diff --git a/src/internal.c b/src/internal.c index 5d6cd160d..154d2fdbe 100644 --- a/src/internal.c +++ b/src/internal.c @@ -604,6 +604,9 @@ int IsAtLeastTLSv1_3(const ProtocolVersion pv) int IsEncryptionOn(const WOLFSSL* ssl, int isSend) { + if (ssl == NULL) { + return BAD_FUNC_ARG; + } #ifdef WOLFSSL_DTLS /* For DTLS, epoch 0 is always not encrypted. */ if (ssl->options.dtls && !isSend) { @@ -10847,12 +10850,16 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz, #endif /* !WOLFSSL_NO_TLS12 */ -/* return bytes received, -1 on error */ +/* return bytes received, WOLFSSL_FATAL_ERROR on error, + * or BAD_FUNC_ARG if ssl is null */ static int wolfSSLReceive(WOLFSSL* ssl, byte* buf, word32 sz) { int recvd; int retryLimit = WOLFSSL_MODE_AUTO_RETRY_ATTEMPTS; + if (ssl == NULL) { + return BAD_FUNC_ARG; + } #ifdef WOLFSSL_QUIC if (WOLFSSL_IS_QUIC(ssl)) { /* QUIC only "reads" from data provided by the application @@ -11012,6 +11019,11 @@ int SendBuffered(WOLFSSL* ssl) { int retryLimit = WOLFSSL_MODE_AUTO_RETRY_ATTEMPTS; + if (ssl == NULL) { + WOLFSSL_MSG("ssl is null"); + return BAD_FUNC_ARG; + } + if (ssl->CBIOSend == NULL && !WOLFSSL_IS_QUIC(ssl)) { WOLFSSL_MSG("Your IO Send callback is null, please set"); return SOCKET_ERROR_E; @@ -11382,6 +11394,10 @@ int CheckAvailableSize(WOLFSSL *ssl, int size) int MsgCheckEncryption(WOLFSSL* ssl, byte type, byte encrypted) { + if (ssl == NULL) { + WOLFSSL_MSG("ssl is null"); + return BAD_FUNC_ARG; + } #ifdef WOLFSSL_QUIC /* QUIC protects messages outside of the TLS scope */ if (WOLFSSL_IS_QUIC(ssl) && IsAtLeastTLSv1_3(ssl->version)) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 066543903..39ac5dce9 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -715,6 +715,11 @@ int SizeASN_Items(const ASNItem* asn, ASNSetData *data, int count, int* encSz) WOLFSSL_ENTER("SizeASN_Items"); #endif + if (asn == NULL || data == NULL || count <= 0 || encSz == NULL) { + WOLFSSL_MSG("bad arguments in SizeASN_Items"); + return BAD_FUNC_ARG; + } + for (i = count - 1; i >= 0; i--) { /* Skip this ASN.1 item when encoding. */ if (data[i].noOut) {