diff --git a/src/internal.c b/src/internal.c index bcdd1b01a..824d64099 100644 --- a/src/internal.c +++ b/src/internal.c @@ -30725,7 +30725,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, case INVALID_PARAMETER: case HRR_COOKIE_ERROR: return illegal_parameter; - break; case INCOMPLETE_DATA: return missing_extension; case MATCH_SUITE_ERROR: @@ -34796,11 +34795,13 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifdef WOLFSSL_32BIT_MILLI_TIME ato32(it->timestamp, &ssl->session->ticketSeen); #else - word32 seenHi, seenLo; + { + word32 seenHi, seenLo; - ato32(it->timestamp , &seenHi); - ato32(it->timestamp + OPAQUE32_LEN, &seenLo); - ssl->session->ticketSeen = ((sword64)seenHi << 32) + seenLo; + ato32(it->timestamp , &seenHi); + ato32(it->timestamp + OPAQUE32_LEN, &seenLo); + ssl->session->ticketSeen = ((sword64)seenHi << 32) + seenLo; + } #endif ato32(it->ageAdd, &ssl->session->ticketAdd); ssl->session->cipherSuite0 = it->suite[0]; diff --git a/src/tls.c b/src/tls.c index 0c0a52528..fdb178c66 100644 --- a/src/tls.c +++ b/src/tls.c @@ -4897,7 +4897,6 @@ int TLSX_SupportedCurve_Copy(TLSX* src, TLSX** dst, void* heap) extension = TLSX_Find(src, TLSX_SUPPORTED_GROUPS); if (extension != NULL) { SupportedCurve* curve; - curve = (SupportedCurve*)extension->data; for (curve = (SupportedCurve*)extension->data; curve != NULL; curve = curve->next) { ret = TLSX_UseSupportedCurve(dst, curve->name, heap); diff --git a/src/tls13.c b/src/tls13.c index 78da84a58..5c3cec4cf 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -3351,8 +3351,10 @@ int CreateCookieExt(const WOLFSSL* ssl, byte* hash, word16 hashSz, /* Cookie Data = Hash Len | Hash | CS | KeyShare Group */ cookie[cookieSz++] = (byte)hashSz; - XMEMCPY(cookie + cookieSz, hash, hashSz); - cookieSz += hashSz; + if (hashSz > 0) { + XMEMCPY(cookie + cookieSz, hash, hashSz); + cookieSz += hashSz; + } cookie[cookieSz++] = cipherSuite0; cookie[cookieSz++] = cipherSuite; if ((ext = TLSX_Find(*exts, TLSX_KEY_SHARE)) != NULL) { diff --git a/tests/api.c b/tests/api.c index bdc068bb1..d8ffb7627 100644 --- a/tests/api.c +++ b/tests/api.c @@ -28661,8 +28661,10 @@ static int test_wc_PKCS7_VerifySignedData(void) struct tm timearg; time_t now; struct tm* nowTm = NULL; +#ifdef NEED_TMP_TIME struct tm tmpTimeStorage; struct tm* tmpTime = &tmpTimeStorage; +#endif #endif /* !NO_ASN && !NO_ASN_TIME */ /* Success test with RSA certs/key */ @@ -31452,7 +31454,6 @@ static int test_wc_KeyPemToDer(void) AssertIntLE(ret, cert_sz); free(cert_der); cert_der = NULL; - ret = 0; } } @@ -31505,7 +31506,6 @@ static int test_wc_PubKeyPemToDer(void) AssertIntGE(ret, 0); free(cert_der); cert_der = NULL; - ret = 0; } } diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c index 36f2ae0c6..46079da94 100644 --- a/wolfcrypt/src/pkcs12.c +++ b/wolfcrypt/src/pkcs12.c @@ -156,14 +156,11 @@ static void freeSafe(AuthenticatedSafe* safe, void* heap) ContentInfo* ci = safe->CI; safe->CI = ci->next; XFREE(ci, heap, DYNAMIC_TYPE_PKCS); - ci = NULL; } if (safe->data != NULL) { XFREE(safe->data, heap, DYNAMIC_TYPE_PKCS); - safe->data = NULL; } XFREE(safe, heap, DYNAMIC_TYPE_PKCS); - safe = NULL; (void)heap; } @@ -188,29 +185,23 @@ void wc_PKCS12_free(WC_PKCS12* pkcs12) if (pkcs12->signData != NULL) { if (pkcs12->signData->digest != NULL) { XFREE(pkcs12->signData->digest, heap, DYNAMIC_TYPE_DIGEST); - pkcs12->signData->digest = NULL; } if (pkcs12->signData->salt != NULL) { XFREE(pkcs12->signData->salt, heap, DYNAMIC_TYPE_SALT); - pkcs12->signData->salt = NULL; } XFREE(pkcs12->signData, heap, DYNAMIC_TYPE_PKCS); - pkcs12->signData = NULL; } #ifdef ASN_BER_TO_DER if (pkcs12->der != NULL) { XFREE(pkcs12->der, pkcs12->heap, DYNAMIC_TYPE_PKCS); - pkcs12->der = NULL; } if (pkcs12->safeDer != NULL) { XFREE(pkcs12->safeDer, pkcs12->heap, DYNAMIC_TYPE_PKCS); - pkcs12->safeDer = NULL; } #endif XFREE(pkcs12, NULL, DYNAMIC_TYPE_PKCS); - pkcs12 = NULL; } @@ -297,8 +288,8 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input, #ifdef ASN_BER_TO_DER if (pkcs12->indefinite) { - if ((ret = wc_BerToDer(input, safe->dataSz, NULL, - &pkcs12->safeDersz)) != LENGTH_ONLY_E) { + if (wc_BerToDer(input, safe->dataSz, NULL, + &pkcs12->safeDersz) != LENGTH_ONLY_E) { WOLFSSL_MSG("Not BER sequence"); return ASN_PARSE_E; } @@ -311,6 +302,10 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input, } ret = wc_BerToDer(input, safe->dataSz, pkcs12->safeDer, &pkcs12->safeDersz); + if (ret < 0) { + freeSafe(safe, pkcs12->heap); + return ret; + } input = pkcs12->safeDer; } @@ -707,36 +702,36 @@ int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12) #ifdef ASN_BER_TO_DER if (size == 0) { - if ((ret = wc_BerToDer(der, totalSz, NULL, - (word32*)&size)) != LENGTH_ONLY_E) { + if (wc_BerToDer(der, totalSz, NULL, + (word32*)&size) != LENGTH_ONLY_E) { WOLFSSL_MSG("Not BER sequence"); return ASN_PARSE_E; } - pkcs12->der = (byte*)XMALLOC(size, pkcs12->heap, DYNAMIC_TYPE_PKCS); - if (pkcs12->der == NULL) - return MEMORY_E; - ret = wc_BerToDer(der, derSz, pkcs12->der, (word32*)&size); - if (ret < 0) { - return ret; - } + pkcs12->der = (byte*)XMALLOC(size, pkcs12->heap, DYNAMIC_TYPE_PKCS); + if (pkcs12->der == NULL) + return MEMORY_E; + ret = wc_BerToDer(der, derSz, pkcs12->der, (word32*)&size); + if (ret < 0) { + return ret; + } - der = pkcs12->der; - derSz = pkcs12->derSz = size; - totalSz = size; - idx = 0; + der = pkcs12->der; + pkcs12->derSz = size; + totalSz = size; + idx = 0; - if ((ret = GetSequence(der, &idx, &size, totalSz)) < 0) { - WOLFSSL_MSG("Failed to get PKCS12 sequence"); - return ASN_PARSE_E; - } + if (GetSequence(der, &idx, &size, totalSz) < 0) { + WOLFSSL_MSG("Failed to get PKCS12 sequence"); + return ASN_PARSE_E; + } - /* get version */ - if ((ret = GetMyVersion(der, &idx, &version, totalSz)) < 0) { - return ret; - } + /* get version */ + if ((ret = GetMyVersion(der, &idx, &version, totalSz)) < 0) { + return ret; + } - pkcs12->indefinite = 1; + pkcs12->indefinite = 1; } else @@ -772,7 +767,7 @@ int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12) #ifdef ASN_BER_TO_DER /* If indef, skip EOF */ if (pkcs12->indefinite) { - while(der[idx] == ASN_EOC && idx < totalSz) { + while((idx < totalSz) && (der[idx] == ASN_EOC)) { idx+=1; } } @@ -1280,10 +1275,12 @@ static int PKCS12_CoalesceOctetStrings(WC_PKCS12* pkcs12, byte* data, *idx += SetLength(mergedSz, &data[*idx]); - /* Copy over concatonated octet strings into data buffer */ - XMEMCPY(&data[*idx], mergedData, mergedSz); + if (mergedSz > 0) { + /* Copy over concatonated octet strings into data buffer */ + XMEMCPY(&data[*idx], mergedData, mergedSz); - XFREE(mergedData, pkcs12->heap, DYNAMIC_TYPE_PKCS); + XFREE(mergedData, pkcs12->heap, DYNAMIC_TYPE_PKCS); + } return ret; } diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c index 30fd4db25..aa4b441d8 100644 --- a/wolfcrypt/src/tfm.c +++ b/wolfcrypt/src/tfm.c @@ -5933,4 +5933,4 @@ void mp_memzero_check(mp_int* a) } #endif /* WOLFSSL_CHECK_MEM_ZERO */ -#endif /* USE_FAST_MATH */ \ No newline at end of file +#endif /* USE_FAST_MATH */ diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 902ed9475..eaa7e60ab 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2674,13 +2674,13 @@ WOLFSSL_LOCAL int GetEchConfigsEx(WOLFSSL_EchConfig* configs, byte* output, word32* outputLen); #endif -typedef struct TLSX { +struct TLSX { TLSX_Type type; /* Extension Type */ void* data; /* Extension Data */ word32 val; /* Extension Value */ byte resp; /* IsResponse Flag */ struct TLSX* next; /* List Behavior */ -} TLSX; +}; WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type); WOLFSSL_LOCAL void TLSX_Remove(TLSX** list, TLSX_Type type, void* heap); @@ -4229,7 +4229,7 @@ enum cipherState { CIPHER_STATE_END, }; -typedef struct Options { +struct Options { #ifndef NO_PSK wc_psk_client_callback client_psk_cb; wc_psk_server_callback server_psk_cb; @@ -4444,7 +4444,7 @@ typedef struct Options { #ifdef WOLFSSL_TLS13 byte oldMinor; /* client preferred version < TLS 1.3 */ #endif -} Options; +}; typedef struct Arrays { byte* pendingMsg; /* defrag buffer */