feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge branch 'master' of github.com:cyassl/cyassl

Browse Source
This commit is contained in:
John Safranek
2012-06-05 10:38:46 -07:00
parent c08486e5e2 cb3d998301
commit 59e4c346f0
5 changed files with 50 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
ctaocrypt/src/asn.c
View File

@ -63,6 +63,16 @@ enum {
#endif #endif
#ifndef min
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
#endif /* min */
#ifdef THREADX #ifdef THREADX
/* uses parital <time.h> structures */ /* uses parital <time.h> structures */
#define XTIME(tl) (0) #define XTIME(tl) (0)
@ -2710,7 +2720,7 @@ static int SetMyVersion(word32 version, byte* output, int header)
} }
output[i++] = ASN_INTEGER; output[i++] = ASN_INTEGER;
output[i++] = 0x01; output[i++] = 0x01;
output[i++] = version; output[i++] = (byte)version;
return i; return i;
} }
@ -3183,8 +3193,6 @@ static const char* GetOneName(CertName* name, int idx)
default: default:
return 0; return 0;
} }
return 0;
} }
@ -3220,8 +3228,6 @@ static byte GetNameId(int idx)
default: default:
return 0; return 0;
} }
return 0;
} }
@ -3508,7 +3514,8 @@ static int WriteCertBody(DerCert* der, byte* buffer)
idx += der->publicKeySz; idx += der->publicKeySz;
if (der->extensionsSz) { if (der->extensionsSz) {
/* extensions */ /* extensions */
XMEMCPY(buffer + idx, der->extensions, der->extensionsSz); XMEMCPY(buffer + idx, der->extensions, min(der->extensionsSz,
sizeof(der->extensions)));
idx += der->extensionsSz; idx += der->extensionsSz;
} }

11
ctaocrypt/src/coding.c
View File

@ -54,6 +54,7 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
word32 i = 0; word32 i = 0;
word32 j = 0; word32 j = 0;
word32 plainSz = inLen - ((inLen + (PEM_LINE_SZ - 1)) / PEM_LINE_SZ ); word32 plainSz = inLen - ((inLen + (PEM_LINE_SZ - 1)) / PEM_LINE_SZ );
const byte maxIdx = (byte)sizeof(base64Decode) + 0x2B - 1;
plainSz = (plainSz * 3 + 3) / 4; plainSz = (plainSz * 3 + 3) / 4;
if (plainSz > *outLen) return BAD_FUNC_ARG; if (plainSz > *outLen) return BAD_FUNC_ARG;
@ -75,6 +76,16 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
if (e4 == PAD) if (e4 == PAD)
pad4 = 1; pad4 = 1;
if (e1 < 0x2B || e2 < 0x2B || e3 < 0x2B || e4 < 0x2B) {
CYASSL_MSG("Bad Base64 Decode data, too small");
return ASN_INPUT_E;
}
if (e1 > maxIdx || e2 > maxIdx || e3 > maxIdx || e4 > maxIdx) {
CYASSL_MSG("Bad Base64 Decode data, too big");
return ASN_INPUT_E;
}
e1 = base64Decode[e1 - 0x2B]; e1 = base64Decode[e1 - 0x2B];
e2 = base64Decode[e2 - 0x2B]; e2 = base64Decode[e2 - 0x2B];
e3 = (e3 == PAD) ? 0 : base64Decode[e3 - 0x2B]; e3 = (e3 == PAD) ? 0 : base64Decode[e3 - 0x2B];

8
ctaocrypt/src/integer.c
View File

@ -2762,6 +2762,9 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b)
} }
} }
if (pa > MP_WARRAY)
return MP_RANGE; /* TAO range check */
#ifdef CYASSL_SMALL_STACK #ifdef CYASSL_SMALL_STACK
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT); W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
if (W == NULL) if (W == NULL)
@ -2878,6 +2881,8 @@ int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
/* number of output digits to produce */ /* number of output digits to produce */
pa = MIN(digs, a->used + b->used); pa = MIN(digs, a->used + b->used);
if (pa > MP_WARRAY)
return MP_RANGE; /* TAO range check */
#ifdef CYASSL_SMALL_STACK #ifdef CYASSL_SMALL_STACK
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT); W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
@ -3598,6 +3603,9 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
} }
} }
if (pa > MP_WARRAY)
return MP_RANGE; /* TAO range check */
#ifdef CYASSL_SMALL_STACK #ifdef CYASSL_SMALL_STACK
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT); W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
if (W == NULL) if (W == NULL)

