Allocation debugging, reduce SSL structure size.

2025-04-21 10:26:06 +03:00 · 2015-09-01 15:59:34 +03:00 · 2015-09-01 15:59:34 +03:00 · 6095fde37e
commit 6095fde37e
parent 6c91aa10fc
10 changed files with 82 additions and 116 deletions
--- a/4
+++ b/4
@ -28,7 +28,7 @@ OBJ_FILES := \
 	ssl/tls1_clnt.o \
 	ssl/tls1_svr.o \
 	ssl/x509.o \
-#	crypto/crypto_misc.o \
+	crypto/crypto_misc.o \
 CPPFLAGS += -I$(XTENSA_LIBS)/include \
@ -63,7 +63,7 @@ $(BIN_DIR):
 	mkdir -p $(BIN_DIR)
 clean:
-	rm -rf $(OBJ_FILES) $(LWIP_AR)
+	rm -rf $(OBJ_FILES) $(AXTLS_AR)
 .PHONY: all clean
--- a/crypto/crypto_misc.c
+++ b/crypto/crypto_misc.c
@ -42,7 +42,11 @@
 #include "wincrypt.h"
 #endif
-#ifndef WIN32
+#ifdef ESP8266
 #define CONFIG_SSL_SKELETON_MODE 1
 #endif
 #if defined(CONFIG_USE_DEV_URANDOM)
 static int rng_fd = -1;
 #elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
 static HCRYPTPROV gCryptProv;
@ -146,7 +150,7 @@ EXP_FUNC void STDCALL RNG_custom_init(const uint8_t *seed_buf, int size)
 */
 EXP_FUNC void STDCALL RNG_terminate(void)
 {
-#ifndef WIN32
+#if defined(CONFIG_USE_DEV_URANDOM)
    close(rng_fd);
 #elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
    CryptReleaseContext(gCryptProv, 0);
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@ -146,7 +146,7 @@ int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data,
    const int byte_size = ctx->num_octets;
    int i, size;
    bigint *decrypted_bi, *dat_bi;
-    uint8_t *block = (uint8_t *)alloca(byte_size);
+    uint8_t *block = (uint8_t *)malloc(byte_size);
    memset(out_data, 0, byte_size); /* initialise */
@ -182,7 +182,7 @@ int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data,
    /* get only the bit we want */
    if (size > 0)
        memcpy(out_data, &block[i], size);
-    
+    free(block);
    return size ? size : -1;
 }
--- a/ssl/config.h
+++ b/ssl/config.h
@ -48,7 +48,7 @@
 #define CONFIG_X509_MAX_CA_CERTS 150
 #define CONFIG_SSL_MAX_CERTS 3
 #undef CONFIG_SSL_CTX_MUTEXING
-//#define CONFIG_USE_DEV_URANDOM 1
+#undef CONFIG_USE_DEV_URANDOM
 #undef CONFIG_WIN32_USE_CRYPTO_LIB
 #undef CONFIG_OPENSSL_COMPATIBLE
 #undef CONFIG_PERFORMANCE_TESTING
--- a/ssl/gen_cert.c
+++ b/ssl/gen_cert.c
@ -221,7 +221,7 @@ static void gen_pub_key2(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
    int seq_offset;
    int pub_key_size = rsa_ctx->num_octets;
-    uint8_t *block = (uint8_t *)alloca(pub_key_size);
+    uint8_t *block = (uint8_t *)malloc(pub_key_size);
    int seq_size = pre_adjust_with_size(
                            ASN1_SEQUENCE, &seq_offset, buf, offset);
    buf[(*offset)++] = ASN1_INTEGER;
@ -236,6 +236,7 @@ static void gen_pub_key2(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
        set_gen_length(pub_key_size, buf, offset);
    memcpy(&buf[*offset], block, pub_key_size);
    free(block);
    *offset += pub_key_size;
    memcpy(&buf[*offset], pub_key_seq, sizeof(pub_key_seq));
    *offset += sizeof(pub_key_seq);
@ -282,8 +283,8 @@ static void gen_signature(const RSA_CTX *rsa_ctx, const uint8_t *sha_dgst,
        ASN1_NULL, 0x00, ASN1_OCTET_STRING, 0x14 
    };
-    uint8_t *enc_block = (uint8_t *)alloca(rsa_ctx->num_octets);
+    uint8_t *enc_block = (uint8_t *)malloc(rsa_ctx->num_octets);
-    uint8_t *block = (uint8_t *)alloca(sizeof(asn1_sig) + SHA1_SIZE);
+    uint8_t *block = (uint8_t *)malloc(sizeof(asn1_sig) + SHA1_SIZE);
    int sig_size;
    /* add the digest as an embedded asn.1 sequence */
@ -297,6 +298,8 @@ static void gen_signature(const RSA_CTX *rsa_ctx, const uint8_t *sha_dgst,
    set_gen_length(sig_size+1, buf, offset);
    buf[(*offset)++] = 0;   /* bit string is multiple of 8 */
    memcpy(&buf[*offset], enc_block, sig_size);
    free(enc_block);
    free(block);
    *offset += sig_size;
 }
@ -342,7 +345,7 @@ EXP_FUNC int STDCALL ssl_x509_create(SSL_CTX *ssl_ctx, uint32_t options, const c
 {
    int ret = X509_OK, offset = 0, seq_offset;
    /* allocate enough space to load a new certificate */
-    uint8_t *buf = (uint8_t *)alloca(ssl_ctx->rsa_ctx->num_octets*2 + 512);
+    uint8_t *buf = (uint8_t *)malloc(ssl_ctx->rsa_ctx->num_octets*2 + 512);
    uint8_t sha_dgst[SHA1_SIZE];
    int seq_size = pre_adjust_with_size(ASN1_SEQUENCE, 
                                    &seq_offset, buf, &offset);
