mirror of https://github.com/wolfSSL/wolfssl.git
Add memory usage tracking and logging
Add WOLFSSL_MEMORY_TRACKING to report allocations and frees with the type. Fix places where memory can be freed earlier.pull/1662/head
parent
3d16ed9c02
commit
506c858ed6
|
@ -1972,12 +1972,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||
err_sys("unable to use curve secp256r1");
|
||||
}
|
||||
#endif
|
||||
#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
|
||||
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP384R1)
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
err_sys("unable to use curve secp384r1");
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
if (onlyKeyShare == 0 || onlyKeyShare == 1) {
|
||||
|
|
102
src/internal.c
102
src/internal.c
|
@ -5072,6 +5072,13 @@ void SSL_ResourceFree(WOLFSSL* ssl)
|
|||
/* clear keys struct after session */
|
||||
ForceZero(&ssl->keys, sizeof(Keys));
|
||||
|
||||
#ifdef WOLFSSL_TLS13
|
||||
if (ssl->options.tls1_3) {
|
||||
ForceZero(&ssl->clientSecret, sizeof(ssl->clientSecret));
|
||||
ForceZero(&ssl->serverSecret, sizeof(ssl->serverSecret));
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef NO_DH
|
||||
if (ssl->buffers.serverDH_Priv.buffer) {
|
||||
ForceZero(ssl->buffers.serverDH_Priv.buffer,
|
||||
|
@ -5274,22 +5281,34 @@ void FreeHandshakeResources(WOLFSSL* ssl)
|
|||
if (ssl->buffers.inputBuffer.dynamicFlag)
|
||||
ShrinkInputBuffer(ssl, NO_FORCED_FREE);
|
||||
|
||||
/* suites */
|
||||
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
|
||||
if (!ssl->options.tls1_3)
|
||||
#endif
|
||||
{
|
||||
/* suites */
|
||||
#ifdef SINGLE_THREADED
|
||||
if (ssl->suites != ssl->ctx->suites)
|
||||
#endif
|
||||
XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
|
||||
ssl->suites = NULL;
|
||||
ssl->suites = NULL;
|
||||
|
||||
/* hsHashes */
|
||||
FreeHandshakeHashes(ssl);
|
||||
/* hsHashes */
|
||||
FreeHandshakeHashes(ssl);
|
||||
}
|
||||
|
||||
/* RNG */
|
||||
if (ssl->options.tls1_1 == 0
|
||||
#ifndef WOLFSSL_AEAD_ONLY
|
||||
|| ssl->specs.cipher_type == stream
|
||||
#endif
|
||||
) {
|
||||
#if defined(WOLFSSL_TLS13)
|
||||
#if !defined(WOLFSSL_POST_HANDSHAKE_AUTH)
|
||||
|| ssl->options.tls1_3
|
||||
#elif !defined(HAVE_SESSION_TICKET)
|
||||
|| (ssl->options.tls1_3 && ssl->options.side == WOLFSSL_SERVER_END)
|
||||
#endif
|
||||
#endif
|
||||
) {
|
||||
if (ssl->options.weOwnRng) {
|
||||
wc_FreeRng(ssl->rng);
|
||||
XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG);
|
||||
|
@ -5308,23 +5327,39 @@ void FreeHandshakeResources(WOLFSSL* ssl)
|
|||
}
|
||||
#endif
|
||||
|
||||
/* arrays */
|
||||
if (ssl->options.saveArrays == 0)
|
||||
FreeArrays(ssl, 1);
|
||||
|
||||
#ifndef NO_RSA
|
||||
/* peerRsaKey */
|
||||
FreeKey(ssl, DYNAMIC_TYPE_RSA, (void**)&ssl->peerRsaKey);
|
||||
ssl->peerRsaKeyPresent = 0;
|
||||
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) && \
|
||||
defined(HAVE_SESSION_TICKET)
|
||||
if (!ssl->options.tls1_3)
|
||||
#endif
|
||||
/* arrays */
|
||||
if (ssl->options.saveArrays == 0)
|
||||
FreeArrays(ssl, 1);
|
||||
|
||||
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
|
||||
if (!ssl->options.tls1_3 || ssl->options.side == WOLFSSL_CLIENT_END)
|
||||
#endif
|
||||
{
|
||||
#ifndef NO_RSA
|
||||
/* peerRsaKey */
|
||||
FreeKey(ssl, DYNAMIC_TYPE_RSA, (void**)&ssl->peerRsaKey);
