mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 16:30:49 +02:00
Merge pull request #10120 from douzzer/20260331-wolfcrypt-Wcast-qual
20260331-wolfcrypt-Wcast-qual approved by @padelsbach
This commit is contained in:
@@ -18,17 +18,17 @@ jobs:
|
||||
matrix:
|
||||
config: [
|
||||
# Add new configs here
|
||||
'--disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
|
||||
'--enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
|
||||
'--enable-smallstack --disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
|
||||
'--enable-smallstack --enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
|
||||
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128"',
|
||||
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wdeclaration-after-statement -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion" --enable-32bit CFLAGS=-m32',
|
||||
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,small CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128"',
|
||||
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,no-large-code CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128"',
|
||||
'--enable-smallstack --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128"',
|
||||
'--disable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -Wdeclaration-after-statement -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion" --enable-32bit CFLAGS=-m32',
|
||||
'--disable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,small CPPFLAGS="-DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128"',
|
||||
'--disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
|
||||
'--enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
|
||||
'--enable-smallstack --disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
|
||||
'--enable-smallstack --enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
|
||||
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128 -Wcast-qual"',
|
||||
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wdeclaration-after-statement -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual" --enable-32bit CFLAGS=-m32',
|
||||
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,small CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
|
||||
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,no-large-code CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
|
||||
'--enable-smallstack --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
|
||||
'--disable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -Wdeclaration-after-statement -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual" --enable-32bit CFLAGS=-m32',
|
||||
'--disable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,small CPPFLAGS="-DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
|
||||
]
|
||||
name: build library
|
||||
if: github.repository_owner == 'wolfssl'
|
||||
|
||||
@@ -705,8 +705,6 @@ WOLFSSL_ATMEL_TIME
|
||||
WOLFSSL_BEFORE_DATE_CLOCK_SKEW
|
||||
WOLFSSL_BIGINT_TYPES
|
||||
WOLFSSL_BIO_NO_FLOW_STATS
|
||||
WOLFSSL_BLAKE2B_INIT_EACH_FIELD
|
||||
WOLFSSL_BLAKE2S_INIT_EACH_FIELD
|
||||
WOLFSSL_BYTESWAP32_ASM
|
||||
WOLFSSL_CAAM_BLACK_KEY_AESCCM
|
||||
WOLFSSL_CAAM_BLACK_KEY_SM
|
||||
|
||||
@@ -80,7 +80,7 @@ int wc_SignatureVerify(
|
||||
enum wc_HashType hash_type, enum wc_SignatureType sig_type,
|
||||
const byte* data, word32 data_len,
|
||||
const byte* sig, word32 sig_len,
|
||||
const void* key, word32 key_len);
|
||||
void* key, word32 key_len);
|
||||
|
||||
/*!
|
||||
\ingroup Signature
|
||||
@@ -143,7 +143,7 @@ int wc_SignatureGenerate(
|
||||
enum wc_HashType hash_type, enum wc_SignatureType sig_type,
|
||||
const byte* data, word32 data_len,
|
||||
byte* sig, word32 *sig_len,
|
||||
const void* key, word32 key_len,
|
||||
void* key, word32 key_len,
|
||||
WC_RNG* rng);
|
||||
|
||||
/*!
|
||||
@@ -194,7 +194,7 @@ int wc_SignatureVerifyHash(enum wc_HashType hash_type,
|
||||
enum wc_SignatureType sig_type,
|
||||
const byte* hash_data, word32 hash_len,
|
||||
const byte* sig, word32 sig_len,
|
||||
const void* key, word32 key_len);
|
||||
void* key, word32 key_len);
|
||||
|
||||
/*!
|
||||
\ingroup Signature
|
||||
@@ -245,7 +245,7 @@ int wc_SignatureGenerateHash(enum wc_HashType hash_type,
|
||||
enum wc_SignatureType sig_type,
|
||||
const byte* hash_data, word32 hash_len,
|
||||
byte* sig, word32 *sig_len,
|
||||
const void* key, word32 key_len,
|
||||
void* key, word32 key_len,
|
||||
WC_RNG* rng);
|
||||
|
||||
/*!
|
||||
@@ -296,7 +296,7 @@ int wc_SignatureGenerateHash_ex(enum wc_HashType hash_type,
|
||||
enum wc_SignatureType sig_type,
|
||||
const byte* hash_data, word32 hash_len,
|
||||
byte* sig, word32 *sig_len,
|
||||
const void* key, word32 key_len,
|
||||
void* key, word32 key_len,
|
||||
WC_RNG* rng, int verify);
|
||||
|
||||
/*!
|
||||
@@ -346,5 +346,5 @@ int wc_SignatureGenerate_ex(enum wc_HashType hash_type,
|
||||
enum wc_SignatureType sig_type,
|
||||
const byte* data, word32 data_len,
|
||||
byte* sig, word32 *sig_len,
|
||||
const void* key, word32 key_len,
|
||||
void* key, word32 key_len,
|
||||
WC_RNG* rng, int verify);
|
||||
|
||||
+1
-1
@@ -13393,7 +13393,7 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen,
|
||||
{
|
||||
int match = 0;
|
||||
DNS_entry* altName = NULL;
|
||||
char *buf;
|
||||
const char *buf;
|
||||
word32 len;
|
||||
|
||||
WOLFSSL_MSG("Checking AltNames");
|
||||
|
||||
+2
-2
@@ -2131,8 +2131,8 @@ int wolfSSL_OCSP_request_add1_nonce(OcspRequest* req, unsigned char* val,
|
||||
*/
|
||||
int wolfSSL_OCSP_check_nonce(OcspRequest* req, WOLFSSL_OCSP_BASICRESP* bs)
|
||||
{
|
||||
byte* reqNonce = NULL;
|
||||
byte* rspNonce = NULL;
|
||||
const byte* reqNonce = NULL;
|
||||
const byte* rspNonce = NULL;
|
||||
int reqNonceSz = 0;
|
||||
int rspNonceSz = 0;
|
||||
|
||||
|
||||
+3
-1
@@ -1265,7 +1265,9 @@ static WC_INLINE int cm_restore_cert_row(WOLFSSL_CERT_MANAGER* cm,
|
||||
|
||||
if (ret == 0) {
|
||||
/* Copy in certificate name. */
|
||||
XMEMCPY(signer->name, current + idx, (size_t)signer->nameLen);
|
||||
/* safe cast -- allocated by above XMALLOC(). */
|
||||
XMEMCPY((void *)(wc_ptr_t)signer->name, current + idx,
|
||||
(size_t)signer->nameLen);
|
||||
idx += signer->nameLen;
|
||||
|
||||
/* Copy in hash of subject name. */
|
||||
|
||||
+3
-1
@@ -3061,6 +3061,7 @@ int wolfSSL_X509_add_altname_ex(WOLFSSL_X509* x509, const char* name,
|
||||
newAltName->type = type;
|
||||
newAltName->len = (int)nameSz;
|
||||
newAltName->name = nameCopy;
|
||||
newAltName->nameStored = 1;
|
||||
x509->altNames = newAltName;
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
@@ -4259,7 +4260,8 @@ char* wolfSSL_X509_get_next_altname(WOLFSSL_X509* cert)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ret = cert->altNamesNext->name;
|
||||
/* unsafe cast required for ABI compatibility. */
|
||||
ret = (char *)(wc_ptr_t)cert->altNamesNext->name;
|
||||
#ifdef WOLFSSL_IP_ALT_NAME
|
||||
/* return the IP address as a string */
|
||||
if (cert->altNamesNext->type == ASN_IP_TYPE) {
|
||||
|
||||
@@ -251,7 +251,7 @@ int test_ocsp_basic_verify(void)
|
||||
WOLFSSL_SUCCESS);
|
||||
/* verify that the signature is checked */
|
||||
if (EXPECT_SUCCESS()) {
|
||||
response->sig[0] ^= 0xff;
|
||||
((byte *)(wc_ptr_t)response->sig)[0] ^= 0xff;
|
||||
}
|
||||
ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, NULL, NULL, OCSP_NOVERIFY),
|
||||
WOLFSSL_FAILURE);
|
||||
@@ -285,12 +285,12 @@ int test_ocsp_basic_verify(void)
|
||||
WOLFSSL_SUCCESS);
|
||||
/* make invalid signature */
|
||||
if (EXPECT_SUCCESS()) {
|
||||
response->sig[0] ^= 0xff;
|
||||
((byte *)(wc_ptr_t)response->sig)[0] ^= 0xff;
|
||||
}
|
||||
ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, NULL, store, 0),
|
||||
WOLFSSL_FAILURE);
|
||||
if (EXPECT_SUCCESS()) {
|
||||
response->sig[0] ^= 0xff;
|
||||
((byte *)(wc_ptr_t)response->sig)[0] ^= 0xff;
|
||||
}
|
||||
|
||||
/* cert embedded and in certs, no store needed bc OCSP_TRUSTOTHER */
|
||||
|
||||
+238
-115
@@ -1496,7 +1496,7 @@ static int GetASN_StoreData(const ASNItem* asn, ASNGetData* data,
|
||||
}
|
||||
FALL_THROUGH;
|
||||
case ASN_DATA_TYPE_MP_INITED:
|
||||
err = mp_read_unsigned_bin(data->data.mp, (byte*)input + idx,
|
||||
err = mp_read_unsigned_bin(data->data.mp, (const byte*)input + idx,
|
||||
(word32)len);
|
||||
if (err != 0) {
|
||||
#ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
|
||||
@@ -2257,9 +2257,10 @@ void GetASN_GetConstRef(ASNGetData * dataASN, const byte** data, word32* length)
|
||||
* @param [out] data Pointer to data of item.
|
||||
* @param [out] length Length of buffer in bytes.
|
||||
*/
|
||||
void GetASN_GetRef(ASNGetData * dataASN, byte** data, word32* length)
|
||||
void GetASN_GetRef(const ASNGetData * dataASN, const byte** data,
|
||||
word32* length)
|
||||
{
|
||||
*data = (byte*)dataASN->data.ref.data;
|
||||
*data = (const byte*)dataASN->data.ref.data;
|
||||
*length = dataASN->data.ref.length;
|
||||
}
|
||||
|
||||
@@ -2269,9 +2270,10 @@ void GetASN_GetRef(ASNGetData * dataASN, byte** data, word32* length)
|
||||
* @param [out] data Pointer to .
|
||||
* @param [out] length Length of buffer in bytes.
|
||||
*/
|
||||
void GetASN_OIDData(ASNGetData * dataASN, byte** data, word32* length)
|
||||
void GetASN_OIDData(const ASNGetData * dataASN, const byte** data,
|
||||
word32* length)
|
||||
{
|
||||
*data = (byte*)dataASN->data.oid.data;
|
||||
*data = (const byte*)dataASN->data.oid.data;
|
||||
*length = dataASN->data.oid.length;
|
||||
}
|
||||
|
||||
@@ -10159,10 +10161,10 @@ int DecryptContent(byte* input, word32 sz, const char* password, int passwordSz)
|
||||
word32 keySz = 0;
|
||||
word32 saltSz = 0;
|
||||
word32 shaOid = 0;
|
||||
byte* salt = NULL;
|
||||
byte* key = NULL;
|
||||
const byte* salt = NULL;
|
||||
const byte* key = NULL;
|
||||
byte cbcIv[MAX_IV_SIZE];
|
||||
byte* params = NULL;
|
||||
const byte* params = NULL;
|
||||
|
||||
WOLFSSL_ENTER("DecryptContent");
|
||||
|
||||
@@ -10249,9 +10251,10 @@ int DecryptContent(byte* input, word32 sz, const char* password, int passwordSz)
|
||||
|
||||
if (ret == 0) {
|
||||
/* Decrypt the key. */
|
||||
/* safe cast -- key is actually inside the readwrite "input" buffer. */
|
||||
ret = wc_CryptKey(
|
||||
password, passwordSz, salt, (int)saltSz, (int)iterations, id, key,
|
||||
(int)keySz, version, cbcIv, 0, (int)shaOid);
|
||||
password, passwordSz, salt, (int)saltSz, (int)iterations, id,
|
||||
(byte *)(wc_ptr_t)key, (int)keySz, version, cbcIv, 0, (int)shaOid);
|
||||
}
|
||||
if (ret == 0) {
|
||||
/* Copy the decrypted key into the input (inline). */
|
||||
@@ -10474,8 +10477,10 @@ static int EncryptContentPBES2(byte* input, word32 inputSz, byte* out,
|
||||
(int)(p8EncPbes2ASN_Length - P8ENCPBES2ASN_IDX_ALGO_SEQ),
|
||||
out);
|
||||
|
||||
saltEnc = (byte*)
|
||||
dataASN[P8ENCPBES2ASN_IDX_ALGO_PARAMS_PBKDF2_SALT].data.buffer.data;
|
||||
/* safe cast -- the pointer is actually inside the output buffer. */
|
||||
saltEnc = (byte*)(wc_ptr_t)
|
||||
dataASN[P8ENCPBES2ASN_IDX_ALGO_PARAMS_PBKDF2_SALT].
|
||||
data.buffer.data;
|
||||
if (genSalt) {
|
||||
/* Generate salt into encoding. */
|
||||
ret = wc_RNG_GenerateBlock(rng, saltEnc, saltSz);
|
||||
@@ -10485,13 +10490,15 @@ static int EncryptContentPBES2(byte* input, word32 inputSz, byte* out,
|
||||
}
|
||||
}
|
||||
if (ret == 0) {
|
||||
cbcIv = (byte*)
|
||||
/* safe cast -- the pointer is actually inside the output buffer. */
|
||||
cbcIv = (byte*)(wc_ptr_t)
|
||||
dataASN[P8ENCPBES2ASN_IDX_ALGO_ENCS_PARAMS].data.buffer.data;
|
||||
ret = wc_RNG_GenerateBlock(rng, cbcIv, (word32)blockSz);
|
||||
}
|
||||
if (ret == 0) {
|
||||
/* Store PKCS#8 key in output buffer. */
|
||||
byte* pkcs8 = (byte*)
|
||||
/* safe cast -- the pointer is actually inside the output buffer. */
|
||||
byte* pkcs8 = (byte*)(wc_ptr_t)
|
||||
dataASN[P8ENCPBES2ASN_IDX_ENCDATA].data.buffer.data;
|
||||
XMEMCPY(pkcs8, input, inputSz);
|
||||
(void)wc_PkcsPad(pkcs8, inputSz, (word32)blockSz);
|
||||
@@ -10656,16 +10663,19 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
|
||||
|
||||
if (salt == NULL) {
|
||||
/* Generate salt into encoding. */
|
||||
salt = (byte*)dataASN[P8ENCPBES1ASN_IDX_ENCALGO_PBEPARAM_SALT].
|
||||
data.buffer.data;
|
||||
/* safe cast -- the pointer is actually inside the output buffer. */
|
||||
salt = (byte*)(wc_ptr_t)
|
||||
dataASN[P8ENCPBES1ASN_IDX_ENCALGO_PBEPARAM_SALT].
|
||||
data.buffer.data;
|
||||
ret = wc_RNG_GenerateBlock(rng, salt, saltSz);
|
||||
}
|
||||
}
|
||||
if (ret == 0) {
|
||||
byte cbcIv[MAX_IV_SIZE];
|
||||
/* Store PKCS#8 key in output buffer. */
|
||||
byte* pkcs8 =
|
||||
(byte*)dataASN[P8ENCPBES1ASN_IDX_ENCDATA].data.buffer.data;
|
||||
/* safe cast -- the pointer is actually inside the output buffer. */
|
||||
byte* pkcs8 = (byte*)(wc_ptr_t)
|
||||
dataASN[P8ENCPBES1ASN_IDX_ENCDATA].data.buffer.data;
|
||||
XMEMCPY(pkcs8, input, inputSz);
|
||||
(void)wc_PkcsPad(pkcs8, inputSz, (word32)blockSz);
|
||||
|
||||
@@ -11915,12 +11925,33 @@ void FreeAltNames(DNS_entry* altNames, void* heap)
|
||||
while (altNames) {
|
||||
DNS_entry* tmp = altNames->next;
|
||||
|
||||
XFREE(altNames->name, heap, DYNAMIC_TYPE_ALTNAME);
|
||||
if (altNames->nameStored) {
|
||||
/* safe cast -- .nameStored signifies that the pointer comes from
|
||||
* our own earlier XMALLOC().
|
||||
*/
|
||||
XFREE((void *)(wc_ptr_t)altNames->name, heap,
|
||||
DYNAMIC_TYPE_ALTNAME);
|
||||
altNames->nameStored = 0;
|
||||
}
|
||||
#ifdef WOLFSSL_IP_ALT_NAME
|
||||
XFREE(altNames->ipString, heap, DYNAMIC_TYPE_ALTNAME);
|
||||
if (altNames->ipStringStored) {
|
||||
/* safe cast -- .ipStringStored signifies that the pointer comes
|
||||
* from our own earlier XMALLOC().
|
||||
*/
|
||||
XFREE((void *)(wc_ptr_t)altNames->ipString, heap,
|
||||
DYNAMIC_TYPE_ALTNAME);
|
||||
altNames->ipStringStored = 0;
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_RID_ALT_NAME
|
||||
XFREE(altNames->ridString, heap, DYNAMIC_TYPE_ALTNAME);
|
||||
if (altNames->ridStringStored) {
|
||||
/* safe cast -- .ridStringStored signifies that the pointer comes
|
||||
* from our own earlier XMALLOC().
