Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

20241010-WOLFSSL_NO_MALLOC #8065

Merged
merged 10 commits into from
Oct 15, 2024
122 changes: 61 additions & 61 deletions examples/client/client.c
Original file line number Diff line number Diff line change
Expand Up @@ -1124,7 +1124,7 @@ static int ClientWriteRead(WOLFSSL* ssl, const char* msg, int msgSz,
/* 4. add the same message into Japanese section */
/* (will be translated later) */
/* 5. add printf() into suitable position of Usage() */
static const char* client_usage_msg[][78] = {
static const char* client_usage_msg[][77] = {
/* English */
{
" NOTE: All files relative to wolfSSL home dir\n", /* 0 */
Expand Down Expand Up @@ -1244,11 +1244,11 @@ static const char* client_usage_msg[][78] = {
" With 'm' at end indicates MUST staple\n", /* 42 */
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS_OCSP_MULTI)
" -W 1 -v 4, Perform multi OCSP stapling for TLS13\n",
/* 43 */
/* 43 */
#endif
#endif
#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
"-U Atomic User Record Layer Callbacks\n", /* 45 */
"-U Atomic User Record Layer Callbacks\n", /* 44 */
#endif
#ifdef HAVE_PK_CALLBACKS
"-P Public Key Callbacks\n", /* 45 */
Expand All @@ -1266,92 +1266,92 @@ static const char* client_usage_msg[][78] = {
"-q <file> Whitewood config file, defaults\n", /* 49 */
#endif
"-H <arg> Internal tests"
" [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 50 */
" loadSSL, disallowETM]\n", /* 51 */
" [defCipherList, exitWithRet, verifyFail, useSupCurve,\n"
" loadSSL, disallowETM]\n", /* 50 */
#ifdef WOLFSSL_TLS13
"-J Use HelloRetryRequest to choose group for KE\n", /* 52 */
"-K Key Exchange for PSK not using (EC)DHE\n", /* 53 */
"-I Update keys and IVs before sending data\n", /* 54 */
"-J Use HelloRetryRequest to choose group for KE\n", /* 51 */
"-K Key Exchange for PSK not using (EC)DHE\n", /* 52 */
"-I Update keys and IVs before sending data\n", /* 53 */
#ifndef NO_DH
"-y Key Share with FFDHE named groups only\n", /* 55 */
"-y Key Share with FFDHE named groups only\n", /* 54 */
#endif
#ifdef HAVE_ECC
"-Y Key Share with ECC named groups only\n", /* 56 */
"-Y Key Share with ECC named groups only\n", /* 55 */
#endif
#endif /* WOLFSSL_TLS13 */
#ifdef HAVE_CURVE25519
"-t Use X25519 for key exchange\n", /* 57 */
"-t Use X25519 for key exchange\n", /* 56 */
#endif
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
"-Q Support requesting certificate post-handshake\n", /* 58 */
"-Q Support requesting certificate post-handshake\n", /* 57 */
#endif
#ifdef WOLFSSL_EARLY_DATA
"-0 Early data sent to server (0-RTT handshake)\n", /* 59 */
"-0 Early data sent to server (0-RTT handshake)\n", /* 58 */
#endif
#ifdef WOLFSSL_MULTICAST
"-3 <grpid> Multicast, grpid < 256\n", /* 60 */
"-3 <grpid> Multicast, grpid < 256\n", /* 59 */
#endif
"-1 <num> Display a result by specified language.\n"
" 0: English, 1: Japanese\n", /* 61 */
" 0: English, 1: Japanese\n", /* 60 */
#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
"-2 Disable DH Prime check\n", /* 62 */
"-2 Disable DH Prime check\n", /* 61 */
#endif
#ifdef HAVE_SECURE_RENEGOTIATION
"-4 Use resumption for renegotiation\n", /* 63 */
"-4 Use resumption for renegotiation\n", /* 62 */
#endif
#ifdef HAVE_TRUSTED_CA
"-5 Use Trusted CA Key Indication\n", /* 64 */
"-5 Use Trusted CA Key Indication\n", /* 63 */
#endif
