diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index 5c03ad80d..b225e4b6d 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -1230,7 +1230,7 @@ static int GetKey(DecodedCert* cert) if (b != ASN_BIT_STRING) return ASN_BITSTR_E; - if (GetLength(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0) + if (GetLength(cert->source,&cert->srcIdx,&length,cert->maxIdx) < 0) return ASN_PARSE_E; b = cert->source[cert->srcIdx++]; if (b != 0x00) @@ -2127,9 +2127,9 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, else { /* make sure we're right justified */ encodedSigSz = - EncodeSignature(encodedSig, digest, digestSz, typeH); + EncodeSignature(encodedSig, digest, digestSz, typeH); if (encodedSigSz != verifySz || - XMEMCMP(out, encodedSig, encodedSigSz) != 0) { + XMEMCMP(out, encodedSig, encodedSigSz) != 0) { CYASSL_MSG("Rsa SSL verify match encode error"); ret = 0; } @@ -2173,7 +2173,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, return 0; } - ret = ecc_verify_hash(sig, sigSz, digest, digestSz, &verify, &pubKey); + ret = ecc_verify_hash(sig,sigSz,digest,digestSz,&verify,&pubKey); ecc_free(&pubKey); if (ret == 0 && verify == 1) return 1; /* match */ @@ -4135,90 +4135,90 @@ static int GetEnumerated(const byte* input, word32* inOutIdx, int *value) static int DecodeSingleResponse(byte* source, word32* ioIndex, OcspResponse* resp, word32 size) { - word32 index = *ioIndex, prevIndex, oid; + word32 idx = *ioIndex, prevIndex, oid; int length, wrapperSz; CertStatus* cs = resp->status; CYASSL_ENTER("DecodeSingleResponse"); /* Outer wrapper of the SEQUENCE OF Single Responses. */ - if (GetSequence(source, &index, &wrapperSz, size) < 0) + if (GetSequence(source, &idx, &wrapperSz, size) < 0) return ASN_PARSE_E; - prevIndex = index; + prevIndex = idx; /* When making a request, we only request one status on one certificate * at a time. There should only be one SingleResponse */ /* Wrapper around the Single Response */ - if (GetSequence(source, &index, &length, size) < 0) + if (GetSequence(source, &idx, &length, size) < 0) return ASN_PARSE_E; /* Wrapper around the CertID */ - if (GetSequence(source, &index, &length, size) < 0) + if (GetSequence(source, &idx, &length, size) < 0) return ASN_PARSE_E; /* Skip the hash algorithm */ - if (GetAlgoId(source, &index, &oid, size) < 0) + if (GetAlgoId(source, &idx, &oid, size) < 0) return ASN_PARSE_E; /* Save reference to the hash of CN */ - if (source[index++] != ASN_OCTET_STRING) + if (source[idx++] != ASN_OCTET_STRING) return ASN_PARSE_E; - if (GetLength(source, &index, &length, size) < 0) + if (GetLength(source, &idx, &length, size) < 0) return ASN_PARSE_E; - resp->issuerHash = source + index; - index += length; + resp->issuerHash = source + idx; + idx += length; /* Save reference to the hash of the issuer public key */ - if (source[index++] != ASN_OCTET_STRING) + if (source[idx++] != ASN_OCTET_STRING) return ASN_PARSE_E; - if (GetLength(source, &index, &length, size) < 0) + if (GetLength(source, &idx, &length, size) < 0) return ASN_PARSE_E; - resp->issuerKeyHash = source + index; - index += length; + resp->issuerKeyHash = source + idx; + idx += length; /* Read the serial number, it is handled as a string, not as a * proper number. Just XMEMCPY the data over, rather than load it * as an mp_int. */ - if (source[index++] != ASN_INTEGER) + if (source[idx++] != ASN_INTEGER) return ASN_PARSE_E; - if (GetLength(source, &index, &length, size) < 0) + if (GetLength(source, &idx, &length, size) < 0) return ASN_PARSE_E; if (length <= EXTERNAL_SERIAL_SIZE) { - if (source[index] == 0) + if (source[idx] == 0) { - index++; + idx++; length--; } - XMEMCPY(cs->serial, source + index, length); + XMEMCPY(cs->serial, source + idx, length); cs->serialSz = length; } else { return ASN_GETINT_E; } - index += length; + idx += length; /* CertStatus */ - switch (source[index++]) + switch (source[idx++]) { case (ASN_CONTEXT_SPECIFIC | CERT_GOOD): cs->status = CERT_GOOD; - index++; + idx++; break; case (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | CERT_REVOKED): cs->status = CERT_REVOKED; - GetLength(source, &index, &length, size); - index += length; + GetLength(source, &idx, &length, size); + idx += length; break; case (ASN_CONTEXT_SPECIFIC | CERT_UNKNOWN): cs->status = CERT_UNKNOWN; - index++; + idx++; break; default: return ASN_PARSE_E; } - if (GetBasicDate(source, &index, cs->thisDate, + if (GetBasicDate(source, &idx, cs->thisDate, &cs->thisDateFormat, size) < 0) return ASN_PARSE_E; if (!ValidateDate(cs->thisDate, cs->thisDateFormat, BEFORE)) @@ -4227,26 +4227,26 @@ static int DecodeSingleResponse(byte* source, /* The following items are optional. Only check for them if there is more * unprocessed data in the singleResponse wrapper. */ - if ((index - prevIndex < wrapperSz) && - (source[index] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0))) + if (((int)(idx - prevIndex) < wrapperSz) && + (source[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0))) { - index++; - if (GetLength(source, &index, &length, size) < 0) + idx++; + if (GetLength(source, &idx, &length, size) < 0) return ASN_PARSE_E; - if (GetBasicDate(source, &index, cs->nextDate, + if (GetBasicDate(source, &idx, cs->nextDate, &cs->nextDateFormat, size) < 0) return ASN_PARSE_E; } - if ((index - prevIndex < wrapperSz) && - (source[index] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1))) + if (((int)(idx - prevIndex) < wrapperSz) && + (source[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1))) { - index++; - if (GetLength(source, &index, &length, size) < 0) + idx++; + if (GetLength(source, &idx, &length, size) < 0) return ASN_PARSE_E; - index += length; + idx += length; } - *ioIndex = index; + *ioIndex = idx; return 0; } @@ -4572,7 +4572,7 @@ static word32 SetOcspReqExtensions(word32 extSz, byte* output, seqArray[1][0] = ASN_OBJECT_ID; seqSz[1] = 1 + SetLength(sizeof(NonceObjId), &seqArray[1][1]); - totalSz = seqSz[0] + seqSz[1] + nonceSz + sizeof(NonceObjId); + totalSz = seqSz[0] + seqSz[1] + nonceSz + (word32)sizeof(NonceObjId); seqSz[2] = SetSequence(totalSz, seqArray[2]); totalSz += seqSz[2]; @@ -4596,7 +4596,7 @@ static word32 SetOcspReqExtensions(word32 extSz, byte* output, XMEMCPY(output + totalSz, seqArray[1], seqSz[1]); totalSz += seqSz[1]; XMEMCPY(output + totalSz, NonceObjId, sizeof(NonceObjId)); - totalSz += sizeof(NonceObjId); + totalSz += (word32)sizeof(NonceObjId); XMEMCPY(output + totalSz, seqArray[0], seqSz[0]); totalSz += seqSz[0]; XMEMCPY(output + totalSz, nonce, nonceSz); @@ -4617,7 +4617,6 @@ int EncodeOcspRequest(OcspRequest* req) byte snArray[MAX_SN_SZ]; byte extArray[MAX_OCSP_EXT_SZ]; byte* output = req->dest; - word32 outputSz = req->destSz; RNG rng; word32 