feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fixes multiple Jenkins warnings/failures. First is PickHashSigAlgo is required for client builds or if certs are enabled. Fixed scan-build warning with OCSP not recognized ForceZero as cleaning memory and using possible garbage value. Also cleaned up the OCSP functions to use struct buffer* instead of void* for clarity with a little forward declaration.

Browse Source
This commit is contained in:
David Garske
2016-03-10 09:38:11 -08:00
parent 0a1871e77c
commit 80aa431689
3 changed files with 15 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/internal.c
View File

@@ -142,8 +142,6 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
#ifndef NO_CERTS #ifndef NO_CERTS
static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes); static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes);
static void PickHashSigAlgo(WOLFSSL* ssl,
const byte* hashSigAlgo, word32 hashSigAlgoSz);
#endif #endif
#ifdef HAVE_QSH #ifdef HAVE_QSH
@@ -8702,7 +8700,9 @@ int SendCertificateStatus(WOLFSSL* ssl)
/* case WOLFSSL_CSR_OCSP: */ /* case WOLFSSL_CSR_OCSP: */
case WOLFSSL_CSR2_OCSP: { case WOLFSSL_CSR2_OCSP: {
OcspRequest* request = ssl->ctx->certOcspRequest; OcspRequest* request = ssl->ctx->certOcspRequest;
buffer response = {NULL, 0}; buffer response;
XMEMSET(&response, 0, sizeof(response));
/* unable to fetch status. skip. */ /* unable to fetch status. skip. */
if (ssl->ctx->cm == NULL || ssl->ctx->cm->ocspStaplingEnabled == 0) if (ssl->ctx->cm == NULL || ssl->ctx->cm->ocspStaplingEnabled == 0)
@@ -8799,7 +8799,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
buffer responses[1 + MAX_CHAIN_DEPTH]; buffer responses[1 + MAX_CHAIN_DEPTH];
int i = 0; int i = 0;
ForceZero(responses, sizeof(responses)); XMEMSET(responses, 0, sizeof(responses));
/* unable to fetch status. skip. */ /* unable to fetch status. skip. */
if (ssl->ctx->cm == NULL || ssl->ctx->cm->ocspStaplingEnabled == 0) if (ssl->ctx->cm == NULL || ssl->ctx->cm->ocspStaplingEnabled == 0)
@@ -10584,7 +10584,7 @@ int SetCipherList(Suites* suites, const char* list)
return ret; return ret;
} }
#ifndef NO_CERTS #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS)
static void PickHashSigAlgo(WOLFSSL* ssl, static void PickHashSigAlgo(WOLFSSL* ssl,
const byte* hashSigAlgo, word32 hashSigAlgoSz) const byte* hashSigAlgo, word32 hashSigAlgoSz)
{ {
@@ -10620,7 +10620,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
} }
} }
} }
#endif #endif /* !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS) */
#ifdef WOLFSSL_CALLBACKS #ifdef WOLFSSL_CALLBACKS
@@ -15795,6 +15795,7 @@ int DoSessionTicket(WOLFSSL* ssl,
return 1; return 1;
} }
#ifndef NO_WOLFSSL_SERVER
static int MatchSuite(WOLFSSL* ssl, Suites* peerSuites) static int MatchSuite(WOLFSSL* ssl, Suites* peerSuites)
{ {
word16 i, j; word16 i, j;
@@ -15831,7 +15832,7 @@ int DoSessionTicket(WOLFSSL* ssl,
return MATCH_SUITE_ERROR; return MATCH_SUITE_ERROR;
} }
#endif
#ifdef OLD_HELLO_ALLOWED #ifdef OLD_HELLO_ALLOWED

7
src/ocsp.c
View File

@@ -118,7 +118,7 @@ static int xstat2err(int stat)
} }
int CheckCertOCSP(WOLFSSL_OCSP* ocsp, DecodedCert* cert, void* encodedResponse) int CheckCertOCSP(WOLFSSL_OCSP* ocsp, DecodedCert* cert, buffer* responseBuffer)
{ {
int ret = OCSP_LOOKUP_FAIL; int ret = OCSP_LOOKUP_FAIL;
@@ -141,7 +141,7 @@ int CheckCertOCSP(WOLFSSL_OCSP* ocsp, DecodedCert* cert, void* encodedResponse)
#endif #endif
if (InitOcspRequest(ocspRequest, cert, ocsp->cm->ocspSendNonce) == 0) { if (InitOcspRequest(ocspRequest, cert, ocsp->cm->ocspSendNonce) == 0) {
ret = CheckOcspRequest(ocsp, ocspRequest, encodedResponse); ret = CheckOcspRequest(ocsp, ocspRequest, responseBuffer);
FreeOcspRequest(ocspRequest); FreeOcspRequest(ocspRequest);
} }
@@ -239,14 +239,13 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request,
} }
int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
void* encodedResponse) buffer* responseBuffer)
{ {
OcspEntry* entry = NULL; OcspEntry* entry = NULL;
CertStatus* status = NULL; CertStatus* status = NULL;
byte* request = NULL; byte* request = NULL;
int requestSz = 2048; int requestSz = 2048;
byte* response = NULL; byte* response = NULL;
buffer* responseBuffer = (buffer*) encodedResponse;
const char* url = NULL; const char* url = NULL;
int urlSz = 0; int urlSz = 0;
int ret = -1; int ret = -1;

6
wolfssl/ocsp.h
View File

@@ -34,14 +34,16 @@
extern "C" { extern "C" {
#endif #endif
struct buffer;
typedef struct WOLFSSL_OCSP WOLFSSL_OCSP; typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
WOLFSSL_LOCAL int InitOCSP(WOLFSSL_OCSP*, WOLFSSL_CERT_MANAGER*); WOLFSSL_LOCAL int InitOCSP(WOLFSSL_OCSP*, WOLFSSL_CERT_MANAGER*);
WOLFSSL_LOCAL void FreeOCSP(WOLFSSL_OCSP*, int dynamic); WOLFSSL_LOCAL void FreeOCSP(WOLFSSL_OCSP*, int dynamic);
WOLFSSL_LOCAL int CheckCertOCSP(WOLFSSL_OCSP*, DecodedCert*, void*); WOLFSSL_LOCAL int CheckCertOCSP(WOLFSSL_OCSP*, DecodedCert*,
struct buffer* responseBuffer);
WOLFSSL_LOCAL int CheckOcspRequest(WOLFSSL_OCSP* ocsp, WOLFSSL_LOCAL int CheckOcspRequest(WOLFSSL_OCSP* ocsp,
OcspRequest* ocspRequest, void*); OcspRequest* ocspRequest, struct buffer* responseBuffer);
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */