wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-03-24 11:37:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4053 from SparkiDev/cppcheck_fixes_6

Browse Source 
cppcheck: fixes from reviewing report
This commit is contained in:
David Garske
2021-06-09 12:51:30 -07:00
committed by GitHub
parent a6edff7bd5 2c6285ccba
commit c6c7dfd5db
27 changed files with 363 additions and 219 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c
View File

@@ -118,7 +118,7 @@ int construct_argv()
__argv[cnt] = malloc(10);
sprintf(__argv[cnt], "benchmark");
__argv[9] = '\0';
__argv[cnt][9] = '\0';
cnt = 1;
while (*ch != '\0')

1
IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c
View File

@@ -197,6 +197,7 @@ FILE * wolfSSL_fopen(const char *name, const char *openmode)
#define PATHSIZE 100
char path[PATHSIZE] ; char *p ;
if (name == NULL) return NULL;
if(strlen(name) > PATHSIZE)return(NULL) ;
for(i = 0; i<= strlen(name); i++) {

2
IDE/zephyr/wolfssl_tls_sock/src/tls_sock.c
View File

@@ -323,9 +323,7 @@ int wolfssl_server_accept_tcp(WOLFSSL* ssl, SOCKET_T* fd, SOCKET_T* acceptfd)
if (ret == 0) {
*acceptfd = clientfd;
tcp_set_nonblocking(&clientfd);
}
if (ret == 0) {
printf("Server has client\n");
if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS)
ret = -1;

4
examples/echoclient/echoclient.c
View File

@@ -89,7 +89,7 @@ void echoclient_test(void* args)
int argc = 0;
char** argv = 0;
#endif
word16 port = yasslPort;
word16 port;
char buffer[CYASSL_MAX_ERROR_SZ];
((func_args*)args)->return_code = -1; /* error state */
@@ -126,6 +126,8 @@ void echoclient_test(void* args)
#if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_SHELL)
port = ((func_args*)args)->signal->port;
#else
port = yasslPort;
#endif
#if defined(CYASSL_DTLS)

2
mcapi/mcapi_test.c
View File

@@ -238,7 +238,7 @@ static int check_md5(void)
return -1;
}
if (ret == 0 && memcmp(mcDigest, defDigest, CRYPT_MD5_DIGEST_SIZE) != 0) {
if (memcmp(mcDigest, defDigest, CRYPT_MD5_DIGEST_SIZE) != 0) {
printf("md5 final memcmp failed\n");
return -1;
}

12
src/bio.c
View File

@@ -547,9 +547,11 @@ static int wolfSSL_BIO_MD_write(WOLFSSL_BIO* bio, const void* data, int len)
int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
{
int ret = 0;
#ifdef WOLFSSL_BASE64_ENCODE
/* Use extra return var as we want to return how much of input we have
* written, not how big the base64 encoding ended up being */
int retB64 = 0;
#endif
WOLFSSL_BIO* front = bio;
void* frmt = NULL;
word32 frmtSz = 0;
@@ -600,15 +602,15 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
if (bio->ptr) {
ret = (int)XFWRITE(data, 1, len, (XFILE)bio->ptr);
}
else {
#if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR) && \
!defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
else {
ret = (int)XWRITE(bio->num, data, len);
}
#else
WOLFSSL_MSG("No file pointer and XWRITE not enabled");
ret = NOT_COMPILED_IN;
WOLFSSL_MSG("No file pointer and XWRITE not enabled");
ret = NOT_COMPILED_IN;
#endif
}
#else
WOLFSSL_MSG("WOLFSSL_BIO_FILE used with NO_FILESYSTEM");
ret = NOT_COMPILED_IN;
@@ -671,9 +673,11 @@ exit_chain:
XFREE(frmt, front->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
#ifdef WOLFSSL_BASE64_ENCODE
if (retB64 > 0 && ret > 0)
return retB64;
else
#endif
return ret;
}