|
||||
*/
|
||||
XFREE((void *)(wc_ptr_t)altNames->ridString, heap,
|
||||
DYNAMIC_TYPE_ALTNAME);
|
||||
altNames->ridStringStored = 0;
|
||||
}
|
||||
#endif
|
||||
XFREE(altNames, heap, DYNAMIC_TYPE_ALTNAME);
|
||||
altNames = tmp;
|
||||
@@ -11954,11 +11985,14 @@ DNS_entry* AltNameDup(DNS_entry* from, void* heap)
|
||||
|
||||
|
||||
ret->name = CopyString(from->name, from->len, heap, DYNAMIC_TYPE_ALTNAME);
|
||||
ret->nameStored = 1;
|
||||
#ifdef WOLFSSL_IP_ALT_NAME
|
||||
ret->ipString = CopyString(from->ipString, 0, heap, DYNAMIC_TYPE_ALTNAME);
|
||||
ret->ipStringStored = 1;
|
||||
#endif
|
||||
#ifdef WOLFSSL_RID_ALT_NAME
|
||||
ret->ridString = CopyString(from->ridString, 0, heap, DYNAMIC_TYPE_ALTNAME);
|
||||
ret->ridStringStored = 1;
|
||||
#endif
|
||||
if (ret->name == NULL
|
||||
#ifdef WOLFSSL_IP_ALT_NAME
|
||||
@@ -12014,10 +12048,18 @@ void FreeDecodedCert(DecodedCert* cert)
|
||||
if (cert == NULL)
|
||||
return;
|
||||
if (cert->subjectCNStored == 1) {
|
||||
XFREE(cert->subjectCN, cert->heap, DYNAMIC_TYPE_SUBJECT_CN);
|
||||
/* safe cast -- .subjectCNStored signifies that the pointer comes from
|
||||
* our own earlier XMALLOC().
|
||||
*/
|
||||
XFREE((void*)(wc_ptr_t)cert->subjectCN, cert->heap,
|
||||
DYNAMIC_TYPE_SUBJECT_CN);
|
||||
}
|
||||
if (cert->pubKeyStored == 1) {
|
||||
XFREE((void*)cert->publicKey, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
/* safe cast -- .pubKeyStored signifies that the pointer comes from our
|
||||
* own earlier XMALLOC().
|
||||
*/
|
||||
XFREE((void*)(wc_ptr_t)cert->publicKey, cert->heap,
|
||||
DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
}
|
||||
if (cert->weOwnAltNames && cert->altNames)
|
||||
FreeAltNames(cert->altNames, cert->heap);
|
||||
@@ -12281,7 +12323,8 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen,
|
||||
/* Skip to where public point is to be encoded. */
|
||||
output += sz - pubSz;
|
||||
/* Cache the location to place the name curve OID. */
|
||||
curveOid = (byte*)
|
||||
/* safe cast -- the pointer is actually inside the output buffer. */
|
||||
curveOid = (byte*)(wc_ptr_t)
|
||||
dataASN[ECCPUBLICKEYASN_IDX_ALGOID_CURVEID].data.buffer.data;
|
||||
}
|
||||
|
||||
@@ -12432,7 +12475,9 @@ int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen,
|
||||
/* Encode public key. */
|
||||
SetASN_Items(publicKeyASN, dataASN, publicKeyASN_Length, output);
|
||||
/* Set location to encode public point. */
|
||||
output = (byte*)dataASN[PUBKEYASN_IDX_PUBKEY].data.buffer.data;
|
||||
/* safe cast -- the pointer is actually inside the output buffer. */
|
||||
output = (byte*)(wc_ptr_t)
|
||||
dataASN[PUBKEYASN_IDX_PUBKEY].data.buffer.data;
|
||||
}
|
||||
|
||||
FREE_ASNSETDATA(dataASN, NULL);
|
||||
@@ -13136,7 +13181,8 @@ int GetHashId(const byte* id, int length, byte* hash, int hashAlg)
|
||||
|
||||
/* Set the string for a name component into the subject name. */
|
||||
#define SetCertNameSubject(cert, id, val) \
|
||||
*((char**)(((byte *)(cert)) + certNameSubject[(id) - 3].data)) = (val)
|
||||
*((const char**)(((byte *)(cert)) + certNameSubject[(id) - 3].data)) = \
|
||||
(val)
|
||||
/* Set the string length for a name component into the subject name. */
|
||||
#define SetCertNameSubjectLen(cert, id, val) \
|
||||
*((int*)(((byte *)(cert)) + certNameSubject[(id) - 3].len)) = (int)(val)
|
||||
@@ -13167,7 +13213,8 @@ int GetHashId(const byte* id, int length, byte* hash, int hashAlg)
|
||||
|
||||
/* Set the string for a name component into the issuer name. */
|
||||
#define SetCertNameIssuer(cert, id, val) \
|
||||
*((char**)(((byte *)(cert)) + certNameSubject[(id) - 3].dataI)) = (val)
|
||||
*((const char**)(((byte *)(cert)) + certNameSubject[(id) - 3].dataI)) = \
|
||||
(val)
|
||||
/* Set the string length for a name component into the issuer name. */
|
||||
#define SetCertNameIssuerLen(cert, id, val) \
|
||||
*((int*)(((byte *)(cert)) + certNameSubject[(id) - 3].lenI)) = (int)(val)
|
||||
@@ -13604,7 +13651,7 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap)
|
||||
int ret = 0;
|
||||
size_t nameSz = 0;
|
||||
char tmpName[WOLFSSL_MAX_IPSTR];
|
||||
unsigned char* ip;
|
||||
const unsigned char* ip;
|
||||
|
||||
if (entry == NULL || entry->type != ASN_IP_TYPE) {
|
||||
return BAD_FUNC_ARG;
|
||||
@@ -13615,7 +13662,7 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap)
|
||||
WOLFSSL_MSG("Unexpected IP size");
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
ip = (unsigned char*)entry->name;
|
||||
ip = (const unsigned char*)entry->name;
|
||||
|
||||
XMEMSET(tmpName, 0, sizeof(tmpName));
|
||||
|
||||
@@ -13650,6 +13697,9 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap)
|
||||
if (entry->ipString == NULL) {
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
else {
|
||||
entry->ipStringStored = 1;
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
XMEMCPY(entry->ipString, tmpName, nameSz);
|
||||
@@ -13748,6 +13798,9 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap)
|
||||
if (entry->ridString == NULL) {
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
else {
|
||||
entry->ridStringStored = 1;
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
XMEMCPY(entry->ridString, finalName, (word32)(nameSz + 1));
|
||||
@@ -13810,6 +13863,7 @@ static int SetDNSEntry(void* heap, const char* str, int strLen,
|
||||
{
|
||||
DNS_entry* dnsEntry;
|
||||
int ret = 0;
|
||||
char *dnsEntry_name = NULL;
|
||||
|
||||
/* TODO: consider one malloc. */
|
||||
/* Allocate DNS Entry object. */
|
||||
@@ -13819,18 +13873,21 @@ static int SetDNSEntry(void* heap, const char* str, int strLen,
|
||||
}
|
||||
if (ret == 0) {
|
||||
/* Allocate DNS Entry name - length of string plus 1 for NUL. */
|
||||
dnsEntry->name = (char*)XMALLOC((size_t)strLen + 1, heap,
|
||||
DYNAMIC_TYPE_ALTNAME);
|
||||
dnsEntry->name = dnsEntry_name = (char*)XMALLOC((size_t)strLen + 1,
|
||||
heap, DYNAMIC_TYPE_ALTNAME);
|
||||
if (dnsEntry->name == NULL) {
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
else {
|
||||
dnsEntry->nameStored = 1;
|
||||
}
|
||||
}
|
||||
if (ret == 0) {
|
||||
/* Set tag type, name length, name and NUL terminate name. */
|
||||
dnsEntry->type = type;
|
||||
dnsEntry->len = strLen;
|
||||
XMEMCPY(dnsEntry->name, str, (size_t)strLen);
|
||||
dnsEntry->name[strLen] = '\0';
|
||||
XMEMCPY(dnsEntry_name, str, (size_t)strLen);
|
||||
dnsEntry_name[strLen] = '\0';
|
||||
|
||||
#ifdef WOLFSSL_RID_ALT_NAME
|
||||
/* store registeredID as a string */
|
||||
@@ -13849,7 +13906,7 @@ static int SetDNSEntry(void* heap, const char* str, int strLen,
|
||||
|
||||
/* failure cleanup */
|
||||
if (ret != 0 && dnsEntry != NULL) {
|
||||
XFREE(dnsEntry->name, heap, DYNAMIC_TYPE_ALTNAME);
|
||||
XFREE(dnsEntry_name, heap, DYNAMIC_TYPE_ALTNAME);
|
||||
XFREE(dnsEntry, heap, DYNAMIC_TYPE_ALTNAME);
|
||||
}
|
||||
|
||||
@@ -13866,21 +13923,21 @@ static int SetDNSEntry(void* heap, const char* str, int strLen,
|
||||
* @param [in] tag BER tag representing encoding of string.
|
||||
* @return 0 on success, negative values on failure.
|
||||
*/
|
||||
static int SetSubject(DecodedCert* cert, int id, byte* str, int strLen,
|
||||
static int SetSubject(DecodedCert* cert, int id, const byte* str, int strLen,
|
||||
byte tag)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
/* Put string and encoding into certificate. */
|
||||
if (id == ASN_COMMON_NAME) {
|
||||
cert->subjectCN = (char *)str;
|
||||
cert->subjectCN = (const char *)str;
|
||||
cert->subjectCNLen = (int)strLen;
|
||||
cert->subjectCNEnc = (char)tag;
|
||||
}
|
||||
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
|
||||
else if (id > ASN_COMMON_NAME && id <= ASN_USER_ID) {
|
||||
/* Use table and offsets to put data into appropriate fields. */
|
||||
SetCertNameSubject(cert, id, (char*)str);
|
||||
SetCertNameSubject(cert, id, (const char*)str);
|
||||
SetCertNameSubjectLen(cert, id, strLen);
|
||||
SetCertNameSubjectEnc(cert, id, tag);
|
||||
}
|
||||
@@ -13888,19 +13945,19 @@ static int SetSubject(DecodedCert* cert, int id, byte* str, int strLen,
|
||||
#if !defined(IGNORE_NAME_CONSTRAINTS) || \
|
||||
defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
|
||||
else if (id == ASN_EMAIL) {
|
||||
cert->subjectEmail = (char*)str;
|
||||
cert->subjectEmail = (const char*)str;
|
||||
cert->subjectEmailLen = strLen;
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
/* TODO: consider mapping id to an index and using SetCertNameSubect*(). */
|
||||
else if (id == ASN_JURIS_C) {
|
||||
cert->subjectJC = (char*)str;
|
||||
cert->subjectJC = (const char*)str;
|
||||
cert->subjectJCLen = strLen;
|
||||
cert->subjectJCEnc = (char)tag;
|
||||
}
|
||||
else if (id == ASN_JURIS_ST) {
|
||||
cert->subjectJS = (char*)str;
|
||||
cert->subjectJS = (const char*)str;
|
||||
cert->subjectJSLen = strLen;
|
||||
cert->subjectJSEnc = (char)tag;
|
||||
}
|
||||
@@ -13920,25 +13977,25 @@ static int SetSubject(DecodedCert* cert, int id, byte* str, int strLen,
|
||||
* @param [in] tag BER tag representing encoding of string.
|
||||
* @return 0 on success, negative values on failure.
|
||||
*/
|
||||
static int SetIssuer(DecodedCert* cert, int id, byte* str, int strLen,
|
||||
static int SetIssuer(DecodedCert* cert, int id, const byte* str, int strLen,
|
||||
byte tag)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
/* Put string and encoding into certificate. */
|
||||
if (id == ASN_COMMON_NAME) {
|
||||
cert->issuerCN = (char *)str;
|
||||
cert->issuerCN = (const char *)str;
|
||||
cert->issuerCNLen = (int)strLen;
|
||||
cert->issuerCNEnc = (char)tag;
|
||||
}
|
||||
else if (id > ASN_COMMON_NAME && id <= ASN_USER_ID) {
|
||||
/* Use table and offsets to put data into appropriate fields. */
|
||||
SetCertNameIssuer(cert, id, (char*)str);
|
||||
SetCertNameIssuer(cert, id, (const char*)str);
|
||||
SetCertNameIssuerLen(cert, id, strLen);
|
||||
SetCertNameIssuerEnc(cert, id, tag);
|
||||
}
|
||||
else if (id == ASN_EMAIL) {
|
||||
cert->issuerEmail = (char*)str;
|
||||
cert->issuerEmail = (const char*)str;
|
||||
cert->issuerEmailLen = strLen;
|
||||
}
|
||||
|
||||
@@ -13964,7 +14021,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
|
||||
int ret = 0;
|
||||
const char* typeStr = NULL;
|
||||
byte typeStrLen = 0;
|
||||
byte* oid;
|
||||
const byte* oid;
|
||||
word32 oidSz;
|
||||
int id = 0;
|
||||
|
||||
@@ -14076,7 +14133,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
|
||||
|
||||
if ((ret == 0) && (typeStr != NULL)) {
|
||||
/* OID type to store for subject name and add to full string. */
|
||||
byte* str;
|
||||
const byte* str;
|
||||
word32 strLen;
|
||||
byte tag = dataASN[RDNASN_IDX_ATTR_VAL].tag;
|
||||
|
||||
@@ -14216,7 +14273,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
|
||||
* (do parsing for WOLFSSL_X509_NAME on demand) */
|
||||
if (ret == 0) {
|
||||
int enc;
|
||||
byte* str;
|
||||
const byte* str;
|
||||
word32 strLen;
|
||||
byte tag = dataASN[RDNASN_IDX_ATTR_VAL].tag;
|
||||
|
||||
@@ -17507,7 +17564,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
|
||||
subjectDnsName.next = NULL;
|
||||
subjectDnsName.type = ASN_RFC822_TYPE;
|
||||
subjectDnsName.len = cert->subjectEmailLen;
|
||||
subjectDnsName.name = (char *)cert->subjectEmail;
|
||||
subjectDnsName.name = cert->subjectEmail;
|
||||
}
|
||||
break;
|
||||
case ASN_DIR_TYPE:
|
||||
@@ -17525,7 +17582,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
|
||||
subjectDnsName.next = NULL;
|
||||
subjectDnsName.type = ASN_DIR_TYPE;
|
||||
subjectDnsName.len = cert->subjectRawLen;
|
||||
subjectDnsName.name = (char *)cert->subjectRaw;
|
||||
subjectDnsName.name = (const char *)cert->subjectRaw;
|
||||
}
|
||||
break;
|
||||
case ASN_URI_TYPE:
|
||||
@@ -19307,7 +19364,7 @@ static int DecodeCertPolicy(const byte* input, word32 sz, DecodedCert* cert)
|
||||
#endif
|
||||
) {
|
||||
ASNGetData dataASN[policyInfoASN_Length];
|
||||
byte* data = NULL;
|
||||
const byte* data = NULL;
|
||||
word32 length = 0;
|
||||
|
||||
/* Clear dynamic data and check OID is a cert policy type. */
|
||||
@@ -19442,7 +19499,7 @@ static int DecodeSubjDirAttr(const byte* input, word32 sz, DecodedCert* cert)
|
||||
(dataASN[SUBJDIRATTRASN_IDX_OID].data.oid.sum == SDA_COC_OID)) {
|
||||
int cuLen;
|
||||
word32 setIdx = 0;
|
||||
byte* setData;
|
||||
const byte* setData;
|
||||
word32 setLen;
|
||||
|
||||
GetASN_GetRef(&dataASN[SUBJDIRATTRASN_IDX_SET], &setData, &setLen);
|
||||
@@ -20837,8 +20894,8 @@ static int DecodeCertReqAttrValue(DecodedCert* cert, int* criticalExt,
|
||||
1, input, &idx, maxIdx);
|
||||
if (ret == 0) {
|
||||
/* Store references to password data. */
|
||||
cert->contentType =
|
||||
(char*)strDataASN[STRATTRASN_IDX_STR].data.ref.data;
|
||||
cert->contentType = (const char*)
|
||||
strDataASN[STRATTRASN_IDX_STR].data.ref.data;
|
||||
cert->contentTypeLen =
|
||||
(int)strDataASN[STRATTRASN_IDX_STR].data.ref.length;
|
||||
}
|
||||
@@ -20856,8 +20913,8 @@ static int DecodeCertReqAttrValue(DecodedCert* cert, int* criticalExt,
|
||||
1, input, &idx, maxIdx);
|
||||
if (ret == 0) {
|
||||
/* Store references to password data. */
|
||||
cert->cPwd =
|
||||
(char*)strDataASN[STRATTRASN_IDX_STR].data.ref.data;
|
||||
cert->cPwd = (const char*)
|
||||
strDataASN[STRATTRASN_IDX_STR].data.ref.data;
|
||||
cert->cPwdLen = (int)strDataASN[STRATTRASN_IDX_STR].
|
||||
data.ref.length;
|
||||
}
|
||||
@@ -20876,8 +20933,8 @@ static int DecodeCertReqAttrValue(DecodedCert* cert, int* criticalExt,
|
||||
1, input, &idx, maxIdx);
|
||||
if (ret == 0) {
|
||||
/* Store references to serial number. */
|
||||
cert->sNum =
|
||||
(char*)strDataASN[STRATTRASN_IDX_STR].data.ref.data;
|
||||
cert->sNum = (const char*)
|
||||
strDataASN[STRATTRASN_IDX_STR].data.ref.data;
|
||||
cert->sNumLen = (int)strDataASN[STRATTRASN_IDX_STR].
