feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

fixed sanitize errors

Browse Source
This commit is contained in:
Hideki Miyazaki
2021-03-05 15:14:56 +09:00
parent b4a573ca98
commit 39b0c4eaf8
4 changed files with 80 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
src/internal.c
View File

@@ -1981,7 +1981,7 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
if (ctx->x509_store.lookup.dirs) { if (ctx->x509_store.lookup.dirs) {
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
if (!ctx->x509_store.lookup.dirs->dir_entry) { if (ctx->x509_store.lookup.dirs->dir_entry) {
wolfSSL_sk_BY_DIR_entry_free(ctx->x509_store.lookup.dirs->dir_entry); wolfSSL_sk_BY_DIR_entry_free(ctx->x509_store.lookup.dirs->dir_entry);
} }
#endif #endif
@@ -10619,6 +10619,7 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
WOLFSSL_MSG("failed hash operation"); WOLFSSL_MSG("failed hash operation");
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
wolfSSL_OPENSSL_free(pbuf);
} }
/* try to load each hashed name file in path */ /* try to load each hashed name file in path */
@@ -10633,8 +10634,9 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
for (i=0; i<num; i++) { for (i=0; i<num; i++) {
entry = wolfSSL_sk_BY_DIR_entry_value(lookup->dirs->dir_entry, i); entry = wolfSSL_sk_BY_DIR_entry_value(lookup->dirs->dir_entry, i);
/*/<hash value:8>.(r)N\0 */
len = XSTRLEN(entry->dir_name) + 13; /*112345678 1 1 1 1 => 13 */
len = (int)XSTRLEN(entry->dir_name) + 13;
if (filename != NULL) { if (filename != NULL) {
XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL); XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL);
@@ -10678,6 +10680,7 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
WOLFSSL_FILETYPE_PEM); WOLFSSL_FILETYPE_PEM);
if (x509 != NULL) { if (x509 != NULL) {
ret = wolfSSL_X509_STORE_add_cert(store, x509); ret = wolfSSL_X509_STORE_add_cert(store, x509);
wolfSSL_X509_free(x509);
} else { } else {
WOLFSSL_MSG("failed to load certificate\n"); WOLFSSL_MSG("failed to load certificate\n");
ret = WOLFSSL_FAILURE; ret = WOLFSSL_FAILURE;
@@ -10839,45 +10842,6 @@ static int ProcessPeerCertParse(WOLFSSL* ssl, ProcPeerCertArgs* args,
/* Parse Certificate */ /* Parse Certificate */
ret = ParseCertRelative(args->dCert, certType, verify, ssl->ctx->cm); ret = ParseCertRelative(args->dCert, certType, verify, ssl->ctx->cm);
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
if (ret == ASN_NO_SIGNER_E) {
WOLFSSL_MSG("try to load certificate if hash dir is set");
if (ssl->ctx->x509_store_pt != NULL) {
ret = LoadCrlCertByIssuer(ssl->ctx->x509_store_pt,
(WOLFSSL_X509_NAME*)args->dCert->issuerName,
X509_LU_X509);
} else {
ret = LoadCrlCertByIssuer(&ssl->ctx->x509_store,
(WOLFSSL_X509_NAME*)args->dCert->issuerName,
X509_LU_X509);
}
if (ret == WOLFSSL_SUCCESS) {
/* re try Parse Certificate */
InitDecodedCert(args->dCert, cert->buffer, cert->length, ssl->heap);
args->dCertInit = 1;
args->dCert->sigCtx.devId = ssl->devId;
#ifdef WOLFSSL_ASYNC_CRYPT
