From 886ebb6ec0f986a91ccaaf743ae5e04a8ac37133 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 10 Oct 2024 23:06:46 -0500 Subject: [PATCH 01/10] fixes for enable-all-crypto enable-cryptonly WOLFSSL_NO_MALLOC: wolfcrypt/src//asn.c: add stack buffer codepaths in ParseKeyUsageStr(), SetKeyIdFromPublicKey(), and EncodePolicyOID; wolfcrypt/src/dh.c: add stack buffer codepath in wc_DhGenerateParams(); wolfcrypt/src/ecc.c: add always-fail codepath to find_hole() to preempt heap allocation attempts; wolfcrypt/test/test.c: gate out several heap-dependent subtests when defined(WOLFSSL_NO_MALLOC), and add a stack buffer codepath in ed448_test(); wolfssl/wolfcrypt/types.h: harmonize macro definitions of XFREE() to use do { ... } while (0) wrappers to assure syntactic indivisibility. --- wolfcrypt/src/asn.c | 30 +++++++++++++++++++++++-- wolfcrypt/src/dh.c | 14 +++++++++++- wolfcrypt/src/ecc.c | 4 ++++ wolfcrypt/test/test.c | 47 ++++++++++++++++++++++++++------------- wolfssl/wolfcrypt/types.h | 22 +++++++++--------- 5 files changed, 88 insertions(+), 29 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 11a7226f0c..8e00c26edb 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -28314,7 +28314,12 @@ int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr, int ParseKeyUsageStr(const char* value, word16* keyUsage, void* heap) { int ret = 0; - char *token, *str, *ptr; +#ifdef WOLFSSL_NO_MALLOC + char str[1024]; +#else + char *str; +#endif + char *token, *ptr; word32 len = 0; word16 usage = 0; @@ -28324,10 +28329,15 @@ int ParseKeyUsageStr(const char* value, word16* keyUsage, void* heap) /* duplicate string (including terminator) */ len = (word32)XSTRLEN(value); +#ifdef WOLFSSL_NO_MALLOC + if (len >= sizeof(str)) + return MEMORY_E; +#else str = (char*)XMALLOC(len + 1, heap, DYNAMIC_TYPE_TMP_BUFFER); if (str == NULL) { return MEMORY_E; } +#endif XMEMCPY(str, value, len + 1); /* parse value, and set corresponding Key Usage value */ @@ -32302,7 +32312,11 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey, dilithium_key* dilithiumKey, sphincs_key *sphincsKey, int kid_type) { +#ifdef WOLFSSL_NO_MALLOC + byte buf[MAX_PUBLIC_KEY_SZ]; +#else byte *buf; +#endif int bufferSz, ret; if (cert == NULL || @@ -32312,10 +32326,12 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey, (kid_type != SKID_TYPE && kid_type != AKID_TYPE)) return BAD_FUNC_ARG; +#ifndef WOLFSSL_NO_MALLOC buf = (byte *)XMALLOC(MAX_PUBLIC_KEY_SZ, cert->heap, DYNAMIC_TYPE_TMP_BUFFER); if (buf == NULL) return MEMORY_E; +#endif /* Public Key */ bufferSz = -1; @@ -33322,7 +33338,12 @@ int wc_SetDatesBuffer(Cert* cert, const byte* der, int derSz) int EncodePolicyOID(byte *out, word32 *outSz, const char *in, void* heap) { word32 idx = 0, nb_val; - char *token, *str, *ptr; +#ifdef WOLFSSL_NO_MALLOC + char str[1024]; +#else + char *str; +#endif + char *token, *ptr; word32 len; (void)heap; @@ -33332,9 +33353,14 @@ int EncodePolicyOID(byte *out, word32 *outSz, const char *in, void* heap) /* duplicate string (including terminator) */ len = (word32)XSTRLEN(in); +#ifdef WOLFSSL_NO_MALLOC + if (len >= sizeof(str)) + return MEMORY_E; +#else str = (char *)XMALLOC(len+1, heap, DYNAMIC_TYPE_TMP_BUFFER); if (str == NULL) return MEMORY_E; +#endif XMEMCPY(str, in, len+1); nb_val = 0; diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index c830d7a91a..df902e116e 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -2979,7 +2979,11 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) primeCheckCount = 0; int primeCheck = MP_NO, ret = 0; +#ifdef WOLFSSL_NO_MALLOC + unsigned char buf[4096 / WOLFSSL_BIT_SIZE]; +#else unsigned char *buf = NULL; +#endif #if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC) XMEMSET(tmp, 0, sizeof(tmp)); @@ -3029,11 +3033,16 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) if (ret == 0) { bufSz = (word32)modSz - groupSz; +#ifdef WOLFSSL_NO_MALLOC + if (bufSz > sizeof(buf)) + ret = MEMORY_E; +#else /* allocate ram */ buf = (unsigned char *)XMALLOC(bufSz, dh->heap, DYNAMIC_TYPE_TMP_BUFFER); if (buf == NULL) ret = MEMORY_E; +#endif } /* make a random string that will be multiplied against q */ @@ -3167,7 +3176,10 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) RESTORE_VECTOR_REGISTERS(); - if (buf != NULL) { +#ifndef WOLFSSL_NO_MALLOC + if (buf != NULL) +#endif + { ForceZero(buf, bufSz); if (dh != NULL) { XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER); diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index ee4ea34af4..aedca835ce 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -12441,6 +12441,9 @@ static const struct { /* find a hole and free as required, return -1 if no hole found */ static int find_hole(void) { +#ifdef WOLFSSL_NO_MALLOC + return -1; +#else int x, y, z; for (z = -1, y = INT_MAX, x = 0; x < FP_ENTRIES; x++) { if (fp_cache[x].lru_count < y && fp_cache[x].lock == 0) { @@ -12469,6 +12472,7 @@ static int find_hole(void) fp_cache[z].lru_count = 0; } return z; +#endif /* !WOLFSSL_NO_MALLOC */ } /* determine if a base is already in the cache and if so, where */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 66e81cbe34..ff8a4ffc3c 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -2652,7 +2652,7 @@ static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz, #ifndef WOLFSSL_NO_MALLOC byte* pem; #else - byte pem[1024]; + byte pem[2048]; #endif