|
||||
data.ref.length;
|
||||
/* Store serial number if small enough. */
|
||||
@@ -20897,8 +20954,8 @@ static int DecodeCertReqAttrValue(DecodedCert* cert, int* criticalExt,
|
||||
1, input, &idx, maxIdx);
|
||||
if (ret == 0) {
|
||||
/* Store references to unstructured name. */
|
||||
cert->unstructuredName =
|
||||
(char*)strDataASN[STRATTRASN_IDX_STR].data.ref.data;
|
||||
cert->unstructuredName = (const char*)
|
||||
strDataASN[STRATTRASN_IDX_STR].data.ref.data;
|
||||
cert->unstructuredNameLen = (int)strDataASN[STRATTRASN_IDX_STR].
|
||||
data.ref.length;
|
||||
}
|
||||
@@ -21331,7 +21388,7 @@ static int GetAKIHash(const byte* input, word32 maxIdx, word32 sigOID,
|
||||
int ret = 0;
|
||||
word32 idx = 0;
|
||||
word32 extEndIdx;
|
||||
byte* extData;
|
||||
const byte* extData;
|
||||
word32 extDataSz;
|
||||
byte critical;
|
||||
|
||||
@@ -22634,8 +22691,17 @@ void FreeSigner(Signer* signer, void* heap)
|
||||
{
|
||||
(void)signer;
|
||||
(void)heap;
|
||||
XFREE(signer->name, heap, DYNAMIC_TYPE_SUBJECT_CN);
|
||||
XFREE((void*)signer->publicKey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
|
||||
/* this cast is safe because signer->name is only set in FillSigner()
|
||||
* from cert->subjectCN, and only if cert->subjectCNStored, in which case
|
||||
* cert->subjectCN is set to NULL, imparting ownership to the Signer object.
|
||||
*/
|
||||
XFREE((void *)(wc_ptr_t)signer->name, heap, DYNAMIC_TYPE_SUBJECT_CN);
|
||||
/* this cast is safe because signer->publicKey is only set in FillSigner()
|
||||
* from cert->publicKey, and only if cert->pubKeyStored, in which case
|
||||
* cert->publicKey is set to NULL, imparting ownership to the Signer object.
|
||||
*/
|
||||
XFREE((void*)(wc_ptr_t)signer->publicKey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
#ifdef WOLFSSL_DUAL_ALG_CERTS
|
||||
XFREE(signer->sapkiDer, heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
#endif
|
||||
@@ -22710,7 +22776,11 @@ void FreeTrustedPeer(TrustedPeerCert* tp, void* heap)
|
||||
return;
|
||||
}
|
||||
|
||||
XFREE(tp->name, heap, DYNAMIC_TYPE_SUBJECT_CN);
|
||||
/* safe cast -- when .name is set in AddTrustedPeer() from cert->subjectCN,
|
||||
* it inherits the allocation from ParseCert(), and cert->subjectCN is set
|
||||
* to NULL.
|
||||
*/
|
||||
XFREE((void *)(wc_ptr_t)tp->name, heap, DYNAMIC_TYPE_SUBJECT_CN);
|
||||
|
||||
XFREE(tp->sig, heap, DYNAMIC_TYPE_SIGNATURE);
|
||||
#ifndef IGNORE_NAME_CONSTRAINTS
|
||||
@@ -23328,7 +23398,7 @@ int wc_EncryptedInfoParse(EncryptedInfo* info, const char** pBuffer,
|
||||
int err = 0;
|
||||
const char* bufferStart;
|
||||
const char* bufferEnd;
|
||||
char* line;
|
||||
const char* line;
|
||||
|
||||
if (info == NULL || pBuffer == NULL || bufSz == 0)
|
||||
return BAD_FUNC_ARG;
|
||||
@@ -23341,8 +23411,8 @@ int wc_EncryptedInfoParse(EncryptedInfo* info, const char** pBuffer,
|
||||
min((word32)bufSz, PEM_LINE_LEN));
|
||||
if (line != NULL) {
|
||||
word32 lineSz;
|
||||
char* finish;
|
||||
char* start;
|
||||
const char* finish;
|
||||
const char* start;
|
||||
word32 startSz;
|
||||
const char* newline = NULL;
|
||||
|
||||
@@ -23626,7 +23696,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
|
||||
|
||||
/* map header if not found for type */
|
||||
for (;;) {
|
||||
headerEnd = XSTRNSTR((char*)buff, header, sz);
|
||||
headerEnd = XSTRNSTR((const char *)buff, header, sz);
|
||||
if (headerEnd) {
|
||||
break;
|
||||
}
|
||||
@@ -23852,7 +23922,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
|
||||
#endif /* WOLFSSL_ENCRYPTED_KEYS */
|
||||
|
||||
/* find footer */
|
||||
footerEnd = XSTRNSTR(headerEnd, footer, (unsigned int)((char*)buff +
|
||||
footerEnd = XSTRNSTR(headerEnd, footer, (unsigned int)((const char*)buff +
|
||||
sz - headerEnd));
|
||||
if (!footerEnd) {
|
||||
if (info)
|
||||
@@ -23891,7 +23961,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
|
||||
case CERT_TYPE:
|
||||
case TRUSTED_CERT_TYPE:
|
||||
case CRL_TYPE:
|
||||
if (Base64_Decode_nonCT((byte*)headerEnd, (word32)neededSz,
|
||||
if (Base64_Decode_nonCT((const byte*)headerEnd, (word32)neededSz,
|
||||
der->buffer, &der->length) < 0)
|
||||
{
|
||||
WOLFSSL_ERROR(BUFFER_E);
|
||||
@@ -23899,7 +23969,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
|
||||
}
|
||||
break;
|
||||
default:
|
||||
if (Base64_Decode((byte*)headerEnd, (word32)neededSz,
|
||||
if (Base64_Decode((const byte*)headerEnd, (word32)neededSz,
|
||||
der->buffer, &der->length) < 0) {
|
||||
WOLFSSL_ERROR(BUFFER_E);
|
||||
return BUFFER_E;
|
||||
@@ -24113,7 +24183,8 @@ int wc_KeyPemToDer(const unsigned char* pem, int pemSz,
|
||||
XMEMSET(info, 0, sizeof(EncryptedInfo));
|
||||
#ifdef WOLFSSL_ENCRYPTED_KEYS
|
||||
info->passwd_cb = KeyPemToDerPassCb;
|
||||
info->passwd_userdata = (void*)pass;
|
||||
/* if user passes readonly data, user must only access it readonly. */
|
||||
info->passwd_userdata = (void*)(wc_ptr_t)pass;
|
||||
#else
|
||||
(void)pass;
|
||||
#endif
|
||||
@@ -24986,7 +25057,7 @@ static int wc_SetCert_LoadDer(Cert* cert, const byte* der, word32 derSz,
|
||||
ret = ParseCertRelative((DecodedCert*)cert->decodedCert,
|
||||
CERT_TYPE, 0, NULL, NULL);
|
||||
if (ret >= 0) {
|
||||
cert->der = (byte*)der;
|
||||
cert->der = der;
|
||||
}
|
||||
else {
|
||||
wc_SetCert_Free(cert);
|
||||
@@ -26653,8 +26724,11 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
if (cert->extKeyUsage != 0){
|
||||
/* Encode Extended Key Usage into space provided. */
|
||||
if (SetExtKeyUsage(cert,
|
||||
(byte*)dataASN[CERTEXTSASN_IDX_EKU_STR].data.buffer.data,
|
||||
/* safe cast -- the pointer is actually inside the output buffer. */
|
||||
if (SetExtKeyUsage(
|
||||
cert,
|
||||
(byte*)(wc_ptr_t)
|
||||
dataASN[CERTEXTSASN_IDX_EKU_STR].data.buffer.data,
|
||||
dataASN[CERTEXTSASN_IDX_EKU_STR].data.buffer.length,
|
||||
cert->extKeyUsage) <= 0) {
|
||||
ret = KEYUSAGE_E;
|
||||
@@ -26662,8 +26736,10 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
|
||||
}
|
||||
if ((!forRequest) && (cert->certPoliciesNb > 0)) {
|
||||
/* Encode Certificate Policies into space provided. */
|
||||
/* safe cast -- the pointer is actually inside the output buffer. */
|
||||
if (SetCertificatePolicies(
|
||||
(byte*)dataASN[CERTEXTSASN_IDX_POLICIES_INFO].data.buffer.data,
|
||||
(byte*)(wc_ptr_t)
|
||||
dataASN[CERTEXTSASN_IDX_POLICIES_INFO].data.buffer.data,
|
||||
dataASN[CERTEXTSASN_IDX_POLICIES_INFO].data.buffer.length,
|
||||
cert->certPolicies, cert->certPoliciesNb, cert->heap) <= 0) {
|
||||
ret = CERTPOLICIES_E;
|
||||
@@ -27410,16 +27486,20 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
|
||||
/* Encode issuer name into buffer. Use the subject as the issuer
|
||||
* if it is self-signed. Size will be correct because we did the
|
||||
* same for size. */
|
||||
/* safe cast -- the pointer is actually inside derBuffer. */
|
||||
ret = SetNameEx(
|
||||
(byte*)dataASN[X509CERTASN_IDX_TBS_ISSUER_SEQ].data.buffer.data,
|
||||
(byte*)(wc_ptr_t)
|
||||
dataASN[X509CERTASN_IDX_TBS_ISSUER_SEQ].data.buffer.data,
|
||||
dataASN[X509CERTASN_IDX_TBS_ISSUER_SEQ].data.buffer.length,
|
||||
cert->selfSigned ? &cert->subject : &cert->issuer, cert->heap);
|
||||
}
|
||||
}
|
||||
if ((ret >= 0) && (sbjRawLen == 0)) {
|
||||
/* Encode subject name into buffer. */
|
||||
/* safe cast -- the pointer is actually inside derBuffer. */
|
||||
ret = SetNameEx(
|
||||
(byte*)dataASN[X509CERTASN_IDX_TBS_SUBJECT_SEQ].data.buffer.data,
|
||||
(byte*)(wc_ptr_t)
|
||||
dataASN[X509CERTASN_IDX_TBS_SUBJECT_SEQ].data.buffer.data,
|
||||
dataASN[X509CERTASN_IDX_TBS_SUBJECT_SEQ].data.buffer.length,
|
||||
&cert->subject, cert->heap);
|
||||
}
|
||||
@@ -27427,17 +27507,19 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
|
||||
if (cert->beforeDateSz == 0 || cert->afterDateSz == 0)
|
||||
{
|
||||
/* Encode validity into buffer. */
|
||||
/* safe casts -- the pointers are actually inside derBuffer. */
|
||||
ret = SetValidity(
|
||||
(byte*)dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTB_GT]
|
||||
(byte*)(wc_ptr_t)dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTB_GT]
|
||||
.data.buffer.data,
|
||||
(byte*)dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTA_GT]
|
||||
(byte*)(wc_ptr_t)dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTA_GT]
|
||||
.data.buffer.data, cert->daysValid);
|
||||
}
|
||||
}
|
||||
if (ret >= 0) {
|
||||
/* Encode public key into buffer. */
|
||||
/* safe cast -- the pointer is actually inside derBuffer. */
|
||||
ret = EncodePublicKey(cert->keyType,
|
||||
(byte*)dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_SEQ]
|
||||
(byte*)(wc_ptr_t)dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_SEQ]
|
||||
.data.buffer.data,
|
||||
(int)dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_SEQ]
|
||||
.data.buffer.length,
|
||||
@@ -27446,9 +27528,12 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
|
||||
}
|
||||
if ((ret >= 0) && (!dataASN[X509CERTASN_IDX_TBS_EXT_SEQ].noOut)) {
|
||||
/* Encode extensions into buffer. */
|
||||
ret = EncodeExtensions(cert,
|
||||
(byte*)dataASN[X509CERTASN_IDX_TBS_EXT_SEQ].data.buffer.data,
|
||||
dataASN[X509CERTASN_IDX_TBS_EXT_SEQ].data.buffer.length, 0);
|
||||
/* safe cast -- the pointer is actually inside derBuffer. */
|
||||
ret = EncodeExtensions(
|
||||
cert,
|
||||
(byte*)(wc_ptr_t)
|
||||
dataASN[X509CERTASN_IDX_TBS_EXT_SEQ].data.buffer.data,
|
||||
dataASN[X509CERTASN_IDX_TBS_EXT_SEQ].data.buffer.length, 0);
|
||||
}
|
||||
if (ret >= 0) {
|
||||
/* Store encoded certificate body size. */
|
||||
@@ -27828,16 +27913,21 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
|
||||
#endif
|
||||
{
|
||||
/* Encode subject name into space in buffer. */
|
||||
/* safe cast -- the pointer is actually inside derBuffer. */
|
||||
ret = SetNameEx(
|
||||
(byte*)dataASN[CERTREQBODYASN_IDX_SUBJ_SEQ].data.buffer.data,
|
||||
(byte*)(wc_ptr_t)
|
||||
dataASN[CERTREQBODYASN_IDX_SUBJ_SEQ].data.buffer.data,
|
||||
dataASN[CERTREQBODYASN_IDX_SUBJ_SEQ].data.buffer.length,
|
||||
&cert->subject, cert->heap);
|
||||
}
|
||||
}
|
||||
if (ret >= 0 && derBuffer != NULL) {
|
||||
/* Encode public key into space in buffer. */
|
||||
ret = EncodePublicKey(cert->keyType,
|
||||
(byte*)dataASN[CERTREQBODYASN_IDX_SPUBKEYINFO_SEQ].data.buffer.data,
|
||||
/* safe cast -- the pointer is actually inside derBuffer. */
|
||||
ret = EncodePublicKey(
|
||||
cert->keyType,
|
||||
(byte*)(wc_ptr_t)
|
||||
dataASN[CERTREQBODYASN_IDX_SPUBKEYINFO_SEQ].data.buffer.data,
|
||||
(int)dataASN[CERTREQBODYASN_IDX_SPUBKEYINFO_SEQ].data.buffer.length,
|
||||
rsaKey, eccKey, ed25519Key, ed448Key, dsaKey, falconKey,
|
||||
dilithiumKey, sphincsKey);
|
||||
@@ -27845,9 +27935,12 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
|
||||
if ((ret >= 0 && derBuffer != NULL) &&
|
||||
(!dataASN[CERTREQBODYASN_IDX_EXT_BODY].noOut)) {
|
||||
/* Encode extensions into space in buffer. */
|
||||
ret = EncodeExtensions(cert,
|
||||
(byte*)dataASN[CERTREQBODYASN_IDX_EXT_BODY].data.buffer.data,
|
||||
dataASN[CERTREQBODYASN_IDX_EXT_BODY].data.buffer.length, 1);
|
||||
/* safe cast -- the pointer is actually inside derBuffer. */
|
||||
ret = EncodeExtensions(
|
||||
cert,
|
||||
(byte*)(wc_ptr_t)
|
||||
dataASN[CERTREQBODYASN_IDX_EXT_BODY].data.buffer.data,
|
||||
dataASN[CERTREQBODYASN_IDX_EXT_BODY].data.buffer.length, 1);
|
||||
}
|
||||
if (ret >= 0) {
|
||||
/* Store encoded certificate request body size. */
|
||||
@@ -28998,9 +29091,11 @@ int wc_SetCustomExtension(Cert *cert, int critical, const char *oid,
|
||||
|
||||
ext = &cert->customCertExt[cert->customCertExtCount];
|
||||
|
||||
ext->oid = (char*)oid;
|
||||
/* if supplied oid is readonly, user must access ext->oid readonly. */
|
||||
ext->oid = (char*)(wc_ptr_t)oid;
|
||||
ext->crit = (critical == 0) ? 0 : 1;
|
||||
ext->val = (byte*)der;
|
||||
/* if supplied der is readonly, user must access ext->der readonly. */
|
||||
ext->val = (byte*)(wc_ptr_t)der;
|
||||
ext->valSz = (int)derSz;
|
||||
|
||||
cert->customCertExtCount++;
|
||||
@@ -30002,43 +30097,55 @@ static int EccSpecifiedECDomainDecode(const byte* input, word32 inSz,
|
||||
/* Allocate buffer to put hex strings into. */
|
||||
if (ret == 0) {
|
||||
/* Base X-ordinate */
|
||||
char *curve_Gx = NULL;
|
||||
ret = DataToHexStringAlloc(base + 1, (word32)curve->size,
|
||||
(char**)&curve->Gx, heap,
|
||||
&curve_Gx, heap,
|
||||
DYNAMIC_TYPE_ECC_BUFFER);
|
||||
curve->Gx = curve_Gx;
|
||||
}
|
||||
if (ret == 0) {
|
||||
/* Base Y-ordinate */
|
||||
char *curve_Gy = NULL;
|
||||
ret = DataToHexStringAlloc(base + 1 + curve->size, (word32)curve->size,
|
||||
(char**)&curve->Gy, heap,
|
||||
&curve_Gy, heap,
|
||||
DYNAMIC_TYPE_ECC_BUFFER);
|
||||
curve->Gy = curve_Gy;
|
||||
}
|
||||
if (ret == 0) {
|
||||
/* Prime */
|
||||
char *curve_prime = NULL;
|
||||
ret = DataToHexStringAlloc(
|
||||
dataASN[ECCSPECIFIEDASN_IDX_PRIME_P].data.ref.data,
|
||||
dataASN[ECCSPECIFIEDASN_IDX_PRIME_P].data.ref.length,
|
||||
(char**)&curve->prime, heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
&curve_prime, heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