|
||||
ssl->peerRsaKeyPresent = 0;
|
||||
#endif
|
||||
#ifdef HAVE_ECC
|
||||
FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccDsaKey);
|
||||
ssl->peerEccDsaKeyPresent = 0;
|
||||
#endif /* HAVE_ECC */
|
||||
#ifdef HAVE_ED25519
|
||||
FreeKey(ssl, DYNAMIC_TYPE_ED25519, (void**)&ssl->peerEd25519Key);
|
||||
ssl->peerEd25519KeyPresent = 0;
|
||||
#endif /* HAVE_ED25519 */
|
||||
}
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccKey);
|
||||
ssl->peerEccKeyPresent = 0;
|
||||
FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccDsaKey);
|
||||
ssl->peerEccDsaKeyPresent = 0;
|
||||
#endif
|
||||
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
|
||||
#ifdef HAVE_CURVE25519
|
||||
if (ssl->ecdhCurveOID != ECC_X25519_OID)
|
||||
#endif /* HAVE_CURVE25519 */
|
||||
{
|
||||
int dtype;
|
||||
#ifdef HAVE_ECC
|
||||
|
@ -5346,7 +5381,9 @@ void FreeHandshakeResources(WOLFSSL* ssl)
|
|||
#ifdef HAVE_CURVE25519
|
||||
FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, (void**)&ssl->peerX25519Key);
|
||||
ssl->peerX25519KeyPresent = 0;
|
||||
#endif
|
||||
#endif /* HAVE_CURVE25519 */
|
||||
#endif /* HAVE_ECC */
|
||||
|
||||
#ifndef NO_DH
|
||||
if (ssl->buffers.serverDH_Priv.buffer) {
|
||||
ForceZero(ssl->buffers.serverDH_Priv.buffer,
|
||||
|
@ -5364,10 +5401,15 @@ void FreeHandshakeResources(WOLFSSL* ssl)
|
|||
ssl->buffers.serverDH_P.buffer = NULL;
|
||||
}
|
||||
#endif /* !NO_DH */
|
||||
|
||||
#ifndef NO_CERTS
|
||||
wolfSSL_UnloadCertsKeys(ssl);
|
||||
#endif
|
||||
#ifdef HAVE_PK_CALLBACKS
|
||||
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
|
||||
if (!ssl->options.tls1_3 || ssl->options.side == WOLFSSL_CLIENT_END)
|
||||
#endif
|
||||
{
|
||||
#ifdef HAVE_ECC
|
||||
XFREE(ssl->buffers.peerEccDsaKey.buffer, ssl->heap, DYNAMIC_TYPE_ECC);
|
||||
ssl->buffers.peerEccDsaKey.buffer = NULL;
|
||||
|
@ -5381,6 +5423,7 @@ void FreeHandshakeResources(WOLFSSL* ssl)
|
|||
DYNAMIC_TYPE_ED25519);
|
||||
ssl->buffers.peerEd25519Key.buffer = NULL;
|
||||
#endif
|
||||
}
|
||||
#endif /* HAVE_PK_CALLBACKS */
|
||||
|
||||
#ifdef HAVE_QSH
|
||||
|
@ -5396,6 +5439,13 @@ void FreeHandshakeResources(WOLFSSL* ssl)
|
|||
}
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_TLS_EXTENSIONS) && !defined(HAVE_SNI) && \
|
||||
!defined(HAVE_ALPN) && !defined(WOLFSSL_POST_HANDSHAKE_AUTH)
|
||||
/* Some extensions need to be kept for post-handshake querying. */
|
||||
TLSX_FreeAll(ssl->extensions, ssl->heap);
|
||||
ssl->extensions = NULL;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_STATIC_MEMORY
|
||||
/* when done with handshake decrement current handshake count */
|
||||
if (ssl->heap != NULL) {
|
||||
|
@ -15396,7 +15446,7 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
|
|||
return "Certificate context does not match request or not empty";
|
||||
|
||||
case BAD_KEY_SHARE_DATA:
|
||||
return "The Key Share data contains group that was in Client Hello";
|
||||
return "The Key Share data contains group that wasn't in Client Hello";
|
||||
|
||||
case MISSING_HANDSHAKE_DATA:
|
||||
return "The handshake message is missing required data";
|
||||
|
@ -18240,6 +18290,11 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
|
|||
args->sigSz = (word16)ret;
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
/* peerRsaKey */
|
||||
FreeKey(ssl, DYNAMIC_TYPE_RSA,