int pemSz; @@ -2668,7 +2668,7 @@ static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz, } #else if (pemSz > (int)sizeof(pem)) - return BAD_FUNC_ARG; + return WC_TEST_RET_ENC_EC(BAD_FUNC_ARG); #endif /* Convert to PEM */ pemSz = wc_DerToPem(der, (word32)derSz, pem, (word32)pemSz, pemType); @@ -18163,7 +18163,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #ifdef WOLFSSL_CERT_GEN static const char* rsaCaCertFile = CERT_ROOT "ca-cert.pem"; #endif - #if defined(WOLFSSL_ALT_NAMES) || defined(HAVE_PKCS7) + #if (defined(WOLFSSL_ALT_NAMES) && !defined(WOLFSSL_NO_MALLOC)) || \ + defined(HAVE_PKCS7) static const char* rsaCaCertDerFile = CERT_ROOT "ca-cert.der"; #endif #ifdef HAVE_PKCS7 @@ -18208,7 +18209,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #ifndef NO_RSA static const char* eccKeyPubFileDer = CERT_ROOT "ecc-keyPub.der"; #endif - #ifndef NO_ASN_TIME + #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC) static const char* eccCaKeyFile = CERT_ROOT "ca-ecc-key.der"; static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem"; #ifdef ENABLE_ECC384_CERT_GEN_TEST @@ -18264,7 +18265,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #ifndef NO_WRITE_TEMP_FILES #ifdef HAVE_ECC #ifndef NO_ECC_SECP - #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) + #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \ + !defined(WOLFSSL_NO_MALLOC) static const char* certEccPemFile = CERT_WRITE_TEMP_DIR "certecc.pem"; static const char* certEccDerFile = CERT_WRITE_TEMP_DIR "certecc.der"; #endif @@ -18286,7 +18288,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #endif /* HAVE_ECC */ #ifndef NO_RSA - #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) + #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \ + !defined(WOLFSSL_NO_MALLOC) static const char* otherCertDerFile = CERT_WRITE_TEMP_DIR "othercert.der"; static const char* certDerFile = CERT_WRITE_TEMP_DIR "cert.der"; static const char* otherCertPemFile = CERT_WRITE_TEMP_DIR "othercert.pem"; @@ -20482,7 +20485,7 @@ static wc_test_ret_t rsa_even_mod_test(WC_RNG* rng, RsaKey* key) } #endif /* WOLFSSL_HAVE_SP_RSA */ -#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC) static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -21969,7 +21972,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) goto exit_rsa; #endif -#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \ + !defined(WOLFSSL_NO_MALLOC) /* Make Cert / Sign example for RSA cert and RSA CA */ ret = rsa_certgen_test(key, keypub, &rng, tmp); if (ret != 0) @@ -32575,7 +32579,8 @@ static int test_sm2_verify(void) #endif /* WOLFSSL_SM2 */ -#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && !defined(NO_ASN_TIME) +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && \ + !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC) /* Make Cert / Sign example for ECC cert and ECC CA */ static wc_test_ret_t ecc_test_cert_gen(WC_RNG* rng) @@ -33612,7 +33617,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void) #elif defined(HAVE_ECC_KEY_IMPORT) (void)ecc_test_make_pub; /* for compiler warning */ #endif -#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && !defined(NO_ASN_TIME) +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && \ + !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC) ret = ecc_test_cert_gen(&rng); if (ret != 0) { printf("ecc_test_cert_gen failed!\n"); @@ -33647,6 +33653,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void) #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \ (defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256)) +#if !defined(WOLFSSL_NO_MALLOC) + #if ((! defined(HAVE_FIPS)) || FIPS_VERSION_GE(5,3)) /* maximum encrypted message: * msgSz (14) + pad (2) + pubKeySz(1+66*2) + ivSz(16) + digestSz(32) = 197 */ @@ -33765,6 +33773,8 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b) } #endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */ +#endif /* !WOLFSSL_NO_MALLOC */ + /* ecc_encrypt_e2e_test() uses wc_ecc_ctx_set_algo(), which was added in * wolfFIPS 5.3. * ecc_encrypt_kat() is used only by ecc_encrypt_e2e_test(). @@ -34007,6 +34017,7 @@ static wc_test_ret_t ecc_encrypt_kat(WC_RNG *rng) } #endif +#ifndef WOLFSSL_NO_MALLOC static wc_test_ret_t ecc_encrypt_e2e_test(WC_RNG* rng, ecc_key* userA, ecc_key* userB, byte encAlgo, byte kdfAlgo, byte macAlgo) { @@ -34275,6 +34286,7 @@ static wc_test_ret_t ecc_encrypt_e2e_test(WC_RNG* rng, ecc_key* userA, ecc_key* return ret; } +#endif #endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */ @@ -34350,7 +34362,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void) #if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) -#if !defined(NO_AES) && defined(HAVE_AES_CBC) +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(WOLFSSL_NO_MALLOC) #ifdef WOLFSSL_AES_128 if (ret == 0) { ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CBC, @@ -34386,7 +34398,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void) } #endif #endif -#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) +#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && !defined(WOLFSSL_NO_MALLOC) #ifdef WOLFSSL_AES_128 if (ret == 0) { ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CTR, @@ -34406,7 +34418,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void) } #endif #endif /* !NO_AES && WOLFSSL_AES_COUNTER */ -#if !defined(NO_AES) && defined(HAVE_AES_CBC) +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(WOLFSSL_NO_MALLOC) if (ret == 0) { ret = ecc_ctx_kdf_salt_test(&rng, userA, userB); } @@ -37865,15 +37877,20 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void) /* test api for import/exporting keys */ { - byte *exportPKey = NULL; - byte *exportSKey = NULL; word32 exportPSz = ED448_KEY_SIZE; word32 exportSSz = ED448_KEY_SIZE; +#ifdef WOLFSSL_NO_MALLOC + byte exportPKey[exportPSz]; + byte exportSKey[exportSSz]; +#else + byte *exportPKey = NULL; + byte *exportSKey = NULL; exportPKey = (byte *)XMALLOC(exportPSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); exportSKey = (byte *)XMALLOC(exportSSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if ((exportPKey == NULL) || (exportSKey == NULL)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif ret = 0; diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 6735d02a6c..305ad19749 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -511,7 +511,7 @@ typedef struct w64wrapper { #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK #define XFREE(p, h, t) m2mb_os_free(xp) #else - #define XFREE(p, h, t) {void* xp = (p); if (xp) m2mb_os_free(xp);} + #define XFREE(p, h, t) do { void* xp = (p); if (xp) m2mb_os_free(xp); } while (0) #endif #define XREALLOC(p, n, h, t) m2mb_os_realloc((p), (n)) @@ -527,11 +527,11 @@ typedef struct w64wrapper { return NULL; }; #define XMALLOC(s, h, t) ((void)(h), (void)(t), malloc_check((s))) - #define XFREE(p, h, t) (void)(h); (void)(t) + #define XFREE(p, h, t) do { (void)(h); (void)(t); } while (0) #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), NULL) #else #define XMALLOC(s, h, t) ((void)(s), (void)(h), (void)(t), NULL) - #define XFREE(p, h, t) (void)(p); (void)(h); (void)(t) + #define XFREE(p, h, t) do { (void)(p); (void)(h); (void)(t); } while(0) #define XREALLOC(p, n, h, t) ((void)(p), (void)(n), (void)(h), (void)(t), NULL) #endif #else @@ -539,9 +539,9 @@ typedef struct w64wrapper { #include #define XMALLOC(s, h, t) ((void)(h), (void)(t), malloc((size_t)(s))) #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK - #define XFREE(p, h, t) ((void)(h), (void)(t), free(p)) + #define XFREE(p, h, t) do { (void)(h); (void)(t); free(p); } while (0) #else - #define XFREE(p, h, t) {void* xp = (p); (void)(h); if (xp) free(xp);} + #define XFREE(p, h, t) do { void* xp = (p); (void)(h); if (xp) free(xp); } while (0) #endif #define XREALLOC(p, n, h, t) \ ((void)(h), (void)(t), realloc((p), (size_t)(n))) @@ -565,7 +565,7 @@ typedef struct w64wrapper { #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK #define XFREE(p, h, t) wolfSSL_Free(xp, h, t, __func__, __LINE__) #else - #define XFREE(p, h, t) {void* xp = (p); if (xp) wolfSSL_Free(xp, h, t, __func__, __LINE__);} + #define XFREE(p, h, t) do { void* xp = (p); if (xp) wolfSSL_Free(xp, h, t, __func__, __LINE__); } while (0) #endif #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t), __func__, __LINE__) #else @@ -573,7 +573,7 @@ typedef struct w64wrapper { #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK #define XFREE(p, h, t) wolfSSL_Free(xp, h, t) #else - #define XFREE(p, h, t) {void* xp = (p); if (xp) wolfSSL_Free(xp, h, t);} + #define XFREE(p, h, t) do { void* xp = (p); if (xp) wolfSSL_Free(xp, h, t); } while (0) #endif #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t)) #endif /* WOLFSSL_DEBUG_MEMORY */ @@ -585,17 +585,17 @@ typedef struct w64wrapper { #ifdef WOLFSSL_DEBUG_MEMORY #define XMALLOC(s, h, t) ((void)(h), (void)(t), wolfSSL_Malloc((s), __func__, __LINE__)) #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK - #define XFREE(p, h, t) ((void)(h), (void)(t), wolfSSL_Free(xp, __func__, __LINE__)) + #define XFREE(p, h, t) do { (void)(h); (void)(t); wolfSSL_Free(xp, __func__, __LINE__); } while (0) #else - #define XFREE(p, h, t) {void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp, __func__, __LINE__);} + #define XFREE(p, h, t) do { void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp, __func__, __LINE__); } while (0) #endif #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), wolfSSL_Realloc((p), (n), __func__, __LINE__)) #else #define XMALLOC(s, h, t) ((void)(h), (void)(t), wolfSSL_Malloc((s))) #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK - #define XFREE(p, h, t) ((void)(h), (void)(t), wolfSSL_Free(p)) + #define XFREE(p, h, t) do { (void)(h); (void)(t); wolfSSL_Free(p); } while (0) #else - #define XFREE(p, h, t) {void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp);} + #define XFREE(p, h, t) do { void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp); } while (0) #endif #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), wolfSSL_Realloc((p), (n))) #endif /* WOLFSSL_DEBUG_MEMORY */ From 2ca3e1100ec3f07ab1b7adb194735a3d13a9de63 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 11 Oct 2024 13:04:12 -0500 Subject: [PATCH 02/10] Revert "Move heap variable to all sha implementations" This reverts commit a3f6babfdcf85b5f20ebc871f58a70adc1b6972e. --- wolfssl/wolfcrypt/sha.h | 2 +- wolfssl/wolfcrypt/sha256.h | 2 +- wolfssl/wolfcrypt/sha512.h | 1 - 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index 5f7a78d214..dd9d8b90ac 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -151,8 +151,8 @@ struct wc_Sha { #else word32 digest[WC_SHA_DIGEST_SIZE / sizeof(word32)]; #endif -#endif void* heap; +#endif #ifdef WOLFSSL_PIC32MZ_HASH hashUpdCache cache; /* cache for updates */ #endif diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index 0ab81abb62..c435cf061c 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -194,13 +194,13 @@ struct wc_Sha256 { word32 buffLen; /* in bytes */ word32 loLen; /* length in bytes */ word32 hiLen; /* length in bytes */ + void* heap; #ifdef WC_C_DYNAMIC_FALLBACK int sha_method; #endif #endif - void* heap; #ifdef WOLFSSL_PIC32MZ_HASH hashUpdCache cache; /* cache for updates */ #endif diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index 1dc875dcb2..9bcebdc62a 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -144,7 +144,6 @@ struct wc_Sha512 { cy_stc_crypto_sha_state_t hash_state; cy_en_crypto_sha_mode_t sha_mode; cy_stc_crypto_v2_sha512_buffers_t sha_buffers; - void* heap; #else word64 digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)]; word64 buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64)]; From ee92f38f88552102822256845d3b6b06e78001fc Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 11 Oct 2024 13:04:26 -0500 Subject: [PATCH 03/10] Revert "fix unused variables" This reverts commit 06195a2e2a703966a36589673f4aa108c53bf5c1. --- wolfcrypt/src/aes.c | 5 ----- wolfcrypt/src/ed25519.c | 7 ++----- wolfcrypt/src/hash.c | 10 ++-------- 3 files changed, 4 insertions(+), 18 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 2762f8571a..ed31f53ddb 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -11451,18 +11451,14 @@ int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId) void wc_AesFree(Aes* aes) { void* heap; -#ifndef WOLFSSL_NO_MALLOC byte isAllocated; -#endif if (aes == NULL) { return; } -#ifndef WOLFSSL_NO_MALLOC heap = aes->heap; isAllocated = aes->isAllocated; -#endif #ifdef WC_DEBUG_CIPHER_LIFECYCLE (void)wc_debug_CipherLifecycleFree(&aes->CipherLifecycleTag, heap, 1); @@ -11536,7 +11532,6 @@ void wc_AesFree(Aes* aes) XFREE(aes, heap, DYNAMIC_TYPE_AES); } #endif - (void)heap; } diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index c9386f17fa..5a06cb7717 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -1026,16 +1026,13 @@ int wc_ed25519_init(ed25519_key* key) void wc_ed25519_free(ed25519_key* key) { void* heap; -#ifndef WOLFSSL_NO_MALLOC byte isAllocated = 0; -#endif + if (key == NULL) return; -#ifndef WOLFSSL_NO_MALLOC heap = key->heap; isAllocated = key->isAllocated; -#endif #ifdef WOLFSSL_ED25519_PERSISTENT_SHA ed25519_hash_free(key, &key->sha); @@ -1053,9 +1050,9 @@ void wc_ed25519_free(ed25519_key* key) #ifndef WOLFSSL_NO_MALLOC if (isAllocated) { XFREE(key, heap, DYNAMIC_TYPE_ED25519); + (void)heap; } #endif - (void)heap; } diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index d727171d88..fdffa60307 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -712,9 +712,7 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, if (hash == NULL) return BAD_FUNC_ARG; -#ifndef WOLFSSL_NO_MALLOC hash->isAllocated = 0; -#endif hash->type = type; switch (type) { @@ -1046,13 +1044,11 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) { int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */ void* heap = NULL; -#ifndef WOLFSSL_NO_MALLOC byte isAllocated = 0; -#endif + if (hash == NULL) return BAD_FUNC_ARG; - #ifdef DEBUG_WOLFSSL if (hash->type != type) { WOLFSSL_MSG("Hash free type mismatch!"); @@ -1060,9 +1056,7 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) } #endif -#ifndef WOLFSSL_NO_MALLOC isAllocated = hash->isAllocated; -#endif switch (type) { case WC_HASH_TYPE_MD5: @@ -1181,9 +1175,9 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) #ifndef WOLFSSL_NO_MALLOC if (isAllocated) { XFREE(hash, heap, DYNAMIC_TYPE_HASHES); + (void)heap; } #endif - (void)heap; return ret; } From dc2a8118de56947397fa7dbb746c3ea9af99bf20 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 11 Oct 2024 13:04:30 -0500 Subject: [PATCH 04/10] Revert "Allow compiling aes.c with WOLFSSL_NO_MALLOC" This reverts commit 56a96ba6093714d7143ddd7e0eb43982faec4d77. --- wolfcrypt/src/aes.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index ed31f53ddb..193b216dc2 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -11299,7 +11299,6 @@ int wc_AesCcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz, #endif /* HAVE_AESCCM */ -#ifndef WOLFSSL_NO_MALLOC Aes* wc_AesNew(void* heap, int devId) { Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES); @@ -11314,7 +11313,6 @@ Aes* wc_AesNew(void* heap, int devId) } return aes; } -#endif /* Initialize Aes for use with async hardware */ int wc_AesInit(Aes* aes, void* heap, int devId) @@ -11527,11 +11525,9 @@ void wc_AesFree(Aes* aes) wc_MemZero_Check(aes, sizeof(Aes)); #endif -#ifndef WOLFSSL_NO_MALLOC if (isAllocated) { XFREE(aes, heap, DYNAMIC_TYPE_AES); } -#endif } From 551eb3f44b3f0fa66f092fa5ec0b00cf4b9c7fe9 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 11 Oct 2024 13:19:53 -0500 Subject: [PATCH 05/10] wolfcrypt/src/ed25519.c and wolfcrypt/src/hash.c: remove gating around isAllocated XFREE()s in wc_ed25519_free() and wc_HashFree(). --- wolfcrypt/src/ed25519.c | 2 -- wolfcrypt/src/hash.c | 2 -- 2 files changed, 4 deletions(-) diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index 5a06cb7717..a000453880 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -1047,12 +1047,10 @@ void wc_ed25519_free(ed25519_key* key) wc_MemZero_Check(key, sizeof(ed25519_key)); #endif -#ifndef WOLFSSL_NO_MALLOC if (isAllocated) { XFREE(key, heap, DYNAMIC_TYPE_ED25519); (void)heap; } -#endif } diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index fdffa60307..4249c39ea9 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -1172,12 +1172,10 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) ret = BAD_FUNC_ARG; }; -#ifndef WOLFSSL_NO_MALLOC if (isAllocated) { XFREE(hash, heap, DYNAMIC_TYPE_HASHES); (void)heap; } -#endif return ret; } From 0665ff9de7c34fd7f99ee5162d630b06fa7af1d3 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 11 Oct 2024 13:54:41 -0500 Subject: [PATCH 06/10] wolfcrypt/src/asn.c: revert earlier WOLFSSL_NO_MALLOC changes (not needed, after proper gating in test.c). --- wolfcrypt/src/asn.c | 30 ++---------------------------- 1 file changed, 2 insertions(+), 28 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 8e00c26edb..11a7226f0c 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -28314,12 +28314,7 @@ int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr, int ParseKeyUsageStr(const char* value, word16* keyUsage, void* heap) { int ret = 0; -#ifdef WOLFSSL_NO_MALLOC - char str[1024]; -#else - char *str; -#endif - char *token, *ptr; + char *token, *str, *ptr; word32 len = 0; word16 usage = 0; @@ -28329,15 +28324,10 @@ int ParseKeyUsageStr(const char* value, word16* keyUsage, void* heap) /* duplicate string (including terminator) */ len = (word32)XSTRLEN(value); -#ifdef WOLFSSL_NO_MALLOC - if (len >= sizeof(str)) - return MEMORY_E; -#else str = (char*)XMALLOC(len + 1, heap, DYNAMIC_TYPE_TMP_BUFFER); if (str == NULL) { return MEMORY_E; } -#endif XMEMCPY(str, value, len + 1); /* parse value, and set corresponding Key Usage value */ @@ -32312,11 +32302,7 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey, dilithium_key* dilithiumKey, sphincs_key *sphincsKey, int kid_type) { -#ifdef WOLFSSL_NO_MALLOC - byte buf[MAX_PUBLIC_KEY_SZ]; -#else byte *buf; -#endif int bufferSz, ret; if (cert == NULL || @@ -32326,12 +32312,10 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey, (kid_type != SKID_TYPE && kid_type != AKID_TYPE)) return BAD_FUNC_ARG; -#ifndef WOLFSSL_NO_MALLOC buf = (byte *)XMALLOC(MAX_PUBLIC_KEY_SZ, cert->heap, DYNAMIC_TYPE_TMP_BUFFER); if (buf == NULL) return MEMORY_E; -#endif /* Public Key */ bufferSz = -1; @@ -33338,12 +33322,7 @@ int wc_SetDatesBuffer(Cert* cert, const byte* der, int derSz) int EncodePolicyOID(byte *out, word32 *outSz, const char *in, void* heap) { word32 idx = 0, nb_val; -#ifdef WOLFSSL_NO_MALLOC - char str[1024]; -#else - char *str; -#endif - char *token, *ptr; + char *token, *str, *ptr; word32 len; (void)heap; @@ -33353,14 +33332,9 @@ int EncodePolicyOID(byte *out, word32 *outSz, const char *in, void* heap) /* duplicate string (including terminator) */ len = (word32)XSTRLEN(in); -#ifdef WOLFSSL_NO_MALLOC - if (len >= sizeof(str)) - return MEMORY_E; -#else str = (char *)XMALLOC(len+1, heap, DYNAMIC_TYPE_TMP_BUFFER); if (str == NULL) return MEMORY_E; -#endif XMEMCPY(str, in, len+1); nb_val = 0; From 9312f3cb863b062f4d061944a9cc30e6816d03e3 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 11 Oct 2024 17:28:16 -0500 Subject: [PATCH 07/10] wolfssl/wolfcrypt/types.h: define USE_WOLF_STRDUP for the fallback definition of XSTRDUP regardless of WOLFSSL_NO_MALLOC (wc_strdup_ex() uses XMALLOC(), which may be a user or static pool allocator). --- wolfssl/wolfcrypt/types.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 305ad19749..973b76dd59 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -943,8 +943,7 @@ typedef struct w64wrapper { WOLFSSL_API int wc_strncasecmp(const char *s1, const char *s2, size_t n); #endif - #if !defined(XSTRDUP) && !defined(USE_WOLF_STRDUP) &&\ - !defined (WOLFSSL_NO_MALLOC) + #if !defined(XSTRDUP) && !defined(USE_WOLF_STRDUP) #define USE_WOLF_STRDUP #endif #ifdef USE_WOLF_STRDUP From 0d5d05d44d56c67b71587674f1b95ce0b09996c3 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 12 Oct 2024 16:31:45 -0500 Subject: [PATCH 08/10] more WOLFSSL_NO_MALLOC fixes: wolfcrypt/src/dh.c: in wc_DhGenerateParams(), use named constant for buf size, and only XFREE it if !WOLFSSL_NO_MALLOC; wolfcrypt/src/ecc.c and wolfssl/wolfcrypt/ecc.h: in wc_ecc_new_point_ex(), remove !WOLFSSL_NO_MALLOC gate around XMALLOC(), and if XMALLOC()ed, set ecc_point.isAllocated, then in wc_ecc_del_point_ex, XFREE() iff ecc_point.isAllocated; wolfcrypt/src/pkcs7.c: in wc_PKCS7_RsaVerify(), when WOLFSSL_NO_MALLOC, jumbo-size the digest buffer to cope with in-place dynamics in RsaUnPad(); wolfcrypt/test/test.c: add !WOLFSSL_NO_MALLOC gates around various XFREE()s of objects that are on the stack in WOLFSSL_NO_MALLOC builds; wolfssl/wolfcrypt/types.h: add an unconditional include of memory.h (itself guarded against multiple inclusion) to assure availability of WC_DEBUG_CIPHER_LIFECYCLE prototypes/macros. --- wolfcrypt/src/dh.c | 4 +++- wolfcrypt/src/ecc.c | 15 +++++++-------- wolfcrypt/src/memory.c | 1 + wolfcrypt/src/pkcs7.c | 6 ++++++ wolfcrypt/test/test.c | 10 ++++++++++ wolfssl/wolfcrypt/ecc.h | 1 + wolfssl/wolfcrypt/types.h | 2 ++ 7 files changed, 30 insertions(+), 9 deletions(-) diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index df902e116e..610b4b69db 