WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Add memory usage tracking and logging 

Add WOLFSSL_MEMORY_TRACKING to report allocations and frees with the
type.
Fix places where memory can be freed earlier.
pull/1662/head
Sean Parkinson 2018-07-05 22:18:51 +10:00
parent 3d16ed9c02
commit 506c858ed6
10 changed files with 284 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
examples/client/client.c
View File

@ -1972,12 +1972,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
err_sys("unable to use curve secp256r1");
}
#endif
#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP384R1)
!= WOLFSSL_SUCCESS) {
err_sys("unable to use curve secp384r1");
}
#endif
#endif
}
if (onlyKeyShare == 0 || onlyKeyShare == 1) {

102
src/internal.c
View File

@ -5072,6 +5072,13 @@ void SSL_ResourceFree(WOLFSSL* ssl)
/* clear keys struct after session */
ForceZero(&ssl->keys, sizeof(Keys));
#ifdef WOLFSSL_TLS13
if (ssl->options.tls1_3) {
ForceZero(&ssl->clientSecret, sizeof(ssl->clientSecret));
ForceZero(&ssl->serverSecret, sizeof(ssl->serverSecret));
}
#endif
#ifndef NO_DH
if (ssl->buffers.serverDH_Priv.buffer) {
ForceZero(ssl->buffers.serverDH_Priv.buffer,
@ -5274,22 +5281,34 @@ void FreeHandshakeResources(WOLFSSL* ssl)
if (ssl->buffers.inputBuffer.dynamicFlag)
ShrinkInputBuffer(ssl, NO_FORCED_FREE);
/* suites */
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
if (!ssl->options.tls1_3)
#endif
{
/* suites */
#ifdef SINGLE_THREADED
if (ssl->suites != ssl->ctx->suites)
#endif
XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
ssl->suites = NULL;
ssl->suites = NULL;
/* hsHashes */
FreeHandshakeHashes(ssl);
/* hsHashes */
FreeHandshakeHashes(ssl);
}
/* RNG */
if (ssl->options.tls1_1 == 0
#ifndef WOLFSSL_AEAD_ONLY
|| ssl->specs.cipher_type == stream
#endif
) {
#if defined(WOLFSSL_TLS13)
#if !defined(WOLFSSL_POST_HANDSHAKE_AUTH)
|| ssl->options.tls1_3
#elif !defined(HAVE_SESSION_TICKET)
|| (ssl->options.tls1_3 && ssl->options.side == WOLFSSL_SERVER_END)
#endif
#endif
) {
if (ssl->options.weOwnRng) {
wc_FreeRng(ssl->rng);
XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG);
@ -5308,23 +5327,39 @@ void FreeHandshakeResources(WOLFSSL* ssl)
}
#endif
/* arrays */
if (ssl->options.saveArrays == 0)
FreeArrays(ssl, 1);
#ifndef NO_RSA
/* peerRsaKey */
FreeKey(ssl, DYNAMIC_TYPE_RSA, (void**)&ssl->peerRsaKey);
ssl->peerRsaKeyPresent = 0;
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) && \
defined(HAVE_SESSION_TICKET)
if (!ssl->options.tls1_3)
#endif
/* arrays */
if (ssl->options.saveArrays == 0)
FreeArrays(ssl, 1);
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
if (!ssl->options.tls1_3 || ssl->options.side == WOLFSSL_CLIENT_END)
#endif
{
#ifndef NO_RSA
/* peerRsaKey */
FreeKey(ssl, DYNAMIC_TYPE_RSA, (void**)&ssl->peerRsaKey);
ssl->peerRsaKeyPresent = 0;
#endif
#ifdef HAVE_ECC
FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccDsaKey);
ssl->peerEccDsaKeyPresent = 0;
#endif /* HAVE_ECC */
#ifdef HAVE_ED25519
FreeKey(ssl, DYNAMIC_TYPE_ED25519, (void**)&ssl->peerEd25519Key);