|
||||
(void**)&ssl->peerRsaKey);
|
||||
ssl->peerRsaKeyPresent = 0;
|
||||
break;
|
||||
}
|
||||
#endif /* !NO_RSA */
|
||||
|
@ -20454,7 +20509,14 @@ int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length)
|
|||
/* Create a fake sessionID based on the ticket, this will
|
||||
* supercede the existing session cache info. */
|
||||
ssl->options.haveSessionId = 1;
|
||||
XMEMCPY(ssl->arrays->sessionID,
|
||||
#ifdef WOLFSSL_TLS13
|
||||
if (ssl->options.tls1_3) {
|
||||
XMEMCPY(ssl->session.sessionID,
|
||||
ssl->session.ticket + length - ID_LEN, ID_LEN);
|
||||
}
|
||||
else
|
||||
#endif
|
||||
XMEMCPY(ssl->arrays->sessionID,
|
||||
ssl->session.ticket + length - ID_LEN, ID_LEN);
|
||||
}
|
||||
|
||||
|
|
28
src/ssl.c
28
src/ssl.c
|
@ -9655,7 +9655,7 @@ WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret,
|
|||
return NULL;
|
||||
#endif
|
||||
|
||||
if (ssl->arrays)
|
||||
if (!ssl->options.tls1_3 && ssl->arrays != NULL)
|
||||
id = ssl->arrays->sessionID;
|
||||
else
|
||||
id = ssl->session.sessionID;
|
||||
|
@ -9932,8 +9932,17 @@ int AddSession(WOLFSSL* ssl)
|
|||
{
|
||||
/* Use the session object in the cache for external cache if required.
|
||||
*/
|
||||
row = HashSession(ssl->arrays->sessionID, ID_LEN, &error) %
|
||||
SESSION_ROWS;
|
||||
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
|
||||
if (ssl->options.tls1_3) {
|
||||
row = HashSession(ssl->session.sessionID, ID_LEN, &error) %
|
||||
SESSION_ROWS;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
row = HashSession(ssl->arrays->sessionID, ID_LEN, &error) %
|
||||
SESSION_ROWS;
|
||||
}
|
||||
if (error != 0) {
|
||||
WOLFSSL_MSG("Hash session failed");
|
||||
#ifdef HAVE_SESSION_TICKET
|
||||
|
@ -9961,8 +9970,17 @@ int AddSession(WOLFSSL* ssl)
|
|||
else
|
||||
XMEMCPY(session->masterSecret, ssl->session.masterSecret, SECRET_LEN);
|
||||
session->haveEMS = ssl->options.haveEMS;
|
||||
XMEMCPY(session->sessionID, ssl->arrays->sessionID, ID_LEN);
|
||||
session->sessionIDSz = ssl->arrays->sessionIDSz;
|
||||
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
|
||||
if (ssl->options.tls1_3) {
|
||||
XMEMCPY(session->sessionID, ssl->session.sessionID, ID_LEN);
|
||||
session->sessionIDSz = ID_LEN;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
XMEMCPY(session->sessionID, ssl->arrays->sessionID, ID_LEN);
|
||||
session->sessionIDSz = ssl->arrays->sessionIDSz;
|
||||
}
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
/* If using compatibilty layer then check for and copy over session context
|
||||
|
|
26
src/tls.c
26
src/tls.c
|
@ -6203,7 +6203,8 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap)
|
|||
#endif
|
||||
}
|
||||
}
|
||||
XFREE(current->key, heap, DYNAMIC_TYPE_PRIVATE_KEY);
|
||||
if (current->key != NULL)
|
||||
XFREE(current->key, heap, DYNAMIC_TYPE_PRIVATE_KEY);
|
||||
XFREE(current->pubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
XFREE(current->ke, heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
XFREE(current, heap, DYNAMIC_TYPE_TLSX);
|
||||
|
@ -6396,10 +6397,18 @@ static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
|
|||
ssl->arrays->preMasterSz = params->p_len;
|
||||
}
|
||||
|
||||
wc_FreeDhKey(dhKey);
|
||||
wc_FreeDhKey(&dhKey);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(dhKey, ssl->heap, DYNAMIC_TYPE_DH);
|
||||
#endif
|
||||