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -2980,7 +2980,7 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) int primeCheck = MP_NO, ret = 0; #ifdef WOLFSSL_NO_MALLOC - unsigned char buf[4096 / WOLFSSL_BIT_SIZE]; + unsigned char buf[DH_MAX_SIZE / WOLFSSL_BIT_SIZE]; #else unsigned char *buf = NULL; #endif @@ -3181,9 +3181,11 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) #endif { ForceZero(buf, bufSz); +#ifndef WOLFSSL_NO_MALLOC if (dh != NULL) { XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER); } +#endif } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index aedca835ce..9da876df92 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -4092,23 +4092,23 @@ static int wc_ecc_new_point_ex(ecc_point** point, void* heap) } p = *point; -#ifndef WOLFSSL_NO_MALLOC if (p == NULL) { p = (ecc_point*)XMALLOC(sizeof(ecc_point), heap, DYNAMIC_TYPE_ECC); } -#endif if (p == NULL) { return MEMORY_E; } XMEMSET(p, 0, sizeof(ecc_point)); + if (*point == NULL) + p->isAllocated = 1; + #ifndef ALT_ECC_SIZE err = mp_init_multi(p->x, p->y, p->z, NULL, NULL, NULL); if (err != MP_OKAY) { WOLFSSL_MSG("mp_init_multi failed."); - #ifndef WOLFSSL_NO_MALLOC - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif + if (p->isAllocated) + XFREE(p, heap, DYNAMIC_TYPE_ECC); p = NULL; } #else @@ -4148,9 +4148,8 @@ static void wc_ecc_del_point_ex(ecc_point* p, void* heap) mp_clear(p->x); mp_clear(p->y); mp_clear(p->z); - #ifndef WOLFSSL_NO_MALLOC - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif + if (p->isAllocated) + XFREE(p, heap, DYNAMIC_TYPE_ECC); } (void)heap; } diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index 164dc95717..75d03895e6 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -32,6 +32,7 @@ #endif #include +#include /* Possible memory options: diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index b77e9de171..ae9429cb2c 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -4040,8 +4040,14 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, byte* digest; RsaKey* key; DecodedCert* dCert; +#else +#ifdef WOLFSSL_NO_MALLOC + byte digest[RSA_MAX_SIZE / WOLFSSL_BIT_SIZE]; /* accessed in-place with size + * key->dataLen + */ #else byte digest[MAX_PKCS7_DIGEST_SZ]; +#endif RsaKey key[1]; DecodedCert stack_dCert; DecodedCert* dCert = &stack_dCert; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index ff8a4ffc3c..3f8fe431d1 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -2673,23 +2673,31 @@ static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz, /* Convert to PEM */ pemSz = wc_DerToPem(der, (word32)derSz, pem, (word32)pemSz, pemType); if (pemSz < 0) { + #ifndef WOLFSSL_NO_MALLOC XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif return WC_TEST_RET_ENC(calling_line, 4, WC_TEST_RET_TAG_I); } #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) pemFile = XFOPEN(filePem, "wb"); if (!pemFile) { + #ifndef WOLFSSL_NO_MALLOC XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif return WC_TEST_RET_ENC(calling_line, 5, WC_TEST_RET_TAG_I); } ret = (int)XFWRITE(pem, 1, (size_t)pemSz, pemFile); XFCLOSE(pemFile); if (ret != pemSz) { + #ifndef WOLFSSL_NO_MALLOC XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif return WC_TEST_RET_ENC(calling_line, 6, WC_TEST_RET_TAG_I); } #endif + #ifndef WOLFSSL_NO_MALLOC XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif } #endif /* WOLFSSL_DER_TO_PEM */ @@ -37926,8 +37934,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void) } } while(0); + #ifndef WOLFSSL_NO_MALLOC XFREE(exportPKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(exportSKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif if (ret != 0) goto out; diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index 4a607aaa88..5975ab9b4e 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -467,6 +467,7 @@ struct ecc_point { #if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_ECC_NO_SMALL_STACK) ecc_key* key; #endif + byte isAllocated:1; }; /* ECC Flags */ diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 973b76dd59..ee00f7f829 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -602,6 +602,8 @@ typedef struct w64wrapper { #endif /* WOLFSSL_STATIC_MEMORY */ #endif + #include + /* declare/free variable handling for async and smallstack */ #ifndef WC_ALLOC_DO_ON_FAILURE #define WC_ALLOC_DO_ON_FAILURE() WC_DO_NOTHING From 260a0dee47a0c8b0a92882a86da0b013120cbc12 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 12 Oct 2024 16:33:26 -0500 Subject: [PATCH 09/10] examples/client/client.c: fix numbering annotations, and fix string literal grouping for "-H". --- examples/client/client.c | 122 +++++++++++++++++++-------------------- 1 file changed, 61 insertions(+), 61 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index 5fa85924cb..f50f67fbb4 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1124,7 +1124,7 @@ static int ClientWriteRead(WOLFSSL* ssl, const char* msg, int msgSz, /* 4. add the same message into Japanese section */ /* (will be translated later) */ /* 5. add printf() into suitable position of Usage() */ -static const char* client_usage_msg[][78] = { +static const char* client_usage_msg[][77] = { /* English */ { " NOTE: All files relative to wolfSSL home dir\n", /* 0 */ @@ -1244,11 +1244,11 @@ static const char* client_usage_msg[][78] = { " With 'm' at end indicates MUST staple\n", /* 42 */ #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS_OCSP_MULTI) " -W 1 -v 4, Perform multi OCSP stapling for TLS13\n", - /* 43 */ + /* 43 */ #endif #endif #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY) - "-U Atomic User Record Layer Callbacks\n", /* 45 */ + "-U Atomic User Record Layer Callbacks\n", /* 44 */ #endif #ifdef HAVE_PK_CALLBACKS "-P Public Key Callbacks\n", /* 45 */ @@ -1266,44 +1266,44 @@ static const char* client_usage_msg[][78] = { "-q Whitewood config file, defaults\n", /* 49 */ #endif "-H Internal tests" - " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 50 */ - " loadSSL, disallowETM]\n", /* 51 */ + " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n" + " loadSSL, disallowETM]\n", /* 50 */ #ifdef WOLFSSL_TLS13 - "-J Use HelloRetryRequest to choose group for KE\n", /* 52 */ - "-K Key Exchange for PSK not using (EC)DHE\n", /* 53 */ - "-I Update keys and IVs before sending data\n", /* 54 */ + "-J Use HelloRetryRequest to choose group for KE\n", /* 51 */ + "-K Key Exchange for PSK not using (EC)DHE\n", /* 52 */ + "-I Update keys and IVs before sending data\n", /* 53 */ #ifndef NO_DH - "-y Key Share with FFDHE named groups only\n", /* 55 */ + "-y Key Share with FFDHE named groups only\n", /* 54 */ #endif #ifdef HAVE_ECC - "-Y Key Share with ECC named groups only\n", /* 56 */ + "-Y Key Share with ECC named groups only\n", /* 55 */ #endif #endif /* WOLFSSL_TLS13 */ #ifdef HAVE_CURVE25519 - "-t Use X25519 for key exchange\n", /* 57 */ + "-t Use X25519 for key exchange\n", /* 56 */ #endif #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - "-Q Support requesting certificate post-handshake\n", /* 58 */ + "-Q Support requesting certificate post-handshake\n", /* 57 */ #endif #ifdef WOLFSSL_EARLY_DATA - "-0 Early data sent to server (0-RTT handshake)\n", /* 59 */ + "-0 Early data sent to server (0-RTT handshake)\n", /* 58 */ #endif #ifdef WOLFSSL_MULTICAST - "-3 Multicast, grpid < 256\n", /* 60 */ + "-3 Multicast, grpid < 256\n", /* 59 */ #endif "-1 Display a result by specified language.\n" - " 0: English, 1: Japanese\n", /* 61 */ + " 0: English, 1: Japanese\n", /* 60 */ #if !defined(NO_DH) && !defined(HAVE_FIPS) && \ !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK) - "-2 Disable DH Prime check\n", /* 62 */ + "-2 Disable DH Prime check\n", /* 61 */ #endif #ifdef HAVE_SECURE_RENEGOTIATION - "-4 Use resumption for renegotiation\n", /* 63 */ + "-4 Use resumption for renegotiation\n", /* 62 */ #endif #ifdef HAVE_TRUSTED_CA - "-5 Use Trusted CA Key Indication\n", /* 64 */ + "-5 Use Trusted CA Key Indication\n", /* 63 */ #endif - "-6 Simulate WANT_WRITE errors on every other IO send\n", + "-6 Simulate WANT_WRITE errors on every other IO send\n", /* 64 */ #ifdef HAVE_CURVE448 "-8 Use X448 for key exchange\n", /* 65 */ #endif @@ -1311,47 +1311,47 @@ static const char* client_usage_msg[][78] = { (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) "-9 Use hash dir look up for certificate loading\n" - " loading from /certs folder\n" - " files in the folder would have the form \"hash.N\" file name\n" - " e.g symbolic link to the file at certs folder\n" - " ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n", - /* 67 */ + " loading from /certs folder\n" + " files in the folder would have the form \"hash.N\" file name\n" + " e.g symbolic link to the file at certs folder\n" + " ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n", + /* 66 */ #endif #if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \ !defined(WOLFSENTRY_NO_JSON) "--wolfsentry-config Path for JSON wolfSentry config\n", - /* 68 */ + /* 67 */ #endif #ifndef WOLFSSL_TLS13 "-7 Set minimum downgrade protocol version [0-3] " " SSLv3(0) - TLS1.2(3)\n", #else "-7 Set minimum downgrade protocol version [0-4] " - " SSLv3(0) - TLS1.3(4)\n", /* 69 */ + " SSLv3(0) - TLS1.3(4)\n", /* 68 */ #endif #ifdef HAVE_PQC "--pqc Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n" - " KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 70 */ + " KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 69 */ #endif #ifdef WOLFSSL_SRTP - "--srtp (default is SRTP_AES128_CM_SHA1_80)\n", /* 71 */ + "--srtp (default is SRTP_AES128_CM_SHA1_80)\n", /* 70 */ #endif #ifdef WOLFSSL_SYS_CA_CERTS - "--sys-ca-certs Load system CA certs for server cert verification\n", /* 72 */ + "--sys-ca-certs Load system CA certs for server cert verification\n", /* 71 */ #endif #ifdef HAVE_SUPPORTED_CURVES - "--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 73 */ + "--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 72 */ #endif #ifndef NO_PSK - "--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 74 */ + "--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 73 */ #endif #ifdef HAVE_RPK - "--rpk Use RPK for the defined certificates\n", /* 75 */ + "--rpk Use RPK for the defined certificates\n", /* 74 */ #endif - "--files-are-der Specified files are in DER, not PEM format\n", /* 76 */ + "--files-are-der Specified files are in DER, not PEM format\n", /* 75 */ "\n" "For simpler wolfSSL TLS client examples, visit\n" - "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 77 */ + "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 76 */ NULL, }, #ifndef NO_MULTIBYTE_PRINT @@ -1499,45 +1499,45 @@ static const char* client_usage_msg[][78] = { "-q Whitewood コンフィグファイル, 既定値\n", /* 49 */ #endif "-H 内部テスト" - " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 50 */ - " loadSSL, disallowETM]\n", /* 51 */ + " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n" + " loadSSL, disallowETM]\n", /* 50 */ #ifdef WOLFSSL_TLS13 - "-J HelloRetryRequestをKEのグループ選択に使用する\n", /* 52 */ - "-K 鍵交換にPSKを使用、(EC)DHEは使用しない\n", /* 53 */ - "-I データ送信前に、鍵とIVを更新する\n", /* 54 */ + "-J HelloRetryRequestをKEのグループ選択に使用する\n", /* 51 */ + "-K 鍵交換にPSKを使用、(EC)DHEは使用しない\n", /* 52 */ + "-I データ送信前に、鍵とIVを更新する\n", /* 53 */ #ifndef NO_DH - "-y FFDHE名前付きグループとの鍵共有のみ\n", /* 55 */ + "-y FFDHE名前付きグループとの鍵共有のみ\n", /* 54 */ #endif #ifdef HAVE_ECC - "-Y ECC名前付きグループとの鍵共有のみ\n", /* 56 */ + "-Y ECC名前付きグループとの鍵共有のみ\n", /* 55 */ #endif #endif /* WOLFSSL_TLS13 */ #ifdef HAVE_CURVE25519 - "-t X25519を鍵交換に使用する\n", /* 57 */ + "-t X25519を鍵交換に使用する\n", /* 56 */ #endif #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - "-Q ポストハンドシェークの証明要求をサポートする\n", /* 58 */ + "-Q ポストハンドシェークの証明要求をサポートする\n", /* 57 */ #endif #ifdef WOLFSSL_EARLY_DATA "-0 Early data をサーバーへ送信する" - "(0-RTTハンドシェイク)\n", /* 59 */ + "(0-RTTハンドシェイク)\n", /* 58 */ #endif #ifdef WOLFSSL_MULTICAST - "-3 マルチキャスト, grpid < 256\n", /* 60 */ + "-3 マルチキャスト, grpid < 256\n", /* 59 */ #endif "-1 指定された言語で結果を表示します。\n" - " 0: 英語、 1: 日本語\n", /* 61 */ + " 0: 英語、 1: 日本語\n", /* 60 */ #if !defined(NO_DH) && !defined(HAVE_FIPS) && \ !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK) - "-2 DHプライム番号チェックを無効にする\n", /* 62 */ + "-2 DHプライム番号チェックを無効にする\n", /* 61 */ #endif #ifdef HAVE_SECURE_RENEGOTIATION - "-4 再交渉に再開を使用\n", /* 63 */ + "-4 再交渉に再開を使用\n", /* 62 */ #endif #ifdef HAVE_TRUSTED_CA - "-5 信頼できる認証局の鍵表示を使用する\n", /* 64 */ + "-5 信頼できる認証局の鍵表示を使用する\n", /* 63 */ #endif - "-6 WANT_WRITE エラーを全てのIO 送信でシミュレートします\n", + "-6 WANT_WRITE エラーを全てのIO 送信でシミュレートします\n", /* 64 */ #ifdef HAVE_CURVE448 "-8 鍵交換に X448 を使用する\n", /* 65 */ #endif @@ -1549,44 +1549,44 @@ static const char* client_usage_msg[][78] = { " フォルダー中のファイルは、\"hash.N\"[N:0-9]名である必要があります\n" " 以下の例ではca-cert.pemにシンボリックリンクを設定します\n" " ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n", - /* 67 */ + /* 66 */ #endif #if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \ !defined(WOLFSENTRY_NO_JSON) "--wolfsentry-config wolfSentry コンフィグファイル\n", - /* 68 */ + /* 67 */ #endif #ifndef WOLFSSL_TLS13 "-7 最小ダウングレード可能なプロトコルバージョンを設定します [0-3] " " SSLv3(0) - TLS1.2(3)\n", #else "-7 最小ダウングレード可能なプロトコルバージョンを設定します [0-4] " - " SSLv3(0) - TLS1.3(4)\n", /* 69 */ + " SSLv3(0) - TLS1.3(4)\n", /* 68 */ #endif #ifdef HAVE_PQC "--pqc post-quantum 名前付きグループとの鍵共有のみ [KYBER_LEVEL1, KYBER_LEVEL3,\n" - " KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 70 */ + " KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 69 */ #endif #ifdef WOLFSSL_SRTP - "--srtp (デフォルトは SRTP_AES128_CM_SHA1_80)\n", /* 71 */ + "--srtp (デフォルトは SRTP_AES128_CM_SHA1_80)\n", /* 70 */ #endif #ifdef WOLFSSL_SYS_CA_CERTS - "--sys-ca-certs Load system CA certs for server cert verification\n", /* 72 */ + "--sys-ca-certs Load system CA certs for server cert verification\n", /* 71 */ #endif #ifdef HAVE_SUPPORTED_CURVES - "--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 73 */ + "--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 72 */ #endif #ifndef NO_PSK - "--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 74 */ + "--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 73 */ #endif #ifdef HAVE_RPK - "--rpk Use RPK for the defined certificates\n", /* 75 */ + "--rpk Use RPK for the defined certificates\n", /* 74 */ #endif - "--files-are-der Specified files are in DER, not PEM format\n", /* 76 */ + "--files-are-der Specified files are in DER, not PEM format\n", /* 75 */ "\n" "より簡単なwolfSSL TLS クライアントの例については" "下記にアクセスしてください\n" - "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 77 */ + "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 76 */ NULL, }, #endif From cc7ccf951a062180ccf83b3832e591c41074e7b6 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Wed, 9 Oct 2024 14:58:53 +0200 Subject: [PATCH 10/10] Move heap variable to all sha implementations --- wolfssl/wolfcrypt/sha.h | 2 +- wolfssl/wolfcrypt/sha256.h | 2 +- wolfssl/wolfcrypt/sha512.h | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index dd9d8b90ac..5f7a78d214 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -151,8 +151,8 @@ struct wc_Sha { #else word32 digest[WC_SHA_DIGEST_SIZE / sizeof(word32)]; #endif - void* heap; #endif + void* heap; #ifdef WOLFSSL_PIC32MZ_HASH hashUpdCache cache; /* cache for updates */ #endif diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index c435cf061c..0ab81abb62 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -194,13 +194,13 @@ struct wc_Sha256 { word32 buffLen; /* in bytes */ word32 loLen; /* length in bytes */ word32 hiLen; /* length in bytes */ - void* heap; #ifdef WC_C_DYNAMIC_FALLBACK int sha_method; #endif #endif + void* heap; #ifdef WOLFSSL_PIC32MZ_HASH hashUpdCache cache; /* cache for updates */ #endif diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index 9bcebdc62a..1dc875dcb2 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -144,6 +144,7 @@ struct wc_Sha512 { cy_stc_crypto_sha_state_t hash_state; cy_en_crypto_sha_mode_t sha_mode; cy_stc_crypto_v2_sha512_buffers_t sha_buffers; + void* heap; #else word64 digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)]; word64 buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64)];