args->dCert->sigCtx.asyncCtx = ssl;
#endif
#ifdef HAVE_PK_CALLBACKS
/* setup the PK callback context */
ret = InitSigPkCb(ssl, &args->dCert->sigCtx);
if (ret != 0)
return ret;
#endif
ret = ParseCertRelative(args->dCert, certType, verify,
ssl->ctx->cm);
} else {
WOLFSSL_MSG("failed to load certificate from hash folder");
/* restore return code */
ret = ASN_NO_SIGNER_E;
}
}
#endif
/* perform below checks for date failure cases */ /* perform below checks for date failure cases */
if (ret == 0 || ret == ASN_BEFORE_DATE_E || ret == ASN_AFTER_DATE_E) { if (ret == 0 || ret == ASN_BEFORE_DATE_E || ret == ASN_AFTER_DATE_E) {
/* get subject and determine if already loaded */ /* get subject and determine if already loaded */
@@ -11309,6 +11273,31 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
ret = ProcessPeerCertParse(ssl, args, CERT_TYPE, ret = ProcessPeerCertParse(ssl, args, CERT_TYPE,
!ssl->options.verifyNone ? VERIFY : NO_VERIFY, !ssl->options.verifyNone ? VERIFY : NO_VERIFY,
&subjectHash, &alreadySigner); &subjectHash, &alreadySigner);
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
if (ret == ASN_NO_SIGNER_E) {
WOLFSSL_MSG("try to load certificate if hash dir is set");
if (ssl->ctx->x509_store_pt != NULL) {
ret = LoadCrlCertByIssuer(ssl->ctx->x509_store_pt,
(WOLFSSL_X509_NAME*)args->dCert->issuerName,
X509_LU_X509);
} else {
ret = LoadCrlCertByIssuer(&ssl->ctx->x509_store,
(WOLFSSL_X509_NAME*)args->dCert->issuerName,
X509_LU_X509);
}
if (ret == WOLFSSL_SUCCESS) {
FreeDecodedCert(args->dCert);
args->dCertInit = 0;
/* once again */
ret = ProcessPeerCertParse(ssl, args, CERT_TYPE,
!ssl->options.verifyNone ? VERIFY : NO_VERIFY,
&subjectHash, &alreadySigner);
} else
ret = ASN_NO_SIGNER_E;
}
#endif
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
if (ret == WC_PENDING_E) if (ret == WC_PENDING_E)
goto exit_ppc; goto exit_ppc;
@@ -11502,6 +11491,31 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
ret = ProcessPeerCertParse(ssl, args, CERT_TYPE, ret = ProcessPeerCertParse(ssl, args, CERT_TYPE,
!ssl->options.verifyNone ? VERIFY : NO_VERIFY, !ssl->options.verifyNone ? VERIFY : NO_VERIFY,
&subjectHash, &alreadySigner); &subjectHash, &alreadySigner);
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
if (ret == ASN_NO_SIGNER_E) {
WOLFSSL_MSG("try to load certificate if hash dir is set");
if (ssl->ctx->x509_store_pt != NULL) {
ret = LoadCrlCertByIssuer(ssl->ctx->x509_store_pt,
(WOLFSSL_X509_NAME*)args->dCert->issuerName,
X509_LU_X509);
} else {
ret = LoadCrlCertByIssuer(&ssl->ctx->x509_store,
(WOLFSSL_X509_NAME*)args->dCert->issuerName,
X509_LU_X509);
}
if (ret == WOLFSSL_SUCCESS) {
FreeDecodedCert(args->dCert);
args->dCertInit = 0;
/* once again */
ret = ProcessPeerCertParse(ssl, args, CERT_TYPE,
!ssl->options.verifyNone ? VERIFY : NO_VERIFY,
&subjectHash, &alreadySigner);
} else
ret = ASN_NO_SIGNER_E;
}
#endif
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
if (ret == WC_PENDING_E) if (ret == WC_PENDING_E)
goto exit_ppc; goto exit_ppc;

