diff --git a/src/bio.c b/src/bio.c index 16b099eca..e26c9afef 100644 --- a/src/bio.c +++ b/src/bio.c @@ -131,10 +131,10 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf, { int ret; - WOLFSSL_ENTER("wolfSSL_BIO_SSL_write"); + WOLFSSL_ENTER("wolfSSL_BIO_SSL_read"); /* already got eof, again is error */ - if (bio && front->eof) + if ((front == NULL) || front->eof) return WOLFSSL_FATAL_ERROR; ret = wolfSSL_read(bio->ssl, buf, len); @@ -168,7 +168,7 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) WOLFSSL_ENTER("wolfSSL_BIO_read"); /* start at end of list and work backwards */ - while (bio->next != NULL) { + while ((bio != NULL) && (bio->next != NULL)) { bio = bio->next; } diff --git a/src/crl.c b/src/crl.c index 42e3e50e2..fd7a2e99b 100644 --- a/src/crl.c +++ b/src/crl.c @@ -247,6 +247,8 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntr ca = GetCA(crl->cm, issuerHash); #endif /* NO_SKID */ if (ca == NULL) { + XFREE(sig, crl->heap, DYNAMIC_TYPE_CRL_ENTRY); + XFREE(tbs, crl->heap, DYNAMIC_TYPE_CRL_ENTRY); WOLFSSL_MSG("Did NOT find CRL issuer CA"); return ASN_CRL_NO_SIGNER_E; } diff --git a/src/internal.c b/src/internal.c index 91ed63fb6..7efd983cd 100644 --- a/src/internal.c +++ b/src/internal.c @@ -11743,10 +11743,10 @@ static INLINE void RmdRounds(int rounds, const byte* data, int sz) RipeMd ripemd; int i; - wc_InitRipeMd(&ripemd); + (void)wc_InitRipeMd(&ripemd); for (i = 0; i < rounds; i++) - wc_RipeMdUpdate(&ripemd, data, sz); + (void)wc_RipeMdUpdate(&ripemd, data, sz); } #endif @@ -14678,11 +14678,13 @@ int SendAlert(WOLFSSL* ssl, int severity, int type) if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) return ret; + /* Check output buffer */ + if (ssl->buffers.outputBuffer.buffer == NULL) + return BUFFER_E; + /* get output buffer */ output = ssl->buffers.outputBuffer.buffer + ssl->buffers.outputBuffer.length; - if (output == NULL) - return BUFFER_E; input[0] = (byte)severity; input[1] = (byte)type; @@ -18377,7 +18379,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, #endif if (ssl->peerEccKey == NULL) { - AllocKey(ssl, DYNAMIC_TYPE_ECC, + ret = AllocKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccKey); if (ret != 0) { goto exit_dske; diff --git a/src/ocsp.c b/src/ocsp.c index e7bb54290..c5d672b69 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -651,9 +651,10 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio, l = XFTELL(bio->file); if (l < 0) return NULL; - XFSEEK(bio->file, i, SEEK_SET); + if (XFSEEK(bio->file, i, SEEK_SET) != 0) + return NULL; - /* check calulated length */ + /* check calculated length */ if (l - i <= 0) return NULL; diff --git a/src/ssl.c b/src/ssl.c index 79d31af7a..41eec8a84 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5451,11 +5451,10 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, resetSuites = 1; } } - #endif - + #else if (!rsaKey && !eccKey && !ed25519Key) return WOLFSSL_BAD_FILE; - + #endif (void)ed25519Key; (void)devId; } @@ -7224,7 +7223,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, unsigned char** in, long inSz) { WOLFSSL_EVP_PKEY* pkey = NULL; - const unsigned char* mem = *in; + const unsigned char* mem; long memSz = inSz; WOLFSSL_ENTER("wolfSSL_d2i_PUBKEY"); @@ -7233,6 +7232,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, unsigned char** in, WOLFSSL_MSG("Bad argument"); return NULL; } + mem = *in; #if !defined(NO_RSA) { @@ -7372,6 +7372,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, if (local->pkey.ptr == NULL) { wolfSSL_EVP_PKEY_free(local); local = NULL; + return NULL; } else { XMEMCPY(local->pkey.ptr, *in + idx, inSz - idx); @@ -13594,8 +13595,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) const WOLFSSL_EVP_CIPHER* type, const byte* key, const byte* iv, int enc) { - int ret = -1; /* failure local, during function 0 means success - because internal functions work that way */ + int ret = 