if (keyShareEntry->key != NULL) {
|
||||
XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
|
||||
keyShareEntry->key = NULL;
|
||||
}
|
||||
XFREE(keyShareEntry->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
keyShareEntry->pubKey = NULL;
|
||||
XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
keyShareEntry->ke = NULL;
|
||||
|
||||
return ret;
|
||||
#else
|
||||
|
@ -6463,8 +6472,14 @@ static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl,
|
|||
&ssl->arrays->preMasterSz,
|
||||
EC25519_LITTLE_ENDIAN);
|
||||
}
|
||||
|
||||
wc_curve25519_free(peerX25519Key);
|
||||
XFREE(peerX25519Key, ssl->heap, DYNAMIC_TYPE_TLSX);
|
||||
wc_curve25519_free((curve25519_key*)keyShareEntry->key);
|
||||
if (keyShareEntry->key != NULL) {
|
||||
XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
|
||||
keyShareEntry->key = NULL;
|
||||
}
|
||||
#else
|
||||
(void)ssl;
|
||||
(void)keyShareEntry;
|
||||
|
@ -6566,6 +6581,13 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
|
|||
);
|
||||
#endif
|
||||
|
||||
XFREE(ssl->peerEccKey, ssl->heap, DYNAMIC_TYPE_ECC);
|
||||
ssl->peerEccKey = NULL;
|
||||
wc_ecc_free((ecc_key*)(keyShareEntry->key));
|
||||
if (keyShareEntry->key != NULL) {
|
||||
XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
|
||||
keyShareEntry->key = NULL;
|
||||
}
|
||||
|
||||
#else
|
||||
(void)ssl;
|
||||
|
|
97
src/tls13.c
97
src/tls13.c
|
@ -1027,7 +1027,7 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
|
|||
switch (secret) {
|
||||
#ifdef WOLFSSL_EARLY_DATA
|
||||
case early_data_key:
|
||||
ret = DeriveEarlyTrafficSecret(ssl, ssl->arrays->clientSecret);
|
||||
ret = DeriveEarlyTrafficSecret(ssl, ssl->clientSecret);
|
||||
if (ret != 0)
|
||||
goto end;
|
||||
break;
|
||||
|
@ -1036,13 +1036,13 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
|
|||
case handshake_key:
|
||||
if (provision & PROVISION_CLIENT) {
|
||||
ret = DeriveClientHandshakeSecret(ssl,
|
||||
ssl->arrays->clientSecret);
|
||||
ssl->clientSecret);
|
||||
if (ret != 0)
|
||||
goto end;
|
||||
}
|
||||
if (provision & PROVISION_SERVER) {
|
||||
ret = DeriveServerHandshakeSecret(ssl,
|
||||
ssl->arrays->serverSecret);
|
||||
ssl->serverSecret);
|
||||
if (ret != 0)
|
||||
goto end;
|
||||
}
|
||||
|
@ -1050,12 +1050,12 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
|
|||
|
||||
case traffic_key:
|
||||
if (provision & PROVISION_CLIENT) {
|
||||
ret = DeriveClientTrafficSecret(ssl, ssl->arrays->clientSecret);
|
||||
ret = DeriveClientTrafficSecret(ssl, ssl->clientSecret);
|
||||
if (ret != 0)
|
||||
goto end;
|
||||
}
|
||||
if (provision & PROVISION_SERVER) {
|
||||
ret = DeriveServerTrafficSecret(ssl, ssl->arrays->serverSecret);
|
||||
ret = DeriveServerTrafficSecret(ssl, ssl->serverSecret);
|
||||
if (ret != 0)
|
||||
goto end;
|
||||
}
|
||||
|
@ -1063,12 +1063,12 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
|
|||
|
||||
case update_traffic_key:
|
||||
if (provision & PROVISION_CLIENT) {
|
||||
ret = DeriveTrafficSecret(ssl, ssl->arrays->clientSecret);
|
||||
ret = DeriveTrafficSecret(ssl, ssl->clientSecret);
|
||||
if (ret != 0)
|
||||
goto end;
|
||||
}
|
||||
if (provision & PROVISION_SERVER) {
|
||||
ret = DeriveTrafficSecret(ssl, ssl->arrays->serverSecret);
|
||||
ret = DeriveTrafficSecret(ssl, ssl->serverSecret);
|
||||
if (ret != 0)
|
||||
goto end;
|
