Merge pull request #1662 from SparkiDev/mem_track

Add memory usage tracking and logging
This commit is contained in:
toddouska
2018-08-21 12:25:49 -07:00
committed by GitHub
17 changed files with 741 additions and 385 deletions
+1
View File
@@ -23,6 +23,7 @@ EXTRA_DIST += \
certs/ed25519/root-ed25519-priv.pem \
certs/ed25519/server-ed25519.der \
certs/ed25519/server-ed25519.pem \
certs/ed25519/server-ed25519-cert.pem \
certs/ed25519/server-ed25519-key.der \
certs/ed25519/server-ed25519-key.pem \
certs/ed25519/server-ed25519-priv.der \
+15
View File
@@ -0,0 +1,15 @@
-----BEGIN CERTIFICATE-----
MIICUjCCAgSgAwIBAgIQAM3yL77cB/q7ZQPi/+pqmTAFBgMrZXAwgZ0xCzAJBgNV
BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQswCQYD
VQQEDAJDQTEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYG
A1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
c2wuY29tMCIYDzIwMTgwNDEyMTYyMjE3WhgPMjAyMTAxMDcxNTIyMTdaMIGfMQsw
CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEN
MAsGA1UEBAwETGVhZjEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUx
OTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv
QHdvbGZzc2wuY29tMCowBQYDK2VwAyEAYV3st0WTyYR7aCFKTfQEi73NbF09t2Is
LSXDIknIhvKjUjBQMB0GA1UdDgQWBBQzyChjjPRX7h6wxxISdoqAMDrLEDAfBgNV
HSMEGDAWgBSSP5ZyAvphHCFtiN3r3TybF8SftzAOBgNVHQ8BAf8EBAMCBsAwBQYD
K2VwA0EAFYiG/GbR4PbPyQlG0FDiAV33z1e4upCEy/EkS++llX1pkoioiWPMkEDC
QTpAdrEtqKiXyXPHgjAkYbCqyqpoAA==
-----END CERTIFICATE-----
+14 -1
View File
@@ -657,7 +657,7 @@ AC_ARG_ENABLE([lowresource],
if test "$ENABLED_LOWRESOURCE" = "yes"
then
# low memory / flash flags
AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE -DRSA_LOW_MEM -DGCM_SMALL -DCURVE25519_SMALL -DED25519_SMALL"
AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE -DRSA_LOW_MEM -DALT_ECC_SIZE -DGCM_SMALL -DCURVE25519_SMALL -DED25519_SMALL"
# low flash flags
AM_CFLAGS="$AM_CFLAGS -DUSE_SLOW_SHA -DUSE_SLOW_SHA256 -DUSE_SLOW_SHA512"
@@ -1620,6 +1620,19 @@ then
fi
fi
# MEMORY usage logging
AC_ARG_ENABLE([memorylog],
[AS_HELP_STRING([--enable-memorylog],[Enable dynamic memory logging (default: disabled)])],
[ ENABLED_MEMORYLOG=$enableval ],
[ ENABLED_MEMORYLOG=no ]
)
if test "$ENABLED_MEMORYLOG" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MEMORY_LOG"
fi
# RSA
AC_ARG_ENABLE([rsa],
-6
View File
@@ -1972,12 +1972,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
err_sys("unable to use curve secp256r1");
}
#endif
#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP384R1)
!= WOLFSSL_SUCCESS) {
err_sys("unable to use curve secp384r1");
}
#endif
#endif
}
if (onlyKeyShare == 0 || onlyKeyShare == 1) {
+221 -105
View File
@@ -4688,12 +4688,14 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
return MEMORY_E;
}
XMEMSET(ssl->arrays, 0, sizeof(Arrays));
#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_SNIFFER)
ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN, ssl->heap,
DYNAMIC_TYPE_SECRET);
if (ssl->arrays->preMasterSecret == NULL) {
return MEMORY_E;
}
XMEMSET(ssl->arrays->preMasterSecret, 0, ENCRYPT_LEN);
#endif
#ifdef SINGLE_THREADED
if (ctx->suites == NULL)
@@ -5072,6 +5074,13 @@ void SSL_ResourceFree(WOLFSSL* ssl)
/* clear keys struct after session */
ForceZero(&ssl->keys, sizeof(Keys));
#ifdef WOLFSSL_TLS13
if (ssl->options.tls1_3) {
ForceZero(&ssl->clientSecret, sizeof(ssl->clientSecret));
ForceZero(&ssl->serverSecret, sizeof(ssl->serverSecret));
}
#endif
#ifndef NO_DH
if (ssl->buffers.serverDH_Priv.buffer) {
ForceZero(ssl->buffers.serverDH_Priv.buffer,
@@ -5274,22 +5283,34 @@ void FreeHandshakeResources(WOLFSSL* ssl)
if (ssl->buffers.inputBuffer.dynamicFlag)
ShrinkInputBuffer(ssl, NO_FORCED_FREE);
/* suites */
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
if (!ssl->options.tls1_3)
#endif
{
/* suites */
#ifdef SINGLE_THREADED
if (ssl->suites != ssl->ctx->suites)
#endif
XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
ssl->suites = NULL;
ssl->suites = NULL;
/* hsHashes */
FreeHandshakeHashes(ssl);
/* hsHashes */
FreeHandshakeHashes(ssl);
}
/* RNG */
if (ssl->options.tls1_1 == 0
#ifndef WOLFSSL_AEAD_ONLY
|| ssl->specs.cipher_type == stream
#endif
) {
#if defined(WOLFSSL_TLS13)
#if !defined(WOLFSSL_POST_HANDSHAKE_AUTH)
|| ssl->options.tls1_3
#elif !defined(HAVE_SESSION_TICKET)
|| (ssl->options.tls1_3 && ssl->options.side == WOLFSSL_SERVER_END)
#endif
#endif
) {
if (ssl->options.weOwnRng) {
wc_FreeRng(ssl->rng);
XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG);
@@ -5308,21 +5329,36 @@ void FreeHandshakeResources(WOLFSSL* ssl)
}
#endif
/* arrays */
if (ssl->options.saveArrays == 0)
FreeArrays(ssl, 1);
#ifndef NO_RSA
/* peerRsaKey */
FreeKey(ssl, DYNAMIC_TYPE_RSA, (void**)&ssl->peerRsaKey);
ssl->peerRsaKeyPresent = 0;
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) && \
defined(HAVE_SESSION_TICKET)
if (!ssl->options.tls1_3)
#endif
/* arrays */
if (ssl->options.saveArrays == 0)
FreeArrays(ssl, 1);
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
if (!ssl->options.tls1_3 || ssl->options.side == WOLFSSL_CLIENT_END)
#endif
{
#ifndef NO_RSA
/* peerRsaKey */
FreeKey(ssl, DYNAMIC_TYPE_RSA, (void**)&ssl->peerRsaKey);
ssl->peerRsaKeyPresent = 0;
#endif
#ifdef HAVE_ECC
FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccDsaKey);
ssl->peerEccDsaKeyPresent = 0;
#endif /* HAVE_ECC */
#ifdef HAVE_ED25519
FreeKey(ssl, DYNAMIC_TYPE_ED25519, (void**)&ssl->peerEd25519Key);
ssl->peerEd25519KeyPresent = 0;
#endif /* HAVE_ED25519 */
}
#ifdef HAVE_ECC
FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccKey);
ssl->peerEccKeyPresent = 0;
FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccDsaKey);
ssl->peerEccDsaKeyPresent = 0;
#endif
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
{
@@ -5347,6 +5383,7 @@ void FreeHandshakeResources(WOLFSSL* ssl)
FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, (void**)&ssl->peerX25519Key);
ssl->peerX25519KeyPresent = 0;
#endif
#ifndef NO_DH
if (ssl->buffers.serverDH_Priv.buffer) {
ForceZero(ssl->buffers.serverDH_Priv.buffer,
@@ -5364,10 +5401,15 @@ void FreeHandshakeResources(WOLFSSL* ssl)
ssl->buffers.serverDH_P.buffer = NULL;
}
#endif /* !NO_DH */
#ifndef NO_CERTS
wolfSSL_UnloadCertsKeys(ssl);
#endif
#ifdef HAVE_PK_CALLBACKS
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
if (!ssl->options.tls1_3 || ssl->options.side == WOLFSSL_CLIENT_END)
#endif
{
#ifdef HAVE_ECC
XFREE(ssl->buffers.peerEccDsaKey.buffer, ssl->heap, DYNAMIC_TYPE_ECC);
ssl->buffers.peerEccDsaKey.buffer = NULL;
@@ -5381,6 +5423,7 @@ void FreeHandshakeResources(WOLFSSL* ssl)
DYNAMIC_TYPE_ED25519);
ssl->buffers.peerEd25519Key.buffer = NULL;
#endif
}
#endif /* HAVE_PK_CALLBACKS */
#ifdef HAVE_QSH
@@ -5396,6 +5439,13 @@ void FreeHandshakeResources(WOLFSSL* ssl)
}
#endif
#if defined(HAVE_TLS_EXTENSIONS) && !defined(HAVE_SNI) && \
!defined(HAVE_ALPN) && !defined(WOLFSSL_POST_HANDSHAKE_AUTH)
/* Some extensions need to be kept for post-handshake querying. */
TLSX_FreeAll(ssl->extensions, ssl->heap);
ssl->extensions = NULL;
#endif
#ifdef WOLFSSL_STATIC_MEMORY
/* when done with handshake decrement current handshake count */
if (ssl->heap != NULL) {
@@ -10481,6 +10531,10 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
if (ssl->options.resuming || !IsAtLeastTLSv1_2(ssl) ||
IsAtLeastTLSv1_3(ssl->version)) {
ssl->options.cacheMessages = 0;
if (ssl->hsHashes->messages != NULL) {
