From 064a54f5523a0387965d08216081635f46e1ddad Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 23 Feb 2017 14:41:51 -0700 Subject: [PATCH] static analysis and windows fix --- src/ssl.c | 20 +++++++------ tests/api.c | 60 ++++++++++++++++++++++++++++++++++++++ wolfssl/openssl/include.am | 3 +- 3 files changed, 73 insertions(+), 10 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 2678da686..dd7648b25 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -15184,11 +15184,11 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) } tmp[0] = '\0'; for (i = 0; i < sz - 1 && (3 * i) < tmpSz - valSz; i++) { - XSNPRINTF(val, sizeof(val) - 1, "%2x:", serial[i]); + XSNPRINTF(val, sizeof(val) - 1, "%02x:", serial[i]); val[3] = '\0'; /* make sure is null terminated */ XSTRNCAT(tmp, val, valSz); } - XSNPRINTF(val, sizeof(val) - 1, "%2x\n", serial[i]); + XSNPRINTF(val, sizeof(val) - 1, "%02x\n", serial[i]); val[3] = '\0'; /* make sure is null terminated */ XSTRNCAT(tmp, val, valSz); if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { @@ -15222,14 +15222,13 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) /* print issuer */ { char* issuer; - #ifdef WOLFSSL_SMALL_STACK + #ifndef WOLFSSL_SMALL_STACK char* buff = NULL; int issSz = 0; #else char buff[256]; int issSz = 256; #endif - issuer = buff; issuer = wolfSSL_X509_NAME_oneline( wolfSSL_X509_get_issuer_name(x509), buff, issSz); @@ -15303,7 +15302,6 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) char buff[256]; int subSz = 256; #endif - subject = buff; subject = wolfSSL_X509_NAME_oneline( wolfSSL_X509_get_subject_name(x509), buff, subSz); @@ -15447,6 +15445,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) WOLFSSL_MSG("Memory error"); return SSL_FAILURE; } + XMEMSET(rawKey, 0, rawLen); mp_to_unsigned_bin(&rsa.e, rawKey); if ((word32)rawLen <= sizeof(word32)) { idx = *(word32*)rawKey; @@ -15621,7 +15620,6 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) char buff[256]; int issSz = 256; #endif - issuer = buff; issuer = wolfSSL_X509_NAME_oneline( wolfSSL_X509_get_issuer_name(x509), buff, issSz); @@ -15687,7 +15685,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) return SSL_FAILURE; } - wolfSSL_X509_get_signature(x509, NULL, &sigSz); + sigSz = (int)x509->sig.length; sig = (unsigned char*)XMALLOC(sigSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (sig == NULL || sigSz <= 0) { return SSL_FAILURE; @@ -22212,7 +22210,7 @@ int wolfSSL_RSA_private_encrypt(int len, unsigned char* in, unsigned char* out, WOLFSSL_RSA* rsa, int padding) { int sz = 0; - WC_RNG* rng; + WC_RNG* rng = NULL; RsaKey* key; WOLFSSL_MSG("wolfSSL_RSA_private_encrypt"); @@ -26217,7 +26215,8 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) WOLFSSL_ENTER("wolfSSL_X509_NAME_new"); - name = XMALLOC(sizeof(WOLFSSL_X509_NAME), NULL, DYNAMIC_TYPE_X509); + name = (WOLFSSL_X509_NAME*)XMALLOC(sizeof(WOLFSSL_X509_NAME), NULL, + DYNAMIC_TYPE_X509); if (name != NULL) { InitX509Name(name, 1); } @@ -26225,6 +26224,8 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) } +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) +/* needed SetName function from asn.c is wrapped by NO_RSA */ /* helper function for CopyX509NameToCertName() */ static int CopyX509NameEntry(char* out, int max, char* in, int inLen) { @@ -26377,6 +26378,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) return sz; } +#endif /* WOLFSSL_CERT_GEN */ /* Compares the two X509 names. If the size of x is larger then y then a diff --git a/tests/api.c b/tests/api.c index 8d868b630..0d7799977 100644 --- a/tests/api.c +++ b/tests/api.c @@ -215,6 +215,7 @@ #ifdef OPENSSL_EXTRA #include + #include #include #include #include @@ -13427,6 +13428,64 @@ static int test_wc_ecc_is_valid_idx (void) *----------------------------------------------------------------------------*/ +static void test_wolfSSL_X509_NAME(void) +{ + #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ + && !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN) + X509* x509; + const unsigned char* c; + unsigned char buf[4096]; + int bytes; + FILE* f; + const X509_NAME* a; + const X509_NAME* b; + int sz; + unsigned char* tmp; + char file[] = "./certs/ca-cert.der"; + + printf(testingFmt, "wolfSSL_X509_NAME()"); + + /* test compile of depricated function, returns 0 */ + AssertIntEQ(CRYPTO_thread_id(), 0); + + AssertNotNull(a = X509_NAME_new()); + X509_NAME_free((X509_NAME*)a); + + f = fopen(file, "rb"); + AssertNotNull(f); + bytes = (int)fread(buf, 1, sizeof(buf), f); + fclose(f); + + c = buf; + AssertNotNull(x509 = wolfSSL_X509_load_certificate_buffer(c, bytes, + SSL_FILETYPE_ASN1)); + + /* test cmp function */ + AssertNotNull(a = X509_get_issuer_name(x509)); + AssertNotNull(b = X509_get_subject_name(x509)); + + AssertIntEQ(X509_NAME_cmp(a, b), 0); /* self signed should be 0 */ + + tmp = buf; + AssertIntGT((sz = i2d_X509_NAME((X509_NAME*)a, &tmp)), 0); + if (tmp == buf) { + printf("\nERROR - %s line %d failed with:", __FILE__, __LINE__); \ + printf(" Expected pointer to be incremented\n"); + abort(); + } + + /* retry but with the function creating a buffer */ + tmp = NULL; + AssertIntGT((sz = i2d_X509_NAME((X509_NAME*)b, &tmp)), 0); + XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); + + X509_free(x509); + + printf(resultFmt, passed); + #endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */ +} + + static void test_wolfSSL_DES(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) @@ -16206,6 +16265,7 @@ void ApiTest(void) test_wolfSSL_mcast(); /* compatibility tests */ + test_wolfSSL_X509_NAME(); test_wolfSSL_DES(); test_wolfSSL_certs(); test_wolfSSL_ASN1_TIME_print(); diff --git a/wolfssl/openssl/include.am b/wolfssl/openssl/include.am index 44fe0370d..3d0eebe28 100644 --- a/wolfssl/openssl/include.am +++ b/wolfssl/openssl/include.am @@ -40,4 +40,5 @@ nobase_include_HEADERS+= \ wolfssl/openssl/stack.h \ wolfssl/openssl/ui.h \ wolfssl/openssl/x509.h \ - wolfssl/openssl/x509v3.h + wolfssl/openssl/x509v3.h \ + wolfssl/openssl/rc4.h