0; (void)key; (void)iv; (void)enc; @@ -13615,7 +13615,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->lastUsed = 0; ctx->flags = 0; } - ret = 0; #ifndef NO_AES #ifdef HAVE_AES_CBC #ifdef WOLFSSL_AES_128 @@ -13640,7 +13639,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (ret != 0) return ret; } - ret = 0; } #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 @@ -13665,7 +13663,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (ret != 0) return ret; } - ret = 0; } #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 @@ -13694,7 +13691,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) return ret; } } - ret = 0; } #endif /* WOLFSSL_AES_256 */ #endif /* HAVE_AES_CBC */ @@ -13721,7 +13717,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (ret != 0) return ret; } - ret = 0; } #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 @@ -13746,7 +13741,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (ret != 0) return ret; } - ret = 0; } #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 @@ -13771,7 +13765,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (ret != 0) return ret; } - ret = 0; } #endif /* WOLFSSL_AES_256 */ #endif /* WOLFSSL_AES_CTR */ @@ -13792,7 +13785,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) } if (ret != 0) return ret; - ret = 0; } #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 @@ -13812,7 +13804,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) } if (ret != 0) return ret; - ret = 0; } #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 @@ -13832,7 +13823,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) } if (ret != 0) return ret; - ret = 0; } #endif /* WOLFSSL_AES_256 */ #endif /* NO_AES */ @@ -13857,7 +13847,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (iv && key == NULL) wc_Des_SetIV(&ctx->cipher.des, iv); - ret = 0; } #ifdef WOLFSSL_DES_ECB else if (ctx->cipherType == DES_ECB_TYPE || @@ -13877,7 +13866,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (ret != 0) return ret; } - ret = 0; } #endif else if (ctx->cipherType == DES_EDE3_CBC_TYPE || @@ -13903,7 +13891,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (ret != 0) return ret; } - ret = 0; } else if (ctx->cipherType == DES_EDE3_ECB_TYPE || (type && @@ -13922,7 +13909,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (ret != 0) return ret; } - ret = 0; } #endif /* NO_DES3 */ #ifndef NO_RC4 @@ -13937,7 +13923,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->keyLen = 16; /* default to 128 */ if (key) wc_Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen); - ret = 0; /* success */ } #endif /* NO_RC4 */ #ifdef HAVE_IDEA @@ -13961,7 +13946,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (iv && key == NULL) wc_IdeaSetIV(&ctx->cipher.idea, iv); - ret = 0; } #endif /* HAVE_IDEA */ if (ctx->cipherType == NULL_CIPHER_TYPE || (type && @@ -13970,13 +13954,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->cipherType = NULL_CIPHER_TYPE; ctx->keyLen = 0; ctx->block_size = 16; - ret = 0; /* success */ } - - if (ret == 0) - return WOLFSSL_SUCCESS; - else - return 0; /* overall failure */ + (void)ret; /* remove warning. If execution reaches this point, ret=0 */ + return WOLFSSL_SUCCESS; } @@ -14052,7 +14032,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) case AES_192_CTR_TYPE : case AES_256_CTR_TYPE : WOLFSSL_MSG("AES CTR"); - wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len); + ret = wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len); break; #endif /* WOLFSSL_AES_COUNTER */ #endif /* NO_AES */ @@ -16865,7 +16845,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) } if (dataSz < 0) { - sz = (int)XSTRLEN((const char*)data); + sz = (int)XSTRLEN((const char*)data) + 1; /* +1 for null */ } else { sz = dataSz; @@ -18345,7 +18325,7 @@ WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name, { WC_PKCS12* pkcs12; WC_DerCertList* list = NULL; - word32 passSz = (word32)XSTRLEN(pass); + word32 passSz; byte* keyDer; word32 keyDerSz; byte* certDer; @@ -18359,6 +18339,7 @@ WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name, WOLFSSL_LEAVE("wolfSSL_PKCS12_create()", BAD_FUNC_ARG); return NULL; } + passSz = (word32)XSTRLEN(pass); if ((ret = wolfSSL_i2d_PrivateKey(pkey, &keyDer)) < 0) { WOLFSSL_LEAVE("wolfSSL_PKCS12_create", ret); @@ -18387,7 +18368,7 @@ WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name, } curDer = (byte*)wolfSSL_X509_get_der(sk->data.x509, &curDerSz); - if (certDer == NULL || curDerSz < 0) { + if (curDer == NULL || curDerSz < 0) { XFREE(cur, NULL, DYNAMIC_TYPE_PKCS); wc_FreeCertList(list, NULL); return NULL; @@ -19580,7 +19561,7 @@ const char* wolfSSL_alert_desc_string_long(int alertID) * * ssl WOLFSSL structure to get state of * - * Retruns a human readable string of the WOLFSSL structure state + * Returns a human readable string of the WOLFSSL structure state */ const char* wolfSSL_state_string_long(const WOLFSSL* ssl) { @@ -21950,8 +21931,9 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len) /* $RANDFILE was not set or is too large, check $HOME */ if (rt == NULL) { + WOLFSSL_MSG("Environment variable RANDFILE not set"); if ((rt = XGETENV("HOME")) == NULL) { - WOLFSSL_MSG("Unable to get HOME variable"); + WOLFSSL_MSG("Environment variable HOME not set"); return NULL; } @@ -21962,16 +21944,11 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len) return fname; } else { - WOLFSSL_MSG("Buffer too small"); + WOLFSSL_MSG("HOME too large for buffer"); return NULL; } } - if (rt == NULL) { - WOLFSSL_MSG("Enviroment variable RANDFILE or HOME not set"); - return NULL; - } - return fname; #else /* no filesystem defined */ @@ -22066,7 +22043,7 @@ int wolfSSL_RAND_write_file(const char* fname) * * nm is the file path to the egd server * - * Retruns the number of bytes read. + * Returns the number of bytes read. */ int wolfSSL_RAND_egd(const char* nm) { @@ -22095,7 +22072,7 @@ int wolfSSL_RAND_egd(const char* nm) } fd = socket(AF_UNIX, SOCK_STREAM, 0); - if (fd <= 0) { + if (fd < 0) { WOLFSSL_MSG("Error creating socket"); #ifdef WOLFSSL_SMALL_STACK XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -22104,7 +22081,7 @@ int wolfSSL_RAND_egd(const char* nm) } if (ret == WOLFSSL_SUCCESS) { rem.sun_family = AF_UNIX; - XMEMCPY(rem.sun_path, nm, XSTRLEN(nm)); + XSTRNCPY(rem.sun_path, nm, sizeof(rem.sun_path)); } /* connect to egd server */ @@ -25070,7 +25047,7 @@ int wolfSSL_RSA_verify(int type, const unsigned char* m, return WOLFSSL_FAILURE; } sigDec = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if(sigRet == NULL){ + if(sigDec == NULL){ WOLFSSL_MSG("Memory failure"); XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FAILURE; @@ -25777,7 +25754,7 @@ void wolfSSL_aes_ctr_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset, } if (doset) - wc_AesSetIV(&ctx->cipher.aes, iv); /* OpenSSL compat, no ret */ + (void)wc_AesSetIV(&ctx->cipher.aes, iv); /* OpenSSL compat, no ret */ else XMEMCPY(iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE); } @@ -29198,11 +29175,13 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) i = XFTELL(bp->file); if (i < 0) return NULL; - XFSEEK(bp->file, 0, SEEK_END); + if (XFSEEK(bp->file, 0, SEEK_END) != 0) + return NULL; l = XFTELL(bp->file); if (l < 0) return NULL; - XFSEEK(bp->file, i, SEEK_SET); + if (XFSEEK(bp->file, i, SEEK_SET) != 0) + return NULL; #else WOLFSSL_MSG("Unable to read file with NO_FILESYSTEM defined"); return NULL; @@ -29211,7 +29190,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) else return NULL; - /* check calulated length */ + /* check calculated length */ if (l - i < 0) return NULL; pem = (unsigned char*)XMALLOC(l - i, 0, DYNAMIC_TYPE_PEM); @@ -29227,8 +29206,8 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) if (i > 26 && XMEMCMP((char *)&pem[i-26], END_CERT, 