curve->prime = curve_prime;
|
||||
}
|
||||
if (ret == 0) {
|
||||
/* Parameter A */
|
||||
char *curve_Af = NULL;
|
||||
ret = DataToHexStringAlloc(
|
||||
dataASN[ECCSPECIFIEDASN_IDX_PARAM_A].data.ref.data,
|
||||
dataASN[ECCSPECIFIEDASN_IDX_PARAM_A].data.ref.length,
|
||||
(char**)&curve->Af, heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
&curve_Af, heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
curve->Af = curve_Af;
|
||||
}
|
||||
if (ret == 0) {
|
||||
/* Parameter B */
|
||||
char *curve_Bf = NULL;
|
||||
ret = DataToHexStringAlloc(
|
||||
dataASN[ECCSPECIFIEDASN_IDX_PARAM_B].data.ref.data,
|
||||
dataASN[ECCSPECIFIEDASN_IDX_PARAM_B].data.ref.length,
|
||||
(char**)&curve->Bf, heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
&curve_Bf, heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
curve->Bf = curve_Bf;
|
||||
}
|
||||
if (ret == 0) {
|
||||
/* Order of curve */
|
||||
char *curve_order = NULL;
|
||||
ret = DataToHexStringAlloc(
|
||||
dataASN[ECCSPECIFIEDASN_IDX_ORDER].data.ref.data,
|
||||
dataASN[ECCSPECIFIEDASN_IDX_ORDER].data.ref.length,
|
||||
(char**)&curve->order, heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
&curve_order, heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
curve->order = curve_order;
|
||||
}
|
||||
#else
|
||||
if (ret == 0) {
|
||||
@@ -30402,8 +30509,11 @@ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
|
||||
|
||||
if (curveIn) {
|
||||
/* Put named curve OID data into encoding. */
|
||||
curveIdSz = SetCurve(key,
|
||||
(byte*)dataASN[ECCKEYASN_IDX_CURVEID].data.buffer.data,
|
||||
/* safe cast -- the pointer is actually inside the output buffer. */
|
||||
curveIdSz = SetCurve(
|
||||
key,
|
||||
(byte *)(wc_ptr_t)
|
||||
dataASN[ECCKEYASN_IDX_CURVEID].data.buffer.data,
|
||||
(size_t)curveIdSz);
|
||||
if (curveIdSz < 0) {
|
||||
ret = curveIdSz;
|
||||
@@ -30411,15 +30521,22 @@ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
|
||||
}
|
||||
if (ret == 0) {
|
||||
/* Export the private value into the buffer. */
|
||||
ret = wc_ecc_export_private_only(key,
|
||||
(byte*)dataASN[ECCKEYASN_IDX_PKEY].data.buffer.data, &privSz);
|
||||
/* safe cast -- the pointer is actually inside the output buffer. */
|
||||
ret = wc_ecc_export_private_only(
|
||||
key,
|
||||
(byte*)(wc_ptr_t)
|
||||
dataASN[ECCKEYASN_IDX_PKEY].data.buffer.data,
|
||||
&privSz);
|
||||
}
|
||||
if ((ret == 0) && pubIn) {
|
||||
/* Export the public point into the buffer. */
|
||||
PRIVATE_KEY_UNLOCK();
|
||||
ret = wc_ecc_export_x963(key,
|
||||
(byte*)dataASN[ECCKEYASN_IDX_PUBKEY_VAL].data.buffer.data,
|
||||
&pubSz);
|
||||
/* safe cast -- the pointer is actually inside the output buffer. */
|
||||
ret = wc_ecc_export_x963(
|
||||
key,
|
||||
(byte*)(wc_ptr_t)
|
||||
dataASN[ECCKEYASN_IDX_PUBKEY_VAL].data.buffer.data,
|
||||
&pubSz);
|
||||
PRIVATE_KEY_LOCK();
|
||||
}
|
||||
}
|
||||
@@ -31262,13 +31379,19 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen,
|
||||
SetASN_Items(privateKeyASN, dataASN, privateKeyASN_Length, output);
|
||||
|
||||
/* Put private value into space provided. */
|
||||
XMEMCPY((byte*)dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.buffer.data,
|
||||
privKey, privKeyLen);
|
||||
/* safe cast -- the pointer is actually inside output buffer. */
|
||||
XMEMCPY(
|
||||
(byte*)(wc_ptr_t)
|
||||
dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.buffer.data,
|
||||
privKey, privKeyLen);
|
||||
|
||||
if (pubKey != NULL) {
|
||||
/* Put public value into space provided. */
|
||||
XMEMCPY((byte*)dataASN[PRIVKEYASN_IDX_PUBKEY].data.buffer.data,
|
||||
pubKey, pubKeyLen);
|
||||
/* safe cast -- the pointer is actually inside output buffer. */
|
||||
XMEMCPY(
|
||||
(byte*)(wc_ptr_t)
|
||||
dataASN[PRIVKEYASN_IDX_PUBKEY].data.buffer.data,
|
||||
pubKey, pubKeyLen);
|
||||
}
|
||||
}
|
||||
if (ret == 0) {
|
||||
@@ -31885,8 +32008,8 @@ WC_MAYBE_UNUSED static int EncodeSingleResponse(OcspEntry* single, byte* out,
|
||||
#endif /* HAVE_OCSP_RESPONDER */
|
||||
|
||||
#ifdef WOLFSSL_ASN_TEMPLATE
|
||||
static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
|
||||
int wrapperSz, OcspEntry* single)
|
||||
static int DecodeSingleResponse(const byte* source, word32* ioIndex,
|
||||
word32 size, int wrapperSz, OcspEntry* single)
|
||||
{
|
||||
DECL_ASNGETDATA(dataASN, singleResponseASN_Length);
|
||||
int ret = 0;
|
||||
@@ -32020,7 +32143,7 @@ enum {
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_ASN_TEMPLATE
|
||||
static int DecodeOcspRespExtensions(byte* source, word32* ioIndex,
|
||||
static int DecodeOcspRespExtensions(const byte* source, word32* ioIndex,
|
||||
OcspResponse* resp, word32 sz)
|
||||
{
|
||||
/* certExtASN_Length is greater than respExtHdrASN_Length */
|
||||
@@ -32308,7 +32431,7 @@ WC_MAYBE_UNUSED static int EncodeResponseData(OcspResponse* resp, byte* out,
|
||||
#endif /* HAVE_OCSP_RESPONDER */
|
||||
|
||||
#ifdef WOLFSSL_ASN_TEMPLATE
|
||||
static int DecodeResponseData(byte* source, word32* ioIndex,
|
||||
static int DecodeResponseData(const byte* source, word32* ioIndex,
|
||||
OcspResponse* resp, word32 size)
|
||||
{
|
||||
DECL_ASNGETDATA(dataASN, ocspRespDataASN_Length);
|
||||
@@ -32735,7 +32858,7 @@ WC_MAYBE_UNUSED static int EncodeBasicOcspResponse(OcspResponse* resp,
|
||||
#endif /* HAVE_OCSP_RESPONDER */
|
||||
|
||||
#ifdef WOLFSSL_ASN_TEMPLATE
|
||||
static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
|
||||
static int DecodeBasicOcspResponse(const byte* source, word32* ioIndex,
|
||||
OcspResponse* resp, word32 size, void* cm, void* heap, int noVerify,
|
||||
int noVerifySignature)
|
||||
{
|
||||
@@ -33016,7 +33139,7 @@ int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap,
|
||||
word32 idx = 0, size = resp->maxIdx;
|
||||
byte* source = resp->source;
|
||||
byte status = 0;
|
||||
byte* basic;
|
||||
const byte* basic;
|
||||
word32 basicSz;
|
||||
|
||||
WOLFSSL_ENTER("OcspResponseDecode");
|
||||
@@ -33375,7 +33498,7 @@ int DecodeOcspRequest(OcspRequest* req, const byte* input, word32 size)
|
||||
word32 idx = 0;
|
||||
word32 issuerHashSz = sizeof(req->issuerHash);
|
||||
word32 issuerKeyHashSz = sizeof(req->issuerKeyHash);
|
||||
byte* serial = NULL;
|
||||
const byte* serial = NULL;
|
||||
word32 serialSz = 0;
|
||||
|
||||
WOLFSSL_ENTER("DecodeOcspRequest");
|
||||
|
||||
+30
-19
@@ -3182,8 +3182,10 @@ static int DecodeConstructedOtherName(DecodedCert* cert, const byte* input,
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
else {
|
||||
XMEMCPY(dnsEntry->name, &input[*idx], (size_t)strLen);
|
||||
dnsEntry->name[strLen] = '\0';
|
||||
dnsEntry->nameStored = 1;
|
||||
XMEMCPY((void *)(wc_ptr_t)dnsEntry->name, &input[*idx],
|
||||
(size_t)strLen);
|
||||
((char *)(wc_ptr_t)dnsEntry->name)[strLen] = '\0';
|
||||
AddAltName(cert, dnsEntry);
|
||||
}
|
||||
}
|
||||
@@ -3271,9 +3273,11 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
|
||||
XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
|
||||
return MEMORY_E;
|
||||
}
|
||||
dnsEntry->nameStored = 1;
|
||||
dnsEntry->len = strLen;
|
||||
XMEMCPY(dnsEntry->name, &input[idx], (size_t)strLen);
|
||||
dnsEntry->name[strLen] = '\0';
|
||||
XMEMCPY((void *)(wc_ptr_t)dnsEntry->name, &input[idx],
|
||||
(size_t)strLen);
|
||||
((char *)(wc_ptr_t)dnsEntry->name)[strLen] = '\0';
|
||||
|
||||
AddAltName(cert, dnsEntry);
|
||||
|
||||
@@ -3315,9 +3319,11 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
|
||||
XFREE(dirEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
|
||||
return MEMORY_E;
|
||||
}
|
||||
dirEntry->nameStored = 1;
|
||||
dirEntry->len = strLen;
|
||||
XMEMCPY(dirEntry->name, &input[idx], (size_t)strLen);
|
||||
dirEntry->name[strLen] = '\0';
|
||||
XMEMCPY((void *)(wc_ptr_t)dirEntry->name, &input[idx],
|
||||
(size_t)strLen);
|
||||
((char *)(wc_ptr_t)dirEntry->name)[strLen] = '\0';
|
||||
dirEntry->next = cert->altDirNames;
|
||||
cert->altDirNames = dirEntry;
|
||||
|
||||
@@ -3343,7 +3349,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
|
||||
WOLFSSL_MSG("\tOut of Memory");
|
||||
return MEMORY_E;
|
||||
}
|
||||
|
||||
emailEntry->nameStored = 1;
|
||||
emailEntry->type = ASN_RFC822_TYPE;
|
||||
emailEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap,
|
||||
DYNAMIC_TYPE_ALTNAME);
|
||||
@@ -3353,8 +3359,9 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
|
||||
return MEMORY_E;
|
||||
}
|
||||
emailEntry->len = strLen;
|
||||
XMEMCPY(emailEntry->name, &input[idx], (size_t)strLen);
|
||||
emailEntry->name[strLen] = '\0';
|
||||
XMEMCPY((void *)(wc_ptr_t)emailEntry->name, &input[idx],
|
||||
(size_t)strLen);
|
||||
((char *)(wc_ptr_t)emailEntry->name)[strLen] = '\0';
|
||||
|
||||
emailEntry->next = cert->altEmailNames;
|
||||
cert->altEmailNames = emailEntry;
|
||||
@@ -3426,7 +3433,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
|
||||
WOLFSSL_MSG("\tOut of Memory");
|
||||
return MEMORY_E;
|
||||
}
|
||||
|
||||
uriEntry->nameStored = 1;
|
||||
uriEntry->type = ASN_URI_TYPE;
|
||||
uriEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap,
|
||||
DYNAMIC_TYPE_ALTNAME);
|
||||
@@ -3436,8 +3443,9 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
|
||||
return MEMORY_E;
|
||||
}
|
||||
uriEntry->len = strLen;
|
||||
XMEMCPY(uriEntry->name, &input[idx], (size_t)strLen);
|
||||
uriEntry->name[strLen] = '\0';
|
||||
XMEMCPY((void *)(wc_ptr_t)uriEntry->name, &input[idx],
|
||||
(size_t)strLen);
|
||||
((char *)(wc_ptr_t)uriEntry->name)[strLen] = '\0';
|
||||
|
||||
AddAltName(cert, uriEntry);
|
||||
|
||||
@@ -3469,7 +3477,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
|
||||
WOLFSSL_MSG("\tOut of Memory");
|
||||
return MEMORY_E;
|
||||
}
|
||||
|
||||
ipAddr->nameStored = 1;
|
||||
ipAddr->type = ASN_IP_TYPE;
|
||||
ipAddr->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap,
|
||||
DYNAMIC_TYPE_ALTNAME);
|
||||
@@ -3479,12 +3487,13 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
|
||||
return MEMORY_E;
|
||||
}
|
||||
ipAddr->len = strLen;
|
||||
XMEMCPY(ipAddr->name, &input[idx], strLen);
|
||||
ipAddr->name[strLen] = '\0';
|
||||
XMEMCPY((void *)(wc_ptr_t)ipAddr->name, &input[idx], strLen);
|
||||
((char *)(wc_ptr_t)ipAddr->name)[strLen] = '\0';
|
||||
|
||||
if (GenerateDNSEntryIPString(ipAddr, cert->heap) != 0) {
|
||||
WOLFSSL_MSG("\tOut of Memory for IP string");
|
||||
XFREE(ipAddr->name, cert->heap, DYNAMIC_TYPE_ALTNAME);
|
||||
XFREE((void *)(wc_ptr_t)ipAddr->name, cert->heap,
|
||||
DYNAMIC_TYPE_ALTNAME);
|
||||
XFREE(ipAddr, cert->heap, DYNAMIC_TYPE_ALTNAME);
|
||||
return MEMORY_E;
|
||||
}
|
||||
@@ -3528,13 +3537,15 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
|
||||
XFREE(rid, cert->heap, DYNAMIC_TYPE_ALTNAME);
|
||||
return MEMORY_E;
|
||||
}
|
||||
rid->nameStored = 1;
|
||||
rid->len = strLen;
|
||||
XMEMCPY(rid->name, &input[idx], strLen);
|
||||
rid->name[strLen] = '\0';
|
||||
XMEMCPY((void *)(wc_ptr_t)rid->name, &input[idx], strLen);
|
||||
((char *)(wc_ptr_t)rid->name)[strLen] = '\0';
|
||||
|
||||
if (GenerateDNSEntryRIDString(rid, cert->heap) != 0) {
|
||||
WOLFSSL_MSG("\tOut of Memory for registered Id string");
|
||||
XFREE(rid->name, cert->heap, DYNAMIC_TYPE_ALTNAME);
|
||||
XFREE((void *)(wc_ptr_t)rid->name, cert->heap,
|
||||
DYNAMIC_TYPE_ALTNAME);
|
||||
XFREE(rid, cert->heap, DYNAMIC_TYPE_ALTNAME);
|
||||
return MEMORY_E;
|
||||
}
|
||||
|
||||
+19
-53
@@ -106,9 +106,9 @@ static WC_INLINE int blake2b_init0( blake2b_state *S )
|
||||
int blake2b_init_param( blake2b_state *S, const blake2b_param *P )
|
||||
{
|
||||
word32 i;
|
||||
byte *p ;
|
||||
const byte *p ;
|
||||
blake2b_init0( S );
|
||||
p = ( byte * )( P );
|
||||
p = ( const byte * )( P );
|
||||
|
||||
/* IV XOR ParamBlock */
|
||||
for( i = 0; i < 8; ++i )
|
||||
@@ -120,71 +120,37 @@ int blake2b_init_param( blake2b_state *S, const blake2b_param *P )
|
||||
|
||||
int blake2b_init( blake2b_state *S, const byte outlen )
|
||||
{
|
||||
#ifdef WOLFSSL_BLAKE2B_INIT_EACH_FIELD
|
||||
blake2b_param P[1];
|
||||
#else
|
||||
volatile blake2b_param P[1];
|
||||
#endif
|
||||
volatile blake2b_param P;
|
||||
|
||||
if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return BAD_FUNC_ARG;
|
||||
|
||||
#ifdef WOLFSSL_BLAKE2B_INIT_EACH_FIELD
|
||||
P->digest_length = outlen;
|
||||
P->key_length = 0;
|
||||
P->fanout = 1;
|
||||
P->depth = 1;
|
||||
store32( &P->leaf_length, 0 );
|
||||
store64( &P->node_offset, 0 );
|
||||
P->node_depth = 0;
|
||||
P->inner_length = 0;
|
||||
XMEMSET( P->reserved, 0, sizeof( P->reserved ) );
|
||||
XMEMSET( P->salt, 0, sizeof( P->salt ) );
|
||||
XMEMSET( P->personal, 0, sizeof( P->personal ) );
|
||||
#else
|
||||
XMEMSET( (blake2b_param *)P, 0, sizeof( *P ) );
|
||||
P->digest_length = outlen;
|
||||
P->fanout = 1;
|
||||
P->depth = 1;
|
||||
#endif
|
||||
return blake2b_init_param( S, (blake2b_param *)P );
|
||||
}
|
||||
XMEMSET((void *)(wc_ptr_t)&P, 0, sizeof(P));
|
||||
WC_BARRIER();
|
||||
P.digest_length = outlen;
|
||||
P.fanout = 1;
|
||||
P.depth = 1;
|
||||
|
||||
return blake2b_init_param(S, (const blake2b_param *)(wc_ptr_t)&P);
|
||||
}
|
||||
