Updates to remove warnings and build issues found with IAR tools. Update test function / example to avoid memory leak. Update to pass error codes along rather than mask them at lower levels.

Make logic to avoid masking return error conditionally compiled based on STSAFE configuration Update logic at second crypto-callback location to return error code rather than mask it
2022-09-20 16:25:17 -05:00
parent 913bbc8f79
commit 62766b0758
5 changed files with 19 additions and 16 deletions
--- a/src/internal.c
+++ b/src/internal.c
@@ -5004,7 +5004,9 @@ int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out,
 #endif /* WOLFSSL_ASYNC_CRYPT */
    {
        if (ret != 0 || ssl->eccVerifyRes == 0) {
-            ret = VERIFY_SIGN_ERROR;
+            if (ret == 0) {
+                ret = VERIFY_SIGN_ERROR;
+            }
            WOLFSSL_ERROR_VERBOSE(ret);
        }
        else {
--- a/src/pk.c
+++ b/src/pk.c
@@ -1377,7 +1377,7 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa,
    int ret = 1;
    WOLFSSL_EVP_PKEY* pkey = NULL;
 #if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)
-    int derSz;
+    int derSz = 0;
    byte* derBuf = NULL;
 #endif /* WOLFSSL_KEY_GEN && !HAVE_USER_RSA */

@@ -1641,7 +1641,7 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
    byte* tmp = NULL;
    byte* cipherInfo = NULL;
    int  derSz = 0;
-    int  pemSz;
+    int  pemSz = 0;
    const int type = PRIVATEKEY_TYPE;
    const char* header = NULL;
    const char* footer = NULL;
@@ -3491,7 +3491,7 @@ int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash,
 {
    int     ret        = 1;
    word32  outLen     = 0;
-    int     signSz;
+    int     signSz     = 0;
    WC_RNG* rng        = NULL;
    int     initTmpRng = 0;
 #ifdef WOLFSSL_SMALL_STACK
@@ -3502,7 +3502,7 @@ int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash,
    WC_RNG* tmpRng = _tmpRng;
    byte    encodedSig[MAX_ENCODED_SIG_SZ];
 #endif
-    unsigned int encSz;
+    unsigned int encSz = 0;


    WOLFSSL_ENTER("wolfSSL_RSA_sign_generic_padding");
@@ -3689,7 +3689,7 @@ int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash,
 #endif
    unsigned char*   sigDec = NULL;
    unsigned int     len    = MAX_ENCODED_SIG_SZ;
-    int              verLen;
+    int              verLen = 0;
 #if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 1)) && !defined(HAVE_SELFTEST)
    enum wc_HashType hType = WC_HASH_TYPE_NONE;
 #endif
@@ -3811,7 +3811,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from,
 #if !defined(HAVE_FIPS)
    int  mgf = WC_MGF1NONE;
    enum wc_HashType hash = WC_HASH_TYPE_NONE;
-    int pad_type;
+    int pad_type = WC_RSA_NO_PAD;
 #endif
    int outLen = 0;

--- a/wolfcrypt/src/port/st/stsafe.c
+++ b/wolfcrypt/src/port/st/stsafe.c
@@ -123,7 +123,7 @@ int SSL_STSAFE_VerifyPeerCertCb(WOLFSSL* ssl,
    word32 pubKeyY_len = sizeof(pubKeyY);
    ecc_key key;
    word32 inOutIdx = 0;
-    StSafeA_CurveId curve_id;
+    StSafeA_CurveId curve_id = STSAFE_A_NIST_P_256;
    int ecc_curve;

    (void)ssl;
@@ -170,7 +170,7 @@ int SSL_STSAFE_VerifyPeerCertCb(WOLFSSL* ssl,
        #ifdef USE_STSAFE_VERBOSE
            STSAFE_INTERFACE_PRINTF("stsafe_interface_verify error: %d\n", err);
        #endif
-            err = WC_HW_E;
+            err = -err;
        }
    }

@@ -507,7 +507,7 @@ int wolfSSL_STSAFE_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
                #ifdef USE_STSAFE_VERBOSE
                    STSAFE_INTERFACE_PRINTF("stsafe_interface_verify error: %d\n", rc);
                #endif
-                    rc = WC_HW_E;
+                    rc = -rc;
                }
            }
        }
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@@ -3884,14 +3884,12 @@ void fp_set(fp_int *a, fp_digit b)
 #endif
 int fp_set_int(fp_int *a, unsigned long b)
 {
-  int x;
-
  /* use direct fp_set if b is less than fp_digit max
   * If input max value of b down shift by 1 less than full range
   * fp_digit, then condition is always true. */
 #if ((ULONG_MAX >> (DIGIT_BIT-1)) > 0)
+  int x;
  if (b < FP_DIGIT_MAX)
-#endif
  {
    fp_set (a, (fp_digit)b);
    return FP_OKAY;
@@ -3918,8 +3916,11 @@ int fp_set_int(fp_int *a, unsigned long b)

  /* clamp digits */
  fp_clamp(a);
-
-  return FP_OKAY;
+#else
+  fp_set (a, (fp_digit)b);
+#endif
+  
+  return FP_OKAY;  
 }

 /* check if a bit is set */
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -2813,7 +2813,7 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
                    wolfSSL_BIO_free(bio);
                }
            }
-            wolfSSL_sk_X509_free(sk);
+            wolfSSL_sk_X509_pop_free(sk, NULL);
        }
 #endif
    }