diff --git a/src/crl.c b/src/crl.c index e632dbf106..24a5d8a1d6 100755 --- a/src/crl.c +++ b/src/crl.c @@ -128,11 +128,12 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff, static void FreeCRL_Entry(CRL_Entry* crle, void* heap) { RevokedCert* tmp = crle->certs; + RevokedCert* next; WOLFSSL_ENTER("FreeCRL_Entry"); - while(tmp) { - RevokedCert* next = tmp->next; + while (tmp) { + next = tmp->next; XFREE(tmp, heap, DYNAMIC_TYPE_REVOKED); tmp = next; } diff --git a/src/internal.c b/src/internal.c index cbe7915e88..7de85c1c09 100755 --- a/src/internal.c +++ b/src/internal.c @@ -216,14 +216,14 @@ static int QSH_FreeAll(WOLFSSL* ssl) preKey = key; if (key->pri.buffer) { ForceZero(key->pri.buffer, key->pri.length); - XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); } if (key->pub.buffer) - XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); key = (QSHKey*)key->next; /* free struct */ - XFREE(preKey, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(preKey, ssl->heap, DYNAMIC_TYPE_QSH); } key = NULL; @@ -234,14 +234,14 @@ static int QSH_FreeAll(WOLFSSL* ssl) preKey = key; if (key->pri.buffer) { ForceZero(key->pri.buffer, key->pri.length); - XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); } if (key->pub.buffer) - XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); key = (QSHKey*)key->next; /* free struct */ - XFREE(preKey, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(preKey, ssl->heap, DYNAMIC_TYPE_QSH); } key = NULL; @@ -253,9 +253,9 @@ static int QSH_FreeAll(WOLFSSL* ssl) while (list) { preList = list; if (list->PK) - XFREE(list->PK, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(list->PK, ssl->heap, DYNAMIC_TYPE_SECRET); list = (QSHScheme*)list->next; - XFREE(preList, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(preList, ssl->heap, DYNAMIC_TYPE_QSH); } /* free secret buffers */ @@ -263,20 +263,20 @@ static int QSH_FreeAll(WOLFSSL* ssl) if (secret->SerSi->buffer) { /* clear extra secret material that supplemented Master Secret*/ ForceZero(secret->SerSi->buffer, secret->SerSi->length); - XFREE(secret->SerSi->buffer, ssl->heap,DYNAMIC_TYPE_TMP_BUFFER); + XFREE(secret->SerSi->buffer, ssl->heap, DYNAMIC_TYPE_SECRET); } - XFREE(secret->SerSi, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(secret->SerSi, ssl->heap, DYNAMIC_TYPE_SECRET); } if (secret->CliSi) { if (secret->CliSi->buffer) { /* clear extra secret material that supplemented Master Secret*/ ForceZero(secret->CliSi->buffer, secret->CliSi->length); - XFREE(secret->CliSi->buffer, ssl->heap,DYNAMIC_TYPE_TMP_BUFFER); + XFREE(secret->CliSi->buffer, ssl->heap, DYNAMIC_TYPE_SECRET); } - XFREE(secret->CliSi, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(secret->CliSi, ssl->heap, DYNAMIC_TYPE_SECRET); } } - XFREE(secret, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(secret, ssl->heap, DYNAMIC_TYPE_QSH); secret = NULL; return 0; @@ -294,14 +294,14 @@ static word32 GetEntropy(unsigned char* out, word32 num_bytes) if (rng == NULL) { if ((rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), 0, - DYNAMIC_TYPE_TLSX)) == NULL) + DYNAMIC_TYPE_RNG)) == NULL) return DRBG_OUT_OF_MEMORY; wc_InitRng(rng); } if (rngMutex == NULL) { if ((rngMutex = (wolfSSL_Mutex*)XMALLOC(sizeof(wolfSSL_Mutex), 0, - DYNAMIC_TYPE_TLSX)) == NULL) + DYNAMIC_TYPE_MUTEX)) == NULL) return DRBG_OUT_OF_MEMORY; wc_InitMutex(rngMutex); } @@ -1455,8 +1455,8 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) XFREE(ctx->suites, ctx->heap, DYNAMIC_TYPE_SUITES); #ifndef NO_DH - XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH_BUFFER); - XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH_BUFFER); + XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); #endif /* !NO_DH */ #ifdef SINGLE_THREADED @@ -1634,10 +1634,10 @@ void FreeCiphers(WOLFSSL* ssl) wc_AesFree(ssl->encrypt.aes); wc_AesFree(ssl->decrypt.aes); #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) - XFREE(ssl->decrypt.additional, ssl->heap, DYNAMIC_TYPE_AES); - XFREE(ssl->decrypt.nonce, ssl->heap, DYNAMIC_TYPE_AES); - XFREE(ssl->encrypt.additional, ssl->heap, DYNAMIC_TYPE_AES); - XFREE(ssl->encrypt.nonce, ssl->heap, DYNAMIC_TYPE_AES); + XFREE(ssl->decrypt.additional, ssl->heap, DYNAMIC_TYPE_AES_BUFFER); + XFREE(ssl->decrypt.nonce, ssl->heap, DYNAMIC_TYPE_AES_BUFFER); + XFREE(ssl->encrypt.additional, ssl->heap, DYNAMIC_TYPE_AES_BUFFER); + XFREE(ssl->encrypt.nonce, ssl->heap, DYNAMIC_TYPE_AES_BUFFER); #endif XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); XFREE(ssl->decrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); @@ -4177,7 +4177,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) } XMEMSET(ssl->arrays, 0, sizeof(Arrays)); ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_SECRET); if (ssl->arrays->preMasterSecret == NULL) { return MEMORY_E; } @@ -4269,7 +4269,7 @@ void FreeArrays(WOLFSSL* ssl, int keep) ssl->session.sessionIDSz = ssl->arrays->sessionIDSz; } if (ssl->arrays->preMasterSecret) { - XFREE(ssl->arrays->preMasterSecret, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ssl->arrays->preMasterSecret, ssl->heap, DYNAMIC_TYPE_SECRET); ssl->arrays->preMasterSecret = NULL; } XFREE(ssl->arrays->pendingMsg, ssl->heap, DYNAMIC_TYPE_ARRAYS); @@ -4464,14 +4464,14 @@ void FreeKeyExchange(WOLFSSL* ssl) { /* Cleanup signature buffer */ if (ssl->buffers.sig.buffer) { - XFREE(ssl->buffers.sig.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ssl->buffers.sig.buffer, ssl->heap, DYNAMIC_TYPE_SIGNATURE); ssl->buffers.sig.buffer = NULL; ssl->buffers.sig.length = 0; } /* Cleanup digest buffer */ if (ssl->buffers.digest.buffer) { - XFREE(ssl->buffers.digest.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ssl->buffers.digest.buffer, ssl->heap, DYNAMIC_TYPE_DIGEST); ssl->buffers.digest.buffer = NULL; ssl->buffers.digest.length = 0; } @@ -4521,12 +4521,12 @@ void SSL_ResourceFree(WOLFSSL* ssl) ForceZero(ssl->buffers.serverDH_Priv.buffer, ssl->buffers.serverDH_Priv.length); } - XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER); - XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER); + XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); /* parameters (p,g) may be owned by ctx */ if (ssl->buffers.weOwnDH || ssl->options.side == WOLFSSL_CLIENT_END) { - XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER); - XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER); + XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); } #endif /* !NO_DH */ #ifndef NO_CERTS @@ -4601,7 +4601,7 @@ void SSL_ResourceFree(WOLFSSL* ssl) #ifdef HAVE_ALPN if (ssl->alpn_client_list != NULL) { - XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_ALPN); ssl->alpn_client_list = NULL; } #endif @@ -4755,15 +4755,15 @@ void FreeHandshakeResources(WOLFSSL* ssl) ForceZero(ssl->buffers.serverDH_Priv.buffer, ssl->buffers.serverDH_Priv.length); } - XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER); + XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); ssl->buffers.serverDH_Priv.buffer = NULL; - XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER); + XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); ssl->buffers.serverDH_Pub.buffer = NULL; /* parameters (p,g) may be owned by ctx */ if (ssl->buffers.weOwnDH || ssl->options.side == WOLFSSL_CLIENT_END) { - XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER); + XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); ssl->buffers.serverDH_G.buffer = NULL; - XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER); + XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); ssl->buffers.serverDH_P.buffer = NULL; } #endif /* !NO_DH */ @@ -6357,7 +6357,7 @@ static int BuildMD5(WOLFSSL* ssl, Hashes* hashes, const byte* sender) int ret; byte md5_result[MD5_DIGEST_SIZE]; #ifdef WOLFSSL_SMALL_STACK - Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), ssl->heap, DYNAMIC_TYPE_HASHCTX); if (md5 == NULL) return MEMORY_E; #else @@ -6391,7 +6391,7 @@ static int BuildMD5(WOLFSSL* ssl, Hashes* hashes, const byte* sender) } #ifdef WOLFSSL_SMALL_STACK - XFREE(md5, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(md5, ssl->heap, DYNAMIC_TYPE_HASHCTX); #endif return ret; @@ -6404,7 +6404,7 @@ static int BuildSHA(WOLFSSL* ssl, Hashes* hashes, const byte* sender) int ret; byte sha_result[SHA_DIGEST_SIZE]; #ifdef WOLFSSL_SMALL_STACK - Sha* sha = (Sha*)XMALLOC(sizeof(Sha), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + Sha* sha = (Sha*)XMALLOC(sizeof(Sha), ssl->heap, DYNAMIC_TYPE_HASHCTX); if (sha == NULL) return MEMORY_E; #else @@ -6437,7 +6437,7 @@ static int BuildSHA(WOLFSSL* ssl, Hashes* hashes, const byte* sender) } #ifdef WOLFSSL_SMALL_STACK - XFREE(sha, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(sha, ssl->heap, DYNAMIC_TYPE_HASHCTX); #endif return ret; @@ -6461,8 +6461,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) #ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SMALL_STACK - sha384 = (Sha384*)XMALLOC(sizeof(Sha384), ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + sha384 = (Sha384*)XMALLOC(sizeof(Sha384), ssl->heap, DYNAMIC_TYPE_HASHCTX); if (sha384 == NULL) return MEMORY_E; #endif /* WOLFSSL_SMALL_STACK */ @@ -6496,7 +6495,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) #ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SMALL_STACK - XFREE(sha384, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(sha384, ssl->heap, DYNAMIC_TYPE_HASHCTX); #endif #endif @@ -7450,16 +7449,16 @@ static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs) (void)ssl; if (args->domain) { - XFREE(args->domain, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(args->domain, ssl->heap, DYNAMIC_TYPE_STRING); args->domain = NULL; } if (args->certs) { - XFREE(args->certs, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(args->certs, ssl->heap, DYNAMIC_TYPE_DER); args->certs = NULL; } #ifdef WOLFSSL_TLS13 if (args->exts) { - XFREE(args->exts, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(args->exts, ssl->heap, DYNAMIC_TYPE_CERT_EXT); args->exts = NULL; } #endif @@ -7468,7 +7467,7 @@ static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs) FreeDecodedCert(args->dCert); args->dCertInit = 0; } - XFREE(args->dCert, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(args->dCert, ssl->heap, DYNAMIC_TYPE_DCERT); args->dCert = NULL; } } @@ -7579,7 +7578,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz /* allocate buffer for cert extensions */ args->exts = (buffer*)XMALLOC(sizeof(buffer) * MAX_CHAIN_DEPTH, - ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + ssl->heap, DYNAMIC_TYPE_CERT_EXT); if (args->exts == NULL) { ERROR_OUT(MEMORY_E, exit_ppc); } @@ -7588,7 +7587,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz /* allocate buffer for certs */ args->certs = (buffer*)XMALLOC(sizeof(buffer) * MAX_CHAIN_DEPTH, - ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + ssl->heap, DYNAMIC_TYPE_DER); if (args->certs == NULL) { ERROR_OUT(MEMORY_E, exit_ppc); } @@ -7680,7 +7679,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz args->dCertInit = 0; args->dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_DCERT); if (args->dCert == NULL) { ERROR_OUT(MEMORY_E, exit_ppc); } @@ -8159,7 +8158,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz { if (args->count > 0) { args->domain = (char*)XMALLOC(ASN_NAME_MAX, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_STRING); if (args->domain == NULL) { ERROR_OUT(MEMORY_E, exit_ppc); } @@ -8369,7 +8368,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz /* release since we don't need it anymore */ if (args->dCert) { - XFREE(args->dCert, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(args->dCert, ssl->heap, DYNAMIC_TYPE_DCERT); args->dCert = NULL; } } /* if (count > 0) */ @@ -8389,7 +8388,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz #ifdef WOLFSSL_SMALL_STACK WOLFSSL_X509_STORE_CTX* store = (WOLFSSL_X509_STORE_CTX*)XMALLOC( sizeof(WOLFSSL_X509_STORE_CTX), ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_X509_STORE); if (store == NULL) { ERROR_OUT(MEMORY_E, exit_ppc); } @@ -8507,7 +8506,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz } #ifdef WOLFSSL_SMALL_STACK - XFREE(store, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(store, ssl->heap, DYNAMIC_TYPE_X509_STORE); #endif /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_END; @@ -8613,15 +8612,15 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, #ifdef WOLFSSL_SMALL_STACK status = (CertStatus*)XMALLOC(sizeof(CertStatus), ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_OCSP_STATUS); response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_OCSP_REQUEST); if (status == NULL || response == NULL) { if (status) - XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(status, NULL, DYNAMIC_TYPE_OCSP_STATUS); if (response) - XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(response, NULL, DYNAMIC_TYPE_OCSP_REQUEST); return MEMORY_ERROR; } @@ -8643,8 +8642,8 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, *inOutIdx += status_length; #ifdef WOLFSSL_SMALL_STACK - XFREE(status, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(response, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS); + XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); #endif } @@ -8678,15 +8677,15 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, #ifdef WOLFSSL_SMALL_STACK status = (CertStatus*)XMALLOC(sizeof(CertStatus), ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_OCSP_STATUS); response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_OCSP_REQUEST); if (status == NULL || response == NULL) { if (status) - XFREE(status, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS); if (response) - XFREE(response, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); return MEMORY_ERROR; } @@ -8739,8 +8738,8 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, #endif #ifdef WOLFSSL_SMALL_STACK - XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(status, NULL, DYNAMIC_TYPE_OCSP_STATUS); + XFREE(response, NULL, DYNAMIC_TYPE_OCSP_REQUEST); #endif } @@ -10283,10 +10282,10 @@ static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz, /* make sure auth iv and auth are allocated */ if (ssl->encrypt.additional == NULL) ssl->encrypt.additional = (byte*)XMALLOC(AEAD_AUTH_DATA_SZ, - ssl->heap, DYNAMIC_TYPE_AES); + ssl->heap, DYNAMIC_TYPE_AES_BUFFER); if (ssl->encrypt.nonce == NULL) ssl->encrypt.nonce = (byte*)XMALLOC(AESGCM_NONCE_SZ, - ssl->heap, DYNAMIC_TYPE_AES); + ssl->heap, DYNAMIC_TYPE_AES_BUFFER); if (ssl->encrypt.additional == NULL || ssl->encrypt.nonce == NULL) { return MEMORY_E; @@ -10519,10 +10518,10 @@ static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input, /* make sure auth iv and auth are allocated */ if (ssl->decrypt.additional == NULL) ssl->decrypt.additional = (byte*)XMALLOC(AEAD_AUTH_DATA_SZ, - ssl->heap, DYNAMIC_TYPE_AES); + ssl->heap, DYNAMIC_TYPE_AES_BUFFER); if (ssl->decrypt.nonce == NULL) ssl->decrypt.nonce = (byte*)XMALLOC(AESGCM_NONCE_SZ, - ssl->heap, DYNAMIC_TYPE_AES); + ssl->heap, DYNAMIC_TYPE_AES_BUFFER); if (ssl->decrypt.additional == NULL || ssl->decrypt.nonce == NULL) { return MEMORY_E; @@ -11839,7 +11838,7 @@ static int BuildMD5_CertVerify(WOLFSSL* ssl, byte* digest) int ret; byte md5_result[MD5_DIGEST_SIZE]; #ifdef WOLFSSL_SMALL_STACK - Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), ssl->heap, DYNAMIC_TYPE_HASHCTX); #else Md5 md5[1]; #endif @@ -11869,7 +11868,7 @@ static int BuildMD5_CertVerify(WOLFSSL* ssl, byte* digest) } #ifdef WOLFSSL_SMALL_STACK - XFREE(md5, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(md5, ssl->heap, DYNAMIC_TYPE_HASHCTX); #endif return ret; @@ -11883,7 +11882,7 @@ static int BuildSHA_CertVerify(WOLFSSL* ssl, byte* digest) int ret; byte sha_result[SHA_DIGEST_SIZE]; #ifdef WOLFSSL_SMALL_STACK - Sha* sha = (Sha*)XMALLOC(sizeof(Sha), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + Sha* sha = (Sha*)XMALLOC(sizeof(Sha), ssl->heap, DYNAMIC_TYPE_HASHCTX); #else Sha sha[1]; #endif @@ -11913,7 +11912,7 @@ static int BuildSHA_CertVerify(WOLFSSL* ssl, byte* digest) } #ifdef WOLFSSL_SMALL_STACK - XFREE(sha, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(sha, ssl->heap, DYNAMIC_TYPE_HASHCTX); #endif return ret; @@ -12192,7 +12191,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, #ifdef WOLFSSL_SMALL_STACK hmac = (byte*)XMALLOC(MAX_DIGEST_SIZE, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_DIGEST); if (hmac == NULL) ERROR_OUT(MEMORY_E, exit_buildmsg); #endif @@ -12202,7 +12201,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, XMEMCPY(output + args->idx, hmac, args->digestSz); #ifdef WOLFSSL_SMALL_STACK - XFREE(hmac, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(hmac, ssl->heap, DYNAMIC_TYPE_DIGEST); #endif } else @@ -12540,7 +12539,7 @@ int SendCertificate(WOLFSSL* ssl) if (inputSz > 0) { /* clang thinks could be zero, let's help */ input = (byte*)XMALLOC(inputSz, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_IN_BUFFER); if (input == NULL) return MEMORY_E; XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); @@ -12550,7 +12549,7 @@ int SendCertificate(WOLFSSL* ssl) handshake, 1, 0, 0); if (inputSz > 0) - XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); if (sendSz < 0) return sendSz; @@ -12744,14 +12743,14 @@ static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status, byte* input; int inputSz = idx - RECORD_HEADER_SZ; - input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); if (input == NULL) return MEMORY_E; XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); sendSz = BuildMessage(ssl, output, sendSz, input, inputSz, handshake, 1, 0, 0); - XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); if (sendSz < 0) ret = sendSz; @@ -12839,7 +12838,7 @@ int SendCertificateStatus(WOLFSSL* ssl) #ifdef WOLFSSL_SMALL_STACK cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_DCERT); if (cert == NULL) return MEMORY_E; #endif @@ -12880,7 +12879,7 @@ int SendCertificateStatus(WOLFSSL* ssl) FreeDecodedCert(cert); #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT); #endif } @@ -12903,7 +12902,8 @@ int SendCertificateStatus(WOLFSSL* ssl) ret = BuildCertificateStatus(ssl, status_type, &response, 1); - XFREE(response.