERT_EXT);
args->exts = NULL;
}
#endif
@@ -7468,7 +7467,7 @@ static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs)
FreeDecodedCert(args->dCert);
args->dCertInit = 0;
}
XFREE(args->dCert, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(args->dCert, ssl->heap, DYNAMIC_TYPE_DCERT);
args->dCert = NULL;
}
}
@@ -7579,7 +7578,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz
/* allocate buffer for cert extensions */
args->exts = (buffer*)XMALLOC(sizeof(buffer) * MAX_CHAIN_DEPTH,
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
ssl->heap, DYNAMIC_TYPE_CERT_EXT);
if (args->exts == NULL) {
ERROR_OUT(MEMORY_E, exit_ppc);
}
@@ -7588,7 +7587,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz
/* allocate buffer for certs */
args->certs = (buffer*)XMALLOC(sizeof(buffer) * MAX_CHAIN_DEPTH,
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
ssl->heap, DYNAMIC_TYPE_DER);
if (args->certs == NULL) {
ERROR_OUT(MEMORY_E, exit_ppc);
}
@@ -7680,7 +7679,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz
args->dCertInit = 0;
args->dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_DCERT);
if (args->dCert == NULL) {
ERROR_OUT(MEMORY_E, exit_ppc);
}
@@ -8159,7 +8158,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz
{
if (args->count > 0) {
args->domain = (char*)XMALLOC(ASN_NAME_MAX, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_STRING);
if (args->domain == NULL) {
ERROR_OUT(MEMORY_E, exit_ppc);
}
@@ -8369,7 +8368,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz
/* release since we don't need it anymore */
if (args->dCert) {
XFREE(args->dCert, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(args->dCert, ssl->heap, DYNAMIC_TYPE_DCERT);
args->dCert = NULL;
}
} /* if (count > 0) */
@@ -8389,7 +8388,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz
#ifdef WOLFSSL_SMALL_STACK
WOLFSSL_X509_STORE_CTX* store = (WOLFSSL_X509_STORE_CTX*)XMALLOC(
sizeof(WOLFSSL_X509_STORE_CTX), ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_X509_STORE);
if (store == NULL) {
ERROR_OUT(MEMORY_E, exit_ppc);
}
@@ -8507,7 +8506,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(store, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(store, ssl->heap, DYNAMIC_TYPE_X509_STORE);
#endif
/* Advance state and proceed */
ssl->options.asyncState = TLS_ASYNC_END;
@@ -8613,15 +8612,15 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#ifdef WOLFSSL_SMALL_STACK
status = (CertStatus*)XMALLOC(sizeof(CertStatus), ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_OCSP_STATUS);
response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_OCSP_REQUEST);
if (status == NULL || response == NULL) {
if (status)
XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(status, NULL, DYNAMIC_TYPE_OCSP_STATUS);
if (response)
XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(response, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
return MEMORY_ERROR;
}
@@ -8643,8 +8642,8 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
*inOutIdx += status_length;
#ifdef WOLFSSL_SMALL_STACK
XFREE(status, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(response, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
#endif
}
@@ -8678,15 +8677,15 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#ifdef WOLFSSL_SMALL_STACK
status = (CertStatus*)XMALLOC(sizeof(CertStatus), ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_OCSP_STATUS);
response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_OCSP_REQUEST);
if (status == NULL || response == NULL) {
if (status)
XFREE(status, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
if (response)
XFREE(response, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
return MEMORY_ERROR;
}
@@ -8739,8 +8738,8 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#endif
#ifdef WOLFSSL_SMALL_STACK
XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(status, NULL, DYNAMIC_TYPE_OCSP_STATUS);
XFREE(response, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
#endif
}
@@ -10283,10 +10282,10 @@ static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz,
/* make sure auth iv and auth are allocated */
if (ssl->encrypt.additional == NULL)
ssl->encrypt.additional = (byte*)XMALLOC(AEAD_AUTH_DATA_SZ,
ssl->heap, DYNAMIC_TYPE_AES);
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
if (ssl->encrypt.nonce == NULL)
ssl->encrypt.nonce = (byte*)XMALLOC(AESGCM_NONCE_SZ,
ssl->heap, DYNAMIC_TYPE_AES);
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
if (ssl->encrypt.additional == NULL ||
ssl->encrypt.nonce == NULL) {
return MEMORY_E;
@@ -10519,10 +10518,10 @@ static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input,
/* make sure auth iv and auth are allocated */
if (ssl->decrypt.additional == NULL)
ssl->decrypt.additional = (byte*)XMALLOC(AEAD_AUTH_DATA_SZ,
ssl->heap, DYNAMIC_TYPE_AES);
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
if (ssl->decrypt.nonce == NULL)
ssl->decrypt.nonce = (byte*)XMALLOC(AESGCM_NONCE_SZ,
ssl->heap, DYNAMIC_TYPE_AES);
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
if (ssl->decrypt.additional == NULL ||
ssl->decrypt.nonce == NULL) {
return MEMORY_E;
@@ -11839,7 +11838,7 @@ static int BuildMD5_CertVerify(WOLFSSL* ssl, byte* digest)
int ret;
byte md5_result[MD5_DIGEST_SIZE];
#ifdef WOLFSSL_SMALL_STACK
Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), ssl->heap, DYNAMIC_TYPE_HASHCTX);
#else
Md5 md5[1];
#endif
@@ -11869,7 +11868,7 @@ static int BuildMD5_CertVerify(WOLFSSL* ssl, byte* digest)
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5, ssl->heap, DYNAMIC_TYPE_HASHCTX);
#endif
return ret;
@@ -11883,7 +11882,7 @@ static int BuildSHA_CertVerify(WOLFSSL* ssl, byte* digest)
int ret;
byte sha_result[SHA_DIGEST_SIZE];
#ifdef WOLFSSL_SMALL_STACK
Sha* sha = (Sha*)XMALLOC(sizeof(Sha), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
Sha* sha = (Sha*)XMALLOC(sizeof(Sha), ssl->heap, DYNAMIC_TYPE_HASHCTX);
#else
Sha sha[1];
#endif
@@ -11913,7 +11912,7 @@ static int BuildSHA_CertVerify(WOLFSSL* ssl, byte* digest)
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(sha, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sha, ssl->heap, DYNAMIC_TYPE_HASHCTX);
#endif
return ret;
@@ -12192,7 +12191,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
#ifdef WOLFSSL_SMALL_STACK
hmac = (byte*)XMALLOC(MAX_DIGEST_SIZE, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_DIGEST);
if (hmac == NULL)
ERROR_OUT(MEMORY_E, exit_buildmsg);
#endif
@@ -12202,7 +12201,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
XMEMCPY(output + args->idx, hmac, args->digestSz);
#ifdef WOLFSSL_SMALL_STACK
XFREE(hmac, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(hmac, ssl->heap, DYNAMIC_TYPE_DIGEST);
#endif
}
else
@@ -12540,7 +12539,7 @@ int SendCertificate(WOLFSSL* ssl)
if (inputSz > 0) { /* clang thinks could be zero, let's help */
input = (byte*)XMALLOC(inputSz, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_IN_BUFFER);
if (input == NULL)
return MEMORY_E;
XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
@@ -12550,7 +12549,7 @@ int SendCertificate(WOLFSSL* ssl)
handshake, 1, 0, 0);
if (inputSz > 0)
XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
if (sendSz < 0)
return sendSz;
@@ -12744,14 +12743,14 @@ static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status,
byte* input;
int inputSz = idx - RECORD_HEADER_SZ;
input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
if (input == NULL)
return MEMORY_E;
XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
handshake, 1, 0, 0);
XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
if (sendSz < 0)
ret = sendSz;
@@ -12839,7 +12838,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
#ifdef WOLFSSL_SMALL_STACK
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_DCERT);
if (cert == NULL)
return MEMORY_E;
#endif
@@ -12880,7 +12879,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT);
#endif
}
@@ -12903,7 +12902,8 @@ int SendCertificateStatus(WOLFSSL* ssl)
ret = BuildCertificateStatus(ssl, status_type,
&response, 1);
XFREE(response.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(response.buffer, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
response.buffer = NULL;
}
}
@@ -12944,7 +12944,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
#ifdef WOLFSSL_SMALL_STACK
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_DCERT);
if (cert == NULL)
return MEMORY_E;
#endif
@@ -12985,7 +12985,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT);
#endif
}
@@ -13021,7 +13021,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
#ifdef WOLFSSL_SMALL_STACK
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_TMP_DCERT);
if (cert == NULL)
return MEMORY_E;
#endif
@@ -13096,7 +13096,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT);
#endif
}
else {
@@ -13125,7 +13125,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
for (i = 0; i < 1 + MAX_CHAIN_DEPTH; i++)
if (responses[i].buffer)
XFREE(responses[i].buffer, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_OCSP_REQUEST);
}
break;
@@ -15814,14 +15814,14 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
byte* input;
int inputSz = idx - RECORD_HEADER_SZ; /* build msg adds rec hdr */
input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
if (input == NULL)
return MEMORY_E;
XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
handshake, 1, 0, 0);
XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
if (sendSz < 0)
return sendSz;
@@ -16475,7 +16475,7 @@ static void FreeDskeArgs(WOLFSSL* ssl, void* pArgs)
#if !defined(NO_DH) || defined(HAVE_ECC)
if (args->verifySig) {
XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
args->verifySig = NULL;
}
#endif
@@ -16581,7 +16581,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
}
ssl->buffers.serverDH_P.buffer =
(byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
(byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
if (ssl->buffers.serverDH_P.buffer) {
ssl->buffers.serverDH_P.length = length;
}
@@ -16608,7 +16608,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
}
ssl->buffers.serverDH_G.buffer =
(byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
(byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
if (ssl->buffers.serverDH_G.buffer) {
ssl->buffers.serverDH_G.length = length;
}
@@ -16633,7 +16633,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
}
ssl->buffers.serverDH_Pub.buffer =
(byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
(byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
if (ssl->buffers.serverDH_Pub.buffer) {
ssl->buffers.serverDH_Pub.length = length;
}
@@ -16772,7 +16772,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
}
ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(length,
ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
if (ssl->buffers.serverDH_P.buffer) {
ssl->buffers.serverDH_P.length = length;
}
@@ -16799,7 +16799,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
}
ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(length,
ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
if (ssl->buffers.serverDH_G.buffer) {
ssl->buffers.serverDH_G.length = length;
}
@@ -16824,7 +16824,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
}
ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC(length,
ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
if (ssl->buffers.serverDH_Pub.buffer) {
ssl->buffers.serverDH_Pub.length = length;
}
@@ -17024,7 +17024,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
/* buffer for signature */
ssl->buffers.sig.buffer = (byte*)XMALLOC(SEED_LEN + verifySz,
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
ssl->heap, DYNAMIC_TYPE_SIGNATURE);
if (ssl->buffers.sig.buffer == NULL) {
ERROR_OUT(MEMORY_E, exit_dske);
}
@@ -17044,7 +17044,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
wc_HashGetDigestSize(hashType);
ssl->buffers.digest.buffer = (byte*)XMALLOC(
ssl->buffers.digest.length, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_DIGEST);
if (ssl->buffers.digest.buffer == NULL) {
ERROR_OUT(MEMORY_E, exit_dske);
}
@@ -17138,7 +17138,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
if (args->verifySig == NULL) {
args->verifySig = (byte*)XMALLOC(args->verifySigSz,
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
ssl->heap, DYNAMIC_TYPE_SIGNATURE);
if (args->verifySig == NULL) {
ERROR_OUT(MEMORY_E, exit_dske);
}
@@ -17287,7 +17287,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
#ifdef WOLFSSL_SMALL_STACK
encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ,
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
ssl->heap, DYNAMIC_TYPE_SIGNATURE);
if (encodedSig == NULL) {
ERROR_OUT(MEMORY_E, exit_dske);
}
@@ -17303,7 +17303,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
ret = VERIFY_SIGN_ERROR;
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(encodedSig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encodedSig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
#endif
if (ret != 0) {
goto exit_dske;
@@ -17524,16 +17524,16 @@ int QSH_Init(WOLFSSL* ssl)
/* malloc memory for holding generated secret information */
if ((ssl->QSH_secret = (QSHSecret*)XMALLOC(sizeof(QSHSecret), ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
DYNAMIC_TYPE_QSH)) == NULL)
return MEMORY_E;
ssl->QSH_secret->CliSi = (buffer*)XMALLOC(sizeof(buffer), ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_SECRET);
if (ssl->QSH_secret->CliSi == NULL)
return MEMORY_E;
ssl->QSH_secret->SerSi = (buffer*)XMALLOC(sizeof(buffer), ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_SECRET);
if (ssl->QSH_secret->SerSi == NULL)
return MEMORY_E;
@@ -17699,7 +17699,7 @@ static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer)
buf = ssl->QSH_secret->CliSi;
}
buf->length = sz;
buf->buffer = (byte*)XMALLOC(sz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
buf->buffer = (byte*)XMALLOC(sz, ssl->heap, DYNAMIC_TYPE_SECRET);
if (buf->buffer == NULL) {
WOLFSSL_ERROR(MEMORY_E);
}
@@ -17709,7 +17709,7 @@ static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer)
current = ssl->peerQSHKey;
while (current) {
schm = (QSHScheme*)XMALLOC(sizeof(QSHScheme), ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_QSH);
if (schm == NULL)
return MEMORY_E;
@@ -17729,7 +17729,7 @@ static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer)
tmpSz = QSH_MaxSecret(current);
if ((schm->PK = (byte*)XMALLOC(tmpSz, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
DYNAMIC_TYPE_SECRET)) == NULL)
return -1;
/* store info for writing extension */
@@ -17819,11 +17819,11 @@ static void FreeSckeArgs(WOLFSSL* ssl, void* pArgs)
(void)ssl;
if (args->encSecret) {
XFREE(args->encSecret, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(args->encSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
args->encSecret = NULL;
}
if (args->input) {
XFREE(args->input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
args->input = NULL;
}
}
@@ -18060,7 +18060,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
{
args->encSz = MAX_ENCRYPT_SZ;
args->encSecret = (byte*)XMALLOC(args->encSz, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_SECRET);
if (args->encSecret == NULL) {
ERROR_OUT(MEMORY_E, exit_scke);
}
@@ -18087,7 +18087,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
{
ssl->buffers.sig.length = ENCRYPT_LEN;
ssl->buffers.sig.buffer = (byte*)XMALLOC(ENCRYPT_LEN,
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
ssl->heap, DYNAMIC_TYPE_SIGNATURE);
if (ssl->buffers.sig.buffer == NULL) {
ERROR_OUT(MEMORY_E, exit_scke);
}
@@ -18171,7 +18171,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
ssl->buffers.sig.length = ENCRYPT_LEN;
ssl->buffers.sig.buffer = (byte*)XMALLOC(ENCRYPT_LEN,
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
ssl->heap, DYNAMIC_TYPE_SIGNATURE);
if (ssl->buffers.sig.buffer == NULL) {
ERROR_OUT(MEMORY_E, exit_scke);
}
@@ -18716,7 +18716,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
if (IsEncryptionOn(ssl, 1)) {
args->inputSz = idx - RECORD_HEADER_SZ; /* buildmsg adds rechdr */
args->input = (byte*)XMALLOC(args->inputSz, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_IN_BUFFER);
if (args->input == NULL) {
ERROR_OUT(MEMORY_E, exit_scke);
}
@@ -18735,7 +18735,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
if (IsEncryptionOn(ssl, 1)) {
ret = BuildMessage(ssl, args->output, args->sendSz,
args->input, args->inputSz, handshake, 1, 0, 0);
XFREE(args->input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
args->input = NULL; /* make sure its not double free'd on cleanup */
if (ret >= 0) {
@@ -18976,12 +18976,12 @@ static void FreeScvArgs(WOLFSSL* ssl, void* pArgs)
#ifndef NO_RSA
if (args->verifySig) {
XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
args->verifySig = NULL;
}
#endif
if (args->input) {
XFREE(args->input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
args->input = NULL;
}
}
@@ -19066,7 +19066,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
/* build encoded signature buffer */
ssl->buffers.sig.length = MAX_ENCODED_SIG_SZ;
ssl->buffers.sig.buffer = (byte*)XMALLOC(ssl->buffers.sig.length,
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
ssl->heap, DYNAMIC_TYPE_SIGNATURE);
if (ssl->buffers.sig.buffer == NULL) {
ERROR_OUT(MEMORY_E, exit_scv);
}
@@ -19250,7 +19250,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
if (args->verifySig == NULL) {
args->verifySig = (byte*)XMALLOC(args->sigSz, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_SIGNATURE);
if (args->verifySig == NULL) {
ERROR_OUT(MEMORY_E, exit_scv);
}
@@ -19298,7 +19298,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
args->inputSz = args->sendSz - RECORD_HEADER_SZ;
/* build msg adds rec hdr */
args->input = (byte*)XMALLOC(args->inputSz, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_IN_BUFFER);
if (args->input == NULL) {
ERROR_OUT(MEMORY_E, exit_scv);
}
@@ -19324,7 +19324,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
goto exit_scv;
#endif
XFREE(args->input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
args->input = NULL; /* make sure its not double free'd on cleanup */
if (ret >= 0) {
@@ -19803,19 +19803,19 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#if defined(HAVE_ECC)
if (args->exportBuf) {
XFREE(args->exportBuf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(args->exportBuf, ssl->heap, DYNAMIC_TYPE_DER);
args->exportBuf = NULL;
}
#endif
#if defined(HAVE_ECC) || (!defined(NO_DH) && !defined(NO_RSA))
if (args->sigDataBuf) {
XFREE(args->sigDataBuf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(args->sigDataBuf, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
args->sigDataBuf = NULL;
}
#endif
#ifndef NO_RSA
if (args->verifySig) {
XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
args->verifySig = NULL;
}
#endif
@@ -19922,7 +19922,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* Free'd in SSL_ResourceFree and FreeHandshakeResources */
ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC(
ssl->buffers.serverDH_P.length + OPAQUE16_LEN,
ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
if (ssl->buffers.serverDH_Pub.buffer == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
@@ -19932,7 +19932,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* Free'd in SSL_ResourceFree and FreeHandshakeResources */
ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC(
ssl->buffers.serverDH_P.length + OPAQUE16_LEN,
ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
if (ssl->buffers.serverDH_Priv.buffer == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
@@ -20186,7 +20186,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
args->exportSz = MAX_EXPORT_ECC_SZ;
args->exportBuf = (byte*)XMALLOC(args->exportSz,
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
ssl->heap, DYNAMIC_TYPE_DER);
if (args->exportBuf == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
@@ -20273,7 +20273,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* Export temp ECC key and add to length */
args->exportSz = MAX_EXPORT_ECC_SZ;
args->exportBuf = (byte*)XMALLOC(args->exportSz,
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
ssl->heap, DYNAMIC_TYPE_DER);
if (args->exportBuf == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
@@ -20489,7 +20489,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* Assemble buffer to hash for signature */
args->sigDataSz = RAN_LEN + RAN_LEN + preSigSz;
args->sigDataBuf = (byte*)XMALLOC(args->sigDataSz,
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
ssl->heap, DYNAMIC_TYPE_SIGNATURE);
if (args->sigDataBuf == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
@@ -20505,7 +20505,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wc_HashGetDigestSize(hashType);
ssl->buffers.sig.buffer = (byte*)XMALLOC(
ssl->buffers.sig.length,
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
ssl->heap, DYNAMIC_TYPE_SIGNATURE);
if (ssl->buffers.sig.buffer == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
@@ -20532,7 +20532,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (IsAtLeastTLSv1_2(ssl)) {
byte* encodedSig = (byte*)XMALLOC(
MAX_ENCODED_SIG_SZ, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_SIGNATURE);
if (encodedSig == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
@@ -20545,7 +20545,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* Replace sig buffer with new one */
XFREE(ssl->buffers.sig.buffer, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_SIGNATURE);
ssl->buffers.sig.buffer = encodedSig;
}
@@ -20726,7 +20726,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* Assemble buffer to hash for signature */
args->sigDataSz = RAN_LEN + RAN_LEN + preSigSz;
args->sigDataBuf = (byte*)XMALLOC(args->sigDataSz,
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
ssl->heap, DYNAMIC_TYPE_SIGNATURE);
if (args->sigDataBuf == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
@@ -20742,7 +20742,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wc_HashGetDigestSize(hashType);
ssl->buffers.sig.buffer = (byte*)XMALLOC(
ssl->buffers.sig.length, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_SIGNATURE);
if (ssl->buffers.sig.buffer == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
@@ -20769,7 +20769,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (IsAtLeastTLSv1_2(ssl)) {
byte* encodedSig = (byte*)XMALLOC(
MAX_ENCODED_SIG_SZ, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_SIGNATURE);
if (encodedSig == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
}
@@ -20782,7 +20782,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* Replace sig buffer with new one */
XFREE(ssl->buffers.sig.buffer, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_SIGNATURE);
ssl->buffers.sig.buffer = encodedSig;
}
break;
@@ -21000,7 +21000,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
}
args->verifySig = (byte*)XMALLOC(
args->sigSz, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_SIGNATURE);
if (!args->verifySig) {
ERROR_OUT(MEMORY_E, exit_sske);
}
@@ -21072,7 +21072,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
}
args->verifySig = (byte*)XMALLOC(
args->sigSz, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_SIGNATURE);
if (!args->verifySig) {
ERROR_OUT(MEMORY_E, exit_sske);
}
@@ -22316,7 +22316,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#ifdef WOLFSSL_SMALL_STACK
encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ,
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
ssl->heap, DYNAMIC_TYPE_SIGNATURE);
if (encodedSig == NULL) {
ERROR_OUT(MEMORY_E, exit_dcv);
}
@@ -22340,7 +22340,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(encodedSig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encodedSig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
#endif
}
}
+213 -217
View File
File diff suppressed because it is too large Load Diff
+139 -104
View File
@@ -81,7 +81,8 @@
/* compute p_hash for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1 PRF */
static int p_hash(byte* result, word32 resLen, const byte* secret,
word32 secLen, const byte* seed, word32 seedLen, int hash)
word32 secLen, const byte* seed, word32 seedLen, int hash,
void* heap, int devId)
{
word32 len = P_HASH_MAX_SIZE;
word32 times;
@@ -101,14 +102,14 @@ static int p_hash(byte* result, word32 resLen, const byte* secret,
#endif
#ifdef WOLFSSL_SMALL_STACK
previous = (byte*)XMALLOC(P_HASH_MAX_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
current = (byte*)XMALLOC(P_HASH_MAX_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
hmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_TMP_BUFFER);
previous = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST);
current = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST);
hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, DYNAMIC_TYPE_HMAC);
if (previous == NULL || current == NULL || hmac == NULL) {
if (previous) XFREE(previous, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (current) XFREE(current, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (hmac) XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (previous) XFREE(previous, heap, DYNAMIC_TYPE_DIGEST);
if (current) XFREE(current, heap, DYNAMIC_TYPE_DIGEST);
if (hmac) XFREE(hmac, heap, DYNAMIC_TYPE_HMAC);
return MEMORY_E;
}
@@ -153,7 +154,7 @@ static int p_hash(byte* result, word32 resLen, const byte* secret,
lastTime = times - 1;
ret = wc_HmacInit(hmac, NULL, INVALID_DEVID);
ret = wc_HmacInit(hmac, heap, devId);
if (ret == 0) {
ret = wc_HmacSetKey(hmac, hash, secret, secLen);
if (ret == 0)
@@ -195,9 +196,9 @@ static int p_hash(byte* result, word32 resLen, const byte* secret,
ForceZero(hmac, sizeof(Hmac));
#ifdef WOLFSSL_SMALL_STACK
XFREE(previous, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(current, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(previous, heap, DYNAMIC_TYPE_DIGEST);
XFREE(current, heap, DYNAMIC_TYPE_DIGEST);
XFREE(hmac, heap, DYNAMIC_TYPE_HMAC);
#endif
return ret;
@@ -221,7 +222,7 @@ static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha)
/* compute TLSv1 PRF (pseudo random function using HMAC) */
static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
const byte* label, word32 labLen, const byte* seed,
word32 seedLen)
word32 seedLen, void* heap, int devId)
{
int ret = 0;
word32 half = (secLen + 1) / 2;
@@ -248,19 +249,19 @@ static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
return BUFFER_E;
#ifdef WOLFSSL_SMALL_STACK
md5_half = (byte*)XMALLOC(MAX_PRF_HALF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
sha_half = (byte*)XMALLOC(MAX_PRF_HALF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, NULL, DYNAMIC_TYPE_TMP_BUFFER);
md5_result = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
sha_result = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
md5_half = (byte*)XMALLOC(MAX_PRF_HALF, heap, DYNAMIC_TYPE_DIGEST);
sha_half = (byte*)XMALLOC(MAX_PRF_HALF, heap, DYNAMIC_TYPE_DIGEST);
labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, heap, DYNAMIC_TYPE_SEED);
md5_result = (byte*)XMALLOC(MAX_PRF_DIG, heap, DYNAMIC_TYPE_DIGEST);
sha_result = (byte*)XMALLOC(MAX_PRF_DIG, heap, DYNAMIC_TYPE_DIGEST);
if (md5_half == NULL || sha_half == NULL || labelSeed == NULL ||
md5_result == NULL || sha_result == NULL) {
if (md5_half) XFREE(md5_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (sha_half) XFREE(sha_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (labelSeed) XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (md5_result) XFREE(md5_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (sha_result) XFREE(sha_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (md5_half) XFREE(md5_half, heap, DYNAMIC_TYPE_DIGEST);
if (sha_half) XFREE(sha_half, heap, DYNAMIC_TYPE_DIGEST);
if (labelSeed) XFREE(labelSeed, heap, DYNAMIC_TYPE_SEED);
if (md5_result) XFREE(md5_result, heap, DYNAMIC_TYPE_DIGEST);
if (sha_result) XFREE(sha_result, heap, DYNAMIC_TYPE_DIGEST);
return MEMORY_E;
}
@@ -276,19 +277,19 @@ static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
XMEMCPY(labelSeed + labLen, seed, seedLen);
if ((ret = p_hash(md5_result, digLen, md5_half, half, labelSeed,
labLen + seedLen, md5_mac)) == 0) {
labLen + seedLen, md5_mac, heap, devId)) == 0) {
if ((ret = p_hash(sha_result, digLen, sha_half, half, labelSeed,
labLen + seedLen, sha_mac)) == 0) {
labLen + seedLen, sha_mac, heap, devId)) == 0) {
get_xor(digest, digLen, md5_result, sha_result);
}
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(md5_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sha_half, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sha_result, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5_half, heap, DYNAMIC_TYPE_DIGEST);
XFREE(sha_half, heap, DYNAMIC_TYPE_DIGEST);
XFREE(labelSeed, heap, DYNAMIC_TYPE_SEED);
XFREE(md5_result, heap, DYNAMIC_TYPE_DIGEST);
XFREE(sha_result, heap, DYNAMIC_TYPE_DIGEST);
#endif
return ret;
@@ -301,7 +302,7 @@ static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
use */
static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
const byte* label, word32 labLen, const byte* seed, word32 seedLen,
int useAtLeastSha256, int hash_type)
int useAtLeastSha256, int hash_type, void* heap, int devId)
{
int ret = 0;
@@ -316,8 +317,7 @@ static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
return BUFFER_E;
#ifdef WOLFSSL_SMALL_STACK
labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, heap, DYNAMIC_TYPE_SEED);
if (labelSeed == NULL)
return MEMORY_E;
#endif
@@ -330,16 +330,16 @@ static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
if (hash_type < sha256_mac || hash_type == blake2b_mac)
hash_type = sha256_mac;
ret = p_hash(digest, digLen, secret, secLen, labelSeed,
labLen + seedLen, hash_type);
labLen + seedLen, hash_type, heap, devId);
#ifdef WOLFSSL_SMALL_STACK
XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(labelSeed, heap, DYNAMIC_TYPE_SEED);
#endif
}
#ifndef NO_OLD_TLS
else {
ret = doPRF(digest, digLen, secret, secLen, label, labLen, seed,
seedLen);
seedLen, heap, devId);
}
#endif
@@ -403,7 +403,7 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
word32 hashSz = HSHASH_SZ;
/* using allocate here to allow async hardware to use buffer directly */
handshake_hash = (byte*)XMALLOC(hashSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
handshake_hash = (byte*)XMALLOC(hashSz, ssl->heap, DYNAMIC_TYPE_DIGEST);
if (handshake_hash == NULL)
return MEMORY_E;
@@ -416,10 +416,11 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
ret = PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret,
SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz,
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
ssl->heap, ssl->devId);
}
XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_DIGEST);
return ret;
}
@@ -481,62 +482,71 @@ static const byte ext_master_label[EXT_MASTER_LABEL_SZ + 1] =
static const byte master_label[MASTER_LABEL_SZ + 1] = "master secret";
static const byte key_label [KEY_LABEL_SZ + 1] = "key expansion";
/* External facing wrapper so user can call as well, 0 on success */
int wolfSSL_DeriveTlsKeys(byte* key_data, word32 keyLen,
static int _DeriveTlsKeys(byte* key_dig, word32 key_dig_len,
const byte* ms, word32 msLen,
const byte* sr, const byte* cr,
int tls1_2, int hash_type)
int tls1_2, int hash_type,
void* heap, int devId)
{
byte seed[SEED_LEN];
XMEMCPY(seed, sr, RAN_LEN);
XMEMCPY(seed + RAN_LEN, cr, RAN_LEN);
return PRF(key_data, keyLen, ms, msLen, key_label, KEY_LABEL_SZ,
seed, SEED_LEN, tls1_2, hash_type);
return PRF(key_dig, key_dig_len, ms, msLen, key_label, KEY_LABEL_SZ,
seed, SEED_LEN, tls1_2, hash_type, heap, devId);
}
/* External facing wrapper so user can call as well, 0 on success */
int wolfSSL_DeriveTlsKeys(byte* key_dig, word32 key_dig_len,
const byte* ms, word32 msLen,
const byte* sr, const byte* cr,
int tls1_2, int hash_type)
{
return _DeriveTlsKeys(key_dig, key_dig_len, ms, msLen, sr, cr, tls1_2,
hash_type, NULL, INVALID_DEVID);
}
int DeriveTlsKeys(WOLFSSL* ssl)
{
int ret;
int length = 2 * ssl->specs.hash_size +
2 * ssl->specs.key_size +
2 * ssl->specs.iv_size;
int key_dig_len = 2 * ssl->specs.hash_size +
2 * ssl->specs.key_size +
2 * ssl->specs.iv_size;
#ifdef WOLFSSL_SMALL_STACK
byte* key_data;
byte* key_dig;
#else
byte key_data[MAX_PRF_DIG];
byte key_dig[MAX_PRF_DIG];
#endif
#ifdef WOLFSSL_SMALL_STACK
key_data = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (key_data == NULL) {
key_dig = (byte*)XMALLOC(MAX_PRF_DIG, ssl->heap, DYNAMIC_TYPE_DIGEST);
if (key_dig == NULL) {
return MEMORY_E;
}
#endif
ret = wolfSSL_DeriveTlsKeys(key_data, length,
ssl->arrays->masterSecret, SECRET_LEN,
ssl->arrays->serverRandom, ssl->arrays->clientRandom,
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
ret = _DeriveTlsKeys(key_dig, key_dig_len,
ssl->arrays->masterSecret, SECRET_LEN,
ssl->arrays->serverRandom, ssl->arrays->clientRandom,
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
ssl->heap, ssl->devId);
if (ret == 0)
ret = StoreKeys(ssl, key_data);
ret = StoreKeys(ssl, key_dig);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key_data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(key_dig, ssl->heap, DYNAMIC_TYPE_DIGEST);
#endif
return ret;
}
/* External facing wrapper so user can call as well, 0 on success */
int wolfSSL_MakeTlsMasterSecret(byte* ms, word32 msLen,
static int _MakeTlsMasterSecret(byte* ms, word32 msLen,
const byte* pms, word32 pmsLen,
const byte* cr, const byte* sr,
int tls1_2, int hash_type)
int tls1_2, int hash_type,
void* heap, int devId)
{
byte seed[SEED_LEN];
@@ -544,20 +554,40 @@ int wolfSSL_MakeTlsMasterSecret(byte* ms, word32 msLen,
XMEMCPY(seed + RAN_LEN, sr, RAN_LEN);
return PRF(ms, msLen, pms, pmsLen, master_label, MASTER_LABEL_SZ,
seed, SEED_LEN, tls1_2, hash_type);
seed, SEED_LEN, tls1_2, hash_type, heap, devId);
}
/* External facing wrapper so user can call as well, 0 on success */
int wolfSSL_MakeTlsMasterSecret(byte* ms, word32 msLen,
const byte* pms, word32 pmsLen,
const byte* cr, const byte* sr,
int tls1_2, int hash_type)
{
return _MakeTlsMasterSecret(ms, msLen, pms, pmsLen, cr, sr, tls1_2,
hash_type, NULL, INVALID_DEVID);
}
#ifdef HAVE_EXTENDED_MASTER
static int _MakeTlsExtendedMasterSecret(byte* ms, word32 msLen,
const byte* pms, word32 pmsLen,
const byte* sHash, word32 sHashLen,
int tls1_2, int hash_type,
void* heap, int devId)
{
return PRF(ms, msLen, pms, pmsLen, ext_master_label, EXT_MASTER_LABEL_SZ,
sHash, sHashLen, tls1_2, hash_type, heap, devId);
}
/* External facing wrapper so user can call as well, 0 on success */
int wolfSSL_MakeTlsExtendedMasterSecret(byte* ms, word32 msLen,
const byte* pms, word32 pmsLen,
const byte* sHash, word32 sHashLen,
int tls1_2, int hash_type)
{
return PRF(ms, msLen, pms, pmsLen, ext_master_label, EXT_MASTER_LABEL_SZ,
sHash, sHashLen, tls1_2, hash_type);
return _MakeTlsExtendedMasterSecret(ms, msLen, pms, pmsLen, sHash, sHashLen,
tls1_2, hash_type, NULL, INVALID_DEVID);
}
#endif /* HAVE_EXTENDED_MASTER */
@@ -571,29 +601,32 @@ int MakeTlsMasterSecret(WOLFSSL* ssl)
byte* handshake_hash;
word32 hashSz = HSHASH_SZ;
handshake_hash = (byte*)XMALLOC(HSHASH_SZ, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
handshake_hash = (byte*)XMALLOC(HSHASH_SZ, ssl->heap,
DYNAMIC_TYPE_DIGEST);
if (handshake_hash == NULL)
return MEMORY_E;
ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz);
if (ret < 0) {
XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_DIGEST);
return ret;
}
ret = wolfSSL_MakeTlsExtendedMasterSecret(
ret = _MakeTlsExtendedMasterSecret(
ssl->arrays->masterSecret, SECRET_LEN,
ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
handshake_hash, hashSz,
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
ssl->heap, ssl->devId);
XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_DIGEST);
} else
#endif
ret = wolfSSL_MakeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN,
ret = _MakeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN,
ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
ssl->arrays->clientRandom, ssl->arrays->serverRandom,
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
ssl->heap, ssl->devId);
if (ret == 0) {
#ifdef SHOW_SECRETS
@@ -625,7 +658,7 @@ int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* msk, unsigned int len,
#endif
#ifdef WOLFSSL_SMALL_STACK
seed = (byte*)XMALLOC(SEED_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
seed = (byte*)XMALLOC(SEED_LEN, ssl->heap, DYNAMIC_TYPE_SEED);
if (seed == NULL)
return MEMORY_E;
#endif
@@ -639,10 +672,11 @@ int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* msk, unsigned int len,
ret = PRF((byte*)msk, len, ssl->arrays->masterSecret, SECRET_LEN,
(const byte *)label, (word32)XSTRLEN(label), seed, SEED_LEN,
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
ssl->heap, ssl->devId);
#ifdef WOLFSSL_SMALL_STACK
XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(seed, ssl->heap, DYNAMIC_TYPE_SEED);
#endif
return ret;
@@ -843,7 +877,7 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
ret = wc_HmacInit(&hmac, NULL, ssl->devId);
ret = wc_HmacInit(&hmac, ssl->heap, ssl->devId);
if (ret != 0)
return ret;
@@ -1198,10 +1232,10 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, byte *input, word16 length,
/* keep the list sent by client */
if (isRequest) {
if (ssl->alpn_client_list != NULL)
XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_ALPN);
ssl->alpn_client_list = (char *)XMALLOC(size, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_ALPN);
if (ssl->alpn_client_list == NULL)
return MEMORY_ERROR;
}
@@ -3669,9 +3703,9 @@ int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket, void* heap)
/* Quantum-Safe-Hybrid */
/******************************************************************************/
#if defined(HAVE_NTRU) && defined(HAVE_QSH)
static WC_RNG* rng;
static wolfSSL_Mutex* rngMutex;
#if defined(HAVE_NTRU)
static WC_RNG* gRng;
static wolfSSL_Mutex* gRngMutex;
#endif
#ifdef HAVE_QSH
@@ -4130,7 +4164,7 @@ int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input, word16 length,
/* allocate memory for buffer */
buf->length = offset;
buf->buffer = (byte*)XMALLOC(offset, NULL, DYNAMIC_TYPE_TMP_BUFFER);
buf->buffer = (byte*)XMALLOC(offset, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (buf->buffer == NULL)
return MEMORY_E;
@@ -4599,13 +4633,13 @@ static int TLSX_KeyShare_GenDhKey(WOLFSSL *ssl, KeyShareEntry* kse)
/* Allocate space for the public key. */
dataSz = params->p_len;
keyData = (byte*)XMALLOC(dataSz, ssl->heap, DYNAMIC_TYPE_TLSX);
keyData = (byte*)XMALLOC(dataSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
if (keyData == NULL) {
ret = MEMORY_E;
goto end;
}
/* Allocate space for the private key. */
key = (byte*)XMALLOC(keySz, ssl->heap, DYNAMIC_TYPE_TLSX);
key = (byte*)XMALLOC(keySz, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
if (key == NULL) {
ret = MEMORY_E;
goto end;
@@ -4653,9 +4687,9 @@ end:
if (ret != 0) {
/* Data owned by key share entry otherwise. */
if (keyData != NULL)
XFREE(keyData, ssl->heap, DYNAMIC_TYPE_TLSX);
XFREE(keyData, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
if (key != NULL)
XFREE(key, ssl->heap, DYNAMIC_TYPE_TLSX);
XFREE(key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
}
return ret;
@@ -4715,7 +4749,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
curve25519_key* key;
/* Allocate an ECC key to hold private key. */
key = (curve25519_key*)XMALLOC(sizeof(curve25519_key),
ssl->heap, DYNAMIC_TYPE_TLSX);
ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
if (key == NULL) {
WOLFSSL_MSG("EccTempKey Memory error");
return MEMORY_E;
@@ -4733,7 +4767,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
/* Allocate space for the public key. */
keyData = (byte*)XMALLOC(dataSize, ssl->heap,
DYNAMIC_TYPE_TLSX);
DYNAMIC_TYPE_PUBLIC_KEY);
if (keyData == NULL) {
WOLFSSL_MSG("Key data Memory error");
ret = MEMORY_E;
@@ -4770,7 +4804,8 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
}
/* Allocate an ECC key to hold private key. */
eccKey = (ecc_key*)XMALLOC(sizeof(ecc_key), ssl->heap, DYNAMIC_TYPE_TLSX);
eccKey = (ecc_key*)XMALLOC(sizeof(ecc_key), ssl->heap,
DYNAMIC_TYPE_PRIVATE_KEY);
if (eccKey == NULL) {
WOLFSSL_MSG("EccTempKey Memory error");
return MEMORY_E;
@@ -4791,7 +4826,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
goto end;
/* Allocate space for the public key. */
keyData = (byte*)XMALLOC(dataSize, ssl->heap, DYNAMIC_TYPE_TLSX);
keyData = (byte*)XMALLOC(dataSize, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
if (keyData == NULL) {
WOLFSSL_MSG("Key data Memory error");
ret = MEMORY_E;
@@ -4855,8 +4890,8 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap)
while ((current = list) != NULL) {
list = current->next;
XFREE(current->key, heap, DYNAMIC_TYPE_TLSX);
XFREE(current->ke, heap, DYNAMIC_TYPE_TLSX);
XFREE(current->key, heap, DYNAMIC_TYPE_PRIVATE_KEY);
XFREE(current->ke, heap, DYNAMIC_TYPE_PUBLIC_KEY);
XFREE(current, heap, DYNAMIC_TYPE_TLSX);
}
@@ -5063,7 +5098,7 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
wc_ecc_free(ssl->peerEccKey);
ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key), ssl->heap,
DYNAMIC_TYPE_TLSX);
DYNAMIC_TYPE_ECC);
if (ssl->peerEccKey == NULL) {
WOLFSSL_MSG("PeerEccKey Memory error");
return MEMORY_ERROR;
@@ -5249,7 +5284,7 @@ static int TLSX_KeyShareEntry_Parse(WOLFSSL* ssl, byte* input, word16 length,
return BUFFER_ERROR;
/* Store a copy in the key share object. */
ke = (byte*)XMALLOC(keLen, ssl->heap, DYNAMIC_TYPE_TLSX);
ke = (byte*)XMALLOC(keLen, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
if (ke == NULL)
return MEMORY_E;
XMEMCPY(ke, &input[offset], keLen);
@@ -5479,7 +5514,7 @@ int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len, byte* data,
if (data != NULL) {
/* Keep the public key data and free when finished. */
if (keyShareEntry->ke != NULL)
XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_TLSX);
XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
keyShareEntry->ke = data;
keyShareEntry->keLen = len;
}
@@ -5685,7 +5720,7 @@ int TLSX_KeyShare_Establish(WOLFSSL *ssl)
/* Move private key to client entry. */
if (clientKSE->key != NULL)
XFREE(clientKSE->key, ssl->heap, DYNAMIC_TYPE_TLSX);
XFREE(clientKSE->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
clientKSE->key = serverKSE->key;
serverKSE->key = NULL;
clientKSE->keyLen = serverKSE->keyLen;
@@ -6789,23 +6824,23 @@ static word32 GetEntropy(unsigned char* out, word32 num_bytes)
{
int ret = 0;
if (rng == NULL) {
if ((rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL,
if (gRng == NULL) {
if ((gRng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL,
DYNAMIC_TYPE_TLSX)) == NULL)
return DRBG_OUT_OF_MEMORY;
wc_InitRng(rng);
wc_InitRng(gRng);
}
if (rngMutex == NULL) {
if ((rngMutex = (wolfSSL_Mutex*)XMALLOC(sizeof(wolfSSL_Mutex), NULL,
if (gRngMutex == NULL) {
if ((gRngMutex = (wolfSSL_Mutex*)XMALLOC(sizeof(wolfSSL_Mutex), NULL,
DYNAMIC_TYPE_TLSX)) == NULL)
return DRBG_OUT_OF_MEMORY;
wc_InitMutex(rngMutex);
wc_InitMutex(gRngMutex);
}
ret |= wc_LockMutex(rngMutex);
ret |= wc_RNG_GenerateBlock(rng, out, num_bytes);
ret |= wc_UnLockMutex(rngMutex);
ret |= wc_LockMutex(gRngMutex);
ret |= wc_RNG_GenerateBlock(gRng, out, num_bytes);
ret |= wc_UnLockMutex(gRngMutex);
if (ret != 0)
return DRBG_ENTROPY_FAIL;
+24 -29
View File
@@ -916,7 +916,7 @@ static int BuildTls13HandshakeHmac(WOLFSSL* ssl, byte* key, byte* hash,
return ret;
/* Calculate the verify data. */
ret = wc_HmacInit(&verifyHmac, ssl->heap, INVALID_DEVID);
ret = wc_HmacInit(&verifyHmac, ssl->heap, ssl->devId);
if (ret == 0) {
ret = wc_HmacSetKey(&verifyHmac, hashType, key, ssl->specs.hash_size);
if (ret == 0)
@@ -960,16 +960,16 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side)
int ret;
int i = 0;
#ifdef WOLFSSL_SMALL_STACK
byte* key_data;
byte* key_dig;
#else
byte key_data[MAX_PRF_DIG];
byte key_dig[MAX_PRF_DIG];
#endif
int deriveClient = 0;
int deriveServer = 0;
#ifdef WOLFSSL_SMALL_STACK
key_data = (byte*)XMALLOC(MAX_PRF_DIG, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (key_data == NULL)
key_dig = (byte*)XMALLOC(MAX_PRF_DIG, ssl->heap, DYNAMIC_TYPE_DIGEST);
if (key_dig == NULL)
return MEMORY_E;
#endif
@@ -1031,7 +1031,7 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side)
/* Derive the client key. */
WOLFSSL_MSG("Derive Client Key");
ret = DeriveKey(ssl, &key_data[i], ssl->specs.key_size,
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.key_size,
ssl->arrays->clientSecret, writeKeyLabel,
WRITE_KEY_LABEL_SZ, ssl->specs.mac_algorithm, 0);
if (ret != 0)
@@ -1040,7 +1040,7 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side)
/* Derive the server key. */
WOLFSSL_MSG("Derive Server Key");
ret = DeriveKey(ssl, &key_data[i], ssl->specs.key_size,
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.key_size,
ssl->arrays->serverSecret, writeKeyLabel,
WRITE_KEY_LABEL_SZ, ssl->specs.mac_algorithm, 0);
if (ret != 0)
@@ -1049,7 +1049,7 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side)
/* Derive the client IV. */
WOLFSSL_MSG("Derive Client IV");
ret = DeriveKey(ssl, &key_data[i], ssl->specs.iv_size,
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.iv_size,
ssl->arrays->clientSecret, writeIVLabel, WRITE_IV_LABEL_SZ,
ssl->specs.mac_algorithm, 0);
if (ret != 0)
@@ -1058,18 +1058,18 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side)
/* Derive the server IV. */
WOLFSSL_MSG("Derive Server IV");
ret = DeriveKey(ssl, &key_data[i], ssl->specs.iv_size,
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.iv_size,
ssl->arrays->serverSecret, writeIVLabel, WRITE_IV_LABEL_SZ,
ssl->specs.mac_algorithm, 0);
if (ret != 0)
goto end;
/* Store keys and IVs but don't activate them. */
ret = StoreKeys(ssl, key_data);
ret = StoreKeys(ssl, key_dig);
end:
#ifdef WOLFSSL_SMALL_STACK
XFREE(key_data, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(key_dig, ssl->heap, DYNAMIC_TYPE_DIGEST);
#endif
return ret;
@@ -1635,7 +1635,7 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
if (ssl->encrypt.nonce == NULL)
ssl->encrypt.nonce = (byte*)XMALLOC(AEAD_NONCE_SZ,
ssl->heap, DYNAMIC_TYPE_AES);
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
if (ssl->encrypt.nonce == NULL)
return MEMORY_E;
@@ -1841,7 +1841,7 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz)
if (ssl->decrypt.nonce == NULL)
ssl->decrypt.nonce = (byte*)XMALLOC(AEAD_NONCE_SZ,
ssl->heap, DYNAMIC_TYPE_AES);
ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
if (ssl->decrypt.nonce == NULL)
return MEMORY_E;
@@ -3733,7 +3733,7 @@ static int CheckRSASignature(WOLFSSL* ssl, int sigAlgo, int hashAlgo,
{
#ifdef WOLFSSL_SMALL_STACK
encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_SIGNATURE);
if (encodedSig == NULL) {
return MEMORY_E;
}
@@ -3750,7 +3750,7 @@ static int CheckRSASignature(WOLFSSL* ssl, int sigAlgo, int hashAlgo,
#ifdef WOLFSSL_SMALL_STACK
if (encodedSig != NULL)
XFREE(encodedSig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encodedSig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
#endif
}
@@ -4036,7 +4036,6 @@ typedef struct Scv13Args {
byte* verifySig;
#endif
byte* verify; /* not allocated */
byte* input;
word32 idx;
word32 sigLen;
int sendSz;
@@ -4055,18 +4054,14 @@ static void FreeScv13Args(WOLFSSL* ssl, void* pArgs)
#ifndef NO_RSA
if (args->verifySig) {
XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
args->verifySig = NULL;
}
#endif
