feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #2174 from embhorn/zd4879

Browse Source 
Fixes for static analysis issues
This commit is contained in:
David Garske
2019-04-01 08:48:40 -07:00
committed by GitHub
parent 9ce32e3808 cffe7eccde
commit e8afb6ea51
8 changed files with 179 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/internal.c
View File

@ -22314,6 +22314,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (ssl->suites->sigAlgo != ed25519_sa_algo) {
ssl->buffers.sig.length =
wc_HashGetDigestSize(hashType);
if ((int)ssl->buffers.sig.length < 0) {
ERROR_OUT(HASH_TYPE_E, exit_sske);
}
ssl->buffers.sig.buffer = (byte*)XMALLOC(
ssl->buffers.sig.length,
ssl->heap, DYNAMIC_TYPE_SIGNATURE);
@ -25312,9 +25315,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ssl->peerX25519KeyPresent = 1;
if (ret != 0) {
goto exit_dcke;
}
break;
}
#endif
@ -25358,9 +25358,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ssl->peerEccKeyPresent = 1;
#endif /* HAVE_ECC */
if (ret != 0) {
goto exit_dcke;
}
break;
}
#endif /* HAVE_ECC || HAVE_CURVE25519 */

194
src/ssl.c
View File

@ -11954,14 +11954,15 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
word32 idx = 0;
if (ssl->options.haveStaticECC && ssl->buffers.key != NULL) {
wc_ecc_init(&key);
if (wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx, &key,
ssl->buffers.key->length) != 0) {
ssl->options.haveECDSAsig = 0;
ssl->options.haveECC = 0;
ssl->options.haveStaticECC = 0;
if (wc_ecc_init(&key) >= 0) {
if (wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx, &key,
ssl->buffers.key->length) != 0) {
ssl->options.haveECDSAsig = 0;
ssl->options.haveECC = 0;
ssl->options.haveStaticECC = 0;
}
wc_ecc_free(&key);
}
wc_ecc_free(&key);
}
#endif
@ -14648,7 +14649,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
blk = sz/DES_BLOCK_SIZE;
/* OpenSSL compat, no ret */
wc_Des3Init(&des, NULL, INVALID_DEVID);
(void)wc_Des3Init(&des, NULL, INVALID_DEVID);
if (enc) {
wc_Des3_SetKey(&des, key, (const byte*)ivec, DES_ENCRYPTION);
@ -18876,6 +18877,8 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx)
}
else {
WOLFSSL_MSG("Certificate is self signed");
if (issuer != NULL)
wolfSSL_X509_free(issuer);
}
}
else {
@ -19114,7 +19117,6 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type)
{
void *newx509 = NULL;
DerBuffer* der = NULL;
byte *fileBuffer = NULL;
if (file != XBADFILE)
@ -19171,16 +19173,18 @@ err_exit:
if(newx509 != NULL){
if(type == CERT_TYPE)
wolfSSL_X509_free((WOLFSSL_X509*)newx509);
#ifdef HAVE_CRL
else {
if(type == CRL_TYPE)
wolfSSL_X509_CRL_free((WOLFSSL_X509_CRL*)newx509);
#ifdef HAVE_CRL
else if(type == CRL_TYPE) {
wolfSSL_X509_CRL_free((WOLFSSL_X509_CRL*)newx509);
}
#endif
#endif
#if !defined(NO_ASN) && !defined(NO_PWDBASED)
else if(type == PKCS12_TYPE) {
wc_PKCS12_free((WC_PKCS12*)newx509);
}
#endif
}
_exit:
if(der != NULL)
FreeDer(&der);
if(fileBuffer != NULL)
XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
return newx509;
@ -19210,42 +19214,43 @@ WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE fp, WOLFSSL_X509_CRL **crl)
