Allocation debugging, reduce SSL structure size.

Makefile

@@ -28,7 +28,7 @@ OBJ_FILES := \
 	ssl/tls1_clnt.o \
 	ssl/tls1_svr.o \
 	ssl/x509.o \
-#	crypto/crypto_misc.o \
+	crypto/crypto_misc.o \
 
 
 CPPFLAGS += -I$(XTENSA_LIBS)/include \
@@ -63,7 +63,7 @@ $(BIN_DIR):
 	mkdir -p $(BIN_DIR)
 
 clean:
-	rm -rf $(OBJ_FILES) $(LWIP_AR)
+	rm -rf $(OBJ_FILES) $(AXTLS_AR)
 
 
 .PHONY: all clean

crypto/crypto_misc.c

@@ -42,7 +42,11 @@
 #include "wincrypt.h"
 #endif
 
-#ifndef WIN32
+#ifdef ESP8266
+#define CONFIG_SSL_SKELETON_MODE 1
+#endif
+
+#if defined(CONFIG_USE_DEV_URANDOM)
 static int rng_fd = -1;
 #elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
 static HCRYPTPROV gCryptProv;
@@ -146,7 +150,7 @@ EXP_FUNC void STDCALL RNG_custom_init(const uint8_t *seed_buf, int size)
  */
 EXP_FUNC void STDCALL RNG_terminate(void)
 {
-#ifndef WIN32
+#if defined(CONFIG_USE_DEV_URANDOM)
     close(rng_fd);
 #elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
     CryptReleaseContext(gCryptProv, 0);

crypto/rsa.c

@@ -146,7 +146,7 @@ int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data,
     const int byte_size = ctx->num_octets;
     int i, size;
     bigint *decrypted_bi, *dat_bi;
-    uint8_t *block = (uint8_t *)alloca(byte_size);
+    uint8_t *block = (uint8_t *)malloc(byte_size);
 
     memset(out_data, 0, byte_size); /* initialise */
 
@@ -182,7 +182,7 @@ int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data,
     /* get only the bit we want */
     if (size > 0)
         memcpy(out_data, &block[i], size);
-    
+    free(block);
     return size ? size : -1;
 }
 

ssl/config.h

@@ -48,7 +48,7 @@
 #define CONFIG_X509_MAX_CA_CERTS 150
 #define CONFIG_SSL_MAX_CERTS 3
 #undef CONFIG_SSL_CTX_MUTEXING
-//#define CONFIG_USE_DEV_URANDOM 1
+#undef CONFIG_USE_DEV_URANDOM
 #undef CONFIG_WIN32_USE_CRYPTO_LIB
 #undef CONFIG_OPENSSL_COMPATIBLE
 #undef CONFIG_PERFORMANCE_TESTING

ssl/gen_cert.c

@@ -214,14 +214,14 @@ static void gen_utc_time(uint8_t *buf, int *offset)
 
 static void gen_pub_key2(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
 {
-    static const uint8_t pub_key_seq[] = 
+    static const uint8_t pub_key_seq[] =
     {
         ASN1_INTEGER, 0x03, 0x01, 0x00, 0x01 /* INTEGER 65537 */
     };
 
     int seq_offset;
     int pub_key_size = rsa_ctx->num_octets;
-    uint8_t *block = (uint8_t *)alloca(pub_key_size);
+    uint8_t *block = (uint8_t *)malloc(pub_key_size);
     int seq_size = pre_adjust_with_size(
                             ASN1_SEQUENCE, &seq_offset, buf, offset);
     buf[(*offset)++] = ASN1_INTEGER;
@@ -236,6 +236,7 @@ static void gen_pub_key2(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
         set_gen_length(pub_key_size, buf, offset);
 
     memcpy(&buf[*offset], block, pub_key_size);
+    free(block);
     *offset += pub_key_size;
     memcpy(&buf[*offset], pub_key_seq, sizeof(pub_key_seq));
     *offset += sizeof(pub_key_seq);
@@ -282,8 +283,8 @@ static void gen_signature(const RSA_CTX *rsa_ctx, const uint8_t *sha_dgst,
         ASN1_NULL, 0x00, ASN1_OCTET_STRING, 0x14 
     };
 
-    uint8_t *enc_block = (uint8_t *)alloca(rsa_ctx->num_octets);
-    uint8_t *block = (uint8_t *)alloca(sizeof(asn1_sig) + SHA1_SIZE);
+    uint8_t *enc_block = (uint8_t *)malloc(rsa_ctx->num_octets);
+    uint8_t *block = (uint8_t *)malloc(sizeof(asn1_sig) + SHA1_SIZE);
     int sig_size;
 