if (args->sigData) {
XFREE(args->sigData, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(args->sigData, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
args->sigData = NULL;
}
if (args->input) {
XFREE(args->input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
args->input = NULL;
}
}
/* Send the TLS v1.3 CertificateVerify message.
@@ -4164,7 +4159,7 @@ int SendTls13CertificateVerify(WOLFSSL* ssl)
/* Create the data to be signed. */
args->sigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_SIGNATURE);
if (args->sigData == NULL) {
ERROR_OUT(MEMORY_E, exit_scv);
}
@@ -4178,7 +4173,7 @@ int SendTls13CertificateVerify(WOLFSSL* ssl)
/* build encoded signature buffer */
sig->length = MAX_ENCODED_SIG_SZ;
sig->buffer = (byte*)XMALLOC(sig->length, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_SIGNATURE);
if (sig->buffer == NULL) {
ERROR_OUT(MEMORY_E, exit_scv);
}
@@ -4287,7 +4282,7 @@ int SendTls13CertificateVerify(WOLFSSL* ssl)
if (ssl->hsType == DYNAMIC_TYPE_RSA) {
if (args->verifySig == NULL) {
args->verifySig = (byte*)XMALLOC(args->sigLen, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_SIGNATURE);
if (args->verifySig == NULL) {
ERROR_OUT(MEMORY_E, exit_scv);
}
@@ -4433,7 +4428,7 @@ static void FreeDcv13Args(WOLFSSL* ssl, void* pArgs)
Dcv13Args* args = (Dcv13Args*)pArgs;
if (args->sigData) {
XFREE(args->sigData, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(args->sigData, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
args->sigData = NULL;
}
@@ -4548,7 +4543,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
#endif
sig->buffer = (byte*)XMALLOC(args->sz, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_SIGNATURE);
if (sig->buffer == NULL) {
ERROR_OUT(MEMORY_E, exit_dcv);
}
@@ -4560,7 +4555,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
WOLFSSL_MSG("Doing ECC peer cert verify");
args->sigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_SIGNATURE);
if (args->sigData == NULL) {
ERROR_OUT(MEMORY_E, exit_dcv);
}
@@ -4581,7 +4576,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
WOLFSSL_MSG("Doing ED25519 peer cert verify");
args->sigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_SIGNATURE);
if (args->sigData == NULL) {
ERROR_OUT(MEMORY_E, exit_dcv);
}
+6 -6
View File
@@ -4491,12 +4491,12 @@ void FreeSignatureCtx(SignatureCtx* sigCtx)
return;
if (sigCtx->digest) {
XFREE(sigCtx->digest, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sigCtx->digest, sigCtx->heap, DYNAMIC_TYPE_DIGEST);
sigCtx->digest = NULL;
}
#ifndef NO_RSA
if (sigCtx->plain) {
XFREE(sigCtx->plain, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sigCtx->plain, sigCtx->heap, DYNAMIC_TYPE_SIGNATURE);
sigCtx->plain = NULL;
}
#endif
@@ -4641,7 +4641,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
case SIG_STATE_BEGIN:
{
sigCtx->digest = (byte*)XMALLOC(WC_MAX_DIGEST_SIZE, sigCtx->heap,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_DIGEST);
if (sigCtx->digest == NULL) {
ERROR_OUT(MEMORY_E, exit_cs);
}
@@ -4675,7 +4675,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
sigCtx->key.rsa = (RsaKey*)XMALLOC(sizeof(RsaKey),
sigCtx->heap, DYNAMIC_TYPE_RSA);
sigCtx->plain = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ,
sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
sigCtx->heap, DYNAMIC_TYPE_SIGNATURE);
if (sigCtx->key.rsa == NULL || sigCtx->plain == NULL) {
ERROR_OUT(MEMORY_E, exit_cs);
}
@@ -11236,7 +11236,7 @@ static int GetRevoked(const byte* buff, word32* idx, DecodedCRL* dcrl,
end = *idx + len;
rc = (RevokedCert*)XMALLOC(sizeof(RevokedCert), dcrl->heap,
DYNAMIC_TYPE_CRL);
DYNAMIC_TYPE_REVOKED);
if (rc == NULL) {
WOLFSSL_MSG("Alloc Revoked Cert failed");
return MEMORY_E;
@@ -11244,7 +11244,7 @@ static int GetRevoked(const byte* buff, word32* idx, DecodedCRL* dcrl,
if (GetSerialNumber(buff, idx, rc->serialNumber, &rc->serialSz,
maxIdx) < 0) {
XFREE(rc, dcrl->heap, DYNAMIC_TYPE_CRL);
XFREE(rc, dcrl->heap, DYNAMIC_TYPE_REVOKED);
return ASN_PARSE_E;
}
+42 -36
View File
@@ -654,49 +654,55 @@ static int wc_DhGenerateKeyPair_Async(DhKey* key, WC_RNG* rng,
int ret;
#if defined(HAVE_INTEL_QA)
mp_int x;
word32 sz;
/* verify prime is at least 768-bits */
/* QAT HW must have prime at least 768-bits */
sz = mp_unsigned_bin_size(&key->p);
if (sz >= (768/8)) {
mp_int x;
ret = mp_init(&x);
if (ret != MP_OKAY)
return ret;
ret = GeneratePrivateDh(key, rng, priv, privSz);
if (ret == 0)
ret = mp_read_unsigned_bin(&x, priv, *privSz);
if (ret == MP_OKAY)
ret = wc_mp_to_bigint(&x, &x.raw);
if (ret == MP_OKAY)
ret = wc_mp_to_bigint(&key->p, &key->p.raw);
if (ret == MP_OKAY)
ret = wc_mp_to_bigint(&key->g, &key->g.raw);
if (ret == MP_OKAY)
ret = IntelQaDhKeyGen(&key->asyncDev, &key->p.raw, &key->g.raw,
&x.raw, pub, pubSz);
mp_clear(&x);
ret = mp_init(&x);
if (ret != MP_OKAY)
return ret;
}
ret = GeneratePrivateDh(key, rng, priv, privSz);
if (ret == 0)
ret = mp_read_unsigned_bin(&x, priv, *privSz);
if (ret == MP_OKAY)
ret = wc_mp_to_bigint(&x, &x.raw);
if (ret == MP_OKAY)
ret = wc_mp_to_bigint(&key->p, &key->p.raw);
if (ret == MP_OKAY)
ret = wc_mp_to_bigint(&key->g, &key->g.raw);
if (ret == MP_OKAY)
ret = IntelQaDhKeyGen(&key->asyncDev, &key->p.raw, &key->g.raw,
&x.raw, pub, pubSz);
mp_clear(&x);
#elif defined(HAVE_CAVIUM)
/* TODO: Not implemented - use software for now */
#else
#if defined(HAVE_CAVIUM)
/* TODO: Not implemented - use software for now */
#else /* WOLFSSL_ASYNC_CRYPT_TEST */
WC_ASYNC_TEST* testDev = &key->asyncDev.test;
if (testDev->type == ASYNC_TEST_NONE) {
testDev->type = ASYNC_TEST_DH_GEN;
testDev->dhGen.key = key;
testDev->dhGen.rng = rng;
testDev->dhGen.priv = priv;
testDev->dhGen.privSz = privSz;
testDev->dhGen.pub = pub;
testDev->dhGen.pubSz = pubSz;
return WC_PENDING_E;
}
#endif
#else /* WOLFSSL_ASYNC_CRYPT_TEST */
WC_ASYNC_TEST* testDev = &key->asyncDev.test;
if (testDev->type == ASYNC_TEST_NONE) {
testDev->type = ASYNC_TEST_DH_GEN;
testDev->dhGen.key = key;
testDev->dhGen.rng = rng;
testDev->dhGen.priv = priv;
testDev->dhGen.privSz = privSz;
testDev->dhGen.pub = pub;
testDev->dhGen.pubSz = pubSz;
return WC_PENDING_E;
}
#endif
/* otherwise use software DH */
ret = wc_DhGenerateKeyPair_Sync(key, rng, priv, privSz, pub, pubSz);
#endif /* HAVE_INTEL_QA */
return ret;
}
#endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_DH */
-2
View File
@@ -90,13 +90,11 @@ void wc_FreeDsaKey(DsaKey* key)
if (key->type == DSA_PRIVATE)
mp_forcezero(&key->x);
#ifndef USE_FAST_MATH
mp_clear(&key->x);
mp_clear(&key->y);
mp_clear(&key->g);
mp_clear(&key->q);
mp_clear(&key->p);
#endif
}
#ifdef WOLFSSL_KEY_GEN
+34 -36
View File
@@ -2583,10 +2583,8 @@ static int wc_ecc_cmp_param(const char* curveParam,
}
}
#ifndef USE_FAST_MATH
mp_clear(&a);
mp_clear(&b);
#endif
return err;
}
@@ -2933,7 +2931,7 @@ static int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order)
#endif
#ifdef WOLFSSL_SMALL_STACK
buf = (byte*)XMALLOC(ECC_MAXSIZE_GEN, NULL, DYNAMIC_TYPE_TMP_BUFFER);
buf = (byte*)XMALLOC(ECC_MAXSIZE_GEN, NULL, DYNAMIC_TYPE_ECC_BUFFER);
if (buf == NULL)
return MEMORY_E;
#endif
@@ -2964,7 +2962,7 @@ static int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order)
ForceZero(buf, ECC_MAXSIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(buf, NULL, DYNAMIC_TYPE_ECC_BUFFER);
#endif
return err;
@@ -3655,13 +3653,13 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
}
/* allocate memory */
tA = (unsigned char*)XMALLOC(ECC_BUFSIZE, heap, DYNAMIC_TYPE_TMP_BUFFER);
tA = (unsigned char*)XMALLOC(ECC_BUFSIZE, heap, DYNAMIC_TYPE_ECC_BUFFER);
if (tA == NULL) {
return GEN_MEM_ERR;
}
tB = (unsigned char*)XMALLOC(ECC_BUFSIZE, heap, DYNAMIC_TYPE_TMP_BUFFER);
tB = (unsigned char*)XMALLOC(ECC_BUFSIZE, heap, DYNAMIC_TYPE_ECC_BUFFER);
if (tB == NULL) {
XFREE(tA, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tA, heap, DYNAMIC_TYPE_ECC_BUFFER);
return GEN_MEM_ERR;
}
@@ -3834,8 +3832,8 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
ForceZero(tA, ECC_BUFSIZE);
ForceZero(tB, ECC_BUFSIZE);
XFREE(tA, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tB, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tA, heap, DYNAMIC_TYPE_ECC_BUFFER);
XFREE(tB, heap, DYNAMIC_TYPE_ECC_BUFFER);
return err;
}
@@ -4356,7 +4354,7 @@ int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out,
out[0] = 0x04;
#ifdef WOLFSSL_SMALL_STACK
buf = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
buf = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER);
if (buf == NULL)
return MEMORY_E;
#endif
@@ -4381,7 +4379,7 @@ int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out,
done:
#ifdef WOLFSSL_SMALL_STACK
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(buf, NULL, DYNAMIC_TYPE_ECC_BUFFER);
#endif
#endif /* WOLFSSL_ATECC508A */
@@ -4442,7 +4440,7 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen)
out[0] = 0x04;
#ifdef WOLFSSL_SMALL_STACK
buf = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
buf = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER);
if (buf == NULL)
return MEMORY_E;
#endif
@@ -4465,7 +4463,7 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen)
done:
#ifdef WOLFSSL_SMALL_STACK
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(buf, NULL, DYNAMIC_TYPE_ECC_BUFFER);
#endif
#endif /* WOLFSSL_ATECC508A */
@@ -6242,7 +6240,7 @@ static int accel_fp_mul(int idx, mp_int* k, ecc_point *R, mp_int* a,
/* store k */
#ifdef WOLFSSL_SMALL_STACK
kb = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
kb = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER);
if (kb == NULL) {
err = MEMORY_E; goto done;
}
@@ -6318,7 +6316,7 @@ done:
mp_clear(&tk);
#ifdef WOLFSSL_SMALL_STACK
XFREE(kb, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(kb, NULL, DYNAMIC_TYPE_ECC_BUFFER);
#endif
#undef KB_SIZE
@@ -6425,7 +6423,7 @@ static int accel_fp_mul2add(int idx1, int idx2,
/* store k */
#ifdef WOLFSSL_SMALL_STACK
kb[0] = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
kb[0] = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER);
if (kb[0] == NULL) {
err = MEMORY_E; goto done;
}
@@ -6450,7 +6448,7 @@ static int accel_fp_mul2add(int idx1, int idx2,
/* store b */
#ifdef WOLFSSL_SMALL_STACK
kb[1] = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
kb[1] = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER);
if (kb[1] == NULL) {
err = MEMORY_E; goto done;
}
@@ -6550,8 +6548,8 @@ done:
ForceZero(kb[1], KB_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(kb[0], NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(kb[1], NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(kb[0], NULL, DYNAMIC_TYPE_ECC_BUFFER);
XFREE(kb[1], NULL, DYNAMIC_TYPE_ECC_BUFFER);
#endif
#undef KB_SIZE
@@ -7131,13 +7129,13 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
return BUFFER_E;
#ifdef WOLFSSL_SMALL_STACK
sharedSecret = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
sharedSecret = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER);
if (sharedSecret == NULL)
return MEMORY_E;
keys = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
keys = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER);
if (keys == NULL) {
XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sharedSecret, NULL, DYNAMIC_TYPE_ECC_BUFFER);
return MEMORY_E;
}
#endif
@@ -7220,8 +7218,8 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
*outSz = msgSz + digestSz;
#ifdef WOLFSSL_SMALL_STACK
XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(keys, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sharedSecret, NULL, DYNAMIC_TYPE_ECC_BUFFER);
XFREE(keys, NULL, DYNAMIC_TYPE_ECC_BUFFER);
#endif
return ret;
@@ -7294,13 +7292,13 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
return BUFFER_E;
#ifdef WOLFSSL_SMALL_STACK
sharedSecret = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
sharedSecret = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER);
if (sharedSecret == NULL)
