diff --git a/src/internal.c b/src/internal.c index 28fde038cd..48166e53bc 100755 --- a/src/internal.c +++ b/src/internal.c @@ -5327,9 +5327,13 @@ int SendBuffered(WOLFSSL* ssl) static INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size) { byte* tmp; +#if WOLFSSL_GENERAL_ALIGNMENT > 0 byte hdrSz = ssl->options.dtls ? DTLS_RECORD_HEADER_SZ : RECORD_HEADER_SZ; - byte align = WOLFSSL_GENERAL_ALIGNMENT; +#endif + const byte align = WOLFSSL_GENERAL_ALIGNMENT; + +#if WOLFSSL_GENERAL_ALIGNMENT > 0 /* the encrypted data will be offset from the front of the buffer by the header, if the user wants encrypted alignment they need to define their alignment requirement */ @@ -5338,14 +5342,19 @@ static INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size) while (align < hdrSz) align *= 2; } +#endif - tmp = (byte*) XMALLOC(size + ssl->buffers.outputBuffer.length + align, - ssl->heap, DYNAMIC_TYPE_OUT_BUFFER); + tmp = (byte*)XMALLOC(size + ssl->buffers.outputBuffer.length + align, + ssl->heap, DYNAMIC_TYPE_OUT_BUFFER); WOLFSSL_MSG("growing output buffer\n"); - if (!tmp) return MEMORY_E; + if (tmp == NULL) + return MEMORY_E; + +#if WOLFSSL_GENERAL_ALIGNMENT > 0 if (align) tmp += align - hdrSz; +#endif if (ssl->buffers.outputBuffer.length) XMEMCPY(tmp, ssl->buffers.outputBuffer.buffer, @@ -5356,10 +5365,14 @@ static INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size) ssl->buffers.outputBuffer.offset, ssl->heap, DYNAMIC_TYPE_OUT_BUFFER); ssl->buffers.outputBuffer.dynamicFlag = 1; + +#if WOLFSSL_GENERAL_ALIGNMENT > 0 if (align) ssl->buffers.outputBuffer.offset = align - hdrSz; else +#endif ssl->buffers.outputBuffer.offset = 0; + ssl->buffers.outputBuffer.buffer = tmp; ssl->buffers.outputBuffer.bufferSize = size + ssl->buffers.outputBuffer.length; @@ -5371,8 +5384,14 @@ static INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size) int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength) { byte* tmp; - byte hdrSz = DTLS_RECORD_HEADER_SZ; +#ifdef WOLFSSL_DTLS byte align = ssl->options.dtls ? WOLFSSL_GENERAL_ALIGNMENT : 0; + byte hdrSz = DTLS_RECORD_HEADER_SZ; +#else + const byte align = WOLFSSL_GENERAL_ALIGNMENT; +#endif + +#if defined(WOLFSSL_DTLS) || WOLFSSL_GENERAL_ALIGNMENT > 0 /* the encrypted data will be offset from the front of the buffer by the dtls record header, if the user wants encrypted alignment they need to define their alignment requirement. in tls we read record header @@ -5382,19 +5401,24 @@ int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength) while (align < hdrSz) align *= 2; } +#endif if (usedLength < 0 || size < 0) { WOLFSSL_MSG("GrowInputBuffer() called with negative number"); return BAD_FUNC_ARG; } - tmp = (byte*) XMALLOC(size + usedLength + align, ssl->heap, - DYNAMIC_TYPE_IN_BUFFER); + tmp = (byte*)XMALLOC(size + usedLength + align, + ssl->heap, DYNAMIC_TYPE_IN_BUFFER); WOLFSSL_MSG("growing input buffer\n"); - if (!tmp) return MEMORY_E; + if (tmp == NULL) + return MEMORY_E; + +#if defined(WOLFSSL_DTLS) || WOLFSSL_GENERAL_ALIGNMENT > 0 if (align) tmp += align - hdrSz; +#endif if (usedLength) XMEMCPY(tmp, ssl->buffers.inputBuffer.buffer + @@ -5405,10 +5429,13 @@ int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength) ssl->heap,DYNAMIC_TYPE_IN_BUFFER); ssl->buffers.inputBuffer.dynamicFlag = 1; +#if defined(WOLFSSL_DTLS) || WOLFSSL_GENERAL_ALIGNMENT > 0 if (align) ssl->buffers.inputBuffer.offset = align - hdrSz; else +#endif ssl->buffers.inputBuffer.offset = 0; + ssl->buffers.inputBuffer.buffer = tmp; ssl->buffers.inputBuffer.bufferSize = size + usedLength; ssl->buffers.inputBuffer.idx = 0; @@ -6944,16 +6971,14 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, ret = ParseCertRelative(args->dCert, CERT_TYPE, !ssl->options.verifyNone, ssl->ctx->cm); - if (ret != 0) { - #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { - ret = wolfSSL_AsyncPush(ssl, - args->dCert->sigCtx.asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - } - #endif + #ifdef WOLFSSL_ASYNC_CRYPT + if (ret == WC_PENDING_E) { + ret = wolfSSL_AsyncPush(ssl, + args->dCert->sigCtx.asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); goto exit_dc; } + #endif #ifndef NO_SKID subjectHash = args->dCert->extSubjKeyId; @@ -7110,16 +7135,14 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, { /* only parse if not already present in dCert from above */ ret = ParseCertRelative(args->dCert, CERT_TYPE, !ssl->options.verifyNone, ssl->ctx->cm); - if (ret != 0) { - #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { - ret = wolfSSL_AsyncPush(ssl, - args->dCert->sigCtx.asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - } - #endif + #ifdef WOLFSSL_ASYNC_CRYPT + if (ret == WC_PENDING_E) { + ret = wolfSSL_AsyncPush(ssl, + args->dCert->sigCtx.asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); goto exit_dc; } + #endif } if (ret == 0) { @@ -16073,11 +16096,6 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, } #endif - /* Check for error */ - if (ret != 0) { - goto exit_dske; - } - /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_END; } /* case TLS_ASYNC_FINALIZE */ @@ -17288,11 +17306,6 @@ int SendClientKeyExchange(WOLFSSL* ssl) args->inputSz); } - /* Check for error */ - if (ret != 0) { - goto exit_scke; - } - /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_END; } /* case TLS_ASYNC_FINALIZE */ @@ -19560,11 +19573,6 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #endif - /* Check for error */ - if (ret != 0) { - goto exit_sske; - } - /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_END; } /* case TLS_ASYNC_FINALIZE */ diff --git a/src/ocsp.c b/src/ocsp.c index 6c43c2463d..ae45322ed5 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -537,7 +537,6 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id( if (cm == NULL) return NULL; - ret = AllocDer(&derCert, issuer->derCert->length, issuer->derCert->type, NULL); if (ret == 0) { @@ -556,8 +555,13 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id( XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL); certId = NULL; } - else - InitOcspRequest(certId, &cert, 0, NULL); + else { + ret = InitOcspRequest(certId, &cert, 0, NULL); + if (ret != 0) { + XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL); + certId = NULL; + } + } FreeDecodedCert(&cert); } diff --git a/src/sniffer.c b/src/sniffer.c index e8d3e344b4..69064fc891 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -1173,9 +1173,14 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz, return -1; } - ret = (int)XFREAD(loadBuf, fileSz, 1, file); + ret = (int)XFREAD(loadBuf, 1, fileSz, file); XFCLOSE(file); + if (ret != fileSz) { + free(loadBuf); + return -1; + } + if (typeKey == SSL_FILETYPE_PEM) { byte* saveBuf = (byte*)malloc(fileSz); int saveBufSz = 0; diff --git a/src/ssl.c b/src/ssl.c index a4fce34a6a..f914dbc0f5 100755 --- a/src/ssl.c +++ b/src/ssl.c @@ -4550,9 +4550,10 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, #ifdef HAVE_ECC /* could have DER ECC (or pkcs8 ecc), no easy way to tell */ eccKey = 1; /* so try it out */ + #else + WOLFSSL_MSG("RSA decode failed and ECC not enabled to try"); + ret = SSL_BAD_FILE; #endif - if (!eccKey) - ret = SSL_BAD_FILE; } else { /* check that the size of the RSA key is enough */ int RsaSz = wc_RsaEncryptSize((RsaKey*)key); @@ -5395,12 +5396,12 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type, } dynamic = 1; } - else if (sz < 0) { + else if (sz <= 0) { XFCLOSE(file); return SSL_BAD_FILE; } - if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0) + if ( (ret = (int)XFREAD(myBuffer, 1, sz, file)) != sz) ret = SSL_BAD_FILE; else { if ((type == CA_TYPE || type == TRUSTED_PEER_TYPE) @@ -5514,7 +5515,7 @@ int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER* cm, const char* fname, sz = XFTELL(file); XREWIND(file); - if (sz > MAX_WOLFSSL_FILE_SIZE || sz < 0) { + if (sz > MAX_WOLFSSL_FILE_SIZE || sz <= 0) { WOLFSSL_MSG("CertManagerVerify file bad size"); XFCLOSE(file); return SSL_BAD_FILE; @@ -5530,7 +5531,7 @@ int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER* cm, const char* fname, dynamic = 1; } - if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0) + if ( (ret = (int)XFREAD(myBuffer, 1, sz, file)) != sz) ret = SSL_BAD_FILE; else ret = wolfSSL_CertManagerVerifyBuffer(cm, myBuffer, sz, format); @@ -5829,7 +5830,7 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) sz = XFTELL(file); XREWIND(file); - if (sz < 0) { + if (sz <= 0) { ret = SSL_BAD_FILE; } else if (sz > (long)sizeof(staticBuffer)) { @@ -5845,7 +5846,7 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) } if (ret == 0) { - if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0) { + if ( (ret = (int)XFREAD(fileBuf, 1, sz, file)) != sz) { ret = SSL_BAD_FILE; } else { @@ -5915,7 +5916,7 @@ int wolfSSL_PemPubKeyToDer(const char* fileName, sz = XFTELL(file); XREWIND(file); - if (sz < 0) { + if (sz <= 0) { ret = SSL_BAD_FILE; } else if (sz > (long)sizeof(staticBuffer)) { @@ -5930,7 +5931,7 @@ int wolfSSL_PemPubKeyToDer(const char* fileName, dynamic = 1; } if (ret == 0) { - if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0) + if ( (ret = (int)XFREAD(fileBuf, 1, sz, file)) != sz) ret = SSL_BAD_FILE; else ret = PemToDer(fileBuf, sz, PUBLICKEY_TYPE, &converted, @@ -6082,12 +6083,12 @@ static int wolfSSL_SetTmpDH_file_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl, } dynamic = 1; } - else if (sz < 0) { + else if (sz <= 0) { XFCLOSE(file); return SSL_BAD_FILE; } - if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0) + if ( (ret = (int)XFREAD(myBuffer, 1, sz, file)) != sz) ret = SSL_BAD_FILE; else { if (ssl) @@ -7873,6 +7874,8 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl) int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, const byte* secret, word32 secretSz) { + int ret = 0; + WOLFSSL_ENTER("wolfSSL_DTLS_SetCookieSecret"); if (ssl == NULL) { @@ -7911,14 +7914,15 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, } /* If the supplied secret is NULL, randomly generate a new secret. */ - if (secret == NULL) - wc_RNG_GenerateBlock(ssl->rng, + if (secret == NULL) { + ret = wc_RNG_GenerateBlock(ssl->rng, ssl->buffers.dtlsCookieSecret.buffer, secretSz); + } else XMEMCPY(ssl->buffers.dtlsCookieSecret.buffer, secret, secretSz); WOLFSSL_LEAVE("wolfSSL_DTLS_SetCookieSecret", 0); - return 0; + return ret; } #endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */ @@ -12098,14 +12102,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) else wc_Des_CbcDecrypt(&ctx->cipher.des, dst, src, len); break; -#ifdef WOLFSSL_DES_ECB - case DES_ECB_TYPE : - if (ctx->enc) - ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len); - else - ret = wc_Des_EcbDecrypt(&ctx->cipher.des, dst, src, len); - break; -#endif case DES_EDE3_CBC_TYPE : if (ctx->enc) ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len); @@ -12113,14 +12109,14 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len); break; #ifdef WOLFSSL_DES_ECB - case DES_EDE3_ECB_TYPE : - if (ctx->enc) - ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len); - else - ret = wc_Des3_EcbDecrypt(&ctx->cipher.des3, dst, src, len); + case DES_ECB_TYPE : + ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len); + break; + case DES_EDE3_ECB_TYPE : + ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len); break; #endif -#endif +#endif /* !NO_DES3 */ #ifndef NO_RC4 case ARC4_TYPE : @@ -12148,7 +12144,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (ret != 0) { WOLFSSL_MSG("wolfSSL_EVP_Cipher failure"); - return 0; /* failuer */ + return 0; /* failure */ } WOLFSSL_MSG("wolfSSL_EVP_Cipher success"); @@ -13613,8 +13609,8 @@ WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file) fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE); if (fileBuffer != NULL) { - int ret = (int)XFREAD(fileBuffer, sz, 1, file); - if (ret > 0) { + int ret = (int)XFREAD(fileBuffer, 1, sz, file); + if (ret == sz) { newX509 = wolfSSL_X509_d2i(NULL, fileBuffer, (int)sz); } XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); @@ -13670,8 +13666,8 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) return NULL; } - ret = (int)XFREAD(fileBuffer, sz, 1, file); - if (ret < 0) { + ret = (int)XFREAD(fileBuffer, 1, sz, file); + if (ret != sz) { XFCLOSE(file); if (dynamic) XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); @@ -15908,7 +15904,7 @@ WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx) WOLFSSL_STUB("wolfSSL_sk_SSL_CIPHER_value"); return NULL; } - + WOLFSSL_API void ERR_load_SSL_strings(void) { @@ -16339,16 +16335,9 @@ void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa, WOLFSSL_MSG("wc_Des_SetKey return error."); return; } - if (enc){ - if (wc_Des_EcbEncrypt(&myDes, (byte*) desb, - (const byte*) desa, sizeof(WOLFSSL_DES_cblock)) != 0){ - WOLFSSL_MSG("wc_Des_EcbEncrpyt return error."); - } - } else { - if (wc_Des_EcbDecrypt(&myDes, (byte*) desb, - (const byte*) desa, sizeof(WOLFSSL_DES_cblock)) != 0){ - WOLFSSL_MSG("wc_Des_EcbDecrpyt return error."); - } + if (wc_Des_EcbEncrypt(&myDes, (byte*) desb, + (const byte*)desa, sizeof(WOLFSSL_DES_cblock)) != 0){ + WOLFSSL_MSG("wc_Des_EcbEncrypt return error."); } } } @@ -16771,7 +16760,7 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname) byte* myBuffer = staticBuffer; int dynamic = 0; XFILE file = XBADFILE; - long sz = 0; + size_t sz = 0; int eccKey = 0; WOLFSSL_CTX* ctx = ssl->ctx; WOLFSSL_X509* peer_cert = &ssl->peerCert; @@ -16805,7 +16794,7 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname) if ((myBuffer != NULL) && (sz > 0) && - (XFREAD(myBuffer, sz, 1, file) > 0) && + (XFREAD(myBuffer, 1, sz, file) == sz) && (PemToDer(myBuffer, sz, CERT_TYPE, &fileDer, ctx->heap, info, &eccKey) == 0) && (fileDer->length != 0) && @@ -17062,8 +17051,13 @@ const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void) if (bn_one == NULL) { bn_one = wolfSSL_BN_new(); - if (bn_one) - mp_set_int((mp_int*)bn_one->internal, 1); + if (bn_one) { + if (mp_set_int((mp_int*)bn_one->internal, 1) != MP_OKAY) { + /* handle error by freeing BN and returning NULL */ + wolfSSL_BN_free(bn_one); + bn_one = NULL; + } + } } return bn_one; @@ -22160,22 +22154,22 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name) { #ifndef NO_FILESYSTEM XFILE fp; - + WOLFSSL_ENTER("wolfSSL_BIO_new_file"); if ((wolfSSL_BIO_get_fp(b, &fp) == SSL_SUCCESS) && (fp != NULL)) { XFCLOSE(fp); } - + fp = XFOPEN(name, "r"); if (fp == NULL) return SSL_BAD_FILE; - + if (wolfSSL_BIO_set_fp(b, fp, BIO_CLOSE) != SSL_SUCCESS) { return SSL_BAD_FILE; } - + return SSL_SUCCESS; #else (void)name; diff --git a/src/tls.c b/src/tls.c index bd7c81ceec..5a144ee277 100755 --- a/src/tls.c +++ b/src/tls.c @@ -1648,7 +1648,7 @@ static int TLSX_SNI_VerifyParse(WOLFSSL* ssl, byte isRequest) int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size, void* heap) { - TLSX* extension = TLSX_Find(*extensions, TLSX_SERVER_NAME); + TLSX* extension; SNI* sni = NULL; if (extensions == NULL || data == NULL) @@ -1657,6 +1657,7 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size, if ((sni = TLSX_SNI_New(type, data, size, heap)) == NULL) return MEMORY_E; + extension = TLSX_Find(*extensions, TLSX_SERVER_NAME); if (!extension) { int ret = TLSX_Push(extensions, TLSX_SERVER_NAME, (void*)sni, heap); if (ret != 0) { @@ -1698,7 +1699,8 @@ word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data) if (sni && sni->status != WOLFSSL_SNI_NO_MATCH) { switch (sni->type) { case WOLFSSL_SNI_HOST_NAME: - *data = sni->data.host_name; + if (data) + *data = sni->data.host_name; return (word16)XSTRLEN((char*)*data); } } @@ -3175,7 +3177,7 @@ int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) { int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap) { - TLSX* extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS); + TLSX* extension; EllipticCurve* curve = NULL; int ret = 0; @@ -3185,6 +3187,7 @@ int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap) if ((ret = TLSX_EllipticCurve_Append(&curve, name, heap)) != 0) return ret; + extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS); if (!extension) { if ((ret = TLSX_Push(extensions, TLSX_SUPPORTED_GROUPS, curve, heap)) != 0) { diff --git a/tests/api.c b/tests/api.c index dd7b1c0aa0..56226c40b6 100644 --- a/tests/api.c +++ b/tests/api.c @@ -347,8 +347,9 @@ static void test_wolfSSL_CTX_load_verify_locations(void) AssertFalse(wolfSSL_CTX_load_verify_locations(NULL, caCertFile, 0)); /* invalid ca file */ - AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, NULL, 0)); - AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, 0)); + AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, NULL, 0)); + AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, bogusFile, 0)); + #ifndef WOLFSSL_TIRTOS /* invalid path */ @@ -3060,7 +3061,7 @@ static void test_wolfSSL_DES_ecb_encrypt(void) /* Decrypt messages */ int ret1 = 0; - int ret2 = 0; + int ret2 = 0; wolfSSL_DES_ecb_encrypt(&output1,&back1,&key,DES_DECRYPT); ret1 = memcmp((unsigned char *) back1,(unsigned char *) input1,sizeof(WOLFSSL_DES_cblock)); AssertIntEQ(ret1,0); diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 796a90a12c..23f6baa128 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -1317,7 +1317,11 @@ void bench_poly1305() bench_stats_start(&count, &start); do { for (i = 0; i < numBlocks; i++) { - wc_Poly1305Update(&enc, bench_plain, BENCH_SIZE); + ret = wc_Poly1305Update(&enc, bench_plain, BENCH_SIZE); + if (ret != 0) { + printf("Poly1305Update failed: %d\n", ret); + break; + } } wc_Poly1305Final(&enc, mac); count += i; @@ -2116,14 +2120,14 @@ void bench_cmac(void) double start; int ret, i, count; - ret = wc_InitCmac(&cmac, bench_key, 16, WC_CMAC_AES, NULL); - if (ret != 0) { - printf("InitCmac failed, ret = %d\n", ret); - return; - } - bench_stats_start(&count, &start); do { + ret = wc_InitCmac(&cmac, bench_key, 16, WC_CMAC_AES, NULL); + if (ret != 0) { + printf("InitCmac failed, ret = %d\n", ret); + return; + } + for (i = 0; i < numBlocks; i++) { ret = wc_CmacUpdate(&cmac, bench_plain, BENCH_SIZE); if (ret != 0) { @@ -2131,6 +2135,7 @@ void bench_cmac(void) return; } } + /* Note: final force zero's the Cmac struct */ ret = wc_CmacFinal(&cmac, digest, &digestSz); if (ret != 0) { printf("CmacFinal failed, ret = %d\n", ret); @@ -2287,7 +2292,9 @@ void bench_rsa(int doAsync) } #ifdef WC_RSA_BLINDING - wc_RsaSetRNG(&rsaKey[i], &rng); + ret = wc_RsaSetRNG(&rsaKey[i], &rng); + if (ret != 0) + goto exit; #endif /* decode the private key */ @@ -3020,11 +3027,24 @@ void bench_eccEncrypt(void) int ret, i, count; double start; - wc_ecc_init_ex(&userA, HEAP_HINT, devId); + ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId); + if (ret != 0) { + printf("wc_ecc_encrypt make key A failed: %d\n", ret); + return; + } wc_ecc_init_ex(&userB, HEAP_HINT, devId); + if (ret != 0) { + printf("wc_ecc_encrypt make key B failed: %d\n", ret); + wc_ecc_free(&userA); + return; + } - wc_ecc_make_key(&rng, keySize, &userA); - wc_ecc_make_key(&rng, keySize, &userB); + ret = wc_ecc_make_key(&rng, keySize, &userA); + if (ret != 0) + goto exit; + ret = wc_ecc_make_key(&rng, keySize, &userB); + if (ret != 0) + goto exit; for (i = 0; i < (int)sizeof(msg); i++) msg[i] = i; @@ -3059,6 +3079,12 @@ exit_enc: exit_dec: bench_stats_asym_finish("ECC", keySize * 8, "decrypt", 0, count, start); +exit: + + if (ret != 0) { + printf("bench_eccEncrypt failed! %d\n", ret); + } + /* cleanup */ wc_ecc_free(&userB); wc_ecc_free(&userA); @@ -3071,14 +3097,18 @@ void bench_curve25519KeyGen(void) { curve25519_key genKey; double start; - int i, count; + int ret, i, count; /* Key Gen */ bench_stats_start(&count, &start); do { for (i = 0; i < genTimes; i++) { - wc_curve25519_make_key(&rng, 32, &genKey); + ret = wc_curve25519_make_key(&rng, 32, &genKey); wc_curve25519_free(&genKey); + if (ret != 0) { + printf("wc_curve25519_make_key failed: %d\n", ret); + break; + } } count += i; } while (bench_stats_sym_check(start)); @@ -3104,7 +3134,8 @@ void bench_curve25519KeyAgree(void) } ret = wc_curve25519_make_key(&rng, 32, &genKey2); if (ret != 0) { - printf("curve25519_make_key failed\n"); + printf("curve25519_make_key failed: %d\n", ret); + wc_curve25519_free(&genKey); return; } @@ -3115,7 +3146,7 @@ void bench_curve25519KeyAgree(void) x = sizeof(shared); ret = wc_curve25519_shared_secret(&genKey, &genKey2, shared, &x); if (ret != 0) { - printf("curve25519_shared_secret failed\n"); + printf("curve25519_shared_secret failed: %d\n", ret); goto exit; } } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 939dd16068..51d0d717f0 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -2372,56 +2372,63 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, int* algoID, void* heap) { word32 tmpIdx = 0; - - #ifdef HAVE_ECC +#ifdef HAVE_ECC ecc_key ecc; - #endif - #ifndef NO_RSA +#endif +#ifndef NO_RSA RsaKey rsa; - #endif +#endif if (algoID == NULL) { return BAD_FUNC_ARG; } *algoID = 0; - #ifndef NO_RSA - wc_InitRsaKey(&rsa, heap); - if (wc_RsaPrivateKeyDecode(key, &tmpIdx, &rsa, keySz) == 0) { - *algoID = RSAk; - } - else { - WOLFSSL_MSG("Not RSA DER key"); - } - wc_FreeRsaKey(&rsa); - #endif /* NO_RSA */ - #ifdef HAVE_ECC - if (*algoID != RSAk) { - tmpIdx = 0; - wc_ecc_init_ex(&ecc, heap, INVALID_DEVID); - if (wc_EccPrivateKeyDecode(key, &tmpIdx, &ecc, keySz) == 0) { - *algoID = ECDSAk; - - /* sanity check on arguments */ - if (curveOID == NULL || oidSz == NULL) { - WOLFSSL_MSG("Error getting ECC curve OID"); - wc_ecc_free(&ecc); - return BAD_FUNC_ARG; - } - - /* now find oid */ - if (wc_ecc_get_oid(ecc.dp->oidSum, curveOID, oidSz) < 0) { - WOLFSSL_MSG("Error getting ECC curve OID"); - wc_ecc_free(&ecc); - return BAD_FUNC_ARG; - } +#ifndef NO_RSA + if (wc_InitRsaKey(&rsa, heap) == 0) { + if (wc_RsaPrivateKeyDecode(key, &tmpIdx, &rsa, keySz) == 