diff --git a/src/crl.c b/src/crl.c index 148ea5796..41dad91c8 100644 --- a/src/crl.c +++ b/src/crl.c @@ -652,6 +652,7 @@ static CRL_Entry* DupCRL_list(CRL_Entry* crl, void* heap) current = head; head = head->next; FreeCRL_Entry(current, heap); + XFREE(current, heap, DYNAMIC_TYPE_CRL_ENTRY); } return NULL; @@ -720,7 +721,8 @@ int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newc if (store->cm->crl == NULL) { crl = wolfSSL_X509_crl_new(store->cm); if (DupX509_CRL(crl, newcrl) != 0) { - FreeCRL(crl, 1); + if (crl != NULL) + FreeCRL(crl, 1); return WOLFSSL_FAILURE; } store->crl = store->cm->crl = crl; diff --git a/src/internal.c b/src/internal.c index 6ba2370c6..9ae87fd59 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1117,7 +1117,7 @@ static int dtls_export_load(WOLFSSL* ssl, const byte* exp, word32 len, byte ver) } #else if (ver > DTLS_EXPORT_VERSION_3) { - exp[idx++] = 0; + idx++; } #endif #else @@ -7160,7 +7160,8 @@ int DtlsMsgSet(DtlsMsg* msg, word32 seq, word16 epoch, const byte* data, byte ty { WOLFSSL_ENTER("DtlsMsgSet()"); if (msg != NULL && data != NULL && msg->fragSz <= msg->sz && - (fragOffset + fragSz) <= msg->sz) { + fragSz <= msg->sz && fragOffset <= msg->sz && + (fragOffset + fragSz) <= msg->sz) { DtlsFrag* cur = msg->fragList; DtlsFrag* prev = cur; DtlsFrag* newFrag; @@ -9864,9 +9865,13 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) } else { wolfSSL_ASN1_OBJECT_free(x509->key.algor->algorithm); } - if (!(x509->key.algor->algorithm = - wolfSSL_OBJ_nid2obj(dCert->keyOID))) { - ret = PUBLIC_KEY_E; + if (!x509->key.algor) { + ret = MEMORY_E; + } else { + if (!(x509->key.algor->algorithm = + wolfSSL_OBJ_nid2obj(dCert->keyOID))) { + ret = PUBLIC_KEY_E; + } } wolfSSL_EVP_PKEY_free(x509->key.pkey); @@ -21853,7 +21858,7 @@ exit_dpk: ato16(input + *inOutIdx, &len); *inOutIdx += OPAQUE16_LEN; - if ((*inOutIdx - begin) + len > size) + if ((len > size) || ((*inOutIdx - begin) + len > size)) return BUFFER_ERROR; if (PickHashSigAlgo(ssl, input + *inOutIdx, len) != 0 && diff --git a/src/ocsp.c b/src/ocsp.c index 5c263371f..f4b264bd3 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -610,7 +610,11 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id( /* AddCA() frees the buffer. */ XMEMCPY(derCert->buffer, issuer->derCert->buffer, issuer->derCert->length); - AddCA(cm, &derCert, WOLFSSL_USER_CA, 1); + ret = AddCA(cm, &derCert, WOLFSSL_USER_CA, 1); + if (ret != WOLFSSL_SUCCESS) { + wolfSSL_CertManagerFree(cm); + return NULL; + } } certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(WOLFSSL_OCSP_CERTID), NULL, @@ -806,8 +810,8 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response, resp->single->ownStatus = 1; if (resp->single->status == NULL) { XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST); XFREE(resp->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY); + XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST); return NULL; } XMEMSET(resp->single->status, 0, sizeof(CertStatus)); diff --git a/src/ssl.c b/src/ssl.c index c81737a3a..49378cdf3 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -8241,6 +8241,7 @@ int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert) CA_TYPE, NO_VERIFY, NULL) < 0) { WOLFSSL_MSG("\tCertificate parsing failed"); + FreeDecodedCert(&cert); return WOLFSSL_FAILURE; } @@ -8600,6 +8601,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) NO_VERIFY, NULL) < 0) { WOLFSSL_MSG("\tCertificate parsing failed"); wolfSSL_X509_EXTENSION_free(ext); + FreeDecodedCert(&cert); return NULL; } @@ -9108,7 +9110,7 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext, int nid; const int sz = CTC_NAME_SIZE*2; int rc = WOLFSSL_FAILURE; - char tmp[CTC_NAME_SIZE*2] = {0}; + char tmp[CTC_NAME_SIZE*2 + 1] = {0}; WOLFSSL_ENTER("wolfSSL_X509V3_EXT_print"); if ((out == NULL) || (ext == NULL)) { @@ -9164,7 +9166,7 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext, return rc; } if (sk->next) - XSNPRINTF(val, len, "%*s%s, ", indent, "", str->strData); + XSNPRINTF(val, len, "%*s%s,", indent, "", str->strData); else XSNPRINTF(val, len, "%*s%s", indent, "", str->strData); @@ -9399,6 +9401,8 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext) WOLFSSL_MSG("Failed to malloc authority key id"); return NULL; } + + XMEMSET(akey, 0, sizeof(WOLFSSL_AUTHORITY_KEYID)); akey->keyid = wolfSSL_ASN1_STRING_new(); if (akey->keyid == NULL) { @@ -9545,6 +9549,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext) WOLFSSL_MSG("ASN1_STRING_set() failed"); wolfSSL_ASN1_OBJECT_free(ad->method); XFREE(aia, NULL, DYNAMIC_TYPE_X509_EXT); + XFREE(ad->location, NULL, DYNAMIC_TYPE_OPENSSL); XFREE(ad, NULL, DYNAMIC_TYPE_X509_EXT); return NULL; } @@ -9617,6 +9622,7 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos) CA_TYPE, NO_VERIFY, NULL) < 0) { WOLFSSL_MSG("\tCertificate parsing failed"); + FreeDecodedCert(&cert); return WOLFSSL_FATAL_ERROR; } @@ -16235,7 +16241,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } if (len < 0) { - len = (int)XSTRLEN((const char*)buf); + /* The length of the string including terminating null. */ + len = (int)XSTRLEN((const char*)buf) + 1; } bio->num = bio->wrSz = len; bio->ptr = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL); @@ -18667,6 +18674,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl) x509 = wolfSSL_X509_new(); if (x509 == NULL) { WOLFSSL_MSG("Error Creating X509"); + wolfSSL_sk_X509_free(sk); return NULL; } ret = DecodeToX509(x509, ssl->session.chain.certs[i].buffer, @@ -20650,8 +20658,11 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline) } sectionName[sectionNameLen] = '\0'; - if (!(section = wolfSSL_CONF_get_section(conf, sectionName))) + if (!(section = wolfSSL_CONF_get_section(conf, sectionName))) { section = wolfSSL_CONF_new_section(conf, sectionName); + if (!section) + goto cleanup; + } } else { char* name; @@ -24073,6 +24084,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("wolfSSL_BIO_set_fp error"); + wolfSSL_BIO_free(bio); return WOLFSSL_FAILURE; } @@ -24182,7 +24194,7 @@ int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER* cipher) strLen = (int)XSTRLEN(name); for (i = 0, j = 0, k = 0; i <= strLen; i++) { - if (k > MAX_SEGMENTS || j > MAX_SEGMENT_SZ) + if (k >= MAX_SEGMENTS || j >= MAX_SEGMENT_SZ) break; if (name[i] != '-' && name[i] != '\0') { @@ -25245,7 +25257,7 @@ static WOLFSSL_X509* d2i_X509orX509REQ_bio(WOLFSSL_BIO* bio, } size = wolfSSL_BIO_get_len(bio); - if (size == 0) { + if (size <= 0) { WOLFSSL_MSG("wolfSSL_BIO_get_len error. Possibly no pending data."); return NULL; } @@ -30545,21 +30557,36 @@ int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO* bio, } p = (const char *)(asnTime->data); /* GetTimeString not always available. */ - wolfSSL_BIO_write(bio, MonthStr(p + 4), 3); - wolfSSL_BIO_write(bio, " ", 1); + if (wolfSSL_BIO_write(bio, MonthStr(p + 4), 3) <= 0) + return WOLFSSL_FAILURE; + if (wolfSSL_BIO_write(bio, " ", 1) <= 0) + return WOLFSSL_FAILURE; + /* Day */ - wolfSSL_BIO_write(bio, p + 6, 2); - wolfSSL_BIO_write(bio, " ", 1); + if (wolfSSL_BIO_write(bio, p + 6, 2) <= 0) + return WOLFSSL_FAILURE; + if (wolfSSL_BIO_write(bio, " ", 1) <= 0) + return WOLFSSL_FAILURE; + /* Hour */ - wolfSSL_BIO_write(bio, p + 8, 2); - wolfSSL_BIO_write(bio, ":", 1); + if (wolfSSL_BIO_write(bio, p + 8, 2) <= 0) + return WOLFSSL_FAILURE; + if (wolfSSL_BIO_write(bio, ":", 1) <= 0) + return WOLFSSL_FAILURE; + /* Min */ - wolfSSL_BIO_write(bio, p + 10, 2); - wolfSSL_BIO_write(bio, ":", 1); + if (wolfSSL_BIO_write(bio, p + 10, 2) <= 0) + return WOLFSSL_FAILURE; + if (wolfSSL_BIO_write(bio, ":", 