96
src/internal.c
View File

@@ -1716,9 +1716,7 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
ctx->minEccKeySz = MIN_ECCKEY_SZ;
ctx->eccTempKeySz = ECDHE_SIZE;
#endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
ctx->verifyDepth = MAX_CHAIN_DEPTH;
#endif
#ifdef OPENSSL_EXTRA
ctx->cbioFlag = WOLFSSL_CBIO_NONE;
#endif
@@ -1867,11 +1865,6 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
ctx->ticketHint = SESSION_TICKET_HINT_DEFAULT;
#endif
#ifdef HAVE_WOLF_EVENT
if (ret == 0)
ret = wolfEventQueue_Init(&ctx->event_queue);
#endif /* HAVE_WOLF_EVENT */
#ifdef WOLFSSL_EARLY_DATA
ctx->maxEarlyDataSz = MAX_EARLY_DATA_SZ;
#endif
@@ -1881,7 +1874,10 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
#endif
ctx->heap = heap; /* wolfSSL_CTX_load_static_memory sets */
ctx->verifyDepth = MAX_CHAIN_DEPTH;
#ifdef HAVE_WOLF_EVENT
ret = wolfEventQueue_Init(&ctx->event_queue);
#endif /* HAVE_WOLF_EVENT */
return ret;
}
@@ -5834,9 +5830,6 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
ssl->wfd = -1;
ssl->devId = ctx->devId; /* device for async HW (from wolfAsync_DevOpen) */
ssl->IOCB_ReadCtx = &ssl->rfd; /* prevent invalid pointer access if not */
ssl->IOCB_WriteCtx = &ssl->wfd; /* correctly set */
#ifdef HAVE_NETX
ssl->IOCB_ReadCtx = &ssl->nxCtx; /* default NetX IO ctx, same for read */
ssl->IOCB_WriteCtx = &ssl->nxCtx; /* and write */
@@ -5850,7 +5843,11 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
#elif defined (WOLFSSL_GNRC)
ssl->IOCB_ReadCtx = ssl->gnrcCtx;
ssl->IOCB_WriteCtx = ssl->gnrcCtx;
#else
ssl->IOCB_ReadCtx = &ssl->rfd; /* prevent invalid pointer access if not */
ssl->IOCB_WriteCtx = &ssl->wfd; /* correctly set */
#endif
/* initialize states */
ssl->options.serverState = NULL_STATE;
ssl->options.clientState = NULL_STATE;
@@ -6258,10 +6255,6 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
return BAD_FUNC_ARG;
}
if (sz == 0) {
return NOT_COMPILED_IN;
}
/* Allocate memory for key */
*pKey = (void *)XMALLOC(sz, ssl->heap, type);
if (*pKey == NULL) {
@@ -8564,10 +8557,8 @@ static WC_INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size)
the header, if the user wants encrypted alignment they need
to define their alignment requirement */
if (align) {
while (align < hdrSz)
align *= 2;
}
while (align < hdrSz)
align *= 2;
#endif
tmp = (byte*)XMALLOC(size + ssl->buffers.outputBuffer.length + align,
@@ -11778,8 +11769,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
/* Check peer's certificate version number. TLS 1.2 / 1.3
* requires the clients certificate be version 3 unless a
* different version has been negotiated using RFC 7250 */
if ((ret == 0) &&
(ssl->options.side == WOLFSSL_SERVER_END)) {
if (ssl->options.side == WOLFSSL_SERVER_END) {
if (args->dCert->version != WOLFSSL_X509_V3) {
WOLFSSL_MSG("Peers certificate was not version 3!");
args->lastErr = ASN_VERSION_E;
@@ -17055,7 +17045,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
int epochOrder)
{
#ifndef WOLFSSL_NO_TLS12
int ret = 0;
int ret;
BuildMsgArgs* args;
BuildMsgArgs lcl_args;
#ifdef WOLFSSL_ASYNC_CRYPT
@@ -17082,8 +17072,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
}
#endif
ret = WC_NOT_PENDING_E;
#ifdef WOLFSSL_ASYNC_CRYPT
ret = WC_NOT_PENDING_E;
if (asyncOkay) {
ret = wolfSSL_AsyncPop(ssl, &ssl->options.buildMsgState);
if (ret != WC_NOT_PENDING_E) {
@@ -17099,7 +17089,10 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
}
/* Reset state */
if (ret == WC_NOT_PENDING_E) {
#ifdef WOLFSSL_ASYNC_CRYPT
if (ret == WC_NOT_PENDING_E)
#endif
{
ret = 0;
ssl->options.buildMsgState = BUILD_MSG_BEGIN;
XMEMSET(args, 0, sizeof(BuildMsgArgs));
@@ -18591,7 +18584,9 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
int sent = 0, /* plainText size */
sendSz,
ret;
#if defined(WOLFSSL_EARLY_DATA) && defined(WOLFSSL_EARLY_DATA_GROUP)
int groupMsgs = 0;
#endif
if (ssl->error == WANT_WRITE
#ifdef WOLFSSL_ASYNC_CRYPT
@@ -18642,7 +18637,11 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
}
/* last time system socket output buffer was full, try again to send */
if (!groupMsgs && ssl->buffers.outputBuffer.length > 0) {
if (ssl->buffers.outputBuffer.length > 0
#if defined(WOLFSSL_EARLY_DATA) && defined(WOLFSSL_EARLY_DATA_GROUP)
&& !groupMsgs
#endif
) {
WOLFSSL_MSG("output buffer was full, trying to send again");
if ( (ssl->error = SendBuffered(ssl)) < 0) {
WOLFSSL_ERROR(ssl->error);
@@ -21979,19 +21978,20 @@ exit_dpk:
/* Make sure client setup is valid for this suite, true on success */
int VerifyClientSuite(WOLFSSL* ssl)
{
int havePSK = 0;
#ifndef NO_PSK
int havePSK = ssl->options.havePSK;
#endif
byte first = ssl->options.cipherSuite0;
byte second = ssl->options.cipherSuite;
WOLFSSL_ENTER("VerifyClientSuite");
#ifndef NO_PSK
havePSK = ssl->options.havePSK;
#endif
if (CipherRequires(first, second, REQUIRES_PSK)) {
WOLFSSL_MSG("Requires PSK");
if (havePSK == 0) {
#ifndef NO_PSK
if (havePSK == 0)
#endif
{
WOLFSSL_MSG("Don't have PSK");
return 0;
}
@@ -24203,7 +24203,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
case TLS_ASYNC_BUILD:
{
args->encSz = MAX_ENCRYPT_SZ;
args->encSecret = (byte*)XMALLOC(args->encSz, ssl->heap,
args->encSecret = (byte*)XMALLOC(MAX_ENCRYPT_SZ, ssl->heap,
DYNAMIC_TYPE_SECRET);
if (args->encSecret == NULL) {
ERROR_OUT(MEMORY_E, exit_scke);
@@ -25287,7 +25287,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
/* build encoded signature buffer */
ssl->buffers.sig.length = MAX_ENCODED_SIG_SZ;
ssl->buffers.sig.buffer = (byte*)XMALLOC(ssl->buffers.sig.length,
ssl->buffers.sig.buffer = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ,
ssl->heap, DYNAMIC_TYPE_SIGNATURE);
if (ssl->buffers.sig.buffer == NULL) {
ERROR_OUT(MEMORY_E, exit_scv);
@@ -25337,9 +25337,10 @@ int SendCertificateVerify(WOLFSSL* ssl)
}
#ifndef NO_OLD_TLS
else {
/* if old TLS load MD5 and SHA hash as value to sign */
/* if old TLS load MD5 and SHA hash as value to sign
* MD5 and SHA must be first two buffers in stucture */
XMEMCPY(ssl->buffers.sig.buffer,
(byte*)ssl->hsHashes->certHashes.md5, FINISHED_SZ);
(byte*)&ssl->hsHashes->certHashes, FINISHED_SZ);
}
#endif
@@ -25829,7 +25830,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
int sendSz;
byte sessIdSz = ID_LEN;
#if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SESSION_TICKET)
byte echoId = 0; /* ticket echo id flag */
#endif
byte cacheOff = 0; /* session cache off flag */
WOLFSSL_START(WC_FUNC_SERVER_HELLO_SEND);
@@ -25874,7 +25877,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* if no session cache don't send a session ID unless we're echoing
* an ID as part of session tickets */
if (echoId == 0 && cacheOff == 1) {
if (cacheOff == 1
#if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SESSION_TICKET)
&& echoId == 0
#endif
) {
length -= ID_LEN; /* adjust ID_LEN assumption */
sessIdSz = 0;
}
@@ -26559,7 +26566,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
args->length = ENUM_LEN + CURVE_LEN + ENUM_LEN;
args->exportSz = MAX_EXPORT_ECC_SZ;
args->exportBuf = (byte*)XMALLOC(args->exportSz,
args->exportBuf = (byte*)XMALLOC(MAX_EXPORT_ECC_SZ,
ssl->heap, DYNAMIC_TYPE_DER);
if (args->exportBuf == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
@@ -26668,7 +26675,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* Export temp ECC key and add to length */
args->exportSz = MAX_EXPORT_ECC_SZ;
args->exportBuf = (byte*)XMALLOC(args->exportSz,
args->exportBuf = (byte*)XMALLOC(MAX_EXPORT_ECC_SZ,
ssl->heap, DYNAMIC_TYPE_DER);
if (args->exportBuf == NULL) {
ERROR_OUT(MEMORY_E, exit_sske);
@@ -27647,7 +27654,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
static int VerifyServerSuite(WOLFSSL* ssl, word16 idx)
{
int haveRSA = !ssl->options.haveStaticECC;
int havePSK = 0;
#ifndef NO_PSK
int havePSK = ssl->options.havePSK;
#endif
byte first;
byte second;
@@ -27661,10 +27670,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
first = ssl->suites->suites[idx];
second = ssl->suites->suites[idx+1];
#ifndef NO_PSK
havePSK = ssl->options.havePSK;
#endif
if (ssl->options.haveNTRU)
haveRSA = 0;
@@ -27702,7 +27707,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (CipherRequires(first, second, REQUIRES_PSK)) {
WOLFSSL_MSG("Requires PSK");
if (havePSK == 0) {
#ifndef NO_PSK
if (havePSK == 0)
#endif
{
WOLFSSL_MSG("Don't have PSK");
return 0;
}

103
src/ssl.c
View File

@@ -2123,6 +2123,9 @@ int wolfSSL_read(WOLFSSL* ssl, void* data, int sz)
WOLFSSL_ENTER("wolfSSL_read()");
#ifdef OPENSSL_EXTRA
if (ssl == NULL) {
return BAD_FUNC_ARG;
}
if (ssl->CBIS != NULL) {
ssl->CBIS(ssl, SSL_CB_READ, WOLFSSL_SUCCESS);
ssl->cbmode = SSL_CB_READ;
@@ -2837,7 +2840,9 @@ int wolfSSL_Rehandshake(WOLFSSL* ssl)
#endif
}
#ifdef HAVE_SESSION_TICKET
if (ret == WOLFSSL_SUCCESS)
#endif
ret = _Rehandshake(ssl);
return ret;
@@ -8287,7 +8292,7 @@ int wolfSSL_check_private_key(const WOLFSSL* ssl)
if (ret == 0 && der.keyOID == RSAk) {
ret = wc_CryptoCb_RsaCheckPrivKey((RsaKey*)pkey, der.publicKey,
der.pubKeySize);
if (ret == 0 && ret != CRYPTOCB_UNAVAILABLE)
if (ret == 0)
ret = WOLFSSL_SUCCESS;
wc_FreeRsaKey((RsaKey*)pkey);
}
@@ -8296,7 +8301,7 @@ int wolfSSL_check_private_key(const WOLFSSL* ssl)
if (ret == 0 && der.keyOID == ECDSAk) {
ret = wc_CryptoCb_EccCheckPrivKey((ecc_key*)pkey, der.publicKey,
der.pubKeySize);
if (ret == 0 && ret != CRYPTOCB_UNAVAILABLE)
if (ret == 0)
ret = WOLFSSL_SUCCESS;
wc_ecc_free((ecc_key*)pkey);
}
@@ -13797,7 +13802,7 @@ static int GetDeepCopySession(WOLFSSL* ssl, WOLFSSL_SESSION* copyFrom)
int SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session)
{
if (ssl->options.sessionCacheOff)
if (ssl == NULL || ssl->options.sessionCacheOff)
return WOLFSSL_FAILURE;
#ifdef OPENSSL_EXTRA
@@ -16751,10 +16756,12 @@ int wolfSSL_get_server_tmp_key(const WOLFSSL* ssl, WOLFSSL_EVP_PKEY** pkey)
#endif
*pkey = ret;
if (ret == NULL)
return WOLFSSL_FAILURE;
else
#ifdef HAVE_ECC
if (ret != NULL)
return WOLFSSL_SUCCESS;
else
#endif
return WOLFSSL_FAILURE;
}
#endif /* !NO_WOLFSSL_SERVER */
@@ -18931,7 +18938,9 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
* don't */
static void ExternalFreeX509(WOLFSSL_X509* x509)
{
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
int doFree = 0;
#endif
WOLFSSL_ENTER("ExternalFreeX509");
if (x509) {
@@ -18948,11 +18957,12 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
if (x509->refCount == 0)
doFree = 1;
wc_UnLockMutex(&x509->refMutex);
#else
doFree = 1;
#endif /* OPENSSL_EXTRA */
#endif /* OPENSSL_EXTRA || OPENSSL_ALL */
if (doFree) {
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
if (doFree)
#endif /* OPENSSL_EXTRA || OPENSSL_ALL */
{
FreeX509(x509);
XFREE(x509, x509->heap, DYNAMIC_TYPE_X509);
}
@@ -23020,7 +23030,8 @@ int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name,
return textSz;
}
if (buf != NULL && text != NULL) {
/* buf is not NULL from above */
if (text != NULL) {
textSz = min(textSz + 1, len); /* + 1 to account for null char */
if (textSz > 0) {
XMEMCPY(buf, text, textSz - 1);
@@ -32265,8 +32276,13 @@ WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG, int *initTmpRng)
!defined(HAVE_FAST_RSA) && defined(WC_RSA_BLINDING)
rng = ((RsaKey*)rsa->internal)->rng;
#endif
if (rng == NULL && tmpRNG) {
if (!*tmpRNG) {
if (tmpRNG != NULL
#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && \
!defined(HAVE_FAST_RSA) && defined(WC_RSA_BLINDING)
&& rng == NULL
#endif
) {
if (*tmpRNG == NULL) {
#ifdef WOLFSSL_SMALL_STACK
*tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (*tmpRNG == NULL)
@@ -32526,35 +32542,28 @@ int wolfSSL_RAND_egd(const char* nm)
#endif
return WOLFSSL_FATAL_ERROR;
}
if (ret == WOLFSSL_SUCCESS) {
rem.sun_family = AF_UNIX;
XSTRNCPY(rem.sun_path, nm, sizeof(rem.sun_path) - 1);
rem.sun_path[sizeof(rem.sun_path)-1] = '\0';
}
rem.sun_family = AF_UNIX;
XSTRNCPY(rem.sun_path, nm, sizeof(rem.sun_path) - 1);
rem.sun_path[sizeof(rem.sun_path)-1] = '\0';
/* connect to egd server */
if (ret == WOLFSSL_SUCCESS) {
if (connect(fd, (struct sockaddr*)&rem, sizeof(struct sockaddr_un))
== -1) {
WOLFSSL_MSG("error connecting to egd server");
ret = WOLFSSL_FATAL_ERROR;
}
if (connect(fd, (struct sockaddr*)&rem, sizeof(struct sockaddr_un)) == -1) {
WOLFSSL_MSG("error connecting to egd server");
ret = WOLFSSL_FATAL_ERROR;
}
while (ret == WOLFSSL_SUCCESS && bytes < 255 && idx + 2 < 256) {
if (ret == WOLFSSL_SUCCESS) {
buf[idx] = WOLFSSL_EGD_NBLOCK;
buf[idx + 1] = 255 - bytes; /* request 255 bytes from server */
ret = (int)write(fd, buf + idx, 2);
if (ret <= 0 || ret != 2) {
if (errno == EAGAIN) {
ret = WOLFSSL_SUCCESS;
continue;
}
WOLFSSL_MSG("error requesting entropy from egd server");
ret = WOLFSSL_FATAL_ERROR;
break;
buf[idx] = WOLFSSL_EGD_NBLOCK;
buf[idx + 1] = 255 - bytes; /* request 255 bytes from server */
ret = (int)write(fd, buf + idx, 2);
if (ret != 2) {
if (errno == EAGAIN) {
ret = WOLFSSL_SUCCESS;
continue;
}
WOLFSSL_MSG("error requesting entropy from egd server");
ret = WOLFSSL_FATAL_ERROR;
break;
}
/* attempting to read */
@@ -43459,7 +43468,9 @@ err:
const char* headerEnd = NULL;
const char* footer = NULL;
const char* footerEnd = NULL;
#ifdef HAVE_CRL
DerBuffer* der = NULL;
#endif
(void)cb;
@@ -43489,9 +43500,10 @@ err:
/* Read the header and footer */
while (wolfSSL_BIO_read(bio, &pem[i], 1) == 1) {
i++;
if (!header)
if (!header) {
header = XSTRNSTR(pem, "-----BEGIN ", (unsigned int)i);
else if (header) {
}
else {
if (!headerEnd) {
headerEnd = XSTRNSTR(header + XSTR_SIZEOF("-----BEGIN "),
"-----",
@@ -43555,7 +43567,7 @@ err:
goto err;
}
}
#ifdef HAVE_CRL
#ifdef HAVE_CRL
else if (headerEnd - header ==
XSTR_SIZEOF("-----BEGIN X509 CRL-----") &&
XMEMCMP(header, "-----BEGIN X509 CRL-----",
@@ -43573,7 +43585,7 @@ err:
goto err;
}
}
#endif
#endif
else {
/* TODO support WOLFSSL_X509_PKEY as well */
WOLFSSL_MSG("Unsupported PEM structure");
@@ -43582,14 +43594,18 @@ err:
}
XFREE(pem, 0, DYNAMIC_TYPE_PEM);
#ifdef HAVE_CRL
if (der)
FreeDer(&der);
#endif
return WOLFSSL_SUCCESS;
err:
if (pem)
XFREE(pem, 0, DYNAMIC_TYPE_PEM);
#ifdef HAVE_CRL
if (der)
FreeDer(&der);
#endif
return WOLFSSL_FAILURE;
#endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
}
@@ -54947,7 +54963,10 @@ int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio,
oidSz = 0;
}
if (ret >= 0) {
#ifdef HAVE_ECC
if (ret >= 0)
#endif
{
ret = wc_CreatePKCS8Key(key, &keySz, (byte*)pkey->pkey.ptr,
pkey->pkey_sz, algId, curveOid, oidSz);
keySz = ret;
@@ -55325,7 +55344,7 @@ int wolfSSL_X509_set_serialNumber(WOLFSSL_X509* x509, WOLFSSL_ASN1_INTEGER* s)
int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey)
{
byte* p = NULL;
int derSz;
int derSz = 0;
WOLFSSL_ENTER("wolfSSL_X509_set_pubkey");
if (cert == NULL || pkey == NULL)

