wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-05 05:34:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #900 from dgarske/coverity_part3

Browse Source 
Coverity fixes for TLS 1.3, async, small stack and normal math.
This commit is contained in:
toddouska
2017-05-11 13:05:53 -07:00
committed by GitHub
parent 5c652e398f 8d4f8c6d80
commit ce42738198
12 changed files with 228 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
examples/client/client.c
View File

@@ -1056,6 +1056,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
updateKeysIVs = 1; updateKeysIVs = 1;
#endif #endif
break;
case 'y' : case 'y' :
#if defined(WOLFSSL_TLS13) && !defined(NO_DH) #if defined(WOLFSSL_TLS13) && !defined(NO_DH)

2
examples/echoserver/echoserver.c
View File

@@ -392,7 +392,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
err = 0; /* reset error */ err = 0; /* reset error */
ret = CyaSSL_write(write_ssl, command, echoSz); ret = CyaSSL_write(write_ssl, command, echoSz);
if (ret <= 0) { if (ret <= 0) {
err = CyaSSL_get_error(ssl, 0); err = CyaSSL_get_error(write_ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) { if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(write_ssl, WOLF_POLL_FLAG_CHECK_HW); ret = wolfSSL_AsyncPoll(write_ssl, WOLF_POLL_FLAG_CHECK_HW);

28
src/internal.c
View File

@@ -5870,25 +5870,23 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
int ret = 0; int ret = 0;
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
Sha384* sha384 = (Sha384*)XMALLOC(sizeof(Sha384), ssl->heap, Sha384* sha384;
DYNAMIC_TYPE_TMP_BUFFER);
#else #else
Sha384 sha384[1]; Sha384 sha384[1];
#endif /* WOLFSSL_SMALL_STACK */ #endif /* WOLFSSL_SMALL_STACK */
#endif /* WOLFSSL_SHA384 */ #endif /* WOLFSSL_SHA384 */
if (ssl == NULL)
return BAD_FUNC_ARG;
#ifdef WOLFSSL_SHA384
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
if (ssl == NULL sha384 = (Sha384*)XMALLOC(sizeof(Sha384), ssl->heap,
#ifdef WOLFSSL_SHA384 DYNAMIC_TYPE_TMP_BUFFER);
|| sha384 == NULL if (sha384 == NULL)
#endif
) {
#ifdef WOLFSSL_SHA384
XFREE(sha384, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return MEMORY_E; return MEMORY_E;
} #endif /* WOLFSSL_SMALL_STACK */
#endif #endif /* WOLFSSL_SHA384 */
/* store current states, building requires get_digest which resets state */ /* store current states, building requires get_digest which resets state */
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
@@ -11313,12 +11311,6 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
} }
#endif #endif
/* catch mistaken sizeOnly parameter */
if (sizeOnly && (output || input) ) {
WOLFSSL_MSG("BuildMessage with sizeOnly doesn't need input or output");
return BAD_FUNC_ARG;
}
ret = WC_NOT_PENDING_E; ret = WC_NOT_PENDING_E;
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
if (asyncOkay) { if (asyncOkay) {

3
src/ssl.c
View File

@@ -5053,6 +5053,7 @@ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
if (ret != 0) { if (ret != 0) {
FreeDer(&der); FreeDer(&der);
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(info, cm->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(info, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
return ret; return ret;
@@ -5452,7 +5453,7 @@ int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
ReadDirCtx* readCtx = NULL; ReadDirCtx* readCtx = NULL;
readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), ctx->heap, readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), ctx->heap,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
if (name == NULL) if (readCtx == NULL)
return MEMORY_E; return MEMORY_E;
#else #else
ReadDirCtx readCtx[1]; ReadDirCtx readCtx[1];

