wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-31 14:59:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

tlsx with static memory / account for session certs size

Browse Source
This commit is contained in:
Jacob Barthelmeh
2016-06-07 15:39:16 -06:00
parent 738373038b
commit e214086dce
14 changed files with 325 additions and 258 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
examples/client/client.c
View File

@@ -608,7 +608,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
(void)resumeSz;
(void)session;
(void)sslResume;
(void)trackMemory;
(void)atomicUser;
(void)pkCallbacks;
(void)scr;
@@ -1628,6 +1627,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
(void) verifyCert;
(void) ourCert;
(void) ourKey;
(void) trackMemory;
#if !defined(WOLFSSL_TIRTOS)
return 0;

8
examples/server/server.c
View File

@@ -324,8 +324,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#endif
#ifdef WOLFSSL_STATIC_MEMORY
#if defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)
byte memory[200000];
#if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) \
|| defined(SESSION_CERTS)
/* big enough to handle most cases including session certs */
byte memory[204000];
#else
byte memory[80000];
#endif
@@ -340,7 +342,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
ourCert = (char*)eccCert;
ourKey = (char*)eccKey;
#endif
(void)trackMemory;
(void)pkCallbacks;
(void)needDH;
(void)ourKey;
@@ -1107,6 +1108,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
(void) useNtruKey;
(void) ourDhParam;
(void) ourCert;
(void) trackMemory;
#ifndef CYASSL_TIRTOS
return 0;
#endif

62
src/internal.c
View File

@@ -213,14 +213,14 @@ static int QSH_FreeAll(WOLFSSL* ssl)
preKey = key;
if (key->pri.buffer) {
ForceZero(key->pri.buffer, key->pri.length);
XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
if (key->pub.buffer)
XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
key = (QSHKey*)key->next;
/* free struct */
XFREE(preKey, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
XFREE(preKey, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
key = NULL;
@@ -231,14 +231,14 @@ static int QSH_FreeAll(WOLFSSL* ssl)
preKey = key;
if (key->pri.buffer) {
ForceZero(key->pri.buffer, key->pri.length);
XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
if (key->pub.buffer)
XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
key = (QSHKey*)key->next;
/* free struct */
XFREE(preKey, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
XFREE(preKey, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
key = NULL;
@@ -250,9 +250,9 @@ static int QSH_FreeAll(WOLFSSL* ssl)
while (list) {
preList = list;
if (list->PK)
XFREE(list->PK, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
XFREE(list->PK, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
list = (QSHScheme*)list->next;
XFREE(preList, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
XFREE(preList, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
/* free secret buffers */
@@ -260,20 +260,20 @@ static int QSH_FreeAll(WOLFSSL* ssl)
if (secret->SerSi->buffer) {
/* clear extra secret material that supplemented Master Secret*/
ForceZero(secret->SerSi->buffer, secret->SerSi->length);
XFREE(secret->SerSi->buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
XFREE(secret->SerSi->buffer, ssl->heap,DYNAMIC_TYPE_TMP_BUFFER);
}
XFREE(secret->SerSi, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
XFREE(secret->SerSi, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
if (secret->CliSi) {
if (secret->CliSi->buffer) {
/* clear extra secret material that supplemented Master Secret*/
ForceZero(secret->CliSi->buffer, secret->CliSi->length);
XFREE(secret->CliSi->buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
XFREE(secret->CliSi->buffer, ssl->heap,DYNAMIC_TYPE_TMP_BUFFER);
}
XFREE(secret->CliSi, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
XFREE(secret->CliSi, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
}
XFREE(secret, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
XFREE(secret, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
secret = NULL;
return 0;
@@ -1417,7 +1417,7 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
#endif
#ifdef HAVE_TLS_EXTENSIONS
TLSX_FreeAll(ctx->extensions);
TLSX_FreeAll(ctx->extensions, ctx->heap);
#ifndef NO_WOLFSSL_SERVER
@@ -3525,7 +3525,7 @@ void SSL_ResourceFree(WOLFSSL* ssl)
#endif /* NO_RSA */
#endif /* HAVE_PK_CALLBACKS */
#ifdef HAVE_TLS_EXTENSIONS
TLSX_FreeAll(ssl->extensions);
TLSX_FreeAll(ssl->extensions, ssl->heap);
#ifdef HAVE_ALPN
if (ssl->alpn_client_list != NULL) {
@@ -6190,7 +6190,8 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#ifdef HAVE_OCSP
#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
if (ssl->status_request_v2)
ret = TLSX_CSR2_InitRequests(ssl->extensions, dCert, 0);
ret = TLSX_CSR2_InitRequests(ssl->extensions, dCert, 0,
ssl->heap);
else /* skips OCSP and force CRL check */
#endif
if (ssl->ctx->cm->ocspEnabled && ssl->ctx->cm->ocspCheckAll) {
@@ -6298,13 +6299,15 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
if (ssl->options.side == WOLFSSL_CLIENT_END) {
#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
if (ssl->status_request) {
fatal = TLSX_CSR_InitRequest(ssl->extensions, dCert);
fatal = TLSX_CSR_InitRequest(ssl->extensions, dCert,
ssl->heap);
doLookup = 0;
}
#endif
#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
if (ssl->status_request_v2) {
fatal = TLSX_CSR2_InitRequests(ssl->extensions, dCert, 1);
fatal = TLSX_CSR2_InitRequests(ssl->extensions, dCert, 1,
ssl->heap);
doLookup = 0;
}
#endif
@@ -6737,7 +6740,7 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
InitOcspResponse(response, status, input +*inOutIdx, status_length);
if ((OcspResponseDecode(response, ssl->ctx->cm) != 0)
if ((OcspResponseDecode(response, ssl->ctx->cm, ssl->heap) != 0)
|| (response->responseStatus != OCSP_SUCCESSFUL)
|| (response->status->status != CERT_GOOD)
|| (CompareOcspReqResp(request, response) != 0))
@@ -6814,7 +6817,8 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
InitOcspResponse(response, status, input +*inOutIdx,
status_length);
if ((OcspResponseDecode(response, ssl->ctx->cm) != 0)
if ((OcspResponseDecode(response, ssl->ctx->cm, ssl->heap)
!= 0)
|| (response->responseStatus != OCSP_SUCCESSFUL)
|| (response->status->status != CERT_GOOD))
ret = BAD_CERTIFICATE_STATUS_ERROR;
@@ -10321,7 +10325,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
return MEMORY_E;
}
ret = InitOcspRequest(request, cert, 0);
ret = InitOcspRequest(request, cert, 0, ssl->heap);
if (ret != 0) {
XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
}
@@ -10418,7 +10422,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
return MEMORY_E;
}
ret = InitOcspRequest(request, cert, 0);
ret = InitOcspRequest(request, cert, 0, ssl->heap);
if (ret != 0) {
XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
}
@@ -10496,7 +10500,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
break;
}
ret = InitOcspRequest(request, cert, 0);
ret = InitOcspRequest(request, cert, 0, ssl->heap);
if (ret != 0) {
XFREE(request, ssl->heap,DYNAMIC_TYPE_OCSP_REQUEST);
break;
@@ -14057,16 +14061,16 @@ int QSH_Init(WOLFSSL* ssl)
return 0;
/* malloc memory for holding generated secret information */
if ((ssl->QSH_secret = (QSHSecret*)XMALLOC(sizeof(QSHSecret), NULL,
if ((ssl->QSH_secret = (QSHSecret*)XMALLOC(sizeof(QSHSecret), ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
return MEMORY_E;
ssl->QSH_secret->CliSi = (buffer*)XMALLOC(sizeof(buffer), NULL,
ssl->QSH_secret->CliSi = (buffer*)XMALLOC(sizeof(buffer), ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (ssl->QSH_secret->CliSi == NULL)
return MEMORY_E;
ssl->QSH_secret->SerSi = (buffer*)XMALLOC(sizeof(buffer), NULL,
ssl->QSH_secret->SerSi = (buffer*)XMALLOC(sizeof(buffer), ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (ssl->QSH_secret->SerSi == NULL)
return MEMORY_E;
@@ -14220,7 +14224,7 @@ static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer)
buf = ssl->QSH_secret->CliSi;
}
buf->length = sz;
buf->buffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
buf->buffer = (byte*)XMALLOC(sz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (buf->buffer == NULL) {
WOLFSSL_ERROR(MEMORY_E);
}
@@ -14229,7 +14233,7 @@ static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer)
sz = 0;
current = ssl->peerQSHKey;
while (current) {
schm = (QSHScheme*)XMALLOC(sizeof(QSHScheme), NULL,
schm = (QSHScheme*)XMALLOC(sizeof(QSHScheme), ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (schm == NULL)
return MEMORY_E;
@@ -14249,7 +14253,7 @@ static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer)
tmpSz = QSH_MaxSecret(current);
if ((schm->PK = (byte*)XMALLOC(tmpSz, 0,
if ((schm->PK = (byte*)XMALLOC(tmpSz, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
return -1;