ssl->peerEd25519KeyPresent = 0;
#endif /* HAVE_ED25519 */
}
#ifdef HAVE_ECC
FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccKey);
ssl->peerEccKeyPresent = 0;
FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccDsaKey);
ssl->peerEccDsaKeyPresent = 0;
#endif
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
#ifdef HAVE_CURVE25519
if (ssl->ecdhCurveOID != ECC_X25519_OID)
#endif /* HAVE_CURVE25519 */
{
int dtype;
#ifdef HAVE_ECC
@ -5346,7 +5381,9 @@ void FreeHandshakeResources(WOLFSSL* ssl)
#ifdef HAVE_CURVE25519
FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, (void**)&ssl->peerX25519Key);
ssl->peerX25519KeyPresent = 0;
#endif
#endif /* HAVE_CURVE25519 */
#endif /* HAVE_ECC */
#ifndef NO_DH
if (ssl->buffers.serverDH_Priv.buffer) {
ForceZero(ssl->buffers.serverDH_Priv.buffer,
@ -5364,10 +5401,15 @@ void FreeHandshakeResources(WOLFSSL* ssl)
ssl->buffers.serverDH_P.buffer = NULL;
}
#endif /* !NO_DH */
#ifndef NO_CERTS
wolfSSL_UnloadCertsKeys(ssl);
#endif
#ifdef HAVE_PK_CALLBACKS
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
if (!ssl->options.tls1_3 || ssl->options.side == WOLFSSL_CLIENT_END)
#endif
{
#ifdef HAVE_ECC
XFREE(ssl->buffers.peerEccDsaKey.buffer, ssl->heap, DYNAMIC_TYPE_ECC);
ssl->buffers.peerEccDsaKey.buffer = NULL;
@ -5381,6 +5423,7 @@ void FreeHandshakeResources(WOLFSSL* ssl)
DYNAMIC_TYPE_ED25519);
ssl->buffers.peerEd25519Key.buffer = NULL;
#endif
}
#endif /* HAVE_PK_CALLBACKS */
#ifdef HAVE_QSH
@ -5396,6 +5439,13 @@ void FreeHandshakeResources(WOLFSSL* ssl)
}
#endif
#if defined(HAVE_TLS_EXTENSIONS) && !defined(HAVE_SNI) && \
!defined(HAVE_ALPN) && !defined(WOLFSSL_POST_HANDSHAKE_AUTH)
/* Some extensions need to be kept for post-handshake querying. */
TLSX_FreeAll(ssl->extensions, ssl->heap);
ssl->extensions = NULL;
#endif
#ifdef WOLFSSL_STATIC_MEMORY
/* when done with handshake decrement current handshake count */
if (ssl->heap != NULL) {
@ -15396,7 +15446,7 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
return "Certificate context does not match request or not empty";
case BAD_KEY_SHARE_DATA:
return "The Key Share data contains group that was in Client Hello";
return "The Key Share data contains group that wasn't in Client Hello";
case MISSING_HANDSHAKE_DATA:
return "The handshake message is missing required data";
@ -18240,6 +18290,11 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
args->sigSz = (word16)ret;
ret = 0;
}
/* peerRsaKey */
FreeKey(ssl, DYNAMIC_TYPE_RSA,
(void**)&ssl->peerRsaKey);
ssl->peerRsaKeyPresent = 0;
break;
}
#endif /* !NO_RSA */
@ -20454,7 +20509,14 @@ int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length)
/* Create a fake sessionID based on the ticket, this will
* supercede the existing session cache info. */
ssl->options.haveSessionId = 1;
XMEMCPY(ssl->arrays->sessionID,
#ifdef WOLFSSL_TLS13
if (ssl->options.tls1_3) {
XMEMCPY(ssl->session.sessionID,
ssl->session.ticket + length - ID_LEN, ID_LEN);
}
else
#endif
XMEMCPY(ssl->arrays->sessionID,
ssl->session.ticket + length - ID_LEN, ID_LEN);
}

