feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #5432 from embhorn/zd14172

Browse Source 
Fix dead code warnings and build error
This commit is contained in:
David Garske
2022-08-03 15:01:20 -07:00
committed by GitHub
parent 791250c6c0 ecdccb6180
commit 3f07900c1b
2 changed files with 202 additions and 265 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
wolfcrypt/src/evp.c
View File

@ -542,17 +542,14 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
break; break;
#endif #endif
default: default:
return WOLFSSL_FAILURE; ret = WOLFSSL_FAILURE;
} }
if (ret != 0)
return WOLFSSL_FAILURE; /* failure */
(void)in; (void)in;
(void)inl; (void)inl;
(void)out; (void)out;
return WOLFSSL_SUCCESS; /* success */ return (ret == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
} }
#if defined(HAVE_AESGCM) #if defined(HAVE_AESGCM)
@ -5689,7 +5686,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || \ #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || \
defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_CFB) || \ defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_CFB) || \
defined(WOLFSSL_AES_OFB) defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_DIRECT)
#define AES_SET_KEY #define AES_SET_KEY
#endif #endif

458
wolfcrypt/src/wc_encrypt.c
View File

@ -395,7 +395,7 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
int derivedLen = 0; int derivedLen = 0;
int ret = 0; int ret = 0;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
byte* key; byte* key = NULL;
#else #else
byte key[PKCS_MAX_KEY_SIZE]; byte key[PKCS_MAX_KEY_SIZE];
#endif #endif
@ -481,284 +481,224 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
default: default:
WOLFSSL_MSG("Unknown/Unsupported encrypt/decrypt id"); WOLFSSL_MSG("Unknown/Unsupported encrypt/decrypt id");
(void)shaOid; (void)shaOid;
return ALGO_ID_E; ret = ALGO_ID_E;
} }
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
key = (byte*)XMALLOC(PKCS_MAX_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (ret == 0) {
if (key == NULL) key = (byte*)XMALLOC(PKCS_MAX_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return MEMORY_E; if (key == NULL)
#endif ret = MEMORY_E;
#ifdef WOLFSSL_CHECK_MEM_ZERO
wc_MemZero_Add("wc_CryptKey key", key, PKCS_MAX_KEY_SIZE);
#endif
switch (version) {
#ifndef NO_HMAC
case PKCS5v2:
ret = wc_PBKDF2(key, (byte*)password, passwordSz,
salt, saltSz, iterations, derivedLen, typeH);
break;
#endif
#ifndef NO_SHA
case PKCS5:
ret = wc_PBKDF1(key, (byte*)password, passwordSz,
salt, saltSz, iterations, derivedLen, typeH);
break;
#endif
#ifdef HAVE_PKCS12
case PKCS12v1:
{
int i, idx = 0;
byte unicodePasswd[MAX_UNICODE_SZ];
if ( (passwordSz * 2 + 2) > (int)sizeof(unicodePasswd)) {
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(key, PKCS_MAX_KEY_SIZE);
#endif
return UNICODE_SIZE_E;
}
for (i = 0; i < passwordSz; i++) {
unicodePasswd[idx++] = 0x00;
unicodePasswd[idx++] = (byte)password[i];
}
/* add trailing NULL */
unicodePasswd[idx++] = 0x00;
unicodePasswd[idx++] = 0x00;
ret = wc_PKCS12_PBKDF(key, unicodePasswd, idx, salt, saltSz,
iterations, derivedLen, typeH, 1);
if (id != PBE_SHA1_RC4_128) {
ret += wc_PKCS12_PBKDF(cbcIv, unicodePasswd, idx, salt, saltSz,
iterations, 8, typeH, 2);
}
break;
} }
#endif /* HAVE_PKCS12 */ #endif
default:
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(key, PKCS_MAX_KEY_SIZE);
#endif
WOLFSSL_MSG("Unknown/Unsupported PKCS version");
return ALGO_ID_E;
} /* switch (version) */
if (ret != 0) { if (ret == 0) {
ForceZero(key, PKCS_MAX_KEY_SIZE); #ifdef WOLFSSL_CHECK_MEM_ZERO
#ifdef WOLFSSL_SMALL_STACK wc_MemZero_Add("wc_CryptKey key", key, PKCS_MAX_KEY_SIZE);
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(key, PKCS_MAX_KEY_SIZE);