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(response.buffer, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); + response.buffer = NULL; } } @@ -12944,7 +12944,7 @@ int SendCertificateStatus(WOLFSSL* ssl) #ifdef WOLFSSL_SMALL_STACK cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_DCERT); if (cert == NULL) return MEMORY_E; #endif @@ -12985,7 +12985,7 @@ int SendCertificateStatus(WOLFSSL* ssl) FreeDecodedCert(cert); #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT); #endif } @@ -13021,7 +13021,7 @@ int SendCertificateStatus(WOLFSSL* ssl) #ifdef WOLFSSL_SMALL_STACK cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_TMP_DCERT); if (cert == NULL) return MEMORY_E; #endif @@ -13096,7 +13096,7 @@ int SendCertificateStatus(WOLFSSL* ssl) } #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT); #endif } else { @@ -13125,7 +13125,7 @@ int SendCertificateStatus(WOLFSSL* ssl) for (i = 0; i < 1 + MAX_CHAIN_DEPTH; i++) if (responses[i].buffer) XFREE(responses[i].buffer, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_OCSP_REQUEST); } break; @@ -15814,14 +15814,14 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, byte* input; int inputSz = idx - RECORD_HEADER_SZ; /* build msg adds rec hdr */ - input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); if (input == NULL) return MEMORY_E; XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); sendSz = BuildMessage(ssl, output, sendSz, input, inputSz, handshake, 1, 0, 0); - XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); if (sendSz < 0) return sendSz; @@ -16475,7 +16475,7 @@ static void FreeDskeArgs(WOLFSSL* ssl, void* pArgs) #if !defined(NO_DH) || defined(HAVE_ECC) if (args->verifySig) { - XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE); args->verifySig = NULL; } #endif @@ -16581,7 +16581,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, } ssl->buffers.serverDH_P.buffer = - (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_DH_BUFFER); + (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (ssl->buffers.serverDH_P.buffer) { ssl->buffers.serverDH_P.length = length; } @@ -16608,7 +16608,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, } ssl->buffers.serverDH_G.buffer = - (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_DH_BUFFER); + (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (ssl->buffers.serverDH_G.buffer) { ssl->buffers.serverDH_G.length = length; } @@ -16633,7 +16633,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, } ssl->buffers.serverDH_Pub.buffer = - (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_DH_BUFFER); + (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (ssl->buffers.serverDH_Pub.buffer) { ssl->buffers.serverDH_Pub.length = length; } @@ -16772,7 +16772,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, } ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(length, - ssl->heap, DYNAMIC_TYPE_DH_BUFFER); + ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (ssl->buffers.serverDH_P.buffer) { ssl->buffers.serverDH_P.length = length; } @@ -16799,7 +16799,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, } ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(length, - ssl->heap, DYNAMIC_TYPE_DH_BUFFER); + ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (ssl->buffers.serverDH_G.buffer) { ssl->buffers.serverDH_G.length = length; } @@ -16824,7 +16824,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, } ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC(length, - ssl->heap, DYNAMIC_TYPE_DH_BUFFER); + ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (ssl->buffers.serverDH_Pub.buffer) { ssl->buffers.serverDH_Pub.length = length; } @@ -17024,7 +17024,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, /* buffer for signature */ ssl->buffers.sig.buffer = (byte*)XMALLOC(SEED_LEN + verifySz, - ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + ssl->heap, DYNAMIC_TYPE_SIGNATURE); if (ssl->buffers.sig.buffer == NULL) { ERROR_OUT(MEMORY_E, exit_dske); } @@ -17044,7 +17044,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, wc_HashGetDigestSize(hashType); ssl->buffers.digest.buffer = (byte*)XMALLOC( ssl->buffers.digest.length, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_DIGEST); if (ssl->buffers.digest.buffer == NULL) { ERROR_OUT(MEMORY_E, exit_dske); } @@ -17138,7 +17138,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, if (args->verifySig == NULL) { args->verifySig = (byte*)XMALLOC(args->verifySigSz, - ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + ssl->heap, DYNAMIC_TYPE_SIGNATURE); if (args->verifySig == NULL) { ERROR_OUT(MEMORY_E, exit_dske); } @@ -17287,7 +17287,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, #ifdef WOLFSSL_SMALL_STACK encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, - ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + ssl->heap, DYNAMIC_TYPE_SIGNATURE); if (encodedSig == NULL) { ERROR_OUT(MEMORY_E, exit_dske); } @@ -17303,7 +17303,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, ret = VERIFY_SIGN_ERROR; } #ifdef WOLFSSL_SMALL_STACK - XFREE(encodedSig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encodedSig, ssl->heap, DYNAMIC_TYPE_SIGNATURE); #endif if (ret != 0) { goto exit_dske; @@ -17524,16 +17524,16 @@ int QSH_Init(WOLFSSL* ssl) /* malloc memory for holding generated secret information */ if ((ssl->QSH_secret = (QSHSecret*)XMALLOC(sizeof(QSHSecret), ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER)) == NULL) + DYNAMIC_TYPE_QSH)) == NULL) return MEMORY_E; ssl->QSH_secret->CliSi = (buffer*)XMALLOC(sizeof(buffer), ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_SECRET); if (ssl->QSH_secret->CliSi == NULL) return MEMORY_E; ssl->QSH_secret->SerSi = (buffer*)XMALLOC(sizeof(buffer), ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_SECRET); if (ssl->QSH_secret->SerSi == NULL) return MEMORY_E; @@ -17699,7 +17699,7 @@ static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer) buf = ssl->QSH_secret->CliSi; } buf->length = sz; - buf->buffer = (byte*)XMALLOC(sz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + buf->buffer = (byte*)XMALLOC(sz, ssl->heap, DYNAMIC_TYPE_SECRET); if (buf->buffer == NULL) { WOLFSSL_ERROR(MEMORY_E); } @@ -17709,7 +17709,7 @@ static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer) current = ssl->peerQSHKey; while (current) { schm = (QSHScheme*)XMALLOC(sizeof(QSHScheme), ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_QSH); if (schm == NULL) return MEMORY_E; @@ -17729,7 +17729,7 @@ static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer) tmpSz = QSH_MaxSecret(current); if ((schm->PK = (byte*)XMALLOC(tmpSz, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER)) == NULL) + DYNAMIC_TYPE_SECRET)) == NULL) return -1; /* store info for writing extension */ @@ -17819,11 +17819,11 @@ static void FreeSckeArgs(WOLFSSL* ssl, void* pArgs) (void)ssl; if (args->encSecret) { - XFREE(args->encSecret, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(args->encSecret, ssl->heap, DYNAMIC_TYPE_SECRET); args->encSecret = NULL; } if (args->input) { - XFREE(args->input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); args->input = NULL; } } @@ -18060,7 +18060,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) { args->encSz = MAX_ENCRYPT_SZ; args->encSecret = (byte*)XMALLOC(args->encSz, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_SECRET); if (args->encSecret == NULL) { ERROR_OUT(MEMORY_E, exit_scke); } @@ -18087,7 +18087,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) { ssl->buffers.sig.length = ENCRYPT_LEN; ssl->buffers.sig.buffer = (byte*)XMALLOC(ENCRYPT_LEN, - ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + ssl->heap, DYNAMIC_TYPE_SIGNATURE); if (ssl->buffers.sig.buffer == NULL) { ERROR_OUT(MEMORY_E, exit_scke); } @@ -18171,7 +18171,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) ssl->buffers.sig.length = ENCRYPT_LEN; ssl->buffers.sig.buffer = (byte*)XMALLOC(ENCRYPT_LEN, - ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + ssl->heap, DYNAMIC_TYPE_SIGNATURE); if (ssl->buffers.sig.buffer == NULL) { ERROR_OUT(MEMORY_E, exit_scke); } @@ -18716,7 +18716,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) if (IsEncryptionOn(ssl, 1)) { args->inputSz = idx - RECORD_HEADER_SZ; /* buildmsg adds rechdr */ args->input = (byte*)XMALLOC(args->inputSz, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_IN_BUFFER); if (args->input == NULL) { ERROR_OUT(MEMORY_E, exit_scke); } @@ -18735,7 +18735,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) if (IsEncryptionOn(ssl, 1)) { ret = BuildMessage(ssl, args->output, args->sendSz, args->input, args->inputSz, handshake, 1, 0, 0); - XFREE(args->input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); args->input = NULL; /* make sure its not double free'd on cleanup */ if (ret >= 0) { @@ -18976,12 +18976,12 @@ static void FreeScvArgs(WOLFSSL* ssl, void* pArgs) #ifndef NO_RSA if (args->verifySig) { - XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE); args->verifySig = NULL; } #endif if (args->input) { - XFREE(args->input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); args->input = NULL; } } @@ -19066,7 +19066,7 @@ int SendCertificateVerify(WOLFSSL* ssl) /* build encoded signature buffer */ ssl->buffers.sig.length = MAX_ENCODED_SIG_SZ; ssl->buffers.sig.buffer = (byte*)XMALLOC(ssl->buffers.sig.length, - ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + ssl->heap, DYNAMIC_TYPE_SIGNATURE); if (ssl->buffers.sig.buffer == NULL) { ERROR_OUT(MEMORY_E, exit_scv); } @@ -19250,7 +19250,7 @@ int SendCertificateVerify(WOLFSSL* ssl) if (args->verifySig == NULL) { args->verifySig = (byte*)XMALLOC(args->sigSz, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_SIGNATURE); if (args->verifySig == NULL) { ERROR_OUT(MEMORY_E, exit_scv); } @@ -19298,7 +19298,7 @@ int SendCertificateVerify(WOLFSSL* ssl) args->inputSz = args->sendSz - RECORD_HEADER_SZ; /* build msg adds rec hdr */ args->input = (byte*)XMALLOC(args->inputSz, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_IN_BUFFER); if (args->input == NULL) { ERROR_OUT(MEMORY_E, exit_scv); } @@ -19324,7 +19324,7 @@ int SendCertificateVerify(WOLFSSL* ssl) goto exit_scv; #endif - XFREE(args->input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); args->input = NULL; /* make sure its not double free'd on cleanup */ if (ret >= 0) { @@ -19803,19 +19803,19 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #if defined(HAVE_ECC) if (args->exportBuf) { - XFREE(args->exportBuf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(args->exportBuf, ssl->heap, DYNAMIC_TYPE_DER); args->exportBuf = NULL; } #endif #if defined(HAVE_ECC) || (!defined(NO_DH) && !defined(NO_RSA)) if (args->sigDataBuf) { - XFREE(args->sigDataBuf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(args->sigDataBuf, ssl->heap, DYNAMIC_TYPE_SIGNATURE); args->sigDataBuf = NULL; } #endif #ifndef NO_RSA if (args->verifySig) { - XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE); args->verifySig = NULL; } #endif @@ -19922,7 +19922,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Free'd in SSL_ResourceFree and FreeHandshakeResources */ ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC( ssl->buffers.serverDH_P.length + OPAQUE16_LEN, - ssl->heap, DYNAMIC_TYPE_DH_BUFFER); + ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (ssl->buffers.serverDH_Pub.buffer == NULL) { ERROR_OUT(MEMORY_E, exit_sske); } @@ -19932,7 +19932,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Free'd in SSL_ResourceFree and FreeHandshakeResources */ ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC( ssl->buffers.serverDH_P.length + OPAQUE16_LEN, - ssl->heap, DYNAMIC_TYPE_DH_BUFFER); + ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); if (ssl->buffers.serverDH_Priv.buffer == NULL) { ERROR_OUT(MEMORY_E, exit_sske); } @@ -20186,7 +20186,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, args->exportSz = MAX_EXPORT_ECC_SZ; args->exportBuf = (byte*)XMALLOC(args->exportSz, - ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + ssl->heap, DYNAMIC_TYPE_DER); if (args->exportBuf == NULL) { ERROR_OUT(MEMORY_E, exit_sske); } @@ -20273,7 +20273,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Export temp ECC key and add to length */ args->exportSz = MAX_EXPORT_ECC_SZ; args->exportBuf = (byte*)XMALLOC(args->exportSz, - ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + ssl->heap, DYNAMIC_TYPE_DER); if (args->exportBuf == NULL) { ERROR_OUT(MEMORY_E, exit_sske); } @@ -20489,7 +20489,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Assemble buffer to hash for signature */ args->sigDataSz = RAN_LEN + RAN_LEN + preSigSz; args->sigDataBuf = (byte*)XMALLOC(args->sigDataSz, - ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + ssl->heap, DYNAMIC_TYPE_SIGNATURE); if (args->sigDataBuf == NULL) { ERROR_OUT(MEMORY_E, exit_sske); } @@ -20505,7 +20505,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, wc_HashGetDigestSize(hashType); ssl->buffers.sig.buffer = (byte*)XMALLOC( ssl->buffers.sig.length, - ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + ssl->heap, DYNAMIC_TYPE_SIGNATURE); if (ssl->buffers.sig.buffer == NULL) { ERROR_OUT(MEMORY_E, exit_sske); } @@ -20532,7 +20532,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (IsAtLeastTLSv1_2(ssl)) { byte* encodedSig = (byte*)XMALLOC( MAX_ENCODED_SIG_SZ, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_SIGNATURE); if (encodedSig == NULL) { ERROR_OUT(MEMORY_E, exit_sske); } @@ -20545,7 +20545,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Replace sig buffer with new one */ XFREE(ssl->buffers.sig.buffer, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_SIGNATURE); ssl->buffers.sig.buffer = encodedSig; } @@ -20726,7 +20726,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Assemble buffer to hash for signature */ args->sigDataSz = RAN_LEN + RAN_LEN + preSigSz; args->sigDataBuf = (byte*)XMALLOC(args->sigDataSz, - ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + ssl->heap, DYNAMIC_TYPE_SIGNATURE); if (args->sigDataBuf == NULL) { ERROR_OUT(MEMORY_E, exit_sske); } @@ -20742,7 +20742,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, wc_HashGetDigestSize(hashType); ssl->buffers.sig.buffer = (byte*)XMALLOC( ssl->buffers.sig.length, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_SIGNATURE); if (ssl->buffers.sig.buffer == NULL) { ERROR_OUT(MEMORY_E, exit_sske); } @@ -20769,7 +20769,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (IsAtLeastTLSv1_2(ssl)) { byte* encodedSig = (byte*)XMALLOC( MAX_ENCODED_SIG_SZ, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_SIGNATURE); if (encodedSig == NULL) { ERROR_OUT(MEMORY_E, exit_sske); } @@ -20782,7 +20782,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Replace sig buffer with new one */ XFREE(ssl->buffers.sig.buffer, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_SIGNATURE); ssl->buffers.sig.buffer = encodedSig; } break; @@ -21000,7 +21000,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } args->verifySig = (byte*)XMALLOC( args->sigSz, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_SIGNATURE); if (!args->verifySig) { ERROR_OUT(MEMORY_E, exit_sske); } @@ -21072,7 +21072,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } args->verifySig = (byte*)XMALLOC( args->sigSz, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_SIGNATURE); if (!args->verifySig) { ERROR_OUT(MEMORY_E, exit_sske); } @@ -22316,7 +22316,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifdef WOLFSSL_SMALL_STACK encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, - ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + ssl->heap, DYNAMIC_TYPE_SIGNATURE); if (encodedSig == NULL) { ERROR_OUT(MEMORY_E, exit_dcv); } @@ -22340,7 +22340,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #ifdef WOLFSSL_SMALL_STACK - XFREE(encodedSig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encodedSig, ssl->heap, DYNAMIC_TYPE_SIGNATURE); #endif } } diff --git a/src/ssl.c b/src/ssl.c index 35a3059364..bcbbbf5a29 100755 --- a/src/ssl.c +++ b/src/ssl.c @@ -1193,24 +1193,24 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz, return SIDE_ERROR; if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) { - XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER); + XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); ssl->buffers.serverDH_P.buffer = NULL; } if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH) { - XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER); + XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); ssl->buffers.serverDH_G.buffer = NULL; } ssl->buffers.weOwnDH = 1; /* SSL owns now */ ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(pSz, ssl->heap, - DYNAMIC_TYPE_DH_BUFFER); + DYNAMIC_TYPE_PUBLIC_KEY); if (ssl->buffers.serverDH_P.buffer == NULL) return MEMORY_E; ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(gSz, ssl->heap, - DYNAMIC_TYPE_DH_BUFFER); + DYNAMIC_TYPE_PUBLIC_KEY); if (ssl->buffers.serverDH_G.buffer == NULL) { - XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER); + XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); ssl->buffers.serverDH_P.buffer = NULL; return MEMORY_E; } @@ -1247,16 +1247,16 @@ int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz, if (pSz < ctx->minDhKeySz) return DH_KEY_SIZE_E; - XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH_BUFFER); - XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH_BUFFER); + XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); - ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_DH_BUFFER); + ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (ctx->serverDH_P.buffer == NULL) return MEMORY_E; - ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_DH_BUFFER); + ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (ctx->serverDH_G.buffer == NULL) { - XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH_BUFFER); + XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); return MEMORY_E; } @@ -1819,7 +1819,7 @@ int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list, list = (char *)XMALLOC(protocol_name_listSz+1, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_ALPN); if (list == NULL) { WOLFSSL_MSG("Memory failure"); return MEMORY_ERROR; @@ -1845,7 +1845,7 @@ int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list, } } - XFREE(list, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(list, ssl->heap, DYNAMIC_TYPE_ALPN); return ret; } @@ -2796,7 +2796,7 @@ int wolfSSL_CertPemToDer(const unsigned char* pem, int pemSz, #ifdef WOLFSSL_SMALL_STACK info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_ENCRYPTEDINFO); if (info == NULL) return MEMORY_E; #endif @@ -2808,7 +2808,7 @@ int wolfSSL_CertPemToDer(const unsigned char* pem, int pemSz, ret = PemToDer(pem, pemSz, type, &der, NULL, info, &eccKey); #ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); #endif if (ret < 0) { @@ -3012,7 +3012,7 @@ int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz, #ifdef WOLFSSL_SMALL_STACK info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_ENCRYPTEDINFO); if (info == NULL) return MEMORY_E; #endif @@ -3026,7 +3026,7 @@ int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz, info->ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); if (info->ctx == NULL) { #ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); #endif return MEMORY_E; } @@ -3044,7 +3044,7 @@ int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz, wolfSSL_CTX_free(info->ctx); #ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); #endif if (ret < 0) { @@ -3507,13 +3507,13 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify) WOLFSSL_MSG("Adding a Trusted Peer Cert"); cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), cm->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_DCERT); if (cert == NULL) return MEMORY_E; InitDecodedCert(cert, der->buffer, der->length, cm->heap); if ((ret = ParseCert(cert, TRUSTED_PEER_TYPE, verify, cm)) != 0) { - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); return ret; } WOLFSSL_MSG("\tParsed new trusted peer cert"); @@ -3522,7 +3522,7 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify) DYNAMIC_TYPE_CERT); if (peerCert == NULL) { FreeDecodedCert(cert); - XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT); return MEMORY_E; } XMEMSET(peerCert, 0, sizeof(TrustedPeerCert)); @@ -3556,7 +3556,7 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify) DYNAMIC_TYPE_SIGNATURE); if (peerCert->sig == NULL) { FreeDecodedCert(cert); - XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT); FreeTrustedPeer(peerCert, cm->heap); return MEMORY_E; } @@ -3603,7 +3603,7 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify) else { WOLFSSL_MSG("\tTrusted Peer Cert Mutex Lock failed"); FreeDecodedCert(cert); - XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT); FreeTrustedPeer(peerCert, cm->heap); return BAD_MUTEX_E; } @@ -3611,7 +3611,7 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify) WOLFSSL_MSG("\tFreeing parsed trusted peer cert"); FreeDecodedCert(cert); - XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT); WOLFSSL_MSG("\tFreeing der trusted peer cert"); FreeDer(&der); WOLFSSL_MSG("\t\tOK Freeing der trusted peer cert"); @@ -3642,7 +3642,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) #ifdef WOLFSSL_SMALL_STACK cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_DCERT); if (cert == NULL) return MEMORY_E; #endif @@ -3772,7 +3772,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) WOLFSSL_MSG("\tFreeing Parsed CA"); FreeDecodedCert(cert); #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); #endif WOLFSSL_MSG("\tFreeing der CA"); FreeDer(pDer); @@ -3923,7 +3923,7 @@ static int wolfssl_decrypt_buffer_key(DerBuffer* der, byte* password, #ifndef NO_MD5 #ifdef WOLFSSL_SMALL_STACK - key = (byte*)XMALLOC(AES_256_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + key = (byte*)XMALLOC(AES_256_KEY_SIZE, NULL, DYNAMIC_TYPE_SYMETRIC_KEY); if (key == NULL) { WOLFSSL_MSG("memory failure"); return SSL_FATAL_ERROR; @@ -3934,7 +3934,7 @@ static int wolfssl_decrypt_buffer_key(DerBuffer* der, byte* password, password, passwordSz, 1, key, NULL)) <= 0) { WOLFSSL_MSG("bytes to key failure"); #ifdef WOLFSSL_SMALL_STACK - XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, NULL, DYNAMIC_TYPE_SYMETRIC_KEY); #endif return SSL_FATAL_ERROR; } @@ -3962,7 +3962,7 @@ static int wolfssl_decrypt_buffer_key(DerBuffer* der, byte* password, #endif /* !NO_AES && HAVE_AES_CBC && HAVE_AES_DECRYPT */ #ifdef WOLFSSL_SMALL_STACK - XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, NULL, DYNAMIC_TYPE_SYMETRIC_KEY); #endif if (ret == MP_OKAY) @@ -4001,7 +4001,7 @@ static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password, #ifndef NO_MD5 #ifdef WOLFSSL_SMALL_STACK - key = (byte*)XMALLOC(AES_256_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + key = (byte*)XMALLOC(AES_256_KEY_SIZE, NULL, DYNAMIC_TYPE_SYMETRIC_KEY); if (key == NULL) { WOLFSSL_MSG("memory failure"); return SSL_FATAL_ERROR; @@ -4012,7 +4012,7 @@ static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password, password, passwordSz, 1, key, NULL)) <= 0) { WOLFSSL_MSG("bytes to key failure"); #ifdef WOLFSSL_SMALL_STACK - XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, NULL, DYNAMIC_TYPE_SYMETRIC_KEY); #endif return SSL_FATAL_ERROR; } @@ -4041,7 +4041,7 @@ static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password, } #ifdef WOLFSSL_SMALL_STACK - XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, NULL, DYNAMIC_TYPE_SYMETRIC_KEY); #endif if (ret == MP_OKAY) @@ -4259,7 +4259,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type, return SSL_BAD_FILE; /* no callback error */ #ifdef WOLFSSL_SMALL_STACK - password = (char*)XMALLOC(80, heap, DYNAMIC_TYPE_TMP_BUFFER); + password = (char*)XMALLOC(80, heap, DYNAMIC_TYPE_STRING); if (password == NULL) return MEMORY_E; #endif @@ -4270,7 +4270,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type, ret = ToTraditionalEnc(der->buffer, der->length, password, passwordSz); #ifdef WOLFSSL_SMALL_STACK - XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(password, NULL, DYNAMIC_TYPE_STRING); #endif if (ret < 0) { return ret; @@ -4283,7 +4283,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type, ret = wolfssl_decrypt_buffer_key(der, (byte*)password, passwordSz, info); #ifdef WOLFSSL_SMALL_STACK - XFREE(password, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(password, heap, DYNAMIC_TYPE_STRING); #endif if (ret != SSL_SUCCESS) { return ret; @@ -4467,7 +4467,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, #ifdef WOLFSSL_SMALL_STACK info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_ENCRYPTEDINFO); if (info == NULL) return MEMORY_E; #endif @@ -4513,7 +4513,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, /* check for error */ if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO); #endif FreeDer(&der); return ret; @@ -4531,7 +4531,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, #endif #ifdef WOLFSSL_SMALL_STACK - password = (char*)XMALLOC(80, heap, DYNAMIC_TYPE_TMP_BUFFER); + password = (char*)XMALLOC(80, heap, DYNAMIC_TYPE_STRING); if (password == NULL) ret = MEMORY_E; else @@ -4549,12 +4549,12 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, } #ifdef WOLFSSL_SMALL_STACK - XFREE(password, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(password, heap, DYNAMIC_TYPE_STRING); #endif if (ret != SSL_SUCCESS) { #ifdef WOLFSSL_SMALL_STACK - XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO); #endif FreeDer(&der); return ret; @@ -4563,7 +4563,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ #ifdef WOLFSSL_SMALL_STACK - XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO); #endif /* Handle DER owner */ @@ -4651,8 +4651,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, #endif #ifdef WOLFSSL_SMALL_STACK - key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, - DYNAMIC_TYPE_TMP_BUFFER); + key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA); if (key == NULL) return MEMORY_E; #endif @@ -4697,7 +4696,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, } #ifdef WOLFSSL_SMALL_STACK - XFREE(key, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, heap, DYNAMIC_TYPE_RSA); #endif if (ret != 0) @@ -4805,7 +4804,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, #ifdef WOLFSSL_SMALL_STACK cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_DCERT); if (cert == NULL) return MEMORY_E; #endif @@ -4817,7 +4816,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, WOLFSSL_MSG("Decode to key failed"); FreeDecodedCert(cert); #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, heap, DYNAMIC_TYPE_DCERT); #endif return SSL_BAD_FILE; } @@ -4950,7 +4949,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, FreeDecodedCert(cert); #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, heap, DYNAMIC_TYPE_DCERT); #endif if (ret != 0) { @@ -5156,7 +5155,7 @@ int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER* cm, int options) #ifdef HAVE_CRL if (cm->crl == NULL) { cm->crl = (WOLFSSL_CRL*)XMALLOC(sizeof(WOLFSSL_CRL), cm->heap, - DYNAMIC_TYPE_CRL); + DYNAMIC_TYPE_CRL); if (cm->crl == NULL) return MEMORY_E; @@ -5209,7 +5208,7 @@ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff, #ifdef WOLFSSL_SMALL_STACK cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), cm->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_DCERT); if (cert == NULL) return MEMORY_E; #endif @@ -5224,9 +5223,9 @@ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff, #ifdef WOLFSSL_SMALL_STACK info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), cm->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_ENCRYPTEDINFO); if (info == NULL) { - XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT); return MEMORY_E; } #endif @@ -5239,15 +5238,15 @@ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff, if (ret != 0) { FreeDer(&der); #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(info, cm->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT); + XFREE(info, cm->heap, DYNAMIC_TYPE_ENCRYPTEDINFO); #endif return ret; } InitDecodedCert(cert, der->buffer, der->length, cm->heap); #ifdef WOLFSSL_SMALL_STACK - XFREE(info, cm->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(info, cm->heap, DYNAMIC_TYPE_ENCRYPTEDINFO); #endif } else @@ -5264,7 +5263,7 @@ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff, FreeDecodedCert(cert); FreeDer(&der); #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT); #endif return ret == 0 ? SSL_SUCCESS : ret; @@ -5390,8 +5389,7 @@ int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz) return SSL_SUCCESS; #ifdef WOLFSSL_SMALL_STACK - cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT); if (cert == NULL) return MEMORY_E; #endif @@ -5407,7 +5405,7 @@ int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz) FreeDecodedCert(cert); #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); #endif return ret == 0 ? SSL_SUCCESS : ret; @@ -5638,7 +5636,7 @@ int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, #ifdef WOLFSSL_SMALL_STACK ReadDirCtx* readCtx = NULL; readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), ctx->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_DIRCTX); if (readCtx == NULL) return MEMORY_E; #else @@ -5657,7 +5655,7 @@ int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, wc_ReadDirClose(readCtx); #ifdef WOLFSSL_SMALL_STACK - XFREE(readCtx, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(readCtx, ctx->heap, DYNAMIC_TYPE_DIRCTX); #endif #else ret = NOT_COMPILED_IN; @@ -5805,8 +5803,7 @@ int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz) return SSL_SUCCESS; #ifdef WOLFSSL_SMALL_STACK - cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT); if (cert == NULL) return MEMORY_E; #endif @@ -5822,7 +5819,7 @@ int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz) FreeDecodedCert(cert); #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); #endif return ret == 0 ? SSL_SUCCESS : ret; @@ -6046,7 +6043,7 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) else { #ifdef WOLFSSL_SMALL_STACK info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_ENCRYPTEDINFO); if (info == NULL) ret = MEMORY_E; else @@ -6055,7 +6052,7 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) ret = PemToDer(fileBuf, sz, CA_TYPE, &converted, 0, info, &ecc); #ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); #endif } } @@ -10264,12 +10261,12 @@ int wolfSSL_set_compression(WOLFSSL* ssl) der->length = (word32)sz; #ifdef WOLFSSL_SMALL_STACK - p = (byte*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); - g = (byte*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + p = (byte*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + g = (byte*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY); if (p == NULL || g == NULL) { - XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(g, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(p, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(g, NULL, DYNAMIC_TYPE_PUBLIC_KEY); return MEMORY_E; } #endif @@ -10304,8 +10301,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) FreeDer(&der); #ifdef WOLFSSL_SMALL_STACK - XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(g, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(p, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(g, NULL, DYNAMIC_TYPE_PUBLIC_KEY); #endif return ret; @@ -11249,7 +11246,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #endif #ifdef WOLFSSL_SMALL_STACK - md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER); + md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_HASHCTX); if (md5 == NULL) return 0; #endif @@ -11260,7 +11257,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) if (wc_InitMd5(md5) != 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(md5, NULL, DYNAMIC_TYPE_HASHCTX); #endif return 0; } @@ -11268,7 +11265,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) /* only support MD5 for now */ if (XSTRNCMP(md, "MD5", 3) != 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(md5, NULL, DYNAMIC_TYPE_HASHCTX); #endif return 0; } @@ -11302,7 +11299,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #endif /* NO_AES */ { #ifdef WOLFSSL_SMALL_STACK - XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(md5, NULL, DYNAMIC_TYPE_HASHCTX); #endif return 0; } @@ -11347,7 +11344,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } #ifdef WOLFSSL_SMALL_STACK - XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(md5, NULL, DYNAMIC_TYPE_HASHCTX); #endif return keyOutput == (keyLen + ivLen) ? keyOutput : 0; @@ -11788,7 +11785,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) WOLFSSL_EVP_MD_CTX* ctx; WOLFSSL_ENTER("EVP_MD_CTX_new"); ctx = (WOLFSSL_EVP_MD_CTX*)XMALLOC(sizeof *ctx, NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_OPENSSL); if (ctx){ wolfSSL_EVP_MD_CTX_init(ctx); } @@ -11800,7 +11797,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (ctx) { WOLFSSL_ENTER("EVP_MD_CTX_free"); wolfSSL_EVP_MD_CTX_cleanup(ctx); - XFREE(ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL); } } @@ -12761,7 +12758,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) return NULL; #ifdef WOLFSSL_SMALL_STACK - hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, DYNAMIC_TYPE_TMP_BUFFER); + hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, DYNAMIC_TYPE_HMAC); if (hmac == NULL) return NULL; #endif @@ -12781,7 +12778,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) } #ifdef WOLFSSL_SMALL_STACK - XFREE(hmac, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(hmac, heap, DYNAMIC_TYPE_HMAC); #endif return ret; @@ -13104,7 +13101,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) #ifdef WOLFSSL_SMALL_STACK cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_DCERT); if (cert == NULL) return MEMORY_E; #endif @@ -13118,7 +13115,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) FreeDecodedCert(cert); } #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); #endif return ret; @@ -13846,7 +13843,7 @@ WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len) #ifdef WOLFSSL_SMALL_STACK cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_DCERT); if (cert == NULL) return NULL; #endif @@ -13865,7 +13862,7 @@ WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len) } FreeDecodedCert(cert); #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); #endif } @@ -13998,7 +13995,7 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer( #ifdef WOLFSSL_SMALL_STACK info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_ENCRYPTEDINFO); if (info == NULL) { return NULL; } @@ -14013,7 +14010,7 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer( } #ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); #endif } else { @@ -14034,7 +14031,7 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer( #ifdef WOLFSSL_SMALL_STACK cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_DCERT); if (cert != NULL) #endif { @@ -14053,7 +14050,7 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer( FreeDecodedCert(cert); #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); #endif } @@ -14929,7 +14926,7 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup, if (sz <= 0) goto end; - pem = (byte*)XMALLOC(sz, 0, DYNAMIC_TYPE_TMP_BUFFER); + pem = (byte*)XMALLOC(sz, 0, DYNAMIC_TYPE_PEM); if (pem == NULL) { ret = MEMORY_ERROR; goto end; @@ -14983,7 +14980,7 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup, end: if (pem != NULL) - XFREE(pem, 0, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pem, 0, DYNAMIC_TYPE_PEM); XFCLOSE(fp); return ret; #else @@ -15093,7 +15090,7 @@ WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12) size = ret; ret = wc_d2i_PKCS12(mem, size, localPkcs12); - if (ret <= 0) { + if (ret < 0) { WOLFSSL_MSG("Failed to get PKCS12 sequence"); wc_PKCS12_free(localPkcs12); if (pkcs12 != NULL) { @@ -15953,13 +15950,13 @@ long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh) if (pSz <= 0 || gSz <= 0) return SSL_FATAL_ERROR; - p = (byte*)XMALLOC(pSz, ssl->heap, DYNAMIC_TYPE_DH_BUFFER); + p = (byte*)XMALLOC(pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (!p) return MEMORY_E; - g = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_DH_BUFFER); + g = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (!g) { - XFREE(p, ssl->heap, DYNAMIC_TYPE_DH_BUFFER); + XFREE(p, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); return MEMORY_E; } @@ -15969,8 +15966,8 @@ long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh) if (pSz >= 0 && gSz >= 0) /* Conversion successful */ ret = wolfSSL_SetTmpDH(ssl, p, pSz, g, gSz); - XFREE(p, ssl->heap, DYNAMIC_TYPE_DH_BUFFER); - XFREE(g, ssl->heap, DYNAMIC_TYPE_DH_BUFFER); + XFREE(p, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(g, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); return pSz > 0 && gSz > 0 ? ret : SSL_FATAL_ERROR; } @@ -16406,7 +16403,7 @@ long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) } chainSz += OPAQUE24_LEN + derSz; - chain = (byte*)XMALLOC(chainSz, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); + chain = (byte*)XMALLOC(chainSz, ctx->heap, DYNAMIC_TYPE_DER); if (chain == NULL) { WOLFSSL_MSG("Memory Error"); return SSL_FAILURE; @@ -16431,7 +16428,7 @@ long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) /* on success WOLFSSL_X509 memory is responsibility of ctx */ wolfSSL_X509_free(x509); if (chain != NULL) - XFREE(chain, ctx->heap, CERT_TYPE); + XFREE(chain, ctx->heap, DYNAMIC_TYPE_DER); return SSL_SUCCESS; } @@ -17110,7 +17107,7 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname) #ifdef WOLFSSL_SMALL_STACK info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_ENCRYPTEDINFO); if (info == NULL) ret = MEMORY_E; else @@ -17134,7 +17131,7 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname) } #ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); #endif } @@ -17190,7 +17187,7 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) WOLFSSL_ENTER("wolfSSL_RAND_bytes"); #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); if (tmpRNG == NULL) return ret; #endif @@ -17213,7 +17210,7 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) wc_FreeRng(tmpRNG); #ifdef WOLFSSL_SMALL_STACK - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); #endif return ret; @@ -17564,10 +17561,10 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom) #ifdef WOLFSSL_SMALL_STACK buff = (byte*)XMALLOC(1024, NULL, DYNAMIC_TYPE_TMP_BUFFER); - tmpRNG = (WC_RNG*) XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*) XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); if (buff == NULL || tmpRNG == NULL) { XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); return ret; } #endif @@ -17600,7 +17597,7 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom) #ifdef WOLFSSL_SMALL_STACK XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); #endif return ret; @@ -17657,7 +17654,7 @@ int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM** bn, const char* str) WOLFSSL_MSG("wolfSSL_BN_hex2bn"); #ifdef WOLFSSL_SMALL_STACK - decoded = (byte*)XMALLOC(decSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + decoded = (byte*)XMALLOC(decSz, NULL, DYNAMIC_TYPE_DER); if (decoded == NULL) return ret; #endif @@ -17681,7 +17678,7 @@ int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM** bn, const char* str) } #ifdef WOLFSSL_SMALL_STACK - XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, NULL, DYNAMIC_TYPE_DER); #endif return ret; @@ -18144,12 +18141,12 @@ static int SetDhInternal(WOLFSSL_DH* dh) WOLFSSL_MSG("Bad g internal size"); else { #ifdef WOLFSSL_SMALL_STACK - p = (unsigned char*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); - g = (unsigned char*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + p = (unsigned char*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + g = (unsigned char*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY); if (p == NULL || g == NULL) { - XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(g, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(p, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(g, NULL, DYNAMIC_TYPE_PUBLIC_KEY); return ret; } #endif @@ -18167,8 +18164,8 @@ static int SetDhInternal(WOLFSSL_DH* dh) } #ifdef WOLFSSL_SMALL_STACK - XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(g, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(p, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(g, NULL, DYNAMIC_TYPE_PUBLIC_KEY); #endif } @@ -18213,14 +18210,14 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh) WOLFSSL_MSG("wolfSSL_DH_generate_key"); #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); - pub = (unsigned char*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); - priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); + pub = (unsigned char*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_PRIVATE_KEY); if (tmpRNG == NULL || pub == NULL || priv == NULL) { - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); + XFREE(pub, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(priv, NULL, DYNAMIC_TYPE_PRIVATE_KEY); return ret; } #endif @@ -18277,9 +18274,9 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh) wc_FreeRng(tmpRNG); #ifdef WOLFSSL_SMALL_STACK - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); + XFREE(pub, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(priv, NULL, DYNAMIC_TYPE_PRIVATE_KEY); #endif return ret; @@ -18307,13 +18304,13 @@ int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* otherPub, WOLFSSL_MSG("wolfSSL_DH_compute_key"); #ifdef WOLFSSL_SMALL_STACK - pub = (unsigned char*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pub = (unsigned char*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY); if (pub == NULL) return ret; - priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_PRIVATE_KEY); if (priv == NULL) { - XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub, NULL, DYNAMIC_TYPE_PUBLIC_KEY); return ret; } #endif @@ -18340,8 +18337,8 @@ int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* otherPub, } #ifdef WOLFSSL_SMALL_STACK - XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(priv, NULL, DYNAMIC_TYPE_PRIVATE_KEY); #endif return ret; @@ -18908,7 +18905,7 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn, #endif #ifdef WOLFSSL_SMALL_STACK - rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); if (rng == NULL) return SSL_FAILURE; #endif @@ -18927,7 +18924,7 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn, wc_FreeRng(rng); #ifdef WOLFSSL_SMALL_STACK - XFREE(rng, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rng, NULL, DYNAMIC_TYPE_RNG); #endif } #else @@ -19031,7 +19028,7 @@ int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa) #endif #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); if (tmpRNG == NULL) return SSL_FATAL_ERROR; #endif @@ -19060,7 +19057,7 @@ int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa) wc_FreeRng(tmpRNG); #ifdef WOLFSSL_SMALL_STACK - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); #endif } #else /* WOLFSSL_KEY_GEN */ @@ -19104,7 +19101,7 @@ int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits, #endif #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); if (tmpRNG == NULL) return SSL_FATAL_ERROR; #endif @@ -19134,7 +19131,7 @@ int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits, wc_FreeRng(tmpRNG); #ifdef WOLFSSL_SMALL_STACK - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); #endif } #else /* WOLFSSL_KEY_GEN */ @@ -19175,7 +19172,7 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, } #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); if (tmpRNG == NULL) return SSL_FATAL_ERROR; #endif @@ -19202,7 +19199,7 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, if (initTmpRng) wc_FreeRng(tmpRNG); #ifdef WOLFSSL_SMALL_STACK - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); #endif return ret; @@ -19304,14 +19301,14 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m, outLen = (word32)wolfSSL_BN_num_bytes(rsa->n); #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); if (tmpRNG == NULL) return 0; encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_SIGNATURE); if (encodedSig == NULL) { - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); return 0; } #endif @@ -19356,8 +19353,8 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m, wc_FreeRng(tmpRNG); #ifdef WOLFSSL_SMALL_STACK - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); + XFREE(encodedSig, NULL, DYNAMIC_TYPE_SIGNATURE); #endif if (ret == SSL_SUCCESS) @@ -19865,7 +19862,7 @@ static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, #ifdef WOLFSSL_SMALL_STACK info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_ENCRYPTEDINFO); if (info == NULL) { WOLFSSL_MSG("malloc failed"); return SSL_FAILURE; @@ -19883,7 +19880,7 @@ static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, else { WOLFSSL_MSG("unsupported cipher"); #ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); #endif return SSL_FAILURE; } @@ -19896,7 +19893,7 @@ static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, if (wolfSSL_RAND_bytes(info->iv, info->ivSz) != SSL_SUCCESS) { WOLFSSL_MSG("generate iv failed"); #ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); #endif return SSL_FAILURE; } @@ -19913,7 +19910,7 @@ static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, passwd, passwdSz, info) != SSL_SUCCESS) { WOLFSSL_MSG("encrypt key failed"); #ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); #endif return SSL_FAILURE; } @@ -19921,11 +19918,11 @@ static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, /* create cipher info : 'cipher_name,Salt(hex)' */ cipherInfoSz = (word32)(2*info->ivSz + XSTRLEN(info->name) + 2); *cipherInfo = (byte*)XMALLOC(cipherInfoSz, NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_STRING); if (*cipherInfo == NULL) { WOLFSSL_MSG("malloc failed"); #ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); #endif return SSL_FAILURE; } @@ -19937,11 +19934,11 @@ static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, ret = Base16_Encode(info->iv, info->ivSz, *cipherInfo+idx, &cipherInfoSz); #ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); #endif if (ret != 0) { WOLFSSL_MSG("Base16_Encode failed"); - XFREE(*cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(*cipherInfo, NULL, DYNAMIC_TYPE_STRING); return SSL_FAILURE; } @@ -20050,7 +20047,7 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, */ der_max_len = 5 * wolfSSL_RSA_size(rsa) + AES_BLOCK_SIZE; - derBuf = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); + derBuf = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_DER); if (derBuf == NULL) { WOLFSSL_MSG("malloc failed"); return SSL_FAILURE; @@ -20060,7 +20057,7 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, derSz = wc_RsaKeyToDer((RsaKey*)rsa->internal, derBuf, der_max_len); if (derSz < 0) { WOLFSSL_MSG("wc_RsaKeyToDer failed"); - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); return SSL_FAILURE; } @@ -20072,7 +20069,7 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, passwd, passwdSz, &cipherInfo); if (ret != SSL_SUCCESS) { WOLFSSL_MSG("EncryptDerKey failed"); - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); return ret; } @@ -20083,12 +20080,12 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, else /* tmp buffer with a max size */ *plen = (derSz * 2) + sizeof(BEGIN_RSA_PRIV) + sizeof(END_RSA_PRIV); - tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_PEM); if (tmp == NULL) { WOLFSSL_MSG("malloc failed"); - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); if (cipherInfo != NULL) - XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING); return SSL_FAILURE; } @@ -20096,20 +20093,20 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, *plen = wc_DerToPemEx(derBuf, derSz, tmp, *plen, cipherInfo, PRIVATEKEY_TYPE); if (*plen <= 0) { WOLFSSL_MSG("wc_DerToPemEx failed"); - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); + XFREE(tmp, NULL, DYNAMIC_TYPE_PEM); if (cipherInfo != NULL) - XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING); return SSL_FAILURE; } - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); if (cipherInfo != NULL) - XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING); *pem = (byte*)XMALLOC((*plen)+1, NULL, DYNAMIC_TYPE_KEY); if (*pem == NULL) { WOLFSSL_MSG("malloc failed"); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, NULL, DYNAMIC_TYPE_PEM); return SSL_FAILURE; } XMEMSET(*pem, 0, (*plen)+1); @@ -20117,10 +20114,10 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, if (XMEMCPY(*pem, tmp, *plen) == NULL) { WOLFSSL_MSG("XMEMCPY failed"); XFREE(pem, NULL, DYNAMIC_TYPE_KEY); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, NULL, DYNAMIC_TYPE_PEM); return SSL_FAILURE; } - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, NULL, DYNAMIC_TYPE_PEM); return SSL_SUCCESS; } @@ -20572,7 +20569,7 @@ int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key) } #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); if (tmpRNG == NULL) return 0; #endif @@ -20592,7 +20589,7 @@ int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key) if (rng == NULL) { WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key failed to set RNG"); #ifdef WOLFSSL_SMALL_STACK - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); #endif return 0; } @@ -20601,7 +20598,7 @@ int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key) key->group->curve_nid) != MP_OKAY) { WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key wc_ecc_make_key failed"); #ifdef WOLFSSL_SMALL_STACK - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); #endif return 0; } @@ -20609,7 +20606,7 @@ int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key) if (initTmpRng) wc_FreeRng(tmpRNG); #ifdef WOLFSSL_SMALL_STACK - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); #endif if (SetECKeyExternal(key) != SSL_SUCCESS) { @@ -21245,7 +21242,7 @@ WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen, } #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); if (tmpRNG == NULL) return NULL; #endif @@ -21295,7 +21292,7 @@ WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen, if (initTmpRng) wc_FreeRng(tmpRNG); #ifdef WOLFSSL_SMALL_STACK - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); #endif return sig; @@ -21458,7 +21455,7 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc, */ der_max_len = 4 * wc_ecc_size((ecc_key*)ecc->internal) + AES_BLOCK_SIZE; - derBuf = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); + derBuf = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_DER); if (derBuf == NULL) { WOLFSSL_MSG("malloc failed"); return SSL_FAILURE; @@ -21468,7 +21465,7 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc, derSz = wc_EccKeyToDer((ecc_key*)ecc->internal, derBuf, der_max_len); if (derSz < 0) { WOLFSSL_MSG("wc_DsaKeyToDer failed"); - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); return SSL_FAILURE; } @@ -21480,7 +21477,7 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc, passwd, passwdSz, &cipherInfo); if (ret != SSL_SUCCESS) { WOLFSSL_MSG("EncryptDerKey failed"); - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); return ret; } @@ -21491,12 +21488,12 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc, else /* tmp buffer with a max size */ *plen = (derSz * 2) + sizeof(BEGIN_EC_PRIV) + sizeof(END_EC_PRIV); - tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_PEM); if (tmp == NULL) { WOLFSSL_MSG("malloc failed"); - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); if (cipherInfo != NULL) - XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING); return SSL_FAILURE; } @@ -21504,20 +21501,20 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc, *plen = wc_DerToPemEx(derBuf, derSz, tmp, *plen, cipherInfo, ECC_PRIVATEKEY_TYPE); if (*plen <= 0) { WOLFSSL_MSG("wc_DerToPemEx failed"); - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); + XFREE(tmp, NULL, DYNAMIC_TYPE_PEM); if (cipherInfo != NULL) - XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING); return SSL_FAILURE; } - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); if (cipherInfo != NULL) - XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING); *pem = (byte*)XMALLOC((*plen)+1, NULL, DYNAMIC_TYPE_KEY); if (*pem == NULL) { WOLFSSL_MSG("malloc failed"); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, NULL, DYNAMIC_TYPE_PEM); return SSL_FAILURE; } XMEMSET(*pem, 0, (*plen)+1); @@ -21525,10 +21522,10 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc, if (XMEMCPY(*pem, tmp, *plen) == NULL) { WOLFSSL_MSG("XMEMCPY failed"); XFREE(pem, NULL, DYNAMIC_TYPE_KEY); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, NULL, DYNAMIC_TYPE_PEM); return SSL_FAILURE; } - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, NULL, DYNAMIC_TYPE_PEM); return SSL_SUCCESS; } @@ -21633,7 +21630,7 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, */ der_max_len = 4 * wolfSSL_BN_num_bytes(dsa->g) + AES_BLOCK_SIZE; - derBuf = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); + derBuf = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_DER); if (derBuf == NULL) { WOLFSSL_MSG("malloc failed"); return SSL_FAILURE; @@ -21643,7 +21640,7 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, derSz = wc_DsaKeyToDer((DsaKey*)dsa->internal, derBuf, der_max_len); if (derSz < 0) { WOLFSSL_MSG("wc_DsaKeyToDer failed"); - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); return SSL_FAILURE; } @@ -21655,7 +21652,7 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, passwd, passwdSz, &cipherInfo); if (ret != SSL_SUCCESS) { WOLFSSL_MSG("EncryptDerKey failed"); - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); return ret; } @@ -21666,12 +21663,12 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, else /* tmp buffer with a max size */ *plen = (derSz * 2) + sizeof(BEGIN_DSA_PRIV) + sizeof(END_DSA_PRIV); - tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_PEM); if (tmp == NULL) { WOLFSSL_MSG("malloc failed"); - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); if (cipherInfo != NULL) - XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING); return SSL_FAILURE; } @@ -21679,20 +21676,20 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, *plen = wc_DerToPemEx(derBuf, derSz, tmp, *plen, cipherInfo, DSA_PRIVATEKEY_TYPE); if (*plen <= 0) { WOLFSSL_MSG("wc_DerToPemEx failed"); - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); + XFREE(tmp, NULL, DYNAMIC_TYPE_PEM); if (cipherInfo != NULL) - XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING); return SSL_FAILURE; } - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); if (cipherInfo != NULL) - XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING); *pem = (byte*)XMALLOC((*plen)+1, NULL, DYNAMIC_TYPE_KEY); if (*pem == NULL) { WOLFSSL_MSG("malloc failed"); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, NULL, DYNAMIC_TYPE_PEM); return SSL_FAILURE; } XMEMSET(*pem, 0, (*plen)+1); @@ -21700,10 +21697,10 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, if (XMEMCPY(*pem, tmp, *plen) == NULL) { WOLFSSL_MSG("XMEMCPY failed"); XFREE(pem, NULL, DYNAMIC_TYPE_KEY); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, NULL, DYNAMIC_TYPE_PEM); return SSL_FAILURE; } - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, NULL, DYNAMIC_TYPE_PEM); return SSL_SUCCESS; } @@ -22010,7 +22007,7 @@ WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx) if (chain != NULL) { #ifdef WOLFSSL_SMALL_STACK cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_DCERT); if (cert != NULL) #endif { @@ -22039,7 +22036,7 @@ WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx) FreeDecodedCert(cert); #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); #endif } } @@ -22473,7 +22470,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) if (l - i < 0) return NULL; - pem = (unsigned char*)XMALLOC(l - i, 0, DYNAMIC_TYPE_TMP_BUFFER); + pem = (unsigned char*)XMALLOC(l - i, 0, DYNAMIC_TYPE_PEM); if (pem == NULL) return NULL; pemAlloced = 1; @@ -22504,7 +22501,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) } if (pemAlloced) - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pem, NULL, DYNAMIC_TYPE_PEM); (void)cb; (void)u; @@ -23102,7 +23099,7 @@ WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bio, WOLFSSL_DH **x, XFSEEK(bio->file, 0, SEEK_SET); if (sz <= 0L) goto end; - mem = (unsigned char*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + mem = (unsigned char*)XMALLOC(sz, NULL, DYNAMIC_TYPE_PEM); if (mem == NULL) goto end; memAlloced = 1; @@ -23132,8 +23129,8 @@ WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bio, WOLFSSL_DH **x, } /* Load data in manually */ - p = (byte*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); - g = (byte*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + p = (byte*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + g = (byte*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY); if (p == NULL || g == NULL) goto end; @@ -23167,10 +23164,10 @@ WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bio, WOLFSSL_DH **x, } end: - if (memAlloced) XFREE(mem, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (memAlloced) XFREE(mem, NULL, DYNAMIC_TYPE_PEM); if (der != NULL) FreeDer(&der); - XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(g, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(p, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(g, NULL, DYNAMIC_TYPE_PUBLIC_KEY); return localDh; #else (void)bio; @@ -23249,13 +23246,13 @@ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh) if(pSz <= 0 || gSz <= 0) return SSL_FATAL_ERROR; - p = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_DH_BUFFER); + p = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); if(!p) return MEMORY_E; - g = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_DH_BUFFER); + g = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); if(!g) { - XFREE(p, ctx->heap, DYNAMIC_TYPE_DH_BUFFER); + XFREE(p, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); return MEMORY_E; } @@ -23265,8 +23262,8 @@ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh) if(pSz >= 0 && gSz >= 0) /* Conversion successful */ ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz); - XFREE(p, ctx->heap, DYNAMIC_TYPE_DH_BUFFER); - XFREE(g, ctx->heap, DYNAMIC_TYPE_DH_BUFFER); + XFREE(p, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(g, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); return pSz > 0 && gSz > 0 ? ret : SSL_FATAL_ERROR; } @@ -23785,7 +23782,7 @@ int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz, } #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); if (tmpRNG == NULL) return SSL_FAILURE; #endif @@ -23823,7 +23820,7 @@ int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz, wc_FreeRng(tmpRNG); #ifdef WOLFSSL_SMALL_STACK - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); #endif return ret; @@ -23933,7 +23930,7 @@ int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz, } #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); if (tmpRNG == NULL) return SSL_FATAL_ERROR; #endif @@ -23969,7 +23966,7 @@ int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz, wc_FreeRng(tmpRNG); #ifdef WOLFSSL_SMALL_STACK - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); #endif return ret; @@ -24701,8 +24698,7 @@ int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer, #ifdef WOLFSSL_SMALL_STACK - cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT); if (cert == NULL) return SSL_FAILURE; #endif @@ -24721,7 +24717,7 @@ int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer, } FreeDecodedCert(cert); #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); #endif if (ca == NULL) diff --git a/src/tls.c b/src/tls.c index 0baec3ccfd..c976e69803 100755 --- a/src/tls.c +++ b/src/tls.c @@ -81,7 +81,8 @@ /* compute p_hash for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1 PRF */ static int p_hash(byte* result, word32 resLen, const byte* secret, - word32 secLen, const byte* seed, word32 seedLen, int hash) + word32 secLen, const byte* seed, word32 seedLen, int hash, + void* heap, int devId) { word32 len = P_HASH_MAX_SIZE; word32 times; @@ -101,14 +102,14 @@ static int p_hash(byte* result, word32 resLen, const byte* secret, #endif #ifdef WOLFSSL_SMALL_STACK - previous = (byte*)XMALLOC(P_HASH_MAX_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); - current = (byte*)XMALLOC(P_HASH_MAX_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); - hmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_TMP_BUFFER); + previous = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST); + current = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST); + hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, DYNAMIC_TYPE_HMAC); if (previous == NULL || current == NULL || hmac == NULL) { - if (previous) XFREE(previous, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (current) XFREE(current, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (hmac) XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (previous) XFREE(previous, heap, DYNAMIC_TYPE_DIGEST); + if (current) XFREE(current, heap, DYNAMIC_TYPE_DIGEST); + if (hmac) XFREE(hmac, heap, DYNAMIC_TYPE_HMAC); return MEMORY_E; } @@ -153,7 +154,7 @@ static int p_hash(byte* result, word32 resLen, const byte* secret, lastTime = times - 1; - ret = wc_HmacInit(hmac, NULL, INVALID_DEVID); + ret = wc_HmacInit(hmac, heap, devId); if (ret == 0) { ret = wc_HmacSetKey(hmac, hash, secret, secLen); if (ret == 0) @@ -195,9 +196,9 @@ static int p_hash(byte* result, word32 resLen, const byte* secret, ForceZero(hmac, sizeof(Hmac)); #ifdef WOLFSSL_SMALL_STACK - XFREE(previous, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(current, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(previous, heap, DYNAMIC_TYPE_DIGEST); + XFREE(current, heap, DYNAMIC_TYPE_DIGEST); + XFREE(hmac, heap, DYNAMIC_TYPE_HMAC); #endif return ret; @@ -221,7 +222,7 @@ static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha) /* compute TLSv1 PRF (pseudo random function using HMAC) */ static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen, const byte* label, word32 labLen, const byte* seed, - word32 seedLen) + word32 seedLen, void* heap, int devId) { int ret = 0; word32 half = (secLen + 1) / 2; @@ -248,19 +249,19 @@ static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen, return BUFFER_E; #ifdef WOLFSSL_SMALL_STACK - md5_half = (byte*)XMALLOC(MAX_PRF_HALF, NULL, DYNAMIC_TYPE_TMP_BUFFER); - sha_half = (byte*)XMALLOC(MAX_PRF_HALF, NULL, DYNAMIC_TYPE_TMP_BUFFER); - labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, NULL, DYNAMIC_TYPE_TMP_BUFFER); - md5_result = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER); - sha_result = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER); + md5_half = (byte*)XMALLOC(MAX_PRF_HALF, heap, DYNAMIC_TYPE_DIGEST); + sha_half = (byte*)XMALLOC(MAX_PRF_HALF, heap, DYNAMIC_TYPE_DIGEST); + labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, heap, DYNAMIC_TYPE_SEED); + md5_result = (byte*)XMALLOC(MAX_PRF_DIG, heap, DYNAMIC_TYPE_DIGEST); + sha_result = (byte*)XMALLOC(MAX_PRF_DIG, heap, DYNAMIC_TYPE_DIGEST); if (md5_half == NULL || sha_half == NULL || labelSeed == NULL || md5_result == NULL || sha_result == NULL) { - if (md5_half) XFREE(md5_half, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha_half) XFREE(sha_half, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (labelSeed) XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (md5_result) XFREE(md5_result, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha_result) XFREE(sha_result, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (md5_half) XFREE(md5_half, heap, DYNAMIC_TYPE_DIGEST); + if (sha_half) XFREE(sha_half, heap, DYNAMIC_TYPE_DIGEST); + if (labelSeed) XFREE(labelSeed, heap, DYNAMIC_TYPE_SEED); + if (md5_result) XFREE(md5_result, heap, DYNAMIC_TYPE_DIGEST); + if (sha_result) XFREE(sha_result, heap, DYNAMIC_TYPE_DIGEST); return MEMORY_E; } @@ -276,19 +277,19 @@ static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen, XMEMCPY(labelSeed + labLen, seed, seedLen); if ((ret = p_hash(md5_result, digLen, md5_half, half, labelSeed, - labLen + seedLen, md5_mac)) == 0) { + labLen + seedLen, md5_mac, heap, devId)) == 0) { if ((ret = p_hash(sha_result, digLen, sha_half, half, labelSeed, - labLen + seedLen, sha_mac)) == 0) { + labLen + seedLen, sha_mac, heap, devId)) == 0) { get_xor(digest, digLen, md5_result, sha_result); } } #ifdef WOLFSSL_SMALL_STACK - XFREE(md5_half, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(sha_half, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(md5_result, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(sha_result, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(md5_half, heap, DYNAMIC_TYPE_DIGEST); + XFREE(sha_half, heap, DYNAMIC_TYPE_DIGEST); + XFREE(labelSeed, heap, DYNAMIC_TYPE_SEED); + XFREE(md5_result, heap, DYNAMIC_TYPE_DIGEST); + XFREE(sha_result, heap, DYNAMIC_TYPE_DIGEST); #endif return ret; @@ -301,7 +302,7 @@ static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen, use */ static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen, const byte* label, word32 labLen, const byte* seed, word32 seedLen, - int useAtLeastSha256, int hash_type) + int useAtLeastSha256, int hash_type, void* heap, int devId) { int ret = 0; @@ -316,8 +317,7 @@ static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen, return BUFFER_E; #ifdef WOLFSSL_SMALL_STACK - labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, NULL, - DYNAMIC_TYPE_TMP_BUFFER); + labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, heap, DYNAMIC_TYPE_SEED); if (labelSeed == NULL) return MEMORY_E; #endif @@ -330,16 +330,16 @@ static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen, if (hash_type < sha256_mac || hash_type == blake2b_mac) hash_type = sha256_mac; ret = p_hash(digest, digLen, secret, secLen, labelSeed, - labLen + seedLen, hash_type); + labLen + seedLen, hash_type, heap, devId); #ifdef WOLFSSL_SMALL_STACK - XFREE(labelSeed, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(labelSeed, heap, DYNAMIC_TYPE_SEED); #endif } #ifndef NO_OLD_TLS else { ret = doPRF(digest, digLen, secret, secLen, label, labLen, seed, - seedLen); + seedLen, heap, devId); } #endif @@ -403,7 +403,7 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) word32 hashSz = HSHASH_SZ; /* using allocate here to allow async hardware to use buffer directly */ - handshake_hash = (byte*)XMALLOC(hashSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + handshake_hash = (byte*)XMALLOC(hashSz, ssl->heap, DYNAMIC_TYPE_DIGEST); if (handshake_hash == NULL) return MEMORY_E; @@ -416,10 +416,11 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) ret = PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret, SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz, - IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); + IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm, + ssl->heap, ssl->devId); } - XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_DIGEST); return ret; } @@ -481,62 +482,71 @@ static const byte ext_master_label[EXT_MASTER_LABEL_SZ + 1] = static const byte master_label[MASTER_LABEL_SZ + 1] = "master secret"; static const byte key_label [KEY_LABEL_SZ + 1] = "key expansion"; - -/* External facing wrapper so user can call as well, 0 on success */ -int wolfSSL_DeriveTlsKeys(byte* key_data, word32 keyLen, +static int _DeriveTlsKeys(byte* key_dig, word32 key_dig_len, const byte* ms, word32 msLen, const byte* sr, const byte* cr, - int tls1_2, int hash_type) + int tls1_2, int hash_type, + void* heap, int devId) { byte seed[SEED_LEN]; XMEMCPY(seed, sr, RAN_LEN); XMEMCPY(seed + RAN_LEN, cr, RAN_LEN); - return PRF(key_data, keyLen, ms, msLen, key_label, KEY_LABEL_SZ, - seed, SEED_LEN, tls1_2, hash_type); + return PRF(key_dig, key_dig_len, ms, msLen, key_label, KEY_LABEL_SZ, + seed, SEED_LEN, tls1_2, hash_type, heap, devId); +} + +/* External facing wrapper so user can call as well, 0 on success */ +int wolfSSL_DeriveTlsKeys(byte* key_dig, word32 key_dig_len, + const byte* ms, word32 msLen, + const byte* sr, const byte* cr, + int tls1_2, int hash_type) +{ + return _DeriveTlsKeys(key_dig, key_dig_len, ms, msLen, sr, cr, tls1_2, + hash_type, NULL, INVALID_DEVID); } int DeriveTlsKeys(WOLFSSL* ssl) { int ret; - int length = 2 * ssl->specs.hash_size + - 2 * ssl->specs.key_size + - 2 * ssl->specs.iv_size; + int key_dig_len = 2 * ssl->specs.hash_size + + 2 * ssl->specs.key_size + + 2 * ssl->specs.iv_size; #ifdef WOLFSSL_SMALL_STACK - byte* key_data; + byte* key_dig; #else - byte key_data[MAX_PRF_DIG]; + byte key_dig[MAX_PRF_DIG]; #endif #ifdef WOLFSSL_SMALL_STACK - key_data = (byte*)XMALLOC(MAX_PRF_DIG, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (key_data == NULL) { + key_dig = (byte*)XMALLOC(MAX_PRF_DIG, ssl->heap, DYNAMIC_TYPE_DIGEST); + if (key_dig == NULL) { return MEMORY_E; } #endif - ret = wolfSSL_DeriveTlsKeys(key_data, length, - ssl->arrays->masterSecret, SECRET_LEN, - ssl->arrays->serverRandom, ssl->arrays->clientRandom, - IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); + ret = _DeriveTlsKeys(key_dig, key_dig_len, + ssl->arrays->masterSecret, SECRET_LEN, + ssl->arrays->serverRandom, ssl->arrays->clientRandom, + IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm, + ssl->heap, ssl->devId); if (ret == 0) - ret = StoreKeys(ssl, key_data); + ret = StoreKeys(ssl, key_dig); #ifdef WOLFSSL_SMALL_STACK - XFREE(key_data, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key_dig, ssl->heap, DYNAMIC_TYPE_DIGEST); #endif return ret; } - -/* External facing wrapper so user can call as well, 0 on success */ -int wolfSSL_MakeTlsMasterSecret(byte* ms, word32 msLen, +static int _MakeTlsMasterSecret(byte* ms, word32 msLen, const byte* pms, word32 pmsLen, const byte* cr, const byte* sr, - int tls1_2, int hash_type) + int tls1_2, int hash_type, + void* heap, int devId) { byte seed[SEED_LEN]; @@ -544,20 +554,40 @@ int wolfSSL_MakeTlsMasterSecret(byte* ms, word32 msLen, XMEMCPY(seed + RAN_LEN, sr, RAN_LEN); return PRF(ms, msLen, pms, pmsLen, master_label, MASTER_LABEL_SZ, - seed, SEED_LEN, tls1_2, hash_type); + seed, SEED_LEN, tls1_2, hash_type, heap, devId); +} + +/* External facing wrapper so user can call as well, 0 on success */ +int wolfSSL_MakeTlsMasterSecret(byte* ms, word32 msLen, + const byte* pms, word32 pmsLen, + const byte* cr, const byte* sr, + int tls1_2, int hash_type) +{ + return _MakeTlsMasterSecret(ms, msLen, pms, pmsLen, cr, sr, tls1_2, + hash_type, NULL, INVALID_DEVID); } #ifdef HAVE_EXTENDED_MASTER +static int _MakeTlsExtendedMasterSecret(byte* ms, word32 msLen, + const byte* pms, word32 pmsLen, + const byte* sHash, word32 sHashLen, + int tls1_2, int hash_type, + void* heap, int devId) +{ + return PRF(ms, msLen, pms, pmsLen, ext_master_label, EXT_MASTER_LABEL_SZ, + sHash, sHashLen, tls1_2, hash_type, heap, devId); +} + /* External facing wrapper so user can call as well, 0 on success */ int wolfSSL_MakeTlsExtendedMasterSecret(byte* ms, word32 msLen, const byte* pms, word32 pmsLen, const byte* sHash, word32 sHashLen, int tls1_2, int hash_type) { - return PRF(ms, msLen, pms, pmsLen, ext_master_label, EXT_MASTER_LABEL_SZ, - sHash, sHashLen, tls1_2, hash_type); + return _MakeTlsExtendedMasterSecret(ms, msLen, pms, pmsLen, sHash, sHashLen, + tls1_2, hash_type, NULL, INVALID_DEVID); } #endif /* HAVE_EXTENDED_MASTER */ @@ -571,29 +601,32 @@ int MakeTlsMasterSecret(WOLFSSL* ssl) byte* handshake_hash; word32 hashSz = HSHASH_SZ; - handshake_hash = (byte*)XMALLOC(HSHASH_SZ, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + handshake_hash = (byte*)XMALLOC(HSHASH_SZ, ssl->heap, + DYNAMIC_TYPE_DIGEST); if (handshake_hash == NULL) return MEMORY_E; ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz); if (ret < 0) { - XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_DIGEST); return ret; } - ret = wolfSSL_MakeTlsExtendedMasterSecret( + ret = _MakeTlsExtendedMasterSecret( ssl->arrays->masterSecret, SECRET_LEN, ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz, handshake_hash, hashSz, - IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); + IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm, + ssl->heap, ssl->devId); - XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_DIGEST); } else #endif - ret = wolfSSL_MakeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN, + ret = _MakeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN, ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz, ssl->arrays->clientRandom, ssl->arrays->serverRandom, - IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); + IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm, + ssl->heap, ssl->devId); if (ret == 0) { #ifdef SHOW_SECRETS @@ -625,7 +658,7 @@ int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* msk, unsigned int len, #endif #ifdef WOLFSSL_SMALL_STACK - seed = (byte*)XMALLOC(SEED_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER); + seed = (byte*)XMALLOC(SEED_LEN, ssl->heap, DYNAMIC_TYPE_SEED); if (seed == NULL) return MEMORY_E; #endif @@ -639,10 +672,11 @@ int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* msk, unsigned int len, ret = PRF((byte*)msk, len, ssl->arrays->masterSecret, SECRET_LEN, (const byte *)label, (word32)XSTRLEN(label), seed, SEED_LEN, - IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); + IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm, + ssl->heap, ssl->devId); #ifdef WOLFSSL_SMALL_STACK - XFREE(seed, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(seed, ssl->heap, DYNAMIC_TYPE_SEED); #endif return ret; @@ -843,7 +877,7 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); - ret = wc_HmacInit(&hmac, NULL, ssl->devId); + ret = wc_HmacInit(&hmac, ssl->heap, ssl->devId); if (ret != 0) return ret; @@ -1198,10 +1232,10 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, byte *input, word16 length, /* keep the list sent by client */ if (isRequest) { if (ssl->alpn_client_list != NULL) - XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_ALPN); ssl->alpn_client_list = (char *)XMALLOC(size, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_ALPN); if (ssl->alpn_client_list == NULL) return MEMORY_ERROR; } @@ -3669,9 +3703,9 @@ int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket, void* heap) /* Quantum-Safe-Hybrid */ /******************************************************************************/ -#if defined(HAVE_NTRU) && defined(HAVE_QSH) -static WC_RNG* rng; -static wolfSSL_Mutex* rngMutex; +#if defined(HAVE_NTRU) +static WC_RNG* gRng; +static wolfSSL_Mutex* gRngMutex; #endif #ifdef HAVE_QSH @@ -4130,7 +4164,7 @@ int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input, word16 length, /* allocate memory for buffer */ buf->length = offset; - buf->buffer = (byte*)XMALLOC(offset, NULL, DYNAMIC_TYPE_TMP_BUFFER); + buf->buffer = (byte*)XMALLOC(offset, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); if (buf->buffer == NULL) return MEMORY_E; @@ -4599,13 +4633,13 @@ static int TLSX_KeyShare_GenDhKey(WOLFSSL *ssl, KeyShareEntry* kse) /* Allocate space for the public key. */ dataSz = params->p_len; - keyData = (byte*)XMALLOC(dataSz, ssl->heap, DYNAMIC_TYPE_TLSX); + keyData = (byte*)XMALLOC(dataSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (keyData == NULL) { ret = MEMORY_E; goto end; } /* Allocate space for the private key. */ - key = (byte*)XMALLOC(keySz, ssl->heap, DYNAMIC_TYPE_TLSX); + key = (byte*)XMALLOC(keySz, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); if (key == NULL) { ret = MEMORY_E; goto end; @@ -4653,9 +4687,9 @@ end: if (ret != 0) { /* Data owned by key share entry otherwise. */ if (keyData != NULL) - XFREE(keyData, ssl->heap, DYNAMIC_TYPE_TLSX); + XFREE(keyData, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (key != NULL) - XFREE(key, ssl->heap, DYNAMIC_TYPE_TLSX); + XFREE(key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); } return ret; @@ -4715,7 +4749,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) curve25519_key* key; /* Allocate an ECC key to hold private key. */ key = (curve25519_key*)XMALLOC(sizeof(curve25519_key), - ssl->heap, DYNAMIC_TYPE_TLSX); + ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); if (key == NULL) { WOLFSSL_MSG("EccTempKey Memory error"); return MEMORY_E; @@ -4733,7 +4767,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) /* Allocate space for the public key. */ keyData = (byte*)XMALLOC(dataSize, ssl->heap, - DYNAMIC_TYPE_TLSX); + DYNAMIC_TYPE_PUBLIC_KEY); if (keyData == NULL) { WOLFSSL_MSG("Key data Memory error"); ret = MEMORY_E; @@ -4770,7 +4804,8 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) } /* Allocate an ECC key to hold private key. */ - eccKey = (ecc_key*)XMALLOC(sizeof(ecc_key), ssl->heap, DYNAMIC_TYPE_TLSX); + eccKey = (ecc_key*)XMALLOC(sizeof(ecc_key), ssl->heap, + DYNAMIC_TYPE_PRIVATE_KEY); if (eccKey == NULL) { WOLFSSL_MSG("EccTempKey Memory error"); return MEMORY_E; @@ -4791,7 +4826,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) goto end; /* Allocate space for the public key. */ - keyData = (byte*)XMALLOC(dataSize, ssl->heap, DYNAMIC_TYPE_TLSX); + keyData = (byte*)XMALLOC(dataSize, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (keyData == NULL) { WOLFSSL_MSG("Key data Memory error"); ret = MEMORY_E; @@ -4855,8 +4890,8 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap) while ((current = list) != NULL) { list = current->next; - XFREE(current->key, heap, DYNAMIC_TYPE_TLSX); - XFREE(current->ke, heap, DYNAMIC_TYPE_TLSX); + XFREE(current->key, heap, DYNAMIC_TYPE_PRIVATE_KEY); + XFREE(current->ke, heap, DYNAMIC_TYPE_PUBLIC_KEY); XFREE(current, heap, DYNAMIC_TYPE_TLSX); } @@ -5063,7 +5098,7 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) wc_ecc_free(ssl->peerEccKey); ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key), ssl->heap, - DYNAMIC_TYPE_TLSX); + DYNAMIC_TYPE_ECC); if (ssl->peerEccKey == NULL) { WOLFSSL_MSG("PeerEccKey Memory error"); return MEMORY_ERROR; @@ -5249,7 +5284,7 @@ static int TLSX_KeyShareEntry_Parse(WOLFSSL* ssl, byte* input, word16 length, return BUFFER_ERROR; /* Store a copy in the key share object. */ - ke = (byte*)XMALLOC(keLen, ssl->heap, DYNAMIC_TYPE_TLSX); + ke = (byte*)XMALLOC(keLen, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (ke == NULL) return MEMORY_E; XMEMCPY(ke, &input[offset], keLen); @@ -5479,7 +5514,7 @@ int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len, byte* data, if (data != NULL) { /* Keep the public key data and free when finished. */ if (keyShareEntry->ke != NULL) - XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_TLSX); + XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); keyShareEntry->ke = data; keyShareEntry->keLen = len; } @@ -5685,7 +5720,7 @@ int TLSX_KeyShare_Establish(WOLFSSL *ssl) /* Move private key to client entry. */ if (clientKSE->key != NULL) - XFREE(clientKSE->key, ssl->heap, DYNAMIC_TYPE_TLSX); + XFREE(clientKSE->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); clientKSE->key = serverKSE->key; serverKSE->key = NULL; clientKSE->keyLen = serverKSE->keyLen; @@ -6789,23 +6824,23 @@ static word32 GetEntropy(unsigned char* out, word32 num_bytes) { int ret = 0; - if (rng == NULL) { - if ((rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, + if (gRng == NULL) { + if ((gRng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TLSX)) == NULL) return DRBG_OUT_OF_MEMORY; - wc_InitRng(rng); + wc_InitRng(gRng); } - if (rngMutex == NULL) { - if ((rngMutex = (wolfSSL_Mutex*)XMALLOC(sizeof(wolfSSL_Mutex), NULL, + if (gRngMutex == NULL) { + if ((gRngMutex = (wolfSSL_Mutex*)XMALLOC(sizeof(wolfSSL_Mutex), NULL, DYNAMIC_TYPE_TLSX)) == NULL) return DRBG_OUT_OF_MEMORY; - wc_InitMutex(rngMutex); + wc_InitMutex(gRngMutex); } - ret |= wc_LockMutex(rngMutex); - ret |= wc_RNG_GenerateBlock(rng, out, num_bytes); - ret |= wc_UnLockMutex(rngMutex); + ret |= wc_LockMutex(gRngMutex); + ret |= wc_RNG_GenerateBlock(gRng, out, num_bytes); + ret |= wc_UnLockMutex(gRngMutex); if (ret != 0) return DRBG_ENTROPY_FAIL; diff --git a/src/tls13.c b/src/tls13.c index bacdd9ac69..f9fde02ede 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -916,7 +916,7 @@ static int BuildTls13HandshakeHmac(WOLFSSL* ssl, byte* key, byte* hash, return ret; /* Calculate the verify data. */ - ret = wc_HmacInit(&verifyHmac, ssl->heap, INVALID_DEVID); + ret = wc_HmacInit(&verifyHmac, ssl->heap, ssl->devId); if (ret == 0) { ret = wc_HmacSetKey(&verifyHmac, hashType, key, ssl->specs.hash_size); if (ret == 0) @@ -960,16 +960,16 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side) int ret; int i = 0; #ifdef WOLFSSL_SMALL_STACK - byte* key_data; + byte* key_dig; #else - byte key_data[MAX_PRF_DIG]; + byte key_dig[MAX_PRF_DIG]; #endif int deriveClient = 0; int deriveServer = 0; #ifdef WOLFSSL_SMALL_STACK - key_data = (byte*)XMALLOC(MAX_PRF_DIG, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (key_data == NULL) + key_dig = (byte*)XMALLOC(MAX_PRF_DIG, ssl->heap, DYNAMIC_TYPE_DIGEST); + if (key_dig == NULL) return MEMORY_E; #endif @@ -1031,7 +1031,7 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side) /* Derive the client key. */ WOLFSSL_MSG("Derive Client Key"); - ret = DeriveKey(ssl, &key_data[i], ssl->specs.key_size, + ret = DeriveKey(ssl, &key_dig[i], ssl->specs.key_size, ssl->arrays->clientSecret, writeKeyLabel, WRITE_KEY_LABEL_SZ, ssl->specs.mac_algorithm, 0); if (ret != 0) @@ -1040,7 +1040,7 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side) /* Derive the server key. */ WOLFSSL_MSG("Derive Server Key"); - ret = DeriveKey(ssl, &key_data[i], ssl->specs.key_size, + ret = DeriveKey(ssl, &key_dig[i], ssl->specs.key_size, ssl->arrays->serverSecret, writeKeyLabel, WRITE_KEY_LABEL_SZ, ssl->specs.mac_algorithm, 0); if (ret != 0) @@ -1049,7 +1049,7 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side) /* Derive the client IV. */ WOLFSSL_MSG("Derive Client IV"); - ret = DeriveKey(ssl, &key_data[i], ssl->specs.iv_size, + ret = DeriveKey(ssl, &key_dig[i], ssl->specs.iv_size, ssl->arrays->clientSecret, writeIVLabel, WRITE_IV_LABEL_SZ, ssl->specs.mac_algorithm, 0); if (ret != 0) @@ -1058,18 +1058,18 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side) /* Derive the server IV. */ WOLFSSL_MSG("Derive Server IV"); - ret = DeriveKey(ssl, &key_data[i], ssl->specs.iv_size, + ret = DeriveKey(ssl, &key_dig[i], ssl->specs.iv_size, ssl->arrays->serverSecret, writeIVLabel, WRITE_IV_LABEL_SZ, ssl->specs.mac_algorithm, 0); if (ret != 0) goto end; /* Store keys and IVs but don't activate them. */ - ret = StoreKeys(ssl, key_data); + ret = StoreKeys(ssl, key_dig); end: #ifdef WOLFSSL_SMALL_STACK - XFREE(key_data, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key_dig, ssl->heap, DYNAMIC_TYPE_DIGEST); #endif return ret; @@ -1635,7 +1635,7 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input, if (ssl->encrypt.nonce == NULL) ssl->encrypt.nonce = (byte*)XMALLOC(AEAD_NONCE_SZ, - ssl->heap, DYNAMIC_TYPE_AES); + ssl->heap, DYNAMIC_TYPE_AES_BUFFER); if (ssl->encrypt.nonce == NULL) return MEMORY_E; @@ -1841,7 +1841,7 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz) if (ssl->decrypt.nonce == NULL) ssl->decrypt.nonce = (byte*)XMALLOC(AEAD_NONCE_SZ, - ssl->heap, DYNAMIC_TYPE_AES); + ssl->heap, DYNAMIC_TYPE_AES_BUFFER); if (ssl->decrypt.nonce == NULL) return MEMORY_E; @@ -3733,7 +3733,7 @@ static int CheckRSASignature(WOLFSSL* ssl, int sigAlgo, int hashAlgo, { #ifdef WOLFSSL_SMALL_STACK encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_SIGNATURE); if (encodedSig == NULL) { return MEMORY_E; } @@ -3750,7 +3750,7 @@ static int CheckRSASignature(WOLFSSL* ssl, int sigAlgo, int hashAlgo, #ifdef WOLFSSL_SMALL_STACK if (encodedSig != NULL) - XFREE(encodedSig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encodedSig, ssl->heap, DYNAMIC_TYPE_SIGNATURE); #endif } @@ -4036,7 +4036,6 @@ typedef struct Scv13Args { byte* verifySig; #endif byte* verify; /* not allocated */ - byte* input; word32 idx; word32 sigLen; int sendSz; @@ -4055,18 +4054,14 @@ static void FreeScv13Args(WOLFSSL* ssl, void* pArgs) #ifndef NO_RSA if (args->verifySig) { - XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE); args->verifySig = NULL; } #endif if (args->sigData) { - XFREE(args->sigData, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(args->sigData, ssl->heap, DYNAMIC_TYPE_SIGNATURE); args->sigData = NULL; } - if (args->input) { - XFREE(args->input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); - args->input = NULL; - } } /* Send the TLS v1.3 CertificateVerify message. @@ -4164,7 +4159,7 @@ int SendTls13CertificateVerify(WOLFSSL* ssl) /* Create the data to be signed. */ args->sigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_SIGNATURE); if (args->sigData == NULL) { ERROR_OUT(MEMORY_E, exit_scv); } @@ -4178,7 +4173,7 @@ int SendTls13CertificateVerify(WOLFSSL* ssl) /* build encoded signature buffer */ sig->length = MAX_ENCODED_SIG_SZ; sig->buffer = (byte*)XMALLOC(sig->length, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_SIGNATURE); if (sig->buffer == NULL) { ERROR_OUT(MEMORY_E, exit_scv); } @@ -4287,7 +4282,7 @@ int SendTls13CertificateVerify(WOLFSSL* ssl) if (ssl->hsType == DYNAMIC_TYPE_RSA) { if (args->verifySig == NULL) { args->verifySig = (byte*)XMALLOC(args->sigLen, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_SIGNATURE); if (args->verifySig == NULL) { ERROR_OUT(MEMORY_E, exit_scv); } @@ -4433,7 +4428,7 @@ static void FreeDcv13Args(WOLFSSL* ssl, void* pArgs) Dcv13Args* args = (Dcv13Args*)pArgs; if (args->sigData) { - XFREE(args->sigData, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(args->sigData, ssl->heap, DYNAMIC_TYPE_SIGNATURE); args->sigData = NULL; } @@ -4548,7 +4543,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, #endif sig->buffer = (byte*)XMALLOC(args->sz, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_SIGNATURE); if (sig->buffer == NULL) { ERROR_OUT(MEMORY_E, exit_dcv); } @@ -4560,7 +4555,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, WOLFSSL_MSG("Doing ECC peer cert verify"); args->sigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_SIGNATURE); if (args->sigData == NULL) { ERROR_OUT(MEMORY_E, exit_dcv); } @@ -4581,7 +4576,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, WOLFSSL_MSG("Doing ED25519 peer cert verify"); args->sigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_SIGNATURE); if (args->sigData == NULL) { ERROR_OUT(MEMORY_E, exit_dcv); } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index be2ac7aae8..03153a0f46 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -4491,12 +4491,12 @@ void FreeSignatureCtx(SignatureCtx* sigCtx) return; if (sigCtx->digest) { - XFREE(sigCtx->digest, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(sigCtx->digest, sigCtx->heap, DYNAMIC_TYPE_DIGEST); sigCtx->digest = NULL; } #ifndef NO_RSA if (sigCtx->plain) { - XFREE(sigCtx->plain, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(sigCtx->plain, sigCtx->heap, DYNAMIC_TYPE_SIGNATURE); sigCtx->plain = NULL; } #endif @@ -4641,7 +4641,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, case SIG_STATE_BEGIN: { sigCtx->digest = (byte*)XMALLOC(WC_MAX_DIGEST_SIZE, sigCtx->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_DIGEST); if (sigCtx->digest == NULL) { ERROR_OUT(MEMORY_E, exit_cs); } @@ -4675,7 +4675,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, sigCtx->key.rsa = (RsaKey*)XMALLOC(sizeof(RsaKey), sigCtx->heap, DYNAMIC_TYPE_RSA); sigCtx->plain = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, - sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER); + sigCtx->heap, DYNAMIC_TYPE_SIGNATURE); if (sigCtx->key.rsa == NULL || sigCtx->plain == NULL) { ERROR_OUT(MEMORY_E, exit_cs); } @@ -11236,7 +11236,7 @@ static int GetRevoked(const byte* buff, word32* idx, DecodedCRL* dcrl, end = *idx + len; rc = (RevokedCert*)XMALLOC(sizeof(RevokedCert), dcrl->heap, - DYNAMIC_TYPE_CRL); + DYNAMIC_TYPE_REVOKED); if (rc == NULL) { WOLFSSL_MSG("Alloc Revoked Cert failed"); return MEMORY_E; @@ -11244,7 +11244,7 @@ static int GetRevoked(const byte* buff, word32* idx, DecodedCRL* dcrl, if (GetSerialNumber(buff, idx, rc->serialNumber, &rc->serialSz, maxIdx) < 0) { - XFREE(rc, dcrl->heap, DYNAMIC_TYPE_CRL); + XFREE(rc, dcrl->heap, DYNAMIC_TYPE_REVOKED); return ASN_PARSE_E; } diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index f6e2caf21d..5756db6e11 100755 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -654,49 +654,55 @@ static int wc_DhGenerateKeyPair_Async(DhKey* key, WC_RNG* rng, int ret; #if defined(HAVE_INTEL_QA) - mp_int x; + word32 sz; + + /* verify prime is at least 768-bits */ + /* QAT HW must have prime at least 768-bits */ + sz = mp_unsigned_bin_size(&key->p); + if (sz >= (768/8)) { + mp_int x; + + ret = mp_init(&x); + if (ret != MP_OKAY) + return ret; + + ret = GeneratePrivateDh(key, rng, priv, privSz); + if (ret == 0) + ret = mp_read_unsigned_bin(&x, priv, *privSz); + if (ret == MP_OKAY) + ret = wc_mp_to_bigint(&x, &x.raw); + if (ret == MP_OKAY) + ret = wc_mp_to_bigint(&key->p, &key->p.raw); + if (ret == MP_OKAY) + ret = wc_mp_to_bigint(&key->g, &key->g.raw); + if (ret == MP_OKAY) + ret = IntelQaDhKeyGen(&key->asyncDev, &key->p.raw, &key->g.raw, + &x.raw, pub, pubSz); + mp_clear(&x); - ret = mp_init(&x); - if (ret != MP_OKAY) return ret; + } - ret = GeneratePrivateDh(key, rng, priv, privSz); - if (ret == 0) - ret = mp_read_unsigned_bin(&x, priv, *privSz); - if (ret == MP_OKAY) - ret = wc_mp_to_bigint(&x, &x.raw); - if (ret == MP_OKAY) - ret = wc_mp_to_bigint(&key->p, &key->p.raw); - if (ret == MP_OKAY) - ret = wc_mp_to_bigint(&key->g, &key->g.raw); - if (ret == MP_OKAY) - ret = IntelQaDhKeyGen(&key->asyncDev, &key->p.raw, &key->g.raw, - &x.raw, pub, pubSz); - mp_clear(&x); +#elif defined(HAVE_CAVIUM) + /* TODO: Not implemented - use software for now */ -#else - - #if defined(HAVE_CAVIUM) - /* TODO: Not implemented - use software for now */ - - #else /* WOLFSSL_ASYNC_CRYPT_TEST */ - WC_ASYNC_TEST* testDev = &key->asyncDev.test; - if (testDev->type == ASYNC_TEST_NONE) { - testDev->type = ASYNC_TEST_DH_GEN; - testDev->dhGen.key = key; - testDev->dhGen.rng = rng; - testDev->dhGen.priv = priv; - testDev->dhGen.privSz = privSz; - testDev->dhGen.pub = pub; - testDev->dhGen.pubSz = pubSz; - return WC_PENDING_E; - } - #endif +#else /* WOLFSSL_ASYNC_CRYPT_TEST */ + WC_ASYNC_TEST* testDev = &key->asyncDev.test; + if (testDev->type == ASYNC_TEST_NONE) { + testDev->type = ASYNC_TEST_DH_GEN; + testDev->dhGen.key = key; + testDev->dhGen.rng = rng; + testDev->dhGen.priv = priv; + testDev->dhGen.privSz = privSz; + testDev->dhGen.pub = pub; + testDev->dhGen.pubSz = pubSz; + return WC_PENDING_E; + } +#endif + /* otherwise use software DH */ ret = wc_DhGenerateKeyPair_Sync(key, rng, priv, privSz, pub, pubSz); -#endif /* HAVE_INTEL_QA */ - return ret; } #endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_DH */ diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c index 8719b4a56d..ea092e4594 100644 --- a/wolfcrypt/src/dsa.c +++ b/wolfcrypt/src/dsa.c @@ -90,13 +90,11 @@ void wc_FreeDsaKey(DsaKey* key) if (key->type == DSA_PRIVATE) mp_forcezero(&key->x); -#ifndef USE_FAST_MATH mp_clear(&key->x); mp_clear(&key->y); mp_clear(&key->g); mp_clear(&key->q); mp_clear(&key->p); -#endif } #ifdef WOLFSSL_KEY_GEN diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 2e5f84bcfe..a91c9a8612 100755 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -2583,10 +2583,8 @@ static int wc_ecc_cmp_param(const char* curveParam, } } -#ifndef USE_FAST_MATH mp_clear(&a); mp_clear(&b); -#endif return err; } @@ -2933,7 +2931,7 @@ static int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order) #endif #ifdef WOLFSSL_SMALL_STACK - buf = (byte*)XMALLOC(ECC_MAXSIZE_GEN, NULL, DYNAMIC_TYPE_TMP_BUFFER); + buf = (byte*)XMALLOC(ECC_MAXSIZE_GEN, NULL, DYNAMIC_TYPE_ECC_BUFFER); if (buf == NULL) return MEMORY_E; #endif @@ -2964,7 +2962,7 @@ static int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order) ForceZero(buf, ECC_MAXSIZE); #ifdef WOLFSSL_SMALL_STACK - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(buf, NULL, DYNAMIC_TYPE_ECC_BUFFER); #endif return err; @@ -3655,13 +3653,13 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA, } /* allocate memory */ - tA = (unsigned char*)XMALLOC(ECC_BUFSIZE, heap, DYNAMIC_TYPE_TMP_BUFFER); + tA = (unsigned char*)XMALLOC(ECC_BUFSIZE, heap, DYNAMIC_TYPE_ECC_BUFFER); if (tA == NULL) { return GEN_MEM_ERR; } - tB = (unsigned char*)XMALLOC(ECC_BUFSIZE, heap, DYNAMIC_TYPE_TMP_BUFFER); + tB = (unsigned char*)XMALLOC(ECC_BUFSIZE, heap, DYNAMIC_TYPE_ECC_BUFFER); if (tB == NULL) { - XFREE(tA, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tA, heap, DYNAMIC_TYPE_ECC_BUFFER); return GEN_MEM_ERR; } @@ -3834,8 +3832,8 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA, ForceZero(tA, ECC_BUFSIZE); ForceZero(tB, ECC_BUFSIZE); - XFREE(tA, heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tB, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tA, heap, DYNAMIC_TYPE_ECC_BUFFER); + XFREE(tB, heap, DYNAMIC_TYPE_ECC_BUFFER); return err; } @@ -4356,7 +4354,7 @@ int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out, out[0] = 0x04; #ifdef WOLFSSL_SMALL_STACK - buf = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + buf = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER); if (buf == NULL) return MEMORY_E; #endif @@ -4381,7 +4379,7 @@ int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out, done: #ifdef WOLFSSL_SMALL_STACK - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(buf, NULL, DYNAMIC_TYPE_ECC_BUFFER); #endif #endif /* WOLFSSL_ATECC508A */ @@ -4442,7 +4440,7 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen) out[0] = 0x04; #ifdef WOLFSSL_SMALL_STACK - buf = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + buf = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER); if (buf == NULL) return MEMORY_E; #endif @@ -4465,7 +4463,7 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen) done: #ifdef WOLFSSL_SMALL_STACK - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(buf, NULL, DYNAMIC_TYPE_ECC_BUFFER); #endif #endif /* WOLFSSL_ATECC508A */ @@ -6242,7 +6240,7 @@ static int accel_fp_mul(int idx, mp_int* k, ecc_point *R, mp_int* a, /* store k */ #ifdef WOLFSSL_SMALL_STACK - kb = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + kb = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER); if (kb == NULL) { err = MEMORY_E; goto done; } @@ -6318,7 +6316,7 @@ done: mp_clear(&tk); #ifdef WOLFSSL_SMALL_STACK - XFREE(kb, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(kb, NULL, DYNAMIC_TYPE_ECC_BUFFER); #endif #undef KB_SIZE @@ -6425,7 +6423,7 @@ static int accel_fp_mul2add(int idx1, int idx2, /* store k */ #ifdef WOLFSSL_SMALL_STACK - kb[0] = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + kb[0] = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER); if (kb[0] == NULL) { err = MEMORY_E; goto done; } @@ -6450,7 +6448,7 @@ static int accel_fp_mul2add(int idx1, int idx2, /* store b */ #ifdef WOLFSSL_SMALL_STACK - kb[1] = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + kb[1] = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER); if (kb[1] == NULL) { err = MEMORY_E; goto done; } @@ -6550,8 +6548,8 @@ done: ForceZero(kb[1], KB_SIZE); #ifdef WOLFSSL_SMALL_STACK - XFREE(kb[0], NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(kb[1], NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(kb[0], NULL, DYNAMIC_TYPE_ECC_BUFFER); + XFREE(kb[1], NULL, DYNAMIC_TYPE_ECC_BUFFER); #endif #undef KB_SIZE @@ -7131,13 +7129,13 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, return BUFFER_E; #ifdef WOLFSSL_SMALL_STACK - sharedSecret = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + sharedSecret = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER); if (sharedSecret == NULL) return MEMORY_E; - keys = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + keys = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER); if (keys == NULL) { - XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(sharedSecret, NULL, DYNAMIC_TYPE_ECC_BUFFER); return MEMORY_E; } #endif @@ -7220,8 +7218,8 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, *outSz = msgSz + digestSz; #ifdef WOLFSSL_SMALL_STACK - XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(keys, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(sharedSecret, NULL, DYNAMIC_TYPE_ECC_BUFFER); + XFREE(keys, NULL, DYNAMIC_TYPE_ECC_BUFFER); #endif return ret; @@ -7294,13 +7292,13 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, return BUFFER_E; #ifdef WOLFSSL_SMALL_STACK - sharedSecret = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + sharedSecret = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER); if (sharedSecret == NULL) return MEMORY_E; - keys = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + keys = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER); if (keys == NULL) { - XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(sharedSecret, NULL, DYNAMIC_TYPE_ECC_BUFFER); return MEMORY_E; } #endif @@ -7391,8 +7389,8 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, *outSz = msgSz - digestSz; #ifdef WOLFSSL_SMALL_STACK - XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(keys, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(sharedSecret, NULL, DYNAMIC_TYPE_ECC_BUFFER); + XFREE(keys, NULL, DYNAMIC_TYPE_ECC_BUFFER); #endif return ret; @@ -7856,7 +7854,7 @@ int wc_X963_KDF(enum wc_HashType type, const byte* secret, word32 secretSz, #ifdef WOLFSSL_SMALL_STACK hash = (wc_HashAlg*)XMALLOC(sizeof(wc_HashAlg), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_HASHES); if (hash == NULL) return MEMORY_E; #endif @@ -7864,7 +7862,7 @@ int wc_X963_KDF(enum wc_HashType type, const byte* secret, word32 secretSz, ret = wc_HashInit(hash, type); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(hash, NULL, DYNAMIC_TYPE_HASHES); #endif return ret; } @@ -7879,7 +7877,7 @@ int wc_X963_KDF(enum wc_HashType type, const byte* secret, word32 secretSz, ret = wc_HashUpdate(hash, type, secret, secretSz); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(hash, NULL, DYNAMIC_TYPE_HASHES); #endif return ret; } @@ -7887,7 +7885,7 @@ int wc_X963_KDF(enum wc_HashType type, const byte* secret, word32 secretSz, ret = wc_HashUpdate(hash, type, counter, sizeof(counter)); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(hash, NULL, DYNAMIC_TYPE_HASHES); #endif return ret; } @@ -7896,7 +7894,7 @@ int wc_X963_KDF(enum wc_HashType type, const byte* secret, word32 secretSz, ret = wc_HashUpdate(hash, type, sinfo, sinfoSz); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(hash, NULL, DYNAMIC_TYPE_HASHES); #endif return ret; } @@ -7905,7 +7903,7 @@ int wc_X963_KDF(enum wc_HashType type, const byte* secret, word32 secretSz, ret = wc_HashFinal(hash, type, tmp); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(hash, NULL, DYNAMIC_TYPE_HASHES); #endif return ret; } @@ -7918,7 +7916,7 @@ int wc_X963_KDF(enum wc_HashType type, const byte* secret, word32 secretSz, } #ifdef WOLFSSL_SMALL_STACK - XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(hash, NULL, DYNAMIC_TYPE_HASHES); #endif return 0; diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c index b96d2a6367..c233645bb3 100644 --- a/wolfcrypt/src/pkcs12.c +++ b/wolfcrypt/src/pkcs12.c @@ -43,6 +43,8 @@ #include +#define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; } + enum { WC_PKCS12_KeyBag = 667, WC_PKCS12_ShroudedKeyBag = 668, @@ -149,24 +151,25 @@ void wc_PKCS12_free(WC_PKCS12* pkcs12) heap = pkcs12->heap; if (pkcs12->safe != NULL) { - freeSafe(pkcs12->safe, heap); + freeSafe(pkcs12->safe, heap); } /* free mac data */ if (pkcs12->signData != NULL) { if (pkcs12->signData->digest != NULL) { - XFREE(pkcs12->signData->digest, heap, DYNAMIC_TYPE_PKCS); + XFREE(pkcs12->signData->digest, heap, DYNAMIC_TYPE_DIGEST); + pkcs12->signData->digest = NULL; } if (pkcs12->signData->salt != NULL) { - XFREE(pkcs12->signData->salt, heap, DYNAMIC_TYPE_PKCS); + XFREE(pkcs12->signData->salt, heap, DYNAMIC_TYPE_SALT); + pkcs12->signData->salt = NULL; } XFREE(pkcs12->signData, heap, DYNAMIC_TYPE_PKCS); + pkcs12->signData = NULL; } XFREE(pkcs12, NULL, DYNAMIC_TYPE_PKCS); pkcs12 = NULL; - - (void)heap; } @@ -254,9 +257,9 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input, word32 curIdx; ContentInfo* ci = NULL; - #ifdef WOLFSSL_DEBUG_PKCS12 - printf("\t\tlooking for Content Info.... "); - #endif + #ifdef WOLFSSL_DEBUG_PKCS12 + printf("\t\tlooking for Content Info.... "); + #endif if ((ret = GetSequence(input, &localIdx, &curSz, safe->dataSz)) < 0) { @@ -291,19 +294,19 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input, ci->data = (byte*)input + localIdx; localIdx += ci->dataSz; - #ifdef WOLFSSL_DEBUG_PKCS12 + #ifdef WOLFSSL_DEBUG_PKCS12 switch (oid) { case WC_PKCS12_ENCRYPTED_DATA: printf("CONTENT INFO: ENCRYPTED DATA, size = %d\n", ci->dataSz); break; - case WC_PKCS12_DATA: + case WC_PKCS12_DATA: printf("CONTENT INFO: DATA, size = %d\n", ci->dataSz); break; - default: + default: printf("CONTENT INFO: UNKNOWN, size = %d\n", ci->dataSz); } - #endif + #endif /* insert to head of list */ ci->next = safe->CI; @@ -315,7 +318,7 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input, pkcs12->safe = safe; *idx += localIdx; - return 1; + return ret; } @@ -328,7 +331,6 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx, word32 oid = 0; int size, ret; - /* Digest Info : Sequence * DigestAlgorithmIdentifier * Digest @@ -356,9 +358,9 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx, } mac->oid = oid; - #ifdef WOLFSSL_DEBUG_PKCS12 +#ifdef WOLFSSL_DEBUG_PKCS12 printf("\t\tALGO ID = %d\n", oid); - #endif +#endif /* Digest: should be octet type holding digest */ if (mem[curIdx++] != ASN_OCTET_STRING) { @@ -373,13 +375,13 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx, } mac->digestSz = size; mac->digest = (byte*)XMALLOC(mac->digestSz, pkcs12->heap, - DYNAMIC_TYPE_PKCS); + DYNAMIC_TYPE_DIGEST); if (mac->digest == NULL || mac->digestSz + curIdx > totalSz) { - XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS); - return MEMORY_E; + ERROR_OUT(MEMORY_E, exit_gsd); } XMEMCPY(mac->digest, mem + curIdx, mac->digestSz); - #ifdef WOLFSSL_DEBUG_PKCS12 + +#ifdef WOLFSSL_DEBUG_PKCS12 { byte* p; for (printf("\t\tDigest = "), p = (byte*)mem+curIdx; @@ -387,32 +389,27 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx, printf("%02X", *p), p++); printf(" : size = %d\n", mac->digestSz); } - #endif +#endif + curIdx += mac->digestSz; /* get salt, should be octet string */ if (mem[curIdx++] != ASN_OCTET_STRING) { WOLFSSL_MSG("Failed to get salt"); - XFREE(mac->digest, pkcs12->heap, DYNAMIC_TYPE_PKCS); - XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS); - return ASN_PARSE_E; + ERROR_OUT(ASN_PARSE_E, exit_gsd); } if ((ret = GetLength(mem, &curIdx, &size, totalSz)) <= 0) { - XFREE(mac->digest, pkcs12->heap, DYNAMIC_TYPE_PKCS); - XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS); - return ret; + goto exit_gsd; } mac->saltSz = size; - mac->salt = (byte*)XMALLOC(mac->saltSz, pkcs12->heap, - DYNAMIC_TYPE_PKCS); + mac->salt = (byte*)XMALLOC(mac->saltSz, pkcs12->heap, DYNAMIC_TYPE_SALT); if (mac->salt == NULL || mac->saltSz + curIdx > totalSz) { - XFREE(mac->digest, pkcs12->heap, DYNAMIC_TYPE_PKCS); - XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS); - return MEMORY_E; + ERROR_OUT(MEMORY_E, exit_gsd); } XMEMCPY(mac->salt, mem + curIdx, mac->saltSz); - #ifdef WOLFSSL_DEBUG_PKCS12 + +#ifdef WOLFSSL_DEBUG_PKCS12 { byte* p; for (printf("\t\tSalt = "), p = (byte*)mem + curIdx; @@ -420,7 +417,8 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx, printf("%02X", *p), p++); printf(" : size = %d\n", mac->saltSz); } - #endif +#endif + curIdx += mac->saltSz; /* check for MAC itterations, default to 1 */ @@ -439,8 +437,20 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx, *idx = curIdx; pkcs12->signData = mac; + ret = 0; /* success */ - return 0; +exit_gsd: + + /* failure cleanup */ + if (ret != 0) { + if (mac) { + if (mac->digest) + XFREE(mac->digest, pkcs12->heap, DYNAMIC_TYPE_DIGEST); + XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS); + } + } + + return ret; } @@ -472,7 +482,7 @@ static int wc_PKCS12_verify(WC_PKCS12* pkcs12, byte* data, word32 dataSz, } /* unicode set up from asn.c */ - if ( (pswSz * 2 + 2) > (int)sizeof(unicodePasswd)) { + if ((pswSz * 2 + 2) > (int)sizeof(unicodePasswd)) { WOLFSSL_MSG("PKCS12 max unicode size too small"); return UNICODE_SIZE_E; } @@ -487,34 +497,30 @@ static int wc_PKCS12_verify(WC_PKCS12* pkcs12, byte* data, word32 dataSz, /* get hash type used and resulting size of HMAC key */ switch (mac->oid) { - #ifndef NO_SHA + #ifndef NO_SHA case SHAh: /* 88 */ typeH = SHA; kLen = SHA_DIGEST_SIZE; break; - #endif - - #ifndef NO_SHA256 + #endif + #ifndef NO_SHA256 case SHA256h: /* 414 */ typeH = SHA256; kLen = SHA256_DIGEST_SIZE; break; - #endif - - #ifdef WOLFSSL_SHA384 + #endif + #ifdef WOLFSSL_SHA384 case SHA384h: /* 415 */ typeH = SHA384; kLen = SHA384_DIGEST_SIZE; break; - #endif - - #ifdef WOLFSSL_SHA512 + #endif + #ifdef WOLFSSL_SHA512 case SHA512h: /* 416 */ typeH = SHA512; kLen = SHA512_DIGEST_SIZE; break; - #endif - + #endif default: /* May be SHA224 or was just not built in */ WOLFSSL_MSG("Unsupported hash used"); return BAD_FUNC_ARG; @@ -527,7 +533,7 @@ static int wc_PKCS12_verify(WC_PKCS12* pkcs12, byte* data, word32 dataSz, } /* now that key has been created use it to get HMAC hash on data */ - if ((ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID)) != 0) { + if ((ret = wc_HmacInit(&hmac, pkcs12->heap, INVALID_DEVID)) != 0) { return ret; } ret = wc_HmacSetKey(&hmac, typeH, key, kLen); @@ -560,6 +566,7 @@ static int wc_PKCS12_verify(WC_PKCS12* pkcs12, byte* data, word32 dataSz, * der : pointer to der buffer holding PKCS12 * derSz : size of der buffer * pkcs12 : non-null pkcs12 pointer + * return 0 on success and negative on failure. */ int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12) { @@ -586,10 +593,10 @@ int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12) return ret; } - #ifdef WOLFSSL_DEBUG_PKCS12 +#ifdef WOLFSSL_DEBUG_PKCS12 printf("\nBEGIN: PKCS12 size = %d\n", totalSz); printf("version = %d\n", version); - #endif +#endif if (version != 3) { WOLFSSL_MSG("PKCS12 unsupported version!"); @@ -600,9 +607,9 @@ int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12) return ret; } - #ifdef WOLFSSL_DEBUG_PKCS12 +#ifdef WOLFSSL_DEBUG_PKCS12 printf("\tSEQUENCE: AuthenticatedSafe size = %d\n", size); - #endif +#endif if ((ret = GetSafeContent(pkcs12, der, &idx, size + idx)) < 0) { WOLFSSL_MSG("GetSafeContent error"); @@ -615,9 +622,9 @@ int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12) WOLFSSL_MSG("Ignoring unknown data at end of PKCS12 DER buffer"); } else { - #ifdef WOLFSSL_DEBUG_PKCS12 + #ifdef WOLFSSL_DEBUG_PKCS12 printf("\tSEQUENCE: Signature size = %d\n", size); - #endif + #endif if ((ret = GetSignData(pkcs12, der, &idx, totalSz)) < 0) { return ASN_PARSE_E; @@ -625,25 +632,26 @@ int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12) } } - #ifdef WOLFSSL_DEBUG_PKCS12 +#ifdef WOLFSSL_DEBUG_PKCS12 printf("END: PKCS12\n"); - #endif +#endif - return 1; + return ret; } /* helper function to free WC_DerCertList */ -static void freeCertList(WC_DerCertList* list, void* heap) { - WC_DerCertList* current; +static void freeCertList(WC_DerCertList* list, void* heap) +{ + WC_DerCertList* current = list; + WC_DerCertList* next; if (list == NULL) { return; } - current = list; - while(current != NULL) { - WC_DerCertList* next = current->next; + while (current != NULL) { + next = current->next; if (current->buffer != NULL) { XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS); } @@ -654,20 +662,42 @@ static void freeCertList(WC_DerCertList* list, void* heap) { (void)heap; } - -static void freeBuffers(byte* a, byte* b, void* heap) +static void freeDecCertList(WC_DerCertList** list, byte** pkey, word32* pkeySz, + byte** cert, word32* certSz, void* heap) { - if (a != NULL) { - XFREE(a, heap, DYNAMIC_TYPE_PKCS); + WC_DerCertList* current = *list; + WC_DerCertList* previous = NULL; + DecodedCert DeCert; + + while (current != NULL) { + + InitDecodedCert(&DeCert, current->buffer, current->bufferSz, heap); + if (ParseCertRelative(&DeCert, CERT_TYPE, NO_VERIFY, NULL) == 0) { + if (wc_CheckPrivateKey(*pkey, *pkeySz, &DeCert) == 1) { + WOLFSSL_MSG("Key Pair found"); + *cert = current->buffer; + *certSz = current->bufferSz; + + if (previous == NULL) { + *list = current->next; + } + else { + previous->next = current->next; + } + FreeDecodedCert(&DeCert); + XFREE(current, heap, DYNAMIC_TYPE_PKCS); + break; + } + } + FreeDecodedCert(&DeCert); + + previous = current; + current = current->next; } - if (b != NULL) { - XFREE(b, heap, DYNAMIC_TYPE_PKCS); - } - (void)heap; } -/* return 1 on success and 0 on failure. +/* return 0 on success and negative on failure. * By side effect returns private key, cert, and optionally ca. * Parses and decodes the parts of PKCS12 * @@ -693,15 +723,15 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, WOLFSSL_ENTER("wc_PKCS12_parse"); if (pkcs12 == NULL || psw == NULL || cert == NULL || certSz == NULL || - pkey == NULL || pkeySz == NULL) { + pkey == NULL || pkeySz == NULL) { return BAD_FUNC_ARG; } + pswSz = (int)XSTRLEN(psw); *cert = NULL; *pkey = NULL; - if (ca != NULL) { + if (ca != NULL) *ca = NULL; - } /* if there is sign data then verify the MAC */ if (pkcs12->signData != NULL ) { @@ -731,26 +761,18 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, WOLFSSL_MSG("Decrypting PKCS12 Content Info Container"); data = ci->data; if (data[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ASN_PARSE_E; + ERROR_OUT(ASN_PARSE_E, exit_pk12par); } if ((ret = GetLength(data, &idx, &size, ci->dataSz)) < 0) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ret; + goto exit_pk12par; } if ((ret = GetSequence(data, &idx, &size, ci->dataSz)) < 0) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ret; + goto exit_pk12par; } if ((ret = GetShortInt(data, &idx, &number, ci->dataSz)) < 0) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ret; + goto exit_pk12par; } if (number != 0) { @@ -758,39 +780,32 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, } if ((ret = GetSequence(data, &idx, &size, ci->dataSz)) < 0) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ret; + goto exit_pk12par; } ret = GetObjectId(data, &idx, &oid, oidIgnoreType, ci->dataSz); if (ret < 0 || oid != WC_PKCS12_DATA) { WOLFSSL_MSG("Not PKCS12 DATA object or get object parse error"); - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ASN_PARSE_E; + ERROR_OUT(ASN_PARSE_E, exit_pk12par); } /* decrypted content overwrites input buffer */ size = ci->dataSz - idx; buf = (byte*)XMALLOC(size, pkcs12->heap, DYNAMIC_TYPE_PKCS); if (buf == NULL) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return MEMORY_E; + ERROR_OUT(MEMORY_E, exit_pk12par); } XMEMCPY(buf, data + idx, size); if ((ret = DecryptContent(buf, size, psw, pswSz)) < 0) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); WOLFSSL_MSG("Decryption failed, algorithm not compiled in?"); - return ret; + goto exit_pk12par; } data = buf; idx = 0; - #ifdef WOLFSSL_DEBUG_PKCS12 + + #ifdef WOLFSSL_DEBUG_PKCS12 { byte* p; for (printf("\tData = "), p = (byte*)buf; @@ -798,56 +813,42 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, printf("%02X", *p), p++); printf("\n"); } - #endif + #endif } else { /* type DATA */ WOLFSSL_MSG("Parsing PKCS12 DATA Content Info Container"); data = ci->data; if (data[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ASN_PARSE_E; + ERROR_OUT(ASN_PARSE_E, exit_pk12par); } if ((ret = GetLength(data, &idx, &size, ci->dataSz)) <= 0) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ret; + goto exit_pk12par; } if (data[idx++] != ASN_OCTET_STRING) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ASN_PARSE_E; + ERROR_OUT(ASN_PARSE_E, exit_pk12par); } if ((ret = GetLength(data, &idx, &size, ci->dataSz)) < 0) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ret; + goto exit_pk12par; } } /* parse through bags in ContentInfo */ if ((ret = GetSequence(data, &idx, &totalSz, ci->dataSz)) < 0) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ret; + goto exit_pk12par; } totalSz += idx; while ((int)idx < totalSz) { int bagSz; if ((ret = GetSequence(data, &idx, &bagSz, ci->dataSz)) < 0) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ret; + goto exit_pk12par; } bagSz += idx; if ((ret = GetObjectId(data, &idx, &oid, oidIgnoreType, ci->dataSz)) < 0) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ret; + goto exit_pk12par; } switch (oid) { @@ -855,35 +856,30 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, WOLFSSL_MSG("PKCS12 Key Bag found"); if (data[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ASN_PARSE_E; + ERROR_OUT(ASN_PARSE_E, exit_pk12par); } if ((ret = GetLength(data, &idx, &size, ci->dataSz)) <= 0) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ASN_PARSE_E; + goto exit_pk12par; } if (*pkey == NULL) { *pkey = (byte*)XMALLOC(size, pkcs12->heap, - DYNAMIC_TYPE_PKCS); + DYNAMIC_TYPE_PUBLIC_KEY); if (*pkey == NULL) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return MEMORY_E; + ERROR_OUT(MEMORY_E, exit_pk12par); } XMEMCPY(*pkey, data + idx, size); *pkeySz = ToTraditional(*pkey, size); } - #ifdef WOLFSSL_DEBUG_PKCS12 - { - byte* p; - for (printf("\tKey = "), p = (byte*)*pkey; - p < (byte*)*pkey + size; - printf("%02X", *p), p++); - printf("\n"); - } - #endif + + #ifdef WOLFSSL_DEBUG_PKCS12 + { + byte* p; + for (printf("\tKey = "), p = (byte*)*pkey; + p < (byte*)*pkey + size; + printf("%02X", *p), p++); + printf("\n"); + } + #endif idx += size; break; @@ -893,42 +889,32 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, WOLFSSL_MSG("PKCS12 Shrouded Key Bag found"); if (data[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ASN_PARSE_E; + ERROR_OUT(ASN_PARSE_E, exit_pk12par); } if ((ret = GetLength(data, &idx, &size, ci->dataSz)) < 0) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ASN_PARSE_E; + goto exit_pk12par; } k = (byte*)XMALLOC(size, pkcs12->heap, - DYNAMIC_TYPE_PKCS); + DYNAMIC_TYPE_PUBLIC_KEY); if (k == NULL) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return MEMORY_E; + ERROR_OUT(MEMORY_E, exit_pk12par); } XMEMCPY(k, data + idx, size); /* overwrites input, be warned */ if ((ret = ToTraditionalEnc(k, size, psw, pswSz)) < 0) { - freeBuffers(k, NULL, pkcs12->heap); - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ret; + XFREE(k, pkcs12->heap, DYNAMIC_TYPE_PUBLIC_KEY); + goto exit_pk12par; } if (ret < size) { /* shrink key buffer */ k = (byte*)XREALLOC(k, ret, pkcs12->heap, - DYNAMIC_TYPE_PKCS); + DYNAMIC_TYPE_PUBLIC_KEY); if (k == NULL) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return MEMORY_E; + ERROR_OUT(MEMORY_E, exit_pk12par); } } size = ret; @@ -938,11 +924,11 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, *pkeySz = size; } else { /* only expecting one key */ - freeBuffers(k, NULL, pkcs12->heap); + XFREE(k, pkcs12->heap, DYNAMIC_TYPE_PUBLIC_KEY); } idx += size; - #ifdef WOLFSSL_DEBUG_PKCS12 + #ifdef WOLFSSL_DEBUG_PKCS12 { byte* p; for (printf("\tKey = "), p = (byte*)k; @@ -950,7 +936,7 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, printf("%02X", *p), p++); printf("\n"); } - #endif + #endif } break; @@ -960,28 +946,20 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, WOLFSSL_MSG("PKCS12 Cert Bag found"); if (data[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ASN_PARSE_E; + ERROR_OUT(ASN_PARSE_E, exit_pk12par); } if ((ret = GetLength(data, &idx, &size, ci->dataSz)) < 0) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ret; + goto exit_pk12par; } /* get cert bag type */ if ((ret = GetSequence(data, &idx, &size, ci->dataSz)) <0) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ret; + goto exit_pk12par; } if ((ret = GetObjectId(data, &idx, &oid, oidIgnoreType, ci->dataSz)) < 0) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ret; + goto exit_pk12par; } switch (oid) { @@ -990,26 +968,19 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, WOLFSSL_MSG("PKCS12 cert bag type 1"); if (data[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ASN_PARSE_E; + ERROR_OUT(ASN_PARSE_E, exit_pk12par); } if ((ret = GetLength(data, &idx, &size, ci->dataSz)) <= 0) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ret; + goto exit_pk12par; } if (data[idx++] != ASN_OCTET_STRING) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ASN_PARSE_E; + ERROR_OUT(ASN_PARSE_E, exit_pk12par); + } if ((ret = GetLength(data, &idx, &size, ci->dataSz)) < 0) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ret; + goto exit_pk12par; } break; default: @@ -1017,18 +988,14 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, } if (size + idx > (word32)bagSz) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return ASN_PARSE_E; + ERROR_OUT(ASN_PARSE_E, exit_pk12par); } /* list to hold all certs found */ node = (WC_DerCertList*)XMALLOC(sizeof(WC_DerCertList), pkcs12->heap, DYNAMIC_TYPE_PKCS); if (node == NULL) { - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return MEMORY_E; + ERROR_OUT(MEMORY_E, exit_pk12par); } XMEMSET(node, 0, sizeof(WC_DerCertList)); @@ -1036,9 +1003,7 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, DYNAMIC_TYPE_PKCS); if (node->buffer == NULL) { XFREE(node, pkcs12->heap, DYNAMIC_TYPE_PKCS); - freeBuffers(*pkey, buf, pkcs12->heap); - freeCertList(certList, pkcs12->heap); - return MEMORY_E; + ERROR_OUT(MEMORY_E, exit_pk12par); } XMEMCPY(node->buffer, data + idx, size); node->bufferSz = size; @@ -1085,47 +1050,17 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, XFREE(buf, pkcs12->heap, DYNAMIC_TYPE_PKCS); buf = NULL; } + ci = ci->next; WOLFSSL_MSG("Done Parsing PKCS12 Content Info Container"); } /* check if key pair, remove from list */ - { - WC_DerCertList* current = certList; - WC_DerCertList* previous = NULL; - - if (*pkey != NULL) { - - while (current != NULL) { - DecodedCert DeCert; - InitDecodedCert(&DeCert, current->buffer, current->bufferSz, - pkcs12->heap); - if (ParseCertRelative(&DeCert, CERT_TYPE, NO_VERIFY, NULL) == 0) { - if (wc_CheckPrivateKey(*pkey, *pkeySz, &DeCert) == 1) { - WOLFSSL_MSG("Key Pair found"); - *cert = current->buffer; - *certSz = current->bufferSz; - - if (previous == NULL) { - certList = current->next; - } - else { - previous->next = current->next; - } - FreeDecodedCert(&DeCert); - XFREE(current, pkcs12->heap, DYNAMIC_TYPE_PKCS); - break; - } - } - - FreeDecodedCert(&DeCert); - previous = current; - current = current->next; - } - - } + if (*pkey != NULL) { + freeDecCertList(&certList, pkey, pkeySz, cert, certSz, pkcs12->heap); } + /* if ca arg provided return certList, otherwise free it */ if (ca != NULL) { *ca = certList; } @@ -1134,7 +1069,25 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, freeCertList(certList, pkcs12->heap); } - return 1; + ret = 0; /* success */ + +exit_pk12par: + + if (ret != 0) { + /* failure cleanup */ + if (*pkey) { + XFREE(*pkey, pkcs12->heap, DYNAMIC_TYPE_PUBLIC_KEY); + *pkey = NULL; + } + if (buf) { + XFREE(buf, pkcs12->heap, DYNAMIC_TYPE_PKCS); + buf = NULL; + } + + freeCertList(certList, pkcs12->heap); + } + + return ret; } @@ -1160,5 +1113,6 @@ void* wc_PKCS12_GetHeap(WC_PKCS12* pkcs12) return pkcs12->heap; } -#endif /* !defined(NO_ASN) && !defined(NO_PWDBASED) */ +#undef ERROR_OUT +#endif /* !NO_ASN && !NO_PWDBASED */ diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 0c4e159d94..d04be1287f 100755 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -1033,7 +1033,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) } flatSignedAttribs = (byte*)XMALLOC(esd->signedAttribsSz, pkcs7->heap, - DYNAMIC_TYPE_PKCS); + DYNAMIC_TYPE_PKCS7); flatSignedAttribsSz = esd->signedAttribsSz; if (flatSignedAttribs == NULL) { #ifdef WOLFSSL_SMALL_STACK @@ -1053,7 +1053,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) flatSignedAttribsSz, esd); if (ret < 0) { if (pkcs7->signedAttribsSz != 0) - XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS); + XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #ifdef WOLFSSL_SMALL_STACK XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -1095,7 +1095,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) if (outputSz < totalSz) { if (pkcs7->signedAttribsSz != 0) - XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS); + XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #ifdef WOLFSSL_SMALL_STACK XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -1154,7 +1154,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) idx += esd->signedAttribSetSz; XMEMCPY(output + idx, flatSignedAttribs, flatSignedAttribsSz); idx += flatSignedAttribsSz; - XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS); + XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); } XMEMCPY(output + idx, esd->digEncAlgoId, esd->digEncAlgoIdSz); @@ -4168,7 +4168,7 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) attribs = (EncodedAttrib*)XMALLOC( sizeof(EncodedAttrib) * pkcs7->unprotectedAttribsSz, - pkcs7->heap, DYNAMIC_TYPE_PKCS); + pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (attribs == NULL) { XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -4180,9 +4180,9 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) pkcs7->unprotectedAttribs, pkcs7->unprotectedAttribsSz); - flatAttribs = (byte*)XMALLOC(attribsSz, pkcs7->heap, DYNAMIC_TYPE_PKCS); + flatAttribs = (byte*)XMALLOC(attribsSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (flatAttribs == NULL) { - XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS); + XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return MEMORY_E; @@ -4217,8 +4217,8 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) if (totalSz > (int)outputSz) { WOLFSSL_MSG("PKCS#7 output buffer too small"); if (pkcs7->unprotectedAttribsSz != 0) { - XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS); - XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS); + XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); } XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -4255,8 +4255,8 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) idx += attribsSetSz; XMEMCPY(output + idx, flatAttribs, attribsSz); idx += attribsSz; - XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS); - XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS); + XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); } XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -4298,7 +4298,7 @@ static int wc_PKCS7_DecodeUnprotectedAttributes(PKCS7* pkcs7, byte* pkiMsg, savedIdx = idx; attrib = (PKCS7DecodedAttrib*)XMALLOC(sizeof(PKCS7DecodedAttrib), - pkcs7->heap, DYNAMIC_TYPE_PKCS); + pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (attrib == NULL) { return MEMORY_E; } @@ -4306,38 +4306,38 @@ static int wc_PKCS7_DecodeUnprotectedAttributes(PKCS7* pkcs7, byte* pkiMsg, /* save attribute OID bytes and size */ if (GetObjectId(pkiMsg, &idx, &oid, oidIgnoreType, pkiMsgSz) < 0) { - XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS); + XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ASN_PARSE_E; } attrib->oidSz = idx - savedIdx; attrib->oid = (byte*)XMALLOC(attrib->oidSz, pkcs7->heap, - DYNAMIC_TYPE_PKCS); + DYNAMIC_TYPE_PKCS7); if (attrib->oid == NULL) { - XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS); + XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return MEMORY_E; } XMEMCPY(attrib->oid, pkiMsg + savedIdx, attrib->oidSz); /* save attribute value bytes and size */ if (GetSet(pkiMsg, &idx, &length, pkiMsgSz) < 0) { - XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS); - XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS); + XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ASN_PARSE_E; } if ((pkiMsgSz - idx) < (word32)length) { - XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS); - XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS); + XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ASN_PARSE_E; } attrib->valueSz = (word32)length; attrib->value = (byte*)XMALLOC(attrib->valueSz, pkcs7->heap, - DYNAMIC_TYPE_PKCS); + DYNAMIC_TYPE_PKCS7); if (attrib->value == NULL) { - XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS); - XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS); + XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return MEMORY_E; } XMEMCPY(attrib->value, pkiMsg + idx, attrib->valueSz); diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 1940bff1c2..783376eb77 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -530,14 +530,13 @@ int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId) #endif /* configure async RNG source if available */ -#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM) +#ifdef WOLFSSL_ASYNC_CRYPT ret = wolfAsync_DevCtxInit(&rng->asyncDev, WOLFSSL_ASYNC_MARKER_RNG, rng->heap, rng->devId); if (ret != 0) return ret; #endif - #ifdef HAVE_INTEL_RDRAND /* if CPU supports RDRAND, use it directly and by-pass DRBG init */ if (IS_INTEL_RDRAND) @@ -610,9 +609,16 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) return wc_GenerateRand_IntelRD(NULL, output, sz); #endif -#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM) +#if defined(WOLFSSL_ASYNC_CRYPT) if (rng->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RNG) { + /* these are blocking */ + #ifdef HAVE_CAVIUM return NitroxRngGenerateBlock(rng, output, sz); + #elif defined(HAVE_INTEL_QA) + return IntelQaDrbg(&rng->asyncDev, output, sz); + #else + /* simulator not supported */ + #endif } #endif @@ -685,7 +691,7 @@ int wc_FreeRng(WC_RNG* rng) if (rng == NULL) return BAD_FUNC_ARG; -#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM) +#if defined(WOLFSSL_ASYNC_CRYPT) wolfAsync_DevCtxFree(&rng->asyncDev, WOLFSSL_ASYNC_MARKER_RNG); #endif diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index fdf6a45c44..b55aaf3a38 100755 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -304,7 +304,7 @@ static int RsaMGF1(enum wc_HashType hType, byte* seed, word32 seedSz, /* find largest amount of memory needed which will be the max of * hLen and (seedSz + 4) since tmp is used to store the hash digest */ tmpSz = ((seedSz + 4) > (word32)hLen)? seedSz + 4: (word32)hLen; - tmp = (byte*)XMALLOC(tmpSz, heap, DYNAMIC_TYPE_TMP_BUFFER); + tmp = (byte*)XMALLOC(tmpSz, heap, DYNAMIC_TYPE_RSA_BUFFER); if (tmp == NULL) { return MEMORY_E; } @@ -331,7 +331,7 @@ static int RsaMGF1(enum wc_HashType hType, byte* seed, word32 seedSz, if ((ret = wc_Hash(hType, tmp, (seedSz + 4), tmp, tmpSz)) != 0) { /* check for if dynamic memory was needed, then free */ if (tmpF) { - XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER); } return ret; } @@ -344,7 +344,7 @@ static int RsaMGF1(enum wc_HashType hType, byte* seed, word32 seedSz, /* check for if dynamic memory was needed, then free */ if (tmpF) { - XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER); } return 0; @@ -437,13 +437,13 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, } #ifdef WOLFSSL_SMALL_STACK - lHash = (byte*)XMALLOC(hLen, heap, DYNAMIC_TYPE_TMP_BUFFER); + lHash = (byte*)XMALLOC(hLen, heap, DYNAMIC_TYPE_RSA_BUFFER); if (lHash == NULL) { return MEMORY_E; } - seed = (byte*)XMALLOC(hLen, heap, DYNAMIC_TYPE_TMP_BUFFER); + seed = (byte*)XMALLOC(hLen, heap, DYNAMIC_TYPE_RSA_BUFFER); if (seed == NULL) { - XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER); return MEMORY_E; } #else @@ -458,8 +458,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, if ((ret = wc_Hash(hType, optLabel, labelLen, lHash, hLen)) != 0) { WOLFSSL_MSG("OAEP hash type possibly not supported or lHash to small"); #ifdef WOLFSSL_SMALL_STACK - XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER); + XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER); #endif return ret; } @@ -475,8 +475,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, if ((word32)(2 * hLen + 2) > pkcsBlockLen) { WOLFSSL_MSG("OAEP pad error hash to big for RSA key size"); #ifdef WOLFSSL_SMALL_STACK - XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER); + XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER); #endif return BAD_FUNC_ARG; } @@ -484,8 +484,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, if (inputLen > (pkcsBlockLen - 2 * hLen - 2)) { WOLFSSL_MSG("OAEP pad error message too long"); #ifdef WOLFSSL_SMALL_STACK - XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER); + XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER); #endif return BAD_FUNC_ARG; } @@ -495,8 +495,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, psLen = pkcsBlockLen - inputLen - 2 * hLen - 2; if (pkcsBlockLen < inputLen) { /*make sure not writing over end of buffer */ #ifdef WOLFSSL_SMALL_STACK - XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER); + XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER); #endif return BUFFER_E; } @@ -513,8 +513,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, /* generate random seed */ if ((ret = wc_RNG_GenerateBlock(rng, seed, hLen)) != 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER); + XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER); #endif return ret; } @@ -523,8 +523,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, dbMask = (byte*)XMALLOC(pkcsBlockLen - hLen - 1, heap, DYNAMIC_TYPE_RSA); if (dbMask == NULL) { #ifdef WOLFSSL_SMALL_STACK - XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER); + XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER); #endif return MEMORY_E; } @@ -534,8 +534,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, if (ret != 0) { XFREE(dbMask, heap, DYNAMIC_TYPE_RSA); #ifdef WOLFSSL_SMALL_STACK - XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER); + XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER); #endif return ret; } @@ -556,8 +556,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, if ((ret = RsaMGF(mgf, pkcsBlock + hLen + 1, pkcsBlockLen - hLen - 1, pkcsBlock + 1, hLen, heap)) != 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER); + XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER); #endif return ret; } @@ -570,8 +570,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, } #ifdef WOLFSSL_SMALL_STACK - XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(lHash, heap, DYNAMIC_TYPE_RSA_BUFFER); + XFREE(seed, heap, DYNAMIC_TYPE_RSA_BUFFER); #endif (void)padValue; @@ -750,7 +750,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen, return BAD_FUNC_ARG; } - tmp = (byte*)XMALLOC(pkcsBlockLen, heap, DYNAMIC_TYPE_TMP_BUFFER); + tmp = (byte*)XMALLOC(pkcsBlockLen, heap, DYNAMIC_TYPE_RSA_BUFFER); if (tmp == NULL) { return MEMORY_E; } @@ -759,7 +759,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen, /* find seedMask value */ if ((ret = RsaMGF(mgf, (byte*)(pkcsBlock + (hLen + 1)), pkcsBlockLen - hLen - 1, tmp, hLen, heap)) != 0) { - XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER); return ret; } @@ -771,7 +771,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen, /* get dbMask value */ if ((ret = RsaMGF(mgf, tmp, hLen, tmp + hLen, pkcsBlockLen - hLen - 1, heap)) != 0) { - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, NULL, DYNAMIC_TYPE_RSA_BUFFER); return ret; } @@ -781,7 +781,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen, } /* done with use of tmp buffer */ - XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER); /* advance idx to index of PS and msg separator, account for PS size of 0*/ idx = hLen + 1 + hLen; @@ -829,32 +829,32 @@ static int RsaUnPad_PSS(byte *pkcsBlock, unsigned int pkcsBlockLen, if (pkcsBlock[pkcsBlockLen - 1] != 0xbc) return BAD_PADDING_E; - tmp = (byte*)XMALLOC(pkcsBlockLen, heap, DYNAMIC_TYPE_TMP_BUFFER); + tmp = (byte*)XMALLOC(pkcsBlockLen, heap, DYNAMIC_TYPE_RSA_BUFFER); if (tmp == NULL) { return MEMORY_E; } if ((ret = RsaMGF(mgf, pkcsBlock + pkcsBlockLen - 1 - hLen, hLen, tmp, pkcsBlockLen - 1 - hLen, heap)) != 0) { - XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER); return ret; } tmp[0] &= (1 << ((bits - 1) & 0x7)) - 1; for (i = 0; i < (int)(pkcsBlockLen - 1 - hLen - hLen - 1); i++) { if (tmp[i] != pkcsBlock[i]) { - XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER); return BAD_PADDING_E; } } if (tmp[i] != (pkcsBlock[i] ^ 0x01)) { - XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER); return BAD_PADDING_E; } for (i++; i < (int)(pkcsBlockLen - 1 - hLen); i++) pkcsBlock[i] ^= tmp[i]; - XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER); i = pkcsBlockLen - (RSA_PSS_PAD_SZ + 3 * hLen + 1); XMEMSET(pkcsBlock + i, 0, RSA_PSS_PAD_SZ); diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index a72dff3375..3afddfdd54 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -9186,6 +9186,7 @@ int scrypt_test(void) 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d, 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40 }; +#if !defined(BENCH_EMBEDDED) && !defined(HAVE_INTEL_QA) const byte verify3[] = { 0x70, 0x23, 0xbd, 0xcb, 0x3a, 0xfd, 0x73, 0x48, 0x46, 0x1c, 0x06, 0xcd, 0x81, 0xfd, 0x38, 0xeb, @@ -9196,6 +9197,7 @@ int scrypt_test(void) 0xe6, 0x1e, 0x85, 0xdc, 0x0d, 0x65, 0x1e, 0x40, 0xdf, 0xcf, 0x01, 0x7b, 0x45, 0x57, 0x58, 0x87 }; +#endif #ifdef SCRYPT_TEST_ALL /* Test case is very slow. * Use for confirmation after code change or new platform. @@ -9226,7 +9228,7 @@ int scrypt_test(void) return -6003; /* Don't run these test on embedded, since they use large mallocs */ -#ifndef BENCH_EMBEDDED +#if !defined(BENCH_EMBEDDED) && !defined(HAVE_INTEL_QA) ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13, (byte*)"SodiumChloride", 14, 14, 8, 1, sizeof(verify3)); if (ret != 0) @@ -9242,7 +9244,7 @@ int scrypt_test(void) if (XMEMCMP(derived, verify4, sizeof(verify4)) != 0) return -6007; #endif -#endif /* !BENCH_EMBEDDED */ +#endif /* !BENCH_EMBEDDED && !HAVE_INTEL_QA */ return 0; } diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index 6a6f104e54..1e72eb16e9 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -37,7 +37,11 @@ /* Maximum generate block length */ #ifndef RNG_MAX_BLOCK_LEN - #define RNG_MAX_BLOCK_LEN (0x10000) + #ifdef HAVE_INTEL_QA + #define RNG_MAX_BLOCK_LEN (0xFFFF) + #else + #define RNG_MAX_BLOCK_LEN (0x10000) + #endif #endif /* Size of the BRBG seed */ diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index bc1a0b021b..1eb69db140 100755 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -406,18 +406,35 @@ DYNAMIC_TYPE_PKCS = 56, DYNAMIC_TYPE_MUTEX = 57, DYNAMIC_TYPE_PKCS7 = 58, - DYNAMIC_TYPE_AES = 59, + DYNAMIC_TYPE_AES_BUFFER = 59, DYNAMIC_TYPE_WOLF_BIGINT = 60, DYNAMIC_TYPE_ASN1 = 61, DYNAMIC_TYPE_LOG = 62, DYNAMIC_TYPE_WRITEDUP = 63, - DYNAMIC_TYPE_DH_BUFFER = 64, + DYNAMIC_TYPE_PRIVATE_KEY = 64, DYNAMIC_TYPE_HMAC = 65, DYNAMIC_TYPE_ASYNC = 66, DYNAMIC_TYPE_ASYNC_NUMA = 67, DYNAMIC_TYPE_ASYNC_NUMA64 = 68, DYNAMIC_TYPE_CURVE25519 = 69, DYNAMIC_TYPE_ED25519 = 70, + DYNAMIC_TYPE_SECRET = 71, + DYNAMIC_TYPE_DIGEST = 72, + DYNAMIC_TYPE_RSA_BUFFER = 73, + DYNAMIC_TYPE_DCERT = 74, + DYNAMIC_TYPE_STRING = 75, + DYNAMIC_TYPE_PEM = 76, + DYNAMIC_TYPE_DER = 77, + DYNAMIC_TYPE_CERT_EXT = 78, + DYNAMIC_TYPE_ALPN = 79, + DYNAMIC_TYPE_ENCRYPTEDINFO= 80, + DYNAMIC_TYPE_DIRCTX = 81, + DYNAMIC_TYPE_HASHCTX = 82, + DYNAMIC_TYPE_SEED = 83, + DYNAMIC_TYPE_SYMETRIC_KEY = 84, + DYNAMIC_TYPE_ECC_BUFFER = 85, + DYNAMIC_TYPE_QSH = 86, + DYNAMIC_TYPE_SALT = 87, }; /* max error buffer string size */