     /* add the digest as an embedded asn.1 sequence */
@@ -297,6 +298,8 @@ static void gen_signature(const RSA_CTX *rsa_ctx, const uint8_t *sha_dgst,
     set_gen_length(sig_size+1, buf, offset);
     buf[(*offset)++] = 0;   /* bit string is multiple of 8 */
     memcpy(&buf[*offset], enc_block, sig_size);
+    free(enc_block);
+    free(block);
     *offset += sig_size;
 }
 
@@ -342,7 +345,7 @@ EXP_FUNC int STDCALL ssl_x509_create(SSL_CTX *ssl_ctx, uint32_t options, const c
 {
     int ret = X509_OK, offset = 0, seq_offset;
     /* allocate enough space to load a new certificate */
-    uint8_t *buf = (uint8_t *)alloca(ssl_ctx->rsa_ctx->num_octets*2 + 512);
+    uint8_t *buf = (uint8_t *)malloc(ssl_ctx->rsa_ctx->num_octets*2 + 512);
     uint8_t sha_dgst[SHA1_SIZE];
     int seq_size = pre_adjust_with_size(ASN1_SEQUENCE, 
                                     &seq_offset, buf, &offset);
@@ -357,6 +360,7 @@ EXP_FUNC int STDCALL ssl_x509_create(SSL_CTX *ssl_ctx, uint32_t options, const c
     memcpy(*cert_data, buf, offset);
 
 error:
+    free(buf);
     return ret < 0 ? ret : offset;
 }
 

ssl/os_port.c

@@ -1,18 +1,18 @@
 /*
  * Copyright (c) 2007, Cameron Rich
- * 
+ *
  * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
+ *
+ * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
- * * Redistributions of source code must retain the above copyright notice, 
+ * * Redistributions of source code must retain the above copyright notice,
  *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ *   this list of conditions and the following disclaimer in the documentation
  *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
+ * * Neither the name of the axTLS project nor the names of its contributors
+ *   may be used to endorse or promote products derived from this software
  *   without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
@@ -37,17 +37,18 @@
 #include <stdlib.h>
 #include <errno.h>
 #include <stdarg.h>
+#include <string.h>
 #include "os_port.h"
 
 #ifdef WIN32
 /**
- * gettimeofday() not in Win32 
+ * gettimeofday() not in Win32
  */
 EXP_FUNC void STDCALL gettimeofday(struct timeval* t, void* timezone)
-{       
+{
 #if defined(_WIN32_WCE)
     t->tv_sec = time(NULL);
-    t->tv_usec = 0;                         /* 1sec precision only */ 
+    t->tv_usec = 0;                         /* 1sec precision only */
 #else
     struct _timeb timebuffer;
     _ftime(&timebuffer);
@@ -86,7 +87,7 @@ EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size)
 
     RegQueryValueEx(hKey, "Domain", NULL, &datatype, buf, &bufferlength);
     RegCloseKey(hKey);
-    return 0; 
+    return 0;
 }
 #endif
 
@@ -96,63 +97,3 @@ EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size)
 
 static const char * out_of_mem_str = "out of memory";
 static const char * file_open_str = "Could not open file \"%s\"";
-
-/* 
- * Some functions that call display some error trace and then call abort().
- * This just makes life much easier on embedded systems, since we're 
- * suffering major trauma...
- */
-EXP_FUNC void * STDCALL ax_malloc(size_t s)
-{
-    void *x;
-
-    if ((x = malloc(s)) == NULL)
-        exit_now(out_of_mem_str);
-
-    return x;
-}
-
-EXP_FUNC void * STDCALL ax_realloc(void *y, size_t s)
-{
-    void *x;
-
-    if ((x = realloc(y, s)) == NULL)
-        exit_now(out_of_mem_str);
-
-    return x;
-}
-
-EXP_FUNC void * STDCALL ax_calloc(size_t n, size_t s)
-{
-    void *x;
-
-    if ((x = calloc(n, s)) == NULL)
-        exit_now(out_of_mem_str);
-
-    return x;
-}
-
-EXP_FUNC int STDCALL ax_open(const char *pathname, int flags)
-{
-    int x;
-
-    if ((x = open(pathname, flags)) < 0)
-        exit_now(file_open_str, pathname);
-
-    return x;
-}
-
-/**
- * This is a call which will deliberately exit an application, but will
- * display some information before dying.
- */
-void exit_now(const char *format, ...)
-{
-    va_list argp;
-
-    va_start(argp, format);
-    vfprintf(stderr, format, argp);
-    va_end(argp);
-    abort();
-}
-

