Merge pull request #533 from dgarske/dg_fixes

Fixes for HMAC/small stack heap and disable RSA warnings
2016-08-26 14:30:55 -07:00
parent 401463a983 925e5e3484
commit bd312cb766
2 changed files with 30 additions and 21 deletions
--- a/src/internal.c
+++ b/src/internal.c
@@ -13300,7 +13300,9 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
    int    ret = 0;
    word16 length = 0;
    word32 idx = *inOutIdx, begin = *inOutIdx;
+#ifndef NO_RSA
    int    typeH = 0;
+#endif
    byte*  output  = NULL;
    byte   sigAlgo = ssl->specs.sig_algo;
    word16 sigSz = 0;
@@ -13310,7 +13312,6 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,

    (void)output;
    (void)sigSz;
-    (void)typeH;

    WOLFSSL_ENTER("DoServerKeyExchange");

@@ -13332,7 +13333,9 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
            length = ssl->async.length;
            output = ssl->async.output;
            sigSz = ssl->async.sigSz;
+        #ifndef NO_RSA
            typeH = ssl->async.hashAlgo;
+        #endif
            sigAlgo = ssl->async.sigAlgo;
        #if !defined(NO_DH) || defined(HAVE_ECC)
            verifySig = ssl->async.data;
@@ -13808,7 +13811,9 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                            ERROR_OUT(ALGO_ID_E, exit_dske);
                        #endif
                    }
+                #ifndef NO_RSA
                    typeH = wc_HashGetOID(hashType);
+                #endif

                    /* signature */
                    if ((idx - begin) + OPAQUE16_LEN > size) {
@@ -13920,7 +13925,8 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                    }

                    if (verifySig == NULL) {
-                        verifySig = (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
+                        verifySig = (byte*)XMALLOC(length, ssl->heap,
+                                                    DYNAMIC_TYPE_TMP_BUFFER);
                        if (!verifySig) {
                            ERROR_OUT(MEMORY_E, exit_dske);
                        }
@@ -14152,7 +14158,9 @@ exit_dske:
        ssl->async.length = length;
        ssl->async.output = output;
        ssl->async.sigSz = sigSz;
+    #ifndef NO_RSA
        ssl->async.hashAlgo = typeH;
+    #endif
        ssl->async.sigAlgo = sigAlgo;
    #if !defined(NO_DH) || defined(HAVE_ECC)
        ssl->async.data = verifySig;
@@ -15617,9 +15625,6 @@ int SendCertificateVerify(WOLFSSL* ssl)

        case KEYSHARE_DO:
        {
-            /* restore verify pointer */
-            verify = &output[idx];
-
        #ifdef HAVE_ECC
           if (ssl->sigType == DYNAMIC_TYPE_ECC) {
                ret = EccSign(ssl,
@@ -15638,6 +15643,9 @@ int SendCertificateVerify(WOLFSSL* ssl)
        #endif /* HAVE_ECC */
        #ifndef NO_RSA
            if (ssl->sigType == DYNAMIC_TYPE_RSA) {
+                /* restore verify pointer */
+                verify = &output[idx];
+
                ret = RsaSign(ssl,
                    ssl->buffers.sig.buffer, ssl->buffers.sig.length,
                    verify + extraSz + VERIFY_HEADER, &ssl->sigLen,
@@ -15683,7 +15691,8 @@ int SendCertificateVerify(WOLFSSL* ssl)
                    if (verifySig == NULL) {
                        ERROR_OUT(MEMORY_E, exit_scv);
                    }
-                    XMEMCPY(verifySig, verify + extraSz + VERIFY_HEADER, ssl->sigLen);
+                    XMEMCPY(verifySig, verify + extraSz + VERIFY_HEADER,
+                                                                ssl->sigLen);
                }

                /* check for signature faults */
--- a/wolfcrypt/src/hmac.c
+++ b/wolfcrypt/src/hmac.c
@@ -739,13 +739,13 @@ int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
        return BAD_FUNC_ARG;

 #ifdef WOLFSSL_SMALL_STACK
-    tmp = (byte*)XMALLOC(MAX_DIGEST_SIZE, hmac->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    tmp = (byte*)XMALLOC(MAX_DIGEST_SIZE, myHmac.heap, DYNAMIC_TYPE_TMP_BUFFER);
    if (tmp == NULL)
        return MEMORY_E;

-    prk = (byte*)XMALLOC(MAX_DIGEST_SIZE, hmac->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    prk = (byte*)XMALLOC(MAX_DIGEST_SIZE, myHmac.heap, DYNAMIC_TYPE_TMP_BUFFER);
    if (prk == NULL) {
-        XFREE(tmp, hmac->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(tmp, myHmac.heap, DYNAMIC_TYPE_TMP_BUFFER);
        return MEMORY_E;
    }
 #endif