#endif /* !NO_FILESYSTEM */
WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl, const unsigned char* in, int len)
WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl,
const unsigned char* in, int len)
{
WOLFSSL_X509_CRL *newcrl = NULL;
int ret ;
int ret = WOLFSSL_SUCCESS;
WOLFSSL_ENTER("wolfSSL_d2i_X509_CRL");
if(in == NULL){
if (in == NULL) {
WOLFSSL_MSG("Bad argument value");
return NULL;
} else {
newcrl = (WOLFSSL_X509_CRL*)XMALLOC(sizeof(WOLFSSL_X509_CRL), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (newcrl == NULL){
WOLFSSL_MSG("New CRL allocation failed");
} else {
ret = InitCRL(newcrl, NULL);
if (ret < 0) {
WOLFSSL_MSG("Init tmp CRL failed");
} else {
ret = BufferLoadCRL(newcrl, in, len, WOLFSSL_FILETYPE_ASN1, 1);
if (ret != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Buffer Load CRL failed");
} else {
if (crl) {
*crl = newcrl;
}
}
}
}
}
newcrl = (WOLFSSL_X509_CRL*)XMALLOC(sizeof(WOLFSSL_X509_CRL), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (newcrl == NULL){
WOLFSSL_MSG("New CRL allocation failed");
return NULL;
}
if (InitCRL(newcrl, NULL) < 0) {
WOLFSSL_MSG("Init tmp CRL failed");
goto err_exit;
}
ret = BufferLoadCRL(newcrl, in, len, WOLFSSL_FILETYPE_ASN1, 1);
if (ret != WOLFSSL_SUCCESS){
WOLFSSL_MSG("Buffer Load CRL failed");
goto err_exit;
}
if(crl){
*crl = newcrl;
}
goto _exit;
err_exit:
if(newcrl != NULL)
if((ret != WOLFSSL_SUCCESS) && (newcrl != NULL)) {
wolfSSL_X509_CRL_free(newcrl);
newcrl = NULL;
_exit:
newcrl = NULL;
}
return newcrl;
}
@ -20347,6 +20352,10 @@ const char* wolfSSL_state_string_long(const WOLFSSL* ssl)
state = ss_client_finished;
else if (ssl->options.side == WOLFSSL_CLIENT_END)
state = ss_server_finished;
else {
WOLFSSL_MSG("Unknown State");
state = ss_null_state;
}
break;
default:
WOLFSSL_MSG("Unknown State");
@ -27274,7 +27283,11 @@ WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void)
}
XMEMSET(external->internal, 0, sizeof(ecc_key));
wc_ecc_init((ecc_key*)external->internal);
if (wc_ecc_init((ecc_key*)external->internal) != 0) {
WOLFSSL_MSG("wolfSSL_EC_KEY_new init ecc key failure");
wolfSSL_EC_KEY_free(external);
return NULL;
}
/* public key */
external->pub_key = (WOLFSSL_EC_POINT*)XMALLOC(sizeof(WOLFSSL_EC_POINT),
@ -27499,7 +27512,7 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
{
static const char* hexDigit = "0123456789ABCDEF";
char* hex = NULL;
int id = wc_ecc_get_curve_id(group->curve_idx);
int id;
int i, sz, len;
(void)ctx;
@ -27507,6 +27520,8 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
if (group == NULL || point == NULL)
return NULL;
id = wc_ecc_get_curve_id(group->curve_idx);
if ((sz = wc_ecc_get_curve_size_from_id(id)) < 0)
return NULL;
@ -35452,47 +35467,52 @@ unsigned char* wolfSSL_ASN1_TIME_get_data(WOLFSSL_ASN1_TIME *t)
WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t,
WOLFSSL_ASN1_TIME **out)
{
unsigned char time_type;
unsigned char time_type = 0;
WOLFSSL_ASN1_TIME *ret = NULL;
unsigned char *data_ptr = NULL;
WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_generalizedtime");
