wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1484 from embhorn/coverity

Browse Source 
Coverity fixes
This commit is contained in:
David Garske
2018-04-06 18:18:38 -07:00
committed by GitHub
parent 6090fb9020 36b9b0b558
commit 2a460d3d05
7 changed files with 80 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/bio.c
View File

@@ -131,10 +131,10 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf,
{ {
int ret; int ret;
WOLFSSL_ENTER("wolfSSL_BIO_SSL_write"); WOLFSSL_ENTER("wolfSSL_BIO_SSL_read");
/* already got eof, again is error */ /* already got eof, again is error */
if (bio && front->eof) if ((front == NULL) || front->eof)
return WOLFSSL_FATAL_ERROR; return WOLFSSL_FATAL_ERROR;
ret = wolfSSL_read(bio->ssl, buf, len); ret = wolfSSL_read(bio->ssl, buf, len);
@@ -168,7 +168,7 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
WOLFSSL_ENTER("wolfSSL_BIO_read"); WOLFSSL_ENTER("wolfSSL_BIO_read");
/* start at end of list and work backwards */ /* start at end of list and work backwards */
while (bio->next != NULL) { while ((bio != NULL) && (bio->next != NULL)) {
bio = bio->next; bio = bio->next;
} }

2
src/crl.c
View File

@@ -247,6 +247,8 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntr
ca = GetCA(crl->cm, issuerHash); ca = GetCA(crl->cm, issuerHash);
#endif /* NO_SKID */ #endif /* NO_SKID */
if (ca == NULL) { if (ca == NULL) {
XFREE(sig, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
XFREE(tbs, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
WOLFSSL_MSG("Did NOT find CRL issuer CA"); WOLFSSL_MSG("Did NOT find CRL issuer CA");
return ASN_CRL_NO_SIGNER_E; return ASN_CRL_NO_SIGNER_E;
} }

12
src/internal.c
View File

@@ -11743,10 +11743,10 @@ static INLINE void RmdRounds(int rounds, const byte* data, int sz)
RipeMd ripemd; RipeMd ripemd;
int i; int i;
wc_InitRipeMd(&ripemd); (void)wc_InitRipeMd(&ripemd);
for (i = 0; i < rounds; i++) for (i = 0; i < rounds; i++)
wc_RipeMdUpdate(&ripemd, data, sz); (void)wc_RipeMdUpdate(&ripemd, data, sz);
} }
#endif #endif
@@ -14678,11 +14678,13 @@ int SendAlert(WOLFSSL* ssl, int severity, int type)
if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
return ret; return ret;
/* Check output buffer */
if (ssl->buffers.outputBuffer.buffer == NULL)
return BUFFER_E;
/* get output buffer */ /* get output buffer */
output = ssl->buffers.outputBuffer.buffer + output = ssl->buffers.outputBuffer.buffer +
ssl->buffers.outputBuffer.length; ssl->buffers.outputBuffer.length;
if (output == NULL)
return BUFFER_E;
input[0] = (byte)severity; input[0] = (byte)severity;
input[1] = (byte)type; input[1] = (byte)type;
@@ -18377,7 +18379,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
#endif #endif
if (ssl->peerEccKey == NULL) { if (ssl->peerEccKey == NULL) {
AllocKey(ssl, DYNAMIC_TYPE_ECC, ret = AllocKey(ssl, DYNAMIC_TYPE_ECC,
(void**)&ssl->peerEccKey); (void**)&ssl->peerEccKey);
if (ret != 0) { if (ret != 0) {
goto exit_dske; goto exit_dske;

5
src/ocsp.c
View File

@@ -651,9 +651,10 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio,
l = XFTELL(bio->file); l = XFTELL(bio->file);
if (l < 0) if (l < 0)
return NULL; return NULL;
XFSEEK(bio->file, i, SEEK_SET); if (XFSEEK(bio->file, i, SEEK_SET) != 0)
return NULL;
/* check calulated length */ /* check calculated length */
if (l - i <= 0) if (l - i <= 0)
return NULL; return NULL;

77
src/ssl.c
View File

@@ -5451,11 +5451,10 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
resetSuites = 1; resetSuites = 1;
} }
} }
#endif #else
if (!rsaKey && !eccKey && !ed25519Key) if (!rsaKey && !eccKey && !ed25519Key)
return WOLFSSL_BAD_FILE; return WOLFSSL_BAD_FILE;
#endif
(void)ed25519Key; (void)ed25519Key;
(void)devId; (void)devId;
} }
@@ -7224,7 +7223,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, unsigned char** in,
long inSz) long inSz)
{ {
WOLFSSL_EVP_PKEY* pkey = NULL; WOLFSSL_EVP_PKEY* pkey = NULL;
const unsigned char* mem = *in; const unsigned char* mem;
long memSz = inSz; long memSz = inSz;
WOLFSSL_ENTER("wolfSSL_d2i_PUBKEY"); WOLFSSL_ENTER("wolfSSL_d2i_PUBKEY");
@@ -7233,6 +7232,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, unsigned char** in,
WOLFSSL_MSG("Bad argument"); WOLFSSL_MSG("Bad argument");
return NULL; return NULL;
} }
mem = *in;
#if !defined(NO_RSA) #if !defined(NO_RSA)
{ {
@@ -7372,6 +7372,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out,
if (local->pkey.ptr == NULL) { if (local->pkey.ptr == NULL) {
wolfSSL_EVP_PKEY_free(local); wolfSSL_EVP_PKEY_free(local);
local = NULL; local = NULL;
return NULL;
} }
else { else {
XMEMCPY(local->pkey.ptr, *in + idx, inSz - idx); XMEMCPY(local->pkey.ptr, *in + idx, inSz - idx);
@@ -13594,8 +13595,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
const WOLFSSL_EVP_CIPHER* type, const byte* key, const WOLFSSL_EVP_CIPHER* type, const byte* key,
const byte* iv, int enc) const byte* iv, int enc)
{ {
int ret = -1; /* failure local, during function 0 means success int ret = 0;
because internal functions work that way */
(void)key; (void)key;
(void)iv; (void)iv;
(void)enc; (void)enc;
@@ -13615,7 +13615,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
ctx->lastUsed = 0; ctx->lastUsed = 0;
ctx->flags = 0; ctx->flags = 0;
} }
ret = 0;
#ifndef NO_AES #ifndef NO_AES
#ifdef HAVE_AES_CBC #ifdef HAVE_AES_CBC
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
@@ -13640,7 +13639,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
if (ret != 0) if (ret != 0)
return ret; return ret;
} }
ret = 0;
} }
#endif /* WOLFSSL_AES_128 */ #endif /* WOLFSSL_AES_128 */
#ifdef WOLFSSL_AES_192 #ifdef WOLFSSL_AES_192
@@ -13665,7 +13663,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
if (ret != 0) if (ret != 0)
return ret; return ret;
} }
ret = 0;
} }
#endif /* WOLFSSL_AES_192 */ #endif /* WOLFSSL_AES_192 */
#ifdef WOLFSSL_AES_256 #ifdef WOLFSSL_AES_256
@@ -13694,7 +13691,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
return ret; return ret;
} }
} }
ret = 0;
} }
#endif /* WOLFSSL_AES_256 */ #endif /* WOLFSSL_AES_256 */
#endif /* HAVE_AES_CBC */ #endif /* HAVE_AES_CBC */
@@ -13721,7 +13717,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
if (ret != 0) if (ret != 0)
return ret; return ret;
} }
ret = 0;
} }
#endif /* WOLFSSL_AES_128 */ #endif /* WOLFSSL_AES_128 */
#ifdef WOLFSSL_AES_192 #ifdef WOLFSSL_AES_192
@@ -13746,7 +13741,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
if (ret != 0) if (ret != 0)
return ret; return ret;
} }
ret = 0;
} }
#endif /* WOLFSSL_AES_192 */ #endif /* WOLFSSL_AES_192 */
#ifdef WOLFSSL_AES_256 #ifdef WOLFSSL_AES_256
@@ -13771,7 +13765,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
if (ret != 0) if (ret != 0)
return ret; return ret;
} }
ret = 0;
} }
#endif /* WOLFSSL_AES_256 */ #endif /* WOLFSSL_AES_256 */
#endif /* WOLFSSL_AES_CTR */ #endif /* WOLFSSL_AES_CTR */
@@ -13792,7 +13785,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
} }
if (ret != 0) if (ret != 0)
return ret; return ret;
ret = 0;
} }
#endif /* WOLFSSL_AES_128 */ #endif /* WOLFSSL_AES_128 */
#ifdef WOLFSSL_AES_192 #ifdef WOLFSSL_AES_192
@@ -13812,7 +13804,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
} }
if (ret != 0) if (ret != 0)
return ret; return ret;
ret = 0;
} }
#endif /* WOLFSSL_AES_192 */ #endif /* WOLFSSL_AES_192 */
#ifdef WOLFSSL_AES_256 #ifdef WOLFSSL_AES_256
@@ -13832,7 +13823,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
} }
if (ret != 0) if (ret != 0)
return ret; return ret;
ret = 0;
} }
#endif /* WOLFSSL_AES_256 */ #endif /* WOLFSSL_AES_256 */
#endif /* NO_AES */ #endif /* NO_AES */
@@ -13857,7 +13847,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
if (iv && key == NULL) if (iv && key == NULL)
wc_Des_SetIV(&ctx->cipher.des, iv); wc_Des_SetIV(&ctx->cipher.des, iv);
ret = 0;
} }
#ifdef WOLFSSL_DES_ECB #ifdef WOLFSSL_DES_ECB
else if (ctx->cipherType == DES_ECB_TYPE || else if (ctx->cipherType == DES_ECB_TYPE ||
@@ -13877,7 +13866,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
if (ret != 0) if (ret != 0)
return ret; return ret;
} }
ret = 0;
} }
#endif #endif
else if (ctx->cipherType == DES_EDE3_CBC_TYPE || else if (ctx->cipherType == DES_EDE3_CBC_TYPE ||
@@ -13903,7 +13891,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
if (ret != 0) if (ret != 0)
return ret; return ret;
} }
ret = 0;
} }
else if (ctx->cipherType == DES_EDE3_ECB_TYPE || else if (ctx->cipherType == DES_EDE3_ECB_TYPE ||
(type && (type &&
@@ -13922,7 +13909,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
if (ret != 0) if (ret != 0)
return ret; return ret;
} }
ret = 0;
} }
#endif /* NO_DES3 */ #endif /* NO_DES3 */
#ifndef NO_RC4 #ifndef NO_RC4
@@ -13937,7 +13923,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
ctx->keyLen = 16; /* default to 128 */ ctx->keyLen = 16; /* default to 128 */
if (key) if (key)
wc_Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen); wc_Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen);
ret = 0; /* success */
} }
#endif /* NO_RC4 */ #endif /* NO_RC4 */
#ifdef HAVE_IDEA #ifdef HAVE_IDEA
@@ -13961,7 +13946,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
if (iv && key == NULL) if (iv && key == NULL)
wc_IdeaSetIV(&ctx->cipher.idea, iv); wc_IdeaSetIV(&ctx->cipher.idea, iv);
ret = 0;
} }
#endif /* HAVE_IDEA */ #endif /* HAVE_IDEA */
if (ctx->cipherType == NULL_CIPHER_TYPE || (type && if (ctx->cipherType == NULL_CIPHER_TYPE || (type &&
@@ -13970,13 +13954,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
ctx->cipherType = NULL_CIPHER_TYPE; ctx->cipherType = NULL_CIPHER_TYPE;
ctx->keyLen = 0; ctx->keyLen = 0;
ctx->block_size = 16; ctx->block_size = 16;
ret = 0; /* success */
} }
(void)ret; /* remove warning. If execution reaches this point, ret=0 */
if (ret == 0)
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
else
return 0; /* overall failure */
} }
@@ -14052,7 +14032,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