|
||||
int blake2b_init_key( blake2b_state *S, const byte outlen, const void *key,
|
||||
const byte keylen )
|
||||
{
|
||||
int ret = 0;
|
||||
#ifdef WOLFSSL_BLAKE2B_INIT_EACH_FIELD
|
||||
blake2b_param P[1];
|
||||
#else
|
||||
volatile blake2b_param P[1];
|
||||
#endif
|
||||
volatile blake2b_param P;
|
||||
|
||||
if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return BAD_FUNC_ARG;
|
||||
|
||||
if ( !key || !keylen || keylen > BLAKE2B_KEYBYTES ) return BAD_FUNC_ARG;
|
||||
|
||||
#ifdef WOLFSSL_BLAKE2B_INIT_EACH_FIELD
|
||||
P->digest_length = outlen;
|
||||
P->key_length = keylen;
|
||||
P->fanout = 1;
|
||||
P->depth = 1;
|
||||
store32( &P->leaf_length, 0 );
|
||||
store64( &P->node_offset, 0 );
|
||||
P->node_depth = 0;
|
||||
P->inner_length = 0;
|
||||
XMEMSET( P->reserved, 0, sizeof( P->reserved ) );
|
||||
XMEMSET( P->salt, 0, sizeof( P->salt ) );
|
||||
XMEMSET( P->personal, 0, sizeof( P->personal ) );
|
||||
#else
|
||||
XMEMSET( (blake2b_param *)P, 0, sizeof( *P ) );
|
||||
P->digest_length = outlen;
|
||||
P->key_length = keylen;
|
||||
P->fanout = 1;
|
||||
P->depth = 1;
|
||||
#endif
|
||||
XMEMSET( (void *)(wc_ptr_t)&P, 0, sizeof( P ) );
|
||||
WC_BARRIER();
|
||||
P.digest_length = outlen;
|
||||
P.key_length = keylen;
|
||||
P.fanout = 1;
|
||||
P.depth = 1;
|
||||
|
||||
ret = blake2b_init_param( S, (blake2b_param *)P );
|
||||
ret = blake2b_init_param(S, (const blake2b_param *)(wc_ptr_t)&P);
|
||||
if ( ret < 0 ) return ret;
|
||||
|
||||
{
|
||||
@@ -409,7 +375,7 @@ int blake2b( byte *out, const void *in, const void *key, const byte outlen,
|
||||
}
|
||||
|
||||
{
|
||||
int ret = blake2b_update( S, ( byte * )in, inlen );
|
||||
int ret = blake2b_update( S, ( const byte * )in, inlen );
|
||||
if (ret < 0) return ret;
|
||||
}
|
||||
|
||||
|
||||
+19
-50
@@ -102,9 +102,9 @@ static WC_INLINE int blake2s_init0( blake2s_state *S )
|
||||
int blake2s_init_param( blake2s_state *S, const blake2s_param *P )
|
||||
{
|
||||
word32 i;
|
||||
byte *p ;
|
||||
const byte *p ;
|
||||
blake2s_init0( S );
|
||||
p = ( byte * )( P );
|
||||
p = ( const byte * )( P );
|
||||
|
||||
/* IV XOR ParamBlock */
|
||||
for( i = 0; i < 8; ++i )
|
||||
@@ -117,32 +117,17 @@ int blake2s_init_param( blake2s_state *S, const blake2s_param *P )
|
||||
|
||||
int blake2s_init( blake2s_state *S, const byte outlen )
|
||||
{
|
||||
#ifdef WOLFSSL_BLAKE2S_INIT_EACH_FIELD
|
||||
blake2s_param P[1];
|
||||
#else
|
||||
volatile blake2s_param P[1];
|
||||
#endif
|
||||
volatile blake2s_param P;
|
||||
|
||||
if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return BAD_FUNC_ARG;
|
||||
|
||||
#ifdef WOLFSSL_BLAKE2S_INIT_EACH_FIELD
|
||||
P->digest_length = outlen;
|
||||
P->key_length = 0;
|
||||
P->fanout = 1;
|
||||
P->depth = 1;
|
||||
store32( &P->leaf_length, 0 );
|
||||
store32( &P->node_offset, 0 );
|
||||
P->node_depth = 0;
|
||||
P->inner_length = 0;
|
||||
XMEMSET( P->salt, 0, sizeof( P->salt ) );
|
||||
XMEMSET( P->personal, 0, sizeof( P->personal ) );
|
||||
#else
|
||||
XMEMSET( (blake2s_param *)P, 0, sizeof( *P ) );
|
||||
P->digest_length = outlen;
|
||||
P->fanout = 1;
|
||||
P->depth = 1;
|
||||
#endif
|
||||
return blake2s_init_param( S, (blake2s_param *)P );
|
||||
XMEMSET( (void *)(wc_ptr_t)&P, 0, sizeof( P ) );
|
||||
WC_BARRIER();
|
||||
P.digest_length = outlen;
|
||||
P.fanout = 1;
|
||||
P.depth = 1;
|
||||
|
||||
return blake2s_init_param( S, (const blake2s_param *)(wc_ptr_t)&P );
|
||||
}
|
||||
|
||||
|
||||
@@ -150,36 +135,20 @@ int blake2s_init_key( blake2s_state *S, const byte outlen, const void *key,
|
||||
const byte keylen )
|
||||
{
|
||||
int ret = 0;
|
||||
#ifdef WOLFSSL_BLAKE2S_INIT_EACH_FIELD
|
||||
blake2s_param P[1];
|
||||
#else
|
||||
volatile blake2s_param P[1];
|
||||
#endif
|
||||
volatile blake2s_param P;
|
||||
|
||||
if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return BAD_FUNC_ARG;
|
||||
|
||||
if ( !key || !keylen || keylen > BLAKE2S_KEYBYTES ) return BAD_FUNC_ARG;
|
||||
|
||||
#ifdef WOLFSSL_BLAKE2S_INIT_EACH_FIELD
|
||||
P->digest_length = outlen;
|
||||
P->key_length = keylen;
|
||||
P->fanout = 1;
|
||||
P->depth = 1;
|
||||
store32( &P->leaf_length, 0 );
|
||||
store64( &P->node_offset, 0 );
|
||||
P->node_depth = 0;
|
||||
P->inner_length = 0;
|
||||
XMEMSET( P->salt, 0, sizeof( P->salt ) );
|
||||
XMEMSET( P->personal, 0, sizeof( P->personal ) );
|
||||
#else
|
||||
XMEMSET( (blake2s_param *)P, 0, sizeof( *P ) );
|
||||
P->digest_length = outlen;
|
||||
P->key_length = keylen;
|
||||
P->fanout = 1;
|
||||
P->depth = 1;
|
||||
#endif
|
||||
XMEMSET( (void *)(wc_ptr_t)&P, 0, sizeof( P ) );
|
||||
WC_BARRIER();
|
||||
P.digest_length = outlen;
|
||||
P.key_length = keylen;
|
||||
P.fanout = 1;
|
||||
P.depth = 1;
|
||||
|
||||
ret = blake2s_init_param( S, (blake2s_param *)P );
|
||||
ret = blake2s_init_param( S, (const blake2s_param *)(wc_ptr_t)&P );
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
|
||||
@@ -401,7 +370,7 @@ int blake2s( byte *out, const void *in, const void *key, const byte outlen,
|
||||
}
|
||||
|
||||
{
|
||||
int ret = blake2s_update( S, ( byte * )in, inlen );
|
||||
int ret = blake2s_update( S, ( const byte * )in, inlen );
|
||||
if (ret < 0) return ret;
|
||||
}
|
||||
|
||||
|
||||
@@ -52,7 +52,7 @@ Public domain.
|
||||
|
||||
#define U32C(v) (v##U)
|
||||
#define U32V(v) ((word32)(v) & U32C(0xFFFFFFFF))
|
||||
#define U8TO32_LITTLE(p) LITTLE32(((word32*)(p))[0])
|
||||
#define U8TO32_LITTLE(p) LITTLE32(((const word32*)(p))[0])
|
||||
|
||||
#define ROTATE(v,c) rotlFixed(v, c)
|
||||
#define XOR(v,w) ((v) ^ (w))
|
||||
|
||||
@@ -314,7 +314,8 @@ int wc_curve25519_make_pub_blind(int public_size, byte* pub, int private_size,
|
||||
#else
|
||||
fe_init();
|
||||
|
||||
ret = curve25519_smul_blind(pub, priv, (byte*)kCurve25519BasePoint, rng);
|
||||
ret = curve25519_smul_blind(pub, priv, (const byte*)kCurve25519BasePoint,
|
||||
rng);
|
||||
#endif
|
||||
|
||||
if (ret == 0) {
|
||||
|
||||
+12
-11
@@ -3919,7 +3919,7 @@ static int ecc_check_order_minus_1(const mp_int* k, ecc_point* tG, ecc_point* R,
|
||||
*/
|
||||
err = mp_sub_d(order, 1, t);
|
||||
if (err == MP_OKAY) {
|
||||
int kIsMinusOne = (mp_cmp((mp_int*)k, t) == MP_EQ);
|
||||
int kIsMinusOne = (mp_cmp((const mp_int*)k, t) == MP_EQ);
|
||||
err = mp_cond_copy(tG->x, kIsMinusOne, R->x);
|
||||
if (err == MP_OKAY) {
|
||||
err = mp_sub(modulus, tG->y, t);
|
||||
@@ -4424,7 +4424,8 @@ static int wc_ecc_cmp_param(const char* curveParam,
|
||||
if (encType == WC_TYPE_HEX_STR) {
|
||||
if ((word32)XSTRLEN(curveParam) != paramSz)
|
||||
return -1;
|
||||
return (XSTRNCMP(curveParam, (char*) param, paramSz) == 0) ? 0 : -1;
|
||||
return (XSTRNCMP(curveParam, (const char*) param, paramSz) == 0)
|
||||
? 0 : -1;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
@@ -7915,21 +7916,21 @@ int wc_ecc_sign_set_k(const byte* k, word32 klen, ecc_key* key)
|
||||
#endif /* !HAVE_ECC_SIGN */
|
||||
|
||||
#ifdef WOLFSSL_CUSTOM_CURVES
|
||||
void wc_ecc_free_curve(const ecc_set_type* curve, void* heap)
|
||||
void wc_ecc_free_curve(ecc_set_type* curve, void* heap)
|
||||
{
|
||||
#ifndef WOLFSSL_ECC_CURVE_STATIC
|
||||
if (curve->prime != NULL)
|
||||
XFREE((void*)curve->prime, heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
XFREE((void*)(wc_ptr_t)curve->prime, heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
if (curve->Af != NULL)
|
||||
XFREE((void*)curve->Af, heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
XFREE((void*)(wc_ptr_t)curve->Af, heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
if (curve->Bf != NULL)
|
||||
XFREE((void*)curve->Bf, heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
XFREE((void*)(wc_ptr_t)curve->Bf, heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
if (curve->order != NULL)
|
||||
XFREE((void*)curve->order, heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
XFREE((void*)(wc_ptr_t)curve->order, heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
if (curve->Gx != NULL)
|
||||
XFREE((void*)curve->Gx, heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
XFREE((void*)(wc_ptr_t)curve->Gx, heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
if (curve->Gy != NULL)
|
||||
XFREE((void*)curve->Gy, heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
XFREE((void*)(wc_ptr_t)curve->Gy, heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
#endif
|
||||
|
||||
XFREE((void*)curve, heap, DYNAMIC_TYPE_ECC_BUFFER);
|
||||
@@ -8041,7 +8042,7 @@ int wc_ecc_free(ecc_key* key)
|
||||
|
||||
#ifdef WOLFSSL_CUSTOM_CURVES
|
||||
if (key->deallocSet && key->dp != NULL)
|
||||
wc_ecc_free_curve(key->dp, key->heap);
|
||||
wc_ecc_free_curve((ecc_set_type *)(wc_ptr_t)key->dp, key->heap);
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_CHECK_MEM_ZERO
|
||||
@@ -13867,7 +13868,7 @@ enum ecSrvState {
|
||||
|
||||
|
||||
struct ecEncCtx {
|
||||
const byte* kdfSalt; /* optional salt for kdf */
|
||||
byte* kdfSalt; /* optional salt for kdf */
|
||||
const byte* kdfInfo; /* optional info for kdf */
|
||||
const byte* macSalt; /* optional salt for mac */
|
||||
word32 kdfSaltSz; /* size of kdfSalt */
|
||||
|
||||
@@ -9091,7 +9091,8 @@ static void ge_select(ge_precomp *t,int pos,signed char b)
|
||||
fe_neg(minust.xy2d,t->xy2d);
|
||||
fe_cmov(t->xy2d,minust.xy2d,bnegative);
|
||||
#else
|
||||
fe_cmov_table((fe*)t, (fe*)base[pos], b);
|
||||
/* (wc_ptr_t) needed to work around C array casting semantics. */
|
||||
fe_cmov_table((fe*)t, (const fe*)(wc_ptr_t)base[pos], b);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
@@ -1392,10 +1392,10 @@ LBL_ERR:mp_clear(&x);
|
||||
|
||||
|
||||
/* compare magnitude of two ints (unsigned) */
|
||||
int mp_cmp_mag (mp_int * a, mp_int * b)
|
||||
int mp_cmp_mag (const mp_int * a, const mp_int * b)
|
||||
{
|
||||
int n;
|
||||
mp_digit *tmpa, *tmpb;
|
||||
const mp_digit *tmpa, *tmpb;
|
||||
|
||||
/* compare based on # of non-zero digits */
|
||||
if (a->used > b->used) {
|
||||
@@ -1430,7 +1430,7 @@ int mp_cmp_mag (mp_int * a, mp_int * b)
|
||||
|
||||
|
||||
/* compare two ints (signed)*/
|
||||
int mp_cmp (mp_int * a, mp_int * b)
|
||||
int mp_cmp (const mp_int * a, const mp_int * b)
|
||||
{
|
||||
/* compare based on sign */
|
||||
if (a->sign != b->sign) {
|
||||
|
||||
@@ -205,7 +205,7 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
|
||||
}
|
||||
}
|
||||
else if (((size_t)out & 0x3) == 0) {
|
||||
byte *in_bytes = (byte *)in;
|
||||
const byte *in_bytes = (const byte *)in;
|
||||
word32 scratch;
|
||||
|
||||
byteCount &= ~0x3U;
|
||||
@@ -216,7 +216,7 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
|
||||
}
|
||||
}
|
||||
else {
|
||||
byte *in_bytes = (byte *)in;
|
||||
const byte *in_bytes = (const byte *)in;
|
||||
byte *out_bytes = (byte *)out;
|
||||
word32 scratch;
|
||||
|
||||
@@ -234,7 +234,7 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
|
||||
WC_MISC_STATIC WC_INLINE word32 readUnalignedWord32(const byte *in)
|
||||
{
|
||||
if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0)
|
||||
return *(word32 *)in;
|
||||
return *(const word32 *)in;
|
||||
else {
|
||||
word32 out = 0; /* else CONFIG_FORTIFY_SOURCE -Wmaybe-uninitialized */
|
||||
XMEMCPY(&out, in, sizeof(out));
|
||||
@@ -283,7 +283,7 @@ WC_MISC_STATIC WC_INLINE void writeUnalignedWords32(byte *out, const word32 *in,
|
||||
WC_MISC_STATIC WC_INLINE word64 readUnalignedWord64(const byte *in)
|
||||
{
|
||||
if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0)
|
||||
return *(word64 *)in;
|
||||
return *(const word64 *)in;
|
||||
else {
|
||||
word64 out = 0; /* else CONFIG_FORTIFY_SOURCE -Wmaybe-uninitialized */
|
||||
XMEMCPY(&out, in, sizeof(out));
|
||||
@@ -382,7 +382,7 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords64(word64* out, const word64* in,
|
||||
}
|
||||
}
|
||||
else if (((size_t)out & 0x7) == 0) {
|
||||
byte *in_bytes = (byte *)in;
|
||||
const byte *in_bytes = (const byte *)in;
|
||||
word64 scratch;
|
||||
|
||||
byteCount &= ~0x7U;
|
||||
@@ -393,7 +393,7 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords64(word64* out, const word64* in,
|
||||
}
|
||||
}
|
||||
else {
|
||||
byte *in_bytes = (byte *)in;
|
||||
const byte *in_bytes = (const byte *)in;
|
||||
byte *out_bytes = (byte *)out;
|
||||
word64 scratch;
|
||||
|
||||
|
||||
+13
-8
@@ -63,7 +63,7 @@ static const byte WC_PKCS12_ShroudedKeyBag_OID[] =
|
||||
|
||||
|
||||
typedef struct ContentInfo {
|
||||
byte* data;
|
||||
const byte* data;
|
||||
struct ContentInfo* next;
|
||||
word32 encC; /* encryptedContent */
|
||||
word32 dataSz;
|
||||
@@ -350,7 +350,7 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input,
|
||||
|
||||
ci->type = (int)oid;
|
||||
ci->dataSz = (word32)curSz - (localIdx-curIdx);
|
||||
ci->data = (byte*)input + localIdx;
|
||||
ci->data = input + localIdx;
|
||||
localIdx += ci->dataSz;
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_PKCS12
|
||||
@@ -1180,7 +1180,8 @@ static byte* PKCS12_ConcatenateContent(WC_PKCS12* pkcs12,byte* mergedData,
|
||||
|
||||
/* Check if constructed [0] is seen after wc_BerToDer() or not.