if (t == NULL)
return NULL;
time_type = t->data[0];
if (time_type != ASN_UTC_TIME && time_type != ASN_GENERALIZED_TIME){
WOLFSSL_MSG("Invalid ASN_TIME type.");
return NULL;
}
if (out == NULL || *out == NULL){
ret = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (ret == NULL){
WOLFSSL_MSG("memory alloc failed.");
return NULL;
if (t == NULL) {
WOLFSSL_MSG("Invalid ASN_TIME value");
} else {
time_type = t->data[0];
if (time_type != ASN_UTC_TIME && time_type != ASN_GENERALIZED_TIME){
WOLFSSL_MSG("Invalid ASN_TIME type.");
} else {
if (out == NULL || *out == NULL) {
ret = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME),
NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (ret == NULL){
WOLFSSL_MSG("memory alloc failed.");
}
else {
XMEMSET(ret, 0, sizeof(WOLFSSL_ASN1_TIME));
}
} else {
ret = *out;
}
}
XMEMSET(ret, 0, sizeof(WOLFSSL_ASN1_TIME));
} else
ret = *out;
if (time_type == ASN_GENERALIZED_TIME){
XMEMCPY(ret->data, t->data, ASN_GENERALIZED_TIME_SIZE);
return ret;
} else if (time_type == ASN_UTC_TIME){
ret->data[0] = ASN_GENERALIZED_TIME;
ret->data[1] = ASN_GENERALIZED_TIME_SIZE;
data_ptr = ret->data + 2;
if (t->data[2] >= '5')
XSNPRINTF((char*)data_ptr, ASN_UTC_TIME_SIZE + 2, "19%s", t->data + 2);
else
XSNPRINTF((char*)data_ptr, ASN_UTC_TIME_SIZE + 2, "20%s", t->data + 2);
return ret;
}
WOLFSSL_MSG("Invalid ASN_TIME value");
return NULL;
if (ret != NULL) {
if (time_type == ASN_GENERALIZED_TIME){
XMEMCPY(ret->data, t->data, ASN_GENERALIZED_TIME_SIZE);
} else {
/* (time_type == ASN_UTC_TIME) */
ret->data[0] = ASN_GENERALIZED_TIME;
ret->data[1] = ASN_GENERALIZED_TIME_SIZE;
data_ptr = ret->data + 2;
if (t->data[2] >= '5') {
XSNPRINTF((char*)data_ptr, ASN_UTC_TIME_SIZE + 2,
"19%s", t->data + 2);
} else {
XSNPRINTF((char*)data_ptr, ASN_UTC_TIME_SIZE + 2,
"20%s", t->data + 2);
}
}
}
return ret;
}
#endif /* !NO_ASN_TIME */
@ -35774,8 +35794,6 @@ int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs,
p7->pkcs7.content = mem;
p7->pkcs7.contentSz = memSz;
}
if (ret != 0)
return WOLFSSL_FAILURE;
/* certs is the list of certificates to find the cert with issuer/serial. */
(void)certs;
@ -35985,6 +36003,9 @@ static int bio_get_data(WOLFSSL_BIO* bio, byte** data)
ret = BAD_FUNC_ARG;
if (ret == 0) {
curr = XFTELL(file);
if (curr < 0) {
ret = WOLFSSL_BAD_FILE;
}
if (XFSEEK(file, 0, XSEEK_END) != 0)
ret = WOLFSSL_BAD_FILE;
}
@ -36007,11 +36028,13 @@ static int bio_get_data(WOLFSSL_BIO* bio, byte** data)
if ((ret = wolfSSL_BIO_read(bio, mem, ret)) <= 0) {
XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL);
ret = MEMORY_E;
mem = NULL;
}
}
}
*data = mem;
return ret;
}
@ -36035,12 +36058,17 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio,
if (cb != NULL) {
passwordSz = cb(password, sizeof(password), PEM_PASS_READ, ctx);
if (passwordSz < 0)
if (passwordSz < 0) {
XFREE(der, bio->heap, DYNAMIC_TYPE_OPENSSL);
return NULL;
}
ret = ToTraditionalEnc(der, len, password, passwordSz, &algId);
if (ret < 0)
if (ret < 0) {
XFREE(der, bio->heap, DYNAMIC_TYPE_OPENSSL);
return NULL;
}
XMEMSET(password, 0, passwordSz);
}

