forked from wolfSSL/wolfssl
Merge pull request #533 from dgarske/dg_fixes
Fixes for HMAC/small stack heap and disable RSA warnings
This commit is contained in:
toddouska
GitHub
@@ -13300,7 +13300,9 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
|
|||||||
int ret = 0;
|
int ret = 0;
|
||||||
word16 length = 0;
|
word16 length = 0;
|
||||||
word32 idx = *inOutIdx, begin = *inOutIdx;
|
word32 idx = *inOutIdx, begin = *inOutIdx;
|
||||||
|
#ifndef NO_RSA
|
||||||
int typeH = 0;
|
int typeH = 0;
|
||||||
|
#endif
|
||||||
byte* output = NULL;
|
byte* output = NULL;
|
||||||
byte sigAlgo = ssl->specs.sig_algo;
|
byte sigAlgo = ssl->specs.sig_algo;
|
||||||
word16 sigSz = 0;
|
word16 sigSz = 0;
|
||||||
@@ -13310,7 +13312,6 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
|
|||||||
|
|
||||||
(void)output;
|
(void)output;
|
||||||
(void)sigSz;
|
(void)sigSz;
|
||||||
(void)typeH;
|
|
||||||
|
|
||||||
WOLFSSL_ENTER("DoServerKeyExchange");
|
WOLFSSL_ENTER("DoServerKeyExchange");
|
||||||
|
|
||||||
@@ -13332,7 +13333,9 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
|
|||||||
length = ssl->async.length;
|
length = ssl->async.length;
|
||||||
output = ssl->async.output;
|
output = ssl->async.output;
|
||||||
sigSz = ssl->async.sigSz;
|
sigSz = ssl->async.sigSz;
|
||||||
|
#ifndef NO_RSA
|
||||||
typeH = ssl->async.hashAlgo;
|
typeH = ssl->async.hashAlgo;
|
||||||
|
#endif
|
||||||
sigAlgo = ssl->async.sigAlgo;
|
sigAlgo = ssl->async.sigAlgo;
|
||||||
#if !defined(NO_DH) || defined(HAVE_ECC)
|
#if !defined(NO_DH) || defined(HAVE_ECC)
|
||||||
verifySig = ssl->async.data;
|
verifySig = ssl->async.data;
|
||||||
@@ -13808,7 +13811,9 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
|
|||||||
ERROR_OUT(ALGO_ID_E, exit_dske);
|
ERROR_OUT(ALGO_ID_E, exit_dske);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
#ifndef NO_RSA
|
||||||
typeH = wc_HashGetOID(hashType);
|
typeH = wc_HashGetOID(hashType);
|
||||||
|
#endif
|
||||||
|
|
||||||
/* signature */
|
/* signature */
|
||||||
if ((idx - begin) + OPAQUE16_LEN > size) {
|
if ((idx - begin) + OPAQUE16_LEN > size) {
|
||||||
@@ -13920,7 +13925,8 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (verifySig == NULL) {
|
if (verifySig == NULL) {
|
||||||
verifySig = (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
verifySig = (byte*)XMALLOC(length, ssl->heap,
|
||||||
|
DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
if (!verifySig) {
|
if (!verifySig) {
|
||||||
ERROR_OUT(MEMORY_E, exit_dske);
|
ERROR_OUT(MEMORY_E, exit_dske);
|
||||||
}
|
}
|
||||||
@@ -14152,7 +14158,9 @@ exit_dske:
|
|||||||
ssl->async.length = length;
|
ssl->async.length = length;
|
||||||
ssl->async.output = output;
|
ssl->async.output = output;
|
||||||
ssl->async.sigSz = sigSz;
|
ssl->async.sigSz = sigSz;
|
||||||
|
#ifndef NO_RSA
|
||||||
ssl->async.hashAlgo = typeH;
|
ssl->async.hashAlgo = typeH;
|
||||||
|
#endif
|
||||||
ssl->async.sigAlgo = sigAlgo;
|
ssl->async.sigAlgo = sigAlgo;
|
||||||
#if !defined(NO_DH) || defined(HAVE_ECC)
|
#if !defined(NO_DH) || defined(HAVE_ECC)
|
||||||
ssl->async.data = verifySig;
|
ssl->async.data = verifySig;
|
||||||
@@ -15617,9 +15625,6 @@ int SendCertificateVerify(WOLFSSL* ssl)
|
|||||||
|
|
||||||
case KEYSHARE_DO:
|
case KEYSHARE_DO:
|
||||||
{
|
{
|
||||||
/* restore verify pointer */
|
|
||||||
verify = &output[idx];
|
|
||||||
|
|
||||||
#ifdef HAVE_ECC
|
#ifdef HAVE_ECC
|
||||||
if (ssl->sigType == DYNAMIC_TYPE_ECC) {
|
if (ssl->sigType == DYNAMIC_TYPE_ECC) {
|
||||||
ret = EccSign(ssl,
|
ret = EccSign(ssl,
|
||||||
@@ -15638,6 +15643,9 @@ int SendCertificateVerify(WOLFSSL* ssl)
|
|||||||
#endif /* HAVE_ECC */
|
#endif /* HAVE_ECC */
|
||||||
#ifndef NO_RSA
|
#ifndef NO_RSA
|
||||||
if (ssl->sigType == DYNAMIC_TYPE_RSA) {
|
if (ssl->sigType == DYNAMIC_TYPE_RSA) {
|
||||||
|
/* restore verify pointer */
|
||||||
|
verify = &output[idx];
|
||||||
|
|
||||||
ret = RsaSign(ssl,
|
ret = RsaSign(ssl,
|
||||||
ssl->buffers.sig.buffer, ssl->buffers.sig.length,
|
ssl->buffers.sig.buffer, ssl->buffers.sig.length,
|
||||||
verify + extraSz + VERIFY_HEADER, &ssl->sigLen,
|
verify + extraSz + VERIFY_HEADER, &ssl->sigLen,
|
||||||
@@ -15683,7 +15691,8 @@ int SendCertificateVerify(WOLFSSL* ssl)
|
|||||||
if (verifySig == NULL) {
|
if (verifySig == NULL) {
|
||||||
ERROR_OUT(MEMORY_E, exit_scv);
|
ERROR_OUT(MEMORY_E, exit_scv);
|
||||||
}
|
}
|
||||||
XMEMCPY(verifySig, verify + extraSz + VERIFY_HEADER, ssl->sigLen);
|
XMEMCPY(verifySig, verify + extraSz + VERIFY_HEADER,
|
||||||
|
ssl->sigLen);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* check for signature faults */
|
/* check for signature faults */
|
||||||
|
|||||||
@@ -739,13 +739,13 @@ int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
|
|||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
tmp = (byte*)XMALLOC(MAX_DIGEST_SIZE, hmac->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
tmp = (byte*)XMALLOC(MAX_DIGEST_SIZE, myHmac.heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
if (tmp == NULL)
|
if (tmp == NULL)
|
||||||
return MEMORY_E;
|
return MEMORY_E;
|
||||||
|
|
||||||
prk = (byte*)XMALLOC(MAX_DIGEST_SIZE, hmac->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
prk = (byte*)XMALLOC(MAX_DIGEST_SIZE, myHmac.heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
if (prk == NULL) {
|
if (prk == NULL) {
|
||||||
XFREE(tmp, hmac->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(tmp, myHmac.heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
return MEMORY_E;
|
return MEMORY_E;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
Reference in New Issue
Block a user