7
src/tls.c
View File

@@ -5135,8 +5135,10 @@ static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, const byte* input,
WOLFSSL_MSG("Process client ticket rejected, bad TLS version");
ssl->options.rejectTicket = 1;
ret = 0; /* not fatal */
} else if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) {
} else if (ret == WOLFSSL_TICKET_RET_FATAL) {
WOLFSSL_MSG("Process client ticket fatal error, not using");
} else if (ret < 0) {
WOLFSSL_MSG("Process client ticket unknown error, not using");
}
}
}
@@ -10242,6 +10244,9 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
}
}
}
if (ret != 0) {
return ret;
}
#endif
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)

53
src/tls13.c
View File

@@ -2310,7 +2310,7 @@ static void FreeBuildMsg13Args(WOLFSSL* ssl, void* pArgs)
int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
int inSz, int type, int hashOutput, int sizeOnly, int asyncOkay)
{
int ret = 0;
int ret;
BuildMsg13Args* args;
BuildMsg13Args lcl_args;
#ifdef WOLFSSL_ASYNC_CRYPT
@@ -2321,8 +2321,8 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
WOLFSSL_ENTER("BuildTls13Message");
ret = WC_NOT_PENDING_E;
#ifdef WOLFSSL_ASYNC_CRYPT
ret = WC_NOT_PENDING_E;
if (asyncOkay) {
ret = wolfSSL_AsyncPop(ssl, &ssl->options.buildMsgState);
if (ret != WC_NOT_PENDING_E) {
@@ -2338,7 +2338,10 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
}
/* Reset state */
if (ret == WC_NOT_PENDING_E) {
#ifdef WOLFSSL_ASYNC_CRYPT
if (ret == WC_NOT_PENDING_E)
#endif
{
ret = 0;
ssl->options.buildMsgState = BUILD_MSG_BEGIN;
XMEMSET(args, 0, sizeof(BuildMsg13Args));
@@ -3299,8 +3302,8 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
return INVALID_PARAMETER;
}
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
if (*extMsgType == server_hello) {
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
ext = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY);
if (ext != NULL)
psk = (PreSharedKey*)ext->data;
@@ -3313,10 +3316,8 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
}
else if ((ret = SetupPskKey(ssl, psk)) != 0)
return ret;
}
#endif
if (*extMsgType == server_hello) {
ssl->keys.encryptionOn = 1;
ssl->options.serverState = SERVER_HELLO_COMPLETE;
}
@@ -3363,7 +3364,7 @@ static int DoTls13EncryptedExtensions(WOLFSSL* ssl, const byte* input,
#endif
/* Length field of extension data. */
if (totalSz < i - begin + OPAQUE16_LEN)
if (totalSz < OPAQUE16_LEN)
return BUFFER_ERROR;
ato16(&input[i], &totalExtSz);
i += OPAQUE16_LEN;
@@ -3440,7 +3441,7 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input,
if (ssl->toInfoOn) AddLateName("CertificateRequest", &ssl->timeoutInfo);
#endif
if ((*inOutIdx - begin) + OPAQUE8_LEN > size)
if (OPAQUE8_LEN > size)
return BUFFER_ERROR;
/* Length of the request context. */
@@ -3743,6 +3744,7 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
continue;
}
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
ssl->options.sendVerify = 0;
/* Derive the Finished message secret. */
@@ -3765,6 +3767,7 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
current->chosen = 1;
ext->resp = 1;
break;
#endif
}
/* Hash the rest of the ClientHello. */
@@ -3772,7 +3775,10 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
if (ret != 0)
return ret;
if (current == NULL) {
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
if (current == NULL)
#endif
{
#ifdef WOLFSSL_PSK_ID_PROTECTION
#ifndef NO_CERTS
if (ssl->buffers.certChainCnt != 0)
@@ -4108,9 +4114,12 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
word32 i = *inOutIdx;
word32 begin = i;
word16 totalExtSz = 0;
int usingPSK = 0;
byte sessIdSz = 0;
int wantDowngrade = 0;
#if (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) && \
defined(HAVE_TLS_EXTENSIONS)
int usingPSK = 0;
#endif
WOLFSSL_START(WC_FUNC_CLIENT_HELLO_DO);
WOLFSSL_ENTER("DoTls13ClientHello");
@@ -4124,7 +4133,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#endif
/* protocol version, random and session id length check */
if ((i - begin) + OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz)
if (OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz)
return BUFFER_ERROR;
/* Protocol version */
@@ -4308,7 +4317,11 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
}
if (!usingPSK) {
#if (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) && \
defined(HAVE_TLS_EXTENSIONS)
if (!usingPSK)
#endif
{
/* Not using PSK so don't require no KE. */
ssl->options.noPskDheKe = 0;
@@ -5129,7 +5142,9 @@ static int SendTls13Certificate(WOLFSSL* ssl)
word32 offset = OPAQUE16_LEN;
byte* p = NULL;
byte certReqCtxLen = 0;
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
byte* certReqCtx = NULL;
#endif
#ifdef OPENSSL_EXTRA
WOLFSSL_X509* x509 = NULL;
@@ -5259,10 +5274,12 @@ static int SendTls13Certificate(WOLFSSL* ssl)
/* Request context. */
output[i++] = certReqCtxLen;
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
if (certReqCtxLen > 0) {
XMEMCPY(output + i, certReqCtx, certReqCtxLen);
i += certReqCtxLen;
}
#endif
length -= OPAQUE8_LEN + certReqCtxLen;
fragSz -= OPAQUE8_LEN + certReqCtxLen;
/* Certificate list length. */
@@ -8436,17 +8453,18 @@ void wolfSSL_set_psk_server_tls13_callback(WOLFSSL* ssl,
*/
int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
{
#if !defined(NO_CERTS) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
word16 havePSK = 0;
#endif
WOLFSSL_ENTER("SSL_accept_TLSv13()");
#ifdef HAVE_ERRNO_H
errno = 0;
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
#if !defined(NO_CERTS) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
havePSK = ssl->options.havePSK;
#endif
(void)havePSK;
if (ssl->options.side != WOLFSSL_SERVER_END) {
WOLFSSL_ERROR(ssl->error = SIDE_ERROR);
@@ -8467,7 +8485,10 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
#ifndef NO_CERTS
/* allow no private key if using PK callbacks and CB is set */
if (!havePSK) {
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
if (!havePSK)
#endif
{
if (!ssl->buffers.certificate ||
!ssl->buffers.certificate->buffer) {
@@ -8488,7 +8509,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
return WOLFSSL_FATAL_ERROR;
}
}
#endif
#endif /* NO_CERTS */
if (ssl->buffers.outputBuffer.length > 0
#ifdef WOLFSSL_ASYNC_CRYPT