223
src/tls13.c
View File

@@ -314,34 +314,44 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen,
const byte* protocol; const byte* protocol;
word32 protocolLen; word32 protocolLen;
int digestAlg; int digestAlg;
int ret = BAD_FUNC_ARG;
switch (hashAlgo) { switch (hashAlgo) {
#ifndef NO_WOLFSSL_SHA256 #ifndef NO_WOLFSSL_SHA256
case sha256_mac: case sha256_mac:
wc_InitSha256(&digest.sha256); ret = wc_InitSha256_ex(&digest.sha256, ssl->heap, INVALID_DEVID);
wc_Sha256Update(&digest.sha256, msg, msgLen); if (ret == 0) {
wc_Sha256Final(&digest.sha256, hash); ret = wc_Sha256Update(&digest.sha256, msg, msgLen);
if (ret == 0)
ret = wc_Sha256Final(&digest.sha256, hash);
wc_Sha256Free(&digest.sha256); wc_Sha256Free(&digest.sha256);
}
hashSz = SHA256_DIGEST_SIZE; hashSz = SHA256_DIGEST_SIZE;
digestAlg = SHA256; digestAlg = SHA256;
break; break;
#endif #endif
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
case sha384_mac: case sha384_mac:
wc_InitSha384(&digest.sha384); ret = wc_InitSha384_ex(&digest.sha384, ssl->heap, INVALID_DEVID);
wc_Sha384Update(&digest.sha384, msg, msgLen); if (ret == 0) {
wc_Sha384Final(&digest.sha384, hash); ret = wc_Sha384Update(&digest.sha384, msg, msgLen);
if (ret == 0)
ret = wc_Sha384Final(&digest.sha384, hash);
wc_Sha384Free(&digest.sha384); wc_Sha384Free(&digest.sha384);
}
hashSz = SHA384_DIGEST_SIZE; hashSz = SHA384_DIGEST_SIZE;
digestAlg = SHA384; digestAlg = SHA384;
break; break;
#endif #endif
#ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_SHA512
case sha512_mac: case sha512_mac:
wc_InitSha512(&digest.sha512); ret = wc_InitSha512_ex(&digest.sha512, ssl->heap, INVALID_DEVID);
wc_Sha512Update(&digest.sha512, msg, msgLen); if (ret == 0) {
wc_Sha512Final(&digest.sha512, hash); ret = wc_Sha512Update(&digest.sha512, msg, msgLen);
if (ret == 0)
ret = wc_Sha512Final(&digest.sha512, hash);
wc_Sha512Free(&digest.sha512); wc_Sha512Free(&digest.sha512);
}
hashSz = SHA512_DIGEST_SIZE; hashSz = SHA512_DIGEST_SIZE;
digestAlg = SHA512; digestAlg = SHA512;
break; break;
@@ -351,6 +361,9 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen,
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
if (ret != 0)
return ret;
switch (ssl->version.minor) { switch (ssl->version.minor) {
case TLSv1_3_MINOR: case TLSv1_3_MINOR:
protocol = tls13ProtocolLabel; protocol = tls13ProtocolLabel;
@@ -728,11 +741,13 @@ static int DeriveMasterSecret(WOLFSSL* ssl)
* hash The hash result - verify data. * hash The hash result - verify data.
* returns length of verify data generated. * returns length of verify data generated.
*/ */
static int BuildTls13HandshakeHmac(WOLFSSL* ssl, byte* key, byte* hash) static int BuildTls13HandshakeHmac(WOLFSSL* ssl, byte* key, byte* hash,
word32* pHashSz)
{ {
Hmac verifyHmac; Hmac verifyHmac;
int hashType = SHA256; int hashType = SHA256;
int hashSz = SHA256_DIGEST_SIZE; int hashSz = SHA256_DIGEST_SIZE;
int ret = BAD_FUNC_ARG;
/* Get the hash of the previous handshake messages. */ /* Get the hash of the previous handshake messages. */
switch (ssl->specs.mac_algorithm) { switch (ssl->specs.mac_algorithm) {
@@ -740,31 +755,42 @@ static int BuildTls13HandshakeHmac(WOLFSSL* ssl, byte* key, byte* hash)
case sha256_mac: case sha256_mac:
hashType = SHA256; hashType = SHA256;
hashSz = SHA256_DIGEST_SIZE; hashSz = SHA256_DIGEST_SIZE;
wc_Sha256GetHash(&ssl->hsHashes->hashSha256, hash); ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256, hash);
break; break;
#endif /* !NO_SHA256 */ #endif /* !NO_SHA256 */
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