28
src/ssl.c
View File

@ -9655,7 +9655,7 @@ WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret,
return NULL;
#endif
if (ssl->arrays)
if (!ssl->options.tls1_3 && ssl->arrays != NULL)
id = ssl->arrays->sessionID;
else
id = ssl->session.sessionID;
@ -9932,8 +9932,17 @@ int AddSession(WOLFSSL* ssl)
{
/* Use the session object in the cache for external cache if required.
*/
row = HashSession(ssl->arrays->sessionID, ID_LEN, &error) %
SESSION_ROWS;
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
if (ssl->options.tls1_3) {
row = HashSession(ssl->session.sessionID, ID_LEN, &error) %
SESSION_ROWS;
}
else
#endif
{
row = HashSession(ssl->arrays->sessionID, ID_LEN, &error) %
SESSION_ROWS;
}
if (error != 0) {
WOLFSSL_MSG("Hash session failed");
#ifdef HAVE_SESSION_TICKET
@ -9961,8 +9970,17 @@ int AddSession(WOLFSSL* ssl)
else
XMEMCPY(session->masterSecret, ssl->session.masterSecret, SECRET_LEN);
session->haveEMS = ssl->options.haveEMS;
XMEMCPY(session->sessionID, ssl->arrays->sessionID, ID_LEN);
session->sessionIDSz = ssl->arrays->sessionIDSz;
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
if (ssl->options.tls1_3) {
XMEMCPY(session->sessionID, ssl->session.sessionID, ID_LEN);
session->sessionIDSz = ID_LEN;
}
else
#endif
{
XMEMCPY(session->sessionID, ssl->arrays->sessionID, ID_LEN);
session->sessionIDSz = ssl->arrays->sessionIDSz;
}
#ifdef OPENSSL_EXTRA
/* If using compatibilty layer then check for and copy over session context

26
src/tls.c
View File

@ -6203,7 +6203,8 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap)
#endif
}
}
XFREE(current->key, heap, DYNAMIC_TYPE_PRIVATE_KEY);
if (current->key != NULL)
XFREE(current->key, heap, DYNAMIC_TYPE_PRIVATE_KEY);
XFREE(current->pubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
XFREE(current->ke, heap, DYNAMIC_TYPE_PUBLIC_KEY);
XFREE(current, heap, DYNAMIC_TYPE_TLSX);
@ -6396,10 +6397,18 @@ static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
ssl->arrays->preMasterSz = params->p_len;
}
wc_FreeDhKey(dhKey);
wc_FreeDhKey(&dhKey);
#ifdef WOLFSSL_SMALL_STACK
XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH);
#endif
if (keyShareEntry->key != NULL) {
XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
keyShareEntry->key = NULL;
}
XFREE(keyShareEntry->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
keyShareEntry->pubKey = NULL;
XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
keyShareEntry->ke = NULL;
return ret;
#else
@ -6463,8 +6472,14 @@ static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl,
&ssl->arrays->preMasterSz,
EC25519_LITTLE_ENDIAN);
}
wc_curve25519_free(peerX25519Key);
XFREE(peerX25519Key, ssl->heap, DYNAMIC_TYPE_TLSX);
wc_curve25519_free((curve25519_key*)keyShareEntry->key);
if (keyShareEntry->key != NULL) {
XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
keyShareEntry->key = NULL;
}
#else
(void)ssl;
(void)keyShareEntry;
@ -6566,6 +6581,13 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
);
#endif
XFREE(ssl->peerEccKey, ssl->heap, DYNAMIC_TYPE_ECC);
ssl->peerEccKey = NULL;
wc_ecc_free((ecc_key*)(keyShareEntry->key));
if (keyShareEntry->key != NULL) {
XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
keyShareEntry->key = NULL;
}
#else
(void)ssl;