0) { + *algoID = RSAk; } else { - WOLFSSL_MSG("Not ECC DER key either"); + WOLFSSL_MSG("Not RSA DER key"); } - wc_ecc_free(&ecc); + wc_FreeRsaKey(&rsa); } - #endif /* HAVE_ECC */ + else { + WOLFSSL_MSG("GetKeyOID wc_InitRsaKey failed"); + } +#endif /* NO_RSA */ +#ifdef HAVE_ECC + if (*algoID != RSAk) { + tmpIdx = 0; + if (wc_ecc_init_ex(&ecc, heap, INVALID_DEVID) == 0) { + if (wc_EccPrivateKeyDecode(key, &tmpIdx, &ecc, keySz) == 0) { + *algoID = ECDSAk; + + /* sanity check on arguments */ + if (curveOID == NULL || oidSz == NULL) { + WOLFSSL_MSG("Error getting ECC curve OID"); + wc_ecc_free(&ecc); + return BAD_FUNC_ARG; + } + + /* now find oid */ + if (wc_ecc_get_oid(ecc.dp->oidSum, curveOID, oidSz) < 0) { + WOLFSSL_MSG("Error getting ECC curve OID"); + wc_ecc_free(&ecc); + return BAD_FUNC_ARG; + } + } + else { + WOLFSSL_MSG("Not ECC DER key either"); + } + wc_ecc_free(&ecc); + } + else { + WOLFSSL_MSG("GetKeyOID wc_ecc_init_ex failed"); + } + } +#endif /* HAVE_ECC */ /* if flag is not set then is neither RSA or ECC key that could be * found */ @@ -6405,9 +6412,13 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz, /* extra header information for encrypted key */ if (cipher_info != NULL) { + size_t cipherInfoStrLen = XSTRLEN((char*)cipher_info); + if (cipherInfoStrLen > HEADER_ENCRYPTED_KEY_SIZE - (23+10+2)) + cipherInfoStrLen = HEADER_ENCRYPTED_KEY_SIZE - (23+10+2); + XSTRNCAT(header, "Proc-Type: 4,ENCRYPTED\n", 23); XSTRNCAT(header, "DEK-Info: ", 10); - XSTRNCAT(header, (char*)cipher_info, XSTRLEN((char*)cipher_info)); + XSTRNCAT(header, (char*)cipher_info, cipherInfoStrLen); XSTRNCAT(header, "\n\n", 2); } @@ -7438,27 +7449,26 @@ static int SetAKID(byte* output, word32 outSz, { byte *enc_val; int ret, enc_valSz; - static const byte akid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04}; + static const byte akid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04 }; static const byte akid_cs[] = { 0x80 }; if (output == NULL || input == NULL) return BAD_FUNC_ARG; - enc_val = (byte *)XMALLOC(length+3+sizeof(akid_cs), heap, - DYNAMIC_TYPE_TMP_BUFFER); + enc_valSz = length + 3 + sizeof(akid_cs); + enc_val = (byte *)XMALLOC(enc_valSz, heap, DYNAMIC_TYPE_TMP_BUFFER); if (enc_val == NULL) return MEMORY_E; /* sequence for ContentSpec & value */ - enc_valSz = SetOidValue(enc_val, length+3+sizeof(akid_cs), - akid_cs, sizeof(akid_cs), input, length); - if (enc_valSz == 0) { - XFREE(enc_val, heap, DYNAMIC_TYPE_TMP_BUFFER); - return 0; - } + ret = SetOidValue(enc_val, enc_valSz, akid_cs, sizeof(akid_cs), + input, length); + if (ret > 0) { + enc_valSz = ret; - ret = SetOidValue(output, outSz, akid_oid, - sizeof(akid_oid), enc_val, enc_valSz); + ret = SetOidValue(output, outSz, akid_oid, sizeof(akid_oid), + enc_val, enc_valSz); + } XFREE(enc_val, heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; @@ -7921,7 +7931,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, /* SKID */ if (cert->skidSz) { /* check the provided SKID size */ - if (cert->skidSz > (int)sizeof(cert->skid)) + if (cert->skidSz > (int)sizeof(der->skid)) return SKID_E; /* Note: different skid buffers sizes for der (MAX_KID_SZ) and diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index ba7c0f8bb6..558380a1c2 100755 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -1864,6 +1864,10 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit mp) err = mp_copy(P->y, y); if (err == MP_OKAY) err = mp_copy(P->z, z); + + if (err != MP_OKAY) { + goto done; + } #else /* Use destination directly */ x = P->x; @@ -1871,10 +1875,6 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit mp) z = P->z; #endif - if (err != MP_OKAY) { - goto done; - } - /* first map z back to normal */ err = mp_montgomery_reduce(z, modulus, mp); @@ -1913,10 +1913,11 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit mp) err = mp_copy(y, P->y); if (err == MP_OKAY) err = mp_copy(z, P->z); -#endif done: - /* clean up */ +#endif + + /* clean up */ mp_clear(&t1); mp_clear(&t2); @@ -6132,8 +6133,6 @@ static int build_lut(int idx, mp_int* a, mp_int* modulus, mp_digit mp, if (err != MP_OKAY) break; for (y = 0; y < (1UL<cipherType) { #if !defined(NO_AES) && defined(HAVE_AES_CBC) case AES_128_CBC_TYPE: case AES_192_CBC_TYPE: case AES_256_CBC_TYPE: if (ctx->enc) - wc_AesCbcEncrypt(&ctx->cipher.aes, out, in, inl); + ret = wc_AesCbcEncrypt(&ctx->cipher.aes, out, in, inl); else - wc_AesCbcDecrypt(&ctx->cipher.aes, out, in, inl); + ret = wc_AesCbcDecrypt(&ctx->cipher.aes, out, in, inl); break; #endif #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) @@ -198,43 +200,45 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, case AES_192_ECB_TYPE: case AES_256_ECB_TYPE: if (ctx->enc) - wc_AesEcbEncrypt(&ctx->cipher.aes, out, in, inl); + ret = wc_AesEcbEncrypt(&ctx->cipher.aes, out, in, inl); else - wc_AesEcbDecrypt(&ctx->cipher.aes, out, in, inl); + ret = wc_AesEcbDecrypt(&ctx->cipher.aes, out, in, inl); break; #endif #ifndef NO_DES3 case DES_CBC_TYPE: if (ctx->enc) - wc_Des_CbcEncrypt(&ctx->cipher.des, out, in, inl); + ret = wc_Des_CbcEncrypt(&ctx->cipher.des, out, in, inl); else - wc_Des_CbcDecrypt(&ctx->cipher.des, out, in, inl); + ret = wc_Des_CbcDecrypt(&ctx->cipher.des, out, in, inl); break; case DES_EDE3_CBC_TYPE: if (ctx->enc) - wc_Des3_CbcEncrypt(&ctx->cipher.des3, out, in, inl); + ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, out, in, inl); else - wc_Des3_CbcDecrypt(&ctx->cipher.des3, out, in, inl); + ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, out, in, inl); break; #if defined(WOLFSSL_DES_ECB) case DES_ECB_TYPE: - wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl); + ret = wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl); break; case DES_EDE3_ECB_TYPE: - if (ctx->enc) - wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl); - else - wc_Des3_EcbDecrypt(&ctx->cipher.des3, out, in, inl); + ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl); break; #endif /* WOLFSSL_DES_ECB */ #endif /* !NO_DES3 */ default: return 0; - } - (void)in; - (void)inl; - (void)out; - return 1; + } + + if (ret != 0) + return 0; /* failure */ + + (void)in; + (void)inl; + (void)out; + + return 1; /* success */ } WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx, diff --git a/wolfcrypt/src/poly1305.c b/wolfcrypt/src/poly1305.c index 1a932dc4fb..4badc05b70 100644 --- a/wolfcrypt/src/poly1305.c +++ b/wolfcrypt/src/poly1305.c @@ -592,19 +592,21 @@ int wc_Poly1305_MAC(Poly1305* ctx, byte* additional, word32 addSz, return BAD_FUNC_ARG; } - if (additional == NULL && addSz > 0) { - return BAD_FUNC_ARG; - } + /* additional allowed to be 0 */ + if (addSz > 0) { + if (additional == NULL) + return BAD_FUNC_ARG; - /* additional data plus padding */ - if ((ret = wc_Poly1305Update(ctx, additional, addSz)) != 0) { - return ret; - } - paddingLen = -((int)addSz) & (WC_POLY1305_PAD_SZ - 1); - if (paddingLen) { - if ((ret = wc_Poly1305Update(ctx, padding, paddingLen)) != 0) { + /* additional data plus padding */ + if ((ret = wc_Poly1305Update(ctx, additional, addSz)) != 0) { return ret; } + paddingLen = -((int)addSz) & (WC_POLY1305_PAD_SZ - 1); + if (paddingLen) { + if ((ret = wc_Poly1305Update(ctx, padding, paddingLen)) != 0) { + return ret; + } + } } /* input plus padding */ diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index c23358b012..1940bff1c2 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -368,7 +368,7 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V) out += OUTPUT_BLOCK_LEN; array_add_one(data, DRBG_SEED_LEN); } - else if (out != NULL) { + else { XMEMCPY(out, digest, outSz); outSz = 0; } diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index fbe226a35f..a889b05757 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -349,8 +349,9 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, /* Set k = H(N, g) */ r = SrpHashInit(&hash, srp->type); if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz); - for (i = 0; (word32)i < nSz - gSz; i++) - SrpHashUpdate(&hash, &pad, 1); + for (i = 0; (word32)i < nSz - gSz; i++) { + if (!r) r = SrpHashUpdate(&hash, &pad, 1); + } if (!r) r = SrpHashUpdate(&hash, (byte*) g, gSz); if (!r) r = SrpHashFinal(&hash, srp->k); diff --git a/wolfssl/test.h b/wolfssl/test.h index 08e3477883..02bc994399 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -302,8 +302,8 @@ static INLINE void InitTcpReady(tcp_ready* ready) ready->srfName = NULL; #ifdef SINGLE_THREADED #elif defined(_POSIX_THREADS) && !defined(__MINGW32__) - pthread_mutex_init(&ready->mutex, 0); - pthread_cond_init(&ready->cond, 0); + pthread_mutex_init(&ready->mutex, 0); + pthread_cond_init(&ready->cond, 0); #endif } @@ -1109,6 +1109,7 @@ static INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity, static INLINE int load_file(const char* fname, byte** buf, size_t* bufLen) { int ret; + long int fileSz; FILE* file; if (fname == NULL || buf == NULL || bufLen == NULL) @@ -1126,9 +1127,10 @@ static INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity, } fseek(file, 0, SEEK_END); - *bufLen = ftell(file); + fileSz = (int)ftell(file); rewind(file); - if (*bufLen > 0) { + if (fileSz > 0) { + *bufLen = (size_t)fileSz; *buf = (byte*)malloc(*bufLen); if (*buf == NULL) { ret = MEMORY_E; @@ -1736,12 +1738,13 @@ static INLINE int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz, if (ret != 0) return ret; - wc_ecc_init(&myKey); - - ret = wc_EccPrivateKeyDecode(key, &idx, &myKey, keySz); - if (ret == 0) - ret = wc_ecc_sign_hash(in, inSz, out, outSz, &rng, &myKey); - wc_ecc_free(&myKey); + ret = wc_ecc_init(&myKey); + if (ret == 0) { + ret = wc_EccPrivateKeyDecode(key, &idx, &myKey, keySz); + if (ret == 0) + ret = wc_ecc_sign_hash(in, inSz, out, outSz, &rng, &myKey); + wc_ecc_free(&myKey); + } wc_FreeRng(&rng); return ret; @@ -1758,12 +1761,13 @@ static INLINE int myEccVerify(WOLFSSL* ssl, const byte* sig, word32 sigSz, (void)ssl; (void)ctx; - wc_ecc_init(&myKey); - - ret = wc_ecc_import_x963(key, keySz, &myKey); - if (ret == 0) - ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, result, &myKey); - wc_ecc_free(&myKey); + ret = wc_ecc_init(&myKey); + if (ret == 0) { + ret = wc_ecc_import_x963(key, keySz, &myKey); + if (ret == 0) + ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, result, &myKey); + wc_ecc_free(&myKey); + } return ret; } @@ -1843,16 +1847,17 @@ static INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, if (ret != 0) return ret; - wc_InitRsaKey(&myKey, NULL); - - ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz); - if (ret == 0) - ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng); - if (ret > 0) { /* save and convert to 0 success */ - *outSz = ret; - ret = 0; + ret = wc_InitRsaKey(&myKey, NULL); + if (ret == 0) { + ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz); + if (ret == 0) + ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng); + if (ret > 0) { /* save and convert to 0 success */ + *outSz = ret; + ret = 0; + } + wc_FreeRsaKey(&myKey); } - wc_FreeRsaKey(&myKey); wc_FreeRng(&rng); return ret; @@ -1871,12 +1876,13 @@ static INLINE int myRsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz, (void)ssl; (void)ctx; - wc_InitRsaKey(&myKey, NULL); - - ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz); - if (ret == 0) - ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey); - wc_FreeRsaKey(&myKey); + ret = wc_InitRsaKey(&myKey, NULL); + if (ret == 0) { + ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz); + if (ret == 0) + ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey); + wc_FreeRsaKey(&myKey); + } return ret; } @@ -1898,17 +1904,18 @@ static INLINE int myRsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, if (ret != 0) return ret; - wc_InitRsaKey(&myKey, NULL); - - ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz); + ret = wc_InitRsaKey(&myKey, NULL); if (ret == 0) { - ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng); - if (ret > 0) { - *outSz = ret; - ret = 0; /* reset to success */ + ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz); + if (ret == 0) { + ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng); + if (ret > 0) { + *outSz = ret; + ret = 0; /* reset to success */ + } } + wc_FreeRsaKey(&myKey); } - wc_FreeRsaKey(&myKey); wc_FreeRng(&rng); return ret; @@ -1925,20 +1932,21 @@ static INLINE int myRsaDec(WOLFSSL* ssl, byte* in, word32 inSz, (void)ssl; (void)ctx; - wc_InitRsaKey(&myKey, NULL); - - ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz); + ret = wc_InitRsaKey(&myKey, NULL); if (ret == 0) { - #ifdef WC_RSA_BLINDING - ret = wc_RsaSetRNG(&myKey, wolfSSL_GetRNG(ssl)); - if (ret != 0) { - wc_FreeRsaKey(&myKey); - return ret; - } - #endif - ret = wc_RsaPrivateDecryptInline(in, inSz, out, &myKey); + ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz); + if (ret == 0) { + #ifdef WC_RSA_BLINDING + ret = wc_RsaSetRNG(&myKey, wolfSSL_GetRNG(ssl)); + if (ret != 0) { + wc_FreeRsaKey(&myKey); + return ret; + } + #endif + ret = wc_RsaPrivateDecryptInline(in, inSz, out, &myKey); + } + wc_FreeRsaKey(&myKey); } - wc_FreeRsaKey(&myKey); return ret; }