feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #4944 from douzzer/20220310-asn-template-EncodeExtensions-overrun

Browse Source 
wolfcrypt/src/asn.c: fix buffer underrun in EncodeExtensions() and leak in ParseCRL_Extensions()
This commit is contained in:
Daniel Pouzzner
2022-03-13 21:21:07 -05:00
committed by GitHub
parent cdb45b12c5 20562b3f78
commit 4966eb7897
8 changed files with 191 additions and 146 deletions
Download Patch File Download Diff File Expand all files Collapse all files

134
scripts/tls13.test
View File

@@ -13,6 +13,9 @@ if [ "${AM_BWRAPPED-}" != "yes" ]; then
unset AM_BWRAPPED unset AM_BWRAPPED
fi fi
# retries to mitigate race on early data:
early_data_try_max=10
# getting unique port is modeled after resume.test script # getting unique port is modeled after resume.test script
# need a unique port since may run the same time as testsuite # need a unique port since may run the same time as testsuite
# use server port zero hack to get one # use server port zero hack to get one
@@ -244,65 +247,98 @@ if [ $? -eq 0 ]; then
fi fi
if [ "$early_data" = "yes" ]; then if [ "$early_data" = "yes" ]; then
echo -e "\n\nTLS v1.3 Early Data - session ticket"
port=0
(./examples/server/server -v 4 -r -0 -R "$ready_file" -p $port 2>&1 | \
tee "$server_out_file") &
server_pid=$!
create_port
./examples/client/client -v 4 -r -0 -p $port 2>&1 >"$client_out_file"
RESULT=$?
cat "$client_out_file"
remove_ready_file
grep -F -e 'Session Ticket' "$client_out_file"
session_ticket=$?
ed_srv_msg_cnt="$(grep -c -F -e 'Early Data Client message' "$server_out_file")" early_data_try_num=1
ed_srv_status_cnt="$(grep -c -F -e 'Early Data was' "$server_out_file")" while :; do
if [ $session_ticket -eq 0 -a $ed_srv_msg_cnt -ne 2 \
-a $ed_srv_status_cnt -ne 2 ]; then echo -e "\n\nTLS v1.3 Early Data - session ticket"
RESULT=1 port=0
fi (./examples/server/server -v 4 -r -0 -R "$ready_file" -p $port 2>&1 | \
if [ $RESULT -ne 0 ]; then tee "$server_out_file") &
echo -e "\n\nIssue with TLS v1.3 Early Data - session ticket" server_pid=$!
create_port
./examples/client/client -v 4 -r -0 -p $port 2>&1 >"$client_out_file"
RESULT=$?
cat "$client_out_file"
remove_ready_file
grep -F -e 'Session Ticket' "$client_out_file"
session_ticket=$?
ed_srv_msg_cnt="$(grep -c -F -e 'Early Data Client message' "$server_out_file")"
ed_srv_status_cnt="$(grep -c -F -e 'Early Data was' "$server_out_file")"
echo "earlydata: session_ticket=${session_ticket} ed_srv_msg_cnt=${ed_srv_msg_cnt} ed_srv_status_cnt=${ed_srv_status_cnt}"
if [ $session_ticket -eq 0 -a $ed_srv_msg_cnt -ne 2 \
-a $ed_srv_status_cnt -ne 2 ]; then
RESULT=1
fi
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 Early Data - session ticket"
if [ $early_data_try_num -lt $early_data_try_max ]; then
echo -e "retry #${early_data_try_num}...\n"
: $((++early_data_try_num))
continue
fi
do_cleanup
exit 1
fi
do_cleanup do_cleanup
exit 1 break
fi
do_cleanup done
echo "" echo ""
fi fi
if [ "$early_data" = "yes" -a "$psk" = "yes" ]; then if [ "$early_data" = "yes" -a "$psk" = "yes" ]; then
echo -e "\n\nTLS v1.3 Early Data - PSK" echo -e "\n\nTLS v1.3 Early Data - PSK"
port=0 port=0
(./examples/server/server -v 4 -s -0 -R "$ready_file" -p $port 2>&1 | \
tee "$server_out_file") &
server_pid=$!
create_port
./examples/client/client -v 4 -s -0 -p $port
RESULT=$?
remove_ready_file
# wait for the server to quit and write output early_data_try_num=1
wait $server_pid while :; do
(./examples/server/server -v 4 -s -0 -R "$ready_file" -p $port 2>&1 | \
tee "$server_out_file") &
server_pid=$!
create_port
./examples/client/client -v 4 -s -0 -p $port
RESULT=$?
remove_ready_file
# wait for the server to quit and write output
wait $server_pid
ed_srv_msg_cnt="$(grep -c -F -e 'Early Data Client message' "$server_out_file")"
ed_srv_status_cnt="$(grep -c -F -e 'Early Data was' "$server_out_file")"
echo "PSK earlydata: ed_srv_msg_cnt=${ed_srv_msg_cnt} ed_srv_status_cnt=${ed_srv_status_cnt}"
if [ $ed_srv_msg_cnt -ne 2 -a $ed_srv_status_cnt -ne 1 ]; then
echo
echo "Server out file"
cat "$server_out_file"
echo
echo "Found lines"
grep -F -e 'Early Data' "$server_out_file"
echo -e "\n\nUnexpected 'Early Data' lines."
RESULT=1
fi
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 Early Data - PSK"
if [ $early_data_try_num -lt $early_data_try_max ]; then
echo -e "retry #${early_data_try_num}...\n"
: $((++early_data_try_num))
continue
fi
do_cleanup
exit 1
fi
break
done
ed_srv_msgcnt="$(grep -c -F -e 'Early Data Client message' "$server_out_file")"
ed_srv_status_cnt="$(grep -c -F -e 'Early Data was' "$server_out_file")"
if [ $ed_srv_msgcnt -ne 2 -a $ed_srv_status_cnt -ne 1 ]; then
echo
echo "Server out file"
cat "$server_out_file"
echo
echo "Found lines"
grep -F -e 'Early Data' "$server_out_file"
echo -e "\n\nUnexpected 'Early Data' lines - $early_data_cnt"
RESULT=1
fi
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 Early Data - PSK"
do_cleanup
exit 1
fi
else else
echo "Early Data not available" echo "Early Data not available"
fi fi