97
src/tls13.c
View File

@ -1027,7 +1027,7 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
switch (secret) {
#ifdef WOLFSSL_EARLY_DATA
case early_data_key:
ret = DeriveEarlyTrafficSecret(ssl, ssl->arrays->clientSecret);
ret = DeriveEarlyTrafficSecret(ssl, ssl->clientSecret);
if (ret != 0)
goto end;
break;
@ -1036,13 +1036,13 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
case handshake_key:
if (provision & PROVISION_CLIENT) {
ret = DeriveClientHandshakeSecret(ssl,
ssl->arrays->clientSecret);
ssl->clientSecret);
if (ret != 0)
goto end;
}
if (provision & PROVISION_SERVER) {
ret = DeriveServerHandshakeSecret(ssl,
ssl->arrays->serverSecret);
ssl->serverSecret);
if (ret != 0)
goto end;
}
@ -1050,12 +1050,12 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
case traffic_key:
if (provision & PROVISION_CLIENT) {
ret = DeriveClientTrafficSecret(ssl, ssl->arrays->clientSecret);
ret = DeriveClientTrafficSecret(ssl, ssl->clientSecret);
if (ret != 0)
goto end;
}
if (provision & PROVISION_SERVER) {
ret = DeriveServerTrafficSecret(ssl, ssl->arrays->serverSecret);
ret = DeriveServerTrafficSecret(ssl, ssl->serverSecret);
if (ret != 0)
goto end;
}
@ -1063,12 +1063,12 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
case update_traffic_key:
if (provision & PROVISION_CLIENT) {
ret = DeriveTrafficSecret(ssl, ssl->arrays->clientSecret);
ret = DeriveTrafficSecret(ssl, ssl->clientSecret);
if (ret != 0)
goto end;
}
if (provision & PROVISION_SERVER) {
ret = DeriveTrafficSecret(ssl, ssl->arrays->serverSecret);
ret = DeriveTrafficSecret(ssl, ssl->serverSecret);
if (ret != 0)
goto end;
}
@ -1084,7 +1084,7 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
/* Derive the client key. */
WOLFSSL_MSG("Derive Client Key");
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.key_size,
ssl->arrays->clientSecret, writeKeyLabel,
ssl->clientSecret, writeKeyLabel,
WRITE_KEY_LABEL_SZ, ssl->specs.mac_algorithm, 0);
if (ret != 0)
goto end;
@ -1095,7 +1095,7 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
/* Derive the server key. */
WOLFSSL_MSG("Derive Server Key");
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.key_size,
ssl->arrays->serverSecret, writeKeyLabel,
ssl->serverSecret, writeKeyLabel,
WRITE_KEY_LABEL_SZ, ssl->specs.mac_algorithm, 0);
if (ret != 0)
goto end;
@ -1106,7 +1106,7 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
/* Derive the client IV. */
WOLFSSL_MSG("Derive Client IV");
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.iv_size,
ssl->arrays->clientSecret, writeIVLabel,
ssl->clientSecret, writeIVLabel,
WRITE_IV_LABEL_SZ, ssl->specs.mac_algorithm, 0);
if (ret != 0)
goto end;
@ -1117,7 +1117,7 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
/* Derive the server IV. */
WOLFSSL_MSG("Derive Server IV");
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.iv_size,
ssl->arrays->serverSecret, writeIVLabel,
ssl->serverSecret, writeIVLabel,
WRITE_IV_LABEL_SZ, ssl->specs.mac_algorithm, 0);
if (ret != 0)
goto end;
@ -5141,9 +5141,6 @@ static int SendTls13Certificate(WOLFSSL* ssl)
typedef struct Scv13Args {
byte* output; /* not allocated */
#ifndef NO_RSA
byte* verifySig;
#endif
byte* verify; /* not allocated */
word32 idx;
word32 sigLen;
@ -5161,12 +5158,6 @@ static void FreeScv13Args(WOLFSSL* ssl, void* pArgs)
(void)ssl;
#ifndef NO_RSA
if (args->verifySig) {
XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
args->verifySig = NULL;
}
#endif
if (args->sigData) {
XFREE(args->sigData, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
args->sigData = NULL;
@ -5279,13 +5270,22 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
#endif
EncodeSigAlg(ssl->suites->hashAlgo, args->sigAlgo, args->verify);
/* Create the data to be signed. */
args->sigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap,
DYNAMIC_TYPE_SIGNATURE);
if (ssl->hsType == DYNAMIC_TYPE_RSA) {
int sigLen = MAX_SIG_DATA_SZ;
if (args->length > MAX_SIG_DATA_SZ)
sigLen = args->length;
args->sigData = (byte*)XMALLOC(sigLen, ssl->heap,
DYNAMIC_TYPE_SIGNATURE);
}
else {
args->sigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap,