XFREE(ssl->hsHashes->messages, ssl->heap, DYNAMIC_TYPE_HASHES);
ssl->hsHashes->messages = NULL;
}
}
#endif
break;
@@ -10549,6 +10603,10 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
if (ssl->options.resuming || !ssl->options.verifyPeer || \
!IsAtLeastTLSv1_2(ssl) || IsAtLeastTLSv1_3(ssl->version)) {
ssl->options.cacheMessages = 0;
if (ssl->hsHashes->messages != NULL) {
XFREE(ssl->hsHashes->messages, ssl->heap, DYNAMIC_TYPE_HASHES);
ssl->hsHashes->messages = NULL;
}
}
#endif
break;
@@ -10579,6 +10637,9 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
SendAlert(ssl, alert_fatal, decode_error);
ret = DECODE_E;
}
if (ret == 0 && ssl->buffers.inputBuffer.dynamicFlag) {
ShrinkInputBuffer(ssl, NO_FORCED_FREE);
}
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP)
/* if async, offset index so this msg will be processed again */
@@ -15396,7 +15457,7 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
return "Certificate context does not match request or not empty";
case BAD_KEY_SHARE_DATA:
return "The Key Share data contains group that was in Client Hello";
return "The Key Share data contains group that wasn't in Client Hello";
case MISSING_HANDSHAKE_DATA:
return "The handshake message is missing required data";
@@ -16438,37 +16499,39 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
}
#ifndef NO_RSA
ssl->hsType = DYNAMIC_TYPE_RSA;
ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
if (ret != 0) {
goto exit_dpk;
}
WOLFSSL_MSG("Trying RSA private key");
/* Set start of data to beginning of buffer. */
idx = 0;
/* Decode the key assuming it is an RSA private key. */
ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &idx,
(RsaKey*)ssl->hsKey, ssl->buffers.key->length);
if (ret == 0) {
WOLFSSL_MSG("Using RSA private key");
/* It worked so check it meets minimum key size requirements. */
keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey);
if (keySz < 0) { /* check if keySz has error case */
ERROR_OUT(keySz, exit_dpk);
if (ssl->buffers.keyType == rsa_sa_algo || ssl->buffers.keyType == 0) {
ssl->hsType = DYNAMIC_TYPE_RSA;
ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
if (ret != 0) {
goto exit_dpk;
}
if (keySz < ssl->options.minRsaKeySz) {
WOLFSSL_MSG("RSA key size too small");
ERROR_OUT(RSA_KEY_SIZE_E, exit_dpk);
WOLFSSL_MSG("Trying RSA private key");
/* Set start of data to beginning of buffer. */
idx = 0;
/* Decode the key assuming it is an RSA private key. */
ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &idx,
(RsaKey*)ssl->hsKey, ssl->buffers.key->length);
if (ret == 0) {
WOLFSSL_MSG("Using RSA private key");
/* It worked so check it meets minimum key size requirements. */
keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey);
if (keySz < 0) { /* check if keySz has error case */
ERROR_OUT(keySz, exit_dpk);
}
if (keySz < ssl->options.minRsaKeySz) {
WOLFSSL_MSG("RSA key size too small");
ERROR_OUT(RSA_KEY_SIZE_E, exit_dpk);
}
/* Return the maximum signature length. */
*length = (word16)keySz;
goto exit_dpk;
}
/* Return the maximum signature length. */
*length = (word16)keySz;
goto exit_dpk;
}
#endif /* !NO_RSA */
@@ -16477,38 +16540,40 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey);
#endif /* !NO_RSA */
ssl->hsType = DYNAMIC_TYPE_ECC;
ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
if (ret != 0) {
goto exit_dpk;
}
#ifndef NO_RSA
WOLFSSL_MSG("Trying ECC private key, RSA didn't work");
#else
WOLFSSL_MSG("Trying ECC private key");
#endif
/* Set start of data to beginning of buffer. */
idx = 0;
/* Decode the key assuming it is an ECC private key. */
ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx,
(ecc_key*)ssl->hsKey,
ssl->buffers.key->length);
if (ret == 0) {
WOLFSSL_MSG("Using ECC private key");
/* Check it meets the minimum ECC key size requirements. */
keySz = wc_ecc_size((ecc_key*)ssl->hsKey);
if (keySz < ssl->options.minEccKeySz) {
WOLFSSL_MSG("ECC key size too small");
ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk);
if (ssl->buffers.keyType == ecc_dsa_sa_algo || ssl->buffers.keyType == 0) {
ssl->hsType = DYNAMIC_TYPE_ECC;
ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
if (ret != 0) {
goto exit_dpk;
}
/* Return the maximum signature length. */
*length = (word16)wc_ecc_sig_size((ecc_key*)ssl->hsKey);
#ifndef NO_RSA
WOLFSSL_MSG("Trying ECC private key, RSA didn't work");
#else
WOLFSSL_MSG("Trying ECC private key");
#endif
goto exit_dpk;
/* Set start of data to beginning of buffer. */
idx = 0;
/* Decode the key assuming it is an ECC private key. */
ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx,
(ecc_key*)ssl->hsKey,
ssl->buffers.key->length);
if (ret == 0) {
WOLFSSL_MSG("Using ECC private key");
/* Check it meets the minimum ECC key size requirements. */
keySz = wc_ecc_size((ecc_key*)ssl->hsKey);
if (keySz < ssl->options.minEccKeySz) {
WOLFSSL_MSG("ECC key size too small");
ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk);
}
/* Return the maximum signature length. */
*length = (word16)wc_ecc_sig_size((ecc_key*)ssl->hsKey);
goto exit_dpk;
}
}
#endif
#ifdef HAVE_ED25519
@@ -16516,39 +16581,41 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey);
#endif
ssl->hsType = DYNAMIC_TYPE_ED25519;
ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
if (ret != 0) {
goto exit_dpk;
}
#ifdef HAVE_ECC
WOLFSSL_MSG("Trying ED25519 private key, ECC didn't work");
#elif !defined(NO_RSA)
WOLFSSL_MSG("Trying ED25519 private key, RSA didn't work");
#else
WOLFSSL_MSG("Trying ED25519 private key");
#endif
/* Set start of data to beginning of buffer. */
idx = 0;
/* Decode the key assuming it is an ED25519 private key. */
ret = wc_Ed25519PrivateKeyDecode(ssl->buffers.key->buffer, &idx,
(ed25519_key*)ssl->hsKey,
ssl->buffers.key->length);
if (ret == 0) {
WOLFSSL_MSG("Using ED25519 private key");
/* Check it meets the minimum ECC key size requirements. */
if (ED25519_KEY_SIZE < ssl->options.minEccKeySz) {
WOLFSSL_MSG("ED25519 key size too small");
ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk);
if (ssl->buffers.keyType == ed25519_sa_algo || ssl->buffers.keyType == 0) {
ssl->hsType = DYNAMIC_TYPE_ED25519;
ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
if (ret != 0) {
goto exit_dpk;
}
/* Return the maximum signature length. */
*length = ED25519_SIG_SIZE;
#ifdef HAVE_ECC
WOLFSSL_MSG("Trying ED25519 private key, ECC didn't work");
#elif !defined(NO_RSA)
WOLFSSL_MSG("Trying ED25519 private key, RSA didn't work");
#else
WOLFSSL_MSG("Trying ED25519 private key");
#endif
goto exit_dpk;
/* Set start of data to beginning of buffer. */
idx = 0;
/* Decode the key assuming it is an ED25519 private key. */
ret = wc_Ed25519PrivateKeyDecode(ssl->buffers.key->buffer, &idx,
(ed25519_key*)ssl->hsKey,
ssl->buffers.key->length);
if (ret == 0) {
WOLFSSL_MSG("Using ED25519 private key");
/* Check it meets the minimum ECC key size requirements. */
if (ED25519_KEY_SIZE < ssl->options.minEccKeySz) {
WOLFSSL_MSG("ED25519 key size too small");
ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk);
}
/* Return the maximum signature length. */
*length = ED25519_SIG_SIZE;
goto exit_dpk;
}
}
#endif /* HAVE_ED25519 */
@@ -18240,6 +18307,11 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
args->sigSz = (word16)ret;
ret = 0;
}
/* peerRsaKey */
FreeKey(ssl, DYNAMIC_TYPE_RSA,
(void**)&ssl->peerRsaKey);
ssl->peerRsaKeyPresent = 0;
break;
}
#endif /* !NO_RSA */