case sha384_mac: case sha384_mac:
hashType = SHA384; hashType = SHA384;
hashSz = SHA384_DIGEST_SIZE; hashSz = SHA384_DIGEST_SIZE;
wc_Sha384GetHash(&ssl->hsHashes->hashSha384, hash); ret = wc_Sha384GetHash(&ssl->hsHashes->hashSha384, hash);
break; break;
#endif /* WOLFSSL_SHA384 */ #endif /* WOLFSSL_SHA384 */
#ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_SHA512
case sha512_mac: case sha512_mac:
hashType = SHA512; hashType = SHA512;
hashSz = SHA512_DIGEST_SIZE; hashSz = SHA512_DIGEST_SIZE;
wc_Sha512GetHash(&ssl->hsHashes->hashSha512, hash); ret = wc_Sha512GetHash(&ssl->hsHashes->hashSha512, hash);
break; break;
#endif /* WOLFSSL_SHA512 */ #endif /* WOLFSSL_SHA512 */
} }
if (ret != 0)
return ret;
/* Calculate the verify data. */ /* Calculate the verify data. */
wc_HmacSetKey(&verifyHmac, hashType, key, ssl->specs.hash_size); ret = wc_HmacInit(&verifyHmac, ssl->heap, INVALID_DEVID);
wc_HmacUpdate(&verifyHmac, hash, hashSz); if (ret == 0) {
wc_HmacFinal(&verifyHmac, hash); ret = wc_HmacSetKey(&verifyHmac, hashType, key, ssl->specs.hash_size);
if (ret == 0)
ret = wc_HmacUpdate(&verifyHmac, hash, hashSz);
if (ret == 0)
ret = wc_HmacFinal(&verifyHmac, hash);
wc_HmacFree(&verifyHmac);
}
return hashSz; if (pHashSz)
*pHashSz = hashSz;
return ret;
} }
/* The length of the label to use when deriving keys. */ /* The length of the label to use when deriving keys. */
@@ -1125,16 +1151,20 @@ end:
*/ */
static int HashInputRaw(WOLFSSL* ssl, const byte* input, int sz) static int HashInputRaw(WOLFSSL* ssl, const byte* input, int sz)
{ {
int ret = 0; int ret = BAD_FUNC_ARG;
#ifndef NO_OLD_TLS #ifndef NO_OLD_TLS
#ifndef NO_SHA #ifndef NO_SHA
wc_ShaUpdate(&ssl->hsHashes->hashSha, input, sz); ret = wc_ShaUpdate(&ssl->hsHashes->hashSha, input, sz);
if (ret != 0)
return ret;
#endif #endif
#ifndef NO_MD5 #ifndef NO_MD5
wc_Md5Update(&ssl->hsHashes->hashMd5, input, sz); ret = wc_Md5Update(&ssl->hsHashes->hashMd5, input, sz);
#endif if (ret != 0)
return ret;
#endif #endif
#endif /* !NO_OLD_TLS */
#ifndef NO_SHA256 #ifndef NO_SHA256
ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, input, sz); ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, input, sz);
@@ -1723,9 +1753,13 @@ static int WritePSKBinders(WOLFSSL* ssl, byte* output, word32 idx)
XMEMCPY(ssl->arrays->psk_key, ssl->session.masterSecret, XMEMCPY(ssl->arrays->psk_key, ssl->session.masterSecret,
ssl->arrays->psk_keySz); ssl->arrays->psk_keySz);
/* Derive the early secret using the PSK. */ /* Derive the early secret using the PSK. */
DeriveEarlySecret(ssl); ret = DeriveEarlySecret(ssl);
if (ret != 0)
return ret;
/* Derive the binder key to use to with HMAC. */ /* Derive the binder key to use to with HMAC. */
DeriveBinderKeyResume(ssl, binderKey); ret = DeriveBinderKeyResume(ssl, binderKey);
if (ret != 0)
return ret;
} }
else { else {
/* TODO: [TLS13] Support non-ticket PSK. */ /* TODO: [TLS13] Support non-ticket PSK. */
@@ -1734,16 +1768,25 @@ static int WritePSKBinders(WOLFSSL* ssl, byte* output, word32 idx)
(char *)current->identity, ssl->arrays->client_identity, (char *)current->identity, ssl->arrays->client_identity,
MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN); MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
/* Derive the early secret using the PSK. */ /* Derive the early secret using the PSK. */
DeriveEarlySecret(ssl); ret = DeriveEarlySecret(ssl);
if (ret != 0)
return ret;
/* Derive the binder key to use to with HMAC. */ /* Derive the binder key to use to with HMAC. */