DYNAMIC_TYPE_SIGNATURE);
}
if (args->sigData == NULL) {
ERROR_OUT(MEMORY_E, exit_scv);
}
/* Create the data to be signed. */
ret = CreateSigData(ssl, args->sigData, &args->sigDataSz, 0);
if (ret != 0)
goto exit_scv;
@ -5398,19 +5398,12 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
{
#ifndef NO_RSA
if (ssl->hsType == DYNAMIC_TYPE_RSA) {
if (args->verifySig == NULL) {
args->verifySig = (byte*)XMALLOC(args->sigLen, ssl->heap,
DYNAMIC_TYPE_SIGNATURE);
if (args->verifySig == NULL) {
ERROR_OUT(MEMORY_E, exit_scv);
}
XMEMCPY(args->verifySig,
args->verify + HASH_SIG_SIZE + VERIFY_HEADER,
args->sigLen);
}
XMEMCPY(args->sigData,
args->verify + HASH_SIG_SIZE + VERIFY_HEADER,
args->sigLen);
/* check for signature faults */
ret = VerifyRsaSign(ssl, args->verifySig, args->sigLen,
ret = VerifyRsaSign(ssl, args->sigData, args->sigLen,
sig->buffer, sig->length, args->sigAlgo,
ssl->suites->hashAlgo, (RsaKey*)ssl->hsKey,
ssl->buffers.key
@ -5740,6 +5733,9 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
if (ret >= 0) {
args->sendSz = ret;
ret = 0;
FreeKey(ssl, DYNAMIC_TYPE_RSA, (void**)&ssl->peerRsaKey);
ssl->peerRsaKeyPresent = 0;
}
}
#endif /* !NO_RSA */
@ -5756,6 +5752,11 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
NULL
#endif
);
if (ret >= 0) {
FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccDsaKey);
ssl->peerEccDsaKeyPresent = 0;
}
}
#endif /* HAVE_ECC */
#ifdef HAVE_ED25519
@ -5771,6 +5772,12 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
NULL
#endif
);
if (ret >= 0) {
FreeKey(ssl, DYNAMIC_TYPE_ED25519,
(void**)&ssl->peerEd25519Key);
ssl->peerEd25519KeyPresent = 0;
}
}
#endif
@ -5876,7 +5883,7 @@ static int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
return BUFFER_E;
if (ssl->options.handShakeDone) {
ret = DeriveFinishedSecret(ssl, ssl->arrays->clientSecret,
ret = DeriveFinishedSecret(ssl, ssl->clientSecret,
ssl->keys.client_write_MAC_secret);
if (ret != 0)
return ret;
@ -5887,12 +5894,12 @@ static int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* All the handshake messages have been received to calculate
* client and server finished keys.
*/
ret = DeriveFinishedSecret(ssl, ssl->arrays->clientSecret,
ret = DeriveFinishedSecret(ssl, ssl->clientSecret,
ssl->keys.client_write_MAC_secret);
if (ret != 0)
return ret;
ret = DeriveFinishedSecret(ssl, ssl->arrays->serverSecret,
ret = DeriveFinishedSecret(ssl, ssl->serverSecret,
ssl->keys.server_write_MAC_secret);
if (ret != 0)
return ret;
@ -5990,7 +5997,7 @@ static int SendTls13Finished(WOLFSSL* ssl)
/* make finished hashes */
if (ssl->options.handShakeDone) {
ret = DeriveFinishedSecret(ssl, ssl->arrays->clientSecret,
ret = DeriveFinishedSecret(ssl, ssl->clientSecret,
ssl->keys.client_write_MAC_secret);
if (ret != 0)
return ret;
@ -6003,12 +6010,12 @@ static int SendTls13Finished(WOLFSSL* ssl)
/* All the handshake messages have been done to calculate client and
* server finished keys.
*/
ret = DeriveFinishedSecret(ssl, ssl->arrays->clientSecret,
ret = DeriveFinishedSecret(ssl, ssl->clientSecret,
ssl->keys.client_write_MAC_secret);
if (ret != 0)
return ret;
ret = DeriveFinishedSecret(ssl, ssl->arrays->serverSecret,
ret = DeriveFinishedSecret(ssl, ssl->serverSecret,
ssl->keys.server_write_MAC_secret);
if (ret != 0)
return ret;
@ -6025,7 +6032,7 @@ static int SendTls13Finished(WOLFSSL* ssl)
if (sendSz < 0)
return BUILD_MSG_ERROR;
if (!ssl->options.resuming) {
if (!ssl->options.resuming && ssl->options.side == WOLFSSL_SERVER_END) {
#ifndef NO_SESSION_CACHE
AddSession(ssl); /* just try */
#endif
@ -7578,6 +7585,10 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
}
#endif /* NO_HANDSHAKE_DONE_CB */
if (!ssl->options.keepResources) {
FreeHandshakeResources(ssl);
}
WOLFSSL_LEAVE("wolfSSL_connect_TLSv13()", WOLFSSL_SUCCESS);
return WOLFSSL_SUCCESS;
@ -8351,6 +8362,10 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
}
#endif /* NO_HANDSHAKE_DONE_CB */
if (!ssl->options.keepResources) {
FreeHandshakeResources(ssl);
}
WOLFSSL_LEAVE("SSL_accept()", WOLFSSL_SUCCESS);
return WOLFSSL_SUCCESS;

