diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index 6629f8e66..96cba9cd4 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -1815,7 +1815,7 @@ static word32 BytePrecision(word32 value) { word32 i; for (i = sizeof(value); i; --i) - if (value >> (i - 1) * 8) + if (value >> ((i - 1) * BIT_SIZE)) break; return i; @@ -1832,7 +1832,7 @@ static word32 SetLength(word32 length, byte* output) output[i++] = (byte)(BytePrecision(length) | ASN_LONG_LENGTH); for (j = BytePrecision(length); j; --j) { - output[i] = (byte)(length >> (j - 1) * 8); + output[i] = (byte)(length >> ((j - 1) * BIT_SIZE)); i++; } } diff --git a/ctaocrypt/src/des3.c b/ctaocrypt/src/des3.c index 06353ffd2..25a5a690f 100644 --- a/ctaocrypt/src/des3.c +++ b/ctaocrypt/src/des3.c @@ -663,7 +663,7 @@ void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) { word32 blocks = sz / DES_BLOCK_SIZE; - byte hold[16]; + byte hold[DES_BLOCK_SIZE]; while (blocks--) { XMEMCPY(des->tmp, in, DES_BLOCK_SIZE); diff --git a/cyassl/internal.h b/cyassl/internal.h index 6ba7663ab..a0eaa6b5e 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -681,9 +681,9 @@ typedef struct { word32 length; /* total buffer length used */ word32 idx; /* idx to part of length already consumed */ byte* buffer; /* place holder for static or dynamic buffer */ - ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN]; word32 bufferSize; /* current buffer size */ byte dynamicFlag; /* dynamic memory currently in use */ + ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN]; } bufferStatic; /* Cipher Suites holder */ diff --git a/cyassl/openssl/evp.h b/cyassl/openssl/evp.h index 3bfe4280b..1ffc3b6aa 100644 --- a/cyassl/openssl/evp.h +++ b/cyassl/openssl/evp.h @@ -123,7 +123,7 @@ typedef struct CYASSL_EVP_CIPHER_CTX { int keyLen; /* user may set for variable */ unsigned char enc; /* if encrypt side, then true */ unsigned char cipherType; - unsigned char iv[64]; /* working iv pointer into cipher */ + unsigned char iv[AES_BLOCK_SIZE]; /* working iv pointer into cipher */ CYASSL_Cipher cipher; } CYASSL_EVP_CIPHER_CTX; diff --git a/src/internal.c b/src/internal.c index 70cbfc3c4..4a79e6162 100644 --- a/src/internal.c +++ b/src/internal.c @@ -204,7 +204,6 @@ static INLINE void c32toa(word32 u32, byte* c) /* convert a 24 bit integer into a 32 bit one */ static INLINE void c24to32(const word24 u24, word32* u32) { - *u32 = 0; *u32 = (u24[0] << 16) | (u24[1] << 8) | u24[2]; } @@ -212,7 +211,6 @@ static INLINE void c24to32(const word24 u24, word32* u32) /* convert opaque to 16 bit integer */ static INLINE void ato16(const byte* c, word16* u16) { - *u16 = 0; *u16 = (c[0] << 8) | (c[1]); } @@ -220,7 +218,6 @@ static INLINE void ato16(const byte* c, word16* u16) /* convert opaque to 32 bit integer */ static INLINE void ato32(const byte* c, word32* u32) { - *u32 = 0; *u32 = (c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3]; } @@ -2462,7 +2459,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx) if (!ssl->options.verifyNone && ssl->buffers.domainName.buffer) if (XSTRNCMP((char*)ssl->buffers.domainName.buffer, dCert.subjectCN, - ssl->buffers.domainName.length - 1)) { + ssl->buffers.domainName.length - 1) != 0) { ret = DOMAIN_NAME_MISMATCH; /* try to get peer key still */ } @@ -2603,7 +2600,7 @@ static int DoHelloRequest(CYASSL* ssl, const byte* input, word32* inOutIdx) *inOutIdx += padSz; /* verify */ - if (XMEMCMP(mac, verify, ssl->specs.hash_size)) { + if (XMEMCMP(mac, verify, ssl->specs.hash_size) != 0) { CYASSL_MSG(" hello_request verify mac error"); return VERIFY_MAC_ERROR; } @@ -2642,7 +2639,7 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, int sniff) if (ssl->toInfoOn) AddLateName("Finished", &ssl->timeoutInfo); #endif if (sniff == NO_SNIFF) { - if (XMEMCMP(input + idx, &ssl->verifyHashes, finishedSz)) { + if (XMEMCMP(input + idx, &ssl->verifyHashes, finishedSz) != 0) { CYASSL_MSG("Verify finished error on hashes"); return VERIFY_FINISHED_ERROR; } @@ -2663,7 +2660,7 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, int sniff) idx += padSz; /* verify mac */ - if (XMEMCMP(mac, verifyMAC, ssl->specs.hash_size)) { + if (XMEMCMP(mac, verifyMAC, ssl->specs.hash_size) != 0) { CYASSL_MSG("Verify finished error on mac"); return VERIFY_MAC_ERROR; } @@ -3562,7 +3559,7 @@ static int DoAlert(CYASSL* ssl, byte* input, word32* inOutIdx, int* type) *inOutIdx += (ssl->specs.hash_size + padSz); /* verify */ - if (XMEMCMP(mac, verify, ssl->specs.hash_size)) { + if (XMEMCMP(mac, verify, ssl->specs.hash_size) != 0) { CYASSL_MSG(" alert verify mac error"); return VERIFY_MAC_ERROR; } @@ -6106,7 +6103,7 @@ int SetCipherList(Suites* s, const char* list) return VERIFY_SIGN_ERROR; } else { - if (ret != sizeof(hash) || XMEMCMP(out, hash, sizeof(hash))) + if (ret != sizeof(hash) || XMEMCMP(out, hash,sizeof(hash)) != 0) return VERIFY_SIGN_ERROR; } } @@ -6817,8 +6814,6 @@ int SetCipherList(Suites* s, const char* list) Md5 md5; Sha sha; byte hash[FINISHED_SZ]; - byte* signBuffer = hash; - word32 signSz = sizeof(hash); /* md5 */ InitMd5(&md5); @@ -6835,7 +6830,9 @@ int SetCipherList(Suites* s, const char* list) ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]); if (ssl->specs.sig_algo == rsa_sa_algo) { - byte encodedSig[MAX_ENCODED_SIG_SZ]; + byte* signBuffer = hash; + word32 signSz = sizeof(hash); + byte encodedSig[MAX_ENCODED_SIG_SZ]; if (IsAtLeastTLSv1_2(ssl)) { byte* digest; int hType; @@ -7019,8 +7016,6 @@ int SetCipherList(Suites* s, const char* list) Md5 md5; Sha sha; byte hash[FINISHED_SZ]; - byte* signBuffer = hash; - word32 signSz = sizeof(hash); /* md5 */ InitMd5(&md5); @@ -7037,7 +7032,9 @@ int SetCipherList(Suites* s, const char* list) ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]); if (ssl->specs.sig_algo == rsa_sa_algo) { - byte encodedSig[MAX_ENCODED_SIG_SZ]; + byte* signBuffer = hash; + word32 signSz = sizeof(hash); + byte encodedSig[MAX_ENCODED_SIG_SZ]; if (IsAtLeastTLSv1_2(ssl)) { byte* digest; int typeH; diff --git a/src/ssl.c b/src/ssl.c index 673fc72cb..b05a481af 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2291,21 +2291,15 @@ int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX* ctx, const char* file) int format) { CYASSL_ENTER("SSL_CTX_use_RSAPrivateKey_file"); - if (ProcessFile(ctx, file,format,PRIVATEKEY_TYPE,NULL,0, NULL) - == SSL_SUCCESS) - return SSL_SUCCESS; - return SSL_FAILURE; + return CyaSSL_CTX_use_PrivateKey_file(ctx, file, format); } int CyaSSL_use_RSAPrivateKey_file(CYASSL* ssl, const char* file, int format) { CYASSL_ENTER("CyaSSL_use_RSAPrivateKey_file"); - if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, ssl, 0, NULL) - == SSL_SUCCESS) - return SSL_SUCCESS; - return SSL_FAILURE; + return CyaSSL_use_PrivateKey_file(ssl, file, format); } #endif /* OPENSSL_EXTRA */ @@ -4242,7 +4236,7 @@ int CyaSSL_set_compression(CYASSL* ssl) InitMd5(&myMD); /* only support MD5 for now */ - if (XSTRNCMP(md, "MD5", 3)) return 0; + if (XSTRNCMP(md, "MD5", 3) != 0) return 0; /* only support CBC DES and AES for now */ if (XSTRNCMP(type, "DES-CBC", 7) == 0) {