diff --git a/examples/benchmark/tls_bench.c b/examples/benchmark/tls_bench.c index 693afa81e..32b91c672 100644 --- a/examples/benchmark/tls_bench.c +++ b/examples/benchmark/tls_bench.c @@ -1279,8 +1279,8 @@ int bench_tls(void* args) stats_t cli_comb, srv_comb; int i; char *cipher, *next_cipher, *ciphers = NULL; - int argc = ((func_args*)args)->argc; - char** argv = ((func_args*)args)->argv; + int argc = 0; + char** argv = NULL; int ch; /* Vars configured by command line arguments */ @@ -1303,8 +1303,11 @@ int bench_tls(void* args) int listenFd = -1; #endif - if (args) + if (args != NULL) { + argc = ((func_args*)args)->argc; + argv = ((func_args*)args)->argv; ((func_args*)args)->return_code = -1; /* error state */ + } /* Initialize wolfSSL */ wolfSSL_Init(); diff --git a/examples/client/client.c b/examples/client/client.c index b2caca467..3c7447521 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -231,7 +231,7 @@ static void ShowVersions(void) #ifdef WOLFSSL_TLS13 static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519) { - int groups[3]; + int groups[3] = {0}; int count = 0; (void)useX25519; diff --git a/src/internal.c b/src/internal.c index 7a91e0733..163395cf9 100644 --- a/src/internal.c +++ b/src/internal.c @@ -3368,7 +3368,7 @@ void InitX509(WOLFSSL_X509* x509, int dynamicFlag, void* heap) x509->dynamicMemory = (byte)dynamicFlag; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) x509->refCount = 1; - wc_InitMutex(&x509->refMutex); + (void)wc_InitMutex(&x509->refMutex); #endif } diff --git a/src/tls.c b/src/tls.c index e982ad425..ff73f2899 100644 --- a/src/tls.c +++ b/src/tls.c @@ -2617,7 +2617,7 @@ static int TLSX_TCA_Parse(WOLFSSL* ssl, const byte* input, word16 length, return BUFFER_ERROR; ato16(input + offset, &idSz); offset += OPAQUE16_LEN; - if (offset + idSz > length) + if ((offset > length) || (idSz > length - offset)) return BUFFER_ERROR; id = input + offset; offset += idSz; diff --git a/src/tls13.c b/src/tls13.c index 2cd37050f..fe23e7876 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -4009,7 +4009,7 @@ static int DoTls13SupportedVersions(WOLFSSL* ssl, const byte* input, word32 i, return BUFFER_ERROR; ato16(&input[i], &totalExtSz); i += OPAQUE16_LEN; - if (i + totalExtSz != helloSz) + if (totalExtSz != helloSz - i) return BUFFER_ERROR; /* Need to negotiate version first. */ diff --git a/tests/api.c b/tests/api.c index b031e3799..1606ebe21 100644 --- a/tests/api.c +++ b/tests/api.c @@ -21863,7 +21863,7 @@ static void test_wolfSSL_ASN1_TIME_adj(void) WOLFSSL_ASN1_TIME *asn_time, *s; int offset_day; long offset_sec; - char date_str[CTC_DATE_SIZE]; + char date_str[CTC_DATE_SIZE + 1]; time_t t; printf(testingFmt, "wolfSSL_ASN1_TIME_adj()"); @@ -21878,14 +21878,16 @@ static void test_wolfSSL_ASN1_TIME_adj(void) /* offset_sec = -45 * min;*/ asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec); AssertTrue(asn_time->type == asn_utc_time); - XSTRNCPY(date_str, (const char*)&asn_time->data, sizeof(date_str)); + XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE); + date_str[CTC_DATE_SIZE] = '\0'; AssertIntEQ(0, XMEMCMP(date_str, "000222211500Z", 13)); /* negative offset */ offset_sec = -45 * mini; asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec); AssertTrue(asn_time->type == asn_utc_time); - XSTRNCPY(date_str, (const char*)&asn_time->data, sizeof(date_str)); + XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE); + date_str[CTC_DATE_SIZE] = '\0'; AssertIntEQ(0, XMEMCMP(date_str, "000222194500Z", 13)); XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL); @@ -21902,7 +21904,8 @@ static void test_wolfSSL_ASN1_TIME_adj(void) offset_sec = 10 * mini; asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec); AssertTrue(asn_time->type == asn_gen_time); - XSTRNCPY(date_str, (const char*)&asn_time->data, sizeof(date_str)); + XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE); + date_str[CTC_DATE_SIZE] = '\0'; AssertIntEQ(0, XMEMCMP(date_str, "20550313091000Z", 15)); XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL); @@ -21917,13 +21920,15 @@ static void test_wolfSSL_ASN1_TIME_adj(void) offset_sec = 45 * mini; asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec); AssertTrue(asn_time->type == asn_utc_time); - XSTRNCPY(date_str, (const char*)&asn_time->data, sizeof(date_str)); + XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE); + date_str[CTC_DATE_SIZE] = '\0'; AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13)); XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL); asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, offset_sec); AssertTrue(asn_time->type == asn_utc_time); - XSTRNCPY(date_str, (const char*)&asn_time->data, sizeof(date_str)); + XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE); + date_str[CTC_DATE_SIZE] = '\0'; AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13)); XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL); diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c index fca9d6d58..bd27fdd46 100644 --- a/wolfcrypt/src/pkcs12.c +++ b/wolfcrypt/src/pkcs12.c @@ -767,7 +767,12 @@ int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz) word32 tmpIdx = 0; byte ar[MAX_LENGTH_SZ + 2]; tmpSz = SetShortInt(ar, &tmpIdx, mac->itt, MAX_LENGTH_SZ + 2); - XMEMCPY(&sdBuf[idx], ar, tmpSz); + if (tmpSz < 0) { + ret = tmpSz; + } + else { + XMEMCPY(&sdBuf[idx], ar, tmpSz); + } } totalSz += sdBufSz; diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 081d93614..7e0b36455 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -3466,8 +3466,8 @@ static int wc_PKCS7_VerifyContentMessageDigest(PKCS7* pkcs7, const byte* hashBuf, word32 hashSz) { - int ret = 0, innerAttribSz = 0; - word32 digestSz = 0, idx = 0; + int ret = 0, digestSz = 0, innerAttribSz = 0; + word32 idx = 0; byte* digestBuf = NULL; #ifdef WOLFSSL_SMALL_STACK byte* digest = NULL; @@ -3538,17 +3538,23 @@ static int wc_PKCS7_VerifyContentMessageDigest(PKCS7* pkcs7, digestBuf = digest; digestSz = wc_HashGetDigestSize(hashType); - + if (digestSz < 0) { + WOLFSSL_MSG("Invalid hash type"); +#ifdef WOLFSSL_SMALL_STACK + XFREE(digest, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return digestSz; + } } else { /* user passed in pre-computed hash */ digestBuf = (byte*)hashBuf; - digestSz = hashSz; + digestSz = (int)hashSz; } /* compare generated to hash in messageDigest attribute */ - if ((innerAttribSz != (int)digestSz) || - (XMEMCMP(attrib->value + idx, digestBuf, digestSz) != 0)) { + if ((innerAttribSz != digestSz) || + (XMEMCMP(attrib->value + idx, digestBuf, (word32)digestSz) != 0)) { WOLFSSL_MSG("Content digest does not match messageDigest attrib value"); #ifdef WOLFSSL_SMALL_STACK XFREE(digest, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -4679,7 +4685,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, XFREE(pkcs7->stream->tmpCert, pkcs7->heap, DYNAMIC_TYPE_PKCS7); pkcs7->stream->tmpCert = (byte*)XMALLOC(length, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - if (pkcs7->stream->tmpCert == NULL) { + if ((pkiMsg2 == NULL) || (pkcs7->stream->tmpCert == NULL)) { ret = MEMORY_E; break; } @@ -8427,12 +8433,14 @@ static int wc_PKCS7_KariGetKeyEncryptionAlgorithmId(WC_PKCS7_KARI* kari, word32* keyAgreeOID, word32* keyWrapOID) { int length = 0; - word32 localIdx = *idx; + word32 localIdx; if (kari == NULL || pkiMsg == NULL || idx == NULL || keyAgreeOID == NULL || keyWrapOID == NULL) return BAD_FUNC_ARG; + localIdx = *idx; + /* remove KeyEncryptionAlgorithmIdentifier */ if (GetSequence(pkiMsg, &localIdx, &length, pkiMsgSz) < 0) return ASN_PARSE_E; diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 8205d480b..e9f5b22ec 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -1467,7 +1467,7 @@ static int RsaUnPad_PSS(byte *pkcsBlock, unsigned int pkcsBlockLen, { int ret; byte* tmp; - int hLen, i, maskLen; + int hLen, i, maskLen, orig_bits = bits; #if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_STATIC_MEMORY) byte tmp_buf[RSA_MAX_SIZE/8]; tmp = tmp_buf; @@ -1498,7 +1498,7 @@ static int RsaUnPad_PSS(byte *pkcsBlock, unsigned int pkcsBlockLen, saltLen = hLen; #ifdef WOLFSSL_SHA512 /* See FIPS 186-4 section 5.5 item (e). */ - if (bits == 1024 && hLen == WC_SHA512_DIGEST_SIZE) + if (orig_bits == 1024 && hLen == WC_SHA512_DIGEST_SIZE) saltLen = RSA_PSS_SALT_MAX_SZ; #endif } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index fc70477fb..ce9e7f443 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -7781,7 +7781,7 @@ int gmac_test(void) byte tag[16]; XMEMSET(&gmac, 0, sizeof(Gmac)); /* clear context */ - wc_AesInit((Aes*)&gmac, HEAP_HINT, INVALID_DEVID); /* Make sure devId updated */ + (void)wc_AesInit((Aes*)&gmac, HEAP_HINT, INVALID_DEVID); /* Make sure devId updated */ XMEMSET(tag, 0, sizeof(tag)); wc_GmacSetKey(&gmac, k1, sizeof(k1)); wc_GmacUpdate(&gmac, iv1, sizeof(iv1), a1, sizeof(a1), tag, sizeof(t1)); @@ -11550,14 +11550,18 @@ static int rsa_keygen_test(WC_RNG* rng) ERROR_OUT(-6968, exit_rsa); } #endif /* WOLFSSL_CRYPTOCELL */ - wc_FreeRsaKey(&genKey); - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - pem = NULL; - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - der = NULL; exit_rsa: wc_FreeRsaKey(&genKey); + if (pem != NULL) { + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + pem = NULL; + } + if (der != NULL) { + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + der = NULL; + } + return ret; } #endif