4
src/tls.c
View File

@ -823,7 +823,9 @@ static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac)
int digestSz = wc_HashGetDigestSize(hashType);
int blockSz = wc_HashGetBlockSize(hashType);
ret = wc_HashInit(&hash, hashType);
if ((digestSz >= 0) && (blockSz >= 0)) {
ret = wc_HashInit(&hash, hashType);
}
if (ret == 0) {
ret = wc_HashUpdate(&hash, hashType, (byte*)hmac->opad,
blockSz);

2
src/tls13.c
View File

@ -3280,6 +3280,8 @@ static void RefineSuites(WOLFSSL* ssl, Suites* peerSuites)
int suiteSz = 0;
word16 i, j;
XMEMSET(suites, 0, WOLFSSL_MAX_SUITE_SZ);
for (i = 0; i < ssl->suites->suiteSz; i += 2) {
for (j = 0; j < peerSuites->suiteSz; j += 2) {
if (ssl->suites->suites[i+0] == peerSuites->suites[j+0] &&

2
wolfcrypt/benchmark/benchmark.c
View File

@ -5139,7 +5139,7 @@ void bench_ed25519KeyGen(void)
do {
for (i = 0; i < genTimes; i++) {
wc_ed25519_init(&genKey);
wc_ed25519_make_key(&rng, 32, &genKey);
(void)wc_ed25519_make_key(&rng, 32, &genKey);
wc_ed25519_free(&genKey);
}
count += i;

53
wolfcrypt/src/asn.c
View File

@ -8976,36 +8976,41 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
for (;;) {
headerEnd = XSTRNSTR((char*)buff, header, sz);
if (headerEnd || type != PRIVATEKEY_TYPE) {
if (headerEnd) {
break;
} else
if (header == BEGIN_RSA_PRIV) {
header = BEGIN_PRIV_KEY; footer = END_PRIV_KEY;
} else
if (header == BEGIN_PRIV_KEY) {
header = BEGIN_ENC_PRIV_KEY; footer = END_ENC_PRIV_KEY;
} else
#ifdef HAVE_ECC
if (header == BEGIN_ENC_PRIV_KEY) {
header = BEGIN_EC_PRIV; footer = END_EC_PRIV;
} else
if (header == BEGIN_EC_PRIV) {
header = BEGIN_DSA_PRIV; footer = END_DSA_PRIV;
} else
#endif
#ifdef HAVE_ED25519
if (type == PRIVATEKEY_TYPE) {
if (header == BEGIN_RSA_PRIV) {
header = BEGIN_PRIV_KEY; footer = END_PRIV_KEY;
} else
if (header == BEGIN_PRIV_KEY) {
header = BEGIN_ENC_PRIV_KEY; footer = END_ENC_PRIV_KEY;
} else
#ifdef HAVE_ECC
if (header == BEGIN_DSA_PRIV)
#else
if (header == BEGIN_ENC_PRIV_KEY)
if (header == BEGIN_ENC_PRIV_KEY) {
header = BEGIN_EC_PRIV; footer = END_EC_PRIV;
} else
if (header == BEGIN_EC_PRIV) {
header = BEGIN_DSA_PRIV; footer = END_DSA_PRIV;
} else
#endif
{
header = BEGIN_EDDSA_PRIV; footer = END_EDDSA_PRIV;
#ifdef HAVE_ED25519
#ifdef HAVE_ECC
if (header == BEGIN_DSA_PRIV)
#else
if (header == BEGIN_ENC_PRIV_KEY)
#endif
{
header = BEGIN_EDDSA_PRIV; footer = END_EDDSA_PRIV;
} else
#endif
{
break;
}
} else
#endif
#ifdef HAVE_CRL
if (type == CRL_TYPE) {
header = BEGIN_CRL; footer = END_CRL;
if ((type == CRL_TYPE) && (header != BEGIN_CRL)) {
header = BEGIN_CRL; footer = END_CRL;
} else
#endif
{