25
src/ocsp.c
View File

@@ -88,7 +88,7 @@ static void FreeOcspEntry(OcspEntry* entry)
}
void FreeOCSP(WOLFSSL_OCSP* ocsp, int dynamic, void* heap)
void FreeOCSP(WOLFSSL_OCSP* ocsp, int dynamic)
{
OcspEntry *entry, *next;
@@ -97,15 +97,14 @@ void FreeOCSP(WOLFSSL_OCSP* ocsp, int dynamic, void* heap)
for (entry = ocsp->ocspList; entry; entry = next) {
next = entry->next;
FreeOcspEntry(entry);
XFREE(entry, heap, DYNAMIC_TYPE_OCSP_ENTRY);
XFREE(entry, ocsp->cm->heap, DYNAMIC_TYPE_OCSP_ENTRY);
}
FreeMutex(&ocsp->ocspLock);
if (dynamic)
XFREE(ocsp, heap, DYNAMIC_TYPE_OCSP);
XFREE(ocsp, ocsp->cm->heap, DYNAMIC_TYPE_OCSP);
(void)heap;
}
@@ -144,7 +143,8 @@ int CheckCertOCSP(WOLFSSL_OCSP* ocsp, DecodedCert* cert, buffer* responseBuffer)
}
#endif
if (InitOcspRequest(ocspRequest, cert, ocsp->cm->ocspSendNonce) == 0) {
if (InitOcspRequest(ocspRequest, cert, ocsp->cm->ocspSendNonce,
ocsp->cm->heap) == 0) {
ret = CheckOcspRequest(ocsp, ocspRequest, responseBuffer);
FreeOcspRequest(ocspRequest);
@@ -179,7 +179,7 @@ static int GetOcspEntry(WOLFSSL_OCSP* ocsp, OcspRequest* request,
if (*entry == NULL) {
*entry = (OcspEntry*)XMALLOC(sizeof(OcspEntry),
NULL, DYNAMIC_TYPE_OCSP_ENTRY);
ocsp->cm->heap, DYNAMIC_TYPE_OCSP_ENTRY);
if (*entry) {
InitOcspEntry(*entry, request);
(*entry)->next = ocsp->ocspList;
@@ -293,7 +293,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
return 0;
}
request = (byte*)XMALLOC(requestSz, NULL, DYNAMIC_TYPE_OCSP);
request = (byte*)XMALLOC(requestSz, ocsp->cm->heap, DYNAMIC_TYPE_OCSP);
if (request == NULL) {
WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
return MEMORY_ERROR;
@@ -326,14 +326,14 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
XMEMSET(newStatus, 0, sizeof(CertStatus));
InitOcspResponse(ocspResponse, newStatus, response, ret);
OcspResponseDecode(ocspResponse, ocsp->cm);
OcspResponseDecode(ocspResponse, ocsp->cm, ocsp->cm->heap);
if (ocspResponse->responseStatus != OCSP_SUCCESSFUL)
ret = OCSP_LOOKUP_FAIL;
else {
if (CompareOcspReqResp(ocspRequest, ocspResponse) == 0) {
if (responseBuffer) {
responseBuffer->buffer = (byte*)XMALLOC(ret, NULL,
responseBuffer->buffer = (byte*)XMALLOC(ret, ocsp->cm->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (responseBuffer->buffer) {
@@ -349,7 +349,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
else {
if (status != NULL) {
if (status->rawOcspResponse)
XFREE(status->rawOcspResponse, NULL,
XFREE(status->rawOcspResponse, ocsp->cm->heap,
DYNAMIC_TYPE_OCSP_STATUS);
/* Replace existing certificate entry with updated */
@@ -358,7 +358,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
else {
/* Save new certificate entry */
status = (CertStatus*)XMALLOC(sizeof(CertStatus),
NULL, DYNAMIC_TYPE_OCSP_STATUS);
ocsp->cm->heap, DYNAMIC_TYPE_OCSP_STATUS);
if (status != NULL) {
XMEMCPY(status, newStatus, sizeof(CertStatus));
status->next = entry->status;
@@ -369,7 +369,8 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
if (status && responseBuffer && responseBuffer->buffer) {
status->rawOcspResponse = (byte*)XMALLOC(
responseBuffer->length, NULL,
responseBuffer->length,
ocsp->cm->heap,
DYNAMIC_TYPE_OCSP_STATUS);
if (status->rawOcspResponse) {

54
src/ssl.c
View File

@@ -628,9 +628,15 @@ int wolfSSL_GetObjectSize(void)
int wolfSSL_init_memory_heap(WOLFSSL_HEAP* heap)
{
/* default size of chunks of memory to seperate into */
/* default size of chunks of memory to seperate into
* having session certs enabled makes a 21k SSL struct */
#ifndef SESSION_CERTS
word32 wc_defaultMemSz[WOLFMEM_DEF_BUCKETS] =
{ 64, 128, 256, 512, 1024, 2400, 3408, 4544, 16000 };
{ 64, 128, 256, 512, 1024, 2400, 3408, 4544, 16128 };
#else
word32 wc_defaultMemSz[WOLFMEM_DEF_BUCKETS] =
{ 64, 128, 256, 512, 1024, 2400, 3408, 4544, 21000 };
#endif
word32 wc_defaultDist[WOLFMEM_DEF_BUCKETS] = { 8, 4, 4, 12, 4, 5, 2, 1, 1 };
if (heap == NULL) {
@@ -1056,7 +1062,7 @@ int wolfSSL_UseSNI(WOLFSSL* ssl, byte type, const void* data, word16 size)
if (ssl == NULL)
return BAD_FUNC_ARG;
return TLSX_UseSNI(&ssl->extensions, type, data, size);
return TLSX_UseSNI(&ssl->extensions, type, data, size, ssl->heap);
}
@@ -1066,7 +1072,7 @@ int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, byte type, const void* data,
if (ctx == NULL)
return BAD_FUNC_ARG;
return TLSX_UseSNI(&ctx->extensions, type, data, size);
return TLSX_UseSNI(&ctx->extensions, type, data, size, ctx->heap);
}
#ifndef NO_WOLFSSL_SERVER
@@ -1125,7 +1131,7 @@ int wolfSSL_UseMaxFragment(WOLFSSL* ssl, byte mfl)
if (ssl == NULL)
return BAD_FUNC_ARG;
return TLSX_UseMaxFragment(&ssl->extensions, mfl);
return TLSX_UseMaxFragment(&ssl->extensions, mfl, ssl->heap);
}
@@ -1134,7 +1140,7 @@ int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX* ctx, byte mfl)
if (ctx == NULL)
return BAD_FUNC_ARG;
return TLSX_UseMaxFragment(&ctx->extensions, mfl);
return TLSX_UseMaxFragment(&ctx->extensions, mfl, ctx->heap);
}
#endif /* NO_WOLFSSL_CLIENT */
@@ -1148,7 +1154,7 @@ int wolfSSL_UseTruncatedHMAC(WOLFSSL* ssl)
if (ssl == NULL)
return BAD_FUNC_ARG;
return TLSX_UseTruncatedHMAC(&ssl->extensions);
return TLSX_UseTruncatedHMAC(&ssl->extensions, ssl->heap);
}
@@ -1157,7 +1163,7 @@ int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX* ctx)
if (ctx == NULL)
return BAD_FUNC_ARG;
return TLSX_UseTruncatedHMAC(&ctx->extensions);
return TLSX_UseTruncatedHMAC(&ctx->extensions, ctx->heap);
}
#endif /* NO_WOLFSSL_CLIENT */
@@ -1171,7 +1177,7 @@ int wolfSSL_UseOCSPStapling(WOLFSSL* ssl, byte status_type, byte options)
return BAD_FUNC_ARG;
return TLSX_UseCertificateStatusRequest(&ssl->extensions, status_type,
options);
options, ssl->heap);
}
@@ -1182,7 +1188,7 @@ int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX* ctx, byte status_type,
return BAD_FUNC_ARG;
return TLSX_UseCertificateStatusRequest(&ctx->extensions, status_type,
options);
options, ctx->heap);
}
#endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
@@ -1195,7 +1201,7 @@ int wolfSSL_UseOCSPStaplingV2(WOLFSSL* ssl, byte status_type, byte options)
return BAD_FUNC_ARG;
return TLSX_UseCertificateStatusRequestV2(&ssl->extensions, status_type,
options);
options, ssl->heap);
}
@@ -1206,7 +1212,7 @@ int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx,
return BAD_FUNC_ARG;
return TLSX_UseCertificateStatusRequestV2(&ctx->extensions, status_type,
options);
options, ctx->heap);
}
#endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
@@ -1233,7 +1239,7 @@ int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, word16 name)
return BAD_FUNC_ARG;
}
return TLSX_UseSupportedCurve(&ssl->extensions, name);
return TLSX_UseSupportedCurve(&ssl->extensions, name, ssl->heap);
}
@@ -1255,7 +1261,7 @@ int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx, word16 name)
return BAD_FUNC_ARG;
}
return TLSX_UseSupportedCurve(&ctx->extensions, name);
return TLSX_UseSupportedCurve(&ctx->extensions, name, ctx->heap);
}
#endif /* NO_WOLFSSL_CLIENT */
@@ -1292,7 +1298,7 @@ int wolfSSL_UseSupportedQSH(WOLFSSL* ssl, word16 name)
ssl->user_set_QSHSchemes = 1;
return TLSX_UseQSHScheme(&ssl->extensions, name, NULL, 0);
return TLSX_UseQSHScheme(&ssl->extensions, name, NULL, 0, ssl->heap);
}
#ifndef NO_WOLFSSL_CLIENT
@@ -1363,14 +1369,15 @@ int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list,
while ((idx--) > 0) {
len = (word16)XSTRLEN(token[idx]);
ret = TLSX_UseALPN(&ssl->extensions, token[idx], len, options);
ret = TLSX_UseALPN(&ssl->extensions, token[idx], len, options,
ssl->heap);
if (ret != SSL_SUCCESS) {
WOLFSSL_MSG("TLSX_UseALPN failure");
break;
}
}
XFREE(list, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(list, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
@@ -1393,7 +1400,8 @@ int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list, word16 *listSz)
if (*listSz == 0)
return BUFFER_ERROR;
*list = (char *)XMALLOC((*listSz)+1, ssl->heap, DYNAMIC_TYPE_TLSX);
/* leaving as null heap hint since user calls free on returned string */
*list = (char *)XMALLOC((*listSz)+1, NULL, DYNAMIC_TYPE_TLSX);
if (*list == NULL)
return MEMORY_ERROR;
@@ -1414,7 +1422,7 @@ int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl)
int ret = BAD_FUNC_ARG;
if (ssl)
ret = TLSX_UseSecureRenegotiation(&ssl->extensions);
ret = TLSX_UseSecureRenegotiation(&ssl->extensions, ssl->heap);
if (ret == SSL_SUCCESS) {
TLSX* extension = TLSX_Find(ssl->extensions, TLSX_RENEGOTIATION_INFO);
@@ -2133,11 +2141,11 @@ void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm)
#endif
#ifdef HAVE_OCSP
if (cm->ocsp)
FreeOCSP(cm->ocsp, 1, cm->heap);
FreeOCSP(cm->ocsp, 1);
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
if (cm->ocsp_stapling)
FreeOCSP(cm->ocsp_stapling, 1, cm->heap);
FreeOCSP(cm->ocsp_stapling, 1);
#endif
#endif
FreeSignerTable(cm->caTable, CA_TABLE_SIZE, cm->heap);
@@ -4308,7 +4316,7 @@ int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER* cm, int options)
if (InitOCSP(cm->ocsp, cm) != 0) {
WOLFSSL_MSG("Init OCSP failed");
FreeOCSP(cm->ocsp, 1, cm->heap);
FreeOCSP(cm->ocsp, 1);
cm->ocsp = NULL;
return SSL_FAILURE;
}
@@ -4364,7 +4372,7 @@ int wolfSSL_CertManagerEnableOCSPStapling(WOLFSSL_CERT_MANAGER* cm)
if (InitOCSP(cm->ocsp_stapling, cm) != 0) {
WOLFSSL_MSG("Init OCSP failed");
FreeOCSP(cm->ocsp_stapling, 1, cm->heap);
FreeOCSP(cm->ocsp_stapling, 1);
cm->ocsp_stapling = NULL;
return SSL_FAILURE;
}