ssl/os_port.h

@@ -1,18 +1,18 @@
 /*
  * Copyright (c) 2007, Cameron Rich
- * 
+ *
  * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
+ *
+ * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
- * * Redistributions of source code must retain the above copyright notice, 
+ * * Redistributions of source code must retain the above copyright notice,
  *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ *   this list of conditions and the following disclaimer in the documentation
  *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
+ * * Neither the name of the axTLS project nor the names of its contributors
+ *   may be used to endorse or promote products derived from this software
  *   without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
@@ -44,9 +44,6 @@ extern "C" {
 #include "os_int.h"
 #include <stdio.h>
 
-
-
-
 #ifdef WIN32
 #define STDCALL                 __stdcall
 #define EXP_FUNC                __declspec(dllexport)
@@ -63,7 +60,8 @@ extern "C" {
 #if defined(ESP8266)
 
 #include "util/time.h"
-#define alloca(size) __builtin_alloca(size)
+#include <errno.h>
+// #define alloca(size) __builtin_alloca(size)
 #define TTY_FLUSH()
 #ifdef putc
 #undef putc
@@ -74,6 +72,15 @@ extern "C" {
 #endif
 #define printf(...)  ets_printf(__VA_ARGS__)
 
+#define SOCKET_READ(A,B,C)      ax_port_read(A,B,C)
+#define SOCKET_WRITE(A,B,C)     ax_port_write(A,B,C)
+#define SOCKET_CLOSE(A)         ax_port_close(A)
+#define get_file                ax_get_file
+#define EWOULDBLOCK EAGAIN
+
+#define hmac_sha1 ax_hmac_sha1
+#define hmac_md5 ax_hmac_md5
+
 #elif defined(WIN32)
 
 /* Windows CE stuff */
@@ -122,7 +129,7 @@ extern "C" {
 
 /* This fix gets around a problem where a win32 application on a cygwin xterm
    doesn't display regular output (until a certain buffer limit) - but it works
-   fine under a normal DOS window. This is a hack to get around the issue - 
+   fine under a normal DOS window. This is a hack to get around the issue -
    see http://www.khngai.com/emacs/tty.php  */
 #define TTY_FLUSH()             if (!_isatty(_fileno(stdout))) fflush(stdout);
 
@@ -161,16 +168,27 @@ EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size);
 #endif  /* Not Win32 */
 
 /* some functions to mutate the way these work */
-#define malloc(A)       ax_malloc(A)
+#define malloc(A)       ax_port_malloc(A, __FILE__, __LINE__)
 #ifndef realloc
-#define realloc(A,B)    ax_realloc(A,B)
+#define realloc(A,B)    ax_port_realloc(A,B, __FILE__, __LINE__)
 #endif
-#define calloc(A,B)     ax_calloc(A,B)
+#define calloc(A,B)     ax_port_calloc(A,B, __FILE__, __LINE__)
+#define free(x)         ax_port_free(x)
 
-EXP_FUNC void * STDCALL ax_malloc(size_t s);
-EXP_FUNC void * STDCALL ax_realloc(void *y, size_t s);
-EXP_FUNC void * STDCALL ax_calloc(size_t n, size_t s);
-EXP_FUNC int STDCALL ax_open(const char *pathname, int flags); 
+EXP_FUNC void * STDCALL ax_port_malloc(size_t s, const char*, int);
+EXP_FUNC void * STDCALL ax_port_realloc(void *y, size_t s, const char*, int);
+EXP_FUNC void * STDCALL ax_port_calloc(size_t n, size_t s, const char*, int);
+EXP_FUNC void * STDCALL ax_port_free(void*);
+EXP_FUNC int STDCALL ax_open(const char *pathname, int flags);
+
+inline uint32_t htonl(uint32_t n){
+  return ((n & 0xff) << 24) |
+    ((n & 0xff00) << 8) |
+    ((n & 0xff0000UL) >> 8) |
+    ((n & 0xff000000UL) >> 24);
+}
+
+#define ntohl htonl
 