DeriveBinderKey(ssl, binderKey); ret = DeriveBinderKey(ssl, binderKey);
if (ret != 0)
return ret;
} }
/* Derive the Finished message secret. */ /* Derive the Finished message secret. */
DeriveFinishedSecret(ssl, binderKey, ssl->keys.client_write_MAC_secret); ret = DeriveFinishedSecret(ssl, binderKey, ssl->keys.client_write_MAC_secret);
if (ret != 0)
return ret;
/* Build the HMAC of the handshake message data = binder. */ /* Build the HMAC of the handshake message data = binder. */
current->binderLen = BuildTls13HandshakeHmac(ssl, ret = BuildTls13HandshakeHmac(ssl, ssl->keys.client_write_MAC_secret,
ssl->keys.client_write_MAC_secret, current->binder); current->binder, &current->binderLen);
if (ret != 0)
return ret;
current = current->next; current = current->next;
} }
@@ -2204,7 +2247,7 @@ static int DoPreSharedKeys(WOLFSSL *ssl, const byte* input, word32 helloSz,
PreSharedKey* current; PreSharedKey* current;
byte binderKey[MAX_DIGEST_SIZE]; byte binderKey[MAX_DIGEST_SIZE];
byte binder[MAX_DIGEST_SIZE]; byte binder[MAX_DIGEST_SIZE];
word16 binderLen; word32 binderLen;
word16 modes; word16 modes;
ext = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY); ext = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY);
@@ -2260,9 +2303,13 @@ static int DoPreSharedKeys(WOLFSSL *ssl, const byte* input, word32 helloSz,
XMEMCPY(ssl->arrays->psk_key, ssl->session.masterSecret, XMEMCPY(ssl->arrays->psk_key, ssl->session.masterSecret,
ssl->specs.hash_size); ssl->specs.hash_size);
/* Derive the early secret using the PSK. */ /* Derive the early secret using the PSK. */
DeriveEarlySecret(ssl); ret = DeriveEarlySecret(ssl);
if (ret != 0)
return ret;
/* Derive the binder key to use to with HMAC. */ /* Derive the binder key to use to with HMAC. */
DeriveBinderKeyResume(ssl, binderKey); ret = DeriveBinderKeyResume(ssl, binderKey);
if (ret != 0)
return ret;
} }
else { else {
/* PSK age is always zero. */ /* PSK age is always zero. */
@@ -2274,16 +2321,26 @@ static int DoPreSharedKeys(WOLFSSL *ssl, const byte* input, word32 helloSz,
(char*)current->identity, ssl->arrays->client_identity, (char*)current->identity, ssl->arrays->client_identity,
MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN); MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
/* Derive the early secret using the PSK. */ /* Derive the early secret using the PSK. */
DeriveEarlySecret(ssl); ret = DeriveEarlySecret(ssl);
if (ret != 0)
return ret;
/* Derive the binder key to use to with HMAC. */ /* Derive the binder key to use to with HMAC. */
DeriveBinderKey(ssl, binderKey); ret = DeriveBinderKey(ssl, binderKey);
if (ret != 0)
return ret;
} }
/* Derive the Finished message secret. */ /* Derive the Finished message secret. */
DeriveFinishedSecret(ssl, binderKey, ssl->keys.client_write_MAC_secret); ret = DeriveFinishedSecret(ssl, binderKey,
ssl->keys.client_write_MAC_secret);
if (ret != 0)
return ret;
/* Derive the binder and compare with the one in the extension. */ /* Derive the binder and compare with the one in the extension. */
binderLen = BuildTls13HandshakeHmac(ssl, ret = BuildTls13HandshakeHmac(ssl,
ssl->keys.client_write_MAC_secret, binder); ssl->keys.client_write_MAC_secret, binder, &binderLen);
if (ret != 0)
return ret;
if (binderLen != current->binderLen || if (binderLen != current->binderLen ||
XMEMCMP(binder, current->binder, binderLen) != 0) { XMEMCMP(binder, current->binder, binderLen) != 0) {
return BAD_BINDER; return BAD_BINDER;
@@ -2962,41 +3019,54 @@ static int CreateRSAEncodedSig(byte* sig, byte* sigData, int sigDataSz,