299
src/tls.c
View File

@@ -784,9 +784,9 @@ static INLINE word16 TLSX_ToSemaphore(word16 type)
((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8)))
/** Creates a new extension. */
static TLSX* TLSX_New(TLSX_Type type, void* data)
static TLSX* TLSX_New(TLSX_Type type, void* data, void* heap)
{
TLSX* extension = (TLSX*)XMALLOC(sizeof(TLSX), NULL, DYNAMIC_TYPE_TLSX);
TLSX* extension = (TLSX*)XMALLOC(sizeof(TLSX), heap, DYNAMIC_TYPE_TLSX);
if (extension) {
extension->type = type;
@@ -802,9 +802,9 @@ static TLSX* TLSX_New(TLSX_Type type, void* data)
* Creates a new extension and pushes it to the provided list.
* Checks for duplicate extensions, keeps the newest.
*/
static int TLSX_Push(TLSX** list, TLSX_Type type, void* data)
static int TLSX_Push(TLSX** list, TLSX_Type type, void* data, void* heap)
{
TLSX* extension = TLSX_New(type, data);
TLSX* extension = TLSX_New(type, data, heap);
if (extension == NULL)
return MEMORY_E;
@@ -821,7 +821,7 @@ static int TLSX_Push(TLSX** list, TLSX_Type type, void* data)
extension->next = next->next;
next->next = NULL;
TLSX_FreeAll(next);
TLSX_FreeAll(next, heap);
/* there is no way to occur more than */
/* two extensions of the same type. */
@@ -853,7 +853,8 @@ void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type)
#ifdef HAVE_ALPN
/** Creates a new ALPN object, providing protocol name to use. */
static ALPN* TLSX_ALPN_New(char *protocol_name, word16 protocol_nameSz)
static ALPN* TLSX_ALPN_New(char *protocol_name, word16 protocol_nameSz,
void* heap)
{
ALPN *alpn;
@@ -865,7 +866,7 @@ static ALPN* TLSX_ALPN_New(char *protocol_name, word16 protocol_nameSz)
return NULL;
}
alpn = (ALPN*)XMALLOC(sizeof(ALPN), 0, DYNAMIC_TYPE_TLSX);
alpn = (ALPN*)XMALLOC(sizeof(ALPN), heap, DYNAMIC_TYPE_TLSX);
if (alpn == NULL) {
WOLFSSL_MSG("Memory failure");
return NULL;
@@ -875,10 +876,10 @@ static ALPN* TLSX_ALPN_New(char *protocol_name, word16 protocol_nameSz)
alpn->negotiated = 0;
alpn->options = 0;
alpn->protocol_name = XMALLOC(protocol_nameSz + 1, 0, DYNAMIC_TYPE_TLSX);
alpn->protocol_name = XMALLOC(protocol_nameSz + 1, heap, DYNAMIC_TYPE_TLSX);
if (alpn->protocol_name == NULL) {
WOLFSSL_MSG("Memory failure");
XFREE(alpn, 0, DYNAMIC_TYPE_TLSX);
XFREE(alpn, heap, DYNAMIC_TYPE_TLSX);
return NULL;
}
@@ -889,23 +890,25 @@ static ALPN* TLSX_ALPN_New(char *protocol_name, word16 protocol_nameSz)
}
/** Releases an ALPN object. */
static void TLSX_ALPN_Free(ALPN *alpn)
static void TLSX_ALPN_Free(ALPN *alpn, void* heap)
{
(void)heap;
if (alpn == NULL)
return;
XFREE(alpn->protocol_name, 0, DYNAMIC_TYPE_TLSX);
XFREE(alpn, 0, DYNAMIC_TYPE_TLSX);
XFREE(alpn->protocol_name, heap, DYNAMIC_TYPE_TLSX);
XFREE(alpn, heap, DYNAMIC_TYPE_TLSX);
}
/** Releases all ALPN objects in the provided list. */
static void TLSX_ALPN_FreeAll(ALPN *list)
static void TLSX_ALPN_FreeAll(ALPN *list, void* heap)
{
ALPN* alpn;
while ((alpn = list)) {
list = alpn->next;
TLSX_ALPN_Free(alpn);
TLSX_ALPN_Free(alpn, heap);
}
}
@@ -970,7 +973,8 @@ static ALPN* TLSX_ALPN_Find(ALPN *list, char *protocol_name, word16 size)
}
/** Set the ALPN matching client and server requirements */
static int TLSX_SetALPN(TLSX** extensions, const void* data, word16 size)
static int TLSX_SetALPN(TLSX** extensions, const void* data, word16 size,
void* heap)
{
ALPN *alpn;
int ret;
@@ -978,7 +982,7 @@ static int TLSX_SetALPN(TLSX** extensions, const void* data, word16 size)
if (extensions == NULL || data == NULL)
return BAD_FUNC_ARG;
alpn = TLSX_ALPN_New((char *)data, size);
alpn = TLSX_ALPN_New((char *)data, size, heap);
if (alpn == NULL) {
WOLFSSL_MSG("Memory failure");
return MEMORY_E;
@@ -986,9 +990,10 @@ static int TLSX_SetALPN(TLSX** extensions, const void* data, word16 size)
alpn->negotiated = 1;
ret = TLSX_Push(extensions, TLSX_APPLICATION_LAYER_PROTOCOL, (void*)alpn);
ret = TLSX_Push(extensions, TLSX_APPLICATION_LAYER_PROTOCOL, (void*)alpn,
heap);
if (ret != 0) {
TLSX_ALPN_Free(alpn);
TLSX_ALPN_Free(alpn, heap);
return ret;
}
@@ -1032,9 +1037,9 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, byte *input, word16 length,
/* keep the list sent by client */
if (isRequest) {
if (ssl->alpn_client_list != NULL)
XFREE(ssl->alpn_client_list, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
ssl->alpn_client_list = (char *)XMALLOC(size, NULL,
ssl->alpn_client_list = (char *)XMALLOC(size, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (ssl->alpn_client_list == NULL)
return MEMORY_ERROR;
@@ -1085,7 +1090,8 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, byte *input, word16 length,
/* set the matching negotiated protocol */
r = TLSX_SetALPN(&ssl->extensions,
alpn->protocol_name,
(word16)XSTRLEN(alpn->protocol_name));
(word16)XSTRLEN(alpn->protocol_name),
ssl->heap);
if (r != SSL_SUCCESS) {
WOLFSSL_MSG("TLSX_UseALPN failed");
return BUFFER_ERROR;
@@ -1102,7 +1108,8 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, byte *input, word16 length,
}
/** Add a protocol name to the list of accepted usable ones */
int TLSX_UseALPN(TLSX** extensions, const void* data, word16 size, byte options)
int TLSX_UseALPN(TLSX** extensions, const void* data, word16 size, byte options,
void* heap)
{
ALPN *alpn;
TLSX *extension;
@@ -1111,7 +1118,7 @@ int TLSX_UseALPN(TLSX** extensions, const void* data, word16 size, byte options)
if (extensions == NULL || data == NULL)
return BAD_FUNC_ARG;
alpn = TLSX_ALPN_New((char *)data, size);
alpn = TLSX_ALPN_New((char *)data, size, heap);
if (alpn == NULL) {
WOLFSSL_MSG("Memory failure");
return MEMORY_E;
@@ -1123,9 +1130,9 @@ int TLSX_UseALPN(TLSX** extensions, const void* data, word16 size, byte options)
extension = TLSX_Find(*extensions, TLSX_APPLICATION_LAYER_PROTOCOL);
if (extension == NULL) {
ret = TLSX_Push(extensions, TLSX_APPLICATION_LAYER_PROTOCOL,
(void*)alpn);
(void*)alpn, heap);
if (ret != 0) {
TLSX_ALPN_Free(alpn);
TLSX_ALPN_Free(alpn, heap);
return ret;
}
}
@@ -1192,7 +1199,7 @@ int TLSX_ALPN_GetRequest(TLSX* extensions, void** data, word16 *dataSz)
#else /* HAVE_ALPN */
#define ALPN_FREE_ALL(list)
#define ALPN_FREE_ALL(list, heap)
#define ALPN_GET_SIZE(list) 0
#define ALPN_WRITE(a, b) 0
#define ALPN_PARSE(a, b, c, d) 0
@@ -1206,9 +1213,9 @@ int TLSX_ALPN_GetRequest(TLSX* extensions, void** data, word16 *dataSz)
#ifdef HAVE_SNI
/** Creates a new SNI object. */
static SNI* TLSX_SNI_New(byte type, const void* data, word16 size)
static SNI* TLSX_SNI_New(byte type, const void* data, word16 size, void* heap)
{
SNI* sni = (SNI*)XMALLOC(sizeof(SNI), NULL, DYNAMIC_TYPE_TLSX);
SNI* sni = (SNI*)XMALLOC(sizeof(SNI), heap, DYNAMIC_TYPE_TLSX);
if (sni) {
sni->type = type;
@@ -1221,19 +1228,19 @@ static SNI* TLSX_SNI_New(byte type, const void* data, word16 size)
switch (sni->type) {
case WOLFSSL_SNI_HOST_NAME:
sni->data.host_name = XMALLOC(size+1, NULL, DYNAMIC_TYPE_TLSX);
sni->data.host_name = XMALLOC(size+1, heap, DYNAMIC_TYPE_TLSX);
if (sni->data.host_name) {
XSTRNCPY(sni->data.host_name, (const char*)data, size);
sni->data.host_name[size] = 0;
} else {
XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
XFREE(sni, heap, DYNAMIC_TYPE_TLSX);
sni = NULL;
}
break;
default: /* invalid type */
XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
XFREE(sni, heap, DYNAMIC_TYPE_TLSX);
sni = NULL;
}
}
@@ -1242,27 +1249,28 @@ static SNI* TLSX_SNI_New(byte type, const void* data, word16 size)
}
/** Releases a SNI object. */
static void TLSX_SNI_Free(SNI* sni)
static void TLSX_SNI_Free(SNI* sni, void* heap)
{
if (sni) {
switch (sni->type) {
case WOLFSSL_SNI_HOST_NAME:
XFREE(sni->data.host_name, 0, DYNAMIC_TYPE_TLSX);
XFREE(sni->data.host_name, heap, DYNAMIC_TYPE_TLSX);
break;
}
XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
XFREE(sni, heap, DYNAMIC_TYPE_TLSX);
}
(void)heap;
}
/** Releases all SNI objects in the provided list. */
static void TLSX_SNI_FreeAll(SNI* list)
static void TLSX_SNI_FreeAll(SNI* list, void* heap)
{
SNI* sni;
while ((sni = list)) {
list = sni->next;
TLSX_SNI_Free(sni);
TLSX_SNI_Free(sni, heap);
}
}
@@ -1429,7 +1437,7 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