||||
}
|
||||
|
@ -1084,7 +1084,7 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
|
|||
/* Derive the client key. */
|
||||
WOLFSSL_MSG("Derive Client Key");
|
||||
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.key_size,
|
||||
ssl->arrays->clientSecret, writeKeyLabel,
|
||||
ssl->clientSecret, writeKeyLabel,
|
||||
WRITE_KEY_LABEL_SZ, ssl->specs.mac_algorithm, 0);
|
||||
if (ret != 0)
|
||||
goto end;
|
||||
|
@ -1095,7 +1095,7 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
|
|||
/* Derive the server key. */
|
||||
WOLFSSL_MSG("Derive Server Key");
|
||||
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.key_size,
|
||||
ssl->arrays->serverSecret, writeKeyLabel,
|
||||
ssl->serverSecret, writeKeyLabel,
|
||||
WRITE_KEY_LABEL_SZ, ssl->specs.mac_algorithm, 0);
|
||||
if (ret != 0)
|
||||
goto end;
|
||||
|
@ -1106,7 +1106,7 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
|
|||
/* Derive the client IV. */
|
||||
WOLFSSL_MSG("Derive Client IV");
|
||||
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.iv_size,
|
||||
ssl->arrays->clientSecret, writeIVLabel,
|
||||
ssl->clientSecret, writeIVLabel,
|
||||
WRITE_IV_LABEL_SZ, ssl->specs.mac_algorithm, 0);
|
||||
if (ret != 0)
|
||||
goto end;
|
||||
|
@ -1117,7 +1117,7 @@ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
|
|||
/* Derive the server IV. */
|
||||
WOLFSSL_MSG("Derive Server IV");
|
||||
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.iv_size,
|
||||
ssl->arrays->serverSecret, writeIVLabel,
|
||||
ssl->serverSecret, writeIVLabel,
|
||||
WRITE_IV_LABEL_SZ, ssl->specs.mac_algorithm, 0);
|
||||
if (ret != 0)
|
||||
goto end;
|
||||
|
@ -5141,9 +5141,6 @@ static int SendTls13Certificate(WOLFSSL* ssl)
|
|||
|
||||
typedef struct Scv13Args {
|
||||
byte* output; /* not allocated */
|
||||
#ifndef NO_RSA
|
||||
byte* verifySig;
|
||||
#endif
|
||||
byte* verify; /* not allocated */
|
||||
word32 idx;
|
||||
word32 sigLen;
|
||||
|
@ -5161,12 +5158,6 @@ static void FreeScv13Args(WOLFSSL* ssl, void* pArgs)
|
|||
|
||||
(void)ssl;
|
||||
|
||||
#ifndef NO_RSA
|
||||
if (args->verifySig) {
|
||||
XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
args->verifySig = NULL;
|
||||
}
|
||||
#endif
|
||||
if (args->sigData) {
|
||||
XFREE(args->sigData, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
args->sigData = NULL;
|
||||
|
@ -5279,13 +5270,22 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
|
|||
#endif
|
||||
EncodeSigAlg(ssl->suites->hashAlgo, args->sigAlgo, args->verify);
|
||||
|
||||
/* Create the data to be signed. */
|
||||
args->sigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap,
|
||||
DYNAMIC_TYPE_SIGNATURE);
|
||||
if (ssl->hsType == DYNAMIC_TYPE_RSA) {
|
||||
int sigLen = MAX_SIG_DATA_SZ;
|
||||
if (args->length > MAX_SIG_DATA_SZ)
|
||||
sigLen = args->length;
|
||||
args->sigData = (byte*)XMALLOC(sigLen, ssl->heap,
|
||||
DYNAMIC_TYPE_SIGNATURE);
|
||||
}
|
||||
else {
|
||||
args->sigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap,
|
||||
DYNAMIC_TYPE_SIGNATURE);
|
||||
}
|
||||
if (args->sigData == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_scv);
|
||||
}
|
||||
|
||||
/* Create the data to be signed. */
|
||||
ret = CreateSigData(ssl, args->sigData, &args->sigDataSz, 0);
|
||||
if (ret != 0)
|
||||
goto exit_scv;
|
||||
|