 #ifdef CONFIG_PLATFORM_LINUX
 void exit_now(const char *format, ...) __attribute((noreturn));
@@ -186,7 +204,7 @@ void exit_now(const char *format, ...);
 #define SSL_CTX_MUTEX_DESTROY(A)    CloseHandle(A)
 #define SSL_CTX_LOCK(A)             WaitForSingleObject(A, INFINITE)
 #define SSL_CTX_UNLOCK(A)           ReleaseMutex(A)
-#else 
+#else
 #include <pthread.h>
 #define SSL_CTX_MUTEX_TYPE          pthread_mutex_t
 #define SSL_CTX_MUTEX_INIT(A)       pthread_mutex_init(&A, NULL)
@@ -205,4 +223,4 @@ void exit_now(const char *format, ...);
 }
 #endif
 
-#endif 
+#endif

ssl/tls1.c

@@ -647,7 +647,7 @@ static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
         const uint8_t *buf, int buf_len, uint8_t *hmac_buf)
 {
     int hmac_len = buf_len + 8 + SSL_RECORD_SIZE;
-    uint8_t *t_buf = (uint8_t *)alloca(hmac_len+10);
+    uint8_t *t_buf = (uint8_t *)malloc(hmac_len+10);
 
     memcpy(t_buf, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? 
                     ssl->write_sequence : ssl->read_sequence, 8);
@@ -659,6 +659,7 @@ static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
                 ssl->server_mac : ssl->client_mac, 
             ssl->cipher_info->digest_size, hmac_buf);
 
+    free(t_buf);
 #if 0
     print_blob("record", hmac_header, SSL_RECORD_SIZE);
     print_blob("buf", buf, buf_len);
@@ -943,7 +944,6 @@ static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt)
     return NULL;    /* its all gone wrong */
 }
 
-#ifndef ESP8266
 /**
  * Send a packet over the socket.
  */
@@ -980,7 +980,7 @@ static int send_raw_packet(SSL *ssl, uint8_t protocol)
 #endif
                 return SSL_ERROR_CONN_LOST;
         }
-
+#ifndef ESP8266
         /* keep going until the write buffer has some space */
         if (sent != pkt_size)
         {
@@ -992,6 +992,7 @@ static int send_raw_packet(SSL *ssl, uint8_t protocol)
             if (select(ssl->client_fd + 1, NULL, &wfds, NULL, NULL) < 0)
                 return SSL_ERROR_CONN_LOST;
         }
+#endif
     }
 
     SET_SSL_FLAG(SSL_NEED_RECORD);  /* reset for next time */
@@ -1005,7 +1006,6 @@ static int send_raw_packet(SSL *ssl, uint8_t protocol)
 
     return ret;
 }
-#endif
 
 /**
  * Send an encrypted packet with padding bytes if necessary.
@@ -1075,11 +1075,12 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
                         ssl->cipher_info->iv_size)
         {
             uint8_t iv_size = ssl->cipher_info->iv_size;
-            uint8_t *t_buf = alloca(msg_length + iv_size);
+            uint8_t *t_buf = malloc(msg_length + iv_size);
             memcpy(t_buf + iv_size, ssl->bm_data, msg_length);
             get_random(iv_size, t_buf);
             msg_length += iv_size;
             memcpy(ssl->bm_data, t_buf, msg_length);
+            free(t_buf);
         }
 
         /* now encrypt the packet */
@@ -1192,7 +1193,6 @@ static int set_key_block(SSL *ssl, int is_write)
     return 0;
 }
 
-#ifndef ESP8266
 /**
  * Read the SSL connection.
  */
@@ -1388,7 +1388,6 @@ error:
 
     return ret;
 }
-#endif
 
 /**
  * Do some basic checking of data and then perform the appropriate handshaking.

ssl/tls1.h

@@ -75,7 +75,7 @@ extern "C" {
 #define IS_SET_SSL_FLAG(A)          (ssl->flag & A)
 
 #define MAX_KEY_BYTE_SIZE           512     /* for a 4096 bit key */
-#define RT_MAX_PLAIN_LENGTH         16384
+#define RT_MAX_PLAIN_LENGTH         4096
 #define RT_EXTRA                    1024
 #define BM_RECORD_OFFSET            5
 

ssl/x509.c

@@ -270,7 +270,7 @@ static bigint *sig_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
     int i, size;
     bigint *decrypted_bi, *dat_bi;
     bigint *bir = NULL;
-    uint8_t *block = (uint8_t *)alloca(sig_len);
+    uint8_t *block = (uint8_t *)malloc(sig_len);
 
     /* decrypt */
     dat_bi = bi_import(ctx, sig, sig_len);
@@ -297,7 +297,7 @@ static bigint *sig_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
             bir = bi_import(ctx, sig_ptr, len);
         }
     }
-
+    free(block);
     /* save a few bytes of memory */
     bi_clear_cache(ctx);
     return bir;