diff --git a/src/internal.c b/src/internal.c index c6c22bc01..73c96a965 100644 --- a/src/internal.c +++ b/src/internal.c @@ -15951,6 +15951,12 @@ static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, return PARSE_ERROR; } + if (size > MAX_HANDSHAKE_SZ) { + WOLFSSL_MSG("Handshake message too large"); + WOLFSSL_ERROR_VERBOSE(HANDSHAKE_SIZE_ERROR); + return HANDSHAKE_SIZE_ERROR; + } + return DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz); } diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index 4cedcae17..f89b55257 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -2706,11 +2706,13 @@ int wc_DhCmpNamedKey(int name, int noQ, goodName = 0; } - cmp = goodName && (pSz == pCmpSz) && (gSz == gCmpSz) && - (noQ || ((qCmp != NULL) && (qSz == qCmpSz) && - XMEMCMP(q, qCmp, qCmpSz) == 0)) && - (XMEMCMP(p, pCmp, pCmpSz) == 0) && - (XMEMCMP(g, gCmp, gCmpSz) == 0); + if (goodName) { + cmp = (pSz == pCmpSz) && (gSz == gCmpSz) && + (noQ || ((qCmp != NULL) && (qSz == qCmpSz) && + XMEMCMP(q, qCmp, qCmpSz) == 0)) && + (XMEMCMP(p, pCmp, pCmpSz) == 0) && + (XMEMCMP(g, gCmp, gCmpSz) == 0); + } return cmp; } diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index ec8878fd7..eecd2b9b9 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -1290,6 +1290,8 @@ int wolfSSL_GetHmacMaxSize(void) return ret; } + XMEMSET(tmp, 0, WC_MAX_DIGEST_SIZE); + while (outIdx < outSz) { word32 tmpSz = (n == 1) ? 0 : hashSz; word32 left = outSz - outIdx; diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index b3342611f..9fd2dd2f8 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -17770,7 +17770,7 @@ int sp_tohex(const sp_int* a, char* str) d = a->dp[i]; #ifndef WC_DISABLE_RADIX_ZERO_PAD /* Find highest non-zero byte in most-significant word. */ - for (j = SP_WORD_SIZE - 8; j >= 0; j -= 8) { + for (j = SP_WORD_SIZE - 8; j >= 0 && i>=0; j -= 8) { /* When a byte at this index is not 0 break out to start * writing. */