"-6 Simulate WANT_WRITE errors on every other IO send\n",
"-6 Simulate WANT_WRITE errors on every other IO send\n", /* 64 */
#ifdef HAVE_CURVE448
"-8 Use X448 for key exchange\n", /* 65 */
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
"-9 Use hash dir look up for certificate loading\n"
" loading from <wolfSSL home>/certs folder\n"
" files in the folder would have the form \"hash.N\" file name\n"
" e.g symbolic link to the file at certs folder\n"
" ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n",
/* 67 */
" loading from <wolfSSL home>/certs folder\n"
" files in the folder would have the form \"hash.N\" file name\n"
" e.g symbolic link to the file at certs folder\n"
" ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n",
/* 66 */
#endif
#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \
!defined(WOLFSENTRY_NO_JSON)
"--wolfsentry-config <file> Path for JSON wolfSentry config\n",
/* 68 */
/* 67 */
#endif
#ifndef WOLFSSL_TLS13
"-7 Set minimum downgrade protocol version [0-3] "
" SSLv3(0) - TLS1.2(3)\n",
#else
"-7 Set minimum downgrade protocol version [0-4] "
" SSLv3(0) - TLS1.3(4)\n", /* 69 */
" SSLv3(0) - TLS1.3(4)\n", /* 68 */
#endif
#ifdef HAVE_PQC
"--pqc <alg> Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n"
" KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 70 */
" KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 69 */
#endif
#ifdef WOLFSSL_SRTP
"--srtp <profile> (default is SRTP_AES128_CM_SHA1_80)\n", /* 71 */
"--srtp <profile> (default is SRTP_AES128_CM_SHA1_80)\n", /* 70 */
#endif
#ifdef WOLFSSL_SYS_CA_CERTS
"--sys-ca-certs Load system CA certs for server cert verification\n", /* 72 */
"--sys-ca-certs Load system CA certs for server cert verification\n", /* 71 */
#endif
#ifdef HAVE_SUPPORTED_CURVES
"--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 73 */
"--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 72 */
#endif
#ifndef NO_PSK
"--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 74 */
"--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 73 */
#endif
#ifdef HAVE_RPK
"--rpk Use RPK for the defined certificates\n", /* 75 */
"--rpk Use RPK for the defined certificates\n", /* 74 */
#endif
"--files-are-der Specified files are in DER, not PEM format\n", /* 76 */
"--files-are-der Specified files are in DER, not PEM format\n", /* 75 */
"\n"
"For simpler wolfSSL TLS client examples, visit\n"
"https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 77 */
"https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 76 */
NULL,
},
#ifndef NO_MULTIBYTE_PRINT
Expand Down Expand Up @@ -1499,45 +1499,45 @@ static const char* client_usage_msg[][78] = {
"-q <file> Whitewood コンフィグファイル, 既定値\n", /* 49 */
#endif
"-H <arg> 内部テスト"
" [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 50 */
" loadSSL, disallowETM]\n", /* 51 */
" [defCipherList, exitWithRet, verifyFail, useSupCurve,\n"
" loadSSL, disallowETM]\n", /* 50 */
#ifdef WOLFSSL_TLS13
"-J HelloRetryRequestをKEのグループ選択に使用する\n", /* 52 */
"-K 鍵交換にPSKを使用、(EC)DHEは使用しない\n", /* 53 */
"-I データ送信前に、鍵とIVを更新する\n", /* 54 */
"-J HelloRetryRequestをKEのグループ選択に使用する\n", /* 51 */
"-K 鍵交換にPSKを使用、(EC)DHEは使用しない\n", /* 52 */
"-I データ送信前に、鍵とIVを更新する\n", /* 53 */
#ifndef NO_DH
"-y FFDHE名前付きグループとの鍵共有のみ\n", /* 55 */
"-y FFDHE名前付きグループとの鍵共有のみ\n", /* 54 */
#endif
#ifdef HAVE_ECC
"-Y ECC名前付きグループとの鍵共有のみ\n", /* 56 */