if (matched || sni->options & WOLFSSL_SNI_ANSWER_ON_MISMATCH) {
int r = TLSX_UseSNI(&ssl->extensions,
type, input + offset, size);
type, input + offset, size, ssl->heap);
if (r != SSL_SUCCESS)
return r; /* throws error. */
@@ -1510,7 +1518,8 @@ static int TLSX_SNI_VerifyParse(WOLFSSL* ssl, byte isRequest)
return 0;
}
int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size)
int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size,
void* heap)
{
TLSX* extension = TLSX_Find(*extensions, TLSX_SERVER_NAME);
SNI* sni = NULL;
@@ -1518,13 +1527,13 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size)
if (extensions == NULL || data == NULL)
return BAD_FUNC_ARG;
if ((sni = TLSX_SNI_New(type, data, size)) == NULL)
if ((sni = TLSX_SNI_New(type, data, size, heap)) == NULL)
return MEMORY_E;
if (!extension) {
int ret = TLSX_Push(extensions, TLSX_SERVER_NAME, (void*)sni);
int ret = TLSX_Push(extensions, TLSX_SERVER_NAME, (void*)sni, heap);
if (ret != 0) {
TLSX_SNI_Free(sni);
TLSX_SNI_Free(sni, heap);
return ret;
}
}
@@ -1539,7 +1548,7 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size)
SNI *next = sni->next;
sni->next = next->next;
TLSX_SNI_Free(next);
TLSX_SNI_Free(next, heap);
/* there is no way to occur more than */
/* two SNIs of the same type. */
@@ -1741,7 +1750,7 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
#else
#define SNI_FREE_ALL(list)
#define SNI_FREE_ALL(list, heap)
#define SNI_GET_SIZE(list) 0
#define SNI_WRITE(a, b) 0
#define SNI_PARSE(a, b, c, d) 0
@@ -1785,7 +1794,7 @@ static int TLSX_MFL_Parse(WOLFSSL* ssl, byte* input, word16 length,
#ifndef NO_WOLFSSL_SERVER
if (isRequest) {
int r = TLSX_UseMaxFragment(&ssl->extensions, *input);
int r = TLSX_UseMaxFragment(&ssl->extensions, *input, ssl->heap);
if (r != SSL_SUCCESS) return r; /* throw error */
@@ -1796,7 +1805,7 @@ static int TLSX_MFL_Parse(WOLFSSL* ssl, byte* input, word16 length,
return 0;
}
int TLSX_UseMaxFragment(TLSX** extensions, byte mfl)
int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap)
{
byte* data = NULL;
int ret = 0;
@@ -1807,14 +1816,15 @@ int TLSX_UseMaxFragment(TLSX** extensions, byte mfl)
if (mfl < WOLFSSL_MFL_2_9 || WOLFSSL_MFL_2_13 < mfl)
return BAD_FUNC_ARG;
if ((data = XMALLOC(ENUM_LEN, NULL, DYNAMIC_TYPE_TLSX)) == NULL)
if ((data = XMALLOC(ENUM_LEN, heap, DYNAMIC_TYPE_TLSX)) == NULL)
return MEMORY_E;
data[0] = mfl;
/* push new MFL extension. */
if ((ret = TLSX_Push(extensions, TLSX_MAX_FRAGMENT_LENGTH, data)) != 0) {
XFREE(data, 0, DYNAMIC_TYPE_TLSX);
if ((ret = TLSX_Push(extensions, TLSX_MAX_FRAGMENT_LENGTH, data, heap))
!= 0) {
XFREE(data, heap, DYNAMIC_TYPE_TLSX);
return ret;
}
@@ -1822,14 +1832,14 @@ int TLSX_UseMaxFragment(TLSX** extensions, byte mfl)
}
#define MFL_FREE_ALL(data) XFREE(data, 0, DYNAMIC_TYPE_TLSX)
#define MFL_FREE_ALL(data, heap) XFREE(data, (heap), DYNAMIC_TYPE_TLSX)
#define MFL_GET_SIZE(data) ENUM_LEN
#define MFL_WRITE TLSX_MFL_Write
#define MFL_PARSE TLSX_MFL_Parse
#else
#define MFL_FREE_ALL(a)
#define MFL_FREE_ALL(a, b)
#define MFL_GET_SIZE(a) 0
#define MFL_WRITE(a, b) 0
#define MFL_PARSE(a, b, c, d) 0
@@ -1852,7 +1862,7 @@ static int TLSX_THM_Parse(WOLFSSL* ssl, byte* input, word16 length,
#ifndef NO_WOLFSSL_SERVER
if (isRequest) {
int r = TLSX_UseTruncatedHMAC(&ssl->extensions);
int r = TLSX_UseTruncatedHMAC(&ssl->extensions, ssl->heap);
if (r != SSL_SUCCESS)
return r; /* throw error */
@@ -1866,14 +1876,14 @@ static int TLSX_THM_Parse(WOLFSSL* ssl, byte* input, word16 length,
return 0;
}
int TLSX_UseTruncatedHMAC(TLSX** extensions)
int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap)
{
int ret = 0;
if (extensions == NULL)
return BAD_FUNC_ARG;
if ((ret = TLSX_Push(extensions, TLSX_TRUNCATED_HMAC, NULL)) != 0)
if ((ret = TLSX_Push(extensions, TLSX_TRUNCATED_HMAC, NULL, heap)) != 0)
return ret;
return SSL_SUCCESS;
@@ -1893,7 +1903,7 @@ int TLSX_UseTruncatedHMAC(TLSX** extensions)
#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
static void TLSX_CSR_Free(CertificateStatusRequest* csr)
static void TLSX_CSR_Free(CertificateStatusRequest* csr, void* heap)
{
switch (csr->status_type) {
case WOLFSSL_CSR_OCSP:
@@ -1901,7 +1911,8 @@ static void TLSX_CSR_Free(CertificateStatusRequest* csr)
break;
}
XFREE(csr, NULL, DYNAMIC_TYPE_TLSX);
XFREE(csr, heap, DYNAMIC_TYPE_TLSX);
(void)heap;
}
static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest)
@@ -1991,7 +2002,7 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, byte* input, word16 length,
/* enable extension at ssl level */
ret = TLSX_UseCertificateStatusRequest(&ssl->extensions,
csr->status_type, csr->options);
csr->status_type, csr->options, ssl->heap);
if (ret != SSL_SUCCESS)
return ret;
@@ -2063,7 +2074,7 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, byte* input, word16 length,
/* accept the first good status_type and return */
ret = TLSX_UseCertificateStatusRequest(&ssl->extensions, status_type,
0);
0, ssl->heap);
if (ret != SSL_SUCCESS)
return ret; /* throw error */
@@ -2076,7 +2087,7 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, byte* input, word16 length,
return 0;
}
int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert)
int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap)
{
TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST);
CertificateStatusRequest* csr = extension ? extension->data : NULL;
@@ -2091,7 +2102,8 @@ int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert)
/* preserve nonce */
XMEMCPY(nonce, csr->request.ocsp.nonce, nonceSz);
if ((ret = InitOcspRequest(&csr->request.ocsp, cert, 0)) != 0)
if ((ret = InitOcspRequest(&csr->request.ocsp, cert, 0, heap))
!= 0)
return ret;
/* restore nonce */
@@ -2141,7 +2153,7 @@ int TLSX_CSR_ForceRequest(WOLFSSL* ssl)
}
int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type,
byte options)
byte options, void* heap)
{
CertificateStatusRequest* csr = NULL;
int ret = 0;
@@ -2150,7 +2162,7 @@ int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type,
return BAD_FUNC_ARG;
csr = (CertificateStatusRequest*)
XMALLOC(sizeof(CertificateStatusRequest), NULL, DYNAMIC_TYPE_TLSX);
XMALLOC(sizeof(CertificateStatusRequest), heap, DYNAMIC_TYPE_TLSX);
if (!csr)
return MEMORY_E;
@@ -2164,7 +2176,11 @@ int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type,
if (options & WOLFSSL_CSR_OCSP_USE_NONCE) {
WC_RNG rng;
#ifdef WOLFSSL_STATIC_MEMORY
if (wc_InitRng_ex(&rng, heap) == 0) {
#else
if (wc_InitRng(&rng) == 0) {
#endif
if (wc_RNG_GenerateBlock(&rng, csr->request.ocsp.nonce,
MAX_OCSP_NONCE_SZ) == 0)
csr->request.ocsp.nonceSz = MAX_OCSP_NONCE_SZ;
@@ -2175,8 +2191,8 @@ int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type,
break;
}
if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST, csr)) != 0) {
XFREE(csr, NULL, DYNAMIC_TYPE_TLSX);
if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST, csr, heap)) != 0) {
XFREE(csr, heap, DYNAMIC_TYPE_TLSX);
return ret;
}
@@ -2190,7 +2206,7 @@ int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type,
#else
#define CSR_FREE_ALL(data)
#define CSR_FREE_ALL(data, heap)
#define CSR_GET_SIZE(a, b) 0
#define CSR_WRITE(a, b, c) 0
#define CSR_PARSE(a, b, c, d) 0
@@ -2203,7 +2219,7 @@ int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type,
#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
static void TLSX_CSR2_FreeAll(CertificateStatusRequestItemV2* csr2)
static void TLSX_CSR2_FreeAll(CertificateStatusRequestItemV2* csr2, void* heap)
{
CertificateStatusRequestItemV2* next;
@@ -2218,8 +2234,9 @@ static void TLSX_CSR2_FreeAll(CertificateStatusRequestItemV2* csr2)
break;
}
XFREE(csr2, NULL, DYNAMIC_TYPE_TLSX);
XFREE(csr2, heap, DYNAMIC_TYPE_TLSX);
}
(void)heap;
}
static word16 TLSX_CSR2_GetSize(CertificateStatusRequestItemV2* csr2,
@@ -2336,7 +2353,7 @@ static int TLSX_CSR2_Parse(WOLFSSL* ssl, byte* input, word16 length,
/* enable extension at ssl level */
for (; csr2; csr2 = csr2->next) {
ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions,
csr2->status_type, csr2->options);
