From d1a3646d5c7374967f306d585a5a5a15ef5f0299 Mon Sep 17 00:00:00 2001 From: John Bland Date: Wed, 17 Jan 2024 11:26:52 -0500 Subject: [PATCH 1/4] add heap hint support for a few of the x509 functions --- src/ssl.c | 4 ++-- src/ssl_certman.c | 28 ++++++++++++++-------------- src/x509.c | 37 +++++++++++++++++++++++++++---------- src/x509_str.c | 2 +- wolfssl/ssl.h | 5 +++++ 5 files changed, 49 insertions(+), 27 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 1cdd8b3b2..44f5b7a25 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -18758,13 +18758,13 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, WOLFSSL_ENTER("wolfSSL_get_peer_certificate"); if (ssl != NULL) { if (ssl->peerCert.issuer.sz) - ret = wolfSSL_X509_dup(&ssl->peerCert); + ret = wolfSSL_X509_dup_ex(&ssl->peerCert, ssl->heap); #ifdef SESSION_CERTS else if (ssl->session->chain.count > 0) { if (DecodeToX509(&ssl->peerCert, ssl->session->chain.certs[0].buffer, ssl->session->chain.certs[0].length) == 0) { - ret = wolfSSL_X509_dup(&ssl->peerCert); + ret = wolfSSL_X509_dup_ex(&ssl->peerCert, ssl->heap); } } #endif diff --git a/src/ssl_certman.c b/src/ssl_certman.c index 65a6c5599..acc5cdee6 100644 --- a/src/ssl_certman.c +++ b/src/ssl_certman.c @@ -42,33 +42,33 @@ * @return A TLS method on success. * @return NULL when no TLS method built into wolfSSL. */ -static WC_INLINE WOLFSSL_METHOD* cm_pick_method(void) +static WC_INLINE WOLFSSL_METHOD* cm_pick_method(void* heap) { #ifndef NO_WOLFSSL_CLIENT #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3) - return wolfSSLv3_client_method(); + return wolfSSLv3_client_method_ex(heap); #elif !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10) - return wolfTLSv1_client_method(); + return wolfTLSv1_client_method_ex(heap); #elif !defined(NO_OLD_TLS) - return wolfTLSv1_1_client_method(); + return wolfTLSv1_1_client_method_ex(heap); #elif !defined(WOLFSSL_NO_TLS12) - return wolfTLSv1_2_client_method(); + return wolfTLSv1_2_client_method_ex(heap); #elif defined(WOLFSSL_TLS13) - return wolfTLSv1_3_client_method(); + return wolfTLSv1_3_client_method_ex(heap); #else return NULL; #endif #elif !defined(NO_WOLFSSL_SERVER) #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3) - return wolfSSLv3_server_method(); + return wolfSSLv3_server_method_ex(heap); #elif !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10) - return wolfTLSv1_server_method(); + return wolfTLSv1_server_method_ex(heap); #elif !defined(NO_OLD_TLS) - return wolfTLSv1_1_server_method(); + return wolfTLSv1_1_server_method_ex(heap); #elif !defined(WOLFSSL_NO_TLS12) - return wolfTLSv1_2_server_method(); + return wolfTLSv1_2_server_method_ex(heap); #elif defined(WOLFSSL_TLS13) - return wolfTLSv1_3_server_method(); + return wolfTLSv1_3_server_method_ex(heap); #else return NULL; #endif @@ -513,8 +513,8 @@ int wolfSSL_CertManagerLoadCABuffer_ex(WOLFSSL_CERT_MANAGER* cm, ret = WOLFSSL_FATAL_ERROR; } /* Allocate a temporary WOLFSSL_CTX to load with. */ - if ((ret == WOLFSSL_SUCCESS) && ((tmp = wolfSSL_CTX_new(cm_pick_method())) - == NULL)) { + if ((ret == WOLFSSL_SUCCESS) && ((tmp = + wolfSSL_CTX_new_ex(cm_pick_method(cm->heap), cm->heap)) == NULL)) { WOLFSSL_MSG("CTX new failed"); ret = WOLFSSL_FATAL_ERROR; } @@ -876,7 +876,7 @@ int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* file, ret = WOLFSSL_FATAL_ERROR; } /* Create temporary WOLFSSL_CTX. */ - if ((ret == WOLFSSL_SUCCESS) && ((tmp = wolfSSL_CTX_new(cm_pick_method())) + if ((ret == WOLFSSL_SUCCESS) && ((tmp = wolfSSL_CTX_new(cm_pick_method(cm->heap))) == NULL)) { WOLFSSL_MSG("CTX new failed"); ret = WOLFSSL_FATAL_ERROR; diff --git a/src/x509.c b/src/x509.c index 73369f3d3..528cc5b41 100644 --- a/src/x509.c +++ b/src/x509.c @@ -3593,7 +3593,7 @@ WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, const