return MEMORY_E;
keys = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
keys = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER);
if (keys == NULL) {
XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sharedSecret, NULL, DYNAMIC_TYPE_ECC_BUFFER);
return MEMORY_E;
}
#endif
@@ -7391,8 +7389,8 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
*outSz = msgSz - digestSz;
#ifdef WOLFSSL_SMALL_STACK
XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(keys, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sharedSecret, NULL, DYNAMIC_TYPE_ECC_BUFFER);
XFREE(keys, NULL, DYNAMIC_TYPE_ECC_BUFFER);
#endif
return ret;
@@ -7856,7 +7854,7 @@ int wc_X963_KDF(enum wc_HashType type, const byte* secret, word32 secretSz,
#ifdef WOLFSSL_SMALL_STACK
hash = (wc_HashAlg*)XMALLOC(sizeof(wc_HashAlg), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
DYNAMIC_TYPE_HASHES);
if (hash == NULL)
return MEMORY_E;
#endif
@@ -7864,7 +7862,7 @@ int wc_X963_KDF(enum wc_HashType type, const byte* secret, word32 secretSz,
ret = wc_HashInit(hash, type);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(hash, NULL, DYNAMIC_TYPE_HASHES);
#endif
return ret;
}
@@ -7879,7 +7877,7 @@ int wc_X963_KDF(enum wc_HashType type, const byte* secret, word32 secretSz,
ret = wc_HashUpdate(hash, type, secret, secretSz);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(hash, NULL, DYNAMIC_TYPE_HASHES);
#endif
return ret;
}
@@ -7887,7 +7885,7 @@ int wc_X963_KDF(enum wc_HashType type, const byte* secret, word32 secretSz,
ret = wc_HashUpdate(hash, type, counter, sizeof(counter));
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(hash, NULL, DYNAMIC_TYPE_HASHES);
#endif
return ret;
}
@@ -7896,7 +7894,7 @@ int wc_X963_KDF(enum wc_HashType type, const byte* secret, word32 secretSz,
ret = wc_HashUpdate(hash, type, sinfo, sinfoSz);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(hash, NULL, DYNAMIC_TYPE_HASHES);
#endif
return ret;
}
@@ -7905,7 +7903,7 @@ int wc_X963_KDF(enum wc_HashType type, const byte* secret, word32 secretSz,
ret = wc_HashFinal(hash, type, tmp);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(hash, NULL, DYNAMIC_TYPE_HASHES);
#endif
return ret;
}
@@ -7918,7 +7916,7 @@ int wc_X963_KDF(enum wc_HashType type, const byte* secret, word32 secretSz,
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(hash, NULL, DYNAMIC_TYPE_HASHES);
#endif
return 0;
+185 -231
View File
@@ -43,6 +43,8 @@
#include <wolfssl/wolfcrypt/pwdbased.h>
#define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; }
enum {
WC_PKCS12_KeyBag = 667,
WC_PKCS12_ShroudedKeyBag = 668,
@@ -149,24 +151,25 @@ void wc_PKCS12_free(WC_PKCS12* pkcs12)
heap = pkcs12->heap;
if (pkcs12->safe != NULL) {
freeSafe(pkcs12->safe, heap);
freeSafe(pkcs12->safe, heap);
}
/* free mac data */
if (pkcs12->signData != NULL) {
if (pkcs12->signData->digest != NULL) {
XFREE(pkcs12->signData->digest, heap, DYNAMIC_TYPE_PKCS);
XFREE(pkcs12->signData->digest, heap, DYNAMIC_TYPE_DIGEST);
pkcs12->signData->digest = NULL;
}
if (pkcs12->signData->salt != NULL) {
XFREE(pkcs12->signData->salt, heap, DYNAMIC_TYPE_PKCS);
XFREE(pkcs12->signData->salt, heap, DYNAMIC_TYPE_SALT);
pkcs12->signData->salt = NULL;
}
XFREE(pkcs12->signData, heap, DYNAMIC_TYPE_PKCS);
pkcs12->signData = NULL;
}
XFREE(pkcs12, NULL, DYNAMIC_TYPE_PKCS);
pkcs12 = NULL;
(void)heap;
}
@@ -254,9 +257,9 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input,
word32 curIdx;
ContentInfo* ci = NULL;
#ifdef WOLFSSL_DEBUG_PKCS12
printf("\t\tlooking for Content Info.... ");
#endif
#ifdef WOLFSSL_DEBUG_PKCS12
printf("\t\tlooking for Content Info.... ");
#endif
if ((ret = GetSequence(input, &localIdx, &curSz, safe->dataSz))
< 0) {
@@ -291,19 +294,19 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input,
ci->data = (byte*)input + localIdx;
localIdx += ci->dataSz;
#ifdef WOLFSSL_DEBUG_PKCS12
#ifdef WOLFSSL_DEBUG_PKCS12
switch (oid) {
case WC_PKCS12_ENCRYPTED_DATA:
printf("CONTENT INFO: ENCRYPTED DATA, size = %d\n", ci->dataSz);
break;
case WC_PKCS12_DATA:
case WC_PKCS12_DATA:
printf("CONTENT INFO: DATA, size = %d\n", ci->dataSz);
break;
default:
default:
printf("CONTENT INFO: UNKNOWN, size = %d\n", ci->dataSz);
}
#endif
#endif
/* insert to head of list */
ci->next = safe->CI;
@@ -315,7 +318,7 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input,
pkcs12->safe = safe;
*idx += localIdx;
return 1;
return ret;
}
@@ -328,7 +331,6 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx,
word32 oid = 0;
int size, ret;
/* Digest Info : Sequence
* DigestAlgorithmIdentifier
* Digest
@@ -356,9 +358,9 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx,
}
mac->oid = oid;
#ifdef WOLFSSL_DEBUG_PKCS12
#ifdef WOLFSSL_DEBUG_PKCS12
printf("\t\tALGO ID = %d\n", oid);
#endif
#endif
/* Digest: should be octet type holding digest */
if (mem[curIdx++] != ASN_OCTET_STRING) {
@@ -373,13 +375,13 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx,
}
mac->digestSz = size;
mac->digest = (byte*)XMALLOC(mac->digestSz, pkcs12->heap,
DYNAMIC_TYPE_PKCS);
DYNAMIC_TYPE_DIGEST);
if (mac->digest == NULL || mac->digestSz + curIdx > totalSz) {
XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS);
return MEMORY_E;
ERROR_OUT(MEMORY_E, exit_gsd);
}
XMEMCPY(mac->digest, mem + curIdx, mac->digestSz);
#ifdef WOLFSSL_DEBUG_PKCS12
#ifdef WOLFSSL_DEBUG_PKCS12
{
byte* p;
for (printf("\t\tDigest = "), p = (byte*)mem+curIdx;
@@ -387,32 +389,27 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx,
printf("%02X", *p), p++);
printf(" : size = %d\n", mac->digestSz);
}
#endif
#endif
curIdx += mac->digestSz;
/* get salt, should be octet string */
if (mem[curIdx++] != ASN_OCTET_STRING) {
WOLFSSL_MSG("Failed to get salt");
XFREE(mac->digest, pkcs12->heap, DYNAMIC_TYPE_PKCS);
XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS);
return ASN_PARSE_E;
ERROR_OUT(ASN_PARSE_E, exit_gsd);
}
if ((ret = GetLength(mem, &curIdx, &size, totalSz)) <= 0) {
XFREE(mac->digest, pkcs12->heap, DYNAMIC_TYPE_PKCS);
XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS);
return ret;
goto exit_gsd;
}
mac->saltSz = size;
mac->salt = (byte*)XMALLOC(mac->saltSz, pkcs12->heap,
DYNAMIC_TYPE_PKCS);
mac->salt = (byte*)XMALLOC(mac->saltSz, pkcs12->heap, DYNAMIC_TYPE_SALT);
if (mac->salt == NULL || mac->saltSz + curIdx > totalSz) {
XFREE(mac->digest, pkcs12->heap, DYNAMIC_TYPE_PKCS);
XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS);
return MEMORY_E;
ERROR_OUT(MEMORY_E, exit_gsd);
}
XMEMCPY(mac->salt, mem + curIdx, mac->saltSz);
#ifdef WOLFSSL_DEBUG_PKCS12
#ifdef WOLFSSL_DEBUG_PKCS12
{
byte* p;
for (printf("\t\tSalt = "), p = (byte*)mem + curIdx;
@@ -420,7 +417,8 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx,
printf("%02X", *p), p++);
printf(" : size = %d\n", mac->saltSz);
}
#endif
#endif
curIdx += mac->saltSz;
/* check for MAC itterations, default to 1 */
@@ -439,8 +437,20 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx,
*idx = curIdx;
pkcs12->signData = mac;
ret = 0; /* success */
return 0;
exit_gsd:
/* failure cleanup */
if (ret != 0) {
if (mac) {
if (mac->digest)
XFREE(mac->digest, pkcs12->heap, DYNAMIC_TYPE_DIGEST);
XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS);
}
}
return ret;
}
@@ -472,7 +482,7 @@ static int wc_PKCS12_verify(WC_PKCS12* pkcs12, byte* data, word32 dataSz,
}
/* unicode set up from asn.c */
if ( (pswSz * 2 + 2) > (int)sizeof(unicodePasswd)) {
if ((pswSz * 2 + 2) > (int)sizeof(unicodePasswd)) {
WOLFSSL_MSG("PKCS12 max unicode size too small");
return UNICODE_SIZE_E;
}
@@ -487,34 +497,30 @@ static int wc_PKCS12_verify(WC_PKCS12* pkcs12, byte* data, word32 dataSz,
/* get hash type used and resulting size of HMAC key */
switch (mac->oid) {
#ifndef NO_SHA
#ifndef NO_SHA
case SHAh: /* 88 */
typeH = SHA;
kLen = SHA_DIGEST_SIZE;
break;
#endif
#ifndef NO_SHA256
#endif
#ifndef NO_SHA256
case SHA256h: /* 414 */
typeH = SHA256;
kLen = SHA256_DIGEST_SIZE;
break;
#endif
#ifdef WOLFSSL_SHA384
#endif
#ifdef WOLFSSL_SHA384
case SHA384h: /* 415 */
typeH = SHA384;
kLen = SHA384_DIGEST_SIZE;
break;
#endif
#ifdef WOLFSSL_SHA512
#endif
#ifdef WOLFSSL_SHA512
case SHA512h: /* 416 */
typeH = SHA512;
kLen = SHA512_DIGEST_SIZE;
break;
#endif
#endif
default: /* May be SHA224 or was just not built in */
WOLFSSL_MSG("Unsupported hash used");
return BAD_FUNC_ARG;
@@ -527,7 +533,7 @@ static int wc_PKCS12_verify(WC_PKCS12* pkcs12, byte* data, word32 dataSz,
}
/* now that key has been created use it to get HMAC hash on data */
if ((ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID)) != 0) {
if ((ret = wc_HmacInit(&hmac, pkcs12->heap, INVALID_DEVID)) != 0) {
return ret;
}
ret = wc_HmacSetKey(&hmac, typeH, key, kLen);
@@ -560,6 +566,7 @@ static int wc_PKCS12_verify(WC_PKCS12* pkcs12, byte* data, word32 dataSz,
* der : pointer to der buffer holding PKCS12
* derSz : size of der buffer
* pkcs12 : non-null pkcs12 pointer
* return 0 on success and negative on failure.
*/
int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12)
{
@@ -586,10 +593,10 @@ int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12)
return ret;
}
#ifdef WOLFSSL_DEBUG_PKCS12
#ifdef WOLFSSL_DEBUG_PKCS12
printf("\nBEGIN: PKCS12 size = %d\n", totalSz);
printf("version = %d\n", version);
#endif
#endif
if (version != 3) {
WOLFSSL_MSG("PKCS12 unsupported version!");
@@ -600,9 +607,9 @@ int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12)
return ret;
}
#ifdef WOLFSSL_DEBUG_PKCS12
#ifdef WOLFSSL_DEBUG_PKCS12
printf("\tSEQUENCE: AuthenticatedSafe size = %d\n", size);
#endif
#endif
if ((ret = GetSafeContent(pkcs12, der, &idx, size + idx)) < 0) {
WOLFSSL_MSG("GetSafeContent error");
@@ -615,9 +622,9 @@ int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12)
WOLFSSL_MSG("Ignoring unknown data at end of PKCS12 DER buffer");
}
else {
#ifdef WOLFSSL_DEBUG_PKCS12
#ifdef WOLFSSL_DEBUG_PKCS12
printf("\tSEQUENCE: Signature size = %d\n", size);
#endif
#endif
if ((ret = GetSignData(pkcs12, der, &idx, totalSz)) < 0) {
return ASN_PARSE_E;
@@ -625,25 +632,26 @@ int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12)
}
}
#ifdef WOLFSSL_DEBUG_PKCS12
#ifdef WOLFSSL_DEBUG_PKCS12
printf("END: PKCS12\n");
#endif
#endif
return 1;
return ret;
}
/* helper function to free WC_DerCertList */
static void freeCertList(WC_DerCertList* list, void* heap) {
WC_DerCertList* current;
static void freeCertList(WC_DerCertList* list, void* heap)
{
WC_DerCertList* current = list;
WC_DerCertList* next;
if (list == NULL) {
return;
}
current = list;
while(current != NULL) {
WC_DerCertList* next = current->next;
while (current != NULL) {
next = current->next;
if (current->buffer != NULL) {
XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS);
}
@@ -654,20 +662,42 @@ static void freeCertList(WC_DerCertList* list, void* heap) {
(void)heap;
}
static void freeBuffers(byte* a, byte* b, void* heap)
static void freeDecCertList(WC_DerCertList** list, byte** pkey, word32* pkeySz,
byte** cert, word32* certSz, void* heap)
{
if (a != NULL) {
XFREE(a, heap, DYNAMIC_TYPE_PKCS);
WC_DerCertList* current = *list;
WC_DerCertList* previous = NULL;
DecodedCert DeCert;
while (current != NULL) {
InitDecodedCert(&DeCert, current->buffer, current->bufferSz, heap);
if (ParseCertRelative(&DeCert, CERT_TYPE, NO_VERIFY, NULL) == 0) {
if (wc_CheckPrivateKey(*pkey, *pkeySz, &DeCert) == 1) {
WOLFSSL_MSG("Key Pair found");
*cert = current->buffer;
*certSz = current->bufferSz;
if (previous == NULL) {
*list = current->next;
}
else {
previous->next = current->next;
}
FreeDecodedCert(&DeCert);
XFREE(current, heap, DYNAMIC_TYPE_PKCS);
break;
}
}
FreeDecodedCert(&DeCert);
previous = current;
current = current->next;
}
if (b != NULL) {
XFREE(b, heap, DYNAMIC_TYPE_PKCS);
}
(void)heap;
}
/* return 1 on success and 0 on failure.
/* return 0 on success and negative on failure.
* By side effect returns private key, cert, and optionally ca.
