forked from wolfSSL/wolfssl
toddouska
GitHub
@ -12077,7 +12077,8 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
|
||||
|
||||
#ifndef NO_PSK
|
||||
if (ssl->specs.kea == psk_kea &&
|
||||
ssl->arrays->server_hint[0] == 0)
|
||||
ssl->arrays != NULL &&
|
||||
ssl->arrays->server_hint[0] == 0)
|
||||
pskNoServerHint = 1;
|
||||
#endif
|
||||
if (ssl->specs.static_ecdh == 1 ||
|
||||
|
||||
39
src/ssl.c
39
src/ssl.c
@ -3732,9 +3732,6 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s)
|
||||
/* get certificate buffer */
|
||||
cert = &s->certs[certIdx];
|
||||
|
||||
if (cert == NULL)
|
||||
break;
|
||||
|
||||
dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
|
||||
|
||||
if (dCert == NULL) {
|
||||
@ -4934,6 +4931,7 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify)
|
||||
|
||||
InitDecodedCert(cert, der->buffer, der->length, cm->heap);
|
||||
if ((ret = ParseCert(cert, TRUSTED_PEER_TYPE, verify, cm)) != 0) {
|
||||
FreeDecodedCert(cert);
|
||||
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
|
||||
return ret;
|
||||
}
|
||||
@ -4968,6 +4966,7 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify)
|
||||
|
||||
if (AlreadyTrustedPeer(cm, subjectHash)) {
|
||||
WOLFSSL_MSG("\tAlready have this CA, not adding again");
|
||||
FreeTrustedPeer(peerCert, cm->heap);
|
||||
(void)ret;
|
||||
}
|
||||
else {
|
||||
@ -18549,7 +18548,11 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
|
||||
int ret = 0;
|
||||
WOLFSSL_ENTER("wolfSSL_EVP_Cipher");
|
||||
|
||||
if (ctx == NULL || dst == NULL || src == NULL) {
|
||||
if (ctx == NULL || src == NULL ||
|
||||
(dst == NULL &&
|
||||
ctx->cipherType != AES_128_GCM_TYPE &&
|
||||
ctx->cipherType != AES_192_GCM_TYPE &&
|
||||
ctx->cipherType != AES_256_GCM_TYPE)) {
|
||||
WOLFSSL_MSG("Bad function argument");
|
||||
return 0; /* failure */
|
||||
}
|
||||
@ -26129,6 +26132,7 @@ err_exit:
|
||||
#if !defined(NO_ASN) && !defined(NO_PWDBASED)
|
||||
if ((newx509 != NULL) && (type == PKCS12_TYPE)) {
|
||||
wc_PKCS12_free((WC_PKCS12*)newx509);
|
||||
newx509 = NULL;
|
||||
}
|
||||
#endif
|
||||
_exit:
|
||||
@ -26596,6 +26600,9 @@ int wolfSSL_X509_cmp_time(const WOLFSSL_ASN1_TIME* asnTime, time_t* cmpTime)
|
||||
/* Convert to time struct*/
|
||||
ct = XGMTIME(pTime, tmpTs);
|
||||
|
||||
if (ct == NULL)
|
||||
return GETTIME_ERROR;
|
||||
|
||||
/* DateGreaterThan returns 1 for >; 0 for <= */
|
||||
ret = DateGreaterThan(&ts, ct) ? 1 : -1;
|
||||
}
|
||||
@ -26695,6 +26702,10 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_dup(const WOLFSSL_ASN1_INTEGER* src)
|
||||
return NULL;
|
||||
|
||||
dup = wolfSSL_ASN1_INTEGER_new();
|
||||
|
||||
if (dup == NULL)
|
||||
return NULL;
|
||||
|
||||
dup->negative = src->negative;
|
||||
dup->dataMax = src->dataMax;
|
||||
dup->isDynamic = src->isDynamic;
|
||||
@ -26707,6 +26718,7 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_dup(const WOLFSSL_ASN1_INTEGER* src)
|
||||
dup->data = (unsigned char*)
|
||||
XMALLOC(src->dataMax,NULL,DYNAMIC_TYPE_OPENSSL);
|
||||
if (dup->data == NULL) {
|
||||
wolfSSL_ASN1_INTEGER_free(dup);
|
||||
return NULL;
|
||||
}
|
||||
XMEMCPY(dup->data,src->data,dup->dataMax);
|
||||
@ -29417,8 +29429,10 @@ int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, va_list args)
|
||||
|
||||
switch (bio->type) {
|
||||
case WOLFSSL_BIO_FILE:
|
||||
if (bio->ptr == NULL)
|
||||
if (bio->ptr == NULL) {
|
||||
va_end(args);
|
||||
return -1;
|
||||
}
|
||||
ret = vfprintf((XFILE)bio->ptr, format, args);
|
||||
break;
|
||||
|
||||
@ -30893,6 +30907,10 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_BN_to_ASN1_INTEGER(const WOLFSSL_BIGNUM *bn, WOLFS
|
||||
|
||||
if (ai == NULL) {
|
||||
a = wolfSSL_ASN1_INTEGER_new();
|
||||
|
||||
if (a == NULL)
|
||||
return NULL;
|
||||
|
||||
a->type = V_ASN1_INTEGER;
|
||||
}
|
||||
else {
|
||||
@ -44920,9 +44938,9 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
|
||||
/* If XN_FLAG_DN_REV is present, print X509_NAME in reverse order */
|
||||
if (flags == (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)) {
|
||||
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
|
||||
fullName[0] = '\0';
|
||||
count = wolfSSL_X509_NAME_entry_count(name);
|
||||
for (i = 0; i < count; i++) {
|
||||
@ -44959,13 +44977,14 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
|
||||
if (wolfSSL_BIO_write(bio, fullName, totalSz) != totalSz)
|
||||
return WOLFSSL_FAILURE;
|
||||
return WOLFSSL_SUCCESS;
|
||||
#endif /* WOLFSSL_APACHE_HTTPD || OPENSSL_ALL || WOLFSSL_NGINX */
|
||||
}
|
||||
else if (flags == XN_FLAG_RFC2253) {
|
||||
#else
|
||||
if (flags == XN_FLAG_RFC2253) {
|
||||
if (wolfSSL_BIO_write(bio, name->name + 1, name->sz - 2)
|
||||
!= name->sz - 2)
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
#endif /* WOLFSSL_APACHE_HTTPD || OPENSSL_ALL || WOLFSSL_NGINX */
|
||||
else if (wolfSSL_BIO_write(bio, name->name, name->sz - 1) != name->sz - 1)
|
||||
return WOLFSSL_FAILURE;
|
||||
|
||||
@ -46545,8 +46564,10 @@ int wolfSSL_X509_check_host(X509 *x, const char *chk, size_t chklen,
|
||||
|
||||
InitDecodedCert(&dCert, x->derCert->buffer, x->derCert->length, NULL);
|
||||
ret = ParseCertRelative(&dCert, CERT_TYPE, 0, NULL);
|
||||
if (ret != 0)
|
||||
if (ret != 0) {
|
||||
FreeDecodedCert(&dCert);
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
ret = CheckHostName(&dCert, (char *)chk, chklen);
|
||||
FreeDecodedCert(&dCert);
|
||||
|
||||
@ -2143,7 +2143,6 @@ static int _DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
|
||||
int ret = 0;
|
||||
mp_int* keyP = NULL;
|
||||
mp_int* keyG = NULL;
|
||||
mp_int* keyQ = NULL;
|
||||
|
||||
if (key == NULL || p == NULL || g == NULL || pSz == 0 || gSz == 0) {
|
||||
ret = BAD_FUNC_ARG;
|
||||
@ -2203,13 +2202,9 @@ static int _DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
|
||||
if (ret == 0 && q != NULL) {
|
||||
if (mp_read_unsigned_bin(&key->q, q, qSz) != MP_OKAY)
|
||||
ret = MP_INIT_E;
|
||||
else
|
||||
keyQ = &key->q;
|
||||
}
|
||||
|
||||
if (ret != 0 && key != NULL) {
|
||||
if (keyQ)
|
||||
mp_clear(keyQ);
|
||||
if (keyG)
|
||||
mp_clear(keyG);
|
||||
if (keyP)
|
||||
|
||||
@ -1401,6 +1401,9 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
|
||||
if (pkey == NULL) {
|
||||
ownPkey = 1;
|
||||
pkey = wolfSSL_PKEY_new();
|
||||
|
||||
if (pkey == NULL)
|
||||
return ret;
|
||||
}
|
||||
|
||||
switch (pkey->type) {
|
||||
|
||||
@ -2838,6 +2838,14 @@ int mp_set_bit (mp_int * a, int b)
|
||||
{
|
||||
int i = b / DIGIT_BIT, res;
|
||||
|
||||
/*
|
||||
* Require:
|
||||
* bit index b >= 0
|
||||
* a->alloc == a->used == 0 if a->dp == NULL
|
||||
*/
|
||||
if (b < 0 || (a->dp == NULL && (a->alloc != 0 || a->used != 0)))
|
||||
return MP_VAL;
|
||||
|
||||
if (a->dp == NULL || a->used < (int)(i + 1)) {
|
||||
/* grow a to accommodate the single bit */
|
||||
if ((res = mp_grow (a, i + 1)) != MP_OKAY) {
|
||||
|
||||
@ -11419,7 +11419,9 @@ authenv_atrbend:
|
||||
XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
decryptedKey = NULL;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
#ifndef NO_PKCS7_STREAM
|
||||
pkcs7->stream->key = NULL;
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
ret = encryptedContentSz;
|
||||
|
||||
@ -1596,7 +1596,7 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
|
||||
byte invalid = 0;
|
||||
#endif
|
||||
|
||||
if (output == NULL || pkcsBlockLen == 0) {
|
||||
if (output == NULL || pkcsBlockLen == 0 || pkcsBlockLen > 0xFFFF) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user