seqSz[5], algoSz, issuerSz, issuerKeySz, snSz, extSz, totalSz; int i; diff --git a/cyassl/ctaocrypt/asn.h b/cyassl/ctaocrypt/asn.h index 0b9e2f67a..71f9d8e33 100644 --- a/cyassl/ctaocrypt/asn.h +++ b/cyassl/ctaocrypt/asn.h @@ -19,7 +19,7 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ -//#ifndef NO_ASN +#ifndef NO_ASN #ifndef CTAO_CRYPT_ASN_H #define CTAO_CRYPT_ASN_H @@ -485,4 +485,4 @@ CYASSL_LOCAL void FreeDecodedCRL(DecodedCRL*); #endif /* CTAO_CRYPT_ASN_H */ -//#endif /* NO_ASN */ +#endif /* !NO_ASN */ diff --git a/cyassl/ctaocrypt/rsa.h b/cyassl/ctaocrypt/rsa.h index 5071aa8b0..c029e4b09 100644 --- a/cyassl/ctaocrypt/rsa.h +++ b/cyassl/ctaocrypt/rsa.h @@ -80,4 +80,4 @@ CYASSL_API int RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey*, #endif /* CTAO_CRYPT_RSA_H */ -#endif /* NO_RSA */ \ No newline at end of file +#endif /* NO_RSA */ diff --git a/cyassl/internal.h b/cyassl/internal.h index 21f0230c7..60705d789 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -180,7 +180,8 @@ void c32to24(word32 in, word24 out); #define BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA #endif -#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && !defined(NO_RSA) && defined(OPENSSL_EXTRA) +#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ + !defined(NO_RSA) && defined(OPENSSL_EXTRA) #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA #if !defined (NO_SHA256) diff --git a/cyassl/ssl.h b/cyassl/ssl.h index e2f79af1f..cfacdb1a4 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -654,8 +654,8 @@ CYASSL_API void CyaSSL_CTX_sess_set_remove_cb(CYASSL_CTX*, void (*f)(CYASSL_CTX*, CYASSL_SESSION*)); CYASSL_API int CyaSSL_i2d_SSL_SESSION(CYASSL_SESSION*,unsigned char**); -CYASSL_API CYASSL_SESSION* CyaSSL_d2i_SSL_SESSION(CYASSL_SESSION**,const unsigned char**, - long); +CYASSL_API CYASSL_SESSION* CyaSSL_d2i_SSL_SESSION(CYASSL_SESSION**, + const unsigned char**, long); CYASSL_API long CyaSSL_SESSION_get_timeout(const CYASSL_SESSION*); CYASSL_API long CyaSSL_SESSION_get_time(const CYASSL_SESSION*); diff --git a/src/ocsp.c b/src/ocsp.c index b64bee736..af1e422fc 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -167,7 +167,7 @@ static int decode_url(const char* url, int urlSz, int CyaSSL_OCSP_set_override_url(CYASSL_OCSP* ocsp, const char* url) { if (ocsp != NULL) { - int urlSz = strlen(url); + int urlSz = (int)XSTRLEN(url); decode_url(url, urlSz, ocsp->overrideName, ocsp->overridePath, &ocsp->overridePort); return 1; @@ -278,8 +278,8 @@ static int decode_http_response(byte* httpBuf, int httpBufSz, byte** dst) idx += 2; /* skip the crlf */ } else { /* Advance idx past the next \r\n */ - char* end = strstr(&buf[idx], "\r\n"); - idx = end - buf + 2; + char* end = XSTRSTR(&buf[idx], "\r\n"); + idx = (int)(end - buf + 2); stop = 1; } } @@ -411,11 +411,11 @@ static int http_ocsp_transaction(CYASSL_OCSP* ocsp, DecodedCert* cert, tcp_connect(&sfd, domainName, port); if (sfd > 0) { int written; - written = write(sfd, httpBuf, httpBufSz); + written = (int)write(sfd, httpBuf, httpBufSz); if (written == httpBufSz) { - written = write(sfd, ocspReqBuf, ocspReqSz); + written = (int)write(sfd, ocspReqBuf, ocspReqSz); if (written == ocspReqSz) { - httpBufSz = read(sfd, httpBuf, SCRATCH_BUFFER_SIZE); + httpBufSz = (int)read(sfd, httpBuf, SCRATCH_BUFFER_SIZE); if (httpBufSz > 0) { ocspRespSz = decode_http_response(httpBuf, httpBufSz, ocspRespBuf);