diff --git a/src/ssl.c b/src/ssl.c index 70710be7e..c140c0d91 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -21127,7 +21127,7 @@ void wolfSSL_sk_X509_CRL_free(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk) /* return 1 on success 0 on fail */ int wolfSSL_sk_X509_CRL_push(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk, WOLFSSL_X509_CRL* crl) { - WOLFSSL_ENTER("wolfSSL_sk_X509_push"); + WOLFSSL_ENTER("wolfSSL_sk_X509_CRL_push"); if (sk == NULL || crl == NULL) { return WOLFSSL_FAILURE; @@ -30580,7 +30580,7 @@ size_t wolfSSL_CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key, unsigned char *iv, WOLFSSL_CBC128_CB cbc) { - byte lastBlk[WOLFSSL_CTS128_BLOCK_SZ] = {0}; + byte lastBlk[WOLFSSL_CTS128_BLOCK_SZ]; int lastBlkLen = len % WOLFSSL_CTS128_BLOCK_SZ; WOLFSSL_ENTER("wolfSSL_CRYPTO_cts128_encrypt"); @@ -30602,6 +30602,7 @@ size_t wolfSSL_CRYPTO_cts128_encrypt(const unsigned char *in, /* RFC2040: Pad Pn with zeros at the end to create P of length BB. */ XMEMCPY(lastBlk, in, lastBlkLen); + XMEMSET(lastBlk + lastBlkLen, 0, WOLFSSL_CTS128_BLOCK_SZ - lastBlkLen); /* RFC2040: Select the first Ln bytes of En-1 to create Cn */ XMEMCPY(out, out - WOLFSSL_CTS128_BLOCK_SZ, lastBlkLen); (*cbc)(lastBlk, out - WOLFSSL_CTS128_BLOCK_SZ, WOLFSSL_CTS128_BLOCK_SZ, @@ -30614,8 +30615,8 @@ size_t wolfSSL_CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key, unsigned char *iv, WOLFSSL_CBC128_CB cbc) { - byte lastBlk[WOLFSSL_CTS128_BLOCK_SZ] = {0}; - byte prevBlk[WOLFSSL_CTS128_BLOCK_SZ] = {0}; + byte lastBlk[WOLFSSL_CTS128_BLOCK_SZ]; + byte prevBlk[WOLFSSL_CTS128_BLOCK_SZ]; int lastBlkLen = len % WOLFSSL_CTS128_BLOCK_SZ; WOLFSSL_ENTER("wolfSSL_CRYPTO_cts128_decrypt"); @@ -30638,6 +30639,7 @@ size_t wolfSSL_CRYPTO_cts128_decrypt(const unsigned char *in, /* RFC2040: Decrypt Cn-1 to create Dn. * Use 0 buffer as IV to do straight decryption. * This places the Cn-1 block at lastBlk */ + XMEMSET(lastBlk, 0, WOLFSSL_CTS128_BLOCK_SZ); (*cbc)(in, prevBlk, WOLFSSL_CTS128_BLOCK_SZ, key, lastBlk, 0); /* RFC2040: Append the tail (BB minus Ln) bytes of Xn to Cn * to create En. */ @@ -30650,6 +30652,7 @@ size_t wolfSSL_CRYPTO_cts128_decrypt(const unsigned char *in, } #endif /* HAVE_CTS */ +#ifndef NO_ASN_TIME #ifndef NO_BIO int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a) { @@ -44363,17 +44366,17 @@ err: #endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */ } - WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read( + WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read( XFILE fp, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk, pem_password_cb* cb, void* u) { - WOLFSSL_BIO* file_bio = wolfSSL_BIO_new_fp(fp, BIO_NOCLOSE); + WOLFSSL_BIO* fileBio = wolfSSL_BIO_new_fp(fp, BIO_NOCLOSE); WOLF_STACK_OF(WOLFSSL_X509_INFO)* ret = NULL; WOLFSSL_ENTER("wolfSSL_PEM_X509_INFO_read"); - if (file_bio != NULL) { - ret = wolfSSL_PEM_X509_INFO_read_bio(file_bio, sk, cb, u); - wolfSSL_BIO_free(file_bio); + if (fileBio != NULL) { + ret = wolfSSL_PEM_X509_INFO_read_bio(fileBio, sk, cb, u); + wolfSSL_BIO_free(fileBio); } return ret; } @@ -52841,6 +52844,7 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom) int wolfSSL_BN_rand_range(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *range) { int n; + int iter = 0; WOLFSSL_MSG("wolfSSL_BN_rand_range"); if (r == NULL || range == NULL) { @@ -52855,6 +52859,11 @@ int wolfSSL_BN_rand_range(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *range) } else { do { + if (iter >= 100) { + WOLFSSL_MSG("wolfSSL_BN_rand_range too many iterations"); + return