case AES_192_CTR_TYPE : case AES_192_CTR_TYPE :
case AES_256_CTR_TYPE : case AES_256_CTR_TYPE :
WOLFSSL_MSG("AES CTR"); WOLFSSL_MSG("AES CTR");
wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len); ret = wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len);
break; break;
#endif /* WOLFSSL_AES_COUNTER */ #endif /* WOLFSSL_AES_COUNTER */
#endif /* NO_AES */ #endif /* NO_AES */
@@ -16865,7 +16845,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
} }
if (dataSz < 0) { if (dataSz < 0) {
sz = (int)XSTRLEN((const char*)data); sz = (int)XSTRLEN((const char*)data) + 1; /* +1 for null */
} }
else { else {
sz = dataSz; sz = dataSz;
@@ -18345,7 +18325,7 @@ WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name,
{ {
WC_PKCS12* pkcs12; WC_PKCS12* pkcs12;
WC_DerCertList* list = NULL; WC_DerCertList* list = NULL;
word32 passSz = (word32)XSTRLEN(pass); word32 passSz;
byte* keyDer; byte* keyDer;
word32 keyDerSz; word32 keyDerSz;
byte* certDer; byte* certDer;
@@ -18359,6 +18339,7 @@ WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name,
WOLFSSL_LEAVE("wolfSSL_PKCS12_create()", BAD_FUNC_ARG); WOLFSSL_LEAVE("wolfSSL_PKCS12_create()", BAD_FUNC_ARG);
return NULL; return NULL;
} }
passSz = (word32)XSTRLEN(pass);
if ((ret = wolfSSL_i2d_PrivateKey(pkey, &keyDer)) < 0) { if ((ret = wolfSSL_i2d_PrivateKey(pkey, &keyDer)) < 0) {
WOLFSSL_LEAVE("wolfSSL_PKCS12_create", ret); WOLFSSL_LEAVE("wolfSSL_PKCS12_create", ret);
@@ -18387,7 +18368,7 @@ WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name,
} }
curDer = (byte*)wolfSSL_X509_get_der(sk->data.x509, &curDerSz); curDer = (byte*)wolfSSL_X509_get_der(sk->data.x509, &curDerSz);
if (certDer == NULL || curDerSz < 0) { if (curDer == NULL || curDerSz < 0) {
XFREE(cur, NULL, DYNAMIC_TYPE_PKCS); XFREE(cur, NULL, DYNAMIC_TYPE_PKCS);
wc_FreeCertList(list, NULL); wc_FreeCertList(list, NULL);
return NULL; return NULL;
@@ -19580,7 +19561,7 @@ const char* wolfSSL_alert_desc_string_long(int alertID)
* *
* ssl WOLFSSL structure to get state of * ssl WOLFSSL structure to get state of
* *
* Retruns a human readable string of the WOLFSSL structure state * Returns a human readable string of the WOLFSSL structure state
*/ */
const char* wolfSSL_state_string_long(const WOLFSSL* ssl) const char* wolfSSL_state_string_long(const WOLFSSL* ssl)
{ {
@@ -21950,8 +21931,9 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len)
/* $RANDFILE was not set or is too large, check $HOME */ /* $RANDFILE was not set or is too large, check $HOME */
if (rt == NULL) { if (rt == NULL) {
WOLFSSL_MSG("Environment variable RANDFILE not set");
if ((rt = XGETENV("HOME")) == NULL) { if ((rt = XGETENV("HOME")) == NULL) {
WOLFSSL_MSG("Unable to get HOME variable"); WOLFSSL_MSG("Environment variable HOME not set");
return NULL; return NULL;
} }
@@ -21962,16 +21944,11 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len)
return fname; return fname;
} }
else { else {
WOLFSSL_MSG("Buffer too small"); WOLFSSL_MSG("HOME too large for buffer");
return NULL; return NULL;
} }
} }
if (rt == NULL) {
WOLFSSL_MSG("Enviroment variable RANDFILE or HOME not set");
return NULL;
}
return fname; return fname;
#else #else
/* no filesystem defined */ /* no filesystem defined */
@@ -22066,7 +22043,7 @@ int wolfSSL_RAND_write_file(const char* fname)
* *
* nm is the file path to the egd server * nm is the file path to the egd server
* *
* Retruns the number of bytes read. * Returns the number of bytes read.
*/ */
int wolfSSL_RAND_egd(const char* nm) int wolfSSL_RAND_egd(const char* nm)
{ {
@@ -22095,7 +22072,7 @@ int wolfSSL_RAND_egd(const char* nm)
} }
fd = socket(AF_UNIX, SOCK_STREAM, 0); fd = socket(AF_UNIX, SOCK_STREAM, 0);
if (fd <= 0) { if (fd < 0) {
WOLFSSL_MSG("Error creating socket"); WOLFSSL_MSG("Error creating socket");
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -22104,7 +22081,7 @@ int wolfSSL_RAND_egd(const char* nm)
} }
if (ret == WOLFSSL_SUCCESS) { if (ret == WOLFSSL_SUCCESS) {
rem.sun_family = AF_UNIX; rem.sun_family = AF_UNIX;
XMEMCPY(rem.sun_path, nm, XSTRLEN(nm)); XSTRNCPY(rem.sun_path, nm, sizeof(rem.sun_path));
} }
/* connect to egd server */ /* connect to egd server */
@@ -25070,7 +25047,7 @@ int wolfSSL_RSA_verify(int type, const unsigned char* m,
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
sigDec = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); sigDec = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if(sigRet == NULL){ if(sigDec == NULL){
WOLFSSL_MSG("Memory failure"); WOLFSSL_MSG("Memory failure");
XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
@@ -25777,7 +25754,7 @@ void wolfSSL_aes_ctr_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset,
} }
if (doset) if (doset)
wc_AesSetIV(&ctx->cipher.aes, iv); /* OpenSSL compat, no ret */ (void)wc_AesSetIV(&ctx->cipher.aes, iv); /* OpenSSL compat, no ret */
else else
XMEMCPY(iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE); XMEMCPY(iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
} }
@@ -29198,11 +29175,13 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
i = XFTELL(bp->file); i = XFTELL(bp->file);
if (i < 0) if (i < 0)
return NULL; return NULL;
XFSEEK(bp->file, 0, SEEK_END); if (XFSEEK(bp->file, 0, SEEK_END) != 0)
return NULL;
l = XFTELL(bp->file); l = XFTELL(bp->file);
if (l < 0) if (l < 0)
return NULL; return NULL;
XFSEEK(bp->file, i, SEEK_SET); if (XFSEEK(bp->file, i, SEEK_SET) != 0)
return NULL;
#else #else
WOLFSSL_MSG("Unable to read file with NO_FILESYSTEM defined"); WOLFSSL_MSG("Unable to read file with NO_FILESYSTEM defined");
return NULL; return NULL;
@@ -29211,7 +29190,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
else else
return NULL; return NULL;
/* check calulated length */ /* check calculated length */
if (l - i < 0) if (l - i < 0)
return NULL; return NULL;
pem = (unsigned char*)XMALLOC(l - i, 0, DYNAMIC_TYPE_PEM); pem = (unsigned char*)XMALLOC(l - i, 0, DYNAMIC_TYPE_PEM);
@@ -29227,8 +29206,8 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
if (i > 26 && XMEMCMP((char *)&pem[i-26], END_CERT, 25) == 0) { if (i > 26 && XMEMCMP((char *)&pem[i-26], END_CERT, 25) == 0) {
if (pem[i-1] == '\r') { if (pem[i-1] == '\r') {
/* found \r , Windows line ending is \r\n so try to read one /* found \r , Windows line ending is \r\n so try to read one
* more byte for \n */ * more byte for \n, ignoring return value */
wolfSSL_BIO_read(bp, (char *)&pem[i++], 1); (void)wolfSSL_BIO_read(bp, (char *)&pem[i++], 1);
} }
break; break;
} }