14
src/ssl.c
View File

@@ -24894,7 +24894,7 @@ static int x509AddCertDir(void *p, const char *argc, long argl)
WOLFSSL_MSG("failed to allocate dir entry"); WOLFSSL_MSG("failed to allocate dir entry");
return 0; return 0;
} }
entry->dir_type = argl; entry->dir_type = (int)argl;
entry->dir_name = (char*)XMALLOC(pathLen + 1/* \0 termination*/ entry->dir_name = (char*)XMALLOC(pathLen + 1/* \0 termination*/
, NULL, DYNAMIC_TYPE_OPENSSL); , NULL, DYNAMIC_TYPE_OPENSSL);
entry->hashes = wolfSSL_sk_BY_DIR_HASH_new_null(); entry->hashes = wolfSSL_sk_BY_DIR_HASH_new_null();
@@ -24953,7 +24953,7 @@ int wolfSSL_X509_LOOKUP_ctrl(WOLFSSL_X509_LOOKUP *ctx, int cmd,
switch (cmd) { switch (cmd) {
case WOLFSSL_X509_L_FILE_LOAD: case WOLFSSL_X509_L_FILE_LOAD:
/* expects to return a number of processed cert or crl file */ /* expects to return a number of processed cert or crl file */
lret = wolfSSL_X509_load_cert_crl_file(ctx, argc, argl) > 0 ? lret = wolfSSL_X509_load_cert_crl_file(ctx, argc, (int)argl) > 0 ?
WOLFSSL_SUCCESS : WOLFSSL_FAILURE; WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
break; break;
case WOLFSSL_X509_L_ADD_DIR: case WOLFSSL_X509_L_ADD_DIR:
@@ -25885,7 +25885,7 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
if (store->lookup.dirs != NULL) { if (store->lookup.dirs != NULL) {
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
if (!store->lookup.dirs->dir_entry) { if (store->lookup.dirs->dir_entry) {
wolfSSL_sk_BY_DIR_entry_free(store->lookup.dirs->dir_entry); wolfSSL_sk_BY_DIR_entry_free(store->lookup.dirs->dir_entry);
} }
#endif #endif
@@ -26329,6 +26329,8 @@ WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,
} else { } else {
WOLFSSL_MSG("wolfSSL_X509_STORE_add_cert error"); WOLFSSL_MSG("wolfSSL_X509_STORE_add_cert error");
} }
wolfSSL_X509_free(x509);
x509 = NULL;
} else { } else {
WOLFSSL_MSG("wolfSSL_X509_load_certificate_file error"); WOLFSSL_MSG("wolfSSL_X509_load_certificate_file error");
} }
@@ -41609,7 +41611,7 @@ static int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
} }
} }
/* put actual length */ /* put actual length */
asn_out->length = dst - asn_out->data; asn_out->length = (int)(dst - asn_out->data);
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
/* this is to converts the x509 name structure into canonical DER format /* this is to converts the x509 name structure into canonical DER format
@@ -41680,6 +41682,8 @@ int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, unsigned char** out)
return WOLFSSL_FATAL_ERROR; return WOLFSSL_FATAL_ERROR;
} }
totalBytes += ret; totalBytes += ret;
wolfSSL_OPENSSL_free(cano_data->data);
wolfSSL_ASN1_STRING_free(cano_data);
} }
} }
@@ -42820,6 +42824,8 @@ err:
} }
XFREE(pem, 0, DYNAMIC_TYPE_PEM); XFREE(pem, 0, DYNAMIC_TYPE_PEM);
if (der)
FreeDer(&der);
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
err: err:
if (pem) if (pem)

26
tests/api.c
View File

@@ -25855,6 +25855,7 @@ static void test_wolfSSL_sk_X509_BY_DIR(void)
/* pop */ /* pop */
AssertNotNull(ent = wolfSSL_sk_BY_DIR_entry_pop(entry_stack)); AssertNotNull(ent = wolfSSL_sk_BY_DIR_entry_pop(entry_stack));
AssertIntEQ((len = wolfSSL_sk_BY_DIR_entry_num(entry_stack)), 1); AssertIntEQ((len = wolfSSL_sk_BY_DIR_entry_num(entry_stack)), 1);
wolfSSL_BY_DIR_entry_free(ent);
/* free */ /* free */
wolfSSL_sk_BY_DIR_entry_free(entry_stack); wolfSSL_sk_BY_DIR_entry_free(entry_stack);
@@ -28205,7 +28206,6 @@ static void test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void)
AssertIntEQ((num = wolfSSL_sk_BY_DIR_entry_num(sk)), 1); AssertIntEQ((num = wolfSSL_sk_BY_DIR_entry_num(sk)), 1);
dir = wolfSSL_sk_BY_DIR_entry_value(sk, 0); dir = wolfSSL_sk_BY_DIR_entry_value(sk, 0);
printf("dir->dir_name %s\n", dir->dir_name);
AssertIntEQ(XSTRLEN((const char*)dir->dir_name), XSTRLEN("./")); AssertIntEQ(XSTRLEN((const char*)dir->dir_name), XSTRLEN("./"));
AssertIntEQ(XMEMCMP(dir->dir_name, "./", AssertIntEQ(XMEMCMP(dir->dir_name, "./",
XSTRLEN((const char*)dir->dir_name)), 0); XSTRLEN((const char*)dir->dir_name)), 0);
@@ -28218,7 +28218,7 @@ static void test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void)
total_len = 0; total_len = 0;
for(i = MAX_DIR - 1; i>=0 && total_len < MAX_FILENAME_SZ; i--) { for(i = MAX_DIR - 1; i>=0 && total_len < MAX_FILENAME_SZ; i--) {
len = XSTRLEN((const char*)&paths[i]); len = (int)XSTRLEN((const char*)&paths[i]);
total_len += len; total_len += len;
XSTRNCPY(p, paths[i], MAX_FILENAME_SZ - total_len); XSTRNCPY(p, paths[i], MAX_FILENAME_SZ - total_len);
p += len; p += len;
@@ -28317,8 +28317,11 @@ static void test_wolfSSL_X509_LOOKUP_ctrl_file(void)
AssertIntEQ(cmp, 0); AssertIntEQ(cmp, 0);
/* load der format */ /* load der format */
X509_free(issuer);
X509_STORE_CTX_free(ctx);
X509_STORE_free(str); X509_STORE_free(str);
sk_X509_free(sk); sk_X509_free(sk);
X509_free(x509Svr);
AssertNotNull((str = wolfSSL_X509_STORE_new())); AssertNotNull((str = wolfSSL_X509_STORE_new()));
AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
@@ -28326,18 +28329,17 @@ static void test_wolfSSL_X509_LOOKUP_ctrl_file(void)
SSL_FILETYPE_ASN1,NULL), 1); SSL_FILETYPE_ASN1,NULL), 1);
AssertNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm)); AssertNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm));
AssertIntEQ((cert_count = sk_X509_num(sk)), 1); AssertIntEQ((cert_count = sk_X509_num(sk)), 1);
/* check if CA cert is loaded into the store */ /* check if CA cert is loaded into the store */
for (i = 0; i < cert_count; i++) { for (i = 0; i < cert_count; i++) {
x509Ca = sk_X509_value(sk, i); x509Ca = sk_X509_value(sk, i);
AssertIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1)); AssertIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1));
} }
#ifdef HAVE_CRL X509_STORE_free(str);
/* once feeing store */ sk_X509_free(sk);
wolfSSL_X509_STORE_free(str); X509_free(cert1);
str = NULL;
#ifdef HAVE_CRL
AssertNotNull(str = wolfSSL_X509_STORE_new()); AssertNotNull(str = wolfSSL_X509_STORE_new());
AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile, AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile,
@@ -28366,14 +28368,10 @@ static void test_wolfSSL_X509_LOOKUP_ctrl_file(void)
WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED); WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
} }
#endif
X509_free(issuer);
X509_STORE_CTX_free(ctx);
X509_free(x509Svr);
X509_STORE_free(str); X509_STORE_free(str);
sk_X509_free(sk);
X509_free(x509Ca); #endif
X509_free(cert1);
printf(resultFmt, passed); printf(resultFmt, passed);
#endif #endif

2
wolfcrypt/src/asn.c
View File

@@ -9791,7 +9791,6 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
} }
} }
#endif #endif
if (cert->srcIdx < cert->sigIndex) { if (cert->srcIdx < cert->sigIndex) {
#ifndef ALLOW_V1_EXTENSIONS #ifndef ALLOW_V1_EXTENSIONS
if (cert->version < 2) { if (cert->version < 2) {
@@ -9820,7 +9819,6 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
/* advance past extensions */ /* advance past extensions */
cert->srcIdx = cert->sigIndex; cert->srcIdx = cert->sigIndex;
} }
if ((ret = GetAlgoId(cert->source, &cert->srcIdx, if ((ret = GetAlgoId(cert->source, &cert->srcIdx,
#ifdef WOLFSSL_CERT_REQ #ifdef WOLFSSL_CERT_REQ
!cert->isCSR ? &confirmOID : &cert->signatureOID, !cert->isCSR ? &confirmOID : &cert->signatureOID,