#endif
return ret;
}
switch (id) {
#ifndef NO_DES3
#if !defined(NO_SHA) || !defined(NO_MD5)
case PBE_MD5_DES:
case PBE_SHA1_DES:
{
Des des;
byte* desIv = key + 8;
if (version == PKCS5v2 || version == PKCS12v1)
desIv = cbcIv;
if (enc) {
ret = wc_Des_SetKey(&des, key, desIv, DES_ENCRYPTION);
}
else {
ret = wc_Des_SetKey(&des, key, desIv, DES_DECRYPTION);
}
if (ret != 0) {
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(key, PKCS_MAX_KEY_SIZE);
#endif
return ret;
}
if (enc) {
wc_Des_CbcEncrypt(&des, input, input, length);
}
else {
wc_Des_CbcDecrypt(&des, input, input, length);
}
break;
}
#endif /* !NO_SHA || !NO_MD5 */
switch (version) {
#ifndef NO_HMAC
case PKCS5v2:
ret = wc_PBKDF2(key, (byte*)password, passwordSz,
salt, saltSz, iterations, derivedLen, typeH);
break;
#endif
#ifndef NO_SHA #ifndef NO_SHA
case PBE_SHA1_DES3: case PKCS5:
{ ret = wc_PBKDF1(key, (byte*)password, passwordSz,
Des3 des; salt, saltSz, iterations, derivedLen, typeH);
byte* desIv = key + 24; break;
#endif
#ifdef HAVE_PKCS12
case PKCS12v1:
{
int i, idx = 0;
byte unicodePasswd[MAX_UNICODE_SZ];
if (version == PKCS5v2 || version == PKCS12v1) if ( (passwordSz * 2 + 2) > (int)sizeof(unicodePasswd)) {
desIv = cbcIv; ret = UNICODE_SIZE_E;
break;
}
ret = wc_Des3Init(&des, NULL, INVALID_DEVID); for (i = 0; i < passwordSz; i++) {
if (ret != 0) { unicodePasswd[idx++] = 0x00;
ForceZero(key, PKCS_MAX_KEY_SIZE); unicodePasswd[idx++] = (byte)password[i];
#ifdef WOLFSSL_SMALL_STACK }
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); /* add trailing NULL */
#elif defined(WOLFSSL_CHECK_MEM_ZERO) unicodePasswd[idx++] = 0x00;
wc_MemZero_Check(key, PKCS_MAX_KEY_SIZE); unicodePasswd[idx++] = 0x00;
#endif
return ret;
}
if (enc) {
ret = wc_Des3_SetKey(&des, key, desIv, DES_ENCRYPTION);
}
else {
ret = wc_Des3_SetKey(&des, key, desIv, DES_DECRYPTION);
}
if (ret != 0) {
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(key, PKCS_MAX_KEY_SIZE);
#endif
wc_Des3Free(&des);
return ret;
}
if (enc) {
ret = wc_Des3_CbcEncrypt(&des, input, input, length);
}
else {
ret = wc_Des3_CbcDecrypt(&des, input, input, length);
}
wc_Des3Free(&des);
if (ret != 0) {
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(key, PKCS_MAX_KEY_SIZE);
#endif
return ret;
}
break;
}
#endif /* !NO_SHA */
#endif
#if !defined(NO_RC4) && !defined(NO_SHA)
case PBE_SHA1_RC4_128:
{
Arc4 dec;
wc_Arc4SetKey(&dec, key, derivedLen); ret = wc_PKCS12_PBKDF(key, unicodePasswd, idx, salt, saltSz,
wc_Arc4Process(&dec, input, input, length); iterations, derivedLen, typeH, 1);
break; if (id != PBE_SHA1_RC4_128) {
} ret += wc_PKCS12_PBKDF(cbcIv, unicodePasswd, idx, salt,
#endif saltSz, iterations, 8, typeH, 2);
#if !defined(NO_AES) && defined(HAVE_AES_CBC) }
#ifdef WOLFSSL_AES_256 break;
case PBE_AES256_CBC: }
case PBE_AES128_CBC: #endif /* HAVE_PKCS12 */
{ default:
int free_aes; WOLFSSL_MSG("Unknown/Unsupported PKCS version");
ret = ALGO_ID_E;
} /* switch (version) */
}
if (ret == 0) {
switch (id) {
#ifndef NO_DES3
#if !defined(NO_SHA) || !defined(NO_MD5)
case PBE_MD5_DES:
case PBE_SHA1_DES:
{
Des des;
byte* desIv = key + 8;
if (version == PKCS5v2 || version == PKCS12v1)
desIv = cbcIv;
#ifdef WOLFSSL_SMALL_STACK
Aes *aes;
aes = (Aes *)XMALLOC(sizeof *aes, NULL, DYNAMIC_TYPE_AES);
if (aes == NULL)
return MEMORY_E;
#else
Aes aes[1];
#endif
free_aes = 0;
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret == 0) {
free_aes = 1;
if (enc) { if (enc) {
ret = wc_AesSetKey(aes, key, derivedLen, cbcIv, ret = wc_Des_SetKey(&des, key, desIv, DES_ENCRYPTION);
AES_ENCRYPTION);
} }
else { else {
ret = wc_AesSetKey(aes, key, derivedLen, cbcIv, ret = wc_Des_SetKey(&des, key, desIv, DES_DECRYPTION);
AES_DECRYPTION);
} }
if (ret == 0) {