29
src/tls.c
View File

@@ -5319,18 +5319,22 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
/* Make an ECC key. */ /* Make an ECC key. */
ret = wc_curve25519_init(key); ret = wc_curve25519_init(key);
if (ret != 0) if (ret != 0) {
eccKey = (ecc_key*)key; /* assign for freeing key */
goto end; goto end;
}
ret = wc_curve25519_make_key(ssl->rng, keySize, key); ret = wc_curve25519_make_key(ssl->rng, keySize, key);
if (ret != 0) if (ret != 0) {
eccKey = (ecc_key*)key; /* assign for freeing key */
goto end; goto end;
}
/* Allocate space for the public key. */ /* Allocate space for the public key. */
keyData = (byte*)XMALLOC(dataSize, ssl->heap, keyData = (byte*)XMALLOC(dataSize, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY); DYNAMIC_TYPE_PUBLIC_KEY);
if (keyData == NULL) { if (keyData == NULL) {
WOLFSSL_MSG("Key data Memory error"); WOLFSSL_MSG("Key data Memory error");
ret = MEMORY_E; ret = MEMORY_E;
eccKey = (ecc_key*)key; /* assign for freeing key */
goto end; goto end;
} }
@@ -5338,6 +5342,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
if (wc_curve25519_export_public_ex(key, keyData, &dataSize, if (wc_curve25519_export_public_ex(key, keyData, &dataSize,
EC25519_LITTLE_ENDIAN) != 0) { EC25519_LITTLE_ENDIAN) != 0) {
ret = ECC_EXPORT_ERROR; ret = ECC_EXPORT_ERROR;
eccKey = (ecc_key*)key; /* assign for freeing key */
goto end; goto end;
} }
@@ -5722,27 +5727,28 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
return MEMORY_ERROR; return MEMORY_ERROR;
} }
ret = wc_curve25519_init(peerEccKey); ret = wc_curve25519_init(peerEccKey);
if (ret != 0) if (ret == 0) {
return ret;
#ifdef WOLFSSL_DEBUG_TLS #ifdef WOLFSSL_DEBUG_TLS
WOLFSSL_MSG("Peer Curve25519 Key"); WOLFSSL_MSG("Peer Curve25519 Key");
WOLFSSL_BUFFER(keyShareEntry->ke, keyShareEntry->keLen); WOLFSSL_BUFFER(keyShareEntry->ke, keyShareEntry->keLen);
#endif #endif
/* Point is validated by import function. */ /* Point is validated by import function. */
if (wc_curve25519_import_public_ex(keyShareEntry->ke, if (wc_curve25519_import_public_ex(keyShareEntry->ke,
keyShareEntry->keLen, peerEccKey, keyShareEntry->keLen, peerEccKey,
EC25519_LITTLE_ENDIAN) != 0) { EC25519_LITTLE_ENDIAN) != 0) {
return ECC_PEERKEY_ERROR; ret = ECC_PEERKEY_ERROR;
} }
else {
ssl->arrays->preMasterSz = ENCRYPT_LEN; ssl->arrays->preMasterSz = ENCRYPT_LEN;
ret = wc_curve25519_shared_secret_ex(key, peerEccKey, ret = wc_curve25519_shared_secret_ex(key, peerEccKey,
ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz, ssl->arrays->preMasterSecret,
&ssl->arrays->preMasterSz,
EC25519_LITTLE_ENDIAN); EC25519_LITTLE_ENDIAN);
wc_curve25519_free(peerEccKey); wc_curve25519_free(peerEccKey);
XFREE(peerEccKey, ssl->heap, DYNAMIC_TYPE_TLSX);
ssl->ecdhCurveOID = ECC_X25519_OID; ssl->ecdhCurveOID = ECC_X25519_OID;
}
}
XFREE(peerEccKey, ssl->heap, DYNAMIC_TYPE_TLSX);
return ret; return ret;
} }
#endif #endif
@@ -8164,9 +8170,6 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
(void)public_key_len; (void)public_key_len;
(void)ssl; (void)ssl;
if (ret == WOLFSSL_SUCCESS)
ret = 0;
return ret; return ret;
} }

15
src/tls13.c
View File

@@ -953,7 +953,7 @@ static const byte writeIVLabel[WRITE_IV_LABEL_SZ+1] = "iv";
*/ */
static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store) static int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
{ {
int ret; int ret = BAD_FUNC_ARG; /* Assume failure */
int i = 0; int i = 0;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
byte* key_dig; byte* key_dig;
@@ -2012,12 +2012,15 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
switch (ssl->options.buildMsgState) { switch (ssl->options.buildMsgState) {
case BUILD_MSG_BEGIN: case BUILD_MSG_BEGIN:
{ {
if (output == NULL || input == NULL)
return BAD_FUNC_ARG;
/* catch mistaken sizeOnly parameter */ /* catch mistaken sizeOnly parameter */
if (sizeOnly && (output || input)) { if (sizeOnly) {
WOLFSSL_MSG("BuildTls13Message with sizeOnly doesn't need " if (output || input) {
"input or output"); WOLFSSL_MSG("BuildTls13Message with sizeOnly "
"doesn't need input or output");
return BAD_FUNC_ARG;
}
}
else if (output == NULL || input == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }