feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #3886 from DKubasekRA/fix/RA/v4.7.0-coverity

Browse Source 
RA - Fixes for Coverity issues
This commit is contained in:
toddouska
2021-03-31 10:41:54 -07:00
committed by GitHub
parent 49b29bec32 6c7b3d806a
commit 95b91d8913
9 changed files with 161 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/crl.c
View File

@@ -652,6 +652,7 @@ static CRL_Entry* DupCRL_list(CRL_Entry* crl, void* heap)
current = head; current = head;
head = head->next; head = head->next;
FreeCRL_Entry(current, heap); FreeCRL_Entry(current, heap);
XFREE(current, heap, DYNAMIC_TYPE_CRL_ENTRY);
} }
return NULL; return NULL;
@@ -720,7 +721,8 @@ int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newc
if (store->cm->crl == NULL) { if (store->cm->crl == NULL) {
crl = wolfSSL_X509_crl_new(store->cm); crl = wolfSSL_X509_crl_new(store->cm);
if (DupX509_CRL(crl, newcrl) != 0) { if (DupX509_CRL(crl, newcrl) != 0) {
FreeCRL(crl, 1); if (crl != NULL)
FreeCRL(crl, 1);
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
store->crl = store->cm->crl = crl; store->crl = store->cm->crl = crl;

17
src/internal.c
View File

@@ -1117,7 +1117,7 @@ static int dtls_export_load(WOLFSSL* ssl, const byte* exp, word32 len, byte ver)
} }
#else #else
if (ver > DTLS_EXPORT_VERSION_3) { if (ver > DTLS_EXPORT_VERSION_3) {
exp[idx++] = 0; idx++;
} }
#endif #endif
#else #else
@@ -7160,7 +7160,8 @@ int DtlsMsgSet(DtlsMsg* msg, word32 seq, word16 epoch, const byte* data, byte ty
{ {
WOLFSSL_ENTER("DtlsMsgSet()"); WOLFSSL_ENTER("DtlsMsgSet()");
if (msg != NULL && data != NULL && msg->fragSz <= msg->sz && if (msg != NULL && data != NULL && msg->fragSz <= msg->sz &&
(fragOffset + fragSz) <= msg->sz) { fragSz <= msg->sz && fragOffset <= msg->sz &&
(fragOffset + fragSz) <= msg->sz) {
DtlsFrag* cur = msg->fragList; DtlsFrag* cur = msg->fragList;
DtlsFrag* prev = cur; DtlsFrag* prev = cur;
DtlsFrag* newFrag; DtlsFrag* newFrag;
@@ -9864,9 +9865,13 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
} else { } else {
wolfSSL_ASN1_OBJECT_free(x509->key.algor->algorithm); wolfSSL_ASN1_OBJECT_free(x509->key.algor->algorithm);
} }
if (!(x509->key.algor->algorithm = if (!x509->key.algor) {
wolfSSL_OBJ_nid2obj(dCert->keyOID))) { ret = MEMORY_E;
ret = PUBLIC_KEY_E; } else {
if (!(x509->key.algor->algorithm =
wolfSSL_OBJ_nid2obj(dCert->keyOID))) {
ret = PUBLIC_KEY_E;
}
} }
wolfSSL_EVP_PKEY_free(x509->key.pkey); wolfSSL_EVP_PKEY_free(x509->key.pkey);
@@ -21853,7 +21858,7 @@ exit_dpk:
ato16(input + *inOutIdx, &len); ato16(input + *inOutIdx, &len);
*inOutIdx += OPAQUE16_LEN; *inOutIdx += OPAQUE16_LEN;
if ((*inOutIdx - begin) + len > size) if ((len > size) || ((*inOutIdx - begin) + len > size))
return BUFFER_ERROR; return BUFFER_ERROR;
if (PickHashSigAlgo(ssl, input + *inOutIdx, len) != 0 && if (PickHashSigAlgo(ssl, input + *inOutIdx, len) != 0 &&

8
src/ocsp.c
View File

@@ -610,7 +610,11 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
/* AddCA() frees the buffer. */ /* AddCA() frees the buffer. */
XMEMCPY(derCert->buffer, issuer->derCert->buffer, XMEMCPY(derCert->buffer, issuer->derCert->buffer,
issuer->derCert->length); issuer->derCert->length);
AddCA(cm, &derCert, WOLFSSL_USER_CA, 1); ret = AddCA(cm, &derCert, WOLFSSL_USER_CA, 1);
if (ret != WOLFSSL_SUCCESS) {
wolfSSL_CertManagerFree(cm);
return NULL;
}
} }
certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(WOLFSSL_OCSP_CERTID), NULL, certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(WOLFSSL_OCSP_CERTID), NULL,
@@ -806,8 +810,8 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
resp->single->ownStatus = 1; resp->single->ownStatus = 1;
if (resp->single->status == NULL) { if (resp->single->status == NULL) {
XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
XFREE(resp->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY); XFREE(resp->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
return NULL; return NULL;
} }
XMEMSET(resp->single->status, 0, sizeof(CertStatus)); XMEMSET(resp->single->status, 0, sizeof(CertStatus));

136
src/ssl.c
View File

@@ -8241,6 +8241,7 @@ int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert)
CA_TYPE, CA_TYPE,
NO_VERIFY, NULL) < 0) { NO_VERIFY, NULL) < 0) {
WOLFSSL_MSG("\tCertificate parsing failed"); WOLFSSL_MSG("\tCertificate parsing failed");
FreeDecodedCert(&cert);
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
@@ -8600,6 +8601,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
NO_VERIFY, NULL) < 0) { NO_VERIFY, NULL) < 0) {
WOLFSSL_MSG("\tCertificate parsing failed"); WOLFSSL_MSG("\tCertificate parsing failed");
wolfSSL_X509_EXTENSION_free(ext); wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
return NULL; return NULL;
} }
@@ -9108,7 +9110,7 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext,
int nid; int nid;
const int sz = CTC_NAME_SIZE*2; const int sz = CTC_NAME_SIZE*2;
int rc = WOLFSSL_FAILURE; int rc = WOLFSSL_FAILURE;
char tmp[CTC_NAME_SIZE*2] = {0}; char tmp[CTC_NAME_SIZE*2 + 1] = {0};
WOLFSSL_ENTER("wolfSSL_X509V3_EXT_print"); WOLFSSL_ENTER("wolfSSL_X509V3_EXT_print");
if ((out == NULL) || (ext == NULL)) { if ((out == NULL) || (ext == NULL)) {
@@ -9164,7 +9166,7 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext,
return rc; return rc;
} }
if (sk->next) if (sk->next)
XSNPRINTF(val, len, "%*s%s, ", indent, "", str->strData); XSNPRINTF(val, len, "%*s%s,", indent, "", str->strData);
else else
XSNPRINTF(val, len, "%*s%s", indent, "", str->strData); XSNPRINTF(val, len, "%*s%s", indent, "", str->strData);
@@ -9400,6 +9402,8 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
return NULL; return NULL;
} }
XMEMSET(akey, 0, sizeof(WOLFSSL_AUTHORITY_KEYID));
akey->keyid = wolfSSL_ASN1_STRING_new(); akey->keyid = wolfSSL_ASN1_STRING_new();
if (akey->keyid == NULL) { if (akey->keyid == NULL) {
WOLFSSL_MSG("ASN1_STRING_new() failed"); WOLFSSL_MSG("ASN1_STRING_new() failed");
@@ -9545,6 +9549,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
WOLFSSL_MSG("ASN1_STRING_set() failed"); WOLFSSL_MSG("ASN1_STRING_set() failed");
wolfSSL_ASN1_OBJECT_free(ad->method); wolfSSL_ASN1_OBJECT_free(ad->method);