* Parses and decodes the parts of PKCS12
*
@@ -693,15 +723,15 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
WOLFSSL_ENTER("wc_PKCS12_parse");
if (pkcs12 == NULL || psw == NULL || cert == NULL || certSz == NULL ||
pkey == NULL || pkeySz == NULL) {
pkey == NULL || pkeySz == NULL) {
return BAD_FUNC_ARG;
}
pswSz = (int)XSTRLEN(psw);
*cert = NULL;
*pkey = NULL;
if (ca != NULL) {
if (ca != NULL)
*ca = NULL;
}
/* if there is sign data then verify the MAC */
if (pkcs12->signData != NULL ) {
@@ -731,26 +761,18 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
WOLFSSL_MSG("Decrypting PKCS12 Content Info Container");
data = ci->data;
if (data[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ASN_PARSE_E;
ERROR_OUT(ASN_PARSE_E, exit_pk12par);
}
if ((ret = GetLength(data, &idx, &size, ci->dataSz)) < 0) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ret;
goto exit_pk12par;
}
if ((ret = GetSequence(data, &idx, &size, ci->dataSz)) < 0) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ret;
goto exit_pk12par;
}
if ((ret = GetShortInt(data, &idx, &number, ci->dataSz)) < 0) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ret;
goto exit_pk12par;
}
if (number != 0) {
@@ -758,39 +780,32 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
}
if ((ret = GetSequence(data, &idx, &size, ci->dataSz)) < 0) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ret;
goto exit_pk12par;
}
ret = GetObjectId(data, &idx, &oid, oidIgnoreType, ci->dataSz);
if (ret < 0 || oid != WC_PKCS12_DATA) {
WOLFSSL_MSG("Not PKCS12 DATA object or get object parse error");
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ASN_PARSE_E;
ERROR_OUT(ASN_PARSE_E, exit_pk12par);
}
/* decrypted content overwrites input buffer */
size = ci->dataSz - idx;
buf = (byte*)XMALLOC(size, pkcs12->heap, DYNAMIC_TYPE_PKCS);
if (buf == NULL) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return MEMORY_E;
ERROR_OUT(MEMORY_E, exit_pk12par);
}
XMEMCPY(buf, data + idx, size);
if ((ret = DecryptContent(buf, size, psw, pswSz)) < 0) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
WOLFSSL_MSG("Decryption failed, algorithm not compiled in?");
return ret;
goto exit_pk12par;
}
data = buf;
idx = 0;
#ifdef WOLFSSL_DEBUG_PKCS12
#ifdef WOLFSSL_DEBUG_PKCS12
{
byte* p;
for (printf("\tData = "), p = (byte*)buf;
@@ -798,56 +813,42 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
printf("%02X", *p), p++);
printf("\n");
}
#endif
#endif
}
else { /* type DATA */
WOLFSSL_MSG("Parsing PKCS12 DATA Content Info Container");
data = ci->data;
if (data[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ASN_PARSE_E;
ERROR_OUT(ASN_PARSE_E, exit_pk12par);
}
if ((ret = GetLength(data, &idx, &size, ci->dataSz)) <= 0) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ret;
goto exit_pk12par;
}
if (data[idx++] != ASN_OCTET_STRING) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ASN_PARSE_E;
ERROR_OUT(ASN_PARSE_E, exit_pk12par);
}
if ((ret = GetLength(data, &idx, &size, ci->dataSz)) < 0) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ret;
goto exit_pk12par;
}
}
/* parse through bags in ContentInfo */
if ((ret = GetSequence(data, &idx, &totalSz, ci->dataSz)) < 0) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ret;
goto exit_pk12par;
}
totalSz += idx;
while ((int)idx < totalSz) {
int bagSz;
if ((ret = GetSequence(data, &idx, &bagSz, ci->dataSz)) < 0) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ret;
goto exit_pk12par;
}
bagSz += idx;
if ((ret = GetObjectId(data, &idx, &oid, oidIgnoreType,
ci->dataSz)) < 0) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ret;
goto exit_pk12par;
}
switch (oid) {
@@ -855,35 +856,30 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
WOLFSSL_MSG("PKCS12 Key Bag found");
if (data[idx++] !=
(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ASN_PARSE_E;
ERROR_OUT(ASN_PARSE_E, exit_pk12par);
}
if ((ret = GetLength(data, &idx, &size, ci->dataSz)) <= 0) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ASN_PARSE_E;
goto exit_pk12par;
}
if (*pkey == NULL) {
*pkey = (byte*)XMALLOC(size, pkcs12->heap,
DYNAMIC_TYPE_PKCS);
DYNAMIC_TYPE_PUBLIC_KEY);
if (*pkey == NULL) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return MEMORY_E;
ERROR_OUT(MEMORY_E, exit_pk12par);
}
XMEMCPY(*pkey, data + idx, size);
*pkeySz = ToTraditional(*pkey, size);
}
#ifdef WOLFSSL_DEBUG_PKCS12
{
byte* p;
for (printf("\tKey = "), p = (byte*)*pkey;
p < (byte*)*pkey + size;
printf("%02X", *p), p++);
printf("\n");
}
#endif
#ifdef WOLFSSL_DEBUG_PKCS12
{
byte* p;
for (printf("\tKey = "), p = (byte*)*pkey;
p < (byte*)*pkey + size;
printf("%02X", *p), p++);
printf("\n");
}
#endif
idx += size;
break;
@@ -893,42 +889,32 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
WOLFSSL_MSG("PKCS12 Shrouded Key Bag found");
if (data[idx++] !=
(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ASN_PARSE_E;
ERROR_OUT(ASN_PARSE_E, exit_pk12par);
}
if ((ret = GetLength(data, &idx, &size,
ci->dataSz)) < 0) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ASN_PARSE_E;
goto exit_pk12par;
}
k = (byte*)XMALLOC(size, pkcs12->heap,
DYNAMIC_TYPE_PKCS);
DYNAMIC_TYPE_PUBLIC_KEY);
if (k == NULL) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return MEMORY_E;
ERROR_OUT(MEMORY_E, exit_pk12par);
}
XMEMCPY(k, data + idx, size);
/* overwrites input, be warned */
if ((ret = ToTraditionalEnc(k, size, psw, pswSz)) < 0) {
freeBuffers(k, NULL, pkcs12->heap);
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ret;
XFREE(k, pkcs12->heap, DYNAMIC_TYPE_PUBLIC_KEY);
goto exit_pk12par;
}
if (ret < size) {
/* shrink key buffer */
k = (byte*)XREALLOC(k, ret, pkcs12->heap,
DYNAMIC_TYPE_PKCS);
DYNAMIC_TYPE_PUBLIC_KEY);
if (k == NULL) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return MEMORY_E;
ERROR_OUT(MEMORY_E, exit_pk12par);
}
}
size = ret;
@@ -938,11 +924,11 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
*pkeySz = size;
}
else { /* only expecting one key */
freeBuffers(k, NULL, pkcs12->heap);
XFREE(k, pkcs12->heap, DYNAMIC_TYPE_PUBLIC_KEY);
}
idx += size;
#ifdef WOLFSSL_DEBUG_PKCS12
#ifdef WOLFSSL_DEBUG_PKCS12
{
byte* p;
for (printf("\tKey = "), p = (byte*)k;
@@ -950,7 +936,7 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
printf("%02X", *p), p++);
printf("\n");
}
#endif
#endif
}
break;
@@ -960,28 +946,20 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
WOLFSSL_MSG("PKCS12 Cert Bag found");
if (data[idx++] !=
(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ASN_PARSE_E;
ERROR_OUT(ASN_PARSE_E, exit_pk12par);
}
if ((ret = GetLength(data, &idx, &size, ci->dataSz)) < 0) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ret;
goto exit_pk12par;
}
/* get cert bag type */
if ((ret = GetSequence(data, &idx, &size, ci->dataSz)) <0) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ret;
goto exit_pk12par;
}
if ((ret = GetObjectId(data, &idx, &oid, oidIgnoreType,
ci->dataSz)) < 0) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ret;
goto exit_pk12par;
}
switch (oid) {
@@ -990,26 +968,19 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
WOLFSSL_MSG("PKCS12 cert bag type 1");
if (data[idx++] !=
(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ASN_PARSE_E;
ERROR_OUT(ASN_PARSE_E, exit_pk12par);
}
if ((ret = GetLength(data, &idx, &size, ci->dataSz))
<= 0) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ret;
goto exit_pk12par;
}
if (data[idx++] != ASN_OCTET_STRING) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ASN_PARSE_E;
ERROR_OUT(ASN_PARSE_E, exit_pk12par);
}
if ((ret = GetLength(data, &idx, &size, ci->dataSz))
< 0) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ret;
goto exit_pk12par;
}
break;
default:
@@ -1017,18 +988,14 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
}
if (size + idx > (word32)bagSz) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return ASN_PARSE_E;
ERROR_OUT(ASN_PARSE_E, exit_pk12par);
}
/* list to hold all certs found */
node = (WC_DerCertList*)XMALLOC(sizeof(WC_DerCertList),
pkcs12->heap, DYNAMIC_TYPE_PKCS);
if (node == NULL) {
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return MEMORY_E;
ERROR_OUT(MEMORY_E, exit_pk12par);
}
XMEMSET(node, 0, sizeof(WC_DerCertList));
@@ -1036,9 +1003,7 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
DYNAMIC_TYPE_PKCS);
if (node->buffer == NULL) {
XFREE(node, pkcs12->heap, DYNAMIC_TYPE_PKCS);
freeBuffers(*pkey, buf, pkcs12->heap);
freeCertList(certList, pkcs12->heap);
return MEMORY_E;
ERROR_OUT(MEMORY_E, exit_pk12par);
}
XMEMCPY(node->buffer, data + idx, size);
node->bufferSz = size;
@@ -1085,47 +1050,17 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
XFREE(buf, pkcs12->heap, DYNAMIC_TYPE_PKCS);
buf = NULL;
}
ci = ci->next;
WOLFSSL_MSG("Done Parsing PKCS12 Content Info Container");
}
/* check if key pair, remove from list */
{
WC_DerCertList* current = certList;
WC_DerCertList* previous = NULL;
if (*pkey != NULL) {
while (current != NULL) {
DecodedCert DeCert;
InitDecodedCert(&DeCert, current->buffer, current->bufferSz,
pkcs12->heap);
if (ParseCertRelative(&DeCert, CERT_TYPE, NO_VERIFY, NULL) == 0) {
if (wc_CheckPrivateKey(*pkey, *pkeySz, &DeCert) == 1) {
WOLFSSL_MSG("Key Pair found");
*cert = current->buffer;
*certSz = current->bufferSz;
if (previous == NULL) {
certList = current->next;
}
else {
previous->next = current->next;
}
FreeDecodedCert(&DeCert);
XFREE(current, pkcs12->heap, DYNAMIC_TYPE_PKCS);
break;
}
}
FreeDecodedCert(&DeCert);
previous = current;
current = current->next;
}
}
if (*pkey != NULL) {
freeDecCertList(&certList, pkey, pkeySz, cert, certSz, pkcs12->heap);
}
/* if ca arg provided return certList, otherwise free it */
if (ca != NULL) {
*ca = certList;
}
@@ -1134,7 +1069,25 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
freeCertList(certList, pkcs12->heap);
}
return 1;
ret = 0; /* success */
exit_pk12par:
if (ret != 0) {
/* failure cleanup */
if (*pkey) {
XFREE(*pkey, pkcs12->heap, DYNAMIC_TYPE_PUBLIC_KEY);
*pkey = NULL;
}
if (buf) {
XFREE(buf, pkcs12->heap, DYNAMIC_TYPE_PKCS);
buf = NULL;
}
freeCertList(certList, pkcs12->heap);
}
return ret;
}
@@ -1160,5 +1113,6 @@ void* wc_PKCS12_GetHeap(WC_PKCS12* pkcs12)
return pkcs12->heap;
}
#endif /* !defined(NO_ASN) && !defined(NO_PWDBASED) */
#undef ERROR_OUT
#endif /* !NO_ASN && !NO_PWDBASED */
+22 -22
View File
@@ -1033,7 +1033,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
}
flatSignedAttribs = (byte*)XMALLOC(esd->signedAttribsSz, pkcs7->heap,
DYNAMIC_TYPE_PKCS);
DYNAMIC_TYPE_PKCS7);
flatSignedAttribsSz = esd->signedAttribsSz;
if (flatSignedAttribs == NULL) {
#ifdef WOLFSSL_SMALL_STACK
@@ -1053,7 +1053,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
flatSignedAttribsSz, esd);
if (ret < 0) {
if (pkcs7->signedAttribsSz != 0)
XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
#ifdef WOLFSSL_SMALL_STACK
XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@@ -1095,7 +1095,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
if (outputSz < totalSz) {
if (pkcs7->signedAttribsSz != 0)
XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
#ifdef WOLFSSL_SMALL_STACK
XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@@ -1154,7 +1154,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
idx += esd->signedAttribSetSz;
XMEMCPY(output + idx, flatSignedAttribs, flatSignedAttribsSz);
idx += flatSignedAttribsSz;
XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
}
XMEMCPY(output + idx, esd->digEncAlgoId, esd->digEncAlgoIdSz);
@@ -4168,7 +4168,7 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
attribs = (EncodedAttrib*)XMALLOC(
sizeof(EncodedAttrib) * pkcs7->unprotectedAttribsSz,
pkcs7->heap, DYNAMIC_TYPE_PKCS);
pkcs7->heap, DYNAMIC_TYPE_PKCS7);
if (attribs == NULL) {
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -4180,9 +4180,9 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
pkcs7->unprotectedAttribs,
pkcs7->unprotectedAttribsSz);
flatAttribs = (byte*)XMALLOC(attribsSz, pkcs7->heap, DYNAMIC_TYPE_PKCS);
flatAttribs = (byte*)XMALLOC(attribsSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