@ -5398,19 +5398,12 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
|
|||
{
|
||||
#ifndef NO_RSA
|
||||
if (ssl->hsType == DYNAMIC_TYPE_RSA) {
|
||||
if (args->verifySig == NULL) {
|
||||
args->verifySig = (byte*)XMALLOC(args->sigLen, ssl->heap,
|
||||
DYNAMIC_TYPE_SIGNATURE);
|
||||
if (args->verifySig == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_scv);
|
||||
}
|
||||
XMEMCPY(args->verifySig,
|
||||
args->verify + HASH_SIG_SIZE + VERIFY_HEADER,
|
||||
args->sigLen);
|
||||
}
|
||||
XMEMCPY(args->sigData,
|
||||
args->verify + HASH_SIG_SIZE + VERIFY_HEADER,
|
||||
args->sigLen);
|
||||
|
||||
/* check for signature faults */
|
||||
ret = VerifyRsaSign(ssl, args->verifySig, args->sigLen,
|
||||
ret = VerifyRsaSign(ssl, args->sigData, args->sigLen,
|
||||
sig->buffer, sig->length, args->sigAlgo,
|
||||
ssl->suites->hashAlgo, (RsaKey*)ssl->hsKey,
|
||||
ssl->buffers.key
|
||||
|
@ -5740,6 +5733,9 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
|
|||
if (ret >= 0) {
|
||||
args->sendSz = ret;
|
||||
ret = 0;
|
||||
|
||||
FreeKey(ssl, DYNAMIC_TYPE_RSA, (void**)&ssl->peerRsaKey);
|
||||
ssl->peerRsaKeyPresent = 0;
|
||||
}
|
||||
}
|
||||
#endif /* !NO_RSA */
|
||||
|
@ -5756,6 +5752,11 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
|
|||
NULL
|
||||
#endif
|
||||
);
|
||||
|
||||
if (ret >= 0) {
|
||||
FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccDsaKey);
|
||||
ssl->peerEccDsaKeyPresent = 0;
|
||||
}
|
||||
}
|
||||
#endif /* HAVE_ECC */
|
||||
#ifdef HAVE_ED25519
|
||||
|
@ -5771,6 +5772,12 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
|
|||
NULL
|
||||
#endif
|
||||
);
|
||||
|
||||
if (ret >= 0) {
|
||||
FreeKey(ssl, DYNAMIC_TYPE_ED25519,
|
||||
(void**)&ssl->peerEd25519Key);
|
||||
ssl->peerEd25519KeyPresent = 0;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -5876,7 +5883,7 @@ static int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||
return BUFFER_E;
|
||||
|
||||
if (ssl->options.handShakeDone) {
|
||||
ret = DeriveFinishedSecret(ssl, ssl->arrays->clientSecret,
|
||||
ret = DeriveFinishedSecret(ssl, ssl->clientSecret,
|
||||
ssl->keys.client_write_MAC_secret);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
@ -5887,12 +5894,12 @@ static int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||
/* All the handshake messages have been received to calculate
|
||||
* client and server finished keys.
|
||||
*/
|
||||
ret = DeriveFinishedSecret(ssl, ssl->arrays->clientSecret,
|
||||
ret = DeriveFinishedSecret(ssl, ssl->clientSecret,
|
||||
ssl->keys.client_write_MAC_secret);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
ret = DeriveFinishedSecret(ssl, ssl->arrays->serverSecret,
|
||||
ret = DeriveFinishedSecret(ssl, ssl->serverSecret,
|
||||
ssl->keys.server_write_MAC_secret);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
@ -5990,7 +5997,7 @@ static int SendTls13Finished(WOLFSSL* ssl)
|
|||
|
||||
/* make finished hashes */
|
||||
if (ssl->options.handShakeDone) {
|
||||
ret = DeriveFinishedSecret(ssl, ssl->arrays->clientSecret,
|
||||
ret = DeriveFinishedSecret(ssl, ssl->clientSecret,
|
||||
ssl->keys.client_write_MAC_secret);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
@ -6003,12 +6010,12 @@ static int SendTls13Finished(WOLFSSL* ssl)
|
|||
/* All the handshake messages have been done to calculate client and
|
||||
* server finished keys.