60
src/ssl.c
View File

@@ -20576,55 +20576,9 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
ssl->keys.encryptionOn = 0; ssl->keys.encryptionOn = 0;
XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived)); XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived));
if (ssl->hsHashes != NULL) { if (ssl->hsHashes)
#ifndef NO_OLD_TLS (void)InitHandshakeHashes(ssl);
#ifndef NO_MD5
if (wc_InitMd5_ex(&ssl->hsHashes->hashMd5, ssl->heap,
ssl->devId) != 0) {
return WOLFSSL_FAILURE;
}
#ifdef WOLFSSL_HASH_FLAGS
wc_Md5SetFlags(&ssl->hsHashes->hashMd5, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
#ifndef NO_SHA
if (wc_InitSha_ex(&ssl->hsHashes->hashSha, ssl->heap,
ssl->devId) != 0) {
return WOLFSSL_FAILURE;
}
#ifdef WOLFSSL_HASH_FLAGS
wc_ShaSetFlags(&ssl->hsHashes->hashSha, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
#endif
#ifndef NO_SHA256
if (wc_InitSha256_ex(&ssl->hsHashes->hashSha256, ssl->heap,
ssl->devId) != 0) {
return WOLFSSL_FAILURE;
}
#ifdef WOLFSSL_HASH_FLAGS
wc_Sha256SetFlags(&ssl->hsHashes->hashSha256, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
#ifdef WOLFSSL_SHA384
if (wc_InitSha384_ex(&ssl->hsHashes->hashSha384, ssl->heap,
ssl->devId) != 0) {
return WOLFSSL_FAILURE;
}
#ifdef WOLFSSL_HASH_FLAGS
wc_Sha384SetFlags(&ssl->hsHashes->hashSha384, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
#ifdef WOLFSSL_SHA512
if (wc_InitSha512_ex(&ssl->hsHashes->hashSha512, ssl->heap,
ssl->devId) != 0) {
return WOLFSSL_FAILURE;
}
#ifdef WOLFSSL_HASH_FLAGS
wc_Sha512SetFlags(&ssl->hsHashes->hashSha512, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
}
#ifdef SESSION_CERTS #ifdef SESSION_CERTS
ssl->session->chain.count = 0; ssl->session->chain.count = 0;
#endif #endif
@@ -28418,7 +28372,7 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(WOLFSSL_X509_VERIFY_PARAM *param,
param->ipasc[0] = '\0'; param->ipasc[0] = '\0';
} }
else { else {
XSTRNCPY(param->ipasc, ipasc, WOLFSSL_MAX_IPSTR - 1); XSTRLCPY(param->ipasc, ipasc, WOLFSSL_MAX_IPSTR);
param->ipasc[WOLFSSL_MAX_IPSTR-1] = '\0'; param->ipasc[WOLFSSL_MAX_IPSTR-1] = '\0';
} }
ret = WOLFSSL_SUCCESS; ret = WOLFSSL_SUCCESS;
@@ -51806,7 +51760,8 @@ static int wolfSSL_TicketKeyCb(WOLFSSL* ssl,
iv, &evpCtx, &hmacCtx, enc); iv, &evpCtx, &hmacCtx, enc);
if (res != TICKET_KEY_CB_RET_OK && res != TICKET_KEY_CB_RET_RENEW) { if (res != TICKET_KEY_CB_RET_OK && res != TICKET_KEY_CB_RET_RENEW) {
WOLFSSL_MSG("Ticket callback error"); WOLFSSL_MSG("Ticket callback error");
return WOLFSSL_TICKET_RET_FATAL; ret = WOLFSSL_TICKET_RET_FATAL;
goto end;
} }
if (enc) if (enc)
@@ -51860,6 +51815,9 @@ static int wolfSSL_TicketKeyCb(WOLFSSL* ssl,
else else
ret = WOLFSSL_TICKET_RET_OK; ret = WOLFSSL_TICKET_RET_OK;
end: end:
(void)wc_HmacFree(&hmacCtx.hmac);
return ret; return ret;
} }

15
tests/api.c
View File

@@ -38695,6 +38695,14 @@ static void test_wolfSSL_BIO_connect(void)
printf(testingFmt, "wolfSSL_BIO_new_connect()"); printf(testingFmt, "wolfSSL_BIO_new_connect()");
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
/* Setup server */ /* Setup server */
XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args));
StartTCP(); StartTCP();
@@ -38713,13 +38721,6 @@ static void test_wolfSSL_BIO_connect(void)
AssertNotNull(tcpBio = BIO_new_connect(wolfSSLIP)); AssertNotNull(tcpBio = BIO_new_connect(wolfSSLIP));
AssertIntEQ(BIO_set_conn_port(tcpBio, buff), 1); AssertIntEQ(BIO_set_conn_port(tcpBio, buff), 1);
/* Setup the SSL object */ /* Setup the SSL object */
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx)); AssertNotNull(ssl = SSL_new(ctx));
SSL_set_connect_state(ssl); SSL_set_connect_state(ssl);
/* Setup the SSL BIO */ /* Setup the SSL BIO */

13
wolfcrypt/src/asn.c
View File

@@ -16198,8 +16198,8 @@ static int DecodeNameConstraints(const byte* input, int sz, DecodedCert* cert)
if (ret == 0) { if (ret == 0) {
/* Parse NameConstraints. */ /* Parse NameConstraints. */
ret = GetASN_Items(nameConstraintsASN, dataASN, nameConstraintsASN_Length, ret = GetASN_Items(nameConstraintsASN, dataASN,
1, input, &idx, sz); nameConstraintsASN_Length, 1, input, &idx, sz);
} }
if (ret == 0) { if (ret == 0) {
/* If there was a permittedSubtrees then parse it. */ /* If there was a permittedSubtrees then parse it. */
@@ -16220,6 +16220,8 @@ static int DecodeNameConstraints(const byte* input, int sz, DecodedCert* cert)
} }
} }
FREE_ASNGETDATA(dataASN, cert->heap);
return ret; return ret;
#endif /* WOLFSSL_ASN_TEMPLATE */ #endif /* WOLFSSL_ASN_TEMPLATE */
} }
@@ -22994,7 +22996,7 @@ static int SetNameRdnItems(ASNSetData* dataASN, ASNItem* namesASN,
break; break;
} }
/* Copy data into dynamic vars. */ /* Copy data into dynamic vars. */
SetRdnItems(namesASN + idx, dataASN + idx, nameOid[type], SetRdnItems(namesASN + idx, dataASN + idx, nameOid[i],
NAME_OID_SZ, name->name[j].type, NAME_OID_SZ, name->name[j].type,
(byte*)name->name[j].value, name->name[j].sz); (byte*)name->name[j].value, name->name[j].sz);
} }
@@ -23423,7 +23425,7 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
* above definition of certExtsASN_Length. */ * above definition of certExtsASN_Length. */
XMEMCPY(certExtsASN, static_certExtsASN, sizeof(static_certExtsASN)); XMEMCPY(certExtsASN, static_certExtsASN, sizeof(static_certExtsASN));
for (i = sizeof(static_certExtsASN) / sizeof(ASNItem); for (i = sizeof(static_certExtsASN) / sizeof(ASNItem);
i < (int)(sizeof(certExtsASN) / sizeof(ASNItem)); i += 4) { i < (int)certExtsASN_Length; i += 4) {
XMEMCPY(&certExtsASN[i], customExtASN, sizeof(customExtASN)); XMEMCPY(&certExtsASN[i], customExtASN, sizeof(customExtASN));
} }
@@ -31838,6 +31840,9 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, word32 idx,
if (ret < 0) { if (ret < 0) {
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
} }
FREE_ASNGETDATA(dataASN, dcrl->heap);
return ret; return ret;
} }
#endif /* !WOLFSSL_ASN_TEMPLATE */ #endif /* !WOLFSSL_ASN_TEMPLATE */

13
wolfcrypt/src/eccsi.c
View File

@@ -155,6 +155,7 @@ void wc_FreeEccsiKey(EccsiKey* key)
wc_ecc_del_point_h(key->pvt, key->heap); wc_ecc_del_point_h(key->pvt, key->heap);
wc_ecc_free(&key->pubkey); wc_ecc_free(&key->pubkey);
wc_ecc_free(&key->ecc); wc_ecc_free(&key->ecc);
XMEMSET(key, 0, sizeof(*key));
} }
} }
@@ -383,10 +384,12 @@ static int eccsi_compute_hs(EccsiKey* key, enum wc_HashType hashType,
word32 dataSz = 0; word32 dataSz = 0;
int idx = wc_ecc_get_curve_idx(key->ecc.dp->id); int idx = wc_ecc_get_curve_idx(key->ecc.dp->id);
ecc_point* kpak = &key->ecc.pubkey; ecc_point* kpak = &key->ecc.pubkey;
int hash_inited = 0;
/* HS = hash( G | KPAK | ID | PVT ) */ /* HS = hash( G | KPAK | ID | PVT ) */
err = wc_HashInit_ex(&key->hash, hashType, key->heap, INVALID_DEVID); err = wc_HashInit_ex(&key->hash, hashType, key->heap, INVALID_DEVID);
if (err == 0) { if (err == 0) {
hash_inited = 1;
/* Base Point - G */ /* Base Point - G */
dataSz = sizeof(key->data); dataSz = sizeof(key->data);
err = eccsi_encode_base(key, key->data, &dataSz); err = eccsi_encode_base(key, key->data, &dataSz);
@@ -426,6 +429,10 @@ static int eccsi_compute_hs(EccsiKey* key, enum wc_HashType hashType,
*hashSz = (byte)wc_HashGetDigestSize(hashType); *hashSz = (byte)wc_HashGetDigestSize(hashType);
} }
if (hash_inited) {
(void)wc_HashFree(&key->hash, hashType);
}
return err; return err;
} }
@@ -1774,10 +1781,12 @@ static int eccsi_compute_he(EccsiKey* key, enum wc_HashType hashType,
{ {
int err = 0; int err = 0;
word32 dataSz = key->ecc.dp->size; word32 dataSz = key->ecc.dp->size;
int hash_inited = 0;
/* HE = hash( HS | r | M ) */ /* HE = hash( HS | r | M ) */
err = wc_HashInit_ex(&key->hash, hashType, key->heap, INVALID_DEVID); err = wc_HashInit_ex(&key->hash, hashType, key->heap, INVALID_DEVID);
if (err == 0) { if (err == 0) {
hash_inited = 1;
/* HS */ /* HS */
err = wc_HashUpdate(&key->hash, hashType, key->idHash, key->idHashSz); err = wc_HashUpdate(&key->hash, hashType, key->idHash, key->idHashSz);
} }
@@ -1799,6 +1808,10 @@ static int eccsi_compute_he(EccsiKey* key, enum wc_HashType hashType,
*heSz = wc_HashGetDigestSize(hashType); *heSz = wc_HashGetDigestSize(hashType);
} }
if (hash_inited) {
(void)wc_HashFree(&key->hash, hashType);
}
return err; return err;
} }