1) <= 0) + return WOLFSSL_FAILURE; + /* Secs */ - wolfSSL_BIO_write(bio, p + 12, 2); - wolfSSL_BIO_write(bio, " ", 1); - wolfSSL_BIO_write(bio, p, 4); + if (wolfSSL_BIO_write(bio, p + 12, 2) <= 0) + return WOLFSSL_FAILURE; + if (wolfSSL_BIO_write(bio, " ", 1) <= 0) + return WOLFSSL_FAILURE; + if (wolfSSL_BIO_write(bio, p, 4) <= 0) + return WOLFSSL_FAILURE; return 0; } @@ -32850,6 +32877,7 @@ int SetDhExternal(WOLFSSL_DH *dh) if (dh == NULL || dh->internal == NULL) { WOLFSSL_MSG("dh key NULL error"); + return WOLFSSL_FATAL_ERROR; } key = (DhKey*)dh->internal; @@ -37506,11 +37534,12 @@ int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group, mp_clear(&modulus); return WOLFSSL_FAILURE; } + + mp_clear(&modulus); } BN_copy(x, point->X); BN_copy(y, point->Y); - mp_clear(&modulus); return WOLFSSL_SUCCESS; } @@ -39494,7 +39523,10 @@ int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset) return WOLFSSL_FAILURE; } XMEMSET(rawKey, 0, rawLen); - mp_to_unsigned_bin(rsaElem, rawKey); + if (mp_to_unsigned_bin(rsaElem, rawKey) < 0) { + XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } if ((word32)rawLen <= sizeof(word32)) { idx = *(word32*)rawKey; #ifdef BIG_ENDIAN_ORDER @@ -39522,7 +39554,10 @@ int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset) WOLFSSL_MSG("Memory error"); return WOLFSSL_FAILURE; } - mp_to_unsigned_bin(rsaElem, rawKey); + if (mp_to_unsigned_bin(rsaElem, rawKey) < 0) { + XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } for (idx = 0; idx < (word32)rawLen; idx++) { char val[5]; int valSz = 5; @@ -41230,6 +41265,10 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) WOLFSSL_MSG("Serial size error"); return WOLFSSL_FAILURE; } + if ((int)sizeof(cert->serial) < serialSz) { + WOLFSSL_MSG("Serial buffer too small"); + return BUFFER_E; + } XMEMCPY(cert->serial, serial, serialSz); cert->serialSz = serialSz; #else @@ -42835,15 +42874,19 @@ err: * * returns WOLFSSL_SUCCESS on success */ - static int wolfSSL_X509_INFO_set(WOLFSSL_X509_INFO* info, + static int wolfSSL_X509_INFO_set(WOLFSSL_X509_INFO** info, WOLFSSL_X509* x509) { if (info == NULL || x509 == NULL) { return BAD_FUNC_ARG; } + if (*info == NULL) { + return BAD_FUNC_ARG; + } + /* check is fresh "info" passed in, if not free it */ - if (info->x509 != NULL || info->x_pkey != NULL) { + if ((*info)->x509 != NULL || (*info)->x_pkey != NULL) { WOLFSSL_X509_INFO* tmp; tmp = wolfSSL_X509_INFO_new(); @@ -42851,11 +42894,11 @@ err: WOLFSSL_MSG("Unable to create new structure"); return MEMORY_E; } - wolfSSL_X509_INFO_free(info); - info = tmp; + wolfSSL_X509_INFO_free(*info); + (*info) = tmp; } - info->x509 = x509; + (*info)->x509 = x509; //@TODO info->num //@TODO info->enc_cipher @@ -42863,8 +42906,8 @@ err: //@TODO info->enc_data //@TODO info->crl - info->x_pkey = wolfSSL_X509_PKEY_new(x509->heap); - return wolfSSL_X509_PKEY_set(info->x_pkey, x509); + (*info)->x_pkey = wolfSSL_X509_PKEY_new(x509->heap); + return wolfSSL_X509_PKEY_set((*info)->x_pkey, x509); } /** @@ -43061,7 +43104,7 @@ err: return NULL; } if (x509) { - ret = wolfSSL_X509_INFO_set(current, x509); + ret = wolfSSL_X509_INFO_set(¤t, x509); } else if (crl) { current->crl = crl; @@ -43176,8 +43219,10 @@ err: ne->object = wolfSSL_OBJ_nid2obj_ex(nid, ne->object); ne->value = wolfSSL_ASN1_STRING_type_new(type); if (ne->value != NULL) { - wolfSSL_ASN1_STRING_set(ne->value, (const void*)data, dataSz); - ne->set = 1; + if (wolfSSL_ASN1_STRING_set(ne->value, (const void*)data, + dataSz) == WOLFSSL_SUCCESS) { + ne->set = 1; + } } } @@ -43221,8 +43266,10 @@ err: ne->object = wolfSSL_OBJ_nid2obj_ex(nid, ne->object); ne->value = wolfSSL_ASN1_STRING_type_new(type); if (ne->value != NULL) { - wolfSSL_ASN1_STRING_set(ne->value, (const void*)data, dataSz); - ne->set = 1; + if (wolfSSL_ASN1_STRING_set(ne->value, (const void*)data, dataSz) + == WOLFSSL_SUCCESS) { + ne->set = 1; + } } return ne; @@ -43637,6 +43684,10 @@ err: const char* name = wolfSSL_OBJ_nid2ln(wolfSSL_OBJ_obj2nid(a)); #endif + if (name == NULL) { + WOLFSSL_MSG("Name not found"); + return WOLFSSL_FAILURE; + } if (XSTRLEN(name) + 1 < (word32)bufLen - 1) { bufSz = (int)XSTRLEN(name); } @@ -45920,6 +45971,7 @@ WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out) const byte* bioMemPt = bioMem; /* leave bioMem pointer unaltered */ if ((key = wolfSSL_d2i_RSAPrivateKey(NULL, &bioMemPt, bioMemSz)) == NULL) { XFREE((unsigned char*)bioMem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE((unsigned char*)maxKeyBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); return NULL; } @@ -46915,7 +46967,7 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name, #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) int count = 0, len = 0, totalSz = 0, tmpSz = 0; char tmp[ASN_NAME_MAX+1]; - char fullName[ASN_NAME_MAX]; + char fullName[ASN_NAME_MAX+2]; const char *buf = NULL; WOLFSSL_X509_NAME_ENTRY* ne; WOLFSSL_ASN1_STRING* str; @@ -48916,8 +48968,7 @@ int wolfSSL_i2a_ASN1_INTEGER(BIO *bp, const WOLFSSL_ASN1_INTEGER *a) /* Zero length integer is the value zero. */ if (len == 0) { - wolfSSL_BIO_write(bp, "00", 2); - return 2; + return wolfSSL_BIO_write(bp, "00", 2); } if (Base16_Encode(a->data + idx, len, buf, &bufLen) != 0 || @@ -49656,7 +49707,7 @@ int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names) #endif } - if (curve > (sizeof(word32) * WOLFSSL_BIT_SIZE)) { + if (curve >= (sizeof(word32) * WOLFSSL_BIT_SIZE)) { /* shift left more than size of ctx->disabledCurves causes static * analysis report */ WOLFSSL_MSG("curve value is too large for upcoming shift"); @@ -51401,6 +51452,9 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* str, int len, return NULL; } } else { + /* This may be overly defensive */ + if (weOwn) + wolfSSL_BN_free(ret); return NULL; } @@ -51637,17 +51691,17 @@ int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM* bn, int n) if (bn == NULL || bn->internal == NULL) { WOLFSSL_MSG("bn NULL error"); - goto cleanup; + goto end; } if (mp_is_bit_set((mp_int*)bn->internal, n)) { #ifdef WOLFSSL_SMALL_STACK tmp = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); if (tmp == NULL) { - goto cleanup; + goto end; } #endif if (mp_init(tmp) != MP_OKAY) { - goto cleanup; + goto end; } if (mp_set_bit(tmp, n) != MP_OKAY) { goto cleanup; @@ -51655,11 +51709,15 @@ int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM* bn, int n) if (mp_sub((mp_int*)bn->internal, tmp, (mp_int*)bn->internal) != MP_OKAY) { goto cleanup; } + } else { + goto end; } ret = WOLFSSL_SUCCESS; cleanup: mp_clear(tmp); + +end: #ifdef WOLFSSL_SMALL_STACK if (tmp) XFREE(tmp, NULL, DYNAMIC_TYPE_BIGINT); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index a19529107..7d2ad33d7 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -4214,7 +4214,13 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, seqSz += sz; tmpIdx = 0; - seqSz += SetShortInt(shr, &tmpIdx, itt, maxShr); + ret = SetShortInt(shr, &tmpIdx, itt, maxShr); + if (ret >= 0) { + seqSz += ret; + } + else { + return ret; + } innerSz += seqSz + SetSequence(seqSz, seq); totalSz += innerSz + SetSequence(innerSz, seq); diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index f9978a4f1..8f3041170 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -2228,7 +2228,10 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret, switch (pkey->type) { #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) case EVP_PKEY_RSA: { - int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); + int nid; + const WOLFSSL_EVP_MD *ctxmd = wolfSSL_EVP_MD_CTX_md(ctx); + if (ctxmd == NULL) break; + nid = wolfSSL_EVP_MD_type(ctxmd); if (nid < 0) break; return wolfSSL_RSA_sign(nid, md, mdsize, sigret, siglen, pkey->rsa); @@ -2304,7 +2307,10 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, switch (pkey->type) { #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) case EVP_PKEY_RSA: { - int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); + int nid; + const WOLFSSL_EVP_MD *ctxmd = wolfSSL_EVP_MD_CTX_md(ctx); + if (ctxmd == NULL) break; + nid = wolfSSL_EVP_MD_type(ctxmd); if (nid < 0) break; return wolfSSL_RSA_verify(nid, md, mdsize, sig, (unsigned int)siglen, pkey->rsa); @@ -2680,7 +2686,11 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) case EVP_PKEY_RSA: { unsigned int sigSz; - int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); + int nid; + const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx); + if (md == NULL) + break; + nid = wolfSSL_EVP_MD_type(md); if (nid < 0) break; ret = wolfSSL_RSA_sign_generic_padding(nid, digest, hashLen, @@ -2773,7 +2783,11 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, switch (ctx->pctx->pkey->type) { #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) case EVP_PKEY_RSA: { - int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); + int nid; + const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx); + if (md == NULL) + return WOLFSSL_FAILURE; + nid = wolfSSL_EVP_MD_type(md); if (nid < 0) return WOLFSSL_FAILURE; return wolfSSL_RSA_verify_ex(nid, digest, hashLen, sig, diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index fbdff4c6f..1751bd85b 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -868,16 +868,13 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y) return MP_VAL; } if (mp_isone(P)) { - mp_set(Y, 0); - return MP_OKAY; + return mp_set(Y, 0); } if (mp_iszero(X)) { - mp_set(Y, 1); - return MP_OKAY; + return mp_set(Y, 1); } if (mp_iszero(G)) { - mp_set(Y, 0); - return MP_OKAY; + return mp_set(Y, 0); } /* if exponent X is negative we have to recurse */ @@ -2415,7 +2412,7 @@ int mp_exptmod_base_2(mp_int * X, mp_int * P, mp_int * Y) } /* swap res with Y */ - mp_copy(res, Y); + err = mp_copy(res, Y); LBL_RES:mp_clear (res); LBL_M: diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c index 824f91aa0..9b581c0ac 100644 --- a/wolfcrypt/src/pkcs12.c +++ b/wolfcrypt/src/pkcs12.c @@ -755,7 +755,14 @@ int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz) outerSz += mac->saltSz; /* MAC iterations */ - outerSz += SetShortInt(ASNSHORT, &tmpIdx, mac->itt, MAX_SHORT_SZ); + ret = SetShortInt(ASNSHORT, &tmpIdx, mac->itt, MAX_SHORT_SZ); + if (ret >= 0) { + outerSz += ret; + ret = 0; + } + else { + return ret; + } /* sequence of inner data */ outerSz += SetSequence(innerSz, seq); @@ -1817,6 +1824,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng, idx += SetObjectId(sizeof(WC_PKCS12_DATA_OID), out + idx); if (idx + sizeof(WC_PKCS12_DATA_OID) > *outSz){ WOLFSSL_MSG("Buffer not large enough for DATA OID"); + XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER); return BUFFER_E; } XMEMCPY(out + idx, WC_PKCS12_DATA_OID, sizeof(WC_PKCS12_DATA_OID)); @@ -1824,6 +1832,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng, /* copy over encrypted data */ if (idx + encSz > *outSz){ + XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER); return BUFFER_E; } XMEMCPY(out + idx, tmp, encSz); diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index a103246f7..02a98b767 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -386,7 +386,11 @@ int wc_FileLoad(const char* fname, unsigned char** buf, size_t* bufLen, return BAD_PATH_ERROR; } - XFSEEK(f, 0, XSEEK_END); + if (XFSEEK(f, 0, XSEEK_END) != 0) { + WOLFSSL_MSG("wc_LoadFile file seek error"); + XFCLOSE(f); + return BAD_PATH_ERROR; + } fileSz = XFTELL(f); XREWIND(f); if (fileSz > 0) {