unsigned char** in, } static WOLFSSL_X509* d2i_X509orX509REQ(WOLFSSL_X509** x509, - const byte* in, int len, int req) + const byte* in, int len, int req, void* heap) { WOLFSSL_X509 *newX509 = NULL; int type = req ? CERTREQ_TYPE : CERT_TYPE; @@ -3620,12 +3620,12 @@ static WOLFSSL_X509* d2i_X509orX509REQ(WOLFSSL_X509** x509, return NULL; #endif - InitDecodedCert(cert, (byte*)in, len, NULL); + InitDecodedCert(cert, (byte*)in, len, heap); #ifdef WOLFSSL_CERT_REQ cert->isCSR = (byte)req; #endif if (ParseCertRelative(cert, type, 0, NULL) == 0) { - newX509 = wolfSSL_X509_new(); + newX509 = wolfSSL_X509_new_ex(heap); if (newX509 != NULL) { if (CopyDecodedToX509(newX509, cert) != 0) { wolfSSL_X509_free(newX509); @@ -3659,16 +3659,22 @@ int wolfSSL_X509_get_isCA(WOLFSSL_X509* x509) return isCA; } +WOLFSSL_X509* wolfSSL_X509_d2i_ex(WOLFSSL_X509** x509, const byte* in, int len, + void* heap) +{ + return d2i_X509orX509REQ(x509, in, len, 0, heap); +} + WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len) { - return d2i_X509orX509REQ(x509, in, len, 0); + return wolfSSL_X509_d2i_ex(x509, in, len, NULL); } #ifdef WOLFSSL_CERT_REQ WOLFSSL_X509* wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len) { - return d2i_X509orX509REQ(x509, in, len, 1); + return d2i_X509orX509REQ(x509, in, len, 1, NULL); } #endif @@ -5319,19 +5325,24 @@ WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer( /* returns a pointer to a new WOLFSSL_X509 structure on success and NULL on * fail */ -WOLFSSL_X509* wolfSSL_X509_new(void) +WOLFSSL_X509* wolfSSL_X509_new_ex(void* heap) { WOLFSSL_X509* x509; - x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL, + x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap, DYNAMIC_TYPE_X509); if (x509 != NULL) { - InitX509(x509, 1, NULL); + InitX509(x509, 1, heap); } return x509; } +WOLFSSL_X509* wolfSSL_X509_new(void) +{ + return wolfSSL_X509_new_ex(NULL); +} + WOLFSSL_ABI WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert) { @@ -13408,7 +13419,7 @@ int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject) #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ defined(KEEP_PEER_CERT) -WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x) +WOLFSSL_X509* wolfSSL_X509_dup_ex(WOLFSSL_X509 *x, void* heap) { WOLFSSL_ENTER("wolfSSL_X509_dup"); @@ -13422,7 +13433,13 @@ WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x) return NULL; } - return wolfSSL_X509_d2i(NULL, x->derCert->buffer, x->derCert->length); + return wolfSSL_X509_d2i_ex(NULL, x->derCert->buffer, x->derCert->length, + heap); +} + +WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x) +{ + return wolfSSL_X509_dup_ex(x, NULL); } #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ diff --git a/src/x509_str.c b/src/x509_str.c index b0b365bc4..1899085be 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -1035,7 +1035,7 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, return WOLFSSL_FAILURE; /* tmp ctx for setting our cert manager */ - ctx = wolfSSL_CTX_new(cm_pick_method()); + ctx = wolfSSL_CTX_new(cm_pick_method(NULL)); if (ctx == NULL) return WOLFSSL_FAILURE; diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 907b3691b..c9bd3b712 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1681,7 +1681,9 @@ WOLFSSL_API void wolfSSL_sk_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk); WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl); WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void); +WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new_ex(void* heap); WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509* x); +WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup_ex(WOLFSSL_X509* x, void* heap); #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA) WOLFSSL_API int wolfSSL_RSA_up_ref(WOLFSSL_RSA* rsa); WOLFSSL_API int wolfSSL_X509_up_ref(WOLFSSL_X509* x509); @@ -2885,6 +2887,9 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, const unsigned char** in, int len); WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len); +WOLFSSL_API WOLFSSL_X509* + wolfSSL_X509_d2i_ex(WOLFSSL_X509** x509, const unsigned char* in, int len, + void* heap); #ifdef WOLFSSL_CERT_REQ WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len); From 03f32b623fcf6c7ce749485967572eb78c3280dc Mon Sep 17 00:00:00 2001 From: John Bland Date: Wed, 17 Jan 2024 13:22:58 -0500 Subject: [PATCH 2/4] update based on PR comments --- src/ssl.c | 4 ++-- src/x509.c | 9 ++------- src/x509_str.c | 2 +- wolfssl/ssl.h | 1 - 4 files changed, 5 insertions(+), 11 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 44f5b7a25..1cdd8b3b2 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -18758,13 +18758,13 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, WOLFSSL_ENTER("wolfSSL_get_peer_certificate"); if (ssl != NULL) { if (ssl->peerCert.issuer.sz) - ret = wolfSSL_X509_dup_ex(&ssl->peerCert, ssl->heap); + ret = wolfSSL_X509_dup(&ssl->peerCert); #ifdef SESSION_CERTS else if (ssl->session->chain.count > 0) { if (DecodeToX509(&ssl->peerCert, ssl->session->chain.certs[0].buffer, ssl->session->chain.certs[0].length) == 0) { - ret = wolfSSL_X509_dup_ex(&ssl->peerCert, ssl->heap); + ret = wolfSSL_X509_dup(&ssl->peerCert); } } #endif diff --git a/src/x509.c b/src/x509.c index 528cc5b41..4f5992d89 100644 --- a/src/x509.c +++ b/src/x509.c @@ -13419,7 +13419,7 @@ int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject) #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ defined(KEEP_PEER_CERT) -WOLFSSL_X509* wolfSSL_X509_dup_ex(WOLFSSL_X509 *x, void* heap) +WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x) { WOLFSSL_ENTER("wolfSSL_X509_dup"); @@ -13434,12 +13434,7 @@ WOLFSSL_X509* wolfSSL_X509_dup_ex(WOLFSSL_X509 *x, void* heap) } return wolfSSL_X509_d2i_ex(NULL, x->derCert->buffer, x->derCert->length, - heap); -} - -WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x) -{ - return wolfSSL_X509_dup_ex(x, NULL); + x->heap); } #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ diff --git a/src/x509_str.c b/src/x509_str.c index 1899085be..a01906c41 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -1035,7 +1035,7 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, return WOLFSSL_FAILURE; /* tmp ctx for setting our cert manager */ - ctx = wolfSSL_CTX_new(cm_pick_method(NULL)); + ctx = wolfSSL_CTX_new(cm_pick_method(str->cm->heap)); if (ctx == NULL) return WOLFSSL_FAILURE; diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index c9bd3b712..6de892344 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1683,7 +1683,6 @@ WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl); WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void); WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new_ex(void* heap); WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509* x); -WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup_ex(WOLFSSL_X509* x, void* heap); #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA) WOLFSSL_API int wolfSSL_RSA_up_ref(WOLFSSL_RSA* rsa); WOLFSSL_API int wolfSSL_X509_up_ref(WOLFSSL_X509* x509); From 41ea1109ec7eb8cfa8db70215b41052b2757cae7 Mon Sep 17 00:00:00 2001 From: John Bland Date: Wed, 17 Jan 2024 18:46:24 -0500 Subject: [PATCH 3/4] update uses of wolfSSL_X509_new and wolfSSL_X509_d2i where heap doesn't require a new ex function or struct field to avoid size increase --- src/ssl.c | 27 +++++++++++++++------------ src/x509.c | 10 +++++----- src/x509_str.c | 7 ++++--- tests/api.c | 6 +++--- wolfcrypt/src/ecc.c | 1 + 5 files changed, 28 insertions(+), 23 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 1cdd8b3b2..0eefb28f3 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -18856,7 +18856,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl) sk = wolfSSL_sk_X509_new_null(); i = ssl->session->chain.count-1; for (; i >= 0; i--) { - x509 = wolfSSL_X509_new(); + x509 = wolfSSL_X509_new_ex(ssl->heap); if (x509 == NULL) { WOLFSSL_MSG("Error Creating X509"); wolfSSL_sk_X509_pop_free(sk, NULL); @@ -19224,9 +19224,10 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl) return NULL; } #ifndef WOLFSSL_X509_STORE_CERTS - ssl->ourCert = wolfSSL_X509_d2i(NULL, + ssl->ourCert = wolfSSL_X509_d2i_ex(NULL, ssl->buffers.certificate->buffer, - ssl->buffers.certificate->length); + ssl->buffers.certificate->length, + ssl->heap); #endif } return ssl->ourCert; @@ -19239,9 +19240,10 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl) return NULL; } #ifndef WOLFSSL_X509_STORE_CERTS - ssl->ctx->ourCert = wolfSSL_X509_d2i(NULL, + ssl->ctx->ourCert = wolfSSL_X509_d2i_ex(NULL, ssl->ctx->certificate->buffer, - ssl->ctx->certificate->length); + ssl->ctx->certificate->length, + ssl->heap); #endif ssl->ctx->ownOurCert = 1; } @@ -19261,9 +19263,9 @@ WOLFSSL_X509* wolfSSL_CTX_get0_certificate(WOLFSSL_CTX* ctx) return NULL; } #ifndef WOLFSSL_X509_STORE_CERTS - ctx->ourCert = wolfSSL_X509_d2i(NULL, + ctx->ourCert = wolfSSL_X509_d2i_ex(NULL, ctx->certificate->buffer, - ctx->certificate->length); + ctx->certificate->length, ctx->heap); #endif ctx->ownOurCert = 1; } @@ -26221,7 +26223,8 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) return WOLFSSL_FAILURE; } #else - ctx->ourCert = wolfSSL_X509_d2i(NULL, x->derCert->buffer,x->derCert->length); + ctx->ourCert = wolfSSL_X509_d2i_ex(NULL, x->derCert->buffer, + x->derCert->length, ctx->heap); if(ctx->ourCert == NULL){ return WOLFSSL_FAILURE; } @@ -30057,8 +30060,8 @@ int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx, WOLF_STACK_OF(X509)** ch idx += 3; /* Create a new X509 from DER encoded data. */ - node->data.x509 = wolfSSL_X509_d2i(NULL, ctx->certChain->buffer + idx, - length); + node->data.x509 = wolfSSL_X509_d2i_ex(NULL, + ctx->certChain->buffer + idx, length, ctx->heap); if (node->data.x509 == NULL) { XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL); /* Return as much of the chain as we created. */ @@ -33784,8 +33787,8 @@ WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7) return p7->certs; for (i = 0; i < MAX_PKCS7_CERTS && p7->pkcs7.cert[i]; i++) { - WOLFSSL_X509* x509 = wolfSSL_X509_d2i(NULL, p7->pkcs7.cert[i], - p7->pkcs7.certSz[i]); + WOLFSSL_X509* x509 = wolfSSL_X509_d2i_ex(NULL, p7->pkcs7.cert[i], + p7->pkcs7.certSz[i], pkcs7->heap); if (!ret) ret = wolfSSL_sk_X509_new_null(); if (x509) { diff --git a/src/x509.c b/src/x509.c index 4f5992d89..39cbd5f8d 100644 --- a/src/x509.c +++ b/src/x509.c @@ -7582,7 +7582,7 @@ static WOLFSSL_X509* d2i_X509orX509REQ_bio(WOLFSSL_BIO* bio, #endif } else { - localX509 = wolfSSL_X509_d2i(NULL, mem, size); + localX509 = wolfSSL_X509_d2i_ex(NULL, mem, size, bio->heap); } if (localX509 == NULL) { WOLFSSL_MSG("wolfSSL_X509_d2i error"); @@ -13315,7 +13315,7 @@ static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm, #endif /* Use existing CA retrieval APIs that use DecodedCert. */ - InitDecodedCert(cert, x->derCert->buffer, x->derCert->length, NULL); + InitDecodedCert(cert, x->derCert->buffer, x->derCert->length, cm->heap); if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0 && !cert->selfSigned) { #ifndef NO_SKID @@ -13337,8 +13337,8 @@ static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm, #ifdef WOLFSSL_SIGNER_DER_CERT /* populate issuer with Signer DER */ - if (wolfSSL_X509_d2i(issuer, ca->derCert->buffer, - ca->derCert->length) == NULL) + if (wolfSSL_X509_d2i_ex(issuer, ca->derCert->buffer, + ca->derCert->length, cm->heap) == NULL) return WOLFSSL_FAILURE; #else /* Create an empty certificate as CA doesn't have a certificate. */ @@ -13804,7 +13804,7 @@ void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx, WOLFSSL_X509* issuer, /* not checking ctx->x509 for null first since app won't have initialized * this X509V3_CTX before this function call */ - ctx->x509 = wolfSSL_X509_new(); + ctx->x509 = wolfSSL_X509_new_ex(issuer->heap); if (!ctx->x509) return; diff --git a/src/x509_str.c b/src/x509_str.c index a01906c41..d5d564240 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -63,7 +63,8 @@ WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void) int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, - WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, WOLF_STACK_OF(WOLFSSL_X509)* sk) + WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, + WOLF_STACK_OF(WOLFSSL_X509)* sk) { int ret = 0; (void)sk; @@ -75,8 +76,8 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, ctx->current_cert = x509; #else if(x509 != NULL){ - ctx->current_cert = wolfSSL_X509_d2i(NULL, x509->derCert->buffer, - x509->derCert->length); + ctx->current_cert = wolfSSL_X509_d2i_ex(NULL, x509->derCert->buffer, + x509->derCert->length, x509->heap); if(ctx->current_cert == NULL) return WOLFSSL_FAILURE; } else diff --git a/tests/api.c b/tests/api.c index df8584bc8..ea0094a88 100644 --- a/tests/api.c +++ b/tests/api.c @@ -31740,7 +31740,7 @@ static int test_wolfSSL_X509_NAME(void) XFCLOSE(f); c = buf; - ExpectNotNull(x509 = wolfSSL_X509_d2i(NULL, c, bytes)); + ExpectNotNull(x509 = wolfSSL_X509_d2i_ex(NULL, c, bytes, HEAP_HINT)); /* test cmp function */ ExpectNotNull(a = X509_get_issuer_name(x509)); @@ -36869,8 +36869,8 @@ static int test_wolfSSL_X509_NID(void) /* ------ PARSE ORIGINAL SELF-SIGNED CERTIFICATE ------ */ /* convert cert from DER to internal WOLFSSL_X509 struct */ - ExpectNotNull(cert = wolfSSL_X509_d2i(&cert, client_cert_der_2048, - sizeof_client_cert_der_2048)); + ExpectNotNull(cert = wolfSSL_X509_d2i_ex(&cert, client_cert_der_2048, + sizeof_client_cert_der_2048, HEAP_HINT)); /* ------ EXTRACT CERTIFICATE ELEMENTS ------ */ diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 72ab563bf..9d028d745 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -6071,6 +6071,7 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId) #endif #ifdef WOLFSSL_HEAP_TEST + (void)heap; key->heap = (void*)WOLFSSL_HEAP_TEST; #else key->heap = heap; From 66f04958e3b412f76c876e876f17d65f5e511dbe Mon Sep 17 00:00:00 2001 From: John Bland Date: Fri, 19 Jan 2024 11:20:50 -0500 Subject: [PATCH 4/4] use wolfSSL_CTX_new_ex for heap hint support --- src/ssl_certman.c | 4 ++-- src/x509_str.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/ssl_certman.c b/src/ssl_certman.c index acc5cdee6..149b1bd56 100644 --- a/src/ssl_certman.c +++ b/src/ssl_certman.c @@ -876,8 +876,8 @@ int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* file, ret = WOLFSSL_FATAL_ERROR; } /* Create temporary WOLFSSL_CTX. */ - if ((ret == WOLFSSL_SUCCESS) && ((tmp = wolfSSL_CTX_new(cm_pick_method(cm->heap))) - == NULL)) { + if ((ret == WOLFSSL_SUCCESS) && ((tmp = + wolfSSL_CTX_new_ex(cm_pick_method(cm->heap), cm->heap)) == NULL)) { WOLFSSL_MSG("CTX new failed"); ret = WOLFSSL_FATAL_ERROR; } diff --git a/src/x509_str.c b/src/x509_str.c index d5d564240..d5849ad75 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -1036,7 +1036,7 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, return WOLFSSL_FAILURE; /* tmp ctx for setting our cert manager */ - ctx = wolfSSL_CTX_new(cm_pick_method(str->cm->heap)); + ctx = wolfSSL_CTX_new_ex(cm_pick_method(str->cm->heap), str->cm->heap); if (ctx == NULL) return WOLFSSL_FAILURE;