Digest digest; Digest digest;
int hashSz = 0; int hashSz = 0;
int hashOid = 0; int hashOid = 0;
int ret = BAD_FUNC_ARG;
/* Digest the signature data. */ /* Digest the signature data. */
switch (hashAlgo) { switch (hashAlgo) {
#ifndef NO_WOLFSSL_SHA256 #ifndef NO_WOLFSSL_SHA256
case sha256_mac: case sha256_mac:
wc_InitSha256(&digest.sha256); ret = wc_InitSha256(&digest.sha256);
wc_Sha256Update(&digest.sha256, sigData, sigDataSz); if (ret == 0) {
wc_Sha256Final(&digest.sha256, sigData); ret = wc_Sha256Update(&digest.sha256, sigData, sigDataSz);
if (ret == 0)
ret = wc_Sha256Final(&digest.sha256, sigData);
wc_Sha256Free(&digest.sha256); wc_Sha256Free(&digest.sha256);
}
hashSz = SHA256_DIGEST_SIZE; hashSz = SHA256_DIGEST_SIZE;
hashOid = SHA256h; hashOid = SHA256h;
break; break;
#endif #endif
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
case sha384_mac: case sha384_mac:
wc_InitSha384(&digest.sha384); ret = wc_InitSha384(&digest.sha384);
wc_Sha384Update(&digest.sha384, sigData, sigDataSz); if (ret == 0) {
wc_Sha384Final(&digest.sha384, sigData); ret = wc_Sha384Update(&digest.sha384, sigData, sigDataSz);
if (ret == 0)
ret = wc_Sha384Final(&digest.sha384, sigData);
wc_Sha384Free(&digest.sha384); wc_Sha384Free(&digest.sha384);
}
hashSz = SHA384_DIGEST_SIZE; hashSz = SHA384_DIGEST_SIZE;
hashOid = SHA384h; hashOid = SHA384h;
break; break;
#endif #endif
#ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_SHA512
case sha512_mac: case sha512_mac:
wc_InitSha512(&digest.sha512); ret = wc_InitSha512(&digest.sha512);
wc_Sha512Update(&digest.sha512, sigData, sigDataSz); if (ret == 0) {
wc_Sha512Final(&digest.sha512, sigData); ret = wc_Sha512Update(&digest.sha512, sigData, sigDataSz);
if (ret == 0)
ret = wc_Sha512Final(&digest.sha512, sigData);
wc_Sha512Free(&digest.sha512); wc_Sha512Free(&digest.sha512);
}
hashSz = SHA512_DIGEST_SIZE; hashSz = SHA512_DIGEST_SIZE;
hashOid = SHA512h; hashOid = SHA512h;
break; break;
#endif #endif
} }
if (ret != 0)
return ret;
/* Encode the signature data as per PKCS #1.5 */ /* Encode the signature data as per PKCS #1.5 */
return wc_EncodeSignature(sig, sigData, hashSz, hashOid); return wc_EncodeSignature(sig, sigData, hashSz, hashOid);
} }
@@ -3013,38 +3083,51 @@ static int CreateECCEncodedSig(byte* sigData, int sigDataSz, int hashAlgo)
{ {
Digest digest; Digest digest;
int hashSz = 0; int hashSz = 0;
int ret = BAD_FUNC_ARG;
/* Digest the signature data. */ /* Digest the signature data. */
switch (hashAlgo) { switch (hashAlgo) {
#ifndef NO_WOLFSSL_SHA256 #ifndef NO_WOLFSSL_SHA256
case sha256_mac: case sha256_mac:
wc_InitSha256(&digest.sha256); ret = wc_InitSha256(&digest.sha256);
wc_Sha256Update(&digest.sha256, sigData, sigDataSz); if (ret == 0) {
wc_Sha256Final(&digest.sha256, sigData); ret = wc_Sha256Update(&digest.sha256, sigData, sigDataSz);
if (ret == 0)
ret = wc_Sha256Final(&digest.sha256, sigData);
wc_Sha256Free(&digest.sha256); wc_Sha256Free(&digest.sha256);
}
hashSz = SHA256_DIGEST_SIZE; hashSz = SHA256_DIGEST_SIZE;
break; break;
#endif #endif
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
case sha384_mac: case sha384_mac:
wc_InitSha384(&digest.sha384); ret = wc_InitSha384(&digest.sha384);
wc_Sha384Update(&digest.sha384, sigData, sigDataSz); if (ret == 0) {
wc_Sha384Final(&digest.sha384, sigData); ret = wc_Sha384Update(&digest.sha384, sigData, sigDataSz);
if (ret == 0)
ret = wc_Sha384Final(&digest.sha384, sigData);
wc_Sha384Free(&digest.sha384); wc_Sha384Free(&digest.sha384);
}
hashSz = SHA384_DIGEST_SIZE; hashSz = SHA384_DIGEST_SIZE;