@@ -19149,6 +19221,14 @@ int SendClientKeyExchange(WOLFSSL* ssl)
if (args->encSecret == NULL) {
ERROR_OUT(MEMORY_E, exit_scke);
}
if (ssl->arrays->preMasterSecret == NULL) {
ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN,
ssl->heap, DYNAMIC_TYPE_SECRET);
if (ssl->arrays->preMasterSecret == NULL) {
ERROR_OUT(MEMORY_E, exit_scke);
}
XMEMSET(ssl->arrays->preMasterSecret, 0, ENCRYPT_LEN);
}
switch(ssl->specs.kea)
{
@@ -19539,6 +19619,11 @@ int SendClientKeyExchange(WOLFSSL* ssl)
&ssl->arrays->preMasterSz,
WOLFSSL_CLIENT_END
);
if (ret == 0) {
FreeKey(ssl, DYNAMIC_TYPE_ECC,
(void**)&ssl->peerEccKey);
ssl->peerEccKeyPresent = 0;
}
break;
}
#endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */
@@ -19584,7 +19669,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
&ssl->arrays->preMasterSz,
WOLFSSL_CLIENT_END
);
if (ret == 0) {
if (ret == 0 && !ssl->specs.static_ecdh) {
FreeKey(ssl, DYNAMIC_TYPE_CURVE25519,
(void**)&ssl->peerX25519Key);
ssl->peerX25519KeyPresent = 0;
@@ -19603,6 +19688,11 @@ int SendClientKeyExchange(WOLFSSL* ssl)
&ssl->arrays->preMasterSz,
WOLFSSL_CLIENT_END
);
if (ret == 0 && !ssl->specs.static_ecdh) {
FreeKey(ssl, DYNAMIC_TYPE_ECC,
(void**)&ssl->peerEccKey);
ssl->peerEccKeyPresent = 0;
}
#endif
break;
@@ -20454,7 +20544,14 @@ int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length)
/* Create a fake sessionID based on the ticket, this will
* supercede the existing session cache info. */
ssl->options.haveSessionId = 1;
XMEMCPY(ssl->arrays->sessionID,
#ifdef WOLFSSL_TLS13
if (ssl->options.tls1_3) {
XMEMCPY(ssl->session.sessionID,
ssl->session.ticket + length - ID_LEN, ID_LEN);
}
else
#endif
XMEMCPY(ssl->arrays->sessionID,
ssl->session.ticket + length - ID_LEN, ID_LEN);
}
@@ -24139,6 +24236,15 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
}
#endif
if (ssl->arrays->preMasterSecret == NULL) {
ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN,
ssl->heap, DYNAMIC_TYPE_SECRET);
if (ssl->arrays->preMasterSecret == NULL) {
ERROR_OUT(MEMORY_E, exit_dcke);
}
XMEMSET(ssl->arrays->preMasterSecret, 0, ENCRYPT_LEN);
}
switch (ssl->specs.kea) {
#ifndef NO_RSA
case rsa_kea:
@@ -24824,6 +24930,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
&ssl->arrays->preMasterSz,
WOLFSSL_SERVER_END
);
if (ret == 0) {
FreeKey(ssl, DYNAMIC_TYPE_ECC,
(void**)&ssl->peerEccKey);
ssl->peerEccKeyPresent = 0;
}
#endif
break;
}
@@ -24884,6 +24995,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
&args->sigSz,
WOLFSSL_SERVER_END
);
if (ret == 0 && !ssl->specs.static_ecdh) {
FreeKey(ssl, DYNAMIC_TYPE_ECC,
(void**)&ssl->peerEccKey);
ssl->peerEccKeyPresent = 0;
}
break;
}
#endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */
+3
View File
@@ -3291,6 +3291,9 @@ static int CleanPreMaster(WOLFSSL* ssl)
for (i = 0; i < sz; i++)
ssl->arrays->preMasterSecret[i] = 0;
XFREE(ssl->arrays->preMasterSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
ssl->arrays->preMasterSecret = NULL;
return 0;
}
+64 -5
View File
@@ -9655,7 +9655,7 @@ WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret,
return NULL;
#endif
if (ssl->arrays)
if (!ssl->options.tls1_3 && ssl->arrays != NULL)
id = ssl->arrays->sessionID;
else
id = ssl->session.sessionID;
@@ -9932,8 +9932,17 @@ int AddSession(WOLFSSL* ssl)
{
/* Use the session object in the cache for external cache if required.
*/
row = HashSession(ssl->arrays->sessionID, ID_LEN, &error) %
SESSION_ROWS;
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
if (ssl->options.tls1_3) {
row = HashSession(ssl->session.sessionID, ID_LEN, &error) %
SESSION_ROWS;
}
else
#endif
{
row = HashSession(ssl->arrays->sessionID, ID_LEN, &error) %
SESSION_ROWS;
}
if (error != 0) {
WOLFSSL_MSG("Hash session failed");
#ifdef HAVE_SESSION_TICKET
@@ -9961,8 +9970,17 @@ int AddSession(WOLFSSL* ssl)
else
XMEMCPY(session->masterSecret, ssl->session.masterSecret, SECRET_LEN);
session->haveEMS = ssl->options.haveEMS;
XMEMCPY(session->sessionID, ssl->arrays->sessionID, ID_LEN);
session->sessionIDSz = ssl->arrays->sessionIDSz;
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
if (ssl->options.tls1_3) {
XMEMCPY(session->sessionID, ssl->session.sessionID, ID_LEN);
session->sessionIDSz = ID_LEN;
}
else
#endif
{
XMEMCPY(session->sessionID, ssl->arrays->sessionID, ID_LEN);
session->sessionIDSz = ssl->arrays->sessionIDSz;
}
#ifdef OPENSSL_EXTRA
/* If using compatibilty layer then check for and copy over session context
@@ -26114,6 +26132,30 @@ int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa,
#ifdef HAVE_ECC
#ifdef ALT_ECC_SIZE
static int SetIndividualInternalEcc(WOLFSSL_BIGNUM* bn, mp_int* mpi)
{
WOLFSSL_MSG("Entering SetIndividualInternal");
if (bn == NULL || bn->internal == NULL) {
WOLFSSL_MSG("bn NULL error");
return WOLFSSL_FATAL_ERROR;
}
if (mpi == NULL) {
WOLFSSL_MSG("mpi NULL error");
return WOLFSSL_FATAL_ERROR;
}
if (mp_copy((mp_int*)bn->internal, mpi) != MP_OKAY) {
WOLFSSL_MSG("mp_copy error");
return WOLFSSL_FATAL_ERROR;
}
return WOLFSSL_SUCCESS;
}
#endif /* ALT_ECC_SIZE */
/* EC_POINT Openssl -> WolfSSL */
static int SetECPointInternal(WOLFSSL_EC_POINT *p)
{
@@ -26127,6 +26169,7 @@ static int SetECPointInternal(WOLFSSL_EC_POINT *p)
point = (ecc_point*)p->internal;
#ifndef ALT_ECC_SIZE
if (p->X != NULL && SetIndividualInternal(p->X, point->x) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("ecc point X error");
return WOLFSSL_FATAL_ERROR;
@@ -26141,6 +26184,22 @@ static int SetECPointInternal(WOLFSSL_EC_POINT *p)
WOLFSSL_MSG("ecc point Z error");
return WOLFSSL_FATAL_ERROR;
}
#else
if (p->X != NULL && SetIndividualInternalEcc(p->X, point->x) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("ecc point X error");
return WOLFSSL_FATAL_ERROR;
}
if (p->Y != NULL && SetIndividualInternalEcc(p->Y, point->y) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("ecc point Y error");
return WOLFSSL_FATAL_ERROR;
}
if (p->Z != NULL && SetIndividualInternalEcc(p->Z, point->z) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("ecc point Z error");
return WOLFSSL_FATAL_ERROR;
}
#endif
p->inSet = 1;
+24 -2
View File
@@ -6203,7 +6203,8 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap)
#endif
}
}
XFREE(current->key, heap, DYNAMIC_TYPE_PRIVATE_KEY);
if (current->key != NULL)
XFREE(current->key, heap, DYNAMIC_TYPE_PRIVATE_KEY);
XFREE(current->pubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
XFREE(current->ke, heap, DYNAMIC_TYPE_PUBLIC_KEY);
XFREE(current, heap, DYNAMIC_TYPE_TLSX);
@@ -6382,7 +6383,7 @@ static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
#ifdef WOLFSSL_ASYNC_CRYPT
/* TODO: Make this function non-blocking */
if (ret == WC_PENDING_E) {
ret = wc_AsyncWait(ret, dhKey.asyncDev, WC_ASYNC_FLAG_NONE);
ret = wc_AsyncWait(ret, dhKey->asyncDev, WC_ASYNC_FLAG_NONE);
}
#endif
/* RFC 8446 Section 7.4.1:
@@ -6400,6 +6401,14 @@ static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
#ifdef WOLFSSL_SMALL_STACK
XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH);
#endif
if (keyShareEntry->key != NULL) {
XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
keyShareEntry->key = NULL;
}
XFREE(keyShareEntry->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
keyShareEntry->pubKey = NULL;
XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
keyShareEntry->ke = NULL;
return ret;
#else
@@ -6463,8 +6472,14 @@ static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl,