|
||||
* returns 1 if seen, 0 if not, ASN_PARSE_E on error */
|
||||
static int PKCS12_CheckConstructedZero(byte* data, word32 dataSz, word32* idx)
|
||||
static int PKCS12_CheckConstructedZero(const byte* data, word32 dataSz,
|
||||
word32* idx)
|
||||
{
|
||||
word32 oid;
|
||||
int ret = 0;
|
||||
@@ -1355,7 +1356,7 @@ int wc_PKCS12_parse_ex(WC_PKCS12* pkcs12, const char* psw,
|
||||
/* if there is sign data then verify the MAC */
|
||||
if (pkcs12->signData != NULL ) {
|
||||
if ((ret = wc_PKCS12_verify(pkcs12, pkcs12->safe->data,
|
||||
pkcs12->safe->dataSz, (byte*)psw, (word32)pswSz)) != 0) {
|
||||
pkcs12->safe->dataSz, (const byte*)psw, (word32)pswSz)) != 0) {
|
||||
WOLFSSL_MSG("PKCS12 Bad MAC on verify");
|
||||
WOLFSSL_LEAVE("wc_PKCS12_parse verify ", ret);
|
||||
(void)ret;
|
||||
@@ -1371,7 +1372,7 @@ int wc_PKCS12_parse_ex(WC_PKCS12* pkcs12, const char* psw,
|
||||
/* Decode content infos */
|
||||
ci = pkcs12->safe->CI;
|
||||
for (i = 0; i < pkcs12->safe->numCI; i++) {
|
||||
byte* data;
|
||||
const byte* data;
|
||||
word32 idx = 0;
|
||||
int size, totalSz;
|
||||
byte tag;
|
||||
@@ -1422,9 +1423,13 @@ int wc_PKCS12_parse_ex(WC_PKCS12* pkcs12, const char* psw,
|
||||
* the DecryptContent() expects */
|
||||
if (pkcs12->indefinite && PKCS12_CheckConstructedZero(data,
|
||||
ci->dataSz, &idx) == 1) {
|
||||
data[idx-1] = ASN_LONG_LENGTH;
|
||||
ret = PKCS12_CoalesceOctetStrings(pkcs12, data, ci->dataSz,
|
||||
&idx, &curIdx);
|
||||
/* safe casts -- pkcs12->indefinite signals that data is inside
|
||||
* the earlier allocation of der by wc_d2i_PKCS12(().
|
||||
*/
|
||||
((byte *)(wc_ptr_t)data)[idx-1] = ASN_LONG_LENGTH;
|
||||
ret = PKCS12_CoalesceOctetStrings(
|
||||
pkcs12, ((byte *)(wc_ptr_t)data), ci->dataSz,
|
||||
&idx, &curIdx);
|
||||
if (ret < 0) {
|
||||
goto exit_pk12par;
|
||||
}
|
||||
|
||||
+43
-34
@@ -2740,10 +2740,10 @@ static int wc_PKCS7_EncodeContentStreamHelper(wc_PKCS7* pkcs7, int cipherType,
|
||||
* Returns 0 on success */
|
||||
#ifndef NO_AES
|
||||
static int wc_PKCS7_EncodeContentStream(wc_PKCS7* pkcs7, ESD* esd, Aes* aes,
|
||||
byte* in, int inSz, byte* out, int cipherType)
|
||||
const byte* in, int inSz, byte* out, int cipherType)
|
||||
#else
|
||||
static int wc_PKCS7_EncodeContentStream(wc_PKCS7* pkcs7, ESD* esd, void* aes,
|
||||
byte* in, int inSz, byte* out, int cipherType)
|
||||
const byte* in, int inSz, byte* out, int cipherType)
|
||||
#endif
|
||||
{
|
||||
int ret = 0;
|
||||
@@ -2753,7 +2753,7 @@ static int wc_PKCS7_EncodeContentStream(wc_PKCS7* pkcs7, ESD* esd, void* aes,
|
||||
if (pkcs7->encodeStream) {
|
||||
int sz;
|
||||
word32 totalSz = 0;
|
||||
byte* buf;
|
||||
const byte* buf;
|
||||
byte* encContentOut;
|
||||
byte* contentData;
|
||||
word32 idx = 0, outIdx = 0;
|
||||
@@ -2790,8 +2790,9 @@ static int wc_PKCS7_EncodeContentStream(wc_PKCS7* pkcs7, ESD* esd, void* aes,
|
||||
|
||||
#ifdef ASN_BER_TO_DER
|
||||
if (pkcs7->getContentCb) {
|
||||
contentDataRead = pkcs7->getContentCb(pkcs7,
|
||||
&buf, pkcs7->streamCtx);
|
||||
contentDataRead =
|
||||
pkcs7->getContentCb(pkcs7, (byte **)(wc_ptr_t)&buf,
|
||||
pkcs7->streamCtx);
|
||||
|
||||
if (buf == NULL) {
|
||||
WOLFSSL_MSG("Get content callback returned null "
|
||||
@@ -4820,7 +4821,7 @@ static int wc_PKCS7_VerifyContentMessageDigest(wc_PKCS7* pkcs7,
|
||||
word32 idx = 0;
|
||||
word32 contentIdx = 0;
|
||||
byte* content = NULL;
|
||||
byte* digestBuf = NULL;
|
||||
const byte* digestBuf = NULL;
|
||||
WC_DECLARE_VAR(digest, byte, MAX_PKCS7_DIGEST_SZ, 0);
|
||||
PKCS7DecodedAttrib* attrib;
|
||||
enum wc_HashType hashType;
|
||||
@@ -4909,7 +4910,7 @@ static int wc_PKCS7_VerifyContentMessageDigest(wc_PKCS7* pkcs7,
|
||||
} else {
|
||||
|
||||
/* user passed in pre-computed hash */
|
||||
digestBuf = (byte*)hashBuf;
|
||||
digestBuf = (const byte*)hashBuf;
|
||||
digestSz = (int)hashSz;
|
||||
}
|
||||
|
||||
@@ -7462,7 +7463,7 @@ static int wc_PKCS7_KariParseRecipCert(WC_PKCS7_KARI* kari, const byte* cert,
|
||||
|
||||
/* decode certificate */
|
||||
if (cert != NULL) {
|
||||
InitDecodedCert(kari->decoded, (byte*)cert, certSz, kari->heap);
|
||||
InitDecodedCert(kari->decoded, cert, certSz, kari->heap);
|
||||
kari->decodedInit = 1;
|
||||
ret = ParseCert(kari->decoded, CA_TYPE, NO_VERIFY, 0);
|
||||
if (ret < 0)
|
||||
@@ -8269,7 +8270,7 @@ int wc_PKCS7_AddRecipient_KTRI(wc_PKCS7* pkcs7, const byte* cert, word32 certSz,
|
||||
return ret;
|
||||
}
|
||||
|
||||
InitDecodedCert(decoded, (byte*)cert, certSz, pkcs7->heap);
|
||||
InitDecodedCert(decoded, cert, certSz, pkcs7->heap);
|
||||
ret = ParseCert(decoded, CA_TYPE, NO_VERIFY, 0);
|
||||
if (ret < 0) {
|
||||
FreeDecodedCert(decoded);
|
||||
@@ -8600,11 +8601,13 @@ int wc_PKCS7_WriteOut(wc_PKCS7* pkcs7, byte* output, const byte* input,
|
||||
|
||||
|
||||
/* encrypt content using encryptOID algo */
|
||||
static int wc_PKCS7_EncryptContent(wc_PKCS7* pkcs7, int encryptOID, byte* key,
|
||||
int keySz,
|
||||
byte* iv, int ivSz, byte* aad, word32 aadSz,
|
||||
byte* authTag, word32 authTagSz, byte* in,
|
||||
int inSz, byte* out)
|
||||
static int wc_PKCS7_EncryptContent(wc_PKCS7* pkcs7, int encryptOID,
|
||||
const byte* key, int keySz,
|
||||
const byte* iv, int ivSz,
|
||||
const byte* aad, word32 aadSz,
|
||||
byte* authTag, word32 authTagSz,
|
||||
const byte* in, int inSz,
|
||||
byte* out)
|
||||
{
|
||||
int ret;
|
||||
#ifndef NO_AES
|
||||
@@ -8834,7 +8837,8 @@ static int wc_PKCS7_EncryptContent(wc_PKCS7* pkcs7, int encryptOID, byte* key,
|
||||
|
||||
|
||||
static int wc_PKCS7_DecryptContentInit(wc_PKCS7* pkcs7, word32 encryptOID,
|
||||
byte* key, word32 keySz, byte* iv, int ivSz, int devId, void* heap)
|
||||
const byte* key, word32 keySz, const byte* iv, int ivSz,
|
||||
int devId, void* heap)
|
||||
{
|
||||
int ret;
|
||||
#ifndef NO_AES
|
||||
@@ -8979,8 +8983,8 @@ static int wc_PKCS7_DecryptContentInit(wc_PKCS7* pkcs7, word32 encryptOID,
|
||||
/* Only does decryption of content using encryptOID algo and already set keys
|
||||
* returns 0 on success */
|
||||
static int wc_PKCS7_DecryptContentEx(wc_PKCS7* pkcs7, word32 encryptOID,
|
||||
byte* iv, int ivSz, byte* aad, word32 aadSz, byte* authTag,
|
||||
word32 authTagSz, byte* in, int inSz, byte* out)
|
||||
const byte* iv, int ivSz, const byte* aad, word32 aadSz,
|
||||
const byte* authTag, word32 authTagSz, const byte* in, int inSz, byte* out)
|
||||
{
|
||||
int ret;
|
||||
|
||||
@@ -9163,16 +9167,21 @@ static void wc_PKCS7_DecryptContentFree(wc_PKCS7* pkcs7, word32 encryptOID,
|
||||
* returns 0 on success
|
||||
*/
|
||||
static int wc_PKCS7_DecryptContent(wc_PKCS7* pkcs7, word32 encryptOID,
|
||||
byte* key, word32 keySz, byte* iv, int ivSz, byte* aad, word32 aadSz,
|
||||
byte* authTag, word32 authTagSz, byte* in, int inSz, byte* out,
|
||||
int devId, void* heap)
|
||||
const byte* key, word32 keySz, const byte* iv, int ivSz,
|
||||
const byte* aad, word32 aadSz, const byte* authTag, word32 authTagSz,
|
||||
const byte* in, int inSz, byte* out, int devId, void* heap)
|
||||
{
|
||||
int ret;
|
||||
|
||||
if (pkcs7->decryptionCb != NULL) {
|
||||
return pkcs7->decryptionCb(pkcs7, (int)encryptOID, iv, ivSz,
|
||||
aad, aadSz, authTag, authTagSz, in,
|
||||
inSz, out, pkcs7->decryptionCtx);
|
||||
/* unsafe casts needed for backward compatibility of
|
||||
* CallbackDecryptContent.
|
||||
*/
|
||||
return pkcs7->decryptionCb(pkcs7, (int)encryptOID, (byte *)(wc_ptr_t)iv,
|
||||
ivSz, (byte *)(wc_ptr_t)aad, aadSz,
|
||||
(byte *)(wc_ptr_t)authTag, authTagSz,
|
||||
(byte *)(wc_ptr_t)in, inSz, out,
|
||||
pkcs7->decryptionCtx);
|
||||
}
|
||||
|
||||
ret = wc_PKCS7_DecryptContentInit(pkcs7, encryptOID, key, keySz, iv, ivSz,
|
||||
@@ -9494,15 +9503,15 @@ static int wc_PKCS7_PwriKek_KeyWrap(wc_PKCS7* pkcs7, const byte* kek,
|
||||
|
||||
if (ret == 0) {
|
||||
/* encrypt, normal */
|
||||
ret = wc_PKCS7_EncryptContent(pkcs7, algID, (byte*)kek, (int)kekSz,
|
||||
(byte*)iv, (int)ivSz, NULL, 0, NULL, 0, out,
|
||||
ret = wc_PKCS7_EncryptContent(pkcs7, algID, kek, (int)kekSz,
|
||||
iv, (int)ivSz, NULL, 0, NULL, 0, out,
|
||||
outLen, out);
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
/* encrypt again, using last ciphertext block as IV */
|
||||
lastBlock = out + (((outLen / blockSz) - 1) * blockSz);
|
||||
ret = wc_PKCS7_EncryptContent(pkcs7, algID, (byte*)kek, (int)kekSz,
|
||||
ret = wc_PKCS7_EncryptContent(pkcs7, algID, kek, (int)kekSz,
|
||||
lastBlock, blockSz, NULL, 0, NULL, 0, out,
|
||||
outLen, out);
|
||||
}
|
||||
@@ -9528,8 +9537,8 @@ static int wc_PKCS7_PwriKek_KeyUnWrap(wc_PKCS7* pkcs7, const byte* kek,
|
||||
word32 ivSz, word32 algID)
|
||||
{
|
||||
int blockSz, cekLen, ret;
|
||||
byte* tmpIv = NULL;
|
||||
byte* lastBlock = NULL;
|
||||
const byte* tmpIv = NULL;
|
||||
const byte* lastBlock = NULL;
|
||||
byte* outTmp = NULL;
|
||||
byte fail = 0;
|
||||
|
||||
@@ -9561,26 +9570,26 @@ static int wc_PKCS7_PwriKek_KeyUnWrap(wc_PKCS7* pkcs7, const byte* kek,
|
||||
}
|
||||
|
||||
/* use block out[n-1] as IV to decrypt block out[n] */
|
||||
lastBlock = (byte*)in + inSz - blockSz;
|
||||
lastBlock = in + inSz - blockSz;
|
||||
tmpIv = lastBlock - blockSz;
|
||||
|
||||
/* decrypt last block */
|
||||
ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, kekSz, tmpIv,
|
||||
ret = wc_PKCS7_DecryptContent(pkcs7, algID, kek, kekSz, tmpIv,
|
||||
blockSz, NULL, 0, NULL, 0, lastBlock, blockSz,
|
||||
outTmp + inSz - blockSz, pkcs7->devId, pkcs7->heap);
|
||||
|
||||
if (ret == 0) {
|
||||
/* using last decrypted block as IV, decrypt [0 ... n-1] blocks */
|
||||
lastBlock = outTmp + inSz - blockSz;
|
||||
ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, kekSz,
|
||||
lastBlock, blockSz, NULL, 0, NULL, 0, (byte*)in,
|
||||
ret = wc_PKCS7_DecryptContent(pkcs7, algID, kek, kekSz,
|
||||
lastBlock, blockSz, NULL, 0, NULL, 0, in,
|
||||
(int)inSz - blockSz, outTmp, pkcs7->devId, pkcs7->heap);
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
/* decrypt using original kek and iv */
|
||||
ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, kekSz,
|
||||
(byte*)iv, (int)ivSz, NULL, 0, NULL, 0, outTmp, (int)inSz,
|
||||
ret = wc_PKCS7_DecryptContent(pkcs7, algID, kek, kekSz,
|
||||
iv, (int)ivSz, NULL, 0, NULL, 0, outTmp, (int)inSz,
|
||||
outTmp, pkcs7->devId, pkcs7->heap);
|
||||
}
|
||||
|
||||
|
||||
+5
-4
@@ -1851,7 +1851,7 @@ static int RsaUnPad_PSS(byte *pkcsBlock, unsigned int pkcsBlockLen,
|
||||
/* UnPad plaintext, set start to *output, return length of plaintext,
|
||||
* < 0 on error */
|
||||
static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
|
||||
byte **output, byte padValue)
|
||||
const byte **output, byte padValue)
|
||||
{
|
||||
int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
|
||||
word16 i;
|
||||
@@ -1880,7 +1880,7 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
|
||||
return RSA_PAD_E;
|
||||
}
|
||||
|
||||
*output = (byte *)(pkcsBlock + i);
|
||||
*output = (const byte *)(pkcsBlock + i);
|
||||
ret = (int)pkcsBlockLen - i;
|
||||
}
|
||||
#ifndef WOLFSSL_RSA_VERIFY_ONLY
|
||||
@@ -1918,7 +1918,7 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
|
||||
inv |= ctMaskNotEq(pkcsBlock[1], padValue);
|
||||
|
||||
invalid = inv;
|
||||
*output = (byte *)(pkcsBlock + i);
|
||||
*output = (const byte *)(pkcsBlock + i);
|
||||
invalidMask = (int)-1 + (int)(inv >> 7);
|
||||
ret = invalidMask & ((int)pkcsBlockLen - i);
|
||||
}
|
||||
@@ -1941,7 +1941,8 @@ int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out,
|
||||
switch (padType) {
|
||||
case WC_RSA_PKCSV15_PAD:
|
||||
/*WOLFSSL_MSG("wolfSSL Using RSA PKCSV15 un-padding");*/
|
||||
ret = RsaUnPad(pkcsBlock, pkcsBlockLen, out, padValue);
|
||||
ret = RsaUnPad(pkcsBlock, pkcsBlockLen, (const byte **)(void *)out,
|
||||
padValue);
|
||||
break;
|
||||
|
||||
#ifndef WC_NO_RSA_OAEP
|
||||
|
||||
+1
-1
@@ -454,7 +454,7 @@ static WC_INLINE void AddLength(wc_Sha* sha, word32 len)
|
||||
#ifndef XTRANSFORM
|
||||
#define XTRANSFORM(S,B) Transform((S),(B))
|
||||
|
||||
#define blk0(i) (W[i] = *((word32*)&data[(i)*sizeof(word32)]))
|
||||
#define blk0(i) (W[i] = *((const word32*)&data[(i)*sizeof(word32)]))
|
||||
#define blk1(i) (W[(i)&15] = \
|
||||
rotlFixed(W[((i)+13)&15]^W[((i)+8)&15]^W[((i)+2)&15]^W[(i)&15],1))
|
||||
|
||||
|
||||
@@ -95,7 +95,11 @@ int wc_SignatureGetSize(enum wc_SignatureType sig_type,
|
||||
#ifdef HAVE_ECC
|
||||
/* Sanity check that void* key is at least ecc_key in size */
|
||||
if (key_len >= sizeof(ecc_key)) {
|
||||
sig_len = wc_ecc_sig_size((ecc_key*)key);
|
||||
#if defined(HAVE_SELFTEST) || (defined(HAVE_FIPS) && FIPS_VERSION3_LT(5,0,0))
|
||||
sig_len = wc_ecc_sig_size((ecc_key*)(wc_ptr_t)key);
|
||||
#else
|
||||
sig_len = wc_ecc_sig_size((const ecc_key*)key);
|
||||
#endif
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("wc_SignatureGetSize: Invalid ECC key size");
|
||||
@@ -110,7 +114,11 @@ int wc_SignatureGetSize(enum wc_SignatureType sig_type,
|
||||
#ifndef NO_RSA
|
||||
/* Sanity check that void* key is at least RsaKey in size */
|
||||
if (key_len >= sizeof(RsaKey)) {
|
||||
sig_len = wc_RsaEncryptSize((RsaKey*)key);
|
||||
#if defined(HAVE_SELFTEST) || (defined(HAVE_FIPS) && FIPS_VERSION3_LT(5,0,0))
|
||||
sig_len = wc_RsaEncryptSize((RsaKey*)(wc_ptr_t)key);
|
||||
#else
|
||||
sig_len = wc_RsaEncryptSize((const RsaKey*)key);
|
||||
#endif
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("wc_SignatureGetSize: Invalid RsaKey key size");
|
||||
@@ -132,7 +140,7 @@ int wc_SignatureVerifyHash(
|
||||
enum wc_HashType hash_type, enum wc_SignatureType sig_type,
|
||||
const byte* hash_data, word32 hash_len,
|
||||
const byte* sig, word32 sig_len,
|
||||
const void* key, word32 key_len)
|
||||
void* key, word32 key_len)
|
||||
{
|
||||
int ret;
|
||||
|
||||
@@ -271,7 +279,7 @@ int wc_SignatureVerify(
|
||||
enum wc_HashType hash_type, enum wc_SignatureType sig_type,
|
||||
const byte* data, word32 data_len,
|
||||
const byte* sig, word32 sig_len,
|
||||
const void* key, word32 key_len)
|
||||
void* key, word32 key_len)
|
||||
{
|
||||
int ret;
|
||||
word32 hash_len, hash_enc_len;
|
||||
@@ -349,7 +357,7 @@ int wc_SignatureGenerateHash(
|
||||
enum wc_HashType hash_type, enum wc_SignatureType sig_type,
|
||||
const byte* hash_data, word32 hash_len,
|
||||
byte* sig, word32 *sig_len,
|
||||
const void* key, word32 key_len, WC_RNG* rng)
|
||||
void* key, word32 key_len, WC_RNG* rng)
|
||||
{
|
||||
return wc_SignatureGenerateHash_ex(hash_type, sig_type, hash_data, hash_len,
|
||||
sig, sig_len, key, key_len, rng, 1);
|
||||
@@ -359,7 +367,7 @@ int wc_SignatureGenerateHash_ex(
|
||||
enum wc_HashType hash_type, enum wc_SignatureType sig_type,
|
||||
const byte* hash_data, word32 hash_len,
|
||||
byte* sig, word32 *sig_len,
|
||||
const void* key, word32 key_len, WC_RNG* rng, int verify)
|
||||
void* key, word32 key_len, WC_RNG* rng, int verify)
|
||||
{
|
||||
int ret;
|
||||
|
||||
@@ -460,7 +468,7 @@ int wc_SignatureGenerate(
|
||||
enum wc_HashType hash_type, enum wc_SignatureType sig_type,
|
||||
const byte* data, word32 data_len,
|
||||
byte* sig, word32 *sig_len,
|
||||
const void* key, word32 key_len, WC_RNG* rng)
|
||||
void* key, word32 key_len, WC_RNG* rng)
|
||||
{
|
||||
return wc_SignatureGenerate_ex(hash_type, sig_type, data, data_len, sig,
|
||||
sig_len, key, key_len, rng, 1);
|
||||
@@ -470,7 +478,7 @@ int wc_SignatureGenerate_ex(
|
||||
enum wc_HashType hash_type, enum wc_SignatureType sig_type,
|
||||
const byte* data, word32 data_len,
|
||||
byte* sig, word32 *sig_len,
|
||||
const void* key, word32 key_len, WC_RNG* rng, int verify)
|
||||
void* key, word32 key_len, WC_RNG* rng, int verify)
|
||||
{
|
||||
int ret;
|
||||
word32 hash_len, hash_enc_len;
|
||||
|
||||
@@ -80,7 +80,7 @@
|
||||
* @param [in] a Little-endian byte array.
