From e214086dce763da21c5e696198496d914bcf030d Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Tue, 7 Jun 2016 15:39:16 -0600 Subject: [PATCH] tlsx with static memory / account for session certs size --- examples/client/client.c | 2 +- examples/server/server.c | 8 +- src/internal.c | 62 ++++---- src/ocsp.c | 25 ++-- src/ssl.c | 54 ++++--- src/tls.c | 299 ++++++++++++++++++++++----------------- wolfcrypt/src/asn.c | 24 +++- wolfcrypt/src/memory.c | 11 +- wolfcrypt/src/wc_port.c | 4 - wolfcrypt/test/test.c | 58 ++++---- wolfssl/internal.h | 29 ++-- wolfssl/ocsp.h | 2 +- wolfssl/test.h | 1 + wolfssl/wolfcrypt/asn.h | 4 +- 14 files changed, 325 insertions(+), 258 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index dc7948c6b..3e79a732a 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -608,7 +608,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) (void)resumeSz; (void)session; (void)sslResume; - (void)trackMemory; (void)atomicUser; (void)pkCallbacks; (void)scr; @@ -1628,6 +1627,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) (void) verifyCert; (void) ourCert; (void) ourKey; + (void) trackMemory; #if !defined(WOLFSSL_TIRTOS) return 0; diff --git a/examples/server/server.c b/examples/server/server.c index 1e65a7ba3..033209daa 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -324,8 +324,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #endif #ifdef WOLFSSL_STATIC_MEMORY - #if defined(HAVE_ECC) && !defined(ALT_ECC_SIZE) - byte memory[200000]; + #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) \ + || defined(SESSION_CERTS) + /* big enough to handle most cases including session certs */ + byte memory[204000]; #else byte memory[80000]; #endif @@ -340,7 +342,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) ourCert = (char*)eccCert; ourKey = (char*)eccKey; #endif - (void)trackMemory; (void)pkCallbacks; (void)needDH; (void)ourKey; @@ -1107,6 +1108,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) (void) useNtruKey; (void) ourDhParam; (void) ourCert; + (void) trackMemory; #ifndef CYASSL_TIRTOS return 0; #endif diff --git a/src/internal.c b/src/internal.c index 43b5eceb9..8b80e79f4 100755 --- a/src/internal.c +++ b/src/internal.c @@ -213,14 +213,14 @@ static int QSH_FreeAll(WOLFSSL* ssl) preKey = key; if (key->pri.buffer) { ForceZero(key->pri.buffer, key->pri.length); - XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY); + XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); } if (key->pub.buffer) - XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY); + XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); key = (QSHKey*)key->next; /* free struct */ - XFREE(preKey, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY); + XFREE(preKey, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); } key = NULL; @@ -231,14 +231,14 @@ static int QSH_FreeAll(WOLFSSL* ssl) preKey = key; if (key->pri.buffer) { ForceZero(key->pri.buffer, key->pri.length); - XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY); + XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); } if (key->pub.buffer) - XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY); + XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); key = (QSHKey*)key->next; /* free struct */ - XFREE(preKey, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY); + XFREE(preKey, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); } key = NULL; @@ -250,9 +250,9 @@ static int QSH_FreeAll(WOLFSSL* ssl) while (list) { preList = list; if (list->PK) - XFREE(list->PK, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY); + XFREE(list->PK, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); list = (QSHScheme*)list->next; - XFREE(preList, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY); + XFREE(preList, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); } /* free secret buffers */ @@ -260,20 +260,20 @@ static int QSH_FreeAll(WOLFSSL* ssl) if (secret->SerSi->buffer) { /* clear extra secret material that supplemented Master Secret*/ ForceZero(secret->SerSi->buffer, secret->SerSi->length); - XFREE(secret->SerSi->buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY); + XFREE(secret->SerSi->buffer, ssl->heap,DYNAMIC_TYPE_TMP_BUFFER); } - XFREE(secret->SerSi, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY); + XFREE(secret->SerSi, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); } if (secret->CliSi) { if (secret->CliSi->buffer) { /* clear extra secret material that supplemented Master Secret*/ ForceZero(secret->CliSi->buffer, secret->CliSi->length); - XFREE(secret->CliSi->buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY); + XFREE(secret->CliSi->buffer, ssl->heap,DYNAMIC_TYPE_TMP_BUFFER); } - XFREE(secret->CliSi, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY); + XFREE(secret->CliSi, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); } } - XFREE(secret, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY); + XFREE(secret, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); secret = NULL; return 0; @@ -1417,7 +1417,7 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) #endif #ifdef HAVE_TLS_EXTENSIONS - TLSX_FreeAll(ctx->extensions); + TLSX_FreeAll(ctx->extensions, ctx->heap); #ifndef NO_WOLFSSL_SERVER @@ -3525,7 +3525,7 @@ void SSL_ResourceFree(WOLFSSL* ssl) #endif /* NO_RSA */ #endif /* HAVE_PK_CALLBACKS */ #ifdef HAVE_TLS_EXTENSIONS - TLSX_FreeAll(ssl->extensions); + TLSX_FreeAll(ssl->extensions, ssl->heap); #ifdef HAVE_ALPN if (ssl->alpn_client_list != NULL) { @@ -6190,7 +6190,8 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, #ifdef HAVE_OCSP #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 if (ssl->status_request_v2) - ret = TLSX_CSR2_InitRequests(ssl->extensions, dCert, 0); + ret = TLSX_CSR2_InitRequests(ssl->extensions, dCert, 0, + ssl->heap); else /* skips OCSP and force CRL check */ #endif if (ssl->ctx->cm->ocspEnabled && ssl->ctx->cm->ocspCheckAll) { @@ -6298,13 +6299,15 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (ssl->options.side == WOLFSSL_CLIENT_END) { #ifdef HAVE_CERTIFICATE_STATUS_REQUEST if (ssl->status_request) { - fatal = TLSX_CSR_InitRequest(ssl->extensions, dCert); + fatal = TLSX_CSR_InitRequest(ssl->extensions, dCert, + ssl->heap); doLookup = 0; } #endif #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 if (ssl->status_request_v2) { - fatal = TLSX_CSR2_InitRequests(ssl->extensions, dCert, 1); + fatal = TLSX_CSR2_InitRequests(ssl->extensions, dCert, 1, + ssl->heap); doLookup = 0; } #endif @@ -6737,7 +6740,7 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, InitOcspResponse(response, status, input +*inOutIdx, status_length); - if ((OcspResponseDecode(response, ssl->ctx->cm) != 0) + if ((OcspResponseDecode(response, ssl->ctx->cm, ssl->heap) != 0) || (response->responseStatus != OCSP_SUCCESSFUL) || (response->status->status != CERT_GOOD) || (CompareOcspReqResp(request, response) != 0)) @@ -6814,7 +6817,8 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, InitOcspResponse(response, status, input +*inOutIdx, status_length); - if ((OcspResponseDecode(response, ssl->ctx->cm) != 0) + if ((OcspResponseDecode(response, ssl->ctx->cm, ssl->heap) + != 0) || (response->responseStatus != OCSP_SUCCESSFUL) || (response->status->status != CERT_GOOD)) ret = BAD_CERTIFICATE_STATUS_ERROR; @@ -10321,7 +10325,7 @@ int SendCertificateStatus(WOLFSSL* ssl) return MEMORY_E; } - ret = InitOcspRequest(request, cert, 0); + ret = InitOcspRequest(request, cert, 0, ssl->heap); if (ret != 0) { XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); } @@ -10418,7 +10422,7 @@ int SendCertificateStatus(WOLFSSL* ssl) return MEMORY_E; } - ret = InitOcspRequest(request, cert, 0); + ret = InitOcspRequest(request, cert, 0, ssl->heap); if (ret != 0) { XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); } @@ -10496,7 +10500,7 @@ int SendCertificateStatus(WOLFSSL* ssl) break; } - ret = InitOcspRequest(request, cert, 0); + ret = InitOcspRequest(request, cert, 0, ssl->heap); if (ret != 0) { XFREE(request, ssl->heap,DYNAMIC_TYPE_OCSP_REQUEST); break; @@ -14057,16 +14061,16 @@ int QSH_Init(WOLFSSL* ssl) return 0; /* malloc memory for holding generated secret information */ - if ((ssl->QSH_secret = (QSHSecret*)XMALLOC(sizeof(QSHSecret), NULL, + if ((ssl->QSH_secret = (QSHSecret*)XMALLOC(sizeof(QSHSecret), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) return MEMORY_E; - ssl->QSH_secret->CliSi = (buffer*)XMALLOC(sizeof(buffer), NULL, + ssl->QSH_secret->CliSi = (buffer*)XMALLOC(sizeof(buffer), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); if (ssl->QSH_secret->CliSi == NULL) return MEMORY_E; - ssl->QSH_secret->SerSi = (buffer*)XMALLOC(sizeof(buffer), NULL, + ssl->QSH_secret->SerSi = (buffer*)XMALLOC(sizeof(buffer), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); if (ssl->QSH_secret->SerSi == NULL) return MEMORY_E; @@ -14220,7 +14224,7 @@ static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer) buf = ssl->QSH_secret->CliSi; } buf->length = sz; - buf->buffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + buf->buffer = (byte*)XMALLOC(sz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); if (buf->buffer == NULL) { WOLFSSL_ERROR(MEMORY_E); } @@ -14229,7 +14233,7 @@ static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer) sz = 0; current = ssl->peerQSHKey; while (current) { - schm = (QSHScheme*)XMALLOC(sizeof(QSHScheme), NULL, + schm = (QSHScheme*)XMALLOC(sizeof(QSHScheme), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); if (schm == NULL) return MEMORY_E; @@ -14249,7 +14253,7 @@ static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer) tmpSz = QSH_MaxSecret(current); - if ((schm->PK = (byte*)XMALLOC(tmpSz, 0, + if ((schm->PK = (byte*)XMALLOC(tmpSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) return -1; diff --git a/src/ocsp.c b/src/ocsp.c index 74b147f39..c1c0b59c5 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -88,7 +88,7 @@ static void FreeOcspEntry(OcspEntry* entry) } -void FreeOCSP(WOLFSSL_OCSP* ocsp, int dynamic, void* heap) +void FreeOCSP(WOLFSSL_OCSP* ocsp, int dynamic) { OcspEntry *entry, *next; @@ -97,15 +97,14 @@ void FreeOCSP(WOLFSSL_OCSP* ocsp, int dynamic, void* heap) for (entry = ocsp->ocspList; entry; entry = next) { next = entry->next; FreeOcspEntry(entry); - XFREE(entry, heap, DYNAMIC_TYPE_OCSP_ENTRY); + XFREE(entry, ocsp->cm->heap, DYNAMIC_TYPE_OCSP_ENTRY); } FreeMutex(&ocsp->ocspLock); if (dynamic) - XFREE(ocsp, heap, DYNAMIC_TYPE_OCSP); + XFREE(ocsp, ocsp->cm->heap, DYNAMIC_TYPE_OCSP); - (void)heap; } @@ -144,7 +143,8 @@ int CheckCertOCSP(WOLFSSL_OCSP* ocsp, DecodedCert* cert, buffer* responseBuffer) } #endif - if (InitOcspRequest(ocspRequest, cert, ocsp->cm->ocspSendNonce) == 0) { + if (InitOcspRequest(ocspRequest, cert, ocsp->cm->ocspSendNonce, + ocsp->cm->heap) == 0) { ret = CheckOcspRequest(ocsp, ocspRequest, responseBuffer); FreeOcspRequest(ocspRequest); @@ -179,7 +179,7 @@ static int GetOcspEntry(WOLFSSL_OCSP* ocsp, OcspRequest* request, if (*entry == NULL) { *entry = (OcspEntry*)XMALLOC(sizeof(OcspEntry), - NULL, DYNAMIC_TYPE_OCSP_ENTRY); + ocsp->cm->heap, DYNAMIC_TYPE_OCSP_ENTRY); if (*entry) { InitOcspEntry(*entry, request); (*entry)->next = ocsp->ocspList; @@ -293,7 +293,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, return 0; } - request = (byte*)XMALLOC(requestSz, NULL, DYNAMIC_TYPE_OCSP); + request = (byte*)XMALLOC(requestSz, ocsp->cm->heap, DYNAMIC_TYPE_OCSP); if (request == NULL) { WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR); return MEMORY_ERROR; @@ -326,14 +326,14 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, XMEMSET(newStatus, 0, sizeof(CertStatus)); InitOcspResponse(ocspResponse, newStatus, response, ret); - OcspResponseDecode(ocspResponse, ocsp->cm); + OcspResponseDecode(ocspResponse, ocsp->cm, ocsp->cm->heap); if (ocspResponse->responseStatus != OCSP_SUCCESSFUL) ret = OCSP_LOOKUP_FAIL; else { if (CompareOcspReqResp(ocspRequest, ocspResponse) == 0) { if (responseBuffer) { - responseBuffer->buffer = (byte*)XMALLOC(ret, NULL, + responseBuffer->buffer = (byte*)XMALLOC(ret, ocsp->cm->heap, DYNAMIC_TYPE_TMP_BUFFER); if (responseBuffer->buffer) { @@ -349,7 +349,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, else { if (status != NULL) { if (status->rawOcspResponse) - XFREE(status->rawOcspResponse, NULL, + XFREE(status->rawOcspResponse, ocsp->cm->heap, DYNAMIC_TYPE_OCSP_STATUS); /* Replace existing certificate entry with updated */ @@ -358,7 +358,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, else { /* Save new certificate entry */ status = (CertStatus*)XMALLOC(sizeof(CertStatus), - NULL, DYNAMIC_TYPE_OCSP_STATUS); + ocsp->cm->heap, DYNAMIC_TYPE_OCSP_STATUS); if (status != NULL) { XMEMCPY(status, newStatus, sizeof(CertStatus)); status->next = entry->status; @@ -369,7 +369,8 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, if (status && responseBuffer && responseBuffer->buffer) { status->rawOcspResponse = (byte*)XMALLOC( - responseBuffer->length, NULL, + responseBuffer->length, + ocsp->cm->heap, DYNAMIC_TYPE_OCSP_STATUS); if (status->rawOcspResponse) { diff --git a/src/ssl.c b/src/ssl.c index 964587ae1..ed7d0973c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -628,9 +628,15 @@ int wolfSSL_GetObjectSize(void) int wolfSSL_init_memory_heap(WOLFSSL_HEAP* heap) { - /* default size of chunks of memory to seperate into */ + /* default size of chunks of memory to seperate into + * having session certs enabled makes a 21k SSL struct */ +#ifndef SESSION_CERTS word32 wc_defaultMemSz[WOLFMEM_DEF_BUCKETS] = - { 64, 128, 256, 512, 1024, 2400, 3408, 4544, 16000 }; + { 64, 128, 256, 512, 1024, 2400, 3408, 4544, 16128 }; +#else + word32 wc_defaultMemSz[WOLFMEM_DEF_BUCKETS] = + { 64, 128, 256, 512, 1024, 2400, 3408, 4544, 21000 }; +#endif word32 wc_defaultDist[WOLFMEM_DEF_BUCKETS] = { 8, 4, 4, 12, 4, 5, 2, 1, 1 }; if (heap == NULL) { @@ -1056,7 +1062,7 @@ int wolfSSL_UseSNI(WOLFSSL* ssl, byte type, const void* data, word16 size) if (ssl == NULL) return BAD_FUNC_ARG; - return TLSX_UseSNI(&ssl->extensions, type, data, size); + return TLSX_UseSNI(&ssl->extensions, type, data, size, ssl->heap); } @@ -1066,7 +1072,7 @@ int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, byte type, const void* data, if (ctx == NULL) return BAD_FUNC_ARG; - return TLSX_UseSNI(&ctx->extensions, type, data, size); + return TLSX_UseSNI(&ctx->extensions, type, data, size, ctx->heap); } #ifndef NO_WOLFSSL_SERVER @@ -1125,7 +1131,7 @@ int wolfSSL_UseMaxFragment(WOLFSSL* ssl, byte mfl) if (ssl == NULL) return BAD_FUNC_ARG; - return TLSX_UseMaxFragment(&ssl->extensions, mfl); + return TLSX_UseMaxFragment(&ssl->extensions, mfl, ssl->heap); } @@ -1134,7 +1140,7 @@ int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX* ctx, byte mfl) if (ctx == NULL) return BAD_FUNC_ARG; - return TLSX_UseMaxFragment(&ctx->extensions, mfl); + return TLSX_UseMaxFragment(&ctx->extensions, mfl, ctx->heap); } #endif /* NO_WOLFSSL_CLIENT */ @@ -1148,7 +1154,7 @@ int wolfSSL_UseTruncatedHMAC(WOLFSSL* ssl) if (ssl == NULL) return BAD_FUNC_ARG; - return TLSX_UseTruncatedHMAC(&ssl->extensions); + return TLSX_UseTruncatedHMAC(&ssl->extensions, ssl->heap); } @@ -1157,7 +1163,7 @@ int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX* ctx) if (ctx == NULL) return BAD_FUNC_ARG; - return TLSX_UseTruncatedHMAC(&ctx->extensions); + return TLSX_UseTruncatedHMAC(&ctx->extensions, ctx->heap); } #endif /* NO_WOLFSSL_CLIENT */ @@ -1171,7 +1177,7 @@ int wolfSSL_UseOCSPStapling(WOLFSSL* ssl, byte status_type, byte options) return BAD_FUNC_ARG; return TLSX_UseCertificateStatusRequest(&ssl->extensions, status_type, - options); + options, ssl->heap); } @@ -1182,7 +1188,7 @@ int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX* ctx, byte status_type, return BAD_FUNC_ARG; return TLSX_UseCertificateStatusRequest(&ctx->extensions, status_type, - options); + options, ctx->heap); } #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ @@ -1195,7 +1201,7 @@ int wolfSSL_UseOCSPStaplingV2(WOLFSSL* ssl, byte status_type, byte options) return BAD_FUNC_ARG; return TLSX_UseCertificateStatusRequestV2(&ssl->extensions, status_type, - options); + options, ssl->heap); } @@ -1206,7 +1212,7 @@ int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx, return BAD_FUNC_ARG; return TLSX_UseCertificateStatusRequestV2(&ctx->extensions, status_type, - options); + options, ctx->heap); } #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ @@ -1233,7 +1239,7 @@ int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, word16 name) return BAD_FUNC_ARG; } - return TLSX_UseSupportedCurve(&ssl->extensions, name); + return TLSX_UseSupportedCurve(&ssl->extensions, name, ssl->heap); } @@ -1255,7 +1261,7 @@ int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx, word16 name) return BAD_FUNC_ARG; } - return TLSX_UseSupportedCurve(&ctx->extensions, name); + return TLSX_UseSupportedCurve(&ctx->extensions, name, ctx->heap); } #endif /* NO_WOLFSSL_CLIENT */ @@ -1292,7 +1298,7 @@ int wolfSSL_UseSupportedQSH(WOLFSSL* ssl, word16 name) ssl->user_set_QSHSchemes = 1; - return TLSX_UseQSHScheme(&ssl->extensions, name, NULL, 0); + return TLSX_UseQSHScheme(&ssl->extensions, name, NULL, 0, ssl->heap); } #ifndef NO_WOLFSSL_CLIENT @@ -1363,14 +1369,15 @@ int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list, while ((idx--) > 0) { len = (word16)XSTRLEN(token[idx]); - ret = TLSX_UseALPN(&ssl->extensions, token[idx], len, options); + ret = TLSX_UseALPN(&ssl->extensions, token[idx], len, options, + ssl->heap); if (ret != SSL_SUCCESS) { WOLFSSL_MSG("TLSX_UseALPN failure"); break; } } - XFREE(list, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(list, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -1393,7 +1400,8 @@ int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list, word16 *listSz) if (*listSz == 0) return BUFFER_ERROR; - *list = (char *)XMALLOC((*listSz)+1, ssl->heap, DYNAMIC_TYPE_TLSX); + /* leaving as null heap hint since user calls free on returned string */ + *list = (char *)XMALLOC((*listSz)+1, NULL, DYNAMIC_TYPE_TLSX); if (*list == NULL) return MEMORY_ERROR; @@ -1414,7 +1422,7 @@ int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl) int ret = BAD_FUNC_ARG; if (ssl) - ret = TLSX_UseSecureRenegotiation(&ssl->extensions); + ret = TLSX_UseSecureRenegotiation(&ssl->extensions, ssl->heap); if (ret == SSL_SUCCESS) { TLSX* extension = TLSX_Find(ssl->extensions, TLSX_RENEGOTIATION_INFO); @@ -2133,11 +2141,11 @@ void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm) #endif #ifdef HAVE_OCSP if (cm->ocsp) - FreeOCSP(cm->ocsp, 1, cm->heap); + FreeOCSP(cm->ocsp, 1); #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) if (cm->ocsp_stapling) - FreeOCSP(cm->ocsp_stapling, 1, cm->heap); + FreeOCSP(cm->ocsp_stapling, 1); #endif #endif FreeSignerTable(cm->caTable, CA_TABLE_SIZE, cm->heap); @@ -4308,7 +4316,7 @@ int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER* cm, int options) if (InitOCSP(cm->ocsp, cm) != 0) { WOLFSSL_MSG("Init OCSP failed"); - FreeOCSP(cm->ocsp, 1, cm->heap); + FreeOCSP(cm->ocsp, 1); cm->ocsp = NULL; return SSL_FAILURE; } @@ -4364,7 +4372,7 @@ int wolfSSL_CertManagerEnableOCSPStapling(WOLFSSL_CERT_MANAGER* cm) if (InitOCSP(cm->ocsp_stapling, cm) != 0) { WOLFSSL_MSG("Init OCSP failed"); - FreeOCSP(cm->ocsp_stapling, 1, cm->heap); + FreeOCSP(cm->ocsp_stapling, 1); cm->ocsp_stapling = NULL; return SSL_FAILURE; } diff --git a/src/tls.c b/src/tls.c index 4b45b3d62..a0dc15b1a 100644 --- a/src/tls.c +++ b/src/tls.c @@ -784,9 +784,9 @@ static INLINE word16 TLSX_ToSemaphore(word16 type) ((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8))) /** Creates a new extension. */ -static TLSX* TLSX_New(TLSX_Type type, void* data) +static TLSX* TLSX_New(TLSX_Type type, void* data, void* heap) { - TLSX* extension = (TLSX*)XMALLOC(sizeof(TLSX), NULL, DYNAMIC_TYPE_TLSX); + TLSX* extension = (TLSX*)XMALLOC(sizeof(TLSX), heap, DYNAMIC_TYPE_TLSX); if (extension) { extension->type = type; @@ -802,9 +802,9 @@ static TLSX* TLSX_New(TLSX_Type type, void* data) * Creates a new extension and pushes it to the provided list. * Checks for duplicate extensions, keeps the newest. */ -static int TLSX_Push(TLSX** list, TLSX_Type type, void* data) +static int TLSX_Push(TLSX** list, TLSX_Type type, void* data, void* heap) { - TLSX* extension = TLSX_New(type, data); + TLSX* extension = TLSX_New(type, data, heap); if (extension == NULL) return MEMORY_E; @@ -821,7 +821,7 @@ static int TLSX_Push(TLSX** list, TLSX_Type type, void* data) extension->next = next->next; next->next = NULL; - TLSX_FreeAll(next); + TLSX_FreeAll(next, heap); /* there is no way to occur more than */ /* two extensions of the same type. */ @@ -853,7 +853,8 @@ void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type) #ifdef HAVE_ALPN /** Creates a new ALPN object, providing protocol name to use. */ -static ALPN* TLSX_ALPN_New(char *protocol_name, word16 protocol_nameSz) +static ALPN* TLSX_ALPN_New(char *protocol_name, word16 protocol_nameSz, + void* heap) { ALPN *alpn; @@ -865,7 +866,7 @@ static ALPN* TLSX_ALPN_New(char *protocol_name, word16 protocol_nameSz) return NULL; } - alpn = (ALPN*)XMALLOC(sizeof(ALPN), 0, DYNAMIC_TYPE_TLSX); + alpn = (ALPN*)XMALLOC(sizeof(ALPN), heap, DYNAMIC_TYPE_TLSX); if (alpn == NULL) { WOLFSSL_MSG("Memory failure"); return NULL; @@ -875,10 +876,10 @@ static ALPN* TLSX_ALPN_New(char *protocol_name, word16 protocol_nameSz) alpn->negotiated = 0; alpn->options = 0; - alpn->protocol_name = XMALLOC(protocol_nameSz + 1, 0, DYNAMIC_TYPE_TLSX); + alpn->protocol_name = XMALLOC(protocol_nameSz + 1, heap, DYNAMIC_TYPE_TLSX); if (alpn->protocol_name == NULL) { WOLFSSL_MSG("Memory failure"); - XFREE(alpn, 0, DYNAMIC_TYPE_TLSX); + XFREE(alpn, heap, DYNAMIC_TYPE_TLSX); return NULL; } @@ -889,23 +890,25 @@ static ALPN* TLSX_ALPN_New(char *protocol_name, word16 protocol_nameSz) } /** Releases an ALPN object. */ -static void TLSX_ALPN_Free(ALPN *alpn) +static void TLSX_ALPN_Free(ALPN *alpn, void* heap) { + (void)heap; + if (alpn == NULL) return; - XFREE(alpn->protocol_name, 0, DYNAMIC_TYPE_TLSX); - XFREE(alpn, 0, DYNAMIC_TYPE_TLSX); + XFREE(alpn->protocol_name, heap, DYNAMIC_TYPE_TLSX); + XFREE(alpn, heap, DYNAMIC_TYPE_TLSX); } /** Releases all ALPN objects in the provided list. */ -static void TLSX_ALPN_FreeAll(ALPN *list) +static void TLSX_ALPN_FreeAll(ALPN *list, void* heap) { ALPN* alpn; while ((alpn = list)) { list = alpn->next; - TLSX_ALPN_Free(alpn); + TLSX_ALPN_Free(alpn, heap); } } @@ -970,7 +973,8 @@ static ALPN* TLSX_ALPN_Find(ALPN *list, char *protocol_name, word16 size) } /** Set the ALPN matching client and server requirements */ -static int TLSX_SetALPN(TLSX** extensions, const void* data, word16 size) +static int TLSX_SetALPN(TLSX** extensions, const void* data, word16 size, + void* heap) { ALPN *alpn; int ret; @@ -978,7 +982,7 @@ static int TLSX_SetALPN(TLSX** extensions, const void* data, word16 size) if (extensions == NULL || data == NULL) return BAD_FUNC_ARG; - alpn = TLSX_ALPN_New((char *)data, size); + alpn = TLSX_ALPN_New((char *)data, size, heap); if (alpn == NULL) { WOLFSSL_MSG("Memory failure"); return MEMORY_E; @@ -986,9 +990,10 @@ static int TLSX_SetALPN(TLSX** extensions, const void* data, word16 size) alpn->negotiated = 1; - ret = TLSX_Push(extensions, TLSX_APPLICATION_LAYER_PROTOCOL, (void*)alpn); + ret = TLSX_Push(extensions, TLSX_APPLICATION_LAYER_PROTOCOL, (void*)alpn, + heap); if (ret != 0) { - TLSX_ALPN_Free(alpn); + TLSX_ALPN_Free(alpn, heap); return ret; } @@ -1032,9 +1037,9 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, byte *input, word16 length, /* keep the list sent by client */ if (isRequest) { if (ssl->alpn_client_list != NULL) - XFREE(ssl->alpn_client_list, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); - ssl->alpn_client_list = (char *)XMALLOC(size, NULL, + ssl->alpn_client_list = (char *)XMALLOC(size, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); if (ssl->alpn_client_list == NULL) return MEMORY_ERROR; @@ -1085,7 +1090,8 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, byte *input, word16 length, /* set the matching negotiated protocol */ r = TLSX_SetALPN(&ssl->extensions, alpn->protocol_name, - (word16)XSTRLEN(alpn->protocol_name)); + (word16)XSTRLEN(alpn->protocol_name), + ssl->heap); if (r != SSL_SUCCESS) { WOLFSSL_MSG("TLSX_UseALPN failed"); return BUFFER_ERROR; @@ -1102,7 +1108,8 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, byte *input, word16 length, } /** Add a protocol name to the list of accepted usable ones */ -int TLSX_UseALPN(TLSX** extensions, const void* data, word16 size, byte options) +int TLSX_UseALPN(TLSX** extensions, const void* data, word16 size, byte options, + void* heap) { ALPN *alpn; TLSX *extension; @@ -1111,7 +1118,7 @@ int TLSX_UseALPN(TLSX** extensions, const void* data, word16 size, byte options) if (extensions == NULL || data == NULL) return BAD_FUNC_ARG; - alpn = TLSX_ALPN_New((char *)data, size); + alpn = TLSX_ALPN_New((char *)data, size, heap); if (alpn == NULL) { WOLFSSL_MSG("Memory failure"); return MEMORY_E; @@ -1123,9 +1130,9 @@ int TLSX_UseALPN(TLSX** extensions, const void* data, word16 size, byte options) extension = TLSX_Find(*extensions, TLSX_APPLICATION_LAYER_PROTOCOL); if (extension == NULL) { ret = TLSX_Push(extensions, TLSX_APPLICATION_LAYER_PROTOCOL, - (void*)alpn); + (void*)alpn, heap); if (ret != 0) { - TLSX_ALPN_Free(alpn); + TLSX_ALPN_Free(alpn, heap); return ret; } } @@ -1192,7 +1199,7 @@ int TLSX_ALPN_GetRequest(TLSX* extensions, void** data, word16 *dataSz) #else /* HAVE_ALPN */ -#define ALPN_FREE_ALL(list) +#define ALPN_FREE_ALL(list, heap) #define ALPN_GET_SIZE(list) 0 #define ALPN_WRITE(a, b) 0 #define ALPN_PARSE(a, b, c, d) 0 @@ -1206,9 +1213,9 @@ int TLSX_ALPN_GetRequest(TLSX* extensions, void** data, word16 *dataSz) #ifdef HAVE_SNI /** Creates a new SNI object. */ -static SNI* TLSX_SNI_New(byte type, const void* data, word16 size) +static SNI* TLSX_SNI_New(byte type, const void* data, word16 size, void* heap) { - SNI* sni = (SNI*)XMALLOC(sizeof(SNI), NULL, DYNAMIC_TYPE_TLSX); + SNI* sni = (SNI*)XMALLOC(sizeof(SNI), heap, DYNAMIC_TYPE_TLSX); if (sni) { sni->type = type; @@ -1221,19 +1228,19 @@ static SNI* TLSX_SNI_New(byte type, const void* data, word16 size) switch (sni->type) { case WOLFSSL_SNI_HOST_NAME: - sni->data.host_name = XMALLOC(size+1, NULL, DYNAMIC_TYPE_TLSX); + sni->data.host_name = XMALLOC(size+1, heap, DYNAMIC_TYPE_TLSX); if (sni->data.host_name) { XSTRNCPY(sni->data.host_name, (const char*)data, size); sni->data.host_name[size] = 0; } else { - XFREE(sni, 0, DYNAMIC_TYPE_TLSX); + XFREE(sni, heap, DYNAMIC_TYPE_TLSX); sni = NULL; } break; default: /* invalid type */ - XFREE(sni, 0, DYNAMIC_TYPE_TLSX); + XFREE(sni, heap, DYNAMIC_TYPE_TLSX); sni = NULL; } } @@ -1242,27 +1249,28 @@ static SNI* TLSX_SNI_New(byte type, const void* data, word16 size) } /** Releases a SNI object. */ -static void TLSX_SNI_Free(SNI* sni) +static void TLSX_SNI_Free(SNI* sni, void* heap) { if (sni) { switch (sni->type) { case WOLFSSL_SNI_HOST_NAME: - XFREE(sni->data.host_name, 0, DYNAMIC_TYPE_TLSX); + XFREE(sni->data.host_name, heap, DYNAMIC_TYPE_TLSX); break; } - XFREE(sni, 0, DYNAMIC_TYPE_TLSX); + XFREE(sni, heap, DYNAMIC_TYPE_TLSX); } + (void)heap; } /** Releases all SNI objects in the provided list. */ -static void TLSX_SNI_FreeAll(SNI* list) +static void TLSX_SNI_FreeAll(SNI* list, void* heap) { SNI* sni; while ((sni = list)) { list = sni->next; - TLSX_SNI_Free(sni); + TLSX_SNI_Free(sni, heap); } } @@ -1429,7 +1437,7 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length, if (matched || sni->options & WOLFSSL_SNI_ANSWER_ON_MISMATCH) { int r = TLSX_UseSNI(&ssl->extensions, - type, input + offset, size); + type, input + offset, size, ssl->heap); if (r != SSL_SUCCESS) return r; /* throws error. */ @@ -1510,7 +1518,8 @@ static int TLSX_SNI_VerifyParse(WOLFSSL* ssl, byte isRequest) return 0; } -int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size) +int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size, + void* heap) { TLSX* extension = TLSX_Find(*extensions, TLSX_SERVER_NAME); SNI* sni = NULL; @@ -1518,13 +1527,13 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size) if (extensions == NULL || data == NULL) return BAD_FUNC_ARG; - if ((sni = TLSX_SNI_New(type, data, size)) == NULL) + if ((sni = TLSX_SNI_New(type, data, size, heap)) == NULL) return MEMORY_E; if (!extension) { - int ret = TLSX_Push(extensions, TLSX_SERVER_NAME, (void*)sni); + int ret = TLSX_Push(extensions, TLSX_SERVER_NAME, (void*)sni, heap); if (ret != 0) { - TLSX_SNI_Free(sni); + TLSX_SNI_Free(sni, heap); return ret; } } @@ -1539,7 +1548,7 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size) SNI *next = sni->next; sni->next = next->next; - TLSX_SNI_Free(next); + TLSX_SNI_Free(next, heap); /* there is no way to occur more than */ /* two SNIs of the same type. */ @@ -1741,7 +1750,7 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz, #else -#define SNI_FREE_ALL(list) +#define SNI_FREE_ALL(list, heap) #define SNI_GET_SIZE(list) 0 #define SNI_WRITE(a, b) 0 #define SNI_PARSE(a, b, c, d) 0 @@ -1785,7 +1794,7 @@ static int TLSX_MFL_Parse(WOLFSSL* ssl, byte* input, word16 length, #ifndef NO_WOLFSSL_SERVER if (isRequest) { - int r = TLSX_UseMaxFragment(&ssl->extensions, *input); + int r = TLSX_UseMaxFragment(&ssl->extensions, *input, ssl->heap); if (r != SSL_SUCCESS) return r; /* throw error */ @@ -1796,7 +1805,7 @@ static int TLSX_MFL_Parse(WOLFSSL* ssl, byte* input, word16 length, return 0; } -int TLSX_UseMaxFragment(TLSX** extensions, byte mfl) +int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap) { byte* data = NULL; int ret = 0; @@ -1807,14 +1816,15 @@ int TLSX_UseMaxFragment(TLSX** extensions, byte mfl) if (mfl < WOLFSSL_MFL_2_9 || WOLFSSL_MFL_2_13 < mfl) return BAD_FUNC_ARG; - if ((data = XMALLOC(ENUM_LEN, NULL, DYNAMIC_TYPE_TLSX)) == NULL) + if ((data = XMALLOC(ENUM_LEN, heap, DYNAMIC_TYPE_TLSX)) == NULL) return MEMORY_E; data[0] = mfl; /* push new MFL extension. */ - if ((ret = TLSX_Push(extensions, TLSX_MAX_FRAGMENT_LENGTH, data)) != 0) { - XFREE(data, 0, DYNAMIC_TYPE_TLSX); + if ((ret = TLSX_Push(extensions, TLSX_MAX_FRAGMENT_LENGTH, data, heap)) + != 0) { + XFREE(data, heap, DYNAMIC_TYPE_TLSX); return ret; } @@ -1822,14 +1832,14 @@ int TLSX_UseMaxFragment(TLSX** extensions, byte mfl) } -#define MFL_FREE_ALL(data) XFREE(data, 0, DYNAMIC_TYPE_TLSX) +#define MFL_FREE_ALL(data, heap) XFREE(data, (heap), DYNAMIC_TYPE_TLSX) #define MFL_GET_SIZE(data) ENUM_LEN #define MFL_WRITE TLSX_MFL_Write #define MFL_PARSE TLSX_MFL_Parse #else -#define MFL_FREE_ALL(a) +#define MFL_FREE_ALL(a, b) #define MFL_GET_SIZE(a) 0 #define MFL_WRITE(a, b) 0 #define MFL_PARSE(a, b, c, d) 0 @@ -1852,7 +1862,7 @@ static int TLSX_THM_Parse(WOLFSSL* ssl, byte* input, word16 length, #ifndef NO_WOLFSSL_SERVER if (isRequest) { - int r = TLSX_UseTruncatedHMAC(&ssl->extensions); + int r = TLSX_UseTruncatedHMAC(&ssl->extensions, ssl->heap); if (r != SSL_SUCCESS) return r; /* throw error */ @@ -1866,14 +1876,14 @@ static int TLSX_THM_Parse(WOLFSSL* ssl, byte* input, word16 length, return 0; } -int TLSX_UseTruncatedHMAC(TLSX** extensions) +int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap) { int ret = 0; if (extensions == NULL) return BAD_FUNC_ARG; - if ((ret = TLSX_Push(extensions, TLSX_TRUNCATED_HMAC, NULL)) != 0) + if ((ret = TLSX_Push(extensions, TLSX_TRUNCATED_HMAC, NULL, heap)) != 0) return ret; return SSL_SUCCESS; @@ -1893,7 +1903,7 @@ int TLSX_UseTruncatedHMAC(TLSX** extensions) #ifdef HAVE_CERTIFICATE_STATUS_REQUEST -static void TLSX_CSR_Free(CertificateStatusRequest* csr) +static void TLSX_CSR_Free(CertificateStatusRequest* csr, void* heap) { switch (csr->status_type) { case WOLFSSL_CSR_OCSP: @@ -1901,7 +1911,8 @@ static void TLSX_CSR_Free(CertificateStatusRequest* csr) break; } - XFREE(csr, NULL, DYNAMIC_TYPE_TLSX); + XFREE(csr, heap, DYNAMIC_TYPE_TLSX); + (void)heap; } static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest) @@ -1991,7 +2002,7 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, byte* input, word16 length, /* enable extension at ssl level */ ret = TLSX_UseCertificateStatusRequest(&ssl->extensions, - csr->status_type, csr->options); + csr->status_type, csr->options, ssl->heap); if (ret != SSL_SUCCESS) return ret; @@ -2063,7 +2074,7 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, byte* input, word16 length, /* accept the first good status_type and return */ ret = TLSX_UseCertificateStatusRequest(&ssl->extensions, status_type, - 0); + 0, ssl->heap); if (ret != SSL_SUCCESS) return ret; /* throw error */ @@ -2076,7 +2087,7 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, byte* input, word16 length, return 0; } -int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert) +int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap) { TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST); CertificateStatusRequest* csr = extension ? extension->data : NULL; @@ -2091,7 +2102,8 @@ int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert) /* preserve nonce */ XMEMCPY(nonce, csr->request.ocsp.nonce, nonceSz); - if ((ret = InitOcspRequest(&csr->request.ocsp, cert, 0)) != 0) + if ((ret = InitOcspRequest(&csr->request.ocsp, cert, 0, heap)) + != 0) return ret; /* restore nonce */ @@ -2141,7 +2153,7 @@ int TLSX_CSR_ForceRequest(WOLFSSL* ssl) } int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type, - byte options) + byte options, void* heap) { CertificateStatusRequest* csr = NULL; int ret = 0; @@ -2150,7 +2162,7 @@ int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type, return