@ -357,6 +360,7 @@ EXP_FUNC int STDCALL ssl_x509_create(SSL_CTX *ssl_ctx, uint32_t options, const c
    memcpy(*cert_data, buf, offset);
 error:
    free(buf);
    return ret < 0 ? ret : offset;
 }
--- a/ssl/os_port.c
+++ b/ssl/os_port.c
@ -37,6 +37,7 @@
 #include <stdlib.h>
 #include <errno.h>
 #include <stdarg.h>
 #include <string.h>
 #include "os_port.h"
 #ifdef WIN32
@ -96,63 +97,3 @@ EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size)
 static const char * out_of_mem_str = "out of memory";
 static const char * file_open_str = "Could not open file \"%s\"";
 /* 
 * Some functions that call display some error trace and then call abort().
 * This just makes life much easier on embedded systems, since we're 
 * suffering major trauma...
 */
 EXP_FUNC void * STDCALL ax_malloc(size_t s)
 {
    void *x;
    if ((x = malloc(s)) == NULL)
        exit_now(out_of_mem_str);
    return x;
 }
 EXP_FUNC void * STDCALL ax_realloc(void *y, size_t s)
 {
    void *x;
    if ((x = realloc(y, s)) == NULL)
        exit_now(out_of_mem_str);
    return x;
 }
 EXP_FUNC void * STDCALL ax_calloc(size_t n, size_t s)
 {
    void *x;
    if ((x = calloc(n, s)) == NULL)
        exit_now(out_of_mem_str);
    return x;
 }
 EXP_FUNC int STDCALL ax_open(const char *pathname, int flags)
 {
    int x;
    if ((x = open(pathname, flags)) < 0)
        exit_now(file_open_str, pathname);
    return x;
 }
 /**
 * This is a call which will deliberately exit an application, but will
 * display some information before dying.
 */
 void exit_now(const char *format, ...)
 {
    va_list argp;
    va_start(argp, format);
    vfprintf(stderr, format, argp);
    va_end(argp);
    abort();
 }
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@ -44,9 +44,6 @@ extern "C" {
 #include "os_int.h"
 #include <stdio.h>
 #ifdef WIN32
 #define STDCALL                 __stdcall
 #define EXP_FUNC                __declspec(dllexport)
@ -63,7 +60,8 @@ extern "C" {
 #if defined(ESP8266)
 #include "util/time.h"
-#define alloca(size) __builtin_alloca(size)
+#include <errno.h>
 // #define alloca(size) __builtin_alloca(size)
 #define TTY_FLUSH()
 #ifdef putc
 #undef putc
@ -74,6 +72,15 @@ extern "C" {
 #endif
 #define printf(...)  ets_printf(__VA_ARGS__)
 #define SOCKET_READ(A,B,C)      ax_port_read(A,B,C)
 #define SOCKET_WRITE(A,B,C)     ax_port_write(A,B,C)
 #define SOCKET_CLOSE(A)         ax_port_close(A)
 #define get_file                ax_get_file
 #define EWOULDBLOCK EAGAIN
 #define hmac_sha1 ax_hmac_sha1
 #define hmac_md5 ax_hmac_md5
 #elif defined(WIN32)
 /* Windows CE stuff */
@ -161,17 +168,28 @@ EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size);
 #endif  /* Not Win32 */
 /* some functions to mutate the way these work */
-#define malloc(A)       ax_malloc(A)
+#define malloc(A)       ax_port_malloc(A, __FILE__, __LINE__)
 #ifndef realloc
-#define realloc(A,B)    ax_realloc(A,B)
+#define realloc(A,B)    ax_port_realloc(A,B, __FILE__, __LINE__)
 #endif
-#define calloc(A,B)     ax_calloc(A,B)
+#define calloc(A,B)     ax_port_calloc(A,B, __FILE__, __LINE__)
 #define free(x)         ax_port_free(x)
-EXP_FUNC void * STDCALL ax_malloc(size_t s);
+EXP_FUNC void * STDCALL ax_port_malloc(size_t s, const char*, int);
-EXP_FUNC void * STDCALL ax_realloc(void *y, size_t s);
+EXP_FUNC void * STDCALL ax_port_realloc(void *y, size_t s, const char*, int);
-EXP_FUNC void * STDCALL ax_calloc(size_t n, size_t s);
+EXP_FUNC void * STDCALL ax_port_calloc(size_t n, size_t s, const char*, int);
 EXP_FUNC void * STDCALL ax_port_free(void*);
 EXP_FUNC int STDCALL ax_open(const char *pathname, int flags);
 inline uint32_t htonl(uint32_t n){
  return ((n & 0xff) << 24) |
    ((n & 0xff00) << 8) |
    ((n & 0xff0000UL) >> 8) |
    ((n & 0xff000000UL) >> 24);
 }
 #define ntohl htonl
 #ifdef CONFIG_PLATFORM_LINUX
 void exit_now(const char *format, ...) __attribute((noreturn));
 #else
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@ -647,7 +647,7 @@ static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
        const uint8_t *buf, int buf_len, uint8_t *hmac_buf)
 {
    int hmac_len = buf_len + 8 + SSL_RECORD_SIZE;
-    uint8_t *t_buf = (uint8_t *)alloca(hmac_len+10);
+    uint8_t *t_buf = (uint8_t *)malloc(hmac_len+10);
    memcpy(t_buf, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? 