|
||||
* @return 16-bit number.
|
||||
*/
|
||||
#define GET_U16(a) (*(word16*)(a))
|
||||
#define GET_U16(a) (*(const word16*)(a))
|
||||
/**
|
||||
* Encode 64-bit number to a little-endian byte array.
|
||||
*
|
||||
@@ -411,8 +411,8 @@ int wc_SipHash(const unsigned char* key, const unsigned char* in, word32 inSz,
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
k0 = ((word64*)key)[0];
|
||||
k1 = ((word64*)key)[1];
|
||||
k0 = ((const word64*)key)[0];
|
||||
k1 = ((const word64*)key)[1];
|
||||
__asm__ __volatile__ (
|
||||
"xorq %[k0], %[v0]\n\t"
|
||||
"xorq %[k1], %[v1]\n\t"
|
||||
|
||||
+18
-18
@@ -5132,16 +5132,16 @@ extern "C" {
|
||||
#endif
|
||||
|
||||
/* Modular exponentiation implementations using Single Precision. */
|
||||
WOLFSSL_LOCAL int sp_ModExp_1024(sp_int* base, sp_int* exp, sp_int* mod,
|
||||
sp_int* res);
|
||||
WOLFSSL_LOCAL int sp_ModExp_1536(sp_int* base, sp_int* exp, sp_int* mod,
|
||||
sp_int* res);
|
||||
WOLFSSL_LOCAL int sp_ModExp_2048(sp_int* base, sp_int* exp, sp_int* mod,
|
||||
sp_int* res);
|
||||
WOLFSSL_LOCAL int sp_ModExp_3072(sp_int* base, sp_int* exp, sp_int* mod,
|
||||
sp_int* res);
|
||||
WOLFSSL_LOCAL int sp_ModExp_4096(sp_int* base, sp_int* exp, sp_int* mod,
|
||||
sp_int* res);
|
||||
WOLFSSL_LOCAL int sp_ModExp_1024(const sp_int* base, const sp_int* exp,
|
||||
const sp_int* mod, sp_int* res);
|
||||
WOLFSSL_LOCAL int sp_ModExp_1536(const sp_int* base, const sp_int* exp,
|
||||
const sp_int* mod, sp_int* res);
|
||||
WOLFSSL_LOCAL int sp_ModExp_2048(const sp_int* base, const sp_int* exp,
|
||||
const sp_int* mod, sp_int* res);
|
||||
WOLFSSL_LOCAL int sp_ModExp_3072(const sp_int* base, const sp_int* exp,
|
||||
const sp_int* mod, sp_int* res);
|
||||
WOLFSSL_LOCAL int sp_ModExp_4096(const sp_int* base, const sp_int* exp,
|
||||
const sp_int* mod, sp_int* res);
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
@@ -5167,9 +5167,9 @@ static void _sp_mont_setup(const sp_int* m, sp_int_digit* rho);
|
||||
*
|
||||
* @param [out] a SP integer to set to zero.
|
||||
*/
|
||||
static void _sp_zero(sp_int* a)
|
||||
static void _sp_zero(volatile sp_int* a)
|
||||
{
|
||||
sp_int_minimal* am = (sp_int_minimal *)a;
|
||||
volatile sp_int_minimal* am = (volatile sp_int_minimal *)a;
|
||||
|
||||
am->used = 0;
|
||||
am->dp[0] = 0;
|
||||
@@ -5191,7 +5191,7 @@ static void _sp_init_size(sp_int* a, unsigned int size)
|
||||
#ifdef HAVE_WOLF_BIGINT
|
||||
wc_bigint_init((struct WC_BIGINT*)&am->raw);
|
||||
#endif
|
||||
_sp_zero((sp_int*)am);
|
||||
_sp_zero((volatile sp_int*)am);
|
||||
|
||||
am->size = (sp_size_t)size;
|
||||
}
|
||||
@@ -14132,12 +14132,12 @@ int sp_exptmod_ex(const sp_int* b, const sp_int* e, int digits, const sp_int* m,
|
||||
#ifndef WOLFSSL_SP_NO_2048
|
||||
if ((mBits == 1024) && sp_isodd(m) && (bBits <= 1024) &&
|
||||
(eBits <= 1024)) {
|
||||
err = sp_ModExp_1024((sp_int*)b, (sp_int*)e, (sp_int*)m, r);
|
||||
err = sp_ModExp_1024(b, e, m, r);
|
||||
done = 1;
|
||||
}
|
||||
else if ((mBits == 2048) && sp_isodd(m) && (bBits <= 2048) &&
|
||||
(eBits <= 2048)) {
|
||||
err = sp_ModExp_2048((sp_int*)b, (sp_int*)e, (sp_int*)m, r);
|
||||
err = sp_ModExp_2048(b, e, m, r);
|
||||
done = 1;
|
||||
}
|
||||
else
|
||||
@@ -14145,12 +14145,12 @@ int sp_exptmod_ex(const sp_int* b, const sp_int* e, int digits, const sp_int* m,
|
||||
#ifndef WOLFSSL_SP_NO_3072
|
||||
if ((mBits == 1536) && sp_isodd(m) && (bBits <= 1536) &&
|
||||
(eBits <= 1536)) {
|
||||
err = sp_ModExp_1536((sp_int*)b, (sp_int*)e, (sp_int*)m, r);
|
||||
err = sp_ModExp_1536(b, e, m, r);
|
||||
done = 1;
|
||||
}
|
||||
else if ((mBits == 3072) && sp_isodd(m) && (bBits <= 3072) &&
|
||||
(eBits <= 3072)) {
|
||||
err = sp_ModExp_3072((sp_int*)b, (sp_int*)e, (sp_int*)m, r);
|
||||
err = sp_ModExp_3072(b, e, m, r);
|
||||
done = 1;
|
||||
}
|
||||
else
|
||||
@@ -14158,7 +14158,7 @@ int sp_exptmod_ex(const sp_int* b, const sp_int* e, int digits, const sp_int* m,
|
||||
#ifdef WOLFSSL_SP_4096
|
||||
if ((mBits == 4096) && sp_isodd(m) && (bBits <= 4096) &&
|
||||
(eBits <= 4096)) {
|
||||
err = sp_ModExp_4096((sp_int*)b, (sp_int*)e, (sp_int*)m, r);
|
||||
err = sp_ModExp_4096(b, e, m, r);
|
||||
done = 1;
|
||||
}
|
||||
else
|
||||
|
||||
+4
-4
@@ -389,11 +389,11 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz,
|
||||
|
||||
/* Set k = H(N, g) */
|
||||
r = SrpHashInit(&hash, srp->type, srp->heap);
|
||||
if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz);
|
||||
if (!r) r = SrpHashUpdate(&hash, (const byte*) N, nSz);
|
||||
for (i = 0; (word32)i < nSz - gSz; i++) {
|
||||
if (!r) r = SrpHashUpdate(&hash, &pad, 1);
|
||||
}
|
||||
if (!r) r = SrpHashUpdate(&hash, (byte*) g, gSz);
|
||||
if (!r) r = SrpHashUpdate(&hash, (const byte*) g, gSz);
|
||||
if (!r) r = SrpHashFinal(&hash, srp->k);
|
||||
SrpHashFree(&hash);
|
||||
|
||||
@@ -401,13 +401,13 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz,
|
||||
|
||||
/* digest1 = H(N) */
|
||||
if (!r) r = SrpHashInit(&hash, srp->type, srp->heap);
|
||||
if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz);
|
||||
if (!r) r = SrpHashUpdate(&hash, (const byte*) N, nSz);
|
||||
if (!r) r = SrpHashFinal(&hash, digest1);
|
||||
SrpHashFree(&hash);
|
||||
|
||||
/* digest2 = H(g) */
|
||||
if (!r) r = SrpHashInit(&hash, srp->type, srp->heap);
|
||||
if (!r) r = SrpHashUpdate(&hash, (byte*) g, gSz);
|
||||
if (!r) r = SrpHashUpdate(&hash, (const byte*) g, gSz);
|
||||
if (!r) r = SrpHashFinal(&hash, digest2);
|
||||
SrpHashFree(&hash);
|
||||
|
||||
|
||||
+2
-2
@@ -4540,9 +4540,9 @@ int mp_exptmod_nct (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
|
||||
|
||||
|
||||
/* compare two ints (signed)*/
|
||||
int mp_cmp (mp_int * a, mp_int * b)
|
||||
int mp_cmp (const mp_int * a, const mp_int * b)
|
||||
{
|
||||
return fp_cmp(a, b);
|
||||
return fp_cmp((mp_int *)a, (mp_int *)b);
|
||||
}
|
||||
|
||||
/* compare a digit */
|
||||
|
||||
@@ -315,7 +315,7 @@ int wc_BufferKeyEncrypt(EncryptedInfo* info, byte* der, word32 derSz,
|
||||
*
|
||||
* returns a negative value on fail case
|
||||
*/
|
||||
int wc_CryptKey(const char* password, int passwordSz, byte* salt,
|
||||
int wc_CryptKey(const char* password, int passwordSz, const byte* salt,
|
||||
int saltSz, int iterations, int id, byte* input,
|
||||
int length, int version, byte* cbcIv, int enc, int shaOid)
|
||||
{
|
||||
@@ -439,14 +439,14 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
|
||||
#ifndef NO_HMAC
|
||||
case PKCS5v2:
|
||||
PRIVATE_KEY_UNLOCK();
|
||||
ret = wc_PBKDF2(key, (byte*)password, passwordSz,
|
||||
ret = wc_PBKDF2(key, (const byte*)password, passwordSz,
|
||||
salt, saltSz, iterations, (int)derivedLen, typeH);
|
||||
PRIVATE_KEY_LOCK();
|
||||
break;
|
||||
#endif
|
||||
#ifndef NO_SHA
|
||||
case PKCS5:
|
||||
ret = wc_PBKDF1(key, (byte*)password, passwordSz,
|
||||
ret = wc_PBKDF1(key, (const byte*)password, passwordSz,
|
||||
salt, saltSz, iterations, (int)derivedLen, typeH);
|
||||
break;
|
||||
#endif
|
||||
|
||||
@@ -4237,12 +4237,12 @@ char* wolfSSL_strnstr(const char* s1, const char* s2, unsigned int n)
|
||||
unsigned int s2_len = (unsigned int)XSTRLEN(s2);
|
||||
|
||||
if (s2_len == 0)
|
||||
return (char*)s1;
|
||||
return (char *)(wc_ptr_t)s1;
|
||||
|
||||
while (n >= s2_len && s1[0]) {
|
||||
if (s1[0] == s2[0])
|
||||
if (XMEMCMP(s1, s2, s2_len) == 0)
|
||||
return (char*)s1;
|
||||
return (char *)(wc_ptr_t)s1;
|
||||
s1++;
|
||||
n--;
|
||||
}
|
||||
|
||||
+52
-29
@@ -377,9 +377,9 @@ WOLFSSL_LOCAL void GetASN_Boolean(ASNGetData *dataASN, byte* num);
|
||||
WOLFSSL_LOCAL void GetASN_OID(ASNGetData *dataASN, int oidType);
|
||||
WOLFSSL_LOCAL void GetASN_GetConstRef(ASNGetData * dataASN, const byte** data,
|
||||
word32* length);
|
||||
WOLFSSL_LOCAL void GetASN_GetRef(ASNGetData * dataASN, byte** data,
|
||||
WOLFSSL_LOCAL void GetASN_GetRef(const ASNGetData * dataASN, const byte** data,
|
||||
word32* length);
|
||||
WOLFSSL_LOCAL void GetASN_OIDData(ASNGetData * dataASN, byte** data,
|
||||
WOLFSSL_LOCAL void GetASN_OIDData(const ASNGetData * dataASN, const byte** data,
|
||||
word32* length);
|
||||
WOLFSSL_LOCAL void SetASN_Boolean(ASNSetData *dataASN, byte val);
|
||||
WOLFSSL_LOCAL void SetASN_Int8Bit(ASNSetData *dataASN, byte num);
|
||||
@@ -533,8 +533,8 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
|
||||
*/
|
||||
#define GetASN_GetRef(dataASN, d, l) \
|
||||
do { \
|
||||
*(d) = (byte*)(dataASN)->data.ref.data; \
|
||||
*(l) = (dataASN)->data.ref.length; \
|
||||
*(d) = (const byte*)(dataASN)->data.ref.data; \
|
||||
*(l) = (dataASN)->data.ref.length; \
|
||||
} while (0)
|
||||
|
||||
/* Get the data and length from an ASN data item that is an OID.