csr2->status_type, csr2->options, ssl->heap);
if (ret != SSL_SUCCESS)
return ret;
@@ -2436,7 +2453,7 @@ static int TLSX_CSR2_Parse(WOLFSSL* ssl, byte* input, word16 length,
/* accept the first good status_type and return */
ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions,
status_type, 0);
status_type, 0, ssl->heap);
if (ret != SSL_SUCCESS)
return ret; /* throw error */
@@ -2451,7 +2468,8 @@ static int TLSX_CSR2_Parse(WOLFSSL* ssl, byte* input, word16 length,
return 0;
}
int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer)
int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer,
void* heap)
{
TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2);
CertificateStatusRequestItemV2* csr2 = extension ? extension->data : NULL;
@@ -2474,7 +2492,8 @@ int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer)
XMEMCPY(nonce, csr2->request.ocsp[0].nonce, nonceSz);
if ((ret = InitOcspRequest(
&csr2->request.ocsp[csr2->requests], cert, 0)) != 0)
&csr2->request.ocsp[csr2->requests], cert,
0, heap)) != 0)
return ret;
/* restore nonce */
@@ -2539,7 +2558,7 @@ int TLSX_CSR2_ForceRequest(WOLFSSL* ssl)
}
int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type,
byte options)
byte options, void* heap)
{
TLSX* extension = NULL;
CertificateStatusRequestItemV2* csr2 = NULL;
@@ -2553,7 +2572,7 @@ int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type,
return BAD_FUNC_ARG;
csr2 = (CertificateStatusRequestItemV2*)
XMALLOC(sizeof(CertificateStatusRequestItemV2), NULL, DYNAMIC_TYPE_TLSX);
XMALLOC(sizeof(CertificateStatusRequestItemV2), heap, DYNAMIC_TYPE_TLSX);
if (!csr2)
return MEMORY_E;
@@ -2569,7 +2588,11 @@ int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type,
if (options & WOLFSSL_CSR2_OCSP_USE_NONCE) {
WC_RNG rng;
#ifdef WOLFSSL_STATIC_MEMORY
if (wc_InitRng_ex(&rng, heap) == 0) {
#else
if (wc_InitRng(&rng) == 0) {
#endif
if (wc_RNG_GenerateBlock(&rng, csr2->request.ocsp[0].nonce,
MAX_OCSP_NONCE_SZ) == 0)
csr2->request.ocsp[0].nonceSz = MAX_OCSP_NONCE_SZ;
@@ -2589,8 +2612,8 @@ int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type,
last->next = csr2;
}
else if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST_V2, csr2))) {
XFREE(csr2, NULL, DYNAMIC_TYPE_TLSX);
else if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST_V2, csr2,heap))) {
XFREE(csr2, heap, DYNAMIC_TYPE_TLSX);
return ret;
}
@@ -2604,7 +2627,7 @@ int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type,
#else
#define CSR2_FREE_ALL(data)
#define CSR2_FREE_ALL(data, heap)
#define CSR2_GET_SIZE(a, b) 0
#define CSR2_WRITE(a, b, c) 0
#define CSR2_PARSE(a, b, c, d) 0
@@ -2622,24 +2645,26 @@ int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type,
Use --enable-ecc in the configure script or define HAVE_ECC.
#endif
static void TLSX_EllipticCurve_FreeAll(EllipticCurve* list)
static void TLSX_EllipticCurve_FreeAll(EllipticCurve* list, void* heap)
{
EllipticCurve* curve;
while ((curve = list)) {
list = curve->next;
XFREE(curve, 0, DYNAMIC_TYPE_TLSX);
XFREE(curve, heap, DYNAMIC_TYPE_TLSX);
}
(void)heap;
}
static int TLSX_EllipticCurve_Append(EllipticCurve** list, word16 name)
static int TLSX_EllipticCurve_Append(EllipticCurve** list, word16 name,
void* heap)
{
EllipticCurve* curve = NULL;
if (list == NULL)
return BAD_FUNC_ARG;
curve = (EllipticCurve*)XMALLOC(sizeof(EllipticCurve), NULL,
curve = (EllipticCurve*)XMALLOC(sizeof(EllipticCurve), heap,
DYNAMIC_TYPE_TLSX);
if (curve == NULL)
return MEMORY_E;
@@ -2728,7 +2753,7 @@ static int TLSX_EllipticCurve_Parse(WOLFSSL* ssl, byte* input, word16 length,
ato16(input + offset, &name);
offset -= OPAQUE16_LEN;
r = TLSX_UseSupportedCurve(&ssl->extensions, name);
r = TLSX_UseSupportedCurve(&ssl->extensions, name, ssl->heap);
if (r != SSL_SUCCESS) return r; /* throw error */
}
@@ -2873,7 +2898,7 @@ int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
#endif /* NO_WOLFSSL_SERVER */
int TLSX_UseSupportedCurve(TLSX** extensions, word16 name)
int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap)
{
TLSX* extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS);
EllipticCurve* curve = NULL;
@@ -2882,12 +2907,13 @@ int TLSX_UseSupportedCurve(TLSX** extensions, word16 name)
if (extensions == NULL)
return BAD_FUNC_ARG;
if ((ret = TLSX_EllipticCurve_Append(&curve, name)) != 0)
if ((ret = TLSX_EllipticCurve_Append(&curve, name, heap)) != 0)
return ret;
if (!extension) {
if ((ret = TLSX_Push(extensions, TLSX_SUPPORTED_GROUPS, curve)) != 0) {
XFREE(curve, 0, DYNAMIC_TYPE_TLSX);
if ((ret = TLSX_Push(extensions, TLSX_SUPPORTED_GROUPS, curve, heap))
!= 0) {
XFREE(curve, heap, DYNAMIC_TYPE_TLSX);
return ret;
}
}
@@ -2902,7 +2928,7 @@ int TLSX_UseSupportedCurve(TLSX** extensions, word16 name)
EllipticCurve *next = curve->next;
curve->next = next->next;
XFREE(next, 0, DYNAMIC_TYPE_TLSX);
XFREE(next, heap, DYNAMIC_TYPE_TLSX);
break;
}
@@ -2931,7 +2957,7 @@ int TLSX_UseSupportedCurve(TLSX** extensions, word16 name)
#else
#define EC_FREE_ALL(list)
#define EC_FREE_ALL(list, heap)
#define EC_GET_SIZE(list) 0
#define EC_WRITE(a, b) 0
#define EC_PARSE(a, b, c, d) 0
@@ -3029,21 +3055,21 @@ static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, byte* input,
return ret;
}
int TLSX_UseSecureRenegotiation(TLSX** extensions)
int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap)
{
int ret = 0;
SecureRenegotiation* data = NULL;
data = (SecureRenegotiation*)XMALLOC(sizeof(SecureRenegotiation), NULL,
data = (SecureRenegotiation*)XMALLOC(sizeof(SecureRenegotiation), heap,
DYNAMIC_TYPE_TLSX);
if (data == NULL)
return MEMORY_E;
XMEMSET(data, 0, sizeof(SecureRenegotiation));
ret = TLSX_Push(extensions, TLSX_RENEGOTIATION_INFO, data);
ret = TLSX_Push(extensions, TLSX_RENEGOTIATION_INFO, data, heap);
if (ret != 0) {
XFREE(data, 0, DYNAMIC_TYPE_TLSX);
XFREE(data, heap, DYNAMIC_TYPE_TLSX);
return ret;
}
@@ -3058,7 +3084,7 @@ int TLSX_UseSecureRenegotiation(TLSX** extensions)
#else
#define SCR_FREE_ALL(a)
#define SCR_FREE_ALL(a, heap)
#define SCR_GET_SIZE(a, b) 0
#define SCR_WRITE(a, b, c) 0
#define SCR_PARSE(a, b, c, d) 0
@@ -3080,7 +3106,7 @@ static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl)
/* TODO validate ticket timeout here! */
if (ticket->lifetime == 0xfffffff) {
/* send empty ticket on timeout */
TLSX_UseSessionTicket(&ssl->extensions, NULL);
TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap);
}
}
}
@@ -3128,7 +3154,7 @@ static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length,
if (length == 0) {
/* blank ticket */
ret = TLSX_UseSessionTicket(&ssl->extensions, NULL);
ret = TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap);
if (ret == SSL_SUCCESS) {
ret = 0;
TLSX_SetResponse(ssl, TLSX_SESSION_TICKET); /* send blank ticket */
@@ -3144,7 +3170,7 @@ static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length,
ssl->options.resuming = 1;
} else if (ret == WOLFSSL_TICKET_RET_CREATE) {
WOLFSSL_MSG("Using existing client ticket, creating new one");
ret = TLSX_UseSessionTicket(&ssl->extensions, NULL);
ret = TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap);
if (ret == SSL_SUCCESS) {
ret = 0;
TLSX_SetResponse(ssl, TLSX_SESSION_TICKET);
@@ -3193,7 +3219,7 @@ WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket)
}
}
int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket)
int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket, void* heap)
{
int ret = 0;
@@ -3202,7 +3228,8 @@ int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket)
/* If the ticket is NULL, the client will request a new ticket from the
server. Otherwise, the client will use it in the next client hello. */
if ((ret = TLSX_Push(extensions, TLSX_SESSION_TICKET, (void*)ticket)) != 0)
if ((ret = TLSX_Push(extensions, TLSX_SESSION_TICKET, (void*)ticket, heap))
!= 0)
return ret;
return SSL_SUCCESS;
@@ -3212,11 +3239,11 @@ int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket)
#define STK_GET_SIZE TLSX_SessionTicket_GetSize
#define STK_WRITE TLSX_SessionTicket_Write
#define STK_PARSE TLSX_SessionTicket_Parse
#define STK_FREE(stk) TLSX_SessionTicket_Free((SessionTicket*)stk)
#define STK_FREE(stk, heap) TLSX_SessionTicket_Free((SessionTicket*)stk,(heap))
#else
#define STK_FREE(a)
#define STK_FREE(a, b)
#define STK_VALIDATE_REQUEST(a)
#define STK_GET_SIZE(a, b) 0
#define STK_WRITE(a, b, c) 0
@@ -3232,14 +3259,16 @@ int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket)
static WC_RNG* rng;
static wolfSSL_Mutex* rngMutex;
static void TLSX_QSH_FreeAll(QSHScheme* list)
static void TLSX_QSH_FreeAll(QSHScheme* list, void* heap)
{
QSHScheme* current;
while ((current = list)) {
list = current->next;
XFREE(current, 0, DYNAMIC_TYPE_TLSX);
XFREE(current, heap, DYNAMIC_TYPE_TLSX);
}
(void)heap;
}
static int TLSX_QSH_Append(QSHScheme** list, word16 name, byte* pub,
@@ -3400,7 +3429,7 @@ word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output)
#endif /* NO_WOLFSSL_CLIENT */
#ifndef NO_WOLFSSL_SERVER
static void TLSX_QSHAgreement(TLSX** extensions)
static void TLSX_QSHAgreement(TLSX** extensions, void* heap)
{
TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID);
QSHScheme* format = NULL;
@@ -3421,13 +3450,15 @@ static void TLSX_QSHAgreement(TLSX** extensions)
prev->next = format->next;
del = format;
format = format->next;
XFREE(del, 0, DYNAMIC_TYPE_TMP_ARRAY);
XFREE(del, heap, DYNAMIC_TYPE_TMP_BUFFER);
del = NULL;
} else {
prev = format;
format = format->next;
}
}
(void)heap;
}
@@ -3511,7 +3542,7 @@ static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length,
}
/* peer sent an agreed upon scheme */
r = TLSX_UseQSHScheme(&ssl->extensions, name, NULL, 0);
r = TLSX_UseQSHScheme(&ssl->extensions, name, NULL, 0, ssl->heap);
if (r != SSL_SUCCESS) return r; /* throw error */
@@ -3527,7 +3558,7 @@ static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length,
while ((offset_len < offset_pk) && numKeys) {
QSHKey * temp;
if ((temp = (QSHKey*)XMALLOC(sizeof(QSHKey), NULL,
if ((temp = (QSHKey*)XMALLOC(sizeof(QSHKey), ssl->heap,
DYNAMIC_TYPE_TLSX)) == NULL)
return MEMORY_E;
@@ -3553,7 +3584,7 @@ static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length,
if (ssl->user_set_QSHSchemes &&
(!TLSX_ValidateQSHScheme(&ssl->extensions, temp->name))) {
offset_len += PKLen;
XFREE(temp, 0, DYNAMIC_TYPE_TLSX);
XFREE(temp, ssl->heap, DYNAMIC_TYPE_TLSX);
continue;
}
}
@@ -3561,7 +3592,7 @@ static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length,
/* read in public key */
if (PKLen > 0) {
temp->pub.buffer = (byte*)XMALLOC(temp->pub.length,
NULL, DYNAMIC_TYPE_PUBLIC_KEY);
ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
XMEMCPY(temp->pub.buffer, input + offset_len, temp->pub.length);
offset_len += PKLen;
}
@@ -3572,7 +3603,8 @@ static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length,
/* use own key when adding to extensions list for sending reply */
PKLen = 0;
PK = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, &PKLen, temp->name);
r = TLSX_UseQSHScheme(&ssl->extensions, temp->name, PK, PKLen);
r = TLSX_UseQSHScheme(&ssl->extensions, temp->name, PK, PKLen,
ssl->heap);
/* store peers key */
ssl->peerQSHKeyPresent = 1;
@@ -3580,7 +3612,7 @@ static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length,
return MEMORY_E;
if (temp->pub.length == 0) {
XFREE(temp, 0, DYNAMIC_TYPE_TLSX);
XFREE(temp, ssl->heap, DYNAMIC_TYPE_TLSX);
}
if (r != SSL_SUCCESS) {return r;} /* throw error */
@@ -3592,7 +3624,7 @@ static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length,
if (isRequest) {
TLSX_SetResponse(ssl, TLSX_QUANTUM_SAFE_HYBRID);
/* only use schemes we have key generated for -- free the rest */
TLSX_QSHAgreement(&ssl->extensions);
TLSX_QSHAgreement(&ssl->extensions, ssl->heap);
}
return 0;
@@ -3738,7 +3770,8 @@ static int TLSX_HaveQSHScheme(word16 name)
/* Add a QSHScheme struct to list of usable ones */
int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz)
int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz,
void* heap)
{
TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID);
QSHScheme* format = NULL;
@@ -3754,8 +3787,8 @@ int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz)
return ret;
if (!extension) {
if ((ret = TLSX_Push(extensions, TLSX_QUANTUM_SAFE_HYBRID, format))
!= 0) {
if ((ret = TLSX_Push(extensions, TLSX_QUANTUM_SAFE_HYBRID, format,
heap)) != 0) {
XFREE(format, 0, DYNAMIC_TYPE_TLSX);
return ret;
}
@@ -3802,7 +3835,7 @@ int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz)
#define QSH_SERREQ TLSX_QSH_SerPKReq
#else
#define QSH_FREE_ALL(list)
#define QSH_FREE_ALL(list, heap)
#define QSH_GET_SIZE(list, a) 0
#define QSH_WRITE(a, b) 0
#define QSH_PARSE(a, b, c, d) 0
@@ -3828,7 +3861,7 @@ TLSX* TLSX_Find(TLSX* list, TLSX_Type type)
}
/** Releases all extensions in the provided list. */
void TLSX_FreeAll(TLSX* list)
void TLSX_FreeAll(TLSX* list, void* heap)
{
TLSX* extension;
@@ -3838,11 +3871,11 @@ void TLSX_FreeAll(TLSX* list)
switch (extension->type) {
case TLSX_SERVER_NAME:
SNI_FREE_ALL((SNI*)extension->data);
SNI_FREE_ALL((SNI*)extension->data, heap);
break;
case TLSX_MAX_FRAGMENT_LENGTH:
MFL_FREE_ALL(extension->data);
MFL_FREE_ALL(extension->data, heap);
break;
case TLSX_TRUNCATED_HMAC:
@@ -3850,35 +3883,35 @@ void TLSX_FreeAll(TLSX* list)
break;
case TLSX_SUPPORTED_GROUPS:
EC_FREE_ALL(extension->data);
EC_FREE_ALL(extension->data, heap);
break;
case TLSX_STATUS_REQUEST:
CSR_FREE_ALL(extension->data);
CSR_FREE_ALL(extension->data, heap);
break;
case TLSX_STATUS_REQUEST_V2:
CSR2_FREE_ALL(extension->data);
CSR2_FREE_ALL(extension->data, heap);
break;
case TLSX_RENEGOTIATION_INFO:
SCR_FREE_ALL(extension->data);
SCR_FREE_ALL(extension->data, heap);
break;
case TLSX_SESSION_TICKET:
STK_FREE(extension->data);
STK_FREE(extension->data, heap);
break;
case TLSX_QUANTUM_SAFE_HYBRID:
QSH_FREE_ALL((QSHScheme*)extension->data);
QSH_FREE_ALL((QSHScheme*)extension->data, heap);
break;
case TLSX_APPLICATION_LAYER_PROTOCOL:
ALPN_FREE_ALL((ALPN*)extension->data);
ALPN_FREE_ALL((ALPN*)extension->data, heap);
break;
}
XFREE(extension, 0, DYNAMIC_TYPE_TLSX);
XFREE(extension, heap, DYNAMIC_TYPE_TLSX);
}
}
@@ -4186,16 +4219,16 @@ int TLSX_CreateNtruKey(WOLFSSL* ssl, int type)
return ret;
}
if ((temp = (QSHKey*)XMALLOC(sizeof(QSHKey), NULL,
if ((temp = (QSHKey*)XMALLOC(sizeof(QSHKey), ssl->heap,
DYNAMIC_TYPE_TLSX)) == NULL)
return MEMORY_E;
temp->name = type;
temp->pub.length = public_key_len;
temp->pub.buffer = (byte*)XMALLOC(public_key_len, public_key,
temp->pub.buffer = (byte*)XMALLOC(public_key_len, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
XMEMCPY(temp->pub.buffer, public_key, public_key_len);
temp->pri.length = private_key_len;
temp->pri.buffer = (byte*)XMALLOC(private_key_len, private_key,
temp->pri.buffer = (byte*)XMALLOC(private_key_len, ssl->heap,
DYNAMIC_TYPE_ARRAYS);
XMEMCPY(temp->pri.buffer, private_key, private_key_len);
temp->next = NULL;
@@ -4275,7 +4308,8 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
&public_key_len, WOLFSSL_NTRU_EESS743);
}
if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS743,
public_key, public_key_len) != SSL_SUCCESS)
public_key, public_key_len, ssl->heap)
!= SSL_SUCCESS)
ret = -1;
/* add NTRU 196 */
@@ -4284,7 +4318,8 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
&public_key_len, WOLFSSL_NTRU_EESS593);
}
if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS593,
public_key, public_key_len) != SSL_SUCCESS)
public_key, public_key_len, ssl->heap)
!= SSL_SUCCESS)
ret = -1;
/* add NTRU 128 */
@@ -4293,7 +4328,8 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
&public_key_len, WOLFSSL_NTRU_EESS439);
}
if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS439,
public_key, public_key_len) != SSL_SUCCESS)
public_key, public_key_len, ssl->heap)
!= SSL_SUCCESS)
ret = -1;
}
else if (ssl->sendQSHKeys && ssl->QSH_Key == NULL) {
@@ -4313,7 +4349,8 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
&public_key_len, qsh->name);
if (TLSX_UseQSHScheme(&ssl->extensions, qsh->name,
public_key, public_key_len) != SSL_SUCCESS)
public_key, public_key_len,
ssl->heap) != SSL_SUCCESS)
ret = -1;
qsh = next;
}