break; break;
#endif #endif
#ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_SHA512
case sha512_mac: case sha512_mac:
wc_InitSha512(&digest.sha512); ret = wc_InitSha512(&digest.sha512);
wc_Sha512Update(&digest.sha512, sigData, sigDataSz); if (ret == 0) {
wc_Sha512Final(&digest.sha512, sigData); ret = wc_Sha512Update(&digest.sha512, sigData, sigDataSz);
if (ret == 0)
ret = wc_Sha512Final(&digest.sha512, sigData);
wc_Sha512Free(&digest.sha512); wc_Sha512Free(&digest.sha512);
}
hashSz = SHA512_DIGEST_SIZE; hashSz = SHA512_DIGEST_SIZE;
break; break;
#endif #endif
} }
if (ret != 0)
return ret;
return hashSz; return hashSz;
} }
#endif #endif
@@ -3503,14 +3586,17 @@ int SendTls13CertificateVerify(WOLFSSL* ssl)
sig->length = MAX_ENCODED_SIG_SZ; sig->length = MAX_ENCODED_SIG_SZ;
sig->buffer = (byte*)XMALLOC(sig->length, ssl->heap, sig->buffer = (byte*)XMALLOC(sig->length, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
if (sig->buffer == NULL) if (sig->buffer == NULL) {
return MEMORY_E; ERROR_OUT(MEMORY_E, exit_scv);
}
/* Digest the signature data and encode. Used in verify too. */ /* Digest the signature data and encode. Used in verify too. */
sig->length = CreateRSAEncodedSig(sig->buffer, args->sigData, ret = CreateRSAEncodedSig(sig->buffer, args->sigData,
args->sigDataSz, ssl->suites->hashAlgo); args->sigDataSz, ssl->suites->hashAlgo);
if (ret != 0) if (ret < 0)
goto exit_scv; goto exit_scv;
sig->length = ret;
ret = 0;
/* Maximum size of RSA Signature. */ /* Maximum size of RSA Signature. */
args->sigLen = args->length; args->sigLen = args->length;
@@ -3520,8 +3606,12 @@ int SendTls13CertificateVerify(WOLFSSL* ssl)
if (ssl->hsType == DYNAMIC_TYPE_ECC) { if (ssl->hsType == DYNAMIC_TYPE_ECC) {
sig->length = args->sendSz - args->idx - HASH_SIG_SIZE - sig->length = args->sendSz - args->idx - HASH_SIG_SIZE -
VERIFY_HEADER; VERIFY_HEADER;
args->sigDataSz = CreateECCEncodedSig(args->sigData, ret = CreateECCEncodedSig(args->sigData,
args->sigDataSz, ssl->suites->hashAlgo); args->sigDataSz, ssl->suites->hashAlgo);
if (ret < 0)
goto exit_scv;
args->sigDataSz = ret;
ret = 0;
} }
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
@@ -3831,8 +3921,12 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
} }
CreateSigData(ssl, args->sigData, &args->sigDataSz, 1); CreateSigData(ssl, args->sigData, &args->sigDataSz, 1);
args->sigDataSz = CreateECCEncodedSig(args->sigData, ret = CreateECCEncodedSig(args->sigData,
args->sigDataSz, args->hashAlgo); args->sigDataSz, args->hashAlgo);
if (ret < 0)
goto exit_dcv;
args->sigDataSz = ret;
ret = 0;
} }
#endif #endif
@@ -3991,7 +4085,10 @@ static int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
} }
else else
secret = ssl->keys.client_write_MAC_secret; secret = ssl->keys.client_write_MAC_secret;
finishedSz = BuildTls13HandshakeHmac(ssl, secret, mac);
ret = BuildTls13HandshakeHmac(ssl, secret, mac, &finishedSz);
if (ret != 0)
return ret;
if (size != finishedSz) if (size != finishedSz)
return BUFFER_ERROR; return BUFFER_ERROR;
@@ -4085,7 +4182,9 @@ int SendTls13Finished(WOLFSSL* ssl)
secret = ssl->keys.server_write_MAC_secret; secret = ssl->keys.server_write_MAC_secret;
} }
BuildTls13HandshakeHmac(ssl, secret, &input[headerSz]); ret = BuildTls13HandshakeHmac(ssl, secret, &input[headerSz], NULL);
if (ret != 0)
return ret;
/* This message is always encrypted. */ /* This message is always encrypted. */
sendSz = BuildTls13Message(ssl, output, outputSz, input, sendSz = BuildTls13Message(ssl, output, outputSz, input,