XFREE(aia, NULL, DYNAMIC_TYPE_X509_EXT); XFREE(aia, NULL, DYNAMIC_TYPE_X509_EXT);
XFREE(ad->location, NULL, DYNAMIC_TYPE_OPENSSL);
XFREE(ad, NULL, DYNAMIC_TYPE_X509_EXT); XFREE(ad, NULL, DYNAMIC_TYPE_X509_EXT);
return NULL; return NULL;
} }
@@ -9617,6 +9622,7 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos)
CA_TYPE, CA_TYPE,
NO_VERIFY, NULL) < 0) { NO_VERIFY, NULL) < 0) {
WOLFSSL_MSG("\tCertificate parsing failed"); WOLFSSL_MSG("\tCertificate parsing failed");
FreeDecodedCert(&cert);
return WOLFSSL_FATAL_ERROR; return WOLFSSL_FATAL_ERROR;
} }
@@ -16235,7 +16241,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
} }
if (len < 0) { if (len < 0) {
len = (int)XSTRLEN((const char*)buf); /* The length of the string including terminating null. */
len = (int)XSTRLEN((const char*)buf) + 1;
} }
bio->num = bio->wrSz = len; bio->num = bio->wrSz = len;
bio->ptr = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL); bio->ptr = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL);
@@ -18667,6 +18674,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
x509 = wolfSSL_X509_new(); x509 = wolfSSL_X509_new();
if (x509 == NULL) { if (x509 == NULL) {
WOLFSSL_MSG("Error Creating X509"); WOLFSSL_MSG("Error Creating X509");
wolfSSL_sk_X509_free(sk);
return NULL; return NULL;
} }
ret = DecodeToX509(x509, ssl->session.chain.certs[i].buffer, ret = DecodeToX509(x509, ssl->session.chain.certs[i].buffer,
@@ -20650,8 +20658,11 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline)
} }
sectionName[sectionNameLen] = '\0'; sectionName[sectionNameLen] = '\0';
if (!(section = wolfSSL_CONF_get_section(conf, sectionName))) if (!(section = wolfSSL_CONF_get_section(conf, sectionName))) {
section = wolfSSL_CONF_new_section(conf, sectionName); section = wolfSSL_CONF_new_section(conf, sectionName);
if (!section)
goto cleanup;
}
} }
else { else {
char* name; char* name;
@@ -24073,6 +24084,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) { if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("wolfSSL_BIO_set_fp error"); WOLFSSL_MSG("wolfSSL_BIO_set_fp error");
wolfSSL_BIO_free(bio);
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
@@ -24182,7 +24194,7 @@ int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER* cipher)
strLen = (int)XSTRLEN(name); strLen = (int)XSTRLEN(name);
for (i = 0, j = 0, k = 0; i <= strLen; i++) { for (i = 0, j = 0, k = 0; i <= strLen; i++) {
if (k > MAX_SEGMENTS || j > MAX_SEGMENT_SZ) if (k >= MAX_SEGMENTS || j >= MAX_SEGMENT_SZ)
break; break;
if (name[i] != '-' && name[i] != '\0') { if (name[i] != '-' && name[i] != '\0') {
@@ -25245,7 +25257,7 @@ static WOLFSSL_X509* d2i_X509orX509REQ_bio(WOLFSSL_BIO* bio,
} }
size = wolfSSL_BIO_get_len(bio); size = wolfSSL_BIO_get_len(bio);
if (size == 0) { if (size <= 0) {
WOLFSSL_MSG("wolfSSL_BIO_get_len error. Possibly no pending data."); WOLFSSL_MSG("wolfSSL_BIO_get_len error. Possibly no pending data.");
return NULL; return NULL;
} }
@@ -30545,21 +30557,36 @@ int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO* bio,
} }
p = (const char *)(asnTime->data); p = (const char *)(asnTime->data);
/* GetTimeString not always available. */ /* GetTimeString not always available. */
wolfSSL_BIO_write(bio, MonthStr(p + 4), 3); if (wolfSSL_BIO_write(bio, MonthStr(p + 4), 3) <= 0)
wolfSSL_BIO_write(bio, " ", 1); return WOLFSSL_FAILURE;
if (wolfSSL_BIO_write(bio, " ", 1) <= 0)
return WOLFSSL_FAILURE;
/* Day */ /* Day */
wolfSSL_BIO_write(bio, p + 6, 2); if (wolfSSL_BIO_write(bio, p + 6, 2) <= 0)
wolfSSL_BIO_write(bio, " ", 1); return WOLFSSL_FAILURE;
if (wolfSSL_BIO_write(bio, " ", 1) <= 0)
return WOLFSSL_FAILURE;
/* Hour */ /* Hour */
wolfSSL_BIO_write(bio, p + 8, 2); if (wolfSSL_BIO_write(bio, p + 8, 2) <= 0)
wolfSSL_BIO_write(bio, ":", 1); return WOLFSSL_FAILURE;
if (wolfSSL_BIO_write(bio, ":", 1) <= 0)
return WOLFSSL_FAILURE;
/* Min */ /* Min */
wolfSSL_BIO_write(bio, p + 10, 2); if (wolfSSL_BIO_write(bio, p + 10, 2) <= 0)
wolfSSL_BIO_write(bio, ":", 1); return WOLFSSL_FAILURE;
if (wolfSSL_BIO_write(bio, ":", 1) <= 0)
return WOLFSSL_FAILURE;
/* Secs */ /* Secs */
wolfSSL_BIO_write(bio, p + 12, 2); if (wolfSSL_BIO_write(bio, p + 12, 2) <= 0)
wolfSSL_BIO_write(bio, " ", 1); return WOLFSSL_FAILURE;
wolfSSL_BIO_write(bio, p, 4); if (wolfSSL_BIO_write(bio, " ", 1) <= 0)
return WOLFSSL_FAILURE;
if (wolfSSL_BIO_write(bio, p, 4) <= 0)
return WOLFSSL_FAILURE;
return 0; return 0;
} }
@@ -32850,6 +32877,7 @@ int SetDhExternal(WOLFSSL_DH *dh)
if (dh == NULL || dh->internal == NULL) { if (dh == NULL || dh->internal == NULL) {
WOLFSSL_MSG("dh key NULL error"); WOLFSSL_MSG("dh key NULL error");
return WOLFSSL_FATAL_ERROR;
} }
key = (DhKey*)dh->internal; key = (DhKey*)dh->internal;
@@ -37506,11 +37534,12 @@ int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
mp_clear(&modulus); mp_clear(&modulus);
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
mp_clear(&modulus);
} }
BN_copy(x, point->X); BN_copy(x, point->X);
BN_copy(y, point->Y); BN_copy(y, point->Y);
mp_clear(&modulus);
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
@@ -39494,7 +39523,10 @@ int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset)
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
XMEMSET(rawKey, 0, rawLen); XMEMSET(rawKey, 0, rawLen);
mp_to_unsigned_bin(rsaElem, rawKey); if (mp_to_unsigned_bin(rsaElem, rawKey) < 0) {
XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return WOLFSSL_FAILURE;
}
if ((word32)rawLen <= sizeof(word32)) { if ((word32)rawLen <= sizeof(word32)) {
idx = *(word32*)rawKey; idx = *(word32*)rawKey;
#ifdef BIG_ENDIAN_ORDER #ifdef BIG_ENDIAN_ORDER
@@ -39522,7 +39554,10 @@ int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset)
WOLFSSL_MSG("Memory error"); WOLFSSL_MSG("Memory error");
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
mp_to_unsigned_bin(rsaElem, rawKey); if (mp_to_unsigned_bin(rsaElem, rawKey) < 0) {
XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return WOLFSSL_FAILURE;
}
for (idx = 0; idx < (word32)rawLen; idx++) { for (idx = 0; idx < (word32)rawLen; idx++) {
char val[5]; char val[5];
int valSz = 5; int valSz = 5;
@@ -41230,6 +41265,10 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
WOLFSSL_MSG("Serial size error"); WOLFSSL_MSG("Serial size error");
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
if ((int)sizeof(cert->serial) < serialSz) {
WOLFSSL_MSG("Serial buffer too small");
return BUFFER_E;
}
XMEMCPY(cert->serial, serial, serialSz); XMEMCPY(cert->serial, serial, serialSz);
cert->serialSz = serialSz; cert->serialSz = serialSz;
#else #else
@@ -42835,15 +42874,19 @@ err:
* *
* returns WOLFSSL_SUCCESS on success * returns WOLFSSL_SUCCESS on success
