forked from wolfSSL/wolfssl
fix clang scan-build problems
This commit is contained in:
toddouska
@@ -511,6 +511,10 @@ void bench_dh(void)
|
|||||||
bytes = fread(tmp, 1, sizeof(tmp), file);
|
bytes = fread(tmp, 1, sizeof(tmp), file);
|
||||||
InitDhKey(&dhKey);
|
InitDhKey(&dhKey);
|
||||||
bytes = DhKeyDecode(tmp, &idx, &dhKey, (word32)bytes);
|
bytes = DhKeyDecode(tmp, &idx, &dhKey, (word32)bytes);
|
||||||
|
if (bytes != 0) {
|
||||||
|
printf("dhekydecode failed, can't benchmark\n");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
start = current_time();
|
start = current_time();
|
||||||
|
|
||||||
|
|||||||
@@ -2079,6 +2079,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
|
|||||||
typeH = SHA256h;
|
typeH = SHA256h;
|
||||||
digestSz = SHA256_DIGEST_SIZE;
|
digestSz = SHA256_DIGEST_SIZE;
|
||||||
}
|
}
|
||||||
|
break;
|
||||||
#endif
|
#endif
|
||||||
#ifdef CYASSL_SHA512
|
#ifdef CYASSL_SHA512
|
||||||
case CTC_SHA512wRSA:
|
case CTC_SHA512wRSA:
|
||||||
@@ -2091,6 +2092,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
|
|||||||
typeH = SHA512h;
|
typeH = SHA512h;
|
||||||
digestSz = SHA512_DIGEST_SIZE;
|
digestSz = SHA512_DIGEST_SIZE;
|
||||||
}
|
}
|
||||||
|
break;
|
||||||
#endif
|
#endif
|
||||||
#ifdef CYASSL_SHA384
|
#ifdef CYASSL_SHA384
|
||||||
case CTC_SHA384wRSA:
|
case CTC_SHA384wRSA:
|
||||||
@@ -2103,6 +2105,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
|
|||||||
typeH = SHA384h;
|
typeH = SHA384h;
|
||||||
digestSz = SHA384_DIGEST_SIZE;
|
digestSz = SHA384_DIGEST_SIZE;
|
||||||
}
|
}
|
||||||
|
break;
|
||||||
#endif
|
#endif
|
||||||
default:
|
default:
|
||||||
CYASSL_MSG("Verify Signautre has unsupported type");
|
CYASSL_MSG("Verify Signautre has unsupported type");
|
||||||
|
|||||||
@@ -1708,6 +1708,8 @@ int rsa_test(void)
|
|||||||
if (ret != 0) return -491;
|
if (ret != 0) return -491;
|
||||||
|
|
||||||
FreeDecodedCert(&cert);
|
FreeDecodedCert(&cert);
|
||||||
|
#else
|
||||||
|
(void)bytes;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
fclose(file2);
|
fclose(file2);
|
||||||
@@ -2092,12 +2094,12 @@ int dh_test(void)
|
|||||||
return -53;
|
return -53;
|
||||||
|
|
||||||
ret = DhGenerateKeyPair(&key, &rng, priv, &privSz, pub, &pubSz);
|
ret = DhGenerateKeyPair(&key, &rng, priv, &privSz, pub, &pubSz);
|
||||||
ret = DhGenerateKeyPair(&key2, &rng, priv2, &privSz2, pub2, &pubSz2);
|
ret += DhGenerateKeyPair(&key2, &rng, priv2, &privSz2, pub2, &pubSz2);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return -54;
|
return -54;
|
||||||
|
|
||||||
ret = DhAgree(&key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
|
ret = DhAgree(&key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
|
||||||
ret = DhAgree(&key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
|
ret += DhAgree(&key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return -55;
|
return -55;
|
||||||
|
|
||||||
@@ -2420,14 +2422,20 @@ int pkcs12_test(void)
|
|||||||
int ret = PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8, iterations,
|
int ret = PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8, iterations,
|
||||||
kLen, SHA, id);
|
kLen, SHA, id);
|
||||||
|
|
||||||
if ( (ret = memcmp(derived, verify, kLen)) != 0)
|
if (ret < 0)
|
||||||
return -103;
|
return -103;
|
||||||
|
|
||||||
|
if ( (ret = memcmp(derived, verify, kLen)) != 0)
|
||||||
|
return -104;
|
||||||
|
|
||||||
iterations = 1000;
|
iterations = 1000;
|
||||||
ret = PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8, iterations,
|
ret = PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8, iterations,
|
||||||
kLen, SHA, id);
|
kLen, SHA, id);
|
||||||
|
if (ret < 0)
|
||||||
|
return -105;
|
||||||
|
|
||||||
if ( (ret = memcmp(derived, verify2, 24)) != 0)
|
if ( (ret = memcmp(derived, verify2, 24)) != 0)
|
||||||
return -104;
|
return -106;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -232,8 +232,6 @@ void client_test(void* args)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
argc -= myoptind;
|
|
||||||
argv += myoptind;
|
|
||||||
myoptind = 0; /* reset for test cases */
|
myoptind = 0; /* reset for test cases */
|
||||||
|
|
||||||
switch (version) {
|
switch (version) {
|
||||||
|
|||||||
@@ -200,8 +200,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
argc -= myoptind;
|
|
||||||
argv += myoptind;
|
|
||||||
myoptind = 0; /* reset for test cases */
|
myoptind = 0; /* reset for test cases */
|
||||||
|
|
||||||
switch (version) {
|
switch (version) {
|
||||||
|
|||||||
56
src/ssl.c
56
src/ssl.c
@@ -1128,8 +1128,10 @@ int CyaSSL_Init(void)
|
|||||||
{
|
{
|
||||||
EncryptedInfo info;
|
EncryptedInfo info;
|
||||||
buffer der; /* holds DER or RAW (for NTRU) */
|
buffer der; /* holds DER or RAW (for NTRU) */
|
||||||
|
int ret;
|
||||||
int dynamicType = 0;
|
int dynamicType = 0;
|
||||||
int eccKey = 0;
|
int eccKey = 0;
|
||||||
|
void* heap = ctx ? ctx->heap : NULL;
|
||||||
|
|
||||||
info.set = 0;
|
info.set = 0;
|
||||||
info.ctx = ctx;
|
info.ctx = ctx;
|
||||||
@@ -1153,9 +1155,9 @@ int CyaSSL_Init(void)
|
|||||||
dynamicType = DYNAMIC_TYPE_KEY;
|
dynamicType = DYNAMIC_TYPE_KEY;
|
||||||
|
|
||||||
if (format == SSL_FILETYPE_PEM) {
|
if (format == SSL_FILETYPE_PEM) {
|
||||||
int ret = PemToDer(buff, sz, type, &der, ctx->heap, &info, &eccKey);
|
ret = PemToDer(buff, sz, type, &der, heap, &info, &eccKey);
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
XFREE(der.buffer, ctx->heap, dynamicType);
|
XFREE(der.buffer, heap, dynamicType);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
if (used)
|
if (used)
|
||||||
@@ -1174,10 +1176,10 @@ int CyaSSL_Init(void)
|
|||||||
CYASSL_MSG("Growing Tmp Chain Buffer");
|
CYASSL_MSG("Growing Tmp Chain Buffer");
|
||||||
bufferSz = (word32)(sz - consumed);
|
bufferSz = (word32)(sz - consumed);
|
||||||
/* will shrink to actual size */
|
/* will shrink to actual size */
|
||||||
chainBuffer = (byte*)XMALLOC(bufferSz, ctx->heap,
|
chainBuffer = (byte*)XMALLOC(bufferSz, heap,
|
||||||
DYNAMIC_TYPE_FILE);
|
DYNAMIC_TYPE_FILE);
|
||||||
if (chainBuffer == NULL) {
|
if (chainBuffer == NULL) {
|
||||||
XFREE(der.buffer, ctx->heap, dynamicType);
|
XFREE(der.buffer, heap, dynamicType);
|
||||||
return MEMORY_E;
|
return MEMORY_E;
|
||||||
}
|
}
|
||||||
dynamicBuffer = 1;
|
dynamicBuffer = 1;
|
||||||
@@ -1190,7 +1192,7 @@ int CyaSSL_Init(void)
|
|||||||
part.buffer = 0;
|
part.buffer = 0;
|
||||||
|
|
||||||
ret = PemToDer(buff + consumed, sz - consumed, type, &part,
|
ret = PemToDer(buff + consumed, sz - consumed, type, &part,
|
||||||
ctx->heap, &info, &eccKey);
|
heap, &info, &eccKey);
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
gotOne = 1;
|
gotOne = 1;
|
||||||
if ( (idx + part.length) > bufferSz) {
|
if ( (idx + part.length) > bufferSz) {
|
||||||
@@ -1208,38 +1210,42 @@ int CyaSSL_Init(void)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
XFREE(part.buffer, ctx->heap, dynamicType);
|
XFREE(part.buffer, heap, dynamicType);
|
||||||
|
|
||||||