1
wolfcrypt/benchmark/benchmark.c
View File

@@ -129,6 +129,7 @@
#define BEGIN_INTEL_CYCLES total_cycles = get_intel_cycles(); #define BEGIN_INTEL_CYCLES total_cycles = get_intel_cycles();
#define END_INTEL_CYCLES total_cycles = get_intel_cycles() - total_cycles; #define END_INTEL_CYCLES total_cycles = get_intel_cycles() - total_cycles;
#define SHOW_INTEL_CYCLES printf(" Cycles per byte = %6.2f", \ #define SHOW_INTEL_CYCLES printf(" Cycles per byte = %6.2f", \
count == 0 ? 0 : \
(float)total_cycles / (count*BENCH_SIZE)); (float)total_cycles / (count*BENCH_SIZE));
#elif defined(LINUX_CYCLE_COUNT) #elif defined(LINUX_CYCLE_COUNT)
#include <linux/perf_event.h> #include <linux/perf_event.h>

7
wolfcrypt/src/asn.c
View File

@@ -9532,8 +9532,13 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
XMEMCPY(priv, &input[*inOutIdx], privSz); XMEMCPY(priv, &input[*inOutIdx], privSz);
*inOutIdx += length; *inOutIdx += length;
if ((*inOutIdx + 1) > inSz) if ((*inOutIdx + 1) > inSz) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return BUFFER_E; return BUFFER_E;
}
/* prefix 0, may have */ /* prefix 0, may have */
b = input[*inOutIdx]; b = input[*inOutIdx];