"-Y ECC名前付きグループとの鍵共有のみ\n", /* 55 */
#endif
#endif /* WOLFSSL_TLS13 */
#ifdef HAVE_CURVE25519
"-t X25519を鍵交換に使用する\n", /* 57 */
"-t X25519を鍵交換に使用する\n", /* 56 */
#endif
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
"-Q ポストハンドシェークの証明要求をサポートする\n", /* 58 */
"-Q ポストハンドシェークの証明要求をサポートする\n", /* 57 */
#endif
#ifdef WOLFSSL_EARLY_DATA
"-0 Early data をサーバーへ送信する"
"(0-RTTハンドシェイク)\n", /* 59 */
"(0-RTTハンドシェイク)\n", /* 58 */
#endif
#ifdef WOLFSSL_MULTICAST
"-3 <grpid> マルチキャスト, grpid < 256\n", /* 60 */
"-3 <grpid> マルチキャスト, grpid < 256\n", /* 59 */
#endif
"-1 <num> 指定された言語で結果を表示します。\n"
" 0: 英語、 1: 日本語\n", /* 61 */
" 0: 英語、 1: 日本語\n", /* 60 */
#if !defined(NO_DH) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
"-2 DHプライム番号チェックを無効にする\n", /* 62 */
"-2 DHプライム番号チェックを無効にする\n", /* 61 */
#endif
#ifdef HAVE_SECURE_RENEGOTIATION
"-4 再交渉に再開を使用\n", /* 63 */
"-4 再交渉に再開を使用\n", /* 62 */
#endif
#ifdef HAVE_TRUSTED_CA
"-5 信頼できる認証局の鍵表示を使用する\n", /* 64 */
"-5 信頼できる認証局の鍵表示を使用する\n", /* 63 */
#endif
"-6 WANT_WRITE エラーを全てのIO 送信でシミュレートします\n",
"-6 WANT_WRITE エラーを全てのIO 送信でシミュレートします\n", /* 64 */
#ifdef HAVE_CURVE448
"-8 鍵交換に X448 を使用する\n", /* 65 */
#endif
Expand All @@ -1549,44 +1549,44 @@ static const char* client_usage_msg[][78] = {
" フォルダー中のファイルは、\"hash.N\"[N:0-9]名である必要があります\n"
" 以下の例ではca-cert.pemにシンボリックリンクを設定します\n"
" ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n",
/* 67 */
/* 66 */
#endif
#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \
!defined(WOLFSENTRY_NO_JSON)
"--wolfsentry-config <file> wolfSentry コンフィグファイル\n",
/* 68 */
/* 67 */
#endif
#ifndef WOLFSSL_TLS13
"-7 最小ダウングレード可能なプロトコルバージョンを設定します [0-3] "
" SSLv3(0) - TLS1.2(3)\n",
#else
"-7 最小ダウングレード可能なプロトコルバージョンを設定します [0-4] "
" SSLv3(0) - TLS1.3(4)\n", /* 69 */
" SSLv3(0) - TLS1.3(4)\n", /* 68 */
#endif
#ifdef HAVE_PQC
"--pqc <alg> post-quantum 名前付きグループとの鍵共有のみ [KYBER_LEVEL1, KYBER_LEVEL3,\n"
" KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 70 */
" KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 69 */
#endif
#ifdef WOLFSSL_SRTP
"--srtp <profile> (デフォルトは SRTP_AES128_CM_SHA1_80)\n", /* 71 */
"--srtp <profile> (デフォルトは SRTP_AES128_CM_SHA1_80)\n", /* 70 */
#endif
#ifdef WOLFSSL_SYS_CA_CERTS
"--sys-ca-certs Load system CA certs for server cert verification\n", /* 72 */
"--sys-ca-certs Load system CA certs for server cert verification\n", /* 71 */
#endif
#ifdef HAVE_SUPPORTED_CURVES
"--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 73 */
"--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 72 */
#endif
#ifndef NO_PSK
"--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 74 */
"--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 73 */
#endif
#ifdef HAVE_RPK
"--rpk Use RPK for the defined certificates\n", /* 75 */
"--rpk Use RPK for the defined certificates\n", /* 74 */
#endif
"--files-are-der Specified files are in DER, not PEM format\n", /* 76 */
"--files-are-der Specified files are in DER, not PEM format\n", /* 75 */
"\n"
"より簡単なwolfSSL TLS クライアントの例については"
"下記にアクセスしてください\n"
"https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 77 */
"https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 76 */
NULL,
},
#endif
Expand Down
9 changes: 0 additions & 9 deletions wolfcrypt/src/aes.c
Original file line number Diff line number Diff line change
Expand Up @@ -11299,7 +11299,6 @@ int wc_AesCcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz,

#endif /* HAVE_AESCCM */

#ifndef WOLFSSL_NO_MALLOC
SparkiDev marked this conversation as resolved.
Show resolved Hide resolved
Aes* wc_AesNew(void* heap, int devId)
{
Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES);
Expand All @@ -11314,7 +11313,6 @@ Aes* wc_AesNew(void* heap, int devId)
}
return aes;
}
#endif

/* Initialize Aes for use with async hardware */
int wc_AesInit(Aes* aes, void* heap, int devId)
Expand Down Expand Up @@ -11451,18 +11449,14 @@ int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId)
void wc_AesFree(Aes* aes)
{
void* heap;
#ifndef WOLFSSL_NO_MALLOC
byte isAllocated;
#endif

if (aes == NULL) {
return;
}

#ifndef WOLFSSL_NO_MALLOC
heap = aes->heap;
isAllocated = aes->isAllocated;
#endif

#ifdef WC_DEBUG_CIPHER_LIFECYCLE
(void)wc_debug_CipherLifecycleFree(&aes->CipherLifecycleTag, heap, 1);
Expand Down Expand Up @@ -11531,12 +11525,9 @@ void wc_AesFree(Aes* aes)
wc_MemZero_Check(aes, sizeof(Aes));
#endif

#ifndef WOLFSSL_NO_MALLOC
if (isAllocated) {
XFREE(aes, heap, DYNAMIC_TYPE_AES);
}
#endif
(void)heap;

}

Expand Down
16 changes: 15 additions & 1 deletion wolfcrypt/src/dh.c
Original file line number Diff line number Diff line change
Expand Up @@ -2979,7 +2979,11 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
primeCheckCount = 0;
int primeCheck = MP_NO,
ret = 0;
#ifdef WOLFSSL_NO_MALLOC
unsigned char buf[DH_MAX_SIZE / WOLFSSL_BIT_SIZE];
#else
unsigned char *buf = NULL;
#endif

#if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC)
XMEMSET(tmp, 0, sizeof(tmp));
Expand Down Expand Up @@ -3029,11 +3033,16 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
if (ret == 0) {
bufSz = (word32)modSz - groupSz;

#ifdef WOLFSSL_NO_MALLOC
if (bufSz > sizeof(buf))
ret = MEMORY_E;
#else
/* allocate ram */
buf = (unsigned char *)XMALLOC(bufSz,
dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (buf == NULL)
ret = MEMORY_E;
#endif
}

/* make a random string that will be multiplied against q */
Expand Down Expand Up @@ -3167,11 +3176,16 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)

RESTORE_VECTOR_REGISTERS();

if (buf != NULL) {
#ifndef WOLFSSL_NO_MALLOC
if (buf != NULL)
#endif
{
ForceZero(buf, bufSz);
#ifndef WOLFSSL_NO_MALLOC
if (dh != NULL) {
XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
JacobBarthelmeh marked this conversation as resolved.
Show resolved Hide resolved
}
#endif
}

#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Expand Down
Loading
Loading