&ssl->arrays->preMasterSz,
EC25519_LITTLE_ENDIAN);
}
wc_curve25519_free(peerX25519Key);
XFREE(peerX25519Key, ssl->heap, DYNAMIC_TYPE_TLSX);
wc_curve25519_free((curve25519_key*)keyShareEntry->key);
if (keyShareEntry->key != NULL) {
XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
keyShareEntry->key = NULL;
}
#else
(void)ssl;
(void)keyShareEntry;
@@ -6566,6 +6581,13 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
);
#endif
XFREE(ssl->peerEccKey, ssl->heap, DYNAMIC_TYPE_ECC);
ssl->peerEccKey = NULL;
wc_ecc_free((ecc_key*)(keyShareEntry->key));
if (keyShareEntry->key != NULL) {
XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
keyShareEntry->key = NULL;
}
#else
(void)ssl;
+72 -43
View File
@@ -1027,7 +1027,7 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
switch (secret) {
#ifdef WOLFSSL_EARLY_DATA
case early_data_key:
ret = DeriveEarlyTrafficSecret(ssl, ssl->arrays->clientSecret);
ret = DeriveEarlyTrafficSecret(ssl, ssl->clientSecret);
if (ret != 0)
goto end;
break;
@@ -1036,13 +1036,13 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
case handshake_key:
if (provision & PROVISION_CLIENT) {
ret = DeriveClientHandshakeSecret(ssl,
ssl->arrays->clientSecret);
ssl->clientSecret);
if (ret != 0)
goto end;
}
if (provision & PROVISION_SERVER) {
ret = DeriveServerHandshakeSecret(ssl,
ssl->arrays->serverSecret);
ssl->serverSecret);
if (ret != 0)
goto end;
}
@@ -1050,12 +1050,12 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
case traffic_key:
if (provision & PROVISION_CLIENT) {
ret = DeriveClientTrafficSecret(ssl, ssl->arrays->clientSecret);
ret = DeriveClientTrafficSecret(ssl, ssl->clientSecret);
if (ret != 0)
goto end;
}
if (provision & PROVISION_SERVER) {
ret = DeriveServerTrafficSecret(ssl, ssl->arrays->serverSecret);
ret = DeriveServerTrafficSecret(ssl, ssl->serverSecret);
if (ret != 0)
goto end;
}
@@ -1063,12 +1063,12 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
case update_traffic_key:
if (provision & PROVISION_CLIENT) {
ret = DeriveTrafficSecret(ssl, ssl->arrays->clientSecret);
ret = DeriveTrafficSecret(ssl, ssl->clientSecret);
if (ret != 0)
goto end;
}
if (provision & PROVISION_SERVER) {
ret = DeriveTrafficSecret(ssl, ssl->arrays->serverSecret);
ret = DeriveTrafficSecret(ssl, ssl->serverSecret);
if (ret != 0)
goto end;
}
@@ -1084,7 +1084,7 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
/* Derive the client key. */
WOLFSSL_MSG("Derive Client Key");
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.key_size,
ssl->arrays->clientSecret, writeKeyLabel,
ssl->clientSecret, writeKeyLabel,
WRITE_KEY_LABEL_SZ, ssl->specs.mac_algorithm, 0);
if (ret != 0)
goto end;
@@ -1095,7 +1095,7 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
/* Derive the server key. */
WOLFSSL_MSG("Derive Server Key");
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.key_size,
ssl->arrays->serverSecret, writeKeyLabel,
ssl->serverSecret, writeKeyLabel,
WRITE_KEY_LABEL_SZ, ssl->specs.mac_algorithm, 0);
if (ret != 0)
goto end;
@@ -1106,7 +1106,7 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
/* Derive the client IV. */
WOLFSSL_MSG("Derive Client IV");
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.iv_size,
ssl->arrays->clientSecret, writeIVLabel,
ssl->clientSecret, writeIVLabel,
WRITE_IV_LABEL_SZ, ssl->specs.mac_algorithm, 0);
if (ret != 0)
goto end;
@@ -1117,7 +1117,7 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
/* Derive the server IV. */
WOLFSSL_MSG("Derive Server IV");
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.iv_size,
ssl->arrays->serverSecret, writeIVLabel,
ssl->serverSecret, writeIVLabel,
WRITE_IV_LABEL_SZ, ssl->specs.mac_algorithm, 0);
if (ret != 0)
goto end;
@@ -5141,9 +5141,6 @@ static int SendTls13Certificate(WOLFSSL* ssl)
typedef struct Scv13Args {
byte* output; /* not allocated */
#ifndef NO_RSA
byte* verifySig;
#endif
byte* verify; /* not allocated */
word32 idx;
word32 sigLen;
@@ -5161,12 +5158,6 @@ static void FreeScv13Args(WOLFSSL* ssl, void* pArgs)
(void)ssl;
#ifndef NO_RSA
if (args->verifySig) {
XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
args->verifySig = NULL;
}
#endif
if (args->sigData) {
XFREE(args->sigData, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
args->sigData = NULL;
@@ -5279,13 +5270,22 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
#endif
EncodeSigAlg(ssl->suites->hashAlgo, args->sigAlgo, args->verify);
/* Create the data to be signed. */
args->sigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap,
DYNAMIC_TYPE_SIGNATURE);
if (ssl->hsType == DYNAMIC_TYPE_RSA) {
int sigLen = MAX_SIG_DATA_SZ;
if (args->length > MAX_SIG_DATA_SZ)
sigLen = args->length;
args->sigData = (byte*)XMALLOC(sigLen, ssl->heap,
DYNAMIC_TYPE_SIGNATURE);
}
else {
args->sigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap,
DYNAMIC_TYPE_SIGNATURE);
}
if (args->sigData == NULL) {
ERROR_OUT(MEMORY_E, exit_scv);
}
/* Create the data to be signed. */
ret = CreateSigData(ssl, args->sigData, &args->sigDataSz, 0);
if (ret != 0)
goto exit_scv;
@@ -5293,9 +5293,9 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
#ifndef NO_RSA
if (ssl->hsType == DYNAMIC_TYPE_RSA) {
/* build encoded signature buffer */
sig->length = MAX_ENCODED_SIG_SZ;
sig->length = WC_MAX_DIGEST_SIZE;
sig->buffer = (byte*)XMALLOC(sig->length, ssl->heap,
DYNAMIC_TYPE_SIGNATURE);
DYNAMIC_TYPE_SIGNATURE);
if (sig->buffer == NULL) {
ERROR_OUT(MEMORY_E, exit_scv);
}
@@ -5398,19 +5398,12 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
{
#ifndef NO_RSA
if (ssl->hsType == DYNAMIC_TYPE_RSA) {
if (args->verifySig == NULL) {
args->verifySig = (byte*)XMALLOC(args->sigLen, ssl->heap,
DYNAMIC_TYPE_SIGNATURE);
if (args->verifySig == NULL) {
ERROR_OUT(MEMORY_E, exit_scv);
}
XMEMCPY(args->verifySig,
args->verify + HASH_SIG_SIZE + VERIFY_HEADER,
args->sigLen);
}
XMEMCPY(args->sigData,
args->verify + HASH_SIG_SIZE + VERIFY_HEADER,
args->sigLen);
/* check for signature faults */
ret = VerifyRsaSign(ssl, args->verifySig, args->sigLen,
ret = VerifyRsaSign(ssl, args->sigData, args->sigLen,
sig->buffer, sig->length, args->sigAlgo,
ssl->suites->hashAlgo, (RsaKey*)ssl->hsKey,
ssl->buffers.key
@@ -5740,6 +5733,9 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
if (ret >= 0) {
args->sendSz = ret;
ret = 0;
FreeKey(ssl, DYNAMIC_TYPE_RSA, (void**)&ssl->peerRsaKey);
ssl->peerRsaKeyPresent = 0;
}
}
#endif /* !NO_RSA */
@@ -5756,6 +5752,11 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
NULL
#endif
);
if (ret >= 0) {
FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccDsaKey);
ssl->peerEccDsaKeyPresent = 0;
}
}
#endif /* HAVE_ECC */
#ifdef HAVE_ED25519
@@ -5771,6 +5772,12 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
NULL
#endif
);
if (ret >= 0) {
FreeKey(ssl, DYNAMIC_TYPE_ED25519,
(void**)&ssl->peerEd25519Key);
ssl->peerEd25519KeyPresent = 0;
}
}
#endif
@@ -5876,7 +5883,7 @@ static int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
return BUFFER_E;
if (ssl->options.handShakeDone) {
ret = DeriveFinishedSecret(ssl, ssl->arrays->clientSecret,
ret = DeriveFinishedSecret(ssl, ssl->clientSecret,
ssl->keys.client_write_MAC_secret);
if (ret != 0)
return ret;
@@ -5887,12 +5894,12 @@ static int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* All the handshake messages have been received to calculate
* client and server finished keys.
*/
ret = DeriveFinishedSecret(ssl, ssl->arrays->clientSecret,
ret = DeriveFinishedSecret(ssl, ssl->clientSecret,
ssl->keys.client_write_MAC_secret);
if (ret != 0)
return ret;
ret = DeriveFinishedSecret(ssl, ssl->arrays->serverSecret,
ret = DeriveFinishedSecret(ssl, ssl->serverSecret,
ssl->keys.server_write_MAC_secret);
if (ret != 0)
return ret;
@@ -5990,7 +5997,7 @@ static int SendTls13Finished(WOLFSSL* ssl)
/* make finished hashes */
if (ssl->options.handShakeDone) {
ret = DeriveFinishedSecret(ssl, ssl->arrays->clientSecret,
ret = DeriveFinishedSecret(ssl, ssl->clientSecret,
ssl->keys.client_write_MAC_secret);
if (ret != 0)
return ret;
@@ -6003,12 +6010,12 @@ static int SendTls13Finished(WOLFSSL* ssl)
/* All the handshake messages have been done to calculate client and
* server finished keys.
*/
ret = DeriveFinishedSecret(ssl, ssl->arrays->clientSecret,
ret = DeriveFinishedSecret(ssl, ssl->clientSecret,
ssl->keys.client_write_MAC_secret);
if (ret != 0)
return ret;
ret = DeriveFinishedSecret(ssl, ssl->arrays->serverSecret,
ret = DeriveFinishedSecret(ssl, ssl->serverSecret,
ssl->keys.server_write_MAC_secret);
if (ret != 0)
return ret;
@@ -6025,7 +6032,7 @@ static int SendTls13Finished(WOLFSSL* ssl)
if (sendSz < 0)
return BUILD_MSG_ERROR;
if (!ssl->options.resuming) {
if (!ssl->options.resuming && ssl->options.side == WOLFSSL_SERVER_END) {
#ifndef NO_SESSION_CACHE
AddSession(ssl); /* just try */
#endif
@@ -7088,6 +7095,17 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
case server_hello:
WOLFSSL_MSG("processing server hello");
ret = DoTls13ServerHello(ssl, input, inOutIdx, size, &type);
#if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \
!defined(NO_ED25519_CLIENT_AUTH)
if (ssl->options.resuming || !IsAtLeastTLSv1_2(ssl) ||
IsAtLeastTLSv1_3(ssl->version)) {
ssl->options.cacheMessages = 0;
if (ssl->hsHashes->messages != NULL) {
XFREE(ssl->hsHashes->messages, ssl->heap, DYNAMIC_TYPE_HASHES);
ssl->hsHashes->messages = NULL;
}
}
#endif
break;
case encrypted_extensions:
@@ -7162,6 +7180,9 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
type != key_update) {
ret = HashInput(ssl, input + inIdx, size);
}
if (ret == 0 && ssl->buffers.inputBuffer.dynamicFlag) {
ShrinkInputBuffer(ssl, NO_FORCED_FREE);
}
if (ret == BUFFER_ERROR || ret == MISSING_HANDSHAKE_DATA)
SendAlert(ssl, alert_fatal, decode_error);
@@ -7578,6 +7599,10 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
}
#endif /* NO_HANDSHAKE_DONE_CB */
if (!ssl->options.keepResources) {
FreeHandshakeResources(ssl);
}
WOLFSSL_LEAVE("wolfSSL_connect_TLSv13()", WOLFSSL_SUCCESS);
return WOLFSSL_SUCCESS;
@@ -8351,6 +8376,10 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
}
#endif /* NO_HANDSHAKE_DONE_CB */
if (!ssl->options.keepResources) {
FreeHandshakeResources(ssl);
}
WOLFSSL_LEAVE("SSL_accept()", WOLFSSL_SUCCESS);
return WOLFSSL_SUCCESS;
+82
View File
@@ -71,6 +71,10 @@ Possible memory options:
}
}
#endif
#if defined(WOLFSSL_MALLOC_CHECK) || defined(WOLFSSL_TRACK_MEMORY_FULL) || \
defined(WOLFSSL_MEMORY_LOG)
#include <stdio.h>
#endif
/* Set these to default values initially. */
@@ -992,3 +996,81 @@ void XFREE(void *p, void* heap, int type)
#endif /* HAVE_IO_POOL */
#ifdef WOLFSSL_MEMORY_LOG
void *xmalloc(size_t n, void* heap, int type, const char* func,
const char* file, unsigned int line)
{
void* p;
word32* p32;
if (malloc_function)
p32 = malloc_function(n + sizeof(word32) * 4);
else
p32 = malloc(n + sizeof(word32) * 4);
p32[0] = n;
p = (void*)(p32 + 4);
fprintf(stderr, "Alloc: %p -> %u (%d) at %s:%s:%d\n", p, (word32)n, type,
func, file, line);
(void)heap;
return p;
}
void *xrealloc(void *p, size_t n, void* heap, int type, const char* func,
const char* file, unsigned int line)
{
void* newp = NULL;
word32* p32;
word32* oldp32 = NULL;
word32 oldLen;
if (p != NULL) {
oldp32 = (word32*)p;
oldp32 -= 4;
oldLen = oldp32[0];
}
if (realloc_function)
p32 = realloc_function(oldp32, n + sizeof(word32) * 4);
else
p32 = realloc(oldp32, n + sizeof(word32) * 4);
if (p32 != NULL) {
p32[0] = n;
newp = (void*)(p32 + 4);
fprintf(stderr, "Alloc: %p -> %u (%d) at %s:%s:%d\n", newp, (word32)n,
type, func, file, line);
if (p != NULL) {
fprintf(stderr, "Free: %p -> %u (%d) at %s:%s:%d\n", p, oldLen,
type, func, file, line);
}
}
(void)heap;
return newp;
}
void xfree(void *p, void* heap, int type, const char* func, const char* file,
unsigned int line)
{
word32* p32 = (word32*)p;
if (p != NULL) {
p32 -= 4;
fprintf(stderr, "Free: %p -> %u (%d) at %s:%s:%d\n", p, p32[0], type,
func, file, line);
if (free_function)
free_function(p32);
else
free(p32);
}
(void)heap;
}
#endif /* WOLFSSL_MEMORY_LOG */
+3 -3
View File
@@ -531,7 +531,7 @@ static int InitSha256(wc_Sha256* sha256)
word32* W = sha256->W;
if (W == NULL) {
W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE, NULL,
DYNAMIC_TYPE_RNG);
DYNAMIC_TYPE_DIGEST);
if (W == NULL)
return MEMORY_E;
sha256->W = W;
@@ -2708,7 +2708,7 @@ SHA256_NOINLINE static int Transform_Sha256_AVX2_RORX_Len(wc_Sha256* sha256,
#ifdef WOLFSSL_SMALL_STACK_CACHE
if (sha224->W != NULL) {
XFREE(sha224->W, NULL, DYNAMIC_TYPE_RNG);
XFREE(sha224->W, NULL, DYNAMIC_TYPE_DIGEST);
sha224->W = NULL;
}
#endif
@@ -2736,7 +2736,7 @@ void wc_Sha256Free(wc_Sha256* sha256)
#ifdef WOLFSSL_SMALL_STACK_CACHE
if (sha256->W != NULL) {
XFREE(sha256->W, NULL, DYNAMIC_TYPE_RNG);
XFREE(sha256->W, NULL, DYNAMIC_TYPE_DIGEST);
sha256->W = NULL;
}
#endif
+2 -2
View File
@@ -8764,11 +8764,11 @@ static int sp_256_ecc_mulmod_10(sp_point* r, sp_point* g, sp_digit* k,
if (tmp != NULL) {
XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 10 * 5);
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
}
if (td != NULL) {
XMEMSET(td, 0, sizeof(sp_point) * 3);
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(td, NULL, DYNAMIC_TYPE_ECC);
}
return err;
+2 -2
View File
@@ -7986,11 +7986,11 @@ static int sp_256_ecc_mulmod_5(sp_point* r, sp_point* g, sp_digit* k,
if (tmp != NULL) {
XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 5 * 5);
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, NULL, DYNAMIC_TYPE_ECC);
}
if (td != NULL) {
XMEMSET(td, 0, sizeof(sp_point) * 3);
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(td, NULL, DYNAMIC_TYPE_ECC);
}
return err;
+4 -2
View File
@@ -3283,8 +3283,6 @@ typedef struct Arrays {
byte sessionID[ID_LEN];
byte sessionIDSz;
#ifdef WOLFSSL_TLS13
byte clientSecret[SECRET_LEN];
byte serverSecret[SECRET_LEN];
byte secret[SECRET_LEN];
#endif
byte masterSecret[SECRET_LEN];
@@ -3577,6 +3575,10 @@ struct WOLFSSL {
WOLFSSL_CTX* ctx;
Suites* suites; /* only need during handshake */
Arrays* arrays;
#ifdef WOLFSSL_TLS13
byte clientSecret[SECRET_LEN];
byte serverSecret[SECRET_LEN];
#endif
HS_Hashes* hsHashes;
void* IOCB_ReadCtx;
void* IOCB_WriteCtx;
+1 -1
View File
@@ -272,7 +272,7 @@
#define cliEccCertFile "certs/client-ecc-cert.pem"
#define caEccCertFile "certs/ca-ecc-cert/pem"
#define crlPemDir "certs/crl"
#define edCertFile "certs/ed25519/server-ed25519.pem"
#define edCertFile "certs/ed25519/server-ed25519-cert.pem"
#define edKeyFile "certs/ed25519/server-ed25519-priv.pem"
#define cliEdCertFile "certs/ed25519/client-ed25519.pem"
#define cliEdKeyFile "certs/ed25519/client-ed25519-priv.pem"
+6
View File
@@ -167,7 +167,13 @@ enum Misc_ASN {
MIN_DATE_SIZE = 13,
MAX_DATE_SIZE = 32,
ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */
#ifndef NO_RSA
MAX_ENCODED_SIG_SZ = 512,
#elif defined(HAVE_ECC)
MAX_ENCODED_SIG_SZ = 140,
#else
MAX_ENCODED_SIG_SZ = 64,
#endif
MAX_SIG_SZ = 256,
MAX_ALGO_SZ = 20,
MAX_SHORT_SZ = 6, /* asn int + byte len + 4 byte length */
+227 -213
View File
@@ -26,92 +26,92 @@
#ifndef WOLF_CRYPT_TYPES_H
#define WOLF_CRYPT_TYPES_H
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/wc_port.h>
#ifdef __cplusplus
extern "C" {
#endif
#ifdef __cplusplus
extern "C" {
#endif
#if defined(WORDS_BIGENDIAN)
#define BIG_ENDIAN_ORDER
#endif
#if defined(WORDS_BIGENDIAN)
#define BIG_ENDIAN_ORDER
#endif
#ifndef BIG_ENDIAN_ORDER
#define LITTLE_ENDIAN_ORDER
#endif
#ifndef BIG_ENDIAN_ORDER
#define LITTLE_ENDIAN_ORDER
#endif
#ifndef WOLFSSL_TYPES
#ifndef byte
typedef unsigned char byte;
#endif
typedef unsigned short word16;
typedef unsigned int word32;
typedef byte word24[3];
#endif
#ifndef WOLFSSL_TYPES
#ifndef byte
typedef unsigned char byte;
#endif
typedef unsigned short word16;
typedef unsigned int word32;
typedef byte word24[3];
#endif
/* try to set SIZEOF_LONG or LONG_LONG if user didn't */
#if !defined(_MSC_VER) && !defined(__BCPLUSPLUS__) && !defined(__EMSCRIPTEN__)
#if !defined(SIZEOF_LONG_LONG) && !defined(SIZEOF_LONG)
#if (defined(__alpha__) || defined(__ia64__) || \
defined(_ARCH_PPC64) || defined(__mips64) || \
defined(__x86_64__) || \
((defined(sun) || defined(__sun)) && \
(defined(LP64) || defined(_LP64))))
/* long should be 64bit */
#define SIZEOF_LONG 8
#elif defined(__i386__) || defined(__CORTEX_M3__)
/* long long should be 64bit */
#define SIZEOF_LONG_LONG 8
#endif
#endif
#endif
/* try to set SIZEOF_LONG or LONG_LONG if user didn't */
#if !defined(_MSC_VER) && !defined(__BCPLUSPLUS__) && !defined(__EMSCRIPTEN__)
#if !defined(SIZEOF_LONG_LONG) && !defined(SIZEOF_LONG)
#if (defined(__alpha__) || defined(__ia64__) || \
defined(_ARCH_PPC64) || defined(__mips64) || \
defined(__x86_64__) || \
((defined(sun) || defined(__sun)) && \
(defined(LP64) || defined(_LP64))))
/* long should be 64bit */
#define SIZEOF_LONG 8
#elif defined(__i386__) || defined(__CORTEX_M3__)
/* long long should be 64bit */
#define SIZEOF_LONG_LONG 8
#endif
#endif
#endif
#if defined(_MSC_VER) || defined(__BCPLUSPLUS__)
#define WORD64_AVAILABLE
#define W64LIT(x) x##ui64
typedef unsigned __int64 word64;
#elif defined(__EMSCRIPTEN__)
#define WORD64_AVAILABLE
#define W64LIT(x) x##ull
typedef unsigned long long word64;
#elif defined(SIZEOF_LONG) && SIZEOF_LONG == 8
#define WORD64_AVAILABLE
#define W64LIT(x) x##LL
typedef unsigned long word64;
#elif defined(SIZEOF_LONG_LONG) && SIZEOF_LONG_LONG == 8
#define WORD64_AVAILABLE
#define W64LIT(x) x##LL
typedef unsigned long long word64;
#elif defined(__SIZEOF_LONG_LONG__) && __SIZEOF_LONG_LONG__ == 8
#define WORD64_AVAILABLE
#define W64LIT(x) x##LL
typedef unsigned long long word64;
#endif
#if defined(_MSC_VER) || defined(__BCPLUSPLUS__)
#define WORD64_AVAILABLE
#define W64LIT(x) x##ui64
typedef unsigned __int64 word64;
#elif defined(__EMSCRIPTEN__)
#define WORD64_AVAILABLE
#define W64LIT(x) x##ull
typedef unsigned long long word64;
#elif defined(SIZEOF_LONG) && SIZEOF_LONG == 8
#define WORD64_AVAILABLE
#define W64LIT(x) x##LL
typedef unsigned long word64;
#elif defined(SIZEOF_LONG_LONG) && SIZEOF_LONG_LONG == 8
#define WORD64_AVAILABLE
#define W64LIT(x) x##LL
typedef unsigned long long word64;
#elif defined(__SIZEOF_LONG_LONG__) && __SIZEOF_LONG_LONG__ == 8
#define WORD64_AVAILABLE
#define W64LIT(x) x##LL
typedef unsigned long long word64;
#endif
#if !defined(NO_64BIT) && defined(WORD64_AVAILABLE)
/* These platforms have 64-bit CPU registers. */
#if (defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) || \
defined(__mips64) || defined(__x86_64__) || defined(_M_X64)) || \
/* These platforms have 64-bit CPU registers. */
#if (defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) || \
defined(__mips64) || defined(__x86_64__) || defined(_M_X64)) || \
defined(__aarch64__) || defined(__sparc64__)
typedef word64 wolfssl_word;
typedef word64 wolfssl_word;
#define WC_64BIT_CPU
#elif (defined(sun) || defined(__sun)) && \
#elif (defined(sun) || defined(__sun)) && \
(defined(LP64) || defined(_LP64))
/* LP64 with GNU GCC compiler is reserved for when long int is 64 bits
* and int uses 32 bits. When using Solaris Studio sparc and __sparc are
* available for 32 bit detection but __sparc64__ could be missed. This
* uses LP64 for checking 64 bit CPU arch. */
typedef word64 wolfssl_word;
typedef word64 wolfssl_word;
#define WC_64BIT_CPU
#else
typedef word32 wolfssl_word;
#ifdef WORD64_AVAILABLE
#define WOLFCRYPT_SLOW_WORD64
#endif
#endif
typedef word32 wolfssl_word;
#ifdef WORD64_AVAILABLE
#define WOLFCRYPT_SLOW_WORD64
#endif
#endif
#else
#undef WORD64_AVAILABLE
typedef word32 wolfssl_word;
@@ -119,36 +119,36 @@
mp_digit, no 64 bit type so make mp_digit 16 bit */
#endif
enum {
WOLFSSL_WORD_SIZE = sizeof(wolfssl_word),
WOLFSSL_BIT_SIZE = 8,
WOLFSSL_WORD_BITS = WOLFSSL_WORD_SIZE * WOLFSSL_BIT_SIZE
};
enum {
WOLFSSL_WORD_SIZE = sizeof(wolfssl_word),
WOLFSSL_BIT_SIZE = 8,
WOLFSSL_WORD_BITS = WOLFSSL_WORD_SIZE * WOLFSSL_BIT_SIZE
};
#define WOLFSSL_MAX_16BIT 0xffffU
#define WOLFSSL_MAX_16BIT 0xffffU
/* use inlining if compiler allows */
#ifndef WC_INLINE
#ifndef NO_INLINE
#ifdef _MSC_VER
#define WC_INLINE __inline
#elif defined(__GNUC__)
/* use inlining if compiler allows */
#ifndef WC_INLINE
#ifndef NO_INLINE
#ifdef _MSC_VER
#define WC_INLINE __inline
#elif defined(__GNUC__)
#ifdef WOLFSSL_VXWORKS
#define WC_INLINE __inline__
#else
#define WC_INLINE inline
#endif
#elif defined(__IAR_SYSTEMS_ICC__)
#define WC_INLINE inline
#elif defined(THREADX)
#define WC_INLINE _Inline
#else
#define WC_INLINE
#endif
#else
#define WC_INLINE
#endif
#endif
#elif defined(__IAR_SYSTEMS_ICC__)
#define WC_INLINE inline
#elif defined(THREADX)
#define WC_INLINE _Inline
#else
#define WC_INLINE
#endif
#else
#define WC_INLINE
#endif
#endif
#if defined(HAVE_FIPS) || defined(HAVE_SELFTEST)
#define INLINE WC_INLINE
@@ -170,19 +170,19 @@
#endif
/* set up thread local storage if available */
#ifdef HAVE_THREAD_LS
#if defined(_MSC_VER)
#define THREAD_LS_T __declspec(thread)
/* Thread local storage only in FreeRTOS v8.2.1 and higher */
#elif defined(FREERTOS) || defined(FREERTOS_TCP)
#define THREAD_LS_T
#else
#define THREAD_LS_T __thread
#endif
#else
#define THREAD_LS_T
#endif
/* set up thread local storage if available */
#ifdef HAVE_THREAD_LS
#if defined(_MSC_VER)
#define THREAD_LS_T __declspec(thread)
/* Thread local storage only in FreeRTOS v8.2.1 and higher */
#elif defined(FREERTOS) || defined(FREERTOS_TCP)
#define THREAD_LS_T
#else
#define THREAD_LS_T __thread
#endif
#else
#define THREAD_LS_T
#endif
/* GCC 7 has new switch() fall-through detection */
#if defined(__GNUC__)
@@ -194,23 +194,23 @@
#define FALL_THROUGH
#endif
/* Micrium will use Visual Studio for compilation but not the Win32 API */
#if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \
!defined(FREERTOS_TCP) && !defined(EBSNET) && \
/* Micrium will use Visual Studio for compilation but not the Win32 API */
#if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \
!defined(FREERTOS_TCP) && !defined(EBSNET) && \
!defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS)
#define USE_WINDOWS_API
#endif
#define USE_WINDOWS_API
#endif
/* idea to add global alloc override by Moises Guimaraes */
/* default to libc stuff */
/* XREALLOC is used once in normal math lib, not in fast math lib */
/* XFREE on some embedded systems doesn't like free(0) so test */
#if defined(HAVE_IO_POOL)
WOLFSSL_API void* XMALLOC(size_t n, void* heap, int type);
WOLFSSL_API void* XREALLOC(void *p, size_t n, void* heap, int type);
WOLFSSL_API void XFREE(void *p, void* heap, int type);
#elif defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_INTEL_QA)
/* idea to add global alloc override by Moises Guimaraes */
/* default to libc stuff */
/* XREALLOC is used once in normal math lib, not in fast math lib */
/* XFREE on some embedded systems doesn't like free(0) so test */
#if defined(HAVE_IO_POOL)
WOLFSSL_API void* XMALLOC(size_t n, void* heap, int type);
WOLFSSL_API void* XREALLOC(void *p, size_t n, void* heap, int type);
WOLFSSL_API void XFREE(void *p, void* heap, int type);
#elif defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_INTEL_QA)
#include <wolfssl/wolfcrypt/port/intel/quickassist_mem.h>
#undef USE_WOLFSSL_MEMORY
#ifdef WOLFSSL_DEBUG_MEMORY
@@ -223,47 +223,61 @@
#define XREALLOC(p, n, h, t) IntelQaRealloc((p), (n), (h), (t))
#endif /* WOLFSSL_DEBUG_MEMORY */
#elif defined(XMALLOC_USER)
/* prototypes for user heap override functions */
#include <stddef.h> /* for size_t */
extern void *XMALLOC(size_t n, void* heap, int type);
extern void *XREALLOC(void *p, size_t n, void* heap, int type);
extern void XFREE(void *p, void* heap, int type);
/* prototypes for user heap override functions */
#include <stddef.h> /* for size_t */
extern void *XMALLOC(size_t n, void* heap, int type);
extern void *XREALLOC(void *p, size_t n, void* heap, int type);
extern void XFREE(void *p, void* heap, int type);
#elif defined(WOLFSSL_MEMORY_LOG)
#define XMALLOC(n, h, t) xmalloc(n, h, t, __func__, __FILE__, __LINE__)
#define XREALLOC(p, n, h, t) xrealloc(p, n, h, t, __func__, __FILE__, __LINE__)
#define XFREE(p, h, t) xfree(p, h, t, __func__, __FILE__, __LINE__)
/* prototypes for user heap override functions */
#include <stddef.h> /* for size_t */
#include <stdlib.h>
extern void *xmalloc(size_t n, void* heap, int type, const char* func,
const char* file, unsigned int line);
extern void *xrealloc(void *p, size_t n, void* heap, int type,
const char* func, const char* file, unsigned int line);
extern void xfree(void *p, void* heap, int type, const char* func,
const char* file, unsigned int line);
#elif defined(XMALLOC_OVERRIDE)
/* override the XMALLOC, XFREE and XREALLOC macros */
#elif defined(NO_WOLFSSL_MEMORY)
/* just use plain C stdlib stuff if desired */
#include <stdlib.h>
#define XMALLOC(s, h, t) ((void)h, (void)t, malloc((s)))
#define XFREE(p, h, t) {void* xp = (p); if((xp)) free((xp));}
#define XREALLOC(p, n, h, t) realloc((p), (n))
#elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \
&& !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \
&& !defined(FREESCALE_KSDK_MQX) && !defined(FREESCALE_FREE_RTOS) \
#elif defined(NO_WOLFSSL_MEMORY)
/* just use plain C stdlib stuff if desired */
#include <stdlib.h>
#define XMALLOC(s, h, t) ((void)h, (void)t, malloc((s)))
#define XFREE(p, h, t) {void* xp = (p); if((xp)) free((xp));}
#define XREALLOC(p, n, h, t) realloc((p), (n))
#elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \
&& !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \
&& !defined(FREESCALE_KSDK_MQX) && !defined(FREESCALE_FREE_RTOS) \
&& !defined(WOLFSSL_LEANPSK) && !defined(WOLFSSL_uITRON4)
/* default C runtime, can install different routines at runtime via cbs */
#include <wolfssl/wolfcrypt/memory.h>
/* default C runtime, can install different routines at runtime via cbs */
#include <wolfssl/wolfcrypt/memory.h>
#ifdef WOLFSSL_STATIC_MEMORY
#ifdef WOLFSSL_DEBUG_MEMORY
#define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t), __func__, __LINE__)
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t), __func__, __LINE__);}
#define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t), __func__, __LINE__)
#define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t), __func__, __LINE__)
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t), __func__, __LINE__);}
#define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t), __func__, __LINE__)
#else
#define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t))
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t));}
#define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t))
#define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t))
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t));}
#define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t))
#endif /* WOLFSSL_DEBUG_MEMORY */
#elif !defined(FREERTOS) && !defined(FREERTOS_TCP)
#ifdef WOLFSSL_DEBUG_MEMORY
#define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s), __func__, __LINE__))
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), __func__, __LINE__);}
#define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), __func__, __LINE__)
#define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s), __func__, __LINE__))
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), __func__, __LINE__);}
#define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), __func__, __LINE__)
#else