|
||||
*/
|
||||
ret = DeriveFinishedSecret(ssl, ssl->arrays->clientSecret,
|
||||
ret = DeriveFinishedSecret(ssl, ssl->clientSecret,
|
||||
ssl->keys.client_write_MAC_secret);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
ret = DeriveFinishedSecret(ssl, ssl->arrays->serverSecret,
|
||||
ret = DeriveFinishedSecret(ssl, ssl->serverSecret,
|
||||
ssl->keys.server_write_MAC_secret);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
@ -6025,7 +6032,7 @@ static int SendTls13Finished(WOLFSSL* ssl)
|
|||
if (sendSz < 0)
|
||||
return BUILD_MSG_ERROR;
|
||||
|
||||
if (!ssl->options.resuming) {
|
||||
if (!ssl->options.resuming && ssl->options.side == WOLFSSL_SERVER_END) {
|
||||
#ifndef NO_SESSION_CACHE
|
||||
AddSession(ssl); /* just try */
|
||||
#endif
|
||||
|
@ -7578,6 +7585,10 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
|
|||
}
|
||||
#endif /* NO_HANDSHAKE_DONE_CB */
|
||||
|
||||
if (!ssl->options.keepResources) {
|
||||
FreeHandshakeResources(ssl);
|
||||
}
|
||||
|
||||
WOLFSSL_LEAVE("wolfSSL_connect_TLSv13()", WOLFSSL_SUCCESS);
|
||||
return WOLFSSL_SUCCESS;
|
||||
|
||||
|
@ -8351,6 +8362,10 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
|
|||
}
|
||||
#endif /* NO_HANDSHAKE_DONE_CB */
|
||||
|
||||
if (!ssl->options.keepResources) {
|
||||
FreeHandshakeResources(ssl);
|
||||
}
|
||||
|
||||
WOLFSSL_LEAVE("SSL_accept()", WOLFSSL_SUCCESS);
|
||||
return WOLFSSL_SUCCESS;
|
||||
|
||||
|
|
|
@ -992,3 +992,78 @@ void XFREE(void *p, void* heap, int type)
|
|||
|
||||
#endif /* HAVE_IO_POOL */
|
||||
|
||||
#ifdef WOLFSSL_MEMORY_TRACKING
|
||||
void *xmalloc(size_t n, void* heap, int type, const char* func,
|
||||
unsigned int line)
|
||||
{
|
||||
void* p;
|
||||
word32* p32;
|
||||
|
||||
if (malloc_function)
|
||||
p32 = malloc_function(n + sizeof(word32) * 4);
|
||||
else
|
||||
p32 = malloc(n + sizeof(word32) * 4);
|
||||
|
||||
p32[0] = n;
|
||||
p = (void*)(p32 + 4);
|
||||
|
||||
fprintf(stderr, "Alloc: %p -> %u (%d) at %s:%d\n", p, (word32)n, type, func,
|
||||
line);
|
||||
|
||||
(void)heap;
|
||||
|
||||
return p;
|
||||
}
|
||||
void *xrealloc(void *p, size_t n, void* heap, int type, const char* func,
|
||||
unsigned int line)
|
||||
{
|
||||
void* newp = NULL;
|
||||
word32* p32;
|
||||
word32* oldp32 = NULL;
|
||||
|
||||
if (p != NULL) {
|
||||
oldp32 = (word32*)p;
|
||||
oldp32 -= 4;
|
||||
}
|
||||
|
||||
if (realloc_function)
|
||||
p32 = realloc_function(oldp32, n + sizeof(word32) * 4);
|
||||
else
|
||||
p32 = realloc(oldp32, n + sizeof(word32) * 4);
|
||||
|
||||
if (p32 != NULL) {
|
||||
p32[0] = n;
|
||||
newp = (void*)(p32 + 4);
|
||||
|
||||
fprintf(stderr, "Alloc: %p -> %u (%d) at %s:%d\n", newp, (word32)n,
|
||||
type, func, line);
|
||||
if (p != NULL) {
|
||||
fprintf(stderr, "Free: %p -> %u (%d) at %s:%d\n", p, oldp32[0],
|
||||
type, func, line);
|
||||
}
|
||||
}
|
||||
|
||||
(void)heap;
|
||||
|
||||
return newp;
|
||||
}
|
||||
void xfree(void *p, void* heap, int type, const char* func, unsigned int line)
|
||||
{
|
||||
word32* p32 = (word32*)p;
|
||||
|
||||
if (p != NULL) {
|
||||
p32 -= 4;
|
||||
|
||||
fprintf(stderr, "Free: %p -> %u (%d) at %s:%d\n", p, p32[0], type, func,
|
||||
line);
|
||||
|
||||
if (free_function)
|
||||
free_function(p32);
|
||||
else
|
||||
free(p32);
|
||||
}
|
||||
|
||||
(void)heap;
|
||||
}
|
||||
#endif /* WOLFSSL_MEMORY_TRACKING */
|
||||
|
||||
|
|
|
@ -8704,7 +8704,7 @@ static int sp_256_ecc_mulmod_10(sp_point* r, sp_point* g, sp_digit* k,
|
|||
|
||||
(void)heap;
|
||||
|
||||
td = (sp_point*)XMALLOC(sizeof(sp_point) * 3, heap, DYNAMIC_TYPE_ECC);
|
||||
td = (sp_point*)XMALLOC(sizeof(sp_point) * 3, heap, DYNAMIC_TYPE_TMP_ECC);
|
||||
if (td == NULL)
|
||||
err = MEMORY_E;
|
||||
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 10 * 5, heap,
|
||||
|
@ -8764,11 +8764,11 @@ static int sp_256_ecc_mulmod_10(sp_point* r, sp_point* g, sp_digit* k,
|
|||
|
||||
if (tmp != NULL) {
|
||||
XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 10 * 5);
|
||||
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_ECC);
|
||||
}
|
||||
if (td != NULL) {
|
||||
XMEMSET(td, 0, sizeof(sp_point) * 3);
|
||||
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(td, NULL, DYNAMIC_TYPE_TMP_ECC);
|
||||
}
|
||||
|
||||
return err;
|
||||
|
|
|
@ -7926,7 +7926,7 @@ static int sp_256_ecc_mulmod_5(sp_point* r, sp_point* g, sp_digit* k,
|
|||
|
||||
(void)heap;
|
||||
|
||||
td = (sp_point*)XMALLOC(sizeof(sp_point) * 3, heap, DYNAMIC_TYPE_ECC);
|
||||
td = (sp_point*)XMALLOC(sizeof(sp_point) * 3, heap, DYNAMIC_TYPE_TMP_ECC);
|
||||
if (td == NULL)
|
||||
err = MEMORY_E;
|
||||
tmp = (sp_digit*)XMALLOC(sizeof(sp_digit) * 2 * 5 * 5, heap,
|
||||
|
@ -7986,11 +7986,11 @@ static int sp_256_ecc_mulmod_5(sp_point* r, sp_point* g, sp_digit* k,
|
|||
|
||||
if (tmp != NULL) {
|
||||
XMEMSET(tmp, 0, sizeof(sp_digit) * 2 * 5 * 5);
|
||||
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_ECC);
|
||||
}
|
||||
if (td != NULL) {
|
||||
XMEMSET(td, 0, sizeof(sp_point) * 3);
|
||||
XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(td, NULL, DYNAMIC_TYPE_TMP_ECC);
|
||||
}
|
||||
|
||||
return err;
|
||||
|
|
|
@ -3278,8 +3278,6 @@ typedef struct Arrays {
|
|||
byte sessionID[ID_LEN];
|
||||
byte sessionIDSz;
|
||||
#ifdef WOLFSSL_TLS13
|
||||
byte clientSecret[SECRET_LEN];
|
||||
byte serverSecret[SECRET_LEN];
|
||||
byte secret[SECRET_LEN];
|
||||
#endif
|
||||
byte masterSecret[SECRET_LEN];
|
||||
|
@ -3572,6 +3570,10 @@ struct WOLFSSL {
|
|||
WOLFSSL_CTX* ctx;
|
||||
Suites* suites; /* only need during handshake */
|
||||
Arrays* arrays;
|
||||
#ifdef WOLFSSL_TLS13
|
||||
byte clientSecret[SECRET_LEN];
|
||||
byte serverSecret[SECRET_LEN];
|
||||
#endif
|
||||
HS_Hashes* hsHashes;
|
||||
void* IOCB_ReadCtx;
|
||||
void* IOCB_WriteCtx;
|
||||
|
|
|
@ -228,6 +228,20 @@
|
|||
extern void *XMALLOC(size_t n, void* heap, int type);
|
||||
extern void *XREALLOC(void *p, size_t n, void* heap, int type);
|
||||
extern void XFREE(void *p, void* heap, int type);
|
||||
#elif defined(WOLFSSL_MEMORY_TRACKING)
|
||||
#define XMALLOC(n, h, t) xmalloc(n, h, t, __FILE__, __LINE__)
|
||||
#define XREALLOC(p, n, h, t) xrealloc(p, n, h, t, __FILE__, __LINE__)
|
||||
#define XFREE(p, h, t) xfree(p, h, t, __FILE__, __LINE__)
|
||||
|
||||
/* prototypes for user heap override functions */
|
||||
#include <stddef.h> /* for size_t */
|
||||
#include <stdlib.h>
|
||||
extern void *xmalloc(size_t n, void* heap, int type, const char* func,
|
||||
unsigned int line);
|
||||
extern void *xrealloc(void *p, size_t n, void* heap, int type,
|
||||
const char* func, unsigned int line);
|
||||
extern void xfree(void *p, void* heap, int type, const char* func,
|
||||
unsigned int line);
|
||||
#elif defined(XMALLOC_OVERRIDE)
|
||||
/* override the XMALLOC, XFREE and XREALLOC macros */
|
||||
#elif defined(NO_WOLFSSL_MEMORY)
|
||||
|
|
Loading…
Reference in New Issue