WOLFSSL_FAILURE; + } + iter++; if (wolfSSL_BN_rand(r, n, 0, 0) == WOLFSSL_FAILURE) { WOLFSSL_MSG("wolfSSL_BN_rand error"); return WOLFSSL_FAILURE; @@ -61678,7 +61687,7 @@ int wolfSSL_i2d_PKCS7(PKCS7 *p7, unsigned char **out) int len; WC_RNG rng; int ret = WOLFSSL_FAILURE; - WOLFSSL_ENTER("wolfSSL_i2d_PKCS7_bio"); + WOLFSSL_ENTER("wolfSSL_i2d_PKCS7"); if (!out || !p7) { WOLFSSL_MSG("Bad parameter"); @@ -61741,7 +61750,7 @@ int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7) } if ((len = wolfSSL_i2d_PKCS7(p7, &output)) == WOLFSSL_FAILURE) { - WOLFSSL_MSG("wc_PKCS7_EncodeSignedData error"); + WOLFSSL_MSG("wolfSSL_i2d_PKCS7 error"); goto cleanup; } diff --git a/tests/api.c b/tests/api.c index df58e91ad..8f9e35c56 100644 --- a/tests/api.c +++ b/tests/api.c @@ -42000,7 +42000,7 @@ static void test_wolfSSL_CRYPTO_cts128(void) { #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(OPENSSL_EXTRA) \ && defined(HAVE_CTS) - byte tmp[64] = {0}; /* Largest vector size */ + byte tmp[64]; /* Largest vector size */ /* Test vectors taken form RFC3962 Appendix B */ const testVector vects[] = { { @@ -42059,10 +42059,12 @@ static void test_wolfSSL_CRYPTO_cts128(void) 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 }; size_t i; + XMEMSET(tmp, 0, sizeof(tmp)); for (i = 0; i < sizeof(vects)/sizeof(vects[0]); i++) { AES_KEY encKey; AES_KEY decKey; - byte iv[AES_IV_SIZE] = {0}; /* All-zero IV for all cases */ + byte iv[AES_IV_SIZE]; /* All-zero IV for all cases */ + XMEMSET(iv, 0, sizeof(iv)); AssertIntEQ(AES_set_encrypt_key(keyBytes, AES_128_KEY_SIZE * 8, &encKey), 0); AssertIntEQ(AES_set_decrypt_key(keyBytes, AES_128_KEY_SIZE * 8, &decKey), 0); AssertIntEQ(CRYPTO_cts128_encrypt((const unsigned char*)vects[i].input, diff --git a/wolfssl/openssl/asn1.h b/wolfssl/openssl/asn1.h index 19c60fb34..8698e99ee 100644 --- a/wolfssl/openssl/asn1.h +++ b/wolfssl/openssl/asn1.h @@ -26,16 +26,16 @@ #include -#define ASN1_STRING_new wolfSSL_ASN1_STRING_new -#define ASN1_STRING_type_new wolfSSL_ASN1_STRING_type_new -#define ASN1_STRING_type wolfSSL_ASN1_STRING_type -#define ASN1_STRING_set wolfSSL_ASN1_STRING_set +#define ASN1_STRING_new wolfSSL_ASN1_STRING_new +#define ASN1_STRING_type_new wolfSSL_ASN1_STRING_type_new +#define ASN1_STRING_type wolfSSL_ASN1_STRING_type +#define ASN1_STRING_set wolfSSL_ASN1_STRING_set #define ASN1_OCTET_STRING_set wolfSSL_ASN1_STRING_set -#define ASN1_STRING_free wolfSSL_ASN1_STRING_free +#define ASN1_STRING_free wolfSSL_ASN1_STRING_free -#define ASN1_get_object wolfSSL_ASN1_get_object -#define d2i_ASN1_OBJECT wolfSSL_d2i_ASN1_OBJECT -#define c2i_ASN1_OBJECT wolfSSL_c2i_ASN1_OBJECT +#define ASN1_get_object wolfSSL_ASN1_get_object +#define d2i_ASN1_OBJECT wolfSSL_d2i_ASN1_OBJECT +#define c2i_ASN1_OBJECT wolfSSL_c2i_ASN1_OBJECT #define V_ASN1_INTEGER 0x02 #define V_ASN1_OCTET_STRING 0x04 /* tag for ASN1_OCTET_STRING */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index b7e264680..94abd6bc9 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -4058,9 +4058,11 @@ WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_bio_X509_CRL(WOLFSSL_BIO *bp, WOLFSSL_X509_CRL **x, wc_pem_password_cb *cb, void *u); WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u); +#ifndef NO_FILESYSTEM WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read( XFILE fp, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk, pem_password_cb* cb, void* u); +#endif WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read_bio( WOLFSSL_BIO* bio, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk, wc_pem_password_cb* cb, void* u);