2
wolfcrypt/src/ecc.c
View File

@@ -4850,9 +4850,11 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
if (err == MP_OKAY) { if (err == MP_OKAY) {
int keysize; int keysize;
#ifdef HAVE_COMP_KEY
/* adjust inLen if compressed */ /* adjust inLen if compressed */
if (compressed) if (compressed)
inLen = (inLen-1)*2 + 1; /* used uncompressed len */ inLen = (inLen-1)*2 + 1; /* used uncompressed len */
#endif
/* determine key size */ /* determine key size */
keysize = ((inLen-1)>>1); keysize = ((inLen-1)>>1);

7
wolfcrypt/src/hmac.c
View File

@@ -806,8 +806,13 @@ int wolfSSL_GetHmacMaxSize(void)
Hmac myHmac; Hmac myHmac;
int ret; int ret;
const byte* localSalt; /* either points to user input or tmp */ const byte* localSalt; /* either points to user input or tmp */
int hashSz = wc_HmacSizeByType(type); int hashSz;
ret = wc_HmacSizeByType(type);
if (ret < 0)
return ret;
hashSz = ret;
localSalt = salt; localSalt = salt;
if (localSalt == NULL) { if (localSalt == NULL) {
XMEMSET(tmp, 0, hashSz); XMEMSET(tmp, 0, hashSz);

4
wolfcrypt/src/integer.c
View File

@@ -4260,7 +4260,9 @@ static int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)
q.sign = a->sign; q.sign = a->sign;
} }
else { else {
mp_init(&q); /* initialize to help static analysis */ if ((res = mp_init(&q)) != MP_OKAY) {
return res;
}
} }

33
wolfcrypt/src/rsa.c
View File

@@ -195,25 +195,32 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
key->rng = NULL; key->rng = NULL;
#endif #endif
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) #ifdef WOLFSSL_ASYNC_CRYPT
/* handle as async */
ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_RSA,
key->heap, devId);
#ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_GEN
XMEMSET(&key->certSignCtx, 0, sizeof(CertSignCtx)); XMEMSET(&key->certSignCtx, 0, sizeof(CertSignCtx));
#endif #endif
#ifdef WC_ASYNC_ENABLE_RSA
/* handle as async */
ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_RSA,
key->heap, devId);
if (ret != 0)
return ret;
#endif /* WC_ASYNC_ENABLE_RSA */
#else #else
(void)devId; (void)devId;
#endif #endif /* WOLFSSL_ASYNC_CRYPT */
mp_init(&key->n); ret = mp_init_multi(&key->n, &key->e, NULL, NULL, NULL, NULL);
mp_init(&key->e); if (ret != MP_OKAY)
mp_init(&key->d); return ret;
mp_init(&key->p);
mp_init(&key->q); ret = mp_init_multi(&key->d, &key->p, &key->q, &key->dP, &key->dQ, &key->u);
mp_init(&key->dP); if (ret != MP_OKAY) {
mp_init(&key->dQ); mp_clear(&key->n);
mp_init(&key->u); mp_clear(&key->e);
return ret;
}
return ret; return ret;
} }

2
wolfssl/internal.h
View File

@@ -2052,7 +2052,7 @@ typedef struct PreSharedKey {
word16 identityLen; /* Length of identity */ word16 identityLen; /* Length of identity */
byte* identity; /* PSK identity */ byte* identity; /* PSK identity */
word32 ticketAge; /* Age of the ticket */ word32 ticketAge; /* Age of the ticket */
byte binderLen; /* Length of HMAC */ word32 binderLen; /* Length of HMAC */
byte binder[MAX_DIGEST_SIZE]; /* HMAC of hanshake */ byte binder[MAX_DIGEST_SIZE]; /* HMAC of hanshake */
byte hmac; /* HMAC algorithm */ byte hmac; /* HMAC algorithm */
byte resumption:1; /* Resumption PSK */ byte resumption:1; /* Resumption PSK */