if (enc) {
wc_Des_CbcEncrypt(&des, input, input, length);
}
else {
wc_Des_CbcDecrypt(&des, input, input, length);
}
}
break;
} }
if (ret == 0) { #endif /* !NO_SHA || !NO_MD5 */
if (enc)
ret = wc_AesCbcEncrypt(aes, input, input, length);
else
ret = wc_AesCbcDecrypt(aes, input, input, length);
}
if (free_aes)
wc_AesFree(aes);
ForceZero(aes, sizeof(Aes));
#ifdef WOLFSSL_SMALL_STACK
XFREE(aes, NULL, DYNAMIC_TYPE_AES);
#endif
if (ret != 0) {
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(key, PKCS_MAX_KEY_SIZE);
#endif
return ret;
}
break;
}
#endif /* WOLFSSL_AES_256 */
#endif /* !NO_AES && HAVE_AES_CBC */
#ifdef WC_RC2
case PBE_SHA1_40RC2_CBC:
{
Rc2 rc2;
/* effective key size for RC2-40-CBC is 40 bits */
ret = wc_Rc2SetKey(&rc2, key, derivedLen, cbcIv, 40);
if (ret == 0) {
if (enc)
ret = wc_Rc2CbcEncrypt(&rc2, input, input, length);
else
ret = wc_Rc2CbcDecrypt(&rc2, input, input, length);
}
if (ret != 0) {
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(key, PKCS_MAX_KEY_SIZE);
#endif
return ret;
}
ForceZero(&rc2, sizeof(Rc2));
break;
}
#endif
default: #ifndef NO_SHA
ForceZero(key, PKCS_MAX_KEY_SIZE); case PBE_SHA1_DES3:
#ifdef WOLFSSL_SMALL_STACK {
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); Des3 des;
#elif defined(WOLFSSL_CHECK_MEM_ZERO) byte* desIv = key + 24;
wc_MemZero_Check(key, PKCS_MAX_KEY_SIZE);
#endif if (version == PKCS5v2 || version == PKCS12v1)
WOLFSSL_MSG("Unknown/Unsupported encrypt/decryption algorithm"); desIv = cbcIv;
return ALGO_ID_E;
ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
if (ret != 0) {
break;
}
if (enc) {
ret = wc_Des3_SetKey(&des, key, desIv, DES_ENCRYPTION);
}
else {
ret = wc_Des3_SetKey(&des, key, desIv, DES_DECRYPTION);
}
if (ret == 0) {
if (enc) {
ret = wc_Des3_CbcEncrypt(&des, input, input, length);
}
else {
ret = wc_Des3_CbcDecrypt(&des, input, input, length);
}
}
wc_Des3Free(&des);
break;
}
#endif /* !NO_SHA */
#endif
#if !defined(NO_RC4) && !defined(NO_SHA)
case PBE_SHA1_RC4_128:
{
Arc4 dec;
wc_Arc4SetKey(&dec, key, derivedLen);
wc_Arc4Process(&dec, input, input, length);
break;
}
#endif
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifdef WOLFSSL_AES_256
case PBE_AES256_CBC:
case PBE_AES128_CBC:
{
int free_aes;
#ifdef WOLFSSL_SMALL_STACK
Aes *aes;
aes = (Aes *)XMALLOC(sizeof *aes, NULL, DYNAMIC_TYPE_AES);
if (aes == NULL) {
ret = MEMORY_E;
break;
}
#else
Aes aes[1];
#endif
free_aes = 0;
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret == 0) {
free_aes = 1;
if (enc) {
ret = wc_AesSetKey(aes, key, derivedLen, cbcIv,
AES_ENCRYPTION);
}
else {
ret = wc_AesSetKey(aes, key, derivedLen, cbcIv,
AES_DECRYPTION);
}
}
if (ret == 0) {
if (enc)
ret = wc_AesCbcEncrypt(aes, input, input, length);
else
ret = wc_AesCbcDecrypt(aes, input, input, length);
}
if (free_aes)
wc_AesFree(aes);
ForceZero(aes, sizeof(Aes));
#ifdef WOLFSSL_SMALL_STACK
XFREE(aes, NULL, DYNAMIC_TYPE_AES);
#endif
break;
}
#endif /* WOLFSSL_AES_256 */
#endif /* !NO_AES && HAVE_AES_CBC */
#ifdef WC_RC2
case PBE_SHA1_40RC2_CBC:
{
Rc2 rc2;
/* effective key size for RC2-40-CBC is 40 bits */
ret = wc_Rc2SetKey(&rc2, key, derivedLen, cbcIv, 40);
if (ret == 0) {
if (enc)
ret = wc_Rc2CbcEncrypt(&rc2, input, input, length);
else
ret = wc_Rc2CbcDecrypt(&rc2, input, input, length);
}
if (ret == 0) {
ForceZero(&rc2, sizeof(Rc2));
}
break;
}
#endif
default:
WOLFSSL_MSG("Unknown/Unsupported encrypt/decryption algorithm");
ret = ALGO_ID_E;
}
} }
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (key != NULL)
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(key, PKCS_MAX_KEY_SIZE);
#endif #endif
{
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(key, PKCS_MAX_KEY_SIZE);
#endif
}
return ret; return ret;
} }