25) == 0) { if (pem[i-1] == '\r') { /* found \r , Windows line ending is \r\n so try to read one - * more byte for \n */ - wolfSSL_BIO_read(bp, (char *)&pem[i++], 1); + * more byte for \n, ignoring return value */ + (void)wolfSSL_BIO_read(bp, (char *)&pem[i++], 1); } break; } diff --git a/src/tls.c b/src/tls.c index 5b72f134a..687f20f9d 100755 --- a/src/tls.c +++ b/src/tls.c @@ -5319,18 +5319,22 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) /* Make an ECC key. */ ret = wc_curve25519_init(key); - if (ret != 0) + if (ret != 0) { + eccKey = (ecc_key*)key; /* assign for freeing key */ goto end; + } ret = wc_curve25519_make_key(ssl->rng, keySize, key); - if (ret != 0) + if (ret != 0) { + eccKey = (ecc_key*)key; /* assign for freeing key */ goto end; - + } /* Allocate space for the public key. */ keyData = (byte*)XMALLOC(dataSize, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (keyData == NULL) { WOLFSSL_MSG("Key data Memory error"); ret = MEMORY_E; + eccKey = (ecc_key*)key; /* assign for freeing key */ goto end; } @@ -5338,6 +5342,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) if (wc_curve25519_export_public_ex(key, keyData, &dataSize, EC25519_LITTLE_ENDIAN) != 0) { ret = ECC_EXPORT_ERROR; + eccKey = (ecc_key*)key; /* assign for freeing key */ goto end; } @@ -5722,27 +5727,28 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) return MEMORY_ERROR; } ret = wc_curve25519_init(peerEccKey); - if (ret != 0) - return ret; + if (ret == 0) { #ifdef WOLFSSL_DEBUG_TLS - WOLFSSL_MSG("Peer Curve25519 Key"); - WOLFSSL_BUFFER(keyShareEntry->ke, keyShareEntry->keLen); + WOLFSSL_MSG("Peer Curve25519 Key"); + WOLFSSL_BUFFER(keyShareEntry->ke, keyShareEntry->keLen); #endif - - /* Point is validated by import function. */ - if (wc_curve25519_import_public_ex(keyShareEntry->ke, - keyShareEntry->keLen, peerEccKey, - EC25519_LITTLE_ENDIAN) != 0) { - return ECC_PEERKEY_ERROR; + /* Point is validated by import function. */ + if (wc_curve25519_import_public_ex(keyShareEntry->ke, + keyShareEntry->keLen, peerEccKey, + EC25519_LITTLE_ENDIAN) != 0) { + ret = ECC_PEERKEY_ERROR; + } + else { + ssl->arrays->preMasterSz = ENCRYPT_LEN; + ret = wc_curve25519_shared_secret_ex(key, peerEccKey, + ssl->arrays->preMasterSecret, + &ssl->arrays->preMasterSz, + EC25519_LITTLE_ENDIAN); + wc_curve25519_free(peerEccKey); + ssl->ecdhCurveOID = ECC_X25519_OID; + } } - - ssl->arrays->preMasterSz = ENCRYPT_LEN; - ret = wc_curve25519_shared_secret_ex(key, peerEccKey, - ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz, - EC25519_LITTLE_ENDIAN); - wc_curve25519_free(peerEccKey); XFREE(peerEccKey, ssl->heap, DYNAMIC_TYPE_TLSX); - ssl->ecdhCurveOID = ECC_X25519_OID; return ret; } #endif @@ -8164,9 +8170,6 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) (void)public_key_len; (void)ssl; - if (ret == WOLFSSL_SUCCESS) - ret = 0; - return ret; } diff --git a/src/tls13.c b/src/tls13.c index 73838b38c..7185e07f5 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -953,7 +953,7 @@ static const byte writeIVLabel[WRITE_IV_LABEL_SZ+1] = "iv"; */ static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store) { - int ret; + int ret = BAD_FUNC_ARG; /* Assume failure */ int i = 0; #ifdef WOLFSSL_SMALL_STACK byte* key_dig; @@ -2012,12 +2012,15 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, switch (ssl->options.buildMsgState) { case BUILD_MSG_BEGIN: { - if (output == NULL || input == NULL) - return BAD_FUNC_ARG; - /* catch mistaken sizeOnly parameter */ - if (sizeOnly && (output || input)) { - WOLFSSL_MSG("BuildTls13Message with sizeOnly doesn't need " - "input or output"); + /* catch mistaken sizeOnly parameter */ + if (sizeOnly) { + if (output || input) { + WOLFSSL_MSG("BuildTls13Message with sizeOnly " + "doesn't need input or output"); + return BAD_FUNC_ARG; + } + } + else if (output == NULL || input == NULL) { return BAD_FUNC_ARG; }