*/ */
static int wolfSSL_X509_INFO_set(WOLFSSL_X509_INFO* info, static int wolfSSL_X509_INFO_set(WOLFSSL_X509_INFO** info,
WOLFSSL_X509* x509) WOLFSSL_X509* x509)
{ {
if (info == NULL || x509 == NULL) { if (info == NULL || x509 == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
if (*info == NULL) {
return BAD_FUNC_ARG;
}
/* check is fresh "info" passed in, if not free it */ /* check is fresh "info" passed in, if not free it */
if (info->x509 != NULL || info->x_pkey != NULL) { if ((*info)->x509 != NULL || (*info)->x_pkey != NULL) {
WOLFSSL_X509_INFO* tmp; WOLFSSL_X509_INFO* tmp;
tmp = wolfSSL_X509_INFO_new(); tmp = wolfSSL_X509_INFO_new();
@@ -42851,11 +42894,11 @@ err:
WOLFSSL_MSG("Unable to create new structure"); WOLFSSL_MSG("Unable to create new structure");
return MEMORY_E; return MEMORY_E;
} }
wolfSSL_X509_INFO_free(info); wolfSSL_X509_INFO_free(*info);
info = tmp; (*info) = tmp;
} }
info->x509 = x509; (*info)->x509 = x509;
//@TODO info->num //@TODO info->num
//@TODO info->enc_cipher //@TODO info->enc_cipher
@@ -42863,8 +42906,8 @@ err:
//@TODO info->enc_data //@TODO info->enc_data
//@TODO info->crl //@TODO info->crl
info->x_pkey = wolfSSL_X509_PKEY_new(x509->heap); (*info)->x_pkey = wolfSSL_X509_PKEY_new(x509->heap);
return wolfSSL_X509_PKEY_set(info->x_pkey, x509); return wolfSSL_X509_PKEY_set((*info)->x_pkey, x509);
} }
/** /**
@@ -43061,7 +43104,7 @@ err:
return NULL; return NULL;
} }
if (x509) { if (x509) {
ret = wolfSSL_X509_INFO_set(current, x509); ret = wolfSSL_X509_INFO_set(&current, x509);
} }
else if (crl) { else if (crl) {
current->crl = crl; current->crl = crl;
@@ -43176,8 +43219,10 @@ err:
ne->object = wolfSSL_OBJ_nid2obj_ex(nid, ne->object); ne->object = wolfSSL_OBJ_nid2obj_ex(nid, ne->object);
ne->value = wolfSSL_ASN1_STRING_type_new(type); ne->value = wolfSSL_ASN1_STRING_type_new(type);
if (ne->value != NULL) { if (ne->value != NULL) {
wolfSSL_ASN1_STRING_set(ne->value, (const void*)data, dataSz); if (wolfSSL_ASN1_STRING_set(ne->value, (const void*)data,
ne->set = 1; dataSz) == WOLFSSL_SUCCESS) {
ne->set = 1;
}
} }
} }
@@ -43221,8 +43266,10 @@ err:
ne->object = wolfSSL_OBJ_nid2obj_ex(nid, ne->object); ne->object = wolfSSL_OBJ_nid2obj_ex(nid, ne->object);
ne->value = wolfSSL_ASN1_STRING_type_new(type); ne->value = wolfSSL_ASN1_STRING_type_new(type);
if (ne->value != NULL) { if (ne->value != NULL) {
wolfSSL_ASN1_STRING_set(ne->value, (const void*)data, dataSz); if (wolfSSL_ASN1_STRING_set(ne->value, (const void*)data, dataSz)
ne->set = 1; == WOLFSSL_SUCCESS) {
ne->set = 1;
}
} }
return ne; return ne;
@@ -43637,6 +43684,10 @@ err:
const char* name = wolfSSL_OBJ_nid2ln(wolfSSL_OBJ_obj2nid(a)); const char* name = wolfSSL_OBJ_nid2ln(wolfSSL_OBJ_obj2nid(a));
#endif #endif
if (name == NULL) {
WOLFSSL_MSG("Name not found");
return WOLFSSL_FAILURE;
}
if (XSTRLEN(name) + 1 < (word32)bufLen - 1) { if (XSTRLEN(name) + 1 < (word32)bufLen - 1) {
bufSz = (int)XSTRLEN(name); bufSz = (int)XSTRLEN(name);
} }
@@ -45920,6 +45971,7 @@ WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out)
const byte* bioMemPt = bioMem; /* leave bioMem pointer unaltered */ const byte* bioMemPt = bioMem; /* leave bioMem pointer unaltered */
if ((key = wolfSSL_d2i_RSAPrivateKey(NULL, &bioMemPt, bioMemSz)) == NULL) { if ((key = wolfSSL_d2i_RSAPrivateKey(NULL, &bioMemPt, bioMemSz)) == NULL) {