116
tests/api.c
View File

@@ -19127,7 +19127,7 @@ static int test_wc_curve25519_make_key (void)
/*
* Testing wc_curve25519_shared_secret_ex
*/
static int test_wc_curve25519_shared_secret_ex (void)
static int test_wc_curve25519_shared_secret_ex(void)
{
int ret = 0;
#if defined(HAVE_CURVE25519)
@@ -19143,9 +19143,9 @@ static int test_wc_curve25519_shared_secret_ex (void)
ret = wc_curve25519_init(&private_key);
if (ret == 0) {
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &private_key);
}
}
if (ret == 0) {
ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &private_key);
}
if (ret == 0) {
ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &public_key);
@@ -19159,6 +19159,9 @@ static int test_wc_curve25519_shared_secret_ex (void)
if (ret == 0) {
ret = wc_curve25519_shared_secret_ex(NULL, NULL, NULL,
0, endian);
if (ret == 0) {
ret = -1;
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
@@ -19166,28 +19169,40 @@ static int test_wc_curve25519_shared_secret_ex (void)
if (ret == 0) {
ret = wc_curve25519_shared_secret_ex(NULL, &public_key, out,
&outLen, endian);
if (ret == BAD_FUNC_ARG) {
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_shared_secret_ex(&private_key, NULL, out,
&outLen, endian);
if (ret == BAD_FUNC_ARG) {
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, NULL,
&outLen, endian);
if (ret == BAD_FUNC_ARG) {
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
NULL, endian);
if (ret == BAD_FUNC_ARG) {
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
@@ -19198,7 +19213,10 @@ static int test_wc_curve25519_shared_secret_ex (void)
public_key.p.point[CURVE25519_KEYSIZE-1] = 0x8F;
ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
&outLen, endian);
if (ret == ECC_BAD_ARG_E) {
if (ret == 0) {
ret = -1;
}
else if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
@@ -19207,7 +19225,10 @@ static int test_wc_curve25519_shared_secret_ex (void)
if (ret == 0) {
ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
&outLen, endian);
if (ret == BAD_FUNC_ARG) {
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
@@ -23326,6 +23347,9 @@ static int test_wc_SetSubjectBuffer (void)
derSz = (word32)XFREAD(der, 1, FOURK_BUF, file);
XFCLOSE(file);
}
else {
ret = -1;
}
}
if (ret == 0) {
ret = wc_InitCert(&cert);
@@ -23383,7 +23407,7 @@ static int test_wc_SetSubjectKeyIdFromPublicKey_ex (void)
if (ret == 0) { /*ED25519*/
ret = wc_ed25519_init(&ed25519Key);
if (ret == 0) {
wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key);
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key);
}
if (ret == 0) {
ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE,
@@ -23408,7 +23432,7 @@ static int test_wc_SetSubjectKeyIdFromPublicKey_ex (void)
if (ret == 0) { /*ECC*/
ret = wc_ecc_init(&eccKey);
if (ret == 0) {
wc_ecc_make_key(&rng, KEY14, &eccKey);
ret = wc_ecc_make_key(&rng, KEY14, &eccKey);
}
if (ret == 0) {
ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey);
@@ -23422,7 +23446,7 @@ static int test_wc_SetSubjectKeyIdFromPublicKey_ex (void)
if (ret == 0) { /*ED448*/
ret = wc_ed448_init(&ed448Key);
if (ret == 0) {
wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key);
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key);
}
if (ret == 0) {
ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED448_TYPE,
@@ -23474,7 +23498,7 @@ static int test_wc_SetAuthKeyIdFromPublicKey_ex (void)
if (ret == 0) { /*ED25519*/
ret = wc_ed25519_init(&ed25519Key);
if (ret == 0) {
wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key);
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key);
}
if (ret == 0) {
ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE,
@@ -23499,7 +23523,7 @@ static int test_wc_SetAuthKeyIdFromPublicKey_ex (void)
if (ret == 0) { /*ECC*/
ret = wc_ecc_init(&eccKey);
if (ret == 0) {
wc_ecc_make_key(&rng, KEY14, &eccKey);
ret = wc_ecc_make_key(&rng, KEY14, &eccKey);
}
if (ret == 0) {
ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey);
@@ -23513,7 +23537,7 @@ static int test_wc_SetAuthKeyIdFromPublicKey_ex (void)
if (ret == 0) { /*ED448*/
ret = wc_ed448_init(&ed448Key);
if (ret == 0) {
wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key);
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key);
}
if (ret == 0) {
ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED448_TYPE,
@@ -26004,22 +26028,26 @@ static int test_wc_HashSetFlags(void)
}
/* For loop to test not supported cases */
int notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType));
for (j = 0; j < notSupportedLen; j++){
for (j = 0; ret == 0 && j < notSupportedLen; j++){
ret = wc_HashInit(&hash, notSupported[j]);
if (ret == 0) {
ret = wc_HashInit(&hash, notSupported[j]);
if (ret == BAD_FUNC_ARG){
ret = -1;
}
else if (ret == BAD_FUNC_ARG){
ret = wc_HashSetFlags(&hash, notSupported[j], flags);
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG) {
ret = 0;
if (ret == 0){
ret = wc_HashSetFlags(&hash, notSupported[j], flags);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
}
}
if (ret == 0) {
ret = wc_HashFree(&hash, notSupported[j]);
if (ret == BAD_FUNC_ARG) {
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
@@ -26101,22 +26129,26 @@ static int test_wc_HashGetFlags(void)
}
/* For loop to test not supported cases */
int notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType));
for (j = 0; j < notSupportedLen; j++){
for (j = 0; ret == 0 && j < notSupportedLen; j++){
ret = wc_HashInit(&hash, notSupported[j]);
if (ret == 0) {
ret = wc_HashInit(&hash, notSupported[j]);
if (ret == BAD_FUNC_ARG){
ret = -1;
}
else if (ret == BAD_FUNC_ARG){
ret = wc_HashGetFlags(&hash, notSupported[j], &flags);
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG) {
ret = 0;
if (ret == 0){
ret = wc_HashGetFlags(&hash, notSupported[j], &flags);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
}
}
if (ret == 0) {
ret = wc_HashFree(&hash, notSupported[j]);
if (ret == BAD_FUNC_ARG) {
if (ret == 0) {
ret = -1;
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
@@ -36583,6 +36615,9 @@ static void test_wolfSSL_EVP_PKEY_assign(void)
AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,ecKey), WOLFSSL_SUCCESS);
wolfSSL_EVP_PKEY_free(pkey);
#endif /* HAVE_ECC */
(void)type;
printf(resultFmt, passed);
#endif /* OPENSSL_ALL */
}
@@ -42926,6 +42961,7 @@ static int test_wolfSSL_THREADID_hash(void)
AssertTrue(1);
res = CRYPTO_THREADID_hash(NULL);
AssertTrue( res == 0UL);
XMEMSET(&id, 0, sizeof(id));
res = CRYPTO_THREADID_hash(&id);
AssertTrue( res == 0UL);
printf(resultFmt, passed);
@@ -42954,6 +42990,8 @@ static void test_wolfSSL_CTX_get_min_proto_version(void)
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
WOLFSSL_CTX *ctx;
(void)ctx;
printf(testingFmt, "wolfSSL_CTX_get_min_proto_version()");
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
@@ -43054,6 +43092,9 @@ static void test_wolfSSL_SSL_in_init(void)
#elif defined(HAVE_ECC)
testCertFile = eccCertFile;
testKeyFile = eccKeyFile;
#else
testCertFile = NULL;
testKeyFile = NULL;
#endif
if (testCertFile != NULL && testKeyFile != NULL) {
AssertTrue(SSL_CTX_use_certificate_file(ctx, testCertFile,
@@ -43359,6 +43400,9 @@ static void test_wolfSSL_set_psk_use_session_callback(void)
#elif defined(HAVE_ECC)
testCertFile = eccCertFile;
testKeyFile = eccKeyFile;
#else
testCertFile = NULL;
testKeyFile = NULL;
#endif
if (testCertFile != NULL && testKeyFile != NULL) {
AssertTrue(SSL_CTX_use_certificate_file(ctx, testCertFile,