#define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s)))
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp));}
#define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n))
#define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s)))
#define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp));}
#define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n))
#endif /* WOLFSSL_DEBUG_MEMORY */
#endif /* WOLFSSL_STATIC_MEMORY */
#endif
#endif
/* declare/free variable handling for async */
#ifdef WOLFSSL_ASYNC_CRYPT
@@ -308,21 +322,21 @@
#define USE_WOLF_STRSEP
#endif
#ifndef STRING_USER
#include <string.h>
#define XMEMCPY(d,s,l) memcpy((d),(s),(l))
#define XMEMSET(b,c,l) memset((b),(c),(l))
#define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n))
#define XMEMMOVE(d,s,l) memmove((d),(s),(l))
#ifndef STRING_USER
#include <string.h>
#define XMEMCPY(d,s,l) memcpy((d),(s),(l))
#define XMEMSET(b,c,l) memset((b),(c),(l))
#define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n))
#define XMEMMOVE(d,s,l) memmove((d),(s),(l))
#define XSTRLEN(s1) strlen((s1))
#define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
/* strstr, strncmp, and strncat only used by wolfSSL proper,
#define XSTRLEN(s1) strlen((s1))
#define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
/* strstr, strncmp, and strncat only used by wolfSSL proper,
* not required for wolfCrypt only */
#define XSTRSTR(s1,s2) strstr((s1),(s2))
#define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
#define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
#define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
#define XSTRSTR(s1,s2) strstr((s1),(s2))
#define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
#define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
#define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
#ifdef USE_WOLF_STRSEP
#define XSTRSEP(s1,d) wc_strsep((s1),(d))
@@ -334,14 +348,14 @@
/* XC32 does not support strncasecmp, so use case sensitive one */
#define XSTRNCASECMP(s1,s2,n) strncmp((s1),(s2),(n))
#elif defined(USE_WINDOWS_API) || defined(FREERTOS_TCP_WINSIM)
#define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n))
#define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n))
#else
#if defined(HAVE_STRINGS_H) && defined(WOLF_C99) && \
!defined(WOLFSSL_SGX)
#include <strings.h>
#endif
#define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
#endif
#define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
#endif
/* snprintf is used in asn.c for GetTimeString, PKCS7 test, and when
debugging is turned on */
@@ -367,7 +381,7 @@
#define XSTRTOK(s1,d,ptr) strtok_r((s1),(d),(ptr))
#endif
#endif
#endif
#endif
#ifdef USE_WOLF_STRTOK
WOLFSSL_API char* wc_strtok(char *str, const char *delim, char **nextp);
@@ -384,20 +398,20 @@
#endif
#endif /* OPENSSL_EXTRA */
#ifndef CTYPE_USER
#include <ctype.h>
#if defined(HAVE_ECC) || defined(HAVE_OCSP) || \
#ifndef CTYPE_USER
#include <ctype.h>
#if defined(HAVE_ECC) || defined(HAVE_OCSP) || \
defined(WOLFSSL_KEY_GEN) || !defined(NO_DSA)
#define XTOUPPER(c) toupper((c))
#define XISALPHA(c) isalpha((c))
#endif
/* needed by wolfSSL_check_domain_name() */
#define XTOLOWER(c) tolower((c))
#endif
#define XTOUPPER(c) toupper((c))
#define XISALPHA(c) isalpha((c))
#endif
/* needed by wolfSSL_check_domain_name() */
#define XTOLOWER(c) tolower((c))
#endif
/* memory allocation types for user hints */
enum {
/* memory allocation types for user hints */
enum {
DYNAMIC_TYPE_CA = 1,
DYNAMIC_TYPE_CERT = 2,
DYNAMIC_TYPE_KEY = 3,
@@ -488,17 +502,17 @@
DYNAMIC_TYPE_HASH_TMP = 88,
DYNAMIC_TYPE_BLOB = 89,
DYNAMIC_TYPE_NAME_ENTRY = 90,
};
};
/* max error buffer string size */
/* max error buffer string size */
#ifndef WOLFSSL_MAX_ERROR_SZ
#define WOLFSSL_MAX_ERROR_SZ 80
#define WOLFSSL_MAX_ERROR_SZ 80
#endif
/* stack protection */
enum {
MIN_STACK_BUFFER = 8
};
/* stack protection */
enum {
MIN_STACK_BUFFER = 8
};
/* Algorithm Types */
@@ -565,39 +579,39 @@
};
/* settings detection for compile vs runtime math incompatibilities */
enum {
#if !defined(USE_FAST_MATH) && !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG)
CTC_SETTINGS = 0x0
#elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG) && (SIZEOF_LONG == 8)
CTC_SETTINGS = 0x1
#elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 8)
CTC_SETTINGS = 0x2
#elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 4)
CTC_SETTINGS = 0x4
#elif defined(USE_FAST_MATH) && !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG)
CTC_SETTINGS = 0x8
#elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG) && (SIZEOF_LONG == 8)
CTC_SETTINGS = 0x10
#elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 8)
CTC_SETTINGS = 0x20
#elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 4)
CTC_SETTINGS = 0x40
#else
#error "bad math long / long long settings"
#endif
};
/* settings detection for compile vs runtime math incompatibilities */
enum {
#if !defined(USE_FAST_MATH) && !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG)
CTC_SETTINGS = 0x0
#elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG) && (SIZEOF_LONG == 8)
CTC_SETTINGS = 0x1
#elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 8)
CTC_SETTINGS = 0x2
#elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 4)
CTC_SETTINGS = 0x4
#elif defined(USE_FAST_MATH) && !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG)
CTC_SETTINGS = 0x8
#elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG) && (SIZEOF_LONG == 8)
CTC_SETTINGS = 0x10
#elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 8)
CTC_SETTINGS = 0x20
#elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 4)
CTC_SETTINGS = 0x40
#else
#error "bad math long / long long settings"
#endif
};
WOLFSSL_API word32 CheckRunTimeSettings(void);
WOLFSSL_API word32 CheckRunTimeSettings(void);
/* If user uses RSA, DH, DSA, or ECC math lib directly then fast math and long
types need to match at compile time and run time, CheckCtcSettings will
return 1 if a match otherwise 0 */
#define CheckCtcSettings() (CTC_SETTINGS == CheckRunTimeSettings())
/* If user uses RSA, DH, DSA, or ECC math lib directly then fast math and long
types need to match at compile time and run time, CheckCtcSettings will
return 1 if a match otherwise 0 */
#define CheckCtcSettings() (CTC_SETTINGS == CheckRunTimeSettings())
/* invalid device id */
#define INVALID_DEVID -2
/* invalid device id */
#define INVALID_DEVID -2
/* AESNI requires alignment and ARMASM gains some performance from it */
@@ -720,8 +734,8 @@
#define WC_MP_TO_RADIX
#endif
#ifdef __cplusplus
} /* extern "C" */
#endif
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* WOLF_CRYPT_TYPES_H */