20
wolfcrypt/src/dh.c
View File

@ -2201,13 +2201,13 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
/* tmp2 += (2*loop_check_prime)
* to have p = (q * tmp2) + 1 prime
*/
if (primeCheckCount) {
if ((ret == 0) && (primeCheckCount)) {
if (mp_add_d(&tmp2, 2 * primeCheckCount, &tmp2) != MP_OKAY)
ret = MP_ADD_E;
}
/* find a value g for which g^tmp2 != 1 */
if (mp_set(&dh->g, 1) != MP_OKAY)
if ((ret == 0) && (mp_set(&dh->g, 1) != MP_OKAY))
ret = MP_ZERO_E;
if (ret == 0) {
@ -2219,18 +2219,24 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
} while (ret == 0 && mp_cmp_d(&tmp, 1) == MP_EQ);
}
/* at this point tmp generates a group of order q mod p */
mp_exch(&tmp, &dh->g);
if (ret == 0) {
/* at this point tmp generates a group of order q mod p */
mp_exch(&tmp, &dh->g);
}
/* clear the parameters if there was an error */
if (ret != 0) {
if ((ret != 0) && (dh != NULL)) {
mp_clear(&dh->q);
mp_clear(&dh->p);
mp_clear(&dh->g);
}
ForceZero(buf, bufSz);
XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (buf != NULL) {
ForceZero(buf, bufSz);
if (dh != NULL) {
XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
}
mp_clear(&tmp);
mp_clear(&tmp2);

24
wolfcrypt/src/pkcs7.c
View File

@ -357,12 +357,14 @@ static long wc_PKCS7_GetMaxStream(PKCS7* pkcs7, byte flag, byte* in,
pkcs7->stream->maxLen = length + idx;
}
}
if (pkcs7->stream->maxLen == 0) {
pkcs7->stream->maxLen = defSz;
}
return pkcs7->stream->maxLen;
}
if (pkcs7->stream->maxLen == 0) {
pkcs7->stream->maxLen = defSz;
}
return defSz;
}
@ -3435,7 +3437,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
byte* der;
#endif
int multiPart = 0, keepContent;
int contentLen;
int contentLen = 0;
byte* pkiMsg = in;
word32 pkiMsgSz = inSz;
@ -3877,7 +3879,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
/* If getting the content info failed with non degenerate then return the
* error case. Otherwise with a degenerate it is ok if the content
* info was omitted */
if (!degenerate && !detached && ret != 0) {
if (!degenerate && !detached && (ret != 0)) {
break;
}
else {
@ -8560,10 +8562,11 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
ret = BAD_FUNC_ARG;
}
return ret;
(void)pkiMsg;
(void)pkiMsgSz;
return ret;
#else
(void)in;
(void)inSz;
@ -8588,7 +8591,7 @@ static int wc_PKCS7_DecryptRecipientInfos(PKCS7* pkcs7, byte* in,
byte* pkiMsg = in;
word32 pkiMsgSz = inSz;
#ifndef NO_PKCS7_STREAM
word32 tmpIdx = *idx;
word32 tmpIdx;
long rc;
#endif
@ -8598,6 +8601,10 @@ static int wc_PKCS7_DecryptRecipientInfos(PKCS7* pkcs7, byte* in,
return BAD_FUNC_ARG;
}
#ifndef NO_PKCS7_STREAM
tmpIdx = *idx;
#endif
/* check if in the process of decrypting */
switch (pkcs7->state) {
case WC_PKCS7_DECRYPT_KTRI:
@ -9914,6 +9921,9 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
idx += unauthAttribsSetSz;
XMEMCPY(output + idx, flatUnauthAttribs, unauthAttribsSz);
idx += unauthAttribsSz;
}
if (flatUnauthAttribs != NULL) {
XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
}