From 647ce794dd00a47a84607865c509f40b7cfad825 Mon Sep 17 00:00:00 2001 From: Tesfa Mael Date: Tue, 15 Nov 2022 11:26:29 -0800 Subject: [PATCH] unmask malloc returning NULL --- src/crl.c | 3 +++ src/internal.c | 8 ++++++++ wolfcrypt/src/asn.c | 1 + wolfcrypt/src/ecc.c | 19 +++++++++++++++---- 4 files changed, 27 insertions(+), 4 deletions(-) diff --git a/src/crl.c b/src/crl.c index a716e1801..c9b120c8e 100644 --- a/src/crl.c +++ b/src/crl.c @@ -75,6 +75,9 @@ int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm) WOLFSSL_MSG("Pthread condition init failed"); return BAD_COND_E; } +#endif +#ifdef HAVE_CRL_IO + crl->crlIOCb = NULL; #endif if (wc_InitMutex(&crl->crlLock) != 0) { WOLFSSL_MSG("Init Mutex failed"); diff --git a/src/internal.c b/src/internal.c index d95ed8827..b9b96b2fa 100644 --- a/src/internal.c +++ b/src/internal.c @@ -32339,6 +32339,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, int doHelloRetry = 0; /* Try to establish a key share. */ int ret = TLSX_KeyShare_Establish(ssl, &doHelloRetry); + + if (ret != 0) { + return ret; + } if (doHelloRetry) { ssl->options.serverState = SERVER_HELLO_RETRY_REQUEST_COMPLETE; } @@ -32386,6 +32390,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } else { WOLFSSL_MSG("Could not verify suite validity, continue"); + if (ret == MEMORY_E) { + WOLFSSL_MSG("Out of memory error"); + return ret; + } } } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index d49f06d21..ec841653f 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -35538,6 +35538,7 @@ static int GetRevoked(RevokedCert* rcert, const byte* buff, word32* idx, ret = wc_GetSerialNumber(buff, idx, rc->serialNumber, &rc->serialSz,maxIdx); if (ret < 0) { WOLFSSL_MSG("wc_GetSerialNumber error"); + XFREE(rc, dcrl->heap, DYNAMIC_TYPE_REVOKED); return ret; } /* add to list */ diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index a94e790a8..c2bb42f58 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -7847,6 +7847,8 @@ int ecc_mul2add(ecc_point* A, mp_int* kA, res Result of signature, 1==valid, 0==invalid key The corresponding public ECC key return MP_OKAY if successful (even if the signature is not valid) + Caller should check the *res value to determine if the signature + is valid or invalid. Other negative values are returned on error. */ WOLFSSL_ABI int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, @@ -8032,7 +8034,6 @@ static int wc_ecc_check_r_s_range(ecc_key* key, mp_int* r, mp_int* s) } #endif /* !WOLFSSL_STM32_PKA && !WOLFSSL_PSOC6_CRYPTO */ - /** Verify an ECC signature r The signature R component to verify @@ -8042,6 +8043,8 @@ static int wc_ecc_check_r_s_range(ecc_key* key, mp_int* r, mp_int* s) res Result of signature, 1==valid, 0==invalid key The corresponding public ECC key return MP_OKAY if successful (even if the signature is not valid) + Caller should check the *res value to determine if the signature + is valid or invalid. Other negative values are returned on error. */ #ifndef WOLF_CRYPTO_CB_ONLY_ECC int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, @@ -8182,12 +8185,20 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, (byte*)hash, msgLenInBytes); - if (err != SA_SILIB_RET_OK) { + if (err == CRYS_ECDSA_VERIFY_INCONSISTENT_VERIFY_ERROR) { + /* signature verification reported invalid signature. */ + *res = 0; /* Redundant, added for code clarity */ + err = MP_OKAY; + } + else if (err != SA_SILIB_RET_OK) { WOLFSSL_MSG("CRYS_ECDSA_Verify failed"); return err; } - /* valid signature if we get to this point */ - *res = 1; + else { + /* valid signature. */ + *res = 1; + err = MP_OKAY; + } #elif defined(WOLFSSL_SILABS_SE_ACCEL) err = silabs_ecc_verify_hash(&sigRS[0], keySz * 2, hash, hashlen,