18
wolfcrypt/src/sakke.c
View File

@@ -6088,10 +6088,12 @@ static int sakke_calc_a(SakkeKey* key, enum wc_HashType hashType,
const byte* data, word32 sz, const byte* extra, word32 extraSz, byte* a) const byte* data, word32 sz, const byte* extra, word32 extraSz, byte* a)
{ {
int err; int err;
int hash_inited = 0;
/* Step 1: A = hashfn( s ), where s = data | extra */ /* Step 1: A = hashfn( s ), where s = data | extra */
err = wc_HashInit_ex(&key->hash, hashType, key->heap, INVALID_DEVID); err = wc_HashInit_ex(&key->hash, hashType, key->heap, INVALID_DEVID);
if (err == 0) { if (err == 0) {
hash_inited = 1;
err = wc_HashUpdate(&key->hash, hashType, data, sz); err = wc_HashUpdate(&key->hash, hashType, data, sz);
} }
if ((err == 0) && (extra != NULL)) { if ((err == 0) && (extra != NULL)) {
@@ -6101,6 +6103,10 @@ static int sakke_calc_a(SakkeKey* key, enum wc_HashType hashType,
err = wc_HashFinal(&key->hash, hashType, a); err = wc_HashFinal(&key->hash, hashType, a);
} }
if (hash_inited) {
(void)wc_HashFree(&key->hash, hashType);
}
return err; return err;
} }
@@ -6127,13 +6133,19 @@ static int sakke_hash_to_range(SakkeKey* key, enum wc_HashType hashType,
byte v[WC_MAX_DIGEST_SIZE]; byte v[WC_MAX_DIGEST_SIZE];
word32 hashSz = 1; word32 hashSz = 1;
word32 i; word32 i;
int hash_inited = 0;
err = wc_HashInit_ex(&key->hash, hashType, key->heap, INVALID_DEVID);
if (err == 0)
hash_inited = 1;
/* Step 1: A = hashfn( s ), where s = data | extra /* Step 1: A = hashfn( s ), where s = data | extra
* See sakke_calc_a (need function parameters to be 7 or less) * See sakke_calc_a (need function parameters to be 7 or less)
*/ */
/* Step 2: h_0 = 00...00, a string of null bits of length hashlen bits */ /* Step 2: h_0 = 00...00, a string of null bits of length hashlen bits */
err = wc_HashGetDigestSize(hashType); if (err == 0)
err = wc_HashGetDigestSize(hashType);
if (err > 0) { if (err > 0) {
hashSz = (word32)err; hashSz = (word32)err;
XMEMSET(h, 0, hashSz); XMEMSET(h, 0, hashSz);
@@ -6156,6 +6168,10 @@ static int sakke_hash_to_range(SakkeKey* key, enum wc_HashType hashType,
} }
} }
if (hash_inited) {
(void)wc_HashFree(&key->hash, hashType);
}
return err; return err;
} }

81
wolfcrypt/test/test.c
View File

@@ -28910,6 +28910,7 @@ int eccsi_test(void)
{ {
int ret = 0; int ret = 0;
WC_RNG rng; WC_RNG rng;
int rng_inited = 0;
EccsiKey* priv = NULL; EccsiKey* priv = NULL;
EccsiKey* pub = NULL; EccsiKey* pub = NULL;
mp_int* ssk = NULL; mp_int* ssk = NULL;
@@ -28917,24 +28918,27 @@ int eccsi_test(void)
priv = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT, priv = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
if (priv == NULL) { if (priv == NULL)
ret = -10205; ret = -10205;
} else
XMEMSET(priv, 0, sizeof(*priv));
if (ret == 0) { if (ret == 0) {
pub = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT, pub = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
if (pub == NULL) { if (pub == NULL)
ret = -10206; ret = -10206;
} else
XMEMSET(pub, 0, sizeof(*pub));
} }
if (ret == 0) { if (ret == 0) {
ssk = (mp_int*)XMALLOC(sizeof(mp_int), HEAP_HINT, ssk = (mp_int*)XMALLOC(sizeof(mp_int), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
if (ssk == NULL) { if (ssk == NULL)
ret = -10207; ret = -10207;
} else
XMEMSET(ssk, 0, sizeof(*ssk));
} }
if (ret == 0) { if (ret == 0) {
@@ -28945,6 +28949,8 @@ int eccsi_test(void)
#endif #endif
if (ret != 0) if (ret != 0)
ret = -10200; ret = -10200;
else
rng_inited = 1;
} }
if (ret == 0) { if (ret == 0) {
@@ -28987,19 +28993,22 @@ int eccsi_test(void)
ret = eccsi_sign_verify_test(priv, pub, &rng, ssk, pvt); ret = eccsi_sign_verify_test(priv, pub, &rng, ssk, pvt);
} }
wc_FreeEccsiKey(priv); if (pvt != NULL)
wc_FreeEccsiKey(pub); wc_ecc_del_point(pvt);
mp_free(ssk); if (rng_inited)
wc_ecc_del_point(pvt);
if (ret != -10200)
wc_FreeRng(&rng); wc_FreeRng(&rng);
if (ssk != NULL) if (ssk != NULL) {
mp_free(ssk);
XFREE(ssk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(ssk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (pub != NULL) }
if (pub != NULL) {
wc_FreeEccsiKey(pub);
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (priv != NULL) }
if (priv != NULL) {
wc_FreeEccsiKey(priv);
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
return ret; return ret;
} }
@@ -30056,6 +30065,7 @@ int sakke_test(void)
{ {
int ret = 0; int ret = 0;
WC_RNG rng; WC_RNG rng;
int rng_inited = 0;
SakkeKey* priv = NULL; SakkeKey* priv = NULL;
SakkeKey* pub = NULL; SakkeKey* pub = NULL;
SakkeKey* key = NULL; SakkeKey* key = NULL;
@@ -30063,24 +30073,27 @@ int sakke_test(void)
priv = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT, priv = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
if (priv == NULL) { if (priv == NULL)
ret = -10404; ret = -10404;
} else
XMEMSET(priv, 0, sizeof(*priv));
if (ret == 0) { if (ret == 0) {
pub = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT, pub = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
if (pub == NULL) { if (pub == NULL)
ret = -10405; ret = -10405;
} else
XMEMSET(pub, 0, sizeof(*pub));
} }
if (ret == 0) { if (ret == 0) {
key = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT, key = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL) { if (key == NULL)
ret = -10406; ret = -10406;
} else
XMEMSET(key, 0, sizeof(*key));
} }
if (ret == 0) { if (ret == 0) {
@@ -30089,7 +30102,9 @@ int sakke_test(void)
#else #else
ret = wc_InitRng(&rng); ret = wc_InitRng(&rng);
#endif #endif
if (ret != 0) if (ret == 0)
rng_inited = 1;
else
ret = -10400; ret = -10400;
} }
@@ -30131,20 +30146,22 @@ int sakke_test(void)
ret = sakke_op_test(priv, pub, &rng, rsk); ret = sakke_op_test(priv, pub, &rng, rsk);
} }
wc_FreeSakkeKey(priv); if (rsk != NULL) {
wc_FreeSakkeKey(pub); wc_ecc_forcezero_point(rsk);
wc_ecc_forcezero_point(rsk); wc_ecc_del_point(rsk);
wc_ecc_del_point(rsk); }
if (rng_inited)
if (ret != -10400)
wc_FreeRng(&rng); wc_FreeRng(&rng);
if (key != NULL) if (key != NULL)
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (pub != NULL) if (pub != NULL) {
wc_FreeSakkeKey(pub);
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (priv != NULL) }
if (priv != NULL) {
wc_FreeSakkeKey(priv);
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
return ret; return ret;
} }

3
wolfssl/openssl/asn1.h
View File

@@ -142,11 +142,10 @@ typedef enum {
} WOLFSSL_ASN1_TYPES; } WOLFSSL_ASN1_TYPES;
#define ASN1_SEQUENCE(type) \ #define ASN1_SEQUENCE(type) \
static type __##type##_dummy_struct;\
static const WOLFSSL_ASN1_TEMPLATE type##_member_data[] static const WOLFSSL_ASN1_TEMPLATE type##_member_data[]
#define ASN1_SIMPLE(type, member, member_type) \ #define ASN1_SIMPLE(type, member, member_type) \
{ (char*)&__##type##_dummy_struct.member - (char*)&__##type##_dummy_struct, \ { OFFSETOF(type, member), \
WOLFSSL_##member_type##_ASN1 } WOLFSSL_##member_type##_ASN1 }
#define ASN1_SEQUENCE_END(type) \ #define ASN1_SEQUENCE_END(type) \