XFREE((unsigned char*)bioMem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE((unsigned char*)bioMem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE((unsigned char*)maxKeyBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
return NULL; return NULL;
} }
@@ -46915,7 +46967,7 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
int count = 0, len = 0, totalSz = 0, tmpSz = 0; int count = 0, len = 0, totalSz = 0, tmpSz = 0;
char tmp[ASN_NAME_MAX+1]; char tmp[ASN_NAME_MAX+1];
char fullName[ASN_NAME_MAX]; char fullName[ASN_NAME_MAX+2];
const char *buf = NULL; const char *buf = NULL;
WOLFSSL_X509_NAME_ENTRY* ne; WOLFSSL_X509_NAME_ENTRY* ne;
WOLFSSL_ASN1_STRING* str; WOLFSSL_ASN1_STRING* str;
@@ -48916,8 +48968,7 @@ int wolfSSL_i2a_ASN1_INTEGER(BIO *bp, const WOLFSSL_ASN1_INTEGER *a)
/* Zero length integer is the value zero. */ /* Zero length integer is the value zero. */
if (len == 0) { if (len == 0) {
wolfSSL_BIO_write(bp, "00", 2); return wolfSSL_BIO_write(bp, "00", 2);
return 2;
} }
if (Base16_Encode(a->data + idx, len, buf, &bufLen) != 0 || if (Base16_Encode(a->data + idx, len, buf, &bufLen) != 0 ||
@@ -49656,7 +49707,7 @@ int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names)
#endif #endif
} }
if (curve > (sizeof(word32) * WOLFSSL_BIT_SIZE)) { if (curve >= (sizeof(word32) * WOLFSSL_BIT_SIZE)) {
/* shift left more than size of ctx->disabledCurves causes static /* shift left more than size of ctx->disabledCurves causes static
* analysis report */ * analysis report */
WOLFSSL_MSG("curve value is too large for upcoming shift"); WOLFSSL_MSG("curve value is too large for upcoming shift");
@@ -51401,6 +51452,9 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* str, int len,
return NULL; return NULL;
} }
} else { } else {
/* This may be overly defensive */
if (weOwn)
wolfSSL_BN_free(ret);
return NULL; return NULL;
} }
@@ -51637,17 +51691,17 @@ int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM* bn, int n)
if (bn == NULL || bn->internal == NULL) { if (bn == NULL || bn->internal == NULL) {
WOLFSSL_MSG("bn NULL error"); WOLFSSL_MSG("bn NULL error");
goto cleanup; goto end;
} }
if (mp_is_bit_set((mp_int*)bn->internal, n)) { if (mp_is_bit_set((mp_int*)bn->internal, n)) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
tmp = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); tmp = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
if (tmp == NULL) { if (tmp == NULL) {
goto cleanup; goto end;
} }
#endif #endif
if (mp_init(tmp) != MP_OKAY) { if (mp_init(tmp) != MP_OKAY) {
goto cleanup; goto end;
} }
if (mp_set_bit(tmp, n) != MP_OKAY) { if (mp_set_bit(tmp, n) != MP_OKAY) {
goto cleanup; goto cleanup;
@@ -51655,11 +51709,15 @@ int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM* bn, int n)
if (mp_sub((mp_int*)bn->internal, tmp, (mp_int*)bn->internal) != MP_OKAY) { if (mp_sub((mp_int*)bn->internal, tmp, (mp_int*)bn->internal) != MP_OKAY) {
goto cleanup; goto cleanup;
} }
} else {
goto end;
} }
ret = WOLFSSL_SUCCESS; ret = WOLFSSL_SUCCESS;
cleanup: cleanup:
mp_clear(tmp); mp_clear(tmp);
end:
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
if (tmp) if (tmp)
XFREE(tmp, NULL, DYNAMIC_TYPE_BIGINT); XFREE(tmp, NULL, DYNAMIC_TYPE_BIGINT);