19
wolfcrypt/src/asn.c
View File

@@ -10235,7 +10235,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
cert->ca->keyOID, cert->signature,
cert->sigLength, cert->signatureOID,
tsip_encRsaKeyIdx)) != 0) {
if (ret != 0 && ret != WC_PENDING_E) {
if (ret != WC_PENDING_E) {
WOLFSSL_MSG("Confirm signature failed");
}
return ret;
@@ -11350,8 +11350,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
* then strip this padding before proceeding:
* der->length -= padVal;
*/
if (der->length > 0 &&
der->length > DES_BLOCK_SIZE &&
if (der->length > DES_BLOCK_SIZE &&
(der->length % DES_BLOCK_SIZE) != 0) {
padVal = der->buffer[der->length-1];
if (padVal < DES_BLOCK_SIZE) {
@@ -16728,10 +16727,12 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
totalSz = prvidx + pubidx + curveidx + verSz + seqSz;
if (output == NULL) {
*inLen = totalSz;
#ifndef WOLFSSL_NO_MALLOC
XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (pubIn) {
if (pub) {
XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
return LENGTH_ONLY_E;
}
if (inLen != NULL && totalSz > (int)*inLen) {
@@ -18346,7 +18347,10 @@ static int ParseCRL_CertList(DecodedCRL* dcrl, const byte* buf,
word32* inOutIdx, int sz)
{
word32 oid, dateIdx, idx, checkIdx;
int version, doNextDate = 1;
int version;
#ifdef WOLFSSL_NO_CRL_NEXT_DATE
int doNextDate = 1;
#endif
byte tag;
if (dcrl == NULL || inOutIdx == NULL || buf == NULL) {
@@ -18385,7 +18389,10 @@ static int ParseCRL_CertList(DecodedCRL* dcrl, const byte* buf,
#endif
}
if (doNextDate) {
#ifdef WOLFSSL_NO_CRL_NEXT_DATE
if (doNextDate)x
#endif
{
#ifndef NO_ASN_TIME
if (!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
WOLFSSL_MSG("CRL after date is no longer valid");

4
wolfcrypt/src/curve25519.c
View File

@@ -112,13 +112,12 @@ int wc_curve25519_generic(int public_size, byte* pub,
int private_size, const byte* priv,
int basepoint_size, const byte* basepoint)
{
int ret;
#ifdef FREESCALE_LTC_ECC
/* unsupported with NXP LTC, onlly supports single basepoint with
* nxp_ltc_curve25519_GetBasePoint() */
return WC_HW_E;
#else
int ret;
if ((public_size != CURVE25519_KEYSIZE) ||
(private_size != CURVE25519_KEYSIZE) ||
@@ -147,7 +146,6 @@ int wc_curve25519_generic(int public_size, byte* pub,
#endif
return ret;
#endif /* FREESCALE_LTC_ECC */
}

32
wolfcrypt/src/des3.c
View File

@@ -719,9 +719,17 @@
int wc_Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
{
int ret = 0;
byte* dkey1 = (byte*)des->key[0];
byte* dkey2 = (byte*)des->key[1];
byte* dkey3 = (byte*)des->key[2];
byte* dkey1;
byte* dkey2;
byte* dkey3;
if (des == NULL || key == NULL) {
return BAD_FUNC_ARG;
}
dkey1 = (byte*)des->key[0];
dkey2 = (byte*)des->key[1];
dkey3 = (byte*)des->key[2];
XMEMCPY(dkey1, key, 8); /* set key 1 */
XMEMCPY(dkey2, key + 8, 8); /* set key 2 */
@@ -835,9 +843,17 @@
int wc_Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
{
int i = 0, ret = 0;
byte* dkey1 = (byte*)des->key[0];
byte* dkey2 = (byte*)des->key[1];
byte* dkey3 = (byte*)des->key[2];
byte* dkey1;
byte* dkey2;
byte* dkey3;
if (des == NULL || key == NULL) {
return BAD_FUNC_ARG;
}
dkey1 = (byte*)des->key[0];
dkey2 = (byte*)des->key[1];
dkey3 = (byte*)des->key[2];
XMEMCPY(dkey1, key, 8); /* set key 1 */
XMEMCPY(dkey2, key + 8, 8); /* set key 2 */
@@ -1771,9 +1787,9 @@ int wc_Des3_SetIV(Des3* des, const byte* iv)
if (des == NULL) {
return BAD_FUNC_ARG;
}
if (des && iv)
if (iv)
XMEMCPY(des->reg, iv, DES_BLOCK_SIZE);
else if (des)
else
XMEMSET(des->reg, 0, DES_BLOCK_SIZE);
return 0;