75
wolfcrypt/src/memory.c
View File

@ -992,3 +992,78 @@ void XFREE(void *p, void* heap, int type)
#endif /* HAVE_IO_POOL */
#ifdef WOLFSSL_MEMORY_TRACKING
void *xmalloc(size_t n, void* heap, int type, const char* func,
unsigned int line)
{
void* p;
word32* p32;
if (malloc_function)
p32 = malloc_function(n + sizeof(word32) * 4);
else
p32 = malloc(n + sizeof(word32) * 4);
p32[0] = n;
p = (void*)(p32 + 4);
fprintf(stderr, "Alloc: %p -> %u (%d) at %s:%d\n", p, (word32)n, type, func,
line);
(void)heap;
return p;
}
void *xrealloc(void *p, size_t n, void* heap, int type, const char* func,
unsigned int line)
{
void* newp = NULL;
word32* p32;
word32* oldp32 = NULL;
if (p != NULL) {
oldp32 = (word32*)p;
oldp32 -= 4;
}
if (realloc_function)
p32 = realloc_function(oldp32, n + sizeof(word32) * 4);
else
p32 = realloc(oldp32, n + sizeof(word32) * 4);
if (p32 != NULL) {
p32[0] = n;
newp = (void*)(p32 + 4);
fprintf(stderr, "Alloc: %p -> %u (%d) at %s:%d\n", newp, (word32)n,
type, func, line);
if (p != NULL) {
fprintf(stderr, "Free: %p -> %u (%d) at %s:%d\n", p, oldp32[0],
type, func, line);
}
}
(void)heap;
return newp;
}
void xfree(void *p, void* heap, int type, const char* func, unsigned int line)
{
word32* p32 = (word32*)p;
if (p != NULL) {
p32 -= 4;
fprintf(stderr, "Free: %p -> %u (%d) at %s:%d\n", p, p32[0], type, func,
line);
if (free_function)
free_function(p32);
else
free(p32);
}
(void)heap;
}
#endif /* WOLFSSL_MEMORY_TRACKING */

6
wolfcrypt/src/sp_c32.c
View File

@ -8704,7 +8704,7 @@ static int sp_256_ecc_mulmod_10(sp_point* r, sp_point* g, sp_digit* k,
(void)heap;
td = (sp_point*)XMALLOC(sizeof(sp_point) * 3, heap, DYNAMIC_TYPE_ECC);
td = (sp_point*)XMALLOC(sizeof(sp_point) * 3, heap, DYNAMIC_TYPE_TMP_ECC);
if (td == NULL)
err = MEMORY_E;
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 5, heap,
@ -8764,11 +8764,11 @@ static int sp_256_ecc_mulmod_10(sp_point* r, sp_point* g, sp_digit* k,
if (tmp != NULL) {
XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 10 * 5);
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_ECC);
}
if (td != NULL) {
XMEMSET(td, 0, sizeof(sp_point) * 3);
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(td, NULL, DYNAMIC_TYPE_TMP_ECC);
}
return err;

6
wolfcrypt/src/sp_c64.c
View File

@ -7926,7 +7926,7 @@ static int sp_256_ecc_mulmod_5(sp_point* r, sp_point* g, sp_digit* k,
(void)heap;
td = (sp_point*)XMALLOC(sizeof(sp_point) * 3, heap, DYNAMIC_TYPE_ECC);
td = (sp_point*)XMALLOC(sizeof(sp_point) * 3, heap, DYNAMIC_TYPE_TMP_ECC);
if (td == NULL)
err = MEMORY_E;
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 5 * 5, heap,
@ -7986,11 +7986,11 @@ static int sp_256_ecc_mulmod_5(sp_point* r, sp_point* g, sp_digit* k,
if (tmp != NULL) {
XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 5 * 5);
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_ECC);
}
if (td != NULL) {
XMEMSET(td, 0, sizeof(sp_point) * 3);
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(td, NULL, DYNAMIC_TYPE_TMP_ECC);
}
return err;

6
wolfssl/internal.h
View File

@ -3278,8 +3278,6 @@ typedef struct Arrays {
byte sessionID[ID_LEN];
byte sessionIDSz;
#ifdef WOLFSSL_TLS13
byte clientSecret[SECRET_LEN];
byte serverSecret[SECRET_LEN];
byte secret[SECRET_LEN];
#endif
byte masterSecret[SECRET_LEN];
@ -3572,6 +3570,10 @@ struct WOLFSSL {
WOLFSSL_CTX* ctx;
Suites* suites; /* only need during handshake */
Arrays* arrays;
#ifdef WOLFSSL_TLS13
byte clientSecret[SECRET_LEN];
byte serverSecret[SECRET_LEN];
#endif
HS_Hashes* hsHashes;
void* IOCB_ReadCtx;
void* IOCB_WriteCtx;

14
wolfssl/wolfcrypt/types.h
View File

@ -228,6 +228,20 @@
extern void *XMALLOC(size_t n, void* heap, int type);
extern void *XREALLOC(void *p, size_t n, void* heap, int type);
extern void XFREE(void *p, void* heap, int type);
#elif defined(WOLFSSL_MEMORY_TRACKING)
#define XMALLOC(n, h, t) xmalloc(n, h, t, __FILE__, __LINE__)
#define XREALLOC(p, n, h, t) xrealloc(p, n, h, t, __FILE__, __LINE__)
#define XFREE(p, h, t) xfree(p, h, t, __FILE__, __LINE__)
/* prototypes for user heap override functions */
#include <stddef.h> /* for size_t */
#include <stdlib.h>
extern void *xmalloc(size_t n, void* heap, int type, const char* func,
unsigned int line);
extern void *xrealloc(void *p, size_t n, void* heap, int type,
const char* func, unsigned int line);
extern void xfree(void *p, void* heap, int type, const char* func,
unsigned int line);
#elif defined(XMALLOC_OVERRIDE)
/* override the XMALLOC, XFREE and XREALLOC macros */
#elif defined(NO_WOLFSSL_MEMORY)