8
wolfcrypt/src/asn.c
View File

@@ -4214,7 +4214,13 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
seqSz += sz; seqSz += sz;
tmpIdx = 0; tmpIdx = 0;
seqSz += SetShortInt(shr, &tmpIdx, itt, maxShr); ret = SetShortInt(shr, &tmpIdx, itt, maxShr);
if (ret >= 0) {
seqSz += ret;
}
else {
return ret;
}
innerSz += seqSz + SetSequence(seqSz, seq); innerSz += seqSz + SetSequence(seqSz, seq);
totalSz += innerSz + SetSequence(innerSz, seq); totalSz += innerSz + SetSequence(innerSz, seq);

22
wolfcrypt/src/evp.c
View File

@@ -2228,7 +2228,10 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
switch (pkey->type) { switch (pkey->type) {
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) #if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
case EVP_PKEY_RSA: { case EVP_PKEY_RSA: {
int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); int nid;
const WOLFSSL_EVP_MD *ctxmd = wolfSSL_EVP_MD_CTX_md(ctx);
if (ctxmd == NULL) break;
nid = wolfSSL_EVP_MD_type(ctxmd);
if (nid < 0) break; if (nid < 0) break;
return wolfSSL_RSA_sign(nid, md, mdsize, sigret, return wolfSSL_RSA_sign(nid, md, mdsize, sigret,
siglen, pkey->rsa); siglen, pkey->rsa);
@@ -2304,7 +2307,10 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
switch (pkey->type) { switch (pkey->type) {
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) #if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
case EVP_PKEY_RSA: { case EVP_PKEY_RSA: {
int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); int nid;
const WOLFSSL_EVP_MD *ctxmd = wolfSSL_EVP_MD_CTX_md(ctx);
if (ctxmd == NULL) break;
nid = wolfSSL_EVP_MD_type(ctxmd);
if (nid < 0) break; if (nid < 0) break;
return wolfSSL_RSA_verify(nid, md, mdsize, sig, return wolfSSL_RSA_verify(nid, md, mdsize, sig,
(unsigned int)siglen, pkey->rsa); (unsigned int)siglen, pkey->rsa);
@@ -2680,7 +2686,11 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) #if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
case EVP_PKEY_RSA: { case EVP_PKEY_RSA: {
unsigned int sigSz; unsigned int sigSz;
int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); int nid;
const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx);
if (md == NULL)
break;
nid = wolfSSL_EVP_MD_type(md);
if (nid < 0) if (nid < 0)
break; break;
ret = wolfSSL_RSA_sign_generic_padding(nid, digest, hashLen, ret = wolfSSL_RSA_sign_generic_padding(nid, digest, hashLen,
@@ -2773,7 +2783,11 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
switch (ctx->pctx->pkey->type) { switch (ctx->pctx->pkey->type) {
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) #if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
case EVP_PKEY_RSA: { case EVP_PKEY_RSA: {
int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); int nid;
const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx);
if (md == NULL)
return WOLFSSL_FAILURE;
nid = wolfSSL_EVP_MD_type(md);
if (nid < 0) if (nid < 0)
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
return wolfSSL_RSA_verify_ex(nid, digest, hashLen, sig, return wolfSSL_RSA_verify_ex(nid, digest, hashLen, sig,

11
wolfcrypt/src/integer.c
View File

@@ -868,16 +868,13 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
return MP_VAL; return MP_VAL;
} }
if (mp_isone(P)) { if (mp_isone(P)) {
mp_set(Y, 0); return mp_set(Y, 0);
return MP_OKAY;
} }
if (mp_iszero(X)) { if (mp_iszero(X)) {
mp_set(Y, 1); return mp_set(Y, 1);
return MP_OKAY;
} }
if (mp_iszero(G)) { if (mp_iszero(G)) {
mp_set(Y, 0); return mp_set(Y, 0);
return MP_OKAY;
} }
/* if exponent X is negative we have to recurse */ /* if exponent X is negative we have to recurse */
@@ -2415,7 +2412,7 @@ int mp_exptmod_base_2(mp_int * X, mp_int * P, mp_int * Y)
} }
/* swap res with Y */ /* swap res with Y */
mp_copy(res, Y); err = mp_copy(res, Y);
LBL_RES:mp_clear (res); LBL_RES:mp_clear (res);
LBL_M: LBL_M:

11
wolfcrypt/src/pkcs12.c
View File

@@ -755,7 +755,14 @@ int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz)
outerSz += mac->saltSz; outerSz += mac->saltSz;
/* MAC iterations */ /* MAC iterations */
outerSz += SetShortInt(ASNSHORT, &tmpIdx, mac->itt, MAX_SHORT_SZ); ret = SetShortInt(ASNSHORT, &tmpIdx, mac->itt, MAX_SHORT_SZ);
if (ret >= 0) {
outerSz += ret;
ret = 0;
}
else {
return ret;
}
/* sequence of inner data */ /* sequence of inner data */
outerSz += SetSequence(innerSz, seq); outerSz += SetSequence(innerSz, seq);
@@ -1817,6 +1824,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
idx += SetObjectId(sizeof(WC_PKCS12_DATA_OID), out + idx); idx += SetObjectId(sizeof(WC_PKCS12_DATA_OID), out + idx);
if (idx + sizeof(WC_PKCS12_DATA_OID) > *outSz){ if (idx + sizeof(WC_PKCS12_DATA_OID) > *outSz){
WOLFSSL_MSG("Buffer not large enough for DATA OID"); WOLFSSL_MSG("Buffer not large enough for DATA OID");
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
return BUFFER_E; return BUFFER_E;
} }
XMEMCPY(out + idx, WC_PKCS12_DATA_OID, sizeof(WC_PKCS12_DATA_OID)); XMEMCPY(out + idx, WC_PKCS12_DATA_OID, sizeof(WC_PKCS12_DATA_OID));
@@ -1824,6 +1832,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
/* copy over encrypted data */ /* copy over encrypted data */
if (idx + encSz > *outSz){ if (idx + encSz > *outSz){
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
return BUFFER_E; return BUFFER_E;
} }
XMEMCPY(out + idx, tmp, encSz); XMEMCPY(out + idx, tmp, encSz);

6
wolfcrypt/src/wc_port.c
View File

@@ -386,7 +386,11 @@ int wc_FileLoad(const char* fname, unsigned char** buf, size_t* bufLen,
return BAD_PATH_ERROR; return BAD_PATH_ERROR;
} }
XFSEEK(f, 0, XSEEK_END); if (XFSEEK(f, 0, XSEEK_END) != 0) {
WOLFSSL_MSG("wc_LoadFile file seek error");
XFCLOSE(f);
return BAD_PATH_ERROR;
}
fileSz = XFTELL(f); fileSz = XFTELL(f);
XREWIND(f); XREWIND(f);
if (fileSz > 0) { if (fileSz > 0) {