if (ret == SSL_NO_PEM_HEADER && gotOne) {
|
if (ret == SSL_NO_PEM_HEADER && gotOne) {
|
||||||
CYASSL_MSG("We got one good PEM so stuff at end ok");
|
CYASSL_MSG("We got one good PEM so stuff at end ok");
|
||||||
ret = 0;
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
CYASSL_MSG(" Error in Cert in Chain");
|
CYASSL_MSG(" Error in Cert in Chain");
|
||||||
XFREE(der.buffer, ctx->heap, dynamicType);
|
XFREE(der.buffer, heap, dynamicType);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
CYASSL_MSG(" Consumed another Cert in Chain");
|
CYASSL_MSG(" Consumed another Cert in Chain");
|
||||||
}
|
}
|
||||||
CYASSL_MSG("Finished Processing Cert Chain");
|
CYASSL_MSG("Finished Processing Cert Chain");
|
||||||
ctx->certChain.buffer = (byte*)XMALLOC(idx, ctx->heap,
|
|
||||||
|
if (ctx == NULL) {
|
||||||
|
CYASSL_MSG("certChain needs context");
|
||||||
|
return BAD_FUNC_ARG;
|
||||||
|
}
|
||||||
|
ctx->certChain.buffer = (byte*)XMALLOC(idx, heap,
|
||||||
dynamicType);
|
dynamicType);
|
||||||
if (ctx->certChain.buffer) {
|
if (ctx->certChain.buffer) {
|
||||||
ctx->certChain.length = idx;
|
ctx->certChain.length = idx;
|
||||||
XMEMCPY(ctx->certChain.buffer, chainBuffer, idx);
|
XMEMCPY(ctx->certChain.buffer, chainBuffer, idx);
|
||||||
}
|
}
|
||||||
if (dynamicBuffer)
|
if (dynamicBuffer)
|
||||||
XFREE(chainBuffer, ctx->heap, DYNAMIC_TYPE_FILE);
|
XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
|
||||||
if (ctx->certChain.buffer == NULL) {
|
if (ctx->certChain.buffer == NULL) {
|
||||||
XFREE(der.buffer, ctx->heap, dynamicType);
|
XFREE(der.buffer, heap, dynamicType);
|
||||||
return MEMORY_E;
|
return MEMORY_E;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else { /* ASN1 (DER) or RAW (NTRU) */
|
else { /* ASN1 (DER) or RAW (NTRU) */
|
||||||
der.buffer = (byte*) XMALLOC(sz, ctx->heap, dynamicType);
|
der.buffer = (byte*) XMALLOC(sz, heap, dynamicType);
|
||||||
if (!der.buffer) return MEMORY_ERROR;
|
if (!der.buffer) return MEMORY_ERROR;
|
||||||
XMEMCPY(der.buffer, buff, sz);
|
XMEMCPY(der.buffer, buff, sz);
|
||||||
der.length = (word32)sz;
|
der.length = (word32)sz;
|
||||||
@@ -1250,19 +1256,18 @@ int CyaSSL_Init(void)
|
|||||||
/* decrypt */
|
/* decrypt */
|
||||||
char password[80];
|
char password[80];
|
||||||
int passwordSz;
|
int passwordSz;
|
||||||
int ret;
|
|
||||||
|
|
||||||
byte key[AES_256_KEY_SIZE];
|
byte key[AES_256_KEY_SIZE];
|
||||||
byte iv[AES_IV_SIZE];
|
byte iv[AES_IV_SIZE];
|
||||||
|
|
||||||
if (!ctx->passwd_cb) {
|
if (!ctx->passwd_cb) {
|
||||||
XFREE(der.buffer, ctx->heap, dynamicType);
|
XFREE(der.buffer, heap, dynamicType);
|
||||||
return NO_PASSWORD;
|
return NO_PASSWORD;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* use file's salt for key derivation, hex decode first */
|
/* use file's salt for key derivation, hex decode first */
|
||||||
if (Base16_Decode(info.iv, info.ivSz, info.iv, &info.ivSz) != 0) {
|
if (Base16_Decode(info.iv, info.ivSz, info.iv, &info.ivSz) != 0) {
|
||||||
XFREE(der.buffer, ctx->heap, dynamicType);
|
XFREE(der.buffer, heap, dynamicType);
|
||||||
return ASN_INPUT_E;
|
return ASN_INPUT_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1270,7 +1275,7 @@ int CyaSSL_Init(void)
|
|||||||
ctx->userdata);
|
ctx->userdata);
|
||||||
if ( (ret = EVP_BytesToKey(info.name, "MD5", info.iv,
|
if ( (ret = EVP_BytesToKey(info.name, "MD5", info.iv,
|
||||||
(byte*)password, passwordSz, 1, key, iv)) <= 0) {
|
(byte*)password, passwordSz, 1, key, iv)) <= 0) {
|
||||||
XFREE(der.buffer, ctx->heap, dynamicType);
|
XFREE(der.buffer, heap, dynamicType);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1300,7 +1305,7 @@ int CyaSSL_Init(void)
|
|||||||
AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length);
|
AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
XFREE(der.buffer, ctx->heap, dynamicType);
|
XFREE(der.buffer, heap, dynamicType);
|
||||||
return SSL_BAD_FILE;
|
return SSL_BAD_FILE;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1312,32 +1317,32 @@ int CyaSSL_Init(void)
|
|||||||
else if (type == CERT_TYPE) {
|
else if (type == CERT_TYPE) {
|
||||||
if (ssl) {
|
if (ssl) {
|
||||||
if (ssl->buffers.weOwnCert && ssl->buffers.certificate.buffer)
|
if (ssl->buffers.weOwnCert && ssl->buffers.certificate.buffer)
|
||||||
XFREE(ssl->buffers.certificate.buffer, ctx->heap,
|
XFREE(ssl->buffers.certificate.buffer, heap,
|
||||||
dynamicType);
|
dynamicType);
|
||||||
ssl->buffers.certificate = der;
|
ssl->buffers.certificate = der;
|
||||||
ssl->buffers.weOwnCert = 1;
|
ssl->buffers.weOwnCert = 1;
|
||||||
}
|
}
|
||||||
else {
|
else if (ctx) {
|
||||||
if (ctx->certificate.buffer)
|
if (ctx->certificate.buffer)
|
||||||
XFREE(ctx->certificate.buffer, ctx->heap, dynamicType);
|
XFREE(ctx->certificate.buffer, heap, dynamicType);
|
||||||
ctx->certificate = der; /* takes der over */
|
ctx->certificate = der; /* takes der over */
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (type == PRIVATEKEY_TYPE) {
|
else if (type == PRIVATEKEY_TYPE) {
|
||||||
if (ssl) {
|
if (ssl) {
|
||||||
if (ssl->buffers.weOwnKey && ssl->buffers.key.buffer)
|
if (ssl->buffers.weOwnKey && ssl->buffers.key.buffer)
|
||||||
XFREE(ssl->buffers.key.buffer, ctx->heap, dynamicType);
|
XFREE(ssl->buffers.key.buffer, heap, dynamicType);
|
||||||
ssl->buffers.key = der;
|
ssl->buffers.key = der;
|
||||||
ssl->buffers.weOwnKey = 1;
|
ssl->buffers.weOwnKey = 1;
|
||||||
}
|
}
|
||||||
else {
|
else if (ctx) {
|
||||||
if (ctx->privateKey.buffer)
|
if (ctx->privateKey.buffer)
|
||||||
XFREE(ctx->privateKey.buffer, ctx->heap, dynamicType);
|
XFREE(ctx->privateKey.buffer, heap, dynamicType);
|
||||||
ctx->privateKey = der; /* takes der over */
|
ctx->privateKey = der; /* takes der over */
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
XFREE(der.buffer, ctx->heap, dynamicType);
|
XFREE(der.buffer, heap, dynamicType);
|
||||||
return SSL_BAD_CERTTYPE;
|
return SSL_BAD_CERTTYPE;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1384,7 +1389,7 @@ int CyaSSL_Init(void)
|
|||||||
DecodedCert cert;
|
DecodedCert cert;
|
||||||
|
|
||||||
CYASSL_MSG("Checking cert signature type");
|
CYASSL_MSG("Checking cert signature type");
|
||||||
InitDecodedCert(&cert, der.buffer, der.length, ctx->heap);
|
InitDecodedCert(&cert, der.buffer, der.length, heap);
|
||||||
|
|
||||||
if (DecodeToKey(&cert, 0) < 0) {
|
if (DecodeToKey(&cert, 0) < 0) {
|
||||||
CYASSL_MSG("Decode to key failed");
|
CYASSL_MSG("Decode to key failed");
|
||||||
@@ -1396,6 +1401,7 @@ int CyaSSL_Init(void)
|
|||||||
case CTC_SHA384wECDSA:
|
case CTC_SHA384wECDSA:
|
||||||
case CTC_SHA512wECDSA:
|
case CTC_SHA512wECDSA:
|
||||||
CYASSL_MSG("ECDSA cert signature");
|
CYASSL_MSG("ECDSA cert signature");
|
||||||
|
if (ctx)
|
||||||
ctx->haveECDSAsig = 1;
|
ctx->haveECDSAsig = 1;
|
||||||
if (ssl)
|
if (ssl)
|
||||||
ssl->options.haveECDSAsig = 1;
|
ssl->options.haveECDSAsig = 1;
|
||||||
|
|||||||
Reference in New Issue
Block a user