24
wolfcrypt/src/asn.c
View File

@@ -5829,6 +5829,11 @@ void wc_InitCert(Cert* cert)
#ifdef WOLFSSL_CERT_REQ
cert->challengePw[0] ='\0';
#endif
#ifdef WOLFSSL_HEAP_TEST
cert->heap = (void*)WOLFSSL_HEAP_TEST;
#else
cert->heap = NULL;
#endif
}
@@ -9080,7 +9085,7 @@ static int DecodeCerts(byte* source,
}
static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
OcspResponse* resp, word32 size, void* cm)
OcspResponse* resp, word32 size, void* cm, void* heap)
{
int length;
word32 idx = *ioIndex;
@@ -9125,7 +9130,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
if (DecodeCerts(source, &idx, resp, size) < 0)
return ASN_PARSE_E;
InitDecodedCert(&cert, resp->cert, resp->certSz, 0);
InitDecodedCert(&cert, resp->cert, resp->certSz, heap);
ret = ParseCertRelative(&cert, CERT_TYPE, VERIFY, cm);
if (ret < 0)
return ret;
@@ -9172,7 +9177,7 @@ void InitOcspResponse(OcspResponse* resp, CertStatus* status,
}
int OcspResponseDecode(OcspResponse* resp, void* cm)
int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap)
{
int length = 0;
word32 idx = 0;
@@ -9216,7 +9221,7 @@ int OcspResponseDecode(OcspResponse* resp, void* cm)
if (GetLength(source, &idx, &length, size) < 0)
return ASN_PARSE_E;
if (DecodeBasicOcspResponse(source, &idx, resp, size, cm) < 0)
if (DecodeBasicOcspResponse(source, &idx, resp, size, cm, heap) < 0)
return ASN_PARSE_E;
return 0;
@@ -9342,7 +9347,8 @@ int EncodeOcspRequest(OcspRequest* req, byte* output, word32 size)
}
int InitOcspRequest(OcspRequest* req, DecodedCert* cert, byte useNonce)
int InitOcspRequest(OcspRequest* req, DecodedCert* cert, byte useNonce,
void* heap)
{
WOLFSSL_ENTER("InitOcspRequest");
@@ -9350,11 +9356,11 @@ int InitOcspRequest(OcspRequest* req, DecodedCert* cert, byte useNonce)
return BAD_FUNC_ARG;
ForceZero(req, sizeof(OcspRequest));
req->heap = heap;
if (cert) {
XMEMCPY(req->issuerHash, cert->issuerHash, KEYID_SIZE);
XMEMCPY(req->issuerKeyHash, cert->issuerKeyHash, KEYID_SIZE);
req->heap = cert->heap;
req->serial = (byte*)XMALLOC(cert->serialSz, req->heap,
DYNAMIC_TYPE_OCSP_REQUEST);
@@ -9381,7 +9387,11 @@ int InitOcspRequest(OcspRequest* req, DecodedCert* cert, byte useNonce)
if (useNonce) {
WC_RNG rng;
#ifdef WOLFSSL_STATIC_MEMORY
if (wc_InitRng_ex(&rng, req->heap) != 0) {
#else
if (wc_InitRng(&rng) != 0) {
#endif
WOLFSSL_MSG("\tCannot initialize RNG. Skipping the OSCP Nonce.");
} else {
if (wc_RNG_GenerateBlock(&rng, req->nonce, MAX_OCSP_NONCE_SZ) != 0)
@@ -9534,7 +9544,7 @@ void InitDecodedCRL(DecodedCRL* dcrl, void* heap)
dcrl->totalCerts = 0;
dcrl->heap = heap;
#ifdef WOLFSSL_HEAP_TEST
dcrl->heap = (void)WOLFSSL_HEAP_TEST;
dcrl->heap = (void*)WOLFSSL_HEAP_TEST;
#endif
}

11
wolfcrypt/src/memory.c
View File

@@ -292,11 +292,12 @@ int FreeFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io)
if (heap == NULL) {
WOLFSSL_MSG("No heap to return fixed IO too");
}
/* put IO buffer back into IO pool */
(*io)->next = heap->io;
heap->io = *io;
*io = NULL;
else {
/* put IO buffer back into IO pool */
(*io)->next = heap->io;
heap->io = *io;
*io = NULL;
}
return 1;
}

4
wolfcrypt/src/wc_port.c
View File

@@ -69,10 +69,6 @@ int wolfCrypt_Init()
}
#endif
#ifdef WOLFSSL_STATIC_MEMORY
/* set static memory functions and load initial memory */
wolfSSL_SetAllocators(wolfSSL_Malloc, wolfSSL_Free, wolfSSL_Realloc);
#endif
initRefCount = 1;
}

58
wolfcrypt/test/test.c
View File

@@ -3974,7 +3974,7 @@ int certext_test(void)
byte kid_ca[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54"
"\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0";
tmp = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
tmp = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL)
return -200;
@@ -4325,7 +4325,7 @@ int rsa_test(void)
ret = wc_RsaPrivateDecrypt_ex(out, ret, plain, sizeof(plain), &key,
WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, sizeof(in));
if (ret > 0) { /* should fail */
TEST_XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return -252;
}
#endif /* NO_SHA*/
@@ -4461,7 +4461,7 @@ int rsa_test(void)
FILE* keyFile;
FILE* pemFile;
ret = wc_InitRsaKey(&genKey, 0);
ret = wc_InitRsaKey(&genKey, HEAP_HINT);
if (ret != 0) {
TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return -300;
@@ -4472,13 +4472,13 @@ int rsa_test(void)
return -301;
}
der = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
der = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_FreeRsaKey(&genKey);
return -307;
}
pem = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
pem = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (pem == NULL) {
TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -4547,7 +4547,7 @@ int rsa_test(void)
return -314;
}
ret = wc_InitRsaKey(&derIn, 0);
ret = wc_InitRsaKey(&derIn, HEAP_HINT);
if (ret != 0) {
TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -4587,12 +4587,13 @@ int rsa_test(void)
DecodedCert decode;
#endif
derCert = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
derCert = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (derCert == NULL) {
TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return -309;
}
pem = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
pem = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER);
if (pem == NULL) {
TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -4653,7 +4654,7 @@ int rsa_test(void)
}
#ifdef WOLFSSL_TEST_CERT
InitDecodedCert(&decode, derCert, certSz, 0);
InitDecodedCert(&decode, derCert, certSz, HEAP_HINT);
ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
if (ret != 0) {
TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -4731,12 +4732,13 @@ int rsa_test(void)
DecodedCert decode;
#endif
derCert = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
derCert = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (derCert == NULL) {
TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return -311;
}
pem = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
pem = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER);
if (pem == NULL) {
TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -4755,7 +4757,7 @@ int rsa_test(void)
bytes3 = fread(tmp, 1, FOURK_BUF, file3);
fclose(file3);
ret = wc_InitRsaKey(&caKey, 0);
ret = wc_InitRsaKey(&caKey, HEAP_HINT);
if (ret != 0) {
TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -4845,7 +4847,7 @@ int rsa_test(void)
}
#ifdef WOLFSSL_TEST_CERT
InitDecodedCert(&decode, derCert, certSz, 0);
InitDecodedCert(&decode, derCert, certSz, HEAP_HINT);
ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
if (ret != 0) {
TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -4935,12 +4937,13 @@ int rsa_test(void)
DecodedCert decode;
#endif
derCert = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
derCert = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (derCert == NULL) {
TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return -5311;
}
pem = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
pem = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER);
if (pem == NULL) {
TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -5126,7 +5129,7 @@ int rsa_test(void)
TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_ecc_free(&caKey);
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return -5412;
}
ret = (int)fwrite(pem, 1, pemSz, pemFile);
@@ -5139,8 +5142,8 @@ int rsa_test(void)
}
fclose(pemFile);
XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_ecc_free(&caKey);
}
#endif /* HAVE_ECC */
@@ -5160,12 +5163,13 @@ int rsa_test(void)
#ifdef WOLFSSL_TEST_CERT
DecodedCert decode;
#endif
derCert = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
derCert = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (derCert == NULL) {
TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return -311;
}
pem = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
pem = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER);
if (pem == NULL) {
TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -5315,7 +5319,7 @@ int rsa_test(void)
#ifdef WOLFSSL_TEST_CERT
InitDecodedCert(&decode, derCert, certSz, 0);
InitDecodedCert(&decode, derCert, certSz, HEAP_HINT);
ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
if (ret != 0) {
TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -5393,12 +5397,12 @@ int rsa_test(void)
int pemSz;
FILE* reqFile;
der = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
der = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return -463;
}
pem = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
pem = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER);
if (pem == NULL) {
TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -5703,12 +5707,12 @@ int dsa_test(void)
ret = wc_MakeDsaKey(&rng, &genKey);
if (ret != 0) return -363;
der = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
der = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
wc_FreeDsaKey(&genKey);
return -364;
}
pem = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
pem = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (pem == NULL) {
TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_FreeDsaKey(&genKey);
@@ -7740,8 +7744,8 @@ int compress_test(void)
byte *c = NULL;
byte *d = NULL;
c = TEST_XMALLOC(cSz * sizeof(byte), NULL, DYNAMIC_TYPE_TMP_BUFFER);
d = TEST_XMALLOC(dSz * sizeof(byte), NULL, DYNAMIC_TYPE_TMP_BUFFER);
c = TEST_XMALLOC(cSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
d = TEST_XMALLOC(dSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
/* follow calloc and initialize to 0 */
XMEMSET(c, 0, cSz);

29
wolfssl/internal.h
View File

@@ -1656,7 +1656,7 @@ typedef struct TLSX {
} TLSX;
WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type);
WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list);
WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list, void* heap);
WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl);
WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest);
@@ -1702,7 +1702,7 @@ typedef struct SNI {
} SNI;
WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data,
word16 size);
word16 size, void* heap);
#ifndef NO_WOLFSSL_SERVER
WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type,
@@ -1729,7 +1729,7 @@ WOLFSSL_LOCAL int TLSX_ALPN_GetRequest(TLSX* extensions,
void** data, word16 *dataSz);
WOLFSSL_LOCAL int TLSX_UseALPN(TLSX** extensions, const void* data,
word16 size, byte options);
word16 size, byte options, void* heap);
WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, const byte option);
@@ -1738,14 +1738,14 @@ WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, const byte option);
/** Maximum Fragment Length Negotiation - RFC 6066 (session 4) */
#ifdef HAVE_MAX_FRAGMENT
WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl);
WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap);
#endif /* HAVE_MAX_FRAGMENT */
/** Truncated HMAC - RFC 6066 (session 7) */
#ifdef HAVE_TRUNCATED_HMAC
WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions);
WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap);
#endif /* HAVE_TRUNCATED_HMAC */
@@ -1761,8 +1761,9 @@ typedef struct {
} CertificateStatusRequest;
WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions,
byte status_type, byte options);
WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert);
byte status_type, byte options, void* heap);
WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert,
void* heap);
WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions);
WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl);
@@ -1782,8 +1783,9 @@ typedef struct CSRIv2 {
} CertificateStatusRequestItemV2;
WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions,
byte status_type, byte options);
WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer);
byte status_type, byte options, void* heap);
WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert,
byte isPeer, void* heap);
WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type,
byte index);
WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl);
@@ -1798,7 +1800,8 @@ typedef struct EllipticCurve {
struct EllipticCurve* next; /* List Behavior */
} EllipticCurve;
WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name);
WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name,
void* heap);
#ifndef NO_WOLFSSL_SERVER
WOLFSSL_LOCAL int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first,
@@ -1829,7 +1832,7 @@ typedef struct SecureRenegotiation {
Keys tmp_keys; /* can't overwrite real keys yet */
} SecureRenegotiation;
WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions);
WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap);
#endif /* HAVE_SECURE_RENEGOTIATION */
@@ -1843,7 +1846,7 @@ typedef struct SessionTicket {
} SessionTicket;
WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions,
SessionTicket* ticket);
SessionTicket* ticket, void* heap);
WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
byte* data, word16 size);
WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket);
@@ -1881,7 +1884,7 @@ WOLFSSL_LOCAL word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest);
/* used by api for setting a specific QSH scheme */
WOLFSSL_LOCAL int TLSX_UseQSHScheme(TLSX** extensions, word16 name,
byte* pKey, word16 pKeySz);
byte* pKey, word16 pKeySz, void* heap);
/* used when parsing in QSHCipher structs */
WOLFSSL_LOCAL int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn,

2
wolfssl/ocsp.h
View File

@@ -39,7 +39,7 @@ struct buffer;
typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
WOLFSSL_LOCAL int InitOCSP(WOLFSSL_OCSP*, WOLFSSL_CERT_MANAGER*);
WOLFSSL_LOCAL void FreeOCSP(WOLFSSL_OCSP*, int dynamic, void* heap);
WOLFSSL_LOCAL void FreeOCSP(WOLFSSL_OCSP*, int dynamic);
WOLFSSL_LOCAL int CheckCertOCSP(WOLFSSL_OCSP*, DecodedCert*,
struct buffer* responseBuffer);

1
wolfssl/test.h
View File

@@ -1596,6 +1596,7 @@ static INLINE int wolfSSL_PrintStats(WOLFSSL_MEM_STATS* stats)
return 0;
}
/* print to stderr so is on the same pipe as WOLFSSL_DEBUG */
fprintf(stderr, "Total mallocs = %d\n", stats->totalAlloc);
fprintf(stderr, "Total frees = %d\n", stats->totalFr);
fprintf(stderr, "Current mallocs = %d\n", stats->curAlloc);

4
wolfssl/wolfcrypt/asn.h
View File

@@ -768,9 +768,9 @@ struct OcspRequest {
WOLFSSL_LOCAL void InitOcspResponse(OcspResponse*, CertStatus*, byte*, word32);
WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse*, void*);
WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse*, void*, void* heap);
WOLFSSL_LOCAL int InitOcspRequest(OcspRequest*, DecodedCert*, byte);
WOLFSSL_LOCAL int InitOcspRequest(OcspRequest*, DecodedCert*, byte, void*);
WOLFSSL_LOCAL void FreeOcspRequest(OcspRequest*);
WOLFSSL_LOCAL int EncodeOcspRequest(OcspRequest*, byte*, word32);
WOLFSSL_LOCAL word32 EncodeOcspRequestExtensions(OcspRequest*, byte*, word32);