                    ssl->write_sequence : ssl->read_sequence, 8);
@ -659,6 +659,7 @@ static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
                ssl->server_mac : ssl->client_mac, 
            ssl->cipher_info->digest_size, hmac_buf);
    free(t_buf);
 #if 0
    print_blob("record", hmac_header, SSL_RECORD_SIZE);
    print_blob("buf", buf, buf_len);
@ -943,7 +944,6 @@ static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt)
    return NULL;    /* its all gone wrong */
 }
 #ifndef ESP8266
 /**
 * Send a packet over the socket.
 */
@ -980,7 +980,7 @@ static int send_raw_packet(SSL *ssl, uint8_t protocol)
 #endif
                return SSL_ERROR_CONN_LOST;
        }
-
+#ifndef ESP8266
        /* keep going until the write buffer has some space */
        if (sent != pkt_size)
        {
@ -992,6 +992,7 @@ static int send_raw_packet(SSL *ssl, uint8_t protocol)
            if (select(ssl->client_fd + 1, NULL, &wfds, NULL, NULL) < 0)
                return SSL_ERROR_CONN_LOST;
        }
 #endif
    }
    SET_SSL_FLAG(SSL_NEED_RECORD);  /* reset for next time */
@ -1005,7 +1006,6 @@ static int send_raw_packet(SSL *ssl, uint8_t protocol)
    return ret;
 }
 #endif
 /**
 * Send an encrypted packet with padding bytes if necessary.
@ -1075,11 +1075,12 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
                        ssl->cipher_info->iv_size)
        {
            uint8_t iv_size = ssl->cipher_info->iv_size;
-            uint8_t *t_buf = alloca(msg_length + iv_size);
+            uint8_t *t_buf = malloc(msg_length + iv_size);
            memcpy(t_buf + iv_size, ssl->bm_data, msg_length);
            get_random(iv_size, t_buf);
            msg_length += iv_size;
            memcpy(ssl->bm_data, t_buf, msg_length);
            free(t_buf);
        }
        /* now encrypt the packet */
@ -1192,7 +1193,6 @@ static int set_key_block(SSL *ssl, int is_write)
    return 0;
 }
 #ifndef ESP8266
 /**
 * Read the SSL connection.
 */
@ -1388,7 +1388,6 @@ error:
    return ret;
 }
 #endif
 /**
 * Do some basic checking of data and then perform the appropriate handshaking.
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@ -75,7 +75,7 @@ extern "C" {
 #define IS_SET_SSL_FLAG(A)          (ssl->flag & A)
 #define MAX_KEY_BYTE_SIZE           512     /* for a 4096 bit key */
-#define RT_MAX_PLAIN_LENGTH         16384
+#define RT_MAX_PLAIN_LENGTH         4096
 #define RT_EXTRA                    1024
 #define BM_RECORD_OFFSET            5
--- a/ssl/x509.c
+++ b/ssl/x509.c
@ -270,7 +270,7 @@ static bigint *sig_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
    int i, size;
    bigint *decrypted_bi, *dat_bi;
    bigint *bir = NULL;
-    uint8_t *block = (uint8_t *)alloca(sig_len);
+    uint8_t *block = (uint8_t *)malloc(sig_len);
    /* decrypt */
    dat_bi = bi_import(ctx, sig, sig_len);
@ -297,7 +297,7 @@ static bigint *sig_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
            bir = bi_import(ctx, sig_ptr, len);
        }
    }
-
+    free(block);
    /* save a few bytes of memory */
    bi_clear_cache(ctx);
    return bir;