38
wolfcrypt/src/ecc.c
View File

@@ -5091,7 +5091,8 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen,
}
hash_mode = cc310_hashModeECC(msgLenInBytes);
if (hash_mode == CRYS_ECPKI_HASH_OpModeLast) {
hash_mode = cc310_hashModeECC(keysize);
(void)cc310_hashModeECC(keysize);
/* Ignoring returned value */
hash_mode = CRYS_ECPKI_HASH_SHA256_mode;
}
@@ -8484,22 +8485,24 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
if (err == MP_OKAY)
err = mp_set(key->pubkey.z, 1);
#ifdef WOLFSSL_SILABS_SE_ACCEL
err = silabs_ecc_import(key, keysize);
#endif
#ifdef WOLFSSL_CRYPTOCELL
pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(key->dp->id));
if (err == MP_OKAY) {
pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(key->dp->id));
/* create public key from external key buffer */
err = CRYS_ECPKI_BuildPublKeyFullCheck(pDomain,
(byte*)in-1, /* re-adjust */
inLen+1, /* original input */
&key->ctx.pubKey,
&tempBuff);
/* create public key from external key buffer */
err = CRYS_ECPKI_BuildPublKeyFullCheck(pDomain,
(byte*)in-1, /* re-adjust */
inLen+1, /* original input */
&key->ctx.pubKey,
&tempBuff);
if (err != SA_SILIB_RET_OK){
WOLFSSL_MSG("CRYS_ECPKI_BuildPublKeyFullCheck failed");
if (err != SA_SILIB_RET_OK){
WOLFSSL_MSG("CRYS_ECPKI_BuildPublKeyFullCheck failed");
}
}
#elif defined(WOLFSSL_SILABS_SE_ACCEL)
if (err == MP_OKAY)
err = silabs_ecc_import(key, keysize);
#endif
#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
if (err == MP_OKAY)
@@ -8690,8 +8693,8 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
#ifdef WOLFSSL_CRYPTOCELL
pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(key->dp->id));
/* import private key */
if (priv != NULL && priv[0] != '\0') {
/* import private key - priv checked for NULL at top */
if (priv[0] != '\0') {
/* Create private key from external key buffer*/
ret = CRYS_ECPKI_BuildPrivKey(pDomain,
@@ -8713,10 +8716,11 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
if (ret == MP_OKAY) {
if (pub) {
ret = silabs_ecc_import(key, key->dp->size);
} else
{
}
else {
ret = silabs_ecc_import_private(key, key->dp->size);
}
}
#elif defined(WOLFSSL_QNX_CAAM)
if ((wc_ecc_size(key) + WC_CAAM_MAC_SZ) == (int)privSz) {
int part = caamFindUnusuedPartition();

2
wolfcrypt/src/eccsi.c
View File

@@ -543,7 +543,7 @@ static int eccsi_decode_point(ecc_point* point, word32 size, const byte* data,
{
int err = 0;
if ((err == 0) && (sz != size * 2) && (sz != size * 2 + 1)) {
if ((sz != size * 2) && (sz != size * 2 + 1)) {
err = BUFFER_E;
}

7
wolfcrypt/src/evp.c
View File

@@ -4289,14 +4289,13 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
ret = WOLFSSL_FAILURE;
break;
}
/* arg is 4...(ctx->ivSz - 8) */
XMEMCPY(ctx->iv, ptr, arg);
if (wc_InitRng(&rng) != 0) {
WOLFSSL_MSG("wc_InitRng failed");
ret = WOLFSSL_FAILURE;
break;
}
if (arg) {
XMEMCPY(ctx->iv, ptr, arg);
}
if (wc_RNG_GenerateBlock(&rng, ctx->iv + arg,
ctx->ivSz - arg) != 0) {
/* rng is freed immediately after if block so no need
@@ -6383,7 +6382,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key)
ret = wc_DhParamsToDer(dhkey,NULL,&derSz);
}
if (derSz <= 0 || ret != LENGTH_ONLY_E) {
if (derSz == 0 || ret != LENGTH_ONLY_E) {
WOLFSSL_MSG("Failed to get size of DH Key");
return WOLFSSL_FAILURE;
}

3
wolfcrypt/src/integer.c
View File

@@ -686,7 +686,8 @@ int mp_mod_2d (mp_int * a, int b, mp_int * c)
/* clear the digit that is not completely outside/inside the modulus */
x = DIGIT_BIT - (b % DIGIT_BIT);
if (x != DIGIT_BIT) {
c->dp[b / DIGIT_BIT] &= ~((mp_digit)0) >> (x + ((sizeof(mp_digit)*8) - DIGIT_BIT));
c->dp[b / DIGIT_BIT] &=
((mp_digit)~((mp_digit)0)) >> (x + ((sizeof(mp_digit)*8) - DIGIT_BIT));
}
mp_clamp (c);
return MP_OKAY;

15
wolfcrypt/src/pkcs12.c
View File

@@ -58,6 +58,7 @@ enum {
WC_PKCS12_ENCRYPTED_DATA = 656,
WC_PKCS12_DATA_OBJ_SZ = 11,
WC_PKCS12_MAC_SALT_SZ = 8,
};
static const byte WC_PKCS12_ENCRYPTED_OID[] =
@@ -1442,7 +1443,7 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng,
word32 sz;
word32 totalSz = 0;
int ret;
byte* pkcs8Key = NULL;
if (outSz == NULL || pkcs12 == NULL || rng == NULL || key == NULL ||
pass == NULL) {
@@ -1455,6 +1456,7 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng,
if (out != NULL) {
tmpIdx += MAX_LENGTH_SZ + 1; /* save room for length and tag (+1) */
sz = *outSz - tmpIdx;
pkcs8Key = out + tmpIdx;
}
/* case of no encryption */
@@ -1472,8 +1474,8 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng,
}
/* PKCS#8 wrapping around key */
ret = wc_CreatePKCS8Key(out + tmpIdx, &sz, key, keySz, algoID,
curveOID, oidSz);
ret = wc_CreatePKCS8Key(pkcs8Key, &sz, key, keySz, algoID, curveOID,
oidSz);
}
else {
WOLFSSL_MSG("creating PKCS12 Shrouded Key Bag");
@@ -1483,7 +1485,7 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng,
vAlgo = 10;
}
ret = UnTraditionalEnc(key, keySz, out + tmpIdx, &sz, pass, passSz,
ret = UnTraditionalEnc(key, keySz, pkcs8Key, &sz, pass, passSz,
vPKCS, vAlgo, NULL, 0, itt, rng, heap);
}
if (ret == LENGTH_ONLY_E) {
@@ -2354,8 +2356,9 @@ WC_PKCS12* wc_PKCS12_create(char* pass, word32 passSz, char* name,
mac->itt = macIter;
/* set mac salt */
mac->saltSz = 8;
mac->salt = (byte*)XMALLOC(mac->saltSz, heap, DYNAMIC_TYPE_PKCS);
mac->saltSz = WC_PKCS12_MAC_SALT_SZ;
mac->salt = (byte*)XMALLOC(WC_PKCS12_MAC_SALT_SZ, heap,
DYNAMIC_TYPE_PKCS);
if (mac->salt == NULL) {
wc_PKCS12_free(pkcs12);
wc_FreeRng(&rng);

3
wolfcrypt/src/port/ti/ti-hash.c
View File

@@ -107,6 +107,9 @@ static int hashGetHash(wolfssl_TI_Hash *hash, byte* result, word32 algo, word32
XMEMSET(h, 0, sizeof(h));
#endif
if (result == NULL) {
return BAD_FUNC_ARG;
}
XMEMCPY(result, h, hsize);
return 0;

4
wolfcrypt/src/random.c
View File

@@ -363,10 +363,8 @@ static int Hash_df(DRBG_internal* drbg, byte* out, word32 outSz, byte type,
#endif
if (ret != 0)
break;
if (ret == 0)
#endif
ret = wc_Sha256Update(sha, &ctr, sizeof(ctr));
ret = wc_Sha256Update(sha, &ctr, sizeof(ctr));
if (ret == 0) {
ctr++;
ret = wc_Sha256Update(sha, (byte*)&bits, sizeof(bits));

16
wolfcrypt/src/rsa.c
View File

@@ -1282,11 +1282,10 @@ static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock,
}
}
#if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY)
if (msg != NULL) {
XFREE(msg, heap, DYNAMIC_TYPE_RSA_BUFFER);
}
#endif
#if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY)
/* msg is always not NULL as we bail on allocation failure */
XFREE(msg, heap, DYNAMIC_TYPE_RSA_BUFFER);
#endif
return ret;
}
#endif /* WC_RSA_PSS */
@@ -2284,16 +2283,19 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
tmp = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_RSA);
if (tmp == NULL)
return MEMORY_E;
#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
#ifdef WC_RSA_BLINDING
#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
rnd = (mp_int*)XMALLOC(sizeof(mp_int) * 2, key->heap, DYNAMIC_TYPE_RSA);
if (rnd == NULL) {
XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA);
return MEMORY_E;
}
rndi = rnd + 1;
#endif /* WC_RSA_BLINDING */
#else
rnd = NULL;
rndi = NULL;
#endif
#endif /* WC_RSA_BLINDING */
#endif /* WOLFSSL_SMALL_STACK */
if (mp_init(tmp) != MP_OKAY)

9
wolfcrypt/src/sakke.c
View File

@@ -862,7 +862,7 @@ static int sakke_decode_point(ecc_point* point, word32 size, const byte* data,
{
int err = 0;
if ((err == 0) && (sz != size * 2) && (sz != size * 2 + 1)) {
if ((sz != size * 2) && (sz != size * 2 + 1)) {
err = BUFFER_E;
}
@@ -2522,9 +2522,8 @@ static int sakke_modexp_loop(SakkeKey* key, mp_int* b, mp_int* e, mp_proj* r,
/* Set c[0] to [mont_one, zero] */
if (err == 0) {
mp_zero(c[0]->y);
}
/* Set by is montgomery form of b - base */
if (err == 0) {
/* Set 'by' to montgomery form of 'b' - base */
err = mp_mulmod(b, c[0]->x, prime, by);
}
for (i = mp_count_bits(&key->params.q) - 1; (err == 0) && (i >= 0); i--) {
@@ -6120,7 +6119,7 @@ static int sakke_hash_to_range(SakkeKey* key, enum wc_HashType hashType,
int err = 0;
byte h[WC_MAX_DIGEST_SIZE];
byte v[WC_MAX_DIGEST_SIZE];
word32 hashSz = 0;
word32 hashSz = 1;
word32 i;
/* Step 1: A = hashfn( s ), where s = data | extra

4
wolfcrypt/src/srp.c
View File

@@ -479,7 +479,7 @@ int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size)
return MP_INIT_E;
/* v = g ^ x % N */
if (!r) r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &v);
r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &v);
if (!r) r = *size < (word32)mp_unsigned_bin_size(&v) ? BUFFER_E : MP_OKAY;
if (!r) r = mp_to_unsigned_bin(&v, verifier);
if (!r) *size = mp_unsigned_bin_size(&v);
@@ -511,7 +511,7 @@ int wc_SrpSetPrivate(Srp* srp, const byte* priv, word32 size)
r = mp_init(&p);
if (r != MP_OKAY)
return MP_INIT_E;
if (!r) r = mp_read_unsigned_bin(&p, priv, size);
r = mp_read_unsigned_bin(&p, priv, size);
if (!r) r = mp_mod(&p, &srp->N, &srp->priv);
if (!r) r = mp_iszero(&srp->priv) == MP_YES ? SRP_BAD_KEY_E : 0;

4
wolfcrypt/src/wc_port.c
View File

@@ -1601,7 +1601,7 @@ int wolfSSL_CryptHwMutexUnLock(void)
void *uITRON4_realloc(void *p, size_t sz) {
ER ercd;
void *newp;
void *newp = NULL;
if(p) {
ercd = get_mpl(ID_wolfssl_MPOOL, sz, (VP)&newp);
if (ercd == E_OK) {
@@ -1695,7 +1695,7 @@ int wolfSSL_CryptHwMutexUnLock(void)
void *uTKernel_realloc(void *p, unsigned int sz) {
ER ercd;
void *newp;
void *newp = NULL;
if (p) {
ercd = tk_get_mpl(ID_wolfssl_MPOOL, sz, (VP)&newp, TMO_FEVR);
if (ercd == E_OK) {

22
wolfcrypt/test/test.c
View File

@@ -4667,6 +4667,8 @@ static int rc2_ecb_test(void)
h.keyLen = 33;
h.effectiveKeyBits = 129;
a.iv = b.iv = c.iv = d.iv = e.iv = f.iv = g.iv = h.iv = NULL;
test_rc2[0] = a;
test_rc2[1] = b;
test_rc2[2] = c;
@@ -4751,7 +4753,6 @@ static int rc2_cbc_test(void)
/* key length = 8, effective key bits = 64 */
c.input = "\x10\x00\x00\x00\x00\x00\x00\x01"
"\x10\x00\x00\x00\x00\x00\x00\x01";
c.output = "\x30\x64\x9e\xdf\x9b\xe7\xd2\xc2";
c.output = "\xB5\x70\x14\xA2\x5F\x40\xE3\x6D"
"\x81\x99\x8D\xE0\xB5\xD5\x3A\x05";
c.key = "\x30\x00\x00\x00\x00\x00\x00\x00";
@@ -14797,8 +14798,10 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
!defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
!defined(NO_FILESYSTEM)
XFILE file;
#ifdef WOLFSSL_TEST_CERT
XFILE file2;
#endif
#endif
#ifdef WOLFSSL_TEST_CERT
#ifdef WOLFSSL_SMALL_STACK
DecodedCert *cert = (DecodedCert *)XMALLOC(sizeof *cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -15438,6 +15441,13 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
return ret;
#endif
#if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_ASN) && \
!defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
!defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
(void)clientCert;
#endif
#ifdef WOLFSSL_TEST_CERT
#if defined(WOLFSSL_MDK_ARM)
#define sizeof(s) XSTRLEN((char *)(s))
#endif
@@ -15471,7 +15481,6 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
#undef sizeof
#endif
#ifdef WOLFSSL_TEST_CERT
InitDecodedCert(cert, tmp, (word32)bytes, 0);
ret = ParseCert(cert, CERT_TYPE, NO_VERIFY, 0);
@@ -15481,7 +15490,7 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
}
FreeDecodedCert(cert);
#endif
#endif /* WOLFSSL_TEST_CERT */
#ifdef WOLFSSL_CERT_EXT
@@ -18072,8 +18081,9 @@ WOLFSSL_TEST_SUBROUTINE int openssl_test(void)
ret = EVP_DigestInit(&md_ctx, EVP_md5());
if (ret == WOLFSSL_SUCCESS) {
ret = EVP_DigestUpdate(&md_ctx, a.input, (unsigned long)a.inLen);
if (ret == WOLFSSL_SUCCESS)
ret = EVP_DigestFinal(&md_ctx, hash, 0);
}
if (ret == WOLFSSL_SUCCESS) {
ret = EVP_DigestFinal(&md_ctx, hash, 0);
}
EVP_MD_CTX_cleanup(&md_ctx);
if (ret != WOLFSSL_SUCCESS ||
@@ -23587,6 +23597,8 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test(void)
#ifndef WC_NO_RNG
if (ret != 0)
return -10300;
#else
(void)ret;
#endif
#if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112

2
wolfcrypt/user-crypto/src/rsa.c
View File

@@ -1644,7 +1644,7 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
{
int sz, pSz, qSz;
IppStatus ret;
word32 outSz = outLen;
word32 outSz;
IppsMontState* pMont = NULL;
IppsMontState* qMont = NULL;