BAD_FUNC_ARG; csr = (CertificateStatusRequest*) - XMALLOC(sizeof(CertificateStatusRequest), NULL, DYNAMIC_TYPE_TLSX); + XMALLOC(sizeof(CertificateStatusRequest), heap, DYNAMIC_TYPE_TLSX); if (!csr) return MEMORY_E; @@ -2164,7 +2176,11 @@ int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type, if (options & WOLFSSL_CSR_OCSP_USE_NONCE) { WC_RNG rng; +#ifdef WOLFSSL_STATIC_MEMORY + if (wc_InitRng_ex(&rng, heap) == 0) { +#else if (wc_InitRng(&rng) == 0) { +#endif if (wc_RNG_GenerateBlock(&rng, csr->request.ocsp.nonce, MAX_OCSP_NONCE_SZ) == 0) csr->request.ocsp.nonceSz = MAX_OCSP_NONCE_SZ; @@ -2175,8 +2191,8 @@ int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type, break; } - if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST, csr)) != 0) { - XFREE(csr, NULL, DYNAMIC_TYPE_TLSX); + if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST, csr, heap)) != 0) { + XFREE(csr, heap, DYNAMIC_TYPE_TLSX); return ret; } @@ -2190,7 +2206,7 @@ int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type, #else -#define CSR_FREE_ALL(data) +#define CSR_FREE_ALL(data, heap) #define CSR_GET_SIZE(a, b) 0 #define CSR_WRITE(a, b, c) 0 #define CSR_PARSE(a, b, c, d) 0 @@ -2203,7 +2219,7 @@ int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type, #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 -static void TLSX_CSR2_FreeAll(CertificateStatusRequestItemV2* csr2) +static void TLSX_CSR2_FreeAll(CertificateStatusRequestItemV2* csr2, void* heap) { CertificateStatusRequestItemV2* next; @@ -2218,8 +2234,9 @@ static void TLSX_CSR2_FreeAll(CertificateStatusRequestItemV2* csr2) break; } - XFREE(csr2, NULL, DYNAMIC_TYPE_TLSX); + XFREE(csr2, heap, DYNAMIC_TYPE_TLSX); } + (void)heap; } static word16 TLSX_CSR2_GetSize(CertificateStatusRequestItemV2* csr2, @@ -2336,7 +2353,7 @@ static int TLSX_CSR2_Parse(WOLFSSL* ssl, byte* input, word16 length, /* enable extension at ssl level */ for (; csr2; csr2 = csr2->next) { ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions, - csr2->status_type, csr2->options); + csr2->status_type, csr2->options, ssl->heap); if (ret != SSL_SUCCESS) return ret; @@ -2436,7 +2453,7 @@ static int TLSX_CSR2_Parse(WOLFSSL* ssl, byte* input, word16 length, /* accept the first good status_type and return */ ret = TLSX_UseCertificateStatusRequestV2(&ssl->extensions, - status_type, 0); + status_type, 0, ssl->heap); if (ret != SSL_SUCCESS) return ret; /* throw error */ @@ -2451,7 +2468,8 @@ static int TLSX_CSR2_Parse(WOLFSSL* ssl, byte* input, word16 length, return 0; } -int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer) +int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer, + void* heap) { TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST_V2); CertificateStatusRequestItemV2* csr2 = extension ? extension->data : NULL; @@ -2474,7 +2492,8 @@ int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer) XMEMCPY(nonce, csr2->request.ocsp[0].nonce, nonceSz); if ((ret = InitOcspRequest( - &csr2->request.ocsp[csr2->requests], cert, 0)) != 0) + &csr2->request.ocsp[csr2->requests], cert, + 0, heap)) != 0) return ret; /* restore nonce */ @@ -2539,7 +2558,7 @@ int TLSX_CSR2_ForceRequest(WOLFSSL* ssl) } int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type, - byte options) + byte options, void* heap) { TLSX* extension = NULL; CertificateStatusRequestItemV2* csr2 = NULL; @@ -2553,7 +2572,7 @@ int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type, return BAD_FUNC_ARG; csr2 = (CertificateStatusRequestItemV2*) - XMALLOC(sizeof(CertificateStatusRequestItemV2), NULL, DYNAMIC_TYPE_TLSX); + XMALLOC(sizeof(CertificateStatusRequestItemV2), heap, DYNAMIC_TYPE_TLSX); if (!csr2) return MEMORY_E; @@ -2569,7 +2588,11 @@ int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type, if (options & WOLFSSL_CSR2_OCSP_USE_NONCE) { WC_RNG rng; +#ifdef WOLFSSL_STATIC_MEMORY + if (wc_InitRng_ex(&rng, heap) == 0) { +#else if (wc_InitRng(&rng) == 0) { +#endif if (wc_RNG_GenerateBlock(&rng, csr2->request.ocsp[0].nonce, MAX_OCSP_NONCE_SZ) == 0) csr2->request.ocsp[0].nonceSz = MAX_OCSP_NONCE_SZ; @@ -2589,8 +2612,8 @@ int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type, last->next = csr2; } - else if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST_V2, csr2))) { - XFREE(csr2, NULL, DYNAMIC_TYPE_TLSX); + else if ((ret = TLSX_Push(extensions, TLSX_STATUS_REQUEST_V2, csr2,heap))) { + XFREE(csr2, heap, DYNAMIC_TYPE_TLSX); return ret; } @@ -2604,7 +2627,7 @@ int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type, #else -#define CSR2_FREE_ALL(data) +#define CSR2_FREE_ALL(data, heap) #define CSR2_GET_SIZE(a, b) 0 #define CSR2_WRITE(a, b, c) 0 #define CSR2_PARSE(a, b, c, d) 0 @@ -2622,24 +2645,26 @@ int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type, Use --enable-ecc in the configure script or define HAVE_ECC. #endif -static void TLSX_EllipticCurve_FreeAll(EllipticCurve* list) +static void TLSX_EllipticCurve_FreeAll(EllipticCurve* list, void* heap) { EllipticCurve* curve; while ((curve = list)) { list = curve->next; - XFREE(curve, 0, DYNAMIC_TYPE_TLSX); + XFREE(curve, heap, DYNAMIC_TYPE_TLSX); } + (void)heap; } -static int TLSX_EllipticCurve_Append(EllipticCurve** list, word16 name) +static int TLSX_EllipticCurve_Append(EllipticCurve** list, word16 name, + void* heap) { EllipticCurve* curve = NULL; if (list == NULL) return BAD_FUNC_ARG; - curve = (EllipticCurve*)XMALLOC(sizeof(EllipticCurve), NULL, + curve = (EllipticCurve*)XMALLOC(sizeof(EllipticCurve), heap, DYNAMIC_TYPE_TLSX); if (curve == NULL) return MEMORY_E; @@ -2728,7 +2753,7 @@ static int TLSX_EllipticCurve_Parse(WOLFSSL* ssl, byte* input, word16 length, ato16(input + offset, &name); offset -= OPAQUE16_LEN; - r = TLSX_UseSupportedCurve(&ssl->extensions, name); + r = TLSX_UseSupportedCurve(&ssl->extensions, name, ssl->heap); if (r != SSL_SUCCESS) return r; /* throw error */ } @@ -2873,7 +2898,7 @@ int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) { #endif /* NO_WOLFSSL_SERVER */ -int TLSX_UseSupportedCurve(TLSX** extensions, word16 name) +int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap) { TLSX* extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS); EllipticCurve* curve = NULL; @@ -2882,12 +2907,13 @@ int TLSX_UseSupportedCurve(TLSX** extensions, word16 name) if (extensions == NULL) return BAD_FUNC_ARG; - if ((ret = TLSX_EllipticCurve_Append(&curve, name)) != 0) + if ((ret = TLSX_EllipticCurve_Append(&curve, name, heap)) != 0) return ret; if (!extension) { - if ((ret = TLSX_Push(extensions, TLSX_SUPPORTED_GROUPS, curve)) != 0) { - XFREE(curve, 0, DYNAMIC_TYPE_TLSX); + if ((ret = TLSX_Push(extensions, TLSX_SUPPORTED_GROUPS, curve, heap)) + != 0) { + XFREE(curve, heap, DYNAMIC_TYPE_TLSX); return ret; } } @@ -2902,7 +2928,7 @@ int TLSX_UseSupportedCurve(TLSX** extensions, word16 name) EllipticCurve *next = curve->next; curve->next = next->next; - XFREE(next, 0, DYNAMIC_TYPE_TLSX); + XFREE(next, heap, DYNAMIC_TYPE_TLSX); break; } @@ -2931,7 +2957,7 @@ int TLSX_UseSupportedCurve(TLSX** extensions, word16 name) #else -#define EC_FREE_ALL(list) +#define EC_FREE_ALL(list, heap) #define EC_GET_SIZE(list) 0 #define EC_WRITE(a, b) 0 #define EC_PARSE(a, b, c, d) 0 @@ -3029,21 +3055,21 @@ static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, byte* input, return ret; } -int TLSX_UseSecureRenegotiation(TLSX** extensions) +int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap) { int ret = 0; SecureRenegotiation* data = NULL; - data = (SecureRenegotiation*)XMALLOC(sizeof(SecureRenegotiation), NULL, + data = (SecureRenegotiation*)XMALLOC(sizeof(SecureRenegotiation), heap, DYNAMIC_TYPE_TLSX); if (data == NULL) return MEMORY_E; XMEMSET(data, 0, sizeof(SecureRenegotiation)); - ret = TLSX_Push(extensions, TLSX_RENEGOTIATION_INFO, data); + ret = TLSX_Push(extensions, TLSX_RENEGOTIATION_INFO, data, heap); if (ret != 0) { - XFREE(data, 0, DYNAMIC_TYPE_TLSX); + XFREE(data, heap, DYNAMIC_TYPE_TLSX); return ret; } @@ -3058,7 +3084,7 @@ int TLSX_UseSecureRenegotiation(TLSX** extensions) #else -#define SCR_FREE_ALL(a) +#define SCR_FREE_ALL(a, heap) #define SCR_GET_SIZE(a, b) 0 #define SCR_WRITE(a, b, c) 0 #define SCR_PARSE(a, b, c, d) 0 @@ -3080,7 +3106,7 @@ static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl) /* TODO validate ticket timeout here! */ if (ticket->lifetime == 0xfffffff) { /* send empty ticket on timeout */ - TLSX_UseSessionTicket(&ssl->extensions, NULL); + TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap); } } } @@ -3128,7 +3154,7 @@ static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length, if (length == 0) { /* blank ticket */ - ret = TLSX_UseSessionTicket(&ssl->extensions, NULL); + ret = TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap); if (ret == SSL_SUCCESS) { ret = 0; TLSX_SetResponse(ssl, TLSX_SESSION_TICKET); /* send blank ticket */ @@ -3144,7 +3170,7 @@ static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length, ssl->options.resuming = 1; } else if (ret == WOLFSSL_TICKET_RET_CREATE) { WOLFSSL_MSG("Using existing client ticket, creating new one"); - ret = TLSX_UseSessionTicket(&ssl->extensions, NULL); + ret = TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap); if (ret == SSL_SUCCESS) { ret = 0; TLSX_SetResponse(ssl, TLSX_SESSION_TICKET); @@ -3193,7 +3219,7 @@ WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket) } } -int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket) +int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket, void* heap) { int ret = 0; @@ -3202,7 +3228,8 @@ int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket) /* If the ticket is NULL, the client will request a new ticket from the server. Otherwise, the client will use it in the next client hello. */ - if ((ret = TLSX_Push(extensions, TLSX_SESSION_TICKET, (void*)ticket)) != 0) + if ((ret = TLSX_Push(extensions, TLSX_SESSION_TICKET, (void*)ticket, heap)) + != 0) return ret; return SSL_SUCCESS; @@ -3212,11 +3239,11 @@ int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket) #define STK_GET_SIZE TLSX_SessionTicket_GetSize #define STK_WRITE TLSX_SessionTicket_Write #define STK_PARSE TLSX_SessionTicket_Parse -#define STK_FREE(stk) TLSX_SessionTicket_Free((SessionTicket*)stk) +#define STK_FREE(stk, heap) TLSX_SessionTicket_Free((SessionTicket*)stk,(heap)) #else -#define STK_FREE(a) +#define STK_FREE(a, b) #define STK_VALIDATE_REQUEST(a) #define STK_GET_SIZE(a, b) 0 #define STK_WRITE(a, b, c) 0 @@ -3232,14 +3259,16 @@ int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket) static WC_RNG* rng; static wolfSSL_Mutex* rngMutex; -static void TLSX_QSH_FreeAll(QSHScheme* list) +static void TLSX_QSH_FreeAll(QSHScheme* list, void* heap) { QSHScheme* current; while ((current = list)) { list = current->next; - XFREE(current, 0, DYNAMIC_TYPE_TLSX); + XFREE(current, heap, DYNAMIC_TYPE_TLSX); } + + (void)heap; } static int TLSX_QSH_Append(QSHScheme** list, word16 name, byte* pub, @@ -3400,7 +3429,7 @@ word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output) #endif /* NO_WOLFSSL_CLIENT */ #ifndef NO_WOLFSSL_SERVER -static void TLSX_QSHAgreement(TLSX** extensions) +static void TLSX_QSHAgreement(TLSX** extensions, void* heap) { TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID); QSHScheme* format = NULL; @@ -3421,13 +3450,15 @@ static void TLSX_QSHAgreement(TLSX** extensions) prev->next = format->next; del = format; format = format->next; - XFREE(del, 0, DYNAMIC_TYPE_TMP_ARRAY); + XFREE(del, heap, DYNAMIC_TYPE_TMP_BUFFER); del = NULL; } else { prev = format; format = format->next; } } + + (void)heap; } @@ -3511,7 +3542,7 @@ static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length, } /* peer sent an agreed upon scheme */ - r = TLSX_UseQSHScheme(&ssl->extensions, name, NULL, 0); + r = TLSX_UseQSHScheme(&ssl->extensions, name, NULL, 0, ssl->heap); if (r != SSL_SUCCESS) return r; /* throw error */ @@ -3527,7 +3558,7 @@ static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length, while ((offset_len < offset_pk) && numKeys) { QSHKey * temp; - if ((temp = (QSHKey*)XMALLOC(sizeof(QSHKey), NULL, + if ((temp = (QSHKey*)XMALLOC(sizeof(QSHKey), ssl->heap, DYNAMIC_TYPE_TLSX)) == NULL) return MEMORY_E; @@ -3553,7 +3584,7 @@ static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length, if (ssl->user_set_QSHSchemes && (!TLSX_ValidateQSHScheme(&ssl->extensions, temp->name))) { offset_len += PKLen; - XFREE(temp, 0, DYNAMIC_TYPE_TLSX); + XFREE(temp, ssl->heap, DYNAMIC_TYPE_TLSX); continue; } } @@ -3561,7 +3592,7 @@ static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length, /* read in public key */ if (PKLen > 0) { temp->pub.buffer = (byte*)XMALLOC(temp->pub.length, - NULL, DYNAMIC_TYPE_PUBLIC_KEY); + ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); XMEMCPY(temp->pub.buffer, input + offset_len, temp->pub.length); offset_len += PKLen; } @@ -3572,7 +3603,8 @@ static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length, /* use own key when adding to extensions list for sending reply */ PKLen = 0; PK = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, &PKLen, temp->name); - r = TLSX_UseQSHScheme(&ssl->extensions, temp->name, PK, PKLen); + r = TLSX_UseQSHScheme(&ssl->extensions, temp->name, PK, PKLen, + ssl->heap); /* store peers key */ ssl->peerQSHKeyPresent = 1; @@ -3580,7 +3612,7 @@ static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length, return MEMORY_E; if (temp->pub.length == 0) { - XFREE(temp, 0, DYNAMIC_TYPE_TLSX); + XFREE(temp, ssl->heap, DYNAMIC_TYPE_TLSX); } if (r != SSL_SUCCESS) {return r;} /* throw error */ @@ -3592,7 +3624,7 @@ static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length, if (isRequest) { TLSX_SetResponse(ssl, TLSX_QUANTUM_SAFE_HYBRID); /* only use schemes we have key generated for -- free the rest */ - TLSX_QSHAgreement(&ssl->extensions); + TLSX_QSHAgreement(&ssl->extensions, ssl->heap); } return 0; @@ -3738,7 +3770,8 @@ static int TLSX_HaveQSHScheme(word16 name) /* Add a QSHScheme struct to list of usable ones */ -int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz) +int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz, + void* heap) { TLSX* extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID); QSHScheme* format = NULL; @@ -3754,8 +3787,8 @@ int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz) return ret; if (!extension) { - if ((ret = TLSX_Push(extensions, TLSX_QUANTUM_SAFE_HYBRID, format)) - != 0) { + if ((ret = TLSX_Push(extensions, TLSX_QUANTUM_SAFE_HYBRID, format, + heap)) != 0) { XFREE(format, 0, DYNAMIC_TYPE_TLSX); return ret; } @@ -3802,7 +3835,7 @@ int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz) #define QSH_SERREQ TLSX_QSH_SerPKReq #else -#define QSH_FREE_ALL(list) +#define QSH_FREE_ALL(list, heap) #define QSH_GET_SIZE(list, a) 0 #define QSH_WRITE(a, b) 0 #define QSH_PARSE(a, b, c, d) 0 @@ -3828,7 +3861,7 @@ TLSX* TLSX_Find(TLSX* list, TLSX_Type type) } /** Releases all extensions in the provided list. */ -void TLSX_FreeAll(TLSX* list) +void TLSX_FreeAll(TLSX* list, void* heap) { TLSX* extension; @@ -3838,11 +3871,11 @@ void TLSX_FreeAll(TLSX* list) switch (extension->type) { case TLSX_SERVER_NAME: - SNI_FREE_ALL((SNI*)extension->data); + SNI_FREE_ALL((SNI*)extension->data, heap); break; case TLSX_MAX_FRAGMENT_LENGTH: - MFL_FREE_ALL(extension->data); + MFL_FREE_ALL(extension->data, heap); break; case TLSX_TRUNCATED_HMAC: @@ -3850,35 +3883,35 @@ void TLSX_FreeAll(TLSX* list) break; case TLSX_SUPPORTED_GROUPS: - EC_FREE_ALL(extension->data); + EC_FREE_ALL(extension->data, heap); break; case TLSX_STATUS_REQUEST: - CSR_FREE_ALL(extension->data); + CSR_FREE_ALL(extension->data, heap); break; case TLSX_STATUS_REQUEST_V2: - CSR2_FREE_ALL(extension->data); + CSR2_FREE_ALL(extension->data, heap); break; case TLSX_RENEGOTIATION_INFO: - SCR_FREE_ALL(extension->data); + SCR_FREE_ALL(extension->data, heap); break; case TLSX_SESSION_TICKET: - STK_FREE(extension->data); + STK_FREE(extension->data, heap); break; case TLSX_QUANTUM_SAFE_HYBRID: - QSH_FREE_ALL((QSHScheme*)extension->data); + QSH_FREE_ALL((QSHScheme*)extension->data, heap); break; case TLSX_APPLICATION_LAYER_PROTOCOL: - ALPN_FREE_ALL((ALPN*)extension->data); + ALPN_FREE_ALL((ALPN*)extension->data, heap); break; } - XFREE(extension, 0, DYNAMIC_TYPE_TLSX); + XFREE(extension, heap, DYNAMIC_TYPE_TLSX); } } @@ -4186,16 +4219,16 @@ int TLSX_CreateNtruKey(WOLFSSL* ssl, int type) return ret; } - if ((temp = (QSHKey*)XMALLOC(sizeof(QSHKey), NULL, + if ((temp = (QSHKey*)XMALLOC(sizeof(QSHKey), ssl->heap, DYNAMIC_TYPE_TLSX)) == NULL) return MEMORY_E; temp->name = type; temp->pub.length = public_key_len; - temp->pub.buffer = (byte*)XMALLOC(public_key_len, public_key, + temp->pub.buffer = (byte*)XMALLOC(public_key_len, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); XMEMCPY(temp->pub.buffer, public_key, public_key_len); temp->pri.length = private_key_len; - temp->pri.buffer = (byte*)XMALLOC(private_key_len, private_key, + temp->pri.buffer = (byte*)XMALLOC(private_key_len, ssl->heap, DYNAMIC_TYPE_ARRAYS); XMEMCPY(temp->pri.buffer, private_key, private_key_len); temp->next = NULL; @@ -4275,7 +4308,8 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) &public_key_len, WOLFSSL_NTRU_EESS743); } if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS743, - public_key, public_key_len) != SSL_SUCCESS) + public_key, public_key_len, ssl->heap) + != SSL_SUCCESS) ret = -1; /* add NTRU 196 */ @@ -4284,7 +4318,8 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) &public_key_len, WOLFSSL_NTRU_EESS593); } if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS593, - public_key, public_key_len) != SSL_SUCCESS) + public_key, public_key_len, ssl->heap) + != SSL_SUCCESS) ret = -1; /* add NTRU 128 */ @@ -4293,7 +4328,8 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) &public_key_len, WOLFSSL_NTRU_EESS439); } if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS439, - public_key, public_key_len) != SSL_SUCCESS) + public_key, public_key_len, ssl->heap) + != SSL_SUCCESS) ret = -1; } else if (ssl->sendQSHKeys && ssl->QSH_Key == NULL) { @@ -4313,7 +4349,8 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, &public_key_len, qsh->name); if (TLSX_UseQSHScheme(&ssl->extensions, qsh->name, - public_key, public_key_len) != SSL_SUCCESS) + public_key, public_key_len, + ssl->heap) != SSL_SUCCESS) ret = -1; qsh = next; } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index b94591be6..361bc8ae6 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -5829,6 +5829,11 @@ void wc_InitCert(Cert* cert) #ifdef WOLFSSL_CERT_REQ cert->challengePw[0] ='\0'; #endif +#ifdef WOLFSSL_HEAP_TEST + cert->heap = (void*)WOLFSSL_HEAP_TEST; +#else + cert->heap = NULL; +#endif } @@ -9080,7 +9085,7 @@ static int DecodeCerts(byte* source, } static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, - OcspResponse* resp, word32 size, void* cm) + OcspResponse* resp, word32 size, void* cm, void* heap) { int length; word32 idx = *ioIndex; @@ -9125,7 +9130,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, if (DecodeCerts(source, &idx, resp, size) < 0) return ASN_PARSE_E; - InitDecodedCert(&cert, resp->cert, resp->certSz, 0); + InitDecodedCert(&cert, resp->cert, resp->certSz, heap); ret = ParseCertRelative(&cert, CERT_TYPE, VERIFY, cm); if (ret < 0) return ret; @@ -9172,7 +9177,7 @@ void InitOcspResponse(OcspResponse* resp, CertStatus* status, } -int OcspResponseDecode(OcspResponse* resp, void* cm) +int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap) { int length = 0; word32 idx = 0; @@ -9216,7 +9221,7 @@ int OcspResponseDecode(OcspResponse* resp, void* cm) if (GetLength(source, &idx, &length, size) < 0) return ASN_PARSE_E; - if (DecodeBasicOcspResponse(source, &idx, resp, size, cm) < 0) + if (DecodeBasicOcspResponse(source, &idx, resp, size, cm, heap) < 0) return ASN_PARSE_E; return 0; @@ -9342,7 +9347,8 @@ int EncodeOcspRequest(OcspRequest* req, byte* output, word32 size) } -int InitOcspRequest(OcspRequest* req, DecodedCert* cert, byte useNonce) +int InitOcspRequest(OcspRequest* req, DecodedCert* cert, byte useNonce, + void* heap) { WOLFSSL_ENTER("InitOcspRequest"); @@ -9350,11 +9356,11 @@ int InitOcspRequest(OcspRequest* req, DecodedCert* cert, byte useNonce) return BAD_FUNC_ARG; ForceZero(req, sizeof(OcspRequest)); + req->heap = heap; if (cert) { XMEMCPY(req->issuerHash, cert->issuerHash, KEYID_SIZE); XMEMCPY(req->issuerKeyHash, cert->issuerKeyHash, KEYID_SIZE); - req->heap = cert->heap; req->serial = (byte*)XMALLOC(cert->serialSz, req->heap, DYNAMIC_TYPE_OCSP_REQUEST); @@ -9381,7 +9387,11 @@ int InitOcspRequest(OcspRequest* req, DecodedCert* cert, byte useNonce) if (useNonce) { WC_RNG rng; +#ifdef WOLFSSL_STATIC_MEMORY + if (wc_InitRng_ex(&rng, req->heap) != 0) { +#else if (wc_InitRng(&rng) != 0) { +#endif WOLFSSL_MSG("\tCannot initialize RNG. Skipping the OSCP Nonce."); } else { if (wc_RNG_GenerateBlock(&rng, req->nonce, MAX_OCSP_NONCE_SZ) != 0) @@ -9534,7 +9544,7 @@ void InitDecodedCRL(DecodedCRL* dcrl, void* heap) dcrl->totalCerts = 0; dcrl->heap = heap; #ifdef WOLFSSL_HEAP_TEST - dcrl->heap = (void)WOLFSSL_HEAP_TEST; + dcrl->heap = (void*)WOLFSSL_HEAP_TEST; #endif } diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index 0f70966bd..b5369555e 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -292,11 +292,12 @@ int FreeFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io) if (heap == NULL) { WOLFSSL_MSG("No heap to return fixed IO too"); } - - /* put IO buffer back into IO pool */ - (*io)->next = heap->io; - heap->io = *io; - *io = NULL; + else { + /* put IO buffer back into IO pool */ + (*io)->next = heap->io; + heap->io = *io; + *io = NULL; + } return 1; } diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 402a8bfb3..6e26415bb 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -69,10 +69,6 @@ int wolfCrypt_Init() } #endif - #ifdef WOLFSSL_STATIC_MEMORY - /* set static memory functions and load initial memory */ - wolfSSL_SetAllocators(wolfSSL_Malloc, wolfSSL_Free, wolfSSL_Realloc); - #endif initRefCount = 1; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 48939697a..b1fe45b8f 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -3974,7 +3974,7 @@ int certext_test(void) byte kid_ca[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54" "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0"; - tmp = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmp = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) return -200; @@ -4325,7 +4325,7 @@ int rsa_test(void) ret = wc_RsaPrivateDecrypt_ex(out, ret, plain, sizeof(plain), &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, sizeof(in)); if (ret > 0) { /* should fail */ - TEST_XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -252; } #endif /* NO_SHA*/ @@ -4461,7 +4461,7 @@ int rsa_test(void) FILE* keyFile; FILE* pemFile; - ret = wc_InitRsaKey(&genKey, 0); + ret = wc_InitRsaKey(&genKey, HEAP_HINT); if (ret != 0) { TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -300; @@ -4472,13 +4472,13 @@ int rsa_test(void) return -301; } - der = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + der = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRsaKey(&genKey); return -307; } - pem = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pem = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -4547,7 +4547,7 @@ int rsa_test(void) return -314; } - ret = wc_InitRsaKey(&derIn, 0); + ret = wc_InitRsaKey(&derIn, HEAP_HINT); if (ret != 0) { TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -4587,12 +4587,13 @@ int rsa_test(void) DecodedCert decode; #endif - derCert = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + derCert = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); if (derCert == NULL) { TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -309; } - pem = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pem = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -4653,7 +4654,7 @@ int rsa_test(void) } #ifdef WOLFSSL_TEST_CERT - InitDecodedCert(&decode, derCert, certSz, 0); + InitDecodedCert(&decode, derCert, certSz, HEAP_HINT); ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) { TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -4731,12 +4732,13 @@ int rsa_test(void) DecodedCert decode; #endif - derCert = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + derCert = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); if (derCert == NULL) { TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -311; } - pem = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pem = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -4755,7 +4757,7 @@ int rsa_test(void) bytes3 = fread(tmp, 1, FOURK_BUF, file3); fclose(file3); - ret = wc_InitRsaKey(&caKey, 0); + ret = wc_InitRsaKey(&caKey, HEAP_HINT); if (ret != 0) { TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -4845,7 +4847,7 @@ int rsa_test(void) } #ifdef WOLFSSL_TEST_CERT - InitDecodedCert(&decode, derCert, certSz, 0); + InitDecodedCert(&decode, derCert, certSz, HEAP_HINT); ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) { TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -4935,12 +4937,13 @@ int rsa_test(void) DecodedCert decode; #endif - derCert = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + derCert = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); if (derCert == NULL) { TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -5311; } - pem = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pem = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -5126,7 +5129,7 @@ int rsa_test(void) TEST_XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_ecc_free(&caKey); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -5412; } ret = (int)fwrite(pem, 1, pemSz, pemFile); @@ -5139,8 +5142,8 @@ int rsa_test(void) } fclose(pemFile); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(derCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_ecc_free(&caKey); } #endif /* HAVE_ECC */ @@ -5160,12 +5163,13 @@ int rsa_test(void) #ifdef WOLFSSL_TEST_CERT DecodedCert decode; #endif - derCert = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + derCert = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); if (derCert == NULL) { TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -311; } - pem = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pem = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -5315,7 +5319,7 @@ int rsa_test(void) #ifdef WOLFSSL_TEST_CERT - InitDecodedCert(&decode, derCert, certSz, 0); + InitDecodedCert(&decode, derCert, certSz, HEAP_HINT); ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) { TEST_XFREE(derCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -5393,12 +5397,12 @@ int rsa_test(void) int pemSz; FILE* reqFile; - der = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + der = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return -463; } - pem = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pem = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); TEST_XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -5703,12 +5707,12 @@ int dsa_test(void) ret = wc_MakeDsaKey(&rng, &genKey); if (ret != 0) return -363; - der = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + der = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { wc_FreeDsaKey(&genKey); return -364; } - pem = (byte*)TEST_XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pem = (byte*)TEST_XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { TEST_XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeDsaKey(&genKey); @@ -7740,8 +7744,8 @@ int compress_test(void) byte *c = NULL; byte *d = NULL; - c = TEST_XMALLOC(cSz * sizeof(byte), NULL, DYNAMIC_TYPE_TMP_BUFFER); - d = TEST_XMALLOC(dSz * sizeof(byte), NULL, DYNAMIC_TYPE_TMP_BUFFER); + c = TEST_XMALLOC(cSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + d = TEST_XMALLOC(dSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); /* follow calloc and initialize to 0 */ XMEMSET(c, 0, cSz); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 45758bb5c..9dc8d0abd 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1656,7 +1656,7 @@ typedef struct TLSX { } TLSX; WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type); -WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list); +WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list, void* heap); WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl); WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest); @@ -1702,7 +1702,7 @@ typedef struct SNI { } SNI; WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, - word16 size); + word16 size, void* heap); #ifndef NO_WOLFSSL_SERVER WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type, @@ -1729,7 +1729,7 @@ WOLFSSL_LOCAL int TLSX_ALPN_GetRequest(TLSX* extensions, void** data, word16 *dataSz); WOLFSSL_LOCAL int TLSX_UseALPN(TLSX** extensions, const void* data, - word16 size, byte options); + word16 size, byte options, void* heap); WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, const byte option); @@ -1738,14 +1738,14 @@ WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, const byte option); /** Maximum Fragment Length Negotiation - RFC 6066 (session 4) */ #ifdef HAVE_MAX_FRAGMENT -WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl); +WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap); #endif /* HAVE_MAX_FRAGMENT */ /** Truncated HMAC - RFC 6066 (session 7) */ #ifdef HAVE_TRUNCATED_HMAC -WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions); +WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap); #endif /* HAVE_TRUNCATED_HMAC */ @@ -1761,8 +1761,9 @@ typedef struct { } CertificateStatusRequest; WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions, - byte status_type, byte options); -WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert); + byte status_type, byte options, void* heap); +WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, + void* heap); WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions); WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl); @@ -1782,8 +1783,9 @@ typedef struct CSRIv2 { } CertificateStatusRequestItemV2; WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, - byte status_type, byte options); -WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer); + byte status_type, byte options, void* heap); +WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, + byte isPeer, void* heap); WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type, byte index); WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl); @@ -1798,7 +1800,8 @@ typedef struct EllipticCurve { struct EllipticCurve* next; /* List Behavior */ } EllipticCurve; -WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name); +WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, + void* heap); #ifndef NO_WOLFSSL_SERVER WOLFSSL_LOCAL int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, @@ -1829,7 +1832,7 @@ typedef struct SecureRenegotiation { Keys tmp_keys; /* can't overwrite real keys yet */ } SecureRenegotiation; -WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions); +WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap); #endif /* HAVE_SECURE_RENEGOTIATION */ @@ -1843,7 +1846,7 @@ typedef struct SessionTicket { } SessionTicket; WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions, - SessionTicket* ticket); + SessionTicket* ticket, void* heap); WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime, byte* data, word16 size); WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket); @@ -1881,7 +1884,7 @@ WOLFSSL_LOCAL word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest); /* used by api for setting a specific QSH scheme */ WOLFSSL_LOCAL int TLSX_UseQSHScheme(TLSX** extensions, word16 name, - byte* pKey, word16 pKeySz); + byte* pKey, word16 pKeySz, void* heap); /* used when parsing in QSHCipher structs */ WOLFSSL_LOCAL int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn, diff --git a/wolfssl/ocsp.h b/wolfssl/ocsp.h index 7865302fb..af083410b 100644 --- a/wolfssl/ocsp.h +++ b/wolfssl/ocsp.h @@ -39,7 +39,7 @@ struct buffer; typedef struct WOLFSSL_OCSP WOLFSSL_OCSP; WOLFSSL_LOCAL int InitOCSP(WOLFSSL_OCSP*, WOLFSSL_CERT_MANAGER*); -WOLFSSL_LOCAL void FreeOCSP(WOLFSSL_OCSP*, int dynamic, void* heap); +WOLFSSL_LOCAL void FreeOCSP(WOLFSSL_OCSP*, int dynamic); WOLFSSL_LOCAL int CheckCertOCSP(WOLFSSL_OCSP*, DecodedCert*, struct buffer* responseBuffer); diff --git a/wolfssl/test.h b/wolfssl/test.h index e8a5d3c9a..3608052a0 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -1596,6 +1596,7 @@ static INLINE int wolfSSL_PrintStats(WOLFSSL_MEM_STATS* stats) return 0; } + /* print to stderr so is on the same pipe as WOLFSSL_DEBUG */ fprintf(stderr, "Total mallocs = %d\n", stats->totalAlloc); fprintf(stderr, "Total frees = %d\n", stats->totalFr); fprintf(stderr, "Current mallocs = %d\n", stats->curAlloc); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index d7329f0e1..8dda43cab 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -768,9 +768,9 @@ struct OcspRequest { WOLFSSL_LOCAL void InitOcspResponse(OcspResponse*, CertStatus*, byte*, word32); -WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse*, void*); +WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse*, void*, void* heap); -WOLFSSL_LOCAL int InitOcspRequest(OcspRequest*, DecodedCert*, byte); +WOLFSSL_LOCAL int InitOcspRequest(OcspRequest*, DecodedCert*, byte, void*); WOLFSSL_LOCAL void FreeOcspRequest(OcspRequest*); WOLFSSL_LOCAL int EncodeOcspRequest(OcspRequest*, byte*, word32); WOLFSSL_LOCAL word32 EncodeOcspRequestExtensions(OcspRequest*, byte*, word32);