13
src/internal.c
View File

@ -2822,7 +2822,7 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz,
/* write to output */ /* write to output */
if (ivSz) { if (ivSz) {
XMEMCPY(output + idx, iv, ivSz); XMEMCPY(output + idx, iv, min(ivSz, sizeof(iv)));
idx += ivSz; idx += ivSz;
} }
XMEMCPY(output + idx, input, inSz); XMEMCPY(output + idx, input, inSz);
@ -4235,7 +4235,7 @@ int SetCipherList(Suites* s, const char* list)
i += RAN_LEN; i += RAN_LEN;
b = input[i++]; b = input[i++];
if (b) { if (b) {
XMEMCPY(ssl->arrays.sessionID, input + i, b); XMEMCPY(ssl->arrays.sessionID, input + i, min(b, ID_LEN));
i += b; i += b;
ssl->options.haveSessionId = 1; ssl->options.haveSessionId = 1;
} }
@ -4506,7 +4506,7 @@ int SetCipherList(Suites* s, const char* list)
encSigSz = EncodeSignature(encodedSig, digest, digestSz, typeH); encSigSz = EncodeSignature(encodedSig, digest, digestSz, typeH);
if (encSigSz != (word32)ret || XMEMCMP(out, encodedSig, if (encSigSz != (word32)ret || XMEMCMP(out, encodedSig,
encSigSz) != 0) min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0)
return VERIFY_SIGN_ERROR; return VERIFY_SIGN_ERROR;
} }
else { else {
@ -4673,7 +4673,7 @@ int SetCipherList(Suites* s, const char* list)
/* precede export with 1 byte length */ /* precede export with 1 byte length */
ret = ecc_export_x963(&myKey, encSecret + 1, &size); ret = ecc_export_x963(&myKey, encSecret + 1, &size);
encSecret[0] = size; encSecret[0] = (byte)size;
encSz = size + 1; encSz = size + 1;
if (ret != 0) if (ret != 0)
@ -6139,12 +6139,13 @@ int SetCipherList(Suites* s, const char* list)
sigSz = EncodeSignature(encodedSig, digest, digestSz, typeH); sigSz = EncodeSignature(encodedSig, digest, digestSz, typeH);
if (outLen == (int)sigSz && XMEMCMP(out, encodedSig,sigSz) == 0) if (outLen == (int)sigSz && XMEMCMP(out, encodedSig,
min(sigSz, MAX_ENCODED_SIG_SZ)) == 0)
ret = 0; /* verified */ ret = 0; /* verified */
} }
else { else {
if (outLen == sizeof(ssl->certHashes) && XMEMCMP(out, if (outLen == sizeof(ssl->certHashes) && XMEMCMP(out,
ssl->certHashes.md5, sizeof(ssl->certHashes)) == 0) &ssl->certHashes, sizeof(ssl->certHashes)) == 0)
ret = 0; /* verified */ ret = 0; /* verified */
} }
} }

12
src/tls.c
View File

@ -33,6 +33,16 @@
#ifndef NO_TLS #ifndef NO_TLS
#ifndef min
static INLINE word32 min(word32 a, word32 b)
{
return a > b ? b : a;
}
#endif /* min */
/* calculate XOR for TLSv1 PRF */ /* calculate XOR for TLSv1 PRF */
static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha) static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha)
{ {
@ -74,7 +84,7 @@ static void p_hash(byte* result, word32 resLen, const byte* secret,
HmacFinal(&hmac, current); HmacFinal(&hmac, current);
if ( (i == lastTime) && lastLen) if ( (i == lastTime) && lastLen)
XMEMCPY(&result[idx], current, lastLen); XMEMCPY(&result[idx], current, min(lastLen, sizeof(current)));
else { else {
XMEMCPY(&result[idx], current, len); XMEMCPY(&result[idx], current, len);
idx += len; idx += len;