if (flatAttribs == NULL) {
XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return MEMORY_E;
@@ -4217,8 +4217,8 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
if (totalSz > (int)outputSz) {
WOLFSSL_MSG("PKCS#7 output buffer too small");
if (pkcs7->unprotectedAttribsSz != 0) {
XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
}
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -4255,8 +4255,8 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
idx += attribsSetSz;
XMEMCPY(output + idx, flatAttribs, attribsSz);
idx += attribsSz;
XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
}
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -4298,7 +4298,7 @@ static int wc_PKCS7_DecodeUnprotectedAttributes(PKCS7* pkcs7, byte* pkiMsg,
savedIdx = idx;
attrib = (PKCS7DecodedAttrib*)XMALLOC(sizeof(PKCS7DecodedAttrib),
pkcs7->heap, DYNAMIC_TYPE_PKCS);
pkcs7->heap, DYNAMIC_TYPE_PKCS7);
if (attrib == NULL) {
return MEMORY_E;
}
@@ -4306,38 +4306,38 @@ static int wc_PKCS7_DecodeUnprotectedAttributes(PKCS7* pkcs7, byte* pkiMsg,
/* save attribute OID bytes and size */
if (GetObjectId(pkiMsg, &idx, &oid, oidIgnoreType, pkiMsgSz) < 0) {
XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS);
XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return ASN_PARSE_E;
}
attrib->oidSz = idx - savedIdx;
attrib->oid = (byte*)XMALLOC(attrib->oidSz, pkcs7->heap,
DYNAMIC_TYPE_PKCS);
DYNAMIC_TYPE_PKCS7);
if (attrib->oid == NULL) {
XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS);
XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return MEMORY_E;
}
XMEMCPY(attrib->oid, pkiMsg + savedIdx, attrib->oidSz);
/* save attribute value bytes and size */
if (GetSet(pkiMsg, &idx, &length, pkiMsgSz) < 0) {
XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS);
XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS);
XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return ASN_PARSE_E;
}
if ((pkiMsgSz - idx) < (word32)length) {
XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS);
XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS);
XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return ASN_PARSE_E;
}
attrib->valueSz = (word32)length;
attrib->value = (byte*)XMALLOC(attrib->valueSz, pkcs7->heap,
DYNAMIC_TYPE_PKCS);
DYNAMIC_TYPE_PKCS7);
if (attrib->value == NULL) {
XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS);
XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS);
XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return MEMORY_E;
}
XMEMCPY(attrib->value, pkiMsg + idx, attrib->valueSz);
+10 -4
View File
@@ -530,14 +530,13 @@ int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId)
#endif
/* configure async RNG source if available */
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfAsync_DevCtxInit(&rng->asyncDev, WOLFSSL_ASYNC_MARKER_RNG,
rng->heap, rng->devId);
if (ret != 0)
return ret;
#endif
#ifdef HAVE_INTEL_RDRAND
/* if CPU supports RDRAND, use it directly and by-pass DRBG init */
if (IS_INTEL_RDRAND)
@@ -610,9 +609,16 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
return wc_GenerateRand_IntelRD(NULL, output, sz);
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
#if defined(WOLFSSL_ASYNC_CRYPT)
if (rng->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RNG) {
/* these are blocking */
#ifdef HAVE_CAVIUM
return NitroxRngGenerateBlock(rng, output, sz);
#elif defined(HAVE_INTEL_QA)
return IntelQaDrbg(&rng->asyncDev, output, sz);
#else
/* simulator not supported */
#endif
}
#endif
@@ -685,7 +691,7 @@ int wc_FreeRng(WC_RNG* rng)
if (rng == NULL)
return BAD_FUNC_ARG;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
#if defined(WOLFSSL_ASYNC_CRYPT)
wolfAsync_DevCtxFree(&rng->asyncDev, WOLFSSL_ASYNC_MARKER_RNG);
#endif
+33 -33
View File
@@ -304,7 +304,7 @@ static int RsaMGF1(enum wc_HashType hType, byte* seed, word32 seedSz,
/* find largest amount of memory needed which will be the max of
* hLen and (seedSz + 4) since tmp is used to store the hash digest */
tmpSz = ((seedSz + 4) > (word32)hLen)? seedSz + 4: (word32)hLen;
tmp = (byte*)XMALLOC(tmpSz, heap, DYNAMIC_TYPE_TMP_BUFFER);
tmp = (byte*)XMALLOC(tmpSz, heap, DYNAMIC_TYPE_RSA_BUFFER);
if (tmp == NULL) {
return MEMORY_E;
}
@@ -331,7 +331,7 @@ static int RsaMGF1(enum wc_HashType hType, byte* seed, word32 seedSz,
if ((ret = wc_Hash(hType, tmp, (seedSz + 4), tmp, tmpSz)) != 0) {
/* check for if dynamic memory was needed, then free */
if (tmpF) {
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);
}
return ret;
}
@@ -344,7 +344,7 @@ static int RsaMGF1(enum wc_HashType hType, byte* seed, word32 seedSz,
/* check for if dynamic memory was needed, then free */
if (tmpF) {
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);
}
return 0;
@@ -437,13 +437,13 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
}
#ifdef WOLFSSL_SMALL_STACK
lHash = (byte*)XMALLOC(hLen, heap, DYNAMIC_TYPE_TMP_BUFFER);
lHash = (byte*)XMALLOC(hLen, heap, DYNAMIC_TYPE_RSA_BUFFER);
if (lHash == NULL) {
return MEMORY_E;
}
seed = (byte*)XMALLOC(hLen, heap, DYNAMIC_TYPE_TMP_BUFFER);
seed = (byte*)XMALLOC(hLen, heap, DYNAMIC_TYPE_RSA_BUFFER);
if (seed == NULL) {
XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER);
return MEMORY_E;
}
#else
@@ -458,8 +458,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
if ((ret = wc_Hash(hType, optLabel, labelLen, lHash, hLen)) != 0) {
WOLFSSL_MSG("OAEP hash type possibly not supported or lHash to small");
#ifdef WOLFSSL_SMALL_STACK
XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER);
#endif
return ret;
}
@@ -475,8 +475,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
if ((word32)(2 * hLen + 2) > pkcsBlockLen) {
WOLFSSL_MSG("OAEP pad error hash to big for RSA key size");
#ifdef WOLFSSL_SMALL_STACK
XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER);
#endif
return BAD_FUNC_ARG;
}
@@ -484,8 +484,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
if (inputLen > (pkcsBlockLen - 2 * hLen - 2)) {
WOLFSSL_MSG("OAEP pad error message too long");
#ifdef WOLFSSL_SMALL_STACK
XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER);
#endif
return BAD_FUNC_ARG;
}
@@ -495,8 +495,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
psLen = pkcsBlockLen - inputLen - 2 * hLen - 2;
if (pkcsBlockLen < inputLen) { /*make sure not writing over end of buffer */
#ifdef WOLFSSL_SMALL_STACK
XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER);
#endif
return BUFFER_E;
}
@@ -513,8 +513,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
/* generate random seed */
if ((ret = wc_RNG_GenerateBlock(rng, seed, hLen)) != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER);
#endif
return ret;
}
@@ -523,8 +523,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
dbMask = (byte*)XMALLOC(pkcsBlockLen - hLen - 1, heap, DYNAMIC_TYPE_RSA);
if (dbMask == NULL) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER);
#endif
return MEMORY_E;
}
@@ -534,8 +534,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
if (ret != 0) {
XFREE(dbMask, heap, DYNAMIC_TYPE_RSA);
#ifdef WOLFSSL_SMALL_STACK
XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER);
#endif
return ret;
}
@@ -556,8 +556,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
if ((ret = RsaMGF(mgf, pkcsBlock + hLen + 1, pkcsBlockLen - hLen - 1,
pkcsBlock + 1, hLen, heap)) != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER);
#endif
return ret;
}
@@ -570,8 +570,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER);
#endif
(void)padValue;
@@ -750,7 +750,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
return BAD_FUNC_ARG;
}
tmp = (byte*)XMALLOC(pkcsBlockLen, heap, DYNAMIC_TYPE_TMP_BUFFER);
tmp = (byte*)XMALLOC(pkcsBlockLen, heap, DYNAMIC_TYPE_RSA_BUFFER);
if (tmp == NULL) {
return MEMORY_E;
}
@@ -759,7 +759,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
/* find seedMask value */
if ((ret = RsaMGF(mgf, (byte*)(pkcsBlock + (hLen + 1)),
pkcsBlockLen - hLen - 1, tmp, hLen, heap)) != 0) {
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);
return ret;
}
@@ -771,7 +771,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
/* get dbMask value */
if ((ret = RsaMGF(mgf, tmp, hLen, tmp + hLen,
pkcsBlockLen - hLen - 1, heap)) != 0) {
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, NULL, DYNAMIC_TYPE_RSA_BUFFER);
return ret;
}
@@ -781,7 +781,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
}
/* done with use of tmp buffer */
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);
/* advance idx to index of PS and msg separator, account for PS size of 0*/
idx = hLen + 1 + hLen;
@@ -829,32 +829,32 @@ static int RsaUnPad_PSS(byte *pkcsBlock, unsigned int pkcsBlockLen,
if (pkcsBlock[pkcsBlockLen - 1] != 0xbc)
return BAD_PADDING_E;
tmp = (byte*)XMALLOC(pkcsBlockLen, heap, DYNAMIC_TYPE_TMP_BUFFER);
tmp = (byte*)XMALLOC(pkcsBlockLen, heap, DYNAMIC_TYPE_RSA_BUFFER);
if (tmp == NULL) {
return MEMORY_E;
}
if ((ret = RsaMGF(mgf, pkcsBlock + pkcsBlockLen - 1 - hLen, hLen,
tmp, pkcsBlockLen - 1 - hLen, heap)) != 0) {
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);
return ret;
}
tmp[0] &= (1 << ((bits - 1) & 0x7)) - 1;
for (i = 0; i < (int)(pkcsBlockLen - 1 - hLen - hLen - 1); i++) {
if (tmp[i] != pkcsBlock[i]) {
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);
return BAD_PADDING_E;
}
}
if (tmp[i] != (pkcsBlock[i] ^ 0x01)) {
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);
return BAD_PADDING_E;
}
for (i++; i < (int)(pkcsBlockLen - 1 - hLen); i++)
pkcsBlock[i] ^= tmp[i];
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);
i = pkcsBlockLen - (RSA_PSS_PAD_SZ + 3 * hLen + 1);
XMEMSET(pkcsBlock + i, 0, RSA_PSS_PAD_SZ);
+4 -2
View File
@@ -9186,6 +9186,7 @@ int scrypt_test(void)
0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
};
#if !defined(BENCH_EMBEDDED) && !defined(HAVE_INTEL_QA)
const byte verify3[] = {
0x70, 0x23, 0xbd, 0xcb, 0x3a, 0xfd, 0x73, 0x48,
0x46, 0x1c, 0x06, 0xcd, 0x81, 0xfd, 0x38, 0xeb,
@@ -9196,6 +9197,7 @@ int scrypt_test(void)
0xe6, 0x1e, 0x85, 0xdc, 0x0d, 0x65, 0x1e, 0x40,
0xdf, 0xcf, 0x01, 0x7b, 0x45, 0x57, 0x58, 0x87
};
#endif
#ifdef SCRYPT_TEST_ALL
/* Test case is very slow.
* Use for confirmation after code change or new platform.
@@ -9226,7 +9228,7 @@ int scrypt_test(void)
return -6003;
/* Don't run these test on embedded, since they use large mallocs */
#ifndef BENCH_EMBEDDED
#if !defined(BENCH_EMBEDDED) && !defined(HAVE_INTEL_QA)
ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13,
(byte*)"SodiumChloride", 14, 14, 8, 1, sizeof(verify3));
if (ret != 0)
@@ -9242,7 +9244,7 @@ int scrypt_test(void)
if (XMEMCMP(derived, verify4, sizeof(verify4)) != 0)
return -6007;
#endif
#endif /* !BENCH_EMBEDDED */
#endif /* !BENCH_EMBEDDED && !HAVE_INTEL_QA */
return 0;
}
+5 -1
View File
@@ -37,7 +37,11 @@
/* Maximum generate block length */
#ifndef RNG_MAX_BLOCK_LEN
#define RNG_MAX_BLOCK_LEN (0x10000)
#ifdef HAVE_INTEL_QA
#define RNG_MAX_BLOCK_LEN (0xFFFF)
#else
#define RNG_MAX_BLOCK_LEN (0x10000)
#endif
#endif
/* Size of the BRBG seed */
+19 -2
View File
@@ -406,18 +406,35 @@
DYNAMIC_TYPE_PKCS = 56,
DYNAMIC_TYPE_MUTEX = 57,
DYNAMIC_TYPE_PKCS7 = 58,
DYNAMIC_TYPE_AES = 59,
DYNAMIC_TYPE_AES_BUFFER = 59,
DYNAMIC_TYPE_WOLF_BIGINT = 60,
DYNAMIC_TYPE_ASN1 = 61,
DYNAMIC_TYPE_LOG = 62,
DYNAMIC_TYPE_WRITEDUP = 63,
DYNAMIC_TYPE_DH_BUFFER = 64,
DYNAMIC_TYPE_PRIVATE_KEY = 64,
DYNAMIC_TYPE_HMAC = 65,
DYNAMIC_TYPE_ASYNC = 66,
DYNAMIC_TYPE_ASYNC_NUMA = 67,
DYNAMIC_TYPE_ASYNC_NUMA64 = 68,
DYNAMIC_TYPE_CURVE25519 = 69,
DYNAMIC_TYPE_ED25519 = 70,
DYNAMIC_TYPE_SECRET = 71,
DYNAMIC_TYPE_DIGEST = 72,
DYNAMIC_TYPE_RSA_BUFFER = 73,
DYNAMIC_TYPE_DCERT = 74,
DYNAMIC_TYPE_STRING = 75,
DYNAMIC_TYPE_PEM = 76,
DYNAMIC_TYPE_DER = 77,
DYNAMIC_TYPE_CERT_EXT = 78,
DYNAMIC_TYPE_ALPN = 79,
DYNAMIC_TYPE_ENCRYPTEDINFO= 80,
DYNAMIC_TYPE_DIRCTX = 81,
DYNAMIC_TYPE_HASHCTX = 82,
DYNAMIC_TYPE_SEED = 83,
DYNAMIC_TYPE_SYMETRIC_KEY = 84,
DYNAMIC_TYPE_ECC_BUFFER = 85,
DYNAMIC_TYPE_QSH = 86,
DYNAMIC_TYPE_SALT = 87,
};
/* max error buffer string size */