|
||||
@@ -545,7 +545,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
|
||||
*/
|
||||
#define GetASN_OIDData(dataASN, d, l) \
|
||||
do { \
|
||||
*(d) = (byte*)(dataASN)->data.oid.data; \
|
||||
*(d) = (const byte*)(dataASN)->data.oid.data; \
|
||||
*(l) = (dataASN)->data.oid.length; \
|
||||
} while (0)
|
||||
|
||||
@@ -1445,12 +1445,16 @@ struct DNS_entry {
|
||||
DNS_entry* next; /* next on DNS list */
|
||||
int type; /* i.e. ASN_DNS_TYPE */
|
||||
int len; /* actual DNS len */
|
||||
char* name; /* actual DNS name */
|
||||
const char*
|
||||
name; /* actual DNS name */
|
||||
int nameStored;
|
||||
#ifdef WOLFSSL_IP_ALT_NAME
|
||||
char* ipString; /* human readable form of IP address */
|
||||
int ipStringStored;
|
||||
#endif
|
||||
#ifdef WOLFSSL_RID_ALT_NAME
|
||||
char* ridString; /* human readable form of registeredID */
|
||||
int ridStringStored;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_FPKI
|
||||
@@ -1765,8 +1769,10 @@ struct DecodedCert {
|
||||
byte subjectKeyHash[KEYID_SIZE]; /* hash of the public Key */
|
||||
byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */
|
||||
#endif /* HAVE_OCSP */
|
||||
const byte* signature; /* not owned, points into raw cert */
|
||||
char* subjectCN; /* CommonName */
|
||||
const byte*
|
||||
signature; /* not owned, points into raw cert */
|
||||
const char*
|
||||
subjectCN; /* CommonName */
|
||||
int subjectCNLen; /* CommonName Length */
|
||||
char subjectCNEnc; /* CommonName Encoding */
|
||||
char issuer[WC_ASN_NAME_MAX]; /* full name including common name */
|
||||
@@ -1871,7 +1877,8 @@ struct DecodedCert {
|
||||
#endif
|
||||
#if !defined(IGNORE_NAME_CONSTRAINTS) || \
|
||||
defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
|
||||
char* subjectEmail;
|
||||
const char*
|
||||
subjectEmail;
|
||||
int subjectEmailLen;
|
||||
#endif
|
||||
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
|
||||
@@ -1920,17 +1927,20 @@ struct DecodedCert {
|
||||
char* subjectBC;
|
||||
int subjectBCLen;
|
||||
char subjectBCEnc;
|
||||
char* subjectJC;
|
||||
const char*
|
||||
subjectJC;
|
||||
int subjectJCLen;
|
||||
char subjectJCEnc;
|
||||
char* subjectJS;
|
||||
const char*
|
||||
subjectJS;
|
||||
int subjectJSLen;
|
||||
char subjectJSEnc;
|
||||
char* subjectPC;
|
||||
int subjectPCLen;
|
||||
char subjectPCEnc;
|
||||
#if defined(WOLFSSL_HAVE_ISSUER_NAMES)
|
||||
char* issuerCN;
|
||||
const char*
|
||||
issuerCN;
|
||||
int issuerCNLen;
|
||||
char issuerCNEnc;
|
||||
char* issuerSN;
|
||||
@@ -1954,7 +1964,8 @@ struct DecodedCert {
|
||||
char* issuerSND;
|
||||
int issuerSNDLen;
|
||||
char issuerSNDEnc;
|
||||
char* issuerEmail;
|
||||
const char*
|
||||
issuerEmail;
|
||||
int issuerEmailLen;
|
||||
#endif /* WOLFSSL_HAVE_ISSUER_NAMES */
|
||||
#endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
|
||||
@@ -1981,11 +1992,14 @@ struct DecodedCert {
|
||||
|
||||
#ifdef WOLFSSL_CERT_REQ
|
||||
/* CSR attributes */
|
||||
char* contentType; /* Content Type */
|
||||
const char*
|
||||
contentType; /* Content Type */
|
||||
int contentTypeLen;
|
||||
char* cPwd; /* Challenge Password */
|
||||
const char*
|
||||
cPwd; /* Challenge Password */
|
||||
int cPwdLen;
|
||||
char* sNum; /* Serial Number */
|
||||
const char*
|
||||
sNum; /* Serial Number */
|
||||
int sNumLen;
|
||||
char* dnQualifier;
|
||||
int dnQualifierLen;
|
||||
@@ -1995,7 +2009,8 @@ struct DecodedCert {
|
||||
int surnameLen;
|
||||
char* givenName;
|
||||
int givenNameLen;
|
||||
char* unstructuredName;
|
||||
const char*
|
||||
unstructuredName;
|
||||
int unstructuredNameLen;
|
||||
#endif /* WOLFSSL_CERT_REQ */
|
||||
|
||||
@@ -2117,7 +2132,8 @@ struct Signer {
|
||||
WC_BITFIELD selfSigned:1;
|
||||
const byte* publicKey;
|
||||
int nameLen;
|
||||
char* name; /* common name */
|
||||
const char*
|
||||
name; /* common name */
|
||||
#ifndef IGNORE_NAME_CONSTRAINTS
|
||||
Base_entry* permittedNames;
|
||||
Base_entry* excludedNames;
|
||||
@@ -2161,7 +2177,8 @@ struct Signer {
|
||||
/* used for having trusted peer certs rather then CA */
|
||||
struct TrustedPeerCert {
|
||||
int nameLen;
|
||||
char* name; /* common name */
|
||||
const char*
|
||||
name; /* common name */
|
||||
#ifndef IGNORE_NAME_CONSTRAINTS
|
||||
Base_entry* permittedNames;
|
||||
Base_entry* excludedNames;
|
||||
@@ -2753,8 +2770,8 @@ struct CertStatus {
|
||||
#ifdef WOLFSSL_OCSP_PARSE_STATUS
|
||||
WOLFSSL_ASN1_TIME thisDateParsed;
|
||||
WOLFSSL_ASN1_TIME nextDateParsed;
|
||||
byte* thisDateAsn;
|
||||
byte* nextDateAsn;
|
||||
const byte* thisDateAsn;
|
||||
const byte* nextDateAsn;
|
||||
#endif
|
||||
byte revocationDate[MAX_DATE_SIZE]; /* ASN-formatted revocation time */
|
||||
word32 revocationDateSz;
|
||||
@@ -2818,7 +2835,8 @@ enum responderIdType {
|
||||
struct OcspResponse {
|
||||
int responseStatus; /* return code from Responder */
|
||||
|
||||
byte* response; /* Pointer to beginning of OCSP Response */
|
||||
const byte*
|
||||
response; /* Pointer to beginning of OCSP Response */
|
||||
word32 responseSz; /* length of the OCSP Response */
|
||||
|
||||
enum responderIdType responderIdType;
|
||||
@@ -2832,19 +2850,23 @@ struct OcspResponse {
|
||||
byte producedDateFormat; /* format of the producedDate */
|
||||
byte producedDateSz;
|
||||
|
||||
byte* cert;
|
||||
const byte*
|
||||
cert;
|
||||
word32 certSz;
|
||||
|
||||
byte* sig; /* Pointer to sig in source */
|
||||
const byte*
|
||||
sig; /* Pointer to sig in source */
|
||||
word32 sigSz; /* Length in octets for the sig */
|
||||
word32 sigOID; /* OID for hash used for sig */
|
||||
|
||||
byte* sigParams;
|
||||
word32 sigParamsSz;
|
||||
const byte*
|
||||
sigParams;
|
||||
word32 sigParamsSz;
|
||||
|
||||
OcspEntry* single; /* chain of OCSP single responses */
|
||||
|
||||
byte* nonce; /* pointer to nonce inside ASN.1 response */
|
||||
const byte*
|
||||
nonce; /* pointer to nonce inside ASN.1 response */
|
||||
int nonceSz; /* length of the nonce string */
|
||||
|
||||
byte* source; /* pointer to source buffer, not owned */
|
||||
@@ -3003,8 +3025,9 @@ struct DecodedCRL {
|
||||
word32 sigParamsIndex; /* start of signature parameters */
|
||||
word32 sigParamsLength; /* length of signature parameters */
|
||||
#endif
|
||||
byte* signature; /* pointer into raw source, not owned */
|
||||
char crlNumber[CRL_MAX_NUM_HEX_STR_SZ]; /* CRL number extension */
|
||||
const byte*
|
||||
signature; /* pointer into raw source, not owned */
|
||||
char crlNumber[CRL_MAX_NUM_HEX_STR_SZ]; /* CRL number extension */
|
||||
byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer name hash */
|
||||
byte crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash */
|
||||
byte lastDate[MAX_DATE_SIZE]; /* last date updated */
|
||||
|
||||
@@ -504,17 +504,17 @@ typedef struct Cert {
|
||||
CertExtension customCertExt[NUM_CUSTOM_EXT];
|
||||
int customCertExtCount;
|
||||
#endif /* WOLFSSL_CUSTOM_OID */
|
||||
void* decodedCert; /* internal DecodedCert allocated from heap */
|
||||
byte* der; /* Pointer to buffer of current DecodedCert cache */
|
||||
void* heap; /* heap hint */
|
||||
void* decodedCert; /* internal DecodedCert allocated from heap */
|
||||
const byte* der; /* Pointer to buffer of current DecodedCert cache */
|
||||
void* heap; /* heap hint */
|
||||
WC_BITFIELD basicConstSet:1; /* Indicator for when Basic Constraint is set */
|
||||
byte basicConstCrit; /* Indicator of criticality of Basic Constraints extension */
|
||||
byte basicConstCrit; /* Indicator of criticality of Basic Constraints extension */
|
||||
#ifdef WOLFSSL_ALLOW_ENCODING_CA_FALSE
|
||||
WC_BITFIELD isCaSet:1; /* Indicator for when isCA is set */
|
||||
WC_BITFIELD isCaSet:1; /* Indicator for when isCA is set */
|
||||
#endif
|
||||
WC_BITFIELD pathLenSet:1; /* Indicator for when path length is set */
|
||||
WC_BITFIELD pathLenSet:1; /* Indicator for when path length is set */
|
||||
#ifdef WOLFSSL_ALT_NAMES
|
||||
WC_BITFIELD altNamesCrit:1; /* Indicator of criticality of SAN extension */
|
||||
WC_BITFIELD altNamesCrit:1; /* Indicator of criticality of SAN extension */
|
||||
#endif
|
||||
} Cert;
|
||||
|
||||
|
||||
@@ -41,9 +41,9 @@
|
||||
static WC_INLINE word32 load32( const void *src )
|
||||
{
|
||||
#if defined(LITTLE_ENDIAN_ORDER)
|
||||
return *( word32 * )( src );
|
||||
return *( const word32 * )( src );
|
||||
#else
|
||||
const byte *p = ( byte * )src;
|
||||
const byte *p = ( const byte * )src;
|
||||
word32 w = *p++;
|
||||
w |= ( word32 )( *p++ ) << 8;
|
||||
w |= ( word32 )( *p++ ) << 16;
|
||||
@@ -55,9 +55,9 @@ static WC_INLINE word32 load32( const void *src )
|
||||
static WC_INLINE word64 load64( const void *src )
|
||||
{
|
||||
#if defined(LITTLE_ENDIAN_ORDER)
|
||||
return *( word64 * )( src );
|
||||
return *( const word64 * )( src );
|
||||
#else
|
||||
const byte *p = ( byte * )src;
|
||||
const byte *p = ( const byte * )src;
|
||||
word64 w = *p++;
|
||||
w |= ( word64 )( *p++ ) << 8;
|
||||
w |= ( word64 )( *p++ ) << 16;
|
||||
|
||||
@@ -769,7 +769,7 @@ int wc_ecc_init_label(ecc_key* key, const char* label, void* heap, int devId);
|
||||
#endif
|
||||
#ifdef WOLFSSL_CUSTOM_CURVES
|
||||
WOLFSSL_LOCAL
|
||||
void wc_ecc_free_curve(const ecc_set_type* curve, void* heap);
|
||||
void wc_ecc_free_curve(ecc_set_type* curve, void* heap);
|
||||
#endif
|
||||
WOLFSSL_ABI WOLFSSL_API
|
||||
int wc_ecc_free(ecc_key* key);
|
||||
|
||||
@@ -160,7 +160,7 @@ WOLFSSL_LOCAL void fe_pow22523(fe out,const fe z);
|
||||
#endif
|
||||
|
||||
#ifdef CURVED25519_ASM
|
||||
WOLFSSL_LOCAL void fe_cmov_table(fe* r, fe* base, signed char b);
|
||||
WOLFSSL_LOCAL void fe_cmov_table(fe* r, const fe* base, signed char b);
|
||||
|
||||
WOLFSSL_LOCAL void fe_invert_nct(fe r, const fe a);
|
||||
#endif /* CURVED25519_ASM */
|
||||
|
||||
@@ -122,7 +122,7 @@ typedef struct {
|
||||
WOLFSSL_LOCAL void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p);
|
||||
WOLFSSL_LOCAL void ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p);
|
||||
WOLFSSL_LOCAL void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p);
|
||||
#define ge_p3_dbl(r, p) ge_p2_dbl((ge_p1p1 *)(r), (ge_p2 *)(p))
|
||||
#define ge_p3_dbl(r, p) ge_p2_dbl((ge_p1p1 *)(r), (const ge_p2 *)(p))
|
||||
WOLFSSL_LOCAL void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q);
|
||||
WOLFSSL_LOCAL void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q);
|
||||
WOLFSSL_LOCAL void ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q);
|
||||
|
||||
@@ -345,8 +345,8 @@ MP_API int mp_abs (mp_int * a, mp_int * b);
|
||||
MP_API int mp_invmod (mp_int * a, mp_int * b, mp_int * c);
|
||||
int fast_mp_invmod (mp_int * a, mp_int * b, mp_int * c);
|
||||
MP_API int mp_invmod_slow (mp_int * a, mp_int * b, mp_int * c);
|
||||
MP_API int mp_cmp_mag (mp_int * a, mp_int * b);
|
||||
MP_API int mp_cmp (mp_int * a, mp_int * b);
|
||||
MP_API int mp_cmp_mag (const mp_int * a, const mp_int * b);
|
||||
MP_API int mp_cmp (const mp_int * a, const mp_int * b);
|
||||
#define mp_cmp_ct(a, b, n) mp_cmp(a, b)
|
||||
MP_API int mp_cmp_d(mp_int * a, mp_digit b);
|
||||
MP_API int mp_set (mp_int * a, mp_digit b);
|
||||
|
||||
@@ -49,35 +49,35 @@ WOLFSSL_API int wc_SignatureVerifyHash(
|
||||
enum wc_HashType hash_type, enum wc_SignatureType sig_type,
|
||||
const byte* hash_data, word32 hash_len,
|
||||
const byte* sig, word32 sig_len,
|
||||
const void* key, word32 key_len);
|
||||
void* key, word32 key_len);
|
||||
|
||||
WOLFSSL_API int wc_SignatureVerify(
|
||||
enum wc_HashType hash_type, enum wc_SignatureType sig_type,
|
||||
const byte* data, word32 data_len,
|
||||
const byte* sig, word32 sig_len,
|
||||
const void* key, word32 key_len);
|
||||
void* key, word32 key_len);
|
||||
|
||||
WOLFSSL_API int wc_SignatureGenerateHash(
|
||||
enum wc_HashType hash_type, enum wc_SignatureType sig_type,
|
||||
const byte* hash_data, word32 hash_len,
|
||||
byte* sig, word32 *sig_len,
|
||||
const void* key, word32 key_len, WC_RNG* rng);
|
||||
void* key, word32 key_len, WC_RNG* rng);
|
||||
WOLFSSL_API int wc_SignatureGenerateHash_ex(
|
||||
enum wc_HashType hash_type, enum wc_SignatureType sig_type,
|
||||
const byte* hash_data, word32 hash_len,
|
||||
byte* sig, word32 *sig_len,
|
||||
const void* key, word32 key_len, WC_RNG* rng, int verify);
|
||||
void* key, word32 key_len, WC_RNG* rng, int verify);
|
||||
WOLFSSL_API int wc_SignatureGenerate(
|
||||
enum wc_HashType hash_type, enum wc_SignatureType sig_type,
|
||||
const byte* data, word32 data_len,
|
||||
byte* sig, word32 *sig_len,
|
||||
const void* key, word32 key_len,
|
||||
void* key, word32 key_len,
|
||||
WC_RNG* rng);
|
||||
WOLFSSL_API int wc_SignatureGenerate_ex(
|
||||
enum wc_HashType hash_type, enum wc_SignatureType sig_type,
|
||||
const byte* data, word32 data_len,
|
||||
byte* sig, word32 *sig_len,
|
||||
const void* key, word32 key_len,
|
||||
void* key, word32 key_len,
|
||||
WC_RNG* rng, int verify);
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
@@ -843,7 +843,7 @@ MP_API int mp_2expt(mp_int* a, int b);
|
||||
|
||||
MP_API int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d);
|
||||
|
||||
MP_API int mp_cmp(mp_int *a, mp_int *b);
|
||||
MP_API int mp_cmp(const mp_int *a, const mp_int *b);
|
||||
#define mp_cmp_ct(a, b, n) mp_cmp(a, b)
|
||||
MP_API int mp_cmp_d(mp_int *a, mp_digit b);
|
||||
|
||||
|
||||
@@ -114,8 +114,8 @@ WOLFSSL_API int wc_Des3_CbcDecryptWithKey(byte* out,
|
||||
|
||||
#ifndef NO_PWDBASED
|
||||
WOLFSSL_LOCAL int wc_CryptKey(const char* password, int passwordSz,
|
||||
byte* salt, int saltSz, int iterations, int id, byte* input, int length,
|
||||
int version, byte* cbcIv, int enc, int shaOid);
|
||||
const byte* salt, int saltSz, int iterations, int id, byte* input,
|
||||
int length, int version, byte* cbcIv, int enc, int shaOid);
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
@@ -1808,6 +1808,18 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
|
||||
#define XFENCE() WC_DO_NOTHING
|
||||
#endif
|
||||
|
||||
#ifdef WC_BARRIER
|
||||
/* use user-supplied WC_BARRIER() definition. */
|
||||
#elif defined(__GNUC__) && !defined(WOLFSSL_NO_ASM)
|
||||
#define WC_BARRIER() __asm__ __volatile__("" ::: "memory")
|
||||
#else
|
||||
/* XFENCE() is a no-op on some targets. The fallback construct uses C89
|
||||
* intrinsics as an additional (but weak) portable barrier.
|
||||
*/
|
||||
#define WC_BARRIER() do { volatile byte _xfence = 0; (void)_xfence; XFENCE(); \
|
||||
} while(0)
|
||||
#endif
|
||||
|
||||
|
||||
/* AFTER user_settings.h is loaded,
|
||||
** determine if POSIX multi-threaded: HAVE_PTHREAD */
|
||||
|
||||
Reference in New Issue
Block a user